You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@thrift.apache.org by bu...@apache.org on 2014/05/02 23:53:53 UTC
svn commit: r907816 - in /websites/staging/thrift/trunk/content: ./
test/keys/index.html
Author: buildbot
Date: Fri May 2 21:53:53 2014
New Revision: 907816
Log:
Staging update by buildbot for thrift
Modified:
websites/staging/thrift/trunk/content/ (props changed)
websites/staging/thrift/trunk/content/test/keys/index.html
Propchange: websites/staging/thrift/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri May 2 21:53:53 2014
@@ -1 +1 @@
-1592053
+1592054
Modified: websites/staging/thrift/trunk/content/test/keys/index.html
==============================================================================
--- websites/staging/thrift/trunk/content/test/keys/index.html (original)
+++ websites/staging/thrift/trunk/content/test/keys/index.html Fri May 2 21:53:53 2014
@@ -70,59 +70,99 @@
</div>
<div class="container">
- <h1 id="apache-thrift-integration-test-suite">Apache Thrift - integration test suite</h1>
-<p>This is the cross everything integration test suite for Apache Thrift.
-executed by</p>
-<div class="codehilite"><pre><span class="n">make</span> <span class="nb">cross</span>
+ <h1 id="test-keys-and-certificates">Test Keys and Certificates</h1>
+<p>This folder is dedicated to test keys and certificates provided in multiple formats.
+Primary use are unit test suites and cross language tests.</p>
+<div class="codehilite"><pre><span class="n">test</span><span class="o">/</span><span class="n">keys</span>
</pre></div>
-<p>at the moment, this starts the test.sh script which does the real cross test
-with different transports, protocols and languages.</p>
-<p>Unit tests for languages ar usually located under lib/<lang>/test/
-cross language tests acording to <a href="ThriftTest">ThriftTest.thrift</a> shall be
-provided for every language including executables with the following command
-line interface for servers:</p>
-<div class="codehilite"><pre>$ <span class="o">./</span><span class="n">cpp</span><span class="o">/</span><span class="n">TestServer</span> <span class="o">-</span><span class="n">h</span>
-<span class="n">Allowed</span> <span class="n">options</span><span class="p">:</span>
- <span class="o">-</span><span class="n">h</span> <span class="p">[</span> <span class="o">--</span><span class="n">help</span> <span class="p">]</span> <span class="n">produce</span> <span class="n">help</span> <span class="n">message</span>
- <span class="o">--</span><span class="n">port</span> <span class="n">arg</span> <span class="p">(=</span>9090<span class="p">)</span> <span class="n">Port</span> <span class="n">number</span> <span class="n">to</span> <span class="n">listen</span>
- <span class="o">--</span><span class="n">domain</span><span class="o">-</span><span class="n">socket</span> <span class="n">arg</span> <span class="n">Unix</span> <span class="n">Domain</span> <span class="n">Socket</span> <span class="p">(</span><span class="n">e</span><span class="p">.</span><span class="n">g</span><span class="p">.</span> <span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">ThriftTest</span><span class="p">.</span><span class="n">thrift</span><span class="p">)</span>
- <span class="o">--</span><span class="n">server</span><span class="o">-</span><span class="n">type</span> <span class="n">arg</span> <span class="p">(=</span><span class="n">simple</span><span class="p">)</span> <span class="n">type</span> <span class="n">of</span> <span class="n">server</span><span class="p">,</span> "<span class="n">simple</span>"<span class="p">,</span> "<span class="n">thread</span><span class="o">-</span><span class="n">pool</span>"<span class="p">,</span>
- "<span class="n">threaded</span>"<span class="p">,</span> <span class="n">or</span> "<span class="n">nonblocking</span>"
- <span class="o">--</span><span class="n">transport</span> <span class="n">arg</span> <span class="p">(=</span><span class="n">buffered</span><span class="p">)</span> <span class="n">transport</span><span class="p">:</span> <span class="n">buffered</span><span class="p">,</span> <span class="n">framed</span><span class="p">,</span> <span class="n">http</span>
- <span class="o">--</span><span class="n">protocol</span> <span class="n">arg</span> <span class="p">(=</span><span class="n">binary</span><span class="p">)</span> <span class="n">protocol</span><span class="p">:</span> <span class="n">binary</span><span class="p">,</span> <span class="n">compact</span><span class="p">,</span> <span class="n">json</span>
- <span class="o">--</span><span class="n">ssl</span> <span class="n">Encrypted</span> <span class="n">Transport</span> <span class="n">using</span> <span class="n">SSL</span>
- <span class="o">--</span><span class="n">processor</span><span class="o">-</span><span class="k">events</span> <span class="n">processor</span><span class="o">-</span><span class="k">events</span>
- <span class="o">-</span><span class="n">n</span> <span class="p">[</span> <span class="o">--</span><span class="n">workers</span> <span class="p">]</span> <span class="n">arg</span> <span class="p">(=</span>4<span class="p">)</span> <span class="n">Number</span> <span class="n">of</span> <span class="n">thread</span> <span class="n">pools</span> <span class="n">workers</span><span class="p">.</span> <span class="n">Only</span> <span class="n">valid</span> <span class="k">for</span>
- <span class="n">thread</span><span class="o">-</span><span class="n">pool</span> <span class="n">server</span> <span class="n">type</span>
+<p><strong>The files in this directory must never be used on production systems.</strong></p>
+<h2 id="ssl-keys-and-certificates">SSL Keys and Certificates</h2>
+<h2 id="create-certificates">create certificates</h2>
+<p>we use the following parameters for test key and certificate creation</p>
+<div class="codehilite"><pre><span class="n">C</span><span class="p">=</span><span class="n">US</span><span class="p">,</span>
+<span class="n">ST</span><span class="p">=</span><span class="n">Maryland</span><span class="p">,</span>
+<span class="n">L</span><span class="p">=</span><span class="n">Forest</span> <span class="n">Hill</span><span class="p">,</span>
+<span class="n">O</span><span class="p">=</span><span class="n">The</span> <span class="n">Apache</span> <span class="n">Software</span> <span class="n">Foundation</span><span class="p">,</span>
+<span class="n">OU</span><span class="p">=</span><span class="n">Apache</span> <span class="n">Thrift</span><span class="p">,</span>
+<span class="n">CN</span><span class="p">=</span><span class="n">localhost</span><span class="o">/</span><span class="n">emailAddress</span><span class="p">=</span><span class="n">dev</span><span class="p">@</span><span class="n">thrift</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span>
</pre></div>
-<p>and this for clients:</p>
-<div class="codehilite"><pre>$ <span class="o">./</span><span class="n">cpp</span><span class="o">/</span><span class="n">TestClient</span> <span class="o">-</span><span class="n">h</span>
-<span class="n">Allowed</span> <span class="n">options</span><span class="p">:</span>
- <span class="o">-</span><span class="n">h</span> <span class="p">[</span> <span class="o">--</span><span class="n">help</span> <span class="p">]</span> <span class="n">produce</span> <span class="n">help</span> <span class="n">message</span>
- <span class="o">--</span><span class="n">host</span> <span class="n">arg</span> <span class="p">(=</span><span class="n">localhost</span><span class="p">)</span> <span class="n">Host</span> <span class="n">to</span> <span class="n">connect</span>
- <span class="o">--</span><span class="n">port</span> <span class="n">arg</span> <span class="p">(=</span>9090<span class="p">)</span> <span class="n">Port</span> <span class="n">number</span> <span class="n">to</span> <span class="n">connect</span>
- <span class="o">--</span><span class="n">domain</span><span class="o">-</span><span class="n">socket</span> <span class="n">arg</span> <span class="n">Domain</span> <span class="n">Socket</span> <span class="p">(</span><span class="n">e</span><span class="p">.</span><span class="n">g</span><span class="p">.</span> <span class="o">/</span><span class="n">tmp</span><span class="o">/</span><span class="n">ThriftTest</span><span class="p">.</span><span class="n">thrift</span><span class="p">),</span>
- <span class="n">instead</span> <span class="n">of</span> <span class="n">host</span> <span class="n">and</span> <span class="n">port</span>
- <span class="o">--</span><span class="n">transport</span> <span class="n">arg</span> <span class="p">(=</span><span class="n">buffered</span><span class="p">)</span> <span class="n">Transport</span><span class="p">:</span> <span class="n">buffered</span><span class="p">,</span> <span class="n">framed</span><span class="p">,</span> <span class="n">http</span><span class="p">,</span> <span class="n">evhttp</span>
- <span class="o">--</span><span class="n">protocol</span> <span class="n">arg</span> <span class="p">(=</span><span class="n">binary</span><span class="p">)</span> <span class="n">Protocol</span><span class="p">:</span> <span class="n">binary</span><span class="p">,</span> <span class="n">compact</span><span class="p">,</span> <span class="n">json</span>
- <span class="o">--</span><span class="n">ssl</span> <span class="n">Encrypted</span> <span class="n">Transport</span> <span class="n">using</span> <span class="n">SSL</span>
- <span class="o">-</span><span class="n">n</span> <span class="p">[</span> <span class="o">--</span><span class="n">testloops</span> <span class="p">]</span> <span class="n">arg</span> <span class="p">(=</span>1<span class="p">)</span> <span class="n">Number</span> <span class="n">of</span> <span class="n">Tests</span>
