From 4a9f75c5f8092584b0899b31531e3b5792d44927 Mon Sep 17 00:00:00 2001
From: Akos Frohner <akos.frohner@cern.ch>
Date: Thu, 28 Oct 2004 02:49:00 +0000
Subject: [PATCH] without ca certs

---
 bin/generate-ca-certificates-for-cvs.sh |  72 +++++++++
 bin/generate-test-certificates.sh       | 253 +++++++++++++++++++++++++++-----
 build.xml                               | 100 +++++++++++++
 config/ca_conf.cnf                      |   4 +-
 doc/README                              | 157 +++++++-------------
 project/build.properties                |   3 +
 project/configure.properties.xml        |  40 +++++
 project/properties.xml                  |  77 ++++++++++
 project/version.properties              |   4 +
 9 files changed, 563 insertions(+), 147 deletions(-)
 create mode 100755 bin/generate-ca-certificates-for-cvs.sh
 create mode 100644 build.xml
 create mode 100644 project/build.properties
 create mode 100644 project/configure.properties.xml
 create mode 100644 project/properties.xml
 create mode 100644 project/version.properties

diff --git a/bin/generate-ca-certificates-for-cvs.sh b/bin/generate-ca-certificates-for-cvs.sh
new file mode 100755
index 0000000..0c429cc
--- /dev/null
+++ b/bin/generate-ca-certificates-for-cvs.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+
+#
+# Copyright (c) Members of the EGEE Collaboration. 2004.
+# See http://public.eu-egee.org/partners/ for details on 
+# the copyright holders.
+# For license conditions see the license file or
+# http://eu-egee.org/license.html
+#
+# Authors: 
+#      Joni Hahkala <Joni.Hahlaka@cern.ch>
+#      Akos Frohner <Akos.Frohner@cern.ch>
+#
+
+
+CONFIGDIR=$PWD/$(dirname $0)/../config
+BASEDIR=$PWD/$(dirname $0)/../test
+CONFIGFILES="index.txt serial.txt ca_conf.cnf req_conf.cnf req_proxy_conf.cnf req_proxy_proxy_conf.cnf"
+export PASSWORD='changeit'
+CATYPES='trusted fake big expired'
+
+function create_ca {
+    catype=$1
+    CADIR=${catype}-ca
+    if [ ! -f ${CADIR}/serial.txt ]; then
+        mkdir -p ${CADIR}
+        cd ${CADIR}
+        for config in ${CONFIGFILES}; do
+            cp $CONFIGDIR/$config .
+        done
+
+        if [ "$catype" = "big" ]; then
+            export BITS=4096
+        else
+            export BITS=1024
+        fi
+
+        if [ "$catype" = "expired" ]; then
+            DAYS='-days -1'
+        else
+            DAYS='-days 10000'
+        fi
+
+        export CN="the $catype CA"
+        openssl req -new -x509 -out ${catype}.cert $DAYS -nodes \
+            -keyout ${catype}.priv -config req_conf.cnf 
+        openssl pkcs12 -export -in ${catype}.cert -inkey ${catype}.priv \
+            -out ${catype}.p12 -passin "pass:$PASSWORD" -passout "pass:$PASSWORD"
+        echo -n "Generated CA certificate with "
+        openssl x509 -noout -subject -in ${catype}.cert
+    fi
+}
+
+############################## main ################################
+
+if [ "$1" != "--i-know-what-i-am-doing" ]; then
+    echo "Please read the README file before executing this command!"
+    exit -1
+fi
+
+mkdir -p $BASEDIR
+cd $BASEDIR
+ABSBASEDIR=$(pwd)
+
+for catype in $CATYPES; do
+    echo "+-----------------------"
+    echo "| $catype"
+    echo "+-----------------------"
+    create_ca $catype
+    cd $ABSBASEDIR
+done
+
diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh
index 43fc707..e864eab 100755
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -12,63 +12,240 @@
 #      Akos Frohner <Akos.Frohner@cern.ch>
 #
 
+if [ "$1" == "--all" ]; then
+    CATYPES='trusted'
+    #CATYPES='trusted fake big expired'
+    ALL='yes'
+    shift
+else
+    CATYPES='trusted'
+fi
+    
 BASEDIR=$1
 
-CONFIGDIR=$PWD/$(dirname $0)/../config
-CONFIGFILES="index.txt serial.txt ca_conf.cnf req_conf.cnf req_proxy_conf.cnf req_proxy_proxy_conf.cnf"
+CONFIGDIR=$PWD/$(dirname $0)/../test
 export PASSWORD='changeit'
-CATYPES='trusted fake big expired'
-
-function create_ca {
-    catype=$1
-    CADIR=ca-${catype}
-    if [ ! -f ${CADIR}/serial.txt ]; then
-        mkdir -p ${CADIR}
-        cd ${CADIR}
-        for config in ${CONFIGFILES}; do
-            cp $CONFIGDIR/$config .
-        done
-
-        if [ "$catype" = "big" ]; then
-            export BITS=4096
-        else
-            export BITS=1024
-        fi
-
-        if [ "$catype" = "expired" ]; then
-            DAYS='-days -1'
-        else
-            DAYS='-days 10000'
-        fi
-
-        export CN="the $catype CA"
-        openssl req -new -x509 -out ca-${catype}.cert $DAYS -nodes \
-            -keyout ca-${catype}.priv -config req_conf.cnf 
-        openssl pkcs12 -export -in ca-${catype}.cert -inkey ca-${catype}.priv \
-            -out ca-${catype}.p12 -passin "pass:$PASSWORD" -passout "pass:$PASSWORD"
-        echo -n "Generated CA certificate with "
-        openssl x509 -noout -subject -in ca-${catype}.cert
+DAYS=10000
+
+# generating the PKCS#12 format
+function create_p12 {
+    name=$1
+    echo "Generating PKCS#12 format for $name.(cert|priv)"
+    openssl pkcs12 -in $name.cert -out $name.p12 -export -inkey $name.priv \
+        -passin pass:$PASSWORD -passout pass:$PASSWORD
+}
+
+function create_cert {
+    filebase=$1
+    export CN=$2
+    flags=$3
+    validity=$4
+    echo "Creating a cert for '$CN' in files named $filebase.(cert|priv)"
+    echo "                with $flags flags and $validity days validity time"
+
+    if [ -r "$filebase.cert" -o -r "$filebase.priv" ]; then
+        echo "There already exists a file named $filebase.cert or $filebase.priv"
+        echo "file. Certificate is not generated for '$CN'"
+        return 
     fi
+
+    openssl req -out $filebase.req -new -keyout $filebase.priv -config $REQ_CONFIG_FILE
+
+    case $flags in
+        client|server|clientserver|fclient|none)
+            echo "Generating a $flags certificate"
+            openssl ca -in $filebase.req -out $filebase.cert -outdir tmp \
+                -md md5 -config $CA_CONF -batch -extensions ca_$flags -days $validity
+            ;;
+        *)
+            echo "Unknown flags: $flags"
+            echo "No certificate is generated."
+    esac
+
+    # some minor cleanup
+    rm $filebase.req
+
+    create_p12 $filebase
 }
 
-############################## main ################################
+function create_cert_proxy {
+    filebase=$1
+    export CN=$2
+    ending=$3
+    export PROXYNAME=$4
+    validity=$5
+    echo "Creating a proxy cert for '$CN/CN=$PROXYNAME'"
+    echo "         in files named $filebase$ending.(cert|priv)"
+    echo "         with $validity days validity time"
+
+    #TODO: write the body
+}
+
+function create_cert_proxy_proxy {
+    filebase=$1
+    export CN=$2
+    ending=$3
+    export PROXYNAME=$4
+    validity=$5
+    echo "Creating a proxy cert for '$CN/CN=$PROXYNAME'"
+    echo "         in files named $filebase$ending.(cert|priv)"
+    echo "         with $validity days validity time"
+
+    #TODO: write the body
+}
+
+# create some certificates and copy them to convenient locations
+function create_some {
+    # generating host certificate
+    create_cert $CERT_DIR/${catype}_client "$LOGNAME client" client $DAYS
+
+    # generating client certificate
+    create_cert $CERT_DIR/${catype}_server "$HOSTNAME server" server $DAYS
+
+    # generating CRL
+    openssl ca -gencrl -crldays 10000 -out $CA_DIR/${catype}.crl -config $CA_CONF
+
+    # make it user friendly
+    if [ ! -d 'grid-security/certificates' ]; then
+        mkdir -p 'grid-security/certificates'
+    fi
+    hash=$(openssl x509 -hash -noout -in $CA_DIR/${catype}.cert)
+    cp $CA_DIR/${catype}.cert grid-security/certificates/${hash}.0
+    cp $CA_DIR/${catype}.crl grid-security/certificates/${hash}.r0
+    cp $CERT_DIR/${catype}_server.cert grid-security/hostcert.pem
+    cp $CERT_DIR/${catype}_server.priv grid-security/hostkey.pem
+    
+    if [ ! -d 'home' ]; then
+        mkdir 'home'
+    fi
+    cp $CERT_DIR/${catype}_client.cert home/usercert.pem
+    cp $CERT_DIR/${catype}_client.priv home/userkey.pem
+}
+
+# create all certificates
+function create_all {
+    # create valid certs with proxies
+    create_cert $CERT_DIR/${catype}_client "$catype client" client $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_client "$catype client" _proxy "proxy" $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_client "$catype client" _proxy_exp "expired proxy" -1
+
+    create_cert $CERT_DIR/${catype}_fclient "$catype flag client" fclient $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_fclient "$catype flag client" _proxy "proxy" $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_fclient "$catype flag client" _proxy_exp "expired proxy" -1
+
+    create_cert $CERT_DIR/${catype}_server "$catype server" server $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_server "$catype server" _proxy "proxy" $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_server "$catype server" _proxy_exp "expired proxy" -1
+
+    create_cert $CERT_DIR/${catype}_clientserver "$catype clientserver" clientserver $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_clientserver "$catype clientserver" _proxy "proxy" $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_clientserver "$catype clientserver" _proxy_exp "expired proxy" -1
 
+    create_cert $CERT_DIR/${catype}_none "$catype none" none $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_none "$catype none" _proxy "proxy" $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_none "$catype none" _proxy_exp "expired proxy" -1
 
-if [ ! -d "$BASEDIR" ]; then
-    echo "Error: no basedir is given!"
+    # create certs with valid proxies, but expired user certs
+    create_cert $CERT_DIR/${catype}_client_exp "$catype client expired" client -1
+    create_cert_proxy $CERT_DIR/${catype}_client_exp "$catype client expired" _proxy "proxy" $DAYS
+
+    create_cert $CERT_DIR/${catype}_fclient_exp "$catype flag client expired" fclient -1
+    create_cert_proxy $CERT_DIR/${catype}_fclient_exp "$catype flag client expired" _proxy "proxy" $DAYS
+
+    create_cert $CERT_DIR/${catype}_server_exp "$catype server expired" server -1
+    create_cert_proxy $CERT_DIR/${catype}_server_exp "$catype server expired" _proxy "proxy" $DAYS
+
+    create_cert $CERT_DIR/${catype}_clientserver_exp "$catype clientserver expired" clientserver -1
+    create_cert_proxy $CERT_DIR/${catype}_clientserver_exp "$catype clientserver expired" _proxy "proxy" $DAYS
+
+    create_cert $CERT_DIR/${catype}_none_exp "$catype none expired" none -1
+    create_cert_proxy $CERT_DIR/${catype}_none_exp "$catype none expired" _proxy "proxy" $DAYS
+
+    # create revoked certs
+    create_cert $CERT_DIR/${catype}_client_rev "$catype client revoked" client $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_client_rev "$catype client revoked" _proxy "proxy" $DAYS
+
+    create_cert $CERT_DIR/${catype}_fclient_rev "$catype flag client revoked" fclient $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_fclient_rev "$catype flag client revoked" _proxy "proxy" $DAYS
+
+    create_cert $CERT_DIR/${catype}_server_rev "$catype server revoked" server $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_server_rev "$catype server revoked" _proxy "proxy" $DAYS
+
+    create_cert $CERT_DIR/${catype}_clientserver_rev "$catype clientserver revoked" clientserver $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_clientserver_rev "$catype clientserver revoked" _proxy "proxy" $DAYS
+
+    create_cert $CERT_DIR/${catype}_none_rev "$catype none revoked" none $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_none_rev "$catype none revoked" _proxy "proxy" $DAYS
+
+    openssl ca -revoke $CERT_DIR/${catype}_client_rev.cert -config $CA_CONF
+    openssl ca -revoke $CERT_DIR/${catype}_fclient_rev.cert -config $CA_CONF
+    openssl ca -revoke $CERT_DIR/${catype}_server_rev.cert -config $CA_CONF
+    openssl ca -revoke $CERT_DIR/${catype}_clientserver_rev.cert -config $CA_CONF
+    openssl ca -revoke $CERT_DIR/${catype}_none_rev.cert -config $CA_CONF
+
+    # some extra certificates
+    create_cert_proxy $CERT_DIR/${catype}_client "$catype client dnerror" _proxy_dnerror "proxy" $DAYS
+    create_cert_proxy_proxy $CERT_DIR/${catype}_client_proxy "$catype client" _proxy "proxy" "proxy"  $DAYS
+    create_cert_proxy_proxy $CERT_DIR/${catype}_client_proxy "$catype client" _proxy_dnerror "proxy dnerror" "proxy" $DAYS
+
+    # generating CRL
+    openssl ca -gencrl -crldays 10000 -out $CA_DIR/${catype}.crl -config $CA_CONF
+}
+
+############################## main ################################
+
+if [ -z "$BASEDIR" ]; then
+    echo "Please specify the destination directory!"
     exit -1
 fi
 
