다중 빌드가 포함된 Tcl 스크립트는 예상하고 전송합니다.

tag-icon tag-icon scripting expect tcl
다중 빌드가 포함된 Tcl 스크립트는 예상하고 전송합니다.

인증서를 자동으로 설치하려고 합니다. :q! jboss 서버에서. 나는 다음과 같은 기본 스크립트를 작성했습니다.

#!/usr/bin/expect


set Temp_Dir "/tmp/install"
set jboss_sec "/opt/jboss/security"
set jboss_prof "/opt/jboss/profiles/CLOUD_0000"
set fokp [open "/tmp/install/keystore.pw" r]
#set frkp [read $fokp]
set frkp [read -nonewline $fokp]

exp_internal 1
spawn sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file /tmp/install/mqcert/'Symantec_Class_3_Secure_Server_CA_-_G4.cer' -alias Symantec
expect { "Enter keystore password" { send "$frkp\r" }}
expect { "Owner" { send "yes\r" } eof }

#spawn sudo keytool -import -keystore $jboss_sec/server_keystore.jks -file $Temp_Dir/mqcert/TRMISMQtestSwifNetCertauth.cer -alias TRMISMQtestSwifNetCertauth
#expect { "Enter keystore password\r" { send "$frkp\r"  }}
#expect { "Trust this certificate?\r" { send "yes\r" } eof }

산출::

cloud-user@jboss-vm1-98ojcp:~ $ ./Step3-tcl-script.sh
spawn sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file /tmp/install/mqcert/'Symantec_Class_3_Secure_Server_CA_-_G4.cer' -alias Symantec
Enter keystore password:  spawn sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file /tmp/install/mqcert/TRMISMQtestSwifNetCertauth.cer -alias TRMISMQtestSwifNetCertauth
Enter keystore password:  (DEV) cloud-user@jboss-vm1-98ojcp:~ $

더 이상 "이 인증서를 신뢰하시겠습니까?"라고 묻지 않으므로 인증서가 설치되지 않습니다.

수동으로 명령을 실행하면

cloud-user@jboss-vm1-98ojcp:/tmp/install/mqcert $ sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file Symantec_Class_3_Secure_Server_CA_-_G4.cer  -alias Symantec
Enter keystore password:
Owner: CN=Symantec Class 3 Secure Server CA - G4, OU= Trust Network, O= Corporation, C=US
Issuer: CN= Public Primary Certification Authority - G5, OU="(c) 2006  - For authorized use only", OU=Trust Network, C=US
Serial number: 513fb9743870b734404
Valid from: Wed Oct 30 20:00:00 EDT 2013 until: Mon Oct 30 19:59:59 EDT 2023
Certificate fingerprints:
         MD5:  23:D5:85:F7:26:C5
         SHA1: FF:E1:8B:CC:E1:D7:0F:DA:BD:7C:86:61:35
         SHA256: EA::98:D0:F0:D6:A9:CF:17
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://s2.symcb.com
]
]

#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7F D3 65 A7  F3 43 39 FA 02  ..e......0..C9..
0010: AF 33 31 33                                        .313
]
]

#3: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://s.crl]
]]

#5: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000:    2F 77 77 77 2E 73 79 6D  ..http://www.sym
0010: 61 75 74 68 2E 63 6F 6D   2F 63 70 73              auth.com/cps

], PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.2
  qualifier: 0000: 303  0...http://www.s
0010: 79 6D 61 75 74 68 2E 63   6F 6D 2F 72 70 61        ymauth.com/rpa

]]  ]
]

#6: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

#7: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  CN=PKI-1-534
]

#8: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
00: 5F 60 CF 61 90 55 DF 84   60 2A B2 F5 7A  _`.a.U..C..`*..z
00: F4 4 EF                                        .C..
]
]

Trust this certificate? [no]:  no
Certificate was not added to keystore

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /opt/jboss/security/server_keystore.jks -destkeystore /opt/jboss/security/server_keystore.jks -deststoretype pkcs12".

내가 어디에서 뭔가 잘못하고 있는 걸까요?

디버그:

cloud-user@jboss-vm1-98ojcp:~ $ ./Step3-tcl-script.sh
spawn sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file /tmp/install/mqcert/'Symantec_Class_3_Secure_Server_CA_-_G4.cer' -alias Symantec
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {8220}

expect: does "" (spawn_id exp5) match glob pattern " "Enter keystore password\r" { send "$frkp\r" }"? no
Enter keystore password:
expect: does "Enter keystore password:  " (spawn_id exp5) match glob pattern " "Enter keystore password\r" { send "$frkp\r" }"? no
expect: timed out

expect: does "Enter keystore password:  " (spawn_id exp5) match glob pattern " "Owner" { send "yes\r" } eof "? no
expect: timed out

답변1

\r캐리지 리턴을 나타내고 수신되는 프롬프트가 1로 끝나지 않는 것으로 나타나므로 일치하는 데 예상되는 패턴을 사용하지 마십시오 . 예를 들어, 보내는 답장을 끝내려면 를 로 바꾸십시오( 예: "Owner\r") ."Owner"\r"yes\r"

답변2

set frkp [read $fokp]-- 여기에는 파일에 후행 줄 바꿈이 포함되며 해당 문자를 암호의 일부로 포함하고 싶지 않을 것입니다. 대신에:

set frkp [read -nonewline $fokp]

exp_internal 1또한 예상 스크립트를 개발할 때 첫 번째 빌드 전에 명령을 추가하세요. 자세한 디버그 출력에는 패턴 불일치의 원인이 표시됩니다.

관련 정보