Check-in [ac33419083]
Overview
Comment:Support loading an existing key when generating a CA Cert
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:ac3341908326a92670b27ee3dd4c136fa6ecfebc
User & Date: rkeene on 2019-12-13 00:03:39
Other Links: manifest | tags
Context
2019-12-13
00:06
Set path to include the path to appfsd in appfs-cache check-in: 1a9a8b1256 user: rkeene tags: trunk
00:03
Support loading an existing key when generating a CA Cert check-in: ac33419083 user: rkeene tags: trunk
2017-12-15
05:32
AppFS 1.10 check-in: 1b562faeed user: rkeene tags: trunk, 1.10
Changes

Modified appfs-cert from [c093e41ee1] to [1f1ed224a9].

    18     18   # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    19     19   # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    20     20   # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    21     21   # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    22     22   # THE SOFTWARE.
    23     23   #
    24     24   
           25  +PATH="${PATH}:$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
           26  +
    25     27   appfsd_options=()
    26     28   
    27     29   CA_CERT_FILE='AppFS_CA.crt'
    28     30   CA_KEY_FILE='AppFS_CA.key'
    29     31   export CA_CERT_FILE CA_KEY_FILE
    30     32   
    31     33   function call_appfsd() {
................................................................................
    70     72   
    71     73   	call_appfsd --tcl '
    72     74   package require pki
    73     75   
    74     76   set filename_cert $::env(CA_CERT_FILE)
    75     77   set filename_key  $::env(CA_KEY_FILE)
    76     78   
    77         -puts -nonewline "Generating RSA Key..."
    78         -flush stdout
    79         -set key [pki::rsa::generate 2048]
    80         -puts " Done."
           79  +if {[file exists $filename_key]} {
           80  +	set replace_key false
           81  +
           82  +	set key [pki::pkcs::parse_key [read [open $filename_key]] $env(CA_PASSWORD)]
           83  +} else {
           84  +	set replace_key true
           85  +
           86  +	puts -nonewline "Generating RSA Key..."
           87  +	flush stdout
           88  +	set key [pki::rsa::generate 2048]
           89  +	puts " Done."
           90  +}
    81     91   
    82     92   lappend key subject "O=$::env(CA_DN_S_O),CN=$::env(CA_DN_S_CN)"
    83     93   
    84         -set ca [pki::x509::create_cert $key $key 1 [clock seconds] [clock add [clock seconds] 5 years] 1 [list] 1]
           94  +set ca [pki::x509::create_cert $key $key 1 [clock seconds] [clock add [clock seconds] 15 years] 1 [list] 1]
    85     95   
    86     96   puts "Writing \"$filename_cert\""
    87     97   set fd [open $filename_cert w 0644]
    88     98   puts $fd $ca
    89     99   close $fd
    90    100   
    91         -puts "Writing \"$filename_key\""
    92         -set fd [open $filename_key w 0400]
    93         -puts $fd [pki::key $key $::env(CA_PASSWORD)]
    94         -close $fd
          101  +if {$replace_key} {
          102  +	puts "Writing \"$filename_key\""
          103  +	set fd [open $filename_key w 0400]
          104  +	puts $fd [pki::key $key $::env(CA_PASSWORD)]
          105  +	close $fd
          106  +}
    95    107   '
    96    108   }
    97    109   
    98    110   function generate_key() {
    99    111   	read_password 'Password for Site Key being generated: ' SITE_PASSWORD
   100    112   
   101    113   	export SITE_PASSWORD