diff options
| author | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2011-03-29 13:51:04 -0700 |
|---|---|---|
| committer | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2011-03-29 13:51:04 -0700 |
| commit | 592c2e5f0d0ae4aaf67e4d0e9f61a4bd41971a67 (patch) | |
| tree | 95874b497662380f139a91ebce8cb894c8d6f8d2 | |
| parent | e27399a70c004ee3bf5908edadb4c6c9893dad9c (diff) | |
| download | cash-592c2e5f0d0ae4aaf67e4d0e9f61a4bd41971a67.tar.gz cash-592c2e5f0d0ae4aaf67e4d0e9f61a4bd41971a67.zip | |
Be more robust in the face of dumb users.
| -rwxr-xr-x | genca.sh | 5 | ||||
| -rwxr-xr-x | gensignedcert.sh | 9 | ||||
| -rwxr-xr-x | signcsr.sh | 9 |
3 files changed, 16 insertions, 7 deletions
@@ -6,6 +6,11 @@ SUPPLEMENTARY_CONFIG="$1" . ./configure.sh +if [ -e "$CA"/ca/"$CA".key ]; then + echo "$CA/ca/$CA.key already exists!" + exit 2 +fi + # Certificate Authority mkdir -pv "$CA"/ca "$CA"/certs "$CA"/signed echo 1000 > "$CA"/ca/"$CA".serial diff --git a/gensignedcert.sh b/gensignedcert.sh index 3564024..10c909c 100755 --- a/gensignedcert.sh +++ b/gensignedcert.sh @@ -2,6 +2,8 @@ # ./keygen [name] (configfile) # This is only suggested if you have a secured path to deliver this new key through. +set -e + SUPPLEMENTARY_CONFIG="$2" . ./configure.sh @@ -12,10 +14,11 @@ if ! [ $1 ]; then exit 2 fi -if [ $2 ]; then - export CA=$2 +if [ -e "$CA"/signed/"$1".key ]; then + echo "$CA/signed/$1.key already exists!" + exit 3 fi - + # Gen signed key mkdir -pv "$CA"/signed "$CA"/temp "$CA"/certs openssl req -config "$OPENSSL_CONFIG" -new -nodes -out "$CA"/temp/"$1".csr -keyout "$CA"/temp/"$1".key @@ -20,16 +20,17 @@ if [[ "$1" =~ (.+/|())(.+) ]]; then # strip leading directories, if they exist echo Using "$NAME" as cert name. fi -if [ $2 ]; then - export CA=$2 +if [ -e "$CA"/signed/"$NAME".crt ]; then + echo "$CA/signed/$NAME.crt" already exists! + exit 3 fi - + # Gen signed key mkdir -pv "$CA"/signed "$CA"/temp "$CA"/certs SERIAL=$(cat "$CA"/ca/"$CA".serial) openssl ca -config "$OPENSSL_CONFIG" -in "$1" if [ -e "$CA"/certs/"$SERIAL".pem ]; then # openssl lacks useful exit status codes, so we check to see if it actually did anything instead. mv -i "$1" "$CA"/signed/$NAME.csr - ln "$CA"/certs/"$SERIAL".pem "$CA"/signed/"$1".crt # so we can find the certificate by name as well as serial + ln "$CA"/certs/"$SERIAL".pem "$CA"/signed/"$NAME".crt # so we can find the certificate by name as well as serial echo "Use ./mailcert.sh $NAME [emailaddress] to use sendmail to deliver the CA and user certificate." fi |