From dad9ef90e38a1cafd0367da62dd65db51bf6ed73 Mon Sep 17 00:00:00 2001 From: "R.I.Pienaar" Date: Thu, 21 Nov 2019 17:24:27 +0100 Subject: [PATCH] (#607) support NGS * support connecting to NGS with its own CA * use connect.ngs.global:4222 when ngs is true, cred is set and no specific middleware is set * update certs in tests * remove unused registration plugin for mcollectived --- Gemfile | 6 +- Gemfile.lock | 94 ++++++++------- lib/mcollective/application/choria.rb | 11 +- lib/mcollective/connector/nats.rb | 23 +++- lib/mcollective/registration/choria.rb | 87 -------------- lib/mcollective/util/choria.rb | 46 ++++++-- module/choria/data/plugin.yaml | 3 +- spec/fixtures/intermediate/Makefile | 42 +++++++ spec/fixtures/intermediate/README.md | 6 + spec/fixtures/intermediate/ca-key.pem | 5 + spec/fixtures/intermediate/ca.csr | 10 ++ spec/fixtures/intermediate/ca.pem | 16 +-- spec/fixtures/intermediate/certs/ca.pem | 14 +++ .../intermediate/certs/ca_chain_ca.pem | 29 +++++ .../certs/ca_chain_rip.mcollective.pem | 19 +++ .../certs/email-chain-rip.mcollective.pem | 34 ++++++ .../intermediate/certs/rip.mcollective.pem | 34 ++++++ .../certs/second.rip.mcollective.pem | 34 ++++++ .../intermediate/chain-rip.mcollective.pem | 54 ++++----- spec/fixtures/intermediate/config.json | 36 ++++++ spec/fixtures/intermediate/csr.json | 10 ++ spec/fixtures/intermediate/email.json | 11 ++ .../intermediate/intermediate-key.pem | 5 + spec/fixtures/intermediate/intermediate.csr | 10 ++ spec/fixtures/intermediate/intermediate.json | 20 ++++ spec/fixtures/intermediate/intermediate.pem | 15 +++ .../intermediate/rip.mcollective-key.pem | 50 ++++---- .../fixtures/intermediate/rip.mcollective.csr | 16 +++ .../fixtures/intermediate/rip.mcollective.pem | 28 ++--- spec/fixtures/intermediate/root.json | 20 ++++ spec/fixtures/intermediate/subject.json | 4 + spec/unit/mcollective/connector/nats_spec.rb | 14 +++ .../mcollective/registration/choria_spec.rb | 111 ------------------ spec/unit/mcollective/util/choria_spec.rb | 59 ++++++++++ 34 files changed, 643 insertions(+), 333 deletions(-) delete mode 100644 lib/mcollective/registration/choria.rb create mode 100644 spec/fixtures/intermediate/Makefile create mode 100644 spec/fixtures/intermediate/README.md create mode 100644 spec/fixtures/intermediate/ca-key.pem create mode 100644 spec/fixtures/intermediate/ca.csr create mode 100644 spec/fixtures/intermediate/certs/ca.pem create mode 100644 spec/fixtures/intermediate/certs/ca_chain_ca.pem create mode 100644 spec/fixtures/intermediate/certs/ca_chain_rip.mcollective.pem create mode 100644 spec/fixtures/intermediate/certs/email-chain-rip.mcollective.pem create mode 100644 spec/fixtures/intermediate/certs/rip.mcollective.pem create mode 100644 spec/fixtures/intermediate/certs/second.rip.mcollective.pem create mode 100644 spec/fixtures/intermediate/config.json create mode 100644 spec/fixtures/intermediate/csr.json create mode 100644 spec/fixtures/intermediate/email.json create mode 100644 spec/fixtures/intermediate/intermediate-key.pem create mode 100644 spec/fixtures/intermediate/intermediate.csr create mode 100644 spec/fixtures/intermediate/intermediate.json create mode 100644 spec/fixtures/intermediate/intermediate.pem create mode 100644 spec/fixtures/intermediate/rip.mcollective.csr create mode 100644 spec/fixtures/intermediate/root.json create mode 100644 spec/fixtures/intermediate/subject.json delete mode 100644 spec/unit/mcollective/registration/choria_spec.rb diff --git a/Gemfile b/Gemfile index 0c6915d..107ea69 100644 --- a/Gemfile +++ b/Gemfile @@ -1,8 +1,9 @@ source "https://rubygems.org" -gem "nats-pure", "~> 0.5" +gem "nats-pure", "~> 0.6" group :development, :test do + gem "choria-mcorpc-support" gem "coveralls" gem "diplomat", "~> 2" gem "etcdv3", "~> 0.6.0" @@ -11,9 +12,8 @@ group :development, :test do gem "jgrep", ">= 1.5.0" gem "json-schema-rspec" gem "listen", "~> 3" - gem "mcollective-client" gem "mocha" - gem "puppet", "~> 5.4" + gem "puppet", "~> 6" gem "rake" gem "rspec" gem "rubocop", "0.51.0" diff --git a/Gemfile.lock b/Gemfile.lock index f4ed512..5c48265 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,10 +1,14 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.6.0) - public_suffix (>= 2.0.2, < 4.0) + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) ast (2.4.0) + choria-mcorpc-support (2.20.0) + json (~> 2.1, >= 2.1.0) + systemu (~> 2.6, >= 2.6.4) coderay (1.1.2) + concurrent-ruby (1.1.5) coveralls (0.8.23) json (>= 1.8, < 3) simplecov (~> 0.16.1) @@ -22,13 +26,13 @@ GEM etcdv3 (0.6.0) faraday (= 0.11.0) grpc (= 1.2.5) - facter (2.5.5) + facter (2.5.6) faraday (0.11.0) multipart-post (>= 1.2, < 3) - fast_gettext (1.1.2) - ffi (1.11.1) + fast_gettext (1.8.0) + ffi (1.11.2) formatador (0.2.5) - google-protobuf (3.9.1) + google-protobuf (3.10.1) googleauth (0.5.1) faraday (~> 0.9) jwt (~> 1.4) @@ -40,7 +44,7 @@ GEM grpc (1.2.5) google-protobuf (~> 3.1) googleauth (~> 0.5.1) - guard (2.15.0) + guard (2.16.1) formatador (>= 0.2.4) listen (>= 2.7, < 4.0) lumberjack (>= 1.0.12, < 2.0) @@ -58,8 +62,10 @@ GEM guard (>= 2.0.0) guard-compat (~> 1.0) hashdiff (1.0.0) - hiera (3.5.0) - jgrep (1.5.0) + hiera (3.6.0) + hocon (1.3.0) + httpclient (2.8.3) + jgrep (1.5.1) json (2.2.0) json-schema (2.8.1) addressable (>= 2.4) @@ -67,26 +73,21 @@ GEM json-schema (~> 2.5) rspec jwt (1.5.6) - listen (3.1.5) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - ruby_dep (~> 1.2) + listen (3.2.0) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) little-plugger (1.1.4) locale (2.1.2) logging (2.2.2) little-plugger (~> 1.1) multi_json (~> 1.10) lumberjack (1.0.13) - mcollective-client (2.12.4) - json - stomp - systemu - memoist (0.16.0) + memoist (0.16.1) metaclass (0.0.4) method_source (0.9.2) mocha (1.9.0) metaclass (~> 0.0.1) - multi_json (1.13.1) + multi_json (1.14.1) multipart-post (2.1.1) nats-pure (0.6.2) nenv (0.3.0) @@ -94,39 +95,46 @@ GEM nenv (~> 0.1) shellany (~> 0.0) os (0.9.6) - parallel (1.17.0) - parser (2.6.3.0) + parallel (1.19.0) + parser (2.6.5.0) ast (~> 2.4.0) powerpack (0.1.2) pry (0.12.2) coderay (~> 1.1.0) method_source (~> 0.9.0) - public_suffix (3.1.1) - puppet (5.5.16) + public_suffix (4.0.1) + puppet (6.11.1) + concurrent-ruby (~> 1.0) + deep_merge (~> 1.0) facter (> 2.0.1, < 4) - fast_gettext (~> 1.1.2) + fast_gettext (~> 1.1) hiera (>= 3.2.1, < 4) + httpclient (~> 2.8) locale (~> 2.1) multi_json (~> 1.10) + puppet-resource_api (~> 1.5) + semantic_puppet (~> 1.0) + puppet-resource_api (1.8.7) + hocon (>= 1.0) rainbow (2.2.2) rake - rake (12.3.3) + rake (13.0.1) rb-fsevent (0.10.3) rb-inotify (0.10.0) ffi (~> 1.0) - rspec (3.8.0) - rspec-core (~> 3.8.0) - rspec-expectations (~> 3.8.0) - rspec-mocks (~> 3.8.0) - rspec-core (3.8.2) - rspec-support (~> 3.8.0) - rspec-expectations (3.8.4) + rspec (3.9.0) + rspec-core (~> 3.9.0) + rspec-expectations (~> 3.9.0) + rspec-mocks (~> 3.9.0) + rspec-core (3.9.0) + rspec-support (~> 3.9.0) + rspec-expectations (3.9.