PERFORCE change 168754 for review
Ana Kukec
anchie at FreeBSD.org
Mon Sep 21 19:02:57 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=168754
Change 168754 by anchie at anchie_malimis on 2009/09/21 19:02:34
Minor in changes in script that produces x509v2 certificate chain with
RFC3779 extension for IP Addresses.
Affected files ...
.. //depot/projects/soc2009/anchie_send/send_0.2/examples/ipext/gen_ipext#2 edit
Differences ...
==== //depot/projects/soc2009/anchie_send/send_0.2/examples/ipext/gen_ipext#2 (text+ko) ====
@@ -42,23 +42,28 @@
# with the prefix definitions below, and the names of the subdirectories
# containing the keying material.
-ids="lvl1 ar1"
+ids="lvl1"
+#ids="lvl1 ar1"
#ids="ar2"
#ids="ar3"
+#ids="router1"
# For each ID in the list above, you must create a list of prefixes this
# ID will be able to route.
-pfxs_ca="prefix 2003::/64;
- prefix 2004::/64;
- prefix 2005::/64;"
-pfxs_lvl1="prefix 2003::/64;
- prefix 2004::/64;"
-pfxs_ar1="prefix 2003::/64;"
-pfxs_ar2="prefix 2004::/64;"
-pfxs_ar3="prefix 2005::/64;"
+pfxs_ca="prefix 2000::/64;"
+pfxs_lvl1="prefix 2000::/64;"
+#pfxs_ar1="prefix 2000::/64;"
+ # prefix 2004::/64;
+ # prefix 2005::/64;"
+#pfxs_lvl1="prefix 2003::/64;
+ #prefix 2004::/64;"
+#pfxs_ar1="prefix 2003::/64;"
+#pfxs_ar2="prefix 2004::/64;"
+#pfxs_ar3="prefix 2005::/64;"
# Where does CA.pl live on your system
-CA=/usr/ssl/misc/CA.pl
+#CA=/usr/ssl/misc/CA.pl
+CA=/usr/home/anchie/p4/send_kernel_compile/crypto/openssl/apps/CA.pl
# RSA key size
rsa_bits=1024
@@ -79,6 +84,7 @@
}
mk_ca() {
+ echo "----------------> mk_ca()"
rm -f demoCA
mkdir -p demoCA.$1/private
ln -s demoCA.$1 demoCA
@@ -119,23 +125,34 @@
add_files_section() {
echo "files {" >> $2
for id in $ids; do
- [ "$id" != "$1" ] && fname="trustedcert" || fname="certfile"
+ echo "$id"
+ test $id != $1 && fname="trustedcert" || fname="certfile"
echo " $fname `pwd`/$id/cert_ipext.pem;" >> $2
- [ "$id" == "$1" ] && break
+ test $id = $1 && break
done
echo "}" >> $2
}
gen_conf_file() {
# Generate a config file for adding IP extensions
- pfxs=pfxs_${1}
+ #pfxs=pfxs_${1}
+
echo "addresses {" > $1/ipext_add.conf
echo " ipv6 {" >> $1/ipext_add.conf
echo " SAFI unicast;" >> $1/ipext_add.conf
- echo " ${!pfxs}" >> $1/ipext_add.conf
+ if test $1 = "ca"
+ then
+ echo " " $pfxs_ca >> $1/ipext_add.conf
+ fi
+ if test $1 = "lvl1"
+ then
+ echo " " $pfxs_lvl1 >> $1/ipext_add.conf
+ fi
+
+ #echo " " $pfxs_ca >> $1/ipext_add.conf
echo " }" >> $1/ipext_add.conf
echo "}" >> $1/ipext_add.conf
-
+
echo "files {" >> $1/ipext_add.conf
echo " certfile $1/cert.pem;" >> $1/ipext_add.conf
echo " cacert $2/cert.pem;" >> $1/ipext_add.conf
@@ -157,11 +174,20 @@
}
verify_ipexts() {
- pfxs=pfxs_${1}
+ #pfxs=pfxs_${1}
+
echo "addresses {" > ipext_verify.conf
echo " ipv6 {" >> ipext_verify.conf
echo " SAFI unicast;" >> ipext_verify.conf
- echo " ${!pfxs}" >> ipext_verify.conf
+ if test $1 = "ca"
+ then
+ echo " " $pfxs_ca >> $1/ipext_add.conf
+ fi
+ if test $1 = "lvl1"
+ then
+ echo " " $pfxs_lvl1 >> $1/ipext_add.conf
+ fi
+ #echo " ${!pfxs}" >> ipext_verify.conf
echo " }" >> ipext_verify.conf
echo "}" >> ipext_verify.conf
@@ -178,19 +204,22 @@
add_ipext $id
done
+ /usr/sbin/ipexttool -w -i ca/ipext_add.conf
+ /usr/sbin/ipexttool -w -i lvl1/ipext_add.conf
+
verify_ipexts $id
}
case "$1" in
chain)
- if [ $# == 1 ]; then
+ if [ $# -eq 1 ]; then
mk_top_ca
generate_certs
ids="ca $ids"
gen_conf_files
add_ipexts
else
- if [ $# != 3 ]; then
+ if [ $# -ne 3 ]; then
echo $"Usage: $0 chain <new id> <signer id>"
exit 1
fi
@@ -204,11 +233,11 @@
;;
ipext)
ids="ca $ids"
- if [ $# == 1 ]; then
+ if [ $# -eq 1 ]; then
gen_conf_files
add_ipexts
else
- if [ $# != 3 ]; then
+ if [ $# -ne 3 ]; then
echo $"Usage: $0 ipext <new id> <signer id>"
exit 1
fi
More information about the p4-projects
mailing list