Skip to content
Snippets Groups Projects
Commit 16eed2c2 authored by Václav Bartoš's avatar Václav Bartoš Committed by Pavel Kácha
Browse files

warden_apply.sh: URL of warden_ra must be passed as parameter

+ possibility to specify cacert
parent 947e23d6
No related branches found
No related tags found
No related merge requests found
......@@ -57,7 +57,7 @@ to the new client administrator along with other setup information.
The client administrator runs the application script with application
password:
warden_apply.sh org.example.warden.client P4SSW0RD
warden_apply.sh https://warden.example.org/warden-ra/ org.example.warden.client P4SSW0RD
The script creates new X509 key, CSR certificate request and makes call to
the Warden RA web service, where it obtains the new complete certificate.
......@@ -69,7 +69,7 @@ Prolonging existing client credentials
The client administrator runs the application script with his existing valid
Warden credentials, which he needs to prolong:
warden_apply.sh org.example.warden.client cert.pem key.pem
warden_apply.sh https://warden.example.org/warden-ra/ org.example.warden.client cert.pem key.pem
The script creates new X509 key, CSR certificate request and makes call to
the Warden RA web service, where it obtains the new complete certificate.
......
#!/bin/bash
url='https://warden-hub.cesnet.cz/warden-ra/getCert'
key=key.pem
csr=csr.pem
cert=cert.pem
result=${TMPDIR:-${TMP:-/tmp}}/cert.$$.$RANDOM
config=${TMPDIR:-${TMP:-/tmp}}/conf.$$.$RANDOM
client="$1"
password="$2"
incert="$2"
inkey="$3"
if [ "$1" == "--cacert" ]; then
cacert="--cacert $2"
shift
shift
fi
url="$1"
client="$2"
password="$3"
incert="$4"
inkey="$5"
trap 'rm -f "$config $result"' INT TERM HUP EXIT
function flee { echo -e "$1"; exit $2; }
[ -z "$client" -o -z "$password" ] && flee "Usage: ${0%.*} client.name password\n ${0%.*} client.name cert_file key_file" 255
[ -z "$client" -o -z "$password" ] && flee "Usage: ${0%.*} [--cacert CERT] url client.name password\n ${0%.*} [--cacert CERT] url client.name cert_file key_file" 255
url="${url%/}/getCert"
for n in openssl curl; do
command -v "$n" 2>&1 >/dev/null || flee "Haven't found $n binary." 251
......@@ -32,9 +39,9 @@ echo -e "default_bits=2048\ndistinguished_name=rdn\nprompt=no\n[rdn]\ncommonName
openssl req -new -nodes -batch -keyout "$key" -out "$csr" -config "$config" || flee "Error generating key/certificate request." 252
if [ -z "$inkey" ]; then
curl --progress-bar --request POST --data-binary '@-' "$url?name=$client&password=$password" < "$csr" > "$result"
curl --progress-bar $cacert --request POST --data-binary '@-' "$url?name=$client&password=$password" < "$csr" > "$result"
else
curl --progress-bar --request POST --data-binary '@-' --cert "$incert" --key "$inkey" "$url?name=$client" < "$csr" > "$result"
curl --progress-bar $cacert --request POST --data-binary '@-' --cert "$incert" --key "$inkey" "$url?name=$client" < "$csr" > "$result"
fi
case $(<$result) in '-----BEGIN CERTIFICATE-----'*)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment