Separate CA/ dir into code and state.

CA/.gitignore

@@ -1,11 +0,0 @@
-index.txt
-index.txt.old
-index.txt.attr
-index.txt.attr.old
-cacert.pem
-serial
-serial.old
-openssl.cnf
-private/*
-newcerts/*
-

CA/geninter.sh

@@ -1,39 +0,0 @@
-#!/bin/bash
-
-# Copyright 2010 United States Government as represented by the
-# Administrator of the National Aeronautics and Space Administration.
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-# $1 is the id of the project and $2 is the subject of the cert
-NAME=$1
-SUBJ=$2
-mkdir -p projects/$NAME
-cd projects/$NAME
-cp ../../openssl.cnf.tmpl openssl.cnf
-sed -i -e s/%USERNAME%/$NAME/g openssl.cnf
-mkdir certs crl newcerts private
-openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -batch -nodes
-echo "10" > serial
-touch index.txt
-# NOTE(vish): Disabling intermediate ca's because we don't actually need them.
-#             It makes more sense to have each project have its own root ca.
-# openssl genrsa -out private/cakey.pem 1024 -config ./openssl.cnf -batch -nodes
-# openssl req -new -sha256 -key private/cakey.pem -out ../../reqs/inter$NAME.csr -batch -subj "$SUBJ"
-openssl ca -gencrl -config ./openssl.cnf -out crl.pem
-if [ "`id -u`" != "`grep nova /etc/passwd | cut -d':' -f3`" ]; then
-    sudo chown -R nova:nogroup .
-fi
-# cd ../../
-# openssl ca -extensions v3_ca -days 365 -out INTER/$NAME/cacert.pem -in reqs/inter$NAME.csr -config openssl.cnf -batch

CA/genrootca.sh

@@ -1,29 +0,0 @@
-#!/bin/bash
-
-# Copyright 2010 United States Government as represented by the
-# Administrator of the National Aeronautics and Space Administration.
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-if [ -f "cacert.pem" ];
-then
-    echo "Not installing, it's already done."
-else
-    cp openssl.cnf.tmpl openssl.cnf
-    sed -i -e s/%USERNAME%/ROOT/g openssl.cnf
-    openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -batch -nodes
-    touch index.txt
-    echo "10" > serial
-    openssl ca -gencrl -config ./openssl.cnf -out crl.pem
-fi

CA/genvpn.sh

@@ -1,36 +0,0 @@
-#!/bin/bash
-# vim: tabstop=4 shiftwidth=4 softtabstop=4
-
-# Copyright 2010 United States Government as represented by the
-# Administrator of the National Aeronautics and Space Administration.
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-# This gets zipped and run on the cloudpipe-managed OpenVPN server
-NAME=$1
-SUBJ=$2
-
-mkdir -p projects/$NAME
-cd projects/$NAME
-
-# generate a server priv key
-openssl genrsa -out server.key 2048
-
-# generate a server CSR
-openssl req -new -key server.key -out server.csr -batch -subj "$SUBJ"
-
-novauid=`getent passwd nova | awk -F: '{print $3}'`
-if [ ! -z "${novauid}" ] && [ "`id -u`" != "${novauid}" ]; then
-    sudo chown -R nova:nogroup .
-fi

CA/openssl.cnf.tmpl

@@ -1,90 +0,0 @@
-# Copyright 2010 United States Government as represented by the
-# Administrator of the National Aeronautics and Space Administration.
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-#
-# OpenSSL configuration file.
-#
-
-# Establish working directory.
-
-dir			= .
-
-[ ca ]
-default_ca		= CA_default
-
-[ CA_default ]
-serial			= $dir/serial
-database		= $dir/index.txt
-new_certs_dir		= $dir/newcerts
-certificate		= $dir/cacert.pem
-private_key		= $dir/private/cakey.pem
-unique_subject		= no
-default_crl_days	= 365
-default_days		= 365
-default_md		= md5
-preserve		= no
-email_in_dn		= no
-nameopt			= default_ca
-certopt			= default_ca
-policy			= policy_match
-
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= match
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-
-[ req ]
-default_bits		= 1024			# Size of keys
-default_keyfile		= key.pem		# name of generated keys
-default_md		= md5			# message digest algorithm
-string_mask		= nombstr		# permitted characters
-distinguished_name	= req_distinguished_name
-
-[ req_distinguished_name ]
-# Variable name		  Prompt string
-#----------------------	  ----------------------------------
-0.organizationName	= Organization Name (company)
-organizationalUnitName	= Organizational Unit Name (department, division)
-emailAddress		= Email Address
-emailAddress_max	= 40
-localityName		= Locality Name (city, district)
-stateOrProvinceName	= State or Province Name (full name)
-countryName		= Country Name (2 letter code)
-countryName_min		= 2
-countryName_max		= 2
-commonName		= Common Name (hostname, IP, or your name)
-commonName_max		= 64
-
-# Default values for the above, for consistency and less typing.
-# Variable name			  Value
-#------------------------------	  ------------------------------
-0.organizationName_default	= NOVA %USERNAME%
-localityName_default		= Mountain View
-stateOrProvinceName_default	= California
-countryName_default		= US
-
-[ v3_ca ]
-basicConstraints	= CA:TRUE
-subjectKeyIdentifier	= hash
-authorityKeyIdentifier	= keyid:always,issuer:always
-
-[ v3_req ]
-basicConstraints	= CA:FALSE
-subjectKeyIdentifier	= hash

CA/projects/.gitignore

@@ -1 +0,0 @@
-*

CA/reqs/.gitignore

@@ -1 +0,0 @@
-*

MANIFEST.in

@@ -1,7 +1,7 @@
 include HACKING LICENSE run_tests.py run_tests.sh
 include README builddeb.sh exercise_rsapi.py
 include ChangeLog MANIFEST.in pylintrc Authors
-graft CA
+graft nova/CA
 graft doc
 graft smoketests
 graft tools