tests: Add a server certificate with TOD-TOFU policy
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
a647a0ad75
commit
b1dfe96ae1
6 changed files with 164 additions and 1 deletions
22
tests/hwsim/auth_serv/server-certpol2.csr
Normal file
22
tests/hwsim/auth_serv/server-certpol2.csr
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIDlTCCAf0CAQAwUDELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
|
||||
BgNVBAoMBXcxLmZpMR8wHQYDVQQDDBZzZXJ2ZXItcG9saWNpZXMyLncxLmZpMIIB
|
||||
ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA5lDRKAUnbNRC00LHzFOpa8Kj
|
||||
qyBvFzSd5B0x0MRoZULV6L2quOTp9u4udc1qjPaOqq9sfOs1UFWxwrP4p9AeozMm
|
||||
aEAgE3QIh++2OvF/PvV/k0R0N4vDiae6X0I5SiIgQGbGb3fPVD8FYd6rcfqfeG2X
|
||||
SuhgoBGqbLqdRGUY6OCP0d/alatBLGNl9kJC5h9CpBx0IEn01JIO4747Vf04aHQ6
|
||||
5N+aK5W/6dE4ixYkIDXbuNAVMC4vaiS54enntrW95g9Z3d+VnKsDtMVCgUhhzDwG
|
||||
F4VjbijL14jRzkDH/2FRrLu6I8lCp30nDR5TkM8iP1f1/xoFDJx6G/viR19Fy+6I
|
||||
paBUcYP309PFvLJ+haexGs+Ry4s5unwsnbLFecPggHMGME9dgVLiv0NVhV1kxJes
|
||||
6S1+MLXhUlBTDKwkjnuiV43/sQW6IzOmCKO0OEL2XNm8XXWVgv9NmttWLxs40lEF
|
||||
LJBi8Y5M7uobrqpTdIW6xsPCSzC94C7IrH4lzDJfAgMBAAGgADANBgkqhkiG9w0B
|
||||
AQsFAAOCAYEAe5pIVGtUDu9+vI7oIDAc/AkiPxCsM1W8r/geTQvGaP1FzuppXbo+
|
||||
i1U2iGTC2P/9ZJ+zMBbj7IVvPg9KWOnDP98BZB6iHSYOm6OYBsIpm9uSvET7qJ+M
|
||||
22xZe89abeYNFgDpKYJRasFEG3ze2HvNvZUolR8RYakTeBCwlO8snqiZgjJdwbFz
|
||||
0fVWqVoFCZN0AUvzfAeqFwZpZ9cQRETOB10DbVxnWe58mJgFckXwSynmxdP4o+9L
|
||||
QUq8HB9FMlUyn60usP121Wm1LC3tvJpecl4otQqu2nPnmhUWMMiBMRpPwOqB0fnn
|
||||
gfdqON5cligShTernXXtdBnXoeM+ZT2qayazuZ/3JD5ioVM2ZVVNRfPZTmDwF9+1
|
||||
w0TC4YfEuAHMfOAnfr+lOt0HI3lGIqTzbze7IPRK1mbfq6gOa0DzQw04vflLFVzx
|
||||
/f9S0K8sHeKj3DaaezCGY3T/rUMbmwT/pSNNK56zcddBcj/fFf+3NhcbC09U8V4h
|
||||
RBL7vBjsIWsH
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
40
tests/hwsim/auth_serv/server-certpol2.key
Normal file
40
tests/hwsim/auth_serv/server-certpol2.key
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDmUNEoBSds1ELT
|
||||
QsfMU6lrwqOrIG8XNJ3kHTHQxGhlQtXovaq45On27i51zWqM9o6qr2x86zVQVbHC
|
||||
s/in0B6jMyZoQCATdAiH77Y68X8+9X+TRHQ3i8OJp7pfQjlKIiBAZsZvd89UPwVh
|
||||
3qtx+p94bZdK6GCgEapsup1EZRjo4I/R39qVq0EsY2X2QkLmH0KkHHQgSfTUkg7j
