From f361b4015a08d3e004e65328ffb5070011eb3ab9 Mon Sep 17 00:00:00 2001
From: Zhi Guan <guanzhi1980@gmail.com>
Date: Thu, 9 Feb 2023 18:04:54 +0800
Subject: [PATCH] Move certs folder to demos

---
 certs/README.md                               |   4 ---
 ...t Financial Certification Authority S1.pem |   0
 {certs => demos/certs}/ca/TJCA.pem            |   0
 {certs => demos/certs}/ca/Taier CA.pem        |   0
 .../certs}/crl/Civil Servant ROOT.crl         | Bin
 {certs => demos/certs}/crl/Device ROOT.crl    | Bin
 {certs => demos/certs}/crl/ROOTCA.crl         | Bin
 .../certs}/rootca/Civil Servant ROOT.pem      |   0
 {certs => demos/certs}/rootca/Device ROOT.pem |   0
 {certs => demos/certs}/rootca/ROOTCA.pem      |   0
 demos/scripts/certs.sh                        |  24 ++++++++++++++++++
 11 files changed, 24 insertions(+), 4 deletions(-)
 delete mode 100644 certs/README.md
 rename {certs => demos/certs}/ca/Ant Financial Certification Authority S1.pem (100%)
 rename {certs => demos/certs}/ca/TJCA.pem (100%)
 rename {certs => demos/certs}/ca/Taier CA.pem (100%)
 rename {certs => demos/certs}/crl/Civil Servant ROOT.crl (100%)
 rename {certs => demos/certs}/crl/Device ROOT.crl (100%)
 rename {certs => demos/certs}/crl/ROOTCA.crl (100%)
 rename {certs => demos/certs}/rootca/Civil Servant ROOT.pem (100%)
 rename {certs => demos/certs}/rootca/Device ROOT.pem (100%)
 rename {certs => demos/certs}/rootca/ROOTCA.pem (100%)
 create mode 100755 demos/scripts/certs.sh

diff --git a/certs/README.md b/certs/README.md
deleted file mode 100644
index 8e441f5f..00000000
--- a/certs/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-# 国密证书库
-
-
-
diff --git a/certs/ca/Ant Financial Certification Authority S1.pem b/demos/certs/ca/Ant Financial Certification Authority S1.pem
similarity index 100%
rename from certs/ca/Ant Financial Certification Authority S1.pem
rename to demos/certs/ca/Ant Financial Certification Authority S1.pem
diff --git a/certs/ca/TJCA.pem b/demos/certs/ca/TJCA.pem
similarity index 100%
rename from certs/ca/TJCA.pem
rename to demos/certs/ca/TJCA.pem
diff --git a/certs/ca/Taier CA.pem b/demos/certs/ca/Taier CA.pem
similarity index 100%
rename from certs/ca/Taier CA.pem
rename to demos/certs/ca/Taier CA.pem
diff --git a/certs/crl/Civil Servant ROOT.crl b/demos/certs/crl/Civil Servant ROOT.crl
similarity index 100%
rename from certs/crl/Civil Servant ROOT.crl
rename to demos/certs/crl/Civil Servant ROOT.crl
diff --git a/certs/crl/Device ROOT.crl b/demos/certs/crl/Device ROOT.crl
similarity index 100%
rename from certs/crl/Device ROOT.crl
rename to demos/certs/crl/Device ROOT.crl
diff --git a/certs/crl/ROOTCA.crl b/demos/certs/crl/ROOTCA.crl
similarity index 100%
rename from certs/crl/ROOTCA.crl
rename to demos/certs/crl/ROOTCA.crl
diff --git a/certs/rootca/Civil Servant ROOT.pem b/demos/certs/rootca/Civil Servant ROOT.pem
similarity index 100%
rename from certs/rootca/Civil Servant ROOT.pem
rename to demos/certs/rootca/Civil Servant ROOT.pem
diff --git a/certs/rootca/Device ROOT.pem b/demos/certs/rootca/Device ROOT.pem
similarity index 100%
rename from certs/rootca/Device ROOT.pem
rename to demos/certs/rootca/Device ROOT.pem
diff --git a/certs/rootca/ROOTCA.pem b/demos/certs/rootca/ROOTCA.pem
similarity index 100%
rename from certs/rootca/ROOTCA.pem
rename to demos/certs/rootca/ROOTCA.pem
diff --git a/demos/scripts/certs.sh b/demos/scripts/certs.sh
new file mode 100755
index 00000000..dc6f250c
--- /dev/null
+++ b/demos/scripts/certs.sh
@@ -0,0 +1,24 @@
+#!/bin/bash -x
+
+cd ../certs
+
+gmssl certparse -in "rootca/Civil Servant ROOT.pem"
+gmssl certverify -in "rootca/Civil Servant ROOT.pem" -cacert "rootca/Civil Servant ROOT.pem"
+gmssl crlparse -in "crl/Civil Servant ROOT.crl"
+gmssl crlverify -in "crl/Civil Servant ROOT.crl" -cacert "rootca/Civil Servant ROOT.pem"
+
+gmssl certparse -in "rootca/Device ROOT.pem"
+gmssl certverify -in "rootca/Device ROOT.pem" -cacert "rootca/Device ROOT.pem"
+gmssl crlparse -in "crl/Device ROOT.crl"
+gmssl crlverify -in "crl/Device ROOT.crl" -cacert "rootca/Device ROOT.pem"
+
+gmssl certparse -in "rootca/ROOTCA.pem"
+gmssl certverify -in "rootca/ROOTCA.pem" -cacert "rootca/ROOTCA.pem"
+gmssl crlparse -in "crl/ROOTCA.crl"
+gmssl crlverify -in "crl/ROOTCA.crl" -cacert "rootca/ROOTCA.pem" # now > next_update
+
+# The CRL URI of ROOTCA.pem is in Base64 format, not DER
+gmssl certverify -in "ca/TJCA.pem" -cacert "rootca/Civil Servant ROOT.pem" #-check_crl
+gmssl certverify -in "ca/Taier CA.pem" -cacert "rootca/ROOTCA.pem" #-check_crl
+gmssl certverify -in "ca/Ant Financial Certification Authority S1.pem" -cacert "rootca/ROOTCA.pem" #-check_crl
+