#!/bin/bash
#
# Script to create certificate
#
# Copyright (C) 2023 AleaJactaEst
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
#
# Example :
# ./create-certificate.sh
declare DEBUG=0
declare VERBOSE=0
declare HELP=0
declare WORKDIR="$(dirname $(readlink -f $0))"
declare OPENSSLBIN="openssl"
declare CERTDIR="$WORKDIR/.cert"
function msg_debug()
{
if [ $DEBUG -ne 0 ]
then
echo "### DEBUG : $*" >&2
fi
}
function msg_info()
{
echo "--- INFO : $*" >&2
}
function msg_error()
{
echo "*** ERROR : $*" >&2
}
function byebye()
{
local CODE=$?
if [ $CODE -ne 0 ]
then
msg_error "return code:$CODE"
else
msg_info "End"
fi
exit $CODE
}
while getopts hdvs:c: flag
do
case "${flag}" in
h) HELP=1;;
d) DEBUG=1;;
v) VERBOSE=1;;
s) OPENSSLBIN=${OPTARG};;
c) CERTDIR=${OPTARG};;
*) HELP=1;;
esac
done
if [[ $HELP -ne 0 ]]
then
cat << EOF
$(basename $0) [Option] : Donwload Launch Godot
Option:
-h : Show help
-d : Show debug message
-v : Show verbose message
-s : localization openssl
-c : directory where certificate are created
EOF
exit 1
fi
trap byebye EXIT
msg_info "Start"
msg_debug "WORKDIR:$WORKDIR"
mkdir -p $CERTDIR
msg_info "Clean old file"
rm -f $CERTDIR/ca-cert.pem $CERTDIR/ca-db-index.attr $CERTDIR/ca-db-index.attr.old $CERTDIR/ca-db-index.old $CERTDIR/ca-db-serial $CERTDIR/ca-db-serial.old $CERTDIR/ca-key.pem $CERTDIR/client-key.pem $CERTDIR/client.csr $CERTDIR/server-key.pem $CERTDIR/server.csr $CERTDIR/server-cert.pem $CERTDIR/client-cert.pem $CERTDIR/01.pem $CERTDIR/02.pem
rm -f $CERTDIR/ca-db-index $CERTDIR/ca.conf
ls -l $CERTDIR
msg_info "Restart index certificate"
touch $CERTDIR/ca-db-index
echo 01 > $CERTDIR/ca-db-serial
ls -l $CERTDIR
msg_info "Create CA config"
cat << EOF > $CERTDIR/ca.conf
[ ca ]
default_ca = ca_default
[ ca_default ]
dir = $CERTDIR/
certs = \$dir
new_certs_dir = \$dir
database = $CERTDIR/ca-db-index
serial = $CERTDIR/ca-db-serial
RANDFILE = $CERTDIR/ca-db-rand
certificate = $CERTDIR/ca-cert.pem
private_key = $CERTDIR/ca-key.pem
default_days = 365
default_crl_days = 365
default_md = sha256
preserve = no
policy = generic_policy
[ generic_policy ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
EOF
msg_info "Certificate Authority"
$OPENSSLBIN req -nodes -x509 -newkey rsa:2048 -days 365 -keyout $CERTDIR/ca-key.pem -out $CERTDIR/ca-cert.pem -subj "/C=EU/ST=France/L=Paris/O=Khaganat/OU=FR/CN=khanagat.org" || exit 2
msg_info "Server Certificate"
$OPENSSLBIN req -nodes -new -newkey rsa:2048 -keyout $CERTDIR/server-key.pem -out $CERTDIR/server.csr -subj "/C=EU/ST=France/L=Paris/O=Khaganat/OU=FR/CN=server.khanagat.org" || exit 2
msg_info "Sign Server Certificate"
$OPENSSLBIN ca -config $CERTDIR/ca.conf -days 365 -in $CERTDIR/server.csr -out $CERTDIR/server-cert.pem -batch || exit 2
msg_info "Client Certificate"
$OPENSSLBIN req -nodes -new -newkey rsa:2048 -keyout $CERTDIR/client-key.pem -out $CERTDIR/client.csr -subj "/C=EU/ST=France/L=Paris/O=Khaganat/OU=FR/CN=client.khanagat.org" || exit 2
msg_info "Sign Client Certificate"
$OPENSSLBIN ca -config $CERTDIR/ca.conf -days 365 -in $CERTDIR/client.csr -out $CERTDIR/client-cert.pem -batch || exit 2
msg_info "Publish certificate"
#cp $CERTDIR/client-cert.pem src/certs/
#cp $CERTDIR/client-key.pem src/certs/
#cp $CERTDIR/server-cert.pem src/certs/
#cp $CERTDIR/server-key.pem src/certs/