|
||||
vjtV/ThodDrk35orlb/p0TiLFiQgNdu40BUwLi9qJLnh6ee2tb3mD1nd35WcqwO0
|
||||
xUKBSGHMPAYXhWNuKMvXiNHOQMf/YVGsu7ojyUKnfScNHlOQzyI/V/X/GgUMnHob
|
||||
++JHX0XL7oiloFRxg/fT08W8sn6Fp7Eaz5HLizm6fCydssV5w+CAcwYwT12BUuK/
|
||||
Q1WFXWTEl6zpLX4wteFSUFMMrCSOe6JXjf+xBbojM6YIo7Q4QvZc2bxddZWC/02a
|
||||
21YvGzjSUQUskGLxjkzu6huuqlN0hbrGw8JLML3gLsisfiXMMl8CAwEAAQKCAYEA
|
||||
z/4yNPManKTASKtpZjQzr3aSeiuLR6ij4msfHssRAEmwhkQrFljclbyZxpcg33aW
|
||||
drx/u/xqJEePhicjquE/meDKkaE/lnHWdnTb3DVV1dS9RpCuZ69Xgkwv+nEC7dkN
|
||||
yTtHf0jyusFDKhR+Piu4sng+Bk7/W+84OoL5Hdgy+7Q5Da8cZsfGzsBhR1ils86N
|
||||
T0nG8ZX4fbP9sFyOl2Rb+bDlsuXgA/Zz30OrzafMLi6VZDy+tckv1qqeF9A2CwHq
|
||||
avLsnqatMqZBbYkbo9munv2Fhs4z1KJQl6u3BifnFX4ZiP/tCBdc/Clgbr/dw2e+
|
||||
6GEclNT0eSiB9vUw3wHINRqnU35i8wIOmMJ7wG5q+PeRn8sEfkRSCshKjIfvBcHG
|
||||
G/rVmILERKMJQax2MavGWhYYtWEu5cMOdK3hDb7/0uODv1oJYQGp5qNom6U0efLK
|
||||
oD3la3E3KfYbCLdA1XBG8p9TcOFbm2hm7c1UFzBQ805JmR4SIvcR5gEkOadcTajp
|
||||
AoHBAP629szQlStD/1cHi4X9rQ7Nm2LqljLp6hVn+KOZztqEaT36HqU7247sII93
|
||||
axMLVMRxebK5gZ5H/UF9M/75MWoUvnlbkWPPeRdr2HJUc/h7HbV/V79NSjfLBFqG
|
||||
kX6Gx6V4PQg3dww/FPJBQuRP84gUFMDvMhoXutjVY5aoCPwyiez7qEEYjyyyIEFW
|
||||
JKRgqp1LMHH/yOWvytOdjNhTlx9AMnAyNa8LJWtxPgqtZIN4ifjPbytdZfVA6y8Y
|
||||
hZanwwKBwQDnelWxu9QxSOT9kCMWRtdkb2e04NyyDSN4XHv0UQ5tfGYnphE7cjIL
|
||||
9wmutI16mueKSkO2pECjKSnsraEwXAxMazwFjHZmq5c6LzxZ1HpmnW+31vHu5Q9R
|
||||
t9oB9eY6nrNmPtSur5bfRzC7qzBJtrjNEmzJ2aS71yMC0cuZvmjko9t0U48qbgJv
|
||||
zoOUuyCmz5PK1dOd0OyzH11XsRzfcf/nOqZUhQ0zaG0WSewmbqpVW2PsxkIEYlr6
|
||||
0hGtSjG2PTUCgcEAp4Py6h5fjDXLDxSCORvtnaexAqvfHhrifTOEvSuhc+rTQBRn
|
||||
5SlpqyQ2AcR64ep41D0A2X7Q9STJNTG/aXe/fNGptyx2gNro+3NMxVwvbQKjNkNK
|
||||
lSCip/DXqyWHOFwxnuxlzyqTG7W889nhwT+nnR3/zCdDnw9uLb6hIWrfheVC+l1D
|
||||
eZRKTQ3U0sNxk72TV6EkekTLfetQDD44a+kFoWLaCRmsXrOI55FxSRph2WkD7GOX
|
||||
7EAflt0cDzwkV0F7AoHAbiVfO5imCuGl3SZGG+aPvcHpNj+9pJft5esULJiZZe3I
|
||||
6lryXjgjql/d4p0VqV6miL535CPaggknYvDn/4v9aiuovvcsrARAjLZHYHNj3wpR
|
||||
S8hjDQtAM+FpQn+RExnLQf7p00nIX+yPOu3lp13kJ+j5jT8cTSm9Bi1wVXMulIWH
|
||||
+p18RXNdg3hgUliM2/NwXxdKgBEXYNCu6PhlRcoIPC5DUXqSYoDxT6bTUSJduQoo
|
||||
zVU1usJWin2FXdEtQIt1AoHAG0JIyXgEjYlLd7neRUvMT19CyJ7H5pipRBNGPmqY
|
||||
0rTsXxPo3htYCJnPd3/vSVZ6YMhztWN9PxVcv4zyo5AkoYwXIoFezUy5Gs/81eZW
|
||||
H8TTvo/sZRwdRPfN8a8eULFVUByBrVx5+2fXEQvq6FrlI056WWNb2LbBy9V5+37I
|
||||
3DQASpLlDDFdMVXtADPDoVoSJbiDcoA9Y3KCJ4a9qgLBCzMjZRAzoCobaTjmcut4
|
||||
1Peox0uGkHST86FZUyHbn9C5
|
||||
-----END PRIVATE KEY-----
|
||||
92
tests/hwsim/auth_serv/server-certpol2.pem
Normal file
92
tests/hwsim/auth_serv/server-certpol2.pem
Normal file
|
|
@ -0,0 +1,92 @@
|
|||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
d8:d3:e3:a6:cb:e3:cd:1e
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: C=FI, O=w1.fi, CN=Root CA
|
||||
Validity
|
||||
Not Before: Aug 16 12:58:24 2019 GMT
|
||||
Not After : Aug 15 12:58:24 2020 GMT
|
||||
Subject: C=FI, O=w1.fi, CN=server-policies2.w1.fi
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public-Key: (3072 bit)
|
||||
Modulus:
|
||||
00:e6:50:d1:28:05:27:6c:d4:42:d3:42:c7:cc:53:
|
||||
a9:6b:c2:a3:ab:20:6f:17:34:9d:e4:1d:31:d0:c4:
|
||||
68:65:42:d5:e8:bd:aa:b8:e4:e9:f6:ee:2e:75:cd:
|
||||
6a:8c:f6:8e:aa:af:6c:7c:eb:35:50:55:b1:c2:b3:
|
||||
f8:a7:d0:1e:a3:33:26:68:40:20:13:74:08:87:ef:
|
||||
b6:3a:f1:7f:3e:f5:7f:93:44:74:37:8b:c3:89:a7:
|
||||
ba:5f:42:39:4a:22:20:40:66:c6:6f:77:cf:54:3f:
|
||||
05:61:de:ab:71:fa:9f:78:6d:97:4a:e8:60:a0:11:
|
||||
aa:6c:ba:9d:44:65:18:e8:e0:8f:d1:df:da:95:ab:
|
||||
41:2c:63:65:f6:42:42:e6:1f:42:a4:1c:74:20:49:
|
||||
f4:d4:92:0e:e3:be:3b:55:fd:38:68:74:3a:e4:df:
|
||||
9a:2b:95:bf:e9:d1:38:8b:16:24:20:35:db:b8:d0:
|
||||
15:30:2e:2f:6a:24:b9:e1:e9:e7:b6:b5:bd:e6:0f:
|
||||
59:dd:df:95:9c:ab:03:b4:c5:42:81:48:61:cc:3c:
|
||||
06:17:85:63:6e:28:cb:d7:88:d1:ce:40:c7:ff:61:
|
||||
51:ac:bb:ba:23:c9:42:a7:7d:27:0d:1e:53:90:cf:
|
||||
22:3f:57:f5:ff:1a:05:0c:9c:7a:1b:fb:e2:47:5f:
|
||||
45:cb:ee:88:a5:a0:54:71:83:f7:d3:d3:c5:bc:b2:
|
||||
7e:85:a7:b1:1a:cf:91:cb:8b:39:ba:7c:2c:9d:b2:
|
||||
c5:79:c3:e0:80:73:06:30:4f:5d:81:52:e2:bf:43:
|
||||
55:85:5d:64:c4:97:ac:e9:2d:7e:30:b5:e1:52:50:
|
||||
53:0c:ac:24:8e:7b:a2:57:8d:ff:b1:05:ba:23:33:
|
||||
a6:08:a3:b4:38:42:f6:5c:d9:bc:5d:75:95:82:ff:
|
||||
4d:9a:db:56:2f:1b:38:d2:51:05:2c:90:62:f1:8e:
|
||||
