-
-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[auth] Update test certs/keys and add README
* Add expired root/issuer CAs and client cert chains * Add wildcard server *.qgis.test SSL cert [ci skip]
- Loading branch information
Showing
40 changed files
with
1,077 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
# QGIS Test Certificates/Keys | ||
|
||
The certs/keys are generated/edited using **XCA** (see xca-project directory): | ||
|
||
https://sourceforge.net/projects/xca/ | ||
|
||
The Java keystore files are generated/edited using **KeyStore Explorer**: | ||
|
||
http://keystore-explorer.sourceforge.net/ | ||
|
||
|
||
The default password for the encrypted XCA project and Java keystore files is | ||
**password**. The certificate signing structure can be reviewed in | ||
`cert_heirarchy_8bit.png`. | ||
|
||
**WARNING**: These components are just for testing and should _NOT_ be used | ||
in a production environment. | ||
|
||
*NOTE*: The `.[crt|pem]` choice for files (below) is because some applications | ||
filter file open dialogs to specific extensions, e.g. pgAdmin3 always filters | ||
`.crt` or `.key` and QGIS generally filters on `.pem`. | ||
|
||
## Certificate Signing Hierarchy | ||
|
||
![Certs tree](cert_heirarchy_8bit.png) | ||
|
||
## Client Certificates/Keys | ||
|
||
* User certs: `[user]-cert.[crt|pem]` | ||
|
||
* User certs, with CA chain: `[user]-cert_w-chain_.[crt|pem]` | ||
|
||
* User keys: `[user]-key.[key|pem]` | ||
|
||
* User encrypted keys: `[user]-key_w-pass_.[key|pem]` | ||
|
||
* Combined user certs/keys: `[user].p12` | ||
|
||
* Combined user certs/keys, with CA chain: `[user]_w-chain_.p12` | ||
|
||
The default password for encrypted client keys is **password**. | ||
|
||
## Client-side Certificate Authorities | ||
|
||
* Root CA for all servers (below): `root-ca-cert.[crt|pem]` | ||
|
||
The test root cert for all server certs is self-signed. You will need to have | ||
this CA _trusted_ in your OS's or application's cert/key store or passed during | ||
connections, so as to validate the cert of the connected server. | ||
|
||
* Concatenated intermediates/roots: `qgis_intermediates.[crt|pem]`, | ||
`qgis_roots.[crt|pem]` | ||
|
||
Example use of concatenated files: load roots into OS certificate store and set | ||
them to trusted; import intermediates into QGIS Certificate Manager; then, add | ||
client cert/key bundles to authentication configurations. | ||
|
||
See **Client _hosts_ file configuration** below for configuring non-DNS host | ||
resolution for the test server connections. | ||
|
||
## Server Certificates/Keys | ||
|
||
Two certificates are available for general SSL/TLS servers: | ||
|
||
* `localhost_ssl_[cert|key].[crt|pem]` for **localhost** test servers | ||
accessed from the same host. | ||
|
||
* `wildcard-ssl_qgis-test_[cert|key].[crt|pem]` provides for | ||
**\*.qgis.test** domains, e.g. `whatever.qgis.test` or | ||
`qgis.test`, for testing non-localhost connections. Services are | ||
on different test machines, e.g. Docker containers. | ||
|
||
All server cert/key bundles have variants that include CA chains and .p12 files. | ||
|
||
The default password for encrypted server keys is **password**. | ||
|
||
All SSL certs are signed under `chain_issuer-root.[crt|pem]` certificate chain. | ||
|
||
### Client _hosts_ file configuration | ||
|
||
Domains of the non-localhost certificates can be associated locally for an IP | ||
address of a remote test server or an (essentially remote) VM or docker | ||
container using the host OS's `hosts` file. This setup allows for testing where | ||
a remote _localhost_ domain or and IP address will result in a 'hostname | ||
mismatch' SSL error from clients. | ||
|
||
Example entries in `hosts` file: | ||
|
||
<docker-container-on-linux-ip> geoserver.qgis.test | ||
<another-docker-container-on-linux-ip> gwc.qgis.test | ||
<some-docker-machine-ip> postgis.qgis.test | ||
|
||
### Server-side client validation | ||
|
||
When a server validates client certificates, some client certs maybe be signed | ||
by the `QGIS Test Root 2 CA`, which is not the same as the root self-signed | ||
CA for the server certificates (`QGIS Test Root CA`). This is similar to | ||
enterprise PKI setups where client certs are signed by a different root CA than | ||
the server. | ||
|
||
Add the root and intermediate chains to the server's configuration, so that such | ||
clients can be authenticated. (This setup is already pre-configured in the Java | ||
keystore file.) | ||
|
||
* Concatenated cert of all _valid_ CA chains: | ||
`chains_subissuer-issuer-root_issuer2-root2.[crt|pem]` |
Binary file modified
BIN
+21.9 KB
(180%)
tests/testdata/auth_system/certs_keys/cert_heirarchy_8bit.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
48 changes: 48 additions & 0 deletions
48
tests/testdata/auth_system/certs_keys/chain_issuer-root.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIEFTCCA36gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx | ||
DzANBgNVBAgTBkFsYXNrYTESMBAGA1UEBxMJQW5jaG9yYWdlMRUwEwYDVQQKEwxR | ||
R0lTIFRlc3QgQ0ExHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEaMBgG | ||
A1UEAxMRUUdJUyBUZXN0IFJvb3QgQ0ExIDAeBgkqhkiG9w0BCQEWEXRlc3RjZXJ0 | ||
QHFnaXMub3JnMB4XDTE1MDYyMzAwMDAwMFoXDTI1MDYyMjIzNTk1OVowgakxCzAJ | ||
BgNVBAYTAlVTMQ8wDQYDVQQIEwZBbGFza2ExEjAQBgNVBAcTCUFuY2hvcmFnZTEV | ||
MBMGA1UEChMMUUdJUyBUZXN0IENBMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRo | ||
b3JpdHkxHDAaBgNVBAMTE1FHSVMgVGVzdCBJc3N1ZXIgQ0ExIDAeBgkqhkiG9w0B | ||
CQEWEXRlc3RjZXJ0QHFnaXMub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB | ||
gQDtww6peeGANmz0ltmvhnv5e0sNAeLYrySpTBzYcLCA3nptlKyPThpBkcy+whLD | ||
z/kKv876l9h4I5R2JCSKEDGNDN4XF+Sc6qXumXQ4ZUwkyZh4k1LkGy8jHmWZHWYj | ||
0qnaqraupTKvGmLdeWoUgN4ofm6kAZJM/y6Ox14eUE9RDQIDAQABo4IBSzCCAUcw | ||
DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUuVKjlsjIdCX/Vlw2CjVFBvyB+Uow | ||
gdQGA1UdIwSBzDCByYAUAcssIcaDkz29/6pVsXDEZC7yL3ahga2kgaowgacxCzAJ | ||
BgNVBAYTAlVTMQ8wDQYDVQQIEwZBbGFza2ExEjAQBgNVBAcTCUFuY2hvcmFnZTEV | ||
MBMGA1UEChMMUUdJUyBUZXN0IENBMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRo | ||
b3JpdHkxGjAYBgNVBAMTEVFHSVMgVGVzdCBSb290IENBMSAwHgYJKoZIhvcNAQkB | ||
FhF0ZXN0Y2VydEBxZ2lzLm9yZ4IBATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEB | ||
BAQDAgAHMB4GCWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwDQYJKoZIhvcN | ||
AQELBQADgYEAmRQFTK+52IVItHrd6xpPrB0uPvZ5iSp2iAbxYj8M0qLu1f8iVyCv | ||
ZbbzByCEWheSdsXRGT+Xdc+RZ9eRzkt1Rm+CgPow865SpXYKnwZSZP6O5qL/uPyJ | ||
DBtk3Txn3J/ZxKxIC1F9dHsWh32AtfmB2b4YVP1I411RgIDDP5bpClY= | ||
-----END CERTIFICATE----- | ||
-----BEGIN CERTIFICATE----- | ||
MIIEEzCCA3ygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx | ||
DzANBgNVBAgTBkFsYXNrYTESMBAGA1UEBxMJQW5jaG9yYWdlMRUwEwYDVQQKEwxR | ||
R0lTIFRlc3QgQ0ExHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEaMBgG | ||
A1UEAxMRUUdJUyBUZXN0IFJvb3QgQ0ExIDAeBgkqhkiG9w0BCQEWEXRlc3RjZXJ0 | ||
QHFnaXMub3JnMB4XDTE1MDYyMzAwMDAwMFoXDTI1MDYyMjIzNTk1OVowgacxCzAJ | ||
BgNVBAYTAlVTMQ8wDQYDVQQIEwZBbGFza2ExEjAQBgNVBAcTCUFuY2hvcmFnZTEV | ||
MBMGA1UEChMMUUdJUyBUZXN0IENBMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRo | ||
b3JpdHkxGjAYBgNVBAMTEVFHSVMgVGVzdCBSb290IENBMSAwHgYJKoZIhvcNAQkB | ||
FhF0ZXN0Y2VydEBxZ2lzLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA | ||
x+pGQDALrOlI4ekKGowqBoL0XN10YEtI2VPdkHoH4+fr3DYoVkZn7jR7vJKi03+s | ||
5UXl0g8RTw1YvATw5aCDcFgWu42XdZgMqH+z7jifs/rT7PUdZwOOCpRPt5LwQcKY | ||
8Di8zIds6eEZH3BdjO3CTDK87U9hOT+GAo9frn7YrFkCAwEAAaOCAUswggFHMA8G | ||
A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAHLLCHGg5M9vf+qVbFwxGQu8i92MIHU | ||
BgNVHSMEgcwwgcmAFAHLLCHGg5M9vf+qVbFwxGQu8i92oYGtpIGqMIGnMQswCQYD | ||
VQQGEwJVUzEPMA0GA1UECBMGQWxhc2thMRIwEAYDVQQHEwlBbmNob3JhZ2UxFTAT | ||
BgNVBAoTDFFHSVMgVGVzdCBDQTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9y | ||
aXR5MRowGAYDVQQDExFRR0lTIFRlc3QgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYR | ||
dGVzdGNlcnRAcWdpcy5vcmeCAQEwCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE | ||
AwIABzAeBglghkgBhvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMA0GCSqGSIb3DQEB | ||
CwUAA4GBAGk9qY01w5g2zuWWrwzrTzr6SFpykoMPG3sdvDLuXg3IWoQ2FX+ezwxh | ||
erwIb2wMbRnGDr6fHD5dEnLP6OeOTQ114l1FOGJtaxllwK5opGoR4c88rKpQ+1pn | ||
PMLPNyGv0Ju5vbsXHO+4ZmJdxx0DMeRIuRQnRDN/t24JuPV89hnY | ||
-----END CERTIFICATE----- |
48 changes: 48 additions & 0 deletions
48
tests/testdata/auth_system/certs_keys/chain_issuer3-root3-EXPIRED.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIEGDCCA4GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBqDELMAkGA1UEBhMCVVMx | ||
DzANBgNVBAgTBkFsYXNrYTESMBAGA1UEBxMJQW5jaG9yYWdlMRUwEwYDVQQKEwxR | ||
R0lTIFRlc3QgQ0ExHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEbMBkG | ||
A1UEAxMSUUdJUyBUZXN0IFJvb3QzIENBMSAwHgYJKoZIhvcNAQkBFhF0ZXN0Y2Vy | ||
