Mercurial > trustbridge
annotate ui/tests/data/NOTES @ 635:ed1887be5170
Document osslsigncode build
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Mon, 23 Jun 2014 17:24:00 +0200 |
parents | 6c4fff146999 |
children | be30d50bc4f0 |
rev | line source |
---|---|
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
1 Testkeys were created with: |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
2 openssl genrsa -out testkey-priv.pem 3072 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
3 openssl rsa -in testkey-priv.pem -out testkey-pub.pem -outform PEM -pubout |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
4 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
5 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
6 Certificate List was created manually and contains: |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
7 PCA-1-Verwaltung-08 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 Intevation-Email-CA-2013 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 Intevation-Server-CA-2010 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 |
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
11 Test files created with: |
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 |
30
381558ff6f26
Also break the signature with carriage return
Andre Heinecke <aheinecke@intevation.de>
parents:
26
diff
changeset
|
13 echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid.txt | base64 -w0)\\r > list-valid-signed.txt |
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 cat list-valid.txt >> list-valid-signed.txt |
436
2e662290e3c9
Remove intermediate email ca and replace it by Verwaltung PKI cert
Andre Heinecke <aheinecke@intevation.de>
parents:
435
diff
changeset
|
15 echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid-updated.txt | base64 -w0)\\r > list-valid-updated-signed.txt |
2e662290e3c9
Remove intermediate email ca and replace it by Verwaltung PKI cert
Andre Heinecke <aheinecke@intevation.de>
parents:
435
diff
changeset
|
16 cat list-valid-updated.txt >> list-valid-updated-signed.txt |
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
17 echo -e S:$(openssl dgst -sha256 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-other-signature.txt |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
18 cat list-valid.txt >> list-valid-other-signature.txt |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
19 echo -e S:$(openssl dgst -sha1 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-sha1-signature.txt |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
20 cat list-valid.txt >> list-valid-sha1-signature.txt |
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
21 cp list-valid-signed.txt list-invalid-signed.txt |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
22 tail -1 list-valid.txt >> list-invalid-signed.txt |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
23 |
359
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
24 # To create test data for something you might want to release |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
25 |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
26 PRIVKEY=... |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
27 echo -e S:$(openssl dgst -sha256 -sign $PRIVKEY < list-valid.txt | base64 -w0)\\r > list-valid-signed-release.txt |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
28 cat list-valid.txt >> list-valid-signed-release.txt |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
29 |
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
30 # List with 0 created manually by placing a \0 in the signature |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
31 |
43 | 32 # Test server certificate: |
33 | |
34 gen_key type=ec ec_curve=brainpoolP256r1 filename=valid_ssl_bp.key | |
35 cert_write issuer_name=CN=127.0.0.1,O=Intevation\\ Test,C=DE \ | |
36 selfsign=1 issuer_key=valid_ssl_bp.key \ | |
37 not_before=20130101000000 not_after=20301231235959 \ | |
38 is_ca=1 max_pathlen=0 output_file=valid_ssl_bp.pem | |
39 cat valid_ssl_bp.key >> valid_ssl_bp.pem | |
40 | |
41 gen_key filename=valid_ssl_rsa.key | |
42 cert_write issuer_name=CN=127.0.0.1,O=Do_Not_Trust_Test,C=DE \ | |
43 selfsign=1 issuer_key=valid_ssl_rsa.key \ | |
44 not_before=20130101000000 not_after=20151231235959 \ | |
45 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem | |
49
c389915fd55e
Add an RSA key for testing
Andre Heinecke <aheinecke@intevation.de>
parents:
43
diff
changeset
|
46 cat valid_ssl_rsa.key >> valid_ssl_rsa.pem |
43 | 47 |
234
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
48 # Test list certificates (using the rsa key) |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
49 |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
50 for i in {1..30} |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
51 do |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
52 gen_key filename=valid_ssl_rsa.key |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
53 cert_write issuer_name=CN=TestRootCA$i,O=Do_Not_Trust_Test,C=DE \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
54 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
55 not_before=20130101000000 not_after=20151231235959 \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
56 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
57 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
58 echo -e I:${CERT}\\r >> list-valid.txt |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
59 done |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
60 |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
61 for i in {1..15} |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
62 do |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
63 gen_key filename=valid_ssl_rsa.key |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
64 cert_write issuer_name=CN=TestRootCADelete$i,O=Do_Not_Trust_Test,C=DE \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
65 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
66 not_before=20130101000000 not_after=20151231235959 \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
67 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
68 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
69 echo -e R:${CERT}\\r >> list-valid.txt |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
70 done |
300
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
71 |
435
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
72 cp list-valid.txt list-valid-updated.txt |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
73 for i in {1..5} |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
74 do |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
75 gen_key filename=valid_ssl_rsa.key |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
76 cert_write issuer_name=CN=New_Certificate_$i,O=Do_Not_Trust_Test,C=DE \ |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
77 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
78 not_before=20130101000000 not_after=20151231235959 \ |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
79 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
80 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
81 echo -e I:${CERT}\\r >> list-valid-updated.txt |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
82 done |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
83 # Datum manuell angepasst und intevation root ca zu R: hinzugefuegt |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
84 |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
85 |
300
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
86 # NSS |
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
87 mkdir nss |
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
88 certutil -d nss -A -i valid_ssl_rsa.pem -n "test" -t c,C |
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
89 certutil -d nss -D -n "test" |
569
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
90 |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
91 # Code signing |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
92 mkdir codesign |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
93 cd codesign |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
94 # Root CA |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
95 gen_key filename=codesigning_root.key |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
96 cert_write issuer_name="CN=Public TrustBridge Test,O=Public secret do not trust this,C=DE" \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
97 selfsign=1 issuer_key=codesigning_root.key \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
98 not_before=20130101000000 not_after=20151231235959 \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
99 is_ca=1 max_pathlen=0 output_file=codesigning_root.pem |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
100 |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
101 # Codesign cert |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
102 gen_key filename=codesigning.key |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
103 cert_req filename=codesigning.key output_file=codesigning.csr \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
104 subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
105 key_usage=digital_signature \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
106 ns_cert_type=object_signing |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
107 |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
108 # Sign it: |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
109 cert_write request_file=codesigning.csr issuer_crt=codesigning_root.pem \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
110 issuer_key=codesigning_root.key output_file=codesigning.pem \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
111 not_before=20130101000000 not_after=20151231235959 \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
112 key_usage=digital_signature \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
113 ns_cert_type=object_signing |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
114 |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
115 osslsigncode sign -certs codesigning.pem -key codesigning.key \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
116 -n "TrustBridgeTest" -i https://wald.intevation.org/projects/trustbridge/ \ |
571
6c4fff146999
Implement codesigning in the administrator tool
Andre Heinecke <aheinecke@intevation.de>
parents:
569
diff
changeset
|
117 -h sha256 \ |
569
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
118 -in ~/ubuntu/src/m13-repo/build-windows/TrustBridge-0.6+21-aee3eb10bbba.exe \ |
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
119 -out TrustBridge-0.6+21-aee3eb10bbba-signed.exe |