Context Navigation

← Previous Change
Next Change →

branches

Timestamp:

04/08/08 00:07:10 (8 months ago)

Author:

mizzy

Message:

lang/perl/Punc: SSL まわり実装（まだ途中だけど一度commit）

Location:

lang/perl/Punc/branches/ssl

Files:

: 4 added
: 1 removed
: 9 modified

. (modified) (1 prop)
bin (modified) (1 prop)
bin/puncd (modified) (1 diff)
bin/puncmasterd (modified) (2 diffs)
etc (modified) (1 prop)
etc/puncd.yaml (added)
lib/Punc.pm (modified) (1 diff)
lib/Punc/ConfigLoader.pm (added)
lib/Punc/Master/CA.pm (added)
lib/Punc/Master/CSR.pm (added)
lib/Punc/Master/Daemon.pm (modified) (5 diffs)
lib/Punc/Slave/Daemon.pm (modified) (1 diff)
lib/Punc/Util.pm (deleted)
t/97_podspell.t (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

lang/perl/Punc/branches/ssl
- Property svn:ignore set to
  META.yml
  Makefile.old
  _Inline
  inc
lang/perl/Punc/branches/ssl/bin
- Property svn:ignore set to
  _Inline

lang/perl/Punc/branches/ssl/bin/puncd

r8679	r9096
6	6	use File::Spec;
7	7	use lib File::Spec->catdir("$FindBin::Bin/..", 'lib');
	8	use Punc;
8	9	use Punc::Slave::Daemon;
9	10	use Getopt::Long;
10
11		~~my $port = 7080~~;
	11	use Punc::ConfigLoader;
	12	use File::Path;
12	13
13	14	GetOptions(
14		'--port=s' => $port,
	15	'--port=i' => \my $port,
	16	'--confdir=s' => \my $confdir,
15	17	);
16	18
17		my $daemon = Punc::Slave::Daemon->new({ port => $port });
	19	$port \|\|= 7080;
	20	$confdir \|\|= "$FindBin::Bin/../etc";
	21
	22	mkpath($confdir) unless -d $confdir;
	23
	24	my $yaml = File::Spec->catfile($confdir, 'puncd.yaml');
	25
	26	my $conf = -f $yaml ? Punc::ConfigLoader->new->load($yaml) : {};
	27
	28	my $daemon = Punc::Slave::Daemon->new({
	29	port => $port,
	30	confdir => $confdir,
	31	conf => $conf,
	32	context => Punc->new->context,
	33	});
	34
18	35	$daemon->run;
19
20
21

lang/perl/Punc/branches/ssl/bin/puncmasterd

r8679	r9096
6	6	use File::Spec;
7	7	use lib File::Spec->catdir("$FindBin::Bin/..", 'lib');
	8	use Punc;
8	9	use Punc::Master::Daemon;
9	10	use Getopt::Long;
…	…
20	21	port => $port,
21	22	confdir => $confdir,
	23	context => Punc->new->context,
22	24	});
23	25

lang/perl/Punc/branches/ssl/etc
- Property svn:ignore set to
  *.cert
  *.key
  *.csr

lang/perl/Punc/branches/ssl/lib/Punc.pm

r8644	r9096
4	4	use warnings;
5	5	our $VERSION = '0.01';
	6
	7	use Pfacter;
	8	use UNIVERSAL::require;
	9
	10	my $context;
	11	sub context {
	12	$context = $_[1] if $_[1];
	13	return $context;
	14	}
	15
	16	sub new {
	17	my $class = shift;
	18	my $self = bless {}, $class;
	19	$self->context($self);
	20	}
	21
	22	sub fact {
	23	my ( $self, $fact ) = @_;
	24
	25	foreach ( qw( kernel operatingsystem hostname domain ) ) {
	26	$self->{'pfact'}->{$_} = $self->_pfact( $_ );
	27	}
	28
	29	return $self->_pfact($fact);
	30	}
	31
	32	sub _pfact {
	33	my $self = shift;
	34	my $module = shift;
	35
	36	return $self->{'pfact'}->{lc( $module )}
	37	if $self->{'pfact'}->{lc( $module )};
	38
	39	$module = 'Pfacter::' . lc $module;
	40	$module->require or die $@;
	41
	42	my $pfact = $module->pfact($self);
	43	chomp $pfact;
	44	return $pfact;
	45	}
6	46
7	47	1;

