#!/bin/sh
# Author: Christoph Galuschka <christoph.galuschka@chello.at>
t_Log "Running $0 - openssl create self signed certificate, build symlink and verify certificate test."
ret_val=0
# create working-dir
TESTDIR='/var/tmp/openssl-test'
mkdir -p $TESTDIR
#create private key
if (t_GetPkgRel basesystem | grep -q el6)
then
openssl genpkey -algorithm rsa -out $TESTDIR/server.key.secure -pkeyopt rsa_keygen_bits:2048 > /dev/null 2>&1
else
openssl genrsa -passout pass:centos -des3 -rand file1:file2:file3:file4:file5 -out $TESTDIR/server.key.secure 2048 > /dev/null 2>&1
fi
if [ $? == 1 ]
then t_Log "Creation of private key failed."
ret_val=1
exit
fi
#create default answer file
cat > $TESTDIR/openssl_answers<<EOF
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
string_mask = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = UK
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = somestate
localityName = Locality Name (eg, city)
localityName_default = somecity
0.organizationName = Organization Name (eg, company)
0.organizationName_default = CentOS-Project
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = CentOS
EOF
if (t_GetPkgRel basesystem | grep -q el6)
then
openssl rsa -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1
else
openssl rsa -passin pass:centos -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1
fi
if [ $? == 1 ]
then t_Log "Creation of server key failed."
ret_val=1
exit
fi
openssl req -batch -config $TESTDIR/openssl_answers -new -key $TESTDIR/server.key -out $TESTDIR/server.csr > /dev/null 2>&1
if [ $? == 1 ]
then t_Log "Creation of CSR failed."
ret_val=1
exit
fi
openssl x509 -req -days 3600 -in $TESTDIR/server.csr -signkey $TESTDIR/server.key -out $TESTDIR/server.crt > /dev/null 2>&1
if [ $? == 1 ]
then t_Log "Creation of CRT failed."
ret_val=1
exit
fi
# get openssl-Path
sslvar=$(openssl version -d)
regex='OPENSSLDIR\:\ \"(.*)\"'
if [[ $sslvar =~ $regex ]]
then
sslpath=${BASH_REMATCH[1]}
else
t_Log "Could not find openssl config directory"
ret_val=1
exit
fi
# prepare verification of certificate
cp $TESTDIR/server.crt $sslpath/certs/
HASH=$(openssl x509 -noout -hash -in $sslpath/certs/server.crt)
if [ $? == 1 ]
then t_Log "Creation of Certificate HASH failed."
ret_val=1
exit
fi
#Link Hash to Cert
ln -s $sslpath/certs/server.crt $sslpath/certs/${HASH}.0
#do verification
openssl verify /var/tmp/openssl-test/server.crt |grep -cq OK
if [ $? == 1 ]
then t_Log "Self signed Cert verification failed."
ret_val=1
exit
fi
t_CheckExitStatus $ret_val
#reversing changes
/bin/rm -rf $TESTDIR $sslpath/certs/server.crt $sslpath/certs/${HASH}*