Mercurial Mercurial > hg > hlog / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
create cert/key automatically
authorHeiko Schlittermann <hs@schlittermann.de>
Fri, 01 Jan 2010 23:07:43 +0100
changeset 53 807117b2de7e
parent 52 1500db85ad6c
child 54 5f5b9f68b411
create cert/key automatically
hlog.pl file | annotate | diff | comparison | revisions 
--- a/hlog.pl	Thu Dec 31 00:02:45 2009 +0100
+++ b/hlog.pl	Fri Jan 01 23:07:43 2010 +0100
@@ -1,6 +1,6 @@
 #! /usr/bin/perl
 
-#    HTTP access to some (log) file
+#    HTTP(S) access to some (log) file
 #    Copyright (C) 2009  Heiko Schlittermann
 #
 #    This program is free software: you can redistribute it and/or modify
@@ -30,6 +30,9 @@
 use MIME::Base64 qw(decode_base64);
 use IO::Socket::INET;
 use IO::Socket::SSL;
+use File::Temp qw/tempdir/;
+use File::Path;
+use Sys::Hostname;
 
 my $ME = basename $0;
 
@@ -42,8 +45,8 @@
 my $opt_debug    = 0;
 my $opt_htpasswd = "htpasswd";
 my $opt_ssl      = 1;
-my $opt_ssl_cert = "crt.pem";
-my $opt_ssl_key  = "key.pem";
+my $opt_ssl_cert = "*";
+my $opt_ssl_key  = "*";
 
 # these vars will be filled with the real dirs later
 my $rundir = ["/var/run/$ME", "$ENV{HOME}/.$ME"];
@@ -80,8 +83,8 @@
 
 sub bad_request();
 sub date1123(;$);
-
-sub authenticated($$);
+sub authenticate($$);
+sub certtool();
 
 my %FILE;
 
@@ -109,7 +112,7 @@
         $opt_ssl  = 0;
     }
 
-    foreach ($opt_htpasswd, $opt_ssl_key, $opt_ssl_cert) {
+    foreach ($opt_htpasswd) {
         $_ = abs_path($_) if defined;
     }
 
@@ -168,6 +171,11 @@
         $FILE{$tag} = $file;
     }
 
+    # read key/cert or generate key/cert
+    certtool();
+    ### $opt_ssl_key
+    ### $opt_ssl_cert
+
     # Start the listener, just a normal INET socket,
     # SSL will be started later on, if needed..
     my $listener = new IO::Socket::INET(
@@ -241,6 +249,7 @@
                     SSL_key_file  => $opt_ssl_key,
                     SSL_cert_file => $opt_ssl_cert,
                 );
+		warn IO::Socket::SSL::errstr(), "\n";
                 $client->start_SSL;
             }
             handle_request($client);
@@ -460,6 +469,47 @@
     $auth->authenticate(split /:/, decode_base64($userinfo));
 }
 
+sub certtool() {
+    my $dir = tempdir(CLEANUP => 1);
+
+    # look for the certtool
+    grep { -x "$_/certtool" } split /:/, $ENV{PATH}
+      or die
+"certtool binary not found in $ENV{PATH}, may be you should install gnutls\n";
+
+    if ($opt_ssl_key eq "*") {
+        warn "Creating the private key\n";
+        system("certtool --generate-privkey --outfile $dir/key 2>$dir/err");
+        die "can't generate private key\n" if $?;
+	$opt_ssl_key = "$dir/key";
+    }
+
+    if ($opt_ssl_cert eq "*") {
+
+        # write the template for (self) signing
+        my $f = new IO::File ">$dir/template";
+        print $f <<___;
+cn = @{[hostname]}
+serial = @{[time]}
+expiration_days = 9999
+tls_www_server
+___
+        close($f);
+
+        warn "self signing the certificate\n";
+        system( "certtool --generate-self-signed "
+              . "--template $dir/template "
+              . "--load-privkey $opt_ssl_key "
+              . "--outfile $dir/cert 2>$dir/err");
+	$opt_ssl_cert = "$dir/cert";
+	unlink "$dir/template";
+    }
+
+	$opt_ssl_key = abs_path($opt_ssl_key);
+	$opt_ssl_cert = abs_path($opt_ssl_cert);
+
+}
+
 __END__
 
 =head1 NAME
hlog