--- a/bin/ca Tue Jan 26 23:26:08 2010 +0100
+++ b/bin/ca Tue Jan 26 23:43:31 2010 +0100
@@ -9,22 +9,22 @@
use Getopt::Long qw(GetOptionsFromArray);
use Pod::Usage;
-my $CA_CRT = "CA/ca-crt.pem";
-my $CA_KEY = "CA/private/ca-key.pem";
-my $CA_DIR = "./var";
+my $CA_CRT = "CA/ca-crt.pem";
+my $CA_KEY = "CA/private/ca-key.pem";
+my $CA_DIR = "./var";
my %TEMPLATE = (
- ca => "templates/ca",
+ ca => "templates/ca",
req => "templates/req",
);
-my $TMP = tempdir("/tmp/$ENV{USER}.ca.XXXXXX", CLEANUP => 1);
+my $TMP = tempdir("/tmp/$ENV{USER}.ca.XXXXXX", CLEANUP => 1);
my $opt_days = undef; # see the templates/ca for a default
my $opt_type = undef; # see the templates/ca for a default
my $opt_policy = "de"; # see the templates/ca for a default
my $opt_outfile = undef;
-my $opt_force = undef;
+my $opt_force = undef;
sub init_ca();
sub ask_pass($);
@@ -37,8 +37,8 @@
"t|type=s" => \$opt_type,
"p|policy=s" => \$opt_policy,
"o|outfile=s" => \$opt_outfile,
- "force" => \$opt_force,
- "init" => sub { init_ca(); exit 0; },
+ "force" => \$opt_force,
+ "init" => sub { init_ca(); exit 0; },
"h|help" => sub { pod2usage(-verbose => 1, -exit => 0) },
"m|man" => sub { pod2usage(-verbose => 2, -exit => 0) },
) or pod2usage;
@@ -67,8 +67,8 @@
days => $opt_days,
policy => "policy_$opt_policy",
cacrt => $CA_CRT,
- cakey => $CA_KEY,
- cadir => $CA_DIR,
+ cakey => $CA_KEY,
+ cadir => $CA_DIR,
} => "$TMP/cnf"
) or die $tt2->error, "\n";
@@ -106,48 +106,54 @@
my @keys = ("x", "y");
while (1) {
- print $prompt;
- my $stty = `stty -g`;
- system("stty -echo");
- chomp($keys[0] = IO::File->new("/dev/tty")->getline());
- print "\n";
- system("stty $stty");
- print "please again for verification: ";
- system("stty -echo");
- chomp($keys[1] = IO::File->new("/dev/tty")->getline());
- print "\n";
- system("stty $stty");
- return $keys[0] if $keys[0] eq $keys[1];
- print "keys mismatch, again\n";
+ print $prompt;
+ my $stty = `stty -g`;
+ system("stty -echo");
+ chomp($keys[0] = IO::File->new("/dev/tty")->getline());
+ print "\n";
+ system("stty $stty");
+ print "please again for verification: ";
+ system("stty -echo");
+ chomp($keys[1] = IO::File->new("/dev/tty")->getline());
+ print "\n";
+ system("stty $stty");
+ return $keys[0] if $keys[0] eq $keys[1];
+ print "keys mismatch, again\n";
}
}
sub init_ca() {
+
# initialize the CA directory structure. This should
# correspond to the values found in templates/ca
die "$CA_DIR already exists" if -d $CA_DIR and not $opt_force;
mkpath(map { "$CA_DIR/$_" } qw(newcerts));
mkpath(map { dirname $_ } $CA_CRT, $CA_KEY);
(new IO::File ">$CA_DIR/index");
- (new IO::File ">$CA_DIR/serial")-> print("01\n");
+ (new IO::File ">$CA_DIR/serial")->print("01\n");
- # now
+ # now
my $tt2 = new Template or die $Template::ERROR;
- $tt2->process($TEMPLATE{req},
- {
- # not used yet
- } => "$TMP/cnf") or die $tt2->error;
+ $tt2->process(
+ $TEMPLATE{req},
+ {
+
+ # not used yet
+ } => "$TMP/cnf"
+ ) or die $tt2->error;
$ENV{CA_PASS} = ask_pass("passphrase for CA key: ");
- system("openssl req -config $TMP/cnf -x509 -days 3650 -new -passout env:CA_PASS -keyout $TMP/ca-key.pem -out $TMP/ca-crt.pem")
- and exit;
+ system(
+"openssl req -config $TMP/cnf -x509 -days 3650 -new -passout env:CA_PASS -keyout $TMP/ca-key.pem -out $TMP/ca-crt.pem"
+ ) and exit;
system("openssl x509 -in $TMP/ca-crt.pem -out $CA_CRT") and exit;
$_ = umask(077);
- system("openssl rsa -in $TMP/ca-key.pem -des3 -passin env:CA_PASS -passout env:CA_PASS -out $CA_KEY") and exit;
+ system(
+"openssl rsa -in $TMP/ca-key.pem -des3 -passin env:CA_PASS -passout env:CA_PASS -out $CA_KEY"
+ ) and exit;
umask($_);
-
}
__END__