tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

ocspd-certs.sh (2670B)

      1 #!/bin/bash
      2 
      3 DATA_DIR=$1
      4 OCSP_DIR=$2
      5 CERT_DIR=$3
      6 
      7 TEST_PWD="nssnss"
      8 CONF_TEMPLATE="ocspd.conf.template"
      9 
     10 convert_cert()
     11 {
     12    CERT_NAME=$1
     13    CERT_SIGNER=$2
     14 
     15    openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM
     16 }
     17 
     18 convert_crl()
     19 {
     20    CRL_NAME=$1
     21 
     22    openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM
     23 }
     24 
     25 convert_key()
     26 {
     27    KEY_NAME=$1
     28 
     29    pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD}
     30    openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD}
     31 
     32    STATUS=0
     33    cat ${DATA_DIR}/${KEY_NAME}.key.tmp | while read LINE; do
     34        echo "${LINE}" | grep "BEGIN ENCRYPTED PRIVATE KEY" > /dev/null && STATUS=1
     35        [ ${STATUS} -eq 1 ] && echo "${LINE}"
     36        echo "${LINE}" | grep "END ENCRYPTED PRIVATE KEY" > /dev/null && break
     37    done > ${DATA_DIR}/${KEY_NAME}.key
     38    
     39    rm ${DATA_DIR}/${KEY_NAME}.key.tmp
     40 }
     41 
     42 create_conf()
     43 {
     44    CONF_FILE=$1
     45    CA=$2
     46    OCSP=$3
     47    PORT=$4 
     48 
     49    cat ${CONF_TEMPLATE} | \
     50        sed "s:@DIR@:${OCSP_DIR}:" | \
     51        sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" | \
     52        sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" | \
     53        sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" | \
     54        sed "s:@OCSP_PID@:${OCSP}.pid:" | \
     55        sed "s:@PORT@:${PORT}:" \
     56        > ${CONF_FILE}
     57 }
     58 
     59 copy_cert()
     60 {
     61    CERT_NAME=$1
     62    CERT_SIGNER=$2
     63 
     64    cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert
     65 }
     66 
     67 
     68 copy_key()
     69 {
     70    KEY_NAME=$1
     71 
     72    cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12
     73 }
     74 
     75 convert_cert OCSPRoot
     76 convert_crl OCSPRoot
     77 convert_key OCSPRoot
     78 
     79 convert_cert OCSPCA1 OCSPRoot
     80 convert_crl OCSPCA1
     81 convert_key OCSPCA1
     82 
     83 convert_cert OCSPCA2 OCSPRoot
     84 convert_crl OCSPCA2
     85 convert_key OCSPCA2
     86 
     87 convert_cert OCSPCA3 OCSPRoot
     88 convert_crl OCSPCA3
     89 convert_key OCSPCA3
     90 
     91 create_conf ocspd0.conf OCSPRoot ocspd0 2600
     92 create_conf ocspd1.conf OCSPCA1 ocspd1 2601
     93 create_conf ocspd2.conf OCSPCA2 ocspd2 2602
     94 create_conf ocspd3.conf OCSPCA3 ocspd3 2603
     95 
     96 copy_cert OCSPRoot
     97 copy_cert OCSPCA1 OCSPRoot
     98 copy_cert OCSPCA2 OCSPRoot
     99 copy_cert OCSPCA3 OCSPRoot
    100 copy_cert OCSPEE11 OCSPCA1
    101 copy_cert OCSPEE12 OCSPCA1
    102 copy_cert OCSPEE13 OCSPCA1
    103 copy_cert OCSPEE14 OCSPCA1
    104 copy_cert OCSPEE15 OCSPCA1
    105 copy_cert OCSPEE21 OCSPCA2
    106 copy_cert OCSPEE22 OCSPCA2
    107 copy_cert OCSPEE23 OCSPCA2
    108 copy_cert OCSPEE31 OCSPCA3
    109 copy_cert OCSPEE32 OCSPCA3
    110 copy_cert OCSPEE33 OCSPCA3
    111 
    112 copy_key OCSPRoot
    113 copy_key OCSPCA1
    114 copy_key OCSPCA2
    115 copy_key OCSPCA3