Default test sign certificates (#105)

* Script for creating certificates

A powershell script that creates a new code signing certificate and exports it to the current directory, with and without a password.

* Add pre-generated signing certificates

Signing certificates to enable development builds to be used with less hassle.
This should not be considered a secret, and it puts at risk any computer that trusts the certificate.

* Use the new repository test cert

Change the CMake defaults to use the new test certificate that is included in the repository for signing the driver and command line utilities.

* Instructions to install test certs

Added instructions to install the test signing certificates on the development and target computers.

contrib/windows/TestCert/README.md

@@ -0,0 +1,15 @@
+### Development
+- Install OpenZFS test certificate
+  - Install `test_sign_cert_nopass.pfx` (password: )
+  - Certificate should be installed into
+    1. "Personal" in "Current User"
+
+### Target
+- Install OpenZFS test certificate
+  - Install `test_sign_cert_nopass.pfx` (password: )
+  - Certificate should be installed into
+    1. "Trusted Root Certification Authority" in "Local Computer" (not current user) *and*
+    2. "Trusted Publishers" in "Local Computer" (not current user)
+- Enable test signing
+  - `> bcdedit.exe /set TESTSIGNING ON`
+  - reboot the system to apply

contrib/windows/TestCert/create_test_sign_cert.ps1

@@ -0,0 +1,28 @@
+#cert stores
+#cert:\localmachine\my
+#Cert:\CurrentUser\My
+
+#config
+$plaintextpwd = 'password1234'
+$subject = "OpenZFS Test Signing Certificate"
+$filename = 'test_sign_cert'
+#$dirname = 'c:\'
+$dirname = ''
+$yearsvalid = 3
+
+#generate
+$date_now = Get-Date
+$extended_date = $date_now.AddYears($yearsvalid)
+$cert = New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -Type CodeSigningCert -Subject $subject -notafter $extended_date
+
+#export with password
+$filepathpass = $dirname + $filename + '_pass.pfx'
+$pwd = ConvertTo-SecureString -String $plaintextpwd -Force -AsPlainText
+$path = 'cert:\CurrentUser\My\' + $cert.thumbprint
+Export-PfxCertificate -cert $path -FilePath $filepathpass -Password $pwd
+
+#export "without" password
+$filepathnopass = $dirname + $filename + '_nopass.pfx'
+$passin = 'pass:' + $plaintextpwd
+&"C:\Program Files\OpenSSL-Win64\bin\openssl.exe"  pkcs12 -in $filepathpass -nodes -noenc -passin $passin | &"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" pkcs12 -export -keypbe NONE -certpbe NONE  -noenc -nomaciter -noiter -nomac -passout pass: -out $filepathnopass
+

module/CMakeLists.txt

@@ -33,10 +33,10 @@ if (NOT "${ZFSIN_SIGNTOOL_CERTSTORE}")
 	set(ZFSIN_SIGNTOOL_CERTSTORE PrivateCertStore CACHE STRING "Name of the certificate store (PrivateCertStore) that contains the test certificate.")
 endif()
 if (NOT "${ZFSIN_SIGNTOOL_CERTNAME}")
-	set(ZFSIN_SIGNTOOL_CERTNAME "Contoso.com(Test)" CACHE STRING "Name of the certificate (Contoso.com(Test)) that is installed in the specified certificate store.")
+	set(ZFSIN_SIGNTOOL_CERTNAME "OpenZFS Test Signing Certificate" CACHE STRING "Name of the certificate (OpenZFS Test Signing Certificate) that is installed in the specified certificate store.")
 endif()
 if (NOT "${ZFSIN_SIGNTOOL_SHA1}")
-	set(ZFSIN_SIGNTOOL_SHA1 "7FAC1AF0A39DF0D2AB9F92D6A544ECECD791D7AB" CACHE STRING "SHA1 of the certificate.")
+	set(ZFSIN_SIGNTOOL_SHA1 "e96bb80ace0b559239c89a425ba0b58d5590fdb3" CACHE STRING "SHA1 of the certificate.")
 endif()
 if (NOT "${ZFSIN_SIGNTOOL_TSA}")
 	set(ZFSIN_SIGNTOOL_TSA "http://timestamp.digicert.com" CACHE STRING "Specifies URL of the TSA (http://timestamp.digicert.com) which will time stamp the digital signature.")