Created
February 12, 2014 05:03
-
-
Save quickshiftin/8950322 to your computer and use it in GitHub Desktop.
Convert a set of Apache ssl certificates to a format suitable for Jetty
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ----------------------------------------------------------------------------------- | |
| # pem2pkcs12.sh | |
| # (c) Nathan Nobbe 2014 | |
| # quickshiftin@gmail.com | |
| # http://quickshiftin.com | |
| # | |
| # Use this script to convert a set of apache ssl certificates to a format suitable | |
| # for Jetty. | |
| # | |
| # Referenced this article: | |
| # http://docs.codehaus.org/display/JETTY/How+to+configure+SSL#HowtoconfigureSSL-step3 | |
| # ----------------------------------------------------------------------------------- | |
| ## | |
| # Remove the keystore && temp cert chain if present | |
| ## | |
| function cleanup | |
| { | |
| rm $KEYSTORE_PATH $TEMP_CERT_CHAIN_FILE 2>/dev/null | |
| } | |
| ## | |
| ## ------------------------------ | |
| ## crt related functions | |
| ## ------------------------------ | |
| ## | |
| ## | |
| # Concatenate a private key file with a set of intermediate | |
| # certificates into a single cert-chain file. | |
| # | |
| # @param string crt_file | |
| # @param string cert_chain the cert chain file | |
| # @param string intermediate_file any number of intermediate files (in order) | |
| # | |
| ## | |
| function crt_build_chain | |
| { | |
| crt_file=$1 # the .crt file | |
| cert_chain=$2 # the concatenated cert chain file | |
| command="cat $crt_file" | |
| # any addtional arguments are added in order to the command | |
| num_args=$# | |
| for arg in $(seq $num_args) | |
| do | |
| if [ "$arg" -gt 2 ]; then | |
| command="$command ${!arg}" | |
| fi | |
| done | |
| command="$command > $cert_chain" | |
| echo $command | |
| eval $command # would $(command) be any better ?? | |
| } | |
| ## | |
| # The following openssl command will combine the keys in jetty.key | |
| # and the certificate in the jetty.crt file into the jetty.pkcs12 file. | |
| # | |
| # @note If you need to build a cert chain from a set of intermediate certs | |
| # use crt_build_chain. | |
| # | |
| # @param string key_file | |
| # @param string crt_file | |
| # @param string pkcs12_file | |
| ## | |
| function crt_to_pkcs12 | |
| { | |
| key_file=$1 | |
| crt_file=$2 | |
| pkcs12_file=$3 | |
| echo "openssl pkcs12 -inkey $key_file -in $crt_file -export -out $pkcs12_file" | |
| openssl pkcs12 -inkey $key_file -in $crt_file -export -out $pkcs12_file | |
| } | |
| ## | |
| ## ------------------------------ | |
| ## keystore related functions | |
| ## ------------------------------ | |
| ## | |
| ## | |
| # Import a pcks12 file into a JSSE keystore file. | |
| # | |
| # @param string pkcs12_file | |
| ## | |
| function keystore_load_pkcs12 | |
| { | |
| pkcs12_file=$1 | |
| echo "keytool -importkeystore -srckeystore $pkcs12_file -srcstoretype PKCS12 -destkeystore $KEYSTORE_PATH" | |
| keytool -importkeystore -srckeystore $pkcs12_file -srcstoretype PKCS12 -destkeystore $KEYSTORE_PATH | |
| } | |
| ## | |
| # Load a .crt certificate file into a keystore. | |
| # | |
| # @param string crt_file .crt private key file | |
| # @param bool trust_cert wheter or not to pass -trustcacerts | |
| ## | |
| function keystore_load_crt | |
| { | |
| crt_file=$1 | |
| trust_certs=$2 # boolean to toggle -trustcacerts option | |
| if [ -n "$trust_certs" ]; then | |
| echo "keytool -keystore $KEYSTORE_PATH -import -alias jetty -file $crt_file -trustcacerts" | |
| keytool -keystore $KEYSTORE_PATH -import -alias jetty -file $crt_file -trustcacerts | |
| else | |
| echo "keytool -keystore $KEYSTORE_PATH -import -alias jetty -file $crt_file" | |
| keytool -keystore $KEYSTORE_PATH -import -alias jetty -file $crt_file | |
| fi | |
| } | |
| # ---------------------------------- | |
| # KEYSTORE FILE | |
| # ---------------------------------- | |
| TEMP_CERT_CHAIN_FILE=/tmp/chain.crt | |
| # function local to this script to print usage info | |
| function usage | |
| { | |
| echo 'pem2pkcs12 <keystore_path> <key_file> <cert_file> <pkcs_file> [trust_ca_certs] [cert_chain|intermediate cert list]' | |
| echo Create a pkcs12 representation of PEM encoded SSL files | |
| echo The last argument may be a single file or a commad-delimited list of files | |
| exit 0 | |
| } | |
| # ------------------------------------------------------------ | |
| # required args | |
| # ------------------------------------------------------------ | |
| num_args=$# | |
| keystore_path=$1 | |
| key_file=$2 | |
| cert_file=$3 | |
| pkcs12_file=$4 | |
| # ------------------------------------------------------------ | |
| # optional args | |
| # ------------------------------------------------------------ | |
| trust_ca_certs=$5 | |
| cert_chain=$6 | |
| # ------------------------------------------------------------ | |
| # bail if we're missing required args | |
| # ------------------------------------------------------------ | |
| if [ "$num_args" -lt "4" ]; then | |
| usage | |
| fi | |
| # Bail if the keystore directory doesn't exist | |
| if [ ! -d "$1" ]; then | |
| echo Directory $1 doesn\'t exist | |
| exit | |
| fi | |
| # ---------------------------------- | |
| # CONFIGURATION OPTIONS | |
| # ---------------------------------- | |
| # ---------------------------------- | |
| # WORKING DIRECTORY FOR TEMP FILES | |
| # ---------------------------------- | |
| WORKING_DIR=/tmp | |
| # ---------------------------------- | |
| # KEYSTORE FILE & ABS PATH | |
| # ---------------------------------- | |
| KEYSTORE_FILE=keystore | |
| KEYSTORE_PATH="${1}${KEYSTORE_FILE}" | |
| cleanup | |
| # ------------------------------------------------------------ | |
| # if there are more than 5 inputs assume the variable notation | |
| # for intermediate files (rather than a single file) | |
| # ------------------------------------------------------------ | |
| if [ "$num_args" -ge 5 ]; then | |
| echo 'building cert chain from intermediate files' | |
| files='' | |
| for arg in $(seq $num_args) | |
| do | |
| if [ "$arg" -ge 5 ]; then | |
| files="$files ${!arg}" | |
| fi | |
| done | |
| cert_chain=$TEMP_CERT_CHAIN_FILE | |
| eval "crt_build_chain $cert_file $cert_chain $files" | |
| fi | |
| # ------------------------------------------------------------ | |
| # load crt into keystore | |
| # ------------------------------------------------------------ | |
| echo 'loading crt into keystore' | |
| if [ -n "trust_ca_certs" ]; then | |
| keystore_load_crt $cert_file 1 | |
| else | |
| keystore_load_crt $cert_file $trust_ca_certs | |
| fi | |
| # ------------------------------------------------------------ | |
| # create the pkcs12 representation of the .crt file | |
| # start by building the cert chain if need be | |
| # ------------------------------------------------------------ | |
| echo 'building cert chain' | |
| if [ "$num_args" -lt 5 ]; then | |
| # buid without a cert chain | |
| crt_to_pkcs12 $key_file $cert_file $pkcs12_file | |
| else | |
| crt_to_pkcs12 $key_file $cert_chain $pkcs12_file | |
| fi | |
| # ------------------------------------------------------------ | |
| # load the new pkcs12 file into the keystore | |
| # ------------------------------------------------------------ | |
| keystore_load_pkcs12 $pkcs12_file |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment