summaryrefslogtreecommitdiffstats
path: root/test/ocsp-tests
diff options
context:
space:
mode:
Diffstat (limited to 'test/ocsp-tests')
-rw-r--r--test/ocsp-tests/ca.cnf34
-rw-r--r--test/ocsp-tests/index.txt1
-rw-r--r--test/ocsp-tests/index.txt.attr1
-rw-r--r--test/ocsp-tests/intermediate-cert.pem13
-rw-r--r--test/ocsp-tests/intermediate-csr.pem8
-rw-r--r--test/ocsp-tests/intermediate-key.pem6
-rwxr-xr-xtest/ocsp-tests/mk-ocsp-cert-chain.sh100
-rw-r--r--test/ocsp-tests/ocsp.pem19
-rw-r--r--test/ocsp-tests/root-cert.pem14
-rw-r--r--test/ocsp-tests/root-key.pem8
-rw-r--r--test/ocsp-tests/server-cert.pem12
-rw-r--r--test/ocsp-tests/server-csr.pem9
-rw-r--r--test/ocsp-tests/server-key.pem5
-rw-r--r--test/ocsp-tests/server.pem30
14 files changed, 260 insertions, 0 deletions
diff --git a/test/ocsp-tests/ca.cnf b/test/ocsp-tests/ca.cnf
new file mode 100644
index 0000000000..1608778d3d
--- /dev/null
+++ b/test/ocsp-tests/ca.cnf
@@ -0,0 +1,34 @@
+HOME = .
+default_ca = ca
+config_diagnostics = 1
+
+####################################################################
+
+[ req ]
+x509_extensions = v3_ca
+
+####################################################################
+
+[ usr_cert ]
+basicConstraints = critical, CA:FALSE
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+subjectKeyIdentifier = hash
+##authorityInfoAccess = OCSP;URI:http://127.0.0.1:19254/ocsp
+# we do not include aia in the cert.
+# we use the s_server option "-status_url" to specify the url.
+
+####################################################################
+
+[ v3_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+basicConstraints = critical,CA:true
+keyUsage = critical, cRLSign, keyCertSign
+
+####################################################################
+
+# Minimal CA entry to allow generation of CRLs.
+[ ca ]
+default_md = sha256
+database = index.txt
+crlnumber = crlnum.txt
diff --git a/test/ocsp-tests/index.txt b/test/ocsp-tests/index.txt
new file mode 100644
index 0000000000..78252ef726
--- /dev/null
+++ b/test/ocsp-tests/index.txt
@@ -0,0 +1 @@
+V 241221170717Z 73C8A0894488809AFE972FE0BAD3460318D1CCBF unknown /CN=TestServerCA
diff --git a/test/ocsp-tests/index.txt.attr b/test/ocsp-tests/index.txt.attr
new file mode 100644
index 0000000000..8f7e63a347
--- /dev/null
+++ b/test/ocsp-tests/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/test/ocsp-tests/intermediate-cert.pem b/test/ocsp-tests/intermediate-cert.pem
new file mode 100644
index 0000000000..ca83feb1a0
--- /dev/null
+++ b/test/ocsp-tests/intermediate-cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB+DCCAVqgAwIBAgIUXFMqBp6K/J1oNTwtzIJt5oRYSHMwCgYIKoZIzj0EAwIw
+FTETMBEGA1UEAwwKVGVzdFJvb3RDQTAeFw0yMzEyMjIxNzA3MTdaFw0yODEyMjAx
+NzA3MTdaMB0xGzAZBgNVBAMMElRlc3RJbnRlcm1lZGlhdGVDQTB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABGvf1ejpSbs1cpMZuj02h4m7ubFdOHeHU0pdgZ37uRpOQEdW
+Vc9l66vmF0Vn/x2DjSSsEQt+0WGwSYN/10/pvSv3MNyOH5MF9QgeQX68VTvGSnn8
+HqOqBpFuol32RB12laNjMGEwHQYDVR0OBBYEFK026R0pctsFs0qumItVbi/ZcKP6
+MB8GA1UdIwQYMBaAFAP1uJrOxcHqX5HpBxC/0gLUYzHtMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMCA4GLADCBhwJBA6lPEQ+FSyoT
+mSmdffUb8OYoB132DK98wAqJaWIIl8Cuxcq/TdVTO8vwZFzRCerSWrseCi8EiA+H
+dhcKJJ1flbsCQgClCy8YAOKHrqQ4NS5IPRUCWLYjS4cwnQjObHb5+lA4aJMs85Uq
+v1HAvDC6ObSGCV+h9DYHTyWXaWgZsJoyPgXVDA==
+-----END CERTIFICATE-----
diff --git a/test/ocsp-tests/intermediate-csr.pem b/test/ocsp-tests/intermediate-csr.pem
new file mode 100644
index 0000000000..a41fa9f4c1
--- /dev/null
+++ b/test/ocsp-tests/intermediate-csr.pem
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBFTCBnAIBADAdMRswGQYDVQQDDBJUZXN0SW50ZXJtZWRpYXRlQ0EwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAARr39Xo6Um7NXKTGbo9NoeJu7mxXTh3h1NKXYGd+7ka
+TkBHVlXPZeur5hdFZ/8dg40krBELftFhsEmDf9dP6b0r9zDcjh+TBfUIHkF+vFU7
+xkp5/B6jqgaRbqJd9kQddpWgADAKBggqhkjOPQQDAgNoADBlAjBjsIsCYu4rcGoW
+FoNw+9ON/16cBk/Roo6BysamuqZYWBjpzQgFEeGRXPL7zs/AdN8CMQDjOlJ47Q7V
+2OoRkMbv4OOGyIoPpndPqjPnxmTujgAppK2wC/KtIJaGTilOEzUqMb8=
+-----END CERTIFICATE REQUEST-----
diff --git a/test/ocsp-tests/intermediate-key.pem b/test/ocsp-tests/intermediate-key.pem
new file mode 100644
index 0000000000..e291d8719d
--- /dev/null
+++ b/test/ocsp-tests/intermediate-key.pem
@@ -0,0 +1,6 @@
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB7rnV1sLw6Zbw9GEBb
+kGgygZlqOpkAmoJADlpfpOIXJVp6MNlTnhqsmeOZgAhD3CyhZANiAARr39Xo6Um7
+NXKTGbo9NoeJu7mxXTh3h1NKXYGd+7kaTkBHVlXPZeur5hdFZ/8dg40krBELftFh
+sEmDf9dP6b0r9zDcjh+TBfUIHkF+vFU7xkp5/B6jqgaRbqJd9kQddpU=
+-----END PRIVATE KEY-----
diff --git a/test/ocsp-tests/mk-ocsp-cert-chain.sh b/test/ocsp-tests/mk-ocsp-cert-chain.sh
new file mode 100755
index 0000000000..0f4976ac55
--- /dev/null
+++ b/test/ocsp-tests/mk-ocsp-cert-chain.sh
@@ -0,0 +1,100 @@
+#!/bin/sh
+
+opensslcmd() {
+ LD_LIBRARY_PATH=../.. ../../apps/openssl $@
+}
+
+# report the openssl version
+opensslcmd version
+
+echo "Creating private keys and certs..."
+
+#####
+
+# root CA private key
+opensslcmd genpkey \
+ -algorithm EC \
+ -pkeyopt ec_paramgen_curve:secp521r1 \
+ -pkeyopt ec_param_enc:named_curve \
+ -out root-key.pem
+
+# root CA certificate (self-signed)
+opensslcmd req \
+ -config ca.cnf \
+ -x509 \
+ -days 3650 \
+ -key root-key.pem \
+ -subj /CN=TestRootCA \
+ -out root-cert.pem
+#####
+
+# intermediate CA private key
+opensslcmd genpkey \
+ -algorithm EC \
+ -pkeyopt ec_paramgen_curve:secp384r1 \
+ -pkeyopt ec_param_enc:named_curve \
+ -out intermediate-key.pem
+
+# intermediate CA certificate-signing-request
+opensslcmd req \
+ -config ca.cnf \
+ -new \
+ -key intermediate-key.pem \
+ -subj /CN=TestIntermediateCA \
+ -out intermediate-csr.pem
+
+# intermediate CA certificate (signed by root CA)
+opensslcmd req \
+ -config ca.cnf \
+ -x509 \
+ -days 1825 \
+ -CA root-cert.pem \
+ -CAkey root-key.pem \
+ -in intermediate-csr.pem \
+ -copy_extensions copyall \
+ -out intermediate-cert.pem
+#####
+
+# server key
+opensslcmd genpkey \
+ -algorithm EC \
+ -pkeyopt ec_paramgen_curve:prime256v1 \
+ -pkeyopt ec_param_enc:named_curve \
+ -out server-key.pem
+
+# server certificate-signing-request
+opensslcmd req \
+ -config ca.cnf \
+ -extensions usr_cert \
+ -new \
+ -key server-key.pem \
+ -subj /CN=TestServerCA \
+ -out server-csr.pem
+
+# server certificate (signed by intermediate CA)
+opensslcmd req \
+ -config ca.cnf \
+ -extensions usr_cert \
+ -x509 \
+ -days 365 \
+ -CA intermediate-cert.pem \
+ -CAkey intermediate-key.pem \
+ -in server-csr.pem \
+ -copy_extensions copyall \
+ -out server-cert.pem
+#####
+
+rm -f index.txt index.txt.attr
+echo -n > index.txt
+opensslcmd ca \
+ -config ca.cnf \
+ -valid server-cert.pem \
+ -keyfile intermediate-key.pem \
+ -cert intermediate-cert.pem
+rm -f index.txt.old
+#####
+
+cat server-cert.pem server-key.pem intermediate-cert.pem > server.pem
+cat intermediate-cert.pem intermediate-key.pem > ocsp.pem
+
+echo "Done."
diff --git a/test/ocsp-tests/ocsp.pem b/test/ocsp-tests/ocsp.pem
new file mode 100644
index 0000000000..75bb296245
--- /dev/null
+++ b/test/ocsp-tests/ocsp.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIB+DCCAVqgAwIBAgIUXFMqBp6K/J1oNTwtzIJt5oRYSHMwCgYIKoZIzj0EAwIw
+FTETMBEGA1UEAwwKVGVzdFJvb3RDQTAeFw0yMzEyMjIxNzA3MTdaFw0yODEyMjAx
+NzA3MTdaMB0xGzAZBgNVBAMMElRlc3RJbnRlcm1lZGlhdGVDQTB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABGvf1ejpSbs1cpMZuj02h4m7ubFdOHeHU0pdgZ37uRpOQEdW
+Vc9l66vmF0Vn/x2DjSSsEQt+0WGwSYN/10/pvSv3MNyOH5MF9QgeQX68VTvGSnn8
+HqOqBpFuol32RB12laNjMGEwHQYDVR0OBBYEFK026R0pctsFs0qumItVbi/ZcKP6
+MB8GA1UdIwQYMBaAFAP1uJrOxcHqX5HpBxC/0gLUYzHtMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMCA4GLADCBhwJBA6lPEQ+FSyoT
+mSmdffUb8OYoB132DK98wAqJaWIIl8Cuxcq/TdVTO8vwZFzRCerSWrseCi8EiA+H
+dhcKJJ1flbsCQgClCy8YAOKHrqQ4NS5IPRUCWLYjS4cwnQjObHb5+lA4aJMs85Uq
+v1HAvDC6ObSGCV+h9DYHTyWXaWgZsJoyPgXVDA==
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB7rnV1sLw6Zbw9GEBb
+kGgygZlqOpkAmoJADlpfpOIXJVp6MNlTnhqsmeOZgAhD3CyhZANiAARr39Xo6Um7
+NXKTGbo9NoeJu7mxXTh3h1NKXYGd+7kaTkBHVlXPZeur5hdFZ/8dg40krBELftFh
+sEmDf9dP6b0r9zDcjh+TBfUIHkF+vFU7xkp5/B6jqgaRbqJd9kQddpU=
+-----END PRIVATE KEY-----
diff --git a/test/ocsp-tests/root-cert.pem b/test/ocsp-tests/root-cert.pem
new file mode 100644
index 0000000000..7a123ac87e
--- /dev/null
+++ b/test/ocsp-tests/root-cert.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICFjCCAXigAwIBAgIUXM2lq+OknWVAO84nbtJw0j+9tC4wCgYIKoZIzj0EAwIw
+FTETMBEGA1UEAwwKVGVzdFJvb3RDQTAeFw0yMzEyMjIxNzA3MTdaFw0zMzEyMTkx
+NzA3MTdaMBUxEzARBgNVBAMMClRlc3RSb290Q0EwgZswEAYHKoZIzj0CAQYFK4EE
+ACMDgYYABAHu0OEJC9mfLC3AXhBQvzBdt6PQAhhk8NVsHg/8vjuVYFcA7oNuNm8F
+8pINV5JbjBnYm1oIdivlAkYtdTRol0CI/wHTWWxhx8G5heu1IS8eylT5q3XEfyoo
+XWxnzLQxAFLAfAfLyum6CCiL8PQSF2T1KNqH+tDLyXiJtFn8NLi0xR1/bqNjMGEw
+HQYDVR0OBBYEFAP1uJrOxcHqX5HpBxC/0gLUYzHtMB8GA1UdIwQYMBaAFAP1uJrO
+xcHqX5HpBxC/0gLUYzHtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MAoGCCqGSM49BAMCA4GLADCBhwJBPEZv63dNmv++g0WouaaOtnVVeK/wZEfxv98H
+FkEGzQd5aXpA3N+ndt73WbEIu0JQ3E/HV60q2/VAHWbKdyRm9swCQgCctR5fcrRe
+C7EBlzuWBDJUSum2D74ZFTpkoV7tcx80an/BrlzvQNuHpotGxmxLQQc4INxmQa77
+X2hA+YT4DAc2eA==
+-----END CERTIFICATE-----
diff --git a/test/ocsp-tests/root-key.pem b/test/ocsp-tests/root-key.pem
new file mode 100644
index 0000000000..c025188d88
--- /dev/null
+++ b/test/ocsp-tests/root-key.pem
@@ -0,0 +1,8 @@
+-----BEGIN PRIVATE KEY-----
+MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA0VOY/DcDqrOne8i9
+Vttq+jbmaFMhQSOfx7eJyq3phgfe2BJ1r0R8iwczsc/mzSYjd9Gyqwc4NO5HY9WO
+NlIRFAKhgYkDgYYABAHu0OEJC9mfLC3AXhBQvzBdt6PQAhhk8NVsHg/8vjuVYFcA
+7oNuNm8F8pINV5JbjBnYm1oIdivlAkYtdTRol0CI/wHTWWxhx8G5heu1IS8eylT5
+q3XEfyooXWxnzLQxAFLAfAfLyum6CCiL8PQSF2T1KNqH+tDLyXiJtFn8NLi0xR1/
+bg==
+-----END PRIVATE KEY-----
diff --git a/test/ocsp-tests/server-cert.pem b/test/ocsp-tests/server-cert.pem
new file mode 100644
index 0000000000..ff5a1646ea
--- /dev/null
+++ b/test/ocsp-tests/server-cert.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBtTCCATygAwIBAgIUc8igiUSIgJr+ly/gutNGAxjRzL8wCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwSVGVzdEludGVybWVkaWF0ZUNBMB4XDTIzMTIyMjE3MDcxN1oX
+DTI0MTIyMTE3MDcxN1owFzEVMBMGA1UEAwwMVGVzdFNlcnZlckNBMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEs2TL/y4CoUDd4Vf2RLNRW1BWPCL30uz2Waio6/Ri
+Naw2BSV0p/IGQrc57Q6xJxmo0viDigrQ6n0xgL8GkyEFn6NgMF4wDAYDVR0TAQH/
+BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFKqV4zgKs+ijvA1VXP/z4K89
+F/fGMB8GA1UdIwQYMBaAFK026R0pctsFs0qumItVbi/ZcKP6MAoGCCqGSM49BAMC
+A2cAMGQCMEhvb5WRpIR3oTnCyj8S82XSwS+8HZjk2ORrovm1rycrHFshdts/5AnH
+r3qjBY9khAIwXt9AXo829mkmB2OIZyczHDTsgjtDvwHuR682+R71WmCeD8AkLMJT
+gcpvgA1oIi8p
+-----END CERTIFICATE-----
diff --git a/test/ocsp-tests/server-csr.pem b/test/ocsp-tests/server-csr.pem
new file mode 100644
index 0000000000..cefb130450
--- /dev/null
+++ b/test/ocsp-tests/server-csr.pem
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBITCBxwIBADAXMRUwEwYDVQQDDAxUZXN0U2VydmVyQ0EwWTATBgcqhkjOPQIB
+BggqhkjOPQMBBwNCAASzZMv/LgKhQN3hV/ZEs1FbUFY8IvfS7PZZqKjr9GI1rDYF
+JXSn8gZCtzntDrEnGajS+IOKCtDqfTGAvwaTIQWfoE4wTAYJKoZIhvcNAQkOMT8w
+PTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUqpXjOAqz
+6KO8DVVc//Pgrz0X98YwCgYIKoZIzj0EAwIDSQAwRgIhANtinT6lF67B7HxcIEoC
+zTyRNV+y9HuqCn1/hlrzvNgDAiEA1dh3fyrobsqDO15BeXbV9SIW2bux/JeznBL5
+8YPjtWg=
+-----END CERTIFICATE REQUEST-----
diff --git a/test/ocsp-tests/server-key.pem b/test/ocsp-tests/server-key.pem
new file mode 100644
