tests: Add a server certificate with TOD policy
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
8a3368d7f4
commit
82b9de98c3
7 changed files with 164 additions and 1 deletions
|
@ -132,6 +132,7 @@ subjectKeyIdentifier=hash
|
|||
authorityKeyIdentifier=keyid,issuer
|
||||
authorityInfoAccess = OCSP;URI:http://server.w1.fi:8888/
|
||||
#@ALTNAME@
|
||||
#@CERTPOL@
|
||||
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
|
|
22
tests/hwsim/auth_serv/server-certpol.csr
Normal file
22
tests/hwsim/auth_serv/server-certpol.csr
Normal file
|
@ -0,0 +1,22 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIDlDCCAfwCAQAwTzELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
|
||||
BgNVBAoMBXcxLmZpMR4wHAYDVQQDDBVzZXJ2ZXItcG9saWNpZXMudzEuZmkwggGi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDSpu+bvWBjoXWtS9NvWV6E+mSg
|
||||
ZCQLeEj8jWaLL24dRCuuw22UusujNL4LTkeNW9mZpqgHCYdVsjd+R2dcdF8sg3my
|
||||
CEe07E/vdVhnxlhMT2jBGBqETXgjSJoUOG5bShLrhsT3TDisY6dh+rNkfIkOKfef
|
||||
+HXD75DCcZahq2nTwnQTz+j3CZjtOnnWxEZJk3g7FqWp3fDrvUSn3E7O96fJP3gI
|
||||
iwXGFy7u3xGg9/VYgHbCNO+5eL7EXL5fXte3zaMSxON2/GSFZGVr2lzJOFA5iXLl
|
||||
IO+5C8wyJjx5XkqNeI1q3XM6yEInQw3dBR+8hN9WLX6YUJ6LeLDn/ag5B1cFEvwA
|
||||
74nwPwP2k1uwRFdhYUcFbMQWmGG4kzJFOfu7jjuHGF86B1fRmIkdhbde6htReZRc
|
||||
2Pq9unUAA+P0A81c2xahrLf0k37smrDmnE5dPLoBMsxwykk8kv7SiIGd2/S7gP7v
|
||||
iVDqgJW9xPoo2MCGYTfXmSuOuQZ4mghEF9oZNZcCAwEAAaAAMA0GCSqGSIb3DQEB
|
||||
CwUAA4IBgQC9HigmR7s38B1IRYNJ1WwC7UlV4fFTElisntPXiQsDZzvZ0Gufsobx
|
||||
Bk/As4DWsQEJ17EvF0LXnsgRG670bnh/YibkaVBF71XLkBAfkXGaa1nw4VNC4EEJ
|
||||
sPIcrEQGxhkAJHvT3cZ0zWQnSKbcZbt6Vn0bNoRPihDKTek6dPPI9HamDsu0OBl1
|
||||
l8FdMfG4Ge1NquABvgBSrt85XHXfCBYlXBsnJ5XeA8A2t7JtW6C51EVGGachglPB
|
||||
ajrtuD00puJ+Cx+a7k5OHniTpAUHS6EOYpcWcUrzIKVCAGlHFd4XOZdD0hP7/eFR
|
||||
H57JjFTwDENSCU1GiRwra/ACswR2XWYQH0v+CvbKUx6ZivtKLkuGr4go/YIgVeXq
|
||||
WM7b+tDopZVFsjdrbkuefkimYIJdwmZXukM5qP0pKTGNM9zeBaAs9bAKDs42jF2f
|
||||
8i9M7DpIzJ9X1Y8xhaBEjodUcCtT5LFPNh0JT5wwkbS2SGgQiti3MdcnQQYqXDUZ
|
||||
xd6npHU4F+c=
|
||||
-----END CERTIFICATE REQUEST-----
|
40
tests/hwsim/auth_serv/server-certpol.key
Normal file
40
tests/hwsim/auth_serv/server-certpol.key
Normal file
|
