+++ /dev/null
-$! CA - wrapper around ca to make it easier to use ... basically ca requires
-$! some setup stuff to be done before you can use it and this makes
-$! things easier between now and when Eric is convinced to fix it :-)
-$!
-$! CA -newca ... will setup the right stuff
-$! CA -newreq ... will generate a certificate request
-$! CA -sign ... will sign the generated request and output
-$!
-$! At the end of that grab newreq.pem and newcert.pem (one has the key
-$! and the other the certificate) and cat them together and that is what
-$! you want/need ... I'll make even this a little cleaner later.
-$!
-$!
-$! 12-Jan-96 tjh Added more things ... including CA -signcert which
-$! converts a certificate to a request and then signs it.
-$! 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
-$! environment variable so this can be driven from
-$! a script.
-$! 25-Jul-96 eay Cleaned up filenames some more.
-$! 11-Jun-96 eay Fixed a few filename missmatches.
-$! 03-May-96 eay Modified to use 'openssl cmd' instead of 'cmd'.
-$! 18-Apr-96 tjh Original hacking
-$!
-$! Tim Hudson
-$! tjh@cryptsoft.com
-$!
-$!
-$! default ssleay.cnf file has setup as per the following
-$! demoCA ... where everything is stored
-$
-$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
-$
-$ DAYS = "-days 365"
-$ REQ = openssl + " req " + SSLEAY_CONFIG
-$ CA = openssl + " ca " + SSLEAY_CONFIG
-$ VERIFY = openssl + " verify"
-$ X509 = openssl + " x509"
-$ PKCS12 = openssl + " pkcs12"
-$ echo = "write sys$Output"
-$ RET = 1
-$!
-$! 2010-12-20 SMS.
-$! Use a concealed logical name to reduce command line lengths, to
-$! avoid DCL errors on VAX:
-$! %DCL-W-TKNOVF, command element is too long - shorten
-$! (Path segments like "openssl-1_0_1-stable-SNAP-20101217" accumulate
-$! quickly.)
-$!
-$ CATOP = F$PARSE( F$ENVIRONMENT( "DEFAULT"), "[]")- "].;"+ ".demoCA.]"
-$ define /translation_attributes = concealed CATOP 'CATOP'
-$!
-$ on error then goto clean_up
-$ on control_y then goto clean_up
-$!
-$ CAKEY = "CATOP:[private]cakey.pem"
-$ CACERT = "CATOP:[000000]cacert.pem"
-$
-$ __INPUT := SYS$COMMAND
-$!
-$ i = 1
-$opt_loop:
-$ if i .gt. 8 then goto opt_loop_end
-$
-$ prog_opt = F$EDIT(P'i',"lowercase")
-$
-$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help")
-$ THEN
-$ echo "usage: CA -newcert|-newreq|-newca|-sign|-verify"
-$ goto clean_up
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-input")
-$ THEN
-$ ! Get input from somewhere other than SYS$COMMAND
-$ i = i + 1
-$ __INPUT = P'i'
-$ GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-newcert")
-$ THEN
-$ ! Create a certificate.
-$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$ REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
-$ RET=$STATUS
-$ echo "Certificate (and private key) is in newreq.pem"
-$ GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-newreq")
-$ THEN
-$ ! Create a certificate request
-$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$ REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
-$ RET=$STATUS
-$ echo "Request (and private key) is in newreq.pem"
-$ GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-newca")
-$ THEN
-$ ! If explicitly asked for or it doesn't exist then setup the directory
-$ ! structure that Eric likes to manage things.
-$ IF F$SEARCH( "CATOP:[000000]serial.") .EQS. ""
-$ THEN
-$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[000000]
-$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[certs]
-$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[crl]
-$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[newcerts]
-$ CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[private]
-$
-$ OPEN /WRITE ser_file CATOP:[000000]serial.
-$ WRITE ser_file "01"
-$ CLOSE ser_file
-$ APPEND /NEW_VERSION NL: CATOP:[000000]index.txt
-$
-$ ! The following is to make sure access() doesn't get confused. It
-$ ! really needs one file in the directory to give correct answers...
-$ COPY NLA0: CATOP:[certs].;
-$ COPY NLA0: CATOP:[crl].;
-$ COPY NLA0: CATOP:[newcerts].;
-$ COPY NLA0: CATOP:[private].;
-$ ENDIF
-$!
-$ IF F$SEARCH( CAKEY) .EQS. ""
-$ THEN
-$ READ '__INPUT' FILE -
- /PROMPT="CA certificate filename (or enter to create): "
-$ IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "")
-$ THEN
-$ COPY 'FILE' 'CAKEY'
-$ RET=$STATUS
-$ ELSE
-$ echo "Making CA certificate ..."
-$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$ REQ -new -x509 -keyout 'CAKEY' -out 'CACERT' 'DAYS'
-$ RET=$STATUS
-$ ENDIF
-$ ENDIF
-$ GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-pkcs12")
-$ THEN
-$ i = i + 1
-$ cname = P'i'
-$ IF cname .EQS. "" THEN cname = "My certificate"
-$ PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CACERT' -
- -out newcert.p12 -export -name "''cname'"
-$ RET=$STATUS
-$ goto clean_up
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-xsign")
-$ THEN
-$!
-$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$ CA -policy policy_anything -infiles newreq.pem
-$ RET=$STATUS
-$ GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
-$ THEN
-$!
-$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$ CA -policy policy_anything -out newcert.pem -infiles newreq.pem
-$ RET=$STATUS
-$ type newcert.pem
-$ echo "Signed certificate is in newcert.pem"
-$ GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-signcert")
-$ THEN
-$!
-$ echo "Cert passphrase will be requested twice - bug?"
-$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$ X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
-$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$ CA -policy policy_anything -out newcert.pem -infiles tmp.pem
-y
-y
-$ type newcert.pem
-$ echo "Signed certificate is in newcert.pem"
-$ GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-verify")
-$ THEN
-$!
-$ i = i + 1
-$ IF (p'i' .EQS. "")
-$ THEN
-$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$ VERIFY "-CAfile" 'CACERT' newcert.pem
-$ ELSE
-$ j = i
-$ verify_opt_loop:
-$ IF j .GT. 8 THEN GOTO verify_opt_loop_end
-$ IF p'j' .NES. ""
-$ THEN
-$ DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$ __tmp = p'j'
-$ VERIFY "-CAfile" 'CACERT' '__tmp'
-$ tmp=$STATUS
-$ IF tmp .NE. 0 THEN RET=tmp
-$ ENDIF
-$ j = j + 1
-$ GOTO verify_opt_loop
-$ verify_opt_loop_end:
-$ ENDIF
-$
-$ GOTO opt_loop_end
-$ ENDIF
-$!
-$ IF (prog_opt .NES. "")
-$ THEN
-$!
-$ echo "Unknown argument ''prog_opt'"
-$ RET = 3
-$ goto clean_up
-$ ENDIF
-$
-$opt_loop_continue:
-$ i = i + 1
-$ GOTO opt_loop
-$
-$opt_loop_end:
-$!
-$clean_up:
-$!
-$ if f$trnlnm( "CATOP", "LNM$PROCESS") .nes. "" then -
- deassign /process CATOP
-$!
-$ EXIT 'RET'
projects / cassiopeia.git / blobdiff