/[gentoo-x86]/eclass/ssl-cert.eclass
Gentoo

Diff of /eclass/ssl-cert.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.15 Revision 1.19
1# Copyright 1999-2004 Gentoo Foundation 1# Copyright 1999-2011 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.15 2008/04/14 06:27:45 ulm Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.19 2011/08/22 04:46:32 vapier Exp $
4# 4
5# @ECLASS: ssl-cert.eclass
6# @MAINTAINER:
7# @AUTHOR:
5# Author: Max Kalika <max@gentoo.org> 8# Max Kalika <max@gentoo.org>
6# 9# @BLURB: Eclass for SSL certificates
10# @DESCRIPTION:
7# This eclass implements standard installation procedure for installing 11# This eclass implements a standard installation procedure for installing
8# self-signed SSL certificates. 12# self-signed SSL certificates.
13# @EXAMPLE:
14# "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
9 15
10# Conditionally depend on OpenSSL: allows inheretence 16# Conditionally depend on OpenSSL: allows inheretence
11# without pulling extra packages if not needed 17# without pulling extra packages if not needed
12DEPEND="ssl? ( dev-libs/openssl )" 18DEPEND="ssl? ( dev-libs/openssl )"
13IUSE="ssl" 19IUSE="ssl"
14 20
21# @FUNCTION: gen_cnf
22# @USAGE:
23# @DESCRIPTION:
15# Initializes variables and generates the needed 24# Initializes variables and generates the needed
16# OpenSSL configuration file and a CA serial file 25# OpenSSL configuration file and a CA serial file
17# 26#
18# Access: private 27# Access: private
19gen_cnf() { 28gen_cnf() {
38 47
39 # Create the CA serial file 48 # Create the CA serial file
40 echo "01" > "${SSL_SERIAL}" 49 echo "01" > "${SSL_SERIAL}"
41 50
42 # Create the config file 51 # Create the config file
43 ebegin "Generating OpenSSL configuration" 52 ebegin "Generating OpenSSL configuration${1:+ for CA}"
44 cat <<-EOF > "${SSL_CONF}" 53 cat <<-EOF > "${SSL_CONF}"
45 [ req ] 54 [ req ]
46 prompt = no 55 prompt = no
47 default_bits = ${SSL_BITS} 56 default_bits = ${SSL_BITS}
48 distinguished_name = req_dn 57 distinguished_name = req_dn
50 C = ${SSL_COUNTRY} 59 C = ${SSL_COUNTRY}
51 ST = ${SSL_STATE} 60 ST = ${SSL_STATE}
52 L = ${SSL_LOCALITY} 61 L = ${SSL_LOCALITY}
53 O = ${SSL_ORGANIZATION} 62 O = ${SSL_ORGANIZATION}
54 OU = ${SSL_UNIT} 63 OU = ${SSL_UNIT}
55 CN = ${SSL_COMMONNAME} 64 CN = ${SSL_COMMONNAME}${1:+ CA}
56 emailAddress = ${SSL_EMAIL} 65 emailAddress = ${SSL_EMAIL}
57 EOF 66 EOF
58 eend $? 67 eend $?
59 68
60 return $? 69 return $?
61} 70}
62 71
72# @FUNCTION: get_base
73# @USAGE: [if_ca]
74# @RETURN: <base path>
75# @DESCRIPTION:
63# Simple function to determine whether we're creating 76# Simple function to determine whether we're creating
64# a CA (which should only be done once) or final part 77# a CA (which should only be done once) or final part
65# 78#
66# Access: private 79# Access: private
67get_base() { 80get_base() {
70 else 83 else
71 echo "${T}/${$}server" 84 echo "${T}/${$}server"
72 fi 85 fi
73} 86}
74 87
88# @FUNCTION: gen_key
89# @USAGE: <base path>
90# @DESCRIPTION:
75# Generates an RSA key 91# Generates an RSA key
76# 92#
77# Access: private 93# Access: private
78gen_key() { 94gen_key() {
79 local base=`get_base $1` 95 local base=`get_base $1`
83 eend $? 99 eend $?
84 100
85 return $? 101 return $?
86} 102}
87 103
104# @FUNCTION: gen_csr
105# @USAGE: <base path>
106# @DESCRIPTION:
88# Generates a certificate signing request using 107# Generates a certificate signing request using
89# the key made by gen_key() 108# the key made by gen_key()
90# 109#
91# Access: private 110# Access: private
