Igor Kulikov
4 years ago
committed by
GitHub
GitHub
42 changed files with 1163 additions and 1300 deletions
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1,359 +0,0 @@ |
|||
#!/bin/sh |
|||
# |
|||
# Copyright © 2016-2021 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
#/home/nick/Igor_project/Thingsboard_Perfrmance_test/performance-tests/src/main/resources/credentials/shell/lwM2M_credentials.sh -p LwX509 -s 0 -f 2000 -a client_alias_ -e client_self_signed_ -b bootstrap -d server -j serverKeyStore.jks -k clientKeyStore.jks -c client_ks_password -w server_ks_password |
|||
|
|||
#p) CLIENT_CN=$CLIENT_PREFIX00000000 |
|||
#s) client_start=0 |
|||
#f) client_finish=1 |
|||
#a) CLIENT_ALIAS=CLIENT_ALIAS_PREFIX_00000000 |
|||
#e) CLIENT_SELF_ALIAS=CLIENT_SELF_ALIAS_PREFIX_00000000 |
|||
#b) BOOTSTRAP_ALIAS=bootstrap |
|||
#d) SERVER_ALIAS=server |
|||
#j) SERVER_STORE=serverKeyStore.jks |
|||
#k) CLIENT_STORE=clientKeyStore.jks |
|||
#c) CLIENT_STORE_PWD=client_ks_password |
|||
#w) SERVER_STORE_PWD=server_ks_password |
|||
#l) ROOT_KEY_ALIAS=root_key_alias |
|||
|
|||
while getopts p:s:f:a:e:b:d:j:k:c:w:l: flag; do |
|||
case "${flag}" in |
|||
p) client_pref=${OPTARG} ;; |
|||
s) client_start=${OPTARG} ;; |
|||
f) client_finish=${OPTARG} ;; |
|||
a) client_alias_pref=${OPTARG} ;; |
|||
e) client_self_alias_pref=${OPTARG} ;; |
|||
b) bootstrap_alias=${OPTARG} ;; |
|||
d) server_alias=${OPTARG} ;; |
|||
j) key_store_server_file=${OPTARG} ;; |
|||
k) key_store_client_file=${OPTARG} ;; |
|||
c) client_key_store_pwd=${OPTARG} ;; |
|||
w) server_key_store_pwd=${OPTARG} ;; |
|||
w) root_key_alias=${OPTARG} ;; |
|||
esac |
|||
done |
|||
|
|||
# cd to dir of script |
|||
script_dir=$(dirname $0) |
|||
echo "script_dir: $script_dir" |
|||
cd $script_dir |
|||
# source the properties: |
|||
. ./lwM2M_keygen.properties |
|||
|
|||
if [ -n "$client_pref" ]; then |
|||
CLIENT_PREFIX=$client_pref |
|||
fi |
|||
|
|||
if [ -z "$client_start" ]; then |
|||
client_start=0 |
|||
fi |
|||
|
|||
if [ -z "$client_finish" ]; then |
|||
client_finish=1 |
|||
fi |
|||
|
|||
if [ -n "$client_alias_pref" ]; then |
|||
CLIENT_ALIAS_PREFIX=$client_alias_pref |
|||
fi |
|||
|
|||
if [ -n "$client_self_alias_pref" ]; then |
|||
CLIENT_SELF_ALIAS_PREFIX=$client_self_alias_pref |
|||
fi |
|||
|
|||
if [ -n "$bootstrap_alias" ]; then |
|||
BOOTSTRAP_ALIAS=$bootstrap_alias |
|||
fi |
|||
|
|||
if [ -n "$server_alias" ]; then |
|||
SERVER_ALIAS=$server_alias |
|||
fi |
|||
|
|||
if [ -n "$key_store_server_file" ]; then |
|||
SERVER_STORE=$key_store_server_file |
|||
fi |
|||
|
|||
if [ -n "$key_store_client_file" ]; then |
|||
CLIENT_STORE=$key_store_client_file |
|||
fi |
|||
|
|||
if [ -n "$client_key_store_pwd" ]; then |
|||
CLIENT_STORE_PWD=$client_key_store_pwd |
|||
fi |
|||
|
|||
if [ -n "$server_key_store_pwd" ]; then |
|||
SERVER_STORE_PWD=$server_key_store_pwd |
|||
fi |
|||
|
|||
if [ -n "$root_key_alias" ]; then |
|||
ROOT_KEY_ALIAS=$root_key_alias |
|||
fi |
|||
|
|||
CLIENT_NUMBER=$client_start |
|||
|
|||
echo "==Start==" |
|||
echo "CLIENT_PREFIX: $CLIENT_PREFIX" |
|||
echo "client_start: $client_start" |
|||
echo "client_finish: $client_finish" |
|||
echo "CLIENT_ALIAS_PREFIX: $CLIENT_ALIAS_PREFIX" |
|||
echo "CLIENT_SELF_ALIAS_PREFIX: $CLIENT_SELF_ALIAS_PREFIX" |
|||
echo "BOOTSTRAP_ALIAS: $BOOTSTRAP_ALIAS" |
|||
echo "SERVER_ALIAS: $SERVER_ALIAS" |
|||
echo "SERVER_STORE: $SERVER_STORE" |
|||
echo "CLIENT_STORE: $CLIENT_STORE" |
|||
echo "CLIENT_STORE_PWD: $CLIENT_STORE_PWD" |
|||
echo "SERVER_STORE_PWD: $SERVER_STORE_PWD" |
|||
echo "CLIENT_NUMBER: $CLIENT_NUMBER" |
|||
echo "ROOT_KEY_ALIAS: $ROOT_KEY_ALIAS" |
|||
|
|||
end_point() { |
|||
echo "$CLIENT_PREFIX$(printf "%08d" $CLIENT_NUMBER)" |
|||
} |
|||
|
|||
client_alias_point() { |
|||
echo "$CLIENT_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)" |
|||
} |
|||
|
|||
client_self_alias_point() { |
|||
echo "$CLIENT_SELF_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)" |
|||
} |
|||
|
|||
# Generation of the keystore. |
|||
echo "${H0}====START========${RESET}" |
|||
echo "${H1}Server Keystore : ${RESET}" |
|||
echo "${H1}==================${RESET}" |
|||
echo "${H2}Creating the trusted root CA key and certificate...${RESET}" |
|||
# -keysize |
|||
# 1024 (when using -genkeypair) |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$ROOT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $SERVER_STORE_PWD \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
|
|||
echo |
|||
echo "${H2}Creating server key and self-signed certificate ...${RESET}" |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $SERVER_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$SERVER_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $SERVER_STORE_PWD \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $SERVER_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $SERVER_SELF_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-noprompt |
|||
|
|||
echo |
|||
echo "${H2}Creating server certificate signed by root CA...${RESET}" |
|||
keytool \ |
|||
-certreq \ |
|||
-alias $SERVER_ALIAS \ |
|||
-dname "CN=$SERVER_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-gencert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-storetype $STORETYPE \ |
|||
-validity $VALIDITY | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $SERVER_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
