diff options
| author | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2014-10-30 19:49:23 -0700 |
|---|---|---|
| committer | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2014-10-30 19:49:23 -0700 |
| commit | 1d0c4358c9bfb8d2748409fdb8da7c841adff4e3 (patch) | |
| tree | 157bd63c78075459d3479e4cadf82d4e8b69b1ad | |
| parent | 2189d6db2f21dafe9a99c9e2e820b22ae6969b64 (diff) | |
| download | cash-1d0c4358c9bfb8d2748409fdb8da7c841adff4e3.tar.gz cash-1d0c4358c9bfb8d2748409fdb8da7c841adff4e3.zip | |
contrib: Adding keygen.rb
| -rw-r--r-- | README.txt | 8 | ||||
| -rw-r--r-- | contrib/keygen.rb | 67 |
2 files changed, 73 insertions, 2 deletions
@@ -10,10 +10,14 @@ edit local.cfg to your liking, run ./genca.sh, then do one of * sign an existing CSR with ./signcsr csrfile * ./signcsr will execute, if available, ./post-sign with the DER path as an argument +A CGI for getting browsers to generate keys and send CSRs in SPKAC form is available as + + contrib/keygen.rb + Updates are available from -git://piny.be/cash +<git://piny.be/cash> Author is available at -jrayhawk+cash@omgwallhack.org + jrayhawk+cash@omgwallhack.org diff --git a/contrib/keygen.rb b/contrib/keygen.rb new file mode 100644 index 0000000..7f154f4 --- /dev/null +++ b/contrib/keygen.rb @@ -0,0 +1,67 @@ +#!/usr/bin/ruby +# Takes <keygen> input and emails somebody with an inline SPKAC request +# +# Certificates are automatically imported if they are served to clients over http with +# Content-type: application/x-x509-user-cert +# +# Some Webkit browsers, notably Chrome, don't understand PEM. Use DER. + +# Redefine these: + +localpart = 'jerks' +hostname = 'example.com' + +require 'cgi' + +cgi = CGI.new + +# Depending on how you access the form variables will depend on the results you get. +# 1. An explicit request in 1.8.x of form cgi['myvar'] returns a string +# 2. pre 1.8.x it returns an array +# 3. If you use the form cgi.params it returns a hash +# 4. If your form happens to include file upload (e.g. contains <input type="file"> and an 'enctype="multipart/form-data"') then +# * if the file size is > 10240 bytes ALL variables are created as Tempfiles +# * if < 10240 they are StringIO objects. + +# StringIO and Tempfile both support the 'read' method, so all that's left is String... +class String + def read( ) + self + end +end + +print 'Content-type: text/plain + +' + +spkac = String.new + +['SPKAC', 'C', 'ST', 'L', 'O', 'OU', 'CN', 'emailAddress'].each do |dn| + if defined?(cgi.params[dn][0].read) && cgi.params[dn][0].read =~ /./ + spkac << "#{dn}=#{cgi.params[dn][0].read.gsub(/\r|\n/, '')}\n" + else + print "Warning: Variable #{dn} is invalid or missing. It will not be included in your request. If this is in error, please correct and resubmit.\n" + end +end + +if spkac =~ /^SPKAC/ + IO.popen('/usr/sbin/sendmail -t', mode='w') { |mail| + mail.write( +"To: #{localpart}@#{hostname} +From: spkac form <root@#{hostname}> +Subject: SPKAC request +MIME-Version: 1.0 +Content-Type: text/plain; charset=us-ascii + +#{ENV['REMOTE_ADDR']} #{ENV['HTTP_USER_AGENT']} + +#{spkac} +" + ) + } + print "\nThe following SPKAC request has been emailed to your friendly neighbourhood admins, who will look it over, possibly sign it and give you a link to a shiny new certificate:\n\n" + print spkac + +else + print "Error: SPKAC public key is missing. Correct and resubmit." +end |