Skip to content

Commit 6f5ae54

Browse files
GiooDevGiooDev
committed
Story #15673: Updating generate_certs scripts to align with current architecture.
* Regenerate new passphrase for certs & keystores everytime we execute scripts. * Do not generate server certs for UI-* components, currently not supported.
1 parent cfdbd83 commit 6f5ae54

File tree

6 files changed

+87
-93
lines changed

6 files changed

+87
-93
lines changed

deployment/pki/scripts/generate_certs.sh

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -35,14 +35,14 @@ function generateCerts {
3535
generateServerAndClientCertAndStorePassphrase api-gateway vitamui-services
3636

3737
#Zone UI
38-
generateServerAndClientCertAndStorePassphrase ui-portal vitamui-services
39-
generateServerAndClientCertAndStorePassphrase ui-identity vitamui-services
40-
generateServerAndClientCertAndStorePassphrase ui-identity-admin vitamui-services
41-
generateServerAndClientCertAndStorePassphrase ui-referential vitamui-services
42-
generateServerAndClientCertAndStorePassphrase ui-ingest vitamui-services
43-
generateServerAndClientCertAndStorePassphrase ui-archive-search vitamui-services
44-
generateServerAndClientCertAndStorePassphrase ui-collect vitamui-services
45-
generateServerAndClientCertAndStorePassphrase ui-pastis vitamui-services
38+
generateClientCertAndStorePassphrase ui-portal vitamui-services
39+
generateClientCertAndStorePassphrase ui-identity vitamui-services
40+
generateClientCertAndStorePassphrase ui-identity-admin vitamui-services
41+
generateClientCertAndStorePassphrase ui-referential vitamui-services
42+
generateClientCertAndStorePassphrase ui-ingest vitamui-services
43+
generateClientCertAndStorePassphrase ui-archive-search vitamui-services
44+
generateClientCertAndStorePassphrase ui-collect vitamui-services
45+
generateClientCertAndStorePassphrase ui-pastis vitamui-services
4646

4747
#Reverse
4848
generateServerCertAndStorePassphrase reverse vitamui-services

deployment/pki/scripts/generate_certs_dev.sh

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -45,14 +45,14 @@ function generateCerts {
4545
generateServerAndClientCertAndStorePassphrase api-gateway vitamui-services
4646

4747
#Zone UI
48-
generateServerAndClientCertAndStorePassphrase ui-portal vitamui-services
49-
generateServerAndClientCertAndStorePassphrase ui-identity vitamui-services
50-
generateServerAndClientCertAndStorePassphrase ui-identity-admin vitamui-services
51-
generateServerAndClientCertAndStorePassphrase ui-referential vitamui-services
52-
generateServerAndClientCertAndStorePassphrase ui-ingest vitamui-services
53-
generateServerAndClientCertAndStorePassphrase ui-archive-search vitamui-services
54-
generateServerAndClientCertAndStorePassphrase ui-pastis vitamui-services
55-
generateServerAndClientCertAndStorePassphrase ui-collect vitamui-services
48+
generateClientCertAndStorePassphrase ui-portal vitamui-services
49+
generateClientCertAndStorePassphrase ui-identity vitamui-services
50+
generateClientCertAndStorePassphrase ui-identity-admin vitamui-services
51+
generateClientCertAndStorePassphrase ui-referential vitamui-services
52+
generateClientCertAndStorePassphrase ui-ingest vitamui-services
53+
generateClientCertAndStorePassphrase ui-archive-search vitamui-services
54+
generateClientCertAndStorePassphrase ui-pastis vitamui-services
55+
generateClientCertAndStorePassphrase ui-collect vitamui-services
5656

