Overview
| Comment: | Updated to only prompt for passwords for encrypted files, and store certificate if a CSR was automatically generated |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
111b99f62054222b708ed4e43b6ba21d |
| User & Date: | rkeene on 2014-11-17 21:03:26.279 |
| Other Links: | manifest | tags |
Context
|
2014-11-17
| ||
| 21:05 | Updated to allow in-place signing, rather than atomic-replace check-in: 93b5d66091 user: rkeene tags: trunk | |
| 21:03 | Updated to only prompt for passwords for encrypted files, and store certificate if a CSR was automatically generated check-in: 111b99f620 user: rkeene tags: trunk | |
| 20:50 | Updated to trim trailing newlines check-in: 3242c8d4d5 user: rkeene tags: trunk | |
Changes
Modified appfs-cert
from [536bd4fe36]
to [bccff16fa2].
| ︙ | |||
70 71 72 73 74 75 76 | 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 | - + |
set fd [open $filename_key w 0400]
puts $fd [pki::key $key $::env(CA_PASSWORD)]
close $fd
'
}
function generate_key() {
|
| ︙ | |||
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 | 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 | + + + + |
SITE_KEY_FILE="AppFS_Site_${SITE_HOSTNAME}.key"
fi
export SITE_HOSTNAME SITE_KEY_FILE
if [ -f "${SITE_KEY_FILE}" ]; then
echo 'Key file already exists.'
if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
read_password 'Password for (existing) Site Key: ' SITE_PASSWORD
else
SITE_PASSWORD=""
fi
export SITE_PASSWORD
else
generate_key
fi
call_appfsd --tcl '
|
| ︙ | |||
152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 | 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 | + + |
fi
if [ ! -e "${CA_CERT_FILE}" -o ! -e "${CA_KEY_FILE}" ]; then
read_text 'Certificate Authority (CA) Certificate Filename: ' CA_CERT_FILE
read_text 'Certificate Authority (CA) Key Filename: ' CA_KEY_FILE
fi
if cat "${CA_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
read_password 'Certificate Authority (CA) Password: ' CA_PASSWORD
fi
SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)"
export SITE_CSR_FILE SITE_SERIAL_NUMBER CA_CERT_FILE CA_KEY_FILE CA_PASSWORD
SITE_CERT="$(call_appfsd --tcl '
package require pki
|
| ︙ | |||
180 181 182 183 184 185 186 | 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 | - + + + + + + + |
puts $cert
')"
SITE_SUBJECT="$(echo "${SITE_CERT}" | openssl x509 -subject -noout | sed 's@.*= @@')"
echo "${USER}@${HOSTNAME} $(date): ${SITE_SERIAL_NUMBER} ${SITE_SUBJECT}" >> "${CA_KEY_FILE}.issued"
|
| ︙ | |||
226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 | 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 | + + + + + |
SITE_INDEX_FILE="$1"
SITE_KEY_FILE="$2"
SITE_CERT_FILE="$3"
read_text 'AppFS Site Index file: ' SITE_INDEX_FILE
read_text 'Site Key filename: ' SITE_KEY_FILE
read_text 'Site Certificate filename: ' SITE_CERT_FILE
if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
read_password "Password for Key (${SITE_KEY_FILE}): " SITE_PASSWORD
else
SITE_PASSWORD=""
fi
export SITE_INDEX_FILE SITE_KEY_FILE SITE_CERT_FILE SITE_PASSWORD
call_appfsd --tcl "$(cat <<\_EOF_
package require pki
set fd [open $::env(SITE_INDEX_FILE)]
|
| ︙ |