Showing posts with label weblogic. Show all posts
Showing posts with label weblogic. Show all posts

Monday, July 6, 2015

BASH Script to convert certificates, import & export it to keystore

Doing repetitive tasks is always boring. For a system administrator, it is very often. Almost every month I have to perform tasks involving keystores and certificates in one or other environment.
So to ease it up, I have written a shell script that will do it for me. It is written based on my need. Anyone can use it as it is or modify it based on their requirements.
This is the first version and not very much tested so you may have hiccups in using it. Do let me know about it. I will fix it. I will also keep on updating based on the feedback that I will get from my team.

What this script do?
This script perform below operations:
  • To convert certificate into pem
  • To convert certificate into p12
  • To import certificate into keystore
  • To export certificate from keystore
  • To delete certificate from keystore
I always suggest to use PEM while performing any operations related to certificates.The best way is to convert .p7b to .pem format so that complete certificate chain is included. This is what I prefer :)
#!/bin/bash
echo "============================================"
echo "Press 1: To convert certificate into pem"
echo "Press 2: To convert certificate into p12"
echo "Press 3: To import certificate into keystore"
echo "Press 4: To export certificate from keystore"
echo "Press 5: To delete certificate from keystore"
echo "============================================"
echo "Enter your choice (1-5)"
read input
convert_cert() {
        filename=$1
        path=$2
        ## Extract input file extension
        ext=${filename##*.}
        name=${filename%%.*}
        if [ $ext == 'p7b' ] || [ $ext == 'pem' ] || [ $ext == 'cer' ] || [ $ext == 'crt' ] || [ $ext == 'der' ]
                then
                ## Check if file exists
                echo "File to convert is at $path/$filename"
                result=`find $path -name $filename | wc -l`
                if [ $result == 0 ]
                        then
                        echo "File not found!!"
                        exit $?
                fi
                ## Convert file into pem
                echo "Converting into pem..."
                echo "Extension of the file is $ext"
                if [ $ext == 'cer' -o $ext == 'der' -o $ext == 'crt' ]; then
                        `openssl x509 -in $path/$filename -inform der -noout &> /dev/null`
                        if [ $? -eq 0 ] ; then
                                `openssl x509 -in $path/$filename -inform der -out $path/$name.pem`
                                sed -i '/^$/d' $path/$name.pem
                                sed -i '/^subject/d' $path/$name.pem
                                sed -i '/^issuer/d' $path/$name.pem
                                echo "$name.pem generated!!"
                        else
                                cp $path/$filename $path/$name.pem
                                echo "$name.pem generated!!"
                        fi
                                elif [ $ext == 'p7b' ]; then
                                        `openssl pkcs7 -in $path/$filename -inform der -noout &> /dev/null`
                                        if [ $? -eq 0 ]; then
                                                `openssl pkcs7 -print_certs -in $path/$filename -inform der -out $path/$name.pem`
                                                sed -i '/^$/d' $path/$name.pem
                                                sed -i '/^subject/d' $path/$name.pem
                                                sed -i '/^issuer/d' $path/$name.pem
                                                echo "$name.pem generated!!"
                                        else
                                                `openssl pkcs7 -print_certs -in $path/$filename -out $path/$name.pem`
#                                               cp $path/$filename $path/$name.pem
                                                sed -i '/^$/d' $path/$name.pem
                                                sed -i '/^subject/d' $path/$name.pem
                                                sed -i '/^issuer/d' $path/$name.pem
                                                echo "$name.pem generated!!"
                                        fi
                                else
                                                echo "This certificate is already in .pem format"
                fi
                else
                                echo "Please provide a certificate in .p7b or .cer or .crt or .der"
                                result=5
        fi
}
if [ $input == 1 ]
        then
        echo "Enter file name"
        read filename
        echo "Enter path"
        read path
        convert_cert $filename $path
elif [ $input == 2 ]; then
        echo "Enter location of key & certificate"
        read path
        echo "Enter certificate file name"
        read filename
        name=${filename%%.*}
        echo "Enter key file name"
        read keyfilename
        echo "Enter Passphrase/Password"
        read passphrase
        result=`find $path -name $keyfilename | wc -l`
        if [ $result == 0 ]
        then
                echo "$keyfilename not found!!"
                exit $?
        fi
        result=1
        convert_cert $filename $path > /dev/null
        if [ $result == 5 ] ; then
                echo "Please provide a certificate in .p7b or .cer or .crt or .der"
                exit $?
        fi
        echo "Generating p12 file $result"
        echo "openssl pkcs12 -export -in $path/$name.pem -inkey $path/$keyfilename -out $path/$name.p12"
        openssl pkcs12 -export -in $path/$name.pem -inkey $path/$keyfilename -out $path/$name.p12
elif [ $input == 3 ]; then
        echo "Enter location of certificate"
        read path
        echo "Enter certificate file name"
        read filename
        echo "Enter alias name for the certificate"
        read alias
        echo "Enter location of keystore"
        read kpath
        echo "Enter keystore file name"
        read kfilename
        echo "Enter keystore password"
        read kpswd
        result=`find $path -name $filename | wc -l`
        if [ $result == 0 ]
        then
                echo "$filename not found!!"
                exit $?
        fi
        result=`find $kpath -name $kfilename | wc -l`
        if [ $result == 0 ]
        then
                echo "$kfilename not found!!"
                exit $?
        fi
        result=1
        convert_cert $filename $path > /dev/null
        if [ $result == 5 ] ; then
                echo "Please provide a certificate in .p7b or .cer or .crt or .der"
                exit $?
        fi
        echo "Importing certificate into keystore"
        echo "keytool -importcert -alias $alias -file $path/$filename -keystore $kpath/$kfilename -storepass $kpswd"
        keytool -importcert -alias $alias -file $path/$filename -keystore $kpath/$kfilename -storepass $kpswd
elif [ $input == 4 ]; then
        echo "Enter location for exported certificate"
        read path
        echo "Enter certificate file name for the exported certificate"
        read filename
        echo "Enter alias name of the certificate to be exported"
        read alias
        echo "Enter location of keystore"
        read kpath
        echo "Enter keystore file name"
        read kfilename
        echo "Enter keystore password"
        read kpswd
        result=`find $kpath -name $kfilename | wc -l`
        if [ $result == 0 ]
        then
                echo "$kfilename not found!!"
                exit $?
        fi
        echo "Exporting certificate from keystore"
        echo "keytool -exportcert -alias $alias -file $path/$filename.cer -keystore $kpath/$kfilename -storepass $kpswd"
        keytool -exportcert -alias $alias -file $path/$filename.cer -keystore $kpath/$kfilename -storepass $kpswd
elif [ $input == 5 ]; then
        echo "Enter alias name of the certificate to be deleted"
        read alias
        echo "Enter location of keystore"
        read kpath
        echo "Enter keystore file name"
        read kfilename
        echo "Enter keystore password"
        read kpswd
        result=`find $kpath -name $kfilename | wc -l`
        if [ $result == 0 ]
        then
                echo "$kfilename not found!!"
                exit $?
        fi
        echo "Deleting $alias certificate from keystore"
        echo "keytool -delete -alias $alias -keystore $kpath/$kfilename -storepass $kpswd"
        keytool -delete -alias $alias -keystore $kpath/$kfilename -storepass $kpswd
else
        echo "Incorrect choice!!"
fi
Save it as certificate.sh.
Give the required permission to the file
$ chmod a+x certificate.sh

