v0.8, cert validation, minor refactoring

Author: Derrek Young

build.sh

@@ -1,28 +1,36 @@
 #!/bin/bash
 
-VERSION="v0.7-BETA"
+VERSION="0.8-BETA"
 
+
+################################################
+# Do not edit below this line
 DIST_DIR="./dist"
-DIST_TOP_FOLDER="appd-ssl-cert-utils-$VERSION"
+DIST_TOP_FOLDER="appd-ssl-certs-utils-$VERSION"
 DISTRIBUTABLE_NAME="$DIST_TOP_FOLDER.zip"
 
-if [ -d "$DIST_DIR" ]; then
-  echo "Cleaning dist/ directory..."
-  rm -R $DIST_DIR
-fi
+dist()
+{
+  if [ -d "$DIST_DIR" ]; then
+    echo "Cleaning dist/ directory..."
+    rm -R $DIST_DIR
+  fi
+
+  if [ ! -d "$DIST_DIR" ]; then
+    echo "Making dist/ directory..."
+    mkdir $DIST_DIR
+  fi
+
+  # Create a top-level folder for when unzipping the archive
+  mkdir $DIST_DIR/$DIST_TOP_FOLDER
 
-if [ ! -d "$DIST_DIR" ]; then
-  echo "Making dist/ directory..."
-  mkdir $DIST_DIR
-fi
+  cp controller-ssl-certs-util.sh $DIST_DIR/$DIST_TOP_FOLDER/controller-ssl-certs-util-$VERSION.sh
+  cp eum-ssl-certs-util.sh $DIST_DIR/$DIST_TOP_FOLDER/eum-ssl-certs-util-$VERSION.sh
 
-# Create a top-level folder for when unzipping the archive
-mkdir $DIST_DIR/$DIST_TOP_FOLDER
-cp *-ssl-certs-util.sh $DIST_DIR/$DIST_TOP_FOLDER/
+  echo "Creating the Zip file..."
 
-echo "Creating the Zip file..."
-#zip $DIST_DIR/$DISTRIBUTABLE_NAME controller-ssl-certs-util.sh eum-ssl-certs-util.sh
-cd $DIST_DIR/
-zip -r $DISTRIBUTABLE_NAME $DIST_TOP_FOLDER/
+  cd $DIST_DIR/
+  zip -r $DISTRIBUTABLE_NAME $DIST_TOP_FOLDER/
+}
 
-#unzip -l $DISTRIBUTABLE_NAME
+dist

controller-ssl-certs-util.sh

@@ -5,7 +5,7 @@
 #
 # Generate new certs, import them, list keystore contents and disable the HTTP port.
 #
-# Version: 0.7
+# Version: 0.8
 #
 #--------------------------------------------------------------------------------------------------
 
@@ -27,12 +27,6 @@ KEYTOOL_HOME=$CONTROLLER_HOME/jre/bin
 KEYTOOL=$KEYTOOL_HOME/keytool
 KEYSTORE_BACKUP="./$KEYSTORE_NAME-$DATETIME.bak"
 
-# For localhost, manual testing
-#CONFIG_HOME=$CONTROLLER_HOME
-#KEYTOOL_HOME=$CONTROLLER_HOME
-#KEYTOOL=keytool
-#CONTROLLER_HOME=.
-
 #1
 generate-csr()
 {
@@ -93,10 +87,7 @@ import-signed-cert()
 	echo "Importing a signed certificate..."
 	read -rp $'Certificate filename: ' cert
 
-	if [ -z "$cert" ]; then
-		echo "Required: certificate file name"
-		exit
-	fi
+	validate-certificate $cert
 
 	echo "Importing $cert into $KEYSTORE_PATH for alias $SIGNED_CERT_ALIAS_NAME"
 	$KEYTOOL -import -trustcacerts -keystore $KEYSTORE_PATH -file $cert -alias $SIGNED_CERT_ALIAS_NAME -storepass $KEYSTORE_PASSWORD
@@ -115,17 +106,12 @@ import-cert-chain()
 	echo "Importing a root or intermediate certificate..."
 	read -rp $'Certificate filename: ' cert
 
-	if [ -z "$cert" ]; then
-		echo "Required: certificate file name"
-		exit
-	fi
+	validate-certificate $cert
 
-	local fullfile=$cert
-	local filename="${fullfile##*/}"
-	local alias=$(echo $filename | cut -f 1 -d '.') #File name without the extension
+	local alias=$(get-alias $cert)
 
 	echo "Importing $cert into $KEYSTORE_PATH for alias $alias"
-	$KEYTOOL -import -trustcacerts -alias $alias -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD -file $cert
+	$KEYTOOL -import -trustcacerts -keystore $KEYSTORE_PATH -file $cert -alias $alias -storepass $KEYSTORE_PASSWORD
 
 	if [ $? -gt 0 ] ; then
 		echo "ERROR: unable to import the certificate"
@@ -141,7 +127,38 @@ list()
 	$KEYTOOL -list -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD | more
 }
 
-validate()
+get-alias()
+{
+  local fullfile=$1
+	local filename="${fullfile##*/}"
+	local alias=$(echo $filename | cut -f 1 -d '.') #File name without the extension
+
+  echo "$alias"
+}
+
+validate-certificate()
+{
+	local cert=$1
+
+	if [ -z "$cert" ]; then
+		echo "Required: certificate file name"
+		exit 1
+	fi
+
+	if [[ $cert == *.p12 || $cert == *.P12 ]]; then
+		echo "ERROR: This script does not support p12 certificates. Please refer to the official docs."
+		echo " "
+		echo "https://docs.appdynamics.com/display/latest/Controller+SSL+and+Certificates"
+		exit 1
+	fi
+
+	if [ ! -f $cert ]; then
+	    echo "ERROR: File not found, $1"
+			exit 1
+	fi
+}
+
+validate-install()
 {
 	if [ ! -d "$CONTROLLER_HOME" ]; then
 		echo "ERROR: Unable to find $CONTROLLER_HOME. Set the variable in this script."
@@ -157,18 +174,23 @@ validate()
 	fi
 }
 
-main()
+disclaimer-controller()
 {
 	echo " "
 	echo "This script helps working with SSL certificates, but it's not a total replacement for keytool."
 	echo "Think of this as the Basic interface to keystores and keytool is the Advanced one."
 	echo "Read the full Controller+SSL docs at "
+	echo " "
 	echo "https://docs.appdynamics.com/display/latest/Controller+SSL+and+Certificates "
 	echo " "
-	echo "ATTENTION: This is an *unofficial* script so consider it to be Alpha--not GA."
+	echo "ATTENTION: This is an *unofficial* script; it is not GA. Read the docs above."
 	echo " "
+	read -p "Press [Enter] to continue..."
 	echo " "
+}
 
+main-controller()
+{
 	while true; do
 		echo "[1] Generate a certificate signing request"
 		echo "[2] Import a root or intermediate certificate"
@@ -206,5 +228,6 @@ main()
 	done
 }
 
-validate
-main
+disclaimer-controller
+validate-install
+main-controller

eum-ssl-certs-util.sh

@@ -5,7 +5,7 @@
 #
 # Generate new certs, import them, and list keystore contents.
 #
-# Version: 0.7
+# Version: 0.8
 #
 #--------------------------------------------------------------------------------------------------
 
@@ -27,12 +27,6 @@ KEYTOOL_HOME=$EUM_HOME/jre/bin
 KEYTOOL=$KEYTOOL_HOME/keytool
 KEYSTORE_BACKUP="./$KEYSTORE_NAME-$DATETIME.bak"
 
-# For localhost, manual testing
-#CONFIG_HOME=$CONTROLLER_HOME
-#KEYTOOL_HOME=$CONTROLLER_HOME
-#KEYTOOL=keytool
-#CONTROLLER_HOME=.
-
 #1
 generate-csr()
 {
@@ -82,10 +76,7 @@ import-signed-cert()
 	echo "Importing a signed certificate..."
 	read -rp $'Certificate filename: ' cert
 
-	if [ -z "$cert" ]; then
-		echo "Required: certificate file name"
-		exit
-	fi
+	validate-certificate $cert
 
 	echo "Importing $cert into $KEYSTORE_PATH for alias $SIGNED_CERT_ALIAS_NAME"
 	$KEYTOOL -import -trustcacerts -keystore $KEYSTORE_PATH -file $cert -alias $SIGNED_CERT_ALIAS_NAME -storepass $KEYSTORE_PASSWORD
@@ -107,17 +98,14 @@ import-cert-chain()
 	echo "Importing a root or intermediate certificate..."
 	read -rp $'Certificate filename: ' cert
 
-	if [ -z "$cert" ]; then
-		echo "Required: certificate file name"
-		exit
-	fi
+	validate-certificate $cert
 
 	local fullfile=$cert
 	local filename="${fullfile##*/}"
 	local alias=$(echo $filename | cut -f 1 -d '.') #File name without the extension
 
 	echo "Importing $cert into $KEYSTORE_PATH for alias $alias"
-	$KEYTOOL -import -trustcacerts -alias $alias -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD -file $cert
+	$KEYTOOL -import -trustcacerts -keystore $KEYSTORE_PATH -file $cert -alias $alias -storepass $KEYSTORE_PASSWORD
 
 	if [ $? -gt 0 ] ; then
 		echo "ERROR: unable to import the certificate"
@@ -133,7 +121,29 @@ list()
 	$KEYTOOL -list -keystore $KEYSTORE_PATH -storepass $KEYSTORE_PASSWORD
 }
 
-validate()
+validate-certificate()
+{
+	local cert=$1
+
+	if [ -z "$cert" ]; then
+		echo "Required: certificate file name"
+		exit 1
+	fi
+
+	if [[ $cert == *.p12 || $cert == *.P12 ]]; then
+		echo "ERROR: This script does not support p12 certificates. Please refer to the official docs."
+		echo " "
+		echo "https://docs.appdynamics.com/display/latest/Install+and+Configure+the+On-Premise+EUM+Server"
+		exit 1
+	fi
+
+	if [ ! -f $cert ]; then
+	    echo "ERROR: File not found, $1"
+			exit 1
+	fi
+}
+
+validate-install()
 {
 	if [ ! -d "$EUM_HOME" ]; then
 		echo "ERROR: Unable to find $EUM_HOME. Set this variable in this script."
@@ -149,19 +159,23 @@ validate()
 	fi
 }
 
-
-main()
+disclaimer-eum()
 {
 	echo " "
 	echo "This script helps working with SSL certificates, but it's not a total replacement for keytool."
 	echo "Think of this as the Basic interface to keystores and keytool is the Advanced one."
-	echo "Read the full EUM Server+SSL docs at "
-	echo "https://docs.appdynamics.com/display/latest/Install+and+Configure+the+On-Premise+EUM+Server "
+	echo "Read the full Controller+SSL docs at "
 	echo " "
-	echo "ATTENTION: This is an *unofficial* script so consider it to be Alpha--not GA."
+	echo "https://docs.appdynamics.com/display/latest/Controller+SSL+and+Certificates "
 	echo " "
+	echo "ATTENTION: This is an *unofficial* script; it is not GA. Read the docs above."
 	echo " "
+	read -p "Press [Enter] to continue..."
+	echo " "
+}
 
+main-eum()
+{
 	while true; do
 		echo "[1] Generate a certificate signing request"
 		echo "[2] Import a root or intermediate cert"
@@ -199,5 +213,6 @@ main()
 	done
 }
 
-validate
-main
+disclaimer-eum
+validate-install
+main-eum