diff --git a/Makefile b/Makefile index 039117c9..eca86d26 100644 --- a/Makefile +++ b/Makefile @@ -9,8 +9,8 @@ INTERMEDIATE_DAYS := 3650 LEAF_DAYS := 1 # Template Locations -OPENSSL_TMPL := ./test/data/openssl.cnf.tmpl -LAYOUT_TMPL := ./test/data/layout.tmpl +OPENSSL_TMPL := ./certs/openssl.cnf.tmpl +LAYOUT_TMPL := ./certs/layout.tmpl build: modules @mkdir -p bin @@ -19,11 +19,11 @@ build: modules modules: @go mod tidy -clean: clean-test/data clean-test-files +clean: clean-certs clean-test-files @rm -rf ./bin -clean-test/data: - @rm -rf ./test/data/*.pem ./test/data/*.srl ./test/data/*.cnf +clean-certs: + @rm -rf ./certs/*.pem ./certs/*.srl ./certs/*.cnf clean-test-files: @rm -rf ./test/tmp @@ -37,22 +37,22 @@ go-test: test-sign: build generate_layout # Running test-sign - @./bin/in-toto sign -f ./test/tmp/test.layout -k ./test/data/example.com.layout.key.pem -o ./test/tmp/signed.layout + @./bin/in-toto sign -f ./test/tmp/test.layout -k ./certs/example.com.layout.key.pem -o ./test/tmp/signed.layout test-run: build generate_layout # Running write code step - @./bin/in-toto run -n write-code -c ./test/data/example.com.write-code.cert.pem -k ./test/data/example.com.write-code.key.pem -p ./test/tmp/foo.py -d ./test/tmp -- /bin/sh -c "echo hello > ./test/tmp/foo.py" + @./bin/in-toto run -n write-code -c ./certs/example.com.write-code.cert.pem -k ./certs/example.com.write-code.key.pem -p ./test/tmp/foo.py -d ./test/tmp -- /bin/sh -c "echo hello > ./test/tmp/foo.py" # Running package step - @./bin/in-toto run -n package -c ./test/data/example.com.package.cert.pem -k ./test/data/example.com.package.key.pem -m ./test/tmp/foo.py -p ./test/tmp/foo.tar.gz -d ./test/tmp -- tar zcvf ./test/tmp/foo.tar.gz ./test/tmp/foo.py + @./bin/in-toto run -n package -c ./certs/example.com.package.cert.pem -k ./certs/example.com.package.key.pem -m ./test/tmp/foo.py -p ./test/tmp/foo.tar.gz -d ./test/tmp -- tar zcvf ./test/tmp/foo.tar.gz ./test/tmp/foo.py test-verify: test-sign test-run # Running test verify - @./bin/in-toto verify -l ./test/tmp/signed.layout -k ./test/data/example.com.layout.cert.pem -i ./test/data/example.com.intermediate.cert.pem -d ./test/tmp + @./bin/in-toto verify -l ./test/tmp/signed.layout -k ./certs/example.com.layout.cert.pem -i ./certs/example.com.intermediate.cert.pem -d ./test/tmp -generate_layout: leaf_test/data +generate_layout: leaf_certs @mkdir -p ./test/tmp - $(eval rootid := $(shell ./bin/in-toto key id ./test/data/root.cert.pem)) - $(eval rootca := $(shell ./bin/in-toto key layout ./test/data/root.cert.pem | sed -e 's/\\n/\\\\n/g')) + $(eval rootid := $(shell ./bin/in-toto key id ./certs/root.cert.pem)) + $(eval rootca := $(shell ./bin/in-toto key layout ./certs/root.cert.pem | sed -e 's/\\n/\\\\n/g')) @cat $(LAYOUT_TMPL) | sed -e 's#{{ROOTCA}}#$(rootca)#' -e 's#{{ROOTID}}#$(rootid)#' > ./test/tmp/test.layout root-cert: @@ -60,12 +60,12 @@ root-cert: $(call generate_openssl_conf,root) # Create Root Key - @openssl genrsa -out ./test/data/root.key.pem + @openssl genrsa -out ./certs/root.key.pem # Create Root Cert @openssl req -subj "/C=/ST=/L=/O=$(ORGANIZATION)/OU=$(ORGANIZATIONAL_UNIT)CN=root/" -days $(ROOT_DAYS) -x509 -new \ - -key "./test/data/root.key.pem" -out "./test/data/root.cert.pem" \ - -config ./test/data/$(TRUST_DOMAIN_FQDN).root.openssl.cnf \ + -key "./certs/root.key.pem" -out "./certs/root.cert.pem" \ + -config ./certs/$(TRUST_DOMAIN_FQDN).root.openssl.cnf \ -extensions v3-root intermediate_cert: root-cert @@ -73,29 +73,29 @@ intermediate_cert: root-cert $(call generate_openssl_conf,intermediate) # Create intermediate key - @openssl genrsa -out ./test/data/$(TRUST_DOMAIN_FQDN).intermediate.key.pem + @openssl genrsa -out ./certs/$(TRUST_DOMAIN_FQDN).intermediate.key.pem # Generate intermediate CSR @openssl req -subj "/C=/ST=/L=/O=$(ORGANIZATION)/OU=$(ORGANIZATIONAL_UNIT)CN=$(TRUST_DOMAIN_FQDN)" -new \ - -key ./test/data/$(TRUST_DOMAIN_FQDN).intermediate.key.pem \ - -out ./test/data/$(TRUST_DOMAIN_FQDN).intermediate.csr.pem \ - -config ./test/data/$(TRUST_DOMAIN_FQDN).intermediate.openssl.cnf \ + -key ./certs/$(TRUST_DOMAIN_FQDN).intermediate.key.pem \ + -out ./certs/$(TRUST_DOMAIN_FQDN).intermediate.csr.pem \ + -config ./certs/$(TRUST_DOMAIN_FQDN).intermediate.openssl.cnf \ -extensions v3-intermediate # Sign Intermediate CSR Using Root Certificate @openssl x509 -days $(INTERMEDIATE_DAYS) -req \ -CAcreateserial \ - -CA ./test/data/root.cert.pem \ - -CAkey ./test/data/root.key.pem \ - -in ./test/data/$(TRUST_DOMAIN_FQDN).intermediate.csr.pem \ - -out ./test/data/$(TRUST_DOMAIN_FQDN).intermediate.cert.pem \ - -extfile ./test/data/$(TRUST_DOMAIN_FQDN).intermediate.openssl.cnf \ + -CA ./certs/root.cert.pem \ + -CAkey ./certs/root.key.pem \ + -in ./certs/$(TRUST_DOMAIN_FQDN).intermediate.csr.pem \ + -out ./certs/$(TRUST_DOMAIN_FQDN).intermediate.cert.pem \ + -extfile ./certs/$(TRUST_DOMAIN_FQDN).intermediate.openssl.cnf \ -extensions v3-intermediate # Verify intermediate cert was signed by root cert - @openssl verify -CAfile ./test/data/root.cert.pem ./test/data/$(TRUST_DOMAIN_FQDN).intermediate.cert.pem + @openssl verify -CAfile ./certs/root.cert.pem ./certs/$(TRUST_DOMAIN_FQDN).intermediate.cert.pem -leaf_test/data: intermediate_cert +leaf_certs: intermediate_cert $(call generate_leaf_cert,layout) $(call generate_leaf_cert,write-code) $(call generate_leaf_cert,package) @@ -105,30 +105,30 @@ define generate_leaf_cert $(call generate_openssl_conf,$(1)) # Generate leaf signing key - @openssl genrsa -out ./test/data/$(TRUST_DOMAIN_FQDN).