2022-08-11 13:56:25 +10:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
set -eu
|
|
|
|
|
2022-08-11 19:53:53 +10:00
|
|
|
ERROR_COLOR='\033[0;31m';
|
|
|
|
HIGHLIGHT_COLOR='\033[0;32m';
|
|
|
|
INPUT_COLOR='\033[0;33m';
|
|
|
|
NO_COLOR='\033[0m';
|
|
|
|
|
|
|
|
|
2022-08-11 20:17:18 +10:00
|
|
|
function print_highlight() {
|
|
|
|
printf "${HIGHLIGHT_COLOR}$1${NO_COLOR}\n"
|
|
|
|
}
|
|
|
|
|
|
|
|
function print_error() {
|
|
|
|
printf "${ERROR_COLOR}$1${NO_COLOR}\n"
|
|
|
|
}
|
|
|
|
|
|
|
|
function input() {
|
|
|
|
read -p "$(echo -e ${INPUT_COLOR}$1 ${NO_COLOR})" $2
|
|
|
|
}
|
|
|
|
|
|
|
|
input "Specify the output path:" OUTPUT_PATH
|
2022-08-11 13:56:25 +10:00
|
|
|
|
|
|
|
if [ -z "$OUTPUT_PATH" ]; then
|
|
|
|
OUTPUT_PATH="$(pwd)/output"
|
|
|
|
|
|
|
|
if [[ ! -e "$OUTPUT_PATH" ]]; then
|
|
|
|
mkdir "$OUTPUT_PATH"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ ! -e "$OUTPUT_PATH" ]]; then
|
2022-08-11 20:17:18 +10:00
|
|
|
print_error "${OUTPUT_PATH} doesn't exist."
|
2022-08-11 13:56:25 +10:00
|
|
|
exit;
|
|
|
|
fi
|
|
|
|
|
2022-08-11 20:17:18 +10:00
|
|
|
input "Do you have cfssl installed?(y/n): " is_cfssl_installed
|
2022-08-11 13:56:25 +10:00
|
|
|
|
2022-08-11 19:53:53 +10:00
|
|
|
CFSSLEXE=${OUTPUT_PATH}/cfssl
|
|
|
|
CFSSLJSONEXE=${OUTPUT_PATH}/cfssljson
|
2022-08-11 13:56:25 +10:00
|
|
|
|
2022-08-11 19:53:53 +10:00
|
|
|
if [[ "${is_cfssl_installed}" == "y" || "${is_cfssl_installed}" == "Y" ]]; then
|
2022-08-11 20:17:18 +10:00
|
|
|
input "Specify the path where the cfssl and cfssljson are placed: " TOOL_PATH
|
2022-08-11 19:53:53 +10:00
|
|
|
|
|
|
|
CFSSLEXE=${TOOL_PATH}/cfssl
|
|
|
|
CFSSLJSONEXE=${TOOL_PATH}/cfssljson
|
|
|
|
|
2022-08-11 20:17:18 +10:00
|
|
|
print_highlight "Your cfssl binary path is ${CFSSLEXE}"
|
2022-08-11 19:53:53 +10:00
|
|
|
|
|
|
|
if [ ! -e "$CFSSLEXE" ]; then
|
2022-08-11 20:17:18 +10:00
|
|
|
print_error "no cfssl found."
|
2022-08-11 19:53:53 +10:00
|
|
|
exit;
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ ! -e "$CFSSLJSONEXE" ]; then
|
2022-08-11 20:17:18 +10:00
|
|
|
print_error "no cfssljson found."
|
2022-08-11 19:53:53 +10:00
|
|
|
exit;
|
|
|
|
fi
|
2022-08-11 13:56:25 +10:00
|
|
|
|
2022-08-11 19:53:53 +10:00
|
|
|
else
|
|
|
|
# Download the cfssl for users
|
2022-08-11 20:17:18 +10:00
|
|
|
input "Specify your platform(darwin/linux/windows): " PLATFORM
|
2022-08-11 19:53:53 +10:00
|
|
|
|
2022-08-11 20:17:18 +10:00
|
|
|
if [ -z "$PLATFORM" ]; then
|
|
|
|
print_error "Platform must be provided."
|
2022-08-11 13:56:25 +10:00
|
|
|
exit;
|
2022-08-11 19:53:53 +10:00
|
|
|
fi
|
2022-08-11 13:56:25 +10:00
|
|
|
|
2022-08-11 20:17:18 +10:00
|
|
|
print_highlight "Only amd64 is supported"
|
2022-08-11 19:53:53 +10:00
|
|
|
|
|
|
|
wget "https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_${PLATFORM}_amd64" -O "${OUTPUT_PATH}/cfssl"
|
|
|
|
chmod +x "${OUTPUT_PATH}/cfssl"
|
|
|
|
wget "https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_${PLATFORM}_amd64" -O "${OUTPUT_PATH}/cfssljson"
|
|
|
|
chmod +x "${OUTPUT_PATH}/cfssljson"
|
|
|
|
|
2022-08-11 20:17:18 +10:00
|
|
|
print_highlight "Download the cfssl bundle successfully."
|
2022-08-11 19:53:53 +10:00
|
|
|
fi
|
2022-08-11 13:56:25 +10:00
|
|
|
|
|
|
|
cd $OUTPUT_PATH
|
|
|
|
|
2022-08-11 20:17:18 +10:00
|
|
|
input "Give a name to the CA certificate: " CA_CERT_NAME
|
|
|
|
|
|
|
|
${CFSSLEXE} print-defaults csr | ${CFSSLEXE} gencert -initca - | ${CFSSLJSONEXE} -bare ${CA_CERT_NAME}-ca
|
2022-08-11 13:56:25 +10:00
|
|
|
|
|
|
|
CONFIG_CFSSL_JSON=${OUTPUT_PATH}/cfssl.json
|
|
|
|
|
|
|
|
cat <<EOF >> ${CONFIG_CFSSL_JSON}
|
|
|
|
{
|
|
|
|
"signing": {
|
|
|
|
"default": {
|
|
|
|
"expiry": "87600h",
|
|
|
|
"usages": ["signing", "key encipherment", "server auth"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
|
2022-08-11 20:17:18 +10:00
|
|
|
input "Give a name to the certificate: " CERT_NAME
|
2022-08-11 13:56:25 +10:00
|
|
|
|
2022-08-11 20:17:18 +10:00
|
|
|
input "Input the hostname(example.org,127.0.0.1): " CERT_HOSTNAME
|
2022-08-11 13:56:25 +10:00
|
|
|
|
|
|
|
echo '{}' | ${CFSSLEXE} gencert -ca=ldap-ca.pem -ca-key=ldap-ca-key.pem -config=${CONFIG_CFSSL_JSON} \
|
2022-08-11 19:53:53 +10:00
|
|
|
-hostname="${CERT_HOSTNAME}" - | ${CFSSLJSONEXE} -bare ${CERT_NAME}
|
|
|
|
|
2022-08-11 20:17:18 +10:00
|
|
|
print_highlight "The custom TLS certificates are successfully generated in the path ${OUTPUT_PATH}."
|