| #!/bin/bash |
| ######### |
| # ============LICENSE_START==================================================== |
| # org.onap.aaf |
| # =========================================================================== |
| # Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. |
| # =========================================================================== |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # ============LICENSE_END==================================================== |
| # |
| # |
| # Initialize a manual Cert. This is NOT entered in Certman Records |
| # $1 - CN (Common Name) |
| # $2 - FQI (Fully Qualified Identity) |
| # $3-$n - SANs (Service Alias Names) |
| # |
| |
| if [ "$2" = "" ]; then |
| echo "FQI (Fully Qualified Identity): " |
| read FQI |
| fi |
| |
| if [ "$1" = "" -o "$1" = "-local" ]; then |
| echo "Personal Certificate" |
| SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`" |
| NAME=$FQI |
| else |
| echo "Application Certificate" |
| SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`" |
| NAME=$1 |
| |
| if [ "$3" = "" ]; then |
| echo "Enter any SANS, delimited by spaces: " |
| read SANS |
| else |
| SANS="" |
| while [ ! "$3" = "" ]; do |
| SANS=${SANS}" "$3 |
| shift |
| done |
| fi |
| fi |
| |
| # Do SANs |
| if [ "$SANS" = "" ]; then |
| echo no SANS |
| if [ -e $NAME.san ]; then |
| rm $NAME.san |
| fi |
| else |
| echo some SANS: $SANS |
| cp ../san.conf $NAME.san |
| NUM=1 |
| for D in $SANS; do |
| echo "DNS.$NUM = $D" >> $NAME.san |
| NUM=$((NUM+1)) |
| done |
| fi |
| |
| echo $SUBJECT |
| |
| if [ ! -e $NAME.csr ]; then |
| if [ "$1" = "-local" ]; then |
| echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'" |
| echo "Enter the PassPhrase for the Key for $FQI: " |
| `stty -echo` |
| read PASSPHRASE |
| `stty echo` |
| |
| # remove any previous Private key |
| rm private/$NAME.key |
| # Create regular rsa encrypted key |
| openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \ |
| -out $NAME.csr -outform PEM -subj "$SUBJECT" \ |
| -passout stdin << EOF |
| $PASSPHRASE |
| EOF |
| chmod 400 private/$NAME.key |
| else |
| openssl req -newkey rsa:2048 -sha256 -keyout private/$NAME.key -out $NAME.csr -outform PEM -subj "$SUBJECT" |
| chmod 400 $NAME.key |
| echo "# All done, print result" |
| openssl req -verify -text -noout -in $NAME.csr |
| fi |
| fi |
| |
| # Sign it |
| if [ -e $NAME.san ]; then |
| openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \ |
| -cert certs/ca.crt -keyfile private/ca.key \ |
| -policy policy_loose \ |
| -days 360 \ |
| -extfile $NAME.san \ |
| -infiles $NAME.csr |
| else |
| openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \ |
| -cert certs/ca.crt -keyfile private/ca.key \ |
| -policy policy_loose \ |
| -days 360 \ |
| -infiles $NAME.csr |
| fi |