Ready to generate new certificates
This commit is contained in:
parent
ac5aa1099e
commit
cc588d51f9
5
check.pl
5
check.pl
@ -110,6 +110,11 @@ for my $f (readdir $dh)
|
|||||||
elsif ($type eq "sha512") {
|
elsif ($type eq "sha512") {
|
||||||
$tmp_solution = sha512_hex($solution);
|
$tmp_solution = sha512_hex($solution);
|
||||||
}
|
}
|
||||||
|
elsif ($type eq "whirlpool") {
|
||||||
|
my $hash = Digest->new( 'Whirlpool' );
|
||||||
|
$hash->add( $solution );
|
||||||
|
$tmp_solution = $hash->hexdigest;
|
||||||
|
}
|
||||||
elsif ($type ne "raw") {
|
elsif ($type ne "raw") {
|
||||||
warn "$type not implemented";
|
warn "$type not implemented";
|
||||||
}
|
}
|
||||||
|
21
misc/CA.sh
21
misc/CA.sh
@ -11,7 +11,8 @@ fi
|
|||||||
CAKEY=./cakey.key
|
CAKEY=./cakey.key
|
||||||
CAREQ=./careq.csr
|
CAREQ=./careq.csr
|
||||||
CACERT=./cacert.crt
|
CACERT=./cacert.crt
|
||||||
DAYS=365
|
|
||||||
|
DAYS=2
|
||||||
|
|
||||||
#GREEN="\033[1;32m"
|
#GREEN="\033[1;32m"
|
||||||
#RED="\033[1;31m"
|
#RED="\033[1;31m"
|
||||||
@ -63,7 +64,6 @@ case $1 in
|
|||||||
echo -e "${GREEN}Making CA key and csr${COLOR_RST}"
|
echo -e "${GREEN}Making CA key and csr${COLOR_RST}"
|
||||||
sed -i 's/=.*#COMMONNAME/= FIC2014 CA #COMMONNAME/' $OPENSSL_CONF
|
sed -i 's/=.*#COMMONNAME/= FIC2014 CA #COMMONNAME/' $OPENSSL_CONF
|
||||||
sed -i "s/=.*#DIR/= ${ESCAPED} #DIR/" $OPENSSL_CONF
|
sed -i "s/=.*#DIR/= ${ESCAPED} #DIR/" $OPENSSL_CONF
|
||||||
sed -i "s/=.*#CERTTYPE/= objsign #CERTTYPE/" $OPENSSL_CONF
|
|
||||||
|
|
||||||
type pwgen > /dev/null
|
type pwgen > /dev/null
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
@ -72,10 +72,9 @@ case $1 in
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
pass=`pwgen -n -B -y 12 1`
|
pass=`pwgen -n -B -y 12 1`
|
||||||
|
|
||||||
openssl req -batch -new -keyout ${TOP_DIR}/private/${CAKEY} \
|
openssl req -batch -new -keyout ${TOP_DIR}/private/${CAKEY} \
|
||||||
-out ${TOP_DIR}/${CAREQ} -passout pass:$pass \
|
-out ${TOP_DIR}/${CAREQ} -passout pass:$pass \
|
||||||
-config $OPENSSL_CONF > $OUTPUT 2>&1
|
-config $OPENSSL_CONF -extensions CORE_CA > $OUTPUT 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
clean "ca"
|
clean "ca"
|
||||||
@ -94,7 +93,7 @@ case $1 in
|
|||||||
echo -e "${GREEN}Self signes the CA certificate${COLOR_RST}"
|
echo -e "${GREEN}Self signes the CA certificate${COLOR_RST}"
|
||||||
openssl ca -batch -create_serial -out ${TOP_DIR}/${CACERT} \
|
openssl ca -batch -create_serial -out ${TOP_DIR}/${CACERT} \
|
||||||
-days ${DAYS} -keyfile ${TOP_DIR}/private/${CAKEY} \
|
-days ${DAYS} -keyfile ${TOP_DIR}/private/${CAKEY} \
|
||||||
-selfsign -extensions v3_ca -config ${OPENSSL_CONF} \
|
-selfsign -extensions CORE_CA -config ${OPENSSL_CONF} \
|
||||||
-infiles ${TOP_DIR}/${CAREQ} > $OUTPUT 2>&1
|
-infiles ${TOP_DIR}/${CAREQ} > $OUTPUT 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
@ -108,17 +107,16 @@ case $1 in
|
|||||||