5757
#Reverse
5858
generateServerCertAndStorePassphrase reverse vitamui-services

deployment/pki/scripts/lib/ca.sh

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -161,17 +161,15 @@ function main() {
161161
if [ ! -f ${CA_DIR}/${AUTHORITY}/ca-root.crt ]; then
162162
pki_logger "Creation of CA-root for ${AUTHORITY}..."
163163
# Generate CA_ROOT_PASS & store it in the vault-ca
164-
CA_ROOT_PASS=$(generatePassphrase)
165-
setPassphrase ca "ca_root_${AUTHORITY}" "${CA_ROOT_PASS}"
164+
CA_ROOT_PASS=$(setPassphrase ca "ca_root_${AUTHORITY}")
166165
generate_ca_root ${CA_ROOT_PASS} ${AUTHORITY}
167166
else
168167
pki_logger "CA-root for ${AUTHORITY} already exists, it will not be recreated..."
169168
fi
170169
if [ ! -f ${CA_DIR}/${AUTHORITY}/ca-intermediate.crt ]; then
171170
pki_logger "Creation of CA-intermediate for ${AUTHORITY}..."
172171
# Generate CA_INTERMEDIATE_PASS & store it in the vault-ca
173-
CA_INTERMEDIATE_PASS=$(generatePassphrase)
174-
setPassphrase ca "ca_intermediate_${AUTHORITY}" "${CA_INTERMEDIATE_PASS}"
172+
CA_INTERMEDIATE_PASS=$(setPassphrase ca "ca_intermediate_${AUTHORITY}")
175173
generate_ca_intermediate ${CA_INTERMEDIATE_PASS} ${CA_ROOT_PASS} ${AUTHORITY}
176174

177175
purge_directory "${CONFIG_DIR}/${AUTHORITY}"

deployment/pki/scripts/lib/certs.sh

Lines changed: 52 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -39,14 +39,12 @@ function getComponentCertificateCn {
3939

4040
# Generate a server certificate
4141
function generateServerCertificate {
42-
local COMPOSANT="${1}"
43-
local KEY_PASS="${2}"
44-
local INTERMEDIATE_CA_KEY="${3}"
45-
local TYPE_CERTIFICAT="${4}"
46-
local AUTHORITY="${5}"
47-
local SERVICE_HOSTNAME="${6}"
48-
local SERVICE_DC_HOSTNAME="${7}"
49-
local REVERSE_SAN="${8}"
42+
local COMPONENT="${1}"
43+
local TYPE_CERTIFICAT="${2}"
44+
local AUTHORITY="${3}"
45+
local SERVICE_HOSTNAME="${4}"
46+
local SERVICE_DC_HOSTNAME="${5}"
47+
local REVERSE_SAN="${6}"
5048

5149
# Correctly set Subject Alternate Name (env var is read inside the openssl configuration file)
5250
export OPENSSL_SAN="$(getComponentCertificateSan $SERVICE_HOSTNAME $SERVICE_DC_HOSTNAME $REVERSE_SAN)"
@@ -55,23 +53,30 @@ function generateServerCertificate {
5553
# Correctly set certificate DIRECTORY (env var is read inside the openssl configuration file)
5654
export OPENSSL_CRT_DIR=${AUTHORITY}
5755

58-
pki_logger "Starting process to generate ${TYPE_CERTIFICAT} certificate signed with CA ${AUTHORITY} for ${COMPOSANT}..."
59-
local SERVER_CERTIFICATE_PATH=$(getServerCertificatePath ${AUTHORITY} ${COMPOSANT})
56+
57+
pki_logger "Starting process to generate ${TYPE_CERTIFICAT} certificate signed with CA ${AUTHORITY} for ${COMPONENT}..."
58+
local SERVER_CERTIFICATE_PATH=$(getServerCertificatePath ${AUTHORITY} ${COMPONENT})
6059
mkdir -p "${SERVER_CERTIFICATE_PATH}"
61-
pki_logger "Generating ${TYPE_CERTIFICAT} key for ${COMPOSANT}..."
60+
61+
# Retrieve the passphrase of the CA_INTERMEDIATE from the vault-ca
62+
local CA_INTERMEDIATE_PASS=$(getPassphrase ca "ca_intermediate_${AUTHORITY}")
63+
64+
local KEY_PASS=$(setPassphrase certs "${AUTHORITY}_${TYPE_CERTIFICAT}_${COMPONENT}")
65+
66+
pki_logger "Generating ${TYPE_CERTIFICAT} key for ${COMPONENT}..."
6267
openssl req -newkey "${CRYPTO_SPEC}" \
6368
-passout pass:"${KEY_PASS}" \
64-
-keyout "${SERVER_CERTIFICATE_PATH}/${COMPOSANT}.key" \
65-
-out "${SERVER_CERTIFICATE_PATH}/${COMPOSANT}.req" \
69+
-keyout "${SERVER_CERTIFICATE_PATH}/${COMPONENT}.key" \
70+
-out "${SERVER_CERTIFICATE_PATH}/${COMPONENT}.req" \
6671
-nodes \
6772
-config "${CONFIG_DIR}/crt-config" \
6873
-batch
6974

70-
pki_logger "Generating ${TYPE_CERTIFICAT} crt for ${COMPOSANT}..."
75+
pki_logger "Generating ${TYPE_CERTIFICAT} crt for ${COMPONENT}..."
7176
openssl ca -config "${CONFIG_DIR}/crt-config" \
72-
-passin pass:"${INTERMEDIATE_CA_KEY}" \
73-
-out "${SERVER_CERTIFICATE_PATH}/${COMPOSANT}.crt" \
74-
-in "${SERVER_CERTIFICATE_PATH}/${COMPOSANT}.req" \
77+
-passin pass:"${CA_INTERMEDIATE_PASS}" \
78+
-out "${SERVER_CERTIFICATE_PATH}/${COMPONENT}.crt" \
79+
-in "${SERVER_CERTIFICATE_PATH}/${COMPONENT}.req" \
7580
-extensions extension_${TYPE_CERTIFICAT} -batch
7681

7782
purge_directory "${SERVER_CERTIFICATE_PATH}"
@@ -81,51 +86,55 @@ function generateServerCertificate {
8186
# Generate the path of a client certificate
8287
function getClientCertificatePath {
8388
local AUTHORITY="${1}"
84-
local COMPOSANT="${2}"
85-
echo "${CERTIFICATE_DIR}/${AUTHORITY}/clients/${COMPOSANT}"
89+
local COMPONENT="${2}"
90+
echo "${CERTIFICATE_DIR}/${AUTHORITY}/clients/${COMPONENT}"
8691
}
8792

8893
# Generate a client certificate
8994
function generateClientCertificate {
90-
local COMPOSANT="${1}"
91-
local KEY_PASS="${2}"
92-
local CA_INTERMEDIATE_PASS="${3}"
93-
local TYPE_CERTIFICAT="${4}"
94-
local AUTHORITY="${5}"
95+
local COMPONENT="${1}"
96+
local TYPE_CERTIFICAT="${2}"
97+
local AUTHORITY="${3}"
9598

9699
# Correctly set certificate CN (env var is read inside the openssl configuration file)
97-
export OPENSSL_CN="${COMPOSANT}"
100+
export OPENSSL_CN="${COMPONENT}"
98101
# Correctly set certificate DIRECTORY (env var is read inside the openssl configuration file)
99102
export OPENSSL_CRT_DIR=${AUTHORITY}
100103

101-
pki_logger "Starting process to generate ${TYPE_CERTIFICAT} certificate for ${COMPOSANT}..."
102-
local CLIENT_CERTIFICATE_PATH=$(getClientCertificatePath ${AUTHORITY} ${COMPOSANT})
104+
pki_logger "Starting process to generate ${TYPE_CERTIFICAT} certificate for ${COMPONENT}..."
105+
local CLIENT_CERTIFICATE_PATH=$(getClientCertificatePath ${AUTHORITY} ${COMPONENT})
103106
mkdir -p "${CLIENT_CERTIFICATE_PATH}"
104-
pki_logger "Generating ${TYPE_CERTIFICAT} key for ${COMPOSANT}..."
107+
108+
# Retrieve the passphrase of the CA_INTERMEDIATE from the vault-ca
109+
local CA_INTERMEDIATE_PASS=$(getPassphrase ca "ca_intermediate_${AUTHORITY}")
110+
111+
local KEY_PASS=$(getOrSetPassphrase certs "${AUTHORITY}_${TYPE_CERTIFICAT}_${COMPONENT}")
112+
113+
pki_logger "Generating ${TYPE_CERTIFICAT} key for ${COMPONENT}..."
105114
# TODO: Workaround with -nodes parameter to avoid passphrase.
106115
# Remove this parameter when we have a solution for providing the passphrase to ansible during deployment.
107116
openssl req -newkey "${CRYPTO_SPEC}" \
108117
-passout pass:"${KEY_PASS}" \
109118
-nodes \
110-
-keyout "${CLIENT_CERTIFICATE_PATH}/${COMPOSANT}.key" \
111-
-out "${CLIENT_CERTIFICATE_PATH}/${COMPOSANT}.req" \
119+
-keyout "${CLIENT_CERTIFICATE_PATH}/${COMPONENT}.key" \
120+
-out "${CLIENT_CERTIFICATE_PATH}/${COMPONENT}.req" \
112121
-config "${CONFIG_DIR}/crt-config" \
113122
-batch
114123

