From bfd80c89ccb74c205bae1fb058d4277921c90050 Mon Sep 17 00:00:00 2001 From: Akos Frohner Date: Mon, 22 May 2006 11:41:51 +0000 Subject: [PATCH] Simplified the generation of signing_policy file for the Globus clients. --- bin/generate-test-certificates.sh | 50 +++++++++++---------------------------- 1 file changed, 14 insertions(+), 36 deletions(-) diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh index cb8156e..fa64a58 100755 --- a/bin/generate-test-certificates.sh +++ b/bin/generate-test-certificates.sh @@ -332,6 +332,15 @@ function create_some { hash=$(openssl x509 -hash -noout -in $CA_DIR/${catype}.cert) cp $CA_DIR/${catype}.cert grid-security/certificates/${hash}.0 cp $CA_DIR/${catype}.crl grid-security/certificates/${hash}.r0 + # generating a signing_policy file + subject_name=$(openssl x509 -in $CA_DIR/${catype}.cert -subject -noout) + cat <grid-security/certificates/${hash}.signing_policy +# Signing policy file for the $(echo "$subject_name" | sed -e 's#^.*/CN=##') +access_id_CA X509 '${subject_name:9}' +pos_rights globus CA:sign +cond_subjects globus '"$(echo "${subject_name:9}" | sed -e 's#/CN=.*$##')/*"' +EOF + cp $CERT_DIR/${catype}_server.cert grid-security/hostcert.pem openssl rsa -passin pass:$PASSWORD -in $CERT_DIR/${catype}_server.priv -out grid-security/hostkey.pem @@ -698,44 +707,13 @@ for catype in $CATYPES; do cp -a $CONFIGDIR/${catype}-ca $CA_DIR result=$? if [ $result -ne 0 ];then - echo The copying of CA ${catype} failed with error code $result + echo "The copying of CA ${catype} failed with error code $result" exit -1 fi - fi - - if [ $catype != "fake" ] - then - # Let's make the signing policy file and put it in the right place. - # Don't do this for the fake CA - subject_name=`openssl x509 -in $CA_DIR/${catype}.cert -subject -noout`; ## echo "Subject name = ${subject_name:9}"; - # pick off the first 9 characters of the string... this will give our raw subject. see above. - # Now have to construct the signing policy file.... - echo "access_id_CA X509 '${subject_name:9}'" > $tmpdir/temporary_signing_policy.file - echo "pos_rights globus CA:sign" >> $tmpdir/temporary_signing_policy.file - # we now have a request to copy the CA certificates to a globus-friendly location. - # eg. /etc/grid-security/certificates - hash_number=`openssl x509 -in $CA_DIR/${catype}.cert -hash -noout` - # now copy the CA cert to /etc/grid-security/certificates - # check to make sure /etc/grid-security/certificates exists... - if [ -d $X509_CERT_DIR ] - then - cp $CA_DIR/${catype}.cert $X509_CERT_DIR/${hash_number}.0 - result=$? - if [ $result -ne 0 ];then - echo "The copying of ${CA_DIR}/${catype}.cert to \ - $X509_CERT_DIR/${hash_number}.0 failed with error code $result"; - fi - cp $tmpdir/temporary_signing_policy.file $X509_CERT_DIR/${hash_number}.signing_policy - result=$? - if [ $result -ne 0 ];then - echo "The copying of $tmpdir/temporary_signing_policy.file to \ - $X509_CERT_DIR/${hash_number}.signing_policy failed with error code $result"; - fi - rm $tmpdir/temporary_signing_policy.file - else - echo "The standard globus directory $X509_CERT_DIR does not exist!"; - echo "Therefore I cannot copy the CA certificates etc to this directory. Continuing anyway..."; - fi + # remove the CVS dir, if it was copied... + if [ -d "$CA_DIR/CVS" ]; then + rm -rf "$CA_DIR/CVS" + fi fi mkdir -p $CERT_DIR -- 1.8.2.3