Update rewrite ruls to handled encrypted and signed files

Add certutils from usecallmanager.nz
Add etc/certs directory

etc/certs/encrypt

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [ $# -gt 0 ]; then
+	#  Encrypt SEPMAC.cnf.xml
+	openssl enc -aes-256-cbc -salt -in ../../tftpboot/settings/${1} -out ../../tftpboot/settings/${1}.enc -k tftp.pem
+	../../tools/certutils/sgnfile -b ../../tftpboot/settings/${1}.enc -c tftp.pem
+fi

etc/certs/gencerts

@@ -0,0 +1,17 @@
+#!/bin/bash
+[ -f CA.pem ] && rm *.pem
+# Create a CA certificate valid for 20 years. This will function as the SAST (System Administrator Security Token) certificate.
+../../tools/certutils/gencert -n -C "Certificate Authority" -b 2048 -y 20 -o CA.pem
+# Create a certificate for Asterisk signed by the CA for 1 year. This will function as the CCM certificate.
+../../tools/certutils/gencert -c CA.pem -C Asterisk -b 2048 -y 1 -o asterisk.pem
+# Create a certificate for TFTP signed by the CA for 1 year. This will function as the TFTP certificate.
+../../tools/certutils/gencert -c CA.pem -C Asterisk -b 2048 -y 1 -o tftp.pem
+# Create a certificate for webserver signed by the CA for 1 year (optional). This will function as an HTTPS certificate.
+../../tools/certutils/gencert -c CA.pem -C WebServer -b 2048 -y 1 -o webserver.pem
+# Create a certificate for VPN signed by the CA for 1 year (optional).
+../../tools/certutils/gencert -c CA.pem -C VPN -b 2048 -y 1 -o vpn.pem
+# Create a certificate for CAPF signed by the CA for 1 year (optional).
+../../tools/certutils/gencert -c CA.pem -C CAPF -b 2048 -y 1 -o capf.pem
+# Create a certificate for TVS signed by the CA for 1 year (optional).
+../../tools/certutils/gencert -c CA.pem -C TVS -b 2048 -y 1 -o tvs.pem
+

etc/certs/gentlv

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+if [ $# == 0 ]; then
+# Create ITLFile.tlv in the tftpboot provisioning directory, the certificate used to sign the .tlv file is automatically included as providing the SAST function.
+../../tools/certutils/tlvfile -b ../../tftpboot/settings/ITLFile.tlv -c CA.pem -r asterisk.pem -f ccm -r capf.pem -f capf -r tvs.pem -f tvs -r tftp.pem -f tftp  -r webserver.pem -f https
+
+else
+# Optionally, the default ITLFile.tlv can be overridden using a file name based on the MAC address of the phone, eg: ITLSEP58971ECC97C1.tlv.
+../../tools/certutils/tlvfile -b ../../tftpboot/settings/ITL${1}.tlv -c CA.pem -r asterisk.pem -f ccm -r capf.pem -f capf -r tvs.pem -f tvs -r tftp.pem -f tftp  -r webserver.pem -f https -F ITLFile.tlv
+
+# Optionally, additional certificates can be included using a file name based on the MAC address of the phone, eg: CTLSEP58971ECC97C1.tlv.
+# Example for the VPN certificate
+../../tools/certutils/tlvfile -b ../../tftpboot/settings/CTL${1}.tlv -c CA.pem -r vpn.pem -f https -F CTLFile.tlv
+
+# Enable SIP-TLS mode by setting <transportLayerProtocol> to 3 and setting <deviceSecurityMode> to either 2 (Authenticated) or 3 (Encrypted) in SEPMAC.cnf.xml. Optionally, any XML services can be configured to use HTTPS.
+fi

etc/certs/signfile

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+if [ $# -gt 0 ]; then
+#  Sign SEPMAC.cnf.xml
+../../tools/certutils/sgnfile -b ../../tftpboot/settings/$1 -c tftp.pem
+fi