mirror of
https://github.com/mongodb/mongo.git
synced 2024-12-01 09:32:32 +01:00
35 lines
1.2 KiB
Bash
Executable File
35 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
# This script uses the openssl command line tool to create CRLs.
|
|
|
|
OUTPUT_PATH="jstests/libs/"
|
|
|
|
crl() {
|
|
CADB=$(mktemp -d)
|
|
CA="jstests/libs/ca.pem"
|
|
CONFIG="${CADB}/config"
|
|
DEST="${OUTPUT_PATH}/$1"
|
|
echo '01' > "$CADB/serial"
|
|
touch "$CADB/index.txt" "$CADB/index.txt.attr"
|
|
echo -e "[ ca ]\ndefault_ca = CA_default\n" > "$CONFIG"
|
|
echo -e "[ CA_default ]\ndatabase = ${CADB}/index.txt\n" >> "$CONFIG"
|
|
echo -e "certificate = $CA\nprivate_key = $CA\ndefault_md = sha256" >> "$CONFIG"
|
|
|
|
VALIDITY_OPTIONS="-days 824 -crldays 823"
|
|
if [ "$2" = "expired" ]; then
|
|
# -enddate 010101000000Z = expires on 0:00:00, Jan 1, 2000.
|
|
# -crlsec 1 = valid for 1 second from now.
|
|
# i.e. this certificate will be completely invalid very soon.
|
|
VALIDITY_OPTIONS="-enddate 010101000000Z -crlsec 1"
|
|
elif [ "$2" = "revoked" ]; then
|
|
openssl ca -config "$CADB/config" -revoke "jstests/libs/client_revoked.pem"
|
|
fi
|
|
openssl ca -config "$CADB/config" -gencrl -out "$DEST" -md sha256 $VALIDITY_OPTIONS
|
|
jstests/ssl/x509/mkdigest.py crl sha256 "$DEST"
|
|
jstests/ssl/x509/mkdigest.py crl sha1 "$DEST"
|
|
}
|
|
crl crl.pem empty
|
|
crl crl_expired.pem expired
|
|
crl crl_client_revoked.pem revoked
|