|
Christoph Galuschka |
195fe3 |
#!/bin/sh
|
|
Christoph Galuschka |
195fe3 |
# Author: Christoph Galuschka <christoph.galuschka@chello.at>
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
t_Log "Running $0 - openssl create self signed certificate, build symlink and verify certificate test."
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
ret_val=0
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
# create working-dir
|
|
Christoph Galuschka |
195fe3 |
TESTDIR='/var/tmp/openssl-test'
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
mkdir -p $TESTDIR
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
#create private key
|
|
Christoph Galuschka |
195fe3 |
if (t_GetPkgRel basesystem | grep -q el6)
|
|
Christoph Galuschka |
195fe3 |
then
|
|
Christoph Galuschka |
195fe3 |
openssl genpkey -algorithm rsa -out $TESTDIR/server.key.secure -pkeyopt rsa_keygen_bits:2048 > /dev/null 2>&1
|
|
Christoph Galuschka |
195fe3 |
else
|
|
Christoph Galuschka |
195fe3 |
openssl genrsa -passout pass:centos -des3 -rand file1:file2:file3:file4:file5 -out $TESTDIR/server.key.secure 2048 > /dev/null 2>&1
|
|
Christoph Galuschka |
195fe3 |
fi
|
|
Christoph Galuschka |
195fe3 |
if [ $? == 1 ]
|
|
Christoph Galuschka |
195fe3 |
then t_Log "Creation of private key failed."
|
|
Christoph Galuschka |
195fe3 |
ret_val=1
|
|
Christoph Galuschka |
195fe3 |
exit
|
|
Christoph Galuschka |
195fe3 |
fi
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
#create default answer file
|
|
Christoph Galuschka |
195fe3 |
cat > $TESTDIR/openssl_answers<
|
|
Christoph Galuschka |
195fe3 |
[ req ]
|
|
Christoph Galuschka |
195fe3 |
default_bits = 2048
|
|
Christoph Galuschka |
195fe3 |
distinguished_name = req_distinguished_name
|
|
Christoph Galuschka |
195fe3 |
string_mask = nombstr
|
|
Christoph Galuschka |
195fe3 |
[ req_distinguished_name ]
|
|
Christoph Galuschka |
195fe3 |
countryName = Country Name (2 letter code)
|
|
Christoph Galuschka |
195fe3 |
countryName_default = UK
|
|
Christoph Galuschka |
195fe3 |
stateOrProvinceName = State or Province Name (full name)
|
|
Christoph Galuschka |
195fe3 |
stateOrProvinceName_default = somestate
|
|
Christoph Galuschka |
195fe3 |
localityName = Locality Name (eg, city)
|
|
Christoph Galuschka |
195fe3 |
localityName_default = somecity
|
|
Christoph Galuschka |
195fe3 |
0.organizationName = Organization Name (eg, company)
|
|
Christoph Galuschka |
195fe3 |
0.organizationName_default = CentOS-Project
|
|
Christoph Galuschka |
195fe3 |
organizationalUnitName = Organizational Unit Name (eg, section)
|
|
Christoph Galuschka |
195fe3 |
organizationalUnitName_default = CentOS
|
|
Christoph Galuschka |
195fe3 |
EOF
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
if (t_GetPkgRel basesystem | grep -q el6)
|
|
Christoph Galuschka |
195fe3 |
then
|
|
Christoph Galuschka |
195fe3 |
openssl rsa -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1
|
|
Christoph Galuschka |
195fe3 |
else
|
|
Christoph Galuschka |
195fe3 |
openssl rsa -passin pass:centos -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1
|
|
Christoph Galuschka |
195fe3 |
fi
|
|
Christoph Galuschka |
195fe3 |
if [ $? == 1 ]
|
|
Christoph Galuschka |
195fe3 |
then t_Log "Creation of server key failed."