@ -0,0 +1,40 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDSpu+bvWBjoXWt
|
||||
S9NvWV6E+mSgZCQLeEj8jWaLL24dRCuuw22UusujNL4LTkeNW9mZpqgHCYdVsjd+
|
||||
R2dcdF8sg3myCEe07E/vdVhnxlhMT2jBGBqETXgjSJoUOG5bShLrhsT3TDisY6dh
|
||||
+rNkfIkOKfef+HXD75DCcZahq2nTwnQTz+j3CZjtOnnWxEZJk3g7FqWp3fDrvUSn
|
||||
3E7O96fJP3gIiwXGFy7u3xGg9/VYgHbCNO+5eL7EXL5fXte3zaMSxON2/GSFZGVr
|
||||
2lzJOFA5iXLlIO+5C8wyJjx5XkqNeI1q3XM6yEInQw3dBR+8hN9WLX6YUJ6LeLDn
|
||||
/ag5B1cFEvwA74nwPwP2k1uwRFdhYUcFbMQWmGG4kzJFOfu7jjuHGF86B1fRmIkd
|
||||
hbde6htReZRc2Pq9unUAA+P0A81c2xahrLf0k37smrDmnE5dPLoBMsxwykk8kv7S
|
||||
iIGd2/S7gP7viVDqgJW9xPoo2MCGYTfXmSuOuQZ4mghEF9oZNZcCAwEAAQKCAYA/
|
||||
Xm6oOCD9971Rw4S4c3cGo9iPk3Bwbt/t8Y+OgVcrwK0vZqTZYBQQZbZh6kuGD8J3
|
||||
AXZ8n3Yx5mnhOBO08WEMIAUE9I61s30ceP1+QmGfmyfVJq4bbL6eRqHrQUqZdcAZ
|
||||
UDKCflByM4xP4j4DFZ+ZPjC60+CBb9jpVYhN3CX6yP1oVFwtrJpviu7KF8NZMN6z
|
||||
T83IOvbVw9sacCDZDBFSbiBq2X+EJsc8nqhL9yu8UvDm3UvcTKF+qrOuNvbH2TkP
|
||||
+vxSVC8Y81VoBR5ngsQzZc+XDrplMb/BA4UJVncxMJ8kg0U08RwDTYwoLo6vKeus
|
||||
xqGESyBbjbC5QpPdX+hjHqmNdjjbYS47zkWrZ8geE5jpIx9A1hePd/MxZeX9rZWp
|
||||
lZm8yWF5DMFF6CZxc/FlYI0aXP8C1rV+GBZ5gkRq/6E5hiLbdbbNGB6IENvACIbD
|
||||
qQwwuIl8qwIgzBey6e0WYnKH1U00YIUg8OgXXFsjzAw40ltPCjwoRt9KSOp3MxkC
|
||||
gcEA/3XjtPvq2eauJjFTJ1ewLmbu2JTV+8mrA39UD0clCqptH7fVaSdxjeniOu7/
|
||||
UiPjNoFMr8+Ec6s/RkIWyOeKVjnKhqVLR91XGXz8PzYQMvhKmfEHfe7mCZ94RapU
|
||||
Hl2k6ZpJLq384i/5KYDU3i3a+9DD+iZQ4P66HGnCKLILpbV8vz4ZFASp8ffU1snL
|
||||
JPLm3UhqTVf4ZeJlL5xbuqk9QHl7jz5UDNpytk5zkEPCDzh0OH+OyZ+nSJiKDok2
|
||||
pjM7AoHBANMY0lGwDavtTf9xghLHtevQlJSm/JbBfM7Hp81/UY+Ibl7uRyQXkEdd
|
||||
03szMFoP0UbsJHg9hPN07yv3rJpyBh2O5atgWqidYq4nJLBC1a5RALiqfaHnJNhe
|
||||
IV4d8+TE0jOLUE2cMuWQFabKpHCGZ4GdTZNMsz1VKCx3cQwQ7GF75ZKBKIYYxMNi
|
||||
yIen+dpCmEAvubMXLyB24mGQ3qbIml01cT7R1j1QNVGvXGDRhhRGlyzm8W1decza
|
||||
CX9mgUVpVQKBwQCqDWX5EkExsDd5QRhjdiHXobmY/uq643Itr9LbILbttKlTleJA
|
||||
T3ttxqVMKdBYc39KxyOvXOqEvRgvwsq8DjWuVGYW322Pdy4Fz4dy5KA/7bxrYWFl
|
||||
WWRUP42mgk3gsOGYh5XztupB/0FTeWk6RTgirMPofx0TyT1GsLgIswzB0GAsRkAX
|
||||
bUtbwWgzWr0Z6X/5Cb2Joue9mslUujbtuL8Hblbr8cetjrUR2oNfI1vJGgFzoqYA
|
||||
XYDT+IbeSkTQugUCgcEAo5pRJk4zylOYZ6kpDjUJoUF+ZdclXBGJERlby8ApDfzG
|
||||
