#!/bin/sh

#set -x

JAVAPATH="/opt/IBMJava2-131/jre/bin/"
x=`type -p java 2>/dev/null`
if [ "$x" != "" ]
then
  JAVAPATH=`/usr/bin/dirname $x`
fi
# 
# mksslkeys.sh -- generate public key and certificate for SSL communications
#

# Step 1 Setup the environment variables with the appropriate values
# NOTE: Make sure the key password will never become known to 
#       others as it allows private key retrieval from the keystore.
#       

if [ "$1" = "" ]; then
   echo
   echo  "     Usage:  mksslkeys   keyPassword"
   echo
   exit 1
fi

KEY_ALIAS=hscCimom
KEY_PASS=$1
VAL_DAYS=3650
KEYSTORE_NAME=/opt/hsc/data/cimom.key
TRUSTSTORE_NAME=/opt/hsc/data/cimom.trust
OWNER_DN="CN=HSC SSL Key, OU=Hardware System Console Dept., O=IBM, C=US"
CERT_FILE=/opt/hsc/data/cimom.cert
CERT_PASS=$KEY_PASS
#CERT_PASS=cimomcertpass


rm -f $KEYSTORE_NAME $CERT_FILE $TRUSTSTORE_NAME

# Step 2 Create new public key in specified keystore

${JAVAPATH}/keytool -genkey \
    -alias $KEY_ALIAS \
    -dname "$OWNER_DN" \
    -keyalg rsa \
    -keypass $KEY_PASS \
    -validity $VAL_DAYS \
    -keystore $KEYSTORE_NAME \
    -storepass $KEY_PASS \
    -v

# Step 3 Export self-singed certificate from keystore

${JAVAPATH}/keytool -export \
    -alias $KEY_ALIAS \
    -file  $CERT_FILE \
    -keystore $KEYSTORE_NAME \
    -storepass $KEY_PASS \
    -rfc -v

# Step 4 Import certificate into truststore

${JAVAPATH}/keytool -import \
    -alias $KEY_ALIAS \
    -file  $CERT_FILE \
    -keystore $TRUSTSTORE_NAME \
    -storepass $CERT_PASS \
    -noprompt -v

