From 32b1b9159782b3910d8e3e9765bb3d4ffb8f1464 Mon Sep 17 00:00:00 2001 From: Lukas Zapletal Date: Wed, 20 Nov 2024 22:25:20 +0100 Subject: [PATCH] test: regenerate X509 test certs --- .gitignore | 2 + sources/test/test_curl_source.py | 10 ++-- test/data/certs/README.md | 50 ++++++++++++++--- test/data/certs/ca/01.pem | 78 +++++++++++++++++++++++++++ test/data/certs/ca/02.pem | 78 +++++++++++++++++++++++++++ test/data/certs/ca/03.pem | 78 +++++++++++++++++++++++++++ test/data/certs/ca/ca.cnf | 38 +++++++++++++ test/data/certs/ca/cert.pem | 78 +++++++++++++++++++++++++++ test/data/certs/ca/crlnumber | 1 + test/data/certs/ca/index.txt | 3 ++ test/data/certs/ca/index.txt.attr | 1 + test/data/certs/ca/index.txt.attr.old | 2 + test/data/certs/ca/index.txt.old | 2 + test/data/certs/ca/key.pem | 28 ++++++++++ test/data/certs/ca/request.csr | 15 ++++++ test/data/certs/ca/serial | 1 + test/data/certs/ca/serial.old | 1 + test/data/certs/ca/temp-cert.pem | 75 ++++++++++++++++++++++++++ test/data/certs/client/cert.pem | 78 +++++++++++++++++++++++++++ test/data/certs/client/key.pem | 28 ++++++++++ test/data/certs/client/request.csr | 15 ++++++ test/data/certs/client1-client.crt | 31 ----------- test/data/certs/client1-client.key | 52 ------------------ test/data/certs/generate-test-certs | 65 +++++----------------- test/data/certs/localhost-server.crt | 31 ----------- test/data/certs/localhost-server.key | 52 ------------------ test/data/certs/server/cert.pem | 78 +++++++++++++++++++++++++++ test/data/certs/server/key.pem | 28 ++++++++++ test/data/certs/server/request.csr | 15 ++++++ test/data/certs/test-ca.crt | 32 ----------- test/data/certs/test-ca.key | 54 ------------------- test/mod/test_testutil_net.py | 10 ++-- 32 files changed, 790 insertions(+), 320 deletions(-) create mode 100644 test/data/certs/ca/01.pem create mode 100644 test/data/certs/ca/02.pem create mode 100644 test/data/certs/ca/03.pem create mode 100644 test/data/certs/ca/ca.cnf create mode 100644 test/data/certs/ca/cert.pem create mode 100644 test/data/certs/ca/crlnumber create mode 100644 test/data/certs/ca/index.txt create mode 100644 test/data/certs/ca/index.txt.attr create mode 100644 test/data/certs/ca/index.txt.attr.old create mode 100644 test/data/certs/ca/index.txt.old create mode 100644 test/data/certs/ca/key.pem create mode 100644 test/data/certs/ca/request.csr create mode 100644 test/data/certs/ca/serial create mode 100644 test/data/certs/ca/serial.old create mode 100644 test/data/certs/ca/temp-cert.pem create mode 100644 test/data/certs/client/cert.pem create mode 100644 test/data/certs/client/key.pem create mode 100644 test/data/certs/client/request.csr delete mode 100644 test/data/certs/client1-client.crt delete mode 100644 test/data/certs/client1-client.key delete mode 100644 test/data/certs/localhost-server.crt delete mode 100644 test/data/certs/localhost-server.key create mode 100644 test/data/certs/server/cert.pem create mode 100644 test/data/certs/server/key.pem create mode 100644 test/data/certs/server/request.csr delete mode 100644 test/data/certs/test-ca.crt delete mode 100644 test/data/certs/test-ca.key diff --git a/.gitignore b/.gitignore index 50a3602f..648277d7 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,5 @@ venv .venv /.tox + +/test/data/certs/lib.sh diff --git a/sources/test/test_curl_source.py b/sources/test/test_curl_source.py index 21e4932e..963fc83e 100644 --- a/sources/test/test_curl_source.py +++ b/sources/test/test_curl_source.py @@ -408,15 +408,15 @@ def test_curl_download_many_mixed_certs(tmp_path, monkeypatch, sources_module, c def test_curl_download_mtls(tmp_path, monkeypatch, sources_service): fake_httpd_root = tmp_path / "fake-httpd-root" cert_dir = pathlib.Path(__file__).parent.parent.parent / "test/data/certs" - cacert = cert_dir / "test-ca.crt" + cacert = cert_dir / "ca/cert.pem" assert cacert.exists() - servercert = cert_dir / "localhost-server.crt" + servercert = cert_dir / "server/cert.pem" assert servercert.exists() - serverkey = cert_dir / "localhost-server.key" + serverkey = cert_dir / "server/key.pem" assert serverkey.exists() - clientcert = cert_dir / "client1-client.crt" + clientcert = cert_dir / "client/cert.pem" assert clientcert.exists() - clientkey = cert_dir / "client1-client.key" + clientkey = cert_dir / "client/key.pem" assert clientkey.exists() monkeypatch.setenv("OSBUILD_SOURCES_CURL_SSL_CA_CERT", cacert.as_posix()) diff --git a/test/data/certs/README.md b/test/data/certs/README.md index c7c4cd38..71fef98b 100644 --- a/test/data/certs/README.md +++ b/test/data/certs/README.md @@ -13,9 +13,47 @@ $ openssl req -new -newkey rsa:2048 -nodes -x509 \ The following files were generated via a shell script named `generate-test-certs` and can be used for MTLS testing: -* `test-ca.crt`: Certificate Authority -* `test-ca.key`: Certificate Authority key without any password -* `localhost-server.crt`: MTLS server certificate signed by `test-ca.crt` -* `localhost-server.key`: MTLS server certificate key without any password -* `client1-client.crt`: MTLS client certificate signed by `test-ca.crt` -* `client1-client.key`: MTLS client certificate key without any password +* `ca/cert.pem`: Certificate Authority +* `ca/cert.key`: Certificate Authority key without any password +* `server/cert.pem`: MTLS server certificate signed by `test-ca.crt` +* `server/key.pem`: MTLS server certificate key without any password +* `client/cert.pem`: MTLS client certificate signed by `test-ca.crt` +* `client/key.pem`: MTLS client certificate key without any password + +Quick test: + +``` +openssl s_server -accept 4433 -www \ + -CAfile ./ca/cert.pem \ + -cert ./server/cert.pem \ + -key ./server/key.pem +``` + +And client: + +``` +openssl s_client -connect localhost:4433 \ + -CAfile ./ca/cert.pem \ + -cert ./client/cert.pem \ + -key ./client/cert.pem +``` + +A python server: + +```python +import http.server +import ssl + +cert_dir = "." +cacert = cert_dir + "ca/cert.pem" +servercert = cert_dir + "server/cert.pem" +serverkey = cert_dir + "server/key.pem" +clientcert = cert_dir + "client/cert.pem" +clientkey = cert_dir + "client/key.pem" +httpd = http.server.HTTPServer(('127.0.0.1', 4433), http.server.SimpleHTTPRequestHandler) +ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile=cacert) +ctx.load_cert_chain(certfile=servercert, keyfile=serverkey) +ctx.verify_mode = ssl.CERT_REQUIRED +httpd.socket = ctx.wrap_socket(httpd.socket, server_side=True) +httpd.serve_forever() +``` diff --git a/test/data/certs/ca/01.pem b/test/data/certs/ca/01.pem new file mode 100644 index 00000000..875f8b3a --- /dev/null +++ b/test/data/certs/ca/01.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=Example CA + Validity + Not Before: Nov 20 21:15:21 2019 GMT + Not After : Nov 20 21:15:21 2037 GMT + Subject: O=Example CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a9:ce:7d:cf:0e:53:8f:1a:96:b4:d5:21:4a:e6: + 8f:f2:f8:24:9a:5a:18:74:50:4d:01:31:78:c6:bd: + ba:a8:a7:62:1c:29:f2:52:be:4d:a9:db:f2:a4:c8: + cc:3c:01:bd:91:81:9d:7d:ae:e4:b4:01:1b:b5:9d: + 6b:80:1e:f3:ae:e3:ba:82:fc:56:3d:87:b7:92:63: + ee:3d:6c:a9:1c:b3:75:2a:b5:f0:44:96:81:93:9c: + 80:5d:c1:c4:23:ca:ee:03:d7:27:05:1e:57:3d:93: + 3f:89:88:25:df:27:35:f3:54:10:55:5c:e6:54:2b: + 23:06:cf:b1:44:db:38:ec:75:1b:bb:85:44:3d:db: + cf:ad:8b:23:13:c3:b9:5b:a8:ab:06:ef:0e:4c:74: + d2:22:c8:25:01:30:bd:3d:63:a7:b2:b0:c9:25:b3: + 26:70:ff:63:8f:40:2a:cd:27:73:d8:d4:0e:64:95: + fe:75:ff:00:d4:78:fe:b0:86:0d:bf:0f:4c:eb:b5: + 97:90:cb:77:8c:0f:53:ca:00:dc:57:82:e8:d6:08: + 8a:06:bc:78:ff:26:ef:d1:f8:b2:7c:b1:4b:28:c5: + 8c:30:14:a3:bc:a8:3c:8c:07:e5:73:de:be:2d:fc: + 55:d8:fd:02:64:87:b0:b5:91:0b:d1:0c:31:e5:b7: + e4:f7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 8D:05:22:3A:EF:F4:DE:43:C8:EF:6C:7C:58:8A:15:B9:83:2D:50:D4 + X509v3 Authority Key Identifier: + 8D:05:22:3A:EF:F4:DE:43:C8:EF:6C:7C:58:8A:15:B9:83:2D:50:D4 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 83:d2:fd:2d:e8:50:c1:34:8d:a9:2e:eb:ba:13:71:2c:f3:c2: + 9b:0f:59:84:46:53:7b:6b:b3:0b:20:50:55:29:62:45:ec:79: + b9:66:6e:3b:13:a1:e3:54:38:c3:f0:41:13:1e:61:cc:53:0e: + 7b:9b:71:30:f4:33:e5:c2:64:88:bc:ab:9d:26:d6:65:f5:09: + 6f:3f:5e:42:6d:8b:50:60:f2:ec:75:48:9d:d2:26:e8:d3:f2: + 0c:d1:e2:6b:ab:9d:f3:2c:96:ee:34:4a:00:f0:87:9c:69:82: + 96:a8:ca:ac:88:87:52:ac:2d:3a:5d:6a:f2:77:43:38:53:88: + 21:c6:c8:62:d6:b6:c7:91:30:29:69:34:3d:75:f2:b4:47:92: + c7:8f:ef:65:54:e0:ce:5c:3f:8f:0b:04:33:1a:1d:22:14:73: + 6c:e7:0f:a5:57:46:8a:64:ce:b4:05:47:b9:34:8d:fb:77:2f: + cb:71:b2:bb:ea:13:ce:66:74:11:d7:d3:b8:fb:14:64:2e:a4: + 5c:d2:11:67:74:d5:a2:9a:b6:85:80:54:be:08:b6:13:b2:33: + 94:a0:ae:52:c8:c2:f6:a7:50:3f:8d:37:7b:f3:f8:32:28:be: + c3:b0:4a:5f:7f:30:00:13:78:db:1e:6f:a6:45:56:d6:ed:6c: + a4:64:d7:30 +-----BEGIN CERTIFICATE----- +MIIDCDCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt +cGxlIENBMB4XDTE5MTEyMDIxMTUyMVoXDTM3MTEyMDIxMTUyMVowFTETMBEGA1UE +CgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKnO +fc8OU48alrTVIUrmj/L4JJpaGHRQTQExeMa9uqinYhwp8lK+Tanb8qTIzDwBvZGB +nX2u5LQBG7Wda4Ae867juoL8Vj2Ht5Jj7j1sqRyzdSq18ESWgZOcgF3BxCPK7gPX +JwUeVz2TP4mIJd8nNfNUEFVc5lQrIwbPsUTbOOx1G7uFRD3bz62LIxPDuVuoqwbv +Dkx00iLIJQEwvT1jp7KwySWzJnD/Y49AKs0nc9jUDmSV/nX/ANR4/rCGDb8PTOu1 +l5DLd4wPU8oA3FeC6NYIiga8eP8m79H4snyxSyjFjDAUo7yoPIwH5XPevi38Vdj9 +AmSHsLWRC9EMMeW35PcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B +Af8EBAMCAQYwHQYDVR0OBBYEFI0FIjrv9N5DyO9sfFiKFbmDLVDUMB8GA1UdIwQY +MBaAFI0FIjrv9N5DyO9sfFiKFbmDLVDUMA0GCSqGSIb3DQEBCwUAA4IBAQCD0v0t +6FDBNI2pLuu6E3Es88KbD1mERlN7a7MLIFBVKWJF7Hm5Zm47E6HjVDjD8EETHmHM +Uw57m3Ew9DPlwmSIvKudJtZl9QlvP15CbYtQYPLsdUid0ibo0/IM0eJrq53zLJbu +NEoA8IecaYKWqMqsiIdSrC06XWryd0M4U4ghxshi1rbHkTApaTQ9dfK0R5LHj+9l +VODOXD+PCwQzGh0iFHNs5w+lV0aKZM60BUe5NI37dy/LcbK76hPOZnQR19O4+xRk +LqRc0hFndNWimraFgFS+CLYTsjOUoK5SyML2p1A/jTd78/gyKL7DsEpffzAAE3jb +Hm+mRVbW7WykZNcw +-----END CERTIFICATE----- diff --git a/test/data/certs/ca/02.pem b/test/data/certs/ca/02.pem new file mode 100644 index 00000000..e7c877d7 --- /dev/null +++ b/test/data/certs/ca/02.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=Example CA + Validity + Not Before: Nov 20 21:15:21 2024 GMT + Not After : Nov 20 21:15:21 2037 GMT + Subject: CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c6:33:69:67:a5:42:27:7c:dc:62:b3:5f:b3:7c: + c0:05:7a:b1:9a:33:b0:62:b0:76:8d:7a:f2:0a:82: + 97:2e:49:33:70:11:12:b7:59:9f:bf:21:f6:e3:b0: + 51:58:e6:b9:3e:fc:5e:05:46:c5:cd:dd:46:9b:45: + 77:73:d0:c8:d5:70:b7:9c:3f:2d:a2:31:a0:9a:53: + e3:24:21:9b:80:92:f9:39:20:cf:9a:73:e5:00:3e: + 65:7a:9a:a8:37:e0:96:38:e0:1a:3a:fe:89:9b:b2: + 81:34:10:16:4f:ff:91:7c:4d:bd:e3:5a:3a:b0:12: + 77:0b:53:56:ad:75:89:49:25:27:08:b9:3c:ac:48: + 07:bf:15:51:8c:4e:25:21:35:51:b5:cf:8e:c8:42: + e9:9b:46:8a:db:f3:3b:d8:13:ec:17:98:ec:f8:ce: + 89:80:14:2d:ad:a4:98:fd:be:64:c8:9e:54:eb:6a: + fc:ee:67:c7:9a:af:a3:e6:17:02:f1:26:e1:d9:29: + 6f:25:87:f2:1a:2e:f4:56:82:a6:bf:bc:3a:93:5b: + 30:e1:07:e2:47:62:e9:39:c1:d9:16:98:55:f1:3e: + 92:be:40:49:2f:2e:0b:ab:d1:72:c3:9c:ae:dd:ac: + 07:d6:92:2b:bb:34:b6:7a:e0:c8:76:af:81:90:ab: + d4:e1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: + 88:AC:B1:BD:03:14:22:F9:23:E2:CB:61:40:73:71:73:E6:9F:FF:C4 + X509v3 Authority Key Identifier: + 8D:05:22:3A:EF:F4:DE:43:C8:EF:6C:7C:58:8A:15:B9:83:2D:50:D4 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 36:56:de:9b:5e:2e:e7:05:e3:1f:a8:2b:f9:9d:c3:f8:d0:eb: + 4b:7a:49:a5:fe:34:ef:a8:f1:5d:3d:eb:6d:db:29:a3:f0:e9: + dd:58:e4:ac:a8:58:1e:df:98:e4:12:86:d0:94:03:44:27:f6: + e3:80:97:41:6b:e0:03:95:22:3e:43:c3:35:83:e0:e7:79:82: + c0:89:c5:4d:d0:a7:21:ac:f8:ed:d7:b5:a1:25:41:fc:68:7e: + d3:43:95:69:60:91:58:6b:fb:2e:61:9f:a0:a1:b9:0f:55:42: + 55:e3:51:42:2d:6d:da:7a:dc:e0:e1:d7:f9:8a:3d:c9:23:dc: + 08:ed:54:19:f0:89:5b:3d:1e:28:3d:d6:a9:65:1d:7f:e7:61: + 1e:62:57:27:9d:07:65:94:b6:be:67:08:71:63:18:73:c2:86: + cb:f1:7f:4f:b0:cc:74:40:3c:71:78:60:f4:71:8d:68:2c:b4: + ba:93:ec:40:c3:02:44:9c:0e:74:4a:50:a0:53:ec:04:52:1e: + e1:78:3b:a5:c0:c8:84:b9:2c:90:ff:33:d3:88:3d:4f:68:0b: + f7:0f:d9:ee:cb:f9:c0:16:42:2c:8f:6b:14:e8:fe:18:e2:40: + 55:28:6e:f5:b0:09:64:51:ad:22:da:fa:af:7f:34:08:7d:c1: + 1b:8f:78:0f +-----BEGIN CERTIFICATE----- +MIIDCzCCAfOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt +cGxlIENBMB4XDTI0MTEyMDIxMTUyMVoXDTM3MTEyMDIxMTUyMVowFDESMBAGA1UE +AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjNp +Z6VCJ3zcYrNfs3zABXqxmjOwYrB2jXryCoKXLkkzcBESt1mfvyH247BRWOa5Pvxe +BUbFzd1Gm0V3c9DI1XC3nD8tojGgmlPjJCGbgJL5OSDPmnPlAD5lepqoN+CWOOAa +Ov6Jm7KBNBAWT/+RfE2941o6sBJ3C1NWrXWJSSUnCLk8rEgHvxVRjE4lITVRtc+O +yELpm0aK2/M72BPsF5js+M6JgBQtraSY/b5kyJ5U62r87mfHmq+j5hcC8Sbh2Slv +JYfyGi70VoKmv7w6k1sw4QfiR2LpOcHZFphV8T6SvkBJLy4Lq9Fyw5yu3awH1pIr +uzS2euDIdq+BkKvU4QIDAQABo2cwZTAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAww +CgYIKwYBBQUHAwEwHQYDVR0OBBYEFIissb0DFCL5I+LLYUBzcXPmn//EMB8GA1Ud +IwQYMBaAFI0FIjrv9N5DyO9sfFiKFbmDLVDUMA0GCSqGSIb3DQEBCwUAA4IBAQA2 +Vt6bXi7nBeMfqCv5ncP40OtLekml/jTvqPFdPett2ymj8OndWOSsqFge35jkEobQ +lANEJ/bjgJdBa+ADlSI+Q8M1g+DneYLAicVN0KchrPjt17WhJUH8aH7TQ5VpYJFY +a/suYZ+gobkPVUJV41FCLW3aetzg4df5ij3JI9wI7VQZ8IlbPR4oPdapZR1/52Ee +YlcnnQdllLa+ZwhxYxhzwobL8X9PsMx0QDxxeGD0cY1oLLS6k+xAwwJEnA50SlCg +U+wEUh7heDulwMiEuSyQ/zPTiD1PaAv3D9nuy/nAFkIsj2sU6P4Y4kBVKG71sAlk +Ua0i2vqvfzQIfcEbj3gP +-----END CERTIFICATE----- diff --git a/test/data/certs/ca/03.pem b/test/data/certs/ca/03.pem new file mode 100644 index 00000000..3b7241df --- /dev/null +++ b/test/data/certs/ca/03.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=Example CA + Validity + Not Before: Nov 20 21:15:21 2024 GMT + Not After : Nov 20 21:15:21 2037 GMT + Subject: CN=John Smith + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d0:3e:17:22:d2:9b:ee:23:32:bb:cf:ee:2a:a1: + a0:6d:3d:80:df:65:7e:13:34:3f:eb:44:dc:74:90: + 7f:8d:9e:c8:95:59:1f:1c:0e:9e:ce:92:cb:7d:6f: + 02:5c:e7:e5:d7:37:2a:fd:d2:6c:6a:ef:39:9f:5f: + d3:76:25:bc:7f:dc:c0:7a:54:35:ab:3d:a1:77:26: + e9:c5:9f:29:98:23:7a:f0:20:f0:5f:b0:e4:07:7f: + 77:c3:82:f1:4d:9b:93:03:0a:65:88:8c:73:e0:6b: + 81:5f:91:50:0c:22:b1:84:ee:68:af:7e:57:c8:1b: + 9a:04:7b:fc:48:4d:5e:66:dd:d9:fa:3b:18:73:81: + ee:c9:c5:ee:f1:01:c4:9a:8f:13:46:15:42:2a:f9: + d6:cc:23:81:06:2a:f2:53:4b:34:83:1a:bd:77:ac: + d6:dd:3a:f6:ce:f6:76:6f:5d:3f:a5:d6:6a:e4:f4: + 40:9f:15:c9:b0:c4:48:8f:f9:bf:cb:44:a1:70:6a: + fc:ab:9b:94:63:6c:7d:7e:8b:0c:cd:ea:4f:84:b2: + a7:09:65:c6:4e:80:57:8d:97:59:91:52:b6:be:0f: + 67:e1:51:f8:ba:e4:f3:7d:8f:44:22:a9:e7:57:08: + e0:2d:ce:20:11:83:b8:cb:65:8d:41:5b:56:f4:b1: + 06:3d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, E-mail Protection + X509v3 Subject Key Identifier: + 21:63:B7:F4:B2:30:E4:00:D8:74:3C:94:42:3D:2E:08:F8:01:66:01 + X509v3 Authority Key Identifier: + 8D:05:22:3A:EF:F4:DE:43:C8:EF:6C:7C:58:8A:15:B9:83:2D:50:D4 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 22:7f:f9:65:ef:22:21:f9:76:ad:99:bd:ae:d6:e7:c1:cb:a7: + 28:9e:34:aa:1e:c6:da:c4:59:f9:14:f4:ee:92:5c:97:f9:13: + b5:9b:ce:4f:89:9b:8f:25:21:0b:2b:b2:5f:d0:65:8e:e0:18: + 1c:c8:5e:ae:df:02:88:98:ec:67:c6:c6:58:39:be:f7:4d:be: + 7f:a2:7d:e8:e8:39:b7:44:1d:17:7c:2c:64:ad:ab:cc:b1:bd: + 69:6b:5a:36:7d:bf:8e:8e:be:78:96:5d:82:27:15:1b:a4:55: + a2:79:8c:c3:b5:00:37:25:9e:84:7a:9f:6c:98:50:07:71:1b: + ac:4c:aa:b9:17:b9:d1:92:83:c4:48:14:97:31:0c:8a:a3:1d: + 8c:a9:90:75:b1:52:70:46:d6:42:09:1d:b3:8b:f5:41:26:23: + 82:77:51:04:18:32:49:f7:52:8a:16:d4:bb:8c:3c:9c:5a:a4: + 98:c3:dd:77:14:0e:f6:f7:6b:08:4a:7c:d9:e1:d5:bc:cc:2c: + 77:23:94:8c:79:a5:7a:94:66:04:3f:11:37:cd:db:9d:f1:6f: + 84:b8:c3:1c:c5:4f:97:b1:6f:ef:fd:f5:93:8f:06:b1:cf:5c: + 92:52:a4:f6:89:ac:13:3e:a8:13:62:39:b5:a3:c5:7e:4e:d0: + e8:54:f8:5a +-----BEGIN CERTIFICATE----- +MIIDEzCCAfugAwIBAgIBAzANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt +cGxlIENBMB4XDTI0MTEyMDIxMTUyMVoXDTM3MTEyMDIxMTUyMVowFTETMBEGA1UE +AwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA+ +FyLSm+4jMrvP7iqhoG09gN9lfhM0P+tE3HSQf42eyJVZHxwOns6Sy31vAlzn5dc3 +Kv3SbGrvOZ9f03YlvH/cwHpUNas9oXcm6cWfKZgjevAg8F+w5Ad/d8OC8U2bkwMK +ZYiMc+BrgV+RUAwisYTuaK9+V8gbmgR7/EhNXmbd2fo7GHOB7snF7vEBxJqPE0YV +Qir51swjgQYq8lNLNIMavXes1t069s72dm9dP6XWauT0QJ8VybDESI/5v8tEoXBq +/KublGNsfX6LDM3qT4Sypwllxk6AV42XWZFStr4PZ+FR+Lrk832PRCKp51cI4C3O +IBGDuMtljUFbVvSxBj0CAwEAAaNuMGwwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQG +CCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUIWO39LIw5ADYdDyUQj0uCPgB +ZgEwHwYDVR0jBBgwFoAUjQUiOu/03kPI72x8WIoVuYMtUNQwDQYJKoZIhvcNAQEL +BQADggEBACJ/+WXvIiH5dq2Zva7W58HLpyieNKoextrEWfkU9O6SXJf5E7Wbzk+J +m48lIQsrsl/QZY7gGBzIXq7fAoiY7GfGxlg5vvdNvn+ifejoObdEHRd8LGStq8yx +vWlrWjZ9v46OvniWXYInFRukVaJ5jMO1ADclnoR6n2yYUAdxG6xMqrkXudGSg8RI +FJcxDIqjHYypkHWxUnBG1kIJHbOL9UEmI4J3UQQYMkn3UooW1LuMPJxapJjD3XcU +Dvb3awhKfNnh1bzMLHcjlIx5pXqUZgQ/ETfN253xb4S4wxzFT5exb+/99ZOPBrHP +XJJSpPaJrBM+qBNiObWjxX5O0OhU+Fo= +-----END CERTIFICATE----- diff --git a/test/data/certs/ca/ca.cnf b/test/data/certs/ca/ca.cnf new file mode 100644 index 00000000..2612e878 --- /dev/null +++ b/test/data/certs/ca/ca.cnf @@ -0,0 +1,38 @@ +[ ca ] +default_ca = ca_cnf + +[ ca_cnf ] +crlnumber = ca/crlnumber +default_crl_days = 365 +default_md = sha256 +default_startdate = 20241120211521Z +default_enddate = 20371120211521Z +policy = policy_anything +preserve = yes +email_in_dn = no +unique_subject = no +database = ca/index.txt +serial = ca/serial +new_certs_dir = ca/ + +[ policy_anything ] +#countryName = optional +#stateOrProvinceName = optional +#localityName = optional +#organizationName = optional +#organizationalUnitName = optional +commonName = optional +#emailAddress = optional + +[ req ] +prompt = no +distinguished_name = cert_req + +[ cert_req ] +CN = John Smith + +[ v3_ext ] +keyUsage =digitalSignature, keyEncipherment +extendedKeyUsage =clientAuth,emailProtection +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer diff --git a/test/data/certs/ca/cert.pem b/test/data/certs/ca/cert.pem new file mode 100644 index 00000000..875f8b3a --- /dev/null +++ b/test/data/certs/ca/cert.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=Example CA + Validity + Not Before: Nov 20 21:15:21 2019 GMT + Not After : Nov 20 21:15:21 2037 GMT + Subject: O=Example CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a9:ce:7d:cf:0e:53:8f:1a:96:b4:d5:21:4a:e6: + 8f:f2:f8:24:9a:5a:18:74:50:4d:01:31:78:c6:bd: + ba:a8:a7:62:1c:29:f2:52:be:4d:a9:db:f2:a4:c8: + cc:3c:01:bd:91:81:9d:7d:ae:e4:b4:01:1b:b5:9d: + 6b:80:1e:f3:ae:e3:ba:82:fc:56:3d:87:b7:92:63: + ee:3d:6c:a9:1c:b3:75:2a:b5:f0:44:96:81:93:9c: + 80:5d:c1:c4:23:ca:ee:03:d7:27:05:1e:57:3d:93: + 3f:89:88:25:df:27:35:f3:54:10:55:5c:e6:54:2b: + 23:06:cf:b1:44:db:38:ec:75:1b:bb:85:44:3d:db: + cf:ad:8b:23:13:c3:b9:5b:a8:ab:06:ef:0e:4c:74: + d2:22:c8:25:01:30:bd:3d:63:a7:b2:b0:c9:25:b3: + 26:70:ff:63:8f:40:2a:cd:27:73:d8:d4:0e:64:95: + fe:75:ff:00:d4:78:fe:b0:86:0d:bf:0f:4c:eb:b5: + 97:90:cb:77:8c:0f:53:ca:00:dc:57:82:e8:d6:08: + 8a:06:bc:78:ff:26:ef:d1:f8:b2:7c:b1:4b:28:c5: + 8c:30:14:a3:bc:a8:3c:8c:07:e5:73:de:be:2d:fc: + 55:d8:fd:02:64:87:b0:b5:91:0b:d1:0c:31:e5:b7: + e4:f7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 8D:05:22:3A:EF:F4:DE:43:C8:EF:6C:7C:58:8A:15:B9:83:2D:50:D4 + X509v3 Authority Key Identifier: + 8D:05:22:3A:EF:F4:DE:43:C8:EF:6C:7C:58:8A:15:B9:83:2D:50:D4 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 83:d2:fd:2d:e8:50:c1:34:8d:a9:2e:eb:ba:13:71:2c:f3:c2: + 9b:0f:59:84:46:53:7b:6b:b3:0b:20:50:55:29:62:45:ec:79: + b9:66:6e:3b:13:a1:e3:54:38:c3:f0:41:13:1e:61:cc:53:0e: + 7b:9b:71:30:f4:33:e5:c2:64:88:bc:ab:9d:26:d6:65:f5:09: + 6f:3f:5e:42:6d:8b:50:60:f2:ec:75:48:9d:d2:26:e8:d3:f2: + 0c:d1:e2:6b:ab:9d:f3:2c:96:ee:34:4a:00:f0:87:9c:69:82: + 96:a8:ca:ac:88:87:52:ac:2d:3a:5d:6a:f2:77:43:38:53:88: + 21:c6:c8:62:d6:b6:c7:91:30:29:69:34:3d:75:f2:b4:47:92: + c7:8f:ef:65:54:e0:ce:5c:3f:8f:0b:04:33:1a:1d:22:14:73: + 6c:e7:0f:a5:57:46:8a:64:ce:b4:05:47:b9:34:8d:fb:77:2f: + cb:71:b2:bb:ea:13:ce:66:74:11:d7:d3:b8:fb:14:64:2e:a4: + 5c:d2:11:67:74:d5:a2:9a:b6:85:80:54:be:08:b6:13:b2:33: + 94:a0:ae:52:c8:c2:f6:a7:50:3f:8d:37:7b:f3:f8:32:28:be: + c3:b0:4a:5f:7f:30:00:13:78:db:1e:6f:a6:45:56:d6:ed:6c: + a4:64:d7:30 +-----BEGIN CERTIFICATE----- +MIIDCDCCAfCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt +cGxlIENBMB4XDTE5MTEyMDIxMTUyMVoXDTM3MTEyMDIxMTUyMVowFTETMBEGA1UE +CgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKnO +fc8OU48alrTVIUrmj/L4JJpaGHRQTQExeMa9uqinYhwp8lK+Tanb8qTIzDwBvZGB +nX2u5LQBG7Wda4Ae867juoL8Vj2Ht5Jj7j1sqRyzdSq18ESWgZOcgF3BxCPK7gPX +JwUeVz2TP4mIJd8nNfNUEFVc5lQrIwbPsUTbOOx1G7uFRD3bz62LIxPDuVuoqwbv +Dkx00iLIJQEwvT1jp7KwySWzJnD/Y49AKs0nc9jUDmSV/nX/ANR4/rCGDb8PTOu1 +l5DLd4wPU8oA3FeC6NYIiga8eP8m79H4snyxSyjFjDAUo7yoPIwH5XPevi38Vdj9 +AmSHsLWRC9EMMeW35PcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B +Af8EBAMCAQYwHQYDVR0OBBYEFI0FIjrv9N5DyO9sfFiKFbmDLVDUMB8GA1UdIwQY +MBaAFI0FIjrv9N5DyO9sfFiKFbmDLVDUMA0GCSqGSIb3DQEBCwUAA4IBAQCD0v0t +6FDBNI2pLuu6E3Es88KbD1mERlN7a7MLIFBVKWJF7Hm5Zm47E6HjVDjD8EETHmHM +Uw57m3Ew9DPlwmSIvKudJtZl9QlvP15CbYtQYPLsdUid0ibo0/IM0eJrq53zLJbu +NEoA8IecaYKWqMqsiIdSrC06XWryd0M4U4ghxshi1rbHkTApaTQ9dfK0R5LHj+9l +VODOXD+PCwQzGh0iFHNs5w+lV0aKZM60BUe5NI37dy/LcbK76hPOZnQR19O4+xRk +LqRc0hFndNWimraFgFS+CLYTsjOUoK5SyML2p1A/jTd78/gyKL7DsEpffzAAE3jb +Hm+mRVbW7WykZNcw +-----END CERTIFICATE----- diff --git a/test/data/certs/ca/crlnumber b/test/data/certs/ca/crlnumber new file mode 100644 index 00000000..8a0f05e1 --- /dev/null +++ b/test/data/certs/ca/crlnumber @@ -0,0 +1 @@ +01 diff --git a/test/data/certs/ca/index.txt b/test/data/certs/ca/index.txt new file mode 100644 index 00000000..dda2393c --- /dev/null +++ b/test/data/certs/ca/index.txt @@ -0,0 +1,3 @@ +V 371120211521Z 01 unknown /O=Example CA +V 371120211521Z 02 unknown /CN=localhost +V 371120211521Z 03 unknown /CN=John Smith diff --git a/test/data/certs/ca/index.txt.attr b/test/data/certs/ca/index.txt.attr new file mode 100644 index 00000000..3a7e39e6 --- /dev/null +++ b/test/data/certs/ca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/test/data/certs/ca/index.txt.attr.old b/test/data/certs/ca/index.txt.attr.old new file mode 100644 index 00000000..00fa1450 --- /dev/null +++ b/test/data/certs/ca/index.txt.attr.old @@ -0,0 +1,2 @@ +unique_subject = no +unique_subject = no diff --git a/test/data/certs/ca/index.txt.old b/test/data/certs/ca/index.txt.old new file mode 100644 index 00000000..d31f40c0 --- /dev/null +++ b/test/data/certs/ca/index.txt.old @@ -0,0 +1,2 @@ +V 371120211521Z 01 unknown /O=Example CA +V 371120211521Z 02 unknown /CN=localhost diff --git a/test/data/certs/ca/key.pem b/test/data/certs/ca/key.pem new file mode 100644 index 00000000..a21d432d --- /dev/null +++ b/test/data/certs/ca/key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCpzn3PDlOPGpa0 +1SFK5o/y+CSaWhh0UE0BMXjGvbqop2IcKfJSvk2p2/KkyMw8Ab2RgZ19ruS0ARu1 +nWuAHvOu47qC/FY9h7eSY+49bKkcs3UqtfBEloGTnIBdwcQjyu4D1ycFHlc9kz+J +iCXfJzXzVBBVXOZUKyMGz7FE2zjsdRu7hUQ928+tiyMTw7lbqKsG7w5MdNIiyCUB +ML09Y6eysMklsyZw/2OPQCrNJ3PY1A5klf51/wDUeP6whg2/D0zrtZeQy3eMD1PK +ANxXgujWCIoGvHj/Ju/R+LJ8sUsoxYwwFKO8qDyMB+Vz3r4t/FXY/QJkh7C1kQvR +DDHlt+T3AgMBAAECggEAD4TRJ6q6BUKbUmSGGefPcRevlLG2OW8bUogYbyVo2UAO +7d8BiAFfbK4u01OMotFP52vunk1tFmxhgWwlJnztrWafpZf1M8NjCgx6+f8jx305 +MJGXJ1WP+xMbAjaSu+iwbwZrSQL4WybJcELSnz3gpt/gbETEwh19IoK5wz67yZRW +MhmgTlX5usv7+FdaEOBl2aMlu4J5YT0k1yeLmTuBFCGYsCDC+bwhGZosbKSW2kFM +Is4i79k9tXtaPFNriQe407JBJpiZYJ6rB0YtfV08hbHbwHriYu7T3JzTwo2gOqni +8xlkYCX6D+CKUsDKfQxAilQqfK/ZPS1cUlMVgexWsQKBgQDaCZzWRhkxut93wzgg +S0JJ2rYcwQwTT3LqfW2zcPD/UkQYx8Z32P7IzjB7ygeH9oRUwOMC9BUCPTlsVGkq +Jf8cu3A1d13385aoDzbo9hg4Zr5Hrr34faOGHW5MetSTpZWFpu2leqSrM2YagnVH +si+lmk+JVotrSrMj4E/Yp7NlJwKBgQDHXyAVPPfOUdNHdOePZQ0KTJllLMVOiNrb +OzEWNAGM7kwgro73iD9mFjZBtXEGBu84NsLJVGMDtdPEuRcagF55r52hJj1O/TuA +XvM00OB32RSOiYwLyWqspBO7c9vJLHXRR86wvpcaMHNd8JLY/PmxAr7KgTkzyRYM +BxJ61jSDsQKBgCIpN2Vq/i+Ic9Kzx2tn3y7rEXVX2ah83ihXFoTywQ9/uCOZyUKl +wOV9SKNcd+mZego9XlPsIg6DwSdz4jY0VdAOnfoChbp/c69JEvVU+V582nsoqaLx +LFmq6skYxY2Md+zExp8SpBIer3Sf0/gztrtffe6qnJVm0sJgNqJfRAApAoGBALCQ +liE49V1LKgnGhqx/maTdYZwwoiyDFw/AxCAdvqHJCLKI5SRjDYKjeTmILqhfy8vE +84zJp0bJ6Nn38XYO6Zxq4vasnu8tZVyyukC0G5cIMSRqvBRUNJzgUnlYifUH4u+M +4Ie2wqr27bTsMaDpqVgSTlWZS8eI9nWAbeVLfwaBAoGBAJNaNYzYVdDKZY7RtINg +OWCNdwlYGCdgy9Lm16XR6sTSqnyUhQNkUcCewcNMPxBAUDJdsoAJE/3mv7tdKu75 +c5aripo7Gh4jSn3YPPzoF4frPUF3J4QVjsesYcQNXYmod9UqX08mvzcToeBcq/ae +v5q6cM/jZOFy9kTaBbYJwhsO +-----END PRIVATE KEY----- diff --git a/test/data/certs/ca/request.csr b/test/data/certs/ca/request.csr new file mode 100644 index 00000000..ed049d86 --- /dev/null +++ b/test/data/certs/ca/request.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWjCCAUICAQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKnOfc8OU48alrTVIUrmj/L4JJpaGHRQTQExeMa9 +uqinYhwp8lK+Tanb8qTIzDwBvZGBnX2u5LQBG7Wda4Ae867juoL8Vj2Ht5Jj7j1s +qRyzdSq18ESWgZOcgF3BxCPK7gPXJwUeVz2TP4mIJd8nNfNUEFVc5lQrIwbPsUTb +OOx1G7uFRD3bz62LIxPDuVuoqwbvDkx00iLIJQEwvT1jp7KwySWzJnD/Y49AKs0n +c9jUDmSV/nX/ANR4/rCGDb8PTOu1l5DLd4wPU8oA3FeC6NYIiga8eP8m79H4snyx +SyjFjDAUo7yoPIwH5XPevi38Vdj9AmSHsLWRC9EMMeW35PcCAwEAAaAAMA0GCSqG +SIb3DQEBCwUAA4IBAQCpB/t+DeDp6ta944UkFCJxoc+BLTf9CG8MeX6eH74rziD4 +e2lkdCTqQzmSpzLe6+phXG3nZUcVCVkceRyVNISSFwTgoeo7lRys/cQlLyA6O2br +g9yRlT1aydW2Te5jhps4sX9MCbkTjUyb4Ugdfqgmo5Ct8WMHB0NsFHuBYnsIGEoq +1VlUr/RY3UTBahMfRlEpt74x+OxEbxfnrVsevLfYDMPYUPzhkVgTGFNpgT3nOmDJ +DWkbA26d8IfcUsIFhMLuliaMkgguM2SGsmJPJXbM7pEHgPDyiqvub1p1ItTsLeGX +mcKjQyo25KtDnog1POSOkN5E7KxaUHDrFe1oP1BD +-----END CERTIFICATE REQUEST----- diff --git a/test/data/certs/ca/serial b/test/data/certs/ca/serial new file mode 100644 index 00000000..64969239 --- /dev/null +++ b/test/data/certs/ca/serial @@ -0,0 +1 @@ +04 diff --git a/test/data/certs/ca/serial.old b/test/data/certs/ca/serial.old new file mode 100644 index 00000000..75016ea3 --- /dev/null +++ b/test/data/certs/ca/serial.old @@ -0,0 +1 @@ +03 diff --git a/test/data/certs/ca/temp-cert.pem b/test/data/certs/ca/temp-cert.pem new file mode 100644 index 00000000..9a3c48dc --- /dev/null +++ b/test/data/certs/ca/temp-cert.pem @@ -0,0 +1,75 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=Example CA + Validity + Not Before: Nov 20 21:15:21 2019 GMT + Not After : Nov 20 21:15:21 2037 GMT + Subject: O=Example CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a9:ce:7d:cf:0e:53:8f:1a:96:b4:d5:21:4a:e6: + 8f:f2:f8:24:9a:5a:18:74:50:4d:01:31:78:c6:bd: + ba:a8:a7:62:1c:29:f2:52:be:4d:a9:db:f2:a4:c8: + cc:3c:01:bd:91:81:9d:7d:ae:e4:b4:01:1b:b5:9d: + 6b:80:1e:f3:ae:e3:ba:82:fc:56:3d:87:b7:92:63: + ee:3d:6c:a9:1c:b3:75:2a:b5:f0:44:96:81:93:9c: + 80:5d:c1:c4:23:ca:ee:03:d7:27:05:1e:57:3d:93: + 3f:89:88:25:df:27:35:f3:54:10:55:5c:e6:54:2b: + 23:06:cf:b1:44:db:38:ec:75:1b:bb:85:44:3d:db: + cf:ad:8b:23:13:c3:b9:5b:a8:ab:06:ef:0e:4c:74: + d2:22:c8:25:01:30:bd:3d:63:a7:b2:b0:c9:25:b3: + 26:70:ff:63:8f:40:2a:cd:27:73:d8:d4:0e:64:95: + fe:75:ff:00:d4:78:fe:b0:86:0d:bf:0f:4c:eb:b5: + 97:90:cb:77:8c:0f:53:ca:00:dc:57:82:e8:d6:08: + 8a:06:bc:78:ff:26:ef:d1:f8:b2:7c:b1:4b:28:c5: + 8c:30:14:a3:bc:a8:3c:8c:07:e5:73:de:be:2d:fc: + 55:d8:fd:02:64:87:b0:b5:91:0b:d1:0c:31:e5:b7: + e4:f7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 8D:05:22:3A:EF:F4:DE:43:C8:EF:6C:7C:58:8A:15:B9:83:2D:50:D4 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 74:89:b9:e1:01:7b:0d:ce:80:06:19:82:25:bb:f3:3a:05:1a: + 86:b2:9d:5b:1f:26:29:f1:38:b7:bc:25:ad:80:98:75:22:05: + 1a:95:77:b5:43:f6:59:fd:66:37:b7:3c:4b:e0:8a:ae:5f:2a: + d4:fd:51:7d:11:00:42:b9:dd:17:4d:9a:cb:cd:03:df:0f:d8: + 65:b3:4c:82:4f:9e:05:74:a7:e1:65:49:ef:a0:ff:58:d7:9b: + 2b:17:51:c0:ad:c3:46:26:4f:e8:bb:78:26:77:84:4e:ed:0a: + b0:66:c0:06:96:bb:b1:ba:8b:c8:de:65:6f:50:6f:88:9b:d9: + ca:99:b6:72:80:7a:5b:d0:9b:f4:30:57:69:28:38:e2:9c:ef: + 6a:8b:c7:fa:2f:29:2f:9f:f5:7d:b9:b1:7f:aa:96:e1:a6:f8: + 98:64:e6:5e:6f:99:25:4f:2e:85:a1:50:5c:3b:1d:d3:1c:39: + 30:7a:e2:70:30:88:12:54:ce:07:8c:46:e5:03:62:ab:ed:d6: + 30:7a:ba:63:bb:36:c8:bb:83:80:73:50:9b:da:ea:4a:d5:00: + 87:af:4d:24:f7:cf:c8:ee:ac:11:4e:c4:94:86:7c:ee:89:76: + fd:ab:71:85:54:ce:70:db:5d:13:b8:54:04:2f:3a:6b:87:97: + 5b:93:52:c8 +-----BEGIN CERTIFICATE----- +MIIC5zCCAc+gAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt +cGxlIENBMB4XDTE5MTEyMDIxMTUyMVoXDTM3MTEyMDIxMTUyMVowFTETMBEGA1UE +CgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKnO +fc8OU48alrTVIUrmj/L4JJpaGHRQTQExeMa9uqinYhwp8lK+Tanb8qTIzDwBvZGB +nX2u5LQBG7Wda4Ae867juoL8Vj2Ht5Jj7j1sqRyzdSq18ESWgZOcgF3BxCPK7gPX +JwUeVz2TP4mIJd8nNfNUEFVc5lQrIwbPsUTbOOx1G7uFRD3bz62LIxPDuVuoqwbv +Dkx00iLIJQEwvT1jp7KwySWzJnD/Y49AKs0nc9jUDmSV/nX/ANR4/rCGDb8PTOu1 +l5DLd4wPU8oA3FeC6NYIiga8eP8m79H4snyxSyjFjDAUo7yoPIwH5XPevi38Vdj9 +AmSHsLWRC9EMMeW35PcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B +Af8EBAMCAQYwHQYDVR0OBBYEFI0FIjrv9N5DyO9sfFiKFbmDLVDUMA0GCSqGSIb3 +DQEBCwUAA4IBAQB0ibnhAXsNzoAGGYIlu/M6BRqGsp1bHyYp8Ti3vCWtgJh1IgUa +lXe1Q/ZZ/WY3tzxL4IquXyrU/VF9EQBCud0XTZrLzQPfD9hls0yCT54FdKfhZUnv +oP9Y15srF1HArcNGJk/ou3gmd4RO7QqwZsAGlruxuovI3mVvUG+Im9nKmbZygHpb +0Jv0MFdpKDjinO9qi8f6Lykvn/V9ubF/qpbhpviYZOZeb5klTy6FoVBcOx3THDkw +euJwMIgSVM4HjEblA2Kr7dYwerpjuzbIu4OAc1Cb2upK1QCHr00k98/I7qwRTsSU +hnzuiXb9q3GFVM5w210TuFQELzprh5dbk1LI +-----END CERTIFICATE----- diff --git a/test/data/certs/client/cert.pem b/test/data/certs/client/cert.pem new file mode 100644 index 00000000..3b7241df --- /dev/null +++ b/test/data/certs/client/cert.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=Example CA + Validity + Not Before: Nov 20 21:15:21 2024 GMT + Not After : Nov 20 21:15:21 2037 GMT + Subject: CN=John Smith + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d0:3e:17:22:d2:9b:ee:23:32:bb:cf:ee:2a:a1: + a0:6d:3d:80:df:65:7e:13:34:3f:eb:44:dc:74:90: + 7f:8d:9e:c8:95:59:1f:1c:0e:9e:ce:92:cb:7d:6f: + 02:5c:e7:e5:d7:37:2a:fd:d2:6c:6a:ef:39:9f:5f: + d3:76:25:bc:7f:dc:c0:7a:54:35:ab:3d:a1:77:26: + e9:c5:9f:29:98:23:7a:f0:20:f0:5f:b0:e4:07:7f: + 77:c3:82:f1:4d:9b:93:03:0a:65:88:8c:73:e0:6b: + 81:5f:91:50:0c:22:b1:84:ee:68:af:7e:57:c8:1b: + 9a:04:7b:fc:48:4d:5e:66:dd:d9:fa:3b:18:73:81: + ee:c9:c5:ee:f1:01:c4:9a:8f:13:46:15:42:2a:f9: + d6:cc:23:81:06:2a:f2:53:4b:34:83:1a:bd:77:ac: + d6:dd:3a:f6:ce:f6:76:6f:5d:3f:a5:d6:6a:e4:f4: + 40:9f:15:c9:b0:c4:48:8f:f9:bf:cb:44:a1:70:6a: + fc:ab:9b:94:63:6c:7d:7e:8b:0c:cd:ea:4f:84:b2: + a7:09:65:c6:4e:80:57:8d:97:59:91:52:b6:be:0f: + 67:e1:51:f8:ba:e4:f3:7d:8f:44:22:a9:e7:57:08: + e0:2d:ce:20:11:83:b8:cb:65:8d:41:5b:56:f4:b1: + 06:3d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, E-mail Protection + X509v3 Subject Key Identifier: + 21:63:B7:F4:B2:30:E4:00:D8:74:3C:94:42:3D:2E:08:F8:01:66:01 + X509v3 Authority Key Identifier: + 8D:05:22:3A:EF:F4:DE:43:C8:EF:6C:7C:58:8A:15:B9:83:2D:50:D4 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 22:7f:f9:65:ef:22:21:f9:76:ad:99:bd:ae:d6:e7:c1:cb:a7: + 28:9e:34:aa:1e:c6:da:c4:59:f9:14:f4:ee:92:5c:97:f9:13: + b5:9b:ce:4f:89:9b:8f:25:21:0b:2b:b2:5f:d0:65:8e:e0:18: + 1c:c8:5e:ae:df:02:88:98:ec:67:c6:c6:58:39:be:f7:4d:be: + 7f:a2:7d:e8:e8:39:b7:44:1d:17:7c:2c:64:ad:ab:cc:b1:bd: + 69:6b:5a:36:7d:bf:8e:8e:be:78:96:5d:82:27:15:1b:a4:55: + a2:79:8c:c3:b5:00:37:25:9e:84:7a:9f:6c:98:50:07:71:1b: + ac:4c:aa:b9:17:b9:d1:92:83:c4:48:14:97:31:0c:8a:a3:1d: + 8c:a9:90:75:b1:52:70:46:d6:42:09:1d:b3:8b:f5:41:26:23: + 82:77:51:04:18:32:49:f7:52:8a:16:d4:bb:8c:3c:9c:5a:a4: + 98:c3:dd:77:14:0e:f6:f7:6b:08:4a:7c:d9:e1:d5:bc:cc:2c: + 77:23:94:8c:79:a5:7a:94:66:04:3f:11:37:cd:db:9d:f1:6f: + 84:b8:c3:1c:c5:4f:97:b1:6f:ef:fd:f5:93:8f:06:b1:cf:5c: + 92:52:a4:f6:89:ac:13:3e:a8:13:62:39:b5:a3:c5:7e:4e:d0: + e8:54:f8:5a +-----BEGIN CERTIFICATE----- +MIIDEzCCAfugAwIBAgIBAzANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt +cGxlIENBMB4XDTI0MTEyMDIxMTUyMVoXDTM3MTEyMDIxMTUyMVowFTETMBEGA1UE +AwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA+ +FyLSm+4jMrvP7iqhoG09gN9lfhM0P+tE3HSQf42eyJVZHxwOns6Sy31vAlzn5dc3 +Kv3SbGrvOZ9f03YlvH/cwHpUNas9oXcm6cWfKZgjevAg8F+w5Ad/d8OC8U2bkwMK +ZYiMc+BrgV+RUAwisYTuaK9+V8gbmgR7/EhNXmbd2fo7GHOB7snF7vEBxJqPE0YV +Qir51swjgQYq8lNLNIMavXes1t069s72dm9dP6XWauT0QJ8VybDESI/5v8tEoXBq +/KublGNsfX6LDM3qT4Sypwllxk6AV42XWZFStr4PZ+FR+Lrk832PRCKp51cI4C3O +IBGDuMtljUFbVvSxBj0CAwEAAaNuMGwwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQG +CCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUIWO39LIw5ADYdDyUQj0uCPgB +ZgEwHwYDVR0jBBgwFoAUjQUiOu/03kPI72x8WIoVuYMtUNQwDQYJKoZIhvcNAQEL +BQADggEBACJ/+WXvIiH5dq2Zva7W58HLpyieNKoextrEWfkU9O6SXJf5E7Wbzk+J +m48lIQsrsl/QZY7gGBzIXq7fAoiY7GfGxlg5vvdNvn+ifejoObdEHRd8LGStq8yx +vWlrWjZ9v46OvniWXYInFRukVaJ5jMO1ADclnoR6n2yYUAdxG6xMqrkXudGSg8RI +FJcxDIqjHYypkHWxUnBG1kIJHbOL9UEmI4J3UQQYMkn3UooW1LuMPJxapJjD3XcU +Dvb3awhKfNnh1bzMLHcjlIx5pXqUZgQ/ETfN253xb4S4wxzFT5exb+/99ZOPBrHP +XJJSpPaJrBM+qBNiObWjxX5O0OhU+Fo= +-----END CERTIFICATE----- diff --git a/test/data/certs/client/key.pem b/test/data/certs/client/key.pem new file mode 100644 index 00000000..3b26af87 --- /dev/null +++ b/test/data/certs/client/key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDQPhci0pvuIzK7 +z+4qoaBtPYDfZX4TND/rRNx0kH+NnsiVWR8cDp7Okst9bwJc5+XXNyr90mxq7zmf +X9N2Jbx/3MB6VDWrPaF3JunFnymYI3rwIPBfsOQHf3fDgvFNm5MDCmWIjHPga4Ff +kVAMIrGE7mivflfIG5oEe/xITV5m3dn6Oxhzge7Jxe7xAcSajxNGFUIq+dbMI4EG +KvJTSzSDGr13rNbdOvbO9nZvXT+l1mrk9ECfFcmwxEiP+b/LRKFwavyrm5RjbH1+ +iwzN6k+EsqcJZcZOgFeNl1mRUra+D2fhUfi65PN9j0QiqedXCOAtziARg7jLZY1B +W1b0sQY9AgMBAAECggEALEdrlXq5b8U5ujBAKP31lgzcHIRg7rXvOnhJtRptmOAw +r/sDj6x3LZ8OmFUUqEsh9uVy5YZLCeDkvIP8e5SSFJEMt2Y1BDymWubiEeSiTEiN +EUa7veknz4VV4rNy2kjwlVauWL7eu9M4Luk/31i4LPchuOExSqo90WLItdoHrvDu +tGR5YnxtZvddtT/NTv8aGwShG6clC3xgXIf6Wtx1hQKGvKTUxW7Y/2Sgt9aqewnY +Ah2xlyvAKj4TpPYXxbBXjUx36VuakhJ8eDfo71PA+bt9bKS/027+55JW1JznBJJa +ZxQRC1RzKD/VN00x1PGRNQOrM25qq8KsrGXQT9tRWQKBgQDuoQI3AIoAHW9PWGXV +NDv1kHarJF5Ucg+xuzYtsgdriOrKKaBrOHGDq2MyHkZtD577e+/vYB7fE/M/79PJ +rjTS4/ELgJqdQjO3Y57H335zpIDt/tIWOQOAZPNb1Pb8Hy3A5A8I77xneYs3wssC +i8tN6Vgi+m+4HNBRYSPu2o2g+QKBgQDfZtAuWqUCVhxUfqMsEWc8EvAvgtNJwjMB +hkcq0d4qTkO0G0suTcIbe8LrGaTb3Dd2Pq65fiv4KmigQtR/NW7VfFUtsFQk/lgQ +HL5sI6IUOAjFjcukEO9clXDon8h1Qg1ceEuJWMhbuYXcXDnKFcIosbkIdt/dY320 +9KZCunmkZQKBgQCZGjSRlYb1C+2eutibMihGJan9pBfhlkz7e2IHb3HTTMVXb928 +7TnngM7kGQiWcK9QKvSGYOVtux8Wpoj7nQnHRPgiqSCKRS9pOkFle79l8uXFzPh9 +yZa1ig+Zm8nbeSWh3LDIywfWW+U2oYQe3hJSqqQhzQxg1BvUGr8zQIYeAQKBgCGS +uOyOcMfmGwHTuj/wKZyMmA370jb+eV3cSSu1OHcRJfmWNHkz9Fze/48HXpAwCyG5 +D9cOkBsOfITBJmArrolk0wQ3wJ2Cn8dkGnXz8PKq7R6LTbRNWzuFtd8vzBdbItjn +typf7lRikCxqq8Cj/nbRJqaP/tqtjgG41pemoItFAoGBAI7T+k/fUdpK1iQVT5Mf +DPrssp8l+0b+cBl1fYqpEcZXSHfytucfP7/xu4aklK/8mv7ThWLmAMCC/rCWPJoT +wtIlkz1Fu4la8auKmTrM2QU1LOqDLDPQ0m2shdipUoqYP+0lMYHko/h31tNhDeaI +xe179xoblangHrty+MZcFJyi +-----END PRIVATE KEY----- diff --git a/test/data/certs/client/request.csr b/test/data/certs/client/request.csr new file mode 100644 index 00000000..5427884c --- /dev/null +++ b/test/data/certs/client/request.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWjCCAUICAQAwFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBANA+FyLSm+4jMrvP7iqhoG09gN9lfhM0P+tE3HSQ +f42eyJVZHxwOns6Sy31vAlzn5dc3Kv3SbGrvOZ9f03YlvH/cwHpUNas9oXcm6cWf +KZgjevAg8F+w5Ad/d8OC8U2bkwMKZYiMc+BrgV+RUAwisYTuaK9+V8gbmgR7/EhN +Xmbd2fo7GHOB7snF7vEBxJqPE0YVQir51swjgQYq8lNLNIMavXes1t069s72dm9d +P6XWauT0QJ8VybDESI/5v8tEoXBq/KublGNsfX6LDM3qT4Sypwllxk6AV42XWZFS +tr4PZ+FR+Lrk832PRCKp51cI4C3OIBGDuMtljUFbVvSxBj0CAwEAAaAAMA0GCSqG +SIb3DQEBCwUAA4IBAQChIayigweLLdJY3Wu9P+qr6KihJOqkZrVOUHzoXd03lSg3 +/1nGbjzyOgEklm7P/mjojbucuByDYdXw7gbrgGzHSC9pRbYZGZHnmA2eCHJplJEn +em/75ZHjxbOSEic8SgOml9ppiQB9CYvd95bVRe0Xw8wxmIcUFEQxA6Kc8lw6a6C5 +rf8cqPvTUNBqoB35Ge+MapGxfnEeKz1pr9/tgEpDrBIgEJJm9S67Vrw7ug0M/jHh +EiZfkbjQVEB8lRVz+TB06i5IKQpCEFAlfISgTqxIe2tPj/9Lx0yL4yCdlf78zpnh +dujpaprSCSKpuZdP38cgKC0NDftDKgDnDwMF1PjG +-----END CERTIFICATE REQUEST----- diff --git a/test/data/certs/client1-client.crt b/test/data/certs/client1-client.crt deleted file mode 100644 index 9ba75c1e..00000000 --- a/test/data/certs/client1-client.crt +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFWjCCA0KgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEL -MAkGA1UECAwCQ0ExFDASBgNVBAoMC0V4YW1wbGUuY29tMRMwEQYDVQQDDApFeGFt -cGxlIENBMCAXDTI0MTAyMzEzMDM0NFoYDzIwNTIwMzA5MTMwMzQ0WjBCMQswCQYD -VQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAoMC0V4YW1wbGUuY29tMRAwDgYD -VQQDDAdjbGllbnQxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuuy4 -iQt9bvKByyjS5Ij/TquuoKzGhyhCgzECF17K7EcbWNUhsC37g3OZgSgE2kONYSrl -vZ2aKJNcZiIa33uXA8iQH0ewtPMWFujMlCs4ehQsbOflthwSqWymmIsSuazvEaEj -o1IqmQ5nJGDiNsF1IP5KN3mpSiQllweNlqXrWZZ2oUwBFhLt0bJ13GYhNLYMYHmU -QSgBj2XxvXwpwAcpNHrxZ7goboJAVaCiYXPDQUtOqs4GfNE85LqIrXcE70RXDq1z -7MYoKKrlMWD9Nk2+0qhIbB4azSmqTkDARG1iMAfBfZrDQcPGl4SHr2+cvk9uek/C -srYMJ6HkebZ9e4zhpm9z0rUy485pcmvmLuVbm+JHi/oUcPVvByOtxt1QB23fYg6z -oGkz7s4ABvrNP7HloWJ4hx+l/dmlc5Yn/WWsTYScmkzNCGmtvhS/EcVGKFiBTjGP -px71hakaJnhRz0Jj0/yFe2Ib0AaaSEC+bzYa5OM4/wPMPJs9j7aigrrFsq/Qdqwl -nuKXmFfo90QEa+tjJPtgupb+EDp1xSerZI6WmvVGvpoIg24n+PajNYpOEadfE8w8 -JeM5jkCQ9no49iPdQCwEOajrLvt+KgiEackhS0SqbzqAKQ0TVXLP4rrwMwZ7lZVN -IxP2OwdyyAmWfavBLMJ+xs+zWGFpsTqfeZ4Fbk8CAwEAAaNWMFQwEgYDVR0RBAsw -CYIHY2xpZW50MTAdBgNVHQ4EFgQUMLJqkrtwFTHSQNU3SQfhRZi4UUYwHwYDVR0j -BBgwFoAUnz8o3kOYsSYcCP6Bm4vPuERJN2kwDQYJKoZIhvcNAQELBQADggIBAI3O -Tu/wKEt+HDd3wZyvfPMortWcxAEm1B5fLW5OeWeyU44xLW8AJqmyKxmHJM+Eq0tW -jVDiiZWcqPfCJFNEL+DNacM1beC7lzR63H4JltQLG8j3MLSZK+t6mIC/erov1Ql/ -P7T9qvAoUSfS3n7g6yW5uKiQjaFW6lX0HOr9IfxZFdqfHOJ+nVblNREoyTDfYUAK -HZgxrGYO/0/hPB6zziFchfigWD0QQVL1s3+cJNfTmNhw3Xu0/sOMLzhKIKuNYAak -ohON2HXpgZViOdLeA79vKsVQ/rf6VrwU+Ev3oLTp2Gsiqp/h4E21OE9/27Co9wDi -khVA5eaHudciOZo1XgDS8beZmcI+IgYZTEiEkpC1yLqfg1Y4t7ubEq/OikmF8L55 -9Zt/sZxz8TSIzG7m+1j8Tv/EgqA3sQ96gTIQe8y4hGp7jYbsOINLrOc7W0y5N+Yb -zt/beUYso0CLZQ+ys25rfYK1uWFgYFCYOqw83yud0oMNndOeKTs4MuP5ozPVa0wm -4BdEfwQViTR+Ush9t8C+mtfYhV78odOivt61AGyo8gU+SS4fw4VdTkt085UkwlOx -5bCAJCcy5PLx8nq7o4Aq8gNoMmRCgwLgKfohv2cqxbWCw9VyxkxaGpC7mCs0SPXP -DnIPOwuJpf1vmhgmc5RfT9FbZSUTLvtGf5a5q5e0 ------END CERTIFICATE----- diff --git a/test/data/certs/client1-client.key b/test/data/certs/client1-client.key deleted file mode 100644 index cdfd6872..00000000 --- a/test/data/certs/client1-client.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC67LiJC31u8oHL -KNLkiP9Oq66grMaHKEKDMQIXXsrsRxtY1SGwLfuDc5mBKATaQ41hKuW9nZook1xm -Ihrfe5cDyJAfR7C08xYW6MyUKzh6FCxs5+W2HBKpbKaYixK5rO8RoSOjUiqZDmck -YOI2wXUg/ko3ealKJCWXB42WpetZlnahTAEWEu3RsnXcZiE0tgxgeZRBKAGPZfG9 -fCnAByk0evFnuChugkBVoKJhc8NBS06qzgZ80TzkuoitdwTvRFcOrXPsxigoquUx -YP02Tb7SqEhsHhrNKapOQMBEbWIwB8F9msNBw8aXhIevb5y+T256T8KytgwnoeR5 -tn17jOGmb3PStTLjzmlya+Yu5Vub4keL+hRw9W8HI63G3VAHbd9iDrOgaTPuzgAG -+s0/seWhYniHH6X92aVzlif9ZaxNhJyaTM0Iaa2+FL8RxUYoWIFOMY+nHvWFqRom -eFHPQmPT/IV7YhvQBppIQL5vNhrk4zj/A8w8mz2PtqKCusWyr9B2rCWe4peYV+j3 -RARr62Mk+2C6lv4QOnXFJ6tkjpaa9Ua+mgiDbif49qM1ik4Rp18TzDwl4zmOQJD2 -ejj2I91ALAQ5qOsu+34qCIRpySFLRKpvOoApDRNVcs/iuvAzBnuVlU0jE/Y7B3LI -CZZ9q8Eswn7Gz7NYYWmxOp95ngVuTwIDAQABAoICABJdR2lPaQIJbpmtvRUZezEY -yjicQN+ZI6UNSjikO34oeOtVT9Cl89vfnj6DgVaK5HeeEKF8Zl+DesRzUqiPf9qt -+FraXuX9gTdm+me5h1GXFyDr94mDYIynUVwTQxey1xn9oX6zh96EUmXPOZT06gj/ -x/2DRQ/fqpcX9Yp4v+fhUcOvBTxMnR4eUQNXlVOUacrgpvbFHhd0heIpMgDdCJNQ -sNQ70jJpNuDdaJaib5XD9vVDoHzgIay8bB5+tEwS2Wq7vR6PU/VgNNGRHHoappto -+mnaMKU6FAf0HJpHFNUbLfX6dSHKQNc0p2VOVdvspIdSZr0gCDmskhcocqjnbRO9 -zVC1EOVTZYHL/HEtF5WW76CbtghfHDCSp0gq2nNSBdAxyOJE75xzApX5cwRZ93cW -+mHV0S2E02JMYsL4icFWmtaT+dHlwTlmEh9HEXynGEdI25MAb1TB/IVhgtaBOCNl -KCC6q8WHNTr50laJtwF2hFLyDuv7JZ3Zals678rt0+Gflt8DT7biDJjvTak5/ecI -SBDdIdr1iYlLxjd8qwBGEFm3arCDRTC6BRGPl2Vul2fGVMIZxY3qYRkVb+GEeZFC -PC/0RQFWdUSue/MZkcpPPbUhvUX8B74KuyNJF7SGWia7u+CZr3jTRPCFZegpTU38 -9kLEzHbkgFy6Raiix6qhAoIBAQDuerqsu2PNMCcwFrlfzwt48eqYw1YiIbjRjUZF -NYa3ZEY7WQ4xFoY5ATMDgD0QEIgFGi4d+uNA6Zgx4zEj2V7/xDWmGu2DM4pG7dk/ -WCgDZsKq7fM61o6bmlP3vq/aUADeu1FUCyyz+N+DmxlzsCNiyw06hrj3eSc6fiUk -NrujP1tyeF9J1Uo08OKQKBoxMvFsZLX5qTOdQA+jcWRZryW6795MThaJmhBZBrqe -wTDZf8EJ9AjKQ3m6lF/hzHjpSkjLvbwzKZsHLZeUlV5wp2aiN3c9rPZ45zzL6OFG -98eeqLW8MIWrwEuTLPHMWg1bPxH8j2acxYCA6kdxTMUFQD/dAoIBAQDIqFx7+LQo -cmT92uqsKlSQx+RBgpALeTad8P8ausfj+VnCxVZZHsjolRSxjJt7kHVMWIlz2D6Q -2hv4gQvY/QCilB5MBxBC948RRNd2QqyaCWFV2h06R8pql6Z5QAz0q0IuIv3+77V+ -amaaXLvcR23JW32lXEghPRRJIqS7tNkjaOQqcT1+1U17u8rb/otrVunIl6v7bXTJ -I06Q6oK3UsWbOO67gIm0/KctC9MAZj5zxRgBIkxWasY5ywrbtkWanfoj/rq5kyCs -HQZL1K/Wc+hN8hRD+pjlKRkjAxNPKpySqGu6Qqo6I7SALv8gFqGl6C7T+T81jqTk -m/3M1URZx1obAoIBAAOLU2bpygvsoUh3rf2ciCEeB0yJ6qfLNIH4xYiVyRDErr6H -DkzwdsI2IFn29/FbLYpV30WWyvXWAusK41oTCvRmKB313H3MsEtpkYb9emrChjYg -HzNKqQfq/UB7VwW5lqm4wvaqy9lI45mDHpe3kG8RcXrjMbCL3mdiJI8rORKuCF/l -JhVk1BuBUPyve+QrS6c+v+2b9CZsI09cig9DKR5kHjuoFXGqFoAcN33QhTdWTLon -JFJNOmvpdJtYfJuK/RX6Fef0wFcU+GG+7o5iDoZuqJkEDw2w8hhdt6tkV1UmUL0h -Q3tP+k+PpXBSDkzC3TORtgaycLx5vuISMANp9wkCggEACveYxnXbcvJ9rppOhUZz -BM7IHQSD1vyzDYLkjpNy5XT1gP3EMG7MUFoFnYav4NsObjPQn3JMSSKCsNxsx1lc -tYYe+czRCLf7K9h1ZlNSl8C3fzfCrTLLT3Qmdy4XBzBtF5R2CX8UjmpGXV2ALxQA -XicQAP/AOYDbIPwxwMirrZHIFsHFuK7z4zVqawfImv9PG9WeYsmivnOdkbIfnuF5 -R3ifI8RswmWkxYOF7tmnxDAblcRII9kGKJZ+a2/U8hR8XYdIsWfnO0EC3RYs3i3L -nqcCkIyb2rqaUx2R6pvLnwBxkuad4zucW/01mI1kHGtKU++lksnPHWehQZbOe5G3 -zQKCAQEAvclCB7rC3ZuFFYAaAdyb8eIji0nnbLh/kGXHiLZMjkAvrIPy5bXxD+BH -xPde2VBGo5HgG6xiUTthw7CcpU33Z31+bYhmTLnYl2BhIWsgzEJpamVLHzOJRIG5 -0QBuL26yAdDd2vLHfvtjGpGWtQc8NCgV37KdkjWq/b7Hi0MoeeWQd1T3c/jhegWU -9GV9hc4A+Y9Dtu7JM2TR2PmgWHMTlAYOzHWRUjO8P6B/laSREC2SZ7Isx6v+Rx2y -tpWJk+LqRg5eRMPQ4C0p3GK0lzTO8K0YioP9J7Y7Y1uJKlnSmRiTRCpT1RpTwLPo -P9go6JeM/tWfrt16799jK62c6g9CDQ== ------END PRIVATE KEY----- diff --git a/test/data/certs/generate-test-certs b/test/data/certs/generate-test-certs index 84ac996b..7065f044 100755 --- a/test/data/certs/generate-test-certs +++ b/test/data/certs/generate-test-certs @@ -1,56 +1,17 @@ #!/bin/bash -e -# Script tested only on Fedora, CentOS or RHEL +wget -nc https://raw.githubusercontent.com/redhat-qe-security/certgen/refs/heads/master/certgen/lib.sh +source lib.sh -# server certificate common name (hostname) -SERVER_CN=${1:-server.example.com} +x509KeyGen ca +x509KeyGen server +x509KeyGen client +x509SelfSign --notAfter "13 years" -t ca ca +x509CertSign --notAfter "13 years" --CA ca -t webserver server +x509CertSign --notAfter "13 years" --CA ca -t webclient client -# client certificate common name (hostname, uuid) -CLIENT_CN=${2:-client.example.com} - -SUBJECT="/C=US/ST=CA/O=Example.com" -CA_CN="Example CA" -DAYS=9999 -PASSCA=pass:temporary_password -PASSSV=pass:temporary_password -PASSCT=pass:temporary_password - -# test-ca.crt -openssl genrsa -passout $PASSCA -des3 -out test-ca.key 4096 -openssl req -passin $PASSCA -new -x509 -days $DAYS \ - -key test-ca.key -out test-ca.crt -subj "$SUBJECT/CN=${CA_CN}" -openssl x509 -purpose -in test-ca.crt -openssl x509 -in test-ca.crt -out test-ca.pem -outform PEM - -# server.crt -openssl genrsa -passout $PASSSV -des3 -out $SERVER_CN-server.key 4096 -openssl req -passin $PASSSV -new -key $SERVER_CN-server.key -out server.csr \ - -addext "subjectAltName = DNS:${SERVER_CN}" \ - -subj "$SUBJECT/CN=${SERVER_CN}" -openssl x509 -req -passin $PASSCA -extfile /etc/pki/tls/openssl.cnf \ - -extensions usr_cert -days $DAYS -in server.csr \ - -extensions SAN -extfile <(cat /etc/pki/tls/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:${SERVER_CN}\n")) \ - -CA test-ca.crt -CAkey test-ca.key -set_serial 01 -out $SERVER_CN-server.crt -openssl x509 -purpose -in $SERVER_CN-server.crt -openssl rsa -passin $PASSSV -in $SERVER_CN-server.key -out $SERVER_CN-server.key -openssl x509 -in $SERVER_CN-server.crt -out $SERVER_CN-server.pem -outform PEM - -# client.crt -openssl genrsa -passout $PASSCT -des3 -out $CLIENT_CN-client.key 4096 -openssl req -passin $PASSCT -new -key $CLIENT_CN-client.key \ - -addext "subjectAltName = DNS:${CLIENT_CN}" \ - -out client.csr -subj "$SUBJECT/CN=${CLIENT_CN}" -openssl x509 -req -passin $PASSCA -days $DAYS \ - -extfile /etc/pki/tls/openssl.cnf -extensions usr_cert \ - -extensions SAN -extfile <(cat /etc/pki/tls/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:${CLIENT_CN}\n")) \ - -in client.csr -CA test-ca.crt -CAkey test-ca.key -set_serial 02 -out $CLIENT_CN-client.crt -openssl x509 -purpose -in $CLIENT_CN-client.crt -openssl rsa -passin $PASSCT -in $CLIENT_CN-client.key -out $CLIENT_CN-client.key -openssl x509 -in $CLIENT_CN-client.crt -out $CLIENT_CN-client.pem -outform PEM - -# print and verify -openssl x509 -in test-ca.crt -text -noout -openssl x509 -in $SERVER_CN-server.crt -text -noout -openssl x509 -in $CLIENT_CN-client.crt -text -noout -openssl verify -CAfile test-ca.crt $SERVER_CN-server.crt -openssl verify -CAfile test-ca.crt $CLIENT_CN-client.crt +openssl x509 -in ca/cert.pem -text -noout +openssl x509 -in server/cert.pem -text -noout +openssl x509 -in client/cert.pem -text -noout +openssl verify -CAfile ca/cert.pem server/cert.pem +openssl verify -CAfile ca/cert.pem client/cert.pem diff --git a/test/data/certs/localhost-server.crt b/test/data/certs/localhost-server.crt deleted file mode 100644 index acc3951a..00000000 --- a/test/data/certs/localhost-server.crt +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFXjCCA0agAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEL -MAkGA1UECAwCQ0ExFDASBgNVBAoMC0V4YW1wbGUuY29tMRMwEQYDVQQDDApFeGFt -cGxlIENBMCAXDTI0MTAyMzEzMDM0M1oYDzIwNTIwMzA5MTMwMzQzWjBEMQswCQYD -VQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAoMC0V4YW1wbGUuY29tMRIwEAYD -VQQDDAlsb2NhbGhvc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCh -AVR/jYDEx5LrdrnFf+qicMkDsiYiHJf5K5sXsaJmH6wCGnXrNElHApEzhM6i+vMS -LF6b87aTNaMyIKDuF5/UaLxe9LwE9SJYv8MKaLq64f+38NhI8cOuseiclLtfgW2h -RDtdLi60geywpmCpNY3WmaAqPBy/ZLP+UZLLQuHj7Mbe+/zSTJOvauIuQfi46L02 -n3menynPpPj6U6fR+z5gRYAAhdEMCK41UujVgoWEJ7jn9Mkj7DnqdgpWT7IkIS3o -C9b63D+qAoXNIKoNxsOv+HRKaAZ3kIT8F/n7/U4cYw/TiAVIqs7uGkCLaCh0OWMI -TlRxJQU7kzRoaCzc0XL89JHOEnSOCCFkNSbPobpdK0CHNxpJ4LB/U1ctMI4Sn2XB -17IgbLyTGVLZOQhJKIMCvbEoUpngjYygJK2FdCbkFakgP7RQHAjQ7wayJdRqfoOs -UsBAAMiGoCvstuvYcdfBs/XTJr++0D4H2HOm7saALhmfqNVVPUIQXcm5NazeIpnw -Ck9LpeyVrouP/KcI1CtK5rm5BCDfT/oK9nczTkGCSRHLp/jxzsMTNY8LD52Dj3/f -y9fy+D6ifxlRz6htTNG4FoWtwbRjaAPmX8n4GPrFcmqglmtUHQ1vs252Qyk+NDoa -74kzXoLr9g2/gEB4I6X67eE/vIQ8Z/z7iEA+zDiGHwIDAQABo1gwVjAUBgNVHREE -DTALgglsb2NhbGhvc3QwHQYDVR0OBBYEFJkwfQk1qwA2ac6j0XkmV+9MLYLZMB8G -A1UdIwQYMBaAFJ8/KN5DmLEmHAj+gZuLz7hESTdpMA0GCSqGSIb3DQEBCwUAA4IC -AQBwEvBjEONESrKRhtHFxKhzZ4etPLPHI2hCKpJ7xiABfTkd366povDAyhNQCD5Y -tmexcLiYTmfPaHamcUzMDUFNuaAz1pbF7SGJxt5ppr8OwK/Gr1cSaUIq23UzQW9e -FqE94gdkYf7+mjYU68TR2BLwqqCQDJvb+/XO5uqXwzxMoRDXwDapT4Pt507odHMp -AmP/n2JKRysFP2PNc4vc5pphvWtQ44eX2K0Nl0eVdZiCdS7sKc1eFmkwupvenq8x -Pgdu9oh7PQFn7TGGcV4P1EsF7HbpwYJc7CBFxMd+E0uoNhcSDXoyjHLQzV1Wjykg -STh44YzSzeMsWf3jiKQKx1/ky4ZSy/cq+iaNuowY2Nqb+mdtQ8ukU71eAiRinqRt -YALcUuexLFsnYKbVxob3eryIm7kesxuJ7nroyiWmfa6w6cArcZoBM7P1devM+1h9 -lxIyFKRWONvzqm+5wGx+U1TIiYI78zJ1oTwzQGBbhSz94QvHzjqj9a1i77cgl6uX -q+AVHMb6JW+SojrpROxjNA0Iwqki8b4COIpjzoN7x+dpLo6bqXatv+9aGZZ6MRk6 -koFMwKFHzpCqd1Uoqp9MntyiYL1WvNVLxM+nrql1HfBcrUuAg2PYMU/qNI/i7Hkg -Wa8s4P8Y7I5s4PfC9rih2XqBaaDDOinLaZJHBEHoX3sXpQ== ------END CERTIFICATE----- diff --git a/test/data/certs/localhost-server.key b/test/data/certs/localhost-server.key deleted file mode 100644 index 88f44a68..00000000 --- a/test/data/certs/localhost-server.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQChAVR/jYDEx5Lr -drnFf+qicMkDsiYiHJf5K5sXsaJmH6wCGnXrNElHApEzhM6i+vMSLF6b87aTNaMy -IKDuF5/UaLxe9LwE9SJYv8MKaLq64f+38NhI8cOuseiclLtfgW2hRDtdLi60geyw -pmCpNY3WmaAqPBy/ZLP+UZLLQuHj7Mbe+/zSTJOvauIuQfi46L02n3menynPpPj6 -U6fR+z5gRYAAhdEMCK41UujVgoWEJ7jn9Mkj7DnqdgpWT7IkIS3oC9b63D+qAoXN -IKoNxsOv+HRKaAZ3kIT8F/n7/U4cYw/TiAVIqs7uGkCLaCh0OWMITlRxJQU7kzRo -aCzc0XL89JHOEnSOCCFkNSbPobpdK0CHNxpJ4LB/U1ctMI4Sn2XB17IgbLyTGVLZ -OQhJKIMCvbEoUpngjYygJK2FdCbkFakgP7RQHAjQ7wayJdRqfoOsUsBAAMiGoCvs -tuvYcdfBs/XTJr++0D4H2HOm7saALhmfqNVVPUIQXcm5NazeIpnwCk9LpeyVrouP -/KcI1CtK5rm5BCDfT/oK9nczTkGCSRHLp/jxzsMTNY8LD52Dj3/fy9fy+D6ifxlR -z6htTNG4FoWtwbRjaAPmX8n4GPrFcmqglmtUHQ1vs252Qyk+NDoa74kzXoLr9g2/ -gEB4I6X67eE/vIQ8Z/z7iEA+zDiGHwIDAQABAoICAAIOZ0rdvshEmD7DnGnGUXPT -pu2SJ+SFovc+tFNgJGfTfbnlJp5jY5AxmzMiPhVcyR/xSyAIw8srgzMPsZ541MS8 -tbMswv35N4AUquQGJGRgoIhz3f9IfyxK/2KIj8APghvuKCfvgA80HZa/+ToQAgi8 -m4wOintzSM01s38/Em17x6pvY3I4Iia6YbsfgpKx/kClVsNM2xbYz4k66kjHQauv -F4xqKRpTPg5WSbz4VsYyT60+thbsXGz/JvClQewuNEzjYdKAX5vHPng5M5LLeBJW -RP3ySCrcwKYLlFjAim/YYApekVq1O8FUuoBNSz74wKgJgBCV3XQ+VAwFUJVdY2+M -ZNUgXIm3WuHlxj9Bo9PeLr1v3EVmerwoIJP8P/qPE5TS4bXeRzZRWddIfloXZAOk -UQuu8Cg+Ljo+NIB/gnbp22Jq2vL7pHRz1k5nzxGj4Oy3qu8mTLgNpu37x/vnQ5Z1 -OxCLCcSUw24ufqHCwBkwEXAt2DyL/XldfVMV7Mkhsk1il5VvraygLO2deCvyx0b2 -Wt8ydzwlcHO+EIvZpOq8rp0wrrcjFbjFfnJUf6hRYYXJkBQuFKbLZGJVRJjPRioA -Wrtye5PjC2kHxe8X3VLNn1d3vMjvwW3IYYh9XhBnFx1JaAXuo2gGiN6yNoWp4CmP -9f+0vk00d+oyYmT5oH9RAoIBAQDiEa13vuRbRt1wS+CiHVzKMSk6qChGcZPvVYqe -p04Kka3UWQnB2naICk82SHF1NjXxdslgxfVTPplNYeWxa9Fi7lGXZ8t7WjO2hxMA -iDDIBsPy60KUNQR1fRloMoMAzgSN1E27R0q7GDpIttkYE5ERvxs0DGDWtNumivcp -L4i+bTXciP8qREDEKb4JS5aJ4HLXhLEz7F4a0pPN5a26zqjlD/5ww8wOnJB04Q30 -TQl2wLVvY4He2EEjekuIGEuz8bCkCGajZ2vadiuZGIvjK5d4yX9VbqNBDeCeWw7c -4Z23YOpXUaCKKVSeV+NztAN2XgD5VcZV3q8igmbBJqjuXCwZAoIBAQC2UmVcuU8s -0s2GuPlunNidbuj3Vem1Hpw3bspiMvvskNIc4FpDySe2PkCA33j23Iqhz1Jo2peg -UPSpzRdYnFuy8cbwEAInH8BN+2sdgZzTXw67FUZzpqtX9F2kX4JThpzIr4G31sXj -mIPfn10q2hovblKD81lDXzgXYNZ291ojM25b99amIzEtMd1zk0o9ElcZ9nenFqZQ -zctqi25F1Te3ZdrjbrQIrlqeqcK0jReZj2aWm6t39d03K37kfNazzF7DUP1XfN+B -iNAhPKCSqVrzxhxWA4T093EqseA+CyNYmXTyWWt6U0VkSEsMe12dvF92Di0EKMd0 -POanuNNWOQr3AoIBAH9OiStH2nz0WTsl36grdNd/+8HGdHfG+hHrUBasDKyzAPr1 -8SKzjdBqTdU50nq5PoNt61WN5Ost81K6cIkLOGzH3DaxAsvCLiD5y9+e0imydaJU -jbe8a3hmLGqbF17apYHhLqzqJtFZgWj1XyfJzQX7Yqxa1CXUz2ToGOuekxj5kz1Q -ALGiof5Vq2i8oleeh82KMegVkaD1OLrYPo9WVZI5AYYrHLyVulu3aQ5MW6n+N640 -kSwXCAeclPBdDjSVRG37NSGL2ha6OS8Lvar+H1yrzAMmPNUjpXxHtwT4IMLl1tG5 -a/ih8b8Bq1q64sBDi7TdcsVkk6eRW6Alzzf7u/ECggEAdERNMXlW/U2dFVnmbtyE -4ri0xe26sO7JTixP0ZmTwAOGijWkOnAP7A780XIxULPJkHCGrCkh4nFd5N7OEYr8 -izvV0odS6CI+XzyCzXk3Si/nU/S4Tc4unFNQWB80HBHO78fEYDkNTxuWlUeqgUY+ -xpqC8nSAKw+Q1I/DlHAewi3tJacB8kak+J5BC5AVGqcUdpEPMrWl8AecveAWvV/A -PSsuEDUriBGv5lh5uuvy7dFd6ZNyIHjgzmrla84UmOouUD3YoS8X1SIrH9bqyzxG -rQhcT5nE8vbM6x4t00MFEl4iDt5pRMPPj6juexI82/chpUZa/LkIoJ6ptLGPy/9q -dwKCAQA8W6KNjkbk36luNCw8CLZJQ8DT7ZKCjGM3sz6wY8ZKO+JVtPWq/Q74F2rH -ooClOf9+HOw/AxmfAMV9lW+epibHOXGTfs59UQ2rfXsS7sCZpMimtAQMjSQx4443 -jUh+3OqW1cTGyPxKvPPvnftwpEvTEigIJAjUQcSF9w/MjKM2M4FQBgFxcfaooh1E -+/sDBbHsGYGaXC5vfW9wMbsfhj6Un8Z+gLWR0qmpOU/RrVmXIGqoTnOt7MWrueyF -r8xDXM/qz8mCaY4pLB/AU4krBUEUBFPOC6QG7y3bSfd+mgwbsAQ7a7Qc2QhUDACY -PBk7BpRR/G/0yKuCfCA2+aCaIdpP ------END PRIVATE KEY----- diff --git a/test/data/certs/server/cert.pem b/test/data/certs/server/cert.pem new file mode 100644 index 00000000..e7c877d7 --- /dev/null +++ b/test/data/certs/server/cert.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=Example CA + Validity + Not Before: Nov 20 21:15:21 2024 GMT + Not After : Nov 20 21:15:21 2037 GMT + Subject: CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c6:33:69:67:a5:42:27:7c:dc:62:b3:5f:b3:7c: + c0:05:7a:b1:9a:33:b0:62:b0:76:8d:7a:f2:0a:82: + 97:2e:49:33:70:11:12:b7:59:9f:bf:21:f6:e3:b0: + 51:58:e6:b9:3e:fc:5e:05:46:c5:cd:dd:46:9b:45: + 77:73:d0:c8:d5:70:b7:9c:3f:2d:a2:31:a0:9a:53: + e3:24:21:9b:80:92:f9:39:20:cf:9a:73:e5:00:3e: + 65:7a:9a:a8:37:e0:96:38:e0:1a:3a:fe:89:9b:b2: + 81:34:10:16:4f:ff:91:7c:4d:bd:e3:5a:3a:b0:12: + 77:0b:53:56:ad:75:89:49:25:27:08:b9:3c:ac:48: + 07:bf:15:51:8c:4e:25:21:35:51:b5:cf:8e:c8:42: + e9:9b:46:8a:db:f3:3b:d8:13:ec:17:98:ec:f8:ce: + 89:80:14:2d:ad:a4:98:fd:be:64:c8:9e:54:eb:6a: + fc:ee:67:c7:9a:af:a3:e6:17:02:f1:26:e1:d9:29: + 6f:25:87:f2:1a:2e:f4:56:82:a6:bf:bc:3a:93:5b: + 30:e1:07:e2:47:62:e9:39:c1:d9:16:98:55:f1:3e: + 92:be:40:49:2f:2e:0b:ab:d1:72:c3:9c:ae:dd:ac: + 07:d6:92:2b:bb:34:b6:7a:e0:c8:76:af:81:90:ab: + d4:e1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Key Identifier: + 88:AC:B1:BD:03:14:22:F9:23:E2:CB:61:40:73:71:73:E6:9F:FF:C4 + X509v3 Authority Key Identifier: + 8D:05:22:3A:EF:F4:DE:43:C8:EF:6C:7C:58:8A:15:B9:83:2D:50:D4 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 36:56:de:9b:5e:2e:e7:05:e3:1f:a8:2b:f9:9d:c3:f8:d0:eb: + 4b:7a:49:a5:fe:34:ef:a8:f1:5d:3d:eb:6d:db:29:a3:f0:e9: + dd:58:e4:ac:a8:58:1e:df:98:e4:12:86:d0:94:03:44:27:f6: + e3:80:97:41:6b:e0:03:95:22:3e:43:c3:35:83:e0:e7:79:82: + c0:89:c5:4d:d0:a7:21:ac:f8:ed:d7:b5:a1:25:41:fc:68:7e: + d3:43:95:69:60:91:58:6b:fb:2e:61:9f:a0:a1:b9:0f:55:42: + 55:e3:51:42:2d:6d:da:7a:dc:e0:e1:d7:f9:8a:3d:c9:23:dc: + 08:ed:54:19:f0:89:5b:3d:1e:28:3d:d6:a9:65:1d:7f:e7:61: + 1e:62:57:27:9d:07:65:94:b6:be:67:08:71:63:18:73:c2:86: + cb:f1:7f:4f:b0:cc:74:40:3c:71:78:60:f4:71:8d:68:2c:b4: + ba:93:ec:40:c3:02:44:9c:0e:74:4a:50:a0:53:ec:04:52:1e: + e1:78:3b:a5:c0:c8:84:b9:2c:90:ff:33:d3:88:3d:4f:68:0b: + f7:0f:d9:ee:cb:f9:c0:16:42:2c:8f:6b:14:e8:fe:18:e2:40: + 55:28:6e:f5:b0:09:64:51:ad:22:da:fa:af:7f:34:08:7d:c1: + 1b:8f:78:0f +-----BEGIN CERTIFICATE----- +MIIDCzCCAfOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt +cGxlIENBMB4XDTI0MTEyMDIxMTUyMVoXDTM3MTEyMDIxMTUyMVowFDESMBAGA1UE +AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjNp +Z6VCJ3zcYrNfs3zABXqxmjOwYrB2jXryCoKXLkkzcBESt1mfvyH247BRWOa5Pvxe +BUbFzd1Gm0V3c9DI1XC3nD8tojGgmlPjJCGbgJL5OSDPmnPlAD5lepqoN+CWOOAa +Ov6Jm7KBNBAWT/+RfE2941o6sBJ3C1NWrXWJSSUnCLk8rEgHvxVRjE4lITVRtc+O +yELpm0aK2/M72BPsF5js+M6JgBQtraSY/b5kyJ5U62r87mfHmq+j5hcC8Sbh2Slv +JYfyGi70VoKmv7w6k1sw4QfiR2LpOcHZFphV8T6SvkBJLy4Lq9Fyw5yu3awH1pIr +uzS2euDIdq+BkKvU4QIDAQABo2cwZTAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAww +CgYIKwYBBQUHAwEwHQYDVR0OBBYEFIissb0DFCL5I+LLYUBzcXPmn//EMB8GA1Ud +IwQYMBaAFI0FIjrv9N5DyO9sfFiKFbmDLVDUMA0GCSqGSIb3DQEBCwUAA4IBAQA2 +Vt6bXi7nBeMfqCv5ncP40OtLekml/jTvqPFdPett2ymj8OndWOSsqFge35jkEobQ +lANEJ/bjgJdBa+ADlSI+Q8M1g+DneYLAicVN0KchrPjt17WhJUH8aH7TQ5VpYJFY +a/suYZ+gobkPVUJV41FCLW3aetzg4df5ij3JI9wI7VQZ8IlbPR4oPdapZR1/52Ee +YlcnnQdllLa+ZwhxYxhzwobL8X9PsMx0QDxxeGD0cY1oLLS6k+xAwwJEnA50SlCg +U+wEUh7heDulwMiEuSyQ/zPTiD1PaAv3D9nuy/nAFkIsj2sU6P4Y4kBVKG71sAlk +Ua0i2vqvfzQIfcEbj3gP +-----END CERTIFICATE----- diff --git a/test/data/certs/server/key.pem b/test/data/certs/server/key.pem new file mode 100644 index 00000000..770f5fdb --- /dev/null +++ b/test/data/certs/server/key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDGM2lnpUInfNxi +s1+zfMAFerGaM7BisHaNevIKgpcuSTNwERK3WZ+/IfbjsFFY5rk+/F4FRsXN3Uab +RXdz0MjVcLecPy2iMaCaU+MkIZuAkvk5IM+ac+UAPmV6mqg34JY44Bo6/ombsoE0 +EBZP/5F8Tb3jWjqwEncLU1atdYlJJScIuTysSAe/FVGMTiUhNVG1z47IQumbRorb +8zvYE+wXmOz4zomAFC2tpJj9vmTInlTravzuZ8ear6PmFwLxJuHZKW8lh/IaLvRW +gqa/vDqTWzDhB+JHYuk5wdkWmFXxPpK+QEkvLgur0XLDnK7drAfWkiu7NLZ64Mh2 +r4GQq9ThAgMBAAECggEAFMTjaTiAh6nGYFNilmjeqFRUkw+SjqzmJ2o4PdC0beW+ +zaIEX5E1M66n8/EQfSvkQozof04MwUdMNE4ht9Grke43V1ipfAMOTM24khsxc9Yy +5oEhMBKv7wga0y+sq/pNU5VsOj1dByM79cwvwl9KDAgLe20DlFrC/b1UamXUJoVe +N/QUjL/QWbgvizBzxzfzAHoxGmn3EeYohZqlmWTkLnZdtfgkW7J/kpf9ju6kc/1x +8nSE/HKJVySXRoR3SpBfDmNf0yWtRRCmsLJW8USHoNL2mcVTMlVfE0OiQ56l571a +2qVyzPh17yMoXO0hvKWSJRD2JBsYqMTKFW00OkYz7wKBgQD3jp+WQ0RIHD0MPu9y +ZziTLidX5QctSpBWaDLrheZjd7xQ+ESWo3o7Vp28Ges76Lps41QiRVvXUK6LRqDF +BGyxHcCeaQmeSVnsmc6BhAiynsWRu1uH3LoaQcsXshWkyVBvR6eVeQpGTFv+l7HS +xygX559zpT881ScqXhRct8EHbwKBgQDM9d4QBbt7vBlA3vSb41Gr9/v0ScxtT8o5 +wR0IZLk5/ngV3en7EZPN9EJLn84v/VMDTa/N0dOtRuTq9Fnv5xxt8y2voi0CuqyE +60e9GIgNIg8cPXo3gDP3jujQEgBHA4nEQff764xH24Np/eYs5OglSlQsEhxKEXnq +p7OqneRArwKBgDdFOIwr6IrRAzBAvOUl9pOlslMFZ1zNUPx5tySueImsqfbJ90ZK +qXemFwFwJ/zwMO8ushIUujSQZufhlPNn0XyZz++OM/+LEPCqRljUSbzXhfTLh9wF +g+do2RcpQ3vPFo5ByUCuDYU0dzWYWLNek60Coa8ILd4/GMd0yccJn6cxAoGAQvLA +wV0N+4Hagd0R62WaRODw1L/SXZZliO3ybM5xzma3lPTyu8bnD6wMh6VAdV564iZb +GZDDYuM4XSLJydok6Ck5sBf6Odz+A0DTIwpDTn7kjqXqKPzgfKmalHR80LVwJ8Ig +nZI4NTSXvWRo7hsrVRrtWaPkx7DjsOlsf3uplhMCgYBAalEynfeSgtQtudgVeyPb +d2kUjtUQrtSRAM8T+93JtpxHD8Yl2Qmb0gs7zanKit6zdVPPcMy2Ojmxj/jMRUrd +9MwOd+9/93u3m2xFce1KEByXojzwZ8IM53sq2njEvl2UdX+oKjQcA5zFp2Y/bRpY +iPMUN4e5HNR+6mIrFCtl+A== +-----END PRIVATE KEY----- diff --git a/test/data/certs/server/request.csr b/test/data/certs/server/request.csr new file mode 100644 index 00000000..e01ba948 --- /dev/null +++ b/test/data/certs/server/request.