1 files changed, 0 insertions, 358 deletions
diff --git a/bin/bbstored/bbstored-certs b/bin/bbstored/bbstored-certs
deleted file mode 100755
index 0ef8b325..00000000
--- a/bin/bbstored/bbstored-certs
+++ /dev/null
@@ -1,358 +0,0 @@
-#!/usr/bin/perl
-# distribution boxbackup-0.11rc2 (svn version: 2072)
-#  
-# Copyright (c) 2003 - 2008
-#      Ben Summers and contributors.  All rights reserved.
-#  
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-# 3. All use of this software and associated advertising materials must 
-#    display the following acknowledgment:
-#        This product includes software developed by Ben Summers.
-# 4. The names of the Authors may not be used to endorse or promote
-#    products derived from this software without specific prior written
-#    permission.
-# 
-# [Where legally impermissible the Authors do not disclaim liability for 
-# direct physical injury or death caused solely by defects in the software 
-# unless it is modified by a third party.]
-# 
-# THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
-# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT,
-# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#  
-#  
-#  
-use strict;
-
-# validity period for root certificates -- default is a very long time
-my $root_sign_period = '10000';
-
-# but less so for client certificates
-my $sign_period = '5000';
-
-# check and get command line parameters
-if($#ARGV < 1)
-{
-	print <<__E;
-
-bbstored certificates utility.
-
-Bad command line parameters.
-Usage:
-	bbstored-certs certs-dir command [arguments]
-
-certs-dir is the directory holding the root keys and certificates for the backup system
-command is the action to perform, taking parameters.
-
-Commands are
-
-	init
-		-- generate initial root certificates (certs-dir must not already exist)
-	sign certificate-name
-		-- sign a client certificate
-	sign-server certificate-name
-		-- sign a server certificate
-
-Signing requires confirmation that the certificate is correct and should be signed.
-
-__E
-	exit(1);
-}
-
-# check for OPENSSL_CONF environment var being set
-if(exists $ENV{'OPENSSL_CONF'})
-{
-	print <<__E;
-
----------------------------------------
-
-WARNING:
-    You have the OPENSSL_CONF environment variable set.
-    Use of non-standard openssl configs may cause problems.
-
----------------------------------------
-
-__E
-}
-
-# directory structure:
-#
-# roots/
-#	clientCA.pem -- root certificate for client (used on server)
-#	serverCA.pem -- root certificate for servers (used on clients)
-# keys/
-#   clientRootKey.pem -- root key for clients
-#   serverRootKey.pem -- root key for servers
-# servers/
-#   hostname.pem -- certificate for server 'hostname'
-# clients/
-#   account.pem -- certficiate for account 'account' (ID in hex)
-#
-
-
-# check parameters
-my ($cert_dir,$command,@args) = @ARGV;
-
-# check directory exists
-if($command ne 'init')
-{
-	if(!-d $cert_dir)
-	{
-		die "$cert_dir does not exist";
-	}
-}
-
-# run command
-if($command eq 'init') {&cmd_init;}
-elsif($command eq 'sign') {&cmd_sign;}
-elsif($command eq 'sign-server') {&cmd_sign_server;}
-else
-{
-	die "Unknown command $command"
-}
-
-sub cmd_init
-{
-	# create directories
-	unless(mkdir($cert_dir,0700)
-		&& mkdir($cert_dir.'/roots',0700)
-		&& mkdir($cert_dir.'/keys',0700)
-		&& mkdir($cert_dir.'/servers',0700)
-		&& mkdir($cert_dir.'/clients',0700))
-	{
-		die "Failed to create directory structure"
-	}
-
-	# create root keys and certrs
-	cmd_init_create_root('client');
-	cmd_init_create_root('server');
-}
-
-sub cmd_init_create_root
-{
-	my $entity = $_[0];
-
-	my $cert = "$cert_dir/roots/".$entity.'CA.pem';
-	my $serial = "$cert_dir/roots/".$entity.'CA.srl';
-	my $key = "$cert_dir/keys/".$entity.'RootKey.pem';
-	my $csr = "$cert_dir/keys/".$entity.'RootCSR.pem';
-
-	# generate key
-	if(system("openssl genrsa -out $key 2048") != 0)
-	{
-		die "Couldn't generate private key."
-	}
-	
-	# make CSR
-	die "Couldn't run openssl for CSR generation" unless
-		open(CSR,"|openssl req -new -key $key -sha1 -out $csr");
-	print CSR <<__E;
-.
-.
-.
-.
-.
-Backup system $entity root
-.
-.
-.
-
-__E
-	close CSR;
-	print "\n\n";
-	die "Certificate request wasn't created.\n" unless -f $csr;
-	
-	# sign it to make a self-signed root CA key
-	if(system("openssl x509 -req -in $csr -sha1 -extensions v3_ca -signkey $key -out $cert -days $root_sign_period") != 0)
-	{
-		die "Couldn't generate root certificate."
-	}
-	
-	# write the initial serial number
-	open SERIAL,">$serial" or die "Can't open $serial for writing";
-	print SERIAL "00\n";
-	close SERIAL;
-}
-
-sub cmd_sign
-{
-	my $csr = $args[0];
-	
-	if(!-f $csr)
-	{
-		die "$csr does not exist";
-	}
-	
-	# get the common name specified in this certificate
-	my $common_name = get_csr_common_name($csr);
-	
-	# look OK?
-	unless($common_name =~ m/\ABACKUP-([A-Fa-f0-9]+)\Z/)
-	{
-		die "The certificate presented does not appear to be a backup client certificate"
-	}
-	
-	my $acc = $1;
-	
-	# check against filename
-	if(!($csr =~ m/(\A|\/)([A-Fa-f0-9]+)-/) || $2 ne $acc)
-	{
-		die "Certificate request filename does not match name in certificate ($common_name)"
-	}
-		
-	print <<__E;
-
-This certificate is for backup account
-
-   $acc
-
-Ensure this matches the account number you are expecting. The filename is
-
-   $csr
-
-which should include this account number, and additionally, you should check
-that you received it from the right person.
-
-Signing the wrong certificate compromises the security of your backup system.
-
-Would you like to sign this certificate? (type 'yes' to confirm)
-__E
-
-	return unless get_confirmation();
-
-	# out certificate
-	my $out_cert = "$cert_dir/clients/$acc"."-cert.pem";
-
-	# sign it!
-	if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/clientCA.pem -CAkey $cert_dir/keys/clientRootKey.pem -out $out_cert -days $sign_period") != 0)
-	{
-		die "Signing failed"
-	}
-	
-	# tell user what to do next
-	print <<__E;
-
-
-Certificate signed.
-
-Send the files
-
-   $out_cert
-   $cert_dir/roots/serverCA.pem
-
-to the client.
-
-__E
-}
-
-sub cmd_sign_server
-{
-	my $csr = $args[0];
-	
-	if(!-f $csr)
-	{
-		die "$csr does not exist";
-	}
-	
-	# get the common name specified in this certificate
-	my $common_name = get_csr_common_name($csr);
-	
-	# look OK?
-	if($common_name !~ m/\A[-a-zA-Z0-9.]+\Z/)
-	{
-		die "Invalid server name"
-	}
-	
-	print <<__E;
-
-This certificate is for backup server
-
-   $common_name
-
-Signing the wrong certificate compromises the security of your backup system.
-
-Would you like to sign this certificate? (type 'yes' to confirm)
-__E
-
-	return unless get_confirmation();
-
-	# out certificate
-	my $out_cert = "$cert_dir/servers/$common_name"."-cert.pem";
-
-	# sign it!
-	if(system("openssl x509 -req -in $csr -sha1 -extensions usr_crt -CA $cert_dir/roots/serverCA.pem -CAkey $cert_dir/keys/serverRootKey.pem -out $out_cert -days $sign_period") != 0)
-	{
-		die "Signing failed"
-	}
-	
-	# tell user what to do next
-	print <<__E;
-
-
-Certificate signed.
-
-Install the files
-
-   $out_cert
-   $cert_dir/roots/clientCA.pem
-
-on the server.
-
-__E
-}
-
-
-sub get_csr_common_name
-{
-	my $csr = $_[0];
-	
-	open CSRTEXT,"openssl req -text -in $csr |" or die "Can't open openssl for reading";
-	
-	my $subject;
-	while(<CSRTEXT>)
-	{
-		$subject = $1 if m/Subject:.+?CN=([-\.\w]+)/
-	}	
-	close CSRTEXT;
-
-	if($subject eq '')
-	{
-		die "No subject found in CSR $csr"
-	}
-	
-	return $subject
-}
-
-sub get_confirmation()
-{
-	my $line = <STDIN>;
-	chomp $line;
-	if(lc $line ne 'yes')
-	{
-		print "CANCELLED\n";
-		return 0;
-	}
-	
-	return 1;
-}
-
-
-
-
-