[IMPROVEMENT] Ability to invoke basic functions independently

[aborroy]

The process to generate and assemble keystore files involves several functions:

• Generate a new keystore for repository encryption purposes (alfresco/keystore)
• Generate a new CA Entity to issue digital certificates
• Generate truststore and keystore for Alfresco Repository (alfresco)
• Generate truststore and keystore for Search Services (solr)
• Generate truststore and keystore for Apache Zeppelin (zeppelin) - Only applies to Enterprise deployments, SOLR keystore and truststore can be reused for this configuration
• Generate browser client certificate for Search Services (client)

Improvement

Create a new set of command line parameters to cover these options:

• -encryption creates the alfresco/keystore file

  • STORE_TYPE: PKCS12, JCEKS
  • KEY_ALG: AES -keysize 256, DESede

• -ca creates a new CA Entity

  • CA_DNAME, for instance "/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Custom Alfresco CA"
  • KEY_SIZE: 2048, 4096
  • PASS: default password
  • DAYS: caducity

• -alfresco-key creates keystore for Repository

  • KEY_SIZE: 2048, 4096
  • STORE_TYPE: PKCS12, JCEKS
  • PASS: default password
  • DAYS: caducity
  • REPO_CERT_DNAME: for instance "/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Custom Alfresco Repository"
  • ALFRESCO_SERVER_NAME, for instance "localhost"

• -solr-key creates keystore for Search Services

  • KEY_SIZE: 2048, 4096
  • STORE_TYPE: PKCS12, JCEKS
  • PASS: default password
  • DAYS: caducity
  • SOLR_CLIENT_CERT_DNAME: for instance "/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Custom Alfresco Repository Client"
  • SOLR_SERVER_NAME, for instance "localhost"

• -alfresco-trust creates truststore for Repository

  • SOLR_KEYSTORE: the path of the SOLR keystore
  • SOLR_PASS: the password for the SOLR keystore

• -solr-trust creates truststore for Search Service

  • REPO_KEYSTORE: the path of the Repository keystore
  • REPO_PASS: the password for the Repository keystore

• -solr-client creates the browser client certificate

  • KEY_SIZE: 2048, 4096
  • PASS: default password
  • DAYS: caducity
  • BROWSER_CLIENT_CERT_DNAME: for instance "/C=GB/ST=UK/L=Maidenhead/O=Alfresco Software Ltd./OU=Unknown/CN=Custom Browser Client"

[hi-ko]

instead of introducing explicit signatures {alfresco,solr}-{key,trust} I suggest for simplicity a generic one using a parameter name for config key lookups like

• -keystore [repo | solr | zeppelin | repo-client | solr-client]

  • -keysize [default: $KEY_SIZE | 4096]
  • -pass [default: $KEYSTORE_PASS | generate new one]
  • -days [default: $SSL_DAYS | 3650]
  • -dname [default: depending on -keystore value parameter e.g. repo >> $REPO_CERT_DNAME ]
  • -keystoretype [default: $KEYSTORE_KEY_ALG | RSA]
  • -truststoretype [default: $TRUSTSTORE_TYPE | JCEKS]

  see [IMPROVEMENT] support config file for defaults #24 for variables

then we could add for convenience a macro function:

• -keystores [CONFIG_NAMES_LIST] defaults to repo solr zeppelin repo-client
  which runs in sequence -keystore with the list elements as argument
  • -keysize [default: ENV_VARIABLE | 4096]
  • -pass [default: ENV_VARIABLE | generate new one]
  • -days [default: ENV_VARIABLE | 3650]
  • -keystoretype [default: ENV_VARIABLE | RSA]
  • -truststoretype [default: ENV_VARIABLE | JCEKS]

[hi-ko]

DESede should no longer be used

[aborroy]

Draft PR to move the logic into functions is available in:
#27

Please, @hi-ko, review the PR before moving on with the following steps