From 3772e32069210b3630856754148dcc86976e3223 Mon Sep 17 00:00:00 2001 From: Joni Hahkala Date: Wed, 9 Dec 2009 17:39:06 +0000 Subject: [PATCH] -less unnecessary cert for other than trusted ca -rfc test certs -all non-fake cas in grid-security/certificates directory -regenrated cas to enable changes --- bin/generate-ca-certificates-for-cvs.sh | 30 +- bin/generate-test-certificates.sh | 602 +++++++++++++++++--------------- config/req_conf.cnf | 30 +- test/big-ca/big.cert | 102 +++--- test/big-ca/big.p12 | Bin 7621 -> 7629 bytes test/big-ca/big.priv | 194 +++++----- test/big-ca/req_conf.cnf | 43 ++- test/expired-ca/expired.cert | 26 +- test/expired-ca/expired.p12 | Bin 1797 -> 1797 bytes test/expired-ca/expired.priv | 26 +- test/expired-ca/req_conf.cnf | 43 ++- test/fake-ca/fake.cert | 28 +- test/fake-ca/fake.p12 | Bin 1789 -> 1789 bytes test/fake-ca/fake.priv | 26 +- test/fake-ca/req_conf.cnf | 43 ++- test/nokeyusage-ca/nokeyusage.cert | 24 +- test/nokeyusage-ca/nokeyusage.p12 | Bin 1805 -> 1813 bytes test/nokeyusage-ca/nokeyusage.priv | 26 +- test/nokeyusage-ca/req_conf.cnf | 43 ++- test/root-ca/index.txt | 1 - test/root-ca/req_conf.cnf | 43 ++- test/root-ca/root.cert | 28 +- test/root-ca/root.p12 | Bin 1789 -> 1789 bytes test/root-ca/root.priv | 26 +- test/root-ca/serial.txt | 2 +- test/subca-ca/index.txt | 2 +- test/subca-ca/req_conf.cnf | 43 ++- test/subca-ca/subca.cert | 72 ++-- test/subca-ca/subca.p12 | Bin 1781 -> 1789 bytes test/subca-ca/subca.priv | 26 +- test/subca-ca/subca.req | 14 +- test/subsubca-ca/index.txt | 1 + test/subsubca-ca/req_conf.cnf | 43 ++- test/subsubca-ca/serial.txt | 2 +- test/subsubca-ca/subsubca.cert | 70 ++-- test/subsubca-ca/subsubca.p12 | Bin 1781 -> 1781 bytes test/subsubca-ca/subsubca.priv | 26 +- test/subsubca-ca/subsubca.req | 14 +- test/trusted-ca/req_conf.cnf | 43 ++- test/trusted-ca/trusted.cert | 26 +- test/trusted-ca/trusted.p12 | Bin 1797 -> 1797 bytes test/trusted-ca/trusted.priv | 26 +- 42 files changed, 1022 insertions(+), 772 deletions(-) diff --git a/bin/generate-ca-certificates-for-cvs.sh b/bin/generate-ca-certificates-for-cvs.sh index aebb19e..fa72f8c 100755 --- a/bin/generate-ca-certificates-for-cvs.sh +++ b/bin/generate-ca-certificates-for-cvs.sh @@ -15,9 +15,10 @@ CONFIGDIR=$PWD/$(dirname $0)/../config BASEDIR=$PWD/$(dirname $0)/../test -CONFIGFILES="index.txt serial.txt req_conf.cnf" +CONFIGFILES="index.txt serial.txt" PASSWORD='changeit' CATYPES='trusted fake big expired nokeyusage root subca subsubca' +#CATYPES='trusted fake expired nokeyusage root subca subsubca' BIG_BITS=8192 SMALL_BITS=1024 @@ -34,6 +35,8 @@ function create_ca { cp $CONFIGDIR/$config . done + sed "s/\$ENV::CATYPE/${catype}/" <$CONFIGDIR/req_conf.cnf > req_conf.cnf + if [ "$catype" = "big" ]; then BITS=$BIG_BITS else @@ -83,7 +86,7 @@ EOF function generate_ca_cert { catype=$1 # current CA to generate - export CATYPE=$2 # parent CA if applicable + parenttype=$2 # parent CA if applicable DAYS=$3 # days flag selfsign=$4 # whether to generate self signed CA or hierarchical bits=$5 # number of bits for the CA cert @@ -103,18 +106,29 @@ function generate_ca_cert { echo CA certificate request generation failed! exit 1 fi + echo `pwd` openssl ca -in ${catype}.req -out ${catype}.cert -outdir . \ - -md md5 -config req_conf.cnf -batch -extensions ca_cert_req ${DAYS} + -md md5 -cert $CASROOT/$parenttype-ca/$parenttype.cert -keyfile $CASROOT/$parenttype-ca/$parenttype.priv \ + -config req_conf.cnf -batch -extensions ca_cert_req ${DAYS} if [ $? -ne "0" ]; then echo CA certificate signing failed! exit 1 fi else - openssl req -new -x509 -out ${catype}.cert $DAYS -nodes \ - -keyout ${catype}.priv -config req_conf.cnf -newkey rsa:$bits -extensions ca_cert_req -subj "${dn}" - if [ $? -ne "0" ]; then - echo CA certificate generation failed! - exit 1 + if [ x$catype == "xnokeyusage" ]; then + openssl req -new -x509 -out ${catype}.cert $DAYS -nodes \ + -keyout ${catype}.priv -config req_conf.cnf -newkey rsa:$bits -extensions ca_cert_req_nokeyusage -subj "${dn}" + if [ $? -ne "0" ]; then + echo CA certificate generation failed! + exit 1 + fi + else + openssl req -new -x509 -out ${catype}.cert $DAYS -nodes \ + -keyout ${catype}.priv -config req_conf.cnf -newkey rsa:$bits -extensions ca_cert_req -subj "${dn}" + if [ $? -ne "0" ]; then + echo CA certificate generation failed! + exit 1 + fi fi fi diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh index fe1fa98..24c4d8b 100755 --- a/bin/generate-test-certificates.sh +++ b/bin/generate-test-certificates.sh @@ -30,7 +30,7 @@ function create_cert { dn="/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=$2" - echo "Creating a cert for '$CN' in files named $filebase.(cert|priv)" + echo "Creating a cert for '$2' in files named $filebase.(cert|priv)" echo " with $flags flags and $validity days validity time" if [ -r "$filebase.cert" -o -r "$filebase.priv" ]; then @@ -114,19 +114,10 @@ function create_cert { exit 1 fi - # Get the serial number of the certificate that will eventually sign the proxy. - # Put it into a temporary file to be read by the ca command later. - -# SERIAL=$(openssl x509 -in ${filebase}.cert -noout -serial | sed 's/^serial=//') -# echo ${SERIAL} > ${CA_DIR}/serial_proxy.txt - # cat ${CA_DIR}/serial_proxy.txt - - # some minor cleanup -# rm $filebase.req - create_p12 $filebase } +# create_cert_proxy "file base (signer)" "ignored" "added part to filename" "CN part to add" "days" function create_cert_proxy { filebase=$1 @@ -135,6 +126,8 @@ function create_cert_proxy { ending="grid_proxy" + echo "##### creating proxy $1.$3.$ending" + # This really depends on if we make a proxy or a proxy-proxy X509_SIGNING_CERT=${filebase}.cert X509_SIGNING_KEY=${filebase}.priv @@ -144,7 +137,11 @@ function create_cert_proxy { X509_PROX_REQ=${filebase}.${ident}.req X509_PROX_GRID=${filebase}.${ident}.${ending} - dn="`openssl x509 -in ${X509_SIGNING_CERT} -subject -noout| sed 's/^subject= //'`/CN=$4" + if [ x$ident == "xproxy_dnerror2" ]; then + dn="`openssl x509 -in ${X509_SIGNING_CERT} -subject -noout| sed 's/^subject= //'` dnerror2/CN=$4" + else + dn="`openssl x509 -in ${X509_SIGNING_CERT} -subject -noout| sed 's/^subject= //'`/CN=$4" + fi echo "Creating a proxy cert ${X509_PROX_CERT} for '$dn" echo " in files named $filebase.(cert|priv)" @@ -156,11 +153,6 @@ function create_cert_proxy { return fi - - # Have to 'edit' the ca database to remove the entry for the signing certificate. - # maybe no need... make a dummy database, touch and then delete afterwards... -# touch ${CA_DIR}/index_proxy.txt - # instead save the ones for real certs and copy the ones saved before and use them and later switch back cp ${CA_DIR}/index.txt ${CA_DIR}/index_cert_save.txt cp ${CA_DIR}/serial.txt ${CA_DIR}/serial_cert_save.txt @@ -186,7 +178,6 @@ function create_cert_proxy { fi # Sign the cert request with the user cert and key. Set the serial number here! - CMD="openssl ca -verbose -in ${X509_PROX_REQ} \ -cert ${X509_SIGNING_CERT} \ -keyfile ${X509_SIGNING_KEY} \ @@ -195,6 +186,27 @@ function create_cert_proxy { -preserveDN \ -config ${REQ_CONFIG_FILE} -md md5 -days ${validity} -batch \ -passin pass:${PASSWORD} -notext" + + case $ident in + proxy_rfc) + CMD="$CMD -extensions proxy_rfc" + ;; + proxy_rfc_anyp) + CMD="$CMD -extensions proxy_rfc_anypolicy" + ;; + proxy_rfc_indep) + CMD="$CMD -extensions proxy_rfc_independent" + ;; + proxy_rfc_lim) + CMD="$CMD -extensions proxy_rfc_limited" + ;; + proxy_rfc_plen) + CMD="$CMD -extensions proxy_rfc_pathLen1" + ;; + proxy_invKeyusage) + CMD="$CMD -extensions proxy_invalid_usage" + ;; + esac echo $CMD; $CMD if [ $? != 0 ]; then @@ -243,23 +255,43 @@ function create_cert_proxy { # copy the normal cert files back cp ${CA_DIR}/index_cert_save.txt ${CA_DIR}/index.txt cp ${CA_DIR}/serial_cert_save.txt ${CA_DIR}/serial.txt - - # Clean up stuff - # rm ${CA_DIR}/serial_proxy.txt ${CA_DIR}/index_proxy.txt - # most of the cleanup should be done in the create_cert_proxy_proxy function - # since some files need to be kept for signing purposes later! } +# create_cert_proxy "file base (signer)" "ignored" "added part to filename" "CN part to add" "days" +# create_cert_proxy_proxy "file base (signer)" "ignored" "added part to filename" "CN part to add" "days" "first proxy type" function create_cert_proxy_proxy { ending="grid_proxy" + echo "############## creating proxy-proxy $1.$6.$3.$ending" + create_cert_proxy $1.$6 "$2" $3 "$4" $5 + # adding in the original certificate to the chain. 03/06/05 + CMD="openssl x509 -in $1.cert >> \"$1.$6.$3.$ending\"" + echo "$CMD"; eval "$CMD" + + if [ $? != 0 ]; then + echo Proxy file generation failed! + exit 1 + fi +} + +# create_cert_proxy "file base (signer)" "ignored" "added part to filename" "CN part to add" "days" +# create_cert_proxy_proxy "file base (signer)" "ignored" "added part to filename" "CN part to add" "days" "first proxy type" +# create_cert_proxy_proxy_proxy "file base (signer)" "ignored" "added part to filename" "CN part to add" "days" "first proxy type" "second proxy type" +function create_cert_proxy_proxy_proxy { + + ending="grid_proxy" + + echo "############################ creating proxy-proxy-proxy $1.$6.$7.$3.$ending" + + create_cert_proxy_proxy $1.$6 "$2" $3 "$4" $5 $7 + # echo Appending $1.cert to "$1.$3.$6.$ending" # adding in the original certificate to the chain. 03/06/05 - CMD="openssl x509 -in $1.cert >> \"$1.$3.$6.$ending\"" + CMD="openssl x509 -in $1.cert >> \"$1.$6.$7.$3.$ending\"" echo "$CMD"; eval "$CMD" if [ $? != 0 ]; then @@ -352,21 +384,7 @@ function create_some { # generating CRL openssl ca -gencrl -crldays 10000 -out $CA_DIR/${catype}.crl -config $REQ_CONFIG_FILE - # make it user friendly - if [ ! -d 'grid-security/certificates' ]; then - mkdir -p 'grid-security/certificates' - fi - hash=$(openssl x509 -hash -noout -in $CA_DIR/${catype}.cert) - cp $CA_DIR/${catype}.cert grid-security/certificates/${hash}.0 - cp $CA_DIR/${catype}.crl grid-security/certificates/${hash}.r0 - # generating a signing_policy file - subject_name=$(openssl x509 -in $CA_DIR/${catype}.cert -subject -noout) - cat <grid-security/certificates/${hash}.signing_policy -# Signing policy file for the $(echo "$subject_name" | sed -e 's#^.*/CN=##') -access_id_CA X509 '${subject_name:9}' -pos_rights globus CA:sign -cond_subjects globus '"$(echo "${subject_name:9}" | sed -e 's#/CN=.*$##')/*"' -EOF + add_ca_grid_sec ${catype} cp $CERT_DIR/${catype}_host.cert grid-security/hostcert.pem openssl rsa -passin pass:$PASSWORD -in $CERT_DIR/${catype}_host.priv -out grid-security/hostkey.pem @@ -426,17 +444,30 @@ EOF fi } +# add a ca to the grid-security/certificates directory +function add_ca_grid_sec { -# create all certificates -function create_all { + if [ ! -d 'grid-security/certificates' ]; then + mkdir -p 'grid-security/certificates' + fi + hash=$(openssl x509 -hash -noout -in $CA_DIR/${catype}.cert) + cp $CA_DIR/${catype}.cert grid-security/certificates/${hash}.0 + cp $CA_DIR/${catype}.crl grid-security/certificates/${hash}.r0 + # generating a signing_policy file + subject_name=$(openssl x509 -in $CA_DIR/${catype}.cert -subject -noout) + cat <grid-security/certificates/${hash}.signing_policy +# Signing policy file for the $(echo "$subject_name" | sed -e 's#^.*/CN=##') +access_id_CA X509 '${subject_name:9}' +pos_rights globus CA:sign +cond_subjects globus '"$(echo "${subject_name:9}" | sed -e 's#/CN=.*$##')/*"' +EOF - # If we have the trusted CA, then generate a user cert/key pair - # And also a host cert/key pair. - if [ "$catype" == "trusted" ]; then - create_some - rm ${CA_DIR}/serial_proxy.txt; # touch ${CA_DIR}/serial_proxy.txt - fi +} + + +# create all certificates +function create_all { # create valid certs with proxies @@ -448,8 +479,17 @@ function create_all { create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_dnerror "dnerror proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_dnerror2 "proxy" $PROXY_VALIDITY create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_lim "limited proxy" $PROXY_VALIDITY create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc "rfc proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc_anyp "rfc any policy proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc_lim "limited rfc proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc_indep "rfc independent proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc_plen "rfc path len 1 proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_invKeyusage "proxy" $PROXY_VALIDITY + + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_dnerror "dnerror proxy" $PROXY_VALIDITY proxy create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_lim "limited proxy" $PROXY_VALIDITY proxy @@ -466,6 +506,14 @@ function create_all { create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy_exp create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc "rfc proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy_rfc + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc_lim "limited proxy" $PROXY_VALIDITY proxy_rfc + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc "rfc proxy" $PROXY_VALIDITY proxy_rfc_plen + + create_cert_proxy_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc "rfc proxy" $PROXY_VALIDITY proxy_rfc_plen proxy_rfc + + TYPE="clientbaddn" CTYPE="client with bad DN" @@ -484,224 +532,238 @@ function create_all { create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy - TYPE="clientserial" - CTYPE="client serial" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy - - TYPE="clientemail" - CTYPE="client email" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDIT $PROXY_VALIDITY proxy - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp - - TYPE="clientuid" - CTYPE="client UID" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp - - TYPE="fclient" - CTYPE="flag client" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp - - TYPE="bigclient" - CTYPE="bigclient" - TYPE2="client" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS 4096 - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp - - TYPE="verybigclient" - CTYPE="very big client" - TYPE2="client" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS 8192 - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp - - TYPE="server" - CTYPE="server" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp - - TYPE="host" - CTYPE="$HOSTNAME" - TYPE2="server" - - create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS - - TYPE="host_rev" - CTYPE="$HOSTNAME" - TYPE2="server" - - create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS - openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE - - - TYPE="host_exp" - CTYPE="$HOSTNAME" - TYPE2="server" - - create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} -1 - - TYPE="host_baddn" - CTYPE="$HOSTNAME" - TYPE2="hostbaddn" - - create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS - - TYPE="altname" - CTYPE="altname" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype\/xxx.foo.bar" ${TYPE} $DAYS - - TYPE="altname" - CTYPE="altname2" - - create_cert $CERT_DIR/${catype}_${TYPE}2 "xxx.foo.bar" ${TYPE} $DAYS - - TYPE="server" - CTYPE="server2" - - create_cert $CERT_DIR/${catype}_${TYPE}2 "xxx.foo.bar" ${TYPE} $DAYS - - TYPE="clientserver" - CTYPE="clientserver" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp - - TYPE="none" - CTYPE="none" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp - + if [ $catype == "trusted" ]; then + + TYPE="clientserial" + CTYPE="client serial" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy + + TYPE="clientemail" + CTYPE="client email" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDIT $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp + + TYPE="clientuid" + CTYPE="client UID" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp + + TYPE="fclient" + CTYPE="flag client" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp + + TYPE="bigclient" + CTYPE="bigclient" + TYPE2="client" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS 4096 + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp + + TYPE="verybigclient" + CTYPE="very big client" + TYPE2="client" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS 8192 + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp + + TYPE="server" + CTYPE="server" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp + + TYPE="host" + CTYPE="$HOSTNAME" + TYPE2="server" + + create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS + + TYPE="host_rev" + CTYPE="$HOSTNAME" + TYPE2="server" + + create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS + openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE + + + TYPE="host_exp" + CTYPE="$HOSTNAME" + TYPE2="server" + + create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} -1 + + TYPE="host_baddn" + CTYPE="$HOSTNAME" + TYPE2="hostbaddn" + + create_cert $CERT_DIR/${catype}_${TYPE} "${CTYPE}" ${TYPE2} $DAYS + + TYPE="altname" + CTYPE="altname" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype\/xxx.foo.bar" ${TYPE} $DAYS + + TYPE="altname" + CTYPE="altname2" + + create_cert $CERT_DIR/${catype}_${TYPE}2 "xxx.foo.bar" ${TYPE} $DAYS + + TYPE="server" + CTYPE="server2" + + create_cert $CERT_DIR/${catype}_${TYPE}2 "xxx.foo.bar" ${TYPE} $DAYS + + TYPE="clientserver" + CTYPE="clientserver" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp + + TYPE="none" + CTYPE="none" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy_exp + # create certs with valid proxies, but expired user certs - - TYPE="client_exp" - CTYPE="client expired" - TYPE2="client" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1 - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - - TYPE="fclient_exp" - CTYPE="flag client expired" - TYPE2="fclient" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1 - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - - TYPE="server_exp" - CTYPE="flag server expired" - TYPE2="server" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1 - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - - TYPE="clientserver_exp" - CTYPE="clientserver expired" - TYPE2="clientserver" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1 - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - - TYPE="none_exp" - CTYPE="none expired" - TYPE2="none" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1 - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - + + TYPE="client_exp" + CTYPE="client expired" + TYPE2="client" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1 + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + + TYPE="fclient_exp" + CTYPE="flag client expired" + TYPE2="fclient" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1 + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + + TYPE="server_exp" + CTYPE="flag server expired" + TYPE2="server" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1 + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + + TYPE="clientserver_exp" + CTYPE="clientserver expired" + TYPE2="clientserver" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1 + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + + TYPE="none_exp" + CTYPE="none expired" + TYPE2="none" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} -1 + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + # Create revoked certificates with otherwise valid proxies - - TYPE="client_rev" - CTYPE="client revoked" - TYPE2="client" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE - - TYPE="fclient_rev" - CTYPE="flag client revoked" - TYPE2="fclient" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE - - TYPE="server_rev" - CTYPE="server revoked" - TYPE2="server" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE - - TYPE="clientserver_rev" - CTYPE="clientserver revoked" - TYPE2="clientserver" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE - - TYPE="none_rev" - CTYPE="none revoked" - TYPE2="none" - - create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS - create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY - create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy - openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE - - # some extra certificates + + TYPE="client_rev" + CTYPE="client revoked" + TYPE2="client" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE + TYPE="fclient_rev" + CTYPE="flag client revoked" + TYPE2="fclient" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE + + TYPE="server_rev" + CTYPE="server revoked" + TYPE2="server" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE + + TYPE="clientserver_rev" + CTYPE="clientserver revoked" + TYPE2="clientserver" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE + + TYPE="none_rev" + CTYPE="none revoked" + TYPE2="none" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE2} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + openssl ca -revoke $CERT_DIR/${catype}_${TYPE}.cert -config $REQ_CONFIG_FILE + + fi + # generating CRL openssl ca -gencrl -crldays 10000 -out $CA_DIR/${catype}.crl -config $REQ_CONFIG_FILE + # If we have the trusted CA, then generate a user cert/key pair + # And also a host cert/key pair. + + if [ "$catype" == "trusted" ]; then + create_some + else + # othewise if the ca is not the fake one, add them to the grid-security/certificates directory + if [ "$catype" != "fake" ]; then + add_ca_grid_sec $catype + fi + fi + # now do the clean-up? rm ${CA_DIR}/serial_proxy.txt ${CA_DIR}/index_proxy.txt ${CA_DIR}/serial_cert_save.txt ${CA_DIR}/index_cert_save.txt @@ -803,11 +865,11 @@ for catype in $CATYPES; do echo "+-----------------------" cd $TARGETDIR - export CATYPE=${catype} - export CA_DIR=${catype}-ca - export CERT_DIR=${catype}-certs - export REQ_CONFIG_FILE=$CA_DIR/req_conf.cnf - export PROXY_BITS=1024 + CA_DIR=${catype}-ca + CERT_DIR=${catype}-certs + REQ_CONFIG_FILE=$CA_DIR/req_conf.cnf + PROXY_BITS=1024 + # this is needed for the req_config.cnf to work export CASROOT=./ # putting the CA certificate to the right place @@ -833,16 +895,10 @@ for catype in $CATYPES; do mkdir -p $CERT_DIR - if [ $catype = "bad" ] ; then - #Create a CA with bad certificates (namespaces, signing policies etc.) - create_bad + if [ "$ALL" = "yes" ]; then + create_all else - - if [ "$ALL" = "yes" ]; then - create_all - else - create_some - fi + create_some fi done diff --git a/config/req_conf.cnf b/config/req_conf.cnf index be7a104..fedc6fd 100644 --- a/config/req_conf.cnf +++ b/config/req_conf.cnf @@ -1,5 +1,10 @@ ### req command +oid_section = new_oids + +[ new_oids ] +limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9 + [ req ] default_bits = 1024 distinguished_name = req_distinguished_name @@ -10,7 +15,13 @@ distinguished_name = req_distinguished_name basicConstraints = CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always -keyUsage = cRLSign, keyCertSign +keyUsage = critical, cRLSign, keyCertSign + +[ ca_cert_req_nokeyusage ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = critical, cRLSign [ proxy_cert_req ] @@ -81,3 +92,20 @@ nsComment = "OpenSSL Generated Client Certificate without Flags" [ proxy_none ] keyUsage = critical,digitalSignature,keyEncipherment +[ proxy_invalid_usage ] +keyUsage = critical,keyEncipherment + +[ proxy_rfc_pathLen1 ] +proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1 + +[ proxy_rfc ] +proxyCertInfo=critical,language:id-ppl-inheritAll + +[ proxy_rfc_anypolicy ] +proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB + +[ proxy_rfc_independent ] +proxyCertInfo=critical,language:id-ppl-independent,pathlen:1 + +[ proxy_rfc_limited ] +proxyCertInfo=critical,language:limitedProxyOid diff --git a/test/big-ca/big.cert b/test/big-ca/big.cert index 21f751d..dd94855 100644 --- a/test/big-ca/big.cert +++ b/test/big-ca/big.cert @@ -1,56 +1,56 @@ -----BEGIN CERTIFICATE----- -MIIKATCCBemgAwIBAgIJAJ8B/7ukFzCMMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV +MIIKBDCCBeygAwIBAgIJAMAFlm8hDOq7MA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE -CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJpZyBDQTAeFw0wOTExMTgyMDA5 -NTdaFw0zNzA0MDUyMDA5NTdaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w +CxMKUmVsYXhhdGlvbjETMBEGA1UEAxMKdGhlIGJpZyBDQTAeFw0wOTEyMDkxNjI3 +MDhaFw0zNzA0MjYxNjI3MDhaMFkxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9w aWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjETMBEGA1UE -AxMKdGhlIGJpZyBDQTCCBCIwDQYJKoZIhvcNAQEBBQADggQPADCCBAoCggQBAMMP -gBs+EVHOOA2uzaKfom1nc2JmCSjYTBcJV3PlZtLO+1a3B2Rfp1uJ9YnLZoJHkmiI -du2aUvSndEQ2rD0k9EB9yHCPI8qaq2CWM1uJgPt2olWnVSIHVEdU27D3ADSWTY+6 -VixPcDqNjk8uMjNuNYJGr1azL6z79ig8RAQyHhMzUEdgMBKgSE6HdAGYJNjqm1+S -WliBXi83bKcmB07cBl5rKW0zD2WATlCJh1wkURvrCpsVKBmVcK8itwsl5Jebnwmw -QCN0gXfjnRfTEM4Rp3PQfY9IydgwP72To/Jou8Lm73nGg251XLvvYFFnPX/sjZ3p -RPFZkZoF4nEQc61/ziWtlWc3DvtwbxoLMNqy/jtrfq7+AB/p19vfFZ3+vBfgqjPa -h75MC7gRRaR5ia8tDlaKGvq8O7iKo4d6QBgX2hX4FP4WbPu1hH91OhvUklYTvDc+ -zAQngEtf80WOve38TVTINbimhlxo3xSBEyd0Zdpgq0WKXfpmaHoUpqvyrQLTaASh -yhHqMzh5i+m3JKpovU2G3jO7Iav0uEcRWOKLSZjDaP/TTYimzi71PxkFNu/a/sOr -16VchTOr+SAwgseM9PMZTsFKHwgfeIRPz1kAhWMz6rnQdfBg3Q/wEc3NqsgF1GMt -6ttDFlGMrq7wWo59aE01R/+uR9OiP3N6GxEVw6cY2e2tWRZwJOMJM6M27bfkXG+R -nuctC5fUBOXaFyuUHLars2Yo0Eygu0MOgYz2WPbjIe5WbKYC/sZjcJAmD7lFGo3e -6ChHjxq9XKCLD3+t42Sh2n+c7D5R0F2Q0QEwwbCca6ulZ5bJTGBVP8Dr1BiJRICg -BcmoHhHVg+/zvERAqHU9fk5jvpb5BFQPS3/ReRYH+dFiiqzNhLjfSPuWYKFW70Xg -3QHQBu0IqNdJq1Og8SIcDxJ/kiNbW6GYYb1e5ZDWjszhtsPvKT8n9q8sqN6JzcX2 -2n9e1UAjz0tJn2z1IY3FJIalKmyo+DgvThAE8tPecW3370/LI64Slb1WoEYTwt1j -s2hSXqODMdC4xAJWuIQJIIxNFEtb5PE9ahpV8/Ff7vuka8EG8jLOjifNCrSpkOYf -8EbHgbv+j9JQ68d9MDXdk3YgznXkQnEHVb8lw2NdjheM1GrTHfRz4VlbSChSM4l/ -pZC4CNLB7gItngJC5sSuc+L3hLFqqbiloFQpU6HUKnPFxBjVlaaf7HZcVsBWVehh -/6jPDuutR4Q79QZrcxBUeuhH+X7ofvAvb9QWaqdlCM47/uZdD3PuOk0rN3UamB4G -0VypiUpKI4R//69nG8kTCB8qLjjZWxPQvmtPhj+JnNt+9TB0xAhOhIrtfz5EYWmL -cQf0D1r5JUfeeJkFyd8CAwEAAaOByzCByDAMBgNVHRMEBTADAQH/MB0GA1UdDgQW -BBQgseI4jmaCF37DPSVAkJU0EhRpjTCBiwYDVR0jBIGDMIGAgBQgseI4jmaCF37D -PSVAkJU0EhRpjaFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEP +AxMKdGhlIGJpZyBDQTCCBCIwDQYJKoZIhvcNAQEBBQADggQPADCCBAoCggQBANkY +oZ/9Bi83Mn6PTnbxo4JgJRCXcfaefgScjIxKk40KhqBozEBOLBwz42GAWJ0rVz2+ +kF9ZGApAqCRmlann/dDEoOYQfSL29XUr+dr9h3GATtzU+9xfa/0BnykZAAcl6MFV +MYy4aJUY5wiOaeaanDAeNuoj+RVYCZAvv23IYlIrjU0QySx8ykdIs+IQ75W6+inA +PKb80Y8lj7TpArbicJoo29JLXCzHRMRBfBhNOAf6IVSWKcabyq9HmYFOwhPd7dLB +6gZLrh0FEBrAju0IMGf8RlgaDJAqpda63DU4xrH+8yZcR/GAxa0Ax92AM04b9Atn +e4xz1cIyrEcDj/EM+E9YPWTyag0dRMJDpC6BNajDWQibScy5D2UA1wL0MjHJYenS +e/Xk0gEMjsLK91Io8rH9LfNoIaASqZ2tN+cO/UuP+vZCE6NoGTLFWKH8oMpnQfk6 +ARgA32uy+MDmW8jWM2vTC9JOBs3oZYtuS66VuC9CSqtG/S/4nbK7O/14Ooi0YaZQ +cztDE9EP4nNKwTWKidTioUXAVJcF1FIzltxHsUClUyII6s3hHeIeRxZN9UBB+lBN +QktjZx3nRmeMDfN7uBWYplX406c5jSPH4ZlDHepTEHddDHyy0mhQwKa/hhE2hZjZ +63AYhc0DyaiJp0PsqLyk0FgBd3HdvNbT8hyjgtqKzinCsb64NREPCDzLcxC9fQUo +Oxe58VnfI8HtnylWL3CTNFEiijotDxbpIFGxXZJHS+GsnvsSd076rGBVCv2GX9W9 +EJ0zZgv/tq+fdTV88Y4CjIexuzTxE6q5DKKUF/BKVyn++jBWamoWoh/RzDbKcsJP +sE/rV7h5FVMaX2KfhdcYEaJ0kg/3RPzGuWryV4e83x7YvBPeMxSWEHW/ydHWc+PI +6a7zACIhT3YnJqPrOrXijr3G1tMG2L9tHVV87xOftVs5fu2O+feXBv5T12xj4fgJ +gEbGkS8AiuiY2c0EGH2dbgrzBAR7ubjlAndMOSWxxD874X7KLFw0n/zck7BME/hH +o+k6ZC7OI1cCywVgaI1bZCPOkyLiHTzKha6nc6KjB0BQnObZatDTcWVg/uS8WyN9 +gRgv+Ga8MRJ58te4GYHlV6kbSuoEfIujWL7VDFi8t3b+U4Uqb4eaPuCdcnEYje1g +8r9gFdUeg50YL1Mk5Roz20K0KKbz5yAyptDaGB8ld3v6zbvCw6qnZA3g7AXoFHNb +Y3HTU+r4USSIxonGIQJPMVa0xtfNOInxix5Hz5UthFeZ25KLzLOHkfTTr271dwcv +Cm1/ExkdUtSmtI5IKQofNJk9x237QLTOGZNBUwg/1ZAYa7T1d4ndmo+OTPXEIRUu +hAwmb1MJjmHavd9I7NMCAwEAAaOBzjCByzAMBgNVHRMEBTADAQH/MB0GA1UdDgQW +BBSyeeMzGfYa1Z+R0JX2b+biUseWujCBiwYDVR0jBIGDMIGAgBSyeeMzGfYa1Z+R +0JX2b+biUseWuqFdpFswWTELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEP MA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRMwEQYDVQQDEwp0 -aGUgYmlnIENBggkAnwH/u6QXMIwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUA -A4IEAQBi7pMGytwry4CalH6FjQSlGV/gF3HMMzDZ7Byf2m6jGs+8f6R/s0ruATwx -VbER9ro36xCEJmrDVKeW3PSkcyJAFoxribSmgLaWa8E9O4GGTv0IlLDyDRaQs2IY -icskfNCEEq6p9rnkA5MXq7hVsojafc1CShH4Bw5QOPxK/uX09DGcutO78TBdPMja -jDoZi2toOUv6AwAeobbwKdRezRBoQVA97DPpb4ex+/AqZF9/nJsuaO9P87RtvJCA -DRK+K/xYWeo9G+QrqSDxCqL48aDE6WAaaJkf3BzVj8xm+kNjWkpNHAt6Tr6IdUUt -PuWyr329CqwiEDQcYt9y3fvi4LKkJRmKZrRoUWdD1ChWe6JbCWoa1mop6Wff1JU5 -WtY3N1COrqfGc/0xUG4pysSbzlk03UrHyRkCHOSt9AukxvWtU33tGN/TqKBLwntI -y8Nq4ZdSwyni2INV+eIogZMt0CSejLb4dsrBMXCRfWeg0T6tL1B0upGb85vD2fn6 -m9xF1SDx+IjDfieLHjECE09fSi+G2oBebhqfWEArRyW8aaKjwFaPBL7kGMASJ83Y -9HLg/tgNqSc4MI0+3Mnt9bPi83Lr2piIto3axB/GM2XP9gM+nxy1i63JqcfSWhF9 -eFOObROXiMSRKvJx2jhN4lwEB1TvfgtL3szDXuIuob8hsRZHzvlXMDxbZoFuwnLo -kU62uqq5XR86B7TElwEBZkPIFTyNvp051e/hm/6uPuJXSDFAiqiNX/dzKObpEzOh -1Mv+xQUVOuN8dRu/2rBKGp+vuZKEwVayjKF0NEmeygNMFal0GJ1NcZcydxnO8U0g -GeBlUhDbM+eHmTCO4zzbTHydSP6x+eBbdJq9figqqhS4OD7SWPYyHEEeDLfs5Vgr -ulzkexF0JxGcaQwKD1gFFZrUWB4J1dY7YIMPiQ8kaGsl1sGQgD7axnGRt7WPc0Yb -HqaGGvV/ZBh88HkZPzYZqYwtHjVjvOkbCS8QSHvzWZSUKkyH/hKAHRcQ/g1tY/vF -nSJYydt5qKhyxa+A/hbgqDNQpQscWTQ/lRBZakOfkpB8ZGd/EFbtV1tt+sHpToRp -R/feABVYl3fa4jWT5om/I97PrKC2Jm4/qEx8P3LybUwUbw91iBRgVoQt9pU6PvfT -YBnVz2N8diBGj8yZ7wyTxNiO3WjJUldrY4Q2FADUm09fOBw2pcF5gnor54NBKXT2 -7K2B3GoaNa3+Tk0bE5WhS2+hyolmt1qeu/5lGfbIUb5UlAxBYFOLpGuoDFutR86P -MMyFqDMRWpEtqSLa2MA1WRSrS4v8r6wawpy6ZfX0B45TSDt4RemgqKVreVg7Oe13 -tOEKBYEvhpvq0ZQgcaUWPVE7eP3I +aGUgYmlnIENBggkAwAWWbyEM6rswDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB +BQUAA4IEAQCUNIxuOf4Q2sTdTP6xUWPUnhGGes7LAEacOIw/QsFyEFbgaH0+lB7g +nc1I8gG2/ZuvOBPo73s2oRai2Yn0OMHonJjlF+21iYAHyd0+XjmVbMwOMwJyUyV0 +QRZJt3i0eel4Ti6ml0w5qYoNoRqMh/xgVSFlaXaXl1TaxYDT3ZJNkajCIw2PcRcP +HYdY41GpldLOUsyeqEAP4ktbwcHGjm5ThmFtl3PsDEoJpZ6/bhuy82GIImV9nOzl +WEhry8tJL7l0N4znrjze/Lu4UknqqU9Y/Blj3mR+MYQMt2/dwqeqPsy7vk83uC2C +OR+WUHjWSBn1hBScGUBUHWVMcGn2j5A5+k8LvRgSvrBDJGBzGVHDYtix5g1fDSM8 +Ocb+7shEsRgwu7FEt8p/E1QiQusO5sOkT9AN4430nZEn23SY9dejyRgsCMv2fgK9 +dY+FQjwubcY5SKvLcTEWwMkgeQkRs3Qot9h6rufPMsxjoI5D985ShpEQeJq5LXDT +yK8hvSUF8IXA61pGtQ6CfmXmdaESq/33y3CD6iDtnifrllkDXu9dZHmpoK0xm/Ng +CJAO/i+OLFARI92X6fMZ70dgOlOsnftunDkFstL9aSUwRItvJLEvgCO5ow9AcVBj +957BbAvyo/T77v+Sps2yWVy/ryGyOWfjiMGna6oL79s/TrMTiwCJq24++rXDteMe +x+dGQwkrXXx5ETIwbQeUhHyNwda9JxZRghEjpyIjfP4J0CO/KzOfHWFsnS35R22L +5a1johlMA/cNHj8Scn5uCQA9QZD2npSDSYDyzB11VC+yWNXuY9d9/y/VsWCEyKKg +IyEeqcMK1a/tOVSnLITxMrCWAdt20XDbLuqMeZTXFLTq5aP4gTZWbrY9bJDzDtaq +7+M/Mt+VPz+C3KGKyd38wx6dP8mb/5sEax9JgZvpnVQTCRFzi2AOGEX75LEQOkYI +Xf2IwkYCeW/o3DhfwqyzxyjboQlabD0GYsB7BrxyGEQ8XxspGb2PNa5Lyvy7WH5L ++8v4++gtDwqkDID/+hO0MDfuqGrCyThFMuKBwqvmo/z5xia2/s8/cUteQXjxQW2S +4to6ooB3Z+Llihgkd5wM0zVm9GnQbHr3oaeqOmd6CfvxVzkAPAfDm2tW1hamme84 +Dw7n0NFromRErcqE9HRZ8l3+BR4tJ96ZBCZNNlfaxAT8nvMXgrwsAUfTSifnSj1+ +XMPxYppbHsx0OYmZY1ApkQuIU3T+VaJBAS5owf136KgUO2v9EuTRslYjMeHvMxWg +UT+fvt1dbre29hVV998ZxOT+d2YvXh80NtN2sOv3MRn6DuHi2vdDo1X6msFEjELu +65zrURNK4nhfrN2nS/rV671gDOVI1mw/ -----END CERTIFICATE----- diff --git a/test/big-ca/big.p12 b/test/big-ca/big.p12 index e554dea3c8e65a2b3278758855e80df3a728cc02..f76732a3ac64f38bed822aea840d69d387075b11 100644 GIT binary patch delta 7602 zcmV;j9ZllJJIy;lFoGS)0s#Xsf*p?r2`Yw2hW8Bt2LYgh9e@Oa9egl?9e6N;3aXm^|x{9e_~8KXCx@UC!s2q zZA3w>;Qh1#Boa$c&I90N3JEdIGe5kSRC-v7e!p>x!Zj0?)S0=~K=0)l)C)F3JRXUE z>-%pDY6r3vq(l0~CUqovD`SOhbW`89) z_GIygyLy49nVzs2n`neuP&)6}+>-@=Ql6|8>9N-7Vg#>m>4U{+5gEQP{L4NWJr9T zCssq~+rvp5TN(yp$LF?mQSu%E*l@hW$h&MqFD1<^pfnmh)pgsA3y*<SBpQ zZi%zD46zl}Lb|8j5S%unyh7DAnZnWmFNd}n$`{%HSpW~lIe~&IBABKu_u$DTv=~&6 zTpsL{I179@P^DCbFG3_N9f>}FNpA~)&cA-!m4aJ%q%Edhb91x(R+kuAT*qd}OUa=J zueUI#eJ&wH9F8tJ&mLMjph_-c#m$RkSbQ>zma%0X)S_odERqbRU}Q6axvfE?!Mlp? za4>W@r1cs*;1G5tUUtLUq3X3+xXi`$`(+lEN8(A}$JpB*FlEqry(k}l@EHI2kRPNd zHBD?dR#7bPl4qc^f?fwb@^1QQ3pXpuM-!6vWEe9`G_=<+uP4Qv@l4!1p|l)Ab~!UQRvi=4uyGA7}0jH&Cp8BjXQ`5sla& zF`z!gImLq~f`CF1Gdmf7ZLqFtZ);Qm0qJR_TIwe9I|!T=90)^*kc9n0V)5SR4fKPlUGc zwym(0kmzn7MO*oq1{l$#8a;>UQza=vu z9a~5n445%{>=sYm)adU^M@ZOjS>*H2iARN8uqmG@WyQDs>wkFPE5zUp*;~7>S<^}Y zcQ)H34(8jx?}dSXzoV$0KlJ=b|By~2qG8koL#Ml|ZetIy4Z%I#xF4mZF|TKqRSmVW z>ovw$5bt=ml-OgYYTzqa$7(_(q31O=2t-YYVNTFQaS^D zPnH6Q^sYU|16i#qmI#{?rMHr;*m8$vGJ}glyqJC3G=X#ky(F|;Cv?vX>7xFG_%GxK zLX3g+I>`A1RE{o}06>(aa+IKI`UG!#_TwpQ7d6O=GmQdnrysgE!?^0Ss6_3KdP+Eu z%+=PXi`wFU`c8Wr(`C>-d8_ERcJYFsXyuGC3qmFHnW)D}u`#Hu=0G@ZuaIyxC=#;Y z&$B_WYc=i^Sn^ZVx94nN_(KTvS4bi|Ub3czKisq8ZBQIhWwJGZ``bap?D_&|X;rVx|`! z6wC`4m9mD$OIR@m{7}FB%8=L&bU1LwMkF$*=Bswmoaz+t=A~ zHr=6jYYF6*d12>V80F!aJ7~5jQAvdxCoCy{_wUbGdhN& zGoW^*waBb6C^*--cwF%1*&KaHm$Dy`dM)F^kwW+J3a+j34H?kwv;kZz|CT_ zB9WJVc#&o}i9Xl{gEV-Yb7GB=4KW>m{VA-cTJKU?I6M(P(kKR}bCsy}E4XcoXALl+ zqCQ;vrWZvweN|T1EK4zWPQ$B@%$2VlNH6GC!?AI2Vj{>tg14yNVyy2DC7{jtnoje+ zZ4=jmvL+@Lc?U$%#?D&{(!wb*0)8TNx6XxsQMHlF zp}{;~5p-J3&&xcMSDL?%aQzMB(|J9T7&*6~QgXHfAVC%gE5U7~HwW8Jh&FB~&Qtxl zMG83?DnyjD-zQfrP8e)>MQfpTidH|M(p$YjIcu$2M4S=8Jq9vNR558ZG|w&SX|V8z zG$(NI@bkEpmj|Ta=k^&1I|D6$9EvCNIG-WZn6(SK37mApf?wsRAhV>?;O}S*Lgacm zZzTkB*P@5F>)HqvwXHnNc>)_uhbpjGNI^^CO_}rl)p{cI&+NbOaQ_K+^}yMKz}!sI z0c*9ech`-n_w8T1Y2;t5RyGH@*3l<<*@|Z^Ggac07rX0TBb$V!Oq6tgpXs_B7dmBK z=@>$Y)Z`nC&RkpQvpLtq2}6mWc!1>ns#U%}Qn;16p<#YTzw8H#I)k&k21O}tKd4q0 zTI$&yy!Z@9G`tXx5-l53A&D>nn?!1-v-11~Zs(>QYyVz#H15WqVE0I3fpDnZvn{wB z=#V=MP;9sTgN)RjFX20Xpa}H>?c+*zRY@$0k3P1^@?jrZ#sjjU@jfrKI#_y=c)GAt zGPu4~KMz7WC3(6pB9d@or3)Az1yDH8yoe)4K($kb`m|E3J#qNDk!X68)^fLvT*dToFuv?c_u|=lG_!N2i>; z`e%zsP*XcO{=BjxStPLZdqMbSkz>I7MDlojyo$oawEslopUa>c-O~i1Dp#PT!M5z%P zh|HLORFmv=uwqyZu_LQd{%(3C9u{WHxRcEaMt|i&08K{%CBFg!2ml0v5=i5!;mg#{ zAbe3Z)p;UvU*G6|;$6%&3?t1@tH!abN53vy+o04uuy9;x_N^fB6$F5sP;`b}7{MSo zo0g-rPAg7(*741B)dgQg`RefT0xC5Ay;9rs%JIT<<5_&mZ7RxKSmo&&T~a1s6-iTT zW`8&bv1`}~F{iwPE7|VyMrMnR_2^-FrQjFaYgaNO)XA(1C~8)dY+}1#7E2bx4*h zRYv%wigc%=Emzi5he~!gq4;ZtGWh+Ep?`qTNC8~L+#EF!VGC?Ac6G|hY93$cBQgCr z3~$!2^tLjnM?C}~7)bhl?rPzs5@<)dc)h#KI= zp3>=VDdZ4`_Bo6bYRIq#i#xK0?glcHUlR}124VivL^Qmj;jk>9Te8Ne1j2#N#D8EE z-I{T1kK3njN1=n4?CMkiNEAZW5Ry8kFZ8PPxGUg8dg|ZF&v#U`5g+xws0>*{q7XNw>Pyt4y zNoapB-3Ry$1MvT<$;Mpj(J9f%p%xm{9Ad2d-6?E!P`-UOBXt@hfKvrN>FkmvFV@HEcYkWDHnOhfCuqX;c2o8Sn|wqUGD!05G=$C~s0cr5*$5ry8q zv!2R{J0AyfvEJa-)3=})UiRv**Rthvt;U`RKhHr zfJ8edS>rSg4XXDKygu0p>~yq-Z{G{$aQ;jtn3m+9ucv=pgeJ#mhfWvaIOFoj)oDhj z_6OT3){)$Mv=Ou=zkdQeOS?WQQi@fvv@H!7|JWTVsbOqbd)hh^M&~PJ(XjKrlGs0P z0z11U65}Kd;v%frLc|v&9UV3NRi_)7U>!}En z;o=cBjLQaZBLTW%O#@veA~P$^wdZPGUCnDU()@;Qf&RBQ z?I<(OIfQ-HinLgoCV;PD9P>$#oVY+&NV)#SpJS_}izhrc~()-#vS`)aC!4E9xot&m?)zJm$0PVsn$h3z^N;08aS6?D4n5Iy7d-$mS0VN5=$#P-Yl3 zU1yAnyvDL}f^QtPNG@|jb*}1k^N!}vX(%zzwCr75((VYMij?M*j{O0rK(Qn)L*}XX z=|MvCft_AMLFy_z4!>`py^vtLX~YoL1D*S6re8XIr+)^emM33aVHwTb9TrGbjh2k% zkE$g}kAshx{LuBhr^@|xu#0X6`&*8gAtc!|M1Z)wOj9Eg}oD$`q}d3`aAgd zxv`^|c7I^C@e7k!-}23+j!g6D=#^WJz4EdY%ydivjXQ}r4B3CKv>bf70mf4rBob6= z`KWG3pJ6_HbcB&=ql|jOWKYwqe3VS~N)40$>0=&R;c5fJpOMwgD zlUI761{p6vo1=XS`iHnpxo9w@ZtQJ#Ggjz+@k1iCekNtNn+VnZt4KJBR3|^}l~{Nz zhyQNa;#W6L&kp;$6B#w%dRf1G$a{hklRQRV>5KOXSJeQ9M0L=_*>t1s2}ll^6-Wr7 zMSoJ-h|?nlivMU*LdB@Pmj84eFT;`qfkD@C%sX^5AWf4ONhWJ61hh?9?(O-*G8(d( z79M3$v&42k{KqDcoER8zBf%tKeQ2|U-J+=#j;lei%dmUXwA=N{qoOC!k$ae^7FQF; zFOS#F2H&BU=(pzF@8Qe5!p>@a40bU-34couBe&-VK)p}{9Tjso{~2&<;Pq4fotBje zltTO3aRCuZqlJCK8gnM5&vM2es7p*;!jOvEekVs8j)(+L*2f-YLGH0Z0atC?3Nib9d!U9l}FN(O_ou)h3XVTO#lJPZ*(i34iq@f}X1n!`j)ZjS$#W#`opU{X0(MM0URVtU6y5 zBXql}wYM6Wyg#lP4+6hI_==eYJ!V~|a#!$~eCymvs!6b4!5r`rK@Z*Hw?N3nb~h6| zzf90?2wxcmAF8SO;JI{YUym)(+G1LTa%pwLcs%e5rz8G|Ghciq5T%W45PuE=5^~aV zs4D>Twy9AI5>ne=#&Gk^C>V85SOQF^>>bYu!ho%?2*GC)-ocZ>EKIN zR(@D^RE`A~VpE=fd-Gw@V}EFOhFOqn+$&DEg&k3>PkrpSGHh#S&`-jz)PB~RSf$ma zKscI8h((%xp@>%Br+1ypULz$#*V8C~xVsCI0^q3kH;MjkO16 z15X{-lxUEtaqA~^i2O@BY4P^_3!g9!YiH%B`T#`30p`T5y0HZ-Zh!0kUr%~QzuRVgZj_HL`vSsG4L>rWZcVfFldPZ zONQ@&I?{S@2Ffy^Gk@dnSgnY#%n=bpigGA=QYhQU)S@PbIh>zLcy|FjjL(W&{=|*N z$J4D?h(1GY5IyluV2^8Beh-=Ofm$gqAYsFeZ}-W2+-T6O!d}FF^KiI8R_RP!xdY^x znyymX$Fc3-)cfye0f9(*)+13$2Qph%=Te9R6P1q+6z%6swtrJlrx|TeJBds-bYsx# zU5#)7houZgQxaCOBX;#UA@j3xyF(Gm{;Je6LN|Go^wB5|4_nvlt5x)+T7623KpTCy za?oo&e;{22@}u|Xec$9*>y%A#RJPVElKeyAj?~I%3lK33ydg8qa91IJZK*_(DA2pV z8P7Zz<4HdfO@D!SK#LkAvKbhB`5FOOCKrXIkcTQ~w&3JB+~*_8uA5&A4d|$p7YpaC zYQKylM|l@8!=y#@Kk*s2xqghwQ8THP`QYnu7pzyfsyE1l$D^p(HK~o`097sO zTrhx5dBFixk=TK|LenZ1S7_hR#K!W)>TlV0*AzMyM~g2SX;~i{d)HK`mE7kzSDVmf zs(GkNL4Ri~#P{n&9h*co1k)Tt5}r-+r@@aiU#IG?gy^ol*UQY#edqqEKqre*!4EX# z#ljAJ`)dtc^Nf7@#H2BP@oh#q69-YIzbcFe*K

