76 lines
3.1 KiB
Bash
Executable file
76 lines
3.1 KiB
Bash
Executable file
#!/bin/bash
|
|
# Date: 2023-05-04
|
|
# Author: Ho Sy Tan <hstan@bcycp.vn>
|
|
# Description: Simple shell script to create pki_param.xml
|
|
|
|
OPENSSL_BIN="$basedir/bin/openssl"
|
|
MKC4B_B64_BIN="$basedir/bin/util_mkc4b_encrypt_encode_file"
|
|
|
|
filepath=`readlink -f $0`
|
|
basedir=`dirname $filepath`
|
|
|
|
XML_DIR="$basedir/xml"
|
|
CRYPTO_KEY_XML="$basedir/xml/crypto_key.xml"
|
|
|
|
ROOT_CA_CERT="$basedir/root-ca/root-ca.crt"
|
|
SUB_CA_CERT="$basedir/sub-ca/sub-ca.crt"
|
|
CLIENT_DIR="$basedir/client"
|
|
CONFIG_VERSION=3.3.2
|
|
i=1
|
|
NUM=99
|
|
|
|
echo "==========================================================="
|
|
echo "Generating pki_param file ${CRYPTO_KEY_XML}..."
|
|
echo "==========================================================="
|
|
echo ""
|
|
|
|
echo -e "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" > ${CRYPTO_KEY_XML}
|
|
echo -e "<!-- crypto_key.xml - The cryptographic keys configuration file for the security device." >> ${CRYPTO_KEY_XML}
|
|
echo -e "Use the \"inms_command\" utility to edit. Manual editing is not recommended." >> ${CRYPTO_KEY_XML}
|
|
echo -e "--> " >> ${CRYPTO_KEY_XML}
|
|
echo -e "<crypto_key>" >> ${CRYPTO_KEY_XML}
|
|
echo -e " <config_info>" >> ${CRYPTO_KEY_XML}
|
|
echo -e " <config_version>${CONFIG_VERSION}</config_version>" >> ${CRYPTO_KEY_XML}
|
|
TIMESTAMP=`date +"%Y-%m-%d %H:%M:%S"`
|
|
echo -e " <config_file_timestamp>${TIMESTAMP}</config_file_timestamp>" >> ${CRYPTO_KEY_XML}
|
|
echo -e " <config_device_id>1</config_device_id>" >> ${CRYPTO_KEY_XML}
|
|
echo -e " </config_info>" >> ${CRYPTO_KEY_XML}
|
|
|
|
|
|
echo -e " <keys>" >> ${CRYPTO_KEY_XML}
|
|
|
|
TIMESTAMP=`date +"%Y-%m-%d %H:%M:%S"`
|
|
echo -e " <item name=\"root-ca.vgisc.com.crt\" enabled=\"1\" type=\"cacert\" algo=\"RSA\" key_size=\"4096\" content_type=\"pem\" use_for=\"\" update_time=\"${TIMESTAMP}\">" >> ${CRYPTO_KEY_XML}
|
|
${OPENSSL_BIN} x509 -in ${ROOT_CA_CERT} >> ${CRYPTO_KEY_XML}
|
|
echo -e " </item>" >> ${CRYPTO_KEY_XML}
|
|
TIMESTAMP=`date +"%Y-%m-%d %H:%M:%S"`
|
|
echo -e " <item name=\"sub-ca.vgisc.com.crt\" type=\"cacert\" algo=\"RSA\" key_size=\"4096\" content_type=\"pem\" use_for=\"\" update_time=\"${TIMESTAMP}\">" >> ${CRYPTO_KEY_XML}
|
|
${OPENSSL_BIN} x509 -in ${SUB_CA_CERT} >> ${CRYPTO_KEY_XML}
|
|
echo -e " </item>" >> ${CRYPTO_KEY_XML}
|
|
|
|
i=1
|
|
while [ $i -le $NUM ]
|
|
do
|
|
TIMESTAMP=`date +"%Y-%m-%d %H:%M:%S"`
|
|
echo -e " <item name=\"vpn$i.vgisc.com.crt\" enabled=\"1\" type=\"cert\" algo=\"RSA\" key_size=\"4096\" content_type=\"pem\" use_for=\"\" update_time=\"${TIMESTAMP}\">" >> ${CRYPTO_KEY_XML}
|
|
${OPENSSL_BIN} x509 -in ${CLIENT_DIR}/vpn$i.vgisc.com.crt >> ${CRYPTO_KEY_XML}
|
|
echo -e " </item>" >> ${CRYPTO_KEY_XML}
|
|
i=`expr $i + 1`
|
|
done
|
|
|
|
i=1
|
|
while [ $i -le $NUM ]
|
|
do
|
|
TIMESTAMP=`date +"%Y-%m-%d %H:%M:%S"`
|
|
echo -e " <item name=\"vpn$i.vgisc.com.key\" enabled=\"1\" type=\"key\" algo=\"RSA\" key_size=\"4096\" content_type=\"mkc4b.b64\" use_for=\"\" update_time=\"${TIMESTAMP}\">" >> ${CRYPTO_KEY_XML}
|
|
cat ${CLIENT_DIR}/vpn$i.vgisc.com.mkc4b.b64 >> ${CRYPTO_KEY_XML}
|
|
echo -e " </item>" >> ${CRYPTO_KEY_XML}
|
|
i=`expr $i + 1`
|
|
done
|
|
echo -e " </keys>" >> ${CRYPTO_KEY_XML}
|
|
echo -e "</crypto_key>" >> ${CRYPTO_KEY_XML}
|
|
|
|
echo "XML crypto key is saved to file $CRYPTO_KEY_XML"
|
|
echo ""
|
|
|
|
echo "All Done"
|