Commit | Line | Data |
---|---|---|
5fc6de27 MW |
1 | #! /bin/sh -e |
2 | ||
3 | unset email unit key ext extra | |
4 | config=/etc/ca/openssl.conf | |
5 | good=t | |
6 | while getopts e:u:k:x: opt; do | |
7 | case $opt in | |
8 | e) email=$OPTARG ;; | |
9 | u) unit=$OPTARG ;; | |
10 | k) key=$OPTARG ;; | |
11 | x) ext=$OPTARG ;; | |
12 | *) good=nil ;; | |
13 | esac | |
14 | done | |
15 | shift $(( $OPTIND - 1 )) | |
16 | ||
17 | case $#,$good in | |
18 | 2,t) ;; | |
19 | *) echo >&2 "usage: $0 [-e EMAIL] [-k KEY] [-u UNIT] [-x EXT] LABEL CN"; exit 1 ;; | |
20 | esac | |
21 | label=$1 cn=$2 | |
22 | ||
23 | if [ ! -d private ]; then | |
24 | mkdir -m700 private | |
25 | fi | |
26 | ||
27 | case ${ext+t} in | |
28 | t) | |
29 | { cat "$config" | |
30 | echo | |
31 | echo "[genx509-custom]" | |
32 | cat "$ext"; } >"tmp.$label.conf" | |
33 | config=tmp.$label.conf | |
34 | extra="$extra -reqexts genx509-custom" | |
35 | ;; | |
36 | esac | |
37 | ||
38 | name="/C=GB/ST=Cambridgeshire/L=Cambridge/O=distorted.org.uk" | |
39 | name="$name/${unit+OU=$unit/}CN=$cn${email+/emailAddress=$email}" | |
40 | case ${key+t} in | |
41 | t) | |
42 | openssl req -batch -config "$config" \ | |
43 | -new -subj "$name" -text -out "$label.req.new" \ | |
44 | -key "$key" $extra | |
45 | ;; | |
46 | *) | |
47 | openssl req -batch -config "$config" \ | |
48 | -new -subj "$name" -text -out "$label.req.new" \ | |
49 | -nodes -keyout "private/$label.key.new" $extra | |
50 | chmod 600 "private/$label.key.new" | |
51 | mv "private/$label.key.new" "private/$label.key" | |
52 | ;; | |
53 | esac | |
54 | rm -f "tmp.$label.conf" | |
55 | mv "$label.req.new" "$label.req" | |
56 | sha256sum "$label.req" |