#!/bin/bash
+set -o errexit
+
echo "Building certificates"
# Disable leak detective when using pki as it produces warnings in tzset
# Convert strongSwan Root CA certificate into DER format
openssl x509 -in ${CA_CERT} -outform der -out ${CA_CERT_DER}
-# Gernerate a stale CRL
+# Generate a stale CRL
pki --signcrl --cakey ${CA_KEY} --cacert ${CA_CERT} \
--this-update "${START}" --lifetime 1 > ${CA_LAST_CRL}
cp ${RESEARCH_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
done
+for t in rw-hash-and-url-multi-level
+do
+ TEST="${TEST_DIR}/swanctl/${t}"
+ mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/x509ca
+ cp ${RESEARCH_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509ca
+done
+
# Convert Research CA certificate into DER format
openssl x509 -in ${RESEARCH_CERT} -outform der -out ${RESEARCH_CERT_DER}
cp ${SALES_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
done
+for t in rw-hash-and-url-multi-level
+do
+ TEST="${TEST_DIR}/swanctl/${t}"
+ mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/x509ca
+ cp ${SALES_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509ca
+done
+
# Convert Sales CA certificate into DER format
openssl x509 -in ${SALES_CERT} -outform der -out ${SALES_CERT_DER}
# strongSwan Attribute Authority #
################################################################################
-# Generate Attritbute Authority certificate
+# Generate Attribute Authority certificate
TEST="${TEST_DIR}/ikev2/acert-cached"
TEST_KEY="${TEST}/hosts/moon/${IPSEC_DIR}/private/aaKey.pem"
TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/aacerts/aaCert.pem"
--in ${CA_DIR}/certs/01.pem --group sales \
--not-before "${SH_END}" --not-after "${EE_END}" --outform pem > ${ACERT_CS}
-# Put a copy into the ikev2/acert-inline scenarion
+# Put a copy into the ikev2/acert-inline scenario
TEST="${TEST_DIR}/ikev2/acert-inline"
mkdir -p ${TEST}/hosts/moon/${IPSEC_DIR}/private
mkdir -p ${TEST}/hosts/moon/${IPSEC_DIR}/aacerts
cp ${ACERT_CS} ${TEST}/hosts/carol/${IPSEC_DIR}/acerts
cp ${ACERT_DM} ${TEST}/hosts/dave/${IPSEC_DIR}/acerts
-# Generate a short-lived Attritbute Authority certificate
+# Generate a short-lived Attribute Authority certificate
CN="strongSwan Legacy AA"
TEST_KEY="${TEST}/hosts/moon/${IPSEC_DIR}/private/aaKey-expired.pem"
TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/aacerts/aaCert-expired.pem"
--outform pem > ${TEST_CERT}
cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
-# Genrate dave's attribute certificate for sales from expired AA
+# Generate dave's attribute certificate for sales from expired AA
ACERT=${TEST}/hosts/dave/${IPSEC_DIR}/acerts/dave-expired-aa.pem
mkdir -p ${TEST}/hosts/dave/${IPSEC_DIR}/acerts
pki --acert --issuerkey ${TEST_KEY} --issuercert ${TEST_CERT} \
cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
done
-for t in multi-level-ca ocsp-multi-level
+for t in multi-level-ca rw-hash-and-url-multi-level ocsp-multi-level
do
TEST="${TEST_DIR}/swanctl/${t}"
mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/rsa
cp ${TEST_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/certs
done
-for t in multi-level-ca ocsp-multi-level
+for t in multi-level-ca rw-hash-and-url-multi-level ocsp-multi-level
do
TEST="${TEST_DIR}/swanctl/${t}"
mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/rsa
mkdir -p ${TEST}/hosts/${h}/${IPSEC_DIR}/cacerts
cp ${BLISS_CERT} ${TEST}/hosts/${h}/${IPSEC_DIR}/cacerts
done
-done
-TEST="${TEST_DIR}/swanctl/rw-ntru-bliss"
-for h in moon carol dave
-do
- mkdir -p ${TEST}/hosts/${h}/${SWANCTL_DIR}/x509ca
- cp ${BLISS_CERT} ${TEST}/hosts/${h}/${SWANCTL_DIR}/x509ca
+ TEST="${TEST_DIR}/swanctl/${t}"
+ for h in moon carol dave
+ do
+ mkdir -p ${TEST}/hosts/${h}/${SWANCTL_DIR}/x509ca
+ cp ${BLISS_CERT} ${TEST}/hosts/${h}/${SWANCTL_DIR}/x509ca
+ done
done
# Generate a carol BLISS certificate with 128 bit security strength
cp ${TEST_KEY} ${TEST}/hosts/carol/${IPSEC_DIR}/private
cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
-# Put a copy in the swanctl/rw-ntru-bliss scenario
-TEST="${TEST_DIR}/swanctl/rw-ntru-bliss"
-mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/bliss
-mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
-cp ${TEST_KEY} ${TEST}/hosts/carol/${SWANCTL_DIR}/bliss
-cp ${TEST_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
+# Put a copy in the swanctl scenarios
+for t in rw-newhope-bliss rw-ntru-bliss
+do
+ TEST="${TEST_DIR}/swanctl/${t}"
+ mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/bliss
+ mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
+ cp ${TEST_KEY} ${TEST}/hosts/carol/${SWANCTL_DIR}/bliss
+ cp ${TEST_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
+done
# Generate a dave BLISS certificate with 160 bit security strength
TEST="${TEST_DIR}/ikev2/rw-newhope-bliss"
cp ${TEST_KEY} ${TEST}/hosts/dave/${IPSEC_DIR}/private/
cp ${TEST_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/certs/
-# Put a copy in the swanctl/rw-ntru-bliss scenario
-TEST="${TEST_DIR}/swanctl/rw-ntru-bliss"
-mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/bliss
-mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/x509
-cp ${TEST_KEY} ${TEST}/hosts/dave/${SWANCTL_DIR}/bliss/
-cp ${TEST_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509/
+# Put a copy in the swanctl scenarios
+for t in rw-newhope-bliss rw-ntru-bliss
+do
+ TEST="${TEST_DIR}/swanctl/${t}"
+ mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/bliss
+ mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/x509
+ cp ${TEST_KEY} ${TEST}/hosts/dave/${SWANCTL_DIR}/bliss/
+ cp ${TEST_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509/
+done
# Generate a moon BLISS certificate with 192 bit security strength
TEST="${TEST_DIR}/ikev2/rw-newhope-bliss"
cp ${TEST_KEY} ${TEST}/hosts/moon/${IPSEC_DIR}/private/
cp ${TEST_CERT} ${TEST}/hosts/moon/${IPSEC_DIR}/certs/
-# Put a copy in the swanctl/rw-ntru-bliss scenario
-TEST="${TEST_DIR}/swanctl/rw-ntru-bliss"
-mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/bliss
-mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/x509
-cp ${TEST_KEY} ${TEST}/hosts/moon/${SWANCTL_DIR}/bliss/
-cp ${TEST_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509/
+# Put a copy in the swanctl scenarios
+for t in rw-newhope-bliss rw-ntru-bliss
+do
+ TEST="${TEST_DIR}/swanctl/${t}"
+ mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/bliss
+ mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/x509
+ cp ${TEST_KEY} ${TEST}/hosts/moon/${SWANCTL_DIR}/bliss/
+ cp ${TEST_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509/
+done
################################################################################
# SQL Data #