diff options
author | Adam Young <ayoung@redhat.com> | 2014-02-20 00:37:42 -0500 |
---|---|---|
committer | Adam Young <ayoung@redhat.com> | 2014-03-10 13:14:22 -0400 |
commit | 612950ef60aa99e925f71b77ed55e5c93507e6d3 (patch) | |
tree | 7649c90d0dea16cfba1ff56626c66aeac2902c80 /examples/pki | |
parent | b935741f6c93abae1c7aac41da92b475bbe14815 (diff) | |
download | python-keystoneclient-612950ef60aa99e925f71b77ed55e5c93507e6d3.tar.gz |
Split sample PKI token generation
Splits the file that generates the sample data into two.
One part is the set of individual functions. The second
is a script that calls each of the functions in turn. By
splitting them, it becomes easier to regenerate just a subset
of the sample data. The use-case that prompted this change
was the need to regenerate the signed tokens based on a different
algorithm. Without this change, all of thecertificates would
need to be regenerated, and that has nothing to do with the
actual change required.
Change-Id: I53b6cfde98a52f0a59b06ad8abbe0d2f1251f796
Diffstat (limited to 'examples/pki')
-rwxr-xr-x | examples/pki/gen_pki.sh | 17 | ||||
-rwxr-xr-x | examples/pki/run_all.sh | 31 |
2 files changed, 35 insertions, 13 deletions
diff --git a/examples/pki/gen_pki.sh b/examples/pki/gen_pki.sh index c5269a3..b8b28f9 100755 --- a/examples/pki/gen_pki.sh +++ b/examples/pki/gen_pki.sh @@ -14,7 +14,7 @@ # License for the specific language governing permissions and limitations # under the License. -# This script generates the crypto necessary for the SSL tests. +# These functions generate the certificates and signed tokens for the tests. DIR=`dirname "$0"` CURRENT_DIR=`cd "$DIR" && pwd` @@ -202,21 +202,12 @@ function check_openssl { check_error $? } +JSON_FILES="${CMS_DIR}/auth_token_revoked.json ${CMS_DIR}/auth_token_unscoped.json ${CMS_DIR}/auth_token_scoped.json ${CMS_DIR}/auth_token_scoped_expired.json ${CMS_DIR}/revocation_list.json ${CMS_DIR}/auth_v3_token_scoped.json ${CMS_DIR}/auth_v3_token_revoked.json" + function gen_sample_cms { - for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/auth_token_scoped_expired.json" "${CMS_DIR}/revocation_list.json" "${CMS_DIR}/auth_v3_token_scoped.json" "${CMS_DIR}/auth_v3_token_revoked.json" + for json_file in $JSON_FILES do openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem} done } -check_openssl -rm_old -cleanup -setup -generate_ca -ssl_cert_req -cms_signing_cert_req -issue_certs -create_middleware_cert -gen_sample_cms -cleanup diff --git a/examples/pki/run_all.sh b/examples/pki/run_all.sh new file mode 100755 index 0000000..ba2f0b6 --- /dev/null +++ b/examples/pki/run_all.sh @@ -0,0 +1,31 @@ +#!/bin/bash -x + +# Copyright 2012 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# This script generates the crypto necessary for the SSL tests. + +. gen_pki.sh + +check_openssl +rm_old +cleanup +setup +generate_ca +ssl_cert_req +cms_signing_cert_req +issue_certs +create_middleware_cert +gen_sample_cms +cleanup |