From c4cbf43582afd6549f5b1879ffee967027dc157e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Sat, 2 May 2015 13:36:31 +0200 Subject: [PATCH] add CRLs generation and collection --- .gitignore | 1 + collectCRLs.sh | 60 +++++++++++++++++++++++++++++++++++++++++++++++++ generateCRLs.sh | 53 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 114 insertions(+) create mode 100755 collectCRLs.sh create mode 100755 generateCRLs.sh diff --git a/.gitignore b/.gitignore index 8ad869e..3c3b3ce 100755 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,7 @@ *.tar.gz *.tar.gz.* config +crls-* # Editor files diff --git a/collectCRLs.sh b/collectCRLs.sh new file mode 100755 index 0000000..ae2768e --- /dev/null +++ b/collectCRLs.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +set -e + +[ "$1" == "" ] && echo "Usage: $0 " && exit 1 +year=$1 + +. structure +. commonFunctions + +fetchCRLS(){ #year, cyear month timeIdx + year=$1 + cyear=$2 + month=$3 + timeIdx=$4 + cp $year/ca/env_${year}_${timeIdx}.ca/${cyear}_${month}.crl crls-${year}/$year-$month/${year}/env_${year}_${timeIdx}.crl + # no "for ca in $STRUCT_CAs" because that's cassiopeias work. +} + +mkdir -p crls-${year} +for month in {01..12}; do + BASE=crls-${year}/$year-$month + mkdir -p $BASE + cp root.ca/${year}_${month}.crl $BASE/root.crl + for ca in $STRUCT_CAS; do + cp $ca.ca/${year}_${month}.crl $BASE/$ca.crl + done +done + +cyear=$year +for month in {01..12}; do + BASE=crls-${year}/$cyear-$month + mkdir -p $BASE/$year + + fetchCRLS $year $cyear $month 1 + [ "$month" -gt "6" ] && fetchCRLS $year $cyear $month 2 +done + +cyear=$((year+1)) +for month in {01..12}; do + BASE=crls-${year}/$cyear-$month + mkdir -p $BASE/$year + + fetchCRLS $year $cyear $month 1 + fetchCRLS $year $cyear $month 2 +done + +cyear=$((year+2)) +for month in {01..06}; do + BASE=crls-${year}/$cyear-$month + mkdir -p $BASE/$year + + fetchCRLS $year $cyear $month 2 +done + +pushd crls-${year} +for i in *; do + tar czf $i.tgz -C $i . +done +popd diff --git a/generateCRLs.sh b/generateCRLs.sh new file mode 100755 index 0000000..d2831e1 --- /dev/null +++ b/generateCRLs.sh @@ -0,0 +1,53 @@ +#!/bin/bash + +set -e + +[ "$1" == "" ] && echo "Usage: $0 " && exit 1 +year=$1 + +. structure +. commonFunctions + +generateCRL() { # name, year, month + echo CRL $1 $2-$3 + BASE="$PWD" + pushd $1.ca > /dev/null + TZ=UTC LD_PRELOAD=/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1 FAKETIME="${year}-${month}-01 00:00:00" openssl ca -gencrl -config "$BASE/selfsign.config" -keyfile key.key -cert key.crt -crldays 35 -out $2_$3.crl + popd > /dev/null +} + +generateCRLs (){ #name start + [[ "$2" == "" ]] && start=$(echo {01..12}) + [[ "$2" == "07" ]] && start=$(echo {07..12}) + for month in $start; do + generateCRL "$1" "$year" "$month" + done +} + +generateYearCRLs (){ #name idx + [[ "$2" == "1" ]] && start=$(echo {01..12}) + [[ "$2" == "2" ]] && start=$(echo {07..12}) + for month in $start; do + generateCRL "$1" "$year" "$month" + done + [[ "$2" == "1" ]] && start=$(echo {01..12}) + [[ "$2" == "2" ]] && start=$(echo {01..12}) + for month in $start; do + generateCRL "$1" "$((year+1))" "$month" + done + [[ "$2" == "1" ]] && return + [[ "$2" == "2" ]] && start=$(echo {01..06}) + for month in $start; do + generateCRL "$1" "$((year+2))" "$month" + done +} +generateCRLs root +for ca in $STRUCT_CAS; do + generateCRLs $ca +done + +for i in ${TIME_IDX}; do +generateYearCRLs $year/ca/env_${year}_$i $i +generateYearCRLs $year/ca/env_${year}_$i $i + +done -- 2.39.2