view ui/tests/data/NOTES @ 701:31c3d2bc9880

(Issue22) Fix painting problems with fixed size in windows style. We now use fusion style also on Windows for the combobox to let it be shown in the same way as we do on GNU/Linux.
author Andre Heinecke <andre.heinecke@intevation.de>
date Wed, 02 Jul 2014 11:26:42 +0200
parents be30d50bc4f0
children f56c4869aa18
line wrap: on
line source
Testkeys were created with:
    openssl genrsa -out testkey-priv.pem 3072
    openssl rsa -in testkey-priv.pem -out testkey-pub.pem -outform PEM -pubout


Certificate List was created manually and contains:
    PCA-1-Verwaltung-08
    Intevation-Email-CA-2013
    Intevation-Server-CA-2010

Test files created with:

    echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid.txt | base64 -w0)\\r > list-valid-signed.txt
    cat list-valid.txt >> list-valid-signed.txt
    echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid-updated.txt | base64 -w0)\\r > list-valid-updated-signed.txt
    cat list-valid-updated.txt >> list-valid-updated-signed.txt
    echo -e S:$(openssl dgst -sha256 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-other-signature.txt
    cat list-valid.txt >> list-valid-other-signature.txt
    echo -e S:$(openssl dgst -sha1 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-sha1-signature.txt
    cat list-valid.txt >> list-valid-sha1-signature.txt
    cp list-valid-signed.txt list-invalid-signed.txt
    tail -1 list-valid.txt >> list-invalid-signed.txt

    # To create test data for something you might want to release

    PRIVKEY=...
    echo -e S:$(openssl dgst -sha256 -sign $PRIVKEY < list-valid.txt | base64 -w0)\\r > list-valid-signed-release.txt
    cat list-valid.txt >> list-valid-signed-release.txt

# List with 0 created manually by placing a \0 in the signature

# Test server certificate:

    gen_key type=ec ec_curve=brainpoolP256r1 filename=valid_ssl_bp.key
    cert_write issuer_name=CN=127.0.0.1,O=Intevation\\ Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_bp.key \
    not_before=20130101000000 not_after=20301231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_bp.pem
    cat valid_ssl_bp.key >> valid_ssl_bp.pem

    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=127.0.0.1,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    cat valid_ssl_rsa.key >> valid_ssl_rsa.pem

# Test list certificates (using the rsa key)

for i in {1..30}
do
    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=TestRootCA$i,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
    echo -e I:${CERT}\\r >> list-valid.txt
done

for i in {1..15}
do
    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=TestRootCADelete$i,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
    echo -e R:${CERT}\\r >> list-valid.txt
done

cp list-valid.txt list-valid-updated.txt
for i in {1..5}
do
    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=New_Certificate_$i,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
    echo -e I:${CERT}\\r >> list-valid-updated.txt
done
# Datum manuell angepasst und intevation root ca zu R: hinzugefuegt


# NSS
mkdir nss
certutil -d nss -A -i valid_ssl_rsa.pem -n "test" -t c,C
certutil -d nss -D -n "test"

# Code signing
mkdir codesign
cd codesign
# Root CA
gen_key filename=codesigning_root.key
cert_write issuer_name="CN=Public TrustBridge Test,O=Public secret do not trust this,C=DE" \
selfsign=1 issuer_key=codesigning_root.key \
not_before=20130101000000 not_after=20151231235959 \
is_ca=1 max_pathlen=0 output_file=codesigning_root.pem

# Codesign cert
gen_key filename=codesigning.key
cert_req filename=codesigning.key output_file=codesigning.csr \
subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \
key_usage=digital_signature \
ns_cert_type=object_signing

# Sign it:
cert_write request_file=codesigning.csr issuer_crt=codesigning_root.pem \
issuer_key=codesigning_root.key output_file=codesigning.pem \
not_before=20130101000000 not_after=20151231235959 \
key_usage=digital_signature \
ns_cert_type=object_signing

osslsigncode sign -certs codesigning.pem -key codesigning.key \
      -n "TrustBridgeTest" -i https://wald.intevation.org/projects/trustbridge/ \
      -h sha256 \
      -in ~/ubuntu/src/m13-repo/build-windows/TrustBridge-0.6+21-aee3eb10bbba.exe \
      -out TrustBridge-0.6+21-aee3eb10bbba-signed.exe

# Different test certificates.
gen_key filename=codesigning-other.key
cert_req filename=codesigning-other.key output_file=codesigning-other.csr \
subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \
key_usage=digital_signature \
ns_cert_type=object_signing

cert_write request_file=codesigning-other.csr issuer_crt=codesigning_root.pem \
issuer_key=codesigning_root.key output_file=codesigning-other.pem \
not_before=20130101000000 not_after=20151231235959 \
key_usage=digital_signature \
ns_cert_type=object_signing

http://wald.intevation.org/projects/trustbridge/