aboutsummaryrefslogtreecommitdiff
path: root/server/testdata/x509
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-03 20:01:08 +0100
committerRasmus Dahlberg <rasmus.dahlberg@kau.se>2020-11-03 20:01:08 +0100
commit0168f18229402b299a3fb3bb6fe3edb8e3ffa7fc (patch)
tree19ffe21cf8cebf43859e00bc1ddac20593161ac5 /server/testdata/x509
parent71ed441c7d0ce507d72f02fb06679b6479fefc19 (diff)
added chain processing with intermediate certificates
Basic test chains can be generated manually with openssl, see details in server/testdata/x509/README.md.
Diffstat (limited to 'server/testdata/x509')
-rw-r--r--server/testdata/x509/.rand0
-rw-r--r--server/testdata/x509/README.md35
-rw-r--r--server/testdata/x509/ca.conf59
-rw-r--r--server/testdata/x509/chain.pem23
-rw-r--r--server/testdata/x509/end-entity.key3
-rw-r--r--server/testdata/x509/end-entity.pem10
-rw-r--r--server/testdata/x509/intermediate.key3
-rw-r--r--server/testdata/x509/intermediate.pem13
-rw-r--r--server/testdata/x509/root.key3
-rw-r--r--server/testdata/x509/root.pem13
10 files changed, 162 insertions, 0 deletions
diff --git a/server/testdata/x509/.rand b/server/testdata/x509/.rand
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/server/testdata/x509/.rand
diff --git a/server/testdata/x509/README.md b/server/testdata/x509/README.md
new file mode 100644
index 0000000..c9f03de
--- /dev/null
+++ b/server/testdata/x509/README.md
@@ -0,0 +1,35 @@
+# Create new certificate chains
+## Initial setup
+```
+$ touch index
+$ echo 1000 > serial
+```
+
+## Root certificate
+```
+$ openssl genpkey -algorithm ed25519 -out root.key
+$ openssl req -new -x509 -config ca.conf -extensions v3_ca -days 4096 -key root.key -out root.pem
+$ openssl x509 -in root.pem -text -noout
+```
+
+## Intermediate certificate
+```
+$ openssl genpkey -algorithm ed25519 -out intermediate.key
+$ openssl req -new -config ca.conf -extensions v3_intermediate_ca -key intermediate.key -out intermediate.csr
+$ openssl ca -config ca.conf -extensions v3_intermediate_ca -days 4096 -in intermediate.csr -notext -out intermediate.pem
+$ openssl x509 -in intermediate.pem -text -noout
+```
+
+## End-entity certificate
+```
+$ openssl genpkey -algorithm ed25519 -out end-entity.key
+$ openssl req -new -key end-entity.key -out end-entity.csr
+$ openssl x509 -req -days 4096 -CA intermediate.pem -CAkey intermediate.key -CAcreateserial -in end-entity.csr -out end-entity.pem
+$ openssl x509 -in end-entity.pem -text -noout
+```
+
+## Make chain
+```
+$ cat end-entity.pem > chain.pem
+$ cat intermediate.pem >> chain.pem
+```
diff --git a/server/testdata/x509/ca.conf b/server/testdata/x509/ca.conf
new file mode 100644
index 0000000..7889331
--- /dev/null
+++ b/server/testdata/x509/ca.conf
@@ -0,0 +1,59 @@
+[ca]
+default_ca = ca_settings
+
+[ ca_settings ]
+dir = .
+certs = $dir
+crl_dir = $dir
+new_certs_dir = $dir
+database = $dir/index
+serial = $dir/serial
+
+private_key = $dir/root.key
+certificate = $dir/root.pem
+
+policy = ca_policy
+
+[ ca_policy ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# Options for the `req` tool, `man req`
+[ req ]
+distinguished_name = req_distinguished_name
+
+# Extensions for a typical CA, see `man x509v3_config`
+[ v3_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, keyCertSign
+
+# Extensions for a typical intermediate CA, see `man x509v3_config`
+[ v3_intermediate_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, keyCertSign
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+stateOrProvinceName = State or Province Name
+localityName = Locality Name
+0.organizationName = Organization Name
+organizationalUnitName = Organizational Unit Name
+commonName = Common Name
+emailAddress = Email Address
+
+countryName_default = NA
+stateOrProvinceName_default = NA
+localityName_default = NA
+0.organizationName_default = NA
+organizationalUnitName_default = NA
+emailAddress_default = NA
+commonName_default = stfe testdata
diff --git a/server/testdata/x509/chain.pem b/server/testdata/x509/chain.pem
new file mode 100644
index 0000000..0ac66a0
--- /dev/null
+++ b/server/testdata/x509/chain.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIBbDCCAR4CFDfeuu6XURfn7AE4WShuwZBHEaLIMAUGAytlcDBsMQswCQYDVQQG
+EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
+A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
+Ak5BMB4XDTIwMTEwMzE4MzI0MFoXDTMyMDEyMTE4MzI0MFowRTELMAkGA1UEBhMC
+QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
+dHMgUHR5IEx0ZDAqMAUGAytlcAMhAJvk390ZvwULplBri03Od4LLz+Sf/OUHu+20
+wik+T9y5MAUGAytlcANBANekliXq4ttoClBJDZoktIQxyHHNcWyXFrj1HlOaT5bC
+I3GIqqZ60Ua3jKytnEsKsD2rLMPItDwmG6wYSecy2ws=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
+DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
+A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTAz
+MTgzMjE4WhcNMzIwMTIxMTgzMjE4WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
+TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
+BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
+F1yPPpjHKDAKN73pBFGXzAvIjdkLLimydu2y1HLMOiKjZjBkMB0GA1UdDgQWBBQ6
+P7JQ7yXtrTh7YkVU0I78P9A+nDAfBgNVHSMEGDAWgBQBvsxROtKU6zmr/SxcfTMD
+sAQcMTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
+QQBm1GMV0ADPnXRWnelCW9tcyTh0p9hKefuSy/MNx7/XLHKnM5fX+yHqD84QOxES
+Vc510vi4dM8I+e/vcoBsmMQP
+-----END CERTIFICATE-----
diff --git a/server/testdata/x509/end-entity.key b/server/testdata/x509/end-entity.key
new file mode 100644
index 0000000..da83f09
--- /dev/null
+++ b/server/testdata/x509/end-entity.key
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIDme3WaCwW2/FX095yh02yIIsn0D3vbvN5NsJzcdUwq1
+-----END PRIVATE KEY-----
diff --git a/server/testdata/x509/end-entity.pem b/server/testdata/x509/end-entity.pem
new file mode 100644
index 0000000..52b99f6
--- /dev/null
+++ b/server/testdata/x509/end-entity.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbDCCAR4CFDfeuu6XURfn7AE4WShuwZBHEaLIMAUGAytlcDBsMQswCQYDVQQG
+EwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkG
+A1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEW
+Ak5BMB4XDTIwMTEwMzE4MzI0MFoXDTMyMDEyMTE4MzI0MFowRTELMAkGA1UEBhMC
+QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdp
+dHMgUHR5IEx0ZDAqMAUGAytlcAMhAJvk390ZvwULplBri03Od4LLz+Sf/OUHu+20
+wik+T9y5MAUGAytlcANBANekliXq4ttoClBJDZoktIQxyHHNcWyXFrj1HlOaT5bC
+I3GIqqZ60Ua3jKytnEsKsD2rLMPItDwmG6wYSecy2ws=
+-----END CERTIFICATE-----
diff --git a/server/testdata/x509/intermediate.key b/server/testdata/x509/intermediate.key
new file mode 100644
index 0000000..26721e4
--- /dev/null
+++ b/server/testdata/x509/intermediate.key
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIEiZEO5PnjkbN4A+5r9LVTIZeVdPq/on5AzwnetZjszE
+-----END PRIVATE KEY-----
diff --git a/server/testdata/x509/intermediate.pem b/server/testdata/x509/intermediate.pem
new file mode 100644
index 0000000..0f893b8
--- /dev/null
+++ b/server/testdata/x509/intermediate.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB7jCCAaCgAwIBAgICEAAwBQYDK2VwMGwxCzAJBgNVBAYTAk5BMQswCQYDVQQI
+DAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5BMQswCQYDVQQLDAJOQTEWMBQG
+A1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMjAxMTAz
+MTgzMjE4WhcNMzIwMTIxMTgzMjE4WjBsMQswCQYDVQQGEwJOQTELMAkGA1UECAwC
+TkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTELMAkGA1UECwwCTkExFjAUBgNV
+BAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0BCQEWAk5BMCowBQYDK2VwAyEA
+F1yPPpjHKDAKN73pBFGXzAvIjdkLLimydu2y1HLMOiKjZjBkMB0GA1UdDgQWBBQ6
+P7JQ7yXtrTh7YkVU0I78P9A+nDAfBgNVHSMEGDAWgBQBvsxROtKU6zmr/SxcfTMD
+sAQcMTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAFBgMrZXAD
+QQBm1GMV0ADPnXRWnelCW9tcyTh0p9hKefuSy/MNx7/XLHKnM5fX+yHqD84QOxES
+Vc510vi4dM8I+e/vcoBsmMQP
+-----END CERTIFICATE-----
diff --git a/server/testdata/x509/root.key b/server/testdata/x509/root.key
new file mode 100644
index 0000000..c2dd558
--- /dev/null
+++ b/server/testdata/x509/root.key
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIPJGy4Tf9SwDv44lLCmVyEjsbUmwfTg+j/Xoyaunf1rx
+-----END PRIVATE KEY-----
diff --git a/server/testdata/x509/root.pem b/server/testdata/x509/root.pem
new file mode 100644
index 0000000..1fc802b
--- /dev/null
+++ b/server/testdata/x509/root.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB/TCCAa+gAwIBAgIUDYJzaC5VSkKwiLVAxO5MyphAkN8wBQYDK2VwMGwxCzAJ
+BgNVBAYTAk5BMQswCQYDVQQIDAJOQTELMAkGA1UEBwwCTkExCzAJBgNVBAoMAk5B
+MQswCQYDVQQLDAJOQTEWMBQGA1UEAwwNc3RmZSB0ZXN0ZGF0YTERMA8GCSqGSIb3
+DQEJARYCTkEwHhcNMjAxMTAzMTgzMTMxWhcNMzIwMTIxMTgzMTMxWjBsMQswCQYD
+VQQGEwJOQTELMAkGA1UECAwCTkExCzAJBgNVBAcMAk5BMQswCQYDVQQKDAJOQTEL
+MAkGA1UECwwCTkExFjAUBgNVBAMMDXN0ZmUgdGVzdGRhdGExETAPBgkqhkiG9w0B
+CQEWAk5BMCowBQYDK2VwAyEAJ1IiXCB4YHwdWka9MM0bc7LvKAtksmtIo8IhkuEB
+uzGjYzBhMB0GA1UdDgQWBBQBvsxROtKU6zmr/SxcfTMDsAQcMTAfBgNVHSMEGDAW
+gBQBvsxROtKU6zmr/SxcfTMDsAQcMTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIChDAFBgMrZXADQQCXh6kDnE5giTjcLET2S94qTwnHVAj57DJcR/rf9Jy8
+NMGbtzTL0/V0B8DHuJFA/islbZJbN7rSvqddEKL8N2gI
+-----END CERTIFICATE-----