mirror of
https://github.com/QuasarApp/qca.git
synced 2025-05-12 18:49:34 +00:00
Add CA tools used for test certificate generation.
These are from openssl. svn path=/trunk/kdesupport/qca/; revision=690746
This commit is contained in:
parent
515bbd19e1
commit
e1c4a32119
@ -5,6 +5,10 @@ for qconf/qmake, experimental only) in this directory. You can also
|
||||
run a single set of tests by doing "make test" in the applicable
|
||||
subdirectory. See "TestPlan" for more detail.
|
||||
|
||||
The "testcerts" directory is not a unit test. It is the tools used
|
||||
to generate certificates used in unit tests, and is a copy of the
|
||||
CA.pl script and associated configuration file provided with openssl.
|
||||
|
||||
These tests are implemented using the QTestLib test framework provided
|
||||
with Qt 4.1 and later. If you are having trouble with a test, you can
|
||||
get more information by running the test applicable directly (e.g. if
|
||||
|
189
unittest/testcerts/CA.pl
Executable file
189
unittest/testcerts/CA.pl
Executable file
@ -0,0 +1,189 @@
|
||||
#!/usr/bin/perl
|
||||
#
|
||||
# CA - wrapper around ca to make it easier to use ... basically ca requires
|
||||
# some setup stuff to be done before you can use it and this makes
|
||||
# things easier between now and when Eric is convinced to fix it :-)
|
||||
#
|
||||
# CA -newca ... will setup the right stuff
|
||||
# CA -newreq[-nodes] ... will generate a certificate request
|
||||
# CA -sign ... will sign the generated request and output
|
||||
#
|
||||
# At the end of that grab newreq.pem and newcert.pem (one has the key
|
||||
# and the other the certificate) and cat them together and that is what
|
||||
# you want/need ... I'll make even this a little cleaner later.
|
||||
#
|
||||
#
|
||||
# 12-Jan-96 tjh Added more things ... including CA -signcert which
|
||||
# converts a certificate to a request and then signs it.
|
||||
# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
|
||||
# environment variable so this can be driven from
|
||||
# a script.
|
||||
# 25-Jul-96 eay Cleaned up filenames some more.
|
||||
# 11-Jun-96 eay Fixed a few filename missmatches.
|
||||
# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
|
||||
# 18-Apr-96 tjh Original hacking
|
||||
#
|
||||
# Tim Hudson
|
||||
# tjh@cryptsoft.com
|
||||
#
|
||||
|
||||
# 27-Apr-98 snh Translation into perl, fix existing CA bug.
|
||||
#
|
||||
#
|
||||
# Steve Henson
|
||||
# shenson@bigfoot.com
|
||||
|
||||
# default openssl.cnf file has setup as per the following
|
||||
# demoCA ... where everything is stored
|
||||
|
||||
my $openssl;
|
||||
if(defined $ENV{OPENSSL}) {
|
||||
$openssl = $ENV{OPENSSL};
|
||||
} else {
|
||||
$openssl = "openssl";
|
||||
$ENV{OPENSSL} = $openssl;
|
||||
}
|
||||
|
||||
#$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
|
||||
$DAYS="-days 3650"; # 10 years
|
||||
$CADAYS="-days 2000"; # ~6 years
|
||||
$REQ="$openssl req -config ./openssl.cnf";
|
||||
$CA="$openssl ca -config ./openssl.cnf";
|
||||
$VERIFY="$openssl verify";
|
||||
$X509="$openssl x509";
|
||||
$PKCS12="$openssl pkcs12";
|
||||
|
||||
$CATOP="./CA";
|
||||
$CAKEY="cakey.pem";
|
||||
$CAREQ="careq.pem";
|
||||
$CACERT="cacert.pem";
|
||||
|
||||
$DIRMODE = 0777;
|
||||
|
||||
$RET = 0;
|
||||
|
||||
foreach (@ARGV) {
|
||||
if ( /^(-\?|-h|-help)$/ ) {
|
||||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
|
||||
exit 0;
|
||||
} elsif (/^-newcert$/) {
|
||||
# create a certificate
|
||||
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Certificate is in newcert.pem, private key is in newkey.pem\n"
|
||||
} elsif (/^-newreq$/) {
|
||||
# create a certificate request
|
||||
system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Request is in newreq.pem, private key is in newkey.pem\n";
|
||||
} elsif (/^-newreq-nodes$/) {
|
||||
# create a certificate request
|
||||
system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
|
||||
$RET=$?;
|
||||
print "Request is in newreq.pem, private key is in newkey.pem\n";
|
||||
} elsif (/^-newca$/) {
|
||||
# if explicitly asked for or it doesn't exist then setup the
|
||||
# directory structure that Eric likes to manage things
|
||||
$NEW="1";
|
||||
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
|
||||
# create the directory hierarchy
|
||||
mkdir $CATOP, $DIRMODE;
|
||||
mkdir "${CATOP}/certs", $DIRMODE;
|
||||
mkdir "${CATOP}/crl", $DIRMODE ;
|
||||
mkdir "${CATOP}/newcerts", $DIRMODE;
|
||||
mkdir "${CATOP}/private", $DIRMODE;
|
||||
open OUT, ">${CATOP}/index.txt";
|
||||
close OUT;
|
||||
open OUT, ">${CATOP}/crlnumber";
|
||||
print OUT "01\n";
|
||||
close OUT;
|
||||
}
|
||||
if ( ! -f "${CATOP}/private/$CAKEY" ) {
|
||||
print "CA certificate filename (or enter to create)\n";
|
||||
$FILE = <STDIN>;
|
||||
|
||||
chop $FILE;
|
||||
|
||||
# ask user for existing CA certificate
|
||||
if ($FILE) {
|
||||
cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
|
||||
cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
|
||||
$RET=$?;
|
||||
} else {
|
||||
print "Making CA certificate ...\n";
|
||||
system ("$REQ -new -keyout " .
|
||||
"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
|
||||
system ("$CA -create_serial " .
|
||||
"-out ${CATOP}/$CACERT $CADAYS -batch " .
|
||||
"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
|
||||
"-extensions v3_ca " .
|
||||
"-infiles ${CATOP}/$CAREQ ");
|
||||
$RET=$?;
|
||||
}
|
||||
}
|
||||
} elsif (/^-pkcs12$/) {
|
||||
my $cname = $ARGV[1];
|
||||
$cname = "My Certificate" unless defined $cname;
|
||||
system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
|
||||
"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
|
||||
"-export -name \"$cname\"");
|
||||
$RET=$?;
|
||||
print "PKCS #12 file is in newcert.p12\n";
|
||||
exit $RET;
|
||||
} elsif (/^-xsign$/) {
|
||||
system ("$CA -policy policy_anything -infiles newreq.pem");
|
||||
$RET=$?;
|
||||
} elsif (/^(-sign|-signreq)$/) {
|
||||
system ("$CA -policy policy_anything -out newcert.pem " .
|
||||
"-infiles newreq.pem");
|
||||
$RET=$?;
|
||||
print "Signed certificate is in newcert.pem\n";
|
||||
} elsif (/^(-signCA)$/) {
|
||||
system ("$CA -policy policy_anything -out newcert.pem " .
