1515function getServerCertificatePath {
1616 local TYPE_CERTIFICAT=" ${1} "
1717 local COMPONENT=" ${2} "
18- echo " ${CERTIFICATE_DIR} /${TYPE_CERTIFICAT} /server /${COMPONENT} "
18+ echo " ${CERTIFICATE_DIR} /${TYPE_CERTIFICAT} /servers /${COMPONENT} "
1919}
2020
2121# Generate the Subject Alternate Name for a server certificate
@@ -43,7 +43,7 @@ function generateServerCertificate {
4343 local KEY_PASS=" ${2} "
4444 local INTERMEDIATE_CA_KEY=" ${3} "
4545 local TYPE_CERTIFICAT=" ${4} "
46- local PKI_CONTEXT =" ${5} "
46+ local AUTHORITY =" ${5} "
4747 local SERVICE_HOSTNAME=" ${6} "
4848 local SERVICE_DC_HOSTNAME=" ${7} "
4949 local REVERSE_SAN=" ${8} "
@@ -53,10 +53,10 @@ function generateServerCertificate {
5353 # Correctly set certificate CN (env var is read inside the openssl configuration file)
5454 export OPENSSL_CN=" $( getComponentCertificateCn $SERVICE_HOSTNAME ) "
5555 # Correctly set certificate DIRECTORY (env var is read inside the openssl configuration file)
56- export OPENSSL_CRT_DIR=${PKI_CONTEXT }
56+ export OPENSSL_CRT_DIR=${AUTHORITY }
5757
58- pki_logger " Starting process to generate ${TYPE_CERTIFICAT} certificate signed with CA ${PKI_CONTEXT } for ${COMPOSANT} ..."
59- local SERVER_CERTIFICATE_PATH=$( getServerCertificatePath ${PKI_CONTEXT } ${COMPOSANT} )
58+ pki_logger " Starting process to generate ${TYPE_CERTIFICAT} certificate signed with CA ${AUTHORITY } for ${COMPOSANT} ..."
59+ local SERVER_CERTIFICATE_PATH=$( getServerCertificatePath ${AUTHORITY } ${COMPOSANT} )
6060 mkdir -p " ${SERVER_CERTIFICATE_PATH} "
6161 pki_logger " Generating ${TYPE_CERTIFICAT} key for ${COMPOSANT} ..."
6262 openssl req -newkey " ${CRYPTO_SPEC} "
@@ -75,14 +75,14 @@ function generateServerCertificate {
7575 -extensions extension_${TYPE_CERTIFICAT} -batch
7676
7777 purge_directory " ${SERVER_CERTIFICATE_PATH} "
78- purge_directory " ${CONFIG_DIR} /${PKI_CONTEXT } "
78+ purge_directory " ${CONFIG_DIR} /${AUTHORITY } "
7979}
8080
8181# Generate the path of a client certificate
8282function getClientCertificatePath {
83- local PKI_CONTEXT =" ${1} "
83+ local AUTHORITY =" ${1} "
8484 local COMPOSANT=" ${2} "
85- echo " ${CERTIFICATE_DIR} /${PKI_CONTEXT } /clients/${COMPOSANT} "
85+ echo " ${CERTIFICATE_DIR} /${AUTHORITY } /clients/${COMPOSANT} "
8686}
8787
8888# Generate a client certificate
@@ -91,15 +91,15 @@ function generateClientCertificate {
9191 local KEY_PASS=" ${2} "
9292 local CA_INTERMEDIATE_PASS=" ${3} "
9393 local TYPE_CERTIFICAT=" ${4} "
94- local PKI_CONTEXT =" ${5} "
94+ local AUTHORITY =" ${5} "
9595
9696 # Correctly set certificate CN (env var is read inside the openssl configuration file)
9797 export OPENSSL_CN=" ${COMPOSANT} "
9898 # Correctly set certificate DIRECTORY (env var is read inside the openssl configuration file)
99- export OPENSSL_CRT_DIR=${PKI_CONTEXT }
99+ export OPENSSL_CRT_DIR=${AUTHORITY }
100100
101101 pki_logger " Starting process to generate ${TYPE_CERTIFICAT} certificate for ${COMPOSANT} ..."
102- local CLIENT_CERTIFICATE_PATH=$( getClientCertificatePath ${PKI_CONTEXT } ${COMPOSANT} )
102+ local CLIENT_CERTIFICATE_PATH=$( getClientCertificatePath ${AUTHORITY } ${COMPOSANT} )
103103 mkdir -p " ${CLIENT_CERTIFICATE_PATH} "
104104 pki_logger " Generating ${TYPE_CERTIFICAT} key for ${COMPOSANT} ..."
