From: Joni Hahkala Date: Wed, 18 Nov 2009 20:20:50 +0000 (+0000) Subject: new CAs, removed bad CA, namespaces added X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=7890d9db940932b2e6df8a8b0983550b88d06941;p=glite-security-test-utils.git new CAs, removed bad CA, namespaces added --- diff --git a/test/bad-ca/bad.cert b/test/bad-ca/bad.cert deleted file mode 100644 index f7c2fdf..0000000 --- a/test/bad-ca/bad.cert +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC3TCCAkagAwIBAgIBADANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVRzEP -MA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4 -YXRpb24xEzARBgNVBAMTCnRoZSBiYWQgY2EwHhcNMDkwNjEwMDg1MTE0WhcNMzIw -NjA0MDg1MTE0WjBZMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYD -VQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xEzARBgNVBAMTCnRoZSBi -YWQgY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOnSGYPzR4XyUwMrwk7U -u10TVyfQPd5uhXK8uLdERC/shNQ/qBH6HtmgiiCm7GCB40bkJgp3mmJ+HWN4JOGe -e1UW5tgsc2e2ODF8GJNkcmdqcpkZ3/vbA3tQx2LmNtAEcgsnkiY+MtYCTS+xbirL -YgAYNV2TYLymSSGwvcjUGkodAgMBAAGjgbQwgbEwHQYDVR0OBBYEFGDsw1knQ14E -I51ZkTfhgsF9J3SQMIGBBgNVHSMEejB4gBRg7MNZJ0NeBCOdWZE34YLBfSd0kKFd -pFswWTELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRv -cGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRMwEQYDVQQDEwp0aGUgYmFkIGNhggEA -MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAxRcla6HVYf9lhOipnNua -QP1HjmJ9CUygBTdczSM2NGnwvC7pTIV01tRsbsOxvRqUM3iZIv/XX3Bkjuww47YV -eon/S55B4VQIFKIq4VWI9ZALyb/QlKhO2CLxgAJ7LNgnSBsmhKx9WL/st+WSRPgs -yCCnlgIh1ZZY8jsgaRNDiJg= ------END CERTIFICATE----- diff --git a/test/bad-ca/bad.namespaces b/test/bad-ca/bad.namespaces deleted file mode 100644 index 587b01f..0000000 --- a/test/bad-ca/bad.namespaces +++ /dev/null @@ -1,3 +0,0 @@ -# Namespace for the the bad ca -TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad ca" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" - diff --git a/test/bad-ca/bad.priv b/test/bad-ca/bad.priv deleted file mode 100644 index 79b06b5..0000000 --- a/test/bad-ca/bad.priv +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDp0hmD80eF8lMDK8JO1LtdE1cn0D3eboVyvLi3REQv7ITUP6gR -+h7ZoIogpuxggeNG5CYKd5pifh1jeCThnntVFubYLHNntjgxfBiTZHJnanKZGd/7 -2wN7UMdi5jbQBHILJ5ImPjLWAk0vsW4qy2IAGDVdk2C8pkkhsL3I1BpKHQIDAQAB -AoGBAMDZNYw8CeCzNb5myBNGp+Yjfn3q5ixgEZbJirw1BNxWAlQg0JlLJ0itfV9i -7ZDHcFHW+H0nmmDjzY9t11Vy5hp7a47ssqBEeQXpyXI+YRwc5jIW2ThaZNlMiPVm -HfpiyNlftswNEjjpQ0nAqp3LFldbonHJI+a687O0AXSWmJUNAkEA+TlOJmhmD0u6 -AL1EqjCH9AnAgQCbmgDlQ+7bOxXsUvHJ82kYL/nB+Kq08ZC3ZuWYtv0kiHwEpANO -qqewmyGYqwJBAPAtlR+w6XRzJSj2DyfkNajM1Gyo4HdufDjydKSqqipI0WfW/S+s -NUEZHlgCoHx7rB/PdV49nHINTPmMkxreOFcCQEJ1KYXMaQrDIsJ3tgu8DUTiJNdB -ljym6HwJAaTr36zulO+3op+IdlUdEEsqT/28U9DYCBntGD+0MhIHzWxQtSkCQCkt -Z3e7eQsCAsj3BrosIhcCpxjKC1Hum1WYG+9vYyVEvsIy1c2qlKbIi69DJAizm1sI -0nKJ1ZyoMx5Fv6LHnpkCQQD08QwHsVRycgd44wbd6nTJ4NCrk6kZ7NBVkz8k5tcl -nwDtFEJV/zdL2Hr2JTW6yOlO452Q+Z/oq1NFhm42YIEx ------END RSA PRIVATE KEY----- diff --git a/test/bad-ca/ca_conf.cnf b/test/bad-ca/ca_conf.cnf deleted file mode 100644 index cc85df0..0000000 --- a/test/bad-ca/ca_conf.cnf +++ /dev/null @@ -1,62 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt -default_md = sha1 - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -serialNumber = optional -userId = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - - -[ ca_server ] -# This is OK for an SSL server. -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" - -# For an object signing certificate this would be used. -# nsCertType = objsign - -[ ca_client ] -# For normal client use this is typical -nsCertType = client, email -nsComment = "OpenSSL Generated Client Certificate" - -[ ca_clientserver ] -# For normal client use this is typical -nsCertType = server, client, email -nsComment = "OpenSSL Generated Client Server Certificate" - -# and for everything including object signing: -# nsCertType = client, email, objsign - -[ ca_fclient ] -# This is typical in keyUsage for a client certificate. -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ ca_none ] -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ proxy_none ] -keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/bad-ca/ca_proxy_conf.cnf b/test/bad-ca/ca_proxy_conf.cnf deleted file mode 100644 index 465a9a0..0000000 --- a/test/bad-ca/ca_proxy_conf.cnf +++ /dev/null @@ -1,27 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index_proxy.txt -serial = $dir/serial_proxy.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - -[ proxy_none ] - diff --git a/test/bad-ca/index.txt b/test/bad-ca/index.txt deleted file mode 100644 index d3c107d..0000000 --- a/test/bad-ca/index.txt +++ /dev/null @@ -1,6 +0,0 @@ -V 370320130933Z 123456 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=hahkala -V 370320130933Z 123457 unknown /C=UG/L=Tropic/O=Utopia/OU=Chillin/CN=bad policy client -V 370320130933Z 123458 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=bad future client -V 370320130933Z 123459 unknown /C=UG/L=Tropic/O=Utopia/OU=Chillin/CN=pchip10 -R 370320130933Z 091102130933Z 12345A unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=pchip10 -V 091101130934Z 12345B unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=pchip10 diff --git a/test/bad-ca/req_conf.cnf b/test/bad-ca/req_conf.cnf deleted file mode 100644 index 7c30db9..0000000 --- a/test/bad-ca/req_conf.cnf +++ /dev/null @@ -1,33 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/bad-ca/req_conf_future.cnf b/test/bad-ca/req_conf_future.cnf deleted file mode 100644 index a0042a4..0000000 --- a/test/bad-ca/req_conf_future.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -#userId = testuserid - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/bad-ca/req_conf_policy.cnf b/test/bad-ca/req_conf_policy.cnf deleted file mode 100644 index 20c593b..0000000 --- a/test/bad-ca/req_conf_policy.cnf +++ /dev/null @@ -1,33 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Chillin - -commonName = $ENV::CN - -#emailAddress = test@home.org - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/bad-ca/req_proxy_conf.cnf b/test/bad-ca/req_proxy_conf.cnf deleted file mode 100644 index 61a1812..0000000 --- a/test/bad-ca/req_proxy_conf.cnf +++ /dev/null @@ -1,46 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -[ req ] - -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -# ca_cert = CA_cert - -[ req_distinguished_name ] - -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] - -[ CA_cert] - -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/bad-ca/req_proxy_proxy_conf.cnf b/test/bad-ca/req_proxy_proxy_conf.cnf deleted file mode 100644 index f95b0ca..0000000 --- a/test/bad-ca/req_proxy_proxy_conf.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -2.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/bad-ca/serial.txt b/test/bad-ca/serial.txt deleted file mode 100644 index e8a76ce..0000000 --- a/test/bad-ca/serial.txt +++ /dev/null @@ -1 +0,0 @@ -12345C diff --git a/test/big-ca/big.namespaces b/test/big-ca/big.namespaces new file mode 100644 index 0000000..f8f7907 --- /dev/null +++ b/test/big-ca/big.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the big CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the big CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/bad-ca/bad.signing_policy b/test/big-ca/big.signing_policy similarity index 63% rename from test/bad-ca/bad.signing_policy rename to test/big-ca/big.signing_policy index 608c681..2794ff0 100644 --- a/test/bad-ca/bad.signing_policy +++ b/test/big-ca/big.signing_policy @@ -1,4 +1,4 @@ -# Signing policy file for the the bad ca -access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad ca' +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the big CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the big CA' pos_rights globus CA:sign cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/big-ca/ca_conf.cnf b/test/big-ca/ca_conf.cnf deleted file mode 100644 index cc85df0..0000000 --- a/test/big-ca/ca_conf.cnf +++ /dev/null @@ -1,62 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt -default_md = sha1 - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -serialNumber = optional -userId = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - - -[ ca_server ] -# This is OK for an SSL server. -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" - -# For an object signing certificate this would be used. -# nsCertType = objsign - -[ ca_client ] -# For normal client use this is typical -nsCertType = client, email -nsComment = "OpenSSL Generated Client Certificate" - -[ ca_clientserver ] -# For normal client use this is typical -nsCertType = server, client, email -nsComment = "OpenSSL Generated Client Server Certificate" - -# and for everything including object signing: -# nsCertType = client, email, objsign - -[ ca_fclient ] -# This is typical in keyUsage for a client certificate. -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ ca_none ] -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ proxy_none ] -keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/big-ca/ca_proxy_conf.cnf b/test/big-ca/ca_proxy_conf.cnf deleted file mode 100644 index 465a9a0..0000000 --- a/test/big-ca/ca_proxy_conf.cnf +++ /dev/null @@ -1,27 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index_proxy.txt -serial = $dir/serial_proxy.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - -[ proxy_none ] - diff --git a/test/big-ca/req_conf_email.cnf b/test/big-ca/req_conf_email.cnf deleted file mode 100644 index fdcd280..0000000 --- a/test/big-ca/req_conf_email.cnf +++ /dev/null @@ -1,33 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -emailAddress = test@home.org - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/big-ca/req_conf_sn.cnf b/test/big-ca/req_conf_sn.cnf deleted file mode 100644 index 8eb3308..0000000 --- a/test/big-ca/req_conf_sn.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -#emailAddress = Email Address - -serialNumber = 12341324 - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/big-ca/req_conf_uid.cnf b/test/big-ca/req_conf_uid.cnf deleted file mode 100644 index 8b2092e..0000000 --- a/test/big-ca/req_conf_uid.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -userId = testuserid - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/big-ca/req_proxy_conf.cnf b/test/big-ca/req_proxy_conf.cnf deleted file mode 100644 index 61a1812..0000000 --- a/test/big-ca/req_proxy_conf.cnf +++ /dev/null @@ -1,46 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -[ req ] - -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -# ca_cert = CA_cert - -[ req_distinguished_name ] - -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] - -[ CA_cert] - -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/big-ca/req_proxy_proxy_conf.cnf b/test/big-ca/req_proxy_proxy_conf.cnf deleted file mode 100644 index f95b0ca..0000000 --- a/test/big-ca/req_proxy_proxy_conf.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -2.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/expired-ca/ca_conf.cnf b/test/expired-ca/ca_conf.cnf deleted file mode 100644 index a36254e..0000000 --- a/test/expired-ca/ca_conf.cnf +++ /dev/null @@ -1,62 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt -default_md = sha1 - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -serialNumber = optional -userId = optional -emailAddress = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - - -[ ca_server ] -# This is OK for an SSL server. -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" - -# For an object signing certificate this would be used. -# nsCertType = objsign - -[ ca_client ] -# For normal client use this is typical -nsCertType = client, email -nsComment = "OpenSSL Generated Client Certificate" - -[ ca_clientserver ] -# For normal client use this is typical -nsCertType = server, client, email -nsComment = "OpenSSL Generated Client Server Certificate" - -# and for everything including object signing: -# nsCertType = client, email, objsign - -[ ca_fclient ] -# This is typical in keyUsage for a client certificate. -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ ca_none ] -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ proxy_none ] -keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/expired-ca/ca_proxy_conf.cnf b/test/expired-ca/ca_proxy_conf.cnf deleted file mode 100644 index 465a9a0..0000000 --- a/test/expired-ca/ca_proxy_conf.cnf +++ /dev/null @@ -1,27 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index_proxy.txt -serial = $dir/serial_proxy.