Overview
Comment: | Updated to only prompt for passwords for encrypted files, and store certificate if a CSR was automatically generated |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: | 111b99f62054222b708ed4e43b6ba21d4d0a29dc |
User & Date: | rkeene on 2014-11-17 21:03:26 |
Other Links: | manifest | tags |
Context
2014-11-17
| ||
21:05 | Updated to allow in-place signing, rather than atomic-replace check-in: 93b5d66091 user: rkeene tags: trunk | |
21:03 | Updated to only prompt for passwords for encrypted files, and store certificate if a CSR was automatically generated check-in: 111b99f620 user: rkeene tags: trunk | |
20:50 | Updated to trim trailing newlines check-in: 3242c8d4d5 user: rkeene tags: trunk | |
Changes
Modified appfs-cert from [536bd4fe36] to [bccff16fa2].
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 ... 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 ... 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 ... 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 ... 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 |
set fd [open $filename_key w 0400] puts $fd [pki::key $key $::env(CA_PASSWORD)] close $fd ' } function generate_key() { read_password 'Password for Site Key: ' SITE_PASSWORD export SITE_PASSWORD call_appfsd --tcl ' package require pki if {[info exists ::env(SITE_KEY_FILE)]} { ................................................................................ SITE_KEY_FILE="AppFS_Site_${SITE_HOSTNAME}.key" fi export SITE_HOSTNAME SITE_KEY_FILE if [ -f "${SITE_KEY_FILE}" ]; then echo 'Key file already exists.' read_password 'Password for (existing) Site Key: ' SITE_PASSWORD export SITE_PASSWORD else generate_key fi call_appfsd --tcl ' ................................................................................ fi if [ ! -e "${CA_CERT_FILE}" -o ! -e "${CA_KEY_FILE}" ]; then read_text 'Certificate Authority (CA) Certificate Filename: ' CA_CERT_FILE read_text 'Certificate Authority (CA) Key Filename: ' CA_KEY_FILE fi read_password 'Certificate Authority (CA) Password: ' CA_PASSWORD SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)" export SITE_CSR_FILE SITE_SERIAL_NUMBER CA_CERT_FILE CA_KEY_FILE CA_PASSWORD SITE_CERT="$(call_appfsd --tcl ' package require pki ................................................................................ puts $cert ')" SITE_SUBJECT="$(echo "${SITE_CERT}" | openssl x509 -subject -noout | sed 's@.*= @@')" echo "${USER}@${HOSTNAME} $(date): ${SITE_SERIAL_NUMBER} ${SITE_SUBJECT}" >> "${CA_KEY_FILE}.issued" echo "${SITE_CERT}" } function generate_selfsigned() { read_password 'Password for Key: ' SITE_PASSWORD read_text 'Site hostname: ' SITE_HOSTNAME SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)" ................................................................................ SITE_INDEX_FILE="$1" SITE_KEY_FILE="$2" SITE_CERT_FILE="$3" read_text 'AppFS Site Index file: ' SITE_INDEX_FILE read_text 'Site Key filename: ' SITE_KEY_FILE read_text 'Site Certificate filename: ' SITE_CERT_FILE read_password "Password for Key (${SITE_KEY_FILE}): " SITE_PASSWORD export SITE_INDEX_FILE SITE_KEY_FILE SITE_CERT_FILE SITE_PASSWORD call_appfsd --tcl "$(cat <<\_EOF_ package require pki set fd [open $::env(SITE_INDEX_FILE)] |
| > | > > > > | > | > > > > > > > > | > > > |
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 ... 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 ... 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 ... 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 ... 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 |
set fd [open $filename_key w 0400] puts $fd [pki::key $key $::env(CA_PASSWORD)] close $fd ' } function generate_key() { read_password 'Password for Site Key being generated: ' SITE_PASSWORD export SITE_PASSWORD call_appfsd --tcl ' package require pki if {[info exists ::env(SITE_KEY_FILE)]} { ................................................................................ SITE_KEY_FILE="AppFS_Site_${SITE_HOSTNAME}.key" fi export SITE_HOSTNAME SITE_KEY_FILE if [ -f "${SITE_KEY_FILE}" ]; then echo 'Key file already exists.' if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then read_password 'Password for (existing) Site Key: ' SITE_PASSWORD else SITE_PASSWORD="" fi export SITE_PASSWORD else generate_key fi call_appfsd --tcl ' ................................................................................ fi if [ ! -e "${CA_CERT_FILE}" -o ! -e "${CA_KEY_FILE}" ]; then read_text 'Certificate Authority (CA) Certificate Filename: ' CA_CERT_FILE read_text 'Certificate Authority (CA) Key Filename: ' CA_KEY_FILE fi if cat "${CA_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then read_password 'Certificate Authority (CA) Password: ' CA_PASSWORD fi SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)" export SITE_CSR_FILE SITE_SERIAL_NUMBER CA_CERT_FILE CA_KEY_FILE CA_PASSWORD SITE_CERT="$(call_appfsd --tcl ' package require pki ................................................................................ puts $cert ')" SITE_SUBJECT="$(echo "${SITE_CERT}" | openssl x509 -subject -noout | sed 's@.*= @@')" echo "${USER}@${HOSTNAME} $(date): ${SITE_SERIAL_NUMBER} ${SITE_SUBJECT}" >> "${CA_KEY_FILE}.issued" echo "${SITE_CERT}" | ( if [ -z "${SITE_HOSTNAME}" ]; then cat else tee "AppFS_Site_${SITE_HOSTNAME}.crt" fi ) } function generate_selfsigned() { read_password 'Password for Key: ' SITE_PASSWORD read_text 'Site hostname: ' SITE_HOSTNAME SITE_SERIAL_NUMBER="$(uuidgen | dd conv=ucase 2>/dev/null | sed 's@-@@g;s@^@ibase=16; @' | bc -lq)" ................................................................................ SITE_INDEX_FILE="$1" SITE_KEY_FILE="$2" SITE_CERT_FILE="$3" read_text 'AppFS Site Index file: ' SITE_INDEX_FILE read_text 'Site Key filename: ' SITE_KEY_FILE read_text 'Site Certificate filename: ' SITE_CERT_FILE if cat "${SITE_KEY_FILE}" | grep -i '^Proc-Type: .*,ENCRYPTED' >/dev/null; then read_password "Password for Key (${SITE_KEY_FILE}): " SITE_PASSWORD else SITE_PASSWORD="" fi export SITE_INDEX_FILE SITE_KEY_FILE SITE_CERT_FILE SITE_PASSWORD call_appfsd --tcl "$(cat <<\_EOF_ package require pki set fd [open $::env(SITE_INDEX_FILE)] |