gen_key.sh

#!/bin/sh

ALIASES=""
PASS=""
VALIDITY=36500
ISSUED_DATE="yyyy/mm/dd hh:mm:ss"

CommonName=""
OrganizationalUnit=""
Organization=""
Email=""
Locality=""
State_Province=""
Country=""

### DONT MODIFY ANYTHING AFTER THIS ###

KEY_STORE_PATH="$ALIASES.keystore"
DEST_KEY_STORE_PATH="$ALIASES.p12"
DEST_TMP_RSA_PATH="tmp_$ALIASES.rsa.pem"
PRIVATE_RSA="private_$ALIASES.rsa.pem"
CERT_X509="x509.pem"
PK8_PATH="pk8"

# Generate .keystore file
GEN_KS()
{
    keytool -genkeypair -v \
            -keystore ${KEY_STORE_PATH} \
            -alias ${ALIASES} \
            -storepass ${PASS} \
            -keypass ${PASS} \
            -keyalg RSA \
            -startdate "${ISSUED_DATE}" \
            -validity ${VALIDITY} \
            -dname "CN='${CommonName}', \
                    OU='${OrganizationalUnit}', \
                    EmailAddress='${Email}', \
                    O='${Organization}', \
                    L='${Locality}', \
                    ST='${State_Province}', \
                    C='${Country}'"
}

GEN_KS

# Convert .keystore file to pkcs12 format
KS_PKCS12()
{
    keytool -importkeystore \
            -srckeystore ${KEY_STORE_PATH} \
            -destkeystore ${DEST_KEY_STORE_PATH} \
            -srcstoretype JKS \
            -deststoretype PKCS12 \
            -deststorepass ${PASS} \
            -srcstorepass ${PASS} \
            -destkeypass ${PASS}
}

KS_PKCS12

# Turn pkcs12 into PEM
PKCS12_PEM()
{
    openssl pkcs12 -nodes \
                   -in ${DEST_KEY_STORE_PATH} \
                   -out ${DEST_TMP_RSA_PATH} \
                   -password pass:${PASS}
}

PKCS12_PEM

# Intercepting the PEM file to generate the .X509.PEM.RSA.PEM file
PEM_X509()
{
    # 1. Get the start line number of private key in pkcs12.rsa.pem file.
    #    Because the private keyb headers generated in different environments
    #    are different (begin RSA private key, begin private key),
    #    a judgment is added here
    private_key_begin=$(grep "BEGIN RSA PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n)

    if [ $? -ne 0 ]; then
        private_key_begin=$(grep "BEGIN PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n)
        private_key_end=$(grep "END PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n)
    else
        private_key_end=$(grep "END RSA PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n)
    fi

    # 2. Intercept PKCS12.RSA.PEM file and generate PRIVATE.RSA.PEM file
    sed -n ${private_key_begin%%:*},${private_key_end%%:*}p ${DEST_TMP_RSA_PATH} >> ${PRIVATE_RSA}

    # 3. Get the start line number of certificate key in pkcs12.rsa.pem file
    cert_509_begin=$(grep "BEGIN CERTIFICATE" ${DEST_TMP_RSA_PATH} -n)
    cert_509_end=$(grep "END CERTIFICATE" ${DEST_TMP_RSA_PATH} -n)

    # 4. Intercept pkcs12.rsa.pem file and generate cert x509.x509.pem file
    sed -n ${cert_509_begin%%:*},${cert_509_end%%:*}p ${DEST_TMP_RSA_PATH} >> ${CERT_X509}
}

PEM_X509

# Private key to PK8 format
PRIV_PK8()
{
    openssl pkcs8 -topk8 \
                  -outform DER \
                  -in ${PRIVATE_RSA} \
                  -inform PEM \
                  -out ${PK8_PATH} \
                  -nocrypt
}

PRIV_PK8

# make encrypted archive of generated files
ENC_ZIP()
{
    zip -Z bzip2 -P ${PASS} KEY_${ALIASES}.zip \
                                ${KEY_STORE_PATH} \
                                ${DEST_KEY_STORE_PATH} \
                                ${DEST_TMP_RSA_PATH} \
                                ${PRIVATE_RSA} \
                                ${CERT_X509} \
                                ${PK8_PATH}
}

ENC_ZIP

# cleanup private files
CLEANUP()
{
    rm -f ${KEY_STORE_PATH} \
          ${DEST_KEY_STORE_PATH} \
          ${DEST_TMP_RSA_PATH} \
          ${PRIVATE_RSA}
}

CLEANUP