diff --git a/iron/Makefile.in b/iron/Makefile.in
index 52f46804ab32a04c7a62ffa03c35a0ef2985bf94..6b6d78aadfa564af14961b57b81dc057b0ddd345 100644
--- a/iron/Makefile.in
+++ b/iron/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,7 +14,17 @@ # PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -76,13 +86,12 @@ NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
subdir = .
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/configure $(am__configure_deps) install-sh \
- missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
+ $(am__configure_deps) $(am__DIST_COMMON)
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
@@ -144,6 +153,7 @@ ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
DIST_SUBDIRS = $(SUBDIRS)
+am__DIST_COMMON = $(srcdir)/Makefile.in install-sh missing
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@@ -251,6 +261,7 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@@ -278,7 +289,6 @@ done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -485,15 +495,15 @@ tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
$(am__post_remove_distdir)
dist-tarZ: distdir
- @echo WARNING: "Support for shar distribution archives is" \
- "deprecated." >&2
+ @echo WARNING: "Support for distribution archives compressed with" \
+ "legacy program 'compress' is deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
$(am__post_remove_distdir)
dist-shar: distdir
- @echo WARNING: "Support for distribution archives compressed with" \
- "legacy program 'compress' is deprecated." >&2
+ @echo WARNING: "Support for shar distribution archives is" \
+ "deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
$(am__post_remove_distdir)
@@ -529,17 +539,17 @@ unzip $(distdir).zip ;;\
esac
chmod -R a-w $(distdir)
chmod u+w $(distdir)
- mkdir $(distdir)/_build $(distdir)/_inst
+ mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
chmod a-w $(distdir)
test -d $(distdir)/_build || exit 0; \
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
&& am__cwd=`pwd` \
- && $(am__cd) $(distdir)/_build \
- && ../configure \
+ && $(am__cd) $(distdir)/_build/sub \
+ && ../../configure \
$(AM_DISTCHECK_CONFIGURE_FLAGS) \
$(DISTCHECK_CONFIGURE_FLAGS) \
- --srcdir=.. --prefix="$$dc_install_base" \
+ --srcdir=../.. --prefix="$$dc_install_base" \
&& $(MAKE) $(AM_MAKEFLAGS) \
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
&& $(MAKE) $(AM_MAKEFLAGS) check \
@@ -712,6 +722,8 @@ install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs installdirs-am maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
pdf-am ps ps-am tags tags-am uninstall uninstall-am
+
+.PRECIOUS: Makefile
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/iron/bin/Makefile.in b/iron/bin/Makefile.in
index b9115fca37bbb3694ab7ab575ee5f0fe53f888a9..2b82b82b5fb7bf278e283f0859a275465660f5ae 100644
--- a/iron/bin/Makefile.in
+++ b/iron/bin/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -77,12 +87,12 @@ NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
subdir = bin
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(srcdir)/iron.in $(dist_bin_SCRIPTS)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_bin_SCRIPTS) \
+ $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES = iron
CONFIG_CLEAN_VPATH_FILES =
@@ -135,6 +145,7 @@ n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/iron.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -201,6 +212,7 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@@ -225,7 +237,6 @@ done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign bin/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign bin/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -433,6 +444,8 @@ install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-dist_binSCRIPTS
+
+.PRECIOUS: Makefile
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/iron/configure b/iron/configure
index a8b4c0c05a03b856da1dc8507701747d5b96caf9..e2719fc519b23175791387fddaad3f7d9f12c1cd 100755
--- a/iron/configure
+++ b/iron/configure
@@ -632,6 +632,7 @@ infodir
docdir
oldincludedir
includedir
+runstatedir
localstatedir
sharedstatedir
sysconfdir
@@ -697,6 +698,7 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -948,6 +950,15 @@
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
+
+ -runstatedir | --runstatedir | --runstatedi | --runstated \
+ | --runstate | --runstat | --runsta | --runst | --runs \
+ | --run | --ru | --r)
+ ac_prev=runstatedir ;;
+ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+ | --run=* | --ru=* | --r=*)
+ runstatedir=$ac_optarg ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
@@ -1086,7 +1097,7 @@ # Check all directory arguments for consistency.
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir
+ libdir localedir mandir runstatedir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
@@ -1239,6 +1250,7 @@ --libexecdir=DIR program executables [EPREFIX/libexec]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
@@ -1706,7 +1718,7 @@
ac_config_files="$ac_config_files Makefile bin/Makefile etc/Makefile libexec/Makefile bin/iron"
-am__api_version='1.14'
+am__api_version='1.15'
ac_aux_dir=
for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
@@ -1927,7 +1939,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
fi
-if test x"${install_sh}" != xset; then
+if test x"${install_sh+set}" != xset; then
case $am_aux_dir in
*\ * | *\ *)
install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
@@ -2255,8 +2267,8 @@ #
# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
mkdir_p='$(MKDIR_P)'
-# We need awk for the "check" target. The system "awk" is bad on
-# some platforms.
+# We need awk for the "check" target (and possibly the TAP driver). The
+# system "awk" is bad on some platforms.
