markus
/
isakmpd-pki-setup


			
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
							#!/usr/bin/perl
# vi: set expandtab shiftwidth=4:

use strict;
use warnings;

use Archive::Tar;
use Archive::Tar::Constant;
use File::Spec;

sub read_file_data {
    my $filename = shift;
    my $data;

    open(my $fh, '<', $filename)
        or die "Unable to open file '$filename': $!\n";
    my $rc = read($fh, $data, -s $filename);
    die "Error reading from file '$filename': $!\n"
        unless defined $rc;
    close($fh);
    return $data;
}

sub check_directory {
    my $directory = shift;

    -d $directory or die "Required directory $directory not found.\n";
}

sub check_file {
    my $filename = shift;

    -f $filename or die "Required file $filename not found.\n";
}


my $client = shift or die "Usage: $0 FQDN\n";

# Check prerequisites
check_directory('ca');
check_directory('certs');
check_directory(File::Spec->catfile('clients', $client));
check_file(File::Spec->catfile('ca', 'ca.crt'));
check_file(File::Spec->catfile('certs', "$client.crt"));
check_file(File::Spec->catfile('clients', $client, "$client.key"));
check_file(File::Spec->catfile('clients', $client, "$client.pub"));

my $tar = Archive::Tar->new();

my @directories = qw(
    etc etc/isakmpd etc/isakmpd/ca etc/isakmpd/certs
);
foreach my $directory (@directories) {
    $tar->add_data($directory, '', { type => DIR });
    $tar->chown($directory, 'root:wheel');
    $tar->chmod($directory, '0755');
}
$tar->add_data('etc/isakmpd/private', '', { type => DIR });
$tar->chown('etc/isakmpd/private', 'root:wheel');
$tar->chmod('etc/isakmpd/private', '0700');
$tar->add_data('etc/isakmpd/ca/ca.crt', read_file_data('ca/ca.crt'));
$tar->chown('etc/isakmpd/ca/ca.crt', 'root:wheel');
$tar->add_data("etc/isakmpd/certs/$client.crt",
    read_file_data("certs/$client.crt"));
$tar->chown("etc/isakmpd/certs/$client.crt", 'root:wheel');
$tar->add_data('etc/isakmpd/local.pub',
    read_file_data("clients/$client/$client.pub"));
$tar->chown('etc/isakmpd/local.pub', 'root:wheel');
$tar->chmod('etc/isakmpd/local.pub', '0444');
$tar->add_data('etc/isakmpd/private/private.key',
    read_file_data("clients/$client/$client.key"));
$tar->chown('etc/isakmpd/private/private.key', 'root:wheel');
$tar->chmod('etc/isakmpd/private/private.key', '0600');

$tar->write("$client.tgz", COMPRESS_GZIP);