Simplify openssl commands composition
This commit is contained in:
parent
8e92d46ecd
commit
bb20053ba0
113
shellpki
113
shellpki
|
@ -448,63 +448,39 @@ create() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# generate private key
|
# generate private key
|
||||||
|
OPENSSL_ENV=""
|
||||||
|
PASS_ARGS=""
|
||||||
if [ -n "${password_file}" ]; then
|
if [ -n "${password_file}" ]; then
|
||||||
"${OPENSSL_BIN}" genrsa \
|
PASS_ARGS="-aes256 -passout file:${password_file}"
|
||||||
-aes256 \
|
|
||||||
-passout file:${password_file} \
|
|
||||||
-out "${key_file}" \
|
|
||||||
${KEY_LENGTH} \
|
|
||||||
>/dev/null 2>&1
|
|
||||||
elif [ -n "${PASSWORD}" ]; then
|
elif [ -n "${PASSWORD}" ]; then
|
||||||
PASSWORD="${PASSWORD}" "${OPENSSL_BIN}" genrsa \
|
OPENSSL_ENV="PASSWORD=${PASSWORD}"
|
||||||
-aes256 \
|
PASS_ARGS="-aes256 -passout env:PASSWORD"
|
||||||
-passout env:PASSWORD \
|
|
||||||
-out "${key_file}" \
|
|
||||||
${KEY_LENGTH} \
|
|
||||||
>/dev/null 2>&1
|
|
||||||
else
|
|
||||||
"${OPENSSL_BIN}" genrsa \
|
|
||||||
-out "${key_file}" \
|
|
||||||
${KEY_LENGTH} \
|
|
||||||
>/dev/null 2>&1
|
|
||||||
fi
|
fi
|
||||||
|
"${OPENSSL_ENV}" "${OPENSSL_BIN}" genrsa \
|
||||||
|
-out "${key_file}" \
|
||||||
|
${PASS_ARGS} \
|
||||||
|
${KEY_LENGTH} \
|
||||||
|
>/dev/null 2>&1
|
||||||
|
|
||||||
|
# generate csr req
|
||||||
|
OPENSSL_ENV=""
|
||||||
|
PASS_ARGS=""
|
||||||
if [ -n "${password_file}" ]; then
|
if [ -n "${password_file}" ]; then
|
||||||
# generate csr req
|
PASS_ARGS="-passin file:${password_file}"
|
||||||
"${OPENSSL_BIN}" req \
|
|
||||||
-batch \
|
|
||||||
-new \
|
|
||||||
-key "${key_file}" \
|
|
||||||
-passin file:${password_file} \
|
|
||||||
-out "${csr_file}" \
|
|
||||||
-config /dev/stdin <<EOF
|
|
||||||
$(cat "${CONF_FILE}")
|
|
||||||
commonName_default = ${cn}
|
|
||||||
EOF
|
|
||||||
elif [ -n "${PASSWORD}" ]; then
|
elif [ -n "${PASSWORD}" ]; then
|
||||||
# generate csr req
|
OPENSSL_ENV="PASSWORD=${PASSWORD}"
|
||||||
PASSWORD="${PASSWORD}" "${OPENSSL_BIN}" req \
|
PASS_ARGS="-passin env:PASSWORD"
|
||||||
-batch \
|
|
||||||
-new \
|
|
||||||
-key "${key_file}" \
|
|
||||||
-passin env:PASSWORD \
|
|
||||||
-out "${csr_file}" \
|
|
||||||
-config /dev/stdin <<EOF
|
|
||||||
$(cat "${CONF_FILE}")
|
|
||||||
commonName_default = ${cn}
|
|
||||||
EOF
|
|
||||||
else
|
|
||||||
# generate csr req
|
|
||||||
"${OPENSSL_BIN}" req \
|
|
||||||
-batch \
|
|
||||||
-new \
|
|
||||||
-key "${key_file}" \
|
|
||||||
-out "${csr_file}" \
|
|
||||||
-config /dev/stdin <<EOF
|
|
||||||
$(cat "${CONF_FILE}")
|
|
||||||
commonName_default = ${cn}
|
|
||||||
EOF
|
|
||||||
fi
|
fi
|
||||||
|
"${OPENSSL_ENV}" "${OPENSSL_BIN}" req \
|
||||||
|
-batch \
|
||||||
|
-new \
|
||||||
|
-key "${key_file}" \
|
||||||
|
-out "${csr_file}" \
|
||||||
|
${PASS_ARGS} \
|
||||||
|
-config /dev/stdin <<EOF
|
||||||
|
$(cat "${CONF_FILE}")
|
||||||
|
commonName_default = ${cn}
|
||||||
|
EOF
|
||||||
|
|
||||||
# ca sign and generate cert
|
# ca sign and generate cert
|
||||||
CA_PASSWORD="${CA_PASSWORD}" "${OPENSSL_BIN}" ca \
|
CA_PASSWORD="${CA_PASSWORD}" "${OPENSSL_BIN}" ca \
|
||||||
|
@ -532,34 +508,23 @@ EOF
|
||||||
echo "The CRT file is available in ${crt_file}"
|
echo "The CRT file is available in ${crt_file}"
|
||||||
|
|
||||||
# generate pkcs12 format
|
# generate pkcs12 format
|
||||||
|
OPENSSL_ENV=""
|
||||||
|
PASS_ARGS=""
|
||||||
if [ -n "${password_file}" ]; then
|
if [ -n "${password_file}" ]; then
|
||||||
"${OPENSSL_BIN}" pkcs12 \
|
PASS_ARGS="-passin file:${password_file} -passout file:${password_file}"
|
||||||
-export \
|
|
||||||
-nodes \
|
|
||||||
-passin file:${password_file} \
|
|
||||||
-inkey "${key_file}" \
|
|
||||||
-in "${crt_file}" \
|
|
||||||
-passout file:${password_file} \
|
|
||||||
-out "${pkcs12_file}"
|
|
||||||
elif [ -n "${PASSWORD}" ]; then
|
elif [ -n "${PASSWORD}" ]; then
|
||||||
PASSWORD="${PASSWORD}" "${OPENSSL_BIN}" pkcs12 \
|
OPENSSL_ENV="PASSWORD=${PASSWORD}"
|
||||||
-export \
|
PASS_ARGS="-passin env:PASSWORD -passout env:PASSWORD"
|
||||||
-nodes \
|
|
||||||
-passin env:PASSWORD \
|
|
||||||
-inkey "${key_file}" \
|
|
||||||
-in "${crt_file}" \
|
|
||||||
-passout env:PASSWORD \
|
|
||||||
-out "${pkcs12_file}"
|
|
||||||
else
|
else
|
||||||
"${OPENSSL_BIN}" pkcs12 \
|
PASS_ARGS="-passout pass:"
|
||||||
-export \
|
|
||||||
-nodes \
|
|
||||||
-inkey "${key_file}" \
|
|
||||||
-in "${crt_file}" \
|
|
||||||
-passout pass: \
|
|
||||||
-out "${pkcs12_file}"
|
|
||||||
fi
|
fi
|
||||||
|
"${OPENSSL_ENV}" "${OPENSSL_BIN}" pkcs12 \
|
||||||
|
-export \
|
||||||
|
-nodes \
|
||||||
|
-inkey "${key_file}" \
|
||||||
|
-in "${crt_file}" \
|
||||||
|
-out "${pkcs12_file}"
|
||||||
|
${PASS_ARGS}
|
||||||
|
|
||||||
chmod 640 "${pkcs12_file}"
|
chmod 640 "${pkcs12_file}"
|
||||||
echo "The PKCS12 config file is available in ${pkcs12_file}"
|
echo "The PKCS12 config file is available in ${pkcs12_file}"
|
||||||
|
|
Loading…
Reference in a new issue