Fix some auth PG tests

qgis · Feb 8, 2021 · 7335ba1fc731a1dd5440d62775d397a1a95d7b82 · 7335ba1
1 parent ac83626
commit 7335ba1fc731a1dd5440d62775d397a1a95d7b82
diff --git a/.docker/docker-compose-testing.yml b/.docker/docker-compose-testing.yml
@@ -7,9 +7,9 @@ services:
     environment:
       - ALLOW_IP_RANGE="172.18.0.0/16"
 # The following files are added in Dockerfile-postgis
-      - SSL_CERT_FILE=/etc/ssl/certs/postgres_cert.crt
-      - SSL_KEY_FILE=/etc/ssl/private/postgres_key.key
-      - SSL_CA_FILE=/etc/ssl/certs/issuer_ca_cert.pem
+      - SSL_CERT_FILE=/etc/ssl/certs/postgres.crt
+      - SSL_KEY_FILE=/etc/ssl/private/postgres.key
+      - SSL_CA_FILE=/etc/ssl/certs/qgis_ca.crt
 
 #  oracle:
 #    image: oslandia/oracle-for-qgis-tests-configured:18.4.0-xe
@@ -21,6 +21,7 @@ services:
 #    ports:
 #      - 1521:1521
 
+
 # Proving very fragile!
 #  mssql:
 #    image: microsoft/mssql-server-linux:2017-latest

diff --git a/tests/src/python/test_authmanager_password_postgres.py b/tests/src/python/test_authmanager_password_postgres.py
@@ -6,7 +6,7 @@
 checks if QGIS can use a stored auth manager auth configuration to access
 a Password protected postgres.
 
-It uses a docker container as postgres/postgis server with certificates from tests/testdata/auth_system/certs_keys
+It uses a docker container as postgres/postgis server with certificates from tests/testdata/auth_system/certs_keys_2048
 
 Use docker-compose -f .ci/travis/linux/docker-compose.travis.yml up postgres to start the server.
 
@@ -96,8 +96,8 @@ def setUpClass(cls):
 
         authm = QgsApplication.authManager()
         assert (authm.setMasterPassword('masterpassword', True))
-        cls.certsdata_path = os.path.join(unitTestDataPath('auth_system'), 'certs_keys')
-        cls.sslrootcert_path = os.path.join(cls.certsdata_path, 'chains_subissuer-issuer-root_issuer2-root2.pem')
+        cls.certsdata_path = os.path.join(unitTestDataPath('auth_system'), 'certs_keys_2048')
+        cls.sslrootcert_path = os.path.join(cls.certsdata_path, 'qgis_ca.crt')
 
     def setUp(self):
         """Run before each test."""

diff --git a/tests/src/python/test_authmanager_pki_postgres.py b/tests/src/python/test_authmanager_pki_postgres.py
@@ -6,18 +6,9 @@
 checks if QGIS can use a stored auth manager auth configuration to access
 a PKI protected postgres.
 
-Configuration from the environment:
+It uses a docker container as postgres/postgis server with certificates from tests/testdata/auth_system/certs_keys_2048
 
-    * QGIS_POSTGRES_SERVER_PORT (default: 55432)
-    * QGIS_POSTGRES_EXECUTABLE_PATH (default: /usr/lib/postgresql/9.4/bin)
-
-
-From build dir, run: ctest -R PyQgsAuthManagerPKIPostgresTest -V
-
-or, if your PostgreSQL path differs from the default:
-
-QGIS_POSTGRES_EXECUTABLE_PATH=/usr/lib/postgresql/<your_version_goes_here>/bin \
-    ctest -R PyQgsAuthManagerPKIPostgresTest -V
+Use docker-compose -f .ci/travis/linux/docker-compose.travis.yml up postgres to start the server.
 
