diff --git a/warden3/contrib/warden_ra/warden_apply.sh b/warden3/contrib/warden_ra/warden_apply.sh new file mode 100755 index 0000000000000000000000000000000000000000..68ec6066513fddead24d99f04808f72b7200b7fb --- /dev/null +++ b/warden3/contrib/warden_ra/warden_apply.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +url='https://warden-ra.cesnet.cz/warden-ra/getCert' +key=key.pem +csr=csr.pem +cert=cert.pem +result=${TMPDIR:-${TMP:-/tmp}}/cert.$$.$RANDOM +config=${TMPDIR:-${TMP:-/tmp}}/conf.$$.$RANDOM +client="$1" +password="$2" + +trap 'rm -f "$config $result"' INT TERM HUP EXIT + +function flee { echo -e "$1"; exit $2; } + +[ -z "$client" -o -z "$password" ] && flee "Usage: ${0%.*} client.name password" 255 + +openssl version >/dev/null 2>&1 || flee "Haven't found 'openssl' binary." +curl --version >/dev/null 2>&1 || flee "Haven't found 'curl' binary." +for n in "$csr" "$key" "$cert"; do + [ -e "$n" ] && flee "$n already exists, I won't overwrite, move them away first, please." 254 +done +for n in "$result" "$config"; do + touch "$n" || flee "Error creating temporary file ($n)." 253 +done + +echo -e "default_bits=2048\ndistinguished_name=rdn\nprompt=no\n[rdn]\ncommonName=dummy" \ +> "$config" + +openssl req -new -nodes -batch -keyout "$key" -out "$csr" -config "$config" \ +|| flee "Error generating key/certificate request." 252 + +curl --progress-bar --request POST --data-binary '@-' "$url?name=$client&password=$password" \ +< "$csr" \ +> "$result" + +case $(<$result) in '-----BEGIN CERTIFICATE-----'*) + mv "$result" "$cert" + flee "Succesfully generated key ($key) and obtained certificate ($cert)." 0 +esac + +flee "$(<$result)\n\nCertificate request failed. Please save all error messages for communication with registration authority representative." 252