certreq

   1 #!/bin/bash
   2
   3 commajoin() {
   4     f=y
   5     for arg in "$@"; do
   6         if [ -z "$f" ]; then echo -n ,; fi
   7         echo -n "$arg"
   8         f=
   9     done
  10 }
  11
  12 usage() {
  13     echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
  14     echo '        SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
  15     echo '        ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
  16 }
  17
  18 declare -A reqexts config
  19 while getopts ha: OPT; do
  20     case "$OPT" in
  21         h)
  22             usage
  23             exit 0
  24             ;;
  25         a)
  26             reqexts[SAN]=1
  27             config[SAN]=1
  28             config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
  29             ;;
  30     esac
  31 done
  32 shift $((OPTIND - 1))
  33 if [ $# -lt 2 ]; then
  34     usage >&2
  35     exit 1
  36 fi
  37
  38 args=(openssl req -new)
  39 if [ -n "${!reqexts[*]}" ]; then
  40     for reqext in "${!reqexts[@]}"; do
  41         args=("${args[@]}" -reqexts "$reqext")
  42     done
  43 fi
  44 if [ -n "${!config[*]}" ]; then
  45     confpath="$(mktemp /tmp/certreq-XXXXXX)"
  46     cat /etc/ssl/openssl.cnf >>"$confpath"
  47     for section in "${!config[@]}"; do
  48         echo "[${section}]" >>"$confpath"
  49         var="config_${section}[@]"
  50         for confopt in "${!var}"; do
  51             echo "$confopt" >>"$confpath"
  52         done
  53         echo >>"$confpath"
  54     done
  55     trap 'rm -f "$confpath"' EXIT
  56     args=("${args[@]}" -config "$confpath")
  57 fi
  58 args=("${args[@]}" -subj "$1" -key "$2")
  59
  60 "${args[@]}"