echo -e "${RED}Can not found the CA's key${COLOR_RST}"
|
echo -e "${RED}Can not found the CA's key${COLOR_RST}"
|
||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
sed -i 's/=.*#COMMONNAME/= FIC2014 Server #COMMONNAME/' $OPENSSL_CONF
|
sed -i 's/=.*#COMMONNAME/=10.226.3.70#COMMONNAME/' $OPENSSL_CONF
|
||||||
sed -i "s/=.*#CERTTYPE/= server #CERTTYPE/" $OPENSSL_CONF
|
|
||||||
openssl req -batch -new -keyout server.key -out server.csr \
|
openssl req -batch -new -keyout server.key -out server.csr \
|
||||||
-days ${DAYS} -config ${OPENSSL_CONF} > $OUTPUT 2>&1
|
-days ${DAYS} -config ${OPENSSL_CONF} -extensions SERVER_SSL > $OUTPUT 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
exit 4
|
exit 4
|
||||||
fi
|
fi
|
||||||
echo -e "${GREEN}Signing the Server crt${COLOR_RST}"
|
echo -e "${GREEN}Signing the Server crt${COLOR_RST}"
|
||||||
openssl ca -policy policy_match -config ${OPENSSL_CONF} \
|
openssl ca -policy policy_match -config ${OPENSSL_CONF} \
|
||||||
-out server.crt -infiles server.csr > $OUTPUT 2>&1
|
-out server.crt -extensions SERVER_SSL -infiles server.csr
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo -e "${RED}Signing failed for new server${COLOR_RST}"
|
echo -e "${RED}Signing failed for new server${COLOR_RST}"
|
||||||
rm -rf server.key server.crt server.csr
|
rm -rf server.key server.crt server.csr
|
||||||
@ -145,7 +143,6 @@ case $1 in
|
|||||||
exit 2
|
exit 2
|
||||||
fi
|
fi
|
||||||
sed -i "s/=.*#COMMONNAME/= $2#COMMONNAME/" $OPENSSL_CONF
|
sed -i "s/=.*#COMMONNAME/= $2#COMMONNAME/" $OPENSSL_CONF
|
||||||
sed -i "s/=.*#CERTTYPE/= client #CERTTYPE/" $OPENSSL_CONF
|
|
||||||
|
|
||||||
type pwgen > /dev/null
|
type pwgen > /dev/null
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
@ -156,7 +153,7 @@ case $1 in
|
|||||||
pass=`pwgen -n -B -y 12 1`
|
pass=`pwgen -n -B -y 12 1`
|
||||||
|
|
||||||
openssl req -batch -new -keyout ${TOP_DIR}/${2}.key -out ${TOP_DIR}/${2}.csr \
|
openssl req -batch -new -keyout ${TOP_DIR}/${2}.key -out ${TOP_DIR}/${2}.csr \
|
||||||
-config ${OPENSSL_CONF} -passout pass:$pass -days ${DAYS} > $OUTPUT 2>&1
|
-config ${OPENSSL_CONF} -passout pass:$pass -days ${DAYS} -extensions CLIENT_SSL > $OUTPUT 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
clean "client" $2
|
clean "client" $2
|
||||||
@ -165,7 +162,7 @@ case $1 in
|
|||||||
|
|
||||||
echo -e "${GREEN}Signing the Client crt${COLOR_RST}"
|
echo -e "${GREEN}Signing the Client crt${COLOR_RST}"
|
||||||
openssl ca -batch -policy policy_match -out ${TOP_DIR}/${2}.crt \
|
openssl ca -batch -policy policy_match -out ${TOP_DIR}/${2}.crt \
|
||||||
-config ${OPENSSL_CONF} -infiles ${TOP_DIR}/${2}.csr > $OUTPUT 2>&1
|
-config ${OPENSSL_CONF} -extensions CLIENT_SSL -infiles ${TOP_DIR}/${2}.csr > $OUTPUT 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
echo -e "${RED}Signing failed for $2 ${COLOR_RST}"
|
echo -e "${RED}Signing failed for $2 ${COLOR_RST}"
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
|
216
misc/openssl.cnf
216
misc/openssl.cnf
@ -55,8 +55,6 @@ crl = $dir/crl.pem # The current CRL
|
|||||||
private_key = $dir/private/cakey.key # The private key
|
private_key = $dir/private/cakey.key # The private key
|
||||||
RANDFILE = $dir/private/.rand # private random number file
|
RANDFILE = $dir/private/.rand # private random number file
|
||||||
|
|
||||||
x509_extensions = usr_cert # The extentions to add to the cert
|
|
||||||
|
|
||||||
# Comment out the following two lines for the "traditional"
|
# Comment out the following two lines for the "traditional"
|
||||||
# (and highly broken) format.
|
# (and highly broken) format.
|
||||||
name_opt = ca_default # Subject Name options
|
name_opt = ca_default # Subject Name options
|
||||||
@ -70,7 +68,7 @@ cert_opt = ca_default # Certificate field options
|
|||||||
# crlnumber must also be commented out to leave a V1 CRL.
|
# crlnumber must also be commented out to leave a V1 CRL.
|
||||||
# crl_extensions = crl_ext
|
# crl_extensions = crl_ext
|
||||||
|
|
||||||
default_days = 365 # how long to certify for
|
default_days = 2 # how long to certify for
|
||||||
default_crl_days= 30 # how long before next CRL
|
default_crl_days= 30 # how long before next CRL
|
||||||
default_md = default # use public key default MD
|
default_md = default # use public key default MD
|
||||||
preserve = no # keep passed DN ordering
|
preserve = no # keep passed DN ordering
|
||||||
@ -147,7 +145,7 @@ organizationalUnitName = Organizational Unit Name (eg, section)
|
|||||||
organizationalUnitName_default = SRS
|
organizationalUnitName_default = SRS
|
||||||
|
|
||||||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||||
commonName_default = Groupe_8#COMMONNAME
|
commonName_default =10.226.3.70#COMMONNAME
|
||||||
commonName_max = 64
|
commonName_max = 64
|
||||||
|
|
||||||
emailAddress = Email Address
|
emailAddress = Email Address
|
||||||
@ -163,191 +161,37 @@ challengePassword_max = 20
|
|||||||
|
|
||||||
unstructuredName = An optional company name
|
unstructuredName = An optional company name
|
||||||
|
|
||||||
[ usr_cert ]
|
[CORE_CA]
|
||||||
|
nsComment = "FIC2014 CA"
|
||||||
# These extensions are added when 'ca' signs a request.
|
basicConstraints = critical,CA:TRUE,pathlen:1
|
||||||
|
|
||||||
# This goes against PKIX guidelines but some CAs do it and some software
|
|
||||||
# requires this to avoid interpreting an end user certificate as a CA.
|
|
||||||
|
|
||||||
basicConstraints=CA:FALSE
|
|
||||||
|
|
||||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
|
||||||
# the certificate can be used for anything *except* object signing.
|
|
||||||
|
|
||||||
# This is OK for an SSL server.
|
|
||||||
nsCertType = client #CERTTYPE
|
|
||||||
|
|
||||||
# For an object signing certificate this would be used.
|
|
||||||
# nsCertType = objsign
|
|
||||||
|
|
||||||
# For normal client use this is typical
|
|
||||||
# nsCertType = client, email
|
|
||||||
|
|
||||||
# and for everything including object signing:
|
|
||||||
# nsCertType = client, email, objsign
|
|
||||||
|
|
||||||
# This is typical in keyUsage for a client certificate.
|
|
||||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
||||||
|
|
||||||
# This will be displayed in Netscape's comment listbox.
|
|
||||||
nsComment = "FIC 2014 generated certificates"
