From 7890d9db940932b2e6df8a8b0983550b88d06941 Mon Sep 17 00:00:00 2001 From: Joni Hahkala Date: Wed, 18 Nov 2009 20:20:50 +0000 Subject: [PATCH] new CAs, removed bad CA, namespaces added --- test/bad-ca/bad.cert | 18 ---- test/bad-ca/bad.namespaces | 3 - test/bad-ca/bad.priv | 15 ---- test/bad-ca/ca_conf.cnf | 62 -------------- test/bad-ca/ca_proxy_conf.cnf | 27 ------ test/bad-ca/index.txt | 6 -- test/bad-ca/req_conf.cnf | 33 -------- test/bad-ca/req_conf_future.cnf | 35 -------- test/bad-ca/req_conf_policy.cnf | 33 -------- test/bad-ca/req_proxy_conf.cnf | 46 ----------- test/bad-ca/req_proxy_proxy_conf.cnf | 35 -------- test/bad-ca/serial.txt | 1 - test/big-ca/big.namespaces | 3 + .../big.signing_policy} | 4 +- test/big-ca/ca_conf.cnf | 62 -------------- test/big-ca/ca_proxy_conf.cnf | 27 ------ test/big-ca/req_conf_email.cnf | 33 -------- test/big-ca/req_conf_sn.cnf | 35 -------- test/big-ca/req_conf_uid.cnf | 35 -------- test/big-ca/req_proxy_conf.cnf | 46 ----------- test/big-ca/req_proxy_proxy_conf.cnf | 35 -------- test/expired-ca/ca_conf.cnf | 62 -------------- test/expired-ca/ca_proxy_conf.cnf | 27 ------ test/expired-ca/expired.namespaces | 3 + test/expired-ca/expired.signing_policy | 4 + test/expired-ca/req_conf_email.cnf | 33 -------- test/expired-ca/req_conf_sn.cnf | 35 -------- test/expired-ca/req_conf_uid.cnf | 35 -------- test/expired-ca/req_proxy_conf.cnf | 46 ----------- test/expired-ca/req_proxy_proxy_conf.cnf | 35 -------- test/fake-ca/ca_conf.cnf | 62 -------------- test/fake-ca/ca_proxy_conf.cnf | 27 ------ test/fake-ca/fake.namespaces | 3 + test/fake-ca/fake.signing_policy | 4 + test/fake-ca/req_conf_email.cnf | 33 -------- test/fake-ca/req_conf_sn.cnf | 35 -------- test/fake-ca/req_conf_uid.cnf | 35 -------- test/fake-ca/req_proxy_conf.cnf | 46 ----------- test/fake-ca/req_proxy_proxy_conf.cnf | 35 -------- test/nokeyusage-ca/index.txt | 0 test/nokeyusage-ca/nokeyusage.cert | 19 +++++ test/nokeyusage-ca/nokeyusage.namespaces | 3 + test/nokeyusage-ca/nokeyusage.p12 | Bin 0 -> 1805 bytes test/nokeyusage-ca/nokeyusage.priv | 15 ++++ test/nokeyusage-ca/nokeyusage.signing_policy | 4 + test/nokeyusage-ca/req_conf.cnf | 92 +++++++++++++++++++++ test/nokeyusage-ca/serial.txt | 1 + test/root-ca/index.txt | 1 + test/root-ca/index.txt.attr | 1 + test/root-ca/req_conf.cnf | 92 +++++++++++++++++++++ test/root-ca/root.cert | 19 +++++ test/root-ca/root.namespaces | 3 + test/root-ca/root.p12 | Bin 0 -> 1789 bytes test/root-ca/root.priv | 15 ++++ test/root-ca/root.signing_policy | 4 + test/root-ca/serial.txt | 1 + test/subca-ca/index.txt | 1 + test/subca-ca/index.txt.attr | 1 + test/subca-ca/req_conf.cnf | 92 +++++++++++++++++++++ test/subca-ca/serial.txt | 1 + test/subca-ca/subca.cert | 63 ++++++++++++++ test/subca-ca/subca.namespaces | 3 + test/subca-ca/subca.p12 | Bin 0 -> 1781 bytes test/subca-ca/subca.priv | 15 ++++ test/subca-ca/subca.req | 11 +++ test/subca-ca/subca.signing_policy | 4 + test/subsubca-ca/index.txt | 0 test/subsubca-ca/req_conf.cnf | 92 +++++++++++++++++++++ test/subsubca-ca/serial.txt | 1 + test/subsubca-ca/subsubca.cert | 63 ++++++++++++++ test/subsubca-ca/subsubca.namespaces | 3 + test/subsubca-ca/subsubca.p12 | Bin 0 -> 1781 bytes test/subsubca-ca/subsubca.priv | 15 ++++ test/subsubca-ca/subsubca.req | 11 +++ test/subsubca-ca/subsubca.signing_policy | 4 + test/trusted-ca/ca_conf.cnf | 71 ---------------- test/trusted-ca/ca_proxy_conf.cnf | 27 ------ test/trusted-ca/req_conf_email.cnf | 33 -------- test/trusted-ca/req_conf_sn.cnf | 35 -------- test/trusted-ca/req_conf_uid.cnf | 35 -------- test/trusted-ca/req_proxy_conf.cnf | 46 ----------- test/trusted-ca/req_proxy_proxy_conf.cnf | 35 -------- test/trusted-ca/trusted.namespaces | 3 + test/trusted-ca/trusted.signing_policy | 4 + 84 files changed, 676 insertions(+), 1417 deletions(-) delete mode 100644 test/bad-ca/bad.cert delete mode 100644 test/bad-ca/bad.namespaces delete mode 100644 test/bad-ca/bad.priv delete mode 100644 test/bad-ca/ca_conf.cnf delete mode 100644 test/bad-ca/ca_proxy_conf.cnf delete mode 100644 test/bad-ca/index.txt delete mode 100644 test/bad-ca/req_conf.cnf delete mode 100644 test/bad-ca/req_conf_future.cnf delete mode 100644 test/bad-ca/req_conf_policy.cnf delete mode 100644 test/bad-ca/req_proxy_conf.cnf delete mode 100644 test/bad-ca/req_proxy_proxy_conf.cnf delete mode 100644 test/bad-ca/serial.txt create mode 100644 test/big-ca/big.namespaces rename test/{bad-ca/bad.signing_policy => big-ca/big.signing_policy} (63%) delete mode 100644 test/big-ca/ca_conf.cnf delete mode 100644 test/big-ca/ca_proxy_conf.cnf delete mode 100644 test/big-ca/req_conf_email.cnf delete mode 100644 test/big-ca/req_conf_sn.cnf delete mode 100644 test/big-ca/req_conf_uid.cnf delete mode 100644 test/big-ca/req_proxy_conf.cnf delete mode 100644 test/big-ca/req_proxy_proxy_conf.cnf delete mode 100644 test/expired-ca/ca_conf.cnf delete mode 100644 test/expired-ca/ca_proxy_conf.cnf create mode 100644 test/expired-ca/expired.namespaces create mode 100644 test/expired-ca/expired.signing_policy delete mode 100644 test/expired-ca/req_conf_email.cnf delete mode 100644 test/expired-ca/req_conf_sn.cnf delete mode 100644 test/expired-ca/req_conf_uid.cnf delete mode 100644 test/expired-ca/req_proxy_conf.cnf delete mode 100644 test/expired-ca/req_proxy_proxy_conf.cnf delete mode 100644 test/fake-ca/ca_conf.cnf delete mode 100644 test/fake-ca/ca_proxy_conf.cnf create mode 100644 test/fake-ca/fake.namespaces create mode 100644 test/fake-ca/fake.signing_policy delete mode 100644 test/fake-ca/req_conf_email.cnf delete mode 100644 test/fake-ca/req_conf_sn.cnf delete mode 100644 test/fake-ca/req_conf_uid.cnf delete mode 100644 test/fake-ca/req_proxy_conf.cnf delete mode 100644 test/fake-ca/req_proxy_proxy_conf.cnf create mode 100644 test/nokeyusage-ca/index.txt create mode 100644 test/nokeyusage-ca/nokeyusage.cert create mode 100644 test/nokeyusage-ca/nokeyusage.namespaces create mode 100644 test/nokeyusage-ca/nokeyusage.p12 create mode 100644 test/nokeyusage-ca/nokeyusage.priv create mode 100644 test/nokeyusage-ca/nokeyusage.signing_policy create mode 100644 test/nokeyusage-ca/req_conf.cnf create mode 100644 test/nokeyusage-ca/serial.txt create mode 100644 test/root-ca/index.txt create mode 100644 test/root-ca/index.txt.attr create mode 100644 test/root-ca/req_conf.cnf create mode 100644 test/root-ca/root.cert create mode 100644 test/root-ca/root.namespaces create mode 100644 test/root-ca/root.p12 create mode 100644 test/root-ca/root.priv create mode 100644 test/root-ca/root.signing_policy create mode 100644 test/root-ca/serial.txt create mode 100644 test/subca-ca/index.txt create mode 100644 test/subca-ca/index.txt.attr create mode 100644 test/subca-ca/req_conf.cnf create mode 100644 test/subca-ca/serial.txt create mode 100644 test/subca-ca/subca.cert create mode 100644 test/subca-ca/subca.namespaces create mode 100644 test/subca-ca/subca.p12 create mode 100644 test/subca-ca/subca.priv create mode 100644 test/subca-ca/subca.req create mode 100644 test/subca-ca/subca.signing_policy create mode 100644 test/subsubca-ca/index.txt create mode 100644 test/subsubca-ca/req_conf.cnf create mode 100644 test/subsubca-ca/serial.txt create mode 100644 test/subsubca-ca/subsubca.cert create mode 100644 