105105 # TODO: Workaround with -nodes parameter to avoid passphrase.
@@ -112,7 +112,7 @@ function generateClientCertificate {
112112 -config " ${CONFIG_DIR} /crt-config"
113113 -batch
114114
115- pki_logger " Generating ${TYPE_CERTIFICAT} crt signed with ${PKI_CONTEXT } for ${COMPOSANT} ..."
115+ pki_logger " Generating ${TYPE_CERTIFICAT} crt signed with ${AUTHORITY } for ${COMPOSANT} ..."
116116 openssl ca -config " ${CONFIG_DIR} /crt-config"
117117 -passin pass:" ${CA_INTERMEDIATE_PASS} "
118118 -out " ${CLIENT_CERTIFICATE_PATH} /${COMPOSANT} .crt"
@@ -129,29 +129,29 @@ function generateClientCertificate {
129129 fi
130130
131131 purge_directory " ${CLIENT_CERTIFICATE_PATH} "
132- purge_directory " ${CONFIG_DIR} /${PKI_CONTEXT } "
132+ purge_directory " ${CONFIG_DIR} /${AUTHORITY } "
133133}
134134
135135# Generate a server and a client certificate and store passphrase
136136function generateServerAndClientCertAndStorePassphrase {
137137 local COMPONENT=" ${1} "
138- local PKI_CONTEXT =" ${2} "
139- generateServerCertAndStorePassphrase " ${COMPONENT} " " ${PKI_CONTEXT } "
140- generateClientCertAndStorePassphrase " ${COMPONENT} " " ${PKI_CONTEXT } "
138+ local AUTHORITY =" ${2} "
139+ generateServerCertAndStorePassphrase " ${COMPONENT} " " ${AUTHORITY } "
140+ generateClientCertAndStorePassphrase " ${COMPONENT} " " ${AUTHORITY } "
141141}
142142
143143# Generate a server certificate and store passphrase
144144function generateServerCertAndStorePassphrase {
145145 local COMPONENT=" ${1} "
146- local PKI_CONTEXT =" ${2} "
146+ local AUTHORITY =" ${2} "
147147
148- pki_logger " DEBUG" " generateServerCertAndStorePassphrase called with $# args: COMPONENT=$1 , PKI_CONTEXT =$2 "
148+ pki_logger " DEBUG" " generateServerCertAndStorePassphrase called with $# args: COMPONENT=$1 , AUTHORITY =$2 "
149149
150150 local TYPE_CERTIFICAT=" server"
151151 local REVERSE_SAN=" "
152152
153153 # Retrieve the passphrase of the CA_INTERMEDIATE from the vault-ca
154- CA_INTERMEDIATE_PASS=$( getComponentPassphrase ca " ca_intermediate_${PKI_CONTEXT } " )
154+ CA_INTERMEDIATE_PASS=$( getPassphrase ca " ca_intermediate_${AUTHORITY } " )
155155 DC_NAME=$( getDcName)
156156
157157 if [ " ${COMPONENT} " == " reverse" ; then
@@ -161,7 +161,7 @@ function generateServerCertAndStorePassphrase {
161161
162162 pki_logger " DEBUG" " DC_NAME=${DC_NAME} , CONSUL_DOMAIN=${CONSUL_DOMAIN} "
163163
164- local SERVER_CERTIFICATE_PATH=$( getServerCertificatePath ${PKI_CONTEXT } ${COMPONENT} )
164+ local SERVER_CERTIFICATE_PATH=$( getServerCertificatePath ${AUTHORITY } ${COMPONENT} )
165165 if [ ! -f " ${SERVER_CERTIFICATE_PATH} /${COMPONENT} .crt" ; then
166166 # Generate the passphrase
167167 local KEY_PASS=$( generatePassphrase)
@@ -170,30 +170,30 @@ function generateServerCertAndStorePassphrase {
170170 ${KEY_PASS} \
171171 ${CA_INTERMEDIATE_PASS} \
172172 ${TYPE_CERTIFICAT} \
173- ${PKI_CONTEXT } \
173+ ${AUTHORITY } \
174174 " vitamui-${COMPONENT} .service.${CONSUL_DOMAIN} "
175175 " vitamui-${COMPONENT} .service.${DC_NAME} .${CONSUL_DOMAIN} "
176176 " ${REVERSE_SAN} "
177177 # Store the key to the vault
178- setComponentPassphrase certs " server_ ${PKI_CONTEXT }${COMPONENT} _key " " ${KEY_PASS} "
178+ setPassphrase certs " ${TYPE_CERTIFICAT }${AUTHORITY} _ ${ COMPONENT}" " ${KEY_PASS} "
179179 else
180- pki_logger " Le certificat SERVER - ${PKI_CONTEXT } - ${COMPONENT} .crt existe déjà, il ne sera pas recréé..."