dEBxZ2lzLm9yZzAeFw0xNzEwMjYwMDAwMDBaFw0yNzEwMjUyMzU5NTlaMIGqMQsw | ||
CQYDVQQGEwJVUzEPMA0GA1UECBMGQWxhc2thMRIwEAYDVQQHEwlBbmNob3JhZ2Ux | ||
FTATBgNVBAoTDFFHSVMgVGVzdCBDQTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0 | ||
aG9yaXR5MR0wGwYDVQQDExRRR0lTIFRlc3QgSXNzdWVyMyBDQTEgMB4GCSqGSIb3 | ||
DQEJARYRdGVzdGNlcnRAcWdpcy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ | ||
AoGBAMehSnlR6O29ETPHPuaLV9gD41CzHNGX+XzSNzxAsEctUMneW7k/GWKGxzdE | ||
1Omr2HKhAYqvAyyxWqUdBK6/EyG5GPVO+78ST6LsxcVqBzq1EtmU6IOE1TEJeTvp | ||
bUa9/Ax4MXo6P/w1P0K8rVU41Y3LYWKbejBZ/cf6/pSlETGBAgMBAAGjggFMMIIB | ||
SDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQdhGgsxRWn2G8phaKYK0H5eC/l | ||
djCB1QYDVR0jBIHNMIHKgBQMt4BGFGeKsamVrKDLKmgNk7XseKGBrqSBqzCBqDEL | ||
MAkGA1UEBhMCVVMxDzANBgNVBAgTBkFsYXNrYTESMBAGA1UEBxMJQW5jaG9yYWdl | ||
MRUwEwYDVQQKEwxRR0lTIFRlc3QgQ0ExHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1 | ||
dGhvcml0eTEbMBkGA1UEAxMSUUdJUyBUZXN0IFJvb3QzIENBMSAwHgYJKoZIhvcN | ||
AQkBFhF0ZXN0Y2VydEBxZ2lzLm9yZ4IBATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4 | ||
QgEBBAQDAgAHMB4GCWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwDQYJKoZI | ||
hvcNAQELBQADgYEAS11m+aZIlQD135V2zEqCcRaIn8SAHZVwi3gj1BWtpWhOVNPb | ||
tnt1SyiYvrxJxyvXgNrXhQMX4/+LhwtwOb9cXSYJvcFC0ILiVMkZwXSQmEAwitTq | ||
Ht2h5w+o+rAU/zNHt4j1JPTcjLGa4vkmXrAikckCth5sThS9Cw/dqtn0cSg= | ||
-----END CERTIFICATE----- | ||
-----BEGIN CERTIFICATE----- | ||
MIIEFjCCA3+gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBqDELMAkGA1UEBhMCVVMx | ||
DzANBgNVBAgTBkFsYXNrYTESMBAGA1UEBxMJQW5jaG9yYWdlMRUwEwYDVQQKEwxR | ||
R0lTIFRlc3QgQ0ExHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEbMBkG | ||
A1UEAxMSUUdJUyBUZXN0IFJvb3QzIENBMSAwHgYJKoZIhvcNAQkBFhF0ZXN0Y2Vy | ||
dEBxZ2lzLm9yZzAeFw0xNzEwMjUyMDQ5MDBaFw0xNzEwMjYyMDQ5MDBaMIGoMQsw | ||
CQYDVQQGEwJVUzEPMA0GA1UECBMGQWxhc2thMRIwEAYDVQQHEwlBbmNob3JhZ2Ux | ||
FTATBgNVBAoTDFFHSVMgVGVzdCBDQTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0 | ||
aG9yaXR5MRswGQYDVQQDExJRR0lTIFRlc3QgUm9vdDMgQ0ExIDAeBgkqhkiG9w0B | ||
CQEWEXRlc3RjZXJ0QHFnaXMub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB | ||
gQDCMN4fI3xUoXBLkmpVMRb3oPeuwowPJNNKaCwOja7W0wM3aXlSnAEW5ExeZ4x0 | ||
2OkH2UPAXpj66/CFYejKMqkBYJURY+Riv5iQNKirZqt2JLSIi94LpX/zHWyUQ5MC | ||
9DLkreJZXxAl/xx4+4qBzdk/qeHnT48rbDbemzl69bNo4QIDAQABo4IBTDCCAUgw | ||
DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUDLeARhRnirGplaygyypoDZO17Hgw | ||
gdUGA1UdIwSBzTCByoAUDLeARhRnirGplaygyypoDZO17Hihga6kgaswgagxCzAJ | ||
BgNVBAYTAlVTMQ8wDQYDVQQIEwZBbGFza2ExEjAQBgNVBAcTCUFuY2hvcmFnZTEV | ||
MBMGA1UEChMMUUdJUyBUZXN0IENBMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRo | ||
b3JpdHkxGzAZBgNVBAMTElFHSVMgVGVzdCBSb290MyBDQTEgMB4GCSqGSIb3DQEJ | ||
ARYRdGVzdGNlcnRAcWdpcy5vcmeCAQEwCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIB | ||
AQQEAwIABzAeBglghkgBhvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMA0GCSqGSIb3 | ||
DQEBCwUAA4GBAExFo3WYLf5TlRN/XhSyAI67pu70l0vjqhQba/B6K2Y77ottPGgB | ||
gDQobZsLOgUFmUq7xWW3MqAL5zmV7BrW4axgDS7eLU25BKB99H9WFLRhG/mfWS6V | ||
3rWQ0V9wQv2Xrv84OzQ1aAI7FLn0DuqDPH0wtxHsFy4XvfbJfswShA9l | ||
-----END CERTIFICATE----- |
48 changes: 48 additions & 0 deletions
48
tests/testdata/auth_system/certs_keys/chain_issuer4-EXPIRED-root2.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIEGDCCA4GgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBqDELMAkGA1UEBhMCVVMx | ||
DzANBgNVBAgTBkFsYXNrYTESMBAGA1UEBxMJQW5jaG9yYWdlMRUwEwYDVQQKEwxR | ||
R0lTIFRlc3QgQ0ExHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEbMBkG | ||
A1UEAxMSUUdJUyBUZXN0IFJvb3QyIENBMSAwHgYJKoZIhvcNAQkBFhF0ZXN0Y2Vy | ||
dEBxZ2lzLm9yZzAeFw0xNzEwMjUwMDAwMDBaFw0xNzEwMjUyMzU5NTlaMIGqMQsw | ||
CQYDVQQGEwJVUzEPMA0GA1UECBMGQWxhc2thMRIwEAYDVQQHEwlBbmNob3JhZ2Ux | ||
FTATBgNVBAoTDFFHSVMgVGVzdCBDQTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0 | ||
aG9yaXR5MR0wGwYDVQQDExRRR0lTIFRlc3QgSXNzdWVyNCBDQTEgMB4GCSqGSIb3 | ||
DQEJARYRdGVzdGNlcnRAcWdpcy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ | ||
AoGBAOE5AfbI1F+aeLu1eYsRFOQ6njgP0veX11SgxAH1yHVQz11hHVGxyIpQXvi9 | ||
qBev6t8ws04r6+/RCHG0vubCt417sew/1KznbmyogEPM5iJIPzpkN4aQtSDewhKt | ||
z50isnRbiT210L+lGNVUK1S+/q/6m+P7JwvnCK+6TIH0uaZlAgMBAAGjggFMMIIB | ||
SDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ47C4Kj9OWRa8BPyI+JVwQXh8z | ||
XjCB1QYDVR0jBIHNMIHKgBRdExE4hW14Iuemn2zXIjDd3ccWH6GBrqSBqzCBqDEL | ||
MAkGA1UEBhMCVVMxDzANBgNVBAgTBkFsYXNrYTESMBAGA1UEBxMJQW5jaG9yYWdl | ||
MRUwEwYDVQQKEwxRR0lTIFRlc3QgQ0ExHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1 | ||
dGhvcml0eTEbMBkGA1UEAxMSUUdJUyBUZXN0IFJvb3QyIENBMSAwHgYJKoZIhvcN | ||
AQkBFhF0ZXN0Y2VydEBxZ2lzLm9yZ4IBATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4 | ||
QgEBBAQDAgAHMB4GCWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwDQYJKoZI | ||
hvcNAQELBQADgYEAEol4EZmhyBPx9YeclazweAdfF6pMykk4VXtqLLz3SiQ3vIxh | ||
pk3EeLLKentgWSkdBDwITb6iVufohWxcOXnA3L/QJiWfNEFhWwWD6HeMLo7X/9rW | ||
Sv8mCa6LPbRnhBBvhlYD+dJ36SMkOHe7pnSwqDqEygXsaI7wdgHCMojzIPI= | ||
-----END CERTIFICATE----- | ||
-----BEGIN CERTIFICATE----- | ||
MIIEFjCCA3+gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBqDELMAkGA1UEBhMCVVMx | ||
DzANBgNVBAgTBkFsYXNrYTESMBAGA1UEBxMJQW5jaG9yYWdlMRUwEwYDVQQKEwxR | ||
R0lTIFRlc3QgQ0ExHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEbMBkG | ||
A1UEAxMSUUdJUyBUZXN0IFJvb3QyIENBMSAwHgYJKoZIhvcNAQkBFhF0ZXN0Y2Vy | ||
dEBxZ2lzLm9yZzAeFw0xNTA2MjMwMDAwMDBaFw0yNTA2MjIyMzU5NTlaMIGoMQsw | ||
CQYDVQQGEwJVUzEPMA0GA1UECBMGQWxhc2thMRIwEAYDVQQHEwlBbmNob3JhZ2Ux | ||
FTATBgNVBAoTDFFHSVMgVGVzdCBDQTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0 | ||
aG9yaXR5MRswGQYDVQQDExJRR0lTIFRlc3QgUm9vdDIgQ0ExIDAeBgkqhkiG9w0B | ||
CQEWEXRlc3RjZXJ0QHFnaXMub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB | ||
gQCTGYrjANI8eSNEk+1ddRsJy/OFaDqJPyRydl37usVYWqyf52SItFIMJvDGvM4u | ||
8W/kFIvp2otHTeXWdmGCfc+j5H0Im3noqawT319GaTR929Uqp89GZYWYrIjTnZmS | ||
3i0ER4evmvPh+/zHT5slCCF0/vUCjJlEJP5AFXX+rc50PQIDAQABo4IBTDCCAUgw | ||
DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUXRMROIVteCLnpp9s1yIw3d3HFh8w | ||
gdUGA1UdIwSBzTCByoAUXRMROIVteCLnpp9s1yIw3d3HFh+hga6kgaswgagxCzAJ | ||
BgNVBAYTAlVTMQ8wDQYDVQQIEwZBbGFza2ExEjAQBgNVBAcTCUFuY2hvcmFnZTEV | ||
MBMGA1UEChMMUUdJUyBUZXN0IENBMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRo | ||
b3JpdHkxGzAZBgNVBAMTElFHSVMgVGVzdCBSb290MiBDQTEgMB4GCSqGSIb3DQEJ | ||
ARYRdGVzdGNlcnRAcWdpcy5vcmeCAQEwCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIB | ||
AQQEAwIABzAeBglghkgBhvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMA0GCSqGSIb3 | ||
DQEBCwUAA4GBAEQK4s64LRrucB050zdfJh122CyLnhYBCTO2CO8g4lBE9j7hnEa5 | ||
1PuuDf+fjoSmXeWAtoxvUbNl9r4fIjw7ES6RfmMO+fusl+hvwk03i+QbNDZ2d7dh | ||
p9EaQQLeJqSy5UkQFPKoMzdIwf+2PuF9CF1POgWoFKtMVnG7DPoRH3W4 | ||
-----END CERTIFICATE----- |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIECDCCA3GgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBqjELMAkGA1UEBhMCVVMx | ||
DzANBgNVBAgTBkFsYXNrYTESMBAGA1UEBxMJQW5jaG9yYWdlMRUwEwYDVQQKEwxR | ||
R0lTIFRlc3QgQ0ExHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEdMBsG | ||
A1UEAxMUUUdJUyBUZXN0IElzc3VlcjQgQ0ExIDAeBgkqhkiG9w0BCQEWEXRlc3Rj | ||
ZXJ0QHFnaXMub3JnMB4XDTE3MTAyNjAwMDAwMFoXDTI3MTAyNTIzNTk1OVowgZsx | ||
CzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZBbGFza2ExEjAQBgNVBAcTCUFuY2hvcmFn | ||
ZTEVMBMGA1UEChMMUUdJUyBUZXN0IENBMRswGQYDVQQLExJDbGllbnQgQ2VydGlm | ||
aWNhdGUxETAPBgNVBAMTCEhlbnJpY3VzMSAwHgYJKoZIhvcNAQkBFhF0ZXN0Y2Vy | ||
dEBxZ2lzLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtKxo9N/JAy26 | ||
ZjM5XBM1G6FseHqCfbelLB/MHdZmTCyDN9owstKpxLACpbOeUORo3RfOp+g+6p5z | ||
MwquHIccTRKjKXzAAeJyiqlSmr0JAzzFck1FR9XloX+QsTTT67+APcCPYViD+/cN | ||
4TG1V18slNu1YC14jhcRiUlVaocb7GUCAwEAAaOCAUkwggFFMAwGA1UdEwEB/wQC | ||
MAAwHQYDVR0OBBYEFIcu1B5X7ha0sNGUoTXi8E4dUtEXMIHVBgNVHSMEgc0wgcqA | ||
FDjsLgqP05ZFrwE/Ij4lXBBeHzNeoYGupIGrMIGoMQswCQYDVQQGEwJVUzEPMA0G | ||
A1UECBMGQWxhc2thMRIwEAYDVQQHEwlBbmNob3JhZ2UxFTATBgNVBAoTDFFHSVMg | ||
VGVzdCBDQTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQD | ||
ExJRR0lTIFRlc3QgUm9vdDIgQ0ExIDAeBgkqhkiG9w0BCQEWEXRlc3RjZXJ0QHFn | ||
aXMub3JnggEDMAsGA1UdDwQEAwIEsDARBglghkgBhvhCAQEEBAMCBaAwHgYJYIZI | ||
AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOBgQAgC4h8 | ||
lvqL1tqAP82tfcsowC6NQgtkcsJc57yfS07VcR04HPPq7y5MO2HkL98ND14j4u92 | ||
QYSAj3NATCtJ4UitOSl9hzjughtlDlGzKo512nLfMTiFkPhUm0x0nhTkIbuoxwpH | ||
wRSpNyc4ZQbK2fXYX3uff7/kjoAZaqyrDP3DQw== | ||
-----END CERTIFICATE----- |
72 changes: 72 additions & 0 deletions
72
tests/testdata/auth_system/certs_keys/henricus_cert_w-chain-EXPIRED.pem
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIECDCCA3GgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBqjELMAkGA1UEBhMCVVMx | ||
DzANBgNVBAgTBkFsYXNrYTESMBAGA1UEBxMJQW5jaG9yYWdlMRUwEwYDVQQKEwxR | ||
R0lTIFRlc3QgQ0ExHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEdMBsG | ||
A1UEAxMUUUdJUyBUZXN0IElzc3VlcjQgQ0ExIDAeBgkqhkiG9w0BCQEWEXRlc3Rj | ||
ZXJ0QHFnaXMub3JnMB4XDTE3MTAyNjAwMDAwMFoXDTI3MTAyNTIzNTk1OVowgZsx | ||
CzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZBbGFza2ExEjAQBgNVBAcTCUFuY2hvcmFn | ||
ZTEVMBMGA1UEChMMUUdJUyBUZXN0IENBMRswGQYDVQQLExJDbGllbnQgQ2VydGlm | ||
aWNhdGUxETAPBgNVBAMTCEhlbnJpY3VzMSAwHgYJKoZIhvcNAQkBFhF0ZXN0Y2Vy | ||
dEBxZ2lzLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtKxo9N/JAy26 | ||
ZjM5XBM1G6FseHqCfbelLB/MHdZmTCyDN9owstKpxLACpbOeUORo3RfOp+g+6p5z | ||
MwquHIccTRKjKXzAAeJyiqlSmr0JAzzFck1FR9XloX+QsTTT67+APcCPYViD+/cN | ||
4TG1V18slNu1YC14jhcRiUlVaocb7GUCAwEAAaOCAUkwggFFMAwGA1UdEwEB/wQC | ||
MAAwHQYDVR0OBBYEFIcu1B5X7ha0sNGUoTXi8E4dUtEXMIHVBgNVHSMEgc0wgcqA | ||
FDjsLgqP05ZFrwE/Ij4lXBBeHzNeoYGupIGrMIGoMQswCQYDVQQGEwJVUzEPMA0G | ||
A1UECBMGQWxhc2thMRIwEAYDVQQHEwlBbmNob3JhZ2UxFTATBgNVBAoTDFFHSVMg | ||
VGVzdCBDQTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQD | ||
ExJRR0lTIFRlc3QgUm9vdDIgQ0ExIDAeBgkqhkiG9w0BCQEWEXRlc3RjZXJ0QHFn | ||
aXMub3JnggEDMAsGA1UdDwQEAwIEsDARBglghkgBhvhCAQEEBAMCBaAwHgYJYIZI | ||
AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOBgQAgC4h8 | ||
lvqL1tqAP82tfcsowC6NQgtkcsJc57yfS07VcR04HPPq7y5MO2HkL98ND14j4u92 | ||
QYSAj3NATCtJ4UitOSl9hzjughtlDlGzKo512nLfMTiFkPhUm0x0nhTkIbuoxwpH | ||
wRSpNyc4ZQbK2fXYX3uff7/kjoAZaqyrDP3DQw== | ||
-----END CERTIFICATE----- | ||
-----BEGIN CERTIFICATE----- | ||
MIIEGDCCA4GgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBqDELMAkGA1UEBhMCVVMx | ||
DzANBgNVBAgTBkFsYXNrYTESMBAGA1UEBxMJQW5jaG9yYWdlMRUwEwYDVQQKEwxR | ||
R0lTIFRlc3QgQ0ExHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEbMBkG | ||
A1UEAxMSUUdJUyBUZXN0IFJvb3QyIENBMSAwHgYJKoZIhvcNAQkBFhF0ZXN0Y2Vy | ||
dEBxZ2lzLm9yZzAeFw0xNzEwMjUwMDAwMDBaFw0xNzEwMjUyMzU5NTlaMIGqMQsw | ||
CQYDVQQGEwJVUzEPMA0GA1UECBMGQWxhc2thMRIwEAYDVQQHEwlBbmNob3JhZ2Ux | ||
FTATBgNVBAoTDFFHSVMgVGVzdCBDQTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0 | ||
aG9yaXR5MR0wGwYDVQQDExRRR0lTIFRlc3QgSXNzdWVyNCBDQTEgMB4GCSqGSIb3 | ||
DQEJARYRdGVzdGNlcnRAcWdpcy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ | ||
AoGBAOE5AfbI1F+aeLu1eYsRFOQ6njgP0veX11SgxAH1yHVQz11hHVGxyIpQXvi9 | ||
qBev6t8ws04r6+/RCHG0vubCt417sew/1KznbmyogEPM5iJIPzpkN4aQtSDewhKt | ||
z50isnRbiT210L+lGNVUK1S+/q/6m+P7JwvnCK+6TIH0uaZlAgMBAAGjggFMMIIB | ||
SDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ47C4Kj9OWRa8BPyI+JVwQXh8z | ||
XjCB1QYDVR0jBIHNMIHKgBRdExE4hW14Iuemn2zXIjDd3ccWH6GBrqSBqzCBqDEL | ||
MAkGA1UEBhMCVVMxDzANBgNVBAgTBkFsYXNrYTESMBAGA1UEBxMJQW5jaG9yYWdl | ||
MRUwEwYDVQQKEwxRR0lTIFRlc3QgQ0ExHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1 | ||
dGhvcml0eTEbMBkGA1UEAxMSUUdJUyBUZXN0IFJvb3QyIENBMSAwHgYJKoZIhvcN | ||
AQkBFhF0ZXN0Y2VydEBxZ2lzLm9yZ4IBATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4 | ||
QgEBBAQDAgAHMB4GCWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwDQYJKoZI | ||
