Add config params for server and client key algs

This change adds new parameters to keygen.properties to allow the
configuration of the server and client TLS key algorithms:

SERVER_KEY_ALG, SERVER_KEY_SIZE, CLIENT_KEY_ALG, CLIENT_KEY_SIZE

Default values for these have been set at RSA and 2048 to preserve
previous operation.

I have also tested SERVER_KEY_ALG=EC and SERVER_KEY_SIZE=256, along with
CLIENT_KEY_ALG=EC and CLIENT_KEY_SIZE=256. Other algorithms and sizes
may be supported, YMMV.

tools/src/main/shell/client.keygen.sh

@@ -16,7 +16,7 @@
 #
 
 usage() {
-    echo "This script generates client public/private rey pair, extracts them to a no-password RSA pem file,"
+    echo "This script generates client public/private key pair, extracts them to a no-password pem file,"
     echo "and imports server public key to client keystore"
     echo "usage: ./client.keygen.sh [-p file]"
     echo "    -p | --props | --properties file  Properties file. default value is ./keygen.properties"
@@ -70,6 +70,20 @@ while :
     done
 fi
 
+OPENSSL_CMD=""
+case $CLIENT_KEY_ALG in
+RSA)
+	OPENSSL_CMD="rsa"
+	;;
+EC)
+	OPENSSL_CMD="ec"
+	;;
+esac
+if [ -z "$OPENSSL_CMD" ]; then
+	echo "Unexpected CLIENT_KEY_ALG. Exiting."
+	exit 0
+fi
+
 echo "Generating SSL Key Pair..."
 
 keytool -genkeypair -v \
@@ -77,8 +91,8 @@ keytool -genkeypair -v \
   -keystore $CLIENT_FILE_PREFIX.jks \
   -keypass $CLIENT_KEY_PASSWORD \
   -storepass $CLIENT_KEYSTORE_PASSWORD \
-  -keyalg RSA \
+  -keyalg $CLIENT_KEY_ALG \
-  -keysize 2048 \
+  -keysize $CLIENT_KEY_SIZE\
   -validity 9999 \
   -dname "CN=$DOMAIN_SUFFIX, OU=$ORGANIZATIONAL_UNIT, O=$ORGANIZATION, L=$CITY, ST=$STATE_OR_PROVINCE, C=$TWO_LETTER_COUNTRY_CODE"
 
@@ -110,7 +124,7 @@ keytool --importcert \
    -noprompt
 
 echo "Exporting no-password pem certificate"
-openssl rsa -in $CLIENT_FILE_PREFIX.pem -out $CLIENT_FILE_PREFIX.nopass.pem -passin pass:$CLIENT_KEY_PASSWORD
+openssl $OPENSSL_CMD -in $CLIENT_FILE_PREFIX.pem -out $CLIENT_FILE_PREFIX.nopass.pem -passin pass:$CLIENT_KEY_PASSWORD
 tail -n +$(($(grep -m1 -n -e '-----BEGIN CERTIFICATE' $CLIENT_FILE_PREFIX.pem | cut -d: -f1) )) \
   $CLIENT_FILE_PREFIX.pem >> $CLIENT_FILE_PREFIX.nopass.pem
 

tools/src/main/shell/keygen.properties

@@ -26,6 +26,8 @@ SERVER_KEY_PASSWORD=server_key_password
 
 SERVER_KEY_ALIAS="serveralias"
 SERVER_FILE_PREFIX="mqttserver"
+SERVER_KEY_ALG="RSA"
+SERVER_KEY_SIZE="2048"
 SERVER_KEYSTORE_DIR="/etc/thingsboard/conf"
 
 CLIENT_KEYSTORE_PASSWORD=password
@@ -33,4 +35,5 @@ CLIENT_KEY_PASSWORD=password
 
 CLIENT_KEY_ALIAS="clientalias"
 CLIENT_FILE_PREFIX="mqttclient"
-
+CLIENT_KEY_ALG="RSA"
+CLIENT_KEY_SIZE="2048"

tools/src/main/shell/server.keygen.sh

@@ -92,8 +92,8 @@ keytool -genkeypair -v \
   -keystore $SERVER_FILE_PREFIX.jks \
   -keypass $SERVER_KEY_PASSWORD \
   -storepass $SERVER_KEYSTORE_PASSWORD \
-  -keyalg RSA \
+  -keyalg $SERVER_KEY_ALG \
-  -keysize 2048 \
+  -keysize $SERVER_KEY_SIZE \
   -validity 9999
 
 status=$?