Mercurial > trustbridge
annotate ui/tests/data/NOTES @ 1369:948f03bb5254
Add signature time extraction for Linux and test for it in binverifytest
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Mon, 24 Nov 2014 14:43:10 +0100 |
parents | 4a3a482dc337 |
children | 341f79090de2 |
rev | line source |
---|---|
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
1 Testkeys were created with: |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
2 openssl genrsa -out testkey-priv.pem 3072 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
3 openssl rsa -in testkey-priv.pem -out testkey-pub.pem -outform PEM -pubout |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
4 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
5 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
6 Certificate List was created manually and contains: |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
7 PCA-1-Verwaltung-08 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 Intevation-Email-CA-2013 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 Intevation-Server-CA-2010 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 |
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
11 Test files created with: |
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 |
30
381558ff6f26
Also break the signature with carriage return
Andre Heinecke <aheinecke@intevation.de>
parents:
26
diff
changeset
|
13 echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid.txt | base64 -w0)\\r > list-valid-signed.txt |
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 cat list-valid.txt >> list-valid-signed.txt |
436
2e662290e3c9
Remove intermediate email ca and replace it by Verwaltung PKI cert
Andre Heinecke <aheinecke@intevation.de>
parents:
435
diff
changeset
|
15 echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid-updated.txt | base64 -w0)\\r > list-valid-updated-signed.txt |
2e662290e3c9
Remove intermediate email ca and replace it by Verwaltung PKI cert
Andre Heinecke <aheinecke@intevation.de>
parents:
435
diff
changeset
|
16 cat list-valid-updated.txt >> list-valid-updated-signed.txt |
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
17 echo -e S:$(openssl dgst -sha256 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-other-signature.txt |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
18 cat list-valid.txt >> list-valid-other-signature.txt |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
19 echo -e S:$(openssl dgst -sha1 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-sha1-signature.txt |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
20 cat list-valid.txt >> list-valid-sha1-signature.txt |
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
21 cp list-valid-signed.txt list-invalid-signed.txt |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
22 tail -1 list-valid.txt >> list-invalid-signed.txt |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
23 |
359
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
24 # To create test data for something you might want to release |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
25 |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
26 PRIVKEY=... |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
27 echo -e S:$(openssl dgst -sha256 -sign $PRIVKEY < list-valid.txt | base64 -w0)\\r > list-valid-signed-release.txt |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
28 cat list-valid.txt >> list-valid-signed-release.txt |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
29 |
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
30 # List with 0 created manually by placing a \0 in the signature |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
31 |
43 | 32 # Test server certificate: |
33 | |
34 gen_key type=ec ec_curve=brainpoolP256r1 filename=valid_ssl_bp.key | |
35 cert_write issuer_name=CN=127.0.0.1,O=Intevation\\ Test,C=DE \ | |
36 selfsign=1 issuer_key=valid_ssl_bp.key \ | |
37 not_before=20130101000000 not_after=20301231235959 \ | |
38 is_ca=1 max_pathlen=0 output_file=valid_ssl_bp.pem | |
39 cat valid_ssl_bp.key >> valid_ssl_bp.pem | |
40 | |
41 gen_key filename=valid_ssl_rsa.key | |
42 cert_write issuer_name=CN=127.0.0.1,O=Do_Not_Trust_Test,C=DE \ | |
43 selfsign=1 issuer_key=valid_ssl_rsa.key \ | |
44 not_before=20130101000000 not_after=20151231235959 \ | |
45 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem | |
49
c389915fd55e
Add an RSA key for testing
Andre Heinecke <aheinecke@intevation.de>
parents:
43
diff
changeset
|
46 cat valid_ssl_rsa.key >> valid_ssl_rsa.pem |
43 | 47 |
234
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
48 # Test list certificates (using the rsa key) |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
49 |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
50 for i in {1..30} |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
51 do |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
52 gen_key filename=valid_ssl_rsa.key |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
53 cert_write issuer_name=CN=TestRootCA$i,O=Do_Not_Trust_Test,C=DE \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
54 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
55 not_before=20130101000000 not_after=20151231235959 \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
56 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
57 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
58 echo -e I:${CERT}\\r >> list-valid.txt |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
59 done |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
60 |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
61 for i in {1..15} |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
62 do |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
63 gen_key filename=valid_ssl_rsa.key |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
64 cert_write issuer_name=CN=TestRootCADelete$i,O=Do_Not_Trust_Test,C=DE \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
65 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
66 not_before=20130101000000 not_after=20151231235959 \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
67 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
68 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
69 echo -e R:${CERT}\\r >> list-valid.txt |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
70 done |
300
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
71 |
435
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
72 cp list-valid.txt list-valid-updated.txt |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
73 for i in {1..5} |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
74 do |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
75 gen_key filename=valid_ssl_rsa.key |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
76 cert_write issuer_name=CN=New_Certificate_$i,O=Do_Not_Trust_Test,C=DE \ |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
77 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
78 not_before=20130101000000 not_after=20151231235959 \ |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
79 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
80 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
81 echo -e I:${CERT}\\r >> list-valid-updated.txt |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
82 done |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
83 # Datum manuell angepasst und intevation root ca zu R: hinzugefuegt |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
84 |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
85 |
300
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
86 # NSS |
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
87 mkdir nss |
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
88 certutil -d nss -A -i valid_ssl_rsa.pem -n "test" -t c,C |
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
89 certutil -d nss -D -n "test" |
569
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
90 |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
91 # Code signing |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
92 mkdir codesign |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
93 cd codesign |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
94 # Root CA |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
95 gen_key filename=codesigning_root.key |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
96 cert_write issuer_name="CN=Public TrustBridge Test,O=Public secret do not trust this,C=DE" \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
97 selfsign=1 issuer_key=codesigning_root.key \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
98 not_before=20130101000000 not_after=20151231235959 \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
99 is_ca=1 max_pathlen=0 output_file=codesigning_root.pem |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
100 |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
101 # Codesign cert |
758
f56c4869aa18
Switch to 3072 bit RSA keys for codesigning as specified.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
637
diff
changeset
|
102 gen_key rsa_keysize=3072 filename=codesigning.key |
569
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
103 cert_req filename=codesigning.key output_file=codesigning.csr \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
104 subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
105 key_usage=digital_signature \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
106 ns_cert_type=object_signing |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
107 |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
108 # Sign it: |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
109 cert_write request_file=codesigning.csr issuer_crt=codesigning_root.pem \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
110 issuer_key=codesigning_root.key output_file=codesigning.pem \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
111 not_before=20130101000000 not_after=20151231235959 \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
112 key_usage=digital_signature \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
113 ns_cert_type=object_signing |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
114 |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
115 osslsigncode sign -certs codesigning.pem -key codesigning.key \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
116 -n "TrustBridgeTest" -i https://wald.intevation.org/projects/trustbridge/ \ |
571
6c4fff146999
Implement codesigning in the administrator tool
Andre Heinecke <aheinecke@intevation.de>
parents:
569
diff
changeset
|
117 -h sha256 \ |
569
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
118 -in ~/ubuntu/src/m13-repo/build-windows/TrustBridge-0.6+21-aee3eb10bbba.exe \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
119 -out TrustBridge-0.6+21-aee3eb10bbba-signed.exe |
637
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
120 |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
121 # Different test certificates. |
758
f56c4869aa18
Switch to 3072 bit RSA keys for codesigning as specified.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
637
diff
changeset
|
122 gen_key rsa_keysize=3072 filename=codesigning-other.key |
637
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
123 cert_req filename=codesigning-other.key output_file=codesigning-other.csr \ |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
124 subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \ |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
125 key_usage=digital_signature \ |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
126 ns_cert_type=object_signing |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
127 |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
128 cert_write request_file=codesigning-other.csr issuer_crt=codesigning_root.pem \ |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
129 issuer_key=codesigning_root.key output_file=codesigning-other.pem \ |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
130 not_before=20130101000000 not_after=20151231235959 \ |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
131 key_usage=digital_signature \ |
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
132 ns_cert_type=object_signing |
1087
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
133 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
134 # Testserver mit hiawatha |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
135 apt-get install build-essential cmake libxslt-dev libxml2-dev libz-dev |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
136 |
1285
4a3a482dc337
Build instruction consistency: always using curl -O instead of wget. Wget taken out.
Bernhard Reiter <bernhard@intevation.de>
parents:
1087
diff
changeset
|
137 curl -O https://www.hiawatha-webserver.org/files/hiawatha-9.7.tar.gz |
1087
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
138 sha256sum hiawatha-9.7.tar.gz |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
139 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
140 e8581336883b7b963f38572f6396f8c47b43e5bedd3147d052fa3652e6c0ed86 hiawatha-9.7.tar.gz |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
141 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
142 mkdir hiawatha-prefix |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
143 tar -xf hiawatha-9.7.tar.gz |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
144 cd hiawatha-9.7 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
145 mkdir build |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
146 cd build |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
147 cmake .. -DCMAKE_INSTALL_PREFIX=/home/intevation/hiawatha-prefix |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
148 make && make install |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
149 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
150 # Root CA |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
151 gen_key filename=ssl_root.key |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
152 cert_write issuer_name="CN=TrustBridge SSL Test CA,O=Public secret do not trust this,C=DE" \ |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
153 selfsign=1 issuer_key=ssl_root.key \ |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
154 not_before=20130101000000 not_after=20151231235959 \ |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
155 is_ca=1 max_pathlen=0 output_file=ssl_root.pem |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
156 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
157 # SSL cert |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
158 gen_key type=ec ec_curve=brainpoolP256r1 filename=ssl-test.key |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
159 cert_req filename=ssl-test.key output_file=ssl-test.csr \ |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
160 subject_name="CN=tb-devel.intevation.de,O=Public secret do not trust this,C=DE" \ |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
161 ns_cert_type=ssl_server |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
162 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
163 # Sign it |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
164 cert_write request_file=ssl-test.csr issuer_crt=ssl_root.pem \ |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
165 issuer_key=ssl_root.key output_file=ssl-test.pem \ |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
166 not_before=20130101000000 not_after=20151231235959 \ |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
167 ns_cert_type=ssl_server |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
168 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
169 cat ssl-test.pem ssl-test.key > ssl-test-combined.pem |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
170 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
171 # Kopieren des Zertifikats nach /home/intevation auf dem testserver |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
172 # Editieren von /home/intevation/hiawatha-prefix/etc/hiawatha |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
173 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
174 # Binding settings: |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
175 Port = 44413 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
176 SSLcertFile = /home/intevation/ssl-test-combined.pem |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
177 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
178 # Default website settings |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
179 Hostname = thetis.intevation.de:44413 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
180 WebsiteRoot = /home/intevation/m13-files |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
181 StartFile = index.html |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
182 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
183 # Trustbridge download ordner nach /home/intevation/m13-files kopieren. |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
184 |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
185 screen -R server |
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
186 /home/intevation/hiawatha-prefix/sbin/hiawatha -d |