From c91ddb9f2e9fd9e8df1f02e9758249e400fa0875 Mon Sep 17 00:00:00 2001
From: Aidan Hahn <aidan@aidanis.online>
Date: Sat, 18 May 2019 20:25:34 -0700
Subject: [PATCH] script wrapping build process managing certificates and
 triggering a build

---
 .gitignore      |  5 +++-
 buildwrapper.sh | 78 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100755 buildwrapper.sh

diff --git a/.gitignore b/.gitignore
index f2d1c84..fecc8c1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,7 @@ build
 
 # Ignore emacs swapfiles
 \#*
-.\#*
\ No newline at end of file
+.\#*
+
+# Dont commit certs
+resources/*
diff --git a/buildwrapper.sh b/buildwrapper.sh
new file mode 100755
index 0000000..d83e590
--- /dev/null
+++ b/buildwrapper.sh
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+SERVER_CA_CN=jobserv-server-ca
+SERVER_CN=jobserv-server
+SERVER_PATH=resources/server
+CLIENT_CA_CN=jobserv-client-ca
+CLIENT_CN=jobserv-client
+CLIENT_PATH=resources/client
+TEST_PATH=resources/test
+
+rm -rf resources/*
+mkdir resources/client
+mkdir resources/server
+mkdir resources/test
+
+
+# Get passwords for CAs
+read -p "Enter Server CA Passphrase: " SRVCAPASS
+read -p "Enter Client CA Passphrase: " CLTCAPASS
+
+# Generate CA Keys
+echo "[+] Generating Server CA Key"
+openssl genrsa -passout pass:$SRVCAPASS -aes256 -out $SERVER_PATH/ca.key 4096
+echo "[+] Generating Client CA Key"
+openssl genrsa -passout pass:$CLTCAPASS -aes256 -out $CLIENT_PATH/ca.key 4096
+echo "[+] Generating test CA Key"
+openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/ca.key 4096
+
+# Generate CA Certs
+echo "[+] Generating Server CA Cert"
+openssl req -passin pass:$SRVCAPASS -new -x509 -days 365 -key $SERVER_PATH/ca.key -out $SERVER_PATH/ca.crt -subj "/CN=${SERVER_CA_CN}"
+echo "[+] Generating Client CA Cert"
+openssl req -passin pass:$CLTCAPASS -new -x509 -days 365 -key $CLIENT_PATH/ca.key -out $CLIENT_PATH/ca.crt -subj "/CN=${CLIENT_CA_CN}"
+echo "[+] Generating test CA Key"
+openssl req -passin pass:dontusethiskey -new -x509 -days 365 -key $TEST_PATH/ca.key -out $TEST_PATH/ca.crt -subj "/CN=DontUseMe"
+
+
+# Generate Server Key, Signing request, cert
+echo "[+] Generating Server key"
+openssl genrsa -passout pass:${SRVCAPASS} -aes256 -out $SERVER_PATH/private.key 4096
+echo "[+] Generating Server signing request"
+openssl req -passin pass:${SRVCAPASS} -out $SERVER_PATH/request.csr -subj "/CN=${SERVER_CN}"
+echo "[+] Generating Server certificate "
+openssl x509 -req -passin pass:${SRVCAPASS} -days 365 -in $SERVER_PATH/request.csr -CA $SERVER_PATH/ca.crt -CAkey $SERVER_PATH/ca.key -set_serial 01 -out $SERVER_PATH/server.crt
+echo "[+] Removing passphrase from server key"
+openssl rsa -passin pass:${SRVCAPASS} -in $SERVER_PATH/private.key -out $SERVER_PATH/private.key
+
+# Generate Client Key, Signing request, cert
+echo "[+] Generating Client key"
+openssl genrsa -passout pass:${CLTCAPASS} -aes256 -out $CLIENT_PATH/private.key 4096
+echo "[+] Generating Client signing request"
+openssl req -passin pass:${CLTCAPASS} -out $CLIENT_PATH/request.csr -subj "/CN=${CLIENT_CN}"
+echo "[+] Generating Client certificate "
+openssl x509 -req -passin pass:${CLTCAPASS} -days 365 -in $CLIENT_PATH/request.csr -CA $CLIENT_PATH/ca.crt -CAkey $CLIENT_PATH/ca.key -set_serial 01 -out $CLIENT_PATH/server.crt
+echo "[+] Removing passphrase from client key"
+openssl rsa -passin pass:${CLTCAPASS} -in $CLIENT_PATH/private.key -out $CLIENT_PATH/private.key
+
+# Generate Test Key, Signing request, cert
+echo "[+] Generating server key"
+openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/private.key 4096
+echo "[+] Generating server signing request"
+openssl req -passin pass:dontusethiskey -out $TEST_PATH/request.csr -subj "/CN=${DontUseMe}"
+echo "[+] Generating server certificate "
+openssl x509 -req -passin pass:dontusethiskey -days 365 -in $TEST_PATH/request.csr -CA $TEST_PATH/ca.crt -CAkey $TEST_PATH/ca.key -set_serial 01 -out $TEST_PATH/server.crt
+echo "[+] Removing passphrase from test key"
+openssl rsa -passin pass:dontusethiskey -in $TEST_PATH/private.key -out $TEST_PATH/private.key
+
+
+echo "[+] Converting private keys to X.509"
+openssl pkcs8 -topk8 -nocrypt -in $CLIENT_PATH/private.key -out $CLIENT_PATH/private.pem
+openssl pkcs8 -topk8 -nocrypt -in $SERVER_PATH/private.key -out $SERVER_PATH/private.pem
+openssl pkcs8 -topk8 -nocrypt -in $TEST_PATH/private.key -out $TEST_PATH/private.pem
+
+echo "[+] creating combine trust store"
+cat $SERVER_PATH/ca.crt $CLIENT_PATH/ca.crt > resources/truststore.pem
+
+echo "[+] initiating gradle build"
+./gradlew clear build