#!/bin/bash DATA_DIR=$1 OCSP_DIR=$2 CERT_DIR=$3 TEST_PWD="nssnss" CONF_TEMPLATE="ocspd.conf.template" convert_cert() { CERT_NAME=$1 CERT_SIGNER=$2 openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM } convert_crl() { CRL_NAME=$1 openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM } convert_key() { KEY_NAME=$1 pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD} openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD} STATUS=0 cat ${DATA_DIR}/${KEY_NAME}.key.tmp | while read LINE; do echo "${LINE}" | grep "BEGIN RSA PRIVATE KEY" > /dev/null && STATUS=1 [ ${STATUS} -eq 1 ] && echo "${LINE}" echo "${LINE}" | grep "END RSA PRIVATE KEY" > /dev/null && break done > ${DATA_DIR}/${KEY_NAME}.key rm ${DATA_DIR}/${KEY_NAME}.key.tmp } create_conf() { CONF_FILE=$1 CA=$2 OCSP=$3 PORT=$4 cat ${CONF_TEMPLATE} | \ sed "s:@DIR@:${OCSP_DIR}:" | \ sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" | \ sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" | \ sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" | \ sed "s:@OCSP_PID@:${OCSP}.pid:" | \ sed "s:@PORT@:${PORT}:" \ > ${CONF_FILE} } copy_cert() { CERT_NAME=$1 CERT_SIGNER=$2 cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert } copy_key() { KEY_NAME=$1 cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12 } convert_cert OCSPRoot convert_crl OCSPRoot convert_key OCSPRoot convert_cert OCSPCA1 OCSPRoot convert_crl OCSPCA1 convert_key OCSPCA1 convert_cert OCSPCA2 OCSPRoot convert_crl OCSPCA2 convert_key OCSPCA2 convert_cert OCSPCA3 OCSPRoot convert_crl OCSPCA3 convert_key OCSPCA3 create_conf ocspd0.conf OCSPRoot ocspd0 2600 create_conf ocspd1.conf OCSPCA1 ocspd1 2601 create_conf ocspd2.conf OCSPCA2 ocspd2 2602 create_conf ocspd3.conf OCSPCA3 ocspd3 2603 copy_cert OCSPRoot copy_cert OCSPCA1 OCSPRoot copy_cert OCSPCA2 OCSPRoot copy_cert OCSPCA3 OCSPRoot copy_cert OCSPEE11 OCSPCA1 copy_cert OCSPEE12 OCSPCA1 copy_cert OCSPEE13 OCSPCA1 copy_cert OCSPEE14 OCSPCA1 copy_cert OCSPEE15 OCSPCA1 copy_cert OCSPEE21 OCSPCA2 copy_cert OCSPEE22 OCSPCA2 copy_cert OCSPEE23 OCSPCA2 copy_cert OCSPEE31 OCSPCA3 copy_cert OCSPEE32 OCSPCA3 copy_cert OCSPEE33 OCSPCA3 copy_key OCSPRoot copy_key OCSPCA1 copy_key OCSPCA2 copy_key OCSPCA3