Blame - conf/CA/newIntermediate.sh - onap/aaf/authz

blob: ebd23eeb669cdb8319b6e0f575569642937707ef [file] [log] [blame]

Instrumental	7a1817b	2018-11-05 11:11:15 -0600	[diff] [blame]	1	#!/bin/bash
				2	#########
				3	# ============LICENSE_START====================================================
				4	# org.onap.aaf
				5	# ===========================================================================
				6	# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
				7	# ===========================================================================
				8	# Licensed under the Apache License, Version 2.0 (the "License");
				9	# you may not use this file except in compliance with the License.
				10	# You may obtain a copy of the License at
				11	#
				12	# http://www.apache.org/licenses/LICENSE-2.0
				13	#
				14	# Unless required by applicable law or agreed to in writing, software
				15	# distributed under the License is distributed on an "AS IS" BASIS,
				16	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				17	# See the License for the specific language governing permissions and
				18	# limitations under the License.
				19	# ============LICENSE_END====================================================
				20	#
Instrumental	df9e827	2018-04-05 20:52:32 -0500	[diff] [blame]	21	#
				22	# Initialize an Intermediate CA Cert.
				23	#
				24	if [ -e intermediate.serial ]; then
				25	((SERIAL=`cat intermediate.serial` + 1))
				26	else
Instrumental	c3ca46e	2018-09-25 08:25:52 -0500	[diff] [blame]	27	SERIAL=$(date +%s)
Instrumental	df9e827	2018-04-05 20:52:32 -0500	[diff] [blame]	28	fi
				29	echo $SERIAL > intermediate.serial
				30	DIR=intermediate_$SERIAL
				31
				32	mkdir -p $DIR/private $DIR/certs $DIR/newcerts
				33	chmod 700 $DIR/private
				34	chmod 755 $DIR/certs $DIR/newcerts
				35	touch $DIR/index.txt
Instrumental	4ad4763	2018-07-13 15:49:26 -0500	[diff] [blame]	36	echo "unique_subject = no" > $DIR/index.txt.attr
				37
Instrumental	df9e827	2018-04-05 20:52:32 -0500	[diff] [blame]	38	if [ ! -e $DIR/serial ]; then
				39	echo '01' > $DIR/serial
				40	fi
				41	cp manual.sh p12.sh subject.aaf cfg.pkcs11 p11.sh $DIR
				42
				43	if [ "$1" == "" ]; then
				44	CN=intermediateCA_$SERIAL
				45	else
				46	CN=$1
				47	fi
				48
				49	SUBJECT="/CN=$CN`cat subject.aaf`"
				50	echo $SUBJECT
				51	echo "IMPORTANT: If for any reason, you kill this process, type 'stty sane'"
				52	echo "Enter the PassPhrase for the Key for $CN: "
				53	`stty -echo`
				54	read PASSPHRASE
				55	`stty echo`
				56
				57	# Create a regaular rsa encrypted key
				58	openssl req -new -newkey rsa:2048 -sha256 -keyout $DIR/private/ca.key \
				59	-out $DIR/$CN.csr -outform PEM -subj "$SUBJECT" \
				60	-passout stdin << EOF
				61	$PASSPHRASE
				62	EOF
				63
Maciej Wejs	02c1970	2018-08-17 13:56:31 +0200	[diff] [blame]	64	chmod 400 $DIR/private/ca.key
Instrumental	df9e827	2018-04-05 20:52:32 -0500	[diff] [blame]	65	openssl req -verify -text -noout -in $DIR/$CN.csr
				66
				67	# Sign it
				68	openssl ca -config openssl.conf -extensions v3_intermediate_ca \
Instrumental	8601af6	2018-06-05 04:03:49 -0500	[diff] [blame]	69	-days 1826 \
Maciej Wejs	02c1970	2018-08-17 13:56:31 +0200	[diff] [blame]	70	-cert certs/ca.crt -keyfile private/ca.key -out $DIR/certs/ca.crt \
Instrumental	df9e827	2018-04-05 20:52:32 -0500	[diff] [blame]	71	-infiles $DIR/$CN.csr
				72
Maciej Wejs	02c1970	2018-08-17 13:56:31 +0200	[diff] [blame]	73	openssl x509 -text -noout -in $DIR/certs/ca.crt
Instrumental	df9e827	2018-04-05 20:52:32 -0500	[diff] [blame]	74
Maciej Wejs	02c1970	2018-08-17 13:56:31 +0200	[diff] [blame]	75	openssl verify -CAfile certs/ca.crt $DIR/certs/ca.crt
Instrumental	df9e827	2018-04-05 20:52:32 -0500	[diff] [blame]	76
				77
				78	# Create a Signer p12 script
				79	echo openssl pkcs12 -export -name aaf_$DIR \
				80	-in certs/ca.crt -inkey private/ca.key \
				81	-out aaf_$DIR.p12 >> $DIR/signerP12.sh
				82