Simplified the generation of signing_policy file for the Globus clients.

diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh
index cb8156e..fa64a58 100755 (executable)
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -332,6 +332,15 @@ function create_some {
     hash=$(openssl x509 -hash -noout -in $CA_DIR/${catype}.cert)
     cp $CA_DIR/${catype}.cert grid-security/certificates/${hash}.0
     cp $CA_DIR/${catype}.crl grid-security/certificates/${hash}.r0
+    # generating a signing_policy file
+    subject_name=$(openssl x509 -in $CA_DIR/${catype}.cert -subject -noout)
+    cat <<EOF >grid-security/certificates/${hash}.signing_policy
+# Signing policy file for the $(echo "$subject_name" | sed -e 's#^.*/CN=##')
+access_id_CA            X509    '${subject_name:9}'
+pos_rights              globus  CA:sign
+cond_subjects           globus  '"$(echo "${subject_name:9}" | sed -e 's#/CN=.*$##')/*"'
+EOF
+
     cp $CERT_DIR/${catype}_server.cert grid-security/hostcert.pem
     openssl rsa -passin pass:$PASSWORD -in $CERT_DIR/${catype}_server.priv -out grid-security/hostkey.pem
     
@@ -698,44 +707,13 @@ for catype in $CATYPES; do
         cp -a $CONFIGDIR/${catype}-ca $CA_DIR
         result=$?
         if [ $result -ne 0 ];then
-            echo The copying of CA ${catype} failed with error code $result
+            echo "The copying of CA ${catype} failed with error code $result"
             exit -1
         fi
-    fi
-
-    if [ $catype != "fake" ]
-    then
-        # Let's make the signing policy file and put it in the right place.
-        # Don't do this for the fake CA
-        subject_name=`openssl x509 -in $CA_DIR/${catype}.cert -subject -noout`; ## echo "Subject name = ${subject_name:9}";
-        # pick off the first 9 characters of the string... this will give our raw subject. see above.
-        # Now have to construct the signing policy file....
-        echo "access_id_CA      X509       '${subject_name:9}'" > $tmpdir/temporary_signing_policy.file
-        echo "pos_rights        globus        CA:sign"          >> $tmpdir/temporary_signing_policy.file
-        # we now have a request to copy the CA certificates to a globus-friendly location.
-        # eg. /etc/grid-security/certificates
-        hash_number=`openssl x509 -in $CA_DIR/${catype}.cert -hash -noout`
-        # now copy the CA cert to /etc/grid-security/certificates
-        # check to make sure /etc/grid-security/certificates exists...
-        if [ -d $X509_CERT_DIR ]
-        then
-            cp $CA_DIR/${catype}.cert $X509_CERT_DIR/${hash_number}.0
-            result=$?
-            if [ $result -ne 0 ];then
-                echo "The copying of ${CA_DIR}/${catype}.cert to \
-                          $X509_CERT_DIR/${hash_number}.0 failed with error code $result";
-            fi
-            cp $tmpdir/temporary_signing_policy.file $X509_CERT_DIR/${hash_number}.signing_policy
-            result=$?
-            if [ $result -ne 0 ];then
-                echo "The copying of $tmpdir/temporary_signing_policy.file to \
-                          $X509_CERT_DIR/${hash_number}.signing_policy failed with error code $result";
-            fi
-            rm $tmpdir/temporary_signing_policy.file
-        else
-            echo "The standard globus directory $X509_CERT_DIR does not exist!";
-            echo "Therefore I cannot copy the CA certificates etc to this directory. Continuing anyway...";
-        fi    
+        # remove the CVS dir, if it was copied...
+        if [ -d "$CA_DIR/CVS" ]; then
+            rm -rf "$CA_DIR/CVS"
+        fi
     fi
 
     mkdir -p $CERT_DIR