WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity
wolfssljni/examples/provider/update-jks.sh

184 lines
8.2 KiB
Bash
Executable File
Raw Blame History

# Example KeyStore Update Script
#
# This script is Used to update all example JKS stores, using example
# certificates found in wolfSSL proper.
#
# Java KeyStores which this script creates includes:
#
# all.jks All certs
# all_mixed.jks All certs, mixed order
# client.jks RSA 2048-bit and ECC client certs
# client-rsa-1024.jks RSA 1024-bit only client cert
# client-rsa.jks RSA 2048-bit only client cert
# client-ecc.jks ECC only client cert
# server.jks RSA 2048-bit and ECC server certs
# server-rsa-1024.jks RSA 1024-bit only server cert
# server-rsa.jks RSA 2048-bit only server cert
# server-ecc.jks ECC only server cert
# cacerts.jks All CA certs (RSA, ECC, 1024, 2048, etc)
# ca-client.jks CA certs used to verify client certs
# ca-server.jks CA certs used to verify server certs
#
# NOTE: Keystores generated by this script are generated in JKS format,
# instead of the newer/better PKCS#12 format. The newer format would
# be preferred, but older versions of keytool do not support PKCS#12
# format. This would cause test failures in those older environments.
printf "Removing and updating JKS stores\n"
if [ -z "$1" ]; then
printf "\tNo directory to certs provided\n"
printf "\tExample use ./update-jks.sh ~/wolfssl/certs\n"
exit 1;
fi
CERT_LOCATION=$1
# keystore-name , cert file , alias , password
add_cert() {
keytool -import -keystore "$1" -file "$CERT_LOCATION/$2" -alias "$3" -noprompt -trustcacerts -deststoretype JKS -storepass "$4"
if [ $? -ne 0 ]; then
printf "fail"
exit 1
fi
}
# keystore-name , cert file , key file , alias , password
add_cert_key() {
openssl pkcs12 -export -in "$CERT_LOCATION/$2" -inkey "$CERT_LOCATION/$3" -out tmp.p12 -passin pass:"$5" -passout pass:"$5" -name "$4" &> /dev/null
keytool -importkeystore -deststorepass "$5" -destkeystore "$1" -deststoretype JKS -srckeystore tmp.p12 -srcstoretype PKCS12 -srcstorepass "$5" -alias "$4" &> /dev/null
if [ $? -ne 0 ]; then
printf "fail"
exit 1
fi
rm tmp.p12
}
#################### KEYSTORES WITH ALL CERTS ####################
printf "\tCreating all.jks ..."
rm all.jks &> /dev/null
add_cert_key "all.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
add_cert_key "all.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-1024" "wolfSSL test"
add_cert_key "all.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test"
add_cert_key "all.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test"
add_cert_key "all.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
add_cert_key "all.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
add_cert_key "all.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test"
add_cert_key "all.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test"
add_cert_key "all.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test"
printf "done\n"
printf "\tCreating all_mixed.jks ..."
rm all_mixed.jks &> /dev/null
add_cert_key "all_mixed.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
add_cert_key "all_mixed.jks" "/ca-cert.pem" "/ca-key.pem" "ca" "wolfSSL test"
add_cert_key "all_mixed.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-1024" "wolfSSL test"
add_cert_key "all_mixed.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
add_cert_key "all_mixed.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
add_cert_key "all_mixed.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test"
add_cert_key "all_mixed.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test"
add_cert_key "all_mixed.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test"
printf "done\n"
#################### CLIENT KEYSTORES ####################
# Client cert: both RSA 2048-bit and ECC
printf "\tCreating client.jks ..."
rm client.jks &> /dev/null
add_cert_key "client.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
add_cert_key "client.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
printf "done\n"
# Client cert: RSA, 1024-bit only
printf "\tCreating client-rsa-1024.jks ..."
rm client-rsa-1024.jks &> /dev/null
add_cert_key "client-rsa-1024.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-rsa-1024" "wolfSSL test"
printf "done\n"
# Client cert: RSA 2048-bit only
printf "\tCreating client-rsa.jks ..."