Now lets do the test run :)

Test 1:- Convert Base64Encoded certificate
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
1
Enter file name
Base64Encoded.cer
Enter path
.
File to convert is at ./Base64Encoded.cer
Converting into pem...
Extension of the file is cer
Base64Encoded.pem generated!!

Test 2:- Convert DER Encoded certificate
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
1
Enter file name
DEREncoded.cer
Enter path
.
File to convert is at ./DEREncoded.cer
Converting into pem...
Extension of the file is cer
DEREncoded.pem generated!!

Test 3:- Convert p7b Encoded certificate
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
1
Enter file name
p7bEncoded.p7b
Enter path
.
File to convert is at ./p7bEncoded.p7b
Converting into pem...
Extension of the file is p7b
p7bEncoded.pem generated!!

Test 4:- Convert certificate into p12
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
2
Enter location of key & certificate
.
Enter certificate file name
soa.mycompany.com.cer
Enter key file name
soa.mycompany.com.key
Enter Passphrase/Password
changeit
Generating p12 file 1
Enter Export Password:
Verifying - Enter Export Password:
Test 5:- Import certificate in keystore
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
3
Enter location of certificate
.
Enter certificate file name
soa.mycompany.com.cer
Enter alias name for the certificate
mysoacert
Enter location of keystore
.
Enter keystore file name
mykeystore.jks
Enter keystore password
changeit
Importing certificate into keystore
.
.
Trust this certificate? [no]:  yes
Certificate was added to keystore
Test 6:- Export certificate from keystore
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
4
Enter location for exported certificate
.
Enter certificate file name for the exported certificate
myexportedcertificate
Enter alias name of the certificate to be exported
mysoacert
Enter location of keystore
.
Enter keystore file name
mykeystore.jks
Enter keystore password
changeit
Exporting certificate from keystore
Certificate stored in file <./myexportedcertificate.cer>
Test 7:- Delete certificate from keystore
$ ./certificate.sh
============================================
Press 1: To convert certificate into pem
Press 2: To convert certificate into p12
Press 3: To import certificate into keystore
Press 4: To export certificate from keystore
Press 5: To delete certificate from keystore
============================================
Enter your choice (1-5)
5
Enter alias name of the certificate to be deleted
mysoacert
Enter location of keystore
.
Enter keystore file name
mykeystore.jks
Enter keystore password
changeit
Deleting mysoacert certificate from keystore


Posted by at No comments:
Labels: , , ,

Monday, October 6, 2014

To get TARGETS for application deployed on Weblogic using WLST 

This function will return the list of Targets on which application has been deployed. 
It will take application name as the input parameter (i.e. APPNAME). 
It is using regular expression to extract server name or cluster name from the string. 
The FOR loop will run for each cluster/server. 
You need to import below classes for this function to work:

import re
import java.util.ArrayList as ArrayList

 So the function will look like below:

def Target(APPNAME):
    try:
        print('#######################################################')
        print('Below are the Targets for '), APPNAME
        print('#######################################################')
        cd('AppDeployments/'+APPNAME)
        arr = ArrayList()
        arr=get('Targets')
        for myStr in arr:
            m = re.search('=(\w+),', str(myStr))
            print m.group(1)
        print('#######################################################')
    except Exception, e:
        print('Exception is ')
        print e
        dumpStack()
        raise

Sample Output:

#######################################################
Below are the Targets for  ServerState
#######################################################
SOA_MngdSvr1
SOA_MngdSvr2
#######################################################
.
.
.
.
#######################################################
Below are the Targets for  ServerState
#######################################################
B2B_Cluster
BAM_Cluster
SOA_Cluster
#######################################################
Posted by at No comments:
Labels: , , ,

Thursday, October 2, 2014

Update weblogic keystores and SSL tab keystore location and password using WLST

We can use WLST to update identity and trust keystore location and password for admin and manager server under Configuration --> Keystores tab. It will also update Private Key Alias and Private Key Passphrase under Configuration --> SSL tab.

So I will create a function keystoreSSLSetup which will have below input arguments

Input Parameter Description
serverName Name of Admin or Managed Server where update is required
CustIdentityKeyStoreName  Identity Keystore containing the private and public key of the server 
CustIdentityKeyStorePassPhrase Password of Identity Keystore
CustTrustKeyStoreFileName Trust keystore containing CA certificates
CustServerPrivateKeyAlias Alias/name of the private key stored in identity keystore
CustServerPrivateKeyPassPhrase Password for private key. (Generally it is kept same as password of identity keystore)
domainHome Absolute path of domain

We will also encrypt the password for security reasons.

Now the function will look like below:

def keystoreSSLSetup(serverName,CustIdentityKeyStoreName,CustIdentityKeyStorePassPhrase,CustTrustKeyStoreFileName,CustServerPrivateKeyAlias,CustServerPrivateKeyPassPhrase,domainHome):  
    try:
        print "Setup KeyStore and SSL"
        cd ("/Servers/" + serverName)
        CustIdentityKeyStorePassPhraseEncrypted = encrypt (CustIdentityKeyStorePassPhrase, domainHome)
        set ("KeyStores", "CustomIdentityAndCustomTrust")
        set ("CustomIdentityKeyStoreFileName", CustIdentityKeyStoreName)
        set ("CustomIdentityKeyStorePassPhrase", CustIdentityKeyStorePassPhrase)
        set ("CustomIdentityKeyStorePassPhraseEncrypted", CustIdentityKeyStorePassPhraseEncrypted)
        set ("CustomIdentityKeyStoreType", "JKS")
        set ("CustomTrustKeyStoreFileName", CustTrustKeyStoreFileName)
        set ("CustomTrustKeyStorePassPhrase", CustIdentityKeyStorePassPhrase)
        set ("CustomTrustKeyStorePassPhraseEncrypted", CustIdentityKeyStorePassPhraseEncrypted)
        set ("CustomIdentityKeyStoreType", "JKS")
        print "Keystore Setup Successful"
        cd ("SSL/"+ serverName)
        set ("ServerPrivateKeyAlias", CustServerPrivateKeyAlias)
        set ("ServerPrivateKeyPassPhrase", CustServerPrivateKeyPassPhrase)
        CustServerPrivateKeyPassPhraseEncrypted = encrypt (CustOutboundPrivateKeyPassPhrase, domainHome)
        set ("ServerPrivateKeyPassPhraseEncrypted", CustServerPrivateKeyPassPhraseEncrypted)
        print "SSL Setup Successful"  
    except Exception, e:
        print e
        print "Error while trying to Setup KeyStore and SSL!!!"
        dumpStack()
        raise
        cancelEdit('y')
        activateTheChanges()
        disconnectFromServer()      
        exit() 
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)