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-mocks (3.8.1) + rspec-support (~> 3.9.0) + rspec-mocks (3.9.0) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-support (3.8.2) + rspec-support (~> 3.9.0) + rspec-support (3.9.0) rubocop (0.51.0) parallel (~> 1.10) parser (>= 2.3.3.1, < 3.0) @@ -135,11 +143,10 @@ GEM ruby-progressbar (~> 1.7) unicode-display_width (~> 1.0, >= 1.0.1) ruby-progressbar (1.10.1) - ruby_dep (1.5.0) safe_yaml (1.0.5) semantic_puppet (1.0.2) shellany (0.0.1) - signet (0.11.0) + signet (0.12.0) addressable (~> 2.3) faraday (~> 0.9) jwt (>= 1.5, < 3.0) @@ -149,14 +156,13 @@ GEM json (>= 1.8, < 3) simplecov-html (~> 0.10.0) simplecov-html (0.10.2) - stomp (1.4.8) systemu (2.6.5) term-ansicolor (1.7.1) tins (~> 1.0) thor (0.20.3) - tins (1.21.1) + tins (1.22.2) unicode-display_width (1.6.0) - webmock (3.6.2) + webmock (3.7.6) addressable (>= 2.3.6) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -166,6 +172,7 @@ PLATFORMS ruby DEPENDENCIES + choria-mcorpc-support coveralls diplomat (~> 2) etcdv3 (~> 0.6.0) @@ -174,10 +181,9 @@ DEPENDENCIES jgrep (>= 1.5.0) json-schema-rspec listen (~> 3) - mcollective-client mocha - nats-pure (~> 0.5) - puppet (~> 5.4) + nats-pure (~> 0.6) + puppet (~> 6) rake rspec rubocop (= 0.51.0) diff --git a/lib/mcollective/application/choria.rb b/lib/mcollective/application/choria.rb index 54c502d..48d258a 100644 --- a/lib/mcollective/application/choria.rb +++ b/lib/mcollective/application/choria.rb @@ -129,6 +129,7 @@ def show_config_command # rubocop:disable Metrics/MethodLength puts " Using SRV Records: %s" % choria.should_use_srv? puts " Federated: %s" % choria.federated? puts " SRV Domain: %s" % choria.srv_domain + puts " NATS NGS: %s" % choria.ngs? middleware_servers = choria.middleware_servers("puppet", 4222).map {|s, p| "%s:%s" % [s, p]}.join(", ") @@ -168,7 +169,7 @@ def show_config_command # rubocop:disable Metrics/MethodLength puts - puts "SSL setup:" + puts "Security setup:" puts valid_ssl = choria.check_ssl_setup(false) rescue false @@ -193,6 +194,14 @@ def show_config_command # rubocop:disable Metrics/MethodLength puts " Public Cert CN: %s (%s)" % [cn, cn == choria.certname ? Util.colorize(:green, "match") : Util.colorize(:red, "does not match certname")] end + if choria.credential_file? + puts " NATS Credentials: %s (%s)" % [ + choria.credential_file, + File.exist?(choria.credential_file) ? Util.colorize(:green, "exit") : Util.colorize(:red, "does not exist") + ] + puts " 'nkeys' gem: %s" % choria.nkeys? + end + puts puts "Active Choria configuration settings as found in configuration files:" diff --git a/lib/mcollective/connector/nats.rb b/lib/mcollective/connector/nats.rb index ead0fbc..0ae0f94 100644 --- a/lib/mcollective/connector/nats.rb +++ b/lib/mcollective/connector/nats.rb @@ -74,11 +74,14 @@ def connect :name => @config.identity } + parameters[:user_credentials] = choria.credential_file if choria.credential_file? + if $choria_unsafe_disable_nats_tls # rubocop:disable Style/GlobalVars Log.warn("Disabling TLS in NATS connector, this is not a production supported setup") + elsif choria.ngs? + configure_ngs(parameters) else - parameters[:tls] = {:context => choria.ssl_context} - choria.check_ssl_setup + configure_tls(parameters) end servers = server_list @@ -93,6 +96,22 @@ def connect nil end + def configure_tls(parameters) + parameters[:tls] = {:context => choria.ssl_context} + choria.check_ssl_setup + end + + def configure_ngs(parameters) + Log.debug("Disabling specific TLS during connection to NGS") + + raise("nkeys rubygem is required for connections with credentials") unless choria.nkeys? + + tls = OpenSSL::SSL::SSLContext.new + tls.ssl_version = :TLSv1_2 + + parameters[:tls] = {:context => tls} + end + # Disconnects from NATS def disconnect connection.stop diff --git a/lib/mcollective/registration/choria.rb b/lib/mcollective/registration/choria.rb deleted file mode 100644 index b894597..0000000 --- a/lib/mcollective/registration/choria.rb +++ /dev/null @@ -1,87 +0,0 @@ -require "tempfile" -require "fileutils" - -module MCollective - module Registration - class Choria < Base - attr_writer :connection - - def run(connection) - if interval == 0 - Log.info("Choria registration cannot start as registerinterval is 0") - return false - else - Log.info("Choria registration starting, storing stats in %s every %d seconds" % [registration_file, interval]) - end - - @connection = connection - - Thread.new do - publish_thread - end - end - - def publish_thread - loop do - begin - publish - rescue Exception # rubocop:disable Lint/RescueException - Log.error("Could not write Choria stats data to %s: %s: %s" % [registration_file, $!.class, $!.to_s]) - ensure - sleep(interval) - end - end - end - - def publish - tempfile = Tempfile.new(File.basename(registration_file), File.dirname(registration_file)) - tempfile.write(registration_data.to_json) - tempfile.close - - File.chmod(0o0644, tempfile.path) - File.rename(tempfile.path, registration_file) - end - - def connected_server - if @connection.connected? - @connection.connected_server - else - "disconnected" - end - end - - def connector_stats - @connection.stats - end - - def interval - config.registerinterval - end - - def registration_file - if config.pluginconf["choria.registration.file"] - config.pluginconf["choria.registration.file"] - else - File.join(File.dirname(config.logfile), "choria-stats.json") - end - end - - def registration_data - { - "timestamp" => Time.now.to_i, - "identity" => config.identity, - "version" => MCollective::VERSION, - "stats" => PluginManager["global_stats"].to_hash, - "nats" => { - "connected_server" => connected_server, - "stats" => connector_stats - } - } - end - - def config - Config.instance - end - end - end -end diff --git a/lib/mcollective/util/choria.rb b/lib/mcollective/util/choria.rb index 734b88b..4831ce1 100644 --- a/lib/mcollective/util/choria.rb +++ b/lib/mcollective/util/choria.rb @@ -19,6 +19,37 @@ def initialize(check_ssl=true) check_ssl_setup if check_ssl end + # Determines the configured path to the NATS credentials, empty when not set + # + # @return [String] + def credential_file + get_option("nats.credentials", "") + end + + # Determines if a credential file is configured + # + # @return [Boolean] + def credential_file? + credential_file != "" + end + + # Determines if we are connecting to NGS based on credentials and the nats.ngs setting + # + # @return [Boolean] + def ngs? + credential_file != "" && Util.str_to_bool(get_option("nats.ngs", "false")) + end + + # Attempts to load the optional nkeys library + # + # @return [Boolean] + def nkeys? + require "nkeys" + true + rescue LoadError + false + end + # Creates a new TasksSupport instance with the configured cache dir # # @return [TasksSupport] @@ -372,11 +403,7 @@ def valid_certificate?(pubcert, name, log=true) unless ca.verify(incoming, chain) if log - Log.warn("Failed to verify certificate %s against CA %s in %s" % [ - incoming.subject.to_s, - incoming.issuer.to_s, - ca_path - ]) + Log.warn("Failed to verify certificate %s against CA %s in %s" % [incoming.subject.to_s, incoming.issuer.to_s, ca_path]) end return false @@ -385,10 +412,7 @@ def valid_certificate?(pubcert, name, log=true) Log.debug("Verified certificate %s against CA %s" % [incoming.subject.to_s, incoming.issuer.to_s]) if log unless OpenSSL::SSL.verify_certificate_identity(incoming, name) - raise("Could not parse certificate with subject %s as it has no CN part, or name %s invalid" % [ - incoming.subject.to_s, - name - ]) + raise("Could not parse certificate with subject %s as it has no CN part, or name %s invalid" % [incoming.subject.to_s, name]) end name @@ -497,6 +521,7 @@ def server_resolver(config_option, srv_records, default_host=nil, default_port=n # # Attempts to find servers in the following order: # + # * connects.ngs.global if configured to be ngs and empty choria.middleware_hosts # * Any federation servers if in a federation # * Configured hosts in choria.middleware_hosts # * SRV lookups in _mcollective-server._tcp and _x-puppet-mcollective._tcp @@ -509,6 +534,8 @@ def server_resolver(config_option, srv_records, default_host=nil, default_port=n # @param default_port [String] default port # @return [Array>] groups of host and port def middleware_servers(default_host="puppet", default_port="4222") + return [["connect.ngs.global", "4222"]] if ngs? && !has_option?("choria.middleware_hosts") + if federated? && federation = federation_middleware_servers return federation end @@ -697,6 +724,7 @@ def puppet_setting(setting) def ssl_context context = OpenSSL::SSL::SSLContext.new context.ca_file = ca_path + context.ssl_version = :TLSv1_2 public_cert = File.read(client_public_cert) private_key = File.read(client_private_key) diff --git a/module/choria/data/plugin.yaml b/module/choria/data/plugin.yaml index 6d0efc0..433fb9c 100644 --- a/module/choria/data/plugin.yaml +++ b/module/choria/data/plugin.yaml @@ -1,7 +1,7 @@ --- mcollective_choria::config_name: choria mcollective_choria::gem_dependencies: - "nats-pure": "0.5.0" + "nats-pure": "0.6.2" mcollective_choria::client_directories: - util/playbook @@ -13,7 +13,6 @@ mcollective_choria::client_directories: mcollective_choria::server_files: - agent/choria_util.rb - audit/choria.rb - - registration/choria.rb mcollective_choria::client_files: - application/choria.rb - application/playbook.rb diff --git a/spec/fixtures/intermediate/Makefile b/spec/fixtures/intermediate/Makefile new file mode 100644 index 0000000..a7dcd32 --- /dev/null +++ b/spec/fixtures/intermediate/Makefile @@ -0,0 +1,42 @@ +all: + @rm -f ${PWD}/*.csr ${PWD}/*.pem + cfssl genkey -initca root.json | cfssljson -bare ca + cfssl genkey -initca intermediate.json | cfssljson -bare intermediate + cfssl sign -profile ca-to-root -ca ca.pem -ca-key ca-key.pem -config config.json intermediate.csr | cfssljson -bare intermediate + cfssl genkey csr.json | cfssljson -bare rip.mcollective + cfssl gencsr -key rip.mcollective-key.pem csr.json | cfssljson -bare rip.mcollective + cfssl sign -ca intermediate.pem -ca-key intermediate-key.pem rip.mcollective.csr subject.json | cfssljson -bare rip.mcollective && openssl x509 -in rip.mcollective.pem -noout -text + cat rip.mcollective.pem intermediate.pem > chain-rip.mcollective.pem + openssl verify -CAfile ca.pem -untrusted chain-rip.mcollective.pem chain-rip.mcollective.pem + cp ca.pem certs/ca.pem + cp chain-rip.mcollective.pem certs/rip.mcollective.pem + +second: + # Make second cert chain to test caching + cfssl gencsr -key rip.mcollective-key.pem csr.json | cfssljson -bare second-rip.mcollective + cfssl sign -ca intermediate.pem -ca-key intermediate-key.pem rip.mcollective.csr subject.json | cfssljson -bare second-rip.mcollective && openssl x509 -in second-rip.mcollective.pem -noout -text + cat second-rip.mcollective.pem intermediate.pem > second-chain-rip.mcollective.pem + openssl x509 -in second-rip.mcollective.pem -noout -text + +ca_chain: + # Make sure that CA side intermediate chains work + cat ca.pem intermediate.pem > certs/ca_chain_ca.pem + cat rip.mcollective.pem > certs/ca_chain_rip.mcollective.pem + openssl verify -CAfile certs/ca_chain_ca.pem certs/ca_chain_rip.mcollective.pem + +email: + cfssl genkey email.json | cfssljson -bare email.rip.mcollective + cfssl gencsr -key email.rip.mcollective-key.pem email.json | cfssljson -bare email.rip.mcollective + cfssl sign -ca intermediate.pem -ca-key intermediate-key.pem email.rip.mcollective.csr subject.json | cfssljson -bare email.rip.mcollective && openssl x509 -in email.rip.mcollective.pem -noout -text + cat email.rip.mcollective.pem intermediate.pem > email-chain-rip.mcollective.pem + openssl verify -CAfile ca.pem -untrusted email-chain-rip.mcollective.pem email-chain-rip.mcollective.pem + cp email-chain-rip.mcollective.pem certs/email-chain-rip.mcollective.pem + +deploy: + cp ca.pem certs/ca.pem + cp chain-rip.mcollective.pem certs/rip.mcollective.pem + cp second-chain-rip.mcollective.pem certs/second.rip.mcollective.pem + + +clean: + rm -f *.pem *.csr diff --git a/spec/fixtures/intermediate/README.md b/spec/fixtures/intermediate/README.md new file mode 100644 index 0000000..85a8bd2 --- /dev/null +++ b/spec/fixtures/intermediate/README.md @@ -0,0 +1,6 @@ +Intermediate certs +--- + +Requires `cfssl` and friends. Install them from https://github.com/cloudflare/cfssl + +Run the Makefile to regenerate the CA, intermediate CA, and the chained cert. This test does not currently need the private keys around. diff --git a/spec/fixtures/intermediate/ca-key.pem b/spec/fixtures/intermediate/ca-key.pem new file mode 100644 index 0000000..f38e543 --- /dev/null +++ b/spec/fixtures/intermediate/ca-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIEnb0AMY9tUIZyVgUwSmBO/m+LppzaSFZZS+8/I+aYGSoAoGCCqGSM49 +AwEHoUQDQgAEd8c39I4OFzRHZzGKCeO7yC+fyBY6uI6X5IWV3KwggWCJJT4ISAGX +0nU3UcyiRKsmPIkgxfBAN5+0FVcR6wAPcA== +-----END EC PRIVATE KEY----- diff --git a/spec/fixtures/intermediate/ca.csr b/spec/fixtures/intermediate/ca.csr new file mode 100644 index 0000000..70e5ba5 --- /dev/null +++ b/spec/fixtures/intermediate/ca.csr @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBVjCB/QIBADB5MQswCQYDVQQGEwJYWDERMA8GA1UECBMITG9jYWxpdHkxDTAL +BgNVBAcTBENpdHkxDzANBgNVBAoTBkNob3JpYTElMCMGA1UECxMcVW5pdCB0ZXN0 +aW5nIEludGVybWVkaWF0ZSBDQTEQMA4GA1UEAxMHUm9vdCBDQTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABHfHN/SODhc0R2cxignju8gvn8gWOriOl+SFldysIIFg +iSU+CEgBl9J1N1HMokSrJjyJIMXwQDeftBVXEesAD3CgIjAgBgkqhkiG9w0BCQ4x +EzARMA8GA1UdEwQIMAYBAf8CAQEwCgYIKoZIzj0EAwIDSAAwRQIhAOQ2L6Hr6fXO ++7QAQedmbyJR6J2Fv4kMOGaiPNgF4TydAiAwK29n6rstqCh0Us7Pc09/sLVTRdC3 +r+j6AbgL4UFUnw== +-----END CERTIFICATE REQUEST----- diff --git a/spec/fixtures/intermediate/ca.pem b/spec/fixtures/intermediate/ca.pem index 8cbbc14..d182a6f 100644 --- a/spec/fixtures/intermediate/ca.pem +++ b/spec/fixtures/intermediate/ca.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- -MIICOjCCAd+gAwIBAgIUSHvvZWWyM18ks49RZkbWkyLslH0wCgYIKoZIzj0EAwIw +MIICOTCCAd+gAwIBAgIUY88uzOsg/a6dcV84k0fqGPCniH8wCgYIKoZIzj0EAwIw eTELMAkGA1UEBhMCWFgxETAPBgNVBAgTCExvY2FsaXR5MQ0wCwYDVQQHEwRDaXR5 MQ8wDQYDVQQKEwZDaG9yaWExJTAjBgNVBAsTHFVuaXQgdGVzdGluZyBJbnRlcm1l -ZGlhdGUgQ0ExEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTgxMTEzMDEyMzAwWhcNNDgx -MTA1MDEyMzAwWjB5MQswCQYDVQQGEwJYWDERMA8GA1UECBMITG9jYWxpdHkxDTAL +ZGlhdGUgQ0ExEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTkxMTIyMDI0NDAwWhcNNDkx +MTE0MDI0NDAwWjB5MQswCQYDVQQGEwJYWDERMA8GA1UECBMITG9jYWxpdHkxDTAL BgNVBAcTBENpdHkxDzANBgNVBAoTBkNob3JpYTElMCMGA1UECxMcVW5pdCB0ZXN0 aW5nIEludGVybWVkaWF0ZSBDQTEQMA4GA1UEAxMHUm9vdCBDQTBZMBMGByqGSM49 -AgEGCCqGSM49AwEHA0IABKKemAj1QsoT3pXQCYK7DD94vNry5BL9OnCmaojzlBFZ -0n0vZJi7/GHtr/OVnUXBQOD7XOOWkHCwHDJq2O0+Am6jRTBDMA4GA1UdDwEB/wQE -AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBQ2M6o4bz7r8MgG9Q0/ -7rN8OgoiETAKBggqhkjOPQQDAgNJADBGAiEA/Yxzoa8YLNzIyWQqHq7tJHnnk3qt -anWV8i+8LIDItw4CIQC6YnE5cNQSUYXtK9L5A8sB8ZcBdO0LIu/zlrbBHQo53A== +AgEGCCqGSM49AwEHA0IABHfHN/SODhc0R2cxignju8gvn8gWOriOl+SFldysIIFg +iSU+CEgBl9J1N1HMokSrJjyJIMXwQDeftBVXEesAD3CjRTBDMA4GA1UdDwEB/wQE +AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBSH7K00sGKz1eBr2ve/ +o7CLaR7wsjAKBggqhkjOPQQDAgNIADBFAiEA4tQ1INJ7qUth87F/iDldEUi++uHs +lm4xbfdinNZmx14CIH8Ldq6qWNP2DRv0TVJ/AQr0PIqlp2mpshT5u0YBFcr2 -----END CERTIFICATE----- diff --git a/spec/fixtures/intermediate/certs/ca.pem b/spec/fixtures/intermediate/certs/ca.pem new file mode 100644 index 0000000..d182a6f --- /dev/null +++ b/spec/fixtures/intermediate/certs/ca.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICOTCCAd+gAwIBAgIUY88uzOsg/a6dcV84k0fqGPCniH8wCgYIKoZIzj0EAwIw +eTELMAkGA1UEBhMCWFgxETAPBgNVBAgTCExvY2FsaXR5MQ0wCwYDVQQHEwRDaXR5 +MQ8wDQYDVQQKEwZDaG9yaWExJTAjBgNVBAsTHFVuaXQgdGVzdGluZyBJbnRlcm1l +ZGlhdGUgQ0ExEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTkxMTIyMDI0NDAwWhcNNDkx +MTE0MDI0NDAwWjB5MQswCQYDVQQGEwJYWDERMA8GA1UECBMITG9jYWxpdHkxDTAL +BgNVBAcTBENpdHkxDzANBgNVBAoTBkNob3JpYTElMCMGA1UECxMcVW5pdCB0ZXN0 +aW5nIEludGVybWVkaWF0ZSBDQTEQMA4GA1UEAxMHUm9vdCBDQTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABHfHN/SODhc0R2cxignju8gvn8gWOriOl+SFldysIIFg +iSU+CEgBl9J1N1HMokSrJjyJIMXwQDeftBVXEesAD3CjRTBDMA4GA1UdDwEB/wQE +AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBSH7K00sGKz1eBr2ve/ +o7CLaR7wsjAKBggqhkjOPQQDAgNIADBFAiEA4tQ1INJ7qUth87F/iDldEUi++uHs +lm4xbfdinNZmx14CIH8Ldq6qWNP2DRv0TVJ/AQr0PIqlp2mpshT5u0YBFcr2 +-----END CERTIFICATE----- diff --git a/spec/fixtures/intermediate/certs/ca_chain_ca.pem b/spec/fixtures/intermediate/certs/ca_chain_ca.pem new file mode 100644 index 0000000..905e1d0 --- /dev/null +++ b/spec/fixtures/intermediate/certs/ca_chain_ca.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIICOjCCAd+gAwIBAgIUSHvvZWWyM18ks49RZkbWkyLslH0wCgYIKoZIzj0EAwIw +eTELMAkGA1UEBhMCWFgxETAPBgNVBAgTCExvY2FsaXR5MQ0wCwYDVQQHEwRDaXR5 +MQ8wDQYDVQQKEwZDaG9yaWExJTAjBgNVBAsTHFVuaXQgdGVzdGluZyBJbnRlcm1l +ZGlhdGUgQ0ExEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTgxMTEzMDEyMzAwWhcNNDgx +MTA1MDEyMzAwWjB5MQswCQYDVQQGEwJYWDERMA8GA1UECBMITG9jYWxpdHkxDTAL +BgNVBAcTBENpdHkxDzANBgNVBAoTBkNob3JpYTElMCMGA1UECxMcVW5pdCB0ZXN0 +aW5nIEludGVybWVkaWF0ZSBDQTEQMA4GA1UEAxMHUm9vdCBDQTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABKKemAj1QsoT3pXQCYK7DD94vNry5BL9OnCmaojzlBFZ +0n0vZJi7/GHtr/OVnUXBQOD7XOOWkHCwHDJq2O0+Am6jRTBDMA4GA1UdDwEB/wQE +AwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBQ2M6o4bz7r8MgG9Q0/ +7rN8OgoiETAKBggqhkjOPQQDAgNJADBGAiEA/Yxzoa8YLNzIyWQqHq7tJHnnk3qt +anWV8i+8LIDItw4CIQC6YnE5cNQSUYXtK9L5A8sB8ZcBdO0LIu/zlrbBHQo53A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICZDCCAgmgAwIBAgIUMHE90peOTHN6Iv2S2R2astND6lswCgYIKoZIzj0EAwIw +eTELMAkGA1UEBhMCWFgxETAPBgNVBAgTCExvY2FsaXR5MQ0wCwYDVQQHEwRDaXR5 +MQ8wDQYDVQQKEwZDaG9yaWExJTAjBgNVBAsTHFVuaXQgdGVzdGluZyBJbnRlcm1l +ZGlhdGUgQ0ExEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTgxMTEzMDEyMzAwWhcNNDgx +MTA1MDEyMzAwWjCBgTELMAkGA1UEBhMCWFgxETAPBgNVBAgTCExvY2FsaXR5MQ0w +CwYDVQQHEwRDaXR5MQ8wDQYDVQQKEwZDaG9yaWExJTAjBgNVBAsTHFVuaXQgdGVz +dGluZyBJbnRlcm1lZGlhdGUgQ0ExGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABNGtHy1coQANdtEj/OK8JjgVxQ+owXlq +X3PWtohIhx1dlD4MS78sPoEblHcU5NAfSPTN23gPw2kalFjV5NJH3I+jZjBkMA4G +A1UdDwEB/wQEAwIBpjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSlQrdE +6JCCk8azRsWXnRuk2ctF+jAfBgNVHSMEGDAWgBQ2M6o4bz7r8MgG9Q0/7rN8Ogoi +ETAKBggqhkjOPQQDAgNJADBGAiEAueRTGMy56l9024iI0tE+huS5E0wEu1ZyQfpI +AnqVQ70CIQCqVCe23uL3Po9THrXrmpVF7n+CJLQnKdpM3uxxsPWAIg== +-----END CERTIFICATE----- diff --git a/spec/fixtures/intermediate/certs/ca_chain_rip.mcollective.pem b/spec/fixtures/intermediate/certs/ca_chain_rip.mcollective.pem new file mode 100644 index 0000000..f11ec3e --- /dev/null +++ b/spec/fixtures/intermediate/certs/ca_chain_rip.mcollective.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDBzCCAqygAwIBAgIUGCd2Rj5pwjR9bGLD9BS6YpWw7SIwCgYIKoZIzj0EAwIw +gYExCzAJBgNVBAYTAlhYMREwDwYDVQQIEwhMb2NhbGl0eTENMAsGA1UEBxMEQ2l0 +eTEPMA0GA1UEChMGQ2hvcmlhMSUwIwYDVQQLExxVbml0IHRlc3RpbmcgSW50ZXJt +ZWRpYXRlIENBMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwHhcNMTgxMTEzMDEy +MzAwWhcNMTkxMTEzMDEyMzAwWjAaMRgwFgYDVQQDEw9yaXAubWNvbGxlY3RpdmUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNN5jOHMOMISkSrwFLmxIS +bKoEuDAwlOSbhFHc89GVbPcHziIJPLqur+YdV0xLZht+ZXvSZDsgo4hjZqXsOCbi +WZkzN5xfSuZqai8NvfEXOjXYjofCh3/bZ7gVcEkSt3EclxbcZ2d1pcX1sjl8GyH5 +pyHmfOJHrpXdVE10Z4QuA58UKZoQ3i9R7ohCVYoUaAJn6+5015x/mWhzuB8ebdjc +mqt/aYK/f1apIxIo909nkXz2BS94B/s6zUGG89sA47Pi13CNC5u7cJ7VEfAQYHWP +F8sXzi6u7+MvDVXRcBPsy1sT89+udANidAtxYhn5On/dDB5qMD77DvJcVN/8Qil5 +AgMBAAGjgZwwgZkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTmgrLpFNVMbh1C5UsF +xVDjd549xzAfBgNVHSMEGDAWgBSlQrdE6JCCk8azRsWXnRuk2ctF+jAaBgNVHREE +EzARgg9yaXAubWNvbGxlY3RpdmUwCgYIKoZIzj0EAwIDSQAwRgIhAIDvVp0fzmEK +ULH79CDG3TqcCDiGRPwWMyRUFjazykNuAiEAypPXG9z+/MgGIO2lsYyhQR/Kd+ao +18XVjuUb3P2egYE= +-----END CERTIFICATE----- diff --git a/spec/fixtures/intermediate/certs/email-chain-rip.mcollective.pem b/spec/fixtures/intermediate/certs/email-chain-rip.mcollective.pem new file mode 100644 index 0000000..46436c2 --- /dev/null +++ b/spec/fixtures/intermediate/certs/email-chain-rip.mcollective.