From: Felix Dörre Date: Tue, 4 Jul 2017 19:30:31 +0000 (+0200) Subject: upd: further cleaning of old/unused configs and scripts X-Git-Url: https://code.wpia.club/?a=commitdiff_plain;ds=inline;h=87a38bd3430f536644ec1bfabe5868c56f7b0741;p=gigi.git upd: further cleaning of old/unused configs and scripts closes #129 Change-Id: If820d0688cce3c6a658579a50d0f53db8a39643c --- diff --git a/.project b/.project index 367619cb..be8d08bf 100644 --- a/.project +++ b/.project @@ -1,6 +1,6 @@ - cacert-gigi + gigi diff --git a/config/generateTruststoreNRE.sh b/config/generateTruststoreNRE.sh index 69a76bef..fa2408d0 100755 --- a/config/generateTruststoreNRE.sh +++ b/config/generateTruststoreNRE.sh @@ -1,5 +1,5 @@ #!/bin/bash -# this script imports the cacert root certs +# this script imports the root certs into a Java key store rm -f cacerts.jks diff --git a/doc/jenkinsJob/config.xml b/doc/jenkinsJob/config.xml index b37d0afa..f9f61f04 100644 --- a/doc/jenkinsJob/config.xml +++ b/doc/jenkinsJob/config.xml @@ -181,7 +181,7 @@ serverPort.http=8098 mailPort=8473 sql.driver=org.postgresql.Driver sql.url=$$$$sql url$$$$ -sql.user=cacert +sql.user=$$$$sql user$$$$ sql.password=$$$$sql password$$$$ name.static=static.$$$$YOUR_LOOKUP_DOMAIN$$$$ name.secure=secure.$$$$YOUR_LOOKUP_DOMAIN$$$$ @@ -240,4 +240,4 @@ dpkg-buildpackage -b -us -uc - \ No newline at end of file + diff --git a/keys/generateKeys.sh b/keys/generateKeys.sh deleted file mode 100755 index e9f75a73..00000000 --- a/keys/generateKeys.sh +++ /dev/null @@ -1,136 +0,0 @@ -#!/bin/sh -# this script generates a set of sample keys -DOMAIN="cacert.local" -KEYSIZE=4096 -PRIVATEPW="changeit" - -[ -f config ] && . ./config - - -rm -Rf *.csr *.crt *.key *.pkcs12 *.ca *.crl - - -####### create various extensions files for the various certificate types ###### -cat < test_ca.cnf -subjectKeyIdentifier = hash -#extendedKeyUsage = critical -basicConstraints = CA:true -keyUsage = digitalSignature, nonRepudiation, keyCertSign, cRLSign -TESTCA - -cat < test_subca.cnf -subjectKeyIdentifier = hash -#extendedKeyUsage = critical, -basicConstraints = CA:true -keyUsage = digitalSignature, nonRepudiation, keyCertSign, cRLSign -TESTCA - -cat < test_req.cnf -basicConstraints = critical,CA:false -keyUsage = keyEncipherment, digitalSignature -extendedKeyUsage=serverAuth -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always -#crlDistributionPoints=URI:http://www.my.host/ca.crl -#authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ -TESTCA - -cat < test_reqClient.cnf -basicConstraints = critical,CA:false -keyUsage = keyEncipherment, digitalSignature -extendedKeyUsage=clientAuth -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always -#crlDistributionPoints=URI:http://www.my.host/ca.crl -#authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ -TESTCA - -cat < test_reqMail.cnf -basicConstraints = critical,CA:false -keyUsage = keyEncipherment, digitalSignature -extendedKeyUsage=emailProtection -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always -#crlDistributionPoints=URI:http://www.my.host/ca.crl -#authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ -TESTCA - - -genca(){ #subj, internalName - - openssl genrsa -out $2.key ${KEYSIZE} - openssl req -new -key $2.key -out $2.csr -subj "$1/O=Test Environment CA Ltd./OU=Test Environment CAs" - - mkdir $2.ca - mkdir $2.ca/newcerts - echo 01 > $2.ca/serial - touch $2.ca/db - echo unique_subject = no >$2.ca/db.attr - -} - -caSign(){ # key,ca,config - cd $2.ca - openssl ca -cert ../$2.crt -keyfile ../$2.key -in ../$1.csr -out ../$1.crt -days 365 -batch -config ../selfsign.config -extfile ../$3 - cd .. -} - -rootSign(){ # key - caSign $1 root test_subca.cnf -} - -genserver(){ #key, subject, config - openssl genrsa -out $1.key ${KEYSIZE} - openssl req -new -key $1.key -out $1.csr -subj "$2" -config selfsign.config - caSign $1 env "$3" - - openssl pkcs12 -inkey $1.key -in $1.crt -CAfile env.chain.crt -chain -name $1 -export -passout pass:changeit -out $1.pkcs12 - - keytool -importkeystore -noprompt -srckeystore $1.pkcs12 -destkeystore ../config/keystore.pkcs12 -srcstoretype pkcs12 -deststoretype pkcs12 -srcstorepass "changeit" -deststorepass "$PRIVATEPW" -} - - -# Generate the super Root CA -genca "/CN=Cacert-gigi testCA" root -openssl x509 -req -days 365 -in root.csr -signkey root.key -out root.crt -extfile test_ca.cnf - -# generate the various sub-CAs -genca "/CN=Environment" env -rootSign env -genca "/CN=Unassured" unassured -rootSign unassured -genca "/CN=Assured" assured -rootSign assured -genca "/CN=Codesigning" codesign -rootSign codesign -genca "/CN=Timestamping" timestamp -rootSign timestamp -genca "/CN=Orga" orga -rootSign orga -genca "/CN=Orga sign" orgaSign -rootSign orgaSign - - -cat env.crt root.crt > env.chain.crt - -# generate orga-keys specific to gigi. -# first the server keys -genserver www "/CN=www.${DOMAIN}" test_req.cnf -genserver secure "/CN=secure.${DOMAIN}" test_req.cnf -genserver static "/CN=static.${DOMAIN}" test_req.cnf -genserver api "/CN=api.${DOMAIN}" test_req.cnf - -genserver signer_client "/CN=CAcert signer handler 1" test_reqClient.cnf -genserver signer_server "/CN=CAcert signer 1" test_req.cnf - -# then the email signing key -genserver mail "/emailAddress=support@${DOMAIN}" test_reqMail.cnf - -keytool -list -keystore ../config/keystore.pkcs12 -storetype pkcs12 -storepass "$PRIVATEPW" - -rm test_ca.cnf test_subca.cnf test_req.cnf test_reqMail.cnf test_reqClient.cnf -rm env.chain.crt - -cat root.crt env.crt > ca.crt -tar cf signer_bundle.tar root.crt env.crt signer_client.crt signer_client.key signer_server.crt signer_server.key ca.crt -rm ca.crt diff --git a/static/static/keygenIE.js b/static/static/keygenIE.js deleted file mode 100644 index 4c15b230..00000000 --- a/static/static/keygenIE.js +++ /dev/null @@ -1,611 +0,0 @@ -/* -LibreSSL - CAcert web application -Copyright (C) 2004-2012 CAcert Inc. - -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; version 2 of the License. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ - -var CAcert_keygen_IE = function () { - - /// Makes a new DOM text node - var textnode = function (text) { - return document.createTextNode(text); - } - - /// makes a new

element - var paragraph = function (text) { - var paragraph = document.createElement("p"); - paragraph.appendChild(textnode(text)); - return paragraph; - } - - /// makes a new 

 elemtent
-	var pre = function (text) {
-		var pre = document.createElement("pre");
-		pre.appendChild(textnode(text));
-		return pre;
-	}
-
-	/// makes a new