Check-in [ac33419083]
Overview
Comment:Support loading an existing key when generating a CA Cert
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: ac3341908326a92670b27ee3dd4c136fa6ecfebc
User & Date: rkeene on 2019-12-13 00:03:39
Other Links: manifest | tags
Context
2019-12-13
00:06
Set path to include the path to appfsd in appfs-cache check-in: 1a9a8b1256 user: rkeene tags: trunk
00:03
Support loading an existing key when generating a CA Cert check-in: ac33419083 user: rkeene tags: trunk
2017-12-15
05:32
AppFS 1.10 check-in: 1b562faeed user: rkeene tags: trunk, 1.10
Changes

Modified appfs-cert from [c093e41ee1] to [1f1ed224a9].

18
19
20
21
22
23
24


25
26
27
28
29
30
31
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33







+
+







# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#

PATH="${PATH}:$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

appfsd_options=()

CA_CERT_FILE='AppFS_CA.crt'
CA_KEY_FILE='AppFS_CA.key'
export CA_CERT_FILE CA_KEY_FILE

function call_appfsd() {
70
71
72
73
74
75
76







77
78
79
80





81
82
83
84

85
86
87
88
89
90

91
92
93
94





95
96
97
98
99
100
101
72
73
74
75
76
77
78
79
80
81
82
83
84
85




86
87
88
89
90
91
92
93

94
95
96
97
98
99
100
101




102
103
104
105
106
107
108
109
110
111
112
113







+
+
+
+
+
+
+
-
-
-
-
+
+
+
+
+



-
+






+
-
-
-
-
+
+
+
+
+








	call_appfsd --tcl '
package require pki

set filename_cert $::env(CA_CERT_FILE)
set filename_key  $::env(CA_KEY_FILE)

if {[file exists $filename_key]} {
	set replace_key false

	set key [pki::pkcs::parse_key [read [open $filename_key]] $env(CA_PASSWORD)]
} else {
	set replace_key true

puts -nonewline "Generating RSA Key..."
flush stdout
set key [pki::rsa::generate 2048]
puts " Done."
	puts -nonewline "Generating RSA Key..."
	flush stdout
	set key [pki::rsa::generate 2048]
	puts " Done."
}

lappend key subject "O=$::env(CA_DN_S_O),CN=$::env(CA_DN_S_CN)"

set ca [pki::x509::create_cert $key $key 1 [clock seconds] [clock add [clock seconds] 5 years] 1 [list] 1]
set ca [pki::x509::create_cert $key $key 1 [clock seconds] [clock add [clock seconds] 15 years] 1 [list] 1]

puts "Writing \"$filename_cert\""
set fd [open $filename_cert w 0644]
puts $fd $ca
close $fd

if {$replace_key} {
puts "Writing \"$filename_key\""
set fd [open $filename_key w 0400]
puts $fd [pki::key $key $::env(CA_PASSWORD)]
close $fd
	puts "Writing \"$filename_key\""
	set fd [open $filename_key w 0400]
	puts $fd [pki::key $key $::env(CA_PASSWORD)]
	close $fd
}
'
}

function generate_key() {
	read_password 'Password for Site Key being generated: ' SITE_PASSWORD

	export SITE_PASSWORD