You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2015/03/20 11:41:57 UTC
svn commit: r1667982 - in
/qpid/trunk/qpid/java/test-profiles/test_resources/ssl:
generate-java-keystores.sh generate-root-ca.sh
Author: orudyy
Date: Fri Mar 20 10:41:57 2015
New Revision: 1667982
URL: http://svn.apache.org/r1667982
Log:
NO-JIRA: Add Apache licenses to scripts generating keystores/trustores/CA and improve instruction messages issued by scripts
Modified:
qpid/trunk/qpid/java/test-profiles/test_resources/ssl/generate-java-keystores.sh
qpid/trunk/qpid/java/test-profiles/test_resources/ssl/generate-root-ca.sh
Modified: qpid/trunk/qpid/java/test-profiles/test_resources/ssl/generate-java-keystores.sh
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/test_resources/ssl/generate-java-keystores.sh?rev=1667982&r1=1667981&r2=1667982&view=diff
==============================================================================
--- qpid/trunk/qpid/java/test-profiles/test_resources/ssl/generate-java-keystores.sh (original)
+++ qpid/trunk/qpid/java/test-profiles/test_resources/ssl/generate-java-keystores.sh Fri Mar 20 10:41:57 2015
@@ -1,4 +1,23 @@
-#!/bin/bash
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
echo "Remove existing java broker keystore"
rm java_broker_keystore.jks
echo "Re-create java broker keystore by importing RootCA certificate"
@@ -9,7 +28,7 @@ echo "Export certificate signing request
keytool -certreq -alias java-broker -sigalg SHA1withRSA -keystore java_broker_keystore.jks -storepass password -v -file java-broker.req
echo "Sign certificate by entering:"
echo " n for 'Is this a CA certificate [y/N]?'"
-echo " 0 for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
+echo " [Enter] for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
echo " password which was specified on creation root CA database."
certutil -C -d CA_db -c "MyRootCA" -a -i java-broker.req -o java-broker.crt -2 -6 --extKeyUsage serverAuth -v 60 -Z SHA1
@@ -55,7 +74,7 @@ keytool --list --keystore java_client_ke
read -p "Press [Enter] key to continue..."
echo "Remove existing client truststore"
rm java_client_truststore.jks
-echo "Re-create existing client truststore by importing RootCA certificate"
+echo "Re-create client truststore by importing RootCA certificate"
keytool -import -v -keystore java_client_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt
echo "List entries in client trusttore"
keytool --list --keystore java_client_truststore.jks -storepass password
@@ -63,7 +82,7 @@ keytool --list --keystore java_client_tr
read -p "Press [Enter] key to continue..."
echo "Remove existing broker truststore"
rm java_broker_truststore.jks
-echo "Re-create existing broker truststore by importing RootCA certificate"
+echo "Re-create broker truststore by importing RootCA certificate"
keytool -import -v -keystore java_broker_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt
echo "List entries in broker truststore"
keytool --list --keystore java_broker_truststore.jks -storepass password
@@ -71,7 +90,7 @@ keytool --list --keystore java_broker_tr
read -p "Press [Enter] key to continue..."
echo "Remove existing broker peerstore"
rm java_broker_peerstore.jks
-echo "Re-create existing broker peerstore by importing app1 certificate"
+echo "Re-create broker peerstore by importing app1 certificate"
keytool -import -v -keystore java_broker_peerstore.jks -storepass password -alias app1 -file app1.crt
echo "List entries in broker peerstore"
keytool --list --keystore java_broker_peerstore.jks -storepass password
Modified: qpid/trunk/qpid/java/test-profiles/test_resources/ssl/generate-root-ca.sh
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/test-profiles/test_resources/ssl/generate-root-ca.sh?rev=1667982&r1=1667981&r2=1667982&view=diff
==============================================================================
--- qpid/trunk/qpid/java/test-profiles/test_resources/ssl/generate-root-ca.sh (original)
+++ qpid/trunk/qpid/java/test-profiles/test_resources/ssl/generate-root-ca.sh Fri Mar 20 10:41:57 2015
@@ -1,12 +1,32 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
echo "Create a new certificate database for root CA"
rm CA_db/*
certutil -N -d CA_db
-echo "Create the self-signed Root CA certificate"
-echo "Enter the password you specified when creating the root CA database."
-echo "y for 'Is this a CA certificate [y/N]?'â
-echo "Press enter for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
-echo "n for 'Is this a critical extension [y/N]?'â
+echo "Create the self-signed Root CA certificate by entering:"
+echo " password which was specified on creation of root CA database."
+echo " y for 'Is this a CA certificate [y/N]?'"
+echo " [Enter] for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
+echo " n for 'Is this a critical extension [y/N]?'"
certutil -S -d CA_db -n "MyRootCA" -s "CN=MyRootCA,O=ACME,ST=Ontario,C=CA" -t "CT,," -x -2 -Z SHA1 -v 60
echo "Extract the CA certificate from the CAâs certificate database to a file."
certutil -L -d CA_db -n "MyRootCA" -a -o CA_db/rootca.crt
@@ -19,11 +39,11 @@ echo "Import the CA certificate into the
certutil -A -d server_db -n "MyRootCA" -t "TC,," -a -i CA_db/rootca.crt
echo "Create the server certificate request"
certutil -R -d server_db -s "CN=localhost.localdomain,O=ACME,ST=Ontario,C=CA" -a -o server_db/server.req -Z SHA1
-echo "Sign and issue a new server certificate"
-echo "n for 'Is this a CA certificate [y/N]?'"
-echo "-1 for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
-echo "n' for 'Is this a critical extension [y/N]?'"
-echo "enter the password you specified when creating the root CA database."
+echo "Sign and issue a new server certificate by entering:"
+echo " n for 'Is this a CA certificate [y/N]?'"
+echo " '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
+echo " n for 'Is this a critical extension [y/N]?'"
+echo " password which was specified on creation of root CA database."
certutil -C -d CA_db -c "MyRootCA" -a -i server_db/server.req -o server_db/server.crt -2 -6 --extKeyUsage serverAuth -v 60 -Z SHA1
echo "Import signed certificate to the brokerâs certificate database"
certutil -A -d server_db -n localhost.localdomain -a -i server_db/server.crt -t ",,"
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org