security-and-privacy/uts-server
security-and-privacy
/
uts-server
mirror of https://github.com/kakwa/uts-server
1
0
Fork 0
Code Issues Releases Wiki Activity

first batch of the rst documentation

This commit is contained in:
kakwa 2016-09-10 12:03:03 +02:00
parent 84b5d75c08
commit fa6f7b5f17
12 changed files with 318 additions and 411 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -57,3 +57,6 @@ vendor/
# vim swap file
*.swp
# rst doc stuff
_build/

5
ChangeLog.rst Normal file
View File

@ -0,0 +1,5 @@
Changelogs
==========
dev
---

211
README.rst
View File

@ -4,214 +4,33 @@ uts-server
.. image:: https://travis-ci.org/kakwa/uts-server.svg?branch=master
:target: https://travis-ci.org/kakwa/uts-server
.. image:: https://readthedocs.org/projects/uts-server/badge/?version=latest
:target: http://uts-server.readthedocs.org/en/latest/?badge=latest
:alt: Documentation Status
Micro timestamp server (RFC 3161) written in C
----
:Doc: `Uts-Server documentation on ReadTheDoc <http://uts-server.readthedocs.org/en/latest/>`_
:Dev: `Uts-Server source code on GitHub <https://github.com/kakwa/uts-server>`_
:License: MIT
:Author: Pierre-Francois Carpentier - copyright © 2016
----
Status
------
Alpha
Dependencies
------------
Runtime dependencies
~~~~~~~~~~~~~~~~~~~~
* OpenSSL (https://github.com/openssl/openssl)
* civetweb (https://github.com/civetweb/civetweb)
Build dependencies
~~~~~~~~~~~~~~~~~~
* cmake
* either gcc or clang
License
-------
Released under the MIT Public License
Usage
-----
.. sourcecode:: bash
$ ./uts-server --help
Usage: uts-server [OPTION...] -c CONFFILE [-d] [-D] [-p <pidfile>]
UTS micro timestamp server (RFC 3161)
-c, --conffile=CONFFILE Path to configuration file
-d, --daemonize Launch as a daemon
-D, --debug STDOUT debugging
-p, --pidfile=PIDFILE Path to pid file
-?, --help Give this help list
--usage Give a short usage message
-V, --version Print program version
Mandatory or optional arguments to long options are also mandatory or optional
for any corresponding short options.
Report bugs to Pierre-Francois Carpentier <carpentier.pf@gmail.com>.
Configuration
-------------
main
~~~~
Main configuration section (mostly http configuration).
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| param | description | example value |
+=============================+=====================================================================+======================================+
| access_control_allow_origin | Comma separated list of IP subnets to accept/deny | -0.0.0.0/0,+192.168/16 |
| | | |
| | Ex: -0.0.0.0/0,+192.168.0.0/16 | |
| | (deny all accesses, only allow 192.168.0.0/16 subnet) | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| enable_keep_alive | Allows clients to reuse TCP connection for subsequent | no |
| | HTTP requests, which improves performance. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| listening_ports | Comma-separated list of ips:ports to listen on. | 127.0.0.1:2020 |
| | If the port is SSL, a letter s must be appended. | |
| | Ex: listening_ports = 80,443s | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| log_level | Loglevel (debug, info, notice, warn, err, emerg, crit) | info |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| num_threads | Number of worker threads. | 50 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| request_timeout_ms | Timeout for network read and network write operations. | 30000 |
| | In milliseconds. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| run_as_user | Switch to given user credentials after startup. | uts-server |
| | Required to run on privileged ports as non root user. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_ca_file | Path to a .pem file containing trusted certificates. | /etc/uts-server/ca.pem |
| | The file may contain more than one certificate. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_ca_path | Name of a directory containing trusted CA certificates. | /etc/ssl/ca/ |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_certificate | Path to the SSL certificate file . | /etc/uts-server/cert.pem |
| | PEM format must contain private key and certificate. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_cipher_list | See https://www.openssl.org/docs/manmaster/apps/ciphers.html | ALL:!eNULL |
| | for more detailed | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_default_verify_paths | Loads default trusted certificates | yes |
| | locations set at openssl compile time. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_protocol_version | Sets the minimal accepted version of SSL/TLS protocol | 3 |
| | according to the table: | |
| | | |
| | - SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2 -> 0 | |
