From bf32d7160b84430b8154e05b81d47bcddfa8d667 Mon Sep 17 00:00:00 2001
From: John White <John.White@cern.ch>
Date: Tue, 2 Nov 2004 13:23:09 +0000
Subject: [PATCH] Have added the test proxy generating code so that it can be
 looked at. Needs cleaning.

---
 bin/generate-test-certificates.sh | 58 +++++++++++++++++++++++++++++++++------
 1 file changed, 50 insertions(+), 8 deletions(-)

diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh
index e57e7d7..db05a5f 100755
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -14,7 +14,7 @@
 
 if [ "$1" == "--all" ]; then
     CATYPES='trusted'
-    #CATYPES='trusted fake big expired'
+    ## CATYPES='trusted fake big expired'
     ALL='yes'
     shift
 else
@@ -56,13 +56,16 @@ function create_cert {
         return 
     fi
 
-    openssl req -out $filebase.req -new -keyout $filebase.priv -config $REQ_CONFIG_FILE
+    CMD="openssl req -out $filebase.req -new -keyout $filebase.priv -config $REQ_CONFIG_FILE"
+    echo $CMD; $CMD;
 
     case $flags in
         client|server|clientserver|fclient|none)
             echo "Generating a $flags certificate"
-            openssl ca -in $filebase.req -out $filebase.cert -outdir tmp \
-                -md md5 -config $CA_CONF -batch -extensions ca_$flags -days $validity
+            echo $CA_DIR
+            CMD="openssl ca -in $filebase.req -out $filebase.cert -outdir tmp \
+                         -md md5 -config $CA_CONF -batch -extensions ca_$flags -days $validity"
+            echo $CMD; $CMD
             ;;
         *)
             echo "Unknown flags: $flags"
@@ -77,6 +80,7 @@ function create_cert {
 
 function create_cert_proxy {
     filebase=$1
+    export FILEBASE=${filebase}
     export CN=$2
     ending=$3
     export PROXYNAME=$4
@@ -85,7 +89,27 @@ function create_cert_proxy {
     echo "         in files named $filebase$ending.(cert|priv)"
     echo "         with $validity days validity time"
 
-    #TODO: write the body
+    CMD="openssl req -out ${filebase}.proxy.req -new -keyout ${filebase}.proxy.priv \
+                 -config ${REQ_PROXY_CONFIG_FILE}"
+    echo $CMD; $CMD
+    CMD="openssl ca -in ${filebase}.proxy.req -cert ${filebase}.cert \
+                    -keyfile ${filebase}.priv \
+                    -out ${filebase}.proxy.cert \
+                    -outdir . \
+                    -config ${CA_CONF} -md md5 -days 2 -batch \
+                    -verbose -passin pass:${PASSWORD}"
+    echo $CMD; $CMD
+    openssl x509 -in ${filebase}.proxy.cert -text > ${filebase}.proxy.cert.tmp
+    cp ${filebase}.proxy.cert.tmp ${filebase}.proxy.cert
+
+    openssl pkcs12 -in ${filebase}.proxy.cert.tmp -out ${filebase}.proxy.p12 -export \
+                   -inkey ${filebase}.proxy.priv -passin pass:$PASSWORD -passout pass:$PASSWORD \
+                   -name "${catype} proxy certificate" -certfile ${filebase}.cert
+
+    cp ${filebase}.proxy.cert ${filebase}.grid_proxy
+    openssl rsa -in ${filebase}.proxy.priv -passin pass:$PASSWORD >> ${filebase}.grid_proxy
+    cat ${filebase}.cert >> ${filebase}.grid_proxy
+
 }
 
 function create_cert_proxy_proxy {
@@ -103,10 +127,10 @@ function create_cert_proxy_proxy {
 
 # create some certificates and copy them to convenient locations
 function create_some {
-    # generating host certificate
+    # generating client certificate
     create_cert $CERT_DIR/${catype}_client "$LOGNAME client" client $DAYS
 
-    # generating client certificate
+    # generating host certificate
     create_cert $CERT_DIR/${catype}_server "$HOSTNAME server" server $DAYS
 
     # generating CRL
@@ -131,6 +155,21 @@ function create_some {
 
 # create all certificates
 function create_all {
+
+    # If we have the trusted CA, then generate a user cert/key pair
+    # And also a host cert/key pair.
+
+    if [ "$catype" == "trusted" ]; then
+        # Create a user and host certificate
+        create_cert $CERT_DIR/${catype}_client "$LOGNAME" client $DAYS
+        create_cert $CERT_DIR/${catype}_server "$HOSTNAME" server $DAYS
+        # And put them in the stage directory.
+        cp $CERT_DIR/${catype}_client.cert ../../../usercert.pem
+        cp $CERT_DIR/${catype}_client.priv ../../../userkey.pem
+        cp $CERT_DIR/${catype}_server.cert ../../../hostcert.pem
+        cp $CERT_DIR/${catype}_server.priv ../../../hostkey.pem
+    fi
+
     # create valid certs with proxies
     create_cert $CERT_DIR/${catype}_client "$catype client" client $DAYS
     create_cert_proxy $CERT_DIR/${catype}_client "$catype client" _proxy "proxy" $DAYS
@@ -197,6 +236,7 @@ function create_all {
 
     # generating CRL
     openssl ca -gencrl -crldays 10000 -out $CA_DIR/${catype}.crl -config $CA_CONF
+
 }
 
 ############################## main ################################
@@ -209,6 +249,7 @@ fi
 BASEDIR="$BASEDIR/share/test/certificates"
 mkdir -p $BASEDIR
 cd $BASEDIR
+echo "Current directory now: `pwd`"
 mkdir -p tmp
 ABSBASEDIR=$(pwd)
 
@@ -238,7 +279,7 @@ for catype in $CATYPES; do
         continue
     fi
     if [ -d "$CA_DIR" ]; then
-        echo "CA directory already exists: $CA_DIR"
+        echoclean "CA directory already exists: $CA_DIR"
     else
         cp -a $CONFIGDIR/${catype}-ca $CA_DIR
     fi
@@ -255,4 +296,5 @@ done
 
 # cleaning up temp
 rm tmp/*.pem
+rmdir tmp
 
-- 
1.8.2.3