$(1).key.pem + @openssl genrsa -out ./certs/$(TRUST_DOMAIN_FQDN).$(1).key.pem # Generate leaf CSR openssl req -new \ - -key ./test/data/$(TRUST_DOMAIN_FQDN).$(1).key.pem \ - -out ./test/data/$(TRUST_DOMAIN_FQDN).$(1).csr.pem \ - -config ./test/data/$(TRUST_DOMAIN_FQDN).$(1).openssl.cnf \ + -key ./certs/$(TRUST_DOMAIN_FQDN).$(1).key.pem \ + -out ./certs/$(TRUST_DOMAIN_FQDN).$(1).csr.pem \ + -config ./certs/$(TRUST_DOMAIN_FQDN).$(1).openssl.cnf \ -extensions v3-leaf # Sign leaf CSR Using intermediate Certificate @openssl x509 -days $(LEAF_DAYS) -req \ -CAcreateserial \ - -CA ./test/data/$(TRUST_DOMAIN_FQDN).intermediate.cert.pem \ - -CAkey ./test/data/$(TRUST_DOMAIN_FQDN).intermediate.key.pem \ - -in ./test/data/$(TRUST_DOMAIN_FQDN).$(1).csr.pem \ - -out ./test/data/$(TRUST_DOMAIN_FQDN).$(1).cert.pem \ - -extfile ./test/data/$(TRUST_DOMAIN_FQDN).$(1).openssl.cnf \ + -CA ./certs/$(TRUST_DOMAIN_FQDN).intermediate.cert.pem \ + -CAkey ./certs/$(TRUST_DOMAIN_FQDN).intermediate.key.pem \ + -in ./certs/$(TRUST_DOMAIN_FQDN).$(1).csr.pem \ + -out ./certs/$(TRUST_DOMAIN_FQDN).$(1).cert.pem \ + -extfile ./certs/$(TRUST_DOMAIN_FQDN).$(1).openssl.cnf \ -extensions v3-leaf # Create cert bundle for trust domain - cat ./test/data/root.cert.pem ./test/data/$(TRUST_DOMAIN_FQDN).intermediate.cert.pem > ./test/data/$(TRUST_DOMAIN_FQDN).bundle.cert.pem + cat ./certs/root.cert.pem ./certs/$(TRUST_DOMAIN_FQDN).intermediate.cert.pem > ./certs/$(TRUST_DOMAIN_FQDN).bundle.cert.pem # Verify leaf cert chain - @openssl verify -CAfile ./test/data/$(TRUST_DOMAIN_FQDN).bundle.cert.pem ./test/data/$(TRUST_DOMAIN_FQDN).$(1).cert.pem + @openssl verify -CAfile ./certs/$(TRUST_DOMAIN_FQDN).bundle.cert.pem ./certs/$(TRUST_DOMAIN_FQDN).$(1).cert.pem endef define generate_openssl_conf @@ -137,7 +137,7 @@ define generate_openssl_conf sed -e 's/{{ORGANIZATION}}/$(ORGANIZATION)/' | \ sed -e 's/{{DEFUALT_BITS}}/$(DEFAULT_BITS)/' | \ sed -e 's/{{DEFAULT_MD}}/$(DEFAULT_MD)/' | \ - sed -e 's/{{SPIFFE_PATH}}/$(1)/' > test/data/$(TRUST_DOMAIN_FQDN).$(1).openssl.cnf + sed -e 's/{{SPIFFE_PATH}}/$(1)/' > certs/$(TRUST_DOMAIN_FQDN).$(1).openssl.cnf endef .PHONY: help diff --git a/test/data/layout.tmpl b/certs/layout.tmpl similarity index 100% rename from test/data/layout.tmpl rename to certs/layout.tmpl diff --git a/test/data/openssl.cnf.tmpl b/certs/openssl.cnf.tmpl similarity index 100% rename from test/data/openssl.cnf.tmpl rename to certs/openssl.cnf.tmpl