From 6b47f6be4d6dbdfbc877c821d48bb79eb9d3b0c0 Mon Sep 17 00:00:00 2001
From: Andrey Arapov <andrey.arapov@nixaid.com>
Date: Sun, 15 Jul 2018 20:17:18 +0200
Subject: [PATCH] fixes

---
 gencert.sh | 213 +++++++++++++++++++++++++++--------------------------
 testme.sh  |   2 +-
 2 files changed, 111 insertions(+), 104 deletions(-)

diff --git a/gencert.sh b/gencert.sh
index 26e241a..58f0f35 100755
--- a/gencert.sh
+++ b/gencert.sh
@@ -2,7 +2,7 @@
 # Filename: gencert.sh
 # Description: This script generates x509 server certificate (with all IPs in
 #              SAN) signed by a self-signed CA.
-# Version: 1.1 - 2018 July 15
+# Version: 1.2 - 2018 July 15
 # Author: Andrey Arapov <andrey.arapov@nixaid.com>
 # License: GPLv3
 
@@ -18,113 +18,120 @@ print_help() {
   --cakey    - CA key name\t\t\t(default: ca.key)
   --ca       - CA cert name\t\t\t(default: ca.crt)
   --cadays   - CA cert expiration in days\t(default: 3650)\n
-  --nosan    - do not write SAN records\n"
+  --nosan    - do not write SAN records\n
+  --debug    - show extra information\n"
 }
 
 #  Parse command line arguments
 ##
 
-# A POSIX variable
-OPTIND=1 # Reset in case getopts has been used previously in the shell.
-
-# read arguments
-opts=$(getopt \
-    --longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan," \
-    --name "$(basename "$0")" \
-    --options "" \
-    -- "$@"
-)
-
-eval set --$opts
-
-while [ $# -gt 0 ]; do
-  case "$1" in
-    --help)
-      print_help;
-      exit 0
-      ;;
-
-    --cn)
-      ARG_CN=$2
-      shift 2
-      ;;
-
-    --key)
-      ARG_KEY=$2
-      shift 2
-      ;;
-
-    --cert)
-      ARG_CERT=$2
-      shift 2
-      ;;
-
-    --days)
-      ARG_DAYS=$2
-      shift 2
-      ;;
-
-    --cakey)
-      ARG_CAKEY=$2
-      shift 2
-      ;;
-
-    --ca)
-      ARG_CA=$2
-      shift 2
-      ;;
-
-    --cadays)
-      ARG_CADAYS=$2
-      shift 2
-      ;;
-
-    --nosan)
-      ARG_NOSAN=1
-      shift 2
-      ;;
-
-    *)
-      break
-      ;;
-  esac
-done
-
-if [ -z "${ARG_CN}" ]; then
-  echo "[${ME}] ERROR: Please specify CN, example \"--cn your.site.com\""
-  print_help;
-  exit 1
-fi
-
-# For debugging purposes
-# echo ARG_CN=$ARG_CN
-# echo ARG_KEY=$ARG_KEY
-# echo ARG_CERT=$ARG_CERT
-# echo ARG_DAYS=$ARG_DAYS
-# echo ARG_CAKEY=$ARG_CAKEY
-# echo ARG_CA=$ARG_CA
-# echo ARG_CADAYS=$ARG_CADAYS
-# echo ARG_NOSAN=$ARG_NOSAN
-
-#  prepare common variables
-##
-
-OPENSSL_CONFIG="openssl.cnf"
-CA_KEY="${ARG_CAKEY:-ca.key}"
-CA_CERT="${ARG_CA:-ca.crt}"
-CA_DAYS="${ARG_CADAYS:-3650}"
-SERVER_KEY="${ARG_KEY:-private.key}"
-SERVER_CERT="${ARG_CERT:-public.crt}"
-DAYS="${ARG_DAYS:-365}"
-
-# set -x
-set -e
+parse_arguments() {
+  # A POSIX variable
+  OPTIND=1 # Reset in case getopts has been used previously in the shell.
+  
+  # read arguments
+  opts=$(getopt \
+      --longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan,debug" \
+      --name "$(basename "$0")" \
+      --options "" \
+      -- "$@"
+  )
+  
+  eval set --$opts
+  
+  while [ $# -gt 0 ]; do
+    case "$1" in
+      --help)
+        print_help;
+        exit 0
+        ;;
+  
+      --cn)
+        ARG_CN=$2
+        shift 2
+        ;;
+  
+      --key)
+        ARG_KEY=$2
+        shift 2
+        ;;
+  
+      --cert)
+        ARG_CERT=$2
+        shift 2
+        ;;
+  
+      --days)
+        ARG_DAYS=$2
+        shift 2
+        ;;
+  
+      --cakey)
+        ARG_CAKEY=$2
+        shift 2
+        ;;
+  
+      --ca)
+        ARG_CA=$2
+        shift 2
+        ;;
+  
+      --cadays)
+        ARG_CADAYS=$2
+        shift 2
+        ;;
+  
+      --nosan)
+        ARG_NOSAN=1
+        shift 2
+        ;;
+
+      --debug)
+        ARG_DEBUG=1
+        shift 2
+        ;;
+  
+      *)
+        break
+        ;;
+    esac
+  done
+  
+  if [ -z "${ARG_CN}" ]; then
+    echo "[${ME}] ERROR: Please specify CN, example \"--cn your.site.com\""
+    print_help;
+    exit 1
+  fi
+  
+  # For debugging purposes
+  if [ $ARG_DEBUG -eq 1 ]; then
+    echo ARG_CN=$ARG_CN
+    echo ARG_KEY=$ARG_KEY
+    echo ARG_CERT=$ARG_CERT
+    echo ARG_DAYS=$ARG_DAYS
+    echo ARG_CAKEY=$ARG_CAKEY
+    echo ARG_CA=$ARG_CA
+    echo ARG_CADAYS=$ARG_CADAYS
+    echo ARG_NOSAN=$ARG_NOSAN
+    echo ARG_DEBUG=$ARG_DEBUG
+  fi
+  
+  #  prepare common variables
+  ##
+  
+  OPENSSL_CONFIG="openssl.cnf"
+  CA_KEY="${ARG_CAKEY:-ca.key}"
+  CA_CERT="${ARG_CA:-ca.crt}"
+  CA_DAYS="${ARG_CADAYS:-3650}"
+  SERVER_KEY="${ARG_KEY:-private.key}"
+  SERVER_CERT="${ARG_CERT:-public.crt}"
+  DAYS="${ARG_DAYS:-365}"
+}
 
