MOD: cp script files complete
This commit is contained in:
JohnE
parent
d3af83080f
commit
9d501f2720
|
|
@ -1,3 +1,6 @@
|
|||
#
|
||||
pki-lifecycle*
|
||||
|
||||
# Project specific files
|
||||
sftp-config.json
|
||||
.DS_Store
|
||||
|
|
|
|||
|
|
@ -8,15 +8,16 @@
|
|||
#
|
||||
|
||||
# source this file to include the functions
|
||||
. pki_funcs.sh
|
||||
. libs/pki_funcs.sh
|
||||
|
||||
PARAM1=$1
|
||||
|
||||
usage() {
|
||||
echo
|
||||
echo "This script will generate all the files necessary to build a certificate chain of trust"
|
||||
echo "using a CA, CA Intermediate, Server, and Client certificates. After the bootstrap the other"
|
||||
echo "helper scripts will generate new certificates"
|
||||
echo "This application will generate all the files necessary to build a certificate chain of trust"
|
||||
echo "using a CA, CA Intermediate, Server, and Client certificates. All the files are put into"
|
||||
echo "pki lifecyle package"
|
||||
echo " -put the .cnf config files into the ./cnf directory"
|
||||
echo
|
||||
echo "Usage: pki_bootstrap <.cnf file (minus the .cnf)>"
|
||||
echo
|
||||
|
|
@ -33,7 +34,7 @@ usage() {
|
|||
app_init() {
|
||||
if [[ -n $PARAM1 ]]; then
|
||||
# need to know the location of the configuration file (expected to be in same dir path as this script)
|
||||
CA_CNF="$CD/ca.cnf"
|
||||
CA_CNF="$CD_ROOT/cnf/ca.cnf"
|
||||
|
||||
# handle the case of having the ".cnf" extension or not
|
||||
if [[ ${PARAM1: -4} == .cnf ]]; then
|
||||
|
|
@ -46,7 +47,7 @@ app_init() {
|
|||
echo "ZXCV: ${ORG_URL}, ${S_CNF}"
|
||||
fi
|
||||
|
||||
FQ_S_CNF="${CD}/${S_CNF}"
|
||||
FQ_S_CNF="${CD_ROOT}/cnf/${S_CNF}"
|
||||
if [[ ! -f $FQ_S_CNF ]] || [[ ! -f $CA_CNF ]]; then
|
||||
usage
|
||||
fi
|
||||
|
|
@ -67,21 +68,20 @@ one-time-ca() {
|
|||
# Organize
|
||||
#
|
||||
# create a unique path for the server certificate
|
||||
UNIQ_DIR=`date +%Y-%m-%d.%H_%M_%S`
|
||||
UNIQ_DIR="pki-chain_${UNIQ_DIR}"
|
||||
mkdir -p "${UNIQ_DIR}"
|
||||
cd "${UNIQ_DIR}"
|
||||
# FQ_DIR="${CD}/${UNIQ_DIR}"
|
||||
|
||||
UNIQ_DIR_LC=`date +%Y-%m-%d.%H_%M_%S`
|
||||
UNIQ_DIR_LC="pki-lifecycle_${UNIQ_DIR_LC}"
|
||||
mkdir -p "${UNIQ_DIR_LC}"
|
||||
cd "${UNIQ_DIR_LC}"
|
||||
|
||||
# create certificate
|
||||
UNIQ_ID_CA="${SERIAL}.${ORG_URL}"
|
||||
CA_DIR="ca_${UNIQ_ID_CA}"
|
||||
mkdir $CA_DIR
|
||||
cd $CA_DIR
|
||||
generate_ca $UNIQ_ID_CA $SERIAL
|
||||
FQ_CA_DIR=`pwd`
|
||||
FQ_CA_CERT="${FQ_CA_DIR}/ca_${UNIQ_ID_CA}.crt.pem"
|
||||
FQ_CA_KEYS="${FQ_CA_DIR}/ca_${UNIQ_ID_CA}.keys.pem"
|
||||
generate_ca $UNIQ_ID_CA $SERIAL
|
||||
cd ..
