initial commit

8 files changed, 156 insertions, 0 deletions

diff --git a/CA/.gitignore b/CA/.gitignore
new file mode 100644
index 000000000..fae0922bf
--- /dev/null
+++ b/CA/.gitignore
@@ -0,0 +1,11 @@
+index.txt
+index.txt.old
+index.txt.attr
+index.txt.attr.old
+cacert.pem
+serial
+serial.old
+openssl.cnf
+private/*
+newcerts/*
+
diff --git a/CA/INTER/.gitignore b/CA/INTER/.gitignore
new file mode 100644
index 000000000..72e8ffc0d
--- /dev/null
+++ b/CA/INTER/.gitignore
@@ -0,0 +1 @@
+*
diff --git a/CA/geninter.sh b/CA/geninter.sh
new file mode 100755
index 000000000..ad3332ad9
--- /dev/null
+++ b/CA/geninter.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# Copyright [2010] [Anso Labs, LLC]
+# 
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+# 
+#        http://www.apache.org/licenses/LICENSE-2.0
+# 
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+
+# ARG is the id of the user
+
+mkdir INTER/$1
+cd INTER/$1
+cp ../../openssl.cnf.tmpl openssl.cnf
+sed -i -e s/%USERNAME%/$1/g openssl.cnf
+mkdir certs crl newcerts private
+echo "10" > serial
+touch index.txt
+openssl genrsa -out private/cakey.pem 1024 -config ./openssl.cnf -batch -nodes
+openssl req -new -sha1 -key private/cakey.pem -out ../../reqs/inter$1.csr -batch -subj "/C=US/ST=California/L=Mountain View/O=Anso Labs/OU=Nova Dev/CN=customer-intCA-$1"
+cd ../../
+openssl ca -extensions v3_ca -days 365 -out INTER/$1/cacert.pem -in reqs/inter$1.csr -config openssl.cnf -batch
\ No newline at end of file
diff --git a/CA/genrootca.sh b/CA/genrootca.sh
new file mode 100755
index 000000000..e21f48d77
--- /dev/null
+++ b/CA/genrootca.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# Copyright [2010] [Anso Labs, LLC]
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+if [ -f "cacert.pem" ];
+then
+    echo "Not installing, it's already done."
+else
+    cp openssl.cnf.tmpl openssl.cnf
+    sed -i -e s/%USERNAME%/ROOT/g openssl.cnf
+    openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -batch -nodes
+    touch index.txt
+    echo "10" > serial
+fi
diff --git a/CA/newcerts/.placeholder b/CA/newcerts/.placeholder
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/CA/newcerts/.placeholder
diff --git a/CA/openssl.cnf.tmpl b/CA/openssl.cnf.tmpl
new file mode 100644
index 000000000..b06f1cca0
--- /dev/null
+++ b/CA/openssl.cnf.tmpl
@@ -0,0 +1,87 @@
+# Copyright [2010] [Anso Labs, LLC]
+# 
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+# 
+#        http://www.apache.org/licenses/LICENSE-2.0
+# 
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+#
+# OpenSSL configuration file.
+#
+
+# Establish working directory.
+
+dir			= .
+
+[ ca ]
+default_ca		= CA_default
+unique_subject		= no
+
+[ CA_default ]
+serial			= $dir/serial
+database		= $dir/index.txt
+new_certs_dir		= $dir/newcerts
+certificate		= $dir/cacert.pem
+private_key		= $dir/private/cakey.pem
+default_days		= 365
+default_md		= md5
+preserve		= no
+email_in_dn		= no
+nameopt			= default_ca
+certopt			= default_ca
+policy			= policy_match
+
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+
+[ req ]
+default_bits		= 1024			# Size of keys
+default_keyfile		= key.pem		# name of generated keys
+default_md		= md5			# message digest algorithm
+string_mask		= nombstr		# permitted characters
+distinguished_name	= req_distinguished_name
+
+[ req_distinguished_name ]
+# Variable name		  Prompt string
+#----------------------	  ----------------------------------
+0.organizationName	= Organization Name (company)
+organizationalUnitName	= Organizational Unit Name (department, division)
+emailAddress		= Email Address
+emailAddress_max	= 40
+localityName		= Locality Name (city, district)
+stateOrProvinceName	= State or Province Name (full name)
+countryName		= Country Name (2 letter code)
+countryName_min		= 2
+countryName_max		= 2
+commonName		= Common Name (hostname, IP, or your name)
+commonName_max		= 64
+
+# Default values for the above, for consistency and less typing.
+# Variable name			  Value
+#------------------------------	  ------------------------------
+0.organizationName_default	= NOVA %USERNAME%
+localityName_default		= Mountain View
+stateOrProvinceName_default	= California
+countryName_default		= US
+
+[ v3_ca ]
+basicConstraints	= CA:TRUE
+subjectKeyIdentifier	= hash
+authorityKeyIdentifier	= keyid:always,issuer:always
+
+[ v3_req ]
+basicConstraints	= CA:FALSE
+subjectKeyIdentifier	= hash
diff --git a/CA/private/.placeholder b/CA/private/.placeholder
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/CA/private/.placeholder
diff --git a/CA/reqs/.gitignore b/CA/reqs/.gitignore
new file mode 100644
index 000000000..72e8ffc0d
--- /dev/null
+++ b/CA/reqs/.gitignore
@@ -0,0 +1 @@
+*