|
|
||||||
|
|
||||||
# PKIX recommendations harmless if included in all certificates.
|
|
||||||
subjectKeyIdentifier = hash
|
subjectKeyIdentifier = hash
|
||||||
authorityKeyIdentifier=keyid,issuer
|
authorityKeyIdentifier = keyid,issuer:always
|
||||||
|
issuerAltName = issuer:copy
|
||||||
# This stuff is for subjectAltName and issuerAltname.
|
keyUsage = keyCertSign, cRLSign
|
||||||
# Import the email address.
|
nsCertType = sslCA
|
||||||
# subjectAltName=email:copy
|
|
||||||
# An alternative to produce certificates that aren't
|
|
||||||
# deprecated according to PKIX.
|
|
||||||
# subjectAltName=email:move
|
|
||||||
|
|
||||||
# Copy subject details
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
|
|
||||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
|
||||||
#nsBaseUrl
|
|
||||||
#nsRevocationUrl
|
|
||||||
#nsRenewalUrl
|
|
||||||
#nsCaPolicyUrl
|
|
||||||
#nsSslServerName
|
|
||||||
|
|
||||||
# This is required for TSA certificates.
|
|
||||||
# extendedKeyUsage = critical,timeStamping
|
|
||||||
|
|
||||||
[ v3_req ]
|
|
||||||
|
|
||||||
# Extensions to add to a certificate request
|
|
||||||
|
|
||||||
basicConstraints = CA:FALSE
|
|
||||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
||||||
|
|
||||||
[ v3_ca ]
|
|
||||||
|
|
||||||
|
|
||||||
# Extensions for a typical CA
|
|
||||||
|
|
||||||
|
|
||||||
# PKIX recommendation.
|
|
||||||
|
|
||||||
subjectKeyIdentifier=hash
|
subjectKeyIdentifier=hash
|
||||||
|
|
||||||
authorityKeyIdentifier=keyid:always,issuer
|
authorityKeyIdentifier=keyid:always,issuer
|
||||||
|
|
||||||
# This is what PKIX recommends but some broken software chokes on critical
|
[SERVER_SSL]
|
||||||
# extensions.
|
nsComment = "FIC2014 Server"
|
||||||
#basicConstraints = critical,CA:true
|
|
||||||
# So we do this instead.
|
|
||||||
basicConstraints = CA:true
|
|
||||||
|
|
||||||
# Key usage: this is typical for a CA certificate. However since it will
|
|
||||||
# prevent it being used as an test self-signed certificate it is best
|
|
||||||
# left out by default.
|
|
||||||
# keyUsage = cRLSign, keyCertSign
|
|
||||||
|
|
||||||
# Some might want this also
|
|
||||||
# nsCertType = sslCA, emailCA
|
|
||||||
|
|
||||||
# Include email address in subject alt name: another PKIX recommendation
|
|
||||||
# subjectAltName=email:copy
|
|
||||||
# Copy issuer details
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
|
|
||||||
# DER hex encoding of an extension: beware experts only!
|
|
||||||
# obj=DER:02:03
|
|
||||||
# Where 'obj' is a standard or added object
|
|
||||||
# You can even override a supported extension:
|
|
||||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
|
||||||
|
|
||||||
[ crl_ext ]
|
|
||||||
|
|
||||||
# CRL extensions.
|
|
||||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
|
||||||
|
|
||||||
# issuerAltName=issuer:copy
|
|
||||||
authorityKeyIdentifier=keyid:always
|
|
||||||
|
|
||||||
[ proxy_cert_ext ]
|
|
||||||
# These extensions should be added when creating a proxy certificate
|
|
||||||
|
|
||||||
# This goes against PKIX guidelines but some CAs do it and some software
|
|
||||||
# requires this to avoid interpreting an end user certificate as a CA.
|
|
||||||
|
|
||||||
basicConstraints=CA:FALSE
|
|
||||||
|
|
||||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
|
||||||
# the certificate can be used for anything *except* object signing.
|
|
||||||
|
|
||||||
# This is OK for an SSL server.
|
|
||||||
# nsCertType = server
|
|
||||||
|
|
||||||
# For an object signing certificate this would be used.
|
|
||||||
# nsCertType = objsign
|
|
||||||
|
|
||||||
# For normal client use this is typical
|
|
||||||
# nsCertType = client, email
|
|
||||||
|
|
||||||
# and for everything including object signing:
|
|
||||||
# nsCertType = client, email, objsign
|
|
||||||
|
|
||||||
# This is typical in keyUsage for a client certificate.
|
|
||||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
||||||
|
|
||||||
# This will be displayed in Netscape's comment listbox.
|
|
||||||
nsComment = "OpenSSL Generated Certificate"
|
|
||||||
|
|
||||||
# PKIX recommendations harmless if included in all certificates.
|
|
||||||
subjectKeyIdentifier = hash
|
subjectKeyIdentifier = hash
|
||||||
authorityKeyIdentifier=keyid,issuer
|
authorityKeyIdentifier = keyid,issuer:always
|
||||||
|
issuerAltName = issuer:copy
|
||||||
|
basicConstraints = critical,CA:FALSE
|
||||||
|
keyUsage = digitalSignature, keyEncipherment
|
||||||
|
nsCertType = server
|
||||||
|
extendedKeyUsage = serverAuth
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid:always,issuer
|
||||||
|
|
||||||
# This stuff is for subjectAltName and issuerAltname.
|
[CLIENT_SSL]
