From 89bbc9ea9148e8213d4bb2655943c7b47348f4f2 Mon Sep 17 00:00:00 2001
From: Akos Frohner <akos.frohner@cern.ch>
Date: Mon, 22 May 2006 13:02:12 +0000
Subject: [PATCH] Added a script to re-generate the host specific server
 certificate.

---
 bin/generate-test-certificates.sh  |  8 +++++++
 bin/regenerate-host-certificate.sh | 43 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100755 bin/regenerate-host-certificate.sh

diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh
index fa64a58..24d6fcf 100755
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -384,6 +384,14 @@ EOF
             done
         fi
     fi
+
+    if [ -r "$CONFIGDIR/../bin/regenerate-host-certificate.sh" ]; then
+        echo "Copying the host-cert re-generation special tool..."
+        if [ ! -d 'bin' ]; then
+            mkdir bin
+        fi
+        cp -u $CONFIGDIR/../bin/regenerate-host-certificate.sh bin/
+    fi
 }
 
 
diff --git a/bin/regenerate-host-certificate.sh b/bin/regenerate-host-certificate.sh
new file mode 100755
index 0000000..fde0109
--- /dev/null
+++ b/bin/regenerate-host-certificate.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+#
+# The purpose of this script is to re-generate the
+# host specific server certificate in a test deployment.
+#
+# Unlike the other scripts, this is supposed to work
+# in the staged/installed directory only.
+
+set -e
+tempdir="$PWD/$$.tmp"
+trap "rm -rf $tempdir" EXIT
+mkdir -p $tempdir
+
+if [ -n "$1" -a -d "$1/trusted-ca" ]; then
+    export TARGETDIR=$(cd $1; echo $PWD)
+else
+    if [ -d "$(dirname $0)/../trusted-ca" ]; then
+        TARGETDIR=$(cd $(dirname $0)/..; echo $PWD)
+    else
+        echo "Could not find the 'trusted-ca' directory!" >&2
+        exit
+    fi
+fi
+export CA_DIR=$TARGETDIR/trusted-ca
+
+# variables to be used by OpenSSL directly
+export CATYPE=trusted
+export CN=$(hostname --fqdn)
+export BITS=1024
+export PASSWORD='changeit'
+
+filebase="$tempdir/server"
+echo "Re-generating server certificate for '$CN'"
+CMD="openssl req -out $filebase.req -newkey rsa:$BITS -new -keyout $filebase.priv -config $CA_DIR/req_conf.cnf"
+[ -n "$VERBOSE" ] && echo $CMD 
+$CMD
+CMD="openssl ca -in $filebase.req -out $filebase.cert -outdir $tempdir -md md5 -config $CA_DIR/ca_conf.cnf -batch -extensions ca_server -days 1000"
+[ -n "$VERBOSE" ] && echo $CMD 
+$CMD
+
+cp $filebase.cert $TARGETDIR/grid-security/hostcert.pem
+openssl rsa -passin pass:$PASSWORD -in $filebase.priv -out $TARGETDIR/grid-security/hostkey.pem
+
-- 
1.8.2.3