115-
pki_logger "Generating ${TYPE_CERTIFICAT} crt signed with ${AUTHORITY} for ${COMPOSANT}..."
124+
pki_logger "Generating ${TYPE_CERTIFICAT} crt signed with ${AUTHORITY} for ${COMPONENT}..."
116125
openssl ca -config "${CONFIG_DIR}/crt-config" \
117126
-passin pass:"${CA_INTERMEDIATE_PASS}" \
118-
-out "${CLIENT_CERTIFICATE_PATH}/${COMPOSANT}.crt" \
119-
-in "${CLIENT_CERTIFICATE_PATH}/${COMPOSANT}.req" \
127+
-out "${CLIENT_CERTIFICATE_PATH}/${COMPONENT}.crt" \
128+
-in "${CLIENT_CERTIFICATE_PATH}/${COMPONENT}.req" \
120129
-extensions extension_${TYPE_CERTIFICAT} -batch
121130

122-
pki_logger "Generating ${TYPE_CERTIFICAT} pem only for cas-server and ui-* components..."
131+
# Generating pem only for cas-server and ui-* components...
123132
# Mandatory for loading the certificates in database 'security -> certificates' for authentification purposes
124-
if [ "${COMPOSANT}" == "cas-server" ] || [[ "${COMPOSANT}" == ui-* ]]; then
125-
pki_logger "Generating ${TYPE_CERTIFICAT} pem for ${COMPOSANT}..."
133+
if [ "${COMPONENT}" == "cas-server" ] || [[ "${COMPONENT}" == ui-* ]]; then
134+
pki_logger "Generating ${TYPE_CERTIFICAT} pem for ${COMPONENT}..."
126135
openssl x509 \
127-
-in "${CLIENT_CERTIFICATE_PATH}/${COMPOSANT}.crt" \
128-
-out "${CLIENT_CERTIFICATE_PATH}/${COMPOSANT}.pem"
136+
-in "${CLIENT_CERTIFICATE_PATH}/${COMPONENT}.crt" \
137+
-out "${CLIENT_CERTIFICATE_PATH}/${COMPONENT}.pem"
129138
fi
130139

131140
purge_directory "${CLIENT_CERTIFICATE_PATH}"
@@ -145,14 +154,12 @@ function generateServerCertAndStorePassphrase {
145154
local COMPONENT="${1}"
146155
local AUTHORITY="${2}"
147156

148-
pki_logger "DEBUG" "generateServerCertAndStorePassphrase called with $# args: COMPONENT=$1, AUTHORITY=$2"
157+
pki_logger "DEBUG" "${FUNCNAME[0]} called with $# args: COMPONENT=$1, AUTHORITY=$2"
149158

150159
local TYPE_CERTIFICAT="servers"
151160
local REVERSE_SAN=""
152161

153-
# Retrieve the passphrase of the CA_INTERMEDIATE from the vault-ca
154-
CA_INTERMEDIATE_PASS=$(getPassphrase ca "ca_intermediate_${AUTHORITY}")
155-
DC_NAME=$(getDcName)
162+
local DC_NAME=$(getDcName)
156163

157164
if [ "${COMPONENT}" == "reverse" ]; then
158165
REVERSE_SAN=$(read_ansible_var "vitamui_reverse_external_dns" hosts_vitamui_reverseproxy[0])
@@ -163,19 +170,13 @@ function generateServerCertAndStorePassphrase {
163170

164171
local SERVER_CERTIFICATE_PATH=$(getServerCertificatePath ${AUTHORITY} ${COMPONENT})
165172
if [ ! -f "${SERVER_CERTIFICATE_PATH}/${COMPONENT}.crt" ]; then
166-
# Generate the passphrase
167-
local KEY_PASS=$(generatePassphrase)
168173
# Create the certificate
169174
generateServerCertificate ${COMPONENT} \
170-
${KEY_PASS} \
171-
${CA_INTERMEDIATE_PASS} \
172175
${TYPE_CERTIFICAT} \
173176
${AUTHORITY} \
174177
"vitamui-${COMPONENT}.service.${CONSUL_DOMAIN}" \
175178
"vitamui-${COMPONENT}.service.${DC_NAME}.${CONSUL_DOMAIN}" \
176179
"${REVERSE_SAN}"
177-
# Store the key to the vault
178-
setPassphrase certs "${AUTHORITY}_${TYPE_CERTIFICAT}_${COMPONENT}" "${KEY_PASS}"
179180
else
180181
pki_logger "Le certificat ${AUTHORITY} - ${TYPE_CERTIFICAT} - ${COMPONENT}.crt existe déjà, il ne sera pas recréé..."
181182
fi
@@ -186,25 +187,16 @@ function generateClientCertAndStorePassphrase {
186187
local COMPONENT="${1}"
187188
local AUTHORITY="${2}"
188189

