File: make-ssl-cert

package info (click to toggle)
ssl-cert 1.0-11
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 508 kB
  • sloc: sh: 68; makefile: 28
file content (100 lines) | stat: -rwxr-xr-x 2,417 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
#!/bin/bash -e
# This is a mockup of a script to produce a snakeoil cert
# The aim is to have a debconfisable ssl-certificate script

# Takes two arguments, the base layout and the output cert.

if [ $# -lt 2 ]; then
    printf "Usage: $0 template output [--force-overwrite]\n";
    exit 1;
fi

template="$1"
output="$2"

if [ ! -f $template ]; then
    printf "Could not open template file: $template!\n";
    exit 1;
fi

# be a bit paranoid to avoid users overwriting existing certificates
# by mistake

if [ -f $output ] && [ "$3" != "--force-overwrite" ]; then
    printf "$output file already exists!\n";
    exit 1;
fi

# Now we source in debconf so ve can ask ze questions!
. /usr/share/debconf/confmodule
db_version 2.0
db_capb backup
db_settitle make-ssl-cert/title

templates="countryname statename localityname organisationname ouname hostname email"

for i in $templates; do
    RET=""
    while [ "x$RET" = "x" ]; do
    	db_fset make-ssl-cert/$i seen false
	db_input high make-ssl-cert/$i || true
	db_go
	db_get make-ssl-cert/$i
    done
done

db_get make-ssl-cert/countryname
CountryName="$RET"
db_fset make-ssl-cert/countryname seen false

db_get make-ssl-cert/statename
StateName="$RET"
db_fset make-ssl-cert/statename seen false

db_get make-ssl-cert/localityname
LocalityName="$RET"
db_fset make-ssl-cert/localityname seen false

db_get make-ssl-cert/organisationname
OrganisationName="$RET"
db_fset make-ssl-cert/organisationname seen false

db_get make-ssl-cert/ouname
OUName="$RET"
db_fset make-ssl-cert/ouname seen false

db_get make-ssl-cert/hostname
HostName="$RET"
db_fset make-ssl-cert/hostname seen false

db_get make-ssl-cert/email
Email="$RET"
db_fset make-ssl-cert/email seen false

# # should be a less common char
# problem is that openssl virtually accepts everything and we need to
# sacrifice one char.

TMPFILE=`mktemp` || exit 1

sed -e s#@CountryName@#"$CountryName"# \
    -e s#@StateName@#"$StateName"# \
    -e s#@LocalityName@#"$LocalityName"# \
    -e s#@OrganisationName@#"$OrganisationName"# \
    -e s#@OUName@#"$OUName"# \
    -e s#@HostName@#"$HostName"# \
    -e s#@Email@#"$Email"# \
    $template > $TMPFILE

export RANDFILE=/dev/random
openssl req -config $TMPFILE -new -x509 -nodes -out $output \
    -keyout $output
chmod 600 $output

# hash symlink
cd `dirname $output`
ln -sf `basename $output` `openssl x509 -hash -noout -in $output`

rm -f $TMPFILE

db_stop