From de48af8ef8fc33afe302e940f36dd3ccde2cce4c Mon Sep 17 00:00:00 2001 From: nemunaire Date: Tue, 13 Jan 2015 17:04:35 +0100 Subject: [PATCH] Move PKI scripts to pki directory --- onyx/include/admin/certificate.php | 25 ++++++++++--------------- {misc => pki}/CA.sh | 30 +++++++++++++----------------- {misc => pki}/openssl.cnf | 0 3 files changed, 23 insertions(+), 32 deletions(-) rename {misc => pki}/CA.sh (93%) mode change 100755 => 100644 rename {misc => pki}/openssl.cnf (100%) diff --git a/onyx/include/admin/certificate.php b/onyx/include/admin/certificate.php index d0cb5196..c6e23f86 100644 --- a/onyx/include/admin/certificate.php +++ b/onyx/include/admin/certificate.php @@ -25,16 +25,14 @@ function remove_directory($dir) function new_client($name, $misc_dir) { //TODO handle if already exist - putenv("OPENSSL_CONF=$misc_dir/openssl.cnf"); - putenv("PKI_DIR=$misc_dir/pki"); - return shell_exec("$misc_dir/CA.sh -newclient $name"); + putenv("PKI_BASEDIR=$misc_dir"); + return shell_exec("$misc_dir/../pki/CA.sh -newclient $name"); } function revoke_client($name, $misc_dir) { - putenv("OPENSSL_CONF=$misc_dir/openssl.cnf"); - putenv("PKI_DIR=$misc_dir/pki"); - return shell_exec("$misc_dir/CA.sh -revoke $name"); + putenv("PKI_BASEDIR=$misc_dir"); + return shell_exec("$misc_dir/../pki/CA.sh -revoke $name"); } if (!empty($p[2])) @@ -49,10 +47,9 @@ if (!empty($p[2])) if ($p[2] == "newca") { - putenv("OPENSSL_CONF=$misc_dir/openssl.cnf"); - putenv("PKI_DIR=$misc_dir/pki"); + putenv("PKI_BASEDIR=$misc_dir"); $template->assign("output", - shell_exec("$misc_dir/CA.sh -newca")); + shell_exec("$misc_dir/../pki/CA.sh -newca")); return "admin/shell"; } @@ -64,19 +61,17 @@ if (!empty($p[2])) elseif ($p[2] == "newsrv") { - putenv("OPENSSL_CONF=$misc_dir/openssl.cnf"); - putenv("PKI_DIR=$misc_dir/pki"); + putenv("PKI_BASEDIR=$misc_dir"); $template->assign("output", - shell_exec("$misc_dir/CA.sh -newserver")); + shell_exec("$misc_dir/../pki/CA.sh -newserver")); return "admin/shell"; } elseif ($p[2] == "revokesrv") { - putenv("OPENSSL_CONF=$misc_dir/openssl.cnf"); - putenv("PKI_DIR=$misc_dir/pki"); + putenv("PKI_BASEDIR=$misc_dir"); $template->assign("output", - shell_exec("$misc_dir/CA.sh -revokeserver")); + shell_exec("$misc_dir/../pki/CA.sh -revokeserver")); return "admin/shell"; } diff --git a/misc/CA.sh b/pki/CA.sh old mode 100755 new mode 100644 similarity index 93% rename from misc/CA.sh rename to pki/CA.sh index e54efc7d..596a6a8a --- a/misc/CA.sh +++ b/pki/CA.sh @@ -2,21 +2,21 @@ cd $(dirname "$0") -if [ -z "${PKI_DIR}" ]; then - PKI_DIR=pki +if [ -z "${PKI_BASEDIR}" ]; then + PKI_BASEDIR=pki fi -if [ -z "${OPENSSL_CONF}" ]; then - OPENSSL_CONF=openssl.cnf -fi +PKI_DIR=${PKI_BASEDIR}/pki +SHARED_DIR=${PKI_BASEDIR}/shared +OPENSSL_CONF=`pwd`/openssl.cnf CAKEY=${PKI_DIR}/private/cakey.key CAREQ=${PKI_DIR}/careq.csr -CACRT=./shared/cacert.crt +CACRT=${SHARED_DIR}/cacert.crt -SRVKEY=./shared/server.key -SRVREQ=./shared/server.csr -SRVCRT=./shared/server.crt +SRVKEY=${SHARED_DIR}/server.key +SRVREQ=${SHARED_DIR}/server.csr +SRVCRT=${SHARED_DIR}/server.crt # Generate certificates valid for: DAYS=2 @@ -47,13 +47,9 @@ usage() clean() { if [ "$1" = "ca" ]; then - rm -rf ${PKI_DIR}/* ./shared/* - mkdir -p ${PKI_DIR}/certs - mkdir -p ${PKI_DIR}/crl - mkdir -p ${PKI_DIR}/newcerts - mkdir -p ${PKI_DIR}/private - mkdir -p ${PKI_DIR}/pkcs - mkdir -p ./shared + rm -rf ${PKI_DIR}/* ${SHARED_DIR}/* + mkdir -p ${PKI_DIR}/certs ${PKI_DIR}/crl ${PKI_DIR}/newcerts \ + ${PKI_DIR}/private ${PKI_DIR}/pkcs ${SHARED_DIR} echo "01" > ${PKI_DIR}/crlnumber elif [ "$1" = "client" ]; then rm -rf ${PKI_DIR}/${2}.key ${PKI_DIR}/${2}.csr @@ -64,7 +60,7 @@ clean() gen_crl() { echo $ECHO_OPTS "${GREEN}Generate shared/crl.pem${COLOR_RST}" - if ! openssl ca -config ${OPENSSL_CONF} -gencrl -out shared/crl.pem > $OUTPUT 2>&1 + if ! openssl ca -config ${OPENSSL_CONF} -gencrl -out ${SHARED_DIR}/crl.pem > $OUTPUT 2>&1 then echo $ECHO_OPTS "${RED}Generate shared/crl.pem failed" cat $OUTPUT diff --git a/misc/openssl.cnf b/pki/openssl.cnf similarity index 100% rename from misc/openssl.cnf rename to pki/openssl.cnf