From 2e7b4f2027a1147ca28301e4f88adf8274b39a1f Mon Sep 17 00:00:00 2001 From: DUVAL Thomas Date: Thu, 9 Jun 2016 09:11:50 +0200 Subject: Update Keystone core to Mitaka. Change-Id: Ia10d6add16f4a9d25d1f42d420661c46332e69db --- keystone-moon/examples/pki/gen_pki.sh | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'keystone-moon/examples') diff --git a/keystone-moon/examples/pki/gen_pki.sh b/keystone-moon/examples/pki/gen_pki.sh index 65550265..da800413 100755 --- a/keystone-moon/examples/pki/gen_pki.sh +++ b/keystone-moon/examples/pki/gen_pki.sh @@ -157,14 +157,16 @@ function check_error { function generate_ca { echo 'Generating New CA Certificate ...' - openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes + openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem \ + -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes check_error $? } function ssl_cert_req { echo 'Generating SSL Certificate Request ...' generate_ssl_req_conf - openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes + openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem \ + -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes check_error $? #openssl req -in req.pem -text -noout } @@ -172,7 +174,9 @@ function ssl_cert_req { function cms_signing_cert_req { echo 'Generating CMS Signing Certificate Request ...' generate_cms_signing_req_conf - openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes + openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem \ + -keyform PEM -out cms_signing_req.pem -outform PEM \ + -config cms_signing_req.conf -nodes check_error $? #openssl req -in req.pem -text -noout } @@ -187,7 +191,8 @@ function issue_certs { echo 'Issuing CMS Signing Certificate ...' openssl ca -in cms_signing_req.pem -config signing.conf -batch check_error $? - openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem + openssl x509 -in $CURRENT_DIR/newcerts/11.pem \ + -out $CERTS_DIR/signing_cert.pem check_error $? } @@ -203,8 +208,15 @@ function check_openssl { } function gen_sample_cms { - for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json"; do - openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem} + FILES="${CMS_DIR}/auth_token_revoked.json" + FILES+=" ${CMS_DIR}/auth_token_unscoped.json" + FILES+=" ${CMS_DIR}/auth_token_scoped.json" + FILES+=" ${CMS_DIR}/revocation_list.json" + for json_file in $FILES; do + openssl cms -sign -in $json_file -nosmimecap \ + -signer $CERTS_DIR/signing_cert.pem \ + -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach \ + -nocerts -noattr -out ${json_file/.json/.pem} done } -- cgit 1.2.3-korg