iron.git

ref: a181c0d58140b57e934ea56cde97962f26c78a7d

iron/libexec/iron/iron-pkcs12

#! /bin/bash 
# Usage: $iron pkcs12 create  
# Summary: create *.p12 keystore
# Help: This command groups commands used to create pkcs#12 for distribution

APPNAME="iron"
CURRDIR=$(pwd)

RCDIR=$HOME/.$APPNAME
test -d $RCDIR || mkdir -p $RCDIR
CURRENT_TSTAMP=$(date '+%Y%m%d%H%M')

function certificate_sign()
{
	service=$1
	csrfile=$2
	client=$(basename $csrfile | sed -e 's/.csr$//')
	CLIENT_CERTPATH=$RCDIR/$service/certs
	CP=$CLIENT_CERTPATH/$client
	test -d ${CP} || mkdir -p ${CP}
	openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $csrfile -out $CP/$client.crt
}

function remote_client_write_setup()
{
	CLIENT_RCFILE="$RCDIR/client-$client"".env"
        echo "REMOTE_RCDIR=$RCDIR">${CLIENT_RCFILE}
        echo "REMOTE_USER=">>${CLIENT_RCFILE}
        echo "REMOTE_HOST=">>${CLIENT_RCFILE}
}


function remote_certificate_sign()
{
	service=$1
	remote_csr_user=$2
	remote_csr_host=$3
	remote_csrfile=$4
	csrfile=$(basename $remote_csrfile) 
	remote_certdir=$(dirname $remote_csrfile) 
	client=$(basename $csrfile | sed -e 's/.csr$//')
	CLIENT_CERTPATH=$RCDIR/$service/certs
	CP=$CLIENT_CERTPATH/$client 
	test -d ${CP} || mkdir -p ${CP}
	scp $remote_csr_user@$remote_csr_host:$remote_csrfile $CP/$client.csr
	openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
	scp $CP/$client.crt $REMOTE_USER@$REMOTE_HOST:$remote_certdir
}

function certificate_create()
{
	service=$1
	client=$2
	CLIENT_CERTPATH=$RCDIR/$service/certs
	CP=$CLIENT_CERTPATH/$client
	test -d ${CP} || mkdir -p ${CP}
	openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
	test -f $CP/$client.crt && echo "Created certificate in [$CP/$client.crt]"
}


function pkcs12_create()
{
	service=$1
	client=$2
	CLIENT_CERTPATH=$RCDIR/$service/certs
	CP=$CLIENT_CERTPATH/$client
	test -d ${CP} || mkdir -p ${CP}
        openssl pkcs12 -export -clcerts -in $CP/$client.crt -inkey $CP/$client.key -out $CP/$client.p12\
                 -name "${client}"\
                 -CAfile ${CAPATH}/ca.crt -caname root
	test -f $CP/$client.p12 && echo "Created PKCS12 (*.p12) in [$CP/$client.p12]"
}

if [ "$#" = 3 ];then
	operation=$1
	service=$2
	CA_RCFILE="$HOME/"."$APPNAME/default-ca"".env"
	source ${CA_RCFILE}

	if [ "$operation" = "create" ]; then
		client=$3
		pkcs12_create $service $client
	fi 

else
	echo "Usage:"
	echo "\$iron pkcs12   "
	exit -1
fi