renewcerts.sh 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598
  1. #!/bin/bash
  2. # renewcerts.sh
  3. #
  4. # renews the following certs:
  5. # client-cert.pem
  6. # client-cert.der
  7. # client-ecc-cert.pem
  8. # client-ecc-cert.der
  9. # ca-cert.pem
  10. # ca-cert.der
  11. # ca-ecc-cert.pem
  12. # ca-ecc-cert.der
  13. # ca-ecc384-cert.pem
  14. # ca-ecc384-cert.der
  15. # server-cert.pem
  16. # server-cert.der
  17. # server-ecc-rsa.pem
  18. # server-ecc.pem
  19. # 1024/client-cert.der
  20. # 1024/client-cert.pem
  21. # server-ecc-comp.pem
  22. # client-ca.pem
  23. # test/digsigku.pem
  24. # ecc-privOnlyCert.pem
  25. # client-uri-cert.pem
  26. # client-relative-uri.pem
  27. # updates the following crls:
  28. # crl/cliCrl.pem
  29. # crl/crl.pem
  30. # crl/crl.revoked
  31. # crl/eccCliCRL.pem
  32. # crl/eccSrvCRL.pem
  33. # if HAVE_NTRU
  34. # ntru-cert.pem
  35. # ntru-key.raw
  36. ###############################################################################
  37. ######################## FUNCTIONS SECTION ####################################
  38. ###############################################################################
  39. #the function that will be called when we are ready to renew the certs.
  40. function run_renewcerts(){
  41. cd certs/
  42. echo ""
  43. #move the custom cnf into our working directory
  44. cp renewcerts/wolfssl.cnf wolfssl.cnf
  45. # To generate these all in sha1 add the flag "-sha1" on appropriate lines
  46. # That is all lines beginning with: "openssl req"
  47. ############################################################
  48. #### update the self-signed (2048-bit) client-uri-cert.pem #
  49. ############################################################
  50. echo "Updating 2048-bit client-uri-cert.pem"
  51. echo ""
  52. #pipe the following arguments to openssl req...
  53. echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nURI\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr
  54. openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions uri -signkey client-key.pem -out client-uri-cert.pem
  55. rm client-cert.csr
  56. openssl x509 -in client-uri-cert.pem -text > tmp.pem
  57. mv tmp.pem client-uri-cert.pem
  58. ############################################################
  59. #### update the self-signed (2048-bit) client-relative-uri.pem
  60. ############################################################
  61. echo "Updating 2048-bit client-relative-uri.pem"
  62. echo ""
  63. #pipe the following arguments to openssl req...
  64. echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nRELATIVE_URI\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr
  65. openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions relative_uri -signkey client-key.pem -out client-relative-uri.pem
  66. rm client-cert.csr
  67. openssl x509 -in client-relative-uri.pem -text > tmp.pem
  68. mv tmp.pem client-relative-uri.pem
  69. ############################################################
  70. #### update the self-signed (2048-bit) client-cert.pem #####
  71. ############################################################
  72. echo "Updating 2048-bit client-cert.pem"
  73. echo ""
  74. #pipe the following arguments to openssl req...
  75. echo -e "US\nMontana\nBozeman\nwolfSSL_2048\nProgramming-2048\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key client-key.pem -nodes -out client-cert.csr
  76. openssl x509 -req -in client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey client-key.pem -out client-cert.pem
  77. rm client-cert.csr
  78. openssl x509 -in client-cert.pem -text > tmp.pem
  79. mv tmp.pem client-cert.pem
  80. ############################################################
  81. #### update the self-signed (3072-bit) client-cert.pem #####
  82. ############################################################
  83. echo "Updating 3072-bit client-cert.pem"
  84. echo ""
  85. #pipe the following arguments to openssl req...
  86. echo -e "US\nMontana\nBozeman\nwolfSSL_3072\nProgramming-3072\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -newkey rsa:3072 -keyout client-key-3072.pem -nodes -out client-cert-3072.csr
  87. openssl x509 -req -in client-cert-3072.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey client-key-3072.pem -out client-cert-3072.pem
  88. rm client-cert-3072.csr
  89. openssl x509 -in client-cert-3072.pem -text > tmp.pem
  90. mv tmp.pem client-cert-3072.pem
  91. ############################################################
  92. #### update the self-signed (1024-bit) client-cert.pem #####
  93. ############################################################
  94. echo "Updating 1024-bit client-cert.pem"
  95. echo ""
  96. #pipe the following arguments to openssl req...
