Add gencrl into CA.sh

This commit is contained in:
nemunaire 2013-12-11 18:11:32 +01:00
parent c9cc7b36a9
commit 9109c3e3e0
2 changed files with 30 additions and 8 deletions

View File

@ -25,7 +25,7 @@ END_BOLD="</b>"
usage() usage()
{ {
echo "Usage: $0 (-newca|-newserver|-newclient NAME|-revoke NAME)" echo "Usage: $0 (-newca|-newserver|-newclient NAME|-revoke NAME|-gencrl)"
exit 1 exit 1
} }
@ -38,8 +38,9 @@ clean()
mkdir -p ${TOP_DIR}/newcerts mkdir -p ${TOP_DIR}/newcerts
mkdir -p ${TOP_DIR}/private mkdir -p ${TOP_DIR}/private
mkdir -p ${TOP_DIR}/pkcs mkdir -p ${TOP_DIR}/pkcs
echo "01" > ${TOP_DIR}/crlnumber
elif [ "$1" = "client" ]; then elif [ "$1" = "client" ]; then
rm -rf ${2}.key ${2}.csr rm -rf ${TOP_DIR}/${2}.key ${TOP_DIR}/${2}.csr
fi fi
rm -rf $OUTPUT rm -rf $OUTPUT
} }
@ -151,7 +152,7 @@ case $1 in
pass=`pwgen -n -B -y 12 1` pass=`pwgen -n -B -y 12 1`
openssl req -batch -new -keyout ${2}.key -out ${2}.csr \ openssl req -batch -new -keyout ${TOP_DIR}/${2}.key -out ${TOP_DIR}/${2}.csr \
-config ${OPENSSL_CONF} -passout pass:$pass -days ${DAYS} > $OUTPUT 2>&1 -config ${OPENSSL_CONF} -passout pass:$pass -days ${DAYS} > $OUTPUT 2>&1
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
cat $OUTPUT cat $OUTPUT
@ -160,8 +161,8 @@ case $1 in
fi fi
echo -e "${GREEN}Signing the Client crt${COLOR_RST}" echo -e "${GREEN}Signing the Client crt${COLOR_RST}"
openssl ca -batch -policy policy_match -out ${2}.crt \ openssl ca -batch -policy policy_match -out ${TOP_DIR}/${2}.crt \
-config ${OPENSSL_CONF} -infiles ${2}.csr > $OUTPUT 2>&1 -config ${OPENSSL_CONF} -infiles ${TOP_DIR}/${2}.csr > $OUTPUT 2>&1
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo -e "${RED}Signing failed for $2 ${COLOR_RST}" echo -e "${RED}Signing failed for $2 ${COLOR_RST}"
cat $OUTPUT cat $OUTPUT
@ -169,7 +170,7 @@ case $1 in
exit 3 exit 3
fi fi
echo -e "${GREEN}Export the Client files to pkcs12${COLOR_RST}" echo -e "${GREEN}Export the Client files to pkcs12${COLOR_RST}"
openssl pkcs12 -export -inkey ${2}.key -in ${2}.crt -name ${2} \ openssl pkcs12 -export -inkey ${TOP_DIR}/${2}.key -in ${TOP_DIR}/${2}.crt -name ${2} \
-passin pass:$pass -out ${TOP_DIR}/pkcs/${2}.p12 \ -passin pass:$pass -out ${TOP_DIR}/pkcs/${2}.p12 \
-passout pass:$pass > $OUTPUT 2>&1 -passout pass:$pass > $OUTPUT 2>&1
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
@ -180,8 +181,9 @@ case $1 in
else else
echo -e "Exported pkcs12 file is ${2}.p12" echo -e "Exported pkcs12 file is ${2}.p12"
fi fi
mv ${2}.crt ${TOP_DIR}/certs mv ${TOP_DIR}/${2}.crt ${TOP_DIR}/certs
echo "$2:$pass" >> ${TOP_DIR}/../teams.pass echo "$2:$pass" >> ${TOP_DIR}/../teams.pass
echo "$pass"
clean "client" $2 clean "client" $2
;; ;;
"-revoke" ) "-revoke" )
@ -200,7 +202,25 @@ case $1 in
fi fi
rm ${TOP_DIR}/certs/${2}.crt rm ${TOP_DIR}/certs/${2}.crt
rm ${TOP_DIR}/pkcs/${2}.p12 rm ${TOP_DIR}/pkcs/${2}.p12
echo -e "${GREEN}Generate crl.pem${COLOR_RST}"
openssl ca -config ${OPENSSL_CONF} -gencrl -out ${TOP_DIR}/crl.pem > $OUTPUT 2>&1
if [ $? -ne 0 ]; then
echo -e "${RED}Generate crl.pem failed"
cat $OUTPUT
exit 5
fi
;; ;;
"-gencrl" )
echo -e "${GREEN}Generate crl.pem${COLOR_RST}"
openssl ca -config ${OPENSSL_CONF} -gencrl -out ${TOP_DIR}/crl.pem > $OUTPUT 2>&1
if [ $? -ne 0 ]; then
echo -e "${RED}Generate crl.pem failed"
cat $OUTPUT
exit 5
fi
;;
* ) * )
usage usage
;; ;;

View File

@ -80,8 +80,10 @@ if (!empty($p[2]))
//TODO check revoked attribute //TODO check revoked attribute
if (isset($name)) if (isset($name))
{ {
new_client($name, $misc_dir); $output = new_client($name, $misc_dir);
Team::set_revoked(FALSE, $name); Team::set_revoked(FALSE, $name);
erreur($output, "sucess");
return "admin/import_users";
} }
} }
elseif ($p[2] == "get") elseif ($p[2] == "get")