openstack/deb-keystone
Code Issues Proposed changes

Merge "Make gen_pki.sh & debug_helper.sh bash8 compliant"

Browse Source
This commit is contained in:
Jenkins 2014-06-23 18:39:44 +00:00 committed by Gerrit Code Review
commit db0519dfa0
4 changed files with 63 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
examples/pki/gen_pki.sh
View File

@ -24,21 +24,21 @@ CMS_DIR=$CURRENT_DIR/cms
function rm_old { function rm_old {
rm -rf $CERTS_DIR/*.pem rm -rf $CERTS_DIR/*.pem
rm -rf $PRIVATE_DIR/*.pem rm -rf $PRIVATE_DIR/*.pem
} }
function cleanup { function cleanup {
rm -rf *.conf > /dev/null 2>&1 rm -rf *.conf > /dev/null 2>&1
rm -rf index* > /dev/null 2>&1 rm -rf index* > /dev/null 2>&1
rm -rf *.crt > /dev/null 2>&1 rm -rf *.crt > /dev/null 2>&1
rm -rf newcerts > /dev/null 2>&1 rm -rf newcerts > /dev/null 2>&1
rm -rf *.pem > /dev/null 2>&1 rm -rf *.pem > /dev/null 2>&1
rm -rf serial* > /dev/null 2>&1 rm -rf serial* > /dev/null 2>&1
} }
function generate_ca_conf { function generate_ca_conf {
echo ' echo '
[ req ] [ req ]
default_bits = 2048 default_bits = 2048
default_keyfile = cakey.pem default_keyfile = cakey.pem
@ -65,7 +65,7 @@ basicConstraints = critical,CA:true
} }
function generate_ssl_req_conf { function generate_ssl_req_conf {
echo ' echo '
[ req ] [ req ]
default_bits = 2048 default_bits = 2048
default_keyfile = keystonekey.pem default_keyfile = keystonekey.pem
@ -86,7 +86,7 @@ emailAddress = keystone@openstack.org
} }
function generate_cms_signing_req_conf { function generate_cms_signing_req_conf {
echo ' echo '
[ req ] [ req ]
default_bits = 2048 default_bits = 2048
default_keyfile = keystonekey.pem default_keyfile = keystonekey.pem
@ -107,7 +107,7 @@ emailAddress = keystone@openstack.org
} }
function generate_signing_conf { function generate_signing_conf {
echo ' echo '
[ ca ] [ ca ]
default_ca = signing_ca default_ca = signing_ca
@ -138,75 +138,74 @@ commonName = supplied
} }
function setup { function setup {
touch index.txt touch index.txt
echo '10' > serial echo '10' > serial
generate_ca_conf generate_ca_conf
mkdir newcerts mkdir newcerts
} }
function check_error { function check_error {
if [ $1 != 0 ] ; then if [ $1 != 0 ] ; then
echo "Failed! rc=${1}" echo "Failed! rc=${1}"
echo 'Bailing ...' echo 'Bailing ...'
cleanup cleanup
exit $1 exit $1
else else
echo 'Done' echo 'Done'
fi fi
} }
function generate_ca { function generate_ca {
echo 'Generating New CA Certificate ...' echo 'Generating New CA Certificate ...'
openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes
check_error $? check_error $?
} }
function ssl_cert_req { function ssl_cert_req {
echo 'Generating SSL Certificate Request ...' echo 'Generating SSL Certificate Request ...'
generate_ssl_req_conf generate_ssl_req_conf
openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes
check_error $? check_error $?
#openssl req -in req.pem -text -noout #openssl req -in req.pem -text -noout
} }
function cms_signing_cert_req { function cms_signing_cert_req {
echo 'Generating CMS Signing Certificate Request ...' echo 'Generating CMS Signing Certificate Request ...'
generate_cms_signing_req_conf generate_cms_signing_req_conf
openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes
check_error $? check_error $?
#openssl req -in req.pem -text -noout #openssl req -in req.pem -text -noout
} }
function issue_certs { function issue_certs {
generate_signing_conf generate_signing_conf
echo 'Issuing SSL Certificate ...' echo 'Issuing SSL Certificate ...'
openssl ca -in ssl_req.pem -config signing.conf -batch openssl ca -in ssl_req.pem -config signing.conf -batch
check_error $? check_error $?
openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem
check_error $? check_error $?
echo 'Issuing CMS Signing Certificate ...' echo 'Issuing CMS Signing Certificate ...'
openssl ca -in cms_signing_req.pem -config signing.conf -batch openssl ca -in cms_signing_req.pem -config signing.conf -batch
check_error $? check_error $?
openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem
check_error $? check_error $?
} }
function create_middleware_cert { function create_middleware_cert {
cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem
cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem
} }
function check_openssl { function check_openssl {
echo 'Checking openssl availability ...' echo 'Checking openssl availability ...'
which openssl which openssl
check_error $? check_error $?
} }
function gen_sample_cms { function gen_sample_cms {
for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json" for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json"; do
do openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem}
openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem} done
done
} }
check_openssl check_openssl

1
test-requirements.txt
View File

@ -1,4 +1,5 @@
hacking>=0.8.0,<0.9 hacking>=0.8.0,<0.9
bash8
# Optional backend: SQL # Optional backend: SQL
pysqlite pysqlite

3
tools/debug_helper.sh
View File

@ -8,8 +8,7 @@ TESTS_TO_RUN=$TMP_DIR/ks_to_run
python -m testtools.run discover -t ./ ./keystone/tests --list > $ALL_TESTS python -m testtools.run discover -t ./ ./keystone/tests --list > $ALL_TESTS
if [ "$1" ] if [ "$1" ]; then
then
grep "$1" < $ALL_TESTS > $TESTS_TO_RUN grep "$1" < $ALL_TESTS > $TESTS_TO_RUN
else else
mv $ALL_TESTS $TESTS_TO_RUN mv $ALL_TESTS $TESTS_TO_RUN

5
tox.ini
View File

@ -40,6 +40,11 @@ commands =
bash -c "find keystone -type f -regex '.*\.pot*' -print0| \ bash -c "find keystone -type f -regex '.*\.pot*' -print0| \
xargs -0 -n 1 msgfmt --check-format -o /dev/null" xargs -0 -n 1 msgfmt --check-format -o /dev/null"
[testenv:bash8]
envdir = {toxworkdir}/venv
commands =
bash8 examples/pki/gen_pki.sh tools/debug_helper.sh
[tox:jenkins] [tox:jenkins]
downloadcache = ~/cache/pip downloadcache = ~/cache/pip