From 5c89e731286b20f0bff5b403411d7a3376daa4a6 Mon Sep 17 00:00:00 2001
From: hwang <470981832@qq.com>
Date: Tue, 8 Oct 2024 04:22:11 +0000
Subject: [PATCH] use regex to parse type argument. now we can make standard
 compliant certs of any size.

---
 issue-root.sh | 31 ++++++++++++++++++++++---------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/issue-root.sh b/issue-root.sh
index 4320251..f3d9885 100755
--- a/issue-root.sh
+++ b/issue-root.sh
@@ -1,31 +1,44 @@
 #!/bin/sh
 
-RSA_OPTS="-newkey rsa:2048 -sha256"
 ECDSA_OPTS="-newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -sha384"
 
  
-while getopts ":ht:n:d:s:" opt; do
+while getopts ":ht:d:n:s:" opt; do
   case $opt in
     h)
       echo "Usage:  -t rsa|ec -n <name> -d <days>"
       exit 0
       ;;
     t)
-      if [ "$OPTARG" = "rsa" ]; then
-        NEWKEY_OPT=$RSA_OPTS
-      elif [ "$OPTARG" = "ec" ]; then
-        NEWKEY_OPT=$ECDSA_OPTS
+      if [[ $OPTARG =~ ^rsa:([0-9]+) ]]; then
+        NEWKEY_OPT="-newkey rsa:${BASH_REMATCH[1]} -sha256"
+      elif [[ $OPTARG =~ ^ec:([0-9]+) ]]; then
+        BITS=${BASH_REMATCH[1]}
+        if [[ $BITS -eq 256 ]]; then
+          CURVE=prime256v1
+          SHA=sha256
+        elif [[ $BITS -eq 384 ]]; then
+          CURVE=secp384r1
+          SHA=sha384
+        elif [[ $BITS -eq 512 ]]; then
+          CURVE=secp521r1
+          SHA=sha512
+        else
+          echo "Invalid ec bits: ec:$BITS" >&2
+          exit 1
+        fi
+        NEWKEY_OPT="-newkey ec -pkeyopt ec_paramgen_curve:${CURVE} -${SHA}"
       else 
         echo "Invalid option: -t $OPTARG" >&2
         exit 1
       fi
       ;;
-    n)
-      NAME_OPT=(-keyout "$OPTARG".key -out "$OPTARG".crt)
-      ;;
     d)
       DAYS_OPT="-days $OPTARG"
       ;;
+    n)
+      NAME_OPT=(-keyout "$OPTARG".key -out "$OPTARG".crt)
+      ;;
     s)
       SUBJECT_OPT=(-subj "/C=CN/CN=Root CA/O=$OPTARG")
       ;;