summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2017-09-14 16:19:45 +0200
committerEndi S. Dewata <edewata@redhat.com>2017-09-14 16:19:45 +0200
commit269b0397dc7cd5a74c79223e215c42829d025dfa (patch)
tree2b6d9d8f6ca1c9829a103665d52cb9579aad27d9
parent73d0412f24934d5aa211693f5864daaef20db31f (diff)
downloadpki-dev-269b0397dc7cd5a74c79223e215c42829d025dfa.zip
pki-dev-269b0397dc7cd5a74c79223e215c42829d025dfa.tar.gz
pki-dev-269b0397dc7cd5a74c79223e215c42829d025dfa.tar.xz
Updated CMC scripts.
-rwxr-xr-xscripts/ca_signing-cmc-sign.sh7
-rwxr-xr-xscripts/kra_admin-cmc-sign.sh12
-rwxr-xr-xscripts/kra_audit_signing-cmc-sign.sh12
-rwxr-xr-xscripts/kra_storage-cmc-sign.sh12
-rwxr-xr-xscripts/kra_transport-cmc-sign.sh12
-rwxr-xr-xscripts/ocsp-standalone-cmc-sign.sh10
-rwxr-xr-xscripts/ocsp_admin-cmc-sign.sh78
-rwxr-xr-xscripts/ocsp_audit_signing-cmc-sign.sh78
-rwxr-xr-xscripts/ocsp_signing-cmc-sign.sh78
-rwxr-xr-xscripts/sslserver-cmc-sign.sh12
-rwxr-xr-xscripts/subsystem-cmc-sign.sh12
11 files changed, 275 insertions, 48 deletions
diff --git a/scripts/ca_signing-cmc-sign.sh b/scripts/ca_signing-cmc-sign.sh
index da58c1b..c6b0eb8 100755
--- a/scripts/ca_signing-cmc-sign.sh
+++ b/scripts/ca_signing-cmc-sign.sh
@@ -70,9 +70,4 @@ EOF
HttpClient tmp/ca_signing-cmc-submit.cfg
-CMCResponse -d ~/.dogtag/nssdb -i tmp/ca_signing-cmc-response.bin
-
-BtoA tmp/ca_signing-cmc-response.bin tmp/ca_signing-cmc-response.b64
-echo "-----BEGIN PKCS7-----" > tmp/ca_signing.crt
-cat tmp/ca_signing-cmc-response.b64 >> tmp/ca_signing.crt
-echo "-----END PKCS7-----" >> tmp/ca_signing.crt
+CMCResponse -i tmp/ca_signing-cmc-response.bin -o tmp/ca_signing.crt
diff --git a/scripts/kra_admin-cmc-sign.sh b/scripts/kra_admin-cmc-sign.sh
index 0c0075f..1f472c1 100755
--- a/scripts/kra_admin-cmc-sign.sh
+++ b/scripts/kra_admin-cmc-sign.sh
@@ -70,11 +70,9 @@ EOF
HttpClient tmp/kra_admin-cmc-submit.cfg
-CMCResponse -d ~/.dogtag/nssdb -i tmp/kra_admin-cmc-response.bin
+CMCResponse -d ~/.dogtag/nssdb -i tmp/kra_admin-cmc-response.bin -o tmp/kra_admin.crt
-BtoA tmp/kra_admin-cmc-response.bin tmp/kra_admin-cmc-response.b64
-echo "-----BEGIN PKCS7-----" > tmp/kra_admin.crt
-cat tmp/kra_admin-cmc-response.b64 >> tmp/kra_admin.crt
-echo "-----END PKCS7-----" >> tmp/kra_admin.crt
-
-pki cert-show --output tmp/external.crt 0x1
+#BtoA tmp/kra_admin-cmc-response.bin tmp/kra_admin-cmc-response.b64
+#echo "-----BEGIN PKCS7-----" > tmp/kra_admin.crt
+#cat tmp/kra_admin-cmc-response.b64 >> tmp/kra_admin.crt
+#echo "-----END PKCS7-----" >> tmp/kra_admin.crt
diff --git a/scripts/kra_audit_signing-cmc-sign.sh b/scripts/kra_audit_signing-cmc-sign.sh
index 9f7aa34..5a5bbb5 100755
--- a/scripts/kra_audit_signing-cmc-sign.sh
+++ b/scripts/kra_audit_signing-cmc-sign.sh
@@ -70,11 +70,9 @@ EOF
HttpClient tmp/kra_audit_signing-cmc-submit.cfg
-CMCResponse -d ~/.dogtag/nssdb -i tmp/kra_audit_signing-cmc-response.bin
+CMCResponse -d ~/.dogtag/nssdb -i tmp/kra_audit_signing-cmc-response.bin -o tmp/kra_audit_signing.crt
-BtoA tmp/kra_audit_signing-cmc-response.bin tmp/kra_audit_signing-cmc-response.b64
-echo "-----BEGIN PKCS7-----" > tmp/kra_audit_signing.crt
-cat tmp/kra_audit_signing-cmc-response.b64 >> tmp/kra_audit_signing.crt
-echo "-----END PKCS7-----" >> tmp/kra_audit_signing.crt
-
-pki cert-show --output tmp/external.crt 0x1
+#BtoA tmp/kra_audit_signing-cmc-response.bin tmp/kra_audit_signing-cmc-response.b64
+#echo "-----BEGIN PKCS7-----" > tmp/kra_audit_signing.crt
+#cat tmp/kra_audit_signing-cmc-response.b64 >> tmp/kra_audit_signing.crt
+#echo "-----END PKCS7-----" >> tmp/kra_audit_signing.crt
diff --git a/scripts/kra_storage-cmc-sign.sh b/scripts/kra_storage-cmc-sign.sh
index c8af179..298e390 100755
--- a/scripts/kra_storage-cmc-sign.sh
+++ b/scripts/kra_storage-cmc-sign.sh
@@ -70,11 +70,9 @@ EOF
HttpClient tmp/kra_storage-cmc-submit.cfg
-CMCResponse -d ~/.dogtag/nssdb -i tmp/kra_storage-cmc-response.bin
+CMCResponse -d ~/.dogtag/nssdb -i tmp/kra_storage-cmc-response.bin -o tmp/kra_storage.crt
-BtoA tmp/kra_storage-cmc-response.bin tmp/kra_storage-cmc-response.b64
-echo "-----BEGIN PKCS7-----" > tmp/kra_storage.crt
-cat tmp/kra_storage-cmc-response.b64 >> tmp/kra_storage.crt
-echo "-----END PKCS7-----" >> tmp/kra_storage.crt
-
-pki cert-show --output tmp/external.crt 0x1
+#BtoA tmp/kra_storage-cmc-response.bin tmp/kra_storage-cmc-response.b64
+#echo "-----BEGIN PKCS7-----" > tmp/kra_storage.crt
+#cat tmp/kra_storage-cmc-response.b64 >> tmp/kra_storage.crt
+#echo "-----END PKCS7-----" >> tmp/kra_storage.crt
diff --git a/scripts/kra_transport-cmc-sign.sh b/scripts/kra_transport-cmc-sign.sh
index 3341efd..1c82f5e 100755
--- a/scripts/kra_transport-cmc-sign.sh
+++ b/scripts/kra_transport-cmc-sign.sh
@@ -70,11 +70,9 @@ EOF
HttpClient tmp/kra_transport-cmc-submit.cfg
-CMCResponse -d ~/.dogtag/nssdb -i tmp/kra_transport-cmc-response.bin
+CMCResponse -d ~/.dogtag/nssdb -i tmp/kra_transport-cmc-response.bin -o tmp/kra_transport.crt
-BtoA tmp/kra_transport-cmc-response.bin tmp/kra_transport-cmc-response.b64
-echo "-----BEGIN PKCS7-----" > tmp/kra_transport.crt
-cat tmp/kra_transport-cmc-response.b64 >> tmp/kra_transport.crt
-echo "-----END PKCS7-----" >> tmp/kra_transport.crt
-
-pki cert-show --output tmp/external.crt 0x1
+#BtoA tmp/kra_transport-cmc-response.bin tmp/kra_transport-cmc-response.b64
+#echo "-----BEGIN PKCS7-----" > tmp/kra_transport.crt
+#cat tmp/kra_transport-cmc-response.b64 >> tmp/kra_transport.crt
+#echo "-----END PKCS7-----" >> tmp/kra_transport.crt