-BASEDIR="$BASEDIR/share/test/glite-security-test-utils"
+BASEDIR="$BASEDIR/share/test/certificates"
 mkdir -p $BASEDIR
 cd $BASEDIR
+mkdir -p tmp
 ABSBASEDIR=$(pwd)
 
 for catype in $CATYPES; do
     echo "+-----------------------"
     echo "| $catype"
     echo "+-----------------------"
-    create_ca $catype
     cd $ABSBASEDIR
+
+    export CATYPE=${catype}
+    export CA_DIR=${catype}-ca
+    export CERT_DIR=${catype}-certs
+    export CA_CONF=$CA_DIR/ca_conf.cnf
+    export REQ_CONFIG_FILE=$CA_DIR/req_conf.cnf
+    export REQ_PROXY_CONFIG_FILE=$CA_DIR/req_proxy_conf.cnf
+    export REQ_PROXY_PROXY_CONFIG_FILE=$CA_DIR/req_proxy_proxy_conf.cnf
+    if [ "$catype" = "big" ]; then
+        export BITS=4096
+    else
+        export BITS=1024
+    fi
+
+    # putting the CA certificate to the right place
+    if [ ! -d "$CONFIGDIR/${catype}-ca" ]; then
+        echo "CA files are not found: $CONFIGDIR/${catype}-ca"
+        echo "Did you run 'generate-ca-certificates-for-cvs.sh'?"
+        continue
+    fi
+    if [ -d "$CA_DIR" ]; then
+        echo "CA directory already exists: $CA_DIR"
+    else
+        cp -a $CONFIGDIR/${catype}-ca $CA_DIR
+    fi
+
+    mkdir -p $CERT_DIR
+
+    if [ -n "$ALL" ]; then
+        create_all
+    else
+        create_some
+    fi
 done
 
+
+# cleaning up temp
+rm tmp/*.pem
+
diff --git a/build.xml b/build.xml
new file mode 100644
index 0000000..568890a
--- /dev/null
+++ b/build.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+	Copyright (c) 2004 on behalf of the EU EGEE Project: 
+	The European Organization for Nuclear Research (CERN), 
+	Istituto Nazionale di Fisica Nucleare (INFN), Italy
+	Datamat Spa, Italy
+	Centre National de la Recherche Scientifique (CNRS), France
+	CS Systeme d'Information (CSSI), France
+	Royal Institute of Technology, Center for Parallel Computers (KTH-PDC), Sweden
+	Universiteit van Amsterdam (UvA), Netherlands
+	University of Helsinki (UH.HIP), Finland
+	University of Bergen (UiB), Norway
+	Council for the Central Laboratory of the Research Councils (CCLRC), United Kingdom
+
+	Build file for the GLite security test-utils component
+	
+	Authors: Joachim Flammer <Joachim.Flammer@Cern.ch>
+             Akos Frohner <Akos.Frohner@cern.ch>
+	Version info: $Id$
+
+	Revision history:
+	$ Log: build.xml,v $
+-->
+
+<project name="test-utils" default="dist">
+
+	<!-- ==============================================
+	      Builds the GLite security trustmanager component
+	     ============================================== -->
+	
+	<!-- =========================================
+	      Import properties (order is important)
+	     ========================================= -->
+	
+	<!-- Import baseline properties & user properties -->
+	<import file="../org.glite/project/baseline.properties.xml" />
+
+	<!-- import component build properties,
+		        component properties &
+		        component common properties -->
+	<import file="./project/properties.xml"/>
+	
+	<!-- import subsystem build properties,
+		        subsystem properties &
+		        subsystem common properties -->
+	<import file="${subsystem.properties.file}"/>
+
+	<!-- import global build properties &
+		        global properties -->
+	<import file="${global.properties.file}" />
+		
+	<!-- =========================================
+ 	      Load dependency property files (order is important)
+	     ========================================= -->
+	<property file="${user.dependencies.file}"/>
+	<property file="${component.dependencies.file}" />
+	<property file="${subsystem.dependencies.file}" />
+	<property file="${global.dependencies.file}"/>
+
+	<!-- =========================================
+                 Load configuration definitions (order is important)
+             ========================================= -->
+        <import file="${global.configure.options.file}"/>
+        <import file="${component.configure.options.file}"/>
+	
+	<!-- =========================================
+      	      Import task definitions (order is important)
+	     ========================================= -->
+	<import file="${subsystem.taskdefs.file}" />
+	<import file="${global.taskdefs.file}" />
+	
+	<!-- =========================================
+		 Load common targets
+	     ========================================= -->
+	<!-- Put your language target (java/c++-ant/c++-autotool/perl) here -->
+	<import file="${global.targets-common.file}" />
+		
+	<!-- =========================================
+		 Load version file 
+	     ========================================= -->
+	<property file="${module.version.file}"/>
+	
+	<!-- ==============================================
+		 Local private targets
+	     ============================================== -->
+	
+    <target name="localinit"/>
+	<target name="clean"/>
+
+	<target name="doc"/>
+
+    <target name="localdistbin"/>
+
+    <target name="stage" depends="envcheck">
+        <exec executable="./bin/generate-test-certificates.sh">  
+            <arg line="${stage.dir}"/>
+        </exec>
+    </target>
+	
+</project>		
diff --git a/config/ca_conf.cnf b/config/ca_conf.cnf
index ec4ed3e..6bafc6c 100644
--- a/config/ca_conf.cnf
+++ b/config/ca_conf.cnf
@@ -6,8 +6,8 @@ dir = $ENV::CA_DIR
 database = $dir/index.txt
 serial = $dir/serial.txt
 
-certificate = $dir/$ENV::CA_DIR.cert
-private_key = $dir/$ENV::CA_DIR.priv
+certificate = $dir/$ENV::CATYPE.cert
+private_key = $dir/$ENV::CATYPE.priv
 
 policy = policy_any
 
diff --git a/doc/README b/doc/README
index 9bb59c1..01fdbb0 100644
--- a/doc/README
+++ b/doc/README
@@ -1,116 +1,59 @@
 Untrusted Test Certificates
 ===========================
 
-This module will create a hierarchy under <base>/share/test/certificates
-path containing CA, user and host certificates. 
+This module was created for two slightly different purposes:
+  - provide a simple solution for testing security in normal components
+  - provide an extensive set of valid and invalid certificates for testing
+    security components
 
