Check-in [466549fe92]
Overview
Comment:Merged divergent PIV branches
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | piv
Files: files | file ages | folders
SHA1: 466549fe9245870040711795df15ff3892ef2080
User & Date: rkeene on 2015-07-15 20:10:10
Other Links: branch diff | manifest | tags
Context
2015-07-15
20:10
Merged divergent PIV branches Closed-Leaf check-in: 466549fe92 user: rkeene tags: piv
2013-10-17
20:29
Updated to deal with 6E00 and added support for win32 build options check-in: 6ba1dff55a user: rkeene tags: piv
2013-08-03
02:20
Updated to create a PKCS#7 bundle check-in: 0a6ef43f4c user: rkeene tags: piv
Changes

Modified build/certs/dod/Makefile from [678511107e] to [5a8397c00a].



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20



21
22
23
24
25
26




all: cert-0.crt

rel3_dodroot_2048.cac:
	wget -O "$@.new" http://dodpki.c3pki.chamb.disa.mil/rel3_dodroot_2048.cac
	mv "$@.new" "$@"

cert-%.crt: rel3_dodroot_2048.cac
	idx=0; \
	( \
		openssl pkcs7 -in rel3_dodroot_2048.cac -inform DER -print_certs -text; \
	) | while IFS='' read -r line; do \
		if [ -z "$${line}" ]; then \
			continue; \
		fi; \
		echo "$${line}" >> "cert-$${idx}.crt"; \
		if [ "$${line}" == "-----END CERTIFICATE-----" ]; then \
			idx=$$[$$idx + 1]; \
		fi; \
	done




clean:
	rm -f cert-*.crt
	rm -f rel3_dodroot_2048.cac.new

distclean: clean
	rm -f rel3_dodroot_2048.cac


>
>
|



















>
>
>






>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
all: certs USG-dod-bundle.pem

certs: cert-0.crt

rel3_dodroot_2048.cac:
	wget -O "$@.new" http://dodpki.c3pki.chamb.disa.mil/rel3_dodroot_2048.cac
	mv "$@.new" "$@"

cert-%.crt: rel3_dodroot_2048.cac
	idx=0; \
	( \
		openssl pkcs7 -in rel3_dodroot_2048.cac -inform DER -print_certs -text; \
	) | while IFS='' read -r line; do \
		if [ -z "$${line}" ]; then \
			continue; \
		fi; \
		echo "$${line}" >> "cert-$${idx}.crt"; \
		if [ "$${line}" == "-----END CERTIFICATE-----" ]; then \
			idx=$$[$$idx + 1]; \
		fi; \
	done

USG-dod-bundle.pem: certs
	../build-tree.sh > "$@"

clean:
	rm -f cert-*.crt
	rm -f rel3_dodroot_2048.cac.new

distclean: clean
	rm -f rel3_dodroot_2048.cac

.PHONY: all certs

Modified build/certs/federal/Makefile from [7088ba1ceb] to [8dcfe9c94d].



1
2
3
4
5
6
7
8


all: cert-1.crt CPCA_TRCA.crt CommonPolicy.crt
	grep -l 'Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA' *.crt | xargs rm -f
	grep -l 'Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA' *.crt  | xargs grep -H 'Issuer:' | grep -v 'Issuer: C=us, O=U.S. Government, OU=FBCA, CN=Common Policy' | cut -f 1 -d : | xargs rm -f

CPCA_TRCA.crt:
	wget -O - --no-check-certificate https://pki.treas.gov/CPCA_TRCA.cer | openssl x509 -text > "$@.new"
	mv "$@.new" "$@"

>
>
|







1
2
3
4
5
6
7
8
9
10
all: certs USG-federal-bundle.pem

certs: cert-1.crt CPCA_TRCA.crt CommonPolicy.crt
	grep -l 'Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA' *.crt | xargs rm -f
	grep -l 'Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA' *.crt  | xargs grep -H 'Issuer:' | grep -v 'Issuer: C=us, O=U.S. Government, OU=FBCA, CN=Common Policy' | cut -f 1 -d : | xargs rm -f

CPCA_TRCA.crt:
	wget -O - --no-check-certificate https://pki.treas.gov/CPCA_TRCA.cer | openssl x509 -text > "$@.new"
	mv "$@.new" "$@"

29
30
31
32
33
34
35






36
37
38
39
40
41


		fi; \
		echo "$${line}" >> "cert-$${idx}.crt"; \
		if [ "$${line}" == "-----END CERTIFICATE-----" ]; then \
			idx=$$[$$idx + 1]; \
		fi; \
	done







clean:
	rm -f cert-*.crt
	rm -f CPCA_TRCA.crt.new root_sia.p7b.new caCertsIssuedTofcpca.p7c.new CommonPolicy.crt.new

distclean: clean
	rm -f CPCA_TRCA.crt root_sia.p7b caCertsIssuedTofcpca.p7c CommonPolicy.crt









>
>
>
>
>
>

|




>
>
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
		fi; \
		echo "$${line}" >> "cert-$${idx}.crt"; \
		if [ "$${line}" == "-----END CERTIFICATE-----" ]; then \
			idx=$$[$$idx + 1]; \
		fi; \
	done

USG-federal-bundle.pem: certs
	../build-tree.sh > "$@"

USG-federal-bundle.pk7: USG-federal-bundle.pem
	openssl crl2pkcs7 -outform der -nocrl -certfile USG-federal-bundle.pem > USG-federal-bundle.pk7

clean:
	rm -f cert-*.crt USG-federal-bundle.pem USG-federal-bundle.pk7
	rm -f CPCA_TRCA.crt.new root_sia.p7b.new caCertsIssuedTofcpca.p7c.new CommonPolicy.crt.new

distclean: clean
	rm -f CPCA_TRCA.crt root_sia.p7b caCertsIssuedTofcpca.p7c CommonPolicy.crt

.PHONY: all certs