diff options
| author | Linus Nordberg <linus@nordu.net> | 2015-06-01 09:44:47 +0200 |
|---|---|---|
| committer | Linus Nordberg <linus@nordu.net> | 2015-06-01 09:44:47 +0200 |
| commit | 1e9e9a16002252d87c25f12afb77d3eaa9367c62 (patch) | |
| tree | 189013626dbd1e44ce67eae0ad7becaa8f466de3 | |
| parent | 6870d6ebe4ebc9f3bbe4e90c28259810d8b6dd3d (diff) | |
Add a makefile for creating keys and certs needed for a log.
| -rw-r--r-- | Makefile | 1 | ||||
| -rw-r--r-- | README | 3 | ||||
| -rw-r--r-- | mklog.mk | 88 |
3 files changed, 89 insertions, 3 deletions
@@ -5,4 +5,3 @@ catlfish: FIXME .PHONY: catlfish-dev catlfish - @@ -24,8 +24,7 @@ or Configuring a log ----------------- -XXX create CA and certs; create logkey (possibly in softhsm); create -XXX auth keys; run compileconfig.py for each node +mkdir mylog; cd mylog && make -f ../mklog.mk log Running diff --git a/mklog.mk b/mklog.mk new file mode 100644 index 0000000..33bbbf7 --- /dev/null +++ b/mklog.mk @@ -0,0 +1,88 @@ +# Include this file and set the following make variables or use the +# defaults. + +# LOGNAME = name of the log to create +LOGNAME ?= $$(basename $$PWD) + +# NODES = list of names of non-merge nodes +NODES ?= $$(cd nodes; ls | egrep -v ^merge-) + +# MERGE_NODES = list of names of merge nodes +MERGE_NODES ?= $$(cd nodes; ls merge-*) + +# HSM_SO_PIN = SoftHSM "security officer PIN" +HSM_SO_PIN ?= f0f0 + +# HSM_PIN = SoftHSM PIN +HSM_PIN ?= fefe + +# SOFTHSM_BASE_DIR = base directory for SoftHSMv2 installation +SOFTHSM_BASE_DIR ?= ~/usr + +# SOFTHSM_UTIL = full path to softhsm2-util from SoftHSMv2 +SOFTHSM_UTIL ?= $(SOFTHSM_BASE_DIR)/bin/softhsm2-util + +# CATLFISH_SRC = path to catlfish source code +CATLFISH_SRC ?= ~/usr/src/catlfish + +test: + @echo LOGNAME = $(LOGNAME) + @echo NODES = $(NODES) + @echo MERGE_NODES = $(MERGE_NODES) +.PHONY: test + +log: certs authkeys logkey.pem + +destdirs: + @for node in $(NODES) $(MERGE_NODES); do \ + if [ -d nodes.out/$${node} ]; then true; \ + else mkdir -p nodes.out/$${node}; \ + fi \ + done + +tests privatekeys publickeys: + mkdir $@ + +tests/httpsca/key.pem: tests + make -f $(CATLFISH_SRC)/Makefile INSTDIR=. tests-createca +tests/httpscert: + mkdir $@ +certs: tests/httpsca/key.pem tests/httpscert destdirs + @for cn in $(NODES); do \ + openssl req -new -newkey rsa:2048 \ + -keyout tests/httpscert/$${cn}-key.pem \ + -out tests/httpsca/$${cn}.csr -nodes \ + -subj "/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/CN=$${cn}"; \ + (cd tests/httpsca; \ + openssl ca -in $${cn}.csr -keyfile key.pem -out $${cn}.pem -batch); \ + cp tests/httpsca/$${cn}.pem tests/httpscert/; \ + done + +authkeys: privatekeys publickeys destdirs + for node in $(NODES) $(MERGE_NODES); do \ + (cd privatekeys; $(CATLFISH_SRC)/tools/create-key.sh $${node}); \ + mv privatekeys/$${node}.pem publickeys/; \ + cp privatekeys/$${node}-private.pem nodes.out/$${node}/; \ + cp tests/httpsca/demoCA/cacert.pem nodes.out/$${node}/; \ + done + @for node in $(NODES) $(MERGE_NODES); do \ + cp -a publickeys nodes.out/$${node}/; \ + done + +logkey.pem: destdirs $(SOFTHSM_UTIL) + ! [ -f logkey-private.pem ] + $(CATLFISH_SRC)/tools/create-key.sh logkey + chmod 600 logkey-private.pem + + openssl pkcs8 -topk8 -nocrypt \ + -in logkey-private.pem -out logkey-private.pkcs8 + $(SOFTHSM_UTIL) --init-token --slot 0 --label $(LOGNAME) \ + --so-pin $(HSM_SO_PIN) --pin $(HSM_PIN) + $(SOFTHSM_UTIL) --import logkey-private.pkcs8 --slot 0 \ + --label $(LOGNAME) --pin $(HSM_PIN) --id 00 + + for node in $(NODES) $(MERGE_NODES); do \ + cp logkey.pem nodes.out/$${node}/; \ + done + +.PHONY: destdirs certs authkeys |