mirror/ULib
1
0
Fork 0
mirror of https://github.com/stefanocasazza/ULib.git synced 2025-09-28 19:05:55 +08:00
Code Issues Releases Wiki Activity
f8a2d7b3a4
ULib/tests/examples/LCSP/LCSP_command/csp_SIGN_SPACK.sh
stefanocasazza 3c3c591bb9 clean history
2015-01-23 17:24:36 +01:00

111 lines
2.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# csp_SIGN_SPACK.sh: Creating a new certificate
#
# ARGV[1] = CA NAME
# ARGV[2] = REQUEST
# ARGV[3] = POLICY
#
# ENV[HOME] = Base directory for CA
# ENV[FILE_LOG] = Log file for command
# ENV[MSG_LOG] = Log separator
# ENV[OPENSSL] = Openssl path
# ENV[ENGINE] = Openssl Engine to use
# ENV[DEBUG] = Enable debugging
# ENV[TMPDIR] = Temporary directory
CANAME=$1
REQUEST=$2
POLICY=$3
#echo $CANAME > 1
#echo $REQUEST > 2
#echo $POLICY > 3
if [ -z "${CANAME}" ]; then
echo "CA name is empty" >&2
exit 1
fi
if [ -z "${REQUEST}" ]; then
echo "REQUEST is empty" >&2
exit 1
fi
if [ -z "${HOME}" ]; then
echo "HOME is not set" >&2
exit 1
fi
cd ${HOME}
if [ ! -f ${CANAME}/cacert.pem ]; then
echo "ERROR: CA ${CANAME} doesn't exists" >&2
exit 1
fi
if [ ! -f ../LCSP_command/.function ]; then
echo "Unable to found ../LCSP_command/.function" >&2
exit 1
fi
. ../LCSP_command/.function
chk_ENV `basename $0`
if [ -n "${POLICY}" ]; then
POLICY="-policy ${POLICY}"
fi
if [ -z "${TMPDIR}" ]; then
TMPDIR="/tmp"
fi
DEBUG_INFORMATION="ENV[TMPDIR] = \"${TMPDIR}\"
ARGV[1] (CANAME) = \"${CANAME}\"
ARGV[2] (REQUEST) = \"${REQUEST}\"
ARGV[3] (POLICY) = \"${POLICY}\"
"
FNAME="${TMPDIR}/casign`date +%s`$$"
# if something wrong exec this...
EXIT_CMD="rm -rf ${FNAME}"
begin_CMD
run_CMD "echo \"\${REQUEST}\"" ${FNAME}
if [ -f ${FNAME} ]; then
run_CMD "${OPENSSL} ca
-config ${CANAME}/openssl.cnf
-batch
-notext
${ENGINE}
${POLICY}
-name CA_${CANAME}
-spkac ${FNAME}"
fi
end_CMD
# $ openssl ca ...
# failed to update database
# TXT_DB error number 2
#
# You may see this when trying to generate a new SSL certificate, but the same
# DN (the common name, etc.) was used before (and recorded in index.txt).
#
# Many people should see this error, because we frequently rotate SSL certificates
# with new ones for additional security ;)
#
# You may then discover the fix is to set 'unique_subject = no' in openssl.cnf,
# but find that it still doesn't work.
#
# This is because when initialising the CA, the setting was duplicated into
# index.txt.attr to confuse you.
#
# This is probably because you have generated your own signing certificate with the same Common Name (CN) information that the CA certificate that you've generated before.
#
# Simply input a different Common Name each time you are asked should do the trick.
Reference in New Issue View Git Blame Copy Permalink