summaryrefslogtreecommitdiffstats
path: root/security/nss/tests/chains/ocspd-config/ocspd-certs.sh
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/tests/chains/ocspd-config/ocspd-certs.sh')
-rwxr-xr-xsecurity/nss/tests/chains/ocspd-config/ocspd-certs.sh116
1 files changed, 116 insertions, 0 deletions
diff --git a/security/nss/tests/chains/ocspd-config/ocspd-certs.sh b/security/nss/tests/chains/ocspd-config/ocspd-certs.sh
new file mode 100755
index 000000000..2f7d45898
--- /dev/null
+++ b/security/nss/tests/chains/ocspd-config/ocspd-certs.sh
@@ -0,0 +1,116 @@
+#!/bin/bash
+
+DATA_DIR=$1
+OCSP_DIR=$2
+CERT_DIR=$3
+
+TEST_PWD="nssnss"
+CONF_TEMPLATE="ocspd.conf.template"
+
+convert_cert()
+{
+ CERT_NAME=$1
+ CERT_SIGNER=$2
+
+ openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM
+}
+
+convert_crl()
+{
+ CRL_NAME=$1
+
+ openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM
+}
+
+convert_key()
+{
+ KEY_NAME=$1
+
+ pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD}
+ openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD}
+
+ STATUS=0
+ cat ${DATA_DIR}/${KEY_NAME}.key.tmp | while read LINE; do
+ echo "${LINE}" | grep "BEGIN ENCRYPTED PRIVATE KEY" > /dev/null && STATUS=1
+ [ ${STATUS} -eq 1 ] && echo "${LINE}"
+ echo "${LINE}" | grep "END ENCRYPTED PRIVATE KEY" > /dev/null && break
+ done > ${DATA_DIR}/${KEY_NAME}.key
+
+ rm ${DATA_DIR}/${KEY_NAME}.key.tmp
+}
+
+create_conf()
+{
+ CONF_FILE=$1
+ CA=$2
+ OCSP=$3
+ PORT=$4
+
+ cat ${CONF_TEMPLATE} | \
+ sed "s:@DIR@:${OCSP_DIR}:" | \
+ sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" | \
+ sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" | \
+ sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" | \
+ sed "s:@OCSP_PID@:${OCSP}.pid:" | \
+ sed "s:@PORT@:${PORT}:" \
+ > ${CONF_FILE}
+}
+
+copy_cert()
+{
+ CERT_NAME=$1
+ CERT_SIGNER=$2
+
+ cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert
+}
+
+
+copy_key()
+{
+ KEY_NAME=$1
+
+ cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12
+}
+
+convert_cert OCSPRoot
+convert_crl OCSPRoot
+convert_key OCSPRoot
+
+convert_cert OCSPCA1 OCSPRoot
+convert_crl OCSPCA1
+convert_key OCSPCA1
+
+convert_cert OCSPCA2 OCSPRoot
+convert_crl OCSPCA2
+convert_key OCSPCA2
+
+convert_cert OCSPCA3 OCSPRoot
+convert_crl OCSPCA3
+convert_key OCSPCA3
+
+create_conf ocspd0.conf OCSPRoot ocspd0 2600
+create_conf ocspd1.conf OCSPCA1 ocspd1 2601
+create_conf ocspd2.conf OCSPCA2 ocspd2 2602
+create_conf ocspd3.conf OCSPCA3 ocspd3 2603
+
+copy_cert OCSPRoot
+copy_cert OCSPCA1 OCSPRoot
+copy_cert OCSPCA2 OCSPRoot
+copy_cert OCSPCA3 OCSPRoot
+copy_cert OCSPEE11 OCSPCA1
+copy_cert OCSPEE12 OCSPCA1
+copy_cert OCSPEE13 OCSPCA1
+copy_cert OCSPEE14 OCSPCA1
+copy_cert OCSPEE15 OCSPCA1
+copy_cert OCSPEE21 OCSPCA2
+copy_cert OCSPEE22 OCSPCA2
+copy_cert OCSPEE23 OCSPCA2
+copy_cert OCSPEE31 OCSPCA3
+copy_cert OCSPEE32 OCSPCA3
+copy_cert OCSPEE33 OCSPCA3
+
+copy_key OCSPRoot
+copy_key OCSPCA1
+copy_key OCSPCA2
+copy_key OCSPCA3
+