OLD | NEW |
1 $! CA - wrapper around ca to make it easier to use ... basically ca requires | 1 $! CA - wrapper around ca to make it easier to use ... basically ca requires |
2 $! some setup stuff to be done before you can use it and this makes | 2 $! some setup stuff to be done before you can use it and this makes |
3 $! things easier between now and when Eric is convinced to fix it :-) | 3 $! things easier between now and when Eric is convinced to fix it :-) |
4 $! | 4 $! |
5 $! CA -newca ... will setup the right stuff | 5 $! CA -newca ... will setup the right stuff |
6 $! CA -newreq ... will generate a certificate request | 6 $! CA -newreq ... will generate a certificate request |
7 $! CA -sign ... will sign the generated request and output | 7 $! CA -sign ... will sign the generated request and output |
8 $! | 8 $! |
9 $! At the end of that grab newreq.pem and newcert.pem (one has the key | 9 $! At the end of that grab newreq.pem and newcert.pem (one has the key |
10 $! and the other the certificate) and cat them together and that is what | 10 $! and the other the certificate) and cat them together and that is what |
(...skipping 19 matching lines...) Expand all Loading... |
30 $ | 30 $ |
31 $ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF | 31 $ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF |
32 $ | 32 $ |
33 $ DAYS = "-days 365" | 33 $ DAYS = "-days 365" |
34 $ REQ = openssl + " req " + SSLEAY_CONFIG | 34 $ REQ = openssl + " req " + SSLEAY_CONFIG |
35 $ CA = openssl + " ca " + SSLEAY_CONFIG | 35 $ CA = openssl + " ca " + SSLEAY_CONFIG |
36 $ VERIFY = openssl + " verify" | 36 $ VERIFY = openssl + " verify" |
37 $ X509 = openssl + " x509" | 37 $ X509 = openssl + " x509" |
38 $ PKCS12 = openssl + " pkcs12" | 38 $ PKCS12 = openssl + " pkcs12" |
39 $ echo = "write sys$Output" | 39 $ echo = "write sys$Output" |
| 40 $ RET = 1 |
40 $! | 41 $! |
41 $ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;" | 42 $! 2010-12-20 SMS. |
42 $ CATOP := 's'.demoCA | 43 $! Use a concealed logical name to reduce command line lengths, to |
43 $ CAKEY := ]cakey.pem | 44 $! avoid DCL errors on VAX: |
44 $ CACERT := ]cacert.pem | 45 $! %DCL-W-TKNOVF, command element is too long - shorten |
| 46 $! (Path segments like "openssl-1_0_1-stable-SNAP-20101217" accumulate |
| 47 $! quickly.) |
| 48 $! |
| 49 $ CATOP = F$PARSE( F$ENVIRONMENT( "DEFAULT"), "[]")- "].;"+ ".demoCA.]" |
| 50 $ define /translation_attributes = concealed CATOP 'CATOP' |
| 51 $! |
| 52 $ on error then goto clean_up |
| 53 $ on control_y then goto clean_up |
| 54 $! |
| 55 $ CAKEY = "CATOP:[private]cakey.pem" |
| 56 $ CACERT = "CATOP:[000000]cacert.pem" |
45 $ | 57 $ |
46 $ __INPUT := SYS$COMMAND | 58 $ __INPUT := SYS$COMMAND |
47 $ RET = 1 | |
48 $! | 59 $! |
49 $ i = 1 | 60 $ i = 1 |
50 $opt_loop: | 61 $opt_loop: |
51 $ if i .gt. 8 then goto opt_loop_end | 62 $ if i .gt. 8 then goto opt_loop_end |
52 $ | 63 $ |
53 $ prog_opt = F$EDIT(P'i',"lowercase") | 64 $ prog_opt = F$EDIT(P'i',"lowercase") |
54 $ | 65 $ |
55 $ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") | 66 $ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") |
56 $ THEN | 67 $ THEN |
57 $ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" | 68 $ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" |
