From 6ae3c38ec9e46bea24edfcef895ee14f85f420ff Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Sat, 3 Oct 2015 13:40:11 +0200
Subject: [PATCH] upd: generate drop-in-able configs for gigi

---
 collectGigiConfig.sh   | 12 +++++++-----
 collectSignerConfig.sh |  2 +-
 verify.sh              |  3 ++-
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/collectGigiConfig.sh b/collectGigiConfig.sh
index af27f02..ee8b4f3 100755
--- a/collectGigiConfig.sh
+++ b/collectGigiConfig.sh
@@ -7,21 +7,23 @@ year=$1
 . structure
 cd generated
 
-mkdir -p gigi-config/ca
-cp root.ca/key.crt gigi-config/ca/root.crt
+mkdir -p gigi-config/config/ca
+cp root.ca/key.crt gigi-config/config/ca/root.crt
 for ca in $STRUCT_CAS; do
-    cp ${ca}.ca/key.crt gigi-config/ca/${ca}.crt
+    cp ${ca}.ca/key.crt gigi-config/config/ca/${ca}.crt
     [ "$ca" == "env" ] && continue
     for i in $TIME_IDX; do
-	cp ${year}/ca/${ca}_${year}_${i}.crt gigi-config/ca/${ca}_${year}_${i}.crt
+	cp ${year}/ca/${ca}_${year}_${i}.crt gigi-config/config/ca/${ca}_${year}_${i}.crt
     done
 done
 
+cp -R ../profiles gigi-config/config
+
 mkdir -p gigi-config/keys
 for k in ${year}/keys/{api,mail,secure,static,www}.pkcs12; do
    cp $k gigi-config/keys
 done
 
-tar czf gigi-$year.tar.gz -C .. profiles -C generated/gigi-config ca keys
+tar czf gigi-$year.tar.gz -C gigi-config config keys
 
 rm -Rf gigi-config
diff --git a/collectSignerConfig.sh b/collectSignerConfig.sh
index 369d1b8..d7c3aa6 100755
--- a/collectSignerConfig.sh
+++ b/collectSignerConfig.sh
@@ -10,7 +10,7 @@ cd generated
 installCommKeys() { # peer (server,client)
     peer="$1"
     mkdir -p signer-config/keys
-    cp ${year}/ca/env_${year}_1.ca/key.crt signer-config/keys/ca.crt
+    cat ${year}/ca/env_${year}_1.ca/key.crt env.ca/key.crt root.ca/key.crt > signer-config/keys/ca.crt
     for file in signer_${peer}.{crt,key}; do
 	cp ${year}/keys/$file signer-config/keys/$file
     done
diff --git a/verify.sh b/verify.sh
index 3890eb5..c689eec 100755
--- a/verify.sh
+++ b/verify.sh
@@ -10,6 +10,7 @@ verify(){ # crt, [untrusted], additional
     untrusted="$2"
     [[ "$untrusted" != "" ]] && untrusted="-untrusted $untrusted"
     openssl verify $3 -CAfile root.ca/key.crt $untrusted "$1" || error "$1 did not verify"
+    echo openssl verify $3 -CAfile root.ca/key.crt $untrusted "$1" || error "$1 did not verify"
 }
 
 error() { # message
@@ -71,7 +72,7 @@ done
 # Verify infra keys
 cat env.ca/key.crt $year/ca/env_${year}_1.ca/key.crt > envChain.crt
 
-for key in $SERVER_KEYS; do
+for key in $SERVER_KEYS signer_client signer_server; do
     verify ${year}/keys/$key.crt envChain.crt
     verifyExtlist "$(openssl x509 -in "${year}/keys/$key.crt" -noout -text)" critical "X509v3 Extended Key Usage: 
 "
-- 
2.39.2