From 6e5bef14e9936225d8651d5025adf37388b5ad19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C5=82gorzata=20Olsz=C3=B3wka?= Date: Wed, 22 May 2024 18:59:53 +0200 Subject: [PATCH] Rewrite making test certificates (#393) Also updates obsolete curl dependencies with zlib. --- .github/workflows/ci.yml | 39 +- CMakeLists.txt | 4 +- Dockerfile | 4 +- INSTALL.W32.md | 50 +- NEWS.md | 1 + cmake/CMakeTest.cmake | 1188 +++++++++------------ osslsigncode.c | 2 +- tests/.gitignore | 2 + tests/certs/CACert.pem | 22 - tests/certs/CACertCRL.der | Bin 567 -> 0 bytes tests/certs/CACertCRL.pem | 13 - tests/certs/CACertCRL_crldp.pem | 14 - tests/certs/CAcross.pem | 22 - tests/certs/CAroot.pem | 22 - tests/certs/TSA.key | 28 - tests/certs/TSA.pem | 25 - tests/certs/TSACA.pem | 22 - tests/certs/TSACertCRL.der | Bin 599 -> 0 bytes tests/certs/TSACertCRL.pem | 15 - tests/certs/TSA_revoked.key | 28 - tests/certs/TSA_revoked.pem | 25 - tests/certs/cert.der | Bin 1010 -> 0 bytes tests/certs/cert.p12 | Bin 3747 -> 0 bytes tests/certs/cert.pem | 46 - tests/certs/cert.spc | Bin 2001 -> 0 bytes tests/certs/cert_crldp.pem | 47 - tests/certs/expired.pem | 45 - tests/certs/intermediateCA.pem | 22 - tests/certs/intermediateCA_crldp.pem | 22 - tests/certs/key.der | Bin 1218 -> 0 bytes tests/certs/key.pem | 28 - tests/certs/key.pvk | Bin 1196 -> 0 bytes tests/certs/keyp.pem | 30 - tests/certs/legacy.p12 | Bin 3715 -> 0 bytes tests/certs/password.txt | 1 - tests/certs/revoked.pem | 45 - tests/certs/revoked_crldp.pem | 46 - tests/certs/tsa-chain.pem | 47 - tests/certs/tsa-serial | 1 - tests/check_cryptography.py | 40 + tests/client_http.py | 11 +- tests/conf/makecerts.sh | 448 -------- tests/conf/openssl_intermediate.cnf | 73 -- tests/conf/openssl_intermediate_crldp.cnf | 79 -- tests/conf/openssl_root.cnf | 65 -- tests/conf/openssl_tsa.cnf | 1 + tests/conf/openssl_tsa_root.cnf | 83 -- tests/exec.py | 43 + tests/make_certificates.py | 532 +++++++++ tests/server_http.py | 40 +- tests/server_http.pyw | 38 +- tests/start_server.py | 108 ++ vcpkg.json | 6 +- 53 files changed, 1366 insertions(+), 2107 deletions(-) create mode 100644 tests/.gitignore delete mode 100644 tests/certs/CACert.pem delete mode 100644 tests/certs/CACertCRL.der delete mode 100644 tests/certs/CACertCRL.pem delete mode 100644 tests/certs/CACertCRL_crldp.pem delete mode 100644 tests/certs/CAcross.pem delete mode 100644 tests/certs/CAroot.pem delete mode 100644 tests/certs/TSA.key delete mode 100644 tests/certs/TSA.pem delete mode 100644 tests/certs/TSACA.pem delete mode 100644 tests/certs/TSACertCRL.der delete mode 100644 tests/certs/TSACertCRL.pem delete mode 100644 tests/certs/TSA_revoked.key delete mode 100644 tests/certs/TSA_revoked.pem delete mode 100644 tests/certs/cert.der delete mode 100644 tests/certs/cert.p12 delete mode 100644 tests/certs/cert.pem delete mode 100644 tests/certs/cert.spc delete mode 100644 tests/certs/cert_crldp.pem delete mode 100644 tests/certs/expired.pem delete mode 100644 tests/certs/intermediateCA.pem delete mode 100644 tests/certs/intermediateCA_crldp.pem delete mode 100644 tests/certs/key.der delete mode 100644 tests/certs/key.pem delete mode 100644 tests/certs/key.pvk delete mode 100644 tests/certs/keyp.pem delete mode 100644 tests/certs/legacy.p12 delete mode 100644 tests/certs/password.txt delete mode 100644 tests/certs/revoked.pem delete mode 100644 tests/certs/revoked_crldp.pem delete mode 100644 tests/certs/tsa-chain.pem delete mode 100644 tests/certs/tsa-serial create mode 100644 tests/check_cryptography.py delete mode 100755 tests/conf/makecerts.sh delete mode 100644 tests/conf/openssl_intermediate.cnf delete mode 100644 tests/conf/openssl_intermediate_crldp.cnf delete mode 100644 tests/conf/openssl_root.cnf delete mode 100644 tests/conf/openssl_tsa_root.cnf create mode 100644 tests/exec.py create mode 100644 tests/make_certificates.py create mode 100644 tests/start_server.py diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 290f2af..c0f21ab 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,6 +15,12 @@ jobs: fail-fast: false matrix: include: + - id: ubuntu-24.04 + triplet: x64-linux + compiler: gcc + os: ubuntu-24.04 + generator: Unix Makefiles + vcpkg_root: - id: ubuntu-22.04 triplet: x64-linux compiler: gcc @@ -105,7 +111,7 @@ jobs: if: runner.os == 'Linux' run: | sudo apt-get update - sudo apt-get install -y libssl-dev libcurl4-openssl-dev faketime + sudo apt-get install -y libssl-dev zlib1g-dev python3-cryptography - name: Install brew dependencies (macOS) if: runner.os == 'macOS' @@ -124,6 +130,20 @@ jobs: with: cmake-version: '3.17.0' + - name: Install python3 cryptography module (macOS) + if: runner.os == 'macOS' + run: | + python3.8 -m ensurepip + python3.8 -m pip install --upgrade pip + python3.8 -m pip install cryptography + + - name: Install python3 cryptography module (Windows) + if: runner.os == 'Windows' + run: | + C:/hostedtoolcache/windows/Python/3.12.3/x64/python3.exe -m ensurepip + C:/hostedtoolcache/windows/Python/3.12.3/x64/python.exe -m pip install --upgrade pip + C:/hostedtoolcache/windows/Python/3.12.3/x64/python.exe -m pip install cryptography + - name: Configure CMake run: cmake -G "${{matrix.generator}}" @@ -138,24 +158,13 @@ jobs: --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}} - - name: Start HTTP server (macOS) + - name: Show python version (macOS) working-directory: ${{github.workspace}}/build if: runner.os == 'macOS' run: | python3.8 --version - python3.8 ./Testing/server_http.py --port 19254 - while test ! -s ./Testing/logs/port.log; do sleep 1; done - - - name: Start HTTP server (Windows) - working-directory: ${{github.workspace}}\build - if: runner.os == 'Windows' - run: | - python.exe --version - $Args = '.\Testing\server_http.pyw --port 19254' - $File = '.\Testing\logs\port.log' - Start-Process -FilePath pythonw.exe -ArgumentList $Args - while(-not(Test-Path -Path $File -PathType Leaf) -or [String]::IsNullOrWhiteSpace((Get-Content $File))) {Start-Sleep -Seconds 1} - Get-Content '.\Testing\logs\server.log' + python3.8 -c "import sys; print(sys.executable)" + python3.8 -c "import cryptography; print(f'Python3 cryptography version {cryptography.__version__}')" - name: List files (Linux/macOS) if: runner.os != 'Windows' diff --git a/CMakeLists.txt b/CMakeLists.txt index a92d733..e7c0ee9 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,9 +3,9 @@ cmake_minimum_required(VERSION 3.17) # autodetect vcpkg CMAKE_TOOLCHAIN_FILE if VCPKG_ROOT is defined # this needs to be configured before the project() directive -if(DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE) +if((CMAKE_GENERATOR MATCHES "Ninja") AND DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE) set(CMAKE_TOOLCHAIN_FILE "$ENV{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" CACHE STRING "") -endif(DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE) +endif((CMAKE_GENERATOR MATCHES "Ninja") AND DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE) set(BUILTIN_SOCKET ON CACHE BOOL "") # for static Python # configure basic project information diff --git a/Dockerfile b/Dockerfile index 2b6592a..f05d5e7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:latest AS builder # Install build dependencies -RUN apk add --no-cache build-base cmake openssl-dev curl-dev +RUN apk add --no-cache build-base cmake openssl-dev zlib-dev # Copy osslsigncode source code into the image COPY . /source @@ -23,7 +23,7 @@ FROM alpine:latest COPY --from=builder /usr/local/bin/osslsigncode /usr/local/bin/osslsigncode # Install necessary runtime libraries (latest version) -RUN apk add --no-cache libcrypto3 libcurl +RUN apk add --no-cache libcrypto3 # Set working directory WORKDIR /workdir diff --git a/INSTALL.W32.md b/INSTALL.W32.md index 303b4f2..0b2629a 100644 --- a/INSTALL.W32.md +++ b/INSTALL.W32.md @@ -3,32 +3,33 @@ ### Building osslsigncode source with MSYS2 MinGW 64-bit and MSYS2 packages: 1) Download and install MSYS2 from https://msys2.github.io/ and follow installation instructions. - Once up and running install mingw-w64-x86_64-gcc and mingw-w64-x86_64-openssl packages. + Once up and running install the following packages: ``` - pacman -S mingw-w64-x86_64-gcc mingw-w64-x86_64-openssl + pacman -S make mingw-w64-x86_64-gcc mingw-w64-x86_64-cmake mingw-w64-x86_64-openssl mingw-w64-x86_64-python-cryptography ``` mingw-w64-x86_64-zlib package is installed with dependencies. 2) Run "MSYS2 MinGW 64-bit" and build 64-bit Windows executables. ``` cd osslsigncode-folder - x86_64-w64-mingw32-gcc *.c -o osslsigncode.exe \ - -lcrypto -lssl -lws2_32 -lz \ - -D 'PACKAGE_STRING="osslsigncode x.y"' \ - -D 'PACKAGE_BUGREPORT="Your.Email@example.com"' + mkdir build && cd build && cmake -S .. -DCMAKE_BUILD_TYPE=Release -G "MSYS Makefiles" + cmake --build . --verbose ``` -3) Run "Command prompt" and include "c:\msys64\mingw64\bin" folder as part of the path. +3) Make tests. +``` + ctest +``` + +4) Run "Command prompt" and include "c:\msys64\mingw64\bin" folder as part of the path. ``` path=%path%;c:\msys64\mingw64\bin - cd osslsigncode-folder osslsigncode.exe -v osslsigncode 2.8, using: OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 Nov 2023) - Default -CAfile location: /etc/ssl/certs/ca-certificates.crt + No default -CAfile location detected ``` - ### Building OpenSSL and osslsigncode sources with MSYS2 MinGW 64-bit: 1) Download and install MSYS2 from https://msys2.github.io/ and follow installation instructions. @@ -43,27 +44,28 @@ cd openssl-(version) ./config --prefix='C:/OpenSSL' --openssldir='C:/OpenSSL' make && make install - -3) Build 64-bit Windows executables. ``` - cd osslsigncode-folder - x86_64-w64-mingw32-gcc *.c -o osslsigncode.exe \ - -L "C:/OpenSSL/lib/" -lcrypto -lssl -lws2_32 -lz \ - -I "C:/OpenSSL/include/" \ - -D 'PACKAGE_STRING="osslsigncode x.y"' \ - -D 'PACKAGE_BUGREPORT="Your.Email@example.com"' + +3) Configure a CMake project. +``` + mkdir build && cd build && cmake -S .. -DCMAKE_BUILD_TYPE=Release -G "MSYS Makefiles" -DCMAKE_PREFIX_PATH="C:\OpenSSL" ``` 4) Run "Command prompt" and copy required libraries. ``` cd osslsigncode-folder - copy C:\OpenSSL\bin\libssl-1_1-x64.dll - copy C:\OpenSSL\bin\libcrypto-1_1-x64.dll + copy C:\OpenSSL\bin\libssl-3-x64.dll + copy C:\OpenSSL\bin\libcrypto-3-x64.dll +``` - osslsigncode.exe -v - osslsigncode 2.8, using: - OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 Nov 2023) - Default -CAfile location: /etc/ssl/certs/ca-certificates.crt +5) Build 64-bit Windows executables. +``` + cmake --build . --verbose +``` + +6) Make tests. +``` + ctest ``` ### Building OpenSSL and osslsigncode sources with Microsoft Visual Studio: diff --git a/NEWS.md b/NEWS.md index 1a95951..2580a4f 100644 --- a/NEWS.md +++ b/NEWS.md @@ -4,6 +4,7 @@ - added a 64 bit long pseudo-random NONCE in the TSA request - used native HTTP client with OpenSSL 3.0 or later, removed libcurl dependency +- improved testing ### 2.8 (2024.03.03) diff --git a/cmake/CMakeTest.cmake b/cmake/CMakeTest.cmake index 4cdba1a..d0382dc 100644 --- a/cmake/CMakeTest.cmake +++ b/cmake/CMakeTest.cmake @@ -3,177 +3,143 @@ ########## Configure ########## -option(STOP_SERVER "Stop HTTP server after tests" ON) - -# Remove http proxy configuration that may change behavior -unset(ENV{HTTP_PROXY}) -unset(ENV{http_proxy}) - include(FindPython3) -set(TEST_DIR "${PROJECT_BINARY_DIR}/Testing") -file(COPY - "${CMAKE_CURRENT_SOURCE_DIR}/tests/files" - "${CMAKE_CURRENT_SOURCE_DIR}/tests/conf" - "${CMAKE_CURRENT_SOURCE_DIR}/tests/client_http.py" - DESTINATION "${TEST_DIR}/") +if(Python3_FOUND) + execute_process( + COMMAND ${Python3_EXECUTABLE} "check_cryptography.py" + WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/tests" + OUTPUT_VARIABLE cryptography_output + RESULT_VARIABLE cryptography_error) -file(MAKE_DIRECTORY "${TEST_DIR}/logs") + if(NOT cryptography_error) + message(STATUS "Using python3-cryptography version ${cryptography_output}") + option(STOP_SERVER "Stop HTTP server after tests" ON) -set(FILES "${TEST_DIR}/files") -set(CERTS "${TEST_DIR}/certs") -set(CONF "${TEST_DIR}/conf") -set(LOGS "${TEST_DIR}/logs") -set(CLIENT_HTTP "${TEST_DIR}/client_http.py") + # Remove http proxy configuration that may change behavior + unset(ENV{HTTP_PROXY}) + unset(ENV{http_proxy}) -if(UNIX) - file(COPY - "${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.py" - DESTINATION "${TEST_DIR}/") - set(SERVER_HTTP "${TEST_DIR}/server_http.py") -else(UNIX) - file(COPY - "${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.pyw" - DESTINATION "${TEST_DIR}/") - set(SERVER_HTTP "${TEST_DIR}/server_http.pyw") -endif(UNIX) + set(TEST_DIR "${PROJECT_BINARY_DIR}/Testing") + if(CMAKE_GENERATOR STREQUAL "Ninja Multi-Config") + set(OSSLSIGNCODE "${PROJECT_BINARY_DIR}/${CMAKE_BUILD_TYPE}/osslsigncode") + else(CMAKE_GENERATOR STREQUAL "Ninja Multi-Config") + set(OSSLSIGNCODE "${PROJECT_BINARY_DIR}/osslsigncode") + endif(CMAKE_GENERATOR STREQUAL "Ninja Multi-Config") + set(EXEC "${TEST_DIR}/exec.py") + set(FILES "${TEST_DIR}/files") + set(CERTS "${TEST_DIR}/certs") + set(CONF "${TEST_DIR}/conf") + set(LOGS "${TEST_DIR}/logs") -file(COPY - "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs/ca-bundle.crt" - DESTINATION "${CONF}") + file(MAKE_DIRECTORY "${LOGS}") -if(WIN32 OR APPLE) - if(WIN32) - message(STATUS "Use pythonw to start HTTP server: \"pythonw.exe Testing\\server_http.pyw\"") - else(WIN32) - message(STATUS "Use python3 to start HTTP server: \"python3 Testing/server_http.py --port 19254\"") - endif(WIN32) - set(default_certs 1) -else(WIN32 OR APPLE) - if(Python3_FOUND) - if(EXISTS ${LOGS}/port.log) + file(COPY + "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs/ca-bundle.crt" + DESTINATION "${CONF}") + + file(COPY + "${CMAKE_CURRENT_SOURCE_DIR}/tests/files" + "${CMAKE_CURRENT_SOURCE_DIR}/tests/conf" + "${CMAKE_CURRENT_SOURCE_DIR}/tests/client_http.py" + "${CMAKE_CURRENT_SOURCE_DIR}/tests/make_certificates.py" + "${CMAKE_CURRENT_SOURCE_DIR}/tests/start_server.py" + "${CMAKE_CURRENT_SOURCE_DIR}/tests/exec.py" + DESTINATION "${TEST_DIR}/") + + if(UNIX) + file(COPY + "${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.py" + DESTINATION "${TEST_DIR}/") + set(SERVER_HTTP "${TEST_DIR}/server_http.py") + set(Python3w_EXECUTABLE ${Python3_EXECUTABLE}) + else(UNIX) + file(COPY + "${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.pyw" + DESTINATION "${TEST_DIR}/") + set(SERVER_HTTP "${TEST_DIR}/server_http.pyw") + get_filename_component(PYTHON_DIRECTORY ${Python3_EXECUTABLE} DIRECTORY) + set(Python3w_EXECUTABLE "${PYTHON_DIRECTORY}/pythonw.exe") + endif(UNIX) + + if(EXISTS "${LOGS}/url.log") # Stop HTTP server if running message(STATUS "Try to kill HTTP server") execute_process( - COMMAND ${Python3_EXECUTABLE} "${CLIENT_HTTP}" - WORKING_DIRECTORY ${PROJECT_BINARY_DIR} + COMMAND ${Python3_EXECUTABLE} "${TEST_DIR}/client_http.py" OUTPUT_VARIABLE client_output RESULT_VARIABLE client_result) if(NOT client_result) # Successfully closed message(STATUS "${client_output}") endif(NOT client_result) - endif(EXISTS ${LOGS}/port.log) + endif(EXISTS "${LOGS}/url.log") - # Start Time Stamping Authority and CRL distribution point HTTP server - execute_process( - COMMAND ${Python3_EXECUTABLE} "${SERVER_HTTP}" - WORKING_DIRECTORY ${PROJECT_BINARY_DIR} - OUTPUT_FILE ${LOGS}/server.log - ERROR_FILE ${LOGS}/server.log - RESULT_VARIABLE server_error) - if(server_error) - message(STATUS "HTTP server failed: ${server_error}") - message(STATUS "Use python3 to start HTTP server: \"python3 Testing/server_http.py --port 19254\"") - set(default_certs 1) - else(server_error) - # Check if file exists and is no-empty - while(NOT EXISTS ${LOGS}/port.log) - execute_process(COMMAND sleep 1) - endwhile(NOT EXISTS ${LOGS}/port.log) - file(READ ${LOGS}/port.log PORT) - while(NOT PORT) - execute_process(COMMAND sleep 1) - file(READ ${LOGS}/port.log PORT) - endwhile(NOT PORT) - file(STRINGS ${LOGS}/server.log server_log) - message(STATUS "${server_log}") + set(extensions_all "exe" "ex_" "msi" "256appx" "512appx" "cat" "ps1" "psc1" "mof") + set(extensions_nocat "exe" "ex_" "msi" "256appx" "512appx" "ps1" "psc1" "mof") + set(extensions_nocatappx "exe" "ex_" "msi" "ps1" "psc1" "mof") + set(formats "pem" "der") - # Generate new cTest certificates - if(NOT SED_EXECUTABLE) - find_program(SED_EXECUTABLE sed) - mark_as_advanced(SED_EXECUTABLE) - endif(NOT SED_EXECUTABLE) - execute_process( - COMMAND ${SED_EXECUTABLE} - -i.bak s/:19254/:${PORT}/ "${CONF}/openssl_intermediate_crldp.cnf" - COMMAND ${SED_EXECUTABLE} - -i.bak s/:19254/:${PORT}/ "${CONF}/openssl_tsa_root.cnf") - execute_process( - COMMAND "${CONF}/makecerts.sh" - WORKING_DIRECTORY ${CONF} - OUTPUT_VARIABLE makecerts_output - RESULT_VARIABLE default_certs) - message(STATUS "${makecerts_output}") - endif(server_error) - endif(Python3_FOUND) + else(NOT cryptography_error) + message(STATUS "CTest skips tests: ${cryptography_output}") + endif(NOT cryptography_error) -endif(WIN32 OR APPLE) - -# Copy the set of default certificates -if(default_certs) - message(STATUS "Default certificates used by cTest") - set(PORT 19254) - file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs" - DESTINATION "${TEST_DIR}") -endif(default_certs) - -# Compute a SHA256 hash of the leaf certificate (in DER form) -execute_process( - COMMAND ${CMAKE_COMMAND} -E sha256sum "${CERTS}/cert.der" - OUTPUT_VARIABLE sha256sum) -string(SUBSTRING ${sha256sum} 0 64 leafhash) +else(Python3_FOUND) + message(STATUS "CTest skips tests: Python3 not found") +endif(Python3_FOUND) ########## Testing ########## enable_testing() -set(extensions_all "exe" "ex_" "msi" "256appx" "512appx" "cat" "ps1" "psc1" "mof") -set(extensions_nocat "exe" "ex_" "msi" "256appx" "512appx" "ps1" "psc1" "mof") -set(extensions_nocatappx "exe" "ex_" "msi" "ps1" "psc1" "mof") -set(formats "pem" "der") +### osslsigncode version ### +if(Python3_FOUND AND NOT cryptography_error) -# Test 1 -# Print osslsigncode version -add_test(NAME version - COMMAND osslsigncode --version) +### Start ### + add_test(NAME "version" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} + "--version") + + add_test(NAME "start_server" + COMMAND ${Python3_EXECUTABLE} "${TEST_DIR}/start_server.py" + "--exe" ${Python3w_EXECUTABLE} + "--script" ${SERVER_HTTP}) + set_tests_properties("start_server" PROPERTIES + TIMEOUT 60) + set(ALL_TESTS "version" "start_server") ### Sign ### -# Tests 2-7 -# Sign with PKCS#12 container with legacy RC2-40-CBC private key and certificate encryption algorithm -foreach(ext ${extensions_all}) - add_test( - NAME legacy_${ext} - COMMAND osslsigncode "sign" - "-pkcs12" "${CERTS}/legacy.p12" - "-readpass" "${CERTS}/password.txt" - "-ac" "${CERTS}/CAcross.pem" - "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT - "-add-msi-dse" - "-comm" - "-ph" - "-jp" "low" - "-h" "sha512" "-i" "https://www.osslsigncode.com/" - "-n" "osslsigncode" - "-in" "${FILES}/unsigned.${ext}" - "-out" "${FILES}/legacy.${ext}") -endforeach(ext ${extensions_all}) - -# Tests 8-13 -# Sign with PKCS#12 container with legacy RC2-40-CBC private key and certificate encryption algorithm -# Disable legacy mode and don't automatically load the legacy provider -# Option "-nolegacy" requires OpenSSL 3.0.0 or later -# This tests are expected to fail -if(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.0.0) + # Sign with PKCS#12 container with private key and certificate encryption algorithm + # Signing time: May 1 00:00:00 2019 GMT (1556668800) foreach(ext ${extensions_all}) - add_test( - NAME nolegacy_${ext} - COMMAND osslsigncode "sign" - "-pkcs12" "${CERTS}/legacy.p12" + add_test(NAME "signed_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign" + "-pkcs12" "${CERTS}/cert.p12" + "-readpass" "${CERTS}/password.txt" + "-ac" "${CERTS}/CAcross.pem" + "-time" "1556668800" + "-add-msi-dse" + "-comm" + "-ph" + "-jp" "low" + "-h" "sha512" "-i" "https://www.osslsigncode.com/" + "-n" "osslsigncode" + "-in" "${FILES}/unsigned.${ext}" + "-out" "${FILES}/signed.${ext}") + set_tests_properties("signed_${ext}" PROPERTIES + DEPENDS "start_server") + list(APPEND ALL_TESTS "signed_${ext}") + endforeach(ext ${extensions_all}) + + # Sign with revoked certificate + foreach(ext ${extensions_all}) + add_test(NAME "revoked_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign" + "-certs" "${CERTS}/revoked.pem" + "-key" "${CERTS}/keyp.pem" "-readpass" "${CERTS}/password.txt" - "-nolegacy" # Disable legacy mode "-ac" "${CERTS}/CAcross.pem" "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT "-add-msi-dse" @@ -183,576 +149,470 @@ if(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.0.0) "-h" "sha512" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-in" "${FILES}/unsigned.