+#!/bin/bash
+#########
+# ============LICENSE_START====================================================
+# org.onap.aaf
+# ===========================================================================
+# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+# ===========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END====================================================
+#
#
# Initialize a manual Cert. This is NOT entered in Certman Records
+# $1 - CN (Common Name)
+# $2 - FQI (Fully Qualified Identity)
+# $3-$n - SANs (Service Alias Names)
#
-echo "FQI (Fully Qualified Identity): "
-read FQI
-if [ "$1" = "" -o "$1" = "-local" ]; then
+
+if [ "$2" = "" ]; then
+ echo "FQI (Fully Qualified Identity): "
+ read FQI
+fi
+
+if [ "$1" = "" -o "$1" = "-local" ]; then
echo "Personal Certificate"
SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
NAME=$FQI
-else
+else
echo "Application Certificate"
SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
- FQDN=$1
- NAME=$FQDN
- shift
+ NAME=$1
+
+ if [ "$3" = "" ]; then
+ echo "Enter any SANS, delimited by spaces: "
+ read SANS
+ else
+ SANS=""
+ while [ ! "$3" = "" ]; do
+ SANS=${SANS}" "$3
+ shift
+ done
+ fi
fi
+
+# Do SANs
+if [ "$SANS" = "" ]; then
+ echo no SANS
+ if [ -e $NAME.san ]; then
+ rm $NAME.san
+ fi
+ else
+ echo some SANS: $SANS
+ cp ../san.conf $NAME.san
+ NUM=1
+ for D in $SANS; do
+ echo "DNS.$NUM = $D" >> $NAME.san
+ NUM=$((NUM+1))
+ done
+fi
+
echo $SUBJECT
-if [ -e $FQI.csr ]; then
- SIGN_IT=true
-else
+if [ ! -e $NAME.csr ]; then
if [ "$1" = "-local" ]; then
echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
echo "Enter the PassPhrase for the Key for $FQI: "
`stty -echo`
read PASSPHRASE
`stty echo`
-
+
# remove any previous Private key
rm private/$NAME.key
- # Create j regaular rsa encrypted key
+ # Create regular rsa encrypted key
openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
-out $NAME.csr -outform PEM -subj "$SUBJECT" \
-passout stdin << EOF
$PASSPHRASE
EOF
- chmod 400 private/$NAME.key
- SIGN_IT=true
- else
- echo openssl req -newkey rsa:2048 -sha256 -keyout $NAME.key -out $NAME.csr -outform PEM -subj '"'$SUBJECT'"'
- echo chmod 400 $NAME.key
+ chmod 400 private/$NAME.key
+ else
+ openssl req -newkey rsa:2048 -sha256 -keyout private/$NAME.key -out $NAME.csr -outform PEM -subj "$SUBJECT"
+ chmod 400 $NAME.key
echo "# All done, print result"
- echo openssl req -verify -text -noout -in $NAME.csr
+ openssl req -verify -text -noout -in $NAME.csr
fi
fi
-if [ "$SIGN_IT" = "true" ]; then
# Sign it
- openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
+ if [ -e $NAME.san ]; then
+ openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \
-cert certs/ca.crt -keyfile private/ca.key \
-policy policy_loose \
-days 360 \
+ -extfile $NAME.san \
-infiles $NAME.csr
-fi
-
-
-
-
+ else
+ openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \
+ -cert certs/ca.crt -keyfile private/ca.key \
+ -policy policy_loose \
+ -days 360 \
+ -infiles $NAME.csr
+ fi
Code Review / aaf / authz.git / blobdiff