add bad ca, remove old files

diff --git a/test/bad-ca/bad.cert b/test/bad-ca/bad.cert
new file mode 100644 (file)
index 0000000..6287061
--- /dev/null
+++ b/test/bad-ca/bad.cert
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAmigAwIBAgIJAJ4hwgDLvpEpMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV
+BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE
+CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJhZCBDQTAeFw0xMDA2MjUyMjEy
+MTFaFw0zNzExMTAyMjEyMTFaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w
+aWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjETMBEGA1UE
+AxMKdGhlIGJhZCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyr9blLti
+ikrL64vCRn394ISlaEMVpUYTQaWEo0rBQk4McvGTNJdpaFw1y/8k8gpQn0knpMnu
+vnPI461QNjaL6LYnUZiKPbnrIjVgxBpIVWRIeq5BCycJ6CM8bcwbkMk8Lmh7d0ED
+JaBrf086F7HeLupx4s5xekawZCdYcbADrJ8CAwEAAaOBzjCByzAMBgNVHRMEBTAD
+AQH/MB0GA1UdDgQWBBQboo1tr9iap/o8oR7I2D7+ZSPoFDCBiwYDVR0jBIGDMIGA
+gBQboo1tr9iap/o8oR7I2D7+ZSPoFKFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNV
+BAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9u
+MRMwEQYDVQQDEwp0aGUgYmFkIENBggkAniHCAMu+kSkwDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4GBAL+xTR559iYKmUaO5mvOmQ2Z2kZ2ujRk9YRtKucx
+OQsCQVj8rMIMMeKmlNRkgF7cOX5yomu9IKkXt9dOKjtKh4wgSEAwBjVAkcY6QTRU
+B56sL7jutBPhneeWapUcYDJ+yEeJFwKqpDJgX+zJPlYPK22ZZDPAQNj3+8qWjtB8
+AYBq
+-----END CERTIFICATE-----

diff --git a/test/bad-ca/bad.namespaces b/test/bad-ca/bad.namespaces
new file mode 100644 (file)
index 0000000..9da4f08
--- /dev/null
+++ b/test/bad-ca/bad.namespaces
@@ -0,0 +1,3 @@
+# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad CA"
+TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad CA"   PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"
+ 

diff --git a/test/bad-ca/bad.p12 b/test/bad-ca/bad.p12
new file mode 100644 (file)
index 0000000..8a26792
Binary files /dev/null and b/test/bad-ca/bad.p12 differ

diff --git a/test/bad-ca/bad.priv b/test/bad-ca/bad.priv
new file mode 100644 (file)
index 0000000..67f0ca2
--- /dev/null
+++ b/test/bad-ca/bad.priv
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDKv1uUu2KKSsvri8JGff3ghKVoQxWlRhNBpYSjSsFCTgxy8ZM0
+l2loXDXL/yTyClCfSSekye6+c8jjrVA2NovotidRmIo9uesiNWDEGkhVZEh6rkEL
+JwnoIzxtzBuQyTwuaHt3QQMloGt/TzoXsd4u6nHiznF6RrBkJ1hxsAOsnwIDAQAB
+AoGBAJb0+582FhyZrFNo7/HEhW7R1MZYjJlOH7BVKPjcBCD2M9axf8U8p0MIxRVq
+l3uPqo+uzFGp+JTdaMn8lSiIXIpIAjWgjrrB0CfAliNYfI/R/X5E69FuU7hoKdlr
+tApVHbkpkskmydrNAuoXSaEOW1XYCo5COSAp/+Zon8PWldthAkEA973pHV9FXJBM
+p7jRTzZacKEaGHzIX8y+26LXA3ptMSZ59YOoT2yWzX8KTCsQqGlzLvl+eW0CdWQ1
+eaV9k0ojgwJBANGBfZ6sU8t91FpxIpWEI4uEik/qoXPrzsqkOGIxQW3crQDEINH3
+6+ZY2dsapsxdm0ATEA0Kf9FMGKQjqc/TW7UCQQCVe8nFJ0864vbd3O6u1SUNAKg2
+TlS5OVmQPVlvh9eK6KR+N8q+4c68gAM+ol2SwM33ciOWMOhi3OxHUkvLK9jxAkEA
+0M1zCsKLnUMicqVRJ50T5AhL5Uxeb280oYg8XbjjkgAfOKVAZKPoK6KgNhwA46vj
+gF+/Xo/5RfrGkEivBN+NBQJAIWDK8Hg6DErzemxIeqYa7JKxk+DwN0liPeb577Al
+5fRGvlhbKUpR/ot42OC7GqCgXfbLsMf28EzW0aJyRFZVoQ==
+-----END RSA PRIVATE KEY-----

diff --git a/test/bad-ca/bad.signing_policy b/test/bad-ca/bad.signing_policy
new file mode 100644 (file)
index 0000000..f01254c
--- /dev/null
+++ b/test/bad-ca/bad.signing_policy
@@ -0,0 +1,4 @@
+# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad CA"
+access_id_CA            X509    '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad CA'
+pos_rights              globus  CA:sign
+cond_subjects           globus  '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"'

diff --git a/test/bad-ca/index.txt b/test/bad-ca/index.txt
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/test/bad-ca/req_conf.cnf b/test/bad-ca/req_conf.cnf
new file mode 100644 (file)
index 0000000..4d796dd
--- /dev/null
+++ b/test/bad-ca/req_conf.cnf
@@ -0,0 +1,112 @@
+### req command\r
+\r
+oid_section            = new_oids\r
+\r
+[ new_oids ]\r
+limitedProxyOid                = 1.3.6.1.4.1.3536.1.1.1.9\r
+\r
+[ req ]\r
+default_bits           = 1024\r
+distinguished_name     = req_distinguished_name\r
+\r
+[ req_distinguished_name ]\r
+\r
+[ ca_cert_req ]\r
+basicConstraints       = CA:true\r
+subjectKeyIdentifier   = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage               = critical, cRLSign, keyCertSign\r
+\r
+[ ca_cert_req_nokeyusage ]\r
+basicConstraints       = CA:true\r
+subjectKeyIdentifier   = hash\r
+authorityKeyIdentifier = keyid:always,issuer:always\r
+keyUsage               = critical, cRLSign\r
+\r
+[ proxy_cert_req ]\r
+\r
+[ proxy_proxy_cert_req ]\r
+\r
+#### ca command\r
+\r
+[ca]\r
+default_ca             = CA_default\r
+\r
+[CA_default]\r
+dir                    = $ENV::CASROOT/bad-ca\r
+database               = $dir/index.txt\r
+serial                         = $dir/serial.txt\r
+default_md             = sha1\r
+\r
+certificate            = $dir/bad.cert\r
+private_key            = $dir/bad.priv\r
+\r
+policy = policy_any\r
+\r
+[policy_any]\r
+countryName            = supplied\r
+stateOrProvinceName    = optional\r
+localityName           = optional\r
+organizationName       = optional\r
+organizationalUnitName = optional\r
+commonName             = supplied\r
+emailAddress           = optional\r
+userId                 = optional\r
+serialNumber           = optional\r
+\r
+[ ca_cert ]\r
+basicConstraints       = CA:TRUE\r
+\r
+\r
+[ ca_server ]\r
+# This is OK for an SSL server.\r
+nsCertType             = server\r
+nsComment              = "OpenSSL Generated Server Certificate"\r
+# For an object signing certificate this would be used.\r
+# nsCertType           = objsign\r
+\r
+[ ca_altname ]\r
+# This is OK for an SSL server.\r
+nsCertType             = server\r
+nsComment              = "OpenSSL Generated Server Certificate"\r
+subjectAltName                 = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com\r
+\r
+[ ca_client ]\r
+# For normal client use this is typical\r
+nsCertType             = client, email\r
+nsComment              = "OpenSSL Generated Client Certificate"\r
+\r
+[ ca_clientserver ]\r
+# For normal client use this is typical\r
+nsCertType             = server, client, email\r
+nsComment              = "OpenSSL Generated Client Server Certificate"\r
+\r
+[ ca_fclient ]\r
+# This is typical in keyUsage for a client certificate.\r
+basicConstraints       = CA:false\r
+keyUsage               = critical, nonRepudiation, digitalSignature, keyEncipherment\r
+nsComment              = "OpenSSL Generated Client Certificate with key usage"\r
+\r
+[ ca_none ]\r
+nsComment              = "OpenSSL Generated Client Certificate without Flags"\r
+\r
+[ proxy_none ]\r
+keyUsage               = critical,digitalSignature,keyEncipherment\r
+\r
+[ proxy_invalid_usage ]\r
+keyUsage               = critical,keyEncipherment\r
+\r
+[ proxy_rfc_pathLen1 ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1\r
+\r
+[ proxy_rfc ]\r
+proxyCertInfo=critical,language:id-ppl-inheritAll\r
+\r
+[ proxy_rfc_anypolicy ]\r
+proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB\r
+\r
+[ proxy_rfc_independent ]\r
+proxyCertInfo=critical,language:id-ppl-independent,pathlen:1\r
+\r
+[ proxy_rfc_limited ]\r
+proxyCertInfo=critical,language:limitedProxyOid\r

diff --git a/test/bad-ca/serial.txt b/test/bad-ca/serial.txt
new file mode 100644 (file)
index 0000000..3dcc795
--- /dev/null
+++ b/test/bad-ca/serial.txt
@@ -0,0 +1 @@
+0176

diff --git a/test/root-ca/index.txt.attr b/test/root-ca/index.txt.attr
deleted file mode 100644 (file)
index 8f7e63a..0000000
--- a/test/root-ca/index.txt.attr
+++ /dev/null
@@ -1 +0,0 @@
-unique_subject = yes

diff --git a/test/subca-ca/index.txt.attr b/test/subca-ca/index.txt.attr
deleted file mode 100644 (file)
index 8f7e63a..0000000
--- a/test/subca-ca/index.txt.attr
+++ /dev/null
@@ -1 +0,0 @@
-unique_subject = yes