From: Akos Frohner <akos.frohner@cern.ch>
Date: Thu, 4 May 2006 14:33:27 +0000 (+0000)
Subject: generic update for better handling of temporary files
X-Git-Tag: glite-security-test-utils_R_1_6_0~21
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=c1c6d2bb98107f364e8a243160a1bd228e9fb2a7;p=glite-security-test-utils.git

generic update for better handling of temporary files
---

diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh
index 1306d5d..f750b74 100755
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -55,7 +55,7 @@ function create_cert {
         client|server|clientserver|fclient|none)
             echo "Generating a $flags certificate"
             echo $CA_DIR
-            CMD="openssl ca -in $filebase.req -out $filebase.cert -outdir tmp \
+            CMD="openssl ca -in $filebase.req -out $filebase.cert -outdir $tmpdir \
                          -md md5 -config $CA_CONF -batch -extensions ca_$flags -days $validity"
             echo $CMD; $CMD
             ;;
@@ -67,7 +67,7 @@ function create_cert {
     # Get the serial number of the certificate that will eventually sign the proxy.
     # Put it into a temporary file to be read by the ca command later.
 
-        SERIAL="`openssl x509 -in ${filebase}.cert -noout -serial | sed 's/^serial=//'`"
+        SERIAL=$(openssl x509 -in ${filebase}.cert -noout -serial | sed 's/^serial=//')
         echo ${SERIAL} > ${CA_DIR}/serial_proxy.txt
         # cat ${CA_DIR}/serial_proxy.txt
 
@@ -88,6 +88,7 @@ function create_cert_proxy {
     export PROXYNAME=$4
     validity=$5
 
+
 #   create_cert_proxy $CERT_DIR/${catype}_client "$catype client" proxy "proxy" 1
 #   create_cert_proxy $CERT_DIR/${catype}_client "$catype client" proxy_exp "expired proxy" -1
 
@@ -106,6 +107,13 @@ function create_cert_proxy {
     echo "         in files named $filebase.(cert|priv)"
     echo "         with $validity days validity time"
 
+    if [ -r "${X509_PROX_CERT}" ]; then
+        echo "There already exists a file named ${X509_PROX_CERT}"
+        echo "file. Proxy certificate is not generated for '$CN'"
+        return 
+    fi
+
+
     # Have to 'edit' the ca database to remove the entry for the signing certificate.
     # maybe no need... make a dummy database, touch and then delete afterwards...
     touch ${CA_DIR}/index_proxy.txt
@@ -125,7 +133,7 @@ function create_cert_proxy {
                     -cert ${X509_SIGNING_CERT} \
                     -keyfile ${X509_SIGNING_KEY} \
                     -out ${X509_PROX_CERT} \
-                    -outdir . \
+                    -outdir $tmpdir \
                     -config ${CA_PROXY_CONF} -md md5 -days ${validity} -batch \
                     -passin pass:${PASSWORD} -notext \
                     -extensions proxy_none "
@@ -184,6 +192,12 @@ function create_cert_proxy_proxy {
     X509_PROX_REQ=${filebase}.${ident}.proxy.req
     X509_PROX_GRID=${filebase}.${ident}.${ending}
 
+    if [ -r "${X509_PROX_CERT}" ]; then
+        echo "There already exists a file named ${X509_PROX_CERT}"
+        echo "file. Proxy-proxy certificate is not generated for '$CN'"
+        return 
+    fi
+
     # Get the serial number of the certificate that will eventually sign the proxy.
     # Put it into a temporary file to be read by the ca command later.
     # SERIAL="`openssl x509 -in ${X509_SIGNING_CERT} -noout -serial | sed 's/^serial=//'`"
@@ -208,7 +222,7 @@ function create_cert_proxy_proxy {
                     -cert ${X509_SIGNING_CERT} \
                     -keyfile ${X509_SIGNING_KEY} \
                     -out ${X509_PROX_CERT} \
-                    -outdir . \
+                    -outdir $tmpdir \
                     -config ${CA_PROXY_CONF} -md md5 -days ${validity} -batch \
                     -passin pass:${PASSWORD} -notext \
                     -extensions proxy_none "
@@ -249,7 +263,7 @@ function create_cert_proxy_proxy {
 function create_some {
 
     # generating client certificate
-    create_cert $CERT_DIR/${catype}_client "$LOGNAME client" client $DAYS
+    create_cert $CERT_DIR/${catype}_client "$LOGNAME" client $DAYS
 
