# Convert strongSwan Root CA certificate into DER format
openssl x509 -in ${CA_CERT} -outform der -out ${CA_CERT_DER}
-# Gernerate a stale CRL
+# Generate a stale CRL
pki --signcrl --cakey ${CA_KEY} --cacert ${CA_CERT} \
--this-update "${START}" --lifetime 1 > ${CA_LAST_CRL}
cp ${RESEARCH_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
done
+for t in rw-hash-and-url-multi-level
+do
+ TEST="${TEST_DIR}/swanctl/${t}"
+ mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/x509ca
+ cp ${RESEARCH_CERT} ${TEST}/hosts/carol/${SWANCTL_DIR}/x509ca
+done
+
# Convert Research CA certificate into DER format
openssl x509 -in ${RESEARCH_CERT} -outform der -out ${RESEARCH_CERT_DER}
cp ${SALES_CERT} ${TEST}/hosts/moon/${SWANCTL_DIR}/x509ca
done
+for t in rw-hash-and-url-multi-level
+do
+ TEST="${TEST_DIR}/swanctl/${t}"
+ mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/x509ca
+ cp ${SALES_CERT} ${TEST}/hosts/dave/${SWANCTL_DIR}/x509ca
+done
+
# Convert Sales CA certificate into DER format
openssl x509 -in ${SALES_CERT} -outform der -out ${SALES_CERT_DER}
# strongSwan Attribute Authority #
################################################################################
-# Generate Attritbute Authority certificate
+# Generate Attribute Authority certificate
TEST="${TEST_DIR}/ikev2/acert-cached"
TEST_KEY="${TEST}/hosts/moon/${IPSEC_DIR}/private/aaKey.pem"
TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/aacerts/aaCert.pem"
--in ${CA_DIR}/certs/01.pem --group sales \
--not-before "${SH_END}" --not-after "${EE_END}" --outform pem > ${ACERT_CS}
-# Put a copy into the ikev2/acert-inline scenarion
+# Put a copy into the ikev2/acert-inline scenario
TEST="${TEST_DIR}/ikev2/acert-inline"
mkdir -p ${TEST}/hosts/moon/${IPSEC_DIR}/private
mkdir -p ${TEST}/hosts/moon/${IPSEC_DIR}/aacerts
cp ${ACERT_CS} ${TEST}/hosts/carol/${IPSEC_DIR}/acerts
cp ${ACERT_DM} ${TEST}/hosts/dave/${IPSEC_DIR}/acerts
-# Generate a short-lived Attritbute Authority certificate
+# Generate a short-lived Attribute Authority certificate
CN="strongSwan Legacy AA"
TEST_KEY="${TEST}/hosts/moon/${IPSEC_DIR}/private/aaKey-expired.pem"
TEST_CERT="${TEST}/hosts/moon/${IPSEC_DIR}/aacerts/aaCert-expired.pem"
--outform pem > ${TEST_CERT}
cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
-# Genrate dave's attribute certificate for sales from expired AA
+# Generate dave's attribute certificate for sales from expired AA
ACERT=${TEST}/hosts/dave/${IPSEC_DIR}/acerts/dave-expired-aa.pem
mkdir -p ${TEST}/hosts/dave/${IPSEC_DIR}/acerts
pki --acert --issuerkey ${TEST_KEY} --issuercert ${TEST_CERT} \
cp ${TEST_CERT} ${TEST}/hosts/carol/${IPSEC_DIR}/certs
done
-for t in multi-level-ca ocsp-multi-level
+for t in multi-level-ca rw-hash-and-url-multi-level ocsp-multi-level
do
TEST="${TEST_DIR}/swanctl/${t}"
mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/rsa
cp ${TEST_CERT} ${TEST}/hosts/dave/${IPSEC_DIR}/certs
done
-for t in multi-level-ca ocsp-multi-level
+for t in multi-level-ca rw-hash-and-url-multi-level ocsp-multi-level
do
TEST="${TEST_DIR}/swanctl/${t}"
mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/rsa