test/subsubca-ca/subsubca.namespaces create mode 100644 test/subsubca-ca/subsubca.p12 create mode 100644 test/subsubca-ca/subsubca.priv create mode 100644 test/subsubca-ca/subsubca.req create mode 100644 test/subsubca-ca/subsubca.signing_policy delete mode 100644 test/trusted-ca/ca_conf.cnf delete mode 100644 test/trusted-ca/ca_proxy_conf.cnf delete mode 100644 test/trusted-ca/req_conf_email.cnf delete mode 100644 test/trusted-ca/req_conf_sn.cnf delete mode 100644 test/trusted-ca/req_conf_uid.cnf delete mode 100644 test/trusted-ca/req_proxy_conf.cnf delete mode 100644 test/trusted-ca/req_proxy_proxy_conf.cnf create mode 100644 test/trusted-ca/trusted.namespaces create mode 100644 test/trusted-ca/trusted.signing_policy diff --git a/test/bad-ca/bad.cert b/test/bad-ca/bad.cert deleted file mode 100644 index f7c2fdf..0000000 --- a/test/bad-ca/bad.cert +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC3TCCAkagAwIBAgIBADANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVRzEP -MA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4 -YXRpb24xEzARBgNVBAMTCnRoZSBiYWQgY2EwHhcNMDkwNjEwMDg1MTE0WhcNMzIw -NjA0MDg1MTE0WjBZMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYD -VQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xEzARBgNVBAMTCnRoZSBi -YWQgY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOnSGYPzR4XyUwMrwk7U -u10TVyfQPd5uhXK8uLdERC/shNQ/qBH6HtmgiiCm7GCB40bkJgp3mmJ+HWN4JOGe -e1UW5tgsc2e2ODF8GJNkcmdqcpkZ3/vbA3tQx2LmNtAEcgsnkiY+MtYCTS+xbirL -YgAYNV2TYLymSSGwvcjUGkodAgMBAAGjgbQwgbEwHQYDVR0OBBYEFGDsw1knQ14E -I51ZkTfhgsF9J3SQMIGBBgNVHSMEejB4gBRg7MNZJ0NeBCOdWZE34YLBfSd0kKFd -pFswWTELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRv -cGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRMwEQYDVQQDEwp0aGUgYmFkIGNhggEA -MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAxRcla6HVYf9lhOipnNua -QP1HjmJ9CUygBTdczSM2NGnwvC7pTIV01tRsbsOxvRqUM3iZIv/XX3Bkjuww47YV -eon/S55B4VQIFKIq4VWI9ZALyb/QlKhO2CLxgAJ7LNgnSBsmhKx9WL/st+WSRPgs -yCCnlgIh1ZZY8jsgaRNDiJg= ------END CERTIFICATE----- diff --git a/test/bad-ca/bad.namespaces b/test/bad-ca/bad.namespaces deleted file mode 100644 index 587b01f..0000000 --- a/test/bad-ca/bad.namespaces +++ /dev/null @@ -1,3 +0,0 @@ -# Namespace for the the bad ca -TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad ca" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" - diff --git a/test/bad-ca/bad.priv b/test/bad-ca/bad.priv deleted file mode 100644 index 79b06b5..0000000 --- a/test/bad-ca/bad.priv +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDp0hmD80eF8lMDK8JO1LtdE1cn0D3eboVyvLi3REQv7ITUP6gR -+h7ZoIogpuxggeNG5CYKd5pifh1jeCThnntVFubYLHNntjgxfBiTZHJnanKZGd/7 -2wN7UMdi5jbQBHILJ5ImPjLWAk0vsW4qy2IAGDVdk2C8pkkhsL3I1BpKHQIDAQAB -AoGBAMDZNYw8CeCzNb5myBNGp+Yjfn3q5ixgEZbJirw1BNxWAlQg0JlLJ0itfV9i -7ZDHcFHW+H0nmmDjzY9t11Vy5hp7a47ssqBEeQXpyXI+YRwc5jIW2ThaZNlMiPVm -HfpiyNlftswNEjjpQ0nAqp3LFldbonHJI+a687O0AXSWmJUNAkEA+TlOJmhmD0u6 -AL1EqjCH9AnAgQCbmgDlQ+7bOxXsUvHJ82kYL/nB+Kq08ZC3ZuWYtv0kiHwEpANO -qqewmyGYqwJBAPAtlR+w6XRzJSj2DyfkNajM1Gyo4HdufDjydKSqqipI0WfW/S+s -NUEZHlgCoHx7rB/PdV49nHINTPmMkxreOFcCQEJ1KYXMaQrDIsJ3tgu8DUTiJNdB -ljym6HwJAaTr36zulO+3op+IdlUdEEsqT/28U9DYCBntGD+0MhIHzWxQtSkCQCkt -Z3e7eQsCAsj3BrosIhcCpxjKC1Hum1WYG+9vYyVEvsIy1c2qlKbIi69DJAizm1sI -0nKJ1ZyoMx5Fv6LHnpkCQQD08QwHsVRycgd44wbd6nTJ4NCrk6kZ7NBVkz8k5tcl -nwDtFEJV/zdL2Hr2JTW6yOlO452Q+Z/oq1NFhm42YIEx ------END RSA PRIVATE KEY----- diff --git a/test/bad-ca/ca_conf.cnf b/test/bad-ca/ca_conf.cnf deleted file mode 100644 index cc85df0..0000000 --- a/test/bad-ca/ca_conf.cnf +++ /dev/null @@ -1,62 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt -default_md = sha1 - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -serialNumber = optional -userId = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - - -[ ca_server ] -# This is OK for an SSL server. -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" - -# For an object signing certificate this would be used. -# nsCertType = objsign - -[ ca_client ] -# For normal client use this is typical -nsCertType = client, email -nsComment = "OpenSSL Generated Client Certificate" - -[ ca_clientserver ] -# For normal client use this is typical -nsCertType = server, client, email -nsComment = "OpenSSL Generated Client Server Certificate" - -# and for everything including object signing: -# nsCertType = client, email, objsign - -[ ca_fclient ] -# This is typical in keyUsage for a client certificate. -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ ca_none ] -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ proxy_none ] -keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/bad-ca/ca_proxy_conf.cnf b/test/bad-ca/ca_proxy_conf.cnf deleted file mode 100644 index 465a9a0..0000000 --- a/test/bad-ca/ca_proxy_conf.cnf +++ /dev/null @@ -1,27 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index_proxy.txt -serial = $dir/serial_proxy.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - -[ proxy_none ] - diff --git a/test/bad-ca/index.txt b/test/bad-ca/index.txt deleted file mode 100644 index d3c107d..0000000 --- a/test/bad-ca/index.txt +++ /dev/null @@ -1,6 +0,0 @@ -V 370320130933Z 123456 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=hahkala -V 370320130933Z 123457 unknown /C=UG/L=Tropic/O=Utopia/OU=Chillin/CN=bad policy client -V 370320130933Z 123458 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=bad future client -V 370320130933Z 123459 unknown /C=UG/L=Tropic/O=Utopia/OU=Chillin/CN=pchip10 -R 370320130933Z 091102130933Z 12345A unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=pchip10 -V 091101130934Z 12345B unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=pchip10 diff --git a/test/bad-ca/req_conf.cnf b/test/bad-ca/req_conf.cnf deleted file mode 100644 index 7c30db9..0000000 --- a/test/bad-ca/req_conf.cnf +++ /dev/null @@ -1,33 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/bad-ca/req_conf_future.cnf b/test/bad-ca/req_conf_future.cnf deleted file mode 100644 index a0042a4..0000000 --- a/test/bad-ca/req_conf_future.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -#userId = testuserid - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/bad-ca/req_conf_policy.cnf b/test/bad-ca/req_conf_policy.cnf deleted file mode 100644 index 20c593b..0000000 --- a/test/bad-ca/req_conf_policy.cnf +++ /dev/null @@ -1,33 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Chillin - -commonName = $ENV::CN - -#emailAddress = test@home.org - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/bad-ca/req_proxy_conf.cnf b/test/bad-ca/req_proxy_conf.cnf deleted file mode 100644 index 61a1812..0000000 --- a/test/bad-ca/req_proxy_conf.cnf +++ /dev/null @@ -1,46 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -[ req ] - -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -# ca_cert = CA_cert - -[ req_distinguished_name ] - -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] - -[ CA_cert] - -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/bad-ca/req_proxy_proxy_conf.cnf b/test/bad-ca/req_proxy_proxy_conf.cnf deleted file mode 100644 index f95b0ca..0000000 --- a/test/bad-ca/req_proxy_proxy_conf.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -2.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/bad-ca/serial.txt b/test/bad-ca/serial.txt deleted file mode 100644 index e8a76ce..0000000 --- a/test/bad-ca/serial.txt +++ /dev/null @@ -1 +0,0 @@ -12345C diff --git a/test/big-ca/big.namespaces b/test/big-ca/big.namespaces new file mode 100644 index 0000000..f8f7907 --- /dev/null +++ b/test/big-ca/big.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the big CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the big CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/bad-ca/bad.signing_policy b/test/big-ca/big.signing_policy similarity index 63% rename from test/bad-ca/bad.signing_policy rename to test/big-ca/big.signing_policy index 608c681..2794ff0 100644 --- a/test/bad-ca/bad.signing_policy +++ b/test/big-ca/big.signing_policy @@ -1,4 +1,4 @@ -# Signing policy file for the the bad ca -access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the bad ca' +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the big CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the big CA' pos_rights globus CA:sign cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/big-ca/ca_conf.cnf b/test/big-ca/ca_conf.cnf deleted file mode 100644 index cc85df0..0000000 --- a/test/big-ca/ca_conf.cnf +++ /dev/null @@ -1,62 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt -default_md = sha1 - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -serialNumber = optional -userId = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - - -[ ca_server ] -# This is OK for an SSL server. -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" - -# For an object signing certificate this would be used. -# nsCertType = objsign - -[ ca_client ] -# For normal client use this is typical -nsCertType = client, email -nsComment = "OpenSSL Generated Client Certificate" - -[ ca_clientserver ] -# For normal client use this is typical -nsCertType = server, client, email -nsComment = "OpenSSL Generated Client Server Certificate" - -# and for everything including object signing: -# nsCertType = client, email, objsign - -[ ca_fclient ] -# This is typical in keyUsage for a client certificate. -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ ca_none ] -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ proxy_none ] -keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/big-ca/ca_proxy_conf.cnf b/test/big-ca/ca_proxy_conf.cnf deleted file mode 100644 index 465a9a0..0000000 --- a/test/big-ca/ca_proxy_conf.cnf +++ /dev/null @@ -1,27 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index_proxy.txt -serial = $dir/serial_proxy.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - -[ proxy_none ] - diff --git a/test/big-ca/req_conf_email.cnf b/test/big-ca/req_conf_email.cnf deleted file mode 100644 index fdcd280..0000000 --- a/test/big-ca/req_conf_email.cnf +++ /dev/null @@ -1,33 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -emailAddress = test@home.org - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/big-ca/req_conf_sn.cnf b/test/big-ca/req_conf_sn.cnf deleted file mode 100644 index 8eb3308..0000000 --- a/test/big-ca/req_conf_sn.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -#emailAddress = Email Address - -serialNumber = 12341324 - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/big-ca/req_conf_uid.cnf b/test/big-ca/req_conf_uid.cnf deleted file mode 100644 index 8b2092e..0000000 --- a/test/big-ca/req_conf_uid.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -userId = testuserid - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/big-ca/req_proxy_conf.cnf b/test/big-ca/req_proxy_conf.cnf deleted file mode 100644 index 61a1812..0000000 --- a/test/big-ca/req_proxy_conf.cnf +++ /dev/null @@ -1,46 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -[ req ] - -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -# ca_cert = CA_cert - -[ req_distinguished_name ] - -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] - -[ CA_cert] - -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/big-ca/req_proxy_proxy_conf.cnf b/test/big-ca/req_proxy_proxy_conf.cnf deleted file mode 100644 index f95b0ca..0000000 --- a/test/big-ca/req_proxy_proxy_conf.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -2.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/expired-ca/ca_conf.cnf b/test/expired-ca/ca_conf.cnf deleted file mode 100644 index a36254e..0000000 --- a/test/expired-ca/ca_conf.cnf +++ /dev/null @@ -1,62 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt -default_md = sha1 - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -serialNumber = optional -userId = optional -emailAddress = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - - -[ ca_server ] -# This is OK for an SSL server. -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" - -# For an object signing certificate this would be used. -# nsCertType = objsign - -[ ca_client ] -# For normal client use this is typical -nsCertType = client, email -nsComment = "OpenSSL Generated Client Certificate" - -[ ca_clientserver ] -# For normal client use this is typical -nsCertType = server, client, email -nsComment = "OpenSSL Generated Client Server Certificate" - -# and for everything including object signing: -# nsCertType = client, email, objsign - -[ ca_fclient ] -# This is typical in keyUsage for a client certificate. -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ ca_none ] -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ proxy_none ] -keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/expired-ca/ca_proxy_conf.cnf b/test/expired-ca/ca_proxy_conf.cnf deleted file mode 100644 index 465a9a0..0000000 --- a/test/expired-ca/ca_proxy_conf.cnf +++ /dev/null @@ -1,27 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index_proxy.txt -serial = $dir/serial_proxy.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - -[ proxy_none ] - diff --git a/test/expired-ca/expired.namespaces b/test/expired-ca/expired.namespaces new file mode 100644 index 0000000..07f0840 --- /dev/null +++ b/test/expired-ca/expired.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the expired CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the expired CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/expired-ca/expired.signing_policy b/test/expired-ca/expired.signing_policy new file mode 100644 index 0000000..47d53e4 --- /dev/null +++ b/test/expired-ca/expired.signing_policy @@ -0,0 +1,4 @@ +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the expired CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the expired CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/expired-ca/req_conf_email.cnf b/test/expired-ca/req_conf_email.cnf deleted file mode 100644 index fdcd280..0000000 --- a/test/expired-ca/req_conf_email.cnf +++ /dev/null @@ -1,33 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -emailAddress = test@home.org - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/expired-ca/req_conf_sn.cnf b/test/expired-ca/req_conf_sn.cnf deleted file mode 100644 index 8eb3308..0000000 --- a/test/expired-ca/req_conf_sn.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -#emailAddress = Email Address - -serialNumber = 12341324 - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/expired-ca/req_conf_uid.cnf b/test/expired-ca/req_conf_uid.cnf deleted file mode 100644 index 8b2092e..0000000 --- a/test/expired-ca/req_conf_uid.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -userId = testuserid - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/expired-ca/req_proxy_conf.cnf b/test/expired-ca/req_proxy_conf.cnf deleted file mode 100644 index 61a1812..0000000 --- a/test/expired-ca/req_proxy_conf.cnf +++ /dev/null @@ -1,46 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -[ req ] - -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -# ca_cert = CA_cert - -[ req_distinguished_name ] - -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] - -[ CA_cert] - -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/expired-ca/req_proxy_proxy_conf.cnf b/test/expired-ca/req_proxy_proxy_conf.cnf deleted file mode 100644 index f95b0ca..0000000 --- a/test/expired-ca/req_proxy_proxy_conf.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -2.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/fake-ca/ca_conf.cnf b/test/fake-ca/ca_conf.cnf deleted file mode 100644 index cc85df0..0000000 --- a/test/fake-ca/ca_conf.cnf +++ /dev/null @@ -1,62 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt -default_md = sha1 - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -serialNumber = optional -userId = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - - -[ ca_server ] -# This is OK for an SSL server. -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" - -# For an object signing certificate this would be used. -# nsCertType = objsign - -[ ca_client ] -# For normal client use this is typical -nsCertType = client, email -nsComment = "OpenSSL Generated Client Certificate" - -[ ca_clientserver ] -# For normal client use this is typical -nsCertType = server, client, email -nsComment = "OpenSSL Generated Client Server Certificate" - -# and for everything including object signing: -# nsCertType = client, email, objsign - -[ ca_fclient ] -# This is typical in keyUsage for a client certificate. -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ ca_none ] -nsComment = "OpenSSL Generated Client Certificate with Flags" - -[ proxy_none ] -keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/fake-ca/ca_proxy_conf.cnf b/test/fake-ca/ca_proxy_conf.cnf deleted file mode 100644 index 465a9a0..0000000 --- a/test/fake-ca/ca_proxy_conf.cnf +++ /dev/null @@ -1,27 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index_proxy.txt -serial = $dir/serial_proxy.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -policy = policy_any - -[policy_any] -countryName = supplied -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ ca_cert ] -basicConstraints=CA:TRUE - -[ proxy_none ] - diff --git a/test/fake-ca/fake.namespaces b/test/fake-ca/fake.namespaces new file mode 100644 index 0000000..98b5a74 --- /dev/null +++ b/test/fake-ca/fake.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the fake CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the fake CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/fake-ca/fake.signing_policy b/test/fake-ca/fake.signing_policy new file mode 100644 index 0000000..6bbfa13 --- /dev/null +++ b/test/fake-ca/fake.signing_policy @@ -0,0 +1,4 @@ +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the fake CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the fake CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/fake-ca/req_conf_email.cnf b/test/fake-ca/req_conf_email.cnf deleted file mode 100644 index fdcd280..0000000 --- a/test/fake-ca/req_conf_email.cnf +++ /dev/null @@ -1,33 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -emailAddress = test@home.org - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/fake-ca/req_conf_sn.cnf b/test/fake-ca/req_conf_sn.cnf deleted file mode 100644 index 8eb3308..0000000 --- a/test/fake-ca/req_conf_sn.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -#emailAddress = Email Address - -serialNumber = 12341324 - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/fake-ca/req_conf_uid.cnf b/test/fake-ca/req_conf_uid.cnf deleted file mode 100644 index 8b2092e..0000000 --- a/test/fake-ca/req_conf_uid.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = $ENV::BITS -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -commonName = $ENV::CN - -userId = testuserid - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert ] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -[ proxy_none ] diff --git a/test/fake-ca/req_proxy_conf.cnf b/test/fake-ca/req_proxy_conf.cnf deleted file mode 100644 index 61a1812..0000000 --- a/test/fake-ca/req_proxy_conf.cnf +++ /dev/null @@ -1,46 +0,0 @@ -[ca] -default_ca = CA_default - -[CA_default] -dir = $ENV::CA_DIR -database = $dir/index.txt -serial = $dir/serial.txt - -certificate = $dir/$ENV::CATYPE.cert -private_key = $dir/$ENV::CATYPE.priv - -[ req ] - -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -# ca_cert = CA_cert - -[ req_distinguished_name ] - -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] - -[ CA_cert] - -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/fake-ca/req_proxy_proxy_conf.cnf b/test/fake-ca/req_proxy_proxy_conf.cnf deleted file mode 100644 index f95b0ca..0000000 --- a/test/fake-ca/req_proxy_proxy_conf.cnf +++ /dev/null @@ -1,35 +0,0 @@ -[ req ] -default_bits = 1024 -default_keyfile = keyfile.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -prompt = no -output_password = $ENV::PASSWORD -ca_cert = CA_cert - -[ req_distinguished_name ] -countryName = UG - -#stateOrProvinceName = South area - -localityName = Tropic - -organizationName = Utopia - -organizationalUnitName = Relaxation - -0.commonName = $ENV::CN - -1.commonName = $ENV::PROXYNAME - -2.commonName = $ENV::PROXYNAME - -#emailAddress = Email Address - -[ req_attributes ] -#challengePassword = $ENV::PASSWORD - -[ CA_cert] -basicConstraints = CA:true -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/nokeyusage-ca/index.txt b/test/nokeyusage-ca/index.txt new file mode 100644 index 0000000..e69de29 diff --git a/test/nokeyusage-ca/nokeyusage.cert b/test/nokeyusage-ca/nokeyusage.cert new file mode 100644 index 0000000..dd98c4a --- /dev/null +++ b/test/nokeyusage-ca/nokeyusage.cert @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDETCCAnqgAwIBAgIJAJXRhilSGEmtMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV +BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE +CxMKUmVsYXhhdGlvbjEaMBgGA1UEAxMRdGhlIG5va2V5dXNhZ2UgQ0EwHhcNMDkx +MTE4MjAwOTU3WhcNMzcwNDA1MjAwOTU3WjBgMQswCQYDVQQGEwJVRzEPMA0GA1UE +BxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24x +GjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCoVc7fs7Owtyzi24NxaBoemkPQRv/mDDfhJTzX5cGVcymMWXLqhjHk +KhuCziQ1pIRFPPUxmlNJneeo95WzrCWHe3HFILDSrjXoIw48aHPcgHmJRTU2U+wE +fIwvw1nrSsQXS5ftQuMb5PcOCcI6cZiQzZquEy64Kkqovx7CvEKqOQIDAQABo4HS +MIHPMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFD5yNicj3eNgIHr1/Ou0UciEePrH +MIGSBgNVHSMEgYowgYeAFD5yNicj3eNgIHr1/Ou0UciEePrHoWSkYjBgMQswCQYD +VQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNV +BAsTClJlbGF4YXRpb24xGjAYBgNVBAMTEXRoZSBub2tleXVzYWdlIENBggkAldGG +KVIYSa0wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAAZY4vy4uPDsiqdp +Y7LycXMQ20Dzp9WYOncjrUvw0UgSiF3kgOvjdJSNI+2ISSCvL8qKB5m4v88dhZvV +N0xr/QhTZidAH/EnarURy4s46ueqW/80PGFszLsUQwMB/lQCKDbXXiJ31GytxZMr +tLUfi9j+FtxbQRTNBvF93zh2sVwi +-----END CERTIFICATE----- diff --git a/test/nokeyusage-ca/nokeyusage.namespaces b/test/nokeyusage-ca/nokeyusage.namespaces new file mode 100644 index 0000000..526b01a --- /dev/null +++ b/test/nokeyusage-ca/nokeyusage.