jobserv/certs-gen.sh

 
#!/bin/sh
pwd

# get CNs
read -p "Enter Server CN (default: localhost): " SRVNAME
read -p "Enter Client CN (default: localhost): " CLTNAME
if [ -z "$SRVNAME" ]; then
    SRVNAME=localhost
fi

if [ -z "$CLTNAME" ]; then
    CLTNAME=localhost
fi


SERVER_CA_CN=jobserv-server-ca
SERVER_PATH=resources/server
CLIENT_CA_CN=jobserv-client-ca
CLIENT_PATH=resources/client
TEST_CA_CN=jobserv-bad-cert-ca
TEST_CN=localhost
TEST_PATH=resources/test

# refactor this to test for directory existanc
rm -rf resources
mkdir resources/
mkdir resources/client
mkdir resources/server
mkdir resources/test
rm -rf staging


# Get passwords for CAs
read -p "Enter Server CA Passphrase: " SRVCAPASS
read -p "Enter Client CA Passphrase: " CLTCAPASS
if [ -z "$SRVCAPASS" ]; then
    SRVCAPASS=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13)
    echo "[*] Server CA Password is: " $SRVCAPASS
fi

if [ -z "$CLTCAPASS" ]; then
    CLTCAPASS=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13)
    echo "[*] Client CA Password is: " $CLTCAPASS
fi

# Generate CA Keys
echo "[+] Generating Server CA Key"
openssl genrsa -passout pass:$SRVCAPASS -aes256 -out $SERVER_PATH/ca.key 4096
echo "[+] Generating Client CA Key"
openssl genrsa -passout pass:$CLTCAPASS -aes256 -out $CLIENT_PATH/ca.key 4096
echo "[+] Generating test CA Key"
openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/ca.key 4096

# Generate CA Certs
echo "[+] Generating Server CA Cert"
openssl req -passin pass:$SRVCAPASS -new -x509 -days 365 -key $SERVER_PATH/ca.key -out $SERVER_PATH/ca.crt -subj "/CN=${SERVER_CA_CN}"
echo "[+] Generating Client CA Cert"
openssl req -passin pass:$CLTCAPASS -new -x509 -days 365 -key $CLIENT_PATH/ca.key -out $CLIENT_PATH/ca.crt -subj "/CN=${CLIENT_CA_CN}"
echo "[+] Generating test CA Key"
openssl req -passin pass:dontusethiskey -new -x509 -days 365 -key $TEST_PATH/ca.key -out $TEST_PATH/ca.crt -subj "/CN=${TEST_CA_CN}"


# Generate Server Key, Signing request, cert
echo "[+] Generating Server key"
openssl genrsa -passout pass:${SRVCAPASS} -aes256 -out $SERVER_PATH/private.key 4096
echo "[+] Generating Server signing request"
openssl req -passin pass:${SRVCAPASS} -new -key $SERVER_PATH/private.key -out $SERVER_PATH/request.csr -subj "/CN=${SRVNAME}"
echo "[+] Generating Server certificate "
openssl x509 -req -passin pass:${SRVCAPASS} -days 365 -in $SERVER_PATH/request.csr -CA $SERVER_PATH/ca.crt -CAkey $SERVER_PATH/ca.key -set_serial 01 -out $SERVER_PATH/server.crt
echo "[+] Removing passphrase from server key"
openssl rsa -passin pass:${SRVCAPASS} -in $SERVER_PATH/private.key -out $SERVER_PATH/private.key

# Generate Client Key, Signing request, cert
echo "[+] Generating Client key"
openssl genrsa -passout pass:${CLTCAPASS} -aes256 -out $CLIENT_PATH/private.key 4096
echo "[+] Generating Client signing request"
openssl req -passin pass:${CLTCAPASS} -new -key $CLIENT_PATH/private.key -out $CLIENT_PATH/request.csr -subj "/CN=${CLTNAME}"
echo "[+] Generating Client certificate "
openssl x509 -req -passin pass:${CLTCAPASS} -days 365 -in $CLIENT_PATH/request.csr -CA $CLIENT_PATH/ca.crt -CAkey $CLIENT_PATH/ca.key -set_serial 01 -out $CLIENT_PATH/client.crt
echo "[+] Removing passphrase from client key"
openssl rsa -passin pass:${CLTCAPASS} -in $CLIENT_PATH/private.key -out $CLIENT_PATH/private.key

