affine/jobserv
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
jobserv/buildwrapper.sh

110 lines
5.1 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
SERVER_CA_CN=jobserv-server-ca
SERVER_CN=jobserv-server
SERVER_PATH=resources/server
CLIENT_CA_CN=jobserv-client-ca
CLIENT_CN=jobserv-client
CLIENT_PATH=resources/client
TEST_CA_CN=jobserv-bad-cert-ca
TEST_CN=jobserv-bad-cert
TEST_PATH=resources/test
# refactor this to test for directory existanc
rm -rf resources/*
mkdir resources/client
mkdir resources/server
mkdir resources/test
rm -rf staging
# Get passwords for CAs
read -p "Enter Server CA Passphrase: " SRVCAPASS
read -p "Enter Client CA Passphrase: " CLTCAPASS
# Generate CA Keys
echo "[+] Generating Server CA Key"
openssl genrsa -passout pass:$SRVCAPASS -aes256 -out $SERVER_PATH/ca.key 4096
echo "[+] Generating Client CA Key"
openssl genrsa -passout pass:$CLTCAPASS -aes256 -out $CLIENT_PATH/ca.key 4096
echo "[+] Generating test CA Key"
openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/ca.key 4096
# Generate CA Certs
echo "[+] Generating Server CA Cert"
openssl req -passin pass:$SRVCAPASS -new -x509 -days 365 -key $SERVER_PATH/ca.key -out $SERVER_PATH/ca.crt -subj "/CN=${SERVER_CA_CN}"
echo "[+] Generating Client CA Cert"
openssl req -passin pass:$CLTCAPASS -new -x509 -days 365 -key $CLIENT_PATH/ca.key -out $CLIENT_PATH/ca.crt -subj "/CN=${CLIENT_CA_CN}"
echo "[+] Generating test CA Key"
openssl req -passin pass:dontusethiskey -new -x509 -days 365 -key $TEST_PATH/ca.key -out $TEST_PATH/ca.crt -subj "/CN=${TEST_CA_CN}"
# Generate Server Key, Signing request, cert
echo "[+] Generating Server key"
openssl genrsa -passout pass:${SRVCAPASS} -aes256 -out $SERVER_PATH/private.key 4096
echo "[+] Generating Server signing request"
openssl req -passin pass:${SRVCAPASS} -new -key $SERVER_PATH/private.key -out $SERVER_PATH/request.csr -subj "/CN=${SERVER_CN}"
echo "[+] Generating Server certificate "
openssl x509 -req -passin pass:${SRVCAPASS} -days 365 -in $SERVER_PATH/request.csr -CA $SERVER_PATH/ca.crt -CAkey $SERVER_PATH/ca.key -set_serial 01 -out $SERVER_PATH/server.crt
echo "[+] Removing passphrase from server key"
openssl rsa -passin pass:${SRVCAPASS} -in $SERVER_PATH/private.key -out $SERVER_PATH/private.key
# Generate Client Key, Signing request, cert
echo "[+] Generating Client key"
openssl genrsa -passout pass:${CLTCAPASS} -aes256 -out $CLIENT_PATH/private.key 4096
echo "[+] Generating Client signing request"
openssl req -passin pass:${CLTCAPASS} -new -key $CLIENT_PATH/private.key -out $CLIENT_PATH/request.csr -subj "/CN=${CLIENT_CN}"
echo "[+] Generating Client certificate "
openssl x509 -req -passin pass:${CLTCAPASS} -days 365 -in $CLIENT_PATH/request.csr -CA $CLIENT_PATH/ca.crt -CAkey $CLIENT_PATH/ca.key -set_serial 01 -out $CLIENT_PATH/client.crt
echo "[+] Removing passphrase from client key"
openssl rsa -passin pass:${CLTCAPASS} -in $CLIENT_PATH/private.key -out $CLIENT_PATH/private.key
# Generate Test Key, Signing request, cert
echo "[+] Generating test key"
openssl genrsa -passout pass:dontusethiskey -aes256 -out $TEST_PATH/private.key 4096
echo "[+] Generating test signing request"
openssl req -passin pass:dontusethiskey -new -key $TEST_PATH/private.key -out $TEST_PATH/request.csr -subj "/CN=${TEST_CN}"
echo "[+] Generating test certificate "
openssl x509 -req -passin pass:dontusethiskey -days 365 -in $TEST_PATH/request.csr -CA $TEST_PATH/ca.crt -CAkey $TEST_PATH/ca.key -set_serial 01 -out $TEST_PATH/test.crt
echo "[+] Removing passphrase from test key"
openssl rsa -passin pass:dontusethiskey -in $TEST_PATH/private.key -out $TEST_PATH/private.key
echo "[+] Converting private keys to X.509"
openssl pkcs8 -topk8 -nocrypt -in $CLIENT_PATH/private.key -out $CLIENT_PATH/private.pem
openssl pkcs8 -topk8 -nocrypt -in $SERVER_PATH/private.key -out $SERVER_PATH/private.pem
openssl pkcs8 -topk8 -nocrypt -in $TEST_PATH/private.key -out $TEST_PATH/private.pem
echo "[+] creating combine trust store"
cat $SERVER_PATH/ca.crt $CLIENT_PATH/ca.crt > resources/truststore.pem
echo "[+] initiating gradle build"
./gradlew clean build
# Ideally this next section would be done with gradle
# Unfortunately gradle's protobuf distribution plugin does not seem to have facilities to manually include certs
# Or to specify seperate client and server tarballs for that matter
# Definitely more research on gradle should be done, but after JobServ hits MVP
echo "[+] extracting built code"
mkdir staging
mkdir staging/client
mkdir staging/server
mkdir staging/test
tar -xvf build/distributions/JobServ.tar -C staging/client
tar -xvf build/distributions/JobServ.tar -C staging/server
tar -xvf build/distributions/JobServ.tar -C staging/test
echo "[+] removing server capabilities from client"
rm staging/client/JobServ/bin/jobserv-server staging/client/JobServ/bin/jobserv-server.bat
echo "[+] removing client capabilities from server"
rm staging/client/JobServ/bin/jobserv-client staging/client/JobServ/bin/jobserv-client.bat
echo "[+] populating certificates"
cp resources/server/server.crt staging/server/
cp resources/server/private.pem staging/server/
cp resources/truststore.pem staging/server/
cp resources/client/client.crt staging/client/
cp resources/client/private.pem staging/client/
cp resources/truststore.pem staging/client/
cp -r resources/* staging/test/
Reference in a new issue View git blame Copy permalink