| OLD | NEW |
|---|
| 1 $! CA - wrapper around ca to make it easier to use ... basically ca requires | 1 $! CA - wrapper around ca to make it easier to use ... basically ca requires |
| 2 $! some setup stuff to be done before you can use it and this makes | 2 $! some setup stuff to be done before you can use it and this makes |
| 3 $! things easier between now and when Eric is convinced to fix it :-) | 3 $! things easier between now and when Eric is convinced to fix it :-) |
| 4 $! | 4 $! |
| 5 $! CA -newca ... will setup the right stuff | 5 $! CA -newca ... will setup the right stuff |
| 6 $! CA -newreq ... will generate a certificate request | 6 $! CA -newreq ... will generate a certificate request |
| 7 $! CA -sign ... will sign the generated request and output | 7 $! CA -sign ... will sign the generated request and output |
| 8 $! | 8 $! |
| 9 $! At the end of that grab newreq.pem and newcert.pem (one has the key | 9 $! At the end of that grab newreq.pem and newcert.pem (one has the key |
| 10 $! and the other the certificate) and cat them together and that is what | 10 $! and the other the certificate) and cat them together and that is what |
| (...skipping 19 matching lines...) Expand all Loading... |
| 30 $ | 30 $ |
| 31 $ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF | 31 $ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF |
| 32 $ | 32 $ |
| 33 $ DAYS = "-days 365" | 33 $ DAYS = "-days 365" |
| 34 $ REQ = openssl + " req " + SSLEAY_CONFIG | 34 $ REQ = openssl + " req " + SSLEAY_CONFIG |
| 35 $ CA = openssl + " ca " + SSLEAY_CONFIG | 35 $ CA = openssl + " ca " + SSLEAY_CONFIG |
| 36 $ VERIFY = openssl + " verify" | 36 $ VERIFY = openssl + " verify" |
| 37 $ X509 = openssl + " x509" | 37 $ X509 = openssl + " x509" |
| 38 $ PKCS12 = openssl + " pkcs12" | 38 $ PKCS12 = openssl + " pkcs12" |
| 39 $ echo = "write sys$Output" | 39 $ echo = "write sys$Output" |
| 40 $ RET = 1 |
| 40 $! | 41 $! |
| 41 $ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;" | 42 $! 2010-12-20 SMS. |
| 42 $ CATOP := 's'.demoCA | 43 $! Use a concealed logical name to reduce command line lengths, to |
| 43 $ CAKEY := ]cakey.pem | 44 $! avoid DCL errors on VAX: |
| 44 $ CACERT := ]cacert.pem | 45 $! %DCL-W-TKNOVF, command element is too long - shorten |
| 46 $! (Path segments like "openssl-1_0_1-stable-SNAP-20101217" accumulate |
| 47 $! quickly.) |
| 48 $! |
| 49 $ CATOP = F$PARSE( F$ENVIRONMENT( "DEFAULT"), "[]")- "].;"+ ".demoCA.]" |
| 50 $ define /translation_attributes = concealed CATOP 'CATOP' |
| 51 $! |
| 52 $ on error then goto clean_up |
| 53 $ on control_y then goto clean_up |
| 54 $! |
| 55 $ CAKEY = "CATOP:[private]cakey.pem" |
| 56 $ CACERT = "CATOP:[000000]cacert.pem" |
| 45 $ | 57 $ |
| 46 $ __INPUT := SYS$COMMAND | 58 $ __INPUT := SYS$COMMAND |
| 47 $ RET = 1 | |
| 48 $! | 59 $! |
| 49 $ i = 1 | 60 $ i = 1 |
| 50 $opt_loop: | 61 $opt_loop: |
| 51 $ if i .gt. 8 then goto opt_loop_end | 62 $ if i .gt. 8 then goto opt_loop_end |
| 52 $ | 63 $ |
| 53 $ prog_opt = F$EDIT(P'i',"lowercase") | 64 $ prog_opt = F$EDIT(P'i',"lowercase") |
| 54 $ | 65 $ |
| 55 $ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") | 66 $ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") |
| 56 $ THEN | 67 $ THEN |
| 57 $ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" | 68 $ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" |
| 58 $ exit | 69 $ goto clean_up |
| 59 $ ENDIF | 70 $ ENDIF |
| 60 $! | 71 $! |
| 61 $ IF (prog_opt .EQS. "-input") | 72 $ IF (prog_opt .EQS. "-input") |
| 62 $ THEN | 73 $ THEN |
| 63 $ ! Get input from somewhere other than SYS$COMMAND | 74 $ ! Get input from somewhere other than SYS$COMMAND |
| 64 $ i = i + 1 | 75 $ i = i + 1 |
| 65 $ __INPUT = P'i' | 76 $ __INPUT = P'i' |
| 66 $ GOTO opt_loop_continue | 77 $ GOTO opt_loop_continue |
| 67 $ ENDIF | 78 $ ENDIF |
| 68 $! | 79 $! |
| 69 $ IF (prog_opt .EQS. "-newcert") | 80 $ IF (prog_opt .EQS. "-newcert") |
| 70 $ THEN | 81 $ THEN |
| 71 $ ! Create a certificate. | 82 $ ! Create a certificate. |
| 72 $ DEFINE/USER SYS$INPUT '__INPUT' | 83 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
| 73 $ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS' | 84 $ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS' |
| 74 $ RET=$STATUS | 85 $ RET=$STATUS |
| 75 $ echo "Certificate (and private key) is in newreq.pem" | 86 $ echo "Certificate (and private key) is in newreq.pem" |
| 76 $ GOTO opt_loop_continue | 87 $ GOTO opt_loop_continue |
| 77 $ ENDIF | 88 $ ENDIF |
| 78 $! | 89 $! |
| 79 $ IF (prog_opt .EQS. "-newreq") | 90 $ IF (prog_opt .EQS. "-newreq") |
| 80 $ THEN | 91 $ THEN |
| 81 $ ! Create a certificate request | 92 $ ! Create a certificate request |
| 82 $ DEFINE/USER SYS$INPUT '__INPUT' | 93 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
| 83 $ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS' | 94 $ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS' |
| 84 $ RET=$STATUS | 95 $ RET=$STATUS |
| 85 $ echo "Request (and private key) is in newreq.pem" | 96 $ echo "Request (and private key) is in newreq.pem" |
| 86 $ GOTO opt_loop_continue | 97 $ GOTO opt_loop_continue |
| 87 $ ENDIF | 98 $ ENDIF |
| 88 $! | 99 $! |
| 89 $ IF (prog_opt .EQS. "-newca") | 100 $ IF (prog_opt .EQS. "-newca") |
| 90 $ THEN | 101 $ THEN |
| 91 $ ! If explicitly asked for or it doesn't exist then setup the directory | 102 $ ! If explicitly asked for or it doesn't exist then setup the directory |
| 92 $ ! structure that Eric likes to manage things. | 103 $ ! structure that Eric likes to manage things. |
| 93 $ IF F$SEARCH(CATOP+"]serial.") .EQS. "" | 104 $ IF F$SEARCH( "CATOP:[000000]serial.") .EQS. "" |
| 94 $ THEN | 105 $ THEN |
| 95 $ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'] | 106 $ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[000000] |
| 96 $ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs] | 107 $ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[certs] |
| 97 $ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl] | 108 $ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[crl] |
| 98 $ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts] | 109 $ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[newcerts] |
| 99 $ CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private] | 110 $ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[private] |
| 100 $ | 111 $ |
| 101 $ OPEN /WRITE ser_file 'CATOP']serial. | 112 $ OPEN /WRITE ser_file CATOP:[000000]serial. |
| 102 $ WRITE ser_file "01" | 113 $ WRITE ser_file "01" |
| 103 $ CLOSE ser_file | 114 $ CLOSE ser_file |
| 104 $ APPEND/NEW NL: 'CATOP']index.txt | 115 $ APPEND /NEW_VERSION NL: CATOP:[000000]index.txt |
| 105 $ | 116 $ |
| 106 $ ! The following is to make sure access() doesn't get confused. It | 117 $ ! The following is to make sure access() doesn't get confused. It |
