From 69e1458f0d7e963b9c2f55410f673112fc46eb02 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Thu, 5 Nov 2015 16:35:54 +0200
Subject: [PATCH] - Cleaned the README a bit. - Merged the gen-ca command into
 the init command. - Fixed a bug. - Filled all commands (though not everything
 should be wokring yet). - Keys and certificates have the subdomain name and
 the directory the domain.

---
 README.rst | 57 ++++++++++++++----------------------------------------
 ssl-ca     | 38 +++++++++++++++---------------------
 2 files changed, 31 insertions(+), 64 deletions(-)

diff --git a/README.rst b/README.rst
index 17b0912..7d63b9c 100644
--- a/README.rst
+++ b/README.rst
@@ -1,8 +1,8 @@
 SSL-CA
 ######
 
-This is a program (written in POSIX shell) to generate an SSL/TLS certificate
-authority, signed certificates and to sign existing certificates.
+This utility automates generating an SSL certificate authority, keys and signed
+certificates. The only dependecy is openssl.
 
 Installation
 ------------
@@ -12,62 +12,34 @@ Installation
     cd ssl-ca
     sudo make install
 
-The only dependency is openssl.
-
 Usage
 -----
 
-To start a new CA ::
+This will generate, inside the new directory, the directory stucture, a starting
+configuration for starting work and a new CA key and certificate. ::
 
-    $ mkdir mycerts
-    $ cd mycerts
+    $ mkdir domain.tld
+    $ cd domain.tld
     $ ssl-ca init
 
-This will create a new directory with the directory structure and a
-configuration file **Remember to change the configuration in `openssl.cnf`.**
-
-To generate a new CA key and certificate (inside the new directory)::
-
-    $ ssl-ca ca-gen
-
-To generate a new key and certificate for the www.example.com domain ::
+To generate a new key and certificate for the www host, the key will at
+``keys/www`` and the certificate at ``certs/www`` ::
 
-    $ ssl-ca gen www.example.com
+    $ ssl-ca gen www
 
-The key will be at ``keys/www.example.com.key`` and the certificate at
-``certs/www.example.com.pem``.
-
-To sign existing keys, copy them to ``keys/subdomain.domain.tld.key`` and run (this will sign all of keys found under ``keys/``) ::
+To sign existing keys, copy them to the ``keys/`` folder. All keys that don't
+have a matching certificate under ``certs/`` will be signed when running ::
 
     $ ssl-ca sign
 
-To resign **ALL** existing keys (overriding existing certificates) ::
+To resign **ALL** existing keys (regardles of existing certificates) ::
 
     $ ssl-ca resign
 
-Example config
---------------
-::
-
-    # This file is sourced by ssl-ca, so comments start with #
-    # and usual shell evaluation and variables can be used.
-    # No setting is mandatory and missing setting will be left blank or the
-    # default value will be used.
-    keysize=2048
-    keytype='rsa'
-    cipher='aes256'
-    days=365
-    countrycode='US'
-    state='Somewhere'
-    locality='Some other place.'
-    orgname='Acme'
-    orgunit='Widgets'
-    email='hostmaster@example.com'
-
 License
 -------
 
-This software is licnesed under the MIT licese (see the LICENSE.txt file).
+This software is licnesed under the MIT licese (see the ``LICENSE.txt`` file).
 
 Author
 ------
@@ -77,5 +49,6 @@ Nimrod Adar.
 TODO
 ----
 
-- Write said program.
 - Fill out example output in the usage section.
+- Add checks and failure messages to each action.
+- Finish openssl configuration.
diff --git a/ssl-ca b/ssl-ca
index 6880141..6b507c5 100755
--- a/ssl-ca
+++ b/ssl-ca
@@ -32,29 +32,26 @@ default_bits = 2048"
 #orgunit='Widgets'
 
 usage () {
-    echo "Usage: $0 "
+    echo "Usage: $0 init|gen|sign|resign"
 }
 
 init () {
-    mkdir "$1/certs"
-    mkdir "$1/keys"
-    echo "$default_config" > "$1/openssl.cnf"
+    mkdir "certs"
+    mkdir "keys"
+    openssl genra -out CA.key
+    openssl req -x509 -new -config openssl.cnf -key CA.key -out CA.crt
+    echo "$default_config" > "openssl.cnf"
 }
 
 sign_key () {
     csr="$(mktemp)"
-    openssl req -new -config openssl.cnf -out $csr
-    openssl x509 -req -in $csr -out certs/$1.crt
-    rm $csr
+    openssl req -new -config openssl.cnf -out "$csr"
+    openssl x509 -req -in "$csr" -out "certs/$1.crt"
+    rm "$csr"
 }
 
 gen_key () {
-    openssl genrsa -out keys/$1.key
-}
-
-ca_gen () {
-    openssl genra -out CA.key
-    openssl req -x509 -new -config openssl.cnf -key CA.key -out CA.crt
+    openssl genrsa -out "keys/$1"
 }
 
 if [ $# -lt 1 ]
@@ -67,26 +64,23 @@ case "$1" in
     init)
         init
         ;;
-    ca-gen)
-        ca-gen
-        ;;
     gen)
-        gen_key
-        sign_key $key
+        gen_key "$2"
+        sign_key "$2"
         ;;
     sign)
-        for key in keys/*.key
+        for key in keys/*
         do
-            if [ ! -f certs/$key.pem ]
+            if [ ! -f "certs/$(basename $key)" ]
             then
-                sign_key $key
+                sign_key "$(basename $key)"
             fi
         done
         ;;
     resign)
         for key in keys/*
         do
-            sign_key $key
+            sign_key "$(basename $key)"
         done
         ;;
     *)
-- 
GitLab