14 changed files with 293 additions and 1 deletions
Split View
Diff Options
-
+7 -0README.md
-
+49 -0certs/README.md
-
BINcerts/cacert.der
-
BINcerts/cacert.jks
-
+23 -0certs/cacert.pem
-
BINcerts/client.bks
-
BINcerts/client.jks
-
BINcerts/client.p12
-
+126 -0certs/makedemocerts.py
-
BINcerts/server.bks
-
BINcerts/server.jks
-
BINcerts/server.p12
-
+87 -0src/config.glacier2
-
+1 -1src/config.server
+ 7
- 0
README.md
View File
+ 49
- 0
certs/README.md
View File
| @ -0,0 +1,49 @@ | |||
| # Demo Certificates | |||
| This directory contains certificates used by the clients and servers in our | |||
| sample programs. These certificates are for testing purposes only and should | |||
| **never** be used in a production environment. | |||
| As provided, the server certificates use `127.0.0.1` for the Common Name, the | |||
| IP address and DNS name. This works fine when you run the client and server on | |||
| the same host. However, if you want to run them on separate hosts, you may need | |||
| to regenerate the certificates. (This is especially true for the JavaScript | |||
| examples.) | |||
| We've included the Python script `makedemocerts.py` to simplify this task. | |||
| ## Prerequisites | |||
| You'll need Python to run the script. The script also depends on a utility | |||
| package from a separate [ZeroC repository][1]. You can install this package as | |||
| follows: | |||
| ``` | |||
| pip install zeroc-icecertutils | |||
| ``` | |||
| ## Usage | |||
| Running the script with `-h` displays the following usage information: | |||
| ``` | |||
| Usage: certs/makedemocerts.py [options] | |||
| Options: | |||
| -h Show this message. | |||
| -d | --debug Debugging output. | |||
| --ip <ip> The IP address for the server certificate. | |||
| --dns <dns> The DNS name for the server certificate. | |||
| --use-dns Use the DNS name for the server certificate common | |||
| name (default is to use the IP address). | |||
| ``` | |||
| The `--ip`, `--dns`, and `--use-dns` options affect the generation of the server | |||
| certificate. Without any arguments, the script prompts for the value of the IP | |||
| address and DNS name. | |||
| You can specify an alternate IP address using `--ip` and an alternate DNS name | |||
| using `--dns`. The `--use-dns` flag forces the script to use the DNS name as | |||
| the server's Common Name instead of the IP address. | |||
| [1]: https://github.com/zeroc-ice/icecertutils | |||
BIN
certs/cacert.der
View File
BIN
certs/cacert.jks
View File
+ 23
- 0
certs/cacert.pem
View File
| @ -0,0 +1,23 @@ | |||
| -----BEGIN CERTIFICATE----- | |||
| MIIDyTCCArGgAwIBAgIIdsV6ToteQvQwDQYJKoZIhvcNAQELBQAwgYsxFTATBgNV | |||
| BAMMDEljZSBEZW1vcyBDQTEMMAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJvQywg | |||
| SW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkGA1UE | |||
| BhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29tMB4XDTE1MDUxMjEy | |||
| NDQxN1oXDTIwMDUxMDEyNDQxN1owgYsxFTATBgNVBAMMDEljZSBEZW1vcyBDQTEM | |||
| MAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJvQywgSW5jLjEQMA4GA1UEBwwHSnVw | |||
| aXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkGA1UEBhMCVVMxHTAbBgkqhkiG9w0B | |||
| CQEWDmluZm9AemVyb2MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC | |||
| AQEAyObTkcYPYVpkTJz+3R+u0Zi4qOh7rN12ZDqPUqX5NJNJf9iWA5SGEcdxynLq | |||
| Ma+dj6q4JTy05oAsVNhD+DzQnCUOENE2RInNxyNJ5paGO+d9U3orFxzIT6jHdSb8 | |||
| CBewzIsIFB9531Dx1MjIBxVlsJm6T+9m3eKFTMsj4giCE7lBe3U3Y5DFmgASECA2 | |||
| PehvJ4fIMKyNv0kze20NRumiQ4Dp/1H6WizqF45vZzCGq4QH742GsytstPJCXuNv | |||
| Ken5uNY5cfTSZRgo8YwJsHiE+d1et9JonotxgC26lytUfpq7GLL42WbbejjMcYtW | |||
| jh5o07VZ1Sp+5L7p3YizfS99BQIDAQABoy8wLTAMBgNVHRMEBTADAQH/MB0GA1Ud | |||
| DgQWBBQ3XEr8sU45J/upH+uavtuQc9/3rjANBgkqhkiG9w0BAQsFAAOCAQEAY3jk | |||
| c1AqsQ78Fh2GnFe5Ua2756EAm8Ut2+ICV4SCJj1FQqU9V3f1AdogbXEHswvY6avy | |||
| X79Cbi781jKEHboVDUm5OEIaH5121Se9ij3g30HDBM5oHyK2B2+gT9O9uyKYDsvN | |||
| TeULjbn36Mcupw/3+jU4XokM55It9Tk71Nxy5sLcWM92xv3lEuIQnYaUkfy6KlQg | |||
| ocjpWkKdwUgdBqd6b41J6d/VI+08iRSY3Ik4imdhIYH7xHzNpLJ4xDLCyhelafDh | |||
| 8H5oOp/x4seAHb5E8T2+KcxJKtz+JIUl5Qi2tbMz5nH3Ld3Rnrk0F2oFaEUtjVfZ | |||
| ldGbP5JfOGx3J7ULtw== | |||
| -----END CERTIFICATE----- | |||
BIN
certs/client.bks
View File
BIN
certs/client.jks
View File
BIN
certs/client.p12
View File
+ 126
- 0
certs/makedemocerts.py
View File
| @ -0,0 +1,126 @@ | |||
| #!/usr/bin/env python | |||
| # ********************************************************************** | |||
| # | |||
| # Copyright (c) 2003-2018 ZeroC, Inc. All rights reserved. | |||
| # | |||
| # ********************************************************************** | |||
| import os, sys, socket, getopt | |||
| try: | |||
| import IceCertUtils | |||
| except Exception as ex: | |||
| print("couldn't load IceCertUtils, did you install the `zeroc-icecertutils'\n" | |||
| "package from the Python package repository?\nerror: " + str(ex)) | |||
| sys.exit(1) | |||
| def usage(): | |||
| print("Usage: " + sys.argv[0] + " [options]") | |||
| print("") | |||
| print("Options:") | |||
| print("-h Show this message.") | |||
| print("-d | --debug Debugging output.") | |||
| print("--ip <ip> The IP address for the server certificate.") | |||
| print("--dns <dns> The DNS name for the server certificate.") | |||
| print("--use-dns Use the DNS name for the server certificate common") | |||
| print(" name (default is to use the IP address)." ) | |||
| sys.exit(1) | |||
| # | |||
| # Check arguments | |||
| # | |||
| debug = False | |||
| ip = None | |||
| dns = None | |||
| usedns = False | |||
| impl = "" | |||
| try: | |||
| opts, args = getopt.getopt(sys.argv[1:], "hd", ["help", "debug", "ip=", "dns=","use-dns","impl="]) | |||
| except getopt.GetoptError as e: | |||
| print("Error %s " % e) | |||
| usage() | |||
| sys.exit(1) | |||
| for (o, a) in opts: | |||
| if o == "-h" or o == "--help": | |||
| usage() | |||
| sys.exit(0) | |||
| elif o == "-d" or o == "--debug": | |||
| debug = True | |||
| elif o == "--ip": | |||
| ip = a | |||
| elif o == "--dns": | |||
| dns = a | |||
| elif o == "--use-dns": | |||
| usedns = True | |||
| elif o == "--impl": | |||
| impl = a | |||
| def request(question, newvalue, value): | |||
| while True: | |||
| sys.stdout.write(question) | |||
| sys.stdout.flush() | |||
| input = sys.stdin.readline().strip() | |||
| if input == 'n': | |||
| sys.stdout.write(newvalue) | |||
| sys.stdout.flush() | |||
| return sys.stdin.readline().strip() | |||
| else: | |||
| return value | |||
| # | |||
| # Change to the directory where the certs files are stored | |||
| # | |||
| os.chdir(os.path.dirname(os.path.abspath(__file__))) | |||
| if not ip: | |||
| try: | |||
| ip = socket.gethostbyname(socket.gethostname()) | |||
| except: | |||
| ip = "127.0.0.1" | |||
| ip = request("The IP address used for the server certificate will be: " + ip + "\n" | |||
| "Do you want to keep this IP address? (y/n) [y]", "IP : ", ip) | |||
| if not dns: | |||
| dns = "localhost" | |||
| dns = request("The DNS name used for the server certificate will be: " + dns + "\n" | |||
| "Do you want to keep this DNS name? (y/n) [y]", "DNS : ", dns) | |||
| CertificateFactory = vars(IceCertUtils)[impl + "CertificateFactory"] | |||
| factory = CertificateFactory(debug=debug, cn="Ice Demos CA") | |||
| # | |||
| # CA certificate | |||
| # | |||
| factory.getCA().save("cacert.pem").save("cacert.der") | |||
| # Client certificate | |||
| client = factory.create("client") | |||
| client.save("client.p12") | |||
| # Server certificate | |||
| server = factory.create("server", cn = (dns if usedns else ip), ip=ip, dns=dns) | |||
| server.save("server.p12") | |||
| try: | |||
| factory.getCA().save("cacert.pem").save("cacert.jks") # Used by the Database/library demo | |||
| server.save("server.jks", caalias="cacert") | |||
| client.save("client.jks", caalias="cacert") | |||
| # Don't try to generate the BKS if the JKS generation fails | |||
| try: | |||
| server.save("server.bks", caalias="cacert") | |||
| client.save("client.bks", caalias="cacert") | |||
| except Exception as ex: | |||
| for f in ["server.bks", "client.bks"]: | |||
| if os.path.exists(f): os.remove(f) | |||
| print("warning: couldn't generate BKS certificates for Android applications:\n" + str(ex)) | |||
| print("Please fix this issue if you want to run the Android demos.") | |||
| except Exception as ex: | |||
| for f in ["server.jks", "client.jks"]: | |||
| if os.path.exists(f): os.remove(f) | |||
| print("warning: couldn't generate JKS certificates for Java applications:\n" + str(ex)) | |||
| print("Please fix this issue if you want to run the Java demos.") | |||
| factory.destroy() | |||
BIN
certs/server.bks
View File
BIN
certs/server.jks
View File
BIN
certs/server.p12
View File
+ 87
- 0
src/config.glacier2
View File
| @ -0,0 +1,87 @@ | |||
| # | |||
| # Set the Glacier2 instance name. | |||
| # | |||
| Glacier2.InstanceName=MWServer | |||
| # | |||
| # The client-visible endpoint of Glacier2. This should be an endpoint | |||
| # visible from the public Internet, and it should be secure. | |||
| # | |||
| # When no -h <host> option is specified in the endpoints, the default | |||
| # value from the Ice.Default.Host property is used. If this property | |||
| # isn't set, the endpoints will listen on all available network | |||
| # interfaces. | |||
| # | |||
| Glacier2.Client.Endpoints=tcp -p 4063:ssl -p 4064:ws -p 5063:wss -p 5064 | |||
| # | |||
| # Only listen on the localhost interface by default. You can comment | |||
| # out this property to allow listening on all available interfaces. | |||
| # | |||
| Ice.Default.Host=127.0.0.1 | |||
| # | |||
| # Disable client-side authentication. JavaScript clients using | |||
| # a secure WebSocket (WSS) doesn't support client-side | |||
| # authentication. | |||
| # | |||
| IceSSL.VerifyPeer=0 | |||
| # | |||
| # The server-visible endpoint of Glacier2. This endpoint is only | |||
| # required if callbacks are needed (leave empty otherwise). This | |||
| # should be an endpoint on an internal network (like 192.168.x.x), or | |||
| # on the loopback, so that the server is not directly accessible from | |||
| # the Internet. | |||
| # | |||
| Glacier2.Server.Endpoints=tcp -h localhost | |||
| # | |||
| # The proxy of the session manager. | |||
| # | |||
| Glacier2.SessionManager=MWSessionManager:tcp -h localhost -p 10001 | |||
| # | |||
| # For this demo, we use a custom permissions verifier collocated with | |||
| # the session manager. | |||
| # | |||
| Glacier2.PermissionsVerifier=MWSessionVerifier:tcp -h localhost -p 10001 | |||
| # | |||
| # The timeout for inactive sessions. If any client session is inactive | |||
| # for longer than this value, the session expires and is removed. The | |||
| # unit is seconds. | |||
| # | |||
| Glacier2.SessionTimeout=30 | |||
| # | |||
| # Only allow access to back end "sesion" objects. | |||
| # | |||
| Glacier2.Filter.Category.Accept=session | |||
| # | |||
| # Security Tracing | |||
| # | |||
| # 0 = no security tracing | |||
| # 1 = trace messages | |||
| # | |||
| #IceSSL.Trace.Security=1 | |||
| # | |||
| # SSL Configuration | |||
| # | |||
| Ice.Plugin.IceSSL=IceSSL:createIceSSL | |||
| IceSSL.DefaultDir=../certs | |||
| IceSSL.CAs=cacert.pem | |||
| IceSSL.CertFile=server.p12 | |||
| IceSSL.Password=password | |||
| IceSSL.Keychain=../certs/glacier2.keychain | |||
| IceSSL.KeychainPassword=password | |||
| # | |||
| # IceMX configuration. | |||
| # | |||
| #Ice.Admin.Endpoints=tcp -h localhost -p 10004 | |||
| Ice.Admin.InstanceName=glacier2router | |||
| IceMX.Metrics.Debug.GroupBy=id | |||
| IceMX.Metrics.ByParent.GroupBy=parent | |||