In order to make cert creation with easy-rsa as practical for others, this script was created and it works so far. The questions are:
- where can it be improved?
- are there flaws that are not obvious to the author?
The commentary is a bit extensive, but whomever will come across this in the future should be able to understand what's being done no matter how advanced.
#!/bin/bash
##
## This script automates the complete process of creating new easy-rsa client certificates.
## It includes: 1. Mounting a block device.
## 2. Generating certificates using individual timestamps.
## 3. Copying the created certs to the mounted block device.
##
##
#
# First we look for the usb device at sdc1 and mount it. If not present tell the pebcac the it should insert one.
# all the predifined variables will end up beneath
myself=auto_rsa_gen.sh # tells the script who it is
export easy_rsa=../rsa_testing # tells the script where it is and exports this information for use in child processes
now=$(date +"%F")
##
# Show a list of available drives and ask the user for the dev he wants to mount
echo "These \n$(ls /dev | grep sd) \nare the drives available. Please tell me which one you want to mount \n(hint: its usually the one having just the one additional entry. Like sdc1):"
# read user input (blkdev is the variable that will hold the user inuput for further processing)
read blkdev
##
# I. Mount
# check if de given device exists
if [ -b /dev/"$blkdev" ]
then # if it exists mount it to /media
sudo mount /dev/$blkdev /media
echo "\nDevice $blkdev has been mounted!"
else # if it doesn't exist
echo "Device doesn't appear to exist! Restarting"
sh "$myself" # restart the script
fi
# Ask for an identifier to be used in the wrapper for easy-rsa cert creation
echo "\nPlease provide an identifier for the certs that will be created \n(The identifier will be appended to the current date of the machine):"
# read user input (ident is the variable that will hold the user input for further processing)
read ident
# Ask for ne number of certs to be created
echo "\nHow many certificates do you want me to create?"
# read user input (cnum is the variable that will hold the user input for further processing)
read cnum
##
# II. Wrapper for easy-rsa cert creation
#
# this is a while loop in case there was no input for ident. It only stop when the user hast put in something other than nothing
while [ -z $ident ]
do
echo "\nYou did not supply an identifier. Please do so or i will terminate."
read ident # read user input again
done
# change directory to the easy-rsa directory
cd $easy_rsa
# tell user what you are going to do
echo "\nCreating $cnum certificates with ${now}_$ident."
# load vars file
. ./vars
##
# II.a Generation
# for loop that creates $cnum certificates and appends an incrementing number to the end of every
# file name
for i in $(seq -f %03g $cnum)
do
${easy_rsa}/./build-batch ${now}_${ident}_$i
done
##
# II.b Copying
# for loop that searches for all certs created with this run and copies them to /media where $blkdev is mounted
find ${easy_rsa}/keys/ -name ${now}_${ident}*.crt -o -name ${now}_${ident}*.key > /media/${now}_${ident}
for f in $(find ${easy_rsa}/keys/ -name ${now}_${ident}*.crt -o -name ${now}_${ident}*.key )
do
cp $f /media
done
echo "\nCopied \n$(find ${easy_rsa}/keys/ -name ${now}_${ident}*.crt -o -name ${now}_${ident}*.key) \nto /media"
# unmounting $blkdev at /media
umount /media
echo "\nUmounted $blkdev at /media. Exiting! Bye!"ere
