|
|
@@ -5,6 +5,7 @@
|
|
|
|
|
|
write(Gen,Bin) -> io:format("Generated: ~p~n",[Gen]), file:write_file(Gen,Bin).
|
|
|
replace(S,A,B) -> re:replace(S,A,B,[global,{return,list}]).
|
|
|
+u(X) -> string:to_upper(X).
|
|
|
|
|
|
boot(Crypto) ->
|
|
|
Temp = template(),
|
|
|
@@ -15,33 +16,33 @@ boot(Crypto) ->
|
|
|
CRL = lists:concat(["cert/",Crypto,"/crlnumber"]),
|
|
|
Serial = lists:concat(["cert/",Crypto,"/serial"]),
|
|
|
Counter = <<"1000">>,
|
|
|
- filelib:ensure_dir(Gen),
|
|
|
- file:write_file(Index,<<>>),
|
|
|
- file:write_file(CRL,Counter),
|
|
|
- file:write_file(Serial,Counter),
|
|
|
case file:read_file_info(Gen) of
|
|
|
- {error,_} -> write(Gen, Bin);
|
|
|
- {ok,_} -> io:format("~s: file ~p already exists.~n",[Crypto,Gen]) end,
|
|
|
+ {error,_} ->
|
|
|
+ filelib:ensure_dir(Gen),
|
|
|
+ lists:map(fun({A,B}) -> file:write_file(A,B) end,
|
|
|
+ [{Index,<<>>},{CRL,Counter},{Serial,Counter},{Gen,Bin}]),
|
|
|
+ ca(Crypto);
|
|
|
+ {ok,_} -> skip end,
|
|
|
{ok,man}.
|
|
|
|
|
|
subj() -> io:format("Subject not specified.").
|
|
|
|
|
|
-rsa(["ca"]) -> boot("rsa"), ca("rsa",[]), {ok,rsa};
|
|
|
-rsa([Type|Name]) -> enroll("rsa",Type,Name,"pass:0");
|
|
|
+rsa(["ca"]) -> boot("rsa"), ca("rsa"), {ok,rsa};
|
|
|
+rsa([Type|Name]) -> boot("rsa"), enroll("rsa",Type,Name);
|
|
|
rsa(_) -> boot("rsa").
|
|
|
|
|
|
-ecc(["ca"|Pass]) -> boot("ecc"), ca("ecc",Pass), {ok,ecc};
|
|
|
-ecc([Type,Pass|Name]) -> enroll("ecc",Type,Name,Pass);
|
|
|
+ecc(["ca"]) -> boot("ecc"), ca("ecc"), {ok,ecc};
|
|
|
+ecc([Type|Name]) -> boot("ecc"), enroll("ecc",Type,Name);
|
|
|
ecc(_) -> boot("ecc").
|
|
|
|
|
|
|
|
|
-ca("rsa", []) ->
|
|
|
+ca("rsa") ->
|
|
|
{done,0,Bin} = sh:run("openssl genrsa -out cert/rsa/caroot.key 2048"),
|
|
|
{done,0,Bin2} = sh:run("openssl req -new -x509 -days 3650 -config cert/rsa/synrc.cnf"
|
|
|
" -key cert/rsa/caroot.key -out cert/rsa/caroot.pem"
|
|
|
- " -subj \"/C=UA/ST=Kyiv/O=SYNRC/CN=CA\""), ok;
|
|
|
-
|
|
|
-ca("ecc", Pass) ->
|
|
|
+ " -subj \"/C=UA/ST=Kyiv/O=SYNRC/CN=CA\"");
|
|
|
+ca("ecc") ->
|
|
|
+ Pass = application:get_env(ca,passin,"pass:0"),
|
|
|
{done,0,Bin} = sh:run("openssl ecparam -genkey -name secp384r1"),
|
|
|
file:write_file("cert/ecc/ca.key",Bin),
|
|
|
{done,0,Bin2} = sh:run("openssl ec -aes256 -in cert/ecc/ca.key"
|
|
|
@@ -51,8 +52,9 @@ ca("ecc", Pass) ->
|
|
|
" -subj \"/C=UA/ST=Kyiv/O=SYNRC/CN=CA\""),
|
|
|
ok.
|
|
|
|
|
|
-enroll(Crypto,Type,Name,Pass) when (Type == "server" orelse Type == "client")
|
|
|
+enroll(Crypto,Type,Name) when (Type == "server" orelse Type == "client")
|
|
|
andalso (Crypto == "rsa" orelse Crypto == "ecc") ->
|
|
|
+ Pass = application:get_env(ca,passin,"pass:0"),
|
|
|
application:start(inets),
|
|
|
X = string:join(Name,"\\ "),
|
|
|
Y = string:join(Name," "),
|
|
|
@@ -68,10 +70,9 @@ enroll(Crypto,Type,Name,Pass) when (Type == "server" orelse Type == "client")
|
|
|
{_, DerCert, _} = CertEntry,
|
|
|
Decoded = public_key:pkix_decode_cert(DerCert, otp),
|
|
|
PK = Decoded#'OTPCertificate'.tbsCertificate#'OTPTBSCertificate'.subjectPublicKeyInfo,
|
|
|
- io:format("CERT: ~s ~s '~s'~nKEY: ~p~n",[Crypto,Type,X,PK]),
|
|
|
+ io:format("CERT: ~s ~s '~s'~nKEY: ~p~n",[u(Crypto),u(Type),X,PK]),
|
|
|
{ok,rsa}.
|
|
|
|
|
|
-u(X) -> string:to_upper(X).
|
|
|
|
|
|
key("rsa",_,X) ->
|
|
|
{done,0,Bin} = sh:run("openssl genrsa -out cert/rsa/"++ X ++ ".key 2048"),
|
|
|
@@ -79,6 +80,7 @@ key("rsa",_,X) ->
|
|
|
" -out cert/rsa/"++ X ++".csr "
|
|
|
" -subj \"/C=UA/ST=Kyiv/O=SYNRC/CN="++ X ++ "\""), ok;
|
|
|
key("ecc",Pass,X) ->
|
|
|
+ Pass = application:get_env(ca,passin,"pass:0"),
|
|
|
{done,0,_} = sh:run("openssl ecparam -name secp384r1 > cert/ecc/"++X++".ecp"),
|
|
|
{done,0,_} = sh:run("cp cert/ecc/"++X++".ecp key"),
|
|
|
{done,0,Bin} = sh:run("openssl req -config cert/ecc/synrc.cnf -passout " ++ Pass ++
|
Namdak Tonpa