lang/perl/Punc/branches/ssl/lib/Punc/Master/Daemon.pm

r8679	r9096
4	4	use warnings;
5	5	use base qw( Punc::Daemon );
6		~~use Punc::Util;~~
7	6	use File::Spec;
	7	use File::Path;
	8	use Punc::Master::CA;
8	9	use Crypt::OpenSSL::CA;
9	10	use Crypt::OpenSSL::RSA;
…	…
13	14	my $self = $class->SUPER::new(@_);
14	15
15		$self->_find_or_create_ca_cert;
	16	$self->{ca} = Punc::Master::CA->new;
	17
	18	$self->_find_or_create_ca_cert($self->{context});
16	19
17	20	return $self;
…	…
19	22
20	23	sub _find_or_create_ca_cert {
21		my $self = shift;
22		my $cert = File::Spec->catfile($self->{confdir}, 'ca.cert');
	24	my ( $self, $c ) = @_;
	25
	26	$self->{ssldir} = File::Spec->catdir($self->{confdir}, 'ssl');
	27	$self->{cadir} = File::Spec->catdir($self->{ssldir}, 'ca');
	28	unless ( -d $self->{cadir} ) {
	29	mkpath($self->{cadir});
	30	chmod 0700, $self->{cadir};
	31	}
	32
	33	my $cert = File::Spec->catfile($self->{cadir}, 'ca.cert');
23	34	unless ( -f $cert ) {
24		$self->_create_self_signed_cert;
	35	$self->_create_self_signed_cert($c);
25	36	}
26	37	}
27	38
28	39	sub _create_self_signed_cert {
29		my ~~$self = shift~~;
	40	my ( $self, $c ) = @_;
30	41
	42	# 鍵作成
31	43	my $rsa = Crypt::OpenSSL::RSA->generate_key(1024);
32
33		open my $out, '>', File::Spec->catfile($self->{confdir}, 'ca.key') or die $!;
	44	open my $out, '>', File::Spec->catfile($self->{cadir}, 'ca.key') or die $!;
34	45	print $out $rsa->get_private_key_string;
35	46	close $out;
36	47
37		~~my $dn = Crypt::OpenSSL::CA::X509_NAME->new( CN => Punc::Util->fact('fqdn') );~~
38	48	my $privkey = Crypt::OpenSSL::CA::PrivateKey->parse($rsa->get_private_key_string);
39	49	my $pubkey = $privkey->get_public_key;
40	50
	51	# 自己署名証明書作成
	52	my $dn = Crypt::OpenSSL::CA::X509_NAME->new( CN => $c->fact('fqdn') );
41	53	my $x509 = Crypt::OpenSSL::CA::X509->new($pubkey);
42	54
…	…
45	57	$x509->set_issuer_DN($dn);
46	58
	59	### TODO: 有効期限の設定
	60
47	61	my $pem = $x509->sign($privkey, 'sha1');
48		open my $cert, '>', File::Spec->catfile($self->{c~~onf~~dir}, 'ca.cert') or die $!;
	62	open my $cert, '>', File::Spec->catfile($self->{cadir}, 'ca.cert') or die $!;
49	63	print $cert $pem;
50	64	close $cert;
…	…
55	69	my ( $self, $module, $method, $args ) = @_;
56	70
57		my $res;
58		if ( $method eq 'description' ) {
59		$res = $module->description;
60		}
61		else {
62		my $obj = $module->new;
63		$res = $obj->exec($method, $args);
64		}
	71	# CSR 取得
	72	my $csr = $args->{csr};
65	73
66		return $res;
	74	my $csrdir = File::Spec->catdir($self->{ssldir}, 'csrs');
	75	mkpath($csrdir) unless -d $csrdir;
	76
	77	Punc::Master::CA->save_csr({
	78	csr => $csr,
	79	dir => $csrdir,
	80	});
	81
	82
	83	### TODO: 一度自己署名証明書をつくってもらって、sign しなおした方が早い？
	84	### TODO: 署名は puncmaster-ca コマンドでやるので、ここではやらない
	85	### TODO: 自動署名
	86
67	87	}
68	88
	89
69	90	1;

