del: remaining of infra-keys

diff --git a/all b/all
index 1157a75843107865f0000a207aa8cec31c5b99be..d812b65ebd6c94f27a15d72de858a0c25ee9cf9c 100755 (executable)
--- a/all
+++ b/all
@@ -11,8 +11,6 @@ for arg in "$@"; do
     else
         echo "========== Generating Year $arg ======="
         ./generateTime "$arg"
-        echo "========== Generating Infra for Year $arg ======="
-        ./generateInfra "$arg"
         echo "========== Generating CRLs for Year $arg ======="
         ./generateCRLs "$arg"
         

diff --git a/collectGigiConfig b/collectGigiConfig
index bc769f5210e025fc983e3150a0e34f3c9a822385..241a2cdab3a3cb9d6e050492a556baad201423cd 100755 (executable)
--- a/collectGigiConfig
+++ b/collectGigiConfig
@@ -11,7 +11,6 @@ mkdir -p gigi-config/config/ca
 cp root.ca/key.crt gigi-config/config/ca/root.crt
 for ca in $STRUCT_CAS; do
     cp ${ca}.ca/key.crt gigi-config/config/ca/${ca}.crt
-    [ "$ca" == "env" ] && continue
     for i in $TIME_IDX; do
         cp ${year}/ca/${ca}_${year}_${i}.crt gigi-config/config/ca/${ca}_${year}_${i}.crt
     done

diff --git a/collectSignerConfig b/collectSignerConfig
index 66e7e5b1659a9f8d93d4f23918eae091bbca8cd3..740f7a8e5d7748a595bb7d53f02d73d6360a01d9 100755 (executable)
--- a/collectSignerConfig
+++ b/collectSignerConfig
@@ -7,41 +7,25 @@ year=$1
 . structure.bash
 cd generated
 
-installCommKeys() { # peer (server,client)
-    peer="$1"
-    mkdir -p signer-config/keys
-    cat ${year}/ca/env_${year}_1.ca/key.crt env.ca/key.crt root.ca/key.crt > signer-config/keys/ca.crt
-    for file in signer_${peer}.{crt,key}; do
-        cp ${year}/keys/$file signer-config/keys/$file
-    done
-
-}
-
 mkdir -p signer-config
 for ca in $STRUCT_CAS; do
-    [ "$ca" == "env" ] && continue
     for i in $TIME_IDX; do
         mkdir -p signer-config/ca/${ca}_${year}_${i}
         cp ${year}/ca/${ca}_${year}_${i}.crt  signer-config/ca/${ca}_${year}_${i}/ca.crt
     done
 done
 
-installCommKeys client
-
 tar czf signer-client-$year.tar.gz -C .. profiles -C generated/signer-config keys ca
 
 # Updating for server
 rm signer-config/keys/signer_*
 
 for ca in $STRUCT_CAS; do
-    [ "$ca" == "env" ] && continue
     for i in $TIME_IDX; do
         cp ${year}/ca/${ca}_${year}_${i}.key  signer-config/ca/${ca}_${year}_${i}/ca.key
     done
 done
 
-installCommKeys server
-
 tar czf signer-server-$year.tar.gz -C .. profiles -C generated/signer-config keys ca
 
 rm -R signer-config

diff --git a/generateInfra b/generateInfra
deleted file mode 100755 (executable)
index 819635f..0000000
--- a/generateInfra
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/bash
-#
-set -e
-
-[ "$1" == "" ] && echo "Usage: $0 <year>" && exit 1
-year=$1
-
-. structure.bash
-. commonFunctions.bash
-
-cd generated
-
-CRL="
-crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/$year/env-1.crl
-authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/$year/env-1.crt"
-
-cat <<TESTCA > req.cnf
-basicConstraints = critical,CA:false
-keyUsage = keyEncipherment, digitalSignature
-extendedKeyUsage=serverAuth
-
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always
-$CRL
-TESTCA
-
-cat <<TESTCA > reqClient.cnf
-basicConstraints = critical,CA:false
-keyUsage = keyEncipherment, digitalSignature
-extendedKeyUsage=clientAuth
-
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always
-$CRL
-TESTCA
-
-cat <<TESTCA > reqMail.cnf
-basicConstraints = critical,CA:false
-keyUsage = keyEncipherment, digitalSignature
-extendedKeyUsage=emailProtection
-
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always
-$CRL
-TESTCA
-
-genserver(){ #key, subject, config
-    openssl genrsa -out $1.key ${KEYSIZE}
-    openssl req -new -key $1.key -out $1.csr -subj "$2"
-    caSign $1 $year/ca/env_${year}_1 "$3" "${year}${points[1]}" "$((${year} + 2))${points[1]}"
-    
-    TZ=UTC LD_PRELOAD="$(findLibfaketime)" FAKETIME="${year}-01-01 00:00:00" openssl pkcs12 -inkey $1.key -in $1.crt -CAfile env.chain.crt -chain -name $1 -export -passout pass:changeit -out $1.pkcs12 -name "$4"
-    
-}
-
-mkdir -p $year/keys
-
-cat $year/ca/env_${year}_1.ca/key.crt env.ca/key.crt root.ca/key.crt > env.chain.crt
-
-# generate environment-keys specific to gigi.
-# first the server keys
-genserver $year/keys/www "/CN=www.${DOMAIN}" req.cnf www
-genserver $year/keys/secure "/CN=secure.${DOMAIN}" req.cnf secure
-genserver $year/keys/static "/CN=static.${DOMAIN}" req.cnf static
-genserver $year/keys/api "/CN=api.${DOMAIN}" req.cnf api
-
-# then the email signing key
-genserver $year/keys/mail "/emailAddress=support@${DOMAIN}" reqMail.cnf mail
-
-# then environment-keys for cassiopeia
-genserver $year/keys/signer_client "/CN=CAcert signer handler 1" reqClient.cnf signer_client
-genserver $year/keys/signer_server "/CN=CAcert signer 1" req.cnf signer_server
-
-rm req.cnf reqMail.cnf reqClient.cnf
-
-
-rm env.chain.crt

diff --git a/verify b/verify
index eb1340403fde6731877f6a3cc103b485304a4db8..b8e568d54ccbcb2d84089d6ed104fd98f3daf82d 100755 (executable)
--- a/verify
+++ b/verify
@@ -74,15 +74,3 @@ for ca in ${STRUCT_CAS}; do
         echo "$EXT" | grep "OCSP" | grep "http://g2.ocsp.${DOMAIN}" > /dev/null || error "OCSP field is wrong for $ca"
     done
 done
-
-# Verify infra keys
-cat env.ca/key.crt $year/ca/env_${year}_1.ca/key.crt > envChain.crt
-
-for key in $SERVER_KEYS signer_client signer_server; do
-    verify ${year}/keys/$key.crt envChain.crt
-    verifyExtlist "$(openssl x509 -in "${year}/keys/$key.crt" -noout -text)" critical "X509v3 Extended Key Usage: 
-"
-done
-
-rm envChain.crt
-