Sign upLogin

GEANT/CAT

View on GitHub
Star
signer/mobileconfig_sign-template

Summary

Maintainability
Test Coverage
#!/bin/bash
#/*
# * *****************************************************************************
# * Contributions to this work were made on behalf of the GÉANT project, a 
# * project that has received funding from the European Union’s Framework 
# * Programme 7 under Grant Agreements No. 238875 (GN3) and No. 605243 (GN3plus),
# * Horizon 2020 research and innovation programme under Grant Agreements No. 
# * 691567 (GN4-1) and No. 731122 (GN4-2).
# * On behalf of the aforementioned projects, GEANT Association is the sole owner
# * of the copyright in all material which was developed by a member of the GÉANT
# * project. GÉANT Vereniging (Association) is registered with the Chamber of 
# * Commerce in Amsterdam with registration number 40535155 and operates in the 
# * UK as a branch of GÉANT Vereniging.
# * 
# * Registered office: Hoekenrode 3, 1102BR Amsterdam, The Netherlands. 
# * UK branch address: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK
# *
# * License: see the web/copyright.inc.php file in the file structure or
# *          <base_url>/copyright.php after deploying the software
# */

# see HOWTO in this directory to learn how to produce the files you need
# all certificates and key files should be in the directory pointed to by MY_PATH

# MY_PATH - Full path to the directory in which the certificates and keys are located
# Beware that this directory must be protected against the WEB download, otherwise your keys may be compromised. 
# The directory must be accessible by the Apache process

if [ "$MY_PATH" == "" ]; then MY_PATH="/home/scrutinizer/vault"; fi

# Public key in PEM format 
if [ "$PUBKEY" == "" ]; then PUBKEY="xxx_cert.pem"; fi
# Matching private key in PEM format
if [ "$PRIVKEY" == "" ]; then PRIVKEY="xxx_key.pem"; fi
# private key password
# PASS will not escape strange characters correctly so please use "safe" ones
# PASS can be empty or not set at all if the private key is not protected
if [ "$PASS" == "" ]; then PASS=""; fi
# full CA chain to be included in the signature
if [ "$CA_CHAIN" == "" ]; then CA_CHAIN="CAs.pem"; fi

if [ -n "$PASS" ] ; then
  passin="-passin pass:$PASS"
fi
openssl smime -sign -signer "$MY_PATH/$PUBKEY" -inkey "$MY_PATH/$PRIVKEY"  $passin -certfile "$MY_PATH/$CA_CHAIN" -nodetach -outform der -in $1 -out $2