|
|||
echo |
|||
echo "${H2}Creating bootstrap key and self-signed certificate ...${RESET}" |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$BOOTSTRAP_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $SERVER_STORE_PWD \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $BOOTSTRAP_SELF_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-noprompt |
|||
|
|||
echo |
|||
echo "${H2}Creating bootstrap certificate signed by root CA...${RESET}" |
|||
keytool \ |
|||
-certreq \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-dname "CN=$BOOTSTRAP_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-gencert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-storetype $STORETYPE \ |
|||
-validity $VALIDITY | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
|
|||
if [ "$client_start" -lt "$client_finish" ]; then |
|||
echo |
|||
echo "${H2}Import root certificate just to be able to import need by root CA with expected CN to $CLIENT_STORE${RESET}" |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD \ |
|||
-noprompt |
|||
fi |
|||
|
|||
cert_end_point() { |
|||
echo |
|||
echo "${H1}Client Keystore : ${RESET}" |
|||
echo "${H1}==================${RESET}" |
|||
echo "${H2}Creating client key and self-signed certificate with expected CN CLIENT_ALIAS: $CLIENT_ALIAS${RESET}" |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$CLIENT_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $CLIENT_STORE_PWD \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $CLIENT_SELF_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD \ |
|||
-noprompt |
|||
# |
|||
# echo |
|||
# echo "${H2}Import root certificate just to be able to import ned by root CA with expected CN...${RESET}" |
|||
# keytool \ |
|||
# -exportcert \ |
|||
# -alias $ROOT_KEY_ALIAS \ |
|||
# -keystore $SERVER_STORE \ |
|||
# -storepass $SERVER_STORE_PWD | |
|||
# keytool \ |
|||
# -importcert \ |
|||
# -alias $ROOT_KEY_ALIAS \ |
|||
# -keystore $CLIENT_STORE \ |
|||
# -storepass $CLIENT_STORE_PWD \ |
|||
# -noprompt |
|||
# |
|||
|
|||
echo |
|||
echo "${H2}Creating client certificate signed by root CA with expected CN CLIENT_ALIAS: $CLIENT_ALIAS CLIENT_CN: $CLIENT_CN${RESET}" |
|||
keytool \ |
|||
-certreq \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-dname "CN=$CLIENT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD | |
|||
keytool \ |
|||
-gencert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-storetype $STORETYPE \ |
|||
-validity $VALIDITY | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD \ |
|||
-noprompt |
|||
} |
|||
|
|||
if [ "$client_start" -lt "$client_finish" ]; then |
|||
echo |
|||
echo "==Start Client==" |
|||
while [ "$CLIENT_NUMBER" -lt "$client_finish" ]; do |
|||
echo "number $CLIENT_NUMBER" |
|||
echo "finish $client_finish" |
|||
CLIENT_CN=$(end_point) |
|||
CLIENT_ALIAS=$(client_alias_point) |
|||
CLIENT_SELF_ALIAS=$(client_self_alias_point) |
|||
echo "CLIENT_CN $CLIENT_CN" |
|||
echo "CLIENT_ALIAS $CLIENT_ALIAS" |
|||
echo "CLIENT_SELF_ALIAS $CLIENT_SELF_ALIAS" |
|||
cert_end_point |
|||
CLIENT_NUMBER=$(($CLIENT_NUMBER + 1)) |
|||
echo |
|||
done |
|||
fi |
|||
|
|||
echo |
|||
echo "${H0}!!! Warning ${H2}Migrate ${H1}${SERVER_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}" |
|||
keytool \ |
|||
-importkeystore \ |
|||
-srckeystore $SERVER_STORE \ |
|||
-destkeystore $SERVER_STORE \ |
|||
-deststoretype pkcs12 \ |
|||
-srcstorepass $SERVER_STORE_PWD |
|||
|
|||
if [ "$client_start" -lt "$client_finish" ]; then |
|||
echo |
|||
echo "${H0}!!! Warning ${H2}Migrate ${H1}${CLIENT_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}" |
|||
keytool \ |
|||
-importkeystore \ |
|||
-srckeystore $CLIENT_STORE \ |
|||
-destkeystore $CLIENT_STORE \ |
|||
-deststoretype pkcs12 \ |
|||
-srcstorepass $CLIENT_STORE_PWD |
|||
fi |
|||
@ -1,57 +0,0 @@ |
|||
# |
|||
# Copyright © 2016-2017 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
# Keystore common parameters |
|||
ROOT_KEY_ALIAS=rootCA |
|||
DOMAIN_SUFFIX="$(hostname)" |
|||
ROOT_CN="$DOMAIN_SUFFIX $ROOT_KEY_ALIAS" |
|||
ORGANIZATIONAL_UNIT=Thingsboard |
|||
ORGANIZATION=Thingsboard |
|||
CITY=SF |
|||
STATE_OR_PROVINCE=CA |
|||
TWO_LETTER_COUNTRY_CODE=US |
|||
VALIDITY=36500 #days |
|||
STORETYPE="JKS" |
|||
|
|||
#Server |
|||
SERVER_STORE=serverKeyStore1.jks |
|||
SERVER_STORE_PWD=server_ks_password1 |
|||
SERVER_ALIAS=server1 |
|||
SERVER_CN="$DOMAIN_SUFFIX server LwM2M signed by root CA" |
|||
SERVER_SELF_ALIAS=server_self_signed |
|||
SERVER_SELF_CN="$DOMAIN_SUFFIX server LwM2M self-signed" |
|||
BOOTSTRAP_ALIAS=bootstrap1 |
|||
BOOTSTRAP_CN="$DOMAIN_SUFFIX bootstrap server LwM2M signed by root CA" |
|||
BOOTSTRAP_SELF_ALIAS=bootstrap_self_signed |
|||
BOOTSTRAP_SELF_CN="$DOMAIN_SUFFIX bootstrap server LwM2M self-signed" |
|||
|
|||
# Client |
|||
CLIENT_STORE=clientKeyStore1.jks |
|||
CLIENT_STORE_PWD=client_ks_password1 |
|||
CLIENT_ALIAS_PREFIX=client_alias_1 |
|||
CLIENT_PREFIX=LwX509___ |
|||
CLIENT_SELF_ALIAS_PREFIX=client_self_signed_1 |
|||
CLIENT_SELF_CN="$DOMAIN_SUFFIX client LwM2M self-signed" |
|||
|
|||
# Color output stuff |
|||
red=`tput setaf 1` |
|||
green=`tput setaf 2` |
|||
blue=`tput setaf 4` |
|||
bold=`tput bold` |
|||
H0=${red}${bold} |
|||
H1=${green}${bold} |
|||
H2=${blue} |
|||
RESET=`tput sgr0` |
|||
Binary file not shown.
@ -0,0 +1,423 @@ |
|||
#!/usr/bin/env bash |
|||
# |
|||
# Copyright © 2016-2021 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
|
|||
# Change working directory |
|||
cd -- "$( |
|||
dirname "${0}" |
|||
)" || exit 1 |
|||
|
|||
readonly TRUST_PATH="Trust" |
|||
readonly CA_ROOT_CERT_KEY="ca-root" |
|||
readonly CA_ROOT_ALIAS="root" |
|||
readonly CA_INTERMEDIATE_CERT_KEY_PREF="intermediate_ca" |
|||
CA_INTERMEDIATE_START=0 |
|||
CA_INTERMEDIATE_FINISH=2 |
|||
CA_INTERMEDIATE_NUMBER=${CA_INTERMEDIATE_START} |
|||
CA_INTERMEDIATE_CERT_SIGN=${CA_ROOT_CERT_KEY} |
|||
CA_LIST_CERT_FOR_CAT="" |
|||
readonly CA_TRUST_STORE_ALL_CHAIN="lwm2mtruststorechain" |
|||
readonly CA_TRUST_STORE_PWD="server_ks_password" |
|||
readonly CA_TRUST_CERT_ALIAS="root" |
|||
readonly CA_TRUST_CERT_CHAIN_JKS="lwm2mtruststorechain" |
|||
readonly CA_TRUST_STORE_CHAIN_ALIAS="trust_cert_chain_alias" |
|||
|
|||
readonly CLIENT_PATH="Client" |
|||
readonly CLIENT_JKS_FOR_TEST="lwm2mclient" |
|||
readonly CLIENT_CERT_KEY_PREF="LwX509" |
|||
readonly CLIENT_CERT_ALIAS_PREF="client_alias_" |
|||
readonly CLIENT_STORE_PWD="client_ks_password" |
|||
readonly CLIENT_HOST_NAME="thingsboard_test.io" |
|||
|
|||
readonly TRUST_NO_PATH="TrustNo" |
|||
readonly CA_ROOT_NO_ALIAS="root-no" |
|||
readonly CLIENT_CERT_TRUST_NO_KEY="LwX509TrustNo" |
|||
readonly CLIENT_CERT_ALIAS_TRUST_NO="client_alias_trust_no" |
|||
|
|||
CLIENT_START=0 |
|||
CLIENT_FINISH=1 |
|||
CLIENT_NUMBER=${CLIENT_START} |
|||
|
|||
SERVER_HOST_NAME="localhost.localdomain" |
|||
SERVER_LOCAL_HOST_NAME="localhost" |
|||
SERVER_PUBLIC_HOST_NAMES="-" |
|||
|
|||
readonly CF_COMMANDS=" |
|||
cfssl |
|||
cfssljson |
|||
" |
|||
|
|||
if [ ! -z "$1" ]; then |
|||
CA_INTERMEDIATE_START=$1 |
|||
CA_INTERMEDIATE_NUMBER=${CA_INTERMEDIATE_START} |
|||
fi |
|||
|
|||
if [ ! -z "$2" ]; then |
|||
CA_INTERMEDIATE_FINISH=$2 |
|||
fi |
|||
|
|||
if [ ! -z "$3" ]; then |
|||
CLIENT_START=$1 |
|||
CLIENT_NUMBER=${CLIENT_START} |
|||
fi |
|||
|
|||
if [ ! -z "$4" ]; then |
|||
CLIENT_FINISH=$4 |
|||
fi |
|||
|
|||
# Change working directory |
|||
rm -rf ${TRUST_PATH} |
|||
mkdir -p ${TRUST_PATH} |
|||
rm -rf ${TRUST_NO_PATH} |
|||
mkdir -p ${TRUST_NO_PATH} |
|||
rm -rf ${CLIENT_PATH} |
|||
mkdir -p ${CLIENT_PATH} |
|||
cd -- "$( |
|||
dirname "${0}" |
|||
)" || exit 1 |
|||
|
|||
|
|||
rm *.csr |
|||
rm *.p12 |
|||
rm *.json |
|||
rm *.pem |
|||
rm *.jks |
|||
|
|||
intermediate_common_name() { |
|||
echo "${CA_INTERMEDIATE_CERT_KEY_PREF}${CA_INTERMEDIATE_NUMBER}" |
|||
} |
|||
|
|||
set_list_sert_for_cat() { |
|||
local first="$1" |
|||
echo "$first ${CA_LIST_CERT_FOR_CAT}" |
|||
} |
|||
|
|||
client_common_name() { |
|||
echo "${CLIENT_CERT_KEY_PREF}$(printf "%08d" ${CLIENT_NUMBER})" |
|||
} |
|||
|
|||
client_alias_name() { |
|||
echo "${CLIENT_CERT_ALIAS_PREF}$(printf "%08d" ${CLIENT_NUMBER})" |
|||
} |
|||
|
|||
for COMMAND in ${CF_COMMANDS}; do |
|||
if ! command -v ${COMMAND} &> /dev/null; then |
|||
echo "ERROR: Missing command ${COMMAND}" >&2 |
|||
echo "Install the package from: https://pkg.cfssl.org/" >&2 |
|||
exit 1 |
|||
fi |
|||
done |
|||
|
|||
tee ./${TRUST_PATH}/ca-config.json 1> /dev/null <<-CONFIG |
|||
{ |
|||
"signing": { |
|||
"default": { |
|||
"expiry": "8760h", |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
] |
|||
}, |
|||
"profiles": { |
|||
"server": { |
|||
"expiry": "43800h", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"signing", |
|||
"key encipherment", |
|||
"server auth" |
|||
] |
|||
}, |
|||
"client": { |
|||
"expiry": "43800h", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"signing", |
|||
"key encipherment", |
|||
"client auth" |
|||
] |
|||
}, |
|||
"client-server": { |
|||
"expiry": "43800h", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"signing", |
|||
"key encipherment", |
|||
"server auth", |
|||
"client auth" |
|||
] |
|||
} |
|||
} |
|||
} |
|||
} |
|||
CONFIG |
|||
|
|||
tee ./${TRUST_PATH}/ca-root-to-intermediate-config.json 1> /dev/null <<-CONFIG |
|||
{ |
|||
"signing": { |
|||
"default": { |
|||
"expiry": "43800h", |
|||
"ca_constraint": { |
|||
"is_ca": true, |
|||
"max_path_len": 0, |
|||
"max_path_len_zero": true |
|||
}, |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"digital signature", |
|||
"cert sign", |
|||
"crl sign", |
|||
"signing" |
|||
] |
|||
} |
|||
} |
|||
} |
|||
CONFIG |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate the root of certificates: \n-${CA_ROOT_CERT_KEY}-key.pem (certificate key)\n-${CA_ROOT_CERT_KEY}.pem (certificate)\n-${CA_ROOT_CERT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl genkey \ |
|||
-initca \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${TRUST_PATH}/${CA_ROOT_CERT_KEY} |
|||
{ |
|||
"CN": "ROOT CA", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
], |
|||
"ca": { |
|||
"expiry": "131400h" |
|||
} |
|||
} |
|||
CONFIG |
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_PATH}/${CA_ROOT_CERT_KEY}.pem) |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the intermediates of our certificates: \n-${CA_INTERMEDIATE_CERT_KEY_PREF}?-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.csr (sign request)" |
|||
echo "====================================================" |
|||
|
|||
while [[ ${CA_INTERMEDIATE_NUMBER} -lt ${CA_INTERMEDIATE_FINISH} ]]; |
|||
do |
|||
CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name) |
|||
CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1)) |
|||
|
|||
cfssl gencert \ |
|||
-ca ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \ |
|||
-ca-key ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \ |
|||
-config ./${TRUST_PATH}/ca-root-to-intermediate-config.json \ |
|||
-hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY} |
|||
{ |
|||
"CN": "${CA_INTERMEDIATE_CERT_KEY}", |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
] |
|||
} |
|||
CONFIG |
|||
#openssl x509 -in ${CA_INTERMEDIATE_CERT_KEY}.pem -text -noout |
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem) |
|||
CA_INTERMEDIATE_CERT_SIGN=${CA_INTERMEDIATE_CERT_KEY} |
|||
done |
|||
|
|||
echo "====================================================" |
|||
echo -e "Add the CA_certificate to keystore: ${CA_TRUST_CERT_CHAIN_JKS}.jks" |