| | | |
| | - SSL3+TLS1.0+TLS1.1+TLS1.2 -> 1 | |
| | | |
| | - TLS1.0+TLS1.1+TLS1.2 -> 2 | |
| | | |
| | - TLS1.1+TLS1.2 -> 3 | |
| | | |
| | - TLS1.2 -> 4 | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_short_trust | Enables the use of short lived certificates | no |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_verify_depth | Sets maximum depth of certificate chain. | 9 |
| | If client's certificate chain is longer | |
| | than the depth set here connection is refused. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_verify_peer | Enable client's certificate verification by the server. | yes |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| tcp_nodelay | Enable TCP_NODELAY socket option on client connections. | 0 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| throttle | Limit download speed for clients. | \*=0 |
| | | |
| | Throttle is a comma-separated list of key=value pairs: | |
| | | |
| | - \* -> limit speed for all connections | |
| | | |
| | - x.x.x.x/mask -> limit speed for specified subnet | |
| | | |
| | The value is a floating-point number of bytes per second, | |
| | optionally followed by a k or m character | |
| | meaning kilobytes and megabytes respectively. | |
| | | |
| | A limit of 0 means unlimited rate. | |
| | | |
| | Ex: throttle = \*=1k,10.10.0.0/16=10m,10.20.0.0/16=0 | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
oids
~~~~
Section for declarinG OID mapping. Just add <name> = <OID> pairs.
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| param | description | example value |
+=============================+=====================================================================+======================================+
| tsa_policy1 | | 1.2.3.4.1 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| tsa_policy2 | | 1.2.3.4.5.6 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| tsa_policy3 | | 1.2.3.4.5.7 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
tsa
~~~
Section defining which TSA section to use.
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| param | description | example value |
+=============================+=====================================================================+======================================+
| default_tsa | Name of the TSA section to use as default. | tsa_config1 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
tsa_config1
~~~~~~~~~~~
Example of timestamp section configuration.
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| param | description | example value |
+=============================+=====================================================================+======================================+
| accuracy | Timestamp accuracy. (optional) | secs:1, millisecs:500, microsecs:100 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| certs | Certificate chain to include in reply. (optional) | $dir/cacert.pem |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| clock_precision_digits | Number of decimals for timestamp. (optional) | 0 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| crypto_device | OpenSSL engine to use for signing. | builtin |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| default_policy | Policy if request did not specify it. (optional) | tsa_policy1 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| digests | Acceptable message digests. (mandatory) | md5, sha1 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| dir | TSA root directory. | /etc/uts-server/pki |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ess_cert_id_chain | Must the ESS cert id chain be included? (optional, default: no) | no |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ordering | Is ordering defined for timestamps? (optional, default: no) | yes |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| other_policies | Acceptable policies. (optional) | tsa_policy2, tsa_policy3 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| signer_cert | The TSA signing certificat. (optional) | $dir/tsacert.pem |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| signer_key | The TSA private key. (optional) | $dir/private/tsakey.pem |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| tsa_name | Must the TSA name be included in the reply? (optional, default: no) | yes |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
Building
--------
.. sourcecode:: bash
$ cmake .
$ make -j 2
Playing with it
---------------
Quick Start
-----------
.. sourcecode:: bash

1
conf/uts-server.cnf
View File

@ -10,6 +10,7 @@ tsa_policy3 = 1.2.3.4.5.7
# Comma-separated list of ips:ports to listen on.
# If the port is SSL, a letter s must be appended.
#
# Ex: listening_ports = 80,443s
listening_ports = 127.0.0.1:2020

1
docs/changelog.rst Symbolic link
View File

@ -0,0 +1 @@
../ChangeLog.rst

226
docs/conf.py
View File

@ -1,10 +1,9 @@
# -*- coding: utf-8 -*-
#
# uts-server documentation build configuration file, created by
# sphinx-quickstart on Wed Dec 16 23:08:56 2015.
# SST (selenium-simple-test) documentation build configuration file, created by
# sphinx-quickstart on Mon May 16 14:23:09 2011.
#
# This file is execfile()d with the current directory set to its
# containing dir.
# This file is execfile()d with the current directory set to its containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
@ -12,26 +11,25 @@
# All configuration values have a default; values that are commented out
# serve to show the default.
import sys
import os
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#sys.path.insert(0, os.path.abspath('.'))
import os
import sys
# -- General configuration ------------------------------------------------
sys.path.insert(0, os.path.abspath('..'))
# -- General configuration -----------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
#needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = []
# Add any Sphinx extension module names here, as strings. They can be extensions
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
extensions = ['sphinx.ext.viewcode']
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
#templates_path = ['_templates']
# The suffix of source filenames.
source_suffix = '.rst'
@ -43,17 +41,16 @@ source_suffix = '.rst'
master_doc = 'index'
# General information about the project.
project = u'uts-server'
copyright = u'2015, Pierre-Francois Carpentier'
project = u'uts-server - RFC 3161 Timestamp Server'
copyright = u'2016, Pierre-Francois Carpentier'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '0.1.0'
# The full version, including alpha/beta/rc tags.
release = '0.1.0'
release = '0.0.1'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
@ -67,10 +64,9 @@ release = '0.1.0'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ['_build']
#exclude_patterns = ['_build']
# The reST default role (used for this markup: `text`) to use for all
# documents.
# The reST default role (used for this markup: `text`) to use for all documents.
#default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
@ -90,15 +86,12 @@ pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
#modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
#keep_warnings = False
# -- Options for HTML output ----------------------------------------------
# -- Options for HTML output ---------------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
html_theme = 'default'
html_theme = 'nature'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
@ -110,33 +103,27 @@ html_theme = 'default'
# The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation".
#html_title = None
html_title = 'Uts-Server %s Docs' % release
# A shorter title for the navigation bar. Default is the same as html_title.
#html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
#html_logo = None
html_logo = './_static/logo.svg'
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
#html_favicon = None
html_favicon = './_static/favicon.png'
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
# Add any extra paths that contain custom files (such as robots.txt or
# .htaccess) here, relative to this directory. These files are copied
# directly to the root of the documentation.
#html_extra_path = []
html_static_path = ['assets']
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
# using the given strftime format.
#html_last_updated_fmt = '%b %d, %Y'
html_last_updated_fmt = '%b %d, %Y'
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
@ -153,176 +140,27 @@ html_static_path = ['_static']
#html_domain_indices = True
# If false, no index is generated.
#html_use_index = True
html_use_index = False
# If true, the index is split into individual pages for each letter.
#html_split_index = False
html_split_index = False
# If true, links to the reST sources are added to the pages.
#html_show_sourcelink = True
html_show_sourcelink = False
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
