version 1.1, 2004/06/29 10:47:46
|
version 1.4, 2004/06/30 11:14:35
|
Line 51 use strict;
|
Line 51 use strict;
|
use MIME::Entity; |
use MIME::Entity; |
use Mail::Mailer; |
use Mail::Mailer; |
use LONCAPA::Configuration; |
use LONCAPA::Configuration; |
|
use File::Copy; |
|
|
# Global variable declarations: |
# Global variable declarations:4 |
|
|
$SSLCommand; # Full path to openssl command. |
my $SSLCommand; # Full path to openssl command. |
$CertificateDirectory; # LONCAPA Certificate directory. |
my $CertificateDirectory; # LONCAPA Certificate directory. |
$KeyFilename; # Key filename (within CertificateDirectory). |
my $KeyFilename; # Key filename (within CertificateDirectory). |
$Passphrase="loncapawhatever"; # Initial passphrase for keyfile |
my $RequestEmail; # Email address of loncapa cert admin. |
$RequestEmail; # Email address of loncapa cert admin. |
my $WebUID; # UID of web user. |
|
my $WebGID; # GID of web user. |
|
|
|
my $Passphrase="loncapawhatever"; # Initial passphrase for keyfile |
|
my $RequestFile="loncapaRequest.pem"; # Name of Certificate request file. |
|
my $EncodedKey="hostkey.pem"; # Name of encoded key file. |
|
|
|
my $WebUser="www"; # Username running the web server. |
|
my $WebGroup="www"; # Group name running the web server. |
|
|
# Debug/log support: |
# Debug/log support: |
# |
# |
|
my $DEBUG = 1; # 1 for on, 0 for off. |
$DEBUG = 1; # 1 for on, 0 for off. |
|
|
|
# Send debugging to stderr. |
# Send debugging to stderr. |
# Parameters: |
# Parameters: |
Line 72 $DEBUG = 1; # 1 for on, 0 for off.
|
Line 80 $DEBUG = 1; # 1 for on, 0 for off.
|
# $DEBUG - message is only written if this is true. |
# $DEBUG - message is only written if this is true. |
# |
# |
sub Debug { |
sub Debug { |
$msg = shift; |
my $msg = shift; |
if($DEBUG) { |
if($DEBUG) { |
print STDERR "$msg\n"; |
print STDERR "$msg\n"; |
} |
} |
} |
} |
|
|
|
# |
|
# Read the LonCAPA web config files to get the values of the |
|
# configuration global variables we need: |
|
# Implicit inputs: |
|
# loncapa.conf - configuration file to read (user specific). |
|
# Implicit outputs (see global variables section): |
|
# SSLCommand, |
|
# CertificateDirectory |
|
# KeyfileName |
|
# RequestEmail |
|
# Side-Effects: |
|
# Exit with error if cannot complete. |
|
# |
|
sub ReadConfig { |
|
|
|
Debug("Reading configuration"); |
|
my $perlvarref = LONCAPA::Configuration::read_conf('loncapa.conf'); |
|
|
|
# Name of the SSL Program |
|
|
|
if($perlvarref->{SSLProgram}) { |
|
$SSLCommand = $perlvarref->{SSLProgram}; |
|
Debug("SSL Command: $SSLCommand"); |
|
} |
|
else { |
|
die "Unable to read the SSLCommand configuration option\n"; |
|
} |
|
|
|
# Where the certificates, and host key are installed: |
|
|
|
if($perlvarref->{lonCertificateDirectory}) { |
|
$CertificateDirectory = $perlvarref->{lonCertificateDirectory}; |
|
Debug("Local certificate Directory: $CertificateDirectory"); |
|
} |
|
else { |
|
die "Unable to read SSLDirectory configuration option\n"; |
|
} |
|
# The name of the host key file (to be installed in SSLDirectory). |
|
# |
|
if($perlvarref->{lonnetPrivateKey}) { |
|
$KeyFilename = $perlvarref->{lonnetPrivateKey}; |
|
Debug("Private key will be installed as $KeyFilename"); |
|
} |
|
else { |
|
die "Unable to read lonnetPrivateKey conrig paraemter\n"; |
|
} |
|
# The email address to which the certificate request is sent: |
|
|
|
if($perlvarref->{SSLEmail}) { |
|
$RequestEmail = $perlvarref->{SSLEmail}; |
|
Debug("Certificate request will be sent to $RequestEmail"); |
|
} |
|
else { |
|
die "Could not read SSLEmail coniguration key"; |
|
} |
|
# The UID/GID of the web user: It's possible the web user's |
|
# GID is not its primary, so we'll translate that form the |
|
# group file separately. |
|
|
|
my ($login, $pass, $uid, $gid) = getpwnam($WebUser); |
|
if($uid) { |
|
$WebUID = $uid; |
|
Debug("Web user: $WebUser -> UID: $WebUID"); |
|
} |
|
else { |
|
die "Could not translate web user: $WebUser to a uid."; |
|
} |
|
my $gid = getgrnam($WebGroup); |
|
if($gid) { |
|
$WebGID = $gid; |
|
Debug("Web group: $WebGroup -> GID $WebGID"); |
|
} |
|
else { |
|
die "Unable to translate web group $WebGroup to a gid."; |
|
} |
|
} |
|
# |
|
# Generate a certificate request. |
|
# The openssl command is issued to create a local host key and |
|
# a certificate request. The key is initially encoded. |
|
# We will eventually decode this, however, since the key |
|
# passphrase is open source we'll protect even the initial |
|
# encoded key file too. We'll need to decode the keyfile since |
|
# otherwise, openssl will need a passphrase everytime an ssl connection |
|
# is created (ouch). |
|
# Implicit Inputs: |
|
# Passphrase - Initial passphrase for the encoded key. |
|
# RequestFile - Filename of the certificate request. |
|
# EncodedKey - Filename of the encoded key file. |
|
# |
|
# Side-Effects: |
|
# |
|
sub GenerateRequest { |
|
Debug("Generating the request and key"); |
|
|
|
print "We are now going to generate the certificate request\n"; |
|
print "You will be prompted by openssl for several pieces of \n"; |
|
print "information. Most of this information is for documentation\n"; |
|
print "purposes only, so it's not critical if you make a mistake.\n"; |
|
print "However: The generated certificate will be sent to the \n"; |
|
print "Email address you provide, and you should leave the optional\n"; |
|
print "Challenge password blank.\n"; |
|
|
|
my $requestcmd = $SSLCommand." req -newkey rsa:1024 " |
|
." -keyout hostkey.pem " |
|
." -keyform PEM " |
|
." -out request.pem " |
|
." -outform PEM " |
|
." -passout pass:$Passphrase"; |
|
my $status = system($requestcmd); |
|
if($status) { |
|
die "Certificate request generation failed: $status"; |
|
} |
|
|
|
chmod(0600, "hostkey.pem"); # Protect key since passphrase is opensrc. |
|
|
|
Debug("Decoding the key"); |
|
my $decodecmd = $SSLCommand." rsa -in hostkey.pem" |
|
." -out hostkey.dec" |
|
." -passin pass:$Passphrase"; |
|
my $status = system($decodecmd); |
|
if($status) { |
|
die "Host key decode failed"; |
|
} |
|
|
|
chmod(0600, "hostkey.dec"); # Protect the decoded hostkey. |
|
Debug("Done"); |
|
} |
|
# |
|
# Installs the decoded host key (hostkey.dec) in the |
|
# certificate directory with the correct permissions. |
|
# |
|
# Implicit Inputs: |
|
# hostkey.dec - the name of the host key file. |
|
# $CertificateDirectory - where the key file gets installed |
|
# $KeyFilename - Final name of the key file. |
|
# $WebUser - User who should own the key file. |
|
# $WebGroup - Group who should own the key file. |
|
# 0400 - Permissions to give to the installed key |
|
# file. |
|
# 0700 - Permissions given to the certificate |
|
# directory if created. |
|
# Side-Effects: |
|
# If necessary, $CertificateDirectory is created. |
|
# $CertificateDirectory/$KeyFilename is ovewritten with the |
|
# contents of hostkey.dec in the cwd. |
|
# |
|
sub InstallKey { |
|
Debug("InstallKey"); |
|
|
|
Debug("Need to create certificate directory?"); |
|
if(!(-d $CertificateDirectory)) { |
|
|
|
Debug("Creating"); |
|
mkdir($CertificateDirectory, 0700); |
|
chown($WebUID, $WebGID, $CertificateDirectory); |
|
} |
|
else { |
|
Debug("Exists"); |
|
} |
|
|
sub ReadConfig {} |
Debug("Installing the key file:"); |
sub GenerateRequest {} |
my $FullKeyPath = $CertificateDirectory."/".$KeyFilename; |
sub InstallKey {} |
copy("hostkey.dec", $FullKeyPath); |
|
|
|
Debug("Setting ownership and permissions"); |
|
chmod(0400, $FullKeyPath); |
|
chown($WebUID, $WebGID, $FullKeyPath); |
|
|
|
Debug("Done"); |
|
} |
sub MailRequest {} |
sub MailRequest {} |
sub Cleanup {} |
sub Cleanup {} |
|
|