| Manjunath Ranganathaiah | 54944fe | 2018-04-03 16:29:45 -0700 | [diff] [blame] | 1 | # |
| 2 | # Import the keys and certs to pkcs11 based softhsm |
| 3 | # |
| 4 | |
| 5 | if [ "$#" -ne 3 ]; then |
| 6 | echo "Usage: p11.sh <user pin> <so pin> <id>" |
| 7 | exit 1 |
| 8 | fi |
| 9 | |
| 10 | LIB_PATH=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so |
| 11 | |
| 12 | mkdir -p p11key p11crt cacerts |
| 13 | # Conver the keys and certs to DER format |
| 14 | # key to der |
| 15 | openssl rsa -in private/ca.key -outform DER -out p11key/cakey.der |
| 16 | # cert to der |
| 17 | cp certs/ca.crt cacerts |
| 18 | DLIST=`ls -d intermediate_*` |
| 19 | for DIR in $DLIST; do |
| 20 | cp $DIR/certs/ca.crt cacerts/$DIR.crt |
| 21 | done |
| 22 | for CA in `ls cacerts`; do |
| 23 | openssl x509 -in cacerts/$CA -outform DER -out p11crt/$CA |
| 24 | done |
| 25 | |
| 26 | # create token directory |
| 27 | mkdir /var/lib/softhsm/tokens |
| 28 | # create slot |
| 29 | softhsm2-util --init-token --slot 0 --label "ca token" --pin $1 --so-pin $2 |
| 30 | # import key into softhsm |
| 31 | pkcs11-tool --module $LIB_PATH -l --pin $1 --write-object p11key/cakey.der --type privkey --id $3 |
| 32 | # import certs into softhsm |
| 33 | for CRT in `ls cacerts`; do |
| 34 | pkcs11-tool --module $LIB_PATH -l --pin $1 --write-object p11crt/$CRT --type cert --id $3 |
| 35 | done |
| 36 | |
| 37 | rm -r p11key |
| 38 | rm -r p11crt |
| 39 | rm -r cacerts |