-
-
Save eristoddle/5385e1e6a9cf168036cc856dbffe669e to your computer and use it in GitHub Desktop.
Script to configure WSO2 EMM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PRODUCT_HOME="$1" | |
| IOS_CERTS="$2" | |
| IP="$3" | |
| PRODUCT_CONF="$4" | |
| CONFIG_FILE="./openssl_custom.cnf" | |
| TEMP_FOLDER="./temp" | |
| PUSH_CERT="`echo $IOS_CERTS`pushcert.pfx" | |
| PUSH_PASS="" | |
| MDM_CERT="`echo $IOS_CERTS`PlainCert.pfx" | |
| MDM_PASS="" | |
| IOS_TOPIC_ID="" | |
| PRODUCT_JKS_PATH="repository/resources/security" | |
| SENDER_ADDRESS="" | |
| SENDER_PASSWORD="" | |
| SENDER_ID="" | |
| API_KEY="" | |
| if [ -z "$PRODUCT_HOME" ]; then | |
| echo "Please enter the product home" | |
| exit 11 | |
| fi | |
| if [ -z "$IOS_CERTS" ]; then | |
| echo "Please enter the path to ios certs" | |
| exit 11 | |
| fi | |
| unamestr=`uname` | |
| if [ -z "$IP" ]; then | |
| if [[ "$unamestr" == 'Linux' ]]; then | |
| IP=$(ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}') | |
| elif [[ "$unamestr" == 'FreeBSD' ]]; then | |
| IP=$(ifconfig | grep -E 'inet.[0-9]' | grep -v '127.0.0.1' | awk '{ print $2}') | |
| elif [[ "$unamestr" == 'Darwin' ]]; then | |
| IP=$(ifconfig | grep "inet " | grep -v 127.0.0.1 | cut -d\ -f2) | |
| fi | |
| fi | |
| # Template sso-idp.xml with current machine ip | |
| file=$(cat $PRODUCT_HOME/repository/conf/sso-idp-config.xml | sed -e "s/\localhost/$IP/") | |
| echo "$file" > "$PRODUCT_HOME/repository/conf/sso-idp-config.xml" | |
| file=$(cat $PRODUCT_HOME/repository/conf/mdm-config.xml | sed -e "s/\host/$IP/" -e "s=\$(push_certificate)=$PUSH_CERT=" -e "s=\$(mdm_push_certificate)=$MDM_CERT=" -e "s=\$(push_password)=$PUSH_PASS=" -e "s=\$(mdm_push_password)=$MDM_PASS=" -e "s=\$(topic_id)=$IOS_TOPIC_ID=" -e "s=\$(wso2carbon_jks)=`echo $PRODUCT_CONF$PRODUCT_JKS_PATH`/wso2carbon.jks=" -e "s=\$(wso2mobilemdm_jks)=`echo $PRODUCT_CONF$PRODUCT_JKS_PATH`/wso2mobilemdm.jks=") | |
| # echo $PRODUCT_HOME$PRODUCT_JKS_PATH; | |
| echo "$file" > "$PRODUCT_HOME/repository/conf/mdm-config.xml" | |
| # echo "$file" > "$PRODUCT_HOME/repository/conf/sso-idp-config.xml" | |
| # Configuring the apps | |
| cp $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/tempConfigs/config.json $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/config.json | |
| cp $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/tempConfigs/android.json $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/android.json | |
| cp $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/tempConfigs/ios.json $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/ios.json | |
| cp $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mam/config/tempConfig/config.json $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mam/config/config.json | |
| cp $PRODUCT_HOME/repository/deployment/server/jaggeryapps/publisher/config/mam-config.json.temp $PRODUCT_HOME/repository/deployment/server/jaggeryapps/publisher/config/mam-config.json | |
| file=$(cat $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/config.json | sed -e "s=\$(senderAddress)=$SENDER_ADDRESS=" -e "s=\$(senderPassword)=$SENDER_PASSWORD=") | |
| echo "$file" > "$PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/config.json" | |
| file=$(cat $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/android.json | sed -e "s=\$(senderid)=$SENDER_ID=" -e "s=\$(apikey)=$API_KEY=") | |
| echo "$file" > "$PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/android.json" | |
| file=$(cat $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mam/config/config.json | sed -e "s=\$(senderAddress)=$SENDER_ADDRESS=" -e "s=\$(senderPassword)=$SENDER_PASSWORD=") | |
| echo "$file" > "$PRODUCT_HOME/repository/deployment/server/jaggeryapps/mam/config/config.json" | |
| file=$(cat $PRODUCT_HOME/repository/deployment/server/jaggeryapps/publisher/config/mam-config.json | sed -e "s=\$(senderAddress)=$SENDER_ADDRESS=" -e "s=\$(senderPassword)=$SENDER_PASSWORD=") | |
| echo "$file" > "$PRODUCT_HOME/repository/deployment/server/jaggeryapps/publisher/config/mam-config.json" | |
| #Android | |
| BKS_CONVERTER="./bcprov-jdk16-146.jar" | |
| TRUSTSTORE="./android_truststore.bks" | |
| TRUSTSTORE_PASSWORD="wso2mobile123" | |
| #CA Certificate Parameters | |
| CA_COUNTRY="LK" | |
| CA_STATE="Western Province" | |
| CA_LOCALITY="Colombo" | |
| CA_ORGANISATION="WSO2Mobile" | |
| CA_ORGANISATIONUNIT="" | |
| CA_COMMONNAME="WSO2Mobile Root CA" | |
| CA_DAYS="365" | |
| #RA Certificate Parameters | |
| RA_COUNTRY="LK" | |
| RA_STATE="Western Province" | |
| RA_LOCALITY="Colombo" | |
| RA_ORGANISATION="WSO2Mobile" | |
| RA_ORGANISATIONUNIT="" | |
| RA_COMMONNAME="WSO2Mobile SCEP CA" | |
| RA_DAYS="365" | |
| RA_SERIAL="02" | |
| #SSL Certificate Parameters | |
| SSL_COUNTRY="LK" | |
| SSL_STATE="Western Province" | |
| SSL_LOCALITY="Colombo" | |
| SSL_ORGANISATION="WSO2Mobile" | |
| SSL_ORGANISATIONUNIT="" | |
| SSL_COMMONNAME=$IP | |
| SSL_DAYS="365" | |
| SSL_SERIAL="044324343" | |
| echo $SSL_COMMONNAME | |
| #PKCS12 Alias and Password for IA, CA and RA | |
| IA_PKCS12_ALIAS="wso2carbon" | |
| IA_PKCS12_PASSWORD="wso2carbon" | |
| CA_PKCS12_ALIAS="cacert" | |
| CA_PKCS12_PASSWORD="cacert" | |
| RA_PKCS12_ALIAS="racert" | |
| RA_PKCS12_PASSWORD="racert" | |
| WSO2CARBON="wso2carbon" | |
| WSO2MOBILEMDM_JKS_PASSWORD="wso2mobile" | |
| ############################################################################################################################ | |
| CA_SUBJ="/C="$CA_COUNTRY"/ST="$CA_STATE"/L="$CA_LOCALITY"/O="$CA_ORGANISATION"/OU="$CA_ORGANISATIONUNIT"/CN="$CA_COMMONNAME | |
| RA_SUBJ="/C="$RA_COUNTRY"/ST="$RA_STATE"/L="$RA_LOCALITY"/O="$RA_ORGANISATION"/OU="$RA_ORGANISATIONUNIT"/CN="$RA_COMMONNAME | |
| SSL_SUBJ="/C="$SSL_COUNTRY"/ST="$SSL_STATE"/L="$SSL_LOCALITY"/O="$SSL_ORGANISATION"/OU="$SSL_ORGANISATIONUNIT"/CN="$SSL_COMMONNAME | |
| PRODUCT_JKS_PATH="/repository/resources/security" | |
| set -e #stop if there is an error | |
| if ! [ -f $CONFIG_FILE ]; then | |
| echo "Config File does not exist: "$CONFIG_FILE | |
| exit | |
| fi | |
| if ! [ -d $PRODUCT_HOME$PRODUCT_JKS_PATH ]; then | |
| echo "Product Path does not exist: "$PRODUCT_HOME$PRODUCT_JKS_PATH | |
| exit | |
| fi | |
| if [ -f $PRODUCT_HOME$PRODUCT_JKS_PATH/wso2mobilemdm.jks ]; then | |
| rm -rf $PRODUCT_HOME$PRODUCT_JKS_PATH/wso2mobilemdm.jks | |
| fi | |
| if [ -d $TEMP_FOLDER ]; then | |
| #If folder exists | |
| rm -rf $TEMP_FOLDER | |
| fi | |
| if [ -f $TRUSTSTORE ]; then | |
| rm -rf $TRUSTSTORE | |
| fi | |
| mkdir $TEMP_FOLDER | |
| set -x #echo on | |
| ############################################################################################################################# | |
| #Start Process | |
| ########CA Certificate | |
| echo "\nGenerating CA Certificate >>>>>> START" | |
| openssl genrsa -out $TEMP_FOLDER/ca_private.key 1024 | |
| openssl req -new -key $TEMP_FOLDER/ca_private.key -out $TEMP_FOLDER/ca.csr -subj "$CA_SUBJ" | |
| openssl x509 -req -days $CA_DAYS -in $TEMP_FOLDER/ca.csr -signkey $TEMP_FOLDER/ca_private.key -out $TEMP_FOLDER/ca.crt -extensions v3_ca -extfile $CONFIG_FILE | |
| openssl rsa -in $TEMP_FOLDER/ca_private.key -text > $TEMP_FOLDER/ca_private.pem | |
| openssl x509 -in $TEMP_FOLDER/ca.crt -out $TEMP_FOLDER/ca_cert.pem | |
| echo "\nGenerating CA Certificate >>>>>> END\n" | |
| ########RA Certificate | |
| echo "\nGenerating RA Certificate >>>>>> START" | |
| openssl genrsa -out $TEMP_FOLDER/ra_private.key 1024 | |
