| #!/bin/bash |
| |
| DATA_DIR=$1 |
| OCSP_DIR=$2 |
| CERT_DIR=$3 |
| |
| TEST_PWD="nssnss" |
| CONF_TEMPLATE="ocspd.conf.template" |
| |
| convert_cert() |
| { |
| CERT_NAME=$1 |
| CERT_SIGNER=$2 |
| |
| openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM |
| } |
| |
| convert_crl() |
| { |
| CRL_NAME=$1 |
| |
| openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM |
| } |
| |
| convert_key() |
| { |
| KEY_NAME=$1 |
| |
| pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD} |
| openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD} |
| |
| STATUS=0 |
| cat ${DATA_DIR}/${KEY_NAME}.key.tmp | while read LINE; do |
| echo "${LINE}" | grep "BEGIN ENCRYPTED PRIVATE KEY" > /dev/null && STATUS=1 |
| [ ${STATUS} -eq 1 ] && echo "${LINE}" |
| echo "${LINE}" | grep "END ENCRYPTED PRIVATE KEY" > /dev/null && break |
| done > ${DATA_DIR}/${KEY_NAME}.key |
| |
| rm ${DATA_DIR}/${KEY_NAME}.key.tmp |
| } |
| |
| create_conf() |
| { |
| CONF_FILE=$1 |
| CA=$2 |
| OCSP=$3 |
| PORT=$4 |
| |
| cat ${CONF_TEMPLATE} | \ |
| sed "s:@DIR@:${OCSP_DIR}:" | \ |
| sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" | \ |
| sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" | \ |
| sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" | \ |
| sed "s:@OCSP_PID@:${OCSP}.pid:" | \ |
| sed "s:@PORT@:${PORT}:" \ |
| > ${CONF_FILE} |
| } |
| |
| copy_cert() |
| { |
| CERT_NAME=$1 |
| CERT_SIGNER=$2 |
| |
| cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert |
| } |
| |
| |
| copy_key() |
| { |
| KEY_NAME=$1 |
| |
| cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12 |
| } |
| |
| convert_cert OCSPRoot |
| convert_crl OCSPRoot |
| convert_key OCSPRoot |
| |
| convert_cert OCSPCA1 OCSPRoot |
| convert_crl OCSPCA1 |
| convert_key OCSPCA1 |
| |
| convert_cert OCSPCA2 OCSPRoot |
| convert_crl OCSPCA2 |
| convert_key OCSPCA2 |
| |
| convert_cert OCSPCA3 OCSPRoot |
| convert_crl OCSPCA3 |
| convert_key OCSPCA3 |
| |
| create_conf ocspd0.conf OCSPRoot ocspd0 2600 |
| create_conf ocspd1.conf OCSPCA1 ocspd1 2601 |
| create_conf ocspd2.conf OCSPCA2 ocspd2 2602 |
| create_conf ocspd3.conf OCSPCA3 ocspd3 2603 |
| |
| copy_cert OCSPRoot |
| copy_cert OCSPCA1 OCSPRoot |
| copy_cert OCSPCA2 OCSPRoot |
| copy_cert OCSPCA3 OCSPRoot |
| copy_cert OCSPEE11 OCSPCA1 |
| copy_cert OCSPEE12 OCSPCA1 |
| copy_cert OCSPEE13 OCSPCA1 |
| copy_cert OCSPEE14 OCSPCA1 |
| copy_cert OCSPEE15 OCSPCA1 |
| copy_cert OCSPEE21 OCSPCA2 |
| copy_cert OCSPEE22 OCSPCA2 |
| copy_cert OCSPEE23 OCSPCA2 |
| copy_cert OCSPEE31 OCSPCA3 |
| copy_cert OCSPEE32 OCSPCA3 |
| copy_cert OCSPEE33 OCSPCA3 |
| |
| copy_key OCSPRoot |
| copy_key OCSPCA1 |
| copy_key OCSPCA2 |
| copy_key OCSPCA3 |
| |