new CAs, removed bad CA, namespaces added

diff --git a/test/bad-ca/bad.cert b/test/bad-ca/bad.cert
deleted file mode 100644 (file)
index f7c2fdf..0000000
--- a/test/bad-ca/bad.cert
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC3TCCAkagAwIBAgIBADANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVRzEP
-MA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4
-YXRpb24xEzARBgNVBAMTCnRoZSBiYWQgY2EwHhcNMDkwNjEwMDg1MTE0WhcNMzIw
-NjA0MDg1MTE0WjBZMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYD
-VQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xEzARBgNVBAMTCnRoZSBi
-YWQgY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOnSGYPzR4XyUwMrwk7U
-u10TVyfQPd5uhXK8uLdERC/shNQ/qBH6HtmgiiCm7GCB40bkJgp3mmJ+HWN4JOGe
-e1UW5tgsc2e2ODF8GJNkcmdqcpkZ3/vbA3tQx2LmNtAEcgsnkiY+MtYCTS+xbirL
-YgAYNV2TYLymSSGwvcjUGkodAgMBAAGjgbQwgbEwHQYDVR0OBBYEFGDsw1knQ14E
-I51ZkTfhgsF9J3SQMIGBBgNVHSMEejB4gBRg7MNZJ0NeBCOdWZE34YLBfSd0kKFd
-pFswWTELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRv
-cGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRMwEQYDVQQDEwp0aGUgYmFkIGNhggEA
-MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAxRcla6HVYf9lhOipnNua
-QP1HjmJ9CUygBTdczSM2NGnwvC7pTIV01tRsbsOxvRqUM3iZIv/XX3Bkjuww47YV
-eon/S55B4VQIFKIq4VWI9ZALyb/QlKhO2CLxgAJ7LNgnSBsmhKx9WL/st+WSRPgs
-yCCnlgIh1ZZY8jsgaRNDiJg=
------END CERTIFICATE-----

diff --git a/test/bad-ca/bad.namespaces b/test/bad-ca/bad.namespaces
deleted file mode 100644 (file)
index 587b01f..0000000
--- a/test/bad-ca/bad.namespaces
+++ /dev/null
@@ -1,3 +0,0 @@
-# Namespace for the the bad ca
-TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad ca"   PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"
- 

diff --git a/test/bad-ca/bad.priv b/test/bad-ca/bad.priv
deleted file mode 100644 (file)
index 79b06b5..0000000
--- a/test/bad-ca/bad.priv
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDp0hmD80eF8lMDK8JO1LtdE1cn0D3eboVyvLi3REQv7ITUP6gR
-+h7ZoIogpuxggeNG5CYKd5pifh1jeCThnntVFubYLHNntjgxfBiTZHJnanKZGd/7
-2wN7UMdi5jbQBHILJ5ImPjLWAk0vsW4qy2IAGDVdk2C8pkkhsL3I1BpKHQIDAQAB
-AoGBAMDZNYw8CeCzNb5myBNGp+Yjfn3q5ixgEZbJirw1BNxWAlQg0JlLJ0itfV9i
-7ZDHcFHW+H0nmmDjzY9t11Vy5hp7a47ssqBEeQXpyXI+YRwc5jIW2ThaZNlMiPVm
-HfpiyNlftswNEjjpQ0nAqp3LFldbonHJI+a687O0AXSWmJUNAkEA+TlOJmhmD0u6
-AL1EqjCH9AnAgQCbmgDlQ+7bOxXsUvHJ82kYL/nB+Kq08ZC3ZuWYtv0kiHwEpANO
-qqewmyGYqwJBAPAtlR+w6XRzJSj2DyfkNajM1Gyo4HdufDjydKSqqipI0WfW/S+s
-NUEZHlgCoHx7rB/PdV49nHINTPmMkxreOFcCQEJ1KYXMaQrDIsJ3tgu8DUTiJNdB
-ljym6HwJAaTr36zulO+3op+IdlUdEEsqT/28U9DYCBntGD+0MhIHzWxQtSkCQCkt
-Z3e7eQsCAsj3BrosIhcCpxjKC1Hum1WYG+9vYyVEvsIy1c2qlKbIi69DJAizm1sI
-0nKJ1ZyoMx5Fv6LHnpkCQQD08QwHsVRycgd44wbd6nTJ4NCrk6kZ7NBVkz8k5tcl
-nwDtFEJV/zdL2Hr2JTW6yOlO452Q+Z/oq1NFhm42YIEx
------END RSA PRIVATE KEY-----

diff --git a/test/bad-ca/ca_conf.cnf b/test/bad-ca/ca_conf.cnf
deleted file mode 100644 (file)
index cc85df0..0000000
--- a/test/bad-ca/ca_conf.cnf
+++ /dev/null
@@ -1,62 +0,0 @@
-[ca]\r
-default_ca = CA_default\r
-\r
-[CA_default]\r
-dir = $ENV::CA_DIR\r
-database = $dir/index.txt\r
-serial = $dir/serial.txt\r
-default_md = sha1\r
-\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
-\r
-policy = policy_any\r
-\r
-[policy_any]\r
-countryName            = supplied\r
-stateOrProvinceName    = optional\r
-localityName           = optional\r
-organizationName       = optional\r
-organizationalUnitName = optional\r
-commonName             = supplied\r
-emailAddress           = optional\r
-serialNumber           = optional\r
-userId                 = optional\r
-\r
-[ ca_cert ]\r
-basicConstraints=CA:TRUE\r
-\r
-\r
-[ ca_server ]\r
-# This is OK for an SSL server.\r
-nsCertType                     = server\r
-nsComment                      = "OpenSSL Generated Server Certificate"\r
-\r
-# For an object signing certificate this would be used.\r
-# nsCertType = objsign\r
-\r
-[ ca_client ]\r
-# For normal client use this is typical\r
-nsCertType = client, email\r
-nsComment                      = "OpenSSL Generated Client Certificate"\r
-\r
-[ ca_clientserver ]\r
-# For normal client use this is typical\r
-nsCertType = server, client, email\r
-nsComment                      = "OpenSSL Generated Client Server Certificate"\r
-\r
-# and for everything including object signing:\r
-# nsCertType = client, email, objsign\r
-\r
-[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment\r
-\r
-# This will be displayed in Netscape's comment listbox.\r
-nsComment                      = "OpenSSL Generated Client Certificate with Flags"\r
-\r
-[ ca_none ]\r
-nsComment                      = "OpenSSL Generated Client Certificate with Flags"\r
-\r
-[ proxy_none ]\r
-keyUsage=critical,digitalSignature,keyEncipherment\r

diff --git a/test/bad-ca/ca_proxy_conf.cnf b/test/bad-ca/ca_proxy_conf.cnf
deleted file mode 100644 (file)
index 465a9a0..0000000
--- a/test/bad-ca/ca_proxy_conf.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
-[ca]\r
-default_ca = CA_default\r
-\r
-[CA_default]\r
-dir = $ENV::CA_DIR\r
-database = $dir/index_proxy.txt\r
-serial = $dir/serial_proxy.txt\r
-\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
-\r
-policy = policy_any\r
-\r
-[policy_any]\r
-countryName            = supplied\r
-stateOrProvinceName    = optional\r
-localityName           = optional\r
-organizationName       = optional\r
-organizationalUnitName = optional\r
-commonName             = supplied\r
-emailAddress           = optional\r
-\r
-[ ca_cert ]\r
-basicConstraints=CA:TRUE\r
-\r
-[ proxy_none ]\r
-\r

diff --git a/test/bad-ca/index.txt b/test/bad-ca/index.txt
deleted file mode 100644 (file)
index d3c107d..0000000
--- a/test/bad-ca/index.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-V      370320130933Z           123456  unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=hahkala
-V      370320130933Z           123457  unknown /C=UG/L=Tropic/O=Utopia/OU=Chillin/CN=bad policy client
-V      370320130933Z           123458  unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=bad future client
-V      370320130933Z           123459  unknown /C=UG/L=Tropic/O=Utopia/OU=Chillin/CN=pchip10
-R      370320130933Z   091102130933Z   12345A  unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=pchip10
-V      091101130934Z           12345B  unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=pchip10

diff --git a/test/bad-ca/req_conf.cnf b/test/bad-ca/req_conf.cnf
deleted file mode 100644 (file)
index 7c30db9..0000000
--- a/test/bad-ca/req_conf.cnf
+++ /dev/null
@@ -1,33 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-#emailAddress                   = Email Address\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/bad-ca/req_conf_future.cnf b/test/bad-ca/req_conf_future.cnf
deleted file mode 100644 (file)
index a0042a4..0000000
--- a/test/bad-ca/req_conf_future.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-#userId                         = testuserid\r
-\r
-#emailAddress                   = Email Address\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/bad-ca/req_conf_policy.cnf b/test/bad-ca/req_conf_policy.cnf
deleted file mode 100644 (file)
index 20c593b..0000000
--- a/test/bad-ca/req_conf_policy.cnf
+++ /dev/null
@@ -1,33 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Chillin\r
-\r
-commonName                     = $ENV::CN\r
-\r
-#emailAddress                   = test@home.org\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/bad-ca/req_proxy_conf.cnf b/test/bad-ca/req_proxy_conf.cnf
deleted file mode 100644 (file)
index 61a1812..0000000
--- a/test/bad-ca/req_proxy_conf.cnf
+++ /dev/null
@@ -1,46 +0,0 @@
-[ca]
-default_ca = CA_default
-
-[CA_default]
-dir = $ENV::CA_DIR
-database = $dir/index.txt
-serial = $dir/serial.txt
-
-certificate = $dir/$ENV::CATYPE.cert
-private_key = $dir/$ENV::CATYPE.priv
-
-[ req ]
-
-default_bits           = 1024
-default_keyfile        = keyfile.pem
-distinguished_name     = req_distinguished_name
-attributes             = req_attributes
-prompt                 = no
-output_password        = $ENV::PASSWORD
-# ca_cert                   = CA_cert
-
-[ req_distinguished_name ]
-
-countryName                    = UG
-
-#stateOrProvinceName          = South area
-
-localityName                   = Tropic
-
-organizationName                      = Utopia
-
-organizationalUnitName         = Relaxation
-
-0.commonName                     = $ENV::CN
-
-1.commonName                     = $ENV::PROXYNAME
-
-#emailAddress                   = Email Address
-
-[ req_attributes ]
-
-[ CA_cert]
-
-basicConstraints = CA:true
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always

diff --git a/test/bad-ca/req_proxy_proxy_conf.cnf b/test/bad-ca/req_proxy_proxy_conf.cnf
deleted file mode 100644 (file)
index f95b0ca..0000000
--- a/test/bad-ca/req_proxy_proxy_conf.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]
-default_bits           = 1024
-default_keyfile        = keyfile.pem
-distinguished_name     = req_distinguished_name
-attributes             = req_attributes
-prompt                 = no
-output_password        = $ENV::PASSWORD
-ca_cert                     = CA_cert
-
-[ req_distinguished_name ]
-countryName                    = UG
-
-#stateOrProvinceName          = South area
-
-localityName                   = Tropic
-
-organizationName                      = Utopia
-
-organizationalUnitName         = Relaxation
-
-0.commonName                     = $ENV::CN
-
-1.commonName                     = $ENV::PROXYNAME
-
-2.commonName                     = $ENV::PROXYNAME
- 
-#emailAddress                   = Email Address
-
-[ req_attributes ]
-#challengePassword              = $ENV::PASSWORD
-
-[ CA_cert]
-basicConstraints = CA:true
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always

diff --git a/test/bad-ca/serial.txt b/test/bad-ca/serial.txt
deleted file mode 100644 (file)
index e8a76ce..0000000
--- a/test/bad-ca/serial.txt
+++ /dev/null
@@ -1 +0,0 @@
-12345C

diff --git a/test/big-ca/big.namespaces b/test/big-ca/big.namespaces
new file mode 100644 (file)
index 0000000..f8f7907
--- /dev/null
+++ b/test/big-ca/big.namespaces
@@ -0,0 +1,3 @@
+# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the big CA"
+TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the big CA"   PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"
+ 

diff --git a/test/bad-ca/bad.signing_policy b/test/big-ca/big.signing_policy
similarity index 63%
rename from test/bad-ca/bad.signing_policy
rename to test/big-ca/big.signing_policy
index 608c681..2794ff0 100644 (file)
--- a/test/bad-ca/bad.signing_policy
+++ b/test/big-ca/big.signing_policy
@@ -1,4 +1,4 @@
-# Signing policy file for the the bad ca
-access_id_CA            X509    '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad ca'
+# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the big CA"
+access_id_CA            X509    '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the big CA'
 pos_rights              globus  CA:sign
 cond_subjects           globus  '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"'

diff --git a/test/big-ca/ca_conf.cnf b/test/big-ca/ca_conf.cnf
deleted file mode 100644 (file)
index cc85df0..0000000
--- a/test/big-ca/ca_conf.cnf
+++ /dev/null
@@ -1,62 +0,0 @@
-[ca]\r
-default_ca = CA_default\r
-\r
-[CA_default]\r
-dir = $ENV::CA_DIR\r
-database = $dir/index.txt\r
-serial = $dir/serial.txt\r
-default_md = sha1\r
-\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
-\r
-policy = policy_any\r
-\r
-[policy_any]\r
-countryName            = supplied\r
-stateOrProvinceName    = optional\r
-localityName           = optional\r
-organizationName       = optional\r
-organizationalUnitName = optional\r
-commonName             = supplied\r
-emailAddress           = optional\r
-serialNumber           = optional\r
-userId                 = optional\r
-\r
-[ ca_cert ]\r
-basicConstraints=CA:TRUE\r
-\r
-\r
-[ ca_server ]\r
-# This is OK for an SSL server.\r
-nsCertType                     = server\r
-nsComment                      = "OpenSSL Generated Server Certificate"\r
-\r
-# For an object signing certificate this would be used.\r
-# nsCertType = objsign\r
-\r
-[ ca_client ]\r
-# For normal client use this is typical\r
-nsCertType = client, email\r
-nsComment                      = "OpenSSL Generated Client Certificate"\r
-\r
-[ ca_clientserver ]\r
-# For normal client use this is typical\r
-nsCertType = server, client, email\r
-nsComment                      = "OpenSSL Generated Client Server Certificate"\r
-\r
-# and for everything including object signing:\r
-# nsCertType = client, email, objsign\r
-\r
-[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment\r
-\r
-# This will be displayed in Netscape's comment listbox.\r
-nsComment                      = "OpenSSL Generated Client Certificate with Flags"\r
-\r
-[ ca_none ]\r
-nsComment                      = "OpenSSL Generated Client Certificate with Flags"\r
-\r
-[ proxy_none ]\r
-keyUsage=critical,digitalSignature,keyEncipherment\r

diff --git a/test/big-ca/ca_proxy_conf.cnf b/test/big-ca/ca_proxy_conf.cnf
deleted file mode 100644 (file)
index 465a9a0..0000000
--- a/test/big-ca/ca_proxy_conf.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
-[ca]\r
-default_ca = CA_default\r
-\r
-[CA_default]\r
-dir = $ENV::CA_DIR\r
-database = $dir/index_proxy.txt\r
-serial = $dir/serial_proxy.txt\r
-\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
-\r
-policy = policy_any\r
-\r
-[policy_any]\r
-countryName            = supplied\r
-stateOrProvinceName    = optional\r
-localityName           = optional\r
-organizationName       = optional\r
-organizationalUnitName = optional\r
-commonName             = supplied\r
-emailAddress           = optional\r
-\r
-[ ca_cert ]\r
-basicConstraints=CA:TRUE\r
-\r
-[ proxy_none ]\r
-\r

diff --git a/test/big-ca/req_conf_email.cnf b/test/big-ca/req_conf_email.cnf
deleted file mode 100644 (file)
index fdcd280..0000000
--- a/test/big-ca/req_conf_email.cnf
+++ /dev/null
@@ -1,33 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-emailAddress                   = test@home.org\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/big-ca/req_conf_sn.cnf b/test/big-ca/req_conf_sn.cnf
deleted file mode 100644 (file)
index 8eb3308..0000000
--- a/test/big-ca/req_conf_sn.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-#emailAddress                   = Email Address\r
-\r
-serialNumber                   = 12341324\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/big-ca/req_conf_uid.cnf b/test/big-ca/req_conf_uid.cnf
deleted file mode 100644 (file)
index 8b2092e..0000000
--- a/test/big-ca/req_conf_uid.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-userId                         = testuserid\r
-\r
-#emailAddress                   = Email Address\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/big-ca/req_proxy_conf.cnf b/test/big-ca/req_proxy_conf.cnf
deleted file mode 100644 (file)
index 61a1812..0000000
--- a/test/big-ca/req_proxy_conf.cnf
+++ /dev/null
@@ -1,46 +0,0 @@
-[ca]
-default_ca = CA_default
-
-[CA_default]
-dir = $ENV::CA_DIR
-database = $dir/index.txt
-serial = $dir/serial.txt
-
-certificate = $dir/$ENV::CATYPE.cert
-private_key = $dir/$ENV::CATYPE.priv
-
-[ req ]
-
-default_bits           = 1024
-default_keyfile        = keyfile.pem
-distinguished_name     = req_distinguished_name
-attributes             = req_attributes
-prompt                 = no
-output_password        = $ENV::PASSWORD
-# ca_cert                   = CA_cert
-
-[ req_distinguished_name ]
-
-countryName                    = UG
-
-#stateOrProvinceName          = South area
-
-localityName                   = Tropic
-
-organizationName                      = Utopia
-
-organizationalUnitName         = Relaxation
-
-0.commonName                     = $ENV::CN
-
-1.commonName                     = $ENV::PROXYNAME
-
-#emailAddress                   = Email Address
-
-[ req_attributes ]
-
-[ CA_cert]
-
-basicConstraints = CA:true
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always

diff --git a/test/big-ca/req_proxy_proxy_conf.cnf b/test/big-ca/req_proxy_proxy_conf.cnf
deleted file mode 100644 (file)
index f95b0ca..0000000
--- a/test/big-ca/req_proxy_proxy_conf.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]
-default_bits           = 1024
-default_keyfile        = keyfile.pem
-distinguished_name     = req_distinguished_name
-attributes             = req_attributes
-prompt                 = no
-output_password        = $ENV::PASSWORD
-ca_cert                     = CA_cert
-
-[ req_distinguished_name ]
-countryName                    = UG
-
-#stateOrProvinceName          = South area
-
-localityName                   = Tropic
-
-organizationName                      = Utopia
-
-organizationalUnitName         = Relaxation
-
-0.commonName                     = $ENV::CN
-
-1.commonName                     = $ENV::PROXYNAME
-
-2.commonName                     = $ENV::PROXYNAME
- 
-#emailAddress                   = Email Address
-
-[ req_attributes ]
-#challengePassword              = $ENV::PASSWORD
-
-[ CA_cert]
-basicConstraints = CA:true
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always

diff --git a/test/expired-ca/ca_conf.cnf b/test/expired-ca/ca_conf.cnf
deleted file mode 100644 (file)
index a36254e..0000000
--- a/test/expired-ca/ca_conf.cnf
+++ /dev/null
@@ -1,62 +0,0 @@
-[ca]\r
-default_ca = CA_default\r
-\r
-[CA_default]\r
-dir = $ENV::CA_DIR\r
-database = $dir/index.txt\r
-serial = $dir/serial.txt\r
-default_md = sha1\r
-\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
-\r
-policy = policy_any\r
-\r
-[policy_any]\r
-countryName            = supplied\r
-stateOrProvinceName    = optional\r
-localityName           = optional\r
-organizationName       = optional\r
-organizationalUnitName = optional\r
-commonName             = supplied\r
-serialNumber           = optional\r
-userId                 = optional\r
-emailAddress           = optional\r
-\r
-[ ca_cert ]\r
-basicConstraints=CA:TRUE\r
-\r
-\r
-[ ca_server ]\r
-# This is OK for an SSL server.\r
-nsCertType                     = server\r
-nsComment                      = "OpenSSL Generated Server Certificate"\r
-\r
-# For an object signing certificate this would be used.\r
-# nsCertType = objsign\r
-\r
-[ ca_client ]\r
-# For normal client use this is typical\r
-nsCertType = client, email\r
-nsComment                      = "OpenSSL Generated Client Certificate"\r
-\r
-[ ca_clientserver ]\r
-# For normal client use this is typical\r
-nsCertType = server, client, email\r
-nsComment                      = "OpenSSL Generated Client Server Certificate"\r
-\r
-# and for everything including object signing:\r
-# nsCertType = client, email, objsign\r
-\r
-[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment\r
-\r
-# This will be displayed in Netscape's comment listbox.\r
-nsComment                      = "OpenSSL Generated Client Certificate with Flags"\r
-\r
-[ ca_none ]\r
-nsComment                      = "OpenSSL Generated Client Certificate with Flags"\r
-\r
-[ proxy_none ]\r
-keyUsage=critical,digitalSignature,keyEncipherment\r

diff --git a/test/expired-ca/ca_proxy_conf.cnf b/test/expired-ca/ca_proxy_conf.cnf
deleted file mode 100644 (file)
index 465a9a0..0000000
--- a/test/expired-ca/ca_proxy_conf.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
-[ca]\r
-default_ca = CA_default\r
-\r
-[CA_default]\r
-dir = $ENV::CA_DIR\r
-database = $dir/index_proxy.txt\r
-serial = $dir/serial_proxy.txt\r
-\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
-\r
-policy = policy_any\r
-\r
-[policy_any]\r
-countryName            = supplied\r
-stateOrProvinceName    = optional\r
-localityName           = optional\r
-organizationName       = optional\r
-organizationalUnitName = optional\r
-commonName             = supplied\r
-emailAddress           = optional\r
-\r
-[ ca_cert ]\r
-basicConstraints=CA:TRUE\r
-\r
-[ proxy_none ]\r
-\r

diff --git a/test/expired-ca/expired.namespaces b/test/expired-ca/expired.namespaces
new file mode 100644 (file)
index 0000000..07f0840
--- /dev/null
+++ b/test/expired-ca/expired.namespaces
@@ -0,0 +1,3 @@
+# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the expired CA"
+TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the expired CA"   PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"
+ 

diff --git a/test/expired-ca/expired.signing_policy b/test/expired-ca/expired.signing_policy
new file mode 100644 (file)
index 0000000..47d53e4
--- /dev/null
+++ b/test/expired-ca/expired.signing_policy
@@ -0,0 +1,4 @@
+# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the expired CA"
+access_id_CA            X509    '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the expired CA'
+pos_rights              globus  CA:sign
+cond_subjects           globus  '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"'

diff --git a/test/expired-ca/req_conf_email.cnf b/test/expired-ca/req_conf_email.cnf
deleted file mode 100644 (file)
index fdcd280..0000000
--- a/test/expired-ca/req_conf_email.cnf
+++ /dev/null
@@ -1,33 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-emailAddress                   = test@home.org\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/expired-ca/req_conf_sn.cnf b/test/expired-ca/req_conf_sn.cnf
deleted file mode 100644 (file)
index 8eb3308..0000000
--- a/test/expired-ca/req_conf_sn.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-#emailAddress                   = Email Address\r
-\r
-serialNumber                   = 12341324\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/expired-ca/req_conf_uid.cnf b/test/expired-ca/req_conf_uid.cnf
deleted file mode 100644 (file)
index 8b2092e..0000000
--- a/test/expired-ca/req_conf_uid.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-userId                         = testuserid\r
-\r
-#emailAddress                   = Email Address\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/expired-ca/req_proxy_conf.cnf b/test/expired-ca/req_proxy_conf.cnf
deleted file mode 100644 (file)
index 61a1812..0000000
--- a/test/expired-ca/req_proxy_conf.cnf
+++ /dev/null
@@ -1,46 +0,0 @@
-[ca]
-default_ca = CA_default
-
-[CA_default]
-dir = $ENV::CA_DIR
-database = $dir/index.txt
-serial = $dir/serial.txt
-
-certificate = $dir/$ENV::CATYPE.cert
-private_key = $dir/$ENV::CATYPE.priv
-
-[ req ]
-
-default_bits           = 1024
-default_keyfile        = keyfile.pem
-distinguished_name     = req_distinguished_name
-attributes             = req_attributes
-prompt                 = no
-output_password        = $ENV::PASSWORD
-# ca_cert                   = CA_cert
-
-[ req_distinguished_name ]
-
-countryName                    = UG
-
-#stateOrProvinceName          = South area
-
-localityName                   = Tropic
-
-organizationName                      = Utopia
-
-organizationalUnitName         = Relaxation
-
-0.commonName                     = $ENV::CN
-
-1.commonName                     = $ENV::PROXYNAME
-
-#emailAddress                   = Email Address
-
-[ req_attributes ]
-
-[ CA_cert]
-
-basicConstraints = CA:true
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always

diff --git a/test/expired-ca/req_proxy_proxy_conf.cnf b/test/expired-ca/req_proxy_proxy_conf.cnf
deleted file mode 100644 (file)
index f95b0ca..0000000
--- a/test/expired-ca/req_proxy_proxy_conf.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]
-default_bits           = 1024
-default_keyfile        = keyfile.pem
-distinguished_name     = req_distinguished_name
-attributes             = req_attributes
-prompt                 = no
-output_password        = $ENV::PASSWORD
-ca_cert                     = CA_cert
-
-[ req_distinguished_name ]
-countryName                    = UG
-
-#stateOrProvinceName          = South area
-
-localityName                   = Tropic
-
-organizationName                      = Utopia
-
-organizationalUnitName         = Relaxation
-
-0.commonName                     = $ENV::CN
-
-1.commonName                     = $ENV::PROXYNAME
-
-2.commonName                     = $ENV::PROXYNAME
- 
-#emailAddress                   = Email Address
-
-[ req_attributes ]
-#challengePassword              = $ENV::PASSWORD
-
-[ CA_cert]
-basicConstraints = CA:true
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always

diff --git a/test/fake-ca/ca_conf.cnf b/test/fake-ca/ca_conf.cnf
deleted file mode 100644 (file)
index cc85df0..0000000
--- a/test/fake-ca/ca_conf.cnf
+++ /dev/null
@@ -1,62 +0,0 @@
-[ca]\r
-default_ca = CA_default\r
-\r
-[CA_default]\r
-dir = $ENV::CA_DIR\r
-database = $dir/index.txt\r
-serial = $dir/serial.txt\r
-default_md = sha1\r
-\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
-\r
-policy = policy_any\r
-\r
-[policy_any]\r
-countryName            = supplied\r
-stateOrProvinceName    = optional\r
-localityName           = optional\r
-organizationName       = optional\r
-organizationalUnitName = optional\r
-commonName             = supplied\r
-emailAddress           = optional\r
-serialNumber           = optional\r
-userId                 = optional\r
-\r
-[ ca_cert ]\r
-basicConstraints=CA:TRUE\r
-\r
-\r
-[ ca_server ]\r
-# This is OK for an SSL server.\r
-nsCertType                     = server\r
-nsComment                      = "OpenSSL Generated Server Certificate"\r
-\r
-# For an object signing certificate this would be used.\r
-# nsCertType = objsign\r
-\r
-[ ca_client ]\r
-# For normal client use this is typical\r
-nsCertType = client, email\r
-nsComment                      = "OpenSSL Generated Client Certificate"\r
-\r
-[ ca_clientserver ]\r
-# For normal client use this is typical\r
-nsCertType = server, client, email\r
-nsComment                      = "OpenSSL Generated Client Server Certificate"\r
-\r
-# and for everything including object signing:\r
-# nsCertType = client, email, objsign\r
-\r
-[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment\r
-\r
-# This will be displayed in Netscape's comment listbox.\r
-nsComment                      = "OpenSSL Generated Client Certificate with Flags"\r
-\r
-[ ca_none ]\r
-nsComment                      = "OpenSSL Generated Client Certificate with Flags"\r
-\r
-[ proxy_none ]\r
-keyUsage=critical,digitalSignature,keyEncipherment\r

diff --git a/test/fake-ca/ca_proxy_conf.cnf b/test/fake-ca/ca_proxy_conf.cnf
deleted file mode 100644 (file)
index 465a9a0..0000000
--- a/test/fake-ca/ca_proxy_conf.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
-[ca]\r
-default_ca = CA_default\r
-\r
-[CA_default]\r
-dir = $ENV::CA_DIR\r
-database = $dir/index_proxy.txt\r
-serial = $dir/serial_proxy.txt\r
-\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
-\r
-policy = policy_any\r
-\r
-[policy_any]\r
-countryName            = supplied\r
-stateOrProvinceName    = optional\r
-localityName           = optional\r
-organizationName       = optional\r
-organizationalUnitName = optional\r
-commonName             = supplied\r
-emailAddress           = optional\r
-\r
-[ ca_cert ]\r
-basicConstraints=CA:TRUE\r
-\r
-[ proxy_none ]\r
-\r

diff --git a/test/fake-ca/fake.namespaces b/test/fake-ca/fake.namespaces
new file mode 100644 (file)
index 0000000..98b5a74
--- /dev/null
+++ b/test/fake-ca/fake.namespaces
@@ -0,0 +1,3 @@
+# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the fake CA"
+TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the fake CA"   PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"
+ 

diff --git a/test/fake-ca/fake.signing_policy b/test/fake-ca/fake.signing_policy
new file mode 100644 (file)
index 0000000..6bbfa13
--- /dev/null
+++ b/test/fake-ca/fake.signing_policy
@@ -0,0 +1,4 @@
+# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the fake CA"
+access_id_CA            X509    '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the fake CA'
+pos_rights              globus  CA:sign
+cond_subjects           globus  '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"'

diff --git a/test/fake-ca/req_conf_email.cnf b/test/fake-ca/req_conf_email.cnf
deleted file mode 100644 (file)
index fdcd280..0000000
--- a/test/fake-ca/req_conf_email.cnf
+++ /dev/null
@@ -1,33 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-emailAddress                   = test@home.org\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/fake-ca/req_conf_sn.cnf b/test/fake-ca/req_conf_sn.cnf
deleted file mode 100644 (file)
index 8eb3308..0000000
--- a/test/fake-ca/req_conf_sn.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-#emailAddress                   = Email Address\r
-\r
-serialNumber                   = 12341324\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/fake-ca/req_conf_uid.cnf b/test/fake-ca/req_conf_uid.cnf
deleted file mode 100644 (file)
index 8b2092e..0000000
--- a/test/fake-ca/req_conf_uid.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-userId                         = testuserid\r
-\r
-#emailAddress                   = Email Address\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/fake-ca/req_proxy_conf.cnf b/test/fake-ca/req_proxy_conf.cnf
deleted file mode 100644 (file)
index 61a1812..0000000
--- a/test/fake-ca/req_proxy_conf.cnf
+++ /dev/null
@@ -1,46 +0,0 @@
-[ca]
-default_ca = CA_default
-
-[CA_default]
-dir = $ENV::CA_DIR
-database = $dir/index.txt
-serial = $dir/serial.txt
-
-certificate = $dir/$ENV::CATYPE.cert
-private_key = $dir/$ENV::CATYPE.priv
-
-[ req ]
-
-default_bits           = 1024
-default_keyfile        = keyfile.pem
-distinguished_name     = req_distinguished_name
-attributes             = req_attributes
-prompt                 = no
-output_password        = $ENV::PASSWORD
-# ca_cert                   = CA_cert
-
-[ req_distinguished_name ]
-
-countryName                    = UG
-
-#stateOrProvinceName          = South area
-
-localityName                   = Tropic
-
-organizationName                      = Utopia
-
-organizationalUnitName         = Relaxation
-
-0.commonName                     = $ENV::CN
-
-1.commonName                     = $ENV::PROXYNAME
-
-#emailAddress                   = Email Address
-
-[ req_attributes ]
-
-[ CA_cert]
-
-basicConstraints = CA:true
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always

diff --git a/test/fake-ca/req_proxy_proxy_conf.cnf b/test/fake-ca/req_proxy_proxy_conf.cnf
deleted file mode 100644 (file)
index f95b0ca..0000000
--- a/test/fake-ca/req_proxy_proxy_conf.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]
-default_bits           = 1024
-default_keyfile        = keyfile.pem
-distinguished_name     = req_distinguished_name
-attributes             = req_attributes
-prompt                 = no
-output_password        = $ENV::PASSWORD
-ca_cert                     = CA_cert
-
-[ req_distinguished_name ]
-countryName                    = UG
-
-#stateOrProvinceName          = South area
-
-localityName                   = Tropic
-
-organizationName                      = Utopia
-
-organizationalUnitName         = Relaxation
-
-0.commonName                     = $ENV::CN
-
-1.commonName                     = $ENV::PROXYNAME
-
-2.commonName                     = $ENV::PROXYNAME
- 
-#emailAddress                   = Email Address
-
-[ req_attributes ]
-#challengePassword              = $ENV::PASSWORD
-
-[ CA_cert]
-basicConstraints = CA:true
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always

diff --git a/test/nokeyusage-ca/index.txt b/test/nokeyusage-ca/index.txt
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/test/nokeyusage-ca/nokeyusage.cert b/test/nokeyusage-ca/nokeyusage.cert
new file mode 100644 (file)
index 0000000..dd98c4a
--- /dev/null
+++ b/test/nokeyusage-ca/nokeyusage.cert
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDETCCAnqgAwIBAgIJAJXRhilSGEmtMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
+BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
+CxMKUmVsYXhhdGlvbjEaMBgGA1UEAxMRdGhlIG5va2V5dXNhZ2UgQ0EwHhcNMDkx
+MTE4MjAwOTU3WhcNMzcwNDA1MjAwOTU3WjBgMQswCQYDVQQGEwJVRzEPMA0GA1UE
+BxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24x
+GjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQCoVc7fs7Owtyzi24NxaBoemkPQRv/mDDfhJTzX5cGVcymMWXLqhjHk
+KhuCziQ1pIRFPPUxmlNJneeo95WzrCWHe3HFILDSrjXoIw48aHPcgHmJRTU2U+wE
+fIwvw1nrSsQXS5ftQuMb5PcOCcI6cZiQzZquEy64Kkqovx7CvEKqOQIDAQABo4HS
+MIHPMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFD5yNicj3eNgIHr1/Ou0UciEePrH
+MIGSBgNVHSMEgYowgYeAFD5yNicj3eNgIHr1/Ou0UciEePrHoWSkYjBgMQswCQYD
+VQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNV
+BAsTClJlbGF4YXRpb24xGjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBggkAldGG
+KVIYSa0wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAAZY4vy4uPDsiqdp
+Y7LycXMQ20Dzp9WYOncjrUvw0UgSiF3kgOvjdJSNI+2ISSCvL8qKB5m4v88dhZvV
+N0xr/QhTZidAH/EnarURy4s46ueqW/80PGFszLsUQwMB/lQCKDbXXiJ31GytxZMr
+tLUfi9j+FtxbQRTNBvF93zh2sVwi
+-----END CERTIFICATE-----

diff --git a/test/nokeyusage-ca/nokeyusage.namespaces b/test/nokeyusage-ca/nokeyusage.namespaces
new file mode 100644 (file)
index 0000000..526b01a
--- /dev/null
+++ b/test/nokeyusage-ca/nokeyusage.namespaces
@@ -0,0 +1,3 @@
+# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the nokeyusage CA"
+TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the nokeyusage CA"   PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"
+ 

diff --git a/test/nokeyusage-ca/nokeyusage.p12 b/test/nokeyusage-ca/nokeyusage.p12
new file mode 100644 (file)
index 0000000..dcdeb7d
Binary files /dev/null and b/test/nokeyusage-ca/nokeyusage.p12 differ

diff --git a/test/nokeyusage-ca/nokeyusage.priv b/test/nokeyusage-ca/nokeyusage.priv
new file mode 100644 (file)
index 0000000..0efdc83
--- /dev/null
+++ b/test/nokeyusage-ca/nokeyusage.priv
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCoVc7fs7Owtyzi24NxaBoemkPQRv/mDDfhJTzX5cGVcymMWXLq
+hjHkKhuCziQ1pIRFPPUxmlNJneeo95WzrCWHe3HFILDSrjXoIw48aHPcgHmJRTU2
+U+wEfIwvw1nrSsQXS5ftQuMb5PcOCcI6cZiQzZquEy64Kkqovx7CvEKqOQIDAQAB
+AoGAfZJFGCr9SD3chf4qN1bo5Rs+qwfLrNhAdvtIP+VsWwflXoT7bGdeoE2o6BLO
+gBWRdfTbE32D086vGSRX0AgClbBjq6F4zV6YyWxU8B5W55AObvkGFVXmbWc3Bqso
+F4EOr3EdXNGYKvguoXIJ+cSrpt72X9SBOS5XGYUdwDTZ2AECQQDWyhMoAy/j/QML
+LvA1IwJilcD7U2FEK/Gs6qD/yUqPit0hj3I4jXVkpXX2s6n1VbB+rmYj8YPaBFzd
+nWSOSEnhAkEAyKIEzmLoP90cMiWcR7jhSSHprdnhpmo4W7xLrxYfZ95cjuzNEdlV
+ex2jzPRHRA5eDauQj0J+rG9PIFi/Op5bWQJAOIjj1epQ1q+n92+ZZkMaw5wrOXvO
+5ES0zhDL48e1ymaAoe7B38TMG3u5uv+7QooVdKKu29McI2x2jRZ6e0DnwQJAcavy
+Ayjgo0ZYMkVC3RPveCrhpaE7irjFw5vUWZe0JXpDgKrDqSg0mTN62aVRN0rYmPAq
+UDCBapsJ/q6pccHEyQJAfHkXV65981psqotNFMO7Xvs/uePIifSkuopiNM9cXVPR
+PghtFTnSLavjBOa94EzT4mTc3X2kjfecVZvMSf0Yow==
+-----END RSA PRIVATE KEY-----

diff --git a/test/nokeyusage-ca/nokeyusage.signing_policy b/test/nokeyusage-ca/nokeyusage.signing_policy
new file mode 100644 (file)
index 0000000..1eb4337
--- /dev/null
+++ b/test/nokeyusage-ca/nokeyusage.signing_policy
@@ -0,0 +1,4 @@
+# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the nokeyusage CA"
+access_id_CA            X509    '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the nokeyusage CA'
+pos_rights              globus  CA:sign
+cond_subjects           globus  '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"'

diff --git a/test/nokeyusage-ca/req_conf.cnf b/test/nokeyusage-ca/req_conf.cnf
new file mode 100644 (file)
index 0000000..2262038
--- /dev/null
+++ b/test/nokeyusage-ca/req_conf.cnf
@@ -0,0 +1,92 @@
+### req command\r
+\r
+[ req ]\r
+default_bits           = 1024\r
+distinguished_name     = req_distinguished_name\r
+\r
+[ req_distinguished_name ]\r
+\r
+[ ca_cert_req ]\r
+basicConstraints       = CA:true\r
+subjectKeyIdentifier   = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage               = cRLSign, keyCertSign\r
+\r
+#[ serial_cert_req ]\r
+#serialNumber          = 12341324\r
+\r
+#[ email_cert_req ]\r
+#emailAddress          = test@home.org\r
+\r
+#[ uid_cert_req ]\r
+#userId                        = testuserid\r
+\r
+[ proxy_cert_req ]\r
+\r
+[ proxy_proxy_cert_req ]\r
+\r
+#### ca command\r
+\r
+[ca]\r
+default_ca             = CA_default\r
+\r
+[CA_default]\r
+dir                    = $ENV::CASROOT/$ENV::CATYPE-ca\r
+database               = $dir/index.txt\r
+serial                         = $dir/serial.txt\r
+default_md             = sha1\r
+\r
+certificate            = $dir/$ENV::CATYPE.cert\r
+private_key            = $dir/$ENV::CATYPE.priv\r
+\r
+policy = policy_any\r
+\r
+[policy_any]\r
+countryName            = supplied\r
+stateOrProvinceName    = optional\r
+localityName           = optional\r
+organizationName       = optional\r
+organizationalUnitName = optional\r
+commonName             = supplied\r
+emailAddress           = optional\r
+userId                 = optional\r
+serialNumber           = optional\r
+\r
+[ ca_cert ]\r
+basicConstraints       = CA:TRUE\r
+\r
+\r
+[ ca_server ]\r
+# This is OK for an SSL server.\r
+nsCertType             = server\r
+nsComment              = "OpenSSL Generated Server Certificate"\r
+# For an object signing certificate this would be used.\r
+# nsCertType           = objsign\r
+\r
+[ ca_altname ]\r
+# This is OK for an SSL server.\r
+nsCertType                     = server\r
+nsComment                      = "OpenSSL Generated Server Certificate"\r
+subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
+\r
+[ ca_client ]\r
+# For normal client use this is typical\r
+nsCertType             = client, email\r
+nsComment              = "OpenSSL Generated Client Certificate"\r
+\r
+[ ca_clientserver ]\r
+# For normal client use this is typical\r
+nsCertType             = server, client, email\r
+nsComment              = "OpenSSL Generated Client Server Certificate"\r
+\r
+[ ca_fclient ]\r
+# This is typical in keyUsage for a client certificate.\r
+keyUsage               = nonRepudiation, digitalSignature, keyEncipherment\r
+nsComment              = "OpenSSL Generated Client Certificate with key usage"\r
+\r
+[ ca_none ]\r
+nsComment              = "OpenSSL Generated Client Certificate without Flags"\r
+\r
+[ proxy_none ]\r
+keyUsage               = critical,digitalSignature,keyEncipherment\r
+\r

diff --git a/test/nokeyusage-ca/serial.txt b/test/nokeyusage-ca/serial.txt
new file mode 100644 (file)
index 0000000..3dcc795
--- /dev/null
+++ b/test/nokeyusage-ca/serial.txt
@@ -0,0 +1 @@
+0176

diff --git a/test/root-ca/index.txt b/test/root-ca/index.txt
new file mode 100644 (file)
index 0000000..3d85f6d
--- /dev/null
+++ b/test/root-ca/index.txt
@@ -0,0 +1 @@
+V      370405200958Z           0176    unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA

diff --git a/test/root-ca/index.txt.attr b/test/root-ca/index.txt.attr
new file mode 100644 (file)
index 0000000..8f7e63a
--- /dev/null
+++ b/test/root-ca/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes

diff --git a/test/root-ca/req_conf.cnf b/test/root-ca/req_conf.cnf
new file mode 100644 (file)
index 0000000..2262038
--- /dev/null
+++ b/test/root-ca/req_conf.cnf
@@ -0,0 +1,92 @@
+### req command\r
+\r
+[ req ]\r
+default_bits           = 1024\r
+distinguished_name     = req_distinguished_name\r
+\r
+[ req_distinguished_name ]\r
+\r
+[ ca_cert_req ]\r
+basicConstraints       = CA:true\r
+subjectKeyIdentifier   = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage               = cRLSign, keyCertSign\r
+\r
+#[ serial_cert_req ]\r
+#serialNumber          = 12341324\r
+\r
+#[ email_cert_req ]\r
+#emailAddress          = test@home.org\r
+\r
+#[ uid_cert_req ]\r
+#userId                        = testuserid\r
+\r
+[ proxy_cert_req ]\r
+\r
+[ proxy_proxy_cert_req ]\r
+\r
+#### ca command\r
+\r
+[ca]\r
+default_ca             = CA_default\r
+\r
+[CA_default]\r
+dir                    = $ENV::CASROOT/$ENV::CATYPE-ca\r
+database               = $dir/index.txt\r
+serial                         = $dir/serial.txt\r
+default_md             = sha1\r
+\r
+certificate            = $dir/$ENV::CATYPE.cert\r
+private_key            = $dir/$ENV::CATYPE.priv\r
+\r
+policy = policy_any\r
+\r
+[policy_any]\r
+countryName            = supplied\r
+stateOrProvinceName    = optional\r
+localityName           = optional\r
+organizationName       = optional\r
+organizationalUnitName = optional\r
+commonName             = supplied\r
+emailAddress           = optional\r
+userId                 = optional\r
+serialNumber           = optional\r
+\r
+[ ca_cert ]\r
+basicConstraints       = CA:TRUE\r
+\r
+\r
+[ ca_server ]\r
+# This is OK for an SSL server.\r
+nsCertType             = server\r
+nsComment              = "OpenSSL Generated Server Certificate"\r
+# For an object signing certificate this would be used.\r
+# nsCertType           = objsign\r
+\r
+[ ca_altname ]\r
+# This is OK for an SSL server.\r
+nsCertType                     = server\r
+nsComment                      = "OpenSSL Generated Server Certificate"\r
+subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
+\r
+[ ca_client ]\r
+# For normal client use this is typical\r
+nsCertType             = client, email\r
+nsComment              = "OpenSSL Generated Client Certificate"\r
+\r
+[ ca_clientserver ]\r
+# For normal client use this is typical\r
+nsCertType             = server, client, email\r
+nsComment              = "OpenSSL Generated Client Server Certificate"\r
+\r
+[ ca_fclient ]\r
+# This is typical in keyUsage for a client certificate.\r
+keyUsage               = nonRepudiation, digitalSignature, keyEncipherment\r
+nsComment              = "OpenSSL Generated Client Certificate with key usage"\r
+\r
+[ ca_none ]\r
+nsComment              = "OpenSSL Generated Client Certificate without Flags"\r
+\r
+[ proxy_none ]\r
+keyUsage               = critical,digitalSignature,keyEncipherment\r
+\r

diff --git a/test/root-ca/root.cert b/test/root-ca/root.cert
new file mode 100644 (file)
index 0000000..56dfa73
--- /dev/null
+++ b/test/root-ca/root.cert
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAmigAwIBAgIJAOwn+bdeOP7lMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
+BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
+CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIHJvb3QgQ0EwHhcNMDkxMTE4MjAw
+OTU4WhcNMzcwNDA1MjAwOTU4WjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv
+cGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDASBgNV
+BAMTC3RoZSByb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxw6fX
+Pm7OJc5QC0QaRHIjRXCK2CWVz1GXJ+1Fp9nN2OF3lhIr2JnYKkD3Shg9/6R43LUL
+pBOF8bEdQzC8P3XZTr2HHoS79bI8TVnZ4xtEM+bZO7k6EGQhzd+xjfQ7dGEqk4TS
+36PuyzIXyUJ9CrgpmzrD3r/wZreGNENql4iW6wIDAQABo4HMMIHJMAwGA1UdEwQF
+MAMBAf8wHQYDVR0OBBYEFC3z3nM1NSxp66FO7/5rlG43PPUxMIGMBgNVHSMEgYQw
+gYGAFC3z3nM1NSxp66FO7/5rlG43PPUxoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G
+A1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRp
+b24xFDASBgNVBAMTC3RoZSByb290IENBggkA7Cf5t144/uUwCwYDVR0PBAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4GBACzSdZyhnSj5wArIua8Nc6Tc6XIVp0by/jYz/cOa
+FAZZmY7GaTTL65SDu0QH1NJIRC6G8wWvQeCouK9dgKXA9vQZ3Caf+8LOwyAU4rZe
+2maDgk4CcLYz953CYDxRSwmLPTVkXAJHPD15SS8gXxWcNKIUInoov6cSzjTEfjw9
+1kCX
+-----END CERTIFICATE-----

diff --git a/test/root-ca/root.namespaces b/test/root-ca/root.namespaces
new file mode 100644 (file)
index 0000000..e0ef777
--- /dev/null
+++ b/test/root-ca/root.namespaces
@@ -0,0 +1,3 @@
+# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA"
+TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA"   PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"
+ 

diff --git a/test/root-ca/root.p12 b/test/root-ca/root.p12
new file mode 100644 (file)
index 0000000..a9190e8
Binary files /dev/null and b/test/root-ca/root.p12 differ

diff --git a/test/root-ca/root.priv b/test/root-ca/root.priv
new file mode 100644 (file)
index 0000000..52c4b21
--- /dev/null
+++ b/test/root-ca/root.priv
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCxw6fXPm7OJc5QC0QaRHIjRXCK2CWVz1GXJ+1Fp9nN2OF3lhIr
+2JnYKkD3Shg9/6R43LULpBOF8bEdQzC8P3XZTr2HHoS79bI8TVnZ4xtEM+bZO7k6
+EGQhzd+xjfQ7dGEqk4TS36PuyzIXyUJ9CrgpmzrD3r/wZreGNENql4iW6wIDAQAB
+AoGAMdlWFcwSMojzhArEvED5aN6uIqFeWNZcYPD3XpMlRs5M28Yfrl/9NFsVAMOs
+bKZlrubldjA6sVMHgdc3sXJyT1fY7GYGt0Xsgy/pGL1+c5uREiFSXl/nhXgeZrfY
+M/C6Dl0269a6K3OSwk92OVYRUqRZM2nUK4bpODOAnAtGkcECQQDp30uqbx7BAkcj
+Z49Txg5sGfmHHrJgWGzJK9RKSdrE0OH/DTus08h/wMm3fXxPffchLIAHWp94m4uM
+Zi0AfBkbAkEAwpVZP/GoSPGwvDtw4t3YVvz2oNgoxFQtmU5xx4LgRNWVHrAE4sXd
+8opTBnqikAIbOADXEF/A04ViMvR0Kw6mcQJAXFfr04b+uK0Ck8svP5/DUBHNgfmv
+6vTfN2uT7iVNOUtVANUjy/DviOoBe+8TZ3vQWYvtnXm93+xi5HPvrvJRIwJBAK4B
+/ulHAzYQJPt/sIjA2QmZeDgIdhR0Lr7tPqSrLkGAOrVRtVzSk5OlDXA61QsxRwQD
+BFBZQMgnfNSSdRxYIpECQD3aPIAP/tv6mWeSOc6aP7jH0NyEceDEOPnpFitSfJqe
+8m/wecCuED9DgXTSpmJJ0BuFc8oXKRV7OgwhqfIuEwc=
+-----END RSA PRIVATE KEY-----

diff --git a/test/root-ca/root.signing_policy b/test/root-ca/root.signing_policy
new file mode 100644 (file)
index 0000000..7f878da
--- /dev/null
+++ b/test/root-ca/root.signing_policy
@@ -0,0 +1,4 @@
+# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA"
+access_id_CA            X509    '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA'
+pos_rights              globus  CA:sign
+cond_subjects           globus  '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"'

diff --git a/test/root-ca/serial.txt b/test/root-ca/serial.txt
new file mode 100644 (file)
index 0000000..04db0ac
--- /dev/null
+++ b/test/root-ca/serial.txt
@@ -0,0 +1 @@
+0177

diff --git a/test/subca-ca/index.txt b/test/subca-ca/index.txt
new file mode 100644 (file)
index 0000000..86c98fb
--- /dev/null
+++ b/test/subca-ca/index.txt
@@ -0,0 +1 @@
+V      370405200958Z           0176    unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA

diff --git a/test/subca-ca/index.txt.attr b/test/subca-ca/index.txt.attr
new file mode 100644 (file)
index 0000000..8f7e63a
--- /dev/null
+++ b/test/subca-ca/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes

diff --git a/test/subca-ca/req_conf.cnf b/test/subca-ca/req_conf.cnf
new file mode 100644 (file)
index 0000000..2262038
--- /dev/null
+++ b/test/subca-ca/req_conf.cnf
@@ -0,0 +1,92 @@
+### req command\r
+\r
+[ req ]\r
+default_bits           = 1024\r
+distinguished_name     = req_distinguished_name\r
+\r
+[ req_distinguished_name ]\r
+\r
+[ ca_cert_req ]\r
+basicConstraints       = CA:true\r
+subjectKeyIdentifier   = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage               = cRLSign, keyCertSign\r
+\r
+#[ serial_cert_req ]\r
+#serialNumber          = 12341324\r
+\r
+#[ email_cert_req ]\r
+#emailAddress          = test@home.org\r
+\r
+#[ uid_cert_req ]\r
+#userId                        = testuserid\r
+\r
+[ proxy_cert_req ]\r
+\r
+[ proxy_proxy_cert_req ]\r
+\r
+#### ca command\r
+\r
+[ca]\r
+default_ca             = CA_default\r
+\r
+[CA_default]\r
+dir                    = $ENV::CASROOT/$ENV::CATYPE-ca\r
+database               = $dir/index.txt\r
+serial                         = $dir/serial.txt\r
+default_md             = sha1\r
+\r
+certificate            = $dir/$ENV::CATYPE.cert\r
+private_key            = $dir/$ENV::CATYPE.priv\r
+\r
+policy = policy_any\r
+\r
+[policy_any]\r
+countryName            = supplied\r
+stateOrProvinceName    = optional\r
+localityName           = optional\r
+organizationName       = optional\r
+organizationalUnitName = optional\r
+commonName             = supplied\r
+emailAddress           = optional\r
+userId                 = optional\r
+serialNumber           = optional\r
+\r
+[ ca_cert ]\r
+basicConstraints       = CA:TRUE\r
+\r
+\r
+[ ca_server ]\r
+# This is OK for an SSL server.\r
+nsCertType             = server\r
+nsComment              = "OpenSSL Generated Server Certificate"\r
+# For an object signing certificate this would be used.\r
+# nsCertType           = objsign\r
+\r
+[ ca_altname ]\r
+# This is OK for an SSL server.\r
+nsCertType                     = server\r
+nsComment                      = "OpenSSL Generated Server Certificate"\r
+subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
+\r
+[ ca_client ]\r
+# For normal client use this is typical\r
+nsCertType             = client, email\r
+nsComment              = "OpenSSL Generated Client Certificate"\r
+\r
+[ ca_clientserver ]\r
+# For normal client use this is typical\r
+nsCertType             = server, client, email\r
+nsComment              = "OpenSSL Generated Client Server Certificate"\r
+\r
+[ ca_fclient ]\r
+# This is typical in keyUsage for a client certificate.\r
+keyUsage               = nonRepudiation, digitalSignature, keyEncipherment\r
+nsComment              = "OpenSSL Generated Client Certificate with key usage"\r
+\r
+[ ca_none ]\r
+nsComment              = "OpenSSL Generated Client Certificate without Flags"\r
+\r
+[ proxy_none ]\r
+keyUsage               = critical,digitalSignature,keyEncipherment\r
+\r

diff --git a/test/subca-ca/serial.txt b/test/subca-ca/serial.txt
new file mode 100644 (file)
index 0000000..04db0ac
--- /dev/null
+++ b/test/subca-ca/serial.txt
@@ -0,0 +1 @@
+0177

diff --git a/test/subca-ca/subca.cert b/test/subca-ca/subca.cert
new file mode 100644 (file)
index 0000000..a5f95fb
--- /dev/null
+++ b/test/subca-ca/subca.cert
@@ -0,0 +1,63 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 374 (0x176)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the root CA
+        Validity
+            Not Before: Nov 18 20:09:58 2009 GMT
+            Not After : Apr  5 20:09:58 2037 GMT
+        Subject: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subca CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ba:44:79:30:f9:57:b7:5a:8d:86:95:51:1c:5c:
+                    9d:f8:dd:e1:c7:e9:e3:d6:8e:9a:4d:7c:cc:0b:ef:
+                    e2:85:99:8b:c1:df:7c:b4:41:60:6f:a6:55:0c:51:
+                    cc:ed:d5:46:2a:64:24:a0:3a:d4:d1:ff:ef:44:20:
+                    07:c0:51:eb:67:ae:af:a7:d7:22:14:36:08:98:76:
+                    06:85:34:42:9f:30:23:0a:6b:f4:d5:47:38:67:54:
+                    0a:92:1b:33:5c:37:cb:e7:7c:76:94:45:ad:45:23:
+                    6c:b1:0c:80:5b:00:bc:4e:83:44:cc:0a:a0:a7:dd:
+                    ef:59:ca:da:02:73:d6:f4:b3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                97:58:6D:62:00:14:32:1C:0E:B1:6F:89:3B:3C:92:A9:95:15:8A:05
+            X509v3 Authority Key Identifier: 
+                keyid:2D:F3:DE:73:35:35:2C:69:EB:A1:4E:EF:FE:6B:94:6E:37:3C:F5:31
+                DirName:/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA
+                serial:EC:27:F9:B7:5E:38:FE:E5
+
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: md5WithRSAEncryption
+        6c:03:5f:54:ba:53:fd:b4:fe:42:f5:96:1f:4d:98:64:11:6b:
+        7c:95:8e:e6:91:22:a8:b7:d5:0a:5c:50:6f:16:ea:51:f2:aa:
+        18:30:9a:55:1d:af:10:be:38:79:d7:eb:b9:2f:94:14:c4:0b:
+        37:21:b8:76:b7:df:96:67:c5:98:56:8c:d6:88:c6:8b:ba:6d:
+        06:a4:bb:c1:ad:72:c7:96:ff:85:f5:d5:36:88:ac:10:15:66:
+        04:44:04:54:98:be:db:6c:83:78:48:aa:2a:52:9f:85:81:71:
+        50:b7:af:22:2a:7c:f8:b8:94:bf:35:0e:6b:57:61:14:22:66:
+        7c:6b
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmKgAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWjELMAkGA1UEBhMCVUcx
+DzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxh
+eGF0aW9uMRQwEgYDVQQDEwt0aGUgcm9vdCBDQTAeFw0wOTExMTgyMDA5NThaFw0z
+NzA0MDUyMDA5NThaMFsxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzAN
+BgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjEVMBMGA1UEAxMMdGhl
+IHN1YmNhIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6RHkw+Ve3Wo2G
+lVEcXJ343eHH6ePWjppNfMwL7+KFmYvB33y0QWBvplUMUczt1UYqZCSgOtTR/+9E
+IAfAUetnrq+n1yIUNgiYdgaFNEKfMCMKa/TVRzhnVAqSGzNcN8vnfHaURa1FI2yx
+DIBbALxOg0TMCqCn3e9ZytoCc9b0swIDAQABo4HMMIHJMAwGA1UdEwQFMAMBAf8w
+HQYDVR0OBBYEFJdYbWIAFDIcDrFviTs8kqmVFYoFMIGMBgNVHSMEgYQwgYGAFC3z
+3nM1NSxp66FO7/5rlG43PPUxoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG
+VHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDAS
+BgNVBAMTC3RoZSByb290IENBggkA7Cf5t144/uUwCwYDVR0PBAQDAgEGMA0GCSqG
+SIb3DQEBBAUAA4GBAGwDX1S6U/20/kL1lh9NmGQRa3yVjuaRIqi31QpcUG8W6lHy
+qhgwmlUdrxC+OHnX67kvlBTECzchuHa335ZnxZhWjNaIxou6bQaku8GtcseW/4X1
+1TaIrBAVZgREBFSYvttsg3hIqipSn4WBcVC3ryIqfPi4lL81DmtXYRQiZnxr
+-----END CERTIFICATE-----

diff --git a/test/subca-ca/subca.namespaces b/test/subca-ca/subca.namespaces
new file mode 100644 (file)
index 0000000..f372f3a
--- /dev/null
+++ b/test/subca-ca/subca.namespaces
@@ -0,0 +1,3 @@
+# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA"
+TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA"   PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"
+ 

diff --git a/test/subca-ca/subca.p12 b/test/subca-ca/subca.p12
new file mode 100644 (file)
index 0000000..c0a9358
Binary files /dev/null and b/test/subca-ca/subca.p12 differ

diff --git a/test/subca-ca/subca.priv b/test/subca-ca/subca.priv
new file mode 100644 (file)
index 0000000..c449abc
--- /dev/null
+++ b/test/subca-ca/subca.priv
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC6RHkw+Ve3Wo2GlVEcXJ343eHH6ePWjppNfMwL7+KFmYvB33y0
+QWBvplUMUczt1UYqZCSgOtTR/+9EIAfAUetnrq+n1yIUNgiYdgaFNEKfMCMKa/TV
+RzhnVAqSGzNcN8vnfHaURa1FI2yxDIBbALxOg0TMCqCn3e9ZytoCc9b0swIDAQAB
+AoGAB3GTEkT0n2wr+bPf4O1GltpvGmkbZMigG/afxN5aRBKFxkKjHiT6sJuKDIr8
+UIjUW/9Sg2C2fonmyucoyCO9735TR7JTeIiEsrTWKI2OR2rMtvLyUV1x7MzfZtw+
+uIolrukbMD0a5RKKnAI1PqLVqgIDp8nSCbG7r8LLRvF3MGkCQQDfx4lSVZ5deHvy
+H33QOqIekglKHesF6tin4J6xHN7l1bi76FpYQuOBmI4EuQfatlej/CbASt5vPFHj
++QxJXkCHAkEA1RZA9tpzslI3JeIBdMMtWRrBPRW8b1BFL7Y+hNBT/Gk5uG7Q0giE
+4FH7Q95Phi1fMy8OIGskpyj2psC7DdGRdQJAf6nKAZquugxeSYcFs6F/k4kkm4/t
+4HZWG4/deJVL5DrFJQ4tXGTsfaaWfsNAY9narcbQJKuRskvrO+98vu5ySQJAd//X
+R+0P2K1aJzhWj5XWtOZPSoIyIxG2VL8yCAN2OKBdhBLMAGwRwG4KrVbFvA9THHT0
+ZKdR9d0owhGphYeufQJBANnY/Uc437oWe7qd/Kssai0omuGTswxztOZWWr4dAokP
+9A18VsU3gSmFGMK6OCmtJcX6R3pO3FvuVSqtQz+HTLY=
+-----END RSA PRIVATE KEY-----

diff --git a/test/subca-ca/subca.req b/test/subca-ca/subca.req
new file mode 100644 (file)
index 0000000..8cfc5b1
--- /dev/null
+++ b/test/subca-ca/subca.req
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0G
+A1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRUwEwYDVQQDEwx0aGUg
+c3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALpEeTD5V7dajYaV
+URxcnfjd4cfp49aOmk18zAvv4oWZi8HffLRBYG+mVQxRzO3VRipkJKA61NH/70Qg
+B8BR62eur6fXIhQ2CJh2BoU0Qp8wIwpr9NVHOGdUCpIbM1w3y+d8dpRFrUUjbLEM
+gFsAvE6DRMwKoKfd71nK2gJz1vSzAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQCK
+08BejkSBKvmzprupFEkKdaKcu+dDthDDpNGDrGJsYzIM/w4KU8PBQYZ1899YBu02
+TtusdVST6k8Q1uE35qdcd/hHRqRanQM8Vbzfzwoi2iOhUVvERW9/rEfdJ2HeiPzg
+550HXO/kRbMOiATQEqNz5JcXWCS64raA7D9X7Y0jIQ==
+-----END CERTIFICATE REQUEST-----

diff --git a/test/subca-ca/subca.signing_policy b/test/subca-ca/subca.signing_policy
new file mode 100644 (file)
index 0000000..0ef698a
--- /dev/null
+++ b/test/subca-ca/subca.signing_policy
@@ -0,0 +1,4 @@
+# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA"
+access_id_CA            X509    '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA'
+pos_rights              globus  CA:sign
+cond_subjects           globus  '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"'

diff --git a/test/subsubca-ca/index.txt b/test/subsubca-ca/index.txt
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/test/subsubca-ca/req_conf.cnf b/test/subsubca-ca/req_conf.cnf
new file mode 100644 (file)
index 0000000..2262038
--- /dev/null
+++ b/test/subsubca-ca/req_conf.cnf
@@ -0,0 +1,92 @@
+### req command\r
+\r
+[ req ]\r
+default_bits           = 1024\r
+distinguished_name     = req_distinguished_name\r
+\r
+[ req_distinguished_name ]\r
+\r
+[ ca_cert_req ]\r
+basicConstraints       = CA:true\r
+subjectKeyIdentifier   = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage               = cRLSign, keyCertSign\r
+\r
+#[ serial_cert_req ]\r
+#serialNumber          = 12341324\r
+\r
+#[ email_cert_req ]\r
+#emailAddress          = test@home.org\r
+\r
+#[ uid_cert_req ]\r
+#userId                        = testuserid\r
+\r
+[ proxy_cert_req ]\r
+\r
+[ proxy_proxy_cert_req ]\r
+\r
+#### ca command\r
+\r
+[ca]\r
+default_ca             = CA_default\r
+\r
+[CA_default]\r
+dir                    = $ENV::CASROOT/$ENV::CATYPE-ca\r
+database               = $dir/index.txt\r
+serial                         = $dir/serial.txt\r
+default_md             = sha1\r
+\r
+certificate            = $dir/$ENV::CATYPE.cert\r
+private_key            = $dir/$ENV::CATYPE.priv\r
+\r
+policy = policy_any\r
+\r
+[policy_any]\r
+countryName            = supplied\r
+stateOrProvinceName    = optional\r
+localityName           = optional\r
+organizationName       = optional\r
+organizationalUnitName = optional\r
+commonName             = supplied\r
+emailAddress           = optional\r
+userId                 = optional\r
+serialNumber           = optional\r
+\r
+[ ca_cert ]\r
+basicConstraints       = CA:TRUE\r
+\r
+\r
+[ ca_server ]\r
+# This is OK for an SSL server.\r
+nsCertType             = server\r
+nsComment              = "OpenSSL Generated Server Certificate"\r
+# For an object signing certificate this would be used.\r
+# nsCertType           = objsign\r
+\r
+[ ca_altname ]\r
+# This is OK for an SSL server.\r
+nsCertType                     = server\r
+nsComment                      = "OpenSSL Generated Server Certificate"\r
+subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
+\r
+[ ca_client ]\r
+# For normal client use this is typical\r
+nsCertType             = client, email\r
+nsComment              = "OpenSSL Generated Client Certificate"\r
+\r
+[ ca_clientserver ]\r
+# For normal client use this is typical\r
+nsCertType             = server, client, email\r
+nsComment              = "OpenSSL Generated Client Server Certificate"\r
+\r
+[ ca_fclient ]\r
+# This is typical in keyUsage for a client certificate.\r
+keyUsage               = nonRepudiation, digitalSignature, keyEncipherment\r
+nsComment              = "OpenSSL Generated Client Certificate with key usage"\r
+\r
+[ ca_none ]\r
+nsComment              = "OpenSSL Generated Client Certificate without Flags"\r
+\r
+[ proxy_none ]\r
+keyUsage               = critical,digitalSignature,keyEncipherment\r
+\r

diff --git a/test/subsubca-ca/serial.txt b/test/subsubca-ca/serial.txt
new file mode 100644 (file)
index 0000000..3dcc795
--- /dev/null
+++ b/test/subsubca-ca/serial.txt
@@ -0,0 +1 @@
+0176

diff --git a/test/subsubca-ca/subsubca.cert b/test/subsubca-ca/subsubca.cert
new file mode 100644 (file)
index 0000000..fc5eca4
--- /dev/null
+++ b/test/subsubca-ca/subsubca.cert
@@ -0,0 +1,63 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 374 (0x176)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subca CA
+        Validity
+            Not Before: Nov 18 20:09:58 2009 GMT
+            Not After : Apr  5 20:09:58 2037 GMT
+        Subject: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subsubca CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e9:4b:ca:3a:8f:65:d5:44:72:1f:21:9a:16:42:
+                    61:e7:67:93:38:13:cc:c2:0d:81:dc:ff:fe:8d:c4:
+                    c1:a1:57:c1:43:64:18:bd:a2:22:0b:fd:51:84:12:
+                    a2:b7:86:f2:1c:a0:dd:b2:e9:01:53:43:e2:c7:de:
+                    44:ea:41:97:85:08:91:b4:f9:b8:f8:1e:da:e9:a2:
+                    3c:1b:4e:33:8d:1a:05:d8:3a:40:21:f6:9d:2a:84:
+                    c7:f6:10:8c:ea:21:2c:40:cc:a1:c8:6e:1e:76:c3:
+                    0d:21:ec:8f:fc:76:62:d8:78:ae:e1:11:9d:3c:66:
+                    c3:56:bc:bb:8f:87:d2:2c:4b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                03:4A:F7:6F:2F:37:6B:B7:24:C1:92:6E:FB:54:26:42:C1:84:20:26
+            X509v3 Authority Key Identifier: 
+                keyid:97:58:6D:62:00:14:32:1C:0E:B1:6F:89:3B:3C:92:A9:95:15:8A:05
+                DirName:/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA
+                serial:01:76
+
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+    Signature Algorithm: md5WithRSAEncryption
+        ae:93:74:7c:61:3d:7c:38:c3:95:f8:48:71:33:6f:2b:00:eb:
+        35:bb:5d:f2:0c:09:10:bf:07:48:ef:3f:10:d8:a9:ae:c8:74:
+        82:12:18:01:6d:ce:b7:28:9b:6c:b1:b0:74:e5:b6:70:c4:d0:
+        47:22:8b:ed:40:d8:79:d9:8a:93:03:94:cf:12:27:b9:06:ce:
+        e2:e8:a2:42:89:97:e0:12:e7:7f:0c:93:38:6f:56:4c:ca:6b:
+        0a:23:df:6c:37:5e:32:1f:13:0f:2b:59:df:f3:e4:8c:80:8f:
+        c8:4e:01:f2:3a:20:87:be:15:96:ef:cf:94:8d:9a:79:35:bb:
+        f2:22
+-----BEGIN CERTIFICATE-----
+MIIC9DCCAl2gAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCVUcx
+DzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxh
+eGF0aW9uMRUwEwYDVQQDEwx0aGUgc3ViY2EgQ0EwHhcNMDkxMTE4MjAwOTU4WhcN
+MzcwNDA1MjAwOTU4WjBeMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8w
+DQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xGDAWBgNVBAMTD3Ro
+ZSBzdWJzdWJjYSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6UvKOo9l
+1URyHyGaFkJh52eTOBPMwg2B3P/+jcTBoVfBQ2QYvaIiC/1RhBKit4byHKDdsukB
+U0Pix95E6kGXhQiRtPm4+B7a6aI8G04zjRoF2DpAIfadKoTH9hCM6iEsQMyhyG4e
+dsMNIeyP/HZi2Hiu4RGdPGbDVry7j4fSLEsCAwEAAaOBwzCBwDAMBgNVHRMEBTAD
+AQH/MB0GA1UdDgQWBBQDSvdvLzdrtyTBkm77VCZCwYQgJjCBgwYDVR0jBHwweoAU
+l1htYgAUMhwOsW+JOzySqZUVigWhXqRcMFoxCzAJBgNVBAYTAlVHMQ8wDQYDVQQH
+EwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjEU
+MBIGA1UEAxMLdGhlIHJvb3QgQ0GCAgF2MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
+AQQFAAOBgQCuk3R8YT18OMOV+EhxM28rAOs1u13yDAkQvwdI7z8Q2KmuyHSCEhgB
+bc63KJtssbB05bZwxNBHIovtQNh52YqTA5TPEie5Bs7i6KJCiZfgEud/DJM4b1ZM
+ymsKI99sN14yHxMPK1nf8+SMgI/ITgHyOiCHvhWW78+UjZp5NbvyIg==
+-----END CERTIFICATE-----

diff --git a/test/subsubca-ca/subsubca.namespaces b/test/subsubca-ca/subsubca.namespaces
new file mode 100644 (file)
index 0000000..9089949
--- /dev/null
+++ b/test/subsubca-ca/subsubca.namespaces
@@ -0,0 +1,3 @@
+# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA"
+TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA"   PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"
+ 

diff --git a/test/subsubca-ca/subsubca.p12 b/test/subsubca-ca/subsubca.p12
new file mode 100644 (file)
index 0000000..5ea8e3f
Binary files /dev/null and b/test/subsubca-ca/subsubca.p12 differ

diff --git a/test/subsubca-ca/subsubca.priv b/test/subsubca-ca/subsubca.priv
new file mode 100644 (file)
index 0000000..ecc8a89
--- /dev/null
+++ b/test/subsubca-ca/subsubca.priv
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDpS8o6j2XVRHIfIZoWQmHnZ5M4E8zCDYHc//6NxMGhV8FDZBi9
+oiIL/VGEEqK3hvIcoN2y6QFTQ+LH3kTqQZeFCJG0+bj4HtrpojwbTjONGgXYOkAh
+9p0qhMf2EIzqISxAzKHIbh52ww0h7I/8dmLYeK7hEZ08ZsNWvLuPh9IsSwIDAQAB
+AoGAWUWNLvdsaj10xgDfq6DfQeNabFz3P1JX3S+AQtOFnK2t4JHO/dGq4Zeft8BB
+z6StxNKxwyJyRWB2yTB+gn1y8tQaTUIgihKKNOLb0gAKH71VNucFAidSYGqWZG6l
+IOAHvd8kJDteqAKzsHn8xSB/IPeKg27IiUAep6ozUhaRn+ECQQD0tNWt+M8os1hY
+F1OEmaMJeMPte6mQ75TngYMLs0feKERMIVw6mmCp7LioEFRj3IU/TVrzHXCEReKE
+095vl2QpAkEA9BAk5AR4jb4kxB+1Wl84PoTUJkNi76/VOMHqqxWKR/2ohUyiBgov
+2YMxk0CEmKg99sSS6Cv3fLx1/GGn41V7UwJAGiq8Lr5MaK3E5KaZ57QGGx0u1lZC
+65yy746J1NZ2+OqVYw6uLhYUABewJ0iXvZX3Ka277ANZ5MsUTd/aCVTHAQJBANWc
+i61GfH0SvvspBYFjdcbCWyxiLmW6b9SNZOb4o17/FFAXEnhW0ip+ORW4klVKa3Ff
++3RZhvMVv+51SowedSECQQDCg5KIpLI/a1MIciiSsamypdGdDU8B/HshrHm1ZUJ1
+b7dc3pffJwtOlQiwzX5Ihwxx4lW0eY+Xo8i2abhpPXun
+-----END RSA PRIVATE KEY-----

diff --git a/test/subsubca-ca/subsubca.req b/test/subsubca-ca/subsubca.req
new file mode 100644 (file)
index 0000000..9d0bb27
--- /dev/null
+++ b/test/subsubca-ca/subsubca.req
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBnjCCAQcCAQAwXjELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0G
+A1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRgwFgYDVQQDEw90aGUg
+c3Vic3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOlLyjqPZdVE
+ch8hmhZCYednkzgTzMINgdz//o3EwaFXwUNkGL2iIgv9UYQSoreG8hyg3bLpAVND
+4sfeROpBl4UIkbT5uPge2umiPBtOM40aBdg6QCH2nSqEx/YQjOohLEDMochuHnbD
+DSHsj/x2Yth4ruERnTxmw1a8u4+H0ixLAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB
+gQB15WCrFk3RykaCyJjnoToQfi72KkPr0ZpK4AjtGiTx1TepFFcXzgyU+1jtbTzv
+v8Wo0En5wzi7CzHJnFHfwhPF3fkNf6F6WbF+tC1O9XQ4fzqpvlYIbxS11I6VeLwb
+X1Owgu3ns9lhgVtqRjohEYDveoi8NdJVtC/iCKe46IBtkg==
+-----END CERTIFICATE REQUEST-----

diff --git a/test/subsubca-ca/subsubca.signing_policy b/test/subsubca-ca/subsubca.signing_policy
new file mode 100644 (file)
index 0000000..5617cb1
--- /dev/null
+++ b/test/subsubca-ca/subsubca.signing_policy
@@ -0,0 +1,4 @@
+# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA"
+access_id_CA            X509    '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA'
+pos_rights              globus  CA:sign
+cond_subjects           globus  '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"'

diff --git a/test/trusted-ca/ca_conf.cnf b/test/trusted-ca/ca_conf.cnf
deleted file mode 100644 (file)
index ae6294c..0000000
--- a/test/trusted-ca/ca_conf.cnf
+++ /dev/null
@@ -1,71 +0,0 @@
-[ca]\r
-default_ca = CA_default\r
-\r
-[CA_default]\r
-dir = $ENV::CA_DIR\r
-database = $dir/index.txt\r
-serial = $dir/serial.txt\r
-default_md = sha1\r
-\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
-\r
-policy = policy_any\r
-\r
-[policy_any]\r
-countryName            = supplied\r
-stateOrProvinceName    = optional\r
-localityName           = optional\r
-organizationName       = optional\r
-organizationalUnitName = optional\r
-commonName             = supplied\r
-emailAddress           = optional\r
-serialNumber           = optional\r
-userId                 = optional\r
-\r
-[ ca_cert ]\r
-basicConstraints=CA:TRUE\r
-\r
-\r
-[ ca_server ]\r
-# This is OK for an SSL server.\r
-nsCertType                     = server\r
-nsComment                      = "OpenSSL Generated Server Certificate"\r
-\r
-# For an object signing certificate this would be used.\r
-# nsCertType = objsign\r
-\r
-[ ca_altname ]\r
-# This is OK for an SSL server.\r
-nsCertType                     = server\r
-nsComment                      = "OpenSSL Generated Server Certificate"\r
-\r
-# For an object signing certificate this would be used.\r
-# nsCertType = objsign\r
-subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
-\r
-[ ca_client ]\r
-# For normal client use this is typical\r
-nsCertType = client, email\r
-nsComment                      = "OpenSSL Generated Client Certificate"\r
-\r
-[ ca_clientserver ]\r
-# For normal client use this is typical\r
-nsCertType = server, client, email\r
-nsComment                      = "OpenSSL Generated Client Server Certificate"\r
-\r
-# and for everything including object signing:\r
-# nsCertType = client, email, objsign\r
-\r
-[ ca_fclient ]\r
-# This is typical in keyUsage for a client certificate.\r
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment\r
-\r
-# This will be displayed in Netscape's comment listbox.\r
-nsComment                      = "OpenSSL Generated Client Certificate with Flags"\r
-\r
-[ ca_none ]\r
-nsComment                      = "OpenSSL Generated Client Certificate with Flags"\r
-\r
-[ proxy_none ]\r
-keyUsage=critical,digitalSignature,keyEncipherment\r

diff --git a/test/trusted-ca/ca_proxy_conf.cnf b/test/trusted-ca/ca_proxy_conf.cnf
deleted file mode 100644 (file)
index 465a9a0..0000000
--- a/test/trusted-ca/ca_proxy_conf.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
-[ca]\r
-default_ca = CA_default\r
-\r
-[CA_default]\r
-dir = $ENV::CA_DIR\r
-database = $dir/index_proxy.txt\r
-serial = $dir/serial_proxy.txt\r
-\r
-certificate = $dir/$ENV::CATYPE.cert\r
-private_key = $dir/$ENV::CATYPE.priv\r
-\r
-policy = policy_any\r
-\r
-[policy_any]\r
-countryName            = supplied\r
-stateOrProvinceName    = optional\r
-localityName           = optional\r
-organizationName       = optional\r
-organizationalUnitName = optional\r
-commonName             = supplied\r
-emailAddress           = optional\r
-\r
-[ ca_cert ]\r
-basicConstraints=CA:TRUE\r
-\r
-[ proxy_none ]\r
-\r

diff --git a/test/trusted-ca/req_conf_email.cnf b/test/trusted-ca/req_conf_email.cnf
deleted file mode 100644 (file)
index fdcd280..0000000
--- a/test/trusted-ca/req_conf_email.cnf
+++ /dev/null
@@ -1,33 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-emailAddress                   = test@home.org\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/trusted-ca/req_conf_sn.cnf b/test/trusted-ca/req_conf_sn.cnf
deleted file mode 100644 (file)
index 99e8218..0000000
--- a/test/trusted-ca/req_conf_sn.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UK\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-#emailAddress                   = Email Address\r
-\r
-serialNumber                   = 12341324\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/trusted-ca/req_conf_uid.cnf b/test/trusted-ca/req_conf_uid.cnf
deleted file mode 100644 (file)
index 8b2092e..0000000
--- a/test/trusted-ca/req_conf_uid.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]\r
-default_bits           = $ENV::BITS\r
-default_keyfile        = keyfile.pem\r
-distinguished_name     = req_distinguished_name\r
-attributes             = req_attributes\r
-prompt                 = no\r
-output_password        = $ENV::PASSWORD\r
-ca_cert                           = CA_cert\r
-\r
-[ req_distinguished_name ]\r
-countryName                    = UG\r
-\r
-#stateOrProvinceName          = South area\r
-\r
-localityName                   = Tropic\r
-\r
-organizationName                      = Utopia\r
-\r
-organizationalUnitName         = Relaxation\r
-\r
-commonName                     = $ENV::CN\r
-\r
-userId                         = testuserid\r
-\r
-#emailAddress                   = Email Address\r
-\r
-[ req_attributes ]\r
-#challengePassword              = $ENV::PASSWORD\r
-\r
-[ CA_cert ]\r
-basicConstraints = CA:true\r
-subjectKeyIdentifier=hash\r
-authorityKeyIdentifier=keyid:always,issuer:always\r
-\r
-[ proxy_none ]\r

diff --git a/test/trusted-ca/req_proxy_conf.cnf b/test/trusted-ca/req_proxy_conf.cnf
deleted file mode 100644 (file)
index 61a1812..0000000
--- a/test/trusted-ca/req_proxy_conf.cnf
+++ /dev/null
@@ -1,46 +0,0 @@
-[ca]
-default_ca = CA_default
-
-[CA_default]
-dir = $ENV::CA_DIR
-database = $dir/index.txt
-serial = $dir/serial.txt
-
-certificate = $dir/$ENV::CATYPE.cert
-private_key = $dir/$ENV::CATYPE.priv
-
-[ req ]
-
-default_bits           = 1024
-default_keyfile        = keyfile.pem
-distinguished_name     = req_distinguished_name
-attributes             = req_attributes
-prompt                 = no
-output_password        = $ENV::PASSWORD
-# ca_cert                   = CA_cert
-
-[ req_distinguished_name ]
-
-countryName                    = UG
-
-#stateOrProvinceName          = South area
-
-localityName                   = Tropic
-
-organizationName                      = Utopia
-
-organizationalUnitName         = Relaxation
-
-0.commonName                     = $ENV::CN
-
-1.commonName                     = $ENV::PROXYNAME
-
-#emailAddress                   = Email Address
-
-[ req_attributes ]
-
-[ CA_cert]
-
-basicConstraints = CA:true
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always

diff --git a/test/trusted-ca/req_proxy_proxy_conf.cnf b/test/trusted-ca/req_proxy_proxy_conf.cnf
deleted file mode 100644 (file)
index f95b0ca..0000000
--- a/test/trusted-ca/req_proxy_proxy_conf.cnf
+++ /dev/null
@@ -1,35 +0,0 @@
-[ req ]
-default_bits           = 1024
-default_keyfile        = keyfile.pem
-distinguished_name     = req_distinguished_name
-attributes             = req_attributes
-prompt                 = no
-output_password        = $ENV::PASSWORD
-ca_cert                     = CA_cert
-
-[ req_distinguished_name ]
-countryName                    = UG
-
-#stateOrProvinceName          = South area
-
-localityName                   = Tropic
-
-organizationName                      = Utopia
-
-organizationalUnitName         = Relaxation
-
-0.commonName                     = $ENV::CN
-
-1.commonName                     = $ENV::PROXYNAME
-
-2.commonName                     = $ENV::PROXYNAME
- 
-#emailAddress                   = Email Address
-
-[ req_attributes ]
-#challengePassword              = $ENV::PASSWORD
-
-[ CA_cert]
-basicConstraints = CA:true
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always

diff --git a/test/trusted-ca/trusted.namespaces b/test/trusted-ca/trusted.namespaces
new file mode 100644 (file)
index 0000000..fce2bf0
--- /dev/null
+++ b/test/trusted-ca/trusted.namespaces
@@ -0,0 +1,3 @@
+# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the trusted CA"
+TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the trusted CA"   PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"
+ 

diff --git a/test/trusted-ca/trusted.signing_policy b/test/trusted-ca/trusted.signing_policy
new file mode 100644 (file)
index 0000000..56f2207
--- /dev/null
+++ b/test/trusted-ca/trusted.signing_policy
@@ -0,0 +1,4 @@
+# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the trusted CA"
+access_id_CA            X509    '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the trusted CA'
+pos_rights              globus  CA:sign
+cond_subjects           globus  '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"'