具有多个生成期望和发送的 Tcl 脚本

tag-icon tag-icon scripting expect tcl
具有多个生成期望和发送的 Tcl 脚本

我正在尝试自动安装证书:q!在jboss服务器中。我写了这个基本脚本:

#!/usr/bin/expect


set Temp_Dir "/tmp/install"
set jboss_sec "/opt/jboss/security"
set jboss_prof "/opt/jboss/profiles/CLOUD_0000"
set fokp [open "/tmp/install/keystore.pw" r]
#set frkp [read $fokp]
set frkp [read -nonewline $fokp]

exp_internal 1
spawn sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file /tmp/install/mqcert/'Symantec_Class_3_Secure_Server_CA_-_G4.cer' -alias Symantec
expect { "Enter keystore password" { send "$frkp\r" }}
expect { "Owner" { send "yes\r" } eof }

#spawn sudo keytool -import -keystore $jboss_sec/server_keystore.jks -file $Temp_Dir/mqcert/TRMISMQtestSwifNetCertauth.cer -alias TRMISMQtestSwifNetCertauth
#expect { "Enter keystore password\r" { send "$frkp\r"  }}
#expect { "Trust this certificate?\r" { send "yes\r" } eof }

输出::

cloud-user@jboss-vm1-98ojcp:~ $ ./Step3-tcl-script.sh
spawn sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file /tmp/install/mqcert/'Symantec_Class_3_Secure_Server_CA_-_G4.cer' -alias Symantec
Enter keystore password:  spawn sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file /tmp/install/mqcert/TRMISMQtestSwifNetCertauth.cer -alias TRMISMQtestSwifNetCertauth
Enter keystore password:  (DEV) cloud-user@jboss-vm1-98ojcp:~ $

并且证书没有安装,因为它不会再要求“信任此证书?”

如果我手动运行命令

cloud-user@jboss-vm1-98ojcp:/tmp/install/mqcert $ sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file Symantec_Class_3_Secure_Server_CA_-_G4.cer  -alias Symantec
Enter keystore password:
Owner: CN=Symantec Class 3 Secure Server CA - G4, OU= Trust Network, O= Corporation, C=US
Issuer: CN= Public Primary Certification Authority - G5, OU="(c) 2006  - For authorized use only", OU=Trust Network, C=US
Serial number: 513fb9743870b734404
Valid from: Wed Oct 30 20:00:00 EDT 2013 until: Mon Oct 30 19:59:59 EDT 2023
Certificate fingerprints:
         MD5:  23:D5:85:F7:26:C5
         SHA1: FF:E1:8B:CC:E1:D7:0F:DA:BD:7C:86:61:35
         SHA256: EA::98:D0:F0:D6:A9:CF:17
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://s2.symcb.com
]
]

#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7F D3 65 A7  F3 43 39 FA 02  ..e......0..C9..
0010: AF 33 31 33                                        .313
]
]

#3: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://s.crl]
]]

#5: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000:    2F 77 77 77 2E 73 79 6D  ..http://www.sym
0010: 61 75 74 68 2E 63 6F 6D   2F 63 70 73              auth.com/cps

], PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.2
  qualifier: 0000: 303  0...http://www.s
0010: 79 6D 61 75 74 68 2E 63   6F 6D 2F 72 70 61        ymauth.com/rpa

]]  ]
]

#6: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

#7: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  CN=PKI-1-534
]

#8: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
00: 5F 60 CF 61 90 55 DF 84   60 2A B2 F5 7A  _`.a.U..C..`*..z
00: F4 4 EF                                        .C..
]
]

Trust this certificate? [no]:  no
Certificate was not added to keystore

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /opt/jboss/security/server_keystore.jks -destkeystore /opt/jboss/security/server_keystore.jks -deststoretype pkcs12".

我在任何地方做错了吗?

调试:

cloud-user@jboss-vm1-98ojcp:~ $ ./Step3-tcl-script.sh
spawn sudo keytool -import -keystore /opt/jboss/security/server_keystore.jks -file /tmp/install/mqcert/'Symantec_Class_3_Secure_Server_CA_-_G4.cer' -alias Symantec
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {8220}

expect: does "" (spawn_id exp5) match glob pattern " "Enter keystore password\r" { send "$frkp\r" }"? no
Enter keystore password:
expect: does "Enter keystore password:  " (spawn_id exp5) match glob pattern " "Enter keystore password\r" { send "$frkp\r" }"? no
expect: timed out

expect: does "Enter keystore password:  " (spawn_id exp5) match glob pattern " "Owner" { send "yes\r" } eof "? no
expect: timed out

答案1

不要使用\r预期的模式来匹配,因为它代表回车符,并且您收到的提示似乎不以 1 结尾。例如,替换"Owner\r""Owner".仅用于\r结束您正在发送的回复,例如"yes\r"

答案2

set frkp [read $fokp]-- 这将包括文件中的尾随换行符,并且您可能不希望包含该字符作为密码短语的一部分。反而:

set frkp [read -nonewline $fokp]

exp_internal 1另外,在开发期望脚本时,请在第一次生成之前添加命令。详细的调试输出将向您显示模式不匹配的原因。

相关内容