Add self-signed certificates to build inter-active menu

Signed-off-by: Richard T Bonhomme <[email protected]>
TinCanTech · Jul 21, 2021 · 8160cbc · 8160cbc · TinCanTech · Jul 21, 2021
1 parent afe9291
commit 8160cbc
Showing 1 changed file with 82 additions and 4 deletions.
diff --git a/easytls b/easytls
@@ -77,6 +77,8 @@ Use the 'help' command above to get full usage details.
   inline    :Inter-active menu to build Inline files
   remove    :Inter-active menu to remove TLS keys and Inline files
   script    :Inter-active menu to configure Server scripts
+  self-sign-server
+  self-sign-client
   build-tls-auth
   build-tls-crypt
   build-tls-crypt-v2-server <server_filename_base>
@@ -285,7 +287,7 @@ cmd_help()
   self-sign-server
        Build a self signed server certificate and key." ;;
 		ssc|self-sign-client) text="
-  self-sign-server
+  self-sign-client
        Build a self signed client certificate and key." ;;
 
 		options)
@@ -4184,12 +4186,12 @@ build_self_sign ()
 
 	# Certificate type
 	case "${cert_type}" in
-		server)
+		[sS]erver)
 			# Certificate extension: TLS Web Server
 			EASYTLS_EKU="serverAuth"
 			openssl_eku="-addext extendedKeyUsage"
 		;;
-		client)
+		[cC]lient)
 			# Certificate extension: TLS Web Server
 			EASYTLS_EKU="clientAuth"
 			openssl_eku="-addext extendedKeyUsage"
@@ -4595,6 +4597,8 @@ interactive_build ()
   [2] TLS-Crypt-V1 key               - Basic TLS-crypt-v1 pre-shared key
   [3] TLS-Crypt-V2 key for Server    - Advanced TLS-Crypt-v2 Server key
   [4] TLS-Crypt-V2 key for Client    - Advanced TLS-Crypt-v2 Client key
+  [5] Self-signed server             - Server X509 certificate and key
+  [6] Self-signed client             - Client X509 certificate and key
 
   Select the type of TLS-key to build:'
 	interactive_question
@@ -4810,6 +4814,18 @@ interactive_build ()
 
 		return 0
 	;;
+	5)	# Self-signed server
+		cert_type='Server'
+		interactive_selfsign_CN
+		interactive_selfsign_PW
+		build_self_sign "${cert_type}" "${common_name}"
+	;;
+	6)	# Self-signed client
+		cert_type='Client'
+		interactive_selfsign_CN
+		interactive_selfsign_PW
+		build_self_sign "${cert_type}" "${common_name}"
+	;;
 	*)	# Other value -> Quit
 		"$EASYTLS_PRINTF" '\n%s\n' '  Quit!'
 	;;
@@ -5594,7 +5610,69 @@ interactive_scripts ()
 
 } # => interactive_scripts ()
 
-# Set commonName
+# Set commonName and verify this cert does not exist
+interactive_selfsign_CN ()
+{
+	unset common_name
+	ia_question_help='
+* This field only requires the certificate commonName,
+  it does not require the complete file name.'
+
+	while :
+	do
+		ia_question_text="
+  Enter the commonName of your * ${cert_type} * certificate:"
+		interactive_question
+		[ -n "${ia_answer}" ] || continue
+		common_name="${ia_answer}"
+		cert_file="${EASYTLS_PKI}/${common_name}.crt"
+		[ -f "${cert_file}" ] || {
+			cmd_line="${cmd_line} ${common_name}"
+			break
+			}
+		ia_question_text="  Press enter to continue.."
+		printf "\n%s\n\n" "  A certificate named ${common_name} already exists!"
+		interactive_wait_for_answer
+	done
+}
+
+# Build self-sign cert/key with password
+interactive_selfsign_PW ()
+{
+	unset openssl_nodes
+	default='N'
+	ia_question_help="
+* Do you want to use a password ?
+
+  Leave this blank to use the default
+
+  * Default: $default"
+
+	ia_question_text='
+  Enter (y)es or (n)o:'
+	while :
+	do
+		interactive_question
+		ia_answer="${ia_answer:-$default}"
+		case "$ia_answer" in
+			Y|y|Yes|yes|YES)
+				EASYTLS_PASSWORD=1
+				break
+			;;
+			N|n|No|no|NO)
+				break
+			;;
+			*)
+				: # Ignore
+			;;
+		esac
+	done
+
+	easytls_verbose
+	#easytls_verbose "Config: $opt_disable_list"
+}
+
+# Set commonName and verify cert purpose
 interactive_common_name ()
 {
 	unset common_name