blob: ccba63caed64e136ba23956fd8411b7a639a4ad8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
#!/bin/bash
DATA_DIR=$1
OCSP_DIR=$2
CERT_DIR=$3
TEST_PWD="nssnss"
CONF_TEMPLATE="ocspd.conf.template"
convert_cert()
{
CERT_NAME=$1
CERT_SIGNER=$2
openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM
}
convert_crl()
{
CRL_NAME=$1
openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM
}
convert_key()
{
KEY_NAME=$1
pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD}
openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD}
STATUS=0
cat ${DATA_DIR}/${KEY_NAME}.key.tmp | while read LINE; do
echo "${LINE}" | grep "BEGIN RSA PRIVATE KEY" > /dev/null && STATUS=1
[ ${STATUS} -eq 1 ] && echo "${LINE}"
echo "${LINE}" | grep "END RSA PRIVATE KEY" > /dev/null && break
done > ${DATA_DIR}/${KEY_NAME}.key
rm ${DATA_DIR}/${KEY_NAME}.key.tmp
}
create_conf()
{
CONF_FILE=$1
CA=$2
OCSP=$3
PORT=$4
cat ${CONF_TEMPLATE} | \
sed "s:@DIR@:${OCSP_DIR}:" | \
sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" | \
sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" | \
sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" | \
sed "s:@OCSP_PID@:${OCSP}.pid:" | \
sed "s:@PORT@:${PORT}:" \
> ${CONF_FILE}
}
copy_cert()
{
CERT_NAME=$1
CERT_SIGNER=$2
cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert
}
copy_key()
{
KEY_NAME=$1
cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12
}
convert_cert OCSPRoot
convert_crl OCSPRoot
convert_key OCSPRoot
convert_cert OCSPCA1 OCSPRoot
convert_crl OCSPCA1
convert_key OCSPCA1
convert_cert OCSPCA2 OCSPRoot
convert_crl OCSPCA2
convert_key OCSPCA2
convert_cert OCSPCA3 OCSPRoot
convert_crl OCSPCA3
convert_key OCSPCA3
create_conf ocspd0.conf OCSPRoot ocspd0 2600
create_conf ocspd1.conf OCSPCA1 ocspd1 2601
create_conf ocspd2.conf OCSPCA2 ocspd2 2602
create_conf ocspd3.conf OCSPCA3 ocspd3 2603
copy_cert OCSPRoot
copy_cert OCSPCA1 OCSPRoot
copy_cert OCSPCA2 OCSPRoot
copy_cert OCSPCA3 OCSPRoot
copy_cert OCSPEE11 OCSPCA1
copy_cert OCSPEE12 OCSPCA1
copy_cert OCSPEE13 OCSPCA1
copy_cert OCSPEE14 OCSPCA1
copy_cert OCSPEE15 OCSPCA1
copy_cert OCSPEE21 OCSPCA2
copy_cert OCSPEE22 OCSPCA2
copy_cert OCSPEE23 OCSPCA2
copy_cert OCSPEE31 OCSPCA3
copy_cert OCSPEE32 OCSPCA3
copy_cert OCSPEE33 OCSPCA3
copy_key OCSPRoot
copy_key OCSPCA1
copy_key OCSPCA2
copy_key OCSPCA3
|
