From 550f7878bf509cc825726e6d95506e62857d48c9 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Mon, 26 Oct 2020 23:48:36 +0100 Subject: tested certificate chain code path further Added more documentation and quick helper scripts for now. We need to specify which signature schemes we expect/support from submitters. --- reqres.go | 18 +++++++- server/main.go | 2 +- server/testdata/anchors.pem | 32 -------------- server/testdata/chain/README.md | 44 +++++++++++++++++++ server/testdata/chain/rgdd-ecdsa.csr | 8 ++++ server/testdata/chain/rgdd-ecdsa.key | 5 +++ server/testdata/chain/rgdd-ecdsa.pem | 10 +++++ server/testdata/chain/rgdd-root.key | 3 ++ server/testdata/chain/rgdd-root.pem | 11 +++++ server/testdata/chain/rgdd-root.srl | 1 + server/testdata/chain/rgdd-rsa.csr | 27 ++++++++++++ server/testdata/chain/rgdd-rsa.key | 51 ++++++++++++++++++++++ server/testdata/chain/rgdd-rsa.pem | 20 +++++++++ server/testdata/cmd/add-entry | 34 +++++++++++++++ server/testdata/end-entity.key | 51 ---------------------- server/testdata/end-entity.pem | 30 ------------- server/testdata/entry/README.md | 21 +++++++++ server/testdata/entry/main.go | 46 +++++++++++++++++++ server/testdata/entry/stitem/foobar-0.0.1 | Bin 0 -> 48 bytes server/testdata/entry/stitem/foobar-0.0.1.b64 | 1 + server/testdata/entry/stitem/foobar-0.0.1.sig | 3 ++ server/testdata/entry/stitem/foobar-0.0.1.sig.b64 | 1 + server/testdata/root.key | 51 ---------------------- server/testdata/root.pem | 32 -------------- 24 files changed, 304 insertions(+), 198 deletions(-) delete mode 100644 server/testdata/anchors.pem create mode 100644 server/testdata/chain/README.md create mode 100644 server/testdata/chain/rgdd-ecdsa.csr create mode 100644 server/testdata/chain/rgdd-ecdsa.key create mode 100644 server/testdata/chain/rgdd-ecdsa.pem create mode 100644 server/testdata/chain/rgdd-root.key create mode 100644 server/testdata/chain/rgdd-root.pem create mode 100644 server/testdata/chain/rgdd-root.srl create mode 100644 server/testdata/chain/rgdd-rsa.csr create mode 100644 server/testdata/chain/rgdd-rsa.key create mode 100644 server/testdata/chain/rgdd-rsa.pem create mode 100755 server/testdata/cmd/add-entry delete mode 100644 server/testdata/end-entity.key delete mode 100644 server/testdata/end-entity.pem create mode 100644 server/testdata/entry/README.md create mode 100644 server/testdata/entry/main.go create mode 100644 server/testdata/entry/stitem/foobar-0.0.1 create mode 100644 server/testdata/entry/stitem/foobar-0.0.1.b64 create mode 100644 server/testdata/entry/stitem/foobar-0.0.1.sig create mode 100644 server/testdata/entry/stitem/foobar-0.0.1.sig.b64 delete mode 100644 server/testdata/root.key delete mode 100644 server/testdata/root.pem diff --git a/reqres.go b/reqres.go index f35ddc3..7bbb9e7 100644 --- a/reqres.go +++ b/reqres.go @@ -4,6 +4,8 @@ import ( "fmt" "strconv" + "crypto/ecdsa" + "crypto/rsa" "encoding/base64" "encoding/json" "io/ioutil" @@ -185,10 +187,24 @@ func VerifyAddEntryRequest(anchors ctfe.CertValidationOpts, r AddEntryRequest) ( if err != nil { return nil, fmt.Errorf("failed decoding signature: %v", err) } - if err := c.CheckSignature(c.SignatureAlgorithm, leaf, signature); err != nil { + + var algo x509.SignatureAlgorithm + switch t := c.PublicKey.(type) { + case *rsa.PublicKey: + algo = x509.SHA256WithRSA + case *ecdsa.PublicKey: + algo = x509.ECDSAWithSHA256 + default: + return nil, fmt.Errorf("unsupported public key algorithm: %v", t) + } + + if err := c.CheckSignature(algo, leaf, signature); err != nil { return nil, fmt.Errorf("invalid signature: %v", err) } + // TODO: update doc of what signature "is", i.e., w/e x509 does + // TODO: doc in markdown/api.md what signature schemes we expect + // TODO: return sig + chain return leaf, nil } diff --git a/server/main.go b/server/main.go index 53df7ee..618d40b 100644 --- a/server/main.go +++ b/server/main.go @@ -23,7 +23,7 @@ var ( prefix = flag.String("prefix", "/st/v1", "a prefix that proceeds each endpoint path") trillianID = flag.Int64("trillian_id", 5991359069696313945, "log identifier in the Trillian database") rpcDeadline = flag.Duration("rpc_deadline", time.Second*10, "deadline for backend RPC requests") - anchorsPemFile = flag.String("anchors_file", "testdata/anchors.pem", "path to a file containing PEM-encoded X.509 root certificates") + anchorsPemFile = flag.String("anchors_file", "testdata/chain/rgdd-root.pem", "path to a file containing PEM-encoded X.509 root certificates") ) func main() { diff --git a/server/testdata/anchors.pem b/server/testdata/anchors.pem deleted file mode 100644 index 6a96054..0000000 --- a/server/testdata/anchors.