Mercurial > trustbridge
annotate ui/tests/data/NOTES @ 452:f8b480b08532
Factor out polarssl error handling and start new sslhelp file
author | Andre Heinecke <aheinecke@intevation.de> |
---|---|
date | Wed, 23 Apr 2014 10:33:40 +0000 |
parents | 2e662290e3c9 |
children | 6677d4ecb6fd |
rev | line source |
---|---|
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
1 Testkeys were created with: |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
2 openssl genrsa -out testkey-priv.pem 3072 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
3 openssl rsa -in testkey-priv.pem -out testkey-pub.pem -outform PEM -pubout |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
4 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
5 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
6 Certificate List was created manually and contains: |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
7 PCA-1-Verwaltung-08 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 Intevation-Email-CA-2013 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 Intevation-Server-CA-2010 |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 |
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
11 Test files created with: |
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 |
30
381558ff6f26
Also break the signature with carriage return
Andre Heinecke <aheinecke@intevation.de>
parents:
26
diff
changeset
|
13 echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid.txt | base64 -w0)\\r > list-valid-signed.txt |
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 cat list-valid.txt >> list-valid-signed.txt |
436
2e662290e3c9
Remove intermediate email ca and replace it by Verwaltung PKI cert
Andre Heinecke <aheinecke@intevation.de>
parents:
435
diff
changeset
|
15 echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid-updated.txt | base64 -w0)\\r > list-valid-updated-signed.txt |
2e662290e3c9
Remove intermediate email ca and replace it by Verwaltung PKI cert
Andre Heinecke <aheinecke@intevation.de>
parents:
435
diff
changeset
|
16 cat list-valid-updated.txt >> list-valid-updated-signed.txt |
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
17 echo -e S:$(openssl dgst -sha256 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-other-signature.txt |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
18 cat list-valid.txt >> list-valid-other-signature.txt |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
19 echo -e S:$(openssl dgst -sha1 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-sha1-signature.txt |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
20 cat list-valid.txt >> list-valid-sha1-signature.txt |
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
21 cp list-valid-signed.txt list-invalid-signed.txt |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
22 tail -1 list-valid.txt >> list-invalid-signed.txt |
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
23 |
359
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
24 # To create test data for something you might want to release |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
25 |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
26 PRIVKEY=... |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
27 echo -e S:$(openssl dgst -sha256 -sign $PRIVKEY < list-valid.txt | base64 -w0)\\r > list-valid-signed-release.txt |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
28 cat list-valid.txt >> list-valid-signed-release.txt |
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
29 |
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
30 # List with 0 created manually by placing a \0 in the signature |
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
31 |
43 | 32 # Test server certificate: |
33 | |
34 gen_key type=ec ec_curve=brainpoolP256r1 filename=valid_ssl_bp.key | |
35 cert_write issuer_name=CN=127.0.0.1,O=Intevation\\ Test,C=DE \ | |
36 selfsign=1 issuer_key=valid_ssl_bp.key \ | |
37 not_before=20130101000000 not_after=20301231235959 \ | |
38 is_ca=1 max_pathlen=0 output_file=valid_ssl_bp.pem | |
39 cat valid_ssl_bp.key >> valid_ssl_bp.pem | |
40 | |
41 gen_key filename=valid_ssl_rsa.key | |
42 cert_write issuer_name=CN=127.0.0.1,O=Do_Not_Trust_Test,C=DE \ | |
43 selfsign=1 issuer_key=valid_ssl_rsa.key \ | |
44 not_before=20130101000000 not_after=20151231235959 \ | |
45 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem | |
49
c389915fd55e
Add an RSA key for testing
Andre Heinecke <aheinecke@intevation.de>
parents:
43
diff
changeset
|
46 cat valid_ssl_rsa.key >> valid_ssl_rsa.pem |
43 | 47 |
234
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
48 # Test list certificates (using the rsa key) |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
49 |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
50 for i in {1..30} |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
51 do |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
52 gen_key filename=valid_ssl_rsa.key |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
53 cert_write issuer_name=CN=TestRootCA$i,O=Do_Not_Trust_Test,C=DE \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
54 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
55 not_before=20130101000000 not_after=20151231235959 \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
56 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
57 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
58 echo -e I:${CERT}\\r >> list-valid.txt |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
59 done |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
60 |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
61 for i in {1..15} |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
62 do |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
63 gen_key filename=valid_ssl_rsa.key |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
64 cert_write issuer_name=CN=TestRootCADelete$i,O=Do_Not_Trust_Test,C=DE \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
65 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
66 not_before=20130101000000 not_after=20151231235959 \ |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
67 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
68 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
69 echo -e R:${CERT}\\r >> list-valid.txt |
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
70 done |
300
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
71 |
435
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
72 cp list-valid.txt list-valid-updated.txt |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
73 for i in {1..5} |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
74 do |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
75 gen_key filename=valid_ssl_rsa.key |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
76 cert_write issuer_name=CN=New_Certificate_$i,O=Do_Not_Trust_Test,C=DE \ |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
77 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
78 not_before=20130101000000 not_after=20151231235959 \ |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
79 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
80 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
81 echo -e I:${CERT}\\r >> list-valid-updated.txt |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
82 done |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
83 # Datum manuell angepasst und intevation root ca zu R: hinzugefuegt |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
84 |
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
85 |
300
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
86 # NSS |
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
87 mkdir nss |
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
88 certutil -d nss -A -i valid_ssl_rsa.pem -n "test" -t c,C |
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
89 certutil -d nss -D -n "test" |