#!/bin/bash
################################################################################
# OpenAirInterface
# Copyright(c) 1999 - 2014 Eurecom
#
# OpenAirInterface is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) anylater version.
#
#
# OpenAirInterface is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with OpenAirInterface.The full GNU General Public License is
# included in this distribution in the file called "COPYING". If not,
# see <http://www.gnu.org/licenses/>.
#
# Contact Information
# OpenAirInterface Admin: openair_admin@eurecom.fr
# OpenAirInterface Tech : openair_tech@eurecom.fr
# OpenAirInterface Dev : openair4g-devel@eurecom.fr
#
# Address : Eurecom, Campus SophiaTech, 450 Route des Chappes, CS 50193 - 06904 Biot Sophia Antipolis cedex, FRANCE
#
################################################################################
# file check_hss_s6a_certificate
# brief
# author Lionel Gauthier
# company Eurecom
# email: lionel.gauthier@eurecom.fr
################################
# include helper functions
################################
THIS_SCRIPT_PATH=$(dirname $(readlink -f $0))
source $THIS_SCRIPT_PATH/build_helper
function _create_hss_certs()
{
local freediameter_path=$1
local fqdn=$2
cd /tmp
rm -rf /tmp/demoCA
mkdir /tmp/demoCA
echo 01 > /tmp/demoCA/serial
touch /tmp/demoCA/index.txt
echo "Creating HSS certificate for user '$fqdn'"
# Create a Root Certification Authority Certificate
openssl req -new -batch -x509 -days 3650 -nodes -newkey rsa:1024 -out hss.cacert.pem -keyout hss.cakey.pem -subj /CN=$fqdn/C=FR/ST=PACA/L=Aix/O=Eurecom/OU=CM
# Generate a Private Key
openssl genrsa -out hss.key.pem 1024
# Generate a CSR (Certificate Signing Request) that will be self-signed
openssl req -new -batch -out hss.csr.pem -key hss.key.pem -subj /CN=$fqdn/C=FR/ST=PACA/L=Aix/O=Eurecom/OU=CM
# Certification authority
openssl ca -cert hss.cacert.pem -keyfile hss.cakey.pem -in hss.csr.pem -out hss.cert.pem -outdir . -batch
if [ ! -d $freediameter_path/etc/freeDiameter ]; then
echo "Creating non existing directory: $freediameter_path/etc/freeDiameter/"
sudo mkdir -p $freediameter_path/etc/freeDiameter/
fi
sudo mv hss.cakey.pem hss.cert.pem hss.cacert.pem hss.key.pem $freediameter_path/etc/freeDiameter/
cd -
}
#$1 if freediameter path
#$2 is fqdn
function main() {
local freediameter_path=$1
local fqdn=$2
if [ -d $freediameter_path/etc/freeDiameter ]; then
if [ -f $freediameter_path/etc/freeDiameter/hss.cert.pem ]; then
full_hostname=`cat $freediameter_path/etc/freeDiameter/hss.cert.pem | grep "Subject" | grep "CN" | cut -d '=' -f6`
if [ a$full_hostname == a$fqdn ]; then
echo_success "HSS S6A: Found valid certificate in $freediameter_path/etc/freeDiameter"
return 0
else
echo_error "Bad hss fqdn found in cert file: $full_hostname fqdn is $fqdn"
fi
fi
fi
echo_error "HSS S6A: Did not find valid certificate in $freediameter_path/etc/freeDiameter"
echo_warning "HSS S6A: generating new certificate in $freediameter_path/etc/freeDiameter..."
_create_hss_certs $freediameter_path $fqdn
if [ $# -lt 3 ] ; then
main $freediameter_path $fqdn 2
return $?
else
echo_error "Could not access to freeDiameter path: $freediameter_path/etc/freeDiameter"
exit 1
fi
}
main "$@"