if [ "$1" == "--all" ]; then
CATYPES='trusted'
- #CATYPES='trusted fake big expired'
+ ## CATYPES='trusted fake big expired'
ALL='yes'
shift
else
return
fi
- openssl req -out $filebase.req -new -keyout $filebase.priv -config $REQ_CONFIG_FILE
+ CMD="openssl req -out $filebase.req -new -keyout $filebase.priv -config $REQ_CONFIG_FILE"
+ echo $CMD; $CMD;
case $flags in
client|server|clientserver|fclient|none)
echo "Generating a $flags certificate"
- openssl ca -in $filebase.req -out $filebase.cert -outdir tmp \
- -md md5 -config $CA_CONF -batch -extensions ca_$flags -days $validity
+ echo $CA_DIR
+ CMD="openssl ca -in $filebase.req -out $filebase.cert -outdir tmp \
+ -md md5 -config $CA_CONF -batch -extensions ca_$flags -days $validity"
+ echo $CMD; $CMD
;;
*)
echo "Unknown flags: $flags"
function create_cert_proxy {
filebase=$1
+ export FILEBASE=${filebase}
export CN=$2
ending=$3
export PROXYNAME=$4
echo " in files named $filebase$ending.(cert|priv)"
echo " with $validity days validity time"
- #TODO: write the body
+ CMD="openssl req -out ${filebase}.proxy.req -new -keyout ${filebase}.proxy.priv \
+ -config ${REQ_PROXY_CONFIG_FILE}"
+ echo $CMD; $CMD
+ CMD="openssl ca -in ${filebase}.proxy.req -cert ${filebase}.cert \
+ -keyfile ${filebase}.priv \
+ -out ${filebase}.proxy.cert \
+ -outdir . \
+ -config ${CA_CONF} -md md5 -days 2 -batch \
+ -verbose -passin pass:${PASSWORD}"
+ echo $CMD; $CMD
+ openssl x509 -in ${filebase}.proxy.cert -text > ${filebase}.proxy.cert.tmp
+ cp ${filebase}.proxy.cert.tmp ${filebase}.proxy.cert
+
+ openssl pkcs12 -in ${filebase}.proxy.cert.tmp -out ${filebase}.proxy.p12 -export \
+ -inkey ${filebase}.proxy.priv -passin pass:$PASSWORD -passout pass:$PASSWORD \
+ -name "${catype} proxy certificate" -certfile ${filebase}.cert
+
+ cp ${filebase}.proxy.cert ${filebase}.grid_proxy
+ openssl rsa -in ${filebase}.proxy.priv -passin pass:$PASSWORD >> ${filebase}.grid_proxy
+ cat ${filebase}.cert >> ${filebase}.grid_proxy
+
}
function create_cert_proxy_proxy {
# create some certificates and copy them to convenient locations
function create_some {
- # generating host certificate
+ # generating client certificate
create_cert $CERT_DIR/${catype}_client "$LOGNAME client" client $DAYS
- # generating client certificate
+ # generating host certificate
create_cert $CERT_DIR/${catype}_server "$HOSTNAME server" server $DAYS
# generating CRL
# create all certificates
function create_all {
+
+ # If we have the trusted CA, then generate a user cert/key pair
+ # And also a host cert/key pair.
+
+ if [ "$catype" == "trusted" ]; then
+ # Create a user and host certificate
+ create_cert $CERT_DIR/${catype}_client "$LOGNAME" client $DAYS
+ create_cert $CERT_DIR/${catype}_server "$HOSTNAME" server $DAYS
+ # And put them in the stage directory.
+ cp $CERT_DIR/${catype}_client.cert ../../../usercert.pem
+ cp $CERT_DIR/${catype}_client.priv ../../../userkey.pem
+ cp $CERT_DIR/${catype}_server.cert ../../../hostcert.pem
+ cp $CERT_DIR/${catype}_server.priv ../../../hostkey.pem
+ fi
+
# create valid certs with proxies
create_cert $CERT_DIR/${catype}_client "$catype client" client $DAYS
create_cert_proxy $CERT_DIR/${catype}_client "$catype client" _proxy "proxy" $DAYS
# generating CRL
openssl ca -gencrl -crldays 10000 -out $CA_DIR/${catype}.crl -config $CA_CONF
+
}
############################## main ################################
BASEDIR="$BASEDIR/share/test/certificates"
mkdir -p $BASEDIR
cd $BASEDIR
+echo "Current directory now: `pwd`"
mkdir -p tmp
ABSBASEDIR=$(pwd)
continue
fi
if [ -d "$CA_DIR" ]; then
- echo "CA directory already exists: $CA_DIR"
+ echoclean "CA directory already exists: $CA_DIR"
else
cp -a $CONFIGDIR/${catype}-ca $CA_DIR
fi
# cleaning up temp
rm tmp/*.pem
+rmdir tmp
git://scientific.zcu.cz / glite-security-test-utils.git / commitdiff