bin-utils/signer.sh

75 lines
1.2 KiB
Bash
Raw Normal View History

2024-02-12 05:54:18 +00:00
#!/bin/sh
DIR_ETC=./etc/
HOST_CA_PRIV=${DIR_ETC}private/host/meutel_host_ca
USER_CA_PRIV=${DIR_ETC}private/user/meutel_user_ca
HOST_CONFIG_ROOT=${DIR_ETC}public/host/
USER_CONFIG_ROOT=${DIR_ETC}public/user/
TYPE=$1
NAME=$2
PRINCIPALS=$3
VALIDITY=$4
OPTS=$5
check_ca_key()
{
CA_PRIV=$1
if [ ! -f $CA_PRIV ]; then
echo "missing private CA key: $CA_PRIV" >&2
exit 2
fi
}
check_config()
{
CONFIG_DIR=$1
if [ ! -d $CONFIG_DIR ]; then
echo "missing config: $CONFIG_DIR" >&2
exit 3
fi
}
user_cert()
{
echo "user certificate"
check_ca_key $USER_CA_PRIV
USER_CONFIG=${USER_CONFIG_ROOT}${NAME}
check_config $USER_CONFIG
if [ -z "$PRINCIPALS" ]; then
echo "missing principals" >&2
exit 4
fi
if [ -z "$VALIDITY" ]; then
echo "missing validity duration" >&2
exit 4
fi
# ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]
# [-n principals] [-O option] [-V validity_interval]
# [-z serial_number] file ...
ssh-keygen
}
host_cert()
{
echo "host certificate"
check_ca_key $HOST_CA_PRIV
HOST_CONFIG=${HOST_CONFIG_ROOT}${NAME}
check_config $HOST_CONFIG
}
case $TYPE in
"user")
user_cert
;;
"host")
host_cert
;;
*)
echo "unknown certificate type" >&2
exit 1
;;
esac