App-sslmaker
view release on metacpan or search on metacpan
script/sslmaker view on Meta::CPAN
sub subcommand_generate {
my ($self, $cn) = @_;
return print extract_usage if $self->{h};
die "Usage: sslmaker generate <name>\n" unless $cn;
my $args = {
bits => $self->{bits},
csr => "$cn.csr.pem",
days => $self->{days},
ext => $self->{ext} || ["subjectAltName=DNS:$cn"],
home => $self->home,
key => "$cn.key.pem",
subject => "/CN=$cn",
};
my $sslmaker = App::sslmaker->new;
my $intermediate_cert = $self->home->child(qw(certs ca.cert.pem));
$sslmaker->subject(-r $intermediate_cert ? ($intermediate_cert, $self->{subject}) : ($self->{subject}));
$self->run_maybe($args->{key}, sub { $sslmaker->make_key($args) });
$self->run_maybe($args->{csr}, sub { $sslmaker->make_csr($args) });
$sslmaker->_d("# It is safe to send $args->{csr} to SSL admin for signing.");
}
sub subcommand_intermediate {
my ($self) = @_;
return print extract_usage if $self->{h};
$self->{bits} ||= 8192;
my $home = $self->home;
my $args = {
bits => $self->{bits},
ca_cert => $self->_root_file('cert'),
ca_key => $self->_root_file('key'),
cert => $home->child(qw(certs ca.cert.pem)),
csr => $home->child(qw(certs ca.csr.pem)),
days => $self->{days} || 365 * 28,
extensions => 'v3_ca',
home => $home,
key => $home->child(qw(private ca.key.pem)),
passphrase => $home->child(qw(private passphrase)),
};
my $sslmaker = App::sslmaker->new;
$sslmaker->_d('# Intermediate CA settings');
$sslmaker->_d(sprintf '- %-12s %s', "$_:", "$args->{$_}") for sort keys %$args;
$sslmaker->_d('');
$sslmaker->subject($args->{ca_cert}, $self->{subject});
$sslmaker->make_directories({home => $home, templates => 1});
$self->run_maybe($args->{key}, sub { $sslmaker->$wrapper(make_key => $args) });
$self->run_maybe($args->{csr}, sub { $sslmaker->$wrapper(make_csr => $args) });
$args->{home} = $self->root->parent;
$args->{passphrase} = $self->root->parent->child(qw(passphrase));
$self->run_maybe($args->{cert}, sub { $sslmaker->$wrapper(sign_csr => $args) });
$args->{chain_cert} = $home->child(qw(certs ca-chain.cert.pem));
$sslmaker->_cat(@$args{qw( cert ca_cert chain_cert )});
$sslmaker->_d("# Generated $args->{chain_cert} from CA and intermediate certificate");
$sslmaker->openssl(
verify => -CAfile => @$args{qw( ca_cert cert )},
sub {
my ($sslmaker, $output) = @_;
die $output if $output =~ /error/;
}
);
return 0;
}
sub subcommand_nginx {
my ($self, $domain) = @_;
return print extract_usage if $self->{h};
die "Usage: sslmaker nginx <domain>\n" unless $domain;
print +App::sslmaker->_render_template(
'nginx.config',
{
domain => $domain,
key => "/etc/nginx/ssl/$domain.key.pem",
cert => "/etc/nginx/ssl/$domain.cert.pem",
ca_cert => $self->home->child(qw(certs ca-chain.cert.pem)),
},
);
return 0;
}
sub subcommand_sign {
my ($self, $csr, $cert) = @_;
my $home = $self->home;
return print extract_usage if $self->{h};
die "Usage: sslmaker sign <csr> [cert]\n" unless $csr;
$cert ||= do { local $_ = $csr; s!(\.csr)?\.pem$!\.cert.pem!; $_ };
my $sslmaker = App::sslmaker->new;
$sslmaker->$wrapper(
sign_csr => {
home => $home,
ca_cert => $home->child(qw(certs ca.cert.pem)),
ca_key => $home->child(qw(private ca.key.pem)),
cert => $cert,
csr => $csr,
days => $self->{days},
extensions => 'usr_cert',
passphrase => $home->child(qw(private passphrase)),
}
);
$sslmaker->_d("# Generated $cert");
$sslmaker->_d("# Run this command for more details: openssl x509 -in $cert -noout -text");
}
sub run_maybe {
my ($self, $file, $cb) = @_;
return App::sslmaker->_d("! File $file exists.") if -e $file;
$self->$cb;
App::sslmaker->_d("# Generated $_[1]");
}
sub _root_file {
( run in 0.569 second using v1.01-cache-2.11-cpan-39bf76dae61 )