92gen_csr() { 111gen_csr() {
97 eend $? 116 eend $?
98 117
99 return $? 118 return $?
100} 119}
101 120
121# @FUNCTION: gen_crt
122# @USAGE: <base path>
123# @DESCRIPTION:
102# Generates either a self-signed CA certificate using 124# Generates either a self-signed CA certificate using
103# the csr and key made by gen_csr() and gen_key() or 125# the csr and key made by gen_csr() and gen_key() or
104# a signed server certificate using the CA cert previously 126# a signed server certificate using the CA cert previously
105# created by gen_crt() 127# created by gen_crt()
106# 128#
123 eend $? 145 eend $?
124 146
125 return $? 147 return $?
126} 148}
127 149
150# @FUNCTION: gen_pem
151# @USAGE: <base path>
152# @DESCRIPTION:
128# Generates a PEM file by concatinating the key 153# Generates a PEM file by concatinating the key
129# and cert file created by gen_key() and gen_cert() 154# and cert file created by gen_key() and gen_cert()
130# 155#
131# Access: private 156# Access: private
132gen_pem() { 157gen_pem() {
143 eerror "Function \"docert\" has been removed for security reasons." 168 eerror "Function \"docert\" has been removed for security reasons."
144 eerror "\"install_cert\" should be used instead. See bug 174759." 169 eerror "\"install_cert\" should be used instead. See bug 174759."
145 die 170 die
146} 171}
147 172
173# @FUNCTION: install_cert
174# @USAGE: <certificates>
175# @DESCRIPTION:
148# Uses all the private functions above to generate 176# Uses all the private functions above to generate and install the
149# and install the requested certificates 177# requested certificates.
150#
151# Usage: install_cert <certificates>
152# where <certificates> are full pathnames relative to ROOT, without extension. 178# <certificates> are full pathnames relative to ROOT, without extension.
153# 179#
154# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem} 180# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
155# 181#
156# Access: public 182# Access: public
157install_cert() { 183install_cert() {
164 unpack|compile|test|install) 190 unpack|compile|test|install)
165 eerror "install_cert cannot be called in ${EBUILD_PHASE}" 191 eerror "install_cert cannot be called in ${EBUILD_PHASE}"
166 return 1 ;; 192 return 1 ;;
167 esac 193 esac
168 194
169 # Initialize configuration 195 # Generate a CA environment #164601
170 gen_cnf || return 1 196 gen_cnf 1 || return 1
171 echo
172
173 # Generate a CA environment
174 gen_key 1 || return 1 197 gen_key 1 || return 1
175 gen_csr 1 || return 1 198 gen_csr 1 || return 1
176 gen_crt 1 || return 1 199 gen_crt 1 || return 1
200 echo
201
202 gen_cnf || return 1
177 echo 203 echo
178 204
179 local count=0 205 local count=0
180 for cert in "$@" ; do 206 for cert in "$@" ; do
181 # Check the requested certificate 207 # Check the requested certificate
208 install -m0400 "${base}.pem" "${ROOT}${cert}.pem" 234 install -m0400 "${base}.pem" "${ROOT}${cert}.pem"
209 count=$((${count}+1)) 235 count=$((${count}+1))
210 done 236 done
211 237
212 # Resulting status 238 # Resulting status
213 if [ ! ${count} ] ; then 239 if [ ${count} = 0 ] ; then
214 eerror "No certificates were generated" 240 eerror "No certificates were generated"
215 return 1 241 return 1
216 elif [ ${count} != ${#} ] ; then 242 elif [ ${count} != ${#} ] ; then
217 ewarn "Some requested certificates were not generated" 243 ewarn "Some requested certificates were not generated"
218 fi 244 fi

Legend:
Removed from v.1.15  
changed lines
  Added in v.1.19

  ViewVC Help
Powered by ViewVC 1.1.20