work

cgzones · Sep 14, 2017 · 5c1eb1c · 5c1eb1c
1 parent 74c4dce
commit 5c1eb1c
Show file tree

Hide file tree

Showing 7 changed files with 59 additions and 5 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -23,6 +23,33 @@ script:
       rootCA_password
       EOF
   - cd travis-ca/
+  - |
+      bash --posix ./bin/create-server -s travis-server.bogus.com -a www.travis-server.bogus.com << EOF
+      rootCA_password
+      US
+      California
+      San Francisco
+      Bogus Inc.
+      Jurisdiction of travis-server.bogus-com
+      travis-server.bogus.com
+      EOF
+  - |
+      bash --posix ./bin/create-client -c travis-client << EOF
+      rootCA_password
+      US
+      California
+      San Francisco
+      Bogus Inc.
+      private
+      travis-client
+      travis-client@bogus.com
+      EOF
+  - |
+      bash --posix ./bin/revoke-cert -c certs/travis-server-bogus-com.server.crt << EOF
+      1
+      y
+      rootCA_password
+      EOF
   - |
       bash --posix ./bin/create-signing-ca -d travis-signing << EOF
       travis-signing

diff --git a/create-client b/create-client
@@ -26,6 +26,11 @@ usage() {
     exit 2
 }
 
+if [ ! -f ca/ca.crt ]; then
+    echo -e "$ERR Must be run inside a CA directory!"
+    exit 2
+fi
+
 CLIENT_NAME=
 
 while getopts c: FLAG; do
@@ -52,7 +57,7 @@ if [ -f "conf/${SAFE_NAME}.client.conf" ]; then
     exit 1
 fi
 
-trap 'rm -f conf/"${SAFE_NAME}".client.conf private/${SAFE_NAME}.client.key certs/${SAFE_NAME}.client.crt' 0
+trap 'rm -f "conf/${SAFE_NAME}.client.conf" "private/${SAFE_NAME}.client.key" "certs/${SAFE_NAME}.client.crt"' 0
 
 echo
 echo -e -n "$INPUT Enter passphase for signing CA key: "

diff --git a/create-root-ca b/create-root-ca
@@ -45,6 +45,7 @@ CA_NAME="$( basename "${CA_DIR}" )"
 echo -e "$NOTE Creating root CA in dir '${CA_DIR}'"
 
 init_ca_home "${CA_DIR}"
+trap 'rm -Rf "${CA_DIR}"' 0
 generate_conf "${CA_DIR}/bin/defaults.conf"
 source "${CA_DIR}/bin/defaults.conf"
 
@@ -64,7 +65,7 @@ read -r -s PASS2
 echo
 
 if [[ "${PASS1}" != "${PASS2}" ]]; then
-    echo "$ERR Passphrases did not match, exiting."
+    echo -e "$ERR Passphrases did not match, exiting."
     exit 1
 fi
 export CA_PASS="${PASS1}"
@@ -99,6 +100,10 @@ openssl ca -selfsign -batch -notext \
            -extensions root_ca_ext \
            -passin env:CA_PASS
 
+echo -e "$NOTE Creating pseaudo CA chain"
+
+ln -s ca.crt ca/chain.pem
+
 echo -e "$NOTE Creating the root CA CRL"
 
 openssl ca -gencrl -batch \
@@ -120,4 +125,6 @@ popd > /dev/null
 
 unset CA_PASS
 
+trap 0
+
 echo -e "$SUCC Root CA initialized."
diff --git a/create-server b/create-server
@@ -26,6 +26,11 @@ usage() {
     exit 2
 }
 
+if [ ! -f ca/ca.crt ]; then
+    echo -e "$ERR Must be run inside a CA directory!"
+    exit 2
+fi
+
 SERVER_NAME=
 ALT_NAME=
 
@@ -69,7 +74,7 @@ if [ -f conf/"${SAFE_NAME}".server.conf ]; then
     exit 1
 fi
 
-trap 'rm -f conf/"${SAFE_NAME}".server.conf private/${SAFE_NAME}.server.key certs/${SAFE_NAME}.server.crt' 0
+trap 'rm -f "conf/${SAFE_NAME}.server.conf" "private/${SAFE_NAME}.server.key" "certs/${SAFE_NAME}.server.crt"' 0
 
 echo
 echo -e -n "$INPUT Enter passphase for signing CA key: "

diff --git a/create-signing-ca b/create-signing-ca
@@ -18,13 +18,18 @@ source "${BIN_DIR}/defaults.conf"
 usage() {
     echo "Usage: $0 -d CA_DIR"
     echo "Initializes a new signing sub-CA in CA_DIR"
+    echo "Must be run inside a root CA dir"
     echo
     echo "Options:"
     echo "    -d CA_DIR  Target directory to be created and initialized"
     echo
     exit 2
 }
 
+if ! openssl verify -CAfile ca/ca.crt ca/ca.crt >/dev/null 2>&1; then
+    echo -e -n "$ERR " && usage
+fi
+
 CA_DIR=
 
 while getopts d: FLAG; do
@@ -49,7 +54,7 @@ echo -e "$NOTE Creating new signing sub-CA in '${CA_DIR}'"
 echo
 
 init_ca_home "${CA_DIR}"
-trap 'rm -Rf ${CA_DIR}' 0
+trap 'rm -Rf "${CA_DIR}"' 0
 generate_conf "${CA_DIR}/bin/defaults.conf"
 source "${CA_DIR}/bin/defaults.conf"
 

diff --git a/revoke-cert b/revoke-cert
@@ -25,6 +25,11 @@ usage() {
     exit 2
 }
 
+if [ ! -f ca/ca.crt ]; then
+    echo -e "$ERR Must be run inside a CA directory!"
+    exit 2
+fi
+
 CERT=
 
 while getopts c: FLAG; do

diff --git a/show-status b/show-status
@@ -92,7 +92,7 @@ if [ ! $rootCA -eq 0 ]; then
     issuer=$(openssl x509 -noout -in "$CA_CRT" -issuer) # ignore issuer=
     echo -e "$NOTE     Issuer                      ${issuer:7}"
 fi
-echo -e "$NOTE     Bits                        $(echo "$cert_txt" | grep 'Public-Key:' | cut -d ':' -f2 | tr -d "()")"
+echo -e "$NOTE     Bits                       $(echo "$cert_txt" | grep 'Public-Key:' | cut -d ':' -f2 | tr -d "()")"
 
 certs=$(($(cat "$ROOT_DIR/ca/db/crt.srl") - rootCA - 1))
 echo -e "$NOTE     Signed Ceritificates       " $certs
-Original file line number
+Diff line change
@@ Expand Up / @@ -25,6 +25,11 @@ usage() { @@
         exit 2
     }
+    if [ ! -f ca/ca.crt ]; then
+        echo -e "$ERR Must be run inside a CA directory!"
+        exit 2
+    fi
     CERT=
     while getopts c: FLAG; do
@@ Expand Down @@