/[smeserver]/rpms/e-smith-base/sme10/e-smith-base-5.8.0-bz11552-renewkey.patch
ViewVC logotype

Diff of /rpms/e-smith-base/sme10/e-smith-base-5.8.0-bz11552-renewkey.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.1 by jpp, Mon May 31 03:19:21 2021 UTC Revision 1.4 by jpp, Fri Jun 4 14:41:59 2021 UTC
# Line 1  Line 1 
1  diff -Nur --no-dereference e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.crt e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.crt  diff -Nur --no-dereference e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.crt e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.crt
2  --- e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.crt      2021-05-30 22:12:33.595000000 -0400  --- e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.crt      2021-05-30 22:12:33.595000000 -0400
3  +++ e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.crt  2021-05-30 23:06:09.991000000 -0400  +++ e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.crt  2021-06-01 17:53:56.640000000 -0400
4  @@ -1,5 +1,6 @@  @@ -1,5 +1,6 @@
5   {   {
6       use constant KEYLIFEINDAYS => $modSSL{KeyLifeInDays} || 365;       use constant KEYLIFEINDAYS => $modSSL{KeyLifeInDays} || 365;
# Line 36  diff -Nur --no-dereference e-smith-base- Line 36  diff -Nur --no-dereference e-smith-base-
36               if (               if (
37  diff -Nur --no-dereference e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.key e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.key  diff -Nur --no-dereference e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.key e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.key
38  --- e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.key      2021-05-30 22:12:33.596000000 -0400  --- e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.key      2021-05-30 22:12:33.596000000 -0400
39  +++ e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.key  2021-05-30 23:06:09.728000000 -0400  +++ e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.key  2021-06-01 17:53:56.402000000 -0400
40  @@ -1,26 +1,22 @@  @@ -1,26 +1,22 @@
41   {   {
42       use Cwd;       use Cwd;
# Line 77  diff -Nur --no-dereference e-smith-base- Line 77  diff -Nur --no-dereference e-smith-base-
77       # as root       # as root
78  diff -Nur --no-dereference e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/10openssl e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/10openssl  diff -Nur --no-dereference e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/10openssl e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/10openssl
79  --- e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/10openssl    2021-05-30 22:12:33.789000000 -0400  --- e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/10openssl    2021-05-30 22:12:33.789000000 -0400
80  +++ e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/10openssl        2021-05-30 23:06:08.793000000 -0400  +++ e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/10openssl        2021-06-01 17:53:55.469000000 -0400
81  @@ -1,13 +1,8 @@  @@ -1,13 +1,8 @@
82   {   {
83       $OUT = '';       $OUT = '';
# Line 97  diff -Nur --no-dereference e-smith-base- Line 97  diff -Nur --no-dereference e-smith-base-
97   }   }
98  diff -Nur --no-dereference e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/20key e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/20key  diff -Nur --no-dereference e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/20key e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/20key
99  --- e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/20key        2021-05-30 22:12:33.789000000 -0400  --- e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/20key        2021-05-30 22:12:33.789000000 -0400
100  +++ e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/20key    2021-05-30 23:06:08.992000000 -0400  +++ e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/20key    2021-06-01 17:53:55.702000000 -0400
101  @@ -3,16 +3,16 @@  @@ -1,18 +1,19 @@
102     {
103    +    use esmith::ssl;
104         my $domain = $DomainName || "localdomain";
105       my $hostname = $SystemName || "localhost";       my $hostname = $SystemName || "localhost";
106       $OUT = '';       $OUT = '';
107    
# Line 121  diff -Nur --no-dereference e-smith-base- Line 124  diff -Nur --no-dereference e-smith-base-
124  +        });  +        });
125  +  +
126  +    # choose which key to put in pem  +    # choose which key to put in pem
