Mercurial > trustbridge > trustbridge
annotate ui/tests/data/NOTES @ 1375:341f79090de2
Notes about using a different certificate for codesigning
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Thu, 04 Dec 2014 13:19:11 +0100 |
| parents | 4a3a482dc337 |
| children |
| rev | line source |
|---|---|
|
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
1 Testkeys were created with: |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
2 openssl genrsa -out testkey-priv.pem 3072 |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
3 openssl rsa -in testkey-priv.pem -out testkey-pub.pem -outform PEM -pubout |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
4 |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
5 |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
6 Certificate List was created manually and contains: |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
7 PCA-1-Verwaltung-08 |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 Intevation-Email-CA-2013 |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 Intevation-Server-CA-2010 |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 |
|
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
11 Test files created with: |
|
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 |
|
30
381558ff6f26
Also break the signature with carriage return
Andre Heinecke <aheinecke@intevation.de>
parents:
26
diff
changeset
|
13 echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid.txt | base64 -w0)\\r > list-valid-signed.txt |
|
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 cat list-valid.txt >> list-valid-signed.txt |
|
436
2e662290e3c9
Remove intermediate email ca and replace it by Verwaltung PKI cert
Andre Heinecke <aheinecke@intevation.de>
parents:
435
diff
changeset
|
15 echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid-updated.txt | base64 -w0)\\r > list-valid-updated-signed.txt |
|
2e662290e3c9
Remove intermediate email ca and replace it by Verwaltung PKI cert
Andre Heinecke <aheinecke@intevation.de>
parents:
435
diff
changeset
|
16 cat list-valid-updated.txt >> list-valid-updated-signed.txt |
|
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
17 echo -e S:$(openssl dgst -sha256 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-other-signature.txt |
|
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
18 cat list-valid.txt >> list-valid-other-signature.txt |
|
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
19 echo -e S:$(openssl dgst -sha1 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-sha1-signature.txt |
|
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
20 cat list-valid.txt >> list-valid-sha1-signature.txt |
|
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
21 cp list-valid-signed.txt list-invalid-signed.txt |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
22 tail -1 list-valid.txt >> list-invalid-signed.txt |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
23 |
|
359
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
24 # To create test data for something you might want to release |
|
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
25 |
|
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
26 PRIVKEY=... |
|
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
27 echo -e S:$(openssl dgst -sha256 -sign $PRIVKEY < list-valid.txt | base64 -w0)\\r > list-valid-signed-release.txt |
|
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
28 cat list-valid.txt >> list-valid-signed-release.txt |
|
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
29 |
|
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
30 # List with 0 created manually by placing a \0 in the signature |
|
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
31 |
| 43 | 32 # Test server certificate: |
| 33 | |
| 34 gen_key type=ec ec_curve=brainpoolP256r1 filename=valid_ssl_bp.key | |
| 35 cert_write issuer_name=CN=127.0.0.1,O=Intevation\\ Test,C=DE \ | |
| 36 selfsign=1 issuer_key=valid_ssl_bp.key \ | |
| 37 not_before=20130101000000 not_after=20301231235959 \ | |
| 38 is_ca=1 max_pathlen=0 output_file=valid_ssl_bp.pem | |
| 39 cat valid_ssl_bp.key >> valid_ssl_bp.pem | |
| 40 | |
| 41 gen_key filename=valid_ssl_rsa.key | |
| 42 cert_write issuer_name=CN=127.0.0.1,O=Do_Not_Trust_Test,C=DE \ | |
| 43 selfsign=1 issuer_key=valid_ssl_rsa.key \ | |
| 44 not_before=20130101000000 not_after=20151231235959 \ | |
| 45 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem | |
|
49
c389915fd55e
Add an RSA key for testing
Andre Heinecke <aheinecke@intevation.de>
parents:
43
diff
changeset
|
46 cat valid_ssl_rsa.key >> valid_ssl_rsa.pem |
| 43 | 47 |
|
234
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
48 # Test list certificates (using the rsa key) |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
49 |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
50 for i in {1..30} |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
51 do |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
52 gen_key filename=valid_ssl_rsa.key |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
53 cert_write issuer_name=CN=TestRootCA$i,O=Do_Not_Trust_Test,C=DE \ |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
54 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
55 not_before=20130101000000 not_after=20151231235959 \ |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
56 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
57 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
58 echo -e I:${CERT}\\r >> list-valid.txt |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
59 done |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
60 |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
61 for i in {1..15} |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
62 do |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
63 gen_key filename=valid_ssl_rsa.key |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
64 cert_write issuer_name=CN=TestRootCADelete$i,O=Do_Not_Trust_Test,C=DE \ |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
65 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
66 not_before=20130101000000 not_after=20151231235959 \ |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
67 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
68 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
69 echo -e R:${CERT}\\r >> list-valid.txt |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
70 done |
|
300
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
71 |
|
435
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
72 cp list-valid.txt list-valid-updated.txt |
|
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
73 for i in {1..5} |
|
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
74 do |
|
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
75 gen_key filename=valid_ssl_rsa.key |
|
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
76 cert_write issuer_name=CN=New_Certificate_$i,O=Do_Not_Trust_Test,C=DE \ |
|
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
77 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
|
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
78 not_before=20130101000000 not_after=20151231235959 \ |
|
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
79 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
|
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
80 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
|
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
81 echo -e I:${CERT}\\r >> list-valid-updated.txt |
|
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
82 done |
|
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
83 # Datum manuell angepasst und intevation root ca zu R: hinzugefuegt |
|
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
84 |
|
d0192a7e63df
Update test data to include intevation root ca and add updated list
Andre Heinecke <aheinecke@intevation.de>
parents:
359
diff
changeset
|
85 |
|
300
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
86 # NSS |
|
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
87 mkdir nss |
|
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
88 certutil -d nss -A -i valid_ssl_rsa.pem -n "test" -t c,C |
|
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
89 certutil -d nss -D -n "test" |
|
569
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
90 |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
91 # Code signing |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
92 mkdir codesign |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
93 cd codesign |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
94 # Root CA |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
95 gen_key filename=codesigning_root.key |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
96 cert_write issuer_name="CN=Public TrustBridge Test,O=Public secret do not trust this,C=DE" \ |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
97 selfsign=1 issuer_key=codesigning_root.key \ |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
98 not_before=20130101000000 not_after=20151231235959 \ |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
99 is_ca=1 max_pathlen=0 output_file=codesigning_root.pem |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
100 |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
101 # Codesign cert |
|
758
f56c4869aa18
Switch to 3072 bit RSA keys for codesigning as specified.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
637
diff
changeset
|
102 gen_key rsa_keysize=3072 filename=codesigning.key |
|
569
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
103 cert_req filename=codesigning.key output_file=codesigning.csr \ |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
104 subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \ |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
105 key_usage=digital_signature \ |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
106 ns_cert_type=object_signing |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
107 |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
108 # Sign it: |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
109 cert_write request_file=codesigning.csr issuer_crt=codesigning_root.pem \ |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
110 issuer_key=codesigning_root.key output_file=codesigning.pem \ |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
111 not_before=20130101000000 not_after=20151231235959 \ |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
112 key_usage=digital_signature \ |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
113 ns_cert_type=object_signing |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
114 |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
115 osslsigncode sign -certs codesigning.pem -key codesigning.key \ |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
116 -n "TrustBridgeTest" -i https://wald.intevation.org/projects/trustbridge/ \ |
|
571
6c4fff146999
Implement codesigning in the administrator tool
Andre Heinecke <aheinecke@intevation.de>
parents:
569
diff
changeset
|
117 -h sha256 \ |
|
569
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
118 -in ~/ubuntu/src/m13-repo/build-windows/TrustBridge-0.6+21-aee3eb10bbba.exe \ |
|
6677d4ecb6fd
Add codesignging certificates and Notes how they were generated.
Andre Heinecke <aheinecke@intevation.de>
parents:
436
diff
changeset
|
119 -out TrustBridge-0.6+21-aee3eb10bbba-signed.exe |
|
637
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
120 |
|
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
121 # Different test certificates. |
|
758
f56c4869aa18
Switch to 3072 bit RSA keys for codesigning as specified.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
637
diff
changeset
|
122 gen_key rsa_keysize=3072 filename=codesigning-other.key |
|
637
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
123 cert_req filename=codesigning-other.key output_file=codesigning-other.csr \ |
|
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
124 subject_name="CN=Public TrustBridge codesigning test,O=Public secret do not trust this,C=DE" \ |
|
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
125 key_usage=digital_signature \ |
|
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
126 ns_cert_type=object_signing |
|
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
127 |
|
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
128 cert_write request_file=codesigning-other.csr issuer_crt=codesigning_root.pem \ |
|
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
129 issuer_key=codesigning_root.key output_file=codesigning-other.pem \ |
|
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
130 not_before=20130101000000 not_after=20151231235959 \ |
|
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
131 key_usage=digital_signature \ |
|
be30d50bc4f0
Add remaining tests to check binverify functionality
Andre Heinecke <andre.heinecke@intevation.de>
parents:
571
diff
changeset
|
132 ns_cert_type=object_signing |
|
1087
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
133 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
134 # Testserver mit hiawatha |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
135 apt-get install build-essential cmake libxslt-dev libxml2-dev libz-dev |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
136 |
|
1285
4a3a482dc337
Build instruction consistency: always using curl -O instead of wget. Wget taken out.
Bernhard Reiter <bernhard@intevation.de>
parents:
1087
diff
changeset
|
137 curl -O https://www.hiawatha-webserver.org/files/hiawatha-9.7.tar.gz |
|
1087
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
138 sha256sum hiawatha-9.7.tar.gz |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
139 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
140 e8581336883b7b963f38572f6396f8c47b43e5bedd3147d052fa3652e6c0ed86 hiawatha-9.7.tar.gz |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
141 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
142 mkdir hiawatha-prefix |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
143 tar -xf hiawatha-9.7.tar.gz |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
144 cd hiawatha-9.7 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
145 mkdir build |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
146 cd build |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
147 cmake .. -DCMAKE_INSTALL_PREFIX=/home/intevation/hiawatha-prefix |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
148 make && make install |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
149 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
150 # Root CA |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
151 gen_key filename=ssl_root.key |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
152 cert_write issuer_name="CN=TrustBridge SSL Test CA,O=Public secret do not trust this,C=DE" \ |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
153 selfsign=1 issuer_key=ssl_root.key \ |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
154 not_before=20130101000000 not_after=20151231235959 \ |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
155 is_ca=1 max_pathlen=0 output_file=ssl_root.pem |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
156 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
157 # SSL cert |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
158 gen_key type=ec ec_curve=brainpoolP256r1 filename=ssl-test.key |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
159 cert_req filename=ssl-test.key output_file=ssl-test.csr \ |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
160 subject_name="CN=tb-devel.intevation.de,O=Public secret do not trust this,C=DE" \ |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
161 ns_cert_type=ssl_server |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
162 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
163 # Sign it |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
164 cert_write request_file=ssl-test.csr issuer_crt=ssl_root.pem \ |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
165 issuer_key=ssl_root.key output_file=ssl-test.pem \ |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
166 not_before=20130101000000 not_after=20151231235959 \ |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
167 ns_cert_type=ssl_server |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
168 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
169 cat ssl-test.pem ssl-test.key > ssl-test-combined.pem |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
170 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
171 # Kopieren des Zertifikats nach /home/intevation auf dem testserver |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
172 # Editieren von /home/intevation/hiawatha-prefix/etc/hiawatha |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
173 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
174 # Binding settings: |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
175 Port = 44413 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
176 SSLcertFile = /home/intevation/ssl-test-combined.pem |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
177 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
178 # Default website settings |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
179 Hostname = thetis.intevation.de:44413 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
180 WebsiteRoot = /home/intevation/m13-files |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
181 StartFile = index.html |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
182 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
183 # Trustbridge download ordner nach /home/intevation/m13-files kopieren. |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
184 |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
185 screen -R server |
|
7191addd8a53
(issue124) Add documentation about internal server setup and test keys
Andre Heinecke <andre.heinecke@intevation.de>
parents:
758
diff
changeset
|
186 /home/intevation/hiawatha-prefix/sbin/hiawatha -d |
|
1375
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
187 |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
188 |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
189 # Bestimmten schlüssel für codesigning verwenden: |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
190 cd ui/tests/data/codesign |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
191 # Auch angenommen das er unter codesigning.key abgelegt ist ansonsten |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
192 # muss man noch in der Test CMakeList und den Buildscripten zur signatur |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
193 # den Pfad ändern. |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
194 |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
195 # Request mit externem schluessel |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
196 cert_req filename=codesigning.key output_file=codesigning-ext.csr \ |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
197 subject_name="CN=TrustBridge codesigning ext test,O=Do not trust this,C=DE" \ |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
198 key_usage=digital_signature \ |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
199 ns_cert_type=object_signing |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
200 |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
201 # Sign it: |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
202 cert_write request_file=codesigning-ext.csr issuer_crt=codesigning_root.pem \ |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
203 issuer_key=codesigning_root.key output_file=codesigning.pem \ |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
204 not_before=20130101000000 not_after=20151231235959 \ |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
205 key_usage=digital_signature \ |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
206 ns_cert_type=object_signing |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
207 |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
208 cat codesigning.pem codesigning-ext.key > codesigning-combined.pem |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
209 |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
210 common/pubkey-test.pem anpassen mit ensprechendem zertifikat. |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
211 --> Reinkopieren und markieren(inklusive begin und end zeile): :!wc |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
212 --> Als size eintragen |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
213 --> :'<,'>s/^/"/ |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
214 --> :'<,'>s/$/\\n"/ |
|
341f79090de2
Notes about using a different certificate for codesigning
Andre Heinecke <andre.heinecke@intevation.de>
parents:
1285
diff
changeset
|
215 --> make && make test |