| 107 $ ! really needs one file in the directory to give correct answers... | 118 $ ! really needs one file in the directory to give correct answers... |
| 108 $ COPY NLA0: 'CATOP'.certs].; | 119 $ COPY NLA0: CATOP:[certs].; |
| 109 $ COPY NLA0: 'CATOP'.crl].; | 120 $ COPY NLA0: CATOP:[crl].; |
| 110 $ COPY NLA0: 'CATOP'.newcerts].; | 121 $ COPY NLA0: CATOP:[newcerts].; |
| 111 $ COPY NLA0: 'CATOP'.private].; | 122 $ COPY NLA0: CATOP:[private].; |
| 112 $ ENDIF | 123 $ ENDIF |
| 113 $! | 124 $! |
| 114 $ IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. "" | 125 $ IF F$SEARCH( CAKEY) .EQS. "" |
| 115 $ THEN | 126 $ THEN |
| 116 $ READ '__INPUT' FILE - | 127 $ READ '__INPUT' FILE - |
| 117 » /PROMPT="CA certificate filename (or enter to create): " | 128 /PROMPT="CA certificate filename (or enter to create): " |
| 118 $ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "") | 129 $ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "") |
| 119 $ THEN | 130 $ THEN |
| 120 $ COPY 'FILE' 'CATOP'.private'CAKEY' | 131 $ COPY 'FILE' 'CAKEY' |
| 121 $» RET=$STATUS | 132 $ RET=$STATUS |
| 122 $ ELSE | 133 $ ELSE |
| 123 $ echo "Making CA certificate ..." | 134 $ echo "Making CA certificate ..." |
| 124 $ DEFINE/USER SYS$INPUT '__INPUT' | 135 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
| 125 $ REQ -new -x509 -keyout 'CATOP'.private'CAKEY' - | 136 $ REQ -new -x509 -keyout 'CAKEY' -out 'CACERT' 'DAYS' |
| 126 » » -out 'CATOP''CACERT' 'DAYS' | 137 $ RET=$STATUS |
| 127 $» RET=$STATUS | |
| 128 $ ENDIF | 138 $ ENDIF |
| 129 $ ENDIF | 139 $ ENDIF |
| 130 $ GOTO opt_loop_continue | 140 $ GOTO opt_loop_continue |
| 131 $ ENDIF | 141 $ ENDIF |
| 132 $! | 142 $! |
| 133 $ IF (prog_opt .EQS. "-pkcs12") | 143 $ IF (prog_opt .EQS. "-pkcs12") |
| 134 $ THEN | 144 $ THEN |
| 135 $ i = i + 1 | 145 $ i = i + 1 |
| 136 $ cname = P'i' | 146 $ cname = P'i' |
| 137 $ IF cname .EQS. "" THEN cname = "My certificate" | 147 $ IF cname .EQS. "" THEN cname = "My certificate" |
| 138 $ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CATOP''CACERT - | 148 $ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CACERT' - |
| 139 » -out newcert.p12 -export -name "''cname'" | 149 -out newcert.p12 -export -name "''cname'" |
| 140 $ RET=$STATUS | 150 $ RET=$STATUS |
| 141 $ exit RET | 151 $ goto clean_up |
| 142 $ ENDIF | 152 $ ENDIF |
| 143 $! | 153 $! |
| 144 $ IF (prog_opt .EQS. "-xsign") | 154 $ IF (prog_opt .EQS. "-xsign") |
| 145 $ THEN | 155 $ THEN |
| 146 $! | 156 $! |
| 147 $ DEFINE/USER SYS$INPUT '__INPUT' | 157 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
| 148 $ CA -policy policy_anything -infiles newreq.pem | 158 $ CA -policy policy_anything -infiles newreq.pem |
| 149 $ RET=$STATUS | 159 $ RET=$STATUS |
| 150 $ GOTO opt_loop_continue | 160 $ GOTO opt_loop_continue |
| 151 $ ENDIF | 161 $ ENDIF |
| 152 $! | 162 $! |
| 153 $ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq")) | 163 $ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq")) |
| 154 $ THEN | 164 $ THEN |
| 155 $! | 165 $! |
| 156 $ DEFINE/USER SYS$INPUT '__INPUT' | 166 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
| 157 $ CA -policy policy_anything -out newcert.pem -infiles newreq.pem | 167 $ CA -policy policy_anything -out newcert.pem -infiles newreq.pem |
| 158 $ RET=$STATUS | 168 $ RET=$STATUS |
| 159 $ type newcert.pem | 169 $ type newcert.pem |