 .. note:: This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -56,41 +47,8 @@
 __date__ = '25/10/2016'
 __copyright__ = 'Copyright 2016, The QGIS Project'
 
-QGIS_POSTGRES_SERVER_PORT = os.environ.get('QGIS_POSTGRES_SERVER_PORT', '55432')
-QGIS_POSTGRES_EXECUTABLE_PATH = os.environ.get('QGIS_POSTGRES_EXECUTABLE_PATH', '/usr/lib/postgresql/9.4/bin')
-
-assert os.path.exists(QGIS_POSTGRES_EXECUTABLE_PATH)
-
-QGIS_AUTH_DB_DIR_PATH = tempfile.mkdtemp()
-
-# Postgres test path
-QGIS_PG_TEST_PATH = tempfile.mkdtemp()
-
-os.environ['QGIS_AUTH_DB_DIR_PATH'] = QGIS_AUTH_DB_DIR_PATH
-
 qgis_app = start_app()
 
-QGIS_POSTGRES_CONF_TEMPLATE = """
-hba_file = '%(tempfolder)s/pg_hba.conf'
-listen_addresses = '*'
-port = %(port)s
-max_connections = 100
-unix_socket_directories = '%(tempfolder)s'
-ssl = true
-ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH'	# allowed SSL ciphers
-ssl_cert_file = '%(server_cert)s'
-ssl_key_file = '%(server_key)s'
-ssl_ca_file = '%(sslrootcert_path)s'
-password_encryption = on
-"""
-
-QGIS_POSTGRES_HBA_TEMPLATE = """
-hostssl    all           all             0.0.0.0/0              cert clientcert=1
-hostssl    all           all             ::1/0                  cert clientcert=1
-host       all           all             127.0.0.1/32           trust
-host       all           all             ::1/32                 trust
-"""
-
 
 class TestAuthManager(unittest.TestCase):
 
@@ -99,12 +57,10 @@ def setUpAuth(cls):
         """Run before all tests and set up authentication"""
         authm = QgsApplication.authManager()
         assert (authm.setMasterPassword('masterpassword', True))
-        cls.pg_conf = os.path.join(cls.tempfolder, 'postgresql.conf')
-        cls.pg_hba = os.path.join(cls.tempfolder, 'pg_hba.conf')
         # Client side
-        cls.sslrootcert_path = os.path.join(cls.certsdata_path, 'chains_subissuer-issuer-root_issuer2-root2.pem')
-        cls.sslcert = os.path.join(cls.certsdata_path, 'gerardus_cert.pem')
-        cls.sslkey = os.path.join(cls.certsdata_path, 'gerardus_key.pem')
+        cls.sslrootcert_path = os.path.join(cls.certsdata_path, 'qgis_ca.crt')
+        cls.sslcert = os.path.join(cls.certsdata_path, 'docker.crt')
+        cls.sslkey = os.path.join(cls.certsdata_path, 'docker.key')
         assert os.path.isfile(cls.sslcert)
         assert os.path.isfile(cls.sslkey)
         assert os.path.isfile(cls.sslrootcert_path)
@@ -115,7 +71,7 @@ def setUpAuth(cls):
         cls.auth_config.setConfig('certpath', cls.sslcert)
         cls.auth_config.setConfig('keypath', cls.sslkey)
         cls.auth_config.setName('test_pki_auth_config')
-        cls.username = 'Gerardus'
+        cls.username = 'docker'
         cls.sslrootcert = QSslCertificate.fromPath(cls.sslrootcert_path)
         assert cls.sslrootcert is not None
         authm.storeCertAuthorities(cls.sslrootcert)
@@ -125,82 +81,27 @@ def setUpAuth(cls):
         assert (authm.storeAuthenticationConfig(cls.auth_config)[0])
         assert cls.auth_config.isValid()
 
-        # Server side
-        cls.server_cert = os.path.join(cls.certsdata_path, 'localhost_ssl_cert.pem')
-        cls.server_key = os.path.join(cls.certsdata_path, 'localhost_ssl_key.pem')
-        cls.server_rootcert = cls.sslrootcert_path
-        os.chmod(cls.server_cert, stat.S_IRUSR)
-        os.chmod(cls.server_key, stat.S_IRUSR)
-        os.chmod(cls.server_rootcert, stat.S_IRUSR)
-
-        # Place conf in the data folder
-        with open(cls.pg_conf, 'w+') as f:
-            f.write(QGIS_POSTGRES_CONF_TEMPLATE % {
-                'port': cls.port,
-                'tempfolder': cls.tempfolder,
-                'server_cert': cls.server_cert,
-                'server_key': cls.server_key,
-                'sslrootcert_path': cls.sslrootcert_path,
-            })
-
-        with open(cls.pg_hba, 'w+') as f:
-            f.write(QGIS_POSTGRES_HBA_TEMPLATE)
 
