Changes made for bug number 6743. CA certs are now copied to /etc/grid-security/certi...

author John White <John.White@cern.ch>

Wed, 2 Mar 2005 14:36:49 +0000 (14:36 +0000)

committer John White <John.White@cern.ch>

Wed, 2 Mar 2005 14:36:49 +0000 (14:36 +0000)
author John White <John.White@cern.ch>
Wed, 2 Mar 2005 14:36:49 +0000 (14:36 +0000)
committer John White <John.White@cern.ch>
Wed, 2 Mar 2005 14:36:49 +0000 (14:36 +0000)
diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh

index d0f7098..ec8304c 100755 (executable)
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -485,6 +485,15 @@ function create_all_test {
  
  ############################## main ################################
  
+# check the certificate directory...
+
+if [ -! -z $X509_CERT_DIR ]
+then
+    echo "Certificate directory set to $X509_CERT_DIR";
+else
+    X509_CERT_DIR="/etc/grid-security/certificates";
+    echo "Certificate directory set to $X509_CERT_DIR";
+fi
  if [ "$1" == "--all" ]; then
      CATYPES='trusted fake big expired'
      ALL='yes'
@@ -554,6 +563,41 @@ for catype in $CATYPES; do
         fi
      fi
  
+    if [ $catype != "fake" ]
+    then
+        # Let's make the signing policy file and put it in the right place.
+        # Don't do this for the fake CA
+        subject_name=`openssl x509 -in $CA_DIR/${catype}.cert -subject -noout`; ## echo "Subject name = ${subject_name:9}";
+        # pick off the first 9 characters of the string... this will give our raw subject. see above.
+        # Now have to construct the signing policy file....
+        echo "access_id_CA      X509       '${subject_name:9}'" > /tmp/temporary_signing_policy.file
+        echo "pos_rights        globus        CA:sign"          >> /tmp/temporary_signing_policy.file
+        # we now have a request to copy the CA certificates to a globus-friendly location.
+        # eg. /etc/grid-security/certificates
+        hash_number=`openssl x509 -in $CA_DIR/${catype}.cert -hash -noout`
+        # now copy the CA cert to /etc/grid-security/certificates
+        # check to make sure /etc/grid-security/certificates exists...
+        if [ -d $X509_CERT_DIR ]
+        then
+            cp $CA_DIR/${catype}.cert $X509_CERT_DIR/${hash_number}.0
+           result=$?
+           if [ $result -ne 0 ];then
+               echo "The copying of ${CA_DIR}/${catype}.cert to \
+                      $X509_CERT_DIR/${hash_number}.0 failed with error code $result";
+           fi
+            cp /tmp/temporary_signing_policy.file $X509_CERT_DIR/${hash_number}.signing_policy
+           result=$?
+           if [ $result -ne 0 ];then
+               echo "The copying of /tmp/temporary_signing_policy.file to \
+                      $X509_CERT_DIR/${hash_number}.signing_policy failed with error code $result";
+           fi
+            rm /tmp/temporary_signing_policy.file
+        else
+            echo "The standard globus directory $X509_CERT_DIR does not exist!";
+            echo "Therefore I cannot copy the CA certificates etc to this directory. Continuing anyway...";
+        fi    
+    fi
+
      mkdir -p $CERT_DIR
  
      if [ -n "$ALL" ]; then
author	John White <John.White@cern.ch>
	Wed, 2 Mar 2005 14:36:49 +0000 (14:36 +0000)
committer	John White <John.White@cern.ch>
	Wed, 2 Mar 2005 14:36:49 +0000 (14:36 +0000)