-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathsigned-keypair
executable file
·98 lines (84 loc) · 2.24 KB
/
signed-keypair
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/bin/bash
#
# Generate a keypair, signed by a certificate authority.
for SCRIPT in common/*.sh; do
source ${SCRIPT}
done
NAME=""
PURPOSE=""
LIFETIME=""
HOSTNAME=""
FAIL="false"
while getopts ":n:p:l:h:s:" VARNAME; do
case ${VARNAME} in
n)
NAME="${OPTARG}"
;;
p)
case ${OPTARG} in
client)
PURPOSE="client"
;;
server)
PURPOSE="server"
;;
both)
PURPOSE="both"
;;
*)
error 'Invalid purpose: must be "client", "server", or "both".'
FAIL="true"
;;
esac
;;
l)
LIFETIME="${OPTARG}"
;;
h)
HOSTNAME="${OPTARG}"
;;
s)
ALTNAME="${OPTARG}"
;;
\?)
error "Unrecognized option: -${OPTARG}"
FAIL="true"
;;
:)
error "Option -${OPTARG} requires an argument."
FAIL="true"
;;
esac
done
[ -z "${NAME}" ] && {
error "Missing required parameter: -n"
FAIL="true"
}
[ -z "${HOSTNAME}" ] && {
error "Missing required parameter: -h"
FAIL="true"
}
# Default to client.
[ -z "${PURPOSE}" ] && PURPOSE="client"
# Default to 365 days.
[ -z "${LIFETIME}" ] && LIFETIME="365"
if [ "${FAIL}" = "true" ]; then
cat <<EOM
Usage: docker run [..] cloudpipe/keymaster signed-keypair -n NAME -h HOSTNAME [-p (client|server)]"
Generate a public certificate and private key signed by a private certificate authority.
(Required)
-n NAME Specify the name of the generated keypair. This is used for the filenames.
-h HOSTNAME Specify the hostname for the generated certificate. This must match the
hostname that you'll be using to connect to the server.
(Optional)
-p PURPOSE Indicate the purpose of the certificate. Must be either 'client', 'server', or 'both'.
Defaults to 'client'.
-l LIFETIME Specify the duration for which this certificate should be valid, in days. Defaults to
365.
-s ALTNAME Specify a subject alternative name, e.g. -s IP:192.168.0.1 (see
https://www.openssl.org/docs/apps/x509v3_config.html#subject_alternative_name_
for further possibilities and details).
EOM
exit 1
fi
generate_keypair "${NAME}" "${PURPOSE}" "${LIFETIME}" "${HOSTNAME}" "${ALTNAME}"