From 44935e9bc23afb99b88c48a8506981cee480a52e Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Thu, 8 Mar 2018 10:15:58 +0000 Subject: [PATCH] ca: Remove 'nova/CA' directory These scripts were only used by functions that were removed in [1]. They can therefore be removed. [1] Ie1dadc6bf935f777e0cd0c54a0a21b79545714c5 Change-Id: I1b573bf0e4a6a21232c5f8443ad30c531b26c1b1 --- nova/CA/.gitignore | 11 ---- nova/CA/geninter.sh | 39 --------------- nova/CA/genrootca.sh | 30 ----------- nova/CA/newcerts/.placeholder | 0 nova/CA/openssl.cnf.tmpl | 94 ----------------------------------- nova/CA/private/.placeholder | 0 nova/CA/projects/.gitignore | 1 - nova/CA/projects/.placeholder | 0 nova/CA/reqs/.gitignore | 1 - nova/CA/reqs/.placeholder | 0 10 files changed, 176 deletions(-) delete mode 100644 nova/CA/.gitignore delete mode 100755 nova/CA/geninter.sh delete mode 100755 nova/CA/genrootca.sh delete mode 100644 nova/CA/newcerts/.placeholder delete mode 100644 nova/CA/openssl.cnf.tmpl delete mode 100644 nova/CA/private/.placeholder delete mode 100644 nova/CA/projects/.gitignore delete mode 100644 nova/CA/projects/.placeholder delete mode 100644 nova/CA/reqs/.gitignore delete mode 100644 nova/CA/reqs/.placeholder diff --git a/nova/CA/.gitignore b/nova/CA/.gitignore deleted file mode 100644 index fae0922bf949..000000000000 --- a/nova/CA/.gitignore +++ /dev/null @@ -1,11 +0,0 @@ -index.txt -index.txt.old -index.txt.attr -index.txt.attr.old -cacert.pem -serial -serial.old -openssl.cnf -private/* -newcerts/* - diff --git a/nova/CA/geninter.sh b/nova/CA/geninter.sh deleted file mode 100755 index 9b3ea3b767b4..000000000000 --- a/nova/CA/geninter.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -# Copyright 2010 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# $1 is the id of the project and $2 is the subject of the cert -NAME=$1 -SUBJ=$2 -mkdir -p projects/$NAME -cd projects/$NAME -cp "$(dirname $0)/openssl.cnf.tmpl" openssl.cnf -sed -i -e s/%USERNAME%/$NAME/g openssl.cnf -mkdir -p certs crl newcerts private -openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -batch -nodes -echo "10" > serial -touch index.txt -# NOTE(vish): Disabling intermediate ca's because we don't actually need them. -# It makes more sense to have each project have its own root ca. -# openssl genrsa -out private/cakey.pem 1024 -config ./openssl.cnf -batch -nodes -# openssl req -new -sha256 -key private/cakey.pem -out ../../reqs/inter$NAME.csr -batch -subj "$SUBJ" -openssl ca -gencrl -config ./openssl.cnf -out crl.pem -if [ "`id -u`" != "`grep nova /etc/passwd | cut -d':' -f3`" ]; then - sudo chown -R nova:nogroup . -fi -# cd ../../ -# openssl ca -extensions v3_ca -days 365 -out INTER/$NAME/cacert.pem -in reqs/inter$NAME.csr -config openssl.cnf -batch diff --git a/nova/CA/genrootca.sh b/nova/CA/genrootca.sh deleted file mode 100755 index 091cf17fcb9e..000000000000 --- a/nova/CA/genrootca.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Copyright 2010 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if [ -f "cacert.pem" ]; -then - echo "Not installing, it's already done." -else - cp "$(dirname $0)/openssl.cnf.tmpl" openssl.cnf - sed -i -e s/%USERNAME%/ROOT/g openssl.cnf - mkdir -p certs crl newcerts private - openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -batch -nodes - touch index.txt - echo "10" > serial - openssl ca -gencrl -config ./openssl.cnf -out crl.pem -fi diff --git a/nova/CA/newcerts/.placeholder b/nova/CA/newcerts/.placeholder deleted file mode 100644 index e69de29bb2d1..000000000000 diff --git a/nova/CA/openssl.cnf.tmpl b/nova/CA/openssl.cnf.tmpl deleted file mode 100644 index 838a9cdba3f9..000000000000 --- a/nova/CA/openssl.cnf.tmpl +++ /dev/null @@ -1,94 +0,0 @@ -# Copyright 2010 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# -# OpenSSL configuration file. -# - -# Establish working directory. - -dir = . - -[ ca ] -default_ca = CA_default - -[ CA_default ] -serial = $dir/serial -database = $dir/index.txt -new_certs_dir = $dir/newcerts -certificate = $dir/cacert.pem -private_key = $dir/private/cakey.pem -unique_subject = no -default_crl_days = 365 -default_days = 365 -default_md = sha256 -preserve = no -email_in_dn = no -nameopt = default_ca -certopt = default_ca -policy = policy_match - -# NOTE(dprince): stateOrProvinceName must be 'supplied' or 'optional' to -# work around a stateOrProvince printable string UTF8 mismatch on -# RHEL 6 and Fedora 14 (using openssl-1.0.0-4.el6.x86_64 or -# openssl-1.0.0d-1.fc14.x86_64) -[ policy_match ] -countryName = supplied -stateOrProvinceName = supplied -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - - -[ req ] -default_bits = 1024 # Size of keys -default_keyfile = key.pem # name of generated keys -default_md = sha256 # message digest algorithm -string_mask = nombstr # permitted characters -distinguished_name = req_distinguished_name - -[ req_distinguished_name ] -# Variable name Prompt string -#---------------------- ---------------------------------- -0.organizationName = Organization Name (company) -organizationalUnitName = Organizational Unit Name (department, division) -emailAddress = Email Address -emailAddress_max = 40 -localityName = Locality Name (city, district) -stateOrProvinceName = State or Province Name (full name) -countryName = Country Name (2 letter code) -countryName_min = 2 -countryName_max = 2 -commonName = Common Name (hostname, IP, or your name) -commonName_max = 64 - -# Default values for the above, for consistency and less typing. -# Variable name Value -#------------------------------ ------------------------------ -0.organizationName_default = NOVA %USERNAME% -localityName_default = Mountain View -stateOrProvinceName_default = California -countryName_default = US - -[ v3_ca ] -basicConstraints = CA:TRUE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always - -[ v3_req ] -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash diff --git a/nova/CA/private/.placeholder b/nova/CA/private/.placeholder deleted file mode 100644 index e69de29bb2d1..000000000000 diff --git a/nova/CA/projects/.gitignore b/nova/CA/projects/.gitignore deleted file mode 100644 index 72e8ffc0db8a..000000000000 --- a/nova/CA/projects/.gitignore +++ /dev/null @@ -1 +0,0 @@ -* diff --git a/nova/CA/projects/.placeholder b/nova/CA/projects/.placeholder deleted file mode 100644 index e69de29bb2d1..000000000000 diff --git a/nova/CA/reqs/.gitignore b/nova/CA/reqs/.gitignore deleted file mode 100644 index 72e8ffc0db8a..000000000000 --- a/nova/CA/reqs/.gitignore +++ /dev/null @@ -1 +0,0 @@ -* diff --git a/nova/CA/reqs/.placeholder b/nova/CA/reqs/.placeholder deleted file mode 100644 index e69de29bb2d1..000000000000