ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2025-01-03 19:54:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
146d05961d
HIRS/package/scripts/pki/pki_setup.sh
iadgovuser26 146d05961d updated application.settings to use tls
2023-07-07 19:26:12 +00:00

61 lines
2.0 KiB
Bash
Raw Blame History

#!/bin/bash
############################################################################################
# Creates 2 Certificate Chains for the ACA:
# 1 RSA 3K SHA 384
# 2 ECC 512 SHA 384
#
############################################################################################
PROP_FILE=/etc/hirs/aca/apllication.properties
# Capture location of the script to allow from invocation from any location
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
# Set HIRS PKI password
if [ -z $HIRS_PKI_PWD ]; then
# Create a 32 character random password
PKI_PASS=$(head -c 64 /dev/urandom | md5sum | tr -dc 'a-zA-Z0-9')
fi
# Create an ACA properties file using the new password
#pushd $SCRIPT_DIR &> /dev/null
# if [ ! -f "/etc/hirs/aca/aca.properties" ]; then
# if [ -d /opt/hirs/scripts/aca ]; then
# ACA_SETUP_DIR="/opt/hirs/scripts/aca"
# else
# ACA_SETUP_DIR="$SCRIPT_DIR/../aca"
# fi
# echo "ACA_SETUP_DIR is $ACA_SETUP_DIR"
# sh $ACA_SETUP_DIR/aca_property_setup.sh $PKI_PASS
# else
# echo "aca property file exists, skipping"
# fi
# Add password to properties file
echo "server.ssl.key-store-password="$PKI_PASS >> $PROP_FILE
echo "server.ssl.trust-store-password="$PKI_PASS >> $PROP_FILE
# Clear out previous pki password and set new password in the application.properties file for embedded tomcat
popd &> /dev/null
# Create Cert Chains
if [ ! -d "/etc/hirs/certificates" ]; then
if [ -d /opt/hirs/scripts/pki ]; then
PKI_SETUP_DIR="/opt/hirs/scripts/pki"
else
PKI_SETUP_DIR=="$SCRIPT_DIR/../pki"
fi
echo "PKI_SETUP_DIR is $PKI_SETUP_DIR"
mkdir -p /etc/hirs/certificates/
pushd /etc/hirs/certificates/ &> /dev/null
cp $PKI_SETUP_DIR/ca.conf .
sh $PKI_SETUP_DIR/pki_chain_gen.sh "HIRS" "rsa" "3072" "sha384" "$PKI_PASS"
sh $PKI_SETUP_DIR/pki_chain_gen.sh "HIRS" "ecc" "512" "sha384" "$PKI_PASS"
popd &> /dev/null
else
echo "/etc/hirs/certificates exists, skipping"
fi
Reference in New Issue View Git Blame Copy Permalink