1. Change $ca_usercert_dir to $ca_cert_dir in function signcsr

2. Fix some typos in function getcertbyserial 3. Add function revokecertbyname 4. Export signenccsr, genenccert and revokecertbyname operations
2026-05-07 08:56:17 +08:00 · 2019-05-01 01:04:18 +08:00
parent 879c1b4a15
commit 66cc664a23
1 changed files with 26 additions and 2 deletions
--- a/apps/gmca/gmca
+++ b/apps/gmca/gmca
@@ -234,7 +234,7 @@ function signenccsr {
 	common_name=$1
 	csrfile="$ca_csr_dir/$common_name.csr"
 	subject="$user_dn_enc_prefix/CN=$common_name"
-	gmssl ca -config ./signenccsr.cnf -batch -subj=$subject -md $md -days 365 -outdir $ca_usercert_dir -infiles "$csrfile"
+	gmssl ca -config ./signenccsr.cnf -batch -subj=$subject -md $md -days 365 -outdir $ca_cert_dir -infiles "$csrfile"
 }

 function gencert {
@@ -277,7 +277,7 @@ function listcertsbyname {
 function getcertbyserial {
 	#FIXME: check argument exist
 	local serial=$1
-	local cerfile=$ca_cert_dir/$serial.pem
+	local certfile=$ca_cert_dir/$serial.pem
 	gmssl x509 -in $certfile
 }

@@ -320,6 +320,12 @@ function _revokecertfile {
 	#gmssl ca -config ./ca.cnf -valid $certfile
 }

+function revokecertbyname {
+	common_name=$1
+	serial=`awk -F'\t' '{print $2,$4,$6}' $ca_index_file | grep -E "CN=$common_name$" | awk '{print $2}'`
+	_revokecertfile "$ca_cert_dir/$serial.pem"
+}
+
 function revokecertbyserial {
 	serial=$1
 	_revokecertfile "$ca_cert_dir/$serial.pem"
@@ -408,6 +414,12 @@ case $opt in
 		shift
 		shift
 		;;
+	-signenccsr)
+		common_name="$2"
+		signenccsr "$common_name"
+		shift
+		shift
+		;;
 	-rejectcsr)
 		common_name="$2"
 		rejectcsr "$common_name"
@@ -420,6 +432,12 @@ case $opt in
 		shift
 		shift
 		;;
+	-genenccert)
+		common_name="$2"
+		genenccert $common_name
+		shift
+		shift
+		;;
 	-listcerts)
 		listcerts
 		shift
@@ -452,6 +470,12 @@ case $opt in
 		revokereasons
 		shift
 		;;
+	-revokecertbyname)
+		name="$2"
+		revokecertbyname "$name"
+		shift
+		shift
+		;;
 	-revokecert)
 		certfile="$2"
 		revokebycert "$certfile"