Newer
Older
#!/bin/bash
set -e
if [ ! -e "openssl.conf" ]; then
>&2 echo "The configuration file 'openssl.conf' doesn't exist in this directory"
exit 1
fi
base_dir=$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd)
certs_dir="${base_dir}"/certs
ta_dir="${base_dir}"/trust-anchors
rm -rf "${certs_dir}"
mkdir -p "${certs_dir}"
rm -rf "${ta_dir}"
mkdir -p "${ta_dir}"
rm -rf "${vomsdir}"
mkdir -p "${vomsdir}"
[ -d "igi_test_ca2" ] && remove_ca.sh igi_test_ca2
export CA_NAME=igi_test_ca2
make_ca.sh
make_crl.sh
install_ca.sh igi_test_ca2 "${ta_dir}"
make_cert.sh untrusted_voms
cp igi_test_ca2/certs/untrusted_voms.* "${certs_dir}"
[ -d "igi_test_ca" ] && remove_ca.sh igi_test_ca
export CA_NAME=igi_test_ca
make_ca.sh
make_crl.sh
install_ca.sh igi_test_ca "${ta_dir}"
export X509_CERT_DIR="${ta_dir}"
make_cert.sh test0
cp igi_test_ca/certs/test0.* "${certs_dir}"
make_cert.sh star_test_example
cp igi_test_ca/certs/star_test_example.* "${certs_dir}"
mkdir -p "${vomsdir}"/test.vo
openssl x509 -in "${certs_dir}"/star_test_example.cert.pem -noout -subject -issuer -nameopt compat \
| sed -e 's/subject=//' -e 's/issuer=//' > "${vomsdir}"/test.vo/voms.example.lsc
echo | voms-proxy-init -cert "${certs_dir}"/test0.p12 --valid 10:0 --out "${certs_dir}"/0.pem --pwstdin
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/0.pem > "${certs_dir}"/0.key.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/0.pem > "${certs_dir}"/0.cert.pem
cat "${certs_dir}"/test0.cert.pem "${ta_dir}"/igi_test_ca.pem > "${certs_dir}"/test0+ca.pem
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# long-lived proxy certificate, with an expired AC
proxy_name=1
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem
# expired proxy certificate
proxy_name=2
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem
# valid proxy certificate with valid AC
proxy_name=3
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem
# proxy with VOMS generic attributes containing special characters
proxy_name=4
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem
# proxy with valid VOMS attributes, untrusted AC signature (LSC missing) and VOMS trust-anchor missing
proxy_name=5
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem
# proxy chain with 3 delegations, without VOMS attributes
proxy_name=6
env X509_USER_PROXY="${certs_dir}/3.pem" X509_CERT_DIR="${ta_dir}" voms-proxy-init2 --out "${certs_dir}"/${proxy_name}.pem -noregen -dont-verify-ac
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem