wiki:MultiPurposeServer

Multi Purpose Server

Building the MultiPurposeServer

MANUALLY

First of all make sure you compiled the SpartaLibrary following the istructions at BuildLibrary

If you did so you should have already downloaded the sources and you can proceed building

cd $YOUR_CHECKOUT_PATH/SPARTA/MultiPurposeServer/
make

Automagically

svn co https://minerva.netgroup.uniroma2.it/svn/discreet/SPARTA/trunk SPARTA
cd SPARTA
sh buildmyserver

This will package a MPS build into a tar.bz2 file, you can copy elsewhere and untar :)

Configure the MultiPurposeServer

The following configuration steps are required:

Create your Certification Authority

This step is foundamental of any installation of the MultiPurposeServer, because any entity of the framework is a Certification Authority.

You will need a Certificate and a RSA public/private keypair. Look at CertificationAuthorityManagement to get help on how to manage your CA in detail.

For a quick self signed CA just type:

./create_self_signed_cert.sh

Now go your MPS basedir and

touch serial
echo 00 > serial

The trustedcerts folder contains the Certificates of the Service Providers you are trusting. You will need to store certificates and create a symbolic link with their hash as better explained in CertificationAuthorityManagement

openssl x509 -noout -hash -in TrustedServiceProvider.pem
ln -s trustedcerts/TrustedServiceProvider.pem trustedcerts/d2d5febd.0

The newcerts folder will contain the generated certificates.

The crl folder will contain the fetched CRLs lists by MultiPurposeServer

Also make sure you have a serverlist.xml in the directory where the mps binary is launched. This file contains the URL where the mps has to fetch the CRLs.

Here is an example of a serverlist.xml file:

<?xml version="1.0" encoding="ISO-8859-1"?>
<ServerList>
        <Server>
                <CertificateSubject>/C=it/ST=roma/L=roma/O=pdibs prj/CN=SP server numero 2</CertificateSubject>
                <CrlLocalPath>./crl/SP2_crl.pem</CrlLocalPath>
                <CrlUrl>http://127.0.0.1/crl/SP2_crl.pem</CrlUrl>
                <CertificateLocalPath>./trustedcerts/SP2.pem</CertificateLocalPath>
        </Server>

        <Server>
                <CertificateSubject>/C=it/ST=rm/L=roma/O=P-DIBS proj/CN=SP server</CertificateSubject>
                <CrlLocalPath>./crl/SP.crl</CrlLocalPath>
                <CrlUrl>http://127.0.0.1/crl/SP.crl</CrlUrl>
                <CertificateLocalPath>./trustedcerts/SP.pem</CertificateLocalPath>
        </Server>
</ServerList>

Note that when setting up the UserRegistration page for the Service Provider, in the phase of building the Certificate and Keys for the Service Provider, the scripts did automatically print a XML snippet for the serverlist.xml file.

Database Configuration

Start MySQL and create necessary databases

In the script folder you will find the SQL files with the schemas for IR SP and AS

mysql -u root -p < $YOUR_CHECKOUT_PATH/SPARTA/scripts/schema.sql

Now you might want to create a user

GRANT ALL PRIVILEGES ON discreet.* TO 'username'@'localhost' IDENTIFIED BY 'your_password' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON discreet.* TO 'username'@'%' IDENTIFIED BY 'your_password' WITH GRANT OPTION;
flush privileges;
exit

MultiPurposeServer Configuration

the edit the file MPS.conf.

this file must be located in the same folder of the mps executable file

It is mandatory to configure:

  • usage mode
  • server certificate
  • server private key
  • database connection
  • crl update interval

Here is an example config file

#Usage mode
#mode IR
#mode SP
#mode SP_BLIND
#mode AS
#mode BANK
#mode IR

#Server certificate file path
certificate ./Server.pem

#Server key file path
key ./Server.key

#config file
db_host 127.0.0.1

#d
database discreet

#d
db_user root

#d
db_pass password

#d
crl_sleep_time 500

If using as IR

Now configure the serverlist.xml file

If using as SP for Marked Blind Signature

The configuration is similar to the case of the IR, some additional notes are reported in this paragraph.

Even if seems stupid in the trustedcerts dir the Certificate of the Service Provider itself must be present, and with its symbolic link as described in CertificationAuthorityManagement.

You can put an empty set of servers to serverlist.xml because you are accepting only your own users. Just add your self to serverlist.xml to manage your own CRL

Then add the services you are blind signing for:

mkdir auth
cd auth
openssl genrsa -out service.key 2048
openssl req -new -x509 -key service.key -out testingservice.pem -days 1000

Publish testingservice.pem on the SP web site

Note: You MUST use files called testingservice.pem and service.key until tickets #30 and #54 are not closed

Remeber to put testingservice.pem in the servicecerts folder later when configuring the ExampleWebApplication

If using as AS

TODO

Run the MultiPurposeServer

If everything goes fine you should find a mps binary file, which usage is

./mps port debug MaxThreads

where port and debug and MaxThreads? are integer values

Higher debug gives more verbosity. Debug = 0 gives no verbosity at all.

Last modified 11 years ago Last modified on Feb 19, 2008, 6:45:51 PM