From: Joni Hahkala Date: Fri, 25 Jun 2010 22:18:42 +0000 (+0000) Subject: add bad ca, remove old files X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=8ae9f1395539ba4d261617343214d9478b12d30a;p=glite-security-test-utils.git add bad ca, remove old files --- diff --git a/test/bad-ca/bad.cert b/test/bad-ca/bad.cert new file mode 100644 index 0000000..6287061 --- /dev/null +++ b/test/bad-ca/bad.cert @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/zCCAmigAwIBAgIJAJ4hwgDLvpEpMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV +BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE +CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJhZCBDQTAeFw0xMDA2MjUyMjEy +MTFaFw0zNzExMTAyMjEyMTFaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w +aWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjETMBEGA1UE +AxMKdGhlIGJhZCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyr9blLti +ikrL64vCRn394ISlaEMVpUYTQaWEo0rBQk4McvGTNJdpaFw1y/8k8gpQn0knpMnu +vnPI461QNjaL6LYnUZiKPbnrIjVgxBpIVWRIeq5BCycJ6CM8bcwbkMk8Lmh7d0ED +JaBrf086F7HeLupx4s5xekawZCdYcbADrJ8CAwEAAaOBzjCByzAMBgNVHRMEBTAD +AQH/MB0GA1UdDgQWBBQboo1tr9iap/o8oR7I2D7+ZSPoFDCBiwYDVR0jBIGDMIGA +gBQboo1tr9iap/o8oR7I2D7+ZSPoFKFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNV +BAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9u +MRMwEQYDVQQDEwp0aGUgYmFkIENBggkAniHCAMu+kSkwDgYDVR0PAQH/BAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4GBAL+xTR559iYKmUaO5mvOmQ2Z2kZ2ujRk9YRtKucx +OQsCQVj8rMIMMeKmlNRkgF7cOX5yomu9IKkXt9dOKjtKh4wgSEAwBjVAkcY6QTRU +B56sL7jutBPhneeWapUcYDJ+yEeJFwKqpDJgX+zJPlYPK22ZZDPAQNj3+8qWjtB8 +AYBq +-----END CERTIFICATE----- diff --git a/test/bad-ca/bad.namespaces b/test/bad-ca/bad.namespaces new file mode 100644 index 0000000..9da4f08 --- /dev/null +++ b/test/bad-ca/bad.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/bad-ca/bad.p12 b/test/bad-ca/bad.p12 new file mode 100644 index 0000000..8a26792 Binary files /dev/null and b/test/bad-ca/bad.p12 differ diff --git a/test/bad-ca/bad.priv b/test/bad-ca/bad.priv new file mode 100644 index 0000000..67f0ca2 --- /dev/null +++ b/test/bad-ca/bad.priv @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDKv1uUu2KKSsvri8JGff3ghKVoQxWlRhNBpYSjSsFCTgxy8ZM0 +l2loXDXL/yTyClCfSSekye6+c8jjrVA2NovotidRmIo9uesiNWDEGkhVZEh6rkEL +JwnoIzxtzBuQyTwuaHt3QQMloGt/TzoXsd4u6nHiznF6RrBkJ1hxsAOsnwIDAQAB +AoGBAJb0+582FhyZrFNo7/HEhW7R1MZYjJlOH7BVKPjcBCD2M9axf8U8p0MIxRVq +l3uPqo+uzFGp+JTdaMn8lSiIXIpIAjWgjrrB0CfAliNYfI/R/X5E69FuU7hoKdlr +tApVHbkpkskmydrNAuoXSaEOW1XYCo5COSAp/+Zon8PWldthAkEA973pHV9FXJBM +p7jRTzZacKEaGHzIX8y+26LXA3ptMSZ59YOoT2yWzX8KTCsQqGlzLvl+eW0CdWQ1 +eaV9k0ojgwJBANGBfZ6sU8t91FpxIpWEI4uEik/qoXPrzsqkOGIxQW3crQDEINH3 +6+ZY2dsapsxdm0ATEA0Kf9FMGKQjqc/TW7UCQQCVe8nFJ0864vbd3O6u1SUNAKg2 +TlS5OVmQPVlvh9eK6KR+N8q+4c68gAM+ol2SwM33ciOWMOhi3OxHUkvLK9jxAkEA +0M1zCsKLnUMicqVRJ50T5AhL5Uxeb280oYg8XbjjkgAfOKVAZKPoK6KgNhwA46vj +gF+/Xo/5RfrGkEivBN+NBQJAIWDK8Hg6DErzemxIeqYa7JKxk+DwN0liPeb577Al +5fRGvlhbKUpR/ot42OC7GqCgXfbLsMf28EzW0aJyRFZVoQ== +-----END RSA PRIVATE KEY----- diff --git a/test/bad-ca/bad.signing_policy b/test/bad-ca/bad.signing_policy new file mode 100644 index 0000000..f01254c --- /dev/null +++ b/test/bad-ca/bad.signing_policy @@ -0,0 +1,4 @@ +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/bad-ca/index.txt b/test/bad-ca/index.txt new file mode 100644 index 0000000..e69de29 diff --git a/test/bad-ca/req_conf.cnf b/test/bad-ca/req_conf.cnf new file mode 100644 index 0000000..4d796dd --- /dev/null +++ b/test/bad-ca/req_conf.cnf @@ -0,0 +1,112 @@ +### req command + +oid_section = new_oids + +[ new_oids ] +limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9 + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] + +[ ca_cert_req ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = critical, cRLSign, keyCertSign + +[ ca_cert_req_nokeyusage ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = critical, cRLSign + +[ proxy_cert_req ] + +[ proxy_proxy_cert_req ] + +#### ca command + +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CASROOT/bad-ca +database = $dir/index.txt +serial = $dir/serial.txt +default_md = sha1 + +certificate = $dir/bad.cert +private_key = $dir/bad.priv + +policy = policy_any + +[policy_any] +countryName = supplied +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +userId = optional +serialNumber = optional + +[ ca_cert ] +basicConstraints = CA:TRUE + + +[ ca_server ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +# For an object signing certificate this would be used. +# nsCertType = objsign + +[ ca_altname ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com + +[ ca_client ] +# For normal client use this is typical +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" + +[ ca_clientserver ] +# For normal client use this is typical +nsCertType = server, client, email +nsComment = "OpenSSL Generated Client Server Certificate" + +[ ca_fclient ] +# This is typical in keyUsage for a client certificate. +basicConstraints = CA:false +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +nsComment = "OpenSSL Generated Client Certificate with key usage" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate without Flags" + +[ proxy_none ] +keyUsage = critical,digitalSignature,keyEncipherment + +[ proxy_invalid_usage ] +keyUsage = critical,keyEncipherment + +[ proxy_rfc_pathLen1 ] +proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1 + +[ proxy_rfc ] +proxyCertInfo=critical,language:id-ppl-inheritAll + +[ proxy_rfc_anypolicy ] +proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB + +[ proxy_rfc_independent ] +proxyCertInfo=critical,language:id-ppl-independent,pathlen:1 + +[ proxy_rfc_limited ] +proxyCertInfo=critical,language:limitedProxyOid diff --git a/test/bad-ca/serial.txt b/test/bad-ca/serial.txt new file mode 100644 index 0000000..3dcc795 --- /dev/null +++ b/test/bad-ca/serial.txt @@ -0,0 +1 @@ +0176 diff --git a/test/root-ca/index.txt.attr b/test/root-ca/index.txt.attr deleted file mode 100644 index 8f7e63a..0000000 --- a/test/root-ca/index.txt.attr +++ /dev/null @@ -1 +0,0 @@ -unique_subject = yes diff --git a/test/subca-ca/index.txt.attr b/test/subca-ca/index.txt.attr deleted file mode 100644 index 8f7e63a..0000000 --- a/test/subca-ca/index.txt.attr +++ /dev/null @@ -1 +0,0 @@ -unique_subject = yes