|
|
Christoph Galuschka |
195fe3 |
ret_val=1
|
|
Christoph Galuschka |
195fe3 |
exit
|
|
Christoph Galuschka |
195fe3 |
fi
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
openssl req -batch -config $TESTDIR/openssl_answers -new -key $TESTDIR/server.key -out $TESTDIR/server.csr > /dev/null 2>&1
|
|
Christoph Galuschka |
195fe3 |
if [ $? == 1 ]
|
|
Christoph Galuschka |
195fe3 |
then t_Log "Creation of CSR failed."
|
|
Christoph Galuschka |
195fe3 |
ret_val=1
|
|
Christoph Galuschka |
195fe3 |
exit
|
|
Christoph Galuschka |
195fe3 |
fi
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
openssl x509 -req -days 3600 -in $TESTDIR/server.csr -signkey $TESTDIR/server.key -out $TESTDIR/server.crt > /dev/null 2>&1
|
|
Christoph Galuschka |
195fe3 |
if [ $? == 1 ]
|
|
Christoph Galuschka |
195fe3 |
then t_Log "Creation of CRT failed."
|
|
Christoph Galuschka |
195fe3 |
ret_val=1
|
|
Christoph Galuschka |
195fe3 |
exit
|
|
Christoph Galuschka |
195fe3 |
fi
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
# get openssl-Path
|
|
Christoph Galuschka |
195fe3 |
sslvar=$(openssl version -d)
|
|
Christoph Galuschka |
195fe3 |
regex='OPENSSLDIR\:\ \"(.*)\"'
|
|
Christoph Galuschka |
195fe3 |
if [[ $sslvar =~ $regex ]]
|
|
Christoph Galuschka |
195fe3 |
then
|
|
Christoph Galuschka |
195fe3 |
sslpath=${BASH_REMATCH[1]}
|
|
Christoph Galuschka |
195fe3 |
else
|
|
Christoph Galuschka |
195fe3 |
t_Log "Could not find openssl config directory"
|
|
Christoph Galuschka |
195fe3 |
ret_val=1
|
|
Christoph Galuschka |
195fe3 |
exit
|
|
Christoph Galuschka |
195fe3 |
fi
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
# prepare verification of certificate
|
|
Christoph Galuschka |
195fe3 |
cp $TESTDIR/server.crt $sslpath/certs/
|
|
Christoph Galuschka |
195fe3 |
HASH=$(openssl x509 -noout -hash -in $sslpath/certs/server.crt)
|
|
Christoph Galuschka |
195fe3 |
if [ $? == 1 ]
|
|
Christoph Galuschka |
195fe3 |
then t_Log "Creation of Certificate HASH failed."
|
|
Christoph Galuschka |
195fe3 |
ret_val=1
|
|
Christoph Galuschka |
195fe3 |
exit
|
|
Christoph Galuschka |
195fe3 |
fi
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
#Link Hash to Cert
|
|
Christoph Galuschka |
195fe3 |
ln -s $sslpath/certs/server.crt $sslpath/certs/${HASH}.0
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
#do verification
|
|
Christoph Galuschka |
195fe3 |
openssl verify /var/tmp/openssl-test/server.crt |grep -c -q OK
|
|
Christoph Galuschka |
195fe3 |
if [ $? == 1 ]
|
|
Christoph Galuschka |
195fe3 |
then t_Log "Self signed Cert verification failed."
|
|
Christoph Galuschka |
195fe3 |
ret_val=1
|
|
Christoph Galuschka |
195fe3 |
exit
|
|
Christoph Galuschka |
195fe3 |
fi
|
|
Christoph Galuschka |
195fe3 |
t_CheckExitStatus $ret_val
|
|
Christoph Galuschka |
195fe3 |
|
|
Christoph Galuschka |
195fe3 |
#reversing changes
|
|
Christoph Galuschka |
195fe3 |
/bin/rm -rf $TESTDIR $sslpath/certs/server.crt $sslpath/certs/${HASH}*
|