1 martin 1.4 #//%LICENSE////////////////////////////////////////////////////////////////

 2 martin 1.5 #//

 3 martin 1.4 #// Licensed to The Open Group (TOG) under one or more contributor license
 4            #// agreements.  Refer to the OpenPegasusNOTICE.txt file distributed with
 5            #// this work for additional information regarding copyright ownership.
 6            #// Each contributor licenses this file to you under the OpenPegasus Open
 7            #// Source License; you may not use this file except in compliance with the
 8            #// License.

 9 martin 1.5 #//

10 martin 1.4 #// Permission is hereby granted, free of charge, to any person obtaining a
11            #// copy of this software and associated documentation files (the "Software"),
12            #// to deal in the Software without restriction, including without limitation
13            #// the rights to use, copy, modify, merge, publish, distribute, sublicense,
14            #// and/or sell copies of the Software, and to permit persons to whom the
15            #// Software is furnished to do so, subject to the following conditions:

16 martin 1.5 #//

17 martin 1.4 #// The above copyright notice and this permission notice shall be included
18            #// in all copies or substantial portions of the Software.

19 martin 1.5 #//

20 martin 1.4 #// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS

21 martin 1.5 #// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF

22 martin 1.4 #// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
23            #// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
24            #// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
25            #// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
26            #// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

27 martin 1.5 #//

28 martin 1.4 #//////////////////////////////////////////////////////////////////////////

29 denise.eckstein 1.1 #
30                     #  Set up OpenSSL certificates for the tog-pegasus cimserver
31                     #
32                     #  Creates a default ssl.cnf file.
33                     #  Generates a self-signed certificate for use by the cimserver.
34                     #
35                     cnfChanged=0;
36                     if [ ! -e $PEGASUS_CONFIG_DIR/ssl.cnf ]; then
37                         mkdir -p ${PEGASUS_INSTALL_LOG%/*}
38                         mkdir -p $PEGASUS_CONFIG_DIR
39                         echo "[ req ]" > $PEGASUS_CONFIG_DIR/ssl.cnf
40                         echo "distinguished_name     = req_distinguished_name"  >> \
41                                 $PEGASUS_CONFIG_DIR/ssl.cnf
42                         echo "prompt                 = no"  >> $PEGASUS_CONFIG_DIR/ssl.cnf
43                         echo "[ req_distinguished_name ]" >> $PEGASUS_CONFIG_DIR/ssl.cnf
44                         echo "C                      = UK" >> $PEGASUS_CONFIG_DIR/ssl.cnf
45                         echo "ST                     = Berkshire" >> $PEGASUS_CONFIG_DIR/ssl.cnf
46                         echo "L                      = Reading" >> $PEGASUS_CONFIG_DIR/ssl.cnf
47                         echo "O                      = The Open Group" >> \
48                                 $PEGASUS_CONFIG_DIR/ssl.cnf
49                         echo "OU                     = The OpenPegasus Project" >> \
50 denise.eckstein 1.1             $PEGASUS_CONFIG_DIR/ssl.cnf
51                         DN=`hostname`;
52                         if [ -z "$DN" ] || [ "$DN" = "(none)" ]; then
53                                 DN='localhost.localdomain';
54                         fi;
55                         FQDN=`{ host -W1 $DN 2>/dev/null || echo "$DN has address "; } |\
56                                 grep 'has address' | head -1 | sed 's/\ .*$//'`;
57                         if [ -z "$FQDN" ] ; then
58                             FQDN="$DN";
59                         fi;
60                         # cannot use 'hostname --fqdn' because this can hang indefinitely
61                         echo "CN                     = $FQDN"  >> $PEGASUS_CONFIG_DIR/ssl.cnf
62                         chmod 400 $PEGASUS_CONFIG_DIR/ssl.cnf
63                         chown root $PEGASUS_CONFIG_DIR/ssl.cnf
64                         chgrp root $PEGASUS_CONFIG_DIR/ssl.cnf
65                         cnfChanged=1;
66                     fi
67                     if [ $cnfChanged -eq 1 ] || \
68                              [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE ] || \
69                              [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE ]; then
70                         /usr/bin/openssl req -x509 -days 3650 -newkey rsa:2048 \
71 denise.eckstein 1.1          -nodes -config $PEGASUS_CONFIG_DIR/ssl.cnf   \
72                              -keyout $PEGASUS_PEM_DIR/key.pem \
73                              -out $PEGASUS_PEM_DIR/cert.pem 2>>$PEGASUS_INSTALL_LOG
74                         chmod 700 $PEGASUS_PEM_DIR/*.pem
75                         cp -fp $PEGASUS_PEM_DIR/cert.pem \
76                             $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE
77                         cp -fp $PEGASUS_PEM_DIR/key.pem \
78                             $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE
79                         chmod 400 $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE
80                         chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE 
81                         rm -f $PEGASUS_PEM_DIR/key.pem $PEGASUS_PEM_DIR/cert.pem
82                     fi;
83                     if [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE ]; then
84                         cp -fp $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE \
85                             $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE
86                         chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE;
87                     fi;