Mercurial > trustbridge
annotate ui/tests/data/NOTES @ 633:6c090638b2b4
Use static buffer for module file name.
According to the msdn examle the return value of getmodulefilename
should be used to indicate success and not the size. And according
to comments on that function on Windows 8.1 it does not return
the needed size. So better be more robust and just use max_path
as a limit.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Mon, 23 Jun 2014 15:29:48 +0200 |
parents | 6c4fff146999 |
children | be30d50bc4f0 |
rev | line source |
---|---|
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
1 Testkeys were created with: |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
2 openssl genrsa -out testkey-priv.pem 3072 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
3 openssl rsa -in testkey-priv.pem -out testkey-pub.pem -outform PEM -pubout |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
4 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
5 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
6 Certificate List was created manually and contains: |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
7 PCA-1-Verwaltung-08 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 Intevation-Email-CA-2013 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 Intevation-Server-CA-2010 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 |
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
11 Test files created with: |
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 |
30
381558ff6f26
Also break the signature with carriage return
Andre Heinecke <aheinecke@intevation.de>
parents:
26
diff
changeset
|
13 echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid.txt | base64 -w0)\\r > list-valid-signed.txt |
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 cat list-valid.txt >> list-valid-signed.txt |
436
2e662290e3c9
Remove intermediate email ca and replace it by Verwaltung PKI cert
Andre Heinecke <aheinecke@intevation.de>
parents:
435
diff
changeset
|
15 echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid-updated.txt | base64 -w0)\\r > list-valid-updated-signed.txt |
2e662290e3c9
Remove intermediate email ca and replace it by Verwaltung PKI cert
Andre Heinecke <aheinecke@intevation.de>
parents:
435
diff
changeset
|
16 cat list-valid-updated.txt >> list-valid-updated-signed.txt |
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
17 echo -e S:$(openssl dgst -sha256 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-other-signature.txt |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
18 cat list-valid.txt >> list-valid-other-signature.txt |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
19 echo -e S:$(openssl dgst -sha1 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-sha1-signature.txt |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
20 cat list-valid.txt >> list-valid-sha1-signature.txt |
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
21 cp list-valid-signed.txt list-invalid-signed.txt |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
22 tail -1 list-valid.txt >> list-invalid-signed.txt |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
23 |
359
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
24 # To create test data for something you might want to release |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
25 |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
26 PRIVKEY=... |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
27 echo -e S:$(openssl dgst -sha256 -sign $PRIVKEY < list-valid.txt | base64 -w0)\\r > list-valid-signed-release.txt |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
28 cat list-valid.txt >> list-valid-signed-release.txt |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
29 |
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
30 # List with 0 created manually by placing a \0 in the signature |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
31 |
43 | 32 # Test server certificate: |
33 | |
34 gen_key type=ec ec_curve=brainpoolP256r1 filename=valid_ssl_bp.key | |
35 cert_write issuer_name=CN=127.0.0.1,O=Intevation\\ Test,C=DE \ | |
36 selfsign=1 issuer_key=valid_ssl_bp.key \ | |
37 not_before=20130101000000 not_after=20301231235959 \ | |
38 is_ca=1 max_pathlen=0 output_file=valid_ssl_bp.pem | |
39 cat valid_ssl_bp.key >> valid_ssl_bp.pem | |
40 | |
41 gen_key filename=valid_ssl_rsa.key | |
42 cert_write issuer_name=CN=127.0.0.1,O=Do_Not_Trust_Test,C=DE \ | |
43 selfsign=1 issuer_key=valid_ssl_rsa.key \ | |
44 not_before=20130101000000 not_after=20151231235959 \ | |
45 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem | |
49
c389915fd55e
Add an RSA key for testing
Andre Heinecke <aheinecke@intevation.de>
parents:
43
diff
changeset
|
46 cat valid_ssl_rsa.key >> valid_ssl_rsa.pem |
43 | 47 |
234
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
48 # Test list certificates (using the rsa key) |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
49 |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
50 for i in {1..30} |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
51 do |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
52 gen_key filename=valid_ssl_rsa.key |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
53 cert_write issuer_name=CN=TestRootCA$i,O=Do_Not_Trust_Test,C=DE \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
54 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
55 not_before=20130101000000 not_after=20151231235959 \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
56 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
57 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
58 echo -e I:${CERT}\\r >> list-valid.txt |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
59 done |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
60 |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
61 for i in {1..15} |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
62 do |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
63 gen_key filename=valid_ssl_rsa.key |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
64 cert_write issuer_name=CN=TestRootCADelete$i,O=Do_Not_Trust_Test,C=DE \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
65 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
66 not_before=20130101000000 not_after=20151231235959 \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
67 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
68 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
69 echo -e R:${CERT}\\r >> list-valid.txt |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
70 done |
300
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
71 |
435
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
72 cp list-valid.txt list-valid-updated.txt |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
73 for i in {1..5} |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
74 do |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
75 gen_key filename=valid_ssl_rsa.key |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
76 cert_write issuer_name=CN=New_Certificate_$i,O=Do_Not_Trust_Test,C=DE \ |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
77 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
78 not_before=20130101000000 not_after=20151231235959 \ |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
79 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
80 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
81 echo -e I:${CERT}\\r >> list-valid-updated.txt |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
82 done |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
83 # Datum manuell angepasst und intevation root ca zu R: hinzugefuegt |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
84 |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
85 |
300
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
86 # NSS |
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
87 mkdir nss |
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
88 certutil -d nss -A -i valid_ssl_rsa.pem -n "test" -t c,C |
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
89 certutil -d nss -D -n "test" |
569
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
90 |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
91 # Code signing |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
92 mkdir codesign |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
93 cd codesign |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
94 # Root CA |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
95 gen_key filename=codesigning_root.key |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
96 cert_write issuer_name="CN=Public TrustBridge Test,O=Public secret do not trust this,C=DE" \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
97 selfsign=1 issuer_key=codesigning_root.key \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
98 not_before=20130101000000 not_after=20151231235959 \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
99 is_ca=1 max_pathlen=0 output_file=codesigning_root.pem |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
100 |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
101 # Codesign cert |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
102 gen_key filename=codesigning.key |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
103 cert_req filename=codesigning.key output_file=codesigning.csr \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
104 subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
105 key_usage=digital_signature \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
106 ns_cert_type=object_signing |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
107 |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
108 # Sign it: |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
109 cert_write request_file=codesigning.csr issuer_crt=codesigning_root.pem \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
110 issuer_key=codesigning_root.key output_file=codesigning.pem \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
111 not_before=20130101000000 not_after=20151231235959 \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
112 key_usage=digital_signature \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
113 ns_cert_type=object_signing |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
114 |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
115 osslsigncode sign -certs codesigning.pem -key codesigning.key \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
116 -n "TrustBridgeTest" -i https://wald.intevation.org/projects/trustbridge/ \ |
571
6c4fff146999
Implement codesigning in the administrator tool
Andre Heinecke <aheinecke@intevation.de>
parents:
569
diff
changeset
|
117 -h sha256 \ |
569
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
118 -in ~/ubuntu/src/m13-repo/build-windows/TrustBridge-0.6+21-aee3eb10bbba.exe \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
119 -out TrustBridge-0.6+21-aee3eb10bbba-signed.exe |