189-
pki_logger "DEBUG" "generateClientCertAndStorePassphrase called with $# args: COMPONENT=$1, AUTHORITY=$2"
190+
pki_logger "DEBUG" "${FUNCNAME[0]} called with $# args: COMPONENT=$1, AUTHORITY=$2"
190191

191192
local TYPE_CERTIFICAT="clients"
192193

193194
local CLIENT_CERTIFICATE_PATH=$(getClientCertificatePath ${AUTHORITY} ${COMPONENT})
194195
if [ ! -f "${CLIENT_CERTIFICATE_PATH}/${COMPONENT}.crt" ]; then
195-
# Get the CA_INTERMEDIATE passphrase from the vault-ca
196-
local CA_INTERMEDIATE_PASS=$(getPassphrase ca "ca_intermediate_${AUTHORITY}")
197-
198-
# Generate the key
199-
local KEY_PASS=$(generatePassphrase)
200196
# Create the certificate
201197
generateClientCertificate ${COMPONENT} \
202-
${KEY_PASS} \
203-
${CA_INTERMEDIATE_PASS} \
204198
${TYPE_CERTIFICAT} \
205199
${AUTHORITY}
206-
# Store the key to the vault
207-
setPassphrase certs "${AUTHORITY}_${TYPE_CERTIFICAT}_${COMPONENT}" "${KEY_PASS}"
208200
else
209201
pki_logger "Le certificat ${AUTHORITY} - ${TYPE_CERTIFICAT} - ${COMPONENT} existe déjà, il ne sera pas recréé..."
210202
fi
@@ -227,9 +219,9 @@ function getConsulDomain {
227219

228220
function getDcName {
229221
# Get DC_NAME
230-
VITAMUI_SITE_NAME=$(read_ansible_var "vitamui_site_name" "hosts_vitamui_consul_server[0]")
222+
local VITAMUI_SITE_NAME=$(read_ansible_var "vitamui_site_name" "hosts_vitamui_consul_server[0]")
231223
if [[ -z "$VITAMUI_SITE_NAME" || "$VITAMUI_SITE_NAME" =~ "VARIABLEISNOTDEFINED" ]]; then
232-
VITAM_SITE_NAME=$(read_ansible_var "vitam_site_name" "hosts_cas_server[0]")
224+
local VITAM_SITE_NAME=$(read_ansible_var "vitam_site_name" "hosts_cas_server[0]")
233225
echo $VITAM_SITE_NAME
234226
else
235227
echo $VITAMUI_SITE_NAME

deployment/pki/scripts/lib/commons.sh

Lines changed: 13 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -220,14 +220,20 @@ function hasPassphrase {
220220
# Method allowing to save a key/value in a vault file (ONLY a single level of tree structure).
221221
# @param TYPE Type of vault.
222222
# @param KEY Key of the data.
223-
# @param VALUE Value of the data.
223+
# @param VALUE Value of the data. If not provided, a random value will be generated.
224+
# @return The value of the key.
224225
function setPassphrase {
225226
local TYPE="${1}"
226227
local KEY="${2}"
227228
local VALUE="${3}"
228229

229-
# KWA TODO: explain & comonize the sed usage ;
230-
# KWA TODO: change replacement string in sed : /_/ ==> /__/
230+
if [ -z "${VALUE}" ]; then
231+
# We generate a random key if no value is provided
232+
local PASSPHRASE=$(generatePassphrase)
233+
else
234+
local PASSPHRASE="${VALUE}"
235+
fi
236+
231237
local RETURN_CODE=0
232238
local VAULT_FILE=$(getVaultFile "$TYPE")
233239
local VAULT_PASS=$(getVaultPass "$TYPE")
@@ -247,7 +253,7 @@ function setPassphrase {
247253
# If the key is already present, we remove it (i.e all line beginning with $NORMALIZED_KEY will be removed)
248254
sed -i "/^${NORMALIZED_KEY}/d" "${VAULT_FILE}"
249255
# Add key to vault
250-
echo "${NORMALIZED_KEY}: ${VALUE}" >> "${VAULT_FILE}"
256+
echo "${NORMALIZED_KEY}: ${PASSPHRASE}" >> "${VAULT_FILE}"
251257
# The same for the example file
252258
sed -i "/^${NORMALIZED_KEY}/d" "${VAULT_FILE}.example"
253259
echo "${NORMALIZED_KEY}: changeme" >> "${VAULT_FILE}.example"
@@ -258,24 +264,22 @@ function setPassphrase {
258264
} && {
259265
# Finally
260266
ansible-vault encrypt ${VAULT_FILE} ${VAULT_PASS}
267+
echo "${PASSPHRASE}"
261268
return ${RETURN_CODE}
262269
}
263270
}
264271