# Always define AMTAR for backward compatibility. Yes, it's still used
# in the wild :-( We should find a proper way to deprecate it ...
AMTAR='$${TAR-tar}'
diff --git a/iron/etc/Makefile.in b/iron/etc/Makefile.in
index 4d0ccf7bc8876cf8c2c6119276b432288d6ec690..87fac21179cb18f03680e48abdc9b9572f93ec38 100644
--- a/iron/etc/Makefile.in
+++ b/iron/etc/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -77,12 +87,12 @@ NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
subdir = etc
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(nobase_dist_sysconf_DATA)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(nobase_dist_sysconf_DATA) \
+ $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@@ -135,6 +145,7 @@ }
am__installdirs = "$(DESTDIR)$(sysconfdir)"
DATA = $(nobase_dist_sysconf_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -201,6 +212,7 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@@ -227,7 +239,6 @@ done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign etc/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign etc/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -422,6 +433,8 @@ install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-nobase_dist_sysconfDATA
+
+.PRECIOUS: Makefile
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/iron/libexec/Makefile.in b/iron/libexec/Makefile.in
index 9ea1b6e066c5ef27d74a6bbcf214a19a3a95412b..a746c01bc6964f663f9ef83be5c9153ce62f6a8a 100644
--- a/iron/libexec/Makefile.in
+++ b/iron/libexec/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.14.1 from Makefile.am.
+# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -15,7 +15,17 @@
@SET_MAKE@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -77,12 +87,12 @@ NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
subdir = libexec
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(nobase_dist_libexec_SCRIPTS)
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(nobase_dist_libexec_SCRIPTS) \
+ $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@@ -135,6 +145,7 @@ n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -201,6 +212,7 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
+runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@@ -222,6 +234,8 @@ iron/iron-ca\
iron/iron-certificate\
iron/iron-client\
iron/iron-service\
+ iron/iron-keystore\
+ iron/iron-pkcs12\
iron/iron-debug
all: all-am
@@ -239,7 +253,6 @@ done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign libexec/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign libexec/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -452,6 +465,8 @@ install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \
uninstall-am uninstall-nobase_dist_libexecSCRIPTS
+
+.PRECIOUS: Makefile
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/iron/libexec/iron/iron-certificate b/iron/libexec/iron/iron-certificate
index e3b5be71451d84b2ed1574d7b417b947d94c9efc..146fc1c7717911b80415b842e2011023d76c3fc3 100755
--- a/iron/libexec/iron/iron-certificate
+++ b/iron/libexec/iron/iron-certificate
@@ -1,8 +1,7 @@
-#! /bin/bash
+#! /bin/bash
# Usage: $iron certificate <sign> <filename>
-# Summary: create certificates
+# Summary: create certificates
# Help: This command groups commands used to setup config create delete a CA
-
APPNAME="iron"
CURRDIR=$(pwd)
@@ -13,99 +12,121 @@ CURRENT_TSTAMP=$(date '+%Y%m%d%H%M')
function certificate_sign()
{
- service=$1
- csrfile=$2
- client=$(basename $csrfile | sed -e 's/.csr$//')
- CLIENT_CERTPATH=$RCDIR/$service/certs
- CP=$CLIENT_CERTPATH/$client
- test -d ${CP} || mkdir -p ${CP}
- openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $csrfile -out $CP/$client.crt
+ service=$1
+ csrfile=$2
+ client=$(basename $csrfile | sed -e 's/.csr$//')
+ CLIENT_CERTPATH=$RCDIR/$service/certs
+ CP=$CLIENT_CERTPATH/$client
+ test -d ${CP} || mkdir -p ${CP}
+ openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $csrfile -out $CP/$client.crt
