security-and-privacy/uts-server
security-and-privacy/uts-server
1
0
Fork 0
mirror of https://github.com/kakwa/uts-server synced 2025-06-12 11:11:32 +02:00
Code Issues Releases Wiki Activity

Merge branch 'PKCS11_SUPPORT' of https://github.com/kakwa/uts-server into PKCS11_SUPPORT

Browse Source
This commit is contained in:
kakwa 2017-06-22 20:24:52 +02:00
commit 78a5563cf2
5 changed files with 124 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -61,3 +61,6 @@ vendor/
# rst doc stuff # rst doc stuff
_build/ _build/
docs/configure.rst docs/configure.rst
softhsm2.conf
hsm/

31
tests/cfg/pki/CAtsa.cnf
View File

@ -4,6 +4,9 @@
# #
#---------------------------------------------------------------------- #----------------------------------------------------------------------
DN_SECTION=dn_ca
CN=DEFAULT
# Extensions required to a TSA certificate # Extensions required to a TSA certificate
[ tsa_cert ] [ tsa_cert ]
@ -26,27 +29,22 @@ authorityKeyIdentifier=keyid,issuer:always
# #
#---------------------------------------------------------------------- #----------------------------------------------------------------------
# Common properties of all the certificates/CA (CN, OU, etc...)
[ dn_section ]
countryName = FR
stateOrProvinceName = Paris
localityName = Paris
organizationName = UTS-SERVER test
# CN is passed through environment variable "CN"
commonName = $ENV::CN
# OpenSSL parameters for certificate requests generation # OpenSSL parameters for certificate requests generation
[ req ] [ req ]
default_bits = 4096 default_bits = 4096
default_md = sha512 default_md = sha512
distinguished_name = dn_section distinguished_name = $ENV::DN_SECTION
encrypt_rsa_key = no encrypt_rsa_key = no
prompt = no prompt = no
# The extentions to add to the self signed cert # The extentions to add to the self signed cert
x509_extensions = v3_ca x509_extensions = v3_ca
# Common properties of the CA
[ dn_ca ]
countryName = FR
stateOrProvinceName = Paris
localityName = Paris
organizationName = UTS-SERVER CA
# Extensions for a typical CA # Extensions for a typical CA
[ v3_ca ] [ v3_ca ]
@ -55,3 +53,12 @@ subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical,CA:true basicConstraints = critical,CA:true
keyUsage = cRLSign, keyCertSign keyUsage = cRLSign, keyCertSign
# Common properties of all the certificates (CN, OU, etc...)
[ dn_cert ]
countryName = FR
stateOrProvinceName = Paris
localityName = Paris
organizationName = UTS-SERVER test
# CN is passed through environment variable "CN"
commonName = $ENV::CN

10
tests/cfg/pki/create_tsa_certs
View File

@ -12,9 +12,11 @@ error () {
create_ca () { create_ca () {
echo "Creating a new CA for the TSA tests..." echo "Creating a new CA for the TSA tests..."
export CN="UTS-SERVER CA" CN="UTS-SERVER CA"
DN_SECTION="dn_ca"
export CN
export DN_SECTION
openssl req -new -x509 -nodes \ openssl req -new -x509 -nodes \
-out tsaca.pem -keyout tsacakey.pem -out tsaca.pem -keyout tsacakey.pem
test $? != 0 && error test $? != 0 && error
@ -24,6 +26,7 @@ create_tsa_cert () {
EXT=$3 EXT=$3
INDEX=$2 INDEX=$2
CN=$1; export CN CN=$1; export CN
DN_SECTION="dn_cert";export DN_SECTION
openssl req -new \ openssl req -new \
-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
@ -41,8 +44,7 @@ create_cert () {
INDEX=$2 INDEX=$2
export INDEX export INDEX
TSDNSECT=ts_cert_dn DN_SECTION="dn_cert";export DN_SECTION
export TSDNSECT
openssl req -new \ openssl req -new \
-out tsa_req${INDEX}.pem -keyout ssl_key${INDEX}.pem -out tsa_req${INDEX}.pem -keyout ssl_key${INDEX}.pem

88
tests/cfg/pki/pkcs11/create_p11_certs Executable file
View File

@ -0,0 +1,88 @@
#!/bin/sh
export OPENSSL_CONF="./CAtsa.cnf"
cd `dirname $0`
error () {
echo "TSA test failed!" >&2
exit 1
}
create_ca () {
echo "Creating a new CA for the TSA tests..."
CN="UTS-SERVER CA"
DN_SECTION="dn_ca"
export CN
export DN_SECTION
openssl req -new -x509 -nodes \
-out tsaca.pem -keyout tsacakey.pem
test $? != 0 && error
}
create_tsa_cert () {
EXT=$3
INDEX=$2
CN=$1; export CN
DN_SECTION="dn_cert";export DN_SECTION
openssl req -new \
-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
test $? != 0 && error
echo Using extension $EXT
openssl x509 -req \
-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
-extfile $OPENSSL_CONF -extensions $EXT
test $? != 0 && error
}
create_cert () {
INDEX=$2
export INDEX
DN_SECTION="dn_cert";export DN_SECTION
openssl req -new \
-out tsa_req${INDEX}.pem -keyout ssl_key${INDEX}.pem
test $? != 0 && error
openssl x509 -req \
-in tsa_req${INDEX}.pem -out ssl_cert${INDEX}.pem \
-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
-extensions server_cert
test $? != 0 && error
cat ssl_key${INDEX}.pem ssl_cert${INDEX}.pem >ssl_keycerts${INDEX}.pem
}
export SOFTHSM2_CONF=`pwd`/softhsm2.conf
cp softhsm2.conf.in softhsm2.conf
SOFTHSM_DIR=`pwd`/hsm
[ -d $SOFTHSM_DIR ] && rm -rf "$SOFTHSM_DIR"
mkdir -p $SOFTHSM_DIR
sed -i "s|@SOFTHSM_DIR@|$SOFTHSM_DIR|" $SOFTHSM2_CONF
softhsm2-util --init-token --slot 0 --label "UTS-SERVER TEST" --so-pin 01020304 --pin 40302010
softhsm2-util --init-token --slot 1 --label "UTS-SERVER TEST" --so-pin 01020304 --pin 40302010
echo "export SOFTHSM2_CONF=$SOFTHSM2_CONF"
#echo "Creating CA for TSA tests..."
#create_ca
#
#echo "Creating tsa_cert1.pem TSA server cert..."
#create_tsa_cert "TSA CERT 1" 1 tsa_cert
#
#echo "Creating tsa_cert2.pem TSA server cert..."
#create_tsa_cert "TSA CERT 2" 2 tsa_cert
#
#echo "Creating ssl_keycerts1.pem for ssl"
#create_cert "uts-server.example.org" 1
exit 0

8
tests/cfg/pki/pkcs11/softhsm2.conf.in Normal file
View File

@ -0,0 +1,8 @@
# SoftHSM v2 configuration file
directories.tokendir = @SOFTHSM_DIR@
objectstore.backend = file
# ERROR, WARNING, INFO, DEBUG
log.level = DEBUG