     @classmethod
     def setUpClass(cls):
         """Run before all tests:
         Creates an auth configuration"""
-        cls.port = QGIS_POSTGRES_SERVER_PORT
-        cls.dbname = 'test_pki'
-        cls.tempfolder = QGIS_PG_TEST_PATH
-        cls.certsdata_path = os.path.join(unitTestDataPath('auth_system'), 'certs_keys')
-        cls.hostname = 'localhost'
-        cls.data_path = os.path.join(cls.tempfolder, 'data')
-        os.mkdir(cls.data_path)
 
+        cls.certsdata_path = os.path.join(unitTestDataPath('auth_system'), 'certs_keys_2048')
         cls.setUpAuth()
-        subprocess.check_call([os.path.join(QGIS_POSTGRES_EXECUTABLE_PATH, 'initdb'), '-D', cls.data_path])
-
-        cls.server = subprocess.Popen([os.path.join(QGIS_POSTGRES_EXECUTABLE_PATH, 'postgres'), '-D',
-                                       cls.data_path, '-c',
-                                       "config_file=%s" % cls.pg_conf],
-                                      env=os.environ,
-                                      stdout=subprocess.PIPE,
-                                      stderr=subprocess.PIPE)
-        # Wait max 10 secs for the server to start
-        end = time.time() + 10
-        while True:
-            line = cls.server.stderr.readline()
-            print(line)
-            if line.find(b"database system is ready to accept") != -1:
-                break
-            if time.time() > end:
-                raise Exception("Timeout connecting to PostgreSQL")
-        # Create a DB
-        subprocess.check_call([os.path.join(QGIS_POSTGRES_EXECUTABLE_PATH, 'createdb'), '-h', 'localhost', '-p', cls.port, 'test_pki'])
-        # Inject test SQL from test path
-        test_sql = os.path.join(unitTestDataPath('provider'), 'testdata_pg.sql')
-        subprocess.check_call([os.path.join(QGIS_POSTGRES_EXECUTABLE_PATH, 'psql'), '-h', 'localhost', '-p', cls.port, '-f', test_sql, cls.dbname])
-        # Create a role
-        subprocess.check_call([os.path.join(QGIS_POSTGRES_EXECUTABLE_PATH, 'psql'), '-h', 'localhost', '-p', cls.port, '-c', 'CREATE ROLE "%s" WITH SUPERUSER LOGIN' % cls.username, cls.dbname])
 
     @classmethod
     def tearDownClass(cls):
         """Run after all tests"""
-        cls.server.terminate()
-        os.kill(cls.server.pid, signal.SIGABRT)
-        del cls.server
-        time.sleep(2)
-        rmtree(QGIS_AUTH_DB_DIR_PATH)
-        rmtree(cls.tempfolder)
+        super().tearDownClass()
 
     def setUp(self):
         """Run before each test."""
-        pass
+        super().setUp()
 
     def tearDown(self):
         """Run after each test."""
-        pass
+        super().tearDown()
 
     @classmethod
     def _getPostGISLayer(cls, type_name, layer_name=None, authcfg=None):
@@ -211,7 +112,7 @@ def _getPostGISLayer(cls, type_name, layer_name=None, authcfg=None):
             layer_name = 'pg_' + type_name
         uri = QgsDataSourceUri()
         uri.setWkbType(QgsWkbTypes.Point)
-        uri.setConnection("localhost", cls.port, cls.dbname, "", "", QgsDataSourceUri.SslVerifyFull, authcfg)
+        uri.setConnection("postgres", '5432', 'qgis_test', "docker", "docker", QgsDataSourceUri.SslVerifyFull, authcfg)
         uri.setKeyColumn('pk')
         uri.setSrid('EPSG:4326')
         uri.setDataSource('qgis_test', 'someData', "geom", "", "pk")

diff --git a/tests/testdata/Dockerfile-postgis b/tests/testdata/Dockerfile-postgis
@@ -1,7 +1,7 @@
 FROM kartoza/postgis:11.5-2.8
 
