tests: Add a server certificate with TOD-TOFU policy

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-08-16 15:59:43 +03:00 committed by Jouni Malinen
parent a647a0ad75
commit b1dfe96ae1
6 changed files with 164 additions and 1 deletions

View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIDlTCCAf0CAQAwUDELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
BgNVBAoMBXcxLmZpMR8wHQYDVQQDDBZzZXJ2ZXItcG9saWNpZXMyLncxLmZpMIIB
ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA5lDRKAUnbNRC00LHzFOpa8Kj
qyBvFzSd5B0x0MRoZULV6L2quOTp9u4udc1qjPaOqq9sfOs1UFWxwrP4p9AeozMm
aEAgE3QIh++2OvF/PvV/k0R0N4vDiae6X0I5SiIgQGbGb3fPVD8FYd6rcfqfeG2X
SuhgoBGqbLqdRGUY6OCP0d/alatBLGNl9kJC5h9CpBx0IEn01JIO4747Vf04aHQ6
5N+aK5W/6dE4ixYkIDXbuNAVMC4vaiS54enntrW95g9Z3d+VnKsDtMVCgUhhzDwG
F4VjbijL14jRzkDH/2FRrLu6I8lCp30nDR5TkM8iP1f1/xoFDJx6G/viR19Fy+6I
paBUcYP309PFvLJ+haexGs+Ry4s5unwsnbLFecPggHMGME9dgVLiv0NVhV1kxJes
6S1+MLXhUlBTDKwkjnuiV43/sQW6IzOmCKO0OEL2XNm8XXWVgv9NmttWLxs40lEF
LJBi8Y5M7uobrqpTdIW6xsPCSzC94C7IrH4lzDJfAgMBAAGgADANBgkqhkiG9w0B
AQsFAAOCAYEAe5pIVGtUDu9+vI7oIDAc/AkiPxCsM1W8r/geTQvGaP1FzuppXbo+
i1U2iGTC2P/9ZJ+zMBbj7IVvPg9KWOnDP98BZB6iHSYOm6OYBsIpm9uSvET7qJ+M
22xZe89abeYNFgDpKYJRasFEG3ze2HvNvZUolR8RYakTeBCwlO8snqiZgjJdwbFz
0fVWqVoFCZN0AUvzfAeqFwZpZ9cQRETOB10DbVxnWe58mJgFckXwSynmxdP4o+9L
QUq8HB9FMlUyn60usP121Wm1LC3tvJpecl4otQqu2nPnmhUWMMiBMRpPwOqB0fnn
gfdqON5cligShTernXXtdBnXoeM+ZT2qayazuZ/3JD5ioVM2ZVVNRfPZTmDwF9+1
w0TC4YfEuAHMfOAnfr+lOt0HI3lGIqTzbze7IPRK1mbfq6gOa0DzQw04vflLFVzx
/f9S0K8sHeKj3DaaezCGY3T/rUMbmwT/pSNNK56zcddBcj/fFf+3NhcbC09U8V4h
RBL7vBjsIWsH
-----END CERTIFICATE REQUEST-----

View File

@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDmUNEoBSds1ELT
QsfMU6lrwqOrIG8XNJ3kHTHQxGhlQtXovaq45On27i51zWqM9o6qr2x86zVQVbHC
s/in0B6jMyZoQCATdAiH77Y68X8+9X+TRHQ3i8OJp7pfQjlKIiBAZsZvd89UPwVh
3qtx+p94bZdK6GCgEapsup1EZRjo4I/R39qVq0EsY2X2QkLmH0KkHHQgSfTUkg7j
vjtV/ThodDrk35orlb/p0TiLFiQgNdu40BUwLi9qJLnh6ee2tb3mD1nd35WcqwO0
xUKBSGHMPAYXhWNuKMvXiNHOQMf/YVGsu7ojyUKnfScNHlOQzyI/V/X/GgUMnHob
++JHX0XL7oiloFRxg/fT08W8sn6Fp7Eaz5HLizm6fCydssV5w+CAcwYwT12BUuK/
Q1WFXWTEl6zpLX4wteFSUFMMrCSOe6JXjf+xBbojM6YIo7Q4QvZc2bxddZWC/02a
21YvGzjSUQUskGLxjkzu6huuqlN0hbrGw8JLML3gLsisfiXMMl8CAwEAAQKCAYEA
z/4yNPManKTASKtpZjQzr3aSeiuLR6ij4msfHssRAEmwhkQrFljclbyZxpcg33aW
drx/u/xqJEePhicjquE/meDKkaE/lnHWdnTb3DVV1dS9RpCuZ69Xgkwv+nEC7dkN
yTtHf0jyusFDKhR+Piu4sng+Bk7/W+84OoL5Hdgy+7Q5Da8cZsfGzsBhR1ils86N
T0nG8ZX4fbP9sFyOl2Rb+bDlsuXgA/Zz30OrzafMLi6VZDy+tckv1qqeF9A2CwHq
avLsnqatMqZBbYkbo9munv2Fhs4z1KJQl6u3BifnFX4ZiP/tCBdc/Clgbr/dw2e+
6GEclNT0eSiB9vUw3wHINRqnU35i8wIOmMJ7wG5q+PeRn8sEfkRSCshKjIfvBcHG
G/rVmILERKMJQax2MavGWhYYtWEu5cMOdK3hDb7/0uODv1oJYQGp5qNom6U0efLK
oD3la3E3KfYbCLdA1XBG8p9TcOFbm2hm7c1UFzBQ805JmR4SIvcR5gEkOadcTajp
AoHBAP629szQlStD/1cHi4X9rQ7Nm2LqljLp6hVn+KOZztqEaT36HqU7247sII93
axMLVMRxebK5gZ5H/UF9M/75MWoUvnlbkWPPeRdr2HJUc/h7HbV/V79NSjfLBFqG
kX6Gx6V4PQg3dww/FPJBQuRP84gUFMDvMhoXutjVY5aoCPwyiez7qEEYjyyyIEFW
JKRgqp1LMHH/yOWvytOdjNhTlx9AMnAyNa8LJWtxPgqtZIN4ifjPbytdZfVA6y8Y
hZanwwKBwQDnelWxu9QxSOT9kCMWRtdkb2e04NyyDSN4XHv0UQ5tfGYnphE7cjIL
9wmutI16mueKSkO2pECjKSnsraEwXAxMazwFjHZmq5c6LzxZ1HpmnW+31vHu5Q9R
t9oB9eY6nrNmPtSur5bfRzC7qzBJtrjNEmzJ2aS71yMC0cuZvmjko9t0U48qbgJv
zoOUuyCmz5PK1dOd0OyzH11XsRzfcf/nOqZUhQ0zaG0WSewmbqpVW2PsxkIEYlr6
0hGtSjG2PTUCgcEAp4Py6h5fjDXLDxSCORvtnaexAqvfHhrifTOEvSuhc+rTQBRn
5SlpqyQ2AcR64ep41D0A2X7Q9STJNTG/aXe/fNGptyx2gNro+3NMxVwvbQKjNkNK
lSCip/DXqyWHOFwxnuxlzyqTG7W889nhwT+nnR3/zCdDnw9uLb6hIWrfheVC+l1D
eZRKTQ3U0sNxk72TV6EkekTLfetQDD44a+kFoWLaCRmsXrOI55FxSRph2WkD7GOX
7EAflt0cDzwkV0F7AoHAbiVfO5imCuGl3SZGG+aPvcHpNj+9pJft5esULJiZZe3I
6lryXjgjql/d4p0VqV6miL535CPaggknYvDn/4v9aiuovvcsrARAjLZHYHNj3wpR
S8hjDQtAM+FpQn+RExnLQf7p00nIX+yPOu3lp13kJ+j5jT8cTSm9Bi1wVXMulIWH
+p18RXNdg3hgUliM2/NwXxdKgBEXYNCu6PhlRcoIPC5DUXqSYoDxT6bTUSJduQoo
zVU1usJWin2FXdEtQIt1AoHAG0JIyXgEjYlLd7neRUvMT19CyJ7H5pipRBNGPmqY
0rTsXxPo3htYCJnPd3/vSVZ6YMhztWN9PxVcv4zyo5AkoYwXIoFezUy5Gs/81eZW
H8TTvo/sZRwdRPfN8a8eULFVUByBrVx5+2fXEQvq6FrlI056WWNb2LbBy9V5+37I
3DQASpLlDDFdMVXtADPDoVoSJbiDcoA9Y3KCJ4a9qgLBCzMjZRAzoCobaTjmcut4
1Peox0uGkHST86FZUyHbn9C5
-----END PRIVATE KEY-----

View File

@ -0,0 +1,92 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d8:d3:e3:a6:cb:e3:cd:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, O=w1.fi, CN=Root CA
Validity
Not Before: Aug 16 12:58:24 2019 GMT
Not After : Aug 15 12:58:24 2020 GMT
Subject: C=FI, O=w1.fi, CN=server-policies2.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (3072 bit)
Modulus:
00:e6:50:d1:28:05:27:6c:d4:42:d3:42:c7:cc:53:
a9:6b:c2:a3:ab:20:6f:17:34:9d:e4:1d:31:d0:c4:
68:65:42:d5:e8:bd:aa:b8:e4:e9:f6:ee:2e:75:cd:
6a:8c:f6:8e:aa:af:6c:7c:eb:35:50:55:b1:c2:b3:
f8:a7:d0:1e:a3:33:26:68:40:20:13:74:08:87:ef:
b6:3a:f1:7f:3e:f5:7f:93:44:74:37:8b:c3:89:a7:
ba:5f:42:39:4a:22:20:40:66:c6:6f:77:cf:54:3f:
05:61:de:ab:71:fa:9f:78:6d:97:4a:e8:60:a0:11:
aa:6c:ba:9d:44:65:18:e8:e0:8f:d1:df:da:95:ab:
41:2c:63:65:f6:42:42:e6:1f:42:a4:1c:74:20:49:
f4:d4:92:0e:e3:be:3b:55:fd:38:68:74:3a:e4:df:
9a:2b:95:bf:e9:d1:38:8b:16:24:20:35:db:b8:d0:
15:30:2e:2f:6a:24:b9:e1:e9:e7:b6:b5:bd:e6:0f:
59:dd:df:95:9c:ab:03:b4:c5:42:81:48:61:cc:3c:
06:17:85:63:6e:28:cb:d7:88:d1:ce:40:c7:ff:61:
51:ac:bb:ba:23:c9:42:a7:7d:27:0d:1e:53:90:cf:
22:3f:57:f5:ff:1a:05:0c:9c:7a:1b:fb:e2:47:5f:
45:cb:ee:88:a5:a0:54:71:83:f7:d3:d3:c5:bc:b2:
7e:85:a7:b1:1a:cf:91:cb:8b:39:ba:7c:2c:9d:b2:
c5:79:c3:e0:80:73:06:30:4f:5d:81:52:e2:bf:43:
55:85:5d:64:c4:97:ac:e9:2d:7e:30:b5:e1:52:50:
53:0c:ac:24:8e:7b:a2:57:8d:ff:b1:05:ba:23:33:
a6:08:a3:b4:38:42:f6:5c:d9:bc:5d:75:95:82:ff:
4d:9a:db:56:2f:1b:38:d2:51:05:2c:90:62:f1:8e:
4c:ee:ea:1b:ae:aa:53:74:85:ba:c6:c3:c2:4b:30:
bd:e0:2e:c8:ac:7e:25:cc:32:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
4E:01:8B:7E:C2:77:94:E1:68:B3:C4:29:35:24:05:0B:DE:84:4A:89
X509v3 Authority Key Identifier:
keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
Authority Information Access:
OCSP - URI:http://server.w1.fi:8888/
X509v3 Subject Alternative Name:
DNS:server-policies2.w1.fi
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.40808.1.3.2
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
89:0d:37:6e:dd:ac:99:70:c3:21:20:ad:00:6e:62:19:a9:d2:
eb:0c:af:e7:76:3a:dc:9e:7d:0b:cf:0e:73:48:48:41:4c:53:
19:85:14:25:36:32:b4:52:14:ab:3d:0a:eb:ce:0d:0a:66:e5:
a5:81:b5:09:90:96:c9:09:49:bd:b4:7a:f3:15:3a:2e:53:2c:
8a:62:83:20:72:4e:71:d1:89:ff:41:72:39:a0:a3:98:07:91:
a1:72:ef:ef:29:20:66:ce:7d:38:6f:bc:ad:f1:4f:51:26:87:
42:05:95:65:ce:27:44:64:86:a5:ed:8b:85:eb:7f:30:ca:07:
72:e3
-----BEGIN CERTIFICATE-----
MIIDxzCCAzCgAwIBAgIJANjT46bL480eMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xOTA4
MTYxMjU4MjRaFw0yMDA4MTUxMjU4MjRaMD4xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
DAV3MS5maTEfMB0GA1UEAwwWc2VydmVyLXBvbGljaWVzMi53MS5maTCCAaIwDQYJ
KoZIhvcNAQEBBQADggGPADCCAYoCggGBAOZQ0SgFJ2zUQtNCx8xTqWvCo6sgbxc0
neQdMdDEaGVC1ei9qrjk6fbuLnXNaoz2jqqvbHzrNVBVscKz+KfQHqMzJmhAIBN0
CIfvtjrxfz71f5NEdDeLw4mnul9COUoiIEBmxm93z1Q/BWHeq3H6n3htl0roYKAR
qmy6nURlGOjgj9Hf2pWrQSxjZfZCQuYfQqQcdCBJ9NSSDuO+O1X9OGh0OuTfmiuV
v+nROIsWJCA127jQFTAuL2okueHp57a1veYPWd3flZyrA7TFQoFIYcw8BheFY24o
y9eI0c5Ax/9hUay7uiPJQqd9Jw0eU5DPIj9X9f8aBQycehv74kdfRcvuiKWgVHGD
99PTxbyyfoWnsRrPkcuLObp8LJ2yxXnD4IBzBjBPXYFS4r9DVYVdZMSXrOktfjC1
4VJQUwysJI57oleN/7EFuiMzpgijtDhC9lzZvF11lYL/TZrbVi8bONJRBSyQYvGO
TO7qG66qU3SFusbDwkswveAuyKx+JcwyXwIDAQABo4HXMIHUMAkGA1UdEwQCMAAw
HQYDVR0OBBYEFE4Bi37Cd5ThaLPEKTUkBQvehEqJMB8GA1UdIwQYMBaAFLiS3v2K
GLMww59V8zNdtMgpikEUMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0
cDovL3NlcnZlci53MS5maTo4ODg4LzAhBgNVHREEGjAYghZzZXJ2ZXItcG9saWNp
ZXMyLncxLmZpMBgGA1UdIAQRMA8wDQYLKwYBBAGCvmgBAwIwEwYDVR0lBAwwCgYI
KwYBBQUHAwEwDQYJKoZIhvcNAQELBQADgYEAiQ03bt2smXDDISCtAG5iGanS6wyv
53Y63J59C88Oc0hIQUxTGYUUJTYytFIUqz0K684NCmblpYG1CZCWyQlJvbR68xU6
LlMsimKDIHJOcdGJ/0FyOaCjmAeRoXLv7ykgZs59OG+8rfFPUSaHQgWVZc4nRGSG
pe2Lhet/MMoHcuM=
-----END CERTIFICATE-----

