README.md 1.96 KB
Newer Older
Martin van Es's avatar
Martin van Es committed
1
2
# alternate-mdx

Martin van Es's avatar
Martin van Es committed
3
4
5
Alternate MDX research project

## Usage
Martin van Es's avatar
Martin van Es committed
6
- apt install swig
Martin van Es's avatar
Martin van Es committed
7
8
9
10
11
12
- Create python virtualenv
- Activate virtualenv (```. bin/activate```)
- ```pip install -r requirements.txt```
- Create (self-signed) metadata signing cert (```meta.crt/meta.key```)
- Create output directory (```mkdir output```)
- Download metadata file(s)
Martin van Es's avatar
Martin van Es committed
13
14
- Run one or more of the tools below

15
## ```mdwriter.py [mdfile] [mdfile] [mdfile] ...```
Martin van Es's avatar
Martin van Es committed
16
17
Reads source metadata file(s) and outputs them signed to filesystem

18
## ```mdsigner.py```
19
Starts a metadata signer server.
20
21
Reads source metadata files(s) from mdsigner.yaml configuration, see example.
Reloads metadata on inotify CLOSE_WRITE of metadata file.
22
Serves and caches signed by realm signer from memory, on request
Martin van Es's avatar
Martin van Es committed
23
24

## ```mdproxy.py```
25
Reads config from mdproxy.yaml configuration, see example.
26
Caches signed and cached ```mdsigner.py``` metadata requests
27
28
29
30

## Queries
MDQ Queries can then be pointed at

31
- ```http://mdsigner:5001/<realm>/entities/<entityid>```
32
- ```http://mdproxy:5002/<realm>/entities/<entityid>```
Martin van Es's avatar
Martin van Es committed
33
34
35
36

## Bootstrap softHSM2
This is a very brief summary of the successive commands to initialize softHSM2 for testing. Tested on Ubuntu 21.10.
```
Martin van Es's avatar
Martin van Es committed
37
# apt install softhsm opensc libengine-pkcs11-openssl
Martin van Es's avatar
Martin van Es committed
38
39
40
41
42
43
44
45
46
47
48
# softhsm2-util --show-slots
# softhsm2-util --init-token --slot 0 --label "My token 1" --pin "secret" --so-pin "secret"
# softhsm2-util --show-slots

# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so -l -k --key-type rsa:1024 --slot-index 0 --id a1b2 --label test --pin secret
# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so -l --pin secret -O

# openssl req -new -x509 -subj "/CN=Test Signer" -engine pkcs11 -keyform engine -key label_test -passin 'pass:secret' -out hsm.crt
# openssl x509 -inform PEM -outform DER -in hsm.crt -out hsm.der

# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so -l --slot-index 0 --id a1b2 --label test -y cert -w hsm.der --pin secret
Martin van Es's avatar
Martin van Es committed
49
# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so -l --pin secret -O
50
```