diff --git a/signer.sh b/signer.sh index 947dc40..15ff874 100755 --- a/signer.sh +++ b/signer.sh @@ -7,6 +7,7 @@ USER_CA_PRIV=${DIR_ETC}private/user/meutel_user_ca HOST_CONFIG_ROOT=${DIR_ETC}public/host/ USER_CONFIG_ROOT=${DIR_ETC}public/user/ +ARGS_COUNT=$# # public key file PUBKEY=$1 # certificate type: user/host @@ -17,14 +18,25 @@ NAME=$3 VALIDITY=$4 # principals for user cert PRINCIPALS=$5 -# certificate options -OPTS=$6 +if [ "$ARGS_COUNT" -gt 5 ] +then + shift 5 + # certificate options + OPTS=$@ + echo "options: $OPTS" +fi + +usage() +{ + echo "signer.sh ( )" +} check_pubkey() { if [ ! -f $PUBKEY ]; then echo "missing public key: $PUBKEY" >&2 - exit 2 + usage + exit 1 fi } @@ -53,11 +65,13 @@ user_cert() check_config $USER_CONFIG if [ -z "$PRINCIPALS" ]; then echo "missing principals" >&2 - exit 4 + usage + exit 1 fi if [ -z "$VALIDITY" ]; then echo "missing validity duration" >&2 - exit 4 + usage + exit 1 fi if ls $USER_CONFIG/*-cert.pub 2>/dev/null > /dev/null ; then SERIAL=$(( $( ls $USER_CONFIG/*-cert.pub | wc -l ) + 1 )) @@ -76,10 +90,35 @@ user_cert() echo " ID: $CERT_ID" echo " principals: $PRINCIPALS" echo " validity: $VALIDITY" + - ssh-keygen -I "$CERT_ID" -s "$USER_CA_PRIV" -n "$PRINCIPALS" -O "$OPTS" -V "$VALIDITY" -z "$SERIAL" "$USER_PUB_KEY" - # TODO copy cert - # TODO displqy certificate + #ssh-keygen -I "$CERT_ID" -s "$USER_CA_PRIV" -n "$PRINCIPALS" $OPT_PARAMS -V "$VALIDITY" -z "$SERIAL" "$USER_PUB_KEY" + # declare -a PARAMS + # PARAMS=( "-I" "$CERT_ID" "-s" "$USER_CA_PRIV" "-n" "$PRINCIPALS" "-V" "$VALIDITY" "-z" "$SERIAL" "$USER_PUB_KEY" ) + # for opt in "$OPTS" + # do + # PARAMS+=( $opt ) + # done + # echo "${PARAMS[@]}" + + # ssh-keygen "${PARAMS[@]}" + + gen_cert + if [ "$?" -eq 0 ] ; then + cp "${USER_PUB_KEY%.pub}-cert.pub" "${PUBKEY%.pub}-cert.pub" + ssh-keygen -L -f "${PUBKEY%.pub}-cert.pub" + fi +} + +gen_cert() +{ + for opt in $OPTS + do + set -- "$@" "-O" + set -- "$@" "$opt" + done + + ssh-keygen -I "$CERT_ID" -s "$USER_CA_PRIV" -n "$PRINCIPALS" -V "$VALIDITY" -z "$SERIAL" $@ "${USER_PUB_KEY}" } host_cert() @@ -89,6 +128,10 @@ host_cert() check_config $HOST_CONFIG } +if [ "$ARGS_COUNT" -lt 4 ]; then + usage + exit 1 +fi check_pubkey case $TYPE in "user") @@ -99,6 +142,7 @@ case $TYPE in ;; *) echo "unknown certificate type" >&2 + usage exit 1 ;; esac