diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2011-01-02 17:11:39 -0500 |
|---|---|---|
| committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2011-01-02 17:18:24 -0500 |
| commit | e50da193be297bc7a49c3be88a26586fa69bde51 (patch) | |
| tree | ef51c657ab1555166f78ce9c78191760e6a658c0 | |
| parent | 98e5ebd65696db59063e45ee16da0f0923eda64a (diff) | |
genericized x509 certificate generation -- now works for any service, not just https (invoke it like "make-x509-certreqs imap" for imap:// keys, etc)
| -rw-r--r-- | examples/make-x509-certreqs (renamed from examples/make-https-certreqs) | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/examples/make-https-certreqs b/examples/make-x509-certreqs index 0512032..6ff82a0 100644 --- a/examples/make-https-certreqs +++ b/examples/make-x509-certreqs @@ -3,10 +3,10 @@ # Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> # Date: 2010-12-20 20:54:55-0500 -# On a system with keys for https already imported into -# monkeysphere-host, this script generates X.509 certificate requests -# for each key, with appropriate subjectAltNames and the PGPExtension -# embedded. +# On a system with keys for https (or some other X.509-using protocol) +# already imported into monkeysphere-host, this script generates X.509 +# certificate requests for each key, with appropriate subjectAltNames +# and the PGPExtension embedded. # The generated requests get dumped to stdout. redirect to a file or # copy/paste if you want to save them/send them someplace. @@ -73,11 +73,11 @@ gencertreq() { san='' primary='' -# find all the https User IDs: +# find all the $proto-using User IDs: uids=$(gpg --fixed-list-mode --with-colons --list-keys "0x$keyid!" | \ grep '^uid:' | cut -f10 -d: | \ - grep '^https\\x3a//' | \ - sed -r -e 's!^https\\x3a//!!' -e 's!:[0-9]+$!!') + grep '^'"${proto}"'\\x3a//' | \ + sed -r -e 's!^'"${proto}"'\\x3a//!!' -e 's!:[0-9]+$!!') primary=$(printf "%s" "$uids" | head -n1) printf "Certificate Request for TLS WWW server %s\n[OpenPGP key %s]\n" "$primary" "$keyid" @@ -89,7 +89,9 @@ gencertreq() { export GNUPGHOME=/var/lib/monkeysphere/host +# default to looking for https keys. +proto="${1:-https}" -for fpr in $(gpg --fixed-list-mode --with-colons --fingerprint --list-secret-keys https:// | grep '^fpr:' | cut -f10 -d:); do +for fpr in $(gpg --fixed-list-mode --with-colons --fingerprint --list-secret-keys "${proto}://" | grep '^fpr:' | cut -f10 -d:); do gencertreq "$fpr" done |