diff options
author | Erich Eckner <git@eckner.net> | 2019-09-02 12:02:46 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2019-09-02 12:04:40 +0200 |
commit | 42ed8f813c8f1c3edf57fedc6c4b48c29608af2b (patch) | |
tree | ef806499f9170d9676ce183f2f62fb430e1faf69 | |
parent | 582e673f51940f03d4e82f7e833d6c0ca104c6b1 (diff) | |
download | simple-pki-42ed8f813c8f1c3edf57fedc6c4b48c29608af2b.tar.xz |
sign-request.in: sollte gehen (ungetestet)
-rwxr-xr-x | sign-request.in | 33 |
1 files changed, 8 insertions, 25 deletions
diff --git a/sign-request.in b/sign-request.in index b464552..e36ad7d 100755 --- a/sign-request.in +++ b/sign-request.in @@ -1,21 +1,11 @@ #!/bin/bash -key_dir='#ETCDIR#/simple-pki/keys' - if [ -r '#ETCDIR#/simple-pki/ca.conf' ]; then . '#ETCDIR#/simple-pki/ca.conf' fi cd "${0%/*}" -remove_leading_spaces() { - sed ' - s/^ \{'"$1"'\}// - t - d - ' -} - tmp_dir=$(mktemp -d) trap 'rm -rf --one-file-system "${tmp_dir}"' EXIT @@ -29,6 +19,7 @@ while read -r csr; do rm "${csr_local}" continue fi + content=$( printf '%s\n' "${content}" \ | sed -n ' @@ -102,23 +93,15 @@ while read -r csr; do rm "${csr_local}" continue fi - if [ ! -f "${key_dir}/${ca_name}.key" ] \ - || [ $((2*$(date +%s) + $(stat -c%Y "${key_dir}/${ca_name}.key"))) -gt $((3*$(stat -c%Y "${key_dir}/${ca_name}.key.new"))) ]; then - key_to_use="${key_dir}/${ca_name}.key.new" - crt_to_use="${key_dir}/${ca_name}.crt.new" - else - key_to_use="${key_dir}/${ca_name}.key" - crt_to_use="${key_dir}/${ca_name}.crt" - fi - openssl x509 -req \ - -CAkey "${key_to_use}" \ - -CA "${crt_to_use}" \ - -CAserial "${key_dir}/${ca_name}.srl" \ - -CAcreateserial \ + CA=signing-ca openssl ca -batch -name signing_ca \ + -config '#ETCDIR#/simple-pki/ca-ssl.conf' \ -in "${csr_local}" \ - -out "${csr_local%.csr}.crt" + -out "${csr_local%.csr}.crt" \ + -extensions server_ext + cat "${csr_local%.csr}.crt" '#ETCDIR#/simple-pki/ca/signing-ca.crt' '#ETCDIR#/simple-pki/ca/root-ca.crt' \ + > "${csr_local%.csr}.chain" rm "${csr_local}" done cd "${tmp_dir}" -tar -czf - *.crt +tar -czf - *.crt *.chain |