X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=meta-starlingx%2Fmeta-stx-integ%2Frecipes-support%2Fopenldap%2Ffiles%2Fsources%2Flibexec-generate-server-cert.sh;fp=meta-starlingx%2Fmeta-stx-integ%2Frecipes-support%2Fopenldap%2Ffiles%2Fsources%2Flibexec-generate-server-cert.sh;h=0000000000000000000000000000000000000000;hb=6fc6934434f70595536a387ece31bc30141cafb5;hp=e2f497447815ff437d84822f2a5cc2ffb129b1db;hpb=eb1e26510491ba49de693ab3b0498edcb06be6c5;p=pti%2Frtp.git diff --git a/meta-starlingx/meta-stx-integ/recipes-support/openldap/files/sources/libexec-generate-server-cert.sh b/meta-starlingx/meta-stx-integ/recipes-support/openldap/files/sources/libexec-generate-server-cert.sh deleted file mode 100755 index e2f4974..0000000 --- a/meta-starlingx/meta-stx-integ/recipes-support/openldap/files/sources/libexec-generate-server-cert.sh +++ /dev/null @@ -1,118 +0,0 @@ -#!/bin/bash -# Author: Jan Vcelak - -set -e - -# default options - -CERTDB_DIR=/etc/openldap/certs -CERT_NAME="OpenLDAP Server" -PASSWORD_FILE= -HOSTNAME_FQDN="$(hostname --fqdn)" -ALT_NAMES= -ONCE=0 - -# internals - -RANDOM_SOURCE=/dev/urandom -CERT_RANDOM_BYTES=256 -CERT_KEY_TYPE=rsa -CERT_KEY_SIZE=1024 -CERT_VALID_MONTHS=12 - -# parse arguments - -usage() { - printf "usage: generate-server-cert.sh [-d certdb-dir] [-n cert-name]\n" >&2 - printf " [-p password-file] [-h hostnames]\n" >&2 - printf " [-a dns-alt-names] [-o]\n" >&2 - exit 1 -} - -while getopts "d:n:p:h:a:o" opt; do - case "$opt" in - d) - CERTDB_DIR="$OPTARG" - ;; - n) - CERT_NAME="$OPTARG" - ;; - p) - PASSWORD_FILE="$OPTARG" - ;; - h) - HOSTNAME_FQDN="$OPTARG" - ;; - a) - ALT_NAMES="$OPTARG" - ;; - o) - ONCE=1 - ;; - \?) - usage - ;; - esac -done - -[ "$OPTIND" -le "$#" ] && usage - -# generated options - -ONCE_FILE="$CERTDB_DIR/.slapd-leave" -PASSWORD_FILE="${PASSWORD_FILE:-${CERTDB_DIR}/password}" -ALT_NAMES="${ALT_NAMES:-${HOSTNAME_FQDN},localhost,localhost.localdomain}" - -# verify target location - -if [ "$ONCE" -eq 1 -a -f "$ONCE_FILE" ]; then - printf "Skipping certificate generating, '%s' exists.\n" "$ONCE_FILE" >&2 - exit 0 -fi - -if ! certutil -d "$CERTDB_DIR" -U &>/dev/null; then - printf "Directory '%s' is not a valid certificate database.\n" "$CERTDB_DIR" >&2 - exit 1 -fi - -printf "Creating new server certificate in '%s'.\n" "$CERTDB_DIR" >&2 - -if [ ! -r "$PASSWORD_FILE" ]; then - printf "Password file '%s' is not readable.\n" "$PASSWORD_FILE" >&2 - exit 1 -fi - -if certutil -d "$CERTDB_DIR" -L -a -n "$CERT_NAME" &>/dev/null; then - printf "Certificate '%s' already exists in the certificate database.\n" "$CERT_NAME" >&2 - exit 1 -fi - -# generate server certificate (self signed) - - -CERT_RANDOM=$(mktemp --tmpdir=/var/run/openldap) -dd if=$RANDOM_SOURCE bs=$CERT_RANDOM_BYTES count=1 of=$CERT_RANDOM &>/dev/null - -certutil -d "$CERTDB_DIR" -f "$PASSWORD_FILE" -z "$CERT_RANDOM" \ - -S -x -n "$CERT_NAME" \ - -s "CN=$HOSTNAME_FQDN" \ - -t TC,, \ - -k $CERT_KEY_TYPE -g $CERT_KEY_SIZE \ - -v $CERT_VALID_MONTHS \ - -8 "$ALT_NAMES" \ - &>/dev/null - -rm -f $CERT_RANDOM - -# tune permissions - -if [ "$(id -u)" -eq 0 ]; then - chgrp ldap "$PASSWORD_FILE" - chmod g+r "$PASSWORD_FILE" -else - printf "WARNING: The server requires read permissions on the password file in order to\n" >&2 - printf " load it's private key from the certificate database.\n" >&2 -fi - -touch "$ONCE_FILE" -exit 0