127  +    my $key = ( defined $modSSL{'key'} and -f $modSSL{'key'} ) ? $modSSL{'key'}  : $dkey;  +    my $key = ( defined $modSSL{'key'} and defined $modSSL{'crt'} and related_key_cert($modSSL{'key'},$modSSL{'crt'}) ) ? $modSSL{'key'}  : $dkey;
128       open(KEY, $key) or die "Could not open key file: $!";       open(KEY, $key) or die "Could not open key file: $!";
129       my @key = <KEY>;       my @key = <KEY>;
130       chomp @key;       chomp @key;
131  diff -Nur --no-dereference e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/40crt e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/40crt  diff -Nur --no-dereference e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/40crt e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/40crt
132  --- e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/40crt        2021-05-30 22:12:33.789000000 -0400  --- e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/40crt        2021-05-30 22:12:33.789000000 -0400
133  +++ e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/40crt    2021-05-30 23:06:09.234000000 -0400  +++ e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/40crt    2021-06-01 17:53:55.911000000 -0400
134  @@ -2,16 +2,16 @@  @@ -1,17 +1,18 @@
135     {
136    +    use esmith::ssl;
137       my $domain = $DomainName || "localdomain";       my $domain = $DomainName || "localdomain";
138       my $hostname = $SystemName || "localhost";       my $hostname = $SystemName || "localhost";
139    
# Line 151  diff -Nur --no-dereference e-smith-base- Line 156  diff -Nur --no-dereference e-smith-base-
156  +        });  +        });
157  +  +
158  +    # choose crt to add to pem  +    # choose crt to add to pem
159  +    $crt = ( defined $modSSL{'crt'} and  -f $modSSL{'crt'} )? $modSSL{'crt'} : $dcrt;  +    $crt = ( defined $modSSL{'key'} and defined $modSSL{'crt'} and related_key_cert($modSSL{'key'},$modSSL{'crt'}) )? $modSSL{'crt'} : $dcrt;
160       open(CRT, $crt) or die "Could not open crt file: $!";       open(CRT, $crt) or die "Could not open crt file: $!";
161       my @crt = <CRT>;       my @crt = <CRT>;
162       chomp @crt;       chomp @crt;
 diff -Nur --no-dereference e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/60pem e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/60pem  
 --- e-smith-base-5.8.0.old/root/etc/e-smith/templates/home/e-smith/ssl.pem/60pem        2021-05-30 22:12:33.789000000 -0400  
 +++ e-smith-base-5.8.0/root/etc/e-smith/templates/home/e-smith/ssl.pem/60pem    2021-05-30 23:06:09.486000000 -0400  
 @@ -1,4 +1,6 @@  
  {  
 +    my $domain = $DomainName || "localdomain";  
 +    my $hostname = $SystemName || "localhost";  
      my $pem = $modSSL{'CertificateChainFile'};  
      if ($pem and -e $pem)  
      {  
163  diff -Nur --no-dereference e-smith-base-5.8.0.old/root/usr/share/perl5/vendor_perl/esmith/ssl.pm e-smith-base-5.8.0/root/usr/share/perl5/vendor_perl/esmith/ssl.pm  diff -Nur --no-dereference e-smith-base-5.8.0.old/root/usr/share/perl5/vendor_perl/esmith/ssl.pm e-smith-base-5.8.0/root/usr/share/perl5/vendor_perl/esmith/ssl.pm
164  --- e-smith-base-5.8.0.old/root/usr/share/perl5/vendor_perl/esmith/ssl.pm       1969-12-31 19:00:00.000000000 -0500  --- e-smith-base-5.8.0.old/root/usr/share/perl5/vendor_perl/esmith/ssl.pm       1969-12-31 19:00:00.000000000 -0500
165  +++ e-smith-base-5.8.0/root/usr/share/perl5/vendor_perl/esmith/ssl.pm   2021-05-30 23:06:10.229000000 -0400  +++ e-smith-base-5.8.0/root/usr/share/perl5/vendor_perl/esmith/ssl.pm   2021-06-01 17:53:56.856000000 -0400
166  @@ -0,0 +1,110 @@  @@ -0,0 +1,154 @@
167  +package esmith::ssl;  +package esmith::ssl;
168  +  +
169  +use strict;  +use strict;
# Line 177  diff -Nur --no-dereference e-smith-base- Line 172  diff -Nur --no-dereference e-smith-base-
172  +  +
173  +  +
174  +our @ISA = qw(Exporter);  +our @ISA = qw(Exporter);
175  +our @EXPORT = qw( key_exists_good_size cert_exists_good_size );  +our @EXPORT = qw( key_exists_good_size cert_exists_good_size cert_is_cert key_is_key related_key_cert);
176  +  +
177  +my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db";  +my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db";
178  +our $SystemName = $configdb->get('SystemName')->value;  +our $SystemName = $configdb->get('SystemName')->value;
179  +our $DomainName = $configdb->get('DomainName')->value;  +our $DomainName = $configdb->get('DomainName')->value;
180    +our $FQDN = "$SystemName.$DomainName";
181  +  +
182  +# test key size  +# test key size
183  +# test key exists  +# test key exists
