From 52811b8c905c40bcfda073c6a9465628ab207b86 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 24 Dec 2015 00:42:40 +0200 Subject: [PATCH] tests: EAP-TLS with intermediate CAs and OCSP multi Signed-off-by: Jouni Malinen --- .../auth_serv/iCA-server/ca-and-root.pem | 125 +++++++++ tests/hwsim/auth_serv/iCA-server/cacert.pem | 70 +++++ tests/hwsim/auth_serv/iCA-server/careq.pem | 16 ++ tests/hwsim/auth_serv/iCA-server/index.txt | 2 + .../hwsim/auth_serv/iCA-server/index.txt.attr | 1 + .../iCA-server/newcerts/8020A0407F798AB8.pem | 84 ++++++ .../iCA-server/newcerts/8020A0407F798AB9.pem | 85 ++++++ .../auth_serv/iCA-server/private/cakey.pem | 28 ++ tests/hwsim/auth_serv/iCA-server/serial | 1 + .../auth_serv/iCA-server/server-revoked.key | 28 ++ .../auth_serv/iCA-server/server-revoked.pem | 85 ++++++ .../auth_serv/iCA-server/server-revoked.req | 16 ++ .../iCA-server/server-revoked_and_ica.pem | 155 +++++++++++ tests/hwsim/auth_serv/iCA-server/server.key | 28 ++ tests/hwsim/auth_serv/iCA-server/server.pem | 84 ++++++ tests/hwsim/auth_serv/iCA-server/server.req | 16 ++ .../auth_serv/iCA-server/server_and_ica.pem | 154 +++++++++++ .../hwsim/auth_serv/iCA-user/ca-and-root.pem | 125 +++++++++ tests/hwsim/auth_serv/iCA-user/cacert.pem | 70 +++++ tests/hwsim/auth_serv/iCA-user/careq.pem | 16 ++ tests/hwsim/auth_serv/iCA-user/index.txt | 1 + tests/hwsim/auth_serv/iCA-user/index.txt.attr | 1 + .../iCA-user/newcerts/E153BA3A7605DA1E.pem | 84 ++++++ .../auth_serv/iCA-user/private/cakey.pem | 28 ++ tests/hwsim/auth_serv/iCA-user/serial | 1 + tests/hwsim/auth_serv/iCA-user/user.key | 28 ++ tests/hwsim/auth_serv/iCA-user/user.pem | 84 ++++++ tests/hwsim/auth_serv/iCA-user/user.req | 16 ++ .../hwsim/auth_serv/iCA-user/user_and_ica.pem | 154 +++++++++++ tests/hwsim/auth_serv/ica-generate.sh | 87 +++++++ tests/hwsim/auth_serv/rootCA/index.txt | 2 + tests/hwsim/auth_serv/rootCA/index.txt.attr | 1 + tests/hwsim/auth_serv/rootCA/serial | 1 + tests/hwsim/test_ap_eap.py | 242 ++++++++++++++++++ 34 files changed, 1919 insertions(+) create mode 100644 tests/hwsim/auth_serv/iCA-server/ca-and-root.pem create mode 100644 tests/hwsim/auth_serv/iCA-server/cacert.pem create mode 100644 tests/hwsim/auth_serv/iCA-server/careq.pem create mode 100644 tests/hwsim/auth_serv/iCA-server/index.txt create mode 100644 tests/hwsim/auth_serv/iCA-server/index.txt.attr create mode 100644 tests/hwsim/auth_serv/iCA-server/newcerts/8020A0407F798AB8.pem create mode 100644 tests/hwsim/auth_serv/iCA-server/newcerts/8020A0407F798AB9.pem create mode 100644 tests/hwsim/auth_serv/iCA-server/private/cakey.pem create mode 100644 tests/hwsim/auth_serv/iCA-server/serial create mode 100644 tests/hwsim/auth_serv/iCA-server/server-revoked.key create mode 100644 tests/hwsim/auth_serv/iCA-server/server-revoked.pem create mode 100644 tests/hwsim/auth_serv/iCA-server/server-revoked.req create mode 100644 tests/hwsim/auth_serv/iCA-server/server-revoked_and_ica.pem create mode 100644 tests/hwsim/auth_serv/iCA-server/server.key create mode 100644 tests/hwsim/auth_serv/iCA-server/server.pem create mode 100644 tests/hwsim/auth_serv/iCA-server/server.req create mode 100644 tests/hwsim/auth_serv/iCA-server/server_and_ica.pem create mode 100644 tests/hwsim/auth_serv/iCA-user/ca-and-root.pem create mode 100644 tests/hwsim/auth_serv/iCA-user/cacert.pem create mode 100644 tests/hwsim/auth_serv/iCA-user/careq.pem create mode 100644 tests/hwsim/auth_serv/iCA-user/index.txt create mode 100644 tests/hwsim/auth_serv/iCA-user/index.txt.attr create mode 100644 tests/hwsim/auth_serv/iCA-user/newcerts/E153BA3A7605DA1E.pem create mode 100644 tests/hwsim/auth_serv/iCA-user/private/cakey.pem create mode 100644 tests/hwsim/auth_serv/iCA-user/serial create mode 100644 tests/hwsim/auth_serv/iCA-user/user.key create mode 100644 tests/hwsim/auth_serv/iCA-user/user.pem create mode 100644 tests/hwsim/auth_serv/iCA-user/user.req create mode 100644 tests/hwsim/auth_serv/iCA-user/user_and_ica.pem create mode 100755 tests/hwsim/auth_serv/ica-generate.sh create mode 100644 tests/hwsim/auth_serv/rootCA/index.txt create mode 100644 tests/hwsim/auth_serv/rootCA/index.txt.attr create mode 100644 tests/hwsim/auth_serv/rootCA/serial diff --git a/tests/hwsim/auth_serv/iCA-server/ca-and-root.pem b/tests/hwsim/auth_serv/iCA-server/ca-and-root.pem new file mode 100644 index 000000000..d32194454 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/ca-and-root.pem @@ -0,0 +1,125 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15624081837803162867 (0xd8d3e3a6cbe3ccf3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Root CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 22 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=Server Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:58:ac:e3:d8:7e:40:f6:84:2a:49:24:49:5a: + f7:c8:23:08:b9:6c:d9:07:01:69:8f:77:28:71:42: + a2:eb:ae:86:10:c6:31:61:9a:14:88:44:0a:68:bf: + 6e:a2:46:41:e9:6f:a2:89:fb:0b:f3:e1:b8:30:bf: + e5:80:5e:f9:61:8d:6e:ac:e2:f7:28:e7:9e:44:28: + b8:e4:6e:87:76:a9:d7:ac:ed:11:3f:de:c3:dd:41: + c3:45:82:09:c3:a7:4c:e6:df:2b:88:1e:44:ce:e2: + a7:29:53:f6:13:96:ad:6c:2e:93:00:28:42:77:bc: + 73:6e:86:e7:5b:e8:eb:e9:37:1d:63:e7:ea:05:5a: + 71:28:f0:81:0b:4c:3f:dd:73:f8:db:13:a8:f0:5f: + 6f:6f:e5:1b:c7:94:7f:57:c5:dc:66:26:0c:5a:71: + 7a:e3:d2:3e:7a:a6:59:46:03:61:78:89:84:3d:ef: + 22:9c:f8:c2:22:75:c4:0c:ef:fb:e4:fa:6f:b8:11: + db:aa:92:9b:6c:23:4e:6e:e5:55:d2:41:47:18:95: + c6:7d:17:be:6d:ab:39:a1:38:61:fd:f9:22:95:69: + f3:9e:28:fd:8a:c8:58:72:3c:91:c2:22:d9:fb:b2: + 54:0f:9a:17:27:88:df:60:f5:de:fc:95:9f:25:c6: + 64:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 84:09:8B:55:1F:7D:2F:0F:28:D7:9C:EC:54:4E:9F:11:97:55:D9:B9 + X509v3 Authority Key Identifier: + keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + bd:22:63:3d:a7:e5:ce:c9:f5:66:1f:77:5f:d5:24:e3:68:dc: + a4:07:80:3e:5e:b1:2c:96:88:39:ad:00:4c:aa:9d:0b:ed:f3: + 6d:df:9d:2f:97:d2:77:8b:ba:d0:9c:0f:a6:5e:60:b8:0f:e1: + 96:b1:61:25:48:69:81:64:a8:5c:82:58:0b:f3:d0:a9:4e:8b: + 90:fc:2f:67:57:da:72:dc:3c:eb:c2:20:19:05:8d:42:0d:14: + cf:00:db:59:00:ea:f0:76:3e:ca:85:b1:05:e5:b8:5f:0b:46: + c7:3c:a1:d9:5c:4d:b9:24:e7:d6:2b:3d:0d:eb:c3:88:d8:3a: + f6:60 +-----BEGIN CERTIFICATE----- +MIIC1TCCAj6gAwIBAgIJANjT46bL48zzMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNTEy +MjMxOTM3MzZaFw0yNTEyMjIxOTM3MzZaMD4xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +DAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVybWVkaWF0ZSBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN5YrOPYfkD2hCpJJEla98gjCLls2QcB +aY93KHFCouuuhhDGMWGaFIhECmi/bqJGQelvoon7C/PhuDC/5YBe+WGNbqzi9yjn +nkQouORuh3ap16ztET/ew91Bw0WCCcOnTObfK4geRM7ipylT9hOWrWwukwAoQne8 +c26G51vo6+k3HWPn6gVacSjwgQtMP91z+NsTqPBfb2/lG8eUf1fF3GYmDFpxeuPS +PnqmWUYDYXiJhD3vIpz4wiJ1xAzv++T6b7gR26qSm2wjTm7lVdJBRxiVxn0Xvm2r +OaE4Yf35IpVp854o/YrIWHI8kcIi2fuyVA+aFyeI32D13vyVnyXGZIECAwEAAaNm +MGQwHQYDVR0OBBYEFIQJi1UffS8PKNec7FROnxGXVdm5MB8GA1UdIwQYMBaAFLiS +3v2KGLMww59V8zNdtMgpikEUMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAL0iYz2n5c7J9WYfd1/VJONo3KQHgD5e +sSyWiDmtAEyqnQvt823fnS+X0neLutCcD6ZeYLgP4ZaxYSVIaYFkqFyCWAvz0KlO +i5D8L2dX2nLcPOvCIBkFjUINFM8A21kA6vB2PsqFsQXluF8LRsc8odlcTbkk59Yr +PQ3rw4jYOvZg +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15624081837803162817 (0xd8d3e3a6cbe3ccc1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Root CA + Validity + Not Before: Jun 29 16:41:22 2013 GMT + Not After : Jun 27 16:41:22 2023 GMT + Subject: C=FI, O=w1.fi, CN=Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:be:1e:86:e4:79:03:c1:d1:94:d5:d4:b3:b1:28: + 90:76:fb:b8:a6:cd:6d:1c:d1:48:f4:08:9a:67:ff: + f9:a6:54:b1:19:29:df:29:1b:cd:f1:6f:66:01:e7: + db:79:ce:c0:39:2a:25:13:26:94:0c:2c:7b:5a:2c: + 81:0f:94:ee:51:d0:75:e6:46:db:17:46:a7:15:8b: + 0e:57:0f:b0:54:76:63:12:ca:86:18:bc:1a:c3:16: + c0:70:09:d6:6b:43:39:b8:98:29:46:ac:cb:6a:ad: + 38:88:3b:07:dc:81:cd:3a:f6:1d:f6:2f:ef:1d:d7: + ae:8a:b6:d1:e7:b3:15:02:b9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + X509v3 Authority Key Identifier: + keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 1a:cf:77:60:44:43:c4:55:0e:99:e0:89:aa:b9:d3:7b:32:b7: + 5c:9c:7c:ca:fe:8c:d4:94:c6:5e:f3:83:19:5f:29:59:68:a4: + 4f:dc:04:2e:b8:71:c0:6d:3b:ae:01:e4:b9:88:99:cc:ce:82: + be:6a:28:c2:ac:6a:94:c6:87:90:ed:85:3c:10:71:c5:ff:3c: + 70:64:e2:41:62:31:ea:86:7b:11:8c:93:ea:c6:f3:f3:4e:f9: + d4:f2:81:90:d7:f4:fa:a1:91:6e:d4:dd:15:3e:26:3b:ac:1e: + c3:c2:1f:ed:bb:34:bf:cb:b2:67:c6:c6:51:e8:51:22:b4:f3: + 92:e8 +-----BEGIN CERTIFICATE----- +MIICLDCCAZWgAwIBAgIJANjT46bL48zBMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA2 +MjkxNjQxMjJaFw0yMzA2MjcxNjQxMjJaMC8xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +DAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAvh6G5HkDwdGU1dSzsSiQdvu4ps1tHNFI9AiaZ//5plSxGSnfKRvN8W9m +Aefbec7AOSolEyaUDCx7WiyBD5TuUdB15kbbF0anFYsOVw+wVHZjEsqGGLwawxbA +cAnWa0M5uJgpRqzLaq04iDsH3IHNOvYd9i/vHdeuirbR57MVArkCAwEAAaNQME4w +HQYDVR0OBBYEFLiS3v2KGLMww59V8zNdtMgpikEUMB8GA1UdIwQYMBaAFLiS3v2K +GLMww59V8zNdtMgpikEUMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +Gs93YERDxFUOmeCJqrnTezK3XJx8yv6M1JTGXvODGV8pWWikT9wELrhxwG07rgHk +uYiZzM6CvmoowqxqlMaHkO2FPBBxxf88cGTiQWIx6oZ7EYyT6sbz80751PKBkNf0 ++qGRbtTdFT4mO6wew8If7bs0v8uyZ8bGUehRIrTzkug= +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/iCA-server/cacert.pem b/tests/hwsim/auth_serv/iCA-server/cacert.pem new file mode 100644 index 000000000..d5532e994 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/cacert.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15624081837803162867 (0xd8d3e3a6cbe3ccf3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Root CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 22 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=Server Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:58:ac:e3:d8:7e:40:f6:84:2a:49:24:49:5a: + f7:c8:23:08:b9:6c:d9:07:01:69:8f:77:28:71:42: + a2:eb:ae:86:10:c6:31:61:9a:14:88:44:0a:68:bf: + 6e:a2:46:41:e9:6f:a2:89:fb:0b:f3:e1:b8:30:bf: + e5:80:5e:f9:61:8d:6e:ac:e2:f7:28:e7:9e:44:28: + b8:e4:6e:87:76:a9:d7:ac:ed:11:3f:de:c3:dd:41: + c3:45:82:09:c3:a7:4c:e6:df:2b:88:1e:44:ce:e2: + a7:29:53:f6:13:96:ad:6c:2e:93:00:28:42:77:bc: + 73:6e:86:e7:5b:e8:eb:e9:37:1d:63:e7:ea:05:5a: + 71:28:f0:81:0b:4c:3f:dd:73:f8:db:13:a8:f0:5f: + 6f:6f:e5:1b:c7:94:7f:57:c5:dc:66:26:0c:5a:71: + 7a:e3:d2:3e:7a:a6:59:46:03:61:78:89:84:3d:ef: + 22:9c:f8:c2:22:75:c4:0c:ef:fb:e4:fa:6f:b8:11: + db:aa:92:9b:6c:23:4e:6e:e5:55:d2:41:47:18:95: + c6:7d:17:be:6d:ab:39:a1:38:61:fd:f9:22:95:69: + f3:9e:28:fd:8a:c8:58:72:3c:91:c2:22:d9:fb:b2: + 54:0f:9a:17:27:88:df:60:f5:de:fc:95:9f:25:c6: + 64:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 84:09:8B:55:1F:7D:2F:0F:28:D7:9C:EC:54:4E:9F:11:97:55:D9:B9 + X509v3 Authority Key Identifier: + keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + bd:22:63:3d:a7:e5:ce:c9:f5:66:1f:77:5f:d5:24:e3:68:dc: + a4:07:80:3e:5e:b1:2c:96:88:39:ad:00:4c:aa:9d:0b:ed:f3: + 6d:df:9d:2f:97:d2:77:8b:ba:d0:9c:0f:a6:5e:60:b8:0f:e1: + 96:b1:61:25:48:69:81:64:a8:5c:82:58:0b:f3:d0:a9:4e:8b: + 90:fc:2f:67:57:da:72:dc:3c:eb:c2:20:19:05:8d:42:0d:14: + cf:00:db:59:00:ea:f0:76:3e:ca:85:b1:05:e5:b8:5f:0b:46: + c7:3c:a1:d9:5c:4d:b9:24:e7:d6:2b:3d:0d:eb:c3:88:d8:3a: + f6:60 +-----BEGIN CERTIFICATE----- +MIIC1TCCAj6gAwIBAgIJANjT46bL48zzMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNTEy +MjMxOTM3MzZaFw0yNTEyMjIxOTM3MzZaMD4xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +DAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVybWVkaWF0ZSBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN5YrOPYfkD2hCpJJEla98gjCLls2QcB +aY93KHFCouuuhhDGMWGaFIhECmi/bqJGQelvoon7C/PhuDC/5YBe+WGNbqzi9yjn +nkQouORuh3ap16ztET/ew91Bw0WCCcOnTObfK4geRM7ipylT9hOWrWwukwAoQne8 +c26G51vo6+k3HWPn6gVacSjwgQtMP91z+NsTqPBfb2/lG8eUf1fF3GYmDFpxeuPS +PnqmWUYDYXiJhD3vIpz4wiJ1xAzv++T6b7gR26qSm2wjTm7lVdJBRxiVxn0Xvm2r +OaE4Yf35IpVp854o/YrIWHI8kcIi2fuyVA+aFyeI32D13vyVnyXGZIECAwEAAaNm +MGQwHQYDVR0OBBYEFIQJi1UffS8PKNec7FROnxGXVdm5MB8GA1UdIwQYMBaAFLiS +3v2KGLMww59V8zNdtMgpikEUMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAL0iYz2n5c7J9WYfd1/VJONo3KQHgD5e +sSyWiDmtAEyqnQvt823fnS+X0neLutCcD6ZeYLgP4ZaxYSVIaYFkqFyCWAvz0KlO +i5D8L2dX2nLcPOvCIBkFjUINFM8A21kA6vB2PsqFsQXluF8LRsc8odlcTbkk59Yr +PQ3rw4jYOvZg +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/iCA-server/careq.pem b/tests/hwsim/auth_serv/iCA-server/careq.pem new file mode 100644 index 000000000..70726e8ed --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/careq.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICljCCAX4CAQAwUTELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4w +DAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVybWVkaWF0ZSBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN5YrOPYfkD2hCpJJEla98gj +CLls2QcBaY93KHFCouuuhhDGMWGaFIhECmi/bqJGQelvoon7C/PhuDC/5YBe+WGN +bqzi9yjnnkQouORuh3ap16ztET/ew91Bw0WCCcOnTObfK4geRM7ipylT9hOWrWwu +kwAoQne8c26G51vo6+k3HWPn6gVacSjwgQtMP91z+NsTqPBfb2/lG8eUf1fF3GYm +DFpxeuPSPnqmWUYDYXiJhD3vIpz4wiJ1xAzv++T6b7gR26qSm2wjTm7lVdJBRxiV +xn0Xvm2rOaE4Yf35IpVp854o/YrIWHI8kcIi2fuyVA+aFyeI32D13vyVnyXGZIEC +AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCdd8AniQQQA4urnrqdR9hQlFY5JxUU +OtGqkRGb8pTJAfxU8hgmAhbHmPw7qhNnZNqr2i/p8A1UcwCuU7Sx2StszIjyuEQJ +SteaUpvLUWM/KrlqBH4VTcHFGsZWEJ+gMhBJwJuET6mtZFdm84HALJClIysx973p +d6i92H93ew3RuMF/erMnCPNjt0Pe8QWU/tpwsVD/SBGbqg8PCShqySNO9P+P1pAb +wIPInq3ox2E6RStFnIY8MES5sTUFWAxh3MNYY8OuVcuun2R0Yk0jy/wmmaWzcXS+ +sOj48LNyptGk8SAS1Yxu8lUfj3p77eZZqUqLorj/hdoqfnMOnCx7NOww +-----END CERTIFICATE REQUEST----- diff --git a/tests/hwsim/auth_serv/iCA-server/index.txt b/tests/hwsim/auth_serv/iCA-server/index.txt new file mode 100644 index 000000000..a480a97b5 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/index.txt @@ -0,0 +1,2 @@ +V 251220193736Z 8020A0407F798AB8 unknown /C=FI/O=w1.fi/CN=server.w1.fi +R 251220193736Z 151223193736Z 8020A0407F798AB9 unknown /C=FI/O=w1.fi/CN=server-revoked.w1.fi diff --git a/tests/hwsim/auth_serv/iCA-server/index.txt.attr b/tests/hwsim/auth_serv/iCA-server/index.txt.attr new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/tests/hwsim/auth_serv/iCA-server/newcerts/8020A0407F798AB8.pem b/tests/hwsim/auth_serv/iCA-server/newcerts/8020A0407F798AB8.pem new file mode 100644 index 000000000..ebcbde353 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/newcerts/8020A0407F798AB8.pem @@ -0,0 +1,84 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9232555434986539704 (0x8020a0407f798ab8) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Server Intermediate CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 20 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=server.w1.fi + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e4:88:a5:93:02:5b:bc:54:68:46:fa:73:7d:33: + 30:47:45:5c:49:5f:3c:51:5f:9b:fe:c5:14:10:26: + 3d:0f:e3:c2:b2:17:84:d3:3e:12:a8:b2:7b:02:1a: + 8a:8b:e9:f4:41:1e:fc:f3:49:2d:c6:d4:88:27:81: + d0:86:f3:b9:c0:0a:2a:28:45:00:32:c3:18:22:f6: + 99:37:f1:74:8d:ac:54:47:73:e5:b6:d3:e7:f8:80: + 99:75:f5:19:19:eb:19:70:df:92:53:b1:61:38:ff: + 7f:cf:8b:bd:e1:7f:50:5b:d0:95:30:a3:37:6b:8a: + 72:06:a7:e8:39:e2:a4:78:43:98:91:cd:30:88:34: + 5b:aa:9e:a2:9f:26:d5:e1:5b:86:4d:01:a4:c2:65: + cd:27:94:be:e2:f5:73:5d:c4:60:98:f1:75:11:94: + 09:0d:9d:04:7f:ef:1a:9d:5f:f0:4a:3f:88:d7:76: + 2e:9b:d6:2a:c6:94:09:37:0a:37:24:92:91:9d:18: + 0f:ea:4e:d4:e4:9d:45:38:5a:ba:d8:df:b6:15:6f: + ac:ff:6c:41:ac:d7:c0:0a:55:ec:81:ca:9a:59:40: + 55:8b:a4:77:13:df:fa:c3:b5:ee:ef:87:41:8d:94: + d0:c0:96:41:b4:3a:04:b6:6b:6a:56:93:f4:67:7e: + 27:e1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 4B:81:85:B4:88:41:0D:D4:15:D3:48:0E:F4:A9:99:14:2D:B1:DB:93 + X509v3 Authority Key Identifier: + keyid:84:09:8B:55:1F:7D:2F:0F:28:D7:9C:EC:54:4E:9F:11:97:55:D9:B9 + + X509v3 Subject Alternative Name: critical + DNS:server.w1.fi + X509v3 Extended Key Usage: critical + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 49:2a:14:22:16:2c:12:f5:4e:06:f3:c2:1e:ac:54:07:5d:86: + 16:3e:6c:a0:73:e1:a6:d7:c3:49:1f:80:0d:b6:54:22:77:ce: + 39:dd:f6:f6:9f:62:ff:d5:27:7f:c3:92:73:b9:a7:ce:87:5a: + e3:bc:52:b3:0a:99:eb:91:56:b6:78:01:c3:0e:4b:ca:8a:04: + ee:5c:56:05:ef:7a:cb:21:f9:eb:8a:38:12:50:c7:6e:a8:1f: + 0e:81:81:a6:2d:ea:35:94:24:db:76:77:df:ea:41:4c:af:7e: + 29:9d:d5:e6:e3:12:78:19:92:ed:35:b9:99:19:a9:d6:cb:f8: + a7:21:fb:8e:a7:39:dc:e1:ab:3d:ba:12:87:ba:1c:08:e6:8a: + 21:96:44:44:8a:61:0f:70:00:d0:cb:63:93:a4:fa:cc:75:a3: + fd:e8:af:33:24:80:4a:d9:b9:2a:a1:20:0b:62:0b:17:6c:9a: + 7c:8b:fd:9e:ff:be:b2:51:5e:e9:3a:cc:28:22:63:44:69:7f: + 6d:1f:08:14:a4:32:d0:1f:f9:c3:8d:28:1a:76:12:00:3c:b3: + 38:13:ca:67:17:79:c6:de:5d:b7:9d:f8:e3:64:f7:b3:a0:5c: + e5:6e:fc:10:f3:53:d6:70:38:c2:6f:87:ab:07:1c:64:ff:30: + d8:3a:1e:75 +-----BEGIN CERTIFICATE----- +MIIDiDCCAnCgAwIBAgIJAIAgoEB/eYq4MA0GCSqGSIb3DQEBCwUAMD4xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVybWVk +aWF0ZSBDQTAeFw0xNTEyMjMxOTM3MzZaFw0yNTEyMjAxOTM3MzZaMDQxCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEVMBMGA1UEAwwMc2VydmVyLncxLmZpMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IilkwJbvFRoRvpzfTMwR0Vc +SV88UV+b/sUUECY9D+PCsheE0z4SqLJ7AhqKi+n0QR7880ktxtSIJ4HQhvO5wAoq +KEUAMsMYIvaZN/F0jaxUR3PlttPn+ICZdfUZGesZcN+SU7FhOP9/z4u94X9QW9CV +MKM3a4pyBqfoOeKkeEOYkc0wiDRbqp6inybV4VuGTQGkwmXNJ5S+4vVzXcRgmPF1 +EZQJDZ0Ef+8anV/wSj+I13Yum9YqxpQJNwo3JJKRnRgP6k7U5J1FOFq62N+2FW+s +/2xBrNfAClXsgcqaWUBVi6R3E9/6w7Xu74dBjZTQwJZBtDoEtmtqVpP0Z34n4QID +AQABo4GSMIGPMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEuBhbSIQQ3UFdNIDvSp +mRQtsduTMB8GA1UdIwQYMBaAFIQJi1UffS8PKNec7FROnxGXVdm5MBoGA1UdEQEB +/wQQMA6CDHNlcnZlci53MS5maTAWBgNVHSUBAf8EDDAKBggrBgEFBQcDATALBgNV +HQ8EBAMCBaAwDQYJKoZIhvcNAQELBQADggEBAEkqFCIWLBL1Tgbzwh6sVAddhhY+ +bKBz4abXw0kfgA22VCJ3zjnd9vafYv/VJ3/DknO5p86HWuO8UrMKmeuRVrZ4AcMO +S8qKBO5cVgXvessh+euKOBJQx26oHw6BgaYt6jWUJNt2d9/qQUyvfimd1ebjEngZ +ku01uZkZqdbL+Kch+46nOdzhqz26Eoe6HAjmiiGWRESKYQ9wANDLY5Ok+sx1o/3o +rzMkgErZuSqhIAtiCxdsmnyL/Z7/vrJRXuk6zCgiY0Rpf20fCBSkMtAf+cONKBp2 +EgA8szgTymcXecbeXbed+ONk97OgXOVu/BDzU9ZwOMJvh6sHHGT/MNg6HnU= +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/iCA-server/newcerts/8020A0407F798AB9.pem b/tests/hwsim/auth_serv/iCA-server/newcerts/8020A0407F798AB9.pem new file mode 100644 index 000000000..737978502 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/newcerts/8020A0407F798AB9.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9232555434986539705 (0x8020a0407f798ab9) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Server Intermediate CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 20 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=server-revoked.w1.fi + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ac:5c:ae:06:36:4a:65:e0:db:0b:3c:28:13:08: + 8b:90:66:43:6f:c8:b2:3b:fa:41:bd:1a:10:10:fb: + e9:05:6a:ba:42:90:4d:2e:cf:b1:b9:c3:73:f5:fc: + ac:4c:18:e9:44:73:69:5e:2d:83:63:d1:29:e5:59: + 55:a8:bf:b0:1c:7a:0d:17:18:b0:38:21:af:cb:6d: + a9:6b:9d:a2:88:0e:1c:ee:1a:a5:9f:3c:27:ea:fe: + 8f:9b:94:df:12:3c:34:bb:bf:6c:d0:6c:6b:46:ad: + bc:ff:88:ae:d8:4d:8b:9f:34:50:25:c4:96:be:25: + 42:06:c8:b3:8e:21:a5:fd:a3:82:f9:74:78:46:56: + 8d:0b:f0:c4:fa:1a:0e:f5:34:22:53:fd:43:37:a3: + 47:fd:9f:a2:bc:d0:60:25:a8:db:93:f7:0c:88:fe: + 79:52:f2:07:f1:de:fc:66:6e:fe:da:10:76:6c:d0: + 87:8c:ef:dd:40:6d:82:7c:d1:39:b2:17:d6:07:cf: + 1a:5a:39:12:ed:49:4f:d9:c7:91:40:ab:73:f7:54: + 3c:a5:7d:9f:bb:0c:47:77:0e:d9:61:e5:1b:14:65: + 4e:38:c5:a7:8a:ee:32:be:05:25:94:a0:7f:96:09: + 59:1b:04:08:42:6b:50:6b:95:7a:78:f6:ec:f4:f6: + 4d:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 0D:49:37:45:42:77:90:25:BA:9B:67:DB:F6:DC:61:D2:53:5B:C6:BC + X509v3 Authority Key Identifier: + keyid:84:09:8B:55:1F:7D:2F:0F:28:D7:9C:EC:54:4E:9F:11:97:55:D9:B9 + + X509v3 Subject Alternative Name: critical + DNS:server-revoked.w1.fi + X509v3 Extended Key Usage: critical + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 22:c6:72:08:84:a9:e9:19:77:ea:6a:06:68:43:8b:e7:72:af: + 9c:a2:47:b9:6f:b6:cb:11:17:89:0a:42:52:14:58:9e:3c:01: + fd:e7:fc:a2:0d:85:a5:b5:8c:27:d5:5e:b2:47:05:05:f9:56: + b6:0b:e2:28:f3:1d:75:5e:13:eb:ec:a0:76:2b:d9:ed:99:84: + 08:6d:64:71:13:b6:02:81:b3:c2:7e:b8:b6:00:98:4f:26:ea: + f1:67:5b:35:2a:26:d0:ca:a8:fb:eb:21:fb:f1:d6:5a:63:42: + 01:5f:b3:59:3d:f8:e0:4d:94:3a:3a:82:46:02:9d:81:2c:ef: + e5:46:c7:99:f4:2f:43:ad:85:fc:2c:ca:0b:6b:48:01:ac:d7: + f7:da:0e:16:c4:10:18:14:83:9c:85:90:75:ef:66:9f:65:42: + e5:e7:8c:16:ac:f6:60:61:d7:5f:a0:21:cd:8a:85:d4:a0:f2: + 8e:17:0e:38:5e:31:12:ac:24:b5:67:61:9d:15:84:0b:fc:84: + 8a:d4:29:90:3d:4b:23:48:19:6b:f7:26:1f:fe:b9:b9:f1:6e: + 70:ac:ec:31:60:be:7d:6f:58:7e:c1:47:61:a7:b0:4b:b2:fd: + 62:06:c5:97:43:28:39:a5:c5:60:51:c0:46:9d:6b:e4:1a:ed: + 0c:a6:51:8a +-----BEGIN CERTIFICATE----- +MIIDmDCCAoCgAwIBAgIJAIAgoEB/eYq5MA0GCSqGSIb3DQEBCwUAMD4xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVybWVk +aWF0ZSBDQTAeFw0xNTEyMjMxOTM3MzZaFw0yNTEyMjAxOTM3MzZaMDwxCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUc2VydmVyLXJldm9rZWQu +dzEuZmkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsXK4GNkpl4NsL +PCgTCIuQZkNvyLI7+kG9GhAQ++kFarpCkE0uz7G5w3P1/KxMGOlEc2leLYNj0Snl +WVWov7Aceg0XGLA4Ia/LbalrnaKIDhzuGqWfPCfq/o+blN8SPDS7v2zQbGtGrbz/ +iK7YTYufNFAlxJa+JUIGyLOOIaX9o4L5dHhGVo0L8MT6Gg71NCJT/UM3o0f9n6K8 +0GAlqNuT9wyI/nlS8gfx3vxmbv7aEHZs0IeM791AbYJ80TmyF9YHzxpaORLtSU/Z +x5FAq3P3VDylfZ+7DEd3Dtlh5RsUZU44xaeK7jK+BSWUoH+WCVkbBAhCa1BrlXp4 +9uz09k1DAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUDUk3RUJ3 +kCW6m2fb9txh0lNbxrwwHwYDVR0jBBgwFoAUhAmLVR99Lw8o15zsVE6fEZdV2bkw +IgYDVR0RAQH/BBgwFoIUc2VydmVyLXJldm9rZWQudzEuZmkwFgYDVR0lAQH/BAww +CgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQAixnII +hKnpGXfqagZoQ4vncq+coke5b7bLEReJCkJSFFiePAH95/yiDYWltYwn1V6yRwUF ++Va2C+Io8x11XhPr7KB2K9ntmYQIbWRxE7YCgbPCfri2AJhPJurxZ1s1KibQyqj7 +6yH78dZaY0IBX7NZPfjgTZQ6OoJGAp2BLO/lRseZ9C9DrYX8LMoLa0gBrNf32g4W +xBAYFIOchZB172afZULl54wWrPZgYddfoCHNioXUoPKOFw44XjESrCS1Z2GdFYQL +/ISK1CmQPUsjSBlr9yYf/rm58W5wrOwxYL59b1h+wUdhp7BLsv1iBsWXQyg5pcVg +UcBGnWvkGu0MplGK +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/iCA-server/private/cakey.pem b/tests/hwsim/auth_serv/iCA-server/private/cakey.pem new file mode 100644 index 000000000..579139e72 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/private/cakey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDeWKzj2H5A9oQq +SSRJWvfIIwi5bNkHAWmPdyhxQqLrroYQxjFhmhSIRApov26iRkHpb6KJ+wvz4bgw +v+WAXvlhjW6s4vco555EKLjkbod2qdes7RE/3sPdQcNFggnDp0zm3yuIHkTO4qcp +U/YTlq1sLpMAKEJ3vHNuhudb6OvpNx1j5+oFWnEo8IELTD/dc/jbE6jwX29v5RvH +lH9XxdxmJgxacXrj0j56pllGA2F4iYQ97yKc+MIidcQM7/vk+m+4EduqkptsI05u +5VXSQUcYlcZ9F75tqzmhOGH9+SKVafOeKP2KyFhyPJHCItn7slQPmhcniN9g9d78 +lZ8lxmSBAgMBAAECggEAYEOYJtVWZB3WvtAH69J8sKOqZU1g8Q2FfF2kntSw4MUg +uiZ0vsMM3KpIr20iIxOz+bMhdgfA9wfkzQZoAJod8kRfhG6Hf6g3916CHjRUZeXG +wNGqxDJYLnUIbBGO1KycOOCqYjZoqAGtSdFWGskDsHDBqDHGBT0L5PB3Pm2rpb4u +JQV2Dcvqjf8MfDBGsyKx7+L+EtMXhcgUCQ4vRtvCvNV+Xl4wL37l1/OkfIPTWkQE +FpkBMy+/cvB8H6rmlAxp6t8EV9rbgyt9OW86+gf1q4U7VM6VUXFGjFvGwji9OkgA +UnwrdX0IryG/ruuKzIb6eBEb5hRoluGqHphptiX8IQKBgQD5/QazeInpiHkfZpm5 +obgLYtLHkQuewVIZVFhVAle07AaZ2748lRMu/UHo0YITS1mLK8AA7xVi+NjwIbg0 +WpoBQ4V6k7U/+PfLygFYbTB+vTreH6Za/zIpEXjYudemt5Xgjva+YEM5/rYNkNgH +d0Dcbuq1D5OgsEWs/S3jlPzWJQKBgQDjsXrj1wO8yYokv9kGETVN9604lYFNfTnD +HwAcEanCa+Ist6TpMZOK7QV78rmR5bxymLKI6UPCvrdqhLb+BuTl2GrSvrSeNwk4 +zAHi25MapTQxssJMtom88htbBIJ/P+0iEXKKXIRzIi0UXRNfoE5lwQZlHUdFHtlK +xUvnrgXALQKBgQCva2JcZeVAvsdfxXtxy41+T+Zgq+Nfj4CwzYL+hBpPlqA7Lvub +P3CqtISffwSrzWAUTKr6/MohHUX9m2vLMRiIcn0juqqhLW+UzTeMeXJiPR8l50ew +6wqjzuLiEebF0mWVojx68sm51IajllRBSOl2xU5lp3yMcaUy8qZU4KNbEQKBgBnu +lLhuPJa7vWgCEY2HWDLRCoFvRZK1uGZomXKY8GScNN4y7C1C4DLqW72KH2hmadgD +XBILvxPm9KzFALJdxqQGyePGpHuAeSRm17AmodJfDlq6qTZjc7x5NnRfRx2HAlLm ++cyYTN1v/wJat2Ikt8kO+tN5SiytHsJNRh/UygLhAoGAXctGrFNl7a/cg0b7zr8O +0t7UcaqXRpYHFTOaijL3WkI7Ps4us14lmkWvkM1iUjCyPtBCRNeYXu5HxENIn4p5 +RixqYvO1DO/9TYNL/fXReqtVEgYz8ygAmasRf7NSJxO1ByhCiJ+rxRXCTFic/GPU +k5WGvSSepCUM2RpqXVWsm44= +-----END PRIVATE KEY----- diff --git a/tests/hwsim/auth_serv/iCA-server/serial b/tests/hwsim/auth_serv/iCA-server/serial new file mode 100644 index 000000000..06b9bf87b --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/serial @@ -0,0 +1 @@ +8020A0407F798ABA diff --git a/tests/hwsim/auth_serv/iCA-server/server-revoked.key b/tests/hwsim/auth_serv/iCA-server/server-revoked.key new file mode 100644 index 000000000..51f25170f --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/server-revoked.