From 39002e1c42d789f6f7cdfaabb1efb5148a7248e6 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Tue, 25 Jul 2017 05:58:08 +0200
Subject: Updated external CA scripts.

---
 scripts/ca-external-ca-sign.sh  |  6 ++++++
 scripts/ca-external-cmc-sign.sh |  6 ++++++
 scripts/ca-external-nss-sign.sh |  2 +-
 scripts/ca_signing-ca-sign.sh   | 13 +++++++++++++
 scripts/ca_signing-cmc-sign.sh  |  2 --
 scripts/external-ca-sign.sh     | 11 -----------
 6 files changed, 26 insertions(+), 14 deletions(-)
 create mode 100755 scripts/ca-external-ca-sign.sh
 create mode 100755 scripts/ca-external-cmc-sign.sh
 create mode 100755 scripts/ca_signing-ca-sign.sh
 delete mode 100755 scripts/external-ca-sign.sh

diff --git a/scripts/ca-external-ca-sign.sh b/scripts/ca-external-ca-sign.sh
new file mode 100755
index 0000000..b33e470
--- /dev/null
+++ b/scripts/ca-external-ca-sign.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+pki cert-show 0x1 --output tmp/external.crt
+#openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b
+
+./ca_signing-ca-sign.sh
diff --git a/scripts/ca-external-cmc-sign.sh b/scripts/ca-external-cmc-sign.sh
new file mode 100755
index 0000000..42daebd
--- /dev/null
+++ b/scripts/ca-external-cmc-sign.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+#pki cert-show 0x1 --output tmp/external.crt
+#openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b
+
+./ca_signing-cmc-sign.sh
diff --git a/scripts/ca-external-nss-sign.sh b/scripts/ca-external-nss-sign.sh
index b67082c..67682ec 100755
--- a/scripts/ca-external-nss-sign.sh
+++ b/scripts/ca-external-nss-sign.sh
@@ -53,7 +53,7 @@ echo "## Generating certificate chain..."
 
 certutil -A -d tmp/external -n "CA Signing Certificate" -t "CT,C,C" -a -i tmp/ca_signing.crt
 
-openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b
+#openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -out tmp/cert_chain.p7b
 #openssl crl2pkcs7 -nocrl -certfile tmp/external.crt -certfile tmp/ca_signing.crt -out tmp/cert_chain.p7b
 
 #certutil -C \
diff --git a/scripts/ca_signing-ca-sign.sh b/scripts/ca_signing-ca-sign.sh
new file mode 100755
index 0000000..5dcc9e1
--- /dev/null
+++ b/scripts/ca_signing-ca-sign.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+CMD="pki ca-cert-request-submit --profile caCACert --csr-file tmp/ca_signing.csr"
+echo $CMD
+REQUEST_ID=`$CMD | grep "Request ID:" | awk -F ': ' '{print $2;}'`
+echo Request ID: $REQUEST_ID
+
+CMD="pki -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID"
+echo $CMD
+CERT_ID=`$CMD | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
+echo Certificate ID: $CERT_ID
+
+pki cert-show --output tmp/ca_signing.crt $CERT_ID
diff --git a/scripts/ca_signing-cmc-sign.sh b/scripts/ca_signing-cmc-sign.sh
index b25c6d9..da58c1b 100755
--- a/scripts/ca_signing-cmc-sign.sh
+++ b/scripts/ca_signing-cmc-sign.sh
@@ -76,5 +76,3 @@ BtoA tmp/ca_signing-cmc-response.bin tmp/ca_signing-cmc-response.b64
 echo "-----BEGIN PKCS7-----" > tmp/ca_signing.crt
 cat tmp/ca_signing-cmc-response.b64 >> tmp/ca_signing.crt
 echo "-----END PKCS7-----" >> tmp/ca_signing.crt
-
-pki cert-show --output tmp/external.crt 0x1
diff --git a/scripts/external-ca-sign.sh b/scripts/external-ca-sign.sh
deleted file mode 100755
index efb864f..0000000
--- a/scripts/external-ca-sign.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-REQUEST_ID=`pki ca-cert-request-submit --profile caCACert --csr-file ca_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'`
-echo Request ID: $REQUEST_ID
-
-CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
-echo Certificate ID: $CERT_ID
-
-pki cert-show --output ca_signing.crt $CERT_ID
-
-pki cert-show --output external.crt 0x1
-- 
cgit