61 lines
1003 B
Bash
61 lines
1003 B
Bash
|
#!/usr/bin/env bash
|
||
|
|
# install cfssl
|
||
|
|
|
||
|
|
set -e
|
||
|
|
|
||
|
|
usernames=$(cat contestants.csv | cut "-d;" -f1)
|
||
|
|
|
||
|
|
mkdir -p certs
|
||
|
|
cd certs
|
||
|
|
|
||
|
|
cat <<EOF > ca.json
|
||
|
|
{
|
||
|
|
"CN": "SOI Contest Root CA",
|
||
|
|
"key": {
|
||
|
|
"algo": "rsa",
|
||
|
|
"size": 2048
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
EOF
|
||
|
|
|
||
|
|
if [ ! -f ca.pem ]; then
|
||
|
|
cfssl gencert -initca ca.json | cfssljson -bare ca
|
||
|
|
fi
|
||
|
|
|
||
|
|
cat <<EOF >client-config.json
|
||
|
|
{
|
||
|
|
"signing": {
|
||
|
|
"default": {
|
||
|
|
"expiry": "438000h"
|
||
|
|
},
|
||
|
|
"profiles": {
|
||
|
|
"client": {
|
||
|
|
"usages": ["signing", "key encipherment", "digital signature", "client auth"],
|
||
|
|
"expiry": "438000h"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
EOF
|
||
|
|
|
||
|
|
for username in $usernames; do
|
||
|
|
|
||
|
|
cat <<EOF >client-csr-$username.json
|
||
|
|
{
|
||
|
|
"CN": "$username",
|
||
|
|
"key": {
|
||
|
|
"algo": "rsa",
|
||
|
|
"size": 2048
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
EOF
|
||
|
|
|
||
|
|
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=client-config.json -profile=client client-csr-$username.json | cfssljson --bare $username-cert
|
||
|
|
|
||
|
|
openssl pkcs12 -export -in $username-cert.pem -inkey $username-cert-key.pem -out $username.p12 -passout pass:
|
||
|
|
|
||
|
|
done
|