From 24248ae102b3333dae1d4cbc5bdd8b2d5902efe6 Mon Sep 17 00:00:00 2001 From: Stefan Knoblich Date: Tue, 15 Jan 2008 14:53:05 +0000 Subject: [PATCH] Add gentls_cert script to create a CA and certificate for mod_sofia TLS git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@7234 d0543943-73ff-0310-b7d9-9358b9ac24b2 --- Makefile.am | 1 + configure.in | 3 +- scripts/gentls_cert.in | 172 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 175 insertions(+), 1 deletion(-) create mode 100644 scripts/gentls_cert.in diff --git a/Makefile.am b/Makefile.am index 31a3b18031..e3796b91ab 100644 --- a/Makefile.am +++ b/Makefile.am @@ -156,6 +156,7 @@ libfreeswitch_la_SOURCES += src/switch_odbc.c libfreeswitch_la_LDFLAGS += -lodbc endif +bin_SCRIPTS = scripts/gentls_cert libs/libedit/src/.libs/libedit.a: diff --git a/configure.in b/configure.in index bd9eec7425..e66e47b73a 100644 --- a/configure.in +++ b/configure.in @@ -424,7 +424,8 @@ AC_CONFIG_FILES([Makefile src/include/switch_am_config.h build/getsounds.sh build/getlib.sh - build/modmake.rules]) + build/modmake.rules + scripts/gentls_cert]) AM_CONDITIONAL(ISLINUX, [test `uname -s` = Linux]) AM_CONDITIONAL(ISMAC, [test `uname -s` = Darwin]) diff --git a/scripts/gentls_cert.in b/scripts/gentls_cert.in new file mode 100644 index 0000000000..b812d336bc --- /dev/null +++ b/scripts/gentls_cert.in @@ -0,0 +1,172 @@ +#!/bin/sh + +CONFDIR=@prefix@/conf/ssl +DAYS=365 + +TMPFILE="/tmp/fs-ca-$$-$(date +%Y%m%d%H%M%S)" + +COMMON_NAME="FreesSWITCH CA" +ALT_NAME="DNS:test.freeswitch.org" +ORG_NAME="FreeSWITCH" + +umask 037 + +setup_ca() { + echo "Creating new CA..." + + if [ ! -d "${CONFDIR}/CA" ]; then + mkdir -p -m 750 "${CONFDIR}/CA" || exit 1 + fi + + if [ ! -e "${CONFDIR}/CA/config.tpl" ]; then + cat > "${CONFDIR}/CA/config.tpl" <<-EOF + [ req ] + default_bits = 1024 + prompt = no + distinguished_name = req_dn + + [ req_dn ] + commonName = %CN% + organizationName = %ORG% + + [ ext ] + basicConstraints=CA:FALSE + subjectKeyIdentifier=hash + authorityKeyIdentifier=keyid,issuer:always + subjectAltName=%ALTNAME% + EOF + fi + + sed \ + -e "s|%CN%|$COMMON_NAME|" \ + -e "s|%ORG%|$ORG_NAME|" \ + -e "/%ALTNAME%/d" \ + -e "s|CA:FALSE|CA:TRUE|" \ + "${CONFDIR}/CA/config.tpl" \ + > "${TMPFILE}.cfg" || exit 1 + + openssl req -new -out "${CONFDIR}/CA/careq.pem" \ + -newkey rsa:1024 -keyout "${CONFDIR}/CA/cakey.pem" \ + -config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1 + + openssl x509 -req -signkey "${CONFDIR}/CA/cakey.pem" -in "${CONFDIR}/CA/careq.pem" \ + -out "${CONFDIR}/CA/cacert.pem" -extfile "${TMPFILE}.cfg" \ + -extensions ext -days ${DAYS} -sha1 >/dev/null || exit 1 + + rm "${TMPFILE}.cfg" + + echo "DONE" +} + +generate_cert() { + local val="" + + echo "Generating new certificate..." + + echo + echo "--------------------------------------------------------" + echo "CN: \"${COMMON_NAME}\"" + echo "ORG_NAME: \"${ORG_NAME}\"" + echo "ALT_NAME: \"${ALT_NAME}\"" + echo + echo "[Enter \"OK\" to accept]" + read val + if [ "${val}" != "OK" ]; then + return 2 + fi + + sed \ + -e "s|%CN%|$COMMON_NAME|" \ + -e "s|%ALTNAME%|$ALT_NAME|" \ + -e "s|%ORG%|$ORG_NAME|" \ + "${CONFDIR}/CA/config.tpl" \ + > "${TMPFILE}.cfg" || exit 1 + + openssl req -new -out "${TMPFILE}.req" \ + -newkey rsa:1024 -keyout "${TMPFILE}.key" \ + -config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1 + + openssl x509 -req -CAkey "${CONFDIR}/CA/cakey.pem" -CA "${CONFDIR}/CA/cacert.pem" -CAcreateserial \ + -in "${TMPFILE}.req" -out "${TMPFILE}.crt" -extfile "${TMPFILE}.cfg" \ + -extensions ext -days ${DAYS} -sha1 >/dev/null || exit 1 + + cat "${CONFDIR}/CA/cacert.pem" > "${CONFDIR}/cafile.pem" + cat "${TMPFILE}.crt" "${TMPFILE}.key" > "${CONFDIR}/agent.pem" + + rm "${TMPFILE}.cfg" "${TMPFILE}.crt" "${TMPFILE}.key" "${TMPFILE}.req" + + echo "DONE" +} + +remove_ca() { + echo "Cleaning CA" + + if [ ! -d "${CONFDIR}/CA" ]; then + rm "${CONFDIR}/CA/"* + rmdir "${CONFDIR}/CA" + fi + + echo "DONE" +} + +command="$1" +shift + +while [ $# -gt 0 ]; do + case $1 in + -cn) + shift + COMMON_NAME="$1" + ;; + -alt) + shift + ALT_NAME="$1" + ;; + -org) + shift + ORG_NAME="$1" + ;; + esac + shift +done + + +case ${command} in + setup) + setup_ca + ;; + + create) + generate_cert + ;; + + remove) + echo "Are you sure you want to delete the CA? [YES to delete]" + read val + if [ "${val}" = "YES" ]; then + remove_ca + else + echo "Not deleting CA" + fi + ;; + + *) + cat <<-EOF + $0 [options] + + * commands: + + setup - Setup new CA + create - Create new certificate (overwriting old!) + remove - Remove CA + + * options: + + -cn Set common name + -alt Set alternative name (use prefix 'DNS:' or 'URI:') + -org Set organization name + + EOF + exit 1 + ;; +esac