|
|
|
@ -4445,7 +4445,7 @@ int LDAPManager::generatePublicKerberosCACertificate(LDAPCertConfig certinfo, LD
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
subject = TQString("\"/C=%1/ST=%2/L=%3/O=%4/OU=%5/CN=%6/emailAddress=%7\"").arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
|
|
|
|
|
command = TQString("openssl req -days %1 -key %2 -new -x509 -out %3 -config %4 -subj %5").arg(certinfo.caExpiryDays).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(OPENSSL_EXTENSIONS_FILE).arg(subject);
|
|
|
|
|
command = TQString("openssl req -days %1 -key \"%2\" -new -x509 -out \"%3\" -config \"%4\" -subj \"%5\"").arg(certinfo.caExpiryDays).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(OPENSSL_EXTENSIONS_FILE).arg(subject);
|
|
|
|
|
if (system(command) < 0) {
|
|
|
|
|
printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
|
|
|
|
|
return -1;
|
|
|
|
@ -4485,12 +4485,12 @@ int LDAPManager::generatePublicKerberosCertificate(LDAPCertConfig certinfo, LDAP
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
subject = TQString("\"/C=%1/ST=%2/L=%3/O=%4/OU=%5%6%7\"").arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(openssldcForRealm(realmcfg.name)).arg(common_name);
|
|
|
|
|
command = TQString("openssl req -days %1 -new -out %2 -key %3 -config %4 -subj %5").arg(certinfo.kerberosExpiryDays).arg(kdc_reqfile).arg(kdc_keyfile).arg(OPENSSL_EXTENSIONS_FILE).arg(subject);
|
|
|
|
|
command = TQString("openssl req -days %1 -new -out \"%2\" -key \"%3\" -config \"%4\" -subj \"%5\"").arg(certinfo.kerberosExpiryDays).arg(kdc_reqfile).arg(kdc_keyfile).arg(OPENSSL_EXTENSIONS_FILE).arg(subject);
|
|
|
|
|
if (system(command) < 0) {
|
|
|
|
|
printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
command = TQString("openssl x509 -req -days %1 -in %2 -CAkey %3 -CA %4 -out %5 -extfile %6 -extensions pkinit_kdc_cert -CAcreateserial").arg(certinfo.kerberosExpiryDays).arg(kdc_reqfile).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(kdc_certfile).arg(OPENSSL_EXTENSIONS_FILE);
|
|
|
|
|
command = TQString("openssl x509 -req -days %1 -in \"%2\" -CAkey \"%3\" -CA \"%4\" -out \"%5\" -extfile \"%6\" -extensions pkinit_kdc_cert -CAcreateserial").arg(certinfo.kerberosExpiryDays).arg(kdc_reqfile).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(kdc_certfile).arg(OPENSSL_EXTENSIONS_FILE);
|
|
|
|
|
if (system(command) < 0) {
|
|
|
|
|
printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
|
|
|
|
|
return -1;
|
|
|
|
@ -4536,12 +4536,12 @@ int LDAPManager::generatePublicLDAPCertificate(LDAPCertConfig certinfo, LDAPReal
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
subject = TQString("\"/C=%1/ST=%2/L=%3/O=%4/OU=%5%6%7\"").arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(openssldcForRealm(realmcfg.name)).arg(common_name);
|
|
|
|
|
command = TQString("openssl req -days %1 -new -out %2 -key %3 -config %4 -subj %5").arg(certinfo.ldapExpiryDays).arg(ldap_reqfile).arg(ldap_keyfile).arg(OPENSSL_EXTENSIONS_FILE).arg(subject);
|
|
|
|
|
command = TQString("openssl req -days %1 -new -out \"%2\" -key \"%3\" -config \"%4\" -subj \"%5\"").arg(certinfo.ldapExpiryDays).arg(ldap_reqfile).arg(ldap_keyfile).arg(OPENSSL_EXTENSIONS_FILE).arg(subject);
|
|
|
|
|
if (system(command) < 0) {
|
|
|
|
|
printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
command = TQString("openssl x509 -req -days %1 -in %2 -CAkey %3 -CA %4 -out %5 -CAcreateserial").arg(certinfo.ldapExpiryDays).arg(ldap_reqfile).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(ldap_certfile);
|
|
|
|
|
command = TQString("openssl x509 -req -days %1 -in \"%2\" -CAkey \"%3\" -CA \"%4\" -out \"%5\" -CAcreateserial").arg(certinfo.ldapExpiryDays).arg(ldap_reqfile).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(ldap_certfile);
|
|
|
|
|
if (system(command) < 0) {
|
|
|
|
|
printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
|
|
|
|
|
return -1;
|
|
|
|
@ -4584,7 +4584,7 @@ int LDAPManager::generateClientCertificatePrivateKey(TQString privateKeyFile, in
|
|
|
|
|
TQString client_cfgfile = privateKeyFile + ".cfg";
|
|
|
|
|
|
|
|
|
|
// Create private key
|
|
|
|
|
command = TQString("openssl genrsa -out %1 %2").arg(client_keyfile).arg(clientKeyBitLength);
|
|
|
|
|
command = TQString("openssl genrsa -out \"%1\" %2").arg(client_keyfile).arg(clientKeyBitLength);
|
|
|
|
|
if (system(command) < 0) {
|
|
|
|
|
if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command);
|
|
|
|
|
return -1;
|
|
|
|
@ -4639,12 +4639,12 @@ int LDAPManager::generateClientCertificatePublicCertificate(int expirydays, LDAP
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
subject = TQString("\"%1%2\"").arg(openssldcForRealm(realmcfg.name)).arg(common_name);
|
|
|
|
|
command = TQString("openssl req -days %1 -new -out %2 -key %3 -config %4 -subj %5").arg(expirydays).arg(client_reqfile).arg(client_keyfile).arg(client_cfgfile).arg(subject);
|
|
|
|
|
command = TQString("openssl req -days %1 -new -out \"%2\" -key \"%3\" -config \"%4\" -subj \"%5\"").arg(expirydays).arg(client_reqfile).arg(client_keyfile).arg(client_cfgfile).arg(subject);
|
|
|
|
|
if (system(command) < 0) {
|
|
|
|
|
if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
command = TQString("openssl x509 -req -days %1 -in %2 -CAkey %3 -CA %4 -out %5 -extfile %6 -extensions pkinit_client_cert -CAcreateserial").arg(expirydays).arg(client_reqfile).arg(signingPrivateKeyFile).arg(signing_public_certfile).arg(client_certfile).arg(client_cfgfile);
|
|
|
|
|
command = TQString("openssl x509 -req -days %1 -in \"%2\" -CAkey \"%3\" -CA \"%4\" -out \"%5\" -extfile \"%6\" -extensions pkinit_client_cert -CAcreateserial").arg(expirydays).arg(client_reqfile).arg(signingPrivateKeyFile).arg(signing_public_certfile).arg(client_certfile).arg(client_cfgfile);
|
|
|
|
|
if (system(command) < 0) {
|
|
|
|
|
if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command);
|
|
|
|
|
return -1;
|
|
|
|
@ -4708,7 +4708,7 @@ int LDAPManager::generatePKICRL(int expirydays, LDAPRealmConfig realmcfg, TQStri
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
command = TQString("openssl ca -days %1 -crldays %2 -crlhours 0 -gencrl -out %3 -config %4").arg(expirydays).arg(expirydays).arg(crl_certfile).arg(OPENSSL_EXTENSIONS_FILE);
|
|
|
|
|
command = TQString("openssl ca -days %1 -crldays %2 -crlhours 0 -gencrl -out \"%3\" -config \"%4\"").arg(expirydays).arg(expirydays).arg(crl_certfile).arg(OPENSSL_EXTENSIONS_FILE);
|
|
|
|
|
if (system(command) < 0) {
|
|
|
|
|
if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command);
|
|
|
|
|
return -1;
|
|
|
|
@ -4749,7 +4749,7 @@ int LDAPManager::generatePKICRL(int expirydays, LDAPRealmConfig realmcfg, TQStri
|
|
|
|
|
revokedCertFile.writeBlock(certificateData.second);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
command = TQString("openssl ca -revoke %1 -config %2").arg(revoked_certfile).arg(OPENSSL_EXTENSIONS_FILE);
|
|
|
|
|
command = TQString("openssl ca -revoke \"%1\" -config \"%2\"").arg(revoked_certfile).arg(OPENSSL_EXTENSIONS_FILE);
|
|
|
|
|
if (system(command) < 0) {
|
|
|
|
|
if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command);
|
|
|
|
|
return -1;
|
|
|
|
@ -4767,7 +4767,7 @@ int LDAPManager::generatePKICRL(int expirydays, LDAPRealmConfig realmcfg, TQStri
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Regenerate CRL certificate
|
|
|
|
|
command = TQString("openssl ca -days %1 -crldays %2 -crlhours 0 -gencrl -out %3 -config %4").arg(expirydays).arg(expirydays).arg(crl_certfile).arg(OPENSSL_EXTENSIONS_FILE);
|
|
|
|
|
command = TQString("openssl ca -days %1 -crldays %2 -crlhours 0 -gencrl -out \"%3\" -config \"%4\"").arg(expirydays).arg(expirydays).arg(crl_certfile).arg(OPENSSL_EXTENSIONS_FILE);
|
|
|
|
|
if (system(command) < 0) {
|
|
|
|
|
if (errstr) *errstr = TQString("Execution of \"%s\" failed").arg(command);
|
|
|
|
|
return -1;
|
|
|
|
|