]> git.somenet.org - somenet/certgen.git/blob - certgen.sh
Some clarification and fixes.
[somenet/certgen.git] / certgen.sh
1 #!/bin/bash
2
3 MYPWD=$(pwd)
4 umask 0027
5
6 echo "cleanup previous run..."
7 rm -rf output/*
8 mkdir output/csr output/crt output/sgn
9
10 while read cdline ; do
11         if [[ $cdline == "" || $cdline == "#"* ]] ; then
12                 continue
13         fi
14
15         cd $MYPWD
16         read -a certdata <<< "$cdline"
17
18         echo "*** Processing: $(date -Iseconds) - ${certdata[0]} - ${certdata[1]} ***"
19         if [[ -d "output/${certdata[1]}"  ]] ; then
20                 echo "*** ERROR - THIS SEEMS TO ALREADY EXIST ***" 1>&2
21                 echo "*** ABORTED ***" 1>&2
22                 exit 1
23         fi
24
25         mkdir "output/${certdata[1]}"
26         chmod o+x "output/${certdata[1]}"
27         cd "output/${certdata[1]}"
28
29         # Handle "CA" type here.
30         if [[ ${certdata[0]} == "CA" ]] ; then
31                 mkdir -m 0700 certs crl newcerts
32                 touch index.txt
33                 export CA_PATH="./"
34                 openssl req -batch -new -newkey rsa:4096 -keyout ca.key -out ca.csr -nodes -subj "${certdata[2]}" -reqexts v3_ca_req -config "${MYPWD}/openssl.cnf" &>/dev/null
35                 openssl ca -batch -create_serial -out ca.crt -days 3650 -keyfile ca.key -selfsign -extensions v3_ca -config "${MYPWD}/openssl.cnf" -infiles ca.csr
36                 continue
37         fi
38
39
40         # Handle non "CA" types here.
41         export CA_PATH="$MYPWD/ca/"
42         SUBJECT="${certdata[2]}CN=${certdata[1]}/"
43         DNS_NAMES="${certdata[1]},${certdata[3]}"
44         OLDIFS=$IFS
45         IFS=","
46         cat "${MYPWD}/openssl.cnf" > /tmp/certgen.cnf
47         COUNTER=0
48         for name in $DNS_NAMES; do
49                 if [[ "" == $name ]] ; then
50                         continue
51                 fi
52                 COUNTER=$((COUNTER+1))
53                 echo "DNS.${COUNTER} = $name" >> /tmp/certgen.cnf
54         done
55         IFS=$OLDIFS
56         unset OLDIFS
57         unset COUNTER
58         
59         openssl genrsa -out "${certdata[1]}.key" 4096 &> /dev/null
60         openssl req -new -key "${certdata[1]}.key" -out "${certdata[1]}.csr" -utf8 -batch -subj "${SUBJECT}" -config /tmp/certgen.cnf
61
62         if [[ ${certdata[0]} == "SGN" ]] ; then
63                 if [[ ! -d "${CA_PATH}"  ]] ; then
64                         echo "*** ERROR - NO CA DATA FOUND ***" 1>&2
65                         echo "*** maybe generate a CA and move it to ${CA_PATH} ***" 1>&2
66                         echo "copy template: mv output/SomeNet ${CA_PATH}" 1>&2
67                         echo "*** ABORTED ***" 1>&2
68                         exit 2
69                 fi
70
71                 openssl ca -batch -create_serial -out "${certdata[1]}.crt" -days 365 -keyfile "${MYPWD}/ca/ca.key" -extensions v3_ca \
72                         -config "${MYPWD}/openssl.cnf" -infiles "${certdata[1]}.csr"
73                 cat "${MYPWD}/ca/ca.crt" >> "${certdata[1]}.crt"
74
75         elif [[ ${certdata[0]} == "CRT" ]] ; then
76                 openssl x509 -req -signkey "${certdata[1]}.key" -in "${certdata[1]}.csr" -out "${certdata[1]}.crt" -extensions v3_req -extfile /tmp/certgen.cnf \
77                         -days 365 -sha512 &> /dev/null
78                 chmod o+r "${certdata[1]}.crt"
79
80                 echo -n "${certdata[1]} " >> "${MYPWD}/output/fpfile.txt"
81                 openssl x509 -in "${certdata[1]}.crt" -fingerprint -noout -sha512 >> "${MYPWD}/output/fpfile.txt"
82                 echo "" >> "${MYPWD}/output/fpfile.txt"
83         fi
84
85         rm /tmp/certgen.cnf
86         cd $MYPWD
87
88         if [[ ${certdata[0]} == "SGN" ]] ; then
89                 mv "output/${certdata[1]}" "output/sgn/${certdata[1]}"
90         elif [[ ${certdata[0]} == "CRT" ]] ; then
91                 mv "output/${certdata[1]}" "output/crt/${certdata[1]}"
92         else
93                 mv "output/${certdata[1]}" "output/csr/${certdata[1]}"
94         fi
95
96 done < certgen.data
97
98 echo "*** DONE ***"
99 ls -l "${MYPWD}/output/"*/ | grep -v "total"
100