/[gentoo-x86]/eclass/ssl-cert.eclass
Gentoo

Diff of /eclass/ssl-cert.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.8 Revision 1.13
1# Copyright 1999-2004 Gentoo Foundation 1# Copyright 1999-2004 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.8 2005/07/06 21:01:21 agriffis Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.13 2007/12/28 17:48:34 ulm Exp $
4# 4#
5# @ECLASS: ssl-cert.eclass
6# @MAINTAINER:
5# Author: Max Kalika <max@gentoo.org> 7# Author: Max Kalika <max@gentoo.org>
6# 8# @BLURB: Eclass for SSL certificates
9# @DESCRIPTION:
7# This eclass implements standard installation procedure for installing 10# This eclass implements standard installation procedure for installing
8# self-signed SSL certificates. 11# self-signed SSL certificates.
12# @EXAMPLE:
13# "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
9 14
10# Conditionally depend on OpenSSL: allows inheretence 15# Conditionally depend on OpenSSL: allows inheretence
11# without pulling extra packages if not needed 16# without pulling extra packages if not needed
12DEPEND="ssl? ( dev-libs/openssl )" 17DEPEND="ssl? ( dev-libs/openssl )"
13IUSE="ssl" 18IUSE="ssl"
14 19
20# @FUNCTION: gen_cnf
21# @USAGE:
22# @DESCRIPTION:
15# Initializes variables and generates the needed 23# Initializes variables and generates the needed
16# OpenSSL configuration file and a CA serial file 24# OpenSSL configuration file and a CA serial file
17# 25#
18# Access: private 26# Access: private
19gen_cnf() { 27gen_cnf() {
20 # Location of the config file 28 # Location of the config file
24 # Location of some random files OpenSSL can use: don't use 32 # Location of some random files OpenSSL can use: don't use
25 # /dev/u?random here -- doesn't work properly on all platforms 33 # /dev/u?random here -- doesn't work properly on all platforms
26 SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf" 34 SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf"
27 35
28 # These can be overridden in the ebuild 36 # These can be overridden in the ebuild
29 SSL_DAYS="${SSL_BITS:-730}" 37 SSL_DAYS="${SSL_DAYS:-730}"
30 SSL_BITS="${SSL_BITS:-1024}" 38 SSL_BITS="${SSL_BITS:-1024}"
31 SSL_COUNTRY="${SSL_COUNTRY:-US}" 39 SSL_COUNTRY="${SSL_COUNTRY:-US}"
32 SSL_STATE="${SSL_STATE:-California}" 40 SSL_STATE="${SSL_STATE:-California}"
33 SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}" 41 SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}"
34 SSL_ORGANIZATION="${SSL_ORGANIZATION:-SSL Server}" 42 SSL_ORGANIZATION="${SSL_ORGANIZATION:-SSL Server}"
54 OU = ${SSL_UNIT} 62 OU = ${SSL_UNIT}
55 CN = ${SSL_COMMONNAME} 63 CN = ${SSL_COMMONNAME}
56 emailAddress = ${SSL_EMAIL} 64 emailAddress = ${SSL_EMAIL}
57 EOF 65 EOF
58 eend $? 66 eend $?
59
60 return $?
61}
62 67
68 return $?
69}
70
71# @FUNCTION: get_base
72# @USAGE: [if_ca]
73# @RETURN: <base path>
74# @DESCRIPTION:
63# Simple function to determine whether we're creating 75# Simple function to determine whether we're creating
64# a CA (which should only be done once) or final part 76# a CA (which should only be done once) or final part
65# 77#
66# Access: private 78# Access: private
67get_base() { 79get_base() {
70 else 82 else
71 echo "${T}/${$}server" 83 echo "${T}/${$}server"
72 fi 84 fi
73} 85}
74 86
87# @FUNCTION: gen_key
88# @USAGE: <base path>
89# @DESCRIPTION:
75# Generates an RSA key 90# Generates an RSA key
76# 91#
77# Access: private 92# Access: private
78gen_key() { 93gen_key() {
79 local base=`get_base $1` 94 local base=`get_base $1`
83 eend $? 98 eend $?
84 99
85 return $? 100 return $?
86} 101}
87 102
103# @FUNCTION: gen_csr
104# @USAGE: <base path>
105# @DESCRIPTION:
88# Generates a certificate signing request using 106# Generates a certificate signing request using
89# the key made by gen_key() 107# the key made by gen_key()
90# 108#
91# Access: private 109# Access: private
92gen_csr() { 110gen_csr() {
97 eend $? 115 eend $?
98 116
99 return $? 117 return $?
