forked from redredgroovy/easy-ca
-
Notifications
You must be signed in to change notification settings - Fork 1
/
gen-html
executable file
·125 lines (96 loc) · 4.38 KB
/
gen-html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/bin/bash
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# Derek Moore <derek.moore@gmail.com>
# Christian Göttsche <cgzones@googlemail.com>
set -eu
set -o pipefail
umask 0077
BIN_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# shellcheck disable=SC1090
source "${BIN_DIR}/functions"
# shellcheck disable=SC1090
source "${BIN_DIR}/defaults.conf"
usage() {
echo "Usage: $0 [-f]"
echo " Create a shareable html directory, containing root and signing"
echo " certificates as well as the certificate revocation list"
echo
echo "Options:"
echo " -f Override existing html directory"
}
if [ ! -f ca/ca.crt ]; then
echo -e "$ERR Must be run inside a CA directory!"
exit 2
fi
FORCE=0
while getopts hf FLAG; do
case $FLAG in
h) echo -e -n "$SUCC " && usage && exit 0 ;;
f) FORCE=1 ;;
*) echo -e -n "$ERR " && usage && exit 2 ;;
#xy) VAR=${OPTARG} ;;
esac
done
if [ -e html ]; then
if [ ! -d html ]; then
echo -e "$ERR non-directory object with name html exists!"
exit 2
fi
if [ $FORCE -ne 1 ]; then
echo -e "$ERR HTML directory exists already!"
echo "Specify -f to override"
exit 2
fi
fi
echo -e "$NOTE Creating directory structure"
HTMLDIR="html/ca/$CA_NAME"
mkdir -p "$HTMLDIR"
# shellcheck disable=SC2034
CA_HTML_UPDATED=$(date -R)
if openssl verify -CAfile ca/ca.crt ca/ca.crt >/dev/null 2>&1; then
echo -e "$NOTE Creating index.html for root CA"
CA_HTML_ROOT_TITLE=$(openssl x509 -noout -subject -in ca/ca.crt -nameopt multiline | grep -E '^\s+commonName' | cut -d "=" -f 2-)
# shellcheck disable=SC2001
CA_HTML_ROOT_NAME=$(echo "$CA_HTML_ROOT_TITLE" | sed 's/\s\+/_/g')
CA_HTML_ROOT_HASH=$(openssl x509 -noout -fingerprint -sha1 -in ca/ca.crt | cut -d '=' -f 2-)
CA_HTML_ROOT_VALID_UNTIL=$(openssl x509 -noout -in ca/root.crt -enddate) # ignore notAfter=
CA_HTML_ROOT_VALID_UNTIL=${CA_HTML_ROOT_VALID_UNTIL:9}
# shellcheck disable=SC2034
CA_HTML_ROOT_REVOKED=$(openssl crl -in ca/ca.crl -text -noout | grep -cE '^\s+Revocation Date:') || true
template "${BIN_DIR}/templates/root_index.tpl" "$HTMLDIR/index.html"
echo -e "$NOTE Copying certs"
cp ca/ca.crt "$HTMLDIR/${CA_HTML_ROOT_NAME}.crt"
cp ca/ca.crl "$HTMLDIR/${CA_HTML_ROOT_NAME}.crl"
ln -sf "${CA_HTML_ROOT_NAME}.crt" "$HTMLDIR/$CA_NAME.crt"
ln -sf "${CA_HTML_ROOT_NAME}.crl" "$HTMLDIR/$CA_NAME.crl"
echo -e "$SUCC html directory '$HTMLDIR' successfully created"
else
echo -e "$NOTE Creating index.html for sign CA"
CA_HTML_ROOT_TITLE=$(openssl x509 -noout -subject -in ca/root.crt -nameopt multiline | grep -E '^\s+commonName' | cut -d "=" -f 2-)
# shellcheck disable=SC2001
CA_HTML_ROOT_NAME=$(echo "$CA_HTML_ROOT_TITLE" | sed 's/\s\+/_/g')
# shellcheck disable=SC2034
CA_HTML_ROOT_HASH=$(openssl x509 -noout -fingerprint -sha1 -in ca/root.crt | cut -d '=' -f 2-)
CA_HTML_ROOT_VALID_UNTIL=$(openssl x509 -noout -in ca/root.crt -enddate) # ignore notAfter=
CA_HTML_ROOT_VALID_UNTIL=${CA_HTML_ROOT_VALID_UNTIL:9}
CA_HTML_SIGN_TITLE=$(openssl x509 -noout -subject -in ca/ca.crt -nameopt multiline | grep -E '^\s+commonName' | cut -d "=" -f 2-)
# shellcheck disable=SC2001
CA_HTML_SIGN_NAME=$(echo "$CA_HTML_SIGN_TITLE" | sed 's/\s\+/_/g')
# shellcheck disable=SC2034
CA_HTML_SIGN_HASH=$(openssl x509 -noout -fingerprint -sha1 -in ca/ca.crt | cut -d '=' -f 2-)
CA_HTML_SIGN_VALID_UNTIL=$(openssl x509 -noout -in ca/root.crt -enddate) # ignore notAfter=
CA_HTML_SIGN_VALID_UNTIL=${CA_HTML_SIGN_VALID_UNTIL:9}
# shellcheck disable=SC2034
CA_HTML_SIGN_REVOKED=$(openssl crl -in ca/ca.crl -text -noout | grep -cE '^\s+Revocation Date:') || true
template "${BIN_DIR}/templates/sign_index.tpl" "$HTMLDIR/index.html"
echo -e "$NOTE Copying certs"
cp ca/root.crt "$HTMLDIR/${CA_HTML_ROOT_NAME}.crt"
cp ca/ca.crt "$HTMLDIR/${CA_HTML_SIGN_NAME}.crt"
cp ca/ca.crl "$HTMLDIR/${CA_HTML_SIGN_NAME}.crl"
cp ca/chain.pem "$HTMLDIR/${CA_HTML_SIGN_NAME}.chain.pem"
ln -sf "${CA_HTML_SIGN_NAME}.crt" "$HTMLDIR/$CA_NAME.crt"
ln -sf "${CA_HTML_SIGN_NAME}.crl" "$HTMLDIR/$CA_NAME.crl"
echo -e "$SUCC html directory '$HTMLDIR' successfully created"
fi