DANCE WITH JAVA

openssl 進階（自動化）

在用 openssl 的過程中會有很厭煩的一件事情，就使須要不停的填入各種資料，是否能讓這些自動填寫呢，答案是肯定的。下邊幾個 shell 配合使用，就能完成任務， shell 是我正在使用的，沒有問題，不過可能有些東西是多余的，好在內容不多，很容易看明白：

 

shell one:

#!/bin/bash

echo -n  "input username:"

read USERNAME

#if [ -f bak/$USERNAME.pem ] || grep $USERNAME demoCA/newcerts -R 1>/dev/null 2>/dev/null ;then

#  echo "$USERNAME's cert has already been made,revoke(openssl ca -revoke $USERNAME.pem) and delete it first"

#  exit 1

#fi

echo -n "input password(length> 4):"

read PASSWORD

echo -n "input ca's password:"

read CAPASS

if [ -d bak ];then echo "bak dir exist"

else mkdir bak

fi

mv -if /usr/share/ssl/misc/*.pem bak

mv -if /usr/share/ssl/misc/*.req bak

mv -if /usr/share/ssl/misc/*.key bak

mv -if /usr/share/ssl/misc/*.p12 bak

/usr/share/ssl/misc/auto $USERNAME $PASSWORD $CAPASS

 

# make user dir

if [ -d /opt/certs/$USERNAME ];then

  echo "ok"

else

  mkdir -p /opt/certs/$USERNAME

fi

 

rm -rf /opt/certs/$USERNAME/* -rf

 

#cp $USERNAME.key $USERNAME.p12 $USERNAME.pem /edi/pss/cert/now/server/ -rf

cp $USERNAME.p12 /opt/certs/$USERNAME -rf

if [ -f SYSTEM01.p7c ]; then

              cp SYSTEM01.p7c /opt/certs/$USERNAME -rf

fi

 

if [ -f bak/SYSTEM01.p7c ]; then

              cp bak/SYSTEM01.p7c /opt/certs/$USERNAME -rf

fi

./makep7c $USERNAME

 

 

 

shell two:

#!/usr/bin/expect

set user [lindex $argv 0]

set pass [lindex $argv 1]

set capass [lindex $argv 2]

#spawn ./CA -newreq

spawn openssl req -new -keyout $user.key -out $user.req

expect "Enter PEM pass phrase:"

send "$pass\n"

expect "Verifying - Enter PEM pass phrase:"

send "$pass\n"

expect "]:"

send "JP\n"

expect "]:"

send "\n"

expect "]:"

send "\n"

expect "]:"

send "WAVE\n"

expect "]:"

send "WAVE Center\n"

expect "]:"

send "$user\n"

expect "]:"

send "$user@linux3.niis.com.cn\n"

expect "]:"

send "$pass\n"

expect "]:"

send "$pass\n"

#exit

 

#spawn ./CA -sign

expect eof

spawn openssl ca -policy policy_anything -out $user.pem -infiles $user.req

expect "cakey.pem:"

send "$capass\n"

expect "y/n]:"

send "y\n"

expect "/n]"

send "y\n"

   

#p12

expect eof

spawn openssl pkcs12 -export -in $user.pem -inkey $user.key -out $user.p12 -passin pass:$pass -passout pass:$pass -certfile demoCA/cacert.pem

expect eof

exit

 

shell three:

#!/bin/bash

if test -z $1 ;then

  echo "Please input username as arg0"

  exit 1

fi

USER=$1

if [ -f ./$USER.pem ]; then

  echo "ok,$USER's pem exist"

else

  echo "$USER's pem file not exit!!!"

  exit 0

fi

cat $USER.pem demoCA/cacert.pem >tmp$USER.pem

openssl crl2pkcs7 -certfile  tmp$USER.pem -nocrl -out $USER.p7c -outform DER

if [ -f $USER.p7c ]; then

  echo "OK,$USER.p7c made"

else

  echo "error occur"

  exit 1

fi

#rm tmp$USER.pem -rf

posted on 2006-10-16 11:27 dreamstone 閱讀(866) 評論(0)  編輯  收藏 所屬分類: 片段