diff options
Diffstat (limited to 'Src/external_dependencies/cpr/test/data')
11 files changed, 209 insertions, 0 deletions
diff --git a/Src/external_dependencies/cpr/test/data/certificates/client.crt b/Src/external_dependencies/cpr/test/data/certificates/client.crt new file mode 100644 index 00000000..0583f543 --- /dev/null +++ b/Src/external_dependencies/cpr/test/data/certificates/client.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBejCCASygAwIBAgIQKMJShx7GKmJqmABrC/KIkDAFBgMrZXAwMTELMAkGA1UE +BhMCR0IxEDAOBgNVBAoMB0V4YW1wbGUxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjIw +NjI5MTEzMzA3WhcNMjcwNjI4MTEzMzA3WjAWMRQwEgYDVQQDDAt0ZXN0LWNsaWVu +dDAqMAUGAytlcAMhAOGArRN1SIicY6uB/2CRB668fBEDTQb1oLcCoTsYQetho3Uw +czAfBgNVHSMEGDAWgBTk8vOFDreFdYR240PRtp0UuOKktzAMBgNVHRMBAf8EAjAA +MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQU +a5RqAAt7DpJN8iHcLvTjH2TIKtowBQYDK2VwA0EApzcNlIuTMToyqyWZ0FhxikP/ +c2TS6u5qkP+YHgcJJkvJ0rRTXs164k4LpvlMG0gNxle4zfoAJQ8mAAMZcQKyAg== +-----END CERTIFICATE----- diff --git a/Src/external_dependencies/cpr/test/data/certificates/root-ca.crt b/Src/external_dependencies/cpr/test/data/certificates/root-ca.crt new file mode 100644 index 00000000..32d7ba97 --- /dev/null +++ b/Src/external_dependencies/cpr/test/data/certificates/root-ca.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBrjCCAWCgAwIBAgIQKMJShx7GKmJqmABrC/KIjjAFBgMrZXAwMTELMAkGA1UE +BhMCR0IxEDAOBgNVBAoMB0V4YW1wbGUxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjIw +NjI5MTEzMzA3WhcNMzIwNjI2MTEzMzA3WjAxMQswCQYDVQQGEwJHQjEQMA4GA1UE +CgwHRXhhbXBsZTEQMA4GA1UEAwwHUm9vdCBDQTAqMAUGAytlcAMhAJqzaumMKuMm +htBGbS+UCrCmXbGb+lRcuO71mPRey7HXo4GNMIGKMA8GA1UdEwEB/wQFMAMBAf8w +DgYDVR0PAQH/BAQDAgIEMB0GA1UdDgQWBBTk8vOFDreFdYR240PRtp0UuOKktzBI +BgNVHR4EQTA/oD0wC4IJbG9jYWxob3N0MAqHCH8AAAH/AAAAMCKHIAAAAAAAAAAA +AAAAAAAAAAH/////////////////////MAUGAytlcANBAESQBu1/oyaeYouu3q+h +VbIDkQiyZT4sPRYautZZ+xrN4MkNWDtwLeVJ+a9N0YU9vDpOviJpvXN4H/EEBwBF +3AA= +-----END CERTIFICATE----- diff --git a/Src/external_dependencies/cpr/test/data/certificates/server.crt b/Src/external_dependencies/cpr/test/data/certificates/server.crt new file mode 100644 index 00000000..da572028 --- /dev/null +++ b/Src/external_dependencies/cpr/test/data/certificates/server.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBdTCCASegAwIBAgIQKMJShx7GKmJqmABrC/KIjzAFBgMrZXAwMTELMAkGA1UE +BhMCR0IxEDAOBgNVBAoMB0V4YW1wbGUxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjIw +NjI5MTEzMzA3WhcNMjcwNjI4MTEzMzA3WjAWMRQwEgYDVQQDDAt0ZXN0LXNlcnZl +cjAqMAUGAytlcAMhAI64JU5RjfdEG1KQMxS5DQWkiGlKIQO7ye4mNFq9QleTo3Aw +bjAsBgNVHREEJTAjgglsb2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEw +HQYDVR0OBBYEFDnBgTgB3FU45S9OetBMhHu3J9OvMB8GA1UdIwQYMBaAFOTy84UO +t4V1hHbjQ9G2nRS44qS3MAUGAytlcANBAC4NoQ31kHfp64R9gGNjTYrr2SNXHyEq +7YG0qFi5ABvLXJAbM2v27EIgY1TWYO43FBsclQsz6mcp1MzZfjT9RwQ= +-----END CERTIFICATE----- diff --git a/Src/external_dependencies/cpr/test/data/client.cnf b/Src/external_dependencies/cpr/test/data/client.cnf new file mode 100644 index 00000000..d387d39d --- /dev/null +++ b/Src/external_dependencies/cpr/test/data/client.cnf @@ -0,0 +1,8 @@ +# Based on https://www.feistyduck.com/library/openssl-cookbook/online/openssl-command-line/private-ca-create-subordinate.html +[req] +prompt = no +distinguished_name = dn + +[dn] +CN = test-client + diff --git a/Src/external_dependencies/cpr/test/data/generate-certificates.sh b/Src/external_dependencies/cpr/test/data/generate-certificates.sh new file mode 100644 index 00000000..f20d7729 --- /dev/null +++ b/Src/external_dependencies/cpr/test/data/generate-certificates.sh @@ -0,0 +1,76 @@ +#!/bin/sh + +# Generate a CA with a self-signed root certificate that then signs the server certificate +# Based on the OpenSSL Cookbook by Ivan Ristic: +# https://www.feistyduck.com/library/openssl-cookbook/online/ +# +# Especially, see chapter 1.5. Creating a private Certification Authority: +# https://www.feistyduck.com/library/openssl-cookbook/online/openssl-command-line/private-ca.html + +export KEY_PATH=keys +export CRT_PATH=certificates +export CA_PATH=ca + +# Create environment. +# $CA_PATH is deleted in the end. +# If new certificates need to be issued, this needs to be done before the cleanup in the end. +mkdir -p $KEY_PATH $CRT_PATH $CA_PATH/db $CA_PATH/private $CA_PATH/certificates +touch $CA_PATH/db/index +openssl rand -hex 16 > $CA_PATH/db/serial + + +# Generate all private keys +openssl genpkey -algorithm ed25519 -out $KEY_PATH/root-ca.key +openssl genpkey -algorithm ed25519 -out $KEY_PATH/server.key +openssl genpkey -algorithm ed25519 -out $KEY_PATH/client.key + +# For the server, we also need the public key +openssl pkey -in $KEY_PATH/server.key -pubout -out $KEY_PATH/server.pub + + +# Generate a Certificate Signing Request for the Root CA based on a config file +openssl req -new \ + -config root-ca.cnf -out root-ca.csr \ + -key $KEY_PATH/root-ca.key + +# Self-sign the root certificate +openssl ca -batch \ + -selfsign -config root-ca.cnf \ + -extensions ca_ext \ + -in root-ca.csr -out $CRT_PATH/root-ca.crt -notext + + +# Create a Certificate Signing request for the server certificate +openssl req -new \ + -config server.cnf -out server.csr \ + -key $KEY_PATH/server.key +openssl req -text -in server.csr -noout + +# Issue the server certificate +openssl ca -batch \ + -config root-ca.cnf \ + -extensions server_ext \ + -extfile server.cnf -extensions ext \ + -in server.csr -out $CRT_PATH/server.crt -notext \ + -days 1825 + + +# Create a Certificate Signing request for the client certificate +openssl req -new \ + -config client.cnf -out client.csr \ + -key $KEY_PATH/client.key + +# Issue the client certificate +openssl ca -batch \ + -config root-ca.cnf \ + -extensions client_ext \ + -in client.csr -out $CRT_PATH/client.crt -notext \ + -days 1825 + + + +# Clean up +# IMPORTANT: If new certificates should be issued, $CA_PATH and its files MUST NOT be deleted! +# New certificates can be created in this script before cleaning up. +rm -rf *.csr $CA_PATH + diff --git a/Src/external_dependencies/cpr/test/data/keys/client.key b/Src/external_dependencies/cpr/test/data/keys/client.key new file mode 100644 index 00000000..120f9e05 --- /dev/null +++ b/Src/external_dependencies/cpr/test/data/keys/client.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIPTCPxm8reXOE2aIrafTcibvg4f6Rg1/F2LVk12EILzJ +-----END PRIVATE KEY----- diff --git a/Src/external_dependencies/cpr/test/data/keys/root-ca.key b/Src/external_dependencies/cpr/test/data/keys/root-ca.key new file mode 100644 index 00000000..a574c0be --- /dev/null +++ b/Src/external_dependencies/cpr/test/data/keys/root-ca.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIHbCvDGMRz5Ky+7gJvQYZ5t+5sZyHI+UcAKWvS20CoLU +-----END PRIVATE KEY----- diff --git a/Src/external_dependencies/cpr/test/data/keys/server.key b/Src/external_dependencies/cpr/test/data/keys/server.key new file mode 100644 index 00000000..bfdefcb1 --- /dev/null +++ b/Src/external_dependencies/cpr/test/data/keys/server.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIGVXwKYyi/u52mmDVC56TSorC/GGNqgyiW4+jsDno81i +-----END PRIVATE KEY----- diff --git a/Src/external_dependencies/cpr/test/data/keys/server.pub b/Src/external_dependencies/cpr/test/data/keys/server.pub new file mode 100644 index 00000000..715576ad --- /dev/null +++ b/Src/external_dependencies/cpr/test/data/keys/server.pub @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAjrglTlGN90QbUpAzFLkNBaSIaUohA7vJ7iY0Wr1CV5M= +-----END PUBLIC KEY----- diff --git a/Src/external_dependencies/cpr/test/data/root-ca.cnf b/Src/external_dependencies/cpr/test/data/root-ca.cnf new file mode 100644 index 00000000..9a1fd65d --- /dev/null +++ b/Src/external_dependencies/cpr/test/data/root-ca.cnf @@ -0,0 +1,69 @@ +# Based on: https://www.feistyduck.com/library/openssl-cookbook/online/openssl-command-line/private-ca-creating-root.html +[default] +name = root-ca +default_ca = ca_default +name_opt = utf8,esc_ctrl,multiline,lname,align + +[ca_dn] +countryName = "GB" +organizationName = "Example" +commonName = "Root CA" + +[ca_default] +home = ./${ENV::CA_PATH} +database = $home/db/index +serial = $home/db/serial +certificate = ./${ENV::CRT_PATH}/$name.crt +private_key = ./${ENV::KEY_PATH}/$name.key +RANDFILE = $home/private/random +new_certs_dir = $home/certificates +unique_subject = no +copy_extensions = none +default_days = 3650 +default_md = sha256 +policy = policy_cn_supplied + +[policy_cn_supplied] +countryName = optional +stateOrProvinceName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[req] +default_bits = 4096 +encrypt_key = yes +default_md = sha256 +utf8 = yes +string_mask = utf8only +prompt = no +distinguished_name = ca_dn +req_extensions = ca_ext + +[ca_ext] +basicConstraints = critical,CA:true +keyUsage = critical,keyCertSign +subjectKeyIdentifier = hash +nameConstraints = @name_constraints + + +[server_ext] +authorityKeyIdentifier = keyid:always +basicConstraints = critical,CA:false +extendedKeyUsage = clientAuth,serverAuth +keyUsage = critical,digitalSignature,keyEncipherment +subjectKeyIdentifier = hash + +[client_ext] +authorityKeyIdentifier = keyid:always +basicConstraints = critical,CA:false +extendedKeyUsage = clientAuth +keyUsage = critical,digitalSignature +subjectKeyIdentifier = hash + +[name_constraints] +permitted;DNS.0=localhost +permitted;IP.0=127.0.0.1/255.0.0.0 +permitted;IP.1=::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff + diff --git a/Src/external_dependencies/cpr/test/data/server.cnf b/Src/external_dependencies/cpr/test/data/server.cnf new file mode 100644 index 00000000..a67fe34a --- /dev/null +++ b/Src/external_dependencies/cpr/test/data/server.cnf @@ -0,0 +1,12 @@ +# Based on https://www.feistyduck.com/library/openssl-cookbook/online/openssl-command-line/private-ca-create-subordinate.html +[req] +prompt = no +distinguished_name = dn +req_extensions = ext + +[dn] +CN = test-server + +[ext] +subjectAltName = DNS:localhost,IP:127.0.0.1,IP:::1 + |