# Generate Test Key, Signing request, cert
echo "[+] Generating test key"
openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/private.key 4096
echo "[+] Generating test signing request"
openssl req -passin pass:dontusethiskey -new -key $TEST_PATH/private.key -out $TEST_PATH/request.csr -subj "/CN=${TEST_CN}"
echo "[+] Generating test certificate "
openssl x509 -req -passin pass:dontusethiskey -days 365 -in $TEST_PATH/request.csr -CA $TEST_PATH/ca.crt -CAkey $TEST_PATH/ca.key -set_serial 01 -out $TEST_PATH/test.crt
echo "[+] Removing passphrase from test key"
openssl rsa -passin pass:dontusethiskey -in $TEST_PATH/private.key -out $TEST_PATH/private.key


echo "[+] Converting private keys to X.509"
openssl pkcs8 -topk8 -nocrypt -in $CLIENT_PATH/private.key -out $CLIENT_PATH/private.pem
openssl pkcs8 -topk8 -nocrypt -in $SERVER_PATH/private.key -out $SERVER_PATH/private.pem
openssl pkcs8 -topk8 -nocrypt -in $TEST_PATH/private.key -out $TEST_PATH/private.pem
refactor build wrapper into smaller operations 2019-06-01 12:39:30 -07:00
script wrapping build process managing certificates and triggering a build 2019-05-18 20:25:34 -07:00			`#!/bin/sh`
refactor build wrapper into smaller operations 2019-06-01 12:39:30 -07:00			`pwd`
refactored certs-gen to work with default values when read is not effective 2019-06-01 13:25:32 -07:00
			`# get CNs`
			`read -p "Enter Server CN (default: localhost): " SRVNAME`
			`read -p "Enter Client CN (default: localhost): " CLTNAME`
			`if [ -z "$SRVNAME" ]; then`
			`SRVNAME=localhost`
			`fi`

			`if [ -z "$CLTNAME" ]; then`
			`CLTNAME=localhost`
			`fi`
script wrapping build process managing certificates and triggering a build 2019-05-18 20:25:34 -07:00
CNs cant be arbitrary 2019-05-19 14:25:25 -07:00
script wrapping build process managing certificates and triggering a build 2019-05-18 20:25:34 -07:00			`SERVER_CA_CN=jobserv-server-ca`
			`SERVER_PATH=resources/server`
			`CLIENT_CA_CN=jobserv-client-ca`
			`CLIENT_PATH=resources/client`
refactors to server tls code 2019-05-19 13:03:53 -07:00			`TEST_CA_CN=jobserv-bad-cert-ca`
CNs cant be arbitrary 2019-05-19 14:25:25 -07:00			`TEST_CN=localhost`
script wrapping build process managing certificates and triggering a build 2019-05-18 20:25:34 -07:00			`TEST_PATH=resources/test`

build wrapper now extracts distributions of software and adds keys 2019-05-19 13:55:41 -07:00			`# refactor this to test for directory existanc`
dont assume resources dir already exists. 2019-05-23 23:59:20 -07:00			`rm -rf resources`
			`mkdir resources/`
script wrapping build process managing certificates and triggering a build 2019-05-18 20:25:34 -07:00			`mkdir resources/client`
			`mkdir resources/server`
			`mkdir resources/test`
build wrapper now extracts distributions of software and adds keys 2019-05-19 13:55:41 -07:00			`rm -rf staging`
script wrapping build process managing certificates and triggering a build 2019-05-18 20:25:34 -07:00

			`# Get passwords for CAs`
			`read -p "Enter Server CA Passphrase: " SRVCAPASS`
			`read -p "Enter Client CA Passphrase: " CLTCAPASS`
refactored certs-gen to work with default values when read is not effective 2019-06-01 13:25:32 -07:00			`if [ -z "$SRVCAPASS" ]; then`
			`SRVCAPASS=$(head /dev/urandom \| tr -dc A-Za-z0-9 \| head -c 13)`
			`echo "[*] Server CA Password is: " $SRVCAPASS`
			`fi`

			`if [ -z "$CLTCAPASS" ]; then`
			`CLTCAPASS=$(head /dev/urandom \| tr -dc A-Za-z0-9 \| head -c 13)`
			`echo "[*] Client CA Password is: " $CLTCAPASS`
			`fi`
script wrapping build process managing certificates and triggering a build 2019-05-18 20:25:34 -07:00
			`# Generate CA Keys`
			`echo "[+] Generating Server CA Key"`
			`openssl genrsa -passout pass:$SRVCAPASS -aes256 -out $SERVER_PATH/ca.key 4096`
			`echo "[+] Generating Client CA Key"`
			`openssl genrsa -passout pass:$CLTCAPASS -aes256 -out $CLIENT_PATH/ca.key 4096`
			`echo "[+] Generating test CA Key"`
			`openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/ca.key 4096`

			`# Generate CA Certs`
			`echo "[+] Generating Server CA Cert"`
			`openssl req -passin pass:$SRVCAPASS -new -x509 -days 365 -key $SERVER_PATH/ca.key -out $SERVER_PATH/ca.crt -subj "/CN=${SERVER_CA_CN}"`
			`echo "[+] Generating Client CA Cert"`
			`openssl req -passin pass:$CLTCAPASS -new -x509 -days 365 -key $CLIENT_PATH/ca.key -out $CLIENT_PATH/ca.crt -subj "/CN=${CLIENT_CA_CN}"`
			`echo "[+] Generating test CA Key"`
refactors to server tls code 2019-05-19 13:03:53 -07:00			`openssl req -passin pass:dontusethiskey -new -x509 -days 365 -key $TEST_PATH/ca.key -out $TEST_PATH/ca.crt -subj "/CN=${TEST_CA_CN}"`
script wrapping build process managing certificates and triggering a build 2019-05-18 20:25:34 -07:00

			`# Generate Server Key, Signing request, cert`
			`echo "[+] Generating Server key"`
			`openssl genrsa -passout pass:${SRVCAPASS} -aes256 -out $SERVER_PATH/private.key 4096`
			`echo "[+] Generating Server signing request"`
CNs cant be arbitrary 2019-05-19 14:25:25 -07:00			`openssl req -passin pass:${SRVCAPASS} -new -key $SERVER_PATH/private.key -out $SERVER_PATH/request.csr -subj "/CN=${SRVNAME}"`
script wrapping build process managing certificates and triggering a build 2019-05-18 20:25:34 -07:00			`echo "[+] Generating Server certificate "`
			`openssl x509 -req -passin pass:${SRVCAPASS} -days 365 -in $SERVER_PATH/request.csr -CA $SERVER_PATH/ca.crt -CAkey $SERVER_PATH/ca.key -set_serial 01 -out $SERVER_PATH/server.crt`
			`echo "[+] Removing passphrase from server key"`
			`openssl rsa -passin pass:${SRVCAPASS} -in $SERVER_PATH/private.key -out $SERVER_PATH/private.key`

			`# Generate Client Key, Signing request, cert`
			`echo "[+] Generating Client key"`
			`openssl genrsa -passout pass:${CLTCAPASS} -aes256 -out $CLIENT_PATH/private.key 4096`
			`echo "[+] Generating Client signing request"`
CNs cant be arbitrary 2019-05-19 14:25:25 -07:00			`openssl req -passin pass:${CLTCAPASS} -new -key $CLIENT_PATH/private.key -out $CLIENT_PATH/request.csr -subj "/CN=${CLTNAME}"`
script wrapping build process managing certificates and triggering a build 2019-05-18 20:25:34 -07:00			`echo "[+] Generating Client certificate "`
added tls code to client 2019-05-19 12:21:00 -07:00			`openssl x509 -req -passin pass:${CLTCAPASS} -days 365 -in $CLIENT_PATH/request.csr -CA $CLIENT_PATH/ca.crt -CAkey $CLIENT_PATH/ca.key -set_serial 01 -out $CLIENT_PATH/client.crt`
script wrapping build process managing certificates and triggering a build 2019-05-18 20:25:34 -07:00			`echo "[+] Removing passphrase from client key"`
			`openssl rsa -passin pass:${CLTCAPASS} -in $CLIENT_PATH/private.key -out $CLIENT_PATH/private.key`

			`# Generate Test Key, Signing request, cert`
pass in private key for generation of cert requests 2019-05-19 11:37:58 -07:00			`echo "[+] Generating test key"`
script wrapping build process managing certificates and triggering a build 2019-05-18 20:25:34 -07:00			`openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/private.key 4096`
pass in private key for generation of cert requests 2019-05-19 11:37:58 -07:00			`echo "[+] Generating test signing request"`
refactors to server tls code 2019-05-19 13:03:53 -07:00			`openssl req -passin pass:dontusethiskey -new -key $TEST_PATH/private.key -out $TEST_PATH/request.csr -subj "/CN=${TEST_CN}"`
pass in private key for generation of cert requests 2019-05-19 11:37:58 -07:00			`echo "[+] Generating test certificate "`
added tls code to client 2019-05-19 12:21:00 -07:00			`openssl x509 -req -passin pass:dontusethiskey -days 365 -in $TEST_PATH/request.csr -CA $TEST_PATH/ca.crt -CAkey $TEST_PATH/ca.key -set_serial 01 -out $TEST_PATH/test.crt`
script wrapping build process managing certificates and triggering a build 2019-05-18 20:25:34 -07:00			`echo "[+] Removing passphrase from test key"`
			`openssl rsa -passin pass:dontusethiskey -in $TEST_PATH/private.key -out $TEST_PATH/private.key`


			`echo "[+] Converting private keys to X.509"`
			`openssl pkcs8 -topk8 -nocrypt -in $CLIENT_PATH/private.key -out $CLIENT_PATH/private.pem`
			`openssl pkcs8 -topk8 -nocrypt -in $SERVER_PATH/private.key -out $SERVER_PATH/private.pem`
			`openssl pkcs8 -topk8 -nocrypt -in $TEST_PATH/private.key -out $TEST_PATH/private.pem`