| openssl req -new -key $TEMP_FOLDER/ra_private.key -out $TEMP_FOLDER/ra.csr -subj "$RA_SUBJ" | |
| openssl x509 -req -days $CA_DAYS -in $TEMP_FOLDER/ra.csr -CA $TEMP_FOLDER/ca.crt -CAkey $TEMP_FOLDER/ca_private.key -set_serial $RA_SERIAL -out $TEMP_FOLDER/ra.crt -extensions v3_req -extfile $CONFIG_FILE | |
| openssl rsa -in $TEMP_FOLDER/ra_private.key -text > $TEMP_FOLDER/ra_private.pem | |
| openssl x509 -in $TEMP_FOLDER/ra.crt -out $TEMP_FOLDER/ra_cert.pem | |
| echo "\nGenerating RA Certificate >>>>>> END \n" | |
| ########SSL Certificate | |
| echo "\nGenerating SSL Certificate >>>>>> START" | |
| openssl genrsa -out $TEMP_FOLDER/ia.key 1024 | |
| openssl req -new -key $TEMP_FOLDER/ia.key -out $TEMP_FOLDER/ia.csr -subj "$SSL_SUBJ" | |
| openssl x509 -req -days $SSL_DAYS -in $TEMP_FOLDER/ia.csr -CA $TEMP_FOLDER/ca_cert.pem -CAkey $TEMP_FOLDER/ca_private.pem -set_serial $SSL_SERIAL -out $TEMP_FOLDER/ia.crt | |
| echo "\nGenerating SSL Certificate >>>>>> END \n" | |
| ########PKCS12 files | |
| echo "\nGenerating the PKCS12 files >>>>>> START" | |
| openssl pkcs12 -export -out $TEMP_FOLDER/ia.p12 -inkey $TEMP_FOLDER/ia.key -in $TEMP_FOLDER/ia.crt -CAfile $TEMP_FOLDER/ca_cert.pem -name "$IA_PKCS12_ALIAS" -passout pass:$IA_PKCS12_PASSWORD | |
| openssl pkcs12 -export -out $TEMP_FOLDER/ca.p12 -inkey $TEMP_FOLDER/ca_private.pem -in $TEMP_FOLDER/ca_cert.pem -name "$CA_PKCS12_ALIAS" -passout pass:$CA_PKCS12_PASSWORD | |
| openssl pkcs12 -export -out $TEMP_FOLDER/ra.p12 -inkey $TEMP_FOLDER/ra_private.pem -in $TEMP_FOLDER/ra_cert.pem -chain -CAfile $TEMP_FOLDER/ca_cert.pem -name "$RA_PKCS12_ALIAS" -passout pass:$RA_PKCS12_PASSWORD | |
| echo "\nGenerating the PKCS12 files >>>>>> END" | |
| ########Importing the PKCS12 to JKS | |
| echo "\nImporting the PKCS12 to JKS >>>>>> START" | |
| keytool -importkeystore -srckeystore $TEMP_FOLDER/ia.p12 -srcstoretype PKCS12 -destkeystore $PRODUCT_HOME/repository/resources/security/wso2carbon.jks -noprompt -deststorepass $WSO2CARBON -srcstorepass $IA_PKCS12_PASSWORD | |
| keytool -importkeystore -srckeystore $TEMP_FOLDER/ia.p12 -srcstoretype PKCS12 -destkeystore $PRODUCT_HOME/repository/resources/security/client-truststore.jks -noprompt -deststorepass $WSO2CARBON -srcstorepass $IA_PKCS12_PASSWORD | |
| keytool -importkeystore -srckeystore $TEMP_FOLDER/ca.p12 -srcstoretype PKCS12 -destkeystore $PRODUCT_HOME/repository/resources/security/wso2mobilemdm.jks -noprompt -deststorepass $WSO2MOBILEMDM_JKS_PASSWORD -srcstorepass $CA_PKCS12_PASSWORD | |
| keytool -importkeystore -srckeystore $TEMP_FOLDER/ra.p12 -srcstoretype PKCS12 -destkeystore $PRODUCT_HOME/repository/resources/security/wso2mobilemdm.jks -noprompt -deststorepass $WSO2MOBILEMDM_JKS_PASSWORD -srcstorepass $RA_PKCS12_ALIAS | |
| echo "\nImporting the PKCS12 to JKS >>>>>> END" | |
| echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> PROCESS COMPLETED SUCCESSFULLY <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" | |
| set +x #echo on | |
| ########Creating the TrustStore file for Android | |
| echo "\nCreating the TrustStore for Android using the CA Cert" | |
| ALIAS=`openssl x509 -inform PEM -subject_hash -noout -in ./temp/ca_cert.pem` | |
| keytool -noprompt -import -v -trustcacerts -alias $ALIAS \ | |
| -file $TEMP_FOLDER/ca_cert.pem \ | |
| -keystore $TRUSTSTORE -storetype BKS \ | |
| -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider \ | |
| -providerpath $BKS_CONVERTER \ | |
| -storepass $TRUSTSTORE_PASSWORD | |
| echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> PROCESS COMPLETED SUCCESSFULLY <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" | |
| set +x #echo on | |
| rm -rf $TEMP_FOLDER | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment