Add --non-interactive
command line option
This commit is contained in:
parent
0c4d36cb57
commit
f94f7d8cd3
|
@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||||
* Accept a `password-file` command line option to read password from a file
|
* Accept a `password-file` command line option to read password from a file
|
||||||
* Accept `--days` and `--end-date` command line options
|
* Accept `--days` and `--end-date` command line options
|
||||||
* CA key length is configurable (minimum 4096)
|
* CA key length is configurable (minimum 4096)
|
||||||
|
* Add `--non-interactive` command line option
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
|
19
shellpki
19
shellpki
|
@ -226,6 +226,9 @@ ask_ca_password() {
|
||||||
error "Maximum number of attempts reached (${max_attempts})."
|
error "Maximum number of attempts reached (${max_attempts})."
|
||||||
fi
|
fi
|
||||||
if [ -z "${CA_PASSWORD}" ]; then
|
if [ -z "${CA_PASSWORD}" ]; then
|
||||||
|
if [ "${non_interactive}" -eq 1 ]; then
|
||||||
|
error "In non-interactive mode, you must pass CA_PASSWORD as environment variable"
|
||||||
|
fi
|
||||||
stty -echo
|
stty -echo
|
||||||
printf "Password for CA key: "
|
printf "Password for CA key: "
|
||||||
read -r CA_PASSWORD
|
read -r CA_PASSWORD
|
||||||
|
@ -255,6 +258,7 @@ ask_user_password() {
|
||||||
create() {
|
create() {
|
||||||
from_csr=0
|
from_csr=0
|
||||||
ask_pass=0
|
ask_pass=0
|
||||||
|
non_interactive=0
|
||||||
|
|
||||||
# Parse options
|
# Parse options
|
||||||
# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||||
|
@ -353,6 +357,9 @@ create() {
|
||||||
printf 'ERROR: "--end-date" requires a non-empty option argument.\n' >&2
|
printf 'ERROR: "--end-date" requires a non-empty option argument.\n' >&2
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
|
--non-interactive)
|
||||||
|
non_interactive=1
|
||||||
|
;;
|
||||||
--)
|
--)
|
||||||
# End of all options.
|
# End of all options.
|
||||||
shift
|
shift
|
||||||
|
@ -387,6 +394,11 @@ create() {
|
||||||
crt_expiration_arg="-enddate ${cert_end_date}"
|
crt_expiration_arg="-enddate ${cert_end_date}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
if [ "${non_interactive}" -eq 1 ]; then
|
||||||
|
batch_arg="-batch"
|
||||||
|
else
|
||||||
|
batch_arg=""
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "${from_csr}" -eq 1 ]; then
|
if [ "${from_csr}" -eq 1 ]; then
|
||||||
if [ "${ask_pass}" -eq 1 ]; then
|
if [ "${ask_pass}" -eq 1 ]; then
|
||||||
|
@ -438,7 +450,13 @@ create() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ca sign and generate cert
|
# ca sign and generate cert
|
||||||
|
if [ "${non_interactive}" -eq 1 ]; then
|
||||||
|
batch_arg="-batch"
|
||||||
|
else
|
||||||
|
batch_arg=""
|
||||||
|
fi
|
||||||
"${OPENSSL_BIN}" ca \
|
"${OPENSSL_BIN}" ca \
|
||||||
|
${batch_arg} \
|
||||||
-config "${CONF_FILE}" \
|
-config "${CONF_FILE}" \
|
||||||
-in "${csr_file}" \
|
-in "${csr_file}" \
|
||||||
-passin pass:${CA_PASSWORD} \
|
-passin pass:${CA_PASSWORD} \
|
||||||
|
@ -519,6 +537,7 @@ EOF
|
||||||
|
|
||||||
# ca sign and generate cert
|
# ca sign and generate cert
|
||||||
"${OPENSSL_BIN}" ca \
|
"${OPENSSL_BIN}" ca \
|
||||||
|
${batch_arg} \
|
||||||
-config "${CONF_FILE}" \
|
-config "${CONF_FILE}" \
|
||||||
-passin pass:${CA_PASSWORD} \
|
-passin pass:${CA_PASSWORD} \
|
||||||
-in "${csr_file}" \
|
-in "${csr_file}" \
|
||||||
|
|
Loading…
Reference in a new issue