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCsXK4GNkpl4NsL +PCgTCIuQZkNvyLI7+kG9GhAQ++kFarpCkE0uz7G5w3P1/KxMGOlEc2leLYNj0Snl +WVWov7Aceg0XGLA4Ia/LbalrnaKIDhzuGqWfPCfq/o+blN8SPDS7v2zQbGtGrbz/ +iK7YTYufNFAlxJa+JUIGyLOOIaX9o4L5dHhGVo0L8MT6Gg71NCJT/UM3o0f9n6K8 +0GAlqNuT9wyI/nlS8gfx3vxmbv7aEHZs0IeM791AbYJ80TmyF9YHzxpaORLtSU/Z +x5FAq3P3VDylfZ+7DEd3Dtlh5RsUZU44xaeK7jK+BSWUoH+WCVkbBAhCa1BrlXp4 +9uz09k1DAgMBAAECggEBAIodPemGaXlXg85t5uLRjxwnhdQ2KvQ6paDFGKizY1bO +3e/mt6JSFWT4hJxRWzMjJxCNtpobuFQsz/iS7DvrVlCLUJ/4TYS9IaPN/NtaFloV +jQMS4TJGvunkD+koktOG4O6tBqHArvmU0ISm3ww+nyn0fmC1NeGp802CV7cFqYAi +y5QT6FhBZYRGj8v+YH9I06Os+tr6C0tKdy5J5nMrbHa64XZulHn/McbeDImtnBfy +5aLOMIZjlat6nYjMC9dhAuDXKXodnmBW4Jq889UVbg+kgtu9r8Uga5Wx+IBKiieM +vjHOtJPCb4fHTjCl19G7D5WsXy4r/JNQyUQXlSLpO+kCgYEA4cTzLQ5D8WVsUBOp +cOZBi93AdbQvbbC7HhkMiFACmhs1cQhgvMXVgjdxt1NcX33tZ9kK8dnx41kp0/ey +/8JEJM5DI1RFqPIBkXi50RY32uazi7azoSAx0xvmkXvdpTdBUB5BjMHbqzxQZhgH +D4gtC93o2C53z1StE0Dr37b3zNcCgYEAw3EA+PN+y6Y5e13GLC9M0NSK1gFutCEK +RqhpCWG1NqJgKMcDTaqPyb74ky9JkAVlFA7WQUUOHInbY+ZCnRLRpgNzbvOgQd33 +g7e5kyHcYsdizZrn3qRKPqocmtFNIjs6xNYufdbMvEU66E752WQOq+TZI89vYkPB +E0uEyzcq6XUCgYAEIWVNirhFf1SG9oUgEqZaV7lArgY8HIKf31dyWvxhM2Q76CpU +6c2pLzh+YSEMgjJItxjTKeiZ/zSbsylsMnKqtbdWuyD3IU5UCgBkSeLFt3jLcpFA +vmUK9rS2Lqz0a9lfDN6oI5fQPy89Xu0qJJSmZe3vnpIEkgkElCh8lE1eSwKBgQC4 +Y7oeJmSfMEGVMcDRWQLpF02xYIKYcX+ncCZBEq0MUZ/VeQWV1fB4z7Ln8jo+Jcja +ZrEfvU32AN463zhDx0iCj0juCe5NlmR6IfF0bgLmMuT1xEs0k930RzxbmFJklGr6 +4HPWh7x7d/l+yVwSDMOGy49NqNyWYgQb9yjfLTpQLQKBgAM+hF/wgbDpA7GGP1ww +c9kouaXkylPHJWab28Gr2Ef9ixZjQ/RQrcc71H8e4/ZFAgTN0hclxQMdH2mo6ocC +cEyxajAci8QaX7RDKZUppsP9vbZk+7HTgyaCo2vh5xOPAeeTzOPhFSoxUhFfj+cP +Ybdr61y8Ug/YwixvsB0eZtLt +-----END PRIVATE KEY----- diff --git a/tests/hwsim/auth_serv/iCA-server/server-revoked.pem b/tests/hwsim/auth_serv/iCA-server/server-revoked.pem new file mode 100644 index 000000000..737978502 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/server-revoked.pem @@ -0,0 +1,85 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9232555434986539705 (0x8020a0407f798ab9) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Server Intermediate CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 20 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=server-revoked.w1.fi + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ac:5c:ae:06:36:4a:65:e0:db:0b:3c:28:13:08: + 8b:90:66:43:6f:c8:b2:3b:fa:41:bd:1a:10:10:fb: + e9:05:6a:ba:42:90:4d:2e:cf:b1:b9:c3:73:f5:fc: + ac:4c:18:e9:44:73:69:5e:2d:83:63:d1:29:e5:59: + 55:a8:bf:b0:1c:7a:0d:17:18:b0:38:21:af:cb:6d: + a9:6b:9d:a2:88:0e:1c:ee:1a:a5:9f:3c:27:ea:fe: + 8f:9b:94:df:12:3c:34:bb:bf:6c:d0:6c:6b:46:ad: + bc:ff:88:ae:d8:4d:8b:9f:34:50:25:c4:96:be:25: + 42:06:c8:b3:8e:21:a5:fd:a3:82:f9:74:78:46:56: + 8d:0b:f0:c4:fa:1a:0e:f5:34:22:53:fd:43:37:a3: + 47:fd:9f:a2:bc:d0:60:25:a8:db:93:f7:0c:88:fe: + 79:52:f2:07:f1:de:fc:66:6e:fe:da:10:76:6c:d0: + 87:8c:ef:dd:40:6d:82:7c:d1:39:b2:17:d6:07:cf: + 1a:5a:39:12:ed:49:4f:d9:c7:91:40:ab:73:f7:54: + 3c:a5:7d:9f:bb:0c:47:77:0e:d9:61:e5:1b:14:65: + 4e:38:c5:a7:8a:ee:32:be:05:25:94:a0:7f:96:09: + 59:1b:04:08:42:6b:50:6b:95:7a:78:f6:ec:f4:f6: + 4d:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 0D:49:37:45:42:77:90:25:BA:9B:67:DB:F6:DC:61:D2:53:5B:C6:BC + X509v3 Authority Key Identifier: + keyid:84:09:8B:55:1F:7D:2F:0F:28:D7:9C:EC:54:4E:9F:11:97:55:D9:B9 + + X509v3 Subject Alternative Name: critical + DNS:server-revoked.w1.fi + X509v3 Extended Key Usage: critical + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 22:c6:72:08:84:a9:e9:19:77:ea:6a:06:68:43:8b:e7:72:af: + 9c:a2:47:b9:6f:b6:cb:11:17:89:0a:42:52:14:58:9e:3c:01: + fd:e7:fc:a2:0d:85:a5:b5:8c:27:d5:5e:b2:47:05:05:f9:56: + b6:0b:e2:28:f3:1d:75:5e:13:eb:ec:a0:76:2b:d9:ed:99:84: + 08:6d:64:71:13:b6:02:81:b3:c2:7e:b8:b6:00:98:4f:26:ea: + f1:67:5b:35:2a:26:d0:ca:a8:fb:eb:21:fb:f1:d6:5a:63:42: + 01:5f:b3:59:3d:f8:e0:4d:94:3a:3a:82:46:02:9d:81:2c:ef: + e5:46:c7:99:f4:2f:43:ad:85:fc:2c:ca:0b:6b:48:01:ac:d7: + f7:da:0e:16:c4:10:18:14:83:9c:85:90:75:ef:66:9f:65:42: + e5:e7:8c:16:ac:f6:60:61:d7:5f:a0:21:cd:8a:85:d4:a0:f2: + 8e:17:0e:38:5e:31:12:ac:24:b5:67:61:9d:15:84:0b:fc:84: + 8a:d4:29:90:3d:4b:23:48:19:6b:f7:26:1f:fe:b9:b9:f1:6e: + 70:ac:ec:31:60:be:7d:6f:58:7e:c1:47:61:a7:b0:4b:b2:fd: + 62:06:c5:97:43:28:39:a5:c5:60:51:c0:46:9d:6b:e4:1a:ed: + 0c:a6:51:8a +-----BEGIN CERTIFICATE----- +MIIDmDCCAoCgAwIBAgIJAIAgoEB/eYq5MA0GCSqGSIb3DQEBCwUAMD4xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVybWVk +aWF0ZSBDQTAeFw0xNTEyMjMxOTM3MzZaFw0yNTEyMjAxOTM3MzZaMDwxCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUc2VydmVyLXJldm9rZWQu +dzEuZmkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsXK4GNkpl4NsL +PCgTCIuQZkNvyLI7+kG9GhAQ++kFarpCkE0uz7G5w3P1/KxMGOlEc2leLYNj0Snl +WVWov7Aceg0XGLA4Ia/LbalrnaKIDhzuGqWfPCfq/o+blN8SPDS7v2zQbGtGrbz/ +iK7YTYufNFAlxJa+JUIGyLOOIaX9o4L5dHhGVo0L8MT6Gg71NCJT/UM3o0f9n6K8 +0GAlqNuT9wyI/nlS8gfx3vxmbv7aEHZs0IeM791AbYJ80TmyF9YHzxpaORLtSU/Z +x5FAq3P3VDylfZ+7DEd3Dtlh5RsUZU44xaeK7jK+BSWUoH+WCVkbBAhCa1BrlXp4 +9uz09k1DAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUDUk3RUJ3 +kCW6m2fb9txh0lNbxrwwHwYDVR0jBBgwFoAUhAmLVR99Lw8o15zsVE6fEZdV2bkw +IgYDVR0RAQH/BBgwFoIUc2VydmVyLXJldm9rZWQudzEuZmkwFgYDVR0lAQH/BAww +CgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQAixnII +hKnpGXfqagZoQ4vncq+coke5b7bLEReJCkJSFFiePAH95/yiDYWltYwn1V6yRwUF ++Va2C+Io8x11XhPr7KB2K9ntmYQIbWRxE7YCgbPCfri2AJhPJurxZ1s1KibQyqj7 +6yH78dZaY0IBX7NZPfjgTZQ6OoJGAp2BLO/lRseZ9C9DrYX8LMoLa0gBrNf32g4W +xBAYFIOchZB172afZULl54wWrPZgYddfoCHNioXUoPKOFw44XjESrCS1Z2GdFYQL +/ISK1CmQPUsjSBlr9yYf/rm58W5wrOwxYL59b1h+wUdhp7BLsv1iBsWXQyg5pcVg +UcBGnWvkGu0MplGK +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/iCA-server/server-revoked.req b/tests/hwsim/auth_serv/iCA-server/server-revoked.req new file mode 100644 index 000000000..775c8a109 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/server-revoked.req @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIClDCCAXwCAQAwTzELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4w +DAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUc2VydmVyLXJldm9rZWQudzEuZmkwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsXK4GNkpl4NsLPCgTCIuQZkNv +yLI7+kG9GhAQ++kFarpCkE0uz7G5w3P1/KxMGOlEc2leLYNj0SnlWVWov7Aceg0X +GLA4Ia/LbalrnaKIDhzuGqWfPCfq/o+blN8SPDS7v2zQbGtGrbz/iK7YTYufNFAl +xJa+JUIGyLOOIaX9o4L5dHhGVo0L8MT6Gg71NCJT/UM3o0f9n6K80GAlqNuT9wyI +/nlS8gfx3vxmbv7aEHZs0IeM791AbYJ80TmyF9YHzxpaORLtSU/Zx5FAq3P3VDyl +fZ+7DEd3Dtlh5RsUZU44xaeK7jK+BSWUoH+WCVkbBAhCa1BrlXp49uz09k1DAgMB +AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAUcB51hlCnud4M8uQMv74+6VpPykm7srA +f+kX1or6J1hRrpdUENDydBG/WavyKJmJ4FEb+SS3K+BDoLCObGwazOcFPvJWlT8S +8h8vX5BC+zqLqqjtBv6BJ6Wkb3s/3yhMpGJtrEHShxQTagkqsqSV+nRcnqR/9Ufw +/pHVZ+2sc0Q+dzY+aOmHw+XKkczeI73/j8odhf+a5yTyt6DmUgPRsCOhrBPAlakb +rHzhfnziYI2pS4/q8Ok5LyFAiBjYp5HFvHEwfjb/3o4bLFTpbDDsJoeyX0ddFFhb +fZUhqGHYHMIGR5RXJ685RXg39f7PN8/YPIq4wAjGb9qpkwCbqUJPOA== +-----END CERTIFICATE REQUEST----- diff --git a/tests/hwsim/auth_serv/iCA-server/server-revoked_and_ica.pem b/tests/hwsim/auth_serv/iCA-server/server-revoked_and_ica.pem new file mode 100644 index 000000000..fae468a78 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/server-revoked_and_ica.pem @@ -0,0 +1,155 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15624081837803162867 (0xd8d3e3a6cbe3ccf3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Root CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 22 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=Server Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:58:ac:e3:d8:7e:40:f6:84:2a:49:24:49:5a: + f7:c8:23:08:b9:6c:d9:07:01:69:8f:77:28:71:42: + a2:eb:ae:86:10:c6:31:61:9a:14:88:44:0a:68:bf: + 6e:a2:46:41:e9:6f:a2:89:fb:0b:f3:e1:b8:30:bf: + e5:80:5e:f9:61:8d:6e:ac:e2:f7:28:e7:9e:44:28: + b8:e4:6e:87:76:a9:d7:ac:ed:11:3f:de:c3:dd:41: + c3:45:82:09:c3:a7:4c:e6:df:2b:88:1e:44:ce:e2: + a7:29:53:f6:13:96:ad:6c:2e:93:00:28:42:77:bc: + 73:6e:86:e7:5b:e8:eb:e9:37:1d:63:e7:ea:05:5a: + 71:28:f0:81:0b:4c:3f:dd:73:f8:db:13:a8:f0:5f: + 6f:6f:e5:1b:c7:94:7f:57:c5:dc:66:26:0c:5a:71: + 7a:e3:d2:3e:7a:a6:59:46:03:61:78:89:84:3d:ef: + 22:9c:f8:c2:22:75:c4:0c:ef:fb:e4:fa:6f:b8:11: + db:aa:92:9b:6c:23:4e:6e:e5:55:d2:41:47:18:95: + c6:7d:17:be:6d:ab:39:a1:38:61:fd:f9:22:95:69: + f3:9e:28:fd:8a:c8:58:72:3c:91:c2:22:d9:fb:b2: + 54:0f:9a:17:27:88:df:60:f5:de:fc:95:9f:25:c6: + 64:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 84:09:8B:55:1F:7D:2F:0F:28:D7:9C:EC:54:4E:9F:11:97:55:D9:B9 + X509v3 Authority Key Identifier: + keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + bd:22:63:3d:a7:e5:ce:c9:f5:66:1f:77:5f:d5:24:e3:68:dc: + a4:07:80:3e:5e:b1:2c:96:88:39:ad:00:4c:aa:9d:0b:ed:f3: + 6d:df:9d:2f:97:d2:77:8b:ba:d0:9c:0f:a6:5e:60:b8:0f:e1: + 96:b1:61:25:48:69:81:64:a8:5c:82:58:0b:f3:d0:a9:4e:8b: + 90:fc:2f:67:57:da:72:dc:3c:eb:c2:20:19:05:8d:42:0d:14: + cf:00:db:59:00:ea:f0:76:3e:ca:85:b1:05:e5:b8:5f:0b:46: + c7:3c:a1:d9:5c:4d:b9:24:e7:d6:2b:3d:0d:eb:c3:88:d8:3a: + f6:60 +-----BEGIN CERTIFICATE----- +MIIC1TCCAj6gAwIBAgIJANjT46bL48zzMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNTEy +MjMxOTM3MzZaFw0yNTEyMjIxOTM3MzZaMD4xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +DAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVybWVkaWF0ZSBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN5YrOPYfkD2hCpJJEla98gjCLls2QcB +aY93KHFCouuuhhDGMWGaFIhECmi/bqJGQelvoon7C/PhuDC/5YBe+WGNbqzi9yjn +nkQouORuh3ap16ztET/ew91Bw0WCCcOnTObfK4geRM7ipylT9hOWrWwukwAoQne8 +c26G51vo6+k3HWPn6gVacSjwgQtMP91z+NsTqPBfb2/lG8eUf1fF3GYmDFpxeuPS +PnqmWUYDYXiJhD3vIpz4wiJ1xAzv++T6b7gR26qSm2wjTm7lVdJBRxiVxn0Xvm2r +OaE4Yf35IpVp854o/YrIWHI8kcIi2fuyVA+aFyeI32D13vyVnyXGZIECAwEAAaNm +MGQwHQYDVR0OBBYEFIQJi1UffS8PKNec7FROnxGXVdm5MB8GA1UdIwQYMBaAFLiS +3v2KGLMww59V8zNdtMgpikEUMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAL0iYz2n5c7J9WYfd1/VJONo3KQHgD5e +sSyWiDmtAEyqnQvt823fnS+X0neLutCcD6ZeYLgP4ZaxYSVIaYFkqFyCWAvz0KlO +i5D8L2dX2nLcPOvCIBkFjUINFM8A21kA6vB2PsqFsQXluF8LRsc8odlcTbkk59Yr +PQ3rw4jYOvZg +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9232555434986539705 (0x8020a0407f798ab9) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Server Intermediate CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 20 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=server-revoked.w1.fi + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ac:5c:ae:06:36:4a:65:e0:db:0b:3c:28:13:08: + 8b:90:66:43:6f:c8:b2:3b:fa:41:bd:1a:10:10:fb: + e9:05:6a:ba:42:90:4d:2e:cf:b1:b9:c3:73:f5:fc: + ac:4c:18:e9:44:73:69:5e:2d:83:63:d1:29:e5:59: + 55:a8:bf:b0:1c:7a:0d:17:18:b0:38:21:af:cb:6d: + a9:6b:9d:a2:88:0e:1c:ee:1a:a5:9f:3c:27:ea:fe: + 8f:9b:94:df:12:3c:34:bb:bf:6c:d0:6c:6b:46:ad: + bc:ff:88:ae:d8:4d:8b:9f:34:50:25:c4:96:be:25: + 42:06:c8:b3:8e:21:a5:fd:a3:82:f9:74:78:46:56: + 8d:0b:f0:c4:fa:1a:0e:f5:34:22:53:fd:43:37:a3: + 47:fd:9f:a2:bc:d0:60:25:a8:db:93:f7:0c:88:fe: + 79:52:f2:07:f1:de:fc:66:6e:fe:da:10:76:6c:d0: + 87:8c:ef:dd:40:6d:82:7c:d1:39:b2:17:d6:07:cf: + 1a:5a:39:12:ed:49:4f:d9:c7:91:40:ab:73:f7:54: + 3c:a5:7d:9f:bb:0c:47:77:0e:d9:61:e5:1b:14:65: + 4e:38:c5:a7:8a:ee:32:be:05:25:94:a0:7f:96:09: + 59:1b:04:08:42:6b:50:6b:95:7a:78:f6:ec:f4:f6: + 4d:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 0D:49:37:45:42:77:90:25:BA:9B:67:DB:F6:DC:61:D2:53:5B:C6:BC + X509v3 Authority Key Identifier: + keyid:84:09:8B:55:1F:7D:2F:0F:28:D7:9C:EC:54:4E:9F:11:97:55:D9:B9 + + X509v3 Subject Alternative Name: critical + DNS:server-revoked.w1.fi + X509v3 Extended Key Usage: critical + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 