Last active
August 7, 2022 10:44
-
-
Save MrCarb0n/ff628576388bdbb6cd15529f1293195b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
ALIASES="" | |
PASS="" | |
VALIDITY=36500 | |
ISSUED_DATE="yyyy/mm/dd hh:mm:ss" | |
CommonName="" | |
OrganizationalUnit="" | |
Organization="" | |
Email="" | |
Locality="" | |
State_Province="" | |
Country="" | |
### DONT MODIFY ANYTHING AFTER THIS ### | |
KEY_STORE_PATH="$ALIASES.keystore" | |
DEST_KEY_STORE_PATH="$ALIASES.p12" | |
DEST_TMP_RSA_PATH="tmp_$ALIASES.rsa.pem" | |
PRIVATE_RSA="private_$ALIASES.rsa.pem" | |
CERT_X509="x509.pem" | |
PK8_PATH="pk8" | |
# Generate .keystore file | |
GEN_KS() | |
{ | |
keytool -genkeypair -v \ | |
-keystore ${KEY_STORE_PATH} \ | |
-alias ${ALIASES} \ | |
-storepass ${PASS} \ | |
-keypass ${PASS} \ | |
-keyalg RSA \ | |
-startdate "${ISSUED_DATE}" \ | |
-validity ${VALIDITY} \ | |
-dname "CN='${CommonName}', \ | |
OU='${OrganizationalUnit}', \ | |
EmailAddress='${Email}', \ | |
O='${Organization}', \ | |
L='${Locality}', \ | |
ST='${State_Province}', \ | |
C='${Country}'" | |
} | |
GEN_KS | |
# Convert .keystore file to pkcs12 format | |
KS_PKCS12() | |
{ | |
keytool -importkeystore \ | |
-srckeystore ${KEY_STORE_PATH} \ | |
-destkeystore ${DEST_KEY_STORE_PATH} \ | |
-srcstoretype JKS \ | |
-deststoretype PKCS12 \ | |
-deststorepass ${PASS} \ | |
-srcstorepass ${PASS} \ | |
-destkeypass ${PASS} | |
} | |
KS_PKCS12 | |
# Turn pkcs12 into PEM | |
PKCS12_PEM() | |
{ | |
openssl pkcs12 -nodes \ | |
-in ${DEST_KEY_STORE_PATH} \ | |
-out ${DEST_TMP_RSA_PATH} \ | |
-password pass:${PASS} | |
} | |
PKCS12_PEM | |
# Intercepting the PEM file to generate the .X509.PEM.RSA.PEM file | |
PEM_X509() | |
{ | |
# 1. Get the start line number of private key in pkcs12.rsa.pem file. | |
# Because the private keyb headers generated in different environments | |
# are different (begin RSA private key, begin private key), | |
# a judgment is added here | |
private_key_begin=$(grep "BEGIN RSA PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n) | |
if [ $? -ne 0 ]; then | |
private_key_begin=$(grep "BEGIN PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n) | |
private_key_end=$(grep "END PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n) | |
else | |
private_key_end=$(grep "END RSA PRIVATE KEY" ${DEST_TMP_RSA_PATH} -n) | |
fi | |
# 2. Intercept PKCS12.RSA.PEM file and generate PRIVATE.RSA.PEM file | |
sed -n ${private_key_begin%%:*},${private_key_end%%:*}p ${DEST_TMP_RSA_PATH} >> ${PRIVATE_RSA} | |
# 3. Get the start line number of certificate key in pkcs12.rsa.pem file | |
cert_509_begin=$(grep "BEGIN CERTIFICATE" ${DEST_TMP_RSA_PATH} -n) | |
cert_509_end=$(grep "END CERTIFICATE" ${DEST_TMP_RSA_PATH} -n) | |
# 4. Intercept pkcs12.rsa.pem file and generate cert x509.x509.pem file | |
sed -n ${cert_509_begin%%:*},${cert_509_end%%:*}p ${DEST_TMP_RSA_PATH} >> ${CERT_X509} | |
} | |
PEM_X509 | |
# Private key to PK8 format | |
PRIV_PK8() | |
{ | |
openssl pkcs8 -topk8 \ | |
-outform DER \ | |
-in ${PRIVATE_RSA} \ | |
-inform PEM \ | |
-out ${PK8_PATH} \ | |
-nocrypt | |
} | |
PRIV_PK8 | |
# make encrypted archive of generated files | |
ENC_ZIP() | |
{ | |
zip -Z bzip2 -P ${PASS} KEY_${ALIASES}.zip \ | |
${KEY_STORE_PATH} \ | |
${DEST_KEY_STORE_PATH} \ | |
${DEST_TMP_RSA_PATH} \ | |
${PRIVATE_RSA} \ | |
${CERT_X509} \ | |
${PK8_PATH} | |
} | |
ENC_ZIP | |
# cleanup private files | |
CLEANUP() | |
{ | |
rm -f ${KEY_STORE_PATH} \ | |
${DEST_KEY_STORE_PATH} \ | |
${DEST_TMP_RSA_PATH} \ | |
${PRIVATE_RSA} | |
} | |
CLEANUP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment