Skip to content

Instantly share code, notes, and snippets.

@tterem
Created April 18, 2019 09:07
Show Gist options
  • Save tterem/8c4891641eddd6f070c6cdc738738c34 to your computer and use it in GitHub Desktop.
Save tterem/8c4891641eddd6f070c6cdc738738c34 to your computer and use it in GitHub Desktop.
Generate keystores for RESTEasy client ssl tests
#!/bin/bash
PASS="123456"
DN_SERVER="server"
DN_CLIENT="client"
VALIDITY=10000
DIR=$1
HOST="localhost"
cd ${DIR}
rm -f client.* server.* client-wrong-hostname.* client-different-cert.* server-wrong-hostname.* server-different-cert.* server-wildcard-hostname.* client-wildcard-hostname.*
function generate_keystore
{
FILE_NAME=$1
DN=$2
HOST_NAME=$3
PASSWORD=$4
local_openssl_config="
[ req ]
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = san_self_signed
[ req_distinguished_name ]
CN=$DN
[ san_self_signed ]
subjectAltName = DNS:$HOST_NAME
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = CA:true
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyCertSign, cRLSign
extendedKeyUsage = serverAuth, clientAuth, timeStamping
"
openssl req \
-newkey rsa:2048 -nodes \
-keyout "test.key.pem" \
-x509 -sha256 -days $VALIDITY \
-config <(echo "$local_openssl_config") \
-out "test.cert.pem"
openssl x509 -noout -text -in "test.cert.pem"
openssl pkcs12 -export -in test.cert.pem -inkey test.key.pem -out $FILE_NAME.p12 -name $DN -passout pass:$PASSWORD
keytool -importkeystore -destkeystore $FILE_NAME.keystore -deststorepass $PASSWORD -srckeystore $FILE_NAME.p12 -srcstoretype PKCS12 -srcstorepass $PASSWORD
rm -f test.cert.pem test.key.pem
# keytool -genkey \
# -keyalg RSA \
# -alias $DN \
# -keystore $FILE_NAME \
# -storepass $PASSWORD \
# -validity $VALIDITY \
# -keysize 2048 \
# -keypass $PASSWORD \
# -dname 'CN=Tomas, OU=Tomas, O=Tomas, L=Brno, ST=Czech Republic, C=CZ' \
# -ext "SAN=dns:localhost,ip:$HOST_NAME"
# keytool -importkeystore -srckeystore $FILE_NAME \
# -destkeystore ${FILE_NAME%.*}.p12 -deststoretype PKCS12 \
# -srcstorepass $PASSWORD -deststorepass $PASSWORD
}
function export_certificate
{
FILE_NAME=$1
ALIAS=$2
EXPORT_FILE_NAME=$3
PASSWORD=$4
keytool -export -alias $ALIAS -keystore $FILE_NAME -storepass $PASSWORD -file $EXPORT_FILE_NAME
}
function import_certificate
{
FILE_NAME=$1
ALIAS=$2
IMPORT_FILE_NAME=$3
PASSWORD=$4
keytool -import -noprompt -alias $ALIAS -keystore $FILE_NAME -storepass $PASSWORD -file $IMPORT_FILE_NAME
}
generate_keystore "server" "$DN_SERVER" "$HOST" "$PASS"
generate_keystore "client" "$DN_CLIENT" "$HOST" "$PASS"
generate_keystore "server-wrong-hostname" "$DN_SERVER" "abc" "$PASS"
generate_keystore "client-wrong-hostname" "$DN_CLIENT" "$HOST" "$PASS"
generate_keystore "server-wildcard-hostname" "$DN_SERVER" "*host" "$PASS"
generate_keystore "client-wildcard-hostname" "$DN_CLIENT" "$HOST" "$PASS"
generate_keystore "server-different-cert" "$DN_SERVER" "$HOST" "$PASS"
generate_keystore "client-different-cert" "$DN_CLIENT" "$HOST" "$PASS"
export_certificate "server.keystore" "$DN_SERVER" "server.crt" "$PASS"
export_certificate "client.keystore" "$DN_CLIENT" "client.crt" "$PASS"
export_certificate "server-wrong-hostname.keystore" "$DN_SERVER" "server-wrong-hostname.crt" "$PASS"
export_certificate "client-wrong-hostname.keystore" "$DN_CLIENT" "client-wrong-hostname.crt" "$PASS"
export_certificate "server-wildcard-hostname.keystore" "$DN_SERVER" "server-wildcard-hostname.crt" "$PASS"
export_certificate "client-wildcard-hostname.keystore" "$DN_CLIENT" "client-wildcard-hostname.crt" "$PASS"
export_certificate "server-different-cert.keystore" "$DN_SERVER" "server-different-cert.crt" "$PASS"
export_certificate "client-different-cert.keystore" "$DN_CLIENT" "client-different-cert.crt" "$PASS"
import_certificate "server.truststore" "$DN_CLIENT" "client.crt" "$PASS"
import_certificate "client.truststore" "$DN_SERVER" "server.crt" "$PASS"
import_certificate "server-wrong-hostname.truststore" "$DN_CLIENT" "client-wrong-hostname.crt" "$PASS"
import_certificate "client-wrong-hostname.truststore" "$DN_SERVER" "server-wrong-hostname.crt" "$PASS"
import_certificate "server-wildcard-hostname.truststore" "$DN_CLIENT" "client-wildcard-hostname.crt" "$PASS"
import_certificate "client-wildcard-hostname.truststore" "$DN_SERVER" "server-wildcard-hostname.crt" "$PASS"
import_certificate "server-different-cert.truststore" "$DN_CLIENT" "client-different-cert.crt" "$PASS"
import_certificate "client-different-cert.truststore" "$DN_SERVER" "server-different-cert.crt" "$PASS"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment