diff options
Diffstat (limited to 'test/ocsp-tests')
-rw-r--r-- | test/ocsp-tests/ca.cnf | 34 | ||||
-rw-r--r-- | test/ocsp-tests/index.txt | 1 | ||||
-rw-r--r-- | test/ocsp-tests/index.txt.attr | 1 | ||||
-rw-r--r-- | test/ocsp-tests/intermediate-cert.pem | 13 | ||||
-rw-r--r-- | test/ocsp-tests/intermediate-csr.pem | 8 | ||||
-rw-r--r-- | test/ocsp-tests/intermediate-key.pem | 6 | ||||
-rwxr-xr-x | test/ocsp-tests/mk-ocsp-cert-chain.sh | 100 | ||||
-rw-r--r-- | test/ocsp-tests/ocsp.pem | 19 | ||||
-rw-r--r-- | test/ocsp-tests/root-cert.pem | 14 | ||||
-rw-r--r-- | test/ocsp-tests/root-key.pem | 8 | ||||
-rw-r--r-- | test/ocsp-tests/server-cert.pem | 12 | ||||
-rw-r--r-- | test/ocsp-tests/server-csr.pem | 9 | ||||
-rw-r--r-- | test/ocsp-tests/server-key.pem | 5 | ||||
-rw-r--r-- | test/ocsp-tests/server.pem | 30 |
14 files changed, 260 insertions, 0 deletions
diff --git a/test/ocsp-tests/ca.cnf b/test/ocsp-tests/ca.cnf new file mode 100644 index 0000000000..1608778d3d --- /dev/null +++ b/test/ocsp-tests/ca.cnf @@ -0,0 +1,34 @@ +HOME = . +default_ca = ca +config_diagnostics = 1 + +#################################################################### + +[ req ] +x509_extensions = v3_ca + +#################################################################### + +[ usr_cert ] +basicConstraints = critical, CA:FALSE +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +subjectKeyIdentifier = hash +##authorityInfoAccess = OCSP;URI:http://127.0.0.1:19254/ocsp +# we do not include aia in the cert. +# we use the s_server option "-status_url" to specify the url. + +#################################################################### + +[ v3_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +basicConstraints = critical,CA:true +keyUsage = critical, cRLSign, keyCertSign + +#################################################################### + +# Minimal CA entry to allow generation of CRLs. +[ ca ] +default_md = sha256 +database = index.txt +crlnumber = crlnum.txt diff --git a/test/ocsp-tests/index.txt b/test/ocsp-tests/index.txt new file mode 100644 index 0000000000..78252ef726 --- /dev/null +++ b/test/ocsp-tests/index.txt @@ -0,0 +1 @@ +V 241221170717Z 73C8A0894488809AFE972FE0BAD3460318D1CCBF unknown /CN=TestServerCA diff --git a/test/ocsp-tests/index.txt.attr b/test/ocsp-tests/index.txt.attr new file mode 100644 index 0000000000..8f7e63a347 --- /dev/null +++ b/test/ocsp-tests/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/test/ocsp-tests/intermediate-cert.pem b/test/ocsp-tests/intermediate-cert.pem new file mode 100644 index 0000000000..ca83feb1a0 --- /dev/null +++ b/test/ocsp-tests/intermediate-cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB+DCCAVqgAwIBAgIUXFMqBp6K/J1oNTwtzIJt5oRYSHMwCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKVGVzdFJvb3RDQTAeFw0yMzEyMjIxNzA3MTdaFw0yODEyMjAx +NzA3MTdaMB0xGzAZBgNVBAMMElRlc3RJbnRlcm1lZGlhdGVDQTB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABGvf1ejpSbs1cpMZuj02h4m7ubFdOHeHU0pdgZ37uRpOQEdW +Vc9l66vmF0Vn/x2DjSSsEQt+0WGwSYN/10/pvSv3MNyOH5MF9QgeQX68VTvGSnn8 +HqOqBpFuol32RB12laNjMGEwHQYDVR0OBBYEFK026R0pctsFs0qumItVbi/ZcKP6 +MB8GA1UdIwQYMBaAFAP1uJrOxcHqX5HpBxC/0gLUYzHtMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMCA4GLADCBhwJBA6lPEQ+FSyoT +mSmdffUb8OYoB132DK98wAqJaWIIl8Cuxcq/TdVTO8vwZFzRCerSWrseCi8EiA+H +dhcKJJ1flbsCQgClCy8YAOKHrqQ4NS5IPRUCWLYjS4cwnQjObHb5+lA4aJMs85Uq +v1HAvDC6ObSGCV+h9DYHTyWXaWgZsJoyPgXVDA== +-----END CERTIFICATE----- diff --git a/test/ocsp-tests/intermediate-csr.pem b/test/ocsp-tests/intermediate-csr.pem new file mode 100644 index 0000000000..a41fa9f4c1 --- /dev/null +++ b/test/ocsp-tests/intermediate-csr.pem @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBFTCBnAIBADAdMRswGQYDVQQDDBJUZXN0SW50ZXJtZWRpYXRlQ0EwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAARr39Xo6Um7NXKTGbo9NoeJu7mxXTh3h1NKXYGd+7ka +TkBHVlXPZeur5hdFZ/8dg40krBELftFhsEmDf9dP6b0r9zDcjh+TBfUIHkF+vFU7 +xkp5/B6jqgaRbqJd9kQddpWgADAKBggqhkjOPQQDAgNoADBlAjBjsIsCYu4rcGoW +FoNw+9ON/16cBk/Roo6BysamuqZYWBjpzQgFEeGRXPL7zs/AdN8CMQDjOlJ47Q7V +2OoRkMbv4OOGyIoPpndPqjPnxmTujgAppK2wC/KtIJaGTilOEzUqMb8= +-----END CERTIFICATE REQUEST----- diff --git a/test/ocsp-tests/intermediate-key.pem b/test/ocsp-tests/intermediate-key.pem new file mode 100644 index 0000000000..e291d8719d --- /dev/null +++ b/test/ocsp-tests/intermediate-key.pem @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB7rnV1sLw6Zbw9GEBb +kGgygZlqOpkAmoJADlpfpOIXJVp6MNlTnhqsmeOZgAhD3CyhZANiAARr39Xo6Um7 +NXKTGbo9NoeJu7mxXTh3h1NKXYGd+7kaTkBHVlXPZeur5hdFZ/8dg40krBELftFh +sEmDf9dP6b0r9zDcjh+TBfUIHkF+vFU7xkp5/B6jqgaRbqJd9kQddpU= +-----END PRIVATE KEY----- diff --git a/test/ocsp-tests/mk-ocsp-cert-chain.sh b/test/ocsp-tests/mk-ocsp-cert-chain.sh new file mode 100755 index 0000000000..0f4976ac55 --- /dev/null +++ b/test/ocsp-tests/mk-ocsp-cert-chain.sh @@ -0,0 +1,100 @@ +#!/bin/sh + +opensslcmd() { + LD_LIBRARY_PATH=../.. ../../apps/openssl $@ +} + +# report the openssl version +opensslcmd version + +echo "Creating private keys and certs..." + +##### + +# root CA private key +opensslcmd genpkey \ + -algorithm EC \ + -pkeyopt ec_paramgen_curve:secp521r1 \ + -pkeyopt ec_param_enc:named_curve \ + -out root-key.pem + +# root CA certificate (self-signed) +opensslcmd req \ + -config ca.cnf \ + -x509 \ + -days 3650 \ + -key root-key.pem \ + -subj /CN=TestRootCA \ + -out root-cert.pem +##### + +# intermediate CA private key +opensslcmd genpkey \ + -algorithm EC \ + -pkeyopt ec_paramgen_curve:secp384r1 \ + -pkeyopt ec_param_enc:named_curve \ + -out intermediate-key.pem + +# intermediate CA certificate-signing-request +opensslcmd req \ + -config ca.cnf \ + -new \ + -key intermediate-key.pem \ + -subj /CN=TestIntermediateCA \ + -out intermediate-csr.pem + +# intermediate CA certificate (signed by root CA) +opensslcmd req \ + -config ca.cnf \ + -x509 \ + -days 1825 \ + -CA root-cert.pem \ + -CAkey root-key.pem \ + -in intermediate-csr.pem \ + -copy_extensions copyall \ + -out intermediate-cert.pem +##### + +# server key +opensslcmd genpkey \ + -algorithm EC \ + -pkeyopt ec_paramgen_curve:prime256v1 \ + -pkeyopt ec_param_enc:named_curve \ + -out server-key.pem + +# server certificate-signing-request +opensslcmd req \ + -config ca.cnf \ + -extensions usr_cert \ + -new \ + -key server-key.pem \ + -subj /CN=TestServerCA \ + -out server-csr.pem + +# server certificate (signed by intermediate CA) +opensslcmd req \ + -config ca.cnf \ + -extensions usr_cert \ + -x509 \ + -days 365 \ + -CA intermediate-cert.pem \ + -CAkey intermediate-key.pem \ + -in server-csr.pem \ + -copy_extensions copyall \ + -out server-cert.pem +##### + +rm -f index.txt index.txt.attr +echo -n > index.txt +opensslcmd ca \ + -config ca.cnf \ + -valid server-cert.pem \ + -keyfile intermediate-key.pem \ + -cert intermediate-cert.pem +rm -f index.txt.old +##### + +cat server-cert.pem server-key.pem intermediate-cert.pem > server.pem +cat intermediate-cert.pem intermediate-key.pem > ocsp.pem + +echo "Done." diff --git a/test/ocsp-tests/ocsp.pem b/test/ocsp-tests/ocsp.pem new file mode 100644 index 0000000000..75bb296245 --- /dev/null +++ b/test/ocsp-tests/ocsp.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIB+DCCAVqgAwIBAgIUXFMqBp6K/J1oNTwtzIJt5oRYSHMwCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKVGVzdFJvb3RDQTAeFw0yMzEyMjIxNzA3MTdaFw0yODEyMjAx +NzA3MTdaMB0xGzAZBgNVBAMMElRlc3RJbnRlcm1lZGlhdGVDQTB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABGvf1ejpSbs1cpMZuj02h4m7ubFdOHeHU0pdgZ37uRpOQEdW +Vc9l66vmF0Vn/x2DjSSsEQt+0WGwSYN/10/pvSv3MNyOH5MF9QgeQX68VTvGSnn8 +HqOqBpFuol32RB12laNjMGEwHQYDVR0OBBYEFK026R0pctsFs0qumItVbi/ZcKP6 +MB8GA1UdIwQYMBaAFAP1uJrOxcHqX5HpBxC/0gLUYzHtMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMCA4GLADCBhwJBA6lPEQ+FSyoT +mSmdffUb8OYoB132DK98wAqJaWIIl8Cuxcq/TdVTO8vwZFzRCerSWrseCi8EiA+H +dhcKJJ1flbsCQgClCy8YAOKHrqQ4NS5IPRUCWLYjS4cwnQjObHb5+lA4aJMs85Uq +v1HAvDC6ObSGCV+h9DYHTyWXaWgZsJoyPgXVDA== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB7rnV1sLw6Zbw9GEBb +kGgygZlqOpkAmoJADlpfpOIXJVp6MNlTnhqsmeOZgAhD3CyhZANiAARr39Xo6Um7 +NXKTGbo9NoeJu7mxXTh3h1NKXYGd+7kaTkBHVlXPZeur5hdFZ/8dg40krBELftFh +sEmDf9dP6b0r9zDcjh+TBfUIHkF+vFU7xkp5/B6jqgaRbqJd9kQddpU= +-----END PRIVATE KEY----- diff --git a/test/ocsp-tests/root-cert.pem b/test/ocsp-tests/root-cert.pem new file mode 100644 index 0000000000..7a123ac87e --- /dev/null +++ b/test/ocsp-tests/root-cert.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICFjCCAXigAwIBAgIUXM2lq+OknWVAO84nbtJw0j+9tC4wCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKVGVzdFJvb3RDQTAeFw0yMzEyMjIxNzA3MTdaFw0zMzEyMTkx +NzA3MTdaMBUxEzARBgNVBAMMClRlc3RSb290Q0EwgZswEAYHKoZIzj0CAQYFK4EE +ACMDgYYABAHu0OEJC9mfLC3AXhBQvzBdt6PQAhhk8NVsHg/8vjuVYFcA7oNuNm8F +8pINV5JbjBnYm1oIdivlAkYtdTRol0CI/wHTWWxhx8G5heu1IS8eylT5q3XEfyoo +XWxnzLQxAFLAfAfLyum6CCiL8PQSF2T1KNqH+tDLyXiJtFn8NLi0xR1/bqNjMGEw +HQYDVR0OBBYEFAP1uJrOxcHqX5HpBxC/0gLUYzHtMB8GA1UdIwQYMBaAFAP1uJrO +xcHqX5HpBxC/0gLUYzHtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG +MAoGCCqGSM49BAMCA4GLADCBhwJBPEZv63dNmv++g0WouaaOtnVVeK/wZEfxv98H +FkEGzQd5aXpA3N+ndt73WbEIu0JQ3E/HV60q2/VAHWbKdyRm9swCQgCctR5fcrRe +C7EBlzuWBDJUSum2D74ZFTpkoV7tcx80an/BrlzvQNuHpotGxmxLQQc4INxmQa77 +X2hA+YT4DAc2eA== +-----END CERTIFICATE----- diff --git a/test/ocsp-tests/root-key.pem b/test/ocsp-tests/root-key.pem new file mode 100644 index 0000000000..c025188d88 --- /dev/null +++ b/test/ocsp-tests/root-key.pem @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA0VOY/DcDqrOne8i9 +Vttq+jbmaFMhQSOfx7eJyq3phgfe2BJ1r0R8iwczsc/mzSYjd9Gyqwc4NO5HY9WO +NlIRFAKhgYkDgYYABAHu0OEJC9mfLC3AXhBQvzBdt6PQAhhk8NVsHg/8vjuVYFcA +7oNuNm8F8pINV5JbjBnYm1oIdivlAkYtdTRol0CI/wHTWWxhx8G5heu1IS8eylT5 +q3XEfyooXWxnzLQxAFLAfAfLyum6CCiL8PQSF2T1KNqH+tDLyXiJtFn8NLi0xR1/ +bg== +-----END PRIVATE KEY----- diff --git a/test/ocsp-tests/server-cert.pem b/test/ocsp-tests/server-cert.pem new file mode 100644 index 0000000000..ff5a1646ea --- /dev/null +++ b/test/ocsp-tests/server-cert.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBtTCCATygAwIBAgIUc8igiUSIgJr+ly/gutNGAxjRzL8wCgYIKoZIzj0EAwIw +HTEbMBkGA1UEAwwSVGVzdEludGVybWVkaWF0ZUNBMB4XDTIzMTIyMjE3MDcxN1oX +DTI0MTIyMTE3MDcxN1owFzEVMBMGA1UEAwwMVGVzdFNlcnZlckNBMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAEs2TL/y4CoUDd4Vf2RLNRW1BWPCL30uz2Waio6/Ri +Naw2BSV0p/IGQrc57Q6xJxmo0viDigrQ6n0xgL8GkyEFn6NgMF4wDAYDVR0TAQH/ +BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFKqV4zgKs+ijvA1VXP/z4K89 +F/fGMB8GA1UdIwQYMBaAFK026R0pctsFs0qumItVbi/ZcKP6MAoGCCqGSM49BAMC +A2cAMGQCMEhvb5WRpIR3oTnCyj8S82XSwS+8HZjk2ORrovm1rycrHFshdts/5AnH +r3qjBY9khAIwXt9AXo829mkmB2OIZyczHDTsgjtDvwHuR682+R71WmCeD8AkLMJT +gcpvgA1oIi8p +-----END CERTIFICATE----- diff --git a/test/ocsp-tests/server-csr.pem b/test/ocsp-tests/server-csr.pem new file mode 100644 index 0000000000..cefb130450 --- /dev/null +++ b/test/ocsp-tests/server-csr.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBITCBxwIBADAXMRUwEwYDVQQDDAxUZXN0U2VydmVyQ0EwWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAASzZMv/LgKhQN3hV/ZEs1FbUFY8IvfS7PZZqKjr9GI1rDYF +JXSn8gZCtzntDrEnGajS+IOKCtDqfTGAvwaTIQWfoE4wTAYJKoZIhvcNAQkOMT8w +PTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUqpXjOAqz +6KO8DVVc//Pgrz0X98YwCgYIKoZIzj0EAwIDSQAwRgIhANtinT6lF67B7HxcIEoC +zTyRNV+y9HuqCn1/hlrzvNgDAiEA1dh3fyrobsqDO15BeXbV9SIW2bux/JeznBL5 +8YPjtWg= +-----END CERTIFICATE REQUEST----- diff --git a/test/ocsp-tests/server-key.pem b/test/ocsp-tests/server-key.pem new file mode 100644 index 0000000000..a8f7b1cdda --- /dev/null +++ b/test/ocsp-tests/server-key.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg2qWtFAsGbCGr89+1 +pICpHCzDXTxfbBOo86Cau5LXhqChRANCAASzZMv/LgKhQN3hV/ZEs1FbUFY8IvfS +7PZZqKjr9GI1rDYFJXSn8gZCtzntDrEnGajS+IOKCtDqfTGAvwaTIQWf +-----END PRIVATE KEY----- diff --git a/test/ocsp-tests/server.pem b/test/ocsp-tests/server.pem new file mode 100644 index 0000000000..26d7b6fe75 --- /dev/null +++ b/test/ocsp-tests/server.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIBtTCCATygAwIBAgIUc8igiUSIgJr+ly/gutNGAxjRzL8wCgYIKoZIzj0EAwIw +HTEbMBkGA1UEAwwSVGVzdEludGVybWVkaWF0ZUNBMB4XDTIzMTIyMjE3MDcxN1oX +DTI0MTIyMTE3MDcxN1owFzEVMBMGA1UEAwwMVGVzdFNlcnZlckNBMFkwEwYHKoZI +zj0CAQYIKoZIzj0DAQcDQgAEs2TL/y4CoUDd4Vf2RLNRW1BWPCL30uz2Waio6/Ri +Naw2BSV0p/IGQrc57Q6xJxmo0viDigrQ6n0xgL8GkyEFn6NgMF4wDAYDVR0TAQH/ +BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFKqV4zgKs+ijvA1VXP/z4K89 +F/fGMB8GA1UdIwQYMBaAFK026R0pctsFs0qumItVbi/ZcKP6MAoGCCqGSM49BAMC +A2cAMGQCMEhvb5WRpIR3oTnCyj8S82XSwS+8HZjk2ORrovm1rycrHFshdts/5AnH +r3qjBY9khAIwXt9AXo829mkmB2OIZyczHDTsgjtDvwHuR682+R71WmCeD8AkLMJT +gcpvgA1oIi8p +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg2qWtFAsGbCGr89+1 +pICpHCzDXTxfbBOo86Cau5LXhqChRANCAASzZMv/LgKhQN3hV/ZEs1FbUFY8IvfS +7PZZqKjr9GI1rDYFJXSn8gZCtzntDrEnGajS+IOKCtDqfTGAvwaTIQWf +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIB+DCCAVqgAwIBAgIUXFMqBp6K/J1oNTwtzIJt5oRYSHMwCgYIKoZIzj0EAwIw +FTETMBEGA1UEAwwKVGVzdFJvb3RDQTAeFw0yMzEyMjIxNzA3MTdaFw0yODEyMjAx +NzA3MTdaMB0xGzAZBgNVBAMMElRlc3RJbnRlcm1lZGlhdGVDQTB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABGvf1ejpSbs1cpMZuj02h4m7ubFdOHeHU0pdgZ37uRpOQEdW +Vc9l66vmF0Vn/x2DjSSsEQt+0WGwSYN/10/pvSv3MNyOH5MF9QgeQX68VTvGSnn8 +HqOqBpFuol32RB12laNjMGEwHQYDVR0OBBYEFK026R0pctsFs0qumItVbi/ZcKP6 +MB8GA1UdIwQYMBaAFAP1uJrOxcHqX5HpBxC/0gLUYzHtMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMCA4GLADCBhwJBA6lPEQ+FSyoT +mSmdffUb8OYoB132DK98wAqJaWIIl8Cuxcq/TdVTO8vwZFzRCerSWrseCi8EiA+H +dhcKJJ1flbsCQgClCy8YAOKHrqQ4NS5IPRUCWLYjS4cwnQjObHb5+lA4aJMs85Uq +v1HAvDC6ObSGCV+h9DYHTyWXaWgZsJoyPgXVDA== +-----END CERTIFICATE----- |