tests: EAP-TTLS and server certificate with client EKU
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
6a4d0dbe1c
commit
6ab4a7aa5a
3 changed files with 93 additions and 0 deletions
16
tests/hwsim/auth_serv/server-eku-client.key
Normal file
16
tests/hwsim/auth_serv/server-eku-client.key
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKOZ6eLhF2A7cDQa
|
||||||
|
dFxG47i9u6rJ8+77EjCgacN0OIA6uiNSx8Fqz7rdQePSaTWkpmBsMR+FvVZsewlj
|
||||||
|
zadRa4RAkHd+l2h7OLXEFTt0NzQounri14RTeHZNFre43wly54cmdCwEysXOKfW0
|
||||||
|
ztso60VHQo/tiFqjI0mbe7w54QFTAgMBAAECgYAngwCtvtc6cqCCtPDtaGGPOKOe
|
||||||
|
d+/mA9U80UE551POBGD4LwH3gKhy5QUI1MR8JCvalca3akF0IfcFKYl9o3hnsZ73
|
||||||
|
3wGzxM8BEf9wEVtVC2CTRVoIupleaEk3j8dgaUs/O54WkmAoHF1avXAMSGOUDxCO
|
||||||
|
Ggpn2tei78Csdj78IQJBANF7a7RaJsXh6xMI7hlrVrUsIbBvsBo1wbbGCwNRvgzL
|
||||||
|
I1mq1O+Go7Aao0pDK7sOUa86j6ECZ5pzqcdPaF22tJ8CQQDH7kTy6ERBbLFxs/Wd
|
||||||
|
YLDEh1GIGyGW10tuJTOl2R1TKSBXRzPAeI+jcC+AC00238p4MO899WOVeLvaERZa
|
||||||
|
IuLNAkAtlxXGp4Qett9JQj1HbPPu9A7U7km+OorRM2K8MzMQZ7lmz2YORxgiwHlf
|
||||||
|
NSU0TZZ7c1xE51gS5i9CAEcvdg7zAkAKIZfa20xCKHjhcyYaIIE0pErMY9uS4jwP
|
||||||
|
S9FPMS5cPXRHF/OWaEWXGaM+kNQL2NFQv+IPuLSgKWsThNQmIyhtAkEAiQq1HdN7
|
||||||
|
3l8YhUuJtxg7nrh2s0V4UcSNOZxVf/85AKrTu1IfjdwmXFeoRB/y9Ef4h1bcXgzj
|
||||||
|
clIVhie7r0JNLw==
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
62
tests/hwsim/auth_serv/server-eku-client.pem
Normal file
62
tests/hwsim/auth_serv/server-eku-client.pem
Normal file
|
|
@ -0,0 +1,62 @@
|
||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 3 (0x2)
|
||||||
|
Serial Number: 15624081837803162827 (0xd8d3e3a6cbe3cccb)
|
||||||
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
|
Issuer: C=FI, O=w1.fi, CN=Root CA
|
||||||
|
Validity
|
||||||
|
Not Before: Feb 15 08:30:08 2014 GMT
|
||||||
|
Not After : Feb 15 08:30:08 2015 GMT
|
||||||
|
Subject: C=FI, O=w1.fi, CN=server5.w1.fi
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: rsaEncryption
|
||||||
|
Public-Key: (1024 bit)
|
||||||
|
Modulus:
|
||||||
|
00:a3:99:e9:e2:e1:17:60:3b:70:34:1a:74:5c:46:
|
||||||
|
e3:b8:bd:bb:aa:c9:f3:ee:fb:12:30:a0:69:c3:74:
|
||||||
|
38:80:3a:ba:23:52:c7:c1:6a:cf:ba:dd:41:e3:d2:
|
||||||
|
69:35:a4:a6:60:6c:31:1f:85:bd:56:6c:7b:09:63:
|
||||||
|
cd:a7:51:6b:84:40:90:77:7e:97:68:7b:38:b5:c4:
|
||||||
|
15:3b:74:37:34:28:ba:7a:e2:d7:84:53:78:76:4d:
|
||||||
|
16:b7:b8:df:09:72:e7:87:26:74:2c:04:ca:c5:ce:
|
||||||
|
29:f5:b4:ce:db:28:eb:45:47:42:8f:ed:88:5a:a3:
|
||||||
|
23:49:9b:7b:bc:39:e1:01:53
|
||||||
|
Exponent: 65537 (0x10001)
|
||||||
|
X509v3 extensions:
|
||||||
|
X509v3 Basic Constraints:
|
||||||
|
CA:FALSE
|
||||||
|
X509v3 Subject Key Identifier:
|
||||||
|
33:16:9D:3B:17:15:82:2B:34:6E:38:E8:CC:22:BF:49:A7:5E:2A:2B
|
||||||
|
X509v3 Authority Key Identifier:
|
||||||
|
keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
|
||||||
|
|
||||||
|
Authority Information Access:
|
||||||
|
OCSP - URI:http://server.w1.fi:8888/
|
||||||
|
|
||||||
|
X509v3 Extended Key Usage:
|
||||||
|
TLS Web Client Authentication
|
||||||
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
|
6f:2d:cb:3b:91:50:15:e1:c7:41:15:6c:a4:89:e5:0e:f9:f9:
|
||||||
|
9b:10:36:d8:67:a8:29:e2:6a:6f:89:7b:66:bd:f1:b8:fa:1c:
|
||||||
|
f7:22:8b:85:4e:37:f3:d6:1e:35:df:c7:04:e6:13:20:ca:fa:
|
||||||
|
62:cc:8d:3a:bd:97:10:5c:1b:0b:39:79:ac:13:61:59:79:fd:
|
||||||
|
a1:4b:7d:c9:c5:c4:19:4d:76:5b:cd:6d:1e:f2:aa:ef:67:51:
|
||||||
|
aa:0c:ef:6a:f2:10:71:6f:19:e6:12:ab:3e:65:76:0f:5a:0f:
|
||||||
|
cf:96:30:c3:fc:59:e9:13:af:e1:8a:b0:2c:78:ad:3d:b4:e9:
|
||||||
|
e5:20
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICfTCCAeagAwIBAgIJANjT46bL48zLMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV
|
||||||
|
BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNDAy
|
||||||
|
MTUwODMwMDhaFw0xNTAyMTUwODMwMDhaMDUxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
|
||||||
|
DAV3MS5maTEWMBQGA1UEAwwNc2VydmVyNS53MS5maTCBnzANBgkqhkiG9w0BAQEF
|
||||||
|
AAOBjQAwgYkCgYEAo5np4uEXYDtwNBp0XEbjuL27qsnz7vsSMKBpw3Q4gDq6I1LH
|
||||||
|
wWrPut1B49JpNaSmYGwxH4W9Vmx7CWPNp1FrhECQd36XaHs4tcQVO3Q3NCi6euLX
|
||||||
|
hFN4dk0Wt7jfCXLnhyZ0LATKxc4p9bTO2yjrRUdCj+2IWqMjSZt7vDnhAVMCAwEA
|
||||||
|
AaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQzFp07FxWCKzRuOOjMIr9Jp14q
|
||||||
|
KzAfBgNVHSMEGDAWgBS4kt79ihizMMOfVfMzXbTIKYpBFDA1BggrBgEFBQcBAQQp
|
||||||
|
MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8wEwYDVR0l
|
||||||
|
BAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAby3LO5FQFeHHQRVspInl
|
||||||
|
Dvn5mxA22GeoKeJqb4l7Zr3xuPoc9yKLhU4389YeNd/HBOYTIMr6YsyNOr2XEFwb
|
||||||
|
Czl5rBNhWXn9oUt9ycXEGU12W81tHvKq72dRqgzvavIQcW8Z5hKrPmV2D1oPz5Yw
|
||||||
|
w/xZ6ROv4YqwLHitPbTp5SA=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
@ -949,3 +949,18 @@ def test_ap_wpa2_eap_ttls_ignore_expired_cert(dev, apdev):
|
||||||
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
|
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
|
||||||
phase1="tls_disable_time_checks=1",
|
phase1="tls_disable_time_checks=1",
|
||||||
scan_freq="2412")
|
scan_freq="2412")
|
||||||
|
|
||||||
|
def test_ap_wpa2_eap_ttls_server_cert_eku_client(dev, apdev):
|
||||||
|
"""WPA2-Enterprise using EAP-TTLS and server cert with client EKU"""
|
||||||
|
params = int_eap_server_params()
|
||||||
|
params["server_cert"] = "auth_serv/server-eku-client.pem"
|
||||||
|
params["private_key"] = "auth_serv/server-eku-client.key"
|
||||||
|
hostapd.add_ap(apdev[0]['ifname'], params)
|
||||||
|
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
|
||||||
|
identity="mschap user", password="password",
|
||||||
|
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
|
||||||
|
wait_connect=False,
|
||||||
|
scan_freq="2412")
|
||||||
|
ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"])
|
||||||
|
if ev is None:
|
||||||
|
raise Exception("Timeout on EAP failure report")
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue