add --san-ip and few fixes

2018-10-12 06:59:27 +02:00 · 2018-10-12 06:59:27 +02:00 · 8c977cd3ed
commit 8c977cd3ed
parent 63771f9837
1 changed files with 39 additions and 24 deletions
--- a/gencert.sh
+++ b/gencert.sh
@ -19,6 +19,7 @@ print_help() {
  --ca        - CA cert name\t\t\t(default: ca.crt)
  --cadays    - CA cert expiration in days\t(default: 3650)\n
  --nosan     - do not write SAN records\n
+  --san-ip    - specify custom SAN IP records manually. Implies --nosan\n
  --debug     - show extra information\n
  --rsa       - generate RSA keys instead of ECDSA\n
  --rsa-size  - set RSA key size\n"
@ -33,7 +34,7 @@ parse_arguments() {
  
  # read arguments
  opts=$(getopt \
-      --longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan,debug,rsa,rsa-size:" \
+      --longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan,san-ip:,debug,rsa,rsa-size:" \
      --name "$(basename "$0")" \
      --options "" \
      -- "$@"
@ -88,6 +89,11 @@ parse_arguments() {
        shift 1
        ;;

+      --san-ip)
+        ARG_SAN_IP=$2
+        shift 2
+        ;;
+
      --debug)
        ARG_DEBUG=1
        shift 1
@ -108,28 +114,7 @@ parse_arguments() {
        ;;
    esac
  done
-  
-  if [ -z "${ARG_CN}" ]; then
-    echo "[${ME}] ERROR: Please specify CN, example \"--cn your.site.com\""
-    print_help;
-    exit 1
-  fi
-  
-  # For debugging purposes
-  if [ "${ARG_DEBUG}" -eq 1 ]; then
-    echo ARG_CN=$ARG_CN
-    echo ARG_KEY=$ARG_KEY
-    echo ARG_CERT=$ARG_CERT
-    echo ARG_DAYS=$ARG_DAYS
-    echo ARG_CAKEY=$ARG_CAKEY
-    echo ARG_CA=$ARG_CA
-    echo ARG_CADAYS=$ARG_CADAYS
-    echo ARG_NOSAN=$ARG_NOSAN
-    echo ARG_DEBUG=$ARG_DEBUG
-    echo ARG_RSA=$ARG_RSA
-    echo ARG_RSA_SIZE=$ARG_RSA_SIZE
-  fi
-  
+
  #  prepare common variables
  ##
  
@ -141,9 +126,33 @@ parse_arguments() {
  SERVER_KEY="${ARG_KEY:-private.key}"
  SERVER_CERT="${ARG_CERT:-public.crt}"
  DAYS="${ARG_DAYS:-365}"
+  NOSAN="${ARG_NOSAN}"
+  SAN_IP="${ARG_SAN_IP}"
  DEBUG="${ARG_DEBUG}"
  RSA="${ARG_RSA}"
  RSA_SIZE="${ARG_RSA_SIZE:-2048}"
+
+  if [ -z "${CN}" ]; then
+    echo "[${ME}] ERROR: Please specify CN, example \"--cn your.site.com\""
+    print_help;
+    exit 1
+  fi
+
+  # For debugging purposes
+  if [ "${DEBUG}" -eq 1 ]; then
+    echo CN=$CN
+    echo KEY=$KEY
+    echo CERT=$CERT
+    echo DAYS=$DAYS
+    echo CAKEY=$CAKEY
+    echo CA=$CA
+    echo CADAYS=$CADAYS
+    echo NOSAN=$NOSAN
+    echo SAN_IP=$SAN_IP
+    echo DEBUG=$DEBUG
+    echo RSA=$RSA
+    echo RSA_SIZE=$RSA_SIZE
+  fi
 }

 #  install openssl
@ -232,7 +241,13 @@ basicConstraints = CA:FALSE
 keyUsage = critical, digitalSignature, keyEncipherment
 extendedKeyUsage = serverAuth"

-  if [ -z "$ARG_NOSAN" ]; then
+  if [ ! -z "$SAN_IP" ]; then
+    echo "[${ME}] Using user-provided SAN records: " ${SAN_IP}
+    i=1
+    IFS=,
+    PAYLOAD="subjectAltName = @alt_names\n[ alt_names ]\n$(for IP in $SAN_IP; do echo "IP.${i} = ${IP}" ; i=$((i + 1)); done)"
+    unset IFS
+  elif [ -z "$NOSAN" ]; then
    # Gather IPs for SAN
    
    i=1