$! $! 13-Jan-2003 Paul E. Mosteika $! $! Added DEL_USER_DATA in EXIT section to delete all global $! SSL3_USER_DATA* symbols. $! $!------------------------------------------------------------------------------ $! SSL3$CRL_LIST.COM - SSL3 Create Certificate Revocation List (CRL) procedure $!------------------------------------------------------------------------------ $! $ Verify = F$VERIFY (0) $ Set NoOn $ Set NoControl=Y $! $!------------------------------------------------------------------------------ $! Description $!------------------------------------------------------------------------------ $! $! This procedure prompts the user for CA certificate, key and directory, $! and after entering the CA's pass phrase, generates a CRL. $! $! The parameters used are: $! $! None $! $!------------------------------------------------------------------------------ $! Define symbols $!------------------------------------------------------------------------------ $! $ DELETE := DELETE $ SAY := WRITE SYS$OUTPUT $ ASK := READ SYS$COMMAND /END_OF_FILE=EXIT /PROMPT= $ PID = F$GETJPI ("","PID") $ TT_NOECHO = F$GETDVI ("TT:","TT_NOECHO") $ On Control_Y THEN GOTO EXIT $ Set Control=Y $! $ TT_ROWS = F$GETDVI ("TT:","TT_PAGE") $ TT_COLS = F$GETDVI ("TT:","DEVBUFSIZ") $! $ INIT_TERM := @SSL3$COM:SSL3$INIT_TERM ! Terminal TPU/Exit procedure $ SHOW_FILE := @SSL3$COM:SSL3$SHOW_FILE ! For showing the contents of a file $! $ GET_USER_DATA := CALL GET_USER_DATA ! Gets select, possibly modified data $ SET_USER_DATA := CALL SET_USER_DATA ! Sets the user data symbols to default $ DEL_USER_DATA := CALL DEL_USER_DATA ! Deletes user data symbols $! $ SSL3_CONF_FILE = F$TRNLMN ("SSL3$CA_CONFIG") $ GET_CONF_DATA := @SSL3$COM:SSL3$CONF_UTIL 'SSL3_CONF_FILE' GET $ SET_CONF_DATA := @SSL3$COM:SSL3$CONF_UTIL 'SSL3_CONF_FILE' SET $! $ ESC[0,8] = 27 ! Set the Escape Character $ BELL[0,8] = 7 ! Ring the terminal Bell $ RED = 1 ! Color - Red $ FGD = 30 ! Foreground $ BGD = 0 ! Background $ CSCR = ESC + "[2J" ! Clear the Screen $ CEOS = ESC + "[0J" ! Clear to the End of the Screen $ CEOL = ESC + "[0K" ! Clear to the End of the Line $ NORM = ESC + "[0m" ! Turn Attributes off $ BLNK = ESC + "[5m" ! Turn on BLINK Attribute $ WIDE = ESC + "#6" ! Turn on WIDE Attribute $! $!------------------------------------------------------------------------------ $! Run the SSL3 setup if it hasn't been run yet $!------------------------------------------------------------------------------ $! $ IF F$TRNLNM ("SSL3$ROOT") .EQS. "" $ THEN $ IF F$SEARCH ("SSL3$COM:SSL3$INIT_ENV.COM") .NES. "" $ THEN $ @SSL3$COM:SSL3$INIT_ENV.COM $ ELSE $ SAY BELL, "Unable to locate SSL3$COM:SSL3$INIT_ENV.COM ..." $ GOTO EXIT $ ENDIF $ ENDIF $! $!------------------------------------------------------------------------------ $! Display the Page Header $!------------------------------------------------------------------------------ $! $ INIT_TERM $ BCOLOR = BGD $ FCOLOR = FGD + RED $ COLOR = ESC + "[''BCOLOR';''FCOLOR'm" $! $ TEXT = "SSL3 Certificate Tool" $ COL = (TT_COLS - (F$LENGTH (TEXT) * 2)) / 4 $! $ SAY ESC + "[01;01H", CSCR $ SAY ESC + "[02;''COL'H", COLOR, WIDE, TEXT, NORM $! $ TEXT = "Generate Certificate Revocation List (CRL)" $ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 $! $ SAY ESC + "[04;01H" $ SAY ESC + "[04;''COL'H", COLOR, TEXT, NORM $! $ CTR = 1 $ ROW = 6 $ COL = 2 $ TOP_ROW = ROW $ MSG_ROW = TT_ROWS - 1 $! $! $!------------------------------------------------------------------------------ $! Initialize the Request Data (parse symbols) for the Confguration File $!------------------------------------------------------------------------------ $! $! $ IF F$SEARCH ("''SSL3_CONF_FILE'") .NES. "" $ THEN $ SAY ESC + "[''MSG_ROW';01H", BLNK, " Reading Configuration ...", NORM $ ELSE $ SAY ESC + "[''MSG_ROW';01H", BLNK, " Initializing Configuration ...", NORM $ ENDIF $! $ _ca = "ca" $! $ _default_ca = "CA_default" $ _default_ca_upd = "Y" $! $ _default_serfile = "SSL3$DB:SERIAL.TXT" $ _default_serfile_upd = "Y" $! $ _default_idxfile = "SSL3$DB:INDEX.TXT" $ _default_idxfile_upd = "Y" $! $ _default_crtfile = "SSL3$ROOT:[DEMOCA]SERVER_CA.CRT" $ _default_crtfile_upd = "Y" $! $ _default_keyfile = "SSL3$PRIVATE:SERVER_CA.KEY" $ _default_keyfile_upd = "Y" $! $ _default_crlfile = "SSL3$CRL:CERT_REVOKE_LIST.CRL" ! CRL file $ _default_crlfile_upd = "Y" $! $ _default_csrfile = "SSL3$CERTS:SERVER.CSR" $ _default_csrfile_upd = "Y" $! $ _default_sgnfile = "SSL3$CERTS:SIGNED.CRT" $ _default_sgnfile_upd = "Y" $! $ _default_newcert = "SSL3$CERTS" $ _default_newcert_upd = "Y" $! $ _default_md = "md5" $ _default_md_upd = "Y" $! $ _default_days = "365" $ _default_days_upd = "Y" $! $ _default_crl_days = "30" ! CRL days $ _default_crl_days_upd = "Y" $! $ _default_policy = "policy_anything" $ _default_policy_upd = "Y" $! $ _policy_countryName = "optional" $ _policy_countryName_upd = "Y" $! $ _policy_stateOrProvinceName = "optional" $ _policy_stateOrProvinceName_upd = "Y" $! $ _policy_localityName = "optional" $ _policy_localityName_upd = "Y" $! $ _policy_organizationName = "optional" $ _policy_organizationName_upd = "Y" $! $ _policy_organizationalUnitName = "optional" $ _policy_organizationalUnitName_upd = "Y" $! $ _policy_commonName = "supplied" $ _policy_commonName_upd = "Y" $! $ _policy_emailAddress = "optional" $ _policy_emailAddress_upd = "Y" $! $ _default_x509_extensions = "CA_x509_extensions" $ _default_x509_extensions_upd = "Y" $! $ _x509_basicContraints = "CA:FALSE" $ _x509_basicContraints_upd = "Y" $! $ _x509_nsComment = "SSL3 Generated Certificate" $ _x509_nsComment_upd = "Y" $! $ _x509_subjectKeyIdentifier = "hash" $ _x509_subjectKeyIdentifier_upd = "Y" $! $ _x509_authorityKeyIdentifier = "keyid,issuer:always" $ _x509_authorityKeyIdentifier_upd = "Y" $! $! $!------------------------------------------------------------------------------ $! Read/Parse the Configuration File (if we have one), $! and update the configuration symbols $!------------------------------------------------------------------------------ $ IF F$SEARCH ("''SSL3_CONF_FILE'") .NES. "" $ THEN $ GET_CONF_DATA "[''_ca']#default_ca" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _default_ca = SSL3_CONF_DATA $ _default_ca_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_ca']#serial" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _default_serfile = F$PARSE (SSL3_CONF_DATA, _default_serfile) $ _default_serfile_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_ca']#database" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _default_idxfile = F$PARSE (SSL3_CONF_DATA, _default_idxfile) $ _default_idxfile_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_ca']#certificate" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _default_crtfile = F$PARSE (SSL3_CONF_DATA, _default_crtfile) $ _default_crtfile_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_ca']#private_key" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _default_keyfile = F$PARSE (SSL3_CONF_DATA, _default_keyfile) $ _default_keyfile_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_ca']#new_certs_dir" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _default_newcert = F$PARSE (SSL3_CONF_DATA, _default_newcert,,"DEVICE") + - F$PARSE (SSL3_CONF_DATA, _default_newcert,,"DIRECTORY") $ _default_newcert_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_ca']#default_md" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _default_md = SSL3_CONF_DATA $ _default_md_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_ca']#default_days" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _default_days = SSL3_CONF_DATA $ _default_days_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_ca']#default_crl_days" ! CRL days $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _default_crl_days = SSL3_CONF_DATA $ _default_crl_days_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_ca']#policy" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _default_policy = SSL3_CONF_DATA $ _default_policy_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_policy']#countryName" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _policy_countryName = SSL3_CONF_DATA $ _policy_countryName_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_policy']#stateOrProvinceName" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _policy_stateOrProvinceName = SSL3_CONF_DATA $ _policy_stateOrProvinceName_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_policy']#localityName" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _policy_localityName = SSL3_CONF_DATA $ _policy_localityName_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_policy']#organizationName" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _policy_organizationName = SSL3_CONF_DATA $ _policy_organizationName_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_policy']#organizationalUnitName" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _policy_organizationalUnitName = SSL3_CONF_DATA $ _policy_organizationalUnitName_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_policy']#commonName" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _policy_commonName = SSL3_CONF_DATA $ _policy_commonName_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_policy']#emailAddress" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _policy_emailAddress = SSL3_CONF_DATA $ _policy_emailAddress_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_ca']#x509_extensions" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _default_x509_extensions = SSL3_CONF_DATA $ _default_x509_extensions_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_x509_extensions']#basicConstraints" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _x509_basicConstraints = SSL3_CONF_DATA $ _x509_basicConstraints_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_x509_extensions']#nsComment" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _x509_nsComment = SSL3_CONF_DATA $ _x509_nsComment_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_x509_extensions']#subjectKeyIdentifier" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _x509_subjectKeyIdentifier = SSL3_CONF_DATA $ _x509_subjectKeyIdentifier_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_x509_extensions']#authorityKeyIdentifier" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ _x509_authorityKeyIdentifier = SSL3_CONF_DATA $ _x509_authorityKeyIdentifier_upd = "N" $ ENDIF $! $ GET_CONF_DATA "[''_default_ca']#crlnumber" $ IF SSL3_CONF_DATA .NES. "" $ THEN $ IF F$SEARCH(SSL3_CONF_DATA).EQS."" $ THEN $ OPEN /WRITE OFILE 'SSL3_CONF_DATA' $ WRITE OFILE "1000" $ CLOSE OFILE $ ENDIF $ ENDIF $ ENDIF $! $! $!------------------------------------------------------------------------------ $! Set the User Data Symbols (SSL3_USER_DATA_1, SSL3_USER_DATA_2 ...) $! $! The 10 Fields (delimited by a '#') are: $! ======================================= $! 0 1 2 3 4 5 $! Key Name #Item Name #Item Value Contains Default or Prompt #Default Value #Prompt Value #Value Type $! 6 7 8 9 10 $! #Value Minimum Length #Value Maximum Length #Entry Updated ? #Entry Required for Input ? #Confirm Input ? $!------------------------------------------------------------------------------------------------------------------- $ SET_USER_DATA "[''_ca']#default_ca#D#''_default_ca'##S###''_default_ca_upd'#N#N" $ SET_USER_DATA "[''_default_ca']#serial#D#''_default_serfile'#Serial File ?#F###''_default_serfile_upd'#N#N" $ SET_USER_DATA "[''_default_ca']#database#D#''_default_idxfile'#Database File ?#F###''_default_idxfile_upd'#N#N" $ SET_USER_DATA "[''_default_ca']#certificate#D#''_default_crtfile'#CA Certificate File ?#F###''_default_crtfile_upd'#Y#N" $ SET_USER_DATA "[''_default_ca']#private_key#D#''_default_keyfile'#CA Certificate Key File ?#F###''_default_keyfile_upd'#Y#N" $ SET_USER_DATA "[]#default_csrfile#-#''_default_csrfile'#Certificate Request File ?#F###''_default_csrfile_upd'#N#N" $ SET_USER_DATA "[]#default_sgnfile#-#''_default_sgnfile'#Certificate File to Revoke?#F###''_default_sgnfile_upd'#N#N" $ SET_USER_DATA "[]#default_crlfile#-#''_default_crlfile'#Certificate Revocation File (CRL)?#F###''_default_crlfile_upd'#Y#N" $ SET_USER_DATA "[''_default_ca']#new_certs_dir#D#''_default_newcert'#New Certificate Directory ?#S###''_default_newcert_upd'#N#N" $ SET_USER_DATA "[''_default_ca']#default_md#D#''_default_md'#Default Digest ?#I###''_default_md_upd'#N#N" $ SET_USER_DATA "[''_default_ca']#default_days#D#''_default_days'#Default Days ?#I###''_default_days_upd'#N#N" $ SET_USER_DATA "[''_default_ca']#default_crl_days#D#''_default_crl_days'#Default CRL Days ?#I###''_default_crl_days_upd'#Y#N" $ SET_USER_DATA "[''_default_ca']#policy#D#''_default_policy'#Default Policy ?#S###''_default_policy_upd'#N#N" $ SET_USER_DATA "[''_default_policy']#countryName#D#''_policy_countryName'#Country Name Policy ?#S###''_policy_countryName_upd'#N#N" $ SET_USER_DATA "[''_default_policy']#stateOrProvinceName#D#''_policy_stateOrProvinceName'#State or Province Name Policy ?#S###''_policy_stateOrProvinceName_upd'#N#N" $ SET_USER_DATA "[''_default_policy']#localityName#D#''_policy_localityName'#Locality Name Policy ?#S###''_policy_localityName_upd'#N#N" $ SET_USER_DATA "[''_default_policy']#organizationName#D#''_policy_organizationName'#Organization Name Policy ?#S###''_policy_organizationName_upd'#N#N" $ SET_USER_DATA "[''_default_policy']#organizationalUnitName#D#''_policy_organizationalUnitName'#Organization Unit Name Policy ?#S###''_policy_organizationalUnitName_upd'#N#N" $ SET_USER_DATA "[''_default_policy']#commonName#D#''_policy_commonName'#Common Name Policy ?#S###''_policy_commonName_upd'#N#N" $ SET_USER_DATA "[''_default_policy']#emailAddress#D#''_policy_emailAddress'#Email Address Policy ?#S###''_policy_emailAddress_upd'#N#N" $ SET_USER_DATA "[''_default_ca']#x509_extensions#D#''_default_x509_extensions'#X509 Extensions ?#S###''_default_x509_extensions_upd'#N#N" $ SET_USER_DATA "[''_default_x509_extensions']#basicConstraints#D#''_x509_basicConstraints'#X509 Basic Constraints ?#S###''_x509_basicConstraints_upd'#N#N" $ SET_USER_DATA "[''_default_x509_extensions']#nsComment#D#''_x509_nsComment'#X509 NS Comment ?#S###''_x509_nsComment_upd'#N#N" $ SET_USER_DATA "[''_default_x509_extensions']#subjectKeyIdentifier#D#''_x509_subjectKeyIdentifier'#X509 Subject Key Identifier ?#S###''_x509_subjectKeyIdentifier_upd'#N#N" $ SET_USER_DATA "[''_default_x509_extensions']#authorityKeyIdentifier#D#''_x509_authorityKeyIdentifier'#X509 Authority Key Identifier ?#S###''_x509_authorityKeyIdentifier_upd'#N#N" $ SET_USER_DATA "[]#pem_pass_phrase#-##PEM Pass Phrase ?#P#1###Y#N" $ SET_USER_DATA "[]#display_crl#-#N#Display CRL File?#S##1##Y#N" $! $! $ SAY ESC + "[''MSG_ROW';01H", CEOS $! $!------------------------------------------------------------------------------ $! Confirm/Update the SSL Configuration Data $!------------------------------------------------------------------------------ $! $! $PROMPT_LOOP: $! $ IF CTR .LE. SSL3_USER_DATA_MAX $ THEN $ KEY = F$ELEMENT (0,"#",SSL3_USER_DATA_'CTR') ! Key Name $ ITM = F$ELEMENT (1,"#",SSL3_USER_DATA_'CTR') ! Item Name $ VAL = F$ELEMENT (2,"#",SSL3_USER_DATA_'CTR') ! Item Value Contains Default or Prompt or 'D' $ DEF = F$ELEMENT (3,"#",SSL3_USER_DATA_'CTR') ! Default Value $ PRM = F$ELEMENT (4,"#",SSL3_USER_DATA_'CTR') ! Prompt Value $ TYP = F$ELEMENT (5,"#",SSL3_USER_DATA_'CTR') ! Value Type - S,F,I,P (String,File,Integer,Prompt) $ MIN = F$ELEMENT (6,"#",SSL3_USER_DATA_'CTR') ! Value Minimum Length $ MAX = F$ELEMENT (7,"#",SSL3_USER_DATA_'CTR') ! Value Maximum Length $ UPD = F$ELEMENT (8,"#",SSL3_USER_DATA_'CTR') ! Entry Updated ? $ REQ = F$ELEMENT (9,"#",SSL3_USER_DATA_'CTR') ! Entry Required for Input ? $ CFM = F$ELEMENT (10,"#",SSL3_USER_DATA_'CTR')! Confirm Input ? $ CONFIRMED = 0 $ IF REQ .EQS. "N" ! Entry Required for Input? $ THEN $ CTR = CTR + 1 ! Nope $ GOTO PROMPT_LOOP ! ...Next $ ENDIF $ IF ROW .GT. MSG_ROW - 2 $ THEN $ SAY ESC + "[''TOP_ROW';01H", CEOS $ ROW = TOP_ROW $ ENDIF $! $CONFIRM_LOOP: $! $!------------------------------------------------------------------------------ $! Prompt User - Get Input $!------------------------------------------------------------------------------ $! $ IF PRM .EQS. "" $ THEN $ PROMPT = ESC + "[''ROW';''COL'H''ITM' ? [''DEF'] ''CEOL'" $ ELSE $ PROMPT = ESC + "[''ROW';''COL'H''PRM' [''DEF'] ''CEOL'" $ ENDIF $ IF TYP .EQS. "P" THEN SET TERMINAL /NOECHO ! No echo for Prompts $ ASK "''PROMPT'" ANS /END_OF_FILE=EXIT ! Get user input $ IF TYP .EQS. "P" THEN SET TERMINAL /ECHO $ ANS = F$EDIT (ANS,"TRIM") $ IF ANS .EQS. "" THEN ANS = DEF $ IF TYP .EQS. "F" ! File $ THEN $ ANS = F$PARSE ("''ANS'","''DEF'",,,"SYNTAX_ONLY") $ ENDIF $ IF TYP .EQS. "I" .AND. F$TYPE (ANS) .NES. "INTEGER" ! Integer $ THEN $ CALL INVALID_ENTRY $ SAY ESC + "[''ROW';01H", CEOS $ GOTO PROMPT_LOOP $ ENDIF $ IF (TYP .EQS. "S" .OR. TYP .EQS. "P") .AND. - ! String or Prompt ((MIN .NES. "" .AND. F$LENGTH (ANS) .LT. F$INTEGER(MIN)) .OR. - (MAX .NES. "" .AND. F$LENGTH (ANS) .GT. F$INTEGER(MAX))) $ THEN $ CALL INVALID_ENTRY $ SAY ESC + "[''ROW';01H", CEOS $ IF TYP .EQS. "S" THEN GOTO PROMPT_LOOP ! String is done, next $ IF TYP .EQS. "P" THEN GOTO CONFIRM_LOOP ! Prompt, try again $ ENDIF $ ROW = ROW + 1 $ IF CFM .EQS. "Y" $ THEN $ IF CONFIRMED .EQ. 0 $ THEN $ CONFIRMED = 1 ! Confirm answer $ CONFIRMED_ANS = ANS $ PRM = "Confirm ''PRM'" ! Using prompt value $ GOTO CONFIRM_LOOP $ ELSE $ IF ANS .NES. CONFIRMED_ANS $ THEN $ CALL INVALID_ENTRY $ ROW = ROW - 2 $ SAY ESC + "[''ROW';01H", CEOS $ GOTO PROMPT_LOOP $ ENDIF $ ENDIF $ ENDIF $! --- Extract/Update the SSL3_USER_DATA_n Symbol Values --- $ IF ANS .NES. DEF THEN SSL3_USER_DATA_'CTR' = "''KEY'#''ITM'#''VAL'#''ANS'#''PRM'#''TYP'#''MIN'#''MAX'#Y#''REQ'#''CFM'" $ CTR = CTR + 1 $ GOTO PROMPT_LOOP $ ENDIF $! $! $!------------------------------------------------------------------------------ $! Save the SSL3 Configuration Data $!------------------------------------------------------------------------------ $! $ CTR = 1 $ SAY ESC + "[''MSG_ROW';01H", BLNK, " Saving Configuration ...", NORM $! $SAVE_CONF_LOOP: $! $ IF CTR .LE. SSL3_USER_DATA_MAX $ THEN $ KEY = F$ELEMENT (0,"#",SSL3_USER_DATA_'CTR') ! Key Name $ ITM = F$ELEMENT (1,"#",SSL3_USER_DATA_'CTR') ! Item Name $ VAL = F$ELEMENT (2,"#",SSL3_USER_DATA_'CTR') ! Item Value Contains Default or Prompt $ DEF = F$ELEMENT (3,"#",SSL3_USER_DATA_'CTR') ! Default Value $ PRM = F$ELEMENT (4,"#",SSL3_USER_DATA_'CTR') ! Prompt Value $ TYP = F$ELEMENT (5,"#",SSL3_USER_DATA_'CTR') ! Value Type $ MIN = F$ELEMENT (6,"#",SSL3_USER_DATA_'CTR') ! Value Minimum Length $ MAX = F$ELEMENT (7,"#",SSL3_USER_DATA_'CTR') ! Value Maximum Length $ UPD = F$ELEMENT (8,"#",SSL3_USER_DATA_'CTR') ! Entry Updated ? $ REQ = F$ELEMENT (9,"#",SSL3_USER_DATA_'CTR') ! Entry Required for Input ? $ CFM = F$ELEMENT (10,"#",SSL3_USER_DATA_'CTR')! Confirm Input ? $ IF UPD .NES. "Y" .OR. VAL .EQS. "-" $ THEN $ CTR = CTR + 1 $ GOTO SAVE_CONF_LOOP $ ENDIF $ IF VAL .EQS. "D" $ THEN $ SET_CONF_DATA "''KEY'#''ITM'" "''DEF'" $ ELSE $ SET_CONF_DATA "''KEY'#''ITM'" "''PRM'" $ SET_CONF_DATA "''KEY'#''ITM'_default" "''DEF'" $ ENDIF $ IF MIN .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_min" "''MIN'" $ IF MAX .NES. "" THEN SET_CONF_DATA "''KEY'#''ITM'_max" "''MAX'" $ CTR = CTR + 1 $ GOTO SAVE_CONF_LOOP $ ENDIF $! $ PURGE /NOLOG /NOCONFIRM 'SSL3_CONF_FILE' $ RENAME 'SSL3_CONF_FILE'; ;1 $! $ SAY ESC + "[''MSG_ROW';01H", CEOS $! $! $!------------------------------------------------------------------------------ $! Get the updated information from the User data symbols that we need $!------------------------------------------------------------------------------ $! $SKIP: $! $ GET_USER_DATA "[]#pem_pass_phrase" $ _pem_pass_phrase = SSL3_USER_DATA $ GET_USER_DATA "[''_default_ca']#database" $ _default_idxfile = SSL3_USER_DATA $ GET_USER_DATA "[''_default_ca']#serial" $ _default_serfile = SSL3_USER_DATA $ GET_USER_DATA "[]#default_crlfile" ! CRL file $ _default_crlfile = SSL3_USER_DATA $ GET_USER_DATA "[]#default_crl_days" ! CRL days $ _default_crl_days = SSL3_USER_DATA $ GET_USER_DATA "[]#display_crl" ! Display CRL? $ _display_crl = SSL3_USER_DATA $! $!------------------------------------------------------------------------------ $! Locate the index file that will be updated. (SERIAL.TXT is really untouched) $!------------------------------------------------------------------------------ $! $ IF F$SEARCH ("''_default_idxfile'") .EQS. "" $ THEN $ SAY BELL, "Unable to locate ''_default_idxfile' ...exiting" $ GOTO EXIT $ ENDIF $! $ IF F$SEARCH ("''_default_serfile'") .EQS. "" $ THEN $ SAY BELL, "Unable to locate ''_default_serfile' ...exiting" $ GOTO EXIT $ ENDIF $! $! $!------------------------------------------------------------------------------ $! Create and Execute the Certificate Revocation List (CRL) Command Procedure $!------------------------------------------------------------------------------ $! $ SAY ESC + "[''MSG_ROW';01H", BLNK, " Creating CRL ''_default_crlfile'...", NORM $! $ X1 = 2 $ Y1 = TOP_ROW $ X2 = TT_COLS - 2 $ Y2 = MSG_ROW - 1 $! $ DEFINE /USER /NOLOG SYS$ERROR NL: $ DEFINE /USER /NOLOG SYS$OUTPUT NL: $! $ OPEN /WRITE OFILE SYS$LOGIN:SSL3_CA_'PID'.COM $ WRITE OFILE "$ SET NOON" $ WRITE OFILE "$ SET MESSAGE /NOFACILITY /NOIDENTIFICATION /NOSEVERITY /NOTEXT" $ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL3_CA_''PID'.LOG" $ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL3_CA_''PID'.LOG" $ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" $ WRITE OFILE "$ OPENSSL ca -gencrl -out ''_default_crlfile' -config ''SSL3_CONF_FILE'" $ WRITE OFILE "''_pem_pass_phrase'" $ WRITE OFILE "y" $ WRITE OFILE "y" $ WRITE OFILE "$ SET MESSAGE /FACILITY /IDENTIFICATION /SEVERITY /TEXT" $ CLOSE OFILE $! $! $ @SYS$LOGIN:SSL3_CA_'PID'.COM ! Execute CRL create, Config file has [req] CA .CRT and Key $! $! $ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL3_CA_'PID'.COM;* $! $ DEFINE /USER /NOLOG SYS$ERROR NL: $ DEFINE /USER /NOLOG SYS$OUTPUT NL: $ SEARCH SYS$LOGIN:SSL3_CA_'PID'.LOG /OUT=SYS$LOGIN:SSL3_CA_'PID'.ERR "error:" $ IF F$SEARCH ("SYS$LOGIN:SSL3_CA_''PID'.ERR") .NES. "" $ THEN $ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL3_CA_''PID'.ERR","ALQ") .NE. 0 $ THEN $ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL3_CA_'PID'.ERR;* $ SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'" $ SHOW_FILE "SYS$LOGIN:SSL3_CA_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" $ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL3_CA_'PID'.LOG;* $ GOTO EXIT $ ENDIF $ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL3_CA_'PID'.ERR;* $ ENDIF $! $ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL3_CA_'PID'.LOG;* $! $! $!------------------------------------------------------------------------------ $! Display CRL File if User Answered Yes $!------------------------------------------------------------------------------ $! $ TYPE := TYPE $ IF F$EDIT (_display_crl,"TRIM,UPCASE") .EQS. "Y" $ THEN $ SAY ESC + "[''MSG_ROW';01H", BLNK, " Generating Output ...", NORM, CEOL $! $ OPEN /WRITE OFILE SYS$LOGIN:SSL3_X509_'PID'.COM $ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$ERROR SYS$LOGIN:SSL3_X509_''PID'.LOG" $ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$OUTPUT SYS$LOGIN:SSL3_X509_''PID'.LOG" $ WRITE OFILE "$ DEFINE /USER /NOLOG SYS$COMMAND SYS$INPUT" $ WRITE OFILE "$ OPENSSL crl -in ''_default_crlfile' -text -noout" $ CLOSE OFILE $! $ @SYS$LOGIN:SSL3_X509_'PID'.COM $! $ DELETE/NOLOG/NOCONFIRM SYS$LOGIN:SSL3_X509_'PID'.COM;* $! $ DEFINE /USER /NOLOG SYS$ERROR NL: $ DEFINE /USER /NOLOG SYS$OUTPUT NL: $ SEARCH SYS$LOGIN:SSL3_X509_'PID'.LOG /OUT=SYS$LOGIN:SSL3_X509_'PID'.ERR ":error:" $ IF F$SEARCH ("SYS$LOGIN:SSL3_X509_''PID'.ERR") .NES. "" $ THEN $ IF F$FILE_ATTRIBUTE ("SYS$LOGIN:SSL3_X509_''PID'.ERR","ALQ") .NE. 0 $ THEN $ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL3_X509_'PID'.ERR;* $ SAY ESC + "[''MSG_ROW';01H''BELL'''CEOS'" $ SHOW_FILE "SYS$LOGIN:SSL3_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ERROR >" $ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL3_X509_'PID'.LOG;* $ GOTO EXIT $ ENDIF $ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL3_X509_'PID'.ERR;* $ ENDIF $! $ SAY ESC + "[''MSG_ROW';01H''CEOS'" $ SHOW_FILE "SYS$LOGIN:SSL3_X509_''PID'.LOG" 'X1' 'Y1' 'X2' 'Y2' "< ''_default_crlfile' >" $ DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL3_X509_'PID'.LOG;* $ GOTO EXIT $ ENDIF $! $ TEXT = "Press return to continue" $ COL = (TT_COLS - F$LENGTH (TEXT)) / 2 $! $ SAY ESC + "[''MSG_ROW';01H", CEOS $ PROMPT = ESC + "[''MSG_ROW';''COL'H''TEXT'" $ ASK "''PROMPT'" OPT $! $GOTO EXIT $! $! $! $!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! SUBROUTINES !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $! $! $!------------------------------------------------------------------------------ $! Set the User Data Subroutine $!