add external configuration options

README.md

@@ -6,7 +6,7 @@ The wrapper is based on Jamie Nguyen's guide: [OpenSSL Certificate Authority](ht
 Copy `spki` to a location in your path. [Releases](https://github.com/kaysond/spki/releases) use [semantic versioning](https://semver.org/) to identify backwards-incompatible changes.
 
 ## Configuration
-The top of the script contains several configuration variables; the defaults correspond to the guide.
+The top of the script contains several configuration variables; the defaults correspond to the guide. External configuration methods that do not require script modification are also supported (see below).
 
 `ROOT_DIR` - The base directory where all PKI files are stored
 
@@ -28,9 +28,25 @@ OCSP signing keys are automatically generated during initialization if either or
 
 `ROOT_OCSP` - Root CA OCSP Server (e.g. 'URI:http://ocsp.domain.com')
 
-
 `INTRMDT_OCSP`- Intermediate CA OCSP (e.g. 'URI:http://ocsp.domain.com')
 
+### External Configuration
+Configuration can be specified externally, without modifying the script, via environment variables. The precedence order of the configuration methods is:
+1. Configuration File
+2. Environment Variables
+3. In-script Variables
+
+#### Configuration File
+The configuration file can be specified in the environment variable `SPKI_CONFIG_FILE`. This file is loaded directly by bash and should contain a list of local variable definitions such as
+```
+ROOT_DIR=/root/ca
+ROOT_PREFIX=root
+```
+Note: If this file is loaded, all other environment variables are ignored.
+
+#### Environment Variables
+The variables in the script itself can be overriden by environment variables. The environment variable name should be those in the script but prefixed with `SPKI_` (e.g. `SPKI_ROOT_DIR` and `SPKI_ROOT_CRL_DP`).
+
 ## Usage
 * `spki init` - Initialize the PKI. This process first sets up the default Subject fields in the OpenSSL configuration files, then generates the Root CA, Intermediate CA, and a combined CA chain file. CRL's and OCSP certificates are also generated
 * `spki create (server | user) <file-prefix>` - Create and sign a key pair with the Intermediate CA. `server` or `user` specifies particular extensions to use. These can be modified by changing the configuration files after initialization. The `file-prefix` is prepended to various file extensions (`.key.pem`, `.cert.pem`, `.csr.pem`)

spki

@@ -4,6 +4,7 @@
 # Based on https://jamielinux.com/docs/openssl-certificate-authority/
 #
 # Revision History:
+#	2019-06-06	0.8.0	Added external configuration options
 #	2019-06-05	0.7.4	Intermediate CA CRL now defaults to 32 day expiry, Root to 4 year + 5 day
 #	2019-05-30	0.7.3	Bug fixes
 #	2019-05-07	0.7.2	Root CA CRL now defaults to 4 year expiry
@@ -33,6 +34,44 @@ INTRMDT_OCSP=''
 #############
 # End Config
 #############
+
+
+if [ -r "$SPKI_CONFIG_FILE" ]; then
+	. "$SPKI_CONFIG_FILE"
+else
+	if [ -n "$SPKI_ROOT_DIR" ]; then
+		ROOT_DIR="$SPKI_ROOT_DIR"
+	fi
+
+	if [ -n "$SPKI_ROOT_PREFIX" ]; then
+		ROOT_PREFIX="$SPKI_ROOT_PREFIX"
+	fi
+
+	if [ -n "$SPKI_INTRMDT_PREFIX" ]; then
+		INTRMDT_PREFIX="$SPKI_INTRMDT_PREFIX"
+	fi
+
+	if [ -n "$SPKI_CLIENT_ENCRYPTION" ]; then
+		CLIENT_ENCRYPTION="$SPKI_CLIENT_ENCRYPTION"
+	fi
+
+	if [ -n "$SPKI_ROOT_CRL_DP" ]; then
+		ROOT_CRL_DP="$SPKI_ROOT_CRL_DP"
+	fi
+
+	if [ -n "$SPKI_INTRMDT_CRL_DP" ]; then
+		INTRMDT_CRL_DP="$SPKI_INTRMDT_CRL_DP"
+	fi
+
+	if [ -n "$SPKI_ROOT_OCSP" ]; then
+		ROOT_OCSP="$SPKI_ROOT_OCSP"
+	fi
+
+	if [ -n "$SPKI_INTRMDT_OCSP" ]; then
+		INTRMDT_OCSP="$SPKI_INTRMDT_OCSP"
+	fi
+fi
+
 ROOT_CONF="$ROOT_DIR/openssl.cnf"
 ROOT_KEY="$ROOT_DIR/private/$ROOT_PREFIX.key.pem"
 ROOT_CERT="$ROOT_DIR/certs/$ROOT_PREFIX.cert.pem"