}
function remote_client_write_setup()
{
- CLIENT_RCFILE="$RCDIR/client-$client"".env"
- echo "REMOTE_RCDIR=$RCDIR">${CLIENT_RCFILE}
- echo "REMOTE_USER=">>${CLIENT_RCFILE}
- echo "REMOTE_HOST=">>${CLIENT_RCFILE}
+ service=$1
+ mkdir -p $RCDIR/$service
+ CLIENT_RCFILE="$RCDIR/$service/client-$client"".env"
+ echo "REMOTE_RCDIR=$RCDIR">${CLIENT_RCFILE}
+ echo "REMOTE_USER=">>${CLIENT_RCFILE}
+ echo "REMOTE_HOST=">>${CLIENT_RCFILE}
+ echo "REMOTE_SSH_IDENTITY_FILE=">>${CLIENT_RCFILE}
+ exit 1
}
function remote_certificate_sign()
{
- service=$1
- remote_csr_user=$2
- remote_csr_host=$3
- remote_csrfile=$4
- csrfile=$(basename $remote_csrfile)
- remote_certdir=$(dirname $remote_csrfile)
- client=$(basename $csrfile | sed -e 's/.csr$//')
- CLIENT_CERTPATH=$RCDIR/$service/certs
- CP=$CLIENT_CERTPATH/$client
- test -d ${CP} || mkdir -p ${CP}
- scp $remote_csr_user@$remote_csr_host:$remote_csrfile $CP/$client.csr
- openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
- scp $CP/$client.crt $REMOTE_USER@$REMOTE_HOST:$remote_certdir
+ service=$1
+ remote_csr_user=$2
+ remote_csr_host=$3
+ remote_csrfile=$4
+ remote_ssh_identity_file=$5
+ csrfile=$(basename $remote_csrfile)
+ remote_certdir=$(dirname $remote_csrfile)
+ client=$(basename $csrfile | sed -e 's/.csr$//')
+ CLIENT_CERTPATH=$RCDIR/$service/certs
+ CP=$CLIENT_CERTPATH/$client
+ test -d ${CP} || mkdir -p ${CP}
+ if [ -f $remote_ssh_identity_file ]; then
+ scp -i $remote_ssh_identity_file $remote_csr_user@$remote_csr_host:$remote_csrfile $CP/$client.csr
+ else
+ scp $remote_csr_user@$remote_csr_host:$remote_csrfile $CP/$client.csr
+ fi
+
+ openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
+
+ if [ -f $remote_ssh_identity_file ]; then
+ scp -i $remote_ssh_identity_file $CP/$client.crt $REMOTE_USER@$REMOTE_HOST:$remote_certdir
+ else
+ scp $CP/$client.crt $REMOTE_USER@$REMOTE_HOST:$remote_certdir
+ fi
}
function certificate_create()
{
- service=$1
- client=$2
- CLIENT_CERTPATH=$RCDIR/$service/certs
- CP=$CLIENT_CERTPATH/$client
- test -d ${CP} || mkdir -p ${CP}
- openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
- test -f $CP/$client.crt && echo "Created certificate in [$CP/$client.crt]"
+ service=$1
+ client=$2
+ CLIENT_CERTPATH=$RCDIR/$service/certs
+ CP=$CLIENT_CERTPATH/$client
+ test -d ${CP} || mkdir -p ${CP}
+ openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
+ test -f $CP/$client.crt && echo "Created certificate in [$CP/$client.crt]"
}
-
function pkcs12_create()
{
- service=$1
- client=$2
- CLIENT_CERTPATH=$RCDIR/$service/certs
- CP=$CLIENT_CERTPATH/$client
- test -d ${CP} || mkdir -p ${CP}
- openssl pkcs12 -export -clcerts -in $CP/$client.crt -inkey $CP/$client.key -out $CP/$client.p12\
- -name "${client}"\
- -CAfile ${CAPATH}/ca.crt -caname root
- test -f $CP/$client.p12 && echo "Created PKCS12 (*.p12) in [$CP/$client.p12]"
+ service=$1
+ client=$2
+ CLIENT_CERTPATH=$RCDIR/$service/certs
+ CP=$CLIENT_CERTPATH/$client
+ test -d ${CP} || mkdir -p ${CP}
+ openssl pkcs12 -export -clcerts -in $CP/$client.crt -inkey $CP/$client.key -out $CP/$client.p12\
+ -name "${client}"\
+ -CAfile ${CAPATH}/ca.crt -caname root
+ test -f $CP/$client.p12 && echo "Created PKCS12 (*.p12) in [$CP/$client.p12]"
}
-
-
-
if [ "$#" = 3 ];then
- operation=$1
- service=$2
- CA_RCFILE="$HOME/"."$APPNAME/default-ca"".env"
- source ${CA_RCFILE}
- if [ "$operation" = "sign" ]; then
- csrfile=$3
- certificate_sign $service $csrfile
- fi
+ operation=$1
+ service=$2
+ CA_RCFILE="$HOME/"."$APPNAME/default-ca"".env"
+ source ${CA_RCFILE}
+ if [ "$operation" = "sign" ]; then
+ csrfile=$3
+ certificate_sign $service $csrfile
+ fi
- if [ "$operation" = "create" ]; then
- client=$3
- certificate_create $service $client
- pkcs12_create $service $client
- fi
+
+ if [ "$operation" = "create" ]; then
+ client=$3
+ certificate_create $service $client
+ pkcs12_create $service $client
+ fi
- if [ "$operation" = "remotesign" ]; then
