diff options
author | Adam Young <ayoung@redhat.com> | 2014-02-20 00:37:42 -0500 |
---|---|---|
committer | Adam Young <ayoung@redhat.com> | 2014-03-10 13:14:22 -0400 |
commit | 612950ef60aa99e925f71b77ed55e5c93507e6d3 (patch) | |
tree | 7649c90d0dea16cfba1ff56626c66aeac2902c80 /examples/pki/gen_pki.sh | |
parent | b935741f6c93abae1c7aac41da92b475bbe14815 (diff) | |
download | python-keystoneclient-612950ef60aa99e925f71b77ed55e5c93507e6d3.tar.gz |
Split sample PKI token generation
Splits the file that generates the sample data into two.
One part is the set of individual functions. The second
is a script that calls each of the functions in turn. By
splitting them, it becomes easier to regenerate just a subset
of the sample data. The use-case that prompted this change
was the need to regenerate the signed tokens based on a different
algorithm. Without this change, all of thecertificates would
need to be regenerated, and that has nothing to do with the
actual change required.
Change-Id: I53b6cfde98a52f0a59b06ad8abbe0d2f1251f796
Diffstat (limited to 'examples/pki/gen_pki.sh')
-rwxr-xr-x | examples/pki/gen_pki.sh | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/examples/pki/gen_pki.sh b/examples/pki/gen_pki.sh index c5269a3..b8b28f9 100755 --- a/examples/pki/gen_pki.sh +++ b/examples/pki/gen_pki.sh @@ -14,7 +14,7 @@ # License for the specific language governing permissions and limitations # under the License. -# This script generates the crypto necessary for the SSL tests. +# These functions generate the certificates and signed tokens for the tests. DIR=`dirname "$0"` CURRENT_DIR=`cd "$DIR" && pwd` @@ -202,21 +202,12 @@ function check_openssl { check_error $? } +JSON_FILES="${CMS_DIR}/auth_token_revoked.json ${CMS_DIR}/auth_token_unscoped.json ${CMS_DIR}/auth_token_scoped.json ${CMS_DIR}/auth_token_scoped_expired.json ${CMS_DIR}/revocation_list.json ${CMS_DIR}/auth_v3_token_scoped.json ${CMS_DIR}/auth_v3_token_revoked.json" + function gen_sample_cms { - for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/auth_token_scoped_expired.json" "${CMS_DIR}/revocation_list.json" "${CMS_DIR}/auth_v3_token_scoped.json" "${CMS_DIR}/auth_v3_token_revoked.json" + for json_file in $JSON_FILES do openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem} done } -check_openssl -rm_old -cleanup -setup -generate_ca -ssl_cert_req -cms_signing_cert_req -issue_certs -create_middleware_cert -gen_sample_cms -cleanup |