/[gentoo-x86]/eclass/ssl-cert.eclass
Gentoo

Diff of /eclass/ssl-cert.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.12 Revision 1.18
1# Copyright 1999-2004 Gentoo Foundation 1# Copyright 1999-2004 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.12 2007/12/09 08:09:56 ulm Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.18 2010/02/16 14:23:39 pva Exp $
4# 4#
5# @ECLASS: ssl-cert.eclass
6# @MAINTAINER:
5# Author: Max Kalika <max@gentoo.org> 7# Author: Max Kalika <max@gentoo.org>
6# 8# @BLURB: Eclass for SSL certificates
9# @DESCRIPTION:
7# This eclass implements standard installation procedure for installing 10# This eclass implements a standard installation procedure for installing
8# self-signed SSL certificates. 11# self-signed SSL certificates.
12# @EXAMPLE:
13# "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
9 14
10# Conditionally depend on OpenSSL: allows inheretence 15# Conditionally depend on OpenSSL: allows inheretence
11# without pulling extra packages if not needed 16# without pulling extra packages if not needed
12DEPEND="ssl? ( dev-libs/openssl )" 17DEPEND="ssl? ( dev-libs/openssl )"
13IUSE="ssl" 18IUSE="ssl"
14 19
20# @FUNCTION: gen_cnf
21# @USAGE:
22# @DESCRIPTION:
15# Initializes variables and generates the needed 23# Initializes variables and generates the needed
16# OpenSSL configuration file and a CA serial file 24# OpenSSL configuration file and a CA serial file
17# 25#
18# Access: private 26# Access: private
19gen_cnf() { 27gen_cnf() {
38 46
39 # Create the CA serial file 47 # Create the CA serial file
40 echo "01" > "${SSL_SERIAL}" 48 echo "01" > "${SSL_SERIAL}"
41 49
42 # Create the config file 50 # Create the config file
43 ebegin "Generating OpenSSL configuration" 51 ebegin "Generating OpenSSL configuration${1:+ for CA}"
44 cat <<-EOF > "${SSL_CONF}" 52 cat <<-EOF > "${SSL_CONF}"
45 [ req ] 53 [ req ]
46 prompt = no 54 prompt = no
47 default_bits = ${SSL_BITS} 55 default_bits = ${SSL_BITS}
48 distinguished_name = req_dn 56 distinguished_name = req_dn
50 C = ${SSL_COUNTRY} 58 C = ${SSL_COUNTRY}
51 ST = ${SSL_STATE} 59 ST = ${SSL_STATE}
52 L = ${SSL_LOCALITY} 60 L = ${SSL_LOCALITY}
53 O = ${SSL_ORGANIZATION} 61 O = ${SSL_ORGANIZATION}
54 OU = ${SSL_UNIT} 62 OU = ${SSL_UNIT}
55 CN = ${SSL_COMMONNAME} 63 CN = ${SSL_COMMONNAME}${1:+ CA}
56 emailAddress = ${SSL_EMAIL} 64 emailAddress = ${SSL_EMAIL}
57 EOF 65 EOF
58 eend $? 66 eend $?
59 67
60 return $? 68 return $?
61} 69}
62 70
71# @FUNCTION: get_base
72# @USAGE: [if_ca]
73# @RETURN: <base path>
74# @DESCRIPTION:
63# Simple function to determine whether we're creating 75# Simple function to determine whether we're creating
64# a CA (which should only be done once) or final part 76# a CA (which should only be done once) or final part
65# 77#
66# Access: private 78# Access: private
67get_base() { 79get_base() {
70 else 82 else
71 echo "${T}/${$}server" 83 echo "${T}/${$}server"
72 fi 84 fi
73} 85}
74 86
87# @FUNCTION: gen_key
88# @USAGE: <base path>
89# @DESCRIPTION:
75# Generates an RSA key 90# Generates an RSA key
76# 91#
77# Access: private 92# Access: private
78gen_key() { 93gen_key() {
79 local base=`get_base $1` 94 local base=`get_base $1`
83 eend $? 98 eend $?
84 99
85 return $? 100 return $?
86} 101}
87 102
103# @FUNCTION: gen_csr
104# @USAGE: <base path>
105# @DESCRIPTION:
88# Generates a certificate signing request using 106# Generates a certificate signing request using
89# the key made by gen_key() 107# the key made by gen_key()
90# 108#
91# Access: private 109# Access: private
92gen_csr() { 110gen_csr() {
97 eend $? 115 eend $?
98 116
99 return $? 117 return $?
100} 118}
101 119
120# @FUNCTION: gen_crt
121# @USAGE: <base path>
122# @DESCRIPTION:
102# Generates either a self-signed CA certificate using 123# Generates either a self-signed CA certificate using
103# the csr and key made by gen_csr() and gen_key() or 124# the csr and key made by gen_csr() and gen_key() or
104# a signed server certificate using the CA cert previously 125# a signed server certificate using the CA cert previously
105# created by gen_crt() 126# created by gen_crt()
106# 127#
123 eend $? 144 eend $?
124 145
125 return $? 146 return $?
126} 147}
127 148
149# @FUNCTION: gen_pem
150# @USAGE: <base path>
151# @DESCRIPTION:
128# Generates a PEM file by concatinating the key 152# Generates a PEM file by concatinating the key
129# and cert file created by gen_key() and gen_cert() 153# and cert file created by gen_key() and gen_cert()
130# 154#
131# Access: private 155# Access: private
132gen_pem() { 156gen_pem() {
136 eend $? 160 eend $?
137 161
138 return $? 162 return $?
139} 163}
140 164
141# Uses all the private functions above to generate 165# Removed due to bug 174759
142# and install the requested certificates
143# Note: This function is deprecated, use install_cert instead
144#
145# Access: public
146docert() { 166docert() {
147 ewarn "Function \"docert\" is deprecated for security reasons." 167 eerror "Function \"docert\" has been removed for security reasons."
148 ewarn "\"install_cert\" should be used instead. See bug #174759." 168 eerror "\"install_cert\" should be used instead. See bug 174759."
149 169 die
150 if [ $# -lt 1 ] ; then
151 eerror "At least one argument needed"
152 return 1;
153 fi
154
155 # Initialize configuration
156 gen_cnf || return 1
157 echo
158
159 # Generate a CA environment
160 gen_key 1 || return 1
161 gen_csr 1 || return 1
162 gen_crt 1 || return 1
163 echo
164
165 local count=0
166 for cert in "$@" ; do
167 # Sanitize and check the requested certificate
168 cert="`/usr/bin/basename "${cert}"`"
169 if [ -z "${cert}" ] ; then
170 ewarn "Invalid certification requested, skipping"
171 continue
172 fi
173
174 # Check for previous existence of generated files
175 for type in key crt pem ; do
176 if [ -e "${D}${INSDESTTREE}/${cert}.${type}" ] ; then
177 ewarn "${D}${INSDESTTREE}/${cert}.${type}: exists, skipping"
178 continue 2
179 fi
180 done
181
182 # Generate the requested files
183 gen_key || continue
184 gen_csr || continue
185 gen_crt || continue
186 gen_pem || continue
187 echo
188
189 # Install the generated files and set sane permissions
190 local base=`get_base`
191 newins "${base}.key" "${cert}.key"
192 fperms 0400 "${INSDESTTREE}/${cert}.key"
193 newins "${base}.csr" "${cert}.csr"
194 fperms 0444 "${INSDESTTREE}/${cert}.csr"
195 newins "${base}.crt" "${cert}.crt"
196 fperms 0444 "${INSDESTTREE}/${cert}.crt"
197 newins "${base}.pem" "${cert}.pem"
198 fperms 0400 "${INSDESTTREE}/${cert}.pem"
199 count=$((${count}+1))
200 done
201
202 # Resulting status
203 if [ ! ${count} ] ; then
204 eerror "No certificates were generated"
205 return 1
206 elif [ ${count} != ${#} ] ; then
207 ewarn "Some requested certificates were not generated"
208 fi
209} 170}
210 171
172# @FUNCTION: install_cert
173# @USAGE: <certificates>
174# @DESCRIPTION:
211# Uses all the private functions above to generate 175# Uses all the private functions above to generate and install the
212# and install the requested certificates 176# requested certificates.
213#
214# Usage: install_cert <certificates>
215# where <certificates> are full pathnames relative to ROOT, without extension. 177# <certificates> are full pathnames relative to ROOT, without extension.
216# 178#
217# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem} 179# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
218# 180#
219# Access: public 181# Access: public
220install_cert() { 182install_cert() {
227 unpack|compile|test|install) 189 unpack|compile|test|install)
228 eerror "install_cert cannot be called in ${EBUILD_PHASE}" 190 eerror "install_cert cannot be called in ${EBUILD_PHASE}"
229 return 1 ;; 191 return 1 ;;
230 esac 192 esac
231 193
232 # Initialize configuration 194 # Generate a CA environment #164601
233 gen_cnf || return 1 195 gen_cnf 1 || return 1
234 echo
235
236 # Generate a CA environment
237 gen_key 1 || return 1 196 gen_key 1 || return 1
238 gen_csr 1 || return 1 197 gen_csr 1 || return 1
239 gen_crt 1 || return 1 198 gen_crt 1 || return 1
199 echo
200
201 gen_cnf || return 1
240 echo 202 echo
241 203
242 local count=0 204 local count=0
243 for cert in "$@" ; do 205 for cert in "$@" ; do
244 # Check the requested certificate 206 # Check the requested certificate
271 install -m0400 "${base}.pem" "${ROOT}${cert}.pem" 233 install -m0400 "${base}.pem" "${ROOT}${cert}.pem"
272 count=$((${count}+1)) 234 count=$((${count}+1))
273 done 235 done
274 236
275 # Resulting status 237 # Resulting status
276 if [ ! ${count} ] ; then 238 if [ ${count} = 0 ] ; then
277 eerror "No certificates were generated" 239 eerror "No certificates were generated"
278 return 1 240 return 1
279 elif [ ${count} != ${#} ] ; then 241 elif [ ${count} != ${#} ] ; then
280 ewarn "Some requested certificates were not generated" 242 ewarn "Some requested certificates were not generated"
281 fi 243 fi

Legend:
Removed from v.1.12  
changed lines
  Added in v.1.18

  ViewVC Help
Powered by ViewVC 1.1.20