  97. echo -e "US\nMontana\nBozeman\nwolfSSL_1024\nProgramming-1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/client-key.pem -nodes -out \1024/client-cert.csr
  98. openssl x509 -req -in \1024/client-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey \1024/client-key.pem -out \1024/client-cert.pem
  99. rm \1024/client-cert.csr
  100. openssl x509 -in \1024/client-cert.pem -text > \1024/tmp.pem
  101. mv \1024/tmp.pem \1024/client-cert.pem
  102. ############################################################
  103. ########## update the self-signed ca-cert.pem ##############
  104. ############################################################
  105. echo "Updating ca-cert.pem"
  106. echo ""
  107. #pipe the following arguments to openssl req...
  108. echo -e "US\nMontana\nBozeman\nSawtooth\nConsulting\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-key.pem -nodes -out ca-cert.csr
  109. openssl x509 -req -in ca-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ca-key.pem -out ca-cert.pem
  110. rm ca-cert.csr
  111. openssl x509 -in ca-cert.pem -text > tmp.pem
  112. mv tmp.pem ca-cert.pem
  113. ############################################################
  114. ########## update the self-signed ca-ecc-cert.pem ##########
  115. ############################################################
  116. echo "Updating ca-ecc-cert.pem"
  117. echo ""
  118. #pipe the following arguments to openssl req...
  119. echo -e "US\nWashington\nSeattle\nwolfSSL\nDevelopment\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-ecc-key.pem -nodes -out ca-ecc-cert.csr
  120. openssl x509 -req -in ca-ecc-cert.csr -days 1000 -extfile wolfssl.cnf -extensions ca_ecc_cert -signkey ca-ecc-key.pem -out ca-ecc-cert.pem
  121. rm ca-ecc-cert.csr
  122. openssl x509 -in ca-ecc-cert.pem -text > tmp.pem
  123. mv tmp.pem ca-ecc-cert.pem
  124. ############################################################
  125. ########## update the self-signed ca-ecc384-cert.pem #######
  126. ############################################################
  127. echo "Updating ca-ecc384-cert.pem"
  128. echo ""
  129. #pipe the following arguments to openssl req...
  130. echo -e "US\nWashington\nSeattle\nwolfSSL\nDevelopment\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ca-ecc384-key.pem -nodes -sha384 -out ca-ecc384-cert.csr
  131. openssl x509 -req -in ca-ecc384-cert.csr -days 1000 -extfile wolfssl.cnf -extensions ca_ecc_cert -signkey ca-ecc384-key.pem -sha384 -out ca-ecc384-cert.pem
  132. rm ca-ecc384-cert.csr
  133. openssl x509 -in ca-ecc384-cert.pem -text > tmp.pem
  134. mv tmp.pem ca-ecc384-cert.pem
  135. ############################################################
  136. ##### update the self-signed (1024-bit) ca-cert.pem ########
  137. ############################################################
  138. echo "Updating 1024-bit ca-cert.pem"
  139. echo ""
  140. #pipe the following arguments to openssl req...
  141. echo -e "US\nMontana\nBozeman\nSawtooth\nConsulting_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/ca-key.pem -nodes -sha1 -out \1024/ca-cert.csr
  142. openssl x509 -req -in \1024/ca-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey \1024/ca-key.pem -out \1024/ca-cert.pem
  143. rm \1024/ca-cert.csr
  144. openssl x509 -in \1024/ca-cert.pem -text > \1024/tmp.pem
  145. mv \1024/tmp.pem \1024/ca-cert.pem
  146. ###########################################################
  147. ########## update and sign server-cert.pem ################
  148. ###########################################################
  149. echo "Updating server-cert.pem"
  150. echo ""
  151. #pipe the following arguments to openssl req...
  152. echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > server-req.pem
  153. openssl x509 -req -in server-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
  154. rm server-req.pem
  155. openssl x509 -in ca-cert.pem -text > ca_tmp.pem
  156. openssl x509 -in server-cert.pem -text > srv_tmp.pem
  157. mv srv_tmp.pem server-cert.pem
  158. cat ca_tmp.pem >> server-cert.pem
  159. rm ca_tmp.pem
  160. ###########################################################
  161. ########## update and sign server-revoked-key.pem #########
  162. ###########################################################
  163. echo "Updating server-revoked-cert.pem"
  164. echo ""
  165. #pipe the following arguments to openssl req...
  166. echo -e "US\nMontana\nBozeman\nwolfSSL_revoked\nSupport_revoked\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-revoked-key.pem -nodes > server-revoked-req.pem
  167. openssl x509 -req -in server-revoked-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > server-revoked-cert.pem
  168. rm server-revoked-req.pem
  169. openssl x509 -in ca-cert.pem -text > ca_tmp.pem
  170. openssl x509 -in server-revoked-cert.pem -text > srv_tmp.pem
  171. mv srv_tmp.pem server-revoked-cert.pem
  172. cat ca_tmp.pem >> server-revoked-cert.pem
  173. rm ca_tmp.pem
  174. ###########################################################
  175. ########## update and sign server-duplicate-policy.pem ####
  176. ###########################################################
  177. echo "Updating server-duplicate-policy.pem"
  178. echo ""
  179. #pipe the following arguments to openssl req...
  180. echo -e "US\nMontana\nBozeman\nwolfSSL\ntesting duplicate policy\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key server-key.pem -nodes > ./test/server-duplicate-policy-req.pem
  181. openssl x509 -req -in ./test/server-duplicate-policy-req.pem -extfile wolfssl.cnf -extensions policy_test -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 > ./test/server-duplicate-policy.pem
  182. rm ./test/server-duplicate-policy-req.pem
  183. openssl x509 -in ca-cert.pem -text > ca_tmp.pem
  184. openssl x509 -in ./test/server-duplicate-policy.pem -text > srv_tmp.pem
  185. mv srv_tmp.pem ./test/server-duplicate-policy.pem
  186. cat ca_tmp.pem >> ./test/server-duplicate-policy.pem
  187. rm ca_tmp.pem
  188. ###########################################################
  189. #### update and sign (1024-bit) server-cert.pem ###########
  190. ###########################################################
  191. echo "Updating 1024-bit server-cert.pem"
  192. echo ""
  193. #pipe the following arguments to openssl req...
  194. echo -e "US\nMontana\nBozeman\nwolfSSL\nSupport_1024\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key \1024/server-key.pem -nodes -sha1 > \1024/server-req.pem
  195. openssl x509 -req -in \1024/server-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA \1024/ca-cert.pem -CAkey \1024/ca-key.pem -set_serial 01 > \1024/server-cert.pem
  196. rm \1024/server-req.pem
  197. openssl x509 -in \1024/ca-cert.pem -text > \1024/ca_tmp.pem
  198. openssl x509 -in \1024/server-cert.pem -text > \1024/srv_tmp.pem
  199. mv \1024/srv_tmp.pem \1024/server-cert.pem
  200. cat \1024/ca_tmp.pem >> \1024/server-cert.pem
  201. rm \1024/ca_tmp.pem
  202. ############################################################
  203. ########## update and sign the server-ecc-rsa.pem ##########
  204. ############################################################
  205. echo "Updating server-ecc-rsa.pem"
  206. echo ""
  207. echo -e "US\nMontana\nBozeman\nElliptic - RSAsig\nECC-RSAsig\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes > server-ecc-req.pem
  208. openssl x509 -req -in server-ecc-req.pem -extfile wolfssl.cnf -extensions wolfssl_opts -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-ecc-rsa.pem
  209. rm server-ecc-req.pem
  210. openssl x509 -in server-ecc-rsa.pem -text > tmp.pem
  211. mv tmp.pem server-ecc-rsa.pem
  212. ############################################################
  213. ####### update the self-signed client-ecc-cert.pem #########
  214. ############################################################
  215. echo "Updating client-ecc-cert.pem"
  216. echo ""
  217. #pipe the following arguments to openssl req...
  218. echo -e "US\nOregon\nSalem\nClient ECC\nFast\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-client-key.pem -nodes -out client-ecc-cert.csr
  219. openssl x509 -req -in client-ecc-cert.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ecc-client-key.pem -out client-ecc-cert.pem
  220. rm client-ecc-cert.csr
  221. openssl x509 -in client-ecc-cert.pem -text > tmp.pem
  222. mv tmp.pem client-ecc-cert.pem
  223. ############################################################
  224. ########## update the server-ecc.pem #######################
  225. ############################################################
  226. echo "Updating server-ecc.pem"
  227. echo ""
  228. #pipe the following arguments to openssl req...
