README.md

# alternate-mdx

Alternate MDX research project

## Usage
- apt install swig
- Create python virtualenv
- Activate virtualenv (```. bin/activate```)
- ```pip install -r requirements.txt```
- Create (self-signed) metadata signing cert (```meta.crt/meta.key```)
- Create output directory (```mkdir output```)
- Download metadata file(s)
- Run one or more of the tools below

## ```mdwriter.py [mdfile] [mdfile] [mdfile] ...```
Reads source metadata file(s) and outputs them signed to filesystem

## ```mdsigner.py```
Starts a metadata signer server.
Reads source metadata files(s) from mdsigner.yaml configuration, see example.
Reloads metadata on inotify CLOSE_WRITE of metadata file.
Serves and caches signed by realm signer from memory, on request

## ```mdproxy.py```
Reads config from mdproxy.yaml configuration, see example.
Caches signed and cached ```mdsigner.py``` metadata requests

## Queries
MDQ Queries can then be pointed at

- ```http://mdsigner:5001/<realm>/entities/<entityid>```
- ```http://mdproxy:5002/<realm>/entities/<entityid>```

## Bootstrap softHSM2
This is a very brief summary of the successive commands to initialize softHSM2 for testing. Tested on Ubuntu 21.10.
```
# apt install softhsm opensc libengine-pkcs11-openssl
# softhsm2-util --show-slots
# softhsm2-util --init-token --slot 0 --label "My token 1" --pin "secret" --so-pin "secret"
# softhsm2-util --show-slots

# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so -l -k --key-type rsa:1024 --slot-index 0 --id a1b2 --label test --pin secret
# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so -l --pin secret -O

# openssl req -new -x509 -subj "/CN=Test Signer" -engine pkcs11 -keyform engine -key label_test -passin 'pass:secret' -out hsm.crt
# openssl x509 -inform PEM -outform DER -in hsm.crt -out hsm.der

# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so -l --slot-index 0 --id a1b2 --label test -y cert -w hsm.der --pin secret
# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so -l --pin secret -O
```