zXwOVsKMZ0MobAs4JhSsNTM+8JF9QNIXqxPBCdHlO3NMPI3otVWE7UQZAyJJSVgu
|
||||
HvDDfX8O50HMyoycQWjpIFmQWxX7vD73CNV0rGD+R04KmWaQY7Bj+lJ3ospa6RKE
|
||||
0g6XwZXgqS0eDUT6N1X1eYmDenE1bQu2V7dXWBuQxzxsECvAxrQrHquyBLdeGsi6
|
||||
0WoLIp+XjlRNmBdxiMIhAoHANi3K+ExLqmkbspSOmRUJiDkxxoaZAvc0EfqUBRU1
|
||||
8H1syqeBzIKYbIsmipWoHgapJPuDtMKWS/7EihkkHTlMjBMORr/JgF14TYAK5nP1
|
||||
/YUUv7UgsJvBFZLLepbbcrNxeb2WC9TsdNlxxpwx89661sBiDrwPztBEqyGPBa/b
|
||||
oOwesnmVlDS/BjUUt7xNHHxGMRNE0eOg7x7NIplPb5y7+X5BTwpuuzHRcimUpIbr
|
||||
V+nPmVUHX6GcYg7TZpT+bgcO
|
||||
-----END PRIVATE KEY-----
|
91
tests/hwsim/auth_serv/server-certpol.pem
Normal file
91
tests/hwsim/auth_serv/server-certpol.pem
Normal file
|
@ -0,0 +1,91 @@
|
|||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 15624081837803162909 (0xd8d3e3a6cbe3cd1d)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=FI, O=w1.fi, CN=Root CA
|
||||
Validity
|
||||
Not Before: Jun 11 00:12:34 2019 GMT
|
||||
Not After : Jun 10 00:12:34 2020 GMT
|
||||
Subject: C=FI, O=w1.fi, CN=server-policies.w1.fi
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
Public-Key: (3072 bit)
|
||||
Modulus:
|
||||
00:d2:a6:ef:9b:bd:60:63:a1:75:ad:4b:d3:6f:59:
|
||||
5e:84:fa:64:a0:64:24:0b:78:48:fc:8d:66:8b:2f:
|
||||
6e:1d:44:2b:ae:c3:6d:94:ba:cb:a3:34:be:0b:4e:
|
||||
47:8d:5b:d9:99:a6:a8:07:09:87:55:b2:37:7e:47:
|
||||
67:5c:74:5f:2c:83:79:b2:08:47:b4:ec:4f:ef:75:
|
||||
58:67:c6:58:4c:4f:68:c1:18:1a:84:4d:78:23:48:
|
||||
9a:14:38:6e:5b:4a:12:eb:86:c4:f7:4c:38:ac:63:
|
||||
a7:61:fa:b3:64:7c:89:0e:29:f7:9f:f8:75:c3:ef:
|
||||
90:c2:71:96:a1:ab:69:d3:c2:74:13:cf:e8:f7:09:
|
||||
98:ed:3a:79:d6:c4:46:49:93:78:3b:16:a5:a9:dd:
|
||||
f0:eb:bd:44:a7:dc:4e:ce:f7:a7:c9:3f:78:08:8b:
|
||||
05:c6:17:2e:ee:df:11:a0:f7:f5:58:80:76:c2:34:
|
||||
ef:b9:78:be:c4:5c:be:5f:5e:d7:b7:cd:a3:12:c4:
|
||||
e3:76:fc:64:85:64:65:6b:da:5c:c9:38:50:39:89:
|
||||
72:e5:20:ef:b9:0b:cc:32:26:3c:79:5e:4a:8d:78:
|
||||
8d:6a:dd:73:3a:c8:42:27:43:0d:dd:05:1f:bc:84:
|
||||
df:56:2d:7e:98:50:9e:8b:78:b0:e7:fd:a8:39:07:
|
||||
57:05:12:fc:00:ef:89:f0:3f:03:f6:93:5b:b0:44:
|
||||
57:61:61:47:05:6c:c4:16:98:61:b8:93:32:45:39:
|
||||
fb:bb:8e:3b:87:18:5f:3a:07:57:d1:98:89:1d:85:
|
||||
b7:5e:ea:1b:51:79:94:5c:d8:fa:bd:ba:75:00:03:
|
||||
e3:f4:03:cd:5c:db:16:a1:ac:b7:f4:93:7e:ec:9a:
|
||||
b0:e6:9c:4e:5d:3c:ba:01:32:cc:70:ca:49:3c:92:
|
||||
fe:d2:88:81:9d:db:f4:bb:80:fe:ef:89:50:ea:80:
|
||||
95:bd:c4:fa:28:d8:c0:86:61:37:d7:99:2b:8e:b9:
|
||||
06:78:9a:08:44:17:da:19:35:97
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
X509v3 Subject Key Identifier:
|
||||
3E:AD:0D:4D:7E:FA:A2:4A:D5:F5:31:EA:B6:B4:BF:83:B1:55:7E:C7
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
|
||||
|
||||
Authority Information Access:
|
||||
OCSP - URI:http://server.w1.fi:8888/
|
||||
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:server-policies.w1.fi
|
||||
X509v3 Certificate Policies:
|
||||
Policy: 1.3.6.1.4.1.40808.1.3.1
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Server Authentication
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
ad:cc:03:e6:6b:f0:05:4b:27:41:2a:4d:23:dc:89:76:1d:61:
|
||||
7f:b6:06:fc:48:8b:ce:1a:c2:c4:43:49:6a:41:9b:5e:65:ce:
|
||||
a7:e6:62:df:44:96:3e:0e:d9:26:20:f2:2a:53:5d:35:c8:f7:
|
||||
15:d2:60:29:50:c7:20:50:a1:df:7a:41:cd:1d:a6:3a:e8:3f:
|
||||
5d:1c:38:ed:73:f6:ee:41:ff:8a:54:c4:b5:94:ba:b7:c6:cd:
|
||||
82:c8:c2:7d:dc:4d:27:2f:f1:77:40:20:7c:5a:6b:ce:3e:9d:
|
||||
e5:17:d1:5d:0a:79:66:59:fb:c9:08:cc:24:09:4d:53:ae:4f:
|
||||
fb:c6
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDxTCCAy6gAwIBAgIJANjT46bL480dMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
|
||||
BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xOTA2
|
||||
MTEwMDEyMzRaFw0yMDA2MTAwMDEyMzRaMD0xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
|
||||
DAV3MS5maTEeMBwGA1UEAwwVc2VydmVyLXBvbGljaWVzLncxLmZpMIIBojANBgkq
|
||||
hkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0qbvm71gY6F1rUvTb1lehPpkoGQkC3hI
|
||||
/I1miy9uHUQrrsNtlLrLozS+C05HjVvZmaaoBwmHVbI3fkdnXHRfLIN5sghHtOxP
|
||||
73VYZ8ZYTE9owRgahE14I0iaFDhuW0oS64bE90w4rGOnYfqzZHyJDin3n/h1w++Q
|
||||
wnGWoatp08J0E8/o9wmY7Tp51sRGSZN4Oxalqd3w671Ep9xOzvenyT94CIsFxhcu
|
||||
7t8RoPf1WIB2wjTvuXi+xFy+X17Xt82jEsTjdvxkhWRla9pcyThQOYly5SDvuQvM
|
||||
MiY8eV5KjXiNat1zOshCJ0MN3QUfvITfVi1+mFCei3iw5/2oOQdXBRL8AO+J8D8D
|
||||
9pNbsERXYWFHBWzEFphhuJMyRTn7u447hxhfOgdX0ZiJHYW3XuobUXmUXNj6vbp1
|
||||
AAPj9APNXNsWoay39JN+7Jqw5pxOXTy6ATLMcMpJPJL+0oiBndv0u4D+74lQ6oCV
|
||||
vcT6KNjAhmE315krjrkGeJoIRBfaGTWXAgMBAAGjgdYwgdMwCQYDVR0TBAIwADAd
|
||||
BgNVHQ4EFgQUPq0NTX76okrV9THqtrS/g7FVfscwHwYDVR0jBBgwFoAUuJLe/YoY
|
||||
szDDn1XzM120yCmKQRQwNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzABhhlodHRw
|
||||
Oi8vc2VydmVyLncxLmZpOjg4ODgvMCAGA1UdEQQZMBeCFXNlcnZlci1wb2xpY2ll
|
||||
cy53MS5maTAYBgNVHSAEETAPMA0GCysGAQQBgr5oAQMBMBMGA1UdJQQMMAoGCCsG
|
||||
AQUFBwMBMA0GCSqGSIb3DQEBCwUAA4GBAK3MA+Zr8AVLJ0EqTSPciXYdYX+2BvxI
|
||||
i84awsRDSWpBm15lzqfmYt9Elj4O2SYg8ipTXTXI9xXSYClQxyBQod96Qc0dpjro
|
||||
P10cOO1z9u5B/4pUxLWUurfGzYLIwn3cTScv8XdAIHxaa84+neUX0V0KeWZZ+8kI
|
||||
zCQJTVOuT/vG
|
||||
-----END CERTIFICATE-----
|
|
@ -42,3 +42,4 @@ V 191003221355Z D8D3E3A6CBE3CD18 unknown /C=FI/O=w1.fi/CN=server3.w1.fi
|
|||
V 191003221355Z D8D3E3A6CBE3CD19 unknown /C=FI/O=w1.fi/CN=server5.w1.fi
|
||||
V 191003221355Z D8D3E3A6CBE3CD1A unknown /C=FI/O=w1.fi/CN=server6.w1.fi
|
||||
V 191003221355Z D8D3E3A6CBE3CD1B unknown /C=FI/O=w1.fi/CN=Test User
|
||||
V 200610001234Z D8D3E3A6CBE3CD1D unknown /C=FI/O=w1.fi/CN=server-policies.w1.fi
|
||||
|
|
|
@ -1 +1 @@
|
|||
D8D3E3A6CBE3CD1C
|
||||
D8D3E3A6CBE3CD1E
|
||||
|
|
|
@ -32,6 +32,14 @@ cat openssl2.cnf |
|
|||
> openssl.cnf.tmp
|
||||
$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-eku-client-server.csr -out server-eku-client-server.pem -extensions ext_client_server
|
||||
|
||||
cat openssl2.cnf |
|
||||
sed "s/#@CN@/commonName_default = server-policies.w1.fi/" |
|
||||
sed "s/#@ALTNAME@/subjectAltName=DNS:server-policies.w1.fi/" |
|
||||
sed "s/#@CERTPOL@/certificatePolicies = 1.3.6.1.4.1.40808.1.3.1/" \
|
||||
> openssl.cnf.tmp
|
||||
#$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout server-certpol.key -out server-certpol.csr -outform PEM -sha256
|
||||
$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-certpol.csr -out server-certpol.pem -extensions ext_server
|
||||
|
||||
echo
|
||||
echo "---[ Update user certificates ]-----------------------------------------"
|
||||
echo
|
||||
|
|
Loading…
Reference in a new issue