diff options
Diffstat (limited to 'security/nss/tests/chains/ocspd-config/ocspd-certs.sh')
-rwxr-xr-x | security/nss/tests/chains/ocspd-config/ocspd-certs.sh | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/security/nss/tests/chains/ocspd-config/ocspd-certs.sh b/security/nss/tests/chains/ocspd-config/ocspd-certs.sh new file mode 100755 index 000000000..2f7d45898 --- /dev/null +++ b/security/nss/tests/chains/ocspd-config/ocspd-certs.sh @@ -0,0 +1,116 @@ +#!/bin/bash + +DATA_DIR=$1 +OCSP_DIR=$2 +CERT_DIR=$3 + +TEST_PWD="nssnss" +CONF_TEMPLATE="ocspd.conf.template" + +convert_cert() +{ + CERT_NAME=$1 + CERT_SIGNER=$2 + + openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM +} + +convert_crl() +{ + CRL_NAME=$1 + + openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM +} + +convert_key() +{ + KEY_NAME=$1 + + pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD} + openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD} + + STATUS=0 + cat ${DATA_DIR}/${KEY_NAME}.key.tmp | while read LINE; do + echo "${LINE}" | grep "BEGIN ENCRYPTED PRIVATE KEY" > /dev/null && STATUS=1 + [ ${STATUS} -eq 1 ] && echo "${LINE}" + echo "${LINE}" | grep "END ENCRYPTED PRIVATE KEY" > /dev/null && break + done > ${DATA_DIR}/${KEY_NAME}.key + + rm ${DATA_DIR}/${KEY_NAME}.key.tmp +} + +create_conf() +{ + CONF_FILE=$1 + CA=$2 + OCSP=$3 + PORT=$4 + + cat ${CONF_TEMPLATE} | \ + sed "s:@DIR@:${OCSP_DIR}:" | \ + sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" | \ + sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" | \ + sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" | \ + sed "s:@OCSP_PID@:${OCSP}.pid:" | \ + sed "s:@PORT@:${PORT}:" \ + > ${CONF_FILE} +} + +copy_cert() +{ + CERT_NAME=$1 + CERT_SIGNER=$2 + + cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert +} + + +copy_key() +{ + KEY_NAME=$1 + + cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12 +} + +convert_cert OCSPRoot +convert_crl OCSPRoot +convert_key OCSPRoot + +convert_cert OCSPCA1 OCSPRoot +convert_crl OCSPCA1 +convert_key OCSPCA1 + +convert_cert OCSPCA2 OCSPRoot +convert_crl OCSPCA2 +convert_key OCSPCA2 + +convert_cert OCSPCA3 OCSPRoot +convert_crl OCSPCA3 +convert_key OCSPCA3 + +create_conf ocspd0.conf OCSPRoot ocspd0 2600 +create_conf ocspd1.conf OCSPCA1 ocspd1 2601 +create_conf ocspd2.conf OCSPCA2 ocspd2 2602 +create_conf ocspd3.conf OCSPCA3 ocspd3 2603 + +copy_cert OCSPRoot +copy_cert OCSPCA1 OCSPRoot +copy_cert OCSPCA2 OCSPRoot +copy_cert OCSPCA3 OCSPRoot +copy_cert OCSPEE11 OCSPCA1 +copy_cert OCSPEE12 OCSPCA1 +copy_cert OCSPEE13 OCSPCA1 +copy_cert OCSPEE14 OCSPCA1 +copy_cert OCSPEE15 OCSPCA1 +copy_cert OCSPEE21 OCSPCA2 +copy_cert OCSPEE22 OCSPCA2 +copy_cert OCSPEE23 OCSPCA2 +copy_cert OCSPEE31 OCSPCA3 +copy_cert OCSPEE32 OCSPCA3 +copy_cert OCSPEE33 OCSPCA3 + +copy_key OCSPRoot +copy_key OCSPCA1 +copy_key OCSPCA2 +copy_key OCSPCA3 + |