|
||||
"-extensions v3_ca -infiles newreq.pem");
|
||||
$RET=$?;
|
||||
print "Signed CA certificate is in newcert.pem\n";
|
||||
} elsif (/^-signcert$/) {
|
||||
system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
|
||||
"-out tmp.pem");
|
||||
system ("$CA -policy policy_anything -out newcert.pem " .
|
||||
"-infiles tmp.pem");
|
||||
$RET = $?;
|
||||
print "Signed certificate is in newcert.pem\n";
|
||||
} elsif (/^-verify$/) {
|
||||
if (shift) {
|
||||
foreach $j (@ARGV) {
|
||||
system ("$VERIFY -CAfile $CATOP/$CACERT $j");
|
||||
$RET=$? if ($? != 0);
|
||||
}
|
||||
exit $RET;
|
||||
} else {
|
||||
system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
|
||||
$RET=$?;
|
||||
exit 0;
|
||||
}
|
||||
} else {
|
||||
print STDERR "Unknown arg $_\n";
|
||||
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
|
||||
exit 1;
|
||||
}
|
||||
}
|
||||
|
||||
exit $RET;
|
||||
|
||||
sub cp_pem {
|
||||
my ($infile, $outfile, $bound) = @_;
|
||||
open IN, $infile;
|
||||
open OUT, ">$outfile";
|
||||
my $flag = 0;
|
||||
while (<IN>) {
|
||||
$flag = 1 if (/^-----BEGIN.*$bound/) ;
|
||||
print OUT $_ if ($flag);
|
||||
if (/^-----END.*$bound/) {
|
||||
close IN;
|
||||
close OUT;
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
83
unittest/testcerts/CA/cacert.pem
Normal file
83
unittest/testcerts/CA/cacert.pem
Normal file
@ -0,0 +1,83 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
b6:7b:e8:90:4d:70:7d:7f
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: C=AU, ST=Australian Capital Territory, O=Qca Development and Test, OU=Certificate Generation Section, CN=Qca Test Root Certificate/emailAddress=testonly@test.example.com
|
||||
Validity
|
||||
Not Before: Jul 22 01:48:15 2007 GMT
|
||||
Not After : Jan 11 01:48:15 2013 GMT
|
||||
Subject: C=AU, ST=Australian Capital Territory, O=Qca Development and Test, OU=Certificate Generation Section, CN=Qca Test Root Certificate/emailAddress=testonly@test.example.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public Key: (1024 bit)
|
||||
Modulus (1024 bit):
|
||||
00:a1:a2:3e:9e:53:de:98:2c:2f:9e:fa:12:fa:54:
|
||||
6c:0a:0a:e8:23:f4:25:86:24:da:ed:6f:18:e2:6e:
|
||||
1e:ae:36:4e:45:63:0d:5b:20:aa:09:70:55:b9:a1:
|
||||
08:e3:cb:3d:e3:c3:ca:34:c3:c7:90:30:50:51:d6:
|
||||
30:b3:3f:12:70:99:ae:2d:c8:2e:ea:c6:c6:43:e5:
|
||||
9f:30:ab:e3:5b:d9:b0:91:92:c2:94:79:79:9b:87:
|
||||
05:60:01:8c:f1:0e:75:f7:82:d6:f9:e6:fb:45:b8:
|
||||
4d:53:eb:66:a0:98:93:28:d7:1e:db:43:3d:84:9b:
|
||||
2b:1f:ee:af:d8:23:b5:a1:cd
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints: critical
|
||||
CA:TRUE
|
||||
X509v3 Key Usage:
|
||||
Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign
|
||||
X509v3 Subject Key Identifier:
|
||||
51:3F:F2:14:6E:49:6A:DC:41:B8:15:B5:A0:86:F4:2E:E4:F5:45:F8
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:51:3F:F2:14:6E:49:6A:DC:41:B8:15:B5:A0:86:F4:2E:E4:F5:45:F8
|
||||
DirName:/C=AU/ST=Australian Capital Territory/O=Qca Development and Test/OU=Certificate Generation Section/CN=Qca Test Root Certificate/emailAddress=testonly@test.example.com
|
||||
serial:B6:7B:E8:90:4D:70:7D:7F
|
||||
|
||||
X509v3 Subject Alternative Name:
|
||||
email:testonly@test.example.com
|
||||
X509v3 Issuer Alternative Name:
|
||||
email:testonly@test.example.com
|
||||
Netscape Cert Type:
|
||||
SSL CA, S/MIME CA, Object Signing CA
|
||||
Netscape Comment:
|
||||
This certificate was issued for testing only!
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
0f:b6:d9:37:b3:d8:bb:69:1e:ce:1a:35:29:1b:ce:d5:38:3e:
|
||||
29:13:17:91:5b:1f:9c:59:52:67:d3:05:91:2a:e8:7f:b9:76:
|
||||
1a:01:f6:9f:07:74:be:e4:37:87:d0:9b:84:c6:81:3f:c4:96:
|
||||
52:46:80:52:a7:7b:14:fd:f6:4d:23:15:b6:7e:2a:a6:d7:90:
|
||||
97:4f:22:7c:3e:7d:12:84:28:a4:9a:30:67:77:16:f7:80:0f:
|
||||
6a:d0:82:fc:f6:91:39:14:d2:a5:de:18:f1:bb:38:f1:98:88:
|
||||
1c:13:63:e9:a3:d7:b5:b0:70:f2:82:58:bd:ef:3c:02:42:a0:
|
||||
7e:c9
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFAzCCBGygAwIBAgIJALZ76JBNcH1/MA0GCSqGSIb3DQEBBQUAMIHOMQswCQYD
|
||||
VQQGEwJBVTElMCMGA1UECBMcQXVzdHJhbGlhbiBDYXBpdGFsIFRlcnJpdG9yeTEh
|
||||
MB8GA1UEChMYUWNhIERldmVsb3BtZW50IGFuZCBUZXN0MScwJQYDVQQLEx5DZXJ0
|
||||
aWZpY2F0ZSBHZW5lcmF0aW9uIFNlY3Rpb24xIjAgBgNVBAMTGVFjYSBUZXN0IFJv
|
||||
b3QgQ2VydGlmaWNhdGUxKDAmBgkqhkiG9w0BCQEWGXRlc3Rvbmx5QHRlc3QuZXhh
|
||||
bXBsZS5jb20wHhcNMDcwNzIyMDE0ODE1WhcNMTMwMTExMDE0ODE1WjCBzjELMAkG
|
||||
A1UEBhMCQVUxJTAjBgNVBAgTHEF1c3RyYWxpYW4gQ2FwaXRhbCBUZXJyaXRvcnkx
|
||||
ITAfBgNVBAoTGFFjYSBEZXZlbG9wbWVudCBhbmQgVGVzdDEnMCUGA1UECxMeQ2Vy
|
||||
dGlmaWNhdGUgR2VuZXJhdGlvbiBTZWN0aW9uMSIwIAYDVQQDExlRY2EgVGVzdCBS
|
||||
b290IENlcnRpZmljYXRlMSgwJgYJKoZIhvcNAQkBFhl0ZXN0b25seUB0ZXN0LmV4
|
||||
YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChoj6eU96YLC+e
|
||||
+hL6VGwKCugj9CWGJNrtbxjibh6uNk5FYw1bIKoJcFW5oQjjyz3jw8o0w8eQMFBR
|
||||
1jCzPxJwma4tyC7qxsZD5Z8wq+Nb2bCRksKUeXmbhwVgAYzxDnX3gtb55vtFuE1T
|
||||
62agmJMo1x7bQz2Emysf7q/YI7WhzQIDAQABo4IB5TCCAeEwDwYDVR0TAQH/BAUw
|
||||
AwEB/zALBgNVHQ8EBAMCAeYwHQYDVR0OBBYEFFE/8hRuSWrcQbgVtaCG9C7k9UX4
|
||||
MIIBAwYDVR0jBIH7MIH4gBRRP/IUbklq3EG4FbWghvQu5PVF+KGB1KSB0TCBzjEL
|
||||
MAkGA1UEBhMCQVUxJTAjBgNVBAgTHEF1c3RyYWxpYW4gQ2FwaXRhbCBUZXJyaXRv
|
||||
cnkxITAfBgNVBAoTGFFjYSBEZXZlbG9wbWVudCBhbmQgVGVzdDEnMCUGA1UECxMe
|
||||
Q2VydGlmaWNhdGUgR2VuZXJhdGlvbiBTZWN0aW9uMSIwIAYDVQQDExlRY2EgVGVz
|
||||
dCBSb290IENlcnRpZmljYXRlMSgwJgYJKoZIhvcNAQkBFhl0ZXN0b25seUB0ZXN0
|
||||
LmV4YW1wbGUuY29tggkAtnvokE1wfX8wJAYDVR0RBB0wG4EZdGVzdG9ubHlAdGVz
|
||||
dC5leGFtcGxlLmNvbTAkBgNVHRIEHTAbgRl0ZXN0b25seUB0ZXN0LmV4YW1wbGUu
|
||||
Y29tMBEGCWCGSAGG+EIBAQQEAwIABzA8BglghkgBhvhCAQ0ELxYtVGhpcyBjZXJ0
|
||||
aWZpY2F0ZSB3YXMgaXNzdWVkIGZvciB0ZXN0aW5nIG9ubHkhMA0GCSqGSIb3DQEB
|
||||
BQUAA4GBAA+22Tez2LtpHs4aNSkbztU4PikTF5FbH5xZUmfTBZEq6H+5dhoB9p8H
|
||||
dL7kN4fQm4TGgT/EllJGgFKnexT99k0jFbZ+KqbXkJdPInw+fRKEKKSaMGd3FveA
|
||||
D2rQgvz2kTkU0qXeGPG7OPGYiBwTY+mj17WwcPKCWL3vPAJCoH7J
|
||||
-----END CERTIFICATE-----
|
14
unittest/testcerts/CA/careq.pem
Normal file
14
unittest/testcerts/CA/careq.pem
Normal file
@ -0,0 +1,14 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICITCCAYoCAQAwgeAxCzAJBgNVBAYTAkFVMSUwIwYDVQQIExxBdXN0cmFsaWFu
|
||||
IENhcGl0YWwgVGVycml0b3J5MRAwDgYDVQQHEwdRY2FMYW5kMSEwHwYDVQQKExhR
|
||||
Y2EgRGV2ZWxvcG1lbnQgYW5kIFRlc3QxJzAlBgNVBAsTHkNlcnRpZmljYXRlIEdl
|
||||
bmVyYXRpb24gU2VjdGlvbjEiMCAGA1UEAxMZUWNhIFRlc3QgUm9vdCBDZXJ0aWZp
|
||||
Y2F0ZTEoMCYGCSqGSIb3DQEJARYZdGVzdG9ubHlAdGVzdC5leGFtcGxlLmNvbTCB
|
||||
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoaI+nlPemCwvnvoS+lRsCgroI/Ql
|
||||
hiTa7W8Y4m4erjZORWMNWyCqCXBVuaEI48s948PKNMPHkDBQUdYwsz8ScJmuLcgu
|
||||
6sbGQ+WfMKvjW9mwkZLClHl5m4cFYAGM8Q5194LW+eb7RbhNU+tmoJiTKNce20M9
|
||||
hJsrH+6v2CO1oc0CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAJFcvHZDxAudRtla
|
||||
dELJWVRXIyijLfDSxt5TVqF3GtGZum9JX7Hj0QETu3VkUL91eOLO3RiiWQrm2Wd6
|
||||
huRkzv3AbkifAWlCOIhkXQxFdsqi3KRhXQc1Y+kiRk+1xhftMvsWprtHq64qS8Da
|
||||
bKT/rF1DmMzynQ0KUr+Z8eXEL7aH
|
||||
-----END CERTIFICATE REQUEST-----
|
1
unittest/testcerts/CA/crlnumber
Normal file
1
unittest/testcerts/CA/crlnumber
Normal file
@ -0,0 +1 @@
|
||||
01
|
3
unittest/testcerts/CA/index.txt
Normal file
3
unittest/testcerts/CA/index.txt
Normal file
@ -0,0 +1,3 @@
|
||||
V 130111014815Z B67BE8904D707D7F unknown /C=AU/ST=Australian Capital Territory/O=Qca Development and Test/OU=Certificate Generation Section/CN=Qca Test Root Certificate/emailAddress=testonly@test.example.com
|
||||
V 120720033029Z B67BE8904D707D80 unknown /C=US/ST=Kalifornia/L=QcaLand/O=Qca Development and Test/OU=Certificate Generation Section/CN=Qca Test Client Certificate/emailAddress=client@test.example.com
|
||||
V 120720060539Z B67BE8904D707D81 unknown /C=IL/ST=Qca Province/L=TLS City/O=Qca Development and Test/OU=Server Management Section/CN=Qca Server Test certificate/emailAddress=server@test.example.com
|
1
unittest/testcerts/CA/index.txt.attr
Normal file
1
unittest/testcerts/CA/index.txt.attr
Normal file
@ -0,0 +1 @@
|
||||
unique_subject = no
|
1
unittest/testcerts/CA/index.txt.attr.old
Normal file
1
unittest/testcerts/CA/index.txt.attr.old
Normal file
@ -0,0 +1 @@
|
||||
unique_subject = no
|
2
unittest/testcerts/CA/index.txt.old
Normal file
2
unittest/testcerts/CA/index.txt.old
Normal file
@ -0,0 +1,2 @@
|
||||
V 130111014815Z B67BE8904D707D7F unknown /C=AU/ST=Australian Capital Territory/O=Qca Development and Test/OU=Certificate Generation Section/CN=Qca Test Root Certificate/emailAddress=testonly@test.example.com
|
||||
V 120720033029Z B67BE8904D707D80 unknown /C=US/ST=Kalifornia/L=QcaLand/O=Qca Development and Test/OU=Certificate Generation Section/CN=Qca Test Client Certificate/emailAddress=client@test.example.com
|
83
unittest/testcerts/CA/newcerts/B67BE8904D707D7F.pem
Normal file
83
unittest/testcerts/CA/newcerts/B67BE8904D707D7F.pem
Normal file
@ -0,0 +1,83 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
b6:7b:e8:90:4d:70:7d:7f
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: C=AU, ST=Australian Capital Territory, O=Qca Development and Test, OU=Certificate Generation Section, CN=Qca Test Root Certificate/emailAddress=testonly@test.example.com
|
||||
Validity
|
||||
Not Before: Jul 22 01:48:15 2007 GMT
|
||||
Not After : Jan 11 01:48:15 2013 GMT
|
||||
Subject: C=AU, ST=Australian Capital Territory, O=Qca Development and Test, OU=Certificate Generation Section, CN=Qca Test Root Certificate/emailAddress=testonly@test.example.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public Key: (1024 bit)
|
||||
Modulus (1024 bit):
|
||||
00:a1:a2:3e:9e:53:de:98:2c:2f:9e:fa:12:fa:54:
|
||||
6c:0a:0a:e8:23:f4:25:86:24:da:ed:6f:18:e2:6e:
|
||||
1e:ae:36:4e:45:63:0d:5b:20:aa:09:70:55:b9:a1:
|
||||
08:e3:cb:3d:e3:c3:ca:34:c3:c7:90:30:50:51:d6:
|
||||
30:b3:3f:12:70:99:ae:2d:c8:2e:ea:c6:c6:43:e5:
|
||||
9f:30:ab:e3:5b:d9:b0:91:92:c2:94:79:79:9b:87:
|
||||
05:60:01:8c:f1:0e:75:f7:82:d6:f9:e6:fb:45:b8:
|
||||
4d:53:eb:66:a0:98:93:28:d7:1e:db:43:3d:84:9b:
|
||||
2b:1f:ee:af:d8:23:b5:a1:cd
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints: critical
|
||||
CA:TRUE
|
||||
X509v3 Key Usage:
|
||||
Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign
|
||||
X509v3 Subject Key Identifier:
|
||||
51:3F:F2:14:6E:49:6A:DC:41:B8:15:B5:A0:86:F4:2E:E4:F5:45:F8
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:51:3F:F2:14:6E:49:6A:DC:41:B8:15:B5:A0:86:F4:2E:E4:F5:45:F8
|
||||
DirName:/C=AU/ST=Australian Capital Territory/O=Qca Development and Test/OU=Certificate Generation Section/CN=Qca Test Root Certificate/emailAddress=testonly@test.example.com
|
||||
serial:B6:7B:E8:90:4D:70:7D:7F
|
||||
|
||||
X509v3 Subject Alternative Name:
|
||||
email:testonly@test.example.com
|
||||
X509v3 Issuer Alternative Name:
|
||||
email:testonly@test.example.com
|
||||
Netscape Cert Type:
|
||||
SSL CA, S/MIME CA, Object Signing CA
|
||||
Netscape Comment:
|
||||
This certificate was issued for testing only!
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
0f:b6:d9:37:b3:d8:bb:69:1e:ce:1a:35:29:1b:ce:d5:38:3e:
|
||||
29:13:17:91:5b:1f:9c:59:52:67:d3:05:91:2a:e8:7f:b9:76:
|
||||
1a:01:f6:9f:07:74:be:e4:37:87:d0:9b:84:c6:81:3f:c4:96:
|
||||
52:46:80:52:a7:7b:14:fd:f6:4d:23:15:b6:7e:2a:a6:d7:90:
|
||||
97:4f:22:7c:3e:7d:12:84:28:a4:9a:30:67:77:16:f7:80:0f:
|
||||
6a:d0:82:fc:f6:91:39:14:d2:a5:de:18:f1:bb:38:f1:98:88:
|
||||
1c:13:63:e9:a3:d7:b5:b0:70:f2:82:58:bd:ef:3c:02:42:a0:
|
||||
7e:c9
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFAzCCBGygAwIBAgIJALZ76JBNcH1/MA0GCSqGSIb3DQEBBQUAMIHOMQswCQYD
|
||||
VQQGEwJBVTElMCMGA1UECBMcQXVzdHJhbGlhbiBDYXBpdGFsIFRlcnJpdG9yeTEh
|
||||
MB8GA1UEChMYUWNhIERldmVsb3BtZW50IGFuZCBUZXN0MScwJQYDVQQLEx5DZXJ0
|
||||
aWZpY2F0ZSBHZW5lcmF0aW9uIFNlY3Rpb24xIjAgBgNVBAMTGVFjYSBUZXN0IFJv
|
||||
b3QgQ2VydGlmaWNhdGUxKDAmBgkqhkiG9w0BCQEWGXRlc3Rvbmx5QHRlc3QuZXhh
|
||||
bXBsZS5jb20wHhcNMDcwNzIyMDE0ODE1WhcNMTMwMTExMDE0ODE1WjCBzjELMAkG
|
||||
A1UEBhMCQVUxJTAjBgNVBAgTHEF1c3RyYWxpYW4gQ2FwaXRhbCBUZXJyaXRvcnkx
|
||||
ITAfBgNVBAoTGFFjYSBEZXZlbG9wbWVudCBhbmQgVGVzdDEnMCUGA1UECxMeQ2Vy
|
||||
dGlmaWNhdGUgR2VuZXJhdGlvbiBTZWN0aW9uMSIwIAYDVQQDExlRY2EgVGVzdCBS
|
||||
b290IENlcnRpZmljYXRlMSgwJgYJKoZIhvcNAQkBFhl0ZXN0b25seUB0ZXN0LmV4
|
||||
YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChoj6eU96YLC+e
|
||||
+hL6VGwKCugj9CWGJNrtbxjibh6uNk5FYw1bIKoJcFW5oQjjyz3jw8o0w8eQMFBR
|
||||
1jCzPxJwma4tyC7qxsZD5Z8wq+Nb2bCRksKUeXmbhwVgAYzxDnX3gtb55vtFuE1T
|
||||
62agmJMo1x7bQz2Emysf7q/YI7WhzQIDAQABo4IB5TCCAeEwDwYDVR0TAQH/BAUw
|
||||
AwEB/zALBgNVHQ8EBAMCAeYwHQYDVR0OBBYEFFE/8hRuSWrcQbgVtaCG9C7k9UX4
|
||||
MIIBAwYDVR0jBIH7MIH4gBRRP/IUbklq3EG4FbWghvQu5PVF+KGB1KSB0TCBzjEL
|
||||
MAkGA1UEBhMCQVUxJTAjBgNVBAgTHEF1c3RyYWxpYW4gQ2FwaXRhbCBUZXJyaXRv
