| 1 | #! /bin/sh -e |
| 2 | |
| 3 | unset email unit key ext extra |
| 4 | config=/etc/ca/openssl.conf |
| 5 | good=t |
| 6 | while getopts e:u:k:x: opt; do |
| 7 | case $opt in |
| 8 | e) email=$OPTARG ;; |
| 9 | u) unit=$OPTARG ;; |
| 10 | k) key=$OPTARG ;; |
| 11 | x) ext=$OPTARG ;; |
| 12 | *) good=nil ;; |
| 13 | esac |
| 14 | done |
| 15 | shift $(( $OPTIND - 1 )) |
| 16 | |
| 17 | case $#,$good in |
| 18 | 2,t) ;; |
| 19 | *) echo >&2 "usage: $0 [-e EMAIL] [-k KEY] [-u UNIT] [-x EXT] LABEL CN"; exit 1 ;; |
| 20 | esac |
| 21 | label=$1 cn=$2 |
| 22 | |
| 23 | if [ ! -d private ]; then |
| 24 | mkdir -m700 private |
| 25 | fi |
| 26 | |
| 27 | case ${ext+t} in |
| 28 | t) |
| 29 | { cat "$config" |
| 30 | echo |
| 31 | echo "[genx509-custom]" |
| 32 | cat "$ext"; } >"tmp.$label.conf" |
| 33 | config=tmp.$label.conf |
| 34 | extra="$extra -reqexts genx509-custom" |
| 35 | ;; |
| 36 | esac |
| 37 | |
| 38 | name="/C=GB/ST=Cambridgeshire/L=Cambridge/O=distorted.org.uk" |
| 39 | name="$name/${unit+OU=$unit/}CN=$cn${email+/emailAddress=$email}" |
| 40 | case ${key+t} in |
| 41 | t) |
| 42 | openssl req -batch -config "$config" \ |
| 43 | -new -subj "$name" -text -out "$label.req.new" \ |
| 44 | -key "$key" $extra |
| 45 | ;; |
| 46 | *) |
| 47 | openssl req -batch -config "$config" \ |
| 48 | -new -subj "$name" -text -out "$label.req.new" \ |
| 49 | -nodes -keyout "private/$label.key.new" $extra |
| 50 | chmod 600 "private/$label.key.new" |
| 51 | mv "private/$label.key.new" "private/$label.key" |
| 52 | ;; |
| 53 | esac |
| 54 | rm -f "tmp.$label.conf" |
| 55 | mv "$label.req.new" "$label.req" |
| 56 | sha256sum "$label.req" |