     # generate extra client certificates
     if [ -n "$EXTRACERTS" ]; then
@@ -260,7 +274,7 @@ function create_some {
     fi
     
     # generating host certificate
-    create_cert $CERT_DIR/${catype}_server "$HOSTNAME server" server $DAYS
+    create_cert $CERT_DIR/${catype}_server "$HOSTNAME" server $DAYS
 
     # generating CRL
     openssl ca -gencrl -crldays 10000 -out $CA_DIR/${catype}.crl -config $CA_CONF
@@ -278,8 +292,8 @@ function create_some {
     if [ ! -d 'home' ]; then
         mkdir 'home'
     fi
-    cp $CERT_DIR/${catype}_client.cert home/usercert.pem
-    cp $CERT_DIR/${catype}_client.priv home/userkey.pem
+    cp -f $CERT_DIR/${catype}_client.cert home/usercert.pem
+    cp -f $CERT_DIR/${catype}_client.priv home/userkey.pem
     # set the correct permissions for globus...
     chmod 400 home/userkey.pem
 
@@ -287,8 +301,8 @@ function create_some {
     if [ -n "$EXTRACERTS" ]; then
         echo "Copying '$EXTRACERTS' extra certs"
         for i in $(seq -f '%02g' 1 $EXTRACERTS); do
-            cp $CERT_DIR/${catype}_client$i.cert home/usercert$i.pem
-            cp $CERT_DIR/${catype}_client$i.priv home/userkey$i.pem
+            cp -f $CERT_DIR/${catype}_client$i.cert home/usercert$i.pem
+            cp -f $CERT_DIR/${catype}_client$i.priv home/userkey$i.pem
             # set the correct permissions for globus...
             chmod 400 home/userkey$i.pem
         done
@@ -598,11 +612,13 @@ fi
 echo "Certificate directory set to $X509_CERT_DIR";
 
 cd $TARGETDIR
-echo "Current directory now: `pwd`"
+echo "Current directory now: $PWD"
 echo "Config directory now: ${CONFIGDIR}"
 
-mkdir -p tmp
-ABSTARGETDIR=$(pwd)
+tmpdir=$PWD/tmp
+mkdir -p $tmpdir
+trap "rm -rf $tmpdir" EXIT
+ABSTARGETDIR=$PWD
 
 for catype in $CATYPES; do
     echo "+-----------------------"
@@ -650,8 +666,8 @@ for catype in $CATYPES; do
         subject_name=`openssl x509 -in $CA_DIR/${catype}.cert -subject -noout`; ## echo "Subject name = ${subject_name:9}";
         # pick off the first 9 characters of the string... this will give our raw subject. see above.
         # Now have to construct the signing policy file....
-        echo "access_id_CA      X509       '${subject_name:9}'" > /tmp/temporary_signing_policy.file
-        echo "pos_rights        globus        CA:sign"          >> /tmp/temporary_signing_policy.file
+        echo "access_id_CA      X509       '${subject_name:9}'" > $tmpdir/temporary_signing_policy.file
+        echo "pos_rights        globus        CA:sign"          >> $tmpdir/temporary_signing_policy.file
         # we now have a request to copy the CA certificates to a globus-friendly location.
         # eg. /etc/grid-security/certificates
         hash_number=`openssl x509 -in $CA_DIR/${catype}.cert -hash -noout`
@@ -665,13 +681,13 @@ for catype in $CATYPES; do
 	        echo "The copying of ${CA_DIR}/${catype}.cert to \
                       $X509_CERT_DIR/${hash_number}.0 failed with error code $result";
 	    fi
-            cp /tmp/temporary_signing_policy.file $X509_CERT_DIR/${hash_number}.signing_policy
+            cp $tmpdir/temporary_signing_policy.file $X509_CERT_DIR/${hash_number}.signing_policy
 	    result=$?
 	    if [ $result -ne 0 ];then
-	        echo "The copying of /tmp/temporary_signing_policy.file to \
+	        echo "The copying of $tmpdir/temporary_signing_policy.file to \
                       $X509_CERT_DIR/${hash_number}.signing_policy failed with error code $result";
 	    fi
-            rm /tmp/temporary_signing_policy.file
+            rm $tmpdir/temporary_signing_policy.file
         else
             echo "The standard globus directory $X509_CERT_DIR does not exist!";
             echo "Therefore I cannot copy the CA certificates etc to this directory. Continuing anyway...";
@@ -687,8 +703,3 @@ for catype in $CATYPES; do
     fi
 done
 
-
-# cleaning up temp
-rm tmp/*.pem
-rmdir tmp
-