You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
106 lines
2.9 KiB
106 lines
2.9 KiB
12 months ago
|
#!/bin/sh
|
||
|
# Author: Christoph Galuschka <christoph.galuschka@chello.at>
|
||
|
|
||
|
t_Log "Running $0 - openssl create self signed certificate, build symlink and verify certificate test."
|
||
|
|
||
|
ret_val=0
|
||
|
|
||
|
# create working-dir
|
||
|
TESTDIR='/var/tmp/openssl-test'
|
||
|
|
||
|
mkdir -p $TESTDIR
|
||
|
|
||
|
#create private key
|
||
|
if (t_GetPkgRel basesystem | grep -q el6)
|
||
|
then
|
||
|
openssl genpkey -algorithm rsa -out $TESTDIR/server.key.secure -pkeyopt rsa_keygen_bits:2048 > /dev/null 2>&1
|
||
|
else
|
||
|
openssl genrsa -passout pass:centos -des3 -rand file1:file2:file3:file4:file5 -out $TESTDIR/server.key.secure 2048 > /dev/null 2>&1
|
||
|
fi
|
||
|
if [ $? == 1 ]
|
||
|
then t_Log "Creation of private key failed."
|
||
|
ret_val=1
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
#create default answer file
|
||
|
cat > $TESTDIR/openssl_answers<<EOF
|
||
|
[ req ]
|
||
|
default_bits = 2048
|
||
|
distinguished_name = req_distinguished_name
|
||
|
string_mask = nombstr
|
||
|
[ req_distinguished_name ]
|
||
|
countryName = Country Name (2 letter code)
|
||
|
countryName_default = UK
|
||
|
stateOrProvinceName = State or Province Name (full name)
|
||
|
stateOrProvinceName_default = somestate
|
||
|
localityName = Locality Name (eg, city)
|
||
|
localityName_default = somecity
|
||
|
0.organizationName = Organization Name (eg, company)
|
||
|
0.organizationName_default = CentOS-Project
|
||
|
organizationalUnitName = Organizational Unit Name (eg, section)
|
||
|
organizationalUnitName_default = CentOS
|
||
|
EOF
|
||
|
|
||
|
if (t_GetPkgRel basesystem | grep -q el6)
|
||
|
then
|
||
|
openssl rsa -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1
|
||
|
else
|
||
|
openssl rsa -passin pass:centos -in $TESTDIR/server.key.secure -out $TESTDIR/server.key > /dev/null 2>&1
|
||
|
fi
|
||
|
if [ $? == 1 ]
|
||
|
then t_Log "Creation of server key failed."
|
||
|
ret_val=1
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
openssl req -batch -config $TESTDIR/openssl_answers -new -key $TESTDIR/server.key -out $TESTDIR/server.csr > /dev/null 2>&1
|
||
|
if [ $? == 1 ]
|
||
|
then t_Log "Creation of CSR failed."
|
||
|
ret_val=1
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
openssl x509 -req -days 3600 -in $TESTDIR/server.csr -signkey $TESTDIR/server.key -out $TESTDIR/server.crt > /dev/null 2>&1
|
||
|
if [ $? == 1 ]
|
||
|
then t_Log "Creation of CRT failed."
|
||
|
ret_val=1
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
# get openssl-Path
|
||
|
sslvar=$(openssl version -d)
|
||
|
regex='OPENSSLDIR\:\ \"(.*)\"'
|
||
|
if [[ $sslvar =~ $regex ]]
|
||
|
then
|
||
|
sslpath=${BASH_REMATCH[1]}
|
||
|
else
|
||
|
t_Log "Could not find openssl config directory"
|
||
|
ret_val=1
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
# prepare verification of certificate
|
||
|
cp $TESTDIR/server.crt $sslpath/certs/
|
||
|
HASH=$(openssl x509 -noout -hash -in $sslpath/certs/server.crt)
|
||
|
if [ $? == 1 ]
|
||
|
then t_Log "Creation of Certificate HASH failed."
|
||
|
ret_val=1
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
#Link Hash to Cert
|
||
|
ln -s $sslpath/certs/server.crt $sslpath/certs/${HASH}.0
|
||
|
|
||
|
#do verification
|
||
|
openssl verify /var/tmp/openssl-test/server.crt |grep -cq OK
|
||
|
if [ $? == 1 ]
|
||
|
then t_Log "Self signed Cert verification failed."
|
||
|
ret_val=1
|
||
|
exit
|
||
|
fi
|
||
|
t_CheckExitStatus $ret_val
|
||
|
|
||
|
#reversing changes
|
||
|
/bin/rm -rf $TESTDIR $sslpath/certs/server.crt $sslpath/certs/${HASH}*
|