annotate ui/tests/data/NOTES @ 635:ed1887be5170

Document osslsigncode build
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 23 Jun 2014 17:24:00 +0200
parents 6c4fff146999
children be30d50bc4f0
rev   line source
8
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1 Testkeys were created with:
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
2 openssl genrsa -out testkey-priv.pem 3072
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
3 openssl rsa -in testkey-priv.pem -out testkey-pub.pem -outform PEM -pubout
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
4
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
5
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
6 Certificate List was created manually and contains:
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
7 PCA-1-Verwaltung-08
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 Intevation-Email-CA-2013
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9 Intevation-Server-CA-2010
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
10
42
6e7ef7e95031 Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents: 30
diff changeset
11 Test files created with:
8
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
12
30
381558ff6f26 Also break the signature with carriage return
Andre Heinecke <aheinecke@intevation.de>
parents: 26
diff changeset
13 echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid.txt | base64 -w0)\\r > list-valid-signed.txt
8
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
14 cat list-valid.txt >> list-valid-signed.txt
436
2e662290e3c9 Remove intermediate email ca and replace it by Verwaltung PKI cert
Andre Heinecke <aheinecke@intevation.de>
parents: 435
diff changeset
15 echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid-updated.txt | base64 -w0)\\r > list-valid-updated-signed.txt
2e662290e3c9 Remove intermediate email ca and replace it by Verwaltung PKI cert
Andre Heinecke <aheinecke@intevation.de>
parents: 435
diff changeset
16 cat list-valid-updated.txt >> list-valid-updated-signed.txt
42
6e7ef7e95031 Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents: 30
diff changeset
17 echo -e S:$(openssl dgst -sha256 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-other-signature.txt
6e7ef7e95031 Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents: 30
diff changeset
18 cat list-valid.txt >> list-valid-other-signature.txt
6e7ef7e95031 Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents: 30
diff changeset
19 echo -e S:$(openssl dgst -sha1 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-sha1-signature.txt
6e7ef7e95031 Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents: 30
diff changeset
20 cat list-valid.txt >> list-valid-sha1-signature.txt
8
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
21 cp list-valid-signed.txt list-invalid-signed.txt
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
22 tail -1 list-valid.txt >> list-invalid-signed.txt
c7da699f0310 Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
23
359
f6ce186cebc2 If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 300
diff changeset
24 # To create test data for something you might want to release
f6ce186cebc2 If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 300
diff changeset
25
f6ce186cebc2 If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 300
diff changeset
26 PRIVKEY=...
f6ce186cebc2 If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 300
diff changeset
27 echo -e S:$(openssl dgst -sha256 -sign $PRIVKEY < list-valid.txt | base64 -w0)\\r > list-valid-signed-release.txt
f6ce186cebc2 If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 300
diff changeset
28 cat list-valid.txt >> list-valid-signed-release.txt
f6ce186cebc2 If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents: 300
diff changeset
29
42
6e7ef7e95031 Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents: 30
diff changeset
30 # List with 0 created manually by placing a \0 in the signature
6e7ef7e95031 Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents: 30
diff changeset
31
43
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
32 # Test server certificate:
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
33
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
34 gen_key type=ec ec_curve=brainpoolP256r1 filename=valid_ssl_bp.key
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
35 cert_write issuer_name=CN=127.0.0.1,O=Intevation\\ Test,C=DE \
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
36 selfsign=1 issuer_key=valid_ssl_bp.key \
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
37 not_before=20130101000000 not_after=20301231235959 \
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
38 is_ca=1 max_pathlen=0 output_file=valid_ssl_bp.pem
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
39 cat valid_ssl_bp.key >> valid_ssl_bp.pem
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
40
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
41 gen_key filename=valid_ssl_rsa.key
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
42 cert_write issuer_name=CN=127.0.0.1,O=Do_Not_Trust_Test,C=DE \
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
43 selfsign=1 issuer_key=valid_ssl_rsa.key \
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
44 not_before=20130101000000 not_after=20151231235959 \
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
45 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
49
c389915fd55e Add an RSA key for testing
Andre Heinecke <aheinecke@intevation.de>
parents: 43
diff changeset
46 cat valid_ssl_rsa.key >> valid_ssl_rsa.pem
43
5910bf9016cd Add Downloadertest
Andre Heinecke <aheinecke@intevation.de>
parents: 42
diff changeset
47
234
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
48 # Test list certificates (using the rsa key)
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
49
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
50 for i in {1..30}
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
51 do
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
52 gen_key filename=valid_ssl_rsa.key
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
53 cert_write issuer_name=CN=TestRootCA$i,O=Do_Not_Trust_Test,C=DE \
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
54 selfsign=1 issuer_key=valid_ssl_rsa.key \
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
55 not_before=20130101000000 not_after=20151231235959 \
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
56 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
57 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
58 echo -e I:${CERT}\\r >> list-valid.txt
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
59 done
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
60
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
61 for i in {1..15}
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
62 do
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
63 gen_key filename=valid_ssl_rsa.key
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
64 cert_write issuer_name=CN=TestRootCADelete$i,O=Do_Not_Trust_Test,C=DE \
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
65 selfsign=1 issuer_key=valid_ssl_rsa.key \
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
66 not_before=20130101000000 not_after=20151231235959 \
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
67 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
68 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
69 echo -e R:${CERT}\\r >> list-valid.txt
a7317252a27c Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents: 50
diff changeset
70 done
300
534df06d5c67 Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents: 234
diff changeset
71
435
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
72 cp list-valid.txt list-valid-updated.txt
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
73 for i in {1..5}
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
74 do
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
75 gen_key filename=valid_ssl_rsa.key
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
76 cert_write issuer_name=CN=New_Certificate_$i,O=Do_Not_Trust_Test,C=DE \
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
77 selfsign=1 issuer_key=valid_ssl_rsa.key \
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
78 not_before=20130101000000 not_after=20151231235959 \
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
79 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
80 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
81 echo -e I:${CERT}\\r >> list-valid-updated.txt
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
82 done
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
83 # Datum manuell angepasst und intevation root ca zu R: hinzugefuegt
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
84
d0192a7e63df Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents: 359
diff changeset
85
300
534df06d5c67 Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents: 234
diff changeset
86 # NSS
534df06d5c67 Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents: 234
diff changeset
87 mkdir nss
534df06d5c67 Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents: 234
diff changeset
88 certutil -d nss -A -i valid_ssl_rsa.pem -n "test" -t c,C
534df06d5c67 Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents: 234
diff changeset
89 certutil -d nss -D -n "test"
569
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
90
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
91 # Code signing
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
92 mkdir codesign
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
93 cd codesign
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
94 # Root CA
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
95 gen_key filename=codesigning_root.key
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
96 cert_write issuer_name="CN=Public TrustBridge Test,O=Public secret do not trust this,C=DE" \
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
97 selfsign=1 issuer_key=codesigning_root.key \
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
98 not_before=20130101000000 not_after=20151231235959 \
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
99 is_ca=1 max_pathlen=0 output_file=codesigning_root.pem
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
100
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
101 # Codesign cert
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
102 gen_key filename=codesigning.key
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
103 cert_req filename=codesigning.key output_file=codesigning.csr \
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
104 subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
105 key_usage=digital_signature \
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
106 ns_cert_type=object_signing
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
107
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
108 # Sign it:
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
109 cert_write request_file=codesigning.csr issuer_crt=codesigning_root.pem \
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
110 issuer_key=codesigning_root.key output_file=codesigning.pem \
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
111 not_before=20130101000000 not_after=20151231235959 \
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
112 key_usage=digital_signature \
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
113 ns_cert_type=object_signing
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
114
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
115 osslsigncode sign -certs codesigning.pem -key codesigning.key \
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
116 -n "TrustBridgeTest" -i https://wald.intevation.org/projects/trustbridge/ \
571
6c4fff146999 Implement codesigning in the administrator tool
Andre Heinecke <aheinecke@intevation.de>
parents: 569
diff changeset
117 -h sha256 \
569
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
118 -in ~/ubuntu/src/m13-repo/build-windows/TrustBridge-0.6+21-aee3eb10bbba.exe \
6677d4ecb6fd Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents: 436
diff changeset
119 -out TrustBridge-0.6+21-aee3eb10bbba-signed.exe

http://wald.intevation.org/projects/trustbridge/