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFiTCCA3GgAwIBAgIUCpdSpYgFV7bmPzdIAcesg5ZJxe4wDQYJKoZIhvcNAQEL -BQAwVDELMAkGA1UEBhMCU0UxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM -GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEcmdkZDAeFw0yMDEw -MjMxNDI4MzFaFw0yMzA4MTMxNDI4MzFaMFQxCzAJBgNVBAYTAlNFMRMwEQYDVQQI -DApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQx -DTALBgNVBAMMBHJnZGQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2 -zbx/W/DBBUOtd94vzI0Qqx/909oJAMyqxF5evFmeoyORI/rIeXzvCu2YOQa7Y1Ku -wKuY65oafIDLY+FMxHKBhJ7vaY3wQJQxj4e0nXjcnFHCIBWwcrP2bb1aGwog2WyI -kKjEUdFshFcUuGNFrEzlLyW0wOh3Enm7mt30U+a7LsUUBfhrgK/CMnrthc35rFVJ -DiIBcEzl2F+n4k7BY+d4MqgCqPJmA9+f30F19JMTPcrjSEevNUNoH7+Vrzl8bgWr -5i2VezE/gMVeFjHFebzBjGKxxRtSPt2In/I2vALvPUuZ5Lw29Ire0Wy/AhYB1ngx -/L3nSHvMzlmlGC5H7FHMqg8T9g9VOaUWyiO8Ck73dF8JHxIOKwCJWZgIr4qAwSvK -O8PpHIoFOhpLFLhP+zH3B2w4QFbk/HfuQ2Ww78+AXEHoP2JTiAyH89xD/g+6366W -5dcutQw+rb1S9DGc4yXIPTew/24Hzmu1YkhcRemwebZ6s6y7H9muz0T4Ax2eYb0Z -NtaTR7+1TEcC/3R2YWuK1H8kY2kwEl0ize77QRZPii4cLCvIT9Ug7xpzVLYlJvly -WswZed1R8rncUE4fqWYOu0V0LzC/PBUv2cmFk0i6UjpCbFH70hK58AvZccpH+onF -RZNdqM5q+jjaySLzZFiqezgGX1k25p8H76EqaC59xQIDAQABo1MwUTAdBgNVHQ4E -FgQUrcBnUTJSmhmdJdn+HA/aBSQ1VYQwHwYDVR0jBBgwFoAUrcBnUTJSmhmdJdn+ -HA/aBSQ1VYQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAVivn -9T+M8rsWaP9PPsBTJbcgbfL1gmKMDh7xki14don5b3aJytzsrFowDDCQodtq6kPw -r3iv5M55pftQxwT3s+buFSX0ck57PSif1u/TfVMT1tq+YQuFeQLoo7Kr8bk5kUCG -GVqHBwllPaRbQQ4y2Lx4/i8J4hj8//IYR0lEnDNEpOkMM1pZYU5bsB7aUfJOaHVD -QnUyAiudZtSTWNT0rB2vYYef8yBFQoSi2Uj5CCdoM4ubi/pEvnbtT8rKseaycjBA -2lw+fO4B6s3haRWY+U8BAEqTUq9GesH++SM9t1VDAlcoRZx2s6JeZrvSYMs6NyVQ -JilrhOmRg6Dghkt9UJQWpCkslxsEze1Crz1KQgFyRwtqkaeDGlwRGhySlHCMg4vu -aXGDdSTUv2m9Ss31ktwEmMNcPI7vyehHyhFnt6wi3FzCnQu/I5D4MtOerrUljLiU -qXQkFGditrKuZQnRwx6mOAy5hIrtJVqlBi+bzmNAoUHdkcID8YEpbx47eBEIwyct -Wi2x19FOI+aECutO/OjzkfOkig3cZg0qwAm/JJsve4nc8d5D2HewH99EFGtuz1jn -4mimMAjebW17Uf484w4wI3IeQ/F+nDvk14xkD+Hc90tq6KH7z0DplhXVIvx8SPs3 -9109jghVzFwjxF+FS9QkvUQaqdoyVCw5SI0c3hA= ------END CERTIFICATE----- diff --git a/server/testdata/chain/README.md b/server/testdata/chain/README.md new file mode 100644 index 0000000..fc19735 --- /dev/null +++ b/server/testdata/chain/README.md @@ -0,0 +1,44 @@ +# Create new certificate chains +A more in-depth explanation of the different commands and parameters can be +found in the man pages, e.g., `man openssl-genpkey` and `man openssl-req` + +## Root certificate +``` +# Generate ed25519 private key +$ openssl genpkey -algorithm ed25519 -out rgdd-root.key + +### +# Create and self-sign a root certificate +# -x509 => output a self-signed certificate +# -new => prompt the user for relevant field values +# -key => file to read private key from +# -days => number of days that the certificate is valid +# -out => where to write the resulting PEM-encoded certificate +### +$ openssl req -x509 -new -key rgdd-root.key -days 2048 -out rgdd-root.pem + +# View the generated certificate +$ openssl x509 -in rgdd-root.pem -text -noout +``` + +## End-entity certificates +Let's generate two different end-entity certificates. One that uses ECDSA, and +another one that uses RSA. Note that `-CAcreateserial` creates a file with the +next serial number if it does not exist. After a certificate is issued, this +number is incremented. + +### NIST P-256 +``` +$ openssl ecparam -genkey -name prime256v1 -noout -out rgdd-ecdsa.key +$ openssl req -new -key rgdd-ecdsa.key -out rgdd-ecdsa.csr +$ openssl x509 -req -in rgdd-ecdsa.csr -CA rgdd-root.pem -CAkey rgdd-root.key -CAcreateserial -out rgdd-ecdsa.pem -days 1024 +$ openssl x509 -in rgdd-ecdsa.pem -text -noout +``` + +### RSA +``` +$ openssl genrsa -out rgdd-rsa.key 4096 +$ openssl req -new -key rgdd-rsa.key -out rgdd-rsa.csr +$ openssl x509 -req -in rgdd-rsa.csr -CA rgdd-root.pem -CAkey rgdd-root.key -CAcreateserial -out rgdd-rsa.pem -days 1024 +$ openssl x509 -in rgdd-rsa.pem -text -noout +``` diff --git a/server/testdata/chain/rgdd-ecdsa.csr b/server/testdata/chain/rgdd-ecdsa.csr new file mode 100644 index 0000000..4594ac7 --- /dev/null +++ b/server/testdata/chain/rgdd-ecdsa.csr @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIH/MIGnAgEAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw +HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwWTATBgcqhkjOPQIBBggq +hkjOPQMBBwNCAAS0HCnBOAIerw9sIB1juMsgIbOkQ6AoyFeAwHNjkmnM/TmP01/w +u0MimgeZGepyaTGOi01SVLcCcId5mzATgrZEoAAwCgYIKoZIzj0EAwIDRwAwRAIg +QZ4OT72aVFTc3W4XQZdVIvtSXStRYp5NA6Ei69lv6BACIHnKSIXhNSmGeHI2Lwuq +s2uAm0sEP3/j6d1Pzm3ymPp4 +-----END CERTIFICATE REQUEST----- diff --git a/server/testdata/chain/rgdd-ecdsa.key b/server/testdata/chain/rgdd-ecdsa.key new file mode 100644 index 0000000..6ac18ca --- /dev/null +++ b/server/testdata/chain/rgdd-ecdsa.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIPqFWTEd8sZG9Fc/CwfUQCTR/GFZYzbFrkxEufY6f2qVoAoGCCqGSM49 +AwEHoUQDQgAEtBwpwTgCHq8PbCAdY7jLICGzpEOgKMhXgMBzY5JpzP05j9Nf8LtD +IpoHmRnqcmkxjotNUlS3AnCHeZswE4K2RA== +-----END EC PRIVATE KEY----- diff --git a/server/testdata/chain/rgdd-ecdsa.pem b/server/testdata/chain/rgdd-ecdsa.pem new file mode 100644 index 0000000..f93f0a2 --- /dev/null +++ b/server/testdata/chain/rgdd-ecdsa.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBdDCCASYCFA1YWDyW1iZyA9IVo6X0edUqQDP2MAUGAytlcDBFMQswCQYDVQQG +EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk +Z2l0cyBQdHkgTHRkMB4XDTIwMTAyNjIyMzYyMFoXDTIzMDgxNjIyMzYyMFowRTEL +MAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVy +bmV0IFdpZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLQc +KcE4Ah6vD2wgHWO4yyAhs6RDoCjIV4DAc2OSacz9OY/TX/C7QyKaB5kZ6nJpMY6L +TVJUtwJwh3mbMBOCtkQwBQYDK2VwA0EA3p8koB34InjhzheTH+Mv6d4ScqDZ9GT2 +w6eNKFhd5kcr0vrcJ7J7Jzm6lY1fR3mZzvv4ko0OdW2a6iY7ikTdAA== +-----END CERTIFICATE----- diff --git a/server/testdata/chain/rgdd-root.key b/server/testdata/chain/rgdd-root.key new file mode 100644 index 0000000..74e2928 --- /dev/null +++ b/server/testdata/chain/rgdd-root.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIHD6JY7yaitYT5aDrIWdZ6MBtRdqpggWyfhqJH3znLR2 +-----END PRIVATE KEY----- diff --git a/server/testdata/chain/rgdd-root.pem b/server/testdata/chain/rgdd-root.pem new file mode 100644 index 0000000..75f7a8e --- /dev/null +++ b/server/testdata/chain/rgdd-root.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBnzCCAVGgAwIBAgIUCjfMeafmxgsMeaQQQuP8vMkjRgwwBQYDK2VwMEUxCzAJ +BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l +dCBXaWRnaXRzIFB0eSBMdGQwHhcNMjAxMDI2MjIzNTUwWhcNMjYwNjA1MjIzNTUw +WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwY +SW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMCowBQYDK2VwAyEAbu58egSJq3r5n8pJ +JVkNGoZsp28dRFC8LDMThg9IWNmjUzBRMB0GA1UdDgQWBBT1tfMTNJANubW44TUZ +0q24o27lRTAfBgNVHSMEGDAWgBT1tfMTNJANubW44TUZ0q24o27lRTAPBgNVHRMB +Af8EBTADAQH/MAUGAytlcANBAOfrYoK45bNHSCxtD70LGAWO3AYJnH4M0hkaIOsf +rb7/ses1xvDTi0AuOcKpnNtRmfDTGT81iHC+U2dqL/h5Gw8= +-----END CERTIFICATE----- diff --git a/server/testdata/chain/rgdd-root.srl b/server/testdata/chain/rgdd-root.srl new file mode 100644 index 0000000..dac138f --- /dev/null +++ b/server/testdata/chain/rgdd-root.srl @@ -0,0 +1 @@ +0D58583C96D6267203D215A3A5F479D52A4033F9 diff --git a/server/testdata/chain/rgdd-rsa.csr b/server/testdata/chain/rgdd-rsa.csr new file mode 100644 index 0000000..0708212 --- /dev/null +++ b/server/testdata/chain/rgdd-rsa.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEijCCAnICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAMV0T/QhOMC3YWC02iU/K6f2fBATgSLOIyA+Nbit +Y1vnzM1Uug00CHDr5Z8CS/tt25+nCJPkqfMUqjImkxdaIlktdFa1aJZIeT1xLjAy +7Vs4L8b7iDQ2oYmfbYlLKkWFkpEH5inohfT8m7xHMmUPA8r5zW2J6F+Rxl5//U/D +d0K8JaAEOj/tk9JG+spMsAP/HqUO1wVfon6sNw/vTPbnlHwVQn2+VgRo3yWkUo4w +34LUJbCVe0pvi5ep2OeuuS3sKmTakvj8Wv0fPGCbbbVjMtFKHbm1kn9uCY3L33py +RTMQzEKaIXTU743JmDf5LfRTu7monlu+JFIU2oFcKq3V9zredCmZzy4JENrjD1dZ +yX1yqqeDsLU06zYXIo/dS2wSi4lcSWXpYYnAwUf/BrYbeF5mFTJzSScZP85/OKLX +AGFbe0IBpqxZcCWOZC+PYOedoH+oyKWANFlmO4A64vwkYEvLIT1mC5obM7f8l8vz +w3e5yeYPWPpZlTCtGeMQv0Vkrbgqu+sz5qe5JTvrJd04z06kVR948Tm0HvNBARZS +He81XY9K43qiZ4wSoTCcRnjBL9Zbrbmj/Amp3M2wnLB1QRBsp9H4eKHncC2huzoj +OCueFPgEGDJu4GMtbDVz4eoWnOF6Xr4lQx0cBE5aXJ/YRLvln6NGjwygXFCCel+u +XDEjAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAl+puaqQIFvwuGJzrHkEbkIRA +CnLqv5yCFNNVxCDpPhHCJnqX3Z+9tVYIAKn9kdktZzs7Tj7pvTf1zDoPrEhfu1Xc +b4CEz7+ToWNJ78G+nZQnGE3PZj2JhT+oX+MySW+QUgs32LNkUsKglZXNXyKAUKOS +V65EcSS9uA/hNntHkj+NfBX90ANC5NOp0rWxLhc2hSO+XwQpdWYx34za8Bh6w0x3 +tElE+y0QkC6o8q1YbrzEEObUu+rYZk1rROiOrHYsN3VNjMhvMisCUUvwSI9vV3gA +MRzfHJKMd2YMOFbj62oZ9ZgmiZBSOX035m0GOt2qtm2cBCUvmLb1p0mKxx9sqXql +Xj4rTT/acS0m6s3r680zxmdd6ADz3485n5bqpK24oGfTBYAk6v+oQApd1iorIp1P +uRobIHQaUOCMmXfAQuhvC7iws2c8dwd4AVjNZI57xKuBjtdIXnGg3+y5btmp1mg6 +lDzaoG4bMEReCr7UzDCCRzDoKdtx62XxaTj5jHHZ4fgyKsuoNCz2+d570YWseZBf +rYRlXE/sPX4N1KLG7QOa9rYcJxJNov8BI+ONjZ7+OWdNBN1KIWolmgYWm1HOuiyJ +nON3KbKS/Rmsr8LUitCido2BDx0jZA0HrBOM3rLs1lj9X0RXeBF12gXFR0tTyP/o +RLY5kHclMD4h9jybBwM= +-----END CERTIFICATE REQUEST----- diff --git a/server/testdata/chain/rgdd-rsa.key b/server/testdata/chain/rgdd-rsa.key new file mode 100644 index 0000000..f4a8259 --- /dev/null +++ b/server/testdata/chain/rgdd-rsa.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJJwIBAAKCAgEAxXRP9CE4wLdhYLTaJT8rp/Z8EBOBIs4jID41uK1jW+fMzVS6 +DTQIcOvlnwJL+23bn6cIk+Sp8xSqMiaTF1oiWS10VrVolkh5PXEuMDLtWzgvxvuI +NDahiZ9tiUsqRYWSkQfmKeiF9PybvEcyZQ8DyvnNbYnoX5HGXn/9T8N3QrwloAQ6 +P+2T0kb6ykywA/8epQ7XBV+ifqw3D+9M9ueUfBVCfb5WBGjfJaRSjjDfgtQlsJV7 +Sm+Ll6nY5665LewqZNqS+Pxa/R88YJtttWMy0UodubWSf24JjcvfenJFMxDMQpoh +dNTvjcmYN/kt9FO7uaieW74kUhTagVwqrdX3Ot50KZnPLgkQ2uMPV1nJfXKqp4Ow +tTTrNhcij91LbBKLiVxJZelhicDBR/8Gtht4XmYVMnNJJxk/zn84otcAYVt7QgGm +rFlwJY5kL49g552gf6jIpYA0WWY7gDri/CRgS8shPWYLmhszt/yXy/PDd7nJ5g9Y ++lmVMK0Z4xC/RWStuCq76zPmp7klO+sl3TjPTqRVH3jxObQe80EBFlId7zVdj0rj +eqJnjBKhMJxGeMEv1lutuaP8CanczbCcsHVBEGyn0fh4oedwLaG7OiM4K54U+AQY +Mm7gYy1sNXPh6hac4XpeviVDHRwETlpcn9hEu+Wfo0aPDKBcUIJ6X65cMSMCAwEA +AQKCAgApZyA0wpqR3mHu0z1CviI7T/XnsQ9M6wh2hFTjaogBB3PsQi3ZAuYaN3yo +gOTJzdlVesLTsAjqzZR6e5gwN1godt2EKPnLOVsixQ64UJVwoTFzed6vhB0PLHzd +YwN0HHQFMTDT7MvZ+PX23r70bdePwh2PMHGnSHvd6NyG0ye4uJbzHK/SI9DxMKz5 +qmbmD6KvXZM8rzb1dMr+7mCnDRwXgKW2lCiZOBxCWlhtNFZJqo5UnqOBki4lGRpA +SmTN+k1RZHuY9eFmXhxc7XptpGVNeUsOW8JiMgKS1wL/O+LCuGz8MjF9vACXLIRc +iEVYjA46+d5qwk3/YBwJL/hLByiVsnXHg3la9jqt+KYtjD0dyxaezq/B3qPUcjv1 +tWW+k0MDhzAcZS82nsc1S9mUBvs22btjp4nLScVTyADofQ4Wszj9Ji84FppD/85M +hNC07RSUA6WSe+pRgU1Ca2GARgYA7BjTWI02kHfqdM8tnDqgtaBPNiVSOgFI/qPu +Tj+/MBxkCYF1+f2FaIj3MoCRd2FlKRqhSdShmdh4PowIOjuUplW7XD1Ti0zVzvFH +9E7KdAVuyiSa4IQ4If+t/Ijwrol6hWJ2FdGnWI1v6bNDCs2USlQi4gFzXP3N1VmZ +367k4TXOSwk5teWNgmKTOAqXciVzlj0UmeY6LXUkdemKAz52IQKCAQEA/rbXr63O +/N5qGTz7SWXQQpBID/o/rABbdoo/ib+2mF0cC41GFXJbSItl+H4nJDLCvTv0M6ZF +cmsAnEtoD6B7UCZkeI9/fAGUphXurdL4Erhex4adsv/TjkxvcK5FzP3Rjy0eCTNs +kpbZT+8bqTzga0/Ww9xDBCiotnDs+2JuhegZ76dN3vQSMB/MmT2FVaA8LzSOD9cx +Fo+urKdmXjQiTO2CsL2uZPE8pGRFNjYwTFe9ndShWiWaMpiUsBfS/hS8mgQV2rpx +HbEfu7v6wXjne6KijToUDekXY4SRK1CyDQSbmSKr72+JnOv7BvaZv/+RKsWSdI26 +IAdcFuUW9qjDGwKCAQEAxnN5m7knBPA6s8MeDxKtS72juL3J4S/yi7kQjXR12+q2 +5XA8yl3EW9w9GgpUnAD7W5u0TVH6ld4Ndgu8Gia2StMzUaTJuYIwmBVkQWWD+4wL +HfWAAW0N16inMEtfIQ6qoWl1XadZWuNhzyqsk4wM7OqQPIlqCSp0N9gmSsCgeeKQ +mKUS2pn+5mIGrAoGcTuUqkLWjYqjVteyIu6EzZQNoHKzQgUDx7g8gfblHBeu5qHe +/+Fr8vf+KP2n/V8/wxCWdhwNCRHQLJPJ/jrrz5J/tj3HBjFwfL0e8h3nZgYpUZCI +VR26q5Nat2Pt72bHTR9kaT6I9ZI3pOUIe5Ec0CIimQKCAQAD3P4UegxjpXPyggxF +prer6shNBbylfTPl7l7cVf4M/YyJWFExzhQ4W3TmefNaBzMQ77HafrEa9SiDNlmT +sxlrs8leUr7aQKPiiP6fwE1m60j0ucP2jQ7GX75o9Ru16judck+8T/1bk9Ij9jpz +LKsytXlKazLRA1Tbv4a4oVuPyF9sVRtHQGhuNm1B/b7h95YyGRf2gYsLDo7Vq4xP +7XZ/uDJ9P8M/YLFMxQCPu+6rmcEUfb8cwOk/zzSiHxpiJCpgI6O5N46zppYWoNlC +yfSo2WShw7m+JEToi4AwKf8pV2KMxgvZi9WIfcPG7UKTuOqYvXplLikehz4MUtkw +UIr1AoIBAFNpUeHsLsRanLHV/xpixUgii2ApFWN7Hb0wqg5qtucafoltZX/BbbkW +lvANC4cOupfEmEIvhN3dGVdWk1eCkfhdUSKt2sQIPpiN1TfPjWv7bujGuWjgB4Nv +teYMqA1i9sElbFlS77HOBNxomWTi5sPly35GW7VCjNq0FVQyJsFUQ2aFa6lKNONs +rFU/WXnaiyANO9T+Qq1Lt+oKyvMFmbyouUO0i+Q0Qep2ddIa+j6iJvLyMsdLCR79 +jtBmaox4umUmYSxAunkiHTKoXVk/wEI/MRofSaKEcy9c9lfhmxhXYZY1CrL3Gpge +fnGzh22ZFkFOMY7WSGEcizY0xiGNV3ECggEAYg8/MEFShIjBEiPDFJi4XOXUj9Ew +m05ZL7SWJdAytt7B1KF4C6I86CjuHqFvwHjJjSWjBbfebheaq8eDH/6ByG5RIEeF +ySuP44zNsHYjX4Nv2CogHURZzBCc96FlqF0lEpHPsWKDt41ULdpZNO5qCkVInObz +jdryFUpNcF8DX9SwQvcE/aNnPdZfK7Ga8AFgHfw9F+5FzAj0/IWWxI4rlrrp3deY +S2L2jxIOhEVrRNLAZn7VZ9WaHS3+OPUEy1as5poecehFXTnGXBS2+//Nh8OmyEGm +rNHmON5XW51UXSy+7bGFZolhPjicIKCRLBYcwBNf32/Ng9vI5++6XkSAuQ== +-----END RSA PRIVATE KEY----- diff --git a/server/testdata/chain/rgdd-rsa.pem b/server/testdata/chain/rgdd-rsa.pem new file mode 100644 index 0000000..eefb697 --- /dev/null +++ b/server/testdata/chain/rgdd-rsa.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAvECFA1YWDyW1iZyA9IVo6X0edUqQDP5MAUGAytlcDBFMQswCQYDVQQG +EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk +Z2l0cyBQdHkgTHRkMB4XDTIwMTAyNjIyMzc0N1oXDTIzMDgxNjIyMzc0N1owRTEL +MAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVy +bmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMV0T/QhOMC3YWC02iU/K6f2fBATgSLOIyA+NbitY1vnzM1Uug00CHDr5Z8C +S/tt25+nCJPkqfMUqjImkxdaIlktdFa1aJZIeT1xLjAy7Vs4L8b7iDQ2oYmfbYlL +KkWFkpEH5inohfT8m7xHMmUPA8r5zW2J6F+Rxl5//U/Dd0K8JaAEOj/tk9JG+spM +sAP/HqUO1wVfon6sNw/vTPbnlHwVQn2+VgRo3yWkUo4w34LUJbCVe0pvi5ep2Oeu +uS3sKmTakvj8Wv0fPGCbbbVjMtFKHbm1kn9uCY3L33pyRTMQzEKaIXTU743JmDf5 +LfRTu7monlu+JFIU2oFcKq3V9zredCmZzy4JENrjD1dZyX1yqqeDsLU06zYXIo/d +S2wSi4lcSWXpYYnAwUf/BrYbeF5mFTJzSScZP85/OKLXAGFbe0IBpqxZcCWOZC+P +YOedoH+oyKWANFlmO4A64vwkYEvLIT1mC5obM7f8l8vzw3e5yeYPWPpZlTCtGeMQ +v0Vkrbgqu+sz5qe5JTvrJd04z06kVR948Tm0HvNBARZSHe81XY9K43qiZ4wSoTCc +RnjBL9Zbrbmj/Amp3M2wnLB1QRBsp9H4eKHncC2huzojOCueFPgEGDJu4GMtbDVz +4eoWnOF6Xr4lQx0cBE5aXJ/YRLvln6NGjwygXFCCel+uXDEjAgMBAAEwBQYDK2Vw +A0EAQeks+dakJG9woMoFtsdb/W6SZ6b8gFXjxiYhLw7LkChPvohPEjp7XSfv/OPx +VVXG3riQWYiwigTXad8ENIx8Cg== +-----END CERTIFICATE----- diff --git a/server/testdata/cmd/add-entry b/server/testdata/cmd/add-entry new file mode 100755 index 0000000..d7346bb --- /dev/null +++ b/server/testdata/cmd/add-entry @@ -0,0 +1,34 @@ +#!/bin/bash + +set -eo pipefail + +algo=ecdsa +key_path="../chain/rgdd-$algo.key" +cert_path="../chain/rgdd-$algo.pem" +name="foobar-0.0.1" + +if [[ ! -z $1 ]]; then + name=$1 +fi +echo "[Info] package name: $name" >&2 + + +echo "[Info] generating StItem and signature..." >&2 +pushd ../entry >/dev/null + go run . --dir stitem --name $name + openssl dgst -sha256 -sign $key_path -out stitem/$name.sig stitem/$name + openssl base64 -A -in stitem/$name -out stitem/$name.b64 + openssl base64 -A -in stitem/$name.sig -out stitem/$name.sig.b64 + json=$(printf '{"item":"%s","signature":"%s","certificate":"%s"}'\ + $(cat stitem/$name.b64)\ + $(cat stitem/$name.sig.b64)\ + $(cat $cert_path |\ + sed '1,1d;$ d' |\ + xargs |\ + sed 's/ //g')) + rm -f stitem/$name{,.sig,.b64,.sig.b64} +popd >/dev/null + +echo "[Info] doing add-entry request" +curl --header "application/json" --request POST --data $json\ + localhost:6965/st/v1/add-entry diff --git a/server/testdata/end-entity.key b/server/testdata/end-entity.key deleted file mode 100644 index f232f2e..0000000 --- a/server/testdata/end-entity.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEAx42J+xiAYTGGJL0w6KHXV6in9IuHOBiyKvavVog8qWh1dh3I -3nIUA3i0CdbeuLRubovCpOIFk2HjKo1qxpdh/Iab3RtTBEYghz8bkdIi3PhNdsgK -Uh2Pi7GCE/+0NdzMKUxLLSqJAIF+WymbfnnRYsxPjPBusnNdTunLWuvjS2AcpaLF -cF+LojdlaFBUDvDYGWpPh60/z9IjUE7JbxluAl4GZYIx2bSlhQZ96bse/HoEjeJu -mv74JZ4GI1SH/TjFJCQSKRMPimm7PXsTDoaZrw/8Bc+FfVbLyp7u3ML28WGfABzP -jvzXScKPTRjjoVdX2BWpkOV7T5zVYsJAs6cGbIgJ6UWPsOafSrIPTSCz17sNDCaN -1PtkNKemosMFt8aZvnYXeypvMC0SPFKQr3+uFuxRIjRIrRrVfLfIb9iHBo20vSbu -nnRt9jwmHq5UvXxLSMoBdFKMp8RmnV22e40gpWppZ3C4e8HaDrGsGV0LB04PFkFa -a/iqyAh8NxG7c4AFzkD7efDg+XQ1ujSLtnX0Mr+C/HGVpoJVRdMxnRGnUIdGt6tX -rCMGGWkxjVObMaxdPe/7PccjxoN5wKa6Nxcv0T0dZFntKkizBJGw2VuBEAFfQCvz -7a18YvQV70mr4FU5gQ4Q4M6pshrerM+4laIVheEJWvWi5Nh8l2NI9R0x3R0CAwEA -AQKCAgEAs+9GWamQKROU14/YiAtWt24WdAVUGhr6nI7vL2GNAVx1fdoBg8LtlOvD -u5OKJJZddUSEcFR1np2HTplRjFx4OFHQPSEkTBhHwGwBGg2W7hTfFJnv5HdPNjEL -D6lj/6VmWl628rUF7/TT0LPFx9dkHGgJ2xX5WuN3YW6itQs6Wn8BlcEdsuQUbmLx -B4xXH1nAIbqgl8B6Z5Qdz44bSBhv/6Z0shchiCLBlR9zbcwSdqo3bRCdlxkM/C5v -bnAMZyJHcP0teuf6/V21Pgy59EEeVqJdJ4gl4AzhmYSR8XHDZYgW7O0NousN3S6Y -NHaa2qJ9TRTLXyHtfK34IyLxYIzc1mtc+iP1bcE/V1i3wWKums4xuuHijk/94r28 -Cni9BqRZ4fmLoNCaC80ymfYGlVDCMSq8bZTPrd0UgafQtZ5UDu5AxgLEkga0ikH/ -DG87DFHZa/p4QfVS1UmdLjGBfnJKZ1a3rzw5SKmi7UzNk9sk6vmoG42WyP7YPp98 -0eVhU6QJRgLiS9piB/EFB6IF3vQ6MyfvZPP+v+u8FfZIbdbFQybCiLI0aVUqec7c -YjsltHd97/GRbYzqkit6A8qda15PwAcwadE7mMEzsSgEt/8SUBBrht5QZ0NnhKBQ -iviDPUdSH8YquLeTXHz08P9rJedXoFrJyl6rKTzHB4XpxZcDIMECggEBAPOQJo5f -KS2u3Pv8VAqRu8SE93WqZSnnjncDn9v7HhqrreditQyj2yIbUrlTdHkpDOXznE3W -1JpCj1w0AZxAcuPaOktzKg4v9y0uFE/S+ZlNcZTHun0gjHhli0pHD0QuRaE5z8ct -AV248YpiUczRQH5pW5npUdV7X6a9USpWKl0veeJB28UgP/4wUPTW14tE3AXTB8xC -mZDVND0ABioq2sQ6BVRUDoy29/yGUjAxBqy3wikx0P7Y5ZpV7VSq7UNmYEUJ8Nrf -c/C60ehtJjCcWdYD+mmd9vhop1/XEU4S4vyfI9Nvx5+OJkWyeqzRYRvrh30IL4UF -DaQIIEgS5YVbR9UCggEBANG+Fp2Cx8GdrLDWEECl+Klo14PWU7oKc80FgTAd/BT0 -Y1rKzifd8OoVDwrZmHZv0im5u/5r8UdI7pqeYSgfztIvv3/zlqkeTqvPgffSTO65 -VXihs+IaaxMWV4rNgeCBWg3T37JPi1NZQOuY1BjofSnLFXA/54pToFGdjWhC11o2 -701IZDIw2JHJGxFLdVW3i+EfzCbzQovjDt1TJS6SI1kqjkJWLapS+12eTtnxYe7R -oT4T5bB09Kf3ofvsjcgPNloXe/rkmdOP1iWCUwoiA6iQabLh0FNv78XRHNP78aWl -taDSKOHXG5QUzYSS2Fx7mBdRQ80x9qxkS+/2dZ5v7CkCggEAdraxBD2/rWOIlE2F -jO1BTuTcVH6r9kPFvZ6HoUoBf1BkX95Njo6i9TnKFUhnAdMPVVlqusnWMCX3CCLV -EhqbpREtzq6gNfANEvldrxaOz7jefnznGavuq5Qa0yZVe47uI0oxSsxV2R+WozOO -2Ty4qaSioB8H4vzSP0wRLoh295p3Vt9wxeEVL8jO/LdmsZvrfe9A4r8naF9yqbTE -THM8093P0S1zNgTMVEoH7zNGJJMgUMHWMxD2wEXXeqghIvPYQm449gVp1lDIlPf2 -YEUkyFqCCE6VHLits9n4tkwgVK8gYCMgclVvtBLtFiSrp1ciX7/IoZY38tZ/HYIQ -WvKFzQKCAQArbC9CbNDuRLZ75dV3jOTuLcZwhO7QlVlkGL+mNo75x57KLTKBDnHS -BIoYtPPbkUrxWIKTKcXJ/E9ps2Bp7ivjV/9NfiCy4pNm/o7pv6AtzDDlyJR1OwLv -8LAvDFzXHfCG7FZjlBRELTZDkGBYx8kh3emSU6ib+rQ2MWgVLcFn6/efCF22BmbP -x9LSwcyI8ncDJJIffj1IuLlbGNuZyKeIzkaldTH/ES75Ms0gUdj0mHHJaFUlMxFz -tNDUVyUDRiL6g+InDyzJn/21xkVq05/uRfecESQQIhyB18kgGgjtQmFX6iqMlvwe -rC/gQoaInw3dxfVDhhSLnDgcdenj40gBAoIBAQCjQj6ptbV0zHDFaKrL27nYBL6b -hvu0TNqNjNBe13xb4KV0TKw8oL5WUV9ylkkmaM5URCNUwZG16CBt+3iTOTwEeQH0 -+3vkvpJqlzDMNUQ3UfpDZKnXNYAv3izbdnBnHFgXRyy32QyfUrMVuN4qoiz42983 -rNoHxvZ4Z0SYxv7ynMcaL/D4DQe+X4FpBtA6WU6/zVmoItQV9nHHNvaHI9aLEKqM -xfyX2QyHckUXgR5SEPqF+iLNz7xidHysYtiybmNUBDPQdsceW87JOMyDT9Wt71tv -PzO7krF64nMcLdxggmB6vFE7s9bj/FZiU80Pgh4rzuDrJLz4YASoKxd8flSy ------END RSA PRIVATE KEY----- diff --git a/server/testdata/end-entity.pem b/server/testdata/end-entity.pem deleted file mode 100644 index ab5154f..0000000 --- a/server/testdata/end-entity.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFMjCCAxoCFFdE6AyXlAd3tmoTZXRkLElTp6d1MA0GCSqGSIb3DQEBCwUAMFQx -CzAJBgNVBAYTAlNFMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl -cm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAMMBHJnZGQwHhcNMjAxMDIzMTQz -NTQ2WhcNMjIwMzE5MTQzNTQ2WjBXMQswCQYDVQQGEwJTRTETMBEGA1UECAwKU29t -ZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRAwDgYD -VQQDDAdyZ2RkLWVlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx42J -+xiAYTGGJL0w6KHXV6in9IuHOBiyKvavVog8qWh1dh3I3nIUA3i0CdbeuLRubovC -pOIFk2HjKo1qxpdh/Iab3RtTBEYghz8bkdIi3PhNdsgKUh2Pi7GCE/+0NdzMKUxL -LSqJAIF+WymbfnnRYsxPjPBusnNdTunLWuvjS2AcpaLFcF+LojdlaFBUDvDYGWpP -h60/z9IjUE7JbxluAl4GZYIx2bSlhQZ96bse/HoEjeJumv74JZ4GI1SH/TjFJCQS -KRMPimm7PXsTDoaZrw/8Bc+FfVbLyp7u3ML28WGfABzPjvzXScKPTRjjoVdX2BWp -kOV7T5zVYsJAs6cGbIgJ6UWPsOafSrIPTSCz17sNDCaN1PtkNKemosMFt8aZvnYX -eypvMC0SPFKQr3+uFuxRIjRIrRrVfLfIb9iHBo20vSbunnRt9jwmHq5UvXxLSMoB -dFKMp8RmnV22e40gpWppZ3C4e8HaDrGsGV0LB04PFkFaa/iqyAh8NxG7c4AFzkD7 -efDg+XQ1ujSLtnX0Mr+C/HGVpoJVRdMxnRGnUIdGt6tXrCMGGWkxjVObMaxdPe/7 -PccjxoN5wKa6Nxcv0T0dZFntKkizBJGw2VuBEAFfQCvz7a18YvQV70mr4FU5gQ4Q -4M6pshrerM+4laIVheEJWvWi5Nh8l2NI9R0x3R0CAwEAATANBgkqhkiG9w0BAQsF -AAOCAgEAEr0mnYtQx1WBSEVsRd4q0F8dmwEFaaIoC25RaOlbUiWUSp1S7vZpa/KJ -ds7dh5xSNgssjoCuTFAWezgCQmEmI4JBuki4Bc5iJvVctRa/b4p0Dm6YxEYz2c2j -0IaD32N4xZXQb+1Rf0RxEmExADZbAdmso7B0W/aCIMKwJID0FRt443ZWmu7fsLH1 -0xCr4ZQusX8eQ29jKNaMAS67uNz71z1FqffzwdtzGziE25sHgLqiyMGZzoJm1hw+ -mS5E21XAdgPu9JWoYzS+G/uqw7ZjjHEv+GPyjKhgXzgu3AxMZbQx0wTnSWHTsj57 -qgUGI1sOaxhRWkPouXztvSMOkW3zYSrNc740YxoDvYYYPveAnQ15ThqgPCon9/SE -mqwjQzjoRVTfQz4AQgj3v2RBRYgHHu51L6VMkpanNRuUnPXvs9MqNgIhAoFENd+C -5c/K92ntTXgYTGigPbW+a4IUVj0Ry8ctg45JZ40YBGSrReDcap9lct8X/pREY1Af -jBpd5QPBszBaozcuTAVmakiD+YL3/JOCKNbdAYQeSXYi1A0v8n+pNvgEJRQIbbyX -0mQugmo6EEwzRGXcc8NnBgA3knkpT/PyDgzS1uTGoDYh1iPSkkVtXNxrNgmA7jem -Kls6XILMjQzGWAo2R/8aVnlTCF0rDBV3I12wcSQ/MsjMVXwag1k= ------END CERTIFICATE----- diff --git a/server/testdata/entry/README.md b/server/testdata/entry/README.md new file mode 100644 index 0000000..0d26ca3 --- /dev/null +++ b/server/testdata/entry/README.md @@ -0,0 +1,21 @@ +# Create `item` and `signature` for the add-entry endpoint + +## Create a serialized `checksum_v1` entry +The following creates a serialized `checksum_v1` StItem, such that the package +name is `foobar-0.0.1` and the checksum `SHA256(foobar-0.0.1)`. The result is +stored in the `stitem` directory as `foobar-0.0.1`. +``` +$ go run . --logtostderr --name foobar-0.0.1 --dir stitem +``` + +## Sign the generated file using an end-entity certificate +Let's use our ECDSA end-entity certificate using SHA256 as the hash function. +``` +$ openssl dgst -sha256 -sign "../chain/rgdd-ecdsa.key" -out stitem/foobar-0.0.1.sig stitem/foobar-0.0.1 +``` + +## Encode the resulting StItem and its signature as base-64 +``` +$ openssl base64 -A -in stitem/foobar-0.0.1 -out stitem/foobar-0.0.1.b64 +$ openssl base64 -A -in stitem/foobar-0.0.1.sig -out stitem/foobar-0.0.1.sig.b64 +``` diff --git a/server/testdata/entry/main.go b/server/testdata/entry/main.go new file mode 100644 index 0000000..a849c50 --- /dev/null +++ b/server/testdata/entry/main.go @@ -0,0 +1,46 @@ +package main + +import ( + "flag" + "os" + + "crypto/sha256" + "io/ioutil" + + "github.com/golang/glog" + "github.com/google/certificate-transparency-go/tls" + "github.com/system-transparency/stfe" +) + +var ( + name = flag.String("name", "foobar-1.2.3", "a package identifier") + dir = flag.String("dir", "stitem", "directory path where output is stored") +) + +func main() { + flag.Parse() + + // Use H(name) as a dummy checksum + hasher := sha256.New() + hasher.Write([]byte(*name)) + checksum := hasher.Sum(nil) + + // Create and serialize an StItem of type checksum_v1 + item := stfe.NewChecksumV1([]byte(*name), checksum) + serialized, err := tls.Marshal(item) + if err != nil { + glog.Fatalf("tls marshal failed: %v", err) + } + + // Store the serialized item in *dir/name + if err := os.MkdirAll(*dir, 0755); err != nil { + glog.Fatalf("creating directory %s failed: %v", *dir, err) + } + path := *dir + "/" + *name + if err := ioutil.WriteFile(path, serialized, 0644); err != nil { + glog.Fatalf("writing to %s failed: %v", path, err) + } + + glog.Infof("Created serialized checksum_v1 StItem: %s", path) + glog.Flush() +} diff --git a/server/testdata/entry/stitem/foobar-0.0.1 b/server/testdata/entry/stitem/foobar-0.0.1 new file mode 100644 index 0000000..c667a36 Binary files /dev/null and b/server/testdata/entry/stitem/foobar-0.0.1 differ diff --git a/server/testdata/entry/stitem/foobar-0.0.1.b64 b/server/testdata/entry/stitem/foobar-0.0.1.b64 new file mode 100644 index 0000000..be3c14e --- /dev/null +++ b/server/testdata/entry/stitem/foobar-0.0.1.b64 @@ -0,0 +1 @@ +AAUMZm9vYmFyLTAuMC4xIHGVn/IR9o8GWqaDg88B65mgmWaY4+5EvQD12+c6/zgQ \ No newline at end of file diff --git a/server/testdata/entry/stitem/foobar-0.0.1.sig b/server/testdata/entry/stitem/foobar-0.0.1.sig new file mode 100644 index 0000000..12062a4 --- /dev/null +++ b/server/testdata/entry/stitem/foobar-0.0.1.sig @@ -0,0 +1,3 @@ +Kqx0||:YnYwڳQL1MV f7 h,##Pq)fZ<6JǗ;59h.'FLBW<:qJg^(>X i<Í=D]U. n7#T?UuΖW:BY'牛 *j:Bj]ȍE:.>Fg᭻ǰ 9=>`*|R Ǔ"{*ΠqÛF>27fSGzms`D=ч]S%$.lc_GHXbsB!=mLg?eJt6c[ΧD7nEdlRzV֔^9al%8H e +x&L +}-~,?Mz}Ni^˫,0)pz"w p'"!Z.xCc` ]Eb \ No newline at end of file diff --git a/server/testdata/entry/stitem/foobar-0.0.1.sig.b64 b/server/testdata/entry/stitem/foobar-0.0.1.sig.b64 new file mode 100644 index 0000000..d31c0d3 --- /dev/null +++ b/server/testdata/entry/stitem/foobar-0.0.1.sig.b64 @@ -0,0 +1 @@ +A0uScXiGF4yusRyaMHx8+OSfOoua8Fnlblnf63fas/HTUUwxkE1W/Q0E1PjtymY3CcCXGK+WaJMslPeCIyPaUHEBnSnWZpHBGFrMCDzrNpCMmOjGGUrIx5c7CDU5l4xoxS4S/7Qa5CdGTPUQFYlCV80dPDpxSme3Xg6o3yipxT6OjhTw21gJaTzdA8ONPejvRBVdlgNVLgt/bqSCo+039SP/zFQOuD/uVXXOlp1XOkLaz1nPJ+eJmwwqagY6Qmpd/siNhkXROpXtLsU+RqSPZ+Gtu9AIB8ewCTk9wD66YCqmfLNSDceTiwIie7gUm60qmdXOoPCrFHGR0QQPD4D2l5eaHK/Dm0Y+F5UC4IkyN8cfqmYaU0eyem25wZnRc2DGy0Q9t9GHXapTJbQkLgVsY19HSJCOFpIfoVi6BmIWB8P8c0KgjrUWIT1tTL7V52cD6D9lpfZKl4J0NpmximO0w1vhkNj4kv7Op79E8jfjpv36mhdusbJFoGS7wGwIUnqk9oJWjPfWlJ//Xq05wwGvzmFsJYKe/DhIDJIXZQrJeCb+TAp9LeHH1H4ZiSzO5H/lmdY/TXod7YB9np7z6LrpTuRpXsurLPuCMPbMASmKkxlwetEigncgkQTH/ARwwK2/HieCIoAhWgEunbF4Q2NgC/T1DOLaXRNFF+TK4Pn+52I= \ No newline at end of file diff --git a/server/testdata/root.key b/server/testdata/root.key deleted file mode 100644 index 97effe3..0000000 --- a/server/testdata/root.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKgIBAAKCAgEAts28f1vwwQVDrXfeL8yNEKsf/dPaCQDMqsReXrxZnqMjkSP6 -yHl87wrtmDkGu2NSrsCrmOuaGnyAy2PhTMRygYSe72mN8ECUMY+HtJ143JxRwiAV -sHKz9m29WhsKINlsiJCoxFHRbIRXFLhjRaxM5S8ltMDodxJ5u5rd9FPmuy7FFAX4 -a4CvwjJ67YXN+axVSQ4iAXBM5dhfp+JOwWPneDKoAqjyZgPfn99BdfSTEz3K40hH -rzVDaB+/la85fG4Fq+YtlXsxP4DFXhYxxXm8wYxiscUbUj7diJ/yNrwC7z1LmeS8 -NvSK3tFsvwIWAdZ4Mfy950h7zM5ZpRguR+xRzKoPE/YPVTmlFsojvApO93RfCR8S -DisAiVmYCK+KgMEryjvD6RyKBToaSxS4T/sx9wdsOEBW5Px37kNlsO/PgFxB6D9i -U4gMh/PcQ/4Put+uluXXLrUMPq29UvQxnOMlyD03sP9uB85rtWJIXEXpsHm2erOs -ux/Zrs9E+AMdnmG9GTbWk0e/tUxHAv90dmFritR/JGNpMBJdIs3u+0EWT4ouHCwr -yE/VIO8ac1S2JSb5clrMGXndUfK53FBOH6lmDrtFdC8wvzwVL9nJhZNIulI6QmxR -+9ISufAL2XHKR/qJxUWTXajOavo42ski82RYqns4Bl9ZNuafB++hKmgufcUCAwEA -AQKCAgAqr1mvh4FtINSPweig0qux07ORqpFD/urLiTTb/DEVCNT6RCOAAlY43x1h -qRc4VFXvNlAbUhBW1PGiDH2EVm7CbXxLPSOGkR3JgNFYTFj3cozovmMyI2aASVmo -m52+0+Yy8UxnIw+6viAzV2be0v/VmC++yDi/7RF9zAi9z4WV+bLNHSPHvnHL78ui -gNb60NHNUD6ChX1/Qgn8Aq0PHUvkVjfC/z4ysf7art/zMhvRp2EjtzH96HsH6jnr -MtJCitJKNGI6gFycjm4HrTkL+oQn0acOCY96ofFKwMZnH3mz8WUg1zdXwbxXkSFK -bKtE3JaOXYzeX5+A0EJAeaf85WKn+TmIlG+X3K9JYDYXEo1hQ1usszL4h5Nr1LFe -zEQT8bl6MCoOjFcZ5tdMLDWmTG0IzED4sb8hUnYmZ4rHnnqgpjznTrSEPCzXrZ2L -c16/225vjkkmQYAbQnTFmHg9sdQjEV/YJjOrnSvY1tzM6gBe7XPJPOcH53L5+46n -3xRDS1rwIK5FdE8OoDD6mpdchkYC3IDShAfTKPOLi8AIfwteWjZS9UlX36WnuW60 -nc3QnQIVN7T9GtVJntA43+n0lg3im8b7V1xS/vzPc5KfQ2pi/VMgwKFUKz9Lb7f+ -eECl1FhfBW6mJ1sN6oDNzNX0MTk5RguQKUThYrSUvWg/6wqHNQKCAQEA6+iqDTOy -ibyo+Ii76jFclMDVSXvVh66REoo2PcvysZjMM6c/hE4luIWyTRS57DeGrgKYD2Me -QBBe8dvPEA9I8pvjbivwG7W1Ouh9L0KgckSNQ43w2VxS0igqVVYS7DYHZwAUJhf4 -3l9NLUVgQrw5dF1N5mWU2uuuft/q4jonfYZhiHhr5aSu1IyVm1myFIKv6oTOViD3 -lX0ITmuMNwCS7p4OQUTYTKAMMQQsr4Zzgy30XbdMexKcCvthSaj0iPhfYwe0xw1/ -71p+2o1zHnYi+R5PGYdj+vyjqip0Rxq7ENW8JWrpsDW6ByqRvyXy9gUXxHfTsa9X -L+lzENxB+t9eFwKCAQEAxl9C4cdfO3Cd30PbD38WIqJmgf+vDTbHYKVGoayeQe/4 -3lYQSSm35Lp4b0fe5Oqo8BNW+WYmTCFI3Lf76pZCNHmts1I1kypPdgiWBzlRU/+T -e8PFSIBqawOvRCPr5L0M1/moSmilpkzptYtthTBLE9LQnW3hOMDPRe23zLDFI2Cq -RWNjPuZUr+j0EIuIiOPRSU22PqBPoJzpnJybPEX+F0s/BeFqFRTfOc49vK7XlWWC -itZScYcaJGe2uoP4Y2K//tU5eIEFzD0vXAtk6WT2ARBW5Z5D6023IukA7IlXMm++ -JpIV0lWWcRhIteFZPawcK2Ll9pEWcLvHyu3WdJhogwKCAQEA525P7TWrUC6RwYg6 -eYzFW3U1iKqAl2QtE/gdMFC1HX9dzMqlqEEWBki6252aq97pNCp9TJMbaRPmYPUX -1JR6Ju/BlSJronOHgGv163g8eP1BbGWCQ2qsIVmf9inD1JFIf8Z2/cwErPrndqMZ -xT5sSvkB5CYBeyc8/2DiR99vQFiltEEW8Km3jfMBDe9XoYF33OU+mwYqfS+1B2HA -o3DftFHAgE1uuPVGIIwM3oFTLvzVP18EG7Ts+mUUUzP5+alXwoob0i8vM/weeH/N -0LNqqeQPC2dkMSTJ1rVhbyQNIn3b3wVcji6W+lLLuq8bBDmI0IgRWL5AFVO7O24p -GFkrLwKCAQEAnmJU3jv3F1hVVHuzHe5UWBbeTZE9zQkdq1aKzG8sdG0LgUmp+yBq -CR+xJPh3SMLrW7O1T691iHdS25eydZy/A3Lbcz+CMxwnEZDNaLsk6jI3KSwoCjkt -vn/Uok0j/R/Mb2yQJ8jh6aOjPiYyrZLfftZlZizjFBMt6yFgDPhejl6R1JEEHqZ8 -m28d30/pFZL/+M0pY1tP+GcQRtDrSPaBZ0vW5/UQZACkMl0vAcV/r3K7BesVLDu4 -bbS5OrY/zep8bRUFq+coH+gCNjWKvqaznCnVl8QDao5EWIU9DZ6ilkyNv/IHpkZb -tbSz6TQhspIGc8Wk4nb5Oc1UOfwnrDQ7zQKCAQEAz3JmYYBLiiFYYo6essdnlkWQ -t8MR8QfhqJtG4x6+9mQqqCKaNnSrSp59CK8JiGDb5aXz29jAvecejxyHHtmkml6Q -MrxTpUgz8QDSLwZxm3/pbwlxC85crYVDmKBNkLackfLHkuoX4dyza6XesJshCyxZ -jcxuH7ji7IrnDsTPkZXG/nodv0TMragvndphW/3KyfW7YkmSQQz2h2qNBYCaBIys -LVAaLQX1srtpoQoGKWic4tWm6Hm3pmF2c2/Pa34C2CLyOZ2eDUOZfmxs0BxcMX5R -f/z5HB5PX+mILWjBLaA1+Y1dcKatkp3hu1dnLmqWM6GMxi0/thdIZSh55etkMA== ------END RSA PRIVATE KEY----- diff --git a/server/testdata/root.pem b/server/testdata/root.pem deleted file mode 100644 index 6a96054..0000000 --- a/server/testdata/root.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFiTCCA3GgAwIBAgIUCpdSpYgFV7bmPzdIAcesg5ZJxe4wDQYJKoZIhvcNAQEL -BQAwVDELMAkGA1UEBhMCU0UxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM -GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEcmdkZDAeFw0yMDEw -MjMxNDI4MzFaFw0yMzA4MTMxNDI4MzFaMFQxCzAJBgNVBAYTAlNFMRMwEQYDVQQI -DApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQx -DTALBgNVBAMMBHJnZGQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2 -zbx/W/DBBUOtd94vzI0Qqx/909oJAMyqxF5evFmeoyORI/rIeXzvCu2YOQa7Y1Ku -wKuY65oafIDLY+FMxHKBhJ7vaY3wQJQxj4e0nXjcnFHCIBWwcrP2bb1aGwog2WyI -kKjEUdFshFcUuGNFrEzlLyW0wOh3Enm7mt30U+a7LsUUBfhrgK/CMnrthc35rFVJ -DiIBcEzl2F+n4k7BY+d4MqgCqPJmA9+f30F19JMTPcrjSEevNUNoH7+Vrzl8bgWr -5i2VezE/gMVeFjHFebzBjGKxxRtSPt2In/I2vALvPUuZ5Lw29Ire0Wy/AhYB1ngx -/L3nSHvMzlmlGC5H7FHMqg8T9g9VOaUWyiO8Ck73dF8JHxIOKwCJWZgIr4qAwSvK -O8PpHIoFOhpLFLhP+zH3B2w4QFbk/HfuQ2Ww78+AXEHoP2JTiAyH89xD/g+6366W -5dcutQw+rb1S9DGc4yXIPTew/24Hzmu1YkhcRemwebZ6s6y7H9muz0T4Ax2eYb0Z -NtaTR7+1TEcC/3R2YWuK1H8kY2kwEl0ize77QRZPii4cLCvIT9Ug7xpzVLYlJvly -WswZed1R8rncUE4fqWYOu0V0LzC/PBUv2cmFk0i6UjpCbFH70hK58AvZccpH+onF -RZNdqM5q+jjaySLzZFiqezgGX1k25p8H76EqaC59xQIDAQABo1MwUTAdBgNVHQ4E -FgQUrcBnUTJSmhmdJdn+HA/aBSQ1VYQwHwYDVR0jBBgwFoAUrcBnUTJSmhmdJdn+ -HA/aBSQ1VYQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAVivn -9T+M8rsWaP9PPsBTJbcgbfL1gmKMDh7xki14don5b3aJytzsrFowDDCQodtq6kPw -r3iv5M55pftQxwT3s+buFSX0ck57PSif1u/TfVMT1tq+YQuFeQLoo7Kr8bk5kUCG -GVqHBwllPaRbQQ4y2Lx4/i8J4hj8//IYR0lEnDNEpOkMM1pZYU5bsB7aUfJOaHVD -QnUyAiudZtSTWNT0rB2vYYef8yBFQoSi2Uj5CCdoM4ubi/pEvnbtT8rKseaycjBA -2lw+fO4B6s3haRWY+U8BAEqTUq9GesH++SM9t1VDAlcoRZx2s6JeZrvSYMs6NyVQ -JilrhOmRg6Dghkt9UJQWpCkslxsEze1Crz1KQgFyRwtqkaeDGlwRGhySlHCMg4vu -aXGDdSTUv2m9Ss31ktwEmMNcPI7vyehHyhFnt6wi3FzCnQu/I5D4MtOerrUljLiU -qXQkFGditrKuZQnRwx6mOAy5hIrtJVqlBi+bzmNAoUHdkcID8YEpbx47eBEIwyct -Wi2x19FOI+aECutO/OjzkfOkig3cZg0qwAm/JJsve4nc8d5D2HewH99EFGtuz1jn -4mimMAjebW17Uf484w4wI3IeQ/F+nDvk14xkD+Hc90tq6KH7z0DplhXVIvx8SPs3 -9109jghVzFwjxF+FS9QkvUQaqdoyVCw5SI0c3hA= ------END CERTIFICATE----- -- cgit v1.2.3