-ADD auth_system/certs_keys/postgres.crt /etc/ssl/certs/postgres_cert.crt
-ADD auth_system/certs_keys/postgres.key /etc/ssl/private/postgres_key.key
-ADD auth_system/certs_keys/issuer_ca_cert.pem /etc/ssl/certs/issuer_ca_cert.pem
+ADD auth_system/certs_keys_2048/postgres.crt /etc/ssl/certs/postgres.crt
+ADD auth_system/certs_keys_2048/postgres.key /etc/ssl/private/postgres.key
+ADD auth_system/certs_keys_2048/qgis_ca.crt /etc/ssl/certs/qgis_ca.crt
 
-RUN chmod 400 /etc/ssl/private/postgres_key.key
+RUN chmod 400 /etc/ssl/private/postgres.key
diff --git a/tests/testdata/auth_system/certs_keys_2048/127_0_0_1.crt b/tests/testdata/auth_system/certs_keys_2048/127_0_0_1.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAnQCFEdZ8j9kbRfXe0Lplt6mtl3il+JWMA0GCSqGSIb3DQEBCwUAMIGI
+MQswCQYDVQQGEwJDQTEPMA0GA1UECAwGQWxhc2thMRIwEAYDVQQHDAlBbmNob3Jh
+Z2UxETAPBgNVBAoMCFFHSVMuT1JHMR4wHAYDVQQDDBVRR0lTIFJvb3QgQ2VydGlm
+aWNhdGUxITAfBgkqhkiG9w0BCQEWEnRlc3RjZXJ0c0BxZ2lzLm9yZzAeFw0yMTAy
+MDExNDQ2MzNaFw0zMTAxMzAxNDQ2MzNaMHwxCzAJBgNVBAYTAkNBMQ8wDQYDVQQI
+DAZBbGFza2ExEjAQBgNVBAcMCUFuY2hvcmFnZTERMA8GA1UECgwIUUdJUy5PUkcx
+EjAQBgNVBAMMCTEyNy4wLjAuMTEhMB8GCSqGSIb3DQEJARYSdGVzdGNlcnRzQHFn
+aXMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdqxq5SbM0cB
+5uysAUT6n7wJCI0P++muvwBwCXq24ezAyHAfoi8aDQBNBtUoHhpAAtaf6tmy4DxF
+0Q6FiOh6cFXCm2Z6kcQTJ0XUKAYOqc893nt24NUAhukZyzbti26oKtGyV2yHIuzy
+rSXr+e0FPGItryccOvn8VeMtHRmRBsinTjCADtxTx1aGwNAK+r6aP6CMKX4mjN0j
+Xv7bNpDBrmmULtqgka7AB+TM/LnPRQ9+aiGro+59wrsXtQv9dYYd+CUBitWFtr43
+OOn/PidJGsZf0fhDTbYAiOi1H3el/1yQxssy0wfbUOhWRJNBv4ISq4UYdQVnp+yH
+APFM7eyP4wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAL6jO+JjWkd3leROwVgugu
+mZtphz4JBoNOKN1xYyE7w6kb8Du5+xyDtOkWAPet21JrGKi7R4/obIuRUfy67b2r
+o7efE7jUYmTv3D6jWHwocRb7Xk84p/ZEgQ7wp/u+hFASeYZYsDGCk4iPNrpTVAsG
+AwEZNR29lphgih0k2d5jIMOQUCVG6X1aFbhph6I0CS3Voqx8W+FjTIx9SMEOQbWg
+v90dfnp9HCe6LUA50eu/fBQe5yVz6QnVxXWDj3RF6vislHxhA0eVg0X3Hp4Bf3ZX
+d1hVyWn/TvbtR1pi3uFTvU85vXUlAIBhVQN8A62GWMlwSckLXsNOqwiytdQUAvoY
+-----END CERTIFICATE-----
diff --git a/tests/testdata/auth_system/certs_keys_2048/127_0_0_1.csr b/tests/testdata/auth_system/certs_keys_2048/127_0_0_1.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICwTCCAakCAQAwfDELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBkFsYXNrYTESMBAG
+A1UEBwwJQW5jaG9yYWdlMREwDwYDVQQKDAhRR0lTLk9SRzESMBAGA1UEAwwJMTI3
+LjAuMC4xMSEwHwYJKoZIhvcNAQkBFhJ0ZXN0Y2VydHNAcWdpcy5vcmcwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp2rGrlJszRwHm7KwBRPqfvAkIjQ/7
+6a6/AHAJerbh7MDIcB+iLxoNAE0G1SgeGkAC1p/q2bLgPEXRDoWI6HpwVcKbZnqR
+xBMnRdQoBg6pzz3ee3bg1QCG6RnLNu2Lbqgq0bJXbIci7PKtJev57QU8Yi2vJxw6
++fxV4y0dGZEGyKdOMIAO3FPHVobA0Ar6vpo/oIwpfiaM3SNe/ts2kMGuaZQu2qCR
+rsAH5Mz8uc9FD35qIauj7n3Cuxe1C/11hh34JQGK1YW2vjc46f8+J0kaxl/R+ENN
+tgCI6LUfd6X/XJDGyzLTB9tQ6FZEk0G/ghKrhRh1BWen7IcA8Uzt7I/jAgMBAAGg
+ADANBgkqhkiG9w0BAQsFAAOCAQEAcCHqr9HkI7byOrexoeE1eRM94taIzeCnJ+Jx
+d5JWvDEe1VOvoRbFIy7PPEEanEvdEpa1ybp6AIQEi+67jJlk5URTlozql1kjByiH
+45v45tkfuCdr1EFGF3bJjpA8cVyHLLyKMheTvcPNxuvi6gTxnUFz7K4RcRPKlf2M
+xfj/RuXYSzVQq90xO0qmqos0V46kX2WTaBZHzJq6kurk0ogE1iEvtqQaINBwCUwu
+90eAMy9fh5LQlY9DIE/L28wrfvQSsz8NYyVeZpMBHY804yqf9fN4XKC+CkbPmOq6
+H0DFjrlBf4qbPccZX9csM6WK6fBrHUIFpLesi3yn1shAiS+huA==
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/testdata/auth_system/certs_keys_2048/127_0_0_1.key b/tests/testdata/auth_system/certs_keys_2048/127_0_0_1.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAqdqxq5SbM0cB5uysAUT6n7wJCI0P++muvwBwCXq24ezAyHAf
+oi8aDQBNBtUoHhpAAtaf6tmy4DxF0Q6FiOh6cFXCm2Z6kcQTJ0XUKAYOqc893nt2
+4NUAhukZyzbti26oKtGyV2yHIuzyrSXr+e0FPGItryccOvn8VeMtHRmRBsinTjCA
+DtxTx1aGwNAK+r6aP6CMKX4mjN0jXv7bNpDBrmmULtqgka7AB+TM/LnPRQ9+aiGr
+o+59wrsXtQv9dYYd+CUBitWFtr43OOn/PidJGsZf0fhDTbYAiOi1H3el/1yQxssy
+0wfbUOhWRJNBv4ISq4UYdQVnp+yHAPFM7eyP4wIDAQABAoIBAG+Xl90DgEfbIfvG
+iGc5G3OwhTrR+qtl5wHj1rfToK2j7zCAwbe7PGFITlLr3jSQyHdU7LHOH0BFORVV
+dhPxsOd24KlaVbLI4FCQBwfYmu+jkaFG+l5ScsswAFtLlhtiMygWpxXa3pnqlLF/
+VZ7YwvTeB+eoSVrR/J+s5mnU7zxFqwZruVIFAZFio2ohUoQgy8R6vu7MYSTyyv1r
+FtDVCFKacee9SH+oqjG42igni8ZQgrLeMoKOCgnk6m3XR4299m0UlTMGIKgX4KY9
+MfU19swg7qtPuSK48fTMYQ4WsB6vy/JTc9HxuDcJ9A2RbSyz2Fs1JmmvyX7On4eG
+9BikV2kCgYEA4iYtl8Y7gBGJWG3hRHOGqZrEjpBYiNCpeJVbtslXMbn7/+uA20W1
+417pb/SQOpVsZ9VucWoN4+PGJmNNCIp1SpySi4wm1p3CqZipoxNO2OhP4HqsbxUp
+o/PpCy5WHgCi97w/0qE1l6ozASieBEr8DnvizgISdBj6ho8ODsLShY8CgYEAwEZA
+kJlzbD+SZd6DavOHHMI9Tkz4T5uh1WqYpZt6BInWKlE1cQ3GLraOMN4tIv65TQjP
+/vlAU+dGZUKWG6jgS+wmwSxm8jjgrLcBlEYNkvjw1FmPJHpdnP4IIx9cDvzgXAJA
+/s8lFGWe6r7B+oNHxwLrg2KXau5FQY3oDJQWLm0CgYAtxSxVG3nPYb06eIKvJ/KJ
+QRmnAO/qQNEL5q65P+a12b52/WMG/gTiD8OPNSA7uyJFoZzIt344MVFZU5+zqtIy
+V54RQDxcE3HigVNT/gRnQh1ogWuEz/OtiyAPc0FasSZKnX8NUjNWjsvj4CSbGdIJ
+3Gj66NBzTtrlgO6HbkbNYQKBgGFq9smMxhthdlZg0Cr/KkTa8V7bxq/nBa7w7Fh0
+FvV3tOgJ707RkMkYO6Ds4OerMc2jGmdweDRKqLMjcpSfEs3E37neOmadhNBdhNJQ
+UA5YTQT6P3lW+llRqGPLPsRlQXO8vJud7oaQGl2LuxKnM1XU1+jgqiFGihZ1xM2i
+tj5dAoGBALfMjGtCvniElMCzOm2eEDz38IFmqoKYbodMJNRnBIgwKNNwfiVtOb92
+rFa0E3Am24x8q79vD1jeaTYz6k+x7Kxr/gxxdHgfimlr/y8gNrAEITHlQXWH4qZI
+zG+dkqOQ4PUnXMG1jhsxldNK0Ewxz1a0lHiVZp69Hxi2o/8P1dhg
+-----END RSA PRIVATE KEY-----
diff --git a/tests/testdata/auth_system/certs_keys_2048/Gerardus.crt b/tests/testdata/auth_system/certs_keys_2048/Gerardus.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDizCCAnMCFEdZ8j9kbRfXe0Lplt6mtl3il+JXMA0GCSqGSIb3DQEBCwUAMIGI
+MQswCQYDVQQGEwJDQTEPMA0GA1UECAwGQWxhc2thMRIwEAYDVQQHDAlBbmNob3Jh
+Z2UxETAPBgNVBAoMCFFHSVMuT1JHMR4wHAYDVQQDDBVRR0lTIFJvb3QgQ2VydGlm
+aWNhdGUxITAfBgkqhkiG9w0BCQEWEnRlc3RjZXJ0c0BxZ2lzLm9yZzAeFw0yMTAy
+MDExNDQ2MzNaFw0zMTAxMzAxNDQ2MzNaMHsxCzAJBgNVBAYTAkNBMQ8wDQYDVQQI
+DAZBbGFza2ExEjAQBgNVBAcMCUFuY2hvcmFnZTERMA8GA1UECgwIUUdJUy5PUkcx
+ETAPBgNVBAMMCEdlcmFyZHVzMSEwHwYJKoZIhvcNAQkBFhJ0ZXN0Y2VydHNAcWdp
+cy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKMxk5JkcpKKC7