  229. echo -e "US\nWashington\nSeattle\nEliptic\nECC\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -out server-ecc.csr
  230. openssl x509 -req -in server-ecc.csr -days 1000 -extfile wolfssl.cnf -extensions server_ecc -CAfile ca-ecc-cert.pem -CAkey ca-ecc-key.pem -out server-ecc.pem
  231. rm server-ecc.csr
  232. openssl x509 -in server-ecc.pem -text > tmp.pem
  233. mv tmp.pem server-ecc.pem
  234. ############################################################
  235. ###### update the self-signed server-ecc-comp.pem ##########
  236. ############################################################
  237. echo "Updating server-ecc-comp.pem"
  238. echo ""
  239. #pipe the following arguments to openssl req...
  240. echo -e "US\nMontana\nBozeman\nElliptic - comp\nServer ECC-comp\nwww.wolfssl.com\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ecc-key-comp.pem -nodes -out server-ecc-comp.csr
  241. openssl x509 -req -in server-ecc-comp.csr -days 1000 -extfile wolfssl.cnf -extensions wolfssl_opts -signkey ecc-key-comp.pem -out server-ecc-comp.pem
  242. rm server-ecc-comp.csr
  243. openssl x509 -in server-ecc-comp.pem -text > tmp.pem
  244. mv tmp.pem server-ecc-comp.pem
  245. ############################################################
  246. ############## create the client-ca.pem file ###############
  247. ############################################################
  248. echo "Updating client-ca.pem"
  249. echo ""
  250. cat client-cert.pem client-ecc-cert.pem > client-ca.pem
  251. ############################################################
  252. ###### update the self-signed ecc-privOnlyCert.pem #########
  253. ############################################################
  254. echo "Updating ecc-privOnlyCert.pem"
  255. echo ""
  256. #pipe the following arguments to openssl req...
  257. echo -e ".\n.\n.\nWR\n.\nDE\n.\n.\n.\n" | openssl req -new -key ecc-privOnlyKey.pem -nodes -out ecc-privOnly.csr
  258. openssl x509 -req -in ecc-privOnly.csr -days 1000 -signkey ecc-privOnlyKey.pem -out ecc-privOnlyCert.pem
  259. rm ecc-privOnly.csr
  260. ############################################################
  261. ###### update the self-signed test/digsigku.pem ##########
  262. ############################################################
  263. echo "Updating test/digsigku.pem"
  264. echo ""
  265. #pipe the following arguments to openssl req...
  266. echo -e "US\nWashington\nSeattle\nFoofarah\nArglebargle\nfoobarbaz\ninfo@worlss.com\n.\n.\n" | openssl req -new -key ecc-key.pem -nodes -sha1 -out digsigku.csr
  267. openssl x509 -req -in digsigku.csr -days 1000 -extfile wolfssl.cnf -extensions digsigku -signkey ecc-key.pem -sha1 -set_serial 16393466893990650224 -out digsigku.pem
  268. rm digsigku.csr
  269. openssl x509 -in digsigku.pem -text > tmp.pem
  270. mv tmp.pem digsigku.pem
  271. mv digsigku.pem test/digsigku.pem
  272. ############################################################
  273. ########## make .der files from .pem files #################
  274. ############################################################
  275. echo "Creating der formatted certs..."