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - -[ proxy_none ] - diff --git a/test/expired-ca/expired.namespaces b/test/expired-ca/expired.namespaces new file mode 100644 index 0000000..07f0840 --- /dev/null +++ b/test/expired-ca/expired.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the expired CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the expired CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/expired-ca/expired.signing_policy b/test/expired-ca/expired.signing_policy new file mode 100644 index 0000000..47d53e4 --- /dev/null +++ b/test/expired-ca/expired.signing_policy @@ -0,0 +1,4 @@ +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the expired CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the expired CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/expired-ca/req_conf_email.cnf b/test/expired-ca/req_conf_email.cnf deleted file mode 100644 index fdcd280..0000000 --- a/test/expired-ca/req_conf_email.cnf +++ /dev/null @@ -1,33 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -emailAddress = test@home.org - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/expired-ca/req_conf_sn.cnf b/test/expired-ca/req_conf_sn.cnf deleted file mode 100644 index 8eb3308..0000000 --- a/test/expired-ca/req_conf_sn.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -#emailAddress = Email Address - -serialNumber = 12341324 - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/expired-ca/req_conf_uid.cnf b/test/expired-ca/req_conf_uid.cnf deleted file mode 100644 index 8b2092e..0000000 --- a/test/expired-ca/req_conf_uid.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -userId = testuserid - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/expired-ca/req_proxy_conf.cnf b/test/expired-ca/req_proxy_conf.cnf deleted file mode 100644 index 61a1812..0000000 --- a/test/expired-ca/req_proxy_conf.cnf +++ /dev/null @@ -1,46 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -[ req ] - -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -# ca_cert = CA_cert - -[ req_distinguished_name ] - -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] - -[ CA_cert] - -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/expired-ca/req_proxy_proxy_conf.cnf b/test/expired-ca/req_proxy_proxy_conf.cnf deleted file mode 100644 index f95b0ca..0000000 --- a/test/expired-ca/req_proxy_proxy_conf.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -2.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/fake-ca/ca_conf.cnf b/test/fake-ca/ca_conf.cnf deleted file mode 100644 index cc85df0..0000000 --- a/test/fake-ca/ca_conf.cnf +++ /dev/null @@ -1,62 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt -default_md = sha1 - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -serialNumber = optional -userId = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - - -[ ca_server ] -# This is OK for an SSL server. -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" - -# For an object signing certificate this would be used. -# nsCertType = objsign - -[ ca_client ] -# For normal client use this is typical -nsCertType = client, email -nsComment = "OpenSSL Generated Client Certificate" - -[ ca_clientserver ] -# For normal client use this is typical -nsCertType = server, client, email -nsComment = "OpenSSL Generated Client Server Certificate" - -# and for everything including object signing: -# nsCertType = client, email, objsign - -[ ca_fclient ] -# This is typical in keyUsage for a client certificate. -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ ca_none ] -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ proxy_none ] -keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/fake-ca/ca_proxy_conf.cnf b/test/fake-ca/ca_proxy_conf.cnf deleted file mode 100644 index 465a9a0..0000000 --- a/test/fake-ca/ca_proxy_conf.cnf +++ /dev/null @@ -1,27 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index_proxy.txt -serial = $dir/serial_proxy.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - -[ proxy_none ] - diff --git a/test/fake-ca/fake.namespaces b/test/fake-ca/fake.namespaces new file mode 100644 index 0000000..98b5a74 --- /dev/null +++ b/test/fake-ca/fake.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the fake CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the fake CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/fake-ca/fake.signing_policy b/test/fake-ca/fake.signing_policy new file mode 100644 index 0000000..6bbfa13 --- /dev/null +++ b/test/fake-ca/fake.signing_policy @@ -0,0 +1,4 @@ +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the fake CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the fake CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/fake-ca/req_conf_email.cnf b/test/fake-ca/req_conf_email.cnf deleted file mode 100644 index fdcd280..0000000 --- a/test/fake-ca/req_conf_email.cnf +++ /dev/null @@ -1,33 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -emailAddress = test@home.org - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/fake-ca/req_conf_sn.cnf b/test/fake-ca/req_conf_sn.cnf deleted file mode 100644 index 8eb3308..0000000 --- a/test/fake-ca/req_conf_sn.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -#emailAddress = Email Address - -serialNumber = 12341324 - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/fake-ca/req_conf_uid.cnf b/test/fake-ca/req_conf_uid.cnf deleted file mode 100644 index 8b2092e..0000000 --- a/test/fake-ca/req_conf_uid.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -userId = testuserid - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/fake-ca/req_proxy_conf.cnf b/test/fake-ca/req_proxy_conf.cnf deleted file mode 100644 index 61a1812..0000000 --- a/test/fake-ca/req_proxy_conf.cnf +++ /dev/null @@ -1,46 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -[ req ] - -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -# ca_cert = CA_cert - -[ req_distinguished_name ] - -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] - -[ CA_cert] - -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/fake-ca/req_proxy_proxy_conf.cnf b/test/fake-ca/req_proxy_proxy_conf.cnf deleted file mode 100644 index f95b0ca..0000000 --- a/test/fake-ca/req_proxy_proxy_conf.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -2.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/nokeyusage-ca/index.txt b/test/nokeyusage-ca/index.txt new file mode 100644 index 0000000..e69de29 diff --git a/test/nokeyusage-ca/nokeyusage.cert b/test/nokeyusage-ca/nokeyusage.cert new file mode 100644 index 0000000..dd98c4a --- /dev/null +++ b/test/nokeyusage-ca/nokeyusage.cert @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDETCCAnqgAwIBAgIJAJXRhilSGEmtMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV +BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE +CxMKUmVsYXhhdGlvbjEaMBgGA1UEAxMRdGhlIG5va2V5dXNhZ2UgQ0EwHhcNMDkx +MTE4MjAwOTU3WhcNMzcwNDA1MjAwOTU3WjBgMQswCQYDVQQGEwJVRzEPMA0GA1UE +BxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24x +GjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCoVc7fs7Owtyzi24NxaBoemkPQRv/mDDfhJTzX5cGVcymMWXLqhjHk +KhuCziQ1pIRFPPUxmlNJneeo95WzrCWHe3HFILDSrjXoIw48aHPcgHmJRTU2U+wE +fIwvw1nrSsQXS5ftQuMb5PcOCcI6cZiQzZquEy64Kkqovx7CvEKqOQIDAQABo4HS +MIHPMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFD5yNicj3eNgIHr1/Ou0UciEePrH +MIGSBgNVHSMEgYowgYeAFD5yNicj3eNgIHr1/Ou0UciEePrHoWSkYjBgMQswCQYD +VQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNV +BAsTClJlbGF4YXRpb24xGjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBggkAldGG +KVIYSa0wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAAZY4vy4uPDsiqdp +Y7LycXMQ20Dzp9WYOncjrUvw0UgSiF3kgOvjdJSNI+2ISSCvL8qKB5m4v88dhZvV +N0xr/QhTZidAH/EnarURy4s46ueqW/80PGFszLsUQwMB/lQCKDbXXiJ31GytxZMr +tLUfi9j+FtxbQRTNBvF93zh2sVwi +-----END CERTIFICATE----- diff --git a/test/nokeyusage-ca/nokeyusage.namespaces b/test/nokeyusage-ca/nokeyusage.namespaces new file mode 100644 index 0000000..526b01a --- /dev/null +++ b/test/nokeyusage-ca/nokeyusage.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the nokeyusage CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the nokeyusage CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/nokeyusage-ca/nokeyusage.p12 b/test/nokeyusage-ca/nokeyusage.p12 new file mode 100644 index 0000000..dcdeb7d Binary files /dev/null and b/test/nokeyusage-ca/nokeyusage.p12 differ diff --git a/test/nokeyusage-ca/nokeyusage.priv b/test/nokeyusage-ca/nokeyusage.priv new file mode 100644 index 0000000..0efdc83 --- /dev/null +++ b/test/nokeyusage-ca/nokeyusage.priv @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQCoVc7fs7Owtyzi24NxaBoemkPQRv/mDDfhJTzX5cGVcymMWXLq +hjHkKhuCziQ1pIRFPPUxmlNJneeo95WzrCWHe3HFILDSrjXoIw48aHPcgHmJRTU2 +U+wEfIwvw1nrSsQXS5ftQuMb5PcOCcI6cZiQzZquEy64Kkqovx7CvEKqOQIDAQAB +AoGAfZJFGCr9SD3chf4qN1bo5Rs+qwfLrNhAdvtIP+VsWwflXoT7bGdeoE2o6BLO +gBWRdfTbE32D086vGSRX0AgClbBjq6F4zV6YyWxU8B5W55AObvkGFVXmbWc3Bqso +F4EOr3EdXNGYKvguoXIJ+cSrpt72X9SBOS5XGYUdwDTZ2AECQQDWyhMoAy/j/QML +LvA1IwJilcD7U2FEK/Gs6qD/yUqPit0hj3I4jXVkpXX2s6n1VbB+rmYj8YPaBFzd +nWSOSEnhAkEAyKIEzmLoP90cMiWcR7jhSSHprdnhpmo4W7xLrxYfZ95cjuzNEdlV +ex2jzPRHRA5eDauQj0J+rG9PIFi/Op5bWQJAOIjj1epQ1q+n92+ZZkMaw5wrOXvO +5ES0zhDL48e1ymaAoe7B38TMG3u5uv+7QooVdKKu29McI2x2jRZ6e0DnwQJAcavy +Ayjgo0ZYMkVC3RPveCrhpaE7irjFw5vUWZe0JXpDgKrDqSg0mTN62aVRN0rYmPAq +UDCBapsJ/q6pccHEyQJAfHkXV65981psqotNFMO7Xvs/uePIifSkuopiNM9cXVPR +PghtFTnSLavjBOa94EzT4mTc3X2kjfecVZvMSf0Yow== +-----END RSA PRIVATE KEY----- diff --git a/test/nokeyusage-ca/nokeyusage.signing_policy b/test/nokeyusage-ca/nokeyusage.signing_policy new file mode 100644 index 0000000..1eb4337 --- /dev/null +++ b/test/nokeyusage-ca/nokeyusage.signing_policy @@ -0,0 +1,4 @@ +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the nokeyusage CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the nokeyusage CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/nokeyusage-ca/req_conf.cnf b/test/nokeyusage-ca/req_conf.cnf new file mode 100644 index 0000000..2262038 --- /dev/null +++ b/test/nokeyusage-ca/req_conf.cnf @@ -0,0 +1,92 @@ +### req command + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] + +[ ca_cert_req ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign + +#[ serial_cert_req ] +#serialNumber = 12341324 + +#[ email_cert_req ] +#emailAddress = test@home.org + +#[ uid_cert_req ] +#userId = testuserid + +[ proxy_cert_req ] + +[ proxy_proxy_cert_req ] + +#### ca command + +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CASROOT/$ENV::CATYPE-ca +database = $dir/index.txt +serial = $dir/serial.txt +default_md = sha1 + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + +policy = policy_any + +[policy_any] +countryName = supplied +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +userId = optional +serialNumber = optional + +[ ca_cert ] +basicConstraints = CA:TRUE + + +[ ca_server ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +# For an object signing certificate this would be used. +# nsCertType = objsign + +[ ca_altname ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com + +[ ca_client ] +# For normal client use this is typical +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" + +[ ca_clientserver ] +# For normal client use this is typical +nsCertType = server, client, email +nsComment = "OpenSSL Generated Client Server Certificate" + +[ ca_fclient ] +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +nsComment = "OpenSSL Generated Client Certificate with key usage" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate without Flags" + +[ proxy_none ] +keyUsage = critical,digitalSignature,keyEncipherment + diff --git a/test/nokeyusage-ca/serial.txt b/test/nokeyusage-ca/serial.txt new file mode 100644 index 0000000..3dcc795 --- /dev/null +++ b/test/nokeyusage-ca/serial.txt @@ -0,0 +1 @@ +0176 diff --git a/test/root-ca/index.txt b/test/root-ca/index.txt new file mode 100644 index 0000000..3d85f6d --- /dev/null +++ b/test/root-ca/index.txt @@ -0,0 +1 @@ +V 370405200958Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA diff --git a/test/root-ca/index.txt.attr b/test/root-ca/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/test/root-ca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/test/root-ca/req_conf.cnf b/test/root-ca/req_conf.cnf new file mode 100644 index 0000000..2262038 --- /dev/null +++ b/test/root-ca/req_conf.cnf @@ -0,0 +1,92 @@ +### req command + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] + +[ ca_cert_req ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign + +#[ serial_cert_req ] +#serialNumber = 12341324 + +#[ email_cert_req ] +#emailAddress = test@home.org + +#[ uid_cert_req ] +#userId = testuserid + +[ proxy_cert_req ] + +[ proxy_proxy_cert_req ] + +#### ca command + +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CASROOT/$ENV::CATYPE-ca +database = $dir/index.txt +serial = $dir/serial.txt +default_md = sha1 + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + +policy = policy_any + +[policy_any] +countryName = supplied +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +userId = optional +serialNumber = optional + +[ ca_cert ] +basicConstraints = CA:TRUE + + +[ ca_server ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +# For an object signing certificate this would be used. +# nsCertType = objsign + +[ ca_altname ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com + +[ ca_client ] +# For normal client use this is typical +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" + +[ ca_clientserver ] +# For normal client use this is typical +nsCertType = server, client, email +nsComment = "OpenSSL Generated Client Server Certificate" + +[ ca_fclient ] +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +nsComment = "OpenSSL Generated Client Certificate with key usage" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate without Flags" + +[ proxy_none ] +keyUsage = critical,digitalSignature,keyEncipherment + diff --git a/test/root-ca/root.cert b/test/root-ca/root.cert new file mode 100644 index 0000000..56dfa73 --- /dev/null +++ b/test/root-ca/root.cert @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/zCCAmigAwIBAgIJAOwn+bdeOP7lMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV +BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE +CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIHJvb3QgQ0EwHhcNMDkxMTE4MjAw +OTU4WhcNMzcwNDA1MjAwOTU4WjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv +cGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDASBgNV +BAMTC3RoZSByb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxw6fX +Pm7OJc5QC0QaRHIjRXCK2CWVz1GXJ+1Fp9nN2OF3lhIr2JnYKkD3Shg9/6R43LUL +pBOF8bEdQzC8P3XZTr2HHoS79bI8TVnZ4xtEM+bZO7k6EGQhzd+xjfQ7dGEqk4TS +36PuyzIXyUJ9CrgpmzrD3r/wZreGNENql4iW6wIDAQABo4HMMIHJMAwGA1UdEwQF +MAMBAf8wHQYDVR0OBBYEFC3z3nM1NSxp66FO7/5rlG43PPUxMIGMBgNVHSMEgYQw +gYGAFC3z3nM1NSxp66FO7/5rlG43PPUxoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G +A1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRp +b24xFDASBgNVBAMTC3RoZSByb290IENBggkA7Cf5t144/uUwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4GBACzSdZyhnSj5wArIua8Nc6Tc6XIVp0by/jYz/cOa +FAZZmY7GaTTL65SDu0QH1NJIRC6G8wWvQeCouK9dgKXA9vQZ3Caf+8LOwyAU4rZe +2maDgk4CcLYz953CYDxRSwmLPTVkXAJHPD15SS8gXxWcNKIUInoov6cSzjTEfjw9 +1kCX +-----END CERTIFICATE----- diff --git a/test/root-ca/root.namespaces b/test/root-ca/root.namespaces new file mode 100644 index 0000000..e0ef777 --- /dev/null +++ b/test/root-ca/root.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/root-ca/root.p12 b/test/root-ca/root.p12 new file mode 100644 index 0000000..a9190e8 Binary files /dev/null and b/test/root-ca/root.p12 differ diff --git a/test/root-ca/root.priv b/test/root-ca/root.priv new file mode 100644 index 0000000..52c4b21 --- /dev/null +++ b/test/root-ca/root.priv @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCxw6fXPm7OJc5QC0QaRHIjRXCK2CWVz1GXJ+1Fp9nN2OF3lhIr +2JnYKkD3Shg9/6R43LULpBOF8bEdQzC8P3XZTr2HHoS79bI8TVnZ4xtEM+bZO7k6 +EGQhzd+xjfQ7dGEqk4TS36PuyzIXyUJ9CrgpmzrD3r/wZreGNENql4iW6wIDAQAB +AoGAMdlWFcwSMojzhArEvED5aN6uIqFeWNZcYPD3XpMlRs5M28Yfrl/9NFsVAMOs +bKZlrubldjA6sVMHgdc3sXJyT1fY7GYGt0Xsgy/pGL1+c5uREiFSXl/nhXgeZrfY +M/C6Dl0269a6K3OSwk92OVYRUqRZM2nUK4bpODOAnAtGkcECQQDp30uqbx7BAkcj +Z49Txg5sGfmHHrJgWGzJK9RKSdrE0OH/DTus08h/wMm3fXxPffchLIAHWp94m4uM +Zi0AfBkbAkEAwpVZP/GoSPGwvDtw4t3YVvz2oNgoxFQtmU5xx4LgRNWVHrAE4sXd +8opTBnqikAIbOADXEF/A04ViMvR0Kw6mcQJAXFfr04b+uK0Ck8svP5/DUBHNgfmv +6vTfN2uT7iVNOUtVANUjy/DviOoBe+8TZ3vQWYvtnXm93+xi5HPvrvJRIwJBAK4B +/ulHAzYQJPt/sIjA2QmZeDgIdhR0Lr7tPqSrLkGAOrVRtVzSk5OlDXA61QsxRwQD +BFBZQMgnfNSSdRxYIpECQD3aPIAP/tv6mWeSOc6aP7jH0NyEceDEOPnpFitSfJqe +8m/wecCuED9DgXTSpmJJ0BuFc8oXKRV7OgwhqfIuEwc= +-----END RSA PRIVATE KEY----- diff --git a/test/root-ca/root.signing_policy b/test/root-ca/root.signing_policy new file mode 100644 index 0000000..7f878da --- /dev/null +++ b/test/root-ca/root.signing_policy @@ -0,0 +1,4 @@ +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/root-ca/serial.txt b/test/root-ca/serial.txt new file mode 100644 index 0000000..04db0ac --- /dev/null +++ b/test/root-ca/serial.txt @@ -0,0 +1 @@ +0177 diff --git a/test/subca-ca/index.txt b/test/subca-ca/index.txt new file mode 100644 index 0000000..86c98fb --- /dev/null +++ b/test/subca-ca/index.txt @@ -0,0 +1 @@ +V 370405200958Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA diff --git a/test/subca-ca/index.txt.attr b/test/subca-ca/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/test/subca-ca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/test/subca-ca/req_conf.cnf b/test/subca-ca/req_conf.cnf new file mode 100644 index 0000000..2262038 --- /dev/null +++ b/test/subca-ca/req_conf.cnf @@ -0,0 +1,92 @@ +### req command + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] + +[ ca_cert_req ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign + +#[ serial_cert_req ] +#serialNumber = 12341324 + +#[ email_cert_req ] +#emailAddress = test@home.org + +#[ uid_cert_req ] +#userId = testuserid + +[ proxy_cert_req ] + +[ proxy_proxy_cert_req ] + +#### ca command + +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CASROOT/$ENV::CATYPE-ca +database = $dir/index.txt +serial = $dir/serial.txt +default_md = sha1 + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + +policy = policy_any + +[policy_any] +countryName = supplied +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +userId = optional +serialNumber = optional + +[ ca_cert ] +basicConstraints = CA:TRUE + + +[ ca_server ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +# For an object signing certificate this would be used. +# nsCertType = objsign + +[ ca_altname ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com + +[ ca_client ] +# For normal client use this is typical +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" + +[ ca_clientserver ] +# For normal client use this is typical +nsCertType = server, client, email +nsComment = "OpenSSL Generated Client Server Certificate" + +[ ca_fclient ] +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +nsComment = "OpenSSL Generated Client Certificate with key usage" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate without Flags" + +[ proxy_none ] +keyUsage = critical,digitalSignature,keyEncipherment + diff --git a/test/subca-ca/serial.txt b/test/subca-ca/serial.txt new file mode 100644 index 0000000..04db0ac --- /dev/null +++ b/test/subca-ca/serial.txt @@ -0,0 +1 @@ +0177 diff --git a/test/subca-ca/subca.cert b/test/subca-ca/subca.cert new file mode 100644 index 0000000..a5f95fb --- /dev/null +++ b/test/subca-ca/subca.cert @@ -0,0 +1,63 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 374 (0x176) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the root CA + Validity + Not Before: Nov 18 20:09:58 2009 GMT + Not After : Apr 5 20:09:58 2037 GMT + Subject: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subca CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ba:44:79:30:f9:57:b7:5a:8d:86:95:51:1c:5c: + 9d:f8:dd:e1:c7:e9:e3:d6:8e:9a:4d:7c:cc:0b:ef: + e2:85:99:8b:c1:df:7c:b4:41:60:6f:a6:55:0c:51: + cc:ed:d5:46:2a:64:24:a0:3a:d4:d1:ff:ef:44:20: + 07:c0:51:eb:67:ae:af:a7:d7:22:14:36:08:98:76: + 06:85:34:42:9f:30:23:0a:6b:f4:d5:47:38:67:54: + 0a:92:1b:33:5c:37:cb:e7:7c:76:94:45:ad:45:23: + 6c:b1:0c:80:5b:00:bc:4e:83:44:cc:0a:a0:a7:dd: + ef:59:ca:da:02:73:d6:f4:b3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 97:58:6D:62:00:14:32:1C:0E:B1:6F:89:3B:3C:92:A9:95:15:8A:05 + X509v3 Authority Key Identifier: + keyid:2D:F3:DE:73:35:35:2C:69:EB:A1:4E:EF:FE:6B:94:6E:37:3C:F5:31 + DirName:/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA + serial:EC:27:F9:B7:5E:38:FE:E5 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Signature Algorithm: md5WithRSAEncryption + 6c:03:5f:54:ba:53:fd:b4:fe:42:f5:96:1f:4d:98:64:11:6b: + 7c:95:8e:e6:91:22:a8:b7:d5:0a:5c:50:6f:16:ea:51:f2:aa: + 18:30:9a:55:1d:af:10:be:38:79:d7:eb:b9:2f:94:14:c4:0b: + 37:21:b8:76:b7:df:96:67:c5:98:56:8c:d6:88:c6:8b:ba:6d: + 06:a4:bb:c1:ad:72:c7:96:ff:85:f5:d5:36:88:ac:10:15:66: + 04:44:04:54:98:be:db:6c:83:78:48:aa:2a:52:9f:85:81:71: + 50:b7:af:22:2a:7c:f8:b8:94:bf:35:0e:6b:57:61:14:22:66: + 7c:6b +-----BEGIN CERTIFICATE----- +MIIC+TCCAmKgAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWjELMAkGA1UEBhMCVUcx +DzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxh +eGF0aW9uMRQwEgYDVQQDEwt0aGUgcm9vdCBDQTAeFw0wOTExMTgyMDA5NThaFw0z +NzA0MDUyMDA5NThaMFsxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzAN +BgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjEVMBMGA1UEAxMMdGhl +IHN1YmNhIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6RHkw+Ve3Wo2G +lVEcXJ343eHH6ePWjppNfMwL7+KFmYvB33y0QWBvplUMUczt1UYqZCSgOtTR/+9E +IAfAUetnrq+n1yIUNgiYdgaFNEKfMCMKa/TVRzhnVAqSGzNcN8vnfHaURa1FI2yx +DIBbALxOg0TMCqCn3e9ZytoCc9b0swIDAQABo4HMMIHJMAwGA1UdEwQFMAMBAf8w +HQYDVR0OBBYEFJdYbWIAFDIcDrFviTs8kqmVFYoFMIGMBgNVHSMEgYQwgYGAFC3z +3nM1NSxp66FO7/5rlG43PPUxoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG +VHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDAS +BgNVBAMTC3RoZSByb290IENBggkA7Cf5t144/uUwCwYDVR0PBAQDAgEGMA0GCSqG +SIb3DQEBBAUAA4GBAGwDX1S6U/20/kL1lh9NmGQRa3yVjuaRIqi31QpcUG8W6lHy +qhgwmlUdrxC+OHnX67kvlBTECzchuHa335ZnxZhWjNaIxou6bQaku8GtcseW/4X1 +1TaIrBAVZgREBFSYvttsg3hIqipSn4WBcVC3ryIqfPi4lL81DmtXYRQiZnxr +-----END CERTIFICATE----- diff --git a/test/subca-ca/subca.namespaces b/test/subca-ca/subca.namespaces new file mode 100644 index 0000000..f372f3a --- /dev/null +++ b/test/subca-ca/subca.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/subca-ca/subca.p12 b/test/subca-ca/subca.p12 new file mode 100644 index 0000000..c0a9358 Binary files /dev/null and b/test/subca-ca/subca.p12 differ diff --git a/test/subca-ca/subca.priv b/test/subca-ca/subca.priv new file mode 100644 index 0000000..c449abc --- /dev/null +++ b/test/subca-ca/subca.priv @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC6RHkw+Ve3Wo2GlVEcXJ343eHH6ePWjppNfMwL7+KFmYvB33y0 +QWBvplUMUczt1UYqZCSgOtTR/+9EIAfAUetnrq+n1yIUNgiYdgaFNEKfMCMKa/TV +RzhnVAqSGzNcN8vnfHaURa1FI2yxDIBbALxOg0TMCqCn3e9ZytoCc9b0swIDAQAB +AoGAB3GTEkT0n2wr+bPf4O1GltpvGmkbZMigG/afxN5aRBKFxkKjHiT6sJuKDIr8 +UIjUW/9Sg2C2fonmyucoyCO9735TR7JTeIiEsrTWKI2OR2rMtvLyUV1x7MzfZtw+ +uIolrukbMD0a5RKKnAI1PqLVqgIDp8nSCbG7r8LLRvF3MGkCQQDfx4lSVZ5deHvy +H33QOqIekglKHesF6tin4J6xHN7l1bi76FpYQuOBmI4EuQfatlej/CbASt5vPFHj ++QxJXkCHAkEA1RZA9tpzslI3JeIBdMMtWRrBPRW8b1BFL7Y+hNBT/Gk5uG7Q0giE +4FH7Q95Phi1fMy8OIGskpyj2psC7DdGRdQJAf6nKAZquugxeSYcFs6F/k4kkm4/t +4HZWG4/deJVL5DrFJQ4tXGTsfaaWfsNAY9narcbQJKuRskvrO+98vu5ySQJAd//X +R+0P2K1aJzhWj5XWtOZPSoIyIxG2VL8yCAN2OKBdhBLMAGwRwG4KrVbFvA9THHT0 +ZKdR9d0owhGphYeufQJBANnY/Uc437oWe7qd/Kssai0omuGTswxztOZWWr4dAokP +9A18VsU3gSmFGMK6OCmtJcX6R3pO3FvuVSqtQz+HTLY= +-----END RSA PRIVATE KEY----- diff --git a/test/subca-ca/subca.req b/test/subca-ca/subca.req new file mode 100644 index 0000000..8cfc5b1 --- /dev/null +++ b/test/subca-ca/subca.req @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0G +A1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRUwEwYDVQQDEwx0aGUg +c3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALpEeTD5V7dajYaV +URxcnfjd4cfp49aOmk18zAvv4oWZi8HffLRBYG+mVQxRzO3VRipkJKA61NH/70Qg +B8BR62eur6fXIhQ2CJh2BoU0Qp8wIwpr9NVHOGdUCpIbM1w3y+d8dpRFrUUjbLEM +gFsAvE6DRMwKoKfd71nK2gJz1vSzAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQCK +08BejkSBKvmzprupFEkKdaKcu+dDthDDpNGDrGJsYzIM/w4KU8PBQYZ1899YBu02 +TtusdVST6k8Q1uE35qdcd/hHRqRanQM8Vbzfzwoi2iOhUVvERW9/rEfdJ2HeiPzg +550HXO/kRbMOiATQEqNz5JcXWCS64raA7D9X7Y0jIQ== +-----END CERTIFICATE REQUEST----- diff --git a/test/subca-ca/subca.signing_policy b/test/subca-ca/subca.signing_policy new file mode 100644 index 0000000..0ef698a --- /dev/null +++ b/test/subca-ca/subca.signing_policy @@ -0,0 +1,4 @@ +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/subsubca-ca/index.txt b/test/subsubca-ca/index.txt new file mode 100644 index 0000000..e69de29 diff --git a/test/subsubca-ca/req_conf.cnf b/test/subsubca-ca/req_conf.cnf new file mode 100644 index 0000000..2262038 --- /dev/null +++ b/test/subsubca-ca/req_conf.cnf @@ -0,0 +1,92 @@ +### req command + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] + +[ ca_cert_req ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign + +#[ serial_cert_req ] +#serialNumber = 12341324 + +#[ email_cert_req ] +#emailAddress = test@home.org + +#[ uid_cert_req ] +#userId = testuserid + +[ proxy_cert_req ] + +[ proxy_proxy_cert_req ] + +#### ca command + +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CASROOT/$ENV::CATYPE-ca +database = $dir/index.txt +serial = $dir/serial.txt +default_md = sha1 + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + +policy = policy_any + +[policy_any] +countryName = supplied +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +userId = optional +serialNumber = optional + +[ ca_cert ] +basicConstraints = CA:TRUE + + +[ ca_server ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +# For an object signing certificate this would be used. +# nsCertType = objsign + +[ ca_altname ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com + +[ ca_client ] +# For normal client use this is typical +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" + +[ ca_clientserver ] +# For normal client use this is typical +nsCertType = server, client, email +nsComment = "OpenSSL Generated Client Server Certificate" + +[ ca_fclient ] +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +nsComment = "OpenSSL Generated Client Certificate with key usage" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate without Flags" + +[ proxy_none ] +keyUsage = critical,digitalSignature,keyEncipherment + diff --git a/test/subsubca-ca/serial.txt b/test/subsubca-ca/serial.txt new file mode 100644 index 0000000..3dcc795 --- /dev/null +++ b/test/subsubca-ca/serial.txt @@ -0,0 +1 @@ +0176 diff --git a/test/subsubca-ca/subsubca.cert b/test/subsubca-ca/subsubca.cert new file mode 100644 index 0000000..fc5eca4 --- /dev/null +++ b/test/subsubca-ca/subsubca.cert @@ -0,0 +1,63 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 374 (0x176) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subca CA + Validity + Not Before: Nov 18 20:09:58 2009 GMT + Not After : Apr 5 20:09:58 2037 GMT + Subject: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subsubca CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:e9:4b:ca:3a:8f:65:d5:44:72:1f:21:9a:16:42: + 61:e7:67:93:38:13:cc:c2:0d:81:dc:ff:fe:8d:c4: + c1:a1:57:c1:43:64:18:bd:a2:22:0b:fd:51:84:12: + a2:b7:86:f2:1c:a0:dd:b2:e9:01:53:43:e2:c7:de: + 44:ea:41:97:85:08:91:b4:f9:b8:f8:1e:da:e9:a2: + 3c:1b:4e:33:8d:1a:05:d8:3a:40:21:f6:9d:2a:84: + c7:f6:10:8c:ea:21:2c:40:cc:a1:c8:6e:1e:76:c3: + 0d:21:ec:8f:fc:76:62:d8:78:ae:e1:11:9d:3c:66: + c3:56:bc:bb:8f:87:d2:2c:4b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 03:4A:F7:6F:2F:37:6B:B7:24:C1:92:6E:FB:54:26:42:C1:84:20:26 + X509v3 Authority Key Identifier: + keyid:97:58:6D:62:00:14:32:1C:0E:B1:6F:89:3B:3C:92:A9:95:15:8A:05 + DirName:/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA + serial:01:76 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Signature Algorithm: md5WithRSAEncryption + ae:93:74:7c:61:3d:7c:38:c3:95:f8:48:71:33:6f:2b:00:eb: + 35:bb:5d:f2:0c:09:10:bf:07:48:ef:3f:10:d8:a9:ae:c8:74: + 82:12:18:01:6d:ce:b7:28:9b:6c:b1:b0:74:e5:b6:70:c4:d0: + 47:22:8b:ed:40:d8:79:d9:8a:93:03:94:cf:12:27:b9:06:ce: + e2:e8:a2:42:89:97:e0:12:e7:7f:0c:93:38:6f:56:4c:ca:6b: + 0a:23:df:6c:37:5e:32:1f:13:0f:2b:59:df:f3:e4:8c:80:8f: + c8:4e:01:f2:3a:20:87:be:15:96:ef:cf:94:8d:9a:79:35:bb: + f2:22 +-----BEGIN CERTIFICATE----- +MIIC9DCCAl2gAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCVUcx +DzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxh +eGF0aW9uMRUwEwYDVQQDEwx0aGUgc3ViY2EgQ0EwHhcNMDkxMTE4MjAwOTU4WhcN +MzcwNDA1MjAwOTU4WjBeMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8w +DQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xGDAWBgNVBAMTD3Ro +ZSBzdWJzdWJjYSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6UvKOo9l +1URyHyGaFkJh52eTOBPMwg2B3P/+jcTBoVfBQ2QYvaIiC/1RhBKit4byHKDdsukB +U0Pix95E6kGXhQiRtPm4+B7a6aI8G04zjRoF2DpAIfadKoTH9hCM6iEsQMyhyG4e +dsMNIeyP/HZi2Hiu4RGdPGbDVry7j4fSLEsCAwEAAaOBwzCBwDAMBgNVHRMEBTAD +AQH/MB0GA1UdDgQWBBQDSvdvLzdrtyTBkm77VCZCwYQgJjCBgwYDVR0jBHwweoAU +l1htYgAUMhwOsW+JOzySqZUVigWhXqRcMFoxCzAJBgNVBAYTAlVHMQ8wDQYDVQQH +EwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjEU +MBIGA1UEAxMLdGhlIHJvb3QgQ0GCAgF2MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B +AQQFAAOBgQCuk3R8YT18OMOV+EhxM28rAOs1u13yDAkQvwdI7z8Q2KmuyHSCEhgB +bc63KJtssbB05bZwxNBHIovtQNh52YqTA5TPEie5Bs7i6KJCiZfgEud/DJM4b1ZM +ymsKI99sN14yHxMPK1nf8+SMgI/ITgHyOiCHvhWW78+UjZp5NbvyIg== +-----END CERTIFICATE----- diff --git a/test/subsubca-ca/subsubca.namespaces b/test/subsubca-ca/subsubca.namespaces new file mode 100644 index 0000000..9089949 --- /dev/null +++ b/test/subsubca-ca/subsubca.