Check-in [111b99f620]
Overview
Comment:Updated to only prompt for passwords for encrypted files, and store certificate if a CSR was automatically generated
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 111b99f62054222b708ed4e43b6ba21d4d0a29dc
User & Date: rkeene on 2014-11-17 21:03:26
Other Links: manifest | tags
Context
2014-11-17
21:05
Updated to allow in-place signing, rather than atomic-replace check-in: 93b5d66091 user: rkeene tags: trunk
21:03
Updated to only prompt for passwords for encrypted files, and store certificate if a CSR was automatically generated check-in: 111b99f620 user: rkeene tags: trunk
20:50
Updated to trim trailing newlines check-in: 3242c8d4d5 user: rkeene tags: trunk
Changes

Modified appfs-cert from [536bd4fe36] to [bccff16fa2].

70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
set fd [open $filename_key w 0400]
puts $fd [pki::key $key $::env(CA_PASSWORD)]
close $fd
'
}

function generate_key() {
	read_password 'Password for Site Key: ' SITE_PASSWORD

	export SITE_PASSWORD

	call_appfsd --tcl '
package require pki

if {[info exists ::env(SITE_KEY_FILE)]} {







|







70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
set fd [open $filename_key w 0400]
puts $fd [pki::key $key $::env(CA_PASSWORD)]
close $fd
'
}

function generate_key() {
	read_password 'Password for Site Key being generated: ' SITE_PASSWORD

	export SITE_PASSWORD

	call_appfsd --tcl '
package require pki

if {[info exists ::env(SITE_KEY_FILE)]} {
106
107
108
109
110
111
112

113



114
115
116
117
118
119
120
		SITE_KEY_FILE="AppFS_Site_${SITE_HOSTNAME}.key"
	fi

	export SITE_HOSTNAME SITE_KEY_FILE

	if [ -f "${SITE_KEY_FILE}" ]; then
		echo 'Key file already exists.'

		read_password 'Password for (existing) Site Key: ' SITE_PASSWORD




		export SITE_PASSWORD
	else
		generate_key
	fi

call_appfsd --tcl '







>
|
>
>
>







106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
		SITE_KEY_FILE="AppFS_Site_${SITE_HOSTNAME}.key"
	fi

	export SITE_HOSTNAME SITE_KEY_FILE

	if [ -f "${SITE_KEY_FILE}" ]; then
		echo 'Key file already exists.'
		if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
			read_password 'Password for (existing) Site Key: ' SITE_PASSWORD
		else
			SITE_PASSWORD=""
		fi

		export SITE_PASSWORD
	else
		generate_key
	fi

call_appfsd --tcl '
152
153
154
155
156
157
158

159

160
161
162
163
164
165
166
	fi

	if [ ! -e "${CA_CERT_FILE}" -o ! -e "${CA_KEY_FILE}" ]; then
		read_text 'Certificate Authority (CA) Certificate Filename: ' CA_CERT_FILE
		read_text 'Certificate Authority (CA) Key Filename: ' CA_KEY_FILE
	fi


	read_password 'Certificate Authority (CA) Password: ' CA_PASSWORD


	SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)"

	export SITE_CSR_FILE SITE_SERIAL_NUMBER CA_CERT_FILE CA_KEY_FILE CA_PASSWORD

	SITE_CERT="$(call_appfsd --tcl '
package require pki







>
|
>







156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
	fi

	if [ ! -e "${CA_CERT_FILE}" -o ! -e "${CA_KEY_FILE}" ]; then
		read_text 'Certificate Authority (CA) Certificate Filename: ' CA_CERT_FILE
		read_text 'Certificate Authority (CA) Key Filename: ' CA_KEY_FILE
	fi

	if cat "${CA_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
		read_password 'Certificate Authority (CA) Password: ' CA_PASSWORD
	fi

	SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)"

	export SITE_CSR_FILE SITE_SERIAL_NUMBER CA_CERT_FILE CA_KEY_FILE CA_PASSWORD

	SITE_CERT="$(call_appfsd --tcl '
package require pki
180
181
182
183
184
185
186
187






188
189
190
191
192
193
194
puts $cert
')"

	SITE_SUBJECT="$(echo "${SITE_CERT}" | openssl x509 -subject -noout | sed 's@.*= @@')"

	echo "${USER}@${HOSTNAME} $(date): ${SITE_SERIAL_NUMBER} ${SITE_SUBJECT}" >> "${CA_KEY_FILE}.issued"

	echo "${SITE_CERT}"






}

function generate_selfsigned() {
	read_password 'Password for Key: ' SITE_PASSWORD
	read_text 'Site hostname: ' SITE_HOSTNAME

	SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)"







|
>
>
>
>
>
>







186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
puts $cert
')"

	SITE_SUBJECT="$(echo "${SITE_CERT}" | openssl x509 -subject -noout | sed 's@.*= @@')"

	echo "${USER}@${HOSTNAME} $(date): ${SITE_SERIAL_NUMBER} ${SITE_SUBJECT}" >> "${CA_KEY_FILE}.issued"

	echo "${SITE_CERT}" | (
		if [ -z "${SITE_HOSTNAME}" ]; then
			cat
		else
			tee "AppFS_Site_${SITE_HOSTNAME}.crt"
		fi
	)
}

function generate_selfsigned() {
	read_password 'Password for Key: ' SITE_PASSWORD
	read_text 'Site hostname: ' SITE_HOSTNAME

	SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)"
226
227
228
229
230
231
232


233



234
235
236
237
238
239
240
	SITE_INDEX_FILE="$1"
	SITE_KEY_FILE="$2"
	SITE_CERT_FILE="$3"

	read_text 'AppFS Site Index file: ' SITE_INDEX_FILE
	read_text 'Site Key filename: ' SITE_KEY_FILE
	read_text 'Site Certificate filename: ' SITE_CERT_FILE


	read_password "Password for Key (${SITE_KEY_FILE}): " SITE_PASSWORD




	export SITE_INDEX_FILE SITE_KEY_FILE SITE_CERT_FILE SITE_PASSWORD

	call_appfsd --tcl "$(cat <<\_EOF_
package require pki

set fd [open $::env(SITE_INDEX_FILE)]







>
>
|
>
>
>







238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
	SITE_INDEX_FILE="$1"
	SITE_KEY_FILE="$2"
	SITE_CERT_FILE="$3"

	read_text 'AppFS Site Index file: ' SITE_INDEX_FILE
	read_text 'Site Key filename: ' SITE_KEY_FILE
	read_text 'Site Certificate filename: ' SITE_CERT_FILE

	if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then
		read_password "Password for Key (${SITE_KEY_FILE}): " SITE_PASSWORD
	else
		SITE_PASSWORD=""
	fi

	export SITE_INDEX_FILE SITE_KEY_FILE SITE_CERT_FILE SITE_PASSWORD

	call_appfsd --tcl "$(cat <<\_EOF_
package require pki

set fd [open $::env(SITE_INDEX_FILE)]