Gitiles
Code Review Sign In
gerrit.nordix.org / onap / aaf / authz / 68a9a8d828dbc9ceea8f712a71e1e45866676037 / . / conf / CA / manual.sh
blob: b2a5db97663b3ab72ea878eb31d87c4455314416 [file] [log] [blame]
Instrumental7a1817b2018-11-05 11:11:15 -0600[diff] [blame]1#!/bin/bash
2#########
3# ============LICENSE_START====================================================
4# org.onap.aaf
5# ===========================================================================
6# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
7# ===========================================================================
8# Licensed under the Apache License, Version 2.0 (the "License");
9# you may not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS,
16# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19# ============LICENSE_END====================================================
20#
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]21#
22# Initialize a manual Cert. This is NOT entered in Certman Records
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]23# $1 - CN (Common Name)
24# $2 - FQI (Fully Qualified Identity)
25# $3-$n - SANs (Service Alias Names)
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]26#
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]27
28if [ "$2" = "" ]; then
29 echo "FQI (Fully Qualified Identity): "
30 read FQI
31fi
32
33if [ "$1" = "" -o "$1" = "-local" ]; then
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]34 echo "Personal Certificate"
35 SUBJECT="/CN=$FQI/OU=V1`cat subject.aaf`"
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]36 NAME=$FQI
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]37else
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]38 echo "Application Certificate"
39 SUBJECT="/CN=$1/OU=$FQI`cat subject.aaf`"
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]40 NAME=$1
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]41
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]42 if [ "$3" = "" ]; then
43 echo "Enter any SANS, delimited by spaces: "
44 read SANS
45 else
46 SANS=""
47 while [ ! "$3" = "" ]; do
48 SANS=${SANS}" "$3
49 shift
50 done
51 fi
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]52fi
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]53
54# Do SANs
55if [ "$SANS" = "" ]; then
56 echo no SANS
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]57 if [ -e $NAME.san ]; then
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]58 rm $NAME.san
59 fi
60 else
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]61 echo some SANS: $SANS
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]62 cp ../san.conf $NAME.san
63 NUM=1
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]64 for D in $SANS; do
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]65 echo "DNS.$NUM = $D" >> $NAME.san
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]66 NUM=$((NUM+1))
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]67 done
68fi
69
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]70echo $SUBJECT
71
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]72if [ ! -e $NAME.csr ]; then
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]73 if [ "$1" = "-local" ]; then
74 echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
75 echo "Enter the PassPhrase for the Key for $FQI: "
76 `stty -echo`
77 read PASSPHRASE
78 `stty echo`
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]79
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]80 # remove any previous Private key
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]81 rm private/$NAME.key
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]82 # Create regular rsa encrypted key
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]83 openssl req -new -newkey rsa:2048 -sha256 -keyout private/$NAME.key \
84 -out $NAME.csr -outform PEM -subj "$SUBJECT" \
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]85 -passout stdin << EOF
86$PASSPHRASE
87EOF
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]88 chmod 400 private/$NAME.key
89 else
90 openssl req -newkey rsa:2048 -sha256 -keyout private/$NAME.key -out $NAME.csr -outform PEM -subj "$SUBJECT"
91 chmod 400 $NAME.key
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]92 echo "# All done, print result"
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]93 openssl req -verify -text -noout -in $NAME.csr
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]94 fi
95fi
96
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]97 # Sign it
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]98 if [ -e $NAME.san ]; then
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]99 openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]100 -cert certs/ca.crt -keyfile private/ca.key \
101 -policy policy_loose \
102 -days 360 \
103 -extfile $NAME.san \
104 -infiles $NAME.csr
Maciej Wejs02c19702018-08-17 13:56:31 +0200[diff] [blame]105 else
106 openssl ca -config ../openssl.conf -extensions server_cert -out certs/$NAME.crt \
Instrumental31d847e2018-03-26 14:17:19 -0700[diff] [blame]107 -cert certs/ca.crt -keyfile private/ca.key \
Instrumental924b18d2018-04-05 20:17:18 -0500[diff] [blame]108 -policy policy_loose \
109 -days 360 \
Instrumental97083ef2018-04-25 15:22:38 -0500[diff] [blame]110 -infiles $NAME.csr
Instrumental68b23152018-05-01 15:03:25 -0500[diff] [blame]111 fi