UNPKG

mecano

Version:

Common functions for system deployment.

www.adaltas.com/projects/node-mecano/

wdavidw/node-mecano

43 lines (39 loc) 3.54 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
// Generated by CoffeeScript 1.9.1 var execute; module.exports = function(options, callback) { var tmp_location; if (options.cert && !options.key) { return callback(new Error("Required option 'key' for certificate")); } if (options.cert && !options.keypass) { return callback(new Error("Required option 'keypass' for certificate")); } if (options.cert && !options.name) { return callback(new Error("Required option 'name' for certificate")); } if (!options.keystore) { return callback(new Error("Required option 'keystore'")); } if (!options.storepass) { return callback(new Error("Required option 'storepass'")); } if (!options.caname) { return callback(new Error("Required option 'caname'")); } /* Keystore only has one password. You can change it using keytool: keytool -storepasswd -keystore my.keystore To change the key's password: keytool -keypasswd -alias <key_name> -keystore my.keystore */ tmp_location = "/tmp/mecano_java_keystore_" + (Date.now()); return this.execute({ cmd: "cleanup () { rm -rf tmp_location; }\nmkdir -p -m 700 " + tmp_location + "\nuser=`openssl x509 -noout -in \"" + options.cert + "\" -md5 -fingerprint | sed 's/\\(.*\\)=\\(.*\\)/\\2/' | cat`\nkeystore=`keytool -list -v -keystore " + options.keystore + " -alias " + options.name + " -storepass " + options.storepass + " | grep MD5: | sed -E 's/.+MD5: +(.*)/\\1/'`\necho \"User Certificate: $user\"\necho \"Keystore Certificate: $keystore\"\nif [[ \"$user\" == \"$keystore\" ]]; then cleanup; exit 3; fi\n# Create a PKCS12 file that contains key and certificate\nopenssl pkcs12 -export -in \"" + options.cert + "\" -inkey \"" + options.key + "\" -out \"" + tmp_location + "/pkcs12\" -name " + options.name + " -CAfile \"" + tmp_location + "/cacert\" -caname " + options.caname + " -password pass:" + options.keypass + "\n# Import PKCS12 into keystore\nkeytool -noprompt -importkeystore -destkeystore " + options.keystore + " -deststorepass " + options.storepass + " -destkeypass " + options.keypass + " -srckeystore \"" + tmp_location + "/pkcs12\" -srcstoretype PKCS12 -srcstorepass " + options.keypass + " -alias " + options.name + "\ncleanup", "if": !!options.cert, code_skipped: 3 }).execute({ cmd: "# Check password\nif [ -f " + options.keystore + " ] && ! keytool -list -keystore " + options.keystore + " -storepass " + options.storepass + " >/dev/null; then\n # Keystore password is invalid, change it manually with:\n # keytool -storepasswd -keystore " + options.keystore + " -storepass " + options.storepass + "\n exit 2\nfi\n# Read user CACert signature\nuser=`openssl x509 -noout -in \"" + options.cacert + "\" -md5 -fingerprint | sed 's/\\(.*\\)=\\(.*\\)/\\2/'`\n# Read registered CACert signature\nkeystore=`keytool -list -v -keystore " + options.keystore + " -alias " + options.caname + " -storepass " + options.storepass + " | grep MD5: | sed -E 's/.+MD5: +(.*)/\\1/'`\necho \"User CACert: $user\"\necho \"Keystore CACert: $keystore\"\nif [[ \"$user\" == \"$keystore\" ]]; then exit 3; fi\n# Remove CACert if signature doesnt match\nif [[ \"$keystore\" != \"\" ]]; then\n keytool -delete -keystore " + options.keystore + " -storepass " + options.storepass + " -alias " + options.caname + "\nfi\n# Import CACert\nkeytool -noprompt -importcert -keystore " + options.keystore + " -storepass " + options.storepass + " -alias " + options.caname + " -file " + options.cacert, code_skipped: 3 }).then(callback); }; execute = require('./execute');