create-ssl-tool

#!/bin/bash
# dit script is bedoeld om een certificaat aan te maken, het maakt een directory met hostname-certs
# in de directory /root/certs/
# flip hess 201102 [email protected]

  PATH='/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin'
  SCRIPT_PATH="${0}"
  TOTARG="${#}"
  ARG1="${1}"
  ARG2="${2}"

  # Default settings:
  DIR="$HOME/certs"   # where to create certdirs
  EDITOR="vim"

  SETTINGS="/var/tmp/cert-settings.$(date +"%Y%m%d")"   # create temp settings file
  ORIG="/var/tmp/cert-settings.orig"            # create temp orig file
  TIMESTAMP="$(date +'%Y%m%d')"             # timestamp


  # dependencie checken:
  if [ ! -x /usr/bin/openssl ]
  then
     echo "Bark Bark! Script went haywire!"
     echo "Openssl was not found!"
     exit 1
  fi

  # certificaten dir maken
  if [ ! -d "${DIR}" ]
  then
    mkdir -p "${DIR}"
  fi

  # dit script werkt met timestamp data in files en mag dus niet precies een paar seconden voor 00:00 afgetrapt worden
  # want dan vind hij zn files niet meer terug :)
  if [ $(date +'%H%M%S') -gt 235955 ]
  then
     echo "waiting for day switch, please wait 10 seconds"
     echo "you better go to sleep!"
     sleep 10
  fi


########################################################
#
#          The Functions:
#
########################################################


########################################################
# cert-help --> interactief een certificaat genereren
########################################################
function fCerthelp()
{
  # Check if 2 args given
  if [ "${TOTARG}" -ne 2 ]
  then
    echo "error: please provide 2 arguments"
    echo "Usage: ${SCRIPT_PATH} cert-help 'hostname'"
    exit 0
  fi

  echo "creating settings file"

 # als de defaults aanwezig zijn, editen? als ze niet aanwezig zijn, aanmaken en editen
  if [ ! -e ${ORIG} ] && [ ! -e ${SETTINGS} ]
  then
    fCreatesettingsCERT && fChecksettings || ( echo "setting and processing settings failed, please check your settings" ; exit 1 )

  elif [ -e ${ORIG} ] || [ -e ${SETTINGS} ]
  then
    echo "Existing settings file found, do you want to edit existing settingsfile? [Y/n]"
    read ANSWER
    if [ "${ANSWER}" != 'n' ] && [ "${ANSWER}" != 'N' ] && [ "${ANSWER}" != 'no' ] && [ "${ANSWER}" != 'No' ] && [ "${ANSWER}" != 'NO' ]
    then
      fChecksettings || ( echo "setting and processing settings failed, please check your settings" ; exit 1 )
    else
      echo "creating new settings file"
      fCreatesettingsCERT && fChecksettings || ( echo "setting and processing settings failed, please check your settings" ; exit 1 )
    fi
  fi

  # check for keyfile
  if [ ! -e ${KEYFILE} ]
  then
    echo "${KEYFILE} not found, please re-edit your settings"
    exit 1
  fi

  # check for csr
  if [ ! -e ${CSRFILE} ]
  then
    echo "${CSRFILE} not found, please re-edit your settings"
    exit 1
  fi

  # voorkomen dat certificaten overschreven worden:
  if [ -e ${CERTFILE} ]
  then
     echo "${CERTFILE} already exists! please rename before overwriting! "
     exit 1
  else
    # are you sure?
    echo "Creating a CERT file for ${COMMON} in ${CERTFILE}"
    echo "Continue? [Y/n}"
  fi
  read ANSWER

  if [ "${ANSWER}" != 'n' ] && [ "${ANSWER}" != 'N' ] && [ "${ANSWER}" != 'no' ] && [ "${ANSWER}" != 'No' ] && [ "${ANSWER}" != 'NO' ]
  then
    # do the magic:
    cd ${DIR} && openssl x509 -req -days ${AGE} -in ${CSRFILE} -signkey ${KEYFILE} -out ${CERTFILE} || ( echo "generating certificate failed!" ; exit 1 )
  else
    echo "generation canceled"
    exit 1
  fi

  echo "----------------------------------------------------------------------------------------------------------"
  echo "Certificate succesfully generated"
  echo
  echo "cert file: ${CERTFILE}"
  echo "----------------------------------------------------------------------------------------------------------"
  rm ${SETTINGS} ${ORIG}

  return 0
}


########################################################
# csr-help --> interactief certificaat REQUEST genereren
########################################################
function fCsrhelp()
{

  # Check if 2 args given
  if [ "${TOTARG}" -ne 2 ]
  then
    echo "error: please provide 2 arguments"
    echo "Usage: ${SCRIPT_PATH} csr-help 'hostname'"
    exit 0
  fi

