From 66cc664a2361649962fa4dbc79d406f351c174d5 Mon Sep 17 00:00:00 2001 From: loop0day Date: Wed, 1 May 2019 01:04:18 +0800 Subject: [PATCH] 1. Change $ca_usercert_dir to $ca_cert_dir in function signcsr 2. Fix some typos in function getcertbyserial 3. Add function revokecertbyname 4. Export signenccsr, genenccert and revokecertbyname operations --- apps/gmca/gmca | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/apps/gmca/gmca b/apps/gmca/gmca index 29a10757..83299cc4 100755 --- a/apps/gmca/gmca +++ b/apps/gmca/gmca @@ -234,7 +234,7 @@ function signenccsr { common_name=$1 csrfile="$ca_csr_dir/$common_name.csr" subject="$user_dn_enc_prefix/CN=$common_name" - gmssl ca -config ./signenccsr.cnf -batch -subj=$subject -md $md -days 365 -outdir $ca_usercert_dir -infiles "$csrfile" + gmssl ca -config ./signenccsr.cnf -batch -subj=$subject -md $md -days 365 -outdir $ca_cert_dir -infiles "$csrfile" } function gencert { @@ -277,7 +277,7 @@ function listcertsbyname { function getcertbyserial { #FIXME: check argument exist local serial=$1 - local cerfile=$ca_cert_dir/$serial.pem + local certfile=$ca_cert_dir/$serial.pem gmssl x509 -in $certfile } @@ -320,6 +320,12 @@ function _revokecertfile { #gmssl ca -config ./ca.cnf -valid $certfile } +function revokecertbyname { + common_name=$1 + serial=`awk -F'\t' '{print $2,$4,$6}' $ca_index_file | grep -E "CN=$common_name$" | awk '{print $2}'` + _revokecertfile "$ca_cert_dir/$serial.pem" +} + function revokecertbyserial { serial=$1 _revokecertfile "$ca_cert_dir/$serial.pem" @@ -408,6 +414,12 @@ case $opt in shift shift ;; + -signenccsr) + common_name="$2" + signenccsr "$common_name" + shift + shift + ;; -rejectcsr) common_name="$2" rejectcsr "$common_name" @@ -420,6 +432,12 @@ case $opt in shift shift ;; + -genenccert) + common_name="$2" + genenccert $common_name + shift + shift + ;; -listcerts) listcerts shift @@ -452,6 +470,12 @@ case $opt in revokereasons shift ;; + -revokecertbyname) + name="$2" + revokecertbyname "$name" + shift + shift + ;; -revokecert) certfile="$2" revokebycert "$certfile"