  276. echo ""
  277. openssl x509 -inform PEM -in \1024/client-cert.pem -outform DER -out \1024/client-cert.der
  278. openssl x509 -inform PEM -in \1024/server-cert.pem -outform DER -out \1024/server-cert.der
  279. openssl x509 -inform PEM -in \1024/ca-cert.pem -outform DER -out \1024/ca-cert.der
  280. openssl x509 -inform PEM -in ca-cert.pem -outform DER -out ca-cert.der
  281. openssl x509 -inform PEM -in ca-ecc-cert.pem -outform DER -out ca-ecc-cert.der
  282. openssl x509 -inform PEM -in ca-ecc384-cert.pem -outform DER -out ca-ecc384-cert.der
  283. openssl x509 -inform PEM -in client-cert.pem -outform DER -out client-cert.der
  284. openssl x509 -inform PEM -in server-cert.pem -outform DER -out server-cert.der
  285. openssl x509 -inform PEM -in client-ecc-cert.pem -outform DER -out client-ecc-cert.der
  286. openssl x509 -inform PEM -in server-ecc-rsa.pem -outform DER -out server-ecc-rsa.der
  287. openssl x509 -inform PEM -in server-ecc.pem -outform DER -out server-ecc.der
  288. openssl x509 -inform PEM -in server-ecc-comp.pem -outform DER -out server-ecc-comp.der
  289. ############################################################
  290. ###### update the ecc-rsa-server.p12 file ##################
  291. ############################################################
  292. echo "Updating ecc-rsa-server.p12 (password is \"\")"
  293. echo ""
  294. echo "" | openssl pkcs12 -des3 -descert -export -in server-ecc-rsa.pem -inkey ecc-key.pem -certfile server-ecc.pem -out ecc-rsa-server.p12 -password stdin
  295. ############################################################
  296. ###### update the test-servercert.p12 file #################
  297. ############################################################
  298. echo "Updating test-servercert.p12 (password is \"wolfSSL test\")"
  299. echo ""
  300. echo "wolfSSL test" | openssl pkcs12 -des3 -descert -export -in server-cert.pem -inkey server-key.pem -certfile ca-cert.pem -out test-servercert.p12 -password stdin
  301. ############################################################
  302. ###### calling gen-ext-certs.sh ##################
  303. ############################################################
  304. echo "Calling gen-ext-certs.sh"
  305. echo ""
  306. cd ..
  307. ./certs/test/gen-ext-certs.sh
  308. cd ./certs
  309. ############################################################
  310. ###### calling gen-badsig.sh ##################
  311. ############################################################
  312. echo "Calling gen-badsig.sh"
  313. echo ""
  314. cd ./test
  315. ./gen-badsig.sh
  316. cd ../
  317. ############################################################
  318. ########## generate ocsp certs ######################
  319. ############################################################
  320. echo "Changing directory to ocsp..."
  321. echo ""
  322. # guard against recursive calls to renewcerts.sh
  323. if [ -d ocsp ]; then
  324. cd ./ocsp
  325. echo "Execute ./renewcerts.sh..."
  326. ./renewcerts.sh
  327. cd ../
  328. else
  329. echo "Error could not find ocsp directory"
  330. exit 1
  331. fi
  332. ############################################################
  333. ###### calling assemble-chains.sh ##################
  334. ############################################################
  335. echo "Calling assemble-chains.sh"
  336. echo ""
  337. cd ./test-pathlen
  338. ./assemble-chains.sh
  339. cd ../
  340. ############################################################
  341. ########## store DER files as buffers ######################
  342. ############################################################
  343. echo "Changing directory to wolfssl root..."
  344. echo ""
  345. cd ../
  346. echo "Execute ./gencertbuf.pl..."
  347. echo ""
  348. ./gencertbuf.pl
  349. ############################################################
  350. ########## generate the new crls ###########################
  351. ############################################################
  352. echo "Change directory to wolfssl/certs"
  353. echo ""
  354. cd certs
  355. echo "We are back in the certs directory"
  356. echo ""
  357. echo "Updating the crls..."
  358. echo ""
  359. cd crl
  360. echo "changed directory: cd/crl"
  361. echo ""
  362. ./gencrls.sh
  363. echo "ran ./gencrls.sh"
  364. echo ""
  365. #cleanup the file system now that we're done
  366. echo "Performing final steps, cleaning up the file system..."
  367. echo ""
  368. rm ../wolfssl.cnf
  369. }
  370. #function for restoring a previous configure state
  371. function restore_config(){
  372. mv tmp.status config.status
  373. mv tmp.options.h wolfssl/options.h
  374. make clean
  375. make -j 8
  376. }
  377. #function for copy and pasting ntru updates
  378. function move_ntru(){
  379. cp ntru-cert.pem certs/ntru-cert.pem
  380. cp ntru-key.raw certs/ntru-key.raw
  381. cp ntru-cert.der certs/ntru-cert.der
  382. }
  383. ###############################################################################
  384. ##################### THE EXECUTABLE BODY #####################################
  385. ###############################################################################
  386. #start in root.
  387. cd ../
  388. #if HAVE_NTRU already defined && there is no argument
  389. if grep HAVE_NTRU "wolfssl/options.h" && [ -z "$1" ]
  390. then
  391. #run the function to renew the certs
  392. run_renewcerts
  393. # run_renewcerts will end in the wolfssl/certs/crl dir, backup to root.
