1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
<!-- -*- markdown -*- -->
Setting up a minimal system
===========================
To setup a minimal system, first make sure you have the "Requirements"
from README.md and then do:
make
make release
Removing files from your previous session
---------------------------------------
rm -f /tmp/cert1-sct
rm -rf /tmp/testcert1
Setting up the environment
----------------------
mkdir /tmp/testcert1
make tests-prepare
This will configure the servers to run on 127.0.0.1 port 8080, 8081,
and 8082. If you want to change that, change the configuration files
`test/*.cfg`.
Starting the servers
--------------------
make tests-start
Submitting certificates
-----------------------
tools/submitcert.py --store tools/testcerts/cert1.txt \
--check-sct --sct-file=/tmp/cert1-sct https://127.0.0.1:8080/
This submits the certificate (in PEM format) in the file
`tools/testcerts/cert1.txt` and appends the resulting SCT to the file
`/tmp/cert1-sct`. It also checks the signature of the SCT.
If you want to submit all the files in a directory, name directory
with a `/` at the end, for example `tools/testcerts/`.
Running merge
-------------
To run merge once, do
tools/merge --config test/catlfish-test.cfg
--localconfig test/catlfish-test-local-merge.cfg
This will read the submitted certificates from the storage node,
decide the order, and publish the certificates to the frontend server.
If you want to run merge continuously, use `--mergeinterval' or run
the merge command in a while loop. See
`catlfish-dockerfiles/catlfish-dev/merge.sh` for an example of the
latter.
Verifying SCT:s
---------------
tools/verifysct.py --sct-file /tmp/cert1-sct \
--publickey=tests/keys/logkey.pem \
--cafile tests/httpsca/demoCA/cacert.pem \
https://127.0.0.1:8080/
This verifies that all the certs corresponding to the SCT:s in the
file `/tmp/cert1-sct` are actually present in the log.
Running a monitor
-----------------
An easy way to run a monitor is:
while true; do
./fetchallcerts.py --store /tmp/testcert1 \
--write-sth https://127.0.0.1:8080/;
sleep 10
done
This will fetch all the certificates in a log, verify the consistency
proof between the old and new versions, and save the new STH.
Stopping the system
-------------------
make tests-stop
It is important that the system is stopped before running `make
release` again, or the release build will fail.
|
