From 9e4b48090a111259bef126721822c4ba9110e06a Mon Sep 17 00:00:00 2001
From: jvdias <jvdias@fedoraproject.org>
Date: Tue, 11 Apr 2006 19:49:22 +0000
Subject: [PATCH] v2.5.1 genSSLCerts

---
 genOpenPegasusSSLCerts | 67 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100755 genOpenPegasusSSLCerts

diff --git a/genOpenPegasusSSLCerts b/genOpenPegasusSSLCerts
new file mode 100755
index 0000000..5e75567
--- /dev/null
+++ b/genOpenPegasusSSLCerts
@@ -0,0 +1,67 @@
+#!/bin/bash
+#
+PEGASUS_PEM_DIR=/etc/Pegasus
+PEGASUS_CONFIG_DIR=/etc/Pegasus
+PEGASUS_INSTALL_LOG=/var/lib/Pegasus/log/install.log
+PEGASUS_SSL_CERT_FILE=server.pem
+PEGASUS_SSL_KEY_FILE=file.pem
+PEGASUS_SSL_TRUSTSTORE=client.pem
+#
+#  Set up OpenSSL certificates for the tog-pegasus cimserver
+#
+#  Creates a default ssl.cnf file.
+#  Generates a self-signed certificate for use by the cimserver.
+#
+cnfChanged=0;
+if [ ! -e $PEGASUS_CONFIG_DIR/ssl.cnf ]; then
+    mkdir -p ${PEGASUS_INSTALL_LOG%/*}
+    mkdir -p $PEGASUS_CONFIG_DIR
+    echo "[ req ]" > $PEGASUS_CONFIG_DIR/ssl.cnf
+    echo "distinguished_name     = req_distinguished_name"  >> \
+            $PEGASUS_CONFIG_DIR/ssl.cnf
+    echo "prompt                 = no"  >> $PEGASUS_CONFIG_DIR/ssl.cnf
+    echo "[ req_distinguished_name ]" >> $PEGASUS_CONFIG_DIR/ssl.cnf
+    echo "C                      = UK" >> $PEGASUS_CONFIG_DIR/ssl.cnf
+    echo "ST                     = Berkshire" >> $PEGASUS_CONFIG_DIR/ssl.cnf
+    echo "L                      = Reading" >> $PEGASUS_CONFIG_DIR/ssl.cnf
+    echo "O                      = The Open Group" >> \
+            $PEGASUS_CONFIG_DIR/ssl.cnf
+    echo "OU                     = The OpenPegasus Project" >> \
+            $PEGASUS_CONFIG_DIR/ssl.cnf
+    DN=`hostname`;
+    if [ -z "$DN" ] || [ "$DN" = "(none)" ]; then
+            DN='localhost.localdomain';
+    fi;
+    FQDN=`{ host -W1 $DN 2>/dev/null || echo "$DN has address "; } |\
+            grep 'has address' | head -1 | sed 's/\ .*$//'`;
+    if [ -z "$FQDN" ] ; then
+        FQDN="$DN";
+    fi;
+    # cannot use 'hostname --fqdn' because this can hang indefinitely
+    echo "CN                     = $FQDN"  >> $PEGASUS_CONFIG_DIR/ssl.cnf
+    chmod 400 $PEGASUS_CONFIG_DIR/ssl.cnf
+    chown root $PEGASUS_CONFIG_DIR/ssl.cnf
+    chgrp root $PEGASUS_CONFIG_DIR/ssl.cnf
+    cnfChanged=1;
+fi
+if [ $cnfChanged -eq 1 ] || \
+         [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE ] || \
+         [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE ]; then
+    /usr/bin/openssl req -x509 -days 3650 -newkey rsa:2048 \
+         -nodes -config $PEGASUS_CONFIG_DIR/ssl.cnf   \
+         -keyout $PEGASUS_PEM_DIR/key.pem \
+         -out $PEGASUS_PEM_DIR/cert.pem 2>>$PEGASUS_INSTALL_LOG
+    chmod 700 $PEGASUS_PEM_DIR/*.pem
+    cp -fp $PEGASUS_PEM_DIR/cert.pem \
+        $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE
+    cp -fp $PEGASUS_PEM_DIR/key.pem \
+        $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE
+    chmod 400 $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE
+    chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE 
+    rm -f $PEGASUS_PEM_DIR/key.pem $PEGASUS_PEM_DIR/cert.pem
+fi;
+if [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE ]; then
+    cp -fp $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE \
+        $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE
+    chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE;
+fi;