${ext}" - "-out" "${FILES}/nolegacy.${ext}") - set_tests_properties( - nolegacy_${ext} - PROPERTIES - WILL_FAIL TRUE) + "-out" "${FILES}/revoked.${ext}") + set_tests_properties("revoked_${ext}" PROPERTIES + DEPENDS "start_server") + list(APPEND ALL_TESTS "revoked_${ext}") endforeach(ext ${extensions_all}) -endif(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.0.0) -# Tests 14-19 -# Sign with PKCS#12 container with AES-256-CBC private key and certificate encryption algorithm -foreach(ext ${extensions_all}) - add_test( - NAME signed_${ext} - COMMAND osslsigncode "sign" - "-pkcs12" "${CERTS}/cert.p12" - "-readpass" "${CERTS}/password.txt" - "-ac" "${CERTS}/CAcross.pem" - "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT - "-add-msi-dse" - "-comm" - "-ph" - "-jp" "low" - "-h" "sha512" "-i" "https://www.osslsigncode.com/" - "-n" "osslsigncode" - "-in" "${FILES}/unsigned.${ext}" - "-out" "${FILES}/signed.${ext}") -endforeach(ext ${extensions_all}) - -# Tests 20-25 -# Sign with revoked certificate -foreach(ext ${extensions_all}) - add_test( - NAME revoked_${ext} - COMMAND osslsigncode "sign" - "-certs" "${CERTS}/revoked.pem" - "-key" "${CERTS}/keyp.pem" - "-readpass" "${CERTS}/password.txt" - "-ac" "${CERTS}/CAcross.pem" - "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT - "-add-msi-dse" - "-comm" - "-ph" - "-jp" "low" - "-h" "sha512" "-i" "https://www.osslsigncode.com/" - "-n" "osslsigncode" - "-in" "${FILES}/unsigned.${ext}" - "-out" "${FILES}/revoked.${ext}") -endforeach(ext ${extensions_all}) - -# Tests 26-30 -# Remove signature -# Unsupported command for CAT files -foreach(ext ${extensions_nocat}) - add_test( - NAME removed_${ext} - COMMAND osslsigncode "remove-signature" - "-in" "${FILES}/signed.${ext}" - "-out" "${FILES}/removed.${ext}") - set_tests_properties( - removed_${ext} - PROPERTIES - DEPENDS "signed_${ext}" - REQUIRED_FILES "${FILES}/signed.${ext}") -endforeach(ext ${extensions_nocat}) - -# Tests 31-36 -# Extract PKCS#7 signature in PEM format -foreach(ext ${extensions_all}) - add_test( - NAME extract_pem_${ext} - COMMAND osslsigncode "extract-signature" - "-pem" # PEM format - "-in" "${FILES}/signed.${ext}" - "-out" "${FILES}/${ext}.pem") - set_tests_properties( - extract_pem_${ext} - PROPERTIES - DEPENDS "signed_${ext}" - REQUIRED_FILES "${FILES}/signed.${ext}") -endforeach(ext ${extensions_all}) - -# Tests 37-42 -# Extract PKCS#7 signature in default DER format -foreach(ext ${extensions_all}) - add_test( - NAME extract_der_${ext} - COMMAND osslsigncode "extract-signature" - "-in" "${FILES}/signed.${ext}" - "-out" "${FILES}/${ext}.der") - set_tests_properties( - extract_der_${ext} - PROPERTIES - DEPENDS "signed_${ext}" - REQUIRED_FILES "${FILES}/signed.${ext}") -endforeach(ext ${extensions_all}) - -# Tests 43-52 -# Attach a nested signature in PEM or DER format -# Unsupported command for CAT files -foreach(ext ${extensions_nocat}) - foreach(format ${formats}) - add_test( - NAME attached_${format}_${ext} - COMMAND osslsigncode "attach-signature" - # sign options - "-require-leaf-hash" "SHA256:${leafhash}" - "-add-msi-dse" - "-h" "sha512" - "-nest" - "-sigin" "${FILES}/${ext}.${format}" + # Remove signature + # Unsupported command for CAT files + foreach(ext ${extensions_nocat}) + add_test(NAME "removed_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "remove-signature" "-in" "${FILES}/signed.${ext}" - "-out" "${FILES}/attached_${format}.${ext}" - # verify options - "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT - "-CAfile" "${CERTS}/CACert.pem" - "-CRLfile" "${CERTS}/CACertCRL.pem") - set_tests_properties( - attached_${format}_${ext} - PROPERTIES - DEPENDS "signed_${ext}:extract_${format}_${ext}" - REQUIRED_FILES "${FILES}/signed.${ext}" - REQUIRED_FILES "${FILES}/${ext}.${format}") - endforeach(format ${formats}) -endforeach(ext ${extensions_nocat}) + "-out" "${FILES}/removed.${ext}") + set_tests_properties("removed_${ext}" PROPERTIES + DEPENDS "signed_${ext}") + list(APPEND ALL_TESTS "removed_${ext}") + endforeach(ext ${extensions_nocat}) -# Tests 53-58 -# Add an unauthenticated blob to a previously-signed file -foreach(ext ${extensions_all}) - add_test( - NAME added_${ext} - COMMAND osslsigncode "add" - "-addUnauthenticatedBlob" - "-add-msi-dse" "-h" "sha512" - "-in" "${FILES}/signed.${ext}" - "-out" "${FILES}/added.${ext}") - set_tests_properties( - added_${ext} - PROPERTIES - DEPENDS "signed_${ext}" - REQUIRED_FILES "${FILES}/signed.${ext}") -endforeach(ext ${extensions_all}) + # Extract PKCS#7 signature in PEM format + foreach(ext ${extensions_all}) + add_test(NAME "extract_pem_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "extract-signature" + "-pem" # PEM format + "-in" "${FILES}/signed.${ext}" + "-out" "${FILES}/${ext}.pem") + set_tests_properties("extract_pem_${ext}" PROPERTIES + DEPENDS "signed_${ext}") + list(APPEND ALL_TESTS "extract_pem_${ext}") + endforeach(ext ${extensions_all}) -# Tests 59-64 -# Add the new nested signature instead of replacing the first one -# APPX files do not support nesting (multiple signature) -foreach(ext ${extensions_all}) - add_test( - NAME nested_${ext} - COMMAND osslsigncode "sign" - "-nest" - "-certs" "${CERTS}/cert.pem" - "-key" "${CERTS}/key.der" - "-pass" "passme" - "-ac" "${CERTS}/CAcross.pem" - "-time" "1556755200" # Signing time: May 2 00:00:00 2019 GMT - "-add-msi-dse" - "-comm" - "-ph" - "-jp" "low" - "-h" "sha512" - "-i" "https://www.osslsigncode.com/" - "-n" "osslsigncode" - "-in" "${FILES}/signed.${ext}" - "-out" "${FILES}/nested.${ext}") - set_tests_properties( - nested_${ext} - PROPERTIES - DEPENDS "signed_${ext}" - REQUIRED_FILES "${FILES}/signed.${ext}") -endforeach(ext ${extensions_all}) + # Extract PKCS#7 signature in default DER format + foreach(ext ${extensions_all}) + add_test(NAME "extract_der_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "extract-signature" + "-in" "${FILES}/signed.${ext}" + "-out" "${FILES}/${ext}.der") + set_tests_properties("extract_der_${ext}" PROPERTIES + DEPENDS "signed_${ext}") + list(APPEND ALL_TESTS "extract_der_${ext}") + endforeach(ext ${extensions_all}) + + # Attach a nested signature in PEM or DER format + # Unsupported command for CAT files + foreach(ext ${extensions_nocat}) + foreach(format ${formats}) + add_test(NAME "attached_${format}_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "attach-signature" + # sign options + "-add-msi-dse" + "-h" "sha512" + "-nest" + "-sigin" "${FILES}/${ext}.${format}" + "-in" "${FILES}/signed.${ext}" + "-out" "${FILES}/attached_${format}.${ext}" + # verify options + "-require-leaf-hash" "FILE ${CERTS}/leafhash.txt" + "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT + "-CAfile" "${CERTS}/CACert.pem" + "-CRLfile" "${CERTS}/CACertCRL.pem") + set_tests_properties("attached_${format}_${ext}" PROPERTIES + DEPENDS "signed_${ext};extract_pem_${ext};extract_der_${ext}") + list(APPEND ALL_TESTS "attached_${format}_${ext}") + endforeach(format ${formats}) + endforeach(ext ${extensions_nocat}) + + # Add an unauthenticated blob to a previously-signed file + foreach(ext ${extensions_all}) + add_test(NAME "added_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "add" + "-addUnauthenticatedBlob" + "-add-msi-dse" "-h" "sha512" + "-in" "${FILES}/signed.${ext}" + "-out" "${FILES}/added.${ext}") + set_tests_properties("added_${ext}" PROPERTIES + DEPENDS "signed_${ext}") + list(APPEND ALL_TESTS "added_${ext}") + endforeach(ext ${extensions_all}) + + # Add the new nested signature instead of replacing the first one + # APPX files do not support nesting (multiple signature) + foreach(ext ${extensions_all}) + add_test(NAME "nested_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign" + "-nest" + "-certs" "${CERTS}/cert.pem" + "-key" "${CERTS}/key.der" + "-pass" "passme" + "-ac" "${CERTS}/CAcross.pem" + "-time" "1556755200" # Signing time: May 2 00:00:00 2019 GMT + "-add-msi-dse" + "-comm" + "-ph" + "-jp" "low" + "-h" "sha512" + "-i" "https://www.osslsigncode.com/" + "-n" "osslsigncode" + "-in" "${FILES}/signed.${ext}" + "-out" "${FILES}/nested.${ext}") + set_tests_properties("nested_${ext}" PROPERTIES + DEPENDS "signed_${ext}") + list(APPEND ALL_TESTS "nested_${ext}") + endforeach(ext ${extensions_all}) ### Verify signature ### -# Tests 65-67 -# Verify PE/MSI/CAB files signed in the catalog file -# CAT and APPX files do not support detached PKCS#7 signature -foreach(ext ${extensions_nocatappx}) - add_test( - NAME verify_catalog_${ext} - COMMAND osslsigncode "verify" - "-catalog" "${FILES}/signed.cat" # catalog file - "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT - "-require-leaf-hash" "SHA256:${leafhash}" - "-CAfile" "${CERTS}/CACert.pem" - "-CRLfile" "${CERTS}/CACertCRL.pem" - "-in" "${FILES}/unsigned.${ext}") - set_tests_properties( - verify_catalog_${ext} - PROPERTIES - DEPENDS "signed_${ext}" - REQUIRED_FILES "${FILES}/signed.cat" - REQUIRED_FILES "${FILES}/unsigned.${ext}") -endforeach(ext ${extensions_nocatappx}) - -# Tests 68-97 -# Verify signature -set(files "legacy" "signed" "nested" "added" "revoked") -foreach(file ${files}) - foreach(ext ${extensions_all}) - add_test( - NAME verify_${file}_${ext} - COMMAND osslsigncode "verify" + # Verify PE/MSI/CAB files signed in the catalog file + # CAT and APPX files do not support detached PKCS#7 signature + foreach(ext ${extensions_nocatappx}) + add_test(NAME "verify_catalog_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" + "-catalog" "${FILES}/signed.cat" # catalog file "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT + "-require-leaf-hash" "FILE ${CERTS}/leafhash.txt" "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem" - "-in" "${FILES}/${file}.${ext}") - set_tests_properties( - verify_${file}_${ext} - PROPERTIES - DEPENDS "${file}_${ext}" - REQUIRED_FILES "${FILES}/${file}.${ext}") - endforeach(ext ${extensions_all}) -endforeach(file ${files}) + "-in" "${FILES}/unsigned.${ext}") + set_tests_properties("verify_catalog_${ext}" PROPERTIES + DEPENDS "signed_${ext}") + list(APPEND ALL_TESTS "verify_catalog_${ext}") + endforeach(ext ${extensions_nocatappx}) -# "revoked" tests are expected to fail -set(files "revoked") -foreach(file ${files}) - foreach(ext ${extensions_all}) - set_tests_properties( - verify_${file}_${ext} - PROPERTIES - WILL_FAIL TRUE) - endforeach(ext ${extensions_all}) -endforeach(file ${files}) + # Verify signature + set(files "signed" "nested" "added" "revoked") + foreach(file ${files}) + foreach(ext ${extensions_all}) + add_test(NAME "verify_${file}_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" + "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT + "-CAfile" "${CERTS}/CACert.pem" + "-CRLfile" "${CERTS}/CACertCRL.pem" + "-in" "${FILES}/${file}.${ext}") + set_tests_properties("verify_${file}_${ext}" PROPERTIES + DEPENDS "${file}_${ext}") + list(APPEND ALL_TESTS "verify_${file}_${ext}") + endforeach(ext ${extensions_all}) + endforeach(file ${files}) -# Tests 98-102 -# Verify removed signature -# "removed" tests are expected to fail -# "remove-signature" command is unsupported for CAT files -set(files "removed") -foreach(file ${files}) + # "revoked" tests are expected to fail + set(files "revoked") + foreach(file ${files}) + foreach(ext ${extensions_all}) + set_tests_properties("verify_${file}_${ext}" PROPERTIES + WILL_FAIL TRUE) + endforeach(ext ${extensions_all}) + endforeach(file ${files}) + + # Verify removed signature + # "removed" tests are expected to fail + # "remove-signature" command is unsupported for CAT files + set(files "removed") + foreach(file ${files}) + foreach(ext ${extensions_nocat}) + add_test(NAME "verify_${file}_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" + "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT + "-CAfile" "${CERTS}/CACert.pem" + "-CRLfile" "${CERTS}/CACertCRL.pem" + "-in" "${FILES}/${file}.${ext}") + set_tests_properties("verify_${file}_${ext}" PROPERTIES + DEPENDS "${file}_${ext}" + WILL_FAIL TRUE) + list(APPEND ALL_TESTS "verify_${file}_${ext}") + endforeach(ext ${extensions_nocat}) + endforeach(file ${files}) + + # Verify attached signature + # "attach-signature" command is unsupported for CAT files + set(files "attached_pem" "attached_der") + foreach(file ${files}) + foreach(ext ${extensions_nocat}) + add_test(NAME "verify_${file}_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" + "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT + "-CAfile" "${CERTS}/CACert.pem" + "-CRLfile" "${CERTS}/CACertCRL.pem" + "-in" "${FILES}/${file}.${ext}") + set_tests_properties("verify_${file}_${ext}" PROPERTIES + DEPENDS "${file}_${ext}") + list(APPEND ALL_TESTS "verify_${file}_${ext}") + endforeach(ext ${extensions_nocat}) + endforeach(file ${files}) + + +### Extract a data content to be signed ### + + # Unsupported command "extract-data" for CAT files foreach(ext ${extensions_nocat}) - add_test( - NAME verify_${file}_${ext} - COMMAND osslsigncode "verify" - "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT - "-CAfile" "${CERTS}/CACert.pem" - "-CRLfile" "${CERTS}/CACertCRL.pem" - "-in" "${FILES}/${file}.${ext}") - set_tests_properties( - verify_${file}_${ext} - PROPERTIES - DEPENDS "${file}_${ext}" - REQUIRED_FILES "${FILES}/${file}.${ext}" - WILL_FAIL TRUE) - endforeach(ext ${extensions_nocat}) -endforeach(file ${files}) + # Extract PKCS#7 with data content, output in PEM format + add_test(NAME "data_${ext}_pem" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "extract-data" + "-ph" + "-h" "sha384" + "-add-msi-dse" + "-pem" # PEM format + "-in" "${FILES}/unsigned.${ext}" + "-out" "${FILES}/data_${ext}.pem") -# Tests 103-112 -# Verify attached signature -# "attach-signature" command is unsupported for CAT files -set(files "attached_pem" "attached_der") -foreach(file ${files}) - foreach(ext ${extensions_nocat}) - add_test( - NAME verify_${file}_${ext} - COMMAND osslsigncode "verify" - "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT - "-CAfile" "${CERTS}/CACert.pem" - "-CRLfile" "${CERTS}/CACertCRL.pem" - "-in" "${FILES}/${file}.${ext}") - set_tests_properties( - verify_${file}_${ext} - PROPERTIES - DEPENDS "${file}_${ext}" - REQUIRED_FILES "${FILES}/${file}.${ext}") - endforeach(ext ${extensions_nocat}) -endforeach(file ${files}) + # Extract PKCS#7 with data content, output in default DER format + add_test(NAME "data_${ext}_der" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "extract-data" + "-ph" + "-h" "sha384" + "-add-msi-dse" + "-in" "${FILES}/unsigned.${ext}" + "-out" "${FILES}/data_${ext}.der") + foreach(data_format ${formats}) + set_tests_properties("data_${ext}_${data_format}" PROPERTIES + DEPENDS "start_server") + list(APPEND ALL_TESTS "data_${ext}_${data_format}") + endforeach(data_format ${formats}) -if((Python3_FOUND OR server_error) AND (OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND)) - -### Sign with Time-Stamp Authority ### - - # Tests 113-142 - # Sign with the RFC3161 Time-Stamp Authority - # Use "cert" "expired" "revoked" without X509v3 CRL Distribution Points extension - # and "cert_crldp" "revoked_crldp" contain X509v3 CRL Distribution Points extension - set(pem_certs "cert" "expired" "revoked" "cert_crldp" "revoked_crldp") - foreach(ext ${extensions_all}) - foreach(cert ${pem_certs}) - add_test( - NAME sign_ts_${cert}_${ext} - COMMAND osslsigncode "sign" - "-certs" "${CERTS}/${cert}.pem" - "-key" "${CERTS}/key.pem" + # Sign a data content, output in DER format + foreach(data_format ${formats}) + add_test(NAME "signed_data_${ext}_${data_format}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign" + "-pkcs12" "${CERTS}/cert.p12" + "-readpass" "${CERTS}/password.txt" "-ac" "${CERTS}/CAcross.pem" + "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT + "-add-msi-dse" "-comm" "-ph" "-jp" "low" "-h" "sha384" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" + "-in" "${FILES}/data_${ext}.${data_format}" + "-out" "${FILES}/signed_data_${ext}_${data_format}.der") + set_tests_properties("signed_data_${ext}_${data_format}" PROPERTIES + DEPENDS "data_${ext}_pem;data_${ext}_der") + list(APPEND ALL_TESTS "signed_data_${ext}_${data_format}") + endforeach(data_format ${formats}) + + # Sign a data content, output in PEM format + foreach(data_format ${formats}) + add_test(NAME "signed_data_pem_${ext}_${data_format}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign" + "-pkcs12" "${CERTS}/cert.p12" + "-readpass" "${CERTS}/password.txt" + "-ac" "${CERTS}/CAcross.pem" "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT - "-ts" "http://127.0.0.1:${PORT}" - "-in" "${FILES}/unsigned.${ext}" - "-out" "${FILES}/ts_${cert}.${ext}") - set_tests_properties( - sign_ts_${cert}_${ext} - PROPERTIES - ENVIRONMENT "HTTP_PROXY=;http_proxy=;" - REQUIRED_FILES "${LOGS}/port.log") - endforeach(cert ${pem_certs}) - endforeach(ext ${extensions_all}) + "-add-msi-dse" + "-comm" + "-ph" + "-jp" "low" + "-h" "sha384" + "-i" "https://www.osslsigncode.com/" + "-n" "osslsigncode" + "-pem" # PEM format + "-in" "${FILES}/data_${ext}.${data_format}" + "-out" "${FILES}/signed_data_${ext}_${data_format}.pem") + set_tests_properties("signed_data_pem_${ext}_${data_format}" PROPERTIES + DEPENDS "data_${ext}_${data_format}") + list(APPEND ALL_TESTS "signed_data_pem_${ext}_${data_format}") + endforeach(data_format ${formats}) + + # Attach signature in PEM or DER format + foreach(data_format ${formats}) + foreach(format ${formats}) + add_test(NAME "attached_data_${ext}_${data_format}_${format}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "attach-signature" + # sign options + "-add-msi-dse" + "-h" "sha384" + "-sigin" "${FILES}/signed_data_${ext}_${data_format}.${format}" + "-in" "${FILES}/unsigned.${ext}" + "-out" "${FILES}/attached_data_${data_format}_${format}.${ext}" + # verify options + "-require-leaf-hash" "FILE ${CERTS}/leafhash.txt" + "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT + "-CAfile" "${CERTS}/CACert.pem" + "-CRLfile" "${CERTS}/CACertCRL.pem") + set_tests_properties("attached_data_${ext}_${data_format}_${format}" PROPERTIES + DEPENDS "signed_data_${ext}_${data_format};signed_data_pem_${ext}_${data_format}") + list(APPEND ALL_TESTS "attached_data_${ext}_${data_format}_${format}") + endforeach(format ${formats}) + endforeach(data_format ${formats}) + endforeach(ext ${extensions_nocat}) + + + if(OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND) + +### Sign with Time-Stamp Authority ### + + # Sign with the RFC3161 Time-Stamp Authority + set(pem_certs "cert" "expired" "revoked") + foreach(ext ${extensions_all}) + foreach(cert ${pem_certs}) + add_test(NAME "sign_ts_${cert}_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign" + "-certs" "${CERTS}/${cert}.pem" + "-key" "${CERTS}/key.pem" + "-ac" "${CERTS}/CAcross.pem" + "-comm" + "-ph" + "-jp" "low" + "-h" "sha384" + "-i" "https://www.osslsigncode.com/" + "-n" "osslsigncode" + "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT + "-ts" "FILE ${LOGS}/url.log" + "-in" "${FILES}/unsigned.${ext}" + "-out" "${FILES}/ts_${cert}.${ext}") + set_tests_properties("sign_ts_${cert}_${ext}" PROPERTIES + ENVIRONMENT "HTTP_PROXY=;http_proxy=" + DEPENDS "start_server") + list(APPEND ALL_TESTS "sign_ts_${cert}_${ext}") + endforeach(cert ${pem_certs}) + endforeach(ext ${extensions_all}) ### Verify Time-Stamp Authority ### - # Tests 143-148 - # Signature verification time: Sep 1 00:00:00 2019 GMT - foreach(ext ${extensions_all}) - add_test( - NAME verify_ts_cert_${ext} - COMMAND osslsigncode "verify" - "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT - "-CAfile" "${CERTS}/CACert.pem" - "-TSA-CAfile" "${CERTS}/TSACA.pem" - "-in" "${FILES}/ts_cert.${ext}") - set_tests_properties( - verify_ts_cert_${ext} - PROPERTIES - ENVIRONMENT "HTTP_PROXY=;http_proxy=;" - DEPENDS "sign_ts_cert_${ext}" - REQUIRED_FILES "${FILES}/ts_cert.${ext}" - REQUIRED_FILES "${LOGS}/port.log") - endforeach(ext ${extensions_all}) + # Signature verification time: Sep 1 00:00:00 2019 GMT + foreach(ext ${extensions_all}) + add_test(NAME "verify_ts_cert_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" + "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT + "-CAfile" "${CERTS}/CACert.pem" + "-TSA-CAfile" "${CERTS}/TSACA.pem" + "-in" "${FILES}/ts_cert.${ext}") + set_tests_properties("verify_ts_cert_${ext}" PROPERTIES + ENVIRONMENT "HTTP_PROXY=;http_proxy=;" + DEPENDS "sign_ts_cert_${ext}") + list(APPEND ALL_TESTS "verify_ts_cert_${ext}") + endforeach(ext ${extensions_all}) - # Tests 149-154 - # Signature verification time: Jan 1 00:00:00 2035 GMT - foreach(ext ${extensions_all}) - add_test( - NAME verify_ts_future_${ext} - COMMAND osslsigncode "verify" - "-time" "2051222400" # Signature verification time: Jan 1 00:00:00 2035 GMT - "-CAfile" "${CERTS}/CACert.pem" - "-TSA-CAfile" "${CERTS}/TSACA.pem" - "-in" "${FILES}/ts_cert.${ext}") - set_tests_properties( - verify_ts_future_${ext} - PROPERTIES - ENVIRONMENT "HTTP_PROXY=;http_proxy=;" - DEPENDS "sign_ts_cert_${ext}" - REQUIRED_FILES "${FILES}/ts_cert.${ext}" - REQUIRED_FILES "${LOGS}/port.log") - endforeach(ext ${extensions_all}) + # Signature verification time: Jan 1 00:00:00 2035 GMT + foreach(ext ${extensions_all}) + add_test(NAME "verify_ts_future_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" + "-time" "2051222400" # Signature verification time: Jan 1 00:00:00 2035 GMT + "-CAfile" "${CERTS}/CACert.pem" + "-TSA-CAfile" "${CERTS}/TSACA.pem" + "-in" "${FILES}/ts_cert.${ext}") + set_tests_properties("verify_ts_future_${ext}" PROPERTIES + ENVIRONMENT "HTTP_PROXY=;http_proxy=;" + DEPENDS "sign_ts_cert_${ext}") + list(APPEND ALL_TESTS "verify_ts_future_${ext}") + endforeach(ext ${extensions_all}) - # Tests 155-160 - # Verify with ignored timestamp - # This tests are expected to fail - foreach(ext ${extensions_all}) - add_test( - NAME verify_ts_ignore_${ext} - COMMAND osslsigncode "verify" - "-time" "2051222400" # Signature verification time: Jan 1 00:00:00 2035 GMT - "-ignore-timestamp" - "-CAfile" "${CERTS}/CACert.pem" - "-TSA-CAfile" "${CERTS}/TSACA.pem" - "-in" "${FILES}/ts_cert.${ext}") - set_tests_properties( - verify_ts_ignore_${ext} - PROPERTIES - ENVIRONMENT "HTTP_PROXY=;http_proxy=;" - DEPENDS "sign_ts_cert_${ext}" - REQUIRED_FILES "${FILES}/ts_cert.${ext}" - REQUIRED_FILES "${LOGS}/port.log" - WILL_FAIL TRUE) - endforeach(ext ${extensions_all}) + # Verify with ignored timestamp + # This tests are expected to fail + foreach(ext ${extensions_all}) + add_test(NAME "verify_ts_ignore_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" + "-time" "2051222400" # Signature verification time: Jan 1 00:00:00 2035 GMT + "-ignore-timestamp" + "-CAfile" "${CERTS}/CACert.pem" + "-TSA-CAfile" "${CERTS}/TSACA.pem" + "-in" "${FILES}/ts_cert.${ext}") + set_tests_properties("verify_ts_ignore_${ext}" PROPERTIES + ENVIRONMENT "HTTP_PROXY=;http_proxy=;" + DEPENDS "sign_ts_cert_${ext}" + WILL_FAIL TRUE) + list(APPEND ALL_TESTS "verify_ts_ignore_${ext}") + endforeach(ext ${extensions_all}) ### Verify CRL Distribution Points ### - # Tests 161-166 - # Verify file signed with X509v3 CRL Distribution Points extension - # Signature verification time: Sep 1 00:00:00 2019 GMT - # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options - foreach(ext ${extensions_all}) - add_test( - NAME verify_ts_cert_crldp_${ext} - COMMAND osslsigncode "verify" - "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT - "-CAfile" "${CERTS}/CACert.pem" - "-TSA-CAfile" "${CERTS}/TSACA.pem" - "-in" "${FILES}/ts_cert_crldp.${ext}") - set_tests_properties( - verify_ts_cert_crldp_${ext} - PROPERTIES - ENVIRONMENT "HTTP_PROXY=;http_proxy=;" - DEPENDS "sign_ts_cert_crldp_${ext}" - REQUIRED_FILES "${FILES}/ts_cert_crldp.${ext}" - REQUIRED_FILES "${LOGS}/port.log") - endforeach(ext ${extensions_all}) - - # Tests 167-183 - # Verify with expired or revoked certificate without X509v3 CRL Distribution Points extension - # This tests are expected to fail - set(failed_certs "expired" "revoked") - foreach(ext ${extensions_all}) - foreach(cert ${failed_certs}) - add_test( - NAME verify_ts_${cert}_${ext} - COMMAND osslsigncode "verify" + # Verify file signed with X509v3 CRL Distribution Points extension + # Signature verification time: Sep 1 00:00:00 2019 GMT + # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options + foreach(ext ${extensions_all}) + add_test(NAME "verify_ts_cert_crldp_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" - "-CRLfile" "${CERTS}/CACertCRL.pem" "-TSA-CAfile" "${CERTS}/TSACA.pem" - "-in" "${FILES}/ts_${cert}.${ext}") - set_tests_properties( - verify_ts_${cert}_${ext} - PROPERTIES + "-in" "${FILES}/ts_cert.${ext}") + set_tests_properties("verify_ts_cert_crldp_${ext}" PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" - DEPENDS "sign_ts_${cert}_${ext}" - REQUIRED_FILES "${FILES}/ts_${cert}.${ext}" - REQUIRED_FILES "${LOGS}/port.log" + DEPENDS "sign_ts_cert_${ext}") + list(APPEND ALL_TESTS "verify_ts_cert_crldp_${ext}") + endforeach(ext ${extensions_all}) + + # Verify with expired or revoked certificate, ignore X509v3 CRL Distribution Points extension + # This tests are expected to fail + set(failed_certs "expired" "revoked") + foreach(ext ${extensions_all}) + foreach(cert ${failed_certs}) + add_test(NAME "verify_ts_${cert}_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" + "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT + "-CAfile" "${CERTS}/CACert.pem" + "-CRLfile" "${CERTS}/CACertCRL.pem" + "-ignore-cdp" + "-TSA-CAfile" "${CERTS}/TSACA.pem" + "-in" "${FILES}/ts_${cert}.${ext}") + set_tests_properties("verify_ts_${cert}_${ext}" PROPERTIES + ENVIRONMENT "HTTP_PROXY=;http_proxy=;" + DEPENDS "sign_ts_${cert}_${ext}" + WILL_FAIL TRUE) + list(APPEND ALL_TESTS "verify_ts_${cert}_${ext}") + endforeach(cert ${failed_certs}) + endforeach(ext ${extensions_all}) + + # Verify with revoked certificate contains X509v3 CRL Distribution Points extension + # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options + # This test is expected to fail + foreach(ext ${extensions_all}) + add_test(NAME "verify_ts_revoked_crldp_${ext}" + COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" + "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT + "-CAfile" "${CERTS}/CACert.pem" + "-TSA-CAfile" "${CERTS}/TSACA.pem" + "-in" "${FILES}/ts_revoked.${ext}") + set_tests_properties("verify_ts_revoked_crldp_${ext}" PROPERTIES + ENVIRONMENT "HTTP_PROXY=;http_proxy=;" + DEPENDS "sign_ts_revoked_${ext}" WILL_FAIL TRUE) - endforeach(cert ${failed_certs}) - endforeach(ext ${extensions_all}) - - # Tests 178-184 - # Verify with revoked certificate contains X509v3 CRL Distribution Points extension - # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options - # This test is expected to fail - foreach(ext ${extensions_all}) - add_test( - NAME verify_ts_revoked_crldp_${ext} - COMMAND osslsigncode "verify" - "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT - "-CAfile" "${CERTS}/CACert.pem" - "-TSA-CAfile" "${CERTS}/TSACA.pem" - "-in" "${FILES}/ts_revoked_crldp.${ext}") - set_tests_properties( - verify_ts_revoked_crldp_${ext} - PROPERTIES - ENVIRONMENT "HTTP_PROXY=;http_proxy=;" - DEPENDS "sign_ts_revoked_crldp_${ext}" - REQUIRED_FILES "${FILES}/ts_revoked_crldp.${ext}" - REQUIRED_FILES "${LOGS}/port.log" - WILL_FAIL TRUE) - endforeach(ext ${extensions_all}) - -# Tests 185-234 -# Unsupported command "extract-data" for CAT files -foreach(ext ${extensions_nocat}) -# Extract PKCS#7 with data content, output in PEM format - add_test( - NAME data_${ext}_pem - COMMAND osslsigncode "extract-data" - "-ph" - "-h" "sha384" - "-add-msi-dse" - "-pem" # PEM format - "-in" "${FILES}/unsigned.${ext}" - "-out" "${FILES}/data_${ext}.pem") - -# Extract PKCS#7 with data content, output in default DER format - add_test( - NAME data_${ext}_der - COMMAND osslsigncode "extract-data" - "-ph" - "-h" "sha384" - "-add-msi-dse" - "-in" "${FILES}/unsigned.${ext}" - "-out" "${FILES}/data_${ext}.der") - -# Sign a data content, output in DER format - foreach(data_format ${formats}) - add_test( - NAME signed_data_${ext}_${data_format} - COMMAND osslsigncode "sign" - "-pkcs12" "${CERTS}/cert.p12" - "-readpass" "${CERTS}/password.txt" - "-ac" "${CERTS}/CAcross.pem" - "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT - "-add-msi-dse" - "-comm" - "-ph" - "-jp" "low" - "-h" "sha384" "-i" "https://www.osslsigncode.com/" - "-n" "osslsigncode" - "-in" "${FILES}/data_${ext}.${data_format}" - "-out" "${FILES}/signed_data_${ext}_${data_format}.der") - endforeach(data_format ${formats}) - -# Sign a data content, output in PEM format - foreach(data_format ${formats}) - add_test( - NAME signed_data_pem_${ext}_${data_format} - COMMAND osslsigncode "sign" - "-pkcs12" "${CERTS}/cert.p12" - "-readpass" "${CERTS}/password.txt" - "-ac" "${CERTS}/CAcross.pem" - "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT - "-add-msi-dse" - "-comm" - "-ph" - "-jp" "low" - "-h" "sha384" "-i" "https://www.osslsigncode.com/" - "-n" "osslsigncode" - "-pem" # PEM format - "-in" "${FILES}/data_${ext}.${data_format}" - "-out" "${FILES}/signed_data_${ext}_${data_format}.pem") - endforeach(data_format ${formats}) - -# Attach signature in PEM or DER format - foreach(data_format ${formats}) - foreach(format ${formats}) - add_test( - NAME attached_data_${ext}_${data_format}_${format} - COMMAND osslsigncode "attach-signature" - # sign options - "-require-leaf-hash" "SHA256:${leafhash}" - "-add-msi-dse" - "-h" "sha384" - "-sigin" "${FILES}/signed_data_${ext}_${data_format}.${format}" - "-in" "${FILES}/unsigned.${ext}" - "-out" "${FILES}/attached_data_${data_format}_${format}.${ext}" - # verify options - "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT - "-CAfile" "${CERTS}/CACert.pem" - "-CRLfile" "${CERTS}/CACertCRL.pem") - set_tests_properties( - attached_${format}_${ext} - PROPERTIES - DEPENDS "signed_data_${ext}_${data_format}:data_${ext}_${format}") - endforeach(format ${formats}) - endforeach(data_format ${formats}) -endforeach(ext ${extensions_nocat}) + list(APPEND ALL_TESTS "verify_ts_revoked_crldp_${ext}") + endforeach(ext ${extensions_all}) ### Cleanup ### -# Stop HTTP server - if(STOP_SERVER) - add_test(NAME stop_server - COMMAND ${Python3_EXECUTABLE} "${CLIENT_HTTP}") - set_tests_properties( - stop_server - PROPERTIES - REQUIRED_FILES "${LOGS}/port.log") - else(STOP_SERVER) - message(STATUS "Keep HTTP server after tests") - endif(STOP_SERVER) + # Stop HTTP server + if(STOP_SERVER) + add_test(NAME "stop_server" + COMMAND ${Python3_EXECUTABLE} "${TEST_DIR}/client_http.py") + set_tests_properties("stop_server" PROPERTIES + DEPENDS "${ALL_TESTS}") + list(APPEND ALL_TESTS "stop_server") + else(STOP_SERVER) + message(STATUS "Keep HTTP server after tests") + endif(STOP_SERVER) -else((Python3_FOUND OR server_error) AND (OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND)) - message(STATUS "CTest skips some tests") -endif((Python3_FOUND OR server_error) AND (OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND)) + else(OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND) + message(STATUS "CTest skips some tests") + endif(OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND) -# Delete test files -set(names "legacy" "signed" "signed_crldp" "nested" "revoked" "removed" "added") -foreach(ext ${extensions_all}) - foreach(name ${names}) - set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${name}.${ext}") - endforeach(name ${names}) - foreach(cert ${pem_certs}) - set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/ts_${cert}.${ext}") - endforeach(cert ${pem_certs}) - foreach(format ${formats}) - set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}") - set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}") - set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_${format}.${ext}") - set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/data_${ext}.${format}") - foreach(data_format ${formats}) - set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/signed_data_${ext}_${format}.${data_format}") - set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_data_${data_format}_${format}.${ext}") - endforeach(data_format ${formats}) - endforeach(format ${formats}) - set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jreq.tsq") - set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jresp.tsr") -endforeach(ext ${extensions_all}) + # Delete test files + set(names "signed" "nested" "revoked" "removed" "added") + foreach(ext ${extensions_all}) + foreach(name ${names}) + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${name}.${ext}") + endforeach(name ${names}) + foreach(cert ${pem_certs}) + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/ts_${cert}.${ext}") + endforeach(cert ${pem_certs}) + foreach(format ${formats}) + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}") + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}") + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_${format}.${ext}") + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/data_${ext}.${format}") + foreach(data_format ${formats}) + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/signed_data_${ext}_${format}.${data_format}") + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_data_${data_format}_${format}.${ext}") + endforeach(data_format ${formats}) + endforeach(format ${formats}) + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jreq.tsq") + set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jresp.tsr") + endforeach(ext ${extensions_all}) + + add_test(NAME "remove_files" + COMMAND ${CMAKE_COMMAND} -E rm -f ${OUTPUT_FILES}) + + set_tests_properties("remove_files" PROPERTIES + DEPENDS "${ALL_TESTS}") + +endif(Python3_FOUND AND NOT cryptography_error) -add_test(NAME remove_files - COMMAND ${CMAKE_COMMAND} -E rm -f ${OUTPUT_FILES}) #[[ Local Variables: diff --git a/osslsigncode.c b/osslsigncode.c index c5e5a9e..0b4c822 100644 --- a/osslsigncode.c +++ b/osslsigncode.c @@ -2520,7 +2520,7 @@ static time_t time_t_timestamp_get_attributes(CMS_ContentInfo **timestamp, PKCS7 printf("Message digest algorithm: %s\n", (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2sn(md_nid)); - /* Unauthenticated attributes */ + /* Authenticated attributes */ auth_attr = PKCS7_get_signed_attributes(si); /* cont[0] */ printf("\nAuthenticated attributes:\n"); for (i=0; i*cA~I>;II7dW zifwPu{H65o;S!G|r)}cAMkWSEM&^d5K=me3AZ6KRufy1G$pMLTx)ap7<>tgme`Wf%-b8eRg7m#(mP!eR=Jjko^H(Upo?P*K zzKO4a_b&fOGXiHeM;=yqc!YP6|Gs_GUKurOCz`%il3eK{Vs&z_vndb5<&+fd^VbE! z7_+{n+}XN5yVOj}2Pf2~Pe{dt#N^VE|^9xp3o_SwewHfp)87+=^O UrfQazpM!V|7M1(w|BR0U0NWhTOaK4? diff --git a/tests/certs/CACertCRL.pem b/tests/certs/CACertCRL.pem deleted file mode 100644 index 2b2e3c0..0000000 --- a/tests/certs/CACertCRL.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN X509 CRL----- -MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJQTDEVMBMGA1UE -CgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 -eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBFw0xOTAxMDEwMDAwMDBaFw00MzAx -MDEwMDAwMDBaMCcwJQIUazbrVgbYb+IN803UmJJa0DPHQsAXDTI0MDIyNzE1MzAx -NFqgMDAuMB8GA1UdIwQYMBaAFGQQ8as5N9zB/bsdyD9BWHdiJ+8pMAsGA1UdFAQE -AgIQATANBgkqhkiG9w0BAQsFAAOCAQEAV+Ce8WaNN/PXbVT9rOy/TS2EDrM/oFPG -vwZr2IQDcBtgFV5DpNZRKJo2m4mjPPt1eCjE404U2r6081bvq3PtwSPwezV+uCzF -dDUafeR0eZhmzxD8M2Jmi5hGp3fQevDrA4+RR33DneYSNfzGx35VN8v/L7/TuA5X -0PG8b5hL9f3vsVXvFRj6hMkRy5m+gxFfWW/Uw3fXIt9sDLJ+eAKURdqn1c3CEwD6 -bzh0s6dSXT4wp5/l96x8fKAv5hMqDC7KufvwjhhSXdYXDOHDQcv0g5aLo8Ug8dHg -NJHqbTAAViyGfvsS9/pYb8kHpAWvaADK84tzaMzj7uCDXlCZEjIr7w== ------END X509 CRL----- diff --git a/tests/certs/CACertCRL_crldp.pem b/tests/certs/CACertCRL_crldp.pem deleted file mode 100644 index 39b5532..0000000 --- a/tests/certs/CACertCRL_crldp.pem +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN X509 CRL----- -MIICMzCCARsCAQEwDQYJKoZIhvcNAQELBQAwZzELMAkGA1UEBhMCUEwxFTATBgNV -BAoMDG9zc2xzaWduY29kZTEgMB4GA1UECwwXQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkxHzAdBgNVBAMMFkludGVybWVkaWF0ZSBDQSBDUkwgRFAXDTE5MDEwMTAwMDAw -MFoXDTQzMDEwMTAwMDAwMFowTjAlAhQcZvYIe2b1FreAKfoi/uGkSGJCthcNMjQw -MjI3MTUzMDE0WjAlAhRrNutWBthv4g3zTdSYklrQM8dCwBcNMjQwMjI3MTUzMDE0 -WqAwMC4wHwYDVR0jBBgwFoAUFDxiqeJxiJbmZ4erKH0pBIhq7SMwCwYDVR0UBAQC -AhACMA0GCSqGSIb3DQEBCwUAA4IBAQBZzGXEP4XdKuJ8ANIBGPu1Z+7T+4ln+nu3 -MEPC9BexVAA02YPZx6i4c3cHC87aOL7zsr/K9OeF5MAYzi2QJwsenF4b9QL2rzQV -sCAb3sY5ImAxN38GTJ+oI+uTeOefNE0wS7pP4phRmYNZwyDhxA2iT76+luoygyth -NesiGalMFDrJvUM1DADTZGQrz9cQVgFq9WTcta9rdTYqSNctxkbpQaY0hgssH1Sh -hWlSiFttciA2XVD7Ju/Qv9zN4nCQC0LskgKhqsefsOukpo6jqJ92OmNrrNaERfqs -Yavzuj6DlcnE46ZxA0y2Du1apz0WDlbcAnsEqfNSDDCid09v+V9a ------END X509 CRL----- diff --git a/tests/certs/CAcross.pem b/tests/certs/CAcross.pem deleted file mode 100644 index 110e669..0000000 --- a/tests/certs/CAcross.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDqTCCApGgAwIBAgIUKFKqG3FwQAmy4HgYyO4mGEiQ8QAwDQYJKoZIhvcNAQEL -BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD1RydXN0ZWQgUm9v -dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0zNzEyMjcwMDAwMDBaMFgxCzAJBgNVBAYT -AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxIDAeBgNVBAsMF0NlcnRpZmljYXRp -b24gQXV0aG9yaXR5MRAwDgYDVQQDDAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAxS8IBYj0uuC1XD1EBFksVv+oHXzrwfzp7KvyghPNeXq7 -0VJDC8YfUwazNGG4P1MkCPLW4iJU8nt7PZWMpebYb2VRkw8lBG3nRdMZuwYYOLgh -NTVbc/4cjm7jkjQgvXhC/9HxfbqWd0HOVjgiagJMA3grN1++gYtoyk29sLU/tria -W6Su6aLdYpNECrjoyPkMCqvrc06iVaKa1MH6HRla/7HGeBHtx+j4SKa+E8HvLfGF -j04n/buXqYm5AmiHPk+bOFkHKW4yGJxOx3ZwkQpBvuOeKHj3aiQKPq8f8UmYqD4P -NcpPK57kqLjaOHMz2/WenIiR3uz+CdlUSwcfqhAi3wIDAQABo2MwYTAPBgNVHRMB -Af8EBTADAQH/MB0GA1UdDgQWBBQaPEb++qXSgmAi2vsewtpb6SiIyDAfBgNVHSME -GDAWgBSzLyt07qrH3+rgkQCvS/YZ3jR+fzAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZI -hvcNAQELBQADggEBADCY4hadNyzoz0CpdpBcFjyglxOkgcitIAgvoc2N5zwHrkg7 -BgJM1BJmCyki0AhXRKwl7sYbzNHgAhP1pBNjZqO13+cRcqPKvrxpYnsv11HaPS2E -Ee/8EwHB3JlWlmWd6PHaJV0usRjDOuJnV/I/9mdFfIUcY0aoA36o2CCRJRKcvvVp -Ztomnvw8IqFTn3GCNK3TRmVf2RYMhsDNQoEEidJENwCCRlcojmk1Ld95T89QsGOR -cWJAHzyfbMQxRD7kQPZ4B2M8MvU3uD6nsamzvVM7H0UkSNuYLVkpU/wTUR8eQ2LI -wFyi9JhKP4hF/RBuSzIHpXWO46GvzAO5dXZPLm0= ------END CERTIFICATE----- diff --git a/tests/certs/CAroot.pem b/tests/certs/CAroot.pem deleted file mode 100644 index 6fb0d11..0000000 --- a/tests/certs/CAroot.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDsTCCApmgAwIBAgIUQQOniemvgowXmc2hZSZoIWEF8DUwDQYJKoZIhvcNAQEL -BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD1RydXN0ZWQgUm9v -dCBDQTAeFw0xNzAxMDEwMDAwMDBaFw0zNjEyMjcwMDAwMDBaMGAxCzAJBgNVBAYT -AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxIDAeBgNVBAsMF0NlcnRpZmljYXRp -b24gQXV0aG9yaXR5MRgwFgYDVQQDDA9UcnVzdGVkIFJvb3QgQ0EwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL2tfObRQcJ4fo/jarNfQVmeqjulYkLLNG -UtYmFSAxkcYbmpfHpsSxnW9sbDZV8Cp6tFa97V7XATCNL/r671lpZjkYEj0NkjBE -84OI0pkAEwWC5m3+dl3wehu977OcV7cMxNTmAHJwEadXR3jmZV625/lja1QqgkqK -MqOty2pJNmsRUEogjFoh00eulnapW5u72ovq9IDgjjhdvAClwkTY5jsLTeDwgvfS -MRjAmef2qExI/l760Bl0xe4XDdROgN90npS/zuKcCkThtvmffiUZsyeel1kto1pF -zkYGJroWSJl0Jt+dpJHcpSXOXP5M+LnuLV4nl5vqwksdPzswQvuZAgMBAAGjYzBh -MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLMvK3Tuqsff6uCRAK9L9hneNH5/ -MB8GA1UdIwQYMBaAFLMvK3Tuqsff6uCRAK9L9hneNH5/MA4GA1UdDwEB/wQEAwIB -hjANBgkqhkiG9w0BAQsFAAOCAQEAesmiOEl8OA+T4DDOgjfhY6+pUZDDKpsx//mj -/1bxr+akfwL3dN5IBq8g8tJJHOLqrl7Lard7onDRnz8GZmpkPvFa87QD2PU2addo -DAQWdYsDrNMWkAE37Wk7FZ0RyFHiBopRUMspKmx/XwvJf+rhkidjJYxCo317i/Z8 -fWi//wGsI6ogezOsMCxNEcIn2PltGfDiVFklmwsXhyfvGYfctqepu661a/7hFUaP -uN0iEboTDcQuiWwwEEwMe55L1rjDlpRkGUBah5FteGmVwk0AoT4b+1FVrj9Q6sEa -Ge6gsrhu2syUF9CErTW/CiV+jONe2ygw4welOBo598QW71w7Vw== ------END CERTIFICATE----- diff --git a/tests/certs/TSA.key b/tests/certs/TSA.key deleted file mode 100644 index e351c1a..0000000 --- a/tests/certs/TSA.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCplbeNvGrZmTDz -p48TyvpOX36bGPMfyTVc8ZfAoh0SG86EFc1LHBV2K52dshHYqniQ6lE14jhsRPps -YRBUFXO7I84Jd5CVcrvBWGuL8wXxjMwIW5buzY4x5oKowlyQGIasNiC8Mgx8TncJ -kVWE6ekgoP4i1f4PVsFyG8zVNpI5VzHArAemYhvDjuA5jgTisfP8ph2pxUKTzYAI -SaKm2YkBFvyhhTxtqnXHt8S0NnfDSCedKSzl1caN1TAKSbWoeChb+Tq8rycjPXh/ -/7TkYgxmlSHiQhRcyEaZs54Ud8Q0nsnfRMhEtewr2IACmuKrFnoS+GtY5glPilR5 -ScZ+7A9TAgMBAAECggEABOI/XIzFYMzeg2Rg8DAquQlyc92NE5zPtW0/WxhhizdT -bPF3EISXh9DdMimCBeH8XxIzWFfSeFaoNFHp1GCf9ckYRuptk8ppz3OKVhOIbxqr -YNY9UVVCrEFmjJ0Vxj7Be5M9TTEU4mxLVX4FtmDVClubeOxyX/oqcr4uwme0Az6A -tjBVzl+YEYvZrbhao5d09LVQ3zj1T1EQ+XU5iTTV5Two86FQ6NQ9txe7jxcB8x8S -BbD/PakmZj+oIdVBp4xnrhCJ3mYdzXy3qHWxq/BtHgS5fY3/tq3xtVSNxw7QJG7j -CT2Cps3/99Lq2CPi8OkQKgjJwWqCZ0jOwHahEMlWIQKBgQDneq4LH0zfPJIW2zsi -C7U813hV4NuQXd5EW2bmNe4KKnlrcbt3ZtJv8v3Ff5lMm1i8jDCeaeGhZOi/Ag/z -aTtM1STFFEQg3QktcSAvS7hXufvAeufSrPOZdpBO51wqZl5wLMp2lsq885R3wnRl -FtIErdmsLigVMC8RZ++gFNIjMQKBgQC7jJE93wV3j36QA7NAgxNH0AW5p5foWuA8 -gR8MA9cpFI7X7q6hW9HYXw30kD3IzN6UW4U5LT4Pandxx484G1KENcyW2TzeGtpC -MWBWHF4Mbxb/2pEkQoPk1dZmUxF5hvaGGHQYJn/pnJFavGUoNBlNjaIfgStzd1IO -68ceo5URwwKBgGjHJjrQmzo9L5968sRRamM04Tp2QsyRQMfOW8B+ztX5LebNn17H -wx97bRVV0a1UcBFAn81E/iXRCG1VYKT8kCQSIse2ibQaeUoBd+EQtEu5WtRgjcjW -Epn3ihC9NwHWPo8mJysQzIpE84JWGducPcpyayI97lTQ761AT741Tn0xAoGARtG2 -ioFrhBEoPmNXTZXxMt3HO6qgPvoJ0G8FdTkCBx4fLkSPppiQbb6++0l4Oxm5NpY0 -gTmnRJT0U3+CgjI2/3t9LL0NMeU742DXusxtaw6LxcMXqXSAb2mb0vmtEJG5Bzu2 -ouPuyxz2+idHn13E7Db+MB1Ldgdpcf7wKo6knJcCgYBwbcjW0MwCah3w4N4VLXBX -Q5wPSw7cRcytHqrrWkT/nTI3fxwd7UW6ZdM0IwGIAwYgBYD5B78KH0aP6BlUmYWu -8vut6S/MsNyCzHQVbcR9BUK3drByzhysVE3TUQKjCA33v6M/tTixhpyPf+ZZtjlK -b1+6D1aGpwt+11f9ubd+Nw== ------END PRIVATE KEY----- diff --git a/tests/certs/TSA.pem b/tests/certs/TSA.pem deleted file mode 100644 index 358af6a..0000000 --- a/tests/certs/TSA.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEMzCCAxugAwIBAgIUAQ9lOMiuXUZuKaxzEpwQmCzU7aowDQYJKoZIhvcNAQEL -BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE -CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v -dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBaMFUxCzAJBgNVBAYT -AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxHDAaBgNVBAsME1RpbWVzdGFtcCBB -dXRob3JpdHkxETAPBgNVBAMMCFRlc3QgVFNBMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAqZW3jbxq2Zkw86ePE8r6Tl9+mxjzH8k1XPGXwKIdEhvOhBXN -SxwVdiudnbIR2Kp4kOpRNeI4bET6bGEQVBVzuyPOCXeQlXK7wVhri/MF8YzMCFuW -7s2OMeaCqMJckBiGrDYgvDIMfE53CZFVhOnpIKD+ItX+D1bBchvM1TaSOVcxwKwH -pmIbw47gOY4E4rHz/KYdqcVCk82ACEmiptmJARb8oYU8bap1x7fEtDZ3w0gnnSks -5dXGjdUwCkm1qHgoW/k6vK8nIz14f/+05GIMZpUh4kIUXMhGmbOeFHfENJ7J30TI -RLXsK9iAApriqxZ6EvhrWOYJT4pUeUnGfuwPUwIDAQABo4HvMIHsMAwGA1UdEwEB -/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFKryJiH4Y0KO -x2nCc4cOvih1VzjmMB8GA1UdIwQYMBaAFD8ujz0I9Y7079ZMe9X7cO3/rSj5MC0G -A1UdHwQmMCQwIqAgoB6GHGh0dHA6Ly8xMjcuMC4wLjE6MTkyNTQvVFNBQ0EwVQYD -VR0eBE4wTKAYMAqCCHRlc3QuY29tMAqCCHRlc3Qub3JnoTAwCocIAAAAAAAAAAAw -IocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQEL -BQADggEBAAhzijhC1kvBV75rxRqj27gtYRG8dNkHc5umzwXyNNMn2tI/kO2Rf+ES -9RamQE9sfvOgg3UqfXIfRPsC4cBHnjT+ELdqbt4byk3LPtstJGFuLy0iNRNY9f1j -lBJrldLZNNsIpNMQa0u5h/z4m0CAA8j6ayUvcoR11y2zYHkHlSScTq/s7gSQzXlK -z4DRiiYif2OEdKVeRCqlDV8AOlhm1+9am74dkfO71aT0G2hko2u19NWZvjc/DqI1 -V+e2g5TDE7V65d9vvf9tA26i0At/VazvnhsgdpgUkwS6mjUvx+gW3i5YJhtXjdAX -hpE0ajpKT0x/dNa/qCwl/9zc8XxGnPk= ------END CERTIFICATE----- diff --git a/tests/certs/TSACA.pem b/tests/certs/TSACA.pem deleted file mode 100644 index cd21c7a..0000000 --- a/tests/certs/TSACA.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDkDCCAnigAwIBAgIULFuB5HWsyba6VHu2Ygv2vt4R4/swDQYJKoZIhvcNAQEL -BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE -CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v -dCBDQTAeFw0xNzAxMDEwMDAwMDBaFw0zNjEyMjcwMDAwMDBaMGAxCzAJBgNVBAYT -AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxJDAiBgNVBAsMG1RpbWVzdGFtcCBB -dXRob3JpdHkgUm9vdCBDQTEUMBIGA1UEAwwLVFNBIFJvb3QgQ0EwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBo8JJDwVm6UTZvA2g/tOZ3xIbKYXI92Rn -T/FCCUycsB5tmoSWcmy1AB6UDv7bFMGy4mdbxnErtdytGj+hEIO3O2EBbpBLAmlJ -CEVNRrz/YbxGoJmeAii9s3jignUpTr/qLMSKkLowuqABZl2XtCp7Q83YlZPkVhFL -kCAny89cG/QGAUxViN7HB4jWzhcBTTfD4PFvSU1HZNhPM0Y6BCpv2qrof3/tPnQr -xM2zVZoIonQpf6paga61O9fM4wc1GqxGGwARz6Bxq6w2OxRDsV/biqP9gVUj0XmF -6o/draf3MkDswOUZyKpujOUIf12ezXJFPWaCRN1Rl0vwV2CyVxkvAgMBAAGjQjBA -MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFD8ujz0I9Y7079ZMe9X7cO3/rSj5 -MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAtHmPfVgu6Y7uWcpq -AdawOTZ/2ICOvAMmQ0LcXKmSpgsneHiyAL1Wwe2/XxTwmrpHylOapIIuV3irHCXU -CxaTMUyZGfXoUWsxnR8bcb5ac/aFKkC3ynE2/IfFyJOQ724cK5FRK1+piVleP4Rx -C04KQiuxuVLedyvGh5OPU/94ZW2JuuBjImVAO/lUbYhAUSpwueX2lYKSSPLkPfDx -AsIp55x70iQ+EsgARvseVY2JRzvRnuh66V4P15wn3dIzjtWQ1/t007wMk5Lji5dQ -iSvdyqULBytBqDtLPLzRuma1KJEPRIamF1j6Or6HaHSVUorRhqI3XuxEUGdO4LxZ -QepMyA== ------END CERTIFICATE----- diff --git a/tests/certs/TSACertCRL.der b/tests/certs/TSACertCRL.der deleted file mode 100644 index 3ef7548a5e70cc4dd8ff0f017519233b417deba4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 599 zcmXqLVhT2BVzg#rWHjJqoT=#{&Ie zIdNVi69Xe7b3;?0debP7GMTh*9Mx%G#kMzS{!;q)aEV8f(>4@kCSYaRX0OB8Zsb4W z{p@>X#-ykV#>brwpeb8mV4!Cp4|J@oGK++PSc8bYUcW8J*S;_BulZD8{ax_(|5}Zo z2HYS8A}lOSOajbk;l|v=$jC6)T|4RC(x4*CU$ZR?3;7pzE}rrFN}>9~Wu@&uI(?@V z@wQ*AKVFmk)lKQ!mP;JpG-LK`dFgi{>WX{FtI53`y^Eigdxo!AS<&X%6qxiZd(=w0`|F1Ec=l9lG5?7D26J1! z^vEASd#PXJ>3s9;EpdHoefEnV6{^&i_>i}0YvqKwPK&;|-JSMf%9(@DSM9(2#B9xt z3Il!3vpNBqT>Z~_k8=9j>rX!XS!TkdttS3uSNC%tdRnsEAlr(UZT;Gb^NNpUFRM)0 hpj~XbB6Fs9*r7b9%^Q!a-uvgXfa`tgDzo_ylmL_^;MV{E diff --git a/tests/certs/TSACertCRL.pem b/tests/certs/TSACertCRL.pem deleted file mode 100644 index e1ff545..0000000 --- a/tests/certs/TSACertCRL.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN X509 CRL----- -MIICUzCCATsCAQEwDQYJKoZIhvcNAQELBQAwYDELMAkGA1UEBhMCUEwxFTATBgNV -BAoMDG9zc2xzaWduY29kZTEkMCIGA1UECwwbVGltZXN0YW1wIEF1dGhvcml0eSBS -b290IENBMRQwEgYDVQQDDAtUU0EgUm9vdCBDQRcNMTkwMTAxMDAwMDAwWhcNNDMw -MTAxMDAwMDAwWjB1MCUCFA5lCWy+o133yMUTfqtWmkigL1MeFw0yNDAyMjcxNTMw -MTVaMCUCFBxm9gh7ZvUWt4Ap+iL+4aRIYkK2Fw0yNDAyMjcxNTMwMTRaMCUCFGs2 -61YG2G/iDfNN1JiSWtAzx0LAFw0yNDAyMjcxNTMwMTRaoDAwLjAfBgNVHSMEGDAW -gBQ/Lo89CPWO9O/WTHvV+3Dt/60o+TALBgNVHRQEBAICEAMwDQYJKoZIhvcNAQEL -BQADggEBAJ1HK2LepVJyOfqbODFxD6GJo5jr1HEnoaZ1h/iJTZZyDYfRf8d8Y/VG -Iva00gj2KVy8tOlO0FrUR1Tqk42IjaPld0lXqKl4hkmCUWLpLgual5JcQPHhDUnT -hiIDvbI5UHGCWeN+unXFRuT9CvtAM+3FOhuL9bBnXwdlOxZPWL8wnYT0jB/HzdKP -KOWfN7eEXo6tTL8XxRJ5LxjwbrK1eZCdQqL2Rt2W8JTMweeqv9PkNqzYeDAvKc0s -UCkKj+aNxQlNPy+Tw/MckJK1NE921b8LwuV0uzBrOg0Gr62RnnPGa6Z5YLArczWo -aZlLVsJuQrOxxyXe/kygCu9lqjaf4CI= ------END X509 CRL----- diff --git a/tests/certs/TSA_revoked.key b/tests/certs/TSA_revoked.key deleted file mode 100644 index 54de7c9..0000000 --- a/tests/certs/TSA_revoked.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDxU8lwCceWEesm -HIQu9M8mIznHFWmxFF55E16DseWr1K2FbOKnNv1ddNhUHFhBQChcGPn/CvwfOMR7 -DbCETrty9HUtoK3fCVZQuYIjZwRLZZB2ryLgO4PK+j07Z61yABi7NKBKv8oHISLU -QcNg7rBAZhmAurKpNu2Gpz/jFpFXwd6O+8xnsYFLT0zyjrq0rEvLmWQd5FBQaVt7 -P+U9GH3GCg0kmdhIXAfdfSnqzj0OMnnzVdnEYrd1mYx+ZA7m0CmVJw330QXWiyax -wimNHUvlpIiZA8ol17tAybinhPL5nSM/LRZ2PN90EgyX1bv3x/cKCEiOYPSZ7xXV -mrRGjCtjAgMBAAECggEAHj01fIh9LdzI7lmcZpXebxTy5HNWbw3yWJGIwk/ES6e2 -poViUTmevdsqUD/M/0AezouCp+akePUQCatJdwq2ikz/cdw0bUIqQqs8F1uNOjVb -yMNhR1+tv/1jNtJi9Wn1r1+ExlkJ46LPTnF/HeJKy4b/oxXB1VpAoSLL6pSlWa1+ -+iEWM+s6xlxyFkeWPq3L3u1QGkuW58KqQae86mR8Mgc0kOVuTCqWpHgNjfxt7tnt -L/oBE9zEJmS3iZcGh1X5VR4CUQmtrCp7ldNdhSNk5WcNCNSsuIX+B13s658a0sRB -AnPIX08moB5VHZ/danblny5Zo6SrobWBBcTabwjnYQKBgQD/BHktS70tQj3yBqVL -xXmaO5ozqMLqF9A2o4EiJ/pF07ecHXmbiGaP9Nf/FJemuU5OHjw8akuxKn2M+DTu -gHYOHwByA9/SOeAiD8bp/dJNE+2BO2zygoG/adhEV5tLK8IYdz241t8oVZbQLwql -ZCs1uFab6E/cZEJgSQ0QuC8vtwKBgQDyQc+MX56UFFCP1QpWLIwFVdoPbOj/3cVZ -FIjQO9rNYNIscS36nISIBh0voubI2xFvO7/s+WS1pD1bOmn6qwsndewFGdmMtjnN -YguakmHAUmcF33f+gXVzwR91QvGPTjI2Fzd59OwOrZofO1+hajQiBKIP2B9VHJNP -khspe44JtQKBgFqTTyrMZNOnXHMS8zC3Ydpq4vkILrqQXK6bYiksg9K7QNKdEW0x -hCQLNZBu0vIvjOVoDcLzihDR46fnHH29eLDJSBI22A9F6RqP+flv4nrn4gptfeOg -gM7onByh9RE86IJiD7UP9FDSHW+x1Zkqu8Inx/M2Du9bWMv0BkTy9id/AoGBAOEy -oDcDZCyPPdyW1AcLXhZPmmegfG/tvlhyqEO6gElO6dF6XJ2NBf5UgKkZq6OnUWuv -hVhK9X2M8aRuhroIalQCYKbVQtB1TQJJVDQaQ1g+wZpKBAfIXGCAdDfTRS5MKIzz -xBRQw2dZpd3Gmb05NsEwwV4tL+M0rxPW4/0J6B3JAoGAB1vlzPsfKVvV9jwVpfdO -W2MWAqPF4iI716zLt2F30WNe/42MudQGvMYUEPTYQMu3hhpQk/6UFY2Mfux6+OKk -zG1khRdlq9BkCczfSVjkUvf4wTUUY5b66i4EpeJ//8OArZEx67LhmW715h/LExzG -jkdwUMLiaSrpf8KSTL3NxM0= ------END PRIVATE KEY----- diff --git a/tests/certs/TSA_revoked.pem b/tests/certs/TSA_revoked.pem deleted file mode 100644 index d10f0cf..0000000 --- a/tests/certs/TSA_revoked.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEIjCCAwqgAwIBAgIUDmUJbL6jXffIxRN+q1aaSKAvUx4wDQYJKoZIhvcNAQEL -BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE -CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v -dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBaMEQxCzAJBgNVBAYT -AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA1RTQTEQMA4GA1UE -AwwHUmV2b2tlZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPFTyXAJ -x5YR6yYchC70zyYjOccVabEUXnkTXoOx5avUrYVs4qc2/V102FQcWEFAKFwY+f8K -/B84xHsNsIROu3L0dS2grd8JVlC5giNnBEtlkHavIuA7g8r6PTtnrXIAGLs0oEq/ -ygchItRBw2DusEBmGYC6sqk27YanP+MWkVfB3o77zGexgUtPTPKOurSsS8uZZB3k -UFBpW3s/5T0YfcYKDSSZ2EhcB919KerOPQ4yefNV2cRit3WZjH5kDubQKZUnDffR -BdaLJrHCKY0dS+WkiJkDyiXXu0DJuKeE8vmdIz8tFnY833QSDJfVu/fH9woISI5g -9JnvFdWatEaMK2MCAwEAAaOB7zCB7DAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQM -MAoGCCsGAQUFBwMIMB0GA1UdDgQWBBTTuQ7LmtwtVydASwFBXd4xUIEh3jAfBgNV -HSMEGDAWgBQ/Lo89CPWO9O/WTHvV+3Dt/60o+TAtBgNVHR8EJjAkMCKgIKAehhxo -dHRwOi8vMTI3LjAuMC4xOjE5MjU0L1RTQUNBMFUGA1UdHgROMEygGDAKggh0ZXN0 -LmNvbTAKggh0ZXN0Lm9yZ6EwMAqHCAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3DQEBCwUAA4IBAQBMiBltqGRRLmK9 -0RymCJ4oxmX2jwZ4SM7fem39Ozei7NIQIw5nlkPJ7ZWyfQQNFMIujfwJJGzDguax -mMJHWngzbKjkbdSHnQswxT79RRwenlIKkExck6p2OUT82nGu/6TBIYutMJlITwKF -5OEmu+WneCvTkvEs0wussIug7E7dV6jJO9/TbwWyrtqU/t9GNRbu/4FIdQ9p9pK9 -BcqaPmjn7IqnLs94THFfMFH0HVkqpLOfa9Wa8uc/C7WyIMTkchXb4U7/8B/hsDj7 -BfKwN/F+IMNw4Rfqytk2JSWuV4pr7MiBweLKBwGgt4DhvfZj32Y/WFNANxtYkE9e -55mIPqG5 ------END CERTIFICATE----- diff --git a/tests/certs/cert.der b/tests/certs/cert.der deleted file mode 100644 index 3f66476a05e430b918313bb8ffe42077f830a605..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1010 zcmXqLVt!}P#B^-|GZP~dlZcjLy-4m#C(CHXyDyHvydbmxt$M2gFB_*;n@8JsUPeZ4 zRtAFvLv903Hs(+kHesd!A45?CVGxIlhbOJuf*wCDl;DKn^6#%_HudT2zvm zmYJMbl9`{U;8}Vh-&TD94UCq=7idBn}<{-^8l?vdlzXLB!yV=Q@h!`?{PR_2v*NQfGCP00ai47TqG#EI@5k=U7Ra8MzD$=#&Fybu zO7kB6o}@(a5^JZK-B#}p=BS!5e2y*M@J{ES!RKoeE56OO^I7ub(OrGZt2%te-)%h` zW}Q*~v*uvOmW8LScQo~^eIw4`tbBcz@7-P@s}|Yi9;Xs7cAHPOT&91&F=Haf#76ng zliQ#Aub=(Gg#B1$w37DK*TMY{H>8SPz22jzBzf_);)=wOlLfDI+*Zo%z3!ExG*`&q zspnJ7KJ&NPc2c|(u5_>RITrNXYw^yh+aIia;LOC#$iTQb$shroj%0;dm<$*UWPu?r z%f}+dBJy&baCUV`fXcDUZHFQbtk`n+^vP5Md62X+3oy|%h@=R7Ty1H7=iuMnvM1~v zBg&K1-)n+Xp{yzkC?Ywu*%(<_*_oM!;q%n`b-r)a2_~%Ic`_A#nQJ8tK#OB9)ZZ+rfYC)!nAYzzXYB~l$lR+sN?PMnsv*!Q3A z+BtLDdW>J2iu>(&@UAHQ1YenuUA=jBuee-&dsBSStk!p)7v61QJ(TZTEp>R-o2TU| vKbDprlDd2U)8v-z`tv50wb|M0@hUVtJ9^@Aclh3G3s$cQKbFk7z|RE$q2PgF diff --git a/tests/certs/cert.p12 b/tests/certs/cert.p12 deleted file mode 100644 index 066127fb1b9561f00ae77847581b074a409d3027..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3747 zcmai%XD}QL*M{xdT_t*1qC|_b1dEmER%b<&M34|sRtwQZ4^|DLL|GCgh~B$IFCmED zd+*&wFK^!YzImRX?~gNQ&VA3B^Y5PPzyrwAfB<}W0GTd?h&Na@_>>et07wrYQw9Z) z$^VsQ-~oi?|5}jr0K&|_(%&V#zYY7Z1Ay!OGk{6qC^+ojkp#{JB5Vy%BUn*sRR;nI z@!%v7!vDJlBm(2XnIS~4gH-`&d=P*aMA1KzG(jqqU~&{&vN2ER=;0SY2$#Av!2M*N zqKg!z6fu3kx+et^$dpQ#+&Y^{ECrKHSl;B@3X{2}k<=P2k#Kogtr0cnzD2*yEA+L# z2F%feCN1qvH}ln<9@$?>`!2zp(Hu)XwMPSEe&Dgdw5uxq*K+g$MsLp^>2LY;6VfG5 zGT(Z`$Ub8VTYjGB*C?_M`_0@1s+2^cYb*5Gb4UAQ%(T6zd%w?24d92>Xi!&yHND>! z@G9{7TUS* z=O;(A^5^^-6JZa_o6(UZT1`8!F;7%knQnkkW}EK#>tPtn7jw`5=-m|psTbUIA|;jM zlpk+OFLUdqagZ>Zemo7{N;y6kjxAdRJH&_hBQfgBZq($hG@3tKF6iG7r;Daig^LY~ zk%}CO@+wouevYrt&KpWQf9c`WPS>t0%%8S_Ya@wYRzaqZH1iSIdfCyA`$=z@BvbDl zT*s{C4PhMZ8(+qdE)ZYKTEy3@!9vzK=8WbS%aZGWl}V}3z6W-j3mr1VSxpiFTBos|tjWDBC_Kwsy{dyXnuNt-kas&QmFzuqy>iLV=0rHP5 zGrC(Xjb-FpHg?GWK%lS|#lv#ve z{`kTe6v|~>-?+PP!6+G0B3eU(y-Jrx*%<%kua{9UYCu1!x zr`YF{tM||UG_VY8{He8-v_|fbaFcG9!8>Xj6(z)^m{w}N*U49zVNqQsS3WMljH^+d zC)WmvUkB9BDbue!7UO9s=YH}N$sYdXvWS@-qRt&-(_UPY=j=S$f zegMK)To@62S4GdaB8`lgpwAp#Rws)~n2UO3GI7z7r5thzbzbx|XuRskf~V~iHrzA! zO#VrMw?4afMY+6kj71)!@pWiogGf zUX@-W3-3hH_m*IPb5@i7c#o%4NPh3te)bqPbUN`QOrn2Fb#^>;=ZBGw zvQy>i>Q^=5R8P{Db3nbcbtC6YO+wnXvs5~=DcgARcm#XBJ%!(SWNR>)7K9Hk zLAT=L)z{H(^`_dSb13oz`jMJ$djbivGb3(cN4rBHNMB5 zkx^7bi4}Jmz&Z~VIB|RPVkUbswR1JoIy)CGTYVO24Wv%-eBZFLz>v4J-S zs#nQwZhG0fS{gnCC8ms@j4EbpD-Vz&2?62Cy&MZ83RhX!Qm>qZ7r~fNq*#>UklXD& zgI+3l&V}07+_}eb_#4%(b=N^$Y2Cl@@MR(%2!jziVcI@wd~SCpTw9VGL|}^;>k^Yz z`%+vKX-``Y=kX{ZG;A^${j@8t(^W%p@aZL#nMUi-*1p6d2^j^x*=M{HHNf7xGWnS6 z6+Y>bpM=ALo&%K+Adtx4np@6e(LuFV>P8}|D);CN6UY@_Ef-#uarEA*>xK&MY%+Qc zDI@sM7+un2opjtMzG(LOS;q7ts|h_n-;c-Tp8-OtFo6SvrLT$}D6)-;zzI=yP{unh zt>Xv-bzp2XxhiMazCjT-S%Y;JueO_SgbcSbqU|v-+I`s@W=&cS?RqleI8h}t&uq9DaLe#SDa$G$WO7kc)*yA=$T)lgcInLVnbqF6LVBA= zhe+V6Q~dXa0EXHq`0*a3F>M5LVRd;7jsja`1r3mWxcB26X$3(YCn*B?bqivc*n};z zJ{r;7OY~aI9o(?l=~?RT>K+#J7@+u?+^~|BB<>@iCVK@Y*H@vke^Y^`dlFhGEIDjC zv_|TFf^=Np+>gOZwg91PUZ#-OpcUjY~5ad10J@W3m%)X%t?fIFjE<2F; z22#{;ouQNKn%27t)!h7|#DeOP6QFu5baSjxhC1NKL%U07l@MOMmjJ zQHT%q-f>#LMeJv@9Mn`xZe3{YH(+~84p#Ioyr{f0_& zNC=uqf76H|dbA-dh z476sZ)>`}9;7%vW;KtpRLZ#n9?7fgwjwi!VU@EdaBox3UhI4?t*l|;3j#-Q)OotZt zAQ&D))(=M;vFVaF#8^$cDlu`1khqx6#ljT|9Hj+IYSu)z*YsVGo6^pMa+#r*?IiIrvo*j$V?bGREihCrMJ+yQwR4v zW4pW^0#Do|*HMA6A-7hg4+{NpkUl9By5h%)UX44T7bgnY9p=?{C)>A$ZDVTeNtDZ1cwASXyk-=`@QHY>t&^u8a_S&gPd0*&K++>C^OU*Dgn_}2J@(e{p{X5fxiMZdT^Ndkh;6>$H zu^TJo)7!dJ3JOx*wnz2J?Hb9#%0us~qEyAA4;B57_D^PgTZYa{9li#=VLSc#Ac%i# zR%?@YFsJWTZ zb(*PfpDi)3v4#XhT7~bvNW5#A`)($ge7a`tb9mL0tqsAf;5MQ5FaB$bO|QQVgEfX( zPD@)(Z>|eZ<_ko#`A=BSn^c--HF!k{wI?>{X-Ch?qR-SXSKqmJiSA+Jh1@Iar|^ex zvl+fLs9r<>rS+TKn=tw)v!AIyaErzd1EYe<8Za2E<;4ul3aV#VCxKvhWRSg^DsMfL zj9JrH_8Wl^C!FJ-fF+_8f`Vx3tl#1i2$(lx*??M;m3ExTZZ0-(Ik*s<^q=<*2ms@O yST~|+UOz3g+1CNx0iAkI>IRkT@RI&UmGz7YPj15wY(a!zb_NYpN5s&7qxL_WsrJSI diff --git a/tests/certs/cert.pem b/tests/certs/cert.pem deleted file mode 100644 index 8195b61..0000000 --- a/tests/certs/cert.pem +++ /dev/null @@ -1,46 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID7jCCAtagAwIBAgIUKiF/FG2pQjlbId3ox+nQHL/tJ4UwDQYJKoZIhvcNAQEL -BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0 -ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0zNDEyMzEwMDAwMDBaMIGdMQswCQYDVQQG -EwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQcm92aW5jZTEPMA0GA1UEBwwGV2Fyc2F3 -MRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEUMBIGA1UEAwwL -Q2VydGlmaWNhdGUxJzAlBgkqhkiG9w0BCQEWGG9zc2xzaWduY29kZUBleGFtcGxl -LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdBCaytt9xsrUx0 -2Fekq+IrsR2cC1pL9NANN3TbBv8RKt1IefMh8TjA1uPaOYZvz3o2ml9qKGmJ+uxH -kzLojKbg98bcmxBrkWemLQwmRv1hZIO8D4xiYRd0O0KZizrvwWwlNADzXXWw7iz+ -MPPWkXj2nT5MpOTi3S851SwOc/c9SYCazCP8rMGItKHLO7iCjK3sFwBDI9eaTd2N -EjqEHadIymHRizeTOaYv34FokQiRgR/zk4flT6+b6DQHxnlbIivV61OP4bBlFtXX -jC4iGdHLIahhVMlw6ixGqR6910psIp0ST0KM8ly+N+1rPhoNkNSLqkzGUudKo7mV -t+Cp4EMCAwEAAaNiMGAwCQYDVR0TBAIwADAdBgNVHQ4EFgQU6a4Ta3t0UCTG04bC -WMCotMPLyWUwHwYDVR0jBBgwFoAUZBDxqzk33MH9ux3IP0FYd2In7ykwEwYDVR0l -BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEBAN2Sad4rLRSKWmaRRUCn -syRO45y7zzvCRApHVSoeBUmtHP+n/OZ3rJTixfluqiGFAqbaXgTN8IantyfqoTjV -XgCP1qzSM3staLCkeAiZ0/OLW+hyHopP8aXX2ez/hMojB/J1b457+vkuudnNiLx8 -by44nonUnJb3zyxmCSxcBklNP1wlxYjbbq5hFJ/et2/Y5Ct6igYAEMsYZUEUq3e7 -g2GWbqNN/i2tnJyGjDPrNRdOuODuclfIDnYSPn83a40XHn+Hgl9SmoXuSdDutAXC -b017GsOa7OV3ZPildcIa3d/yk4S3L56SdoY+Py4NIIDmxcjji1e91qCrrFfGYwmg -TkQ= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDrDCCApSgAwIBAgIUcRGFYn4pUMRoDtFZhU1EOAPdiWwwDQYJKoZIhvcNAQEL -BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN -MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG -A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA5yrw3i+fvxBSODvCoQb+9ibWRozmphJBp57tKv9ZraQ5 -THK+PkCdjNiJuxZn8F1QLsjJo6JqrrXufYln7wixK0Seu4uV6I2TRzcRyJx29D89 -0G9GrTXKn7v8z32QAqCgtwSZ17uWYTFmRAYPllWXcWDONsVyw3UF2nClndL7GMqM -gDizlwsfg8HmRpZegn82I7Y2DXccm9a7pFHuBHpwenKqfBnMsXo3Jj4Xlr1cLTrh -+6ksS5YogOsOd9b5Dfz6FaGmmwrlUWHwdi+EzdnSpOnXzmgflF23sZQ0ynsVvmpl -iD4rXBWnxnQ6Ken3wVPNrA/0ZYGbgSKrcv+/olkh5QIDAQABo2YwZDASBgNVHRMB -Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBRkEPGrOTfcwf27Hcg/QVh3YifvKTAfBgNV -HSMEGDAWgBQaPEb++qXSgmAi2vsewtpb6SiIyDAOBgNVHQ8BAf8EBAMCAYYwDQYJ -KoZIhvcNAQELBQADggEBAL22kK3SDGnr3lhRE7ipptlKalrQKfpght0XEKm5hxCL -tougN2wtaTEWMwr2YfGJohcKBaGKQ+Bv6WY+EV+hJE4qEUFh6BGqRMtuZdiAbkG+ -EveEMhZWQzgf9rUID+Y9Eg+NfCxlpkdQPjUxUV9OkGIshlxkUP8Y+C0h0xIcwq5v -hAfNiJAdcw4fUvtLkpEOFoOjThB8zxOu+Cl3xLCcNOMPLdSxd3YXjy6CMuuOk4RB -gOc8YCyyEvwb9KmARZpMOcQJmucMhs+aC3DF+n71g+agFhDl3Z0QkyyyRjAcD04+ -sAR9C8PbqSCQAdydHbAFViEX6x3oGJ7L6zEDcIS10wg= ------END CERTIFICATE----- diff --git a/tests/certs/cert.spc b/tests/certs/cert.spc deleted file mode 100644 index 2d101b414e2542f33fd3adf71cd14675ce7bde48..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2001 zcmXqLVn55qsnzDu_MMlJooPW6`#ysv_FYVjjD`#b+z1&)pv)qJCgyhrO-$DoFf%bS zF^Om?){Eq>bh3SD7@WS;la8VG|p zTs%Da#l<2#e<(Fk9Dg+b(sl4P=Lw=y^fl}-|Y~hJT#fjy(oXcat1#vF3b8vv6h=CBqY1|0M zry8mosKP^nlTl0p*}o2{6^Xe8IjMTd`MCy7j7rFX#>mRR+{DPw02Jq9YGPz$IPS=~ zX6^PnIct4NZiFvc{YZPG>>TbW?=Kg4%}Z{x{TI}_>rwex@uS6oYmaYPw&kC%GMg2j zrIFeB>y7(lqZd8P9(+G`XSP80#PnslJZf%#6H}V^@b@GoikDbB&Fr>%e=tYYgyC~+ z>4tYY{|r7~n^^H}uAR@4Cy(yxTVB=SEBx8qbO9E7mU2Z!RabU%k z!>3QC8pwmBm05s^ra>e{;Nxmb^E(Is?v_1a?-)^@r2bwLoC;-CSwIoVq0Pp~%F52n zj2sKVqzjA%MuxkSGVf{YigZP#O>}iwzFEcZ@tob~tq-|yxrb`Wv3jnR`M>R&(gcHTVOv8N_q&thKZl{wSCpVvv_)QMs9^tF#sJ=$?QZ(X9u z{CnH;Z#>bi>SALMI4zOtD6+bIcXQ&jyv4r%bl1+A)7E4B+Emf4**gJ!k9^StnG3+thL-)gDDv)(){Px-O5^pMou`=2JaY}cPRsjSV;UXNFy z;n~p>kGsS7UR$twP57~7&INuhz#P8@nB%8Fb9|v-Yf_zNz>y5Ti;=CqE*8vpJ9E&2 z%^(6byOEva1q}Eg*@`_VKfeS=PB%l!_;e_12<6r1S|9G|&)+W)WMO@1A=|%iYS-L) zo-Gq{Tt4ru*8j-0ODuhg_Srei?YYspTP*!UY=GX0lZzK+t=sypwln=b$3|_JdAqx( zzUZCoZZ3FYPT3cG+Y9+_YfVqh-~H!&?F6O;3%0Y&yuN!{qG6f~8~?P>>4gdB%#Icv zE@iz{uypRF-x8;K8Z0(X=az3i_{?ouTvNT7@-{Qxa+%rJb}tEh$5K^LRkW%`^3296 zb2U5hX?tUItseefspCCOqv17Q`L&g6@sutasmD*va9V5E@Sc#S9%kKw+&#vMBlG-@CQE7G2|NV<16`w-#YMMa`xJZ;0 zW@P-&!ePJ$q?j0yGcDFUiJWPrY~23+T6(D|LFv|SxkI<2Uutxm0H+68evp|gzzV1h zE#ZOl>)ve>)?VVte0?t>P=VD#h<@_N3WtyE}{6ZB!EkVb`7lNx?PUofGXvlNiC-l9=NG#0RLjK!U4*qAh zLj1ioI;qRt1MEx<1LOTBBUX#)5zR4|)4bN>7bT$e7k^Zu>!F868t diff --git a/tests/certs/cert_crldp.pem b/tests/certs/cert_crldp.pem deleted file mode 100644 index 777ca98..0000000 --- a/tests/certs/cert_crldp.pem +++ /dev/null @@ -1,47 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEPTCCAyWgAwIBAgIUe8Im9GuMCHMi3/FDfLgzoE8vTKgwDQYJKoZIhvcNAQEL -BQAwZzELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMMFkludGVybWVkaWF0 -ZSBDQSBDUkwgRFAwHhcNMTgwMTAxMDAwMDAwWhcNMzQxMjMxMDAwMDAwWjCBqzEL -MAkGA1UEBhMCUEwxGTAXBgNVBAgMEE1hem92aWEgUHJvdmluY2UxDzANBgNVBAcM -BldhcnNhdzEVMBMGA1UECgwMb3NzbHNpZ25jb2RlMQwwCgYDVQQLDANDU1AxIjAg -BgNVBAMMGUNlcnRpZmljYXRlIFg1MDl2MyBDUkwgRFAxJzAlBgkqhkiG9w0BCQEW -GG9zc2xzaWduY29kZUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAMdBCaytt9xsrUx02Fekq+IrsR2cC1pL9NANN3TbBv8RKt1IefMh -8TjA1uPaOYZvz3o2ml9qKGmJ+uxHkzLojKbg98bcmxBrkWemLQwmRv1hZIO8D4xi -YRd0O0KZizrvwWwlNADzXXWw7iz+MPPWkXj2nT5MpOTi3S851SwOc/c9SYCazCP8 -rMGItKHLO7iCjK3sFwBDI9eaTd2NEjqEHadIymHRizeTOaYv34FokQiRgR/zk4fl -T6+b6DQHxnlbIivV61OP4bBlFtXXjC4iGdHLIahhVMlw6ixGqR6910psIp0ST0KM -8ly+N+1rPhoNkNSLqkzGUudKo7mVt+Cp4EMCAwEAAaOBmzCBmDAJBgNVHRMEAjAA -MB0GA1UdDgQWBBTprhNre3RQJMbThsJYwKi0w8vJZTAfBgNVHSMEGDAWgBQUPGKp -4nGIluZnh6sofSkEiGrtIzATBgNVHSUEDDAKBggrBgEFBQcDAzA2BgNVHR8ELzAt -MCugKaAnhiVodHRwOi8vMTI3LjAuMC4xOjE5MjU0L2ludGVybWVkaWF0ZUNBMA0G -CSqGSIb3DQEBCwUAA4IBAQBlJrcOaJQQ3TuYaVtmH8VbCdF3GQE+255g0Kq4sWoO -ZgZm6LmRkchuoOXqeZ7aAV6HnGGpZf64ShPSZ3KPt4/UVYkRyS0UihN2ACsGrS4o -ZjOaaoM2xDxttngKV3lAF4xbx18RvAsx9QIzQhzowaSUBQNuu5W4tne/6h7htuwA -KNc0go4fqpCqQjNRVeB1IN50BzUrlHu3zQzfH0LDyUTt2gnObLHMl566Ft0azAG9 -emHRM+BOUjKY3ZTjM+JEzpwWgse6e4r+J2fYVYIEtkSfm4ZZnAs5WFWI5o8tqr4b -ruBN7l6oP6R3ugOtPk7tW4x7OO0QoDnfa418MkBlXeqL ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDszCCApugAwIBAgIUN3RBnJCUJ8HmbeNjJZ/6jsXJLGEwDQYJKoZIhvcNAQEL -BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN -MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBnMQswCQYDVQQGEwJQTDEVMBMG -A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0eTEfMB0GA1UEAwwWSW50ZXJtZWRpYXRlIENBIENSTCBEUDCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAME32IBpxW4FhVuZe1PTarEskVHP233QjZtx -poC67/lUK44gtFmsxYsMrDYmmny5pfoM/Byxl5/rorEddLqtDe1kd1SpXUvEYxox -s5rizRd5sZPgkwNoJkSVyNZFwj7gKZHeg6IQHSxNgmTybZ+eZqiNvEveksj3lGpM -Xrbiew7cXUyIP636GPtYxLyIbwDVP0jScqcA/dmSAqofFVUi0SW3OS1hpyXAmmx8 -hQHJRKPjPgitZVgjwf5X8/eMTa+ca9dRlRFLk7AcbkF6NcbLm+cRo816nO0EBFV4 -Sn2dW9uYqJIfZcpRQ7wbv4fUCghwrk9h3gXrb7AweyK8nyYlmosCAwEAAaNmMGQw -EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUFDxiqeJxiJbmZ4erKH0pBIhq -7SMwHwYDVR0jBBgwFoAUGjxG/vql0oJgItr7HsLaW+koiMgwDgYDVR0PAQH/BAQD -AgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAlI/1XnGc9WzL53rRascZc1EgWAnej9YFS -Dax5+nozYTihC8BRxGfSh1FGRVsmFWhZ0z0XogJJC2bZrQ/36+vwoILItcsWHrQr -rFoZa6s1Uo7ZCd9SfmXjbhMLQgydocCh9YIF66CAkQLwRXc1QIpF7nuZ+rxk0ru1 -uGjjBrFRfdSdzlFnyK6wfFzi6LtYDVgVEHC7zzL9E/cyuGo7qQ++SoOg99HjTVY1 -PS3ea522bRO2bJpYwZJvvbg020DAfm686VXwAadODdBkI2h6U5SwTxp4SkSmq9SI -mjtERFtnAKD0R2YrX4RzuIckezvwsqLDkQjMnI9XQmv5HWUZimcC ------END CERTIFICATE----- diff --git a/tests/certs/expired.pem b/tests/certs/expired.pem deleted file mode 100644 index c798cda..0000000 --- a/tests/certs/expired.pem +++ /dev/null @@ -1,45 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID6jCCAtKgAwIBAgIUcgUgRT1Lx8XLdgp7xcWxVl9YBjYwDQYJKoZIhvcNAQEL -BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0 -ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0xOTAxMDEwMDAwMDBaMIGZMQswCQYDVQQG -EwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQcm92aW5jZTEPMA0GA1UEBwwGV2Fyc2F3 -MRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEQMA4GA1UEAwwH -RXhwaXJlZDEnMCUGCSqGSIb3DQEJARYYb3NzbHNpZ25jb2RlQGV4YW1wbGUuY29t -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0EJrK233GytTHTYV6Sr -4iuxHZwLWkv00A03dNsG/xEq3Uh58yHxOMDW49o5hm/PejaaX2ooaYn67EeTMuiM -puD3xtybEGuRZ6YtDCZG/WFkg7wPjGJhF3Q7QpmLOu/BbCU0APNddbDuLP4w89aR -ePadPkyk5OLdLznVLA5z9z1JgJrMI/yswYi0ocs7uIKMrewXAEMj15pN3Y0SOoQd -p0jKYdGLN5M5pi/fgWiRCJGBH/OTh+VPr5voNAfGeVsiK9XrU4/hsGUW1deMLiIZ -0cshqGFUyXDqLEapHr3XSmwinRJPQozyXL437Ws+Gg2Q1IuqTMZS50qjuZW34Kng -QwIDAQABo2IwYDAJBgNVHRMEAjAAMB0GA1UdDgQWBBTprhNre3RQJMbThsJYwKi0 -w8vJZTAfBgNVHSMEGDAWgBRkEPGrOTfcwf27Hcg/QVh3YifvKTATBgNVHSUEDDAK -BggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEA0AxgPkboWfIOMYFOP6kQ4nxY -jQ+kAH842ALjm/5z20fYPS0k3LiCNS0FfBPzygeWQLwDGcH2QX6Lfec62CeIe9R9 -IAdsX+nNxn9FeIZssfMK3EPgksGUybUNub78mXPrnhCNjYf/GmDY/Cf7jhBtNphK -6zCPOC0WDrupnLW7r4FyrB1j2CEgaHhiSmlQ+19rqbvcNfaCOMfe7IfiwkvVIzE6 -tQhnudB/HnW3+pWT83n/KQk0F8lu00fahkak/0bPidTe4zOvepabiWYQXKJ9ZXhm -UW7FHHSM5Vbn2A6zyEht7rcK/gkpHbkckoIi6bDMFMp+K9o3qV7PzZPkaau7fg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDrDCCApSgAwIBAgIUcRGFYn4pUMRoDtFZhU1EOAPdiWwwDQYJKoZIhvcNAQEL -BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN -MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG -A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA5yrw3i+fvxBSODvCoQb+9ibWRozmphJBp57tKv9ZraQ5 -THK+PkCdjNiJuxZn8F1QLsjJo6JqrrXufYln7wixK0Seu4uV6I2TRzcRyJx29D89 -0G9GrTXKn7v8z32QAqCgtwSZ17uWYTFmRAYPllWXcWDONsVyw3UF2nClndL7GMqM -gDizlwsfg8HmRpZegn82I7Y2DXccm9a7pFHuBHpwenKqfBnMsXo3Jj4Xlr1cLTrh -+6ksS5YogOsOd9b5Dfz6FaGmmwrlUWHwdi+EzdnSpOnXzmgflF23sZQ0ynsVvmpl -iD4rXBWnxnQ6Ken3wVPNrA/0ZYGbgSKrcv+/olkh5QIDAQABo2YwZDASBgNVHRMB -Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBRkEPGrOTfcwf27Hcg/QVh3YifvKTAfBgNV -HSMEGDAWgBQaPEb++qXSgmAi2vsewtpb6SiIyDAOBgNVHQ8BAf8EBAMCAYYwDQYJ -KoZIhvcNAQELBQADggEBAL22kK3SDGnr3lhRE7ipptlKalrQKfpght0XEKm5hxCL -tougN2wtaTEWMwr2YfGJohcKBaGKQ+Bv6WY+EV+hJE4qEUFh6BGqRMtuZdiAbkG+ -EveEMhZWQzgf9rUID+Y9Eg+NfCxlpkdQPjUxUV9OkGIshlxkUP8Y+C0h0xIcwq5v -hAfNiJAdcw4fUvtLkpEOFoOjThB8zxOu+Cl3xLCcNOMPLdSxd3YXjy6CMuuOk4RB -gOc8YCyyEvwb9KmARZpMOcQJmucMhs+aC3DF+n71g+agFhDl3Z0QkyyyRjAcD04+ -sAR9C8PbqSCQAdydHbAFViEX6x3oGJ7L6zEDcIS10wg= ------END CERTIFICATE----- diff --git a/tests/certs/intermediateCA.pem b/tests/certs/intermediateCA.pem deleted file mode 100644 index cbc2c73..0000000 --- a/tests/certs/intermediateCA.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDrDCCApSgAwIBAgIUcRGFYn4pUMRoDtFZhU1EOAPdiWwwDQYJKoZIhvcNAQEL -BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN -MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG -A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA5yrw3i+fvxBSODvCoQb+9ibWRozmphJBp57tKv9ZraQ5 -THK+PkCdjNiJuxZn8F1QLsjJo6JqrrXufYln7wixK0Seu4uV6I2TRzcRyJx29D89 -0G9GrTXKn7v8z32QAqCgtwSZ17uWYTFmRAYPllWXcWDONsVyw3UF2nClndL7GMqM -gDizlwsfg8HmRpZegn82I7Y2DXccm9a7pFHuBHpwenKqfBnMsXo3Jj4Xlr1cLTrh -+6ksS5YogOsOd9b5Dfz6FaGmmwrlUWHwdi+EzdnSpOnXzmgflF23sZQ0ynsVvmpl -iD4rXBWnxnQ6Ken3wVPNrA/0ZYGbgSKrcv+/olkh5QIDAQABo2YwZDASBgNVHRMB -Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBRkEPGrOTfcwf27Hcg/QVh3YifvKTAfBgNV -HSMEGDAWgBQaPEb++qXSgmAi2vsewtpb6SiIyDAOBgNVHQ8BAf8EBAMCAYYwDQYJ -KoZIhvcNAQELBQADggEBAL22kK3SDGnr3lhRE7ipptlKalrQKfpght0XEKm5hxCL -tougN2wtaTEWMwr2YfGJohcKBaGKQ+Bv6WY+EV+hJE4qEUFh6BGqRMtuZdiAbkG+ -EveEMhZWQzgf9rUID+Y9Eg+NfCxlpkdQPjUxUV9OkGIshlxkUP8Y+C0h0xIcwq5v -hAfNiJAdcw4fUvtLkpEOFoOjThB8zxOu+Cl3xLCcNOMPLdSxd3YXjy6CMuuOk4RB -gOc8YCyyEvwb9KmARZpMOcQJmucMhs+aC3DF+n71g+agFhDl3Z0QkyyyRjAcD04+ -sAR9C8PbqSCQAdydHbAFViEX6x3oGJ7L6zEDcIS10wg= ------END CERTIFICATE----- diff --git a/tests/certs/intermediateCA_crldp.pem b/tests/certs/intermediateCA_crldp.pem deleted file mode 100644 index 719001b..0000000 --- a/tests/certs/intermediateCA_crldp.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDszCCApugAwIBAgIUN3RBnJCUJ8HmbeNjJZ/6jsXJLGEwDQYJKoZIhvcNAQEL -BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN -MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBnMQswCQYDVQQGEwJQTDEVMBMG -A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0eTEfMB0GA1UEAwwWSW50ZXJtZWRpYXRlIENBIENSTCBEUDCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAME32IBpxW4FhVuZe1PTarEskVHP233QjZtx -poC67/lUK44gtFmsxYsMrDYmmny5pfoM/Byxl5/rorEddLqtDe1kd1SpXUvEYxox -s5rizRd5sZPgkwNoJkSVyNZFwj7gKZHeg6IQHSxNgmTybZ+eZqiNvEveksj3lGpM -Xrbiew7cXUyIP636GPtYxLyIbwDVP0jScqcA/dmSAqofFVUi0SW3OS1hpyXAmmx8 -hQHJRKPjPgitZVgjwf5X8/eMTa+ca9dRlRFLk7AcbkF6NcbLm+cRo816nO0EBFV4 -Sn2dW9uYqJIfZcpRQ7wbv4fUCghwrk9h3gXrb7AweyK8nyYlmosCAwEAAaNmMGQw -EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUFDxiqeJxiJbmZ4erKH0pBIhq -7SMwHwYDVR0jBBgwFoAUGjxG/vql0oJgItr7HsLaW+koiMgwDgYDVR0PAQH/BAQD -AgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAlI/1XnGc9WzL53rRascZc1EgWAnej9YFS -Dax5+nozYTihC8BRxGfSh1FGRVsmFWhZ0z0XogJJC2bZrQ/36+vwoILItcsWHrQr -rFoZa6s1Uo7ZCd9SfmXjbhMLQgydocCh9YIF66CAkQLwRXc1QIpF7nuZ+rxk0ru1 -uGjjBrFRfdSdzlFnyK6wfFzi6LtYDVgVEHC7zzL9E/cyuGo7qQ++SoOg99HjTVY1 -PS3ea522bRO2bJpYwZJvvbg020DAfm686VXwAadODdBkI2h6U5SwTxp4SkSmq9SI -mjtERFtnAKD0R2YrX4RzuIckezvwsqLDkQjMnI9XQmv5HWUZimcC ------END CERTIFICATE----- diff --git a/tests/certs/key.der b/tests/certs/key.der deleted file mode 100644 index 41d55a67091654fc750d3ed02e64e97d299c0ebb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1218 zcmV;z1U>sOf&{(-0RS)!1_>&LNQUrs4#*Aqyhl|0)hbn0LMWItgW}) zY^_Xm*jJ>h;w!NooC{h@^w14AblV315h~qCdGjIhIKbB9+Bt@A&w4hRUur06iTdnE zlQQUxrr`I++?x<Or+%E-7h)SEDm$`JxPF?%p?4)!HBe>%R9J&jIHb!07E0!noZq}5;}w(r%1|S z(Tg{eIi@e)foPEkk%1rclZWL`ubb#J2gZ3@A}iJFQ;*@WWfs-fj4mP>(aRyIVN}U* z>MTa79=+E}Y$BZ!PeP3HT)sE$Yd#tckkpH+OvX~@N~5`zx8SMZLjnT<009Dm0RRTk z$OZfG763LfF0qu>QunK^B`HY`FBwwdkn2Dz&iK2&;0QPu?c-}%s~f`h!}q3NRE^tx_$JgebFZyoK2=I0F2$; zEYiek@6FHmB1WXoTJKfF{H>`A8WG0|rZo|-Ba-VH&2u1Kfk~ENH9qxm*UX#(2?ge; zHIC3spwN~NaYBg1`$(UP&3c%~YaIs26cn)>G*RN^U5Sn&C@^|14XH3^BT)i@fdKPZ zjgIlSeq#27Gt>>aK(#E6s2e!@`wV0v7}ta)`tv~rc$qo@3XOj5RiG1pp0Jn3sLdFt zW2iZ;<nY(%4KQe5}u23QFK{(1npS4RO;`|2m`{>~4PYjomFEl>^I7i{kSTHw zbz)|^SqAz%LVO-3dEZh{q-I$@VsAu?#CEJc4?o>~>eB+7&XhlF;P=eLZV~)S1v>(P zfdGU-)wUuO7R2nFkD960%%5vlA#kEN`HB;UAfQQ?X50L;--gfXuJo2qEW~oOg6I*Y zj4I?p=-&=FR2A=80!BFp@hlX(vCyy$cDnh g%7k?4yot~hEJC9iQYp_lzA=pJYm9;6T2aH167NDxg8%>k diff --git a/tests/certs/key.pem b/tests/certs/key.pem deleted file mode 100644 index 3681689..0000000 --- a/tests/certs/key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDHQQmsrbfcbK1M -dNhXpKviK7EdnAtaS/TQDTd02wb/ESrdSHnzIfE4wNbj2jmGb896Nppfaihpifrs -R5My6Iym4PfG3JsQa5Fnpi0MJkb9YWSDvA+MYmEXdDtCmYs678FsJTQA8111sO4s -/jDz1pF49p0+TKTk4t0vOdUsDnP3PUmAmswj/KzBiLShyzu4goyt7BcAQyPXmk3d -jRI6hB2nSMph0Ys3kzmmL9+BaJEIkYEf85OH5U+vm+g0B8Z5WyIr1etTj+GwZRbV -14wuIhnRyyGoYVTJcOosRqkevddKbCKdEk9CjPJcvjftaz4aDZDUi6pMxlLnSqO5 -lbfgqeBDAgMBAAECggEABtHIBfvwFgA2Mi6xlNZS96utJSlJDi8ZUuGQ61Pvul0Z -DXfEjLi1q86VzDiUzXAYNsOVpvxYI7yQNPQCKrTg03lRoaG9QOOdl2GNmyPYPCXQ -Ld4K3jAjyIy21oGwzTSVdyES1ZF+ul9y12FfxYirc+tk2FQBNMA697nP/PEFsQl9 -cMxBB5CIGH7jSI6UIbp99Kd90ScbnE2mLACM3d0s0sRq783P9yJGpM9a71XE/K2p -CxoRxwqmNRGvI5LrGs1zIF2BSZZgNT71cdfMnAIJBeaoNY7QTKDQlg9xQojE+0if -is16mMhrHQbIFBSxHDRR4uVdiY4iKDB6Lg2pMGcjUQKBgQDzWI2O8bh+YvaEM9QN -uUC1LI6oGzj7+wxkIhjXhCX680EFeJk6AQqNfu5VoBN/nrCXxqjNGKhjqDmtzxjD -y9LYTCJ8rM9eCkrgcdCFkTQNcdNT/zqkHeOIxsoXgsFLhYozWcbiW+8oe9MTrXX/ -m9u9kTHkSjKziof7wxGXu3pAmQKBgQDRnYd+urSG0bulBccqT06pJpQMjYIi6CqQ -LYEkLlELxOT+EPeEH1ZdgYkDzzgKoO5L/Jp0Ic6kKEQv+o4l+g1gJp6V5wwX81nv -FJApcg51Yma6WQb6PEJ8HiZ531JQpGZZPmJvRIvEdqw+Dz/dferTApvOlD9s4PfM -xG4R/EoFOwKBgQCEQdW2IhQWxOycj5qp1syfa1chcKI4+YoThiCgSZdm2/yz34bP -6q70lk8sxHK0gugRpYwq5ELo3w5yM8OO7uFqY36+6iFOSCPH9rPRVEjJIdsspOQX -PJNkzD4cJxmtVSf2ns2kSzkhdKMU58rhILF+R0Kpg9YolJsxrySJpgBcyQKBgQCC -KCTYRiqOhHDVuU7AMNqRIclQOhYSgsLbH8ZOpwvgGPRv5i0rNyIzkZl4ahVMVD1j -pYhqkAt11yLv/86AOlJP3+sc/Yh+3rZ7Q/N4KMBdlypej6VLgFtwInCVwFumg06i -H6CToqZ+6YluR53KdMN5HueMUHVJsC9uUJJgTJ3RvQKBgFPi8mgG4zcdoKBhqyq2 -x3VQEe0VYnzBsIz42E/NFpuB4ZwC7j0Uez+QFUj76UKMsoE6fX9/lGNdg/zitRBc -M21R9HeWuQHSM6nJ/ScK7C0vqQVsGOr/DKGEydvSjkPsyIbCw8qEdOq8idAULEKj -GlIpzzm+MYzra4yB4VpRw5ES ------END PRIVATE KEY----- diff --git a/tests/certs/key.pvk b/tests/certs/key.pvk deleted file mode 100644 index 661a8dce5cac9083c6e2b0d39250fd31938f3685..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1196 zcmV;d1XKGS@wKo30000100000000000001#1ONaB0ssI2qyPX?Q$aES2mk;90096) z;HluZmARuz=TgQ@s*BW+4H`ac?Ki$$@{B@H5}hJ!O4q#}sYWd7aLH6*s3FVI86qx> z*VPtfu;GtW>(whFTY1I@H0YbJPvwV`^B;kc2$5)k-!G;)lQ)aeVaiCS9fUd(jonR} z*CRs!7woN!g19@&p|ps>to$R)nt(|?_j3*`)j2QS;^d@EKArY>k=FAt{w(gWbzSoS zG$m}o?>dW_LOXO9VPcFAyn|$6{YEAXEv9FYYY>~<#`oZ+jOa3xN9_8EX((!6nl^gR zZ-zPAr1Kzh5E z5ySh3inB6G zsE#bPK)DUnGlceHez@_Djac(L1xox8Zp6&@;A}sX&YJ?$>V4fm4?e7R#EV34Vm?`B zq)<}dc_towLOl8gS-NIobq;bVkQDD(^A`-~m7XSG4f-XH`Y%K%q|PC9n*2-dpb9w8 z1BroMRv(1-5dP%E3sEj4fh~|K=purR43s9RPERVw1*N;uhP1kVhn>;MTmYttB(E`> zlqlANsX|A7u^{2f=M4(Va|Sl2C3hut{}LjOQMC!*t4>M{bGfex{<6pdX@6gQi=+ zm2e_(TYyWYk6tR5UBD=K^Fw>K-hPPv9P8gtQaXUn|L-E#bqkPch^1paR7@3Wc$twi zA~!27=5O>E;0vct#vj|lf)W-wP{|>Y+AzRQxz%uljw(jjBq)Lsk;741;em{6>x?nJ zInOCl8lyri6wryh>U4z4!@`Eh>_d*y+sTBX4FBpFYz3(=E$j*>{mH2_(gC@acl1$h zGh7h0;{1bMW0Ze?eL8`%j6&)ANEMJjdlWtH0-WK2n--&5EB$`^1PsaSxWz zpiIz?HK^tV2?CtV*KzeeHDH!Wfn6YT%^K^HBd-xPrV7Uq8Vjkd{KQr7TF<0LBKObD z?`p)-EZyCV04%0WoEs<6eW&z&x*?Q~NaKDOh>!5+Qe$G|jMq*0zkuBQV|y-Yw82JlG?fjbWFa<3PQkp;39$;It|N z^fZvXBUt>VmBTg|aLtrB%$3fowYZGLcMTa`y6;o#kl|7pFAhm5C9SLXQr48QE;2R% K7V!H8$k7JV%tT%Q diff --git a/tests/certs/keyp.pem b/tests/certs/keyp.pem deleted file mode 100644 index b2534ad..0000000 --- a/tests/certs/keyp.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIY7PpABd5xsYCAggA -MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECC8FH8kZE5H/BIIEyK9LnEmc3VYK -kqwBBX15exPIRrsmeGkoSSrnHUeLzV0E2CN9bEL1XwJtX6d4YGYHnH7MopV9LPgl -Fdu2CvWXt5XLOMb3FJ38zZGtNnbYWZLbVlgQANZaTRCZaoWHS57KulgbtbJnn3PQ -DdYHaCiRh95pgPrdklEs0PhvBe98kR4xGJPoiGn+gJ75Ik4kwW/vJTcQeKbcU4oQ -MGIVXV66NU+Pc1d3CTYm9hwIys70+J9QtT1aSoENeYr1e+sHgzN7ykDalfAir/dZ -/E91Zg4RFV4clvvVmoAyXmZFpMxj5pLYGvdjBxTURh+8mdulfJMpKHjJldx7N9+I -cusGwKVXQcIXI76lxvKo08oENq0C6112+++s6bYtwzuk/Auk+dQ2mn2/gLgs6fsy -pi1ZKUoO8pdm8N4QzqPsFc2/ny5oSy6A6EKDC/tKoP59r6qJtoYselfypFsWemIo -F/W0HmZzC5OJMEqUxbKIuH7Xhx0ufs4TytzYMEnUVH0ChLan67VvFIcq4sLoMaW0 -d2jyDdIe4WcmVckJtjudbIhcRsXtoSVB8PYjdHOmI9YZVksPreeKk7stf06V3PBU -/hsBpzlWu8xO6+cMGrlvoqOov3WAmD1/LW/ITggjLb28r7LnUrYTbj95xZ8Zd8s9 -hx60MZpTJKni/Kfd5yVZw7xZWLHxNWdBbZxlCkvvFN5Ik0FjULLblfIfYa38zwp1 -P6Dbw0wBSNhpsdsGcnkB+YWlzyIJzC99EZqgC3cGmb+9UGuj2bmvzx0hlIY4APCf -lfiFNXUHxxRZCV/Cp3TXqh3h7t99KvVoIzEIV8iUDMLG7dsnf2Y1z7AQ3cfL8tmC -qTlKH8QdMn87ntjcU1fynE3X/bL4+Fy8ZWeCWHHPLU2TP6Z7xBkXVB77gm0rK2cU -lJVZKB3kVemSvu9OennBAiE7yjusqCLyTJo9GlI3H7xM+jHf0CZM149n2yV7w98Z -Nag2b4iYnbVa1CRcL+4Y5zfA6AwCXvkqKcqyUqK4ZEvd1VnN9L+pTWrxaAxukC5f -KyKXKd+HdiS2b8fFVYKmpq+lK02zxuIJpLh7JlcztNinm67irwg+7VZczpX46Za1 -waPuAnJ6zA6pVdRKxpXx5AnAh9vlCtlyakREx6NajG7f2nCe6IrznyVQ45jlkmwp -od0kAjsd/xp0NyvWI5A9ICU+pJ5xqhUGkXPvIxj1IqTFa7k4lYKiKgqeKoyLnzYA -+R1iQikwewxEahamhjiBH2xPYmZ77EjIF3EtLbpI02fxHR8LjyIBJ/HNnarKqJp0 -HYhLJQ8z7uyAESfXY997UnTtgLQHEX5/6DKYqlNWdzRiIEGfleujHmaAb9kf9Xrr -r2EVc0E4q2/wvgMHn8GRSv6K7pQC//vNmBuNGCAMBl8t6y1QxDrX+UBn97HGk96Z -LqRoVM2mz1cS/tiP4+MSB0zqzGbHsk9xoEY0QeRPvjJfGc1skRWwdo8LA8Hf1pi1 -/exyJzHNdxVdxM4CKMnXbTNCxKlhhZhUaWzELNjI5bQ5oQfechEypsFYAQETU5NS -182MgLMhkxqqcxLHcHIGE1ApZKXhY5siO0k4TTb2Kqxgn2fBUyLQLMVaVrHhZwxg -XwiQ2Rt3JBHrzPy9wXL8hw== ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/certs/legacy.p12 b/tests/certs/legacy.p12 deleted file mode 100644 index 92d04d036122c5b77fa1c8a5e3d00f1a8ed98d95..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3715 zcma);Ra6uVw}yv-L1Ji-jv*x-8tFz9Whm+H4uKIET2N9-I)-qBp&10Eb3g*0A>2$gb#$01Azb}0a0?|CQY6OSwln=(Y+LwI3f*@$PFJWU@?`0 z`3P@xqhEmZc)fo38D&P@Ef1X+9>;QFnh>0lIfl9 zW{>E!plz|AD!6}~Z7t_g?Y8D|I`KSwlW-R=(#4YcLT6$_RqkMarr=x18kQ9OH2d^O zK;33f5OD}*L>1pt8vyTQg{X7zt6~b3Kx>0Ey0DEBq6olmA{#L+UOrcE%jV0I$C7(z z(dYDhO0rLZl{nDbSM`@!$<&7AyUU&ByudA^z0F7RAgF#v7ej9Tw|KjzaBEwNLy})1VXeh$+>bmlknveG%^dgWhhMu2g_wASQ_X>5JS3 zua%*=ppaxtO?PP-!o02R-A#doxQq4u)CofocB>3pHF<)k8-Fe|v@*8~bkElw9_D=p zz*-G6Oeq7dUBJUuBCfxBk4S@=x**?PN#2)ykjP~?59oewMT1NI64K$OHhtWja5z;* zPj8Oqa8>&BTt+AO1b`gLJrd>Z?8`QRl0(pGwAg4E>&F5-s{g z^(D(wtXnbnnG7!FccgCH#WH;`zkPnM^K{cZuDR#PqI(%dd8$OeP)wDR_IW7ay-8Qz zF37afL+S)`8zYp3l=T*UpH5ij?9rc}BFp8>!t;^W0`#OlqQc=q2=L_OxyCzZ&0kT? z@;8gSPkv_fGoglk_YG8ufNeMnPt#s+zR}M&Tut34pIKJ=D?g_DP@n9TgTvN6zQ5HT ziYbz(8vZ$2(zk%20P41CX}Xv9J+0v!dDc=my!Lx+$oi{>Ca2QxWN;i*<1-;~sJJ}^ z?LnUm_A+bOyRyf9#y1xQr~RJjGisVNbkL6iN$oY&7@3$-<5)4*YGgTYTR?OdUKo|c zs)BWr*_si!T5`xzo!6bIae7ZuhchvOG_6Gp>qc<`WQoqP%HK;mxM})BX#tNfY-GM7 zz?Az~C3B_C&NuWCT9BbQ&jT5)J~cz=Rp1m)(-Dx!Y1+F(c3f4BAF=}YaxA$Q(7t#{ zx+~-W_rCfj_{_>DTr@J~{U0qd3h760UMeiT9@s6`-y|N3ZHE|8S!2`uWUgQmCp;^b zH1A`KEK7NNR*wI81Tp{IPT$AH=ZCtprClk0Kz}`2BE0LwXoq}D+>I~%sQHi;v=qC! zCQY63wwNB^_0fHnc&z$; zJtf+U-?+-Sr6&h=VDy=@RZ>DlxzygsGpqX{!@gGWb8c8-L)*%~?b)XE_er$<>2VwF z%rSOPOw3lU$k#WY9m^=)`pGy%|X9lLE*aLv=uZf`3G5xED* zMJma8k~6j^9v%wRj%iD8W=NS7f|^N=!-Eb-UyjQgvyo#+UAiB*Dr6WzCkYL8dtf$9 zFXOo9QojIQ7EF#r{7TwAltn^I2XaET{9S|ho@FRV$1RI^SU;s6uLpDlcKZCe;goJK z?Y?=jK}2%S$V97c>@G`>BI68qwm9H0rg+Vc0!k4ORcur;`2l>j^i|G7Vci#tEXmJI z(JCB0xWPd$|0+R5$AbXjevOT~<_QrH){1%SFvMe&&mA^EIv}k3L+Tc+b;Q_`Y|nH_ zrvURzD)c28zoCFT*=CTxw`^L@*#@;|Te`DKS2W>k$2 zHB*|Ej*c3biDe2n$~;z+d3@s4$ys$TX?}5d=6zbI2gk|NxeJE4TnW7AwNGy5LYT8GijxcxJ%rOZ+{3lfn)8yFv}8?A$~wMt$0lHzzGw+Bdzy_;o*XAUxeHjdI_iz z0&`arf~zK$QnnlT4fm5wa$D4dSa%c))rDk_C~)xtr+t351?5xlz5aJ*2 z_>ahdJPD#eu79!P-?1em{U65xli&gWmi&Jq&;KPZt161u4>0JG|F^h^xaaQ!oN(_6 zq6mii3CsWiwEOu7UpaAQVW(TfX0V1n5X9Y}(tJC;*k{$g|LndrE41gF6D7As!4+g} znY2a*k6_%6IN=P1w5ri=snIG*3w~*@^h&t9Z2rN2Oxs&b^JN|~qFtv%zr|!faCTd3 zD;<0YVWJ(YUa7iky{Pw1d29xQ>{{M?k)moiA-o?!J%oeMS2 zpX%cA%SxnFK`HW7dfZLOxmFTXMsX_s%gx;hBUG?}c+--n!J1M=ZF^<)&D_vKpoRP{ z@+Bsx`El@ut6~=zn4ebA7J?AqBbz&O8E4HbL&Zz$1&4mYvqRa7PK=e+k z4*dX+T!3I<1XnH4&0L?dC^=bWWatEO;cxto zgl9y13lygzIULPLu1U(;(A-h_<6T8%0`U2v=P$0YvT=U8_U63fyQNh&jM{;-lJ0e4 zaBjXB*eJ03Q6%wk59zo1O&xJ@G#sarUhiW<19nK8>~N%tiov7W9l)j$Z7ZnJM>7*v z_w{{9;dwK7>Z7_bePQ)rqpG!5Uw=2(=b}3@&I;60cPGC*b}hAO(T;L-v+H(hazfy( z3Z_%0 z`0m8?l;Rm8dZ(azIg2FP^%O##rAo{x-zm;rVB^KTSi3MzJB`Fn-5dF|c6jX;deD&C zv&r@ygQl>d1J)b!rVvv3*xp2tvBZf67|&F*iV6xQPgG*(2OHwP_}R6Lxu;tXgr~HF zRPtt53s~RW#3Bq1!lKH;)x25H3gMB8UDGArl>6$kBfVHmGr(PMhL*V5{DIE1*XjIP z(m0h1<)tuz1M@f*gj-BC-mkvM2D_;c{ct(5*VW#2f)nC9 zH|E5AJKR%-#*=%7PMmYxu)i@H3hs99QSR(O$f7<|$=VHef1Yr4p0x!EdcvrM&Ih*H zgsv4w=vk+mD2%>SJLKSTG36rAbFX8M?|f<@@5${sOb?G&?!qso`32!_le0Wt;&rpu z&CZ_FxH@TNutLj`^{@lH6!zo4nPrjN@yZ5@@<6%%d91{AqIU^sKe~DyXWn7mOoISn zbB&%nxq<#}P*ErZN=yh6B*zCbfdB-wL!rVRIz+M3dLydCSEO2#1+<521Vj>QHoR2z KuAu+C)c*p)T+p=u diff --git a/tests/certs/password.txt b/tests/certs/password.txt deleted file mode 100644 index eafd3b5..0000000 --- a/tests/certs/password.txt +++ /dev/null @@ -1 +0,0 @@ -passme \ No newline at end of file diff --git a/tests/certs/revoked.pem b/tests/certs/revoked.pem deleted file mode 100644 index 70cfa72..0000000 --- a/tests/certs/revoked.pem +++ /dev/null @@ -1,45 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDvTCCAqWgAwIBAgIUazbrVgbYb+IN803UmJJa0DPHQsAwDQYJKoZIhvcNAQEL -BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0 -ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0zNDEyMzEwMDAwMDBaMG0xCzAJBgNVBAYT -AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEQMA4GA1UE -AwwHUmV2b2tlZDEnMCUGCSqGSIb3DQEJARYYb3NzbHNpZ25jb2RlQGV4YW1wbGUu -Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0EJrK233GytTHTY -V6Sr4iuxHZwLWkv00A03dNsG/xEq3Uh58yHxOMDW49o5hm/PejaaX2ooaYn67EeT -MuiMpuD3xtybEGuRZ6YtDCZG/WFkg7wPjGJhF3Q7QpmLOu/BbCU0APNddbDuLP4w -89aRePadPkyk5OLdLznVLA5z9z1JgJrMI/yswYi0ocs7uIKMrewXAEMj15pN3Y0S -OoQdp0jKYdGLN5M5pi/fgWiRCJGBH/OTh+VPr5voNAfGeVsiK9XrU4/hsGUW1deM -LiIZ0cshqGFUyXDqLEapHr3XSmwinRJPQozyXL437Ws+Gg2Q1IuqTMZS50qjuZW3 -4KngQwIDAQABo2IwYDAJBgNVHRMEAjAAMB0GA1UdDgQWBBTprhNre3RQJMbThsJY -wKi0w8vJZTAfBgNVHSMEGDAWgBRkEPGrOTfcwf27Hcg/QVh3YifvKTATBgNVHSUE -DDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEAFJjwxpYA2jzrmF1mdKx/ -up8gl6iISsHDc7oLAv63oUYXpFwzpNfvi1TGqYVhntAH2t/1XdA1HKdBp2LDsEnt -Av66c6HxyNPka26ZGD70+w5q8uHrIOO6MZw0eaLwu9bJI4cLbRXlKwxkGSzXHGYs -1hGR2YwAiMrqtVMPetlpd62y6qUZc0lEOhjJ6DsIfqSgO8AsdyI7Ao+cDqEZ1I/Q -Oi1Agn8kz8TtfWKxkX06EoL4DrZCDb1/w0CGQJATq77pKst+zw+B+2EKqlpuG3s/ -FE7RkCjG7bEFIDEK2909BXQNyQJzp7ih9X8QeEx5fnPr9lDfe/75YjRqoHkfmcTC -Hw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDrDCCApSgAwIBAgIUcRGFYn4pUMRoDtFZhU1EOAPdiWwwDQYJKoZIhvcNAQEL -BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN -MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG -A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA5yrw3i+fvxBSODvCoQb+9ibWRozmphJBp57tKv9ZraQ5 -THK+PkCdjNiJuxZn8F1QLsjJo6JqrrXufYln7wixK0Seu4uV6I2TRzcRyJx29D89 -0G9GrTXKn7v8z32QAqCgtwSZ17uWYTFmRAYPllWXcWDONsVyw3UF2nClndL7GMqM -gDizlwsfg8HmRpZegn82I7Y2DXccm9a7pFHuBHpwenKqfBnMsXo3Jj4Xlr1cLTrh -+6ksS5YogOsOd9b5Dfz6FaGmmwrlUWHwdi+EzdnSpOnXzmgflF23sZQ0ynsVvmpl -iD4rXBWnxnQ6Ken3wVPNrA/0ZYGbgSKrcv+/olkh5QIDAQABo2YwZDASBgNVHRMB -Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBRkEPGrOTfcwf27Hcg/QVh3YifvKTAfBgNV -HSMEGDAWgBQaPEb++qXSgmAi2vsewtpb6SiIyDAOBgNVHQ8BAf8EBAMCAYYwDQYJ -KoZIhvcNAQELBQADggEBAL22kK3SDGnr3lhRE7ipptlKalrQKfpght0XEKm5hxCL -tougN2wtaTEWMwr2YfGJohcKBaGKQ+Bv6WY+EV+hJE4qEUFh6BGqRMtuZdiAbkG+ -EveEMhZWQzgf9rUID+Y9Eg+NfCxlpkdQPjUxUV9OkGIshlxkUP8Y+C0h0xIcwq5v -hAfNiJAdcw4fUvtLkpEOFoOjThB8zxOu+Cl3xLCcNOMPLdSxd3YXjy6CMuuOk4RB -gOc8YCyyEvwb9KmARZpMOcQJmucMhs+aC3DF+n71g+agFhDl3Z0QkyyyRjAcD04+ -sAR9C8PbqSCQAdydHbAFViEX6x3oGJ7L6zEDcIS10wg= ------END CERTIFICATE----- diff --git a/tests/certs/revoked_crldp.pem b/tests/certs/revoked_crldp.pem deleted file mode 100644 index ae386b9..0000000 --- a/tests/certs/revoked_crldp.pem +++ /dev/null @@ -1,46 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEDDCCAvSgAwIBAgIUHGb2CHtm9Ra3gCn6Iv7hpEhiQrYwDQYJKoZIhvcNAQEL -BQAwZzELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMMFkludGVybWVkaWF0 -ZSBDQSBDUkwgRFAwHhcNMTgwMTAxMDAwMDAwWhcNMzQxMjMxMDAwMDAwWjB7MQsw -CQYDVQQGEwJQTDEVMBMGA1UECgwMb3NzbHNpZ25jb2RlMQwwCgYDVQQLDANDU1Ax -HjAcBgNVBAMMFVJldm9rZWQgWDUwOXYzIENSTCBEUDEnMCUGCSqGSIb3DQEJARYY -b3NzbHNpZ25jb2RlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAx0EJrK233GytTHTYV6Sr4iuxHZwLWkv00A03dNsG/xEq3Uh58yHx -OMDW49o5hm/PejaaX2ooaYn67EeTMuiMpuD3xtybEGuRZ6YtDCZG/WFkg7wPjGJh -F3Q7QpmLOu/BbCU0APNddbDuLP4w89aRePadPkyk5OLdLznVLA5z9z1JgJrMI/ys -wYi0ocs7uIKMrewXAEMj15pN3Y0SOoQdp0jKYdGLN5M5pi/fgWiRCJGBH/OTh+VP -r5voNAfGeVsiK9XrU4/hsGUW1deMLiIZ0cshqGFUyXDqLEapHr3XSmwinRJPQozy -XL437Ws+Gg2Q1IuqTMZS50qjuZW34KngQwIDAQABo4GbMIGYMAkGA1UdEwQCMAAw -HQYDVR0OBBYEFOmuE2t7dFAkxtOGwljAqLTDy8llMB8GA1UdIwQYMBaAFBQ8Yqni -cYiW5meHqyh9KQSIau0jMBMGA1UdJQQMMAoGCCsGAQUFBwMDMDYGA1UdHwQvMC0w -K6ApoCeGJWh0dHA6Ly8xMjcuMC4wLjE6MTkyNTQvaW50ZXJtZWRpYXRlQ0EwDQYJ -KoZIhvcNAQELBQADggEBAJ5WxnDiAiRPr7EvTRD7iaxixAY/2wgASXWekQLpvJ8Y -/ehaVdZWE8ft76y73F4NC62JfjWgAZHE+we3LSO+eB5kznM+Ctzrf/brR1MorSOu -iq78uz2pjwmQBpby6uDMii9r1txR62GYiLrZJizE+13AOVKBo5EW0PuwX3wKjk+s -Z5Mp9y7+GVzCSXwJC4wNMw/ZJZgr+o5D8msMh3UPgxUfT1rZ7THW3IwXao3ZtTXw -EA6uJoLVNb8FLfAVA1CFL0MlPgyiM2iNs+jIuhF7hPmMc8Je2qAr97ADdLCHWnRv -Majsbns7OCCFROF2qSQiyzVO5Hn1kiPSP7qmLMak610= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDszCCApugAwIBAgIUN3RBnJCUJ8HmbeNjJZ/6jsXJLGEwDQYJKoZIhvcNAQEL -BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE -CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN -MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBnMQswCQYDVQQGEwJQTDEVMBMG -A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0eTEfMB0GA1UEAwwWSW50ZXJtZWRpYXRlIENBIENSTCBEUDCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAME32IBpxW4FhVuZe1PTarEskVHP233QjZtx -poC67/lUK44gtFmsxYsMrDYmmny5pfoM/Byxl5/rorEddLqtDe1kd1SpXUvEYxox -s5rizRd5sZPgkwNoJkSVyNZFwj7gKZHeg6IQHSxNgmTybZ+eZqiNvEveksj3lGpM -Xrbiew7cXUyIP636GPtYxLyIbwDVP0jScqcA/dmSAqofFVUi0SW3OS1hpyXAmmx8 -hQHJRKPjPgitZVgjwf5X8/eMTa+ca9dRlRFLk7AcbkF6NcbLm+cRo816nO0EBFV4 -Sn2dW9uYqJIfZcpRQ7wbv4fUCghwrk9h3gXrb7AweyK8nyYlmosCAwEAAaNmMGQw -EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUFDxiqeJxiJbmZ4erKH0pBIhq -7SMwHwYDVR0jBBgwFoAUGjxG/vql0oJgItr7HsLaW+koiMgwDgYDVR0PAQH/BAQD -AgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAlI/1XnGc9WzL53rRascZc1EgWAnej9YFS -Dax5+nozYTihC8BRxGfSh1FGRVsmFWhZ0z0XogJJC2bZrQ/36+vwoILItcsWHrQr -rFoZa6s1Uo7ZCd9SfmXjbhMLQgydocCh9YIF66CAkQLwRXc1QIpF7nuZ+rxk0ru1 -uGjjBrFRfdSdzlFnyK6wfFzi6LtYDVgVEHC7zzL9E/cyuGo7qQ++SoOg99HjTVY1 -PS3ea522bRO2bJpYwZJvvbg020DAfm686VXwAadODdBkI2h6U5SwTxp4SkSmq9SI -mjtERFtnAKD0R2YrX4RzuIckezvwsqLDkQjMnI9XQmv5HWUZimcC ------END CERTIFICATE----- diff --git a/tests/certs/tsa-chain.pem b/tests/certs/tsa-chain.pem deleted file mode 100644 index 16213c2..0000000 --- a/tests/certs/tsa-chain.pem +++ /dev/null @@ -1,47 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEMzCCAxugAwIBAgIUAQ9lOMiuXUZuKaxzEpwQmCzU7aowDQYJKoZIhvcNAQEL -BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE -CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v -dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBaMFUxCzAJBgNVBAYT -AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxHDAaBgNVBAsME1RpbWVzdGFtcCBB -dXRob3JpdHkxETAPBgNVBAMMCFRlc3QgVFNBMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAqZW3jbxq2Zkw86ePE8r6Tl9+mxjzH8k1XPGXwKIdEhvOhBXN -SxwVdiudnbIR2Kp4kOpRNeI4bET6bGEQVBVzuyPOCXeQlXK7wVhri/MF8YzMCFuW -7s2OMeaCqMJckBiGrDYgvDIMfE53CZFVhOnpIKD+ItX+D1bBchvM1TaSOVcxwKwH -pmIbw47gOY4E4rHz/KYdqcVCk82ACEmiptmJARb8oYU8bap1x7fEtDZ3w0gnnSks -5dXGjdUwCkm1qHgoW/k6vK8nIz14f/+05GIMZpUh4kIUXMhGmbOeFHfENJ7J30TI -RLXsK9iAApriqxZ6EvhrWOYJT4pUeUnGfuwPUwIDAQABo4HvMIHsMAwGA1UdEwEB -/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFKryJiH4Y0KO -x2nCc4cOvih1VzjmMB8GA1UdIwQYMBaAFD8ujz0I9Y7079ZMe9X7cO3/rSj5MC0G -A1UdHwQmMCQwIqAgoB6GHGh0dHA6Ly8xMjcuMC4wLjE6MTkyNTQvVFNBQ0EwVQYD -VR0eBE4wTKAYMAqCCHRlc3QuY29tMAqCCHRlc3Qub3JnoTAwCocIAAAAAAAAAAAw -IocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQEL -BQADggEBAAhzijhC1kvBV75rxRqj27gtYRG8dNkHc5umzwXyNNMn2tI/kO2Rf+ES -9RamQE9sfvOgg3UqfXIfRPsC4cBHnjT+ELdqbt4byk3LPtstJGFuLy0iNRNY9f1j -lBJrldLZNNsIpNMQa0u5h/z4m0CAA8j6ayUvcoR11y2zYHkHlSScTq/s7gSQzXlK -z4DRiiYif2OEdKVeRCqlDV8AOlhm1+9am74dkfO71aT0G2hko2u19NWZvjc/DqI1 -V+e2g5TDE7V65d9vvf9tA26i0At/VazvnhsgdpgUkwS6mjUvx+gW3i5YJhtXjdAX -hpE0ajpKT0x/dNa/qCwl/9zc8XxGnPk= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDkDCCAnigAwIBAgIULFuB5HWsyba6VHu2Ygv2vt4R4/swDQYJKoZIhvcNAQEL -BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE -CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v -dCBDQTAeFw0xNzAxMDEwMDAwMDBaFw0zNjEyMjcwMDAwMDBaMGAxCzAJBgNVBAYT -AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxJDAiBgNVBAsMG1RpbWVzdGFtcCBB -dXRob3JpdHkgUm9vdCBDQTEUMBIGA1UEAwwLVFNBIFJvb3QgQ0EwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBo8JJDwVm6UTZvA2g/tOZ3xIbKYXI92Rn -T/FCCUycsB5tmoSWcmy1AB6UDv7bFMGy4mdbxnErtdytGj+hEIO3O2EBbpBLAmlJ -CEVNRrz/YbxGoJmeAii9s3jignUpTr/qLMSKkLowuqABZl2XtCp7Q83YlZPkVhFL -kCAny89cG/QGAUxViN7HB4jWzhcBTTfD4PFvSU1HZNhPM0Y6BCpv2qrof3/tPnQr -xM2zVZoIonQpf6paga61O9fM4wc1GqxGGwARz6Bxq6w2OxRDsV/biqP9gVUj0XmF -6o/draf3MkDswOUZyKpujOUIf12ezXJFPWaCRN1Rl0vwV2CyVxkvAgMBAAGjQjBA -MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFD8ujz0I9Y7079ZMe9X7cO3/rSj5 -MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAtHmPfVgu6Y7uWcpq -AdawOTZ/2ICOvAMmQ0LcXKmSpgsneHiyAL1Wwe2/XxTwmrpHylOapIIuV3irHCXU -CxaTMUyZGfXoUWsxnR8bcb5ac/aFKkC3ynE2/IfFyJOQ724cK5FRK1+piVleP4Rx -C04KQiuxuVLedyvGh5OPU/94ZW2JuuBjImVAO/lUbYhAUSpwueX2lYKSSPLkPfDx -AsIp55x70iQ+EsgARvseVY2JRzvRnuh66V4P15wn3dIzjtWQ1/t007wMk5Lji5dQ -iSvdyqULBytBqDtLPLzRuma1KJEPRIamF1j6Or6HaHSVUorRhqI3XuxEUGdO4LxZ -QepMyA== ------END CERTIFICATE----- diff --git a/tests/certs/tsa-serial b/tests/certs/tsa-serial deleted file mode 100644 index d53ed9b..0000000 --- a/tests/certs/tsa-serial +++ /dev/null @@ -1 +0,0 @@ -bb7fd13ddf056e0a3e621d3537b25478 diff --git a/tests/check_cryptography.py b/tests/check_cryptography.py new file mode 100644 index 0000000..b75f089 --- /dev/null +++ b/tests/check_cryptography.py @@ -0,0 +1,40 @@ +#!/usr/bin/python3 +"""Check cryptography module.""" + +import sys + +try: + import cryptography + print(cryptography.__version__, end="") +except ModuleNotFoundError as ierr: + print("Module not installed: {}".format(ierr)) + sys.exit(1) +except ImportError as ierr: + print("Module not found: {}".format(ierr)) + sys.exit(1) + +class UnsupportedVersion(Exception): + """Unsupported version""" + +def main() -> None: + """Check python3-cryptography version""" + try: + version = tuple(int(num) for num in cryptography.__version__.split('.')) + if version < (37, 0, 2): + raise UnsupportedVersion("unsupported python3-cryptography version") + except UnsupportedVersion as err: + print(" {}".format(err), end="") + sys.exit(1) + + +if __name__ == '__main__': + main() + +# pylint: disable=pointless-string-statement +"""Local Variables: + c-basic-offset: 4 + tab-width: 4 + indent-tabs-mode: nil +End: + vim: set ts=4 expandtab: +""" diff --git a/tests/client_http.py b/tests/client_http.py index 0a2126f..b7618f8 100644 --- a/tests/client_http.py +++ b/tests/client_http.py @@ -1,3 +1,4 @@ +#!/usr/bin/python3 """Implementation of a HTTP client""" import os @@ -5,17 +6,17 @@ import sys import http.client RESULT_PATH = os.getcwd() -LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/") -PORT_LOG = os.path.join(LOGS_PATH, "./port.log") def main() -> None: """Creating a POST Request""" ret = 0 try: - with open(PORT_LOG, 'r') as file: - port = file.readline() - conn = http.client.HTTPConnection('127.0.0.1', port) + file_path = os.path.join(RESULT_PATH, "./Testing/logs/url.log") + with open(file_path, mode="r", encoding="utf-8") as file: + url = file.readline() + host, port = url.split(":") + conn = http.client.HTTPConnection(host, port) conn.request('POST', '/kill_server') response = conn.getresponse() print("HTTP status code:", response.getcode(), end=', ') diff --git a/tests/conf/makecerts.sh b/tests/conf/makecerts.sh deleted file mode 100755 index 9bf247f..0000000 --- a/tests/conf/makecerts.sh +++ /dev/null @@ -1,448 +0,0 @@ -#!/bin/bash - -result=0 - -test_result() { - if test "$1" -eq 0 - then - printf "Succeeded\n" >> "makecerts.log" - else - printf "Failed\n" >> "makecerts.log" - fi -} - -make_certs() { - password=passme - result_path=$(pwd) - cd $(dirname "$0") - script_path=$(pwd) - cd "${result_path}" - mkdir "tmp/" - -################################################################################ -# OpenSSL settings -################################################################################ - - if test -n "$1" - then - OPENSSL="$1/bin/openssl" - export LD_LIBRARY_PATH="$1/lib:$1/lib64" - else - OPENSSL=openssl - fi - - mkdir "CA/" 2>> "makecerts.log" 1>&2 - touch "CA/index.txt" - echo -n "unique_subject = no" > "CA/index.txt.attr" - $OPENSSL rand -hex 16 > "CA/serial" - $OPENSSL rand -hex 16 > "tmp/tsa-serial" - echo 1001 > "CA/crlnumber" - date > "makecerts.log" - "$OPENSSL" version 2>> "makecerts.log" 1>&2 - echo -n "$password" > tmp/password.txt - -################################################################################ -# Root CA certificates -################################################################################ - - printf "\nGenerate trusted root CA certificate\n" >> "makecerts.log" - "$OPENSSL" genrsa -out CA/CAroot.key \ - 2>> "makecerts.log" 1>&2 - test_result $? - TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - OPENSSL="$0" - export LD_LIBRARY_PATH="$1" - CONF="${script_path}/openssl_root.cnf" - "$OPENSSL" req -config "$CONF" -new -x509 -days 7300 -key CA/CAroot.key -out tmp/CAroot.pem \ - -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Trusted Root CA" \ - 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" - test_result $? - - printf "\nPrepare the Certificate Signing Request (CSR)\n" >> "makecerts.log" - "$OPENSSL" genrsa -out CA/CA.key \ - 2>> "makecerts.log" 1>&2 - TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - OPENSSL="$0" - export LD_LIBRARY_PATH="$1" - CONF="${script_path}/openssl_root.cnf" - "$OPENSSL" req -config "$CONF" -new -key CA/CA.key -out CA/CACert.csr \ - -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Root CA" \ - 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" - test_result $? - - printf "\nGenerate Self-signed root CA certificate\n" >> "makecerts.log" - TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - OPENSSL="$0" - export LD_LIBRARY_PATH="$1" - CONF="${script_path}/openssl_root.cnf" - "$OPENSSL" x509 -req -days 7300 -extfile "$CONF" -extensions ca_extensions \ - -signkey CA/CA.key \ - -in CA/CACert.csr -out tmp/CACert.pem \ - 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" - test_result $? - - printf "\nGenerate Cross-signed root CA certificate\n" >> "makecerts.log" - TZ=GMT faketime -f '@2018-01-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - OPENSSL="$0" - export LD_LIBRARY_PATH="$1" - CONF="${script_path}/openssl_root.cnf" - "$OPENSSL" x509 -req -days 7300 -extfile "$CONF" -extensions ca_extensions \ - -CA tmp/CAroot.pem -CAkey CA/CAroot.key -CAserial CA/CAroot.srl \ - -CAcreateserial -in CA/CACert.csr -out tmp/CAcross.pem \ - 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" - test_result $? - -################################################################################ -# Private RSA keys -################################################################################ - - printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log" - "$OPENSSL" genrsa -des3 -out CA/private.key -passout pass:"$password" \ - 2>> "makecerts.log" 1>&2 - test_result $? - cat CA/private.key >> tmp/keyp.pem 2>> "makecerts.log" - test_result $? - - printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log" - "$OPENSSL" rsa -in CA/private.key -passin pass:"$password" -out tmp/key.pem \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nConvert the key to DER format\n" >> "makecerts.log" - "$OPENSSL" rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:"$password" \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nConvert the key to PVK format\n" >> "makecerts.log" - "$OPENSSL" rsa -in tmp/key.pem -outform PVK -out tmp/key.pvk -pvk-none \ - 2>> "makecerts.log" 1>&2 - test_result $? - -################################################################################ -# Intermediate CA certificates -################################################################################ - - CONF="${script_path}/openssl_intermediate.cnf" - - printf "\nGenerate intermediate CA certificate\n" >> "makecerts.log" - "$OPENSSL" genrsa -out CA/intermediateCA.key \ - 2>> "makecerts.log" 1>&2 - TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - OPENSSL="$0" - export LD_LIBRARY_PATH="$1" - CONF="${script_path}/openssl_intermediate.cnf" - "$OPENSSL" req -config "$CONF" -new -key CA/intermediateCA.key -out CA/intermediateCA.csr \ - -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Intermediate CA" \ - 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" - test_result $? - TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - OPENSSL="$0" - export LD_LIBRARY_PATH="$1" - CONF="${script_path}/openssl_root.cnf" - "$OPENSSL" ca -config "$CONF" -batch -in CA/intermediateCA.csr -out CA/intermediateCA.cer \ - 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" - test_result $? - "$OPENSSL" x509 -in CA/intermediateCA.cer -out tmp/intermediateCA.pem \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nGenerate a certificate to revoke\n" >> "makecerts.log" - "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/revoked.csr \ - -subj "/C=PL/O=osslsigncode/OU=CSP/CN=Revoked/emailAddress=osslsigncode@example.com" \ - 2>> "makecerts.log" 1>&2 - test_result $? - "$OPENSSL" ca -config "$CONF" -batch -in CA/revoked.csr -out CA/revoked.cer \ - 2>> "makecerts.log" 1>&2 - test_result $? - "$OPENSSL" x509 -in CA/revoked.cer -out tmp/revoked.pem \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nRevoke above certificate\n" >> "makecerts.log" - "$OPENSSL" ca -config "$CONF" -revoke CA/revoked.cer \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nAttach intermediate certificate to revoked certificate\n" >> "makecerts.log" - cat tmp/intermediateCA.pem >> tmp/revoked.pem 2>> "makecerts.log" - test_result $? - - printf "\nGenerate CRL file\n" >> "makecerts.log" - TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - OPENSSL="$0" - export LD_LIBRARY_PATH="$1" - CONF="${script_path}/openssl_intermediate.cnf" - "$OPENSSL" ca -config "$CONF" -gencrl -crldays 8766 -out tmp/CACertCRL.pem \ - 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" - test_result $? - - printf "\nGenerate code signing certificate\n" >> "makecerts.log" - "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/cert.csr \ - -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Certificate/emailAddress=osslsigncode@example.com" \ - 2>> "makecerts.log" 1>&2 - test_result $? - "$OPENSSL" ca -config "$CONF" -batch -in CA/cert.csr -out CA/cert.cer \ - 2>> "makecerts.log" 1>&2 - test_result $? - "$OPENSSL" x509 -in CA/cert.cer -out tmp/cert.pem \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nConvert the certificate to DER format\n" >> "makecerts.log" - "$OPENSSL" x509 -in tmp/cert.pem -outform DER -out tmp/cert.der \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nAttach intermediate certificate to code signing certificate\n" >> "makecerts.log" - cat tmp/intermediateCA.pem >> tmp/cert.pem 2>> "makecerts.log" - test_result $? - - printf "\nConvert the certificate to SPC format\n" >> "makecerts.log" - "$OPENSSL" crl2pkcs7 -nocrl -certfile tmp/cert.pem -outform DER -out tmp/cert.spc \ - 2>> "makecerts.log" 1>&2 - test_result $? - - ssl_version=$("$OPENSSL" version) - if test "${ssl_version:8:1}" -eq 3 - then - printf "\nConvert the certificate and the key into legacy PKCS#12 container with\ - RC2-40-CBC private key and certificate encryption algorithm\n" >> "makecerts.log" - "$OPENSSL" pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/legacy.p12 -passout pass:"$password" \ - -keypbe rc2-40-cbc -certpbe rc2-40-cbc -legacy \ - 2>> "makecerts.log" 1>&2 - else - printf "\nConvert the certificate and the key into legacy PKCS#12 container with\ - RC2-40-CBC private key and certificate encryption algorithm\n" >> "makecerts.log" - "$OPENSSL" pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/legacy.p12 -passout pass:"$password" \ - -keypbe rc2-40-cbc -certpbe rc2-40-cbc \ - 2>> "makecerts.log" 1>&2 - fi - test_result $? - - printf "\nConvert the certificate and the key into a PKCS#12 container with\ - AES-256-CBC private key and certificate encryption algorithm\n" >> "makecerts.log" - "$OPENSSL" pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:"$password" \ - -keypbe aes-256-cbc -certpbe aes-256-cbc \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nGenerate expired certificate\n" >> "makecerts.log" - "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/expired.csr \ - -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Expired/emailAddress=osslsigncode@example.com" \ - 2>> "makecerts.log" 1>&2 - test_result $? - "$OPENSSL" ca -config "$CONF" -enddate "190101000000Z" -batch -in CA/expired.csr -out CA/expired.cer \ - 2>> "makecerts.log" 1>&2 - test_result $? - "$OPENSSL" x509 -in CA/expired.cer -out tmp/expired.pem \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nAttach intermediate certificate to expired certificate\n" >> "makecerts.log" - cat tmp/intermediateCA.pem >> tmp/expired.pem 2>> "makecerts.log" - test_result $? - - -################################################################################ -# Intermediate CA certificates with CRL distribution point -################################################################################ - - CONF="${script_path}/openssl_intermediate_crldp.cnf" - - printf "\nGenerate intermediate CA certificate with CRL distribution point\n" >> "makecerts.log" - "$OPENSSL" genrsa -out CA/intermediateCA_crldp.key \ - 2>> "makecerts.log" 1>&2 - TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - OPENSSL="$0" - export LD_LIBRARY_PATH="$1" - CONF="${script_path}/openssl_intermediate_crldp.cnf" - "$OPENSSL" req -config "$CONF" -new -key CA/intermediateCA_crldp.key -out CA/intermediateCA_crldp.csr \ - -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Intermediate CA CRL DP" \ - 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" - test_result $? - TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - OPENSSL="$0" - export LD_LIBRARY_PATH="$1" - CONF="${script_path}/openssl_root.cnf" - "$OPENSSL" ca -config "$CONF" -batch -in CA/intermediateCA_crldp.csr -out CA/intermediateCA_crldp.cer \ - 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" - test_result $? - "$OPENSSL" x509 -in CA/intermediateCA_crldp.cer -out tmp/intermediateCA_crldp.pem \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nGenerate a certificate with X509v3 CRL Distribution Points extension to revoke\n" >> "makecerts.log" - "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/revoked_crldp.csr \ - -subj "/C=PL/O=osslsigncode/OU=CSP/CN=Revoked X509v3 CRL DP/emailAddress=osslsigncode@example.com" \ - 2>> "makecerts.log" 1>&2 - test_result $? - "$OPENSSL" ca -config "$CONF" -batch -in CA/revoked_crldp.csr -out CA/revoked_crldp.cer \ - 2>> "makecerts.log" 1>&2 - test_result $? - "$OPENSSL" x509 -in CA/revoked_crldp.cer -out tmp/revoked_crldp.pem \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nRevoke above certificate\n" >> "makecerts.log" - "$OPENSSL" ca -config "$CONF" -revoke CA/revoked_crldp.cer \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nAttach intermediate certificate to revoked certificate\n" >> "makecerts.log" - cat tmp/intermediateCA_crldp.pem >> tmp/revoked_crldp.pem 2>> "makecerts.log" - test_result $? - - printf "\nGenerate CRL file\n" >> "makecerts.log" - TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - OPENSSL="$0" - export LD_LIBRARY_PATH="$1" - CONF="${script_path}/openssl_intermediate_crldp.cnf" - "$OPENSSL" ca -config "$CONF" -gencrl -crldays 8766 -out tmp/CACertCRL_crldp.pem \ - 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" - test_result $? - - printf "\nConvert CRL file from PEM to DER (for CRL Distribution Points server to use) \n" >> "makecerts.log" - "$OPENSSL" crl -in tmp/CACertCRL_crldp.pem -inform PEM -out tmp/CACertCRL.der -outform DER \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nGenerate code signing certificate with X509v3 CRL Distribution Points extension\n" >> "makecerts.log" - "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/cert_crldp.csr \ - -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Certificate X509v3 CRL DP/emailAddress=osslsigncode@example.com" \ - 2>> "makecerts.log" 1>&2 - test_result $? - "$OPENSSL" ca -config "$CONF" -batch -in CA/cert_crldp.csr -out CA/cert_crldp.cer \ - 2>> "makecerts.log" 1>&2 - test_result $? - "$OPENSSL" x509 -in CA/cert_crldp.cer -out tmp/cert_crldp.pem \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nAttach intermediate certificate to code signing certificate\n" >> "makecerts.log" - cat tmp/intermediateCA_crldp.pem >> tmp/cert_crldp.pem 2>> "makecerts.log" - test_result $? - -################################################################################ -# Time Stamp Authority certificates -################################################################################ - printf "\nGenerate Root CA TSA certificate\n" >> "makecerts.log" - "$OPENSSL" genrsa -out CA/TSACA.key \ - 2>> "makecerts.log" 1>&2 - TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - OPENSSL="$0" - export LD_LIBRARY_PATH="$1" - CONF="${script_path}/openssl_tsa_root.cnf" - "$OPENSSL" req -config "$CONF" -new -x509 -days 7300 -key CA/TSACA.key -out tmp/TSACA.pem \ - 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" - test_result $? - - printf "\nGenerate TSA certificate to revoke\n" >> "makecerts.log" - CONF="${script_path}/openssl_tsa_root.cnf" - "$OPENSSL" req -config "$CONF" -new -nodes -keyout tmp/TSA_revoked.key -out CA/TSA_revoked.csr \ - -subj "/C=PL/O=osslsigncode/OU=TSA/CN=Revoked/emailAddress=osslsigncode@example.com" \ - 2>> "makecerts.log" 1>&2 - test_result $? - CONF="${script_path}/openssl_tsa_root.cnf" - "$OPENSSL" ca -config "$CONF" -batch -in CA/TSA_revoked.csr -out CA/TSA_revoked.cer \ - 2>> "makecerts.log" 1>&2 - test_result $? - "$OPENSSL" x509 -in CA/TSA_revoked.cer -out tmp/TSA_revoked.pem \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nRevoke above certificate\n" >> "makecerts.log" - "$OPENSSL" ca -config "$CONF" -revoke CA/TSA_revoked.cer \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nGenerate TSA CRL file\n" >> "makecerts.log" - TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c ' - script_path=$(pwd) - OPENSSL="$0" - export LD_LIBRARY_PATH="$1" - CONF="${script_path}/openssl_tsa_root.cnf" - "$OPENSSL" ca -config "$CONF" -gencrl -crldays 8766 -out tmp/TSACertCRL.pem \ - 2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH" - test_result $? - - printf "\nConvert TSA CRL file from PEM to DER (for CRL Distribution Points server to use)\n" >> "makecerts.log" - "$OPENSSL" crl -in tmp/TSACertCRL.pem -inform PEM -out tmp/TSACertCRL.der -outform DER \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nGenerate TSA certificate\n" >> "makecerts.log" - CONF="${script_path}/openssl_tsa.cnf" - "$OPENSSL" req -config "$CONF" -new -nodes -keyout tmp/TSA.key -out CA/TSA.csr \ - 2>> "makecerts.log" 1>&2 - test_result $? - CONF="${script_path}/openssl_tsa_root.cnf" - "$OPENSSL" ca -config "$CONF" -batch -in CA/TSA.csr -out CA/TSA.cer \ - 2>> "makecerts.log" 1>&2 - test_result $? - "$OPENSSL" x509 -in CA/TSA.cer -out tmp/TSA.pem \ - 2>> "makecerts.log" 1>&2 - test_result $? - - printf "\nSave the chain to be included in the TSA response\n" >> "makecerts.log" - cat tmp/TSA.pem tmp/TSACA.pem > tmp/tsa-chain.pem 2>> "makecerts.log" - -################################################################################ -# Copy new files -################################################################################ - - if test -s tmp/CACert.pem -a -s tmp/CAcross.pem -a -s tmp/CAroot.pem \ - -a -s tmp/intermediateCA.pem -a -s tmp/intermediateCA_crldp.pem \ - -a -s tmp/CACertCRL.pem -a -s tmp/CACertCRL.der \ - -a -s tmp/TSACertCRL.pem -a -s tmp/TSACertCRL.der \ - -a -s tmp/key.pem -a -s tmp/keyp.pem -a -s tmp/key.der -a -s tmp/key.pvk \ - -a -s tmp/cert.pem -a -s tmp/cert.der -a -s tmp/cert.spc \ - -a -s tmp/cert.p12 -a -s tmp/legacy.p12 -a -s tmp/cert_crldp.pem\ - -a -s tmp/expired.pem \ - -a -s tmp/revoked.pem -a -s tmp/revoked_crldp.pem \ - -a -s tmp/TSA_revoked.pem \ - -a -s tmp/TSA.pem -a -s tmp/TSA.key -a -s tmp/tsa-chain.pem - then - mkdir -p "../certs" - cp tmp/* ../certs - printf "%s" "Keys & certificates successfully generated" - else - printf "%s" "Error logs ${result_path}/makecerts.log" - result=1 - fi - -################################################################################ -# Remove the working directory -################################################################################ - - rm -rf "CA/" - rm -rf "tmp/" - - exit "$result" -} - - -################################################################################ -# Tests requirement and make certs -################################################################################ - -if test -n "$(command -v faketime)" - then - make_certs "$1" - result=$? - else - printf "%s" "faketime not found in \$PATH, please install faketime package" - result=1 - fi - -exit "$result" diff --git a/tests/conf/openssl_intermediate.cnf b/tests/conf/openssl_intermediate.cnf deleted file mode 100644 index f5e91eb..0000000 --- a/tests/conf/openssl_intermediate.cnf +++ /dev/null @@ -1,73 +0,0 @@ -# OpenSSL intermediate CA configuration file - -[ default ] -name = intermediateCA -default_ca = CA_default - -[ CA_default ] -# Directory and file locations -dir = . -certs = $dir/CA -crl_dir = $dir/CA -new_certs_dir = $dir/CA -database = $dir/CA/index.txt -serial = $dir/CA/serial -rand_serial = yes -private_key = $dir/CA/$name.key -certificate = $dir/tmp/$name.pem -crlnumber = $dir/CA/crlnumber -crl_extensions = crl_ext -default_md = sha256 -preserve = no -policy = policy_loose -default_startdate = 20180101000000Z -default_enddate = 20341231000000Z -x509_extensions = v3_req -email_in_dn = yes -default_days = 2200 - -[ req ] -# Options for the `req` tool -encrypt_key = no -default_bits = 2048 -default_md = sha256 -string_mask = utf8only -distinguished_name = req_distinguished_name -x509_extensions = usr_extensions - -[ crl_ext ] -# Extension for CRLs -authorityKeyIdentifier = keyid:always - -[ usr_extensions ] -# Extension to add when the -x509 option is used -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid, issuer -extendedKeyUsage = codeSigning - -[ v3_req ] -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid, issuer -extendedKeyUsage = codeSigning - -[ policy_loose ] -# Allow the intermediate CA to sign a more diverse range of certificates. -# See the POLICY FORMAT section of the `ca` man page. -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -stateOrProvinceName = State or Province Name -localityName = Locality Name -0.organizationName = Organization Name -organizationalUnitName = Organizational Unit Name -commonName = Common Name -emailAddress = Email Address diff --git a/tests/conf/openssl_intermediate_crldp.cnf b/tests/conf/openssl_intermediate_crldp.cnf deleted file mode 100644 index bb743ac..0000000 --- a/tests/conf/openssl_intermediate_crldp.cnf +++ /dev/null @@ -1,79 +0,0 @@ -# OpenSSL intermediate CA configuration file - -[ default ] -name = intermediateCA -default_ca = CA_default -crl_url = http://127.0.0.1:19254/$name - -[ CA_default ] -# Directory and file locations -dir = . -certs = $dir/CA -crl_dir = $dir/CA -new_certs_dir = $dir/CA -database = $dir/CA/index.txt -serial = $dir/CA/serial -rand_serial = yes -private_key = $dir/CA/$name\_crldp.key -certificate = $dir/tmp/$name\_crldp.pem -crlnumber = $dir/CA/crlnumber -crl_extensions = crl_ext -default_md = sha256 -preserve = no -policy = policy_loose -default_startdate = 20180101000000Z -default_enddate = 20341231000000Z -x509_extensions = v3_req -email_in_dn = yes -default_days = 2200 - -[ req ] -# Options for the `req` tool -encrypt_key = no -default_bits = 2048 -default_md = sha256 -string_mask = utf8only -distinguished_name = req_distinguished_name -x509_extensions = usr_extensions - -[ crl_ext ] -# Extension for CRLs -authorityKeyIdentifier = keyid:always - -[ usr_extensions ] -# Extension to add when the -x509 option is used -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid, issuer -extendedKeyUsage = codeSigning - -[ v3_req ] -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid, issuer -extendedKeyUsage = codeSigning -crlDistributionPoints = @crl_info - -[ crl_info ] -# X509v3 CRL Distribution Points extension -URI.0 = $crl_url - -[ policy_loose ] -# Allow the intermediate CA to sign a more diverse range of certificates. -# See the POLICY FORMAT section of the `ca` man page. -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -stateOrProvinceName = State or Province Name -localityName = Locality Name -0.organizationName = Organization Name -organizationalUnitName = Organizational Unit Name -commonName = Common Name -emailAddress = Email Address diff --git a/tests/conf/openssl_root.cnf b/tests/conf/openssl_root.cnf deleted file mode 100644 index 109a645..0000000 --- a/tests/conf/openssl_root.cnf +++ /dev/null @@ -1,65 +0,0 @@ -# OpenSSL root CA configuration file - -[ ca ] -default_ca = CA_default - -[ CA_default ] -# Directory and file locations. -dir = . -certs = $dir/CA -crl_dir = $dir/CA -new_certs_dir = $dir/CA -database = $dir/CA/index.txt -serial = $dir/CA/serial -rand_serial = yes -private_key = $dir/CA/CA.key -certificate = $dir/tmp/CACert.pem -crl_extensions = crl_ext -default_md = sha256 -preserve = no -policy = policy_match -default_startdate = 20180101000000Z -default_enddate = 20360101000000Z -x509_extensions = v3_intermediate_ca -email_in_dn = yes -default_days = 3000 -unique_subject = no - -[ req ] -# Options for the `req` tool -encrypt_key = no -default_bits = 2048 -default_md = sha256 -string_mask = utf8only -x509_extensions = ca_extensions -distinguished_name = req_distinguished_name - -[ ca_extensions ] -# Extension to add when the -x509 option is used -basicConstraints = critical, CA:true -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer -keyUsage = critical, digitalSignature, cRLSign, keyCertSign - -[ v3_intermediate_ca ] -# Extensions for a typical intermediate CA (`man x509v3_config`) -basicConstraints = critical, CA:true, pathlen:0 -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer -keyUsage = critical, digitalSignature, cRLSign, keyCertSign - -[ policy_match ] -countryName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -stateOrProvinceName = State or Province Name -localityName = Locality Name -0.organizationName = Organization Name -organizationalUnitName = Organizational Unit Name -commonName = Common Name -emailAddress = Email Address diff --git a/tests/conf/openssl_tsa.cnf b/tests/conf/openssl_tsa.cnf index a139088..b4cd29f 100644 --- a/tests/conf/openssl_tsa.cnf +++ b/tests/conf/openssl_tsa.cnf @@ -44,3 +44,4 @@ ordering = yes tsa_name = yes ess_cert_id_chain = yes ess_cert_id_alg = sha256 +crypto_device = builtin diff --git a/tests/conf/openssl_tsa_root.cnf b/tests/conf/openssl_tsa_root.cnf deleted file mode 100644 index 30a00a3..0000000 --- a/tests/conf/openssl_tsa_root.cnf +++ /dev/null @@ -1,83 +0,0 @@ -# OpenSSL Root Timestamp Authority configuration file - -[ default ] -name = TSACA -domain_suffix = timestampauthority -crl_url = http://127.0.0.1:19254/$name -name_opt = utf8, esc_ctrl, multiline, lname, align -default_ca = CA_default - -[ CA_default ] -dir = . -certs = $dir/CA -crl_dir = $dir/CA -new_certs_dir = $dir/CA -database = $dir/CA/index.txt -serial = $dir/CA/serial -crlnumber = $dir/CA/crlnumber -crl_extensions = crl_ext -rand_serial = yes -private_key = $dir/CA/$name.key -certificate = $dir/tmp/$name.pem -default_md = sha256 -default_days = 3650 -default_crl_days = 365 -policy = policy_match -default_startdate = 20180101000000Z -default_enddate = 20380101000000Z -unique_subject = no -email_in_dn = no -x509_extensions = tsa_extensions - -[ policy_match ] -countryName = match -stateOrProvinceName = optional -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ tsa_extensions ] -basicConstraints = critical, CA:false -extendedKeyUsage = critical, timeStamping -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always -crlDistributionPoints = @crl_info -nameConstraints = @name_constraints - -[ crl_info ] -# X509v3 CRL Distribution Points extension -URI.0 = $crl_url - -[ crl_ext ] -# Extension for CRLs -authorityKeyIdentifier = keyid:always - -[ name_constraints ] -permitted;DNS.0=test.com -permitted;DNS.1=test.org -excluded;IP.0=0.0.0.0/0.0.0.0 -excluded;IP.1=0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0 - -[ req ] -# Options for the `req` tool -default_bits = 2048 -encrypt_key = yes -default_md = sha256 -utf8 = yes -string_mask = utf8only -prompt = no -distinguished_name = ca_distinguished_name -x509_extensions = ca_extensions - -[ ca_distinguished_name ] -countryName = "PL" -organizationName = "osslsigncode" -organizationalUnitName = "Timestamp Authority Root CA" -commonName = "TSA Root CA" - -[ ca_extensions ] -# Extension to add when the -x509 option is used -basicConstraints = critical, CA:true -subjectKeyIdentifier = hash -keyUsage = critical, keyCertSign, cRLSign diff --git a/tests/exec.py b/tests/exec.py new file mode 100644 index 0000000..80e7c07 --- /dev/null +++ b/tests/exec.py @@ -0,0 +1,43 @@ +#!/usr/bin/python3 +"""Implementation of a single ctest script.""" + +import sys +import subprocess + + +def parse(value): + """Read parameter from file.""" + prefix = 'FILE ' + if value.startswith(prefix): + with open(value[len(prefix):], mode="r", encoding="utf-8") as file: + return file.read().strip() + return value + + +def main() -> None: + """Run osslsigncode with its options.""" + if len(sys.argv) > 1: + try: + params = map(parse, sys.argv[1:]) + proc = subprocess.run(params, check=True) + sys.exit(proc.returncode) + except Exception as err: # pylint: disable=broad-except + # all exceptions are critical + print(err, file=sys.stderr) + else: + print("Usage:\n\t{} COMMAND [ARG]...'".format(sys.argv[0]), file=sys.stderr) + sys.exit(1) + + +if __name__ == "__main__": + main() + + +# pylint: disable=pointless-string-statement +"""Local Variables: + c-basic-offset: 4 + tab-width: 4 + indent-tabs-mode: nil +End: + vim: set ts=4 expandtab: +""" diff --git a/tests/make_certificates.py b/tests/make_certificates.py new file mode 100644 index 0000000..6fb03ac --- /dev/null +++ b/tests/make_certificates.py @@ -0,0 +1,532 @@ +#!/usr/bin/python3 +"""Make test certificates""" + +import os +import datetime +import cryptography +from cryptography import x509 +from cryptography.x509.oid import NameOID +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives import serialization +from cryptography.hazmat.primitives.asymmetric import rsa + +RESULT_PATH = os.getcwd() +CERTS_PATH = os.path.join(RESULT_PATH, "./Testing/certs/") + +date_20170101 = datetime.datetime(2017, 1, 1) +date_20180101 = datetime.datetime(2018, 1, 1) +date_20190101 = datetime.datetime(2019, 1, 1) + +PASSWORD='passme' + + +class X509Extensions(): + """Base class for X509 Extensions""" + + def __init__(self, unit_name, cdp_port, cdp_name): + self.unit_name = unit_name + self.port = cdp_port + self.name = cdp_name + + def create_x509_name(self, common_name) -> x509.Name: + """Return x509.Name""" + return x509.Name( + [ + x509.NameAttribute(NameOID.COUNTRY_NAME, "PL"), + x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Mazovia Province"), + x509.NameAttribute(NameOID.LOCALITY_NAME, "Warsaw"), + x509.NameAttribute(NameOID.ORGANIZATION_NAME, "osslsigncode"), + x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, self.unit_name), + x509.NameAttribute(NameOID.COMMON_NAME, common_name) + ] + ) + + def create_x509_crldp(self) -> x509.CRLDistributionPoints: + """Return x509.CRLDistributionPoints""" + return x509.CRLDistributionPoints( + [ + x509.DistributionPoint( + full_name=[x509.UniformResourceIdentifier( + "http://127.0.0.1:" + str(self.port) + "/" + str(self.name)) + ], + relative_name=None, + reasons=None, + crl_issuer=None + ) + ] + ) + + def create_x509_name_constraints(self) -> x509.NameConstraints: + """Return x509.NameConstraints""" + return x509.NameConstraints( + permitted_subtrees = [x509.DNSName('test.com'), x509.DNSName('test.org')], + excluded_subtrees = None + ) + +class IntermediateCACertificate(X509Extensions): + """Base class for Intermediate CA certificate""" + + def __init__(self, issuer_cert, issuer_key): + self.issuer_cert = issuer_cert + self.issuer_key = issuer_key + super().__init__("Certification Authority", 0, None) + + def make_cert(self) -> (x509.Certificate, rsa.RSAPrivateKey): + """Generate intermediate CA certificate""" + key = rsa.generate_private_key(public_exponent=65537, key_size=2048) + key_public = key.public_key() + authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( + self.issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value + ) + key_usage = x509.KeyUsage( + digital_signature=True, + content_commitment=False, + key_encipherment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=True, + crl_sign=True, + encipher_only=False, + decipher_only=False + ) + cert = ( + x509.CertificateBuilder() + .subject_name(self.create_x509_name("Intermediate CA")) + .issuer_name(self.issuer_cert.subject) + .public_key(key_public) + .serial_number(x509.random_serial_number()) + .not_valid_before(date_20180101) + .not_valid_after(date_20180101 + datetime.timedelta(days=7300)) + .add_extension(x509.BasicConstraints(ca=True, path_length=0), critical=True) + .add_extension(x509.SubjectKeyIdentifier.from_public_key(key_public), critical=False) + .add_extension(authority_key, critical=False) + .add_extension(key_usage, critical=True) + .sign(self.issuer_key, hashes.SHA256()) + ) + file_path=os.path.join(CERTS_PATH, "intermediateCA.pem") + with open(file_path, mode="wb") as file: + file.write(cert.public_bytes(encoding=serialization.Encoding.PEM)) + + return cert, key + + +class RootCACertificate(X509Extensions): + """Base class for Root CA certificate""" + + def __init__(self): + self.key_usage = x509.KeyUsage( + digital_signature=True, + content_commitment=False, + key_encipherment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=True, + crl_sign=True, + encipher_only=False, + decipher_only=False + ) + super().__init__("Certification Authority", 0, None) + + def make_cert(self) -> (x509.Certificate, rsa.RSAPrivateKey): + """Generate CA certificates""" + ca_root, root_key = self.make_ca_cert("Trusted Root CA", "CAroot.pem") + ca_cert, ca_key = self.make_ca_cert("Root CA", "CACert.pem") + self.make_cross_cert(ca_root, root_key, ca_cert, ca_key) + return ca_cert, ca_key + + def make_ca_cert(self, common_name, file_name) -> None: + """Generate self-signed root CA certificate""" + ca_key = rsa.generate_private_key(public_exponent=65537, key_size=2048) + ca_public = ca_key.public_key() + authority_key = x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_public) + name = self.create_x509_name(common_name) + ca_cert = ( + x509.CertificateBuilder() + .subject_name(name) + .issuer_name(name) + .public_key(ca_public) + .serial_number(x509.random_serial_number()) + .not_valid_before(date_20170101) + .not_valid_after(date_20170101 + datetime.timedelta(days=7300)) + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) + .add_extension(x509.SubjectKeyIdentifier.from_public_key(ca_public), critical=False) + .add_extension(authority_key, critical=False) + .add_extension(self.key_usage, critical=True) + .sign(ca_key, hashes.SHA256()) + ) + file_path=os.path.join(CERTS_PATH, file_name) + with open(file_path, mode="wb") as file: + file.write(ca_cert.public_bytes(encoding=serialization.Encoding.PEM)) + return ca_cert, ca_key + + def make_cross_cert(self, ca_root, root_key, ca_cert, ca_key) -> None: + """Generate cross-signed root CA certificate""" + ca_public = ca_key.public_key() + authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( + ca_root.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value + ) + ca_cross = ( + x509.CertificateBuilder() + .subject_name(ca_cert.subject) + .issuer_name(ca_root.subject) + .public_key(ca_public) + .serial_number(ca_cert.serial_number) + .not_valid_before(date_20180101) + .not_valid_after(date_20180101 + datetime.timedelta(days=7300)) + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) + .add_extension(x509.SubjectKeyIdentifier.from_public_key(ca_public), critical=False) + .add_extension(authority_key, critical=False) + .add_extension(self.key_usage, critical=True) + .sign(root_key, hashes.SHA256()) + ) + file_path=os.path.join(CERTS_PATH, "CAcross.pem") + with open(file_path, mode="wb") as file: + file.write(ca_cross.public_bytes(encoding=serialization.Encoding.PEM)) + + def write_key(self, key, file_name) -> None: + """Write a private RSA key""" + # Write password + file_path = os.path.join(CERTS_PATH, "password.txt") + with open(file_path, mode="w", encoding="utf-8") as file: + file.write("{}".format(PASSWORD)) + + # Write encrypted key in PEM format + file_path = os.path.join(CERTS_PATH, file_name + "p.pem") + with open(file_path, mode="wb") as file: + file.write(key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.PKCS8, + encryption_algorithm=serialization.BestAvailableEncryption(PASSWORD.encode()) + ) + ) + # Write decrypted key in PEM format + file_path = os.path.join(CERTS_PATH, file_name + ".pem") + with open(file_path, mode="wb") as file: + file.write(key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.PKCS8, + encryption_algorithm=serialization.NoEncryption() + ) + ) + # Write the key in DER format + file_path = os.path.join(CERTS_PATH, file_name + ".der") + with open(file_path, mode="wb") as file: + file.write(key.private_bytes( + encoding=serialization.Encoding.DER, + format=serialization.PrivateFormat.PKCS8, + encryption_algorithm=serialization.NoEncryption() + ) + ) + + +class TSARootCACertificate(X509Extensions): + """Base class for TSA certificates""" + + def __init__(self): + super().__init__("Timestamp Authority Root CA", 0, None) + + def make_cert(self) -> (x509.Certificate, rsa.RSAPrivateKey): + """Generate a Time Stamp Authority certificate""" + ca_key = rsa.generate_private_key(public_exponent=65537, key_size=2048) + ca_public = ca_key.public_key() + authority_key = x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_public) + name = self.create_x509_name("TSA Root CA") + key_usage = x509.KeyUsage( + digital_signature=False, + content_commitment=False, + key_encipherment=False, + data_encipherment=False, + key_agreement=False, + key_cert_sign=True, + crl_sign=True, + encipher_only=False, + decipher_only=False + ) + ca_cert = ( + x509.CertificateBuilder() + .subject_name(name) + .issuer_name(name) + .public_key(ca_public) + .serial_number(x509.random_serial_number()) + .not_valid_before(date_20170101) + .not_valid_after(date_20170101 + datetime.timedelta(days=7300)) + .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) + .add_extension(x509.SubjectKeyIdentifier.from_public_key(ca_public), critical=False) + .add_extension(authority_key, critical=False) + .add_extension(key_usage, critical=True) + .sign(ca_key, hashes.SHA256()) + ) + file_path=os.path.join(CERTS_PATH, "TSACA.pem") + with open(file_path, mode="wb") as file: + file.write(ca_cert.public_bytes(encoding=serialization.Encoding.PEM)) + + return ca_cert, ca_key + + def write_key(self, key, file_name) -> None: + """Write decrypted private RSA key into PEM format""" + file_path = os.path.join(CERTS_PATH, file_name + ".key") + with open(file_path, mode="wb") as file: + file.write(key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.PKCS8, + encryption_algorithm=serialization.NoEncryption() + ) + ) + + +class Certificate(X509Extensions): + """Base class for a leaf certificate""" + + def __init__(self, issuer_cert, issuer_key, unit_name, common_name, cdp_port, cdp_name): + #pylint: disable=too-many-arguments + self.issuer_cert = issuer_cert + self.issuer_key = issuer_key + self.common_name = common_name + super().__init__(unit_name, cdp_port, cdp_name) + + def make_cert(self, public_key, not_before, days) -> x509.Certificate: + """Generate a leaf certificate""" + authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( + self.issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value + ) + extended_key_usage = x509.ExtendedKeyUsage( + [x509.oid.ExtendedKeyUsageOID.CODE_SIGNING] + ) + cert = ( + x509.CertificateBuilder() + .subject_name(self.create_x509_name(self.common_name)) + .issuer_name(self.issuer_cert.subject) + .public_key(public_key) + .serial_number(x509.random_serial_number()) + .not_valid_before(not_before) + .not_valid_after(not_before + datetime.timedelta(days=days)) + .add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=False) + .add_extension(x509.SubjectKeyIdentifier.from_public_key(public_key), critical=False) + .add_extension(authority_key, critical=False) + .add_extension(extended_key_usage, critical=False) + .add_extension(self.create_x509_crldp(), critical=False) + .sign(self.issuer_key, hashes.SHA256()) + ) + # Write PEM file and attach intermediate certificate + file_path = os.path.join(CERTS_PATH, self.common_name + ".pem") + with open(file_path, mode="wb") as file: + file.write(cert.public_bytes(encoding=serialization.Encoding.PEM)) + file.write(self.issuer_cert.public_bytes(encoding=serialization.Encoding.PEM)) + + return cert + + def revoke_cert(self, serial_number, file_name) -> None: + """Revoke a certificate""" + revoked = ( + x509.RevokedCertificateBuilder() + .serial_number(serial_number) + .revocation_date(date_20190101) + .add_extension(x509.CRLReason(x509.ReasonFlags.superseded), critical=False) + .build() + ) + # Generate CRL + authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( + self.issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value + ) + crl = ( + x509.CertificateRevocationListBuilder() + .issuer_name(self.issuer_cert.subject) + .last_update(date_20190101) + .next_update(date_20190101 + datetime.timedelta(days=7300)) + .add_extension(authority_key, critical=False) + .add_extension(x509.CRLNumber(4097), critical=False) + .add_revoked_certificate(revoked) + .sign(self.issuer_key, hashes.SHA256()) + ) + # Write CRL file + file_path = os.path.join(CERTS_PATH, file_name + ".pem") + with open(file_path, mode="wb") as file: + file.write(crl.public_bytes(encoding=serialization.Encoding.PEM)) + + file_path = os.path.join(CERTS_PATH, file_name + ".der") + with open(file_path, mode="wb") as file: + file.write(crl.public_bytes(encoding=serialization.Encoding.DER)) + + +class LeafCACertificate(Certificate): + """Base class for a leaf certificate""" + + def __init__(self, issuer_cert, issuer_key, common, cdp_port): + super().__init__(issuer_cert, issuer_key, "CSP", common, cdp_port, "intermediateCA") + + +class LeafTSACertificate(Certificate): + """Base class for a TSA leaf certificate""" + + def __init__(self, issuer_cert, issuer_key, common, cdp_port): + self.issuer_cert = issuer_cert + self.issuer_key = issuer_key + self.common_name = common + super().__init__(issuer_cert, issuer_key, "Timestamp Root CA", common, cdp_port, "TSACA") + + def make_cert(self, public_key, not_before, days) -> x509.Certificate: + """Generate a TSA leaf certificate""" + + authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( + self.issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value + ) + + # The TSA signing certificate must have exactly one extended key usage + # assigned to it: timeStamping. The extended key usage must also be critical, + # otherwise the certificate is going to be refused. + extended_key_usage = x509.ExtendedKeyUsage( + [x509.oid.ExtendedKeyUsageOID.TIME_STAMPING] + ) + cert = ( + x509.CertificateBuilder() + .subject_name(self.create_x509_name(self.common_name)) + .issuer_name(self.issuer_cert.subject) + .public_key(public_key) + .serial_number(x509.random_serial_number()) + .not_valid_before(not_before) + .not_valid_after(not_before + datetime.timedelta(days=days)) + .add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True) + .add_extension(x509.SubjectKeyIdentifier.from_public_key(public_key), critical=False) + .add_extension(authority_key, critical=False) + .add_extension(extended_key_usage, critical=True) + .add_extension(self.create_x509_crldp(), critical=False) + .add_extension(self.create_x509_name_constraints(), critical=False) + .sign(self.issuer_key, hashes.SHA256()) + ) + # Write PEM file and attach intermediate certificate + file_path = os.path.join(CERTS_PATH, self.common_name + ".pem") + with open(file_path, mode="wb") as file: + file.write(cert.public_bytes(encoding=serialization.Encoding.PEM)) + file.write(self.issuer_cert.public_bytes(encoding=serialization.Encoding.PEM)) + + return cert + + +class CertificateMaker(): + """Base class for test certificates""" + + def __init__(self, cdp_port, logs): + self.cdp_port = cdp_port + self.logs = logs + + def make_certs(self) -> None: + """Make test certificates""" + try: + self.make_ca_certs() + self.make_tsa_certs() + logs = os.path.join(CERTS_PATH, "./cert.log") + with open(logs, mode="w", encoding="utf-8") as file: + file.write("Test certificates generation succeeded") + except Exception as err: # pylint: disable=broad-except + with open(self.logs, mode="a", encoding="utf-8") as file: + file.write("Error: {}".format(err)) + + def make_ca_certs(self): + """Make test certificates""" + + # Generate root CA certificate + root = RootCACertificate() + ca_cert, ca_key = root.make_cert() + + # Generate intermediate root CA certificate + intermediate = IntermediateCACertificate(ca_cert, ca_key) + issuer_cert, issuer_key = intermediate.make_cert() + + # Generate private RSA key + private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048) + public_key = private_key.public_key() + root.write_key(key=private_key, file_name="key") + + # Generate expired certificate + expired = LeafCACertificate(issuer_cert, issuer_key, "expired", self.cdp_port) + expired.make_cert(public_key, date_20180101, 365) + + # Generate revoked certificate + revoked = LeafCACertificate(issuer_cert, issuer_key, "revoked", self.cdp_port) + cert = revoked.make_cert(public_key, date_20180101, 5840) + revoked.revoke_cert(cert.serial_number, "CACertCRL") + + # Generate code signing certificate + signer = LeafCACertificate(issuer_cert, issuer_key, "cert", self.cdp_port) + cert = signer.make_cert(public_key, date_20180101, 5840) + + # Write a certificate and a key into PKCS#12 container + self.write_pkcs12_container( + cert=cert, + key=private_key, + issuer=issuer_cert + ) + + # Write DER file and attach intermediate certificate + file_path = os.path.join(CERTS_PATH, "cert.der") + with open(file_path, mode="wb") as file: + file.write(cert.public_bytes(encoding=serialization.Encoding.DER)) + + def make_tsa_certs(self): + """Make test TSA certificates""" + + # Time Stamp Authority certificate + root = TSARootCACertificate() + issuer_cert, issuer_key = root.make_cert() + + # Generate private RSA key + private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048) + public_key = private_key.public_key() + root.write_key(key=private_key, file_name="TSA") + + # Generate revoked TSA certificate + revoked = LeafTSACertificate(issuer_cert, issuer_key, "TSA_revoked", self.cdp_port) + cert = revoked.make_cert(public_key, date_20180101, 7300) + revoked.revoke_cert(cert.serial_number, "TSACertCRL") + + # Generate TSA certificate + signer = LeafTSACertificate(issuer_cert, issuer_key, "TSA", self.cdp_port) + cert = signer.make_cert(public_key, date_20180101, 7300) + + # Save the chain to be included in the TSA response + file_path = os.path.join(CERTS_PATH, "tsa-chain.pem") + with open(file_path, mode="wb") as file: + file.write(cert.public_bytes(encoding=serialization.Encoding.PEM)) + file.write(issuer_cert.public_bytes(encoding=serialization.Encoding.PEM)) + + + def write_pkcs12_container(self, cert, key, issuer) -> None: + """Write a certificate and a key into a PKCS#12 container""" + + # Set an encryption algorithm + if cryptography.__version__ >= "38.0.0": + # For OpenSSL legacy mode use the default algorithm for certificate + # and private key encryption: DES-EDE3-CBC (vel 3DES_CBC) + # pylint: disable=no-member + encryption = ( + serialization.PrivateFormat.PKCS12.encryption_builder() + .key_cert_algorithm(serialization.pkcs12.PBES.PBESv1SHA1And3KeyTripleDESCBC) + .kdf_rounds(5000) + .build(PASSWORD.encode()) + ) + else: + encryption = serialization.BestAvailableEncryption(PASSWORD.encode()) + + # Generate PKCS#12 struct + pkcs12 = serialization.pkcs12.serialize_key_and_certificates( + name=b'certificate', + key=key, + cert=cert, + cas=(issuer,), + encryption_algorithm=encryption + ) + + # Write into a PKCS#12 container + file_path = os.path.join(CERTS_PATH, "cert.p12") + with open(file_path, mode="wb") as file: + file.write(pkcs12) + + +# pylint: disable=pointless-string-statement +"""Local Variables: + c-basic-offset: 4 + tab-width: 4 + indent-tabs-mode: nil +End: + vim: set ts=4 expandtab: +""" diff --git a/tests/server_http.py b/tests/server_http.py index 084dc45..716859b 100644 --- a/tests/server_http.py +++ b/tests/server_http.py @@ -1,3 +1,4 @@ +#!/usr/bin/python3 """Implementation of a HTTP server""" import argparse @@ -8,6 +9,7 @@ import threading from urllib.parse import urlparse from http.server import SimpleHTTPRequestHandler, HTTPServer from socketserver import ThreadingMixIn +from make_certificates import CertificateMaker RESULT_PATH = os.getcwd() FILES_PATH = os.path.join(RESULT_PATH, "./Testing/files/") @@ -16,11 +18,9 @@ CONF_PATH = os.path.join(RESULT_PATH, "./Testing/conf/") LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/") REQUEST = os.path.join(FILES_PATH, "./jreq.tsq") RESPONS = os.path.join(FILES_PATH, "./jresp.tsr") -CACRL = os.path.join(CERTS_PATH, "./CACertCRL.der") -TSACRL = os.path.join(CERTS_PATH, "./TSACertCRL.der") OPENSSL_CONF = os.path.join(CONF_PATH, "./openssl_tsa.cnf") -PORT_LOG = os.path.join(LOGS_PATH, "./port.log") - +SERVER_LOG = os.path.join(LOGS_PATH, "./server.log") +URL_LOG = os.path.join(LOGS_PATH, "./url.log") OPENSSL_TS = ["openssl", "ts", "-reply", "-config", OPENSSL_CONF, @@ -28,9 +28,12 @@ OPENSSL_TS = ["openssl", "ts", "-queryfile", REQUEST, "-out", RESPONS] + class ThreadingHTTPServer(ThreadingMixIn, HTTPServer): + """This variant of HTTPServer creates a new thread for every connection""" daemon_threads = True + class RequestHandler(SimpleHTTPRequestHandler): """Handle the HTTP POST request that arrive at the server""" @@ -49,10 +52,12 @@ class RequestHandler(SimpleHTTPRequestHandler): resp_data = b'' # Read the file and send the contents if url.path == "/intermediateCA": - with open(CACRL, 'rb') as file: + file_path = os.path.join(CERTS_PATH, "./CACertCRL.der") + with open(file_path, 'rb') as file: resp_data = file.read() if url.path == "/TSACA": - with open(TSACRL, 'rb') as file: + file_path = os.path.join(CERTS_PATH, "./TSACertCRL.der") + with open(file_path, 'rb') as file: resp_data = file.read() self.wfile.write(resp_data) except Exception as err: # pylint: disable=broad-except @@ -65,8 +70,8 @@ class RequestHandler(SimpleHTTPRequestHandler): url = urlparse(self.path) self.send_response(200) if url.path == "/kill_server": - self.log_message(f"Deleting file: {PORT_LOG}") - os.remove(f"{PORT_LOG}") + self.log_message(f"Deleting file: {URL_LOG}") + os.remove(f"{URL_LOG}") self.send_header('Content-type', 'text/plain') self.end_headers() self.wfile.write(bytes('Shutting down HTTP server', 'utf-8')) @@ -76,8 +81,7 @@ class RequestHandler(SimpleHTTPRequestHandler): post_data = self.rfile.read(content_length) with open(REQUEST, mode="wb") as file: file.write(post_data) - openssl = subprocess.run(OPENSSL_TS, - check=True, universal_newlines=True) + openssl = subprocess.run(OPENSSL_TS, check=True, universal_newlines=True) openssl.check_returncode() self.send_header("Content-type", "application/timestamp-reply") self.end_headers() @@ -85,6 +89,7 @@ class RequestHandler(SimpleHTTPRequestHandler): with open(RESPONS, mode="rb") as file: resp_data = file.read() self.wfile.write(resp_data) + except Exception as err: # pylint: disable=broad-except print("HTTP POST request error: {}".format(err)) @@ -108,7 +113,8 @@ class HttpServerThread(): def main() -> None: - """Start HTTP server""" + """Start HTTP server, make test certificates.""" + ret = 0 parser = argparse.ArgumentParser() parser.add_argument( @@ -121,11 +127,16 @@ def main() -> None: try: server = HttpServerThread() port = server.start_server(args.port) - with open(PORT_LOG, mode="w") as file: - file.write("{}".format(port)) + with open(URL_LOG, mode="w", encoding="utf-8") as file: + file.write("127.0.0.1:{}".format(port)) + tests = CertificateMaker(port, SERVER_LOG) + tests.make_certs() except OSError as err: print("OSError: {}".format(err)) ret = err.errno + except Exception as err: # pylint: disable=broad-except + print("Error: {}".format(err)) + ret = 1 finally: sys.exit(ret) @@ -135,6 +146,9 @@ if __name__ == '__main__': fpid = os.fork() if fpid > 0: sys.exit(0) + with open(SERVER_LOG, mode='w', encoding='utf-8') as log: + os.dup2(log.fileno(), sys.stdout.fileno()) + os.dup2(log.fileno(), sys.stderr.fileno()) except OSError as ferr: print("Fork #1 failed: {} {}".format(ferr.errno, ferr.strerror)) sys.exit(1) diff --git a/tests/server_http.pyw b/tests/server_http.pyw index df7c017..31481ee 100644 --- a/tests/server_http.pyw +++ b/tests/server_http.pyw @@ -1,11 +1,14 @@ +#!/usr/bin/python3 """Windows: Implementation of a HTTP server""" +import argparse import os import subprocess import sys import threading from urllib.parse import urlparse from http.server import SimpleHTTPRequestHandler, ThreadingHTTPServer +from make_certificates import CertificateMaker RESULT_PATH = os.getcwd() FILES_PATH = os.path.join(RESULT_PATH, "./Testing/files/") @@ -14,11 +17,9 @@ CONF_PATH = os.path.join(RESULT_PATH, "./Testing/conf/") LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/") REQUEST = os.path.join(FILES_PATH, "./jreq.tsq") RESPONS = os.path.join(FILES_PATH, "./jresp.tsr") -CACRL = os.path.join(CERTS_PATH, "./CACertCRL.der") -TSACRL = os.path.join(CERTS_PATH, "./TSACertCRL.der") OPENSSL_CONF = os.path.join(CONF_PATH, "./openssl_tsa.cnf") SERVER_LOG = os.path.join(LOGS_PATH, "./server.log") -PORT_LOG = os.path.join(LOGS_PATH, "./port.log") +URL_LOG = os.path.join(LOGS_PATH, "./url.log") OPENSSL_TS = ["openssl", "ts", @@ -46,10 +47,12 @@ class RequestHandler(SimpleHTTPRequestHandler): resp_data = b'' # Read the file and send the contents if url.path == "/intermediateCA": - with open(CACRL, 'rb') as file: + file_path = os.path.join(CERTS_PATH, "./CACertCRL.der") + with open(file_path, 'rb') as file: resp_data = file.read() if url.path == "/TSACA": - with open(TSACRL, 'rb') as file: + file_path = os.path.join(CERTS_PATH, "./TSACertCRL.der") + with open(file_path, 'rb') as file: resp_data = file.read() self.wfile.write(resp_data) except Exception as err: # pylint: disable=broad-except @@ -62,8 +65,8 @@ class RequestHandler(SimpleHTTPRequestHandler): url = urlparse(self.path) self.send_response(200) if url.path == "/kill_server": - self.log_message(f"Deleting file: {PORT_LOG}") - os.remove(f"{PORT_LOG}") + self.log_message(f"Deleting file: {URL_LOG}") + os.remove(f"{URL_LOG}") self.send_header('Content-type', 'text/plain') self.end_headers() self.wfile.write(bytes('Shutting down HTTP server', 'utf-8')) @@ -94,9 +97,9 @@ class HttpServerThread(): self.server = None self.server_thread = None - def start_server(self) -> (int): + def start_server(self, port) -> (int): """Starting HTTP server on 127.0.0.1 and a random available port for binding""" - self.server = ThreadingHTTPServer(('127.0.0.1', 19254), RequestHandler) + self.server = ThreadingHTTPServer(('127.0.0.1', port), RequestHandler) self.server_thread = threading.Thread(target=self.server.serve_forever) self.server_thread.start() hostname, port = self.server.server_address[:2] @@ -106,14 +109,25 @@ class HttpServerThread(): def main() -> None: """Start HTTP server""" + ret = 0 + parser = argparse.ArgumentParser() + parser.add_argument( + "--port", + type=int, + default=0, + help="port number" + ) + args = parser.parse_args() try: sys.stdout = open(SERVER_LOG, "w") sys.stderr = open(SERVER_LOG, "a") server = HttpServerThread() - port = server.start_server() - with open(PORT_LOG, mode="w") as file: - file.write("{}".format(port)) + port = server.start_server(args.port) + with open(URL_LOG, mode="w") as file: + file.write("127.0.0.1:{}".format(port)) + tests = CertificateMaker(port, SERVER_LOG) + tests.make_certs() except OSError as err: print("OSError: {}".format(err)) ret = err.errno diff --git a/tests/start_server.py b/tests/start_server.py new file mode 100644 index 0000000..b2554ab --- /dev/null +++ b/tests/start_server.py @@ -0,0 +1,108 @@ +#!/usr/bin/python3 +"""Wait for all tests certificate, compute leafhash""" + +import argparse +import binascii +import hashlib +import os +import pathlib +import platform +import subprocess +import sys +import time + +RESULT_PATH = os.getcwd() +CERTS_PATH = os.path.join(RESULT_PATH, "./Testing/certs/") +LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/") +SERVER_LOG = os.path.join(LOGS_PATH, "./server.log") +if platform.system() == 'Windows': + DEFAULT_PYTHON = "C:/Program Files/Python/Python311/pythonw.exe" + DEFAULT_PROG = os.path.join(RESULT_PATH, "./Testing/server_http.pyw") +else: + DEFAULT_PYTHON = "/usr/bin/python3" + DEFAULT_PROG = os.path.join(RESULT_PATH, "./Testing/server_http.py") + + +def compute_sha256(file_name) -> str: + """Compute a SHA256 hash of the leaf certificate (in DER form)""" + + sha256_hash = hashlib.sha256() + file_path = os.path.join(CERTS_PATH, file_name) + with open(file_path, mode="rb") as file: + for bajt in iter(lambda: file.read(4096),b""): + sha256_hash.update(bajt) + return sha256_hash.hexdigest() + +def clear_catalog(certs_path) -> None: + """"Clear a test certificates catalog.""" + + if os.path.exists(certs_path): + #Remove old test certificates + for root, _, files in os.walk(certs_path): + for file in files: + os.remove(os.path.join(root, file)) + else: + os.mkdir(certs_path) + + # Generate 16 random bytes and convert to hex + random_hex = binascii.b2a_hex(os.urandom(16)).decode() + serial = os.path.join(certs_path, "./tsa-serial") + with open(serial, mode="w", encoding="utf-8") as file: + file.write(random_hex) + +def main() -> None: + """Wait for all tests certificate, compute leafhash""" + + parser = argparse.ArgumentParser() + parser.add_argument( + "--exe", + type=pathlib.Path, + default=DEFAULT_PYTHON, + help=f"the path to the python3 executable to use" + f"(default: {DEFAULT_PYTHON})", + ) + parser.add_argument( + "--script", + type=pathlib.Path, + default=DEFAULT_PROG, + help=f"the path to the python script to run" + f"(default: {DEFAULT_PROG})", + ) + args = parser.parse_args() + try: + clear_catalog(CERTS_PATH) + #pylint: disable=consider-using-with + subprocess.Popen([str(args.exe), str(args.script)]) + + cert_log = os.path.join(CERTS_PATH, "./cert.log") + while not (os.path.exists(cert_log) and os.path.getsize(cert_log) > 0): + time.sleep(1) + + leafhash = compute_sha256("cert.der") + file_path = os.path.join(CERTS_PATH, "./leafhash.txt") + with open(file_path, mode="w", encoding="utf-8") as file: + file.write("SHA256:{}".format(leafhash)) + + except OSError as err: + with open(SERVER_LOG, mode="w", encoding="utf-8") as file: + file.write("OSError: {}".format(err)) + sys.exit(1) + + except Exception as err: # pylint: disable=broad-except + with open(SERVER_LOG, mode="w", encoding="utf-8") as file: + file.write("Error: {}".format(err)) + sys.exit(1) + + +if __name__ == "__main__": + main() + + +# pylint: disable=pointless-string-statement +"""Local Variables: + c-basic-offset: 4 + tab-width: 4 + indent-tabs-mode: nil +End: + vim: set ts=4 expandtab: +""" diff --git a/vcpkg.json b/vcpkg.json index ba4560c..3699e3d 100644 --- a/vcpkg.json +++ b/vcpkg.json @@ -3,11 +3,7 @@ "version-string": "2.4", "dependencies": [ "openssl", - "curl", - { - "name": "python3", - "platform": "!(windows & static) & !osx" - } + "zlib" ], "builtin-baseline": "9edb1b8e590cc086563301d735cae4b6e732d2d2" }