1 karl  1.2 #//%2006////////////////////////////////////////////////////////////////////////
 2           #//
 3           #// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
 4           #// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
 5           #// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
 6           #// IBM Corp.; EMC Corporation, The Open Group.
 7           #// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
 8           #// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
 9           #// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10           #// EMC Corporation; VERITAS Software Corporation; The Open Group.
11           #// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12           #// EMC Corporation; Symantec Corporation; The Open Group.
13           #//
14           #// Permission is hereby granted, free of charge, to any person obtaining a copy
15           #// of this software and associated documentation files (the "Software"), to
16           #// deal in the Software without restriction, including without limitation the
17           #// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18           #// sell copies of the Software, and to permit persons to whom the Software is
19           #// furnished to do so, subject to the following conditions:
20           #// 
21           #// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 karl  1.2 #// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23           #// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24           #// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25           #// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26           #// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27           #// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28           #// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29           #//
30           #//==============================================================================

31 denise.eckstein 1.1 #
32                     #  Set up OpenSSL certificates for the tog-pegasus cimserver
33                     #
34                     #  Creates a default ssl.cnf file.
35                     #  Generates a self-signed certificate for use by the cimserver.
36                     #
37                     cnfChanged=0;
38                     if [ ! -e $PEGASUS_CONFIG_DIR/ssl.cnf ]; then
39                         mkdir -p ${PEGASUS_INSTALL_LOG%/*}
40                         mkdir -p $PEGASUS_CONFIG_DIR
41                         echo "[ req ]" > $PEGASUS_CONFIG_DIR/ssl.cnf
42                         echo "distinguished_name     = req_distinguished_name"  >> \
43                                 $PEGASUS_CONFIG_DIR/ssl.cnf
44                         echo "prompt                 = no"  >> $PEGASUS_CONFIG_DIR/ssl.cnf
45                         echo "[ req_distinguished_name ]" >> $PEGASUS_CONFIG_DIR/ssl.cnf
46                         echo "C                      = UK" >> $PEGASUS_CONFIG_DIR/ssl.cnf
47                         echo "ST                     = Berkshire" >> $PEGASUS_CONFIG_DIR/ssl.cnf
48                         echo "L                      = Reading" >> $PEGASUS_CONFIG_DIR/ssl.cnf
49                         echo "O                      = The Open Group" >> \
50                                 $PEGASUS_CONFIG_DIR/ssl.cnf
51                         echo "OU                     = The OpenPegasus Project" >> \
52 denise.eckstein 1.1             $PEGASUS_CONFIG_DIR/ssl.cnf
53                         DN=`hostname`;
54                         if [ -z "$DN" ] || [ "$DN" = "(none)" ]; then
55                                 DN='localhost.localdomain';
56                         fi;
57                         FQDN=`{ host -W1 $DN 2>/dev/null || echo "$DN has address "; } |\
58                                 grep 'has address' | head -1 | sed 's/\ .*$//'`;
59                         if [ -z "$FQDN" ] ; then
60                             FQDN="$DN";
61                         fi;
62                         # cannot use 'hostname --fqdn' because this can hang indefinitely
63                         echo "CN                     = $FQDN"  >> $PEGASUS_CONFIG_DIR/ssl.cnf
64                         chmod 400 $PEGASUS_CONFIG_DIR/ssl.cnf
65                         chown root $PEGASUS_CONFIG_DIR/ssl.cnf
66                         chgrp root $PEGASUS_CONFIG_DIR/ssl.cnf
67                         cnfChanged=1;
68                     fi
69                     if [ $cnfChanged -eq 1 ] || \
70                              [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE ] || \
71                              [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE ]; then
72                         /usr/bin/openssl req -x509 -days 3650 -newkey rsa:2048 \
73 denise.eckstein 1.1          -nodes -config $PEGASUS_CONFIG_DIR/ssl.cnf   \
74                              -keyout $PEGASUS_PEM_DIR/key.pem \
75                              -out $PEGASUS_PEM_DIR/cert.pem 2>>$PEGASUS_INSTALL_LOG
76                         chmod 700 $PEGASUS_PEM_DIR/*.pem
77                         cp -fp $PEGASUS_PEM_DIR/cert.pem \
78                             $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE
79                         cp -fp $PEGASUS_PEM_DIR/key.pem \
80                             $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE
81                         chmod 400 $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE
82                         chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE 
83                         rm -f $PEGASUS_PEM_DIR/key.pem $PEGASUS_PEM_DIR/cert.pem
84                     fi;
85                     if [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE ]; then
86                         cp -fp $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE \
87                             $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE
88                         chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE;
89                     fi;