copy_tls
Dan Caseley 2023-09-05 14:58:55 +01:00
parent 2c114089c9
commit 3a3a28c804
1 changed files with 52 additions and 0 deletions

View File

@ -0,0 +1,52 @@
#!/bin/bash
##### Copy a certificate from an Openfire identity store to an Openfire truststore
set -euo pipefail
# Gather parameters and check for errors
IDENTITY_STORE=$1
TRUST_STORE=$2
if [ -z "$IDENTITY_STORE" ] || [ -z "$TRUST_STORE" ]; then
echo "Usage: $0 <identity store> <trust store>"
exit 1
fi
if [ ! -f "$IDENTITY_STORE" ]; then
echo "Identity store not found: $IDENTITY_STORE"
exit 1
fi
if [ ! -f "$TRUST_STORE" ]; then
echo "Trust store not found: $TRUST_STORE"
exit 1
fi
IDENTITY_STORE=${readlink -f "$IDENTITY_STORE"}
TRUST_STORE=${readlink -f "$TRUST_STORE"}
pushd "$(mktemp -d)" || exit
# Check that there's only 1 alias in the identity store
ALIAS_COUNT=$(keytool -list -keystore "$IDENTITY_STORE" -storepass changeit | grep --count "Alias name:")
if [ "$ALIAS_COUNT" -ne 1 ]; then
echo "Expected 1 alias in identity store, found $ALIAS_COUNT"
exit 1
fi
# Get Alias Name from identity store
ALIAS_NAME=$(keytool -list -keystore "$IDENTITY_STORE" -storepass changeit | grep "Alias name:" | awk '{print $3}')
# Get DER from identity store
keytool -exportcert -alias "$ALIAS_NAME" -keystore "$IDENTITY_STORE" -storepass changeit -file openfire.der
# Convert DER to PEM
openssl x509 -inform der -in openfire.der -out openfire.pem
# Import PEM into trust store
keytool -importcert -alias "$ALIAS_NAME" -keystore "$TRUST_STORE" -storepass changeit -file openfire.pem -noprompt