6 SWITCH_KEY="switch.key"
7 SWITCH_CERT="switch.crt"
8 SWITCH_CACHAIN="cachain.crt"
10 CONTROLLER_KEY="controller.key"
11 CONTROLLER_CERT="controller.crt"
12 CONTROLLER_KEYSTORE="keystore.p12"
13 CONTROLLER_TRUSTSTORE="truststore.p12"
15 OPENSSL_CONFIG="openssl.conf"
19 VALID_DAYS="1825" # 5 years
20 PASSWORD="opendaylight"
29 "$CONTROLLER_KEYSTORE"
30 "$CONTROLLER_TRUSTSTORE"
33 function prep_cert_gen() {
35 rm -f "${CERT_FILES_SAVED[@]}"
39 function post_cleanup() {
40 for i in "${CERT_FILES_SAVED[@]}"; do
46 function create_openssl_config() {
48 echo 1000 >"$CERT_SERIAL"
49 cat <<EOF >"$OPENSSL_CONFIG"
51 default_ca = CA_default
58 certificate = $CA_CERT
63 countryName = optional
64 stateOrProvinceName = optional
65 localityName = optional
66 organizationName = optional
67 organizationalUnitName = optional
69 emailAddress = optional
73 distinguished_name = req_distinguished_name
74 string_mask = utf8only
77 [ req_distinguished_name ]
78 countryName = Country Name (2 letter code)
79 stateOrProvinceName = State or Province Name
80 localityName = Locality Name
81 0.organizationName = Organization Name
82 organizationalUnitName = Organizational Unit Name
83 commonName = Common Name
84 emailAddress = Email Address
87 subjectKeyIdentifier = hash
88 authorityKeyIdentifier = keyid:always,issuer
89 basicConstraints = critical, CA:true
90 keyUsage = critical, digitalSignature, cRLSign, keyCertSign
93 basicConstraints = CA:FALSE
94 subjectKeyIdentifier = hash
95 authorityKeyIdentifier = keyid,issuer:always
96 keyUsage = critical, digitalSignature, keyEncipherment
97 extendedKeyUsage = serverAuth, clientAuth
102 echo -e "\\nGenerate CA Key & Certificate"
103 echo -e "-----------------------------"
105 echo -e "\\n> Root: Key & Self-Signed Certificate"
107 -config "$OPENSSL_CONFIG" \
109 -newkey rsa:"$CA_KEY_LEN" \
112 -extensions ca_cert \
113 -subj "/C=US/ST=California/L=San Jose/O=Verizon/CN=Root CA" \
114 -days "$VALID_DAYS" \
119 chmod 0644 "$CA_CERT"
122 function gen_signed_cert() {
124 local client_key="$2"
125 local client_cert="$3"
128 client_csr="$(tr '[:upper:]' '[:lower:]' <<<"$client").csr"
130 echo -e "\\n> $client: CSR\\n"
132 -config "$OPENSSL_CONFIG" \
134 -newkey rsa:"$CLIENT_KEY_LEN" \
136 -subj "/C=US/ST=California/L=San Jose/O=Verizon/CN=$client" \
137 -keyout "$client_key" \
140 echo -e "\\n> $client: Certificate\\n"
143 -config "$OPENSSL_CONFIG" \
144 -extensions client_cert \
146 -days "$VALID_DAYS" \
150 chmod 0600 "$client_key"
151 chmod 0644 "$client_cert"
154 function gen_keystore() {
156 local client_key="$2"
157 local client_cert="$3"
158 local client_keystore="$4"
160 echo -e "\\n> $client: Keystore"
164 -inkey "$client_key" \
165 -certfile "$CA_CERT" \
166 -passout "pass:$PASSWORD" \
167 -out "$client_keystore" \
170 chmod 0600 "$client_keystore"
173 function gen_truststore() {
175 local client_truststore="$2"
177 echo -e "\\n> $client: Truststore"
178 keytool -importcert \
184 -keystore "$client_truststore" \
185 -storepass "$PASSWORD"
187 chmod 0644 "$client_truststore"
190 function gen_switch() {
191 echo -e "\\nGenerate Switch Key & Certificate"
192 echo -e "---------------------------------"
193 gen_signed_cert "Switch" "$SWITCH_KEY" "$SWITCH_CERT"
194 cp -p "$CA_CERT" "$SWITCH_CACHAIN"
197 function gen_controller() {
198 echo -e "\\nGenerate Controller Keystore & Truststore"
199 echo -e "-----------------------------------------"
200 gen_signed_cert "Controller" "$CONTROLLER_KEY" "$CONTROLLER_CERT"
201 gen_keystore "Controller" "$CONTROLLER_KEY" "$CONTROLLER_CERT" "$CONTROLLER_KEYSTORE"
202 gen_truststore "Controller" "$CONTROLLER_TRUSTSTORE"
208 cd "$WORKDIR" || exit 1
209 create_openssl_config