View File

@ -43,3 +43,4 @@ V 191003221355Z D8D3E3A6CBE3CD19 unknown /C=FI/O=w1.fi/CN=server5.w1.fi
V 191003221355Z D8D3E3A6CBE3CD1A unknown /C=FI/O=w1.fi/CN=server6.w1.fi V 191003221355Z D8D3E3A6CBE3CD1A unknown /C=FI/O=w1.fi/CN=server6.w1.fi
V 191003221355Z D8D3E3A6CBE3CD1B unknown /C=FI/O=w1.fi/CN=Test User V 191003221355Z D8D3E3A6CBE3CD1B unknown /C=FI/O=w1.fi/CN=Test User
V 200610001234Z D8D3E3A6CBE3CD1D unknown /C=FI/O=w1.fi/CN=server-policies.w1.fi V 200610001234Z D8D3E3A6CBE3CD1D unknown /C=FI/O=w1.fi/CN=server-policies.w1.fi
V 200815125824Z D8D3E3A6CBE3CD1E unknown /C=FI/O=w1.fi/CN=server-policies2.w1.fi

View File

@ -1 +1 @@
D8D3E3A6CBE3CD1E D8D3E3A6CBE3CD1F

View File

@ -40,6 +40,14 @@ cat openssl2.cnf |
#$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout server-certpol.key -out server-certpol.csr -outform PEM -sha256 #$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout server-certpol.key -out server-certpol.csr -outform PEM -sha256
$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-certpol.csr -out server-certpol.pem -extensions ext_server $OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-certpol.csr -out server-certpol.pem -extensions ext_server
cat openssl2.cnf |
sed "s/#@CN@/commonName_default = server-policies2.w1.fi/" |
sed "s/#@ALTNAME@/subjectAltName=DNS:server-policies2.w1.fi/" |
sed "s/#@CERTPOL@/certificatePolicies = 1.3.6.1.4.1.40808.1.3.2/" \
> openssl.cnf.tmp
#$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout server-certpol2.key -out server-certpol2.csr -outform PEM -sha256
$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-certpol2.csr -out server-certpol2.pem -extensions ext_server
echo echo
echo "---[ Update user certificates ]-----------------------------------------" echo "---[ Update user certificates ]-----------------------------------------"
echo echo