From 21a8fdc3409fbdd05342e95f507d8eab8609c710 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Tue, 12 May 2015 19:01:59 +0200 Subject: [PATCH] move generated to own folder + permissions --- .gitignore | 0 CAs/assured | 0 CAs/codesign | 0 CAs/env | 0 CAs/orga | 0 CAs/orgaSign | 0 CAs/unassured | 0 README.md | 0 all.sh | 12 ++++++------ clear.sh | 3 ++- collectCRLs.sh | 1 + collectOffline.sh | 2 ++ collectSignerConfig.sh | 5 +++-- commonFunctions | 2 +- doc/NRE.odt | Bin generateCRLs.sh | 3 ++- generateHtdocs.sh | 5 +++++ generateInfra.sh | 2 ++ generateKeys.sh | 4 +++- generateTime.sh | 6 ++++-- selfsign.config | 0 structure | 0 verify.sh | 3 ++- 23 files changed, 33 insertions(+), 15 deletions(-) mode change 100755 => 100644 .gitignore mode change 100755 => 100644 CAs/assured mode change 100755 => 100644 CAs/codesign mode change 100755 => 100644 CAs/env mode change 100755 => 100644 CAs/orga mode change 100755 => 100644 CAs/orgaSign mode change 100755 => 100644 CAs/unassured mode change 100755 => 100644 README.md mode change 100755 => 100644 commonFunctions mode change 100755 => 100644 doc/NRE.odt mode change 100755 => 100644 selfsign.config mode change 100755 => 100644 structure diff --git a/.gitignore b/.gitignore old mode 100755 new mode 100644 diff --git a/CAs/assured b/CAs/assured old mode 100755 new mode 100644 diff --git a/CAs/codesign b/CAs/codesign old mode 100755 new mode 100644 diff --git a/CAs/env b/CAs/env old mode 100755 new mode 100644 diff --git a/CAs/orga b/CAs/orga old mode 100755 new mode 100644 diff --git a/CAs/orgaSign b/CAs/orgaSign old mode 100755 new mode 100644 diff --git a/CAs/unassured b/CAs/unassured old mode 100755 new mode 100644 diff --git a/README.md b/README.md old mode 100755 new mode 100644 diff --git a/all.sh b/all.sh index ee5f596..32c98c6 100755 --- a/all.sh +++ b/all.sh @@ -1,17 +1,17 @@ #!/bin/bash -. ./clear.sh +./clear.sh echo "========== Generating Root =======" -. ./generateKeys.sh +./generateKeys.sh echo "========== Generating Year 2015 =======" -. ./generateTime.sh 2015 +./generateTime.sh 2015 echo "========== Generating Infra for Year 2015 =======" -. ./generateInfra.sh 2015 +./generateInfra.sh 2015 echo "========== Generating CRLs for Year 2015 =======" -. ./generateCRLs.sh 2015 +./generateCRLs.sh 2015 echo "========== Verifying Year 2015 =======" -. ./verify.sh 2015 +./verify.sh 2015 diff --git a/clear.sh b/clear.sh index 7e792dc..115cfd9 100755 --- a/clear.sh +++ b/clear.sh @@ -1,3 +1,4 @@ #!/bin/sh -rm -Rf *.csr *.crt *.key *.pkcs12 *.ca *.crl 2015 +rm -R generated + diff --git a/collectCRLs.sh b/collectCRLs.sh index ae2768e..82a9ec1 100755 --- a/collectCRLs.sh +++ b/collectCRLs.sh @@ -7,6 +7,7 @@ year=$1 . structure . commonFunctions +cd generated fetchCRLS(){ #year, cyear month timeIdx year=$1 diff --git a/collectOffline.sh b/collectOffline.sh index 9cda2e7..c5715a8 100755 --- a/collectOffline.sh +++ b/collectOffline.sh @@ -1,3 +1,5 @@ #!/bin/bash +cd generated + tar cz *.ca | openssl enc -e -kfile <(echo 1234) -md sha256 -aes-256-cbc > offline.tar.gz.aes-256-cbc diff --git a/collectSignerConfig.sh b/collectSignerConfig.sh index 8a5921c..369d1b8 100755 --- a/collectSignerConfig.sh +++ b/collectSignerConfig.sh @@ -5,6 +5,7 @@ set -e year=$1 . structure +cd generated installCommKeys() { # peer (server,client) peer="$1" @@ -27,7 +28,7 @@ done installCommKeys client -tar czf signer-client-$year.tar.gz profiles -C signer-config keys ca +tar czf signer-client-$year.tar.gz -C .. profiles -C generated/signer-config keys ca # Updating for server rm signer-config/keys/signer_* @@ -41,6 +42,6 @@ done installCommKeys server -tar czf signer-server-$year.tar.gz profiles -C signer-config keys ca +tar czf signer-server-$year.tar.gz -C .. profiles -C generated/signer-config keys ca rm -R signer-config diff --git a/commonFunctions b/commonFunctions old mode 100755 new