4c:ee:ea:1b:ae:aa:53:74:85:ba:c6:c3:c2:4b:30:
|
||||
bd:e0:2e:c8:ac:7e:25:cc:32:5f
|
||||
Exponent: 65537 (0x10001)
|
||||
X509v3 extensions:
|
||||
X509v3 Basic Constraints:
|
||||
CA:FALSE
|
||||
X509v3 Subject Key Identifier:
|
||||
4E:01:8B:7E:C2:77:94:E1:68:B3:C4:29:35:24:05:0B:DE:84:4A:89
|
||||
X509v3 Authority Key Identifier:
|
||||
keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
|
||||
|
||||
Authority Information Access:
|
||||
OCSP - URI:http://server.w1.fi:8888/
|
||||
|
||||
X509v3 Subject Alternative Name:
|
||||
DNS:server-policies2.w1.fi
|
||||
X509v3 Certificate Policies:
|
||||
Policy: 1.3.6.1.4.1.40808.1.3.2
|
||||
|
||||
X509v3 Extended Key Usage:
|
||||
TLS Web Server Authentication
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
89:0d:37:6e:dd:ac:99:70:c3:21:20:ad:00:6e:62:19:a9:d2:
|
||||
eb:0c:af:e7:76:3a:dc:9e:7d:0b:cf:0e:73:48:48:41:4c:53:
|
||||
19:85:14:25:36:32:b4:52:14:ab:3d:0a:eb:ce:0d:0a:66:e5:
|
||||
a5:81:b5:09:90:96:c9:09:49:bd:b4:7a:f3:15:3a:2e:53:2c:
|
||||
8a:62:83:20:72:4e:71:d1:89:ff:41:72:39:a0:a3:98:07:91:
|
||||
a1:72:ef:ef:29:20:66:ce:7d:38:6f:bc:ad:f1:4f:51:26:87:
|
||||
42:05:95:65:ce:27:44:64:86:a5:ed:8b:85:eb:7f:30:ca:07:
|
||||
72:e3
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDxzCCAzCgAwIBAgIJANjT46bL480eMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
|
||||
BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xOTA4
|
||||
MTYxMjU4MjRaFw0yMDA4MTUxMjU4MjRaMD4xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
|
||||
DAV3MS5maTEfMB0GA1UEAwwWc2VydmVyLXBvbGljaWVzMi53MS5maTCCAaIwDQYJ
|
||||
KoZIhvcNAQEBBQADggGPADCCAYoCggGBAOZQ0SgFJ2zUQtNCx8xTqWvCo6sgbxc0
|
||||
neQdMdDEaGVC1ei9qrjk6fbuLnXNaoz2jqqvbHzrNVBVscKz+KfQHqMzJmhAIBN0
|
||||
CIfvtjrxfz71f5NEdDeLw4mnul9COUoiIEBmxm93z1Q/BWHeq3H6n3htl0roYKAR
|
||||
qmy6nURlGOjgj9Hf2pWrQSxjZfZCQuYfQqQcdCBJ9NSSDuO+O1X9OGh0OuTfmiuV
|
||||
v+nROIsWJCA127jQFTAuL2okueHp57a1veYPWd3flZyrA7TFQoFIYcw8BheFY24o
|
||||
y9eI0c5Ax/9hUay7uiPJQqd9Jw0eU5DPIj9X9f8aBQycehv74kdfRcvuiKWgVHGD
|
||||
99PTxbyyfoWnsRrPkcuLObp8LJ2yxXnD4IBzBjBPXYFS4r9DVYVdZMSXrOktfjC1
|
||||
4VJQUwysJI57oleN/7EFuiMzpgijtDhC9lzZvF11lYL/TZrbVi8bONJRBSyQYvGO
|
||||
