From: Akos Frohner <akos.frohner@cern.ch>
Date: Tue, 2 Aug 2005 08:43:34 +0000 (+0000)
Subject: generating extra user certificates for authorization tests
X-Git-Tag: GLITE_RELEASE_1_5_1~3
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=dd5c9c61398d3fa2f77b122f6c9a942df8ffa07d;p=glite-security-test-utils.git

generating extra user certificates for authorization tests
---

diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh
index 02ff885..40be21b 100755
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 #
 # Copyright (c) Members of the EGEE Collaboration. 2004.
@@ -248,9 +248,18 @@ function create_cert_proxy_proxy {
 
 # create some certificates and copy them to convenient locations
 function create_some {
+
     # generating client certificate
     create_cert $CERT_DIR/${catype}_client "$LOGNAME client" client $DAYS
 
+    # generate extra client certificates
+    if [ -n "$EXTRACERTS" ]; then
+        echo "Generating '$EXTRACERTS' extra certs"
+        for i in $(seq -f '%02g' 1 $EXTRACERTS); do
+            create_cert $CERT_DIR/${catype}_client$i "$LOGNAME client$i" client $DAYS
+        done
+    fi
+    
     # generating host certificate
     create_cert $CERT_DIR/${catype}_server "$HOSTNAME server" server $DAYS
 
@@ -274,6 +283,17 @@ function create_some {
     cp $CERT_DIR/${catype}_client.priv home/userkey.pem
     # set the correct permissions for globus...
     chmod 400 home/userkey.pem
+
+    # copy extra certificates
+    if [ -n "$EXTRACERTS" ]; then
+        echo "Copying '$EXTRACERTS' extra certs"
+        for i in $(seq -f '%02g' 1 $EXTRACERTS); do
+            cp $CERT_DIR/${catype}_client$i.cert home/usercert$i.pem
+            cp $CERT_DIR/${catype}_client$i.priv home/userkey$i.pem
+            # set the correct permissions for globus...
+            chmod 400 home/userkey$i.pem
+        done
+    fi
 }
 
 # create all certificates
@@ -508,17 +528,54 @@ function create_all_test {
 
 ############################## main ################################
 
-if [ "$1" == "--all" ]; then
-    CATYPES='trusted fake big expired'
-    ALL='yes'
-    shift
-else
-    CATYPES='trusted'
-fi
+USAGE="$0 [--help] [--all] [--some] [--extra #extra-user-certs]"
+
+TEMP=$(getopt -o hase: --long help,all,some,extra: -- "$@")
+eval set -- "$TEMP"
+
+# by default do not create all variations of certificates
+ALL='no'
+# by default only create trusted certificates
+CATYPES='trusted'
+# by default do not create extra user certificates
+unset EXTRACERTS
+
+while true; do
+    case "$1" in
+        -a|--all)
+            ALL='yes'
+            CATYPES='trusted fake big expired'
+            shift
+            ;;
+        -s|--some)
+            ALL='no'
+            CATYPES='trusted'
+            shift
+            ;;
+        -e|--extra)
+            shift
+            EXTRACERTS=$1
+            shift
+            ;;
+        -h|--help)
+            echo $USAGE
+            exit
+            ;;
+        --)
+            # end of options
+            shift
+            break
+            ;;
+        *)
+            echo "Error: unknown option '$1'"
+            echo $USAGE
+            exit 1
+    esac
+done
 
 #define all used dirs    
 TARGETDIR=$1
-MODULEDIR=$(dirname $0)/..
+MODULEDIR=$(cd $(dirname $0)/..; pwd)
 CONFIGDIR=$MODULEDIR/test
 
 export PASSWORD='changeit'
@@ -624,7 +681,7 @@ for catype in $CATYPES; do
 
     mkdir -p $CERT_DIR
 
-    if [ -n "$ALL" ]; then
+    if [ "$ALL" = "yes" ]; then
         create_all
     else
         create_some
diff --git a/build.xml b/build.xml
index cbbc5d1..cecfd5e 100644
--- a/build.xml
+++ b/build.xml
@@ -103,14 +103,17 @@
 
     <target name="stage" depends="envcheck">
         <!--
-           By setting empty value to this property in a user's 
-           glite.build.properties file, one can skip the generation
-           of all the certificates, and have only the ones necessary
-           for simple client-server tests.
+            [for historical reasons the name remains, but functionality changed]
+            The glite.security.stage.all.certs property can be used to pass 
+            command line arguments to the certificate generator script. 
+            
+            By default -all option is passed to generate all test certificates.
+            One can also use the - -some option to generate only some the ones 
+            necessary for simple client-server tests. With the - -extra # option
+            one can request the generation of some extra user certificates.
          -->
         <property name="glite.security.stage.all.certs" value="--all"/>
         <echo>Staging test certificates to:</echo>
-        <echo>${stage.dir}/share/test/certificates</echo>
         <exec  executable="${module.dir}/bin/generate-test-certificates.sh">  
             <arg line="${glite.security.stage.all.certs} ${stage.dir}/share/test/certificates"/>
         </exec>