Overview
| Comment: | Updated to only prompt for passwords for encrypted files, and store certificate if a CSR was automatically generated |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
111b99f62054222b708ed4e43b6ba21d |
| User & Date: | rkeene on 2014-11-17 21:03:26 |
| Other Links: | manifest | tags |
Context
|
2014-11-17
| ||
| 21:05 | Updated to allow in-place signing, rather than atomic-replace check-in: 93b5d66091 user: rkeene tags: trunk | |
| 21:03 | Updated to only prompt for passwords for encrypted files, and store certificate if a CSR was automatically generated check-in: 111b99f620 user: rkeene tags: trunk | |
| 20:50 | Updated to trim trailing newlines check-in: 3242c8d4d5 user: rkeene tags: trunk | |
Changes
Modified appfs-cert from [536bd4fe36] to [bccff16fa2].
| ︙ | ︙ | |||
70 71 72 73 74 75 76 |
set fd [open $filename_key w 0400]
puts $fd [pki::key $key $::env(CA_PASSWORD)]
close $fd
'
}
function generate_key() {
| | | 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
set fd [open $filename_key w 0400]
puts $fd [pki::key $key $::env(CA_PASSWORD)]
close $fd
'
}
function generate_key() {
read_password 'Password for Site Key being generated: ' SITE_PASSWORD
export SITE_PASSWORD
call_appfsd --tcl '
package require pki
if {[info exists ::env(SITE_KEY_FILE)]} {
|
| ︙ | ︙ | |||
106 107 108 109 110 111 112 |
SITE_KEY_FILE="AppFS_Site_${SITE_HOSTNAME}.key"
fi
export SITE_HOSTNAME SITE_KEY_FILE
if [ -f "${SITE_KEY_FILE}" ]; then
echo 'Key file already exists.'
| > | > > > | 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
SITE_KEY_FILE="AppFS_Site_${SITE_HOSTNAME}.key"
fi
export SITE_HOSTNAME SITE_KEY_FILE
if [ -f "${SITE_KEY_FILE}" ]; then
echo 'Key file already exists.'
if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
read_password 'Password for (existing) Site Key: ' SITE_PASSWORD
else
SITE_PASSWORD=""
fi
export SITE_PASSWORD
else
generate_key
fi
call_appfsd --tcl '
|
| ︙ | ︙ | |||
152 153 154 155 156 157 158 |
fi
if [ ! -e "${CA_CERT_FILE}" -o ! -e "${CA_KEY_FILE}" ]; then
read_text 'Certificate Authority (CA) Certificate Filename: ' CA_CERT_FILE
read_text 'Certificate Authority (CA) Key Filename: ' CA_KEY_FILE
fi
| > | > | 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 |
fi
if [ ! -e "${CA_CERT_FILE}" -o ! -e "${CA_KEY_FILE}" ]; then
read_text 'Certificate Authority (CA) Certificate Filename: ' CA_CERT_FILE
read_text 'Certificate Authority (CA) Key Filename: ' CA_KEY_FILE
fi
if cat "${CA_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
read_password 'Certificate Authority (CA) Password: ' CA_PASSWORD
fi
SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)"
export SITE_CSR_FILE SITE_SERIAL_NUMBER CA_CERT_FILE CA_KEY_FILE CA_PASSWORD
SITE_CERT="$(call_appfsd --tcl '
package require pki
|
| ︙ | ︙ | |||
180 181 182 183 184 185 186 |
puts $cert
')"
SITE_SUBJECT="$(echo "${SITE_CERT}" | openssl x509 -subject -noout | sed 's@.*= @@')"
echo "${USER}@${HOSTNAME} $(date): ${SITE_SERIAL_NUMBER} ${SITE_SUBJECT}" >> "${CA_KEY_FILE}.issued"
| | > > > > > > | 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 |
puts $cert
')"
SITE_SUBJECT="$(echo "${SITE_CERT}" | openssl x509 -subject -noout | sed 's@.*= @@')"
echo "${USER}@${HOSTNAME} $(date): ${SITE_SERIAL_NUMBER} ${SITE_SUBJECT}" >> "${CA_KEY_FILE}.issued"
echo "${SITE_CERT}" | (
if [ -z "${SITE_HOSTNAME}" ]; then
cat
else
tee "AppFS_Site_${SITE_HOSTNAME}.crt"
fi
)
}
function generate_selfsigned() {
read_password 'Password for Key: ' SITE_PASSWORD
read_text 'Site hostname: ' SITE_HOSTNAME
SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)"
|
| ︙ | ︙ | |||
226 227 228 229 230 231 232 | SITE_INDEX_FILE="$1" SITE_KEY_FILE="$2" SITE_CERT_FILE="$3" read_text 'AppFS Site Index file: ' SITE_INDEX_FILE read_text 'Site Key filename: ' SITE_KEY_FILE read_text 'Site Certificate filename: ' SITE_CERT_FILE | > > | > > > | 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 |
SITE_INDEX_FILE="$1"
SITE_KEY_FILE="$2"
SITE_CERT_FILE="$3"
read_text 'AppFS Site Index file: ' SITE_INDEX_FILE
read_text 'Site Key filename: ' SITE_KEY_FILE
read_text 'Site Certificate filename: ' SITE_CERT_FILE
if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
read_password "Password for Key (${SITE_KEY_FILE}): " SITE_PASSWORD
else
SITE_PASSWORD=""
fi
export SITE_INDEX_FILE SITE_KEY_FILE SITE_CERT_FILE SITE_PASSWORD
call_appfsd --tcl "$(cat <<\_EOF_
package require pki
set fd [open $::env(SITE_INDEX_FILE)]
|
| ︙ | ︙ |