/[gentoo-x86]/eclass/ssl-cert.eclass
Gentoo

Diff of /eclass/ssl-cert.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.13 Revision 1.18
1# Copyright 1999-2004 Gentoo Foundation 1# Copyright 1999-2004 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.13 2007/12/28 17:48:34 ulm Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.18 2010/02/16 14:23:39 pva Exp $
4# 4#
5# @ECLASS: ssl-cert.eclass 5# @ECLASS: ssl-cert.eclass
6# @MAINTAINER: 6# @MAINTAINER:
7# Author: Max Kalika <max@gentoo.org> 7# Author: Max Kalika <max@gentoo.org>
8# @BLURB: Eclass for SSL certificates 8# @BLURB: Eclass for SSL certificates
9# @DESCRIPTION: 9# @DESCRIPTION:
10# This eclass implements standard installation procedure for installing 10# This eclass implements a standard installation procedure for installing
11# self-signed SSL certificates. 11# self-signed SSL certificates.
12# @EXAMPLE: 12# @EXAMPLE:
13# "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem} 13# "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
14 14
15# Conditionally depend on OpenSSL: allows inheretence 15# Conditionally depend on OpenSSL: allows inheretence
46 46
47 # Create the CA serial file 47 # Create the CA serial file
48 echo "01" > "${SSL_SERIAL}" 48 echo "01" > "${SSL_SERIAL}"
49 49
50 # Create the config file 50 # Create the config file
51 ebegin "Generating OpenSSL configuration" 51 ebegin "Generating OpenSSL configuration${1:+ for CA}"
52 cat <<-EOF > "${SSL_CONF}" 52 cat <<-EOF > "${SSL_CONF}"
53 [ req ] 53 [ req ]
54 prompt = no 54 prompt = no
55 default_bits = ${SSL_BITS} 55 default_bits = ${SSL_BITS}
56 distinguished_name = req_dn 56 distinguished_name = req_dn
58 C = ${SSL_COUNTRY} 58 C = ${SSL_COUNTRY}
59 ST = ${SSL_STATE} 59 ST = ${SSL_STATE}
60 L = ${SSL_LOCALITY} 60 L = ${SSL_LOCALITY}
61 O = ${SSL_ORGANIZATION} 61 O = ${SSL_ORGANIZATION}
62 OU = ${SSL_UNIT} 62 OU = ${SSL_UNIT}
63 CN = ${SSL_COMMONNAME} 63 CN = ${SSL_COMMONNAME}${1:+ CA}
64 emailAddress = ${SSL_EMAIL} 64 emailAddress = ${SSL_EMAIL}
65 EOF 65 EOF
66 eend $? 66 eend $?
67 67
68 return $? 68 return $?
160 eend $? 160 eend $?
161 161
162 return $? 162 return $?
163} 163}
164 164
165# Uses all the private functions above to generate 165# Removed due to bug 174759
166# and install the requested certificates
167# Note: This function is deprecated, use install_cert instead
168#
169# Access: public
170docert() { 166docert() {
171 ewarn "Function \"docert\" is deprecated for security reasons." 167 eerror "Function \"docert\" has been removed for security reasons."
172 ewarn "\"install_cert\" should be used instead. See bug #174759." 168 eerror "\"install_cert\" should be used instead. See bug 174759."
173 169 die
174 if [ $# -lt 1 ] ; then
175 eerror "At least one argument needed"
176 return 1;
177 fi
178
179 # Initialize configuration
180 gen_cnf || return 1
181 echo
182
183 # Generate a CA environment
184 gen_key 1 || return 1
185 gen_csr 1 || return 1
186 gen_crt 1 || return 1
187 echo
188
189 local count=0
190 for cert in "$@" ; do
191 # Sanitize and check the requested certificate
192 cert="`/usr/bin/basename "${cert}"`"
193 if [ -z "${cert}" ] ; then
194 ewarn "Invalid certification requested, skipping"
195 continue
196 fi
197
198 # Check for previous existence of generated files
199 for type in key crt pem ; do
200 if [ -e "${D}${INSDESTTREE}/${cert}.${type}" ] ; then
201 ewarn "${D}${INSDESTTREE}/${cert}.${type}: exists, skipping"
202 continue 2
203 fi
204 done
205
206 # Generate the requested files
207 gen_key || continue
208 gen_csr || continue
209 gen_crt || continue
210 gen_pem || continue
211 echo
212
213 # Install the generated files and set sane permissions
214 local base=`get_base`
215 newins "${base}.key" "${cert}.key"
216 fperms 0400 "${INSDESTTREE}/${cert}.key"
217 newins "${base}.csr" "${cert}.csr"
218 fperms 0444 "${INSDESTTREE}/${cert}.csr"
219 newins "${base}.crt" "${cert}.crt"
220 fperms 0444 "${INSDESTTREE}/${cert}.crt"
221 newins "${base}.pem" "${cert}.pem"
222 fperms 0400 "${INSDESTTREE}/${cert}.pem"
223 count=$((${count}+1))
224 done
225
226 # Resulting status
227 if [ ! ${count} ] ; then
228 eerror "No certificates were generated"
229 return 1
230 elif [ ${count} != ${#} ] ; then
231 ewarn "Some requested certificates were not generated"
232 fi
233} 170}
234 171
235# @FUNCTION: install_cert 172# @FUNCTION: install_cert
236# @USAGE: <certificates> 173# @USAGE: <certificates>
237# @DESCRIPTION: 174# @DESCRIPTION:
252 unpack|compile|test|install) 189 unpack|compile|test|install)
253 eerror "install_cert cannot be called in ${EBUILD_PHASE}" 190 eerror "install_cert cannot be called in ${EBUILD_PHASE}"
254 return 1 ;; 191 return 1 ;;
255 esac 192 esac
256 193
257 # Initialize configuration 194 # Generate a CA environment #164601
258 gen_cnf || return 1 195 gen_cnf 1 || return 1
259 echo
260
261 # Generate a CA environment
262 gen_key 1 || return 1 196 gen_key 1 || return 1
263 gen_csr 1 || return 1 197 gen_csr 1 || return 1
264 gen_crt 1 || return 1 198 gen_crt 1 || return 1
199 echo
200
201 gen_cnf || return 1
265 echo 202 echo
266 203
267 local count=0 204 local count=0
268 for cert in "$@" ; do 205 for cert in "$@" ; do
269 # Check the requested certificate 206 # Check the requested certificate
296 install -m0400 "${base}.pem" "${ROOT}${cert}.pem" 233 install -m0400 "${base}.pem" "${ROOT}${cert}.pem"
297 count=$((${count}+1)) 234 count=$((${count}+1))
298 done 235 done
299 236
300 # Resulting status 237 # Resulting status
301 if [ ! ${count} ] ; then 238 if [ ${count} = 0 ] ; then
302 eerror "No certificates were generated" 239 eerror "No certificates were generated"
303 return 1 240 return 1
304 elif [ ${count} != ${#} ] ; then 241 elif [ ${count} != ${#} ] ; then
305 ewarn "Some requested certificates were not generated" 242 ewarn "Some requested certificates were not generated"
306 fi 243 fi

Legend:
Removed from v.1.13  
changed lines
  Added in v.1.18

  ViewVC Help
Powered by ViewVC 1.1.20