* Safer handling of $1 in all scripts
[hcoop/domtool2.git] / scripts / domtool-addcert
1 #!/bin/sh -e
2
3 USER="$1"
4 if test -z "$USER"; then
5 echo Usage: domtool-addcert USERNAME
6 exit 1
7 fi
8
9 KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
10 KEYFILE=$KEYDIR/key.pem
11 CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem
12 NEWREQ=~/.newreq.pem
13 NEW=~/.new.pem
14 KEYIN=~/.keyin
15
16 mkdir -p $KEYDIR
17 openssl genrsa -out $KEYFILE
18 chown -R domtool.domtool $KEYDIR
19 fs sa $KEYDIR $USER read
20 echo "." >$KEYIN
21 echo "." >>$KEYIN
22 echo "." >>$KEYIN
23 echo "." >>$KEYIN
24 echo "." >>$KEYIN
25 echo "$USER" >>$KEYIN
26 echo "$USER@hcoop.net" >>$KEYIN
27 echo "" >>$KEYIN
28 echo "" >>$KEYIN
29 openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
30 rm $KEYIN
31 cat $NEWREQ $KEYFILE >$NEW
32 rm $NEWREQ
33 openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
34 rm $NEW
35 chown domtool.domtool $CERTFILE