TO7qG66qU3SFusbDwkswveAuyKx+JcwyXwIDAQABo4HXMIHUMAkGA1UdEwQCMAAw
|
||||
HQYDVR0OBBYEFE4Bi37Cd5ThaLPEKTUkBQvehEqJMB8GA1UdIwQYMBaAFLiS3v2K
|
||||
GLMww59V8zNdtMgpikEUMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0
|
||||
cDovL3NlcnZlci53MS5maTo4ODg4LzAhBgNVHREEGjAYghZzZXJ2ZXItcG9saWNp
|
||||
ZXMyLncxLmZpMBgGA1UdIAQRMA8wDQYLKwYBBAGCvmgBAwIwEwYDVR0lBAwwCgYI
|
||||
KwYBBQUHAwEwDQYJKoZIhvcNAQELBQADgYEAiQ03bt2smXDDISCtAG5iGanS6wyv
|
||||
53Y63J59C88Oc0hIQUxTGYUUJTYytFIUqz0K684NCmblpYG1CZCWyQlJvbR68xU6
|
||||
LlMsimKDIHJOcdGJ/0FyOaCjmAeRoXLv7ykgZs59OG+8rfFPUSaHQgWVZc4nRGSG
|
||||
pe2Lhet/MMoHcuM=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -43,3 +43,4 @@ V 191003221355Z D8D3E3A6CBE3CD19 unknown /C=FI/O=w1.fi/CN=server5.w1.fi
|
|||
V 191003221355Z D8D3E3A6CBE3CD1A unknown /C=FI/O=w1.fi/CN=server6.w1.fi
|
||||
V 191003221355Z D8D3E3A6CBE3CD1B unknown /C=FI/O=w1.fi/CN=Test User
|
||||
V 200610001234Z D8D3E3A6CBE3CD1D unknown /C=FI/O=w1.fi/CN=server-policies.w1.fi
|
||||
V 200815125824Z D8D3E3A6CBE3CD1E unknown /C=FI/O=w1.fi/CN=server-policies2.w1.fi
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
D8D3E3A6CBE3CD1E
|
||||
D8D3E3A6CBE3CD1F
|
||||
|
|
|
|||
|
|
@ -40,6 +40,14 @@ cat openssl2.cnf |
|
|||
#$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout server-certpol.key -out server-certpol.csr -outform PEM -sha256
|
||||
$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-certpol.csr -out server-certpol.pem -extensions ext_server
|
||||
|
||||
cat openssl2.cnf |
|
||||
sed "s/#@CN@/commonName_default = server-policies2.w1.fi/" |
|
||||
sed "s/#@ALTNAME@/subjectAltName=DNS:server-policies2.w1.fi/" |
|
||||
sed "s/#@CERTPOL@/certificatePolicies = 1.3.6.1.4.1.40808.1.3.2/" \
|
||||
> openssl.cnf.tmp
|
||||
#$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout server-certpol2.key -out server-certpol2.csr -outform PEM -sha256
|
||||
$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-certpol2.csr -out server-certpol2.pem -extensions ext_server
|
||||
|
||||
echo
|
||||
echo "---[ Update user certificates ]-----------------------------------------"
|
||||
echo
|
||||
|
|
|
|||
Loading…
Reference in a new issue