| 160 $ echo "Signed certificate is in newcert.pem" | 170 $ echo "Signed certificate is in newcert.pem" |
| 161 $ GOTO opt_loop_continue | 171 $ GOTO opt_loop_continue |
| 162 $ ENDIF | 172 $ ENDIF |
| 163 $! | 173 $! |
| 164 $ IF (prog_opt .EQS. "-signcert") | 174 $ IF (prog_opt .EQS. "-signcert") |
| 165 $ THEN | 175 $ THEN |
| 166 $! | 176 $! |
| 167 $ echo "Cert passphrase will be requested twice - bug?" | 177 $ echo "Cert passphrase will be requested twice - bug?" |
| 168 $ DEFINE/USER SYS$INPUT '__INPUT' | 178 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
| 169 $ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem | 179 $ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem |
| 170 $ DEFINE/USER SYS$INPUT '__INPUT' | 180 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
| 171 $ CA -policy policy_anything -out newcert.pem -infiles tmp.pem | 181 $ CA -policy policy_anything -out newcert.pem -infiles tmp.pem |
| 172 y | 182 y |
| 173 y | 183 y |
| 174 $ type newcert.pem | 184 $ type newcert.pem |
| 175 $ echo "Signed certificate is in newcert.pem" | 185 $ echo "Signed certificate is in newcert.pem" |
| 176 $ GOTO opt_loop_continue | 186 $ GOTO opt_loop_continue |
| 177 $ ENDIF | 187 $ ENDIF |
| 178 $! | 188 $! |
| 179 $ IF (prog_opt .EQS. "-verify") | 189 $ IF (prog_opt .EQS. "-verify") |
| 180 $ THEN | 190 $ THEN |
| 181 $! | 191 $! |
| 182 $ i = i + 1 | 192 $ i = i + 1 |
| 183 $ IF (p'i' .EQS. "") | 193 $ IF (p'i' .EQS. "") |
| 184 $ THEN | 194 $ THEN |
| 185 $ DEFINE/USER SYS$INPUT '__INPUT' | 195 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
| 186 $ VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem | 196 $ VERIFY "-CAfile" 'CACERT' newcert.pem |
| 187 $ ELSE | 197 $ ELSE |
| 188 $ j = i | 198 $ j = i |
| 189 $ verify_opt_loop: | 199 $ verify_opt_loop: |
| 190 $ IF j .GT. 8 THEN GOTO verify_opt_loop_end | 200 $ IF j .GT. 8 THEN GOTO verify_opt_loop_end |
| 191 $ IF p'j' .NES. "" | 201 $ IF p'j' .NES. "" |
| 192 $ THEN | 202 $ THEN |
| 193 $ DEFINE/USER SYS$INPUT '__INPUT' | 203 $ DEFINE /USER_MODE SYS$INPUT '__INPUT' |
| 194 $ __tmp = p'j' | 204 $ __tmp = p'j' |
| 195 $ VERIFY "-CAfile" 'CATOP''CACERT' '__tmp' | 205 $ VERIFY "-CAfile" 'CACERT' '__tmp' |
| 196 $ tmp=$STATUS | 206 $ tmp=$STATUS |
| 197 $ IF tmp .NE. 0 THEN RET=tmp | 207 $ IF tmp .NE. 0 THEN RET=tmp |
| 198 $ ENDIF | 208 $ ENDIF |
| 199 $ j = j + 1 | 209 $ j = j + 1 |
| 200 $ GOTO verify_opt_loop | 210 $ GOTO verify_opt_loop |
| 201 $ verify_opt_loop_end: | 211 $ verify_opt_loop_end: |
| 202 $ ENDIF | 212 $ ENDIF |
| 203 $ | 213 $ |
| 204 $ GOTO opt_loop_end | 214 $ GOTO opt_loop_end |
| 205 $ ENDIF | 215 $ ENDIF |
| 206 $! | 216 $! |
| 207 $ IF (prog_opt .NES. "") | 217 $ IF (prog_opt .NES. "") |
| 208 $ THEN | 218 $ THEN |
| 209 $! | 219 $! |
| 210 $ echo "Unknown argument ''prog_opt'" | 220 $ echo "Unknown argument ''prog_opt'" |
| 211 $ | 221 $ RET = 3 |
| 212 $ EXIT 3 | 222 $ goto clean_up |
| 213 $ ENDIF | 223 $ ENDIF |
| 214 $ | 224 $ |
| 215 $opt_loop_continue: | 225 $opt_loop_continue: |
| 216 $ i = i + 1 | 226 $ i = i + 1 |
| 217 $ GOTO opt_loop | 227 $ GOTO opt_loop |
| 218 $ | 228 $ |
| 219 $opt_loop_end: | 229 $opt_loop_end: |
| 230 $! |
| 231 $clean_up: |
| 232 $! |
| 233 $ if f$trnlnm( "CATOP", "LNM$PROCESS") .nes. "" then - |
| 234 deassign /process CATOP |
| 235 $! |
| 220 $ EXIT 'RET' | 236 $ EXIT 'RET' |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/