frigoclavis/scripts/sign-token

85 lines
1.4 KiB
Text
Raw Normal View History

#!/bin/bash
USAGE="usage: $0 <tokenUUID> <cert_file.crt> <key_file.key> "
DIGEST=sha1
if [[ -z $1 ]] ; then
echo $USAGE
exit 1
fi
if [[ -z $2 ]] ; then
echo $USAGE
exit 2
fi
if [[ -z $2 ]] ; then
echo $USAGE
exit 3
fi
TOKEN=$1
CERT=$2
KEY=$3
if [[ ! -f $CERT ]] ; then
echo "Certificate file $CERT not found"
exit 4
fi
if [[ ! -f $KEY ]] ; then
echo "Key file $KEY not found"
exit 5
fi
SERIAL=`openssl x509 -in $CERT -noout -text \
| grep -A1 'Serial Number' \
| tail -1 \
| tr ':' "\n" \
| while read B ; do
printf "\x$B"
done
`
RFC=`openssl x509 -in $CERT -noout -text \
| grep Subject \
| tr ',' "\n" \
| grep x500UniqueIdentifier \
| tr -d ' ' \
| cut -d '=' -f 2
`
NOTAFTER=`openssl x509 -in $CERT -noout -text \
| grep 'Not After' \
| cut -d ':' -f 2-999 \
| sed 's/GMT$//'
`
FERT=`date -d"$NOTAFTER" +%y%m%d%H%M%SZ`
CO="$TOKEN|$RFC|$SERIAL"
#echo -n $CO > co.debug
SIGNATURE=`echo -n $CO \
| openssl pkeyutl -sign -inkey $KEY -digest $DIGEST -rawin \
| base64 -w0
`
#echo $SIGNATURE > firma.debug
CO_BASE64=`echo -n $CO \
| base64 -w0`
SIGNATURE_BASE64=`echo -n $SIGNATURE \
| base64 -w0`
TOKEN=`echo -n "$CO_BASE64#$SIGNATURE_BASE64" \
| base64 -w0`
echo
echo "-----CADENA ORIGINAL-----"
echo $CO
#echo "-----CADENA ORIGINAL-----"
#echo "===>$CO_BASE64<==="
echo "----------FIRMA----------"
echo $SIGNATURE
echo "----------TOKEN----------"
echo $TOKEN
echo "--------NOT AFTER--------"
echo $FERT
echo "-------------------------"