security/nss/tests/chains/ocspd-config/ocspd-certs.sh@b8a032363ba2
security/nss/tests/chains/ocspd-config/ocspd-certs.sh
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rwxr-xr-x
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 #!/bin/bash
3 DATA_DIR=$1
4 OCSP_DIR=$2
5 CERT_DIR=$3
7 TEST_PWD="nssnss"
8 CONF_TEMPLATE="ocspd.conf.template"
10 convert_cert()
11 {
12 CERT_NAME=$1
13 CERT_SIGNER=$2
15 openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM
16 }
18 convert_crl()
19 {
20 CRL_NAME=$1
22 openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM
23 }
25 convert_key()
26 {
27 KEY_NAME=$1
29 pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD}
30 openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD}
32 STATUS=0
33 cat ${DATA_DIR}/${KEY_NAME}.key.tmp | while read LINE; do
34 echo "${LINE}" | grep "BEGIN ENCRYPTED PRIVATE KEY" > /dev/null && STATUS=1
35 [ ${STATUS} -eq 1 ] && echo "${LINE}"
36 echo "${LINE}" | grep "END ENCRYPTED PRIVATE KEY" > /dev/null && break
37 done > ${DATA_DIR}/${KEY_NAME}.key
39 rm ${DATA_DIR}/${KEY_NAME}.key.tmp
40 }
42 create_conf()
43 {
44 CONF_FILE=$1
45 CA=$2
46 OCSP=$3
47 PORT=$4
49 cat ${CONF_TEMPLATE} | \
50 sed "s:@DIR@:${OCSP_DIR}:" | \
51 sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" | \
52 sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" | \
53 sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" | \
54 sed "s:@OCSP_PID@:${OCSP}.pid:" | \
55 sed "s:@PORT@:${PORT}:" \
56 > ${CONF_FILE}
57 }
59 copy_cert()
60 {
61 CERT_NAME=$1
62 CERT_SIGNER=$2
64 cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert
65 }
68 copy_key()
69 {
70 KEY_NAME=$1
72 cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12
73 }
75 convert_cert OCSPRoot
76 convert_crl OCSPRoot
77 convert_key OCSPRoot
79 convert_cert OCSPCA1 OCSPRoot
80 convert_crl OCSPCA1
81 convert_key OCSPCA1
83 convert_cert OCSPCA2 OCSPRoot
84 convert_crl OCSPCA2
85 convert_key OCSPCA2
87 convert_cert OCSPCA3 OCSPRoot
88 convert_crl OCSPCA3
89 convert_key OCSPCA3
91 create_conf ocspd0.conf OCSPRoot ocspd0 2600
92 create_conf ocspd1.conf OCSPCA1 ocspd1 2601
93 create_conf ocspd2.conf OCSPCA2 ocspd2 2602
94 create_conf ocspd3.conf OCSPCA3 ocspd3 2603
96 copy_cert OCSPRoot
97 copy_cert OCSPCA1 OCSPRoot
98 copy_cert OCSPCA2 OCSPRoot
99 copy_cert OCSPCA3 OCSPRoot
100 copy_cert OCSPEE11 OCSPCA1
101 copy_cert OCSPEE12 OCSPCA1
102 copy_cert OCSPEE13 OCSPCA1
103 copy_cert OCSPEE14 OCSPCA1
104 copy_cert OCSPEE15 OCSPCA1
105 copy_cert OCSPEE21 OCSPCA2
106 copy_cert OCSPEE22 OCSPCA2
107 copy_cert OCSPEE23 OCSPCA2
108 copy_cert OCSPEE31 OCSPCA3
109 copy_cert OCSPEE32 OCSPCA3
110 copy_cert OCSPEE33 OCSPCA3
112 copy_key OCSPRoot
113 copy_key OCSPCA1
114 copy_key OCSPCA2
115 copy_key OCSPCA3
