forked from steventzeng-base/keytool
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbuild.gradle
116 lines (99 loc) · 3.85 KB
/
build.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
ext {
pass = ['-storepass', 'nopassword', '-keypass', 'nopassword']
rootCaAlias = 'root'
rootCaStore = 'root.jks'
rootCert = 'root.cert'
caAlias = 'ca'
caStore = 'ca.jks'
caCert = 'ca.cert'
serverAlias = 'server'
serverStore = 'server.jks'
}
def genStore(alias, store, extension, dname){
exec {
workingDir buildDir
commandLine = ['keytool', '-genkeypair', '-keyalg', 'RSA', pass, ['-keystore', store], ['-alias', alias], extension, ['-dname', dname]].flatten()
}
}
def importCert(store, alias, cert){
exec {
workingDir buildDir
commandLine = ['keytool', '-importcert', '-alias', alias, '-keystore', store, pass, '-file', cert, '-noprompt'].flatten()
}
}
def exportCert(store, alias){
exec {
workingDir buildDir
commandLine = ['keytool', '-exportcert', '-alias', alias, '-keystore', store, pass, '-file', "${alias}.cert"].flatten()
}
}
def certReq(store, alias){
ByteArrayOutputStream stdOut = new ByteArrayOutputStream()
exec {
workingDir buildDir
commandLine = ['keytool', '-certreq', '-alias', alias, '-keystore', store, pass].flatten()
standardOutput = stdOut
}
return new ByteArrayInputStream(stdOut.buf)
}
def genCert(store, alias, stdIn, extension, signedCert){
exec {
workingDir buildDir
standardInput = stdIn
commandLine = ['keytool', '-gencert', '-alias', alias, '-keystore', store, pass, extension, '-outfile', signedCert].flatten()
}
}
def doReqCertAndSigned(reqStore, reqAlias, caStore, caAlias, extension){
def signedCert = "${reqAlias}.cert"
genCert(caStore, caAlias, certReq(reqStore, reqAlias), extension, signedCert)
return signedCert
}
def createUser(){
def uid = hasProperty('userId') ? userId : 'user1'
println "user id = $uid"
return [alias: uid, store: "${uid}.jks", p12: "${uid}.p12", dn: "uid=${uid}, ${userDomain}"]
}
def convertP12(srcStore, destStore){
def pwd = 'nopassword'
exec {
workingDir buildDir
commandLine = ['keytool', '-importkeystore', '-srckeystore', srcStore, '-srcstorepass', pwd, '-deststoretype', 'PKCS12', '-destkeystore', destStore, '-deststorepass', pwd]
}
}
task clean << {
delete buildDir
}
clean.description = 'clean project output.'
task mkBuildDir(dependsOn:clean) << {
buildDir.mkdirs()
}
task genRootCA (dependsOn:mkBuildDir) << {
genStore(rootCaAlias, rootCaStore, ['-ext', 'bc:c'], rootCaDname)
exportCert(rootCaStore, rootCaAlias)
}
genRootCA.description = 'Create Root CA certificate.'
task genCA (dependsOn:genRootCA) << {
genStore(caAlias, caStore, ['-ext', 'bc:c'], caDname)
importCert(caStore, rootCaAlias, rootCert)
def signedCert = doReqCertAndSigned(caStore, caAlias, rootCaStore, rootCaAlias, ['-ext', 'BC=0'])
importCert(caStore, caAlias, signedCert)
}
genCA.description = 'Create signed CA certificate.'
task genServer (dependsOn:genCA) << {
genStore(serverAlias, serverStore, [], serverDname)
importCert(serverStore, caAlias, caCert)
def signedCert = doReqCertAndSigned(serverStore, serverAlias, caStore, caAlias, ['-ext', 'ku=dig,keyEncipherment'])
importCert(serverStore, serverAlias, signedCert)
}
genServer.description = 'Create signed Server certificate.'
task genUser << {
def user = createUser()
delete fileTree(dir: buildDir, include: "**/${user.alias}.*")
genStore(user.alias, user.store, [], user.dn)
importCert(user.store,caAlias, caCert)
def signedCert = doReqCertAndSigned(user.store, user.alias, caStore, caAlias, ['-ext', 'ku=dig,keyEncipherment'])
importCert(user.store, user.alias, signedCert)
convertP12(user.store, user.p12)
}
genUser.description = "Create signed User certificate. given userId property for setting dn of user's certificate ex. -PuserId=user1"
[genRootCA, genCA, genServer, genUser]*.group = 'Create Signed Cert'