Fix options

This commit is contained in:
Meutel 2024-02-12 13:32:44 +00:00
parent 4a16f7567a
commit de4421ae39

View File

@ -7,6 +7,7 @@ USER_CA_PRIV=${DIR_ETC}private/user/meutel_user_ca
HOST_CONFIG_ROOT=${DIR_ETC}public/host/ HOST_CONFIG_ROOT=${DIR_ETC}public/host/
USER_CONFIG_ROOT=${DIR_ETC}public/user/ USER_CONFIG_ROOT=${DIR_ETC}public/user/
ARGS_COUNT=$#
# public key file # public key file
PUBKEY=$1 PUBKEY=$1
# certificate type: user/host # certificate type: user/host
@ -17,14 +18,25 @@ NAME=$3
VALIDITY=$4 VALIDITY=$4
# principals for user cert # principals for user cert
PRINCIPALS=$5 PRINCIPALS=$5
# certificate options if [ "$ARGS_COUNT" -gt 5 ]
OPTS=$6 then
shift 5
# certificate options
OPTS=$@
echo "options: $OPTS"
fi
usage()
{
echo "signer.sh <pubkey_file> <user|host> <name> <validity> (<principals> <options...>)"
}
check_pubkey() check_pubkey()
{ {
if [ ! -f $PUBKEY ]; then if [ ! -f $PUBKEY ]; then
echo "missing public key: $PUBKEY" >&2 echo "missing public key: $PUBKEY" >&2
exit 2 usage
exit 1
fi fi
} }
@ -53,11 +65,13 @@ user_cert()
check_config $USER_CONFIG check_config $USER_CONFIG
if [ -z "$PRINCIPALS" ]; then if [ -z "$PRINCIPALS" ]; then
echo "missing principals" >&2 echo "missing principals" >&2
exit 4 usage
exit 1
fi fi
if [ -z "$VALIDITY" ]; then if [ -z "$VALIDITY" ]; then
echo "missing validity duration" >&2 echo "missing validity duration" >&2
exit 4 usage
exit 1
fi fi
if ls $USER_CONFIG/*-cert.pub 2>/dev/null > /dev/null ; then if ls $USER_CONFIG/*-cert.pub 2>/dev/null > /dev/null ; then
SERIAL=$(( $( ls $USER_CONFIG/*-cert.pub | wc -l ) + 1 )) SERIAL=$(( $( ls $USER_CONFIG/*-cert.pub | wc -l ) + 1 ))
@ -77,9 +91,34 @@ user_cert()
echo " principals: $PRINCIPALS" echo " principals: $PRINCIPALS"
echo " validity: $VALIDITY" echo " validity: $VALIDITY"
ssh-keygen -I "$CERT_ID" -s "$USER_CA_PRIV" -n "$PRINCIPALS" -O "$OPTS" -V "$VALIDITY" -z "$SERIAL" "$USER_PUB_KEY"
# TODO copy cert #ssh-keygen -I "$CERT_ID" -s "$USER_CA_PRIV" -n "$PRINCIPALS" $OPT_PARAMS -V "$VALIDITY" -z "$SERIAL" "$USER_PUB_KEY"
# TODO displqy certificate # declare -a PARAMS
# PARAMS=( "-I" "$CERT_ID" "-s" "$USER_CA_PRIV" "-n" "$PRINCIPALS" "-V" "$VALIDITY" "-z" "$SERIAL" "$USER_PUB_KEY" )
# for opt in "$OPTS"
# do
# PARAMS+=( $opt )
# done
# echo "${PARAMS[@]}"
# ssh-keygen "${PARAMS[@]}"
gen_cert
if [ "$?" -eq 0 ] ; then
cp "${USER_PUB_KEY%.pub}-cert.pub" "${PUBKEY%.pub}-cert.pub"
ssh-keygen -L -f "${PUBKEY%.pub}-cert.pub"
fi
}
gen_cert()
{
for opt in $OPTS
do
set -- "$@" "-O"
set -- "$@" "$opt"
done
ssh-keygen -I "$CERT_ID" -s "$USER_CA_PRIV" -n "$PRINCIPALS" -V "$VALIDITY" -z "$SERIAL" $@ "${USER_PUB_KEY}"
} }
host_cert() host_cert()
@ -89,6 +128,10 @@ host_cert()
check_config $HOST_CONFIG check_config $HOST_CONFIG
} }
if [ "$ARGS_COUNT" -lt 4 ]; then
usage
exit 1
fi
check_pubkey check_pubkey
case $TYPE in case $TYPE in
"user") "user")
@ -99,6 +142,7 @@ case $TYPE in
;; ;;
*) *)
echo "unknown certificate type" >&2 echo "unknown certificate type" >&2
usage
exit 1 exit 1
;; ;;
esac esac