My favorites | Sign in
Project Home Downloads Issues Source
Repository:
Checkout   Browse   Changes   Clones    
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
#!/bin/bash

# This script will test your certificates, verifying that
# the options are set correctly in run-config.sh, that the
# public and private keys match, and that the whole certificate
# chain can be verified up to the root certificate.

if [ -r run-config.sh ]; then
  . run-config.sh
else
  echo "You need to copy run-config.sh.example to run-config.sh and configure"; exit 1
fi

if [ $WAVESERVER_DISABLE_VERIFICATION != "false" ]; then
  echo "ERROR: WAVESERVER_DISABLE_VERIFICATION should be set to false" 
  exit 1
fi

if [ $WAVESERVER_DISABLE_SIGNER_VERIFICATION != "false" ]; then
  echo "ERROR: WAVESERVER_DISABLE_SIGNER_VERIFICATION should be set to false" 
  exit 1
fi

if [ ! -e $PRIVATE_KEY_FILENAME ]; then
  echo "ERROR: Private key does not exist:" $PRIVATE_KEY_FILENAME
  exit 1
fi

# Break apart the certificate list on the commas.
certlist=(`echo $CERTIFICATE_FILENAME_LIST | sed 's/,/ /g'`) 

if [ "`openssl x509 -modulus -in ${certlist[0]} -noout`" != "`openssl \
  rsa -in $PRIVATE_KEY_FILENAME  -modulus -noout`" ]; then
  echo "ERROR: Public and private key do not match!"
  exit 1
fi

# Reverse the order of the list for passing into openssl.
len=${#certlist[@]} 
for (( i = 0; $i < $len/2; i++ )); do 
  swap=$len-$i-1
  tmp=${certlist[i]}
  certlist[i]=${certlist[$swap]} 
  certlist[$swap]=$tmp 
done 

# Verify that each file in the certificate list exists.
for (( i=0; $i < $len; i++ )); do 
  if [ ! -e ${certlist[$i]} ]; then
    echo "ERROR: Certificate file does not exist:" ${certlist[$i]}
    exit 1
  fi
done

# Verify the certificate chain.
if (( $len > 1 )); then
  verifycmd="openssl verify -CAfile ${certlist[@]}"
else
  verifycmd="openssl verify ${certlist[@]}" 
fi

if $verifycmd | grep -q "OK$" ; then 
  echo "SUCCESS: The certificates have been verified and are working correctly"
else
  echo "ERROR: Certificate chain failed to verify"
  $verifycmd 
fi

Change log

87a5842bbe15 by Soren Lassen <so...@google.com> on Aug 16, 2010   Diff 
Some cleanups of syntax, preconditions,
and imports.
Go to: 
Sign in to write a code review

Older revisions

e4b4d8e3e3ca by Benjamin Kalman <btkalman> on Jan 18, 2010   Diff 
Exit with 1 when verification fails in
check-certificates.sh
d4a4c0e998c4 by Joe Gregorio <j...@bitworking.org> on Dec 7, 2009   Diff 
Added check-certificates.sh script for
verifying certificates
All revisions of this file

File info

Size: 1908 bytes, 67 lines
Powered by Google Project Hosting