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIDGjCCAsCgAwIBAgIUMo6d0nZxDYqzLqmadFKA3CVePzMwCgYIKoZIzj0EAwIw +gYExCzAJBgNVBAYTAlhYMREwDwYDVQQIEwhMb2NhbGl0eTENMAsGA1UEBxMEQ2l0 +eTEPMA0GA1UEChMGQ2hvcmlhMSUwIwYDVQQLExxVbml0IHRlc3RpbmcgSW50ZXJt +ZWRpYXRlIENBMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwHhcNMTkwNDIwMjA0 +OTAwWhcNMjAwNDE5MjA0OTAwWjAaMRgwFgYDVQQDEw9yaXAubWNvbGxlY3RpdmUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtsM3QOOd4NrtvzWf2ZJMK +NunT54NcjKp7Etz0bG3uz4XJAVzAvTjCgbTjDU7ggsG0h2SWrJpZfOisBZ6AolUS +29Plkq/Lgsh7f6iLNWlXSOlyWj15PKp3pC8KzX1tOeGB4xkR3Khr2EzUOLIRpmTw +QOD/vGs8hv71qkTl5NXCOWaaNHyr6gqZR6bqQaxk6eg+gnxMPz6ztHEWfv+rpaTL +nCdgMVs5YNYfyWeiJWojSqjqFqevuoqc3krfM173Ep+5b9VAaj/zEOSEjvSP9Vlp +QWhhZVkdlTQI51tqj4N1LOVgzLk3CdcOhwoO8f2FDHbaRWg0zDqU8pacUGpCzE77 +AgMBAAGjgbAwga0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRJS6Jh8RgvIjUGCqYV +FU4GjbFnqTAfBgNVHSMEGDAWgBSlQrdE6JCCk8azRsWXnRuk2ctF+jAuBgNVHREE +JzAlgg9yaXAubWNvbGxlY3RpdmWBEnRlc3RAY2hvcmlhLWlvLmNvbTAKBggqhkjO +PQQDAgNIADBFAiATwlrjYLSsuck/jR0HwmDqz0kZQrS376eznSTn1pcSHgIhAMto +kdnFfpLcIdAHZ4tprfJkOSkkJjf+ei+FlCi1EmOR +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICZDCCAgmgAwIBAgIUMHE90peOTHN6Iv2S2R2astND6lswCgYIKoZIzj0EAwIw +eTELMAkGA1UEBhMCWFgxETAPBgNVBAgTCExvY2FsaXR5MQ0wCwYDVQQHEwRDaXR5 +MQ8wDQYDVQQKEwZDaG9yaWExJTAjBgNVBAsTHFVuaXQgdGVzdGluZyBJbnRlcm1l +ZGlhdGUgQ0ExEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTgxMTEzMDEyMzAwWhcNNDgx +MTA1MDEyMzAwWjCBgTELMAkGA1UEBhMCWFgxETAPBgNVBAgTCExvY2FsaXR5MQ0w +CwYDVQQHEwRDaXR5MQ8wDQYDVQQKEwZDaG9yaWExJTAjBgNVBAsTHFVuaXQgdGVz +dGluZyBJbnRlcm1lZGlhdGUgQ0ExGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABNGtHy1coQANdtEj/OK8JjgVxQ+owXlq +X3PWtohIhx1dlD4MS78sPoEblHcU5NAfSPTN23gPw2kalFjV5NJH3I+jZjBkMA4G +A1UdDwEB/wQEAwIBpjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSlQrdE +6JCCk8azRsWXnRuk2ctF+jAfBgNVHSMEGDAWgBQ2M6o4bz7r8MgG9Q0/7rN8Ogoi +ETAKBggqhkjOPQQDAgNJADBGAiEAueRTGMy56l9024iI0tE+huS5E0wEu1ZyQfpI +AnqVQ70CIQCqVCe23uL3Po9THrXrmpVF7n+CJLQnKdpM3uxxsPWAIg== +-----END CERTIFICATE----- diff --git a/spec/fixtures/intermediate/certs/rip.mcollective.pem b/spec/fixtures/intermediate/certs/rip.mcollective.pem new file mode 100644 index 0000000..42a7153 --- /dev/null +++ b/spec/fixtures/intermediate/certs/rip.mcollective.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIDBTCCAqygAwIBAgIUVI0kU2/qW/L8xCn7oqPSjxm2fRgwCgYIKoZIzj0EAwIw +gYExCzAJBgNVBAYTAlhYMREwDwYDVQQIEwhMb2NhbGl0eTENMAsGA1UEBxMEQ2l0 +eTEPMA0GA1UEChMGQ2hvcmlhMSUwIwYDVQQLExxVbml0IHRlc3RpbmcgSW50ZXJt +ZWRpYXRlIENBMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwHhcNMTkxMTIyMDI0 +NDAwWhcNMjAxMTIxMDI0NDAwWjAaMRgwFgYDVQQDEw9yaXAubWNvbGxlY3RpdmUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbo3ht8Q/MGVOcBzkvY7sS +24zPy+ntn42je/LLGdG7DZ7o7+lfCkG1ZpyGirS/Dp7jRe2WF0jHufFbQW7Nl+VN +zE3/WbsPfmww5nQA8zEE7UvoISLwCFB+bOXs/wOIIkbEw8lTpcsH29s5iG98xcMT +IOD8jKtDWETlS3YNPC90RwB5qmB7PRIcQ0px7i12V+VdxgRrLT7Q1d6cl7NCThow +1z7dRTKH15rRTXN0VaJoBxKYtHmJsP1O7QFxCrziL3J7MXMtFBdHC62LQTS32WL4 +4yWl1zBmG4/rQfFybZ7wHl6RalrXwPFaf7A2dasoS9WGqWbkpxUDFP+6aHBehtnZ +AgMBAAGjgZwwgZkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSFd8EIGYIPKs4twxz7 +Mn1/s/0dDzAfBgNVHSMEGDAWgBTAIwLAHkO+msDgetFXu3OXLmGP3jAaBgNVHREE +EzARgg9yaXAubWNvbGxlY3RpdmUwCgYIKoZIzj0EAwIDRwAwRAIgDvnXg/aOU6xm +8XKCwlCwINzHyywE/68rd6funxNLLb8CICp6si+Iyifnxrm7NL/nl7b+Vd6mVmJ2 +9wrLUIksdqNy +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICYjCCAgigAwIBAgITAwVCe2hLhq/vYoRbXhrgSp89+DAKBggqhkjOPQQDAjB5 +MQswCQYDVQQGEwJYWDERMA8GA1UECBMITG9jYWxpdHkxDTALBgNVBAcTBENpdHkx +DzANBgNVBAoTBkNob3JpYTElMCMGA1UECxMcVW5pdCB0ZXN0aW5nIEludGVybWVk +aWF0ZSBDQTEQMA4GA1UEAxMHUm9vdCBDQTAeFw0xOTExMjIwMjQ0MDBaFw00OTEx +MTQwMjQ0MDBaMIGBMQswCQYDVQQGEwJYWDERMA8GA1UECBMITG9jYWxpdHkxDTAL +BgNVBAcTBENpdHkxDzANBgNVBAoTBkNob3JpYTElMCMGA1UECxMcVW5pdCB0ZXN0 +aW5nIEludGVybWVkaWF0ZSBDQTEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+ukxzrygWncAXjyTuWtkLwvBIlmCeHHT +yhpKquxraY6HyIAwP9X0j3k10P77atDuPb/2lM9WHT69QIe3bQM6/6NmMGQwDgYD +VR0PAQH/BAQDAgGmMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFMAjAsAe +Q76awOB60Ve7c5cuYY/eMB8GA1UdIwQYMBaAFIfsrTSwYrPV4Gva97+jsItpHvCy +MAoGCCqGSM49BAMCA0gAMEUCIGmO/zNTlAx6/8sEHexr8pxnZi+iHeZw/MWzDw8l +Yvm3AiEAi8vBY7bxQlSDDsGYu2WPnz9RIj8DLI/rzrQZhH+MLss= +-----END CERTIFICATE----- diff --git a/spec/fixtures/intermediate/certs/second.rip.mcollective.pem b/spec/fixtures/intermediate/certs/second.rip.mcollective.pem new file mode 100644 index 0000000..c940438 --- /dev/null +++ b/spec/fixtures/intermediate/certs/second.rip.mcollective.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIDBjCCAqygAwIBAgIUUIJHuge/BYroZQukVOUe3ngKW1EwCgYIKoZIzj0EAwIw +gYExCzAJBgNVBAYTAlhYMREwDwYDVQQIEwhMb2NhbGl0eTENMAsGA1UEBxMEQ2l0 +eTEPMA0GA1UEChMGQ2hvcmlhMSUwIwYDVQQLExxVbml0IHRlc3RpbmcgSW50ZXJt +ZWRpYXRlIENBMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwHhcNMTgxMTEzMDEy +NDAwWhcNMTkxMTEzMDEyNDAwWjAaMRgwFgYDVQQDEw9yaXAubWNvbGxlY3RpdmUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNN5jOHMOMISkSrwFLmxIS +bKoEuDAwlOSbhFHc89GVbPcHziIJPLqur+YdV0xLZht+ZXvSZDsgo4hjZqXsOCbi +WZkzN5xfSuZqai8NvfEXOjXYjofCh3/bZ7gVcEkSt3EclxbcZ2d1pcX1sjl8GyH5 +pyHmfOJHrpXdVE10Z4QuA58UKZoQ3i9R7ohCVYoUaAJn6+5015x/mWhzuB8ebdjc +mqt/aYK/f1apIxIo909nkXz2BS94B/s6zUGG89sA47Pi13CNC5u7cJ7VEfAQYHWP +F8sXzi6u7+MvDVXRcBPsy1sT89+udANidAtxYhn5On/dDB5qMD77DvJcVN/8Qil5 +AgMBAAGjgZwwgZkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTmgrLpFNVMbh1C5UsF +xVDjd549xzAfBgNVHSMEGDAWgBSlQrdE6JCCk8azRsWXnRuk2ctF+jAaBgNVHREE +EzARgg9yaXAubWNvbGxlY3RpdmUwCgYIKoZIzj0EAwIDSAAwRQIgTpWO8zo+gkat +hQ434PMXz6kItjEKrmxf12wn1eGWLtACIQDh68GztHVc2t3cod80CIWPvXy66bMb +f8ubH54MEUwIFQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICZDCCAgmgAwIBAgIUMHE90peOTHN6Iv2S2R2astND6lswCgYIKoZIzj0EAwIw +eTELMAkGA1UEBhMCWFgxETAPBgNVBAgTCExvY2FsaXR5MQ0wCwYDVQQHEwRDaXR5 +MQ8wDQYDVQQKEwZDaG9yaWExJTAjBgNVBAsTHFVuaXQgdGVzdGluZyBJbnRlcm1l +ZGlhdGUgQ0ExEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTgxMTEzMDEyMzAwWhcNNDgx +MTA1MDEyMzAwWjCBgTELMAkGA1UEBhMCWFgxETAPBgNVBAgTCExvY2FsaXR5MQ0w +CwYDVQQHEwRDaXR5MQ8wDQYDVQQKEwZDaG9yaWExJTAjBgNVBAsTHFVuaXQgdGVz +dGluZyBJbnRlcm1lZGlhdGUgQ0ExGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABNGtHy1coQANdtEj/OK8JjgVxQ+owXlq +X3PWtohIhx1dlD4MS78sPoEblHcU5NAfSPTN23gPw2kalFjV5NJH3I+jZjBkMA4G +A1UdDwEB/wQEAwIBpjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSlQrdE +6JCCk8azRsWXnRuk2ctF+jAfBgNVHSMEGDAWgBQ2M6o4bz7r8MgG9Q0/7rN8Ogoi +ETAKBggqhkjOPQQDAgNJADBGAiEAueRTGMy56l9024iI0tE+huS5E0wEu1ZyQfpI +AnqVQ70CIQCqVCe23uL3Po9THrXrmpVF7n+CJLQnKdpM3uxxsPWAIg== +-----END CERTIFICATE----- diff --git a/spec/fixtures/intermediate/chain-rip.mcollective.pem b/spec/fixtures/intermediate/chain-rip.mcollective.pem index c0e7988..42a7153 100644 --- a/spec/fixtures/intermediate/chain-rip.mcollective.pem +++ b/spec/fixtures/intermediate/chain-rip.mcollective.pem @@ -1,34 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIDBzCCAqygAwIBAgIUGCd2Rj5pwjR9bGLD9BS6YpWw7SIwCgYIKoZIzj0EAwIw +MIIDBTCCAqygAwIBAgIUVI0kU2/qW/L8xCn7oqPSjxm2fRgwCgYIKoZIzj0EAwIw gYExCzAJBgNVBAYTAlhYMREwDwYDVQQIEwhMb2NhbGl0eTENMAsGA1UEBxMEQ2l0 eTEPMA0GA1UEChMGQ2hvcmlhMSUwIwYDVQQLExxVbml0IHRlc3RpbmcgSW50ZXJt -ZWRpYXRlIENBMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwHhcNMTgxMTEzMDEy -MzAwWhcNMTkxMTEzMDEyMzAwWjAaMRgwFgYDVQQDEw9yaXAubWNvbGxlY3RpdmUw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNN5jOHMOMISkSrwFLmxIS -bKoEuDAwlOSbhFHc89GVbPcHziIJPLqur+YdV0xLZht+ZXvSZDsgo4hjZqXsOCbi -WZkzN5xfSuZqai8NvfEXOjXYjofCh3/bZ7gVcEkSt3EclxbcZ2d1pcX1sjl8GyH5 -pyHmfOJHrpXdVE10Z4QuA58UKZoQ3i9R7ohCVYoUaAJn6+5015x/mWhzuB8ebdjc -mqt/aYK/f1apIxIo909nkXz2BS94B/s6zUGG89sA47Pi13CNC5u7cJ7VEfAQYHWP -F8sXzi6u7+MvDVXRcBPsy1sT89+udANidAtxYhn5On/dDB5qMD77DvJcVN/8Qil5 +ZWRpYXRlIENBMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwHhcNMTkxMTIyMDI0 +NDAwWhcNMjAxMTIxMDI0NDAwWjAaMRgwFgYDVQQDEw9yaXAubWNvbGxlY3RpdmUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbo3ht8Q/MGVOcBzkvY7sS +24zPy+ntn42je/LLGdG7DZ7o7+lfCkG1ZpyGirS/Dp7jRe2WF0jHufFbQW7Nl+VN +zE3/WbsPfmww5nQA8zEE7UvoISLwCFB+bOXs/wOIIkbEw8lTpcsH29s5iG98xcMT +IOD8jKtDWETlS3YNPC90RwB5qmB7PRIcQ0px7i12V+VdxgRrLT7Q1d6cl7NCThow +1z7dRTKH15rRTXN0VaJoBxKYtHmJsP1O7QFxCrziL3J7MXMtFBdHC62LQTS32WL4 +4yWl1zBmG4/rQfFybZ7wHl6RalrXwPFaf7A2dasoS9WGqWbkpxUDFP+6aHBehtnZ AgMBAAGjgZwwgZkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTmgrLpFNVMbh1C5UsF -xVDjd549xzAfBgNVHSMEGDAWgBSlQrdE6JCCk8azRsWXnRuk2ctF+jAaBgNVHREE -EzARgg9yaXAubWNvbGxlY3RpdmUwCgYIKoZIzj0EAwIDSQAwRgIhAIDvVp0fzmEK -ULH79CDG3TqcCDiGRPwWMyRUFjazykNuAiEAypPXG9z+/MgGIO2lsYyhQR/Kd+ao -18XVjuUb3P2egYE= +BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSFd8EIGYIPKs4twxz7 +Mn1/s/0dDzAfBgNVHSMEGDAWgBTAIwLAHkO+msDgetFXu3OXLmGP3jAaBgNVHREE +EzARgg9yaXAubWNvbGxlY3RpdmUwCgYIKoZIzj0EAwIDRwAwRAIgDvnXg/aOU6xm +8XKCwlCwINzHyywE/68rd6funxNLLb8CICp6si+Iyifnxrm7NL/nl7b+Vd6mVmJ2 +9wrLUIksdqNy -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICZDCCAgmgAwIBAgIUMHE90peOTHN6Iv2S2R2astND6lswCgYIKoZIzj0EAwIw -eTELMAkGA1UEBhMCWFgxETAPBgNVBAgTCExvY2FsaXR5MQ0wCwYDVQQHEwRDaXR5 -MQ8wDQYDVQQKEwZDaG9yaWExJTAjBgNVBAsTHFVuaXQgdGVzdGluZyBJbnRlcm1l -ZGlhdGUgQ0ExEDAOBgNVBAMTB1Jvb3QgQ0EwHhcNMTgxMTEzMDEyMzAwWhcNNDgx -MTA1MDEyMzAwWjCBgTELMAkGA1UEBhMCWFgxETAPBgNVBAgTCExvY2FsaXR5MQ0w -CwYDVQQHEwRDaXR5MQ8wDQYDVQQKEwZDaG9yaWExJTAjBgNVBAsTHFVuaXQgdGVz -dGluZyBJbnRlcm1lZGlhdGUgQ0ExGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTBZ -MBMGByqGSM49AgEGCCqGSM49AwEHA0IABNGtHy1coQANdtEj/OK8JjgVxQ+owXlq -X3PWtohIhx1dlD4MS78sPoEblHcU5NAfSPTN23gPw2kalFjV5NJH3I+jZjBkMA4G -A1UdDwEB/wQEAwIBpjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSlQrdE -6JCCk8azRsWXnRuk2ctF+jAfBgNVHSMEGDAWgBQ2M6o4bz7r8MgG9Q0/7rN8Ogoi -ETAKBggqhkjOPQQDAgNJADBGAiEAueRTGMy56l9024iI0tE+huS5E0wEu1ZyQfpI -AnqVQ70CIQCqVCe23uL3Po9THrXrmpVF7n+CJLQnKdpM3uxxsPWAIg== +MIICYjCCAgigAwIBAgITAwVCe2hLhq/vYoRbXhrgSp89+DAKBggqhkjOPQQDAjB5 +MQswCQYDVQQGEwJYWDERMA8GA1UECBMITG9jYWxpdHkxDTALBgNVBAcTBENpdHkx +DzANBgNVBAoTBkNob3JpYTElMCMGA1UECxMcVW5pdCB0ZXN0aW5nIEludGVybWVk +aWF0ZSBDQTEQMA4GA1UEAxMHUm9vdCBDQTAeFw0xOTExMjIwMjQ0MDBaFw00OTEx +MTQwMjQ0MDBaMIGBMQswCQYDVQQGEwJYWDERMA8GA1UECBMITG9jYWxpdHkxDTAL +BgNVBAcTBENpdHkxDzANBgNVBAoTBkNob3JpYTElMCMGA1UECxMcVW5pdCB0ZXN0 +aW5nIEludGVybWVkaWF0ZSBDQTEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+ukxzrygWncAXjyTuWtkLwvBIlmCeHHT +yhpKquxraY6HyIAwP9X0j3k10P77atDuPb/2lM9WHT69QIe3bQM6/6NmMGQwDgYD +VR0PAQH/BAQDAgGmMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFMAjAsAe +Q76awOB60Ve7c5cuYY/eMB8GA1UdIwQYMBaAFIfsrTSwYrPV4Gva97+jsItpHvCy +MAoGCCqGSM49BAMCA0gAMEUCIGmO/zNTlAx6/8sEHexr8pxnZi+iHeZw/MWzDw8l +Yvm3AiEAi8vBY7bxQlSDDsGYu2WPnz9RIj8DLI/rzrQZhH+MLss= -----END CERTIFICATE----- diff --git a/spec/fixtures/intermediate/config.json b/spec/fixtures/intermediate/config.json new file mode 100644 index 0000000..70625af --- /dev/null +++ b/spec/fixtures/intermediate/config.json @@ -0,0 +1,36 @@ +{ + "signing": { + "default": { + "expiry": "262800h" + }, + "profiles": { + "ca-to-root": { + "usages": [ + "signing", + "key encipherment", + "cert sign", + "crl sign" + ], + "ca_constraint": {"is_ca": true, "max_path_len":0, "max_path_len_zero": true}, + "expiry": "262800h" + }, + "client": { + "usages": [ + "client auth", + "key encipherment", + "digital signature" + ], + "expiry": "262800h" + }, + "server": { + "usages": [ + "server auth", + "client auth", + "key encipherment", + "digital signature" + ], + "expiry": "262800h" + } + } + } +} diff --git a/spec/fixtures/intermediate/csr.json b/spec/fixtures/intermediate/csr.json new file mode 100644 index 0000000..9eeddb2 --- /dev/null +++ b/spec/fixtures/intermediate/csr.json @@ -0,0 +1,10 @@ +{ + "hosts": [ + "rip.mcollective" + ], + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ ] +} diff --git a/spec/fixtures/intermediate/email.json b/spec/fixtures/intermediate/email.json new file mode 100644 index 0000000..ae0351d --- /dev/null +++ b/spec/fixtures/intermediate/email.json @@ -0,0 +1,11 @@ +{ + "hosts": [ + "rip.mcollective", + "test@choria-io.com" + ], + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ ] +} diff --git a/spec/fixtures/intermediate/intermediate-key.pem b/spec/fixtures/intermediate/intermediate-key.pem new file mode 100644 index 0000000..8531bba --- /dev/null +++ b/spec/fixtures/intermediate/intermediate-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIJK9vevoo4d54Wac9KKTGPn0npaQayPggLmx5wg+NtX6oAoGCCqGSM49 +AwEHoUQDQgAE+ukxzrygWncAXjyTuWtkLwvBIlmCeHHTyhpKquxraY6HyIAwP9X0 +j3k10P77atDuPb/2lM9WHT69QIe3bQM6/w== +-----END EC PRIVATE KEY----- diff --git a/spec/fixtures/intermediate/intermediate.csr b/spec/fixtures/intermediate/intermediate.csr new file mode 100644 index 0000000..e092f42 --- /dev/null +++ b/spec/fixtures/intermediate/intermediate.csr @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBXjCCAQMCAQAwgYExCzAJBgNVBAYTAlhYMREwDwYDVQQIEwhMb2NhbGl0eTEN +MAsGA1UEBxMEQ2l0eTEPMA0GA1UEChMGQ2hvcmlhMSUwIwYDVQQLExxVbml0IHRl +c3RpbmcgSW50ZXJtZWRpYXRlIENBMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0Ew +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT66THOvKBadwBePJO5a2QvC8EiWYJ4 +cdPKGkqq7GtpjofIgDA/1fSPeTXQ/vtq0O49v/aUz1YdPr1Ah7dtAzr/oB8wHQYJ +KoZIhvcNAQkOMRAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQDQ +ZHKWrsETDQfX19g+S/861A+svrOo1+sfi9lDRSKquwIhAK6THpxBsp6stQJfBBJD +oMstdTd6Q++pJjpld+C8q7l0 +-----END CERTIFICATE REQUEST----- diff --git a/spec/fixtures/intermediate/intermediate.json b/spec/fixtures/intermediate/intermediate.json new file mode 100644 index 0000000..b0910a8 --- /dev/null +++ b/spec/fixtures/intermediate/intermediate.json @@ -0,0 +1,20 @@ +{ + "CN": "Intermediate CA", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "ca": { + "expiry": "262800h", + "pathlen": 0 + }, + "names": [ + { + "C": "XX", + "L": "City", + "O": "Choria", + "OU": "Unit testing Intermediate CA", + "ST": "Locality" + } + ] +} diff --git a/spec/fixtures/intermediate/intermediate.pem b/spec/fixtures/intermediate/intermediate.pem new file mode 100644 index 0000000..ff99f69 --- /dev/null +++ b/spec/fixtures/intermediate/intermediate.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICYjCCAgigAwIBAgITAwVCe2hLhq/vYoRbXhrgSp89+DAKBggqhkjOPQQDAjB5 +MQswCQYDVQQGEwJYWDERMA8GA1UECBMITG9jYWxpdHkxDTALBgNVBAcTBENpdHkx +DzANBgNVBAoTBkNob3JpYTElMCMGA1UECxMcVW5pdCB0ZXN0aW5nIEludGVybWVk +aWF0ZSBDQTEQMA4GA1UEAxMHUm9vdCBDQTAeFw0xOTExMjIwMjQ0MDBaFw00OTEx +MTQwMjQ0MDBaMIGBMQswCQYDVQQGEwJYWDERMA8GA1UECBMITG9jYWxpdHkxDTAL +BgNVBAcTBENpdHkxDzANBgNVBAoTBkNob3JpYTElMCMGA1UECxMcVW5pdCB0ZXN0 +aW5nIEludGVybWVkaWF0ZSBDQTEYMBYGA1UEAxMPSW50ZXJtZWRpYXRlIENBMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+ukxzrygWncAXjyTuWtkLwvBIlmCeHHT +yhpKquxraY6HyIAwP9X0j3k10P77atDuPb/2lM9WHT69QIe3bQM6/6NmMGQwDgYD +VR0PAQH/BAQDAgGmMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFMAjAsAe +Q76awOB60Ve7c5cuYY/eMB8GA1UdIwQYMBaAFIfsrTSwYrPV4Gva97+jsItpHvCy +MAoGCCqGSM49BAMCA0gAMEUCIGmO/zNTlAx6/8sEHexr8pxnZi+iHeZw/MWzDw8l +Yvm3AiEAi8vBY7bxQlSDDsGYu2WPnz9RIj8DLI/rzrQZhH+MLss= +-----END CERTIFICATE----- diff --git a/spec/fixtures/intermediate/rip.mcollective-key.pem b/spec/fixtures/intermediate/rip.mcollective-key.pem index 39e0166..5c37842 100644 --- a/spec/fixtures/intermediate/rip.mcollective-key.pem +++ b/spec/fixtures/intermediate/rip.mcollective-key.