add the host cert with emailaddress in DN generation

author Joni Hahkala <joni.hahkala@cern.ch>

Thu, 8 Jul 2010 13:07:14 +0000 (13:07 +0000)

committer Joni Hahkala <joni.hahkala@cern.ch>

Thu, 8 Jul 2010 13:07:14 +0000 (13:07 +0000)
author Joni Hahkala <joni.hahkala@cern.ch>
Thu, 8 Jul 2010 13:07:14 +0000 (13:07 +0000)
committer Joni Hahkala <joni.hahkala@cern.ch>
Thu, 8 Jul 2010 13:07:14 +0000 (13:07 +0000)
diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh

index 2aea752..5e92bc8 100755 (executable)
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -72,6 +72,11 @@ function create_cert {
             flags="server"
             CMD="$CMD -subj \"`echo $dn | sed 's/Relaxation/Chilling/'`\""
             ;;
+       hostemail)
+           echo bad DN cert $flags
+           flags="server"
+           CMD="$CMD -subj \"$dn/emailAddress=john.doe@foo.bar\""
+           ;;
         clientfuture)
             echo bad DN cert $flags
             flags="client"
@@ -466,6 +471,9 @@ function add_ca_grid_sec {
      if [ ! -d 'grid-security/certificates-withoutroot' ]; then
          mkdir -p 'grid-security/certificates-withoutroot'
      fi
+    if [ ! -d 'grid-security/certificates-withnamespaceerrors' ]; then
+        mkdir -p 'grid-security/certificates-withnamespaceerrors'
+    fi
      hash=$(openssl x509 -hash -noout -in $1-ca/$1.cert)
      cp $1-ca/$1.cert grid-security/certificates/${hash}.0
      cp $1-ca/$1.crl grid-security/certificates/${hash}.r0
@@ -487,7 +495,7 @@ EOF
      cp grid-security/certificates/${hash}.* grid-security/certificates-rootwithpolicy
      cp grid-security/certificates/${hash}.* grid-security/certificates-rootallowsubsubdeny
      cp grid-security/certificates/${hash}.* grid-security/certificates-subcawithpolicy
-    cp grid-security/certificates/${hash}.* grid-security/certificates-subcawithpolicy
+    cp grid-security/certificates/${hash}.* grid-security/certificates-withnamespaceerrors
      cp grid-security/certificates/${hash}.* grid-security/certificates-withoutroot
  
  #override root and sub namespaces
@@ -595,6 +603,19 @@ access_id_CA            X509    '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the su
  pos_rights              globus  CA:sign
  cond_subjects           globus  '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=*"'
  EOF
+       cat <<EOF >grid-security/certificates-withnamespaceerrors/${hash}.namespaces
+##############################################################################
+#NAMESPACES-VERSION: 1.0
+# Namespaces file for the $(echo "$subject_name" | sed -e 's#^.*/CN=##')
+TO Isser "${subject_name:9}" \
+  PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA"
+EOF
+       cat <<EOF >grid-security/certificates-withnamespaceerrors/${hash}.signing_policy
+# Signing policy file for the $(echo "$subject_name" | sed -e 's#^.*/CN=##')
+access_id_CA             '${subject_name:9}'
+pos_rights              globus  CA:sign
+cond_subjects           globus  '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA"'
+EOF
      fi
      if [ "$1" = 'subsubca' ]; then
         cat <<EOF >grid-security/certificates/${hash}.namespaces
@@ -841,6 +862,12 @@ function create_all {
         
         create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS
         
+       TYPE="host_email"
+       CTYPE="$HOSTNAME email"
+       TYPE2="hostemail"
+       
+       create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS
+       
         TYPE="altname"
         CTYPE="altname"
author	Joni Hahkala <joni.hahkala@cern.ch>
	Thu, 8 Jul 2010 13:07:14 +0000 (13:07 +0000)
committer	Joni Hahkala <joni.hahkala@cern.ch>
	Thu, 8 Jul 2010 13:07:14 +0000 (13:07 +0000)