evolix/shellpki
21
0
Fork 0
Code Issues Pull requests Releases 3 Wiki Activity

Simplify openssl commands composition

Browse source
This commit is contained in:
Jérémy Lecour 2020-05-05 09:42:54 +02:00 committed by Jérémy Lecour
parent 8e92d46ecd
commit bb20053ba0
1 changed files with 39 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

113
shellpki
View file

@ -448,63 +448,39 @@ create() {
fi
# generate private key
OPENSSL_ENV=""
PASS_ARGS=""
if [ -n "${password_file}" ]; then
"${OPENSSL_BIN}" genrsa \
-aes256 \
-passout file:${password_file} \
-out "${key_file}" \
${KEY_LENGTH} \
>/dev/null 2>&1
PASS_ARGS="-aes256 -passout file:${password_file}"
elif [ -n "${PASSWORD}" ]; then
PASSWORD="${PASSWORD}" "${OPENSSL_BIN}" genrsa \
-aes256 \
-passout env:PASSWORD \
-out "${key_file}" \
${KEY_LENGTH} \
>/dev/null 2>&1
else
"${OPENSSL_BIN}" genrsa \
-out "${key_file}" \
${KEY_LENGTH} \
>/dev/null 2>&1
OPENSSL_ENV="PASSWORD=${PASSWORD}"
PASS_ARGS="-aes256 -passout env:PASSWORD"
fi
"${OPENSSL_ENV}" "${OPENSSL_BIN}" genrsa \
-out "${key_file}" \
${PASS_ARGS} \
${KEY_LENGTH} \
>/dev/null 2>&1
# generate csr req
OPENSSL_ENV=""
PASS_ARGS=""
if [ -n "${password_file}" ]; then
# generate csr req
"${OPENSSL_BIN}" req \
-batch \
-new \
-key "${key_file}" \
-passin file:${password_file} \
-out "${csr_file}" \
-config /dev/stdin <<EOF
$(cat "${CONF_FILE}")
commonName_default = ${cn}
EOF
PASS_ARGS="-passin file:${password_file}"
elif [ -n "${PASSWORD}" ]; then
# generate csr req
PASSWORD="${PASSWORD}" "${OPENSSL_BIN}" req \
-batch \
-new \
-key "${key_file}" \
-passin env:PASSWORD \
-out "${csr_file}" \
-config /dev/stdin <<EOF
$(cat "${CONF_FILE}")
commonName_default = ${cn}
EOF
else
# generate csr req
"${OPENSSL_BIN}" req \
-batch \
-new \
-key "${key_file}" \
-out "${csr_file}" \
-config /dev/stdin <<EOF
$(cat "${CONF_FILE}")
commonName_default = ${cn}
EOF
OPENSSL_ENV="PASSWORD=${PASSWORD}"
PASS_ARGS="-passin env:PASSWORD"
fi
"${OPENSSL_ENV}" "${OPENSSL_BIN}" req \
-batch \
-new \
-key "${key_file}" \
-out "${csr_file}" \
${PASS_ARGS} \
-config /dev/stdin <<EOF
$(cat "${CONF_FILE}")
commonName_default = ${cn}
EOF
# ca sign and generate cert
CA_PASSWORD="${CA_PASSWORD}" "${OPENSSL_BIN}" ca \
@ -532,34 +508,23 @@ EOF
echo "The CRT file is available in ${crt_file}"
# generate pkcs12 format
OPENSSL_ENV=""
PASS_ARGS=""
if [ -n "${password_file}" ]; then
"${OPENSSL_BIN}" pkcs12 \
-export \
-nodes \
-passin file:${password_file} \
-inkey "${key_file}" \
-in "${crt_file}" \
-passout file:${password_file} \
-out "${pkcs12_file}"
PASS_ARGS="-passin file:${password_file} -passout file:${password_file}"
elif [ -n "${PASSWORD}" ]; then
PASSWORD="${PASSWORD}" "${OPENSSL_BIN}" pkcs12 \
-export \
-nodes \
-passin env:PASSWORD \
-inkey "${key_file}" \
-in "${crt_file}" \
-passout env:PASSWORD \
-out "${pkcs12_file}"
OPENSSL_ENV="PASSWORD=${PASSWORD}"
PASS_ARGS="-passin env:PASSWORD -passout env:PASSWORD"
else
"${OPENSSL_BIN}" pkcs12 \
-export \
-nodes \
-inkey "${key_file}" \
-in "${crt_file}" \
-passout pass: \
-out "${pkcs12_file}"
PASS_ARGS="-passout pass:"
fi
"${OPENSSL_ENV}" "${OPENSSL_BIN}" pkcs12 \
-export \
-nodes \
-inkey "${key_file}" \
-in "${crt_file}" \
-out "${pkcs12_file}"
${PASS_ARGS}
chmod 640 "${pkcs12_file}"
echo "The PKCS12 config file is available in ${pkcs12_file}"