Let OpenSSL read the password file itself
This commit is contained in:
parent
165c96ca55
commit
8e92d46ecd
48
shellpki
48
shellpki
|
@ -80,9 +80,9 @@ init() {
|
||||||
-x509 \
|
-x509 \
|
||||||
-days 3650 \
|
-days 3650 \
|
||||||
-extensions v3_ca \
|
-extensions v3_ca \
|
||||||
|
-passin env:CA_PASSWORD \
|
||||||
-key "${CA_KEY}" \
|
-key "${CA_KEY}" \
|
||||||
-out "${CA_CERT}" \
|
-out "${CA_CERT}" \
|
||||||
-passin env:CA_PASSWORD \
|
|
||||||
-config /dev/stdin <<EOF
|
-config /dev/stdin <<EOF
|
||||||
$(cat "${CONF_FILE}")
|
$(cat "${CONF_FILE}")
|
||||||
commonName_default = ${cn}
|
commonName_default = ${cn}
|
||||||
|
@ -434,12 +434,7 @@ create() {
|
||||||
# ask for CA passphrase
|
# ask for CA passphrase
|
||||||
ask_ca_password 0
|
ask_ca_password 0
|
||||||
|
|
||||||
if [ -n "${password_file}" ] && [ -r "${password_file}" ]; then
|
if [ "${ask_pass}" -eq 1 ]; then
|
||||||
PASSWORD=$(head -n 1 "${password_file}" | tr -d '\n')
|
|
||||||
if [ -z "${PASSWORD}" ]; then
|
|
||||||
warning "Warning: empty password from file \`${password_file}'"
|
|
||||||
fi
|
|
||||||
elif [ "${ask_pass}" -eq 1 ]; then
|
|
||||||
trap 'unset PASSWORD' 0
|
trap 'unset PASSWORD' 0
|
||||||
stty -echo
|
stty -echo
|
||||||
printf "Password for user key : "
|
printf "Password for user key : "
|
||||||
|
@ -453,7 +448,14 @@ create() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# generate private key
|
# generate private key
|
||||||
if [ -n "${PASSWORD}" ]; then
|
if [ -n "${password_file}" ]; then
|
||||||
|
"${OPENSSL_BIN}" genrsa \
|
||||||
|
-aes256 \
|
||||||
|
-passout file:${password_file} \
|
||||||
|
-out "${key_file}" \
|
||||||
|
${KEY_LENGTH} \
|
||||||
|
>/dev/null 2>&1
|
||||||
|
elif [ -n "${PASSWORD}" ]; then
|
||||||
PASSWORD="${PASSWORD}" "${OPENSSL_BIN}" genrsa \
|
PASSWORD="${PASSWORD}" "${OPENSSL_BIN}" genrsa \
|
||||||
-aes256 \
|
-aes256 \
|
||||||
-passout env:PASSWORD \
|
-passout env:PASSWORD \
|
||||||
|
@ -467,7 +469,19 @@ create() {
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "${PASSWORD}" ]; then
|
if [ -n "${password_file}" ]; then
|
||||||
|
# generate csr req
|
||||||
|
"${OPENSSL_BIN}" req \
|
||||||
|
-batch \
|
||||||
|
-new \
|
||||||
|
-key "${key_file}" \
|
||||||
|
-passin file:${password_file} \
|
||||||
|
-out "${csr_file}" \
|
||||||
|
-config /dev/stdin <<EOF
|
||||||
|
$(cat "${CONF_FILE}")
|
||||||
|
commonName_default = ${cn}
|
||||||
|
EOF
|
||||||
|
elif [ -n "${PASSWORD}" ]; then
|
||||||
# generate csr req
|
# generate csr req
|
||||||
PASSWORD="${PASSWORD}" "${OPENSSL_BIN}" req \
|
PASSWORD="${PASSWORD}" "${OPENSSL_BIN}" req \
|
||||||
-batch \
|
-batch \
|
||||||
|
@ -518,22 +532,32 @@ EOF
|
||||||
echo "The CRT file is available in ${crt_file}"
|
echo "The CRT file is available in ${crt_file}"
|
||||||
|
|
||||||
# generate pkcs12 format
|
# generate pkcs12 format
|
||||||
if [ -n "${PASSWORD}" ]; then
|
|
||||||
|
if [ -n "${password_file}" ]; then
|
||||||
|
"${OPENSSL_BIN}" pkcs12 \
|
||||||
|
-export \
|
||||||
|
-nodes \
|
||||||
|
-passin file:${password_file} \
|
||||||
|
-inkey "${key_file}" \
|
||||||
|
-in "${crt_file}" \
|
||||||
|
-passout file:${password_file} \
|
||||||
|
-out "${pkcs12_file}"
|
||||||
|
elif [ -n "${PASSWORD}" ]; then
|
||||||
PASSWORD="${PASSWORD}" "${OPENSSL_BIN}" pkcs12 \
|
PASSWORD="${PASSWORD}" "${OPENSSL_BIN}" pkcs12 \
|
||||||
-export \
|
-export \
|
||||||
-nodes \
|
-nodes \
|
||||||
-passin env:PASSWORD \
|
-passin env:PASSWORD \
|
||||||
-passout env:PASSWORD \
|
|
||||||
-inkey "${key_file}" \
|
-inkey "${key_file}" \
|
||||||
-in "${crt_file}" \
|
-in "${crt_file}" \
|
||||||
|
-passout env:PASSWORD \
|
||||||
-out "${pkcs12_file}"
|
-out "${pkcs12_file}"
|
||||||
else
|
else
|
||||||
"${OPENSSL_BIN}" pkcs12 \
|
"${OPENSSL_BIN}" pkcs12 \
|
||||||
-export \
|
-export \
|
||||||
-nodes \
|
-nodes \
|
||||||
-passout pass: \
|
|
||||||
-inkey "${key_file}" \
|
-inkey "${key_file}" \
|
||||||
-in "${crt_file}" \
|
-in "${crt_file}" \
|
||||||
|
-passout pass: \
|
||||||
-out "${pkcs12_file}"
|
-out "${pkcs12_file}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue