SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions

Add scripts for integration test setup and docs generation

Browse source 
* Add an OpenPGP test keypair.
 * Move script parts of documentation into script, so they can be used on a fresh Ubuntu 20.04 system
   for within a github action to setup a csaf_provider and upload documents to it for an integration test.
 * Use dineshsonachalam/markdown-autodocs in github action to automatically
   insert lines from the scripts into the docs.

Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
This commit is contained in:
Fadi Abbud 2022-04-08 10:04:34 +02:00 committed by GitHub
parent f0359d982d
commit 9bbe3e1eb8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 637 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

45
docs/scripts/TLSClientConfigsForITest.sh Executable file
View file

@ -0,0 +1,45 @@
#!/usr/bin/env bash
# This file is Free Software under the MIT License
# without warranty, see README.md and LICENSES/MIT.txt for details.
#
# SPDX-License-Identifier: MIT
#
# SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
# Software-Engineering: 2022 Intevation GmbH <https://intevation.de>
# It sets the right nginx configurations for enabling client certificate authentication.
# FOLDERNAME and ORGANAME variables must be set.
# FOLDERNAME: Where to store the CAs and keys.
# ORGANAME: The organization name used in the CA template.
# Usage Example: env FOLDERNAME=devca1 ORGANAME="CSAF Tools Development (internal)" ./TLSClientConfigsForITest.sh
set -e
NGINX_CONFIG_PATH=/etc/nginx/sites-available/default
cd ~/csaf_distribution/docs/scripts/
source ./createCCForITest.sh
echo '
ssl_client_certificate '${SSL_CLIENT_CERTIFICATE}' # e.g. ssl_client_certificate /etc/ssl/rootca-cert.pem;
ssl_verify_client optional;
ssl_verify_depth 2;
# This example allows access to all three TLP locations for all certs.
location ~ /.well-known/csaf/(red|green|amber)/{
autoindex on;
# in this location access is only allowed with client certs
if ($ssl_client_verify != SUCCESS){
# we use status code 404 == "Not Found", because we do not
# want to reveal if this location exists or not.
return 404;
}
}
'> clientCertificateConfigs.txt
sed -i "/^server {/r ${HOME}/${FOLDERNAME}/clientCertificateConfigs.txt" $NGINX_CONFIG_PATH
systemctl reload nginx