eristoddle
1/26/2017 - 10:44 PM

Script to configure WSO2 EMM

Script to configure WSO2 EMM

PRODUCT_HOME="$1"
IOS_CERTS="$2"
IP="$3"
PRODUCT_CONF="$4"
CONFIG_FILE="./openssl_custom.cnf"
TEMP_FOLDER="./temp"
PUSH_CERT="`echo $IOS_CERTS`pushcert.pfx"
PUSH_PASS=""
MDM_CERT="`echo $IOS_CERTS`PlainCert.pfx"
MDM_PASS=""
IOS_TOPIC_ID=""
PRODUCT_JKS_PATH="repository/resources/security"
SENDER_ADDRESS=""
SENDER_PASSWORD=""
SENDER_ID=""
API_KEY=""

if [ -z "$PRODUCT_HOME" ]; then
  echo "Please enter the product home"
  exit 11
fi
if [ -z "$IOS_CERTS" ]; then
  echo "Please enter the path to ios certs"
  exit 11
fi
unamestr=`uname`
if [ -z "$IP" ]; then
	if [[ "$unamestr" == 'Linux' ]]; then
	   IP=$(ifconfig  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}')
	elif [[ "$unamestr" == 'FreeBSD' ]]; then
	   IP=$(ifconfig  | grep -E 'inet.[0-9]' | grep -v '127.0.0.1' | awk '{ print $2}')
	elif [[ "$unamestr" == 'Darwin' ]]; then
	   IP=$(ifconfig | grep "inet " | grep -v 127.0.0.1 | cut -d\  -f2)
	fi
fi
# Template sso-idp.xml with current machine ip
file=$(cat $PRODUCT_HOME/repository/conf/sso-idp-config.xml | sed -e "s/\localhost/$IP/")
echo "$file" > "$PRODUCT_HOME/repository/conf/sso-idp-config.xml"
file=$(cat $PRODUCT_HOME/repository/conf/mdm-config.xml | sed -e "s/\host/$IP/" -e "s=\$(push_certificate)=$PUSH_CERT=" -e "s=\$(mdm_push_certificate)=$MDM_CERT=" -e "s=\$(push_password)=$PUSH_PASS=" -e "s=\$(mdm_push_password)=$MDM_PASS=" -e "s=\$(topic_id)=$IOS_TOPIC_ID="  -e "s=\$(wso2carbon_jks)=`echo $PRODUCT_CONF$PRODUCT_JKS_PATH`/wso2carbon.jks=" -e "s=\$(wso2mobilemdm_jks)=`echo $PRODUCT_CONF$PRODUCT_JKS_PATH`/wso2mobilemdm.jks=")
# echo $PRODUCT_HOME$PRODUCT_JKS_PATH;
echo "$file" > "$PRODUCT_HOME/repository/conf/mdm-config.xml"
# echo "$file" > "$PRODUCT_HOME/repository/conf/sso-idp-config.xml"


# Configuring the apps
cp $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/tempConfigs/config.json $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/config.json
cp $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/tempConfigs/android.json $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/android.json
cp $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/tempConfigs/ios.json $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/ios.json

cp $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mam/config/tempConfig/config.json $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mam/config/config.json
cp $PRODUCT_HOME/repository/deployment/server/jaggeryapps/publisher/config/mam-config.json.temp $PRODUCT_HOME/repository/deployment/server/jaggeryapps/publisher/config/mam-config.json

file=$(cat $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/config.json | sed -e "s=\$(senderAddress)=$SENDER_ADDRESS="  -e "s=\$(senderPassword)=$SENDER_PASSWORD=")
echo "$file" > "$PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/config.json"
file=$(cat $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/android.json | sed -e "s=\$(senderid)=$SENDER_ID="  -e "s=\$(apikey)=$API_KEY=")
echo "$file" > "$PRODUCT_HOME/repository/deployment/server/jaggeryapps/mdm/config/android.json"


file=$(cat $PRODUCT_HOME/repository/deployment/server/jaggeryapps/mam/config/config.json | sed -e "s=\$(senderAddress)=$SENDER_ADDRESS="  -e "s=\$(senderPassword)=$SENDER_PASSWORD=")
echo "$file" > "$PRODUCT_HOME/repository/deployment/server/jaggeryapps/mam/config/config.json"
file=$(cat $PRODUCT_HOME/repository/deployment/server/jaggeryapps/publisher/config/mam-config.json | sed -e "s=\$(senderAddress)=$SENDER_ADDRESS="  -e "s=\$(senderPassword)=$SENDER_PASSWORD=")
echo "$file" > "$PRODUCT_HOME/repository/deployment/server/jaggeryapps/publisher/config/mam-config.json"





#Android
BKS_CONVERTER="./bcprov-jdk16-146.jar"
TRUSTSTORE="./android_truststore.bks"
TRUSTSTORE_PASSWORD="wso2mobile123"

#CA Certificate Parameters
CA_COUNTRY="LK"
CA_STATE="Western Province"
CA_LOCALITY="Colombo"
CA_ORGANISATION="WSO2Mobile"
CA_ORGANISATIONUNIT=""
CA_COMMONNAME="WSO2Mobile Root CA"
CA_DAYS="365"

#RA Certificate Parameters
RA_COUNTRY="LK"
RA_STATE="Western Province"
RA_LOCALITY="Colombo"
RA_ORGANISATION="WSO2Mobile"
RA_ORGANISATIONUNIT=""
RA_COMMONNAME="WSO2Mobile SCEP CA"
RA_DAYS="365"
RA_SERIAL="02"

#SSL Certificate Parameters
SSL_COUNTRY="LK"
SSL_STATE="Western Province"
SSL_LOCALITY="Colombo"
SSL_ORGANISATION="WSO2Mobile"
SSL_ORGANISATIONUNIT=""
SSL_COMMONNAME=$IP
SSL_DAYS="365"
SSL_SERIAL="044324343"
echo $SSL_COMMONNAME

#PKCS12 Alias and Password for IA, CA and RA
IA_PKCS12_ALIAS="wso2carbon"
IA_PKCS12_PASSWORD="wso2carbon"

CA_PKCS12_ALIAS="cacert"
CA_PKCS12_PASSWORD="cacert"

RA_PKCS12_ALIAS="racert"
RA_PKCS12_PASSWORD="racert"

WSO2CARBON="wso2carbon"
WSO2MOBILEMDM_JKS_PASSWORD="wso2mobile"

############################################################################################################################

CA_SUBJ="/C="$CA_COUNTRY"/ST="$CA_STATE"/L="$CA_LOCALITY"/O="$CA_ORGANISATION"/OU="$CA_ORGANISATIONUNIT"/CN="$CA_COMMONNAME
RA_SUBJ="/C="$RA_COUNTRY"/ST="$RA_STATE"/L="$RA_LOCALITY"/O="$RA_ORGANISATION"/OU="$RA_ORGANISATIONUNIT"/CN="$RA_COMMONNAME
SSL_SUBJ="/C="$SSL_COUNTRY"/ST="$SSL_STATE"/L="$SSL_LOCALITY"/O="$SSL_ORGANISATION"/OU="$SSL_ORGANISATIONUNIT"/CN="$SSL_COMMONNAME

PRODUCT_JKS_PATH="/repository/resources/security"

set -e #stop if there is an error

if ! [ -f $CONFIG_FILE ]; then
	echo "Config File does not exist: "$CONFIG_FILE
	exit
fi

if ! [ -d $PRODUCT_HOME$PRODUCT_JKS_PATH ]; then
	echo "Product Path does not exist: "$PRODUCT_HOME$PRODUCT_JKS_PATH
	exit
fi

if [ -f $PRODUCT_HOME$PRODUCT_JKS_PATH/wso2mobilemdm.jks ]; then
	rm -rf $PRODUCT_HOME$PRODUCT_JKS_PATH/wso2mobilemdm.jks
fi

if [ -d $TEMP_FOLDER ]; then
	#If folder exists
	rm -rf $TEMP_FOLDER
fi

if [ -f $TRUSTSTORE ]; then
	rm -rf $TRUSTSTORE
fi

mkdir $TEMP_FOLDER

set -x #echo on

#############################################################################################################################
#Start Process

########CA Certificate
echo "\nGenerating CA Certificate >>>>>> START"

openssl genrsa -out $TEMP_FOLDER/ca_private.key 1024 

openssl req -new -key $TEMP_FOLDER/ca_private.key -out $TEMP_FOLDER/ca.csr -subj "$CA_SUBJ"

openssl x509 -req -days $CA_DAYS -in $TEMP_FOLDER/ca.csr -signkey $TEMP_FOLDER/ca_private.key -out $TEMP_FOLDER/ca.crt -extensions v3_ca -extfile $CONFIG_FILE

openssl rsa -in $TEMP_FOLDER/ca_private.key -text > $TEMP_FOLDER/ca_private.pem

openssl x509 -in $TEMP_FOLDER/ca.crt -out $TEMP_FOLDER/ca_cert.pem

echo "\nGenerating CA Certificate >>>>>> END\n"


########RA Certificate
echo "\nGenerating RA Certificate >>>>>> START"

openssl genrsa -out $TEMP_FOLDER/ra_private.key 1024

openssl req -new -key $TEMP_FOLDER/ra_private.key -out $TEMP_FOLDER/ra.csr -subj "$RA_SUBJ"

openssl x509 -req -days $CA_DAYS -in $TEMP_FOLDER/ra.csr -CA $TEMP_FOLDER/ca.crt -CAkey $TEMP_FOLDER/ca_private.key -set_serial $RA_SERIAL -out $TEMP_FOLDER/ra.crt -extensions v3_req -extfile $CONFIG_FILE

openssl rsa -in $TEMP_FOLDER/ra_private.key -text > $TEMP_FOLDER/ra_private.pem

openssl x509 -in $TEMP_FOLDER/ra.crt -out $TEMP_FOLDER/ra_cert.pem

echo "\nGenerating RA Certificate >>>>>> END \n"


########SSL Certificate
echo "\nGenerating SSL Certificate >>>>>> START"

openssl genrsa -out $TEMP_FOLDER/ia.key 1024

openssl req -new -key $TEMP_FOLDER/ia.key -out $TEMP_FOLDER/ia.csr -subj "$SSL_SUBJ"

openssl x509 -req -days $SSL_DAYS -in $TEMP_FOLDER/ia.csr -CA $TEMP_FOLDER/ca_cert.pem -CAkey $TEMP_FOLDER/ca_private.pem -set_serial $SSL_SERIAL -out $TEMP_FOLDER/ia.crt

echo "\nGenerating SSL Certificate >>>>>> END \n"


########PKCS12 files
echo "\nGenerating the PKCS12 files >>>>>> START"

openssl pkcs12 -export -out $TEMP_FOLDER/ia.p12 -inkey $TEMP_FOLDER/ia.key -in $TEMP_FOLDER/ia.crt -CAfile $TEMP_FOLDER/ca_cert.pem -name "$IA_PKCS12_ALIAS" -passout pass:$IA_PKCS12_PASSWORD

openssl pkcs12 -export -out $TEMP_FOLDER/ca.p12 -inkey $TEMP_FOLDER/ca_private.pem -in $TEMP_FOLDER/ca_cert.pem -name "$CA_PKCS12_ALIAS" -passout pass:$CA_PKCS12_PASSWORD

openssl pkcs12 -export -out $TEMP_FOLDER/ra.p12 -inkey $TEMP_FOLDER/ra_private.pem -in $TEMP_FOLDER/ra_cert.pem -chain -CAfile $TEMP_FOLDER/ca_cert.pem -name "$RA_PKCS12_ALIAS" -passout pass:$RA_PKCS12_PASSWORD

echo "\nGenerating the PKCS12 files >>>>>> END"


########Importing the PKCS12 to JKS
echo "\nImporting the PKCS12 to JKS >>>>>> START"

keytool -importkeystore -srckeystore $TEMP_FOLDER/ia.p12 -srcstoretype PKCS12 -destkeystore $PRODUCT_HOME/repository/resources/security/wso2carbon.jks -noprompt -deststorepass $WSO2CARBON -srcstorepass $IA_PKCS12_PASSWORD

keytool -importkeystore -srckeystore $TEMP_FOLDER/ia.p12 -srcstoretype PKCS12 -destkeystore $PRODUCT_HOME/repository/resources/security/client-truststore.jks -noprompt -deststorepass $WSO2CARBON -srcstorepass $IA_PKCS12_PASSWORD

keytool -importkeystore -srckeystore $TEMP_FOLDER/ca.p12 -srcstoretype PKCS12 -destkeystore $PRODUCT_HOME/repository/resources/security/wso2mobilemdm.jks -noprompt -deststorepass $WSO2MOBILEMDM_JKS_PASSWORD -srcstorepass $CA_PKCS12_PASSWORD

keytool -importkeystore -srckeystore $TEMP_FOLDER/ra.p12 -srcstoretype PKCS12 -destkeystore $PRODUCT_HOME/repository/resources/security/wso2mobilemdm.jks -noprompt -deststorepass $WSO2MOBILEMDM_JKS_PASSWORD -srcstorepass $RA_PKCS12_ALIAS

echo "\nImporting the PKCS12 to JKS >>>>>> END"


echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> PROCESS COMPLETED SUCCESSFULLY <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
set +x #echo on


########Creating the TrustStore file for Android
echo "\nCreating the TrustStore for Android using the CA Cert"
ALIAS=`openssl x509 -inform PEM -subject_hash -noout -in ./temp/ca_cert.pem`
keytool -noprompt -import -v -trustcacerts -alias $ALIAS \
      -file $TEMP_FOLDER/ca_cert.pem \
      -keystore $TRUSTSTORE -storetype BKS \
      -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider \
      -providerpath $BKS_CONVERTER \
      -storepass $TRUSTSTORE_PASSWORD

echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> PROCESS COMPLETED SUCCESSFULLY <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<"
set +x #echo on

rm -rf $TEMP_FOLDER