22:c6:72:08:84:a9:e9:19:77:ea:6a:06:68:43:8b:e7:72:af: + 9c:a2:47:b9:6f:b6:cb:11:17:89:0a:42:52:14:58:9e:3c:01: + fd:e7:fc:a2:0d:85:a5:b5:8c:27:d5:5e:b2:47:05:05:f9:56: + b6:0b:e2:28:f3:1d:75:5e:13:eb:ec:a0:76:2b:d9:ed:99:84: + 08:6d:64:71:13:b6:02:81:b3:c2:7e:b8:b6:00:98:4f:26:ea: + f1:67:5b:35:2a:26:d0:ca:a8:fb:eb:21:fb:f1:d6:5a:63:42: + 01:5f:b3:59:3d:f8:e0:4d:94:3a:3a:82:46:02:9d:81:2c:ef: + e5:46:c7:99:f4:2f:43:ad:85:fc:2c:ca:0b:6b:48:01:ac:d7: + f7:da:0e:16:c4:10:18:14:83:9c:85:90:75:ef:66:9f:65:42: + e5:e7:8c:16:ac:f6:60:61:d7:5f:a0:21:cd:8a:85:d4:a0:f2: + 8e:17:0e:38:5e:31:12:ac:24:b5:67:61:9d:15:84:0b:fc:84: + 8a:d4:29:90:3d:4b:23:48:19:6b:f7:26:1f:fe:b9:b9:f1:6e: + 70:ac:ec:31:60:be:7d:6f:58:7e:c1:47:61:a7:b0:4b:b2:fd: + 62:06:c5:97:43:28:39:a5:c5:60:51:c0:46:9d:6b:e4:1a:ed: + 0c:a6:51:8a +-----BEGIN CERTIFICATE----- +MIIDmDCCAoCgAwIBAgIJAIAgoEB/eYq5MA0GCSqGSIb3DQEBCwUAMD4xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVybWVk +aWF0ZSBDQTAeFw0xNTEyMjMxOTM3MzZaFw0yNTEyMjAxOTM3MzZaMDwxCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUc2VydmVyLXJldm9rZWQu +dzEuZmkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsXK4GNkpl4NsL +PCgTCIuQZkNvyLI7+kG9GhAQ++kFarpCkE0uz7G5w3P1/KxMGOlEc2leLYNj0Snl +WVWov7Aceg0XGLA4Ia/LbalrnaKIDhzuGqWfPCfq/o+blN8SPDS7v2zQbGtGrbz/ +iK7YTYufNFAlxJa+JUIGyLOOIaX9o4L5dHhGVo0L8MT6Gg71NCJT/UM3o0f9n6K8 +0GAlqNuT9wyI/nlS8gfx3vxmbv7aEHZs0IeM791AbYJ80TmyF9YHzxpaORLtSU/Z +x5FAq3P3VDylfZ+7DEd3Dtlh5RsUZU44xaeK7jK+BSWUoH+WCVkbBAhCa1BrlXp4 +9uz09k1DAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUDUk3RUJ3 +kCW6m2fb9txh0lNbxrwwHwYDVR0jBBgwFoAUhAmLVR99Lw8o15zsVE6fEZdV2bkw +IgYDVR0RAQH/BBgwFoIUc2VydmVyLXJldm9rZWQudzEuZmkwFgYDVR0lAQH/BAww +CgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQAixnII +hKnpGXfqagZoQ4vncq+coke5b7bLEReJCkJSFFiePAH95/yiDYWltYwn1V6yRwUF ++Va2C+Io8x11XhPr7KB2K9ntmYQIbWRxE7YCgbPCfri2AJhPJurxZ1s1KibQyqj7 +6yH78dZaY0IBX7NZPfjgTZQ6OoJGAp2BLO/lRseZ9C9DrYX8LMoLa0gBrNf32g4W +xBAYFIOchZB172afZULl54wWrPZgYddfoCHNioXUoPKOFw44XjESrCS1Z2GdFYQL +/ISK1CmQPUsjSBlr9yYf/rm58W5wrOwxYL59b1h+wUdhp7BLsv1iBsWXQyg5pcVg +UcBGnWvkGu0MplGK +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/iCA-server/server.key b/tests/hwsim/auth_serv/iCA-server/server.key new file mode 100644 index 000000000..e817ad8a1 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDkiKWTAlu8VGhG ++nN9MzBHRVxJXzxRX5v+xRQQJj0P48KyF4TTPhKosnsCGoqL6fRBHvzzSS3G1Ign +gdCG87nACiooRQAywxgi9pk38XSNrFRHc+W20+f4gJl19RkZ6xlw35JTsWE4/3/P +i73hf1Bb0JUwozdrinIGp+g54qR4Q5iRzTCINFuqnqKfJtXhW4ZNAaTCZc0nlL7i +9XNdxGCY8XURlAkNnQR/7xqdX/BKP4jXdi6b1irGlAk3CjckkpGdGA/qTtTknUU4 +WrrY37YVb6z/bEGs18AKVeyByppZQFWLpHcT3/rDte7vh0GNlNDAlkG0OgS2a2pW +k/RnfifhAgMBAAECggEAA+GSNknu9ubUEoiEV5b79enmpFRauOMPyibcrV2I4fEz +SET/+3ptZLILRsDeo3uoq0Z0c0lF3r+TRGB/Axu2ht1lU+PAGhyYF1fqyDlwiktn +7wK33wAAS4cblBZCg98rQnB5krRLe2VTbVnpMqAv5C9JqVbMRSZHw3csiXcg5e3v +urH5A90pwFY/1DG68JS+HCLxvorO5EIfeTSBg1F54FHBCQ6Yjr232uXAUez5hv5/ +zX6oxw2zarKMgNiosy5FCoGEUECCfvM2tiXjfZ0DBmZgF/c6Alg+J8gYFVJzSX+x +xAyL9o3LYddSdDnGBiMm4SU8oUxvnUgrZ+xhnyL69QKBgQD9717EmTLKBna4wX+d +PM03yIv2ZpFESd4VuxZMyTOO64CMD75n1V/r1V44xIQa7M5QwfD+NmTjW/QyJ0EN +F5mJYavXc56nlV4wVQJC2/NnyOScjKEIXu/QmEPwTm/NqEqCFs6XGpftigjB+FIO +Te/PmOVFSDCE+JkOF3Fls55iMwKBgQDmZGW/duaEL4qMnDO51hSz+qv9mZNXoPzg +DWzmraOikp1zSTjaLzRy6w8bbHTqTZDG68hJ/knW2boD0pDqmuUzS6ADnV7P0fVT +mOolwmKdGO3axyIsStuhPKaaHv28X0+y2qhUkK7hYJ2yeZIQ/259D75g0BNozjO5 +1sKEsW+BmwKBgBgZu9jU4WkjK+llFAOMXb3Jnt8H5QmiKR3O39Lx1Z7e4xhn9h5M +tgnf+k1Q+WjEyOAJSCIYb4LUm1yXNSlU8BGF35VXN9uX5ZSYvNoznepfurLQ9geh +WwllKi2IhDv0mP23xGu67mhxDVu7ga4x32zIihoFO/Wi0oPv3adVYNbZAoGBAOMF +VwVdYjQqrHl1ibq66teWUFeqNvgIGGWmlQKRY0bU9fUd17mW/jWmzdIWAvbFy71X +pJrUyWm+TX9qw4WJcAQlpt0o+r4Jg5YGfeMLMiTe5bHIuzGt6dFtdDU2CIzP1jbF +I02A6/IFRB8TkAzTxcnR86RuJFIHrgyXREGAngG1AoGBAOR/fBPsVAf2MsfGyX7l +JpHkHgfmAldfRammmGxV2c+NJ/cWjkN/1p8KaiqINP08FemC7Rxvu8Nhm50qOLRM +iq2KeDCaHoUp9waX7T+WzKbT+jEdcyXeu2DlN8AIyTNjDrVyZil0NbZfQFbR8nWR +0VX+Eq8Oxrl+pRza/6f62K7s +-----END PRIVATE KEY----- diff --git a/tests/hwsim/auth_serv/iCA-server/server.pem b/tests/hwsim/auth_serv/iCA-server/server.pem new file mode 100644 index 000000000..ebcbde353 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/server.pem @@ -0,0 +1,84 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9232555434986539704 (0x8020a0407f798ab8) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Server Intermediate CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 20 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=server.w1.fi + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e4:88:a5:93:02:5b:bc:54:68:46:fa:73:7d:33: + 30:47:45:5c:49:5f:3c:51:5f:9b:fe:c5:14:10:26: + 3d:0f:e3:c2:b2:17:84:d3:3e:12:a8:b2:7b:02:1a: + 8a:8b:e9:f4:41:1e:fc:f3:49:2d:c6:d4:88:27:81: + d0:86:f3:b9:c0:0a:2a:28:45:00:32:c3:18:22:f6: + 99:37:f1:74:8d:ac:54:47:73:e5:b6:d3:e7:f8:80: + 99:75:f5:19:19:eb:19:70:df:92:53:b1:61:38:ff: + 7f:cf:8b:bd:e1:7f:50:5b:d0:95:30:a3:37:6b:8a: + 72:06:a7:e8:39:e2:a4:78:43:98:91:cd:30:88:34: + 5b:aa:9e:a2:9f:26:d5:e1:5b:86:4d:01:a4:c2:65: + cd:27:94:be:e2:f5:73:5d:c4:60:98:f1:75:11:94: + 09:0d:9d:04:7f:ef:1a:9d:5f:f0:4a:3f:88:d7:76: + 2e:9b:d6:2a:c6:94:09:37:0a:37:24:92:91:9d:18: + 0f:ea:4e:d4:e4:9d:45:38:5a:ba:d8:df:b6:15:6f: + ac:ff:6c:41:ac:d7:c0:0a:55:ec:81:ca:9a:59:40: + 55:8b:a4:77:13:df:fa:c3:b5:ee:ef:87:41:8d:94: + d0:c0:96:41:b4:3a:04:b6:6b:6a:56:93:f4:67:7e: + 27:e1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 4B:81:85:B4:88:41:0D:D4:15:D3:48:0E:F4:A9:99:14:2D:B1:DB:93 + X509v3 Authority Key Identifier: + keyid:84:09:8B:55:1F:7D:2F:0F:28:D7:9C:EC:54:4E:9F:11:97:55:D9:B9 + + X509v3 Subject Alternative Name: critical + DNS:server.w1.fi + X509v3 Extended Key Usage: critical + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 49:2a:14:22:16:2c:12:f5:4e:06:f3:c2:1e:ac:54:07:5d:86: + 16:3e:6c:a0:73:e1:a6:d7:c3:49:1f:80:0d:b6:54:22:77:ce: + 39:dd:f6:f6:9f:62:ff:d5:27:7f:c3:92:73:b9:a7:ce:87:5a: + e3:bc:52:b3:0a:99:eb:91:56:b6:78:01:c3:0e:4b:ca:8a:04: + ee:5c:56:05:ef:7a:cb:21:f9:eb:8a:38:12:50:c7:6e:a8:1f: + 0e:81:81:a6:2d:ea:35:94:24:db:76:77:df:ea:41:4c:af:7e: + 29:9d:d5:e6:e3:12:78:19:92:ed:35:b9:99:19:a9:d6:cb:f8: + a7:21:fb:8e:a7:39:dc:e1:ab:3d:ba:12:87:ba:1c:08:e6:8a: + 21:96:44:44:8a:61:0f:70:00:d0:cb:63:93:a4:fa:cc:75:a3: + fd:e8:af:33:24:80:4a:d9:b9:2a:a1:20:0b:62:0b:17:6c:9a: + 7c:8b:fd:9e:ff:be:b2:51:5e:e9:3a:cc:28:22:63:44:69:7f: + 6d:1f:08:14:a4:32:d0:1f:f9:c3:8d:28:1a:76:12:00:3c:b3: + 38:13:ca:67:17:79:c6:de:5d:b7:9d:f8:e3:64:f7:b3:a0:5c: + e5:6e:fc:10:f3:53:d6:70:38:c2:6f:87:ab:07:1c:64:ff:30: + d8:3a:1e:75 +-----BEGIN CERTIFICATE----- +MIIDiDCCAnCgAwIBAgIJAIAgoEB/eYq4MA0GCSqGSIb3DQEBCwUAMD4xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVybWVk +aWF0ZSBDQTAeFw0xNTEyMjMxOTM3MzZaFw0yNTEyMjAxOTM3MzZaMDQxCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEVMBMGA1UEAwwMc2VydmVyLncxLmZpMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IilkwJbvFRoRvpzfTMwR0Vc +SV88UV+b/sUUECY9D+PCsheE0z4SqLJ7AhqKi+n0QR7880ktxtSIJ4HQhvO5wAoq +KEUAMsMYIvaZN/F0jaxUR3PlttPn+ICZdfUZGesZcN+SU7FhOP9/z4u94X9QW9CV +MKM3a4pyBqfoOeKkeEOYkc0wiDRbqp6inybV4VuGTQGkwmXNJ5S+4vVzXcRgmPF1 +EZQJDZ0Ef+8anV/wSj+I13Yum9YqxpQJNwo3JJKRnRgP6k7U5J1FOFq62N+2FW+s +/2xBrNfAClXsgcqaWUBVi6R3E9/6w7Xu74dBjZTQwJZBtDoEtmtqVpP0Z34n4QID +AQABo4GSMIGPMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEuBhbSIQQ3UFdNIDvSp +mRQtsduTMB8GA1UdIwQYMBaAFIQJi1UffS8PKNec7FROnxGXVdm5MBoGA1UdEQEB +/wQQMA6CDHNlcnZlci53MS5maTAWBgNVHSUBAf8EDDAKBggrBgEFBQcDATALBgNV +HQ8EBAMCBaAwDQYJKoZIhvcNAQELBQADggEBAEkqFCIWLBL1Tgbzwh6sVAddhhY+ +bKBz4abXw0kfgA22VCJ3zjnd9vafYv/VJ3/DknO5p86HWuO8UrMKmeuRVrZ4AcMO +S8qKBO5cVgXvessh+euKOBJQx26oHw6BgaYt6jWUJNt2d9/qQUyvfimd1ebjEngZ +ku01uZkZqdbL+Kch+46nOdzhqz26Eoe6HAjmiiGWRESKYQ9wANDLY5Ok+sx1o/3o +rzMkgErZuSqhIAtiCxdsmnyL/Z7/vrJRXuk6zCgiY0Rpf20fCBSkMtAf+cONKBp2 +EgA8szgTymcXecbeXbed+ONk97OgXOVu/BDzU9ZwOMJvh6sHHGT/MNg6HnU= +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/iCA-server/server.req b/tests/hwsim/auth_serv/iCA-server/server.req new file mode 100644 index 000000000..2db7cc13a --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/server.req @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICjDCCAXQCAQAwRzELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4w +DAYDVQQKDAV3MS5maTEVMBMGA1UEAwwMc2VydmVyLncxLmZpMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IilkwJbvFRoRvpzfTMwR0VcSV88UV+b/sUU +ECY9D+PCsheE0z4SqLJ7AhqKi+n0QR7880ktxtSIJ4HQhvO5wAoqKEUAMsMYIvaZ +N/F0jaxUR3PlttPn+ICZdfUZGesZcN+SU7FhOP9/z4u94X9QW9CVMKM3a4pyBqfo +OeKkeEOYkc0wiDRbqp6inybV4VuGTQGkwmXNJ5S+4vVzXcRgmPF1EZQJDZ0Ef+8a +nV/wSj+I13Yum9YqxpQJNwo3JJKRnRgP6k7U5J1FOFq62N+2FW+s/2xBrNfAClXs +gcqaWUBVi6R3E9/6w7Xu74dBjZTQwJZBtDoEtmtqVpP0Z34n4QIDAQABoAAwDQYJ +KoZIhvcNAQELBQADggEBAE+hOOVtzHJvvrjl21A/gmdj5kRHYCijOGJ53ipY9mFX +aIK9+kJ0Jrlm9cZGbxwTMwJpAyk+7yPl3K0euoToXf+vdLnYds/HGRonN66pXqmD +QRZXGp6j58mBcmfiU1OB+6XRcLsYITaOaU9AvJ0jg9wkHISrN5uxfDG9QH//YYQ6 +aWzBfjUPAa+2trlmvI4tpC+w7sDHLa5WB5yBDm7HZ6UGwU5R7aMIZn2Hpe1BZS1u +Xo86qqJpbt6RvR5QEb6+79+8fmt3onQvZ28+wheUdcUin0G/JP7Lfo9/tNzU/29v +YJopHLeK1zNc6+lBwRTJiDbLC726H5dqZgxu9NNl8zg= +-----END CERTIFICATE REQUEST----- diff --git a/tests/hwsim/auth_serv/iCA-server/server_and_ica.pem b/tests/hwsim/auth_serv/iCA-server/server_and_ica.pem new file mode 100644 index 000000000..2e9917909 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-server/server_and_ica.pem @@ -0,0 +1,154 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9232555434986539704 (0x8020a0407f798ab8) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Server Intermediate CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 20 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=server.w1.fi + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:e4:88:a5:93:02:5b:bc:54:68:46:fa:73:7d:33: + 30:47:45:5c:49:5f:3c:51:5f:9b:fe:c5:14:10:26: + 3d:0f:e3:c2:b2:17:84:d3:3e:12:a8:b2:7b:02:1a: + 8a:8b:e9:f4:41:1e:fc:f3:49:2d:c6:d4:88:27:81: + d0:86:f3:b9:c0:0a:2a:28:45:00:32:c3:18:22:f6: + 99:37:f1:74:8d:ac:54:47:73:e5:b6:d3:e7:f8:80: + 99:75:f5:19:19:eb:19:70:df:92:53:b1:61:38:ff: + 7f:cf:8b:bd:e1:7f:50:5b:d0:95:30:a3:37:6b:8a: + 72:06:a7:e8:39:e2:a4:78:43:98:91:cd:30:88:34: + 5b:aa:9e:a2:9f:26:d5:e1:5b:86:4d:01:a4:c2:65: + cd:27:94:be:e2:f5:73:5d:c4:60:98:f1:75:11:94: + 09:0d:9d:04:7f:ef:1a:9d:5f:f0:4a:3f:88:d7:76: + 2e:9b:d6:2a:c6:94:09:37:0a:37:24:92:91:9d:18: + 0f:ea:4e:d4:e4:9d:45:38:5a:ba:d8:df:b6:15:6f: + ac:ff:6c:41:ac:d7:c0:0a:55:ec:81:ca:9a:59:40: + 55:8b:a4:77:13:df:fa:c3:b5:ee:ef:87:41:8d:94: + d0:c0:96:41:b4:3a:04:b6:6b:6a:56:93:f4:67:7e: + 27:e1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Subject Key Identifier: + 4B:81:85:B4:88:41:0D:D4:15:D3:48:0E:F4:A9:99:14:2D:B1:DB:93 + X509v3 Authority Key Identifier: + keyid:84:09:8B:55:1F:7D:2F:0F:28:D7:9C:EC:54:4E:9F:11:97:55:D9:B9 + + X509v3 Subject Alternative Name: critical + DNS:server.w1.fi + X509v3 Extended Key Usage: critical + TLS Web Server Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 49:2a:14:22:16:2c:12:f5:4e:06:f3:c2:1e:ac:54:07:5d:86: + 16:3e:6c:a0:73:e1:a6:d7:c3:49:1f:80:0d:b6:54:22:77:ce: + 39:dd:f6:f6:9f:62:ff:d5:27:7f:c3:92:73:b9:a7:ce:87:5a: + e3:bc:52:b3:0a:99:eb:91:56:b6:78:01:c3:0e:4b:ca:8a:04: + ee:5c:56:05:ef:7a:cb:21:f9:eb:8a:38:12:50:c7:6e:a8:1f: + 0e:81:81:a6:2d:ea:35:94:24:db:76:77:df:ea:41:4c:af:7e: + 29:9d:d5:e6:e3:12:78:19:92:ed:35:b9:99:19:a9:d6:cb:f8: + a7:21:fb:8e:a7:39:dc:e1:ab:3d:ba:12:87:ba:1c:08:e6:8a: + 21:96:44:44:8a:61:0f:70:00:d0:cb:63:93:a4:fa:cc:75:a3: + fd:e8:af:33:24:80:4a:d9:b9:2a:a1:20:0b:62:0b:17:6c:9a: + 7c:8b:fd:9e:ff:be:b2:51:5e:e9:3a:cc:28:22:63:44:69:7f: + 6d:1f:08:14:a4:32:d0:1f:f9:c3:8d:28:1a:76:12:00:3c:b3: + 38:13:ca:67:17:79:c6:de:5d:b7:9d:f8:e3:64:f7:b3:a0:5c: + e5:6e:fc:10:f3:53:d6:70:38:c2:6f:87:ab:07:1c:64:ff:30: + d8:3a:1e:75 +-----BEGIN CERTIFICATE----- +MIIDiDCCAnCgAwIBAgIJAIAgoEB/eYq4MA0GCSqGSIb3DQEBCwUAMD4xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVybWVk +aWF0ZSBDQTAeFw0xNTEyMjMxOTM3MzZaFw0yNTEyMjAxOTM3MzZaMDQxCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEVMBMGA1UEAwwMc2VydmVyLncxLmZpMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5IilkwJbvFRoRvpzfTMwR0Vc +SV88UV+b/sUUECY9D+PCsheE0z4SqLJ7AhqKi+n0QR7880ktxtSIJ4HQhvO5wAoq +KEUAMsMYIvaZN/F0jaxUR3PlttPn+ICZdfUZGesZcN+SU7FhOP9/z4u94X9QW9CV +MKM3a4pyBqfoOeKkeEOYkc0wiDRbqp6inybV4VuGTQGkwmXNJ5S+4vVzXcRgmPF1 +EZQJDZ0Ef+8anV/wSj+I13Yum9YqxpQJNwo3JJKRnRgP6k7U5J1FOFq62N+2FW+s +/2xBrNfAClXsgcqaWUBVi6R3E9/6w7Xu74dBjZTQwJZBtDoEtmtqVpP0Z34n4QID +AQABo4GSMIGPMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEuBhbSIQQ3UFdNIDvSp +mRQtsduTMB8GA1UdIwQYMBaAFIQJi1UffS8PKNec7FROnxGXVdm5MBoGA1UdEQEB +/wQQMA6CDHNlcnZlci53MS5maTAWBgNVHSUBAf8EDDAKBggrBgEFBQcDATALBgNV +HQ8EBAMCBaAwDQYJKoZIhvcNAQELBQADggEBAEkqFCIWLBL1Tgbzwh6sVAddhhY+ +bKBz4abXw0kfgA22VCJ3zjnd9vafYv/VJ3/DknO5p86HWuO8UrMKmeuRVrZ4AcMO +S8qKBO5cVgXvessh+euKOBJQx26oHw6BgaYt6jWUJNt2d9/qQUyvfimd1ebjEngZ +ku01uZkZqdbL+Kch+46nOdzhqz26Eoe6HAjmiiGWRESKYQ9wANDLY5Ok+sx1o/3o +rzMkgErZuSqhIAtiCxdsmnyL/Z7/vrJRXuk6zCgiY0Rpf20fCBSkMtAf+cONKBp2 +EgA8szgTymcXecbeXbed+ONk97OgXOVu/BDzU9ZwOMJvh6sHHGT/MNg6HnU= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15624081837803162867 (0xd8d3e3a6cbe3ccf3) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Root CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 22 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=Server Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:de:58:ac:e3:d8:7e:40:f6:84:2a:49:24:49:5a: + f7:c8:23:08:b9:6c:d9:07:01:69:8f:77:28:71:42: + a2:eb:ae:86:10:c6:31:61:9a:14:88:44:0a:68:bf: + 6e:a2:46:41:e9:6f:a2:89:fb:0b:f3:e1:b8:30:bf: + e5:80:5e:f9:61:8d:6e:ac:e2:f7:28:e7:9e:44:28: + b8:e4:6e:87:76:a9:d7:ac:ed:11:3f:de:c3:dd:41: + c3:45:82:09:c3:a7:4c:e6:df:2b:88:1e:44:ce:e2: + a7:29:53:f6:13:96:ad:6c:2e:93:00:28:42:77:bc: + 73:6e:86:e7:5b:e8:eb:e9:37:1d:63:e7:ea:05:5a: + 71:28:f0:81:0b:4c:3f:dd:73:f8:db:13:a8:f0:5f: + 6f:6f:e5:1b:c7:94:7f:57:c5:dc:66:26:0c:5a:71: + 7a:e3:d2:3e:7a:a6:59:46:03:61:78:89:84:3d:ef: + 22:9c:f8:c2:22:75:c4:0c:ef:fb:e4:fa:6f:b8:11: + db:aa:92:9b:6c:23:4e:6e:e5:55:d2:41:47:18:95: + c6:7d:17:be:6d:ab:39:a1:38:61:fd:f9:22:95:69: + f3:9e:28:fd:8a:c8:58:72:3c:91:c2:22:d9:fb:b2: + 54:0f:9a:17:27:88:df:60:f5:de:fc:95:9f:25:c6: + 64:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 84:09:8B:55:1F:7D:2F:0F:28:D7:9C:EC:54:4E:9F:11:97:55:D9:B9 + X509v3 Authority Key Identifier: + keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + bd:22:63:3d:a7:e5:ce:c9:f5:66:1f:77:5f:d5:24:e3:68:dc: + a4:07:80:3e:5e:b1:2c:96:88:39:ad:00:4c:aa:9d:0b:ed:f3: + 6d:df:9d:2f:97:d2:77:8b:ba:d0:9c:0f:a6:5e:60:b8:0f:e1: + 96:b1:61:25:48:69:81:64:a8:5c:82:58:0b:f3:d0:a9:4e:8b: + 90:fc:2f:67:57:da:72:dc:3c:eb:c2:20:19:05:8d:42:0d:14: + cf:00:db:59:00:ea:f0:76:3e:ca:85:b1:05:e5:b8:5f:0b:46: + c7:3c:a1:d9:5c:4d:b9:24:e7:d6:2b:3d:0d:eb:c3:88:d8:3a: + f6:60 +-----BEGIN CERTIFICATE----- +MIIC1TCCAj6gAwIBAgIJANjT46bL48zzMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNTEy +MjMxOTM3MzZaFw0yNTEyMjIxOTM3MzZaMD4xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +DAV3MS5maTEfMB0GA1UEAwwWU2VydmVyIEludGVybWVkaWF0ZSBDQTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN5YrOPYfkD2hCpJJEla98gjCLls2QcB +aY93KHFCouuuhhDGMWGaFIhECmi/bqJGQelvoon7C/PhuDC/5YBe+WGNbqzi9yjn +nkQouORuh3ap16ztET/ew91Bw0WCCcOnTObfK4geRM7ipylT9hOWrWwukwAoQne8 +c26G51vo6+k3HWPn6gVacSjwgQtMP91z+NsTqPBfb2/lG8eUf1fF3GYmDFpxeuPS +PnqmWUYDYXiJhD3vIpz4wiJ1xAzv++T6b7gR26qSm2wjTm7lVdJBRxiVxn0Xvm2r +OaE4Yf35IpVp854o/YrIWHI8kcIi2fuyVA+aFyeI32D13vyVnyXGZIECAwEAAaNm +MGQwHQYDVR0OBBYEFIQJi1UffS8PKNec7FROnxGXVdm5MB8GA1UdIwQYMBaAFLiS +3v2KGLMww59V8zNdtMgpikEUMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAL0iYz2n5c7J9WYfd1/VJONo3KQHgD5e +sSyWiDmtAEyqnQvt823fnS+X0neLutCcD6ZeYLgP4ZaxYSVIaYFkqFyCWAvz0KlO +i5D8L2dX2nLcPOvCIBkFjUINFM8A21kA6vB2PsqFsQXluF8LRsc8odlcTbkk59Yr +PQ3rw4jYOvZg +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/iCA-user/ca-and-root.pem b/tests/hwsim/auth_serv/iCA-user/ca-and-root.pem new file mode 100644 index 000000000..4fa1248ac --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-user/ca-and-root.pem @@ -0,0 +1,125 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15624081837803162868 (0xd8d3e3a6cbe3ccf4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Root CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 22 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=User Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:2a:0d:f4:66:23:5d:96:91:f7:a0:be:b1:b0: + f7:9e:ae:ea:a6:72:91:f5:70:65:57:91:49:55:59: + 67:bb:d7:f5:9e:bc:66:b2:bf:cf:95:31:32:ae:db: + 9a:3b:43:e8:a5:8d:1f:8b:3b:e6:e8:e3:3b:b2:9d: + f0:58:62:ea:a3:8a:6f:c8:ed:01:ca:27:74:1c:0e: + 9e:28:5c:43:98:db:14:b8:72:07:9f:6b:27:28:25: + ce:a5:91:b7:b7:23:9a:35:ef:0e:b7:fc:9f:69:4d: + 10:2e:81:ab:9d:04:ba:2f:b4:eb:61:7d:fd:68:a1: + 11:6f:f4:16:42:16:99:20:38:24:04:2d:39:7c:74: + 67:14:b9:aa:26:7a:b2:d9:1e:ce:cd:8b:bc:8d:e3: + c7:58:9c:4a:f9:3a:7e:6c:38:f8:5f:1c:ec:05:4c: + e5:56:64:d4:08:d8:fa:db:17:d9:a1:e4:cf:b4:9d: + df:99:50:ce:fa:a4:af:af:c6:f7:f2:0e:c2:c5:7b: + 6c:f9:6c:eb:17:e5:c8:6e:5a:bf:eb:a6:b8:c0:f7: + 43:81:88:c3:d8:aa:a9:60:ac:a7:45:3f:5d:cb:8d: + 6c:48:92:2b:04:5a:c4:a8:32:b3:e9:6f:fe:8d:2d: + 65:c0:ea:c5:09:b2:30:b1:a3:2e:db:22:8a:49:b1: + fe:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AC:C4:F6:07:9E:B2:E5:F1:66:7C:40:05:08:AA:DC:EF:8A:60:DA:C1 + X509v3 Authority Key Identifier: + keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 0d:60:2b:fa:00:f2:5a:90:31:96:50:c8:9e:7f:60:02:99:c6: + 31:d4:93:86:9e:4c:24:15:b6:b2:31:49:21:79:ce:7f:92:86: + 1e:83:d8:a0:37:05:1b:89:2b:ef:0b:83:21:b0:37:8d:2f:7b: + 6b:7d:c6:04:1e:a2:c8:59:be:52:bf:47:ee:46:cb:45:8d:1f: + 7a:e4:d4:e5:54:60:5f:46:b0:ac:68:8a:26:57:ea:48:45:c1: + 07:7d:ee:10:9e:94:87:4c:7e:26:2e:f8:ad:03:e5:03:86:09: + 3e:48:0c:e0:04:2f:22:b4:e0:3a:b0:72:8c:e2:40:d2:cd:fb: + 8f:fa +-----BEGIN CERTIFICATE----- +MIIC0zCCAjygAwIBAgIJANjT46bL48z0MA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNTEy +MjMxOTM3MzZaFw0yNTEyMjIxOTM3MzZaMDwxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +DAV3MS5maTEdMBsGA1UEAwwUVXNlciBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDKg30ZiNdlpH3oL6xsPeeruqmcpH1cGVX +kUlVWWe71/WevGayv8+VMTKu25o7Q+iljR+LO+bo4zuynfBYYuqjim/I7QHKJ3Qc +Dp4oXEOY2xS4cgefaycoJc6lkbe3I5o17w63/J9pTRAugaudBLovtOthff1ooRFv +9BZCFpkgOCQELTl8dGcUuaomerLZHs7Ni7yN48dYnEr5On5sOPhfHOwFTOVWZNQI +2PrbF9mh5M+0nd+ZUM76pK+vxvfyDsLFe2z5bOsX5chuWr/rprjA90OBiMPYqqlg +rKdFP13LjWxIkisEWsSoMrPpb/6NLWXA6sUJsjCxoy7bIopJsf5PAgMBAAGjZjBk +MB0GA1UdDgQWBBSsxPYHnrLl8WZ8QAUIqtzvimDawTAfBgNVHSMEGDAWgBS4kt79 +ihizMMOfVfMzXbTIKYpBFDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE +AwIBBjANBgkqhkiG9w0BAQsFAAOBgQANYCv6APJakDGWUMief2ACmcYx1JOGnkwk +FbayMUkhec5/koYeg9igNwUbiSvvC4MhsDeNL3trfcYEHqLIWb5Sv0fuRstFjR96 +5NTlVGBfRrCsaIomV+pIRcEHfe4QnpSHTH4mLvitA+UDhgk+SAzgBC8itOA6sHKM +4kDSzfuP+g== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15624081837803162817 (0xd8d3e3a6cbe3ccc1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Root CA + Validity + Not Before: Jun 29 16:41:22 2013 GMT + Not After : Jun 27 16:41:22 2023 GMT + Subject: C=FI, O=w1.fi, CN=Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:be:1e:86:e4:79:03:c1:d1:94:d5:d4:b3:b1:28: + 90:76:fb:b8:a6:cd:6d:1c:d1:48:f4:08:9a:67:ff: + f9:a6:54:b1:19:29:df:29:1b:cd:f1:6f:66:01:e7: + db:79:ce:c0:39:2a:25:13:26:94:0c:2c:7b:5a:2c: + 81:0f:94:ee:51:d0:75:e6:46:db:17:46:a7:15:8b: + 0e:57:0f:b0:54:76:63:12:ca:86:18:bc:1a:c3:16: + c0:70:09:d6:6b:43:39:b8:98:29:46:ac:cb:6a:ad: + 38:88:3b:07:dc:81:cd:3a:f6:1d:f6:2f:ef:1d:d7: + ae:8a:b6:d1:e7:b3:15:02:b9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + X509v3 Authority Key Identifier: + keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 1a:cf:77:60:44:43:c4:55:0e:99:e0:89:aa:b9:d3:7b:32:b7: + 5c:9c:7c:ca:fe:8c:d4:94:c6:5e:f3:83:19:5f:29:59:68:a4: + 4f:dc:04:2e:b8:71:c0:6d:3b:ae:01:e4:b9:88:99:cc:ce:82: + be:6a:28:c2:ac:6a:94:c6:87:90:ed:85:3c:10:71:c5:ff:3c: + 70:64:e2:41:62:31:ea:86:7b:11:8c:93:ea:c6:f3:f3:4e:f9: + d4:f2:81:90:d7:f4:fa:a1:91:6e:d4:dd:15:3e:26:3b:ac:1e: + c3:c2:1f:ed:bb:34:bf:cb:b2:67:c6:c6:51:e8:51:22:b4:f3: + 92:e8 +-----BEGIN CERTIFICATE----- +MIICLDCCAZWgAwIBAgIJANjT46bL48zBMA0GCSqGSIb3DQEBBQUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xMzA2 +MjkxNjQxMjJaFw0yMzA2MjcxNjQxMjJaMC8xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +DAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAvh6G5HkDwdGU1dSzsSiQdvu4ps1tHNFI9AiaZ//5plSxGSnfKRvN8W9m +Aefbec7AOSolEyaUDCx7WiyBD5TuUdB15kbbF0anFYsOVw+wVHZjEsqGGLwawxbA +cAnWa0M5uJgpRqzLaq04iDsH3IHNOvYd9i/vHdeuirbR57MVArkCAwEAAaNQME4w +HQYDVR0OBBYEFLiS3v2KGLMww59V8zNdtMgpikEUMB8GA1UdIwQYMBaAFLiS3v2K +GLMww59V8zNdtMgpikEUMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +Gs93YERDxFUOmeCJqrnTezK3XJx8yv6M1JTGXvODGV8pWWikT9wELrhxwG07rgHk +uYiZzM6CvmoowqxqlMaHkO2FPBBxxf88cGTiQWIx6oZ7EYyT6sbz80751PKBkNf0 ++qGRbtTdFT4mO6wew8If7bs0v8uyZ8bGUehRIrTzkug= +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/iCA-user/cacert.pem b/tests/hwsim/auth_serv/iCA-user/cacert.pem new file mode 100644 index 000000000..9f2dd7bff --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-user/cacert.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15624081837803162868 (0xd8d3e3a6cbe3ccf4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Root CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 22 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=User Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:2a:0d:f4:66:23:5d:96:91:f7:a0:be:b1:b0: + f7:9e:ae:ea:a6:72:91:f5:70:65:57:91:49:55:59: + 67:bb:d7:f5:9e:bc:66:b2:bf:cf:95:31:32:ae:db: + 9a:3b:43:e8:a5:8d:1f:8b:3b:e6:e8:e3:3b:b2:9d: + f0:58:62:ea:a3:8a:6f:c8:ed:01:ca:27:74:1c:0e: + 9e:28:5c:43:98:db:14:b8:72:07:9f:6b:27:28:25: + ce:a5:91:b7:b7:23:9a:35:ef:0e:b7:fc:9f:69:4d: + 10:2e:81:ab:9d:04:ba:2f:b4:eb:61:7d:fd:68:a1: + 11:6f:f4:16:42:16:99:20:38:24:04:2d:39:7c:74: + 67:14:b9:aa:26:7a:b2:d9:1e:ce:cd:8b:bc:8d:e3: + c7:58:9c:4a:f9:3a:7e:6c:38:f8:5f:1c:ec:05:4c: + e5:56:64:d4:08:d8:fa:db:17:d9:a1:e4:cf:b4:9d: + df:99:50:ce:fa:a4:af:af:c6:f7:f2:0e:c2:c5:7b: + 6c:f9:6c:eb:17:e5:c8:6e:5a:bf:eb:a6:b8:c0:f7: + 43:81:88:c3:d8:aa:a9:60:ac:a7:45:3f:5d:cb:8d: + 6c:48:92:2b:04:5a:c4:a8:32:b3:e9:6f:fe:8d:2d: + 65:c0:ea:c5:09:b2:30:b1:a3:2e:db:22:8a:49:b1: + fe:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AC:C4:F6:07:9E:B2:E5:F1:66:7C:40:05:08:AA:DC:EF:8A:60:DA:C1 + X509v3 Authority Key Identifier: + keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 0d:60:2b:fa:00:f2:5a:90:31:96:50:c8:9e:7f:60:02:99:c6: + 31:d4:93:86:9e:4c:24:15:b6:b2:31:49:21:79:ce:7f:92:86: + 1e:83:d8:a0:37:05:1b:89:2b:ef:0b:83:21:b0:37:8d:2f:7b: + 6b:7d:c6:04:1e:a2:c8:59:be:52:bf:47:ee:46:cb:45:8d:1f: + 7a:e4:d4:e5:54:60:5f:46:b0:ac:68:8a:26:57:ea:48:45:c1: + 07:7d:ee:10:9e:94:87:4c:7e:26:2e:f8:ad:03:e5:03:86:09: + 3e:48:0c:e0:04:2f:22:b4:e0:3a:b0:72:8c:e2:40:d2:cd:fb: + 8f:fa +-----BEGIN CERTIFICATE----- +MIIC0zCCAjygAwIBAgIJANjT46bL48z0MA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNTEy +MjMxOTM3MzZaFw0yNTEyMjIxOTM3MzZaMDwxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +DAV3MS5maTEdMBsGA1UEAwwUVXNlciBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDKg30ZiNdlpH3oL6xsPeeruqmcpH1cGVX +kUlVWWe71/WevGayv8+VMTKu25o7Q+iljR+LO+bo4zuynfBYYuqjim/I7QHKJ3Qc +Dp4oXEOY2xS4cgefaycoJc6lkbe3I5o17w63/J9pTRAugaudBLovtOthff1ooRFv +9BZCFpkgOCQELTl8dGcUuaomerLZHs7Ni7yN48dYnEr5On5sOPhfHOwFTOVWZNQI +2PrbF9mh5M+0nd+ZUM76pK+vxvfyDsLFe2z5bOsX5chuWr/rprjA90OBiMPYqqlg +rKdFP13LjWxIkisEWsSoMrPpb/6NLWXA6sUJsjCxoy7bIopJsf5PAgMBAAGjZjBk +MB0GA1UdDgQWBBSsxPYHnrLl8WZ8QAUIqtzvimDawTAfBgNVHSMEGDAWgBS4kt79 +ihizMMOfVfMzXbTIKYpBFDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE +AwIBBjANBgkqhkiG9w0BAQsFAAOBgQANYCv6APJakDGWUMief2ACmcYx1JOGnkwk +FbayMUkhec5/koYeg9igNwUbiSvvC4MhsDeNL3trfcYEHqLIWb5Sv0fuRstFjR96 +5NTlVGBfRrCsaIomV+pIRcEHfe4QnpSHTH4mLvitA+UDhgk+SAzgBC8itOA6sHKM +4kDSzfuP+g== +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/iCA-user/careq.pem b/tests/hwsim/auth_serv/iCA-user/careq.pem new file mode 100644 index 000000000..887c80cc4 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-user/careq.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIClDCCAXwCAQAwTzELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4w +DAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUVXNlciBJbnRlcm1lZGlhdGUgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDKg30ZiNdlpH3oL6xsPeeruqm +cpH1cGVXkUlVWWe71/WevGayv8+VMTKu25o7Q+iljR+LO+bo4zuynfBYYuqjim/I +7QHKJ3QcDp4oXEOY2xS4cgefaycoJc6lkbe3I5o17w63/J9pTRAugaudBLovtOth +ff1ooRFv9BZCFpkgOCQELTl8dGcUuaomerLZHs7Ni7yN48dYnEr5On5sOPhfHOwF +TOVWZNQI2PrbF9mh5M+0nd+ZUM76pK+vxvfyDsLFe2z5bOsX5chuWr/rprjA90OB +iMPYqqlgrKdFP13LjWxIkisEWsSoMrPpb/6NLWXA6sUJsjCxoy7bIopJsf5PAgMB +AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAKYOesAY0nFSXY1Ez8q5cGRUa0YZWic1l +NwF05zIFoD3loCWRiayzINJqwXvUO29X0c8W35hTIGHyGUzcc0iwtrjphlmpuimN +AzL+NG1+TwfEQi+LL+e0lJnl2PIZkIN4cQDgTSdejU40sNRPWzD8w8EYHYAOJ4oU +0TXfrIRJWBDZKFtjO2fcknf1beGN79ZOHxc6pCFdZ7pM2w3+mKbfysnVBZkDwavG +SlIdL23QcD3Uj0vOrU+oOSGQKXamZrjjpmu647bcQ5XQr8kZbXWu6A4G24bxZ2rw +S7Z7DVvLqGxJgSl8b72otGJqkszHiul2ZKHy25flrtGM0SBU+k9FEQ== +-----END CERTIFICATE REQUEST----- diff --git a/tests/hwsim/auth_serv/iCA-user/index.txt b/tests/hwsim/auth_serv/iCA-user/index.txt new file mode 100644 index 000000000..61be730ce --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-user/index.txt @@ -0,0 +1 @@ +V 251220193736Z E153BA3A7605DA1E unknown /C=FI/O=w1.fi/CN=user.w1.fi diff --git a/tests/hwsim/auth_serv/iCA-user/index.txt.attr b/tests/hwsim/auth_serv/iCA-user/index.txt.attr new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-user/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/tests/hwsim/auth_serv/iCA-user/newcerts/E153BA3A7605DA1E.pem b/tests/hwsim/auth_serv/iCA-user/newcerts/E153BA3A7605DA1E.pem new file mode 100644 index 000000000..296060a0b --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-user/newcerts/E153BA3A7605DA1E.pem @@ -0,0 +1,84 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 16236525841851734558 (0xe153ba3a7605da1e) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=User Intermediate CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 20 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=user.w1.fi + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:86:20:e5:06:5a:a8:47:2d:c9:5e:25:24:f7: + bf:a6:b6:44:50:99:8c:95:b5:6a:ad:74:b6:ba:ee: + 31:5e:b2:20:60:9a:b4:93:55:6d:15:0b:dc:5a:27: + 3f:df:c1:92:18:59:66:10:eb:47:1c:35:1f:08:dd: + eb:25:bd:21:9c:2d:48:34:5f:97:18:dc:83:28:db: + 14:8c:16:3b:5a:36:6a:50:63:e9:3b:e0:37:fd:f6: + a0:d6:40:af:ef:1e:99:1d:88:c1:4f:4b:92:25:53: + 28:cb:c4:b7:ce:ca:ca:26:af:2d:f7:e4:62:79:48: + 49:6a:82:33:b0:a6:c6:a5:17:33:88:93:77:36:b2: + 77:61:e0:55:de:2e:75:15:92:4c:e7:bf:11:ea:33: + 03:1e:4a:e6:18:38:16:34:f5:d9:ed:f8:0c:17:6f: + 78:65:ae:14:18:a3:0f:08:b6:e2:87:02:e4:eb:0f: + fb:81:d9:4b:90:ff:b3:fa:0f:d3:04:4d:b0:99:b4: + 2b:5e:fb:ad:04:2b:a7:d6:36:0d:17:e0:be:c0:43: + cf:e5:2e:f0:8e:87:88:60:b3:22:d8:03:59:53:50: + a6:69:ce:de:d0:c9:2e:f7:6d:9a:59:4d:99:dc:4b: + 3c:c2:15:8f:27:64:23:34:14:34:af:41:76:a5:6a: + 9a:0f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 3E:35:E0:F9:A3:1E:2C:FA:DD:E7:8B:CE:58:06:38:20:5D:5E:71:D2 + X509v3 Authority Key Identifier: + keyid:AC:C4:F6:07:9E:B2:E5:F1:66:7C:40:05:08:AA:DC:EF:8A:60:DA:C1 + + X509v3 Subject Alternative Name: critical + DNS:user.w1.fi + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 7b:e9:eb:d7:d4:60:a8:08:62:71:61:dd:42:7d:e5:88:f4:24: + bb:3f:6b:a9:16:64:2d:fb:ce:8e:55:1c:f5:7e:b4:c3:74:de: + 96:e4:59:32:f4:aa:74:e2:ac:43:28:06:54:5d:f7:fe:87:31: + 3d:ac:45:d5:1c:51:7f:8c:f9:37:0b:66:94:a7:22:5f:d1:55: + bf:a4:82:c7:0a:50:bb:c7:18:cf:df:47:81:00:c4:d2:d7:12: + b0:83:2d:67:3f:80:b8:be:6f:c9:c5:76:9a:87:ef:3a:f6:0d: + 4f:24:d8:e7:06:6c:6e:ff:dc:5e:6e:21:a1:e7:26:f6:94:44: + 69:f4:b2:36:38:08:b1:df:07:fa:7a:53:b8:60:db:63:4b:4f: + e6:2a:42:ff:29:68:b5:99:3a:36:eb:26:05:76:d2:ab:e6:d0: + 7c:af:8c:a0:20:8b:50:6c:3b:bc:1a:53:6d:a7:c8:70:97:21: + 56:02:24:04:9b:63:2a:5d:b8:8c:e4:bf:e9:8f:58:cd:6e:99: + 47:3c:02:7b:63:67:c1:c7:32:53:cc:d5:cb:e9:a0:39:ef:f8: + 44:b7:f3:57:0c:b5:a7:23:3f:16:28:c6:02:14:b6:80:d8:33: + 42:0c:81:5c:ac:3f:13:d0:5b:4a:66:9f:33:ee:ac:56:fe:37: + 17:2b:03:40 +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIJAOFTujp2BdoeMA0GCSqGSIb3DQEBCwUAMDwxCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUVXNlciBJbnRlcm1lZGlh +dGUgQ0EwHhcNMTUxMjIzMTkzNzM2WhcNMjUxMjIwMTkzNzM2WjAyMQswCQYDVQQG +EwJGSTEOMAwGA1UECgwFdzEuZmkxEzARBgNVBAMMCnVzZXIudzEuZmkwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAhiDlBlqoRy3JXiUk97+mtkRQmYyV +tWqtdLa67jFesiBgmrSTVW0VC9xaJz/fwZIYWWYQ60ccNR8I3eslvSGcLUg0X5cY +3IMo2xSMFjtaNmpQY+k74Df99qDWQK/vHpkdiMFPS5IlUyjLxLfOysomry335GJ5 +SElqgjOwpsalFzOIk3c2sndh4FXeLnUVkkznvxHqMwMeSuYYOBY09dnt+AwXb3hl +rhQYow8ItuKHAuTrD/uB2UuQ/7P6D9METbCZtCte+60EK6fWNg0X4L7AQ8/lLvCO +h4hgsyLYA1lTUKZpzt7QyS73bZpZTZncSzzCFY8nZCM0FDSvQXalapoPAgMBAAGj +gYowgYcwCQYDVR0TBAIwADAdBgNVHQ4EFgQUPjXg+aMeLPrd54vOWAY4IF1ecdIw +HwYDVR0jBBgwFoAUrMT2B56y5fFmfEAFCKrc74pg2sEwGAYDVR0RAQH/BA4wDIIK +dXNlci53MS5maTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCBaAwDQYJ +KoZIhvcNAQELBQADggEBAHvp69fUYKgIYnFh3UJ95Yj0JLs/a6kWZC37zo5VHPV+ +tMN03pbkWTL0qnTirEMoBlRd9/6HMT2sRdUcUX+M+TcLZpSnIl/RVb+kgscKULvH +GM/fR4EAxNLXErCDLWc/gLi+b8nFdpqH7zr2DU8k2OcGbG7/3F5uIaHnJvaURGn0 +sjY4CLHfB/p6U7hg22NLT+YqQv8paLWZOjbrJgV20qvm0HyvjKAgi1BsO7waU22n +yHCXIVYCJASbYypduIzkv+mPWM1umUc8AntjZ8HHMlPM1cvpoDnv+ES381cMtacj +PxYoxgIUtoDYM0IMgVysPxPQW0pmnzPurFb+NxcrA0A= +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/iCA-user/private/cakey.pem b/tests/hwsim/auth_serv/iCA-user/private/cakey.pem new file mode 100644 index 000000000..97ead18a7 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-user/private/cakey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDKg30ZiNdlpH3 +oL6xsPeeruqmcpH1cGVXkUlVWWe71/WevGayv8+VMTKu25o7Q+iljR+LO+bo4zuy +nfBYYuqjim/I7QHKJ3QcDp4oXEOY2xS4cgefaycoJc6lkbe3I5o17w63/J9pTRAu +gaudBLovtOthff1ooRFv9BZCFpkgOCQELTl8dGcUuaomerLZHs7Ni7yN48dYnEr5 +On5sOPhfHOwFTOVWZNQI2PrbF9mh5M+0nd+ZUM76pK+vxvfyDsLFe2z5bOsX5chu +Wr/rprjA90OBiMPYqqlgrKdFP13LjWxIkisEWsSoMrPpb/6NLWXA6sUJsjCxoy7b +IopJsf5PAgMBAAECggEAMQpcP1F7CYVQYH0P7e6eCk3BwNmBO79md76WQtAYdOcr +XRvSYpA4RTD7n1ynQMUrrI3tozsGJvcShSuSvWL9uuKKfF6x2G5ZisNRkqq8gahr +aH2e1LxENp5pcslO9MIJegv8Etdz5y3qJwWGbgpGDr7TdsgF6Uiv7QXUof6zs5h3 +dri5y4tIbv+/OrEL9pz0x0wR1wFZ24huLLd+I4qHW+nSVynzRsb7dH76vvJRcj+o +UUIXx0QASoiFyhTPL3kSIcLcwRW1WEkqQXSENj3765CewhpOVcbzUZQiHjPVdOmg +6+CRptOGJMh5SGHzAbeABwkgeQ4LGWnPdL9B0ZClYQKBgQDk6tGncCWYELelrt9q +D/bzTvTZADzxYKuOUmyiu9Wr6Lx3nbfJupf0kZSGZuTBOjOd8iQkI1edIWTZLgyY +48oW2EggJTo5xmAaAdz82ItXpI0/Rt71QQqhcxsaT2uLIinBdox8wP6/DbnG57DJ +6FcHOsVfAFAVk2sM8ZCK1XRjiwKBgQDaQPbUNGXg04D08jk+15FDlPYh/2TJNSc+ +SBOE1j7wlTNGr6Vcg7N34U+I8Zo/ci8CXQVAMlLd7UJR9UhPsU2ptMldziDPEn5d +28CkoAmfw/vrcE8j12cuKUViJK6E/Fpvmbmb/cKrACj9qHd1QV7kXFemDKPEUlAe +8zp4EqPYzQKBgB4NphCxbH4WU8Xwu2wVRHqU9xg2K8oUwvEgaRrERj0XhQa/Mg3N +7X0yT6mFgKrNlVE7JPuJmEsMw0yv+v9niHSPWIi/2nETVjKT5Atd8o1DETgpecQB +EgA4OGqv2pKdnZXElpUaUVeL2cP/TvpzAln0oUzjoZ/zhq5gWHWhqHIZAoGBANjt +pyfGKNitAEj2FKX8dvrYLUgfY5qFhUrnMtdeZ1KSyVNhs5dfo9rsjDQOB4U2Rbkw +oc5r9md0se1qQYRMM2gRM/BTt9J5jDZX/ILkOoycrGEX0OFL8Nc12CuzT+8IMA8q +mQyNzZZPY26zqoBWCC4sBkYZ3BB+y/nnQV8lD8ulAoGAB0cwM8SWfP+u4M7qWGFV +Dk448ODrEfwnbSABc6EavEJ0BL5h60AsXhV9FW6nxfB66Yt84DZm6YXS+9MElLVy +jlql+Gbaj1Wawtwyzwk7Sl/vqtDwCRta+TP98kAm93Y9CVizlRH93kpNCoYAoDrA +qN+IRKm0VOAaYV4NXrTTMWE= +-----END PRIVATE KEY----- diff --git a/tests/hwsim/auth_serv/iCA-user/serial b/tests/hwsim/auth_serv/iCA-user/serial new file mode 100644 index 000000000..f692ea90b --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-user/serial @@ -0,0 +1 @@ +E153BA3A7605DA1F diff --git a/tests/hwsim/auth_serv/iCA-user/user.key b/tests/hwsim/auth_serv/iCA-user/user.key new file mode 100644 index 000000000..a6d31a545 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-user/user.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDAhiDlBlqoRy3J +XiUk97+mtkRQmYyVtWqtdLa67jFesiBgmrSTVW0VC9xaJz/fwZIYWWYQ60ccNR8I +3eslvSGcLUg0X5cY3IMo2xSMFjtaNmpQY+k74Df99qDWQK/vHpkdiMFPS5IlUyjL +xLfOysomry335GJ5SElqgjOwpsalFzOIk3c2sndh4FXeLnUVkkznvxHqMwMeSuYY +OBY09dnt+AwXb3hlrhQYow8ItuKHAuTrD/uB2UuQ/7P6D9METbCZtCte+60EK6fW +Ng0X4L7AQ8/lLvCOh4hgsyLYA1lTUKZpzt7QyS73bZpZTZncSzzCFY8nZCM0FDSv +QXalapoPAgMBAAECggEBAItIPkISv8GghTJ6htrg1elRUckR3VBtyDinCI/iRRti +OORK6DrzAZDJXOhoHuDNVNmCy8GPxYlVsRckHbvWwZsQc31YbqLQ3Z7QKGRUrSnN +1kpEjfcAduGn7KI0eFPBSjrAtkGcxaV1LT2GGwhjU6567AG8W7Wso1iHy8eQUIQc +LKRJ6KYpDc019Ly01XRH8mNhmxo3hxpBzMxudiHua/9qXmsRGevsshxQ911wkPdO +7Yr9bH1YJ7OvwOxxxAkNyRFAhWa7KPzvhsYX6KHEPTfTSv+3GCz5WLI//5NJ6NFB +3E2ofJOrmxT6EG6hKzyoNzoUwqpbA2BiHhlSVvOjHhECgYEA4pfICLLh40DMdBc9 +LMnPsp7Sv6H1Lcv/SJr0sjI8ESa2WK+XQOKgfB7jxyBHoMYhlr4UxwtgFA2M0cIs +4tfqv6zNKWmwB8VpUS+1kwaITtny8U4Kb7hQadpE0dXG84kb1aG3dsvK07aSTS6w +cW/NPZ9mNQhQ1sYsqF0HzuNysvkCgYEA2YJ0qKvLEkzTGcU0y5CLvzb4ZEuhAc7X +zzHRCNW61mmhNKR3QVEo3vzpKlxF3PbWJUwt0OOUkdyjbRE3yV0d4JCsNH6vRUmD +CxafENHZgkuCDD9TrDWhSefhWc7ip3unGG8KdnkGYDe1lw7zIJW5g7GS41GORqDV +gZngtyxJb0cCgYBQL5ZCPctiOFQh4PdtGh2+ACZkWlQBWOeGMg/V36ESELkGuVy1 +QX25btT8apfudS79wVZo+cWOUx06PZTU0cPpAKW5ugTpOxsB9/gxh2ZFQSuP6SYY +Uwlh7DPebeBx3ltTRl8+Uu/76+fqGFOoUQA4hmgM7FxvJMI48nMI68RzQQKBgQCW +BgAW8t9PUQPt63Kd0aZCDlVHQE7eY1/A/nhSorCLATJ6j9HdkHAjVcgxOpHJdcuA +0EltofswnEFwkgarcfmQkdjlIFgd7zVeqYyvWj6vOwuJDQjWZ+tGgZSSkDsPEB/R +n41U5+b46JPsjBgv6nWZmxpYhkEfAAIjsRIo5XgFMwKBgD6fAKGFelZuJ/W3uUYl +swb0ks/L3CMmisMmPwafp4C9QB89xV8jtyDNhiIG1nCI54it9mKrPCASoPDrdJR5 +r2/yovQFWk1LIRqcfCjqV/2qVZo5Hdp7Ux/aI8N7/M1eEIgbq+RcZlFTclQ6fppt +gBDXmqE8gFdegAGqv+OiifB5 +-----END PRIVATE KEY----- diff --git a/tests/hwsim/auth_serv/iCA-user/user.pem b/tests/hwsim/auth_serv/iCA-user/user.pem new file mode 100644 index 000000000..296060a0b --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-user/user.pem @@ -0,0 +1,84 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 16236525841851734558 (0xe153ba3a7605da1e) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=User Intermediate CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 20 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=user.w1.fi + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:86:20:e5:06:5a:a8:47:2d:c9:5e:25:24:f7: + bf:a6:b6:44:50:99:8c:95:b5:6a:ad:74:b6:ba:ee: + 31:5e:b2:20:60:9a:b4:93:55:6d:15:0b:dc:5a:27: + 3f:df:c1:92:18:59:66:10:eb:47:1c:35:1f:08:dd: + eb:25:bd:21:9c:2d:48:34:5f:97:18:dc:83:28:db: + 14:8c:16:3b:5a:36:6a:50:63:e9:3b:e0:37:fd:f6: + a0:d6:40:af:ef:1e:99:1d:88:c1:4f:4b:92:25:53: + 28:cb:c4:b7:ce:ca:ca:26:af:2d:f7:e4:62:79:48: + 49:6a:82:33:b0:a6:c6:a5:17:33:88:93:77:36:b2: + 77:61:e0:55:de:2e:75:15:92:4c:e7:bf:11:ea:33: + 03:1e:4a:e6:18:38:16:34:f5:d9:ed:f8:0c:17:6f: + 78:65:ae:14:18:a3:0f:08:b6:e2:87:02:e4:eb:0f: + fb:81:d9:4b:90:ff:b3:fa:0f:d3:04:4d:b0:99:b4: + 2b:5e:fb:ad:04:2b:a7:d6:36:0d:17:e0:be:c0:43: + cf:e5:2e:f0:8e:87:88:60:b3:22:d8:03:59:53:50: + a6:69:ce:de:d0:c9:2e:f7:6d:9a:59:4d:99:dc:4b: + 3c:c2:15:8f:27:64:23:34:14:34:af:41:76:a5:6a: + 9a:0f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 3E:35:E0:F9:A3:1E:2C:FA:DD:E7:8B:CE:58:06:38:20:5D:5E:71:D2 + X509v3 Authority Key Identifier: + keyid:AC:C4:F6:07:9E:B2:E5:F1:66:7C:40:05:08:AA:DC:EF:8A:60:DA:C1 + + X509v3 Subject Alternative Name: critical + DNS:user.w1.fi + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 7b:e9:eb:d7:d4:60:a8:08:62:71:61:dd:42:7d:e5:88:f4:24: + bb:3f:6b:a9:16:64:2d:fb:ce:8e:55:1c:f5:7e:b4:c3:74:de: + 96:e4:59:32:f4:aa:74:e2:ac:43:28:06:54:5d:f7:fe:87:31: + 3d:ac:45:d5:1c:51:7f:8c:f9:37:0b:66:94:a7:22:5f:d1:55: + bf:a4:82:c7:0a:50:bb:c7:18:cf:df:47:81:00:c4:d2:d7:12: + b0:83:2d:67:3f:80:b8:be:6f:c9:c5:76:9a:87:ef:3a:f6:0d: + 4f:24:d8:e7:06:6c:6e:ff:dc:5e:6e:21:a1:e7:26:f6:94:44: + 69:f4:b2:36:38:08:b1:df:07:fa:7a:53:b8:60:db:63:4b:4f: + e6:2a:42:ff:29:68:b5:99:3a:36:eb:26:05:76:d2:ab:e6:d0: + 7c:af:8c:a0:20:8b:50:6c:3b:bc:1a:53:6d:a7:c8:70:97:21: + 56:02:24:04:9b:63:2a:5d:b8:8c:e4:bf:e9:8f:58:cd:6e:99: + 47:3c:02:7b:63:67:c1:c7:32:53:cc:d5:cb:e9:a0:39:ef:f8: + 44:b7:f3:57:0c:b5:a7:23:3f:16:28:c6:02:14:b6:80:d8:33: + 42:0c:81:5c:ac:3f:13:d0:5b:4a:66:9f:33:ee:ac:56:fe:37: + 17:2b:03:40 +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIJAOFTujp2BdoeMA0GCSqGSIb3DQEBCwUAMDwxCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUVXNlciBJbnRlcm1lZGlh +dGUgQ0EwHhcNMTUxMjIzMTkzNzM2WhcNMjUxMjIwMTkzNzM2WjAyMQswCQYDVQQG +EwJGSTEOMAwGA1UECgwFdzEuZmkxEzARBgNVBAMMCnVzZXIudzEuZmkwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAhiDlBlqoRy3JXiUk97+mtkRQmYyV +tWqtdLa67jFesiBgmrSTVW0VC9xaJz/fwZIYWWYQ60ccNR8I3eslvSGcLUg0X5cY +3IMo2xSMFjtaNmpQY+k74Df99qDWQK/vHpkdiMFPS5IlUyjLxLfOysomry335GJ5 +SElqgjOwpsalFzOIk3c2sndh4FXeLnUVkkznvxHqMwMeSuYYOBY09dnt+AwXb3hl +rhQYow8ItuKHAuTrD/uB2UuQ/7P6D9METbCZtCte+60EK6fWNg0X4L7AQ8/lLvCO +h4hgsyLYA1lTUKZpzt7QyS73bZpZTZncSzzCFY8nZCM0FDSvQXalapoPAgMBAAGj +gYowgYcwCQYDVR0TBAIwADAdBgNVHQ4EFgQUPjXg+aMeLPrd54vOWAY4IF1ecdIw +HwYDVR0jBBgwFoAUrMT2B56y5fFmfEAFCKrc74pg2sEwGAYDVR0RAQH/BA4wDIIK +dXNlci53MS5maTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCBaAwDQYJ +KoZIhvcNAQELBQADggEBAHvp69fUYKgIYnFh3UJ95Yj0JLs/a6kWZC37zo5VHPV+ +tMN03pbkWTL0qnTirEMoBlRd9/6HMT2sRdUcUX+M+TcLZpSnIl/RVb+kgscKULvH +GM/fR4EAxNLXErCDLWc/gLi+b8nFdpqH7zr2DU8k2OcGbG7/3F5uIaHnJvaURGn0 +sjY4CLHfB/p6U7hg22NLT+YqQv8paLWZOjbrJgV20qvm0HyvjKAgi1BsO7waU22n +yHCXIVYCJASbYypduIzkv+mPWM1umUc8AntjZ8HHMlPM1cvpoDnv+ES381cMtacj +PxYoxgIUtoDYM0IMgVysPxPQW0pmnzPurFb+NxcrA0A= +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/iCA-user/user.req b/tests/hwsim/auth_serv/iCA-user/user.req new file mode 100644 index 000000000..21314b714 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-user/user.req @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwRTELMAkGA1UEBhMCRkkxETAPBgNVBAcMCEhlbHNpbmtpMQ4w +DAYDVQQKDAV3MS5maTETMBEGA1UEAwwKdXNlci53MS5maTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMCGIOUGWqhHLcleJST3v6a2RFCZjJW1aq10trru +MV6yIGCatJNVbRUL3FonP9/BkhhZZhDrRxw1Hwjd6yW9IZwtSDRflxjcgyjbFIwW +O1o2alBj6TvgN/32oNZAr+8emR2IwU9LkiVTKMvEt87KyiavLffkYnlISWqCM7Cm +xqUXM4iTdzayd2HgVd4udRWSTOe/EeozAx5K5hg4FjT12e34DBdveGWuFBijDwi2 +4ocC5OsP+4HZS5D/s/oP0wRNsJm0K177rQQrp9Y2DRfgvsBDz+Uu8I6HiGCzItgD +WVNQpmnO3tDJLvdtmllNmdxLPMIVjydkIzQUNK9BdqVqmg8CAwEAAaAAMA0GCSqG +SIb3DQEBCwUAA4IBAQCUmkpNMn0zJiThP+5G+GvjE4bf1zBPWCQ2jNu9ve5dAd6+ +og47aR2PAJWUmFYMfFBzAFxAVkXVwAMAzN7npwtSjTW9kVPxYHItrncopEzPjIOQ +WHSH8nuYxNNYbbkq1/dvivcJVFk8gNCIFvnW8EKgtDfvDlYcyleWnYA343N7eeBc +ujRiiRrZuADk7VFqWM0TdwUEytP/6FJIhB50Y3yDkGNx1KkAJuCU8eSx/aBg/2Si +XPxDKAcVsESrCfFnHuaqN1+BXP5QXuuvR5N6EPt+C/Mv1VnV28uSkLzFO4PCN2pD +ArGZjVzFM6Qegag10DPk8BmDuh3s+NydD29xUfbA +-----END CERTIFICATE REQUEST----- diff --git a/tests/hwsim/auth_serv/iCA-user/user_and_ica.pem b/tests/hwsim/auth_serv/iCA-user/user_and_ica.pem new file mode 100644 index 000000000..5de2e9d29 --- /dev/null +++ b/tests/hwsim/auth_serv/iCA-user/user_and_ica.pem @@ -0,0 +1,154 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15624081837803162868 (0xd8d3e3a6cbe3ccf4) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=Root CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 22 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=User Intermediate CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:2a:0d:f4:66:23:5d:96:91:f7:a0:be:b1:b0: + f7:9e:ae:ea:a6:72:91:f5:70:65:57:91:49:55:59: + 67:bb:d7:f5:9e:bc:66:b2:bf:cf:95:31:32:ae:db: + 9a:3b:43:e8:a5:8d:1f:8b:3b:e6:e8:e3:3b:b2:9d: + f0:58:62:ea:a3:8a:6f:c8:ed:01:ca:27:74:1c:0e: + 9e:28:5c:43:98:db:14:b8:72:07:9f:6b:27:28:25: + ce:a5:91:b7:b7:23:9a:35:ef:0e:b7:fc:9f:69:4d: + 10:2e:81:ab:9d:04:ba:2f:b4:eb:61:7d:fd:68:a1: + 11:6f:f4:16:42:16:99:20:38:24:04:2d:39:7c:74: + 67:14:b9:aa:26:7a:b2:d9:1e:ce:cd:8b:bc:8d:e3: + c7:58:9c:4a:f9:3a:7e:6c:38:f8:5f:1c:ec:05:4c: + e5:56:64:d4:08:d8:fa:db:17:d9:a1:e4:cf:b4:9d: + df:99:50:ce:fa:a4:af:af:c6:f7:f2:0e:c2:c5:7b: + 6c:f9:6c:eb:17:e5:c8:6e:5a:bf:eb:a6:b8:c0:f7: + 43:81:88:c3:d8:aa:a9:60:ac:a7:45:3f:5d:cb:8d: + 6c:48:92:2b:04:5a:c4:a8:32:b3:e9:6f:fe:8d:2d: + 65:c0:ea:c5:09:b2:30:b1:a3:2e:db:22:8a:49:b1: + fe:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + AC:C4:F6:07:9E:B2:E5:F1:66:7C:40:05:08:AA:DC:EF:8A:60:DA:C1 + X509v3 Authority Key Identifier: + keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14 + + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 0d:60:2b:fa:00:f2:5a:90:31:96:50:c8:9e:7f:60:02:99:c6: + 31:d4:93:86:9e:4c:24:15:b6:b2:31:49:21:79:ce:7f:92:86: + 1e:83:d8:a0:37:05:1b:89:2b:ef:0b:83:21:b0:37:8d:2f:7b: + 6b:7d:c6:04:1e:a2:c8:59:be:52:bf:47:ee:46:cb:45:8d:1f: + 7a:e4:d4:e5:54:60:5f:46:b0:ac:68:8a:26:57:ea:48:45:c1: + 07:7d:ee:10:9e:94:87:4c:7e:26:2e:f8:ad:03:e5:03:86:09: + 3e:48:0c:e0:04:2f:22:b4:e0:3a:b0:72:8c:e2:40:d2:cd:fb: + 8f:fa +-----BEGIN CERTIFICATE----- +MIIC0zCCAjygAwIBAgIJANjT46bL48z0MA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xNTEy +MjMxOTM3MzZaFw0yNTEyMjIxOTM3MzZaMDwxCzAJBgNVBAYTAkZJMQ4wDAYDVQQK +DAV3MS5maTEdMBsGA1UEAwwUVXNlciBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDKg30ZiNdlpH3oL6xsPeeruqmcpH1cGVX +kUlVWWe71/WevGayv8+VMTKu25o7Q+iljR+LO+bo4zuynfBYYuqjim/I7QHKJ3Qc +Dp4oXEOY2xS4cgefaycoJc6lkbe3I5o17w63/J9pTRAugaudBLovtOthff1ooRFv +9BZCFpkgOCQELTl8dGcUuaomerLZHs7Ni7yN48dYnEr5On5sOPhfHOwFTOVWZNQI +2PrbF9mh5M+0nd+ZUM76pK+vxvfyDsLFe2z5bOsX5chuWr/rprjA90OBiMPYqqlg +rKdFP13LjWxIkisEWsSoMrPpb/6NLWXA6sUJsjCxoy7bIopJsf5PAgMBAAGjZjBk +MB0GA1UdDgQWBBSsxPYHnrLl8WZ8QAUIqtzvimDawTAfBgNVHSMEGDAWgBS4kt79 +ihizMMOfVfMzXbTIKYpBFDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE +AwIBBjANBgkqhkiG9w0BAQsFAAOBgQANYCv6APJakDGWUMief2ACmcYx1JOGnkwk +FbayMUkhec5/koYeg9igNwUbiSvvC4MhsDeNL3trfcYEHqLIWb5Sv0fuRstFjR96 +5NTlVGBfRrCsaIomV+pIRcEHfe4QnpSHTH4mLvitA+UDhgk+SAzgBC8itOA6sHKM +4kDSzfuP+g== +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 16236525841851734558 (0xe153ba3a7605da1e) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FI, O=w1.fi, CN=User Intermediate CA + Validity + Not Before: Dec 23 19:37:36 2015 GMT + Not After : Dec 20 19:37:36 2025 GMT + Subject: C=FI, O=w1.fi, CN=user.w1.fi + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:86:20:e5:06:5a:a8:47:2d:c9:5e:25:24:f7: + bf:a6:b6:44:50:99:8c:95:b5:6a:ad:74:b6:ba:ee: + 31:5e:b2:20:60:9a:b4:93:55:6d:15:0b:dc:5a:27: + 3f:df:c1:92:18:59:66:10:eb:47:1c:35:1f:08:dd: + eb:25:bd:21:9c:2d:48:34:5f:97:18:dc:83:28:db: + 14:8c:16:3b:5a:36:6a:50:63:e9:3b:e0:37:fd:f6: + a0:d6:40:af:ef:1e:99:1d:88:c1:4f:4b:92:25:53: + 28:cb:c4:b7:ce:ca:ca:26:af:2d:f7:e4:62:79:48: + 49:6a:82:33:b0:a6:c6:a5:17:33:88:93:77:36:b2: + 77:61:e0:55:de:2e:75:15:92:4c:e7:bf:11:ea:33: + 03:1e:4a:e6:18:38:16:34:f5:d9:ed:f8:0c:17:6f: + 78:65:ae:14:18:a3:0f:08:b6:e2:87:02:e4:eb:0f: + fb:81:d9:4b:90:ff:b3:fa:0f:d3:04:4d:b0:99:b4: + 2b:5e:fb:ad:04:2b:a7:d6:36:0d:17:e0:be:c0:43: + cf:e5:2e:f0:8e:87:88:60:b3:22:d8:03:59:53:50: + a6:69:ce:de:d0:c9:2e:f7:6d:9a:59:4d:99:dc:4b: + 3c:c2:15:8f:27:64:23:34:14:34:af:41:76:a5:6a: + 9a:0f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 3E:35:E0:F9:A3:1E:2C:FA:DD:E7:8B:CE:58:06:38:20:5D:5E:71:D2 + X509v3 Authority Key Identifier: + keyid:AC:C4:F6:07:9E:B2:E5:F1:66:7C:40:05:08:AA:DC:EF:8A:60:DA:C1 + + X509v3 Subject Alternative Name: critical + DNS:user.w1.fi + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Key Usage: + Digital Signature, Key Encipherment + Signature Algorithm: sha256WithRSAEncryption + 7b:e9:eb:d7:d4:60:a8:08:62:71:61:dd:42:7d:e5:88:f4:24: + bb:3f:6b:a9:16:64:2d:fb:ce:8e:55:1c:f5:7e:b4:c3:74:de: + 96:e4:59:32:f4:aa:74:e2:ac:43:28:06:54:5d:f7:fe:87:31: + 3d:ac:45:d5:1c:51:7f:8c:f9:37:0b:66:94:a7:22:5f:d1:55: + bf:a4:82:c7:0a:50:bb:c7:18:cf:df:47:81:00:c4:d2:d7:12: + b0:83:2d:67:3f:80:b8:be:6f:c9:c5:76:9a:87:ef:3a:f6:0d: + 4f:24:d8:e7:06:6c:6e:ff:dc:5e:6e:21:a1:e7:26:f6:94:44: + 69:f4:b2:36:38:08:b1:df:07:fa:7a:53:b8:60:db:63:4b:4f: + e6:2a:42:ff:29:68:b5:99:3a:36:eb:26:05:76:d2:ab:e6:d0: + 7c:af:8c:a0:20:8b:50:6c:3b:bc:1a:53:6d:a7:c8:70:97:21: + 56:02:24:04:9b:63:2a:5d:b8:8c:e4:bf:e9:8f:58:cd:6e:99: + 47:3c:02:7b:63:67:c1:c7:32:53:cc:d5:cb:e9:a0:39:ef:f8: + 44:b7:f3:57:0c:b5:a7:23:3f:16:28:c6:02:14:b6:80:d8:33: + 42:0c:81:5c:ac:3f:13:d0:5b:4a:66:9f:33:ee:ac:56:fe:37: + 17:2b:03:40 +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIJAOFTujp2BdoeMA0GCSqGSIb3DQEBCwUAMDwxCzAJBgNV +BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEdMBsGA1UEAwwUVXNlciBJbnRlcm1lZGlh +dGUgQ0EwHhcNMTUxMjIzMTkzNzM2WhcNMjUxMjIwMTkzNzM2WjAyMQswCQYDVQQG +EwJGSTEOMAwGA1UECgwFdzEuZmkxEzARBgNVBAMMCnVzZXIudzEuZmkwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAhiDlBlqoRy3JXiUk97+mtkRQmYyV +tWqtdLa67jFesiBgmrSTVW0VC9xaJz/fwZIYWWYQ60ccNR8I3eslvSGcLUg0X5cY +3IMo2xSMFjtaNmpQY+k74Df99qDWQK/vHpkdiMFPS5IlUyjLxLfOysomry335GJ5 +SElqgjOwpsalFzOIk3c2sndh4FXeLnUVkkznvxHqMwMeSuYYOBY09dnt+AwXb3hl +rhQYow8ItuKHAuTrD/uB2UuQ/7P6D9METbCZtCte+60EK6fWNg0X4L7AQ8/lLvCO +h4hgsyLYA1lTUKZpzt7QyS73bZpZTZncSzzCFY8nZCM0FDSvQXalapoPAgMBAAGj +gYowgYcwCQYDVR0TBAIwADAdBgNVHQ4EFgQUPjXg+aMeLPrd54vOWAY4IF1ecdIw +HwYDVR0jBBgwFoAUrMT2B56y5fFmfEAFCKrc74pg2sEwGAYDVR0RAQH/BA4wDIIK +dXNlci53MS5maTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCBaAwDQYJ +KoZIhvcNAQELBQADggEBAHvp69fUYKgIYnFh3UJ95Yj0JLs/a6kWZC37zo5VHPV+ +tMN03pbkWTL0qnTirEMoBlRd9/6HMT2sRdUcUX+M+TcLZpSnIl/RVb+kgscKULvH +GM/fR4EAxNLXErCDLWc/gLi+b8nFdpqH7zr2DU8k2OcGbG7/3F5uIaHnJvaURGn0 +sjY4CLHfB/p6U7hg22NLT+YqQv8paLWZOjbrJgV20qvm0HyvjKAgi1BsO7waU22n +yHCXIVYCJASbYypduIzkv+mPWM1umUc8AntjZ8HHMlPM1cvpoDnv+ES381cMtacj +PxYoxgIUtoDYM0IMgVysPxPQW0pmnzPurFb+NxcrA0A= +-----END CERTIFICATE----- diff --git a/tests/hwsim/auth_serv/ica-generate.sh b/tests/hwsim/auth_serv/ica-generate.sh new file mode 100755 index 000000000..8d7708874 --- /dev/null +++ b/tests/hwsim/auth_serv/ica-generate.sh @@ -0,0 +1,87 @@ +#!/bin/sh + +OPENSSL=openssl + +echo +echo "---[ Intermediate CA - Server ]-----------------------------------------" +echo + +cat ec-ca-openssl.cnf | + sed "s/ec-ca/rootCA/" | + sed "s/#@CN@/commonName_default = Server Intermediate CA/" \ + > openssl.cnf.tmp +mkdir -p iCA-server/certs iCA-server/crl iCA-server/newcerts iCA-server/private +touch iCA-server/index.txt +$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-server/private/cakey.pem -out iCA-server/careq.pem -outform PEM -days 3652 -sha256 +$OPENSSL ca -config openssl.cnf.tmp -md sha256 -create_serial -out iCA-server/cacert.pem -days 3652 -batch -keyfile ca-key.pem -cert ca.pem -extensions v3_ca -outdir rootCA/newcerts -infiles iCA-server/careq.pem +cat iCA-server/cacert.pem ca.pem > iCA-server/ca-and-root.pem +rm openssl.cnf.tmp + +echo +echo "---[ Intermediate CA - User ]-------------------------------------------" +echo + +cat ec-ca-openssl.cnf | + sed "s/ec-ca/rootCA/" | + sed "s/#@CN@/commonName_default = User Intermediate CA/" \ + > openssl.cnf.tmp +mkdir -p iCA-user/certs iCA-user/crl iCA-user/newcerts iCA-user/private +touch iCA-user/index.txt +$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-user/private/cakey.pem -out iCA-user/careq.pem -outform PEM -days 3652 -sha256 +$OPENSSL ca -config openssl.cnf.tmp -md sha256 -create_serial -out iCA-user/cacert.pem -days 3652 -batch -keyfile ca-key.pem -cert ca.pem -extensions v3_ca -outdir rootCA/newcerts -infiles iCA-user/careq.pem +cat iCA-user/cacert.pem ca.pem > iCA-user/ca-and-root.pem +rm openssl.cnf.tmp + +echo +echo "---[ Server ]-----------------------------------------------------------" +echo + +cat ec-ca-openssl.cnf | + sed "s/ec-ca/iCA-server/" | + sed "s/#@CN@/commonName_default = server.w1.fi/" | + sed "s/#@ALTNAME@/subjectAltName=critical,DNS:server.w1.fi/" \ + > openssl.cnf.tmp +$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-server/server.key -out iCA-server/server.req -outform PEM -sha256 +$OPENSSL ca -config openssl.cnf.tmp -batch -keyfile iCA-server/private/cakey.pem -cert iCA-server/cacert.pem -create_serial -in iCA-server/server.req -out iCA-server/server.pem -extensions ext_server -md sha256 +cat iCA-server/cacert.pem iCA-server/server.pem > iCA-server/server_and_ica.pem +rm openssl.cnf.tmp + +echo +echo "---[ Server - revoked ]-------------------------------------------------" +echo + +cat ec-ca-openssl.cnf | + sed "s/ec-ca/iCA-server/" | + sed "s/#@CN@/commonName_default = server-revoked.w1.fi/" | + sed "s/#@ALTNAME@/subjectAltName=critical,DNS:server-revoked.w1.fi/" \ + > openssl.cnf.tmp +$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-server/server-revoked.key -out iCA-server/server-revoked.req -outform PEM -sha256 +$OPENSSL ca -config openssl.cnf.tmp -batch -keyfile iCA-server/private/cakey.pem -cert iCA-server/cacert.pem -create_serial -in iCA-server/server-revoked.req -out iCA-server/server-revoked.pem -extensions ext_server -md sha256 +$OPENSSL ca -config openssl.cnf.tmp -revoke iCA-server/server-revoked.pem -keyfile iCA-server/private/cakey.pem -cert iCA-server/cacert.pem +cat iCA-server/cacert.pem iCA-server/server-revoked.pem > iCA-server/server-revoked_and_ica.pem +rm openssl.cnf.tmp + +echo +echo "---[ User ]-----------------------------------------------------------" +echo + +cat ec-ca-openssl.cnf | + sed "s/ec-ca/iCA-user/" | + sed "s/#@CN@/commonName_default = user.w1.fi/" | + sed "s/#@ALTNAME@/subjectAltName=critical,DNS:user.w1.fi/" \ + > openssl.cnf.tmp +$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:2048 -nodes -keyout iCA-user/user.key -out iCA-user/user.req -outform PEM -sha256 +$OPENSSL ca -config openssl.cnf.tmp -batch -keyfile iCA-user/private/cakey.pem -cert iCA-user/cacert.pem -create_serial -in iCA-user/user.req -out iCA-user/user.pem -extensions ext_client -md sha256 +cat iCA-user/cacert.pem iCA-user/user.pem > iCA-user/user_and_ica.pem +rm openssl.cnf.tmp + +echo +echo "---[ Verify ]-----------------------------------------------------------" +echo + +$OPENSSL verify -CAfile ca.pem iCA-server/cacert.pem +$OPENSSL verify -CAfile ca.pem iCA-user/cacert.pem +$OPENSSL verify -CAfile ca.pem -untrusted iCA-server/cacert.pem iCA-server/server.pem +$OPENSSL verify -CAfile ca.pem -untrusted iCA-server/cacert.pem iCA-server/server-revoked.pem +$OPENSSL verify -CAfile ca.pem iCA-user/cacert.pem +$OPENSSL verify -CAfile ca.pem -untrusted iCA-user/cacert.pem iCA-user/user.pem diff --git a/tests/hwsim/auth_serv/rootCA/index.txt b/tests/hwsim/auth_serv/rootCA/index.txt new file mode 100644 index 000000000..8575df948 --- /dev/null +++ b/tests/hwsim/auth_serv/rootCA/index.txt @@ -0,0 +1,2 @@ +V 251222193736Z D8D3E3A6CBE3CCF3 unknown /C=FI/O=w1.fi/CN=Server Intermediate CA +V 251222193736Z D8D3E3A6CBE3CCF4 unknown /C=FI/O=w1.fi/CN=User Intermediate CA diff --git a/tests/hwsim/auth_serv/rootCA/index.txt.attr b/tests/hwsim/auth_serv/rootCA/index.txt.attr new file mode 100644 index 000000000..3a7e39e6e --- /dev/null +++ b/tests/hwsim/auth_serv/rootCA/index.txt.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/tests/hwsim/auth_serv/rootCA/serial b/tests/hwsim/auth_serv/rootCA/serial new file mode 100644 index 000000000..b0de706e5 --- /dev/null +++ b/tests/hwsim/auth_serv/rootCA/serial @@ -0,0 +1 @@ +D8D3E3A6CBE3CCF5 diff --git a/tests/hwsim/test_ap_eap.py b/tests/hwsim/test_ap_eap.py index 7b6b73dba..4de3e4013 100644 --- a/tests/hwsim/test_ap_eap.py +++ b/tests/hwsim/test_ap_eap.py @@ -3024,6 +3024,248 @@ def test_ap_wpa2_eap_ttls_optional_ocsp_unknown(dev, apdev, params): anonymous_identity="ttls", password="password", phase2="auth=PAP", ocsp=1, scan_freq="2412") +def test_ap_wpa2_eap_tls_intermediate_ca(dev, apdev, params): + """EAP-TLS with intermediate server/user CA""" + params = int_eap_server_params() + params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem" + params["server_cert"] = "auth_serv/iCA-server/server.pem" + params["private_key"] = "auth_serv/iCA-server/server.key" + hostapd.add_ap(apdev[0]['ifname'], params) + dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS", + identity="tls user", + ca_cert="auth_serv/iCA-user/ca-and-root.pem", + client_cert="auth_serv/iCA-user/user.pem", + private_key="auth_serv/iCA-user/user.key", + scan_freq="2412") + +def root_ocsp(cert): + ca = "auth_serv/ca.pem" + + fd2, fn2 = tempfile.mkstemp() + os.close(fd2) + + arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-cert", cert, + "-no_nonce", "-sha256", "-text" ] + cmd = subprocess.Popen(arg, stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + res = cmd.stdout.read() + "\n" + cmd.stderr.read() + cmd.stdout.close() + cmd.stderr.close() + logger.info("OCSP request:\n" + res) + + fd, fn = tempfile.mkstemp() + os.close(fd) + arg = [ "openssl", "ocsp", "-index", "rootCA/index.txt", + "-rsigner", ca, "-rkey", "auth_serv/caa-key.pem", + "-CA", ca, "-issuer", ca, "-verify_other", ca, "-trust_other", + "-ndays", "7", "-reqin", fn2, "-resp_no_certs", "-respout", fn, + "-text" ] + cmd = subprocess.Popen(arg, stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + res = cmd.stdout.read() + "\n" + cmd.stderr.read() + cmd.stdout.close() + cmd.stderr.close() + logger.info("OCSP response:\n" + res) + os.unlink(fn2) + return fn + +def ica_ocsp(cert): + prefix = "auth_serv/iCA-server/" + ca = prefix + "cacert.pem" + cert = prefix + cert + + fd2, fn2 = tempfile.mkstemp() + os.close(fd2) + + arg = [ "openssl", "ocsp", "-reqout", fn2, "-issuer", ca, "-cert", cert, + "-no_nonce", "-sha256", "-text" ] + cmd = subprocess.Popen(arg, stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + res = cmd.stdout.read() + "\n" + cmd.stderr.read() + cmd.stdout.close() + cmd.stderr.close() + logger.info("OCSP request:\n" + res) + + fd, fn = tempfile.mkstemp() + os.close(fd) + arg = [ "openssl", "ocsp", "-index", prefix + "index.txt", + "-rsigner", ca, "-rkey", prefix + "private/cakey.pem", + "-CA", ca, "-issuer", ca, "-verify_other", ca, "-trust_other", + "-ndays", "7", "-reqin", fn2, "-resp_no_certs", "-respout", fn, + "-text" ] + cmd = subprocess.Popen(arg, stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + res = cmd.stdout.read() + "\n" + cmd.stderr.read() + cmd.stdout.close() + cmd.stderr.close() + logger.info("OCSP response:\n" + res) + os.unlink(fn2) + return fn + +def test_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params): + """EAP-TLS with intermediate server/user CA and OCSP on server certificate""" + params = int_eap_server_params() + params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem" + params["server_cert"] = "auth_serv/iCA-server/server.pem" + params["private_key"] = "auth_serv/iCA-server/server.key" + fn = ica_ocsp("server.pem") + params["ocsp_stapling_response"] = fn + try: + hostapd.add_ap(apdev[0]['ifname'], params) + dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS", + identity="tls user", + ca_cert="auth_serv/iCA-user/ca-and-root.pem", + client_cert="auth_serv/iCA-user/user.pem", + private_key="auth_serv/iCA-user/user.key", + scan_freq="2412", ocsp=2) + finally: + os.unlink(fn) + +def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_revoked(dev, apdev, params): + """EAP-TLS with intermediate server/user CA and OCSP on revoked server certificate""" + params = int_eap_server_params() + params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem" + params["server_cert"] = "auth_serv/iCA-server/server-revoked.pem" + params["private_key"] = "auth_serv/iCA-server/server-revoked.key" + fn = ica_ocsp("server-revoked.pem") + params["ocsp_stapling_response"] = fn + try: + hostapd.add_ap(apdev[0]['ifname'], params) + dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS", + identity="tls user", + ca_cert="auth_serv/iCA-user/ca-and-root.pem", + client_cert="auth_serv/iCA-user/user.pem", + private_key="auth_serv/iCA-user/user.key", + scan_freq="2412", ocsp=1, wait_connect=False) + count = 0 + while True: + ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS", + "CTRL-EVENT-EAP-SUCCESS"]) + if ev is None: + raise Exception("Timeout on EAP status") + if "CTRL-EVENT-EAP-SUCCESS" in ev: + raise Exception("Unexpected EAP-Success") + if 'bad certificate status response' in ev: + break + if 'certificate revoked' in ev: + break + count = count + 1 + if count > 10: + raise Exception("Unexpected number of EAP status messages") + + ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"]) + if ev is None: + raise Exception("Timeout on EAP failure report") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() + finally: + os.unlink(fn) + +def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_multi_missing_resp(dev, apdev, params): + """EAP-TLS with intermediate server/user CA and OCSP multi missing response""" + check_ocsp_support(dev[0]) + check_ocsp_multi_support(dev[0]) + + params = int_eap_server_params() + params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem" + params["server_cert"] = "auth_serv/iCA-server/server.pem" + params["private_key"] = "auth_serv/iCA-server/server.key" + fn = ica_ocsp("server.pem") + params["ocsp_stapling_response"] = fn + try: + hostapd.add_ap(apdev[0]['ifname'], params) + dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS", + identity="tls user", + ca_cert="auth_serv/iCA-user/ca-and-root.pem", + client_cert="auth_serv/iCA-user/user.pem", + private_key="auth_serv/iCA-user/user.key", + scan_freq="2412", ocsp=3, wait_connect=False) + count = 0 + while True: + ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS", + "CTRL-EVENT-EAP-SUCCESS"]) + if ev is None: + raise Exception("Timeout on EAP status") + if "CTRL-EVENT-EAP-SUCCESS" in ev: + raise Exception("Unexpected EAP-Success") + if 'bad certificate status response' in ev: + break + if 'certificate revoked' in ev: + break + count = count + 1 + if count > 10: + raise Exception("Unexpected number of EAP status messages") + + ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"]) + if ev is None: + raise Exception("Timeout on EAP failure report") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() + finally: + os.unlink(fn) + +def test_ap_wpa2_eap_tls_intermediate_ca_ocsp_multi(dev, apdev, params): + """EAP-TLS with intermediate server/user CA and OCSP multi OK""" + check_ocsp_support(dev[0]) + check_ocsp_multi_support(dev[0]) + + params = int_eap_server_params() + params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem" + params["server_cert"] = "auth_serv/iCA-server/server.pem" + params["private_key"] = "auth_serv/iCA-server/server.key" + fn = ica_ocsp("server.pem") + fn2 = root_ocsp("auth_serv/iCA-server/cacert.pem") + params["ocsp_stapling_response"] = fn + + with open(fn, "r") as f: + resp_server = f.read() + with open(fn2, "r") as f: + resp_ica = f.read() + + fd3, fn3 = tempfile.mkstemp() + try: + f = os.fdopen(fd3, 'w') + f.write(struct.pack(">L", len(resp_server))[1:4]) + f.write(resp_server) + f.write(struct.pack(">L", len(resp_ica))[1:4]) + f.write(resp_ica) + f.close() + + params["ocsp_stapling_response_multi"] = fn3 + + hostapd.add_ap(apdev[0]['ifname'], params) + dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS", + identity="tls user", + ca_cert="auth_serv/iCA-user/ca-and-root.pem", + client_cert="auth_serv/iCA-user/user.pem", + private_key="auth_serv/iCA-user/user.key", + scan_freq="2412", ocsp=3, wait_connect=False) + count = 0 + while True: + ev = dev[0].wait_event(["CTRL-EVENT-EAP-STATUS", + "CTRL-EVENT-EAP-SUCCESS"]) + if ev is None: + raise Exception("Timeout on EAP status") + if "CTRL-EVENT-EAP-SUCCESS" in ev: + raise Exception("Unexpected EAP-Success") + if 'bad certificate status response' in ev: + break + if 'certificate revoked' in ev: + break + count = count + 1 + if count > 10: + raise Exception("Unexpected number of EAP status messages") + + ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"]) + if ev is None: + raise Exception("Timeout on EAP failure report") + dev[0].request("REMOVE_NETWORK all") + dev[0].wait_disconnected() + finally: + os.unlink(fn) + os.unlink(fn2) + os.unlink(fn3) + def test_ap_wpa2_eap_tls_ocsp_multi_revoked(dev, apdev, params): """EAP-TLS and CA signed OCSP multi response (revoked)""" check_ocsp_support(dev[0])