265272
# Method allowing to retrieve a key in a vault file (ONLY a single level of tree structure) or to set it if it does not exist.
266273
# @param TYPE Type of vault (ca, certs, keystores or truststores).
267274
# @param KEY Key linked to the data to retrieve or set.
268-
# @return The value linked or set to the provided key
275+
# @return The value linked or set for the provided key
269276
function getOrSetPassphrase {
270277
local TYPE="${1}"
271278
local KEY="${2}"
272279

273280
local EXISTS=$(hasPassphrase "${TYPE}" "${KEY}")
274281
if [ "${EXISTS}" == "false" ]; then
275-
# We generate a random key
276-
local PASSPHRASE=$(generatePassphrase)
277-
setPassphrase "${TYPE}" "${KEY}" "${PASSPHRASE}"
278-
echo "${PASSPHRASE}"
282+
echo $(setPassphrase "${TYPE}" "${KEY}")
279283
else
280284
echo $(getPassphrase "${TYPE}" "${KEY}")
281285
fi

deployment/pki/scripts/lib/stores.sh

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ function generateTruststore {
1717
local AUTHORITY_NAME=${2}
1818

1919
local TRUSTSTORE_PATH="${KEYSTORES_DIRECTORY}/${AUTHORITY_NAME}/truststore_${AUTHORITY_NAME}.p12"
20-
local TRUSTSTORE_PASSWORD=$(getOrSetPassphrase truststores "${AUTHORITY_NAME}")
20+
local TRUSTSTORE_PASSWORD=$(setPassphrase truststores "${AUTHORITY_NAME}")
2121

2222
if [ -f "${TRUSTSTORE_PATH}" ]; then
2323
rm -vf "${TRUSTSTORE_PATH:?}"
@@ -97,8 +97,8 @@ function main() {
9797
# Remove old keystores clients & server directories
9898
find ${KEYSTORES_DIRECTORY:?} -mindepth 1 -maxdepth 1 -type d -exec rm -vrf {} \; #TODO: pk on supprime tout si on a pas mis le erase à true ?
9999

100-
# For each authorities under environments/certs directory (client-vitam, client-external, vitamui-services)
101-
for AUTHORITY_PATH in $( ls -d ${CERTIFICATE_DIR}/* ); do
100+
# For each authorities under environments/certs directory (client-external, client-vitam, vitamui-services)
101+
for AUTHORITY_PATH in $( ls -d ${CERTIFICATE_DIR}/{client-external,client-vitam,vitamui-services} ); do
102102
pki_logger "-------------------------------------------"
103103
local AUTHORITY_NAME=$(basename ${AUTHORITY_PATH})
104104
pki_logger "Creating keystores for AUTHORITY: ${AUTHORITY_NAME}"
@@ -123,7 +123,7 @@ function main() {
123123
local COMPONENT_CRT_DIR=${CERTIFICATE_DIR}/${AUTHORITY_NAME}/${TYPE_NAME}/${COMPONENT}
124124
local TARGET_KEYSTORE=${KEYSTORES_DIRECTORY}/${AUTHORITY_NAME}/${TYPE_NAME}/keystore_${COMPONENT}.p12
125125
local CRT_KEY_PASSWORD=$(getPassphrase certs "${AUTHORITY_NAME}_${TYPE_NAME}_${COMPONENT}")
126-
local KEYSTORE_PASSWORD=$(getOrSetPassphrase keystores "${AUTHORITY_NAME}_${TYPE_NAME}_${COMPONENT}")
126+
local KEYSTORE_PASSWORD=$(setPassphrase keystores "${AUTHORITY_NAME}_${TYPE_NAME}_${COMPONENT}")
127127

128128
generateKeystore "${COMPONENT_CRT_DIR}" \
129129
"${CRT_KEY_PASSWORD}" \

0 commit comments

Comments
 (0)