|||
echo "====================================================" |
|||
cat ${CA_LIST_CERT_FOR_CAT} > ./${TRUST_PATH}/${CA_TRUST_STORE_ALL_CHAIN}.pem |
|||
openssl pkcs12 -export -in ./${TRUST_PATH}/${CA_TRUST_STORE_ALL_CHAIN}.pem -inkey ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem -out ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.p12 -name ${CA_TRUST_STORE_CHAIN_ALIAS} -CAfile ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_ALIAS} -passin pass:${CA_TRUST_STORE_PWD} -passout pass:${CA_TRUST_STORE_PWD} |
|||
keytool -importkeystore -deststorepass ${CA_TRUST_STORE_PWD} -destkeypass ${CA_TRUST_STORE_PWD} -destkeystore ./${TRUST_PATH}/${CA_TRUST_CERT_CHAIN_JKS}.jks -srckeystore ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${CA_TRUST_STORE_PWD} -alias ${CA_TRUST_STORE_CHAIN_ALIAS} |
|||
|
|||
keytool -list -v -keystore ./${TRUST_PATH}/lwm2mtruststorechain.jks -storepass server_ks_password -storetype PKCS12 |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the clients of our certificates: \n-${CLIENT_CERT_KEY_PREF}?-key.pem (certificate key)\n-${CLIENT_CERT_KEY_PREF}?.pem (certificate)\n-${CCLIENT_CERT_KEY_PREF}?.csr (sign request)" |
|||
echo "====================================================" |
|||
|
|||
|
|||
while [[ ${CLIENT_NUMBER} -lt ${CLIENT_FINISH} ]]; |
|||
do |
|||
CLIENT_CERT_KEY=$(client_common_name) |
|||
CLIENT_CERT_ALIAS=$(client_alias_name) |
|||
CLIENT_NUMBER=$((${CLIENT_NUMBER} + 1)) |
|||
|
|||
cfssl gencert \ |
|||
-ca ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \ |
|||
-ca-key ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \ |
|||
-config ./${TRUST_PATH}/ca-config.json \ |
|||
-profile client \ |
|||
-hostname "${CLIENT_HOST_NAME}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${CLIENT_PATH}/${CLIENT_CERT_KEY} |
|||
{ |
|||
"CN": "${CLIENT_CERT_KEY}" |
|||
} |
|||
CONFIG |
|||
|
|||
echo "====================================================" |
|||
echo -e "Add the client certificate (${CLIENT_CERT_KEY}.pem) to keystore: ${CLIENT_JKS_FOR_TEST}.jks" |
|||
echo "====================================================" |
|||
cat ./${CLIENT_PATH}/${CLIENT_CERT_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${CLIENT_PATH}/${CLIENT_CERT_KEY}_chain.pem |
|||
openssl pkcs12 -export -in ./${CLIENT_PATH}/${CLIENT_CERT_KEY}_chain.pem -inkey ./${CLIENT_PATH}/${CLIENT_CERT_KEY}-key.pem -out ./${CLIENT_PATH}/${CLIENT_CERT_KEY}.p12 -name ${CLIENT_CERT_ALIAS} -CAfile ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_ALIAS} -passin pass:${CLIENT_STORE_PWD} -passout pass:${CLIENT_STORE_PWD} |
|||
keytool -importkeystore -deststorepass ${CLIENT_STORE_PWD} -destkeypass ${CLIENT_STORE_PWD} -destkeystore ./${CLIENT_PATH}/${CLIENT_JKS_FOR_TEST}.jks -srckeystore ./${CLIENT_PATH}/${CLIENT_CERT_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${CLIENT_STORE_PWD} -alias ${CLIENT_CERT_ALIAS} |
|||
|
|||
done |
|||
|
|||
#keytool -list -v -keystore ./${CLIENT_PATH}/lwm2mclient.jks -storepass client_ks_password -storetype PKCS12 |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate the root no trust in ${TRUST_NO_PATH} of certificates: \n-${CA_ROOT_CERT_KEY}-key.pem (certificate key)\n-${CA_ROOT_CERT_KEY}.pem (certificate)\n-${CA_ROOT_CERT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl genkey \ |
|||
-initca \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${TRUST_NO_PATH}/${CA_ROOT_CERT_KEY} |
|||
{ |
|||
"CN": "ROOT CA NO TRUST", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
], |
|||
"ca": { |
|||
"expiry": "131400h" |
|||
} |
|||
} |
|||
CONFIG |
|||
|
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_NO_PATH}/${CA_ROOT_CERT_KEY}.pem) |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the intermediates of our no trust in ${TRUST_NO_PATH} certificate: \n-${CA_INTERMEDIATE_CERT_KEY_PREF}?-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY_PREF}?.csr (sign request)" |
|||
echo "====================================================" |
|||
|
|||
CA_INTERMEDIATE_CERT_SIGN=${CA_ROOT_CERT_KEY} |
|||
CA_LIST_CERT_FOR_CAT="" |
|||
CA_INTERMEDIATE_NUMBER=0 |
|||
while [[ ${CA_INTERMEDIATE_NUMBER} -lt ${CA_INTERMEDIATE_FINISH} ]]; |
|||
do |
|||
CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name) |
|||
CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1)) |
|||
|
|||
cfssl gencert \ |
|||
-ca ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \ |
|||
-ca-key ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \ |
|||
-config ./${TRUST_PATH}/ca-root-to-intermediate-config.json \ |
|||
-hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY} |
|||
{ |
|||
"CN": "${CA_INTERMEDIATE_CERT_KEY}_TRUST_NO", |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
] |
|||
} |
|||
CONFIG |
|||
#openssl x509 -in ${CA_INTERMEDIATE_CERT_KEY}.pem -text -noout |
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem) |
|||
CA_INTERMEDIATE_CERT_SIGN=${CA_INTERMEDIATE_CERT_KEY} |
|||
done |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the client no trust of our certificate: \n-${CLIENT_CERT_TRUST_NO_KEY}-key.pem (certificate key)\n-${CLIENT_CERT_TRUST_NO_KEY}.pem (certificate)\n-${CLIENT_CERT_TRUST_NO_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
|
|||
CLIENT_CERT_ALIAS=$(client_alias_name) |
|||
CLIENT_NUMBER=$((${CLIENT_NUMBER} + 1)) |
|||
|
|||
cfssl gencert \ |
|||
-ca ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \ |
|||
-ca-key ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \ |
|||
-config ./${TRUST_PATH}/ca-config.json \ |
|||
-profile client \ |
|||
-hostname "${CLIENT_HOST_NAME}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY} |
|||
{ |
|||
"CN": "${CLIENT_CERT_TRUST_NO_KEY}" |
|||
} |
|||
CONFIG |
|||
|
|||
echo "====================================================" |
|||
echo -e "Add the client certificate no trust (${CLIENT_CERT_TRUST_NO_KEY}.pem) to keystore: ${CLIENT_JKS_FOR_TEST}.jks" |
|||
echo "====================================================" |
|||
cat ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}_chain.pem |
|||
