Big refactor. Added unit tests for quicker development. Moved common logic to a separate script. More thorough error checking.

Author: Derrek Young

.gitignore

@@ -1,2 +1,3 @@
 
 dist/
+test/tmp/

README.md

@@ -1,10 +1,7 @@
 # AppD-SSL-Cert-Utils
 
-ATTENTION: 
-* These are **unofficial** utilities so consider them to be Beta--not GA
-* Your mileage may vary
-* Thar be dragons
-* Etcetera, etcetera
+ATTENTION:
+* These are **unofficial** utilities so consider them to be Beta--not GA. If unsure, bring in your AppDynamics representative.
 
 ## Description
 Totally unofficial SSL utils to ease working with SSL certificates in AppD.
@@ -22,6 +19,13 @@ Download the latest release from the Releases page:
 https://github.com/derrekyoung/AppD-SSL-Cert-Utils/releases/latest
 
 ## Usage
-Run either `./controller-ssl-certs-util.sh` or `./eum-ssl-certs-util.sh` and then use the interactive command line. 
+Always follow the official AppDynamics documentation at https://docs.appdynamics.com
 
-No parameters are passed in. Always follow the official AppDynamics documentation. In general, you'll need to create a CSR and then import the cert. If you have an internal CA, you'll need to import the root and/or intermediate certs.
+The basic flow is to
+- Create a Certificate Signing Request (CSR)
+- Send that CSR to your CA
+- They'll send back to you a signed certificate
+- You'll then need to import your signed certificate
+- IF you have an internal CA, then you'll first need to import your root cert, cert chain and/or intermediate cert. The exact steps depend on your organization and environment.
+
+Run either `./controller-ssl-certs-util.sh` or `./eum-ssl-certs-util.sh` and then use the interactive command line. No parameters are passed in.

build.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-VERSION="0.8-BETA"
+VERSION="1.0-BETA"
 
 
 ################################################
@@ -26,6 +26,8 @@ dist()
 
   cp controller-ssl-certs-util.sh $DIST_DIR/$DIST_TOP_FOLDER/controller-ssl-certs-util-$VERSION.sh
   cp eum-ssl-certs-util.sh $DIST_DIR/$DIST_TOP_FOLDER/eum-ssl-certs-util-$VERSION.sh
+  cp ssl-certs-util-common.sh $DIST_DIR/$DIST_TOP_FOLDER/ssl-certs-util-common.sh
+  cp README.md $DIST_DIR/$DIST_TOP_FOLDER/README.md
 
   echo "Creating the Zip file..."
 

controller-ssl-certs-util.sh

@@ -1,21 +1,31 @@
 #!/bin/bash
 #--------------------------------------------------------------------------------------------------
-# A Linux script to help working with SSL certificates. It's not a total replacement for keytool.
-# Think of this as the Basic interface to keystores and keytool is the Advanced one.
+# A Linux script to help working with SSL certificates in the CONTROLLER. (If you want EUM certs,
+# then use the other script.)
+# This is not a total replacement for keytool. Think of this as the Basic interface to keystores
+# and keytool is the Advanced one.
 #
-# Generate new certs, import them, list keystore contents and disable the HTTP port.
-#
-# Version: 0.8
+# Generate new certs, import them, and list keystore contents.
 #
 #--------------------------------------------------------------------------------------------------
 
 # Edit the following parameter to suit your environment
 CONTROLLER_HOME=/opt/AppDynamics/Controller
 
 
-################################################
+
+###################################################################################################
 # Do not edit below this line
-DATETIME=`date +%Y%m%d%H%M`
+###################################################################################################
+
+source ./ssl-certs-util-common.sh
+if [ ! -f "./ssl-certs-util-common.sh" ]; then
+	echo "ERROR: File not found, ssl-certs-util-common.sh. This file must be in the same directory as this script."
+	exit 1
+fi
+
+
+DATETIME=$(date +%Y%m%d%H%M)
 CSR="./$HOSTNAME-$DATETIME.csr"
 
 SIGNED_CERT_ALIAS_NAME="s1as"
@@ -27,197 +37,67 @@ KEYTOOL_HOME=$CONTROLLER_HOME/jre/bin
 KEYTOOL=$KEYTOOL_HOME/keytool
 KEYSTORE_BACKUP="./$KEYSTORE_NAME-$DATETIME.bak"
 
-#1
-generate-csr()
+controller-generate-csr()
 {
 	echo "Generating a new Certificate Signing Request..."
 
