|
|
@@ -2,19 +2,23 @@
|
|
|
set -euo pipefail
|
|
|
set -x
|
|
|
signing_server="${1}"
|
|
|
-user="${2}"
|
|
|
-signing_cert="${3:-/etc/private-ca/server-cert.pem}"
|
|
|
-output="${HOME}/storage/downloads/${user}.pfx"
|
|
|
+signing_cert="${2:-/etc/private-ca/server-cert.pem}"
|
|
|
+
|
|
|
+subject_file="${BASH_SOURCE[0]%.*}.subject"
|
|
|
+[ -f "${subject_file}" ] || cat <<EOF > "${subject_file}"
|
|
|
+/C=.
|
|
|
+/ST=.
|
|
|
+/L=.
|
|
|
+/O=.
|
|
|
+/OU=.
|
|
|
+/CN=.
|
|
|
+/emailAddress=.
|
|
|
+EOF
|
|
|
+subject="$(tr -d '\n' < "${subject_file}")"
|
|
|
+user="$(grep 'CN=' < "${subject_file}" | cut -d= -f2)"
|
|
|
|
|
|
-# FILL OUT INFO
|
|
|
-country=.
|
|
|
-state=.
|
|
|
-loc=.
|
|
|
-org=.
|
|
|
-unit=.
|
|
|
-user="${user}"
|
|
|
-email=.
|
|
|
-#
|
|
|
+# TODO: should be ${HOME}/keys on non-android device
|
|
|
+output="${HOME}/storage/downloads/${user}.pfx"
|
|
|
|
|
|
WD=$(mktemp -d)
|
|
|
cleanup (){
|
|
|
@@ -50,16 +54,7 @@ ssh "$signing_server" "sudo openssl x509 -req -CA "$signing_cert" -CAkey "${sign
|
|
|
-new \
|
|
|
-key "${user}.key" \
|
|
|
-out - \
|
|
|
- -subj "$(tr -d '\n' <<EOF
|
|
|
-/C=${country}
|
|
|
-/ST=${state}
|
|
|
-/L=${loc}
|
|
|
-/O=${org}
|
|
|
-/OU=${unit}
|
|
|
-/CN=${user}
|
|
|
-/emailAddress=${email}
|
|
|
-EOF
|
|
|
-)" </dev/null) > "${user}.crt"
|
|
|
+ -subj "$subject" </dev/null) > "${user}.crt"
|
|
|
|
|
|
# create pfx
|
|
|
openssl pkcs12 -export -inkey "${user}.key" -in "${user}.crt" -certfile server-cert.pem -name "${user} $(date +%Y-%m-%d)" -out - > "$output"
|
Daniel Sheffield