jpluimers/pfsense_cert_to_keystore.sh

## pfsense_cert_to_keystore.sh
#!/bin/sh

set -eu

XMLLINT=/usr/local/bin/xmllint
BASE64_DECODE='/usr/local/bin/python2 -m base64 -d'
OPENSSL="/usr/bin/openssl"
KEYTOOL="/usr/local/bin/keytool"

PFSENSE_CONF=/cf/conf/config.xml

TEMP_KEY="`/bin/cat /dev/random | /usr/bin/tr -dc 'a-zA-Z0-9' | /usr/bin/fold -w 32 | /usr/bin/head -n1`"

extract_private_key() {
	local RAW XPATH
	XPATH="/pfsense/cert[descr[normalize-space(.) = '$1']]/prv/text()"
	RAW="`"$XMLLINT" --xpath "$XPATH" "$PFSENSE_CONF"`"
	printf "%s\n" "`echo "$RAW" | $BASE64_DECODE`"
}

extract_certificate() {
	local RAW XPATH
	XPATH="/pfsense/cert[descr[normalize-space(.) = '$1']]/crt/text()"
	RAW="`"$XMLLINT" --xpath "$XPATH" "$PFSENSE_CONF"`"
	printf "%s\n" "`echo "$RAW" | $BASE64_DECODE`"
}

combine_pem() {
	local PRIVATE_KEY CERTIFICATE
	PRIVATE_KEY="`extract_private_key "$1"`"
	CERTIFICATE="`extract_certificate "$1"`"
	printf '%s\n%s\n' "$PRIVATE_KEY" "$CERTIFICATE"
}

extract_pkcs12() {
	combine_pem "$1" | "$OPENSSL" pkcs12 -export \
		-name "$2" \
		-password pass:"$TEMP_KEY"
}

main() {
	local KEYSTORE KEYSTORE_PASSWORD P12_STORE PFSENSE_CERT_NAME ALIAS
	if [ "$#" -ne 4 ]; then
		printf "Not enough arguments.\nUsage:\n\t%s\n" \
			"$0 certificate_name /path/to/keystore keystore_password alias"
		exit 1
	fi
	PFSENSE_CERT_NAME="$1"
	KEYSTORE="$2"
	KEYSTORE_PASSWORD="$3"
	ALIAS="$4"
echo "Creating temp file"
	P12_STORE=`mktemp` || exit 2
echo "Extracting cert+key form pfSense"
	extract_pkcs12 "$PFSENSE_CERT_NAME" "$ALIAS" > "$P12_STORE"
echo "Importing to keystore"
	sudo "$KEYTOOL" -importkeystore \
		-deststorepass "$KEYSTORE_PASSWORD" \
		-destkeypass "$KEYSTORE_PASSWORD" \
		-destkeystore "$KEYSTORE" \
		-srckeystore "$P12_STORE" \
		-srcstoretype PKCS12 \
		-srcstorepass "$TEMP_KEY" \
		-alias "$ALIAS" \
		-noprompt
echo "Cleaning up"
	rm "$P12_STORE"
}

main $@
	#!/bin/sh

	set -eu

	XMLLINT=/usr/local/bin/xmllint
	BASE64_DECODE='/usr/local/bin/python2 -m base64 -d'
	OPENSSL="/usr/bin/openssl"
	KEYTOOL="/usr/local/bin/keytool"

	PFSENSE_CONF=/cf/conf/config.xml

	TEMP_KEY="`/bin/cat /dev/random \| /usr/bin/tr -dc 'a-zA-Z0-9' \| /usr/bin/fold -w 32 \| /usr/bin/head -n1`"

	extract_private_key() {
	local RAW XPATH
	XPATH="/pfsense/cert[descr[normalize-space(.) = '$1']]/prv/text()"
	RAW="`"$XMLLINT" --xpath "$XPATH" "$PFSENSE_CONF"`"
	printf "%s\n" "`echo "$RAW" \| $BASE64_DECODE`"
	}

	extract_certificate() {
	local RAW XPATH
	XPATH="/pfsense/cert[descr[normalize-space(.) = '$1']]/crt/text()"
	RAW="`"$XMLLINT" --xpath "$XPATH" "$PFSENSE_CONF"`"
	printf "%s\n" "`echo "$RAW" \| $BASE64_DECODE`"
	}

	combine_pem() {
	local PRIVATE_KEY CERTIFICATE
	PRIVATE_KEY="`extract_private_key "$1"`"
	CERTIFICATE="`extract_certificate "$1"`"
	printf '%s\n%s\n' "$PRIVATE_KEY" "$CERTIFICATE"
	}

	extract_pkcs12() {
	combine_pem "$1" \| "$OPENSSL" pkcs12 -export \
	-name "$2" \
	-password pass:"$TEMP_KEY"
	}

	main() {
	local KEYSTORE KEYSTORE_PASSWORD P12_STORE PFSENSE_CERT_NAME ALIAS
	if [ "$#" -ne 4 ]; then
	printf "Not enough arguments.\nUsage:\n\t%s\n" \
	"$0 certificate_name /path/to/keystore keystore_password alias"
	exit 1
	fi
	PFSENSE_CERT_NAME="$1"
	KEYSTORE="$2"
	KEYSTORE_PASSWORD="$3"
	ALIAS="$4"
	echo "Creating temp file"
	P12_STORE=`mktemp` \|\| exit 2
	echo "Extracting cert+key form pfSense"
	extract_pkcs12 "$PFSENSE_CERT_NAME" "$ALIAS" > "$P12_STORE"
	echo "Importing to keystore"
	sudo "$KEYTOOL" -importkeystore \
	-deststorepass "$KEYSTORE_PASSWORD" \
	-destkeypass "$KEYSTORE_PASSWORD" \
	-destkeystore "$KEYSTORE" \
	-srckeystore "$P12_STORE" \
	-srcstoretype PKCS12 \
	-srcstorepass "$TEMP_KEY" \
	-alias "$ALIAS" \
	-noprompt
	echo "Cleaning up"
	rm "$P12_STORE"
	}

	main $@