X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=conf%2FCA%2Fmanual.sh;h=00a23ec834ddad3faf024134e727ace17d9c46bc;hb=ceda6e8bc270202bcb24340b86617110289c902e;hp=eb391591c356dc4c96a72adb922f2f9315fe52f8;hpb=924b18d7469204ceaae60d7345712ea09f75a674;p=aaf%2Fauthz.git

diff --git a/conf/CA/manual.sh b/conf/CA/manual.sh
index eb391591..00a23ec8 100644
--- a/conf/CA/manual.sh
+++ b/conf/CA/manual.sh
@@ -6,15 +6,37 @@ read FQI
 if [ "$1" = "" -o "$1" = "-local" ]; then 
   echo "Personal Certificate"
   SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
+  NAME=$FQI
 else 
   echo "Application Certificate"
   SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
-  FQI=$1
+  FQDN=$1
+  NAME=$FQDN
   shift
+
+  echo "Enter any SANS, delimited by spaces: "
+  read SANS
+fi
+
+# Do SANs
+if [ "$SANS" = "" ]; then
+   echo no SANS
+    if [ -e $NAME.san ]; then 
+      rm $NAME.san
+    fi
+  else
+   echo some SANS
+    cp ../san.conf $NAME.san
+    NUM=1
+    for D in $SANS; do 
+        echo "DNS.$NUM = $D" >> $NAME.san
+	NUM=$((NUM+1))
+    done
 fi
+
 echo $SUBJECT
 
-if [ -e $FQI.csr ]; then
+if [ -e $NAME.csr ]; then
   SIGN_IT=true
 else 
   if [ "$1" = "-local" ]; then
@@ -25,32 +47,38 @@ else
 	`stty echo`
  
 	# remove any previous Private key
-	rm private/$FQI.key
+	rm private/$NAME.key
 	# Create j regaular rsa encrypted key
-	openssl req -new -newkey rsa:2048 -sha256 -keyout private/$FQI.key \
-	  -out $FQI.csr -outform PEM -subj "$SUBJECT" \
+	openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
+	  -out $NAME.csr -outform PEM -subj "$SUBJECT" \
 	  -passout stdin  << EOF
 $PASSPHRASE
 EOF
-	chmod 400 private/$FQI.key 
+	chmod 400 private/$NAME.key 
 	SIGN_IT=true
   else 
-	echo openssl req -newkey rsa:2048 -sha256 -keyout $FQI.key -out $FQI.csr -outform PEM -subj '"'$SUBJECT'"'
-	echo chmod 400 $FQI.key
+	echo openssl req -newkey rsa:2048 -sha256 -keyout $NAME.key -out $NAME.csr -outform PEM -subj '"'$SUBJECT'"'
+	echo chmod 400 $NAME.key
 	echo "# All done, print result"
-	echo openssl req -verify -text -noout -in $FQI.csr
+	echo openssl req -verify -text -noout -in $NAME.csr
   fi
 fi
 
 if [ "$SIGN_IT" = "true" ]; then
   # Sign it
-  openssl ca -config ../openssl.conf -extensions server_cert -out $FQI.crt \
+  if [ -e $NAME.san ]; then
+    openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
+	-cert certs/ca.crt -keyfile private/ca.key \
+	-policy policy_loose \
+	-days 360 \
+	-extfile $NAME.san \
+	-infiles $NAME.csr
+  else 
+    openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
 	-cert certs/ca.crt -keyfile private/ca.key \
 	-policy policy_loose \
 	-days 360 \
-	-infiles $FQI.csr
+	-infiles $NAME.csr
+  fi
 fi
 
-
-
-