From e691bb3d89c12fad66112701655c5db70733e542 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 7 Nov 2015 20:37:14 +0200
Subject: [PATCH] - Added checks to every command, removed items from the TODO
list.
---
README.rst | 2 +-
ssl-ca | 40 ++++++++++++++++++++++++++++++++++++++--
2 files changed, 39 insertions(+), 3 deletions(-)
diff --git a/README.rst b/README.rst
index 8ef3866..54b739f 100644
--- a/README.rst
+++ b/README.rst
@@ -81,4 +81,4 @@ at: https://www.shore.co.il/cgit/.
TODO
----
-- Add checks and failure messages to each action.
+Nothing to see here.
diff --git a/ssl-ca b/ssl-ca
index 464a466..7097cb2 100755
--- a/ssl-ca
+++ b/ssl-ca
@@ -40,7 +40,12 @@ usage () {
init () {
mkdir -p "certs" "keys"
- echo "$config" > "openssl.cnf"
+ if [ -a openssl.cnf ]
+ then
+ echo openssl.cnf already exists, skipping generation.
+ else
+ echo "$config" > "openssl.cnf"
+ fi
openssl genrsa \
-out CA.key
openssl req \
@@ -52,6 +57,22 @@ init () {
}
sign_key () {
+ if [ $# -lt 1 ] || [ "$1" == "" ]
+ then
+ echo "No host specified."
+ exit 1
+ fi
+ if [ ! -f CA.crt ] || [ ! -f CA.key ] || [ ! -d keys ] || [ ! -d certs ] ||
+ [ ! -f openssl.cnf ]
+ then
+ echo "CA isn't initialized properly."
+ exit 1
+ fi
+ if [ ! -f "keys/$1" ]
+ then
+ echo "Can't find key to sign."
+ exit 1
+ fi
csr="$(mktemp -t ssl-ca)"
export domain="$1.$(basename $PWD)"
openssl req \
@@ -59,7 +80,7 @@ sign_key () {
-new \
-config openssl.cnf \
-out "$csr"
- fqdn="$1.$domain" openssl x509 \
+ openssl x509 \
-req \
-in "$csr" \
-out "certs/$1" \
@@ -71,6 +92,21 @@ sign_key () {
}
gen_key () {
+ if [ $# -lt 1 ] || [ "$1" == "" ]
+ then
+ echo "No host specified."
+ exit 1
+ fi
+ if [ ! -d keys ]
+ then
+ echo "keys directory doesn't exists, run ssl-ca init to rectify."
+ exit 1
+ fi
+ if [ -a "keys/$1" ]
+ then
+ echo "Key already exists."
+ exit 1
+ fi
openssl genrsa -out "keys/$1"
}
--
GitLab