+2YxqtCxLPDQy5Nxum9HFWRiYwfwUwCpqU3u8p/uSntBkD90kUvm+20mVmBCU86QV
+oCUw5jUL/38mo0EP7LIYAWVeJLzaC6hgUcHNlUezDLTt1SU5h32lGaWoRdfhkn67
+8tpT8sjeM+044RQ5OMOfF5GpidRM7DS+7NItT70MsWgj8oERKI0o6pjf9fQvRL6l
+EOToJfBsFgXWzdzJtifrzj+ub+hddlnBPjcDCYwMIaTa3RnmM7uvwtW+6HUJrwl0
+SbAN8HOpze2diooEnTKw9g/At3QXxdFrumm8IIYkW47cuQBzLEmbtGehkYkRTiXm
+hQvei9xNAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABCchsYXhSIzUm6PZLPzahtA
+fUhTEehaP0UcjcB8+amxseQ+6KvySXEDiCt0ZEmuF1xAHeHXdfn0Ipm1iKDu6xH7
+C5yhOM4FR8FmEo2FopW67cwUnm/fozeNtGtk0CXLE9aMO5dVjBV8mxb6aYKptPVr
+Lyq3/dR8PTN/qA0opp+f4CaDtRlKMY7aKNFU4j0CmM6TTnUimbL5wuD49htlEsez
+0OWOwxoPMyacrwzcKQirc5mOKnn323Rv7kN4Ov8C5nLwJ9F3xNNQNOyP0Y6ha33S
+eZNZamJn+XeZJO+TejkVCR/fWML8vZNLCugU2MP4HoYjgzFVzqKvUobvoN8C/Go=
+-----END CERTIFICATE-----
diff --git a/tests/testdata/auth_system/certs_keys_2048/Gerardus.csr b/tests/testdata/auth_system/certs_keys_2048/Gerardus.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICwDCCAagCAQAwezELMAkGA1UEBhMCQ0ExDzANBgNVBAgMBkFsYXNrYTESMBAG
+A1UEBwwJQW5jaG9yYWdlMREwDwYDVQQKDAhRR0lTLk9SRzERMA8GA1UEAwwIR2Vy
+YXJkdXMxITAfBgkqhkiG9w0BCQEWEnRlc3RjZXJ0c0BxZ2lzLm9yZzCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMozGTkmRykooLvZjGq0LEs8NDLk3G6b
+0cVZGJjB/BTAKmpTe7yn+5Ke0GQP3SRS+b7bSZWYEJTzpBWgJTDmNQv/fyajQQ/s
+shgBZV4kvNoLqGBRwc2VR7MMtO3VJTmHfaUZpahF1+GSfrvy2lPyyN4z7TjhFDk4
+w58XkamJ1EzsNL7s0i1PvQyxaCPygREojSjqmN/19C9EvqUQ5Ogl8GwWBdbN3Mm2
+J+vOP65v6F12WcE+NwMJjAwhpNrdGeYzu6/C1b7odQmvCXRJsA3wc6nN7Z2KigSd
+MrD2D8C3dBfF0Wu6abwghiRbjty5AHMsSZu0Z6GRiRFOJeaFC96L3E0CAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQChvbZHmbPT7inEg1udfaageL9ATCACEy5qEdeE
+LmK9NrKiHk+mnm05xgsAyymRyPflgXN7CzuzEHrsVebbgSzVrkFaR/XJfbdjWgHA
+V9j6lBtvqHnwj2jRaRRUSwEqkXM0WVk8o3Zpm5f8swOfUvIwF7PZyROOM0PKZYqH
+cjiWN9WseuF5+jnN4+Q0AFT7jXYWcab0gu/0ERJNM08lAmNF5z0zq6gb/M5d2EJl
+J7ZV8XMwPQ0XH0PvZYmC1vLOaA35zQqYFR2jCsuJRTNyEIjdu8FfLqPyjsz2IQ5h
