blob: 79c555cc9d1093b91d3fcd306ef7d2eb1e5932fc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
#! /usr/bin/perl -W
# by Mike Schiraldi <raldi@research.netsol.com>
use strict;
use Expect;
sub run ($;$ );
umask 077; # probably not necc. but can't hurt
my $tmpdir = "/tmp/smime_keys_test-$$-" . time;
mkdir $tmpdir or die;
chdir $tmpdir or die;
open TMP, '>muttrc' or die;
print TMP <<EOF;
set smime_ca_location="$tmpdir/ca-bundle.crt"
set smime_certificates="$tmpdir/certificates"
set smime_keys="$tmpdir/keys"
EOF
close TMP;
$ENV{MUTT_CMDLINE} = "mutt -F $tmpdir/muttrc";
# make a user key
run 'smime_keys init';
run 'openssl genrsa -out user.key 1024';
# make a request for this key to be signed
run 'openssl req -new -key user.key -out newreq.pem', "\n\nx\n\nx\nx\nuser\@smime.mutt\n\nx\n";
mkdir 'demoCA' or die;
mkdir 'demoCA/certs' or die;
mkdir 'demoCA/crl' or die;
mkdir 'demoCA/newcerts' or die;
mkdir 'demoCA/private' or die;
open OUT, '>demoCA/serial' or die;
print OUT "01\n";
close OUT;
open OUT, '>demoCA/index.txt' or die;
close OUT;
# make the CA
run 'openssl req -new -x509 -keyout demoCA/private/cakey.pem -out demoCA/cacert.pem -days 7300 -nodes',
"\n\nx\n\nx\nx\n\n";
# trust it
run 'smime_keys add_root demoCA/cacert.pem', "root_CA\n";
# have the CA process the request
run 'openssl ca -batch -startdate 000101000000Z -enddate 200101000000Z -days 7300 ' .
'-policy policy_anything -out newcert.pem -infiles newreq.pem';
unlink 'newreq.pem' or die;
# put it all in a .p12 bundle
run 'openssl pkcs12 -export -inkey user.key -in newcert.pem -out cert.p12 -CAfile demoCA/cacert.pem -chain', "pass1\n" x 2;
unlink 'newcert.pem' or die;
unlink 'demoCA/cacert.pem' or die;
unlink 'demoCA/index.txt' or die;
unlink 'demoCA/index.txt.old' or die;
unlink 'demoCA/serial' or die;
unlink 'demoCA/serial.old' or die;
unlink 'demoCA/newcerts/01.pem' or die;
unlink 'demoCA/private/cakey.pem' or die;
rmdir 'demoCA/certs' or die;
rmdir 'demoCA/crl' or die;
rmdir 'demoCA/private' or die;
rmdir 'demoCA/newcerts' or die;
rmdir 'demoCA' or die;
# have smime_keys process it
run 'smime_keys add_p12 cert.p12', "pass1\n" . "pass2\n" x 2 . "old_label\n";
unlink 'cert.p12' or die;
# make sure it showed up
run 'smime_keys list > list';
open IN, 'list' or die;
<IN> eq "\n" or die;
<IN> =~ /^(.*)\: Issued for\: user\@smime\.mutt \"old_label\" \(Unverified\)\n/ or die;
close IN;
my $keyid = $1;
# see if we can rename it
run "smime_keys label $keyid", "new_label\n";
# make sure it worked
run 'smime_keys list > list';
open IN, 'list' or die;
<IN> eq "\n" or die;
<IN> =~ /^$keyid\: Issued for\: user\@smime\.mutt \"new_label\" \(Unverified\)\n/ or die;
close IN;
unlink 'list' or die;
# try signing something
run "openssl smime -sign -signer certificates/$keyid -inkey user.key -in /etc/passwd -certfile certificates/37adefc3.0 > signed";
unlink 'user.key' or die;
# verify it
run 'openssl smime -verify -out /dev/null -in signed -CAfile ca-bundle.crt';
unlink 'signed' or die;
# clean up
unlink 'ca-bundle.crt' or die;
unlink 'muttrc' or die;
unlink 'keys/.index' or die;
unlink 'certificates/.index' or die;
unlink <keys/*> or die;
unlink <certificates/*> or die;
rmdir 'keys' or die;
rmdir 'certificates' or die;
chdir '/' or die;
rmdir $tmpdir or die;
sub run ($;$) {
my $cmd = shift or die;
my $input = shift;
print "\n\nRunning [$cmd]\n";
my $exp = Expect->spawn ($cmd);
if (defined $input) {
print $exp $input;
}
$exp->soft_close;
$? and die "$cmd returned $?";
}
|