|
||||
}
|
||||
|
||||
|
|
@ -122,8 +122,22 @@ organize() {
|
|||
cp $FQ_CA_DIR/ca_*.info.txt ca-i/docs/
|
||||
}
|
||||
|
||||
#
|
||||
# Copies all applcations to the Lifecycle package
|
||||
#
|
||||
# Requires:
|
||||
# UNIQ_DIR_LC : unique string for the Lifecycle directory
|
||||
# UNIQ_ID_CA-I : unique string for the CA-I
|
||||
#
|
||||
cp_pki_lifecycle() {
|
||||
echo
|
||||
cp $CD_ROOT/libs/gen_ca-i.sh $CD_ROOT/$UNIQ_DIR_LC/
|
||||
cp $CD_ROOT/docs/README_LC $CD_ROOT/$UNIQ_DIR_LC/README
|
||||
cp $CD_ROOT/libs/gen_client.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients
|
||||
cp $CD_ROOT/libs/gen_server.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers
|
||||
|
||||
# cp $LIB_PATH/gen_ca-i.sh $UNIQ_ID_CA-I/$UNIQ_DIR_LC ca-i/
|
||||
# cp $LIB_PATH/gen_client.sh clients/
|
||||
# cp $LIB_PATH/gen_server.sh servers/
|
||||
}
|
||||
|
||||
#
|
||||
|
|
@ -140,19 +154,19 @@ gen_pki_certs() {
|
|||
NUM_CERTS=$(($2-1))
|
||||
|
||||
# Create CA Intermediate
|
||||
UNIQ_ID_CA="${B_SERIAL}.${ORG_URL}"
|
||||
generate_ca_i $UNIQ_ID_CA $B_SERIAL
|
||||
UNIQ_ID_CAI="${B_SERIAL}.${ORG_URL}"
|
||||
generate_ca_i $UNIQ_ID_CAI $B_SERIAL
|
||||
|
||||
# Server Certificates
|
||||
for NUM in $(seq 0 $NUM_CERTS)
|
||||
do
|
||||
generate_server "$((B_SERIAL+NUM)).${ORG_URL}" $UNIQ_ID_CA $((B_SERIAL+NUM))
|
||||
generate_server "$((B_SERIAL+NUM)).${ORG_URL}" $UNIQ_ID_CAI $((B_SERIAL+NUM))
|
||||
done
|
||||
|
||||
# Client Certificates
|
||||
for NUM in $(seq 0 $NUM_CERTS)
|
||||
do
|
||||
generate_client "$((B_SERIAL+NUM)).${ORG_URL}" $UNIQ_ID_CA $((B_SERIAL+NUM))
|
||||
generate_client "$((B_SERIAL+NUM)).${ORG_URL}" $UNIQ_ID_CAI $((B_SERIAL+NUM))
|
||||
done
|
||||
}
|
||||
|
||||
|
|
@ -168,24 +182,28 @@ gen_pki() {
|
|||
mkdir -p "distrobution/${UNIQ_DIR_CA}"
|
||||
cd "distrobution/${UNIQ_DIR_CA}"
|
||||
|
||||
# geneate certificates, organize the files
|
||||
gen_pki_certs $SERIAL $2
|
||||
organize
|
||||
cp_pki_lifecycle
|
||||
|
||||
# return to last path
|
||||
cd $CDD
|
||||
}
|
||||
|
||||
|
||||
main() {
|
||||
CD=`pwd`
|
||||
CD_ROOT=`pwd`
|
||||
LIB_PATH="${CD_ROOT}/libs"
|
||||
|
||||
app_init
|
||||
one-time-ca
|
||||
gen_pki 10001 2
|
||||
gen_pki 50001 5
|
||||
gen_pki 1001 2
|
||||
# gen_pki 50001 5
|
||||
# gen_pki 80001 10
|
||||
|
||||
cd "${CD}"
|
||||
# make sure we return to root execution path
|
||||
cd "${CD_ROOT}"
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue