view ui/tests/data/NOTES @ 289:9ad00a3255f4

Change cinst from stdin input to use arguments. As we have to execute this process on Windows over the shell a stdin / stdout communication is not really possible without some major hacks. So you now have to supply an instructions file and the path to the certificatelist as arguments when this process is called
author Andre Heinecke <aheinecke@intevation.de>
date Wed, 02 Apr 2014 13:52:02 +0000
parents a7317252a27c
children 534df06d5c67
line wrap: on
line source
Testkeys were created with:
    openssl genrsa -out testkey-priv.pem 3072
    openssl rsa -in testkey-priv.pem -out testkey-pub.pem -outform PEM -pubout


Certificate List was created manually and contains:
    PCA-1-Verwaltung-08
    Intevation-Email-CA-2013
    Intevation-Server-CA-2010

Test files created with:

    echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid.txt | base64 -w0)\\r > list-valid-signed.txt
    cat list-valid.txt >> list-valid-signed.txt
    echo -e S:$(openssl dgst -sha256 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-other-signature.txt
    cat list-valid.txt >> list-valid-other-signature.txt
    echo -e S:$(openssl dgst -sha1 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-sha1-signature.txt
    cat list-valid.txt >> list-valid-sha1-signature.txt
    cp list-valid-signed.txt list-invalid-signed.txt
    tail -1 list-valid.txt >> list-invalid-signed.txt

# List with 0 created manually by placing a \0 in the signature

# Test server certificate:

    gen_key type=ec ec_curve=brainpoolP256r1 filename=valid_ssl_bp.key
    cert_write issuer_name=CN=127.0.0.1,O=Intevation\\ Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_bp.key \
    not_before=20130101000000 not_after=20301231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_bp.pem
    cat valid_ssl_bp.key >> valid_ssl_bp.pem

    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=127.0.0.1,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    cat valid_ssl_rsa.key >> valid_ssl_rsa.pem

# Test list certificates (using the rsa key)

for i in {1..30}
do
    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=TestRootCA$i,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
    echo -e I:${CERT}\\r >> list-valid.txt
done

for i in {1..15}
do
    gen_key filename=valid_ssl_rsa.key
    cert_write issuer_name=CN=TestRootCADelete$i,O=Do_Not_Trust_Test,C=DE \
    selfsign=1 issuer_key=valid_ssl_rsa.key \
    not_before=20130101000000 not_after=20151231235959 \
    is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem
    CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n")
    echo -e R:${CERT}\\r >> list-valid.txt
done

http://wald.intevation.org/projects/trustbridge/