diff --git a/scripts/ocsp-standalone-cmc-sign.sh b/scripts/ocsp-standalone-cmc-sign.sh
new file mode 100755
index 0000000..6ad8a86
--- /dev/null
+++ b/scripts/ocsp-standalone-cmc-sign.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+./ca_signing-export.sh
+
+./ocsp_admin-cmc-sign.sh
+./ocsp_signing-cmc-sign.sh
+./ocsp_audit_signing-cmc-sign.sh
+
+./sslserver-cmc-sign.sh
+./subsystem-cmc-sign.sh
diff --git a/scripts/ocsp_admin-cmc-sign.sh b/scripts/ocsp_admin-cmc-sign.sh
new file mode 100755
index 0000000..2e4fb41
--- /dev/null
+++ b/scripts/ocsp_admin-cmc-sign.sh
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+mkdir -p tmp
+
+cat > tmp/ocsp_admin-cmc-request.cfg << EOF
+# NSS database directory.
+dbdir=$HOME/.dogtag/nssdb
+
+# NSS database password.
+password=Secret.123
+
+# Token name (default is internal).
+tokenname=internal
+
+# Nickname for agent certificate.
+nickname=caadmin
+
+# Request format: pkcs10 or crmf.
+format=pkcs10
+
+# Total number of PKCS10/CRMF requests.
+numRequests=1
+
+# Path to the PKCS10/CRMF request.
+# The content must be in Base-64 encoded format.
+# Multiple files are supported. They must be separated by space.
+input=$PWD/tmp/ocsp_admin.csr
+
+# Path for the CMC request in binary format
+output=$PWD/tmp/ocsp_admin-cmc-request.bin
+EOF
+
+CMCRequest tmp/ocsp_admin-cmc-request.cfg
+
+cat > tmp/ocsp_admin-cmc-submit.cfg << EOF
+# PKI server host name.
+host=$HOSTNAME
+
+# PKI server port number.
+port=8443
+
+# Use secure connection.
+# For secure connection with ECC, set environment variable 'export NSS_USE_DECODED_CKA_EC_POINT=1'.
+secure=true
+
+# Use client authentication.
+clientmode=true
+
+# NSS database directory.
+dbdir=$HOME/.dogtag/nssdb
+
+# NSS database password.
+password=Secret.123
+
+# Token name (default: internal).
+tokenname=internal
+
+# Nickname of agent certificate.
+nickname=caadmin
+
+# CMC servlet path
+servlet=/ca/ee/ca/profileSubmitCMCFull
+
+# Path for the CMC request.
+input=tmp/ocsp_admin-cmc-request.bin
+
+# Path for the CMC response.
+output=tmp/ocsp_admin-cmc-response.bin
+EOF
+
+HttpClient tmp/ocsp_admin-cmc-submit.cfg
+
+CMCResponse -d ~/.dogtag/nssdb -i tmp/ocsp_admin-cmc-response.bin -o tmp/ocsp_admin.crt
+
+#BtoA tmp/ocsp_admin-cmc-response.bin tmp/ocsp_admin-cmc-response.b64
+#echo "-----BEGIN PKCS7-----" > tmp/ocsp_admin.crt
+#cat tmp/ocsp_admin-cmc-response.b64 >> tmp/ocsp_admin.crt
+#echo "-----END PKCS7-----" >> tmp/ocsp_admin.crt
diff --git a/scripts/ocsp_audit_signing-cmc-sign.sh b/scripts/ocsp_audit_signing-cmc-sign.sh
new file mode 100755
index 0000000..f8c657c
--- /dev/null
+++ b/scripts/ocsp_audit_signing-cmc-sign.sh
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+mkdir -p tmp
+
+cat > tmp/ocsp_audit_signing-cmc-request.cfg << EOF
+# NSS database directory.
+dbdir=$HOME/.dogtag/nssdb
+
+# NSS database password.
+password=Secret.123
+
+# Token name (default is internal).
+tokenname=internal
+
+# Nickname for agent certificate.
+nickname=caadmin
+
+# Request format: pkcs10 or crmf.
+format=pkcs10
+
+# Total number of PKCS10/CRMF requests.
+numRequests=1
+
+# Path to the PKCS10/CRMF request.
+# The content must be in Base-64 encoded format.
+# Multiple files are supported. They must be separated by space.
+input=$PWD/tmp/ocsp_audit_signing.csr
+
+# Path for the CMC request in binary format
+output=$PWD/tmp/ocsp_audit_signing-cmc-request.bin
+EOF
+
+CMCRequest tmp/ocsp_audit_signing-cmc-request.cfg
+
+cat > tmp/ocsp_audit_signing-cmc-submit.cfg << EOF
+# PKI server host name.
+host=$HOSTNAME
+
+# PKI server port number.
+port=8443
+
+# Use secure connection.
+# For secure connection with ECC, set environment variable 'export NSS_USE_DECODED_CKA_EC_POINT=1'.
+secure=true
+
+# Use client authentication.
+clientmode=true
+
+# NSS database directory.
+dbdir=$HOME/.dogtag/nssdb
+
+# NSS database password.
+password=Secret.123
+
+# Token name (default: internal).
+tokenname=internal
+
+# Nickname of agent certificate.
+nickname=caadmin
+
+# CMC servlet path
+servlet=/ca/ee/ca/profileSubmitCMCFullAuditSigningCert
+
+# Path for the CMC request.
+input=tmp/ocsp_audit_signing-cmc-request.bin
+
+# Path for the CMC response.
+output=tmp/ocsp_audit_signing-cmc-response.bin
+EOF
+
+HttpClient tmp/ocsp_audit_signing-cmc-submit.cfg
+
+CMCResponse -d ~/.dogtag/nssdb -i tmp/ocsp_audit_signing-cmc-response.bin -o tmp/ocsp_audit_signing.crt
+
+#BtoA tmp/ocsp_audit_signing-cmc-response.bin tmp/ocsp_audit_signing-cmc-response.b64
+#echo "-----BEGIN PKCS7-----" > tmp/ocsp_audit_signing.crt
+#cat tmp/ocsp_audit_signing-cmc-response.b64 >> tmp/ocsp_audit_signing.crt
+#echo "-----END PKCS7-----" >> tmp/ocsp_audit_signing.crt
diff --git a/scripts/ocsp_signing-cmc-sign.sh b/scripts/ocsp_signing-cmc-sign.sh
new file mode 100755
index 0000000..685f1a3
--- /dev/null
+++ b/scripts/ocsp_signing-cmc-sign.sh
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+mkdir -p tmp
+
+cat > tmp/ocsp_signing-cmc-request.cfg << EOF
+# NSS database directory.
+dbdir=$HOME/.dogtag/nssdb
+
+# NSS database password.
+password=Secret.123
+
+# Token name (default is internal).
+tokenname=internal
+
+# Nickname for agent certificate.
+nickname=caadmin
+
+# Request format: pkcs10 or crmf.
+format=pkcs10
+
+# Total number of PKCS10/CRMF requests.
+numRequests=1
+
+# Path to the PKCS10/CRMF request.
+# The content must be in Base-64 encoded format.
+# Multiple files are supported. They must be separated by space.
+input=$PWD/tmp/ocsp_signing.csr
+
+# Path for the CMC request in binary format
+output=$PWD/tmp/ocsp_signing-cmc-request.bin
+EOF
+
+CMCRequest tmp/ocsp_signing-cmc-request.cfg
+
+cat > tmp/ocsp_signing-cmc-submit.cfg << EOF
+# PKI server host name.
+host=$HOSTNAME
+
+# PKI server port number.
+port=8443
+
+# Use secure connection.
+# For secure connection with ECC, set environment variable 'export NSS_USE_DECODED_CKA_EC_POINT=1'.
