Commit 58c4a727 authored by Gary Wong's avatar Gary Wong

Add the UUID to the subjectAltName extension for slice certificates.

This is necessary to comply with GENI AM API v3.
parent d1673ab5
......@@ -6,7 +6,7 @@
#
use strict;
use English;
use Getopt::Long;
use Getopt::Long qw(:config no_ignore_case);
use POSIX qw(strftime);
#
......@@ -24,7 +24,7 @@ sub usage()
{
print("Usage: mksyscert [-d] [-o file] [-p password] [-e email] ".
"[-u url] [-i urn] [-k keyfile] [-a authority] <orgunit> " .
"[-n] [uuid]\n");
"[-n] [-U] [uuid]\n");
exit(-1);
}
my $debug = 0;
......@@ -37,6 +37,7 @@ my $urn;
my $oldkeyfile;
my $authority;
my $notca = 0;
my $include_uuid = 0;
my %optlist = ( "debug" => \$debug,
"password=s" => \$password,
"output=s" => \$outfile,
......@@ -46,6 +47,7 @@ my %optlist = ( "debug" => \$debug,
"identifier=s" => \$urn,
"keyfile=s" => \$oldkeyfile,
"authority=s" => \$authority,
"UUID" => \$include_uuid,
"notca" => \$notca );
#
......@@ -247,7 +249,10 @@ print TEMP "emailAddress\t= $email\n";
if (defined($urn)) {
print TEMP "\n";
print TEMP "[ req_altname ]\n";
print TEMP "URI=$urn\n";
print TEMP "URI.1=$urn\n";
if( $include_uuid ) {
print TEMP "URI.2=urn:uuid:$uuid\n";
}
print TEMP "\n";
}
......
......@@ -166,11 +166,12 @@ sub email($)
sub Create($$;$)
{
my ($class, $argref, $error) = @_;
my $urn = (exists($argref->{'urn'}) ? $argref->{'urn'} : undef);
my $hrn = (exists($argref->{'hrn'}) ? $argref->{'hrn'} : undef);
my $email = (exists($argref->{'email'}) ? $argref->{'email'} : undef);
my $uuid = (exists($argref->{'uuid'}) ? $argref->{'uuid'} : undef);
my $url = (exists($argref->{'url'}) ? $argref->{'url'} : undef);
my $urn = (exists($argref->{'urn'}) ? $argref->{'urn'} :undef);
my $hrn = (exists($argref->{'hrn'}) ? $argref->{'hrn'} :undef);
my $email = (exists($argref->{'email'}) ? $argref->{'email'} :undef);
my $uuid = (exists($argref->{'uuid'}) ? $argref->{'uuid'} :undef);
my $url = (exists($argref->{'url'}) ? $argref->{'url'} :undef);
my $showuuid = (exists($argref->{'showuuid'})? $argref->{'showuuid'}:undef);
# Let mkcert generate a new one.
$uuid = ""
......@@ -179,9 +180,9 @@ sub Create($$;$)
my ($authority, $type, $name) = GeniHRN::Parse($urn);
my $caflag = $type eq "authority" ? "" : "-n";
my $showuuidflag = $showuuid ? " -U " : "";
if (! open(CERT, "$MKCERT $caflag -i \"$urn\" $url -e \"$email\" $hrn " .
"$uuid |")) {
"$showuuidflag$uuid |")) {
print STDERR "Could not start $MKCERT\n";
return undef;
}
......
......@@ -523,6 +523,7 @@ sub Register($)
my $certificate =
GeniCertificate->Create({'urn' => $urn,
'hrn' => $hrn,
'showuuid' => 1,
'email'=> $this_user->email()}, \$error);
if (!defined($certificate)) {
if (defined($error)) {
......
......@@ -542,6 +542,7 @@ sub CreateFromLocal($$$)
#
$certificate = GeniCertificate->Create({'urn' => $urn,
'hrn' => $hrn,
'showuuid' => 1,
'email'=> $geniuser->email()});
if (!defined($certificate)) {
print STDERR "GeniSlice::CreateFromLocal: ".
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment