X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=conf%2FCA%2Fbootstrap.sh;h=6d4e1aa5f90348aa5751b15e6ee4e99d5f38cf72;hb=08e93406376e318c8e935716403d2366c8402bb8;hp=20093ee3293053d4f255f399351a6694d676cc27;hpb=a6c8596ac600c5cd25ed8af1c420a414e1bcd916;p=aaf%2Fauthz.git

diff --git a/conf/CA/bootstrap.sh b/conf/CA/bootstrap.sh
index 20093ee3..6d4e1aa5 100644
--- a/conf/CA/bootstrap.sh
+++ b/conf/CA/bootstrap.sh
@@ -8,9 +8,12 @@ chmod 700 private
 chmod 755 certs newcerts
 touch index.txt
 echo "unique_subject = no" > index.txt.attr
+if [ ! -e ./serial ]; then
+  echo $(date +%s) > ./serial
+fi
 
 NAME=aaf.bootstrap
-FQDN=$(hostname -f)
+FQDN="${HOSTNAME:=$(hostname -f)}"
 FQI=aaf@aaf.osaaf.org
 SUBJECT="/CN=$FQDN/OU=$FQI`cat subject.aaf`"
 SIGNER_P12=$1
@@ -26,6 +29,7 @@ BOOTSTRAP_CSR=/tmp/$NAME.csr
 BOOTSTRAP_CRT=/tmp/$NAME.crt
 BOOTSTRAP_CHAIN=/tmp/$NAME.chain
 BOOTSTRAP_P12=$NAME.p12
+BOOTSTRAP_ISSUER=$NAME.issuer
 
 
 # If Signer doesn't exist, create Self-Signed CA
@@ -77,7 +81,7 @@ echo Sign it
 openssl ca -batch -config openssl.conf -extensions server_cert \
 	-cert $SIGNER_CRT -keyfile $SIGNER_KEY \
 	-policy policy_loose \
-	-days 90 \
+	-days 365 \
 	-passin stdin \
 	-out $BOOTSTRAP_CRT \
 	-extfile $BOOTSTRAP_SAN \
@@ -90,13 +94,25 @@ EOF
 cat $BOOTSTRAP_CRT
 cp $BOOTSTRAP_CRT $BOOTSTRAP_CHAIN
 cat $SIGNER_CRT >> $BOOTSTRAP_CHAIN
+cat $BOOTSTRAP_CHAIN
 
 # Note: Openssl will pickup and load all Certs in the Chain file
+#openssl pkcs12 -name $FQI -export -in $BOOTSTRAP_CRT -inkey $BOOTSTRAP_KEY -CAfile $SIGNER_CRT -out $BOOTSTRAP_P12 -passin stdin -passout stdin << EOF
 openssl pkcs12 -name $FQI -export -in $BOOTSTRAP_CHAIN -inkey $BOOTSTRAP_KEY -out $BOOTSTRAP_P12 -passin stdin -passout stdin << EOF
 $PASSPHRASE
 $PASSPHRASE
 $PASSPHRASE
 EOF
 
+# Make Issuer name
+ISSUER=$(openssl x509 -subject -noout -in $SIGNER_CRT | cut -c 10-)
+for I in ${ISSUER//\// }; do
+  if [ -n "$CADI_X509_ISSUER" ]; then
+    CADI_X509_ISSUER=", $CADI_X509_ISSUER"
+  fi
+  CADI_X509_ISSUER="$I$CADI_X509_ISSUER"
+done
+echo $CADI_X509_ISSUER > $BOOTSTRAP_ISSUER
+
 # Cleanup
-rm -f $BOOTSTRAP_SAN $BOOTSTRAP_KEY $BOOTSTRAP_CSR $BOOTSTRAP_CRT $BOOTSTRAP_CHAIN $SIGNER_KEY $SIGNER_CRT 
+rm -f $BOOTSTRAP_SAN $BOOTSTRAP_KEY $BOOTSTRAP_CSR $BOOTSTRAP_CRT $SIGNER_KEY $SIGNER_CRT $BOOTSTRAP_CHAIN