Overview
Comment: | Support loading an existing key when generating a CA Cert |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: | ac3341908326a92670b27ee3dd4c136fa6ecfebc |
User & Date: | rkeene on 2019-12-13 00:03:39 |
Other Links: | manifest | tags |
Context
2019-12-13
| ||
00:06 | Set path to include the path to appfsd in appfs-cache check-in: 1a9a8b1256 user: rkeene tags: trunk | |
00:03 | Support loading an existing key when generating a CA Cert check-in: ac33419083 user: rkeene tags: trunk | |
2017-12-15
| ||
05:32 | AppFS 1.10 check-in: 1b562faeed user: rkeene tags: trunk, 1.10 | |
Changes
Modified appfs-cert from [c093e41ee1] to [1f1ed224a9].
18 18 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 19 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 20 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 21 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 22 # THE SOFTWARE. 23 23 # 24 24 25 +PATH="${PATH}:$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 26 + 25 27 appfsd_options=() 26 28 27 29 CA_CERT_FILE='AppFS_CA.crt' 28 30 CA_KEY_FILE='AppFS_CA.key' 29 31 export CA_CERT_FILE CA_KEY_FILE 30 32 31 33 function call_appfsd() { ................................................................................ 70 72 71 73 call_appfsd --tcl ' 72 74 package require pki 73 75 74 76 set filename_cert $::env(CA_CERT_FILE) 75 77 set filename_key $::env(CA_KEY_FILE) 76 78 77 -puts -nonewline "Generating RSA Key..." 78 -flush stdout 79 -set key [pki::rsa::generate 2048] 80 -puts " Done." 79 +if {[file exists $filename_key]} { 80 + set replace_key false 81 + 82 + set key [pki::pkcs::parse_key [read [open $filename_key]] $env(CA_PASSWORD)] 83 +} else { 84 + set replace_key true 85 + 86 + puts -nonewline "Generating RSA Key..." 87 + flush stdout 88 + set key [pki::rsa::generate 2048] 89 + puts " Done." 90 +} 81 91 82 92 lappend key subject "O=$::env(CA_DN_S_O),CN=$::env(CA_DN_S_CN)" 83 93 84 -set ca [pki::x509::create_cert $key $key 1 [clock seconds] [clock add [clock seconds] 5 years] 1 [list] 1] 94 +set ca [pki::x509::create_cert $key $key 1 [clock seconds] [clock add [clock seconds] 15 years] 1 [list] 1] 85 95 86 96 puts "Writing \"$filename_cert\"" 87 97 set fd [open $filename_cert w 0644] 88 98 puts $fd $ca 89 99 close $fd 90 100 91 -puts "Writing \"$filename_key\"" 92 -set fd [open $filename_key w 0400] 93 -puts $fd [pki::key $key $::env(CA_PASSWORD)] 94 -close $fd 101 +if {$replace_key} { 102 + puts "Writing \"$filename_key\"" 103 + set fd [open $filename_key w 0400] 104 + puts $fd [pki::key $key $::env(CA_PASSWORD)] 105 + close $fd 106 +} 95 107 ' 96 108 } 97 109 98 110 function generate_key() { 99 111 read_password 'Password for Site Key being generated: ' SITE_PASSWORD 100 112 101 113 export SITE_PASSWORD