From 612950ef60aa99e925f71b77ed55e5c93507e6d3 Mon Sep 17 00:00:00 2001 From: Adam Young Date: Thu, 20 Feb 2014 00:37:42 -0500 Subject: Split sample PKI token generation Splits the file that generates the sample data into two. One part is the set of individual functions. The second is a script that calls each of the functions in turn. By splitting them, it becomes easier to regenerate just a subset of the sample data. The use-case that prompted this change was the need to regenerate the signed tokens based on a different algorithm. Without this change, all of thecertificates would need to be regenerated, and that has nothing to do with the actual change required. Change-Id: I53b6cfde98a52f0a59b06ad8abbe0d2f1251f796 --- examples/pki/gen_pki.sh | 17 ++++------------- examples/pki/run_all.sh | 31 +++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 13 deletions(-) create mode 100755 examples/pki/run_all.sh (limited to 'examples') diff --git a/examples/pki/gen_pki.sh b/examples/pki/gen_pki.sh index c5269a3..b8b28f9 100755 --- a/examples/pki/gen_pki.sh +++ b/examples/pki/gen_pki.sh @@ -14,7 +14,7 @@ # License for the specific language governing permissions and limitations # under the License. -# This script generates the crypto necessary for the SSL tests. +# These functions generate the certificates and signed tokens for the tests. DIR=`dirname "$0"` CURRENT_DIR=`cd "$DIR" && pwd` @@ -202,21 +202,12 @@ function check_openssl { check_error $? } +JSON_FILES="${CMS_DIR}/auth_token_revoked.json ${CMS_DIR}/auth_token_unscoped.json ${CMS_DIR}/auth_token_scoped.json ${CMS_DIR}/auth_token_scoped_expired.json ${CMS_DIR}/revocation_list.json ${CMS_DIR}/auth_v3_token_scoped.json ${CMS_DIR}/auth_v3_token_revoked.json" + function gen_sample_cms { - for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/auth_token_scoped_expired.json" "${CMS_DIR}/revocation_list.json" "${CMS_DIR}/auth_v3_token_scoped.json" "${CMS_DIR}/auth_v3_token_revoked.json" + for json_file in $JSON_FILES do openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem} done } -check_openssl -rm_old -cleanup -setup -generate_ca -ssl_cert_req -cms_signing_cert_req -issue_certs -create_middleware_cert -gen_sample_cms -cleanup diff --git a/examples/pki/run_all.sh b/examples/pki/run_all.sh new file mode 100755 index 0000000..ba2f0b6 --- /dev/null +++ b/examples/pki/run_all.sh @@ -0,0 +1,31 @@ +#!/bin/bash -x + +# Copyright 2012 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# This script generates the crypto necessary for the SSL tests. + +. gen_pki.sh + +check_openssl +rm_old +cleanup +setup +generate_ca +ssl_cert_req +cms_signing_cert_req +issue_certs +create_middleware_cert +gen_sample_cms +cleanup -- cgit v1.2.1