 # als de defaults aanwezig zijn, editen? als ze niet aanwezig zijn, aanmaken en editen
  if [ ! -e ${ORIG} ] && [ ! -e ${SETTINGS} ]
  then
    fCreatesettingsCSR && fChecksettings  || ( echo "setting and processing settings failed, please check your settings" ; exit 1 )

  elif [ -e ${ORIG} ] || [ -e ${SETTINGS} ]
  then
    echo "existing settings file found, do you want to edit existing settingsfile? [Y/n]"
    read ANSWER
    if [ "${ANSWER}" != 'n' ] && [ "${ANSWER}" != 'N' ] && [ "${ANSWER}" != 'no' ] && [ "${ANSWER}" != 'No' ] && [ "${ANSWER}" != 'NO' ]
    then
      fChecksettings
    else
      echo "creating a new settings file"
      echo
      fCreatesettingsCSR && fChecksettings  || ( echo "setting and processing settings failed, please check your settings" ; exit 1 )
    fi
  fi

  # are you sure?
  echo "Creating a CSR and a key file for ${COMMON} in ${CSRFILE}"
  echo "Continue? [Y/n]"
  read ANSWER

  if [ "${ANSWER}" = 'n' ] || [ "${ANSWER}" = 'N' ] || [ "${ANSWER}" = 'no' ] || [ "${ANSWER}" = 'No' ] || [ "${ANSWER}" = 'NO' ]
  then
    echo "Creation was canceled."
    exit 1
  fi

  echo "----------------------------------------------------------------------------------------------------------"
  echo "Subject is : C=${COUNTRY}/ST=${STATE}/L=${LOCALITY}/O=${ORG}/OU=${OU}/CN=${COMMON}"
  echo

  # do tha magic:
  if [ -e ${CSRFILE} ] || [ -e ${KEYFILE} ]
  then
     echo "${CSRFILE} or ${KEYFILE} already exists! please rename before overwriting! "
     exit 1
  else
    cd ${DIR} && openssl req -new -newkey rsa:${ALGSIZE} -sha1 -nodes -subj /C="${COUNTRY}"/ST="${STATE}"/L="${LOCALITY}"/O="${ORG}"/OU="${OU}"/CN="${COMMON}" -keyout ${KEYFILE} -out ${CSRFILE} || ( echo "Bark Bark, generation of ${CSRFILE} went haywire!" ; exit 1 )
  fi
  echo "----------------------------------------------------------------------------------------------------------"
  echo "Certificate request and keyfile succesfully generated"
  echo
  echo "key file: ${KEYFILE}"
  echo "CSR file: ${CSRFILE}"
  echo "----------------------------------------------------------------------------------------------------------"

  rm ${SETTINGS} ${ORIG}

  return 0
}

########################################################
# funtctie selfsigned -> genereer een csr met de default settings
########################################################
function fSelfsigned()
{
  # Check if 2 args given
  if [ "${TOTARG}" -ne 2 ]
  then
    echo "error: please provide 2 arguments"
    echo "Usage: ${SCRIPT_PATH} selfsigned 'hostname'"
    exit 0
  fi

  echo "Creating self-signed certificate for ${ARG2}"
  # first creating a CSR file
  fCsr

  # create settings and source them
  fCreatesettingsCERT && source ${SETTINGS} || ( echo "sourcing settings failed, please check your settings" ; exit 1 )

  # do tha magic:
  if [ -e ${CERTFILE} ]
  then
     echo "${CERTFILE} already exists! please rename before overwriting! "
     exit 1
  else
    cd ${DIR} && openssl x509 -req -days ${AGE} -in ${CSRFILE} -signkey ${KEYFILE} -out ${CERTFILE} || ( echo "Error while creating Certificate Request ${CERTFILE}" ; exit 1 )
  fi

  echo "----------------------------------------------------------------------------------------------------------"
  echo "Certificate for ${ARG2} succesfully created"
  echo
  echo "File location is ${CERTFILE}"
  echo "----------------------------------------------------------------------------------------------------------"

  rm ${SETTINGS} ${ORIG}

  return 0
}

########################################################
# funtctie csr -> genereer een csr met de default settings
########################################################
function fCsr()
{
  # Check if 2 args given
  if [ "${TOTARG}" -ne 2 ]
  then
    echo "error: please provide 2 arguments"
    echo "Usage: ${SCRIPT_PATH} csr 'hostname'"
    exit 0
  fi

  fCreatesettingsCSR && source ${SETTINGS} || ( echo "sourcing settings failed, please check your settings" ; exit 1 )

  # are you sure?
  echo "Creating a CSR and a key file for ${COMMON} in ${DIR} using default settings"
  echo "Continue? [Y/n]"
  read ANSWER

  if [ "${ANSWER}" = 'n' ] || [ "${ANSWER}" = 'N' ] || [ "${ANSWER}" = 'no' ] || [ "${ANSWER}" = 'No' ] || [ "${ANSWER}" = 'NO' ]
  then
     echo "Creation was canceled."
     exit 1
  fi

  # do tha magic:
  if [ -e ${KEYFILE} ] || [ -e ${CSRFILE} ]
  then
     echo "${KEYFILE} or ${CSRFILE} already exists! please rename before overwriting! "
     exit 1
  else
    echo "Subject is : /C=${COUNTRY}/ST=${STATE}/L=${LOCALITY}/O=${ORG}/OU=${OU}/CN=${COMMON}"
    cd ${DIR} && openssl req -new -newkey rsa:${ALGSIZE} -sha1 -nodes -subj /C="${COUNTRY}"/ST="${STATE}"/L="${LOCALITY}"/O="${ORG}"/OU="${OU}"/CN="${COMMON}" -keyout ${KEYFILE} -out ${CSRFILE} || ( echo "Error while creating Certificate Request ${CSRFILE}" ; exit 1 )
  fi

  echo "----------------------------------------------------------------------------------------------------------"
  echo "Certificate Request ${ARG2} succesfully created"
  echo
  echo "location of certificate request is: ${CSRFILE}"
  echo "location of certificate keyfile is: ${KEYFILE}"
  echo "----------------------------------------------------------------------------------------------------------"

  rm ${SETTINGS} ${ORIG}

  return 0
}


########################################################
# create csr settings file
########################################################
function fCreatesettingsCSR()
{
  cat <<EOF | tee ${ORIG} > ${SETTINGS}
     ##########################################
     # SSL CSR settings file                  #
     #                                        #
     # flip hess 2011 [email protected]     #
     ##########################################

     # location of the csr
     CSRFILE=${DIR}/${ARG2}-${TIMESTAMP}.csr

     # location of the key file
     KEYFILE=${DIR}/${ARG2}-${TIMESTAMP}.key

     # size of the algoritm:
     ALGSIZE="2048"

     # countryName for subject
     COUNTRY="NL"

     # stateOrProvinceName for subject
     STATE="Noord-Holland"

     # localityName for subject
     LOCALITY="Amsterdam"

     # organizationName for subject
     ORG="Firma SSL bv."

     # organizationalUnitName for subject
     OU="Webserver.ou"

     # commonName (hostname)
     COMMON="${ARG2}"
EOF

return 0
}


########################################################
# create cert settings file
########################################################
function fCreatesettingsCERT()
{
  cat <<EOF | tee ${ORIG} > ${SETTINGS}
     ##########################################
     # SSL CERT settings file                 #
     #                                        #
     # flip hess 2011 [email protected]     #
     ##########################################

     # Location of the CSR file
     CSRFILE="${DIR}/${ARG2}-${TIMESTAMP}.csr"

     # Location of the KEY file
     KEYFILE="${DIR}/${ARG2}-${TIMESTAMP}.key"

     # where to store the CERT file
     CERTFILE="${DIR}/${ARG2}-${TIMESTAMP}.crt"

     # validity duration of the certificate
     AGE="99999999"
EOF

return 0
}


########################################################
# check en edit setting                                #
########################################################
function fChecksettings()
{
  echo "----------------------------------------------------------------------------------------------------------"
  echo "Now opening settings file with ${EDITOR}"
  echo "To change editor, set the \"\${EDITOR}\" variable"
  sleep 1
  ${EDITOR} ${SETTINGS}

  # check if changed and asking for input
  diff ${ORIG} ${SETTINGS} > /dev/null 2>&1
  if [ ${?} = 0 ]
  then
    DIFFS=0
  else
    DIFFS=1
  fi

  # zo lang als DIFFS 0 is (ongewijzigd) do:
  while [ ${DIFFS} = '0' ]
  do
    echo "No changes made to settings, do you want to re-edit the settings file? [Y/n] "
    read ANSWER

    if [ "${ANSWER}" != 'n' ] && [ "${ANSWER}" != 'N' ] && [ "${ANSWER}" != 'no' ] && [ "${ANSWER}" != 'No' ] && [ "${ANSWER}" != 'NO' ]
    then
       ${EDITOR} ${SETTINGS}
       diff ${ORIG} ${SETTINGS} > /dev/null 2>&1
       if [ ${?} = 0 ]
       then
         DIFFS=0
       else
         DIFFS=1
       fi
    else
       echo "continuing with default settings"
       echo
       DIFFS=1
    fi
  done

 # sourcing settings:
 source ${SETTINGS} || ( echo "sourcing settings failed, please check your settings" ; exit 1 )

 return 0

}


########################################################
# Shows usage.
########################################################
function fUsage()
{
  echo
  echo "Usage: ${SCRIPT_PATH}  csr-help|crt-help|selfsigned|csr|usage"
  echo
  echo "csr-help               : create a custom certificate interactively"
  echo "crt-help               : create a custom self signed certificate interactively"
  echo
  echo "csr 'hostname'         : create a certificate request for 'hostname' using the default settings"
  echo "selfsigned 'hostname'  : create a certificate request for 'hostname' using the default settings"
  echo
  echo "usage                  : show usage information."
  echo

  return 0
}

########################################################
# The main function.
########################################################
function fMain()
{
  case "${ARG1}"
  in
    csr-help)
      fCsrhelp
      ;;
    cert-help)
      fCerthelp
      ;;
    selfsigned)
      fSelfsigned
      ;;
    csr)
      fCsr
      ;;
    usage)
      fUsage
      ;;
    *)
      fUsage
      ;;
  esac

  return 0
}


# Start the program:

fMain "${@}"

# Exit with previous return code:
exit "${?}"