tests: EAP-TTLS with server certificate valid beyond UNIX time 2^31

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-05-24 11:24:35 +03:00
parent 768ea0bc32
commit 5748d1e5f8
3 changed files with 159 additions and 0 deletions

View file

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDA+hcn645Hf2Vx
DuNGR2791hnx4L0bfpzsiEDZ3ssv6WTfzMgvc8k30TkenlA4Zxs9Mg/i3CmnAItV
6XqlGf3e1TtSmolOk0fPVoQ+NiPoVeQJ9buycFYHaj+l44o80s7+i66q6GrBc/MQ
qulNJPdpyzGE0MtwPTVJ6R8tNoEV3gt1dEPCIDmpJ4XVYhWVvNcicLL2CWpH37gj
LNS3Bf/ApeB6skdzsESmaCaSk5JuNm6zdpZnVQU+ipPNlrvq7y1k0j5kFZsJ57As
CwJPkppLigUL3TUnT8LGvoGw42+gZFhYENqoeSdXop2k0+Ct0i3Tmy+60fuYu6UL
66dVPcJGOCel05gHJD3D8xCCC+9Cr60kZgjsJwtN7aqybAjI4dSqiMwbswLvxDco
kMfW8kDpbfU0yRdtkRr33y5iQ7FIB2qygH6waRsfmLKtsyfFCCNo/B208xs6geyb
TvAGnpy8v2L+5/1dos87rdGFZiiXmG1zEhGcPe9Cjlj22e/ULqo3HP7FhfvCOTzE
fZg1hPGwFff0U3r8tnfWiwXcEDse5EULCPBhzsv7XkmV5jDd/kc5U1j9WsbUZSVN
xKVmEEAiHePt/ONQDi18ERjUxotFu7LF+/G94Q4Sd6rQtFTDnctlPj5y8MhgEqr+
+4pLwptKxVktypPimbMeEBOMwKUxZQIDAQABAoICAFAo0muTrmNGqQWgkInF7HXm
dJqDpyn/mwGpy350zGQXh/5q2xDTANd9wkNUsa/sLGVsISs0Ft03HanPNVHVjR39
5wl2Beksxpx6rK4G4T2GSBZXC+OgRCwKV2v6K5b+Xltf/Gsj5gx7tJDM3eJco6U/
cU9hR9BUrIkKHBg01sQVmx7r76V4q1r3fuFXP+4WJis5My1+VbaLWLrLyYRJKqaE
gM2WtpV4t9uD0dn7EM1VMQC9FtbPe0EyYRj6Lw700R9bMe1zCBbCNezlmc0h8ZPF
PjliZszwldDmm4q1vs2aQRQ71Ag9YzlE5ETuehrZ/o0ynk31IZSdBX8BIV4ILGUy
10obeXFpgSjIGBnR1wl30l9DbEF3CciSJMWA323A7l81ztLf2dS6fB8vUU4rlaeY
vcJi1Qcbjt21GFxX1biMvGvYVFmnWR4LvUkVoNdhyBHHacCrupD5y/M7xycIK3Uo
6JPaMZKxFTbe1bWW4GVI4KbFKKrqxaZkj2gxa8r+M3zd5C/g2McvhqGAtqkGb/Sk
QmuBZhFaPYNUvYS62AYo9VRmJ8beZ+SsACJYBu4CJk+vievRPtRLAy3+fmkqXUIg
n3VhM30B5VmngO3Zh/RJqCsHXmf90uNNHNbS0usDnUhNnUqsKHM3DHqyWUit72ie
tIczuD5bnAghqGH8ZTyVAoIBAQD5YmjjxdyU5wllRH7BlqktN34D6BKOSkkqfBFk
aZ1K+sz8m7QmD/fbtWH3Ej/5CD4V9a31YohoUMjkQ5sL5UHAtK3BjEvFaz744DHf
yTgzkso/Tt1qp6oykXoMnj/VQQBIh0sEQ+FbJap2AmjiVOkY1krzPUuoLTDm+B3N
WS0zO9uXTdwZ6u/XlTcFwGK2YOJ8qvogQ7MDLa50S7KCgNA9F0foyS5wQbFLMwub
tWgRrRcB//spuR25k4zJVd3Lp7hbEftj0sxH1TvB0UPlIQODOipi8w4ByXOmGwoQ
jqdAWm1ApgJOf0VRzmILuviOQxbi6WmhtoWoa1+3nrKaw0FrAoIBAQDGGJzboDRx
ngtnzn8LjuT1LZ2tZD0ftxUbYJXcg+vppBo89i3XqkfnS5Wv42jxYVbPJCAHQSKB
Gep7rtC7lz8n1EPgQ0G1AtC7s45jvMROlaVVn9TbmQMxZWhyz6+aZodWtYQcZbem
QZb5AUIH2N77XTHm9QoSMYMSPFg1is8ZT9dsXbfrjnJw3yD97jT9vqfGUPBFdp/6
OVGCm/GFtWhmnfJDKXBERKdEcOrA9VVu7TCo9RIl+ESOcPjaUXtqQO8qJMkq/BZz
rCWYRp9K0JohjyRtbqxybfCHQFoYPhYPN7NEvTcw8xzO4Fbe3UeuyAcQm6Bim/yt
UxsUVv0t5HxvAoIBABH8xiH/qHxY+bWDLj1aV5N6WC2B9KyssQBOeJasg3rgAh8K
QAEqz67aM1m1yEV3EbtVwBld5QbZJNRKCAngnFCA97NpIiH4LU+YJCDHC7W0lb/h
OVkzBLSnB42XcHU6PgH9OCzzlHKVkej3HYeNpk5zTm6i8i0MLWXLaaLhFsCGRb1x
EToRVwFOsuxIRxZugIeLcYUYPPYyuk2LFDIThnGRl080C5RvOJF6+hBeEkaMHIe5
Ze1Je9phyRrQhbHlxAdVkbNOhgt8VtYQ+Puy2OUDMgF3FICOfjfx5VTyZR/gJdcu
4iW1SlOvNiUwdDMWpbTyLvtKBfPy4rGE0c8V3EcCggEADkXjt2dZn/4VMEuOl9SZ
5ph8zet1A/37BVf2NEdFDjaGtXG/Z9SbDa1CgcPO4eVzjcU6kYs94zNs07CK1ZlW
MZZ3tYbjCxnC1GNhlQoa0taxbPPxMElcE4kM94jDTEqq4bJ+bFVf4BjFufc/PLWB
i3bxi4SITztGCGBUsrbnqRk5mlM+VziSQlOxWtp48vdzuzRFu5uKd0r99n0p78pc
VVh4BiLMNf8EVkgUggarOyzX3rSZtCapOeIl7AUG8WbwVIcF/5TeQUNcCha8j3Vs
RZK8uy3IOw500Cnw0+JVUI9g2UkQ2vQJVVaQq8ohyhQbfjTYX4KBuDNOti52W4Ik
/QKCAQAStLzR2L2AWb4pw7azKxPBoyf3r8B31xOT2Q4LhcIzuS5VzE8vOOEprsQ3
lP9shiaEgn6D2ifkfdUC3qEekamKFiXoPuaLdopP7u9C3Qzyu8fF9sFA5xD0vR1m
U6Cf6KOuwoEI4woaOm6+I6WDLwo6oQeMtUijycJp/FZmpz0am2z5YeynBL9mvPij
oh1zgP7q8EzF/LGvaLZASMeoEktvHodzSqEBvi+FrVjr2Rox0l8F34xZpNVzJxrm
aehPzOWdaWbhR8cC5BFf7xvpFVBwy0Weg1qua+1FPaKw/Vuohqn97N3wRgALC9Pv
Wn3OoMMoOXVSeqpHuMye16F61vko
-----END PRIVATE KEY-----

View file

@ -0,0 +1,96 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15624081837803162842 (0xd8d3e3a6cbe3ccda)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FI, O=w1.fi, CN=Root CA
Validity
Not Before: May 24 08:13:55 2015 GMT
Not After : May 11 08:13:55 2065 GMT
Subject: C=FI, O=w1.fi, CN=server7.w1.fi
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c0:fa:17:27:eb:8e:47:7f:65:71:0e:e3:46:47:
6e:fd:d6:19:f1:e0:bd:1b:7e:9c:ec:88:40:d9:de:
cb:2f:e9:64:df:cc:c8:2f:73:c9:37:d1:39:1e:9e:
50:38:67:1b:3d:32:0f:e2:dc:29:a7:00:8b:55:e9:
7a:a5:19:fd:de:d5:3b:52:9a:89:4e:93:47:cf:56:
84:3e:36:23:e8:55:e4:09:f5:bb:b2:70:56:07:6a:
3f:a5:e3:8a:3c:d2:ce:fe:8b:ae:aa:e8:6a:c1:73:
f3:10:aa:e9:4d:24:f7:69:cb:31:84:d0:cb:70:3d:
35:49:e9:1f:2d:36:81:15:de:0b:75:74:43:c2:20:
39:a9:27:85:d5:62:15:95:bc:d7:22:70:b2:f6:09:
6a:47:df:b8:23:2c:d4:b7:05:ff:c0:a5:e0:7a:b2:
47:73:b0:44:a6:68:26:92:93:92:6e:36:6e:b3:76:
96:67:55:05:3e:8a:93:cd:96:bb:ea:ef:2d:64:d2:
3e:64:15:9b:09:e7:b0:2c:0b:02:4f:92:9a:4b:8a:
05:0b:dd:35:27:4f:c2:c6:be:81:b0:e3:6f:a0:64:
58:58:10:da:a8:79:27:57:a2:9d:a4:d3:e0:ad:d2:
2d:d3:9b:2f:ba:d1:fb:98:bb:a5:0b:eb:a7:55:3d:
c2:46:38:27:a5:d3:98:07:24:3d:c3:f3:10:82:0b:
ef:42:af:ad:24:66:08:ec:27:0b:4d:ed:aa:b2:6c:
08:c8:e1:d4:aa:88:cc:1b:b3:02:ef:c4:37:28:90:
c7:d6:f2:40:e9:6d:f5:34:c9:17:6d:91:1a:f7:df:
2e:62:43:b1:48:07:6a:b2:80:7e:b0:69:1b:1f:98:
b2:ad:b3:27:c5:08:23:68:fc:1d:b4:f3:1b:3a:81:
ec:9b:4e:f0:06:9e:9c:bc:bf:62:fe:e7:fd:5d:a2:
cf:3b:ad:d1:85:66:28:97:98:6d:73:12:11:9c:3d:
ef:42:8e:58:f6:d9:ef:d4:2e:aa:37:1c:fe:c5:85:
fb:c2:39:3c:c4:7d:98:35:84:f1:b0:15:f7:f4:53:
7a:fc:b6:77:d6:8b:05:dc:10:3b:1e:e4:45:0b:08:
f0:61:ce:cb:fb:5e:49:95:e6:30:dd:fe:47:39:53:
58:fd:5a:c6:d4:65:25:4d:c4:a5:66:10:40:22:1d:
e3:ed:fc:e3:50:0e:2d:7c:11:18:d4:c6:8b:45:bb:
b2:c5:fb:f1:bd:e1:0e:12:77:aa:d0:b4:54:c3:9d:
cb:65:3e:3e:72:f0:c8:60:12:aa:fe:fb:8a:4b:c2:
9b:4a:c5:59:2d:ca:93:e2:99:b3:1e:10:13:8c:c0:
a5:31:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
B9:82:B8:B0:E0:95:0E:21:A8:12:1B:41:EE:FA:DC:2E:3E:17:D2:57
X509v3 Authority Key Identifier:
keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
Authority Information Access:
OCSP - URI:http://server.w1.fi:8888/
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
8a:09:20:6d:71:d0:16:13:6d:0e:19:30:5d:70:8f:8a:0c:ab:
67:da:8f:40:51:f7:2b:d8:01:2b:9e:b4:ee:cf:95:79:e1:4f:
05:87:27:8f:cf:84:93:28:60:3c:1c:6e:c6:3e:62:4f:d4:de:
78:74:d2:da:f4:8d:a7:63:40:a3:21:bb:78:28:02:53:41:ac:
40:f1:3c:77:69:c6:81:51:49:90:41:80:3a:03:f2:8c:d5:bc:
4c:c1:70:4b:a1:c4:66:26:0b:cb:d2:43:69:89:64:c2:69:af:
5d:3d:4b:51:d5:51:40:3d:2d:c5:a5:ef:a0:5a:42:53:2d:e1:
11:1b
-----BEGIN CERTIFICATE-----
MIIEAzCCA2ygAwIBAgIJANjT46bL48zaMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAgFw0xNTA1
MjQwODEzNTVaGA8yMDY1MDUxMTA4MTM1NVowNTELMAkGA1UEBhMCRkkxDjAMBgNV
BAoMBXcxLmZpMRYwFAYDVQQDDA1zZXJ2ZXI3LncxLmZpMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAwPoXJ+uOR39lcQ7jRkdu/dYZ8eC9G36c7IhA2d7L
L+lk38zIL3PJN9E5Hp5QOGcbPTIP4twppwCLVel6pRn93tU7UpqJTpNHz1aEPjYj
6FXkCfW7snBWB2o/peOKPNLO/ouuquhqwXPzEKrpTST3acsxhNDLcD01SekfLTaB
Fd4LdXRDwiA5qSeF1WIVlbzXInCy9glqR9+4IyzUtwX/wKXgerJHc7BEpmgmkpOS
bjZus3aWZ1UFPoqTzZa76u8tZNI+ZBWbCeewLAsCT5KaS4oFC901J0/Cxr6BsONv
oGRYWBDaqHknV6KdpNPgrdIt05svutH7mLulC+unVT3CRjgnpdOYByQ9w/MQggvv
Qq+tJGYI7CcLTe2qsmwIyOHUqojMG7MC78Q3KJDH1vJA6W31NMkXbZEa998uYkOx
SAdqsoB+sGkbH5iyrbMnxQgjaPwdtPMbOoHsm07wBp6cvL9i/uf9XaLPO63RhWYo
l5htcxIRnD3vQo5Y9tnv1C6qNxz+xYX7wjk8xH2YNYTxsBX39FN6/LZ31osF3BA7
HuRFCwjwYc7L+15JleYw3f5HOVNY/VrG1GUlTcSlZhBAIh3j7fzjUA4tfBEY1MaL
RbuyxfvxveEOEneq0LRUw53LZT4+cvDIYBKq/vuKS8KbSsVZLcqT4pmzHhATjMCl
MWUCAwEAAaOBmjCBlzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS5griw4JUOIagSG0Hu
+twuPhfSVzAfBgNVHSMEGDAWgBS4kt79ihizMMOfVfMzXbTIKYpBFDA1BggrBgEF
BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9zZXJ2ZXIudzEuZmk6ODg4OC8w
EwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADgYEAigkgbXHQFhNt
DhkwXXCPigyrZ9qPQFH3K9gBK5607s+VeeFPBYcnj8+EkyhgPBxuxj5iT9TeeHTS
2vSNp2NAoyG7eCgCU0GsQPE8d2nGgVFJkEGAOgPyjNW8TMFwS6HEZiYLy9JDaYlk
wmmvXT1LUdVRQD0txaXvoFpCUy3hERs=
-----END CERTIFICATE-----

View file

@ -2402,6 +2402,17 @@ def test_ap_wpa2_eap_ttls_ignore_expired_cert(dev, apdev):
phase1="tls_disable_time_checks=1", phase1="tls_disable_time_checks=1",
scan_freq="2412") scan_freq="2412")
def test_ap_wpa2_eap_ttls_long_duration(dev, apdev):
"""WPA2-Enterprise using EAP-TTLS and long certificate duration"""
params = int_eap_server_params()
params["server_cert"] = "auth_serv/server-long-duration.pem"
params["private_key"] = "auth_serv/server-long-duration.key"
hostapd.add_ap(apdev[0]['ifname'], params)
dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
identity="mschap user", password="password",
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAP",
scan_freq="2412")
def test_ap_wpa2_eap_ttls_server_cert_eku_client(dev, apdev): def test_ap_wpa2_eap_ttls_server_cert_eku_client(dev, apdev):
"""WPA2-Enterprise using EAP-TTLS and server cert with client EKU""" """WPA2-Enterprise using EAP-TTLS and server cert with client EKU"""
params = int_eap_server_params() params = int_eap_server_params()