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpgIBAAKCAQEAzTeYzhzDjCEpEq8BS5sSEmyqBLgwMJTkm4RR3PPRlWz3B84i -CTy6rq/mHVdMS2YbfmV70mQ7IKOIY2al7Dgm4lmZMzecX0rmamovDb3xFzo12I6H -wod/22e4FXBJErdxHJcW3GdndaXF9bI5fBsh+ach5nziR66V3VRNdGeELgOfFCma -EN4vUe6IQlWKFGgCZ+vudNecf5loc7gfHm3Y3Jqrf2mCv39WqSMSKPdPZ5F89gUv -eAf7Os1BhvPbAOOz4tdwjQubu3Ce1RHwEGB1jxfLF84uru/jLw1V0XAT7MtbE/Pf -rnQDYnQLcWIZ+Tp/3QweajA++w7yXFTf/EIpeQIDAQABAoIBAQCLcAVhtuWfp0Bz -M3ob1yf2YOM9BbGosOKMUOIW0YxMjZdkNEmoIR1vaJFgylpKuPxha68wi24phTQ8 -5hhDYvv4vIx94oFbtlbNY4zJN5BDCghgNqhEIzFa8SSBXKQqFX7DwF2GMLR5mcPi -Z9DrZLw3F7rPE3fk4NlvY8KlH1kOsasMFs4azvgftHRcIAd2OycV1tL7L8V5e9Bn -peX5CnWmo3rZSZcdZADxiecZlanvb+sstCw6iszaJfnVH+TBThf/06nIH8mHxLUR -6UdE95Lf3lPd5ZQyukwT94SYO5ckuIk2CLXrmcUUzbbD40tXNIe2/2QgVNutpzPP -soMPaKcBAoGBAPUnqKlLwRMn0S9s2CdYBq6gWSpTmCusEjoqi4lDwQ55b40udE0H -XxZb3Myjx8n7ql32tX+M4b13s85Eboh/t/KI+0gM3w2P7W4c9WU1zdnXSVEiMfqP -h7QLwSMMHtbbcHsYRbDvqDgWycS4Rfm4QCmR9M4fYBPCekbAE/50f4AJAoGBANZL -pj0MjibUpc2mILoMlfT5VirrtZysA5OtV4JTTt88+j5yyDRy5wNL+1v6gWZ2gTNS -a+6cwEI3w3UyWEksRArzBmdThNChVGmD3Pm0DMwJBUPoGnYMuFe2W5FXl5YJV8Jo -Rzgu6d5eAtu56hSI3QAwQpuvcsWH7CYyCMdN29nxAoGBALUgC/iow4mHjYHghQLs -gmNajQY8pNz/UKgw7s8HhAdRqR1CCSMwIwy96jA3gVC143Vw5T/LsqztV6c54ABx -fFJw6ladS98VS3JjatrQGbqs2Lpc7VgV20kmthdSySYtErmfgT3skvh9vazeCLUr -cBxGffwcKjvvH7BOEXeaUukhAoGBAK++fMgmatI3pP6h1sceGUE91sf+ZQPnIkvT -ZigQkGeOR6A9XCl/biuK/cqyB7tzRoRDfRbEYPwtZVPRBQyFjAv6wO6uVQcQt/yM -0wXJ/pC6eSH20PSte+UbPb9VuZCnetyJzpaqCsx+BxQSRYGvuKc17PpnCdYroaS1 -dfOVy87RAoGBAIPuUBxWFQQAPxAFZFGyGlPAENm3YkKsqx0v1uWRw6V4LL9siiMr -O30MFmyKBTf5Js/FcVQbf5qTWapNLZE5ypttO9/Uppb6vK/SoksapNiq+thvcvf4 -OFd679tvOhu8yhK8gRDBN6cPQteloBeLD3WB1EH7jWcru0r+Bvj73G2h +MIIEpQIBAAKCAQEA26N4bfEPzBlTnAc5L2O7EtuMz8vp7Z+No3vyyxnRuw2e6O/p +XwpBtWachoq0vw6e40XtlhdIx7nxW0FuzZflTcxN/1m7D35sMOZ0APMxBO1L6CEi +8AhQfmzl7P8DiCJGxMPJU6XLB9vbOYhvfMXDEyDg/IyrQ1hE5Ut2DTwvdEcAeapg +ez0SHENKce4tdlflXcYEay0+0NXenJezQk4aMNc+3UUyh9ea0U1zdFWiaAcSmLR5 +ibD9Tu0BcQq84i9yezFzLRQXRwuti0E0t9li+OMlpdcwZhuP60Hxcm2e8B5ekWpa +18DxWn+wNnWrKEvVhqlm5KcVAxT/umhwXobZ2QIDAQABAoIBAQC7YNfyO5E1l3nM +CCGSO2wy51lXQej9j3w/uBPnj8xs327t3RdkvJRYVQU+hwEyah/FVzgdLxopQooV +R1pnTaoT2DPGoF/FFR7qDQF0egUc5fE3RWXQD9fUM8VojhsOPefQIBQXJ79xofCC +QdKTSQhmvksTSlMl7h1A3UMGgY0ejYvSF6v/gpadboIPE2ehk/igKjVapfYnQ11+ +ee2vTmHBhEhvAXkWWXcctMDVePcmeAxJBqANfONjOrzDtC9OEayExFJxyMveXSG3 +cEVG4VwhYr8PaiRVWrQkQjuzTcEVQ2TdIUg9N0pAO5EZjGeeeq3pBus6rxcOI7HH +fCVKfmTtAoGBAOxU48hQrc3ZSELB6NyflcT6Tbj0uW7ZtKcxqFPsqQe+4c2233rF +4OmUFj0XUbpHMNXo3V63O7/DARZaQy4yBnZwGRYpUeobAL7Tj96J+QGfbscCgiVp +aao/UMkRVqVUXE6yZroQHyqleYaxbbIbpTor6VPD5WUHcglmwiykfjJPAoGBAO3q +7kOONmS1+WXT4jZRsZw1uY19AMl7Gp6i3dgpMvKRlEEuoVm2PVgffJv8lrFPXWDw +04PD+KGrKCtmQvG88/4UL0ParWCB/ClFofVEAKDHhvdiBUdII1iWkk0GVnT+zD/A +ut273Lvq1EtCdYNWBMQiP/YcJPWkb6+HrXoflO9XAoGBAK2wvjAsy3AsryURKrlr +OEGqzJCQm/BSZKk0n8f+eUROD9qG+rxazjAdPDLt/ozvYX71RC0mce0/vn7VG+bJ +sWI+hNF60M9DxUp6ZpRhxvZgXKQ6vbgNPzF2k0MTUSD1XVohV8qLqrxHHYfWww5R +rx+Pwk5j/SZBUJiEQ1VYF7+VAoGAc3UbA3W0N9OHoD7e/HVQt/nqfhs3ko9HL8zh +09DKhKTZSXiTnLGvu2AsXJaLmqhlLHIyczNbKTmiWM1bl2yXC6pH9andkYQDFxRP +sHK7y0qI2OycmycK4CbSAMceldBA1n91L73HNPqU46Dw3jeUQIpOd+TYmsyd1pUF +PsqswCkCgYEAlaWBtRRqNMMrhtE21PxC+fh9Jrjja0sq5mX37TzSNUP3689uyM4O +Q9cAfSYaiVP0T81E17Db7TiopPCe5S1vt23x7NQPPddPZPRanX7Be3XH7yUfWg8U +eFOEk2L6CIxI0uhEvcoI+vSBSYn81rUIkjieujkX4y8wynVMQRHyMXQ= -----END RSA PRIVATE KEY----- diff --git a/spec/fixtures/intermediate/rip.mcollective.csr b/spec/fixtures/intermediate/rip.mcollective.csr new file mode 100644 index 0000000..297ae17 --- /dev/null +++ b/spec/fixtures/intermediate/rip.mcollective.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICcjCCAVoCAQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANuj +eG3xD8wZU5wHOS9juxLbjM/L6e2fjaN78ssZ0bsNnujv6V8KQbVmnIaKtL8OnuNF +7ZYXSMe58VtBbs2X5U3MTf9Zuw9+bDDmdADzMQTtS+ghIvAIUH5s5ez/A4giRsTD +yVOlywfb2zmIb3zFwxMg4PyMq0NYROVLdg08L3RHAHmqYHs9EhxDSnHuLXZX5V3G +BGstPtDV3pyXs0JOGjDXPt1FMofXmtFNc3RVomgHEpi0eYmw/U7tAXEKvOIvcnsx +cy0UF0cLrYtBNLfZYvjjJaXXMGYbj+tB8XJtnvAeXpFqWtfA8Vp/sDZ1qyhL1Yap +ZuSnFQMU/7pocF6G2dkCAwEAAaAtMCsGCSqGSIb3DQEJDjEeMBwwGgYDVR0RBBMw +EYIPcmlwLm1jb2xsZWN0aXZlMA0GCSqGSIb3DQEBCwUAA4IBAQBtM7yz/Kv39fUp +av/OVS6KxbaDAELxZLjhdxKoFVEJKsV+BPmVX0zU4qKK42MiRF3lRvoefRPQDDOe +zKNa+xhDlFeTCefOcsGUJ17TewEnAT5WM9cRtjLMwiA9Hz/bQ8D4PNZBj2/qQ2ly +PGNsDkNE8ykdelsDkHIxKYI71+HkbfnSVvzQg4A6Qr0v4G3FfmjEL/jzzSZstjB0 +7UCmiNeoPtzYYO2kbG3iiVN8cldoCUQ5GxqfakeWbiJLgUfvMTGpQLn81+j0OEkO +q9FuhkzPWjzWrEw/fC574zAuvdPrOf5fYMeMEn7LWT/SdDkQZsQ4VoeLXgpBl0lS +bJw9gHOS +-----END CERTIFICATE REQUEST----- diff --git a/spec/fixtures/intermediate/rip.mcollective.pem b/spec/fixtures/intermediate/rip.mcollective.pem index f11ec3e..7c300dc 100644 --- a/spec/fixtures/intermediate/rip.mcollective.pem +++ b/spec/fixtures/intermediate/rip.mcollective.pem @@ -1,19 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIDBzCCAqygAwIBAgIUGCd2Rj5pwjR9bGLD9BS6YpWw7SIwCgYIKoZIzj0EAwIw +MIIDBTCCAqygAwIBAgIUVI0kU2/qW/L8xCn7oqPSjxm2fRgwCgYIKoZIzj0EAwIw gYExCzAJBgNVBAYTAlhYMREwDwYDVQQIEwhMb2NhbGl0eTENMAsGA1UEBxMEQ2l0 eTEPMA0GA1UEChMGQ2hvcmlhMSUwIwYDVQQLExxVbml0IHRlc3RpbmcgSW50ZXJt -ZWRpYXRlIENBMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwHhcNMTgxMTEzMDEy -MzAwWhcNMTkxMTEzMDEyMzAwWjAaMRgwFgYDVQQDEw9yaXAubWNvbGxlY3RpdmUw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNN5jOHMOMISkSrwFLmxIS -bKoEuDAwlOSbhFHc89GVbPcHziIJPLqur+YdV0xLZht+ZXvSZDsgo4hjZqXsOCbi -WZkzN5xfSuZqai8NvfEXOjXYjofCh3/bZ7gVcEkSt3EclxbcZ2d1pcX1sjl8GyH5 -pyHmfOJHrpXdVE10Z4QuA58UKZoQ3i9R7ohCVYoUaAJn6+5015x/mWhzuB8ebdjc -mqt/aYK/f1apIxIo909nkXz2BS94B/s6zUGG89sA47Pi13CNC5u7cJ7VEfAQYHWP -F8sXzi6u7+MvDVXRcBPsy1sT89+udANidAtxYhn5On/dDB5qMD77DvJcVN/8Qil5 +ZWRpYXRlIENBMRgwFgYDVQQDEw9JbnRlcm1lZGlhdGUgQ0EwHhcNMTkxMTIyMDI0 +NDAwWhcNMjAxMTIxMDI0NDAwWjAaMRgwFgYDVQQDEw9yaXAubWNvbGxlY3RpdmUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbo3ht8Q/MGVOcBzkvY7sS +24zPy+ntn42je/LLGdG7DZ7o7+lfCkG1ZpyGirS/Dp7jRe2WF0jHufFbQW7Nl+VN +zE3/WbsPfmww5nQA8zEE7UvoISLwCFB+bOXs/wOIIkbEw8lTpcsH29s5iG98xcMT +IOD8jKtDWETlS3YNPC90RwB5qmB7PRIcQ0px7i12V+VdxgRrLT7Q1d6cl7NCThow +1z7dRTKH15rRTXN0VaJoBxKYtHmJsP1O7QFxCrziL3J7MXMtFBdHC62LQTS32WL4 +4yWl1zBmG4/rQfFybZ7wHl6RalrXwPFaf7A2dasoS9WGqWbkpxUDFP+6aHBehtnZ AgMBAAGjgZwwgZkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTmgrLpFNVMbh1C5UsF -xVDjd549xzAfBgNVHSMEGDAWgBSlQrdE6JCCk8azRsWXnRuk2ctF+jAaBgNVHREE -EzARgg9yaXAubWNvbGxlY3RpdmUwCgYIKoZIzj0EAwIDSQAwRgIhAIDvVp0fzmEK -ULH79CDG3TqcCDiGRPwWMyRUFjazykNuAiEAypPXG9z+/MgGIO2lsYyhQR/Kd+ao -18XVjuUb3P2egYE= +BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSFd8EIGYIPKs4twxz7 +Mn1/s/0dDzAfBgNVHSMEGDAWgBTAIwLAHkO+msDgetFXu3OXLmGP3jAaBgNVHREE +EzARgg9yaXAubWNvbGxlY3RpdmUwCgYIKoZIzj0EAwIDRwAwRAIgDvnXg/aOU6xm +8XKCwlCwINzHyywE/68rd6funxNLLb8CICp6si+Iyifnxrm7NL/nl7b+Vd6mVmJ2 +9wrLUIksdqNy -----END CERTIFICATE----- diff --git a/spec/fixtures/intermediate/root.json