#!/bin/sh # # This shell script will generate an X509 certificate for # your gnunet-transport HTTPS # # The current version partially reuses and recycles # code from build.sh by NetBSD (although not entirely # used because it needs debugging): # # Copyright (c) 2001-2011 The NetBSD Foundation, Inc. # All rights reserved. # # This code is derived from software contributed to # The NetBSD Foundation by Todd Vierling and Luke Mewburn. # Redistribution and use in source and binary forms, with or # without modification, are permitted provided that the following # conditions are met: # 1. Redistributions of source code must retain the above # copyright notice, this list of conditions and the following # disclaimer. # 2. Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials # provided with the distribution. # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND # CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE # DISCLAIMED. # IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY # OF SUCH DAMAGE. progname=${0##*/} setdefaults() { verbosity=0 runcmd= } statusmsg() { ${runcmd} echo " $@" } infomsg() { if [ x$verbosity = x1 ]; then statusmsg "INFO: $@" fi } warningmsg() { statusmsg "WARNING: $@" } errormsg() { statusmsg "ERROR: $@" } linemsg() { statusmsg "=========================================" } usage() { if [ -n "$*" ]; then echo "" echo "${progname}: $*" fi cat <<_usage_ Usage: ${progname} [-hv] [-c FILE] [...] Options: -c FILE Use the configuration file FILE. -h Print this help message. -v Print the version and exit. -V be verbose _usage_ exit 1 } generate_cert_key() { echo "" infomsg "Generating Cert and Key" CERTTOOL="" GNUTLS_CA_TEMPLATE=@PKGDATADIRECTORY@/gnunet-gns-proxy-ca.template OPENSSL=0 if test -z "`gnutls-certtool --version`" > /dev/null then if test -z "`openssl version`" > /dev/null then warningmsg "Install either gnutls certtool or openssl for certificate generation!" exit 1 else OPENSSL=1 fi CERTTOOL="openssl" else CERTTOOL="gnutls-certtool" fi mkdir -p `dirname $KEYFILE` if test 1 -eq $OPENSSL then $CERTTOOL genrsa -out $KEYFILE 1024 $CERTTOOL req -batch -days 365 -out $CERTFILE -new -x509 -key $KEYFILE else $CERTTOOL --generate-privkey --outfile $KEYFILE 2>/dev/null $CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $KEYFILE --outfile $CERTFILE 2>/dev/null fi } print_version() { GNUNET_ARM_VERSION=`gnunet-arm -v` echo $GNUNET_ARM_VERSION } main() { KEYFILE=$1 CERTFILE=$2 setdefaults generate_cert_key } main "$@"