modify the keytool

Signed-off-by: ericsyh <[email protected]>

charts/sn-platform-slim/templates/tls/keytool.yaml

@@ -0,0 +1,112 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# script to process key/cert to keystore and truststore
+{{- if .Values.tls.enabled }}
+{{- if (and .Values.tls.broker.enabled .Values.broker.kop.enabled)}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ template "pulsar.fullname" . }}-keytool-configmap"
+  namespace: {{ template "pulsar.namespace" . }}
+  labels:
+    {{- include "pulsar.standardLabels" . | nindent 4 }}
+    component: keytool 
+data:
+  keytool.sh: |
+    #!/bin/bash
+    component=$1
+    name=$2
+    isClient=$3
+    crtFile=/pulsar/certs/${component}/tls.crt
+    keyFile=/pulsar/certs/${component}/tls.key
+    caFile=/pulsar/certs/ca/ca.crt
+    p12File=/pulsar/${component}.p12
+    keyStoreFile=/pulsar/${component}.keystore.jks
+    trustStoreFile=/pulsar/${component}.truststore.jks
+    
+    function checkFile() {
+        local file=$1
+        local len=$(wc -c ${file} | awk '{print $1}')
+        echo "processing ${file} : len = ${len}"
+        if [ ! -f ${file} ]; then
+            echo "${file} is not found"
+            return -1
+        fi
+        if [ $len -le 0 ]; then
+            echo "${file} is empty"
+            return -1
+        fi
+    }
+
+    function ensureFileNotEmpty() {
+        local file=$1
+        until checkFile ${file}; do
+            echo "file isn't initialized yet ... check in 3 seconds ..." && sleep 3;
+        done;
+    }
+    
+    ensureFileNotEmpty ${crtFile}
+    ensureFileNotEmpty ${keyFile}
+    ensureFileNotEmpty ${caFile}
+    
+    export PASSWORD=$(head /dev/urandom | base64 | head -c 24)
+    
+    openssl pkcs12 \
+        -export \
+        -in ${crtFile} \
+        -inkey ${keyFile} \
+        -out ${p12File} \
+        -name ${name} \
+        -passout "pass:${PASSWORD}"
+    
+    keytool -importkeystore \
+        -srckeystore ${p12File} \
+        -srcstoretype PKCS12 -srcstorepass "${PASSWORD}" \
+        -alias ${name} \
+        -destkeystore ${keyStoreFile} \
+        -deststorepass "${PASSWORD}"
+    
+    keytool -import \
+        -file ${caFile} \
+        -storetype JKS \
+        -alias ${name} \
+        -keystore ${trustStoreFile} \
+        -storepass "${PASSWORD}" \
+        -trustcacerts -noprompt
+    
+    ensureFileNotEmpty ${keyStoreFile}
+    ensureFileNotEmpty ${trustStoreFile}
+    
+    if [[ "x${isClient}" == "xtrue" ]]; then
+        echo "update tls client settings ..."
+{{- if and .Values.tls.broker.enabled .Values.broker.kop.enabled }}
+        echo $'\n' >> conf/broker.conf
+        echo "kopSslKeystorePassword=${PASSWORD}" >> conf/broker.conf
+        echo $'\n' >> conf/broker.conf
+        echo "kopSslKeyPassword=${PASSWORD}" >> conf/broker.conf
+        echo $'\n' >> conf/broker.conf
+        echo "kopSslTruststorePassword=${PASSWORD}" >> conf/broker.conf
+{{- end }}
+    else
+        echo "update tls client settings ..."
+    fi
+    echo ${PASSWORD} > conf/password
+{{- end }}
+{{- end }}