openssl pkcs12 -export -in ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}_chain.pem -inkey ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}-key.pem -out ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.p12 -name ${CLIENT_CERT_ALIAS_TRUST_NO} -CAfile ./${TRUST_NO_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_NO_ALIAS} -passin pass:${CLIENT_STORE_PWD} -passout pass:${CLIENT_STORE_PWD} |
|||
keytool -importkeystore -deststorepass ${CLIENT_STORE_PWD} -destkeypass ${CLIENT_STORE_PWD} -destkeystore ./${CLIENT_PATH}/${CLIENT_JKS_FOR_TEST}.jks -srckeystore ./${CLIENT_PATH}/${CLIENT_CERT_TRUST_NO_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${CLIENT_STORE_PWD} -alias ${CLIENT_CERT_ALIAS_TRUST_NO} |
|||
|
|||
|
|||
|
|||
keytool -list -v -keystore ./${CLIENT_PATH}/lwm2mclient.jks -storepass client_ks_password -storetype PKCS12 |
|||
|
|||
|
|||
rm ./${TRUST_PATH}/*.p12 2> /dev/null |
|||
rm ./${TRUST_PATH}/*.csr 2> /dev/null |
|||
rm ./${TRUST_PATH}/*.json 2> /dev/null |
|||
rm ./${TRUST_PATH}/${CA_ROOT_CERT_KEY}* 2> /dev/null |
|||
rm ./${TRUST_PATH}/${CA_INTERMEDIATE_CERT_KEY_PREF}* 2> /dev/null |
|||
|
|||
rm -rf ${TRUST_NO_PATH} 2> /dev/null |
|||
|
|||
rm ./${CLIENT_PATH}/*.p12 2> /dev/null |
|||
rm ./${CLIENT_PATH}/*.csr 2> /dev/null |
|||
@ -0,0 +1,81 @@ |
|||
#!/usr/bin/env bash |
|||
# |
|||
# Copyright © 2016-2021 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
|
|||
readonly INTERMEDIATE_START=0 |
|||
readonly INTERMEDIATE_FINISH=2 |
|||
readonly CLIENT_START=0 |
|||
readonly CLIENT_FINISH=5 |
|||
|
|||
IS_IHFO=false |
|||
IS_SERVER_CREATED_KEY=true |
|||
IS_TRUST_CLIENT_CREATED_KEY=true |
|||
|
|||
cd -- "$( |
|||
dirname "${0}" |
|||
)" || exit 1 |
|||
|
|||
Help() |
|||
{ |
|||
# Display Help |
|||
echo "Description of the script functions." |
|||
echo |
|||
echo "Syntax: scriptTemplate [-g|h|v|V]" |
|||
echo "options:" |
|||
echo "h Print this Help." |
|||
echo "v Verbose mode." |
|||
echo "V Print software version and exit." |
|||
echo |
|||
} |
|||
|
|||
if [ "$1" == "-h" ] ; then |
|||
echo -e "Usage 1: ./`basename $0` \"Information is not displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\"" |
|||
echo -e "Usage 2: ./`basename $0` true \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are generated\"" |
|||
echo -e "Usage 3: ./`basename $0` true false \"Information is displayed\" : \"Keys for the server are not generated\" : \"Keys for the clients and trusts are generated\"" |
|||
echo -e "Usage 4: ./`basename $0` true false false \"Information is displayed\" : \"Keys for the server are not generated\" : \"Keys for the clients and trusts are not generated\"" |
|||
echo -e "Usage 5: ./`basename $0` true true false \"Information is displayed\" : \"Keys for the server are generated\" : \"Keys for the clients and trusts are not generated\"" |
|||
echo "This Help File: ./`basename $0` -h" |
|||
exit 0 |
|||
fi |
|||
|
|||
if [ -n "$1" ]; then |
|||
IS_IHFO=$1 |
|||
fi |
|||
|
|||
if [ -n "$2" ]; then |
|||
IS_SERVER_CREATED_KEY=$2 |
|||
fi |
|||
|
|||
if [ -n "$3" ]; then |
|||
IS_TRUST_CLIENT_CREATED_KEY=$3 |
|||
fi |
|||
|
|||
if [ "$IS_IHFO" = false ] ; then |
|||
if [ "$IS_SERVER_CREATED_KEY" = true ] ; then |
|||
./lwm2m_cfssl_chain_server_for_test.sh > /dev/null 2>&1 & |
|||
fi |
|||
if [ "$IS_TRUST_CLIENT_CREATED_KEY" = true ] ; then |
|||
./lwM2M_cfssl_chain_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} > /dev/null 2>&1 & |
|||
fi |
|||
else |
|||
if [ "$IS_SERVER_CREATED_KEY" = true ] ; then |
|||
./lwm2m_cfssl_chain_server_for_test.sh |
|||
fi |
|||
if [ "$IS_TRUST_CLIENT_CREATED_KEY" = true ] ; then |
|||
./lwM2M_cfssl_chain_clients_for_test.sh ${INTERMEDIATE_START} ${INTERMEDIATE_FINISH} ${CLIENT_START} ${CLIENT_FINISH} |
|||
fi |
|||
fi |
|||
@ -0,0 +1,314 @@ |
|||
#!/usr/bin/env bash |
|||
# |
|||
# Copyright © 2016-2021 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
|
|||
# REF: https://github.com/cloudflare/cfssl |
|||
|
|||
# Change working directory |
|||
cd -- "$( |
|||
dirname "${0}" |
|||
)" || exit 1 |
|||
|
|||
readonly CA_ROOT_CERT_KEY="ca-root" |
|||
readonly CA_ROOT_ALIAS="root" |
|||
readonly CA_INTERMEDIATE_CERT_KEY_PREF="intermediate_ca" |
|||
CA_INTERMEDIATE_NUMBER=0 |
|||
CA_LIST_CERT_FOR_CAT="" |
|||
|
|||
readonly CF_COMMANDS=" |
|||
cfssl |
|||
cfssljson |
|||
" |
|||
|
|||
readonly SERVER_JKS_FOR_TEST="lwm2mserver" |
|||
readonly STORE_PASS_PWD="server_ks_password" |
|||
readonly SERVER_PATH="Server" |
|||
readonly SERVER_CERT_KEY="lwm2mserver" |
|||
readonly SERVER_CERT_CHAIN="lwm2mserver_chain" |
|||
readonly SERVER_CERT_ALIAS="server" |
|||
readonly BS_SERVER_CERT_KEY="lwm2mserverbs" |
|||
readonly BS_SERVER_CERT_CHAIN="lwm2mserverbs_chain" |
|||
readonly BS_SERVER_CERT_ALIAS="bootstrap" |
|||
|
|||
SERVER_HOST_NAME="localhost.localdomain" |
|||
SERVER_LOCAL_HOST_NAME="localhost" |
|||
SERVER_PUBLIC_HOST_NAMES="-" |
|||
|
|||
intermediate_common_name() { |
|||
echo "${CA_INTERMEDIATE_CERT_KEY_PREF}${CA_INTERMEDIATE_NUMBER}" |
|||
} |
|||
|
|||
set_list_sert_for_cat() { |
|||
local first="$1" |
|||
echo "$first ${CA_LIST_CERT_FOR_CAT}" |
|||
} |
|||
|
|||
|
|||
# Change working directory |
|||
rm -rf ${SERVER_PATH} |
|||
mkdir -p ${SERVER_PATH} |
|||
|
|||
cd -- "$( |
|||
dirname ./${SERVER_PATH} |
|||
)" || exit 1 |
|||
|
|||
|
|||
rm *.csr |
|||
rm *.p12 |
|||
rm *.json |
|||
rm *.pem |
|||
rm *.jks |
|||
|
|||
CA_INTERMEDIATE_CERT_SIGN=${CA_ROOT_CERT_KEY} |
|||
CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name) |
|||
CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1)) |
|||
CA_LIST_CERT_FOR_CAT="" |
|||
|
|||
for COMMAND in ${CF_COMMANDS}; do |
|||
if ! command -v ${COMMAND} &> /dev/null; then |
|||
echo "ERROR: Missing command ${COMMAND}" >&2 |
|||
echo "Install the package from: https://pkg.cfssl.org/" >&2 |
|||
exit 1 |
|||
fi |
|||
done |
|||
|
|||
tee ./${SERVER_PATH}/ca-config.json 1> /dev/null <<-CONFIG |
|||
{ |
|||
"signing": { |
|||
"default": { |
|||
"expiry": "8760h", |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
] |
|||
}, |
|||
"profiles": { |
|||
"server": { |
|||
"expiry": "43800h", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"signing", |
|||
"key encipherment", |
|||
"server auth" |
|||
] |
|||
}, |
|||
"client": { |
|||
"expiry": "43800h", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"signing", |
|||
"key encipherment", |