#html_show_sphinx = True
html_show_sphinx = False
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
#html_show_copyright = True
html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# If true, an Opendescription file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
#html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
#html_file_suffix = None
html_file_suffix = ".html"
# Output file base name for HTML help builder.
htmlhelp_basename = 'uts-serverdoc'
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
#'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
#'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
#'preamble': '',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
('index', 'uts-server.tex', u'uts-server Documentation',
u'Pierre-Francois Carpentier', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
#latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#latex_use_parts = False
# If true, show page references after internal links.
#latex_show_pagerefs = False
# If true, show URL addresses after external links.
#latex_show_urls = False
# Documents to append as an appendix to all manuals.
#latex_appendices = []
# If false, no module index is generated.
#latex_domain_indices = True
# -- Options for manual page output ---------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
('index', 'uts-server', u'uts-server Documentation',
[u'Pierre-Francois Carpentier'], 1)
]
# If true, show URL addresses after external links.
#man_show_urls = False
# -- Options for Texinfo output -------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
('index', 'uts-server', u'uts-server Documentation',
u'Pierre-Francois Carpentier', 'uts-server', 'One line description of project.',
'Miscellaneous'),
]
# Documents to append as an appendix to all manuals.
#texinfo_appendices = []
# If false, no module index is generated.
#texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
#texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
#texinfo_no_detailmenu = False
# -- Options for Epub output ----------------------------------------------
# Bibliographic Dublin Core info.
epub_title = u'uts-server'
epub_author = u'Pierre-Francois Carpentier'
epub_publisher = u'Pierre-Francois Carpentier'
epub_copyright = u'2015, Pierre-Francois Carpentier'
# The basename for the epub file. It defaults to the project name.
#epub_basename = u'uts-server'
# The HTML theme for the epub output. Since the default themes are not optimized
# for small screen space, using the same theme for HTML and epub output is
# usually not wise. This defaults to 'epub', a theme designed to save visual
# space.
#epub_theme = 'epub'
# The language of the text. It defaults to the language option
# or en if the language is not set.
#epub_language = ''
# The scheme of the identifier. Typical schemes are ISBN or URL.
#epub_scheme = ''
# The unique identifier of the text. This can be a ISBN number
# or the project homepage.
#epub_identifier = ''
# A unique identification for the text.
#epub_uid = ''
# A tuple containing the cover image and cover page html template filenames.
#epub_cover = ()
# A sequence of (type, uri, title) tuples for the guide element of content.opf.
#epub_guide = ()
# HTML files that should be inserted before the pages created by sphinx.
# The format is a list of tuples containing the path and title.
#epub_pre_files = []
# HTML files shat should be inserted after the pages created by sphinx.
# The format is a list of tuples containing the path and title.
#epub_post_files = []
# A list of files that should not be packed into the epub file.
epub_exclude_files = ['search.html']
# The depth of the table of contents in toc.ncx.
#epub_tocdepth = 3
# Allow duplicate toc entries.
#epub_tocdup = True
# Choose between 'default' and 'includehidden'.
#epub_tocscope = 'default'
# Fix unsupported image types using the PIL.
#epub_fix_images = False
# Scale large images.
#epub_max_image_width = 0
# How to display URL addresses: 'footnote', 'no', or 'inline'.
#epub_show_urls = 'inline'
# If false, no index is generated.
#epub_use_index = True
htmlhelp_basename = 'uts-server-docs'

