[utils.git] / certreq

#!/bin/bash

commajoin() {
    f=y
    for arg in "$@"; do
	if [ -z "$f" ]; then echo -n ,; fi
	echo -n "$arg"
	f=
    done
}

usage() {
    echo "usage: certreq [-h] [-a ALTNAMES] [-C] SUBJECT KEYFILE"
    echo '        SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
    echo '        ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
}

declare -A reqexts config
while getopts hCa: OPT; do
    case "$OPT" in
	h)
	    usage
	    exit 0
	    ;;
	a)
	    reqexts[SAN]=1
	    config[SAN]=1
	    config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
	    ;;
	C)
	    reqexts[NON_SELF_CA]=1
	    config[NON_SELF_CA]=1
	    config_NON_SELF_CA=("${config_NONE_SELF_CA[@]}"
				"basicConstraints = critical,CA:true"
				"keyUsage = cRLSign, keyCertSign")
	    ;;
    esac
done
shift $((OPTIND - 1))
if [ $# -lt 2 ]; then
    usage >&2
    exit 1
fi

args=(openssl req -new)
if [ -n "${!reqexts[*]}" ]; then
    for reqext in "${!reqexts[@]}"; do
	args=("${args[@]}" -reqexts "$reqext")
    done
fi
if [ -n "${!config[*]}" ]; then
    confpath="$(mktemp /tmp/certreq-XXXXXX)"
    cat /etc/ssl/openssl.cnf >>"$confpath"
    for section in "${!config[@]}"; do
	echo "[${section}]" >>"$confpath"
	var="config_${section}[@]"
	for confopt in "${!var}"; do
	    echo "$confopt" >>"$confpath"
	done
	echo >>"$confpath"
    done
    trap 'rm -f "$confpath"' EXIT
    args=("${args[@]}" -config "$confpath")
fi
args=("${args[@]}" -subj "$1" -key "$2")

"${args[@]}"
Commit	Line	Data
f2571f84 FT	1	#!/bin/bash
f2571f84 FT	2
f3768fd2 FT	3	commajoin() {
	4	f=y
	5	for arg in "$@"; do
	6	if [ -z "$f" ]; then echo -n ,; fi
	7	echo -n "$arg"
	8	f=
	9	done
	10	}
	11
f2571f84	12	usage() {
1b361866	13	echo "usage: certreq [-h] [-a ALTNAMES] [-C] SUBJECT KEYFILE"
f2571f84 FT	14	echo ' SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
	15	echo ' ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
	16	}
	17
	18	declare -A reqexts config
1b361866	19	while getopts hCa: OPT; do
f2571f84 FT	20	case "$OPT" in
	21	h)
	22	usage
	23	exit 0
	24	;;
	25	a)
	26	reqexts[SAN]=1
	27	config[SAN]=1
	28	config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
	29	;;
1b361866 FT	30	C)
	31	reqexts[NON_SELF_CA]=1
	32	config[NON_SELF_CA]=1
	33	config_NON_SELF_CA=("${config_NONE_SELF_CA[@]}"
	34	"basicConstraints = critical,CA:true"
	35	"keyUsage = cRLSign, keyCertSign")
	36	;;
f2571f84 FT	37	esac
	38	done
	39	shift $((OPTIND - 1))
	40	if [ $# -lt 2 ]; then
	41	usage >&2
	42	exit 1
	43	fi
	44
	45	args=(openssl req -new)
	46	if [ -n "${!reqexts[*]}" ]; then
f3768fd2 FT	47	for reqext in "${!reqexts[@]}"; do
	48	args=("${args[@]}" -reqexts "$reqext")
	49	done
f2571f84 FT	50	fi
	51	if [ -n "${!config[*]}" ]; then
	52	confpath="$(mktemp /tmp/certreq-XXXXXX)"
	53	cat /etc/ssl/openssl.cnf >>"$confpath"
	54	for section in "${!config[@]}"; do
	55	echo "[${section}]" >>"$confpath"
	56	var="config_${section}[@]"
	57	for confopt in "${!var}"; do
	58	echo "$confopt" >>"$confpath"
	59	done
	60	echo >>"$confpath"
	61	done
	62	trap 'rm -f "$confpath"' EXIT
	63	args=("${args[@]}" -config "$confpath")
	64	fi
	65	args=("${args[@]}" -subj "$1" -key "$2")
	66
	67	"${args[@]}"