view ui/tests/data/NOTES @ 1371:23df332b2a4c

(issue179) Read install signature timestamp from config This also changes the way the sigDt is propgated to the MainWindow. It no longer uses the settings but hands it over as a parameter directly.
author Andre Heinecke <>
date Mon, 24 Nov 2014 15:48:49 +0100
parents 4a3a482dc337
children 341f79090de2
line wrap: on
line source
Testkeys were created with:
    openssl genrsa -out testkey-priv.pem 3072
    openssl rsa -in testkey-priv.pem -out testkey-pub.pem -outform PEM -pubout

Certificate List was created manually and contains:

Test files created with:

    echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid.txt | base64 -w0)\\r > list-valid-signed.txt
    cat list-valid.txt >> list-valid-signed.txt
    echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid-updated.txt | base64 -w0)\\r > list-valid-updated-signed.txt
    cat list-valid-updated.txt >> list-valid-updated-signed.txt
    echo -e S:$(openssl dgst -sha256 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-other-signature.txt
    cat list-valid.txt >> list-valid-other-signature.txt
    echo -e S:$(openssl dgst -sha1 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-sha1-signature.txt
    cat list-valid.txt >> list-valid-sha1-signature.txt
    cp list-valid-signed.txt list-invalid-signed.txt
    tail -1 list-valid.txt >> list-invalid-signed.txt

    # To create test data for something you might want to release

    echo -e S:$(openssl dgst -sha256 -sign $PRIVKEY < list-valid.txt | base64 -w0)\\r > list-valid-signed-release.txt
    cat list-valid.txt >> list-valid-signed-release.txt

# List with 0 created manually by placing a \0 in the signature

# Test server certificate:

    gen_key type=ec ec_curve=brainpoolP256r1 filename=valid_ssl_bp.key
    cert_write issuer_name=CN=,O=Intevation\\ Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_bp.key \
    not_before=20130101000000 not_after=20301231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_bp.pem
    cat valid_ssl_bp.key >> valid_ssl_bp.pem

    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    cat valid_ssl_rsa.key >> valid_ssl_rsa.pem

# Test list certificates (using the rsa key)

for i in {1..30}
    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=TestRootCA$i,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
    echo -e I:${CERT}\\r >> list-valid.txt

for i in {1..15}
    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=TestRootCADelete$i,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
    echo -e R:${CERT}\\r >> list-valid.txt

cp list-valid.txt list-valid-updated.txt
for i in {1..5}
    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=New_Certificate_$i,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
    echo -e I:${CERT}\\r >> list-valid-updated.txt
# Datum manuell angepasst und intevation root ca zu R: hinzugefuegt

mkdir nss
certutil -d nss -A -i valid_ssl_rsa.pem -n "test" -t c,C
certutil -d nss -D -n "test"

# Code signing
mkdir codesign
cd codesign
# Root CA
gen_key filename=codesigning_root.key
cert_write issuer_name="CN=Public TrustBridge Test,O=Public secret do not trust this,C=DE" \
selfsign=1 issuer_key=codesigning_root.key \
not_before=20130101000000 not_after=20151231235959 \
is_ca=1 max_pathlen=0 output_file=codesigning_root.pem

# Codesign cert
gen_key rsa_keysize=3072 filename=codesigning.key
cert_req filename=codesigning.key output_file=codesigning.csr \
subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \
key_usage=digital_signature \

# Sign it:
cert_write request_file=codesigning.csr issuer_crt=codesigning_root.pem \
issuer_key=codesigning_root.key output_file=codesigning.pem \
not_before=20130101000000 not_after=20151231235959 \
key_usage=digital_signature \

osslsigncode sign -certs codesigning.pem -key codesigning.key \
      -n "TrustBridgeTest" -i \
      -h sha256 \
      -in ~/ubuntu/src/m13-repo/build-windows/TrustBridge-0.6+21-aee3eb10bbba.exe \
      -out TrustBridge-0.6+21-aee3eb10bbba-signed.exe

# Different test certificates.
gen_key rsa_keysize=3072 filename=codesigning-other.key
cert_req filename=codesigning-other.key output_file=codesigning-other.csr \
subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \
key_usage=digital_signature \

cert_write request_file=codesigning-other.csr issuer_crt=codesigning_root.pem \
issuer_key=codesigning_root.key output_file=codesigning-other.pem \
not_before=20130101000000 not_after=20151231235959 \
key_usage=digital_signature \

# Testserver mit hiawatha
apt-get install build-essential cmake libxslt-dev libxml2-dev libz-dev

    curl -O
    sha256sum hiawatha-9.7.tar.gz

e8581336883b7b963f38572f6396f8c47b43e5bedd3147d052fa3652e6c0ed86 hiawatha-9.7.tar.gz

    mkdir hiawatha-prefix
    tar -xf hiawatha-9.7.tar.gz
    cd hiawatha-9.7
    mkdir build
    cd build
    cmake .. -DCMAKE_INSTALL_PREFIX=/home/intevation/hiawatha-prefix
    make && make install

# Root CA
    gen_key filename=ssl_root.key
    cert_write issuer_name="CN=TrustBridge SSL Test CA,O=Public secret do not trust this,C=DE" \
    selfsign=1 issuer_key=ssl_root.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=ssl_root.pem

# SSL cert
    gen_key type=ec ec_curve=brainpoolP256r1 filename=ssl-test.key
    cert_req filename=ssl-test.key output_file=ssl-test.csr \
    subject_name=",O=Public secret do not trust this,C=DE" \

# Sign it
    cert_write request_file=ssl-test.csr issuer_crt=ssl_root.pem \
    issuer_key=ssl_root.key output_file=ssl-test.pem \
    not_before=20130101000000 not_after=20151231235959 \

    cat ssl-test.pem ssl-test.key > ssl-test-combined.pem

# Kopieren des Zertifikats nach /home/intevation auf dem testserver
# Editieren von /home/intevation/hiawatha-prefix/etc/hiawatha

# Binding settings:
    Port = 44413
    SSLcertFile = /home/intevation/ssl-test-combined.pem

# Default website settings
    Hostname =
    WebsiteRoot = /home/intevation/m13-files
    StartFile = index.html

# Trustbridge download ordner nach /home/intevation/m13-files kopieren.

    screen -R server
    /home/intevation/hiawatha-prefix/sbin/hiawatha -d