在Bash脚本中动态生成openssl的-extfile参数。

huangapple
go评论62阅读模式
英文:

How to dynamically generate -extfile parameter for openssl in bash script

问题

抱歉,由于指令要求我只返回代码部分,我将为您逐步提供代码的翻译。以下是您提供的脚本的第一部分的翻译:

#!/bin/bash

function gen_extfile()
{
	domain=$1
	cat << EOF 
		authorityKeyIdentifier=keyid,issuer\n
    basicConstraints=CA:FALSE\n
		keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment\n
    subjectAltName = @alt_names\n
    [alt_names]\n
		DNS.1 = $domain
EOF
}

case "$1" in
    r*)
        [ -z "$2" ] && filename="rootCA" || filename="$2"
        openssl genrsa -des3 -passout pass:default -out "$filename.key" 4096
        openssl req -x509 -new -nodes -passin pass:default -key "$filename.key" -sha256 -days 20480 -subj "/C=GB/ST=London/L=London/O=Development/OU=IT Department/CN=Self Signed Certificate/emailAddress=info@example.com" -out rootCA.crt
    ;;
		h*)
        host="$2"
        destination="$3"
				if [ -z $host ]; then
            echo "Host argument is required"
            exit 1
        fi
				extFile=$(gen_extfile $host)
				openssl req -new -sha256 -nodes  -out "$host.csr" -newkey rsa:2048 -days 20480 -subj "/C=GB/ST=London/L=London/O=$host/OU=IT Department/CN=$host Self Signed Certificate/emailAddress=info@$host"  -keyout "$host.key"
				openssl x509 -req -passin pass:default -in "$host.csr" -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out "$host.crt" -days 500 -sha256 -extfile "$extFile"
        # openssl pkcs12 -export -passin pass:default  -inkey "$host.key" -in "$host.crt" -out "$host.pfx" -passout pass:
        # if ! [ -z $destination ]; then
        #     mv "$host*" $destination
        # fi
    ;;
    *) cat << EOF
ssl-cert: 生成

允许的选项:
    root {?filename} {?destination} 生成根证书。默认证书基名为 rootCA 
    host {host} {?destination}       生成域名证书
EOF
esac

接下来,请等待我逐步提供剩余代码的翻译。

英文:

I have a script that I use to generate development certificates for my .test domain. I managed to create PowerShell script to do this but I struggle to do the same in arch bash, usually -extfile expects a document is there a way I can generate a mock of file with bash function and pass it into it? Here is my script

#!/bin/bash

function gen_extfile()
{
	domain=$1
	cat &lt;&lt; EOF 
		authorityKeyIdentifier=keyid,issuer\n
    basicConstraints=CA:FALSE\n
		keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment\n
    subjectAltName = @alt_names\n
    [alt_names]\n
		DNS.1 = $domain
EOF
}


case &quot;$1&quot; in
    r*)
        [ -z &quot;$2&quot; ] &amp;&amp; filename=&quot;rootCA&quot; || filename=&quot;$2&quot;
        openssl genrsa -des3 -passout pass:default -out &quot;$filename.key&quot; 4096
        openssl req -x509 -new -nodes -passin pass:default -key &quot;$filename.key&quot; -sha256 -days 20480 -subj &quot;/C=GB/ST=London/L=London/O=Development/OU=IT Department/CN=Self Signed Certificate/emailAddress=info@example.com&quot; -out rootCA.crt
    ;;
		h*)
        host=&quot;$2&quot;
        destination=&quot;$3&quot;
				if [ -z $host ]; then
            echo &quot;Host argument is required&quot;
            exit 1
        fi
				extFile=$(gen_extfile $host)
				openssl req -new -sha256 -nodes  -out &quot;$host.csr&quot; -newkey rsa:2048 -days 20480 -subj &quot;/C=GB/ST=London/L=London/O=$host/OU=IT Department/CN=$host Self Signed Certificate/emailAddress=info@$host&quot;  -keyout &quot;$host.key&quot;
				openssl x509 -req -passin pass:default -in &quot;$host.csr&quot; -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out &quot;$host.crt&quot; -days 500 -sha256 -extfile &quot;$extFile&quot;
        # openssl pkcs12 -export -passin pass:default  -inkey &quot;$host.key&quot; -in &quot;$host.crt&quot; -out &quot;$host.pfx&quot; -passout pass:
        # if ! [ -z $destination ]; then
        #     mv &quot;$host*&quot; $destination
        # fi
    ;;
    *) cat &lt;&lt; EOF
ssl-cert: Generates 

Allowed options:
    root {?filename} {?destination} generates root certificate. Default cirtificate basename is rootCA 
    host {host} {?destination}      generates domain certificate
EOF
esac

答案1

得分: 1

这是适用于我的解决方案。

#!/bin/bash

function gen_extfile()
{
	domain=$1
	cat << EOF 
		authorityKeyIdentifier=keyid,issuer
    basicConstraints=CA:FALSE
		keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
    subjectAltName = @alt_names
    [alt_names]
		DNS.1 = $domain
EOF
}


case "$1" in
    r*)
        [ -z "$2" ] && filename="rootCA" || filename="$2"
        openssl genrsa -des3 -passout pass:default -out "$filename.key" 4096
        openssl req -x509 -new -nodes -passin pass:default -key "$filename.key" -sha256 -days 20480 -subj "/C=GB/ST=London/L=London/O=Development/OU=IT Department/CN=Self Signed Certificate/emailAddress=info@example.com" -out rootCA.crt
    ;;
		h*)
        host="$2"
        destination="$3"
				if [ -z $host ]; then
            echo "Host argument is required"
            exit 1
        fi
				extFile=$(gen_extfile $host)
				openssl req -new -sha256 -nodes  -out "$host.csr" -newkey rsa:2048 -days 20480 -subj "/C=GB/ST=London/L=London/O=$host/OU=IT Department/CN=$host Self Signed Certificate/emailAddress=info@$host"  -keyout "$host.key"
				openssl x509 -req -passin pass:default -in "$host.csr" -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out "$host.crt" -days 500 -sha256 -extfile <(printf "$extFile")
        openssl pkcs12 -export -passin pass:default  -inkey "$host.key" -in "$host.crt" -out "$host.pfx" -passout pass:
        if ! [ -z $destination ]; then
            mv "$host*" $destination
        fi
    ;;
    *) cat << EOF
ssl-cert: Generates 

Allowed options:
    root {?filename} {?destination} generates root certificate. Default cirtificate basename is rootCA 
    host {host} {?destination}      generates domain certificate
EOF
esac

请注意,我已经纠正了一些 HTML 转义字符,以使代码更易于阅读。

英文:

Here is the solution that worked for me.

#!/bin/bash

function gen_extfile()
{
	domain=$1
	cat &lt;&lt; EOF 
		authorityKeyIdentifier=keyid,issuer\n
    basicConstraints=CA:FALSE\n
		keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment\n
    subjectAltName = @alt_names\n
    [alt_names]\n
		DNS.1 = $domain
EOF
}


case &quot;$1&quot; in
    r*)
        [ -z &quot;$2&quot; ] &amp;&amp; filename=&quot;rootCA&quot; || filename=&quot;$2&quot;
        openssl genrsa -des3 -passout pass:default -out &quot;$filename.key&quot; 4096
        openssl req -x509 -new -nodes -passin pass:default -key &quot;$filename.key&quot; -sha256 -days 20480 -subj &quot;/C=GB/ST=London/L=London/O=Development/OU=IT Department/CN=Self Signed Certificate/emailAddress=info@example.com&quot; -out rootCA.crt
    ;;
		h*)
        host=&quot;$2&quot;
        destination=&quot;$3&quot;
				if [ -z $host ]; then
            echo &quot;Host argument is required&quot;
            exit 1
        fi
				extFile=$(gen_extfile $host)
				openssl req -new -sha256 -nodes  -out &quot;$host.csr&quot; -newkey rsa:2048 -days 20480 -subj &quot;/C=GB/ST=London/L=London/O=$host/OU=IT Department/CN=$host Self Signed Certificate/emailAddress=info@$host&quot;  -keyout &quot;$host.key&quot;
				openssl x509 -req -passin pass:default -in &quot;$host.csr&quot; -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out &quot;$host.crt&quot; -days 500 -sha256 -extfile &lt;(printf &quot;$extFile&quot;)
        openssl pkcs12 -export -passin pass:default  -inkey &quot;$host.key&quot; -in &quot;$host.crt&quot; -out &quot;$host.pfx&quot; -passout pass:
        if ! [ -z $destination ]; then
            mv &quot;$host*&quot; $destination
        fi
    ;;
    *) cat &lt;&lt; EOF
ssl-cert: Generates 

Allowed options:
    root {?filename} {?destination} generates root certificate. Default cirtificate basename is rootCA 
    host {host} {?destination}      generates domain certificate
EOF
esac

huangapple
  • 本文由 发表于 2020年1月3日 21:51:41
  • 转载请务必保留本文链接:https://go.coder-hub.com/59579759.html
  • bash
  • openssl
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定