DEB packaging of Comarch Crypto Provider from ePUAP
Jacek Kowalski
2019-09-25 b649e084029d34916dc3ff2c12ecc2e5ce5ccc16
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/bin/sh
 
if [ "$1" = "configure" ]
then
 
    INSTALLDIR="/usr/local/ComarchCryptoProvider"
    
    if [ ! -f "${INSTALLDIR}/certs/CCP-key-server.pem" ] \
        || [ ! -f "${INSTALLDIR}/certs/CCP-key-server.pem" ] \
        || [ ! -f "${INSTALLDIR}/certs/CCP-cert-CA.cer" ]
    then
    
        echo "Generating CA for localhost..."
        openssl genrsa -out ${INSTALLDIR}/certs/CCP-key-CA.pem 2048
        openssl req -x509 -sha256 -days 1000 -extensions ext-ca \
            -subj "/C=PL/O=ComarchCryptoProvider/CN=ComarchCryptoProvider CA" \
            -config "${INSTALLDIR}/openssl.cnf" \
            -key "${INSTALLDIR}/certs/CCP-key-CA.pem" \
            -out "${INSTALLDIR}/certs/CCP-cert-CA.pem"
        openssl x509 -inform PEM -outform DER \
            -in "${INSTALLDIR}/certs/CCP-cert-CA.pem" \
            -out "${INSTALLDIR}/certs/CCP-cert-CA.cer"
        
        echo "Trust generated CA certificate..."
        cp "${INSTALLDIR}/certs/CCP-cert-CA.pem" \
            "/usr/local/share/ca-certificates/CCP-cert-CA.crt"
        dpkg-trigger update-ca-certificates
        
        echo "Generating signed certificate for server..."
        openssl genrsa -out ${INSTALLDIR}/certs/CCP-key-server.pem 2048
        openssl req -new -sha256 \
            -subj "/C=PL/O=ComarchCryptoProvider/CN=localhost" \
            -out "${INSTALLDIR}/certs/CCP-req-server.pem" \
            -key "${INSTALLDIR}/certs/CCP-key-server.pem"
        openssl x509 -req -sha256 -days 999 -extensions ext-san \
            -extfile "${INSTALLDIR}/openssl.cnf" \
            -in "${INSTALLDIR}/certs/CCP-req-server.pem" \
            -CA "${INSTALLDIR}/certs/CCP-cert-CA.pem" \
            -CAkey "${INSTALLDIR}/certs/CCP-key-CA.pem" \
            -CAcreateserial \
            -out "${INSTALLDIR}/certs/CCP-cert-server.pem"
        
        chmod 644 "${INSTALLDIR}/certs/CCP-key-server.pem"
    
    fi
 
fi
 
#DEBHELPER#