- client=$3
- CLIENT_RCFILE="$RCDIR/client-$client"".env"
- test -f $CLIENT_RCFILE || ( echo "Edit $CLIENT_RCFILE first" ; remote_client_write_setup ; exit -1)
- test -f $CLIENT_RCFILE && source ${CLIENT_RCFILE}
- remote_csr_user=$REMOTE_USER
- remote_csr_host=$REMOTE_HOST
- remote_csrfile=$REMOTE_RCDIR/$service/certs/$client/$client.csr
- remote_certificate_sign $service $remote_csr_user $remote_csr_host $remote_csrfile
- fi
+ if [ "$operation" = "renew" ]; then
+ client=$3
+ certificate_create $service $client
+ pkcs12_create $service $client
+ fi
+
+ if [ "$operation" = "remotesign" ]; then
+ client=$3
+ CLIENT_RCFILE="$RCDIR/$service/client-$client"".env"
+ test -f $CLIENT_RCFILE || echo "Edit $CLIENT_RCFILE first"
+ test -f $CLIENT_RCFILE || remote_client_write_setup "$service";
+ test -f $CLIENT_RCFILE && source ${CLIENT_RCFILE}
+ test -f $CLIENT_RCFILE && echo "Reading RC from: ${CLIENT_RCFILE}"
+ remote_ssh_identity_file=$REMOTE_SSH_IDENTITY_FILE
+ remote_csr_user=$REMOTE_USER
+ remote_csr_host=$REMOTE_HOST
+ remote_csrfile=$REMOTE_RCDIR/$service/certs/$client/$client.csr
+ remote_certificate_sign $service $remote_csr_user $remote_csr_host $remote_csrfile $remote_ssh_identity_file
+ fi
else
- echo "Usage:"
- echo "\$iron certificate <sign> <service> <CSR-file>"
- echo "\$iron certificate <create> <service> <client-id>"
- echo "\$iron certificate <remotesign> <service><client-id>"
- exit -1
+ echo "Usage:"
+ echo "\$iron certificate <sign> <service> <CSR-file>"
+ echo "\$iron certificate <create> <service> <client-id>"
+ echo "\$iron certificate <renew> <service> <client-id>"
+ echo "\$iron certificate <remotesign> <service><client-id>"
+ exit -1
fi
diff --git a/iron/libexec/iron/iron-certificate~ b/iron/libexec/iron/iron-certificate~
new file mode 100644
index 0000000000000000000000000000000000000000..203fed370bc11e1c7d8f6ef5b805d38dad2ad732
--- /dev/null
+++ b/iron/libexec/iron/iron-certificate~
@@ -0,0 +1,112 @@
+#! /bin/bash
+# Usage: $iron certificate <sign> <filename>
+# Summary: create certificates
+# Help: This command groups commands used to setup config create delete a CA
+
+
+APPNAME="iron"
+CURRDIR=$(pwd)
+
+RCDIR=$HOME/.$APPNAME
+test -d $RCDIR || mkdir -p $RCDIR
+CURRENT_TSTAMP=$(date '+%Y%m%d%H%M')
+
+function certificate_sign()
+{
+ service=$1
+ csrfile=$2
+ client=$(basename $csrfile | sed -e 's/.csr$//')
+ CLIENT_CERTPATH=$RCDIR/$service/certs
+ CP=$CLIENT_CERTPATH/$client
+ test -d ${CP} || mkdir -p ${CP}
+ openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $csrfile -out $CP/$client.crt
+}
+
+function remote_client_write_setup()
+{
+ CLIENT_RCFILE="$RCDIR/client-$client"".env"
+ echo "REMOTE_RCDIR=$RCDIR">${CLIENT_RCFILE}
+ echo "REMOTE_USER=">>${CLIENT_RCFILE}
+ echo "REMOTE_HOST=">>${CLIENT_RCFILE}
+}
+
+
+function remote_certificate_sign()
+{
+ service=$1
+ remote_csr_user=$2
+ remote_csr_host=$3
+ remote_csrfile=$4
+ csrfile=$(basename $remote_csrfile)
+ remote_certdir=$(dirname $remote_csrfile)
+ client=$(basename $csrfile | sed -e 's/.csr$//')
+ CLIENT_CERTPATH=$RCDIR/$service/certs
+ CP=$CLIENT_CERTPATH/$client
+ test -d ${CP} || mkdir -p ${CP}
+ scp $remote_csr_user@$remote_csr_host:$remote_csrfile $CP/$client.csr
+ openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
+ scp $CP/$client.crt $REMOTE_USER@$REMOTE_HOST:$remote_certdir
+}
+
+function certificate_create()
+{
+ service=$1
+ client=$2
+ CLIENT_CERTPATH=$RCDIR/$service/certs
+ CP=$CLIENT_CERTPATH/$client
+ test -d ${CP} || mkdir -p ${CP}
+ openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
+ test -f $CP/$client.crt && echo "Created certificate in [$CP/$client.crt]"
+}
+
+
+function pkcs12_create()
+{
+ service=$1
+ client=$2
+ CLIENT_CERTPATH=$RCDIR/$service/certs
+ CP=$CLIENT_CERTPATH/$client
+ test -d ${CP} || mkdir -p ${CP}
+ openssl pkcs12 -export -clcerts -in $CP/$client.crt -inkey $CP/$client.key -out $CP/$client.p12\
+ -name "${client}"\
+ -CAfile ${CAPATH}/ca.crt -caname root
+ test -f $CP/$client.p12 && echo "Created PKCS12 (*.p12) in [$CP/$client.p12]"
+}
+
+
+
+
+if [ "$#" = 3 ];then
+ operation=$1
+ service=$2
+ CA_RCFILE="$HOME/"."$APPNAME/default-ca"".env"
+ source ${CA_RCFILE}
+ if [ "$operation" = "sign" ]; then
+ csrfile=$3
+ certificate_sign $service $csrfile
+ fi
+
+ if [ "$operation" = "create" ]; then
+ client=$3
+ certificate_create $service $client
+ pkcs12_create $service $client
+ fi
+
+ if [ "$operation" = "remotesign" ]; then
+ client=$3
+ CLIENT_RCFILE="$RCDIR/client-$client"".env"
+ test -f $CLIENT_RCFILE || ( echo "Edit $CLIENT_RCFILE first" ; remote_client_write_setup ; exit -1)
+ test -f $CLIENT_RCFILE && source ${CLIENT_RCFILE}
+ test -f $CLIENT_RCFILE && echo "Reading RC from: ${CLIENT_RCFILE}"
+ remote_csr_user=$REMOTE_USER
+ remote_csr_host=$REMOTE_HOST
+ remote_csrfile=$REMOTE_RCDIR/$service/certs/$client/$client.csr
+ remote_certificate_sign $service $remote_csr_user $remote_csr_host $remote_csrfile
+ fi
+else
+ echo "Usage:"
+ echo "\$iron certificate <sign> <service> <CSR-file>"
+ echo "\$iron certificate <create> <service> <client-id>"
+ echo "\$iron certificate <remotesign> <service><client-id>"
+ exit -1
+fi
diff --git a/iron/libexec/iron/iron-client b/iron/libexec/iron/iron-client
index 0c688417fbfa063cc1fdc8f28af6792883dedd25..c491b364b8d34105572d15915764018ce1645fce 100755
--- a/iron/libexec/iron/iron-client
+++ b/iron/libexec/iron/iron-client
@@ -1,4 +1,4 @@
-#! /bin/bash
+#! /bin/bash
# Usage: iron client <service-name> <client-id> <setup|create|delete>
# Summary: manage CSR for certificates creation
# Help: This command groups commands used to setup config create delete a CA
@@ -12,63 +12,65 @@ CURRENT_TSTAMP=$(date '+%Y%m%d%H%M')
function client_create_csr()
{
- DOMAIN=$1
- client=$2
- CLIENT_CONFIG_FILE=${CLIENT_CONFIG_DIR}/client-${client}.conf
- test -f $CLIENT_CONFIG_FILE || (echo "missing client config file"; exit -1)
- CP=$CLIENT_CERTPATH/$client
- mkdir -p $CP
- openssl genrsa -out $CP/$client.key 1024
- openssl req -new -key $CP/$client.key -out $CP/$client.csr -config $CLIENT_CONFIG_FILE
+ DOMAIN=$1
+ client=$2
+ CLIENT_CONFIG_DIR="$RCDIR/${DOMAIN}/conf"
+ CLIENT_CONFIG_FILE=${CLIENT_CONFIG_DIR}/client-${client}.conf
+ test -f $CLIENT_CONFIG_FILE || (echo "missing client config file"; exit -1)
+ CP=$CLIENT_CERTPATH/$client
+ mkdir -p $CP
+ openssl genrsa -out $CP/$client.key 1024
+ openssl req -new -key $CP/$client.key -out $CP/$client.csr -config $CLIENT_CONFIG_FILE
}
function client_home_setup_delete()
{
- DOMAIN=$1
- client=$2
- echo "About to DELETE cert path: [$RCDIR/${DOMAIN}] are you sure? y/n"
- read confirmation
- if [ "$confirmation" = "y" ]; then
- (rm -fr $RCDIR/${DOMAIN}) && echo "CA DELETED"
- else
- echo "SKIPPING"
- exit -1
- fi
+ DOMAIN=$1
+ client=$2
+ echo "About to DELETE cert path: [$RCDIR/${DOMAIN}] are you sure? y/n"
+ read confirmation
+ if [ "$confirmation" = "y" ]; then
+ (rm -fr $RCDIR/${DOMAIN}) && echo "CA DELETED"
+ else
+ echo "SKIPPING"
+ exit -1
+ fi
}
function client_export_bundle()
{
- DOMAIN=$1
- client=$2
- CAPATH=$RCDIR/CA
- CLIENT_CERTPATH=$RCDIR/${DOMAIN}/certs
- target_dir="cert-$client"
- mkdir -p $target_dir/CA
- mkdir -p $target_dir/$DOMAIN
- mkdir -p $target_dir/$DOMAIN/certs/$client
- cp $CAPATH/ca.crt $target_dir/CA
- cp $CLIENT_CERTPATH/$client/$client.crt $target_dir/$DOMAIN/certs/$client
- openssl rsa -aes256 -in $CLIENT_CERTPATH/$client/$client.key --out $target_dir/$DOMAIN/certs/$client/$client.key
- tar cvfz $target_dir.tar.gz $target_dir && rm -fr $target_dir
+ DOMAIN=$1
+ client=$2
+ CAPATH=$RCDIR/CA
+ CLIENT_CERTPATH=$RCDIR/${DOMAIN}/certs
+ target_dir="cert-$client"
+ mkdir -p $target_dir/CA
+ mkdir -p $target_dir/$DOMAIN
+ mkdir -p $target_dir/$DOMAIN/certs/$client
+ cp $CAPATH/ca.crt $target_dir/CA
+ cp $CLIENT_CERTPATH/$client/$client.crt $target_dir/$DOMAIN/certs/$client
+ openssl rsa -aes256 -in $CLIENT_CERTPATH/$client/$client.key --out $target_dir/$DOMAIN/certs/$client/$client.key
+ tar cvfz $target_dir.tar.gz $target_dir && rm -fr $target_dir
}
function client_home_setup_write()
{
-
- DOMAIN=$1
- client=$2
- CAPATH=$RCDIR/CA
- CLIENT_CERTPATH=$RCDIR/${DOMAIN}/certs
- test -d $CLIENT_CERTPATH/client/$client && ( echo "Dir exist, please delete before" && exit -1)
- test -d $CLIENT_CERTPATH/client/$client || mkdir -p $CLIENT_CERTPATH/client/$client
- test -d $RCDIR/${DOMAIN}/conf || mkdir -p $RCDIR/${DOMAIN}/conf
- echo "CLIENT_CONFIG_DIR=$RCDIR/${DOMAIN}/conf" >> ${RCFILE}
- echo "CLIENT_CERTPATH=$CLIENT_CERTPATH" >> ${RCFILE}
- echo "CLIENT_CONFIG_FILE=${CLIENT_CONFIG_DIR}/client-${client}.conf" >> ${RCFILE}
- echo "CAPATH=${RCDIR}/$DOMAIN/CA" >> ${RCFILE}
- test -d $CAPATH || mkdir -p $CAPATH
- test -d $CLIENT_CERTPATH || mkdir -p $CLIENT_CERTPATH
-
+
+ DOMAIN=$1
+ client=$2
+ CAPATH=$RCDIR/CA
+ CLIENT_CERTPATH=$RCDIR/${DOMAIN}/certs
+ CLIENT_CONFIG_DIR="$RCDIR/${DOMAIN}/conf"
+ test -d $CLIENT_CONFIG_DIR || mkdir -p $CLIENT_CONFIG_DIR
+ test -d $CLIENT_CERTPATH/client/$client && ( echo "Dir exist, please delete before" && exit -1)
+ test -d $CLIENT_CERTPATH/client/$client || mkdir -p $CLIENT_CERTPATH/client/$client
+ echo "CLIENT_CONFIG_DIR=$CLIENT_CONFIG_DIR" >> ${RCFILE}
+ echo "CLIENT_CERTPATH=$CLIENT_CERTPATH" >> ${RCFILE}
+ echo "CLIENT_CONFIG_FILE=${CLIENT_CONFIG_DIR}/client-${client}.conf" >> ${RCFILE}
+ echo "CAPATH=${RCDIR}/$DOMAIN/CA" >> ${RCFILE}
+ test -d $CAPATH || mkdir -p $CAPATH
+ test -d $CLIENT_CERTPATH || mkdir -p $CLIENT_CERTPATH
+
cat<<__EOF__ >$RCDIR/${DOMAIN}/conf/client-${client}.conf
RANDFILE = $ENV::HOME/.rnd
@@ -92,31 +94,30 @@
[ req_attributes ]
#challengePassword = blablabla
__EOF__
-
+
}
if [ "$#" = 3 ];then
- operation=$1
- service=$2
- client=$3
- RCFILE="$RCDIR/$service/client-$client"".env"
- if [ "$operation" = "csr" ]; then
- test -f ${RCFILE} || ( client_home_setup_write ; echo "Edit values in ${RCFILE}"; exit -1)
- source ${RCFILE}
- client_create_csr $service $client
- fi
- if [ "$operation" = "setup" ]; then
- test -f ${RCFILE} || ( client_home_setup_write $service $client; echo "Edit values in ${RCFILE}"; exit 0)
- fi
- if [ "$operation" = "export" ]; then
- client_export_bundle $service $client
- fi
- if [ "$operation" = "delete" ]; then
- source ${RCFILE}
- #client_home_setup_delete $service $client
- fi
+ operation=$1
+ service=$2
+ client=$3
+ RCFILE="$RCDIR/$service/client-$client"".env"
+ if [ "$operation" = "csr" ]; then
+ test -f ${RCFILE} || ( client_home_setup_write ; echo "Edit values in ${RCFILE}"; exit -1)
+ source ${RCFILE}
+ client_create_csr $service $client
+ fi
+ if [ "$operation" = "setup" ]; then
+ test -f ${RCFILE} || ( client_home_setup_write $service $client; echo "Edit values in ${RCFILE}"; exit 0)
+ fi
+ if [ "$operation" = "export" ]; then
+ client_export_bundle $service $client
+ fi
+ if [ "$operation" = "delete" ]; then
+ source ${RCFILE}
+ #client_home_setup_delete $service $client
+ fi
else
- echo "Usage: iron client <setup|csr|delete|export> <service> <client-id>"
- exit -1
+ echo "Usage: iron client <setup|csr|delete|export> <service> <client-id>"
+ exit -1
fi
-
diff --git a/iron/libexec/iron/iron-client~ b/iron/libexec/iron/iron-client~
new file mode 100644
index 0000000000000000000000000000000000000000..98c995516babd504a3bfdb79d36ea9c425a5cb20
--- /dev/null
+++ b/iron/libexec/iron/iron-client~
@@ -0,0 +1,121 @@
+#! /bin/bash
+# Usage: iron client <service-name> <client-id> <setup|create|delete>
+# Summary: manage CSR for certificates creation
+# Help: This command groups commands used to setup config create delete a CA
+
+APPNAME="iron"
+CURRDIR=$(pwd)
+
+RCDIR=$HOME/.$APPNAME
+test -d $RCDIR || mkdir -p $RCDIR
+CURRENT_TSTAMP=$(date '+%Y%m%d%H%M')
+
+function client_create_csr()
+{
+ DOMAIN=$1
+ client=$2
+ CLIENT_CONFIG_FILE=${CLIENT_CONFIG_DIR}/client-${client}.conf
+ test -f $CLIENT_CONFIG_FILE || (echo "missing client config file"; exit -1)
+ CP=$CLIENT_CERTPATH/$client
+ mkdir -p $CP
+ openssl genrsa -out $CP/$client.key 1024
+ openssl req -new -key $CP/$client.key -out $CP/$client.csr -config $CLIENT_CONFIG_FILE
+}
+
+function client_home_setup_delete()
+{
+ DOMAIN=$1
+ client=$2
+ echo "About to DELETE cert path: [$RCDIR/${DOMAIN}] are you sure? y/n"
+ read confirmation
+ if [ "$confirmation" = "y" ]; then
+ (rm -fr $RCDIR/${DOMAIN}) && echo "CA DELETED"
+ else
+ echo "SKIPPING"
+ exit -1
+ fi
+}
+
+function client_export_bundle()
+{
+ DOMAIN=$1
+ client=$2
+ CAPATH=$RCDIR/CA
+ CLIENT_CERTPATH=$RCDIR/${DOMAIN}/certs
+ target_dir="cert-$client"
+ mkdir -p $target_dir/CA
+ mkdir -p $target_dir/$DOMAIN
+ mkdir -p $target_dir/$DOMAIN/certs/$client
+ cp $CAPATH/ca.crt $target_dir/CA
+ cp $CLIENT_CERTPATH/$client/$client.crt $target_dir/$DOMAIN/certs/$client
+ openssl rsa -aes256 -in $CLIENT_CERTPATH/$client/$client.key --out $target_dir/$DOMAIN/certs/$client/$client.key
+ tar cvfz $target_dir.tar.gz $target_dir && rm -fr $target_dir
+}
+
+function client_home_setup_write()
+{
+
+ DOMAIN=$1
+ client=$2
+ CAPATH=$RCDIR/CA
+ CLIENT_CERTPATH=$RCDIR/${DOMAIN}/certs
+ test -d $CLIENT_CERTPATH/client/$client && ( echo "Dir exist, please delete before" && exit -1)
+ test -d $CLIENT_CERTPATH/client/$client || mkdir -p $CLIENT_CERTPATH/client/$client
+ test -d $RCDIR/${DOMAIN}/conf || mkdir -p $RCDIR/${DOMAIN}/conf
+ echo "CLIENT_CONFIG_DIR=$RCDIR/${DOMAIN}/conf" >> ${RCFILE}
+ echo "CLIENT_CERTPATH=$CLIENT_CERTPATH" >> ${RCFILE}
+ echo "CLIENT_CONFIG_FILE=${CLIENT_CONFIG_DIR}/client-${client}.conf" >> ${RCFILE}
+ echo "CAPATH=${RCDIR}/$DOMAIN/CA" >> ${RCFILE}
+ test -d $CAPATH || mkdir -p $CAPATH
+ test -d $CLIENT_CERTPATH || mkdir -p $CLIENT_CERTPATH
+
+ cat<<__EOF__ >$RCDIR/${DOMAIN}/conf/client-${client}.conf
+RANDFILE = $ENV::HOME/.rnd
+
+[ req ]
+default_bits = 1024
+default_keyfile = keyfile.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+prompt = no
+#output_password = bliblablu
+
+[ req_distinguished_name ]
+C = IT
+ST = Italia
+L = Roma
+O = ${DOMAIN}
+OU = ${DOMAIN}
+CN = ${client}
+emailAddress = ${client}
+
+[ req_attributes ]
+#challengePassword = blablabla
+__EOF__
+
+}
+
+if [ "$#" = 3 ];then
+ operation=$1
+ service=$2
+ client=$3
+ RCFILE="$RCDIR/$service/client-$client"".env"
+ if [ "$operation" = "csr" ]; then
+ test -f ${RCFILE} || ( client_home_setup_write ; echo "Edit values in ${RCFILE}"; exit -1)
+ source ${RCFILE}
+ client_create_csr $service $client
+ fi
+ if [ "$operation" = "setup" ]; then
+ test -f ${RCFILE} || ( client_home_setup_write $service $client; echo "Edit values in ${RCFILE}"; exit 0)
+ fi
+ if [ "$operation" = "export" ]; then
+ client_export_bundle $service $client
+ fi
+ if [ "$operation" = "delete" ]; then
+ source ${RCFILE}
+ #client_home_setup_delete $service $client
+ fi
+else
+ echo "Usage: iron client <setup|csr|delete|export> <service> <client-id>"
+ exit -1
+fi
diff --git a/iron/libexec/iron/iron-keystore b/iron/libexec/iron/iron-keystore
index 469d2aab55db616920d6610e269bd6e3ac2f8b26..acabb4897b55e12281764d58c6d0a34f00b2d399 100755
--- a/iron/libexec/iron/iron-keystore
+++ b/iron/libexec/iron/iron-keystore
@@ -1,5 +1,5 @@
#! /bin/bash
-# Usage: $iron keystore <create|sho> <service> <client>
+# Usage: $iron keystore <create|show> <service> <client>
# Summary: create and show contents of java keystore
# Help: This command groups commands used to create java keystore from pkcs#12
diff --git a/iron/libexec/iron/iron-pkcs12 b/iron/libexec/iron/iron-pkcs12
index 58ec37cd255df973b03f41e647c0c94a06f36785..5cc66b2182b2dd1e51899b2e0d34c90207d740e7 100755
--- a/iron/libexec/iron/iron-pkcs12
+++ b/iron/libexec/iron/iron-pkcs12
@@ -1,5 +1,5 @@
#! /bin/bash
-# Usage: $iron pkcs12 create <service> <client>
+# Usage: $iron pkcs12 create <service> [<client>]
