Split sample PKI token generation

Splits the file that generates the sample data into two.
One part is the set of individual functions.  The second
is a script that calls each of the functions in turn.  By
splitting them, it becomes easier to regenerate just a subset
of the sample data.  The use-case that prompted this change
was the need to regenerate the signed tokens based on a different
algorithm.  Without this change, all of thecertificates would
need to be regenerated, and that has nothing to do with the
actual change required.

Change-Id: I53b6cfde98a52f0a59b06ad8abbe0d2f1251f796
This commit is contained in:
Adam Young 2014-02-20 00:37:42 -05:00
parent e2a1642abd
commit 18317e8622
2 changed files with 35 additions and 13 deletions

@ -14,7 +14,7 @@
# License for the specific language governing permissions and limitations
# under the License.
# This script generates the crypto necessary for the SSL tests.
# These functions generate the certificates and signed tokens for the tests.
DIR=`dirname "$0"`
CURRENT_DIR=`cd "$DIR" && pwd`
@ -202,21 +202,12 @@ function check_openssl {
check_error $?
}
JSON_FILES="${CMS_DIR}/auth_token_revoked.json ${CMS_DIR}/auth_token_unscoped.json ${CMS_DIR}/auth_token_scoped.json ${CMS_DIR}/auth_token_scoped_expired.json ${CMS_DIR}/revocation_list.json ${CMS_DIR}/auth_v3_token_scoped.json ${CMS_DIR}/auth_v3_token_revoked.json"
function gen_sample_cms {
for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/auth_token_scoped_expired.json" "${CMS_DIR}/revocation_list.json" "${CMS_DIR}/auth_v3_token_scoped.json" "${CMS_DIR}/auth_v3_token_revoked.json"
for json_file in $JSON_FILES
do
openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem}
done
}
check_openssl
rm_old
cleanup
setup
generate_ca
ssl_cert_req
cms_signing_cert_req
issue_certs
create_middleware_cert
gen_sample_cms
cleanup

31
pki/run_all.sh Executable file

@ -0,0 +1,31 @@
#!/bin/bash -x
# Copyright 2012 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# This script generates the crypto necessary for the SSL tests.
. gen_pki.sh
check_openssl
rm_old
cleanup
setup
generate_ca
ssl_cert_req
cms_signing_cert_req
issue_certs
create_middleware_cert
gen_sample_cms
cleanup