michael@0: #!/bin/bash michael@0: michael@0: DATA_DIR=$1 michael@0: OCSP_DIR=$2 michael@0: CERT_DIR=$3 michael@0: michael@0: TEST_PWD="nssnss" michael@0: CONF_TEMPLATE="ocspd.conf.template" michael@0: michael@0: convert_cert() michael@0: { michael@0: CERT_NAME=$1 michael@0: CERT_SIGNER=$2 michael@0: michael@0: openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM michael@0: } michael@0: michael@0: convert_crl() michael@0: { michael@0: CRL_NAME=$1 michael@0: michael@0: openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM michael@0: } michael@0: michael@0: convert_key() michael@0: { michael@0: KEY_NAME=$1 michael@0: michael@0: pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD} michael@0: openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD} michael@0: michael@0: STATUS=0 michael@0: cat ${DATA_DIR}/${KEY_NAME}.key.tmp | while read LINE; do michael@0: echo "${LINE}" | grep "BEGIN ENCRYPTED PRIVATE KEY" > /dev/null && STATUS=1 michael@0: [ ${STATUS} -eq 1 ] && echo "${LINE}" michael@0: echo "${LINE}" | grep "END ENCRYPTED PRIVATE KEY" > /dev/null && break michael@0: done > ${DATA_DIR}/${KEY_NAME}.key michael@0: michael@0: rm ${DATA_DIR}/${KEY_NAME}.key.tmp michael@0: } michael@0: michael@0: create_conf() michael@0: { michael@0: CONF_FILE=$1 michael@0: CA=$2 michael@0: OCSP=$3 michael@0: PORT=$4 michael@0: michael@0: cat ${CONF_TEMPLATE} | \ michael@0: sed "s:@DIR@:${OCSP_DIR}:" | \ michael@0: sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" | \ michael@0: sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" | \ michael@0: sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" | \ michael@0: sed "s:@OCSP_PID@:${OCSP}.pid:" | \ michael@0: sed "s:@PORT@:${PORT}:" \ michael@0: > ${CONF_FILE} michael@0: } michael@0: michael@0: copy_cert() michael@0: { michael@0: CERT_NAME=$1 michael@0: CERT_SIGNER=$2 michael@0: michael@0: cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert michael@0: } michael@0: michael@0: michael@0: copy_key() michael@0: { michael@0: KEY_NAME=$1 michael@0: michael@0: cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12 michael@0: } michael@0: michael@0: convert_cert OCSPRoot michael@0: convert_crl OCSPRoot michael@0: convert_key OCSPRoot michael@0: michael@0: convert_cert OCSPCA1 OCSPRoot michael@0: convert_crl OCSPCA1 michael@0: convert_key OCSPCA1 michael@0: michael@0: convert_cert OCSPCA2 OCSPRoot michael@0: convert_crl OCSPCA2 michael@0: convert_key OCSPCA2 michael@0: michael@0: convert_cert OCSPCA3 OCSPRoot michael@0: convert_crl OCSPCA3 michael@0: convert_key OCSPCA3 michael@0: michael@0: create_conf ocspd0.conf OCSPRoot ocspd0 2600 michael@0: create_conf ocspd1.conf OCSPCA1 ocspd1 2601 michael@0: create_conf ocspd2.conf OCSPCA2 ocspd2 2602 michael@0: create_conf ocspd3.conf OCSPCA3 ocspd3 2603 michael@0: michael@0: copy_cert OCSPRoot michael@0: copy_cert OCSPCA1 OCSPRoot michael@0: copy_cert OCSPCA2 OCSPRoot michael@0: copy_cert OCSPCA3 OCSPRoot michael@0: copy_cert OCSPEE11 OCSPCA1 michael@0: copy_cert OCSPEE12 OCSPCA1 michael@0: copy_cert OCSPEE13 OCSPCA1 michael@0: copy_cert OCSPEE14 OCSPCA1 michael@0: copy_cert OCSPEE15 OCSPCA1 michael@0: copy_cert OCSPEE21 OCSPCA2 michael@0: copy_cert OCSPEE22 OCSPCA2 michael@0: copy_cert OCSPEE23 OCSPCA2 michael@0: copy_cert OCSPEE31 OCSPCA3 michael@0: copy_cert OCSPEE32 OCSPCA3 michael@0: copy_cert OCSPEE33 OCSPCA3 michael@0: michael@0: copy_key OCSPRoot michael@0: copy_key OCSPCA1 michael@0: copy_key OCSPCA2 michael@0: copy_key OCSPCA3 michael@0: