| Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame^] | 1 | #!/bin/sh |
| 2 | # |
| 3 | # This is a wrapper script to create default certificates when the |
| 4 | # server first starts in debugging mode. Once the certificates have been |
| 5 | # created, this file should be deleted. |
| 6 | # |
| 7 | # Ideally, this program should be run as part of the installation of any |
| 8 | # binary package. The installation should also ensure that the permissions |
| 9 | # and owners are correct for the files generated by this script. |
| 10 | # |
| 11 | # $Id: c9d939beac8d5bdc21ea1ff9233442f9ab933297 $ |
| 12 | # |
| 13 | umask 027 |
| 14 | cd `dirname $0` |
| 15 | |
| 16 | make -h > /dev/null 2>&1 |
| 17 | |
| 18 | # |
| 19 | # If we have a working "make", then use it. Otherwise, run the commands |
| 20 | # manually. |
| 21 | # |
| 22 | if [ "$?" = "0" ]; then |
| 23 | make all |
| 24 | exit $? |
| 25 | fi |
| 26 | |
| 27 | # |
| 28 | # The following commands were created by running "make -n", and edited |
| 29 | # to remove the trailing backslash, and to add "exit 1" after the commands. |
| 30 | # |
| 31 | # Don't edit the following text. Instead, edit the Makefile, and |
| 32 | # re-generate these commands. |
| 33 | # |
| 34 | if [ ! -f dh ]; then |
| 35 | openssl dhparam -out dh 1024 || exit 1 |
| 36 | if [ -e /dev/urandom ] ; then |
| 37 | ln -sf /dev/urandom random |
| 38 | else |
| 39 | date > ./random; |
| 40 | fi |
| 41 | fi |
| 42 | |
| 43 | if [ ! -f server.key ]; then |
| 44 | openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1 |
| 45 | fi |
| 46 | |
| 47 | if [ ! -f ca.key ]; then |
| 48 | openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1 |
| 49 | fi |
| 50 | |
| 51 | if [ ! -f index.txt ]; then |
| 52 | touch index.txt |
| 53 | fi |
| 54 | |
| 55 | if [ ! -f serial ]; then |
| 56 | echo '01' > serial |
| 57 | fi |
| 58 | |
| 59 | if [ ! -f server.crt ]; then |
| 60 | openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf || exit 1 |
| 61 | fi |
| 62 | |
| 63 | if [ ! -f server.p12 ]; then |
| 64 | openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1 |
| 65 | fi |
| 66 | |
| 67 | if [ ! -f server.pem ]; then |
| 68 | openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1 |
| 69 | openssl verify -CAfile ca.pem server.pem || exit 1 |
| 70 | fi |
| 71 | |
| 72 | if [ ! -f ca.der ]; then |
| 73 | openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der || exit 1 |
| 74 | fi |
| 75 | |
| 76 | if [ ! -f client.key ]; then |
| 77 | openssl req -new -out client.csr -keyout client.key -config ./client.cnf |
| 78 | fi |
| 79 | |
| 80 | if [ ! -f client.crt ]; then |
| 81 | openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf |
| 82 | fi |