Overview
Comment: | Updated to only prompt for passwords for encrypted files, and store certificate if a CSR was automatically generated |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
111b99f62054222b708ed4e43b6ba21d |
User & Date: | rkeene on 2014-11-17 21:03:26 |
Other Links: | manifest | tags |
Context
2014-11-17
| ||
21:05 | Updated to allow in-place signing, rather than atomic-replace check-in: 93b5d66091 user: rkeene tags: trunk | |
21:03 | Updated to only prompt for passwords for encrypted files, and store certificate if a CSR was automatically generated check-in: 111b99f620 user: rkeene tags: trunk | |
20:50 | Updated to trim trailing newlines check-in: 3242c8d4d5 user: rkeene tags: trunk | |
Changes
Modified appfs-cert from [536bd4fe36] to [bccff16fa2].
70 70 set fd [open $filename_key w 0400] 71 71 puts $fd [pki::key $key $::env(CA_PASSWORD)] 72 72 close $fd 73 73 ' 74 74 } 75 75 76 76 function generate_key() { 77 - read_password 'Password for Site Key: ' SITE_PASSWORD 77 + read_password 'Password for Site Key being generated: ' SITE_PASSWORD 78 78 79 79 export SITE_PASSWORD 80 80 81 81 call_appfsd --tcl ' 82 82 package require pki 83 83 84 84 if {[info exists ::env(SITE_KEY_FILE)]} { ................................................................................ 106 106 SITE_KEY_FILE="AppFS_Site_${SITE_HOSTNAME}.key" 107 107 fi 108 108 109 109 export SITE_HOSTNAME SITE_KEY_FILE 110 110 111 111 if [ -f "${SITE_KEY_FILE}" ]; then 112 112 echo 'Key file already exists.' 113 + if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then 113 114 read_password 'Password for (existing) Site Key: ' SITE_PASSWORD 115 + else 116 + SITE_PASSWORD="" 117 + fi 114 118 115 119 export SITE_PASSWORD 116 120 else 117 121 generate_key 118 122 fi 119 123 120 124 call_appfsd --tcl ' ................................................................................ 152 156 fi 153 157 154 158 if [ ! -e "${CA_CERT_FILE}" -o ! -e "${CA_KEY_FILE}" ]; then 155 159 read_text 'Certificate Authority (CA) Certificate Filename: ' CA_CERT_FILE 156 160 read_text 'Certificate Authority (CA) Key Filename: ' CA_KEY_FILE 157 161 fi 158 162 163 + if cat "${CA_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then 159 164 read_password 'Certificate Authority (CA) Password: ' CA_PASSWORD 165 + fi 160 166 161 167 SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)" 162 168 163 169 export SITE_CSR_FILE SITE_SERIAL_NUMBER CA_CERT_FILE CA_KEY_FILE CA_PASSWORD 164 170 165 171 SITE_CERT="$(call_appfsd --tcl ' 166 172 package require pki ................................................................................ 180 186 puts $cert 181 187 ')" 182 188 183 189 SITE_SUBJECT="$(echo "${SITE_CERT}" | openssl x509 -subject -noout | sed 's@.*= @@')" 184 190 185 191 echo "${USER}@${HOSTNAME} $(date): ${SITE_SERIAL_NUMBER} ${SITE_SUBJECT}" >> "${CA_KEY_FILE}.issued" 186 192 187 - echo "${SITE_CERT}" 193 + echo "${SITE_CERT}" | ( 194 + if [ -z "${SITE_HOSTNAME}" ]; then 195 + cat 196 + else 197 + tee "AppFS_Site_${SITE_HOSTNAME}.crt" 198 + fi 199 + ) 188 200 } 189 201 190 202 function generate_selfsigned() { 191 203 read_password 'Password for Key: ' SITE_PASSWORD 192 204 read_text 'Site hostname: ' SITE_HOSTNAME 193 205 194 206 SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)" ................................................................................ 226 238 SITE_INDEX_FILE="$1" 227 239 SITE_KEY_FILE="$2" 228 240 SITE_CERT_FILE="$3" 229 241 230 242 read_text 'AppFS Site Index file: ' SITE_INDEX_FILE 231 243 read_text 'Site Key filename: ' SITE_KEY_FILE 232 244 read_text 'Site Certificate filename: ' SITE_CERT_FILE 245 + 246 + if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then 233 247 read_password "Password for Key (${SITE_KEY_FILE}): " SITE_PASSWORD 248 + else 249 + SITE_PASSWORD="" 250 + fi 234 251 235 252 export SITE_INDEX_FILE SITE_KEY_FILE SITE_CERT_FILE SITE_PASSWORD 236 253 237 254 call_appfsd --tcl "$(cat <<\_EOF_ 238 255 package require pki 239 256 240 257 set fd [open $::env(SITE_INDEX_FILE)]