123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222 |
- #!/bin/sh
- check_result(){
- if [ $1 -ne 0 ]; then
- echo "Step failed, Abort"
- exit 1
- else
- echo "Step Succeeded!"
- fi
- }
- setup_files() {
-
- echo "setting up the file system for generating the crls..."
- echo ""
- mkdir demoCA || exit 1
- touch ./demoCA/index.txt || exit 1
- touch ./index.txt || exit 1
- touch ../crl/index.txt || exit 1
- touch ./crlnumber || exit 1
- touch ../crl/crlnumber || exit 1
- echo "01" >> crlnumber || exit 1
- echo "01" >> ../crl/crlnumber || exit 1
- touch ./blank.index.txt || exit 1
- touch ./demoCA/index.txt.attr || exit 1
- touch ../crl/index.txt.attr || exit 1
- }
- cleanup_files() {
- rm blank.index.txt || exit 1
- rm index.* || exit 1
- rm crlnumber* || exit 1
- rm -rf demoCA || exit 1
- echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
- echo " ../crl/index.txt"
- echo ""
- exit 0
- }
- trap cleanup_files EXIT
- setup_files
- echo "Step 1"
- openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl2.pem -keyfile ../client-key.pem -cert ../client-cert.pem
- check_result $?
- echo "Step 2"
- openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
- check_result $?
- echo "Step 3"
- openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
- check_result $?
- echo "Step 4"
- openssl crl -in crl.pem -text > tmp
- check_result $?
- mv tmp crl.pem
- echo "Step 5"
- openssl crl -in crl.pem -text > tmp
- check_result $?
- echo "Step 6"
- openssl crl -in crl2.pem -text >> tmp
- check_result $?
- mv tmp crl2.pem
- echo "Step 7"
- openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
- check_result $?
- echo "Step 8"
- openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.revoked -keyfile ../ca-key.pem -cert ../ca-cert.pem
- check_result $?
- echo "Step 9"
- openssl crl -in crl.revoked -text > tmp
- check_result $?
- mv tmp crl.revoked
- cp blank.index.txt demoCA/index.txt
- echo "Step 10"
- openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
- check_result $?
- echo "Step 11"
- openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out extra-crls/general-server-crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
- check_result $?
- cp blank.index.txt demoCA/index.txt
- echo "Step 12"
- openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../intermediate/ca-int-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
- openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out extra-crls/ca-int-cert-revoked.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
- cp blank.index.txt demoCA/index.txt
- echo "Step 13"
- openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
- check_result $?
- echo "Step 14"
- openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
- check_result $?
- echo "Step 15"
- openssl crl -in caEccCrl.pem -text > tmp
- check_result $?
- mv tmp caEccCrl.pem
- echo "Step 16"
- openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
- check_result $?
- echo "Step 17"
- openssl crl -in caEcc384Crl.pem -text > tmp
- check_result $?
- mv tmp caEcc384Crl.pem
- echo "Step 18"
- openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
- check_result $?
- echo "Step 19"
- openssl crl -in cliCrl.pem -text > tmp
- check_result $?
- mv tmp cliCrl.pem
- echo "Step 20"
- openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem
- check_result $?
- echo "Step 21"
- openssl crl -in eccCliCRL.pem -text > tmp
- check_result $?
- mv tmp eccCliCRL.pem
- echo "Step 22"
- openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem
- check_result $?
- echo "Step 23"
- openssl crl -in eccSrvCRL.pem -text > tmp
- check_result $?
- mv tmp eccSrvCRL.pem
- echo "Step 24"
- openssl ca -config ./wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
- check_result $?
- echo "Step 25"
- openssl ca -config ./wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
- check_result $?
- echo "Step 26"
- openssl crl -in crl.pem -inform PEM -out crl.der -outform DER
- openssl crl -in crl2.pem -inform PEM -out crl2.der -outform DER
- cp blank.index.txt demoCA/index.txt
- echo "Step 27 RSA-PSS revoke"
- openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../rsapss/server-rsapss.pem -keyfile ../rsapss/ca-rsapss-priv.pem -cert ../rsapss/ca-rsapss.pem
- check_result $?
- echo "Step 28 RSA-PSS"
- openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl_rsapss.pem -keyfile ../rsapss/ca-rsapss-priv.pem -cert ../rsapss/ca-rsapss.pem
- check_result $?
- echo "Step 29"
- openssl crl -in crl_rsapss.pem -text > tmp
- check_result $?
- mv tmp crl_rsapss.pem
- exit 0
|