/[gentoo-x86]/eclass/ssl-cert.eclass

Diff of /eclass/ssl-cert.eclass

Parent Directory | Revision Log | View Patch Patch

Revision 1.13		Revision 1.15
1	# Copyright 1999-2004 Gentoo Foundation	1	# Copyright 1999-2004 Gentoo Foundation
2	# Distributed under the terms of the GNU General Public License v2	2	# Distributed under the terms of the GNU General Public License v2
3	# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.13 2007/12/28 17:48:34 ulm Exp $	3	# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.15 2008/04/14 06:27:45 ulm Exp $
4	#	4	#
5	# @ECLASS: ssl-cert.eclass
6	# @MAINTAINER:
7	# Author: Max Kalika <max@gentoo.org>	5	# Author: Max Kalika <max@gentoo.org>
8	# @BLURB: Eclass for SSL certificates	6	#
9	# @DESCRIPTION:
10	# This eclass implements standard installation procedure for installing	7	# This eclass implements standard installation procedure for installing
11	# self-signed SSL certificates.	8	# self-signed SSL certificates.
12	# @EXAMPLE:
13	# "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
14		9
15	# Conditionally depend on OpenSSL: allows inheretence	10	# Conditionally depend on OpenSSL: allows inheretence
16	# without pulling extra packages if not needed	11	# without pulling extra packages if not needed
17	DEPEND="ssl? ( dev-libs/openssl )"	12	DEPEND="ssl? ( dev-libs/openssl )"
18	IUSE="ssl"	13	IUSE="ssl"
19		14
20	# @FUNCTION: gen_cnf
21	# @USAGE:
22	# @DESCRIPTION:
23	# Initializes variables and generates the needed	15	# Initializes variables and generates the needed
24	# OpenSSL configuration file and a CA serial file	16	# OpenSSL configuration file and a CA serial file
25	#	17	#
26	# Access: private	18	# Access: private
27	gen_cnf() {	19	gen_cnf() {
…		…
66	eend $?	58	eend $?
67		59
68	return $?	60	return $?
69	}	61	}
70		62
71	# @FUNCTION: get_base
72	# @USAGE: [if_ca]
73	# @RETURN: <base path>
74	# @DESCRIPTION:
75	# Simple function to determine whether we're creating	63	# Simple function to determine whether we're creating
76	# a CA (which should only be done once) or final part	64	# a CA (which should only be done once) or final part
77	#	65	#
78	# Access: private	66	# Access: private
79	get_base() {	67	get_base() {
…		…
82	else	70	else
83	echo "${T}/${$}server"	71	echo "${T}/${$}server"
84	fi	72	fi
85	}	73	}
86		74
87	# @FUNCTION: gen_key
88	# @USAGE: <base path>
89	# @DESCRIPTION:
90	# Generates an RSA key	75	# Generates an RSA key
91	#	76	#
92	# Access: private	77	# Access: private
93	gen_key() {	78	gen_key() {
94	local base=`get_base $1`	79	local base=`get_base $1`
…		…
98	eend $?	83	eend $?
99		84
100	return $?	85	return $?
101	}	86	}
102		87
103	# @FUNCTION: gen_csr
104	# @USAGE: <base path>
105	# @DESCRIPTION:
106	# Generates a certificate signing request using	88	# Generates a certificate signing request using
107	# the key made by gen_key()	89	# the key made by gen_key()
108	#	90	#
109	# Access: private	91	# Access: private
110	gen_csr() {	92	gen_csr() {
…		…
115	eend $?	97	eend $?
116		98
117	return $?	99	return $?
118	}	100	}
119		101
120	# @FUNCTION: gen_crt
121	# @USAGE: <base path>
122	# @DESCRIPTION:
123	# Generates either a self-signed CA certificate using	102	# Generates either a self-signed CA certificate using
124	# the csr and key made by gen_csr() and gen_key() or	103	# the csr and key made by gen_csr() and gen_key() or
125	# a signed server certificate using the CA cert previously	104	# a signed server certificate using the CA cert previously
126	# created by gen_crt()	105	# created by gen_crt()
127	#	106	#
…		…
144	eend $?	123	eend $?
145		124
146	return $?	125	return $?
147	}	126	}
148		127
149	# @FUNCTION: gen_pem
150	# @USAGE: <base path>
151	# @DESCRIPTION:
152	# Generates a PEM file by concatinating the key	128	# Generates a PEM file by concatinating the key
153	# and cert file created by gen_key() and gen_cert()	129	# and cert file created by gen_key() and gen_cert()
154	#	130	#
155	# Access: private	131	# Access: private
156	gen_pem() {	132	gen_pem() {
…		…
160	eend $?	136	eend $?
161		137
162	return $?	138	return $?
163	}	139	}
164		140
		141	# Removed due to bug 174759
		142	docert() {
		143	eerror "Function \"docert\" has been removed for security reasons."
		144	eerror "\"install_cert\" should be used instead. See bug 174759."
		145	die
		146	}
		147
165	# Uses all the private functions above to generate	148	# Uses all the private functions above to generate
166	# and install the requested certificates	149	# and install the requested certificates
167	# Note: This function is deprecated, use install_cert instead
168	#	150	#
169	# Access: public	151	# Usage: install_cert <certificates>
170	docert() {
171	ewarn "Function \"docert\" is deprecated for security reasons."
172	ewarn "\"install_cert\" should be used instead. See bug #174759."
173
174	if [ $# -lt 1 ] ; then
175	eerror "At least one argument needed"
176	return 1;
177	fi
178
179	# Initialize configuration
180	gen_cnf \|\| return 1
181	echo
182
183	# Generate a CA environment
184	gen_key 1 \|\| return 1
185	gen_csr 1 \|\| return 1
186	gen_crt 1 \|\| return 1
187	echo
188
189	local count=0
190	for cert in "$@" ; do
191	# Sanitize and check the requested certificate
192	cert="`/usr/bin/basename "${cert}"`"
193	if [ -z "${cert}" ] ; then
194	ewarn "Invalid certification requested, skipping"
195	continue
196	fi
197
198	# Check for previous existence of generated files
199	for type in key crt pem ; do
200	if [ -e "${D}${INSDESTTREE}/${cert}.${type}" ] ; then
201	ewarn "${D}${INSDESTTREE}/${cert}.${type}: exists, skipping"
202	continue 2
203	fi
204	done
205
206	# Generate the requested files
207	gen_key \|\| continue
208	gen_csr \|\| continue
209	gen_crt \|\| continue
210	gen_pem \|\| continue
211	echo
212
213	# Install the generated files and set sane permissions
214	local base=`get_base`
215	newins "${base}.key" "${cert}.key"
216	fperms 0400 "${INSDESTTREE}/${cert}.key"
217	newins "${base}.csr" "${cert}.csr"
218	fperms 0444 "${INSDESTTREE}/${cert}.csr"
219	newins "${base}.crt" "${cert}.crt"
220	fperms 0444 "${INSDESTTREE}/${cert}.crt"
221	newins "${base}.pem" "${cert}.pem"
222	fperms 0400 "${INSDESTTREE}/${cert}.pem"
223	count=$((${count}+1))
224	done
225
226	# Resulting status
227	if [ ! ${count} ] ; then
228	eerror "No certificates were generated"
229	return 1
230	elif [ ${count} != ${#} ] ; then
231	ewarn "Some requested certificates were not generated"
232	fi
233	}
234
235	# @FUNCTION: install_cert
236	# @USAGE: <certificates>
237	# @DESCRIPTION:
238	# Uses all the private functions above to generate and install the
239	# requested certificates.
240	# <certificates> are full pathnames relative to ROOT, without extension.	152	# where <certificates> are full pathnames relative to ROOT, without extension.
241	#	153	#
242	# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}	154	# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
243	#	155	#
244	# Access: public	156	# Access: public
245	install_cert() {	157	install_cert() {

 Legend:



Removed from v.1.13
 


changed lines


 
Added in v.1.15
 Legend:



Removed from v.1.13
 


changed lines


 
Added in v.1.15
-Removed from v.1.13
+Added in v.1.15

	ViewVC Help
Powered by ViewVC 1.1.13