collectCRLs.sh

   1 #!/bin/bash
   2
   3 set -e
   4
   5 [ "$1" == "" ] && echo "Usage: $0 <year>" && exit 1
   6 year=$1
   7
   8 . structure
   9 . commonFunctions
  10 cd generated
  11
  12 fetchCRLS(){ #year, cyear month timeIdx
  13     year=$1
  14     cyear=$2
  15     month=$3
  16     timeIdx=$4
  17     cp -v $year/ca/env_${year}_${timeIdx}.ca/${cyear}_${month}.crl crls-${year}/$cyear-$month/${year}/env_${year}_${timeIdx}.crl
  18     # no "for ca in $STRUCT_CAs" because that's cassiopeias work.
  19 }
  20
  21 rm -Rf crls-${year}
  22 mkdir -p crls-${year}
  23 for month in {01..12}; do
  24     BASE=crls-${year}/$year-$month
  25     mkdir -p $BASE
  26     cp root.ca/${year}_${month}.crl $BASE/root.crl
  27     for ca in $STRUCT_CAS; do
  28         cp $ca.ca/${year}_${month}.crl $BASE/$ca.crl
  29     done
  30 done
  31
  32 cyear=$year
  33 for month in {01..12}; do
  34     BASE=crls-${year}/$cyear-$month
  35     mkdir -p $BASE/$year
  36
  37     fetchCRLS $year $cyear $month 1
  38     [ "$month" -gt "6" ] && fetchCRLS $year $cyear $month 2
  39 done
  40
  41 cyear=$((year+1))
  42 for month in {01..12}; do
  43     BASE=crls-${year}/$cyear-$month
  44     mkdir -p $BASE/$year
  45
  46     fetchCRLS $year $cyear $month 1
  47     fetchCRLS $year $cyear $month 2
  48 done
  49
  50 cyear=$((year+2))
  51 for month in {01..06}; do
  52     BASE=crls-${year}/$cyear-$month
  53     mkdir -p $BASE/$year
  54
  55     fetchCRLS $year $cyear $month 2
  56 done
  57
  58 pushd crls-${year}
  59 rm -f crl-passwords1.txt crl-passwords2.txt
  60 for i in *; do
  61     PASSW1=`head -c15 /dev/urandom | base64`
  62     PASSW2=`head -c15 /dev/urandom | base64`
  63     echo "Crypting CRL $i"
  64     echo "$i: $PASSW1" >> crl-passwords1.txt
  65     echo "$i: $PASSW2" >> crl-passwords2.txt
  66     tar c -C $i . | openssl enc -e -kfile <(echo -n "$PASSW1$PASSW2") -md sha256 -aes-256-cbc > $i.tar.aes-256-cbc
  67     PASSW1=
  68     PASSW2=
  69
  70 done
  71 popd