summaryrefslogtreecommitdiffstats
path: root/keystone-moon/examples/pki
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/examples/pki')
-rwxr-xr-xkeystone-moon/examples/pki/gen_pki.sh24
1 files changed, 18 insertions, 6 deletions
diff --git a/keystone-moon/examples/pki/gen_pki.sh b/keystone-moon/examples/pki/gen_pki.sh
index 65550265..da800413 100755
--- a/keystone-moon/examples/pki/gen_pki.sh
+++ b/keystone-moon/examples/pki/gen_pki.sh
@@ -157,14 +157,16 @@ function check_error {
function generate_ca {
echo 'Generating New CA Certificate ...'
- openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes
+ openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem \
+ -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes
check_error $?
}
function ssl_cert_req {
echo 'Generating SSL Certificate Request ...'
generate_ssl_req_conf
- openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes
+ openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem \
+ -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes
check_error $?
#openssl req -in req.pem -text -noout
}
@@ -172,7 +174,9 @@ function ssl_cert_req {
function cms_signing_cert_req {
echo 'Generating CMS Signing Certificate Request ...'
generate_cms_signing_req_conf
- openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes
+ openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem \
+ -keyform PEM -out cms_signing_req.pem -outform PEM \
+ -config cms_signing_req.conf -nodes
check_error $?
#openssl req -in req.pem -text -noout
}
@@ -187,7 +191,8 @@ function issue_certs {
echo 'Issuing CMS Signing Certificate ...'
openssl ca -in cms_signing_req.pem -config signing.conf -batch
check_error $?
- openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem
+ openssl x509 -in $CURRENT_DIR/newcerts/11.pem \
+ -out $CERTS_DIR/signing_cert.pem
check_error $?
}
@@ -203,8 +208,15 @@ function check_openssl {
}
function gen_sample_cms {
- for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json"; do
- openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem}
+ FILES="${CMS_DIR}/auth_token_revoked.json"
+ FILES+=" ${CMS_DIR}/auth_token_unscoped.json"
+ FILES+=" ${CMS_DIR}/auth_token_scoped.json"
+ FILES+=" ${CMS_DIR}/revocation_list.json"
+ for json_file in $FILES; do
+ openssl cms -sign -in $json_file -nosmimecap \
+ -signer $CERTS_DIR/signing_cert.pem \
+ -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach \
+ -nocerts -noattr -out ${json_file/.json/.pem}
done
}