-
Notifications
You must be signed in to change notification settings - Fork 0
/
genintermediate
executable file
·65 lines (43 loc) · 1.55 KB
/
genintermediate
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/bin/bash
CODE="VOTE20221031"
NAME="Used Car and VoIP Emporium"
C="AU"
O="Beer4Peer"
CN="$CODE ($NAME)"
BASEURL='https://foo.blah/ca'
CLIENTDIR=intermed/${CODE}
mkdir -p ${CLIENTDIR}
PRIVKEY=${CLIENTDIR}/${CODE}.private.pem
CSR=${CLIENTDIR}/${CODE}.csr.pem
CERT=${CLIENTDIR}/${CODE}.crt
SUBJECT="/CN=$CN/C=$C/O=Issued by $O"
SIGNING=ca/intermediate/certs/intermediate.cert.pem
function genCertUrl() {
local cert=$1
local ski=$(openssl x509 -noout -in $cert -pubkey | openssl asn1parse -strparse 23 -out - -noout | openssl dgst -c -sha1 | cut -d\ -f2)
local uuid=$(uuidgen --sha1 --namespace @url --name $ski)
echo $BASEURL/$uuid
}
function genReqUuid() {
local req=$1
local ski=$(openssl req -noout -in $req -pubkey | openssl asn1parse -strparse 23 -out - -noout | openssl dgst -c -sha1 | cut -d\ -f2)
local uuid=$(uuidgen --sha1 --namespace @url --name $ski)
echo $uuid
}
ISSUER=$(genCertUrl $SIGNING)
set -x
openssl ecparam -noout -name prime256v1 -genkey -out ${PRIVKEY} -outform PEM
openssl req -config ca/openssl.conf -new -nodes -sha256 -key ${PRIVKEY} -out ${CSR} -subj "${SUBJECT}"
THISUUID=$(genReqUuid ${CSR})
cat > ${CLIENTDIR}/openssl.${CODE}.conf <<EOF
.include ca/openssl.conf
[ client_issuers ]
caIssuers;URI.1 = $ISSUER
caIssuers;email.2 = the@xrob.au
[ client_altnames ]
URI.1 = $BASEURL/${THISUUID}
DNS.2 = ${THISUUID}.foo.blah
[ tn_auth_list ]
field1=EXP:0,IA5:${CODE}
EOF
openssl ca -name CA_intermed -config ${CLIENTDIR}/openssl.${CODE}.conf -extensions client_shaken_cert -days 91 -notext -in ${CSR} -out ${CERT} -rand_serial -batch