100} 118}
101 119
120# @FUNCTION: gen_crt
121# @USAGE: <base path>
122# @DESCRIPTION:
102# Generates either a self-signed CA certificate using 123# Generates either a self-signed CA certificate using
103# the csr and key made by gen_csr() and gen_key() or 124# the csr and key made by gen_csr() and gen_key() or
104# a signed server certificate using the CA cert previously 125# a signed server certificate using the CA cert previously
105# created by gen_crt() 126# created by gen_crt()
106# 127#
123 eend $? 144 eend $?
124 145
125 return $? 146 return $?
126} 147}
127 148
149# @FUNCTION: gen_pem
150# @USAGE: <base path>
151# @DESCRIPTION:
128# Generates a PEM file by concatinating the key 152# Generates a PEM file by concatinating the key
129# and cert file created by gen_key() and gen_cert() 153# and cert file created by gen_key() and gen_cert()
130# 154#
131# Access: private 155# Access: private
132gen_pem() { 156gen_pem() {
138 return $? 162 return $?
139} 163}
140 164
141# Uses all the private functions above to generate 165# Uses all the private functions above to generate
142# and install the requested certificates 166# and install the requested certificates
167# Note: This function is deprecated, use install_cert instead
143# 168#
144# Access: public 169# Access: public
145docert() { 170docert() {
171 ewarn "Function \"docert\" is deprecated for security reasons."
172 ewarn "\"install_cert\" should be used instead. See bug #174759."
173
146 if [ $# -lt 1 ] ; then 174 if [ $# -lt 1 ] ; then
147 eerror "At least one argument needed" 175 eerror "At least one argument needed"
148 return 1; 176 return 1;
149 fi 177 fi
150 178
201 return 1 229 return 1
202 elif [ ${count} != ${#} ] ; then 230 elif [ ${count} != ${#} ] ; then
203 ewarn "Some requested certificates were not generated" 231 ewarn "Some requested certificates were not generated"
204 fi 232 fi
205} 233}
234
235# @FUNCTION: install_cert
236# @USAGE: <certificates>
237# @DESCRIPTION:
238# Uses all the private functions above to generate and install the
239# requested certificates.
240# <certificates> are full pathnames relative to ROOT, without extension.
241#
242# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
243#
244# Access: public
245install_cert() {
246 if [ $# -lt 1 ] ; then
247 eerror "At least one argument needed"
248 return 1;
249 fi
250
251 case ${EBUILD_PHASE} in
252 unpack|compile|test|install)
253 eerror "install_cert cannot be called in ${EBUILD_PHASE}"
254 return 1 ;;
255 esac
256
257 # Initialize configuration
258 gen_cnf || return 1
259 echo
260
261 # Generate a CA environment
262 gen_key 1 || return 1
263 gen_csr 1 || return 1
264 gen_crt 1 || return 1
265 echo
266
267 local count=0
268 for cert in "$@" ; do
269 # Check the requested certificate
270 if [ -z "${cert##*/}" ] ; then
271 ewarn "Invalid certification requested, skipping"
272 continue
273 fi
274
275 # Check for previous existence of generated files
276 for type in key csr crt pem ; do
277 if [ -e "${ROOT}${cert}.${type}" ] ; then
278 ewarn "${ROOT}${cert}.${type}: exists, skipping"
279 continue 2
280 fi
281 done
282
283 # Generate the requested files
284 gen_key || continue
285 gen_csr || continue
286 gen_crt || continue
287 gen_pem || continue
288 echo
289
290 # Install the generated files and set sane permissions
291 local base=$(get_base)
292 install -d "${ROOT}${cert%/*}"
293 install -m0400 "${base}.key" "${ROOT}${cert}.key"
294 install -m0444 "${base}.csr" "${ROOT}${cert}.csr"
295 install -m0444 "${base}.crt" "${ROOT}${cert}.crt"
296 install -m0400 "${base}.pem" "${ROOT}${cert}.pem"
297 count=$((${count}+1))
298 done
299
300 # Resulting status
301 if [ ! ${count} ] ; then
302 eerror "No certificates were generated"
303 return 1
304 elif [ ${count} != ${#} ] ; then
305 ewarn "Some requested certificates were not generated"
306 fi
307}

Legend:
Removed from v.1.8  
changed lines
  Added in v.1.13

  ViewVC Help
Powered by ViewVC 1.1.20