iron.git

commit f2fe4b341e99869385f338f6dbc5b5cd40f4ee59

Author: Paolo Lulli <paolo@lulli.net>

Fix command order


 iron/libexec/Makefile.am | 1 
 iron/libexec/Makefile.in | 1 
 iron/libexec/iron/iron-certificate | 48 ++++++++++++++++++++++++++++---
 iron/libexec/iron/iron-client | 2 
 iron/libexec/iron/iron-service | 8 ++--


diff --git a/iron/libexec/Makefile.am b/iron/libexec/Makefile.am
index 53d2ffa6ea40546853821643846a9d14a669f720..321071c110221be8fe3a3e748a29eb4a21816e68 100644
--- a/iron/libexec/Makefile.am
+++ b/iron/libexec/Makefile.am
@@ -9,6 +9,5 @@ 	iron/iron-sh-shell\
 	iron/iron-ca\
 	iron/iron-certificate\
 	iron/iron-client\
-	iron/iron-init\
 	iron/iron-service
 




diff --git a/iron/libexec/Makefile.in b/iron/libexec/Makefile.in
index 910b2fc9839729904fce390b5f7a6413991b4171..fd5d800301f6e3ca2f4b1084b74e71e322c2d643 100644
--- a/iron/libexec/Makefile.in
+++ b/iron/libexec/Makefile.in
@@ -221,7 +221,6 @@ 	iron/iron-sh-shell\
 	iron/iron-ca\
 	iron/iron-certificate\
 	iron/iron-client\
-	iron/iron-init\
 	iron/iron-service
 
 all: all-am




diff --git a/iron/libexec/iron/iron-certificate b/iron/libexec/iron/iron-certificate
index 8209f527272b2c958d3a492701b6c59058533898..efdec41eb4c3bfd66bdd0ead052270af304c056d 100755
--- a/iron/libexec/iron/iron-certificate
+++ b/iron/libexec/iron/iron-certificate
@@ -1,6 +1,6 @@
 #! /bin/bash 
-# Usage: iron certificate <sign> <filename>
-# Summary: manage CA
+# Usage: $iron certificate <sign> <filename>
+# Summary: create certificates 
 # Help: This command groups commands used to setup config create delete a CA
 
 
@@ -21,7 +21,33 @@ 	CP=$CLIENT_CERTPATH/$client
 	test -d ${CP} || mkdir -p ${CP}
 	#openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
 	openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $csrfile -out $CP/$client.crt
-	test -f $CP/$client.crt && echo "Created certificate in [$CP/$client.crt]"
+	#test -f $CP/$client.crt && echo "Created certificate in [$CP/$client.crt]"
+	cat $CP/$client.crt
+}
+
+function remote_client_write_setup()
+{
+	CLIENT_RCFILE="$RCDIR/client-$client"".env"
+        echo "REMOTE_RCDIR=$RCDIR">${CLIENT_RCFILE}
+        echo "REMOTE_USER=">>${CLIENT_RCFILE}
+        echo "REMOTE_HOST=">>${CLIENT_RCFILE}
+}
+
+
+function remote_certificate_sign()
+{
+	service=$1
+	remote_csr_user=$2
+	remote_csr_host=$3
+	remote_csrfile=$4
+	csrfile=$(basename $remote_csrfile) 
+	client=$(basename $csrfile | sed -e 's/.csr$//')
+	CLIENT_CERTPATH=$RCDIR/$service/certs
+	CP=$CLIENT_CERTPATH/$client test -d ${CP} || mkdir -p ${CP}
+	scp $remote_csr_user@$remote_csr_host:$remote_csrfile $CP/$client.csr
+	openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
+	scp $CP/$client.crt $REMOTE_USER@$REMOTE_HOST:$RCDIR/$CLIENT_CERTPATH/$client
+	cat $CP/$client.crt
 }
 
 function certificate_create()
@@ -49,10 +75,22 @@ 	if [ "$operation" = "create" ]; then
 		client=$3
 		certificate_create $service $client
 	fi 
+
+	if [ "$operation" = "remotesign" ]; then
+		client=$3
+		CLIENT_RCFILE="$RCDIR/client-$client"".env"
+		test -f $CLIENT_RCFILE || ( echo "Edit $CLIENT_RCFILE first" && remote_client_write_setup  ; exit -1)
+		test -f $CLIENT_RCFILE && source ${CLIENT_RCFILE}
+		remote_csr_user=$REMOTE_USER
+		remote_csr_host=$REMOTE_HOST
+		remote_csrfile=$REMOTE_RCDIR/$service/certs/$client.csr
+		remote_certificate_sign $service $remote_csr_user $remote_csr_host $remote_csrfile
+	fi 
 else
 	echo "Usage:"
-	echo "iron certificate <sign> <CSR-file>"
-	echo "iron certificate <create> <client-id>"
+	echo "\$iron certificate <sign> <service> <CSR-file>"
+	echo "\$iron certificate <create> <service> <client-id>"
+	echo "\$iron certificate <remotesign> <service><client-id>"
 	exit -1
 fi
 




diff --git a/iron/libexec/iron/iron-client b/iron/libexec/iron/iron-client
index 78af1491bd99e39060ae40262e1287290003d7f0..bd9e0f54341b29a293b049637b1e89028dae57a5 100755
--- a/iron/libexec/iron/iron-client
+++ b/iron/libexec/iron/iron-client
@@ -1,6 +1,6 @@
 #! /bin/bash 
 # Usage: iron client <service-name> <client-id> <setup|create|delete>
-# Summary: manage CA
+# Summary: manage CSR for certificates creation
 # Help: This command groups commands used to setup config create delete a CA
 
 APPNAME="iron"




diff --git a/iron/libexec/iron/iron-service b/iron/libexec/iron/iron-service
index b989c97cad0f8f9d37cac43eead3a41464491e56..85b4a0ad45556047138bcf5926ad95ce83641bb0 100755
--- a/iron/libexec/iron/iron-service
+++ b/iron/libexec/iron/iron-service
@@ -1,6 +1,6 @@
 #! /bin/bash 
 # Usage: iron service <service-name> <setup|create|delete>
-# Summary: manage CA
+# Summary: manage service/server certificate creation
 # Help: This command groups commands used to setup config create delete a CA
 
 APPNAME="iron"
@@ -68,8 +68,8 @@
 }
 
 if [ "$#" = 2 ];then
-	service=$1
-	operation=$2
+	operation=$1
+	service=$2
 	RCFILE="$HOME/"."$APPNAME/service-${service}"".env"
 
 	if [ "$operation" = "create" ]; then
@@ -87,7 +87,7 @@ 		source ${RCFILE}
 		service_home_setup_delete  $service
 	fi 
 else
-	echo "Usage: iron service <service> <setup|create|delete>"
+	echo "Usage: \$iron service <setup|create|delete> <service>"
 	exit -1
 fi