internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-14 21:42:17 +00:00
Code Issues Projects Releases Wiki Activity

shellcheck: Double quote to prevent globbing and word splitting

Browse Source 
This patch is needed to pass Automation Hub tests.
This commit is contained in:
Thomas Woerner
2021-11-23 15:21:26 +01:00
parent 2e8c2f881f
commit cd3646ad67
3 changed files with 57 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
tests/ca-less/generate-certificates.sh
View File

@@ -21,36 +21,36 @@ function generate_ipa_pkcs12_certificate {
# Generate CSR and private key
openssl req -new -newkey rsa:4096 -nodes \
-subj "/C=US/ST=Test/L=Testing/O=Default/CN=${ipa_fqdn}" \
-keyout ${certs_dir}/private.key \
-out ${certs_dir}/request.csr
-keyout "${certs_dir}/private.key" \
-out "${certs_dir}/request.csr"
# Sign CSR to generate PEM certificate
if [ -z "${extensions_file}" ]; then
openssl x509 -req -days 365 -sha256 \
-CAcreateserial \
-CA ${root_ca_cert} \
-CAkey ${root_ca_private_key} \
-in ${certs_dir}/request.csr \
-out ${certs_dir}/cert.pem
-CA "${root_ca_cert}" \
-CAkey "${root_ca_private_key}" \
-in "${certs_dir}/request.csr" \
-out "${certs_dir}/cert.pem"
else
openssl x509 -req -days 365 -sha256 \
-CAcreateserial \
-CA ${ROOT_CA_DIR}/cert.pem \
-CAkey ${ROOT_CA_DIR}/private.key \
-extfile ${extensions_file} \
-extensions ${extensions_name} \
-in ${certs_dir}/request.csr \
-out ${certs_dir}/cert.pem
-CA "${ROOT_CA_DIR}/cert.pem" \
-CAkey "${ROOT_CA_DIR}/private.key" \
-extfile "${extensions_file}" \
-extensions "${extensions_name}" \
-in "${certs_dir}/request.csr" \
-out "${certs_dir}/cert.pem"
fi
# Convert certificate to PKCS12 format
openssl pkcs12 -export \
-name ${cert_name} \
-certfile ${root_ca_cert} \
-in ${certs_dir}/cert.pem \
-inkey ${certs_dir}/private.key \
-name "${cert_name}" \
-certfile "${root_ca_cert}" \
-in "${certs_dir}/cert.pem" \
-inkey "${certs_dir}/private.key" \
-passout "pass:${PKCS12_PASSWORD}" \
-out ${certs_dir}/cert.p12
-out "${certs_dir}/cert.p12"
}
# generate_ipa_pkcs12_certificates $ipa_fqdn $ipa_domain
@@ -73,27 +73,27 @@ function generate_ipa_pkcs12_certificates {
fi
# Generate certificates folder structure
mkdir -p ${ROOT_CA_DIR}
mkdir -p ${DIRSRV_CERTS_DIR}/$host
mkdir -p ${HTTPD_CERTS_DIR}/$host
mkdir -p ${PKINIT_CERTS_DIR}/$host
mkdir -p "${ROOT_CA_DIR}"
mkdir -p "${DIRSRV_CERTS_DIR}/$host"
mkdir -p "${HTTPD_CERTS_DIR}/$host"
mkdir -p "${PKINIT_CERTS_DIR}/$host"
# Generate root CA
if [ ! -f "${ROOT_CA_DIR}/private.key" ]; then
openssl genrsa \
-out ${ROOT_CA_DIR}/private.key 4096
-out "${ROOT_CA_DIR}/private.key" 4096
openssl req -new -x509 -sha256 -nodes -days 3650 \
-subj "/C=US/ST=Test/L=Testing/O=Default" \
-key ${ROOT_CA_DIR}/private.key \
-out ${ROOT_CA_DIR}/cert.pem
-key "${ROOT_CA_DIR}/private.key" \
-out "${ROOT_CA_DIR}/cert.pem"
fi
# Generate a certificate for the Directory Server
if [ ! -f "${DIRSRV_CERTS_DIR}/$host/cert.pem" ]; then
generate_ipa_pkcs12_certificate \
"dirsrv-cert" \
$host \
"$host" \
"${DIRSRV_CERTS_DIR}/$host" \
"${ROOT_CA_DIR}/cert.pem" \
"${ROOT_CA_DIR}/private.key"
@@ -103,7 +103,7 @@ function generate_ipa_pkcs12_certificates {
if [ ! -f "${HTTPD_CERTS_DIR}/$host/cert.pem" ]; then
generate_ipa_pkcs12_certificate \
"httpd-cert" \
$host \
"$host" \
"${HTTPD_CERTS_DIR}/$host" \
"${ROOT_CA_DIR}/cert.pem" \
"${ROOT_CA_DIR}/private.key"
@@ -115,7 +115,7 @@ function generate_ipa_pkcs12_certificates {
generate_ipa_pkcs12_certificate \
"pkinit-cert" \
$host \
"$host" \
"${PKINIT_CERTS_DIR}/$host" \
"${ROOT_CA_DIR}/cert.pem" \
"${ROOT_CA_DIR}/private.key" \
@@ -135,17 +135,17 @@ function delete_ipa_pkcs12_certificates {
exit 0;
fi
rm -f certificates/*/$host/*
rm -f ${ROOT_CA_DIR}/*
rm -f certificates/*/"$host"/*
rm -f "${ROOT_CA_DIR}"/*
}
# Entrypoint
case "$1" in
create)
generate_ipa_pkcs12_certificates $2 $3
generate_ipa_pkcs12_certificates "$2" "$3"
;;
delete)
delete_ipa_pkcs12_certificates $2
delete_ipa_pkcs12_certificates "$2"
;;
*)
echo $"Usage: $0 {create|delete}"