#!/bin/bash
-. ./clear.sh
+./clear.sh
echo "========== Generating Root ======="
-. ./generateKeys.sh
+./generateKeys.sh
echo "========== Generating Year 2015 ======="
-. ./generateTime.sh 2015
+./generateTime.sh 2015
echo "========== Generating Infra for Year 2015 ======="
-. ./generateInfra.sh 2015
+./generateInfra.sh 2015
echo "========== Generating CRLs for Year 2015 ======="
-. ./generateCRLs.sh 2015
+./generateCRLs.sh 2015
echo "========== Verifying Year 2015 ======="
-. ./verify.sh 2015
+./verify.sh 2015
#!/bin/sh
-rm -Rf *.csr *.crt *.key *.pkcs12 *.ca *.crl 2015
+rm -R generated
+
. structure
. commonFunctions
+cd generated
fetchCRLS(){ #year, cyear month timeIdx
year=$1
#!/bin/bash
+cd generated
+
tar cz *.ca | openssl enc -e -kfile <(echo 1234) -md sha256 -aes-256-cbc > offline.tar.gz.aes-256-cbc
year=$1
. structure
+cd generated
installCommKeys() { # peer (server,client)
peer="$1"
installCommKeys client
-tar czf signer-client-$year.tar.gz profiles -C signer-config keys ca
+tar czf signer-client-$year.tar.gz -C .. profiles -C generated/signer-config keys ca
# Updating for server
rm signer-config/keys/signer_*
installCommKeys server
-tar czf signer-server-$year.tar.gz profiles -C signer-config keys ca
+tar czf signer-server-$year.tar.gz -C .. profiles -C generated/signer-config keys ca
rm -R signer-config
else
signkey="-cert key.crt"
fi
- openssl ca $signkey -keyfile key.key -in "$BASE/$1.csr" -out "$BASE/$1.crt" -batch -config "$BASE/selfsign.config" -extfile "$BASE/$3" $start $end
+ openssl ca $signkey -keyfile key.key -in "$BASE/$1.csr" -out "$BASE/$1.crt" -batch -config "$BASE/../selfsign.config" -extfile "$BASE/$3" $start $end
popd > /dev/null
echo "Signed"
}
. structure
. commonFunctions
+cd generated
generateCRL() { # name, year, month
echo CRL $1 $2-$3
BASE="$PWD"
pushd $1.ca > /dev/null
- TZ=UTC LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 FAKETIME="${year}-${month}-01 00:00:00" openssl ca -gencrl -config "$BASE/selfsign.config" -keyfile key.key -cert key.crt -crldays 35 -out $2_$3.crl
+ TZ=UTC LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 FAKETIME="${year}-${month}-01 00:00:00" openssl ca -gencrl -config "$BASE/../selfsign.config" -keyfile key.key -cert key.crt -crldays 35 -out $2_$3.crl
popd > /dev/null
}
[[ "$1" == "" ]] && echo "Usage: $0 <year>" && exit 1
year=$1
+cd generated
+
mkdir -p htdocs/crt/g2/$year
for ca in root $STRUCT_CAS; do
cp $year/ca/${ca}_${year}_${i}.crt htdocs/crt/g2/$year/${ca}-${year}-${i}.crt
done
done
+
+tar czf htdocs.tgz htdocs
+rm -R htdocs
. structure
. commonFunctions
+cd generated
+
CRL="
crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/$year/env-1.crl
authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/$year/env-1.crt"
. structure
. commonFunctions
+mkdir -p generated
+cd generated
####### create various extensions files for the various certificate types ######
cat <<TESTCA > ca.cnf
# generate the various sub-CAs
for ca in $STRUCT_CAS; do
- . CAs/$ca
+ . ../CAs/$ca
genca "/CN=$name" $ca
rootSign $ca
done
[ "$1" == "" ] && echo "Usage: $0 <year>" && exit 1
year=$1
+cd generated
+
genTimeCA(){ #csr,ca to sign with,start,end
cat <<TESTCA > timesubca.cnf
basicConstraints = CA:true
epoint=$((${year} + 2 ))${epoints[${i}]}
fi
- . CAs/env
+ . ../CAs/env
genca "/CN=$name ${year}-${i}" $year/ca/env_${year}_${i}
genTimeCA $year/ca/env_${year}_${i}.ca/key env "$point" "$epoint"
for ca in $STRUCT_CAS; do
[ "$ca" == "env" ] && continue
- . CAs/$ca
+ . ../CAs/$ca
genKey "/CN=$name ${year}-${i}" $year/ca/${ca}_${year}_${i}
genTimeCA $year/ca/${ca}_${year}_${i} $ca "$point" "$epoint"
done
year=$1
. structure
+cd generated
verify(){ # crt, [untrusted], additional
untrusted="$2"
# Verify level-2 (time) structure
for ca in ${STRUCT_CAS}; do
for i in $TIME_IDX; do
- . CAs/$ca
+ . ../CAs/$ca
if [ "$ca" == "env" ]; then
CA_FILE=$year/ca/${ca}_${year}_${i}.ca/key.crt
else