3 # ============LICENSE_START====================================================
5 # ===========================================================================
6 # Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
7 # ===========================================================================
8 # Licensed under the Apache License, Version 2.0 (the "License");
9 # you may not use this file except in compliance with the License.
10 # You may obtain a copy of the License at
12 # http://www.apache.org/licenses/LICENSE-2.0
14 # Unless required by applicable law or agreed to in writing, software
15 # distributed under the License is distributed on an "AS IS" BASIS,
16 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 # See the License for the specific language governing permissions and
18 # limitations under the License.
19 # ============LICENSE_END====================================================
22 # Import the keys and certs to pkcs11 based softhsm
25 if [ "$#" -ne 3 ]; then
26 echo "Usage: p11.sh <user pin> <so pin> <id>"
30 LIB_PATH=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
32 mkdir -p p11key p11crt cacerts
33 # Conver the keys and certs to DER format
35 openssl rsa -in private/ca.key -outform DER -out p11key/cakey.der
37 cp certs/ca.crt cacerts
38 DLIST=`ls -d intermediate_*`
40 cp $DIR/certs/ca.crt cacerts/$DIR.crt
42 for CA in `ls cacerts`; do
43 openssl x509 -in cacerts/$CA -outform DER -out p11crt/$CA
46 # create token directory
47 mkdir /var/lib/softhsm/tokens
49 softhsm2-util --init-token --slot 0 --label "ca token" --pin $1 --so-pin $2
50 # import key into softhsm
51 pkcs11-tool --module $LIB_PATH -l --pin $1 --write-object p11key/cakey.der --type privkey --id $3
52 # import certs into softhsm
53 for CRT in `ls cacerts`; do
54 pkcs11-tool --module $LIB_PATH -l --pin $1 --write-object p11crt/$CRT --type cert --id $3