moves the config to lower directory, makes the keys generate automatically

This commit is contained in:
Timothy Prepscius 2013-09-05 15:36:14 -04:00
parent 9fc52be1a8
commit 32dab58ffe
33 changed files with 606 additions and 25 deletions

1
build/comma Normal file
View File

@ -0,0 +1 @@
,

View File

@ -4,7 +4,7 @@ set -x
V=$1 V=$1
M=$2 M=$2
APP_TITLE=`cat ../deploy/config/title` APP_TITLE=`cat ../config/title`
dst=www dst=www
cmn_src=../web/common cmn_src=../web/common

View File

@ -4,10 +4,10 @@ V=$1
M=$2 M=$2
dst=www dst=www
HOST_PRIMARY=`cat ../deploy/config/hosts/$M` HOST_PRIMARY=`cat ../config/hosts/$M`
HOST_AUTH=`cat ../deploy/config/hosts/auth_$M` HOST_AUTH=`cat ../config/hosts/auth_$M`
HOST_TOMCAT=`cat ../deploy/config/hosts/tomcat_$M` HOST_TOMCAT=`cat ../config/hosts/tomcat_$M`
HOST_WEB=`cat ../deploy/config/hosts/web_$M` HOST_WEB=`cat ../config/hosts/web_$M`
function replaceStrings() { function replaceStrings() {
sed -i '' -f replace_js_$M.sed $1 sed -i '' -f replace_js_$M.sed $1

1
build/quote Normal file
View File

@ -0,0 +1 @@
"

View File

@ -24,4 +24,8 @@
d d
} }
/{##COMPANY##}/ {
r ../config/company
d
}

View File

@ -4,3 +4,18 @@
d d
} }
/{##TRUSTSTORE_AUTH##}/ {
r quote
r ../config/truststores/auth.jks.b64
r quote
r comma
d
}
/{##TRUSTSTORE_SEND##}/ {
r quote
r ../config/truststores/send.jks.b64
r quote
r comma
d
}

View File

@ -2,3 +2,19 @@
r ../web/common/Link.ConstantsProd.html r ../web/common/Link.ConstantsProd.html
d d
} }
/{##TRUSTSTORE_AUTH##}/ {
r quote
r ../config/truststores/auth.jks.b64
r quote
r comma
d
}
/{##TRUSTSTORE_SEND##}/ {
r quote
r ../config/truststores/send.jks.b64
r quote
r comma
d
}

1
config/company Normal file
View File

@ -0,0 +1 @@
Your Company Inc.

View File

@ -0,0 +1 @@
../../keys/mail/truststore.jks.pem.b64

View File

@ -0,0 +1 @@
../../keys/localrelay/truststore.jks.pem.b64

View File

@ -1,2 +1,2 @@
M_HOST_PROD=`cat config/hosts/web_prod` M_HOST_PROD=`cat ../config/hosts/web_prod`
M_HOST_DEV=`cat config/hosts/web_dev` M_HOST_DEV=`cat ../config/hosts/web_dev`

View File

@ -3,13 +3,15 @@ set -x
sudo ./setup-nginx.remote sudo ./setup-nginx.remote
sudo mkdir -p /var/log/nginx sudo mkdir -p /var/log/nginx
chdown nginx /var/log/nginx
cp sudoers.d-web /etc/sudoers.d/web cp sudoers.d-web /etc/sudoers.d/web
chmod 0440 /etc/sudoers.d/web chmod 0440 /etc/sudoers.d/web
cd /opt/nginx/conf cd /opt/nginx/conf
ln -s /home/web/resources/nginx-ssl.crt ln -fs /home/web/resources/nginx-ssl.crt
ln -s /home/web/resources/nginx-ssl.key ln -fs /home/web/resources/nginx-ssl.key
ln -s /home/web/resources/nginx.conf ln -fs /home/web/resources/nginx.conf
cd /var/local cd /var/local
mkdir www mkdir www

5
keys/clean.autos Executable file
View File

@ -0,0 +1,5 @@
(cd mail && ./clean)
(cd localrelay && ./clean)
(cd key && ./clean)
(cd client && ./clean)
(cd push && ./clean)

3
keys/client/clean Executable file
View File

@ -0,0 +1,3 @@
rm *.jks
rm *.cer
rm *.b64

View File

@ -1,3 +1,5 @@
keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore keystore.jks keytool -genkeypair -alias anonymous -keyalg RSA -keysize 2048 -keystore keystore.jks
keytool -export -alias client -keystore keystore.jks -rfc -file selfsignedcert.cer keytool -export -alias anonymous -keystore keystore.jks -rfc -file selfsignedcert.cer
keytool -import -alias client -file selfsignedcert.cer -keystore truststore.jks keytool -import -alias anonymous -file selfsignedcert.cer -keystore truststore.jks
java -jar ../../build/exported/Tools.jar --export-pem file=truststore.jks

101
keys/client/make.auto Executable file
View File

@ -0,0 +1,101 @@
#!/opt/local/bin/expect -f
#
# This Expect script was generated by autoexpect on Thu Sep 5 10:43:19 2013
# Expect and autoexpect were both written by Don Libes, NIST.
#
# Note that autoexpect does not guarantee a working script. It
# necessarily has to guess about certain things. Two reasons a script
# might fail are:
#
# 1) timing - A surprising number of programs (rn, ksh, zsh, telnet,
# etc.) and devices discard or ignore keystrokes that arrive "too
# quickly" after prompts. If you find your new script hanging up at
# one spot, try adding a short sleep just before the previous send.
# Setting "force_conservative" to 1 (see below) makes Expect do this
# automatically - pausing briefly before sending each character. This
# pacifies every program I know of. The -c flag makes the script do
# this in the first place. The -C flag allows you to define a
# character to toggle this mode off and on.
set force_conservative 0 ;# set to 1 to force conservative mode even if
;# script wasn't run conservatively originally
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg
}
}
#
# 2) differing output - Some programs produce different output each time
# they run. The "date" command is an obvious example. Another is
# ftp, if it produces throughput statistics at the end of a file
# transfer. If this causes a problem, delete these patterns or replace
# them with wildcards. An alternative is to use the -p flag (for
# "prompt") which makes Expect only look for the last line of output
# (i.e., the prompt). The -P flag allows you to define a character to
# toggle this mode off and on.
#
# Read the man page for more info.
#
# -Don
set timeout -1
spawn ./make
match_max 100000
expect -exact "Enter keystore password: "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
expect -exact "\r
What is your first and last name?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your organizational unit?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your organization?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your City or Locality?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your State or Province?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the two-letter country code for this unit?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?\r
\[no\]: "
send -- "yes\r"
expect -exact "yes\r
\r
Enter key password for <anonymous>\r
(RETURN if same as keystore password): "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
expect -exact "\r
Enter keystore password: "
send -- "password\r"
expect -exact "\r
Certificate stored in file <selfsignedcert.cer>\r
Enter keystore password: "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
sleep 1
send -- "yes\r"
expect eof

3
keys/key/clean Executable file
View File

@ -0,0 +1,3 @@
rm *.jks
rm *.cer
rm *.b64

View File

@ -1,3 +1,5 @@
keytool -genkeypair -alias piratekey -keyalg RSA -keysize 2048 -keystore keystore.jks keytool -genkeypair -alias anonymous -keyalg RSA -keysize 2048 -keystore keystore.jks
keytool -export -alias piratekey -keystore keystore.jks -rfc -file selfsignedcert.cer keytool -export -alias anonymous -keystore keystore.jks -rfc -file selfsignedcert.cer
keytool -import -alias piratekey -file selfsignedcert.cer -keystore truststore.jks keytool -import -alias anonymous -file selfsignedcert.cer -keystore truststore.jks
java -jar ../../build/exported/Tools.jar --export-pem file=truststore.jks

101
keys/key/make.auto Executable file
View File

@ -0,0 +1,101 @@
#!/opt/local/bin/expect -f
#
# This Expect script was generated by autoexpect on Thu Sep 5 10:43:19 2013
# Expect and autoexpect were both written by Don Libes, NIST.
#
# Note that autoexpect does not guarantee a working script. It
# necessarily has to guess about certain things. Two reasons a script
# might fail are:
#
# 1) timing - A surprising number of programs (rn, ksh, zsh, telnet,
# etc.) and devices discard or ignore keystrokes that arrive "too
# quickly" after prompts. If you find your new script hanging up at
# one spot, try adding a short sleep just before the previous send.
# Setting "force_conservative" to 1 (see below) makes Expect do this
# automatically - pausing briefly before sending each character. This
# pacifies every program I know of. The -c flag makes the script do
# this in the first place. The -C flag allows you to define a
# character to toggle this mode off and on.
set force_conservative 0 ;# set to 1 to force conservative mode even if
;# script wasn't run conservatively originally
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg
}
}
#
# 2) differing output - Some programs produce different output each time
# they run. The "date" command is an obvious example. Another is
# ftp, if it produces throughput statistics at the end of a file
# transfer. If this causes a problem, delete these patterns or replace
# them with wildcards. An alternative is to use the -p flag (for
# "prompt") which makes Expect only look for the last line of output
# (i.e., the prompt). The -P flag allows you to define a character to
# toggle this mode off and on.
#
# Read the man page for more info.
#
# -Don
set timeout -1
spawn ./make
match_max 100000
expect -exact "Enter keystore password: "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
expect -exact "\r
What is your first and last name?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your organizational unit?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your organization?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your City or Locality?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your State or Province?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the two-letter country code for this unit?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?\r
\[no\]: "
send -- "yes\r"
expect -exact "yes\r
\r
Enter key password for <anonymous>\r
(RETURN if same as keystore password): "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
expect -exact "\r
Enter keystore password: "
send -- "password\r"
expect -exact "\r
Certificate stored in file <selfsignedcert.cer>\r
Enter keystore password: "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
sleep 1
send -- "yes\r"
expect eof

3
keys/localrelay/clean Executable file
View File

@ -0,0 +1,3 @@
rm *.jks
rm *.cer
rm *.b64

View File

@ -1,3 +1,5 @@
keytool -genkeypair -alias localrelay.mailiverse -keyalg RSA -keysize 2048 -keystore keystore.jks keytool -genkeypair -alias anonymous -keyalg RSA -keysize 2048 -keystore keystore.jks
keytool -export -alias localrelay.mailiverse -keystore keystore.jks -rfc -file selfsignedcert.cer keytool -export -alias anonymous -keystore keystore.jks -rfc -file selfsignedcert.cer
keytool -import -alias localrelay.mailiverse -file selfsignedcert.cer -keystore truststore.jks keytool -import -alias anonymous -file selfsignedcert.cer -keystore truststore.jks
java -jar ../../build/exported/Tools.jar --export-pem file=truststore.jks

101
keys/localrelay/make.auto Executable file
View File

@ -0,0 +1,101 @@
#!/opt/local/bin/expect -f
#
# This Expect script was generated by autoexpect on Thu Sep 5 10:43:19 2013
# Expect and autoexpect were both written by Don Libes, NIST.
#
# Note that autoexpect does not guarantee a working script. It
# necessarily has to guess about certain things. Two reasons a script
# might fail are:
#
# 1) timing - A surprising number of programs (rn, ksh, zsh, telnet,
# etc.) and devices discard or ignore keystrokes that arrive "too
# quickly" after prompts. If you find your new script hanging up at
# one spot, try adding a short sleep just before the previous send.
# Setting "force_conservative" to 1 (see below) makes Expect do this
# automatically - pausing briefly before sending each character. This
# pacifies every program I know of. The -c flag makes the script do
# this in the first place. The -C flag allows you to define a
# character to toggle this mode off and on.
set force_conservative 0 ;# set to 1 to force conservative mode even if
;# script wasn't run conservatively originally
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg
}
}
#
# 2) differing output - Some programs produce different output each time
# they run. The "date" command is an obvious example. Another is
# ftp, if it produces throughput statistics at the end of a file
# transfer. If this causes a problem, delete these patterns or replace
# them with wildcards. An alternative is to use the -p flag (for
# "prompt") which makes Expect only look for the last line of output
# (i.e., the prompt). The -P flag allows you to define a character to
# toggle this mode off and on.
#
# Read the man page for more info.
#
# -Don
set timeout -1
spawn ./make
match_max 100000
expect -exact "Enter keystore password: "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
expect -exact "\r
What is your first and last name?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your organizational unit?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your organization?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your City or Locality?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your State or Province?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the two-letter country code for this unit?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?\r
\[no\]: "
send -- "yes\r"
expect -exact "yes\r
\r
Enter key password for <anonymous>\r
(RETURN if same as keystore password): "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
expect -exact "\r
Enter keystore password: "
send -- "password\r"
expect -exact "\r
Certificate stored in file <selfsignedcert.cer>\r
Enter keystore password: "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
sleep 1
send -- "yes\r"
expect eof

3
keys/mail/clean Executable file
View File

@ -0,0 +1,3 @@
rm *.jks
rm *.cer
rm *.b64

View File

@ -1,3 +1,4 @@
keytool -genkeypair -alias piratemail -keyalg RSA -keysize 2048 -keystore keystore.jks keytool -genkeypair -alias anonymous -keyalg RSA -keysize 2048 -keystore keystore.jks
keytool -export -alias piratemail -keystore keystore.jks -rfc -file selfsignedcert.cer keytool -export -alias anonymous -keystore keystore.jks -rfc -file selfsignedcert.cer
keytool -import -alias piratemail -file selfsignedcert.cer -keystore truststore.jks keytool -import -alias anonymous -file selfsignedcert.cer -keystore truststore.jks
java -jar ../../build/exported/Tools.jar --export-pem file=truststore.jks

101
keys/mail/make.auto Executable file
View File

@ -0,0 +1,101 @@
#!/opt/local/bin/expect -f
#
# This Expect script was generated by autoexpect on Thu Sep 5 10:43:19 2013
# Expect and autoexpect were both written by Don Libes, NIST.
#
# Note that autoexpect does not guarantee a working script. It
# necessarily has to guess about certain things. Two reasons a script
# might fail are:
#
# 1) timing - A surprising number of programs (rn, ksh, zsh, telnet,
# etc.) and devices discard or ignore keystrokes that arrive "too
# quickly" after prompts. If you find your new script hanging up at
# one spot, try adding a short sleep just before the previous send.
# Setting "force_conservative" to 1 (see below) makes Expect do this
# automatically - pausing briefly before sending each character. This
# pacifies every program I know of. The -c flag makes the script do
# this in the first place. The -C flag allows you to define a
# character to toggle this mode off and on.
set force_conservative 0 ;# set to 1 to force conservative mode even if
;# script wasn't run conservatively originally
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg
}
}
#
# 2) differing output - Some programs produce different output each time
# they run. The "date" command is an obvious example. Another is
# ftp, if it produces throughput statistics at the end of a file
# transfer. If this causes a problem, delete these patterns or replace
# them with wildcards. An alternative is to use the -p flag (for
# "prompt") which makes Expect only look for the last line of output
# (i.e., the prompt). The -P flag allows you to define a character to
# toggle this mode off and on.
#
# Read the man page for more info.
#
# -Don
set timeout -1
spawn ./make
match_max 100000
expect -exact "Enter keystore password: "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
expect -exact "\r
What is your first and last name?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your organizational unit?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your organization?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your City or Locality?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your State or Province?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the two-letter country code for this unit?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?\r
\[no\]: "
send -- "yes\r"
expect -exact "yes\r
\r
Enter key password for <anonymous>\r
(RETURN if same as keystore password): "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
expect -exact "\r
Enter keystore password: "
send -- "password\r"
expect -exact "\r
Certificate stored in file <selfsignedcert.cer>\r
Enter keystore password: "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
sleep 1
send -- "yes\r"
expect eof

5
keys/make.autos Executable file
View File

@ -0,0 +1,5 @@
(cd mail && ./make.auto)
(cd localrelay && ./make.auto)
(cd key && ./make.auto)
(cd client && ./make.auto)
(cd push && ./make.auto)

3
keys/push/clean Executable file
View File

@ -0,0 +1,3 @@
rm *.jks
rm *.cer
rm *.b64

View File

@ -1,3 +1,5 @@
keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore keystore.jks keytool -genkeypair -alias anonymous -keyalg RSA -keysize 2048 -keystore keystore.jks
keytool -export -alias client -keystore keystore.jks -rfc -file selfsignedcert.cer keytool -export -alias anonymous -keystore keystore.jks -rfc -file selfsignedcert.cer
keytool -import -alias client -file selfsignedcert.cer -keystore truststore.jks keytool -import -alias anonymous -file selfsignedcert.cer -keystore truststore.jks
java -jar ../../build/exported/Tools.jar --export-pem file=truststore.jks

101
keys/push/make.auto Executable file
View File

@ -0,0 +1,101 @@
#!/opt/local/bin/expect -f
#
# This Expect script was generated by autoexpect on Thu Sep 5 10:43:19 2013
# Expect and autoexpect were both written by Don Libes, NIST.
#
# Note that autoexpect does not guarantee a working script. It
# necessarily has to guess about certain things. Two reasons a script
# might fail are:
#
# 1) timing - A surprising number of programs (rn, ksh, zsh, telnet,
# etc.) and devices discard or ignore keystrokes that arrive "too
# quickly" after prompts. If you find your new script hanging up at
# one spot, try adding a short sleep just before the previous send.
# Setting "force_conservative" to 1 (see below) makes Expect do this
# automatically - pausing briefly before sending each character. This
# pacifies every program I know of. The -c flag makes the script do
# this in the first place. The -C flag allows you to define a
# character to toggle this mode off and on.
set force_conservative 0 ;# set to 1 to force conservative mode even if
;# script wasn't run conservatively originally
if {$force_conservative} {
set send_slow {1 .1}
proc send {ignore arg} {
sleep .1
exp_send -s -- $arg
}
}
#
# 2) differing output - Some programs produce different output each time
# they run. The "date" command is an obvious example. Another is
# ftp, if it produces throughput statistics at the end of a file
# transfer. If this causes a problem, delete these patterns or replace
# them with wildcards. An alternative is to use the -p flag (for
# "prompt") which makes Expect only look for the last line of output
# (i.e., the prompt). The -P flag allows you to define a character to
# toggle this mode off and on.
#
# Read the man page for more info.
#
# -Don
set timeout -1
spawn ./make
match_max 100000
expect -exact "Enter keystore password: "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
expect -exact "\r
What is your first and last name?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your organizational unit?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your organization?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your City or Locality?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the name of your State or Province?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
What is the two-letter country code for this unit?\r
\[Unknown\]: "
send -- "\r"
expect -exact "\r
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?\r
\[no\]: "
send -- "yes\r"
expect -exact "yes\r
\r
Enter key password for <anonymous>\r
(RETURN if same as keystore password): "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
expect -exact "\r
Enter keystore password: "
send -- "password\r"
expect -exact "\r
Certificate stored in file <selfsignedcert.cer>\r
Enter keystore password: "
send -- "password\r"
expect -exact "\r
Re-enter new password: "
send -- "password\r"
sleep 1
send -- "yes\r"
expect eof