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAxjNpZ6VCJ3zcYrNfs3zABXqxmjOwYrB2jXryCoKX +LkkzcBESt1mfvyH247BRWOa5PvxeBUbFzd1Gm0V3c9DI1XC3nD8tojGgmlPjJCGb +gJL5OSDPmnPlAD5lepqoN+CWOOAaOv6Jm7KBNBAWT/+RfE2941o6sBJ3C1NWrXWJ +SSUnCLk8rEgHvxVRjE4lITVRtc+OyELpm0aK2/M72BPsF5js+M6JgBQtraSY/b5k +yJ5U62r87mfHmq+j5hcC8Sbh2SlvJYfyGi70VoKmv7w6k1sw4QfiR2LpOcHZFphV +8T6SvkBJLy4Lq9Fyw5yu3awH1pIruzS2euDIdq+BkKvU4QIDAQABoAAwDQYJKoZI +hvcNAQELBQADggEBACklk1SiIdpFt7KPqWdgPcCfo7dPGPmmPlbY/0Ji7/1U7AHz +boERH+0axurbaUTsJtAvjCxtM3R7LmKE+4vMho+2vsUnYJ1j6Dyx0CVjdCLKPhRA +HxU0hnvy3gP+45Jsx1lPv0hTjiGP4N0XC6kzfBrIGaScbgUIsG/AbdLTn7vEaQK3 +2j/+Omnv+j0kvRNprgoVKlkO+CvLUJMmPHPIBKKzaH+hfMdIAHhSCjHSecsokbPe +0habv1RiMsOx8A5os0e7WR98u+k/VQy9q8kXnTgIvPzIZQo2QMYU0nCB8p3y7+wx +Bazv3R9IO8sVKuBF5joefmXZprWTTw2e4EOkeqI= +-----END CERTIFICATE REQUEST----- diff --git a/test/data/certs/test-ca.crt b/test/data/certs/test-ca.crt deleted file mode 100644 index e4852da6..00000000 --- a/test/data/certs/test-ca.crt +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFbTCCA1WgAwIBAgIUfmIUyNZnBGs3PDW2fDd/l1PID0UwDQYJKoZIhvcNAQEL -BQAwRTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQKDAtFeGFtcGxl -LmNvbTETMBEGA1UEAwwKRXhhbXBsZSBDQTAgFw0yNDEwMjMxMzAzNDNaGA8yMDUy -MDMwOTEzMDM0M1owRTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQK -DAtFeGFtcGxlLmNvbTETMBEGA1UEAwwKRXhhbXBsZSBDQTCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAI9FWBUReh4Kg/Mz1WrdKn9fJGuDVFzSWQ2mGt3Z -WjEkICRwKS4KaiO+oO/DgUaWb7/cAx3nlhmpRBcsE+eqpdsYlTpo5o0+NwLPR31U -4a0Tjsjcc9MYUO/YNnqSNuncZUDHxL34Nrha4Czf4nGWtHuDJT5sNkdbOb5KocWC -jO7Nx+wWCJVrranAoZ7RDQjA+A/n8i5TLg9SykGpbDomqMviXpzzpBYnqvBgf4sD -3DlWdFoz9H3LdZmUHTirsRRNVMrB6qB+f/nkAsMu8+oWhAbS9leY7aZe3ULTkhHm -5mprHnsbgFdJgV1thE7Hcu7X0CPNOe+zCny8XNDt92g6vu5nKy+/rLn7Jmc0allg -Hub4ALvWbgmNQDdk6eqWqKxebmsBUlj6yw0Ayn2n//M67YD79jrz8zUu2hb8ajbN -sOfzw0cDUz/gBcC7I16j4D4I4LTuj9VDd7pFDXuupYjOC7RVCHe5MDHNyrLdv2x6 -niM8cPzzfpz65YG6FiN/bPpAjTbvuxs8vFYd3hmSQRrD1BQWWk4m2dMbc9LEDGIE -KxUJw7QWezHEebYhswVFlDN+DIYiva4K/sUZMa6GiEhNrZPgmHmzFNRciHJtGCIe -8O3roIqiECs+a+JADlzxBn4DDk/W896Jm0UYTEFpzrH0h4U0wlN7+UI2xNkngFe1 -W4kfAgMBAAGjUzBRMB0GA1UdDgQWBBSfPyjeQ5ixJhwI/oGbi8+4REk3aTAfBgNV -HSMEGDAWgBSfPyjeQ5ixJhwI/oGbi8+4REk3aTAPBgNVHRMBAf8EBTADAQH/MA0G -CSqGSIb3DQEBCwUAA4ICAQBTGQXFh1Bdwex4xgqRpCPW5Rl7jfcnzCObRUXDjS6j -UC+2YMu7U3kA7MOQoCGUHHRsaFQbziFdJv1vpLDI7/kd1QV4g9jTQVeOIE22mpV0 -zR298FFz8bt9H9FCcF4of1bF1Qttrlt7DuIWRe+IPCLs23wPIR0jqD5WnErwd2V7 -LkVZxeXkizjTAslS4DPb5ZhvpJ8QeDWumVZu5WS896HAhUouavnCbXBR3MnmTwqB -v7I6EhpGe218Mw5FKbnng4LdA+cgocl0NRg8712Iz6o1cf+v457M+pilWU1ZuUl3 -h6E7VqSZ/RTWEVTGd9EJRsFBBzMmOIkK2z0wyddEFXvomBOdwmGIGs8YnjK7ZF36 -9oEIF/mBF8bNeIcOqzURsKIFHdJZB0juSgKhIeb3WKd6DSnoa+cx59/kfg+xSYrK -IfJYwIX0x4xtvfdXq4OFa4XFh1p0pvtwkaBctOrJt4sQIsmFwGbQzxANVsc0Rtjc -B2aEtEHF5s5Z9EQL1STQSbUuYWpACbnAflzHtrZIFxmKZxgmjLQs8x4mIrMy2gFY -I3wMx3BimIrL6nGPGUApYcb5V45Yf1lMJUmu2/nRIAA/IZP03S7QBjhiOAduw9rq -Pzm5vrxfK3o8doLPz2omJfRyyr5ClYBOlthS0htNS21XSuh0sBYaDPJVRp07dWzR -jQ== ------END CERTIFICATE----- diff --git a/test/data/certs/test-ca.key b/test/data/certs/test-ca.key deleted file mode 100644 index 8be66b86..00000000 --- a/test/data/certs/test-ca.key +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIJpDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQOxW0fGTkM6tmk3dq -t1X9lgICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIuCORh6w1b9wEgglI -uIBIC7MrSwHTgWyRgoROC8Rj8hl2Djg93JcoGPBw3C//nnjIwFf1PRLtpIORK5bX -WEKeW+FDOyzA4IKBiDNEg/YQXMOwg3ZwIZPUqsVY/ql3lBLWdV0cMWvYUcg1H3Lm -zQfI+dQM9aVzDsWJyAgx5j1xsKpK8DrGOVUaqdCPbLSwqccn9vExieiZRuHvscwt -kkxU9hsR3qGDQV1sRaiRXkA2woShV6R/cvMNmvCJfQ3uZS8FbSxVKHrnxKmUjSEN -2vGLtRiIE+R1I5dZ32Cl5awm7GOdGjBagNKqnhTILyDAVDfG6alhrVhz5Reyq15/ -O5fhm+9oZ6EsG3/rz9JJNyHzWn5ifyeYNYfKqWkKmSXZ2wPJZRnogUHh5PYEbK7f -Z1cUJjzpcN8jjab9gkBhYiZws0iBHYd8n4ywisSBZejQL61UYz+rokWw3PaoJH2i -AwKo3Wvo5+ihxZcdV1U6n+FQyq0CR6ZtBxAtjDDW2V9qMwvBXBhwNAUMRL6lMkGu -42Ubq8ivlg34078UCGWaI/IM/N/gLXKBoDavSNvV9C9GTg7MKXWk/Js3vfbW9WZD -RXVRQV0q/YaKWEZaWhHc7eOQMF9t3+kV92vuNixggOjy11oJpzJWENihkL2Z/OJn -o49CU1YAtiTfZiILK1wS8c1rbv2U/wODvKL5Dv0sI2N/8wwDM2JwftCGbxVz5V5S -huOtX3DXUVL89Jw+7Njo+JhgLH5Xx714w8PkHpwmbgtcbBi/eAyVyxrJeGA6HxwV -a5f8cfxmYQNN1vPOv9VzCIFEcky14p/lpttEXFKHpA6sk1Ed3DOtTj3jglVamYeh -G0RCpFginNfyHBtLQHE7LpwM69F6PNrzhh5mS7+almZy46nSFUEbtrpROgu1U9cK -Kj2BctHnlOYlIfELtwQVaC/iUbq622yuZLWHhuu6xmkN9xxknWs0CexGDlROBx/W -bGGoJLiXwo8kFINxw5UtlQJ/52NNvx4dsf/f93P0opY8oG+tw6sJ77Gs+oSuXbiE -dqS/HwLtwfYPX4pSMpSeVT1Z8Z5OIvJlwINszRJr/zNCSL5+nqvVCrl8tNmYPrx0 -bCfmwrtD4ulwo1IwGi1EKlIQh4izjvpND1fLtu57OnsmIF0/jeXOMYysPLPKyOXT -a9LJUW1vEyIDSPGYdQW8NoTr4+Dc7WwzMBEbdFR1jTuf7TTDFLLBevRFkzx3fwCn -ugJS/vvsw5khGXp5rK4cJWLnBSuyxGos44WDpEvHTdIImSfKU4os+C9qBwhrnkBC -rFqrOmNxEuP7yF9rSj1vCBtpwlmZ4N5GKb7gcrJ3EPFu0aUkkF9HV20RLxlewOru -IIEzEKkRmTFyRCdI8IbjIzYTZUZq3Pf3I5hejPtCHOiW8dkJjONyvS0Gr9Ybs77S -glxx0b+GReAs3IokAt3aW/MLSJlOQnc7ez94YLor82uCBg2s65e6cnl8nW9nLudT -3gZ8UrBHhr4VuI9q0ghBp/J794VNl2idTjTO3shSTj+0Lyz1klZQ40/vU964JEdo -qScP5EyJysuZUepx4FkL+7WozbCxoTnoxkrXKkfEMlQnkGbb08h4NIxpW8+vICBb -gqyQZqqz42+4WIaxh1ZZD0W8KwpzmNZrMGzG+4jhe+ZyyEotDvSDyQUxzsYErX4A -ANKqA6BGtHEpfzjnofTpGhKo8pUvfbwGpehchNzGpm2JC1Qw7XD4D03fi2sZHhMH -s8xOF+ggihqj4nQxe5rqoyjwyXkaieNafF/6/aIkFb63B5muugn5Zklh3dyqnHZd -BxFmKjqhh4gZOByBS2ARxip4BN5/UEFqX8S8qYqzhUsJoBjVJVP0+Jt6VKxlfH6j -DmJ58s0udD6HV6/tjf/bW4Q2GStQwtw6Qurw2DQhXq5F+3oCsnrQZWoEiX3a3rs/ -83gNJ88FpcXz48NDHyPud9ZnKU48NAQuOHcxqAYNNHcxq1Y7GSBT9N6mAbu7ncwB -htYA20FcNkXcfxaAO1e9oXes5pIf0eXNVyTbgN6GT0qE+4oAPTAoRb1guyIqRCHR -optiouwNOdv6rYxDyjzfDvWb89pRwixExz+duyAqxor5Lue41ctr9AVKRw+2ZrIU -qHjA1/mXGjNX4MedtwHkYld9igETlmWPAFLgGkYgiWHRyQg0mnVHJUue+7dczmxz -w2NkCjUcLEOlj46OIv1l7b2A5mbksFodlQbf7byFiLRYEgQWbNCOhGaObjIubgjM -h2AC9lLDYGIfW80p77eaRTEWypNcLu7BpW9egUHDHizWi4lI8RzCmiY99dBAY4QG -6pUPMecX8ElFn26DxMmmb72mCWBSbTXc4va5JGjiR0g3xtyRTyGOHJey4uI2CAjG -fbRcXSkyfhLvrFhYUwSbDV3k3NeKjSPSQyDBdj0+ym1/e5seHAc7lc5MafpKOENO -bEvzzPt60Zxv+dt34zaLM4Fm8FI+XRzm1IzKCxntvM804GbINTHPRbTbKhfVBKfS -/auuaXUNkvAc3HPuvBwatqL7DkaTUlXAQSDYxnWOoN7a2dZiXEwtTuTY3Yu3+gih -eLFpGLOT6G14Q3GtZlygqISYcwE7vy2T1OMlAPpao6o2N3GQvqI/kZh6ex+MD4aF -/22kjUSjf0rzBEDuwNCuCiT38oV9QCv3qqB/ciLiGRCmEvtsI/wOPc0uGEjDSfDG -P6zHoLbnVbzWJjfTB/CHZiNShxSVgte4Vv+IZFWVchRRzI83fMyyqxJmBlqAQPnX -gdgQlksqtxa+ihTi1h0GygZY536/B0GEQqGYx4VWbgpA4vZhWYwLZGUaqHf9ORYs -6A/wSH0vaFoal0rVQYqEh1TcTDUU9784MmWKtNjVJzhJqX1r4OQY7BYB8KLL4AmZ -xpihWPo07qu4NlsIeOeVarM+F8MDfW9BUm9ixUjfyxL6PKWQ0sItDegtf9vEJyz+ -3dOHbnHopftK0nDp+arQuip+bQaGXsKBrohf8MZzjVWegXqZd5eRx07gVfjqalSA -Op3P9yZVygZ3KtiKZjpppX0I8buatUgSnYT6yDbocbayfucZJA+28t7w01YZGVeZ -iu99XkTwqyO/c2vapcJi9R6ERwtOKjdhyQu94T13Q94seezYPQ5GgPl/4/v4wH4H -dMdS0MZ7dwa4ZNQeUxzOV3aEbiA763Oo ------END ENCRYPTED PRIVATE KEY----- diff --git a/test/mod/test_testutil_net.py b/test/mod/test_testutil_net.py index beb2f159..4c56f265 100644 --- a/test/mod/test_testutil_net.py +++ b/test/mod/test_testutil_net.py @@ -44,15 +44,15 @@ def test_https_serve_directory_mtls_smoke(tmp_path): "file1": "file1 content", }) cert_dir = pathlib.Path(__file__).parent.parent / "data/certs" - cacert = cert_dir / "test-ca.crt" + cacert = cert_dir / "ca/cert.pem" assert cacert.exists() - servercert = cert_dir / "localhost-server.crt" + servercert = cert_dir / "server/cert.pem" assert servercert.exists() - serverkey = cert_dir / "localhost-server.key" + serverkey = cert_dir / "server/key.pem" assert serverkey.exists() - clientcert = cert_dir / "client1-client.crt" + clientcert = cert_dir / "client/cert.pem" assert clientcert.exists() - clientkey = cert_dir / "client1-client.key" + clientkey = cert_dir / "client/key.pem" assert clientkey.exists() with https_serve_directory_mtls(tmp_path, cacert, servercert, serverkey) as httpd: