1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
#!/bin/sh
if test $# -lt 1 ; then
echo "usage: $(basename $0) <file-generated-by-generate.sh>" 1>&2
exit 1
fi
certutil='ipsec certutil'
pk12util='ipsec pk12util'
crlutil='ipsec crlutil'
if test -r /run/pluto/nsspw ; then
crlutil="${crlutil} -f /run/pluto/nsspw"
certutil="${certutil} -f /run/pluto/nsspw"
pk12util="${pk12util} -k /run/pluto/nsspw"
fi
# this assumes generate.sh
cd $(dirname $0)
if ! test -r nss-pw ; then
echo "missing password file: nss-pw" 1>&2
exit 1
fi
run()
{
echo "$@"
"$@"
}
import_root_p12()
{
ca=$(basename $(dirname $1))
run ${pk12util} -w nss-pw -i $1
run ${certutil} -M -n "${ca}" -t CT,,
}
import_root_cert()
{
ca=$(basename $(dirname $1))
run ${certutil} -A -n "${ca}" -t CT,, -i $1
}
import_all_p12()
{
n=$(basename $1 .all.p12)
ca=$(basename $(dirname $1))
run ${pk12util} -w nss-pw -i $1
run ${certutil} -M -n "${ca}" -t CT,,
}
import_all_cert()
{
n=$(basename $1 .all.cert)
ca=$(basename $(dirname $1))
run ${certutil} -A -n "${n}" -t P,, -i $1
run ${certutil} -M -n "${ca}" -t CT,,
}
import_end_p12()
{
n=$(basename $1 .end.p12)
ca=$(basename $(dirname $1))
run ${pk12util} -w nss-pw -i $1
}
import_end_cert()
{
n=$(basename $1 .end.cert)
run ${certutil} -A -n "${n}" -t P,, -i $1
}
import_p12()
{
n=$(basename $1 .p12)
ca=$(basename $(dirname $1))
run ${pk12util} -w nss-pw -i $1
run ${certutil} -M -n "${ca}" -t CT,,
}
import_crt()
{
n=$(basename $1 .crt)
ca=$(basename $(dirname $1))
run ${certutil} -A -n "${n}" -t P,, -i $1
run ${certutil} -M -n "${ca}" -t CT,,
}
import_crl()
{
run ${crlutil} -I -i ${1}
}
for file in "$@" ; do
if test ! -r ${file} ; then
echo "missing file: ${file}" 1>&2
exit 1
fi
case ${file} in
*/root.p12 ) import_root_p12 ${file} ;;
*/root.cert ) import_root_cert ${file} ;;
*.all.p12 ) import_all_p12 ${file} ;;
*.end.p12 ) import_end_p12 ${file} ;;
*.all.cert ) import_all_cert ${file} ;;
*.end.cert ) import_end_cert ${file} ;;
*.p12 ) import_p12 ${file} ;;
*.crt ) import_crt ${file} ;;
*.crl ) import_crl ${file} ;;
* ) echo "Huh!?! ${file}" 1>&2 ;;
esac
done
|
