From 11a217a7919911d29da2e165c565a58999aab641 Mon Sep 17 00:00:00 2001 From: Alon Levy Date: Fri, 7 Jan 2011 15:46:32 +0200 Subject: initial --- 630105/Makefile | 36 ++++++++++++++++++++++++++++++++++ 630105/make_new.sh | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ README | 1 + 3 files changed, 94 insertions(+) create mode 100644 630105/Makefile create mode 100755 630105/make_new.sh create mode 100644 README diff --git a/630105/Makefile b/630105/Makefile new file mode 100644 index 0000000..93b446f --- /dev/null +++ b/630105/Makefile @@ -0,0 +1,36 @@ +all: regular + +.PHONY: regular cech clean test_regular test_cech + +OK_CA_SUBJECT=/C=IL/L=Raanana/O=Red Hat/CN=my CA +OK_SERVER_SUBJECT=/C=IL/L=Raanana/O=Red Hat/CN=my server +OK_SERVER_SUBJECT_SPICEC=C=IL,L=Raanana,O=Red Hat,CN=my server +CECH_CA_SUBJECT=/O=Nějaká česká firma/CN=ps-desk.brq.redhat.com +CECH_SERVER_SUBJECT=/O=Nějaká česká firma/CN=ps-desk.brq.redhat.com server +#CECH_SERVER_SUBJECT_SPICEC=O=N\xC3\x84\xC2\x9Bjak\xC3\x83\xC2\xA1 \xC3\x84\xC2\x8Desk\xC3\x83\xC2\xA1 firma, CN=ps-desk.brq.redhat.com server +CECH_SERVER_SUBJECT_SPICEC=O=Nějaká česká firma,CN=ps-desk.brq.redhat.com server + +CWD=$(shell pwd) + +regular: + ./make_new.sh "$(OK_CA_SUBJECT)" "$(OK_SERVER_SUBJECT)" + +cech_just_ca: + ./make_new.sh "$(CECH_CA_SUBJECT)" "$(OK_SERVER_SUBJECT)" + +cech: + ./make_new.sh "$(CECH_CA_SUBJECT)" "$(CECH_SERVER_SUBJECT)" + + +machine: + qemu.upstream -vga qxl -m 256 -spice port=6200,tls-port=7200,disable-ticketing,x509-dir=$(CWD),tls-channel=main,tls-channel=inputs + +# ca certificate in cech isn't a problem. +spicec_regular: + spicec -h localhost -p 6200 -s 7200 --secure-channels=all --ca-file ca-cert.pem --host-subject "$(OK_SERVER_SUBJECT_SPICEC)" + +spicec_cech: + spicec -h localhost -p 6200 -s 7200 --secure-channels=all --ca-file ca-cert.pem --host-subject "$(CECH_SERVER_SUBJECT_SPICEC)" + +clean: + rm -f *.secure *.pem *.csr diff --git a/630105/make_new.sh b/630105/make_new.sh new file mode 100755 index 0000000..e4d016b --- /dev/null +++ b/630105/make_new.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +# reference: +# http://www.tc.umn.edu/~brams006/selfsign.html + +SERVER_KEY=server-key.pem +# The bug is: when certificate subject is in chech, we don't parse +# it correctly (i.e. we mangle it somewhere along the way) +CERT_SUBJECT=$1 +SERVER_SUBJECT=$2 + +if [ "x$CERT_SUBJECT" == "x" ] ;then + echo supply ca subject please. + exit -1 +fi + +if [ "x$SERVER_SUBJECT" == "x" ]; then + echo supply server subject please. + exit -1 +fi + +# creating a key for our ca +if [ ! -e ca-key.pem ]; then + openssl genrsa -des3 -out ca-key.pem 1024 +fi +# creating a ca +if [ ! -e ca-cert.pem ]; then + openssl req -new -x509 -days 1095 -key ca-key.pem -out ca-cert.pem -subj "$CERT_SUBJECT" +fi +# create server key +if [ ! -e $SERVER_KEY ]; then + openssl genrsa -out $SERVER_KEY 1024 +fi +# create a certificate signing request (csr) +if [ ! -e server-key.csr ]; then + openssl req -new -key $SERVER_KEY -out server-key.csr -subj "$SERVER_SUBJECT" +fi +# signing our server certificate with this ca +if [ ! -e server-cert.pem ]; then + openssl x509 -req -days 1095 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem +fi + +# now create a key that doesn't require a passphrase +openssl rsa -in $SERVER_KEY -out $SERVER_KEY.insecure +mv $SERVER_KEY $SERVER_KEY.secure +mv $SERVER_KEY.insecure $SERVER_KEY + +# show the results (no other effect) +openssl rsa -noout -text -in $SERVER_KEY +openssl rsa -noout -text -in ca-key.pem +openssl req -noout -text -in server-key.csr +openssl x509 -noout -text -in server-cert.pem +openssl x509 -noout -text -in ca-cert.pem + +echo "Subject for server certificate in copy pastable mode:" +openssl x509 -in server-cert.pem -noout -subject -nameopt oneline,-esc_msb + diff --git a/README b/README new file mode 100644 index 0000000..16c89d1 --- /dev/null +++ b/README @@ -0,0 +1 @@ +tests for spice bugzilla (bz) entries. -- cgit v1.2.3