From 42b40660ce243fca3f05585067854aa4791aaeb2 Mon Sep 17 00:00:00 2001
From: hwang <470981832@qq.com>
Date: Tue, 8 Oct 2024 05:49:05 +0000
Subject: [PATCH] adding intermediate CA signing capability.

---
 .gitignore    |  4 +++-
 issue-root.sh |  2 --
 pki.cnf       |  5 +++++
 sign-inter.sh | 26 ++++++++++++++++++++++++++
 4 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100644 pki.cnf
 create mode 100755 sign-inter.sh

diff --git a/.gitignore b/.gitignore
index 1d81e76..53d3356 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
 *.key
 *.crt
-*.pem
\ No newline at end of file
+*.pem
+*.csr
+*.srl
\ No newline at end of file
diff --git a/issue-root.sh b/issue-root.sh
index f3d9885..17ca221 100755
--- a/issue-root.sh
+++ b/issue-root.sh
@@ -1,8 +1,6 @@
 #!/bin/sh
 
-ECDSA_OPTS="-newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -sha384"
 
- 
 while getopts ":ht:d:n:s:" opt; do
   case $opt in
     h)
diff --git a/pki.cnf b/pki.cnf
new file mode 100644
index 0000000..88e871c
--- /dev/null
+++ b/pki.cnf
@@ -0,0 +1,5 @@
+[v3_intermediate_ca]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
\ No newline at end of file
diff --git a/sign-inter.sh b/sign-inter.sh
new file mode 100755
index 0000000..58e65aa
--- /dev/null
+++ b/sign-inter.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+
+while getopts ":hn:a:d:" opt; do
+  case $opt in
+    h)
+      echo "Usage:  -n <name> -a <CA authority> -d <days>"
+      exit 0
+      ;;
+    n)
+      NAME_OPT=(-in "$OPTARG".csr -out "$OPTARG".crt)
+      ;;
+    a)
+      AUTHORITY_OPT=(-CA $OPTARG.crt -CAkey $OPTARG.key)
+      ;;
+    d)
+      DAYS_OPT="-days $OPTARG"
+      ;;
+    \?)
+      echo "Invalid option: -$OPTARG" >&2
+      exit 1
+      ;;
+  esac
+done
+
+openssl x509 -req -sha256 $DAYS_OPT "${NAME_OPT[@]}" "${AUTHORITY_OPT[@]}" -extfile pki.cnf -extensions v3_intermediate_ca
\ No newline at end of file