From 5959867f31cac0e982d1202b18bcb04cb70f7b62 Mon Sep 17 00:00:00 2001
From: Joni Hahkala <joni.hahkala@cern.ch>
Date: Thu, 8 Jul 2010 13:07:14 +0000
Subject: [PATCH] add the host cert with emailaddress in DN generation

---
 bin/generate-test-certificates.sh | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh
index 2aea752..5e92bc8 100755
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -72,6 +72,11 @@ function create_cert {
 	    flags="server"
 	    CMD="$CMD -subj \"`echo $dn | sed 's/Relaxation/Chilling/'`\""
 	    ;;
+	hostemail)
+	    echo bad DN cert $flags
+	    flags="server"
+	    CMD="$CMD -subj \"$dn/emailAddress=john.doe@foo.bar\""
+	    ;;
 	clientfuture)
 	    echo bad DN cert $flags
 	    flags="client"
@@ -466,6 +471,9 @@ function add_ca_grid_sec {
     if [ ! -d 'grid-security/certificates-withoutroot' ]; then
         mkdir -p 'grid-security/certificates-withoutroot'
     fi
+    if [ ! -d 'grid-security/certificates-withnamespaceerrors' ]; then
+        mkdir -p 'grid-security/certificates-withnamespaceerrors'
+    fi
     hash=$(openssl x509 -hash -noout -in $1-ca/$1.cert)
     cp $1-ca/$1.cert grid-security/certificates/${hash}.0
     cp $1-ca/$1.crl grid-security/certificates/${hash}.r0
@@ -487,7 +495,7 @@ EOF
     cp grid-security/certificates/${hash}.* grid-security/certificates-rootwithpolicy
     cp grid-security/certificates/${hash}.* grid-security/certificates-rootallowsubsubdeny
     cp grid-security/certificates/${hash}.* grid-security/certificates-subcawithpolicy
-    cp grid-security/certificates/${hash}.* grid-security/certificates-subcawithpolicy
+    cp grid-security/certificates/${hash}.* grid-security/certificates-withnamespaceerrors
     cp grid-security/certificates/${hash}.* grid-security/certificates-withoutroot
 
 #override root and sub namespaces
@@ -595,6 +603,19 @@ access_id_CA            X509    '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the su
 pos_rights              globus  CA:sign
 cond_subjects           globus  '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=*"'
 EOF
+	cat <<EOF >grid-security/certificates-withnamespaceerrors/${hash}.namespaces
+##############################################################################
+#NAMESPACES-VERSION: 1.0
+# Namespaces file for the $(echo "$subject_name" | sed -e 's#^.*/CN=##')
+TO Isser "${subject_name:9}" \
+  PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA"
+EOF
+	cat <<EOF >grid-security/certificates-withnamespaceerrors/${hash}.signing_policy
+# Signing policy file for the $(echo "$subject_name" | sed -e 's#^.*/CN=##')
+access_id_CA             '${subject_name:9}'
+pos_rights              globus  CA:sign
+cond_subjects           globus  '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA"'
+EOF
     fi
     if [ "$1" = 'subsubca' ]; then
 	cat <<EOF >grid-security/certificates/${hash}.namespaces
@@ -841,6 +862,12 @@ function create_all {
 	
 	create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS
 	
+	TYPE="host_email"
+	CTYPE="$HOSTNAME email"
+	TYPE2="hostemail"
+	
+	create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS
+	
 	TYPE="altname"
 	CTYPE="altname"
 	
-- 
1.8.2.3