zDVUpH{N4GY-n)}4#j)r&VU58Wn10?diYBhi^nWRdeKDsi5=M$qJ!@-?@uZn?2t=sQ z)zbj&RyoUy;^z(PLNCXLH1=rtv5(Jp@;*2y>4v%D)?gpYPa5m@8>gnN!~gIsFuDS5P>aIb2XU&(aEelNyX{`NP23tMWXX(Yk#Dw(&L6`n7fH$PV?lvxGW;+1Y&dA`MFSf zM;(2}qo>%N_r+SYwjB>Mq2`a7-A1?Kljmw131u zveIH&vZREC`)}3@qvk<^CtagxLEWOBHYiCC3bk}RL{Gz)oqHQJ-8D1ohBH~n6D1!W3iv&w(*>cMl>*+ULPYW#^Cn&B6$bfX?mM; z8m!sS`eh*+&Ms6Anw5dJx7|c8wjUMvb_QQJfKa3imUS-4Sy@xj|B=H zA(2m=@t{T}<|~kC$URec$Oi@|LbYaDc=#0COnv&A-!f9O264I`A?+@yJ()BmZjS{O zn5mbxapX+)Y(h6S*P-bs6R35|*Td5jr&7+*Mx0LpLv^cw@!*W%WSK-Z21;J5a0wj^ z_j1a3*RC>(HC=3Fr@zt-Pk&m~!^TrHi*NxI&z(&v;pPSUclH`+UD3%ceDO82eBXP6o`s*~NXi#IH0OWbSr z_PFWAYE`&=yDN*!6w{Kz~e>C0*u+^1#uQVj(WTNp%;2zN!kWlw--Mvf&8PI&Aee z&=vNT9*OAMs{ALBo;yLU{FiLJd(Z&-!{9J`ZFjL`3&-M6Dl4G*YP%ff9-tulPOngn zXo3s;ih5b*^`RQ=Wq%CbDjcy#m-30uc9~`#Ke^f?Vutkd{eKk=*xjx44L!TPRlZ=EoDGmJUXIp!F1a7-%W#7_>7$? zxenBN(QkUp#^!G8DTlSnN9iLm)t-vvVTL5xHTmPuoINb_K!1-9Ob45lRfNy#T*ahK zVvgAhNAV6-N|;{vmJU-@y;Jn~*g|D2(}d9Z@Wbp;c#HKCsK#Z{+X!y;gm9nVtDGlS z$>y5r)4d&uF2g|hOYF{wx@~0JF(sK`yVg)Yu~cM*254hOV!F`p(!65)-Jz&3BKeMiTmB z%le7;uLSj`c!oxw`lSqzCB2Sf@2LaL0TtvX0~{*zei1>Oe%{?~7xVY+a)G3niGopJ zvqJHG+pL7Ro}KBPsv2iUZ%q~zzPCVkr#w)Ga_})FFjpf62`Yw2hW8Bt2^BFG1QeM0 zKWZz~=c09RLRu7j+Id{`vGy=AFd;Ar1_dh)0|FWa00b15K*nCy^n?C1j8}BR*XzkJ UPbKmM2)E@u3D8zl*8&0v0Ol8@TL1t6 delta 7594 zcmV;b9aZAZJHJgIlSzgs0s;sCfPxBO?elD$s9U5n zjwZa&rqE-Wy{z~7vSlhlPu+$CeHHMa{+= z6wj25;%|3$FgLTJ1fswg@1n7E|N~^t0B(5M-Z!Yhpt8H{@AyP_L>qSzUR)Vco?p59{m99+NQ^ zY+#x|7~TdXs~zmT1&Y#(j6lCf$Hk|2ok71l;7Oi;htDA< z$&ZJjxt0wGm&2q5P6I^ZBqAOk=1-#`?|Nk@x0-cjRIM5FF-i znQf=fFWToDv~OQm%d?(K5wsHYf#P2vG%*m5vNl!sDo&dSb!|o24Lni?(7N->Mz!tb z_PZwgy?nq@X847}Gj(epZ?}Gb_DdDEMY4a<^8=fYQbGg1K!n^HYgu^o#Q3rtTlK9? znid0EYHSrK1cu20L&lmZCs>hXDqm_;k#@=FuNT;tE}s3=;&X_Fme^j1HGTWu9Rddk zqZ8zfq$HP)oeSFr6sIEmMMOvN^TGV=UX1a(tfneVv61YUvaR#>&OZ=;0-jppxA_+^ z+C+!Whwj!dutEANlprfV+$2({Z4en3fd>vuno-H>>fyB?OY2?W|KX0XHR?V|x=uCv zok@iOQmx`=^7d?axVLRJvpF6Q@xmDBi*Tfs2R^!3I8r#z?i+B`iuFBq$`5XsT{O8L zjA~)?KT3kqbY5LdArX*&<~p4GZXF4ITAy!qbRD0E!7Z;b&dN?#XDkKTlO`scymp$N z8&o!!0V_a(X*~Q~0pe&iJVJnHZH%x=o)uD+?Zrif-xNkd2zPV0^c5CY>ZG7P938~z)2oq~jt(Yr*ruIP9Z-y%yX8B^bMpb|vOe3M`VUi3L^M7; zce6l6Z!E^cvL;KXv-iH@e#l3^&3NP+m7|Y9q+~lJk+-+GXio)j%|DE44AhUDQq}JX zaW9>`GkCjv4H=$)T$*fm)qaU$+*%*}e|^O;r~GJhv+8jQQa3hQF3%b!tx)R0=YOFh z0wY2zBGiI7>gg8fRY}B*5Yf1Kxr?if=L8zTxq!C#bsssLQlT7()Zq-qMGSyeq=RgY zPcXU3`GY_0GuWjSxq#`qd~_qgOfXJ)VjBUx&F(cqKJH3?aSc=k7#%|ht789`_xM&e zy?MdgG4U=(C&RI7PD#B5Vy<6Y#LV;r&9u}BO|L)2Lv@*9j|E{Kn?cRxwHIrcW@#tO zeKg_LRECYaBv^V;vIq^dnwz6)YUvR$?+=;p6zh4fL}5w^!C2bsFIh>LMq+u>FUg{Q zyjh4w^qlH{#gQVhbe1`x)?1E{Vj+t!o1pBK>lI!57Cd~%#%`la`-|~SWqKMg((ZM&q9C|DW7l(i(l&5o)Xc2Gxi8Q<9@7b9JP%@vPZx6{R^Ij zvv$ai&V6T^pD^_3#DBE#ult4j0oziP(3K2+li7+9F{A&@YH zx0e;{`(r+iQxST4p=F8V&qmAmTa@$qeNv=Nw#CK;;Tvbh@8k`M{iU>k;%oYw>J43m z1!I1HM-9Y%dB3{-BHq<}ui9N?UX>aWZ5kt&MRpqw!yzh?qyvn7tH|a_uIun#E#+A3 zSyC;0yYo>gA}3!5T%eIdM{ojxz^=ljB(J*k=@W0OrT2yHo(wT{8_7Jpx@JsjVHi zG{KOBg|dQfTlQ{wO-AtrPm)Hwz0$Fvm2HF)hi72`oo6J6t=}mBY%aWYncMS)I8o<+ zP=?YTO1*#2T1CS*>Ja{+15_qED`<6@O`^T)h^$xu-$Q+n4(~(P5Bn>JIHUcJS5=4w zV+KbZ$9z)%Q3=zRcTJc`!aNdX%_7H4DER0a>ISQLqEg7x;oTJ3U>+`C{{4TpdtQ4> zI+Yilr!eD{YFqPgmVGKEpO?QP87&!CKep^~b7|E3z$c?( z?g!iRtlaXdRq`B#^H{S^e*|m0`A)1hX>UyQC2}}_Z2}WYddJ84pPftoQpO>lozWi_ z2+V$>b50aGDnrmM>?K|H^Di7624+6 z^{s1WpCTt=TVIhoKIkNk_Rc@GrNoh(=@)XLP0J{Y2p0Gi#3+w_;8H|u;_<|M1)rmJj zin&_jeF)UFZJ_Wk5^WfBC`Zs&(ga8~!i?_APFdgrV244YeM?GoMRHbukMLwh`>|-h zK$^@R&8VTNsz~i9T${zOQ*g#tP2Wu#;(q%<~W4ZkD%){3%g%UWCz>x<&uPk{%BY|{}?~dX$wNBi*t0Um9!h5?y$C;o#e@=pA$_{^`F<6jiO!zzzQVDE{vRCwv~qaTnR$IA+(bXc5y;FsRfALtep;VT)Y%J z`Y5s|s-X#O`ub1>0K$0eJCoH4Mt|)Vj+DNoG-(0?2ml0v5=iildAo%Q>(3)HaeygS z7MZ?oorDmOK;nEN!XK8({>5)-xhjN$#fL-jpv65h@gXD&o#GMMi5oPn`8Wggx-*cW zFyP?%-1!DX6qDveI(8aeysoYc0&k>kzya* zfo4z1|DAySSkMLE;>z8|1bUx+FO5OXz74M07!m>^LH3)BFt17-Px-4&%?{{CLOfUD zNcT=}n=6xF(nynrhHYs(Wo2swDEfVG;+G>%czuvt)SU0Duqu#>+rL@$P!FMF8sRo> z;p+(wY;>G0zx&t7e29!IOn-fesfmGrdC{yYHv3bb-Z_W))`WBIl)j>KoG0D}CvEXY z>;?_Y{-Cvy|BvHPI650iw5~2G_A1$kH*Kv$ zRduBVqpuy5u_7N5nh9g@W`%F+#6@W)NyA-IwjrEUGr49`684HZaDVOk$VXUx?Z9sT z!?-`mG&+}TzE=WXXVT&{fUGaT0o-D~G|y%w9Fr{#7%&?^`1KEvHB}_k!T? zLIqzLrvtFt1OJ2fm72P8w$HSiF83ZLan;^?P*em%0tuRPGPIIt2MEnnSkz`pVb_=* zpxg>yZO!^%D)yRKqYy0jQyH)etrE~Lj)`cU1zygpFfP=3-kUX6JAr$g zq4u5#@Fq0f`oUX;+QZ&*K{qSr=QV+R7pZgLIS&J~SsqvYCcjoAjc^Iw&igBNHnGP5w#iI^#&&jw?-twrm6wP@zuA^iBdr7&aTcrb zg24=owcx};7T=Cwfc(je#<-_wOV_rva*r?mriO^iUw>vSsNEZC4>3zTI-9lF3Zh+u zPL7by#^78-9PtCLrbmxER`S7Ab`wGeM!FiQ{!7bX^}Pa6cbZ5)O%LPHp%L`jYiE5V z&(;76A1n1ag0pU;Mbkk;m1WxZ#<*22pgT?ud#20oAkrwn=0m{IrbxZUi8)D*w(J~k8>6_}}UrBO9t$oF4XeemqHBj_Wq-v1zD8$>Syk%4DB zDiSI+zkrB)Hho0@Fk;u+x+`vCb!4u%e9!f5 zTU_0I1(bsULZlI|CH#ac1p>wcts+;62WEPWY)o;RBJu_~0=kv2s92s>ynFPDDq2Vqp&^2-awS&VLJT zh=YRe_UImy09odH2fJ}(H)mMT^x2B-T*7^!_AEg_%CD(B*?nPm?@O+GU4xx7_{nh` zsslXy`!JLp+kn}0*js&uSCKaP^Xpw|Y4A;UORK#!HJ(M966@58qgGtThW$~TGIq;9 zgqd?8x*!D;DPC#1uO{4ouaXZ&g@0!ywPveJ`1v`sbwxg`(UOR~EquznK1>a@@ZMM7 z7|exGpB0ICJ}FEYq*-!0c+BGf1e6Yla!(8!Vf8|86}yHnc6V_-P47&OV$$0MPjN}J ziai&|bjXmzaRu+$upOx~83e&KtHfF;52_#(rO-C2nGJhNbi&$hckJNeO{{Y*(*aOSAT>UV` zD#W0Krkp2+s(QcP@W@cbU!YxunAM7cCB^8xf1_%*&V83QSG$<#drdVct0mcX6oVBV z%b)sq(}(#W6%zQ>+VKi)Pk-!Uz1^ZL$2K942Z%U0|KiqE_pOel!6ZNS!|}{Vbrn&4 zZEr?k(uoYf)zIi{&}eUR)V_Eysahn0n`6VmQ&Vt+NHvdg?j%>*!TR=syp5|mb(#jGZ#;Y}{H4NtSSCeg`QoTu zsk40l{%HjD=!-`7w|_}!SdHM2l4@e(c*hC-F2ZsrI3~x*uSjM~f4$o$6tI4MFyXWG zhlaPf`*dWz#w54K`h2!oY=E%bG|}h;?ZdhSvSD~$+=}88_rm@o`d0l3(mB4iflhS_ z_~SE1*A5H+4B+`%PMRv!F+CDLFdc8b#Ab!4hLtSRO6Fn{ZGZi#z?I<}oN+Cd`i_w_ z`Un*%emK1A$0Dg`+Xe!oer(wxfy z{H|R`@J&E)w~@ligRgK9Ba8$fM1tw>+@06|GdWPV#_(vXvpp8Z)~fc0Q6;4_`w;Ox zgh=KJVuvxV?0+_h5U7=t7+Z|(Wsc&1NGhKKkuU(*yHZaYXw!<%cS2&4EskoSwlTbCu}u$clWR40Y*0 zzok;1WtHL&yMcGRh=f^X1M|$;9o`<=42mk~)CuK%|9=sna#6-vTkhz|o{NAmR<^E` znp<#TK7Ss`Kuuq2UQMH`l63>!pO`sE4^2@Gh}W@`f1HR9W>CO)_PrfpXhRWL_}P)? z&hTlk@$(==mjnLN-RO;_;@Y*A4>;=E)Y>`>QMq}`?kLyNZSj|Ue$+d~a|u7LKf`Hp zr10u7ua#D;;{H;k7{O5%_^ICXc!7Z;q5(J)1Aj1{3DG3%`T-7K5+I9eo>hA>a1ag4 z$9yDs671iR{4g%;JsE4iRu`_;tZA1>X^6ssjv;eG`R7(wIBVenLY2(_DLkXj{y<%; zm-pJytSX|PD^P|n9EM2xsCMI7=I!?JUL!g18$lNYvX>g^{~3Q>DGaoWTwi! zqy$k};!|hT@als#`)a=~S{BUxmZJ}uSp1(PoYz`axgY>>jJ{`WfE7Ekuk=4%H|g{e zP6=JO-A|fQfm4nU(9W^uMY>ZO`!jXFjv311n9FEBKUKcIvo!GVh|Y?A-~>dO{(p4> zqtr`lK=3sk{LEK=#@th00Eu^ZPbC}f0m=dS_ntQXEnW#FL5qmJl&MQx11IZfJ^0Wc zdMw)0z z+0^K3jLN0bso@%ULhY_8T=zamM}G$LD-Nr(*F82FIE0!@xtHS-Sh%y|J6U;!zd+ph zWh87o!oO$>$js-KC51jOb_d&rvRpyK<%Cv@A8*l^*4_3 z$x}6onf1>ogJGbJNjSX1D?Hd$`(XZBT*=n29Gnw^zLiM0hEoABDwvYUdw=X-eO1x{ zDRGx}D%9?iAgMCS=!$iaQ)y~YC58KohBe`rhx5(jzRp>Jqr>13Pj`~D_P!@U2(Yc; z8xV!f`*HaN!$u~dt4QZor}#LiRH5ubrn!o91t-2g(>=#6hjdaI0wwX;-;d3gY~Tq~ z1S|rJAyeaqujsmMost)&(SNkrc9Z|r0R_((J9;RiE=`Q~nqzBPDJ8H!hD!U2)urjs zg)Yl=yQ<~;Gu9!ocmR04olk(7fn+VG;jg_Ud5vI;oDP} zCh=$~tQnTfFyu)EtbYts3jsV8tWlG>YCwI@yHJ%k2lQlwNr!l-JHmnTyb<9>BG=pn zo@UkP#H2VS=}eC6blA6#4Jt#V`PgWBSx|QSGs-{y124yS>DJ(d0 zNp{*^Y#$*Eg*q5Dcs#GwI>AbZ6F^;w6hA31ag1`=MXSBKkbn6OMbR(Nz4lCS75A$e z)U{ckMVC@o`E3gH-3>V-WuVvBOeu5VQF)vUrUBD6@*L5HMj3e^L#(Rg_(bwH}r7zK}6fVHJ6I70tO; z2keZvqGo4~6@LiAq@{VyVlV4rf%dUr+E^U_T7^G^a}u*D|5X)J+jJP}b$g+)&?2Ra z*2LII_j#1IX3&^oSPrV<&nWv-Z}jY!cxX_R^>yj-H|k~XWRsGVQ)Yfpv;%|ol*lBd zk$HrqM|6Jtx-XgxGnaByfnenH7js6yv_2cni!z(bW`9E`^O}5pJcglvzdT(-hD-UV zeIdbFgQ4+ec=v9>Q2LwUCctk1|@3c=?vF(JrYBhkOw<%G>OS*JazHETd^YvP7unuz*z=> zETvipKYs()2hKzTTKV(@35Q9~OjPzN^0@wTX60#fU|H{R67Vy017)8n*;*8F33OS} z|D!x+A=EV95*`>cx8CpXHV}o}#sTL_9QQ|~w%IGC5#l@r zf!|xR4j&s=QWVMF!gy0lEGNkDD}c7OY+c9i=6~Jjztr_z2{=X*!MbA&oC0ci7WxfJNqEm> z=~Eh5{>`kG0hb%Q2E!!5)30d0Zf-FpFjpf62`Yw2hW8Bt2^BFG1Qg>ubYhbulVf4B zx1;J*3<6g`tlKa#Fd;Ar1_dh)0|FWa00b17XQ8IH8%mJaDJk2RbhA534nnmA2tzjy Mot36A_W}Y40ET|Dga7~l diff --git a/test/big-ca/big.priv b/test/big-ca/big.priv index c0ff3dd..5804b26 100644 --- a/test/big-ca/big.priv +++ b/test/big-ca/big.priv @@ -1,99 +1,99 @@ -----BEGIN RSA PRIVATE KEY----- -MIISJwIBAAKCBAEAww+AGz4RUc44Da7Nop+ibWdzYmYJKNhMFwlXc+Vm0s77VrcH -ZF+nW4n1ictmgkeSaIh27ZpS9Kd0RDasPST0QH3IcI8jypqrYJYzW4mA+3aiVadV -IgdUR1TbsPcANJZNj7pWLE9wOo2OTy4yM241gkavVrMvrPv2KDxEBDIeEzNQR2Aw -EqBITod0AZgk2OqbX5JaWIFeLzdspyYHTtwGXmspbTMPZYBOUImHXCRRG+sKmxUo -GZVwryK3CyXkl5ufCbBAI3SBd+OdF9MQzhGnc9B9j0jJ2DA/vZOj8mi7wubvecaD -bnVcu+9gUWc9f+yNnelE8VmRmgXicRBzrX/OJa2VZzcO+3BvGgsw2rL+O2t+rv4A -H+nX298Vnf68F+CqM9qHvkwLuBFFpHmJry0OVooa+rw7uIqjh3pAGBfaFfgU/hZs -+7WEf3U6G9SSVhO8Nz7MBCeAS1/zRY697fxNVMg1uKaGXGjfFIETJ3Rl2mCrRYpd -+mZoehSmq/KtAtNoBKHKEeozOHmL6bckqmi9TYbeM7shq/S4RxFY4otJmMNo/9NN -iKbOLvU/GQU279r+w6vXpVyFM6v5IDCCx4z08xlOwUofCB94hE/PWQCFYzPqudB1 -8GDdD/ARzc2qyAXUYy3q20MWUYyurvBajn1oTTVH/65H06I/c3obERXDpxjZ7a1Z -FnAk4wkzozbtt+Rcb5Ge5y0Ll9QE5doXK5QctquzZijQTKC7Qw6BjPZY9uMh7lZs -pgL+xmNwkCYPuUUajd7oKEePGr1coIsPf63jZKHaf5zsPlHQXZDRATDBsJxrq6Vn -lslMYFU/wOvUGIlEgKAFyageEdWD7/O8RECodT1+TmO+lvkEVA9Lf9F5Fgf50WKK -rM2EuN9I+5ZgoVbvReDdAdAG7Qio10mrU6DxIhwPEn+SI1tboZhhvV7lkNaOzOG2 -w+8pPyf2ryyo3onNxfbaf17VQCPPS0mfbPUhjcUkhqUqbKj4OC9OEATy095xbffv -T8sjrhKVvVagRhPC3WOzaFJeo4Mx0LjEAla4hAkgjE0US1vk8T1qGlXz8V/u+6Rr -wQbyMs6OJ80KtKmQ5h/wRseBu/6P0lDrx30wNd2TdiDOdeRCcQdVvyXDY12OF4zU -atMd9HPhWVtIKFIziX+lkLgI0sHuAi2eAkLmxK5z4veEsWqpuKWgVClTodQqc8XE -GNWVpp/sdlxWwFZV6GH/qM8O661HhDv1BmtzEFR66Ef5fuh+8C9v1BZqp2UIzjv+ -5l0Pc+46TSs3dRqYHgbRXKmJSkojhH//r2cbyRMIHyouONlbE9C+a0+GP4mc2371 -MHTECE6Eiu1/PkRhaYtxB/QPWvklR954mQXJ3wIDAQABAoIEAERYgweImOL0Abnx -nMW1b2EsFUbN/7mbCBYuRMEsCPomYfSBTwrBZU9yqGDuru1JDKip4Bnir9xfbCKW -kYUfFKIgMIIX9W+BADloh3g0VshFSh3+8ppovQP9XLjF4wGKBIUuwhDmiKlLfiiK -RDa3D/Kkt70GLddLtXVloGNj+Bu8KA3KSy3LkWpKlcAVQhvrICO9kQBf29NpdR2f -+oGMIIMmwy4q7OMgsNARUCdd5jmFAoNSR2mnbgM/g6lZTp48fd4ULnT91nteemWl -o8bAcs7mp4fz9h1U0pCnUZOXVOq2pgQiJV0nrCWBe1sqdGcFSJ2i5XA3dQfltfDt -1cpd9KpJBwdSSGKbg6I5d5W5j9DcGlhQUVTdR7AXm2hvoBIxuxFOKa/oz1ZgXumB -WFfTzqlN3KQsHjTMBv5qPFj0yopWEWzyCJ+te055kbG8qsWURqeIzk1KVe6TIRcn -K69ebu4c9I3Nc1ifukJh84cohqOcqYZFNCaPiV31LG0lK6/IyTKOSdI7IFVSaU6r -yCIZbvLiJas0j1jD92mXT3CZY2EuXvT8YbdW0vmrHr+yjww9zHRdGsMrBtUTFchM -lxY6cn1XSbv6L6NV+5FIsZs6zoHy5/TRcPGXzv1Nnb9hp8xMFp3lsdu/xusuAury -9pfkow4idCbHNw2VVOwuRZuX56T9OIfCZkdmLsrHN78liuWoZq02jEWFs8i/ZCQ6 -xTFd52D9yxKVbWJ44kca6rUtEk4uNyvq8a8/rZoZE4P9gzN4tHDRDmP7vqO9Q9G3 -pGuYsyk25I6usdHpUGcP7gfXttIDens+d2uKuVFwJuHmijhrOduQ/8iGsNLg3xKq -SdGoommvzJGUGbe3h9ghYW2XDfRniRl/c+wisUHb/t1yhGRcqowh22KbOucdYkuZ -W96BVm3Bt2O/sQcVPeSxykvhlwoJljED52HgDqUT7grZMVtYDJuI4KF6RgK5ubsT -7zbF7Pe42P95XzUp2mEPW4unU8H3MA6tJ/md7QEfM2ZwlNDcYDhYuFoF6lGOc6Ug -8LMzyfuqeBCuYBHr9TM17oys6IkmY5BrUi5JKIobGMM0apVIzAv1anLxgE4yY6K5 -/NTvI/KKdYSawiH8XcUcMW0nhAWPBFU/VPcoLzYX7DN4iUQaSL3ArPiif3mWQXfH -fQiagCxkOZdIlsVn32asoIlKnWM9/u/7Ww3G8dDDOoWY0vgZ0rmW9GpU6W9hvxS1 -Amx1nkeLX7JWxdJI6teQRJFBckhmc5NS3gOiFUwggwO2FYornwdlAn3z/XcfqCBY -jnkdG7k/hcojyduQ5bY0yxFxGmkMKdsj2IeU16F08ZIIb4DGknjwldXQnkMdmk4c -HSv4SEECggIBAONthGamE/BLTPVCvyDgbFCFrkVBgz4u3xZp/ag1hEzBDNjoN8lp -KGh1eRLobWIx0BbQnor+WL/TIOiRF5DWgqRoNampf3uZAgHuAX8XwS7nbdeX8qf/ -dciPR5Iw+Px+/GeagLUOtl6TizG3oSuw44tEDqh58N20IpnxfAJUnUKn8Ax2q+HO -rMsZAT5Ax3qSyABr8VXh5GbZ+2q9UL/9swEKX/gXz235XqT90Q3Gh3GJtoa9pGBV -6kYaZuQgcQO7CNomQTcaujXf1wjzw/ktu8eIBKuLTvD6yc8OSo19QBj+gHi5G/T1 -9hZvpCGnR2MWiUjJmVA1yOkQkYmT3RP/BOs/+tkYENxw6yMYMEul4rzNstGXhDEA -PsC6EUAmElnKuLLzbMsJNPPgYPnQULIPMs80HQ+oAkGEc+0ldq6bniNGgnSvMQ3o -ziRiVf+xb9aQjpBekb7RZMbdECS+YKmkubzUCs2DaQ+hWaFLOyIqTw1/Pj091VYA -me3ovLn1lqJk4szSA9wD2qz/YPRGQgtiPHnNpRYmllNDsQoayTxYbxOxJOiuVONQ -Ce9sqYsJKH+PSaem68Nen69iR7zDCAokcKnVGxk/4Qx7NHGJyZaewPny8pKgEQ15 -MfOjkUReP3u3tlXtzv9mNrEyuSMDvMPCj9FeL0mI8yFXMeVzme3F5oyhAoICAQDb -kP6pLI/R/F8dkChP0lZdE/tY42RgyVJBfNfV6jLmKw2AFevxkBafNs+eHIcB8uZH -Xx0DQ982pa6V5chv6egiASq9w7uSahZUdFuWMHXMmpyp49PHCugW6zZhnCWL5O6e -FbQf+ZifKFWeIN2gHGbr9sfXucxlX0vnVbBBGXkZlo/JKeKoYD9L3Qbr9SGRIYSQ -gxReeyBDZqynQSqSe21zFCJT9TMYChSOMJafIsDE7+YG6n/4TT5e1E9kBR+G2Klk -k5tVIeTpJdQnnes7PW0AK7aJrMIXyZuMWmjU1d0agy97LmZoPQ+eg9yJ5jSkzoYn -1GqtQFw2MFZD8PmeGVBnp6fVUmeQt/ydEWEKUGKUHdVkRSuy2bZaJkJLyzjJL3Bj -QRNEKy4JTNjFwlRnbrLo1wp8ug/xMIV/d6VBdAYaxg7PGVeaJdjQtGcJlUDPPCB0 -FPVldfdk5q5ODcP5CvbNjeAELHw5MeDvgLMhMfVg50wMYDwOoMbelsYowkVtM37y -smvGHIQ0nEOrwbJRgtwIaiPjuwqMRbi4X5SwZCN5CJbTH80oehcgQkJd2NTLiOuW -MzQrF4qeFcFM9rL6HnMiZGPSY7nbMJNsevpiUBOiHeLXbXGfqzubfTJc/A86nJ8r -sIq3k80D/hRCoASIxFYLRdJGFTB84lLVV9jm0fJGfwKCAgAr8mW7UCxaKrLcUeGN -ANDtXmemilpKEdSaCDEz5+OA0W0iHP1qth9Q0CJtPOymJOoI/pckVLHhn3KkfiUH -n+vuyRRVjKNNxutUZCF15ak23xGir4H8ZKjl8Inr/fqfEArGGlz0n7st22TyXoGO -Z8gQiT4r4CRjMwPcq4VDDga1cq44OlZMdBt/w30yAmKJlQOA0Vr5NYVlOooSvjJ0 -ZxnIAbE5x6AVqDJZv5I+DzbtAad7sfmpg/CZS1DGlF5CUkoLnYjMlSWWc4KiADjG -VcgLboU4gNroRg3pLOHLJYDVU5iPu3VjiIPdIgWdWy24QAqXPh2aGkqQftsgsqnt -y0GwE9TtTnEzp75IMcxjUdLWmQkM5zJsJZf6tfnPY4v4Pewi6FcFhOnullUm8NIn -FjjDQVa8R8Ln1ihwkuS0KO4N8voSgigAgBQVg8sKdccetyBVVXDkZqIKq30LHJ6h -KWuayX6s58/NbWhceqUanQJZoVTtkJ1A2SzlhCuz43kQOF57JboJMdV3yIF7snfg -q0L0ZoCYHyy9Oj9jrHlmZ9BPBdQUAlv08Op6kYzRiRuCSrX455B3WDmTMnKaTzWm -gBQlPUDXSDi8qLIhnnaN3G993SxymOuyptC4O8s+YtfxmDZrtGBjieTXqO2NjpNT -YK1Zz9FjbEtPDgJeTFBaWfuLAQKCAgBPG0JlOUTn5wFt6U5c0++BwX1BXUwBAwe7 -yHsK+0IzYzeN+lfzxHIiEuFimeyaayVEeaQ+VOnLCo6IOy2oBKI5/imkDS07ZzV8 -YB/PUM5gVSQ0oXzfrbJI7528NUHh0S2Xj0JCcu7mCOYv/q9azGDYiyUdODfIHjl+ -s4S5L7BN480SMSEUgPjNIGkqAjuByo20c0WXdMz++7Mg332zIP0iBRMJJMKv2pHl -WOQrmZ3SVoyN2VcZ4tqh1+RyqNXfA5ikP/orBfcveQ2i6GakBVGMSjOODswvPdfp -DXnPlO4Aa1tkCiejTryd4+xFUseMyUvUddepbBLNA0VRXTTSHVS2w9TYKsRdg6xj -+qr3yFZ7/vOvGKzR11a3zCj+nc1rzsezOvLyEIyZlTJUrdszGNMkyLVikrbDszOl -5TmJB4BbjRgwzXSeeRxQtW6aKUgcYhFfQV3YnFPx6prKTHNa+vRIwuD/H/fxs2LT -Z48iWpmJvEvN+a4ppwt/jtr+PGA/I9qNHnNuAUAwpExNSZAxhfA4p+UeW3lFaKlQ -5D7x/mI5bTrJ/h8wgixq1vSKU2D3o/EdQH1/ORAcPMJUNF3vd6ELtxev6XZA3pN+ -9h/X4/nu4s2jyC6z1EG5l7XZgocKGvvOBeE0mu+2jIhIKNb5X6OQlCtaTLAXjoNB -klD3eJTNiQKCAgBK7hoDqYRUQP29WKGaJSk91TsPO3zEErB8Z0R9KiX31TC4Ln9U -eh4dYvQvyQi0agtP5/+eQBiOALqRRwbzoA0fI2s7z4KTTGlDwnFZxIiY2ylYgBFV -KPb/lK2UurnwxJQ9j4GLsVOBhD3KXZDEY8Jl+Gr82+azDeMlUSrqXzj4txk/RkZh -BNZXlBQHx5ouWUp/f8dB2jqVnsn6r6EqKwiLfFEd6z9IAlWQtENBwGq5kRG0BZ/6 -f00dCh5U1VE+Kx8eKlyXVqscYndLZG3bJbQBYwXKGh4fku8zEiBw+yEE6/LZIIWQ -KYrfIGu3r74pQEG/ZYdxdCasjidrdgZRrbjeo1A6R4uywI7L8bOzLBzu8HWIwGU3 -DTDcBRR9EU/wkKsXUhi0RkDRGfamDfz4DIxGOdHNe6UXSW8MKciOxI4gmO44VkgN -wxadNnt27+puetDXQZdxRXZgBN/LZeu9AzFwclI3WtjiHCeS0Lp+GjpYB8wS2rOk -3zqQnIx0He0rVuVEMAOdvMrtFw2fuU1EomrUuFHjOkq2ulZ4wC/MvXgEo2c6puKb -YameI61Q3PdY9IwWoy1QOt47cjxT8MyZYnWHuOUbeHUFwOqfAyFMRvF1+G0l2gm0 -eWbX7BKTYYLG5NSca3N40zspX4fXjzi7wekoRmFWrEe1jU3KzboL6iRLeg== +MIISKQIBAAKCBAEA2Rihn/0GLzcyfo9OdvGjgmAlEJdx9p5+BJyMjEqTjQqGoGjM +QE4sHDPjYYBYnStXPb6QX1kYCkCoJGaVqef90MSg5hB9Ivb1dSv52v2HcYBO3NT7 +3F9r/QGfKRkAByXowVUxjLholRjnCI5p5pqcMB426iP5FVgJkC+/bchiUiuNTRDJ +LHzKR0iz4hDvlbr6KcA8pvzRjyWPtOkCtuJwmijb0ktcLMdExEF8GE04B/ohVJYp +xpvKr0eZgU7CE93t0sHqBkuuHQUQGsCO7QgwZ/xGWBoMkCql1rrcNTjGsf7zJlxH +8YDFrQDH3YAzThv0C2d7jHPVwjKsRwOP8Qz4T1g9ZPJqDR1EwkOkLoE1qMNZCJtJ +zLkPZQDXAvQyMclh6dJ79eTSAQyOwsr3Uijysf0t82ghoBKpna035w79S4/69kIT +o2gZMsVYofygymdB+ToBGADfa7L4wOZbyNYza9ML0k4Gzehli25LrpW4L0JKq0b9 +L/idsrs7/Xg6iLRhplBzO0MT0Q/ic0rBNYqJ1OKhRcBUlwXUUjOW3EexQKVTIgjq +zeEd4h5HFk31QEH6UE1CS2NnHedGZ4wN83u4FZimVfjTpzmNI8fhmUMd6lMQd10M +fLLSaFDApr+GETaFmNnrcBiFzQPJqImnQ+yovKTQWAF3cd281tPyHKOC2orOKcKx +vrg1EQ8IPMtzEL19BSg7F7nxWd8jwe2fKVYvcJM0USKKOi0PFukgUbFdkkdL4aye ++xJ3TvqsYFUK/YZf1b0QnTNmC/+2r591NXzxjgKMh7G7NPETqrkMopQX8EpXKf76 +MFZqahaiH9HMNspywk+wT+tXuHkVUxpfYp+F1xgRonSSD/dE/Ma5avJXh7zfHti8 +E94zFJYQdb/J0dZz48jprvMAIiFPdicmo+s6teKOvcbW0wbYv20dVXzvE5+1Wzl+ +7Y7595cG/lPXbGPh+AmARsaRLwCK6JjZzQQYfZ1uCvMEBHu5uOUCd0w5JbHEPzvh +fsosXDSf/NyTsEwT+Eej6TpkLs4jVwLLBWBojVtkI86TIuIdPMqFrqdzoqMHQFCc +5tlq0NNxZWD+5LxbI32BGC/4ZrwxEnny17gZgeVXqRtK6gR8i6NYvtUMWLy3dv5T +hSpvh5o+4J1ycRiN7WDyv2AV1R6DnRgvUyTlGjPbQrQopvPnIDKm0NoYHyV3e/rN +u8LDqqdkDeDsBegUc1tjcdNT6vhRJIjGicYhAk8xVrTG1804ifGLHkfPlS2EV5nb +kovMs4eR9NOvbvV3By8KbX8TGR1S1Ka0jkgpCh80mT3HbftAtM4Zk0FTCD/VkBhr +tPV3id2aj45M9cQhFS6EDCZvUwmOYdq930js0wIDAQABAoIEAQC5aHroq2yzuF1s +jzGBDgAKIdil4eGXsWaIw7aZPjvj0eCGcNo39UtgzsPcCoQjvtckSXL9q5aHcw7m +/6HEWPiBatzLf7uPuACMEIG0EKCzQ9SWb2OmouwUSWVH8Sz/7dVqADtwJjJTW9A8 +k3xIUTUhNzzJHO3m16hbNxwzQ1cNPFrSPYrCbtVGqgXPBY3If8aVD7P9HaBPs9GW +vQXvcVafolOSt3/CUnEdd5vnGVPIJEyA9Do7f+RLbEfikoPX+craG3il5c6OxDsr +zdaDA2Jr/J2LMrwWCAZYbIATCClR7R52XYun6sVoamlHd+zZQbBcaQWwP2GJGEPf +5l/xi5UqFn9gjlQaXSvTCXfXq8xLFIMegZk2ubo3Fc+Lm0ifEpGH45awu7rK4JGw +NS2iQox7jHHJFt7Y2fd4TW6X7EpRVWcNGAOzo/0ZSkfXGG2uTx+eHXa/rEcjsNcX +z+UFkkKaTMUk2DSheF/5A7qpIP8LhX9F5jvn01nDQnsKj7rV89AN/VlcfH4ZJ4rL +0kVOV8I9SUxYyNi1nmnlxl+KQ8RTJJ7qS1lVeXRPIHKvzuas+WwxVrpOrldrx5Bu +cMOddcUS1KsCc583i0RKEbRPc23CKSy/9HzspsBiDM1r29hBLSJOF5cmxhrHq/t2 +8BElRqIZclzpPF9ppOlZQ+vbn53qy9twP55kpXmE1ablwyz1VnNaWwyMS1zFc/vq +Wpn/CTCzZmqo5pETxpc2aEVPIsSmjakYL2+xqoMxFso9uBFmxe92VjvzlbJtiq8I +I2COqm3Rj3+b8Y5U47e4mQXmcyRc/XSCANM9bo1/l/9YuOwvkGfEm/L5eSLAQxrZ +4LY9lJZa2GWpaulPqwUKVsE1MiUj6NNjU3eXlMyMfz9agL7AW2rsgX3yYHYpzL0V +dS+zg6UHmk1WL6I/b2DzKVUV809I5FjPFEEHoQFDUGYedunEHFsCiFYWVTKbPXyB +6RK62mEd+a9xTwI1MPXyMFK1460+58F4LTv+VbnNfZDF1PjWSYK444j4YrIT616w +gULc+ktrplbDs2Cz8ILJKhFHDIf4qXr8wRmM0lHNcAzQNvAUE7jJgpUxYtvN14gd +4DD5auFzkbmdbapVIJ7Q3bEXKpPRbofcurmSS9CMRr+S0q64iJ1jvAXqrM+YIpT6 +Hs3h9R5wKEkGAJ9bXaan/jhNcla4Q70j6286iMJ2TEQzdGG3BgeQGm3P6xkXhMvQ +BQrII8jNk4ngHDvb10A8hgxhox02paj9EwCUB/SQ/HRtuT9U1cOimsGqT9gj2zHZ +pqSK5WKT4qErnCbaJg2uHn0e9MhrZlldad7xFLhPl1xy50qHpgCL4Xi8r5yr4zhh +fg1R3c/BAoICAQD9MYjbfx4xqoiMKLEkoeTyEBN5s0d63ihomlqBTcHeC6BI2VLf +Rb8Uw/aE0Vd4rRj9VF6fp4tIwklEesO9Rhp+FbyTtHyjDikOOpBKhG+uhkqoac2M +1VUuzthkQzk2Hy+kaGwcKFRbqSH7HAldv1Gu8MMgaiDeio1hfgPoi5Ud988CiQcz +pLRbSjguLdzjZEw3zmrTwxMg3Vp1AKjAHsXYFNWLUTVFCyqxI/sXhgoQkN8RCfPz +8tHD6qKP9LcmDhdnpEG1KJxCvfJo26+Yh92zUZMuk1cvhGoV0zH8fcQ+7ac0L+qn +M8sGIOSpbgSkoa8YNjywiOXJSIDbGTLzJo+jcXlCU6XRSFm24fzoGR2vyTUWZ0wD +rvWrP546PD7insG6i/ulA8ax32vKq01rA/uErHkjXx3NNj0fAzuNRzdZ+p65Llmi +R5veDXbax8zBmjymJu0ohz11Q4CcCMEnJ0aqc5GldE9zBxCqXjbulO+3s6HQoW6V +pOaPC1NAZdFWvmdT+nGc/diQmjRzJ6z8LAvfJuS95h7q/SXHT7aU87hg7wfpRJNH +w4k59N63fBq7Z6ty1C34IN0wbRDzIsPuiw+gub8VbA11e26BhVBepP4z+hOHDYVD +HDU9RFaW79TmI071t+GsQe/SwpGa7U1DNq/HnIkidLv0/2/AhhEJpqgzoQKCAgEA +24CqpriNPOfKCUwUxM9F+0EMzVLnBpc57u7ZG5vsy3BXeXXIsoqJ35vE/C9c0Vhp +ZbgNtDzfgvvTw0BeqXVcSxL8VpKCMxXIJbdRZrx4/tNjV/ppYMUlo+Z/xMhiBvgb +G42v4LcFUIKzD1JN/csliwxrcfSjD1cDKmBJ57l8TYCWB3K94MdZRDA8jluwpnRc +HakVemJYfzeWASSnnUzNmxTeTwyTxd1HcUqCf56pkVCJT7vJcaWFzXRjVGV31A/U +abV/265MauMUtdngfHEw01I4bHa2SOgJSJ/dxWlsvLtp7pgCwLJlr6HVc1uDxCBQ +vGHYHdSOFVp65InFNpNgRd6ZWm06LzBJnDHFJa9+EJ/haUZnnm0Ng9w6h+qi3ALF +ai+gmpKgDfK33rV8SxvX04cIZaBoqIkk6FAI5KUGtfCPLUuugmOm3Tq7GBa/pXvR +OUcEdLsF4yBzWzzgUQlgzBahMfBQHUzy3zFjYJ5u/QNhOqh4+RKFt5fbjVoO0vTy +BHXrn1YfKNPs2Bnz5f4c/3gUSHCefgCSJ/d1h4uWFhfSv43BaQPLe9PgAyJCKP6E +eKiFATgmgVcmAoh4er3UY/g3b/n3yAji9v5/aXdkfNpX/dCYmnbhkkO2IjYn7Sy8 +o1yddJXqxn/rcOJnGpLctoMR0rgTaM5/zQXZ5DpoC/MCggIAO1tVfj+60GHuSQ1x +GelqRuVF643//+n9ByjIdu/Ht0p6dRmduAId3bxjGpgJLZ1G8nzJAhzBJnmFu6wc +H09D/rMR1n7FiWRUc6V/FjkeBYguEHVdXtrUcXjEehzYWLvO63gfgCpkPGjWMoxM +FdI4UA7Zb8vxkLpikqx8NhQjDTd/LFT7fzvpnE02Bn1x/00QITUfDi35WgcKoctZ +xFByiUm5FkQffOQ1Sfnpb4ZY7bFI2jG/Iz2Vt5xWJ/FyzlUXX5C+Zr3yhCMLpVF7 +RQL1EojZPF4GXnlodV1hppPFYgtM24swM6qMug8UDDRimkXdSovMhoZReHKq4rJx +o1cy7Vo41zfM89dGUP2B0Neygfdlnq7wvxxRM6hia7yb8XzOZfFTOUg9WI3MM2Md +by0r1dqpO4Wc8vL4OUEEwQYlD88VTsxy7vxiqhf1+SxF8E08Uqdlic7Ktabxi6Lx +xUAL7QHS7zrpNUo+ufIEZsI7wJE4KjTuO97AvmAlUD+OaAuTJbjc0bUhBCVijmyK +vUOGNPZlQa+lJ+nY5XTmlNzeKLtg22rcLELG9PNXEyThD3YqV20uqbDqqeOnyZgo +3s9zBncFOPxv207ohSy/vrBnd7/0vACLcUQ3pvlSY2guPRWh+TD2ku+STZKXl/5x +0oQLiXxFGfLL7Y/EnxnO/Lg5ToECggIAZWjubpQ4/HiCCQWTWtIAHPKSvZGdlpfr +dg33VCAXqG3AnCbkkEgdJqfKvFANa9KS7yG3gxvUj6lUzpJAqb3E5BJjboPFj2By +1an5+6L7q49yCEVyxfiPSUfGo92IHHwn2fT92q3z0JxxqZR239gpAjK8uSsy4nVq +yvstaddyLERKDCrguqafATff4k1OMbj0jed+OsqQ5EWEEgcjQTMokotzocXHx9RR +m2+3FsrwwGga6DF0AgNc6+znrygp0ll141itN4sxVviOqu18H0IUMq17z/CQiuJY +16q0RO5OBGv5pven3esNu7Ti7qbLG6NqaX4y4KVA93CT8l4MNQilo+IRq4tnJEIE +4BrGYIDRl1CmTYLvgGwVoGPwzraCg27sUgCrDH7NX2RRupzSTckRT3LFWF5hu+uQ +l5vSYAA2N3xqSZz7hNYRU4g8xAZOiF/J69J5pox5TdPCN9bKM+ZHSEL0OiQyfzb7 +xk4FAbBwyofzNax8J2Z9TLLmBkojKydrYNAyCa06PBydAcILwqhCMW0Cwez17HTL +EZfsPrEoqBBdl44gWyobqpvalNgRBOuBvFTvDf8pGvxuXSE7uElXhNA6nIs6BLrG +USKHLuywCla97E+hEUv3LyIFVYz7qUHP7RFu1Vwl2Ytj9QVEaSyMt+2aIGZW4Ub2 +GHypjB3H0C0CggIBAI7/LJMEBnU7U/KSpgzNsv9hrwfjbONqC8bAUkdxRdWxTXNB +baZeUgz7nFVrT7LSiL+9NKIlNzbXNMPCBoGkYML9Gm/KIzFa2xqV466ceRuK90jW +MkU1w4WFnWZfzhWc/U621eLTMg/mzUKjMcgEvLv5KM1PWzRp/Fs1xeTrsYt6WCUj +TPANfXUvvnz4YluYODhlKEr8BhR91S//i0QtaGqlV0GnemkoXcJN2QF3fvDAh8hI +vPsItXOusQKxSeJUJkgJGnAOx2Br72r12NSjd7+sOsrnwyqsq3kHah7ZhH2cSFaZ +FrbTDASGoXrO3+EGfTHnOWneu2mKVMcSq0amellnxo7kRkFkUI0Rdi4qzPqV4a9j +mdwIM/iOQrYsC3lMePTfUQFJwqB8lNKoRDqjilxU69bMzqCU5iFZncyASiACv+T7 +f3yHXbLQrEXuO2Xowj6ppnohI2vdqI+UDodIh/2E2weunnRJfhtJZTjN4HOH/HxX +ANK1J3CCJSoIx4nCcY4JFchXTgr2hgcuju9C+mK+CTIGNy8BtDxAC6AuW//YD+Pj +hO/j6sXVhU4qootkxGeswWGfsylk8zrOW9qkt2/ZFgQ0ClooyeVNGvTk5wNcLTX0 +LflBnWCq5gO2d8sOehskNSR8u3rEX32pA6ZX5hDJ1mKE3xVbTCw0sPsLd6y/ -----END RSA PRIVATE KEY----- diff --git a/test/big-ca/req_conf.cnf b/test/big-ca/req_conf.cnf index 2262038..9be2294 100644 --- a/test/big-ca/req_conf.cnf +++ b/test/big-ca/req_conf.cnf @@ -1,5 +1,10 @@ ### req command +oid_section = new_oids + +[ new_oids ] +limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9 + [ req ] default_bits = 1024 distinguished_name = req_distinguished_name @@ -10,16 +15,13 @@ distinguished_name = req_distinguished_name basicConstraints = CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always -keyUsage = cRLSign, keyCertSign - -#[ serial_cert_req ] -#serialNumber = 12341324 +keyUsage = critical, cRLSign, keyCertSign -#[ email_cert_req ] -#emailAddress = test@home.org - -#[ uid_cert_req ] -#userId = testuserid +[ ca_cert_req_nokeyusage ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = critical, cRLSign [ proxy_cert_req ] @@ -31,13 +33,13 @@ keyUsage = cRLSign, keyCertSign default_ca = CA_default [CA_default] -dir = $ENV::CASROOT/$ENV::CATYPE-ca +dir = $ENV::CASROOT/big-ca database = $dir/index.txt serial = $dir/serial.txt default_md = sha1 -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv +certificate = $dir/big.cert +private_key = $dir/big.priv policy = policy_any @@ -90,3 +92,20 @@ nsComment = "OpenSSL Generated Client Certificate without Flags" [ proxy_none ] keyUsage = critical,digitalSignature,keyEncipherment +[ proxy_invalid_usage ] +keyUsage = critical,keyEncipherment + +[ proxy_rfc_pathLen1 ] +proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1 + +[ proxy_rfc ] +proxyCertInfo=critical,language:id-ppl-inheritAll + +[ proxy_rfc_anypolicy ] +proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB + +[ proxy_rfc_independent ] +proxyCertInfo=critical,language:id-ppl-independent,pathlen:1 + +[ proxy_rfc_limited ] +proxyCertInfo=critical,language:limitedProxyOid diff --git a/test/expired-ca/expired.cert b/test/expired-ca/expired.cert index 45be69b..98c4e16 100644 --- a/test/expired-ca/expired.cert +++ b/test/expired-ca/expired.cert @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDCDCCAnGgAwIBAgIJAJO9tXDLWAPpMA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV +MIIDCzCCAnSgAwIBAgIJAOT06wOW29j4MA0GCSqGSIb3DQEBBQUAMF0xCzAJBgNV BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE -CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIGV4cGlyZWQgQ0EwHhcNMDkxMTE4 -MjAwOTU3WhcNMDkxMTE3MjAwOTU3WjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG +CxMKUmVsYXhhdGlvbjEXMBUGA1UEAxMOdGhlIGV4cGlyZWQgQ0EwHhcNMDkxMjA5 +MTYyNzA5WhcNMDkxMjA4MTYyNzA5WjBdMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG VHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFzAV BgNVBAMTDnRoZSBleHBpcmVkIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB -gQC1CZ0a6cakhd8Ql58VXnzy23ToUOp77bRTmR1M1iwiy8+h4faW+B2Gm4oGJrhD -oYp7cEVpnrlQuWQdYs+sT01GZmdzCfQ4fznc0VTMsGtpavWVOo5cZYUVfz48zu0B -bgB7W08EL88uGMBubaFDLB5Rb/yHkP+5fmis+ugKpdiffQIDAQABo4HPMIHMMAwG -A1UdEwQFMAMBAf8wHQYDVR0OBBYEFBTlEzymeVaSezNLUZA1dHU0E8wcMIGPBgNV -HSMEgYcwgYSAFBTlEzymeVaSezNLUZA1dHU0E8wcoWGkXzBdMQswCQYDVQQGEwJV +gQC9AK5saP9/piHGc0T7yTCh3pf59wKFZ8AWVUciYgGmfk+PtUh3lWabYhK7cB+j +6es3o236GLMfesl/WQAwsXHuR/aCr/NAESYdF7zthGHpxB47wHmG9XihklryOqjf +ixCFV4SQ8RM/SJa6lHCdQvWR/u3XSegiyUlFxSkz5J/vWQIDAQABo4HSMIHPMAwG +A1UdEwQFMAMBAf8wHQYDVR0OBBYEFAbNZ7iK5Ae28C18F4T8XKlvXHSAMIGPBgNV +HSMEgYcwgYSAFAbNZ7iK5Ae28C18F4T8XKlvXHSAoWGkXzBdMQswCQYDVQQGEwJV RzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJl -bGF4YXRpb24xFzAVBgNVBAMTDnRoZSBleHBpcmVkIENBggkAk721cMtYA+kwCwYD -VR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBABnlqhW3QU6WZcLsBMHjRn23ruQ8 -8CKYxN/LAl+7QraMQ1bE8rlqQLzKdnaFHq6R3P6adhnLgnyaAhYt3GozRBwsSJ1d -K0EAmbl0Lk2rdRC+53lHOC++byK1pSZM4KkwVZt33z9WkR4gpb6wyQb527g7vSZK -BLXE+M5wgxtjUXV2 +bGF4YXRpb24xFzAVBgNVBAMTDnRoZSBleHBpcmVkIENBggkA5PTrA5bb2PgwDgYD +VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAD3osvnJVrhT4YYWC+k5iMBP +91KDTwsO1wIKhM9cFsQRBI8YGjhcRk5ppTXlAoXkbRIoE96nYrSAYmaizn18D1tN +xn0AQ21tUTwxZzKi+scDHoyeC0DFEHJJpDqRwhctazp+gS8bjnKmLHwCyDBoeRb6 +t4+7FZ7HIwpPNQDEqBtu -----END CERTIFICATE----- diff --git a/test/expired-ca/expired.p12 b/test/expired-ca/expired.p12 index 7716e8edd65a12a15fd1460aec45189db916a98a..71e3739c222054639d489d19d064784f7392e758 100644 GIT binary patch delta 1658 zcmV-=28H>B4uuYoU4O(J9h>QyNC5%@2mpYB18Dh&nu>#?In7#VYJok!^KYW;Q|5l6 zLPa!;db9DB^K3Njxg2mV>HgSvxx_lVg$%Q+T3lsw*J?5uF*kj*`s|dD#i$_0tSkY{ zr1AqSz~;`jWNyjqrYm_&u1G+Eb_^U^3(~Y%7ScZ4Vt;T+J0fL&yY12AG`A%+ z?>P)q>B*$Og2Nlq^k@0LNBO+*-bb$|W@YREH3pV4bm&zQH4^g3t82(<7aG`B%%ARe1K;Yuc!m} zW{mDZn2NRI3eqwTYV5iL7B#;?!&(Gc9CqINs^=!d!bXry_RW6+1es;u_}4Mo*xt?9 z`JTLe1lRn|GGLOHK*#5dC>IG-4X$9yLLJPFVZX> z`Yv-!=6|oM<-EL18B%xr)Y?!qxZK;^eLA~KQSC;o70pBiC1=^R=m1sCq7>!uPL|-L z7OIK7Yve9rNrQW#cwJrQBSd13M^Unu!|Xliw7>f#pNMVH$W&*-&R_?4$vh3xePn=j zu(SDHKBx6p09K|yAcoX)!()J~lE3geB7dPJkGK4W8b&~=n4_v3?!!S} zz160X8P~7<%BH(~2Be4tjoX$e2BE~Jsol#^#rh>w7Y{6YE(Uf7=B>S=9gxjDJ(Vq; z6@Sy@@a*5Bb8F^7S~+L^#1jy8@gHsHvD!as6Yz6=jmo%y@H9CwF@yzjZHh4qk(zWf zyT-)CR6Z3RB!y(R3em|_Wj<~7D^Bw~RCxQ~_B;b@3xgm6=+34~8j~|>2ml0v0)R%wOWicR zZ+)p}H<0bh-%XKPAzivLuw@X9zG(<<=FdT?&E6{aYRZ&bo64wcJJmDhLPD>tJ?p?VN}^82nv z>!=lQ9ulOtON_e;7SP3?WV8)eiH(hUxmENV1*FbpzD3X5`xfI|&;M!!H~SFlk4?Q2vp2DFBEp0SqXiu;j_c>TA%)0I=N&>BSamS=E`z<<8@ zx<_nLRq${00;E$gVfIkB09ndy=at0%^WtxFBd;}EyE4@+$(WrxNGm(STyDyzj^&1> z_+g!k-`}&O)0uF2R#c)ZAYPo1hJ!peK$%QJ^g02+!9P&M;9|gOglXpPuRM82gPe+q zPT~~cA6GWXJ5DEWwYXG%oFK4N*nfh0BOwkHl6>V*Z=`c2k*l^_rY~FF-PZefy#){^ z^wp=zp*MjSXu?=q3_QknSV4pLT)ra()Vmf~aDV{ma6(%$`uU=IdB&duv! z=pmArC{XY~;{1#TZ$sBv=Nq$Tjj&J6LFO`F_ypsC{m^e#vZB_MKW$lS9d92*>ST&@a;!<^lo; E0LLse9{>OV delta 1658 zcmV-=28H>B4uuYoU4IyW^*tg-1{?wc2mpYB189)#Z4dTI+xchzkjJ$0SPa?p(938A zGs~h$5CvoUgTxBROfSya&?dZG9I_|L|I!_aDh5;Ze?_Fv*Tfr(uwo=LW9RiNNy1(c zK!a7K!aNKiN6}$k55CPN)GKDVrjEXXCnulD_NhtuMCiqOEPo9i)g@(pM_cbsopGv2 zRMgU)r_cnfZwHXe4;5%TdaEJ>?<7oIF~$lhjoNGSKSlg$7>x$^ z`=Pb6F_2jh5o*Hak;=kRvX25a43yw!jGC&R@1ZONIr8R!rd&Pep}kyKL+m2F{px(# z%Y(r8BHsjq?(UOgCe|7XocxMQrR8x6uaBiwsCx>h?|<)$QmZm2yc<$G#;T3!9;TS2 zDh{SP|JG`aoGTkkMDx2<*w7ve#N;eFQI61&P>`)pQsGQ|AYNNa4()7Z(v(z42ec3+ zy7z7h&K3zstL)PX{`Jg+`;m;eZD4cU4>eE0S0LE;p(qx2ks>=u(vMM1X;lIuS>aaT6{?>%uBzu^?v0$f?u00>Dky3&Ap);Mox zJm;kMoR%r*+eSR;#u0wCC8j(nuCv)I4|c{T9)ANv^_b9=ug9cpMa7|QZUSz3AlQ&t zxbDiChNRz04|21eEf)8=hIV0#^~x(S1eDk6CWO)1-y7fQnV z9e;5$qcYn)e8OVx90^}^Mv__ppa_klh`w6UH* zN5tV73PD3$u3+RJ8fICT)#ibn3Gq!;Fq75;MSlu1r{>!#)~Nyl2ml0v0)WzFDL=)U z)i2)C67n6< z&DZa)Kib1|$=OX112%SkS*af{LT^!pH>CbOFG9SEwBajUG-*I1d$85HZScs${Qc{`>CWu=x6vxw8%0&gwef>T|v6Ub`M{B9?&_w(@RR+E$Wo3hQ29EBkSU#H+4JvEWqi=}NY)qk!; zD{gM9c7PUVR!dJPxpQDCymQWcY9?0d4y?XI8S~UDUc)is_R&bpp|+@OG}f&sy-4ZV zKf0TfTK1kM6gdvo4O%iLRZz7JB1;6yR*iZ%b2`g)Bqjg4z=|Ah;y3dY4a`R7ks?-q z&rni?p^AhWT9@n0#akk+f0d!L34h3_c5>)yO#t9Y>D&)+P%;s?+6&+`lWvx5gVE2A zq{BIkK+e>N4XR(B& ze=~tezZxE_+MMd)ioT>XA9O~8#&|*uT&lkmhl~_zL*K$ia-FFViB3LEA#Ww~fS_?I zL+D3=8UZ~uQLFQ)dM7wBB`_lf2`Yw2hW8Bt2^BFG1QfOo_oF4AfP=qU8aWaVPQt{o z2PQBvFd;Ar1_dh)0|FWa00b1mLAX(>*1&EXTCJ-#Nx4U^miT?V-c*(M9cSXax|MQsC*ILNpOWd)dzxci|;jsvw6k#8mV7Zuc zRnqam5D!LzHTD|gr>T0C!j9nb1CAZ?-s9&2^8z|4S_UMUfE`_vZE;hkv*GzoceIQ# zD8%0cM0+9y4S!+7!dqqj*b2GUeZr1AU7<|ZY6WkxCYBCxFaU!A`!I4~S+~!LiTQY2>w_5liFO9$6Xun&Ab%jVNHcnidpiIcXrbYw#xl#v z_^nQ-XR~zWD_uKZAbXK$8l?=TREPT29!1&t$ITsEM0O&;XTp@3E_sZTfkNp={CT(g zCFF#b#=X2FOTETew`%n#st74HaWyjMJyBjgG=yABdOaKQ3QgMFeH-irt7|nvOHFj? zH$r_WOn(BR$7H%_S4{UU=xH;zP^*0fZ?KIncG|0m_~+WoHt!L{2TYNH4?US?Mk}5U z^QoHXqn3vpG?+-Y`E+XBgqUv?b{foLrzSh-nB~daF8JOMD80$ju79bR84Qrg$Sq14 z2XL%OYxevCDyLflV)w^T48O3r0y1+Z4d)MlWPerKz7x7O99T^v($cjQ**=l9W@Y?m zU2s-6L~4=Ejq`xPk04^ZmWMAoJ7LCxtbKH)Q{aHN^ulH1lqsYH;ah4~0cEpT6AQS< z`R9}2oV>feGMLp7!sQ{vNuMHbxm%NurX&u}>Ir1<{N0zxb8&z->@`)x#CUgY% zuaHyq8W>OoJ@3<8aMN?+B;lc8wT5#5Cy~1mdq{N4J=vSMAtOs^+Mv#;+lK;e1uX%3 zKqkPvh0A97P0W=n(T%SdFoFX41_>&LNR!qBJ%1FrV`u@rm*)Zk2ml0v0)R8Xf=Yq> zL~v+lSpIzR-_qp?PYS*k{o!-s_HoXdYK9v?wx4TD(lC`|vWsoSX~OMPqrsw`1u5%} z1t*LY@5vd+VY|)GUv%xQf7;#;^Sh_xc0+lppjeoDp*?W%i6!Sish_S)VZKgvfZhUDAUPg%yd9s^ zVp!C4B=AoE-~iX5IyN;$<-k0qfd-vqH8hN%Q;@V-mJ+H?!xlbVcH(b0;lhhq%hq%q z(FXLCLc>RF7S9rRKiSnc>HEF8-8R+*M1N6a3g?@zalyqg(aCwD_nlm%qsq{?yx0i3 zYsjRrUE@U!3cGy}?+s|Jj_7JLH(>tJubZW|fI>HA7} zYfJA^kG#Ir{TvNU#Jfd_O>xDx!|_PdTJ>D3Ia~+jK@#??7CzmltD`}ymFWEDaDQmJ z?RO4@MoUt^u4%Ptrpa@NlDyJf)yLvf2XFKVir1B^<2};Y!sZYo5&m^rt%PU_n1`U6 zuUAGT-*t5$;D1EaoVGBLji%h1>+`E8boe$$Z)N_eG0f923nE4&mqXs6`mGO0Fi?wU zA)tSS2=6se=yhW7uIT6osrNWrrhhM!k9LyT8XHD-@r z0&{%S);nXW+HHk@!wF&9`axj6#=WX_KzeWz_3i2sz;LgN#qtcY$gu)aes4g2vq`}9 zKoRiklI^yMrvYkTgZ_FkB`_lf2`Yw2hW8Bt2^BFG1QbmfBs4tO#}9i`C}S*^6cCRT z^uRDNFd;Ar1_dh)0|FWa00b0Tur>xaix|$JUC=(Ostt%P_{0wyFAaa-m#TdkT zTEi8t<`#ZZa>Q|7K+7E|l119brJGq+Mr}=W#4z&kWHliWI`Vy#LAP>(#sS>c>a)LW zmTp81MP_|PfodS0Y(ea4C+DaJ=n{vY9n1CV?m7Y>c-qPYL4O6-LvORHssA1|L>I!C z6ILFl4dQ#2{>DK;=t|Gx@f>&FVeei| z_7$SK`*zLgD1VvxJ$)8X&h=)|%=Ja0gI_3Nz%&u5n^p!>0C^YwkrG*}E+kspi?;K3 zROCx5Z^Syxcd8;F`I1?I5(ra)uDgGBfS6!^DaO^F?u~4*>8bqLA02=4mTf-|*H$Ot zna2iq&JKzr=-Gi|iPxcHJaZFbsQ-ryPibJNEg$Vs#ea_bFl4X|O5jIG(uynOEpk`& zAosXoJ3+OOD&tijJxG|@l-`PI9W_aSN&oso=jLppyI~hmay-^Zr9jtOoCqU`T=Njs_Wq;^O!ub(G99-G2eW|B0zNZcvG-#|_u&`Ev{RYt{c& z&ww61Jt!ZM7ri&%ibD?%m|aLTKOlSU{jnpe?R%aZ+QJF?b|2IKOpJO;!kD0iDHHGI z4v?Y`FT;JR5WOc1F$l8^q$Xv{IVm0n$xw=A`?vB`h&8`ET|`D?*CF0AKz5fmF%w=C z=zp`C>q_6UH2mHrPEeMTu~DVYGapsl@QvxPw~|uSN;{RsZgxJj7~N{#0@Gs)I!M^P z^077T*q(i zFy~cDP~td6u^Sr=n4}<}FoFX41_>&LNR!qBJ%5>&^-nN>h9h=PJMO^**N@btHBsI(yKcE?ohBAw2n z6DBhW4Z}}pjKn9U8k2{Ah;|zb2+pze<$tdr%NdH}w{tmmaQM{C6c-qXiBl2FBxu1S zj|{*|2OT&XC(h9oOB;|1pa_a?EbK*rSezjIGb@@GcN+{z1u&XXE))Z0%&y&nDA&TyhRJ#fdDPk-M| zkA{)$&|=UN_8YY(lm4lpUA)8C<+~kLZ@L~U%|4k;nQMN*juIWRg;K0Nvcph^R>?D9 zOc0ZyL@mHF6x@eTb6=12n)nJXT%#0RD934d?1P|_`th}ZuraHhOod$c8C^Ly%r(v#q8P;)bz z?tq3u@Qk;Y3@u07;=t>KFBX{L2J&tbr`zG%YjpzHv zmmKdiXmdO#$MQ>{BBIp29|5W#jcxHF2TN*y#rM<7BSaPGR?YRWo@YB%=x?9Ih-IgJ zjPi!%XZ!rn#&{}n<0C^cB`_lf2`Yw2hW8Bt2^BFG1Qf{I)-E#qM_`*QxKGhPYRN9q zc9k$OFd;Ar1_dh)0|FWa00b1fnaQqJb@ibNGh1LflStUKhvA9@2vZnqFkDXoivj`& E0KT>$6951J diff --git a/test/fake-ca/fake.priv b/test/fake-ca/fake.priv index 3c8fcfc..876da90 100644 --- a/test/fake-ca/fake.priv +++ b/test/fake-ca/fake.priv @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCzJg2Y4PEy7IHjJtnAUoHsJTFiwH3upubJ21J1xIwbuwCCvUrB -pj/OzEzaPdxU6fzjPXD2wVDzE2vqLF6hvxyzUlLKXmuB10lOfly8vkMHO7T/P1pO -4vrZIpzo3pGFgx3fw4E4ZCdlsbjV/yHjVpO6+pnWdpka+S7rOIKMJfjfMwIDAQAB -AoGAEw7tS2JCxqQafUvYxnkAkVqzkkngG89tpfPLJfQu45RVTZNNrKQ/DYT2eBE0 -q2PpH1Od/OI79mAOju8BcjueldeO7bWM7ujW3o8zt/k/enq+Y/qcP6tWx8ulm4Ij -ALno9t5Zcp8B1Zq2LV/mqRvC25BbFsX7K6nLKVnnUkobfiECQQDYOaR6Ml5jrnXZ -a/EgAbx0wYnpOFO1ZU1i/wk2ffK6P8vWpuvL5Ad5QF1dBxWo/mtifTzNimuk6BYG -rwJPsU+nAkEA1BpsX3/qGx8ze5XpQEa8hbUVidLhMldNrcskQXd9KSd8YJPDsTcC -HG0DDu+7hhNaWEV2hLVTWeapiMAk4fbFlQJAL6ekpHnta7LLrnunzRIU4va02n3b -lSMahzMGaMghcwMUfd6UIX/EVejlqtcg4voP2MkZWYOkbdfo4tg3fjDqCQJBAKV2 -r5CYw1LBNnJ08m/YPv231MOeJVwWS10HGpOP2a4fRaI54/H9zcHLMRWX45ymwFYY -amsA4bNChINQEfXNgzkCQE0lhV6MD0R9geM32+pCQlImfVIhsLYQJs+D2lsjlvSW -S4nS6t2M8CFVJlOvOpdZL3x7eHuan2dhHHP1sz3jCx4= +MIICXQIBAAKBgQDcesdYOZsBJPCJvQicfeyNM4uZT30FhKTO47/SrQiotN9nE36o +UVzqQ096RBGrxxGDEYaexqa8p3gHp9urqAteHb6MhimkASns68UwS9VwBjqkKTz9 +TV91MgPAgUcYkxuIOff+sYUYXDUQSExTWuzb4xlG5+wfrqryYEQkORWD+QIDAQAB +AoGBAJesy0hxUKYH4IYRCkSGCF7XD/knCs3qA2rkmMj5CpTs4SdK7P4kAvSR27Iz +86glqXFudBr0dC4iU1uI6YD8eNw+VqiYJDSICk01DV/lHfuvu8k8nEgTgZekjgfC +ax+xiQbvtGko4v4Fz0Wutz6foWzevJeHd21JDhvw73a2EnkBAkEA8QDOTRt1KrsB +erC8scTuMrWu4bKSjqOSHtihzE3ZKcQrIMSp9Xmt+tmskhLhOFKkAkyUZ3I5lExi +yJKhw+3FGQJBAOozCBXnLQN3vf3fUMwsyorb4S6jlZlvmxBGQQ01D5Msg3kV75fp +4AnlAiNpA/w01mZxpAcjxhwH5SafMCwdseECQQCVf9h5wISoIyVBxIzpAa55SnbX +jvyW+yTTebK0l74UyJmwVA7SNc8VAx6n5opLdAhFXNfaa+MH+XJ11W//qGlRAkBb +/Xt5jvpBWHFKHMNRz24nKMLEXQDP6eSQeefnViYt+tgRYapgkz6q5Eb4vbERCXgF +eTGilEymiftaNkDnsypBAkBdych3aA7N186aNQ+KPN+nfnWcMyYh9yQm3VzKsT1R +7Nh4rf3yB/Y4AI4E/qfeMr0vbWYoqft+hmE0rPNCskO+ -----END RSA PRIVATE KEY----- diff --git a/test/fake-ca/req_conf.cnf b/test/fake-ca/req_conf.cnf index 2262038..41dcda6 100644 --- a/test/fake-ca/req_conf.cnf +++ b/test/fake-ca/req_conf.cnf @@ -1,5 +1,10 @@ ### req command +oid_section = new_oids + +[ new_oids ] +limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9 + [ req ] default_bits = 1024 distinguished_name = req_distinguished_name @@ -10,16 +15,13 @@ distinguished_name = req_distinguished_name basicConstraints = CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always -keyUsage = cRLSign, keyCertSign - -#[ serial_cert_req ] -#serialNumber = 12341324 +keyUsage = critical, cRLSign, keyCertSign -#[ email_cert_req ] -#emailAddress = test@home.org - -#[ uid_cert_req ] -#userId = testuserid +[ ca_cert_req_nokeyusage ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = critical, cRLSign [ proxy_cert_req ] @@ -31,13 +33,13 @@ keyUsage = cRLSign, keyCertSign default_ca = CA_default [CA_default] -dir = $ENV::CASROOT/$ENV::CATYPE-ca +dir = $ENV::CASROOT/fake-ca database = $dir/index.txt serial = $dir/serial.txt default_md = sha1 -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv +certificate = $dir/fake.cert +private_key = $dir/fake.priv policy = policy_any @@ -90,3 +92,20 @@ nsComment = "OpenSSL Generated Client Certificate without Flags" [ proxy_none ] keyUsage = critical,digitalSignature,keyEncipherment +[ proxy_invalid_usage ] +keyUsage = critical,keyEncipherment + +[ proxy_rfc_pathLen1 ] +proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1 + +[ proxy_rfc ] +proxyCertInfo=critical,language:id-ppl-inheritAll + +[ proxy_rfc_anypolicy ] +proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB + +[ proxy_rfc_independent ] +proxyCertInfo=critical,language:id-ppl-independent,pathlen:1 + +[ proxy_rfc_limited ] +proxyCertInfo=critical,language:limitedProxyOid diff --git a/test/nokeyusage-ca/nokeyusage.cert b/test/nokeyusage-ca/nokeyusage.cert index dd98c4a..7469a86 100644 --- a/test/nokeyusage-ca/nokeyusage.cert +++ b/test/nokeyusage-ca/nokeyusage.cert @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDETCCAnqgAwIBAgIJAJXRhilSGEmtMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV +MIIDFDCCAn2gAwIBAgIJAMam5pwcE352MA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE CxMKUmVsYXhhdGlvbjEaMBgGA1UEAxMRdGhlIG5va2V5dXNhZ2UgQ0EwHhcNMDkx -MTE4MjAwOTU3WhcNMzcwNDA1MjAwOTU3WjBgMQswCQYDVQQGEwJVRzEPMA0GA1UE +MjA5MTYyNzA5WhcNMzcwNDI2MTYyNzA5WjBgMQswCQYDVQQGEwJVRzEPMA0GA1UE BxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24x GjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQCoVc7fs7Owtyzi24NxaBoemkPQRv/mDDfhJTzX5cGVcymMWXLqhjHk -KhuCziQ1pIRFPPUxmlNJneeo95WzrCWHe3HFILDSrjXoIw48aHPcgHmJRTU2U+wE -fIwvw1nrSsQXS5ftQuMb5PcOCcI6cZiQzZquEy64Kkqovx7CvEKqOQIDAQABo4HS -MIHPMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFD5yNicj3eNgIHr1/Ou0UciEePrH -MIGSBgNVHSMEgYowgYeAFD5yNicj3eNgIHr1/Ou0UciEePrHoWSkYjBgMQswCQYD +ADCBiQKBgQC1sDcjw5TH+LYj2sNRaR5CEo4zecP3nMyGWL1B84HEDBejvNXMZbpk +FV6aWc/aIsZjM1NVKDBx4OH+JimjX1y1TnURlq0k4S/4/cqPxIX6wY2Om0QF418l +6yVEcXPFkGvfM22MkNDdukpBxYIUYAlcoEflb0wVNXR0LD0cqaWtkQIDAQABo4HV +MIHSMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFHtqwoVzbfSCBoAchgVr0Kdlb+QN +MIGSBgNVHSMEgYowgYeAFHtqwoVzbfSCBoAchgVr0Kdlb+QNoWSkYjBgMQswCQYD VQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNV -BAsTClJlbGF4YXRpb24xGjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBggkAldGG -KVIYSa0wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAAZY4vy4uPDsiqdp -Y7LycXMQ20Dzp9WYOncjrUvw0UgSiF3kgOvjdJSNI+2ISSCvL8qKB5m4v88dhZvV -N0xr/QhTZidAH/EnarURy4s46ueqW/80PGFszLsUQwMB/lQCKDbXXiJ31GytxZMr -tLUfi9j+FtxbQRTNBvF93zh2sVwi +BAsTClJlbGF4YXRpb24xGjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBggkAxqbm +nBwTfnYwDgYDVR0PAQH/BAQDAgECMA0GCSqGSIb3DQEBBQUAA4GBADhep4H9Lnfm +uoKLUR4Xuyvnv8OvvVtqMO/Gk35nv645jqoFfLMX/hWnMke7vd0oUiMoWo5B9wlN +CWW2z14rRg75aX08SCT1XE5UAdrBQJIbKzFRGoEKzRyukfMCoX4K3mVdGwH7igoH +sF8HmwdlUOl0gaagKM1qWkQrcHGNLEeq -----END CERTIFICATE----- diff --git a/test/nokeyusage-ca/nokeyusage.p12 b/test/nokeyusage-ca/nokeyusage.p12 index dcdeb7d676ae05187536b0c50ae8e650caa1a73c..42e628af6185e5809176b03119656b174cbd3ca0 100644 GIT binary patch delta 1740 zcmV;-1~d7M4wVi-FoFjW0s#Xsf(F+H2`Yw2hW8Bt2LYgh2FL`02E;Ie2EZ_a1HT3d zDuzgg_YDCD2B3liurPuHtO5Z5FoFZ6kw6`Pqsp;|&cd|Q0s;sCfPw>fs~oD-ZmF9o zWvreXwaP-zAJ$Z#cjK>W&4O6YGTM#Twq>0DY9v^E&%q4B`=cSA?1s3j60V4IM;JPP z@`jrYVEnl`m5qS~|*Bs})EOXKvSyofzU&T z-=CUmGa_gnBFkA^>n*m*dB>QC?A^=v*y_k52$OXFym(p{uTIkT+k%BcE(pTL``&9t zRR&cqR)IONjyhO$UB-;J;+8*(El8Jt0V6X8-601Un>K$H-@Ed`daMk_o08?zhHa@o zlg`5)wc^L7y*;leO1~JT*Ggz~YK%gjy`Byes&O zqk?XAaimcXdKQBEoqa03DlE~h?FIq7Z9Kj)AF<3_9ZrA>ub)tJn9?C2PObERQ3)0I z_mQLSkeJAx<{bnHtjZUUYGy>)ORZmC1}gQ0koZ~Ne}EC2_tcB!$fCa_a* z4@Al^|H_-rN6KY03gp}NZoz6d9BEy0Vez}_@et%oTJ;ahzyZ;4Y*n5k7R#@vn$ogz zW{=^Okg1a5`gU(+3y%K4$-p3gvYIqU-Xa1*1fY4~@z zu-t)to^{KQ!&*QxPdSF>Ego~AQx5Bqm~sc3l|Rn-50@0wvh2R_t1l$qOmm%}q+T%~ zLNXJBErmh}4UMKdUFiR_-(ebts;{kDqh5Y_G{@K}9gRB_pApbQnUFkx-Xo+vAG!s~dC3)C^QlR)^GHS;-NMMq zim{U7t#g|%$&$UjO-GNckGF}KO5BSFw-tja56QjdH9K@(hD3`ygSPY|=_CA{`KJ{- zv5lqlYaD=j|yN<})rhceqr9E6T+_ zsV|95!6g0W9VbQ(IppyC>J*jas$uqNokBdFL~xZhVA`ux(+J-WMnN&~5vK{TxjrR{ zAU`>i-2+B{7Qu1jI=eRB0s;sC1cCy9dt+d`n{-a!`PbDEy*qQ)sO&Cg!@zW3Zm`_I zhUwS01(pRnrr}5$mfgvW8{Ji5aFc@V;6F?KLZ4h#W(?NG#TTL&!Ob`E#y3grUS_xA zRDUW3Wji-kdPi=F$90oj&-4%Cd)CXLK!4eOuo@|UyqW!=RaPHC&V1QY-Y@UAj~Vv; z>ACON#@iC^ek>xpuNpr5C#>EE9GlgC{;9&vA5W8>kJJr*F`L1=IbD608U~=4Ik(;1 z(lEar&eJV{e9t>cC^q1Y0dV9Pscc2PnnH`2*2XM;jCJ0lny05}UIr+UqV{YI^20rg z-s-e}s3-bUom|-FG_^U(R={P6d5d(}j@Uf?0|6VuoaqBPwEw8~4mpd1kgT~xK ziGfUr5*ZH>q<%x8%NV8%E}xBxJnUZpXw21@N|YnsV85VX@GnnuxYIIsKNl>l#_Byn z#bnr3Tw2g19!r?1V3+ae491aCvK=s$SVt6pW1w8sW)el0U6?Kp$`)?7fr0ujF%Vn6 ztY{{E3^F@uCiI>pYrN8uf%jr7rU+`8TTspxD2MxU)AnALD0F@x?reqCwlqyT`er~L zZ-qyds|DP9|@Nmc!LOX(}|~Vz^{1c@Ax~Rq7rR`*5n~+CF7A)A2B5`BL)d7 zhDe6@4FL%iF%|?AnW5;>SX#CFI&G8nXR%N$gOi;nFflM8FbM_)D-Ht!8U+9Z6tiqc iH)EgO2>pN+DOpTYzwj%rp9Bac14SbG%rQ{{0tf(PC_ZEW delta 1732 zcmV;#20Qtc4vh{#FoFjO0s#Xsf(Fk92`Yw2hW8Bt2LYgh2EYV@2D~tW2DmVS1GfeV zDuzgg_YDCD2B3lis4#*9qyhl|FoFY}kw6`PDgt@Zs^;e30s;sCfPw>XrxlDRl*QY5 zAmMJ-!A&r%q@>bhb+-kc+Ezp$qPB<;m0JhL$@;AaJy$fw`;(dR^-T~2M>>-S`LCS3 zxfk=lz>RGb7=@3DNnc#~pI{?R?v#a_l*HpJ1nQWUH}% zzj|Bc_*Q%;yB-_H0uoYFQ;<+(Aan3|0hRijt`LID zd^qh{s=glzctdxmLJx+-A|$iO|Ltpk4;W&)J4ft@-Vz1wn^5GSpIfEyXXhmc_`jWt zfKXRZs#>U?$WWI?9p`rue{Hr+%agj=n6KLr-jLKe}+$xQe8<}8G@ z<+)kAvEE_!iibwfdu9{#+zM4VZy|)|>PwiPAV3&6J3qXHotO=DE@wK1Wyw+=xo7Z{ zx24emajn>&bu6<|zb&tsai+@a^*ViR*>PJAuJ3!ghpOiG;j;tFs1salm0)?H3y{*q zpl2IATsy>-su|QWr5ZZ}xlc-ewUjif~*y5}{U1M3BIdGeg30>d-4DA0Ax>x3PQ4_Wla#JDV|wUYW84 zq|0YUjUBkiuEIEm$yAz+TAdF&Q-k8Qr}1(>y}5a6LS^Q6ApH5l#6SIipq>XSBBe(X zcag8aLLO=F%3_*JN9trynTgX_l(7Bf)5i~uC*YBv=0v%@5)kv;?= zkde4<=}X%UDh?33W?AR7oo}`8^A%4s3yrL@YG*O1N;!yHB~7;n_2z?KXO?D@X&0s;sC1cCy9Gx^D*q!wxo(KWqvW)z8$GB57SIG@3-nV(S+KdSYz&MbXi9>w>8P=iU*LQKRB$s< znB@;?96}T#H+((*!N-aB9g7i1AkjvDZNmvX?EHDs!_A`m#>Ed<5RHVy8~ChU`{RHk zWT`w^9`zsF75|I&UNCscnKNW(Y6pQ-(=SC=tQey_uam*Rx6F~YIsp)qPLa#Ah{gVL z{SN2PG!tRlqD(Ie@d9aWnZm!AWedP1O6vJPDSx7yizhBuy?W-i{Q{)(Lmr5KwXRZ! z-{Za6LqmOBCMo{vp_?pX7kR8~+c8?${pmiBsO3ge!)S6&>vA*EXT1Sv>M0(cu4Haz z_RxL`)#mE5 zzM;}@k-5eJ8uKHy6?bB6mGHt45Vm0Gf(sK-Am|L$-)KyvLuaDeQL}~Q?--t~{{W}= zokI^Q43w>iH@CMwYdcfql8{tt2$uG0sz;HXj@{e|ZEufS8M~?%t z-pfMUs_Y`CMo*f68|(fd7#~{)z(2x(PS^cPz2lX0RG|O5&2yVv*sR*9lyLYot6+08 zoZn)u$2979d74ZHt9BhluN~MWfu3k@L%rZ=Z(m#-usrUP7@|r-LCJxQv%BDlpVb2i zDBe0BmwZ!1-2{IE8&&>q`A;^}^_TVW`7R(bnm4u+x(J00@-ZbaBL)d7hDe6@4FL%i zF%|?AZus~Y(MxuZb^@=VLMZ8Mf?CE3FflM8FbM_)D-Ht!8U+9Z6o3kNx6qdLB(9B$ a1yj@lt!#91s{{zJcrgZkkmsDoZdUJwW~z@ zv8~{bwFV%i)BBSb<_=j|M&u$LKh)ud5&WPipeLnAe%?WVgDk6>i* zivlWCL4zUzj4Od{iv6Y3M@e$>BhurG3^dQw>yr|Jd3UL(pl^np^TZk^YPS}BUN@LZFT0PjCH(06TGmmv| zyDhb;{p-(ddw)#r{6h*+E7yX+`H6@d5fgz&)h>+3x5nY{z1p^0Zn{gy&=wl@O>%^c z^%Ji*o(w(2e~?cb+8@98RKnqGC;(7_bIF%Bcmw0wIA#Bx6JPj~^cp&#!O%2fQh?ijwNsxaCosI^pz&DE zssX$65_s_pg&Xe}K}nL(zUs2n7udYrB_JfQPDwCIW?R!}6`cN(50=K&!i&TUG{@kl zx0m)>lb(TIla2%*=Sn%^n!oRZRy2JAp}T-iA8L})RWW`a%nj8VS#8e`DelxO4wG?!MVu(K9FbqM` zr)-)wF=9sP9Et{n-!jF;5a;o!bd_kQaErZ#It^zJ1&EYd)}H%pUYjNTbD^~cXB6u4 zF5f!AH0BMWeL?ztN4n>6s573J^n}cOWa9CWPk)O?EGF7`pvS8qr8*sJne}gPXlkK_ z$KhO~Vu6D9Sy1O4k|Mv27G+E}l#Ki5CAmp;`iZPJdaDv@!^V%a3r`jiLMo}rfcgrU zDH)?uKQ0A~8+{rg6m0cK{J2dt4#ofxj4u_5={S17-P-`s z=6?c0t4!#*Wo>EwnV-{pV{zltD^ov2T^kqyXv->uRhIGwIxQ-`t#4|J%%e@Ky&LNR!qBJ%3F!6G>XDG1CG92ml0v0)W8khkYde z6^wt`Iug{V(vU9n?2Q$j+q^vaU9S)~4;a44<4#LGUV>>DCE z-coWK=<6%9C@TfF%3i(H%qywCERKAt)5{3;L5}X0B!8o1D%X-G9c#WoQ535QTXj8K zV1J$5ESB;1tJa6{;6%X7AQ9&6lEW9j(<&NtqtEpHr<7MfX5ixc3%0cU6x26!$GCza zV9_7Xy%_cO_acbVe*F5Oa28<;FR7x1-ZZ8BB@fxK>3Zc*5cd)lS4{3KQd0AiC5MRO*-WC(BPGt2u z8@6PQvkcqG2t(fmfo;YqP%=6qp&ZI=#tCD1k)~OMPUrmaR#n?)k?0YN`%!X0h!F?C>-)X+HwiG7GB`SJ=n8)aF9Y`bvx=&y zG8F4+$3WrT)%{ant-2g1Y}awa9e+Y(_>=Av`D;1C)&Hf2+Kyy*8s2H@#w9OX&NXTO zDDs=Czo~Qx7V&_11E#E&B9JG({_1FhKZ)smI4}D5foY#Zx(22BO;$cSqudET8NrVX zjZ~LZv;&B$6U??uusrays|_o<{KO~%ZuVeU4f!e^Y=s$$8-F>l!!hH9NN?&B6dE$% zc161rJqwXvebfClqU*9TB`_lf2`Yw2hW8Bt2^BFG1QZT-lTisZo7x7(f-`yq|ECl| z@ZK;nFd;Ar1_dh)0|FWa00b0=t^0GU}v;_MRH^)Rz z%(oYIp%#5&031g2GT8n!Xp8_(O}irm?*(*#z;^WU(8}@Rl7BS1e|i0$Y=qz$%1KI) zyEzcrE@J4h0zk(iamIebp1s%E1SDu&HN$A?zEJA_Ta?y_3*I-lF6kRQlhvw20)hv< zZtiL7zv?8CPr>objD`o5Eir#}mM=b|Cz@z{;AWmFF1LZtx6;Ch2RFskrBXv+1!5Cr zGwpNPuRxx{p)Ee4;M6S`0e^{A}h+2~nHtx@~1Pz}4s_-9bq zQ0FBdzHp;F@VwD!yK2u4xQi_y5f7!(k$eMesk`cCBU?uz<;w)xStd6^Xx*B~fCL(~ zv1Y`K9dLv-1O?dube(}{h1gK8N!LFrb#8{6$A8(K+>PqvLpH^{Gs<1IF(whVn)(|c za=rp+d1yBO9&TgF$8y6oM#1biyH}XimY>(_(5#LK22+S9)t>HDV0~QD-NBc2y`bsg zGjC47x;`W9eIZ^ej6{P@FkyG<<{hTweCYSZq+gHNMEHLg};~z zh<~m%F@7>}HskE9oj-4qZt7K2wytvy@8F4hZLiN)nnR3ESlJb?Y}pBum4T8##Vo=PBB?O z$@gM_MpAzp@0Zw1y8wG9FoFX41_>&LNR!qBJ%7l|l#HxTx$aT`fMt{zH zLVvwSwiWFMH<9Ia)*G~!!B_&nD-Bc}4;(!GvexFR-?ljSE*Jo?(X-lb#um`C@2UhAcu@-_EjxtU5WxoA>Qv4%id1rfQMH+n-^6)Dc_DT}=rpEZUU+m>=T2XM1vkojzr1uI?yoH|S)l2}0D74<{vqz=1<`-G!R)j*dF&ksTrfLn%lYqYD2gB#? z$e)AKB}+m_c7n%)qW`?e0gOj5(SK-%^*)wZf&f$3$vdIJ7m0rrhTOZbQj%(3-G$_m z{KM+v3R?&YWnW#!A2*5@#ijnk&8K9eBq!0SKAEU#%*Pd9qbSZh)xHsC?G}-U3cgO4 zk=$X+LuslsMTluzci6LurCauX{#a_z_^$Z$81mNIk*e~kr$5Ae){wL(v2QU=-LMzk zb(}VcPq10TemogBM|YqxB`_lf2`Yw2hW8Bt2^BFG1QdWH+}A~u^(I&X zcku*jNTt2|;GB>`D2f#<3%)G=hxi12{d(~4_P0T~!286S)Yj*cpYWrynRAh83(52S zfQ#oCHLf=oht{{mU+o@LFr|Dl3wv|K%u}UxU+#_ zxbcVEqo3qkj;F_=SvFAlaweO?V^+)EdT+gY(PRp8<8zn?nZd?N!g9<|(qH<2Sx@00 zb5>;{c9#m8;gY(8VzG)Zh4PAODEchsK!lCV2JT`eg_8{u^U;#-)OFZJ9R4ZePC=mF zXKR=L4nG?N-#@rG*H!_b3C6%Z1r8P__t~|gFdGTiZ`@;_TW|Nx^mE%)S$1}aD4%tH z0OXxqGeAUPc4&s?HwZ4myoyABSK2X+wti#)eqqsKCNV?r4auc!gsDvBQ{;hO@;#L= zs-sZa;2LmfwGcbz-hUDmKV;LG(uz&(+yhzC!G6ij4eGi1m3THxzQstTnfSbKR{0TA zeuI`PE(C<_6d<&GqpK+C63;2|nRbs0lt%$}x8cXQE)Cwfva}LQr0Z&?dJ6D+3xJg})`L$FL35wI^Ym=ieDQR)<+7U(*jRqL z3N?tqY;SRR{$Q&6J5(@&0{I3BDuzgt&I3JvY*h(FY-_tl z0s;sC1cCy9*1ui7WRlkB|J)4mAB{?s@1h#D?0K4+XScIuz5s|Ej&9a{O^0VY9chwi zTIJp<2I*k?m~Nych5I$keLQDt3hhH46c^=_Eq-!USx3foZb=lsm?8W;*ivZ+kLRi@ zQrbe_!vNZWEZJaN4^zTT|WzR z=~5FbkqFS&`Ko3XX1^pr?bqIZemP*#nqb)i430^P)JkCcK3Er!SX=5`w{2%#;tLy3 zp8MFiCi;`Oy>i)B(0GW{I4SkzYzqv{57`n-_-$n&C{;4@ZKpqfU!&7TU~HdYd9i3~ z2+Gv*G9CWC-R>&bC2BSd$21&89zfxpsvI7-py;smA}7;rgkAz6XI&_=bWnS?Y>GOe z=g{V_%Wvbm%2KF?ocUV7tGdV8hsh>FFI}`K+m^|(y#o2ouck*6@T1$+ewPb&r90Y9 z&MqYHYjv@&OWb3Bj&)5FcAcqM$^BxN+4PhD98gO?q~adBlT;kI1C`%Gt!WK>M*kJQ zbif-^FU=vTl7CrV>gFhmvNkdWI(TVw5_(&+t2U_*KuC9~HU~?~Qf}lQzo@n;=6lBh0xT&Dt}NR*35iN+ zj;dJ_Dhyh9luWnxLkDIa zv)rI!|B7`s!h3+o-1f($30;_UWLFpyOBdlmP%6|K`v2D*T?0X564Tu7N+a2uVI!^| z_y1UT0lltoBsjx18Nl{Af71nQhDfBRjwb?S?3gkPS|$lmKBW$FmN_CgQgBi;k?I$J zCts5?pQ^7s%liObqnmWj_6i~6z zk@*1%(j%+wMr*ZYLO_Gq;z1GEf@@S&u)|0&xbN30eu#J$l`D#cJ0Co0k-xTvfLG&p zDV~EdALnth!R+=*~rl@x%_*M{c)GB!>Snq}r1<21%=2 z+8;tO;q+*OsWa_jcfS{;N(B-r9F~9(B>1W+C3uZd1YSG$=@<JXErKxe~vORaRB? za9Z98g>u@R%L;mqt$aIn;zPy!v5+SnD`e$%*0NA~6F^NKsIo^rYOe16*F`aZ0@~Dr z4nzb;temhRoFf?*KgVZU5=GbtPvD*dyO!BNq3c__b4HPDodMoTpNa?SoC~VtX zj>ZOG@uyBQ$`1h9`PB0Zi(3z-CQBKy%8|2(tm@2bv8*b12cM5exdLbdq0;7LjZc_e zrYRZpo1!&m6^umc zFOV<23DCwu$1wlchuTj2W>G&;1on4hZ*;(0wKc?E%?;e}v6*>7#?ZJPz{=0BWx+g8 zTV+Ztt`&-Ivx;wiAK?gZRM-tA1xt+;5zJVsz79@#7?u3P*#FAdetqMAS1j>%^!jlp}<^Ej?Kg^zYNDew+10!FmV8QEyqcm2#Z^w53rw)DE7 zg9_2QjKx1TVv}s#)%2-?(MH+q@qTI1i@dpJIFq{SZHXbK@5@%h!TMP8{q!Ycweq8r z+I}o!f+G~3DlMjz*lTEiye1Y^`hKHiY@UyjAskG4qxEz+pmPbS-N^*V`dbHb&a#og}M{+{(h z!>;hAk0TB9E><35I2&fN%G2}`jcD}k5~vJOuWbv@SK$D>kn6p9Ed~xr3+OIn1r?E7 zs-(QEjI4~mw#9@%VCp#F2{f@Wd+X{9douLd@rOUs;mTS|gm{F1PijUyf8k}ztg*;> z;cSkwA0oJP4Lnn9NWrc^NZ3Y(?=dTp!OY{2VmE%mO^o8J$bnXeN#XGodAQHG8YbR^ ztVDad3ynLNEn;N_^vWvwYdrt-4S)x*^ScJ$(4&#yxaRR24PVAHeU(vn5y9TX8ApRT zg26AU%ipVUu4Qt6x>ZvF-MEzf;KVGZFd%HP>Tum?rBvmHF_2{GHp2FljYoB8beYHOpWkTR96sZ=3m zDR7e5{=7+V+KSErnK7}HqB8Xs>S66#Zxiv6eK934BL)d7hDe6@4FL%iF%|?AQT8nv1~Yo$PVFflM8FbM_)D-Ht!8U+9Z6gMC2HiYMe19SjLR((x=ZT6}f Segp{Bgryg4T)RaA0tf&MyEu#h diff --git a/test/subca-ca/subca.priv b/test/subca-ca/subca.priv index c449abc..3a707bf 100644 --- a/test/subca-ca/subca.priv +++ b/test/subca-ca/subca.priv @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQC6RHkw+Ve3Wo2GlVEcXJ343eHH6ePWjppNfMwL7+KFmYvB33y0 -QWBvplUMUczt1UYqZCSgOtTR/+9EIAfAUetnrq+n1yIUNgiYdgaFNEKfMCMKa/TV -RzhnVAqSGzNcN8vnfHaURa1FI2yxDIBbALxOg0TMCqCn3e9ZytoCc9b0swIDAQAB -AoGAB3GTEkT0n2wr+bPf4O1GltpvGmkbZMigG/afxN5aRBKFxkKjHiT6sJuKDIr8 -UIjUW/9Sg2C2fonmyucoyCO9735TR7JTeIiEsrTWKI2OR2rMtvLyUV1x7MzfZtw+ -uIolrukbMD0a5RKKnAI1PqLVqgIDp8nSCbG7r8LLRvF3MGkCQQDfx4lSVZ5deHvy -H33QOqIekglKHesF6tin4J6xHN7l1bi76FpYQuOBmI4EuQfatlej/CbASt5vPFHj -+QxJXkCHAkEA1RZA9tpzslI3JeIBdMMtWRrBPRW8b1BFL7Y+hNBT/Gk5uG7Q0giE -4FH7Q95Phi1fMy8OIGskpyj2psC7DdGRdQJAf6nKAZquugxeSYcFs6F/k4kkm4/t -4HZWG4/deJVL5DrFJQ4tXGTsfaaWfsNAY9narcbQJKuRskvrO+98vu5ySQJAd//X -R+0P2K1aJzhWj5XWtOZPSoIyIxG2VL8yCAN2OKBdhBLMAGwRwG4KrVbFvA9THHT0 -ZKdR9d0owhGphYeufQJBANnY/Uc437oWe7qd/Kssai0omuGTswxztOZWWr4dAokP -9A18VsU3gSmFGMK6OCmtJcX6R3pO3FvuVSqtQz+HTLY= +MIICXAIBAAKBgQDGLdDNLH0tXpamPXhil73aUTOViiQPjf0UsfqzrOv46fMxO/fz +wfbgWr+bkyII7PIJVVhEvcW7B8CMvH2cBGZRsybY2Td2bsqI77LNQ8/pOmH8LjCW +kPqLi857OmSlD6GdwiUKIe7tvs7R6g9uIDZ86PGKymxOPEFGxU1AqgmRJwIDAQAB +AoGARDzmVp9pAsQ9D0S/PQOOxauMHYORYyG68PNPpap3HiBAMsW5XN9+yEW3EDSb +VYNw27HdUN4fRYUn0c3dWmlRaVkfUAtHx1VhcsTfWRxp+FN4enl1HFvi2ji/5UYd +e8z2GumVgwthxK1mGS2Q3pRB/VobGrX1r8384r7qCqRVyUECQQDns994mE751SyD +Aa53ifeh85hbT4kJDN3wjOpQn++JuLu4qWoUHhRFXKD2DL6+TOewD0Y9iAkUAyTN +yuUpVLBRAkEA2vX9aMqv9qPQqBzwScbJQr+YMND363OKwrvQa2ed94O8oFwl/+vC +C83TV5eLxUinfFsT0zNMca3eIQVqBPqD9wJBANp4LcPlyMGkkN3N3hV0j3uy1fty +2QEhkrrYA6+VviSbfNU3WIAzhGWKW3LkvY1tsh+9pzspY3XtKOyp3L3FzqECQGiO +tL6YoyQ0n4vXncqtGSg9k3AkKW8OkoFg7CqNpTovdyBgQGkP7G50j+ow3LaNdiUE +3NeqlGNocjz0d+b+tYsCQAhOG1xXly1tBduUJTQ+V5Cs9fKG7nn9QftCe53CocPS +RHQFd6d4WYZjhxorAduJf5gVXWU2tdyhYqY239dVxhY= -----END RSA PRIVATE KEY----- diff --git a/test/subca-ca/subca.req b/test/subca-ca/subca.req index 8cfc5b1..1e0646f 100644 --- a/test/subca-ca/subca.req +++ b/test/subca-ca/subca.req @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE REQUEST----- MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0G A1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRUwEwYDVQQDEwx0aGUg -c3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALpEeTD5V7dajYaV -URxcnfjd4cfp49aOmk18zAvv4oWZi8HffLRBYG+mVQxRzO3VRipkJKA61NH/70Qg -B8BR62eur6fXIhQ2CJh2BoU0Qp8wIwpr9NVHOGdUCpIbM1w3y+d8dpRFrUUjbLEM -gFsAvE6DRMwKoKfd71nK2gJz1vSzAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQCK -08BejkSBKvmzprupFEkKdaKcu+dDthDDpNGDrGJsYzIM/w4KU8PBQYZ1899YBu02 -TtusdVST6k8Q1uE35qdcd/hHRqRanQM8Vbzfzwoi2iOhUVvERW9/rEfdJ2HeiPzg -550HXO/kRbMOiATQEqNz5JcXWCS64raA7D9X7Y0jIQ== +c3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYt0M0sfS1elqY9 +eGKXvdpRM5WKJA+N/RSx+rOs6/jp8zE79/PB9uBav5uTIgjs8glVWES9xbsHwIy8 +fZwEZlGzJtjZN3Zuyojvss1Dz+k6YfwuMJaQ+ouLzns6ZKUPoZ3CJQoh7u2+ztHq +D24gNnzo8YrKbE48QUbFTUCqCZEnAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQAr +HDqquBnfR1ZvErqw3A7u3m1wq+wWzGvc/AU66wX5pA0n8eGGRoB7AX/VIxowgbQk +415R37S9kUbVc2vW7a4Qr+cAhyiknVOWcakSjf7g5tzg/KYawA1kvvzxLV6dTZhZ +ACTnvCY3Q2DDcvkOJ+20PbACPRpbWbg9ekZYkHq3VQ== -----END CERTIFICATE REQUEST----- diff --git a/test/subsubca-ca/index.txt b/test/subsubca-ca/index.txt index e69de29..16acbf6 100644 --- a/test/subsubca-ca/index.txt +++ b/test/subsubca-ca/index.txt @@ -0,0 +1 @@ +V 370426162710Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA diff --git a/test/subsubca-ca/req_conf.cnf b/test/subsubca-ca/req_conf.cnf index 2262038..40a418e 100644 --- a/test/subsubca-ca/req_conf.cnf +++ b/test/subsubca-ca/req_conf.cnf @@ -1,5 +1,10 @@ ### req command +oid_section = new_oids + +[ new_oids ] +limitedProxyOid = 1.3.6.1.4.1.3536.1.1.1.9 + [ req ] default_bits = 1024 distinguished_name = req_distinguished_name @@ -10,16 +15,13 @@ distinguished_name = req_distinguished_name basicConstraints = CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always -keyUsage = cRLSign, keyCertSign - -#[ serial_cert_req ] -#serialNumber = 12341324 +keyUsage = critical, cRLSign, keyCertSign -#[ email_cert_req ] -#emailAddress = test@home.org - -#[ uid_cert_req ] -#userId = testuserid +[ ca_cert_req_nokeyusage ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = critical, cRLSign [ proxy_cert_req ] @@ -31,13 +33,13 @@ keyUsage = cRLSign, keyCertSign default_ca = CA_default [CA_default] -dir = $ENV::CASROOT/$ENV::CATYPE-ca +dir = $ENV::CASROOT/subsubca-ca database = $dir/index.txt serial = $dir/serial.txt default_md = sha1 -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv +certificate = $dir/subsubca.cert +private_key = $dir/subsubca.priv policy = policy_any @@ -90,3 +92,20 @@ nsComment = "OpenSSL Generated Client Certificate without Flags" [ proxy_none ] keyUsage = critical,digitalSignature,keyEncipherment +[ proxy_invalid_usage ] +keyUsage = critical,keyEncipherment + +[ proxy_rfc_pathLen1 ] +proxyCertInfo=critical,language:id-ppl-inheritAll,pathlen:1 + +[ proxy_rfc ] +proxyCertInfo=critical,language:id-ppl-inheritAll + +[ proxy_rfc_anypolicy ] +proxyCertInfo=critical,language:id-ppl-anyLanguage,policy:text:AB + +[ proxy_rfc_independent ] +proxyCertInfo=critical,language:id-ppl-independent,pathlen:1 + +[ proxy_rfc_limited ] +proxyCertInfo=critical,language:limitedProxyOid diff --git a/test/subsubca-ca/serial.txt b/test/subsubca-ca/serial.txt index 3dcc795..04db0ac 100644 --- a/test/subsubca-ca/serial.txt +++ b/test/subsubca-ca/serial.txt @@ -1 +1 @@ -0176 +0177 diff --git a/test/subsubca-ca/subsubca.cert b/test/subsubca-ca/subsubca.cert index fc5eca4..648263f 100644 --- a/test/subsubca-ca/subsubca.cert +++ b/test/subsubca-ca/subsubca.cert @@ -5,59 +5,59 @@ Certificate: Signature Algorithm: md5WithRSAEncryption Issuer: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subca CA Validity - Not Before: Nov 18 20:09:58 2009 GMT - Not After : Apr 5 20:09:58 2037 GMT + Not Before: Dec 9 16:27:10 2009 GMT + Not After : Apr 26 16:27:10 2037 GMT Subject: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subsubca CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): - 00:e9:4b:ca:3a:8f:65:d5:44:72:1f:21:9a:16:42: - 61:e7:67:93:38:13:cc:c2:0d:81:dc:ff:fe:8d:c4: - c1:a1:57:c1:43:64:18:bd:a2:22:0b:fd:51:84:12: - a2:b7:86:f2:1c:a0:dd:b2:e9:01:53:43:e2:c7:de: - 44:ea:41:97:85:08:91:b4:f9:b8:f8:1e:da:e9:a2: - 3c:1b:4e:33:8d:1a:05:d8:3a:40:21:f6:9d:2a:84: - c7:f6:10:8c:ea:21:2c:40:cc:a1:c8:6e:1e:76:c3: - 0d:21:ec:8f:fc:76:62:d8:78:ae:e1:11:9d:3c:66: - c3:56:bc:bb:8f:87:d2:2c:4b + 00:bc:29:f6:02:17:f1:46:b2:28:0d:50:1d:f5:b3: + 90:1b:ea:43:ea:cf:58:eb:fe:91:21:64:59:78:d9: + ad:dd:cd:82:5c:1c:17:b6:75:74:fa:42:96:1c:b1: + 1f:a2:76:ab:06:e4:ff:28:65:49:08:ed:b1:92:c6: + 25:7d:ad:dc:2a:23:ab:b1:bf:06:71:27:70:2a:2d: + ed:3c:dc:1b:bb:ea:ba:11:20:9a:d7:9e:9c:62:18: + 27:bb:05:74:b5:50:44:33:72:f5:fb:37:a3:00:44: + 55:67:74:0e:84:ae:5c:72:68:30:01:6c:0f:c9:bc: + a5:c1:94:e4:2a:72:26:ee:e5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE X509v3 Subject Key Identifier: - 03:4A:F7:6F:2F:37:6B:B7:24:C1:92:6E:FB:54:26:42:C1:84:20:26 + 1B:F6:7F:35:4E:C6:B8:06:BC:67:63:FD:A4:93:D8:9E:1F:D1:C0:44 X509v3 Authority Key Identifier: - keyid:97:58:6D:62:00:14:32:1C:0E:B1:6F:89:3B:3C:92:A9:95:15:8A:05 + keyid:CE:3B:77:9F:05:35:41:E3:6C:26:B9:F7:CF:CA:01:F6:F5:15:89:02 DirName:/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA serial:01:76 - X509v3 Key Usage: + X509v3 Key Usage: critical Certificate Sign, CRL Sign Signature Algorithm: md5WithRSAEncryption - ae:93:74:7c:61:3d:7c:38:c3:95:f8:48:71:33:6f:2b:00:eb: - 35:bb:5d:f2:0c:09:10:bf:07:48:ef:3f:10:d8:a9:ae:c8:74: - 82:12:18:01:6d:ce:b7:28:9b:6c:b1:b0:74:e5:b6:70:c4:d0: - 47:22:8b:ed:40:d8:79:d9:8a:93:03:94:cf:12:27:b9:06:ce: - e2:e8:a2:42:89:97:e0:12:e7:7f:0c:93:38:6f:56:4c:ca:6b: - 0a:23:df:6c:37:5e:32:1f:13:0f:2b:59:df:f3:e4:8c:80:8f: - c8:4e:01:f2:3a:20:87:be:15:96:ef:cf:94:8d:9a:79:35:bb: - f2:22 + a3:f2:83:56:21:14:83:51:b5:65:0e:9f:58:dc:f3:67:13:a3: + c3:d5:96:35:8e:bb:8a:85:d2:c8:e7:c2:12:63:51:04:3b:c2: + bf:a8:6b:09:91:0b:ed:2d:24:d9:eb:2a:7f:73:ef:13:51:d3: + 30:44:d6:99:46:62:f3:fe:af:9b:71:e5:fb:96:6d:0e:f4:ee: + f2:9a:18:88:4e:2d:7c:7f:7e:73:16:52:82:e8:06:2b:49:60: + 40:0e:be:6b:c8:e4:f1:75:0f:9d:8d:52:f7:ea:c6:e9:70:4e: + 0d:d4:64:73:9e:fa:0c:e9:25:72:e9:40:14:77:aa:6e:e9:55: + 85:34 -----BEGIN CERTIFICATE----- -MIIC9DCCAl2gAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCVUcx +MIIC9zCCAmCgAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCVUcx DzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxh -eGF0aW9uMRUwEwYDVQQDEwx0aGUgc3ViY2EgQ0EwHhcNMDkxMTE4MjAwOTU4WhcN -MzcwNDA1MjAwOTU4WjBeMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8w +eGF0aW9uMRUwEwYDVQQDEwx0aGUgc3ViY2EgQ0EwHhcNMDkxMjA5MTYyNzEwWhcN +MzcwNDI2MTYyNzEwWjBeMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8w DQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xGDAWBgNVBAMTD3Ro -ZSBzdWJzdWJjYSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6UvKOo9l -1URyHyGaFkJh52eTOBPMwg2B3P/+jcTBoVfBQ2QYvaIiC/1RhBKit4byHKDdsukB -U0Pix95E6kGXhQiRtPm4+B7a6aI8G04zjRoF2DpAIfadKoTH9hCM6iEsQMyhyG4e -dsMNIeyP/HZi2Hiu4RGdPGbDVry7j4fSLEsCAwEAAaOBwzCBwDAMBgNVHRMEBTAD -AQH/MB0GA1UdDgQWBBQDSvdvLzdrtyTBkm77VCZCwYQgJjCBgwYDVR0jBHwweoAU -l1htYgAUMhwOsW+JOzySqZUVigWhXqRcMFoxCzAJBgNVBAYTAlVHMQ8wDQYDVQQH +ZSBzdWJzdWJjYSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvCn2Ahfx +RrIoDVAd9bOQG+pD6s9Y6/6RIWRZeNmt3c2CXBwXtnV0+kKWHLEfonarBuT/KGVJ +CO2xksYlfa3cKiOrsb8GcSdwKi3tPNwbu+q6ESCa156cYhgnuwV0tVBEM3L1+zej +AERVZ3QOhK5ccmgwAWwPybylwZTkKnIm7uUCAwEAAaOBxjCBwzAMBgNVHRMEBTAD +AQH/MB0GA1UdDgQWBBQb9n81Tsa4BrxnY/2kk9ieH9HARDCBgwYDVR0jBHwweoAU +zjt3nwU1QeNsJrn3z8oB9vUViQKhXqRcMFoxCzAJBgNVBAYTAlVHMQ8wDQYDVQQH EwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjEU -MBIGA1UEAxMLdGhlIHJvb3QgQ0GCAgF2MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B -AQQFAAOBgQCuk3R8YT18OMOV+EhxM28rAOs1u13yDAkQvwdI7z8Q2KmuyHSCEhgB -bc63KJtssbB05bZwxNBHIovtQNh52YqTA5TPEie5Bs7i6KJCiZfgEud/DJM4b1ZM -ymsKI99sN14yHxMPK1nf8+SMgI/ITgHyOiCHvhWW78+UjZp5NbvyIg== +MBIGA1UEAxMLdGhlIHJvb3QgQ0GCAgF2MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG +9w0BAQQFAAOBgQCj8oNWIRSDUbVlDp9Y3PNnE6PD1ZY1jruKhdLI58ISY1EEO8K/ +qGsJkQvtLSTZ6yp/c+8TUdMwRNaZRmLz/q+bceX7lm0O9O7ymhiITi18f35zFlKC +6AYrSWBADr5ryOTxdQ+djVL36sbpcE4N1GRznvoM6SVy6UAUd6pu6VWFNA== -----END CERTIFICATE----- diff --git a/test/subsubca-ca/subsubca.p12 b/test/subsubca-ca/subsubca.p12 index 5ea8e3f4b29dab291b44f40bc1e6cbf54c2d95d1..dc32138e74147560519ed4dcf5862016cdea2dec 100644 GIT binary patch delta 1658 zcmV-=28H?c4fPF>U4Kdv;|Q#IHR1vS2mpYB16T+Nu@yWbzR8a~*EBfgz>EfptQg6D1^|;ftlxX4+N-1RkIJ;k5gR2JJ6u=oW zaRwC@DU9hJ&2>IwM`!ep8pTVfuGtOEQHZi%MLLNv)B-hNt$!qg>vD>e_`r0}X3G_! z3g~yyIf?e(LNZ(weGOB4F@NaiN0~P1ma2|WVyvme5;%yG6~tw4ZkIO{CZ)9d^bVrO zQ~X{uc-?ATm>MltXiAYnf6665eBc!>qDtTim|T?gu>C9$7$+VX0D!NtA9&I=}0`pLyM@TuEG!Mi$+wt zE-E1_0i#2l`^E?fhRME*4snU{P)^LC{=Ve|p_tB~a^KVLKE8#%V&!|Lg3mCel5c>< zT2LQuJIDv=*1^z8-;LUt)~;+xeR$)o4G%mGt@fY8B~g_ZS@ z=6^=Ni0V{mr1d{gF+Y3vQfFlY8{FN?5BgISK?+8E62-KoW8R==ia~610T91xB;t3< zS7>1Ihe8}0Bd=IR$pqmUL?zr;hy=RbXxShzNb3MW`qxAbX@w4tJ+C(qrOJ7_Ft$+X zXYh3Kh{tGSFoFX41_>&LNQU+Fgg+*~?s;<-Bo_+IB6O&}Y(}7)z2MC@wl)&wVOTP%2FNs&?Ku<^E zu78W{p*Sf{GH^aA5{Me^C%eaNFKpA#cefbck}(qFx2i(Y9AbOw9pz%CK=bVb7NhU1 zh)8JSG**3pYMGNnX0jtF|RYCN;m6dV4_hlHGH4E-+ z3|}}QJ&`jdFYPe%T@N5`%lIyZ7O9XCs((z;bJ~srTX=2J8fl0&<4kowxluwCW5^gt zaKk_y@FLMFz&N>C!qY_tSBe_eVuS|VQZjeRm}VAFE$NR%l;V!?vH|Vs*u{KR)eyQv z%>TfhG8GU=*>10i*&iu%^X zNj;KmvRPv^X5e4Jqzbj+L=;Japn3~#JfsI{33!+OzKlAh;uIgAG8er**WM>2xuk-~ zLIc$V4Ue#eJxZ%Q&KzSYuA-zgn2$GEPVmu)3gv7?nc&Vvg7@}YDea;^m2V4seyLfR z?((jl;^$apV(Dv1&t8u)B`_lf2`Yw2hW8Bt2^BFG1Qf{4)@dZ@@9;&!&aMKMo!@)i zi;^%gFd;Ar1_dh)0|FWa00b0-#@uviSFxm8rd25x_UwM^pQb(p2(LEt!cA4GC;|cq E01$K@kpKVy delta 1658 zcmV-=28H?c4fPF>U4IPg<-?(UoJ;}&2mpYB16ZtX!yRW|=VhE$kcS-R0^ruyn2E#f z>pGn1A;|RjZtm|_B=KqIK#X;)|I&T0#MuoQMxC@Q00ibH$zYJkHVTrBK#y#7eTZu| z-uNqa(^-A(*jxD9ec51hmvZ`@xJaY5*vSpV@}wIK;Dq>jbbnAK24nF1EYq@v!ise; zk)MUC#FX^zN!<$Rp}4PDRFWA{l@I0xms?X!Icpnp#RJVW*WJs3JRha(hLz6+hAsR+ zFAZg7>+5;S#b4Un)>6EXt{JjRI*W2Z|M@p<1j|xpN%l#;4%QI&+yL4z_6OPr# zv`Ta+gR4N(5L}&9A)a#W%fg>zE6M`lkDPSlrvPO~1sTe4uB_BoJ^+(X-vlaGI8iZM zNP%Vj7xFhb_ry&=7}1931Heb<17O{C3`?lEjwcxHfq#&`8}Z|J56}4T;1*R#Z28G9 z^*8CWk9w0G(}iIMdok9*N7~W5X9f?Clz7b1Jl`6x=H=TMPE59+m<={1%<~}&`zS4! z+-W*8HBaxL!vGf9C=s)kIJ=M}$h?21^Hm`5lkB->9+X6J@63#a21K`D$K?SLv;Tsc zllQKtCis!MikjF5&r5U3qcZbxb?J%D z)a$&CYOS8Kk>NP|7t9#FwyARB1ZE=|>DEOH=qlnztimDzakP~THM;uly`1UpSZ|;; zMBRF4s2u7hV)@f5GHx>68Qk6NBY)12QuEsWf2T$He9!W2Rj1*uFK`FS zA2s?`uc0;kAHlp$AGSxb&cB@&C<=@}s9omIYLB+gM=FsRs?q>zU#{wmoV%$|>@pX} z-?wfy`YWGXi^|f2O|sS)kwwT7I#wk_XyVp|G-x+yBiMrFH+6hVvyx>GV}$vE(KXO# z%YS*>(F^Npyxq0Sx?&fG%@x%z>flvIZBh*sv|~$?$UE=u92#p6DKDDg(J~__46{o9 z(MLAr*5jRL9Y}FoFX41_>&LNQUWk5;y01M9T!rlq<-ZzQyvqqX_D0q| zXX>Vq91**eyU-JxTtcz}zEWT~wPl3z9v1bI3j7l7^L`W7Z z3x7d<=rHvSlzMx!#j2{a+*q+21RqD3Y?_m%+?dCYke+z264B`JLEOpExO{Se<5gHhjL*{1!9lte#2} z=j}pxKD@exUXk>7w{=juD*>E`LSv z*5H0dOE(7e`Avb4B#=IQ0NUQmGJY_e22yrkg;jbp6>o?Bq0Gkd)0QSz*kWkH8q?2M zJ~*xhZ~g{?m_pz2m?7x*qLSC0gO!m~|6*X|^#DZOyu@fW zV9=i8A@+w5Hjj%H^Jz2tA}u+=-Q}d~G|6`fC8O(^^B5oEmL#TqK_Ph3*hRxo*WO~n z>JN+hG%Rm(88nBp1Xe@$rb0yZFk+)&hk&r`E7hjxjGun&B4uuYoU4QbDzR?K%(=Y-82mpYB18B(UaXx!y^DX-JNX0?kPy_+&)^)%Qr*` z%9pj@@ud)v)K~4^O}3PU>ptot_OP4G3p`?pc3c?trkQd60Ou}`w6#<;w)Hh}Oru1Niw z4YiLrlX5odJFl}h;%j8EV?IE?R@OD$-HA_DQZBvi0)MJf1uwv0pAbh&wNqtS1@?`` z040MoQSF2Gw&!&b%^Apjg4t!~6C=p(atMxgUnIpkW3zOSY&Hl7)AXSIV@t^7SaRK* z1E1GjA|HhF6aV| zmnndHUVm=(%_E59QUC+-G=X>HKIfeW4tB0JChAG%QBt&Igd&A$G*~dM1RdnT-dShA=SP9&h^Nz2~jeb)sxOZ zclN-!C>Mz;DN%Juu)-eKae++Xk`AinX^vgA)NDEbNvA|8twG$TRAv6Nq?hrbCj6Nd zHMn~qIoe!1Z~EjP3f|I9vC=q#Ns14o_$%n9Pt2jI0zZdLxQUOwX~J9glZjD49AJQYReP-KJaMe9SvFoDq#fQ>( zB2x8`@;rY}=wkC$|K2ok?7+u6w`6hx*I3)VJvF6M@Xnbn=woLU=FIs0earQ(HJLY) zPk(Q*z^wzqO;A_nm@svaqnVx;OI*rDphqS^Qg$# z&bmr@RA`>F`HLj(r1&1GMD)q|Hy#M(`hNwkD>kjKV``Q>9+9Dv@c5{qLCvTk0Sm z@AV}phv_5}{GMZ@s}c5?F&SW>1%DQD8h{k%PfqLXHcTT(>Bm?bbGz&XGpd`Rj80b> z$AWzI-pBo`9BXSgxACZK9yicnYikB57pdX+hiv_O%I);y$c#j~9_0l;^fpL<FgUxynM zDaLV|piFNIC7$$BzoL+9@{ct&5IN@j_l`#qcl2s%?m@-C(SmI49@ E0HB34;{X5v delta 1658 zcmV-=28H>B4uuYoU4H`>rTL+4v3&vp2mpYB1886GblGj9t$7=u%_0Dz!jdytFKrK{ zp5a3byNEUoiHZ>M2w;GKA8ZTicqUHa5Slpnrb#_c?$FSt?f)~*z<+81!`RYm4I%f^rjM#m zD{-scg%c!W{!>TugKGzqd67z?2JAi`@JM`}{jrs^MDfG}$_{$YDS8VsbU+LJ$;tp) z@kSyEJO`k%dua#+FQIcE2miM#;?7B7l;f~3NTZ_@BPA>Jen^mOdBQ{hPx$JZ&HdIK zTR?`k*X;)8NWXyg^K{TO zfSPn+Vc$d0P}j;=HV|^ge{+39J^#@Bze5p}y)%y=1Jz&`{H9X_9g)b-L@Q8fq}r4k zTuNU0k7o~OH>pH_0Kv!2(Ivp^teSIFod;3=bRYqq@sa z??~?x;(J}}myEG{(=IWIo*`?zFthi@-k$kN*Nn-a$nM`K1UKvamnVwKK#AM{g9vU~ zuuN=wmw$y8u0HcrpZmk=+k~U*k4L+xn{F8KLV^?Fm=>CRwYS$yO_=e%g>q-EPK>nzuMFJ!m5`E6~Y-u z?~pU1#5O=jWd6p|AzZOYLVZjyz}BsAFTWDxh<*q6p|5ail7kl?l-M(yvb7XdlTTJe_1(4<3K-j@|DVF^^X| z1OxrFA0Wk{enlA}NjAp6u(ZZ4Y>NicN>AQ{uME5w+9UF5vm)3=6}G^cxJ1G3C=`mj3ahe{4*6|VtJ%ymHi4h z=hL8Mgw9Ux_v5Y|uQFPyj<|I#Pk@bxUdgFjdmbAgM&?(e2r-=guwxH_w%jRyn|!zB zSLS{ii6*m!SBhg?sV6<8F#%6LmlF}KjET~@%@}C;{5E)V%j|+f_$L)(os(5hN6Z5 zHy>TPm?kcVZ@Aj~0==mSu z@m=)kg4w*)#fkGVM0Pa4MIh!dZ5SShF*ZP17jU;Cjg;)NP(0FKrUYeKrf*qX1_(`t z83t-i3kXxrjaaUoq^~Y9B`_lf2`Yw2hW8Bt2^BFG1Qe?*dD@O6Y3h)h_+yn85hOC; z4CF8|Fd;Ar1_dh)0|FWa00b1?0