blob: 33bbbf78585bc3e778c0a8ac02f9d4ca9f3bcaf8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
# Include this file and set the following make variables or use the
# defaults.
# LOGNAME = name of the log to create
LOGNAME ?= $$(basename $$PWD)
# NODES = list of names of non-merge nodes
NODES ?= $$(cd nodes; ls | egrep -v ^merge-)
# MERGE_NODES = list of names of merge nodes
MERGE_NODES ?= $$(cd nodes; ls merge-*)
# HSM_SO_PIN = SoftHSM "security officer PIN"
HSM_SO_PIN ?= f0f0
# HSM_PIN = SoftHSM PIN
HSM_PIN ?= fefe
# SOFTHSM_BASE_DIR = base directory for SoftHSMv2 installation
SOFTHSM_BASE_DIR ?= ~/usr
# SOFTHSM_UTIL = full path to softhsm2-util from SoftHSMv2
SOFTHSM_UTIL ?= $(SOFTHSM_BASE_DIR)/bin/softhsm2-util
# CATLFISH_SRC = path to catlfish source code
CATLFISH_SRC ?= ~/usr/src/catlfish
test:
@echo LOGNAME = $(LOGNAME)
@echo NODES = $(NODES)
@echo MERGE_NODES = $(MERGE_NODES)
.PHONY: test
log: certs authkeys logkey.pem
destdirs:
@for node in $(NODES) $(MERGE_NODES); do \
if [ -d nodes.out/$${node} ]; then true; \
else mkdir -p nodes.out/$${node}; \
fi \
done
tests privatekeys publickeys:
mkdir $@
tests/httpsca/key.pem: tests
make -f $(CATLFISH_SRC)/Makefile INSTDIR=. tests-createca
tests/httpscert:
mkdir $@
certs: tests/httpsca/key.pem tests/httpscert destdirs
@for cn in $(NODES); do \
openssl req -new -newkey rsa:2048 \
-keyout tests/httpscert/$${cn}-key.pem \
-out tests/httpsca/$${cn}.csr -nodes \
-subj "/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/CN=$${cn}"; \
(cd tests/httpsca; \
openssl ca -in $${cn}.csr -keyfile key.pem -out $${cn}.pem -batch); \
cp tests/httpsca/$${cn}.pem tests/httpscert/; \
done
authkeys: privatekeys publickeys destdirs
for node in $(NODES) $(MERGE_NODES); do \
(cd privatekeys; $(CATLFISH_SRC)/tools/create-key.sh $${node}); \
mv privatekeys/$${node}.pem publickeys/; \
cp privatekeys/$${node}-private.pem nodes.out/$${node}/; \
cp tests/httpsca/demoCA/cacert.pem nodes.out/$${node}/; \
done
@for node in $(NODES) $(MERGE_NODES); do \
cp -a publickeys nodes.out/$${node}/; \
done
logkey.pem: destdirs $(SOFTHSM_UTIL)
! [ -f logkey-private.pem ]
$(CATLFISH_SRC)/tools/create-key.sh logkey
chmod 600 logkey-private.pem
openssl pkcs8 -topk8 -nocrypt \
-in logkey-private.pem -out logkey-private.pkcs8
$(SOFTHSM_UTIL) --init-token --slot 0 --label $(LOGNAME) \
--so-pin $(HSM_SO_PIN) --pin $(HSM_PIN)
$(SOFTHSM_UTIL) --import logkey-private.pkcs8 --slot 0 \
--label $(LOGNAME) --pin $(HSM_PIN) --id 00
for node in $(NODES) $(MERGE_NODES); do \
cp logkey.pem nodes.out/$${node}/; \
done
.PHONY: destdirs certs authkeys
|