index 0000000000..a8f7b1cdda
--- /dev/null
+++ b/test/ocsp-tests/server-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg2qWtFAsGbCGr89+1
+pICpHCzDXTxfbBOo86Cau5LXhqChRANCAASzZMv/LgKhQN3hV/ZEs1FbUFY8IvfS
+7PZZqKjr9GI1rDYFJXSn8gZCtzntDrEnGajS+IOKCtDqfTGAvwaTIQWf
+-----END PRIVATE KEY-----
diff --git a/test/ocsp-tests/server.pem b/test/ocsp-tests/server.pem
new file mode 100644
index 0000000000..26d7b6fe75
--- /dev/null
+++ b/test/ocsp-tests/server.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIBtTCCATygAwIBAgIUc8igiUSIgJr+ly/gutNGAxjRzL8wCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwSVGVzdEludGVybWVkaWF0ZUNBMB4XDTIzMTIyMjE3MDcxN1oX
+DTI0MTIyMTE3MDcxN1owFzEVMBMGA1UEAwwMVGVzdFNlcnZlckNBMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEs2TL/y4CoUDd4Vf2RLNRW1BWPCL30uz2Waio6/Ri
+Naw2BSV0p/IGQrc57Q6xJxmo0viDigrQ6n0xgL8GkyEFn6NgMF4wDAYDVR0TAQH/
+BAIwADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0OBBYEFKqV4zgKs+ijvA1VXP/z4K89
+F/fGMB8GA1UdIwQYMBaAFK026R0pctsFs0qumItVbi/ZcKP6MAoGCCqGSM49BAMC
+A2cAMGQCMEhvb5WRpIR3oTnCyj8S82XSwS+8HZjk2ORrovm1rycrHFshdts/5AnH
+r3qjBY9khAIwXt9AXo829mkmB2OIZyczHDTsgjtDvwHuR682+R71WmCeD8AkLMJT
+gcpvgA1oIi8p
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg2qWtFAsGbCGr89+1
+pICpHCzDXTxfbBOo86Cau5LXhqChRANCAASzZMv/LgKhQN3hV/ZEs1FbUFY8IvfS
+7PZZqKjr9GI1rDYFJXSn8gZCtzntDrEnGajS+IOKCtDqfTGAvwaTIQWf
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIB+DCCAVqgAwIBAgIUXFMqBp6K/J1oNTwtzIJt5oRYSHMwCgYIKoZIzj0EAwIw
+FTETMBEGA1UEAwwKVGVzdFJvb3RDQTAeFw0yMzEyMjIxNzA3MTdaFw0yODEyMjAx
+NzA3MTdaMB0xGzAZBgNVBAMMElRlc3RJbnRlcm1lZGlhdGVDQTB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABGvf1ejpSbs1cpMZuj02h4m7ubFdOHeHU0pdgZ37uRpOQEdW
+Vc9l66vmF0Vn/x2DjSSsEQt+0WGwSYN/10/pvSv3MNyOH5MF9QgeQX68VTvGSnn8
+HqOqBpFuol32RB12laNjMGEwHQYDVR0OBBYEFK026R0pctsFs0qumItVbi/ZcKP6
+MB8GA1UdIwQYMBaAFAP1uJrOxcHqX5HpBxC/0gLUYzHtMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMCA4GLADCBhwJBA6lPEQ+FSyoT
+mSmdffUb8OYoB132DK98wAqJaWIIl8Cuxcq/TdVTO8vwZFzRCerSWrseCi8EiA+H
+dhcKJJ1flbsCQgClCy8YAOKHrqQ4NS5IPRUCWLYjS4cwnQjObHb5+lA4aJMs85Uq
+v1HAvDC6ObSGCV+h9DYHTyWXaWgZsJoyPgXVDA==
+-----END CERTIFICATE-----
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 05:45:42 +0000