security/nss/tests/chains/ocspd-config/ocspd-certs.sh@6474c204b198 (annotated)
security/nss/tests/chains/ocspd-config/ocspd-certs.sh
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rwxr-xr-x
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | #!/bin/bash |
| michael@0 | 2 | |
| michael@0 | 3 | DATA_DIR=$1 |
| michael@0 | 4 | OCSP_DIR=$2 |
| michael@0 | 5 | CERT_DIR=$3 |
| michael@0 | 6 | |
| michael@0 | 7 | TEST_PWD="nssnss" |
| michael@0 | 8 | CONF_TEMPLATE="ocspd.conf.template" |
| michael@0 | 9 | |
| michael@0 | 10 | convert_cert() |
| michael@0 | 11 | { |
| michael@0 | 12 | CERT_NAME=$1 |
| michael@0 | 13 | CERT_SIGNER=$2 |
| michael@0 | 14 | |
| michael@0 | 15 | openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM |
| michael@0 | 16 | } |
| michael@0 | 17 | |
| michael@0 | 18 | convert_crl() |
| michael@0 | 19 | { |
| michael@0 | 20 | CRL_NAME=$1 |
| michael@0 | 21 | |
| michael@0 | 22 | openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM |
| michael@0 | 23 | } |
| michael@0 | 24 | |
| michael@0 | 25 | convert_key() |
| michael@0 | 26 | { |
| michael@0 | 27 | KEY_NAME=$1 |
| michael@0 | 28 | |
| michael@0 | 29 | pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD} |
| michael@0 | 30 | openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD} |
| michael@0 | 31 | |
| michael@0 | 32 | STATUS=0 |
| michael@0 | 33 | cat ${DATA_DIR}/${KEY_NAME}.key.tmp | while read LINE; do |
| michael@0 | 34 | echo "${LINE}" | grep "BEGIN ENCRYPTED PRIVATE KEY" > /dev/null && STATUS=1 |
| michael@0 | 35 | [ ${STATUS} -eq 1 ] && echo "${LINE}" |
| michael@0 | 36 | echo "${LINE}" | grep "END ENCRYPTED PRIVATE KEY" > /dev/null && break |
| michael@0 | 37 | done > ${DATA_DIR}/${KEY_NAME}.key |
| michael@0 | 38 | |
| michael@0 | 39 | rm ${DATA_DIR}/${KEY_NAME}.key.tmp |
| michael@0 | 40 | } |
| michael@0 | 41 | |
| michael@0 | 42 | create_conf() |
| michael@0 | 43 | { |
| michael@0 | 44 | CONF_FILE=$1 |
| michael@0 | 45 | CA=$2 |
| michael@0 | 46 | OCSP=$3 |
| michael@0 | 47 | PORT=$4 |
| michael@0 | 48 | |
| michael@0 | 49 | cat ${CONF_TEMPLATE} | \ |
| michael@0 | 50 | sed "s:@DIR@:${OCSP_DIR}:" | \ |
| michael@0 | 51 | sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" | \ |
| michael@0 | 52 | sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" | \ |
| michael@0 | 53 | sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" | \ |
| michael@0 | 54 | sed "s:@OCSP_PID@:${OCSP}.pid:" | \ |
| michael@0 | 55 | sed "s:@PORT@:${PORT}:" \ |
| michael@0 | 56 | > ${CONF_FILE} |
| michael@0 | 57 | } |
| michael@0 | 58 | |
| michael@0 | 59 | copy_cert() |
| michael@0 | 60 | { |
| michael@0 | 61 | CERT_NAME=$1 |
| michael@0 | 62 | CERT_SIGNER=$2 |
| michael@0 | 63 | |
| michael@0 | 64 | cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert |
| michael@0 | 65 | } |
| michael@0 | 66 | |
| michael@0 | 67 | |
| michael@0 | 68 | copy_key() |
| michael@0 | 69 | { |
| michael@0 | 70 | KEY_NAME=$1 |
| michael@0 | 71 | |
| michael@0 | 72 | cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12 |
| michael@0 | 73 | } |
| michael@0 | 74 | |
| michael@0 | 75 | convert_cert OCSPRoot |
| michael@0 | 76 | convert_crl OCSPRoot |
| michael@0 | 77 | convert_key OCSPRoot |
| michael@0 | 78 | |
| michael@0 | 79 | convert_cert OCSPCA1 OCSPRoot |
| michael@0 | 80 | convert_crl OCSPCA1 |
| michael@0 | 81 | convert_key OCSPCA1 |
| michael@0 | 82 | |
| michael@0 | 83 | convert_cert OCSPCA2 OCSPRoot |
| michael@0 | 84 | convert_crl OCSPCA2 |
| michael@0 | 85 | convert_key OCSPCA2 |
| michael@0 | 86 | |
| michael@0 | 87 | convert_cert OCSPCA3 OCSPRoot |
| michael@0 | 88 | convert_crl OCSPCA3 |
| michael@0 | 89 | convert_key OCSPCA3 |
| michael@0 | 90 | |
| michael@0 | 91 | create_conf ocspd0.conf OCSPRoot ocspd0 2600 |
| michael@0 | 92 | create_conf ocspd1.conf OCSPCA1 ocspd1 2601 |
| michael@0 | 93 | create_conf ocspd2.conf OCSPCA2 ocspd2 2602 |
| michael@0 | 94 | create_conf ocspd3.conf OCSPCA3 ocspd3 2603 |
| michael@0 | 95 | |
| michael@0 | 96 | copy_cert OCSPRoot |
| michael@0 | 97 | copy_cert OCSPCA1 OCSPRoot |
| michael@0 | 98 | copy_cert OCSPCA2 OCSPRoot |
| michael@0 | 99 | copy_cert OCSPCA3 OCSPRoot |
| michael@0 | 100 | copy_cert OCSPEE11 OCSPCA1 |
| michael@0 | 101 | copy_cert OCSPEE12 OCSPCA1 |
| michael@0 | 102 | copy_cert OCSPEE13 OCSPCA1 |
| michael@0 | 103 | copy_cert OCSPEE14 OCSPCA1 |
| michael@0 | 104 | copy_cert OCSPEE15 OCSPCA1 |
| michael@0 | 105 | copy_cert OCSPEE21 OCSPCA2 |
| michael@0 | 106 | copy_cert OCSPEE22 OCSPCA2 |
| michael@0 | 107 | copy_cert OCSPEE23 OCSPCA2 |
| michael@0 | 108 | copy_cert OCSPEE31 OCSPCA3 |
| michael@0 | 109 | copy_cert OCSPEE32 OCSPCA3 |
| michael@0 | 110 | copy_cert OCSPEE33 OCSPCA3 |
| michael@0 | 111 | |
| michael@0 | 112 | copy_key OCSPRoot |
| michael@0 | 113 | copy_key OCSPCA1 |
| michael@0 | 114 | copy_key OCSPCA2 |
| michael@0 | 115 | copy_key OCSPCA3 |
| michael@0 | 116 |