153
docs/configure.rst Normal file
View File

@ -0,0 +1,153 @@
Configuration Parameters
========================
Section [ main ]
----------------
Main configuration section (mostly http configuration).
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| Parameter | Description | Example Value |
+=============================+=====================================================================+======================================+
| access_control_allow_origin | Comma separated list of IP subnets to accept/deny | -0.0.0.0/0,+192.168/16 |
| | | |
| | Ex: -0.0.0.0/0,+192.168.0.0/16 | |
| | (deny all accesses, only allow 192.168.0.0/16 subnet) | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| enable_keep_alive | Allows clients to reuse TCP connection for subsequent | no |
| | HTTP requests, which improves performance. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| listening_ports | Comma-separated list of ips:ports to listen on. | 127.0.0.1:2020 |
| | If the port is SSL, a letter s must be appended. | |
| | | |
| | Ex: listening_ports = 80,443s | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| log_level | Loglevel (debug, info, notice, warn, err, emerg, crit) | info |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| num_threads | Number of worker threads. | 50 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| request_timeout_ms | Timeout for network read and network write operations. | 30000 |
| | In milliseconds. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| run_as_user | Switch to given user credentials after startup. | uts-server |
| | Required to run on privileged ports as non root user. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_ca_file | Path to a .pem file containing trusted certificates. | /etc/uts-server/ca.pem |
| | The file may contain more than one certificate. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_ca_path | Name of a directory containing trusted CA certificates. | /etc/ssl/ca/ |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_certificate | Path to the SSL certificate file . | /etc/uts-server/cert.pem |
| | PEM format must contain private key and certificate. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_cipher_list | See https://www.openssl.org/docs/manmaster/apps/ciphers.html | ALL:!eNULL |
| | for more detailed | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_default_verify_paths | Loads default trusted certificates | yes |
| | locations set at openssl compile time. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_protocol_version | Sets the minimal accepted version of SSL/TLS protocol | 3 |
| | according to the table: | |
| | | |
| | - SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2 -> 0 | |
| | | |
| | - SSL3+TLS1.0+TLS1.1+TLS1.2 -> 1 | |
| | | |
| | - TLS1.0+TLS1.1+TLS1.2 -> 2 | |
| | | |
| | - TLS1.1+TLS1.2 -> 3 | |
| | | |
| | - TLS1.2 -> 4 | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_short_trust | Enables the use of short lived certificates | no |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_verify_depth | Sets maximum depth of certificate chain. | 9 |
| | If client's certificate chain is longer | |
| | than the depth set here connection is refused. | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ssl_verify_peer | Enable client's certificate verification by the server. | yes |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| tcp_nodelay | Enable TCP_NODELAY socket option on client connections. | 0 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| throttle | Limit download speed for clients. | \*=0 |
| | | |
| | Throttle is a comma-separated list of key=value pairs: | |
| | | |
| | - \* -> limit speed for all connections | |
| | | |
| | - x.x.x.x/mask -> limit speed for specified subnet | |
| | | |
| | The value is a floating-point number of bytes per second, | |
| | optionally followed by a k or m character | |
| | meaning kilobytes and megabytes respectively. | |
| | | |
| | A limit of 0 means unlimited rate. | |
| | | |
| | Ex: throttle = \*=1k,10.10.0.0/16=10m,10.20.0.0/16=0 | |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
Section [ oids ]
----------------
Section for declarinG OID mapping. Just add <name> = <OID> pairs.
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| Parameter | Description | Example Value |
+=============================+=====================================================================+======================================+
| tsa_policy1 | | 1.2.3.4.1 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| tsa_policy2 | | 1.2.3.4.5.6 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| tsa_policy3 | | 1.2.3.4.5.7 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
Section [ tsa ]
---------------
Section defining which TSA section to use.
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| Parameter | Description | Example Value |
+=============================+=====================================================================+======================================+
| default_tsa | Name of the TSA section to use as default. | tsa_config1 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
Section [ tsa_config1 ]
-----------------------
Example of timestamp section configuration.
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| Parameter | Description | Example Value |
+=============================+=====================================================================+======================================+
| accuracy | Timestamp accuracy. (optional) | secs:1, millisecs:500, microsecs:100 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| certs | Certificate chain to include in reply. (optional) | $dir/cacert.pem |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| clock_precision_digits | Number of decimals for timestamp. (optional) | 0 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| crypto_device | OpenSSL engine to use for signing. | builtin |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| default_policy | Policy if request did not specify it. (optional) | tsa_policy1 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| digests | Acceptable message digests. (mandatory) | md5, sha1 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| dir | TSA root directory. | /etc/uts-server/pki |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ess_cert_id_chain | Must the ESS cert id chain be included? (optional, default: no) | no |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| ordering | Is ordering defined for timestamps? (optional, default: no) | yes |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| other_policies | Acceptable policies. (optional) | tsa_policy2, tsa_policy3 |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| signer_cert | The TSA signing certificat. (optional) | $dir/tsacert.pem |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| signer_key | The TSA private key. (optional) | $dir/private/tsakey.pem |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
| tsa_name | Must the TSA name be included in the reply? (optional, default: no) | yes |
+-----------------------------+---------------------------------------------------------------------+--------------------------------------+
Full Configuration File
=======================
.. literalinclude:: ../conf/uts-server.cnf
:language: ini