-	#########################################
-	# Backup the keystore
-	if [ -f $KEYSTORE_PATH ]; then
-		echo "Creating backup keystore $KEYSTORE_BACKUP"
-		cp $KEYSTORE_PATH $KEYSTORE_BACKUP
-
-		if [ $? -gt 0 ] ; then
-		  echo "ERROR: unable to create the backup keystore"
-		  exit 1
-		fi
-	fi
-
-	#########################################
-	# Delete the existing $SIGNED_CERT_ALIAS_NAME
-	echo "Deleting $SIGNED_CERT_ALIAS_NAME in $KEYSTORE_PATH "
-	$KEYTOOL -delete -alias $SIGNED_CERT_ALIAS_NAME -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD
-
-	if [ $? -gt 0 ] ; then
-	  echo "ERROR: unable to delete the alias"
-	  exit 1
-	fi
-
-	#########################################
-	# Generate the keypair
-	echo "Generating the new keypair in $KEYSTORE_PATH "
-	$KEYTOOL -genkeypair -alias $SIGNED_CERT_ALIAS_NAME -keyalg RSA -keystore $KEYSTORE_PATH -keysize 2048 -validity 1825 -storepass $KEYSTORE_PASSWORD
-
-	if [ $? -gt 0 ] ; then
-	  echo "ERROR: unable to generate the keypair"
-	  exit 1
-	fi
-
-
-	#########################################
-	# Generate the CSR
-	echo "Generating the Certificate Signing Request at $CSR "
-	$KEYTOOL -certreq -alias $SIGNED_CERT_ALIAS_NAME -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD -file $CSR
-
-	if [ $? -gt 0 ] ; then
-	  echo "ERROR: unable to generate the CSR"
-	  exit 1
-	fi
-
-	#########################################
-	echo " "
-	echo "Finished. CSR generated at $CSR"
-	echo "Send this CSR to your Certificate Authority for signing, then import the signed cert. You may need to first import the CA's chain or root cert, depending on your setup. Contact your company's PKI team for guidance. "
-}
-
-#2
-import-signed-cert()
-{
-	echo "Importing a signed certificate..."
-	read -rp $'Certificate filename: ' cert
-
-	validate-certificate $cert
-
-	echo "Importing $cert into $KEYSTORE_PATH for alias $SIGNED_CERT_ALIAS_NAME"
-	$KEYTOOL -import -trustcacerts -keystore $KEYSTORE_PATH -file $cert -alias $SIGNED_CERT_ALIAS_NAME -storepass $KEYSTORE_PASSWORD
-
-	if [ $? -gt 0 ] ; then
-		echo "ERROR: unable to import the certificate"
-		exit 1
-	fi
-
-	echo "Finished"
-}
-
-#3
-import-cert-chain()
-{
-	echo "Importing a root or intermediate certificate..."
-	read -rp $'Certificate filename: ' cert
+	keystore-backup-existing-keystore "$KEYSTORE_PATH" "$KEYSTORE_BACKUP"
 
-	validate-certificate $cert
+	keystore-delete-alias "$KEYSTORE_PATH" "$KEYSTORE_PASSWORD" "$KEYTOOL" "$SIGNED_CERT_ALIAS_NAME"
 
-	local alias=$(get-alias $cert)
+	keystore-create-keypair "$KEYSTORE_PATH" "$KEYSTORE_PASSWORD" "$KEYTOOL" "$SIGNED_CERT_ALIAS_NAME"
 
-	echo "Importing $cert into $KEYSTORE_PATH for alias $alias"
-	$KEYTOOL -import -trustcacerts -keystore $KEYSTORE_PATH -file $cert -alias $alias -storepass $KEYSTORE_PASSWORD
+	keystore-create-csr "$KEYSTORE_PATH" "$KEYSTORE_PASSWORD" "$KEYTOOL" "$SIGNED_CERT_ALIAS_NAME" "$CSR"
 