# Line 216  diff -Nur --no-dereference e-smith-base- Line 212  diff -Nur --no-dereference e-smith-base-
212  +    my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db";  +    my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db";
213  +    my %modSSL = $configdb->as_hash('modSSL');  +    my %modSSL = $configdb->as_hash('modSSL');
214  +    my $KeySize = $modSSL{KeySize} ||'4096';  +    my $KeySize = $modSSL{KeySize} ||'4096';
 +    my $FQDN = "$SystemName.$DomainName";  
215  +    my $key = shift || "/home/e-smith/ssl.key/$FQDN.key";  +    my $key = shift || "/home/e-smith/ssl.key/$FQDN.key";
216  +    if ( -f $key )  +    if ( -f $key )
217  +    {  +    {
218  +       #print "$key exists\n";  +       #print "$key exists\n";
219  +        # check key size openssl rsa -in /home/e-smith/ssl.key/$host.$domain.key -text -noout | sed -rn "s/Private-Key: \((.*) bit\)/\1/p"  +        # check key size openssl rsa -in /home/e-smith/ssl.key/$host.$domain.key -text -noout | sed -rn "s/Private-Key: \((.*) bit\)/\1/p"
# Line 251  diff -Nur --no-dereference e-smith-base- Line 246  diff -Nur --no-dereference e-smith-base-
246  +    my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db";  +    my $configdb = esmith::ConfigDB->open_ro or die "Could not open accounts db";
247  +    my %modSSL = $configdb->as_hash('modSSL');  +    my %modSSL = $configdb->as_hash('modSSL');
248  +    my $KeySize = $modSSL{KeySize} ||'4096';  +    my $KeySize = $modSSL{KeySize} ||'4096';
 +    my $FQDN = "$SystemName.$DomainName";  
249  +    my $crt = shift || "/home/e-smith/ssl.crt/$FQDN.crt";  +    my $crt = shift || "/home/e-smith/ssl.crt/$FQDN.crt";
250  +    if ( -f $crt )  +    if ( -f $crt )
251  +    {  +    {
252  +       #openssl x509 -text -noout -in /home/e-smith/ssl.crt/$host.$domain.crt| sed -rn "s/Public-Key: \((.*) bit\)/\1/p"  +       #openssl x509 -text -noout -in /home/e-smith/ssl.crt/$host.$domain.crt| sed -rn "s/Public-Key: \((.*) bit\)/\1/p"
253  +       my $signatureKeySize = `openssl x509 -text -noout -in $crt  | grep "Public-Key" | head -1`;  +       my $signatureKeySize = `openssl x509 -text -noout -in $crt  | grep "Public-Key" | head -1`;
# Line 271  diff -Nur --no-dereference e-smith-base- Line 265  diff -Nur --no-dereference e-smith-base-
265  +    return 0;  +    return 0;
266  +}  +}
267  +  +
268    +sub cert_is_cert {
269    +    my $crt = shift || "/home/e-smith/ssl.crt/$FQDN.crt";
270    +    if ( -f $crt )
271    +    {
272    +        open my $oldout, ">&STDERR";  # "dup" the stdout filehandle
273    +        close STDERR;
274    +       my $exit_code=system("openssl","x509", "-noout", "-in", "$crt");        
275    +        open STDERR, '>&', $oldout;  # restore the dup'ed filehandle to STDOUT
276    +        if ($exit_code==0){
277    +               #print "certificate is a certificate\n";
278    +                return 1;
279    +        }
280    +    }
281    +    return 0;
282    +}
283    +
284    +sub key_is_key {
285    +    my $key = shift || "/home/e-smith/ssl.key/$FQDN.key";
286    +    if ( -f $key )
287    +    {
288    +       open my $oldout, ">&STDERR";  # "dup" the stdout filehandle
289    +       close STDERR;
290    +        my $exit_code=system("openssl","rsa", "-noout", "-in", "$key");
291    +       open STDERR, '>&', $oldout;  # restore the dup'ed filehandle to STDOUT
292    +        if ($exit_code==0){
293    +                #print "key is a key\n";
294    +                return 1;
295    +        }
296    +    }
297    +    return 0;
298    +}
299    +
300    +sub related_key_cert {
301    +    my $key = shift || "/home/e-smith/ssl.key/$FQDN.key";
302    +    my $crt = shift || "/home/e-smith/ssl.crt/$FQDN.crt";
303    +    if ( key_is_key($key) and cert_is_cert($crt) )
304    +    {
305    +       # check the cert and the key are related, if key has been changed, then we need to change the cert
306    +       my $crt_md5 = `openssl x509 -noout -modulus -in $crt | openssl md5`;
307    +       my $key_md5 = `openssl rsa -noout -modulus -in $key | openssl md5`;
308    +       #print "$key_md5 eq $crt_md5\n";
309    +       return 1 if $key_md5 eq $crt_md5;
310    +    }
311    +    return 0;
312    +}
313  +##TODO migrate those actions from  +##TODO migrate those actions from
314  +# check cert is related to key  +# check cert is related to key
315  +# => /etc/e-smith/templates/home/e-smith/ssl.crt  +# => /etc/e-smith/templates/home/e-smith/ssl.crt


Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed