wip

include/mad.hrl

@@ -1 +1 @@
--define(VERSION,"6.8.0-7-g6c9652b").
+-define(VERSION,"6.8.0-10-g91195d7").

src/mad_ca.erl

@@ -10,8 +10,8 @@ root(Crypto)   -> {cat(["cert/",Crypto,"/"]),"synrc.cnf"}.
 rsa(X)         -> cmd("rsa",X).
 ecc(X)         -> cmd("ecc",X).
 
-cmd(C,[])      -> {ok, C};
-cmd(C,["ca"])  -> boot(C), ca(C), {ok,C};
+cmd(C,[])      -> boot(C), {ok,C};
+cmd(C,["ca"])  -> boot(C), up(C), {ok,C};
 cmd(C,[T|N])   -> boot(C), enroll(C,T,N), {ok,C};
 cmd(C,_)       -> boot(C), {ok,C}.
 
@@ -25,21 +25,15 @@ do_boot(Crypto) ->
     {Num,Bin} = {<<"1000">>,replace(replace(cnf(),"PATH",mad_utils:cwd()),"CRYPTO",Crypto)},
     {Dir,CNF} = root(Crypto), filelib:ensure_dir(Dir),
     Files     = [{"index.txt",<<>>},{"crlnumber",Num},{"serial",Num},{CNF,Bin}],
-    lists:map(fun({A,B}) -> file:write_file(Dir++A,B) end, Files), ca(Crypto).
+    lists:map(fun({A,B}) -> file:write_file(Dir++A,B) end, Files).
 
-ca("rsa") ->
-    {done,0,_} = sh:run("openssl genrsa -out cert/rsa/caroot.key 2048"),
-    {done,0,_} = sh:run("openssl req -new -x509 -days 3650 -config cert/rsa/synrc.cnf"
-       " -key cert/rsa/caroot.key -out cert/rsa/caroot.pem"
-       " -subj \"/C=UA/ST=Kyiv/O=SYNRC/CN=CA\"");
-
-ca("ecc") ->
-    Pass = application:get_env(ca,passin,"pass:0"),
-    {done,0,_} = sh:run("openssl ecparam -genkey -name secp384r1 -out cert/ecc/ca.key"),
-    {done,0,_} = sh:run("openssl ec -aes256 -in cert/ecc/ca.key -out cert/ecc/caroot.key -passout " ++ Pass),
-    {done,0,_} = sh:run("openssl req -config cert/ecc/synrc.cnf -days 3650 -new -x509"
-        " -key cert/ecc/caroot.key -out cert/ecc/caroot.pem -passin " ++ Pass ++
-        " -subj \"/C=UA/ST=Kyiv/O=SYNRC/CN=CA\"").
+up(Crypto) ->
+    application:start(inets),
+    URI = cat(["http://localhost:8046/up/",Crypto]),
+    {ok,{{"HTTP/1.1",200,"OK"},_,Cert}} = httpc:request(post,{URI,[],[],<<"">>},[],[]),
+    PEM = list_to_binary(Cert),
+    ok  = file:write_file(cat(["cert/",Crypto,"/caroot.pem"]),PEM),
+    dump(PEM,"CA").
 
 enroll(Crypto,Type,Name) when (Type == "server" orelse Type == "client")
                       andalso (Crypto == "rsa" orelse Crypto == "ecc") ->
@@ -49,14 +43,17 @@ enroll(Crypto,Type,Name) when (Type == "server" orelse Type == "client")
     Y   = string:join(Name," "),
     ok  = key(Crypto,Pass,Y),
     {ok, F} = file:read_file(cat(["cert/",Crypto,"/",Y,".csr"])),
-    URI = cat(["http://ca.n2o.dev:8046/",Crypto,"/",Type]),
+    URI = cat(["http://localhost:8046/enroll/",Crypto,"/",Type]),
     {ok,{{"HTTP/1.1",200,"OK"},_,Cert}} = httpc:request(post,{URI,[],"multipart/form-data",F},[],[]),
     PEM = list_to_binary(Cert),
     ok  = file:write_file(cat(["cert/",Crypto,"/",Y,".pem"]),PEM),
+    dump(PEM,Y).
+
+dump(PEM,Y) ->
     {_,{_,D,_}} = lists:keysearch('Certificate',1,public_key:pem_decode(PEM)),
     OTPCert = public_key:pkix_decode_cert(D,otp),
     PKIInfo = OTPCert#'OTPCertificate'.tbsCertificate#'OTPTBSCertificate'.subjectPublicKeyInfo,
-    io:format("CERT: ~s ~s '~s'~nKEY: ~p~n",[u(Crypto),u(Type),Y,PKIInfo]).
+    io:format("CERT: ~s KEY: ~p~n",[Y,PKIInfo]).
 
 key("rsa",_,X) ->
     {done,0,Bin}  = sh:run("openssl genrsa -out \"cert/rsa/"++ X ++ ".key\" 2048"),