This is the first stage of the code. The params struct sets the defaults for the particulars of certificate. The intention is for a form to be created from this structure and for the user to change them. I thought the executeable: false and delete_after: false were wrong but it turns out they are atoms :true and :false
defmodule ParamStruct do
defstruct key: "", value: "", default: "", description: "description of parameter", label: "label on web form", required: false
end
defmodule TemplateStruct do
defstruct key: "must be unique", name: "descriptive name", code: "", executable: false, destination: "", delete_after: false,
perms: "644"
end
defmodule ProcessList do
def parse_list([]), do: []
def parse_list([%{"key" => ky,"value" => val,"default" => dft, "description" => desc,"label" => lbl} | tail]) do
[%ParamStruct{key: ky, value: val, description: desc, label: lbl, default: dft } | parse_list(tail) ]
end
def create_recommend_list(%{"itemScores" => score_list}) do
parse_list(score_list)
end
params = [
%{"key" => "ca_cert_subj_state","value" => "","default" => "Greater London","description" => "Region","label" => "State/County"},
%{"key" => "key-file","value" => "","default" => "cacert_001","description" => "","label" => "Key File (without password)"},
%{"key" => "key-file-pass","value" => "","default" => "cacert_pass_001","description" => "","label" => "Key File (with password)"},
%{"key" => "ca_cert_email","value" => "","default" => "admin@domain.net","description" => "","label" => "Email"},
%{"key" => "ca_cert_subj_common_name","value" => "","default" => "domain.net","description" => "","label" => "Common Name"},
%{"key" => "ca_cert_subj_country","value" => "","default" => "UK","description" => "Country","label" => "Country"},
%{"key" => "ca_cert_subj_location","value" => "","default" => "Westchester","description" => "","label" => "Location"},
%{"key" => "ca_cert_subj_organization","value" => "","default" => "Big Company","description" => "","label" => "Organisation"},
%{"key" => "ca_cert_subj_org_unit","value" => "","default" => "Infosystems and Communications","description" => "","label" => "Organisational Unit"}
]
end
They will be applied to these templates:
# key generation - openssl genrsa
openssl genrsa -out {{key-file}}.key 2048 # generate key, command is 'openssl genrsa'
openssl genrsa -des3 -out {{key-file-pass}}.key 2048 # generate passworded key, will prompt for password
# self sign root certificate
openssl req -x509 -new -nodes -sha256 \
-key {{key-file-pass}}.key \
-days 3650 \
-out {{key-file-pass}}.pem \
-subj "\
/C={{ca_cert_subj_country}}\
/ST={{ca_cert_subj_state}}\
/L={{ca_cert_subj_location}}\
/O={{ca_cert_subj_organization}}\
/OU={{ca_cert_subj_org_unit}}\
/CN={{ca_cert_subj_common_name}}\
/emailAddress={{ca_cert_email}}\
"
# create client certificate signing with existing key
# -nodes implies key will not be encrypted
# -
openssl req -nodes \
-newkey rsa:2048 \
-key {{client_cert_existing_key}}.key \
-out {{client_cert_csr}}.csr \
-extensions server_cert \
-subj "\
/C={{client_cert_subj_country}}\
/ST={{client_cert_subj_state}}\
/L={{client_cert_subj_location}}\
/O={{client_cert_subj_organization}}\
/OU={{client_cert_subj_org_unit}}\
/CN={{client_cert_subj_common_name}}\
/emailAddress={{client_cert_email}}\
/subjectAltName={{client_cert_san}}
"
The openssl commands are what will go will be assigned to the code key of the template structs. The destination is the server where the scripts will be copied to, and executed where necessary.
My intention is to generate a form to prompt for them and even change the code value for the templates on the forms when necessary, but for the mean time I am happy to loop over the params structs values and generate prompts in iex or the command line for them.
