j3g
/
pki-bootstrap_pub
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

MOD: cp script files complete

This commit is contained in:
JohnE 2018-08-13 08:38:31 -07:00
parent d3af83080f
commit 9d501f2720
2 changed files with 43 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,3 +1,6 @@
#
pki-lifecycle*
# Project specific files # Project specific files
sftp-config.json sftp-config.json
.DS_Store .DS_Store

62
src/pki_bootstrap/pki_bootstrap.sh
View File

@ -8,15 +8,16 @@
# #
# source this file to include the functions # source this file to include the functions
. pki_funcs.sh . libs/pki_funcs.sh
PARAM1=$1 PARAM1=$1
usage() { usage() {
echo echo
echo "This script will generate all the files necessary to build a certificate chain of trust" echo "This application will generate all the files necessary to build a certificate chain of trust"
echo "using a CA, CA Intermediate, Server, and Client certificates. After the bootstrap the other" echo "using a CA, CA Intermediate, Server, and Client certificates. All the files are put into"
echo "helper scripts will generate new certificates" echo "pki lifecyle package"
echo " -put the .cnf config files into the ./cnf directory"
echo echo
echo "Usage: pki_bootstrap <.cnf file (minus the .cnf)>" echo "Usage: pki_bootstrap <.cnf file (minus the .cnf)>"
echo echo
@ -33,7 +34,7 @@ usage() {
app_init() { app_init() {
if [[ -n $PARAM1 ]]; then if [[ -n $PARAM1 ]]; then
# need to know the location of the configuration file (expected to be in same dir path as this script) # need to know the location of the configuration file (expected to be in same dir path as this script)
CA_CNF="$CD/ca.cnf" CA_CNF="$CD_ROOT/cnf/ca.cnf"
# handle the case of having the ".cnf" extension or not # handle the case of having the ".cnf" extension or not
if [[ ${PARAM1: -4} == .cnf ]]; then if [[ ${PARAM1: -4} == .cnf ]]; then
@ -46,7 +47,7 @@ app_init() {
echo "ZXCV: ${ORG_URL}, ${S_CNF}" echo "ZXCV: ${ORG_URL}, ${S_CNF}"
fi fi
FQ_S_CNF="${CD}/${S_CNF}" FQ_S_CNF="${CD_ROOT}/cnf/${S_CNF}"
if [[ ! -f $FQ_S_CNF ]] || [[ ! -f $CA_CNF ]]; then if [[ ! -f $FQ_S_CNF ]] || [[ ! -f $CA_CNF ]]; then
usage usage
fi fi
@ -67,21 +68,20 @@ one-time-ca() {
# Organize # Organize
# #
# create a unique path for the server certificate # create a unique path for the server certificate
UNIQ_DIR=`date +%Y-%m-%d.%H_%M_%S` UNIQ_DIR_LC=`date +%Y-%m-%d.%H_%M_%S`
UNIQ_DIR="pki-chain_${UNIQ_DIR}" UNIQ_DIR_LC="pki-lifecycle_${UNIQ_DIR_LC}"
mkdir -p "${UNIQ_DIR}" mkdir -p "${UNIQ_DIR_LC}"
cd "${UNIQ_DIR}" cd "${UNIQ_DIR_LC}"
# FQ_DIR="${CD}/${UNIQ_DIR}"
# create certificate
UNIQ_ID_CA="${SERIAL}.${ORG_URL}" UNIQ_ID_CA="${SERIAL}.${ORG_URL}"
CA_DIR="ca_${UNIQ_ID_CA}" CA_DIR="ca_${UNIQ_ID_CA}"
mkdir $CA_DIR mkdir $CA_DIR
cd $CA_DIR cd $CA_DIR
generate_ca $UNIQ_ID_CA $SERIAL
FQ_CA_DIR=`pwd` FQ_CA_DIR=`pwd`
FQ_CA_CERT="${FQ_CA_DIR}/ca_${UNIQ_ID_CA}.crt.pem" FQ_CA_CERT="${FQ_CA_DIR}/ca_${UNIQ_ID_CA}.crt.pem"
FQ_CA_KEYS="${FQ_CA_DIR}/ca_${UNIQ_ID_CA}.keys.pem" FQ_CA_KEYS="${FQ_CA_DIR}/ca_${UNIQ_ID_CA}.keys.pem"
generate_ca $UNIQ_ID_CA $SERIAL
cd .. cd ..
} }
@ -122,8 +122,22 @@ organize() {
cp $FQ_CA_DIR/ca_*.info.txt ca-i/docs/ cp $FQ_CA_DIR/ca_*.info.txt ca-i/docs/
} }
#
# Copies all applcations to the Lifecycle package
#
# Requires:
# UNIQ_DIR_LC : unique string for the Lifecycle directory
# UNIQ_ID_CA-I : unique string for the CA-I
#
cp_pki_lifecycle() { cp_pki_lifecycle() {
echo cp $CD_ROOT/libs/gen_ca-i.sh $CD_ROOT/$UNIQ_DIR_LC/
cp $CD_ROOT/docs/README_LC $CD_ROOT/$UNIQ_DIR_LC/README
cp $CD_ROOT/libs/gen_client.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients
cp $CD_ROOT/libs/gen_server.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers
# cp $LIB_PATH/gen_ca-i.sh $UNIQ_ID_CA-I/$UNIQ_DIR_LC ca-i/
# cp $LIB_PATH/gen_client.sh clients/
# cp $LIB_PATH/gen_server.sh servers/
} }
# #
@ -140,19 +154,19 @@ gen_pki_certs() {
NUM_CERTS=$(($2-1)) NUM_CERTS=$(($2-1))
# Create CA Intermediate # Create CA Intermediate
UNIQ_ID_CA="${B_SERIAL}.${ORG_URL}" UNIQ_ID_CAI="${B_SERIAL}.${ORG_URL}"
generate_ca_i $UNIQ_ID_CA $B_SERIAL generate_ca_i $UNIQ_ID_CAI $B_SERIAL
# Server Certificates # Server Certificates
for NUM in $(seq 0 $NUM_CERTS) for NUM in $(seq 0 $NUM_CERTS)
do do
generate_server "$((B_SERIAL+NUM)).${ORG_URL}" $UNIQ_ID_CA $((B_SERIAL+NUM)) generate_server "$((B_SERIAL+NUM)).${ORG_URL}" $UNIQ_ID_CAI $((B_SERIAL+NUM))
done done
# Client Certificates # Client Certificates
for NUM in $(seq 0 $NUM_CERTS) for NUM in $(seq 0 $NUM_CERTS)
do do
generate_client "$((B_SERIAL+NUM)).${ORG_URL}" $UNIQ_ID_CA $((B_SERIAL+NUM)) generate_client "$((B_SERIAL+NUM)).${ORG_URL}" $UNIQ_ID_CAI $((B_SERIAL+NUM))
done done
} }
@ -168,24 +182,28 @@ gen_pki() {
mkdir -p "distrobution/${UNIQ_DIR_CA}" mkdir -p "distrobution/${UNIQ_DIR_CA}"
cd "distrobution/${UNIQ_DIR_CA}" cd "distrobution/${UNIQ_DIR_CA}"
# geneate certificates, organize the files
gen_pki_certs $SERIAL $2 gen_pki_certs $SERIAL $2
organize organize
cp_pki_lifecycle cp_pki_lifecycle
# return to last path
cd $CDD cd $CDD
} }
main() { main() {
CD=`pwd` CD_ROOT=`pwd`
LIB_PATH="${CD_ROOT}/libs"
app_init app_init
one-time-ca one-time-ca
gen_pki 10001 2 gen_pki 1001 2
gen_pki 50001 5 # gen_pki 50001 5
# gen_pki 80001 10 # gen_pki 80001 10
cd "${CD}" # make sure we return to root execution path
cd "${CD_ROOT}"
} }