evolix/shellpki
21
0
Fork 0
Code Issues Pull requests Releases 3 Wiki Activity

Add --non-interactive command line option

Browse source
This commit is contained in:
Jérémy Lecour 2020-05-05 23:14:32 +02:00 committed by Jérémy Lecour
parent 0c4d36cb57
commit f94f7d8cd3
2 changed files with 20 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
* Accept a `password-file` command line option to read password from a file * Accept a `password-file` command line option to read password from a file
* Accept `--days` and `--end-date` command line options * Accept `--days` and `--end-date` command line options
* CA key length is configurable (minimum 4096) * CA key length is configurable (minimum 4096)
* Add `--non-interactive` command line option
### Changed ### Changed

19
shellpki
View file

@ -226,6 +226,9 @@ ask_ca_password() {
error "Maximum number of attempts reached (${max_attempts})." error "Maximum number of attempts reached (${max_attempts})."
fi fi
if [ -z "${CA_PASSWORD}" ]; then if [ -z "${CA_PASSWORD}" ]; then
if [ "${non_interactive}" -eq 1 ]; then
error "In non-interactive mode, you must pass CA_PASSWORD as environment variable"
fi
stty -echo stty -echo
printf "Password for CA key: " printf "Password for CA key: "
read -r CA_PASSWORD read -r CA_PASSWORD
@ -255,6 +258,7 @@ ask_user_password() {
create() { create() {
from_csr=0 from_csr=0
ask_pass=0 ask_pass=0
non_interactive=0
# Parse options # Parse options
# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a # based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
@ -353,6 +357,9 @@ create() {
printf 'ERROR: "--end-date" requires a non-empty option argument.\n' >&2 printf 'ERROR: "--end-date" requires a non-empty option argument.\n' >&2
exit 1 exit 1
;; ;;
--non-interactive)
non_interactive=1
;;
--) --)
# End of all options. # End of all options.
shift shift
@ -387,6 +394,11 @@ create() {
crt_expiration_arg="-enddate ${cert_end_date}" crt_expiration_arg="-enddate ${cert_end_date}"
fi fi
fi fi
if [ "${non_interactive}" -eq 1 ]; then
batch_arg="-batch"
else
batch_arg=""
fi
if [ "${from_csr}" -eq 1 ]; then if [ "${from_csr}" -eq 1 ]; then
if [ "${ask_pass}" -eq 1 ]; then if [ "${ask_pass}" -eq 1 ]; then
@ -438,7 +450,13 @@ create() {
fi fi
# ca sign and generate cert # ca sign and generate cert
if [ "${non_interactive}" -eq 1 ]; then
batch_arg="-batch"
else
batch_arg=""
fi
"${OPENSSL_BIN}" ca \ "${OPENSSL_BIN}" ca \
${batch_arg} \
-config "${CONF_FILE}" \ -config "${CONF_FILE}" \
-in "${csr_file}" \ -in "${csr_file}" \
-passin pass:${CA_PASSWORD} \ -passin pass:${CA_PASSWORD} \
@ -519,6 +537,7 @@ EOF
# ca sign and generate cert # ca sign and generate cert
"${OPENSSL_BIN}" ca \ "${OPENSSL_BIN}" ca \
${batch_arg} \
-config "${CONF_FILE}" \ -config "${CONF_FILE}" \
-passin pass:${CA_PASSWORD} \ -passin pass:${CA_PASSWORD} \
-in "${csr_file}" \ -in "${csr_file}" \