43
docs/deploy.rst Normal file
View File

@ -0,0 +1,43 @@
Deploy
======
Usage
-----
.. sourcecode:: bash
$ ./uts-server --help
Usage: uts-server [OPTION...] -c CONFFILE [-d] [-D] [-p <pidfile>]
UTS micro timestamp server (RFC 3161)
-c, --conffile=CONFFILE Path to configuration file
-d, --daemonize Launch as a daemon
-D, --debug STDOUT debugging
-p, --pidfile=PIDFILE Path to pid file
-?, --help Give this help list
--usage Give a short usage message
-V, --version Print program version
Mandatory or optional arguments to long options are also mandatory or optional
for any corresponding short options.
Report bugs to Pierre-Francois Carpentier <carpentier.pf@gmail.com>.
Running uts-sever
-----------------
To debug problems with uts-server, run it in the foreground in debug mode:
.. sourcecode:: bash
# In debug mode with verbose debugging on stdout
$ ./uts-server -c <path/to/conf> -D
To run it as a daemon:
.. sourcecode:: bash
# In daemon mode
$ ./uts-server -c <path/to/conf> -d -p <path/to/pidfile>

3
docs/forkme.rst Normal file
View File

@ -0,0 +1,3 @@
.. raw:: html
<a href="https://github.com/kakwa/uts-server"><img style="position: absolute; top: 0; right: 0; border: 0;" src="https://camo.githubusercontent.com/38ef81f8aca64bb9a64448d0d70f1308ef5341ab/68747470733a2f2f73332e616d617a6f6e6177732e636f6d2f6769746875622f726962626f6e732f666f726b6d655f72696768745f6461726b626c75655f3132313632312e706e67" alt="Fork me on GitHub" data-canonical-src="https://s3.amazonaws.com/github/ribbons/forkme_right_darkblue_121621.png"></a>

28
docs/index.rst
View File

@ -1,22 +1,16 @@
.. uts-server documentation master file, created by
sphinx-quickstart on Wed Dec 16 23:08:56 2015.
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
Welcome to uts-server's documentation!
======================================
Contents:
Table of Content
================
.. toctree::
:maxdepth: 2
:maxdepth: 2
install
configure
deploy
changelog
goodies
.. include:: ../README.rst
Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`
.. include:: forkme.rst

38
docs/install.rst Normal file
View File

@ -0,0 +1,38 @@
Dependencies
============
Runtime dependencies
--------------------
List of dependencies uts-server relies on to run:
* OpenSSL (https://github.com/openssl/openssl)
* civetweb (https://github.com/civetweb/civetweb)
Build dependencies
------------------
List of dependencies needed to build civetweb:
* cmake
* either gcc or clang
Compilation
===========
uts-server is compiled using cmake:
.. sourcecode:: bash
# If civetweb is already present on the system
$ cmake .
$ make
# If civetweb is not present
# this will get the proper tag of civetweb from upstream and compile it
$ cmake . -DBUNDLE_CIVETWEB=ON
$ make
# Compile with debug flags
$ cmake . -DDEBUG=ON
$ make

17
goodies/build_param_table.py
View File

@ -37,7 +37,6 @@ with open(tsq_path) as f:
docs[cur_section]['vars'][var] = {'desc': text_buf, 'val': ex_val}
text_buf = ""
#print docs
max_var = 0
max_desc = 0
max_val = 0
@ -60,14 +59,18 @@ def print_line(var, desc, val):
' |')
print('Configuration Parameters')
print('=' * len('Configuration Parameters'))
for section in sorted(docs):
print(section)
print('~' * len(section))
print('Section [ ' + section + ' ]')
print('-' * len('Section [ ' + section + ' ]'))
print('')
print(docs[section]['text'])
print('')
print('+-' + '-' * max_var + '-+-' + '-' * max_desc + '-+-' + '-' * max_val + '-+')
print_line('param', 'description', 'example value')
print_line('Parameter', 'Description', 'Example Value')
print('+=' + '=' * max_var + '=+=' + '=' * max_desc + '=+=' + '=' * max_val + '=+')
for var in sorted(docs[section]['vars']):
if docs[section]['vars'][var]:
@ -84,3 +87,9 @@ for section in sorted(docs):
print_line('', re.sub('\*', '\\*', line), '')
print('+-' + '-' * max_var + '-+-' + '-' * max_desc + '-+-' + '-' * max_val + '-+')
print('')
print('Full Configuration File')
print('=' * len('Full Configuration File'))
print('')
print('.. literalinclude:: ../conf/uts-server.cnf')
print(' :language: ini')