conf/CA/manual.sh - onap/aaf/authz - Gitiles

 #
 # Initialize a manual Cert.  This is NOT entered in Certman Records
 #
 echo "FQI (Fully Qualified Identity): "
 read FQI
 if [ "$1" = "" -o "$1" = "-local" ]; then
   echo "Personal Certificate"
   SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
   NAME=$FQI
 else
   echo "Application Certificate"
   SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
   FQDN=$1
   NAME=$FQDN
   shift

   echo "Enter any SANS, delimited by spaces: "
   read SANS
 fi

 # Do SANs
 if [ "$SANS" = "" ]; then
    echo no SANS
     if [ -e $NAME.san ]; then
       rm $NAME.san
     fi
   else
    echo some SANS
     cp ../san.conf $NAME.san
     NUM=1
     for D in $SANS; do
         echo "DNS.$NUM = $D" >> $NAME.san
 	NUM=$((NUM+1))
     done
 fi

 echo $SUBJECT

 if [ -e $NAME.csr ]; then
   SIGN_IT=true
 else
   if [ "$1" = "-local" ]; then
 	echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
 	echo "Enter the PassPhrase for the Key for $FQI: "
 	`stty -echo`
 	read PASSPHRASE
 	`stty echo`

 	# remove any previous Private key
 	rm private/$NAME.key
 	# Create j regaular rsa encrypted key
 	openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
 	  -out $NAME.csr -outform PEM -subj "$SUBJECT" \
 	  -passout stdin  << EOF
 $PASSPHRASE
 EOF
 	chmod 400 private/$NAME.key
 	SIGN_IT=true
   else
 	echo openssl req -newkey rsa:2048 -sha256 -keyout $NAME.key -out $NAME.csr -outform PEM -subj '"'$SUBJECT'"'
 	echo chmod 400 $NAME.key
 	echo "# All done, print result"
 	echo openssl req -verify -text -noout -in $NAME.csr
   fi
 fi

 if [ "$SIGN_IT" = "true" ]; then
   # Sign it
   if [ -e $NAME.san ]; then
     openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
 	-cert certs/ca.crt -keyfile private/ca.key \
 	-policy policy_loose \
 	-days 360 \
 	-extfile $NAME.san \
 	-infiles $NAME.csr
   else
     openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
 	-cert certs/ca.crt -keyfile private/ca.key \
 	-policy policy_loose \
 	-days 360 \
 	-infiles $NAME.csr
   fi
 fi
	#
	# Initialize a manual Cert. This is NOT entered in Certman Records
	#
	echo "FQI (Fully Qualified Identity): "
	read FQI
	if [ "$1" = "" -o "$1" = "-local" ]; then
	echo "Personal Certificate"
	SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
	NAME=$FQI
	else
	echo "Application Certificate"
	SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
	FQDN=$1
	NAME=$FQDN
	shift

	echo "Enter any SANS, delimited by spaces: "
	read SANS
	fi

	# Do SANs
	if [ "$SANS" = "" ]; then
	echo no SANS
	if [ -e $NAME.san ]; then
	rm $NAME.san
	fi
	else
	echo some SANS
	cp ../san.conf $NAME.san
	NUM=1
	for D in $SANS; do
	echo "DNS.$NUM = $D" >> $NAME.san
	NUM=$((NUM+1))
	done
	fi

	echo $SUBJECT

	if [ -e $NAME.csr ]; then
	SIGN_IT=true
	else
	if [ "$1" = "-local" ]; then
	echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
	echo "Enter the PassPhrase for the Key for $FQI: "
	`stty -echo`
	read PASSPHRASE
	`stty echo`

	# remove any previous Private key
	rm private/$NAME.key
	# Create j regaular rsa encrypted key
	openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
	-out $NAME.csr -outform PEM -subj "$SUBJECT" \
	-passout stdin << EOF
	$PASSPHRASE
	EOF
	chmod 400 private/$NAME.key
	SIGN_IT=true
	else
	echo openssl req -newkey rsa:2048 -sha256 -keyout $NAME.key -out $NAME.csr -outform PEM -subj '"'$SUBJECT'"'
	echo chmod 400 $NAME.key
	echo "# All done, print result"
	echo openssl req -verify -text -noout -in $NAME.csr
	fi
	fi

	if [ "$SIGN_IT" = "true" ]; then
	# Sign it
	if [ -e $NAME.san ]; then
	openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
	-cert certs/ca.crt -keyfile private/ca.key \
	-policy policy_loose \
	-days 360 \
	-extfile $NAME.san \
	-infiles $NAME.csr
	else
	openssl ca -config ../openssl.conf -extensions server_cert -out $NAME.crt \
	-cert certs/ca.crt -keyfile private/ca.key \
	-policy policy_loose \
	-days 360 \
	-infiles $NAME.csr
	fi
	fi