rpms/crypto-utils/devel genkey.pl,1.11,1.12
Elio Maldonado (emaldonado)
fedora-extras-commits at redhat.com
Mon May 5 23:52:54 UTC 2008
Author: emaldonado
Update of /cvs/extras/rpms/crypto-utils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9216
Modified Files:
genkey.pl
Log Message:
No skip_random, removed spurious window, support nss database prefix, and fix some messages
Index: genkey.pl
===================================================================
RCS file: /cvs/extras/rpms/crypto-utils/devel/genkey.pl,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- genkey.pl 3 May 2008 22:58:40 -0000 1.11
+++ genkey.pl 5 May 2008 23:52:19 -0000 1.12
@@ -121,10 +121,11 @@
my $genreq_mode = '';
my $ca_mode = '';
my $cert_days = 30;
-my $nss='';
-my $debug='';
+my $nss ='';
+my $debug ='';
my $modNssDbDir = '';
-my $nickname = '';
+my $nssNickname = '';
+my $nssDBPrefix = '';
GetOptions('test|t' => \$test_mode,
'genreq' => \$genreq_mode,
'days=i' => \$cert_days,
@@ -132,8 +133,7 @@
'debug|d'=> \$debug,
'makeca' => \$ca_mode) or usage();
usage() unless @ARGV != 0;
-$skip_random = $test_mode;
-$overwrite_key = $test_mode;
+$overwrite_key = $test_mode && !$nss;
$servername = $ARGV[0];
$randfile = $ssltop."/.rand.".$$;
$tmpPasswordFile = ''; # none has been created yet
@@ -170,7 +170,7 @@
exit 1;
}
-# For mod_nss we need the database and nickname set
+# For mod_nss we need these variables set
if ($nss) {
# the configuration file is required
if (!nssconfigFound()) {
@@ -182,7 +182,8 @@
}
$modNssDbDir = getModNSSDatabase();
- $nickname = getNickname();
+ $nssNickname = getNSSNickname();
+ $nssDBPrefix = getNSSDBPrefix();
}
######################################################################
@@ -217,7 +218,7 @@
keyPasswordWindow,
genCACertWindow,
);
- $doingwhat="CA key generation";
+ $doingwhat="CA cert generation";
} else {
@windows = (welcomeWindow,
getkeysizeWindow,
@@ -227,12 +228,11 @@
whichCAWindow,
keyPasswordWindow,
genReqWindow,
- genCertWindow,
genReqWindow,
genCertWindow,
### @EXTRA@ ### Leave this comment here.
);
- $doingwhat="testing request and cert generation";
+ $doingwhat="testing CSR and cert generation";
}
my $screen = 0;
@@ -337,17 +337,32 @@
}
# Returns the rsa server name.
-sub getNickname {
+sub getNSSNickname {
# Extract the value from the mod_nss configuration file.
my $cmd ='/usr/bin/gawk \'/^NSSNickname/ { print $2 }\'' . " $nssconf";
- my $nicknamefile = "nickname";
+ my $nicknamefile = "nssnickname";
system("$cmd > $nicknamefile");
open(NICK, "<$nicknamefile");
my $nickname = <NICK>;
unlink($nicknamefile);
+ my $prefix = $nss ? "modnss.test." : "modssl.test";
+ $nickname = $prefix . $nickname if $debug;
+ return $nickname;
+}
+
+# Returns the nss database prefix
+sub getNSSDBPrefix {
+
+ # Extract the value from the mod_nss configuration file.
+ my $cmd ='/usr/bin/gawk \'/^NSSDBPrefix/ { print $2 }\'' . " $nssconf";
+ my $prefixfile = "dbprefix";
+ system("$cmd > $prefixfile");
+ open(PREFIX, "<$prefixfile");
+ my $prefix = <PREFIX>;
+ unlink($prefixfile);
- return "test-".$nickname;
+ return $prefix;
}
# Erases and deletes the password file
@@ -517,7 +532,11 @@
sub welcomeWindow()
{
my $name = $servername;
- my $where = $nss ? $modNssDbDir : "$ssltop/private/$name.key";
+ my $where_key = $nss
+ ? $modNssDbDir."key3.db" : "$ssltop/private/$name.key";
+ my $where_cert = $nss
+ ? $modNssDbDir."cert8.db" : "$ssltop/certs/$name.cert";
+ my $what = $nss ? "directory" : "file";
my $message = <<EOT;
You are now generating a new keypair which will be used to encrypt all
SSL traffic to the server named $name.
@@ -525,12 +544,12 @@
certificate authority (CA) for signing.
The key will be stored in
- $where
+ $where_key
The certificate stored in
- $ssltop/certs/$name.cert
+ $where_cert
-If the key generation fails, move the file
- $where
+If the key generation fails, move the $what
+ $where_key
to a backup location and try again.
EOT
@@ -774,13 +793,15 @@
$args .= "-n $nickname ";
$args .= "-s $subject ";
$args .= "-x "; ## self-signed
- $args .= "-t $trustargs ";
+ $args .= "-t $trustargs ";
$args .= "-k rsa ";
$args .= "-g $bits ";
- $args .= "-v $months ";
+ $args .= "-v $months ";
+ $args .= "-a ";
$args .= "-f $pwdfile " if $pwdfile;
$args .= "-z $noisefile " if $noisefile;
$args .= "-d $modNssDbDir ";
+ $args .= "-p $nssDBPrefix" if $nssDBPrefix;
$args .= "-o $certfile";
nssUtilCmd($cmd, $args, $debug);
@@ -811,6 +832,7 @@
$args .= "-s $subject ";
$args .= "-d $modNssDbDir ";
+ $args .= "-p $nssDBPrefix " if $nssDDPrefix;
$args .= "-a "; ## using ascii
$args .= "-k rsa ";
$args .= "-g $bits ";
@@ -849,7 +871,8 @@
$args .= "-g $keysize ";
$args .= "-s $subject ";
$args .= "-v $months ";
- $args .= "-z $noisefile ";
+ $args .= "-a "; ## using ascii
+ $args .= "-z $noisefile " if $noisefile;
$args .= "-e $pwdfile " if $pwdfile;
# there is no password when the
# user wants the key in the clar
@@ -864,7 +887,6 @@
"host:\n\nPress return to exit");
unlink($noisefile) unless $debug;
Newt::Finished();
- clearTempFiles() unless $debug;
exit 1;
}
if ($keyfile && (-f $keyfile)) {
@@ -874,11 +896,10 @@
"$keyfile");
Newt::Finished();
unlink($noisefile) unless $debug;
- clearTempFiles() unless $debug;
exit 1;
}
}
- unlink($randfile);
+ unlink($noisefile) unless $debug;
}
# Create a certificate-signing request file that can be submitted to a
@@ -1290,18 +1311,16 @@
my $randbits = $bits * 2;
# Get some random data from truerand library
-#
- if (!$skip_random) {
- FinishRoot();
- InitRoot(0);
- makerand($randbits,$randfile);
- FinishRoot();
+#
+ FinishRoot();
+ InitRoot(0);
+ makerand($randbits,$randfile);
+ FinishRoot();
# Get some random data from keystrokes
#
- Newt::Suspend();
- system("$bindir/keyrand $randbits $randfile");
- Newt::Resume();
- }
+ Newt::Suspend();
+ system("$bindir/keyrand $randbits $randfile");
+ Newt::Resume();
return "Next";
}
More information about the fedora-extras-commits
mailing list