lang/perl/Punc/branches/ssl/lib/Punc/Slave/Daemon.pm

r8679	r9096
3	3	use strict;
4	4	use warnings;
	5	use File::Spec;
	6	use Crypt::OpenSSL::PKCS10 qw( :const );
	7	use JSON::RPC::Client;
	8	use JSON;
	9	use File::Path;
5	10
6	11	use base qw( Punc::Daemon );
	12
	13	sub new {
	14	my $class = shift;
	15	my $self = $class->SUPER::new(@_);
	16
	17	$self->_find_or_request_cert($self->{context});
	18
	19	return $self;
	20	}
	21
	22	sub _find_or_request_cert {
	23	my ( $self, $c ) = @_;
	24
	25	$self->{ssldir} = File::Spec->catdir($self->{confdir}, 'ssl');
	26	$self->{certdir} = File::Spec->catdir($self->{ssldir}, 'certs');
	27	$self->{keydir} = File::Spec->catdir($self->{ssldir}, 'keys');
	28	$self->{csrdir} = File::Spec->catdir($self->{ssldir}, 'csrs');
	29
	30	mkpath($self->{certdir}) unless -d $self->{certdir};
	31	mkpath($self->{csrdir}) unless -d $self->{csrdir};
	32	unless ( -d $self->{keydir} ) {
	33	mkpath($self->{keydir});
	34	chmod 0700, $self->{keydir};
	35	}
	36
	37	my $cert = File::Spec->catfile($self->{certdir}, $c->fact('fqdn') . '.cert');
	38	unless ( -f $cert ) {
	39	$self->_request_cert($c);
	40	}
	41	}
	42
	43	sub _request_cert {
	44	my ( $self, $c ) = @_;
	45
	46	my $req = Crypt::OpenSSL::PKCS10->new;
	47	my $fqdn = $c->fact('fqdn');
	48	$req->set_subject("/CN=$fqdn");
	49	$req->sign();
	50
	51	$req->write_pem_req( File::Spec->catfile( $self->{csrdir}, "${fqdn}.csr" ) );
	52	$req->write_pem_pk( File::Spec->catfile( $self->{keydir}, "${fqdn}.key" ) );
	53
	54	my $client = JSON::RPC::Client->new;
	55	my $host = $self->{conf}->{puncmaster_host} \|\| 'localhost';
	56	my $port = $self->{conf}->{puncmaster_port} \|\| 7081;
	57	my $url = "http://$host:$port/cert";
	58
	59	my $callobj = {
	60	method => 'request',
	61	params => { csr => $req->get_pem_req() },
	62	};
	63
	64	my $res = $client->call($url, $callobj);
	65
	66	if( $res ) {
	67	warn $res->content
	68	}
	69	else {
	70	warn 'error';
	71	}
	72	}
7	73
8	74	sub handle_request {

lang/perl/Punc/branches/ssl/t/97_podspell.t

r8644	r9096
8	8	Gosuke Miyashita
9	9	Punc
	10	TODO
	11	Facter
	12	punc
	13

Context Navigation

Changeset 9096 for lang/perl/Punc/branches

Legend:

Download in other formats: