From ec219673dfb48042ac4f231060e9228f343839c2 Mon Sep 17 00:00:00 2001 From: Emanuele Sabellico Date: Wed, 4 Dec 2024 19:06:45 +0100 Subject: [PATCH] Test untrusted certificate signed with an intermediate CA --- tests/0097-ssl_verify.cpp | 175 ++++++++++++---- tests/fixtures/ssl/.gitignore | 3 + .../ssl/client.keystore.intermediate.p12 | Bin 0 -> 6872 bytes tests/fixtures/ssl/client.keystore.p12 | Bin 4345 -> 5128 bytes .../ssl/client2.certificate.intermediate.pem | 164 +++++++++++++++ tests/fixtures/ssl/client2.certificate.pem | 194 +++++++++--------- tests/fixtures/ssl/client2.intermediate.key | 46 +++++ tests/fixtures/ssl/client2.key | 70 ++++--- tests/fixtures/ssl/create_keys.sh | 95 +++++++-- 9 files changed, 564 insertions(+), 183 deletions(-) create mode 100644 tests/fixtures/ssl/client.keystore.intermediate.p12 create mode 100644 tests/fixtures/ssl/client2.certificate.intermediate.pem create mode 100644 tests/fixtures/ssl/client2.intermediate.key diff --git a/tests/0097-ssl_verify.cpp b/tests/0097-ssl_verify.cpp index 21e670beab..767d9abf12 100644 --- a/tests/0097-ssl_verify.cpp +++ b/tests/0097-ssl_verify.cpp @@ -117,6 +117,33 @@ class TestVerifyCb : public RdKafka::SslCertificateVerifyCb { } }; +/** + * @name Test event callback. + */ +class TestEventCb : public RdKafka::EventCb { + public: + bool should_succeed; + + TestEventCb(bool should_succeed) : should_succeed(should_succeed) { + } + + void event_cb(RdKafka::Event &event) { + switch (event.type()) { + case RdKafka::Event::EVENT_ERROR: + if (should_succeed) + Test::Fail("Unexpected error event, got: " + event.str()); + else if (event.err() != RdKafka::ERR__SSL && + event.err() != RdKafka::ERR__ALL_BROKERS_DOWN) + Test::Fail( + "Expected _SSL or _ALL_BROKERS_DOWN error codes" + ", got: " + + RdKafka::err2str(event.err())); + break; + default: + break; + } + } +}; /** * @brief Set SSL PEM cert/key using configuration property. @@ -241,9 +268,25 @@ static const std::string load_names[] = { }; +/** + * @brief Test SSL certificate verification. + * + * @param line Test line number. + * @param verify_ok Expected verification result. + * @param untrusted_client_key Set up an untrusted client key. + * @param untrusted_client_key_intermediate_ca The untrusted client key is + * signed by an intermediate CA. + * @param load_key How to load the client key. + * @param key_enc Encoding of the client key. + * @param load_pub How to load the client public key. + * @param pub_enc Encoding of the client public key. + * @param load_ca How to load the CA. + * @param ca_enc Encoding of the CA. + */ static void do_test_verify(const int line, bool verify_ok, bool untrusted_client_key, + bool untrusted_client_key_intermediate_ca, cert_load_t load_key, RdKafka::CertificateEncoding key_enc, cert_load_t load_pub, @@ -253,10 +296,18 @@ static void do_test_verify(const int line, #define TEST_FIXTURES_FOLDER "./fixtures" #define TEST_FIXTURES_SSL_FOLDER TEST_FIXTURES_FOLDER "/ssl/" #define TEST_FIXTURES_KEY_PASSWORD "use_strong_password_keystore_client2" + +/* Certificate directly signed by the root CA (untrusted) */ #define TEST_CERTIFICATE_LOCATION \ TEST_FIXTURES_SSL_FOLDER "client2.certificate.pem" #define TEST_KEY_LOCATION TEST_FIXTURES_SSL_FOLDER "client2.key" +/* Certificate signed by an intermediate CA (untrusted) */ +#define TEST_CERTIFICATE_INTERMEDIATE_LOCATION \ + TEST_FIXTURES_SSL_FOLDER "client2.certificate.intermediate.pem" +#define TEST_KEY_INTERMEDIATE_LOCATION \ + TEST_FIXTURES_SSL_FOLDER "client2.intermediate.key" + std::string errstr, existing_key_password; /* * Create any type of client @@ -265,6 +316,8 @@ static void do_test_verify(const int line, << line << ": " << "SSL cert verify: verify_ok=" << verify_ok << ", untrusted_client_key=" << untrusted_client_key + << ", untrusted_client_key_intermediate_ca=" + << untrusted_client_key_intermediate_ca << ", load_key=" << load_names[load_key] << ", load_pub=" << load_names[load_pub] << ", load_ca=" << load_names[load_ca]; @@ -272,9 +325,24 @@ static void do_test_verify(const int line, Test::Say(_C_BLU "[ " + teststr + " ]\n" _C_CLR); RdKafka::Conf *conf; + TestEventCb eventCb(verify_ok && !untrusted_client_key); Test::conf_init(&conf, NULL, 10); + if (conf->set("event_cb", &eventCb, errstr) != RdKafka::Conf::CONF_OK) + Test::Fail("Failed to set event_cb: " + errstr); + if (untrusted_client_key) { - if (conf->set("ssl.key.location", TEST_KEY_LOCATION, errstr) != + /* Set an untrusted certificate, signed by a root CA or by an + * intermediate CA, and verify client authentication fails. */ + + const char *untrusted_key_location = untrusted_client_key_intermediate_ca + ? TEST_KEY_INTERMEDIATE_LOCATION + : TEST_KEY_LOCATION; + const char *untrusted_certificate_location = + untrusted_client_key_intermediate_ca + ? TEST_CERTIFICATE_INTERMEDIATE_LOCATION + : TEST_CERTIFICATE_LOCATION; + + if (conf->set("ssl.key.location", untrusted_key_location, errstr) != RdKafka::Conf::CONF_OK) Test::Fail("Failed to set untrusted ssl.key.location: " + errstr); @@ -285,7 +353,7 @@ static void do_test_verify(const int line, RdKafka::Conf::CONF_OK) Test::Fail("Failed to set untrusted ssl.key.password: " + errstr); - if (conf->set("ssl.certificate.location", TEST_CERTIFICATE_LOCATION, + if (conf->set("ssl.certificate.location", untrusted_certificate_location, errstr) != RdKafka::Conf::CONF_OK) Test::Fail("Failed to set untrusted ssl.certificate.location: " + errstr); } @@ -316,6 +384,8 @@ static void do_test_verify(const int line, pub_enc == RdKafka::CERT_ENC_PEM); if (untrusted_client_key && ca_enc != RdKafka::CERT_ENC_PEM) { + /* Original password is needed for reading the + * CA certificate in the PKCS12 keystore. */ if (conf->set("ssl.key.password", existing_key_password, errstr) != RdKafka::Conf::CONF_OK) Test::Fail("Failed to revert to existing ssl.key.password: " + errstr); @@ -329,7 +399,6 @@ static void do_test_verify(const int line, ca_enc == RdKafka::CERT_ENC_PEM); conf->set("debug", "security", errstr); - TestVerifyCb verifyCb(verify_ok); if (conf->set("ssl_cert_verify_cb", &verifyCb, errstr) != RdKafka::Conf::CONF_OK) @@ -429,8 +498,19 @@ static void do_test_bad_calls() { } extern "C" { + +/** + * @brief Test SSL certificate verification with various + * key types and trusted or untrusted client certificates. + * + * @remark This tests can be run with a root CA signed certificate + * when trivup is started with "--ssl" only, + * or with an intermediate CA signed certificate, + * when trivup is started with: + * --ssl --conf='{"ssl_intermediate_ca": true}' + */ int main_0097_ssl_verify(int argc, char **argv) { - int untrusted; + int untrusted_client_key, untrusted_client_key_intermediate_ca; if (!test_check_builtin("ssl")) { Test::Skip("Test requires SSL support\n"); return 0; @@ -444,45 +524,58 @@ int main_0097_ssl_verify(int argc, char **argv) { do_test_bad_calls(); - for (untrusted = 0; untrusted <= 1; untrusted++) { - do_test_verify(__LINE__, true, untrusted, USE_LOCATION, - RdKafka::CERT_ENC_PEM, USE_LOCATION, RdKafka::CERT_ENC_PEM, - USE_LOCATION, RdKafka::CERT_ENC_PEM); - do_test_verify(__LINE__, false, untrusted, USE_LOCATION, - RdKafka::CERT_ENC_PEM, USE_LOCATION, RdKafka::CERT_ENC_PEM, - USE_LOCATION, RdKafka::CERT_ENC_PEM); - - /* Verify various priv and pub key and CA input formats */ - do_test_verify(__LINE__, true, untrusted, USE_CONF, RdKafka::CERT_ENC_PEM, - USE_CONF, RdKafka::CERT_ENC_PEM, USE_LOCATION, - RdKafka::CERT_ENC_PEM); - do_test_verify(__LINE__, true, untrusted, USE_CONF, RdKafka::CERT_ENC_PEM, - USE_CONF, RdKafka::CERT_ENC_PEM, USE_CONF, - RdKafka::CERT_ENC_PEM); - do_test_verify(__LINE__, true, untrusted, USE_SETTER, RdKafka::CERT_ENC_PEM, - USE_SETTER, RdKafka::CERT_ENC_PEM, USE_SETTER, - RdKafka::CERT_ENC_PKCS12); - if (test_getenv("SSL_intermediate_pub_pem", NULL) == NULL) { - /* DER format can contain only a single certificate so it's - * not suited for sending the complete chain of trust - * corresponding to the private key, - * that is necessary when using an intermediate CA. */ - do_test_verify(__LINE__, true, untrusted, USE_LOCATION, - RdKafka::CERT_ENC_PEM, USE_SETTER, RdKafka::CERT_ENC_DER, - USE_SETTER, RdKafka::CERT_ENC_DER); - do_test_verify(__LINE__, true, untrusted, USE_LOCATION, - RdKafka::CERT_ENC_PEM, USE_SETTER, RdKafka::CERT_ENC_DER, - USE_SETTER, - RdKafka::CERT_ENC_PEM); /* env: SSL_all_cas_pem */ - do_test_verify(__LINE__, true, untrusted, USE_LOCATION, - RdKafka::CERT_ENC_PEM, USE_SETTER, RdKafka::CERT_ENC_DER, - USE_CONF, - RdKafka::CERT_ENC_PEM); /* env: SSL_all_cas_pem */ + for (untrusted_client_key = 0; untrusted_client_key <= 1; + untrusted_client_key++) { + for (untrusted_client_key_intermediate_ca = 0; + untrusted_client_key_intermediate_ca <= untrusted_client_key; + untrusted_client_key_intermediate_ca++) { + do_test_verify(__LINE__, true /*verify ok*/, untrusted_client_key, + untrusted_client_key_intermediate_ca, USE_LOCATION, + RdKafka::CERT_ENC_PEM, USE_LOCATION, RdKafka::CERT_ENC_PEM, + USE_LOCATION, RdKafka::CERT_ENC_PEM); + do_test_verify(__LINE__, false /*verify not ok*/, untrusted_client_key, + untrusted_client_key_intermediate_ca, USE_LOCATION, + RdKafka::CERT_ENC_PEM, USE_LOCATION, RdKafka::CERT_ENC_PEM, + USE_LOCATION, RdKafka::CERT_ENC_PEM); + + /* Verify various priv and pub key and CA input formats */ + do_test_verify(__LINE__, true /*verify ok*/, untrusted_client_key, + untrusted_client_key_intermediate_ca, USE_CONF, + RdKafka::CERT_ENC_PEM, USE_CONF, RdKafka::CERT_ENC_PEM, + USE_LOCATION, RdKafka::CERT_ENC_PEM); + do_test_verify(__LINE__, true /*verify ok*/, untrusted_client_key, + untrusted_client_key_intermediate_ca, USE_CONF, + RdKafka::CERT_ENC_PEM, USE_CONF, RdKafka::CERT_ENC_PEM, + USE_CONF, RdKafka::CERT_ENC_PEM); + do_test_verify(__LINE__, true /*verify ok*/, untrusted_client_key, + untrusted_client_key_intermediate_ca, USE_SETTER, + RdKafka::CERT_ENC_PEM, USE_SETTER, RdKafka::CERT_ENC_PEM, + USE_SETTER, RdKafka::CERT_ENC_PKCS12); } } - do_test_verify(__LINE__, true, false, USE_SETTER, RdKafka::CERT_ENC_PKCS12, - USE_SETTER, RdKafka::CERT_ENC_PKCS12, USE_SETTER, - RdKafka::CERT_ENC_PKCS12); + + if (test_getenv("SSL_intermediate_pub_pem", NULL) == NULL) { + Test::Say("Running root CA only tests\n"); + /* DER format can contain only a single certificate so it's + * not suited for sending the complete chain of trust + * corresponding to the private key, + * that is necessary when using an intermediate CA. */ + do_test_verify(__LINE__, true /*verify ok*/, false, false, USE_LOCATION, + RdKafka::CERT_ENC_PEM, USE_SETTER, RdKafka::CERT_ENC_DER, + USE_SETTER, RdKafka::CERT_ENC_DER); + do_test_verify(__LINE__, true /*verify ok*/, false, false, USE_LOCATION, + RdKafka::CERT_ENC_PEM, USE_SETTER, RdKafka::CERT_ENC_DER, + USE_SETTER, + RdKafka::CERT_ENC_PEM); /* env: SSL_all_cas_pem */ + do_test_verify(__LINE__, true /*verify ok*/, false, false, USE_LOCATION, + RdKafka::CERT_ENC_PEM, USE_SETTER, RdKafka::CERT_ENC_DER, + USE_CONF, RdKafka::CERT_ENC_PEM); /* env: SSL_all_cas_pem */ + Test::Say("Finished running root CA only tests\n"); + } + + do_test_verify(__LINE__, true /*verify ok*/, false, false, USE_SETTER, + RdKafka::CERT_ENC_PKCS12, USE_SETTER, RdKafka::CERT_ENC_PKCS12, + USE_SETTER, RdKafka::CERT_ENC_PKCS12); return 0; } diff --git a/tests/fixtures/ssl/.gitignore b/tests/fixtures/ssl/.gitignore index e58fd014d7..486e9d336c 100644 --- a/tests/fixtures/ssl/.gitignore +++ b/tests/fixtures/ssl/.gitignore @@ -9,3 +9,6 @@ extfile !client.keystore.p12 !client2.certificate.pem !client2.key +!client.keystore.intermediate.p12 +!client2.certificate.intermediate.pem +!client2.intermediate.key diff --git a/tests/fixtures/ssl/client.keystore.intermediate.p12 b/tests/fixtures/ssl/client.keystore.intermediate.p12 new file mode 100644 index 0000000000000000000000000000000000000000..7573aa60f540eea78c39c3a46bc2fd6bca3c6c83 GIT binary patch literal 6872 zcma)hQ*b2=vu$jfI}_X56LVtQwr%Zrl1%JmV%xSeu`#i2>wLHFsqe4zbk0LpSFhEp ztKU{tHw%bh0RkM71w`Nv15Xzw8TNz>4hxfnz8T}*fps^5+t z-&(m=rg^b+=Rl7EI}5WiGc5>EFU3kIVz1^iC<8&7n4>oA2`0*V-7#gd#v7H0#QLsR z2=H9ax%e>IqpmU-s>`qKE>C%ObdLd&+F5Lc`g&*Q=IH?$wmQL_9}?E@2H~Z}{=cVK zyrf_*9G{Vr{C2N*9>J0=chhzC>4Z~Q4I(oCFzPWpmowo-gw2@I+n1x0&>_)fg+p2%!QL^8Mca3S=Yz||>~%Ju|h0fPUei|g6zuFuQ@VkSU~cwp0B zTRm`(XXvL3;`k6b8!@md^AMc301F5If0HrbQsfp3dMaRhsMzVo}l9fm-TTutFXutLz>8Onj zmUib+&udaZPe~^RfCev!Ic++F)uuUp1YaAUIMsZ&a?^@-&k~fhe#2f-_|><*B!S5@ zc%JGwf&dx4Id?U4VmZAkcemZPQPOt71Mbzeh-wp0csf4WQ|f(~>X|#;sXgsl-o4mu z%-SPtg{KaE2x7+-U>NremaVD66W|iQX%&z7pX`XSUG#9os!hNmhnq@ZpRUtms~;gjm6*_J$9qrT z)}#srsi0BRuG=`;udtJ*wD%-%B12yZ4g1Mz0WaAF`IH}0q?N;!BX}v0SgUf)5uN!s zLRrgpBCVFWP9+5Y)5lbNvh#?Mo>A1X_NU(A^Wf zbgKYDR_+P4(e&13kfz4sKX~mRa}*y@1v4>%!@kW3*G}IGu0?Rhx;cw5<~0rqKY-u@&bdvU6QT+ zhI4Su3Y^G{VRlf?Cc8Vu!{{zfU8)LNsV=qjH7ZQS`NS%d{Kzdjp0O)TQBoapMz8I| z;nd_krkAK1)*^-C@rg8+e)_Jb?hwcZuAqlC{)RK+zlS~k6!Gh;ekNC(!ihi`2d{(``@tI`&O z^8M;oSZsYP)42gDNo?6b5s$hxp_fdLl)BmQ$7Bh4SVl+ z-4o$`>1jr>{F}1KdcJKiDU^mm5ed~`TKg20&NHx+D2=I(99~!@zNbPmRv{L`f9)0? zixmZc1ZDze3uXmo24)ZD%0l`d5}OqZ3PaV(&g>g2H#<8!D?0}_3pYC(3kbvM-zHd? zTo8uwKaf5IIM_c)<39}e|7P<$85VwuI}_{CsQmNP>FiJE6sg1i7n{ci(xoVmsN44r z;-E6PnyCbW(6^Ick9tZuNbhT!cKDHsZ!fq9q2#jiKn=ThXYY2(@iQK4b>u#gtbJV; zH6b2)GztOriO1}8O)F;3rtPo|`MRWmW%Kfe5k`^tIEni``6XzmjnYBAI*OZLZOaeC z#8{u&9SuTs5IDnc;G6o4yylRYp3w>J(*O&q)^_lL;_JCD3R=|%s`)E)#b<{}Up1o_ zWy*TK%tGykBYJ3z)lPMN%{?*Gk_pv_+XB>wFHR$hC=VL1#+E)9fmDhF2;ss%HKs3q zQk-Oe|E}EDE(fy3)H97x>!?ym;B(Two=sR-}*}l1)@_$MQCy zlkNctutiGA#!!}44YTdY^Bmi*olFitQWpXZ+d)k2QMbw}{LAFabh-#s)pDSoF3K)r--jW$VugC8< zjJ~zr&Mf_c!*t%YTh;o5HvPHQuT&%7)WNhj5>tbYf|M{pkPzk1@$_(? zl+ju?VWEeY6V z2FqD^sc(@qq7KqnZ(T0;PkA&PRqO8}$G-sC=C~y%g)POOz&Z8%wqzOoW5d=Uhc4Ye z$C+5!Eav0)q5>nR000vJ>*4hxf7Ewspp;HlDa0?U5usNtrY+8XN#n{Ql+A27xkFFm zS7@_ZBn2nO(KJ@KF#BS!{WSu{Ww95L3Z?g~q)d8Uc%MHf_0a)}dlQok%nT1}YBzxx z#dmAjA<55({!|3zrX02kfGbUB$X^x7vDA-k&hYOlZrX0iaYFfNpKP3!P)5+Qxo{|$ zOq0mtyE@dPFoPirc_5P;aLyCly8G|Hf)ij>q6Mf%?vlCc{JvsYax57){URnL@3AW% zD#Y(!L=&sE=zjPEZGgYseac(P9j-7|&;U1bHch6L^|%*IL9L2DUhUmhLebT3xU9T& zx8q-%a>!CEg}M3dD?FUswjRU{riLUyeiwl+WmXkMGIx7-T7#ckeBrrgZwwKr=cs10 z^S%s8s=3n#GM-VS7ToNhCoX^E2^Aomj`+7Jp}X?|K!a31V0lq;@^D5fKltld=l%I> zNhh)K!bCz=2jhn&X0hSv*}C~@qG&ShG80DDkVJxp$k@zkkcYl{BtJd?0arorE)yns z+-bUgaXwjne=_!rQ;G7&Br|+I#ru*uRvtg8ho5!J&@674c8BoN0{g zcanTBCg&$XJ^D_GE1jt;j~R@LDWwTrBT_qn`QokhvRGHHdvSR#0F_YudJU%@0RDS3 z+M8r1l~;k@l5NkGNPBY1oMNk@s!8DBcsAISePW#$%BD2#fu77y+Y#M&H195m1?OsL zob*=@R>VpY>Ab^Ab81gKPfHZdeqrVb@ z5{x8rAGcSTe$WpXnl0X=a%)~eGRpP!jTca-b)5s%gecDN{2aB1Q$q##gDIMN#=wN-k=|MqJf{1XL*U$=x8q&kGMaP%0N&YE z{TR13?1n-S*X{wr6W!#UP9O+cXT0L+(yDO?1G1sDc(P)lJN;Opo6H-q#WjMrCEx z8Xck1jIzyf`27-C2tbd41{u~hQ$~`U__2ycDD)ox>nPNVwVlH}_c8Z6=gz@8I$vS>T{=_s=cf%;%Dn_>~3KA2 z;0%I@%3-cNdO5HuIS%b=hu-3SJto&pOl_-t-Y?&_gL8x*$dBFu-}OS)_Lco0ip2kN zb*^n^GB-)wWVH&WPQ(C-DGp%P&3yGe^{-@91`6An_-zF8xcoPsrg|H@-)&xGklhL( zUK|Vdq<_R88m~Y~aSsFSXpi&^CHrVQ0+*HC`sxYI-eD+Dn4K`~W;5>ev1em-0OUi< z$AT?qIkQ{B{?pWSEpO?~qxWZ$?-eIo6yp1Ha`LWVb8e~Lw%+wff2OVjFL-bH!d;i( zxm;$+AiA@&*-e|$#}C)ljphYrMu+PtpFQ4tPYBY|N%_%r5wzAx>8A=Oxg2x44EBtd zXIa4to}^#nOCRitss*bK)##rjvJu3GCN}(>hJX7kkTLp4=l|vBon!kUQ3#-`cnI_)kS~S7+5=-enY{|G|7Gw^$Hlw)$ z3=la#jYn)3f)A2MC4&-%fX8fVSH+_pRZ+s)Z{96ZQ1|)MdQj{I?9(;KE^+|VdE3v z@)|Wp4vWv9DJ4pyV#mmSl44A>DXX{R`O@?>ccd|ebg7+^(zY0dYDp|0-g%UH)f^kY z5Zdma9HK>OkL|n&xpV9+ueX?NlgE;Zg#2Zq%LPNSJORCLi_V%gIt1>XXl2aYUWo$2i~Y{g*I;xWkICSr;0Z%lXl;VPO#6)W;VO8 zjG6&e5=`NkSkD;1ZsFKNT%2)W;C>z$px6ax7K`q5+cmjJ9T^+li8_^}~rCS`+dWW-y1pFcna#lz9JeZcX|PMD)@u_s5hTuHS@7EG}2#$B;2yMb4VwIAn1Uw-^50OiVUy)KH4y&*^;on zpaI}+Ks`0OZ&S;i|JTYTv<-VCSZbGT4|B(`mz3TMk|0H8%>q6b_T5StlwLxkx@ic0 z%?oB|RX9!ZyIfSl!S*AoyT3j4WDu9iT&;Z^%4&bpy)Kf%AJY<+z&kB3>`IUSscOA@ zXatLe!pp8pmy>-yB*%HZdlPAq%Z7%^x!NmkCX!uYs8&?Fkj-_yj$5EpTw9E8n3IOk zs`JH>ZyzpHsrb)VWhRToa(p>X1Oz@)@N*LY5RA=@?#+KJGL1nW2wSF#^?40Zy$@E4; z(Y8Y&FVXamJ(8tFXR(ijSb{CZ-1Z$gc5)v`yR`;v53lzHLaO#&>(GIllCVasWwAyd zh1D}y;zY+V%>%hiQTpo&9bGissNBO`TluP@Y_i-ywZ!(VQ0=&2cOgMTe3UKONMk~T zs4XI^((7mO)2LeshXHaJ@{-dnXkSXQu2U zixDmz|7SDzDR&u`@;#p_R*%<|c}-UZd@K8*IN% zEZL*mSMw&7D1y@v^WQnT8E{(1v))`F{C&Lsc=C$^d9#TBpz0(lTVEL0i z`4mRhRqmfVT&D>N3ot(r*}^&YSxb>_;KxT0IUZvB9e3h_u|*gt#g18PtewAM9!VR| z;E#-jrhNkbOv?(F_uKSM5gEdAqLp3Xxyy`s7>s3L-8oY~c9wyg+`_F&Ux(Vm#7=#? zLxB*?{fNR$$UWTdePzJJ2@sPE0^}Z8hsnfnoL;|B>8^&?9j^&Jee1=EuYfk>zOJJQ zQoOGZKQ1=0IyH$gViOxvQUxOR6>DDFQ}=sQwvty5$zc|Bbx%UaF^3abNi|TM-({azYg}Qr+w}w)Zm?B4rJAmuu(y(n5tIw-aC;E7}|`%c3KP$QUM_u znB2s;uj$Ubq?(uJP?Nw>F7Sg;_*J5!qa)_X8*c5T4YCs^V7<_wUizh+v^jz%;U9x8 zo0y-gR6^?*1=Ev;6Pp51ntv)3>aCA1W$I;Fj@4V@^Mq`)7mV%2jrzeO_{nuVfNLb> z6Amb%!5HDNZ%Lsn9Ue)|?QgC(-2IklaDWFxT3>^Zd=YsaHci;jJffI~M(fvD|djT>;Tw zA!|JA!EOxJ0sH~ga1nl9k%ZeIiV_XnIZ}b*Z*$7u-W`gMUdj4hd+=GEUmo7=T67FkQ*gd?sb>0bH(J3%c^r1LHmDR71#&^^;DFSen$#fTB8+$%rbyR z$nP$wwkats{OnTnhZgF`nT361KK{S2jO2iSi40P915f{WGysW zE?El~v2A4m14pg_ruBk%wPK4ueL!qm_eALo&DCP79Gj>FHs{c>Y#>RR-%~v=eBi!J z{i{wY7(9kK3%$%7)JsNqvshT`y%OSS^atP*UyW!)58wV%(k_ zmZ6mh04AJRdI-VTLWFl}q0%Hm_)b%%!qj(8?Jx1y39o%PIDBg#ApN@i`;!JWNbzd& zzPDKZc4F*LxqiU2wNnkmcgo#Qn;3U+K;)1&oIqw8`b}s5P6X8)0!xfW@yGON`Fo>I- m`;-a0(jmk^VQKd|Z7?CST5$^ep)HC12>AMo-2eYhO#cO%f&+s9 literal 0 HcmV?d00001 diff --git a/tests/fixtures/ssl/client.keystore.p12 b/tests/fixtures/ssl/client.keystore.p12 index e8c8347eeb2cd290d549fb9c0c93861007cd0dd5..0c5c737ac82316ea453902ecb2920394e09a381c 100644 GIT binary patch delta 4994 zcmV-|6MgLYA&4keFoF~W0s#Xsf)lO=2`Yw2hW8Bt2LYgh6Q2Zv6PqxC6PGZ82kr(5 zDuzgg_YDCD0ic2h-vojO+c1I$*D!(y(*_GFhDe6@4FL=a0Ro_c2Y@hw2Yi$L1t1i& zSCKr!^}f!)#sW|+euBk&!tA0n$+-lx2}21cC<;Af08HK_^RMDlz1RFA!S^7K~B8_Q#(=i!k)>@fxL;e+g#poBPs%)_NNfEkr}Az)6IvC1Xc2$wv6|9vcw zWa*1M5uZmH#eKhk=31vnpUwl3NAv&d>@eq(Alxza-yBGgMZC&Hu-I#Yc7kWcHYag9 zZ_PE{?L3*-BzU*2T!}}^+f2@3ip1-Dq(bZtb9yNErlU8qIw89Q)cY=M)-9MUGsoZ` z(ct(28;7x8OlSKvy-TrNCW0`3G@lGU=`0!uHj1F&o2;1g{&-3AlZMh+7Fr6y4z=jU??O|C zGG5Pzo2VWBK|LiXnBfZYS&iVPquCpB41GQiy4au!kfPjL?-V26de{Te!P8Hckr1K7>j{abj+%DO#6a)XQ>no z*!qUB{xEi2&xo|egtI0~TpgGKz==558#(hx4)aOE1P%5I*Gv(A$;EdXE^;O>dY5T4 z;UB_?#XY^pTN@H?`foeA?);{{-L{Tlh4h^c@fekja2ibztNkRPp$h_DbynC!T2MDL zZ2i~hqk4b3d*aj;`2gGKmw%_OzRa7(sW;~LQAb>184lhnGG-ZvMv%6qUz~G`#MtqlFWKmQiM}&~n~++uFF`!w+})G26UtRTNpf=wphbbuq90m8fDc$rh0r{?lfHVM=Z7F2pZ?d{2ZT#b?eRc2()P2eh5{K1H32 z=0rpY*AW}r*<^7ZKE-RvCHpr@!`6uJd&f=HC2seb3XWOJyP?0K@0)FlBs=W$c5z{f z$Tvh*f7ATaaJg{_cXqp)zWp7Vp;b(w@D3xi%HLR)rRIp?jkxhzY z?bp12he=PQHqi=$@HHl#Ym$#EZLdW>46ESrlXt=QF{&Z619Oorhow?%ALdhovJQzOE+?H=AGny*dkL1(02 z$w9S;^Dsw)VexkiSfPG~^882Et$)7Cm-1^7-G|rKg60LB$u9MNoUy1 z%r=A0PcEZjE^UN_p+^LD;^>oS05j`vf_UPzE2I;vI6}T z1vR)}jZh&hBVm}>1S^L=xfp8_M4rb6QUyvrt{&=v^_5+9%)F%hfSP)jw+o*uw1ppe zLH-`3`MSy{E-~W;l=cOK{y({bkh6tku5(&M4}d>L05<3X3!FS^aP>%4PxYYjmDz6Y zLmeKKQ^7EQ%;-U}Jnnz4SdkhST2Ph{-%)5|oIESF+pe!2-4TbCS}7$9vfOCtKl7SZ zjVbm&YgNIk($wG;h$Io_3RXKI;kd_-eQ%c?rkhfS0@RngMa|nVm9p3r+5!Dx*Q^IW zSwIw9+tIqhnX)a9r>k{dtrvRMoAM^0>JA+Lc!kuLL3}KN4k&+UXgvVE+F=V6+f66s z;b{QOG0MXJ#0*<|d-I0sLwLOI}*h8RB(dzWC0 zAtGT5#b{nG$!mY|I(JXl6gyeDQUKCdkh)>mu2>0+raa_Yqtg&;SX~)- zq!WXwz0&H5d@E{cA3H-JVid~%`eIZ#)yXtHZEYs-p~{saf34byPbCZ(YvO}EDM>t? zYrC*s0x3KR@OMH7p73+nwyUB08t`3U6V!=~N#es;?5lrum|rFdo%YmhUCUkPja>(D z?uZzv0QKyLTzQv?kj(`pdzT`#y?#(Gp&584LnV_A1XHgG^hu84T)aaFjcJSq>a4mV zube%`-P$;*{!80XlAaF0O0o)z)2~su!d@Cw_m-k?;m>^g;vCe~uh$-O`1!3USorQG zQd%|i+>?J>HNiN0%64n%J7$yF0_k9|DVG_cjs2yVzPtNxW57_&9h)y<;b-g!gAO%; z^iRoW38QsJZkFL%f<81@wotbolo>c)ttW&GdW>jIR1om4MX6mAfW5BJY@N8s{r+Md zYwt#tkN!rMWq!U=)yBeiQ3X`$Yn}RD*|$cWZE)M*tW5Xf^%q$Vr=F-sjcP zsBEhjbZ&7$Q5~pG=l*Z`1FZf1b+cVR4M&X|*sr1{n0(aW)*O-N4KZ$R`cN*LuRPUX z|CWD#;cw)%nmh8<8D>&A#caYg` ziROh9d*HNb+#+gWFWRx}!JfP0{F-GA{X2hhqsFF1YPr+lHv)>C+7bO7*6WO5*$7qa zKeg1MBp}z$n3}$@JiLeK=spe~Eu(%Pz>eM&tXn{fdm=gu-AaU4C0@zNhx>7I@Xsh^WrB~pJ0 zQBapT3#m|;#o;43Fng3RYQQs=R1~97bD?#kIovWR7b)~`#3@cPmlh@|x!DzH0M-vE z=%NGUmY1hKi%w>=tDnk})ov%kD4O{A;gNyd?|i_;0M7Vf=eyJK?YBu{`j2suSq-<4 z=Foxx*W}jLgP6Pb|F@6l@jsI0o{oR;3Me;T-WdzjutR|=@KV>d)Yo5>$+I%wpQJme z&|B8rd6;J~4`HZ8X63iF`>Q9JJ0MuXU{O6}QHRU=O|RqV8?0S%Oc9j zNye79ehn1GFVWn?0-1C%M$j)2mp7t_$UkF-0BM?s68oc3f8?e0^R`N!dDwrp@Iz1D z)%7%Fmpl@v*wzVd(Ek9!f)n4x%;EdvTO97gZz{{RfJ zxu1Z0eu$)Ce4Rd;)nlS4^St;gbWC0q$E4af-4?)|GA7DRfTy?l0uAjAL?sNPeFfQ` z`z0h9aFlY{%{E5}3S@vT8z8nhc;#&O)ez_kwq2PuN`;{=nJVVcYY0-=(x~S@)CNZx zczggW{{$_2u<>)U?hk*;f^eaPG1MO5Y8(y;Iz_kKdN7$_?(Xi##9qi(uKW#28pJv_ z)<8<0e!9=qASJ9ZM#@xrM)5$&SbpCfzj}Yr*juzU14Q(CsjO*~GI&$+0iu7sWTcZN zpJ$PyM+uHr|E_WqIZyU8>o@|s6warj*nw9X(6f!Q?eRxFi4=(f~ zO5cBj3wA0ar%w{S!Gcw{3JvP%qpR+-IATS!R*eFpieMu!O_>o*hqexORXI;KZ%*1q z;2Btri2J(;ke;AUD0IPW2mp%HK9V;JrG3!9YS_3X0snvJU%Cp|muXkh1xuf8FNm9805Tmut+LQQ z%#MGwF?FSn``llA2b-S}gkLTE)_`^1)oU$7%Km@2k2hQAmgsmMs{+aja9OAemfd|k z+LzYU;bU=e!7I8ssB^{O(p?gq`ZkXnW`<1e|3L>4Cg^f3?5kBEbNxE(%vhGlmqbs1 zxOR=auc#JT3?UsLzdXARQ+-KeL!cJoY9E}gZFS~Zejx0J1Y?B%!ZG08L-*z17T1hz zCRBf$X&vuKosM0f(P?~0Z(5)P!ZtOL`FLzzvBoe@na1$SGciI@vdfbgws)xX5a(QW zShAlD+J$8qrN=Q7Y8453Xro6bC6d^G*S@NW^v&rB+PA`Uy0hq&BlU9_+Oc03w7?IM zx0lo|_8=1wUUxYet{3Q6VLl04=8FBc;z)n)cr9RCs~;o^L%CoSpvKdw=t|Foz=&uo zk4!@JG>CeKYI}OrlSlR}6|24daFj}|C_wdmg;pq_eK1WhF)$4V31Egu0c8UO0s#d8 z1R#eZF=fE0s#Xsf)K6-2`Yw2hW8Bt2LYgh5T68s5SuW95SK851+E4O zDuzgg_YDCD0ic2fp9F#hn=pa}moS0_lLiYahDe6@4FL=a0Ro_c1wb%@1w4~I2p|;F zs#EfyzwtPvH@t+8?)sdp^nYcOaR?-TFkC2)0BtqjJ;ES&&)8I+UMC&+2!l7FwqE$Z88FKgOE*v-cn>4jA zyzxE)0t9D$My|p_y;H+hhk@)6#|m!__k32~OVrVa2}QN4p%t+YSBAW#G!zbh%CqE; z*EmwM@mqp1bo=-S@|_sLByb-FK9E-9=6C8ADHmG=SOVUB{z7CN5|#(|F9rJ@xNYy* z5J3njH#6ngV?PC5@s3B_%FKKd-0e5T`_UJV?8fxlkeq|_TCp0lTSVR^t$!A^cgExX zH>#xlF2E8Zys}e#|5D8ifcm+A*OiEs<-jrBCN{pnZ0GqrY)%JiVHxOYjg?E{M*9Yq zoLR_mHOArCi6eo6I2Y$#hoQ5RZ^`fg_GDmM3?0xES9x|{uQf3$GElux^M#%|L;dfQ zh>3OwKjIbbz{#@XoQgBF4OhW4f~FE7qFV`F5mF&m0p-cB4alDfVTWaZungPFGD~s{ zqPtAj#@4~rg#;*`p{<~eAf(r<0XVm780vf(o5)h(^Sj;D+%n?wx0@V`Mma^!LJHJq zmkGBGeD09l34_tiCFA1Wm5|1-XASxdE(+;01ftp=-iz5BCwcN{P<&^~OvdHdv2ZnX zi9~_+3_20xX~g*{TI2P9Z@_*Ag%R>OPO~p##yShrrcj9ca8DcLI_KRb5SK4TRIJN5tg`qQfx6@G>HJ&OR-Z9#L2FDtmpamu z6~@Twq+|j2s_o}{5ZsPChL%C64lWGMO~)B_U2@re$Sk#D-!draZm zL2|yu%v;$O5>JUH{<4LIsmf^gX<_(zhV==vq=|}1c4nrj9B^D=H?S#5KhovGJ8;xD zzmVL7w3a+pTnkr!Tm60TdgS=mb!>pRM$AR-9U9L*IF6wyE0o$HA(R_A(*dAIy;Xt2 zUyiwu6KWoeQ0{X4bbJu#*B_$l`PG#zQ_%b12>B_Z253x#bfD%o>OvGUU;8HjyHpzd z*D4?gK<%b7we(OEyW8BZT-PaZl@8n~%F5&trK(`)dbn=Q!=Me^w`; zOuCv(@xTIq(|)5-I5#+}OnGl%Lnlk;OFIP^XV|N=F+i(m>i1uz7<0KK)FufNku8x} z0~-Dj;^iVvjcsq{V#%GD=&!xv;GvIO_5thfB4YYJen(4O-Flx4+j%H%Ntz^3@B0_g zeft#&#%7(aiWac@c<=}n?C(y#N%~;-v`&LNQUsZUqK;4Q?-BUrxgLiX^tcS-9C~WcXj91eT*~uneVJAar@JM0pIV_O{Lb%X`+Op%`a&CNIBvG+}295e<0^8 z1nH-~kUBUe>ptScpb;C26mwr}`>`FC3Zr_sd*vUUo9|0-Yc?AHc?$V|ZldQLN9!3PKczscyY7-;2xc^0f)haRba8PP7#9Yu zrZDX>nBZjv{7Utx$7q%1(w20s`oTkc<1+<;SH1du5dhWPi5r%lKr^lsYrKc0@C#)c zMjAg=U?Fw`a}PcaRZ!<7%DMk}de699*tsH$rMY;%LMirul*Gq_MtZh?o1Sc^2F&d4 z7mV{=oBKanpGyZ%A9OWWZCO&y4bgdm=kWDQL#zn!WMlxY{Gag;e%B%L_+o*Lf4INP zMY=c4>PdAR2_ZN=&#)cC2WO|7G$OVv5S6B5ExhjR-r{r}#IiDW^z`da4}W@CWUjR) z(xq;+BMl!X8FBf{{ZGGt*qEMyiz?$Fq+JAcjthbXjM~AUis5N@A>`i9qVPA(TIbcA ztLyd--CIPzQ6#pWYnL2c)k)&M*yfO!oa9xjJHN_~LA|r9)PMnX1Bvy)Da*h+|>bM88MlN_goG3)GzHr<1kmh~d3$bRGQ4 zX=b!HC`cA5yQDyk>qL;}Ipb=z^{~GKN3nK@AFUblBhhZ^)5r&7_&<%5?q;%3i8h7L z8iMveXGe`5JEctQwFlZpVh7Zm4$QjkIRz+sK#Ww-ylTpS@>tU@2lAr#XRGyE#21Q2 zq8?rtF|C0@DwDc4^r45mxCD)T_|K<)A~t?PUm5lBH5N(!vE8eK64#H*<6R|}PszEP zgtz4fa^g$M#^>~fEQ)B7FBue4xApZCWEJz=0X;zols z4fjQh{P~%G(Y`fxEzErUOuP{{IE-k~9XuVK{L!dot1Dk?Qpa};INTWN5H!Jb6U=*Y5xn)ooR|3-Nl5<1yWT7jy9NAg-|+&Jo0P*Om z#zOQ0_l)IOn>?G&b@>qP=9{->-2MAheT!m`m|_gu^gc)MvwY<3kD2czah70?#4o?^ z8zcn4n2Vh!)P$r|Hh0$G&H1?Dmf^kO2z!5sLhagg8s8dy{3@7&j=HcRbR^|ddIc4K z^ClZCjh-N6r$o0Cw}=$Nuj+t3EKj)vLwb;={D$32J@8yjRnjK1S2+tm>S$$=CA@Ec z)EtjLb!*uK8)dtQNeFD7IpU42-|6*9=U5ZFzY>yT{$Tr-`~F5c$u^UBfFt7HV0q#d zn2vktyK>t#@Y2LaBW-DGK0vFbU;#3J18mJL&Rp)B8FRQjyrBR|S;2i`C3VpDh+9B8 zbc#0X_B2m-fYgM3Ku47K3QPTlfOKud@0*6YI7c5xePotTGM6Vt zZctKfyRo&)?j`PJ@-gC66$b|A&a7o4lz2mug)DDA={My;d3+nORUh@cjDTE!y|)m9 zpGle8H=D=4J`;^6oaqW~XCY0nsW8HfiX=w!~(H?a8yxJCLI zEzNhezL5J5DHv2a5!^viR}sncO{blwL|ru6c}OUkN37;uO-h8}Dx6zPlhbijQ6@(T z+l@0HV$aU;n3;_pIAZ}6rZJO$hV;rz0^68se6RCbB(-;%WA~ygpT_&-41Wk%pp;TD z4Qk7)4;Toc5>qDk!i6ROB?KAPP7z?5pq;C|zXI}I1#OuHpdTi8(d6zP-vSFP=2-_w zfHz2G-_Wy;6#4LR4tkX70J&flW%oZy97_RY+ovD|iQ&6%JF%=KTmmb9cG>`tV_KhR z)fenM!}dV8MpiA_r4hL88aEtqWi+y5I{xexNs+$wQDYjN7?n`g-9{_nWJD;^mb!F= zy}Fx3JJCv2dG-7AtZ~|x!|`8$L0)KIfIAwqSQE<%t~KH!!Z0aPz@eu{&g4=_re3@n z3S3UZG~pj1x4|)Yc~en;uGj@?z7r)Y)s3e#(gLH#ugq!VIJ$YMVQjrwI_}uFV^M<_ z!HV}_I`b-i?Vo#{?*I4QG2689?Y_46C z?L1q%cGM0QD@!&SMKhY;`$0h%LxkOzG;~~Fbv(@Ze3gUg!_13+W*H-xMR7?huD24^ zFcC8_+?vFNdu(RnHK_hw5Qqu$Ng+~~FA{+M?)xho8Ry%MS~qP;dil@|HftA0G+^e@ zj|34-I#}9b5#gG&ZD1;%z*mcT0gkrLTw9rbiA?$x08>lu$M>1BJJKe=rH|#zHo0Mp zQG?>GFg`FLFbM`Z1uG5%0vZJX1QaHJqxW__AP&me^IZ8|W{a`e*uDf5yj!_<;1l@v UFg==a=pa&g6}MA_0s{etppR(;b^rhX diff --git a/tests/fixtures/ssl/client2.certificate.intermediate.pem b/tests/fixtures/ssl/client2.certificate.intermediate.pem new file mode 100644 index 0000000000..01b3d50e65 --- /dev/null +++ b/tests/fixtures/ssl/client2.certificate.intermediate.pem @@ -0,0 +1,164 @@ +Bag Attributes + friendlyName: client2 + localKeyID: 54 69 6D 65 20 31 37 33 33 33 31 33 34 37 36 38 33 37 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCo0Z0I6+Eg+7LI +KUZYwQ24QokKAP6VGV+ZdfTZUjB92/IWMF3AoIW90LZlEFl3ja+89D3DTMec7ElK +g3N6DE4QhEcsDoGb2v4XjlhSYVbhdyyVLie5i8Nrhik++0J1OL971T1Y/RP2bJVT +yNKmsCJTiT70kCuHYY406Rmsk7fbCRop8dcNe7Y5HhoAsLkJvF2ShgHRQy9YixyK +tlWgMHu62i+pU7mTDD32FAVBp5ktFciHQG8IbKcT26oXwXty1L5qycb3ss97dzuE +l6Qm9xZ5S9M9wC1iVP1wzbspSCcr+G9sUtVCu46HIBXuhc9iuC94vSaaQulUgNRC +HHZI3qckQH8jVKvJjQpy3ukmvRLjUWRRzYiCSxgbQpw7bFnoDwnJzaLeselo7/1G +uA+i69XdS4A3cWcHoj5s9rttQ00gOL4PaLn2QEFB2sZs0iCqjE44jGOOMay/ho6v +k7Dbc9M9/5dFV1BkPmiP7+9TsGBPPZksmkbEmQnqRZhvMRahCpcCAwEAAQKCAYAa +AF79dscv+1Rn++N33BQu4yCUR97uPAA7dK2Ho18Qo4W/4ScvegnfWHwfSMte3JXK +tpukrvi3tLT9Iw3wKGEFrjoAESPpS2uDWUtFNPTauS5Gs9suetZYg0trBewQffMQ +MaHHSQOAGu1NAEthnRNMZoEpzeLGcUIj6BsqN35D4D0FZNhInVtNpNNAc/esBjUr +UjSJdJ2gN5znyHmbuJv2BZD9tYWJnoMUmbTNjfDLvuUp38S6OXHqXxTtn8FRyG5j +OoW14dDLQBI8ok67/3+GLCsMq3Fs9mrFkVs7LpjjYVHuVH+rvsIZT2XKzYqo2Cpa +f92WIqRImudvPE+bbRHSru9biQGTJcA8roigtgygtY3pWW+I2CDHHdLxKiqP/63W +cjbuoz1EEPEmJbR6sLQcEV+KeySf/YWwjVHFtujuJiF9nE3p8OalBQqkJc6UPeC1 +IG1i5pHfQgYShAT5WL/Guh6uYaiaem1isVWXD8Fwb4DYuvTqE+y7oy7EHy/HsuEC +gcEAui84T7Qgep1AnrxtiUGgN3jTajtnyzMuzzenAfghInIQOr7USCh2FoAp7Wek +78GQZ7Y/vPWy5wcXwnDW6R2jmh3hoZZ4jYsiYgYXLPQdu0F7jIC7rkatZQt8RD5r +egF7RoCRM5D+3B8CKkPVmK/daxtwiFxaq7u0srklF9jwiAVMgsN7Epue/+hTTXXV +7oUHbh6qDYBwOWK2b+ojd89DNX45RYVHBgZX2F5IchNtdP50Xw0OajVUdEq3eiu6 +q3G5AoHBAOgfYKPY+qfCdR92zCPqock2Vcfj+hQeNmlHvekUXw6XiKS1eyoxWxan +jZp4kXVGlNqyZRBSyBKznEkzPCqHNVsldGi6KjOnvHvNecmHsZLuaoxntjLT1Wbe +dY+tDPYJJd4lHWol1rwixEByIZTUrYIgwLYqhuCjsWQjQPC2bh4vSxuWsz314KYv +H40dOXzD12CKXsakB17VCbCr2QiaCNGGJnHWbK477HjoVKYhoLoQciZfehBp7V5y +UldS3ePGzwKBwQCqFzl6lzSUz9SZL8th+XJFOzzpcBwCp1+8LzuDsQuUTGBHSs7k +nRJEvBGRsX4dCtjB5t2T42LtbK1oFW5AybMMuP/If47iwJlItAe4Kcx/pfMZCQJs +1GTUSwnbzqqha3kTj6EXWv96WVnBAve/5eqCTy8fZD/xZCpQnJQmlSopGa4sSCnH +diRr5fM0cNJgdWe0Uo9Ihm3//w5sb5q3ecIMvKPVv0yDVIgsQvYsQVNd7pihvWvN +26qsExZLpmeC+QECgcBYooqjZhoobv+MOS+wU0rd62qL/oiin/rE7skctFOr3b8m +rcnPDbOrjeVrY7ifYIk8jTw8JHATfBQke3TxBFoiaMXvq46r1NQLLiXgB3mOEo4K ++RtAg1UMh8u6RikZ1dpo3iFCRBqgEmJ//VTHYQK0Gs+bf9eq9bap9zA3+mFIE2UJ +rtzYvwe+TWYt20f1VU7rpUqVbVMHKjAeDzC7sR3G7APIGkm7qlQcwxJ3sYWPJvJ/ +ppuUou4pz1uTzqe9708CgcA7+3t4oy231Lkh7RDlqGX10w/xRAC9NrSBow4zF6s0 +miY7V1iD1PNypU/CRJFkmwCtlTNyw85w6Euswf14MpUi/xiP/0SHYacVGuVSD53k +o5wT6KoZrir+aGqGzdJF654QjWEaRF+bROJ0j3+ue1vtuGoZUwLVawx/I+cLAsYN +e+PrzU4lYqAtMYAVplKoc13DQNAB5m3Jgxpsb8L59o92vmJE0YLoZo3l+OegzzxP +LBSPxBkpIqozznSGTYiogWw= +-----END PRIVATE KEY----- +Bag Attributes + friendlyName: client2 + localKeyID: 54 69 6D 65 20 31 37 33 33 33 31 33 34 37 36 38 33 37 +subject=C=, ST=, L=, O=, OU=, CN=client2 +issuer=CN=caintermediate +-----BEGIN CERTIFICATE----- +MIID0zCCArugAwIBAgIUaXdx9iYazREKuUbJXVVy6R2gZmswDQYJKoZIhvcNAQEL +BQAwGTEXMBUGA1UEAwwOY2FpbnRlcm1lZGlhdGUwIBcNMjQxMjA0MTE1NzU1WhgP +MjA1MjA0MjAxMTU3NTVaMEkxCTAHBgNVBAYTADEJMAcGA1UECBMAMQkwBwYDVQQH +EwAxCTAHBgNVBAoTADEJMAcGA1UECxMAMRAwDgYDVQQDEwdjbGllbnQyMIIBojAN +BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAqNGdCOvhIPuyyClGWMENuEKJCgD+ +lRlfmXX02VIwfdvyFjBdwKCFvdC2ZRBZd42vvPQ9w0zHnOxJSoNzegxOEIRHLA6B +m9r+F45YUmFW4XcslS4nuYvDa4YpPvtCdTi/e9U9WP0T9myVU8jSprAiU4k+9JAr +h2GONOkZrJO32wkaKfHXDXu2OR4aALC5CbxdkoYB0UMvWIscirZVoDB7utovqVO5 +kww99hQFQaeZLRXIh0BvCGynE9uqF8F7ctS+asnG97LPe3c7hJekJvcWeUvTPcAt +YlT9cM27KUgnK/hvbFLVQruOhyAV7oXPYrgveL0mmkLpVIDUQhx2SN6nJEB/I1Sr +yY0Kct7pJr0S41FkUc2IgksYG0KcO2xZ6A8Jyc2i3rHpaO/9RrgPouvV3UuAN3Fn +B6I+bPa7bUNNIDi+D2i59kBBQdrGbNIgqoxOOIxjjjGsv4aOr5Ow23PTPf+XRVdQ +ZD5oj+/vU7BgTz2ZLJpGxJkJ6kWYbzEWoQqXAgMBAAGjYTBfMB0GA1UdEQQWMBSC +B2NsaWVudDKCCWxvY2FsaG9zdDAdBgNVHQ4EFgQUNsiHu/eshWQx9TQZHk4CZ9zK +IE8wHwYDVR0jBBgwFoAUfSp9jMlM72R4ajcZ5lBWJYu1N+4wDQYJKoZIhvcNAQEL +BQADggEBAGh+Vux598cdsLeNxyJykhjzIBLLj6QpoxWyUb+oGkxijhASs7x29wvS +ufqZxgZDMvMQWXuHqwZiUmMKk1mvgzrZsDgW5GYpiWp8dLSo5Q8oM4wGsKGiUmWD +CdLjlZUBXO3dN2VecgTQYFtdQnTsDnHl+fKtDq4cWmWIQYPqezd25KxkfcLIDv8o +a06ns5/+2ZUp/DgRebXH2NKxYGZ9bzK5RJcDj89dneJwuv/K2t3683yaE7m/oYi4 +7QHpp89w2EA3ukRvxfl0ngCfNaLddhbN+8Hhn9uTFNfrZHAA6P22Foqxbr1gtUXc +rNO6sEZtDsysWeYEKcAg6hHsD6cC+cI= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: CN=caintermediate +subject=CN=caintermediate +issuer=CN=caroot +-----BEGIN CERTIFICATE----- +MIIC+jCCAeKgAwIBAgIUPvXNZab/lnU3e8tFj6DRuV8GrQswDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAwwGY2Fyb290MB4XDTI0MTIwNDExNTc0N1oXDTM0MTIwMjEx +NTc0N1owGTEXMBUGA1UEAwwOY2FpbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCf3H2lEl7OETsKZGohPdAo1xPPYITiaCF5Rfp86iDE +VSDPm0/KgeWP9F1RPvbNca45tI+ItN5TF3VkGzDHFlBHWQCHbl25+T5ijofzdetV +mp16T9Tmzr+tu2unYXLCZog9+dvoU6hiZ8QcugfLkdrTXfNdcCVBuW8S7bfTqWXo +mLMLLClztm5iCgHXFBZvM2SSvy7aOqH+1tIsW5HJHR25mkPkzVN8wf04iydtgKzM +2e08zQmr8eAAAXeWM3PlRzIOHbOr2RMCLuzopneSciVUE+d4V932lVvVTy6kEp8G +LNYXoiDBK9PraahM654hFVo/d+dlbjwm4NdPSZotqmu9AgMBAAGjQjBAMB0GA1Ud +DgQWBBR9Kn2MyUzvZHhqNxnmUFYli7U37jAfBgNVHSMEGDAWgBRkSNeghqbLdJ1N +Ef3qZFh6Jn7D3TANBgkqhkiG9w0BAQsFAAOCAQEArRWXgp+9CzIpNNrRuH/FntKK +ugeMep3yWMKSsWDZNLns4A429IMDhI7VgN8wJklRYtNzT/5LI7K3M+gXZ3BEvWok +nF0lJABbNozdUnXb43cvmDXqNvWrQObWSwJZ18szsPu2kGoUt0I+qGNh+xUlmch1 +UjAOqTuH8O1sjERZnEJF3u6B+FGRQPOYE3jlbrN3lnEYtl5UoNBlcIuDb6PdUEXj +mFoB3AHv7SqJZ6vr4bKzr7Q5S5PPIHVFjoPVl+9tnTtgo3j2qTzXQGAqRekxXzgB +liTpfTMbuo9f59OqhJlJN/9E70jnZedgzTQwUwIymRCp1R0Pvk7MC8SnsKmsfg== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: CN=caroot +subject=CN=caroot +issuer=CN=caroot +-----BEGIN CERTIFICATE----- +MIIDAzCCAeugAwIBAgIUQnsrjUY6ivNUiaP2jxlc5hMZ9/8wDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAwwGY2Fyb290MB4XDTI0MTIwNDExNTc0N1oXDTI1MDEwMzEx +NTc0N1owETEPMA0GA1UEAwwGY2Fyb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEA11gst6JfS4dEFU3b7Z08ZEq4zWQrIAHeIOb7D/e168NWlhOWHHiC +AiSC6ngbHey1czYM8QtFC9fSNHwFFiBHgNBIZZAuaizYTdFoDThifTSKES4XXZVz +G4smRSHp6RUkuZYsBvmfvycXqyMyumkAYMysZiqikj1QUzF6tKpZgb99euTXWbXs +jcFBEAtbHFyOSmCuxD7EZ/b6p8xWlzgALcdrjmLEXUaeocpMhNZf6pb+Kuo0a2yd +NTbiGZPNniVxZJL5xbgPGCiw5yPQCzHxsTgC2bQsITo8piAfyEVPyrbxoNTUEt+R +1nTCScdI7e+4y39c0FLZUOwBCG41N5oVPwIDAQABo1MwUTAdBgNVHQ4EFgQUZEjX +oIamy3SdTRH96mRYeiZ+w90wHwYDVR0jBBgwFoAUZEjXoIamy3SdTRH96mRYeiZ+ +w90wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAU0CuLVGTkYmu +CsJZC/+IwWFujQW+IxNP8w8t1kYN6SFk43lIG4s26byjM3JYsVCeVEVxIcgzmZHV +aa65ZFNnCWBeQJIeEoMPiyDY9Y3MBcDiffas54FFQsgSinikTUaBINifWgAazVuq +9LlRcCGqff6LiguGp10y669vtVcM/JtLarQVCBdEkeEylrJbd0v0ips/lCF+l/PW +yBIOESz3igyJYPqU6k47srp4uv+7J/5JwH3IpAYXdBRa2zu2bs+HJMxAaRnFtfFa +Rj8vXlxfFbqYZbyAdB0KwRapmqnk+PNkSPo4qEIQals8nF/H9htX6wRzRSKLaNti +FBv9wIA5Jw== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: caroot + Trusted key usage (Oracle): Any Extended Key Usage (2.5.29.37.0) +subject=CN=caroot +issuer=CN=caroot +-----BEGIN CERTIFICATE----- +MIIDAzCCAeugAwIBAgIUQnsrjUY6ivNUiaP2jxlc5hMZ9/8wDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAwwGY2Fyb290MB4XDTI0MTIwNDExNTc0N1oXDTI1MDEwMzEx +NTc0N1owETEPMA0GA1UEAwwGY2Fyb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEA11gst6JfS4dEFU3b7Z08ZEq4zWQrIAHeIOb7D/e168NWlhOWHHiC +AiSC6ngbHey1czYM8QtFC9fSNHwFFiBHgNBIZZAuaizYTdFoDThifTSKES4XXZVz +G4smRSHp6RUkuZYsBvmfvycXqyMyumkAYMysZiqikj1QUzF6tKpZgb99euTXWbXs +jcFBEAtbHFyOSmCuxD7EZ/b6p8xWlzgALcdrjmLEXUaeocpMhNZf6pb+Kuo0a2yd +NTbiGZPNniVxZJL5xbgPGCiw5yPQCzHxsTgC2bQsITo8piAfyEVPyrbxoNTUEt+R +1nTCScdI7e+4y39c0FLZUOwBCG41N5oVPwIDAQABo1MwUTAdBgNVHQ4EFgQUZEjX +oIamy3SdTRH96mRYeiZ+w90wHwYDVR0jBBgwFoAUZEjXoIamy3SdTRH96mRYeiZ+ +w90wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAU0CuLVGTkYmu +CsJZC/+IwWFujQW+IxNP8w8t1kYN6SFk43lIG4s26byjM3JYsVCeVEVxIcgzmZHV +aa65ZFNnCWBeQJIeEoMPiyDY9Y3MBcDiffas54FFQsgSinikTUaBINifWgAazVuq +9LlRcCGqff6LiguGp10y669vtVcM/JtLarQVCBdEkeEylrJbd0v0ips/lCF+l/PW +yBIOESz3igyJYPqU6k47srp4uv+7J/5JwH3IpAYXdBRa2zu2bs+HJMxAaRnFtfFa +Rj8vXlxfFbqYZbyAdB0KwRapmqnk+PNkSPo4qEIQals8nF/H9htX6wRzRSKLaNti +FBv9wIA5Jw== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: caintermediate + Trusted key usage (Oracle): Any Extended Key Usage (2.5.29.37.0) +subject=CN=caintermediate +issuer=CN=caroot +-----BEGIN CERTIFICATE----- +MIIC+jCCAeKgAwIBAgIUPvXNZab/lnU3e8tFj6DRuV8GrQswDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAwwGY2Fyb290MB4XDTI0MTIwNDExNTc0N1oXDTM0MTIwMjEx +NTc0N1owGTEXMBUGA1UEAwwOY2FpbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCf3H2lEl7OETsKZGohPdAo1xPPYITiaCF5Rfp86iDE +VSDPm0/KgeWP9F1RPvbNca45tI+ItN5TF3VkGzDHFlBHWQCHbl25+T5ijofzdetV +mp16T9Tmzr+tu2unYXLCZog9+dvoU6hiZ8QcugfLkdrTXfNdcCVBuW8S7bfTqWXo +mLMLLClztm5iCgHXFBZvM2SSvy7aOqH+1tIsW5HJHR25mkPkzVN8wf04iydtgKzM +2e08zQmr8eAAAXeWM3PlRzIOHbOr2RMCLuzopneSciVUE+d4V932lVvVTy6kEp8G +LNYXoiDBK9PraahM654hFVo/d+dlbjwm4NdPSZotqmu9AgMBAAGjQjBAMB0GA1Ud +DgQWBBR9Kn2MyUzvZHhqNxnmUFYli7U37jAfBgNVHSMEGDAWgBRkSNeghqbLdJ1N +Ef3qZFh6Jn7D3TANBgkqhkiG9w0BAQsFAAOCAQEArRWXgp+9CzIpNNrRuH/FntKK +ugeMep3yWMKSsWDZNLns4A429IMDhI7VgN8wJklRYtNzT/5LI7K3M+gXZ3BEvWok +nF0lJABbNozdUnXb43cvmDXqNvWrQObWSwJZ18szsPu2kGoUt0I+qGNh+xUlmch1 +UjAOqTuH8O1sjERZnEJF3u6B+FGRQPOYE3jlbrN3lnEYtl5UoNBlcIuDb6PdUEXj +mFoB3AHv7SqJZ6vr4bKzr7Q5S5PPIHVFjoPVl+9tnTtgo3j2qTzXQGAqRekxXzgB +liTpfTMbuo9f59OqhJlJN/9E70jnZedgzTQwUwIymRCp1R0Pvk7MC8SnsKmsfg== +-----END CERTIFICATE----- diff --git a/tests/fixtures/ssl/client2.certificate.pem b/tests/fixtures/ssl/client2.certificate.pem index 34a1da4088..3a20f88f51 100644 --- a/tests/fixtures/ssl/client2.certificate.pem +++ b/tests/fixtures/ssl/client2.certificate.pem @@ -1,109 +1,119 @@ Bag Attributes friendlyName: client2 - localKeyID: 54 69 6D 65 20 31 36 36 35 31 35 35 35 36 34 38 38 32 + localKeyID: 54 69 6D 65 20 31 37 33 33 33 31 33 34 37 39 37 36 30 Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDMrI+QK7Q6L9TU -cVjEbl4sMu3KhXgs71JNgQl8joFPVjb3PZF6YHegZo0FAOU1F6lysD3NNnI21HIz -LbCe6BJRogNFKtcFvWS6uQok1HperDO/DVQkH9ARAcvlxE/I6dPbb1YCi7EMHrjM -Dle+NXWV3nKCe7BcMkETkki5Bj5fNA5oa/pmS0gSS/HXnB8rxyFv4mB/R+oGC1wO -WOvgn6ip5bKdjMEEnyqYsDCH8w3xYkKlZ6Ag5w1yxnr6D41J64Go2R62MuLrScVr -+4CM+XJl3Y08+emlCz5m5wuh6A31bp7MFY+f3Gs9AI5qiN3tyjZ//EzoIrfb68tQ -td+UvT4fAgMBAAECggEALoLkWQHlgfeOqPxdDL57/hVQvl4YUjXMgTpamoiT0CCq -ewLtxV6YsMW9NC7g53DKG/r7AGBoEhezH/g5E9NvHkfv8E7s8Cv68QfNy1LRwCPn -2nm/7jmggczjtgInk2O3tj0V0ZxHDpcIra5wuBPT9cvIP+i1yi3NZhIvHoTRtbZp -lWelovML6SGcbmYDZHWwL8C/quX2/Vp72dJa7ySatlJCe8lcdolazUAhe6W3FGf2 -DojupWddAbwcogQsjQ0WNgtIov5JDF1vHjLkw0uCvh24P+DYBA0JjHybLTR70Ypp -POwCV5O96JntWfcXYivi4LQrSDFCIDyDwwrbkIkdoQKBgQDuNesfC7C0LJikB+I1 -UgrDJiu4lFVoXwbaWRRuZD58j0mDGeTY9gZzBJ7pJgv3qJbfk1iwpUU25R2Np946 -h63EqpSSoP/TnMBePUBjnu+C5iXxk2KPjNb9Xu8m4Q8tgYvYf5IJ7iLllY2uiT6B -e+0EGAEPvP1HLbPP22IUMsG6jwKBgQDb9X6fHMeHtP6Du+qhqiMmLK6R2lB7cQ1j -2FSDySekabucaFhDpK3n2klw2MfF2oZHMrxAfYFySV1kGMil4dvFox8mGBJHc/d5 -lNXGNOfQbVV8P1NRjaPwjyAAgAPZfZgFr+6s+pawMRGnGw5Y6p03sLnD5FWU9Wfa -vM6RLE5LcQJ/FHiNvB1FEjbC51XGGs7yHdMp7rLQpCeGbz04hEQZGps1tg6DnCGI -bFn5Tg/291GFpbED7ipFyHHoGERU1LLUPBJssi0jzwupfG/HGMiPzK/6ksgXsD5q -O1vtMWol48M+QVy1MCVG2nP/uQASXw5HUBLABJo5KeTDjxlLVHEINQKBgAe54c64 -9hFAPEhoS1+OWFm47BDXeEg9ulitepp+cFQIGrzttVv65tjkA/xgwPOkL19E2vPw -9KENDqi7biDVhCC3EBsIcWvtGN4+ahviM9pQXNZWaxjMPtvuSxN5a6kyDir0+Q8+ -ZhieQJ58Bs78vrT8EipdVNw8mn9GboMO6VkhAoGBAJ+NUvcO3nIVJOCEG3qnweHA -zqa4JyxFonljwsUFKCIHoiKYlp0KW4wTJJIkTKvLYcRY6kMzP/H1Ja9GqdVnf8ou -tJOe793M+HkYUMTxscYGoCXXtsWKN2ZOv8aVBA7RvpJS8gE6ApScUrjeM76h20CS -xxqrrSc37NSjuiaTyOTG +MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQCVskjej87ZdB19 +nN5wGmLmU2ZJvy2kpkPe6DiOpt1Ygg+ZWoqLyCCMW9OKlODxr3MbJ77xwiLZ2VMz +bYGQOaermvTtola3FX9pAPRg4tGiZ1yUp746+FFy5iN8bNfOpdOzZei9Livh36e0 +ss9TmogCR1xX2FfnZOfToF9CAalGG6p4AOkzEr/gks48OeBpbvV2p50UYO6jU7QU +MkqOCtRFHouGJdlu9/3ybhHYbA5mR5n1pKOZanBqEjaOBmmWAVBq3PtixvPM9A6Y +yiNnSk3vRdVuzCh7fLf0+oJD3I58GvMsr2L80iT3d4fnbc1mA2uKtmO5NUzt6iwA +pMsjxyjzkpSrRfOl/y6KwMXQ+U4uKIpOH3J7xaWbyFGOx1yaOUKK72Cd/Iv5/833 +6n7cS7bt70IvoaD/mLp9sMIbzVG0MYMMM291bCa/JPiqvTUkSpdIBif/Jhm7w7e2 +NWJ5KRuJDhgcXCLJ7F/N6bCGDLqTq4duF4wmjbCd733ELVjaCNcCAwEAAQKCAYAn +VK9monwjkCmLbmLXK2eewnzWlX9lijW85GCvwlHXxlxY23wZW9yJZDsBZzpu5b0l +flzh4jML79i3Y2cuQKe4I7+EjCmicuiF6zVKG24e8G9Xs3b8wW+M88CRGXveFJ25 +veXXhsEK2JuUk4J7oddoWd1+Sx5VcqKibLl6eztBa1VvsDWVMLDvTUMYedBngzrF +ESbpSsqIaR6gS9Jg3aGGA49/EIS/bjLvtlHD/igOYXOnIbnGPjwI8n4Y9MBbJD7Y +5RZ7RsapQifk/tB3KWpsViEKqF9d7/7NZJboc81UInrnNL35/Eaz8/G6m0ba6gZc +JH/InOX73IyKhJUnMcmcZWq6Wrxod1+Cuc32axPqp0ThAYQVVmT0og1nmdZuyB7k +8thzvMZbaG56tHqI+mrkGjyTpb1Kmc1fXJJ7zTN/g+9i3xiCEaZ6tNL22BLZXuNK +Uoa4CDWU/emWDuPuslqqR6ixadBA5r2OV4q1P4NiDFOqSVDk0WkpSeBJMHKlk/EC +gcEAwbbMY7jlMz+kJtYWW/EY4k7XKE46mRmb4uWCbD86GmAlvlw/rfB7LO87wNBC +mbMhqhzRaV8Ktp5/WWIPA7+u9QjLquJCLncFypvMbhlKip4i1euL7v+5LgKNVbVD +46LBHeSZUSeYt0vAbkaJoR9P1lEwTxVsX+QCaz6preVV02SPDm9YSBa0cGgujzCI +Ls/Xe4N/8Ml2HpvMFWQxOlIaxzBeHL6mFD0BxaoYxvR/9T3VTYStUIpBqATDTUxh +IwyZAoHBAMXUQlkd/uZoaXJfulpPea6Izlx5d/tnRr+2HJ/tDSN7sLJ3g/bobrhP +cxwedurtW4W323jgG1dyFeXhQUAN4yISFjIogpKMi53bEs5V1SNOtD18ZGdcI2wq +r2YlDUVlGzoj7ZMiy0PKsow6Xeet7bU5Sghbi7nuMkdfxC+HFtoDwWLIN87wXtdK +AQR5k2Frg+kHURbHH9teRER4IywaURNsXSLjQ6sKRid0EtYAef1j5wuzR0qoXx3V +xZWKAuE27wKBwB+b+oITO6M/MUP9Dyz1jH/xKX60NS+iVCOUG9IaBxsisUX8u49g +fFj6uJ9f3F5EMqwVg75T+eWOu20UaSrNbnkhdEpwHSiD13gWMCePDPDNmRWbF/xp +0gfF9tYTe/57IlQEZ1gsw+i0/bOA4xhdiaOJH/7nmgWTqSli0kFD+NtDv2w1kwxA +WDU3atGGs9IfrCPFc20REqsv9P9QmA/SMfhq1hCOs3797XoZpW1hnDeiXVoG2lkY +FlqaXFwSqI8VkQKBwGY9UqTX+bp+T7DKhHbUCCEJlwz3weht8YR2y8hjLJ0f+avi +VJMwgLhEZ0sq+25iiSBMauLHf5nr3iFWDvDZvH8JNetqQEEY3bcRV2DHv0VmEYSN +Wx6H4c6vKMLzdy5cGHwtwUR/gOliQnByYcGwg99a4kX7efT3g4ibl7qwaED4G+O/ +cghC9eDx4CC97Es204+FNoU9F9u5ljKEnDjYyPnu0RuMtJYa0zLkrC9pQ6KPFQNY +/gk5hx7WMi0cjGx0hQKBwFV15/WCJDjeu6tJFz1AKv08XlyQqvBeVnhED0WgJ9Ic +q4HiqLo8CparDDjZwT7hBC+pFCE1f5jsW/XusLXGhalM3L4Nizs5B49EYEZ5k8R9 +U6W3rtB4ZCnR6V8b7aolI60kAwV9H6oKx5h9E31dLmHUBL68T5Fh9/MTsZjBAbh/ +gpVJ6/r68jLasMaoZ7VXQZgnz3TjvLUB4I5rnPJ3ivYcfsG2Xg/81+3tM5xQCVcr +M9bGsP4leEcDVns2LBOwQg== -----END PRIVATE KEY----- Bag Attributes friendlyName: client2 - localKeyID: 54 69 6D 65 20 31 36 36 35 31 35 35 35 36 34 38 38 32 -subject=C = , ST = , L = , O = , OU = , CN = client2 - -issuer=CN = caroot - + localKeyID: 54 69 6D 65 20 31 37 33 33 33 31 33 34 37 39 37 36 30 +subject=C=, ST=, L=, O=, OU=, CN=client2 +issuer=CN=caroot -----BEGIN CERTIFICATE----- -MIIDCzCCAfOgAwIBAgIUIRg5w7eGA6xivHxzAmzh2PLUJq8wDQYJKoZIhvcNAQEL -BQAwETEPMA0GA1UEAwwGY2Fyb290MCAXDTIyMTAwNzE1MTI0NFoYDzIwNTAwMjIx -MTUxMjQ0WjBJMQkwBwYDVQQGEwAxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYD -VQQKEwAxCTAHBgNVBAsTADEQMA4GA1UEAxMHY2xpZW50MjCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAMysj5ArtDov1NRxWMRuXiwy7cqFeCzvUk2BCXyO -gU9WNvc9kXpgd6BmjQUA5TUXqXKwPc02cjbUcjMtsJ7oElGiA0Uq1wW9ZLq5CiTU -el6sM78NVCQf0BEBy+XET8jp09tvVgKLsQweuMwOV741dZXecoJ7sFwyQROSSLkG -Pl80Dmhr+mZLSBJL8decHyvHIW/iYH9H6gYLXA5Y6+CfqKnlsp2MwQSfKpiwMIfz -DfFiQqVnoCDnDXLGevoPjUnrgajZHrYy4utJxWv7gIz5cmXdjTz56aULPmbnC6Ho -DfVunswVj5/caz0AjmqI3e3KNn/8TOgit9vry1C135S9Ph8CAwEAAaMhMB8wHQYD -VR0RBBYwFIIHY2xpZW50MoIJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBAQBd -d5Sl51/aLcCnc5vo2h2fyNQIVbZGbgEyWRbYdHv5a4X7JxUalipvRhXTpYLQ+0R5 -Fzgl5Mwo6dUpJjtzwXZUOAt59WhqVV5+TMe8eDHBl+lKM/YUgZ+kOlGMExEaygrh -cG+/rVZLAgcC+HnHNaIo2guyn6RqFtBMzkRmjhH96AcygbsN5OFHY0NOzGV9WTDJ -+A9dlJIy2bEU/yYpXerdXp9lM8fKaPc0JDYwwESMS7ND70dcpGmrRa9pSTSDPUaK -KSzzOyK+8E5mzcqEbUCrlpz0sklNYDNMIn48Qjkz52Kv8XHvcYS1gv0XvQZtIH3M -x6X3/J+ivx6L72BOm+ar +MIIDyzCCArOgAwIBAgIUUbWK5b6mHYw5fYO0YDFYKosYW8kwDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAwwGY2Fyb290MCAXDTI0MTIwNDExNTc1OVoYDzIwNTIwNDIw +MTE1NzU5WjBJMQkwBwYDVQQGEwAxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYD +VQQKEwAxCTAHBgNVBAsTADEQMA4GA1UEAxMHY2xpZW50MjCCAaIwDQYJKoZIhvcN +AQEBBQADggGPADCCAYoCggGBAJWySN6Pztl0HX2c3nAaYuZTZkm/LaSmQ97oOI6m +3ViCD5laiovIIIxb04qU4PGvcxsnvvHCItnZUzNtgZA5p6ua9O2iVrcVf2kA9GDi +0aJnXJSnvjr4UXLmI3xs186l07Nl6L0uK+Hfp7Syz1OaiAJHXFfYV+dk59OgX0IB +qUYbqngA6TMSv+CSzjw54Glu9XannRRg7qNTtBQySo4K1EUei4Yl2W73/fJuEdhs +DmZHmfWko5lqcGoSNo4GaZYBUGrc+2LG88z0DpjKI2dKTe9F1W7MKHt8t/T6gkPc +jnwa8yyvYvzSJPd3h+dtzWYDa4q2Y7k1TO3qLACkyyPHKPOSlKtF86X/LorAxdD5 +Ti4oik4fcnvFpZvIUY7HXJo5QorvYJ38i/n/zffqftxLtu3vQi+hoP+Yun2wwhvN +UbQxgwwzb3VsJr8k+Kq9NSRKl0gGJ/8mGbvDt7Y1YnkpG4kOGBxcIsnsX83psIYM +upOrh24XjCaNsJ3vfcQtWNoI1wIDAQABo2EwXzAdBgNVHREEFjAUggdjbGllbnQy +gglsb2NhbGhvc3QwHQYDVR0OBBYEFNUDOyWJOfix/45DT/6O/dpEkxhQMB8GA1Ud +IwQYMBaAFGRI16CGpst0nU0R/epkWHomfsPdMA0GCSqGSIb3DQEBCwUAA4IBAQBA +PU8vHHPmmMpW8Q/GPpcvo0ICSRMfLYzfm7OCA4xEN0hg3gLPDsOJ2Hya2cuv3KWS +rTmquarYE5Niu8js/2k3SV2b3+kQqmr5OoXPJL/Rw1wMSpMt7/1O9ql1QmpfISJH +bUtzBxYZOAAtgAdVHdjsPM72s7G3CG0PUuNGf3iocSB7qcRLjDOSmamvpTu410BG +I9IsGSE3AkAborkH1neW6yPg9HUXs2nkv7XhQtfT3Bp2t3lIuVcTpHEsyCp2kM0o +UZDlJUtVbz3aT9mzylrzoqAahCFkIhzTrtyHtVfLpTvHuxBU21yJQLc5n2WAIM3Y +FkySoZU7F5EtaVRmLQn6 -----END CERTIFICATE----- Bag Attributes friendlyName: CN=caroot -subject=CN = caroot - -issuer=CN = caroot - +subject=CN=caroot +issuer=CN=caroot -----BEGIN CERTIFICATE----- -MIIDAzCCAeugAwIBAgIUPj85Dz0tuzZERfolrR54arwFPSIwDQYJKoZIhvcNAQEL -BQAwETEPMA0GA1UEAwwGY2Fyb290MB4XDTIyMTAwNzE1MTI0MVoXDTMyMTAwNDE1 -MTI0MVowETEPMA0GA1UEAwwGY2Fyb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAxfb08Gd64ilCYePn821WJsnCC2/nEYxOHlBzT9tkx6edzpdsvIvj -FO6Weeyb2f1vv6eJsmBaZUdV2CfOHNIhBvw5IemzUaSiCr8688jHUS6uHCxBYCXk -daFDXKO+JhaPN/ys6wOC8SHYRRynIhp6QVNSBzoO/1WT/J3i58R8TErDi5txr+JA -xJd3mnAW4lDiqRLSVQFq3W4jvba3Dy2zK1l4NcShzlYgfsAd9cCi6b+T2mcz9Vl4 -B1qvsOfOMi8AmVTbS77oaxLczBpLyFIrzI5OPNmMw3A7uObgws9QTyYxUfYqc/0m -bO7bHPX0Iz+WPqrzTHZ+3k5QE/bfGIRnsQIDAQABo1MwUTAdBgNVHQ4EFgQUCgQH -18kzzHsk3KbdDB4g+94NL70wHwYDVR0jBBgwFoAUCgQH18kzzHsk3KbdDB4g+94N -L70wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAhKlj3zPuYaMF -UFROvAWeOXIdDIExbHd5qukYj5UStLhoVKe/1ZKMvdAICejMs51QSJ05d22KqeHn -KaTrq3al61rvufkNhrQo2B+qwM5dEV8qGVZGI/oSaWkk5W33FrKHqSUvwdi/saOc -MfQDUuyS7IznLMlR8g0ZcmIPO3cyHPXQhgk80SNJODqpkfgCgHAa1kDz9PmT7VMK -0f/6U3XEkdRdsvWyWDXMSBFx1m/pu9n7fnL8+6QLczyhoX0NhPnOICC3oSYVVuN7 -MOtCLIhwxsv5BlDFnOeBFxq+VKqZDH+z6587Wl0KQyxsJmuJKZ1kYR3XO7j5jw1e -QHIFE8+PTQ== +MIIDAzCCAeugAwIBAgIUQnsrjUY6ivNUiaP2jxlc5hMZ9/8wDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAwwGY2Fyb290MB4XDTI0MTIwNDExNTc0N1oXDTI1MDEwMzEx +NTc0N1owETEPMA0GA1UEAwwGY2Fyb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEA11gst6JfS4dEFU3b7Z08ZEq4zWQrIAHeIOb7D/e168NWlhOWHHiC +AiSC6ngbHey1czYM8QtFC9fSNHwFFiBHgNBIZZAuaizYTdFoDThifTSKES4XXZVz +G4smRSHp6RUkuZYsBvmfvycXqyMyumkAYMysZiqikj1QUzF6tKpZgb99euTXWbXs +jcFBEAtbHFyOSmCuxD7EZ/b6p8xWlzgALcdrjmLEXUaeocpMhNZf6pb+Kuo0a2yd +NTbiGZPNniVxZJL5xbgPGCiw5yPQCzHxsTgC2bQsITo8piAfyEVPyrbxoNTUEt+R +1nTCScdI7e+4y39c0FLZUOwBCG41N5oVPwIDAQABo1MwUTAdBgNVHQ4EFgQUZEjX +oIamy3SdTRH96mRYeiZ+w90wHwYDVR0jBBgwFoAUZEjXoIamy3SdTRH96mRYeiZ+ +w90wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAU0CuLVGTkYmu +CsJZC/+IwWFujQW+IxNP8w8t1kYN6SFk43lIG4s26byjM3JYsVCeVEVxIcgzmZHV +aa65ZFNnCWBeQJIeEoMPiyDY9Y3MBcDiffas54FFQsgSinikTUaBINifWgAazVuq +9LlRcCGqff6LiguGp10y669vtVcM/JtLarQVCBdEkeEylrJbd0v0ips/lCF+l/PW +yBIOESz3igyJYPqU6k47srp4uv+7J/5JwH3IpAYXdBRa2zu2bs+HJMxAaRnFtfFa +Rj8vXlxfFbqYZbyAdB0KwRapmqnk+PNkSPo4qEIQals8nF/H9htX6wRzRSKLaNti +FBv9wIA5Jw== -----END CERTIFICATE----- Bag Attributes friendlyName: caroot - 2.16.840.1.113894.746875.1.1: -subject=CN = caroot - -issuer=CN = caroot - + Trusted key usage (Oracle): Any Extended Key Usage (2.5.29.37.0) +subject=CN=caroot +issuer=CN=caroot -----BEGIN CERTIFICATE----- -MIIDAzCCAeugAwIBAgIUPj85Dz0tuzZERfolrR54arwFPSIwDQYJKoZIhvcNAQEL -BQAwETEPMA0GA1UEAwwGY2Fyb290MB4XDTIyMTAwNzE1MTI0MVoXDTMyMTAwNDE1 -MTI0MVowETEPMA0GA1UEAwwGY2Fyb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAxfb08Gd64ilCYePn821WJsnCC2/nEYxOHlBzT9tkx6edzpdsvIvj -FO6Weeyb2f1vv6eJsmBaZUdV2CfOHNIhBvw5IemzUaSiCr8688jHUS6uHCxBYCXk -daFDXKO+JhaPN/ys6wOC8SHYRRynIhp6QVNSBzoO/1WT/J3i58R8TErDi5txr+JA -xJd3mnAW4lDiqRLSVQFq3W4jvba3Dy2zK1l4NcShzlYgfsAd9cCi6b+T2mcz9Vl4 -B1qvsOfOMi8AmVTbS77oaxLczBpLyFIrzI5OPNmMw3A7uObgws9QTyYxUfYqc/0m -bO7bHPX0Iz+WPqrzTHZ+3k5QE/bfGIRnsQIDAQABo1MwUTAdBgNVHQ4EFgQUCgQH -18kzzHsk3KbdDB4g+94NL70wHwYDVR0jBBgwFoAUCgQH18kzzHsk3KbdDB4g+94N -L70wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAhKlj3zPuYaMF -UFROvAWeOXIdDIExbHd5qukYj5UStLhoVKe/1ZKMvdAICejMs51QSJ05d22KqeHn -KaTrq3al61rvufkNhrQo2B+qwM5dEV8qGVZGI/oSaWkk5W33FrKHqSUvwdi/saOc -MfQDUuyS7IznLMlR8g0ZcmIPO3cyHPXQhgk80SNJODqpkfgCgHAa1kDz9PmT7VMK -0f/6U3XEkdRdsvWyWDXMSBFx1m/pu9n7fnL8+6QLczyhoX0NhPnOICC3oSYVVuN7 -MOtCLIhwxsv5BlDFnOeBFxq+VKqZDH+z6587Wl0KQyxsJmuJKZ1kYR3XO7j5jw1e -QHIFE8+PTQ== +MIIDAzCCAeugAwIBAgIUQnsrjUY6ivNUiaP2jxlc5hMZ9/8wDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAwwGY2Fyb290MB4XDTI0MTIwNDExNTc0N1oXDTI1MDEwMzEx +NTc0N1owETEPMA0GA1UEAwwGY2Fyb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEA11gst6JfS4dEFU3b7Z08ZEq4zWQrIAHeIOb7D/e168NWlhOWHHiC +AiSC6ngbHey1czYM8QtFC9fSNHwFFiBHgNBIZZAuaizYTdFoDThifTSKES4XXZVz +G4smRSHp6RUkuZYsBvmfvycXqyMyumkAYMysZiqikj1QUzF6tKpZgb99euTXWbXs +jcFBEAtbHFyOSmCuxD7EZ/b6p8xWlzgALcdrjmLEXUaeocpMhNZf6pb+Kuo0a2yd +NTbiGZPNniVxZJL5xbgPGCiw5yPQCzHxsTgC2bQsITo8piAfyEVPyrbxoNTUEt+R +1nTCScdI7e+4y39c0FLZUOwBCG41N5oVPwIDAQABo1MwUTAdBgNVHQ4EFgQUZEjX +oIamy3SdTRH96mRYeiZ+w90wHwYDVR0jBBgwFoAUZEjXoIamy3SdTRH96mRYeiZ+ +w90wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAU0CuLVGTkYmu +CsJZC/+IwWFujQW+IxNP8w8t1kYN6SFk43lIG4s26byjM3JYsVCeVEVxIcgzmZHV +aa65ZFNnCWBeQJIeEoMPiyDY9Y3MBcDiffas54FFQsgSinikTUaBINifWgAazVuq +9LlRcCGqff6LiguGp10y669vtVcM/JtLarQVCBdEkeEylrJbd0v0ips/lCF+l/PW +yBIOESz3igyJYPqU6k47srp4uv+7J/5JwH3IpAYXdBRa2zu2bs+HJMxAaRnFtfFa +Rj8vXlxfFbqYZbyAdB0KwRapmqnk+PNkSPo4qEIQals8nF/H9htX6wRzRSKLaNti +FBv9wIA5Jw== -----END CERTIFICATE----- diff --git a/tests/fixtures/ssl/client2.intermediate.key b/tests/fixtures/ssl/client2.intermediate.key new file mode 100644 index 0000000000..32c9855ba5 --- /dev/null +++ b/tests/fixtures/ssl/client2.intermediate.key @@ -0,0 +1,46 @@ +Bag Attributes + friendlyName: client2 + localKeyID: 54 69 6D 65 20 31 37 33 33 33 31 33 34 37 36 38 33 37 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIHdTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQUd5hUL36O3i3TZcK +0Ocu5wICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC98P0asjeI1vKh1 +s5yd3CgEggcQ10QpW1V+ILH84I49SFpErCohDZmqmjn7PS7yyoruYyy3BJeedQLn +Ouxp2fZARjzZZ0jWVS1kfMJt+8mnQe1Q9k0F1+M3bQpDBiIDq6Bs4L6jxfSgE6sC +tsnI0GaTBnzSzu8T3ObKsLEVGanD3hM+F09G7Eu3tCjHEJsYuwhmyVx9FaTYepsC +Aa5+Glgvw+fWJ3tgAkRxZQYIaKIqB5ntLHue7RLdCFV1ZrXXkpJb5E8wRYgUp6dm +6H/o1W+kx1XWRlrQHA018BaLst6/isxrftpzt08xDSkn4YQI5md0lz8O3rxd8rPZ +GYhsz+Ph17UmS5GFTQD77JgfZ/ItjrnED/W9hDw9KJvQXATvkLbhHuSqkWbJASV1 +pC49/1mDC6bXIGsbc8l/hA52CL329gEtW+AY2xcQK5Yx4/nH/frwFJfHT2Z49neF +84vg+rNj739B/XBGK4XcOoGD8Rn26hiOyxqsDTUOPrM9QzIYVGmP6HliAXMo8jOZ +Uv0x2RfLCNWl58jYrW7k0bLM7UVV2rOqRtOO4SFLii9ocazfZg2NWhAMT/6i9h3H +Dx7XzrtwVyK1ZEKfBbMxqH/UqEvAm6NpedtB6a0muGxuNAtePwjfkVQD16hSF7AN +TyCdk/yXP0IvDv8HITCka4q0Whl4DCqWnrCkz5IUapfHfLYbKz/4rbb6piJeMyae +C7yM7723j7gEh2wAwMrnPibGZV9SMmkoeKguyzAtRa2UxUzy1go52zkspWJBYBKI +zcm2Yk0T34e9VBOXHKFXwmmvzHGyWBpHJyFEKQ/VhnZj5qDZjkkZtTGE+6hJeCFa +0s9SZsTEYe+Co/YILIbS1f/X63q55tfSCGfCGHaOJD2UK4jdJOtQNwquA7Ek9lle +J6+3pAR+fiaU+u/quyCtRhNbl+vrtGvYjk8/dSB9WSARobZaRo+1THbka18SqSQT +TcLSHMbSr57JTOETpJY7rOfnX/pAI+Rc1fU/bvcbZIxjUR578i4mYlUihvbU2Jkd +L8/WDcveDPYSG6tlr9JMO27/LAjT7TH73N5prFsORpGRC1/I8CS+Gv77JpVVsEfU +TycJEmR+Srv+H2LnUKzNgg9ZlDeMBmy4c6rWrNysKxxtP+oKq4NIjK/H+1++Zmk/ +inlgMlpd+S9h+CeL81HlOH1vvQMsFhe+elfSMowFSr3YgXDeUbH2KUKd+7RGV1Eq +fhbqpg+D64WJny2qZL2Qo2uTSyv4Cy+7/VV6W6Tb8Lq6+wUXwZbE6glNSyvcgE/0 +icHuPM+4Ao5xeEE4ANZYsi5oGAGf68QygJQ/SwdzdmcbO5E3fVN/Unu+u8i/Z6GC +jYv/PhXQv8/IfpsaWLNad6JPYi4lyhds0qiJ2DVU7DmTjZmhwiVngSgt/GTW7oQA +RNfHhp3hdjYxx9l54DgPPNn40pVeR5EJKiUnRCZJ1TLprt+gfM84CijcQsXj/gMQ +8WG0xrxB4jeVPGLRfzKVJPm43ICk43ZWRmAtVceFJeImKE1u8xsd6Df4NB7a8ksm +oYxpD+onWCMbYewtFAaYqwOg67hnNFXVl3HhCIX/KvkhYki4+GSA9qmxWH2Xjejd +niawThWviUIaAKvz1IvxciWzWzNlqaezlNoa8VTZ6R28tRpEJjVbGS3VFcgqoCip +hYenvMdEuOed8fl3QyB0wDfDBELodKDGGYD2JdpgeDSv5AHApSYASG/c1UIdvUsV +H7X9UO8s4u9H/VA3KnRiYhd6mmwugPpGzstI+EuW3QhdlHsIluqvt6Ta9EHtaKwg +7boGZnbXdkcHQZxvO5feoRidcWK70IN2UvMFIhlQiED7V53Vet1a6EdlEkd9kdsR +nXrlQ+8fDmH4WiA5vQJo15sXDGnoi/aoLX8vc/6f7B00ytfWruZ8c8QeG9ZnIXQU +SlRI6Bq6GUnO3FXLTbzFLwfUP7jlo8nlRzrH4GRGc4PxyMHD3MlNyeypzO/TOIMz +0N0erkp232D38XLJ8917C+dbs69xLUNjBaO32SVgXPSFDmdFVhnYP89gkXEEQWB7 +q8Ym8cl9r6UmUvWn0Xcw2IIyHpFXLKagZ3YSS/ytnWF0XxFD3tAZ5gR9Jve3Kv1x +UW32IoQdEdPARVEdPioXP01pULGbU9L77EvZ6z1efFroBcUna5w4wxLQ3zWCF32Q +fXGeMiw5MfDvX0XXpC1U9SsIrIxOC8QfwFxMv8R+FmS5grJGBNphgnWTiO+KrNca +rjHw6AD+EJ92Ob8Pti/iNJRshhHvTHe9XEr+jtN9pMpQEwQxfdxf2t6P64jhSTjS +XNzuuEavKsLP6zuKXEDDcgFUT4iTZQOpk8v5aYf6o+kZVL+7tAAc0HkLxmCKkgHT +JI0TfM70+uH/BqM4IYQ93CS+9XQbwTsVWAozotdQAu+I+hTFpoTtzO0= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/fixtures/ssl/client2.key b/tests/fixtures/ssl/client2.key index 6b0b0f87de..d56cd8626f 100644 --- a/tests/fixtures/ssl/client2.key +++ b/tests/fixtures/ssl/client2.key @@ -1,34 +1,46 @@ Bag Attributes friendlyName: client2 - localKeyID: 54 69 6D 65 20 31 36 36 35 31 35 35 35 36 34 38 38 32 + localKeyID: 54 69 6D 65 20 31 37 33 33 33 31 33 34 37 39 37 36 30 Key Attributes: -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFFDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQILalIN2MbG7QCAggA -MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECD+gqk7gSkEFBIIEwETSFzC1yYTM -/O6lA8BMkl5Wzt4e7Jw7WnfWSmOFTtpXZqOgxvN9dNPsMIpxvU7nF3Iwhqw0WXMF -lpKqCy2FLM+XWqaQYV+2++s23lH0Eqfofc0IZoYk7FB92MAO1dUI7iDJeT0kwrmU -mgAKAqa6e4REZgDEUXYVAOiAHqszs0JjXlsxlPSws2EZQyU8kEALggy+60Jozviq -a9fUZ9JnbtCPkuSOipC8N+erNIEkruzbXRbookTQF+qAyTyXMciL0fTqdAJB/xfO -h66TQvr1XZorqqVPYI+yXwRBF7oVfJyk0kVfhcpo6SoedNJ3onUlyktcF2RPj1xh -612L4ytNp/TN8jvSs5EKHTuwS2+dnYp2jTS4rcbSRe53RylhFudAn9/aZad0/C72 -JXeiax3i0071sWbvKX3YsW/2QCaeMALhiqbzx+8PcgVV9BVfjO8qxJSNjaOwmVRy -I/22pufTDkoNL/aQSiw1NAL22IPdD0uvLCHj27nBct4KancvgSdTxMK9lfwJZet1 -D0S9ChUa2tCY0pDH7F9XUfcS7VAij+VWtlGIyEw7rPOWx6fGT15fj/QnepuJ5xON -qiAH7IhJesWWhG7xp7c3QsdeGNowkMtoLBlz5fEKDRaauPlbLI5IoXy+ZyOO1tIo -kH5wHDE1bn5cWn7qRy5X5HtPga1OjF11R+XquJ88+6gqmxPlsrK45/FiGdP4iLN/ -dp10cnFgAVA2kEaTXCH1LctGlR+3XQgfrwWDfvk7uMtvybqFcEEBv8vBih1UsF6v -RFfoUYq8Zle2x9kX/cfad52FxtDWnhZAgNtT53tWRUb/oAt7fXQxJMlRXKjSV05q -S/uwevnj49eVFdyiroPofipB8LAK4I+gzZ8AYJob5GoRTlPonC1pj/n3vKRsDMOA -Lwy3gXoyQ+/MBUPcDG/ewdusrJncnkAlFNt0w97CmOJU0czuJJw5rRozfvZF1Hs9 -2BVcwVPmZH9Nr3+6Yb+GTCRvsM7DBuLZIEN4WzjoLYAcrjZ2XYLsC6XmnDzIp1HF -nZwrXUROp4MhKuy+SIdFqZLoU/+AIB28WI3euIDDuERSZLff11hphRG5S9wZ8EJH -Jyl2WgP4r8wQtHs71iT06KDFuBcNqGYPwCjnvE86WFXE3wOJ91+l9u8MYvOSVOHq -4iUIpRFD4hlCWOIc1V9QYKf2s8Vkeoop/pUutK5NpLtMFgJpFPNYxyfBL13fo9lM -0iVuoG3W+iDjqZyUPoDxG4rI6Q9WvkswLxVwpMgzDUbUl2aKHcm4Z215dBMm40zh -ft+QzZEnMVzln2eTCcH91IXcsyPPACmKwraAik5ULEn4m++KtdwDZ6R1zzgRJrn9 -FI6L7C0nfKKemBdzGMCzQuciuPLIjfzXHdKr5bb0C1WS88IB0lYIs+pzpvms2P0F -AQ2nDgFKA9xlzX2f1O/YQNKA1ctc8RH5tpZUUVfheIqd0U4udp9Rqecd+/r23ENU -7kjeuxXfUbH83P0hrsQQFkkOeRWWz8+UYvqIEwWaSObdZCvTdIjRpNmmamWsAmsJ -D5Q2AMMMmNwIi5fUKYJgwTfsgY0XIekk6wmugKs3gCj1RKX930b9fniiol/Gv2VS -fJRrqds7F0s= +MIIHdTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQgAvsZwwnSW8Kro9y +zV++rgICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEPQHPzEbFr+6DmV7 +MYXGFBAEggcQH5qEUBnZfzr1n7nWhpTorP/JiAzt0F+d6dZBHZ8YnsYnveRkh/o/ +/d7UccPg3rZNHoI4ry+cJlMR5DNnYbzoTeCFU16JdZ9cdIeVpg8ZgV6ppx+7A6ql +ECINlExBB4cl50p/r8D4ojXxC3p2SHSdUo7Q5J9tUNOY7uy78HWh1HkudzdLWHTw +iKf4CMVBkvVUS6yrIxU1jwypyrRC0fdGWQvEHCBhUirGdkrfYj4Pc9SWvoZmJdX7 +3WmJSTqzKzR5PIcpA4+osgdmSkotZgMv6LAzvps026KOJi9HIfsKN/47tvZia+PN +Ete8XgXD8W/WIM9lsEULG7INvAhlZNaLKNOixyG8wD6Faox1n9KgEuqq1Jyx8N5G +t6/Lc1tZNSZCShFNqU3zorlWuEjDimVHi7mlVoDqv4Ac28VFXCpo6u4U3KNumL0e +v3meKA9vGbAy4aEMWtSAYbLCxRF+nk2KDzhGYGGVOTQp/PsoNV5Q34q7j2mNCPOD +/wNyDg9UEF1KjHQebIMY4dBxUDmMLtk/nV6D4GNGKhK7phRgjXVyB01EWq+m9hqn +bPmv9gbh65O9gxwUMsCwWrb4AnTuYFgxG0r+C5fWA2UO6utdd61fPrBwzqgWqPWn +/HvaCi+ovMxPy5QGOKEZdwVcU7NauUoZ+5FzAec8qdX6g+2Ly+UL3CFGtwNpbwZU +ZzICEeRvID+sI8yM5dwl+PH0H8Iut+iVUDaR7KuV5ALAdsnuWZThEwvGi+Ft9Tp2 ++gJN2rnwlYHUeX3x2xlbFLtJEriuE/g7mDSOfNQ74SCkHIAHXhgI28pQE6niDUug +5MaCBR9Vn2xrkP0LO37okQ2kloATZ70uQNiLB2Kyi50dWoOrA7LGSjbe1gzT5dnT +JkKM7uAP6k+6J1Jlkk+6F99upNcfoHYV1Rr+7lmMAPk5wbf3QUxcwanJM24L06a8 +9iqi9yWlXKlXfjOHO9zzzmo+3pJq+kvS/o0qHbGQZcNMi0P1XkO8QIvkmN0nJcV1 ++1ceKc+N/lPvnE3YZBwKg8IHgKwD5+ofiuIz+H+32F8vCJKQEqaCY9dOdu4yLH0n ++an3RHg6X48cFW8g5cOKgShNGg8jKoDRx5N9xWxav01XSI/3pk5CM79nzXJM5czi +rA5oHRP9g2QuI9xHJ4phbRaoymsid1b8gpJB6Ii6BmGvuIBICGe8Nx6dx+Gb6bx9 +rK9Rr1cbpxaSXjgS+Eb5zVQV5SNsoO6vDtx58eeqoQZACrbapuGQ5PJtlOPZIYmg +GKavZxrFBQKrv3ouSSDtI/Kc5vC0ZEK/SUKmFmoBPkds4Wwe/5wHXAjCBaI4yY0L +XOcUd68CiMVdL4nDp810wdMdOhsSCMJcpiiLZzXQhUyUksJpf1E93QrBprm3zniy +hx2mkcXkPv4FqY3ppSTJjZdxnpgac7RrsvGK2ia7J90XSoQho4ZRwFBVL8fnWfge +wYWu8MR2U6XTKkK52uaziIedHxkfWZDwWYjWkOzoxXbFmuWv7/wf+oZU1UeTrpVw +cfTQy0PAY/vLIBZU5pyxe09H1osR+sIics4JWj0fkSlkia9MVwYgEZUSR6V4ctz6 +kZttOmm0Dsdmz7473fOvrFiLCgxx+BzYQPdkP54PTPIWsukhs9ygL4/58iuuW4aw +iPsx+qwRy9IVGIdAzp73+YBmfLTOONYQxKJYZgTjFTurpDNY+ik+8AuPX0Z+ZFdz +JptiNY3wOLHjXSamxkXotfbkfVzSn6fK2/jbJJMijnvswZXZA38wIMSvn7q3Jg5w +sBTMZtAIQJm1YX3Kpc3Aax/mHTSLPfTQHXwHgnTeHTjDgELexuLYA8qFujWwudK/ +zDXcg49LiWaCld8Wxe2IHvCRHVfpZDmmX92ebPz9qWwn6v8EYDe3C029zURz4+QW +5sEcb2E3Bmxd92B/RsZlt2Xgge31TUxhs1X/ecIot75cH/TBYoVqttrUuEu7tZJB +ks9kwHaW1Hqa7WnHyrV6z9ycJD0pebCVUdrhRonWgU6Jnw8kR3DxPWLqut7H5Ntn +1dAiaHRLxieXwV0GhTaDlP498IzH8HgLhUVwqA2xUJkubw50jUgF4teTE8KbS/0H +nLoW8aKgIre2VEUTH1cIn4xSw8x5F7lZ9XS2OUBmAJ+ORJWo8e0U0ylV9IL08lZz +V+5XYZCwLwlDRPYb/VXqmHFV9+yF4vlvDgFNklypvjeIYEcCS1G3Dgg1B0xlz8Ti +uracDByaVUYF7A9GY95mx5EsZiDSd5pt8XvCGiQzVd2RGevhn+m3H2CziQU8usaG +0TQgC/ZyeiPzWq/Bd7mdDtWNMQ7PsOH0i0q0WrY0xLUAZwMpapDiItiPBwXd1WRY +0XsJKtB65vyDc1i8XEdMZubq/Tr+52+6E1b4RCZMCxAhoghGSulc5+g= -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/fixtures/ssl/create_keys.sh b/tests/fixtures/ssl/create_keys.sh index 36e92bd30a..cb83b66d2f 100755 --- a/tests/fixtures/ssl/create_keys.sh +++ b/tests/fixtures/ssl/create_keys.sh @@ -1,35 +1,72 @@ #!/bin/sh set -e CA_PASSWORD="${CA_PASSWORD:-use_strong_password_ca}" +CA_INTERMEDIATE_PASSWORD="${CA_INTERMEDIATE_PASSWORD:-use_strong_password_intermediate_ca}" KEYSTORE_PASSWORD="${KEYSTORE_PASSWORD:-use_strong_password_keystore}" TRUSTSTORE_PASSWORD="${TRUSTSTORE_PASSWORD:-use_strong_password_truststore}" OUTPUT_FOLDER=${OUTPUT_FOLDER:-$( dirname "$0" )} CNS=${@:-client} cd ${OUTPUT_FOLDER} -CA_ROOT_KEY=caroot.key -CA_ROOT_CRT=caroot.crt +CA_ROOT_KEY=${CA_ROOT_KEY:-caroot.key} +CA_ROOT_CRT=${CA_ROOT_CRT:-caroot.crt} +CA_INTERMEDIATE_KEY=intermediate.key +CA_INTERMEDIATE_CSR=intermediate.csr +CA_INTERMEDIATE_CRT=intermediate.crt -echo "# Generate CA" -openssl req -new -x509 -keyout $CA_ROOT_KEY \ - -out $CA_ROOT_CRT -days 3650 -subj \ - '/CN=caroot/OU=/O=/L=/ST=/C=' -passin "pass:${CA_PASSWORD}" \ - -passout "pass:${CA_PASSWORD}" +if [ ! -f $CA_ROOT_KEY -o ! -f $CA_ROOT_CRT ]; then + echo "# Generate CA" + openssl req -new -x509 -keyout $CA_ROOT_KEY \ + -out $CA_ROOT_CRT -subj \ + '/CN=caroot/OU=/O=/L=/ST=/C=' -passin "pass:${CA_PASSWORD}" \ + -passout "pass:${CA_PASSWORD}" +fi + +echo "# caintermediate: Generate CSR" +openssl req -new -keyout $CA_INTERMEDIATE_KEY \ + -out $CA_INTERMEDIATE_CSR -subj \ + '/CN=caintermediate/OU=/O=/L=/ST=/C=' \ + -passin "pass:${CA_INTERMEDIATE_PASSWORD}" \ + -passout "pass:${CA_INTERMEDIATE_PASSWORD}" + +echo "# caintermediate: Generate extfile" +cat << EOF > extfile +[req] +distinguished_name=dn +[ dn ] +CN=caintermediate +[ ext ] +basicConstraints=CA:TRUE,pathlen:0 +EOF + +echo "# caintermediate: Sign request" +openssl x509 -req -extfile extfile \ +-passin "pass:${CA_PASSWORD}" \ +-in "${CA_INTERMEDIATE_CSR}" \ +-CA "${CA_ROOT_CRT}" \ +-CAkey "${CA_ROOT_KEY}" \ +-days 3650 \ +-out "${CA_INTERMEDIATE_CRT}" for CN in $CNS; do - KEYSTORE=$CN.keystore.p12 - TRUSTSTORE=$CN.truststore.p12 - SIGNED_CRT=$CN-ca-signed.crt - CERTIFICATE=$CN.certificate.pem - KEY=$CN.key +for INTERMEDIATE in true false; do + INTERMEDIATE_PREFIX="" + if [ $INTERMEDIATE = "true" ]; then + INTERMEDIATE_PREFIX=".intermediate" + fi + echo here + KEYSTORE=${CN}.keystore${INTERMEDIATE_PREFIX}.p12 + TRUSTSTORE=${CN}.truststore${INTERMEDIATE_PREFIX}.p12 + CSR=${CN}${INTERMEDIATE_PREFIX}.csr + SIGNED_CRT=${CN}-ca-signed${INTERMEDIATE_PREFIX}.crt + CERTIFICATE=${CN}.certificate${INTERMEDIATE_PREFIX}.pem + KEY=${CN}${INTERMEDIATE_PREFIX}.key # Get specific password for this CN CN_KEYSTORE_PASSWORD="$(eval echo \$${CN}_KEYSTORE_PASSWORD)" if [ -z "$CN_KEYSTORE_PASSWORD" ]; then CN_KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}_$CN fi - echo ${CN_KEYSTORE_PASSWORD} - echo "# $CN: Generate Keystore" keytool -genkey -noprompt \ -alias $CN \ @@ -47,7 +84,7 @@ for CN in $CNS; do echo "# $CN: Generate CSR" keytool -keystore $KEYSTORE -alias $CN \ - -certreq -file $CN.csr -storepass "${CN_KEYSTORE_PASSWORD}" \ + -certreq -file $CSR -storepass "${CN_KEYSTORE_PASSWORD}" \ -keypass "${CN_KEYSTORE_PASSWORD}" \ -ext "SAN=dns:$CN,dns:localhost" @@ -66,17 +103,32 @@ DNS.1 = $CN DNS.2 = localhost EOF - echo "# $CN: Sign the certificate with the CA" - openssl x509 -req -CA $CA_ROOT_CRT -CAkey $CA_ROOT_KEY \ - -in $CN.csr \ - -out $CN-ca-signed.crt -days 9999 \ - -CAcreateserial -passin "pass:${CA_PASSWORD}" \ - -extensions v3_req -extfile extfile echo "# $CN: Import root certificate" keytool -noprompt -keystore $KEYSTORE \ -alias caroot -import -file $CA_ROOT_CRT -storepass "${CN_KEYSTORE_PASSWORD}" + if [ $INTERMEDIATE = "false" ]; then + echo "# $CN: Sign the certificate with the CA" + openssl x509 -req -CA $CA_ROOT_CRT -CAkey $CA_ROOT_KEY \ + -in $CSR \ + -out $SIGNED_CRT -days 9999 \ + -CAcreateserial -passin "pass:${CA_PASSWORD}" \ + -extensions v3_req -extfile extfile + else + echo "# $CN: Sign the certificate with the intermediate CA" + openssl x509 -req -CA $CA_INTERMEDIATE_CRT -CAkey $CA_INTERMEDIATE_KEY \ + -in $CSR \ + -out $SIGNED_CRT -days 9999 \ + -CAcreateserial -passin "pass:${CA_INTERMEDIATE_PASSWORD}" \ + -extensions v3_req -extfile extfile + + echo "# $CN: Import intermediate CA certificate" + keytool -noprompt -keystore $KEYSTORE \ + -alias caintermediate -import -file $CA_INTERMEDIATE_CRT \ + -storepass "${CN_KEYSTORE_PASSWORD}" + fi + echo "# $CN: Import signed certificate" keytool -noprompt -keystore $KEYSTORE -alias $CN \ -import -file $SIGNED_CRT -storepass "${CN_KEYSTORE_PASSWORD}" \ @@ -91,3 +143,4 @@ EOF -nocerts -passin "pass:${CN_KEYSTORE_PASSWORD}" \ -passout "pass:${CN_KEYSTORE_PASSWORD}" done +done