-
Notifications
You must be signed in to change notification settings - Fork 0
/
easyrsa.inc
123 lines (106 loc) · 2.59 KB
/
easyrsa.inc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
easyrsa_pki_init () {
if [ ! -d "$2" ]; then
echo "$1 pki doesn't exist, creating..."
EASYRSA_PKI=$2 $EASYRSA init-pki >> $LOGFILE
mkdir $2/issued
git_init $1 $2
fi
}
easyrsa_csr_create () {
PKI=$1
NAME=$2
CN=$3
EASYRSA_PKI=$PKI $EASYRSA --batch --req-cn=$CN gen-req $NAME nopass &>> $LOGFILE
git_stamp $PKI "creating csr for $CN"
}
easyrsa_csr_import () {
PKI=$1
NAME=$2
CSR=$3
$EASYRSA --pki-dir=$PKI \
--batch \
import-req $CSR $NAME
git_stamp $PKI "imported csr for $NAME"
}
easyrsa_csr_sign () {
PKI=$1
NAME=$2
CN=$3
TYPE=$4
$EASYRSA --pki-dir=$PKI \
--batch \
--req-cn="$CN" \
sign-req $TYPE "$NAME"
git_stamp $PKI "signed csr for $CN"
}
easyrsa_csr_sign_server () {
easyrsa_csr_sign $1 $2 $3 "server"
}
easyrsa_device_pki_init () {
easyrsa_pki_init "device" $EASYRSA_PKI_DEVICE
}
easyrsa_device_pki_exists () {
if [ ! -d "$EASYRSA_PKI_DEVICE" ]; then
echo "device pki isn't available"
exit 1
fi
}
easyrsa_device_pki_doesntexist () {
if [ -d "$EASYRSA_PKI_DEVICE" ]; then
echo "device pki exists"
exit 1
fi
}
easyrsa_device_csr_create () {
UUID=$1
EASYRSA_PKI=$EASYRSA_PKI_USER $EASYRSA --batch --req-cn=$UUID gen-req device-$UUID nopass &>> $LOGFILE
git_stamp $EASYRSA_PKI_USER "creating csr for $UUID"
}
easyrsa_device_csr_abort () {
git_abort $EASYRSA_PKI_USER
}
easyrsa_device_csr_finalise () {
UUID=$1
git_stamp $EASYRSA_PKI_USER "certificate received for $UUID"
}
easyrsa_device_csr_import () {
UUID=$1
CSR=$2
$EASYRSA --pki-dir=$EASYRSA_PKI_DEVICE \
--batch \
import-req $CSR $UUID
git_stamp $EASYRSA_PKI_DEVICE "imported csr for $UUID"
}
easyrsa_device_csr_sign () {
UUID=$1
$EASYRSA --pki-dir=$EASYRSA_PKI_DEVICE \
--batch \
--req-cn="$UUID" \
sign-req client "$UUID"
git_stamp $EASYRSA_PKI_DEVICE "signed csr for $UUID"
}
easyrsa_server_pki_init () {
easyrsa_pki_init "server" $EASYRSA_PKI_SERVER
}
easyrsa_pki_server_exists () {
if [ ! -d "$EASYRSA_PKI_SERVER" ]; then
echo "server pki isn't available"
exit 1
fi
}
easyrsa_pki_server_doesntexist () {
if [ -d "$EASYRSA_PKI_SERVER" ]; then
echo "server pki exists"
exit 1
fi
}
easyrsa_user_pki_init () {
easyrsa_pki_init "user" $EASYRSA_PKI_USER
}
easyrsa_test_pki_init () {
easyrsa_pki_init "test" $EASYRSA_PKI_TEST
$EASYRSA --pki-dir=$EASYRSA_PKI_TEST \
--batch \
--req-cn="thingy.jp testing root CA" \
build-ca nopass &>> $LOGFILE
}