From 80ff02ae64d01600325571b876541e73dfc29f0e Mon Sep 17 00:00:00 2001 From: Joni Hahkala Date: Mon, 29 Jun 2009 10:52:59 +0000 Subject: [PATCH] forgot these new files from Kalle --- bin/generate-test-certificates.sh | 2 +- test/bad-ca/bad.cert | 18 +++++++++++ test/bad-ca/bad.priv | 15 +++++++++ test/bad-ca/ca_conf.cnf | 62 ++++++++++++++++++++++++++++++++++++ test/bad-ca/ca_proxy_conf.cnf | 27 ++++++++++++++++ test/bad-ca/index.txt | 0 test/bad-ca/req_conf.cnf | 33 +++++++++++++++++++ test/bad-ca/req_conf_future.cnf | 35 ++++++++++++++++++++ test/bad-ca/req_conf_policy.cnf | 33 +++++++++++++++++++ test/bad-ca/req_proxy_conf.cnf | 46 ++++++++++++++++++++++++++ test/bad-ca/req_proxy_proxy_conf.cnf | 35 ++++++++++++++++++++ test/bad-ca/serial.txt | 1 + 12 files changed, 306 insertions(+), 1 deletion(-) create mode 100644 test/bad-ca/bad.cert create mode 100644 test/bad-ca/bad.priv create mode 100644 test/bad-ca/ca_conf.cnf create mode 100644 test/bad-ca/ca_proxy_conf.cnf create mode 100644 test/bad-ca/index.txt create mode 100644 test/bad-ca/req_conf.cnf create mode 100644 test/bad-ca/req_conf_future.cnf create mode 100644 test/bad-ca/req_conf_policy.cnf create mode 100644 test/bad-ca/req_proxy_conf.cnf create mode 100644 test/bad-ca/req_proxy_proxy_conf.cnf create mode 100644 test/bad-ca/serial.txt diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh index 18fcc7d..93cae53 100755 --- a/bin/generate-test-certificates.sh +++ b/bin/generate-test-certificates.sh @@ -500,7 +500,7 @@ EOF cat < $CA_DIR/${catype}.namespaces # Namespace for the $(echo "$subject_name" | sed -e 's#^.*/CN=##') -TO Issuer "${subject_name:9} \\" +TO Issuer "${subject_name:9}" \ PERMIT Subject "$(echo "${subject_name:9}" | sed -e 's#/CN=.*$##')/*" EOF diff --git a/test/bad-ca/bad.cert b/test/bad-ca/bad.cert new file mode 100644 index 0000000..f7c2fdf --- /dev/null +++ b/test/bad-ca/bad.cert @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3TCCAkagAwIBAgIBADANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJVRzEP +MA0GA1UEBxMGVHJvcGljMQ8wDQYDVQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4 +YXRpb24xEzARBgNVBAMTCnRoZSBiYWQgY2EwHhcNMDkwNjEwMDg1MTE0WhcNMzIw +NjA0MDg1MTE0WjBZMQswCQYDVQQGEwJVRzEPMA0GA1UEBxMGVHJvcGljMQ8wDQYD +VQQKEwZVdG9waWExEzARBgNVBAsTClJlbGF4YXRpb24xEzARBgNVBAMTCnRoZSBi +YWQgY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOnSGYPzR4XyUwMrwk7U +u10TVyfQPd5uhXK8uLdERC/shNQ/qBH6HtmgiiCm7GCB40bkJgp3mmJ+HWN4JOGe +e1UW5tgsc2e2ODF8GJNkcmdqcpkZ3/vbA3tQx2LmNtAEcgsnkiY+MtYCTS+xbirL +YgAYNV2TYLymSSGwvcjUGkodAgMBAAGjgbQwgbEwHQYDVR0OBBYEFGDsw1knQ14E +I51ZkTfhgsF9J3SQMIGBBgNVHSMEejB4gBRg7MNZJ0NeBCOdWZE34YLBfSd0kKFd +pFswWTELMAkGA1UEBhMCVUcxDzANBgNVBAcTBlRyb3BpYzEPMA0GA1UEChMGVXRv +cGlhMRMwEQYDVQQLEwpSZWxheGF0aW9uMRMwEQYDVQQDEwp0aGUgYmFkIGNhggEA +MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAxRcla6HVYf9lhOipnNua +QP1HjmJ9CUygBTdczSM2NGnwvC7pTIV01tRsbsOxvRqUM3iZIv/XX3Bkjuww47YV +eon/S55B4VQIFKIq4VWI9ZALyb/QlKhO2CLxgAJ7LNgnSBsmhKx9WL/st+WSRPgs +yCCnlgIh1ZZY8jsgaRNDiJg= +-----END CERTIFICATE----- diff --git a/test/bad-ca/bad.priv b/test/bad-ca/bad.priv new file mode 100644 index 0000000..79b06b5 --- /dev/null +++ b/test/bad-ca/bad.priv @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDp0hmD80eF8lMDK8JO1LtdE1cn0D3eboVyvLi3REQv7ITUP6gR ++h7ZoIogpuxggeNG5CYKd5pifh1jeCThnntVFubYLHNntjgxfBiTZHJnanKZGd/7 +2wN7UMdi5jbQBHILJ5ImPjLWAk0vsW4qy2IAGDVdk2C8pkkhsL3I1BpKHQIDAQAB +AoGBAMDZNYw8CeCzNb5myBNGp+Yjfn3q5ixgEZbJirw1BNxWAlQg0JlLJ0itfV9i +7ZDHcFHW+H0nmmDjzY9t11Vy5hp7a47ssqBEeQXpyXI+YRwc5jIW2ThaZNlMiPVm +HfpiyNlftswNEjjpQ0nAqp3LFldbonHJI+a687O0AXSWmJUNAkEA+TlOJmhmD0u6 +AL1EqjCH9AnAgQCbmgDlQ+7bOxXsUvHJ82kYL/nB+Kq08ZC3ZuWYtv0kiHwEpANO +qqewmyGYqwJBAPAtlR+w6XRzJSj2DyfkNajM1Gyo4HdufDjydKSqqipI0WfW/S+s +NUEZHlgCoHx7rB/PdV49nHINTPmMkxreOFcCQEJ1KYXMaQrDIsJ3tgu8DUTiJNdB +ljym6HwJAaTr36zulO+3op+IdlUdEEsqT/28U9DYCBntGD+0MhIHzWxQtSkCQCkt +Z3e7eQsCAsj3BrosIhcCpxjKC1Hum1WYG+9vYyVEvsIy1c2qlKbIi69DJAizm1sI +0nKJ1ZyoMx5Fv6LHnpkCQQD08QwHsVRycgd44wbd6nTJ4NCrk6kZ7NBVkz8k5tcl +nwDtFEJV/zdL2Hr2JTW6yOlO452Q+Z/oq1NFhm42YIEx +-----END RSA PRIVATE KEY----- diff --git a/test/bad-ca/ca_conf.cnf b/test/bad-ca/ca_conf.cnf new file mode 100644 index 0000000..cc85df0 --- /dev/null +++ b/test/bad-ca/ca_conf.cnf @@ -0,0 +1,62 @@ +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CA_DIR +database = $dir/index.txt +serial = $dir/serial.txt +default_md = sha1 + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + +policy = policy_any + +[policy_any] +countryName = supplied +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +serialNumber = optional +userId = optional + +[ ca_cert ] +basicConstraints=CA:TRUE + + +[ ca_server ] +# This is OK for an SSL server. +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" + +# For an object signing certificate this would be used. +# nsCertType = objsign + +[ ca_client ] +# For normal client use this is typical +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" + +[ ca_clientserver ] +# For normal client use this is typical +nsCertType = server, client, email +nsComment = "OpenSSL Generated Client Server Certificate" + +# and for everything including object signing: +# nsCertType = client, email, objsign + +[ ca_fclient ] +# This is typical in keyUsage for a client certificate. +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Client Certificate with Flags" + +[ ca_none ] +nsComment = "OpenSSL Generated Client Certificate with Flags" + +[ proxy_none ] +keyUsage=critical,digitalSignature,keyEncipherment diff --git a/test/bad-ca/ca_proxy_conf.cnf b/test/bad-ca/ca_proxy_conf.cnf new file mode 100644 index 0000000..465a9a0 --- /dev/null +++ b/test/bad-ca/ca_proxy_conf.cnf @@ -0,0 +1,27 @@ +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CA_DIR +database = $dir/index_proxy.txt +serial = $dir/serial_proxy.txt + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + +policy = policy_any + +[policy_any] +countryName = supplied +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ ca_cert ] +basicConstraints=CA:TRUE + +[ proxy_none ] + diff --git a/test/bad-ca/index.txt b/test/bad-ca/index.txt new file mode 100644 index 0000000..e69de29 diff --git a/test/bad-ca/req_conf.cnf b/test/bad-ca/req_conf.cnf new file mode 100644 index 0000000..7c30db9 --- /dev/null +++ b/test/bad-ca/req_conf.cnf @@ -0,0 +1,33 @@ +[ req ] +default_bits = $ENV::BITS +default_keyfile = keyfile.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = $ENV::PASSWORD +ca_cert = CA_cert + +[ req_distinguished_name ] +countryName = UG + +#stateOrProvinceName = South area + +localityName = Tropic + +organizationName = Utopia + +organizationalUnitName = Relaxation + +commonName = $ENV::CN + +#emailAddress = Email Address + +[ req_attributes ] +#challengePassword = $ENV::PASSWORD + +[ CA_cert ] +basicConstraints = CA:true +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/bad-ca/req_conf_future.cnf b/test/bad-ca/req_conf_future.cnf new file mode 100644 index 0000000..a0042a4 --- /dev/null +++ b/test/bad-ca/req_conf_future.cnf @@ -0,0 +1,35 @@ +[ req ] +default_bits = $ENV::BITS +default_keyfile = keyfile.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = $ENV::PASSWORD +ca_cert = CA_cert + +[ req_distinguished_name ] +countryName = UG + +#stateOrProvinceName = South area + +localityName = Tropic + +organizationName = Utopia + +organizationalUnitName = Relaxation + +commonName = $ENV::CN + +#userId = testuserid + +#emailAddress = Email Address + +[ req_attributes ] +#challengePassword = $ENV::PASSWORD + +[ CA_cert ] +basicConstraints = CA:true +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/bad-ca/req_conf_policy.cnf b/test/bad-ca/req_conf_policy.cnf new file mode 100644 index 0000000..20c593b --- /dev/null +++ b/test/bad-ca/req_conf_policy.cnf @@ -0,0 +1,33 @@ +[ req ] +default_bits = $ENV::BITS +default_keyfile = keyfile.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = $ENV::PASSWORD +ca_cert = CA_cert + +[ req_distinguished_name ] +countryName = UG + +#stateOrProvinceName = South area + +localityName = Tropic + +organizationName = Utopia + +organizationalUnitName = Chillin + +commonName = $ENV::CN + +#emailAddress = test@home.org + +[ req_attributes ] +#challengePassword = $ENV::PASSWORD + +[ CA_cert ] +basicConstraints = CA:true +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_none ] diff --git a/test/bad-ca/req_proxy_conf.cnf b/test/bad-ca/req_proxy_conf.cnf new file mode 100644 index 0000000..61a1812 --- /dev/null +++ b/test/bad-ca/req_proxy_conf.cnf @@ -0,0 +1,46 @@ +[ca] +default_ca = CA_default + +[CA_default] +dir = $ENV::CA_DIR +database = $dir/index.txt +serial = $dir/serial.txt + +certificate = $dir/$ENV::CATYPE.cert +private_key = $dir/$ENV::CATYPE.priv + +[ req ] + +default_bits = 1024 +default_keyfile = keyfile.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = $ENV::PASSWORD +# ca_cert = CA_cert + +[ req_distinguished_name ] + +countryName = UG + +#stateOrProvinceName = South area + +localityName = Tropic + +organizationName = Utopia + +organizationalUnitName = Relaxation + +0.commonName = $ENV::CN + +1.commonName = $ENV::PROXYNAME + +#emailAddress = Email Address + +[ req_attributes ] + +[ CA_cert] + +basicConstraints = CA:true +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/bad-ca/req_proxy_proxy_conf.cnf b/test/bad-ca/req_proxy_proxy_conf.cnf new file mode 100644 index 0000000..f95b0ca --- /dev/null +++ b/test/bad-ca/req_proxy_proxy_conf.cnf @@ -0,0 +1,35 @@ +[ req ] +default_bits = 1024 +default_keyfile = keyfile.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +prompt = no +output_password = $ENV::PASSWORD +ca_cert = CA_cert + +[ req_distinguished_name ] +countryName = UG + +#stateOrProvinceName = South area + +localityName = Tropic + +organizationName = Utopia + +organizationalUnitName = Relaxation + +0.commonName = $ENV::CN + +1.commonName = $ENV::PROXYNAME + +2.commonName = $ENV::PROXYNAME + +#emailAddress = Email Address + +[ req_attributes ] +#challengePassword = $ENV::PASSWORD + +[ CA_cert] +basicConstraints = CA:true +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/bad-ca/serial.txt b/test/bad-ca/serial.txt new file mode 100644 index 0000000..3dcc795 --- /dev/null +++ b/test/bad-ca/serial.txt @@ -0,0 +1 @@ +0176 -- 1.8.2.3