blob: e87431625951c289993b2e3c73328eb080bdc6dc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
#!/usr/bin/perl -w
#
# Module: gen_local_rsa_key.pl
#
# **** License ****
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# This code was originally developed by Vyatta, Inc.
# Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc.
# All Rights Reserved.
#
# Author: Stig Thormodsrud
# Date: 2007
# Description: Utility to generate a local RSA key.
#
# **** End License ****
#
use strict;
use warnings;
use lib "/opt/vyatta/share/perl5/";
use Vyatta::VPN::Util;
use Vyatta::Misc qw(get_short_config_path);
# Defaults
my $bits = 2192;
if ($#ARGV > 1) {
die "Usage: gen_local_rsa_key.pl <bits> <device>\n";
}
$bits = $ARGV[0] if $#ARGV >= 0;
my ($bits_min, $bits_max) = (16, 4096);
if ($bits > $bits_max) {
die "bits must be <= $bits_max\n";
}
if ($bits < $bits_min) {
die "bits must be >= $bits_min\n";
}
if ($bits % 16 != 0) {
die "bits=$bits is not a multiple of 16\n";
}
my $local_key_file = rsa_get_local_key_file();
my ($cmd, $rc);
if (-r $local_key_file) {
$| =1; # force a flush
print "A local RSA key file already exists and will be overwritten\n";
print "<CTRL>C to exit: ";
my $loop = 9;
while ($loop) {
print "\b$loop";
sleep 1;
$loop--;
}
print "\n";
} else {
my ($dirpath) = ($local_key_file =~ m#^(.*/)?.*#s);
$cmd = "mkdir -p $dirpath";
$rc = system($cmd);
if ($rc != 0 ) {
die "Cannot mkdir $dirpath $!\n";
}
}
# Remove the temporary file used to hold the new key if it already exists
# as this can cause invalid key generation if a previous run has been
# aborted.
my $temp_key_file = $local_key_file.".new";
if (-e $temp_key_file) {
$cmd = "rm $temp_key_file";
vpn_debug $cmd;
$rc = system($cmd);
if ($rc != 0) {
die "Cannot remove temporary key file $!\n";
}
}
$cmd = "/usr/bin/openssl genrsa -out $local_key_file $bits";
# when presenting to users, show shortened /config path
my $shortened_cfg_path_file = get_short_config_path($local_key_file);
print "Generating rsa-key to $shortened_cfg_path_file\n";
vpn_debug $cmd;
$rc = system($cmd);
if ($rc != 0) {
die "Can not generate RSA key: $!\n";
}
my $file_pubkey = rsa_get_local_pubkey($local_key_file);
if ($file_pubkey ne 0) {
print "\nYour new local RSA key has been generated\n";
print "The public portion of the key is:\n\n$file_pubkey\n\n";
$cmd = "ipsec rereadall 2> /dev/null";
vpn_debug $cmd;
system $cmd;
exit 0;
}
die "Can not find pubkey\n";
|
