#!/bin/sh read -p "Enter Server CN (localhost or address): " SRVNAME read -p "Enter Client CN (localhost or address): " CLTNAME SERVER_CA_CN=jobserv-server-ca SERVER_PATH=resources/server CLIENT_CA_CN=jobserv-client-ca CLIENT_PATH=resources/client TEST_CA_CN=jobserv-bad-cert-ca TEST_CN=localhost TEST_PATH=resources/test # refactor this to test for directory existanc rm -rf resources mkdir resources/ mkdir resources/client mkdir resources/server mkdir resources/test rm -rf staging # Get passwords for CAs read -p "Enter Server CA Passphrase: " SRVCAPASS read -p "Enter Client CA Passphrase: " CLTCAPASS # Generate CA Keys echo "[+] Generating Server CA Key" openssl genrsa -passout pass:$SRVCAPASS -aes256 -out $SERVER_PATH/ca.key 4096 echo "[+] Generating Client CA Key" openssl genrsa -passout pass:$CLTCAPASS -aes256 -out $CLIENT_PATH/ca.key 4096 echo "[+] Generating test CA Key" openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/ca.key 4096 # Generate CA Certs echo "[+] Generating Server CA Cert" openssl req -passin pass:$SRVCAPASS -new -x509 -days 365 -key $SERVER_PATH/ca.key -out $SERVER_PATH/ca.crt -subj "/CN=${SERVER_CA_CN}" echo "[+] Generating Client CA Cert" openssl req -passin pass:$CLTCAPASS -new -x509 -days 365 -key $CLIENT_PATH/ca.key -out $CLIENT_PATH/ca.crt -subj "/CN=${CLIENT_CA_CN}" echo "[+] Generating test CA Key" openssl req -passin pass:dontusethiskey -new -x509 -days 365 -key $TEST_PATH/ca.key -out $TEST_PATH/ca.crt -subj "/CN=${TEST_CA_CN}" # Generate Server Key, Signing request, cert echo "[+] Generating Server key" openssl genrsa -passout pass:${SRVCAPASS} -aes256 -out $SERVER_PATH/private.key 4096 echo "[+] Generating Server signing request" openssl req -passin pass:${SRVCAPASS} -new -key $SERVER_PATH/private.key -out $SERVER_PATH/request.csr -subj "/CN=${SRVNAME}" echo "[+] Generating Server certificate " openssl x509 -req -passin pass:${SRVCAPASS} -days 365 -in $SERVER_PATH/request.csr -CA $SERVER_PATH/ca.crt -CAkey $SERVER_PATH/ca.key -set_serial 01 -out $SERVER_PATH/server.crt echo "[+] Removing passphrase from server key" openssl rsa -passin pass:${SRVCAPASS} -in $SERVER_PATH/private.key -out $SERVER_PATH/private.key # Generate Client Key, Signing request, cert echo "[+] Generating Client key" openssl genrsa -passout pass:${CLTCAPASS} -aes256 -out $CLIENT_PATH/private.key 4096 echo "[+] Generating Client signing request" openssl req -passin pass:${CLTCAPASS} -new -key $CLIENT_PATH/private.key -out $CLIENT_PATH/request.csr -subj "/CN=${CLTNAME}" echo "[+] Generating Client certificate " openssl x509 -req -passin pass:${CLTCAPASS} -days 365 -in $CLIENT_PATH/request.csr -CA $CLIENT_PATH/ca.crt -CAkey $CLIENT_PATH/ca.key -set_serial 01 -out $CLIENT_PATH/client.crt echo "[+] Removing passphrase from client key" openssl rsa -passin pass:${CLTCAPASS} -in $CLIENT_PATH/private.key -out $CLIENT_PATH/private.key # Generate Test Key, Signing request, cert echo "[+] Generating test key" openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/private.key 4096 echo "[+] Generating test signing request" openssl req -passin pass:dontusethiskey -new -key $TEST_PATH/private.key -out $TEST_PATH/request.csr -subj "/CN=${TEST_CN}" echo "[+] Generating test certificate " openssl x509 -req -passin pass:dontusethiskey -days 365 -in $TEST_PATH/request.csr -CA $TEST_PATH/ca.crt -CAkey $TEST_PATH/ca.key -set_serial 01 -out $TEST_PATH/test.crt echo "[+] Removing passphrase from test key" openssl rsa -passin pass:dontusethiskey -in $TEST_PATH/private.key -out $TEST_PATH/private.key echo "[+] Converting private keys to X.509" openssl pkcs8 -topk8 -nocrypt -in $CLIENT_PATH/private.key -out $CLIENT_PATH/private.pem openssl pkcs8 -topk8 -nocrypt -in $SERVER_PATH/private.key -out $SERVER_PATH/private.pem openssl pkcs8 -topk8 -nocrypt -in $TEST_PATH/private.key -out $TEST_PATH/private.pem echo "[+] initiating gradle build" ./gradlew clean build # Ideally this next section would be done with gradle # Unfortunately gradle's protobuf distribution plugin does not seem to have facilities to manually include certs # Or to specify seperate client and server tarballs for that matter # Definitely more research on gradle should be done, but after JobServ hits MVP echo "[+] extracting built code" mkdir staging mkdir staging/client mkdir staging/server mkdir staging/test tar -xvf build/distributions/JobServ.tar -C staging/client tar -xvf build/distributions/JobServ.tar -C staging/server tar -xvf build/distributions/JobServ.tar -C staging/test echo "[+] removing server capabilities from client" rm staging/client/JobServ/bin/jobserv-server staging/client/JobServ/bin/jobserv-server.bat echo "[+] removing client capabilities from server" rm staging/server/JobServ/bin/jobserv-client staging/server/JobServ/bin/jobserv-client.bat echo "[+] populating certificates" cp resources/server/server.crt staging/server/ cp resources/server/private.pem staging/server/ cp resources/client/ca.crt staging/server/ cp resources/client/client.crt staging/client/ cp resources/client/private.pem staging/client/ cp resources/server/ca.crt staging/client/ cp -r resources/* staging/test/ echo "[+] Adding wrapper script for client" # This could also be a .desktop file without much more work. cat << EOF > staging/client/client ./JobServ/bin/jobserv-client private.pem client.crt ca.crt \$@ EOF chmod +x staging/client/client echo "[+] Adding wrapper script for server" # This could also be a .desktop file without much more work. cat << EOF > staging/server/server ./JobServ/bin/jobserv-server \$1 server.crt private.pem ca.crt EOF chmod +x staging/server/server echo "[+] removing test logs" rm JobServ-Server-*