+<h3 id="create-self-signed-server-key-and-certificate">create self-signed server key and certificate</h3>
+<div class="codehilite"><pre><span class="n">openssl</span> <span class="n">req</span> <span class="o">-</span><span class="n">new</span> <span class="o">-</span><span class="n">x509</span> <span class="o">-</span><span class="n">nodes</span> <span class="o">-</span><span class="n">days</span> 3000 <span class="o">-</span><span class="n">out</span> <span class="n">server</span><span class="p">.</span><span class="n">crt</span> <span class="o">-</span><span class="n">keyout</span> <span class="n">server</span><span class="p">.</span><span class="n">key</span>
+<span class="n">openssl</span> <span class="n">x509</span> <span class="o">-</span><span class="n">in</span> <span class="n">server</span><span class="p">.</span><span class="n">crt</span> <span class="o">-</span><span class="n">text</span> <span class="o">></span> <span class="n">CA</span><span class="p">.</span><span class="n">pem</span>
+<span class="nb">cat</span> <span class="n">server</span><span class="p">.</span><span class="n">crt</span> <span class="n">server</span><span class="p">.</span><span class="n">key</span> <span class="o">></span> <span class="n">server</span><span class="p">.</span><span class="n">pem</span>
+</pre></div>
+
+
+<p>Export password is <strong>thrift</strong></p>
+<div class="codehilite"><pre><span class="n">openssl</span> <span class="n">pkcs12</span> <span class="o">-</span><span class="n">export</span> <span class="o">-</span><span class="n">clcerts</span> <span class="o">-</span><span class="n">in</span> <span class="n">server</span><span class="p">.</span><span class="n">crt</span> <span class="o">-</span><span class="n">inkey</span> <span class="n">server</span><span class="p">.</span><span class="n">key</span> <span class="o">-</span><span class="n">out</span> <span class="n">server</span><span class="p">.</span><span class="n">p12</span>
+</pre></div>
+
+
+<h3 id="create-client-key-and-certificate">create client key and certificate</h3>
+<div class="codehilite"><pre><span class="n">openssl</span> <span class="n">genrsa</span> <span class="o">-</span><span class="n">out</span> <span class="n">client</span><span class="p">.</span><span class="n">key</span>
+</pre></div>
+
+
+<p>create a signing request:</p>
+<div class="codehilite"><pre><span class="n">openssl</span> <span class="n">req</span> <span class="o">-</span><span class="n">new</span> <span class="o">-</span><span class="n">key</span> <span class="n">client</span><span class="p">.</span><span class="n">key</span> <span class="o">-</span><span class="n">out</span> <span class="n">client</span><span class="p">.</span><span class="n">csr</span>
+</pre></div>
+
+
+<p>sign the client certificate with the server.key</p>
+<div class="codehilite"><pre><span class="n">openssl</span> <span class="n">x509</span> <span class="o">-</span><span class="n">req</span> <span class="o">-</span><span class="n">days</span> 365 <span class="o">-</span><span class="n">in</span> <span class="n">client</span><span class="p">.</span><span class="n">csr</span> <span class="o">-</span><span class="n">CA</span> <span class="n">CA</span><span class="p">.</span><span class="n">pem</span> <span class="o">-</span><span class="n">CAkey</span> <span class="n">server</span><span class="p">.</span><span class="n">key</span> <span class="o">-</span><span class="n">set_serial</span> 01 <span class="o">-</span><span class="n">out</span> <span class="n">client</span><span class="p">.</span><span class="n">crt</span>
+</pre></div>
+
+
+<p>export certificate in PKCS12 format (Export password is <strong>thrift</strong>)</p>
+<div class="codehilite"><pre><span class="n">openssl</span> <span class="n">pkcs12</span> <span class="o">-</span><span class="n">export</span> <span class="o">-</span><span class="n">clcerts</span> <span class="o">-</span><span class="n">in</span> <span class="n">client</span><span class="p">.</span><span class="n">crt</span> <span class="o">-</span><span class="n">inkey</span> <span class="n">client</span><span class="p">.</span><span class="n">key</span> <span class="o">-</span><span class="n">out</span> <span class="n">client</span><span class="p">.</span><span class="n">p12</span>
+</pre></div>
+
+
+<p>export certificate in PEM format for OpenSSL usage</p>
+<div class="codehilite"><pre><span class="n">openssl</span> <span class="n">pkcs12</span> <span class="o">-</span><span class="n">in</span> <span class="n">client</span><span class="p">.</span><span class="n">p12</span> <span class="o">-</span><span class="n">out</span> <span class="n">client</span><span class="p">.</span><span class="n">pem</span> <span class="o">-</span><span class="n">clcerts</span>
+</pre></div>
+
+
+<h2 id="java-key-and-certificate-import">Java key and certificate import</h2>
+<p>Java Test Environment uses key and trust store password <strong>thrift</strong></p>
