blob: 9a097e5bf61e7ff515c8a33e28cfd3ba11dc2998 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
<!-- -*- markdown -*- -->
Setting up a minimal system
===========================
To setup a minimal system, first make sure you have the "Requirements"
from README.md and then do:
make
make release
Removing files from your previous session
---------------------------------------
rm -f /tmp/cert1-sct
rm -rf /tmp/testcert1
Setting up the environment
----------------------
mkdir /tmp/testcert1
make tests-prepare
This will configure the servers to run on 127.0.0.1 port 8080, 8081,
and 8082. If you want to change that, change the configuration files
in `test/config`.
Starting the servers
--------------------
make tests-start
Submitting certificates
-----------------------
tools/submitcert.py --store tools/testcerts/cert1.txt --check-sct --sct-file=/tmp/cert1-sct https://127.0.0.1:8080/
This submits the certificate (in PEM format) in the file
`tools/testcerts/cert1.txt` and appends the SCT to the file
`/tmp/cert1-sct`. It also checks the signature of the SCT.
If you want to submit all the files in a
directory, use the directory name with a `/` at the end, for example
`tools/testcerts/`.
Running merge
-------------
tools/merge.py --baseurl https://127.0.0.1:8080/ \
--frontend https://127.0.0.1:8082/ \
--storage https://127.0.0.1:8081/ \
--mergedb rel/mergedb \
--keyfile rel/test/eckey.pem \
--own-keyname merge-1 \
--own-keyfile rel/privatekeys/merge-1-private.pem
This will read the submitted certificates from the storage node,
decide the order, and publish the certificates to the frontend server.
If you want to run the system continuously, run the merge command in
cron or in a while loop.
Verifying SCT:s
---------------
tools/verifysct.py --sct-file /tmp/cert1-sct https://127.0.0.1:8080/
This verifies that all the SCT:s in the file `/tmp/cert1-sct` are
actually in the log.
Running a monitor
-----------------
An easy way to run a monitor is:
while true; do ./fetchallcerts.py --store /tmp/testcert1 --write-sth https://127.0.0.1:8080/ ; sleep 10; done
This will fetch all the certificates in a log, verify the consistency
proof between the old and new versions, and save the new STH.
Stopping the system
-------------------
make tests-stop
It is important that the system is stopped before running `make
release` again, or the release build will fail.
|
