README modified for further documentation on new certificates

f21645e9 · Nicholas Terranova · 92b4afdd · f21645e9
Commit f21645e9 authored 7 years ago by Nicholas Terranova
--- a/t/certs/README.md
+++ b/t/certs/README.md
 =======
 # Certificates for ngx\_http\_voms\_module Testing 
-Proxy certificates are generated using [VOMS client 3.3.0](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/):
+Proxy certificates are generated using [VOMS client 3.3.1](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/):
- * 0.pem: long-lived proxy certificate, without Attribute Certificate (AC);
+ * 0.pem: long-lived proxy certificate, without any Attribute Certificate (AC);
 * 1.pem: long-lived proxy certificate, with an expired AC;
- * 2.pem: expired proxy certificate.
+ * 2.pem: expired proxy certificate;
- * 3.pem: long-lived proxy with valid VOMS attributes
+ * 3.pem: long-lived proxy with valid VOMS attributes;
- * 4.pem: long-lived proxy with VOMS generic attributes containing reserved characters
+ * 4.pem: long-lived proxy with VOMS generic attributes containing reserved characters;
- * 5.pem: long-lived proxy with VOMS AC signed by an untrusted CA
+ * 5.pem: long-lived proxy with valid VOMS attributes, `*.lsc` file missing in `vomsdir`. 
 To obtain such certificates the following command is used:
-	VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=<path_to_cert>/voms_example.cert.pem -Dvoms.fake.aaKey=<path_to_key>/voms_example.key.pem" voms-proxy-init3 -voms test.vo -cert <path_to_test0>/test0.p12 --valid <validity>
+        VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=<path_to_cert>/voms_example.cert.pem -Dvoms.fake.aaKey=<path_to_cert>/voms_example.key.pem -Dvoms.fake.notAfter=<AAAA-MM-GGT00:00:00 -Dvoms.fake.notBefore=AAAA-MM-GGT00:00:00 -Dvoms.fake.gas=<name>=<value>,<name>=<value> -Dvoms.fake.fqans=/<vo>/<fqan>,/<vo>/<fqan>/Role=<role> -Dvoms.fake.serial=<ac_serial_n>" voms-proxy-init -voms test.vo -cert <path_to_test0>/test0.p12 --valid <validity> --vomsdir <path_to_vomsdir>/vomsdir --certdir <path_to_trust_anchors>/trust-anchors/ 
-Once VOMS proxy certificates are generated in a `*.pem` format, they need to be split in certificates and key to be used in Openresty tests. `*.cert.pem` and `*.key.pem` files are obtained by simpling typing
+Once VOMS proxy certificates are generated in a `*.pem` format, they need to be split in certificates and key to be used in Openresty tests. `*.cert.pem` and `*.key.pem` files are obtained by simpling typing in `certs`
 	awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' <name>.pem > <name>.key.pem
 	awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' <name>.pem > <name>.cert.pem
-in the `certs` folder, where `<name>` could be for instance `0,1,2` etc.
+where `<name>` could be for instance `0,1,2,3,4` or `5`.
-*voms\_example.cert.pem* and *voms\_example.ket.pem* can be found in the `certs` folder. 
+*voms\_example.cert.pem* and *voms\_example.ket.pem* can be found in `certs`.
-To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed in `/etc/grid-security/vomsdir`, see [VOMS client 3.3.0 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. An example of *voms.example.lsc* can be found in `vomsdir/test.vo`.
+For *../untrusted.t*, *voms\_example\_2.cert.pem* and *voms\_example\_2.key.pem* are used as VOMS certificates and they are in `certs`. 
+To perform correctly the VOMS AC validation, a \*.lsc or \*.pem file is needed in `/etc/grid-security/vomsdir`, see [VOMS client 3.3.1 User Guide](http://italiangrid.github.io/voms/documentation/voms-clients-guide/3.0.3/) for further details. An example of *voms.example.lsc* can be found in `vomsdir/test.vo`.
 Nginx server certificate and key  are nginx\_voms\_example.cert.pem and nginx\_voms\_example\_key.pem.