------------------------------------------------------------------------------ $! $SET_USER_DATA: SUBROUTINE $! $ IF F$TYPE (SSL3_USER_DATA_MAX) .EQS. "" $ THEN $ SSL3_USER_DATA_MAX == 1 $ ELSE $ SSL3_USER_DATA_MAX == SSL3_USER_DATA_MAX + 1 $ ENDIF $! $ SSL3_USER_DATA_'SSL3_USER_DATA_MAX' == "''P1'" $! $ EXIT $! $ ENDSUBROUTINE $! $!------------------------------------------------------------------------------ $! Find the Request Data $!------------------------------------------------------------------------------ $! $GET_USER_DATA: SUBROUTINE $! $ CTR = 1 $ USER_KEY = F$ELEMENT (0,"#",P1) $ USER_ITM = F$ELEMENT (1,"#",P1) $! $GET_USER_DATA_LOOP: $! $ IF CTR .LE. SSL3_USER_DATA_MAX $ THEN $ KEY = F$ELEMENT (0,"#",SSL3_USER_DATA_'CTR') ! Key Name $ ITM = F$ELEMENT (1,"#",SSL3_USER_DATA_'CTR') ! Item Name $ VAL = F$ELEMENT (2,"#",SSL3_USER_DATA_'CTR') ! Item Value Contains Default or Prompt $ DEF = F$ELEMENT (3,"#",SSL3_USER_DATA_'CTR') ! Default Value $ PRM = F$ELEMENT (4,"#",SSL3_USER_DATA_'CTR') ! Prompt Value $ IF USER_KEY .NES. KEY .OR. USER_ITM .NES. ITM $ THEN $ CTR = CTR + 1 $ GOTO GET_USER_DATA_LOOP $ ENDIF $ IF VAL .EQS. "-" THEN SSL3_USER_DATA == "''DEF'" $ IF VAL .EQS. "D" THEN SSL3_USER_DATA == "''DEF'" $ IF VAL .EQS. "P" THEN SSL3_USER_DATA == "''PRM'" $ ENDIF $! $ EXIT $! $ ENDSUBROUTINE $! $!------------------------------------------------------------------------------ $! Delete the User Data Symbols $!------------------------------------------------------------------------------ $! $DEL_USER_DATA: SUBROUTINE $! $ IF F$TYPE (SSL3_USER_DATA_MAX) .EQS. "" THEN GOTO DEL_USER_DATA_END $! $DEL_USER_DATA_LOOP: $! $ IF F$TYPE (SSL3_USER_DATA_'SSL3_USER_DATA_MAX') .NES. "" $ THEN $ DELETE /SYMBOL /GLOBAL SSL3_USER_DATA_'SSL3_USER_DATA_MAX' $ SSL3_USER_DATA_MAX == SSL3_USER_DATA_MAX - 1 $ GOTO DEL_USER_DATA_LOOP $ ENDIF $! $ DELETE /SYMBOL /GLOBAL SSL3_USER_DATA_MAX $! $DEL_USER_DATA_END: $! $ IF F$TYPE (SSL3_USER_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL3_USER_DATA $! $ EXIT $! $ ENDSUBROUTINE $! $!------------------------------------------------------------------------------ $! Display the invalid entry $!------------------------------------------------------------------------------ $! $INVALID_ENTRY: SUBROUTINE $! $ SAY ESC + "[''MSG_ROW';01H", BELL, " Invalid Entry, Try again ...''CEOL'" $ Wait 00:00:01.5 $ SAY ESC + "[''MSG_ROW';01H", CEOL $! $ EXIT $! $ ENDSUBROUTINE $! $! $!------------------------------------------------------------------------------ $! Exit the procedure $!------------------------------------------------------------------------------ $! $EXIT: $! $ DEFINE /USER /NOLOG SYS$ERROR NL: $ DEFINE /USER /NOLOG SYS$OUTPUT NL: $ DEASSIGN SYS$OUTPUT $! $ DEFINE /USER /NOLOG SYS$ERROR NL: $ DEFINE /USER /NOLOG SYS$OUTPUT NL: $ DEASSIGN SYS$ERROR $! $ DEFINE /USER /NOLOG SYS$ERROR NL: $ DEFINE /USER /NOLOG SYS$OUTPUT NL: $ CLOSE OFILE $! $ IF F$TYPE (SSL3_CONF_DATA) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL3_CONF_DATA $! $ IF F$TYPE (SSL3_FILE_NAME) .NES. "" THEN DELETE /SYMBOL /GLOBAL SSL3_FILE_NAME $! $ IF F$GETDVI ("TT:","TT_NOECHO") .AND. .NOT. TT_NOECHO THEN SET TERMINAL /ECHO $! $ IF F$SEARCH ("SYS$LOGIN:SSL3_REQ_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL3_REQ_'PID'.%%%;* $ IF F$SEARCH ("SYS$LOGIN:SSL3_X509_''PID'.%%%;*") .NES. "" THEN DELETE /NOLOG /NOCONFIRM SYS$LOGIN:SSL3_X509_'PID'.%%%;* $! $ DEL_USER_DATA ! Call Delete SSL3_USER_DATA* symbols routine $! $ Verify = F$VERIFY (Verify) $! $ EXIT