Menu
▾
▴
Re: [SignServer-develop] Informations and tests
|
From: Antoine L. <ant...@yo...> - 2012-07-31 08:11:29
|
Yes, I use the version 3.2.2. Le 31/07/2012 10:04, Markus Kilås a écrit : > I did the same thing but I have much later dates for the > TestLimitKeyUsageSigner (5802). Are you really using the latest release > (ie. 3.2.2) otherwise upgrading should solve the problem. > > Best regards, > Markus > > On 2012-07-30 20:56, Antoine Louiset wrote: >> You were right Markus (as always ! ) ! >> >> I have got 2 errors and one fail. I join a screenshot of the admin gui >> (in the reports.rar file). After launching the tests, we can see that >> the worker 5802 and others are unavailable. >> >> After removing this worker, I launch bin/signserver.sh setproperties >> modules/SignServer-Module-XMLSigner/src/conf/junittest-part-config.properties >> to activate its and then the reload command. >> >> We can see in the Capture-1.png the result. The signer certificate is >> indeed valid until 20/04/12. >> >> After resolving this problem, there will be one last error !! >> >> Have a nice evening. >> >> Best regards, >> >> Le 30/07/2012 19:05, Markus Kilås a écrit : >>> I am not able to reproduce the test failure you are getting. I also >>> checked the certificate for worker 5802 and it should not expire until >>> year 2021 so it is a very strange error message. >>> >>> Have you tried clearing th database before running the tests in case >>> some signers are left from previous test runs? >>> >>> Best regards, >>> Markus >>> >>> On 2012-07-30 16:54, Antoine Louiset wrote: >>>> Ok Markus, no problem ! Thanks ! >>>> >>>> Best regards, >>>> >>>> Antoine >>>> >>>> Le 30/07/2012 16:53, Markus Kilås a écrit : >>>>> On 2012-07-30 15:08, Antoine Louiset wrote: >>>>>> Hi Markus, >>>>>> >>>>>> Thanks for your fast answer ! >>>>>> >>>>>> I have just one remark for the JCE installation. I don't find it in >>>>>> the >>>>>> installation guide (I read it quickly). >>>>> I was really surprised it wasn't there. I have registered >>>>> https://jira.primekey.se/browse/DSS-514. >>>>> >>>>>> I download JCE policy and it resolves one fail. The problem of the >>>>>> signer 5802 will resolve one fail and one error. So there will be no >>>>>> more fails but I have no idea about the other errors. What do you >>>>>> think >>>>>> about them ? >>>>> I will try to get back about them. I haven't yet had to time to test it >>>>> on my machine. >>>>> >>>>> Best regards, >>>>> Markus >>>>> >>>>>> Good afternoon ! >>>>>> >>>>>> >>>>>> Antoine >>>>>> >>>>>> Le 30/07/2012 10:47, Markus Kilås a écrit : >>>>>>> Hi Antoine, >>>>>>> >>>>>>> See answers below. >>>>>>> >>>>>>> On 2012-07-28 23:24, Antoine Louiset wrote: >>>>>>>> Hi Markus, >>>>>>>> >>>>>>>> The p12 directory seems to be used to set truststore certificates >>>>>>>> for >>>>>>>> JBoss (see >>>>>>>> http://signserver.org/manual/complete.en.html#4.%20Configure%20web%20server%20keystores) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> but I think this truststore is just used in the tests of signserver >>>>>>>> and >>>>>>>> could be used for the java trust keystore. Jboss and glassfish have >>>>>>>> their own truststore and keystore, why don't you use them ? >>>>>>> That is correct. The truststore in the p12 folder is used both by >>>>>>> JBoss >>>>>>> and the tests. So if you are going to run the tests you can put a >>>>>>> truststore in the p12 folder. I believe the reason for handling it >>>>>>> this >>>>>>> way is that different application servers have different locations >>>>>>> for >>>>>>> the truststore and the tests would not know where to find it. In fact >>>>>>> where JBoss finds it depends on what is written in the server.xml, >>>>>>> so it >>>>>>> could also be different if SignServer isn't used for deploying it. >>>>>>> The >>>>>>> solution we use, to not depend on different application servers and >>>>>>> configurations is to decide that it should be placed in the p12 >>>>>>> folder >>>>>>> of SignServer. >>>>>>> >>>>>>>> In the signserver_build.properties file, there are several >>>>>>>> properties >>>>>>>> which are written for the use of JBoss but we do not know if they >>>>>>>> are >>>>>>>> needed for Glassfish : httpsserver.bindaddress.* | database.url | >>>>>>>> deploy.hostname.node* >>>>>>> Some are explained in the installation guide, such as "database.url" >>>>>>> which is said to be used by JBoss and some comments talks about >>>>>>> JBoss in >>>>>>> the sample configuration file. But the documentation is lacking for >>>>>>> many >>>>>>> of the other properties in this aspect. >>>>>>> >>>>>>>> What is the aim of deploy.ssh.* properties ? >>>>>>> I think the idea is to be able to deploy to a remote server by >>>>>>> transferring the files (signserver.ear etc) over SSH. Not sure if >>>>>>> it is >>>>>>> working though as I can not find any documentation about it. You are >>>>>>> very welcome to test it out if you want and let us know if it is >>>>>>> working. If not we might consider either fixing it and adding >>>>>>> documentation for it or remove it. >>>>>>> >>>>>>>> Why j2ee.web-nohttps has to be set to true to launch the tests while >>>>>>>> https is used in these tests ? >>>>>>> j2ee.web-nohttps is controlling wither the keystores and truststores >>>>>>> should be deployed (to JBoss) or not. The tests should not depend on >>>>>>> this setting so if it says somewhere that it must be set to true I >>>>>>> would >>>>>>> suspect that to be a bug in the documentation. Please report a bug >>>>>>> with >>>>>>> where you seen it in that case. >>>>>>> >>>>>>>> The most important thing for me today is tests ! I run them, I >>>>>>>> resolve >>>>>>>> the problem about trustanchors. I join the results, I do not >>>>>>>> understand >>>>>>>> the errors and the fails, have you ever seen them ? >>>>>>> From the test report you attached I can see two different failures >>>>>>> which >>>>>>> probably is also the cause of all the errors. >>>>>>> 1. ExtendedHardCodedCryptoTokenTest testStrongCryptoAvailable >>>>>>> JCE crypto policy was not installed as the key length was limited >>>>>>> expected:<2147483647> but was:<64> >>>>>>> >>>>>>> This means that you are running the Oracle JDK and have not installed >>>>>>> JCE crypto policy. See the installation guide. >>>>>>> >>>>>>> 2. LimitKeyUsagesTest test01Limit Error Signer 5802 expired at Fri >>>>>>> Apr >>>>>>> 20 16:18:57 CEST 2012 >>>>>>> Looks like the demo signer certificate used has expired. I will >>>>>>> run the >>>>>>> tests on your continues integration server and see if we have the >>>>>>> same >>>>>>> problem there. They might just have to be renewed. >>>>>>> >>>>>>>> How can I send my script to install signserver ? >>>>>>> If it is less then 40 KB you can just send it to the mailing list, >>>>>>> otherwise try to upload it somewhere and send the link or send it >>>>>>> directly to me. >>>>>>> >>>>>>>> I take this mail to congratulate you and your team for this project >>>>>>>> which is really good. >>>>>>> Thanks to you for reporting the issues you find. >>>>>>> >>>>>>> Best regards, >>>>>>> Markus >>>>>>> >>>>>>>> Have a nice weekend. >>>>>>>> >>>>>>>> Best regards, >>>>>>>> >>> > > -- Antoine Louiset Tél : +33 6 76 66 80 34 Responsable du projet Yousign Mail : ant...@yo... |
