/[gentoo-x86]/eclass/ssl-cert.eclass
Gentoo

Diff of /eclass/ssl-cert.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.13 Revision 1.15
1# Copyright 1999-2004 Gentoo Foundation 1# Copyright 1999-2004 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.13 2007/12/28 17:48:34 ulm Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.15 2008/04/14 06:27:45 ulm Exp $
4# 4#
5# @ECLASS: ssl-cert.eclass
6# @MAINTAINER:
7# Author: Max Kalika <max@gentoo.org> 5# Author: Max Kalika <max@gentoo.org>
8# @BLURB: Eclass for SSL certificates 6#
9# @DESCRIPTION:
10# This eclass implements standard installation procedure for installing 7# This eclass implements standard installation procedure for installing
11# self-signed SSL certificates. 8# self-signed SSL certificates.
12# @EXAMPLE:
13# "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
14 9
15# Conditionally depend on OpenSSL: allows inheretence 10# Conditionally depend on OpenSSL: allows inheretence
16# without pulling extra packages if not needed 11# without pulling extra packages if not needed
17DEPEND="ssl? ( dev-libs/openssl )" 12DEPEND="ssl? ( dev-libs/openssl )"
18IUSE="ssl" 13IUSE="ssl"
19 14
20# @FUNCTION: gen_cnf
21# @USAGE:
22# @DESCRIPTION:
23# Initializes variables and generates the needed 15# Initializes variables and generates the needed
24# OpenSSL configuration file and a CA serial file 16# OpenSSL configuration file and a CA serial file
25# 17#
26# Access: private 18# Access: private
27gen_cnf() { 19gen_cnf() {
66 eend $? 58 eend $?
67 59
68 return $? 60 return $?
69} 61}
70 62
71# @FUNCTION: get_base
72# @USAGE: [if_ca]
73# @RETURN: <base path>
74# @DESCRIPTION:
75# Simple function to determine whether we're creating 63# Simple function to determine whether we're creating
76# a CA (which should only be done once) or final part 64# a CA (which should only be done once) or final part
77# 65#
78# Access: private 66# Access: private
79get_base() { 67get_base() {
82 else 70 else
83 echo "${T}/${$}server" 71 echo "${T}/${$}server"
84 fi 72 fi
85} 73}
86 74
87# @FUNCTION: gen_key
88# @USAGE: <base path>
89# @DESCRIPTION:
90# Generates an RSA key 75# Generates an RSA key
91# 76#
92# Access: private 77# Access: private
93gen_key() { 78gen_key() {
94 local base=`get_base $1` 79 local base=`get_base $1`
98 eend $? 83 eend $?
99 84
100 return $? 85 return $?
101} 86}
102 87
103# @FUNCTION: gen_csr
104# @USAGE: <base path>
105# @DESCRIPTION:
106# Generates a certificate signing request using 88# Generates a certificate signing request using
107# the key made by gen_key() 89# the key made by gen_key()
108# 90#
109# Access: private 91# Access: private
110gen_csr() { 92gen_csr() {
115 eend $? 97 eend $?
116 98
117 return $? 99 return $?
118} 100}
119 101
120# @FUNCTION: gen_crt
121# @USAGE: <base path>
122# @DESCRIPTION:
123# Generates either a self-signed CA certificate using 102# Generates either a self-signed CA certificate using
124# the csr and key made by gen_csr() and gen_key() or 103# the csr and key made by gen_csr() and gen_key() or
125# a signed server certificate using the CA cert previously 104# a signed server certificate using the CA cert previously
126# created by gen_crt() 105# created by gen_crt()
127# 106#
144 eend $? 123 eend $?
145 124
146 return $? 125 return $?
147} 126}
148 127
149# @FUNCTION: gen_pem
150# @USAGE: <base path>
151# @DESCRIPTION:
152# Generates a PEM file by concatinating the key 128# Generates a PEM file by concatinating the key
153# and cert file created by gen_key() and gen_cert() 129# and cert file created by gen_key() and gen_cert()
154# 130#
155# Access: private 131# Access: private
156gen_pem() { 132gen_pem() {
160 eend $? 136 eend $?
161 137
162 return $? 138 return $?
163} 139}
164 140
141# Removed due to bug 174759
142docert() {
143 eerror "Function \"docert\" has been removed for security reasons."
144 eerror "\"install_cert\" should be used instead. See bug 174759."
145 die
146}
147
165# Uses all the private functions above to generate 148# Uses all the private functions above to generate
166# and install the requested certificates 149# and install the requested certificates
167# Note: This function is deprecated, use install_cert instead
168# 150#
169# Access: public 151# Usage: install_cert <certificates>
170docert() {
171 ewarn "Function \"docert\" is deprecated for security reasons."
172 ewarn "\"install_cert\" should be used instead. See bug #174759."
173
174 if [ $# -lt 1 ] ; then
175 eerror "At least one argument needed"
176 return 1;
177 fi
178
179 # Initialize configuration
180 gen_cnf || return 1
181 echo
182
183 # Generate a CA environment
184 gen_key 1 || return 1
185 gen_csr 1 || return 1
186 gen_crt 1 || return 1
187 echo
188
189 local count=0
190 for cert in "$@" ; do
191 # Sanitize and check the requested certificate
192 cert="`/usr/bin/basename "${cert}"`"
193 if [ -z "${cert}" ] ; then
194 ewarn "Invalid certification requested, skipping"
195 continue
196 fi
197
198 # Check for previous existence of generated files
199 for type in key crt pem ; do
200 if [ -e "${D}${INSDESTTREE}/${cert}.${type}" ] ; then
201 ewarn "${D}${INSDESTTREE}/${cert}.${type}: exists, skipping"
202 continue 2
203 fi
204 done
205
206 # Generate the requested files
207 gen_key || continue
208 gen_csr || continue
209 gen_crt || continue
210 gen_pem || continue
211 echo
212
213 # Install the generated files and set sane permissions
214 local base=`get_base`
215 newins "${base}.key" "${cert}.key"
216 fperms 0400 "${INSDESTTREE}/${cert}.key"
217 newins "${base}.csr" "${cert}.csr"
218 fperms 0444 "${INSDESTTREE}/${cert}.csr"
219 newins "${base}.crt" "${cert}.crt"
220 fperms 0444 "${INSDESTTREE}/${cert}.crt"
221 newins "${base}.pem" "${cert}.pem"
222 fperms 0400 "${INSDESTTREE}/${cert}.pem"
223 count=$((${count}+1))
224 done
225
226 # Resulting status
227 if [ ! ${count} ] ; then
228 eerror "No certificates were generated"
229 return 1
230 elif [ ${count} != ${#} ] ; then
231 ewarn "Some requested certificates were not generated"
232 fi
233}
234
235# @FUNCTION: install_cert
236# @USAGE: <certificates>
237# @DESCRIPTION:
238# Uses all the private functions above to generate and install the
239# requested certificates.
240# <certificates> are full pathnames relative to ROOT, without extension. 152# where <certificates> are full pathnames relative to ROOT, without extension.
241# 153#
242# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem} 154# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
243# 155#
244# Access: public 156# Access: public
245install_cert() { 157install_cert() {

Legend:
Removed from v.1.13  
changed lines
  Added in v.1.15

  ViewVC Help
Powered by ViewVC 1.1.20