|||
"client auth" |
|||
] |
|||
}, |
|||
"client-server": { |
|||
"expiry": "43800h", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"signing", |
|||
"key encipherment", |
|||
"server auth", |
|||
"client auth" |
|||
] |
|||
} |
|||
} |
|||
} |
|||
} |
|||
CONFIG |
|||
|
|||
tee ./${SERVER_PATH}/ca-root-to-intermediate-config.json 1> /dev/null <<-CONFIG |
|||
{ |
|||
"signing": { |
|||
"default": { |
|||
"expiry": "43800h", |
|||
"ca_constraint": { |
|||
"is_ca": true, |
|||
"max_path_len": 0, |
|||
"max_path_len_zero": true |
|||
}, |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"usages": [ |
|||
"digital signature", |
|||
"cert sign", |
|||
"crl sign", |
|||
"signing" |
|||
] |
|||
} |
|||
} |
|||
} |
|||
CONFIG |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate the root of certificates: \n-${CA_ROOT_KEY}-key.pem (certificate key)\n-${CA_ROOT_KEY}.pem (certificate)\n-${CA_ROOT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl genkey \ |
|||
-initca \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${CA_ROOT_CERT_KEY} |
|||
{ |
|||
"CN": "ROOT CA for servers", |
|||
"key": { |
|||
"algo": "ecdsa", |
|||
"size": 256 |
|||
}, |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
], |
|||
"ca": { |
|||
"expiry": "131400h" |
|||
} |
|||
} |
|||
CONFIG |
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${SERVER_PATH}/${CA_ROOT_CERT_KEY}.pem) |
|||
|
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the first intermediates of our certificates: \n-${CA_INTERMEDIATE_CERT_KEY}-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY}.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl gencert \ |
|||
-ca ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \ |
|||
-ca-key ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \ |
|||
-config ./${SERVER_PATH}/ca-root-to-intermediate-config.json \ |
|||
-hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY} |
|||
{ |
|||
"CN": "${CA_INTERMEDIATE_CERT_KEY}", |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
] |
|||
} |
|||
CONFIG |
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem) |
|||
|
|||
|
|||
## Lwm2m Server certificate |
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the server certificate: \n-${SERVER_CERT_KEY}-key.pem (certificate key)\n-${SERVER_CERT_KEY}.pem (certificate)\n-${SERVER_CERT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl gencert \ |
|||
-ca ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \ |
|||
-ca-key ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \ |
|||
-config ./${SERVER_PATH}/ca-config.json \ |
|||
-profile server \ |
|||
-hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${SERVER_CERT_KEY} |
|||
{ |
|||
"CN": "${SERVER_LOCAL_HOST_NAME}" |
|||
} |
|||
CONFIG |
|||
|
|||
echo "====================================================" |
|||
echo -e "Add the server certificate (${SERVER_CERT_KEY}.pem) to keystore: ${SERVER_JKS_FOR_TEST}.jks" |
|||
echo "====================================================" |
|||
cat ./${SERVER_PATH}/${SERVER_CERT_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${SERVER_PATH}/${SERVER_CERT_CHAIN}.pem |
|||
openssl pkcs12 -export -in ./${SERVER_PATH}/${SERVER_CERT_CHAIN}.pem -inkey ./${SERVER_PATH}/${SERVER_CERT_KEY}-key.pem -out ./${SERVER_PATH}/${SERVER_CERT_KEY}.p12 -name ${SERVER_CERT_ALIAS} -CAfile ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_ALIAS} -passin pass:${STORE_PASS_PWD} -passout pass:${STORE_PASS_PWD} |
|||
keytool -importkeystore -deststorepass ${STORE_PASS_PWD} -destkeypass ${STORE_PASS_PWD} -destkeystore ./${SERVER_PATH}/${SERVER_JKS_FOR_TEST}.jks -srckeystore ./${SERVER_PATH}/${SERVER_CERT_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${STORE_PASS_PWD} -alias ${SERVER_CERT_ALIAS} |
|||
|
|||
|
|||
CA_INTERMEDIATE_CERT_SIGN=${CA_INTERMEDIATE_CERT_KEY} |
|||
CA_INTERMEDIATE_CERT_KEY=$(intermediate_common_name) |
|||
CA_INTERMEDIATE_NUMBER=$((${CA_INTERMEDIATE_NUMBER} + 1)) |
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the second intermediates of our certificates: \n-${CA_INTERMEDIATE_CERT_KEY}-key.pem (certificate key)\n-${CA_INTERMEDIATE_CERT_KEY}.pem (certificate)\n-${CA_INTERMEDIATE_CERT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl gencert \ |
|||
-ca ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_SIGN}.pem \ |
|||
-ca-key ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_SIGN}-key.pem \ |
|||
-config ./${SERVER_PATH}/ca-root-to-intermediate-config.json \ |
|||
-hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY} |
|||
{ |
|||
"CN": "${CA_INTERMEDIATE_CERT_KEY}", |
|||
"names": [ |
|||
{ |
|||
"C": "UK", |
|||
"ST": "Kyiv city", |
|||
"L": "Kyiv", |
|||
"O": "Thingsboard", |
|||
"OU": "DEVELOPER_TEST" |
|||
} |
|||
] |
|||
} |
|||
CONFIG |
|||
CA_LIST_CERT_FOR_CAT=$(set_list_sert_for_cat ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem) |
|||
|
|||
## Bootstrap server certificate |
|||
echo "====================================================" |
|||
echo -e "Generate and Signed the server certificate: \n-${BS_SERVER_CERT_KEY}-key.pem (certificate key)\n-${BS_SERVER_CERT_KEY}.pem (certificate)\n-${BS_SERVER_CERT_KEY}.csr (sign request)" |
|||
echo "====================================================" |
|||
cfssl gencert \ |
|||
-ca ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem \ |
|||
-ca-key ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}-key.pem \ |
|||
-config ./${SERVER_PATH}/ca-config.json \ |
|||
-profile server \ |
|||
-hostname "${SERVER_HOST_NAME},${SERVER_LOCAL_HOST_NAME}${SERVER_PUBLIC_HOST_NAMES:+, }${SERVER_PUBLIC_HOST_NAMES}" \ |
|||
- \ |
|||
<<-CONFIG | cfssljson -bare ./${SERVER_PATH}/${BS_SERVER_CERT_KEY} |
|||
{ |
|||
"CN": "${SERVER_LOCAL_HOST_NAME}" |
|||
} |
|||
CONFIG |
|||
|
|||
echo "====================================================" |
|||
echo -e "Add the Bootstrap server certificate (${BS_SERVER_CERT_KEY}.pem) to keystore: ${SERVER_JKS_FOR_TEST}.jks" |
|||
echo "====================================================" |
|||
cat ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}.pem ${CA_LIST_CERT_FOR_CAT} > ./${SERVER_PATH}/${BS_SERVER_CERT_CHAIN}.pem |
|||
openssl pkcs12 -export -in ./${SERVER_PATH}/${BS_SERVER_CERT_CHAIN}.pem -inkey ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}-key.pem -out ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}.p12 -name ${BS_SERVER_CERT_ALIAS} -CAfile ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY}.pem -caname ${CA_ROOT_ALIAS} -passin pass:${STORE_PASS_PWD} -passout pass:${STORE_PASS_PWD} |
|||
keytool -importkeystore -deststorepass ${STORE_PASS_PWD} -destkeypass ${STORE_PASS_PWD} -destkeystore ./${SERVER_PATH}/${SERVER_JKS_FOR_TEST}.jks -srckeystore ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}.p12 -srcstoretype PKCS12 -srcstorepass ${STORE_PASS_PWD} -alias ${BS_SERVER_CERT_ALIAS} |
|||
|
|||
|
|||
keytool -list -v -keystore ./${SERVER_PATH}/lwm2mserver.jks -storepass server_ks_password -storetype PKCS12 |
|||
|
|||
rm ./${SERVER_PATH}/*.p12 2> /dev/null |
|||
rm ./${SERVER_PATH}/*.csr 2> /dev/null |
|||
rm ./${SERVER_PATH}/*.json 2> /dev/null |
|||
rm ./${SERVER_PATH}/${CA_INTERMEDIATE_CERT_KEY_PREF}* 2> /dev/null |
|||
rm ./${SERVER_PATH}/${CA_ROOT_CERT_KEY}* 2> /dev/null |
|||
mv ./${SERVER_PATH}/${SERVER_CERT_KEY}-key.pem ./${SERVER_PATH}/${SERVER_CERT_KEY}_key.pem |
|||
mv ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}-key.pem ./${SERVER_PATH}/${BS_SERVER_CERT_KEY}_key.pem |
|||
|
|||
@ -1,360 +0,0 @@ |
|||
#!/bin/sh |
|||
# |
|||
# Copyright © 2016-2021 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
#/home/nick/Igor_project/Thingsboard_Perfrmance_test/performance-tests/src/main/resources/credentials/shell/lwM2M_credentials.sh -p LwX509 -s 0 -f 2000 -a client_alias_ -e client_self_signed_ -b bootstrap -d server -j serverKeyStore.jks -k clientKeyStore.jks -c client_ks_password -w server_ks_password |
|||
|
|||
#p) CLIENT_CN=$CLIENT_PREFIX00000000 |
|||
#s) client_start=0 |
|||
#f) client_finish=1 |
|||
#a) CLIENT_ALIAS=CLIENT_ALIAS_PREFIX_00000000 |
|||
#e) CLIENT_SELF_ALIAS=CLIENT_SELF_ALIAS_PREFIX_00000000 |
|||
#b) BOOTSTRAP_ALIAS=bootstrap |
|||
#d) SERVER_ALIAS=server |
|||
#j) SERVER_STORE=serverKeyStore.jks |
|||
#k) CLIENT_STORE=clientKeyStore.jks |
|||
#c) CLIENT_STORE_PWD=client_ks_password |
|||
#w) SERVER_STORE_PWD=server_ks_password |
|||
#l) ROOT_KEY_ALIAS=root_key_alias |
|||
|
|||
while getopts p:s:f:a:e:b:d:j:k:c:w:l: flag; do |
|||
case "${flag}" in |
|||
p) client_pref=${OPTARG} ;; |
|||
s) client_start=${OPTARG} ;; |
|||
f) client_finish=${OPTARG} ;; |
|||
a) client_alias_pref=${OPTARG} ;; |
|||
e) client_self_alias_pref=${OPTARG} ;; |
|||
b) bootstrap_alias=${OPTARG} ;; |
|||
d) server_alias=${OPTARG} ;; |
|||
j) key_store_server_file=${OPTARG} ;; |
|||
k) key_store_client_file=${OPTARG} ;; |
|||
c) client_key_store_pwd=${OPTARG} ;; |
|||
w) server_key_store_pwd=${OPTARG} ;; |
|||
w) root_key_alias=${OPTARG} ;; |
|||
esac |
|||
done |
|||
|
|||
# cd to dir of script |
|||
script_dir=$(dirname $0) |
|||
echo "script_dir: $script_dir" |
|||
cd $script_dir |
|||
# source the properties: |
|||
. ./lwM2M_keygen.properties |
|||
|
|||
if [ -n "$client_pref" ]; then |
|||
CLIENT_PREFIX=$client_pref |
|||
fi |
|||
|
|||
if [ -z "$client_start" ]; then |
|||
client_start=0 |
|||
fi |
|||
|
|||
if [ -z "$client_finish" ]; then |
|||
client_finish=1 |
|||
fi |
|||
|
|||
if [ -n "$client_alias_pref" ]; then |
|||
CLIENT_ALIAS_PREFIX=$client_alias_pref |
|||
fi |
|||
|
|||
if [ -n "$client_self_alias_pref" ]; then |
|||
CLIENT_SELF_ALIAS_PREFIX=$client_self_alias_pref |
|||
fi |
|||
|
|||
if [ -n "$bootstrap_alias" ]; then |
|||
BOOTSTRAP_ALIAS=$bootstrap_alias |
|||
fi |
|||
|
|||
if [ -n "$server_alias" ]; then |
|||
SERVER_ALIAS=$server_alias |
|||
fi |
|||
|
|||
if [ -n "$key_store_server_file" ]; then |
|||
SERVER_STORE=$key_store_server_file |
|||
fi |
|||
|
|||
if [ -n "$key_store_client_file" ]; then |
|||
CLIENT_STORE=$key_store_client_file |
|||
fi |
|||
|
|||
if [ -n "$client_key_store_pwd" ]; then |
|||
CLIENT_STORE_PWD=$client_key_store_pwd |
|||
fi |
|||
|
|||
if [ -n "$server_key_store_pwd" ]; then |
|||
SERVER_STORE_PWD=$server_key_store_pwd |
|||
fi |
|||
|
|||
if [ -n "$root_key_alias" ]; then |
|||
ROOT_KEY_ALIAS=$root_key_alias |
|||
fi |
|||
|
|||
CLIENT_NUMBER=$client_start |
|||
|
|||
echo "==Start==" |
|||
echo "CLIENT_PREFIX: $CLIENT_PREFIX" |
|||
echo "client_start: $client_start" |
|||
echo "client_finish: $client_finish" |
|||
echo "CLIENT_ALIAS_PREFIX: $CLIENT_ALIAS_PREFIX" |
|||
echo "CLIENT_SELF_ALIAS_PREFIX: $CLIENT_SELF_ALIAS_PREFIX" |
|||
echo "BOOTSTRAP_ALIAS: $BOOTSTRAP_ALIAS" |
|||
echo "SERVER_ALIAS: $SERVER_ALIAS" |
|||
echo "SERVER_STORE: $SERVER_STORE" |
|||
echo "CLIENT_STORE: $CLIENT_STORE" |
|||
echo "CLIENT_STORE_PWD: $CLIENT_STORE_PWD" |
|||
echo "SERVER_STORE_PWD: $SERVER_STORE_PWD" |
|||
echo "CLIENT_NUMBER: $CLIENT_NUMBER" |
|||
echo "ROOT_KEY_ALIAS: $ROOT_KEY_ALIAS" |
|||
|
|||
end_point() { |
|||
echo "$CLIENT_PREFIX$(printf "%08d" $CLIENT_NUMBER)" |
|||
} |
|||
|
|||
client_alias_point() { |
|||
echo "$CLIENT_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)" |
|||
} |
|||
|
|||
client_self_alias_point() { |
|||
echo "$CLIENT_SELF_ALIAS_PREFIX$(printf "%08d" $CLIENT_NUMBER)" |
|||
} |
|||
|
|||
# Generation of the keystore. |
|||
echo "${H0}====START========${RESET}" |
|||
echo "${H1}Server Keystore : ${RESET}" |
|||
echo "${H1}==================${RESET}" |
|||
echo "${H2}Creating the trusted root CA key and certificate...${RESET}" |
|||
# -keysize |
|||
# 1024 (when using -genkeypair) |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$ROOT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $SERVER_STORE_PWD \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
|
|||
echo |
|||
echo "${H2}Creating server key and self-signed certificate ...${RESET}" |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $SERVER_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$SERVER_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $SERVER_STORE_PWD \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $SERVER_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $SERVER_SELF_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-noprompt |
|||
|
|||
echo |
|||
echo "${H2}Creating server certificate signed by root CA...${RESET}" |
|||
keytool \ |
|||
-certreq \ |
|||
-alias $SERVER_ALIAS \ |
