Improve discovery and error messages in create_certificates.sh.

Print error message if openssl/keytool cannot be found.
This commit is contained in:
Mark Paluch
2017-03-18 17:41:29 +01:00
parent 7026fd3531
commit da6055a3d7

View File

@@ -4,6 +4,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
CA_DIR=work/ca
KEYSTORE_FILE=work/keystore.jks
CLIENT_CERT_KEYSTORE=work/client-cert.jks
if [[ -d work/ca ]] ; then
rm -Rf ${CA_DIR}
fi
@@ -16,6 +17,22 @@ if [[ -f ${CLIENT_CERT_KEYSTORE} ]] ; then
rm -Rf ${CLIENT_CERT_KEYSTORE}
fi
if [ ! -x "$(which openssl)" ] ; then
echo "[ERROR] No openssl in PATH"
exit 1
fi
KEYTOOL=keytool
if [ ! -x "${KEYTOOL}" ] ; then
KEYTOOL=${JAVA_HOME}/bin/keytool
fi
if [ ! -x "${KEYTOOL}" ] ; then
echo "[ERROR] No keytool in PATH/JAVA_HOME"
exit 1
fi
mkdir -p ${CA_DIR}/private ${CA_DIR}/certs ${CA_DIR}/crl ${CA_DIR}/csr ${CA_DIR}/newcerts ${CA_DIR}/intermediate
echo "[INFO] Generating CA private key"
@@ -46,6 +63,7 @@ openssl rsa -in ${CA_DIR}/private/localhost.key.pem \
-passin pass:changeit
chmod 400 ${CA_DIR}/private/localhost.key.pem
chmod 400 ${CA_DIR}/private/localhost.decrypted.key.pem
echo "[INFO] Generating server certificate request"
openssl req -config ${DIR}/openssl.cnf \
@@ -96,8 +114,8 @@ openssl pkcs12 -export -clcerts \
-passout pass:changeit \
-out ${CA_DIR}/client.p12
${JAVA_HOME}/bin/keytool -importcert -keystore ${KEYSTORE_FILE} -file ${CA_DIR}/certs/ca.cert.pem -noprompt -storepass changeit
${JAVA_HOME}/bin/keytool -importkeystore \
${KEYTOOL} -importcert -keystore ${KEYSTORE_FILE} -file ${CA_DIR}/certs/ca.cert.pem -noprompt -storepass changeit
${KEYTOOL} -importkeystore \
-srckeystore ${CA_DIR}/client.p12 -srcstoretype PKCS12 -srcstorepass changeit\
-destkeystore ${CLIENT_CERT_KEYSTORE} -deststoretype JKS \
-noprompt -storepass changeit