j3g
/
pki-bootstrap_pub
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
pki-bootstrap_pub/src/pki_bootstrap/pki_bootstrap.sh

167 lines
4.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# ACME PKI (Certificate) Bootstrap v1.3
#
# This script will generate all the files necessary to build a certificate chain of trust
# using a CA, CA Intermediate, Server, and Client certificates. After the bootstrap the other
# helper scripts will generate new client/server certificates
#
# source this file to include the functions
. res/libs/pki_funcs.sh
PARAM1=$1
usage() {
echo
echo "This application will generate all the files necessary to build a certificate chain of trust"
echo "using a CA, CA Intermediate, Server, and Client certificates. All the files are put into"
echo "pki lifecyle package"
echo " -put the .cnf config files into the ./cnf directory"
echo
echo "Usage: pki_bootstrap <.cnf file (minus the .cnf)>"
echo
echo "Example: pki_bootstrap org.acme.xyz"
exit 1
}
#
# Grab the latest serial # from the file, auto-increment
#
get_serial_ca() {
SERIAL=`head "res/cfg/SERIAL"`
if [[ -z $SERIAL ]]; then
SERIAL=11111
echo_block "WARN: no file 'SERIAL' found, using default 11111 as the serial # for CA"
fi
}
#
# CA generation requires .cnf files
# create CA directory
# create bash variables to CA
# restore script back to original path
#
app_init() {
if [[ -n $PARAM1 ]]; then
# need to know the location of the configuration file (expected to be in same dir path as this script)
CA_CNF="$CD_ROOT/res/cnf/ca.cnf"
# handle the case of having the ".cnf" extension or not
if [[ ${PARAM1: -4} == .cnf ]]; then
ORG_URL=${PARAM1%.*}
S_CNF=${PARAM1}
echo "ASDF: ${ORG_URL}, ${S_CNF}"
else
ORG_URL=$PARAM1
S_CNF="${PARAM1}.cnf"
echo "ZXCV: ${ORG_URL}, ${S_CNF}"
fi
FQ_S_CNF="${CD_ROOT}/res/cnf/${S_CNF}"
if [[ ! -f $FQ_S_CNF ]] || [[ ! -f $CA_CNF ]]; then
usage
fi
else
usage
fi
}
#
# Generate a new Certificate Authority
# Create a new LifeCycle package
#
# IN: UNIQ_ID_CA, SERIAL
#
gen_lifecycle() {
get_serial_ca
echo_block "SERIAL == ${SERIAL}"
# Organize
#
# create a unique path for the server certificate
UNIQ_DIR_LC=`date +%Y-%m-%d.%H_%M_%S`
UNIQ_DIR_LC="pki-lifecycle_${UNIQ_DIR_LC}"
mkdir -p "${UNIQ_DIR_LC}"
cd "${UNIQ_DIR_LC}"
FQ_DIR_LC=`pwd`
# create CA unique dir
UNIQ_ID_CA="${SERIAL}.${ORG_URL}"
CA_DIR="ca_${UNIQ_ID_CA}"
mkdir $CA_DIR
cd $CA_DIR
FQ_CA_DIR=`pwd`
FQ_CA_CERT="${FQ_CA_DIR}/ca_${UNIQ_ID_CA}.crt.pem"
FQ_CA_KEYS="${FQ_CA_DIR}/ca_${UNIQ_ID_CA}.keys.pem"
# initialize the functions lib
pki_func_init $FQ_CA_CERT $FQ_CA_KEYS "${CD_ROOT}/res/cnf"
# generate a new CA
gen_ca $UNIQ_ID_CA $SERIAL
# go back to original dir
cd ..
cd ..
}
#
#
#
cp_lifecycle_docs() {
RES="${CD_ROOT}/res"
mkdir -p "${UNIQ_DIR_LC}/cfg"
cp -r $CD_ROOT/res $CD_ROOT/$UNIQ_DIR_LC/
cp $RES/libs/gen_ca-i.sh $CD_ROOT/$UNIQ_DIR_LC/
cp $RES/docs/README_LC $CD_ROOT/$UNIQ_DIR_LC/README
cp $RES/docs/SERIAL_LC $CD_ROOT/$UNIQ_DIR_LC/cfg/SERIAL
cp $RES/libs/pki_funcs.sh $CD_ROOT/$UNIQ_DIR_LC/cfg/
cp "${RES}/cnf/${ORG_URL}.cnf" $CD_ROOT/$UNIQ_DIR_LC/cfg/
cp "${RES}/cnf/ca.cnf" $CD_ROOT/$UNIQ_DIR_LC/cfg/
cp $CD_ROOT/$UNIQ_DIR_LC/"ca_${UNIQ_ID_CA}"/ca_*.crt.pem $CD_ROOT/$UNIQ_DIR_LC/cfg/ca.crt.pem
cp $CD_ROOT/$UNIQ_DIR_LC/"ca_${UNIQ_ID_CA}"/ca_*.keys.pem $CD_ROOT/$UNIQ_DIR_LC/cfg/ca.keys.pem
}
#
# Generate Lifecycle CA Intermediates
#
gen_lc_ca_i() {
cd $FQ_DIR_LC
# generate new CA-I
ca-i_gen_pki $ORG_URL 1001 2
# ca-i_gen_pki $ORG_URL 2001 5
# ca-i_gen_pki $ORG_URL 3001 8
}
main() {
CD_ROOT=`pwd`
# generate new CA
# create new PKI Lifecycle Package
app_init
gen_lifecycle
cp_lifecycle_docs
# gen some CAs
gen_lc_ca_i
# make sure we return to root execution path
cd "${CD_ROOT}"
}
# ***** ***** ***** ***** ***** ***** ***** ***** ***** ***** ***** *****
#
# main execution begins here (because all the functions have to be defined)
#
# ***** ***** ***** ***** ***** ***** ***** ***** ***** ***** ***** *****
main
# ***** ***** ***** *****
#
#
#
# ***** ***** ***** *****
Reference in New Issue View Git Blame Copy Permalink