Skip to content

Instantly share code, notes, and snippets.

@MrCarb0n
Last active August 7, 2022 10:44
Show Gist options
  • Save MrCarb0n/ff628576388bdbb6cd15529f1293195b to your computer and use it in GitHub Desktop.
Save MrCarb0n/ff628576388bdbb6cd15529f1293195b to your computer and use it in GitHub Desktop.
#!/bin/sh
ALIASES=""
PASS=""
VALIDITY=36500
ISSUED_DATE="yyyy/mm/dd hh:mm:ss"
CommonName=""
OrganizationalUnit=""
Organization=""
Email=""
Locality=""
State_Province=""
Country=""
### DONT MODIFY ANYTHING AFTER THIS ###
KEY_STORE_PATH="$ALIASES.keystore"
DEST_KEY_STORE_PATH="$ALIASES.p12"
DEST_TMP_RSA_PATH="tmp_$ALIASES.rsa.pem"
PRIVATE_RSA="private_$ALIASES.rsa.pem"
CERT_X509="x509.pem"
PK8_PATH="pk8"
# Generate .keystore file
GEN_KS()
{
keytool -genkeypair -v \
-keystore ${KEY_STORE_PATH} \
-alias ${ALIASES} \
-storepass ${PASS} \
-keypass ${PASS} \
-keyalg RSA \
-startdate "${ISSUED_DATE}" \
-validity ${VALIDITY} \
-dname "CN='${CommonName}', \
OU='${OrganizationalUnit}', \
EmailAddress='${Email}', \
O='${Organization}', \
L='${Locality}', \
ST='${State_Province}', \
C='${Country}'"
}
GEN_KS
# Convert .keystore file to pkcs12 format
KS_PKCS12()
{
keytool -importkeystore \
-srckeystore ${KEY_STORE_PATH} \
-destkeystore ${DEST_KEY_STORE_PATH} \
-srcstoretype JKS \
-deststoretype PKCS12 \
-deststorepass ${PASS} \
-srcstorepass ${PASS} \
-destkeypass ${PASS}
}
KS_PKCS12
# Turn pkcs12 into PEM
PKCS12_PEM()
{
openssl pkcs12 -nodes \
-in ${DEST_KEY_STORE_PATH} \
-out ${DEST_TMP_RSA_PATH} \
-password pass:${PASS}
}
PKCS12_PEM
# Intercepting the PEM file to generate the .X509.PEM.RSA.PEM file
PEM_X509()
{
# 1. Get the start line number of private key in pkcs12.rsa.pem file.
# Because the private keyb headers generated in different environments
# are different (begin RSA private key, begin private key),
# a judgment is added here
private_key_begin=$(grep "BEGIN RSA PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n)
if [ $? -ne 0 ]; then
private_key_begin=$(grep "BEGIN PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n)
private_key_end=$(grep "END PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n)
else
private_key_end=$(grep "END RSA PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n)
fi
# 2. Intercept PKCS12.RSA.PEM file and generate PRIVATE.RSA.PEM file
sed -n ${private_key_begin%%:*},${private_key_end%%:*}p ${DEST_TMP_RSA_PATH} >> ${PRIVATE_RSA}
# 3. Get the start line number of certificate key in pkcs12.rsa.pem file
cert_509_begin=$(grep "BEGIN CERTIFICATE" ${DEST_TMP_RSA_PATH} -n)
cert_509_end=$(grep "END CERTIFICATE" ${DEST_TMP_RSA_PATH} -n)
# 4. Intercept pkcs12.rsa.pem file and generate cert x509.x509.pem file
sed -n ${cert_509_begin%%:*},${cert_509_end%%:*}p ${DEST_TMP_RSA_PATH} >> ${CERT_X509}
}
PEM_X509
# Private key to PK8 format
PRIV_PK8()
{
openssl pkcs8 -topk8 \
-outform DER \
-in ${PRIVATE_RSA} \
-inform PEM \
-out ${PK8_PATH} \
-nocrypt
}
PRIV_PK8
# make encrypted archive of generated files
ENC_ZIP()
{
zip -Z bzip2 -P ${PASS} KEY_${ALIASES}.zip \
${KEY_STORE_PATH} \
${DEST_KEY_STORE_PATH} \
${DEST_TMP_RSA_PATH} \
${PRIVATE_RSA} \
${CERT_X509} \
${PK8_PATH}
}
ENC_ZIP
# cleanup private files
CLEANUP()
{
rm -f ${KEY_STORE_PATH} \
${DEST_KEY_STORE_PATH} \
${DEST_TMP_RSA_PATH} \
${PRIVATE_RSA}
}
CLEANUP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment