73 lines
1.5 KiB
Bash
Executable file
73 lines
1.5 KiB
Bash
Executable file
#!/bin/sh -e
|
|
|
|
state="$( cat "$__object/explorer/state" )"
|
|
|
|
if [ "$state" = 'present' ]
|
|
then
|
|
exit 0
|
|
fi
|
|
|
|
if [ -f "$__object/parameter/common-name" ]
|
|
then
|
|
common_name="$( cat "$__object/parameter/common-name" )"
|
|
else
|
|
common_name="$__object_id"
|
|
fi
|
|
|
|
key_path="$( cat "$__object/parameter/key-path" )"
|
|
|
|
if echo "$key_path" | grep -Fq '%s'
|
|
then
|
|
# shellcheck disable=SC2059
|
|
key_path="$( printf "$key_path" "$__object_id" )"
|
|
fi
|
|
|
|
cert_path="$( cat "$__object/parameter/cert-path" )"
|
|
|
|
if echo "$cert_path" | grep -Fq '%s'
|
|
then
|
|
# shellcheck disable=SC2059
|
|
cert_path="$( printf "$cert_path" "$__object_id" )"
|
|
fi
|
|
|
|
key_type="$( cat "$__object/parameter/key-type" )"
|
|
|
|
key_type_arg="$( echo "$key_type" | cut -d : -f 2 )"
|
|
|
|
case "$key_type" in
|
|
rsa:*)
|
|
echo "openssl genrsa -out '$key_path' $key_type_arg"
|
|
;;
|
|
ec:*)
|
|
echo "openssl ecparam -name $key_type_arg -genkey -noout -out '$key_path'"
|
|
;;
|
|
esac
|
|
|
|
# shellcheck disable=SC2016
|
|
echo 'csr_path="$( mktemp )"'
|
|
|
|
echo "openssl req -new -subj '/CN=$common_name' -key '$key_path' -out \"\$csr_path\""
|
|
|
|
echo "openssl x509 -req -sha256 -days 3650 -in \"\$csr_path\" -signkey '$key_path' -out '$cert_path'"
|
|
|
|
# shellcheck disable=SC2016
|
|
echo 'rm -f "$csr_path"'
|
|
|
|
if [ "$( cat "$__object/explorer/ssl-cert-group" )" = 'present' ]
|
|
then
|
|
key_group='ssl-cert'
|
|
else
|
|
key_group='root'
|
|
fi
|
|
|
|
echo "chmod 640 '$key_path'"
|
|
|
|
echo "chown root '$key_path'"
|
|
|
|
echo "chgrp $key_group '$key_path'"
|
|
|
|
echo "chmod 644 '$cert_path'"
|
|
|
|
echo "chown root '$cert_path'"
|
|
|
|
echo "chgrp root '$cert_path'"
|