gfwleak/tango-certstore
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
d278e776717693641f1a0ac4ca1de60fd14e8a75
tango-certstore/script/signssl.sh
fengweihao 7192f437e5 * 修改编译方式为CMake 
* 删除C++适配代码
* 修改编译告警
2019-11-05 11:38:40 +08:00

205 lines
4.9 KiB
Bash
Raw Blame History

#!/bin/bash
type_name=$1
name=$2
if [ "${type_name}" == "-caroot" ]; then
csrfrom=$3
csrname=$4
csrkey=$5
else
cafrom=$3
caname=$4
cakey=$5
csrfrom=$6
csrname=$7
csrkey=$8
fi
san_nam=$9
trap "do_signal" 2
do_signal()
{
echo "\n"
read -p "Terminate theprocess? (y/n): " input
}
do_clear()
{
if [ -d "./demoCA" ]; then
rm -rf ./demoCA
fi
if [ $1 -ne 0 ];then
if [ -d "./ca-middle/$2" ]; then
rm -rf ./ca-middle/$2
fi
if [ -d "./entity/$2" ]; then
rm -rf ./entity/$2
fi
if [ -d "./caroot/$2" ]; then
rm -rf ./caroot/$2
fi
if [ -d "./csr/$2" ]; then
rm -rf ./csr/$2
fi
exit
fi
}
do_help()
{
echo ""
echo "./signssl -type cert_name -cafrom ca_name key_name -csr csr_name csr_key -san san_nam"
echo "usage: ./signssl args"
echo " -type - input type "-csr -caroot -camiddle -entity""
echo " cert_name - input cert_name "input output cert namae""
echo " -cafrom ca_name keyname - input ca_name keyname "input the root cert name and key""
echo " -csrfrom csr_name csr_key - input csr_name csr_key "input cert signs request file name and key""
echo " san_name - input san_name "When it is an entity cert, input user alternate name""
echo ""
echo "exanple -csr"
echo "./signssl.sh -csr csr_name"
echo "example -caroot"
echo "./signssl.sh -caroot root_name"
echo "example -camiddle"
echo "./signssl.sh -camiddle middle_name -cafrom ../cert/mesalab-ca-cert.cer ../cert/mesalab-ca-cert.key -csrfrom ./csr/csrname/csrname.csr ./csr/csrname/csrname.key"
echo "exaple -entity"
echo "./signssl.sh -entity entity_name -cafrom ../cert/mesalab-ca-cert.cer ../cert/mesalab-ca-cert.key -csrfrom ./csr/csrname/csrname.csr ./csr/csrname/csrname.key 163"
echo ""
exit
}
do_mkdir()
{
if [ ! -d "./demoCA" ]; then
mkdir demoCA
mkdir ./demoCA/newcerts
touch ./demoCA/index.txt
touch ./demoCA/serial
echo 0001 >> ./demoCA/serial
fi
}
do_check()
{
if [ "$type_name" == "" ]||[ "$name" == "" ]; then
echo "cert type is unkone!"
do_help
exit
fi
if [ "$type_name" == "-csr" ]; then
return
fi
if [ "$type_name" == "-caroot" ]; then
return
fi
if [ "$csrfrom" == "" ] || [ "$csrname" == "" ] || [ "$csrkey" == "" ]; then
echo "input input cert signs request file name and key"
do_help
exit
fi
if [ "$cafrom" == "" ] || [ "$caname" == "" ] || [ "$cakey" == "" ]; then
echo "input certificate name or key is unkone!"
do_help
exit
fi
if [ "$type_name" == "-entity" ];then
if [ "$san_nam" == "" ];then
echo "Please enter the san name!"
do_help
exit
fi
fi
}
do_middle()
{
if [ ! -d "./ca-middle/${name}" ]; then
mkdir -p ca-middle/${name}
fi
outpath=ca-middle/${name}
openssl ca -extensions v3_ca -in ${csrname} -out ${outpath}/${name}.cer -cert ${caname} -keyfile ${cakey} -days 365 -policy policy_anything
openssl pkcs12 -export -in ${outpath}/${name}.cer -inkey ${csrkey} -chain -CAfile ${caname} -out ${outpath}/${name}.p12
do_clear $? ${name}
cp ${csrkey} ${outpath}
}
do_entity()
{
if [ ! -d "./entity/${name}" ];then
mkdir -p entity/${name}
fi
outpath=entity/${name}
openssl ca -in ${csrname} -keyfile ${cakey} -cert ${caname} -extensions SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:*.${san_nam}.com,DNS:*.${san_nam}.cn")) -out ${outpath}/${name}.cer
openssl pkcs12 -export -in ${outpath}/${name}.cer -inkey ${csrkey} -chain -CAfile ${caname} -out ${outpath}/${name}.p12
do_clear $? ${name}
cp ${csrkey} ${outpath}
}
do_caroot()
{
if [ ! -d ".caroot/${name}" ];then
mkdir -p caroot/${name}
fi
outpath=caroot/${name}
openssl genrsa -out ${outpath}/${name}.key 1024
openssl req -new -key ${outpath}/${name}.key -out ${outpath}/${name}.csr
openssl x509 -req -days 365 -sha256 -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -signkey ${outpath}/${name}.key -in ${outpath}/${name}.csr -out ${outpath}/${name}.cer
#openssl req -new -x509 -key ca.key -out ca.crt
do_clear $? ${name}
}
do_csr()
{
if [ ! -d "./csr/${name}" ];then
mkdir -p csr/${name}
fi
outpath=csr/${name}
openssl genrsa -out ${outpath}/${name}.key 1024
openssl req -new -key ${outpath}/${name}.key -out ${outpath}/${name}.csr
do_clear $? ${name}
}
do_signssl()
{
if [ "$type_name" == "-camiddle" ]; then
do_middle
exit
fi
if [ "$type_name" == "-entity" ]; then
do_entity
exit
fi
if [ "$type_name" == "-caroot" ]; then
do_caroot
exit
fi
if [ "$type_name" == "-csr" ]; then
do_csr
exit
fi
echo "unknow command"
}
do_check
do_mkdir
do_signssl
Reference in New Issue View Git Blame Copy Permalink