AppFS
Check-in [111b99f620]
Login
HomeTimelineFilesBranchesTagsTicketsWiki
Overview
Comment:Updated to only prompt for passwords for encrypted files, and store certificate if a CSR was automatically generated
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 111b99f62054222b708ed4e43b6ba21d4d0a29dc
User & Date: rkeene on 2014-11-17 21:03:26
Other Links: manifest | tags
Context
2014-11-17
21:05
Updated to allow in-place signing, rather than atomic-replace check-in: 93b5d66091 user: rkeene tags: trunk
21:03
Updated to only prompt for passwords for encrypted files, and store certificate if a CSR was automatically generated check-in: 111b99f620 user: rkeene tags: trunk
20:50
Updated to trim trailing newlines check-in: 3242c8d4d5 user: rkeene tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Show Whitespace Changes Patch

Modified appfs-cert from [536bd4fe36] to [bccff16fa2]. 

    70     70   set fd [open $filename_key w 0400]
    71     71   puts $fd [pki::key $key $::env(CA_PASSWORD)]
    72     72   close $fd
    73     73   '
    74     74   }
    75     75   
    76     76   function generate_key() {
    77         -	read_password 'Password for Site Key: ' SITE_PASSWORD
           77  +	read_password 'Password for Site Key being generated: ' SITE_PASSWORD
    78     78   
    79     79   	export SITE_PASSWORD
    80     80   
    81     81   	call_appfsd --tcl '
    82     82   package require pki
    83     83   
    84     84   if {[info exists ::env(SITE_KEY_FILE)]} {
................................................................................
   106    106   		SITE_KEY_FILE="AppFS_Site_${SITE_HOSTNAME}.key"
   107    107   	fi
   108    108   
   109    109   	export SITE_HOSTNAME SITE_KEY_FILE
   110    110   
   111    111   	if [ -f "${SITE_KEY_FILE}" ]; then
   112    112   		echo 'Key file already exists.'
          113  +		if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
   113    114   		read_password 'Password for (existing) Site Key: ' SITE_PASSWORD
          115  +		else
          116  +			SITE_PASSWORD=""
          117  +		fi
   114    118   
   115    119   		export SITE_PASSWORD
   116    120   	else
   117    121   		generate_key
   118    122   	fi
   119    123   
   120    124   call_appfsd --tcl '
................................................................................
   152    156   	fi
   153    157   
   154    158   	if [ ! -e "${CA_CERT_FILE}" -o ! -e "${CA_KEY_FILE}" ]; then
   155    159   		read_text 'Certificate Authority (CA) Certificate Filename: ' CA_CERT_FILE
   156    160   		read_text 'Certificate Authority (CA) Key Filename: ' CA_KEY_FILE
   157    161   	fi
   158    162   
          163  +	if cat "${CA_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
   159    164   	read_password 'Certificate Authority (CA) Password: ' CA_PASSWORD
          165  +	fi
   160    166   
   161    167   	SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)"
   162    168   
   163    169   	export SITE_CSR_FILE SITE_SERIAL_NUMBER CA_CERT_FILE CA_KEY_FILE CA_PASSWORD
   164    170   
   165    171   	SITE_CERT="$(call_appfsd --tcl '
   166    172   package require pki
................................................................................
   180    186   puts $cert
   181    187   ')"
   182    188   
   183    189   	SITE_SUBJECT="$(echo "${SITE_CERT}" | openssl x509 -subject -noout | sed 's@.*= @@')"
   184    190   
   185    191   	echo "${USER}@${HOSTNAME} $(date): ${SITE_SERIAL_NUMBER} ${SITE_SUBJECT}" >> "${CA_KEY_FILE}.issued"
   186    192   
   187         -	echo "${SITE_CERT}"
          193  +	echo "${SITE_CERT}" | (
          194  +		if [ -z "${SITE_HOSTNAME}" ]; then
          195  +			cat
          196  +		else
          197  +			tee "AppFS_Site_${SITE_HOSTNAME}.crt"
          198  +		fi
          199  +	)
   188    200   }
   189    201   
   190    202   function generate_selfsigned() {
   191    203   	read_password 'Password for Key: ' SITE_PASSWORD
   192    204   	read_text 'Site hostname: ' SITE_HOSTNAME
   193    205   
   194    206   	SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)"
................................................................................
   226    238   	SITE_INDEX_FILE="$1"
   227    239   	SITE_KEY_FILE="$2"
   228    240   	SITE_CERT_FILE="$3"
   229    241   
   230    242   	read_text 'AppFS Site Index file: ' SITE_INDEX_FILE
   231    243   	read_text 'Site Key filename: ' SITE_KEY_FILE
   232    244   	read_text 'Site Certificate filename: ' SITE_CERT_FILE
          245  +
          246  +	if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
   233    247   	read_password "Password for Key (${SITE_KEY_FILE}): " SITE_PASSWORD
          248  +	else
          249  +		SITE_PASSWORD=""
          250  +	fi
   234    251   
   235    252   	export SITE_INDEX_FILE SITE_KEY_FILE SITE_CERT_FILE SITE_PASSWORD
   236    253   
   237    254   	call_appfsd --tcl "$(cat <<\_EOF_
   238    255   package require pki
   239    256   
   240    257   set fd [open $::env(SITE_INDEX_FILE)]

Powered by Fossil · RSS