1*92cfeba6Schristos#!/bin/sh
2*92cfeba6Schristosopenssl=$(which openssl)
3*92cfeba6Schristos
4*92cfeba6Schristosif [ x"$openssl" = "x" ]; then
5*92cfeba6Schristosecho "OpenSSL command line binary not found, skipping..."
6*92cfeba6Schristosfi
7*92cfeba6Schristos
8*92cfeba6SchristosKEY_BITS=4096
9*92cfeba6SchristosKEY_TYPE=rsa:$KEY_BITS
10*92cfeba6Schristos
11*92cfeba6SchristosUSAGE="$0 [-s] [-u <user@domain.com>]"
12*92cfeba6SchristosSERVER=0
13*92cfeba6SchristosUSER=0
14*92cfeba6SchristosEMAIL=
15*92cfeba6Schristos
16*92cfeba6Schristoswhile test $# -gt 0 ; do
17*92cfeba6Schristos	case "$1" in
18*92cfeba6Schristos		-s | -server)
19*92cfeba6Schristos			SERVER=1;
20*92cfeba6Schristos			shift;;
21*92cfeba6Schristos		-u | -user)
22*92cfeba6Schristos			if [ x"$2" = "x" ]; then
23*92cfeba6Schristos				echo "User cert requires an email address as an argument"
24*92cfeba6Schristos				exit;
25*92cfeba6Schristos			fi
26*92cfeba6Schristos			USER=1;
27*92cfeba6Schristos			EMAIL="$2";
28*92cfeba6Schristos			shift; shift;;
29*92cfeba6Schristos		-)
30*92cfeba6Schristos			shift;;
31*92cfeba6Schristos		-*)
32*92cfeba6Schristos			echo "$USAGE"; exit 1
33*92cfeba6Schristos			;;
34*92cfeba6Schristos		*)
35*92cfeba6Schristos			break;;
36*92cfeba6Schristos	esac
37*92cfeba6Schristosdone
38*92cfeba6Schristos
39*92cfeba6Schristosif [ $SERVER = 0 -a $USER = 0 ]; then
40*92cfeba6Schristos	echo "$USAGE";
41*92cfeba6Schristos	exit 1;
42*92cfeba6Schristosfi
43*92cfeba6Schristos
44*92cfeba6Schristosrm -rf ./openssl.cnf cruft
45*92cfeba6Schristosmkdir -p private certs cruft/private cruft/certs
46*92cfeba6Schristos
47*92cfeba6Schristosecho "00" > cruft/serial
48*92cfeba6Schristostouch cruft/index.txt
49*92cfeba6Schristostouch cruft/index.txt.attr
50*92cfeba6Schristoshn=$(hostname -f)
51*92cfeba6Schristossed -e "s;@HOSTNAME@;$hn;" -e "s;@KEY_BITS@;$KEY_BITS;" conf/openssl.cnf >  ./openssl.cnf
52*92cfeba6Schristos
53*92cfeba6Schristosif [ $SERVER = 1 ]; then
54*92cfeba6Schristos	rm -rf private/localhost.key certs/localhost.crt
55*92cfeba6Schristos
56*92cfeba6Schristos	$openssl req -new -nodes -out localhost.csr -keyout private/localhost.key \
57*92cfeba6Schristos		-newkey $KEY_TYPE -config ./openssl.cnf \
58*92cfeba6Schristos		-subj "/CN=localhost/OU=OpenLDAP Test Suite/O=OpenLDAP Foundation/ST=CA/C=US" \
59*92cfeba6Schristos		-batch > /dev/null 2>&1
60*92cfeba6Schristos
61*92cfeba6Schristos	$openssl ca -out certs/localhost.crt -notext -config ./openssl.cnf -days 183000 -in localhost.csr \
62*92cfeba6Schristos		-keyfile ca/private/testsuiteCA.key -extensions v3_req -cert ca/certs/testsuiteCA.crt \
63*92cfeba6Schristos		-batch >/dev/null 2>&1
64*92cfeba6Schristos
65*92cfeba6Schristos	rm -rf ./openssl.cnf ./localhost.csr cruft
66*92cfeba6Schristosfi
67*92cfeba6Schristos
68*92cfeba6Schristosif [ $USER = 1 ]; then
69*92cfeba6Schristos	rm -f certs/$EMAIL.crt private/$EMAIL.key $EMAIL.csr
70*92cfeba6Schristos
71*92cfeba6Schristos	$openssl req -new -nodes -out $EMAIL.csr -keyout private/$EMAIL.key \
72*92cfeba6Schristos		-newkey $KEY_TYPE -config ./openssl.cnf \
73*92cfeba6Schristos		-subj "/emailAddress=$EMAIL/CN=$EMAIL/OU=OpenLDAP/O=OpenLDAP Foundation/ST=CA/C=US" \
74*92cfeba6Schristos		-batch >/dev/null 2>&1
75*92cfeba6Schristos
76*92cfeba6Schristos	$openssl ca -out certs/$EMAIL.crt -notext -config ./openssl.cnf -days 183000 -in $EMAIL.csr \
77*92cfeba6Schristos		-keyfile ca/private/testsuiteCA.key -extensions req_distinguished_name \
78*92cfeba6Schristos		-cert ca/certs/testsuiteCA.crt -batch >/dev/null 2>&1
79*92cfeba6Schristos
80*92cfeba6Schristos	rm -rf ./openssl.cnf ./$EMAIL.csr cruft
81*92cfeba6Schristosfi
82