MT#10181 generate_ssl_keys.sh: support skipping csr file generation

Change-Id: I818e9c9168b5573a51878ca11f26d3f351c2f6ad

tools/generate_ssl_keys.sh

@@ -7,6 +7,7 @@ set -u
 DEST="${1:-}"
 BASE="${2:-/usr/share/ngcp-panel-tools}"
 FILE="${3:-api_ca}"
+SKIP_CSR="${SKIP_CSR:-}"
 
 if [ -z "${1:-}" ] ; then
   echo "Usage: $0 <destination_directory> [<basedir> <filename]>" >&2
@@ -32,13 +33,29 @@ mkdir -p "${DEST}"
 umask 077
 
 echo "Generating OpenSSL certificate files in directory ${DEST}:"
-/usr/bin/openssl genrsa -out "${KEY_FILE}" 4096 -config "${OPENSSL_CONFIG}" -batch
-/usr/bin/openssl req -new -out "${CSR_FILE}" -key "${KEY_FILE}" -config "${OPENSSL_CONFIG}" -batch
-/usr/bin/openssl x509 -req -in "${CSR_FILE}" -signkey "${KEY_FILE}" -out "${CRT_FILE}" -extfile "${OPENSSL_CONFIG}"
+
+if [ "$SKIP_CSR" = "true" ] ; then
+  echo "Skipping generation of csr file as requested via SKIP_CSR environment variable."
+  echo "Generating only key and crt files now."
+  /usr/bin/openssl req -x509       \
+       -config "${OPENSSL_CONFIG}" \
+       -newkey rsa:4096            \
+       -keyout "${KEY_FILE}"       \
+       -out "${CRT_FILE}"          \
+       -nodes -batch
+else
+  /usr/bin/openssl genrsa -out "${KEY_FILE}" 4096 -config "${OPENSSL_CONFIG}" -batch
+  /usr/bin/openssl req -new -out "${CSR_FILE}" -key "${KEY_FILE}" -config "${OPENSSL_CONFIG}" -batch
+  /usr/bin/openssl x509 -req -in "${CSR_FILE}" -signkey "${KEY_FILE}" -out "${CRT_FILE}" -extfile "${OPENSSL_CONFIG}"
+fi
 
 chmod 640 "${KEY_FILE}" "${CRT_FILE}"
-chmod 600 "${CSR_FILE}"
+[ -r "${CSR_FILE}" ] && chmod 600 "${CSR_FILE}"
 
-echo "Generated ${KEY_FILE} ${CRT_FILE} ${CSR_FILE}"
+if [ "$SKIP_CSR" = "true" ] ; then
+  echo "Generated ${KEY_FILE} ${CRT_FILE}"
+else
+  echo "Generated ${KEY_FILE} ${CRT_FILE} ${CSR_FILE}"
+fi
 
 echo "Finished execution of $0"