2023-08-28 06:44:38 +02:00
|
|
|
#!/bin/bash
|
|
|
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
2023-09-04 02:51:05 +02:00
|
|
|
set -e
|
2023-08-28 06:44:38 +02:00
|
|
|
KOJI_USER="$1"
|
|
|
|
|
|
2023-09-04 02:51:05 +02:00
|
|
|
DEBUG=
|
|
|
|
|
SILENT="-s"
|
|
|
|
|
QUIET="-q"
|
2023-09-28 23:46:54 +02:00
|
|
|
for param in $2 $3 ; do
|
2023-09-04 02:51:05 +02:00
|
|
|
if [ $param ] ; then
|
|
|
|
|
case $param in
|
|
|
|
|
debug )
|
|
|
|
|
DEBUG="debug" ;;
|
2023-09-28 23:46:54 +02:00
|
|
|
* )
|
|
|
|
|
CERT_SUBJECT="$2" ;;
|
2023-09-04 02:51:05 +02:00
|
|
|
esac
|
|
|
|
|
else
|
|
|
|
|
break
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
if [ $DEBUG ] ; then
|
2023-09-04 12:30:28 +02:00
|
|
|
set -xe
|
2023-09-04 02:51:05 +02:00
|
|
|
SILENT=
|
|
|
|
|
QUIET="-v"
|
|
|
|
|
fi
|
|
|
|
|
|
2023-08-28 06:44:38 +02:00
|
|
|
openssl genrsa -out private/"$KOJI_USER".key 2048
|
|
|
|
|
if [ -z "$CERT_SUBJECT" ]; then
|
2023-09-28 23:46:54 +02:00
|
|
|
cat ssl.cnf | sed "s/$HOSTNAME/'${user}'/"> ssl2.cnf
|
|
|
|
|
openssl req -config ssl2.cnf -new -nodes -out certs/"$KOJI_USER".csr -key private/"$KOJI_USER".key
|
2023-08-28 06:44:38 +02:00
|
|
|
else
|
|
|
|
|
openssl req -subj "$CERT_SUBJECT" -config ssl.cnf -new -nodes -out certs/"$KOJI_USER".csr -key private/"$KOJI_USER".key
|
|
|
|
|
fi
|
|
|
|
|
openssl ca -batch -config ssl.cnf -keyfile private/koji_ca_cert.key -cert koji_ca_cert.crt -out certs/"$KOJI_USER".crt -outdir certs -infiles certs/"$KOJI_USER".csr
|
|
|
|
|
cat certs/"$KOJI_USER".crt private/"$KOJI_USER".key > "$KOJI_USER".pem
|
|
|
|
|
# Browser certificate is not password-protected, ask users to change their password
|
|
|
|
|
openssl pkcs12 -export -inkey private/"$KOJI_USER".key -in certs/"$KOJI_USER".crt -CAfile koji_ca_cert.crt -out certs/"$KOJI_USER"_browser_cert.p12 -passout pass:
|
