From 9fd97691283a96d731654f4583e10001510943cf Mon Sep 17 00:00:00 2001
From: Elio Maldonado <emaldonado@fedoraproject.org>
Date: Sun, 11 May 2008 02:47:51 +0000
Subject: [PATCH] Ensure that either mod_nss or mod_ssl is installed for the
 type of request     to be processed (#346731)

---
 genkey.pl | 38 ++++++++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 10 deletions(-)

diff --git a/genkey.pl b/genkey.pl
index f2013b3..19789e7 100644
--- a/genkey.pl
+++ b/genkey.pl
@@ -69,7 +69,7 @@ sub usage
 {
     print STDERR <<EOH;
 Usage: genkey [options] servername
-    --test   Test mode, skip random data creation, overwrite existing key
+    --test   Test mode, faster seeding, overwrite existing key
     --genreq Just generate a CSR from an existing key
     --makeca Generate a private CA key instead
     --days   Days until expiry of self-signed certificate (default 30)
@@ -168,6 +168,9 @@ if (!$genreq_mode && -f $keyfile && !$overwrite_key) {
     exit 1;
 }
 
+# Either mod_nss or mod_ssl is required
+requireModule();
+
 # For mod_nss we need these variables set
 if ($nss) {
     # the configuration file is required
@@ -204,7 +207,7 @@ if ($genreq_mode) {
         getkeysizeWindow,
         customKeySizeWindow,
         getRandomDataWindow,
-        keyPasswordWindow,
+        passwordWindow,
         genReqWindow,
 		);
     $doingwhat="CSR generation";
@@ -213,7 +216,7 @@ if ($genreq_mode) {
 		getkeysizeWindow,
 		customKeySizeWindow,
 		getRandomDataWindow,
-		keyPasswordWindow,
+		passwordWindow,
 		genCACertWindow,
 		);
     $doingwhat="CA cert generation";
@@ -223,7 +226,7 @@ if ($genreq_mode) {
 		customKeySizeWindow,
 		getRandomDataWindow,
 		wantCAWindow,
-		keyPasswordWindow,
+		passwordWindow,
 		genReqWindow,
         genReqWindow,
         genCertWindow,
@@ -305,6 +308,22 @@ sub NextBackCancelButton {
 	      ->Add(2, 0, $cancelb, Newt::NEWT_ANCHOR_LEFT(), 1, 1, 0, 0);
 }
 
+# Require that this Apache module (mod_nss or mod_ssl) be installed
+sub requireModule {
+
+    my $module = $nss ? "mod_nss" : "mod_ssl";	
+    my $not_installed_msg = `rpm -q $module | grep "not installed"`;
+	
+	if ($not_installed_msg) {
+        Newt::newtWinMessage("Error", "Close", 
+        "$not_installed_msg".
+        "\nIt is required to generate this type of CSRs or certs".
+        "for this host:\n\nPress return to exit");
+        Newt::Finished();
+        exit 1;
+    }	
+}
+
 # Check that nss.conf exists
 sub nssconfigFound {
     # if it isn't in its usual place
@@ -652,7 +671,7 @@ EOT
     $panel = Newt::Panel(1, 3, "Module access");
     $panel->Add(0, 0, Newt::Textbox(70, 5, 0, $message));
 
-    my $checkbox = Newt::Checkbox("Does the module require a password");
+    my $checkbox = Newt::Checkbox("Module access password if any");
     $panel->Add(0, 1, $checkbox);
     $panel->Add(0, 2, NextBackCancelButton());
 
@@ -714,7 +733,7 @@ EOT
 # Prompts for key encryption password 
 # When using NSS it prompts for the
 # module acces password instead.
-sub keyPasswordWindow
+sub passwordWindow
 {
 	return moduleAccesPasswordWindow() if $nss;
 	
@@ -924,11 +943,10 @@ sub makeCertOpenSSL
 
     use integer;
     my $months = $days ? $days / 30 : 24;
-    my $keysize = $bits;
 
     # build the arguments for a gen cert call, self-signed
     my $args = "-c makecert ";
-    $args   .= "-g $keysize ";
+    $args   .= "-g $bits ";
     $args   .= "-s $subject ";
     $args   .= "-v $months "; 
     $args   .= "-a ";              ## using ascii 
@@ -939,7 +957,7 @@ sub makeCertOpenSSL
     $args   .= "-o $certfile ";
     $args   .= "-k $keyfile";
 
-    nssUtilCmd("$ssltop/keyutil", $args);    
+    nssUtilCmd("$bindir/keyutil", $args);    
 
     if (!-f $certfile) {
         Newt::newtWinMessage("Error", "Close", 
@@ -985,7 +1003,7 @@ sub genRequestOpenSSL
               # user wants the key in the clear
     $args   .= "-z $noisefile "  if $noisefile;
  
-    nssUtilCmd("$ssltop/keyutil", $args);
+    nssUtilCmd("$bindir/keyutil", $args);
          
     unlink($noisefile);
     Newt::Resume();