rm client-rsa.jks &> /dev/null
add_cert_key "client-rsa.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfSSL test"
printf "done\n"
# Client cert: ECC only
printf "\tCreating client-ecc.jks ..."
rm client-ecc.jks &> /dev/null
add_cert_key "client-ecc.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
printf "done\n"
# Client cert: RSAPSS only
printf "\tCreating client-rsapss.jks ..."
rm client-rsapss.jks &> /dev/null
add_cert_key "client-rsapss.jks" "/rsapss/client-rsapss.pem" "/rsapss/client-rsapss-priv.pem" "client-rsapss" "wolfSSL test"
printf "done\n"
#################### SERVER KEYSTORES ####################
# Server cert: both RSA 2048-bit and ECC
printf "\tCreating server.jks ..."
rm server.jks &> /dev/null
add_cert_key "server.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test"
add_cert_key "server.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
printf "done\n"
# Server cert: RSA, 1024-bit only
printf "\tCreating server-rsa-1024.jks ..."
rm server-rsa-1024.jks &> /dev/null
add_cert_key "server-rsa-1024.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test"
printf "done\n"
# Server cert: RSA, 2048-bit only
printf "\tCreating server-rsa.jks ..."
rm server-rsa.jks &> /dev/null
add_cert_key "server-rsa.jks" "/server-cert.pem" "/server-key.pem" "server-rsa" "wolfSSL test"
printf "done\n"
# Server cert: ECC only
printf "\tCreating server-ecc.jks ..."
rm server-ecc.jks &> /dev/null
add_cert_key "server-ecc.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
printf "done\n"
# Server cert: RSAPSS only
printf "\tCreating server-rsapss.jks ..."
rm server-rsapss.jks &> /dev/null
add_cert_key "server-rsapss.jks" "/rsapss/server-rsapss.pem" "/rsapss/server-rsapss-priv.pem" "server-rsapss" "wolfSSL test"
printf "done\n"
#################### CA CERT KEYSTORES ###################
# Contains all CA certs (RSA and ECC), verifies both client and server certs
printf "\tCreating cacerts.jks ..."
rm cacerts.jks &> /dev/null
add_cert_key "cacerts.jks" "/ca-cert.pem" "/ca-key.pem" "cacert" "wolfSSL test"
add_cert_key "cacerts.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfSSL test"
add_cert_key "cacerts.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
add_cert_key "cacerts.jks" "/ca-cert.pem" "/ca-key.pem" "ca-rsa" "wolfSSL test"
add_cert_key "cacerts.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test"
add_cert_key "cacerts.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test"
printf "done\n"
# Contains CA certs used to verify client certs:
# client-cert.pem verifies itself (self signed)
# client-ecc-cert.pem verifies itself (self signed)
# client-rsapss.pem verifies itself (self signed)
printf "\tCreating ca-client.jks ..."
rm ca-client.jks &> /dev/null
add_cert_key "ca-client.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfSSL test"
add_cert_key "ca-client.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
add_cert_key "ca-client.jks" "/rsapss/client-rsapss.pem" "/rsapss/client-rsapss-priv.pem" "client-rsapss" "wolfSSL test"
printf "done\n"
# Contains CA certs used to verify server certs:
# ca-cert.pem verifies server-cert.pem
# ca-ecc-cert.pem verifies server-ecc.pem
# ca-rsapss.pem verifies server-rsapss.pem
printf "\tCreating ca-server.jks ..."
rm ca-server.jks &> /dev/null
add_cert_key "ca-server.jks" "/ca-cert.pem" "/ca-key.pem" "ca-rsa" "wolfSSL test"
add_cert_key "ca-server.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test"
add_cert_key "ca-server.jks" "/rsapss/ca-rsapss.pem" "/rsapss/ca-rsapss-priv.pem" "ca-rsapss" "wolfSSL test"
printf "done\n"
Reference in New Issue View Git Blame Copy Permalink