From 4076c4b4ef44c79669bd4dfcd6c5d84851a02ed8 Mon Sep 17 00:00:00 2001
From: Andrey Arapov <andrey.arapov@nixaid.com>
Date: Sat, 30 Jun 2018 21:14:44 +0200
Subject: [PATCH] fixes

---
 gencert.sh | 59 ++++++++++++++++++++++++++++++++++--------------------
 1 file changed, 37 insertions(+), 22 deletions(-)

diff --git a/gencert.sh b/gencert.sh
index e229e8e..5932c4f 100755
--- a/gencert.sh
+++ b/gencert.sh
@@ -8,8 +8,8 @@
 
 ME=$(printf '%s\n' "${0##*/}")
 
-function print_help() {
-  echo -e "[${ME}] HELP: I accept following arguments:
+print_help() {
+  printf "[${ME}] HELP: I accept following arguments:
   --help     - show this message
   --cn       - certificate's CN name\t\t(MANDATORY)
   --key      - server key name\t\t\t(default: private.key)
@@ -17,7 +17,7 @@ function print_help() {
   --days     - server cert expiration in days\t(default: 365)
   --cakey    - CA key name\t\t\t(default: ca.key)
   --ca       - CA cert name\t\t\t(default: ca.crt)
-  --cadays   - CA cert expiration in days\t(default: 3650)"
+  --cadays   - CA cert expiration in days\t(default: 3650)\n"
 }
 
 # A POSIX variable
@@ -33,7 +33,7 @@ opts=$(getopt \
 
 eval set --$opts
 
-while [[ $# -gt 0 ]]; do
+while [ $# -gt 0 ]; do
   case "$1" in
     --help)
       print_help;
@@ -107,7 +107,7 @@ DAYS="${ARG_DAYS:-365}"
 # set -x
 set -e
 
-function gen_openssl_config() {
+gen_openssl_config() {
   OPENSSL_CONFIG_CONTENT="[ req ]
 distinguished_name = req_distinguished_name
 [req_distinguished_name]
@@ -128,44 +128,57 @@ subjectAltName = @alt_names
   echo "[${ME}] Found these IPs: " ${IPS}
   PAYLOAD="$(for IP in $IPS; do echo "IP.${i} = ${IP}" ; i=$((i + 1)); done)"
   
-  echo -e "${OPENSSL_CONFIG_CONTENT}\n${PAYLOAD}" > "${OPENSSL_CONFIG}"
+  printf "${OPENSSL_CONFIG_CONTENT}\n${PAYLOAD}\n" > "${OPENSSL_CONFIG}"
 }
 
-function gen_ca() {
+gen_ca() {
   echo "[${ME}] Generating new CA: ${CA_KEY} / ${CA_CERT} ..."
-  openssl ecparam -name prime256v1 -genkey -noout -out "${CA_KEY}" 2>/dev/null
+  openssl ecparam -name prime256v1 -genkey -noout -out "${CA_KEY}"
   chmod 0600 "${CA_KEY}"
   openssl req -x509 -new -sha256 -nodes -key "${CA_KEY}" -days "${CA_DAYS}" -out "${CA_CERT}" \
-              -subj "/CN=my-CA"  -extensions v3_ca -config "${OPENSSL_CONFIG}" 2>/dev/null
+              -subj "/CN=my-CA"  -extensions v3_ca -config "${OPENSSL_CONFIG}"
 }
 
-function gen_server_x509() {
+gen_server_x509() {
   echo "[${ME}] Generating new server x509: ${SERVER_KEY} / ${SERVER_CERT} ..."
-  openssl ecparam -name prime256v1 -genkey -noout -out "${SERVER_KEY}" 2>/dev/null
+  openssl ecparam -name prime256v1 -genkey -noout -out "${SERVER_KEY}"
   chmod 0600 "${SERVER_KEY}"
   openssl req -new -sha256 -key "${SERVER_KEY}" -subj "/CN=${ARG_CN}" \
     | openssl x509 -req -sha256 -CA "${CA_CERT}" -CAkey "${CA_KEY}" -CAcreateserial \
                    -out ${SERVER_CERT} -days "${DAYS}" \
-                   -extensions v3_req_server -extfile "${OPENSSL_CONFIG}" 2>/dev/null
+                   -extensions v3_req_server -extfile "${OPENSSL_CONFIG}"
 }
 
-function install_openssl() {
-  if type -p openssl >/dev/null; then
+install_openssl() {
+  set +e
+  type openssl >/dev/null
+  if [ $? -eq 0 ]; then
     return;
   fi
 
-  if [ -f /etc/alpine-release ]; then
-    apk add --update openssl
-  elif [ -f /etc/centos-release ]; then
-    yum -y install openssl
-  elif grep -q Ubuntu /etc/lsb-release; then
+  grep -q Ubuntu /etc/lsb-release
+  if [ $? -eq 0 ]; then
+    echo "[${ME}] Installing openssl in Ubuntu"
     export DEBIAN_FRONTEND=noninteractive
     apt-get update
     apt-get -y install openssl
+  elif [ -f /etc/alpine-release ]; then
+    echo "[${ME}] Installing openssl in Alpine"
+    apk add --update openssl
+  elif [ -f /etc/centos-release ]; then
+    echo "[${ME}] Installing openssl in CentOS"
+    yum -y install openssl
+  fi
+
+  type openssl >/dev/null
+  if [ $? -ne 0 ]; then
+    echo "[${ME}] ERROR: Could not install openssl. Exitting."
+    exit 1
   fi
+  set -e
 }
 
-function start() {
+start() {
   echo "[${ME}] Started in ${PWD} directory."
 
   install_openssl;
@@ -176,11 +189,13 @@ function start() {
     gen_ca;
   fi
   
-  if ! openssl x509 -in "${CA_CERT}" -noout -checkend 2592000; then
+  openssl x509 -in "${CA_CERT}" -noout -checkend 2592000 >/dev/null
+  if [ $? -ne 0 ]; then
     echo "[${ME}] WARNING! Your CA certificate will expire in less than 30 days."
   fi
   
-  if ! openssl x509 -in "${CA_CERT}" -noout -checkend 1; then
+  openssl x509 -in "${CA_CERT}" -noout -checkend 1 >/dev/null
+  if [ $? -ne 0 ]; then
     echo "[${ME}] WARNING! Your CA certificate has expired, so we will generate a new one."
     gen_ca;
   fi