Mercurial > trustbridge

view ui/tests/data/NOTES @ 633:6c090638b2b4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use static buffer for module file name. According to the msdn examle the return value of getmodulefilename should be used to indicate success and not the size. And according to comments on that function on Windows 8.1 it does not return the needed size. So better be more robust and just use max_path as a limit.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 23 Jun 2014 15:29:48 +0200
parents 6c4fff146999
children be30d50bc4f0
line wrap: on
line source
Testkeys were created with:
    openssl genrsa -out testkey-priv.pem 3072
    openssl rsa -in testkey-priv.pem -out testkey-pub.pem -outform PEM -pubout


Certificate List was created manually and contains:
    PCA-1-Verwaltung-08
    Intevation-Email-CA-2013
    Intevation-Server-CA-2010

Test files created with:

    echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid.txt | base64 -w0)\\r > list-valid-signed.txt
    cat list-valid.txt >> list-valid-signed.txt
    echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid-updated.txt | base64 -w0)\\r > list-valid-updated-signed.txt
    cat list-valid-updated.txt >> list-valid-updated-signed.txt
    echo -e S:$(openssl dgst -sha256 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-other-signature.txt
    cat list-valid.txt >> list-valid-other-signature.txt
    echo -e S:$(openssl dgst -sha1 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-sha1-signature.txt
    cat list-valid.txt >> list-valid-sha1-signature.txt
    cp list-valid-signed.txt list-invalid-signed.txt
    tail -1 list-valid.txt >> list-invalid-signed.txt

    # To create test data for something you might want to release

    PRIVKEY=...
    echo -e S:$(openssl dgst -sha256 -sign $PRIVKEY < list-valid.txt | base64 -w0)\\r > list-valid-signed-release.txt
    cat list-valid.txt >> list-valid-signed-release.txt

# List with 0 created manually by placing a \0 in the signature

# Test server certificate:

    gen_key type=ec ec_curve=brainpoolP256r1 filename=valid_ssl_bp.key
    cert_write issuer_name=CN=127.0.0.1,O=Intevation\\ Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_bp.key \
    not_before=20130101000000 not_after=20301231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_bp.pem
    cat valid_ssl_bp.key >> valid_ssl_bp.pem

    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=127.0.0.1,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    cat valid_ssl_rsa.key >> valid_ssl_rsa.pem

# Test list certificates (using the rsa key)

for i in {1..30}
do
    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=TestRootCA$i,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
    echo -e I:${CERT}\\r >> list-valid.txt
done

for i in {1..15}
do
    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=TestRootCADelete$i,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
    echo -e R:${CERT}\\r >> list-valid.txt
done

cp list-valid.txt list-valid-updated.txt
for i in {1..5}
do
    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=New_Certificate_$i,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
    echo -e I:${CERT}\\r >> list-valid-updated.txt
done
# Datum manuell angepasst und intevation root ca zu R: hinzugefuegt


# NSS
mkdir nss
certutil -d nss -A -i valid_ssl_rsa.pem -n "test" -t c,C
certutil -d nss -D -n "test"

# Code signing
mkdir codesign
cd codesign
# Root CA
gen_key filename=codesigning_root.key
cert_write issuer_name="CN=Public TrustBridge Test,O=Public secret do not trust this,C=DE" \
selfsign=1 issuer_key=codesigning_root.key \
not_before=20130101000000 not_after=20151231235959 \
is_ca=1 max_pathlen=0 output_file=codesigning_root.pem

# Codesign cert
gen_key filename=codesigning.key
cert_req filename=codesigning.key output_file=codesigning.csr \
subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \
key_usage=digital_signature \
ns_cert_type=object_signing

# Sign it:
cert_write request_file=codesigning.csr issuer_crt=codesigning_root.pem \
issuer_key=codesigning_root.key output_file=codesigning.pem \
not_before=20130101000000 not_after=20151231235959 \
key_usage=digital_signature \
ns_cert_type=object_signing

osslsigncode sign -certs codesigning.pem -key codesigning.key \
      -n "TrustBridgeTest" -i https://wald.intevation.org/projects/trustbridge/ \
      -h sha256 \
      -in ~/ubuntu/src/m13-repo/build-windows/TrustBridge-0.6+21-aee3eb10bbba.exe \
      -out TrustBridge-0.6+21-aee3eb10bbba-signed.exe
http://wald.intevation.org/projects/trustbridge/