# Summary: create *.p12 keystore
# Help: This command groups commands used to create pkcs#12 for distribution
@@ -58,7 +58,17 @@ openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CP/$client.csr -out $CP/$client.crt
test -f $CP/$client.crt && echo "Created certificate in [$CP/$client.crt]"
}
-
+function pkcs12_create_service()
+{
+ service=$1
+ SERVICE_CERTPATH=$RCDIR/$service
+ CP=$SERVICE_CERTPATH/certs
+ test -d ${CP} || mkdir -p ${CP}
+ openssl pkcs12 -export -clcerts -in $CP/server.crt -inkey $CP/server.key -out $CP/server.p12\
+ -name "${service}"\
+ -CAfile ${CAPATH}/ca.crt -caname root
+ test -f $CP/server.p12 && echo "Created PKCS12 (*.p12) in [$CP/server.p12]"
+}
function pkcs12_create()
{
service=$1
@@ -82,9 +92,18 @@ if [ "$operation" = "create" ]; then
client=$3
pkcs12_create $service $client
fi
+elif [ "$#" = 2 ];then
+ operation=$1
+ service=$2
+ CA_RCFILE="$HOME/"."$APPNAME/default-ca"".env"
+ source ${CA_RCFILE}
+
+ if [ "$operation" = "create" ]; then
+ pkcs12_create_service $service
+ fi
else
echo "Usage:"
- echo "\$iron pkcs12 <create> <service> <client-id>"
+ echo "\$iron pkcs12 <create> <service> [<client-id>]"
exit -1
fi
diff --git a/iron/libexec/iron/iron-service b/iron/libexec/iron/iron-service
index a19d3bf2a4d7051cfafb8ab618822129042b3434..744d049af4e980e88f8552fd088351fbeaf44fd1 100755
--- a/iron/libexec/iron/iron-service
+++ b/iron/libexec/iron/iron-service
@@ -22,6 +22,17 @@ #openssl ca -cert $CAPATH/ca.crt -keyfile $CAPATH/ca.key -in $CERTPATH/server.csr -out $CERTPATH/server.crt -config /home/paolo/.iron/dev.lulli.net/conf/openssl-server.conf
}
+function service_renew()
+{
+ test -d $CERTPATH || mkdir -p $CERTPATH
+ openssl req -batch -new -key $CERTPATH/server.key -out $CERTPATH/server.csr -config $SERVER_CONFIG_FILE
+ #OLD::openssl x509 -req -days 365 -in $CERTPATH/server.csr -signkey $CERTPATH/server.key -out $CERTPATH/server.crt
+ openssl x509 -req -days 365 -CA $CAPATH/ca.crt -CAkey $CAPATH/ca.key -CAcreateserial -in $CERTPATH/server.csr \
+ -signkey $CERTPATH/server.key -out $CERTPATH/server.crt
+ #openssl ca -cert $CAPATH/ca.crt -keyfile $CAPATH/ca.key -in $CERTPATH/server.csr -out $CERTPATH/server.crt -config /home/paolo/.iron/dev.lulli.net/conf/openssl-server.conf
+
+}
+
function service_home_setup_delete()
{
DOMAIN=$1
@@ -83,6 +94,13 @@ echo "AFTER"
source ${RCFILE}
service_create $service
fi
+ if [ "$operation" = "renew" ]; then
+ echo "BEFORE"
+ test -f ${RCFILE} || ( service_home_setup_write $service; echo "Edit values in ${RCFILE}"; exit -1)
+ echo "AFTER"
+ source ${RCFILE}
+ service_renew $service
+ fi
if [ "$operation" = "setup" ]; then
test -f ${RCFILE} || ( service_home_setup_write $service; echo "Edit values in ${RCFILE}"; exit 0)
fi
@@ -91,7 +109,7 @@ source ${RCFILE}
service_home_setup_delete $service
fi
else
- echo "Usage: \$iron service <setup|create|delete> <service>"
+ echo "Usage: \$iron service <setup|create|renew|delete> <service>"
exit -1
fi
diff --git a/iron/libexec/iron/p12-to-jks b/iron/libexec/iron/p12-to-jks
new file mode 100755
index 0000000000000000000000000000000000000000..1ceea7e9a8074dc9dad492066c8711b74617efdd
--- /dev/null
+++ b/iron/libexec/iron/p12-to-jks
@@ -0,0 +1,5 @@
+#! /bin/bash -x
+
+keytool -importkeystore -destkeystore server.jks \
+ -srckeystore /home/paolo/.iron/dev.lulli.net/certs/server.p12 -srcstoretype pkcs12 \
+ -alias dev.lulli.net
diff --git a/iron/libexec/iron/server.jks b/iron/libexec/iron/server.jks
new file mode 100644
index 0000000000000000000000000000000000000000..3547f5896e2b6eb1dd586510692c3c244b90bd58
Binary files /dev/null and b/iron/libexec/iron/server.jks differ
diff --git a/iron/makedeb.sh b/iron/makedeb.sh
index 773de5f6a5adc17c0a96814d814c3fd73816cb94..9b11d9d78c182951206c00d7c46bc47b06e9529c 100755
--- a/iron/makedeb.sh
+++ b/iron/makedeb.sh
@@ -1,6 +1,6 @@
#!/usr/bin/env bash
-VERS=1.0.1
+VERS=1.0.3
TARGET_DIR=../target
cd $(dirname $0);
CURRDIR=$(pwd)