mirror/ULib
1
0
Fork 0
mirror of https://github.com/stefanocasazza/ULib.git synced 2025-09-28 19:05:55 +08:00
Code Issues Releases Wiki Activity
f8a2d7b3a4
ULib/tests/examples/LCSP/LCSP_command/csp_CA.sh
stefanocasazza 3c3c591bb9 clean history
2015-01-23 17:24:36 +01:00

168 lines
3.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# csp_CA.sh: Creating a new CA
#
# ARGV[1] = CA NAME
# ARGV[2] = CA certificate life in days
# ARGV[3] = CA openssl.cnf
#
# ENV[HOME] = Base directory for CA
# ENV[FILE_LOG] = Log file for command
# ENV[MSG_LOG] = Log separator
# ENV[OPENSSL] = Openssl path
# ENV[ENGINE] = Openssl Engine to use
# ENV[CNF_TEMPLATE] = Template for openssl.cnf
# ENV[CA_EXT] = Section for CA extensions
# ENV[START_SERIAL] = Start CA serial number
# ENV[DEBUG] = Enable debugging
CANAME=$1
CACERT_DAYS=$2
CNF=$3
#echo $CANAME > 1
#echo $CACERT_DAYS > 2
#echo "$CNF" > 3
if [ -z "${CANAME}" ]; then
echo "CA name is empty" >&2
exit 1
fi
if [ -z "${CACERT_DAYS}" ]; then
echo "CACERT_DAYS is empty" >&2
exit 1
fi
if [ -z "${HOME}" ]; then
echo "HOME is not set" >&2
exit 1
fi
cd ${HOME}
if [ -f "${CANAME}/serial" ]; then
echo "CA ${CANAME} already exist" >&2
exit 1
fi
if [ -z "${CNF}" ]; then
if [ -z "${CNF_TEMPLATE}" ]; then
CNF="`cat ./openssl.cnf.tmpl`"
test $? || exit $?
else
CNF="`cat \"${CNF_TEMPLATE}\"`"
fi
if [ -z "${CNF}" ]; then
echo "CNF is empty" >&2
exit 1
fi
fi
if [ ! -f ../LCSP_command/.function ]; then
echo "Unable to found ../LCSP_command/.function" >&2
exit 1
fi
. ../LCSP_command/.function
chk_ENV `basename $0`
# if something wrong exec this...
EXIT_CMD="rm -rf ${CANAME}"
# start
if [ -z "${CA_EXT}" ]; then
CA_EXT="CA_x509_extensions"
fi
if [ -z "${START_SERIAL}" ]; then
START_SERIAL="01"
fi
DEBUG_INFORMATION="ENV[CNF_TEMPLATE] = \"${CNF_TEMPLATE}\"
ENV[CA_EXT] = \"${CA_EXT}\"
ENV[START_SERIAL] = \"${START_SERIAL}\"
ARGV[1] (CANAME) = \"${CANAME}\"
ARGV[2] (DAYS) = \"${CACERT_DAYS}\"
ARGV[3]=-----OPENSSL.CNF BEGIN-----
${CNF}
-----OPENSSL.CNF END-----
"
begin_CMD
# create the directory hierarchy
run_CMD "mkdir -p ${CANAME}/crl
${CANAME}/certs
${CANAME}/newcerts
${CANAME}/private"
run_CMD "echo ${START_SERIAL}" ${CANAME}/serial
run_CMD "touch ${CANAME}/index.txt"
run_CMD "touch ${CANAME}/private/cakey.pem"
run_CMD "chmod u=rw,go= ${CANAME}/private/cakey.pem"
run_CMD "printf \"\${CNF}\" ${CANAME} ${CANAME} ${CANAME}" ${CANAME}/openssl.cnf
# maybe reuse the private key...
if [ -f "/srv/keys/priv/${CANAME}.pem.key" ]
then
run_CMD "cp /srv/keys/priv/${CANAME}.pem.key ${CANAME}/private/cakey.pem"
else
KEY_SIZE=`cat "${CANAME}/openssl.cnf" | awk '/default_bits/{gsub(".*=[ \t]*",""); print; exit}'`
run_CMD "${OPENSSL} genrsa
${ENGINE}
-out ${CANAME}/private/cakey.pem
$KEY_SIZE"
fi
# generate the certificate request
run_CMD "${OPENSSL} req
${ENGINE}
-config ${CANAME}/openssl.cnf
-batch
-new
-key ${CANAME}/private/cakey.pem
-out ${CANAME}/cacert.req"
# check for openssl version
${OPENSSL} version -v | awk '/0\.9\.[5678]/{exit 1}'
if [ $? -eq 1 ]; then
run_CMD "${OPENSSL} req
${ENGINE}
-config ${CANAME}/openssl.cnf
-days ${CACERT_DAYS}
-batch
-x509
-set_serial 0
-key ${CANAME}/private/cakey.pem
-in ${CANAME}/cacert.req
-extensions ${CA_EXT}
-out ${CANAME}/cacert.pem"
else
run_CMD "${OPENSSL} ca
${ENGINE}
-config ${CANAME}/openssl.cnf
-days ${CACERT_DAYS}
-batch
-selfsign
-create_serial
-name CA_${CANAME}
-keyfile ${CANAME}/private/cakey.pem
-extensions ${CA_EXT}
-out ${CANAME}/cacert.pem
-infiles ${CANAME}/cacert.req"
fi
unset EXIT_CMD
end_CMD
Reference in New Issue View Git Blame Copy Permalink