+secure=true
+
+# Use client authentication.
+clientmode=true
+
+# NSS database directory.
+dbdir=$HOME/.dogtag/nssdb
+
+# NSS database password.
+password=Secret.123
+
+# Token name (default: internal).
+tokenname=internal
+
+# Nickname of agent certificate.
+nickname=caadmin
+
+# CMC servlet path
+servlet=/ca/ee/ca/profileSubmitCMCFullOCSPCert
+
+# Path for the CMC request.
+input=tmp/ocsp_signing-cmc-request.bin
+
+# Path for the CMC response.
+output=tmp/ocsp_signing-cmc-response.bin
+EOF
+
+HttpClient tmp/ocsp_signing-cmc-submit.cfg
+
+CMCResponse -d ~/.dogtag/nssdb -i tmp/ocsp_signing-cmc-response.bin -o tmp/ocsp_signing.crt
+
+#BtoA tmp/ocsp_signing-cmc-response.bin tmp/ocsp_signing-cmc-response.b64
+#echo "-----BEGIN PKCS7-----" > tmp/ocsp_signing.crt
+#cat tmp/ocsp_signing-cmc-response.b64 >> tmp/ocsp_signing.crt
+#echo "-----END PKCS7-----" >> tmp/ocsp_signing.crt
diff --git a/scripts/sslserver-cmc-sign.sh b/scripts/sslserver-cmc-sign.sh
index bb288ea..d7c8fcb 100755
--- a/scripts/sslserver-cmc-sign.sh
+++ b/scripts/sslserver-cmc-sign.sh
@@ -70,11 +70,9 @@ EOF
HttpClient tmp/sslserver-cmc-submit.cfg
-CMCResponse -d ~/.dogtag/nssdb -i tmp/sslserver-cmc-response.bin
+CMCResponse -d ~/.dogtag/nssdb -i tmp/sslserver-cmc-response.bin -o tmp/sslserver.crt
-BtoA tmp/sslserver-cmc-response.bin tmp/sslserver-cmc-response.b64
-echo "-----BEGIN PKCS7-----" > tmp/sslserver.crt
-cat tmp/sslserver-cmc-response.b64 >> tmp/sslserver.crt
-echo "-----END PKCS7-----" >> tmp/sslserver.crt
-
-pki cert-show --output tmp/external.crt 0x1
+#BtoA tmp/sslserver-cmc-response.bin tmp/sslserver-cmc-response.b64
+#echo "-----BEGIN PKCS7-----" > tmp/sslserver.crt
+#cat tmp/sslserver-cmc-response.b64 >> tmp/sslserver.crt
+#echo "-----END PKCS7-----" >> tmp/sslserver.crt
diff --git a/scripts/subsystem-cmc-sign.sh b/scripts/subsystem-cmc-sign.sh
index eb74b7c..6332501 100755
--- a/scripts/subsystem-cmc-sign.sh
+++ b/scripts/subsystem-cmc-sign.sh
@@ -70,11 +70,9 @@ EOF
HttpClient tmp/subsystem-cmc-submit.cfg
-CMCResponse -d ~/.dogtag/nssdb -i tmp/subsystem-cmc-response.bin
+CMCResponse -d ~/.dogtag/nssdb -i tmp/subsystem-cmc-response.bin -o tmp/subsystem.crt
-BtoA tmp/subsystem-cmc-response.bin tmp/subsystem-cmc-response.b64
-echo "-----BEGIN PKCS7-----" > tmp/subsystem.crt
-cat tmp/subsystem-cmc-response.b64 >> tmp/subsystem.crt
-echo "-----END PKCS7-----" >> tmp/subsystem.crt
-
-pki cert-show --output tmp/external.crt 0x1
+#BtoA tmp/subsystem-cmc-response.bin tmp/subsystem-cmc-response.b64
+#echo "-----BEGIN PKCS7-----" > tmp/subsystem.crt
+#cat tmp/subsystem-cmc-response.b64 >> tmp/subsystem.crt
+#echo "-----END PKCS7-----" >> tmp/subsystem.crt