dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SSL (RSA) *.keygen.sh tool upgraded. Added PKCS8 pem format. Tested and fixed keygen.properties to run with no warning. Removed 'mqtt' prefix from output files to fix confusion when applying keys for other protocols.

Browse Source
This commit is contained in:
Sergey Matvienko 2021-03-12 19:48:02 +02:00 committed by Andrew Shvayka
parent c5c8fbd3f7
commit 3f72bc4b54
3 changed files with 53 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
tools/src/main/shell/client.keygen.sh
View File

@ -44,7 +44,8 @@ done
. $PROPERTIES_FILE . $PROPERTIES_FILE
if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f $CLIENT_FILE_PREFIX.nopass.pem ] || [ -f $CLIENT_FILE_PREFIX.pem ] || [ -f $CLIENT_FILE_PREFIX.p12 ]; if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f $CLIENT_FILE_PREFIX.nopass.pem ] || \
[ -f $CLIENT_FILE_PREFIX.pem ] || [ -f $CLIENT_FILE_PREFIX.p12 ] || [ -f $CLIENT_FILE_PREFIX.pk8.pem ];
then then
while : while :
do do
@ -62,6 +63,7 @@ while :
rm -rf $CLIENT_FILE_PREFIX.nopass.pem rm -rf $CLIENT_FILE_PREFIX.nopass.pem
rm -rf $CLIENT_FILE_PREFIX.pem rm -rf $CLIENT_FILE_PREFIX.pem
rm -rf $CLIENT_FILE_PREFIX.p12 rm -rf $CLIENT_FILE_PREFIX.p12
rm -rf $CLIENT_FILE_PREFIX.pk8.pem
break; break;
;; ;;
*) echo "Please reply 'yes' or 'no'" *) echo "Please reply 'yes' or 'no'"
@ -84,6 +86,8 @@ if [ -z "$OPENSSL_CMD" ]; then
exit 0 exit 0
fi fi
echo "INFO: your hostname is $(hostname)"
echo "INFO: your CN (domain suffix) for key is $DOMAIN_SUFFIX"
echo "Generating SSL Key Pair..." echo "Generating SSL Key Pair..."
keytool -genkeypair -v \ keytool -genkeypair -v \
@ -112,7 +116,15 @@ echo "Converting pkcs12 to pem"
openssl pkcs12 -in $CLIENT_FILE_PREFIX.p12 \ openssl pkcs12 -in $CLIENT_FILE_PREFIX.p12 \
-out $CLIENT_FILE_PREFIX.pem \ -out $CLIENT_FILE_PREFIX.pem \
-passin pass:$CLIENT_KEY_PASSWORD \ -passin pass:$CLIENT_KEY_PASSWORD \
-passout pass:$CLIENT_KEY_PASSWORD \ -passout pass:$CLIENT_KEY_PASSWORD
echo "Converting pem to pkcs8"
openssl pkcs8 \
-topk8 \
-nocrypt \
-in $CLIENT_FILE_PREFIX.pem \
-out $CLIENT_FILE_PREFIX.pk8.pem \
-passin pass:$CLIENT_KEY_PASSWORD
echo "Importing server public key to $CLIENT_FILE_PREFIX.jks" echo "Importing server public key to $CLIENT_FILE_PREFIX.jks"
keytool --importcert \ keytool --importcert \

12
tools/src/main/shell/keygen.properties
View File

@ -1,5 +1,5 @@
# #
# Copyright © 2016-2017 The Thingsboard Authors # Copyright © 2016-2021 The Thingsboard Authors
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -18,15 +18,15 @@ DOMAIN_SUFFIX="$(hostname)"
SUBJECT_ALTERNATIVE_NAMES="ip:127.0.0.1" SUBJECT_ALTERNATIVE_NAMES="ip:127.0.0.1"
ORGANIZATIONAL_UNIT=Thingsboard ORGANIZATIONAL_UNIT=Thingsboard
ORGANIZATION=Thingsboard ORGANIZATION=Thingsboard
CITY=SF CITY="San Francisco"
STATE_OR_PROVINCE=CA STATE_OR_PROVINCE=CA
TWO_LETTER_COUNTRY_CODE=US TWO_LETTER_COUNTRY_CODE=US
SERVER_KEYSTORE_PASSWORD=server_ks_password SERVER_KEYSTORE_PASSWORD=password
SERVER_KEY_PASSWORD=server_key_password SERVER_KEY_PASSWORD=password
SERVER_KEY_ALIAS="serveralias" SERVER_KEY_ALIAS="serveralias"
SERVER_FILE_PREFIX="mqttserver" SERVER_FILE_PREFIX="server"
SERVER_KEY_ALG="RSA" SERVER_KEY_ALG="RSA"
SERVER_KEY_SIZE="2048" SERVER_KEY_SIZE="2048"
SERVER_KEYSTORE_DIR="/etc/thingsboard/conf" SERVER_KEYSTORE_DIR="/etc/thingsboard/conf"
@ -35,6 +35,6 @@ CLIENT_KEYSTORE_PASSWORD=password
CLIENT_KEY_PASSWORD=password CLIENT_KEY_PASSWORD=password
CLIENT_KEY_ALIAS="clientalias" CLIENT_KEY_ALIAS="clientalias"
CLIENT_FILE_PREFIX="mqttclient" CLIENT_FILE_PREFIX="client"
CLIENT_KEY_ALG="RSA" CLIENT_KEY_ALG="RSA"
CLIENT_KEY_SIZE="2048" CLIENT_KEY_SIZE="2048"