  394. cd ../../
  395. echo "changed directory to wolfssl root directory."
  396. echo ""
  397. echo ""
  398. echo "Enter directory to ed25519 certificate generation example."
  399. echo "Can be found at https://github.com/wolfSSL/wolfssl-examples"
  400. read ED25519_DIR
  401. if [ -d "${ED25519_DIR}" ]; then
  402. pushd ./certs/ed25519
  403. ./gen-ed25519.sh ${ED25519_DIR}
  404. popd
  405. else
  406. echo "Unable to find directory ${ED25519_DIR}"
  407. exit 1
  408. fi
  409. ############################################################
  410. ########## update ntru if already installed ################
  411. ############################################################
  412. # We cannot assume that user has certgen and keygen enabled
  413. ./configure --with-ntru --enable-certgen --enable-keygen
  414. make check
  415. #copy/paste ntru-certs and key to certs/
  416. move_ntru
  417. #else if there was an argument given, check it for validity or print out error
  418. elif [ ! -z "$1" ]; then
  419. #valid argument then renew certs without ntru
  420. if [ "$1" == "--override-ntru" ]; then
  421. echo "overriding ntru, update all certs except ntru."
  422. run_renewcerts
  423. #valid argument create ed25519 certificates
  424. elif [ "$1" == "--ed25519" ] || [ "$2" == "--ed25519" ]; then
  425. echo ""
  426. echo "Enter directory to ed25519 certificate generation example."
  427. echo "Can be found at https://github.com/wolfSSL/wolfssl-examples"
  428. read ED25519_DIR
  429. pushd ./certs/ed25519
  430. ./gen-ed25519.sh ${ED25519_DIR}
  431. popd
  432. #valid argument print out other valid arguments
  433. elif [ "$1" == "-h" ] || [ "$1" == "-help" ]; then
  434. echo ""
  435. echo "\"no argument\" will attempt to update all certificates"
  436. echo "--override-ntru updates all certificates except ntru"
  437. echo "--ed25519 updates all ed25519 certificates"
  438. echo "-h or -help display this menu"
  439. echo ""
  440. echo ""
  441. #else the argument was invalid, tell user to use -h or -help
  442. else
  443. echo ""
  444. echo "That is not a valid option."
  445. echo ""
  446. echo "use -h or -help for a list of available options."
  447. echo ""
  448. fi
  449. #else HAVE_NTRU not already defined
  450. else
  451. echo "Saving the configure state"
  452. echo ""
  453. cp config.status tmp.status
  454. cp wolfssl/options.h tmp.options.h
  455. echo "Running make clean"
  456. echo ""
  457. make clean
  458. #attempt to define ntru by configuring with ntru
  459. echo "Configuring with ntru, enabling certgen and keygen"
  460. echo ""
  461. ./configure --with-ntru --enable-certgen --enable-keygen
  462. make check
  463. # check options.h a second time, if the user had
  464. # ntru installed on their system and in the default
  465. # path location, then it will now be defined, if the
  466. # user does not have ntru on their system this will fail
  467. # again and we will not update any certs until user installs
  468. # ntru in the default location
  469. # if now defined
  470. if grep HAVE_NTRU "wolfssl/options.h"; then
  471. run_renewcerts
  472. #run_renewcerts leaves us in wolfssl/certs/crl, backup to root
  473. cd ../../
  474. echo "changed directory to wolfssl root directory."
  475. echo ""
  476. move_ntru
  477. echo "ntru-certs, and ntru-key.raw have been updated"
  478. echo ""
  479. # restore previous configure state
  480. restore_config
  481. else
  482. # restore previous configure state
  483. restore_config
  484. echo ""
  485. echo "ntru is not installed at the default location,"
  486. echo "or ntru not installed, none of the certs were updated."
  487. echo ""
  488. echo "clone the ntru repository into your \"cd ~\" directory then,"
  489. echo "\"cd NTRUEncrypt\" and run \"make\" then \"make install\""
  490. echo "once complete run this script again to update all the certs."
  491. echo ""
  492. echo "To update all certs except ntru use \"./renewcerts.sh --override-ntru\""
  493. echo ""
  494. fi #END now defined
  495. fi #END already defined
  496. exit 0