|||
-dname "CN=$SERVER_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-gencert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-storetype $STORETYPE \ |
|||
-validity $VALIDITY | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $SERVER_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
|
|||
echo |
|||
echo "${H2}Creating bootstrap key and self-signed certificate ...${RESET}" |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$BOOTSTRAP_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $SERVER_STORE_PWD \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $BOOTSTRAP_SELF_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-noprompt |
|||
|
|||
echo |
|||
echo "${H2}Creating bootstrap certificate signed by root CA...${RESET}" |
|||
keytool \ |
|||
-certreq \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-dname "CN=$BOOTSTRAP_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-gencert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-storetype $STORETYPE \ |
|||
-validity $VALIDITY | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $BOOTSTRAP_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD |
|||
|
|||
if [ "$client_start" -lt "$client_finish" ]; then |
|||
echo |
|||
echo "${H2}Import root certificate just to be able to import need by root CA with expected CN to $CLIENT_STORE${RESET}" |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD \ |
|||
-noprompt |
|||
fi |
|||
|
|||
cert_end_point() { |
|||
echo |
|||
echo "${H1}Client Keystore : ${RESET}" |
|||
echo "${H1}==================${RESET}" |
|||
echo "${H2}Creating client key and self-signed certificate with expected CN CLIENT_ALIAS: $CLIENT_ALIAS${RESET}" |
|||
keytool \ |
|||
-genkeypair \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-keyalg EC \ |
|||
-dname "CN=$CLIENT_SELF_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-validity $VALIDITY \ |
|||
-storetype $STORETYPE \ |
|||
-keypass $CLIENT_STORE_PWD \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD |
|||
keytool \ |
|||
-exportcert \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $CLIENT_SELF_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD \ |
|||
-noprompt |
|||
# |
|||
# echo |
|||
# echo "${H2}Import root certificate just to be able to import ned by root CA with expected CN...${RESET}" |
|||
# keytool \ |
|||
# -exportcert \ |
|||
# -alias $ROOT_KEY_ALIAS \ |
|||
# -keystore $SERVER_STORE \ |
|||
# -storepass $SERVER_STORE_PWD | |
|||
# keytool \ |
|||
# -importcert \ |
|||
# -alias $ROOT_KEY_ALIAS \ |
|||
# -keystore $CLIENT_STORE \ |
|||
# -storepass $CLIENT_STORE_PWD \ |
|||
# -noprompt |
|||
# |
|||
|
|||
echo |
|||
echo "${H2}Creating client certificate signed by root CA with expected CN CLIENT_ALIAS: $CLIENT_ALIAS CLIENT_CN: $CLIENT_CN${RESET}" |
|||
keytool \ |
|||
-certreq \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-dname "CN=$CLIENT_CN, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE" \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD | |
|||
keytool \ |
|||
-gencert \ |
|||
-alias $ROOT_KEY_ALIAS \ |
|||
-keystore $SERVER_STORE \ |
|||
-storepass $SERVER_STORE_PWD \ |
|||
-storetype $STORETYPE \ |
|||
-validity $VALIDITY | |
|||
keytool \ |
|||
-importcert \ |
|||
-alias $CLIENT_ALIAS \ |
|||
-keystore $CLIENT_STORE \ |
|||
-storepass $CLIENT_STORE_PWD \ |
|||
-noprompt |
|||
} |
|||
|
|||
if [ "$client_start" -lt "$client_finish" ]; then |
|||
|
|||
echo |
|||
echo "==Start Client==" |
|||
while [ "$CLIENT_NUMBER" -lt "$client_finish" ]; do |
|||
echo "number $CLIENT_NUMBER" |
|||
echo "finish $client_finish" |
|||
CLIENT_CN=$(end_point) |
|||
CLIENT_ALIAS=$(client_alias_point) |
|||
CLIENT_SELF_ALIAS=$(client_self_alias_point) |
|||
echo "CLIENT_CN $CLIENT_CN" |
|||
echo "CLIENT_ALIAS $CLIENT_ALIAS" |
|||
echo "CLIENT_SELF_ALIAS $CLIENT_SELF_ALIAS" |
|||
cert_end_point |
|||
CLIENT_NUMBER=$(($CLIENT_NUMBER + 1)) |
|||
echo |
|||
done |
|||
fi |
|||
|
|||
echo |
|||
echo "${H0}!!! Warning ${H2}Migrate ${H1}${SERVER_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}" |
|||
keytool \ |
|||
-importkeystore \ |
|||
-srckeystore $SERVER_STORE \ |
|||
-destkeystore $SERVER_STORE \ |
|||
-deststoretype pkcs12 \ |
|||
-srcstorepass $SERVER_STORE_PWD |
|||
|
|||
if [ "$client_start" -lt "$client_finish" ]; then |
|||
echo |
|||
echo "${H0}!!! Warning ${H2}Migrate ${H1}${CLIENT_STORE} ${H2}to ${H1}PKCS12 ${H2}which is an industry standard format..${RESET}" |
|||
keytool \ |
|||
-importkeystore \ |
|||
-srckeystore $CLIENT_STORE \ |
|||
-destkeystore $CLIENT_STORE \ |
|||
-deststoretype pkcs12 \ |
|||
-srcstorepass $CLIENT_STORE_PWD |
|||
fi |
|||
@ -1,57 +0,0 @@ |
|||
# |
|||
# Copyright © 2016-2017 The Thingsboard Authors |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
# |
|||
|
|||
# Keystore common parameters |
|||
ROOT_KEY_ALIAS=rootCA |
|||
DOMAIN_SUFFIX="$(hostname)" |
|||
ROOT_CN="$DOMAIN_SUFFIX $ROOT_KEY_ALIAS" |
|||
ORGANIZATIONAL_UNIT=Thingsboard |
|||
ORGANIZATION=Thingsboard |
|||
CITY=SF |
|||
STATE_OR_PROVINCE=CA |
|||
TWO_LETTER_COUNTRY_CODE=US |
|||
VALIDITY=36500 #days |
|||
STORETYPE="JKS" |
|||
|
|||
#Server |
|||
SERVER_STORE=serverKeyStore1.jks |
|||
SERVER_STORE_PWD=server_ks_password1 |
|||
SERVER_ALIAS=server1 |
|||
SERVER_CN="$DOMAIN_SUFFIX server LwM2M signed by root CA" |
|||
SERVER_SELF_ALIAS=server_self_signed |
|||
SERVER_SELF_CN="$DOMAIN_SUFFIX server LwM2M self-signed" |
|||
BOOTSTRAP_ALIAS=bootstrap1 |
|||
BOOTSTRAP_CN="$DOMAIN_SUFFIX bootstrap server LwM2M signed by root CA" |
|||
BOOTSTRAP_SELF_ALIAS=bootstrap_self_signed |
|||
BOOTSTRAP_SELF_CN="$DOMAIN_SUFFIX bootstrap server LwM2M self-signed" |
|||
|
|||
# Client |
|||
CLIENT_STORE=clientKeyStore1.jks |
|||
CLIENT_STORE_PWD=client_ks_password1 |
|||
CLIENT_ALIAS_PREFIX=client_alias_1 |
|||
CLIENT_PREFIX=LwX509___ |
|||
CLIENT_SELF_ALIAS_PREFIX=client_self_signed_1 |
|||
CLIENT_SELF_CN="$DOMAIN_SUFFIX client LwM2M self-signed" |
|||
|
|||
# Color output stuff |
|||
red=`tput setaf 1` |
|||
green=`tput setaf 2` |
|||
blue=`tput setaf 4` |
|||
bold=`tput bold` |
|||
H0=${red}${bold} |
|||
H1=${green}${bold} |
|||
H2=${blue} |
|||
RESET=`tput sgr0` |
|||
Binary file not shown.
Loading…
Reference in new issue