@ -0,0 +1,49 @@ | |||
# Demo Certificates | |||
This directory contains certificates used by the clients and servers in our | |||
sample programs. These certificates are for testing purposes only and should | |||
**never** be used in a production environment. | |||
As provided, the server certificates use `127.0.0.1` for the Common Name, the | |||
IP address and DNS name. This works fine when you run the client and server on | |||
the same host. However, if you want to run them on separate hosts, you may need | |||
to regenerate the certificates. (This is especially true for the JavaScript | |||
examples.) | |||
We've included the Python script `makedemocerts.py` to simplify this task. | |||
## Prerequisites | |||
You'll need Python to run the script. The script also depends on a utility | |||
package from a separate [ZeroC repository][1]. You can install this package as | |||
follows: | |||
``` | |||
pip install zeroc-icecertutils | |||
``` | |||
## Usage | |||
Running the script with `-h` displays the following usage information: | |||
``` | |||
Usage: certs/makedemocerts.py [options] | |||
Options: | |||
-h Show this message. | |||
-d | --debug Debugging output. | |||
--ip <ip> The IP address for the server certificate. | |||
--dns <dns> The DNS name for the server certificate. | |||
--use-dns Use the DNS name for the server certificate common | |||
name (default is to use the IP address). | |||
``` | |||
The `--ip`, `--dns`, and `--use-dns` options affect the generation of the server | |||
certificate. Without any arguments, the script prompts for the value of the IP | |||
address and DNS name. | |||
You can specify an alternate IP address using `--ip` and an alternate DNS name | |||
using `--dns`. The `--use-dns` flag forces the script to use the DNS name as | |||
the server's Common Name instead of the IP address. | |||
[1]: https://github.com/zeroc-ice/icecertutils |
@ -0,0 +1,23 @@ | |||
-----BEGIN CERTIFICATE----- | |||
MIIDyTCCArGgAwIBAgIIdsV6ToteQvQwDQYJKoZIhvcNAQELBQAwgYsxFTATBgNV | |||
BAMMDEljZSBEZW1vcyBDQTEMMAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJvQywg | |||
SW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkGA1UE | |||
BhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29tMB4XDTE1MDUxMjEy | |||
NDQxN1oXDTIwMDUxMDEyNDQxN1owgYsxFTATBgNVBAMMDEljZSBEZW1vcyBDQTEM | |||
MAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJvQywgSW5jLjEQMA4GA1UEBwwHSnVw | |||
aXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkGA1UEBhMCVVMxHTAbBgkqhkiG9w0B | |||
CQEWDmluZm9AemVyb2MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC | |||
AQEAyObTkcYPYVpkTJz+3R+u0Zi4qOh7rN12ZDqPUqX5NJNJf9iWA5SGEcdxynLq | |||
Ma+dj6q4JTy05oAsVNhD+DzQnCUOENE2RInNxyNJ5paGO+d9U3orFxzIT6jHdSb8 | |||
CBewzIsIFB9531Dx1MjIBxVlsJm6T+9m3eKFTMsj4giCE7lBe3U3Y5DFmgASECA2 | |||
PehvJ4fIMKyNv0kze20NRumiQ4Dp/1H6WizqF45vZzCGq4QH742GsytstPJCXuNv | |||
Ken5uNY5cfTSZRgo8YwJsHiE+d1et9JonotxgC26lytUfpq7GLL42WbbejjMcYtW | |||
jh5o07VZ1Sp+5L7p3YizfS99BQIDAQABoy8wLTAMBgNVHRMEBTADAQH/MB0GA1Ud | |||
DgQWBBQ3XEr8sU45J/upH+uavtuQc9/3rjANBgkqhkiG9w0BAQsFAAOCAQEAY3jk | |||
c1AqsQ78Fh2GnFe5Ua2756EAm8Ut2+ICV4SCJj1FQqU9V3f1AdogbXEHswvY6avy | |||
X79Cbi781jKEHboVDUm5OEIaH5121Se9ij3g30HDBM5oHyK2B2+gT9O9uyKYDsvN | |||
TeULjbn36Mcupw/3+jU4XokM55It9Tk71Nxy5sLcWM92xv3lEuIQnYaUkfy6KlQg | |||
ocjpWkKdwUgdBqd6b41J6d/VI+08iRSY3Ik4imdhIYH7xHzNpLJ4xDLCyhelafDh | |||
8H5oOp/x4seAHb5E8T2+KcxJKtz+JIUl5Qi2tbMz5nH3Ld3Rnrk0F2oFaEUtjVfZ | |||
ldGbP5JfOGx3J7ULtw== | |||
-----END CERTIFICATE----- |
@ -0,0 +1,126 @@ | |||
#!/usr/bin/env python | |||
# ********************************************************************** | |||
# | |||
# Copyright (c) 2003-2018 ZeroC, Inc. All rights reserved. | |||
# | |||
# ********************************************************************** | |||
import os, sys, socket, getopt | |||
try: | |||
import IceCertUtils | |||
except Exception as ex: | |||
print("couldn't load IceCertUtils, did you install the `zeroc-icecertutils'\n" | |||
"package from the Python package repository?\nerror: " + str(ex)) | |||
sys.exit(1) | |||
def usage(): | |||
print("Usage: " + sys.argv[0] + " [options]") | |||
print("") | |||
print("Options:") | |||
print("-h Show this message.") | |||
print("-d | --debug Debugging output.") | |||
print("--ip <ip> The IP address for the server certificate.") | |||
print("--dns <dns> The DNS name for the server certificate.") | |||
print("--use-dns Use the DNS name for the server certificate common") | |||
print(" name (default is to use the IP address)." ) | |||
sys.exit(1) | |||
# | |||
# Check arguments | |||
# | |||
debug = False | |||
ip = None | |||
dns = None | |||
usedns = False | |||
impl = "" | |||
try: | |||
opts, args = getopt.getopt(sys.argv[1:], "hd", ["help", "debug", "ip=", "dns=","use-dns","impl="]) | |||
except getopt.GetoptError as e: | |||
print("Error %s " % e) | |||
usage() | |||
sys.exit(1) | |||
for (o, a) in opts: | |||
if o == "-h" or o == "--help": | |||
usage() | |||
sys.exit(0) | |||
elif o == "-d" or o == "--debug": | |||
debug = True | |||
elif o == "--ip": | |||
ip = a | |||
elif o == "--dns": | |||
dns = a | |||
elif o == "--use-dns": | |||
usedns = True | |||
elif o == "--impl": | |||
impl = a | |||
def request(question, newvalue, value): | |||
while True: | |||
sys.stdout.write(question) | |||
sys.stdout.flush() | |||
input = sys.stdin.readline().strip() | |||
if input == 'n': | |||
sys.stdout.write(newvalue) | |||
sys.stdout.flush() | |||
return sys.stdin.readline().strip() | |||
else: | |||
return value | |||
# | |||
# Change to the directory where the certs files are stored | |||
# | |||
os.chdir(os.path.dirname(os.path.abspath(__file__))) | |||
if not ip: | |||
try: | |||
ip = socket.gethostbyname(socket.gethostname()) | |||
except: | |||
ip = "127.0.0.1" | |||
ip = request("The IP address used for the server certificate will be: " + ip + "\n" | |||
"Do you want to keep this IP address? (y/n) [y]", "IP : ", ip) | |||
if not dns: | |||
dns = "localhost" | |||
dns = request("The DNS name used for the server certificate will be: " + dns + "\n" | |||
"Do you want to keep this DNS name? (y/n) [y]", "DNS : ", dns) | |||
CertificateFactory = vars(IceCertUtils)[impl + "CertificateFactory"] | |||
factory = CertificateFactory(debug=debug, cn="Ice Demos CA") | |||
# | |||
# CA certificate | |||
# | |||
factory.getCA().save("cacert.pem").save("cacert.der") | |||
# Client certificate | |||
client = factory.create("client") | |||
client.save("client.p12") | |||
# Server certificate | |||
server = factory.create("server", cn = (dns if usedns else ip), ip=ip, dns=dns) | |||
server.save("server.p12") | |||
try: | |||
factory.getCA().save("cacert.pem").save("cacert.jks") # Used by the Database/library demo | |||
server.save("server.jks", caalias="cacert") | |||
client.save("client.jks", caalias="cacert") | |||
# Don't try to generate the BKS if the JKS generation fails | |||
try: | |||
server.save("server.bks", caalias="cacert") | |||
client.save("client.bks", caalias="cacert") | |||
except Exception as ex: | |||
for f in ["server.bks", "client.bks"]: | |||
if os.path.exists(f): os.remove(f) | |||
print("warning: couldn't generate BKS certificates for Android applications:\n" + str(ex)) | |||
print("Please fix this issue if you want to run the Android demos.") | |||
except Exception as ex: | |||
for f in ["server.jks", "client.jks"]: | |||
if os.path.exists(f): os.remove(f) | |||
print("warning: couldn't generate JKS certificates for Java applications:\n" + str(ex)) | |||
print("Please fix this issue if you want to run the Java demos.") | |||
factory.destroy() |
@ -0,0 +1,87 @@ | |||
# | |||
# Set the Glacier2 instance name. | |||
# | |||
Glacier2.InstanceName=MWServer | |||
# | |||
# The client-visible endpoint of Glacier2. This should be an endpoint | |||
# visible from the public Internet, and it should be secure. | |||
# | |||
# When no -h <host> option is specified in the endpoints, the default | |||
# value from the Ice.Default.Host property is used. If this property | |||
# isn't set, the endpoints will listen on all available network | |||
# interfaces. | |||
# | |||
Glacier2.Client.Endpoints=tcp -p 4063:ssl -p 4064:ws -p 5063:wss -p 5064 | |||
# | |||
# Only listen on the localhost interface by default. You can comment | |||
# out this property to allow listening on all available interfaces. | |||
# | |||
Ice.Default.Host=127.0.0.1 | |||
# | |||
# Disable client-side authentication. JavaScript clients using | |||
# a secure WebSocket (WSS) doesn't support client-side | |||
# authentication. | |||
# | |||
IceSSL.VerifyPeer=0 | |||
# | |||
# The server-visible endpoint of Glacier2. This endpoint is only | |||
# required if callbacks are needed (leave empty otherwise). This | |||
# should be an endpoint on an internal network (like 192.168.x.x), or | |||
# on the loopback, so that the server is not directly accessible from | |||
# the Internet. | |||
# | |||
Glacier2.Server.Endpoints=tcp -h localhost | |||
# | |||
# The proxy of the session manager. | |||
# | |||
Glacier2.SessionManager=MWSessionManager:tcp -h localhost -p 10001 | |||
# | |||
# For this demo, we use a custom permissions verifier collocated with | |||
# the session manager. | |||
# | |||
Glacier2.PermissionsVerifier=MWSessionVerifier:tcp -h localhost -p 10001 | |||
# | |||
# The timeout for inactive sessions. If any client session is inactive | |||
# for longer than this value, the session expires and is removed. The | |||
# unit is seconds. | |||
# | |||
Glacier2.SessionTimeout=30 | |||
# | |||
# Only allow access to back end "sesion" objects. | |||
# | |||
Glacier2.Filter.Category.Accept=session | |||
# | |||
# Security Tracing | |||
# | |||
# 0 = no security tracing | |||
# 1 = trace messages | |||
# | |||
#IceSSL.Trace.Security=1 | |||
# | |||
# SSL Configuration | |||
# | |||
Ice.Plugin.IceSSL=IceSSL:createIceSSL | |||
IceSSL.DefaultDir=../certs | |||
IceSSL.CAs=cacert.pem | |||
IceSSL.CertFile=server.p12 | |||
IceSSL.Password=password | |||
IceSSL.Keychain=../certs/glacier2.keychain | |||
IceSSL.KeychainPassword=password | |||
# | |||
# IceMX configuration. | |||
# | |||
#Ice.Admin.Endpoints=tcp -h localhost -p 10004 | |||
Ice.Admin.InstanceName=glacier2router | |||
IceMX.Metrics.Debug.GroupBy=id | |||
IceMX.Metrics.ByParent.GroupBy=parent |