tests: Add a server certificate with TOD policy

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-06-11 03:13:46 +03:00
parent 8a3368d7f4
commit 82b9de98c3
7 changed files with 164 additions and 1 deletions

View File

@ -132,6 +132,7 @@ subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
#@ALTNAME@
#@CERTPOL@
extendedKeyUsage = serverAuth

View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDlDCCAfwCAQAwTzELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
BgNVBAoMBXcxLmZpMR4wHAYDVQQDDBVzZXJ2ZXItcG9saWNpZXMudzEuZmkwggGi
MA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDSpu+bvWBjoXWtS9NvWV6E+mSg
ZCQLeEj8jWaLL24dRCuuw22UusujNL4LTkeNW9mZpqgHCYdVsjd+R2dcdF8sg3my
CEe07E/vdVhnxlhMT2jBGBqETXgjSJoUOG5bShLrhsT3TDisY6dh+rNkfIkOKfef
+HXD75DCcZahq2nTwnQTz+j3CZjtOnnWxEZJk3g7FqWp3fDrvUSn3E7O96fJP3gI
iwXGFy7u3xGg9/VYgHbCNO+5eL7EXL5fXte3zaMSxON2/GSFZGVr2lzJOFA5iXLl
IO+5C8wyJjx5XkqNeI1q3XM6yEInQw3dBR+8hN9WLX6YUJ6LeLDn/ag5B1cFEvwA
74nwPwP2k1uwRFdhYUcFbMQWmGG4kzJFOfu7jjuHGF86B1fRmIkdhbde6htReZRc
2Pq9unUAA+P0A81c2xahrLf0k37smrDmnE5dPLoBMsxwykk8kv7SiIGd2/S7gP7v
iVDqgJW9xPoo2MCGYTfXmSuOuQZ4mghEF9oZNZcCAwEAAaAAMA0GCSqGSIb3DQEB
CwUAA4IBgQC9HigmR7s38B1IRYNJ1WwC7UlV4fFTElisntPXiQsDZzvZ0Gufsobx
Bk/As4DWsQEJ17EvF0LXnsgRG670bnh/YibkaVBF71XLkBAfkXGaa1nw4VNC4EEJ
sPIcrEQGxhkAJHvT3cZ0zWQnSKbcZbt6Vn0bNoRPihDKTek6dPPI9HamDsu0OBl1
l8FdMfG4Ge1NquABvgBSrt85XHXfCBYlXBsnJ5XeA8A2t7JtW6C51EVGGachglPB
ajrtuD00puJ+Cx+a7k5OHniTpAUHS6EOYpcWcUrzIKVCAGlHFd4XOZdD0hP7/eFR
H57JjFTwDENSCU1GiRwra/ACswR2XWYQH0v+CvbKUx6ZivtKLkuGr4go/YIgVeXq
WM7b+tDopZVFsjdrbkuefkimYIJdwmZXukM5qP0pKTGNM9zeBaAs9bAKDs42jF2f
8i9M7DpIzJ9X1Y8xhaBEjodUcCtT5LFPNh0JT5wwkbS2SGgQiti3MdcnQQYqXDUZ
xd6npHU4F+c=
-----END CERTIFICATE REQUEST-----

View File

@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDSpu+bvWBjoXWt
S9NvWV6E+mSgZCQLeEj8jWaLL24dRCuuw22UusujNL4LTkeNW9mZpqgHCYdVsjd+
R2dcdF8sg3myCEe07E/vdVhnxlhMT2jBGBqETXgjSJoUOG5bShLrhsT3TDisY6dh
+rNkfIkOKfef+HXD75DCcZahq2nTwnQTz+j3CZjtOnnWxEZJk3g7FqWp3fDrvUSn
3E7O96fJP3gIiwXGFy7u3xGg9/VYgHbCNO+5eL7EXL5fXte3zaMSxON2/GSFZGVr
2lzJOFA5iXLlIO+5C8wyJjx5XkqNeI1q3XM6yEInQw3dBR+8hN9WLX6YUJ6LeLDn
/ag5B1cFEvwA74nwPwP2k1uwRFdhYUcFbMQWmGG4kzJFOfu7jjuHGF86B1fRmIkd
hbde6htReZRc2Pq9unUAA+P0A81c2xahrLf0k37smrDmnE5dPLoBMsxwykk8kv7S
iIGd2/S7gP7viVDqgJW9xPoo2MCGYTfXmSuOuQZ4mghEF9oZNZcCAwEAAQKCAYA/
Xm6oOCD9971Rw4S4c3cGo9iPk3Bwbt/t8Y+OgVcrwK0vZqTZYBQQZbZh6kuGD8J3
AXZ8n3Yx5mnhOBO08WEMIAUE9I61s30ceP1+QmGfmyfVJq4bbL6eRqHrQUqZdcAZ
UDKCflByM4xP4j4DFZ+ZPjC60+CBb9jpVYhN3CX6yP1oVFwtrJpviu7KF8NZMN6z
T83IOvbVw9sacCDZDBFSbiBq2X+EJsc8nqhL9yu8UvDm3UvcTKF+qrOuNvbH2TkP
+vxSVC8Y81VoBR5ngsQzZc+XDrplMb/BA4UJVncxMJ8kg0U08RwDTYwoLo6vKeus
xqGESyBbjbC5QpPdX+hjHqmNdjjbYS47zkWrZ8geE5jpIx9A1hePd/MxZeX9rZWp
lZm8yWF5DMFF6CZxc/FlYI0aXP8C1rV+GBZ5gkRq/6E5hiLbdbbNGB6IENvACIbD
qQwwuIl8qwIgzBey6e0WYnKH1U00YIUg8OgXXFsjzAw40ltPCjwoRt9KSOp3MxkC
gcEA/3XjtPvq2eauJjFTJ1ewLmbu2JTV+8mrA39UD0clCqptH7fVaSdxjeniOu7/
UiPjNoFMr8+Ec6s/RkIWyOeKVjnKhqVLR91XGXz8PzYQMvhKmfEHfe7mCZ94RapU
Hl2k6ZpJLq384i/5KYDU3i3a+9DD+iZQ4P66HGnCKLILpbV8vz4ZFASp8ffU1snL
JPLm3UhqTVf4ZeJlL5xbuqk9QHl7jz5UDNpytk5zkEPCDzh0OH+OyZ+nSJiKDok2
pjM7AoHBANMY0lGwDavtTf9xghLHtevQlJSm/JbBfM7Hp81/UY+Ibl7uRyQXkEdd
03szMFoP0UbsJHg9hPN07yv3rJpyBh2O5atgWqidYq4nJLBC1a5RALiqfaHnJNhe
IV4d8+TE0jOLUE2cMuWQFabKpHCGZ4GdTZNMsz1VKCx3cQwQ7GF75ZKBKIYYxMNi
yIen+dpCmEAvubMXLyB24mGQ3qbIml01cT7R1j1QNVGvXGDRhhRGlyzm8W1decza
CX9mgUVpVQKBwQCqDWX5EkExsDd5QRhjdiHXobmY/uq643Itr9LbILbttKlTleJA
T3ttxqVMKdBYc39KxyOvXOqEvRgvwsq8DjWuVGYW322Pdy4Fz4dy5KA/7bxrYWFl
WWRUP42mgk3gsOGYh5XztupB/0FTeWk6RTgirMPofx0TyT1GsLgIswzB0GAsRkAX
bUtbwWgzWr0Z6X/5Cb2Joue9mslUujbtuL8Hblbr8cetjrUR2oNfI1vJGgFzoqYA
XYDT+IbeSkTQugUCgcEAo5pRJk4zylOYZ6kpDjUJoUF+ZdclXBGJERlby8ApDfzG
zXwOVsKMZ0MobAs4JhSsNTM+8JF9QNIXqxPBCdHlO3NMPI3otVWE7UQZAyJJSVgu
HvDDfX8O50HMyoycQWjpIFmQWxX7vD73CNV0rGD+R04KmWaQY7Bj+lJ3ospa6RKE
0g6XwZXgqS0eDUT6N1X1eYmDenE1bQu2V7dXWBuQxzxsECvAxrQrHquyBLdeGsi6
0WoLIp+XjlRNmBdxiMIhAoHANi3K+ExLqmkbspSOmRUJiDkxxoaZAvc0EfqUBRU1
8H1syqeBzIKYbIsmipWoHgapJPuDtMKWS/7EihkkHTlMjBMORr/JgF14TYAK5nP1
/YUUv7UgsJvBFZLLepbbcrNxeb2WC9TsdNlxxpwx89661sBiDrwPztBEqyGPBa/b
oOwesnmVlDS/BjUUt7xNHHxGMRNE0eOg7x7NIplPb5y7+X5BTwpuuzHRcimUpIbr
V+nPmVUHX6GcYg7TZpT+bgcO
-----END PRIVATE KEY-----

View File

@ -0,0 +1,91 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15624081837803162909 (0xd8d3e3a6cbe3cd1d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, O=w1.fi, CN=Root CA
Validity
Not Before: Jun 11 00:12:34 2019 GMT
Not After : Jun 10 00:12:34 2020 GMT
Subject: C=FI, O=w1.fi, CN=server-policies.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (3072 bit)
Modulus:
00:d2:a6:ef:9b:bd:60:63:a1:75:ad:4b:d3:6f:59:
5e:84:fa:64:a0:64:24:0b:78:48:fc:8d:66:8b:2f:
6e:1d:44:2b:ae:c3:6d:94:ba:cb:a3:34:be:0b:4e:
47:8d:5b:d9:99:a6:a8:07:09:87:55:b2:37:7e:47:
67:5c:74:5f:2c:83:79:b2:08:47:b4:ec:4f:ef:75:
58:67:c6:58:4c:4f:68:c1:18:1a:84:4d:78:23:48:
9a:14:38:6e:5b:4a:12:eb:86:c4:f7:4c:38:ac:63:
a7:61:fa:b3:64:7c:89:0e:29:f7:9f:f8:75:c3:ef:
90:c2:71:96:a1:ab:69:d3:c2:74:13:cf:e8:f7:09:
98:ed:3a:79:d6:c4:46:49:93:78:3b:16:a5:a9:dd:
f0:eb:bd:44:a7:dc:4e:ce:f7:a7:c9:3f:78:08:8b:
05:c6:17:2e:ee:df:11:a0:f7:f5:58:80:76:c2:34:
ef:b9:78:be:c4:5c:be:5f:5e:d7:b7:cd:a3:12:c4:
e3:76:fc:64:85:64:65:6b:da:5c:c9:38:50:39:89:
72:e5:20:ef:b9:0b:cc:32:26:3c:79:5e:4a:8d:78:
8d:6a:dd:73:3a:c8:42:27:43:0d:dd:05:1f:bc:84:
df:56:2d:7e:98:50:9e:8b:78:b0:e7:fd:a8:39:07:
57:05:12:fc:00:ef:89:f0:3f:03:f6:93:5b:b0:44:
57:61:61:47:05:6c:c4:16:98:61:b8:93:32:45:39:
fb:bb:8e:3b:87:18:5f:3a:07:57:d1:98:89:1d:85:
b7:5e:ea:1b:51:79:94:5c:d8:fa:bd:ba:75:00:03:
e3:f4:03:cd:5c:db:16:a1:ac:b7:f4:93:7e:ec:9a:
b0:e6:9c:4e:5d:3c:ba:01:32:cc:70:ca:49:3c:92:
fe:d2:88:81:9d:db:f4:bb:80:fe:ef:89:50:ea:80:
95:bd:c4:fa:28:d8:c0:86:61:37:d7:99:2b:8e:b9:
06:78:9a:08:44:17:da:19:35:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
3E:AD:0D:4D:7E:FA:A2:4A:D5:F5:31:EA:B6:B4:BF:83:B1:55:7E:C7
X509v3 Authority Key Identifier:
keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
Authority Information Access:
OCSP - URI:http://server.w1.fi:8888/
X509v3 Subject Alternative Name:
DNS:server-policies.w1.fi
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.40808.1.3.1
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
ad:cc:03:e6:6b:f0:05:4b:27:41:2a:4d:23:dc:89:76:1d:61:
7f:b6:06:fc:48:8b:ce:1a:c2:c4:43:49:6a:41:9b:5e:65:ce:
a7:e6:62:df:44:96:3e:0e:d9:26:20:f2:2a:53:5d:35:c8:f7:
15:d2:60:29:50:c7:20:50:a1:df:7a:41:cd:1d:a6:3a:e8:3f:
5d:1c:38:ed:73:f6:ee:41:ff:8a:54:c4:b5:94:ba:b7:c6:cd:
82:c8:c2:7d:dc:4d:27:2f:f1:77:40:20:7c:5a:6b:ce:3e:9d:
e5:17:d1:5d:0a:79:66:59:fb:c9:08:cc:24:09:4d:53:ae:4f:
fb:c6
-----BEGIN CERTIFICATE-----
MIIDxTCCAy6gAwIBAgIJANjT46bL480dMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xOTA2
MTEwMDEyMzRaFw0yMDA2MTAwMDEyMzRaMD0xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
DAV3MS5maTEeMBwGA1UEAwwVc2VydmVyLXBvbGljaWVzLncxLmZpMIIBojANBgkq
hkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0qbvm71gY6F1rUvTb1lehPpkoGQkC3hI
/I1miy9uHUQrrsNtlLrLozS+C05HjVvZmaaoBwmHVbI3fkdnXHRfLIN5sghHtOxP
73VYZ8ZYTE9owRgahE14I0iaFDhuW0oS64bE90w4rGOnYfqzZHyJDin3n/h1w++Q
wnGWoatp08J0E8/o9wmY7Tp51sRGSZN4Oxalqd3w671Ep9xOzvenyT94CIsFxhcu
7t8RoPf1WIB2wjTvuXi+xFy+X17Xt82jEsTjdvxkhWRla9pcyThQOYly5SDvuQvM
MiY8eV5KjXiNat1zOshCJ0MN3QUfvITfVi1+mFCei3iw5/2oOQdXBRL8AO+J8D8D
9pNbsERXYWFHBWzEFphhuJMyRTn7u447hxhfOgdX0ZiJHYW3XuobUXmUXNj6vbp1
AAPj9APNXNsWoay39JN+7Jqw5pxOXTy6ATLMcMpJPJL+0oiBndv0u4D+74lQ6oCV
vcT6KNjAhmE315krjrkGeJoIRBfaGTWXAgMBAAGjgdYwgdMwCQYDVR0TBAIwADAd
BgNVHQ4EFgQUPq0NTX76okrV9THqtrS/g7FVfscwHwYDVR0jBBgwFoAUuJLe/YoY
szDDn1XzM120yCmKQRQwNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzABhhlodHRw
Oi8vc2VydmVyLncxLmZpOjg4ODgvMCAGA1UdEQQZMBeCFXNlcnZlci1wb2xpY2ll
cy53MS5maTAYBgNVHSAEETAPMA0GCysGAQQBgr5oAQMBMBMGA1UdJQQMMAoGCCsG
AQUFBwMBMA0GCSqGSIb3DQEBCwUAA4GBAK3MA+Zr8AVLJ0EqTSPciXYdYX+2BvxI
i84awsRDSWpBm15lzqfmYt9Elj4O2SYg8ipTXTXI9xXSYClQxyBQod96Qc0dpjro
P10cOO1z9u5B/4pUxLWUurfGzYLIwn3cTScv8XdAIHxaa84+neUX0V0KeWZZ+8kI
zCQJTVOuT/vG
-----END CERTIFICATE-----

