From: Tony Mack <tmack@paris.CS.Princeton.EDU>
Date: Mon, 18 Oct 2010 22:19:33 +0000 (-0400)
Subject: fixed issues with sub authority cert signing. Added documentation
X-Git-Tag: sfa-1.0-5~11^2~2
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=04f5a39f52225ef1acfe763f138c06205a6540a8;p=sfa.git

fixed issues with sub authority cert signing. Added documentation
---

diff --git a/sfa/server/sfa-ca.py b/sfa/server/sfa-ca.py
index c76b9857..ad2488f0 100755
--- a/sfa/server/sfa-ca.py
+++ b/sfa/server/sfa-ca.py
@@ -1,8 +1,20 @@
 #!/usr/bin/python
 
 #
-# SFA Certificate Signing and management 
-#   
+# SFA Certificate Signing and management. Root authorities can use this script to sign
+# the certificate of another authority and become its parent.     
+# 
+# Example usage: 
+#
+## sign a peer cert
+# sfa-ca.py --sign PEER_CERT_FILENAME -o OUTPUT_FILENAME 
+#
+## import a cert and update the registry hierarchy
+# sfa-ca.py --import CERT_FILENAME   
+#
+## display a cert
+# sfa-ca.py --display CERT_FILENAME
+
 
 import os
 import sys
@@ -64,6 +76,8 @@ def display(options):
 def sign_gid(gid, parent_key, parent_gid):
     gid.set_issuer(parent_key, parent_gid.get_hrn())
     gid.set_parent(parent_gid)
+    gid.set_intermediate_ca(True)
+    gid.set_pubkey(gid.get_pubkey())
     gid.sign()
     return gid