UNPKG

mecano

Version:

Common functions for system deployment.

www.adaltas.com/projects/node-mecano/

wdavidw/node-mecano

73 lines (70 loc) 4.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
// Generated by CoffeeScript 1.11.1 var path; module.exports = function(options) { var files, tmp_location; if (!options.keystore) { throw Error("Required option 'keystore'"); } if (!options.storepass) { throw Error("Required option 'storepass'"); } if (options.cert && !options.key) { throw Error("Required option 'key' for certificate"); } if (options.cert && !options.keypass) { throw Error("Required option 'keypass' for certificate"); } if (options.cert && !options.name) { throw Error("Required option 'name' for certificate"); } if (!options.caname) { throw Error("Required option 'caname'"); } if (!options.cacert) { throw Error("Required option 'cacert'"); } tmp_location = "/tmp/mecano_java_keystore_" + (Date.now()); files = { cert: (options.cert != null) && options.local ? tmp_location + "/" + (path.basename(options.cert)) : options.cert, cacert: options.local ? tmp_location + "/" + (path.basename(options.cacert)) : options.cacert, key: (options.key != null) && options.local ? tmp_location + "/" + (path.basename(options.key)) : options.key }; this.mkdir({ target: "" + tmp_location, mode: 0x180, shy: true }); this.file.download({ "if": options.local && options.cacert, source: options.cacert, target: files.cacert, mode: 0x180, shy: true }); this.file.download({ "if": options.local && options.cert, source: options.cert, target: files.cert, mode: 0x180, shy: true }); this.file.download({ "if": options.local && options.key, source: options.key, target: files.key, mode: 0x180, shy: true }); return this.execute({ cmd: "mkdir -p -m 700 " + tmp_location + "\nuser=`openssl x509 -noout -in \"" + files.cert + "\" -md5 -fingerprint | sed 's/\\(.*\\)=\\(.*\\)/\\2/' | cat`\nkeystore=`keytool -list -v -keystore " + options.keystore + " -alias " + options.name + " -storepass " + options.storepass + " | grep MD5: | sed -E 's/.+MD5: +(.*)/\\1/'`\necho \"User Certificate: $user\"\necho \"Keystore Certificate: $keystore\"\nif [[ \"$user\" == \"$keystore\" ]]; then exit 3; fi\n# Create a PKCS12 file that contains key and certificate\nopenssl pkcs12 -export -in \"" + files.cert + "\" -inkey \"" + files.key + "\" -out \"" + tmp_location + "/pkcs12\" -name " + options.name + " -CAfile \"" + tmp_location + "/cacert\" -caname " + options.caname + " -password pass:" + options.keypass + "\n# Import PKCS12 into keystore\nkeytool -noprompt -importkeystore -destkeystore " + options.keystore + " -deststorepass " + options.storepass + " -destkeypass " + options.keypass + " -srckeystore \"" + tmp_location + "/pkcs12\" -srcstoretype PKCS12 -srcstorepass " + options.keypass + " -alias " + options.name, "if": !!options.cert, code_skipped: 3 }).execute({ cmd: "cleanup () { rm -rf " + tmp_location + "; }\n# Check password\nif [ -f " + options.keystore + " ] && ! keytool -list -keystore " + options.keystore + " -storepass " + options.storepass + " >/dev/null; then\n # Keystore password is invalid, change it manually with:\n # keytool -storepasswd -keystore " + options.keystore + " -storepass " + options.storepass + "\n cleanup; exit 2\nfi\n# Read user CACert signature\nuser=`openssl x509 -noout -in \"" + files.cacert + "\" -md5 -fingerprint | sed 's/\\(.*\\)=\\(.*\\)/\\2/'`\n# Read registered CACert signature\nkeystore=`keytool -list -v -keystore " + options.keystore + " -alias " + options.caname + " -storepass " + options.storepass + " | grep MD5: | sed -E 's/.+MD5: +(.*)/\\1/'`\necho \"User CACert: $user\"\necho \"Keystore CACert: $keystore\"\nif [[ \"$user\" == \"$keystore\" ]]; then exit 3; fi\n# Remove CACert if signature doesnt match\nif [[ \"$keystore\" != \"\" ]]; then\n keytool -delete -keystore " + options.keystore + " -storepass " + options.storepass + " -alias " + options.caname + "\nfi\n# Import CACert\nkeytool -noprompt -importcert -keystore " + options.keystore + " -storepass " + options.storepass + " -alias " + options.caname + " -file " + files.cacert, code_skipped: 3 }).remove({ target: "" + tmp_location, shy: true }); }; path = require('path');