diff --git a/docs/pki_agile b/docs/pki_agile index 3fda93c..8f0b999 100644 --- a/docs/pki_agile +++ b/docs/pki_agile @@ -4,15 +4,15 @@ [[ WORKING ]] * PKI Bootstrap: cp lifecycle functions - +* PKI Lifecycle [[ BACKLOG ]] [ current ] +* zip distribution folder (ca_i_4321.skunkworks.acme.xyz.zip) * add CA password -* auto-increment SERIAL * create certificate installation guide -copy file to sd, select .p12 file, password="password" * can I install certificates from an android application?? @@ -21,25 +21,40 @@ * add tool for .p12 file extractor for MH provisioning -[ ver 1.4 ] -* create new "certificate bootstrap" with .cfg parameters for CA ".mil" strings -* create new CA generation script that also reads .cfg -* create new CA-I generation script that uses a CA - -also packages .p12 for distrobution (use random high quality password) - - -[ bootstrap cert chain-of-trust ] +[ ver 3.5 : xdev bootstrap chain-of-trust ] * select bootstrap generation cpu (beaglebone, raspi) * change strings from "acme.xyz" to ".mil" * generate bootstrap -sneakernet two CA-I +* integrate into the build + -modify CI global variables (for each build) + -certs are generated BEFORE pulled into image (not part of build process) + -modify cert gen on NAS (looks for files in mount dir) -[ ver 1.5 ] +[ ver 3.6 ] +[[ COMPLETED ]] + +[ ver 3.3 ] +* configuration defaults generated so that the CA-I package is all automated +* gen_client.sh modified run with config defaults +* gen_server.sh modified to run with config defaults +* auto-increment SERIAL +* CA FQDN saved to config file +* CA-I FQDN saved to config file + + +[ ver 3.2 ] +* create new CA-I generation script that uses a CA + -also packages .p12 for distrobution (use random high quality password) +* added resources directory +* added files to be copied during CA-I package creation + + [[ STORIES ]] @@ -54,7 +69,6 @@ PKI Lifecycle Package -[[ COMPLETED ]] diff --git a/src/pki_bootstrap/pki_bootstrap.sh b/src/pki_bootstrap/pki_bootstrap.sh index 9208eda..374bccd 100755 --- a/src/pki_bootstrap/pki_bootstrap.sh +++ b/src/pki_bootstrap/pki_bootstrap.sh @@ -29,10 +29,13 @@ usage() { # Grab the latest serial # from the file, auto-increment # get_serial_ca() { - SERIAL=`head "res/cfg/SERIAL"` + SERIAL=`head res/cfg/SERIAL` if [[ -z $SERIAL ]]; then SERIAL=11111 echo_block "WARN: no file 'SERIAL' found, using default 11111 as the serial # for CA" + else + PLUS1=$((SERIAL+1)) + echo $PLUS1 > res/cfg/SERIAL fi } diff --git a/src/pki_bootstrap/res/cfg/SERIAL b/src/pki_bootstrap/res/cfg/SERIAL index 97a55e1..257e563 100644 --- a/src/pki_bootstrap/res/cfg/SERIAL +++ b/src/pki_bootstrap/res/cfg/SERIAL @@ -1 +1 @@ -101 \ No newline at end of file +102 diff --git a/src/pki_bootstrap/res/libs/pki_funcs.sh b/src/pki_bootstrap/res/libs/pki_funcs.sh index c9843ff..ac8954c 100644 --- a/src/pki_bootstrap/res/libs/pki_funcs.sh +++ b/src/pki_bootstrap/res/libs/pki_funcs.sh @@ -182,7 +182,7 @@ ca-i_create_shell() { DEST_DIR="${CDD}/distribution/ca_i_${UNIQ_ID}" - echo $UNIQ_ID > UNIQ_ID_CA-I + echo $UNIQ_ID > cfg/UNIQ_ID_CA-I # client mkdir -p $DEST_DIR/clients/cfg @@ -196,7 +196,7 @@ ca-i_create_shell() { cp ca_i*.keys.pem $DEST_DIR/clients/cfg/ca-i.keys.pem cp ca_cert-chain*.pem $DEST_DIR/clients/cfg/ca_cert-chain.crts.pem cp cfg/UNIQ_ID_CA-I $DEST_DIR/clients/cfg/ - cp UNIQ_ID $DEST_DIR/clients/cfg/ + cp cfg/UNIQ_ID_CA $DEST_DIR/clients/cfg/ # server mkdir -p $DEST_DIR/servers/cfg @@ -210,7 +210,7 @@ ca-i_create_shell() { cp ca_i*.keys.pem $DEST_DIR/servers/cfg/ca-i.keys.pem cp ca_cert-chain*.pem $DEST_DIR/servers/cfg/ca_cert-chain.crts.pem cp cfg/UNIQ_ID_CA-I $DEST_DIR/servers/cfg/ - cp UNIQ_ID $DEST_DIR/servers/cfg/ + cp cfg/UNIQ_ID_CA $DEST_DIR/servers/cfg/ # CA-I mkdir -p $DEST_DIR/ca-i/data @@ -269,7 +269,7 @@ ca-i_gen_cert() { get_uniq_ids() { UNIQ_ID_CA=`head cfg/UNIQ_ID_CA` - UNIQ_ID_CA-I=`head cfg/UNIQ_ID_CA-I` + UNIQ_ID_CAI=`head cfg/UNIQ_ID_CA-I` # if [[ -z $ORG_URL ]]; then # echo_block "WARN: no file 'UNIQ_ID' found, using default 11111 as the serial # for CA" # exit 1