75 lines
1.2 KiB
Bash
75 lines
1.2 KiB
Bash
|
#!/bin/sh
|
||
|
|
||
|
DIR_ETC=./etc/
|
||
|
|
||
|
HOST_CA_PRIV=${DIR_ETC}private/host/meutel_host_ca
|
||
|
USER_CA_PRIV=${DIR_ETC}private/user/meutel_user_ca
|
||
|
HOST_CONFIG_ROOT=${DIR_ETC}public/host/
|
||
|
USER_CONFIG_ROOT=${DIR_ETC}public/user/
|
||
|
|
||
|
TYPE=$1
|
||
|
NAME=$2
|
||
|
PRINCIPALS=$3
|
||
|
VALIDITY=$4
|
||
|
OPTS=$5
|
||
|
|
||
|
check_ca_key()
|
||
|
{
|
||
|
CA_PRIV=$1
|
||
|
if [ ! -f $CA_PRIV ]; then
|
||
|
echo "missing private CA key: $CA_PRIV" >&2
|
||
|
exit 2
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
check_config()
|
||
|
{
|
||
|
CONFIG_DIR=$1
|
||
|
if [ ! -d $CONFIG_DIR ]; then
|
||
|
echo "missing config: $CONFIG_DIR" >&2
|
||
|
exit 3
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
user_cert()
|
||
|
{
|
||
|
echo "user certificate"
|
||
|
check_ca_key $USER_CA_PRIV
|
||
|
USER_CONFIG=${USER_CONFIG_ROOT}${NAME}
|
||
|
check_config $USER_CONFIG
|
||
|
if [ -z "$PRINCIPALS" ]; then
|
||
|
echo "missing principals" >&2
|
||
|
exit 4
|
||
|
fi
|
||
|
if [ -z "$VALIDITY" ]; then
|
||
|
echo "missing validity duration" >&2
|
||
|
exit 4
|
||
|
fi
|
||
|
# ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]
|
||
|
# [-n principals] [-O option] [-V validity_interval]
|
||
|
# [-z serial_number] file ...
|
||
|
|
||
|
ssh-keygen
|
||
|
}
|
||
|
|
||
|
host_cert()
|
||
|
{
|
||
|
echo "host certificate"
|
||
|
check_ca_key $HOST_CA_PRIV
|
||
|
HOST_CONFIG=${HOST_CONFIG_ROOT}${NAME}
|
||
|
check_config $HOST_CONFIG
|
||
|
}
|
||
|
|
||
|
case $TYPE in
|
||
|
"user")
|
||
|
user_cert
|
||
|
;;
|
||
|
"host")
|
||
|
host_cert
|
||
|
;;
|
||
|
*)
|
||
|
echo "unknown certificate type" >&2
|
||
|
exit 1
|
||
|
;;
|
||
|
esac
|