+<p>list keystore entries</p>
+<div class="codehilite"><pre><span class="n">keytool</span> <span class="o">-</span><span class="n">list</span> <span class="o">-</span><span class="n">storepass</span> <span class="n">thrift</span> <span class="o">-</span><span class="n">keystore</span> <span class="p">.</span><span class="o">./</span><span class="p">.</span><span class="o">./</span><span class="n">lib</span><span class="o">/</span><span class="n">java</span><span class="o">/</span><span class="n">test</span><span class="o">/</span><span class="p">.</span><span class="n">keystore</span>
+</pre></div>
+
+
+<p>list truststore entries</p>
+<div class="codehilite"><pre><span class="n">keytool</span> <span class="o">-</span><span class="n">list</span> <span class="o">-</span><span class="n">storepass</span> <span class="n">thrift</span> <span class="o">-</span><span class="n">keystore</span> <span class="p">.</span><span class="o">./</span><span class="p">.</span><span class="o">./</span><span class="n">lib</span><span class="o">/</span><span class="n">java</span><span class="o">/</span><span class="n">test</span><span class="o">/</span><span class="p">.</span><span class="n">truststore</span>
+</pre></div>
+
+
+<p>delete an entry</p>
+<div class="codehilite"><pre><span class="n">keytool</span> <span class="o">-</span><span class="n">delete</span> <span class="o">-</span><span class="n">storepass</span> <span class="n">thrift</span> <span class="o">-</span><span class="n">keystore</span> <span class="p">.</span><span class="o">./</span><span class="p">.</span><span class="o">./</span><span class="n">lib</span><span class="o">/</span><span class="n">java</span><span class="o">/</span><span class="n">test</span><span class="o">/</span><span class="p">.</span><span class="n">truststore</span> <span class="o">-</span><span class="n">alias</span> <span class="n">ssltest</span>
+</pre></div>
+
+
+<p>import certificate into truststore</p>
+<div class="codehilite"><pre><span class="n">keytool</span> <span class="o">-</span><span class="n">importcert</span> <span class="o">-</span><span class="n">storepass</span> <span class="n">thrift</span> <span class="o">-</span><span class="n">keystore</span> <span class="p">.</span><span class="o">./</span><span class="p">.</span><span class="o">./</span><span class="n">lib</span><span class="o">/</span><span class="n">java</span><span class="o">/</span><span class="n">test</span><span class="o">/</span><span class="p">.</span><span class="n">truststore</span> <span class="o">-</span><span class="n">alias</span> <span class="n">localhost</span> <span class="o">--</span><span class="n">file</span> <span class="n">server</span><span class="p">.</span><span class="n">crt</span>
+</pre></div>
+
+
+<p>import key into keystore</p>
+<div class="codehilite"><pre><span class="n">keytool</span> <span class="o">-</span><span class="n">importkeystore</span> <span class="o">-</span><span class="n">storepass</span> <span class="n">thrift</span> <span class="o">-</span><span class="n">keystore</span> <span class="p">.</span><span class="o">./</span><span class="p">.</span><span class="o">./</span><span class="n">lib</span><span class="o">/</span><span class="n">java</span><span class="o">/</span><span class="n">test</span><span class="o">/</span><span class="p">.</span><span class="n">keystore</span> <span class="o">-</span><span class="n">srcstoretype</span> <span class="n">pkcs12</span> <span class="o">-</span><span class="n">srckeystore</span> <span class="n">server</span><span class="p">.</span><span class="n">p12</span>
+</pre></div>
+
+
+<h1 id="test-ssl-server-and-clients">Test SSL server and clients</h1>
+<div class="codehilite"><pre><span class="n">openssl</span> <span class="n">s_client</span> <span class="o">-</span><span class="n">connect</span> <span class="n">localhost</span><span class="p">:</span>9090
+<span class="n">openssl</span> <span class="n">s_server</span> <span class="o">-</span><span class="n">accept</span> 9090 <span class="o">-</span><span class="n">www</span>
</pre></div>
-<p>If you have executed the <strong>make check</strong> or <strong>make cross</strong> then you will be able to browse
-<a href="gen-html/ThriftTest">gen-html/ThriftTest.html</a> with the test documentation.</p>
-<p>return code shall be 0 on success or an integer in the range 1 - 255 on error</p>
-<h2 id="ssl">SSL</h2>
-<p>Test Keys and Certificates are provided in multiple formats under the following
-directory <a href="test/keys">test/keys</a></p>
<p class='snippet_footer'>
This page was generated by Apache Thrift's <strong>source tree docs</strong>:
- <a href="http://git-wip-us.apache.org/repos/asf?p=thrift.git;a=blob;f=test/README.md;hb=HEAD"</a>test/README.md</a>
+ <a href="http://git-wip-us.apache.org/repos/asf?p=thrift.git;a=blob;f=test/keys/README.md;hb=HEAD"</a>test/keys/README.md</a>
</p>
</div>
<div class="container">