b/spec/fixtures/intermediate/root.json new file mode 100644 index 0000000..e0e561f --- /dev/null +++ b/spec/fixtures/intermediate/root.json @@ -0,0 +1,20 @@ +{ + "CN": "Root CA", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "ca": { + "expiry": "262800h", + "pathlen": 1 + }, + "names": [ + { + "C": "XX", + "L": "City", + "O": "Choria", + "OU": "Unit testing Intermediate CA", + "ST": "Locality" + } + ] +} diff --git a/spec/fixtures/intermediate/subject.json b/spec/fixtures/intermediate/subject.json new file mode 100644 index 0000000..f166cc6 --- /dev/null +++ b/spec/fixtures/intermediate/subject.json @@ -0,0 +1,4 @@ +{ + "CN": "rip.mcollective", + "names": [] +} diff --git a/spec/unit/mcollective/connector/nats_spec.rb b/spec/unit/mcollective/connector/nats_spec.rb index 365a347..f7170f5 100644 --- a/spec/unit/mcollective/connector/nats_spec.rb +++ b/spec/unit/mcollective/connector/nats_spec.rb @@ -21,6 +21,20 @@ module MCollective msg.collective = "mcollective" end + describe "#configure_ngs" do + it "should handle lack of nkeys gem" do + choria.expects(:nkeys?).returns(false) + expect { connector.configure_ngs({}) }.to raise_error("nkeys rubygem is required for connections with credentials") + end + + it "should set tls context" do + choria.expects(:nkeys?).returns(true) + params = {} + connector.configure_ngs(params) + expect(params).to have_key(:tls) + end + end + describe "#client_options" do it "should get the options from the wrapper" do connection.expects(:active_options).returns(:rspec => 1) diff --git a/spec/unit/mcollective/registration/choria_spec.rb b/spec/unit/mcollective/registration/choria_spec.rb deleted file mode 100644 index 7c890cc..0000000 --- a/spec/unit/mcollective/registration/choria_spec.rb +++ /dev/null @@ -1,111 +0,0 @@ -require "spec_helper" -require "mcollective/registration/choria" - -module MCollective - module Registration - describe Choria do - let(:choria) { Choria.new } - let(:connection) { stub } - - before(:each) do - choria.connection = connection - end - - describe "#config" do - it "should get the config instance" do - expect(choria.config).to be(Config.instance) - end - end - - describe "#registration_data" do - it "should return the right data" do - t = Time.now - Time.stubs(:now).returns(t) - PluginManager.expects(:[]).with("global_stats").returns("g_stats" => 1) - choria.expects(:connected_server).returns("nats.example.net") - choria.expects(:connector_stats).returns("c_stats" => 1) - expect(choria.registration_data).to eq( - "timestamp" => t.to_i, - "identity" => "rspec_identity", - "version" => MCollective::VERSION, - "stats" => {"g_stats" => 1}, - "nats" => { - "connected_server" => "nats.example.net", - "stats" => {"c_stats" => 1} - } - ) - end - end - - describe "#registration_file" do - it "should be configurable" do - Config.instance.stubs(:pluginconf).returns("choria.registration.file" => "/nonexisting/stats") - expect(choria.registration_file).to eq("/nonexisting/stats") - end - - it "should default" do - Config.instance.stubs(:logfile).returns("/nonexisting/mcollective.log") - expect(choria.registration_file).to eq("/nonexisting/choria-stats.json") - end - end - - describe "#interval" do - it "should get the right interval" do - Config.instance.expects(:registerinterval).returns(10) - expect(choria.interval).to be(10) - end - end - - describe "#connector_stats" do - it "should fetch the connection stats" do - connection.expects(:stats).returns(:stats => 1) - expect(choria.connector_stats).to eq(:stats => 1) - end - end - - describe "#connected_server" do - it "should return the server if connected" do - connection.expects(:connected?).returns(true) - connection.expects(:connected_server).returns("rspec.example.net") - expect(choria.connected_server).to eq("rspec.example.net") - end - - it "should handle disconnections" do - connection.expects(:connected?).returns(false) - expect(choria.connected_server).to eq("disconnected") - end - end - - describe "#publish" do - it "should write the right file" do - temp = stub(:path => "/nonexisting/xxxx", :close => nil) - Config.instance.stubs(:logfile).returns("/nonexisting/mcollective.log") - Tempfile.expects(:new).with("choria-stats.json", "/nonexisting").returns(temp) - choria.expects(:registration_data).returns("rspec" => 1) - temp.expects(:write).with({"rspec" => 1}.to_json) - File.expects(:chmod).with(0o0644, "/nonexisting/xxxx") - File.expects(:rename).with("/nonexisting/xxxx", "/nonexisting/choria-stats.json") - - choria.publish - end - end - - describe "#run" do - it "should not run when interval is 0" do - choria.stubs(:interval).returns(0) - Thread.expects(:new).never - expect(choria.run(stub)).to be(false) - end - - it "should start the publisher" do - choria.stubs(:interval).returns(5) - choria.stubs(:registration_file).returns("/nonexisting/choria-stats.json") - - # this is pointless but mocha doesnt work with threads - Thread.expects(:new).once - choria.run(stub) - end - end - end - end -end diff --git a/spec/unit/mcollective/util/choria_spec.rb b/spec/unit/mcollective/util/choria_spec.rb index 8bcfcd6..b2a5a07 100644 --- a/spec/unit/mcollective/util/choria_spec.rb +++ b/spec/unit/mcollective/util/choria_spec.rb @@ -6,6 +6,49 @@ module Util describe Choria do let(:choria) { Choria.new(false) } + describe "#credential_file" do + it "should correctly return the configured options" do + expect(choria.credential_file).to eq("") + + Config.instance.stubs(:pluginconf).returns( + "nats.credentials" => "/foo" + ) + + expect(choria.credential_file).to eq("/foo") + end + end + + describe "#credential_file?" do + it "should correctly detect the configured value" do + expect(choria.credential_file?).to be(false) + + Config.instance.stubs(:pluginconf).returns( + "nats.credentials" => "/foo" + ) + + expect(choria.credential_file?).to be(true) + end + end + + describe "#ngs" do + it "should correctly report ngs settings" do + expect(choria.ngs?).to be(false) + + Config.instance.stubs(:pluginconf).returns( + "nats.credentials" => "/foo" + ) + + expect(choria.ngs?).to be(false) + + Config.instance.stubs(:pluginconf).returns( + "nats.credentials" => "/foo", + "nats.ngs" => "true" + ) + + expect(choria.ngs?).to be(true) + end + end + describe "#file_security?" do it "should detect file security settings" do Config.instance.stubs(:pluginconf).returns( @@ -429,6 +472,22 @@ module Util end describe "#middleware_servers" do + it "should support ngs" do + Config.instance.stubs(:pluginconf).returns( + "nats.credentials" => "/foo", + "nats.ngs" => "true" + ) + + expect(choria.middleware_servers).to eq([["connect.ngs.global", "4222"]]) + + Config.instance.stubs(:pluginconf).returns( + "nats.credentials" => "/foo", + "nats.ngs" => "true", + "choria.middleware_hosts" => "x.net:4222" + ) + expect(choria.middleware_servers).to eq([["x.net", "4222"]]) + end + it "should support federations" do choria.expects(:federated?).returns(true) choria.expects(:federation_middleware_servers).returns([["f1.net", "4222"], ["f2.net", "4222"]])