 #  install openssl
 ##
 
 has_openssl() {
-  set +e
   type openssl >/dev/null 2>&1
   if [ $? -eq 0 ]; then
     return;
@@ -154,14 +161,12 @@ has_openssl() {
     echo "[${ME}] ERROR: Could not install openssl. Exitting."
     exit 1
   fi
-  set -e
 }
 
 #  install getopt
 ##
 
 has_getopt() {
-  set +e
   type getopt >/dev/null 2>&1
   if [ $? -eq 0 ]; then
     return;
@@ -192,7 +197,6 @@ has_getopt() {
     echo "[${ME}] ERROR: Could not install getopt. Exitting."
     exit 1
   fi
-  set -e
 }
 
 #  generate openssl config
@@ -250,8 +254,11 @@ gen_server_x509() {
 start() {
   echo "[${ME}] Started in ${PWD} directory."
 
-  has_openssl;
   has_getopt;
+  has_openssl;
+
+  parse_arguments "$@";
+
   gen_openssl_config;
   
   if [ ! -f "${CA_KEY}" ]; then
@@ -282,4 +289,4 @@ start() {
 #  script starts here
 ##
 
-start;
+start "$@";
diff --git a/testme.sh b/testme.sh
index 8a1df84..8f8a576 100755
--- a/testme.sh
+++ b/testme.sh
@@ -8,7 +8,7 @@ pushd "${TMPDIR}"
 for DISTRO in alpine:3.4 alpine:3.7 ubuntu:bionic debian:stretch centos:7; do
   printf "\n\n\nTesting the script with ${DISTRO} ...\n\n\n"
   rm -vf openssl.cnf private.key public.crt ca.crt ca.key ca.srl
-  docker run --rm -ti -v ${PWD}:/w -w /w ${DISTRO} sh gencert.sh --cn test.example.com
+  docker run --rm -ti -v ${PWD}:/w -w /w ${DISTRO} sh gencert.sh --cn test.example.com --debug
   printf "\n\n\n"
 done