function create_cert_proxy {
- echo "create_cert_proxy Start"
-
filebase=$1
ident=$3
validity=$5
dn="`openssl x509 -in ${X509_SIGNING_CERT} -subject -noout| sed 's/^subject= //'`/CN=$4"
- echo "Creating a proxy cert ${X509_PROX_CERT} for '$CN/CN=$PROXYNAME'"
+ echo "Creating a proxy cert ${X509_PROX_CERT} for '$dn"
echo " in files named $filebase.(cert|priv)"
echo " with $validity days validity time"
if [ -r "${X509_PROX_CERT}" ]; then
echo "There already exists a file named ${X509_PROX_CERT}"
- echo "file. Proxy certificate is not generated for '$CN'"
+ echo "file. Proxy certificate is not generated for '$dn'"
return
fi
# Now add the original certificate used to sign the request to the proxy file.
# This should be the certificate issued by the CA to the 'user'.
- openssl x509 -in ${X509_SIGNING_CERT} >> ${X509_PROX_GRID}
+ CMD="openssl x509 -in ${X509_SIGNING_CERT} >> ${X509_PROX_GRID}"
+ echo $CMD; eval "$CMD"
if [ $? != 0 ]; then
echo Proxy file generation failed!
function create_cert_proxy_proxy {
- echo "create_cert_proxy_proxy Start"
- filebase=$1
- export FILEBASE=${filebase}
- export CN=$2
- ident=$3
- validity=$5
- signing_pair=$6
-
- ending="grid_proxy_proxy"
-
- # This really depends on if we make a proxy or a proxy-proxy
- X509_SIGNING_CERT=${filebase}.${signing_pair}.cert # eg. trusted_client.proxy_exp.cert
- echo $X509_SIGNING_CERT
- X509_SIGNING_KEY=${filebase}.${signing_pair}.priv
- X509_SIGNING_REQ=${filebase}.${signing_pair}.req
-
- X509_PROX_CERT=${filebase}.${ident}.proxy.cert
- X509_PROX_KEY=${filebase}.${ident}.proxy.priv
- X509_PROX_REQ=${filebase}.${ident}.proxy.req
- X509_PROX_GRID=${filebase}.${ident}.${ending}
-
- dn="`openssl x509 -in ${X509_SIGNING_CERT} -subject -noout| sed 's/^subject= //'`/CN=$4"
-
- if [ -r "${X509_PROX_CERT}" ]; then
- echo "There already exists a file named ${X509_PROX_CERT}"
- echo "file. Proxy-proxy certificate is not generated for '$CN'"
- return 0
- fi
-
- # Get the serial number of the certificate that will eventually sign the proxy.
- # Put it into a temporary file to be read by the ca command later.
- # SERIAL="`openssl x509 -in ${X509_SIGNING_CERT} -noout -serial | sed 's/^serial=//'`"
- # echo ${SERIAL} > ${CA_DIR}/serial_proxy.txt
-
- # Have to 'edit' the ca database to remove the entry for the signing certificate.
- # maybe no need... make a dummy database, touch and then delete afterwards...
- #touch ${CA_DIR}/index_proxy.txt
-
- # instead save the ones for real certs and copy the ones saved before and use them and later switch back
- cp ${CA_DIR}/index.txt ${CA_DIR}/index_cert_save.txt
- cp ${CA_DIR}/serial.txt ${CA_DIR}/serial_cert_save.txt
- cp ${CA_DIR}/index_proxy.txt ${CA_DIR}/index.txt
- cp ${CA_DIR}/serial_proxy.txt ${CA_DIR}/serial.txt
-
- CMD="openssl genrsa -f4 -out ${X509_PROX_KEY} ${PROXY_BITS}; chmod 400 ${X509_PROX_KEY}"
- echo $CMD; $CMD
- if [ $? != 0 ]; then
- echo Private key generation for proxy failed!
- exit 1
- fi
-
- # Create the certificate request.
- CMD="openssl req -new -out ${X509_PROX_REQ} \
- -key ${X509_PROX_KEY} \
- -config ${REQ_CONFIG_FILE} -subj \"$dn\""
- echo $CMD; eval $CMD
-
- if [ $? != 0 ]; then
- echo Certificate generation for proxy failed!
- exit 1
- fi
-
- # Sign the cert request with the user cert and key. Set the serial number here!
-
- CMD="openssl ca -in ${X509_PROX_REQ} \
- -cert ${X509_SIGNING_CERT} \
- -keyfile ${X509_SIGNING_KEY} \
- -out ${X509_PROX_CERT} \
- -outdir $tmpdir \
- -preserveDN \
- -config ${REQ_CONFIG_FILE} -md md5 -days ${validity} -batch \
- -passin pass:${PASSWORD} -notext"
- echo $CMD; $CMD
-
- if [ $? != 0 ]; then
- echo Proxy certificate signing failed!
- exit 1
- fi
-
- # Add the user and proxy certs and the proxy private key to the keystore
- CMD="openssl pkcs12 -in ${X509_PROX_CERT} \
- -out ${filebase}.proxy.proxy.p12 -export \
- -inkey ${X509_PROX_KEY} \
- -passin pass:${PASSWORD} -passout pass:${PASSWORD} \
- -name \"${catype} proxy certificate\" -certfile ${X509_SIGNING_CERT}"
-
- echo $CMD; eval $CMD
-
- # Create a grid proxy file...
- # Copy the proxy cert to the grid proxy file.
- cp ${X509_PROX_CERT} ${X509_PROX_GRID}
-
- if [ $? != 0 ]; then
- echo Proxy file generation failed!
- exit 1
- fi
-
- # Now add the proxy private key to the grid proxy file.
- openssl rsa -in ${X509_PROX_KEY} -passin pass:${PASSWORD} >> ${X509_PROX_GRID}
-
- if [ $? != 0 ]; then
- echo Proxy file generation failed!
- exit 1
- fi
-
- # Now add the original certificate used to sign the request to the proxy file.
- # In this case it is the proxy certificate!
- openssl x509 -in ${X509_SIGNING_CERT} >> ${X509_PROX_GRID}
+ ending="grid_proxy"
+ create_cert_proxy $1.$6 "$2" $3 "$4" $5
+
+# echo Appending $1.cert to "$1.$3.$6.$ending"
# adding in the original certificate to the chain. 03/06/05
- openssl x509 -in ${filebase}.cert >> ${X509_PROX_GRID}
+ CMD="openssl x509 -in $1.cert >> \"$1.$3.$6.$ending\""
+ echo "$CMD"; eval "$CMD"
if [ $? != 0 ]; then
echo Proxy file generation failed!
exit 1
fi
-
- chmod 600 ${X509_PROX_GRID}
-
-# cp ${CA_DIR}/serial_proxy.txt ${CA_DIR}/serial.txt
- # copy the normal cert files back
- cp ${CA_DIR}/index_cert_save.txt ${CA_DIR}/index.txt
- cp ${CA_DIR}/serial_cert_save.txt ${CA_DIR}/serial.txt
-
- # Clean up stuff
- # rm ${CA_DIR}/serial_proxy.txt ${CA_DIR}/index_proxy.txt \
- # ${X509_PROX_REQ} ${X509_PROX_CERT} ${X509_PROX_KEY} \
- # ${X509_SIGNING_CERT} ${X509_SIGNING_KEY} ${X509_SIGNING_REQ}
}
function create_voms {
}
-function create_bad {
-
- # generating a signing_policy file
- subject_name=`openssl x509 -in $CA_DIR/${catype}.cert -subject -noout| sed 's/^subject= //'`
- cat <<EOF > $CA_DIR/${catype}.signing_policy
-# Signing policy file for the $subject_name"
-access_id_CA X509 '${subject_name}'
-pos_rights globus CA:sign
-cond_subjects globus '"$(echo "${subject_name}" | sed -e 's#/CN=.*$##')/*"'
-EOF
-
- cat <<EOF > $CA_DIR/${catype}.namespaces
-# Namespace for the $subject_name"
-TO Issuer "${subject_name}" \
- PERMIT Subject "$(echo "${subject_name}" | sed -e 's#/CN=.*$##')/*"
-
-EOF
-
-}
-
-
-
# create all certificates
function create_all {
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_dnerror "dnerror proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_lim "limited proxy" $PROXY_VALIDITY
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_dnerror "dnerror proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_lim "limited proxy" $PROXY_VALIDITY proxy
+
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy_dnerror
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_dnerror "dnerror proxy" $PROXY_VALIDITY proxy_dnerror
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_lim "limited proxy" $PROXY_VALIDITY proxy_dnerror
+
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy_lim
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_dnerror "dnerror proxy" $PROXY_VALIDITY proxy_lim
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_lim "limited proxy" $PROXY_VALIDITY proxy_lim
+
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy_exp
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
TYPE="clientbaddn"
CTYPE="client with bad DN"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy
TYPE="clientfuture"
CTYPE="client future"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy
TYPE="clientserial"
CTYPE="client serial"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy
TYPE="clientemail"
CTYPE="client email"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDIT $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDIT $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
TYPE="clientuid"
CTYPE="client UID"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
TYPE="fclient"
CTYPE="flag client"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
TYPE="bigclient"
CTYPE="bigclient"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS 4096
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
TYPE="verybigclient"
CTYPE="very big client"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS 8192
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
TYPE="server"
CTYPE="server"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
TYPE="host"
CTYPE="$HOSTNAME"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
TYPE="none"
CTYPE="none"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "expired proxy" -1
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy_exp "expired proxy" -1 proxy_exp
+ create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp
# create certs with valid proxies, but expired user certs
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
TYPE="fclient_exp"
CTYPE="flag client expired"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
TYPE="server_exp"
CTYPE="flag server expired"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
TYPE="clientserver_exp"
CTYPE="clientserver expired"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
TYPE="none_exp"
CTYPE="none expired"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
# Create revoked certificates with otherwise valid proxies
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
TYPE="fclient_rev"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
TYPE="server_rev"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
TYPE="clientserver_rev"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
TYPE="none_rev"
create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS
create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
- create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_proxy "proxy" $PROXY_VALIDITY proxy
+ create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE
# some extra certificates
git://scientific.zcu.cz / glite-security-test-utils.git / commitdiff