VOMS proxies using voms-proxy-fake

diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh
index 8791f86..020a16f 100755 (executable)
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -259,6 +259,39 @@ function create_cert_proxy_proxy {
     #    ${X509_SIGNING_CERT} ${X509_SIGNING_KEY} ${X509_SIGNING_REQ} 
 }
 
+function create_voms {
+    filename=$1
+    shift
+
+    # checking then environment
+    if [ ! -r 'home/usercert.pem' -o ! -r 'home/userkey.pem' ]; then
+        echo "Error: cannot read 'home/usercert.pem' or 'home/userkey.pem'" >&2
+        return
+    fi
+    if [ ! -r 'grid-security/hostcert.pem' -o ! -r 'grid-security/hostkey.pem' ]; then
+        echo "Error: cannot read 'grid-security/hostcert.pem' or 'grid-security/hostkey.pem'" >&2
+        return
+    fi
+
+    # making sure VOMSDIR exists
+    if [ ! -d 'grid-security/vomsdir' ]; then
+        mkdir -p 'grid-security/vomsdir'
+    fi
+    if [ ! -f 'grid-security/vomsdir/hostcert.pem' ]; then
+        cp grid-security/hostcert.pem grid-security/vomsdir/
+    fi
+    export VOMSDIR='grid-security/vomsdir'
+
+    CMD="voms-proxy-fake -pwstdin \
+                    -cert home/usercert.pem -key home/userkey.pem \
+                    -certdir grid-security/certificates/ \
+                    -hostcert grid-security/hostcert.pem \
+                    -hostkey grid-security/hostkey.pem \
+                    -out $filename "$(for fqan in $@; do echo -n "-fqan $fqan "; done)
+    echo $CMD
+    echo "$PASSWORD" | $CMD
+}  
+
 # create some certificates and copy them to convenient locations
 function create_some {
 
@@ -307,8 +340,21 @@ function create_some {
             chmod 400 home/userkey$i.pem
         done
     fi
+
+    # creating some fake VOMS certificates
+    if [ "$VOMS" = 'yes' -a -x "$(which voms-proxy-fake)" ]; then
+        create_voms home/voms-acme.pem /org.acme
+        create_voms home/voms-acme-Radmin.pem /org.acme /org.acme/Role=Admin
+        create_voms home/voms-acme-Gproduction.pem /org.acme /org.acme/production
+        create_voms home/voms-coyote.pem /org.coyote
+        create_voms home/voms-coyote-Radmin.pem /org.coyote /org.coyote/Role=Admin
+        create_voms home/voms-coyote-Gproduction.pem /org.coyote /org.coyote/production
+        create_voms home/voms-acme-coyote.pem /org.acme /org.coyote
+    fi
 }
 
+
+
 # create all certificates
 function create_all {
 
@@ -510,9 +556,9 @@ function create_all {
 
 ############################## main ################################
 
-USAGE="$0 [--help] [--all] [--some] [--extra #extra-user-certs]"
+USAGE="$0 [--help] [--all|--some] [--voms] [--extra #extra-user-certs]"
 
-TEMP=$(getopt -o hase: --long help,all,some,extra: -- "$@")
+TEMP=$(getopt -o hasve: --long help,all,some,voms,extra: -- "$@")
 eval set -- "$TEMP"
 
 # by default do not create all variations of certificates
@@ -521,6 +567,8 @@ ALL='no'
 CATYPES='trusted'
 # by default do not create extra user certificates
 unset EXTRACERTS
+# by default fake VOMS certificate are not created
+VOMS='no'
 
 while true; do
     case "$1" in
@@ -539,6 +587,10 @@ while true; do
             EXTRACERTS=$1
             shift
             ;;
+        -v|--voms)
+            VOMS='yes'
+            shift
+            ;;
         -h|--help)
             echo $USAGE
             exit