-	if [ $? -gt 0 ] ; then
-		echo "ERROR: unable to import the certificate"
-		exit 1
-	fi
-
-	echo "Finished"
-}
-
-#4
-list()
-{
-	$KEYTOOL -list -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD | more
-}
-
-get-alias()
-{
-  local fullfile=$1
-	local filename="${fullfile##*/}"
-	local alias=$(echo $filename | cut -f 1 -d '.') #File name without the extension
-
-  echo "$alias"
-}
-
-validate-certificate()
-{
-	local cert=$1
-
-	if [ -z "$cert" ]; then
-		echo "Required: certificate file name"
-		exit 1
-	fi
-
-	if [[ $cert == *.p12 || $cert == *.P12 ]]; then
-		echo "ERROR: This script does not support p12 certificates. Please refer to the official docs."
-		echo " "
-		echo "https://docs.appdynamics.com/display/latest/Controller+SSL+and+Certificates"
-		exit 1
-	fi
-
-	if [ ! -f $cert ]; then
-	    echo "ERROR: File not found, $1"
-			exit 1
-	fi
-}
-
-validate-install()
-{
-	if [ ! -d "$CONTROLLER_HOME" ]; then
-		echo "ERROR: Unable to find $CONTROLLER_HOME. Set the variable in this script."
-		exit 1
-	fi
-	if [ ! -d "$KEYTOOL_HOME" ]; then
-		echo "ERROR: Unable to find $KEYTOOL_HOME. Set the variable in this script."
-		exit 1
-	fi
-	if [ ! -d "$CONFIG_HOME" ]; then
-		echo "ERROR: Unable to find $CONFIG_HOME. Set the variable in this script."
-		exit 1
-	fi
+	echo " "
+	echo "Finished. CSR generated at $CSR"
+	echo "Send this CSR to your Certificate Authority for signing, then import the signed cert that they return. You may need to first import the CA's chain or root cert, depending on your setup. Contact your company's PKI team for guidance."
 }
 
-disclaimer-controller()
+controller-disclaimer()
 {
 	echo " "
 	echo "This script helps working with SSL certificates, but it's not a total replacement for keytool."
 	echo "Think of this as the Basic interface to keystores and keytool is the Advanced one."
 	echo "Read the full Controller+SSL docs at "
 	echo " "
-	echo "https://docs.appdynamics.com/display/latest/Controller+SSL+and+Certificates "
+	echo "https://docs.appdynamics.com/display/latest/Controller+SSL+and+Certificates"
 	echo " "
 	echo "ATTENTION: This is an *unofficial* script; it is not GA. Read the docs above."
 	echo " "
 	read -p "Press [Enter] to continue..."
 	echo " "
 }
 
-main-controller()
+controller-main()
 {
 	while true; do
 		echo "[1] Generate a certificate signing request"
 		echo "[2] Import a root or intermediate certificate"
 		echo "[3] Import a signed certificate"
 		echo "[4] List the contents of the keystore"
 		echo "[x] Exit"
-	  read -p "Choose an option: " option
+	  	read -p "Choose an option: " option
 
 		case "$option" in
 			1)
-				generate-csr
-				exit
+				controller-generate-csr
+				exit 0
 				;;
 			2)
-				import-cert-chain
-				exit
+				keystore-import-cert-chain "$KEYSTORE_PATH" "$KEYSTORE_PASSWORD" "$KEYTOOL"
+				exit 0
 				;;
 			3)
-				import-signed-cert
-				exit
+				keystore-import-signed-cert "$KEYSTORE_PATH" "$KEYSTORE_PASSWORD" "$KEYTOOL" "$SIGNED_CERT_ALIAS_NAME"
+				exit 0
 				;;
 			4)
-				list
-				exit
+				keystore-list "$KEYSTORE_PATH" "$KEYSTORE_PASSWORD" "$KEYTOOL"
+				exit 0
 				;;
 			q|quit|x|exit)
-				exit
+				exit 0
 				;;
 			*)
 				echo " "
@@ -228,6 +108,6 @@ main-controller()
 	done
 }
 
-disclaimer-controller
-validate-install
-main-controller
+controller-disclaimer
+validate-dirs $CONTROLLER_HOME $CONFIG_HOME $KEYTOOL_HOME
+controller-main