mirror of
https://port.numenaute.org/aleajactaest/bazar_alea.git
synced 2024-10-04 15:58:31 +00:00
155 lines
4.1 KiB
Bash
Executable file
155 lines
4.1 KiB
Bash
Executable file
#!/bin/bash
|
|
#
|
|
# Script to create certificate
|
|
#
|
|
# Copyright (C) 2023 AleaJactaEst
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
#
|
|
# Example :
|
|
# ./create-certificate.sh
|
|
|
|
declare DEBUG=0
|
|
declare VERBOSE=0
|
|
declare HELP=0
|
|
declare WORKDIR="$(dirname $(readlink -f $0))"
|
|
declare OPENSSLBIN="openssl"
|
|
declare CERTDIR="$WORKDIR/.cert"
|
|
|
|
function msg_debug()
|
|
{
|
|
if [ $DEBUG -ne 0 ]
|
|
then
|
|
echo "### DEBUG : $*" >&2
|
|
fi
|
|
}
|
|
|
|
function msg_info()
|
|
{
|
|
echo "--- INFO : $*" >&2
|
|
}
|
|
|
|
function msg_error()
|
|
{
|
|
echo "*** ERROR : $*" >&2
|
|
}
|
|
|
|
function byebye()
|
|
{
|
|
local CODE=$?
|
|
if [ $CODE -ne 0 ]
|
|
then
|
|
msg_error "return code:$CODE"
|
|
else
|
|
msg_info "End"
|
|
fi
|
|
exit $CODE
|
|
}
|
|
|
|
while getopts hdvs:c: flag
|
|
do
|
|
case "${flag}" in
|
|
h) HELP=1;;
|
|
d) DEBUG=1;;
|
|
v) VERBOSE=1;;
|
|
s) OPENSSLBIN=${OPTARG};;
|
|
c) CERTDIR=${OPTARG};;
|
|
*) HELP=1;;
|
|
esac
|
|
done
|
|
|
|
if [[ $HELP -ne 0 ]]
|
|
then
|
|
cat << EOF
|
|
$(basename $0) [Option] : Donwload Launch Godot
|
|
Option:
|
|
-h : Show help
|
|
-d : Show debug message
|
|
-v : Show verbose message
|
|
-s <path> : localization openssl
|
|
-c <path> : directory where certificate are created
|
|
EOF
|
|
exit 1
|
|
fi
|
|
|
|
trap byebye EXIT
|
|
|
|
msg_info "Start"
|
|
msg_debug "WORKDIR:$WORKDIR"
|
|
|
|
mkdir -p $CERTDIR
|
|
|
|
msg_info "Clean old file"
|
|
rm -f $CERTDIR/ca-cert.pem $CERTDIR/ca-db-index.attr $CERTDIR/ca-db-index.attr.old $CERTDIR/ca-db-index.old $CERTDIR/ca-db-serial $CERTDIR/ca-db-serial.old $CERTDIR/ca-key.pem $CERTDIR/client-key.pem $CERTDIR/client.csr $CERTDIR/server-key.pem $CERTDIR/server.csr $CERTDIR/server-cert.pem $CERTDIR/client-cert.pem $CERTDIR/01.pem $CERTDIR/02.pem
|
|
rm -f $CERTDIR/ca-db-index $CERTDIR/ca.conf
|
|
ls -l $CERTDIR
|
|
|
|
msg_info "Restart index certificate"
|
|
touch $CERTDIR/ca-db-index
|
|
echo 01 > $CERTDIR/ca-db-serial
|
|
ls -l $CERTDIR
|
|
|
|
msg_info "Create CA config"
|
|
cat << EOF > $CERTDIR/ca.conf
|
|
[ ca ]
|
|
default_ca = ca_default
|
|
|
|
[ ca_default ]
|
|
dir = $CERTDIR/
|
|
certs = \$dir
|
|
new_certs_dir = \$dir
|
|
database = $CERTDIR/ca-db-index
|
|
serial = $CERTDIR/ca-db-serial
|
|
RANDFILE = $CERTDIR/ca-db-rand
|
|
certificate = $CERTDIR/ca-cert.pem
|
|
private_key = $CERTDIR/ca-key.pem
|
|
default_days = 365
|
|
default_crl_days = 365
|
|
default_md = sha256
|
|
preserve = no
|
|
policy = generic_policy
|
|
|
|
[ generic_policy ]
|
|
countryName = optional
|
|
stateOrProvinceName = optional
|
|
localityName = optional
|
|
organizationName = optional
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
|
|
EOF
|
|
|
|
msg_info "Certificate Authority"
|
|
$OPENSSLBIN req -nodes -x509 -newkey rsa:2048 -days 365 -keyout $CERTDIR/ca-key.pem -out $CERTDIR/ca-cert.pem -subj "/C=EU/ST=France/L=Paris/O=Khaganat/OU=FR/CN=khanagat.org" || exit 2
|
|
|
|
msg_info "Server Certificate"
|
|
$OPENSSLBIN req -nodes -new -newkey rsa:2048 -keyout $CERTDIR/server-key.pem -out $CERTDIR/server.csr -subj "/C=EU/ST=France/L=Paris/O=Khaganat/OU=FR/CN=server.khanagat.org" || exit 2
|
|
|
|
msg_info "Sign Server Certificate"
|
|
$OPENSSLBIN ca -config $CERTDIR/ca.conf -days 365 -in $CERTDIR/server.csr -out $CERTDIR/server-cert.pem -batch || exit 2
|
|
|
|
msg_info "Client Certificate"
|
|
$OPENSSLBIN req -nodes -new -newkey rsa:2048 -keyout $CERTDIR/client-key.pem -out $CERTDIR/client.csr -subj "/C=EU/ST=France/L=Paris/O=Khaganat/OU=FR/CN=client.khanagat.org" || exit 2
|
|
|
|
msg_info "Sign Client Certificate"
|
|
$OPENSSLBIN ca -config $CERTDIR/ca.conf -days 365 -in $CERTDIR/client.csr -out $CERTDIR/client-cert.pem -batch || exit 2
|
|
|
|
msg_info "Publish certificate"
|
|
|
|
#cp $CERTDIR/client-cert.pem src/certs/
|
|
#cp $CERTDIR/client-key.pem src/certs/
|
|
#cp $CERTDIR/server-cert.pem src/certs/
|
|
#cp $CERTDIR/server-key.pem src/certs/
|
|
|