From owner-p4-projects@FreeBSD.ORG  Mon Sep 21 19:02:57 2009
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 1225D1065670; Mon, 21 Sep 2009 19:02:57 +0000 (UTC)
Delivered-To: perforce@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B2A66106566B
	for <perforce@FreeBSD.org>; Mon, 21 Sep 2009 19:02:56 +0000 (UTC)
	(envelope-from anchie@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id A31F68FC18
	for <perforce@FreeBSD.org>; Mon, 21 Sep 2009 19:02:56 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n8LJ2uXX000831
	for <perforce@FreeBSD.org>; Mon, 21 Sep 2009 19:02:56 GMT
	(envelope-from anchie@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n8LJ2ukv000829
	for perforce@freebsd.org; Mon, 21 Sep 2009 19:02:56 GMT
	(envelope-from anchie@FreeBSD.org)
Date: Mon, 21 Sep 2009 19:02:56 GMT
Message-Id: <200909211902.n8LJ2ukv000829@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	anchie@FreeBSD.org using -f
From: Ana Kukec <anchie@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Cc: 
Subject: PERFORCE change 168754 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2009 19:02:57 -0000

http://perforce.freebsd.org/chv.cgi?CH=168754

Change 168754 by anchie@anchie_malimis on 2009/09/21 19:02:34

	Minor in changes in script that produces x509v2 certificate chain with
	RFC3779 extension for IP Addresses.	

Affected files ...

.. //depot/projects/soc2009/anchie_send/send_0.2/examples/ipext/gen_ipext#2 edit

Differences ...

==== //depot/projects/soc2009/anchie_send/send_0.2/examples/ipext/gen_ipext#2 (text+ko) ====

@@ -42,23 +42,28 @@
 # with the prefix definitions below, and the names of the subdirectories
 # containing the keying material.
 
-ids="lvl1 ar1"
+ids="lvl1"
+#ids="lvl1 ar1"
 #ids="ar2"
 #ids="ar3"
+#ids="router1"
 
 # For each ID in the list above, you must create a list of prefixes this
 # ID will be able to route.
-pfxs_ca="prefix 2003::/64;
-	prefix 2004::/64;
-	prefix 2005::/64;"
-pfxs_lvl1="prefix 2003::/64;
-	prefix 2004::/64;"
-pfxs_ar1="prefix 2003::/64;"
-pfxs_ar2="prefix 2004::/64;"
-pfxs_ar3="prefix 2005::/64;"
+pfxs_ca="prefix 2000::/64;"
+pfxs_lvl1="prefix 2000::/64;"
+#pfxs_ar1="prefix 2000::/64;"
+	# prefix 2004::/64;
+	# prefix 2005::/64;"
+#pfxs_lvl1="prefix 2003::/64;
+	#prefix 2004::/64;"
+#pfxs_ar1="prefix 2003::/64;"
+#pfxs_ar2="prefix 2004::/64;"
+#pfxs_ar3="prefix 2005::/64;"
 
 # Where does CA.pl live on your system
-CA=/usr/ssl/misc/CA.pl
+#CA=/usr/ssl/misc/CA.pl
+CA=/usr/home/anchie/p4/send_kernel_compile/crypto/openssl/apps/CA.pl
 
 # RSA key size
 rsa_bits=1024
@@ -79,6 +84,7 @@
 }
 
 mk_ca() {
+	echo "----------------> mk_ca()"
     rm -f demoCA
     mkdir -p demoCA.$1/private
     ln -s demoCA.$1 demoCA
@@ -119,23 +125,34 @@
 add_files_section() {
     echo "files {" >>  $2
     for id in $ids; do
-	[ "$id" != "$1" ] && fname="trustedcert" || fname="certfile"
+	echo "$id"
+	test $id != $1 && fname="trustedcert" || fname="certfile"
 	echo "  $fname `pwd`/$id/cert_ipext.pem;" >> $2
-	[ "$id" == "$1" ] && break
+	test $id = $1 && break
     done
     echo "}" >> $2
 }
 
 gen_conf_file() {
     # Generate a config file for adding IP extensions
-    pfxs=pfxs_${1}
+    #pfxs=pfxs_${1}
+
     echo "addresses {" > $1/ipext_add.conf
     echo "  ipv6 {" >>  $1/ipext_add.conf
     echo "    SAFI unicast;" >>  $1/ipext_add.conf
-    echo "    ${!pfxs}" >>  $1/ipext_add.conf
+	if test $1 = "ca" 
+	then
+		echo "   " $pfxs_ca >>  $1/ipext_add.conf
+	fi
+	if test $1 = "lvl1"
+	then 
+		echo "   " $pfxs_lvl1 >>  $1/ipext_add.conf
+	fi
+
+    #echo "   " $pfxs_ca >>  $1/ipext_add.conf
     echo "  }" >>  $1/ipext_add.conf
     echo "}" >>  $1/ipext_add.conf
-
+	
     echo "files {" >>  $1/ipext_add.conf
     echo "  certfile $1/cert.pem;" >>  $1/ipext_add.conf
     echo "  cacert $2/cert.pem;" >>  $1/ipext_add.conf
@@ -157,11 +174,20 @@
 }
 
 verify_ipexts() {
-    pfxs=pfxs_${1}
+    #pfxs=pfxs_${1}
+
     echo "addresses {" > ipext_verify.conf
     echo "  ipv6 {" >> ipext_verify.conf
     echo "    SAFI unicast;" >> ipext_verify.conf
-    echo "    ${!pfxs}" >> ipext_verify.conf
+	if test $1 = "ca"
+	then
+		echo "   " $pfxs_ca >>  $1/ipext_add.conf
+	fi
+	if test $1 = "lvl1"
+	then 
+		echo "   " $pfxs_lvl1 >>  $1/ipext_add.conf
+	fi
+    #echo "    ${!pfxs}" >> ipext_verify.conf
     echo "  }" >> ipext_verify.conf
     echo "}" >> ipext_verify.conf
 
@@ -178,19 +204,22 @@
 	add_ipext $id
     done
 
+	/usr/sbin/ipexttool -w -i ca/ipext_add.conf
+	/usr/sbin/ipexttool -w -i lvl1/ipext_add.conf
+
     verify_ipexts $id
 }
 
 case "$1" in
     chain)
-	if [ $# == 1 ]; then
+	if [ $# -eq 1 ]; then
 	    mk_top_ca
 	    generate_certs
 	    ids="ca $ids"
 	    gen_conf_files
 	    add_ipexts
 	else
-	    if [ $# != 3 ]; then
+	    if [ $# -ne 3 ]; then
 		echo $"Usage: $0 chain <new id> <signer id>"
 		exit 1
 	    fi
@@ -204,11 +233,11 @@
 	;;
     ipext)
 	ids="ca $ids"
-	if [ $# == 1 ]; then
+	if [ $# -eq 1 ]; then
 	    gen_conf_files
 	    add_ipexts
 	else
-	    if [ $# != 3 ]; then
+	    if [ $# -ne 3 ]; then
 		echo $"Usage: $0 ipext <new id> <signer id>"
 		exit 1
 	    fi