Apache-SecSess
10 results

 view release on metacpan or  search on metacpan

utils/mkcerts  view on Meta::CPAN 

	#
	$enccmd = ($opt_e) ?
		"output_password		  = $spasswd" :
		"encrypt_key				= no";

	$configinfo = <<"END_CONFILE";
[ req ]
default_bits			  = $rsabits
default_md				 = $digest
default_keyfile		  = $key
distinguished_name	  = req_distinguished_name
prompt					  = no
$enccmd

[ req_distinguished_name ]
END_CONFILE

	for $dtag (@x500tags) {
		if (defined($hr->{$dtag})) {
			$configinfo .= sprintf("%s\t\t= %s\n", $dtag, $hr->{$dtag});	
		}
	}
	if (defined($hr->{'email'})) {
		$configinfo .= sprintf("emailAddress\t\t= %s\n", $hr->{'email'});	
	}
	open(CONFILE, ">$confile") || die "cannot create config file: $confile";
	printf CONFILE "%s\n", $configinfo;
	close(CONFILE);

	#
	# create cert request
	#
	system(
		"openssl req -config $confile -new -out $req"
	) == 0 or die "problem creating certificate request for: $name";

	#
	# sign the request
	#

	# sign
	open(SIGNREQ, "| openssl x509 -req -in $req -passin stdin -$digest " .
		"-CA $cacert -CAkey $cakey -CAcreateserial -days $days -out $cert"
	) or die "problem signing certificate request for: $name";
	printf SIGNREQ  "%s\n", $capasswd;
	close(SIGNREQ);

	# clean up
	unlink($confile, $req) || die "cannot clean up";

	# display
	if ($opt_d) {
		printf(":\n: Newly Signed Certificate for '%s'\n:\n", $name);
		system(
			"openssl x509 -in $cert -noout -text"
		) == 0 or die "problem printing certificate: $cert";
		printf(":\n: Verifying '%s' ...\n:\n", $name);
		system(
			"openssl x509 -in $cert -noout -fingerprint"
		) == 0 or die "certificate fingerprint problem: $name";
		printf("verifying signature ...\n");
		system(
			"openssl verify -verbose -CAfile $cacert $cert"
		) == 0 or die "certificate fingerprint problem: $name";
	}
}

#
# create the SSL server certs under CA's domain
#
sub mksslserv {
	my $s = shift;
	my($servdns, $name);

	if ($s =~ /\.$/) { # host within signing domain
		$name = $`;
		$servdns = sprintf("%s%s", $s, $dns);
	}
	else { # hosts outside signing domain
		$name = $s;
		$servdns = $s;
	}
	
	#
	# copy most X.500 tags from CA's cert
	#
	&mknsign($opt_e, {
		'name'  => $name,
		'C'	  => $dnc,
		'ST'	 => $dnst,
		'L'	  => $dnl,
		'O'	  => $company,
		'CN'	 => $servdns,
		'email' => "trustmaster\@$dns"
	});
}

#
# make PKCS12 client certificate for browser import
#
sub mkpkcs12 {
	my $c = shift;
	my($email,$nick,$full,$cert,$key,$pemfile,$p12file,);

	#
	# parse nick name, email and full name
	#
	$email = $c->{'email'};
	if ($email =~ /^([^@]+)@/) { # full email passed
		$nick = $1;
	}
	else { # short email passed
		$nick = $email;
		$email = sprintf('%s@%s', $nick, $dns);
	}
	$full = $c->{'full'};

	#
	# make *-cert.pem & *-key.pem, copying tags from CA's if nec.
	#
	&mknsign(0, {
		'name'  => $nick,
		'C'	  => defined($c->{'C'}) ? $c->{'C'} : $dnc,



( run in 0.847 second using v1.01-cache-2.11-cpan-39bf76dae61 )