[distorted-ansible] / roles / common / files / scripts / genx509

#! /bin/sh -e

unset email unit key ext extra
config=/etc/ca/openssl.conf
good=t
while getopts e:u:k:x: opt; do
  case $opt in
    e) email=$OPTARG ;;
    u) unit=$OPTARG ;;
    k) key=$OPTARG ;;
    x) ext=$OPTARG ;;
    *) good=nil ;;
  esac
done
shift $(( $OPTIND - 1 ))

case $#,$good in
  2,t) ;;
  *) echo >&2 "usage: $0 [-e EMAIL] [-k KEY] [-u UNIT] [-x EXT] LABEL CN"; exit 1 ;;
esac
label=$1 cn=$2

if [ ! -d private ]; then
  mkdir -m700 private
fi

case ${ext+t} in
  t)
    { cat "$config"
      echo
      echo "[genx509-custom]"
      cat "$ext"; } >"tmp.$label.conf"
    config=tmp.$label.conf
    extra="$extra -reqexts genx509-custom"
    ;;
esac

name="/C=GB/ST=Cambridgeshire/L=Cambridge/O=distorted.org.uk"
name="$name/${unit+OU=$unit/}CN=$cn${email+/emailAddress=$email}"
case ${key+t} in
  t)
    openssl req -batch -config "$config" \
	-new -subj "$name" -text -out "$label.req.new" \
	-key "$key" $extra
    ;;
  *)
    openssl req -batch -config "$config" \
	-new -subj "$name" -text -out "$label.req.new" \
	-nodes -keyout "private/$label.key.new" $extra
    chmod 600 "private/$label.key.new"
    mv "private/$label.key.new" "private/$label.key"
    ;;
esac
rm -f "tmp.$label.conf"
mv "$label.req.new" "$label.req"
sha256sum "$label.req"
Commit	Line	Data
5fc6de27 MW	1	#! /bin/sh -e
	2
	3	unset email unit key ext extra
	4	config=/etc/ca/openssl.conf
	5	good=t
	6	while getopts e:u:k:x: opt; do
	7	case $opt in
	8	e) email=$OPTARG ;;
	9	u) unit=$OPTARG ;;
	10	k) key=$OPTARG ;;
	11	x) ext=$OPTARG ;;
	12	*) good=nil ;;
	13	esac
	14	done
	15	shift $(( $OPTIND - 1 ))
	16
	17	case $#,$good in
	18	2,t) ;;
	19	*) echo >&2 "usage: $0 [-e EMAIL] [-k KEY] [-u UNIT] [-x EXT] LABEL CN"; exit 1 ;;
	20	esac
	21	label=$1 cn=$2
	22
	23	if [ ! -d private ]; then
	24	mkdir -m700 private
	25	fi
	26
	27	case ${ext+t} in
	28	t)
	29	{ cat "$config"
	30	echo
	31	echo "[genx509-custom]"
	32	cat "$ext"; } >"tmp.$label.conf"
	33	config=tmp.$label.conf
	34	extra="$extra -reqexts genx509-custom"
	35	;;
	36	esac
	37
	38	name="/C=GB/ST=Cambridgeshire/L=Cambridge/O=distorted.org.uk"
	39	name="$name/${unit+OU=$unit/}CN=$cn${email+/emailAddress=$email}"
	40	case ${key+t} in
	41	t)
	42	openssl req -batch -config "$config" \
	43	-new -subj "$name" -text -out "$label.req.new" \
	44	-key "$key" $extra
	45	;;
	46	*)
	47	openssl req -batch -config "$config" \
	48	-new -subj "$name" -text -out "$label.req.new" \
	49	-nodes -keyout "private/$label.key.new" $extra
	50	chmod 600 "private/$label.key.new"
	51	mv "private/$label.key.new" "private/$label.key"
	52	;;
	53	esac
	54	rm -f "tmp.$label.conf"
	55	mv "$label.req.new" "$label.req"
	56	sha256sum "$label.req"