[utils.git] / certreq

#!/bin/bash

commajoin() {
    f=y
    for arg in "$@"; do
	if [ -z "$f" ]; then echo -n ,; fi
	echo -n "$arg"
	f=
    done
}

usage() {
    echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
    echo '        SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
    echo '        ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
}

declare -A reqexts config
while getopts ha: OPT; do
    case "$OPT" in
	h)
	    usage
	    exit 0
	    ;;
	a)
	    reqexts[SAN]=1
	    config[SAN]=1
	    config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
	    ;;
    esac
done
shift $((OPTIND - 1))
if [ $# -lt 2 ]; then
    usage >&2
    exit 1
fi

args=(openssl req -new)
if [ -n "${!reqexts[*]}" ]; then
    for reqext in "${!reqexts[@]}"; do
	args=("${args[@]}" -reqexts "$reqext")
    done
fi
if [ -n "${!config[*]}" ]; then
    confpath="$(mktemp /tmp/certreq-XXXXXX)"
    cat /etc/ssl/openssl.cnf >>"$confpath"
    for section in "${!config[@]}"; do
	echo "[${section}]" >>"$confpath"
	var="config_${section}[@]"
	for confopt in "${!var}"; do
	    echo "$confopt" >>"$confpath"
	done
	echo >>"$confpath"
    done
    trap 'rm -f "$confpath"' EXIT
    args=("${args[@]}" -config "$confpath")
fi
args=("${args[@]}" -subj "$1" -key "$2")

"${args[@]}"
Commit	Line	Data
f2571f84 FT	1	#!/bin/bash
f2571f84 FT	2
f3768fd2 FT	3	commajoin() {
	4	f=y
	5	for arg in "$@"; do
	6	if [ -z "$f" ]; then echo -n ,; fi
	7	echo -n "$arg"
	8	f=
	9	done
	10	}
	11
f2571f84 FT	12	usage() {
	13	echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
	14	echo ' SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
	15	echo ' ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
	16	}
	17
	18	declare -A reqexts config
	19	while getopts ha: OPT; do
	20	case "$OPT" in
	21	h)
	22	usage
	23	exit 0
	24	;;
	25	a)
	26	reqexts[SAN]=1
	27	config[SAN]=1
	28	config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
	29	;;
	30	esac
	31	done
	32	shift $((OPTIND - 1))
	33	if [ $# -lt 2 ]; then
	34	usage >&2
	35	exit 1
	36	fi
	37
	38	args=(openssl req -new)
	39	if [ -n "${!reqexts[*]}" ]; then
f3768fd2 FT	40	for reqext in "${!reqexts[@]}"; do
	41	args=("${args[@]}" -reqexts "$reqext")
	42	done
f2571f84 FT	43	fi
	44	if [ -n "${!config[*]}" ]; then
	45	confpath="$(mktemp /tmp/certreq-XXXXXX)"
	46	cat /etc/ssl/openssl.cnf >>"$confpath"
	47	for section in "${!config[@]}"; do
	48	echo "[${section}]" >>"$confpath"
	49	var="config_${section}[@]"
	50	for confopt in "${!var}"; do
	51	echo "$confopt" >>"$confpath"
	52	done
	53	echo >>"$confpath"
	54	done
	55	trap 'rm -f "$confpath"' EXIT
	56	args=("${args[@]}" -config "$confpath")
	57	fi
	58	args=("${args[@]}" -subj "$1" -key "$2")
	59
	60	"${args[@]}"