hvcNAQELBQADgYEAEol4EZmhyBPx9YeclazweAdfF6pMykk4VXtqLLz3SiQ3vIxh | ||
pk3EeLLKentgWSkdBDwITb6iVufohWxcOXnA3L/QJiWfNEFhWwWD6HeMLo7X/9rW | ||
Sv8mCa6LPbRnhBBvhlYD+dJ36SMkOHe7pnSwqDqEygXsaI7wdgHCMojzIPI= | ||
-----END CERTIFICATE----- | ||
-----BEGIN CERTIFICATE----- | ||
MIIEFjCCA3+gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBqDELMAkGA1UEBhMCVVMx | ||
DzANBgNVBAgTBkFsYXNrYTESMBAGA1UEBxMJQW5jaG9yYWdlMRUwEwYDVQQKEwxR | ||
R0lTIFRlc3QgQ0ExHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEbMBkG | ||
A1UEAxMSUUdJUyBUZXN0IFJvb3QyIENBMSAwHgYJKoZIhvcNAQkBFhF0ZXN0Y2Vy | ||
dEBxZ2lzLm9yZzAeFw0xNTA2MjMwMDAwMDBaFw0yNTA2MjIyMzU5NTlaMIGoMQsw | ||
CQYDVQQGEwJVUzEPMA0GA1UECBMGQWxhc2thMRIwEAYDVQQHEwlBbmNob3JhZ2Ux | ||
FTATBgNVBAoTDFFHSVMgVGVzdCBDQTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0 | ||
aG9yaXR5MRswGQYDVQQDExJRR0lTIFRlc3QgUm9vdDIgQ0ExIDAeBgkqhkiG9w0B | ||
CQEWEXRlc3RjZXJ0QHFnaXMub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB | ||
gQCTGYrjANI8eSNEk+1ddRsJy/OFaDqJPyRydl37usVYWqyf52SItFIMJvDGvM4u | ||
8W/kFIvp2otHTeXWdmGCfc+j5H0Im3noqawT319GaTR929Uqp89GZYWYrIjTnZmS | ||
3i0ER4evmvPh+/zHT5slCCF0/vUCjJlEJP5AFXX+rc50PQIDAQABo4IBTDCCAUgw | ||
DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUXRMROIVteCLnpp9s1yIw3d3HFh8w | ||
gdUGA1UdIwSBzTCByoAUXRMROIVteCLnpp9s1yIw3d3HFh+hga6kgaswgagxCzAJ | ||
BgNVBAYTAlVTMQ8wDQYDVQQIEwZBbGFza2ExEjAQBgNVBAcTCUFuY2hvcmFnZTEV | ||
MBMGA1UEChMMUUdJUyBUZXN0IENBMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRo | ||
b3JpdHkxGzAZBgNVBAMTElFHSVMgVGVzdCBSb290MiBDQTEgMB4GCSqGSIb3DQEJ | ||
ARYRdGVzdGNlcnRAcWdpcy5vcmeCAQEwCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIB | ||
AQQEAwIABzAeBglghkgBhvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMA0GCSqGSIb3 | ||
DQEBCwUAA4GBAEQK4s64LRrucB050zdfJh122CyLnhYBCTO2CO8g4lBE9j7hnEa5 | ||
1PuuDf+fjoSmXeWAtoxvUbNl9r4fIjw7ES6RfmMO+fusl+hvwk03i+QbNDZ2d7dh | ||
p9EaQQLeJqSy5UkQFPKoMzdIwf+2PuF9CF1POgWoFKtMVnG7DPoRH3W4 | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIICXQIBAAKBgQC0rGj038kDLbpmMzlcEzUboWx4eoJ9t6UsH8wd1mZMLIM32jCy | ||
0qnEsAKls55Q5GjdF86n6D7qnnMzCq4chxxNEqMpfMAB4nKKqVKavQkDPMVyTUVH | ||
1eWhf5CxNNPrv4A9wI9hWIP79w3hMbVXXyyU27VgLXiOFxGJSVVqhxvsZQIDAQAB | ||
AoGAdw5Ns19sJG4TsJj8qVH24xhCVDnWl2VWsHbbmKXZj0Sdy0Y6ZPww5u1dMTfl | ||
kUSSXW78vORr4Us8elwFU8Msv/g4NjGE9PLL6AZGrPAX1p0MoFJGmY8LlSZx3m5F | ||
e2P6gUkCcuNRm4FqKiXo/IsSYIHClS8MDm4iq8JfXOb8C9kCQQDtoA44BsX4Hnam | ||
9AhXZCDYPkq6Ri12x7vdQ0vOaqRybZcSlEJyzzmbJ9C1lbOBgRjoEK81dI92Nv2k | ||
J7AxrGW/AkEAwqT1P7OounZA1aVFo4OsH7jVa7aPGtVEkwCgErLearyGGmEOeoEE | ||
Hc/3zQUm2+74I6oOaubbP/NZJUjbpWue2wJBAITmlc1EDIkfEKGDrv6ho7UN8eGI | ||
yni6cRnpP4atIlhVbr8XaKqpt8BNXm+Q0JrHx1RTsIqnLG2jh+y9vc+qaiUCQQCv | ||
ubuMckePZ7lq6JXxZKvdy8IqR5v07rvFN5hMqV2x4Vf0stEeeiHcRGiEmPUXNCyk | ||
DiCMFLW2i51c0uUx9/JnAkBS3W3FAl4JdkmQS/43MgbTVJ9arGawH5zasOUkjCl2 | ||
cqKHs2w33j22YqvK98/p+VTw51IjYr1EtIafJWU8ytVx | ||
-----END RSA PRIVATE KEY----- |
Oops, something went wrong.