valtoni · April 2, 2019 22:57
diff --git a/generate_pks_company_keyrings.sh b/generate_pks_company_keyrings.sh
 COMPANY_CERT=certnew
 COMPANY_CERT_ORIGINAL=${COMPANY_CERT}.p7b
 COMPANY_CERT_NAME=company_certificates.cer
 COMPANY_CERT_PKCS7_DER=${COMPANY_CERT}.der.p7b
 COMPANY_CERT_PKCS7_PEM=${COMPANY_CERT}.pem.p7b
 PRIVATE_KEY=private
 PRIVATE_KEY_LEN=2048
 PUBLIC_KEY_EXPIRY_DAYS=365
 PUBLIC_KEY=public
 CERTIFICATE_REQUEST=request
 CERTIFICATE=certificate
 KEYRING=keyring

 ENCODE=pem
 ENCODE_KEYRING=pkcs12
 SHA1=sha1
 SHA256=sha256
 PRV_KEY_NAME=${PRIVATE_KEY}.${ENCODE}
 PUB_KEY_NAME=${PUBLIC_KEY}.${ENCODE}
 CERT_REQ_NAME=${CERTIFICATE_REQUEST}.csr
 KEYRING_NAME_SHA1=${KEYRING}.${SHA1}.${ENCODE_KEYRING}
 CERT_NAME_SHA1=${CERTIFICATE}.${SHA1}.${ENCODE}
 KEYRING_NAME_SHA256=${KEYRING}.${SHA256}.${ENCODE_KEYRING}
 CERT_NAME_SHA256=${CERTIFICATE}.${SHA256}.${ENCODE}

 CHAIN_CERT_SHA1=chain_${CERTIFICATE}.${SHA1}.${ENCODE}
 CHAIN_CERT_SHA256=chain_${CERTIFICATE}.${SHA256}.${ENCODE}
 COMPLETE_KEYRING_NAME_SHA1=complete_${KEYRING}.${SHA1}.${ENCODE_KEYRING}
 COMPLETE_KEYRING_NAME_SHA256=complete_${KEYRING}.${SHA256}.${ENCODE_KEYRING}

 set -e
 trap 'EXIT_NUMBER=$? || [ "$EXIT_NUMBER" -ne 0 ] || echo "**** ERRO ($EXIT_NUMBER)" || exit $EXIT_NUMBER' ERR

 if [ ! -f ${COMPANY_CERT_ORIGINAL} ]; then
  echo "*** Company keychain was not found. Please, download and put the DER format in ${COMPANY_CERT_ORIGINAL}."
  exit 1
 fi

 if [ ! -f ${COMPANY_CERT_NAME} ]; then
  cp ${COMPANY_CERT_ORIGINAL} ${COMPANY_CERT_PKCS7_DER}
  openssl pkcs7 -inform der -in ${COMPANY_CERT_PKCS7_DER} -text > ${COMPANY_CERT_PKCS7_PEM}
  openssl pkcs7 -in ${COMPANY_CERT_PKCS7_PEM} -print_certs > ${COMPANY_CERT_NAME}
 fi

 echo ">>> Generating an RSA private key ${PRV_KEY_NAME} with length ${PRIVATE_KEY_LEN}"
 openssl genrsa -out ${PRV_KEY_NAME} ${PRIVATE_KEY_LEN}
 echo ">>> Generating a public key ${PUB_KEY_NAME} from private key of item above"
 openssl rsa -in ${PRV_KEY_NAME} -outform PEM -pubout -out ${PUB_KEY_NAME}
 echo ">>> Generating request file ${CERT_REQ_NAME} to be signed"
 openssl req -key ${PRV_KEY_NAME} -new -out ${CERT_REQ_NAME}
 echo ">>> Generating certificate ${CERT_NAME_SHA256} with SHA256 cypher and ${PUBLIC_KEY_EXPIRY_DAYS} expiry days"
 openssl req -key ${PRV_KEY_NAME} -new -sha256 -x509 -days ${PUBLIC_KEY_EXPIRY_DAYS} -out ${CERT_NAME_SHA256}
 echo ">>> Generating a keychain PKCS12 cypher SHA256 ${KEYRING_NAME_SHA256} only with certificate and private key"
 openssl pkcs12 -inkey ${PRV_KEY_NAME} -in ${CERT_NAME_SHA256} -export -out ${KEYRING_NAME_SHA256}
 echo ">>> Generating certificate ${CERT_NAME_SHA1} with SHA1 cypher and ${PUBLIC_KEY_EXPIRY_DAYS} expiry days"
 openssl req -key ${PRV_KEY_NAME} -new -sha1 -x509 -days ${PUBLIC_KEY_EXPIRY_DAYS} -out ${CERT_NAME_SHA1}
 echo ">>> Generating a keychain PKCS12 cypher SHA1 ${KEYRING_NAME_SHA1} only with certificate and private key"
 openssl pkcs12 -inkey ${PRV_KEY_NAME} -in ${CERT_NAME_SHA1} -export -out ${KEYRING_NAME_SHA1}

 echo ">>> Generating a full keyring ${COMPLETE_KEYRING_NAME_SHA1} with SHA1 certificate"
 cat ${CERT_NAME_SHA1} ${COMPANY_CERT_NAME} > ${CHAIN_CERT_SHA1}
 openssl pkcs12 -inkey ${PRV_KEY_NAME} -in ${CHAIN_CERT_SHA1} -export -out ${COMPLETE_KEYRING_NAME_SHA1}
 echo ">>> Generating a full keyring ${COMPLETE_KEYRING_NAME_SHA256} with SHA256 certificate"
 cat ${CERT_NAME_SHA256} ${COMPANY_CERT_NAME} > ${CHAIN_CERT_SHA256}
 openssl pkcs12 -inkey ${PRV_KEY_NAME} -in ${CHAIN_CERT_SHA256} -export -out ${COMPLETE_KEYRING_NAME_SHA256}
	COMPANY_CERT=certnew
	COMPANY_CERT_ORIGINAL=${COMPANY_CERT}.p7b
	COMPANY_CERT_NAME=company_certificates.cer
	COMPANY_CERT_PKCS7_DER=${COMPANY_CERT}.der.p7b
	COMPANY_CERT_PKCS7_PEM=${COMPANY_CERT}.pem.p7b
	PRIVATE_KEY=private
	PRIVATE_KEY_LEN=2048
	PUBLIC_KEY_EXPIRY_DAYS=365
	PUBLIC_KEY=public
	CERTIFICATE_REQUEST=request
	CERTIFICATE=certificate
	KEYRING=keyring

	ENCODE=pem
	ENCODE_KEYRING=pkcs12
	SHA1=sha1
	SHA256=sha256
	PRV_KEY_NAME=${PRIVATE_KEY}.${ENCODE}
	PUB_KEY_NAME=${PUBLIC_KEY}.${ENCODE}
	CERT_REQ_NAME=${CERTIFICATE_REQUEST}.csr
	KEYRING_NAME_SHA1=${KEYRING}.${SHA1}.${ENCODE_KEYRING}
	CERT_NAME_SHA1=${CERTIFICATE}.${SHA1}.${ENCODE}
	KEYRING_NAME_SHA256=${KEYRING}.${SHA256}.${ENCODE_KEYRING}
	CERT_NAME_SHA256=${CERTIFICATE}.${SHA256}.${ENCODE}

	CHAIN_CERT_SHA1=chain_${CERTIFICATE}.${SHA1}.${ENCODE}
	CHAIN_CERT_SHA256=chain_${CERTIFICATE}.${SHA256}.${ENCODE}
	COMPLETE_KEYRING_NAME_SHA1=complete_${KEYRING}.${SHA1}.${ENCODE_KEYRING}
	COMPLETE_KEYRING_NAME_SHA256=complete_${KEYRING}.${SHA256}.${ENCODE_KEYRING}

	set -e
	trap 'EXIT_NUMBER=$? \|\| [ "$EXIT_NUMBER" -ne 0 ] \|\| echo "**** ERRO ($EXIT_NUMBER)" \|\| exit $EXIT_NUMBER' ERR

	if [ ! -f ${COMPANY_CERT_ORIGINAL} ]; then
	echo "*** Company keychain was not found. Please, download and put the DER format in ${COMPANY_CERT_ORIGINAL}."
	exit 1
	fi

	if [ ! -f ${COMPANY_CERT_NAME} ]; then
	cp ${COMPANY_CERT_ORIGINAL} ${COMPANY_CERT_PKCS7_DER}
	openssl pkcs7 -inform der -in ${COMPANY_CERT_PKCS7_DER} -text > ${COMPANY_CERT_PKCS7_PEM}
	openssl pkcs7 -in ${COMPANY_CERT_PKCS7_PEM} -print_certs > ${COMPANY_CERT_NAME}
	fi

	echo ">>> Generating an RSA private key ${PRV_KEY_NAME} with length ${PRIVATE_KEY_LEN}"
	openssl genrsa -out ${PRV_KEY_NAME} ${PRIVATE_KEY_LEN}
	echo ">>> Generating a public key ${PUB_KEY_NAME} from private key of item above"
	openssl rsa -in ${PRV_KEY_NAME} -outform PEM -pubout -out ${PUB_KEY_NAME}
	echo ">>> Generating request file ${CERT_REQ_NAME} to be signed"
	openssl req -key ${PRV_KEY_NAME} -new -out ${CERT_REQ_NAME}
	echo ">>> Generating certificate ${CERT_NAME_SHA256} with SHA256 cypher and ${PUBLIC_KEY_EXPIRY_DAYS} expiry days"
	openssl req -key ${PRV_KEY_NAME} -new -sha256 -x509 -days ${PUBLIC_KEY_EXPIRY_DAYS} -out ${CERT_NAME_SHA256}
	echo ">>> Generating a keychain PKCS12 cypher SHA256 ${KEYRING_NAME_SHA256} only with certificate and private key"
	openssl pkcs12 -inkey ${PRV_KEY_NAME} -in ${CERT_NAME_SHA256} -export -out ${KEYRING_NAME_SHA256}
	echo ">>> Generating certificate ${CERT_NAME_SHA1} with SHA1 cypher and ${PUBLIC_KEY_EXPIRY_DAYS} expiry days"
	openssl req -key ${PRV_KEY_NAME} -new -sha1 -x509 -days ${PUBLIC_KEY_EXPIRY_DAYS} -out ${CERT_NAME_SHA1}
	echo ">>> Generating a keychain PKCS12 cypher SHA1 ${KEYRING_NAME_SHA1} only with certificate and private key"
	openssl pkcs12 -inkey ${PRV_KEY_NAME} -in ${CERT_NAME_SHA1} -export -out ${KEYRING_NAME_SHA1}

	echo ">>> Generating a full keyring ${COMPLETE_KEYRING_NAME_SHA1} with SHA1 certificate"
	cat ${CERT_NAME_SHA1} ${COMPANY_CERT_NAME} > ${CHAIN_CERT_SHA1}
	openssl pkcs12 -inkey ${PRV_KEY_NAME} -in ${CHAIN_CERT_SHA1} -export -out ${COMPLETE_KEYRING_NAME_SHA1}
	echo ">>> Generating a full keyring ${COMPLETE_KEYRING_NAME_SHA256} with SHA256 certificate"
	cat ${CERT_NAME_SHA256} ${COMPANY_CERT_NAME} > ${CHAIN_CERT_SHA256}
	openssl pkcs12 -inkey ${PRV_KEY_NAME} -in ${CHAIN_CERT_SHA256} -export -out ${COMPLETE_KEYRING_NAME_SHA256}