You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@river.apache.org by Simon IJskes - QCG <si...@qcg.nl> on 2012/01/24 11:55:27 UTC
Re: svn commit: r1235063 - in /river/jtsk/skunk/peterConcurrentPolicy:
bouncy-castle/ qa/ qa/jtreg/certs/ qa/jtreg/net/jini/jeri/tcp/localHostExposure/
qa/jtreg/net/jini/jeri/transport/multihomed/ qa/jtreg/net/jini/security/Security/implicitGrants/
qa/jtre...
On 24-01-12 00:29, peter_firmstone@apache.org wrote:
>
> Commenced writing a bouncy castle self signed certificate generator to replace DSTC JCSI.
>
You know you can generate self signed certificates with the java jdk
keytool?
Gr. Sim
--
QCG, Software voor het MKB, 071-5890970, http://www.qcg.nl
Quality Consultancy Group b.v., Leiderdorp, Kvk Den Haag: 28088397
Re: svn commit: r1235063 - in /river/jtsk/skunk/peterConcurrentPolicy:
bouncy-castle/ qa/ qa/jtreg/certs/ qa/jtreg/net/jini/jeri/tcp/localHostExposure/
qa/jtreg/net/jini/jeri/transport/multihomed/ qa/jtreg/net/jini/security/Security/implicitGrants/
qa/jtre...
Posted by Peter Firmstone <ji...@zeus.net.au>.
Simon IJskes - QCG wrote:
> On 24-01-12 00:29, peter_firmstone@apache.org wrote:
>>
>> Commenced writing a bouncy castle self signed certificate generator
>> to replace DSTC JCSI.
>>
>
> You know you can generate self signed certificates with the java jdk
> keytool?
>
> Gr. Sim
>
Hmm, it uses keytool, but doesn't use keytool to generate the keys and
certificate. The private key is encrypted and password protected before
writing to file. I just figured it was best to replicate it blindly
without asking why.
Cheers,
Peter.
Re: svn commit: r1235063 - in /river/jtsk/skunk/peterConcurrentPolicy:
bouncy-castle/ qa/ qa/jtreg/certs/ qa/jtreg/net/jini/jeri/tcp/localHostExposure/
qa/jtreg/net/jini/jeri/transport/multihomed/ qa/jtreg/net/jini/security/Security/implicitGrants/
qa/jtre...
Posted by Peter Firmstone <ji...@zeus.net.au>.
Simon IJskes - QCG wrote:
> On 24-01-12 00:29, peter_firmstone@apache.org wrote:
>>
>> Commenced writing a bouncy castle self signed certificate generator
>> to replace DSTC JCSI.
>>
>
> You know you can generate self signed certificates with the java jdk
> keytool?
>
> Gr. Sim
>
The tool used to generate two test Certificate Authorities and used
these to sign user certificates that were generated separately by
keytool. The CertificateAuthorities certs are self signed, but the user
certs aren't. Keytool generates the certificate requests, and the CA
tool used to generate the certificate chains, then keytool was used to
import these certificate chains into the users trust stores.
Cheers,
Peter.
Re: svn commit: r1235063 - in /river/jtsk/skunk/peterConcurrentPolicy:
bouncy-castle/ qa/ qa/jtreg/certs/ qa/jtreg/net/jini/jeri/tcp/localHostExposure/
qa/jtreg/net/jini/jeri/transport/multihomed/ qa/jtreg/net/jini/security/Security/implicitGrants/
qa/jtre...
Posted by Peter Firmstone <ji...@zeus.net.au>.
Simon IJskes - QCG wrote:
> On 24-01-12 00:29, peter_firmstone@apache.org wrote:
>>
>> Commenced writing a bouncy castle self signed certificate generator
>> to replace DSTC JCSI.
>>
>
> You know you can generate self signed certificates with the java jdk
> keytool?
>
> Gr. Sim
>
I'm not sure if I've got the order correct although make reported
errors, I'm going to run the jtreg tests again anyway and see what breaks.
Cheers,
Peter.
bash-3.00$ make compile
/usr/jdk/jdk1.6.0_30/bin/javac \
-d . \
-classpath
.:../../../bouncy-castle/bcprov-jdk16-146.jar:../../../bouncy-castle/bcmail-jdk16-146.jar
\
*.java
bash-3.00$ ./run-ca.sh ./test-ca1.properties
bash-3.00$ ls keys
old test-ca1.cert test-ca1.key
bash-3.00$ ./run-ca.sh ./test-ca2.properties
bash-3.00$ ls
CA.class keys keystest-ca1.key
Makefile run-ca.sh test-ca2.properties
CA.java keystest-ca1.cert keystores
password test-ca1.properties
bash-3.00$ rm keyst
keystest-ca1.cert keystest-ca1.key keystores/
bash-3.00$ rm keystest-ca1.*
bash-3.00$ ls
CA.class keys Makefile
run-ca.sh test-ca2.properties
CA.java keystores password
test-ca1.properties
bash-3.00$ ls keys
old test-ca1.cert test-ca1.key test-ca2.cert test-ca2.key
bash-3.00$ ls keystores
test-ca.truststore test-user1A.keystore test-user1D.keystore
test-user2B.keystore test-user2E.keystore
test-ca1.truststore test-user1B.keystore test-user1E.keystore
test-user2C.keystore users.truststore
test-ca2.truststore test-user1C.keystore test-user2A.keystore
test-user2D.keystore
bash-3.00$ ls
CA.class keys Makefile
run-ca.sh test-ca2.properties
CA.java keystores password
test-ca1.properties
bash-3.00$ mv keystores keystores.old
bash-3.00$ mkdir keystores
bash-3.00$ ls keystores.old/
test-ca.truststore test-user1A.keystore test-user1D.keystore
test-user2B.keystore test-user2E.keystore
test-ca1.truststore test-user1B.keystore test-user1E.keystore
test-user2C.keystore users.truststore
test-ca2.truststore test-user1C.keystore test-user2A.keystore
test-user2D.keystore
bash-3.00$ ls keystores.old/users.truststore
keystores.old/users.truststore
bash-3.00$ ant create
Buildfile: build.xml does not exist!
Build failed
bash-3.00$ make create
rm -f keystores/*.*store
rm -rf requests
mkdir requests
for c in 1 2; do \
for u in A B C D E; do \
echo Creating Test User $c$u; \
/usr/jdk/jdk1.6.0_30/bin/keytool -storepass keypass -keypass
keypass -validity 3650 \
-genkey \
-keystore keystores/test-user$c$u.keystore \
-alias test-user$c$u \
-dname "CN=Test User $c$u, OU=Jini Group, O=Sun Microsystems
Inc, L=Burlington, ST=MA, C=US"; \
/usr/jdk/jdk1.6.0_30/bin/keytool -storepass keypass -keypass
keypass -validity 3650 \
-certreq \
-keystore keystores/test-user$c$u.keystore \
-alias test-user$c$u \
-file requests/test-user$c$u.request; \
done; \
done
Creating Test User 1A
Creating Test User 1B
Creating Test User 1C
Creating Test User 1D
Creating Test User 1E
Creating Test User 2A
Creating Test User 2B
Creating Test User 2C
Creating Test User 2D
Creating Test User 2E
bash-3.00$ make create_users_truststore
rm -f keystores/users.truststore
for c in 1 2; do \
for u in A B C D E; do \
/usr/jdk/jdk1.6.0_30/bin/keytool -storepass keypass -keypass
keypass -validity 3650 \
-export \
-keystore keystores/test-user$c$u.keystore \
-alias test-user$c$u -file /tmp/tmp.cert; \
/usr/jdk/jdk1.6.0_30/bin/keytool -storepass keypass -keypass
keypass -validity 3650 \
-import \
-keystore keystores/users.truststore \
-alias test-user$c$u -noprompt -file /tmp/tmp.cert; \
done; \
done
Certificate stored in file </tmp/tmp.cert>
Certificate was added to keystore
Certificate stored in file </tmp/tmp.cert>
Certificate was added to keystore
Certificate stored in file </tmp/tmp.cert>
Certificate was added to keystore
Certificate stored in file </tmp/tmp.cert>
Certificate was added to keystore
Certificate stored in file </tmp/tmp.cert>
Certificate was added to keystore
Certificate stored in file </tmp/tmp.cert>
Certificate was added to keystore
Certificate stored in file </tmp/tmp.cert>
Certificate was added to keystore
Certificate stored in file </tmp/tmp.cert>
Certificate was added to keystore
Certificate stored in file </tmp/tmp.cert>
Certificate was added to keystore
Certificate stored in file </tmp/tmp.cert>
Certificate was added to keystore
rm -f /tmp/tmp.cert
bash-3.00$ make import
for c in 1 2; do \
/usr/jdk/jdk1.6.0_30/bin/keytool -storepass keypass -keypass keypass
-validity 3650 \
-import \
-noprompt \
-keystore keystores/test-ca$c.truststore \
-alias test-ca$c \
-file keys/test-ca$c.cert; \
/usr/jdk/jdk1.6.0_30/bin/keytool -storepass keypass -keypass keypass
-validity 3650 \
-import \
-noprompt \
-keystore keystores/test-ca.truststore \
-alias test-ca$c \
-file keys/test-ca$c.cert; \
for u in A B C D E; do \
/usr/jdk/jdk1.6.0_30/bin/keytool -storepass keypass -keypass
keypass -validity 3650 \
-import \
-noprompt \
-keystore keystores/test-user$c$u.keystore \
-alias test-user$c$u \
-file requests/test-user$c$u.chain; \
done; \
done
Certificate was added to keystore
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: requests/test-user1A.chain
(No such file or directory)
*** Error code 1
make: Fatal error: Command failed for target `import'
bash-3.00$ ls requests/
test-user1A.request test-user1C.request test-user1E.request
test-user2B.request test-user2D.request
test-user1B.request test-user1D.request test-user2A.request
test-user2C.request test-user2E.request
bash-3.00$