Changes - j0ke.net Open Build Service

Changes of Revision 47

[-] [+]	Added	mkcert.sh.gz
@@ -0,0 +1,798 @@ +#!/bin/sh +## +## mkcert.sh -- Make SSL Certificate Files for `make certificate' command +## Copyright (c) 1998-1999 Ralf S. Engelschall, All Rights Reserved. +## + +# parameters +make="$1" +mflags="$2" +openssl="$3" +support="$4" +type="$5" +algo="$6" +crt="$7" +key="$8" +view="$9" + +# we can operate only inside the Apache 1.3 source +# tree and only when mod_ssl+OpenSSL is actually configured. +if test ! -f "../README.configure" -a ! -f "certificate.sh" ; then + echo "mkcert.sh:Error: Cannot operate outside the Apache 1.3 source tree." 1>&2 + echo "mkcert.sh:Hint: You have to stay inside apache_1.3.x/src." 1>&2 + exit 1 +fi +if [ ".$openssl" = . ]; then + echo "mkcert.sh:Error: mod_ssl/OpenSSL has to be configured before using this utility." 1>&2 + echo "mkcert.sh:Hint: Configure mod_ssl with --enable-module=ssl in APACI, first." 1>&2 + exit 1 +fi + +# configuration +# WE ARE CALLED FROM THE PARENT DIR! +sslcrtdir="../conf/ssl.crt" +sslcsrdir="../conf/ssl.csr" +sslkeydir="../conf/ssl.key" +sslprmdir="../conf/ssl.prm" + +if test -f "certificate.sh" ; then + sslcrtdir="/etc/apache2/ssl.crt" + sslcsrdir="/etc/apache2/ssl.csr" + sslkeydir="/etc/apache2/ssl.key" + sslprmdir="/etc/apache2/ssl.prm" +fi + +# some optional terminal sequences +case $TERM in + xterm\|xterm\|vt220\|vt220) + T_MD=`echo dummy \| awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'` + T_ME=`echo dummy \| awk '{ printf("%c%c%c", 27, 91, 109); }'` + ;; + vt100\|vt100*) + T_MD=`echo dummy \| awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'` + T_ME=`echo dummy \| awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'` + ;; + default) + T_MD='' + T_ME='' + ;; +esac + +# display header +echo "${T_MD}SSL Certificate Generation Utility${T_ME} (mkcert.sh)" +echo "Copyright (c) 1998 Ralf S. Engelschall, All Rights Reserved." + +# on request view certificates only +if [ ".$view" != . ]; then + if [ -f "$sslcrtdir/ca.crt" -a -f "$sslkeydir/ca.key" ]; then + echo "" + echo "${T_MD}CA X.509 Certificate${T_ME} [ca.crt]" + echo "______________________________________________________________________" + $openssl x509 -noout -text -in $sslcrtdir/ca.crt + echo "" + if [ ".`$openssl x509 -noout -text -in $sslcrtdir/ca.crt \| grep "Signature Algorithm" \| grep -i RSA`" != . ]; then + echo "${T_MD}CA RSA Private Key${T_ME} [ca.key]" + echo "______________________________________________________________________" + $openssl rsa -noout -text -in $sslkeydir/ca.key + else + echo "${T_MD}CA DSA Private Key${T_ME} [ca.key]" + echo "______________________________________________________________________" + $openssl dsa -noout -text -in $sslkeydir/ca.key + fi + fi + if [ -f "$sslcrtdir/server.crt" -a -f "$sslkeydir/server.key" ]; then + echo "" + echo "${T_MD}Server X.509 Certificate${T_ME} [server.crt]" + echo "______________________________________________________________________" + $openssl x509 -noout -text -in $sslcrtdir/server.crt + echo "" + if [ ".`$openssl x509 -noout -text -in $sslcrtdir/server.crt \| grep "Signature Algorithm" \| grep -i RSA`" != . ]; then + echo "${T_MD}Server RSA Private Key${T_ME} [server.key]" + echo "______________________________________________________________________" + $openssl rsa -noout -text -in $sslkeydir/server.key + else + echo "${T_MD}Server DSA Private Key${T_ME} [server.key]" + echo "______________________________________________________________________" + $openssl dsa -noout -text -in $sslkeydir/server.key + fi + fi + exit 0 +fi + +# find some random files +# (do not use /dev/random here, because this device +# doesn't work as expected on all platforms) +randfiles='' +for file in /var/log/messages /var/adm/messages \ + /kernel /vmunix /vmlinuz \ + /etc/hosts /etc/resolv.conf; do + if [ -f $file ]; then + if [ ".$randfiles" = . ]; then + randfiles="$file" + else + randfiles="${randfiles}:$file" + fi + fi +done + +# canonicalize parameters +case "x$type" in + x ) type=test ;; +esac +case "x$algo" in + xrsa ) algo=RSA ;; + xdsa ) algo=DSA ;; +esac + +# processing +case $type in + + dummy) + echo "" + echo "${T_MD}Generating self-signed Snake Oil certificate [DUMMY]${T_ME}" + echo "______________________________________________________________________" + echo "" + if [ ".$algo" = . ]; then + algo=RSA + fi + if [ ".$algo" = .RSA ]; then + cp $sslcrtdir/snakeoil-rsa.crt $sslcrtdir/server.crt + cp $sslkeydir/snakeoil-rsa.key $sslkeydir/server.key + else + cp $sslcrtdir/snakeoil-dsa.crt $sslcrtdir/server.crt + cp $sslkeydir/snakeoil-dsa.key $sslkeydir/server.key + fi + echo "${T_MD}RESULT: Server Certification Files${T_ME}" + echo "" + echo "o ${T_MD}conf/ssl.key/server.key${T_ME}" + echo " The PEM-encoded $algo private key file which you configure" + echo " with the 'SSLCertificateKeyFile' directive (automatically done" + echo " when you install via APACI). ${T_MD}KEEP THIS FILE PRIVATE!${T_ME}" + echo "" + echo "o ${T_MD}conf/ssl.crt/server.crt${T_ME}" + echo " The PEM-encoded X.509 certificate file which you configure" + echo " with the 'SSLCertificateFile' directive (automatically done" + echo " when you install via APACI)." + echo "" + echo "WARNING: Do not use this for real-life/production systems" + echo "" + ;; + + test) + echo "" + echo "${T_MD}Generating test certificate signed by Snake Oil CA [TEST]${T_ME}" + echo "WARNING: Do not use this for real-life/production systems" + if [ ".$algo" = . ]; then + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 0: Decide the signature algorithm used for certificate${T_ME}" + echo "The generated X.509 CA certificate can contain either" + echo "RSA or DSA based ingredients. Select the one you want to use." + def1=R def2=r def=RSA + prompt="Signature Algorithm ((R)SA or (D)SA) [$def1]:" + while [ 1 ]; do + echo dummy \| awk '{ printf("%s", prompt); }' "prompt=$prompt" + read algo + if [ ".$algo" = ".$def1" -o ".$algo" = ".$def2" -o ".$algo" = . ]; then + algo=$def + break + elif [ ".$algo" = ".R" -o ".$algo" = ".r" ]; then + algo=RSA + break + elif [ ".$algo" = ".D" -o ".$algo" = ".d" ]; then + algo=DSA + break + else + echo "mkcert.sh:Warning: Invalid selection" 1>&2 + fi + done + fi + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 1: Generating $algo private key (1024 bit) [server.key]${T_ME}" + if [ ! -f $HOME/.rnd ]; then + touch $HOME/.rnd + fi + if [ $algo = RSA ]; then + if [ ".$randfiles" != . ]; then + $openssl genrsa -rand $randfiles -out $sslkeydir/server.key 1024 + else