diff options
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/keyringer/csr.sh | 145 | ||||
| -rw-r--r-- | lib/keyringer/functions | 49 |
2 files changed, 194 insertions, 0 deletions
diff --git a/lib/keyringer/csr.sh b/lib/keyringer/csr.sh new file mode 100755 index 0000000..195b355 --- /dev/null +++ b/lib/keyringer/csr.sh @@ -0,0 +1,145 @@ +#!/bin/sh +# csr.sh: Certificate Signing Request Generator +# Copyright(c) 2005 Evaldo Gardenali <evaldo@gardenali.biz> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# +# ChangeLog: +# Mon May 23 00:14:37 BRT 2005 - evaldo - Initial Release +# Thu Nov 3 10:11:51 GMT 2005 - chrisc - $HOME removed so that key and csr +# are generated in the current directory +# Wed Nov 16 10:42:42 GMT 2005 - chrisc - Updated to match latest version on +# the CAcert wiki, rev #73 +# http://wiki.cacert.org/wiki/VhostTaskForce +# Mon Jan 4 18:37:28 BRST 2010 - rhatto - Support for non-interactive mode + + +# be safe about permissions +LASTUMASK=`umask` +umask 077 + +# OpenSSL for HPUX needs a random file +RANDOMFILE=$HOME/.rnd + +# create a config file for openssl +CONFIG=`mktemp -q /tmp/openssl-conf.XXXXXXXX` +if [ ! $? -eq 0 ]; then + echo "Could not create temporary config file. exiting" + exit 1 +fi + +echo "Private Key and Certificate Signing Request Generator" +echo "This script was designed to suit the request format needed by" +echo "the CAcert Certificate Authority. www.CAcert.org" +echo + +HOST="$1" +COMMONNAME="$2" +SAN="$3" + +if [ -z "$HOST" ]; then + printf "Short Hostname (ie. imap big_srv www2): " + read HOST +fi + +if [ -z "$COMMONNAME" ]; then + printf "FQDN/CommonName (ie. www.example.com) : " + read COMMONNAME +fi + +if [ -z "$SAN" ]; then + echo "Type SubjectAltNames for the certificate, one per line. Enter a blank line to finish" + SAN=1 # bogus value to begin the loop + SANAMES="" # sanitize + while [ ! "$SAN" = "" ]; do + printf "SubjectAltName: DNS:" + read SAN + if [ "$SAN" = "" ]; then break; fi # end of input + if [ "$SANAMES" = "" ]; then + SANAMES="DNS:$SAN" + else + SANAMES="$SANAMES,DNS:$SAN" + fi + done +else + SANAMES="DNS:$SAN" +fi + +# Config File Generation + +cat <<EOF > $CONFIG +# -------------- BEGIN custom openssl.cnf ----- + HOME = $HOME +EOF + +if [ "`uname -s`" = "HP-UX" ]; then + echo " RANDFILE = $RANDOMFILE" >> $CONFIG +fi + +cat <<EOF >> $CONFIG + oid_section = new_oids + [ new_oids ] + [ req ] + default_days = 730 # how long to certify for + default_keyfile = ${HOST}_privatekey.pem + distinguished_name = req_distinguished_name + encrypt_key = no + string_mask = nombstr +EOF + +if [ ! "$SANAMES" = "" ]; then + echo "req_extensions = v3_req # Extensions to add to certificate request" >> $CONFIG +fi + +cat <<EOF >> $CONFIG + [ req_distinguished_name ] + commonName = Common Name (eg, YOUR name) + commonName_default = $COMMONNAME + commonName_max = 64 + [ v3_req ] +EOF + +if [ ! "$SANAMES" = "" ]; then + echo "subjectAltName=$SANAMES" >> $CONFIG +fi + +echo "# -------------- END custom openssl.cnf -----" >> $CONFIG + +echo "Running OpenSSL..." +# The first one doesn't work, the second one does: +#openssl req -batch -config $CONFIG -newkey rsa -out ${HOST}_csr.pem +openssl req -batch -config $CONFIG -newkey rsa:2048 -out ${HOST}_csr.pem + +echo "Copy the following Certificate Request and paste into CAcert website to obtain a Certificate." +echo "When you receive your certificate, you 'should' name it something like ${HOST}_server.pem" +echo +cat ${HOST}_csr.pem +echo +echo The Certificate request is also available in ${HOST}_csr.pem +echo The Private Key is stored in ${HOST}_privatekey.pem +echo + +rm $CONFIG + +#restore umask +umask $LASTUMASK + diff --git a/lib/keyringer/functions b/lib/keyringer/functions new file mode 100644 index 0000000..f0c4e0f --- /dev/null +++ b/lib/keyringer/functions @@ -0,0 +1,49 @@ +#!/bin/bash +# +# Common functions. +# + +function keyringer_config { + if [ -z "$CONFIG" ]; then + echo "Your have to set CONFIG variable in the code" + exit 1 + elif [ -e "$CONFIG" ]; then + grep -e "^$1=" $CONFIG | tail -n 1 | cut -d = -f 2 | sed -e 's/"//g' -e "s/'//g" | sed -e 's/ *#.*$//' + else + echo "Config file not found: $CONFIG" + exit 1 + fi +} + +function keyringer_recipients { + grep -v '^#' $1 | grep -v '^$' | awk '{ print "-r " $2 }' | xargs +} + +function keyringer_has_action { + if [ -z "$ACTIONS" ]; then + echo "Your have to set ACTIONS variable in the code" + exit 1 + fi + + if [ -e "$ACTIONS/$1" ]; then + true + else + false + fi +} + +function keyringer_exec { + # Setup + action="$1" + basedir="$2" + shift 2 + + # Dispatch + if keyringer_has_action $action; then + $ACTIONS/$action $basedir $* + fi +} + +function keyringer_filename { + echo `dirname $1`/`basename $1 .gpg`.gpg +} |