-
Notifications
You must be signed in to change notification settings - Fork 90
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2766 from ControlSystemStudio/pva_tls
Secure PVA "x509" auth: Server uses name from client certificate
- Loading branch information
Showing
21 changed files
with
564 additions
and
152 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
demo/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
rm -rf demo | ||
mkdir demo | ||
cd demo | ||
|
||
keytool -genkeypair -alias myca -keystore ca.p12 -storepass changeit -dname "CN=myca" -keyalg RSA -ext BasicConstraints=ca:true | ||
keytool -list -v -keystore ca.p12 -storepass changeit | ||
keytool -exportcert -alias myca -keystore ca.p12 -storepass changeit -rfc -file myca.cer | ||
keytool -printcert -file myca.cer | ||
|
||
keytool -importcert -alias myca -keystore trust_ca.p12 -storepass changeit -file myca.cer -noprompt | ||
keytool -list -v -keystore trust_ca.p12 -storepass changeit | ||
|
||
keytool -genkeypair -alias myioc -keystore ioc.p12 -storepass changeit -dname "CN=myioc" -keyalg RSA | ||
keytool -list -v -keystore ioc.p12 -storepass changeit | ||
|
||
keytool -certreq -alias myioc -keystore ioc.p12 -storepass changeit -file myioc.csr | ||
keytool -gencert -alias myca -keystore ca.p12 -storepass changeit -ext SubjectAlternativeName=DNS:myioc -ext KeyUsage=digitalSignature -ext ExtendedKeyUsage=serverAuth,clientAuth -infile myioc.csr -outfile myioc.cer | ||
keytool -printcert -file myioc.cer | ||
|
||
keytool -importcert -alias myca -keystore ioc.p12 -storepass changeit -file myca.cer -noprompt | ||
keytool -importcert -alias myioc -keystore ioc.p12 -storepass changeit -file myioc.cer | ||
keytool -list -v -keystore ioc.p12 -storepass changeit | ||
|
||
keytool -genkeypair -alias myclient -keystore client.p12 -storepass changeit -dname "CN=Fred F." -keyalg RSA | ||
keytool -list -v -keystore client.p12 -storepass changeit | ||
|
||
keytool -certreq -alias myclient -keystore client.p12 -storepass changeit -file myclient.csr | ||
keytool -gencert -alias myca -keystore ca.p12 -storepass changeit -ext SubjectAlternativeName=DNS:client -ext KeyUsage=digitalSignature -ext ExtendedKeyUsage=serverAuth,clientAuth -infile myclient.csr -outfile myclient.cer | ||
keytool -printcert -file myclient.cer | ||
|
||
keytool -importcert -alias myca -keystore client.p12 -storepass changeit -file myca.cer -noprompt | ||
keytool -importcert -alias myclient -keystore client.p12 -storepass changeit -file myclient.cer | ||
keytool -list -v -keystore client.p12 -storepass changeit | ||
|
||
|
||
echo "*************************************************************" | ||
echo "***************** trust_ca **********************************" | ||
echo "*************************************************************" | ||
keytool -list -v -keystore trust_ca.p12 -storepass changeit | ||
|
||
echo "*************************************************************" | ||
echo "***************** IOC ***************************************" | ||
echo "*************************************************************" | ||
keytool -list -v -keystore ioc.p12 -storepass changeit | ||
|
||
echo "*************************************************************" | ||
echo "***************** Client ************************************" | ||
echo "*************************************************************" | ||
keytool -list -v -keystore client.p12 -storepass changeit | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
rm -rf demo | ||
mkdir demo | ||
cd demo | ||
|
||
keytool -genkey -alias mykey -dname "CN=server" -keystore KEYSTORE -storepass changeit -keyalg RSA | ||
keytool -export -alias mykey -keystore KEYSTORE -storepass changeit -rfc -file mykey.cer | ||
keytool -import -alias mykey -file mykey.cer -keystore TRUSTSTORE -storepass changeit -noprompt | ||
|
||
echo "*************************************************************" | ||
echo "***************** KEYSTORE **********************************" | ||
echo "*************************************************************" | ||
keytool -list -v -keystore KEYSTORE -storepass changeit | ||
|
||
echo "*************************************************************" | ||
echo "***************** TRUSTSTORE ********************************" | ||
echo "*************************************************************" | ||
keytool -list -v -keystore TRUSTSTORE -storepass changeit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/bin/sh | ||
|
||
JAR=`echo target/core-pva*.jar` | ||
if [ -r "$JAR" ] | ||
then | ||
# Echo use jar file | ||
java -cp $JAR org.epics.pva.server.ServerDemo | ||
else | ||
# Use build output | ||
java -cp target/classes org.epics.pva.server.ServerDemo | ||
fi |
Oops, something went wrong.