|
||||
cnkxITAfBgNVBAoTGFFjYSBEZXZlbG9wbWVudCBhbmQgVGVzdDEnMCUGA1UECxMe
|
||||
Q2VydGlmaWNhdGUgR2VuZXJhdGlvbiBTZWN0aW9uMSIwIAYDVQQDExlRY2EgVGVz
|
||||
dCBSb290IENlcnRpZmljYXRlMSgwJgYJKoZIhvcNAQkBFhl0ZXN0b25seUB0ZXN0
|
||||
LmV4YW1wbGUuY29tggkAtnvokE1wfX8wJAYDVR0RBB0wG4EZdGVzdG9ubHlAdGVz
|
||||
dC5leGFtcGxlLmNvbTAkBgNVHRIEHTAbgRl0ZXN0b25seUB0ZXN0LmV4YW1wbGUu
|
||||
Y29tMBEGCWCGSAGG+EIBAQQEAwIABzA8BglghkgBhvhCAQ0ELxYtVGhpcyBjZXJ0
|
||||
aWZpY2F0ZSB3YXMgaXNzdWVkIGZvciB0ZXN0aW5nIG9ubHkhMA0GCSqGSIb3DQEB
|
||||
BQUAA4GBAA+22Tez2LtpHs4aNSkbztU4PikTF5FbH5xZUmfTBZEq6H+5dhoB9p8H
|
||||
dL7kN4fQm4TGgT/EllJGgFKnexT99k0jFbZ+KqbXkJdPInw+fRKEKKSaMGd3FveA
|
||||
D2rQgvz2kTkU0qXeGPG7OPGYiBwTY+mj17WwcPKCWL3vPAJCoH7J
|
||||
-----END CERTIFICATE-----
|
84
unittest/testcerts/CA/newcerts/B67BE8904D707D80.pem
Normal file
84
unittest/testcerts/CA/newcerts/B67BE8904D707D80.pem
Normal file
@ -0,0 +1,84 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
b6:7b:e8:90:4d:70:7d:80
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: C=AU, ST=Australian Capital Territory, O=Qca Development and Test, OU=Certificate Generation Section, CN=Qca Test Root Certificate/emailAddress=testonly@test.example.com
|
||||
Validity
|
||||
Not Before: Jul 22 03:30:29 2007 GMT
|
||||
Not After : Jul 20 03:30:29 2012 GMT
|
||||
Subject: C=US, ST=Kalifornia, L=QcaLand, O=Qca Development and Test, OU=Certificate Generation Section, CN=Qca Test Client Certificate/emailAddress=client@test.example.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public Key: (1024 bit)
|
||||
Modulus (1024 bit):
|
||||
00:b0:67:99:c9:d4:42:eb:f5:a6:25:7e:99:31:4e:
|
||||
d7:71:e2:15:95:8b:6a:e9:13:c6:0a:6e:cd:5d:ce:
|
||||
23:c8:b0:4a:af:d6:d3:ef:3d:09:23:97:6d:ed:49:
|
||||
0a:2c:e4:9d:a2:50:78:bc:a5:94:79:45:b1:b0:85:
|
||||
3a:02:1b:5f:f4:be:94:9e:a1:d1:a4:9c:31:02:ed:
|
||||
62:3f:b3:f1:1a:5b:7d:31:27:ae:7b:f1:67:bd:60:
|
||||
86:27:34:80:96:53:04:00:4e:d8:f2:b3:bb:6e:62:
|
||||
ab:51:ee:f9:25:ad:de:3a:4f:e5:1e:d5:42:28:e8:
|
||||
73:96:4c:1f:06:42:ee:d8:8b
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
Netscape Cert Type:
|
||||
SSL Client, S/MIME
|
||||
X509v3 Key Usage:
|
||||
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Client Authentication, E-mail Protection
|
||||
Netscape Comment:
|
||||
This certificate was issued for testing only!
|
||||
X509v3 Subject Key Identifier:
|
||||
B2:7F:D3:11:39:23:BE:1D:C4:6F:53:CE:81:AF:F1:D4:80:01:F6:F6
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:51:3F:F2:14:6E:49:6A:DC:41:B8:15:B5:A0:86:F4:2E:E4:F5:45:F8
|
||||
DirName:/C=AU/ST=Australian Capital Territory/O=Qca Development and Test/OU=Certificate Generation Section/CN=Qca Test Root Certificate/emailAddress=testonly@test.example.com
|
||||
serial:B6:7B:E8:90:4D:70:7D:7F
|
||||
|
||||
X509v3 Subject Alternative Name:
|
||||
email:client@test.example.com
|
||||
X509v3 Issuer Alternative Name:
|
||||
email:testonly@test.example.com
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
36:9a:0e:7a:a4:d3:6b:e8:d6:1b:ba:34:89:a6:dc:26:01:28:
|
||||
71:7d:28:71:22:79:ae:3b:27:2a:d5:6c:d6:99:93:c0:01:45:
|
||||
5d:78:2a:83:05:a8:eb:41:be:62:37:92:ff:b9:41:3d:37:4c:
|
||||
25:85:4b:c8:c3:ba:cd:71:06:18:12:a3:7f:2d:17:90:b2:87:
|
||||
e6:ca:86:fb:dc:d0:ef:1d:d6:b3:86:b3:28:72:45:fa:bb:dd:
|
||||
32:06:44:b1:ed:35:b6:c4:6b:54:88:49:9d:3a:2e:fa:37:3b:
|
||||
84:98:de:68:14:ac:2f:37:42:21:f5:b9:27:18:1b:5d:5e:ba:
|
||||
74:09
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFDzCCBHigAwIBAgIJALZ76JBNcH2AMA0GCSqGSIb3DQEBBQUAMIHOMQswCQYD
|
||||
VQQGEwJBVTElMCMGA1UECBMcQXVzdHJhbGlhbiBDYXBpdGFsIFRlcnJpdG9yeTEh
|
||||
MB8GA1UEChMYUWNhIERldmVsb3BtZW50IGFuZCBUZXN0MScwJQYDVQQLEx5DZXJ0
|
||||
aWZpY2F0ZSBHZW5lcmF0aW9uIFNlY3Rpb24xIjAgBgNVBAMTGVFjYSBUZXN0IFJv
|
||||
b3QgQ2VydGlmaWNhdGUxKDAmBgkqhkiG9w0BCQEWGXRlc3Rvbmx5QHRlc3QuZXhh
|
||||
bXBsZS5jb20wHhcNMDcwNzIyMDMzMDI5WhcNMTIwNzIwMDMzMDI5WjCBzjELMAkG
|
||||
A1UEBhMCVVMxEzARBgNVBAgTCkthbGlmb3JuaWExEDAOBgNVBAcTB1FjYUxhbmQx
|
||||
ITAfBgNVBAoTGFFjYSBEZXZlbG9wbWVudCBhbmQgVGVzdDEnMCUGA1UECxMeQ2Vy
|
||||
dGlmaWNhdGUgR2VuZXJhdGlvbiBTZWN0aW9uMSQwIgYDVQQDExtRY2EgVGVzdCBD
|
||||
bGllbnQgQ2VydGlmaWNhdGUxJjAkBgkqhkiG9w0BCQEWF2NsaWVudEB0ZXN0LmV4
