-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathupload_dsc.sh
executable file
·42 lines (36 loc) · 1.4 KB
/
upload_dsc.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/bin/bash
# this script uploads the DSC to the TNG DEV
# a given subdir containing the DSC.pem and DSC.key is expected
# optionally, a domain can be passed as second parameter
# -----------------------------------------------------------------
if [ $# -lt 2 ]; then
echo "Usage: $0 <subdir> (where <subdir> must contain UP.pem and UP.key) <DSC DIR> [Domain]"
exit 1
fi
if ! [ -d "$2" ]; then
echo "No DSC DIR specified, second parameter must be a directory"
exit 1
fi
if [ -z $3 ]; then
echo "No domain specified: using DCC" #TODO: change to DDCC when accepted by TNG
domain=DCC
else
domain=$3
fi
subdir=$1
dsc_dir=$2
openssl x509 -outform der -in ${dsc_dir}/DSC.pem -out ${dsc_dir}/DSC.der
openssl cms -sign -nodetach -in ${dsc_dir}/DSC.der -signer ${subdir}/UP.pem -inkey ${subdir}/UP.key -out ${dsc_dir}/DSC_cms.der -outform DER -binary
openssl enc -base64 -in ${dsc_dir}/DSC_cms.der -e -A > ${dsc_dir}/DSC_cms.b64
#openssl x509 -in ${subdir}/DSC.pem -noout -fingerprint -sha256 | sed 's/://g'
payload=$(cat ${dsc_dir}/DSC_cms.b64)
curl --location 'https://tng-dev.who.int/trustedCertificate' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{"cms": "'"${payload}"'", "properties": {}, "domain": "'"${domain}"'"}' \
--key ${subdir}/TLS.key \
--cert ${subdir}/TLS.pem \
#cleanup
rm ${dsc_dir}/DSC.der
rm ${dsc_dir}/DSC_cms.der
rm ${dsc_dir}/DSC_cms.b64