-It will also set up structures for testing host and user configurations
-inside this base directory:
-     home/.globus/
-        usercert.pem
-        userkey.pem
-     tmp/
-        x509_<uid>
-     etc/grid-security/
-        hostcert.pem
-        hostkey.pem
-        certificates/
-            <ca-big>.0
-            <ca-expired>.0
-            <ca-real>.0
-            # but not ca-fake.0 !
-
-For the 'stage' target <base> is <workspace>/stage, thus depending
-modules can pick it up during their build process. The certificates
-will be valid for 10 days.
-
-The module also has a 'dist' target, which will produce a binary
-distribution containing a set of certificates and keys valid for
-10 years after the build time.
-
-CA Certificates
+CA certificates
 ---------------
-    ca-real: a working CA
-    ca-expired: the CA certificate has an expiration day in the past
-    ca-big: the CA certificate has a long key (4096 bits)
-    ca-fake: the CA certificate is not installed anywhere, thus every
-        certificate depending on this would be fake
-
-    Host and user certificates are placed under the coresponding CA's
-    base directory in the 'certs' subdirectory.
-
-Host Certificates
+For both purposes a set of certification authorities are created and 
+checked into a CVS as a reference point. These certificate authorities
+therefor can be installed as a trust anchor for services and clients.
+
+The CA files are located in the CVS module's 'test' directory. They 
+can be regenerated by issuing the 'generate-ca-certificates-for-cvs.sh'
+command with the '--i-know-what-i-am-doing' option. Yes, it is intentionally
+obscure to avoid re-generation of those certificates.
+
+One should not use these certificate at this location, but copy them to
+the stage (or another) location, and generate the rest of the certificates.
+
+The CA types:
+    trusted: a working CA
+    expired: the CA certificate has an expiration day in the past
+    big:     the CA certificate has a long key (4096 bits)
+    fake:    the CA certificate is not installed anywhere, thus every
+                   certificate depending on this would be fake
+
+Normal Components
 -----------------
-    For each CA there would be a similar set of host certificate generated.
-
-User Certificates
------------------
-    For each CA there would be a similar set of user certificates generated.
-
-Lifetime
---------
-    The default lifetime of these certificates is 30 days from the generation
-    date. This should be sufficient for any testing purposes, since everything
-    can be easily regenerated running a simple script.
-
-VOMS credentials
+For normal components just execute
+    
+    generate-test-certificates.sh $WORKSPACE/stage
+
+It will generate certificates in a CA specific directory, but also
+copy it to a structure, which is closer to component configurations:
+
+    share/test/certificates/
+                grid-security/
+                    hostcert.pem
+                    hostkey.pem
+                    certificates/
+                        5a762d74.0
+                        5a762d74.r0
+                home/
+                    usercert.pem
+                    userkey.pem
+
+All Certificates
 ----------------
-    VOMS credentials are not included in this testing framework (yet).
+For security components a more extensice set of certificates can be
+generated with the following command
+
+    generate-test-certificates.sh --all $WORKSPACE/stage
 
-Example Layout
---------------
+It will generate many certificates in CA specific directories, but
+not put them to the above mentioned convenient places.
 
