diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
| commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
| tree | f435a8308119effd964b339f76abb83a57c29483 /security/nss/tests/chains/ocspd-config | |
| parent | Initial commit. (diff) | |
| download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip | |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/tests/chains/ocspd-config')
| -rwxr-xr-x | security/nss/tests/chains/ocspd-config/ocspd-certs.sh | 116 | ||||
| -rw-r--r-- | security/nss/tests/chains/ocspd-config/ocspd.conf.template | 46 | ||||
| -rw-r--r-- | security/nss/tests/chains/ocspd-config/readme | 3 |
3 files changed, 165 insertions, 0 deletions
diff --git a/security/nss/tests/chains/ocspd-config/ocspd-certs.sh b/security/nss/tests/chains/ocspd-config/ocspd-certs.sh new file mode 100755 index 0000000000..2f7d45898f --- /dev/null +++ b/security/nss/tests/chains/ocspd-config/ocspd-certs.sh @@ -0,0 +1,116 @@ +#!/bin/bash + +DATA_DIR=$1 +OCSP_DIR=$2 +CERT_DIR=$3 + +TEST_PWD="nssnss" +CONF_TEMPLATE="ocspd.conf.template" + +convert_cert() +{ + CERT_NAME=$1 + CERT_SIGNER=$2 + + openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM +} + +convert_crl() +{ + CRL_NAME=$1 + + openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM +} + +convert_key() +{ + KEY_NAME=$1 + + pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD} + openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD} + + STATUS=0 + cat ${DATA_DIR}/${KEY_NAME}.key.tmp | while read LINE; do + echo "${LINE}" | grep "BEGIN ENCRYPTED PRIVATE KEY" > /dev/null && STATUS=1 + [ ${STATUS} -eq 1 ] && echo "${LINE}" + echo "${LINE}" | grep "END ENCRYPTED PRIVATE KEY" > /dev/null && break + done > ${DATA_DIR}/${KEY_NAME}.key + + rm ${DATA_DIR}/${KEY_NAME}.key.tmp +} + +create_conf() +{ + CONF_FILE=$1 + CA=$2 + OCSP=$3 + PORT=$4 + + cat ${CONF_TEMPLATE} | \ + sed "s:@DIR@:${OCSP_DIR}:" | \ + sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" | \ + sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" | \ + sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" | \ + sed "s:@OCSP_PID@:${OCSP}.pid:" | \ + sed "s:@PORT@:${PORT}:" \ + > ${CONF_FILE} +} + +copy_cert() +{ + CERT_NAME=$1 + CERT_SIGNER=$2 + + cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert +} + + +copy_key() +{ + KEY_NAME=$1 + + cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12 +} + +convert_cert OCSPRoot +convert_crl OCSPRoot +convert_key OCSPRoot + +convert_cert OCSPCA1 OCSPRoot +convert_crl OCSPCA1 +convert_key OCSPCA1 + +convert_cert OCSPCA2 OCSPRoot +convert_crl OCSPCA2 +convert_key OCSPCA2 + +convert_cert OCSPCA3 OCSPRoot +convert_crl OCSPCA3 +convert_key OCSPCA3 + +create_conf ocspd0.conf OCSPRoot ocspd0 2600 +create_conf ocspd1.conf OCSPCA1 ocspd1 2601 +create_conf ocspd2.conf OCSPCA2 ocspd2 2602 +create_conf ocspd3.conf OCSPCA3 ocspd3 2603 + +copy_cert OCSPRoot +copy_cert OCSPCA1 OCSPRoot +copy_cert OCSPCA2 OCSPRoot +copy_cert OCSPCA3 OCSPRoot +copy_cert OCSPEE11 OCSPCA1 +copy_cert OCSPEE12 OCSPCA1 +copy_cert OCSPEE13 OCSPCA1 +copy_cert OCSPEE14 OCSPCA1 +copy_cert OCSPEE15 OCSPCA1 +copy_cert OCSPEE21 OCSPCA2 +copy_cert OCSPEE22 OCSPCA2 +copy_cert OCSPEE23 OCSPCA2 +copy_cert OCSPEE31 OCSPCA3 +copy_cert OCSPEE32 OCSPCA3 +copy_cert OCSPEE33 OCSPCA3 + +copy_key OCSPRoot +copy_key OCSPCA1 +copy_key OCSPCA2 +copy_key OCSPCA3 + diff --git a/security/nss/tests/chains/ocspd-config/ocspd.conf.template b/security/nss/tests/chains/ocspd-config/ocspd.conf.template new file mode 100644 index 0000000000..456c74a16d --- /dev/null +++ b/security/nss/tests/chains/ocspd-config/ocspd.conf.template @@ -0,0 +1,46 @@ +[ ocspd ] + +default_ocspd = OCSPD_default + +[ OCSPD_default ] + +dir = @DIR@ +db = $dir/index.txt +md = sha1 + +ca_certificate = $dir/@CA_CERT@ +ocspd_certificate = $dir/@CA_CERT@ +ocspd_key = $dir/@CA_KEY@ +pidfile = $dir/@OCSP_PID@ + +user = nobody +group = nobody + +bind = * +port = @PORT@ + +max_req_size = 8192 +threads_num = 150 +max_timeout_secs = 5 +crl_auto_reload = 3600 +crl_check_validity = 600 +crl_reload_expired = yes +response = ocsp_response +dbms = dbms_file + +[ ocsp_response ] + +dir = @DIR@ +next_update_days = 0 +next_update_mins = 5 + +[ dbms_file ] + +0.ca = @first_ca + +[ first_ca ] + +crl_url = file:///@DIR@/@CA_CRL@ +ca_url = file:///@DIR@/@CA_CERT@ +server_cert = file:///@DIR@/@CA_CERT@ + diff --git a/security/nss/tests/chains/ocspd-config/readme b/security/nss/tests/chains/ocspd-config/readme new file mode 100644 index 0000000000..5069af6fe3 --- /dev/null +++ b/security/nss/tests/chains/ocspd-config/readme @@ -0,0 +1,3 @@ +OBSOLETE + +tests have been changed to use a local ocsp server (using httpserv) |