in source/code/shared/tools/scx_ssl_config/scx_ssl_config.cpp [353:480]
static int DoGenerate(const wstring & targetPath, int startDays, int endDays,
const wstring & hostname, const wstring & domainname,
int bits, bool bDebug, bool clientCert)
{
// Output what we'll be using for certificate generation
wcout << L"Generating certificate with hostname=\"" << hostname << L"\"";
if (domainname.length())
{
wcout << L", domainname=\"" << domainname << L"\"" ;
}
wcout << endl;
std::wstring c_certFilename(L"omi-host-"); // Remainder must be generated
const std::wstring c_keyFilename(L"omikey.pem");
int rc = 0;
// Do not allow an exception to slip out
try
{
// The certificate filename must be something like omi-host-<hostname>.pem; generate it
c_certFilename.append(hostname);
c_certFilename.append(L".pem");
SCXFilePath keyPath;
keyPath.SetDirectory(targetPath);
keyPath.SetFilename(c_keyFilename);
SCXFilePath certPath;
certPath.SetDirectory(targetPath);
certPath.SetFilename(c_certFilename);
SCXSSLCertificateLocalizedDomain cert(keyPath, certPath, startDays, endDays, hostname, domainname, bits, clientCert);
std::ostringstream debugChatter;
debugChatter << endl;
try
{
cert.Generate(debugChatter);
}
catch(const SCXCoreLib::SCXStringConversionException &ex)
{
if(bDebug)
wcout << debugChatter.str().c_str();
wcerr << endl << "Generation of certificate raised an exception" << endl;
wcerr << ex.Where() << endl;
wcerr << ex.What() << endl;
return 2;
}
catch(const SCXSSLException &e_ssl)
{
if(bDebug)
{
wcout << debugChatter.str().c_str();
debugChatter.str("");
}
wcerr << e_ssl.What() << endl;
return ERROR_CERT_GENERATE;
}
catch(const SCXCoreLib::SCXFilePathNotFoundException &ex)
{
wcerr << endl << "Generation of certificate raised an exception" << endl;
wcerr << "Output path \"" << ex.GetPath().Get() << "\" does not exist" << endl;
return 4;
}
if(bDebug)
{
wcout << debugChatter.str().c_str();
}
/*
** We actually have three certificate files in total:
**
** Certificate File: omi-host-<hostname>.pem (public)
** Key File: omi-key.pem (private)
** Soft link: omi.pem (soft link to certificate file, used by openwsman)
**
**
** Create the soft link to point to the certificate file.
*/
SCXFilePath fpLinkFile;
fpLinkFile.SetDirectory(targetPath);
fpLinkFile.SetFilename(L"omi.pem");
std::string sLinkFile = SCXCoreLib::StrToMultibyte(fpLinkFile.Get());
std::string sCertFile = SCXCoreLib::StrToMultibyte(certPath.Get());
rc = unlink(sLinkFile.c_str());
if (0 != rc && ENOENT != errno) {
throw SCXCoreLib::SCXErrnoFileException(L"unlink", fpLinkFile.Get(), errno, SCXSRCLOCATION);
}
rc = symlink(sCertFile.c_str(), sLinkFile.c_str());
if (0 != rc) {
throw SCXCoreLib::SCXErrnoFileException(L"unlink", fpLinkFile.Get(), errno, SCXSRCLOCATION);
}
/*
** Finally, make sure the permissions are right:
** The pub key gets 444, the priv key gets 400
*/
rc = chmod(sCertFile.c_str(), 00444);
if (0 != rc) {
throw SCXCoreLib::SCXErrnoFileException(L"chmod", certPath.Get(), errno, SCXSRCLOCATION);
}
std::string sKeyFile = SCXCoreLib::StrToMultibyte(keyPath.Get());
rc = chmod(sKeyFile.c_str(), 00400);
if (0 != rc) {
throw SCXCoreLib::SCXErrnoFileException(L"chmod", keyPath.Get(), errno, SCXSRCLOCATION);
}
rc = UpdateKeyOwnership(keyPath);
}
catch(const SCXCoreLib::SCXException & e)
{
wcout << e.Where() << endl
<< e.What() << endl;
// use -1 to indicate an exception occured.
rc = -1;
}
return rc;
}