A server which will verify the signature of a bash script in order to decide if the script will be executed or not
- Check out the rendered OpenAPI Doc or download the openapi.yaml file and import it into the Swagger Editor.
- Golang - go1.18.1 linux/amd64
- go get github.com/gin-gonic/gin
- Ubuntu - 22.04.1 LTS
- openssl - 3.0.2
-
The utility-scripts directory contains the bash scripts which do the following:
- create-certs.sh -> Create the private and x509 certificate using the openssl library
- sign-scripts.sh -> Sign the scripts in the usigned-scripts directory using the SHA-256 hash function and the private key
- They are then placed in the test-scripts directory
- build-server-binary.sh -> Build the binary
- run-tests.sh -> Execute the test suite
-
However, for convenience the bash script run.sh in the project root does all of this for you
-
To build the server binary:
- In the project root directory, execute:
./build-server-binary.sh -
Using the binary file:
- In the project root directory, execute:
./x509-validation-server- Within another shell, execute:
curl -X POST --data-binary @<bash_script_path> http://localhost:8080/execute
| Script | Status | Purpose/Reason |
|---|---|---|
| 1 | Pass | Basic script |
| 2 | Pass | RSA functions |
| 3 | Pass | New lines |
| 4 | Pass | Special characters |
| 5 | Fail | 500 status code - Error executing script |
| 6 | Fail | RSA verification error |
| 7 | Fail | RSA verification error |
| 8 | Fail | RSA verification error |
| 9 | Fail | RSA verification error |
| 10 | Fail | 500 status code - Illegal signature format |
- Check the certificate extension for code signing
- Accept concurrent requests
- Verify signature from a set of certificates
- Assuming you have ran the run.sh script (this sets up certificates, test scripts, and builds the binary), execute:
-
./utility-scripts/check-stretch-goals.sh - This will test the functionality of the stretch goals
-