summaryrefslogtreecommitdiffstats
path: root/csarvalidation/src/test/resources/README.txt
diff options
context:
space:
mode:
authorBogumil Zebek <bogumil.zebek@nokia.com>2019-08-14 10:52:37 +0200
committerZebek Bogumil <bogumil.zebek@nokia.com>2019-08-22 12:10:38 +0200
commit0562debfc5cdd31e61c016aea40272c6c02ad3cb (patch)
tree79e011e5247c1179d784723bb57c6bede0b3fb14 /csarvalidation/src/test/resources/README.txt
parent870a89675528664aa5c0aca57f50c584b76a8b8f (diff)
CMS signature validation
Change-Id: Ie5d1c835d0e6a760f1b7de651a3833cb87b727e0 Issue-ID: VNFSDK-396 Signed-off-by: Zebek Bogumil <bogumil.zebek@nokia.com>
Diffstat (limited to 'csarvalidation/src/test/resources/README.txt')
-rw-r--r--csarvalidation/src/test/resources/README.txt20
1 files changed, 20 insertions, 0 deletions
diff --git a/csarvalidation/src/test/resources/README.txt b/csarvalidation/src/test/resources/README.txt
new file mode 100644
index 0000000..1360ce9
--- /dev/null
+++ b/csarvalidation/src/test/resources/README.txt
@@ -0,0 +1,20 @@
+How to sign CSAR file - option 2
+---------------------
+openssl req -new -nodes -x509 -keyout root-private-key.pem > root.cert
+openssl req -new -nodes -keyout sample-pnf-private-key.pem > sample-pnf-request.pem
+openssl x509 -req -CA root.cert -CAkey root-private-key.pem -CAcreateserial < sample-pnf-request.pem > sample-pnf.cert
+openssl cms -sign -binary -nocerts -outform pem -signer sample-pnf.cert -inkey sample-pnf-private-key.pem < sample-pnf.csar > sample-pnf.cms
+
+How to sign CSAR file - option 1
+--------------------------------
+openssl req -new -nodes -x509 -keyout root-private-key.pem > root-certificate.cert
+TIP: As a 'Organizational Unit Name' set, for example: Certificate Authority
+
+openssl req -new -nodes -keyout signing-private-key.pem > signing-request.pem
+TIP: As a 'Organizational Unit Name' set, for example: Nokia. Name values must be different!
+
+openssl x509 -req -CA root-certificate.cert -CAkey root-private-key.pem -CAcreateserial < signing-request.pem > signing-certificate.cert
+
+openssl cms -sign -signer signing-certificate.cert -inkey signing-private-key.pem -outform pem -binary < MainServiceTemplate.mf > signature-and-certificate.cms
+
+openssl cms -verify -content MainServiceTemplate.mf -CAfile root-certificate.cert -inform pem -binary < signature-and-certificate.cms > /dev/null