#! /bin/bash -eE cleanup() { local _return_code=$? if [ -f "${jboss_cli_truststore}" ] then rm -f ${jboss_cli_truststore} fi if [ -d "${tempDir}" ] then rm -rf "${tempDir}" fi exit ${_return_code} } on_error() { local _status_code=$? local _lineno=$1 echo "ERROR! Import failed on line: ${_lineno}" exit $_status_code } getValueFromPropertiesFile() { local _key=$1 local _file=$2 grep ${_key} ${_file} | cut -d '=' -f2 | sed -e "s/^[[:space:]]*//" -e "s/[[:space:]]*$//" } getMgmtAddress() { getValueFromPropertiesFile jboss.bind.address.management "$JBOSS_HOME/domain/configuration/fas.properties" } createJbossCliTruststore() { local _mgmtAddress=$1 # The non-interactive mode of the CLI breaks if there is a certificate failure (even if we provide the input to accept the certificate) so we will create a temporary truststore echo "Creating temporary truststore" openssl s_client -connect ${_mgmtAddress}:9990 2>&1 < /dev/null |\ sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' |\ keytool -import -keystore ${jboss_cli_truststore} -storepass cli_truststore -noprompt } getPrivateKeyPem() { if [ -r "${privateKeyFile}" ] then if grep -q "BEGIN PRIVATE KEY" "${privateKeyFile}" then openssl rsa -in "${privateKeyFile}" | tr '\n' ' ' else grep -q "BEGIN RSA PRIVATE KEY" "${privateKeyFile}" cat "${privateKeyFile}" | tr '\n' ' ' fi else echo "Cannot find private key PEM file (${privateKeyFile})" return 1 fi } getPublicKeyPem() { if [ -r "${publicKeyFile}" ] then cat "${publicKeyFile}" | tr '\n' ' ' else echo "Cannot find public certificate PEM file (${publicKeyFile})" return 1 fi } importKeyPair() { local _mgmtAddress=$(getMgmtAddress) createJbossCliTruststore "${_mgmtAddress}" local _cliScript=$(mktemp -p $tempDir) local _privateKeyPem=$(getPrivateKeyPem) local _publicKeyPem=$(getPublicKeyPem) echo " /profile=management/subsystem=trustmgmt/identity-certificate-group=${group}:import-keypair(name=${alias},password=${password},private-key-encoded=${_privateKeyPem},public-cert-encoded=${_publicKeyPem}) " > $_cliScript ${JBOSS_HOME}/bin/jboss-cli.sh --connect --controller=${_mgmtAddress} --file=$_cliScript 2>&1 << EOF ${adminUser} ${adminPassword} EOF rm -f $_cliScript } function printHelp() { cat << EOF Usage: $(basename $0) options Imports a private/public key pair into the specified key group, with the specified name e.g. importKeyPair.sh -g main-identity-group -n foo -p changeit -k privateKey.pem -c certificate.pem -u administrator -a administrator Options: -g, --group The identity certificate group to store the imported pair in -n, --name The name that will identify the imported pair -p, --password The password that protects the certificate group -k, --key-file The PEM formatted private key file -c, --cert-file The PEM formatted public certificate file -u, --admin-username The CLI administrator username -a, --admin-password The CLI administrator password -h, --help Display this help message EOF exit 1 } progname=$(basename $0) ARGS=`getopt -o hg:n:p:k:c:u:a: --long help,group:,name:,password:,key-file:,cert-file:admin-username:admin-password \ -n ${progname} -- "$@"` if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi eval set -- "$ARGS" while true do case "$1" in -g|--group) group=$2 shift 2;; -n|--name) alias=$2 shift 2;; -p|--password) password=$2 shift 2;; -k|--key-file) privateKeyFile=$2 shift 2;; -c|--cert-file) publicKeyFile=$2 shift 2;; -u|--admin-username) adminUser=$2 shift 2;; -a|--admin-password) adminPassword=$2 shift 2;; -h|--help) help=true; shift 1;; --) shift; break;; *) echo "Internal error!"; exit 1;; esac done if [ -n "${help}" ] ||\ [ -z "$group" ] ||\ [ -z "${alias}" ] ||\ [ -z "${password}" ] ||\ [ -z "${privateKeyFile}" ] ||\ [ -z "${publicKeyFile}" ] ||\ [ -z "${adminUser}" ] ||\ [ -z "${adminPassword}" ] then printHelp fi if [ -r /etc/reas.conf ] then . /etc/reas.conf elif [ -r /etc/vas.conf ] then . /etc/vas.conf elif [ -r /etc/fas.conf ] then . /etc/fas.conf else echo "Failed to find AS config file in /etc!!!" exit 1 fi jboss_cli_truststore=~/.jboss-cli.truststore tempDir=$(mktemp -d) trap 'cleanup' EXIT trap 'on_error ${LINENO}' ERR importKeyPair