gencrls.sh 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185
  1. #!/bin/bash
  2. # gencrls, crl config already done, see taoCerts.txt for setup
  3. check_result(){
  4. if [ $1 -ne 0 ]; then
  5. echo "Step failed, Abort"
  6. exit 1
  7. else
  8. echo "Step Succeeded!"
  9. fi
  10. }
  11. setup_files() {
  12. #set up the file system for updating the crls
  13. echo "setting up the file system for generating the crls..."
  14. echo ""
  15. mkdir demoCA || exit 1
  16. touch ./demoCA/index.txt || exit 1
  17. touch ./index.txt || exit 1
  18. touch ../crl/index.txt || exit 1
  19. touch ./crlnumber || exit 1
  20. touch ../crl/crlnumber || exit 1
  21. echo "01" >> crlnumber || exit 1
  22. echo "01" >> ../crl/crlnumber || exit 1
  23. touch ./blank.index.txt || exit 1
  24. touch ./demoCA/index.txt.attr || exit 1
  25. touch ../crl/index.txt.attr || exit 1
  26. }
  27. cleanup_files() {
  28. rm blank.index.txt || exit 1
  29. rm index.* || exit 1
  30. rm crlnumber* || exit 1
  31. rm -rf demoCA || exit 1
  32. echo "Removed ../wolfssl.cnf, blank.index.txt, index.*, crlnumber*, demoCA/"
  33. echo " ../crl/index.txt"
  34. echo ""
  35. exit 0
  36. }
  37. trap cleanup_files EXIT
  38. #setup the files
  39. setup_files
  40. # caCrl
  41. # revoke server-revoked-cert.pem
  42. echo "Step 1"
  43. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl2.pem -keyfile ../client-key.pem -cert ../client-cert.pem
  44. check_result $?
  45. echo "Step 2"
  46. openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
  47. check_result $?
  48. echo "Step 3"
  49. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
  50. check_result $?
  51. # metadata
  52. echo "Step 4"
  53. openssl crl -in crl.pem -text > tmp
  54. check_result $?
  55. mv tmp crl.pem
  56. # install (only needed if working outside wolfssl)
  57. #cp crl.pem ~/wolfssl/certs/crl/crl.pem
  58. # crl2 create
  59. echo "Step 5"
  60. openssl crl -in crl.pem -text > tmp
  61. check_result $?
  62. echo "Step 6"
  63. openssl crl -in crl2.pem -text >> tmp
  64. check_result $?
  65. mv tmp crl2.pem
  66. # caCrl server revoked
  67. echo "Step 7"
  68. openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-cert.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem
  69. check_result $?
  70. # caCrl server revoked generation
  71. echo "Step 8"
  72. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.revoked -keyfile ../ca-key.pem -cert ../ca-cert.pem
  73. check_result $?
  74. # metadata
  75. echo "Step 9"
  76. openssl crl -in crl.revoked -text > tmp
  77. check_result $?
  78. mv tmp crl.revoked
  79. # install (only needed if working outside wolfssl)
  80. #cp crl.revoked ~/wolfssl/certs/crl/crl.revoked
  81. # remove revoked so next time through the normal CA won't have server revoked
  82. cp blank.index.txt demoCA/index.txt
  83. # caEccCrl
  84. echo "Step 10"
  85. openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
  86. check_result $?
  87. echo "Step 11"
  88. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
  89. check_result $?
  90. # metadata
  91. echo "Step 12"
  92. openssl crl -in caEccCrl.pem -text > tmp
  93. check_result $?
  94. mv tmp caEccCrl.pem
  95. # install (only needed if working outside wolfssl)
  96. #cp caEccCrl.pem ~/wolfssl/certs/crl/caEccCrl.pem
  97. # caEcc384Crl
  98. # server-revoked-cert.pem is already revoked in Step 10
  99. #openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-revoked-cert.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
  100. echo "Step 13"
  101. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
  102. check_result $?
  103. # metadata
  104. echo "Step 14"
  105. openssl crl -in caEcc384Crl.pem -text > tmp
  106. check_result $?
  107. mv tmp caEcc384Crl.pem
  108. # install (only needed if working outside wolfssl)
  109. #cp caEcc384Crl.pem ~/wolfssl/certs/crl/caEcc384Crl.pem
  110. # cliCrl
  111. echo "Step 15"
  112. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out cliCrl.pem -keyfile ../client-key.pem -cert ../client-cert.pem
  113. check_result $?
  114. # metadata
  115. echo "Step 16"
  116. openssl crl -in cliCrl.pem -text > tmp
  117. check_result $?
  118. mv tmp cliCrl.pem
  119. # install (only needed if working outside wolfssl)
  120. #cp cliCrl.pem ~/wolfssl/certs/crl/cliCrl.pem
  121. # eccCliCRL
  122. echo "Step 17"
  123. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccCliCRL.pem -keyfile ../ecc-client-key.pem -cert ../client-ecc-cert.pem
  124. check_result $?
  125. # metadata
  126. echo "Step 18"
  127. openssl crl -in eccCliCRL.pem -text > tmp
  128. check_result $?
  129. mv tmp eccCliCRL.pem
  130. # install (only needed if working outside wolfssl)
  131. #cp eccCliCRL.pem ~/wolfssl/certs/crl/eccCliCRL.pem
  132. # eccSrvCRL
  133. echo "Step 19"
  134. openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out eccSrvCRL.pem -keyfile ../ecc-key.pem -cert ../server-ecc.pem
  135. check_result $?
  136. # metadata
  137. echo "Step 20"
  138. openssl crl -in eccSrvCRL.pem -text > tmp
  139. check_result $?
  140. mv tmp eccSrvCRL.pem
  141. # install (only needed if working outside wolfssl)
  142. #cp eccSrvCRL.pem ~/wolfssl/certs/crl/eccSrvCRL.pem
  143. # caEccCrl
  144. echo "Step 21"
  145. openssl ca -config ./wolfssl.cnf -gencrl -crldays 1000 -out caEccCrl.pem -keyfile ../ca-ecc-key.pem -cert ../ca-ecc-cert.pem
  146. check_result $?
  147. # ca-ecc384-cert
  148. echo "Step 22"
  149. openssl ca -config ./wolfssl.cnf -gencrl -crldays 1000 -out caEcc384Crl.pem -keyfile ../ca-ecc384-key.pem -cert ../ca-ecc384-cert.pem
  150. check_result $?
  151. # create crl and crl2 der files for unit test
  152. echo "Step 23"
  153. openssl crl -in crl.pem -inform PEM -out crl.der -outform DER
  154. openssl crl -in crl2.pem -inform PEM -out crl2.der -outform DER
  155. exit 0