scripts/own-pki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
own-pki/bin/random-cert.sh
Gilles Mouchet 7c4cacc6bb dev #20260426
2026-04-26 20:44:39 +02:00

161 lines
4.2 KiB
Bash
Executable File
Raw Blame History

#/bin/bash
generate_cert() {
local CA_CRT=""
local CA_KEY=""
local COMMON_NAME=""
local DAYS="$DAYS"
local DNS=()
local IP_ADDRS=()
# parsing arguments
while [[ $# -gt 0 ]]; do
case "$1" in
-c) CA_CRT=$2.crt; CA_KEY=$2.key ;shift 2 ;;
-n) COMMON_NAME="$2"; shift 2 ;;
-d) DNS_LINE="$COMMON_NAME,$2"; shift 2 ;;
-i) IP_ADDRS_LINE=("$2"); shift 2 ;;
-t) DAYS="$2"; shift 2 ;;
*) echo "Option inconnue: $1"; return 1 ;;
esac
done
IFS=',' read -r -a IP_ADDRS <<< "$IP_ADDRS_LINE"
IFS=',' read -r -a DNS <<< "$DNS_LINE"
if [ "${#DNS[@]}" -eq 0 ]; then
DNS+="$COMMON_NAME"
fi
cat > "$CERTS_PATH/${COMMON_NAME}_openssl.cnf" << EOF
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
CN = $COMMON_NAME
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
EOF
# Add san dns"
idns=1
for SAN_DNS in "${DNS[@]}"; do
echo "DNS.$idns = $SAN_DNS" >> "$CERTS_PATH/${COMMON_NAME}_openssl.cnf"
((idns++))
done
# add san ip
iip=1
for SAN_IP in "${IP_ADDRS[@]}"; do
echo "IP.$iip = $SAN_IP" >> "$CERTS_PATH/${COMMON_NAME}_openssl.cnf"
((iip++))
done
# create certificate
echo -e "Generating the private key..."
openssl genrsa -out "${CERTS_PATH}/${COMMON_NAME}.key" 4096
echo -e "Generating csr file..."
openssl req -new -key "${CERTS_PATH}/${COMMON_NAME}.key" -out "${CERTS_PATH}/${COMMON_NAME}.csr" -config "$CERTS_PATH/${COMMON_NAME}_openssl.cnf"
echo -e "Signing the certificate with the CA..."
openssl x509 -req -in "${CERTS_PATH}/${COMMON_NAME}.csr" \
-CA "$CRT_CA_PATH/$CA_CRT" -CAkey "$KEY_CA_PATH/$CA_KEY" -CAcreateserial \
-out "${CERTS_PATH}/${COMMON_NAME}.crt" -days "$DAYS" \
-extensions req_ext -extfile "$CERTS_PATH/${COMMON_NAME}_openssl.cnf" \
-passin pass:pa55w0rd \
> /dev/null 2>&1
rc=$?
echo -n "Result of certificate signing: "
check_rc $rc
}
# Fonction pour générer un FQDN
gen_fqdn() {
local sub_len=$((RANDOM % 8 + 3))
local name_len=$((RANDOM % 13 + 3))
local sub=$(tr -dc 'a-z0-9' </dev/urandom | fold -w "$sub_len" | head -n 1)
local name=$(tr -dc 'a-z0-9' </dev/urandom | fold -w "$name_len" | head -n 1)
local tld=("com" "net" "org" "io" "ch" "fr")
echo "${sub}.${name}.${tld[$((RANDOM % ${#tld[@]}))]}"
}
# Fonction IP
gen_ip() {
echo "$((RANDOM % 256)).$((RANDOM % 256)).$((RANDOM % 256)).$((RANDOM % 256))"
}
# Liste (fqdn ou ip)
gen_list() {
local type=$1
local count=$((RANDOM % 3 + 3))
local list=""
for ((i=0; i<count; i++)); do
local item
[[ "$type" == "fqdn" ]] && item=$(gen_fqdn) || item=$(gen_ip)
list+="$item"
[[ $i -lt $((count-1)) ]] && list+=","
done
echo "$list"
}
############################################################
# MAIN
############################################################
main(){
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ROOT_DIR="$(dirname "$SCRIPT_DIR")"
# read library
source "$ROOT_DIR/lib/stdlib.sh"
# init config
init_default
init_env
# set color
set_color
# check if script is run with sudo
check_sudo
echo "Début de la génération..."
for ((i=1; i<=10; i++)); do
args=()
fqdn=$(gen_fqdn)
# -d (50%)
if (( RANDOM % 2 )); then
args+=("-d" "$(gen_list fqdn)")
fi
# -i (50%)
if (( RANDOM % 2 )); then
args+=("-i" "$(gen_list ip)")
fi
# -t (50%)
if (( RANDOM % 2 )); then
args+=("-t" "$((RANDOM % $DAYS + 1))")
fi
echo "[$i/5] generate_cert -c gmolab_ca -n $fqdn ${args[*]}"
# Appel direct
generate_cert -c "gmolab_ca" -n "$fqdn" "${args[@]}"
# generate_cert -c gmolab_ca -n vwiy3rv1ui.6zghdqm1p8cj.io -d u0ba3i5rt.asfsdvrmf8iiltd.org,0sit366.w47txhyg.io,4ulkpy6.v39762sriaiy.com,zvw3o0ovee.gqv50o6ge6.io,a57v0x.rs8.net -i 161.21.147.75,81.67.128.79,81.54.192.190,95.116.177.195,13.111.172.161
done
echo "Génération terminée avec succès."
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink