From d9624b10dc79eeda34bb72f0ce23c7a1d6f97a4a Mon Sep 17 00:00:00 2001
From: John White <John.White@cern.ch>
Date: Wed, 2 Mar 2005 14:36:49 +0000
Subject: [PATCH] Changes made for bug number 6743. CA certs are now copied to
 /etc/grid-security/certificates and also the signing policy files are now
 generated.

---
 bin/generate-test-certificates.sh | 44 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh
index d0f7098..ec8304c 100755
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -485,6 +485,15 @@ function create_all_test {
 
 ############################## main ################################
 
+# check the certificate directory...
+
+if [ -! -z $X509_CERT_DIR ]
+then
+    echo "Certificate directory set to $X509_CERT_DIR";
+else
+    X509_CERT_DIR="/etc/grid-security/certificates";
+    echo "Certificate directory set to $X509_CERT_DIR";
+fi
 if [ "$1" == "--all" ]; then
     CATYPES='trusted fake big expired'
     ALL='yes'
@@ -554,6 +563,41 @@ for catype in $CATYPES; do
 	fi
     fi
 
+    if [ $catype != "fake" ]
+    then
+        # Let's make the signing policy file and put it in the right place.
+        # Don't do this for the fake CA
+        subject_name=`openssl x509 -in $CA_DIR/${catype}.cert -subject -noout`; ## echo "Subject name = ${subject_name:9}";
+        # pick off the first 9 characters of the string... this will give our raw subject. see above.
+        # Now have to construct the signing policy file....
+        echo "access_id_CA      X509       '${subject_name:9}'" > /tmp/temporary_signing_policy.file
+        echo "pos_rights        globus        CA:sign"          >> /tmp/temporary_signing_policy.file
+        # we now have a request to copy the CA certificates to a globus-friendly location.
+        # eg. /etc/grid-security/certificates
+        hash_number=`openssl x509 -in $CA_DIR/${catype}.cert -hash -noout`
+        # now copy the CA cert to /etc/grid-security/certificates
+        # check to make sure /etc/grid-security/certificates exists...
+        if [ -d $X509_CERT_DIR ]
+        then
+            cp $CA_DIR/${catype}.cert $X509_CERT_DIR/${hash_number}.0
+	    result=$?
+	    if [ $result -ne 0 ];then
+	        echo "The copying of ${CA_DIR}/${catype}.cert to \
+                      $X509_CERT_DIR/${hash_number}.0 failed with error code $result";
+	    fi
+            cp /tmp/temporary_signing_policy.file $X509_CERT_DIR/${hash_number}.signing_policy
+	    result=$?
+	    if [ $result -ne 0 ];then
+	        echo "The copying of /tmp/temporary_signing_policy.file to \
+                      $X509_CERT_DIR/${hash_number}.signing_policy failed with error code $result";
+	    fi
+            rm /tmp/temporary_signing_policy.file
+        else
+            echo "The standard globus directory $X509_CERT_DIR does not exist!";
+            echo "Therefore I cannot copy the CA certificates etc to this directory. Continuing anyway...";
+        fi    
+    fi
+
     mkdir -p $CERT_DIR
 
     if [ -n "$ALL" ]; then
-- 
1.8.2.3