}
genca() {
+ local OPTIND=1
+ local purpose=
+
+ while getopts p: o
+ do
+ case $o in
+ p) purpose="$OPTARG";;
+ *) echo "Usage: $0 genca [-p EKU] cn keyname certname cakeyname cacertname" >&2
+ return 1;;
+ esac
+ done
+
+ shift $((OPTIND - 1))
local cn=$1; shift
local key=$1; shift
local cert=$1; shift
local akid="authorityKeyIdentifier = keyid"
exts=$(printf "%s\n%s\n%s\n" "$bcon" "$ku" "$skid" "$akid")
- for eku in "$@"
- do
- exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$eku")
- done
+ if [ -n "$purpose" ]; then
+ exts=$(printf "%s\nextendedKeyUsage = %s\n" "$exts" "$purpose")
+ fi
if [ -n "$NC" ]; then
exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC")
fi
csr=$(req "$key" "CN = $cn") || return 1
echo "$csr" |
cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
- -set_serial 2 -days "${DAYS}"
+ -set_serial 2 -days "${DAYS}" "$@"
}
gen_nonbc_ca() {