1
0
mirror of https://github.com/kakwa/uts-server synced 2024-12-04 23:15:54 +01:00

Merge branch 'PKCS11_SUPPORT' of https://github.com/kakwa/uts-server into PKCS11_SUPPORT

This commit is contained in:
kakwa 2017-06-22 20:24:52 +02:00
commit 78a5563cf2
5 changed files with 124 additions and 16 deletions

3
.gitignore vendored
View File

@ -61,3 +61,6 @@ vendor/
# rst doc stuff
_build/
docs/configure.rst
softhsm2.conf
hsm/

View File

@ -4,6 +4,9 @@
#
#----------------------------------------------------------------------
DN_SECTION=dn_ca
CN=DEFAULT
# Extensions required to a TSA certificate
[ tsa_cert ]
@ -26,27 +29,22 @@ authorityKeyIdentifier=keyid,issuer:always
#
#----------------------------------------------------------------------
# Common properties of all the certificates/CA (CN, OU, etc...)
[ dn_section ]
countryName = FR
stateOrProvinceName = Paris
localityName = Paris
organizationName = UTS-SERVER test
# CN is passed through environment variable "CN"
commonName = $ENV::CN
# OpenSSL parameters for certificate requests generation
[ req ]
default_bits = 4096
default_md = sha512
distinguished_name = dn_section
distinguished_name = $ENV::DN_SECTION
encrypt_rsa_key = no
prompt = no
# The extentions to add to the self signed cert
x509_extensions = v3_ca
# Common properties of the CA
[ dn_ca ]
countryName = FR
stateOrProvinceName = Paris
localityName = Paris
organizationName = UTS-SERVER CA
# Extensions for a typical CA
[ v3_ca ]
@ -55,3 +53,12 @@ subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical,CA:true
keyUsage = cRLSign, keyCertSign
# Common properties of all the certificates (CN, OU, etc...)
[ dn_cert ]
countryName = FR
stateOrProvinceName = Paris
localityName = Paris
organizationName = UTS-SERVER test
# CN is passed through environment variable "CN"
commonName = $ENV::CN

View File

@ -12,9 +12,11 @@ error () {
create_ca () {
echo "Creating a new CA for the TSA tests..."
export CN="UTS-SERVER CA"
CN="UTS-SERVER CA"
DN_SECTION="dn_ca"
export CN
export DN_SECTION
openssl req -new -x509 -nodes \
-out tsaca.pem -keyout tsacakey.pem
test $? != 0 && error
@ -24,6 +26,7 @@ create_tsa_cert () {
EXT=$3
INDEX=$2
CN=$1; export CN
DN_SECTION="dn_cert";export DN_SECTION
openssl req -new \
-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
@ -41,8 +44,7 @@ create_cert () {
INDEX=$2
export INDEX
TSDNSECT=ts_cert_dn
export TSDNSECT
DN_SECTION="dn_cert";export DN_SECTION
openssl req -new \
-out tsa_req${INDEX}.pem -keyout ssl_key${INDEX}.pem

View File

@ -0,0 +1,88 @@
#!/bin/sh
export OPENSSL_CONF="./CAtsa.cnf"
cd `dirname $0`
error () {
echo "TSA test failed!" >&2
exit 1
}
create_ca () {
echo "Creating a new CA for the TSA tests..."
CN="UTS-SERVER CA"
DN_SECTION="dn_ca"
export CN
export DN_SECTION
openssl req -new -x509 -nodes \
-out tsaca.pem -keyout tsacakey.pem
test $? != 0 && error
}
create_tsa_cert () {
EXT=$3
INDEX=$2
CN=$1; export CN
DN_SECTION="dn_cert";export DN_SECTION
openssl req -new \
-out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
test $? != 0 && error
echo Using extension $EXT
openssl x509 -req \
-in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
-extfile $OPENSSL_CONF -extensions $EXT
test $? != 0 && error
}
create_cert () {
INDEX=$2
export INDEX
DN_SECTION="dn_cert";export DN_SECTION
openssl req -new \
-out tsa_req${INDEX}.pem -keyout ssl_key${INDEX}.pem
test $? != 0 && error
openssl x509 -req \
-in tsa_req${INDEX}.pem -out ssl_cert${INDEX}.pem \
-CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
-extensions server_cert
test $? != 0 && error
cat ssl_key${INDEX}.pem ssl_cert${INDEX}.pem >ssl_keycerts${INDEX}.pem
}
export SOFTHSM2_CONF=`pwd`/softhsm2.conf
cp softhsm2.conf.in softhsm2.conf
SOFTHSM_DIR=`pwd`/hsm
[ -d $SOFTHSM_DIR ] && rm -rf "$SOFTHSM_DIR"
mkdir -p $SOFTHSM_DIR
sed -i "s|@SOFTHSM_DIR@|$SOFTHSM_DIR|" $SOFTHSM2_CONF
softhsm2-util --init-token --slot 0 --label "UTS-SERVER TEST" --so-pin 01020304 --pin 40302010
softhsm2-util --init-token --slot 1 --label "UTS-SERVER TEST" --so-pin 01020304 --pin 40302010
echo "export SOFTHSM2_CONF=$SOFTHSM2_CONF"
#echo "Creating CA for TSA tests..."
#create_ca
#
#echo "Creating tsa_cert1.pem TSA server cert..."
#create_tsa_cert "TSA CERT 1" 1 tsa_cert
#
#echo "Creating tsa_cert2.pem TSA server cert..."
#create_tsa_cert "TSA CERT 2" 2 tsa_cert
#
#echo "Creating ssl_keycerts1.pem for ssl"
#create_cert "uts-server.example.org" 1
exit 0

View File

@ -0,0 +1,8 @@
# SoftHSM v2 configuration file
directories.tokendir = @SOFTHSM_DIR@
objectstore.backend = file
# ERROR, WARNING, INFO, DEBUG
log.level = DEBUG