nss-3.41/nss/tests/chains/ocspd-config/ocspd-certs.sh - manifest_repos/nss - Git at Google

 #!/bin/bash

 DATA_DIR=$1
 OCSP_DIR=$2
 CERT_DIR=$3

 TEST_PWD="nssnss"
 CONF_TEMPLATE="ocspd.conf.template"

 convert_cert()
 {
     CERT_NAME=$1
     CERT_SIGNER=$2

     openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM
 }

 convert_crl()
 {
     CRL_NAME=$1

     openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM
 }

 convert_key()
 {
     KEY_NAME=$1

     pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD}
     openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD}

     STATUS=0
     cat ${DATA_DIR}/${KEY_NAME}.key.tmp | while read LINE; do
         echo "${LINE}" | grep "BEGIN ENCRYPTED PRIVATE KEY" > /dev/null && STATUS=1
         [ ${STATUS} -eq 1 ] && echo "${LINE}"
         echo "${LINE}" | grep "END ENCRYPTED PRIVATE KEY" > /dev/null && break
     done > ${DATA_DIR}/${KEY_NAME}.key

     rm ${DATA_DIR}/${KEY_NAME}.key.tmp
 }

 create_conf()
 {
     CONF_FILE=$1
     CA=$2
     OCSP=$3
     PORT=$4

     cat ${CONF_TEMPLATE} | \
         sed "s:@DIR@:${OCSP_DIR}:" | \
         sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" | \
         sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" | \
         sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" | \
         sed "s:@OCSP_PID@:${OCSP}.pid:" | \
         sed "s:@PORT@:${PORT}:" \
         > ${CONF_FILE}
 }

 copy_cert()
 {
     CERT_NAME=$1
     CERT_SIGNER=$2

     cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert
 }


 copy_key()
 {
     KEY_NAME=$1

     cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12
 }

 convert_cert OCSPRoot
 convert_crl OCSPRoot
 convert_key OCSPRoot

 convert_cert OCSPCA1 OCSPRoot
 convert_crl OCSPCA1
 convert_key OCSPCA1

 convert_cert OCSPCA2 OCSPRoot
 convert_crl OCSPCA2
 convert_key OCSPCA2

 convert_cert OCSPCA3 OCSPRoot
 convert_crl OCSPCA3
 convert_key OCSPCA3

 create_conf ocspd0.conf OCSPRoot ocspd0 2600
 create_conf ocspd1.conf OCSPCA1 ocspd1 2601
 create_conf ocspd2.conf OCSPCA2 ocspd2 2602
 create_conf ocspd3.conf OCSPCA3 ocspd3 2603

 copy_cert OCSPRoot
 copy_cert OCSPCA1 OCSPRoot
 copy_cert OCSPCA2 OCSPRoot
 copy_cert OCSPCA3 OCSPRoot
 copy_cert OCSPEE11 OCSPCA1
 copy_cert OCSPEE12 OCSPCA1
 copy_cert OCSPEE13 OCSPCA1
 copy_cert OCSPEE14 OCSPCA1
 copy_cert OCSPEE15 OCSPCA1
 copy_cert OCSPEE21 OCSPCA2
 copy_cert OCSPEE22 OCSPCA2
 copy_cert OCSPEE23 OCSPCA2
 copy_cert OCSPEE31 OCSPCA3
 copy_cert OCSPEE32 OCSPCA3
 copy_cert OCSPEE33 OCSPCA3

 copy_key OCSPRoot
 copy_key OCSPCA1
 copy_key OCSPCA2
 copy_key OCSPCA3
	#!/bin/bash

	DATA_DIR=$1
	OCSP_DIR=$2
	CERT_DIR=$3

	TEST_PWD="nssnss"
	CONF_TEMPLATE="ocspd.conf.template"

	convert_cert()
	{
	CERT_NAME=$1
	CERT_SIGNER=$2

	openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM
	}

	convert_crl()
	{
	CRL_NAME=$1

	openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM
	}

	convert_key()
	{
	KEY_NAME=$1

	pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD}
	openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD}

	STATUS=0
	cat ${DATA_DIR}/${KEY_NAME}.key.tmp \| while read LINE; do
	echo "${LINE}" \| grep "BEGIN ENCRYPTED PRIVATE KEY" > /dev/null && STATUS=1
	[ ${STATUS} -eq 1 ] && echo "${LINE}"
	echo "${LINE}" \| grep "END ENCRYPTED PRIVATE KEY" > /dev/null && break
	done > ${DATA_DIR}/${KEY_NAME}.key

	rm ${DATA_DIR}/${KEY_NAME}.key.tmp
	}

	create_conf()
	{
	CONF_FILE=$1
	CA=$2
	OCSP=$3
	PORT=$4

	cat ${CONF_TEMPLATE} \| \
	sed "s:@DIR@:${OCSP_DIR}:" \| \
	sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" \| \
	sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" \| \
	sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" \| \
	sed "s:@OCSP_PID@:${OCSP}.pid:" \| \
	sed "s:@PORT@:${PORT}:" \
	> ${CONF_FILE}
	}

	copy_cert()
	{
	CERT_NAME=$1
	CERT_SIGNER=$2

	cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert
	}


	copy_key()
	{
	KEY_NAME=$1

	cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12
	}

	convert_cert OCSPRoot
	convert_crl OCSPRoot
	convert_key OCSPRoot

	convert_cert OCSPCA1 OCSPRoot
	convert_crl OCSPCA1
	convert_key OCSPCA1

	convert_cert OCSPCA2 OCSPRoot
	convert_crl OCSPCA2
	convert_key OCSPCA2

	convert_cert OCSPCA3 OCSPRoot
	convert_crl OCSPCA3
	convert_key OCSPCA3

	create_conf ocspd0.conf OCSPRoot ocspd0 2600
	create_conf ocspd1.conf OCSPCA1 ocspd1 2601
	create_conf ocspd2.conf OCSPCA2 ocspd2 2602
	create_conf ocspd3.conf OCSPCA3 ocspd3 2603

	copy_cert OCSPRoot
	copy_cert OCSPCA1 OCSPRoot
	copy_cert OCSPCA2 OCSPRoot
	copy_cert OCSPCA3 OCSPRoot
	copy_cert OCSPEE11 OCSPCA1
	copy_cert OCSPEE12 OCSPCA1
	copy_cert OCSPEE13 OCSPCA1
	copy_cert OCSPEE14 OCSPCA1
	copy_cert OCSPEE15 OCSPCA1
	copy_cert OCSPEE21 OCSPCA2
	copy_cert OCSPEE22 OCSPCA2
	copy_cert OCSPEE23 OCSPCA2
	copy_cert OCSPEE31 OCSPCA3
	copy_cert OCSPEE32 OCSPCA3
	copy_cert OCSPEE33 OCSPCA3

	copy_key OCSPRoot
	copy_key OCSPCA1
	copy_key OCSPCA2
	copy_key OCSPCA3