certreq

   1 #!/bin/bash
   2
   3 usage() {
   4     echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
   5     echo '        SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
   6     echo '        ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
   7 }
   8
   9 declare -A reqexts config
  10 while getopts ha: OPT; do
  11     case "$OPT" in
  12         h)
  13             usage
  14             exit 0
  15             ;;
  16         a)
  17             reqexts[SAN]=1
  18             config[SAN]=1
  19             config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
  20             ;;
  21     esac
  22 done
  23 shift $((OPTIND - 1))
  24 if [ $# -lt 2 ]; then
  25     usage >&2
  26     exit 1
  27 fi
  28
  29 args=(openssl req -new)
  30 if [ -n "${!reqexts[*]}" ]; then
  31     args=("${args[@]}" -reqexts "${!reqexts[@]}")
  32 fi
  33 if [ -n "${!config[*]}" ]; then
  34     confpath="$(mktemp /tmp/certreq-XXXXXX)"
  35     cat /etc/ssl/openssl.cnf >>"$confpath"
  36     for section in "${!config[@]}"; do
  37         echo "[${section}]" >>"$confpath"
  38         var="config_${section}[@]"
  39         for confopt in "${!var}"; do
  40             echo "$confopt" >>"$confpath"
  41         done
  42         echo >>"$confpath"
  43     done
  44     trap 'rm -f "$confpath"' EXIT
  45     args=("${args[@]}" -config "$confpath")
  46 fi
  47 args=("${args[@]}" -subj "$1" -key "$2")
  48
  49 "${args[@]}"