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/subsubca-ca/subsubca.p12 b/test/subsubca-ca/subsubca.p12 new file mode 100644 index 0000000..5ea8e3f Binary files /dev/null and b/test/subsubca-ca/subsubca.p12 differ diff --git a/test/subsubca-ca/subsubca.priv b/test/subsubca-ca/subsubca.priv new file mode 100644 index 0000000..ecc8a89 --- /dev/null +++ b/test/subsubca-ca/subsubca.priv @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDpS8o6j2XVRHIfIZoWQmHnZ5M4E8zCDYHc//6NxMGhV8FDZBi9 +oiIL/VGEEqK3hvIcoN2y6QFTQ+LH3kTqQZeFCJG0+bj4HtrpojwbTjONGgXYOkAh +9p0qhMf2EIzqISxAzKHIbh52ww0h7I/8dmLYeK7hEZ08ZsNWvLuPh9IsSwIDAQAB +AoGAWUWNLvdsaj10xgDfq6DfQeNabFz3P1JX3S+AQtOFnK2t4JHO/dGq4Zeft8BB +z6StxNKxwyJyRWB2yTB+gn1y8tQaTUIgihKKNOLb0gAKH71VNucFAidSYGqWZG6l +IOAHvd8kJDteqAKzsHn8xSB/IPeKg27IiUAep6ozUhaRn+ECQQD0tNWt+M8os1hY +F1OEmaMJeMPte6mQ75TngYMLs0feKERMIVw6mmCp7LioEFRj3IU/TVrzHXCEReKE +095vl2QpAkEA9BAk5AR4jb4kxB+1Wl84PoTUJkNi76/VOMHqqxWKR/2ohUyiBgov +2YMxk0CEmKg99sSS6Cv3fLx1/GGn41V7UwJAGiq8Lr5MaK3E5KaZ57QGGx0u1lZC +65yy746J1NZ2+OqVYw6uLhYUABewJ0iXvZX3Ka277ANZ5MsUTd/aCVTHAQJBANWc +i61GfH0SvvspBYFjdcbCWyxiLmW6b9SNZOb4o17/FFAXEnhW0ip+ORW4klVKa3Ff ++3RZhvMVv+51SowedSECQQDCg5KIpLI/a1MIciiSsamypdGdDU8B/HshrHm1ZUJ1 +b7dc3pffJwtOlQiwzX5Ihwxx4lW0eY+Xo8i2abhpPXun +-----END RSA PRIVATE KEY----- diff --git a/test/subsubca-ca/subsubca.req b/test/subsubca-ca/subsubca.req new file mode 100644 index 0000000..9d0bb27 --- /dev/null +++ b/test/subsubca-ca/subsubca.req @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBnjCCAQcCAQAwXjELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0G +A1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRgwFgYDVQQDEw90aGUg +c3Vic3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOlLyjqPZdVE +ch8hmhZCYednkzgTzMINgdz//o3EwaFXwUNkGL2iIgv9UYQSoreG8hyg3bLpAVND +4sfeROpBl4UIkbT5uPge2umiPBtOM40aBdg6QCH2nSqEx/YQjOohLEDMochuHnbD +DSHsj/x2Yth4ruERnTxmw1a8u4+H0ixLAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB +gQB15WCrFk3RykaCyJjnoToQfi72KkPr0ZpK4AjtGiTx1TepFFcXzgyU+1jtbTzv +v8Wo0En5wzi7CzHJnFHfwhPF3fkNf6F6WbF+tC1O9XQ4fzqpvlYIbxS11I6VeLwb +X1Owgu3ns9lhgVtqRjohEYDveoi8NdJVtC/iCKe46IBtkg== +-----END CERTIFICATE REQUEST----- diff --git a/test/subsubca-ca/subsubca.signing_policy b/test/subsubca-ca/subsubca.signing_policy new file mode 100644 index 0000000..5617cb1 --- /dev/null +++ b/test/subsubca-ca/subsubca.signing_policy @@ -0,0 +1,4 @@ +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/trusted-ca/ca_conf.cnf b/test/trusted-ca/ca_conf.cnf deleted file mode 100644 index ae6294c..0000000 --- a/test/trusted-ca/ca_conf.cnf +++ /dev/null @@ -1,71 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt -default_md = sha1 - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -serialNumber = optional -userId = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - - -[ ca_server ] -# This is OK for an SSL server. -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" - -# For an object signing certificate this would be used. -# nsCertType = objsign - -[ ca_altname ] -# This is OK for an SSL server. -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" - -# For an object signing certificate this would be used. -# nsCertType = objsign -subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com - -[ ca_client ] -# For normal client use this is typical -nsCertType = client, email -nsComment = "OpenSSL Generated Client Certificate" - -[ ca_clientserver ] -# For normal client use this is typical -nsCertType = server, client, email -nsComment = "OpenSSL Generated Client Server Certificate" - -# and for everything including object signing: -# nsCertType = client, email, objsign - -[ ca_fclient ] -# This is typical in keyUsage for a client certificate. -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ ca_none ] -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ proxy_none ] -keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/trusted-ca/ca_proxy_conf.cnf b/test/trusted-ca/ca_proxy_conf.cnf deleted file mode 100644 index 465a9a0..0000000 --- a/test/trusted-ca/ca_proxy_conf.cnf +++ /dev/null @@ -1,27 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index_proxy.txt -serial = $dir/serial_proxy.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - -[ proxy_none ] - diff --git a/test/trusted-ca/req_conf_email.cnf b/test/trusted-ca/req_conf_email.cnf deleted file mode 100644 index fdcd280..0000000 --- a/test/trusted-ca/req_conf_email.cnf +++ /dev/null @@ -1,33 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -emailAddress = test@home.org - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/trusted-ca/req_conf_sn.cnf b/test/trusted-ca/req_conf_sn.cnf deleted file mode 100644 index 99e8218..0000000 --- a/test/trusted-ca/req_conf_sn.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UK - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -#emailAddress = Email Address - -serialNumber = 12341324 - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/trusted-ca/req_conf_uid.cnf b/test/trusted-ca/req_conf_uid.cnf deleted file mode 100644 index 8b2092e..0000000 --- a/test/trusted-ca/req_conf_uid.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -userId = testuserid - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/trusted-ca/req_proxy_conf.cnf b/test/trusted-ca/req_proxy_conf.cnf deleted file mode 100644 index 61a1812..0000000 --- a/test/trusted-ca/req_proxy_conf.cnf +++ /dev/null @@ -1,46 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -[ req ] - -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -# ca_cert = CA_cert - -[ req_distinguished_name ] - -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] - -[ CA_cert] - -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/trusted-ca/req_proxy_proxy_conf.cnf b/test/trusted-ca/req_proxy_proxy_conf.cnf deleted file mode 100644 index f95b0ca..0000000 --- a/test/trusted-ca/req_proxy_proxy_conf.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -2.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/trusted-ca/trusted.namespaces b/test/trusted-ca/trusted.namespaces new file mode 100644 index 0000000..fce2bf0 --- /dev/null +++ b/test/trusted-ca/trusted.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the trusted CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the trusted CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/trusted-ca/trusted.signing_policy b/test/trusted-ca/trusted.signing_policy new file mode 100644 index 0000000..56f2207 --- /dev/null +++ b/test/trusted-ca/trusted.signing_policy @@ -0,0 +1,4 @@ +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the trusted CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the trusted CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"'