Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: c869da8839
Branches Tags
openssl
/
apps
/
CA.com

CA.com 6.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220 
  1. $! CA - wrapper around ca to make it easier to use ... basically ca requires
    2. 

  2. $!      some setup stuff to be done before you can use it and this makes
    3. 

  3. $!      things easier between now and when Eric is convinced to fix it :-)
    4. 

  4. $!
    5. 

  5. $! CA -newca ... will setup the right stuff
    6. 

  6. $! CA -newreq ... will generate a certificate request 
    7. 

  7. $! CA -sign ... will sign the generated request and output 
    8. 

  8. $!
    9. 

  9. $! At the end of that grab newreq.pem and newcert.pem (one has the key 
    10. 

  10. $! and the other the certificate) and cat them together and that is what
    11. 

  11. $! you want/need ... I'll make even this a little cleaner later.
    12. 

  12. $!
    13. 

  13. $!
    14. 

  14. $! 12-Jan-96 tjh    Added more things ... including CA -signcert which
    15. 

  15. $!                  converts a certificate to a request and then signs it.
    16. 

  16. $! 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
    17. 

  17. $!                 environment variable so this can be driven from
    18. 

  18. $!                 a script.
    19. 

  19. $! 25-Jul-96 eay    Cleaned up filenames some more.
    20. 

  20. $! 11-Jun-96 eay    Fixed a few filename missmatches.
    21. 

  21. $! 03-May-96 eay    Modified to use 'openssl cmd' instead of 'cmd'.
    22. 

  22. $! 18-Apr-96 tjh    Original hacking
    23. 

  23. $!
    24. 

  24. $! Tim Hudson
    25. 

  25. $! tjh@cryptsoft.com
    26. 

  26. $!
    27. 

  27. $!
    28. 

  28. $! default ssleay.cnf file has setup as per the following
    29. 

  29. $! demoCA ... where everything is stored
    30. 

  30. $
    31. 

  31. $ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
    32. 

  32. $
    33. 

  33. $ DAYS   = "-days 365"
    34. 

  34. $ REQ    = openssl + " req " + SSLEAY_CONFIG
    35. 

  35. $ CA     = openssl + " ca " + SSLEAY_CONFIG
    36. 

  36. $ VERIFY = openssl + " verify"
    37. 

  37. $ X509   = openssl + " x509"
    38. 

  38. $ PKCS12 = openssl + " pkcs12"
    39. 

  39. $ echo   = "write sys$Output"
    40. 

  40. $!
    41. 

  41. $ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;"
    42. 

  42. $ CATOP  := 's'.demoCA
    43. 

  43. $ CAKEY  := ]cakey.pem
    44. 

  44. $ CACERT := ]cacert.pem
    45. 

  45. $
    46. 

  46. $ __INPUT := SYS$COMMAND
    47. 

  47. $ RET = 1
    48. 

  48. $!
    49. 

  49. $ i = 1
    50. 

  50. $opt_loop:
    51. 

  51. $ if i .gt. 8 then goto opt_loop_end
    52. 

  52. $
    53. 

  53. $ prog_opt = F$EDIT(P'i',"lowercase")
    54. 

  54. $
    55. 

  55. $ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") 
    56. 

  56. $ THEN
    57. 

  57. $   echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" 
    58. 

  58. $   exit
    59. 

  59. $ ENDIF
    60. 

  60. $!
    61. 

  61. $ IF (prog_opt .EQS. "-input")
    62. 

  62. $ THEN
    63. 

  63. $   ! Get input from somewhere other than SYS$COMMAND
    64. 

  64. $   i = i + 1
    65. 

  65. $   __INPUT = P'i'
    66. 

  66. $   GOTO opt_loop_continue
    67. 

  67. $ ENDIF
    68. 

  68. $!
    69. 

  69. $ IF (prog_opt .EQS. "-newcert")
    70. 

  70. $ THEN
    71. 

  71. $   ! Create a certificate.
    72. 

  72. $   DEFINE/USER SYS$INPUT '__INPUT'
    73. 

  73. $   REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
    74. 

  74. $   RET=$STATUS
    75. 

  75. $   echo "Certificate (and private key) is in newreq.pem"
    76. 

  76. $   GOTO opt_loop_continue
    77. 

  77. $ ENDIF
    78. 

  78. $!
    79. 

  79. $ IF (prog_opt .EQS. "-newreq")
    80. 

  80. $ THEN
    81. 

  81. $   ! Create a certificate request
    82. 

  82. $   DEFINE/USER SYS$INPUT '__INPUT'
    83. 

  83. $   REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
    84. 

  84. $   RET=$STATUS
    85. 

  85. $   echo "Request (and private key) is in newreq.pem"
    86. 

  86. $   GOTO opt_loop_continue
    87. 

  87. $ ENDIF
    88. 

  88. $!
    89. 

  89. $ IF (prog_opt .EQS. "-newca")
    90. 

  90. $ THEN
    91. 

  91. $   ! If explicitly asked for or it doesn't exist then setup the directory
    92. 

  92. $   ! structure that Eric likes to manage things.
    93. 

  93. $   IF F$SEARCH(CATOP+"]serial.") .EQS. ""
    94. 

  94. $   THEN
    95. 

  95. $     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP']
    96. 

  96. $     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs]
    97. 

  97. $     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl]
    98. 

  98. $     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts]
    99. 

  99. $     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private]
    100. 

  100. $
    101. 

  101. $     OPEN   /WRITE ser_file 'CATOP']serial. 
    102. 

  102. $     WRITE ser_file "01"
    103. 

  103. $     CLOSE ser_file
    104. 

  104. $     APPEND/NEW NL: 'CATOP']index.txt
    105. 

  105. $
    106. 

  106. $     ! The following is to make sure access() doesn't get confused.  It
    107. 

  107. $     ! really needs one file in the directory to give correct answers...
    108. 

  108. $     COPY NLA0: 'CATOP'.certs].;
    109. 

  109. $     COPY NLA0: 'CATOP'.crl].;
    110. 

  110. $     COPY NLA0: 'CATOP'.newcerts].;
    111. 

  111. $     COPY NLA0: 'CATOP'.private].;
    112. 

  112. $   ENDIF
    113. 

  113. $!
    114. 

  114. $   IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
    115. 

  115. $   THEN
    116. 

  116. $     READ '__INPUT' FILE -
    117. 

  117. 	   /PROMT="CA certificate filename (or enter to create)"
    118. 

  118. $     IF F$SEARCH(FILE) .NES. ""
    119. 

  119. $     THEN
    120. 

  120. $       COPY 'FILE' 'CATOP'.private'CAKEY'
    121. 

  121. $	RET=$STATUS
    122. 

  122. $     ELSE
    123. 

  123. $       echo "Making CA certificate ..."
    124. 

  124. $       DEFINE/USER SYS$INPUT '__INPUT'
    125. 

  125. $       REQ -new -x509 -keyout 'CATOP'.private'CAKEY' -
    126. 

  126. 		       -out 'CATOP''CACERT' 'DAYS'
    127. 

  127. $	RET=$STATUS
    128. 

  128. $     ENDIF
    129. 

  129. $   ENDIF
    130. 

  130. $   GOTO opt_loop_continue
    131. 

  131. $ ENDIF
    132. 

  132. $!
    133. 

  133. $ IF (prog_opt .EQS. "-pkcs12")
    134. 

  134. $ THEN
    135. 

  135. $   i = i + 1
    136. 

  136. $   cname = P'i'
    137. 

  137. $   IF cname .EQS. "" THEN cname = "My certificate"
    138. 

  138. $   PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CATOP''CACERT -
    139. 

  139. 	   -out newcert.p12 -export -name "''cname'"
    140. 

  140. $   RET=$STATUS
    141. 

  141. $   exit RET
    142. 

  142. $ ENDIF
    143. 

  143. $!
    144. 

  144. $ IF (prog_opt .EQS. "-xsign")
    145. 

  145. $ THEN
    146. 

  146. $!
    147. 

  147. $   DEFINE/USER SYS$INPUT '__INPUT'
    148. 

  148. $   CA -policy policy_anything -infiles newreq.pem
    149. 

  149. $   RET=$STATUS
    150. 

  150. $   GOTO opt_loop_continue
    151. 

  151. $ ENDIF
    152. 

  152. $!
    153. 

  153. $ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
    154. 

  154. $ THEN
    155. 

  155. $!   
    156. 

  156. $   DEFINE/USER SYS$INPUT '__INPUT'
    157. 

  157. $   CA -policy policy_anything -out newcert.pem -infiles newreq.pem
    158. 

  158. $   RET=$STATUS
    159. 

  159. $   type newcert.pem
    160. 

  160. $   echo "Signed certificate is in newcert.pem"
    161. 

  161. $   GOTO opt_loop_continue
    162. 

  162. $ ENDIF
    163. 

  163. $!
    164. 

  164. $ IF (prog_opt .EQS. "-signcert")
    165. 

  165. $  THEN
    166. 

  166. $!   
    167. 

  167. $   echo "Cert passphrase will be requested twice - bug?"
    168. 

  168. $   DEFINE/USER SYS$INPUT '__INPUT'
    169. 

  169. $   X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
    170. 

  170. $   DEFINE/USER SYS$INPUT '__INPUT'
    171. 

  171. $   CA -policy policy_anything -out newcert.pem -infiles tmp.pem
    172. 

  172. y
    173. 

  173. y
    174. 

  174. $   type newcert.pem
    175. 

  175. $   echo "Signed certificate is in newcert.pem"
    176. 

  176. $   GOTO opt_loop_continue
    177. 

  177. $ ENDIF
    178. 

  178. $!
    179. 

  179. $ IF (prog_opt .EQS. "-verify")
    180. 

  180. $ THEN
    181. 

  181. $!   
    182. 

  182. $   i = i + 1
    183. 

  183. $   IF (p'i' .EQS. "")
    184. 

  184. $   THEN
    185. 

  185. $     DEFINE/USER SYS$INPUT '__INPUT'
    186. 

  186. $     VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem
    187. 

  187. $   ELSE
    188. 

  188. $     j = i
    189. 

  189. $    verify_opt_loop:
    190. 

  190. $     IF j .GT. 8 THEN GOTO verify_opt_loop_end
    191. 

  191. $     IF p'j' .NES. ""
    192. 

  192. $     THEN 
    193. 

  193. $       DEFINE/USER SYS$INPUT '__INPUT'
    194. 

  194. $       __tmp = p'j'
    195. 

  195. $       VERIFY "-CAfile" 'CATOP''CACERT' '__tmp'
    196. 

  196. $       tmp=$STATUS
    197. 

  197. $       IF tmp .NE. 0 THEN RET=tmp
    198. 

  198. $     ENDIF
    199. 

  199. $     j = j + 1
    200. 

  200. $     GOTO verify_opt_loop
    201. 

  201. $    verify_opt_loop_end:
    202. 

  202. $   ENDIF
    203. 

  203. $   
    204. 

  204. $   GOTO opt_loop_end
    205. 

  205. $ ENDIF
    206. 

  206. $!
    207. 

  207. $ IF (prog_opt .NES. "")
    208. 

  208. $ THEN
    209. 

  209. $!   
    210. 

  210. $   echo "Unknown argument ''prog_opt'"
    211. 

  211. $   
    212. 

  212. $   EXIT 3
    213. 

  213. $ ENDIF
    214. 

  214. $
    215. 

  215. $opt_loop_continue:
    216. 

  216. $ i = i + 1
    217. 

  217. $ GOTO opt_loop
    218. 

  218. $
    219. 

  219. $opt_loop_end:
    220. 

  220. $ EXIT 'RET'
    221.