1 files changed, 80 insertions, 6 deletions

diff --git a/scripts/mkreq b/scripts/mkreq
index c73d598..4493867 100755
--- a/scripts/mkreq
+++ b/scripts/mkreq
@@ -1,7 +1,68 @@
 #!/bin/sh
 
-mkdir -p $1
-cat>/tmp/mkreq-$$.cf<<EOC
+host="$1"; shift
+ca_host="ca.sunet.se"
+ca_name="infra"
+type=""
+
+usage ()
+{
+    echo "\
+Usage: mkreq [-v] [-s*] [-c] [-C <ca host>] [-N <ca name>] [--] <fqdn>
+
+
+  -h, --help                show this help text and exit
+  -s                        request server cert (default if <fqdn> exists in cosmos repo)
+  -c                        request client cert
+  -C                        ca host (ca.sunet.se)
+  -N                        ca name (infra)
+  
+  <fqdn>                    fully qualified name of host
+
+" 1>&2
+}
+
+{
+   while test $# -gt 0; do
+      case "$1" in
+          -s)
+             type="server"
+             ;;
+          -c)
+             type="client"
+             ;;
+          -C)
+             ca_host="$2"
+             shift
+             ;;
+          -N)
+             ca_name="$2"
+             shift
+             ;;
+          -h)
+             usage
+             exit 0
+             ;;
+          --)
+             break
+             ;;
+      esac
+      shift
+   done
+}
+
+if [ -d $host -a -z $type ]; then
+   type="server"
+fi
+
+
+cfg=`mktemp`
+key="/tmp/$host.key"
+csr="/tmp/$host.csr"
+
+trap 'rm -f $cfg' EXIT
+
+cat>$cfg<<EOC
 [ req ]
 default_bits           = 4096
 distinguished_name     = req_distinguished_name
@@ -11,11 +72,24 @@ prompt		       = no
 [ req_distinguished_name ]
 C			= SE
 O			= SUNET
-CN			= $1
+CN			= $host
 
 [ req_extensions ]
-subjectAltName          = DNS:$1
+subjectAltName          = DNS:$host
 EOC
 
-openssl req -config /tmp/mkreq-$$.cf -new -newkey rsa:4096 -sha1 -keyout $1/$1.key -nodes -out $1/$1.csr 
-rm /tmp/mkreq-$$.cf
+reqs="$ca_host/overlay/var/lib/ca/$ca_name/requests/$type"
+if [ ! -d $reqs ]; then
+   echo "*** ERROR - missing request directory $reqs"
+   exit 1
+fi
+
+openssl req -config $cfg -new -newkey rsa:4096 -sha256 -keyout $key -nodes -out $csr
+mv $csr "$reqs/$host.csr"
+git add "$reqs/$host.csr" && git commit -m "certification request for $host from $ca_host:$ca_name"
+
+if [ -d $host ]; then
+   ssh root@$host mkdir -p /etc/ssl/private && scp "$key" "root@$host:/etc/ssl/private/${host}_${ca_name}.key" && rm -f "$key" && echo "** private key given to $host" || echo "** private key left in $key - should be in root@$host:/etc/ssl/private/${host}_${ca_name}.key"
+fi
+
+echo "** successfully generated key and certification request for $host from $ca_host:$ca_name"