View File

@ -42,3 +42,4 @@ V 191003221355Z D8D3E3A6CBE3CD18 unknown /C=FI/O=w1.fi/CN=server3.w1.fi
V 191003221355Z D8D3E3A6CBE3CD19 unknown /C=FI/O=w1.fi/CN=server5.w1.fi
V 191003221355Z D8D3E3A6CBE3CD1A unknown /C=FI/O=w1.fi/CN=server6.w1.fi
V 191003221355Z D8D3E3A6CBE3CD1B unknown /C=FI/O=w1.fi/CN=Test User
V 200610001234Z D8D3E3A6CBE3CD1D unknown /C=FI/O=w1.fi/CN=server-policies.w1.fi

View File

@ -1 +1 @@
D8D3E3A6CBE3CD1C
D8D3E3A6CBE3CD1E

View File

@ -32,6 +32,14 @@ cat openssl2.cnf |
> openssl.cnf.tmp
$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-eku-client-server.csr -out server-eku-client-server.pem -extensions ext_client_server
cat openssl2.cnf |
sed "s/#@CN@/commonName_default = server-policies.w1.fi/" |
sed "s/#@ALTNAME@/subjectAltName=DNS:server-policies.w1.fi/" |
sed "s/#@CERTPOL@/certificatePolicies = 1.3.6.1.4.1.40808.1.3.1/" \
> openssl.cnf.tmp
#$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout server-certpol.key -out server-certpol.csr -outform PEM -sha256
$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-certpol.csr -out server-certpol.pem -extensions ext_server
echo
echo "---[ Update user certificates ]-----------------------------------------"
echo