180+ pki_logger " Le certificat ${TYPE_CERTIFICAT} - ${AUTHORITY } - ${COMPONENT} .crt existe déjà, il ne sera pas recréé..."
181181 fi
182182}
183183
184184# Generate client certificate and store the passphrase
185185function generateClientCertAndStorePassphrase {
186186 local COMPONENT=" ${1} "
187- local PKI_CONTEXT =" ${2} "
187+ local AUTHORITY =" ${2} "
188188
189- pki_logger " DEBUG" " generateClientCertAndStorePassphrase called with $# args: COMPONENT=$1 , PKI_CONTEXT =$2 "
189+ pki_logger " DEBUG" " generateClientCertAndStorePassphrase called with $# args: COMPONENT=$1 , AUTHORITY =$2 "
190190
191191 local TYPE_CERTIFICAT=" client"
192192
193- local CLIENT_CERTIFICATE_PATH=$( getClientCertificatePath ${PKI_CONTEXT } ${COMPONENT} )
193+ local CLIENT_CERTIFICATE_PATH=$( getClientCertificatePath ${AUTHORITY } ${COMPONENT} )
194194 if [ ! -f " ${CLIENT_CERTIFICATE_PATH} /${COMPONENT} .crt" ; then
195195 # Get the CA_INTERMEDIATE passphrase from the vault-ca
196- local CA_INTERMEDIATE_PASS=$( getComponentPassphrase ca " ca_intermediate_${PKI_CONTEXT } " )
196+ local CA_INTERMEDIATE_PASS=$( getPassphrase ca " ca_intermediate_${AUTHORITY } " )
197197
198198 # Generate the key
199199 local KEY_PASS=$( generatePassphrase)
@@ -202,22 +202,22 @@ function generateClientCertAndStorePassphrase {
202202 ${KEY_PASS} \
203203 ${CA_INTERMEDIATE_PASS} \
204204 ${TYPE_CERTIFICAT} \
205- ${PKI_CONTEXT }
205+ ${AUTHORITY }
206206 # Store the key to the vault
207- setComponentPassphrase certs " client_ ${PKI_CONTEXT }${COMPONENT} _key " " ${KEY_PASS} "
207+ setPassphrase certs " ${TYPE_CERTIFICAT }${AUTHORITY} _ ${ COMPONENT}" " ${KEY_PASS} "
208208 else
209- pki_logger " Le certificat CLIENT - ${PKI_CONTEXT } - ${COMPONENT} existe déjà, il ne sera pas recréé..."
209+ pki_logger " Le certificat ${TYPE_CERTIFICAT} - ${AUTHORITY } - ${COMPONENT} existe déjà, il ne sera pas recréé..."
210210 fi
211211}
212212
213- # Copy the CA from pki/<PKI_CONTEXT >/ca to environments/certs/<PKI_CONTEXT >/ca
213+ # Copy the CA from pki/<AUTHORITY >/ca to environments/certs/<AUTHORITY >/ca
214214function copyCAFromPki {
215- local PKI_CONTEXT =" ${1} "
215+ local AUTHORITY =" ${1} "
216216
217- mkdir -p " ${CERTIFICATE_DIR} /${PKI_CONTEXT } /ca"
218- pki_logger " Copying CA of ${PKI_CONTEXT } "
219- for CA in $( ls ${CA_DIR} /${PKI_CONTEXT } /* .crt) ; do
220- cp -vf " ${CA} " " ${CERTIFICATE_DIR} /${PKI_CONTEXT } /ca/$( basename ${CA} ) "
217+ mkdir -p " ${CERTIFICATE_DIR} /${AUTHORITY } /ca"
218+ pki_logger " Copying CA of ${AUTHORITY } "
219+ for CA in $( ls ${CA_DIR} /${AUTHORITY } /* .crt) ; do
220+ cp -vf " ${CA} " " ${CERTIFICATE_DIR} /${AUTHORITY } /ca/$( basename ${CA} ) "
221221 done
222222}
223223
0 commit comments