|
||||||
# Import the email address.
|
nsComment = "FIC2014 Client"
|
||||||
# subjectAltName=email:copy
|
subjectKeyIdentifier = hash
|
||||||
# An alternative to produce certificates that aren't
|
authorityKeyIdentifier = keyid,issuer:always
|
||||||
# deprecated according to PKIX.
|
issuerAltName = issuer:copy
|
||||||
# subjectAltName=email:move
|
basicConstraints = critical,CA:FALSE
|
||||||
|
keyUsage = digitalSignature, nonRepudiation
|
||||||
# Copy subject details
|
nsCertType = client
|
||||||
# issuerAltName=issuer:copy
|
extendedKeyUsage = clientAuth
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
authorityKeyIdentifier=keyid:always,issuer
|
||||||
#nsBaseUrl
|
|
||||||
#nsRevocationUrl
|
|
||||||
#nsRenewalUrl
|
|
||||||
#nsCaPolicyUrl
|
|
||||||
#nsSslServerName
|
|
||||||
|
|
||||||
# This really needs to be in place for it to be a proxy certificate.
|
|
||||||
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
|
|
||||||
|
|
||||||
####################################################################
|
|
||||||
[ tsa ]
|
|
||||||
|
|
||||||
default_tsa = tsa_config1 # the default TSA section
|
|
||||||
|
|
||||||
[ tsa_config1 ]
|
|
||||||
|
|
||||||
# These are used by the TSA reply generation only.
|
|
||||||
dir = ./demoCA # TSA root directory
|
|
||||||
serial = $dir/tsaserial # The current serial number (mandatory)
|
|
||||||
crypto_device = builtin # OpenSSL engine to use for signing
|
|
||||||
signer_cert = $dir/tsacert.pem # The TSA signing certificate
|
|
||||||
# (optional)
|
|
||||||
certs = $dir/cacert.pem # Certificate chain to include in reply
|
|
||||||
# (optional)
|
|
||||||
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
|
|
||||||
|
|
||||||
default_policy = tsa_policy1 # Policy if request did not specify it
|
|
||||||
# (optional)
|
|
||||||
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
|
|
||||||
digests = md5, sha1 # Acceptable message digests (mandatory)
|
|
||||||
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
|
|
||||||
clock_precision_digits = 0 # number of digits after dot. (optional)
|
|
||||||
ordering = yes # Is ordering defined for timestamps?
|
|
||||||
# (optional, default: no)
|
|
||||||
tsa_name = yes # Must the TSA name be included in the reply?
|
|
||||||
# (optional, default: no)
|
|
||||||
ess_cert_id_chain = no # Must the ESS cert id chain be included?
|
|
||||||
# (optional, default: no)
|
|
||||||
|
15
nginx.conf
15
nginx.conf
@ -2,6 +2,13 @@ server_tokens off;
|
|||||||
client_header_buffer_size 512;
|
client_header_buffer_size 512;
|
||||||
client_max_body_size 512;
|
client_max_body_size 512;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80 default;
|
||||||
|
listen [::]:80 ipv6only=on default;
|
||||||
|
|
||||||
|
rewrite ^ https://$host$uri;
|
||||||
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ipv6only=on ssl;
|
listen [::]:443 ipv6only=on ssl;
|
||||||
@ -13,14 +20,14 @@ server {
|
|||||||
access_log /var/log/nginx/fic.access_log;
|
access_log /var/log/nginx/fic.access_log;
|
||||||
error_log /var/log/nginx/fic.error_log;
|
error_log /var/log/nginx/fic.error_log;
|
||||||
|
|
||||||
ssl_certificate /var/www/fic2014-server/misc/server.crt;
|
ssl_certificate /var/www/fic2014-server/server.crt;
|
||||||
ssl_certificate_key /var/www/fic2014-server/misc/server.key;
|
ssl_certificate_key /var/www/fic2014-server/server.key;
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
|
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
|
||||||
ssl_client_certificate /var/www/fic2014-server/misc/pki/cacert.crt;
|
ssl_client_certificate /var/www/fic2014-server/cacert.crt;
|
||||||
ssl_verify_client optional;
|
ssl_verify_client optional;
|
||||||
ssl_crl /var/www/fic2014-server/misc/pki/crl.pem;
|
ssl_crl /var/www/fic2014-server/crl.pem;
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
|
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
|
||||||
|
|
||||||
|
@ -22,13 +22,13 @@
|
|||||||
<h3>Top 10</h3>
|
<h3>Top 10</h3>
|
||||||
<div class="list-group">
|
<div class="list-group">
|
||||||
{foreach from=$top item=t key=k}
|
{foreach from=$top item=t key=k}
|
||||||
<div class="list-group-item">{$k+1}. {link href="{$t->id}-{$t->get_name_url()}" href_prefix="/" label=$t->get_name()}
|
<div class="list-group-item">{$k+1}. {link href="{$t->id}-{$t->get_name_url()}" href_prefix="/" label={$t->get_name()|replace:"_":" et "}}
|
||||||
<span class="badge">
|
<span class="badge">
|
||||||
{$t->get_pts()}
|
{$t->get_pts()}
|
||||||
</span>
|
</span>
|
||||||
</div>
|
</div>
|
||||||
{/foreach}
|
{/foreach}
|
||||||
<div class="list-group-item"> {link href="classement" href_prefix="/" label="Classement general"}</div>
|
<div class="list-group-item"> {link href="classement" href_prefix="/" label="Classement général"}</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -8,7 +8,8 @@ function show($file)
|
|||||||
header("HTTP/1.1 403 Forbidden");
|
header("HTTP/1.1 403 Forbidden");
|
||||||
}
|
}
|
||||||
|
|
||||||
$file = __DIR__."/submission/".intval($_GET["team"])."-".intval($_GET["theme"])."-".urlencode($_GET["exercice"]);
|
$filename = intval($_GET["team"])."-".intval($_GET["theme"])."-".urlencode($_GET["exercice"]);
|
||||||
|
$file = __DIR__."/submission/".$filename;
|
||||||
|
|
||||||
|
|
||||||
if (file_exists($file))
|
if (file_exists($file))
|
||||||
@ -16,7 +17,12 @@ if (file_exists($file))
|
|||||||
|
|
||||||
else if (!empty($_POST["solution"]) && !empty($_GET["team"]) && !empty($_GET["theme"]) && !empty($_GET["exercice"]))
|
else if (!empty($_POST["solution"]) && !empty($_GET["team"]) && !empty($_GET["theme"]) && !empty($_GET["exercice"]))
|
||||||
{
|
{
|
||||||
file_put_contents($file, $_POST['solution'], LOCK_EX);
|
$algos = array("md5", "sha1", "sha256", "sha384", "sha512", "whirlpool");
|
||||||
|
$content = "";
|
||||||
|
foreach($algos as $algo)
|
||||||
|
$content .= mcrypt_encrypt(MCRYPT_SERPENT_256, hash($algo, $_POST["solution"]), hash($algo, $filename), MCRYPT_MODE_ECB)."\n";
|
||||||
|
|
||||||
|
file_put_contents($file, $content, LOCK_EX);
|
||||||
|
|
||||||
show(__DIR__."/teams/".intval($_GET["team"])."/".urlencode($_GET["theme"])."/".urlencode($_GET["exercice"])."/submission/index.html");
|
show(__DIR__."/teams/".intval($_GET["team"])."/".urlencode($_GET["theme"])."/".urlencode($_GET["exercice"])."/submission/index.html");
|
||||||
}
|
}
|
||||||
|
@ -19,8 +19,7 @@ rsync -e ssh -av $OPTS out/errors phobos:~/
|
|||||||
rsync -e ssh -av $OPTS out/htdocs phobos:~/
|
rsync -e ssh -av $OPTS out/htdocs phobos:~/
|
||||||
rsync -e ssh -av $OPTS out/teams phobos:~/
|
rsync -e ssh -av $OPTS out/teams phobos:~/
|
||||||
rsync -e ssh -avL $OPTS files phobos:~/
|
rsync -e ssh -avL $OPTS files phobos:~/
|
||||||
rsync -e ssh -av $OPTS misc/server.* misc/pki/cacert.crt misc/pki/crl.pem phobos:~/
|
rsync -e ssh -av $OPTS nginx.conf submission.php misc/server.* misc/pki/cacert.crt misc/pki/crl.pem phobos:~/
|
||||||
scp nginx.conf submission.php phobos:~/
|
|
||||||
|
|
||||||
rsync -e ssh -av phobos:~/submission/ submission/
|
rsync -e ssh -av phobos:~/submission/ submission/
|
||||||
ssh phobos "rm -fv ~/submission/*"
|
ssh phobos "rm -fv ~/submission/*"
|
||||||
|
Loading…
Reference in New Issue
Block a user