Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for attaching cert and cert chain in attach command Git… #2602

Merged
merged 13 commits into from
Feb 17, 2023
Merged

Added support for attaching cert and cert chain in attach command Git… #2602

Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
1a78bdf
Written end to end test case for cossign attach command
MukulSharma77 Jan 19, 2023
c7f50ad
file contain certchain for e2e attach test
MukulSharma77 Jan 19, 2023
84638fc
file contain leaf cert for e2e attach test
MukulSharma77 Jan 19, 2023
c3d7031
file contains private key of leaf cert for e2e attach test
MukulSharma77 Jan 19, 2023
6bbeddf
file contain root cert for e2e attach test
MukulSharma77 Jan 19, 2023
64cda98
Added instruction for generating certificates for e2e attach test script
MukulSharma77 Jan 25, 2023
ae8b79b
updated arguments of attach.SignatureCmd() function to include cert a…
MukulSharma77 Jan 26, 2023
3ffa110
removed trailing white spaces
MukulSharma77 Jan 26, 2023
38f953b
removed trailing white spaces
MukulSharma77 Jan 26, 2023
307dd50
Added support for attaching cert and cert chain in attach command
MukulSharma77 Feb 10, 2023
c7488ff
executed make docgen to generate file file
MukulSharma77 Feb 10, 2023
6eb9fcc
Resolved gofmt lint error
MukulSharma77 Feb 10, 2023
be4ed5d
corrected the display format to be used for commands
MukulSharma77 Feb 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
corrected the display format to be used for commands 
Signed-off-by: Mukul Sharma (Nokia) <mukul.sharma@nokia.com>
  • Loading branch information
@MukulSharma77
MukulSharma77 committed Feb 17, 2023
commit be4ed5d0c349773fbb48b3795fbf6aee8f8f0609
78 changes: 64 additions & 14 deletions test/testdata/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,46 +13,96 @@ and then you replace the old `test/testdata/test_blob_cert.pem` with the new cer
If the test/testdata/test_attach_leafcert.pem or test_attach_rootcert.pem or test_attach_certchain.pem expires than you can generate a new certificate and certificate using the given steps

1. Generate a private key for Root certificate
haydentherapper marked this conversation as resolved.
Show resolved Hide resolved
openssl genrsa -des3 -out rootCA.key 2048

```shell
$ openssl genrsa -des3 -out rootCA.key 2048
```
2. Generate Root certificate
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1825 -out rootCA.crt

```shell
$ openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1825 -out rootCA.crt
```
in Certificate generation set following values
C = IN, ST = DEL, L = DEL, O = example.com, OU = sigstore, CN = sigstore, emailAddress = foo@example.com

3. Generate Private key for Intermediate certificate
openssl genrsa -out intermediateCA.key 2048

```shell
$ openssl genrsa -out intermediateCA.key 2048
```
4. Generate CSR for Intermediate certificate
openssl req -new -key intermediateCA.key -out intermediateCA.csr

```shell
$ openssl req -new -key intermediateCA.key -out intermediateCA.csr
```
in Certificate generation set following values
C = IN, ST = DEL, L = DEL, O = example.com, OU = sigstore-sub, CN = sigstore-sub, emailAddress = foo@example.com

5. Create intermediate certificate config file by name "intermediateConfigFile" having content
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true, pathlen:0
keyUsage = critical, digitalSignature, cRLSign, keyCertSign

6. Create intermediate certificate
openssl x509 -req -in intermediateCA.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -CAserial intermediateca.srl -out intermediateCA.crt -days 1825 -sha256 -extfile intermediateConfigFile

```shell
$ openssl x509 -req -in intermediateCA.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -CAserial intermediateca.srl -out intermediateCA.crt -days 1825 -sha256 -extfile intermediateConfigFile
```

7. Create Private key for leaf certificate
openssl genrsa -out leafCA.key 2048

```shell
$ openssl genrsa -out leafCA.key 2048
```

8. Create CSR for Leaf certificate
openssl req -new -key leafCA.key -out leafCA.csr

```shell
$ openssl req -new -key leafCA.key -out leafCA.csr
```
in certificate generation set following values
C = IN, ST = DEL, L = DEL, O = example.com, OU = sigstore-leaf, CN = sigstore-leaf, emailAddress = foo@example.com

9. Create Leaf certificate config file by name "leafConfigFile" having content
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage=codeSigning
subjectAltName=email:copy
10.Create Leaf certificate
openssl x509 -req -in leafCA.csr -CA intermediateCA.crt -CAkey intermediateCA.key -CAcreateserial -CAserial leafca.srl -out leafCA.crt -days 1825 -sha256 -extfile leafConfigFile

10. Create Leaf certificate

```shell
$ openssl x509 -req -in leafCA.csr -CA intermediateCA.crt -CAkey intermediateCA.key -CAcreateserial -CAserial leafca.srl -out leafCA.crt -days 1825 -sha256 -extfile leafConfigFile
```

11. Generate Certificate chain by concatinating Intermediate certificate and Root certificate
cat intermediateCA.crt rootCA.crt > certChain.crt

```shell
$ cat intermediateCA.crt rootCA.crt > certChain.crt
```

12. copy private key of Leaf certificate to test/testdata/test_attach_private.key
cp leafCA.key test/testdata/test_attach_private.key

```shell
$ cp leafCA.key test/testdata/test_attach_private.key
```

13. copy root certificate to test/testdata/test_attach_rootcert.pem
cp rootCA.crt test/testdata/test_attach_rootcert.pem

```shell
$ cp rootCA.crt test/testdata/test_attach_rootcert.pem
```

14. copy cert chain to test/testdata/test_attach_certchain.pem
cp certChain.crt test/testdata/test_attach_certchain.pem

```shell
$ cp certChain.crt test/testdata/test_attach_certchain.pem
```

15. copy Leaf certificate to test/testdata/test_attach_leafcert.pem
cp leafCA.crt test/testdata/test_attach_leafcert.pem

```shell
$ cp leafCA.crt test/testdata/test_attach_leafcert.pem
```