-share/
-`-- test
-    `-- certificates
-        |-- ca-big
-        |   |-- cacert.pem
-        |   |-- certs
-        |   |-- crls
-        |   |-- index.txt
-        |   |-- newcerts
-        |   |-- private
-        |   |   `-- cakey.pem
-        |   `-- serial
-        |-- ca-expired
-        |   |-- cacert.pem
-        |   |-- certs
-        |   |-- crls
-        |   |-- index.txt
-        |   |-- newcerts
-        |   |-- private
-        |   |   `-- cakey.pem
-        |   `-- serial
-        |-- ca-fake
-        |   |-- cacert.pem
-        |   |-- certs
-        |   |-- crls
-        |   |-- index.txt
-        |   |-- newcerts
-        |   |-- private
-        |   |   `-- cakey.pem
-        |   `-- serial
-        |-- ca-real
-        |   |-- cacert.pem
-        |   |-- certs
-        |   |-- crls
-        |   |-- index.txt
-        |   |-- newcerts
-        |   |-- private
-        |   |   `-- cakey.pem
-        |   `-- serial
-        |-- etc
-        |   `-- grid-security
-        |       |-- certificates
-        |       |   |-- ca-big.pem
-        |       |   |-- ca-expired.pem
-        |       |   |-- ca-fake.pem
-        |       |   `-- ca-real.pem
-        |       |-- hostcert.pem
-        |       `-- hostkey.pem
-        |-- home
-        |   `-- .globus
-        |       |-- usercert.pem
-        |       `-- userkey.pem
-        `-- tmp
-            `-- x509_1000
diff --git a/project/build.properties b/project/build.properties
new file mode 100644
index 0000000..d4784c8
--- /dev/null
+++ b/project/build.properties
@@ -0,0 +1,3 @@
+build.rpm.spec.arch      noarch
+build.package.summary     = Test Certificates
+build.package.description = A package for generating test certificates.
diff --git a/project/configure.properties.xml b/project/configure.properties.xml
new file mode 100644
index 0000000..e0dfea2
--- /dev/null
+++ b/project/configure.properties.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+        Copyright (c) 2004 on behalf of the EU EGEE Project:
+        The European Organization for Nuclear Research (CERN),
+        Istituto Nazionale di Fisica Nucleare (INFN), Italy
+        Datamat Spa, Italy
+        Centre National de la Recherche Scientifique (CNRS), France
+        CS Systeme d'Information (CSSI), France
+        Royal Institute of Technology, Center for Parallel Computers (KTH-PDC), Sweden
+        Universiteit van Amsterdam (UvA), Netherlands
+        University of Helsinki (UH.HIP), Finland
+        University of Bergen (UiB), Norway
+        Council for the Central Laboratory of the Research Councils (CCLRC), United Kingdom
+
+        Configuration build properties file for the GLite security trustmanager component
+
+        Authors: Joachim Flammer <Joachim.Flammer@cern.ch>
+        Version info: $Id$
+        Release: $Name$
+
+        Revision history:
+        $Log$
+        Revision 1.1.1.1  2004/09/16 21:34:43  hahkala
+        initial import of just the tomcat5 glue classes
+
+        Revision 1.3  2004/07/20 16:08:30  flammer
+        Changed incorrect my_... instead of .._template entries for subsystem and component.
+
+        Revision 1.2  2004/07/16 14:56:55  flammer
+        Corrected input path of build.properties.
+
+        Revision 1.1  2004/07/06 20:43:19  flammer
+        Update of configure & targets.
+
+
+
+-->
+<project name="security test-utils component configuration properties">
+
+</project>
diff --git a/project/properties.xml b/project/properties.xml
new file mode 100644
index 0000000..4f8132f
--- /dev/null
+++ b/project/properties.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+	Copyright (c) 2004 on behalf of the EU EGEE Project: 
+	The European Organization for Nuclear Research (CERN), 
+	Istituto Nazionale di Fisica Nucleare (INFN), Italy
+	Datamat Spa, Italy
+	Centre National de la Recherche Scientifique (CNRS), France
+	CS Systeme d'Information (CSSI), France
+	Royal Institute of Technology, Center for Parallel Computers (KTH-PDC), Sweden
+	Universiteit van Amsterdam (UvA), Netherlands
+	University of Helsinki (UH.HIP), Finland
+	University of Bergen (UiB), Norway
+	Council for the Central Laboratory of the Research Councils (CCLRC), United Kingdom
+
+	Common build properties file for the GLite security trustmanager component
+	
+	Authors: Joachim Flammer <Joachim.Flammer@cern.ch>
+	Version info: $Id$
+	Release: $Name$	
+	
+	Revision history:
+	$Log$
+	Revision 1.2  2004/09/28 12:33:19  hahkala
+	build system fixes and config system done with Akos
+	
+	Revision 1.1.1.1  2004/09/16 21:34:43  hahkala
+	initial import of just the tomcat5 glue classes
+	
+	Revision 1.4  2004/07/20 16:08:30  flammer
+	Changed incorrect my_... instead of .._template entries for subsystem and component.
+	
+	Revision 1.3  2004/07/16 14:56:55  flammer
+	Corrected input path of build.properties.
+	
+	Revision 1.2  2004/07/16 14:36:49  flammer
+	
+	Corrected build.properties include.
+	
+	Revision 1.1.1.1  2004/06/18 12:40:17  flammer
+	Added general component template.
+	
+	
+-->
+
+<project name="security test-utils component common properties">
+
+	<!-- Include build properties to allow overwriting 
+	     of properties for subsystem                    -->
+	<property file="project/build.properties" />	
+
+	<!-- ======================================================
+              Define corresponding subsystem properties
+	     ====================================================== -->
+
+	<!-- Subsystem name -->
+	<property name="subsystem.name" value="${security.subsystem.name}"/>
+		
+	<!-- Subsystem prefix -->
+	<property name="subsystem.prefix" value="${security.subsystem.prefix}"/>
+
+	<!-- ======================================================
+              Define component properties
+	     ====================================================== -->
+		 		
+	<!-- Component name prefix -->
+	<property name="component.prefix" value="test-utils" />
+			
+	<!-- ======================================================
+              Define general component properties
+	     ====================================================== -->
+	
+	<import file="${component.general.properties.file}" />
+						
+	<!-- ======================================================
+	      Define extra properties here ...
+	     ====================================================== -->
+</project>
diff --git a/project/version.properties b/project/version.properties
new file mode 100644
index 0000000..23bf2e6
--- /dev/null
+++ b/project/version.properties
@@ -0,0 +1,4 @@
+#Wed Oct 27 13:03:43 CEST 2004
+module.version=0.1.0
+module.build=1
+module.age=1
-- 
1.8.2.3