+3TSIpzSLwYWIsz89INf4sddYOhe/Wnk3hehirXnjqblxkEGV
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/testdata/auth_system/certs_keys_2048/Gerardus.key b/tests/testdata/auth_system/certs_keys_2048/Gerardus.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAyjMZOSZHKSigu9mMarQsSzw0MuTcbpvRxVkYmMH8FMAqalN7
+vKf7kp7QZA/dJFL5vttJlZgQlPOkFaAlMOY1C/9/JqNBD+yyGAFlXiS82guoYFHB
+zZVHswy07dUlOYd9pRmlqEXX4ZJ+u/LaU/LI3jPtOOEUOTjDnxeRqYnUTOw0vuzS
+LU+9DLFoI/KBESiNKOqY3/X0L0S+pRDk6CXwbBYF1s3cybYn684/rm/oXXZZwT43
+AwmMDCGk2t0Z5jO7r8LVvuh1Ca8JdEmwDfBzqc3tnYqKBJ0ysPYPwLd0F8XRa7pp
+vCCGJFuO3LkAcyxJm7RnoZGJEU4l5oUL3ovcTQIDAQABAoIBAQCSWZfZGI6LCOAF
+9zk+BjjFH8c8SxANcvTLHWjDMCzPrCNHIDPAYemhvxdgRWcvomsnrDq/bvgZh5tt
+F6Ozl/wvOfeDNMijyRNCcsg28upJ/AQb6zEWJwVlYD4Yopy13g6gEEcp25ucplba
+nLVP67tdsUHzWF416JMWtI12o88o+Mgqq1IErlnJ6bUrl96e5pVN7GKLvOO4+3/C
+iUFDRudBd7S4ZyXiNB93jb5coxjkbW5Yy8o2sdW0TZvaRpB0cGmAg6zn2tWxo+Ga
+MIF+LJN8Zoh1ThNlfO0LQvCSZIp+d+uHx/ZkSDFesQnldVsJivnfy37nvj8GvNEs
+AjpHwCChAoGBAPQ8OSJvT3e84oQn+dHVDAO8vv4+bGuNSvCScvO1JqjpxCwdESif
+tURhpH1e8inLnvCNpDc7IWy3hQKWFyw/XO6K1l0QP+jz8I2wJo0CISUnuqshbonz
+uyXr1nZ2DF1e1n4cwcZkuqogkHKckT3YpM+B9M24OEDLnvwnx3UPduaZAoGBANPw
+g7nuc7qGUxYPYjrPQtkWlq+boXdfzyImc0lX3hzd0XrTmt/s4OzNba3PqgMRtn8p
+AFsdXaBEIM63waJGFbwD1wsqlRwzOVjXu4/lqLXN2jiX3jEPnO3vzqm6jMv7M154
+hj7L7dnyzUg4tjD/NoLSuUnbzqYn8slEMSPCQFfVAoGAb8++TGBvHh8QCHaQrRp+
+1JstSRHk6twVictR6vZsy3mxwIxSFan//11AQ9Eaxj2c9v2xR0O/ypi9wPBbjXs4
+nVBcUOCmkYxT/Vm+XGG0MOFeWQgGJgu6CuNMHJFwmbJYOgYKRDxLJKWh24aIC6tJ
+0GHrY97JighuMXw4mQPKaEkCgYBdPvqVuWXNcP/pOsd7HGlK3fdaN9zoioy1d7lN
+UY11odpices4Dh4/0Xop+K3SP97NP5rae6cPtinBCXP2E2PInt/kF84W5Cqc/f2V
+p/N8WZ9jOt4VM8tVnCaO4nbD4DePnvNheZOiSoMq/VibYg33rQK8jirzS6w0BP6h
+vvtUKQKBgB+3wcZvdHU+SHJ6BGiYm0POZqz3+//9wVSFDObWSt9DPYbjFuWA52HH
+MYY/ggtV5DoZbAcFqU47rRWTd9I1U4PYr/CocoHB7DhNq3QxG3EegJpfw7H+pDrC
+qrbNfRzZL6VFh+RHA21jEDmRPTG9jg260jRQ+SOOMvrkdT1kNtSt
+-----END RSA PRIVATE KEY-----