mode 100644 index 354e1c3..168c610 --- a/commonFunctions +++ b/commonFunctions @@ -34,7 +34,7 @@ caSign(){ # csr,ca,config,start,end else signkey="-cert key.crt" fi - openssl ca $signkey -keyfile key.key -in "$BASE/$1.csr" -out "$BASE/$1.crt" -batch -config "$BASE/selfsign.config" -extfile "$BASE/$3" $start $end + openssl ca $signkey -keyfile key.key -in "$BASE/$1.csr" -out "$BASE/$1.crt" -batch -config "$BASE/../selfsign.config" -extfile "$BASE/$3" $start $end popd > /dev/null echo "Signed" } diff --git a/doc/NRE.odt b/doc/NRE.odt old mode 100755 new mode 100644 diff --git a/generateCRLs.sh b/generateCRLs.sh index d2831e1..952d757 100755 --- a/generateCRLs.sh +++ b/generateCRLs.sh @@ -7,12 +7,13 @@ year=$1 . structure . commonFunctions +cd generated generateCRL() { # name, year, month echo CRL $1 $2-$3 BASE="$PWD" pushd $1.ca > /dev/null - TZ=UTC LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 FAKETIME="${year}-${month}-01 00:00:00" openssl ca -gencrl -config "$BASE/selfsign.config" -keyfile key.key -cert key.crt -crldays 35 -out $2_$3.crl + TZ=UTC LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 FAKETIME="${year}-${month}-01 00:00:00" openssl ca -gencrl -config "$BASE/../selfsign.config" -keyfile key.key -cert key.crt -crldays 35 -out $2_$3.crl popd > /dev/null } diff --git a/generateHtdocs.sh b/generateHtdocs.sh index 328c509..53d67fd 100755 --- a/generateHtdocs.sh +++ b/generateHtdocs.sh @@ -4,6 +4,8 @@ [[ "$1" == "" ]] && echo "Usage: $0 " && exit 1 year=$1 +cd generated + mkdir -p htdocs/crt/g2/$year for ca in root $STRUCT_CAS; do @@ -19,3 +21,6 @@ for ca in $STRUCT_CAS; do cp $year/ca/${ca}_${year}_${i}.crt htdocs/crt/g2/$year/${ca}-${year}-${i}.crt done done + +tar czf htdocs.tgz htdocs +rm -R htdocs diff --git a/generateInfra.sh b/generateInfra.sh index 76a6eee..012e6b7 100755 --- a/generateInfra.sh +++ b/generateInfra.sh @@ -8,6 +8,8 @@ year=$1 . structure . commonFunctions +cd generated + CRL=" crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/$year/env-1.crl authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/$year/env-1.crt" diff --git a/generateKeys.sh b/generateKeys.sh index d1b15ca..d5d4750 100755 --- a/generateKeys.sh +++ b/generateKeys.sh @@ -5,6 +5,8 @@ set -e . structure . commonFunctions +mkdir -p generated +cd generated ####### create various extensions files for the various certificate types ###### cat < ca.cnf @@ -42,7 +44,7 @@ rootSign root # generate the various sub-CAs for ca in $STRUCT_CAS; do - . CAs/$ca + . ../CAs/$ca genca "/CN=$name" $ca rootSign $ca done diff --git a/generateTime.sh b/generateTime.sh index 3496c74..300d823 100755 --- a/generateTime.sh +++ b/generateTime.sh @@ -6,6 +6,8 @@ [ "$1" == "" ] && echo "Usage: $0 " && exit 1 year=$1 +cd generated + genTimeCA(){ #csr,ca to sign with,start,end cat < timesubca.cnf basicConstraints = CA:true @@ -33,13 +35,13 @@ for i in $TIME_IDX; do epoint=$((${year} + 2 ))${epoints[${i}]} fi - . CAs/env + . ../CAs/env genca "/CN=$name ${year}-${i}" $year/ca/env_${year}_${i} genTimeCA $year/ca/env_${year}_${i}.ca/key env "$point" "$epoint" for ca in $STRUCT_CAS; do [ "$ca" == "env" ] && continue - . CAs/$ca + . ../CAs/$ca genKey "/CN=$name ${year}-${i}" $year/ca/${ca}_${year}_${i} genTimeCA $year/ca/${ca}_${year}_${i} $ca "$point" "$epoint" done diff --git a/selfsign.config b/selfsign.config old mode 100755 new mode 100644 diff --git a/structure b/structure old mode 100755 new mode 100644 diff --git a/verify.sh b/verify.sh index 9b6f5f2..5f02f99 100755 --- a/verify.sh +++ b/verify.sh @@ -4,6 +4,7 @@ set -e year=$1 . structure +cd generated verify(){ # crt, [untrusted], additional untrusted="$2" @@ -43,7 +44,7 @@ done # Verify level-2 (time) structure for ca in ${STRUCT_CAS}; do for i in $TIME_IDX; do - . CAs/$ca + . ../CAs/$ca if [ "$ca" == "env" ]; then CA_FILE=$year/ca/${ca}_${year}_${i}.ca/key.crt else -- 2.39.2