|
Packit |
40b132 |
#! /bin/bash
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
Packit |
40b132 |
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
Packit |
40b132 |
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# mozilla/security/nss/tests/iopr/cert_iopr.sh
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# Certificate generating and handeling for NSS interoperability QA. This file
|
|
Packit |
40b132 |
# is included from cert.sh
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# needs to work on all Unix and Windows platforms
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# special strings
|
|
Packit |
40b132 |
# ---------------
|
|
Packit |
40b132 |
# FIXME ... known problems, search for this string
|
|
Packit |
40b132 |
# NOTE .... unexpected behavior
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
IOPR_CERT_SOURCED=1
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
# function wraps calls to pk12util, also: writes action and options
|
|
Packit |
40b132 |
# to stdout.
|
|
Packit |
40b132 |
# Params are the same as to pk12util.
|
|
Packit |
40b132 |
# Returns pk12util status
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
pk12u()
|
|
Packit |
40b132 |
{
|
|
Packit |
40b132 |
echo "${CU_ACTION} --------------------------"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
echo "pk12util $@"
|
|
Packit |
40b132 |
${BINDIR}/pk12util $@
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
# Initializes nss db directory and files if they don't exists
|
|
Packit |
40b132 |
# Params:
|
|
Packit |
40b132 |
# $1 - directory location
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
createDBDir() {
|
|
Packit |
40b132 |
trgDir=$1
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ -z "`ls $trgDir | grep db`" ]; then
|
|
Packit |
40b132 |
trgDir=`cd ${trgDir}; pwd`
|
|
Packit |
40b132 |
if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
|
|
Packit |
40b132 |
trgDir=`cygpath -m ${trgDir}`
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
CU_ACTION="Initializing DB at ${trgDir}"
|
|
Packit |
40b132 |
certu -N -d "${trgDir}" -f "${R_PWFILE}" 2>&1
|
|
Packit |
40b132 |
if [ "$RET" -ne 0 ]; then
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
CU_ACTION="Loading root cert module to Cert DB at ${trgDir}"
|
|
Packit |
40b132 |
modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${trgDir}" 2>&1
|
|
Packit |
40b132 |
if [ "$RET" -ne 0 ]; then
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
# takes care of downloading config, cert and crl files from remote
|
|
Packit |
40b132 |
# location.
|
|
Packit |
40b132 |
# Params:
|
|
Packit |
40b132 |
# $1 - name of the host file will be downloaded from
|
|
Packit |
40b132 |
# $2 - path to the file as it appeared in url
|
|
Packit |
40b132 |
# $3 - target directory the file will be saved at.
|
|
Packit |
40b132 |
# Returns tstclnt status.
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
download_file() {
|
|
Packit |
40b132 |
host=$1
|
|
Packit |
40b132 |
filePath=$2
|
|
Packit |
40b132 |
trgDir=$3
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
file=$trgDir/`basename $filePath`
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
createDBDir $trgDir || return $RET
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
# echo wget -O $file http://${host}${filePath}
|
|
Packit |
40b132 |
# wget -O $file http://${host}${filePath}
|
|
Packit |
40b132 |
# ret=$?
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
req=$file.$$
|
|
Packit |
40b132 |
echo "GET $filePath HTTP/1.0" > $req
|
|
Packit |
40b132 |
echo >> $req
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
echo ${BINDIR}/tstclnt -d $trgDir -S -h $host -p $IOPR_DOWNLOAD_PORT \
|
|
Packit |
40b132 |
-v -w ${R_PWFILE} -o
|
|
Packit |
40b132 |
${BINDIR}/tstclnt -d $trgDir -S -h $host -p $IOPR_DOWNLOAD_PORT \
|
|
Packit |
40b132 |
-v -w ${R_PWFILE} -o < $req > $file
|
|
Packit |
40b132 |
ret=$?
|
|
Packit |
40b132 |
rm -f $_tmp;
|
|
Packit |
40b132 |
return $ret
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
########################################################################
|
|
Packit |
40b132 |
# Uses pk12util, certutil of cerlutil to import files to an nss db located
|
|
Packit |
40b132 |
# at <dir>(the value of $1 parameter). Chooses a utility to use based on
|
|
Packit |
40b132 |
# a file extension. Initializing a db if it does not exists.
|
|
Packit |
40b132 |
# Params:
|
|
Packit |
40b132 |
# $1 - db location directory
|
|
Packit |
40b132 |
# $2 - file name to import
|
|
Packit |
40b132 |
# $3 - nick name an object in the file will be associated with
|
|
Packit |
40b132 |
# $4 - trust arguments
|
|
Packit |
40b132 |
# Returns status of import
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
importFile() {
|
|
Packit |
40b132 |
dir=$1\
|
|
Packit |
40b132 |
file=$2
|
|
Packit |
40b132 |
certName=$3
|
|
Packit |
40b132 |
certTrust=$4
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
[ ! -d $dir ] && mkdir -p $dir;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
createDBDir $dir || return $RET
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
case `basename $file | sed 's/^.*\.//'` in
|
|
Packit |
40b132 |
p12)
|
|
Packit |
40b132 |
CU_ACTION="Importing p12 $file to DB at $dir"
|
|
Packit |
40b132 |
pk12u -d $dir -i $file -k ${R_PWFILE} -W iopr
|
|
Packit |
40b132 |
[ $? -ne 0 ] && return 1
|
|
Packit |
40b132 |
CU_ACTION="Modifying trust for cert $certName at $dir"
|
|
Packit |
40b132 |
certu -M -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}"
|
|
Packit |
40b132 |
return $?
|
|
Packit |
40b132 |
;;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
crl)
|
|
Packit |
40b132 |
CU_ACTION="Importing crl $file to DB at $dir"
|
|
Packit |
40b132 |
crlu -d ${dir} -I -n TestCA -i $file
|
|
Packit |
40b132 |
return $?
|
|
Packit |
40b132 |
;;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
crt | cert)
|
|
Packit |
40b132 |
CU_ACTION="Importing cert $certName with trust $certTrust to $dir"
|
|
Packit |
40b132 |
certu -A -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}" \
|
|
Packit |
40b132 |
-i "$file"
|
|
Packit |
40b132 |
return $?
|
|
Packit |
40b132 |
;;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
*)
|
|
Packit |
40b132 |
echo "Unknown file extension: $file:"
|
|
Packit |
40b132 |
return 1
|
|
Packit |
40b132 |
;;
|
|
Packit |
40b132 |
esac
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#########################################################################
|
|
Packit |
40b132 |
# Downloads and installs test certs and crl from a remote webserver.
|
|
Packit |
40b132 |
# Generates server cert for reverse testing if reverse test run is turned on.
|
|
Packit |
40b132 |
# Params:
|
|
Packit |
40b132 |
# $1 - host name to download files from.
|
|
Packit |
40b132 |
# $2 - directory at which CA cert will be installed and used for
|
|
Packit |
40b132 |
# signing a server cert.
|
|
Packit |
40b132 |
# $3 - path to a config file in webserver context.
|
|
Packit |
40b132 |
# $4 - ssl server db location
|
|
Packit |
40b132 |
# $5 - ssl client db location
|
|
Packit |
40b132 |
# $5 - ocsp client db location
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# Returns 0 upon success, otherwise, failed command error code.
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
download_install_certs() {
|
|
Packit |
40b132 |
host=$1
|
|
Packit |
40b132 |
caDir=$2
|
|
Packit |
40b132 |
confPath=$3
|
|
Packit |
40b132 |
sslServerDir=$4
|
|
Packit |
40b132 |
sslClientDir=$5
|
|
Packit |
40b132 |
ocspClientDir=$6
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
[ ! -d "$caDir" ] && mkdir -p $caDir;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#=======================================================
|
|
Packit |
40b132 |
# Getting config file
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
download_file $host "$confPath/iopr_server.cfg" $caDir
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
if [ $RET -ne 0 -o ! -f $caDir/iopr_server.cfg ]; then
|
|
Packit |
40b132 |
html_failed "Fail to download website config file(ws: $host)"
|
|
Packit |
40b132 |
return 1
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
. $caDir/iopr_server.cfg
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
if [ $RET -ne 0 ]; then
|
|
Packit |
40b132 |
html_failed "Fail to source config file(ws: $host)"
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#=======================================================
|
|
Packit |
40b132 |
# Getting CA file
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#----------------- !!!WARNING!!! -----------------------
|
|
Packit |
40b132 |
# Do NOT copy this scenario. CA should never accompany its
|
|
Packit |
40b132 |
# cert with the private key when deliver cert to a customer.
|
|
Packit |
40b132 |
#----------------- !!!WARNING!!! -----------------------
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
download_file $host $certDir/$caCertName.p12 $caDir
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
if [ $RET -ne 0 -o ! -f $caDir/$caCertName.p12 ]; then
|
|
Packit |
40b132 |
html_failed "Fail to download $caCertName cert(ws: $host)"
|
|
Packit |
40b132 |
return 1
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
tmpFiles="$caDir/$caCertName.p12"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
importFile $caDir $caDir/$caCertName.p12 $caCertName "TC,C,C"
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
if [ $RET -ne 0 ]; then
|
|
Packit |
40b132 |
html_failed "Fail to import $caCertName cert to CA DB(ws: $host)"
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
CU_ACTION="Exporting Root CA cert(ws: $host)"
|
|
Packit |
40b132 |
certu -L -n $caCertName -r -d ${caDir} -o $caDir/$caCertName.cert
|
|
Packit |
40b132 |
if [ "$RET" -ne 0 ]; then
|
|
Packit |
40b132 |
Exit 7 "Fatal - failed to export $caCertName cert"
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#=======================================================
|
|
Packit |
40b132 |
# Check what tests we want to run
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
doSslTests=0; doOcspTests=0
|
|
Packit |
40b132 |
# XXX remove "_new" from variables below
|
|
Packit |
40b132 |
[ -n "`echo ${supportedTests_new} | grep -i ssl`" ] && doSslTests=1
|
|
Packit |
40b132 |
[ -n "`echo ${supportedTests_new} | grep -i ocsp`" ] && doOcspTests=1
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ $doSslTests -eq 1 ]; then
|
|
Packit |
40b132 |
if [ "$reverseRunCGIScript" ]; then
|
|
Packit |
40b132 |
[ ! -d "$sslServerDir" ] && mkdir -p $sslServerDir;
|
|
Packit |
40b132 |
#=======================================================
|
|
Packit |
40b132 |
# Import CA cert to server DB
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
importFile $sslServerDir $caDir/$caCertName.cert server-client-CA \
|
|
Packit |
40b132 |
"TC,C,C"
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
if [ $RET -ne 0 ]; then
|
|
Packit |
40b132 |
html_failed "Fail to import server-client-CA cert to \
|
|
Packit |
40b132 |
server DB(ws: $host)"
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#=======================================================
|
|
Packit |
40b132 |
# Creating server cert
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
CERTNAME=$HOSTADDR
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
CU_ACTION="Generate Cert Request for $CERTNAME (ws: $host)"
|
|
Packit |
40b132 |
CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, \
|
|
Packit |
40b132 |
L=Mountain View, ST=California, C=US"
|
|
Packit |
40b132 |
certu -R -d "${sslServerDir}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}"\
|
|
Packit |
40b132 |
-o $sslServerDir/req 2>&1
|
|
Packit |
40b132 |
tmpFiles="$tmpFiles $sslServerDir/req"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
# NOTE:
|
|
Packit |
40b132 |
# For possible time synchronization problems (bug 444308) we generate
|
|
Packit |
40b132 |
# certificates valid also some time in past (-w -1)
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
CU_ACTION="Sign ${CERTNAME}'s Request (ws: $host)"
|
|
Packit |
40b132 |
certu -C -c "$caCertName" -m `date +"%s"` -v 60 -w -1 \
|
|
Packit |
40b132 |
-d "${caDir}" \
|
|
Packit |
40b132 |
-i ${sslServerDir}/req -o $caDir/${CERTNAME}.cert \
|
|
Packit |
40b132 |
-f "${R_PWFILE}" 2>&1
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
importFile $sslServerDir $caDir/$CERTNAME.cert $CERTNAME ",,"
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
if [ $RET -ne 0 ]; then
|
|
Packit |
40b132 |
html_failed "Fail to import $CERTNAME cert to server\
|
|
Packit |
40b132 |
DB(ws: $host)"
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
tmpFiles="$tmpFiles $caDir/$CERTNAME.cert"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#=======================================================
|
|
Packit |
40b132 |
# Download and import CA crl to server DB
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
download_file $host "$certDir/$caCrlName.crl" $sslServerDir
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
if [ $? -ne 0 ]; then
|
|
Packit |
40b132 |
html_failed "Fail to download $caCertName crl\
|
|
Packit |
40b132 |
(ws: $host)"
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
tmpFiles="$tmpFiles $sslServerDir/$caCrlName.crl"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
importFile $sslServerDir $sslServerDir/TestCA.crl
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
if [ $RET -ne 0 ]; then
|
|
Packit |
40b132 |
html_failed "Fail to import TestCA crt to server\
|
|
Packit |
40b132 |
DB(ws: $host)"
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
fi # if [ "$reverseRunCGIScript" ]
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
[ ! -d "$sslClientDir" ] && mkdir -p $sslClientDir;
|
|
Packit |
40b132 |
#=======================================================
|
|
Packit |
40b132 |
# Import CA cert to ssl client DB
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
importFile $sslClientDir $caDir/$caCertName.cert server-client-CA \
|
|
Packit |
40b132 |
"TC,C,C"
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
if [ $RET -ne 0 ]; then
|
|
Packit |
40b132 |
html_failed "Fail to import server-client-CA cert to \
|
|
Packit |
40b132 |
server DB(ws: $host)"
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ $doOcspTests -eq 1 ]; then
|
|
Packit |
40b132 |
[ ! -d "$ocspClientDir" ] && mkdir -p $ocspClientDir;
|
|
Packit |
40b132 |
#=======================================================
|
|
Packit |
40b132 |
# Import CA cert to ocsp client DB
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
importFile $ocspClientDir $caDir/$caCertName.cert server-client-CA \
|
|
Packit |
40b132 |
"TC,C,C"
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
if [ $RET -ne 0 ]; then
|
|
Packit |
40b132 |
html_failed "Fail to import server-client-CA cert to \
|
|
Packit |
40b132 |
server DB(ws: $host)"
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#=======================================================
|
|
Packit |
40b132 |
# Import client certs to client DB
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
for fileName in $downloadFiles; do
|
|
Packit |
40b132 |
certName=`echo $fileName | sed 's/\..*//'`
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ -n "`echo $certName | grep ocsp`" -a $doOcspTests -eq 1 ]; then
|
|
Packit |
40b132 |
clientDir=$ocspClientDir
|
|
Packit |
40b132 |
elif [ $doSslTests -eq 1 ]; then
|
|
Packit |
40b132 |
clientDir=$sslClientDir
|
|
Packit |
40b132 |
else
|
|
Packit |
40b132 |
continue
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
download_file $host "$certDir/$fileName" $clientDir
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
if [ $RET -ne 0 -o ! -f $clientDir/$fileName ]; then
|
|
Packit |
40b132 |
html_failed "Fail to download $certName cert(ws: $host)"
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
tmpFiles="$tmpFiles $clientDir/$fileName"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
importFile $clientDir $clientDir/$fileName $certName ",,"
|
|
Packit |
40b132 |
RET=$?
|
|
Packit |
40b132 |
if [ $RET -ne 0 ]; then
|
|
Packit |
40b132 |
html_failed "Fail to import $certName cert to client DB\
|
|
Packit |
40b132 |
(ws: $host)"
|
|
Packit |
40b132 |
return $RET
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
done
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
rm -f $tmpFiles
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
return 0
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#########################################################################
|
|
Packit |
40b132 |
# Initial point for downloading config, cert, crl files for multiple hosts
|
|
Packit |
40b132 |
# involved in interoperability testing. Called from nss/tests/cert/cert.sh
|
|
Packit |
40b132 |
# It will only proceed with downloading if environment variable
|
|
Packit |
40b132 |
# IOPR_HOSTADDR_LIST is set and has a value of host names separated by space.
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
# Returns 1 if interoperability testing is off, 0 otherwise.
|
|
Packit |
40b132 |
#
|
|
Packit |
40b132 |
cert_iopr_setup() {
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
if [ "$IOPR" -ne 1 ]; then
|
|
Packit |
40b132 |
return 1
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
num=1
|
|
Packit |
40b132 |
IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f 1 -d' '`
|
|
Packit |
40b132 |
while [ "$IOPR_HOST_PARAM" ]; do
|
|
Packit |
40b132 |
IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
|
|
Packit |
40b132 |
IOPR_DOWNLOAD_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
|
|
Packit |
40b132 |
[ -z "$IOPR_DOWNLOAD_PORT" ] && IOPR_DOWNLOAD_PORT=443
|
|
Packit |
40b132 |
IOPR_CONF_PATH=`echo "$IOPR_HOST_PARAM:" | cut -f 3 -d':'`
|
|
Packit |
40b132 |
[ -z "$IOPR_CONF_PATH" ] && IOPR_CONF_PATH="/iopr"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
echo "Installing certs for $IOPR_HOSTADDR:$IOPR_DOWNLOAD_PORT:\
|
|
Packit |
40b132 |
$IOPR_CONF_PATH"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
download_install_certs ${IOPR_HOSTADDR} ${IOPR_CADIR}_${IOPR_HOSTADDR} \
|
|
Packit |
40b132 |
${IOPR_CONF_PATH} ${IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} \
|
|
Packit |
40b132 |
${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} \
|
|
Packit |
40b132 |
${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
|
|
Packit |
40b132 |
if [ $? -ne 0 ]; then
|
|
Packit |
40b132 |
echo "wsFlags=\"NOIOPR $wsParam\"" >> \
|
|
Packit |
40b132 |
${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
|
|
Packit |
40b132 |
fi
|
|
Packit |
40b132 |
num=`expr $num + 1`
|
|
Packit |
40b132 |
IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
|
|
Packit |
40b132 |
done
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
return 0
|
|
Packit |
40b132 |
}
|