|
||||
YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwZ5nJ1ELr9aYl
|
||||
fpkxTtdx4hWVi2rpE8YKbs1dziPIsEqv1tPvPQkjl23tSQos5J2iUHi8pZR5RbGw
|
||||
hToCG1/0vpSeodGknDEC7WI/s/EaW30xJ6578We9YIYnNICWUwQATtjys7tuYqtR
|
||||
7vklrd46T+Ue1UIo6HOWTB8GQu7YiwIDAQABo4IB8TCCAe0wEQYJYIZIAYb4QgEB
|
||||
BAQDAgWgMAsGA1UdDwQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
|
||||
AwQwPAYJYIZIAYb4QgENBC8WLVRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBm
|
||||
b3IgdGVzdGluZyBvbmx5ITAdBgNVHQ4EFgQUsn/TETkjvh3Eb1POga/x1IAB9vYw
|
||||
ggEDBgNVHSMEgfswgfiAFFE/8hRuSWrcQbgVtaCG9C7k9UX4oYHUpIHRMIHOMQsw
|
||||
CQYDVQQGEwJBVTElMCMGA1UECBMcQXVzdHJhbGlhbiBDYXBpdGFsIFRlcnJpdG9y
|
||||
eTEhMB8GA1UEChMYUWNhIERldmVsb3BtZW50IGFuZCBUZXN0MScwJQYDVQQLEx5D
|
||||
ZXJ0aWZpY2F0ZSBHZW5lcmF0aW9uIFNlY3Rpb24xIjAgBgNVBAMTGVFjYSBUZXN0
|
||||
IFJvb3QgQ2VydGlmaWNhdGUxKDAmBgkqhkiG9w0BCQEWGXRlc3Rvbmx5QHRlc3Qu
|
||||
ZXhhbXBsZS5jb22CCQC2e+iQTXB9fzAiBgNVHREEGzAZgRdjbGllbnRAdGVzdC5l
|
||||
eGFtcGxlLmNvbTAkBgNVHRIEHTAbgRl0ZXN0b25seUB0ZXN0LmV4YW1wbGUuY29t
|
||||
MA0GCSqGSIb3DQEBBQUAA4GBADaaDnqk02vo1hu6NImm3CYBKHF9KHEiea47JyrV
|
||||
bNaZk8ABRV14KoMFqOtBvmI3kv+5QT03TCWFS8jDus1xBhgSo38tF5Cyh+bKhvvc
|
||||
0O8d1rOGsyhyRfq73TIGRLHtNbbEa1SISZ06Lvo3O4SY3mgUrC83QiH1uScYG11e
|
||||
unQJ
|
||||
-----END CERTIFICATE-----
|
84
unittest/testcerts/CA/newcerts/B67BE8904D707D81.pem
Normal file
84
unittest/testcerts/CA/newcerts/B67BE8904D707D81.pem
Normal file
@ -0,0 +1,84 @@
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
b6:7b:e8:90:4d:70:7d:81
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
Issuer: C=AU, ST=Australian Capital Territory, O=Qca Development and Test, OU=Certificate Generation Section, CN=Qca Test Root Certificate/emailAddress=testonly@test.example.com
|
||||
Validity
|
||||
Not Before: Jul 22 06:05:39 2007 GMT
|
||||
Not After : Jul 20 06:05:39 2012 GMT
|
||||
Subject: C=IL, ST=Qca Province, L=TLS City, O=Qca Development and Test, OU=Server Management Section, CN=Qca Server Test certificate/emailAddress=server@test.example.com
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public Key: (1024 bit)
|
||||
Modulus (1024 bit):
|
||||
00:c1:59:ff:39:1d:96:af:d8:55:cd:89:a1:19:14:
|
||||
a0:63:33:2a:1c:09:92:07:ea:8e:64:91:17:19:3a:
|
||||
ca:6d:a8:2a:81:7d:a6:48:6a:8c:04:d5:dc:9b:b0:
|
||||
86:44:8c:65:27:9c:a6:63:ec:f0:f6:f2:03:76:4e:
|
||||
46:72:20:3c:eb:ac:c5:a7:4d:fa:36:84:a7:a1:45:
|
||||
c2:54:43:b9:5d:88:17:b6:b2:6c:af:ce:9c:e2:2e:
|
||||
65:e2:82:4c:02:a4:4d:91:58:7d:16:14:dc:29:1c:
|
||||
1c:bc:c5:89:ac:e0:ea:f7:2d:9a:fe:d8:ca:53:98:
|
||||
ce:ab:3a:c2:60:ad:91:e9:4f
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
Netscape Cert Type:
|
||||
SSL Server
|
||||
X509v3 Key Usage:
|
||||
Digital Signature, Non Repudiation, Key Encipherment
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Server Authentication
|
||||
Netscape Comment:
|
||||
This certificate was issued for qca server testing only!
|
||||
X509v3 Subject Key Identifier:
|
||||
3C:AA:B3:B7:59:75:DB:2C:95:AF:B4:81:FA:56:40:D8:98:6B:27:CB
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:51:3F:F2:14:6E:49:6A:DC:41:B8:15:B5:A0:86:F4:2E:E4:F5:45:F8
|
||||
DirName:/C=AU/ST=Australian Capital Territory/O=Qca Development and Test/OU=Certificate Generation Section/CN=Qca Test Root Certificate/emailAddress=testonly@test.example.com
|
||||
serial:B6:7B:E8:90:4D:70:7D:7F
|
||||
|
||||
X509v3 Subject Alternative Name:
|
||||
email:server@test.example.com
|
||||
X509v3 Issuer Alternative Name:
|
||||
email:testonly@test.example.com
|
||||
Signature Algorithm: sha1WithRSAEncryption
|
||||
0f:0b:9f:d9:38:62:20:40:a5:ff:0c:7b:d5:21:82:dd:9a:74:
|
||||
94:81:72:aa:94:fc:1b:e0:53:56:e1:65:67:ed:a5:97:94:87:
|
||||
fc:ee:37:66:e5:bf:7e:92:1b:b9:a4:e8:96:4a:5e:67:64:de:
|
||||
f8:43:47:de:50:85:f6:a6:47:df:b4:ff:e3:93:ef:8e:b1:7c:
|
||||
38:52:e4:e4:90:45:d1:85:db:c2:db:91:81:44:5a:41:a8:9b:
|
||||
68:f6:dd:4b:c0:88:f0:fb:f0:73:17:9d:c4:9e:2b:1d:ba:6c:
|
||||
43:bd:38:a3:f7:3f:55:cb:1a:7b:c4:5e:4a:39:fc:a2:86:ed:
|
||||
d9:ba
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFDjCCBHegAwIBAgIJALZ76JBNcH2BMA0GCSqGSIb3DQEBBQUAMIHOMQswCQYD
|
||||
VQQGEwJBVTElMCMGA1UECBMcQXVzdHJhbGlhbiBDYXBpdGFsIFRlcnJpdG9yeTEh
|
||||
MB8GA1UEChMYUWNhIERldmVsb3BtZW50IGFuZCBUZXN0MScwJQYDVQQLEx5DZXJ0
|
||||
aWZpY2F0ZSBHZW5lcmF0aW9uIFNlY3Rpb24xIjAgBgNVBAMTGVFjYSBUZXN0IFJv
|
||||
b3QgQ2VydGlmaWNhdGUxKDAmBgkqhkiG9w0BCQEWGXRlc3Rvbmx5QHRlc3QuZXhh
|
||||
bXBsZS5jb20wHhcNMDcwNzIyMDYwNTM5WhcNMTIwNzIwMDYwNTM5WjCBzDELMAkG
|
||||
A1UEBhMCSUwxFTATBgNVBAgTDFFjYSBQcm92aW5jZTERMA8GA1UEBxMIVExTIENp
|
||||
dHkxITAfBgNVBAoTGFFjYSBEZXZlbG9wbWVudCBhbmQgVGVzdDEiMCAGA1UECxMZ
|
||||
U2VydmVyIE1hbmFnZW1lbnQgU2VjdGlvbjEkMCIGA1UEAxMbUWNhIFNlcnZlciBU
|
||||
ZXN0IGNlcnRpZmljYXRlMSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXJAdGVzdC5leGFt
|
||||
cGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwVn/OR2Wr9hVzYmh
|
||||
GRSgYzMqHAmSB+qOZJEXGTrKbagqgX2mSGqMBNXcm7CGRIxlJ5ymY+zw9vIDdk5G
|
||||
ciA866zFp036NoSnoUXCVEO5XYgXtrJsr86c4i5l4oJMAqRNkVh9FhTcKRwcvMWJ
|
||||
rODq9y2a/tjKU5jOqzrCYK2R6U8CAwEAAaOCAfIwggHuMBEGCWCGSAGG+EIBAQQE
|
||||
AwIGQDALBgNVHQ8EBAMCBeAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwRwYJYIZIAYb4
|
||||
QgENBDoWOFRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBmb3IgcWNhIHNlcnZl
|
||||
ciB0ZXN0aW5nIG9ubHkhMB0GA1UdDgQWBBQ8qrO3WXXbLJWvtIH6VkDYmGsnyzCC
|
||||
AQMGA1UdIwSB+zCB+IAUUT/yFG5JatxBuBW1oIb0LuT1RfihgdSkgdEwgc4xCzAJ
|
||||
BgNVBAYTAkFVMSUwIwYDVQQIExxBdXN0cmFsaWFuIENhcGl0YWwgVGVycml0b3J5
|
||||
MSEwHwYDVQQKExhRY2EgRGV2ZWxvcG1lbnQgYW5kIFRlc3QxJzAlBgNVBAsTHkNl
|
||||
cnRpZmljYXRlIEdlbmVyYXRpb24gU2VjdGlvbjEiMCAGA1UEAxMZUWNhIFRlc3Qg
|
||||
Um9vdCBDZXJ0aWZpY2F0ZTEoMCYGCSqGSIb3DQEJARYZdGVzdG9ubHlAdGVzdC5l
|
||||
eGFtcGxlLmNvbYIJALZ76JBNcH1/MCIGA1UdEQQbMBmBF3NlcnZlckB0ZXN0LmV4
|
||||
YW1wbGUuY29tMCQGA1UdEgQdMBuBGXRlc3Rvbmx5QHRlc3QuZXhhbXBsZS5jb20w
|
||||
DQYJKoZIhvcNAQEFBQADgYEADwuf2ThiIECl/wx71SGC3Zp0lIFyqpT8G+BTVuFl
|
||||
Z+2ll5SH/O43ZuW/fpIbuaTolkpeZ2Te+ENH3lCF9qZH37T/45PvjrF8OFLk5JBF
|
||||
0YXbwtuRgURaQaibaPbdS8CI8PvwcxedxJ4rHbpsQ704o/c/Vcsae8ReSjn8oobt
|
||||
2bo=
|
||||
-----END CERTIFICATE-----
|
18
unittest/testcerts/CA/private/cakey.pem
Normal file
18
unittest/testcerts/CA/private/cakey.pem
Normal file
@ -0,0 +1,18 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: DES-EDE3-CBC,F17A1709AFCFEA09
|
||||
|
||||
N6sF87gUNUp77rz4HIT9DCJcQXJThEjGzzkJzIrPcNRBREdeTo+gYUXs7G730fRK
|
||||
QAlpGNO4YvRZ2N3X+OyM7r1GYLe4CFRrGPLFwkeoMiCwwc/jl5NbdzOl0By67A1V
|
||||
WygRavO3B8Tp7jUsNniAA7yr66I6nu2oj3DRjp+DJBowJNBRvc5d2GsoC2odQyKp
|
||||
Po4P3kMYWZyfhIAp1KeuqQyyG1WVjQlzRtqHUwcs4GZ0xmfaFXfqPA3nFz7GXjzP
|
||||
QTrOz2eB3+VWGbd7w0UUnMndvz1sJjV/3JCAFlNNC/sqb2CsYYhaEoiu5NlIDhQ/
|
||||
z+pZtAGksMqHfULnI3aqomg6/8bS3zyqQCC8bacDV6glNnzypfDOXhomjXRpxUwf
|
||||
sRGTIj0BsippAYSW503Ab5UMKlpDK2h/6Y3XM52bs+fTi6qnCf8udtpJVNzEwyZj
|
||||
eem1mzhs8NT0ZRpGVEOUaK8eIVGA7k6sObRT3sXDNjIw6HvKb1RaLDVy28+CYmd6
|
||||
WFXv0+YOlZFBdXS4epAnxddap+tfHuEbB17J4mc28FucPtfzfCRkUZ4c3uEbqDDe
|
||||
tHW2z0xqj2vGKYG9v8yKu7oKOwCxqGNH2PzYOm2ttaD9wIJP4mWtSw74sMOpceKB
|
||||
HWgSVjvD5FfFNi7vpQ/s1+aC/BF0Dfsy3pg3cwJA6vZQp4QdsAneecC7i+faS+nD
|
||||
tiN24WM9sXciT3tCVpU9KFF4VSjs5gkyWWyjZiq7KNXvFXS5A75XXRmDcvnG6lEy
|
||||
q+CMERq6iAuQSpcu+avK7SdZSjCRaWFYx8tTFdYbjtLpNHoJcyw4FA==
|
||||
-----END RSA PRIVATE KEY-----
|
1
unittest/testcerts/CA/serial
Normal file
1
unittest/testcerts/CA/serial
Normal file
@ -0,0 +1 @@
|
||||
B67BE8904D707D82
|
1
unittest/testcerts/CA/serial.old
Normal file
1
unittest/testcerts/CA/serial.old
Normal file
@ -0,0 +1 @@
|
||||
B67BE8904D707D81
|
11
unittest/testcerts/README
Normal file
11
unittest/testcerts/README
Normal file
@ -0,0 +1,11 @@
|
||||
These are the tools used to generate test certificates
|
||||
for unit testing in QCA.
|
||||
|
||||
You need to have openssl installed.
|
||||
|
||||
Do not try to generate certificates blindly. You always need
|
||||
to read and understand the openssl.cnf options to make any
|
||||
kind of sensible certificate.
|
||||
|
||||
The PEM passphrase is always "start".
|
||||
|
292
unittest/testcerts/openssl.cnf
Normal file
292
unittest/testcerts/openssl.cnf
Normal file
@ -0,0 +1,292 @@
|
||||
#
|
||||
# OpenSSL example configuration file.
|
||||
# This is mostly being used for generation of certificate requests.
|
||||
#
|
||||
|
||||
# This definition stops the following lines choking if HOME isn't
|
||||
# defined.
|
||||
HOME = .
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
||||
|
||||
# To use this configuration file with the "-extfile" option of the
|
||||
# "openssl x509" utility, name here the section containing the
|
||||
# X.509v3 extensions to use:
|
||||
# extensions =
|
||||
# (Alternatively, use a configuration file that has only
|
||||
# X.509v3 extensions in its main [= default] section.)
|
||||
|
||||
[ new_oids ]
|
||||
|
||||
# We can add new OIDs in here for use by 'ca' and 'req'.
|
||||
# Add a simple OID like this:
|
||||
# testoid1=1.2.3.4
|
||||
# Or use config file substitution like this:
|
||||
# testoid2=${testoid1}.5.6
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = ./CA # Where everything is kept
|
||||
certs = $dir/certs # Where the issued certs are kept
|
||||
crl_dir = $dir/crl # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
#unique_subject = no # Set to 'no' to allow creation of
|
||||
# several ctificates with same subject.
|
||||
new_certs_dir = $dir/newcerts # default place for new certs.
|
||||
|
||||
certificate = $dir/cacert.pem # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
crlnumber = $dir/crlnumber # the current crl number
|
||||
# must be commented out to leave a V1 CRL
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem# The private key
|
||||
RANDFILE = $dir/private/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
|
||||
# Comment out the following two lines for the "traditional"
|
||||
# (and highly broken) format.
|
||||
name_opt = ca_default # Subject Name options
|
||||
cert_opt = ca_default # Certificate field options
|
||||
|
||||
# Extension copying option: use with caution.
|
||||
# copy_extensions = copy
|
||||
|
||||
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
|
||||
# so this is commented out by default to leave a V1 CRL.
|
||||
# crlnumber must also be commented out to leave a V1 CRL.
|
||||
# crl_extensions = crl_ext
|
||||
|
||||
default_days = 1825 # how long to certify for
|
||||
default_crl_days= 300 # how long before next CRL
|
||||
default_md = sha1 # which md to use.
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
# A few difference way of specifying how similar the request should look
|
||||
# For type CA, the listed attributes must be the same, and the optional
|
||||
# and supplied fields are just that :-)
|
||||
policy = policy_match
|
||||
|
||||
# For the CA policy
|
||||
[ policy_match ]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
# For the 'anything' policy
|
||||
# At this point in time, you must list all acceptable 'object'
|
||||
# types.
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = 1024
|
||||
default_md = sha1
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = v3_ca # The extentions to add to the self signed cert
|
||||
|
||||
# Passwords for private keys if not present they will be prompted for
|
||||
# input_password = secret
|
||||
# output_password = secret
|
||||
|
||||
# This sets a mask for permitted string types. There are several options.
|
||||
# default: PrintableString, T61String, BMPString.
|
||||
# pkix : PrintableString, BMPString.
|
||||
# utf8only: only UTF8Strings.
|
||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
||||
# MASK:XXXX a literal mask value.
|
||||
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
|
||||
# so use this option with caution!
|
||||
# we use PrintableString+UTF8String mask so if pure ASCII texts are used
|
||||
# the resulting certificates are compatible with Netscape
|
||||
string_mask = MASK:0x2002
|
||||
|
||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = AU
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = Australian Capital Territory
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = QcaLand
|
||||
|
||||
0.organizationName = Organization Name (eg, company)
|
||||
0.organizationName_default = Qca Development and Test
|
||||
|
||||
# we can do this but it is not needed normally :-)
|
||||
#1.organizationName = Second Organization Name (eg, company)
|
||||
#1.organizationName_default = World Wide Web Pty Ltd
|
||||
|
||||
organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
organizationalUnitName_default = Certificate Generation Section
|
||||
|
||||
commonName = Common Name (eg, your name or your server\'s hostname)
|
||||
commonName_max = 64
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_max = 64
|
||||
emailAddress_default = testonly@test.example.com
|
||||
|
||||
# SET-ex3 = SET extension number 3
|
||||
|
||||
[ req_attributes ]
|
||||
# not used
|
||||
|
||||
[ usr_cert ]
|
||||
|
||||
# These extensions are added when 'ca' signs a request.
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
# basicConstraints=CA:FALSE
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
nsCertType = server
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
|
||||
#extendedKeyUsage = clientAuth, emailProtection
|
||||
extendedKeyUsage = serverAuth
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
# nsComment = "This certificate was issued for testing only!"
|
||||
nsComment = "This certificate was issued for qca server testing only!"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
subjectAltName=email:copy
|
||||
# An alternative to produce certificates that aren't
|
||||
# deprecated according to PKIX.
|
||||
# subjectAltName=email:move
|
||||
|
||||
# Copy subject details
|
||||
issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
[ v3_req ]
|
||||
|
||||
# Extensions to add to a certificate request
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
[ v3_ca ]
|
||||
|
||||
basicConstraints = critical,CA:true
|
||||
# keyUsage = cRLSign, keyCertSign
|
||||
keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
# Include email address in subject alt name: another PKIX recommendation
|
||||
subjectAltName=email:copy
|
||||
# Copy issuer details
|
||||
issuerAltName=issuer:copy
|
||||
|
||||
# Some might want this also
|
||||
nsCertType = sslCA, emailCA, objCA
|
||||
nsComment = "This certificate was issued for testing only!"
|
||||
|
||||
# DER hex encoding of an extension: beware experts only!
|
||||
# obj=DER:02:03
|
||||
# Where 'obj' is a standard or added object
|
||||
# You can even override a supported extension:
|
||||
# basicConstraints= critical, DER:30:03:01:01:FF
|
||||
|
||||
[ crl_ext ]
|
||||
|
||||
# CRL extensions.
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
|
||||
issuerAltName=issuer:copy
|
||||
authorityKeyIdentifier=keyid:always,issuer:always
|
||||
|
||||
[ proxy_cert_ext ]
|
||||
# These extensions should be added when creating a proxy certificate
|
||||
|
||||
# This goes against PKIX guidelines but some CAs do it and some software
|
||||
# requires this to avoid interpreting an end user certificate as a CA.
|
||||
|
||||
basicConstraints=CA:FALSE
|
||||
|
||||
# Here are some examples of the usage of nsCertType. If it is omitted
|
||||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
||||
# For normal client use this is typical
|
||||
# nsCertType = client, email
|
||||
|
||||
# and for everything including object signing:
|
||||
# nsCertType = client, email, objsign
|
||||
|
||||
# This is typical in keyUsage for a client certificate.
|
||||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "OpenSSL Generated Certificate"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer:always
|
||||
|
||||
# This stuff is for subjectAltName and issuerAltname.
|
||||
# Import the email address.
|
||||
# subjectAltName=email:copy
|
||||
# An alternative to produce certificates that aren't
|
||||
# deprecated according to PKIX.
|
||||
# subjectAltName=email:move
|
||||
|
||||
# Copy subject details
|
||||
# issuerAltName=issuer:copy
|
||||
|
||||
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
|
||||
#nsBaseUrl
|
||||
#nsRevocationUrl
|
||||
#nsRenewalUrl
|
||||
#nsCaPolicyUrl
|
||||
#nsSslServerName
|
||||
|
||||
# This really needs to be in place for it to be a proxy certificate.
|
||||
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
|
Loading…
x
Reference in New Issue
Block a user