From 5f8de423f190bbb79a62f804151bc24824fa32d8 Mon Sep 17 00:00:00 2001
From: "Matt A. Tobin" <mattatobin@localhost.localdomain>
Date: Fri, 2 Feb 2018 04:16:08 -0500
Subject: Add m-esr52 at 52.6.0

---
 .../nss/tests/chains/ocspd-config/ocspd-certs.sh   | 116 +++++++++++++++++++++
 .../tests/chains/ocspd-config/ocspd.conf.template  |  46 ++++++++
 security/nss/tests/chains/ocspd-config/readme      |   3 +
 3 files changed, 165 insertions(+)
 create mode 100755 security/nss/tests/chains/ocspd-config/ocspd-certs.sh
 create mode 100644 security/nss/tests/chains/ocspd-config/ocspd.conf.template
 create mode 100644 security/nss/tests/chains/ocspd-config/readme

(limited to 'security/nss/tests/chains/ocspd-config')

diff --git a/security/nss/tests/chains/ocspd-config/ocspd-certs.sh b/security/nss/tests/chains/ocspd-config/ocspd-certs.sh
new file mode 100755
index 000000000..2f7d45898
--- /dev/null
+++ b/security/nss/tests/chains/ocspd-config/ocspd-certs.sh
@@ -0,0 +1,116 @@
+#!/bin/bash
+
+DATA_DIR=$1
+OCSP_DIR=$2
+CERT_DIR=$3
+
+TEST_PWD="nssnss"
+CONF_TEMPLATE="ocspd.conf.template"
+
+convert_cert()
+{
+    CERT_NAME=$1
+    CERT_SIGNER=$2
+
+    openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM
+}
+
+convert_crl()
+{
+    CRL_NAME=$1
+
+    openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM
+}
+
+convert_key()
+{
+    KEY_NAME=$1
+
+    pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD}
+    openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD}
+
+    STATUS=0
+    cat ${DATA_DIR}/${KEY_NAME}.key.tmp | while read LINE; do
+        echo "${LINE}" | grep "BEGIN ENCRYPTED PRIVATE KEY" > /dev/null && STATUS=1
+        [ ${STATUS} -eq 1 ] && echo "${LINE}"
+        echo "${LINE}" | grep "END ENCRYPTED PRIVATE KEY" > /dev/null && break
+    done > ${DATA_DIR}/${KEY_NAME}.key
+    
+    rm ${DATA_DIR}/${KEY_NAME}.key.tmp
+}
+
+create_conf()
+{
+    CONF_FILE=$1
+    CA=$2
+    OCSP=$3
+    PORT=$4 
+
+    cat ${CONF_TEMPLATE} | \
+        sed "s:@DIR@:${OCSP_DIR}:" | \
+        sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" | \
+        sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" | \
+        sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" | \
+        sed "s:@OCSP_PID@:${OCSP}.pid:" | \
+        sed "s:@PORT@:${PORT}:" \
+        > ${CONF_FILE}
+}
+
+copy_cert()
+{
+    CERT_NAME=$1
+    CERT_SIGNER=$2
+
+    cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert
+}
+
+
+copy_key()
+{
+    KEY_NAME=$1
+
+    cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12
+}
+
+convert_cert OCSPRoot
+convert_crl OCSPRoot
+convert_key OCSPRoot
+
+convert_cert OCSPCA1 OCSPRoot
+convert_crl OCSPCA1
+convert_key OCSPCA1
+
+convert_cert OCSPCA2 OCSPRoot
+convert_crl OCSPCA2
+convert_key OCSPCA2
+
+convert_cert OCSPCA3 OCSPRoot
+convert_crl OCSPCA3
+convert_key OCSPCA3
+
+create_conf ocspd0.conf OCSPRoot ocspd0 2600
+create_conf ocspd1.conf OCSPCA1 ocspd1 2601
+create_conf ocspd2.conf OCSPCA2 ocspd2 2602
+create_conf ocspd3.conf OCSPCA3 ocspd3 2603
+
+copy_cert OCSPRoot
+copy_cert OCSPCA1 OCSPRoot
+copy_cert OCSPCA2 OCSPRoot
+copy_cert OCSPCA3 OCSPRoot
+copy_cert OCSPEE11 OCSPCA1
+copy_cert OCSPEE12 OCSPCA1
+copy_cert OCSPEE13 OCSPCA1
+copy_cert OCSPEE14 OCSPCA1
+copy_cert OCSPEE15 OCSPCA1
+copy_cert OCSPEE21 OCSPCA2
+copy_cert OCSPEE22 OCSPCA2
+copy_cert OCSPEE23 OCSPCA2
+copy_cert OCSPEE31 OCSPCA3
+copy_cert OCSPEE32 OCSPCA3
+copy_cert OCSPEE33 OCSPCA3
+
+copy_key OCSPRoot
+copy_key OCSPCA1
+copy_key OCSPCA2
+copy_key OCSPCA3
+
diff --git a/security/nss/tests/chains/ocspd-config/ocspd.conf.template b/security/nss/tests/chains/ocspd-config/ocspd.conf.template
new file mode 100644
index 000000000..456c74a16
--- /dev/null
+++ b/security/nss/tests/chains/ocspd-config/ocspd.conf.template
@@ -0,0 +1,46 @@
+[ ocspd ]
+
+default_ocspd = OCSPD_default
+
+[ OCSPD_default ]
+
+dir = @DIR@
+db = $dir/index.txt
+md = sha1
+
+ca_certificate = $dir/@CA_CERT@
+ocspd_certificate = $dir/@CA_CERT@
+ocspd_key = $dir/@CA_KEY@
+pidfile = $dir/@OCSP_PID@
+
+user = nobody 
+group = nobody
+
+bind = *
+port = @PORT@
+
+max_req_size = 8192
+threads_num = 150
+max_timeout_secs = 5
+crl_auto_reload = 3600
+crl_check_validity = 600
+crl_reload_expired = yes
+response = ocsp_response
+dbms = dbms_file
+
+[ ocsp_response ]
+
+dir = @DIR@
+next_update_days = 0
+next_update_mins = 5
+
+[ dbms_file ]
+
+0.ca = @first_ca
+
+[ first_ca ]
+
+crl_url = file:///@DIR@/@CA_CRL@
+ca_url  = file:///@DIR@/@CA_CERT@
+server_cert  = file:///@DIR@/@CA_CERT@
+
diff --git a/security/nss/tests/chains/ocspd-config/readme b/security/nss/tests/chains/ocspd-config/readme
new file mode 100644
index 000000000..5069af6fe
--- /dev/null
+++ b/security/nss/tests/chains/ocspd-config/readme
@@ -0,0 +1,3 @@
+OBSOLETE
+
+tests have been changed to use a local ocsp server (using httpserv)
-- 
cgit v1.2.3