58 $ exit | 69 $ goto clean_up |
59 $ ENDIF | 70 $ ENDIF |
60 $! | 71 $! |
61 $ IF (prog_opt .EQS. "-input") | 72 $ IF (prog_opt .EQS. "-input") |
62 $ THEN | 73 $ THEN |
63 $ ! Get input from somewhere other than SYS$COMMAND | 74 $ ! Get input from somewhere other than SYS$COMMAND |
64 $ i = i + 1 | 75 $ i = i + 1 |
65 $ __INPUT = P'i' | 76 $ __INPUT = P'i' |
66 $ GOTO opt_loop_continue | 77 $ GOTO opt_loop_continue |
67 $ ENDIF | 78 $ ENDIF |
68 $! | 79 $! |
69 $ IF (prog_opt .EQS. "-newcert") | 80 $ IF (prog_opt .EQS. "-newcert") |
70 $ THEN | 81 $ THEN |
71 $ ! Create a certificate. | 82 $ ! Create a certificate. |
72 $ DEFINE/USER SYS$INPUT '__INPUT' | 83 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
73 $ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS' | 84 $ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS' |
74 $ RET=$STATUS | 85 $ RET=$STATUS |
75 $ echo "Certificate (and private key) is in newreq.pem" | 86 $ echo "Certificate (and private key) is in newreq.pem" |
76 $ GOTO opt_loop_continue | 87 $ GOTO opt_loop_continue |
77 $ ENDIF | 88 $ ENDIF |
78 $! | 89 $! |
79 $ IF (prog_opt .EQS. "-newreq") | 90 $ IF (prog_opt .EQS. "-newreq") |
80 $ THEN | 91 $ THEN |
81 $ ! Create a certificate request | 92 $ ! Create a certificate request |
82 $ DEFINE/USER SYS$INPUT '__INPUT' | 93 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
83 $ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS' | 94 $ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS' |
84 $ RET=$STATUS | 95 $ RET=$STATUS |
85 $ echo "Request (and private key) is in newreq.pem" | 96 $ echo "Request (and private key) is in newreq.pem" |
86 $ GOTO opt_loop_continue | 97 $ GOTO opt_loop_continue |
87 $ ENDIF | 98 $ ENDIF |
88 $! | 99 $! |
89 $ IF (prog_opt .EQS. "-newca") | 100 $ IF (prog_opt .EQS. "-newca") |
90 $ THEN | 101 $ THEN |
91 $ ! If explicitly asked for or it doesn't exist then setup the directory | 102 $ ! If explicitly asked for or it doesn't exist then setup the directory |
92 $ ! structure that Eric likes to manage things. | 103 $ ! structure that Eric likes to manage things. |
93 $ IF F$SEARCH(CATOP+"]serial.") .EQS. "" | 104 $ IF F$SEARCH( "CATOP:[000000]serial.") .EQS. "" |
94 $ THEN | 105 $ THEN |
95 $ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'] | 106 $ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[000000] |
96 $ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs] | 107 $ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[certs] |
97 $ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl] | 108 $ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[crl] |
98 $ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts] | 109 $ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[newcerts] |
99 $ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private] | 110 $ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[private] |
100 $ | 111 $ |
101 $ OPEN /WRITE ser_file 'CATOP']serial. | 112 $ OPEN /WRITE ser_file CATOP:[000000]serial. |
102 $ WRITE ser_file "01" | 113 $ WRITE ser_file "01" |
103 $ CLOSE ser_file | 114 $ CLOSE ser_file |
104 $ APPEND/NEW NL: 'CATOP']index.txt | 115 $ APPEND /NEW_VERSION NL: CATOP:[000000]index.txt |
105 $ | 116 $ |
106 $ ! The following is to make sure access() doesn't get confused. It | 117 $ ! The following is to make sure access() doesn't get confused. It |
107 $ ! really needs one file in the directory to give correct answers... | 118 $ ! really needs one file in the directory to give correct answers... |
108 $ COPY NLA0: 'CATOP'.certs].; | 119 $ COPY NLA0: CATOP:[certs].; |
109 $ COPY NLA0: 'CATOP'.crl].; | 120 $ COPY NLA0: CATOP:[crl].; |
110 $ COPY NLA0: 'CATOP'.newcerts].; | 121 $ COPY NLA0: CATOP:[newcerts].; |
111 $ COPY NLA0: 'CATOP'.private].; | 122 $ COPY NLA0: CATOP:[private].; |
112 $ ENDIF | 123 $ ENDIF |
113 $! | 124 $! |
114 $ IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. "" | 125 $ IF F$SEARCH( CAKEY) .EQS. "" |
115 $ THEN | 126 $ THEN |
116 $ READ '__INPUT' FILE - | 127 $ READ '__INPUT' FILE - |
117 » /PROMPT="CA certificate filename (or enter to create): " | 128 /PROMPT="CA certificate filename (or enter to create): " |
118 $ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "") | 129 $ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "") |
119 $ THEN | 130 $ THEN |
120 $ COPY 'FILE' 'CATOP'.private'CAKEY' | 131 $ COPY 'FILE' 'CAKEY' |
121 $» RET=$STATUS | 132 $ RET=$STATUS |
122 $ ELSE | 133 $ ELSE |
123 $ echo "Making CA certificate ..." | 134 $ echo "Making CA certificate ..." |
124 $ DEFINE/USER SYS$INPUT '__INPUT' | 135 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
125 $ REQ -new -x509 -keyout 'CATOP'.private'CAKEY' - | 136 $ REQ -new -x509 -keyout 'CAKEY' -out 'CACERT' 'DAYS' |
126 » » -out 'CATOP''CACERT' 'DAYS' | 137 $ RET=$STATUS |
127 $» RET=$STATUS | |
128 $ ENDIF | 138 $ ENDIF |
129 $ ENDIF | 139 $ ENDIF |
130 $ GOTO opt_loop_continue | 140 $ GOTO opt_loop_continue |
131 $ ENDIF | 141 $ ENDIF |
132 $! | 142 $! |
133 $ IF (prog_opt .EQS. "-pkcs12") | 143 $ IF (prog_opt .EQS. "-pkcs12") |
134 $ THEN | 144 $ THEN |
135 $ i = i + 1 | 145 $ i = i + 1 |
136 $ cname = P'i' | 146 $ cname = P'i' |
137 $ IF cname .EQS. "" THEN cname = "My certificate" | 147 $ IF cname .EQS. "" THEN cname = "My certificate" |
138 $ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CATOP''CACERT - | 148 $ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CACERT' - |
139 » -out newcert.p12 -export -name "''cname'" | 149 -out newcert.p12 -export -name "''cname'" |
140 $ RET=$STATUS | 150 $ RET=$STATUS |
141 $ exit RET | 151 $ goto clean_up |
142 $ ENDIF | 152 $ ENDIF |
143 $! | 153 $! |
144 $ IF (prog_opt .EQS. "-xsign") | 154 $ IF (prog_opt .EQS. "-xsign") |
145 $ THEN | 155 $ THEN |
146 $! | 156 $! |
147 $ DEFINE/USER SYS$INPUT '__INPUT' | 157 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
148 $ CA -policy policy_anything -infiles newreq.pem | 158 $ CA -policy policy_anything -infiles newreq.pem |
149 $ RET=$STATUS | 159 $ RET=$STATUS |
150 $ GOTO opt_loop_continue | 160 $ GOTO opt_loop_continue |
151 $ ENDIF | 161 $ ENDIF |
152 $! | 162 $! |
153 $ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq")) | 163 $ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq")) |
154 $ THEN | 164 $ THEN |
155 $! | 165 $! |
156 $ DEFINE/USER SYS$INPUT '__INPUT' | 166 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
157 $ CA -policy policy_anything -out newcert.pem -infiles newreq.pem | 167 $ CA -policy policy_anything -out newcert.pem -infiles newreq.pem |
158 $ RET=$STATUS | 168 $ RET=$STATUS |
159 $ type newcert.pem | 169 $ type newcert.pem |
160 $ echo "Signed certificate is in newcert.pem" | 170 $ echo "Signed certificate is in newcert.pem" |
161 $ GOTO opt_loop_continue | 171 $ GOTO opt_loop_continue |
162 $ ENDIF | 172 $ ENDIF |
163 $! | 173 $! |
164 $ IF (prog_opt .EQS. "-signcert") | 174 $ IF (prog_opt .EQS. "-signcert") |
165 $ THEN | 175 $ THEN |
166 $! | 176 $! |
167 $ echo "Cert passphrase will be requested twice - bug?" | 177 $ echo "Cert passphrase will be requested twice - bug?" |
168 $ DEFINE/USER SYS$INPUT '__INPUT' | 178 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
169 $ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem | 179 $ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem |
170 $ DEFINE/USER SYS$INPUT '__INPUT' | 180 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
171 $ CA -policy policy_anything -out newcert.pem -infiles tmp.pem | 181 $ CA -policy policy_anything -out newcert.pem -infiles tmp.pem |
172 y | 182 y |
173 y | 183 y |
174 $ type newcert.pem | 184 $ type newcert.pem |
175 $ echo "Signed certificate is in newcert.pem" | 185 $ echo "Signed certificate is in newcert.pem" |
176 $ GOTO opt_loop_continue | 186 $ GOTO opt_loop_continue |
177 $ ENDIF | 187 $ ENDIF |
178 $! | 188 $! |
179 $ IF (prog_opt .EQS. "-verify") | 189 $ IF (prog_opt .EQS. "-verify") |
180 $ THEN | 190 $ THEN |
181 $! | 191 $! |
182 $ i = i + 1 | 192 $ i = i + 1 |
183 $ IF (p'i' .EQS. "") | 193 $ IF (p'i' .EQS. "") |
184 $ THEN | 194 $ THEN |
185 $ DEFINE/USER SYS$INPUT '__INPUT' | 195 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
186 $ VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem | 196 $ VERIFY "-CAfile" 'CACERT' newcert.pem |
187 $ ELSE | 197 $ ELSE |
188 $ j = i | 198 $ j = i |
189 $ verify_opt_loop: | 199 $ verify_opt_loop: |
190 $ IF j .GT. 8 THEN GOTO verify_opt_loop_end | 200 $ IF j .GT. 8 THEN GOTO verify_opt_loop_end |
191 $ IF p'j' .NES. "" | 201 $ IF p'j' .NES. "" |
192 $ THEN | 202 $ THEN |
193 $ DEFINE/USER SYS$INPUT '__INPUT' | 203 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
194 $ __tmp = p'j' | 204 $ __tmp = p'j' |
195 $ VERIFY "-CAfile" 'CATOP''CACERT' '__tmp' | 205 $ VERIFY "-CAfile" 'CACERT' '__tmp' |
196 $ tmp=$STATUS | 206 $ tmp=$STATUS |
197 $ IF tmp .NE. 0 THEN RET=tmp | 207 $ IF tmp .NE. 0 THEN RET=tmp |
198 $ ENDIF | 208 $ ENDIF |
199 $ j = j + 1 | 209 $ j = j + 1 |
200 $ GOTO verify_opt_loop | 210 $ GOTO verify_opt_loop |
201 $ verify_opt_loop_end: | 211 $ verify_opt_loop_end: |
202 $ ENDIF | 212 $ ENDIF |
203 $ | 213 $ |
204 $ GOTO opt_loop_end | 214 $ GOTO opt_loop_end |
205 $ ENDIF | 215 $ ENDIF |
206 $! | 216 $! |
207 $ IF (prog_opt .NES. "") | 217 $ IF (prog_opt .NES. "") |
208 $ THEN | 218 $ THEN |
209 $! | 219 $! |
210 $ echo "Unknown argument ''prog_opt'" | 220 $ echo "Unknown argument ''prog_opt'" |
211 $ | 221 $ RET = 3 |
212 $ EXIT 3 | 222 $ goto clean_up |
213 $ ENDIF | 223 $ ENDIF |
214 $ | 224 $ |
215 $opt_loop_continue: | 225 $opt_loop_continue: |
216 $ i = i + 1 | 226 $ i = i + 1 |
217 $ GOTO opt_loop | 227 $ GOTO opt_loop |
218 $ | 228 $ |
219 $opt_loop_end: | 229 $opt_loop_end: |
| 230 $! |
| 231 $clean_up: |
| 232 $! |
| 233 $ if f$trnlnm( "CATOP", "LNM$PROCESS") .nes. "" then - |
| 234 deassign /process CATOP |
| 235 $! |
220 $ EXIT 'RET' | 236 $ EXIT 'RET' |
OLD | NEW |