| ︙ | | |
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
-
+
|
set fd [open $filename_key w 0400]
puts $fd [pki::key $key $::env(CA_PASSWORD)]
close $fd
'
}
function generate_key() {
read_password 'Password for Site Key: ' SITE_PASSWORD
read_password 'Password for Site Key being generated: ' SITE_PASSWORD
export SITE_PASSWORD
call_appfsd --tcl '
package require pki
if {[info exists ::env(SITE_KEY_FILE)]} {
|
| ︙ | | |
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
+
-
+
+
+
+
|
SITE_KEY_FILE="AppFS_Site_${SITE_HOSTNAME}.key"
fi
export SITE_HOSTNAME SITE_KEY_FILE
if [ -f "${SITE_KEY_FILE}" ]; then
echo 'Key file already exists.'
if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
read_password 'Password for (existing) Site Key: ' SITE_PASSWORD
read_password 'Password for (existing) Site Key: ' SITE_PASSWORD
else
SITE_PASSWORD=""
fi
export SITE_PASSWORD
else
generate_key
fi
call_appfsd --tcl '
|
| ︙ | | |
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
|
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
+
-
+
+
|
fi
if [ ! -e "${CA_CERT_FILE}" -o ! -e "${CA_KEY_FILE}" ]; then
read_text 'Certificate Authority (CA) Certificate Filename: ' CA_CERT_FILE
read_text 'Certificate Authority (CA) Key Filename: ' CA_KEY_FILE
fi
if cat "${CA_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
read_password 'Certificate Authority (CA) Password: ' CA_PASSWORD
read_password 'Certificate Authority (CA) Password: ' CA_PASSWORD
fi
SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)"
export SITE_CSR_FILE SITE_SERIAL_NUMBER CA_CERT_FILE CA_KEY_FILE CA_PASSWORD
SITE_CERT="$(call_appfsd --tcl '
package require pki
|
| ︙ | | |
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
|
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
-
+
+
+
+
+
+
+
|
puts $cert
')"
SITE_SUBJECT="$(echo "${SITE_CERT}" | openssl x509 -subject -noout | sed 's@.*= @@')"
echo "${USER}@${HOSTNAME} $(date): ${SITE_SERIAL_NUMBER} ${SITE_SUBJECT}" >> "${CA_KEY_FILE}.issued"
echo "${SITE_CERT}"
echo "${SITE_CERT}" | (
if [ -z "${SITE_HOSTNAME}" ]; then
cat
else
tee "AppFS_Site_${SITE_HOSTNAME}.crt"
fi
)
}
function generate_selfsigned() {
read_password 'Password for Key: ' SITE_PASSWORD
read_text 'Site hostname: ' SITE_HOSTNAME
SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)"
|
| ︙ | | |
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
|
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
|
+
+
-
+
+
+
+
|
SITE_INDEX_FILE="$1"
SITE_KEY_FILE="$2"
SITE_CERT_FILE="$3"
read_text 'AppFS Site Index file: ' SITE_INDEX_FILE
read_text 'Site Key filename: ' SITE_KEY_FILE
read_text 'Site Certificate filename: ' SITE_CERT_FILE
if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
read_password "Password for Key (${SITE_KEY_FILE}): " SITE_PASSWORD
read_password "Password for Key (${SITE_KEY_FILE}): " SITE_PASSWORD
else
SITE_PASSWORD=""
fi
export SITE_INDEX_FILE SITE_KEY_FILE SITE_CERT_FILE SITE_PASSWORD
call_appfsd --tcl "$(cat <<\_EOF_
package require pki
set fd [open $::env(SITE_INDEX_FILE)]
|
| ︙ | | |