34
tools/src/main/shell/server.keygen.sh
View File

@ -60,7 +60,8 @@ fi
. $PROPERTIES_FILE . $PROPERTIES_FILE
if [ -f $SERVER_FILE_PREFIX.jks ] || [ -f $SERVER_FILE_PREFIX.cer ] || [ -f $SERVER_FILE_PREFIX.pub.pem ] || [ -f $SERVER_FILE_PREFIX.pub.der ]; if [ -f $SERVER_FILE_PREFIX.jks ] || [ -f $SERVER_FILE_PREFIX.cer ] || [ -f $SERVER_FILE_PREFIX.pub.pem ] || \
[ -f $SERVER_FILE_PREFIX.p12 ] || [ -f $SERVER_FILE_PREFIX.pem ] || [ -f $SERVER_FILE_PREFIX.pk8.pem ] ;
then then
while : while :
do do
@ -76,6 +77,9 @@ while :
rm -rf $SERVER_FILE_PREFIX.jks rm -rf $SERVER_FILE_PREFIX.jks
rm -rf $SERVER_FILE_PREFIX.pub.pem rm -rf $SERVER_FILE_PREFIX.pub.pem
rm -rf $SERVER_FILE_PREFIX.cer rm -rf $SERVER_FILE_PREFIX.cer
rm -rf $SERVER_FILE_PREFIX.p12
rm -rf $SERVER_FILE_PREFIX.pem
rm -rf $SERVER_FILE_PREFIX.pk8.pem
break; break;
;; ;;
*) echo "Please reply 'yes' or 'no'" *) echo "Please reply 'yes' or 'no'"
@ -84,6 +88,8 @@ while :
done done
fi fi
echo "INFO: your hostname is $(hostname)"
echo "INFO: your CN (domain suffix) for key is $DOMAIN_SUFFIX"
echo "Generating SSL Key Pair..." echo "Generating SSL Key Pair..."
EXT="" EXT=""
@ -121,6 +127,32 @@ keytool -export \
-storepass $SERVER_KEYSTORE_PASSWORD \ -storepass $SERVER_KEYSTORE_PASSWORD \
-keypass $SERVER_KEY_PASSWORD -keypass $SERVER_KEY_PASSWORD
echo "Converting keystore to pkcs12"
keytool -importkeystore \
-srckeystore $SERVER_FILE_PREFIX.jks \
-destkeystore $SERVER_FILE_PREFIX.p12 \
-srcalias $SERVER_KEY_ALIAS \
-srcstoretype jks \
-deststoretype pkcs12 \
-srcstorepass $SERVER_KEYSTORE_PASSWORD \
-deststorepass $SERVER_KEY_PASSWORD \
-srckeypass $SERVER_KEY_PASSWORD \
-destkeypass $SERVER_KEY_PASSWORD
echo "Converting pkcs12 to pem"
openssl pkcs12 -in $SERVER_FILE_PREFIX.p12 \
-out $SERVER_FILE_PREFIX.pem \
-passin pass:$SERVER_KEY_PASSWORD \
-passout pass:$SERVER_KEY_PASSWORD
echo "Converting pem to pkcs8"
openssl pkcs8 \
-topk8 \
-nocrypt \
-in $SERVER_FILE_PREFIX.pem \
-out $SERVER_FILE_PREFIX.pk8.pem \
-passin pass:$SERVER_KEY_PASSWORD
status=$? status=$?
if [[ $status != 0 ]]; then if [[ $status != 0 ]]; then
exit $status; exit $status;