#!/bin/bash

#********************************************************************
#Author: Ma Xue Bin
#QQ: 316428921
#Date: 2019-06-22

#为客户端申请证书
client(){
rpm -q expect &> /dev/null || yum install expect -y
expect <<EOF
set timeout 10
spawn ssh $user@$ip
expect {
"yes/no" {send "yes\n";exp_continue}
"password" {send "centos\n"}
}
expect "]#" {send "yum install expect -y \n"}
expect "~]#" {send "(umask 077;openssl genrsa -out /data/$key 1024)\n"}
expect "]#" {send "openssl req -new -in /data/$key -out /data/$csr\n"}
expect "Enter PEM pass phrase:" {send "maxuebin\n"}
expect "Verifying - Enter PEM pass phrase:" {send "maxuebin\n"}
expect ":" {send "CN\n"}
expect ":" {send "beijing\n"}
expect ":" {send "beijing\n"}
expect ":" {send "magedu\n"}
expect ":" {send "devops\n"}
expect ":" {send "www.magedu.com\n"}
expect ":" {send "adm@magedu.com\n"}
expect ":" {send "\n"}
expect ":" {send "\n"}
expect "~]#" {send "scp /data/$csr root@$IP:/data/\n"}
expect {
"yes/no" {send "yes\n";exp_continue}
"password" {send "centos\n"}
}
expect "#" {send "exit\n"}
expect eof
EOF
}

#服务器端自建CA
MKCA(){
rpm -q expect &> /dev/null || yum install expect -y
(umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
expect < /etc/pki/CA/serial
}

#服务器端签署证书
certificate(){
if [ -f /data/$csr ];then
cer=`echo $csr |cut -d. -f1`
expect <<EOF
spawn openssl ca -in /data/$csr -out /etc/pki/CA/certs/$cer.crt -days 100
expect "]:" {send "y\n"}
expect "]" {send "y\n"}
expect eof
EOF
fi
}

user=root
ip=192.168.1.110
IP=192.168.1.108
key=app.key
csr=app.csr
while true;do
cat <<EOF
1 自建CA
2 签署证书
3 为客户端申请证书
4 自动化自建CA并让客户端申请证书并签证
5 退出
EOF
read -p "plese input number: " number
case $number in
1)
MKCA
;;
2)
certificate
;;
3)
client
;;
4)
client
MKCA
certificate
;;
5)
exit
;;
*)
echo "please input a valid arguments"
;;
esac
done