#!/bin/sh set -o nounset set -o errexit SOFTHSM=/usr/local/bin/softhsm2-util top_srcdir=$(cd $(dirname $0)/../..; pwd) . ${top_srcdir}/test/scripts/testutils.sh createca () { mkdir httpsca ( cd httpsca ; \ mkdir -p demoCA/newcerts ; \ touch demoCA/index.txt ; \ echo 00 > demoCA/serial ; \ echo '[ req ]' > caconfig.txt ; \ echo 'distinguished_name = req_distinguished_name' >> caconfig.txt ; \ echo 'x509_extensions = v3_ca' >> caconfig.txt ; \ echo 'string_mask = utf8only' >> caconfig.txt ; \ echo '[ req_distinguished_name ]' >> caconfig.txt ; \ echo '[ v3_ca ]' >> caconfig.txt ; \ echo 'basicConstraints=CA:true' >> caconfig.txt ; \ openssl req -newkey rsa:2048 -keyout key.pem -out req.csr -nodes -subj '/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/commonName=ca/O=ca' -config caconfig.txt ; \ openssl ca -in req.csr -selfsign -keyfile key.pem -out demoCA/cacert.pem -batch \ ) } createcert () { mkdir httpscert openssl req -new -newkey rsa:2048 -keyout httpscert/httpskey-1.pem -out httpsca/httpscert-1.csr -nodes -subj '/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/CN=localhost' ( cd httpsca ; \ openssl ca -in httpscert-1.csr -keyfile key.pem -out httpscert-1.pem -batch \ ) cp httpsca/httpscert-1.pem httpscert/ } createca createcert cafingerprint=$(openssl x509 -in httpsca/demoCA/cacert.pem -noout -sha256 -fingerprint | sed -e 's/.*=//' -e 's/://g') mkdir keys (cd keys ; ${top_srcdir}/tools/create-key.sh logkey) openssl pkcs8 -topk8 -nocrypt -in keys/logkey-private.pem -out keys/logkey-private.pkcs8 mkdir mergedb touch mergedb/logorder mkdir mergedb-secondary touch mergedb-secondary/logorder printf 0 > mergedb-secondary/verifiedsize mkdir known_roots cp ${top_srcdir}/tools/testcerts/roots/* known_roots mkdir privatekeys mkdir publickeys echo "apikeys:" > api-keys.cfg for node in ${NODES}; do \ (cd privatekeys ; ${top_srcdir}/tools/create-key.sh ${node}) apipk=$(grep -v '^-----' privatekeys/${node}.pem | tr '\n' ' ') mkdir -p nodes/${node}/log echo " - nodename: ${node}" >> api-keys.cfg echo " publickey: ${apipk}" >> api-keys.cfg done logpk=$(grep -v '^-----' keys/logkey.pem | tr '\n' ' ') echo "logpublickey: ${logpk}" >> api-keys.cfg echo "cafingerprint: ${cafingerprint}" >> api-keys.cfg cat ${top_srcdir}/test/catlfish-test.cfg.in api-keys.cfg > ${top_srcdir}/test/catlfish-test.cfg for machine in ${MACHINES}; do \ ${top_srcdir}/tools/compileconfig.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-${machine}.cfg mkdir -p machine/machine-${machine}/db touch machine/machine-${machine}/db/index && touch machine/machine-${machine}/db/newentries done ${top_srcdir}/tools/compileconfig.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge.cfg ${top_srcdir}/tools/compileconfig.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-merge-2.cfg ${top_srcdir}/tools/compileconfig.py --config ${top_srcdir}/test/catlfish-test.cfg --localconfig ${top_srcdir}/test/catlfish-test-local-signing.cfg test -x ${SOFTHSM} && ${SOFTHSM} --init-token --slot=0 --label=mylabel --so-pin=ffff --pin=ffff || true test -x ${SOFTHSM} && ${SOFTHSM} --import keys/logkey-private.pkcs8 --slot 0 --label mylabel --pin ffff --id 00 || true