return
fi
+ # if we are in a state where we are generating proxies (${CA_DIR}/serial_proxy.txt exists)
+ # then let's transfer the serial number of the last proxy to the serial.txt file for the
+ # next new certificate...
+
+
CMD="openssl req -out $filebase.req -newkey rsa:1024 -new -keyout $filebase.priv -config $REQ_CONFIG_FILE"
echo $CMD; $CMD;
echo "No certificate is generated."
esac
+ # Get the serial number of the certificate that will eventually sign the proxy.
+ # Put it into a temporary file to be read by the ca command later.
+
+ SERIAL="`openssl x509 -in ${filebase}.cert -noout -serial | sed 's/^serial=//'`"
+ echo ${SERIAL} > ${CA_DIR}/serial_proxy.txt
+ # cat ${CA_DIR}/serial_proxy.txt
+
# some minor cleanup
rm $filebase.req
echo " in files named $filebase.(cert|priv)"
echo " with $validity days validity time"
- # Get the serial number of the certificate that will eventually sign the proxy.
- # Put it into a temporary file to be read by the ca command later.
- SERIAL="`openssl x509 -in ${filebase}.cert -noout -serial | sed 's/^serial=//'`"
- echo ${SERIAL} > ${CA_DIR}/serial_proxy.txt
-
# Have to 'edit' the ca database to remove the entry for the signing certificate.
# maybe no need... make a dummy database, touch and then delete afterwards...
touch ${CA_DIR}/index_proxy.txt
openssl x509 -in ${X509_SIGNING_CERT} >> ${X509_PROX_GRID}
chmod 600 ${X509_PROX_GRID}
+ cp ${CA_DIR}/serial_proxy.txt ${CA_DIR}/serial.txt
+
# Clean up stuff
- rm ${CA_DIR}/serial_proxy.txt ${CA_DIR}/index_proxy.txt
+ # rm ${CA_DIR}/serial_proxy.txt ${CA_DIR}/index_proxy.txt
# most of the cleanup should be done in the create_cert_proxy_proxy function
# since some files need to be kept for signing purposes later!
}
# Get the serial number of the certificate that will eventually sign the proxy.
# Put it into a temporary file to be read by the ca command later.
- SERIAL="`openssl x509 -in ${X509_SIGNING_CERT} -noout -serial | sed 's/^serial=//'`"
- echo ${SERIAL} > ${CA_DIR}/serial_proxy.txt
+ # SERIAL="`openssl x509 -in ${X509_SIGNING_CERT} -noout -serial | sed 's/^serial=//'`"
+ # echo ${SERIAL} > ${CA_DIR}/serial_proxy.txt
# Have to 'edit' the ca database to remove the entry for the signing certificate.
# maybe no need... make a dummy database, touch and then delete afterwards...
openssl x509 -in ${X509_SIGNING_CERT} >> ${X509_PROX_GRID}
chmod 600 ${X509_PROX_GRID}
+ cp ${CA_DIR}/serial_proxy.txt ${CA_DIR}/serial.txt
+
# Clean up stuff
- rm ${CA_DIR}/serial_proxy.txt ${CA_DIR}/index_proxy.txt \
- ${X509_PROX_REQ} ${X509_PROX_CERT} ${X509_PROX_KEY} \
- ${X509_SIGNING_CERT} ${X509_SIGNING_KEY} ${X509_SIGNING_REQ}
+ # rm ${CA_DIR}/serial_proxy.txt ${CA_DIR}/index_proxy.txt \
+ # ${X509_PROX_REQ} ${X509_PROX_CERT} ${X509_PROX_KEY} \
+ # ${X509_SIGNING_CERT} ${X509_SIGNING_KEY} ${X509_SIGNING_REQ}
}
# create some certificates and copy them to convenient locations
mv $CERT_DIR/${catype}_client.priv ../../../userkey.pem
mv $CERT_DIR/${catype}_server.cert ../../../hostcert.pem
mv $CERT_DIR/${catype}_server.priv ../../../hostkey.pem
+ rm ${CA_DIR}/serial_proxy.txt; # touch ${CA_DIR}/serial_proxy.txt
fi
# create valid certs with proxies
TYPE="client"
CTYPE="client"
+ # i=0;
+ # let "i += 1"; echo "State : $i"; cat ${CA_DIR}/serial_proxy.txt; echo;
+ ls -l ${CA_DIR}/.
+
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
+ # let "i += 1"; echo "State : $i"; cat ${CA_DIR}/serial_proxy.txt; echo;
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" 1
+ # let "i += 1"; echo "State : $i"; cat ${CA_DIR}/serial_proxy.txt; echo;
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
+ # let "i += 1"; echo "State : $i"; cat ${CA_DIR}/serial_proxy.txt; echo;
create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" 1 proxy
+ # let "i += 1"; echo "State : $i"; cat ${CA_DIR}/serial_proxy.txt; echo;
create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
TYPE="fclient"
CTYPE="flag client"
+ # let "i += 1"; echo "State : $i"; cat ${CA_DIR}/serial_proxy.txt; echo;
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
-
+ # Is there a problem here? The serial # does not advance after writing the certificate. Check later.
+ # let "i += 1"; echo "State : $i"; cat ${CA_DIR}/serial_proxy.txt; echo;
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" 1
+ # let "i += 1"; echo "State : $i"; cat ${CA_DIR}/serial_proxy.txt; echo;
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
+ # let "i += 1"; echo "State : $i"; cat ${CA_DIR}/serial_proxy.txt; echo;
create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" 1 proxy
+ # let "i += 1"; echo "State : $i"; cat ${CA_DIR}/serial_proxy.txt; echo;
create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
TYPE="server"
# generating CRL
openssl ca -gencrl -crldays 10000 -out $CA_DIR/${catype}.crl -config $CA_CONF
+ # now do the clean-up?
+
+ rm ${CA_DIR}/serial_proxy.txt ${CA_DIR}/index_proxy.txt
+
}
function create_all_test {
if [ -n "$ALL" ]; then
create_all
- ## create_all_test
else
create_some
fi
git://scientific.zcu.cz / glite-security-test-utils.git / commitdiff