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the nokeyusage CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the nokeyusage CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/nokeyusage-ca/nokeyusage.p12 b/test/nokeyusage-ca/nokeyusage.p12 new file mode 100644 index 0000000000000000000000000000000000000000..dcdeb7d676ae05187536b0c50ae8e650caa1a73c GIT binary patch literal 1805 zcmY+Dc{CJ?9>>jMn6XXvOT!2yl+kp`vo!9Er~CQBvTAiFZAbZN?(IZOyM8AD{U zrnyW*GIo=CSz45?B@BkL53cR$ocrE=?~mX4o%8vg-|w&Q2St{E0s$Zt8S)MS)ldFs z^12K_0>C6gcwjQ*VwT$Pm;9wkgsH7PUw>=p0LA|GwXA2~_%oQ??t@It>T z=2$TzIMqF2%Wpdp+(^psudHji=`DFXCyrqOvZ7p35{{1ZnNjGr3oE^giE3l%la679 z=HEZgh!(fEi4dMvUSI=IWl(HOw#hnn*>8Q+^0lmh{kGks@hrcald^Fk{z#LCdKXaM z)y*x-*&i9R7zfDxlU@TS_r{xi_o#TK35&xK%dv9F9fx$-J$v7;$*KA_n%T~$j>wDu zpgT`8i@eGf3Ddd~8!d(R6P@wS6`m|ck8_?4Vw!j$A*{i%H@idPU8Gg-m+jrkImw>0 z7;)tRta5)B-(h`IV0f>7itEu-H*!^!o?_E?D^OweE6m*_LhIhN&_2HiX{l;rhI#qY z+0KzzT2{u7p8gzrY1lz;cj#AID72ngpO*&hdor(i)339JyV{VTJx=H#>5w9pzwjk=s>$x@4+hL!hyku(@ZZ)P<2t?y- zP%lftJ2cmaR4kP>(8(mIn|qseTdBx zyRca^x^c?og6H7UUV;q;@uH`u%_NzBo<{L3lrwX?`>nowDH_wvC52!E1VrTaW?Khl zhslsII8aF~8ip>(k!S zL-|N2_S?FVQ`nIhlna`Sqa!rgMRQA9`b}_8qki>AN420Tt3KB@6yl49t(a$ITTU!P zG5D`c)6!3_OOA~1*Fp@bfv_Wg&^D63ai8uqQdU$7EQ-@V$~T?ai}%j36yYr_q3$|# z(s(n~C_vIW#qU5yhZ8*z+RA8WUWS;?Y{+TFRd%}$ zi+TpEl|_9KK5IWLqc00@4D^`(y)dGFVMXa2T8dKjJcMA(vinD>r>-MsO>p-z;b9<( z4BY%5L78Nr5KION_VKs<8G%UsM^_jCxF0^*hb8}KG3ckouqlKQo-%#or^Wl{iReuS zW?I!mcdN{LMS;Vc=BGV#c6YK7Srq{dlb>_R(v8t#R;tcM4f=c9SZ;V~$K%Q0E7UDm zVC6oruhgoWwZ}7Vb*OX(GRTfxJIktjaAhnWcs>&Cl0PLEd=RU6=ybfrZfkeiI^zBT zTV%gYSUc2wew#GV{&2%cwYh0otDs zB5~*ZppiAcO7*dMZFVb<^M=}B3V>%jQG3~`ox9OHveWNQDqI~daWH}{0fWN|+FJ4h zqVCf1@BelN9HDz?7`7;i8+xzg*U12fZ&{u_26*_F} zIkYo-CX+Q~^j#{u%i4yJbe79^Sfa?3FHl zD#pyoV72_>F}kHL8uhA;D*W(Xy}Sv(2o$SNd-w~hkUMMd=6*WSf-O>mV}cMkkq#?h z{vHEr_S+A`uuvIBygsbX0{*YZY@*(q2NNr_SH%MnRBjhQZAH6YiRc@eyVwSYH~7qu zr4(F{GtwVMgB(h6gpw~V?4-#BRYvumSot~wC%f{#HF%KJ6Kt2+e>h(1wx8}IAn(>x1V~;Vjw`?;(&qsQ(!xi&~%5Bck64mE+wNy2|BzTy%M5j+X zcFhyHG3S|kjc;S<-a}PiSUHg!Co6qo(2quaYr0Pgi6oi>q%sy^U5gmfy~7BKz%`Er zMO^Vd_{{vr1Jx2c?63Sg6n4{CTG0m(RByyoGcVrF>JM-NP~ClZ^W3SywY;^Z&Ev=u zw9^d=jgm<+%f`AW?f!n}xADcF?fy3seN;LC literal 0 HcmV?d00001 diff --git a/test/nokeyusage-ca/nokeyusage.priv b/test/nokeyusage-ca/nokeyusage.priv new file mode 100644 index 0000000..0efdc83 --- /dev/null +++ b/test/nokeyusage-ca/nokeyusage.priv @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQCoVc7fs7Owtyzi24NxaBoemkPQRv/mDDfhJTzX5cGVcymMWXLq +hjHkKhuCziQ1pIRFPPUxmlNJneeo95WzrCWHe3HFILDSrjXoIw48aHPcgHmJRTU2 +U+wEfIwvw1nrSsQXS5ftQuMb5PcOCcI6cZiQzZquEy64Kkqovx7CvEKqOQIDAQAB +AoGAfZJFGCr9SD3chf4qN1bo5Rs+qwfLrNhAdvtIP+VsWwflXoT7bGdeoE2o6BLO +gBWRdfTbE32D086vGSRX0AgClbBjq6F4zV6YyWxU8B5W55AObvkGFVXmbWc3Bqso +F4EOr3EdXNGYKvguoXIJ+cSrpt72X9SBOS5XGYUdwDTZ2AECQQDWyhMoAy/j/QML +LvA1IwJilcD7U2FEK/Gs6qD/yUqPit0hj3I4jXVkpXX2s6n1VbB+rmYj8YPaBFzd +nWSOSEnhAkEAyKIEzmLoP90cMiWcR7jhSSHprdnhpmo4W7xLrxYfZ95cjuzNEdlV +ex2jzPRHRA5eDauQj0J+rG9PIFi/Op5bWQJAOIjj1epQ1q+n92+ZZkMaw5wrOXvO +5ES0zhDL48e1ymaAoe7B38TMG3u5uv+7QooVdKKu29McI2x2jRZ6e0DnwQJAcavy +Ayjgo0ZYMkVC3RPveCrhpaE7irjFw5vUWZe0JXpDgKrDqSg0mTN62aVRN0rYmPAq +UDCBapsJ/q6pccHEyQJAfHkXV65981psqotNFMO7Xvs/uePIifSkuopiNM9cXVPR +PghtFTnSLavjBOa94EzT4mTc3X2kjfecVZvMSf0Yow== +-----END RSA PRIVATE KEY----- diff --git a/test/nokeyusage-ca/nokeyusage.signing_policy b/test/nokeyusage-ca/nokeyusage.signing_policy new file mode 100644 index 0000000..1eb4337 --- /dev/null +++ b/test/nokeyusage-ca/nokeyusage.signing_policy @@ -0,0 +1,4 @@ +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the nokeyusage CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the nokeyusage CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/nokeyusage-ca/req_conf.cnf b/test/nokeyusage-ca/req_conf.cnf new file mode 100644 index 0000000..2262038 --- /dev/null +++ b/test/nokeyusage-ca/req_conf.cnf @@ -0,0 +1,92 @@ +### req command + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] + +[ ca_cert_req ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign + +#[ serial_cert_req ] +#serialNumber = 12341324 + +#[ email_cert_req ] +#emailAddress = test@home.org + +#[ uid_cert_req ] +#userId = testuserid + +[ proxy_cert_req ] + +[ proxy_proxy_cert_req ] + +#### ca command + +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CASROOT/$ENV::CATYPE-ca +database = $dir/index.txt +serial = $dir/serial.txt +default_md = sha1 + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + +policy = policy_any + +[policy_any] +countryName = supplied +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +userId = optional +serialNumber = optional + +[ ca_cert ] +basicConstraints = CA:TRUE + + +[ ca_server ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +# For an object signing certificate this would be used. +# nsCertType = objsign + +[ ca_altname ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com + +[ ca_client ] +# For normal client use this is typical +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" + +[ ca_clientserver ] +# For normal client use this is typical +nsCertType = server, client, email +nsComment = "OpenSSL Generated Client Server Certificate" + +[ ca_fclient ] +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +nsComment = "OpenSSL Generated Client Certificate with key usage" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate without Flags" + +[ proxy_none ] +keyUsage = critical,digitalSignature,keyEncipherment + diff --git a/test/nokeyusage-ca/serial.txt b/test/nokeyusage-ca/serial.txt new file mode 100644 index 0000000..3dcc795 --- /dev/null +++ b/test/nokeyusage-ca/serial.txt @@ -0,0 +1 @@ +0176 diff --git a/test/root-ca/index.txt b/test/root-ca/index.txt new file mode 100644 index 0000000..3d85f6d --- /dev/null +++ b/test/root-ca/index.txt @@ -0,0 +1 @@ +V 370405200958Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA diff --git a/test/root-ca/index.txt.attr b/test/root-ca/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/test/root-ca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/test/root-ca/req_conf.cnf b/test/root-ca/req_conf.cnf new file mode 100644 index 0000000..2262038 --- /dev/null +++ b/test/root-ca/req_conf.cnf @@ -0,0 +1,92 @@ +### req command + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] + +[ ca_cert_req ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign + +#[ serial_cert_req ] +#serialNumber = 12341324 + +#[ email_cert_req ] +#emailAddress = test@home.org + +#[ uid_cert_req ] +#userId = testuserid + +[ proxy_cert_req ] + +[ proxy_proxy_cert_req ] + +#### ca command + +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CASROOT/$ENV::CATYPE-ca +database = $dir/index.txt +serial = $dir/serial.txt +default_md = sha1 + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + +policy = policy_any + +[policy_any] +countryName = supplied +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +userId = optional +serialNumber = optional + +[ ca_cert ] +basicConstraints = CA:TRUE + + +[ ca_server ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +# For an object signing certificate this would be used. +# nsCertType = objsign + +[ ca_altname ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com + +[ ca_client ] +# For normal client use this is typical +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" + +[ ca_clientserver ] +# For normal client use this is typical +nsCertType = server, client, email +nsComment = "OpenSSL Generated Client Server Certificate" + +[ ca_fclient ] +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +nsComment = "OpenSSL Generated Client Certificate with key usage" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate without Flags" + +[ proxy_none ] +keyUsage = critical,digitalSignature,keyEncipherment + diff --git a/test/root-ca/root.cert b/test/root-ca/root.cert new file mode 100644 index 0000000..56dfa73 --- /dev/null +++ b/test/root-ca/root.cert @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/zCCAmigAwIBAgIJAOwn+bdeOP7lMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV +BAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UE +CxMKUmVsYXhhdGlvbjEUMBIGA1UEAxMLdGhlIHJvb3QgQ0EwHhcNMDkxMTE4MjAw +OTU4WhcNMzcwNDA1MjAwOTU4WjBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJv +cGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDASBgNV +BAMTC3RoZSByb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxw6fX +Pm7OJc5QC0QaRHIjRXCK2CWVz1GXJ+1Fp9nN2OF3lhIr2JnYKkD3Shg9/6R43LUL +pBOF8bEdQzC8P3XZTr2HHoS79bI8TVnZ4xtEM+bZO7k6EGQhzd+xjfQ7dGEqk4TS +36PuyzIXyUJ9CrgpmzrD3r/wZreGNENql4iW6wIDAQABo4HMMIHJMAwGA1UdEwQF +MAMBAf8wHQYDVR0OBBYEFC3z3nM1NSxp66FO7/5rlG43PPUxMIGMBgNVHSMEgYQw +gYGAFC3z3nM1NSxp66FO7/5rlG43PPUxoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0G +A1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRp +b24xFDASBgNVBAMTC3RoZSByb290IENBggkA7Cf5t144/uUwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4GBACzSdZyhnSj5wArIua8Nc6Tc6XIVp0by/jYz/cOa +FAZZmY7GaTTL65SDu0QH1NJIRC6G8wWvQeCouK9dgKXA9vQZ3Caf+8LOwyAU4rZe +2maDgk4CcLYz953CYDxRSwmLPTVkXAJHPD15SS8gXxWcNKIUInoov6cSzjTEfjw9 +1kCX +-----END CERTIFICATE----- diff --git a/test/root-ca/root.namespaces b/test/root-ca/root.namespaces new file mode 100644 index 0000000..e0ef777 --- /dev/null +++ b/test/root-ca/root.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/root-ca/root.p12 b/test/root-ca/root.p12 new file mode 100644 index 0000000000000000000000000000000000000000..a9190e8bcb33cfa17f91093c947fb42af6c2c6a2 GIT binary patch literal 1789 zcmY+DX*3&%8it8TGzMcTwzyO+DMb@oxTE$tumrT?P_Al zD50c43kieI9ik<;@c}~~UzY<=A3<&b?4?pmN5W+x#F}K+6 zjhI`l0Du4wp1|j6-0JDaj6c&CI>2`<+InLCdTeHKBX(UarwMCl-7x!We6PVfO+@-Z zQUY+#r!=-U`e|jz2_x@)Z$6gaPjnbrXFH=6#B(;D9IUIUD~&)@BeVdl56 zr+|u>TRKb(hi=FD=K5?RQE(phMq>kJkUmZ^0}#M1*zG_LgQG~g-nKW8OawnyN8-XV zE*TcXvoTSN{`o2z4Y5NFqwR@cR40pUZ|2GGeb!HF>;6=gsf_eX;hcClT=T4#7fnAj zHfLoXItN=T7n_mmSu&iq{wy%YUZuM~6{2ceG}?lXWqY@|QglgJv|K7{$61L@wDWL( z{3C8hGS+{4P-QOwD{$}pFC&iRdK^U$oa>A9%pfID*hbB0Sv|F;$T||0TdltloBVeu z{KFH~N{g}ejJXS5!Tw85TGDCostJC-x5~1_Bh*AGU2bdyo))QyVO!?s_znY+#wriV zT=Sl-n#>M4WpC*fLJ(^Y>{nf{&(FP_eWDxu`48nVDeOPXFR`R#`n5Gujk_>7`hEL= z{ore!HeZ%ja~j06uXak+IgeS){7O8g_^1!eda)V?L-P!6<-C9)mwN6}1sgj;OVmLH zS!bKz1$7wU3Wqj#!h;L-ZyZ)Y$vh5eH$Q}& zvF=qvPGhedOvyNE$nfyoy!^8kC24~00&3_texVe z)0qbe{zp#;FW@vRIfXC(&sx6k*7gjnj2y{JEPuE5^c*iF90&VpEpNbUR_+z{2Z)Il zLctOK>BZ#`cuHY-IJ!U)UP48y0aD$vvx+W(`a_r%p1#plYIL(@^d9$vh>OxOtVW~p z4qzjWKAJ4FWPsdUA|z9Q(n-7R$3P0705LBU(~gpIaa;NC`=wpi9fx4@{h)vyUz zZDyMbfN@dCK}JNz;G}wDjk3@v{PN0)WVxCVR5g_&8!pi2`|-V`bqhP-m#sjn@+VYq zxe3^bqeb0jNH3}nn|yFed=V0&y4txbTfwkSWghqWVzYhDqad5XdI>r~lzrLpXYTgb zQ2Mpexd-ROZ3|W6MWXIvJS}e%S#Q!^D;Cm;1~KdaCHJG}?zwQlMQra5VLnqjK#yYo z(NP`a_84$Qett)+f8KTtpAg6hClPZMMBfW`o0Z7?e(Q;`I=(X>F0$#AiTHT9UprLq zL}RI&6wy6|%ObA6N`soa7kGLPlE`m@tE(RiQTnC>bW*-#WG2}q(RLR)BFrP?ADF(= zF7a>=4|QC(^}zF^`XU+4q4KMGqZTrR8i#X35oQ_M_AHM_`z(R7@V6$IIJxHd{MB)5 zp2Q2a^PCz>a^0E)dd=yPX)O}w(_RuJG?k|y zsc*3&e5Bm)MOolLH`Jr}!rPz6>7xEy;%SKxx@~6KtXIETAVvEhiGi*UCu@?(t{-E* zx&#d$RUREk?oUjoQTEGAjXI(xeyfGQM%v6#CFa6%brY{s(aabFDU{{ILZlKx;lHgu z14W7h#qh4ak%6k)K0EC@U|1uok@kD47y^lqN1OriUlis8Nb~am#TK|e)9FWi)skOY a7M1I%B!_|YB%pxNkk(2?(a??W?fw&^&`=5h literal 0 HcmV?d00001 diff --git a/test/root-ca/root.priv b/test/root-ca/root.priv new file mode 100644 index 0000000..52c4b21 --- /dev/null +++ b/test/root-ca/root.priv @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCxw6fXPm7OJc5QC0QaRHIjRXCK2CWVz1GXJ+1Fp9nN2OF3lhIr +2JnYKkD3Shg9/6R43LULpBOF8bEdQzC8P3XZTr2HHoS79bI8TVnZ4xtEM+bZO7k6 +EGQhzd+xjfQ7dGEqk4TS36PuyzIXyUJ9CrgpmzrD3r/wZreGNENql4iW6wIDAQAB +AoGAMdlWFcwSMojzhArEvED5aN6uIqFeWNZcYPD3XpMlRs5M28Yfrl/9NFsVAMOs +bKZlrubldjA6sVMHgdc3sXJyT1fY7GYGt0Xsgy/pGL1+c5uREiFSXl/nhXgeZrfY +M/C6Dl0269a6K3OSwk92OVYRUqRZM2nUK4bpODOAnAtGkcECQQDp30uqbx7BAkcj +Z49Txg5sGfmHHrJgWGzJK9RKSdrE0OH/DTus08h/wMm3fXxPffchLIAHWp94m4uM +Zi0AfBkbAkEAwpVZP/GoSPGwvDtw4t3YVvz2oNgoxFQtmU5xx4LgRNWVHrAE4sXd +8opTBnqikAIbOADXEF/A04ViMvR0Kw6mcQJAXFfr04b+uK0Ck8svP5/DUBHNgfmv +6vTfN2uT7iVNOUtVANUjy/DviOoBe+8TZ3vQWYvtnXm93+xi5HPvrvJRIwJBAK4B +/ulHAzYQJPt/sIjA2QmZeDgIdhR0Lr7tPqSrLkGAOrVRtVzSk5OlDXA61QsxRwQD +BFBZQMgnfNSSdRxYIpECQD3aPIAP/tv6mWeSOc6aP7jH0NyEceDEOPnpFitSfJqe +8m/wecCuED9DgXTSpmJJ0BuFc8oXKRV7OgwhqfIuEwc= +-----END RSA PRIVATE KEY----- diff --git a/test/root-ca/root.signing_policy b/test/root-ca/root.signing_policy new file mode 100644 index 0000000..7f878da --- /dev/null +++ b/test/root-ca/root.signing_policy @@ -0,0 +1,4 @@ +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/root-ca/serial.txt b/test/root-ca/serial.txt new file mode 100644 index 0000000..04db0ac --- /dev/null +++ b/test/root-ca/serial.txt @@ -0,0 +1 @@ +0177 diff --git a/test/subca-ca/index.txt b/test/subca-ca/index.txt new file mode 100644 index 0000000..86c98fb --- /dev/null +++ b/test/subca-ca/index.txt @@ -0,0 +1 @@ +V 370405200958Z 0176 unknown /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA diff --git a/test/subca-ca/index.txt.attr b/test/subca-ca/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/test/subca-ca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/test/subca-ca/req_conf.cnf b/test/subca-ca/req_conf.cnf new file mode 100644 index 0000000..2262038 --- /dev/null +++ b/test/subca-ca/req_conf.cnf @@ -0,0 +1,92 @@ +### req command + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] + +[ ca_cert_req ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign + +#[ serial_cert_req ] +#serialNumber = 12341324 + +#[ email_cert_req ] +#emailAddress = test@home.org + +#[ uid_cert_req ] +#userId = testuserid + +[ proxy_cert_req ] + +[ proxy_proxy_cert_req ] + +#### ca command + +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CASROOT/$ENV::CATYPE-ca +database = $dir/index.txt +serial = $dir/serial.txt +default_md = sha1 + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + +policy = policy_any + +[policy_any] +countryName = supplied +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +userId = optional +serialNumber = optional + +[ ca_cert ] +basicConstraints = CA:TRUE + + +[ ca_server ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +# For an object signing certificate this would be used. +# nsCertType = objsign + +[ ca_altname ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com + +[ ca_client ] +# For normal client use this is typical +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" + +[ ca_clientserver ] +# For normal client use this is typical +nsCertType = server, client, email +nsComment = "OpenSSL Generated Client Server Certificate" + +[ ca_fclient ] +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +nsComment = "OpenSSL Generated Client Certificate with key usage" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate without Flags" + +[ proxy_none ] +keyUsage = critical,digitalSignature,keyEncipherment + diff --git a/test/subca-ca/serial.txt b/test/subca-ca/serial.txt new file mode 100644 index 0000000..04db0ac --- /dev/null +++ b/test/subca-ca/serial.txt @@ -0,0 +1 @@ +0177 diff --git a/test/subca-ca/subca.cert b/test/subca-ca/subca.cert new file mode 100644 index 0000000..a5f95fb --- /dev/null +++ b/test/subca-ca/subca.cert @@ -0,0 +1,63 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 374 (0x176) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the root CA + Validity + Not Before: Nov 18 20:09:58 2009 GMT + Not After : Apr 5 20:09:58 2037 GMT + Subject: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subca CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ba:44:79:30:f9:57:b7:5a:8d:86:95:51:1c:5c: + 9d:f8:dd:e1:c7:e9:e3:d6:8e:9a:4d:7c:cc:0b:ef: + e2:85:99:8b:c1:df:7c:b4:41:60:6f:a6:55:0c:51: + cc:ed:d5:46:2a:64:24:a0:3a:d4:d1:ff:ef:44:20: + 07:c0:51:eb:67:ae:af:a7:d7:22:14:36:08:98:76: + 06:85:34:42:9f:30:23:0a:6b:f4:d5:47:38:67:54: + 0a:92:1b:33:5c:37:cb:e7:7c:76:94:45:ad:45:23: + 6c:b1:0c:80:5b:00:bc:4e:83:44:cc:0a:a0:a7:dd: + ef:59:ca:da:02:73:d6:f4:b3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 97:58:6D:62:00:14:32:1C:0E:B1:6F:89:3B:3C:92:A9:95:15:8A:05 + X509v3 Authority Key Identifier: + keyid:2D:F3:DE:73:35:35:2C:69:EB:A1:4E:EF:FE:6B:94:6E:37:3C:F5:31 + DirName:/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA + serial:EC:27:F9:B7:5E:38:FE:E5 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Signature Algorithm: md5WithRSAEncryption + 6c:03:5f:54:ba:53:fd:b4:fe:42:f5:96:1f:4d:98:64:11:6b: + 7c:95:8e:e6:91:22:a8:b7:d5:0a:5c:50:6f:16:ea:51:f2:aa: + 18:30:9a:55:1d:af:10:be:38:79:d7:eb:b9:2f:94:14:c4:0b: + 37:21:b8:76:b7:df:96:67:c5:98:56:8c:d6:88:c6:8b:ba:6d: + 06:a4:bb:c1:ad:72:c7:96:ff:85:f5:d5:36:88:ac:10:15:66: + 04:44:04:54:98:be:db:6c:83:78:48:aa:2a:52:9f:85:81:71: + 50:b7:af:22:2a:7c:f8:b8:94:bf:35:0e:6b:57:61:14:22:66: + 7c:6b +-----BEGIN CERTIFICATE----- +MIIC+TCCAmKgAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWjELMAkGA1UEBhMCVUcx +DzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxh +eGF0aW9uMRQwEgYDVQQDEwt0aGUgcm9vdCBDQTAeFw0wOTExMTgyMDA5NThaFw0z +NzA0MDUyMDA5NThaMFsxCzAJBgNVBAYTAlVHMQ8wDQYDVQQHEwZUcm9waWMxDzAN +BgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjEVMBMGA1UEAxMMdGhl +IHN1YmNhIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6RHkw+Ve3Wo2G +lVEcXJ343eHH6ePWjppNfMwL7+KFmYvB33y0QWBvplUMUczt1UYqZCSgOtTR/+9E +IAfAUetnrq+n1yIUNgiYdgaFNEKfMCMKa/TVRzhnVAqSGzNcN8vnfHaURa1FI2yx +DIBbALxOg0TMCqCn3e9ZytoCc9b0swIDAQABo4HMMIHJMAwGA1UdEwQFMAMBAf8w +HQYDVR0OBBYEFJdYbWIAFDIcDrFviTs8kqmVFYoFMIGMBgNVHSMEgYQwgYGAFC3z +3nM1NSxp66FO7/5rlG43PPUxoV6kXDBaMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMG +VHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xFDAS +BgNVBAMTC3RoZSByb290IENBggkA7Cf5t144/uUwCwYDVR0PBAQDAgEGMA0GCSqG +SIb3DQEBBAUAA4GBAGwDX1S6U/20/kL1lh9NmGQRa3yVjuaRIqi31QpcUG8W6lHy +qhgwmlUdrxC+OHnX67kvlBTECzchuHa335ZnxZhWjNaIxou6bQaku8GtcseW/4X1 +1TaIrBAVZgREBFSYvttsg3hIqipSn4WBcVC3ryIqfPi4lL81DmtXYRQiZnxr +-----END CERTIFICATE----- diff --git a/test/subca-ca/subca.namespaces b/test/subca-ca/subca.namespaces new file mode 100644 index 0000000..f372f3a --- /dev/null +++ b/test/subca-ca/subca.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/subca-ca/subca.p12 b/test/subca-ca/subca.p12 new file mode 100644 index 0000000000000000000000000000000000000000..c0a93580f9f7f094233e79fd6e6c4d844a82a01e GIT binary patch literal 1781 zcmY+DdpHw}9>?us3{#d%^OogxJMJ5`h#2LTBjkEqQfyw@M2;HCVuliCFFF-3V&t;M zluN7^xvY1*?rAQ`ILMl^*ASAU=Q-!R=lt<|e$VsyKEK~z-w%oc5d#4r6a~@@ff}Sc zr*FalGJsMFqzX)dF!pgNiUKP6GlG;-K)L%U3kZT($Kxk>zG%G$*-q3xD06UgE*Yu;X|%!0y__b zG4<`ew?~6Pc46?*=}+ghCJHZWv5=d4{v^OlRVR?I0nwaj)c#@+B#EBl5 zDFo<3J#8u!WA9u3XmKItf;nBNrWcZDR#H=E-M1qZTwWMA@Fh`{rfC~wwAo{_{HT|5 zF_!$n#8k;3pt00g`^j0U5M>YcFntRkH=^D!+FHS`xmq^)E7yBvrTWr*z`aP11**3HFg5bk|Lx#9p z@r~2fW;gBhJv3u74+C+j4VpySqXm+P)N1pUP*S@ZoEZ{(6rdeU;5;3<~+S+bz|;K&sTP?-cdu`!j16;kDG_E zZW>h$PN%Q1KJC7BKm#YoQWejFotQ=SnnhX&HCyga0dNPtjQeacsO|m)_VLHSw(A3D z5HMxkf}4gSSLfxrioX!20&{vHA>t?J&3Ff-Cbq`bF`;?H={J&U%CO^vNKB3#zQ=hHZjsk2jJm5?`MJ-x zt8?4`k6npQSmPh%d6Q(LFp8FPv4L@AKA#Z5(N*=?CYR%gD8ZA^PXww>*&qTJP@k<<^^+fbq z!EQ$wn{oR1G~opn@$I*P!60Mnyz1!IDNYO5!Rcb z{RC2++>b94j3J6H@*hla(kk@88U}}%#ms7N>Y-vU2`y%!$Jyw_k3xk+Gs%QF!*)c# z3vi{zQ{AsPTHhAn`=&!e?}Y9JNxHpp(n|&+_L6s zU#IwHxCq252`z&y>bf&j=Gnwn`E08P#-Vs=3D01gV7(`SCCk*WwL#twmD6Wi7R5in zLVC@U3Oq?loip7Cr&LQyr)f>!``T+Pd~B{_bqIQ6=gaku8jQ7g6E8kdDp` z^}jP7=^lBS?))>w z^bfssm&{sQfteb4rRAR3 zrEAcFPEkrB(j}GAZwxB6yT7%vBei}(!)>g&sbl;$7hUDihOsdbc{N}myz#-pEz$NB zLV0DbS;5n4Z_RN1n4kIII4+Z!1AvEUc7B=Jx~lNF+B;bgVOqMtD!1rRj~4c zv%ZgRPC{vYSVC&8)}7GR8X74_jdma1NlLu literal 0 HcmV?d00001 diff --git a/test/subca-ca/subca.priv b/test/subca-ca/subca.priv new file mode 100644 index 0000000..c449abc --- /dev/null +++ b/test/subca-ca/subca.priv @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC6RHkw+Ve3Wo2GlVEcXJ343eHH6ePWjppNfMwL7+KFmYvB33y0 +QWBvplUMUczt1UYqZCSgOtTR/+9EIAfAUetnrq+n1yIUNgiYdgaFNEKfMCMKa/TV +RzhnVAqSGzNcN8vnfHaURa1FI2yxDIBbALxOg0TMCqCn3e9ZytoCc9b0swIDAQAB +AoGAB3GTEkT0n2wr+bPf4O1GltpvGmkbZMigG/afxN5aRBKFxkKjHiT6sJuKDIr8 +UIjUW/9Sg2C2fonmyucoyCO9735TR7JTeIiEsrTWKI2OR2rMtvLyUV1x7MzfZtw+ +uIolrukbMD0a5RKKnAI1PqLVqgIDp8nSCbG7r8LLRvF3MGkCQQDfx4lSVZ5deHvy +H33QOqIekglKHesF6tin4J6xHN7l1bi76FpYQuOBmI4EuQfatlej/CbASt5vPFHj ++QxJXkCHAkEA1RZA9tpzslI3JeIBdMMtWRrBPRW8b1BFL7Y+hNBT/Gk5uG7Q0giE +4FH7Q95Phi1fMy8OIGskpyj2psC7DdGRdQJAf6nKAZquugxeSYcFs6F/k4kkm4/t +4HZWG4/deJVL5DrFJQ4tXGTsfaaWfsNAY9narcbQJKuRskvrO+98vu5ySQJAd//X +R+0P2K1aJzhWj5XWtOZPSoIyIxG2VL8yCAN2OKBdhBLMAGwRwG4KrVbFvA9THHT0 +ZKdR9d0owhGphYeufQJBANnY/Uc437oWe7qd/Kssai0omuGTswxztOZWWr4dAokP +9A18VsU3gSmFGMK6OCmtJcX6R3pO3FvuVSqtQz+HTLY= +-----END RSA PRIVATE KEY----- diff --git a/test/subca-ca/subca.req b/test/subca-ca/subca.req new file mode 100644 index 0000000..8cfc5b1 --- /dev/null +++ b/test/subca-ca/subca.req @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBmzCCAQQCAQAwWzELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0G +A1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRUwEwYDVQQDEwx0aGUg +c3ViY2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALpEeTD5V7dajYaV +URxcnfjd4cfp49aOmk18zAvv4oWZi8HffLRBYG+mVQxRzO3VRipkJKA61NH/70Qg +B8BR62eur6fXIhQ2CJh2BoU0Qp8wIwpr9NVHOGdUCpIbM1w3y+d8dpRFrUUjbLEM +gFsAvE6DRMwKoKfd71nK2gJz1vSzAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQCK +08BejkSBKvmzprupFEkKdaKcu+dDthDDpNGDrGJsYzIM/w4KU8PBQYZ1899YBu02 +TtusdVST6k8Q1uE35qdcd/hHRqRanQM8Vbzfzwoi2iOhUVvERW9/rEfdJ2HeiPzg +550HXO/kRbMOiATQEqNz5JcXWCS64raA7D9X7Y0jIQ== +-----END CERTIFICATE REQUEST----- diff --git a/test/subca-ca/subca.signing_policy b/test/subca-ca/subca.signing_policy new file mode 100644 index 0000000..0ef698a --- /dev/null +++ b/test/subca-ca/subca.signing_policy @@ -0,0 +1,4 @@ +# Signing policy file for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA" +access_id_CA X509 '/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subca CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*"' diff --git a/test/subsubca-ca/index.txt b/test/subsubca-ca/index.txt new file mode 100644 index 0000000..e69de29 diff --git a/test/subsubca-ca/req_conf.cnf b/test/subsubca-ca/req_conf.cnf new file mode 100644 index 0000000..2262038 --- /dev/null +++ b/test/subsubca-ca/req_conf.cnf @@ -0,0 +1,92 @@ +### req command + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] + +[ ca_cert_req ] +basicConstraints = CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign + +#[ serial_cert_req ] +#serialNumber = 12341324 + +#[ email_cert_req ] +#emailAddress = test@home.org + +#[ uid_cert_req ] +#userId = testuserid + +[ proxy_cert_req ] + +[ proxy_proxy_cert_req ] + +#### ca command + +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CASROOT/$ENV::CATYPE-ca +database = $dir/index.txt +serial = $dir/serial.txt +default_md = sha1 + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + +policy = policy_any + +[policy_any] +countryName = supplied +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +userId = optional +serialNumber = optional + +[ ca_cert ] +basicConstraints = CA:TRUE + + +[ ca_server ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +# For an object signing certificate this would be used. +# nsCertType = objsign + +[ ca_altname ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectAltName = DNS:*.hoo.org,DNS:joo.haa.org,IP:123.124.220.1,DNS:g*a.e*.com + +[ ca_client ] +# For normal client use this is typical +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" + +[ ca_clientserver ] +# For normal client use this is typical +nsCertType = server, client, email +nsComment = "OpenSSL Generated Client Server Certificate" + +[ ca_fclient ] +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +nsComment = "OpenSSL Generated Client Certificate with key usage" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate without Flags" + +[ proxy_none ] +keyUsage = critical,digitalSignature,keyEncipherment + diff --git a/test/subsubca-ca/serial.txt b/test/subsubca-ca/serial.txt new file mode 100644 index 0000000..3dcc795 --- /dev/null +++ b/test/subsubca-ca/serial.txt @@ -0,0 +1 @@ +0176 diff --git a/test/subsubca-ca/subsubca.cert b/test/subsubca-ca/subsubca.cert new file mode 100644 index 0000000..fc5eca4 --- /dev/null +++ b/test/subsubca-ca/subsubca.cert @@ -0,0 +1,63 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 374 (0x176) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subca CA + Validity + Not Before: Nov 18 20:09:58 2009 GMT + Not After : Apr 5 20:09:58 2037 GMT + Subject: C=UG, L=Tropic, O=Utopia, OU=Relaxation, CN=the subsubca CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:e9:4b:ca:3a:8f:65:d5:44:72:1f:21:9a:16:42: + 61:e7:67:93:38:13:cc:c2:0d:81:dc:ff:fe:8d:c4: + c1:a1:57:c1:43:64:18:bd:a2:22:0b:fd:51:84:12: + a2:b7:86:f2:1c:a0:dd:b2:e9:01:53:43:e2:c7:de: + 44:ea:41:97:85:08:91:b4:f9:b8:f8:1e:da:e9:a2: + 3c:1b:4e:33:8d:1a:05:d8:3a:40:21:f6:9d:2a:84: + c7:f6:10:8c:ea:21:2c:40:cc:a1:c8:6e:1e:76:c3: + 0d:21:ec:8f:fc:76:62:d8:78:ae:e1:11:9d:3c:66: + c3:56:bc:bb:8f:87:d2:2c:4b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 03:4A:F7:6F:2F:37:6B:B7:24:C1:92:6E:FB:54:26:42:C1:84:20:26 + X509v3 Authority Key Identifier: + keyid:97:58:6D:62:00:14:32:1C:0E:B1:6F:89:3B:3C:92:A9:95:15:8A:05 + DirName:/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the root CA + serial:01:76 + + X509v3 Key Usage: + Certificate Sign, CRL Sign + Signature Algorithm: md5WithRSAEncryption + ae:93:74:7c:61:3d:7c:38:c3:95:f8:48:71:33:6f:2b:00:eb: + 35:bb:5d:f2:0c:09:10:bf:07:48:ef:3f:10:d8:a9:ae:c8:74: + 82:12:18:01:6d:ce:b7:28:9b:6c:b1:b0:74:e5:b6:70:c4:d0: + 47:22:8b:ed:40:d8:79:d9:8a:93:03:94:cf:12:27:b9:06:ce: + e2:e8:a2:42:89:97:e0:12:e7:7f:0c:93:38:6f:56:4c:ca:6b: + 0a:23:df:6c:37:5e:32:1f:13:0f:2b:59:df:f3:e4:8c:80:8f: + c8:4e:01:f2:3a:20:87:be:15:96:ef:cf:94:8d:9a:79:35:bb: + f2:22 +-----BEGIN CERTIFICATE----- +MIIC9DCCAl2gAwIBAgICAXYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCVUcx +DzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRvcGlhMRMwEQYDVQQLEwpSZWxh +eGF0aW9uMRUwEwYDVQQDEwx0aGUgc3ViY2EgQ0EwHhcNMDkxMTE4MjAwOTU4WhcN +MzcwNDA1MjAwOTU4WjBeMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8w +DQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xGDAWBgNVBAMTD3Ro +ZSBzdWJzdWJjYSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6UvKOo9l +1URyHyGaFkJh52eTOBPMwg2B3P/+jcTBoVfBQ2QYvaIiC/1RhBKit4byHKDdsukB +U0Pix95E6kGXhQiRtPm4+B7a6aI8G04zjRoF2DpAIfadKoTH9hCM6iEsQMyhyG4e +dsMNIeyP/HZi2Hiu4RGdPGbDVry7j4fSLEsCAwEAAaOBwzCBwDAMBgNVHRMEBTAD +AQH/MB0GA1UdDgQWBBQDSvdvLzdrtyTBkm77VCZCwYQgJjCBgwYDVR0jBHwweoAU +l1htYgAUMhwOsW+JOzySqZUVigWhXqRcMFoxCzAJBgNVBAYTAlVHMQ8wDQYDVQQH +EwZUcm9waWMxDzANBgNVBAoTBlV0b3BpYTETMBEGA1UECxMKUmVsYXhhdGlvbjEU +MBIGA1UEAxMLdGhlIHJvb3QgQ0GCAgF2MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B +AQQFAAOBgQCuk3R8YT18OMOV+EhxM28rAOs1u13yDAkQvwdI7z8Q2KmuyHSCEhgB +bc63KJtssbB05bZwxNBHIovtQNh52YqTA5TPEie5Bs7i6KJCiZfgEud/DJM4b1ZM +ymsKI99sN14yHxMPK1nf8+SMgI/ITgHyOiCHvhWW78+UjZp5NbvyIg== +-----END CERTIFICATE----- diff --git a/test/subsubca-ca/subsubca.namespaces b/test/subsubca-ca/subsubca.namespaces new file mode 100644 index 0000000..9089949 --- /dev/null +++ b/test/subsubca-ca/subsubca.namespaces @@ -0,0 +1,3 @@ +# Namespace for the /C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA" +TO Issuer "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=the subsubca CA" PERMIT Subject "/C=UG/L=Tropic/O=Utopia/OU=Relaxation/*" + diff --git a/test/subsubca-ca/subsubca.p12 b/test/subsubca-ca/subsubca.p12 new file mode 100644 index 0000000000000000000000000000000000000000..5ea8e3f4b29dab291b44f40bc1e6cbf54c2d95d1 GIT binary patch literal 1781 zcmY+DXH=637KYRKG(bd9AQX)ZWsxGGh2qEp0-?z2pp;c+1(e>aN)sYQhCo77R7wB| zibxou)W}e!1c49@Ep$Q&y>}TrXLo1!$36F)=RNoSdLJ|nScQP0XdF-pz!l<5Y zH3;M+C<+I)EAeSM=X!U>Im?C^FF6evWA$YwG%e2SX3a{qZS43gE!)bhy3gq2gG-Kj zBPh)S2r-lF4@w}|v|PIbu?@qUnxs$g3XXW{i5b~Z3}OB=VzK|u&QQdFL*Vm(z3eK} zf{*>}h~~A|68vK^JCA~H$O89P_LZ3BagDzPqf>HYi<{Fomdu8E=kls3cDGW+e#sD+ z=6QbSrlpRjL|_Z_i$>otJ^E)<;X+(SH&2}MfxZgD*?E5cQAf+&!6A-Q)fgc_G?|<6AD2xpWHk;1fXZ z8{$-9%}bC3UQ0CnP~MfU?y6ZEub5ufT+Bs&dBM_#_YQPRMYFz;VLi)o_ z#?PbTlxfZo@*meKax)Pa+0Jz-zI}P+=WKUfHO=eGq$ZHafV?2}nRYEvrj7QPyl#DA zC2gVF<$Su4|8gfj7BH%GXyt$fsYke%Y1{RpwamHzoH4CTS(ISFXP7OSJ~OsVSP4^- zIfs(lNvZkmW&eq8i@^2*wRQjCxrDB-^R#4-_c`S$tub?J^bAeAI@;*u#s` zT|}$(!S9cYjCaGk*SxKZ#!FTFPIRC&_iQM6ng^%`nkA|NTi*3Ywun40{_k&oo$mG^ zRCHk#Qjo>HAdkDHTzppT+ZzjNqOGHqKA1hl+&hUKy-zI5S;!RQHX&UbStGXzR;-4b zmYZ}xj-wSEZb40T7PuF)8_m${aiu>RV(`s-(1t(KYn(*mz6gI);f`6Gcv~UPez<3m z)^>S$NmATX;G)XQafX_-JU`X^I|Ga1OgXW0Gu!q;Fz#j5EcRB~({?jGD|u_^+qV7} zU)6_9FI>b5=}dFS%jFhZ3MfzaUZ*%byVc65LE|91|05y^2jRkSkm+MQaXcdc-+#2^ z1w)QQ@-fW+KU<+cY^6{b;+vyKAAi_-d>+;M{;Mhc`xWrX)=UHE``-8rpBh36sqJ!B zerH2v&SVlQm7B;YuAyAvw~t*E;QS$en?{H0Zke$3T)AYTq+o4&ZO@rk_J-w<`moa~ z^9G(+oJ4w>2dBD_yYX!4BD; z&Ap%R4X0J8mfu!_7N?l`VZ!T}2O{dTB{}A2W)=+}>T@5pyek7VnUhynS|$_leaRC| z&z0{X?22>p)o-5n%hD;5@7JpHiY;*N+e!^oa?mhPW03SDkY+U0x}p7E5SZ^3{Z{q< z#-K0t5_6&<0-nx}ByAz*@^^fb1+!0GGG1YgMVeS>0UNuP(L@=dUN~rQgsv8e&H}7L z?#5b&stfzZf6wduyvlqgXWQ@O)+o;Gw$sxt1$@5)xJ<**)l8|`?flff>?av7LR&Ph z;mTsJROruC2E!u}s#Ao3?8>W+eW#PVf8|&6s_eo9nbp-t+5u-$wf7TsNRZ1({%g@! zl9*_dHm zSAE!L3pZVrDb<