Telecominfraproject/openafc_final
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/openafc_final.git synced 2026-01-27 10:22:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
openafc_final/tools/certs.sh
Michael Gelman c4816a685b Migrate final Open AFC Repository
2024-03-25 10:11:24 -04:00

81 lines
2.2 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/sh
#
# Copyright (C) 2023 Broadcom. All rights reserved. The term "Broadcom"
# refers solely to the Broadcom Inc. corporate affiliate that owns
# the software below. This work is licensed under the OpenAFC Project License,
# a copy of which is included with this software program
#
make_key()
{
local k_name=$1
local cmd="openssl genrsa -out $k_name/$k_name"_key.pem" 4096 > /dev/null 2>&1"
eval $cmd
if [ "$?" -ne "0" ]; then echo -e "ERROR: Failed to generate key $k_name\n" ; return 1 ; fi
}
make_client_cert()
{
local cli_name=${1:-test}"_cli"
local ca_path=${AFC_CA_CERT_PATH:-.}
local ca_crt="test_ca_crt.pem"
local ca_key="test_ca_key.pem"
#local cli_addr=$(hostname -i)
local cli_addr=$(ifconfig eth0 | grep 'inet ' | awk '{ print $2}')
mkdir $cli_name
make_key $cli_name
openssl req -new -key $cli_name/$cli_name"_key.pem" \
-out $cli_name/$cli_name".csr" -sha256 \
-subj "/C=IL/ST=Israel/L=Tel Aviv/O=Broadcom/CN=$cli_name" > /dev/null 2>&1
cat << EOF > $cli_name"_ext.cnf"
authorityKeyIdentifier=keyid,issuer
basicConstraints = CA:FALSE
extendedKeyUsage=clientAuth
keyUsage = critical, digitalSignature, keyEncipherment
subjectAltName = IP:$cli_addr
subjectKeyIdentifier=hash
EOF
cat << EOF > $cli_name".cnf"
HOME = .
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = $cli_name
certs = $cli_name
database = $cli_name/index.txt
new_certs_dir = $cli_name
serial = $cli_name/serial.txt
policy = policy_default
default_md = sha256
[ policy_default ]
EOF
touch $cli_name/index.txt
echo 01 > $cli_name/serial.txt
openssl ca -config $cli_name".cnf" \
-startdate $(date --date='-7 days' +'%y%m%d000000Z') \
-days 29 -batch -notext \
-out $cli_name/$cli_name"_crt.pem" -cert $ca_path/$ca_crt \
-keyfile $ca_path/$ca_key \
-in $cli_name/$cli_name".csr" -extfile $cli_name"_ext.cnf" > /dev/null 2>&1
# echo "\nCreated certificate."
openssl x509 -startdate -enddate -noout -in $cli_name/$cli_name"_crt.pem" > /dev/null
return 0
}
#
#
#
case $1 in
cert_client)
shift
make_client_cert $1
;;
''|*)
echo -e "Nothing todo ($1)\n"
;;
esac
exit
Reference in New Issue View Git Blame Copy Permalink