Re: [Signserver-develop] Informations and tests

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

You were right Markus (as always ! ) !

I have got 2 errors and one fail. I join a screenshot of the admin gui 
(in the reports.rar file). After launching the tests, we can see that 
the worker 5802 and others are unavailable.

After removing this worker, I launch bin/signserver.sh setproperties 
modules/SignServer-Module-XMLSigner/src/conf/junittest-part-config.properties 
to activate its and then the reload command.

We can see in the Capture-1.png the result. The signer certificate is 
indeed valid until 20/04/12.

After resolving this problem, there will be one last error !!

Have a nice evening.

Best regards,

Le 30/07/2012 19:05, Markus Kilås a écrit :
> I am not able to reproduce the test failure you are getting. I also
> checked the certificate for worker 5802 and it should not expire until
> year 2021 so it is a very strange error message.
>
> Have you tried clearing th database before running the tests in case
> some signers are left from previous test runs?
>
> Best regards,
> Markus
>
> On 2012-07-30 16:54, Antoine Louiset wrote:
>> Ok Markus, no problem ! Thanks !
>>
>> Best regards,
>>
>> Antoine
>>
>> Le 30/07/2012 16:53, Markus Kilås a écrit :
>>> On 2012-07-30 15:08, Antoine Louiset wrote:
>>>> Hi Markus,
>>>>
>>>> Thanks for your fast answer !
>>>>
>>>> I have just one remark for the JCE installation. I don't find it in the
>>>> installation guide (I read it quickly).
>>> I was really surprised it wasn't there. I have registered
>>> https://jira.primekey.se/browse/DSS-514.
>>>
>>>> I download JCE policy and it resolves one fail. The problem of the
>>>> signer 5802 will resolve one fail and one error. So there will be no
>>>> more fails but I have no idea about the other errors. What do you think
>>>> about them ?
>>> I will try to get back about them. I haven't yet had to time to test it
>>> on my machine.
>>>
>>> Best regards,
>>> Markus
>>>
>>>> Good afternoon !
>>>>
>>>>
>>>> Antoine
>>>>
>>>> Le 30/07/2012 10:47, Markus Kilås a écrit :
>>>>> Hi Antoine,
>>>>>
>>>>> See answers below.
>>>>>
>>>>> On 2012-07-28 23:24, Antoine Louiset wrote:
>>>>>> Hi Markus,
>>>>>>
>>>>>> The p12 directory seems to be used to set truststore certificates for
>>>>>> JBoss (see
>>>>>> http://signserver.org/manual/complete.en.html#4.%20Configure%20web%20server%20keystores)
>>>>>>
>>>>>>
>>>>>> but I think this truststore is just used in the tests of signserver
>>>>>> and
>>>>>> could be used for the java trust keystore. Jboss and glassfish have
>>>>>> their own truststore and keystore, why don't you use them ?
>>>>> That is correct. The truststore in the p12 folder is used both by JBoss
>>>>> and the tests. So if you are going to run the tests you can put a
>>>>> truststore in the p12 folder. I believe the reason for handling it this
>>>>> way is that different application servers have different locations for
>>>>> the truststore and the tests would not know where to find it. In fact
>>>>> where JBoss finds it depends on what is written in the server.xml,
>>>>> so it
>>>>> could also be different if SignServer isn't used for deploying it. The
>>>>> solution we use, to not depend on different application servers and
>>>>> configurations is to decide that it should be placed in the p12 folder
>>>>> of SignServer.
>>>>>
>>>>>> In the signserver_build.properties file, there are several properties
>>>>>> which are written for the use of JBoss but we do not know if they are
>>>>>> needed for Glassfish : httpsserver.bindaddress.* | database.url |
>>>>>> deploy.hostname.node*
>>>>> Some are explained in the installation guide, such as "database.url"
>>>>> which is said to be used by JBoss and some comments talks about
>>>>> JBoss in
>>>>> the sample configuration file. But the documentation is lacking for
>>>>> many
>>>>> of the other properties in this aspect.
>>>>>
>>>>>> What is the aim of deploy.ssh.* properties ?
>>>>> I think the idea is to be able to deploy to a remote server by
>>>>> transferring the files (signserver.ear etc) over SSH. Not sure if it is
>>>>> working though as I can not find any documentation about it. You are
>>>>> very welcome to test it out if you want and let us know if it is
>>>>> working. If not we might consider either fixing it and adding
>>>>> documentation for it or remove it.
>>>>>
>>>>>> Why j2ee.web-nohttps has to be set to true to launch the tests while
>>>>>> https is used in these tests ?
>>>>> j2ee.web-nohttps is controlling wither the keystores and truststores
>>>>> should be deployed (to JBoss) or not. The tests should not depend on
>>>>> this setting so if it says somewhere that it must be set to true I
>>>>> would
>>>>> suspect that to be a bug in the documentation. Please report a bug with
>>>>> where you seen it in that case.
>>>>>
>>>>>> The most important thing for me today is tests ! I run them, I resolve
>>>>>> the problem about trustanchors. I join the results, I do not
>>>>>> understand
>>>>>> the errors and the fails, have you ever seen them ?
>>>>>    From the test report you attached I can see two different failures
>>>>> which
>>>>> probably is also the cause of all the errors.
>>>>> 1.     ExtendedHardCodedCryptoTokenTest testStrongCryptoAvailable
>>>>> JCE crypto policy was not installed as the key length was limited
>>>>> expected:<2147483647> but was:<64>
>>>>>
>>>>> This means that you are running the Oracle JDK and have not installed
>>>>> JCE crypto policy. See the installation guide.
>>>>>
>>>>> 2. LimitKeyUsagesTest test01Limit Error Signer 5802 expired at Fri Apr
>>>>> 20 16:18:57 CEST 2012
>>>>> Looks like the demo signer certificate used has expired. I will run the
>>>>> tests on your continues integration server and see if we have the same
>>>>> problem there. They might just have to be renewed.
>>>>>
>>>>>> How can I send my script to install signserver ?
>>>>> If it is less then 40 KB you can just send it to the mailing list,
>>>>> otherwise try to upload it somewhere and send the link or send it
>>>>> directly to me.
>>>>>
>>>>>> I take this mail to congratulate you and your team for this project
>>>>>> which is really good.
>>>>> Thanks to you for reporting the issues you find.
>>>>>
>>>>> Best regards,
>>>>> Markus
>>>>>
>>>>>> Have a nice weekend.
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>
>
>

-- 
Antoine Louiset                     Tél : +33 6 76 66 80 34
Responsable du projet Yousign       Mail : ant...@yo...