diff --git a/lib/puppet/application/ssl.rb b/lib/puppet/application/ssl.rb index 62e2b966afb..7260c6523bf 100644 --- a/lib/puppet/application/ssl.rb +++ b/lib/puppet/application/ssl.rb @@ -147,8 +147,13 @@ def main def submit_request(ssl_context) key = @cert_provider.load_private_key(Puppet[:certname]) unless key - Puppet.info _("Creating a new SSL key for %{name}") % { name: Puppet[:certname] } - key = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i) + if Puppet[:key_type] == 'ec' + Puppet.info _("Creating a new EC SSL key for %{name} using curve %{curve}") % { name: Puppet[:certname], curve: Puppet[:named_curve] } + key = OpenSSL::PKey::EC.generate(Puppet[:named_curve]) + else + Puppet.info _("Creating a new SSL key for %{name}") % { name: Puppet[:certname] } + key = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i) + end @cert_provider.save_private_key(Puppet[:certname], key) end diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb index c044804415c..0f713d0f83b 100644 --- a/lib/puppet/defaults.rb +++ b/lib/puppet/defaults.rb @@ -961,6 +961,18 @@ def self.default_vendormoduledir certificate revocation checking and does not attempt to download the CRL. EOT }, + :key_type => { + :default => 'rsa', + :type => :enum, + :values => %w[rsa ec], + :desc => "The type of private key. Valid values are `rsa` and `ec`. Default is `rsa`." + }, + :named_curve => { + :default => 'prime256v1', + :type => :string, + :desc => "The short name for the EC curve. Valid values must be one of the curves in + `OpenSSL::PKey::EC.builtin_curves`. Default is `prime256v1`." + }, :digest_algorithm => { :default => lambda { default_digest_algorithm }, :type => :enum, diff --git a/lib/puppet/ssl/certificate_request.rb b/lib/puppet/ssl/certificate_request.rb index 92aafa2c55b..d646ca47e30 100644 --- a/lib/puppet/ssl/certificate_request.rb +++ b/lib/puppet/ssl/certificate_request.rb @@ -75,7 +75,17 @@ def generate(key, options = {}) csr = OpenSSL::X509::Request.new csr.version = 0 csr.subject = OpenSSL::X509::Name.new([["CN", common_name]]) - csr.public_key = key.public_key + + csr.public_key = if key.is_a?(OpenSSL::PKey::EC) + # EC#public_key doesn't following the PKey API, + # see https://github.com/ruby/openssl/issues/29 + point = key.public_key + pubkey = OpenSSL::PKey::EC.new(point.group) + pubkey.public_key = point + pubkey + else + key.public_key + end if options[:csr_attributes] add_csr_attributes(csr, options[:csr_attributes]) @@ -88,7 +98,7 @@ def generate(key, options = {}) signer = Puppet::SSL::CertificateSigner.new signer.sign(csr, key) - raise Puppet::Error, _("CSR sign verification failed; you need to clean the certificate request for %{name} on the server") % { name: name } unless csr.verify(key.public_key) + raise Puppet::Error, _("CSR sign verification failed; you need to clean the certificate request for %{name} on the server") % { name: name } unless csr.verify(csr.public_key) @content = csr diff --git a/lib/puppet/ssl/ssl_provider.rb b/lib/puppet/ssl/ssl_provider.rb index 30fe7c58056..0ab8891ec50 100644 --- a/lib/puppet/ssl/ssl_provider.rb +++ b/lib/puppet/ssl/ssl_provider.rb @@ -51,7 +51,7 @@ def create_root_context(cacerts:, crls: [], revocation: Puppet[:certificate_revo # # @param cacerts [Array] Array of trusted CA certs # @param crls [Array] Array of CRLs - # @param private_key [OpenSSL::PKey::RSA] client's private key + # @param private_key [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] client's private key # @param client_cert [OpenSSL::X509::Certificate] client's cert whose public # key matches the `private_key` # @param revocation [:chain, :leaf, false] revocation mode @@ -70,7 +70,7 @@ def create_context(cacerts:, crls:, private_key:, client_cert:, revocation: Pupp store = create_x509_store(cacerts, crls, revocation) client_chain = verify_cert_with_store(store, client_cert) - unless private_key.is_a?(OpenSSL::PKey::RSA) + unless private_key.is_a?(OpenSSL::PKey::RSA) || private_key.is_a?(OpenSSL::PKey::EC) raise Puppet::SSL::SSLError, _("Unsupported key '%{type}'") % { type: private_key.class.name } end @@ -116,7 +116,7 @@ def load_context(certname: Puppet[:certname], revocation: Puppet[:certificate_re # of the private key, and that it hasn't been tampered with since. # # @param csr [OpenSSL::X509::Request] certificate signing request - # @param public_key [OpenSSL::PKey::RSA] public key + # @param public_key [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] public key # @raise [Puppet::SSL:SSLError] The private_key for the given `public_key` was # not used to sign the CSR. # @api private diff --git a/lib/puppet/ssl/state_machine.rb b/lib/puppet/ssl/state_machine.rb index 919f6e17966..19273b964e7 100644 --- a/lib/puppet/ssl/state_machine.rb +++ b/lib/puppet/ssl/state_machine.rb @@ -110,8 +110,13 @@ def next_state return Done.new(@machine, next_ctx) end else - Puppet.info _("Creating a new SSL key for %{name}") % { name: Puppet[:certname] } - key = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i) + if Puppet[:key_type] == 'ec' + Puppet.info _("Creating a new EC SSL key for %{name} using curve %{curve}") % { name: Puppet[:certname], curve: Puppet[:named_curve] } + key = OpenSSL::PKey::EC.generate(Puppet[:named_curve]) + else + Puppet.info _("Creating a new RSA SSL key for %{name}") % { name: Puppet[:certname] } + key = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i) + end @cert_provider.save_private_key(Puppet[:certname], key) end diff --git a/lib/puppet/util/monkey_patches.rb b/lib/puppet/util/monkey_patches.rb index 25cfacd721d..ef1fc439237 100644 --- a/lib/puppet/util/monkey_patches.rb +++ b/lib/puppet/util/monkey_patches.rb @@ -99,6 +99,23 @@ def to_utf8 end end +unless OpenSSL::PKey::EC.instance_methods.include?(:private?) + class OpenSSL::PKey::EC + # Added in ruby 2.4.0 in https://github.com/ruby/ruby/commit/7c971e61f04 + alias :private? :private_key? + end +end + +unless OpenSSL::PKey::EC.singleton_methods.include?(:generate) + class OpenSSL::PKey::EC + # Added in ruby 2.4.0 in https://github.com/ruby/ruby/commit/85500b66342 + def self.generate(string) + ec = OpenSSL::PKey::EC.new(string) + ec.generate_key + end + end +end + # The Enumerable#uniq method was added in Ruby 2.4.0 (https://bugs.ruby-lang.org/issues/11090) # This is a backport to earlier Ruby versions. # diff --git a/lib/puppet/x509/cert_provider.rb b/lib/puppet/x509/cert_provider.rb index aec33beb4ac..6082ca774bf 100644 --- a/lib/puppet/x509/cert_provider.rb +++ b/lib/puppet/x509/cert_provider.rb @@ -146,14 +146,17 @@ def load_private_key(name, required: false) # Load a PEM encoded private key. # # @param pem [String] PEM encoded private key - # @return [OpenSSL::PKey::RSA] The private key - # @raise [OpenSSL::PKey::RSAError] The `pem` text does not contain a valid key + # @return [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] The private key + # @raise [OpenSSL::PKey::PKeyError] The `pem` text does not contain a valid key # @api private def load_private_key_from_pem(pem) # set a non-nil passphrase to ensure openssl doesn't prompt # but ruby 2.4.0 & 2.4.1 require at least 4 bytes, see # https://github.com/ruby/ruby/commit/f012932218fd609f75f9268812df61fb26e2d0f1#diff-40e4270ec386990ac60d7ab5ff8045a4 - OpenSSL::PKey::RSA.new(pem, ' ') + OpenSSL::PKey.read(pem, ' ') + rescue ArgumentError => e + # handle EC keys on ruby <= 2.3 + raise OpenSSL::PKey::PKeyError, e.message end # Save a named client cert to the configured `certdir`. diff --git a/spec/fixtures/ssl/127.0.0.1-key.pem b/spec/fixtures/ssl/127.0.0.1-key.pem index eac6a255b1a..c5e7cdcc3f1 100644 --- a/spec/fixtures/ssl/127.0.0.1-key.pem +++ b/spec/fixtures/ssl/127.0.0.1-key.pem @@ -1,67 +1,67 @@ Private-Key: (1024 bit) modulus: - 00:bb:e1:47:40:df:d0:06:c2:ef:5b:0b:41:41:01: - f8:a3:68:fe:18:82:21:5b:97:b5:7c:25:f2:31:b9: - 50:09:a8:56:71:4c:81:e5:fe:e0:2b:f3:8d:38:e8: - fd:15:c2:a3:5a:db:56:5d:29:49:4d:75:e5:ae:69: - a7:a3:ac:19:c6:23:cb:1a:23:57:15:aa:ca:e1:e1: - 78:79:af:49:15:bf:7d:9a:42:16:bc:b1:18:61:68: - d8:e1:34:57:4e:73:a0:90:3e:1f:8a:56:fd:0c:eb: - f0:fb:03:fd:ec:1b:ff:15:1f:d7:3e:5c:73:09:15: - 48:83:e5:ff:4e:b3:ea:3a:a9 + 00:a3:a2:4c:5d:4a:02:49:6c:4d:9f:a1:88:4c:1f: + 34:5b:5a:78:c4:20:85:58:29:25:9c:5b:fc:55:01: + 3f:c3:64:37:62:65:f3:a7:bf:dd:12:bf:02:04:0c: + 88:78:d3:8a:20:e8:5b:55:94:f8:a9:bb:59:99:26: + 53:51:23:41:d1:e0:a1:6f:ad:0b:ff:cf:be:c3:d0: + e6:dc:3d:c1:6b:14:25:f5:84:a4:c5:7c:2d:a4:52: + e2:f0:11:9a:44:a5:c9:45:e1:cc:22:7a:43:ad:38: + 76:19:f3:de:e2:96:24:9e:40:81:d4:a9:f6:28:27: + 4c:84:9c:a0:70:f8:6a:39:f5 publicExponent: 65537 (0x10001) privateExponent: - 22:7d:7d:b6:24:20:2d:4d:95:e1:31:d4:bd:d9:5d: - ca:a9:d8:93:a9:37:f4:77:8a:42:8b:38:c5:f6:0e: - 02:67:db:ce:9a:cb:f1:eb:f3:3d:3e:4d:bb:97:d1: - f6:2f:b0:0b:5a:de:a4:e5:92:66:5c:f1:58:2e:5f: - 2f:05:c6:09:30:2e:77:0c:07:64:ea:9e:c2:f4:72: - b0:f9:31:36:af:45:7e:a5:44:bf:b8:f9:1c:0d:fc: - 9f:8e:41:08:c4:8e:d0:8d:4e:de:2d:f3:42:c3:d0: - 6e:ca:70:21:bb:f5:c4:e2:67:13:21:10:5a:0b:68: - 7b:5d:9f:ea:08:f0:12:3d + 1e:f5:e6:5d:00:53:ce:70:9f:7f:44:a0:f5:46:32: + 31:d6:bc:62:df:84:5b:59:ed:b3:d7:f3:b6:61:b6: + 1e:d2:27:68:86:c1:c3:4b:9a:18:a1:eb:4f:b8:cf: + 59:8d:2c:e5:6d:11:5a:f0:04:dc:98:86:2b:64:04: + ff:a5:1c:1e:bc:53:db:fc:aa:29:f9:0b:0e:10:70: + 09:53:e6:d5:be:f4:98:20:7d:8b:af:5c:d7:4e:ff: + 3e:09:ab:c6:80:86:bc:08:7e:95:73:34:c7:38:c8: + c2:8b:41:da:78:ad:51:11:f0:19:e7:7d:8c:4e:3e: + 19:b0:4a:e4:c5:df:a5:41 prime1: - 00:e3:d5:5c:8e:b9:31:28:ce:d3:c0:78:0d:b2:12: - 0e:14:95:a4:b8:48:20:82:2f:27:37:f5:b8:6e:b4: - ec:57:7f:92:c4:23:15:5b:d1:b6:35:20:60:49:36: - fb:63:8d:df:34:45:af:07:80:a7:9b:05:2f:43:5e: - af:9a:bc:9b:43 + 00:d3:6a:f2:e1:04:1f:d0:e4:fe:79:80:37:2a:10: + a2:6a:93:dd:03:bf:9b:b6:d6:a6:f5:83:11:b7:b3: + 6e:f6:38:7e:d5:02:3b:70:ab:c9:3c:25:90:f0:f5: + 8d:43:f3:ea:35:36:b9:5d:d0:b5:7d:eb:cf:bb:5f: + 00:9b:3e:44:97 prime2: - 00:d3:1b:70:e1:ff:2d:af:09:a9:3e:65:04:58:3d: - 65:11:bd:98:7e:39:26:ab:33:98:37:cf:46:13:2e: - 6f:dd:48:0e:0c:bb:ee:3a:a7:91:60:81:6f:9f:54: - 65:2c:cd:8a:6f:27:a5:6a:72:f1:3d:44:9c:b3:eb: - b8:56:6f:b5:a3 + 00:c6:23:d1:59:48:26:9e:4a:ec:be:2b:a5:53:70: + 80:88:53:30:2e:87:19:a6:1d:0b:a7:8f:d3:98:ca: + 6c:63:a5:fd:3d:20:7d:4c:1b:79:57:7b:e7:66:93: + fd:e6:03:94:04:a9:aa:2b:9e:ed:a0:e7:a5:0e:be: + db:5f:64:8b:53 exponent1: - 00:b4:ef:ca:4c:f2:98:2e:ef:6a:cd:8c:ca:5b:a3: - e9:18:c1:eb:0a:0b:05:fe:3d:92:68:e7:b5:2b:fe: - 75:3f:db:e9:e3:e8:74:da:f1:c6:41:94:cf:c2:f5: - 6e:5a:16:de:af:75:b3:d6:42:7f:59:26:99:ed:67: - f2:0f:f2:3f:5f + 00:9d:4b:dd:18:fd:70:8e:83:51:b2:24:6a:e6:a9: + 29:ae:12:05:46:5c:b1:05:ff:fe:88:7b:d4:1a:d1: + 2d:a5:93:b3:09:d8:77:51:04:fe:db:f9:37:35:8f: + fc:62:aa:7f:7e:c8:10:72:74:6e:14:19:f6:9c:79: + ba:81:c6:7a:51 exponent2: - 10:8b:45:fd:70:12:14:75:9d:5d:d6:6c:d0:bd:7e: - fe:34:ed:8e:76:cc:20:fe:9a:1f:45:8f:28:51:ab: - 52:9c:22:fd:bc:7c:9e:fc:22:d8:7d:4c:52:20:3b: - 0d:97:ce:11:87:f9:de:ad:c3:5a:19:d6:6e:03:3b: - 1f:0b:02:21 + 00:84:25:8d:51:4b:82:9e:1e:00:69:10:f8:f1:7e: + 5d:eb:0d:f8:5b:7f:b5:46:89:a6:a5:39:92:79:1b: + c0:50:71:7b:45:12:6f:1e:9c:50:40:5d:9d:c6:57: + 3b:85:f5:aa:f9:b5:22:8e:77:2f:ab:19:f3:86:b3: + 19:e2:34:4f:8b coefficient: - 00:a9:b1:a0:81:72:a1:e9:41:51:3e:32:5a:33:aa: - 20:b1:23:bf:ff:62:53:a7:6d:e2:c1:d5:18:11:57: - b6:9e:fd:b2:c5:d8:d8:50:d1:5e:5c:22:ba:14:e3: - 36:92:34:4c:29:19:dc:a3:60:a8:01:81:00:5b:c1: - 3b:4e:0f:26:23 + 21:c3:0e:85:b6:8d:3f:c8:85:ae:31:da:52:43:16: + 06:0e:8a:9d:95:6d:bb:8b:97:09:0a:fa:9e:9f:9c: + 5f:7f:b9:6f:e8:db:73:a5:34:13:fa:73:1a:6e:67: + ee:6f:c2:7f:e9:67:03:23:f6:2d:ca:cb:a2:85:67: + 28:e5:df:a3 -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQC74UdA39AGwu9bC0FBAfijaP4YgiFbl7V8JfIxuVAJqFZxTIHl -/uAr84046P0VwqNa21ZdKUlNdeWuaaejrBnGI8saI1cVqsrh4Xh5r0kVv32aQha8 -sRhhaNjhNFdOc6CQPh+KVv0M6/D7A/3sG/8VH9c+XHMJFUiD5f9Os+o6qQIDAQAB -AoGAIn19tiQgLU2V4THUvdldyqnYk6k39HeKQos4xfYOAmfbzprL8evzPT5Nu5fR -9i+wC1repOWSZlzxWC5fLwXGCTAudwwHZOqewvRysPkxNq9FfqVEv7j5HA38n45B -CMSO0I1O3i3zQsPQbspwIbv1xOJnEyEQWgtoe12f6gjwEj0CQQDj1VyOuTEoztPA -eA2yEg4UlaS4SCCCLyc39bhutOxXf5LEIxVb0bY1IGBJNvtjjd80Ra8HgKebBS9D -Xq+avJtDAkEA0xtw4f8trwmpPmUEWD1lEb2YfjkmqzOYN89GEy5v3UgODLvuOqeR -YIFvn1RlLM2KbyelanLxPUScs+u4Vm+1owJBALTvykzymC7vas2Myluj6RjB6woL -Bf49kmjntSv+dT/b6ePodNrxxkGUz8L1bloW3q91s9ZCf1kmme1n8g/yP18CQBCL -Rf1wEhR1nV3WbNC9fv407Y52zCD+mh9FjyhRq1KcIv28fJ78Ith9TFIgOw2XzhGH -+d6tw1oZ1m4DOx8LAiECQQCpsaCBcqHpQVE+MlozqiCxI7//YlOnbeLB1RgRV7ae -/bLF2NhQ0V5cIroU4zaSNEwpGdyjYKgBgQBbwTtODyYj +MIICXQIBAAKBgQCjokxdSgJJbE2foYhMHzRbWnjEIIVYKSWcW/xVAT/DZDdiZfOn +v90SvwIEDIh404og6FtVlPipu1mZJlNRI0HR4KFvrQv/z77D0ObcPcFrFCX1hKTF +fC2kUuLwEZpEpclF4cwiekOtOHYZ897iliSeQIHUqfYoJ0yEnKBw+Go59QIDAQAB +AoGAHvXmXQBTznCff0Sg9UYyMda8Yt+EW1nts9fztmG2HtInaIbBw0uaGKHrT7jP +WY0s5W0RWvAE3JiGK2QE/6UcHrxT2/yqKfkLDhBwCVPm1b70mCB9i69c107/Pgmr +xoCGvAh+lXM0xzjIwotB2nitURHwGed9jE4+GbBK5MXfpUECQQDTavLhBB/Q5P55 +gDcqEKJqk90Dv5u21qb1gxG3s272OH7VAjtwq8k8JZDw9Y1D8+o1Nrld0LV968+7 +XwCbPkSXAkEAxiPRWUgmnkrsviulU3CAiFMwLocZph0Lp4/TmMpsY6X9PSB9TBt5 +V3vnZpP95gOUBKmqK57toOelDr7bX2SLUwJBAJ1L3Rj9cI6DUbIkauapKa4SBUZc +sQX//oh71BrRLaWTswnYd1EE/tv5NzWP/GKqf37IEHJ0bhQZ9px5uoHGelECQQCE +JY1RS4KeHgBpEPjxfl3rDfhbf7VGiaalOZJ5G8BQcXtFEm8enFBAXZ3GVzuF9ar5 +tSKOdy+rGfOGsxniNE+LAkAhww6Fto0/yIWuMdpSQxYGDoqdlW27i5cJCvqen5xf +f7lv6NtzpTQT+nMabmfub8J/6WcDI/YtysuihWco5d+j -----END RSA PRIVATE KEY----- diff --git a/spec/fixtures/ssl/127.0.0.1.pem b/spec/fixtures/ssl/127.0.0.1.pem index 50a99935aa0..781b2fce75f 100644 --- a/spec/fixtures/ssl/127.0.0.1.pem +++ b/spec/fixtures/ssl/127.0.0.1.pem @@ -6,43 +6,43 @@ Certificate: Issuer: CN=Test CA Validity Not Before: Jan 1 00:00:00 1970 GMT - Not After : Mar 9 21:35:53 2029 GMT + Not After : Mar 19 05:29:18 2029 GMT Subject: CN=127.0.0.1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: - 00:bb:e1:47:40:df:d0:06:c2:ef:5b:0b:41:41:01: - f8:a3:68:fe:18:82:21:5b:97:b5:7c:25:f2:31:b9: - 50:09:a8:56:71:4c:81:e5:fe:e0:2b:f3:8d:38:e8: - fd:15:c2:a3:5a:db:56:5d:29:49:4d:75:e5:ae:69: - a7:a3:ac:19:c6:23:cb:1a:23:57:15:aa:ca:e1:e1: - 78:79:af:49:15:bf:7d:9a:42:16:bc:b1:18:61:68: - d8:e1:34:57:4e:73:a0:90:3e:1f:8a:56:fd:0c:eb: - f0:fb:03:fd:ec:1b:ff:15:1f:d7:3e:5c:73:09:15: - 48:83:e5:ff:4e:b3:ea:3a:a9 + 00:a3:a2:4c:5d:4a:02:49:6c:4d:9f:a1:88:4c:1f: + 34:5b:5a:78:c4:20:85:58:29:25:9c:5b:fc:55:01: + 3f:c3:64:37:62:65:f3:a7:bf:dd:12:bf:02:04:0c: + 88:78:d3:8a:20:e8:5b:55:94:f8:a9:bb:59:99:26: + 53:51:23:41:d1:e0:a1:6f:ad:0b:ff:cf:be:c3:d0: + e6:dc:3d:c1:6b:14:25:f5:84:a4:c5:7c:2d:a4:52: + e2:f0:11:9a:44:a5:c9:45:e1:cc:22:7a:43:ad:38: + 76:19:f3:de:e2:96:24:9e:40:81:d4:a9:f6:28:27: + 4c:84:9c:a0:70:f8:6a:39:f5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: DNS:127.0.0.1, DNS:127.0.0.2 Signature Algorithm: sha256WithRSAEncryption - ba:0d:5c:ae:e4:7b:7f:ec:39:f5:e6:29:ab:6a:bf:65:26:87: - 04:50:ca:93:f1:ee:7a:65:3a:6b:7c:b2:d7:96:f2:29:19:8a: - 0d:ed:e3:3d:ed:d1:5d:72:c2:a6:60:bc:13:c6:c0:92:a8:a2: - 23:3b:35:6b:58:a5:c4:7c:74:88:1a:00:bd:47:0f:c8:4b:4d: - f6:2c:16:61:1c:9a:b9:b6:be:28:0e:41:17:df:bc:f3:21:a8: - 2c:a3:e2:4b:23:e0:2e:06:f3:b6:0e:90:3d:87:8c:da:a8:66: - 14:7e:03:e2:69:85:0d:a7:a9:d9:b6:25:92:fd:13:e1:e9:71: - f9:da + a1:10:5e:1a:dc:e3:e4:2f:a9:77:16:3c:b9:a1:58:a5:1d:09: + b5:47:fd:a9:6d:83:4f:ec:0f:de:48:e2:c7:a2:98:2c:ab:5d: + 69:74:a8:87:c9:ba:87:0c:9b:10:f2:31:4c:52:bd:50:32:7d: + 54:74:2c:75:75:59:dc:80:11:22:e9:a9:b1:1b:e9:9f:42:19: + 56:eb:8c:ca:c6:3e:ce:74:bc:96:29:ca:ae:64:71:1e:7c:4a: + 45:11:d1:2e:d2:f4:6a:3a:ea:df:a0:84:a1:df:0a:3d:2e:c8: + e0:da:7e:61:09:8a:99:75:7f:04:bf:a9:43:07:34:f1:71:36: + d0:08 -----BEGIN CERTIFICATE----- MIIBvzCCASigAwIBAgIBAzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0 -IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMwOTIxMzU1M1owFDESMBAGA1UEAwwJ -MTI3LjAuMC4xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC74UdA39AGwu9b -C0FBAfijaP4YgiFbl7V8JfIxuVAJqFZxTIHl/uAr84046P0VwqNa21ZdKUlNdeWu -aaejrBnGI8saI1cVqsrh4Xh5r0kVv32aQha8sRhhaNjhNFdOc6CQPh+KVv0M6/D7 -A/3sG/8VH9c+XHMJFUiD5f9Os+o6qQIDAQABoyMwITAfBgNVHREEGDAWggkxMjcu -MC4wLjGCCTEyNy4wLjAuMjANBgkqhkiG9w0BAQsFAAOBgQC6DVyu5Ht/7Dn15imr -ar9lJocEUMqT8e56ZTprfLLXlvIpGYoN7eM97dFdcsKmYLwTxsCSqKIjOzVrWKXE -fHSIGgC9Rw/IS032LBZhHJq5tr4oDkEX37zzIagso+JLI+AuBvO2DpA9h4zaqGYU -fgPiaYUNp6nZtiWS/RPh6XH52g== +IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMxOTA1MjkxOFowFDESMBAGA1UEAwwJ +MTI3LjAuMC4xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjokxdSgJJbE2f +oYhMHzRbWnjEIIVYKSWcW/xVAT/DZDdiZfOnv90SvwIEDIh404og6FtVlPipu1mZ +JlNRI0HR4KFvrQv/z77D0ObcPcFrFCX1hKTFfC2kUuLwEZpEpclF4cwiekOtOHYZ +897iliSeQIHUqfYoJ0yEnKBw+Go59QIDAQABoyMwITAfBgNVHREEGDAWggkxMjcu +MC4wLjGCCTEyNy4wLjAuMjANBgkqhkiG9w0BAQsFAAOBgQChEF4a3OPkL6l3Fjy5 +oVilHQm1R/2pbYNP7A/eSOLHopgsq11pdKiHybqHDJsQ8jFMUr1QMn1UdCx1dVnc +gBEi6amxG+mfQhlW64zKxj7OdLyWKcquZHEefEpFEdEu0vRqOurfoISh3wo9Lsjg +2n5hCYqZdX8Ev6lDBzTxcTbQCA== -----END CERTIFICATE----- diff --git a/spec/fixtures/ssl/bad-basic-constraints.pem b/spec/fixtures/ssl/bad-basic-constraints.pem index d7c6fe54289..59b9d7c7131 100644 --- a/spec/fixtures/ssl/bad-basic-constraints.pem +++ b/spec/fixtures/ssl/bad-basic-constraints.pem @@ -1,26 +1,26 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 7 (0x7) + Serial Number: 8 (0x8) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Test CA Validity Not Before: Jan 1 00:00:00 1970 GMT - Not After : Mar 9 21:35:53 2029 GMT + Not After : Mar 19 05:29:18 2029 GMT Subject: CN=Test CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: - 00:c8:15:08:03:7c:69:d7:4d:05:f9:81:0c:f3:f1: - 77:ed:4a:e8:7c:f7:ac:77:bb:5c:8b:5c:96:31:01: - bf:aa:b4:16:e6:d6:b3:22:15:4b:5c:8e:3c:99:af: - 7b:7d:1a:e8:0d:3d:40:14:37:00:f5:37:3a:00:06: - e1:0b:0e:37:b8:76:62:a3:9a:5e:47:d5:d4:2a:4e: - 13:50:a9:0c:7a:b1:69:e7:79:9a:30:51:66:0b:e4: - b7:b9:7d:e4:5b:61:19:0b:8f:79:a9:43:b0:a1:ff: - c7:a6:7a:a6:fa:2e:88:28:84:66:68:bf:bf:b6:64: - 9e:1e:b7:e7:fe:35:63:65:51 + 00:c8:a6:78:a8:66:29:0b:89:bc:11:75:89:b1:a6: + 6e:1f:e0:06:fa:92:17:38:e7:6d:d7:8d:c8:27:f0: + 79:8f:88:3e:4b:1b:2a:7c:7d:65:66:f3:0a:13:98: + bb:46:2f:b2:6b:9f:9a:d0:90:f1:86:53:eb:00:84: + 9a:70:c1:90:65:e7:ba:06:31:e0:df:9d:48:11:9d: + 18:e5:4e:be:3e:c1:6d:78:04:b5:5f:4c:3e:2f:35: + 5a:3d:cd:17:49:64:19:8a:52:bb:1f:b9:9d:87:ef: + db:33:c9:3f:99:27:ed:b4:f8:89:72:5c:34:60:8c: + 32:ef:d2:d1:d7:8c:19:01:79 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical @@ -28,32 +28,32 @@ Certificate: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: - 93:70:43:DA:C0:AA:14:71:0F:93:EB:82:E7:F5:AE:C9:D2:1A:78:77 + 9E:62:BA:7F:59:9D:EE:4F:8D:50:FE:65:89:53:1A:AE:0C:F3:DD:2E Netscape Comment: Puppet Server Internal Certificate X509v3 Authority Key Identifier: - keyid:93:70:43:DA:C0:AA:14:71:0F:93:EB:82:E7:F5:AE:C9:D2:1A:78:77 + keyid:9E:62:BA:7F:59:9D:EE:4F:8D:50:FE:65:89:53:1A:AE:0C:F3:DD:2E Signature Algorithm: sha256WithRSAEncryption - 75:cc:05:b2:d8:43:aa:99:84:5d:64:0b:ac:cc:af:07:a7:0d: - 90:79:9f:c9:dc:09:e6:59:d8:d1:c2:0e:2a:96:ab:80:38:f8: - 1a:1d:d1:e2:0c:c0:fa:df:c0:cf:0c:78:30:ac:d0:b7:e9:88: - 31:d6:05:29:41:8f:2e:32:f2:98:74:fc:19:4b:d8:c5:36:c3: - 7a:a7:ae:8c:65:b0:4b:f0:fb:f8:86:ad:08:53:43:8f:f5:52: - a0:9b:cf:e8:2d:60:57:4f:f3:ab:63:3c:f2:23:da:d0:5a:de: - 2f:64:25:c3:4f:ff:51:c9:51:22:38:b4:e6:a6:87:50:a8:ea: - 9f:f3 + 53:28:9f:5d:07:00:17:d3:d5:ca:5a:64:2f:15:99:c8:4d:05: + ae:bf:42:01:f7:db:3f:52:74:3f:2c:4b:5d:f4:44:31:fa:27: + 1d:21:3a:b2:e2:b3:89:60:b5:7b:04:fc:f3:64:52:97:df:0a: + 71:3f:33:76:fd:2e:5b:03:4e:e2:e4:ca:22:d2:91:6c:de:8f: + 3a:ae:85:c1:49:a1:05:48:08:c2:5e:0d:55:82:8a:3f:4a:ac: + 6c:ce:2d:bb:19:ac:d5:8b:01:c0:53:c5:b1:eb:ba:e0:fd:ff: + 47:86:c0:cb:46:4e:cd:df:6e:d8:dd:ab:60:04:aa:5f:17:63: + 8f:de -----BEGIN CERTIFICATE----- -MIICLzCCAZigAwIBAgIBBzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0 -IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMwOTIxMzU1M1owEjEQMA4GA1UEAwwH -VGVzdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyBUIA3xp100F+YEM -8/F37UrofPesd7tci1yWMQG/qrQW5tazIhVLXI48ma97fRroDT1AFDcA9Tc6AAbh -Cw43uHZio5peR9XUKk4TUKkMerFp53maMFFmC+S3uX3kW2EZC495qUOwof/Hpnqm -+i6IKIRmaL+/tmSeHrfn/jVjZVECAwEAAaOBlDCBkTAMBgNVHRMBAf8EAjAAMA4G -A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUk3BD2sCqFHEPk+uC5/WuydIaeHcwMQYJ +MIICLzCCAZigAwIBAgIBCDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0 +IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMxOTA1MjkxOFowEjEQMA4GA1UEAwwH +VGVzdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyKZ4qGYpC4m8EXWJ +saZuH+AG+pIXOOdt143IJ/B5j4g+SxsqfH1lZvMKE5i7Ri+ya5+a0JDxhlPrAISa +cMGQZee6BjHg351IEZ0Y5U6+PsFteAS1X0w+LzVaPc0XSWQZilK7H7mdh+/bM8k/ +mSfttPiJclw0YIwy79LR14wZAXkCAwEAAaOBlDCBkTAMBgNVHRMBAf8EAjAAMA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUnmK6f1md7k+NUP5liVMargzz3S4wMQYJ YIZIAYb4QgENBCQWIlB1cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNhdGUw -HwYDVR0jBBgwFoAUk3BD2sCqFHEPk+uC5/WuydIaeHcwDQYJKoZIhvcNAQELBQAD -gYEAdcwFsthDqpmEXWQLrMyvB6cNkHmfydwJ5lnY0cIOKpargDj4Gh3R4gzA+t/A -zwx4MKzQt+mIMdYFKUGPLjLymHT8GUvYxTbDeqeujGWwS/D7+IatCFNDj/VSoJvP -6C1gV0/zq2M88iPa0FreL2Qlw0//UclRIji05qaHUKjqn/M= +HwYDVR0jBBgwFoAUnmK6f1md7k+NUP5liVMargzz3S4wDQYJKoZIhvcNAQELBQAD +gYEAUyifXQcAF9PVylpkLxWZyE0Frr9CAffbP1J0PyxLXfREMfonHSE6suKziWC1 +ewT882RSl98KcT8zdv0uWwNO4uTKItKRbN6POq6FwUmhBUgIwl4NVYKKP0qsbM4t +uxms1YsBwFPFseu64P3/R4bAy0ZOzd9u2N2rYASqXxdjj94= -----END CERTIFICATE----- diff --git a/spec/fixtures/ssl/bad-int-basic-constraints.pem b/spec/fixtures/ssl/bad-int-basic-constraints.pem index fed36731831..f85933663a4 100644 --- a/spec/fixtures/ssl/bad-int-basic-constraints.pem +++ b/spec/fixtures/ssl/bad-int-basic-constraints.pem @@ -6,21 +6,21 @@ Certificate: Issuer: CN=Test CA Validity Not Before: Jan 1 00:00:00 1970 GMT - Not After : Mar 9 21:35:53 2029 GMT + Not After : Mar 19 05:29:18 2029 GMT Subject: CN=Test CA Subauthority Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: - 00:e3:9e:d9:d2:f3:61:04:11:b7:41:5e:1f:4e:be: - 2f:27:e2:79:95:8a:15:e5:1e:31:3e:15:d9:73:7b: - b5:af:3f:53:25:fd:2d:ed:d4:ef:15:b6:de:8c:34: - 28:3e:e8:14:86:9b:06:a8:8f:c5:c2:cf:ce:31:c1: - 40:4d:24:7b:4c:17:4b:9d:19:6c:57:66:a2:25:ba: - 26:d2:14:37:32:17:15:0c:51:2e:9d:7e:01:6a:f7: - a1:3c:c9:b7:bb:00:79:82:f0:a9:c3:6f:58:a7:68: - 75:53:b2:fa:33:98:28:53:2e:99:d2:fb:73:63:09: - 51:32:df:0f:58:ee:ba:6a:19 + 00:db:d8:d0:96:48:5a:ba:58:ff:44:f4:c3:2b:aa: + 6e:29:8b:99:77:54:b3:8d:b9:6e:5c:62:91:76:ad: + d6:95:13:9f:03:c6:1a:69:c5:a2:b3:3c:36:73:cf: + ff:75:58:15:18:fa:ba:7d:97:b6:64:52:45:ce:06: + 30:34:1c:6a:65:84:28:89:77:3f:db:0b:34:0b:2e: + 95:c9:05:8c:ba:fd:17:e2:15:0c:34:fc:9c:49:cf: + a1:17:d6:0f:31:d3:c8:f1:e2:7a:1a:95:42:cd:72: + db:c7:3d:fc:a7:7c:ba:ce:ea:3b:d1:85:a9:11:32: + 0b:37:9a:ff:1e:06:ed:b4:5d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical @@ -28,32 +28,32 @@ Certificate: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: - 7A:E0:53:6E:4C:00:F4:DE:3D:74:3A:37:BA:CD:25:7A:C2:BC:44:0A + F0:CA:28:B8:25:72:4D:ED:2D:D0:A4:96:B9:26:76:89:9D:27:D9:0B Netscape Comment: Puppet Server Internal Certificate X509v3 Authority Key Identifier: - keyid:93:70:43:DA:C0:AA:14:71:0F:93:EB:82:E7:F5:AE:C9:D2:1A:78:77 + keyid:9E:62:BA:7F:59:9D:EE:4F:8D:50:FE:65:89:53:1A:AE:0C:F3:DD:2E Signature Algorithm: sha256WithRSAEncryption - 49:f9:91:6e:e7:62:aa:f7:50:89:4e:d7:c8:b9:dd:5f:35:13: - 1f:d8:d6:42:06:b0:71:48:47:35:77:5b:61:87:df:e3:61:45: - 63:9d:64:14:25:d6:64:0c:9c:d0:20:97:e5:86:f8:41:ac:3c: - bf:a9:65:31:e7:f0:6b:19:97:6b:a2:e9:fb:e5:4a:57:90:08: - f5:33:5e:08:f6:1f:76:f2:7f:5d:f3:44:8f:33:5b:91:7a:f2: - 80:c5:68:7b:2d:c6:c2:6e:1f:51:79:f4:06:ed:f9:c9:95:88: - 41:e7:8a:eb:41:fa:7c:b4:d3:a6:42:c4:92:bf:e0:dd:89:00: - c6:6a + 35:25:a0:f6:90:1d:1c:f4:cc:b0:50:49:8c:c4:cd:d4:f2:bc: + ad:3d:96:c6:a3:ed:40:0b:06:6c:21:71:df:25:76:3d:4a:02: + 90:76:55:de:eb:9b:0e:63:40:8d:aa:1f:b6:c9:59:08:ba:e7: + bb:c6:b1:6e:d6:0b:52:29:08:30:86:21:97:0a:6e:d5:92:4f: + 02:e2:53:47:75:83:03:2c:a4:80:6d:4c:0e:8d:7b:6a:25:1e: + 2c:37:0f:b5:a4:c6:bc:a6:b0:c8:ab:ef:cd:df:3b:b5:d1:b8: + 88:ab:4e:d4:4c:39:b2:4a:fb:28:16:26:be:77:5f:64:24:e8: + a6:15 -----BEGIN CERTIFICATE----- MIICPDCCAaWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0 -IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMwOTIxMzU1M1owHzEdMBsGA1UEAwwU +IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMxOTA1MjkxOFowHzEdMBsGA1UEAwwU VGVzdCBDQSBTdWJhdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -AOOe2dLzYQQRt0FeH06+LyfieZWKFeUeMT4V2XN7ta8/UyX9Le3U7xW23ow0KD7o -FIabBqiPxcLPzjHBQE0ke0wXS50ZbFdmoiW6JtIUNzIXFQxRLp1+AWr3oTzJt7sA -eYLwqcNvWKdodVOy+jOYKFMumdL7c2MJUTLfD1juumoZAgMBAAGjgZQwgZEwDAYD -VR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHrgU25MAPTePXQ6 -N7rNJXrCvEQKMDEGCWCGSAGG+EIBDQQkFiJQdXBwZXQgU2VydmVyIEludGVybmFs -IENlcnRpZmljYXRlMB8GA1UdIwQYMBaAFJNwQ9rAqhRxD5Prguf1rsnSGnh3MA0G -CSqGSIb3DQEBCwUAA4GBAEn5kW7nYqr3UIlO18i53V81Ex/Y1kIGsHFIRzV3W2GH -3+NhRWOdZBQl1mQMnNAgl+WG+EGsPL+pZTHn8GsZl2ui6fvlSleQCPUzXgj2H3by -f13zRI8zW5F68oDFaHstxsJuH1F59Abt+cmViEHniutB+ny006ZCxJK/4N2JAMZq +ANvY0JZIWrpY/0T0wyuqbimLmXdUs425blxikXat1pUTnwPGGmnForM8NnPP/3VY +FRj6un2XtmRSRc4GMDQcamWEKIl3P9sLNAsulckFjLr9F+IVDDT8nEnPoRfWDzHT +yPHiehqVQs1y28c9/Kd8us7qO9GFqREyCzea/x4G7bRdAgMBAAGjgZQwgZEwDAYD +VR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPDKKLglck3tLdCk +lrkmdomdJ9kLMDEGCWCGSAGG+EIBDQQkFiJQdXBwZXQgU2VydmVyIEludGVybmFs +IENlcnRpZmljYXRlMB8GA1UdIwQYMBaAFJ5iun9Zne5PjVD+ZYlTGq4M890uMA0G +CSqGSIb3DQEBCwUAA4GBADUloPaQHRz0zLBQSYzEzdTyvK09lsaj7UALBmwhcd8l +dj1KApB2Vd7rmw5jQI2qH7bJWQi657vGsW7WC1IpCDCGIZcKbtWSTwLiU0d1gwMs +pIBtTA6Ne2olHiw3D7WkxrymsMir783fO7XRuIirTtRMObJK+ygWJr53X2Qk6KYV -----END CERTIFICATE----- diff --git a/spec/fixtures/ssl/ca.pem b/spec/fixtures/ssl/ca.pem index 3efa18cc965..312481eced7 100644 --- a/spec/fixtures/ssl/ca.pem +++ b/spec/fixtures/ssl/ca.pem @@ -6,21 +6,21 @@ Certificate: Issuer: CN=Test CA Validity Not Before: Jan 1 00:00:00 1970 GMT - Not After : Mar 9 21:35:53 2029 GMT + Not After : Mar 19 05:29:18 2029 GMT Subject: CN=Test CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: - 00:c8:15:08:03:7c:69:d7:4d:05:f9:81:0c:f3:f1: - 77:ed:4a:e8:7c:f7:ac:77:bb:5c:8b:5c:96:31:01: - bf:aa:b4:16:e6:d6:b3:22:15:4b:5c:8e:3c:99:af: - 7b:7d:1a:e8:0d:3d:40:14:37:00:f5:37:3a:00:06: - e1:0b:0e:37:b8:76:62:a3:9a:5e:47:d5:d4:2a:4e: - 13:50:a9:0c:7a:b1:69:e7:79:9a:30:51:66:0b:e4: - b7:b9:7d:e4:5b:61:19:0b:8f:79:a9:43:b0:a1:ff: - c7:a6:7a:a6:fa:2e:88:28:84:66:68:bf:bf:b6:64: - 9e:1e:b7:e7:fe:35:63:65:51 + 00:c8:a6:78:a8:66:29:0b:89:bc:11:75:89:b1:a6: + 6e:1f:e0:06:fa:92:17:38:e7:6d:d7:8d:c8:27:f0: + 79:8f:88:3e:4b:1b:2a:7c:7d:65:66:f3:0a:13:98: + bb:46:2f:b2:6b:9f:9a:d0:90:f1:86:53:eb:00:84: + 9a:70:c1:90:65:e7:ba:06:31:e0:df:9d:48:11:9d: + 18:e5:4e:be:3e:c1:6d:78:04:b5:5f:4c:3e:2f:35: + 5a:3d:cd:17:49:64:19:8a:52:bb:1f:b9:9d:87:ef: + db:33:c9:3f:99:27:ed:b4:f8:89:72:5c:34:60:8c: + 32:ef:d2:d1:d7:8c:19:01:79 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical @@ -28,32 +28,32 @@ Certificate: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: - 93:70:43:DA:C0:AA:14:71:0F:93:EB:82:E7:F5:AE:C9:D2:1A:78:77 + 9E:62:BA:7F:59:9D:EE:4F:8D:50:FE:65:89:53:1A:AE:0C:F3:DD:2E Netscape Comment: Puppet Server Internal Certificate X509v3 Authority Key Identifier: - keyid:93:70:43:DA:C0:AA:14:71:0F:93:EB:82:E7:F5:AE:C9:D2:1A:78:77 + keyid:9E:62:BA:7F:59:9D:EE:4F:8D:50:FE:65:89:53:1A:AE:0C:F3:DD:2E Signature Algorithm: sha256WithRSAEncryption - 41:67:29:fe:f0:0a:34:21:0a:a9:f6:bc:61:d1:55:73:37:fd: - 07:c3:8a:fc:85:44:e3:18:9d:76:d8:c3:0d:eb:52:68:54:33: - bc:14:a5:35:7c:9f:98:60:5c:4d:68:75:6e:57:89:45:c7:95: - 7d:64:22:73:f6:91:46:a2:9d:a0:3d:17:29:2b:0b:98:30:b2: - dc:2f:21:87:20:8a:dc:49:89:81:e3:04:35:05:53:26:63:6e: - 4c:be:00:1a:37:fc:39:e3:e0:56:04:0d:95:89:ca:0c:e8:36: - 92:d4:8e:51:97:ae:10:9e:0e:2b:ff:f4:1d:79:8c:2b:82:4b: - 67:6e + 1f:dd:f9:69:42:ba:7c:48:35:77:39:33:db:c0:c4:bb:39:8e: + 90:ff:0d:4b:f7:ba:77:05:1f:11:5e:1b:61:f8:09:c9:73:4d: + 22:91:10:f4:7e:71:8f:5f:a9:b3:5c:ea:c3:2e:0c:90:57:71: + 47:3b:97:81:bc:c8:2a:34:26:e7:ef:63:0b:18:e6:59:8a:d0: + ec:c8:4f:94:b6:01:c9:a2:c8:31:36:f7:a5:a5:c7:8f:9b:96: + 2a:b6:0d:2c:15:50:d9:36:10:07:e6:d5:eb:f4:32:04:43:dd: + cc:50:03:bb:d9:8e:a2:78:1f:ee:70:cd:f2:db:5f:8e:45:2c: + 68:44 -----BEGIN CERTIFICATE----- MIICMjCCAZugAwIBAgIBADANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0 -IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMwOTIxMzU1M1owEjEQMA4GA1UEAwwH -VGVzdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyBUIA3xp100F+YEM -8/F37UrofPesd7tci1yWMQG/qrQW5tazIhVLXI48ma97fRroDT1AFDcA9Tc6AAbh -Cw43uHZio5peR9XUKk4TUKkMerFp53maMFFmC+S3uX3kW2EZC495qUOwof/Hpnqm -+i6IKIRmaL+/tmSeHrfn/jVjZVECAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/ -MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUk3BD2sCqFHEPk+uC5/WuydIaeHcw +IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMxOTA1MjkxOFowEjEQMA4GA1UEAwwH +VGVzdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyKZ4qGYpC4m8EXWJ +saZuH+AG+pIXOOdt143IJ/B5j4g+SxsqfH1lZvMKE5i7Ri+ya5+a0JDxhlPrAISa +cMGQZee6BjHg351IEZ0Y5U6+PsFteAS1X0w+LzVaPc0XSWQZilK7H7mdh+/bM8k/ +mSfttPiJclw0YIwy79LR14wZAXkCAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/ +MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUnmK6f1md7k+NUP5liVMargzz3S4w MQYJYIZIAYb4QgENBCQWIlB1cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNh -dGUwHwYDVR0jBBgwFoAUk3BD2sCqFHEPk+uC5/WuydIaeHcwDQYJKoZIhvcNAQEL -BQADgYEAQWcp/vAKNCEKqfa8YdFVczf9B8OK/IVE4xiddtjDDetSaFQzvBSlNXyf -mGBcTWh1bleJRceVfWQic/aRRqKdoD0XKSsLmDCy3C8hhyCK3EmJgeMENQVTJmNu -TL4AGjf8OePgVgQNlYnKDOg2ktSOUZeuEJ4OK//0HXmMK4JLZ24= +dGUwHwYDVR0jBBgwFoAUnmK6f1md7k+NUP5liVMargzz3S4wDQYJKoZIhvcNAQEL +BQADgYEAH935aUK6fEg1dzkz28DEuzmOkP8NS/e6dwUfEV4bYfgJyXNNIpEQ9H5x +j1+ps1zqwy4MkFdxRzuXgbzIKjQm5+9jCxjmWYrQ7MhPlLYByaLIMTb3paXHj5uW +KrYNLBVQ2TYQB+bV6/QyBEPdzFADu9mOongf7nDN8ttfjkUsaEQ= -----END CERTIFICATE----- diff --git a/spec/fixtures/ssl/crl.pem b/spec/fixtures/ssl/crl.pem index b1165cb2458..7edf46c3905 100644 --- a/spec/fixtures/ssl/crl.pem +++ b/spec/fixtures/ssl/crl.pem @@ -3,28 +3,28 @@ Certificate Revocation List (CRL): Signature Algorithm: sha256WithRSAEncryption Issuer: /CN=Test CA Last Update: Jan 1 00:00:00 1970 GMT - Next Update: Mar 9 21:35:53 2029 GMT + Next Update: Mar 19 05:29:18 2029 GMT CRL extensions: X509v3 Authority Key Identifier: - keyid:93:70:43:DA:C0:AA:14:71:0F:93:EB:82:E7:F5:AE:C9:D2:1A:78:77 + keyid:9E:62:BA:7F:59:9D:EE:4F:8D:50:FE:65:89:53:1A:AE:0C:F3:DD:2E X509v3 CRL Number: 0 No Revoked Certificates. Signature Algorithm: sha256WithRSAEncryption - 1d:22:2e:ce:86:44:d5:58:56:84:a9:98:2f:31:38:41:52:c7: - 31:83:94:81:bd:57:8e:8c:4f:9a:58:16:2c:84:56:83:ef:34: - b6:d8:fb:65:f6:54:1a:7e:6c:36:5b:d3:f0:8c:65:22:fb:4a: - 08:3c:31:c4:93:1a:f0:9c:24:97:50:e4:6f:6b:5b:33:93:c8: - 89:f1:9f:7a:cc:cd:3a:db:0b:af:f2:2c:6b:f8:f5:a7:9d:cc: - 1b:71:fc:03:2f:2b:f7:6b:47:7d:86:c5:ee:be:76:f6:13:9d: - 63:ba:72:b3:ac:c4:4d:e5:84:03:25:b4:52:f9:35:ea:88:f2: - 6f:c5 + 07:d1:97:4d:f1:99:b7:0c:3b:1a:5f:d9:3b:42:f6:0b:e3:d3: + 3e:36:01:45:31:c4:ed:7a:44:8e:0e:f0:50:46:6e:71:db:37: + 3f:b0:ce:1d:29:3a:1c:cf:3a:52:2e:c3:37:6f:26:6e:55:ac: + 05:e2:3c:da:52:55:11:75:58:98:4f:7d:eb:9d:3e:91:e9:78: + 55:36:5f:0e:41:e8:fb:d2:b2:5b:a1:d1:64:d2:de:e5:66:11: + e5:e4:6f:00:1d:b8:20:be:f7:88:ac:22:24:49:32:12:fd:cb: + 5e:60:c0:67:34:15:9e:b1:31:d6:d1:24:bc:07:59:ad:87:be: + 9f:54 -----BEGIN X509 CRL----- MIIBCjB1AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTcw -MDEwMTAwMDAwMFoXDTI5MDMwOTIxMzU1M1qgLzAtMB8GA1UdIwQYMBaAFJNwQ9rA -qhRxD5Prguf1rsnSGnh3MAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4GBAB0i -Ls6GRNVYVoSpmC8xOEFSxzGDlIG9V46MT5pYFiyEVoPvNLbY+2X2VBp+bDZb0/CM -ZSL7Sgg8McSTGvCcJJdQ5G9rWzOTyInxn3rMzTrbC6/yLGv49aedzBtx/AMvK/dr -R32Gxe6+dvYTnWO6crOsxE3lhAMltFL5NeqI8m/F +MDEwMTAwMDAwMFoXDTI5MDMxOTA1MjkxOFqgLzAtMB8GA1UdIwQYMBaAFJ5iun9Z +ne5PjVD+ZYlTGq4M890uMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4GBAAfR +l03xmbcMOxpf2TtC9gvj0z42AUUxxO16RI4O8FBGbnHbNz+wzh0pOhzPOlIuwzdv +Jm5VrAXiPNpSVRF1WJhPfeudPpHpeFU2Xw5B6PvSsluh0WTS3uVmEeXkbwAduCC+ +94isIiRJMhL9y15gwGc0FZ6xMdbRJLwHWa2Hvp9U -----END X509 CRL----- diff --git a/spec/fixtures/ssl/ec-key.pem b/spec/fixtures/ssl/ec-key.pem new file mode 100644 index 00000000000..2f73f3298c3 --- /dev/null +++ b/spec/fixtures/ssl/ec-key.pem @@ -0,0 +1,18 @@ +Private-Key: (256 bit) +priv: + d0:f2:6f:0a:68:27:4e:1f:6e:1f:bd:48:1f:55:8a: + f2:21:0e:3a:42:f7:fc:97:a0:a9:3f:b0:63:a4:fd: + f9:1d +pub: + 04:5e:49:67:e1:47:c9:06:9f:dd:40:29:b0:20:13: + 68:a2:96:4a:e5:05:d7:09:ff:43:bb:27:25:bf:f3: + 6c:d4:1e:28:a3:4b:1e:d6:e0:ad:28:78:75:b4:27: + 72:b4:21:cd:d6:37:23:b9:37:bb:0d:45:99:c7:27: + e8:62:a1:9d:4f +ASN1 OID: prime256v1 +NIST CURVE: P-256 +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEINDybwpoJ04fbh+9SB9VivIhDjpC9/yXoKk/sGOk/fkdoAoGCCqGSM49 +AwEHoUQDQgAEXkln4UfJBp/dQCmwIBNoopZK5QXXCf9Duyclv/Ns1B4oo0se1uCt +KHh1tCdytCHN1jcjuTe7DUWZxyfoYqGdTw== +-----END EC PRIVATE KEY----- diff --git a/spec/fixtures/ssl/ec.pem b/spec/fixtures/ssl/ec.pem new file mode 100644 index 00000000000..892b492de34 --- /dev/null +++ b/spec/fixtures/ssl/ec.pem @@ -0,0 +1,40 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=Test CA Subauthority + Validity + Not Before: Jan 1 00:00:00 1970 GMT + Not After : Mar 19 05:29:18 2029 GMT + Subject: CN=ec + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:5e:49:67:e1:47:c9:06:9f:dd:40:29:b0:20:13: + 68:a2:96:4a:e5:05:d7:09:ff:43:bb:27:25:bf:f3: + 6c:d4:1e:28:a3:4b:1e:d6:e0:ad:28:78:75:b4:27: + 72:b4:21:cd:d6:37:23:b9:37:bb:0d:45:99:c7:27: + e8:62:a1:9d:4f + ASN1 OID: prime256v1 + NIST CURVE: P-256 + Signature Algorithm: sha256WithRSAEncryption + 3c:b5:cd:fc:7b:a3:5d:74:16:f2:0f:40:6e:b6:0f:89:f8:b1: + d8:bf:5b:8f:dd:c7:e1:70:75:4a:09:6b:19:0b:fe:5b:1b:c1: + 17:84:4b:27:b5:ce:ee:07:5a:ec:e5:20:a3:7c:8e:21:4d:21: + 93:cd:ad:c9:eb:2b:1c:23:f8:f2:d7:11:c3:3e:91:84:1e:3a: + 2c:12:ac:cd:a3:6c:25:16:db:66:b3:9c:aa:92:a5:f0:cb:85: + 27:05:a0:77:7b:47:e9:49:49:17:43:7c:92:40:8e:33:4d:49: + a1:89:f4:40:02:ad:36:d6:2c:b9:ce:f5:1f:2b:64:16:a0:ab: + 2d:cf +-----BEGIN CERTIFICATE----- +MIIBWDCBwqADAgECAgEFMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNVBAMMFFRlc3Qg +Q0EgU3ViYXV0aG9yaXR5MB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMxOTA1MjkxOFow +DTELMAkGA1UEAwwCZWMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAReSWfhR8kG +n91AKbAgE2iilkrlBdcJ/0O7JyW/82zUHiijSx7W4K0oeHW0J3K0Ic3WNyO5N7sN +RZnHJ+hioZ1PMA0GCSqGSIb3DQEBCwUAA4GBADy1zfx7o110FvIPQG62D4n4sdi/ +W4/dx+FwdUoJaxkL/lsbwReESye1zu4HWuzlIKN8jiFNIZPNrcnrKxwj+PLXEcM+ +kYQeOiwSrM2jbCUW22aznKqSpfDLhScFoHd7R+lJSRdDfJJAjjNNSaGJ9EACrTbW +LLnO9R8rZBagqy3P +-----END CERTIFICATE----- diff --git a/spec/fixtures/ssl/encrypted-key.pem b/spec/fixtures/ssl/encrypted-key.pem index 9b6867a50eb..1b7626346c5 100644 --- a/spec/fixtures/ssl/encrypted-key.pem +++ b/spec/fixtures/ssl/encrypted-key.pem @@ -1,70 +1,70 @@ Private-Key: (1024 bit) modulus: - 00:ad:cf:8f:ff:51:7a:86:cc:99:5d:14:8f:07:0c: - f7:e7:f7:e8:3c:46:90:38:d3:fa:71:91:57:42:3a: - bd:9a:80:24:e8:df:55:26:a6:8f:74:30:5c:5a:f4: - 34:f0:db:76:24:1c:f1:cd:57:1b:80:93:2c:5c:e9: - b1:ea:21:c8:f6:58:52:ce:3f:b3:f6:32:6e:de:00: - b9:8e:a2:9f:07:08:ac:e7:32:6e:43:93:4a:eb:87: - d6:6c:e6:6a:4e:45:bd:f9:08:4b:71:d3:05:77:67: - 87:26:08:12:62:37:09:5f:37:59:09:3e:80:74:b2: - 69:43:46:32:99:b9:db:fe:05 + 00:cb:25:de:72:e8:72:10:9a:ee:70:0f:d3:41:7a: + 7d:3f:02:d9:8f:5a:3b:44:84:92:11:e2:7c:a7:a2: + eb:f9:69:1e:45:78:3b:4d:d8:94:c6:e8:a4:ca:8a: + 11:33:72:5e:08:65:a8:e4:f5:f3:88:f1:1a:fa:19: + 38:2a:ca:82:cf:73:cd:fe:72:95:3e:07:f9:15:f1: + dd:ce:d0:b7:10:b6:83:8f:d1:84:ab:34:56:f7:c4: + 08:49:24:86:16:af:8c:a3:4d:1c:41:40:7d:6a:14: + a1:70:08:7e:dd:01:3a:79:4c:10:48:33:bb:4f:9b: + 23:7f:26:9f:5c:d6:58:00:09 publicExponent: 65537 (0x10001) privateExponent: - 25:5f:98:4b:02:2e:22:86:24:04:0b:c3:a5:74:78: - 69:fc:b8:87:1d:75:2d:83:07:3b:1c:51:73:00:46: - 7c:ce:49:21:79:c4:49:87:4f:19:60:bc:bb:21:ff: - b0:3a:c0:70:8b:78:c2:fa:94:03:55:a2:18:68:77: - c5:2c:76:95:86:fb:af:4d:24:d7:ab:08:65:f3:6e: - 52:7b:cb:ec:89:74:55:e7:6c:26:93:62:ff:01:f0: - 5f:33:1c:a2:db:78:7e:fc:fc:a0:c1:75:cd:2a:aa: - 31:1e:03:ee:0f:a4:be:f8:aa:80:e5:c1:fe:12:67: - 7d:8b:4a:ba:5d:bc:89:01 + 31:b5:1e:6d:37:7b:51:9c:d7:63:0c:3c:40:f5:5b: + d8:23:36:60:e1:4f:47:40:b9:0d:2f:42:19:32:c0: + 52:d2:e9:d9:4d:c6:15:12:3d:b5:3e:0f:b4:8f:7c: + 0d:fe:9a:0b:ab:f4:5b:b1:e2:d9:4b:45:b2:94:a1: + 2d:b7:47:b2:52:e9:4f:62:76:03:ee:d8:b2:72:ff: + e3:5a:7e:90:90:15:cb:38:7d:6e:a7:c3:d5:a9:1b: + 3f:86:df:2b:4d:0a:90:86:35:37:a9:53:46:85:86: + aa:9c:f8:ce:b0:56:2c:77:a4:5e:ee:81:8a:e9:74: + 43:b8:7e:ba:f3:74:68:01 prime1: - 00:e2:de:b4:d0:ef:3c:db:51:50:0f:f5:ff:73:8e: - da:e2:1c:1e:46:3a:09:a0:00:e1:a4:97:90:c7:62: - 9a:e0:84:f4:66:ff:35:be:7f:f8:98:ed:28:50:5d: - a5:77:eb:ab:0d:9c:f8:b1:f9:ef:d0:0e:5b:9f:da: - fa:44:73:3f:d5 + 00:ff:c6:fc:c2:c5:0d:d1:14:1b:05:5d:84:63:d5: + 7d:7c:4c:6c:d2:9d:04:c8:c8:78:6c:b1:e0:35:43: + 46:2a:b8:6f:8f:e1:62:36:bf:c9:39:3b:63:4c:45: + 39:6e:81:67:19:b9:c3:d5:ef:de:05:75:35:d7:ac: + 76:5a:65:3b:41 prime2: - 00:c4:20:c8:8a:86:24:f5:be:20:82:73:f4:bb:43: - 77:d7:c7:cd:de:49:a0:58:1e:c2:5e:34:e2:4e:a0: - fd:26:16:9a:4b:32:42:f2:08:19:93:64:13:cd:d9: - 93:c5:63:0d:39:9f:1d:8d:20:80:02:27:75:71:25: - 74:24:43:0d:71 + 00:cb:53:26:89:18:0d:66:23:58:dc:7f:ef:12:9f: + 1d:a0:28:03:8a:bd:64:0d:e7:4c:7f:1b:03:6e:dd: + e3:08:a9:95:bf:0d:d2:9b:fd:1a:9e:44:e7:f5:b4: + 81:02:33:ca:43:f2:ec:88:b2:d6:1c:4d:96:d1:5e: + 40:6c:3f:fa:c9 exponent1: - 00:b6:34:1a:8f:fa:b3:ab:88:60:7e:91:18:fa:1b: - ef:1a:cd:6e:5b:04:5d:9a:8d:5a:ab:2f:b6:ed:0a: - fa:4b:fb:3b:b6:44:9d:4b:43:c7:ca:3a:1d:b8:7d: - 9d:58:f4:82:ca:4a:19:4a:06:eb:5c:f3:4b:0e:d5: - 75:4d:e8:29:89 + 35:2c:f0:75:a9:b4:12:a8:a4:69:7c:24:bf:00:ae: + 82:fd:fc:8d:d8:d9:1a:c9:1a:c8:36:3e:cf:b3:f9: + cd:7d:e4:ab:bc:06:c8:2d:1d:2f:89:da:3e:0c:12: + 41:98:23:90:24:9f:c3:45:88:1a:08:61:36:42:83: + a4:8d:71:41 exponent2: - 1e:1d:66:8d:96:a1:70:36:5c:69:8b:82:85:8a:8b: - 89:4f:7d:b5:e7:1a:3e:cd:a2:4c:b2:d4:18:fc:b1: - 42:3a:f0:40:21:9c:93:eb:58:7a:00:40:e6:37:c5: - 6f:e6:90:ae:4b:57:4f:47:31:40:a3:6c:6e:0e:31: - 32:2c:35:91 + 00:86:b8:71:b0:24:df:bb:ed:6f:d3:aa:71:1e:45: + 8f:bb:ae:c7:aa:06:13:65:a2:fc:6c:bb:d9:6a:7c: + 5b:12:42:4b:96:6b:f2:40:a9:54:19:ca:4e:67:df: + 52:1b:c3:75:21:d0:b4:29:5f:55:bf:2b:29:e3:50: + 30:1f:89:c5:01 coefficient: - 57:c8:09:23:2a:ad:d0:a4:c0:f5:5b:9c:b4:7e:36: - a2:b6:dd:8d:cc:9d:ac:db:e9:03:3d:32:a3:90:c3: - 47:9d:07:69:9c:c5:97:94:96:53:b4:b6:c5:45:96: - 56:07:e4:c6:9a:ec:56:a4:b5:c3:12:70:ee:13:ae: - 43:bd:51:39 + 38:33:d3:bc:f2:38:03:c9:f1:67:2f:85:80:53:17: + d1:6d:b1:b1:1c:a0:a4:db:6b:b7:49:64:01:fa:e3: + 7e:ac:48:c6:3f:12:19:fa:71:c9:6b:7b:37:c1:42: + a3:dd:3c:ad:68:af:a2:c1:aa:d3:59:20:84:85:0f: + 39:22:87:b6 -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,E9B79BAA1EF2AB76A41C5024B914E84D +DEK-Info: AES-128-CBC,0540D00A39D6957EA2BF2160DFB3CC4A -IHS6jMaijjLaI3BZywYIdIitmDHDDRuSaUno/jeHLf3JKPTqI+wyjyE+E1u+Eu4J -+ZGYkT0qcZf+fD0OJ9w9LdogwlsXQXTgT21gt4+uiBR0CRcbF5K4nw2k282ui+7T -qCTm8eir6jqVbxYWVLC0rmw0zoQDS0nLaKJK7XePd4LVqFjejBRu+QXtKitBdbb5 -/kHbTCydEz1zc3NA8jgelZyl2s8pgPqIW/rLVgpaQs4zNqUmnETvdQM9JEds9InJ -9Qd22k0+qQceUpSOh5NGoAuTpiycNhk11AL5isCok1U3pEUSi/redT+W+DVEnICZ -QO07+6OQbOp0g6/QEsEg5v6YxFXVdMU9o7Y/kAxFc07c8NrhEFr8T23NVrLs/t5d -Rj7DTO0wEh782dX2K7Qda8qDnTbknf0T48kFT8NGgm9LtznrGhKWRgUQawJ5ODOu -jDAe4R1956gmIw56EpZ+Gtog5ugRHnF+YgwYRYGQ/MCYkwvuwJX0RrmaScNxbVhj -qBwoOtD0entIfynapOgGyMqe+E0SyZUoqkbh602DPJsQ6MYgaGeDFXMJ3u5K8sD0 -OytTqb09Efg4VDCSdG4qrO+l+NueuRkCpsGZ4PtU8XZ5FDhw6MjFCVRPr3N6WIIQ -wcMCk5Zuu6ynjGaOm0buQeNpaH9v7/7hEat8+dj0lL4PbxZ6VO/dTz1mqs/Wey9A -B1p6RkEYHEHzrzoxso18DyTLGRTncT8GTVHVwTK+/+1z+fkcfoi3y89M2zHifKKP -YLHhCBIMC73ClhuD0u/BsFXH4SEXoMrcsCTMEaByfq+Ws4kNU91JUzVDeQaRTwFq +UPC1hsNJ/NfojjefN37uVcCLalQsJ8RT+aaKBeIel62atMvHXzbgtN8S/fujedhT +pmFBtjI/6qkdk2BN44sQT+TNbV5bzjuObSnDApR1Hi1C1jE8yIps6Le60poRbRAK +J9X6SAWVw0xfwqkn6NPVYHPtyroAjK2xQK080QjSwSDCsmSyQPiQFv5tAvLKsWwD +vgDZ1sobM9LcvvlCqP0sbkUSniUo52dWXDQ7QFHx1HgaROJQYj/qLhdH1ju4GLec +nofFWKzLc4dZOoBzQ5WJDAILuCJ9pBHft+jCJNyTiY5Ybh121d1u+g/LAgUo93q5 +h67z7pga0mNFn+YDC/CUmWOZz+ahsdfU6oQJ8UemBY8izQPDewQ4AZGFUdkJJbgs +jEhX81Oz8mdDUrcFab20I2upJGWcmSEzVOEBkT3rf+njDmGrvTMFTH3rfWIOyWy0 +kaga2A7DKLfEiKrG8cBn6Ww5V6+tWpNS7iEEiTVyjtS7K7FTVMmCPRTS8CoS6Wba ++MUedRZ/3mScd1pEbEyDfAaBufc+QQerLfyNrlaGwERhBlJPPjAjMwb1DDaZELEX +4ENGaALPV6irL8bhzyRILz7bnnK0Mr5OS+inI1LaOGICdUWY6hP/RNzl9RodElYC +vDtTkaybGB2YIu5bHzPyuj6zfRA6SXBHxGUi39niF7JTHhwAy0UBFrB7E4GxoLwH +bzqOuIQU7h2h5Uogiaubgbo08SYDPXIkMoexRAwIVew2RYjjJkrY+n6yndBIZI9R +PTkqrHWiIaesFaPlh5AIvyT66UXi8FA18SUmAiSav2tnt8sSRh9lYpZAhaAIjV7I -----END RSA PRIVATE KEY----- diff --git a/spec/fixtures/ssl/intermediate-agent-crl.pem b/spec/fixtures/ssl/intermediate-agent-crl.pem index 8278d79dd3d..34b02e7efaa 100644 --- a/spec/fixtures/ssl/intermediate-agent-crl.pem +++ b/spec/fixtures/ssl/intermediate-agent-crl.pem @@ -3,29 +3,29 @@ Certificate Revocation List (CRL): Signature Algorithm: sha256WithRSAEncryption Issuer: /CN=Test CA Agent Subauthority Last Update: Jan 1 00:00:00 1970 GMT - Next Update: Mar 9 21:35:53 2029 GMT + Next Update: Mar 19 05:29:18 2029 GMT CRL extensions: X509v3 Authority Key Identifier: - keyid:4C:8D:DA:6C:26:2B:12:AF:11:85:FD:26:DF:21:F5:E4:1D:AE:CD:81 + keyid:C8:20:38:12:C6:BF:2C:76:7F:CB:2C:18:5C:37:EA:09:9B:D9:BC:6B X509v3 CRL Number: 0 No Revoked Certificates. Signature Algorithm: sha256WithRSAEncryption - 15:83:8b:cc:88:0c:19:02:41:63:e5:88:7f:6c:85:8a:d9:3c: - 0f:ad:0b:b6:c4:4d:39:76:94:7f:a8:d8:74:30:d9:22:c1:bc: - 1e:6a:b5:7b:7c:4d:ee:ab:6f:b3:30:78:3d:cd:3a:f6:6b:fb: - 84:d8:75:42:1e:8b:83:81:16:8e:ae:74:85:bf:5f:6a:b5:e6: - f7:a5:dc:5a:bf:c2:c5:1d:a3:a2:de:5a:9f:01:18:42:af:ad: - 2a:a5:a9:fa:d9:52:95:e0:bb:8c:6d:6d:50:7b:fa:b0:eb:e0: - c9:2c:92:9f:fa:d0:4e:11:c6:80:70:62:12:15:9d:e6:05:c2: - 81:58 + 98:d9:2d:c0:24:c4:98:f9:81:38:2a:58:50:d7:1b:88:96:99: + e1:bf:1c:63:f0:ac:85:bc:1a:89:bf:95:86:84:5a:71:07:c9: + fa:1c:ed:28:10:a9:37:c2:af:48:1d:37:7f:ae:ee:e5:68:94: + 62:be:9b:b9:ba:7e:ec:a7:26:72:bf:c9:2a:c1:bf:df:af:02: + 3b:a8:cc:f7:1a:1d:f8:07:5c:51:31:f7:21:d1:29:91:e8:4c: + e2:69:60:7a:ea:83:48:35:95:28:c0:ba:8a:38:c2:d4:73:b2: + cf:23:b2:c2:24:d6:85:3c:fd:47:58:00:ec:47:5a:a4:88:03: + 6e:cb -----BEGIN X509 CRL----- MIIBHjCBiAIBATANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpUZXN0IENBIEFn -ZW50IFN1YmF1dGhvcml0eRcNNzAwMTAxMDAwMDAwWhcNMjkwMzA5MjEzNTUzWqAv -MC0wHwYDVR0jBBgwFoAUTI3abCYrEq8Rhf0m3yH15B2uzYEwCgYDVR0UBAMCAQAw -DQYJKoZIhvcNAQELBQADgYEAFYOLzIgMGQJBY+WIf2yFitk8D60LtsRNOXaUf6jY -dDDZIsG8Hmq1e3xN7qtvszB4Pc069mv7hNh1Qh6Lg4EWjq50hb9farXm96XcWr/C -xR2jot5anwEYQq+tKqWp+tlSleC7jG1tUHv6sOvgySySn/rQThHGgHBiEhWd5gXC -gVg= +ZW50IFN1YmF1dGhvcml0eRcNNzAwMTAxMDAwMDAwWhcNMjkwMzE5MDUyOTE4WqAv +MC0wHwYDVR0jBBgwFoAUyCA4Esa/LHZ/yywYXDfqCZvZvGswCgYDVR0UBAMCAQAw +DQYJKoZIhvcNAQELBQADgYEAmNktwCTEmPmBOCpYUNcbiJaZ4b8cY/Cshbwaib+V +hoRacQfJ+hztKBCpN8KvSB03f67u5WiUYr6bubp+7Kcmcr/JKsG/368CO6jM9xod ++AdcUTH3IdEpkehM4mlgeuqDSDWVKMC6ijjC1HOyzyOywiTWhTz9R1gA7EdapIgD +bss= -----END X509 CRL----- diff --git a/spec/fixtures/ssl/intermediate-agent.pem b/spec/fixtures/ssl/intermediate-agent.pem index 42cf69715d9..83490a92157 100644 --- a/spec/fixtures/ssl/intermediate-agent.pem +++ b/spec/fixtures/ssl/intermediate-agent.pem @@ -1,26 +1,26 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 5 (0x5) + Serial Number: 6 (0x6) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Test CA Validity Not Before: Jan 1 00:00:00 1970 GMT - Not After : Mar 9 21:35:53 2029 GMT + Not After : Mar 19 05:29:18 2029 GMT Subject: CN=Test CA Agent Subauthority Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: - 00:b5:ed:95:5b:eb:9e:9c:18:b2:6b:d6:a5:93:54: - 29:cd:37:90:3b:2a:ce:ad:b8:1d:44:85:6b:7c:5f: - 68:e4:a6:97:c0:cf:cc:f3:b5:28:cb:d5:c3:5f:f1: - 2b:1b:96:99:9a:05:eb:72:b9:48:6f:83:5c:12:a7: - 1f:14:16:db:51:6c:84:a5:64:76:89:28:53:64:61: - 32:02:af:3f:b8:f9:5f:66:2c:2a:b9:63:37:24:57: - c2:46:8a:e7:fe:cc:14:b6:50:2b:6d:f9:4d:5f:7d: - 3e:68:1c:c3:11:06:01:d9:d8:31:7d:08:a5:75:b5: - dd:11:10:2f:e1:e4:8a:5a:d3 + 00:cf:28:df:d2:fa:c9:dc:68:86:f0:35:76:95:84: + 8e:0d:eb:91:47:3e:2f:98:71:18:4c:65:16:a7:59: + 5f:20:18:20:11:f7:89:43:64:c4:78:0a:74:42:83: + 9b:80:12:73:e9:82:e6:72:67:b2:ee:18:a6:ad:ac: + 70:cb:6e:6c:0f:47:f7:b4:ba:7a:97:4c:38:6f:a9: + 89:7f:64:64:21:f5:6c:e2:9e:42:ae:73:28:97:b3: + 0f:93:12:ef:ef:e5:0d:3e:3e:f8:a9:de:bd:b7:c2: + fe:a2:b2:3b:ea:eb:50:ab:61:5c:2c:f5:9f:46:1e: + e0:3a:48:20:e4:ac:4f:61:c5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical @@ -28,33 +28,33 @@ Certificate: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: - 4C:8D:DA:6C:26:2B:12:AF:11:85:FD:26:DF:21:F5:E4:1D:AE:CD:81 + C8:20:38:12:C6:BF:2C:76:7F:CB:2C:18:5C:37:EA:09:9B:D9:BC:6B Netscape Comment: Puppet Server Internal Certificate X509v3 Authority Key Identifier: - keyid:93:70:43:DA:C0:AA:14:71:0F:93:EB:82:E7:F5:AE:C9:D2:1A:78:77 + keyid:9E:62:BA:7F:59:9D:EE:4F:8D:50:FE:65:89:53:1A:AE:0C:F3:DD:2E Signature Algorithm: sha256WithRSAEncryption - 85:84:ab:76:ae:37:77:e7:0d:f0:6b:43:57:5a:7f:98:81:e0: - 5d:81:3a:a6:ec:04:01:f4:e0:e1:e8:96:43:a4:f5:2f:93:9c: - 4c:0b:e6:53:ce:c8:ff:a1:b6:0e:e5:0b:62:87:10:40:fb:bb: - 29:a6:c9:df:ec:52:59:77:07:91:ef:cc:29:97:86:ed:5f:9f: - 34:ad:20:33:3c:39:1d:e5:58:d7:1c:0b:91:1c:3b:b1:a7:8d: - bc:fb:b9:27:f9:1d:3f:f9:54:a6:63:83:73:4c:63:97:23:21: - 62:ae:c5:a6:e6:f7:4c:24:bc:e1:e9:cb:d5:37:42:15:a3:78: - 5d:33 + 1c:39:a4:32:51:d4:8a:cc:ef:64:62:b2:3c:c4:82:ca:4a:f0: + 14:a6:bb:b6:b8:eb:01:b1:b5:35:e9:2a:21:6e:4a:d6:7e:35: + 7b:86:45:d2:ef:3f:62:fa:88:a3:f7:7b:04:55:27:d6:84:32: + 60:4f:92:a0:a6:0c:73:1f:c2:55:c0:73:77:a0:28:fb:2e:1c: + 66:fe:2d:17:88:34:d1:4c:52:f8:3b:ad:bc:83:03:60:4d:6c: + 85:f0:1e:82:ae:74:d9:94:c6:c2:36:b7:f7:3a:05:e1:b0:f3: + f4:a9:70:20:d9:ad:9a:ec:f3:01:2d:66:e6:53:de:dd:9c:38: + 33:e6 -----BEGIN CERTIFICATE----- -MIICRTCCAa6gAwIBAgIBBTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0 -IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMwOTIxMzU1M1owJTEjMCEGA1UEAwwa +MIICRTCCAa6gAwIBAgIBBjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0 +IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMxOTA1MjkxOFowJTEjMCEGA1UEAwwa VGVzdCBDQSBBZ2VudCBTdWJhdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A -MIGJAoGBALXtlVvrnpwYsmvWpZNUKc03kDsqzq24HUSFa3xfaOSml8DPzPO1KMvV -w1/xKxuWmZoF63K5SG+DXBKnHxQW21FshKVkdokoU2RhMgKvP7j5X2YsKrljNyRX -wkaK5/7MFLZQK235TV99PmgcwxEGAdnYMX0IpXW13REQL+HkilrTAgMBAAGjgZcw -gZQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEyN -2mwmKxKvEYX9Jt8h9eQdrs2BMDEGCWCGSAGG+EIBDQQkFiJQdXBwZXQgU2VydmVy -IEludGVybmFsIENlcnRpZmljYXRlMB8GA1UdIwQYMBaAFJNwQ9rAqhRxD5Prguf1 -rsnSGnh3MA0GCSqGSIb3DQEBCwUAA4GBAIWEq3auN3fnDfBrQ1daf5iB4F2BOqbs -BAH04OHolkOk9S+TnEwL5lPOyP+htg7lC2KHEED7uymmyd/sUll3B5HvzCmXhu1f -nzStIDM8OR3lWNccC5EcO7Gnjbz7uSf5HT/5VKZjg3NMY5cjIWKuxabm90wkvOHp -y9U3QhWjeF0z +MIGJAoGBAM8o39L6ydxohvA1dpWEjg3rkUc+L5hxGExlFqdZXyAYIBH3iUNkxHgK +dEKDm4ASc+mC5nJnsu4Ypq2scMtubA9H97S6epdMOG+piX9kZCH1bOKeQq5zKJez +D5MS7+/lDT4++KnevbfC/qKyO+rrUKthXCz1n0Ye4DpIIOSsT2HFAgMBAAGjgZcw +gZQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMgg +OBLGvyx2f8ssGFw36gmb2bxrMDEGCWCGSAGG+EIBDQQkFiJQdXBwZXQgU2VydmVy +IEludGVybmFsIENlcnRpZmljYXRlMB8GA1UdIwQYMBaAFJ5iun9Zne5PjVD+ZYlT +Gq4M890uMA0GCSqGSIb3DQEBCwUAA4GBABw5pDJR1IrM72RisjzEgspK8BSmu7a4 +6wGxtTXpKiFuStZ+NXuGRdLvP2L6iKP3ewRVJ9aEMmBPkqCmDHMfwlXAc3egKPsu +HGb+LReINNFMUvg7rbyDA2BNbIXwHoKudNmUxsI2t/c6BeGw8/SpcCDZrZrs8wEt +ZuZT3t2cODPm -----END CERTIFICATE----- diff --git a/spec/fixtures/ssl/intermediate-crl.pem b/spec/fixtures/ssl/intermediate-crl.pem index 22036c2e229..e1febdddc83 100644 --- a/spec/fixtures/ssl/intermediate-crl.pem +++ b/spec/fixtures/ssl/intermediate-crl.pem @@ -3,34 +3,34 @@ Certificate Revocation List (CRL): Signature Algorithm: sha256WithRSAEncryption Issuer: /CN=Test CA Subauthority Last Update: Jan 1 00:00:00 1970 GMT - Next Update: Mar 9 21:35:53 2029 GMT + Next Update: Mar 19 05:29:18 2029 GMT CRL extensions: X509v3 Authority Key Identifier: - keyid:7A:E0:53:6E:4C:00:F4:DE:3D:74:3A:37:BA:CD:25:7A:C2:BC:44:0A + keyid:F0:CA:28:B8:25:72:4D:ED:2D:D0:A4:96:B9:26:76:89:9D:27:D9:0B X509v3 CRL Number: 0 Revoked Certificates: Serial Number: 04 - Revocation Date: Mar 12 21:35:53 2019 GMT + Revocation Date: Mar 22 05:29:18 2019 GMT CRL entry extensions: X509v3 CRL Reason Code: Key Compromise Signature Algorithm: sha256WithRSAEncryption - 01:4f:22:9c:6d:6d:35:4a:8f:9e:44:09:a2:f8:2a:e9:85:3d: - cb:4d:c3:4e:9a:59:14:85:b5:1a:2b:de:d8:02:d8:56:b9:0d: - 48:e3:5f:65:a3:33:c8:f0:72:6b:4c:33:a1:07:45:a7:b3:fd: - 30:07:b2:5e:45:4b:82:6a:9a:d0:8e:73:51:72:6d:57:2b:5a: - 97:fc:00:20:f4:8f:7f:1c:6e:07:f1:42:01:7f:52:24:22:28: - bf:99:c4:43:23:57:f7:18:68:6c:63:d8:e4:8f:57:e1:9a:41: - 82:b0:c0:a9:c3:39:d5:9c:5b:db:33:a7:f9:f4:ad:0f:65:b0: - fc:8e + 4e:b1:bd:be:c8:fa:d5:cf:c3:61:2a:12:a6:a7:85:bb:b9:01: + ea:0f:9a:b1:29:a1:8e:cf:7c:9e:a0:cd:7b:07:49:1f:6b:a8: + b5:23:d6:c2:d8:86:ad:b8:92:57:f7:4a:45:54:72:1e:02:c3: + 33:e6:51:6e:3b:7f:d4:d5:2c:2e:d9:50:ec:7e:41:ce:c7:d3: + fc:82:d0:02:2a:8f:0f:7b:0b:45:31:eb:c4:b8:6f:96:fd:5b: + 16:f7:11:e3:d2:e4:ce:97:9a:b2:09:e6:77:0a:78:86:34:15: + 97:19:3f:09:e1:f5:08:b3:e7:62:98:b8:30:f2:57:49:0e:1a: + 7e:30 -----BEGIN X509 CRL----- MIIBPDCBpgIBATANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRUZXN0IENBIFN1 -YmF1dGhvcml0eRcNNzAwMTAxMDAwMDAwWhcNMjkwMzA5MjEzNTUzWjAiMCACAQQX -DTE5MDMxMjIxMzU1M1owDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAUeuBT -bkwA9N49dDo3us0lesK8RAowCgYDVR0UBAMCAQAwDQYJKoZIhvcNAQELBQADgYEA -AU8inG1tNUqPnkQJovgq6YU9y03DTppZFIW1Give2ALYVrkNSONfZaMzyPBya0wz -oQdFp7P9MAeyXkVLgmqa0I5zUXJtVytal/wAIPSPfxxuB/FCAX9SJCIov5nEQyNX -9xhobGPY5I9X4ZpBgrDAqcM51Zxb2zOn+fStD2Ww/I4= +YmF1dGhvcml0eRcNNzAwMTAxMDAwMDAwWhcNMjkwMzE5MDUyOTE4WjAiMCACAQQX +DTE5MDMyMjA1MjkxOFowDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAU8Moo +uCVyTe0t0KSWuSZ2iZ0n2QswCgYDVR0UBAMCAQAwDQYJKoZIhvcNAQELBQADgYEA +TrG9vsj61c/DYSoSpqeFu7kB6g+asSmhjs98nqDNewdJH2uotSPWwtiGrbiSV/dK +RVRyHgLDM+ZRbjt/1NUsLtlQ7H5BzsfT/ILQAiqPD3sLRTHrxLhvlv1bFvcR49Lk +zpeasgnmdwp4hjQVlxk/CeH1CLPnYpi4MPJXSQ4afjA= -----END X509 CRL----- diff --git a/spec/fixtures/ssl/intermediate.pem b/spec/fixtures/ssl/intermediate.pem index e50de9b829d..2a04a1c7922 100644 --- a/spec/fixtures/ssl/intermediate.pem +++ b/spec/fixtures/ssl/intermediate.pem @@ -6,21 +6,21 @@ Certificate: Issuer: CN=Test CA Validity Not Before: Jan 1 00:00:00 1970 GMT - Not After : Mar 9 21:35:53 2029 GMT + Not After : Mar 19 05:29:18 2029 GMT Subject: CN=Test CA Subauthority Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: - 00:e3:9e:d9:d2:f3:61:04:11:b7:41:5e:1f:4e:be: - 2f:27:e2:79:95:8a:15:e5:1e:31:3e:15:d9:73:7b: - b5:af:3f:53:25:fd:2d:ed:d4:ef:15:b6:de:8c:34: - 28:3e:e8:14:86:9b:06:a8:8f:c5:c2:cf:ce:31:c1: - 40:4d:24:7b:4c:17:4b:9d:19:6c:57:66:a2:25:ba: - 26:d2:14:37:32:17:15:0c:51:2e:9d:7e:01:6a:f7: - a1:3c:c9:b7:bb:00:79:82:f0:a9:c3:6f:58:a7:68: - 75:53:b2:fa:33:98:28:53:2e:99:d2:fb:73:63:09: - 51:32:df:0f:58:ee:ba:6a:19 + 00:db:d8:d0:96:48:5a:ba:58:ff:44:f4:c3:2b:aa: + 6e:29:8b:99:77:54:b3:8d:b9:6e:5c:62:91:76:ad: + d6:95:13:9f:03:c6:1a:69:c5:a2:b3:3c:36:73:cf: + ff:75:58:15:18:fa:ba:7d:97:b6:64:52:45:ce:06: + 30:34:1c:6a:65:84:28:89:77:3f:db:0b:34:0b:2e: + 95:c9:05:8c:ba:fd:17:e2:15:0c:34:fc:9c:49:cf: + a1:17:d6:0f:31:d3:c8:f1:e2:7a:1a:95:42:cd:72: + db:c7:3d:fc:a7:7c:ba:ce:ea:3b:d1:85:a9:11:32: + 0b:37:9a:ff:1e:06:ed:b4:5d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical @@ -28,33 +28,33 @@ Certificate: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: - 7A:E0:53:6E:4C:00:F4:DE:3D:74:3A:37:BA:CD:25:7A:C2:BC:44:0A + F0:CA:28:B8:25:72:4D:ED:2D:D0:A4:96:B9:26:76:89:9D:27:D9:0B Netscape Comment: Puppet Server Internal Certificate X509v3 Authority Key Identifier: - keyid:93:70:43:DA:C0:AA:14:71:0F:93:EB:82:E7:F5:AE:C9:D2:1A:78:77 + keyid:9E:62:BA:7F:59:9D:EE:4F:8D:50:FE:65:89:53:1A:AE:0C:F3:DD:2E Signature Algorithm: sha256WithRSAEncryption - c3:d4:14:36:2b:f3:0b:aa:1a:eb:25:d6:fc:8c:f4:26:bc:c1: - a4:eb:a0:ea:91:bc:2d:3d:96:dc:4d:e0:45:af:a6:80:88:dd: - 79:71:ee:3f:72:20:0a:e1:31:8d:9f:20:fc:64:9c:9c:5e:46: - 6b:b4:7e:84:20:cf:18:25:14:6d:d0:b7:e2:74:c5:92:2b:86: - 0a:d0:4a:64:2c:94:50:2d:a2:3b:1d:93:c8:dc:dc:c4:73:d6: - 8a:92:01:05:c9:1e:29:07:c7:da:b6:3b:2b:ca:ca:18:95:13: - 18:1f:d9:5d:11:01:77:47:23:da:b7:b3:82:3f:42:2e:52:3d: - 05:65 + bd:b9:21:7a:11:17:a6:f6:62:e9:28:2d:0d:5b:e4:c4:ad:73: + 97:59:2a:10:db:9a:7b:62:e9:53:7a:64:aa:3d:9f:10:66:bb: + 05:d5:2e:78:47:9d:e3:e3:df:11:f8:20:85:0d:71:a8:b9:c6: + 8e:1c:a0:2b:b9:6e:3c:65:f1:ea:6d:65:75:25:86:da:3c:e4: + 6a:0c:eb:29:50:84:71:1b:13:91:22:e2:42:a2:89:11:a7:e3: + 7e:cc:01:d2:ac:50:a3:fc:20:96:6c:60:87:47:57:32:4e:13: + e0:52:38:0e:1a:cd:f3:d2:e0:61:7d:73:8a:e2:e4:57:f0:45: + 9e:93 -----BEGIN CERTIFICATE----- MIICPzCCAaigAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0 -IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMwOTIxMzU1M1owHzEdMBsGA1UEAwwU +IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMxOTA1MjkxOFowHzEdMBsGA1UEAwwU VGVzdCBDQSBTdWJhdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -AOOe2dLzYQQRt0FeH06+LyfieZWKFeUeMT4V2XN7ta8/UyX9Le3U7xW23ow0KD7o -FIabBqiPxcLPzjHBQE0ke0wXS50ZbFdmoiW6JtIUNzIXFQxRLp1+AWr3oTzJt7sA -eYLwqcNvWKdodVOy+jOYKFMumdL7c2MJUTLfD1juumoZAgMBAAGjgZcwgZQwDwYD -VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHrgU25MAPTe -PXQ6N7rNJXrCvEQKMDEGCWCGSAGG+EIBDQQkFiJQdXBwZXQgU2VydmVyIEludGVy -bmFsIENlcnRpZmljYXRlMB8GA1UdIwQYMBaAFJNwQ9rAqhRxD5Prguf1rsnSGnh3 -MA0GCSqGSIb3DQEBCwUAA4GBAMPUFDYr8wuqGusl1vyM9Ca8waTroOqRvC09ltxN -4EWvpoCI3Xlx7j9yIArhMY2fIPxknJxeRmu0foQgzxglFG3Qt+J0xZIrhgrQSmQs -lFAtojsdk8jc3MRz1oqSAQXJHikHx9q2OyvKyhiVExgf2V0RAXdHI9q3s4I/Qi5S -PQVl +ANvY0JZIWrpY/0T0wyuqbimLmXdUs425blxikXat1pUTnwPGGmnForM8NnPP/3VY +FRj6un2XtmRSRc4GMDQcamWEKIl3P9sLNAsulckFjLr9F+IVDDT8nEnPoRfWDzHT +yPHiehqVQs1y28c9/Kd8us7qO9GFqREyCzea/x4G7bRdAgMBAAGjgZcwgZQwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPDKKLglck3t +LdCklrkmdomdJ9kLMDEGCWCGSAGG+EIBDQQkFiJQdXBwZXQgU2VydmVyIEludGVy +bmFsIENlcnRpZmljYXRlMB8GA1UdIwQYMBaAFJ5iun9Zne5PjVD+ZYlTGq4M890u +MA0GCSqGSIb3DQEBCwUAA4GBAL25IXoRF6b2YukoLQ1b5MStc5dZKhDbmnti6VN6 +ZKo9nxBmuwXVLnhHnePj3xH4IIUNcai5xo4coCu5bjxl8eptZXUlhto85GoM6ylQ +hHEbE5Ei4kKiiRGn437MAdKsUKP8IJZsYIdHVzJOE+BSOA4azfPS4GF9c4ri5Ffw +RZ6T -----END CERTIFICATE----- diff --git a/spec/fixtures/ssl/pluto-key.pem b/spec/fixtures/ssl/pluto-key.pem index bd9c8a17fe3..9f80151b8a3 100644 --- a/spec/fixtures/ssl/pluto-key.pem +++ b/spec/fixtures/ssl/pluto-key.pem @@ -1,67 +1,67 @@ Private-Key: (1024 bit) modulus: - 00:d0:24:0c:ff:0a:c3:9c:15:95:f1:38:7f:5d:be: - 1f:d0:cc:1f:38:30:66:e7:36:a5:fd:a6:c1:52:b9: - 34:7c:61:b6:ef:42:f9:ef:9c:cb:2e:1a:80:0f:c3: - 45:52:2b:a7:d2:fd:32:b7:75:95:7c:63:f7:5b:98: - 5c:4a:8d:6a:fd:ac:a7:d2:fb:1e:93:e8:39:19:22: - f5:78:ea:41:76:12:e9:2a:a0:66:65:2a:55:76:cd: - 9d:7d:43:10:b7:ff:8a:e4:22:6d:35:0c:00:ff:ba: - 8b:e1:00:20:87:9a:fd:64:0b:16:c4:e7:36:95:43: - ef:e9:5e:e9:50:4b:90:3e:c5 + 00:be:87:d3:7e:e5:05:88:18:d5:d8:27:33:ca:e6: + 06:a2:66:2c:22:17:fc:bc:b6:a0:35:90:cb:27:b5: + e2:c1:7c:3b:b3:d6:b4:d2:62:f7:65:0d:19:33:02: + 09:d0:8c:9b:e9:56:5a:c2:76:b1:a5:36:24:b5:2e: + d7:e6:4a:2a:31:98:70:1b:66:15:6e:3f:b3:ed:3d: + df:b1:48:58:55:72:9e:f6:23:a7:92:a3:72:74:07: + c1:1e:d9:9b:01:26:ff:6c:42:29:d1:63:7f:59:bd: + e6:a4:e6:a5:3d:29:81:b1:33:a6:8d:66:99:d9:4d: + b2:8f:fc:ee:92:e7:a2:65:af publicExponent: 65537 (0x10001) privateExponent: - 78:c3:c2:0a:a4:ab:34:3f:cd:fc:e4:c3:f9:97:1b: - 8c:a1:32:a7:fe:65:66:57:ed:dd:8b:48:75:ff:e1: - 75:1d:98:ef:9f:d3:b6:74:29:eb:39:12:fe:92:55: - 01:45:35:1d:95:2d:3d:06:eb:51:fe:0a:82:49:97: - 9a:e6:0c:a1:d0:2b:70:01:0f:17:8b:77:e8:59:3c: - 32:99:e8:35:b1:9a:4d:d3:4f:6c:68:58:9f:13:83: - 8b:be:a1:e2:61:cb:98:e4:df:45:76:bf:db:cc:ba: - d5:52:e9:b9:ab:a3:ba:67:41:c5:ab:32:35:8a:a8: - 54:25:c1:e7:6c:3c:a0:8d + 00:8a:f7:d4:da:34:3f:51:a2:13:af:82:00:73:d8: + 4d:34:7c:63:6a:46:a6:b0:1a:60:46:51:a2:ec:06: + ed:2a:84:eb:a2:e3:52:a6:35:4b:0e:e8:7b:dd:c9: + 79:d1:24:0d:c0:26:9d:32:43:92:94:d7:25:f5:05: + 02:b2:54:9b:ea:a8:21:6e:f6:52:48:44:92:f1:14: + 7a:1f:9c:a6:a9:4c:e2:6b:5f:fc:61:04:e8:4a:8d: + 8e:9e:7f:73:35:f6:fc:da:f3:c8:b7:fa:7d:67:a1: + c0:32:d0:e2:8a:3e:fb:5f:04:9a:30:b6:e2:ee:80: + b3:ad:5d:0e:6d:9f:56:53:89 prime1: - 00:fa:97:c4:20:8c:42:ec:25:8d:7e:1f:9c:de:cd: - 0a:6d:90:39:dd:f2:a1:ac:db:e1:9f:03:83:1e:ec: - 7b:cf:25:7b:0f:ab:1b:f7:8d:d1:9d:a4:ae:fd:68: - 7d:b0:f6:6d:cf:c4:bf:be:4a:e0:13:f3:73:3c:08: - 77:15:25:fe:17 + 00:e7:c7:9b:77:e4:22:62:0d:66:84:02:9e:f8:a0: + e3:2e:6b:0c:0b:75:a2:2c:86:72:68:0f:34:ff:23: + 0a:59:81:ec:15:11:d0:ce:b9:f6:7e:95:eb:eb:74: + 9e:3f:61:d3:b4:4f:e9:c1:9c:d7:64:82:b4:96:1a: + b9:7a:35:2d:e5 prime2: - 00:d4:a1:c9:62:aa:a8:1c:9e:27:54:79:3f:e4:77: - f8:9d:fd:29:4d:0c:fb:56:49:0d:7b:8c:7b:ce:66: - 68:6c:54:05:d0:6c:30:ab:8c:ce:85:ab:2c:ef:a3: - 8f:c0:88:5b:c8:95:de:b2:a2:10:4c:4f:70:94:d8: - 20:f8:ef:2f:83 + 00:d2:70:c0:e2:3a:1b:c0:a0:b2:29:9c:70:c0:8b: + aa:44:2e:d0:87:c6:0d:50:33:20:1a:5c:d4:6c:ee: + f2:20:51:e6:ce:64:c0:f4:cc:92:fc:59:c1:1c:47: + a6:1c:0e:62:7f:38:30:fa:07:e0:8a:e1:5d:ae:8f: + 8a:8a:a9:ac:03 exponent1: - 06:5b:d9:87:35:e7:f0:d4:17:1e:0f:31:4c:da:09: - 1c:b4:9f:33:49:97:de:aa:09:b4:9e:43:32:82:af: - b5:96:ee:e3:7b:e5:0e:c8:13:7c:9b:94:31:2b:f8: - 9c:87:f4:4b:64:63:b5:31:73:34:2e:66:4b:2c:af: - d0:e2:90:eb + 64:5e:8f:f8:8f:16:44:97:c0:f9:11:99:7d:d9:4e: + 07:df:db:4b:6b:19:5b:66:ad:4c:5a:a9:7c:82:d4: + 0c:86:b2:91:3d:31:cb:13:c4:a6:74:8d:c1:5c:b2: + da:87:a6:81:c2:c9:5b:4a:6c:0b:de:7e:0d:32:6d: + 77:7a:67:f1 exponent2: - 59:f0:89:27:83:fa:12:08:cf:a8:0a:95:7d:05:46: - 13:45:c7:57:81:1b:3a:f7:31:8d:c5:f1:84:6f:8a: - d1:ef:84:7a:11:99:50:a7:01:a0:46:b4:7e:34:d8: - 14:5f:59:3b:72:31:3d:ac:11:6a:c5:db:60:0a:3f: - 80:2c:64:13 + 00:cf:dc:ab:c9:49:98:6c:16:ce:a4:a7:6f:ff:e0: + 74:d8:50:5d:8e:1f:24:bb:59:24:96:a5:a6:f5:ca: + b7:c3:10:e3:28:6f:00:e1:4c:c8:cb:16:64:d6:e8: + 36:bd:73:bf:fa:e5:a8:0a:f0:88:ec:e5:5a:c1:b7: + eb:22:b8:21:bd coefficient: - 00:a9:aa:39:02:18:ba:e7:22:17:bd:2a:6c:90:0f: - bc:6f:ed:60:7c:42:b1:8a:8c:b9:03:4e:d8:d0:ec: - db:03:e1:42:0c:00:39:3b:d3:d2:28:1c:26:67:31: - 71:5a:a8:92:ec:eb:c6:50:52:fb:da:03:92:43:ec: - fa:7f:73:b8:25 + 1d:6c:a4:77:de:3d:a2:17:29:65:43:f5:d2:33:42: + bf:ac:0a:7f:71:63:56:62:22:cc:80:d4:49:dc:b4: + 87:98:69:52:42:bc:5b:13:fd:be:57:04:ca:89:c5: + 83:09:aa:f0:40:af:36:42:a0:d6:cd:b7:c3:99:c2: + cb:a5:9c:19 -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDQJAz/CsOcFZXxOH9dvh/QzB84MGbnNqX9psFSuTR8YbbvQvnv -nMsuGoAPw0VSK6fS/TK3dZV8Y/dbmFxKjWr9rKfS+x6T6DkZIvV46kF2EukqoGZl -KlV2zZ19QxC3/4rkIm01DAD/uovhACCHmv1kCxbE5zaVQ+/pXulQS5A+xQIDAQAB -AoGAeMPCCqSrND/N/OTD+ZcbjKEyp/5lZlft3YtIdf/hdR2Y75/TtnQp6zkS/pJV -AUU1HZUtPQbrUf4KgkmXmuYModArcAEPF4t36Fk8MpnoNbGaTdNPbGhYnxODi76h -4mHLmOTfRXa/28y61VLpuaujumdBxasyNYqoVCXB52w8oI0CQQD6l8QgjELsJY1+ -H5zezQptkDnd8qGs2+GfA4Me7HvPJXsPqxv3jdGdpK79aH2w9m3PxL++SuAT83M8 -CHcVJf4XAkEA1KHJYqqoHJ4nVHk/5Hf4nf0pTQz7VkkNe4x7zmZobFQF0Gwwq4zO -hass76OPwIhbyJXesqIQTE9wlNgg+O8vgwJABlvZhzXn8NQXHg8xTNoJHLSfM0mX -3qoJtJ5DMoKvtZbu43vlDsgTfJuUMSv4nIf0S2RjtTFzNC5mSyyv0OKQ6wJAWfCJ -J4P6EgjPqAqVfQVGE0XHV4EbOvcxjcXxhG+K0e+EehGZUKcBoEa0fjTYFF9ZO3Ix -PawRasXbYAo/gCxkEwJBAKmqOQIYuuciF70qbJAPvG/tYHxCsYqMuQNO2NDs2wPh -QgwAOTvT0igcJmcxcVqokuzrxlBS+9oDkkPs+n9zuCU= +MIICXQIBAAKBgQC+h9N+5QWIGNXYJzPK5gaiZiwiF/y8tqA1kMsnteLBfDuz1rTS +YvdlDRkzAgnQjJvpVlrCdrGlNiS1LtfmSioxmHAbZhVuP7PtPd+xSFhVcp72I6eS +o3J0B8Ee2ZsBJv9sQinRY39Zveak5qU9KYGxM6aNZpnZTbKP/O6S56JlrwIDAQAB +AoGBAIr31No0P1GiE6+CAHPYTTR8Y2pGprAaYEZRouwG7SqE66LjUqY1Sw7oe93J +edEkDcAmnTJDkpTXJfUFArJUm+qoIW72UkhEkvEUeh+cpqlM4mtf/GEE6EqNjp5/ +czX2/NrzyLf6fWehwDLQ4oo++18EmjC24u6As61dDm2fVlOJAkEA58ebd+QiYg1m +hAKe+KDjLmsMC3WiLIZyaA80/yMKWYHsFRHQzrn2fpXr63SeP2HTtE/pwZzXZIK0 +lhq5ejUt5QJBANJwwOI6G8CgsimccMCLqkQu0IfGDVAzIBpc1Gzu8iBR5s5kwPTM +kvxZwRxHphwOYn84MPoH4IrhXa6PioqprAMCQGRej/iPFkSXwPkRmX3ZTgff20tr +GVtmrUxaqXyC1AyGspE9McsTxKZ0jcFcstqHpoHCyVtKbAvefg0ybXd6Z/ECQQDP +3KvJSZhsFs6kp2//4HTYUF2OHyS7WSSWpab1yrfDEOMobwDhTMjLFmTW6Da9c7/6 +5agK8Ijs5VrBt+siuCG9AkAdbKR33j2iFyllQ/XSM0K/rAp/cWNWYiLMgNRJ3LSH +mGlSQrxbE/2+VwTKicWDCarwQK82QqDWzbfDmcLLpZwZ -----END RSA PRIVATE KEY----- diff --git a/spec/fixtures/ssl/pluto.pem b/spec/fixtures/ssl/pluto.pem index 00f291ac4c8..a9ac381c449 100644 --- a/spec/fixtures/ssl/pluto.pem +++ b/spec/fixtures/ssl/pluto.pem @@ -1,44 +1,44 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 6 (0x6) + Serial Number: 7 (0x7) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Test CA Agent Subauthority Validity Not Before: Jan 1 00:00:00 1970 GMT - Not After : Mar 9 21:35:53 2029 GMT + Not After : Mar 19 05:29:18 2029 GMT Subject: CN=pluto Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: - 00:d0:24:0c:ff:0a:c3:9c:15:95:f1:38:7f:5d:be: - 1f:d0:cc:1f:38:30:66:e7:36:a5:fd:a6:c1:52:b9: - 34:7c:61:b6:ef:42:f9:ef:9c:cb:2e:1a:80:0f:c3: - 45:52:2b:a7:d2:fd:32:b7:75:95:7c:63:f7:5b:98: - 5c:4a:8d:6a:fd:ac:a7:d2:fb:1e:93:e8:39:19:22: - f5:78:ea:41:76:12:e9:2a:a0:66:65:2a:55:76:cd: - 9d:7d:43:10:b7:ff:8a:e4:22:6d:35:0c:00:ff:ba: - 8b:e1:00:20:87:9a:fd:64:0b:16:c4:e7:36:95:43: - ef:e9:5e:e9:50:4b:90:3e:c5 + 00:be:87:d3:7e:e5:05:88:18:d5:d8:27:33:ca:e6: + 06:a2:66:2c:22:17:fc:bc:b6:a0:35:90:cb:27:b5: + e2:c1:7c:3b:b3:d6:b4:d2:62:f7:65:0d:19:33:02: + 09:d0:8c:9b:e9:56:5a:c2:76:b1:a5:36:24:b5:2e: + d7:e6:4a:2a:31:98:70:1b:66:15:6e:3f:b3:ed:3d: + df:b1:48:58:55:72:9e:f6:23:a7:92:a3:72:74:07: + c1:1e:d9:9b:01:26:ff:6c:42:29:d1:63:7f:59:bd: + e6:a4:e6:a5:3d:29:81:b1:33:a6:8d:66:99:d9:4d: + b2:8f:fc:ee:92:e7:a2:65:af Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption - 9f:99:01:ae:86:0a:bf:b3:03:5a:94:72:47:6e:61:97:6b:44: - c6:9f:c4:1e:7e:5e:41:e0:1e:11:8e:d0:68:0a:c0:bb:5d:7d: - 9a:e4:93:ba:df:9f:77:3c:26:ee:7f:e0:2c:45:b4:17:64:af: - 5c:92:f9:7f:b1:5d:2c:8b:25:bd:ed:3b:e3:db:ca:1a:a0:41: - c2:9f:9c:17:78:d2:b4:9c:83:65:f5:42:10:94:3b:81:f5:e0: - 35:3f:6c:3e:ef:41:a9:85:9c:06:07:e5:95:0b:81:9b:92:91: - ab:d2:c6:fe:0f:28:4a:60:8e:dd:5b:36:58:d6:62:75:5a:47: - c1:30 + b9:19:cf:49:cd:99:aa:06:c1:fe:16:54:6a:b3:a5:ae:5c:f3: + f7:06:e5:8f:37:55:69:f4:91:6c:d0:c5:5f:94:88:dd:7d:7f: + 6a:c0:a8:2c:57:57:09:e7:0b:e1:c3:52:75:c8:49:e2:0b:a9: + 53:28:25:04:e2:9f:18:79:4d:f7:3f:8a:40:59:c3:fe:76:c9: + 01:b8:4f:ad:8a:f5:ac:f8:c8:fb:88:a6:10:d6:b0:84:8d:21: + df:f9:5f:aa:5b:76:cf:d8:5e:48:c1:ae:49:ac:0c:0e:3c:13: + 7f:96:c2:98:04:dd:26:a7:85:b1:0a:cd:4f:43:e1:49:23:3c: + 74:db -----BEGIN CERTIFICATE----- -MIIBqTCCARKgAwIBAgIBBjANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpUZXN0 -IENBIEFnZW50IFN1YmF1dGhvcml0eTAeFw03MDAxMDEwMDAwMDBaFw0yOTAzMDky -MTM1NTNaMBAxDjAMBgNVBAMMBXBsdXRvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB -iQKBgQDQJAz/CsOcFZXxOH9dvh/QzB84MGbnNqX9psFSuTR8YbbvQvnvnMsuGoAP -w0VSK6fS/TK3dZV8Y/dbmFxKjWr9rKfS+x6T6DkZIvV46kF2EukqoGZlKlV2zZ19 -QxC3/4rkIm01DAD/uovhACCHmv1kCxbE5zaVQ+/pXulQS5A+xQIDAQABMA0GCSqG -SIb3DQEBCwUAA4GBAJ+ZAa6GCr+zA1qUckduYZdrRMafxB5+XkHgHhGO0GgKwLtd -fZrkk7rfn3c8Ju5/4CxFtBdkr1yS+X+xXSyLJb3tO+PbyhqgQcKfnBd40rScg2X1 -QhCUO4H14DU/bD7vQamFnAYH5ZULgZuSkavSxv4PKEpgjt1bNljWYnVaR8Ew +MIIBqTCCARKgAwIBAgIBBzANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpUZXN0 +IENBIEFnZW50IFN1YmF1dGhvcml0eTAeFw03MDAxMDEwMDAwMDBaFw0yOTAzMTkw +NTI5MThaMBAxDjAMBgNVBAMMBXBsdXRvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQC+h9N+5QWIGNXYJzPK5gaiZiwiF/y8tqA1kMsnteLBfDuz1rTSYvdlDRkz +AgnQjJvpVlrCdrGlNiS1LtfmSioxmHAbZhVuP7PtPd+xSFhVcp72I6eSo3J0B8Ee +2ZsBJv9sQinRY39Zveak5qU9KYGxM6aNZpnZTbKP/O6S56JlrwIDAQABMA0GCSqG +SIb3DQEBCwUAA4GBALkZz0nNmaoGwf4WVGqzpa5c8/cG5Y83VWn0kWzQxV+UiN19 +f2rAqCxXVwnnC+HDUnXISeILqVMoJQTinxh5Tfc/ikBZw/52yQG4T62K9az4yPuI +phDWsISNId/5X6pbds/YXkjBrkmsDA48E3+WwpgE3SanhbEKzU9D4UkjPHTb -----END CERTIFICATE----- diff --git a/spec/fixtures/ssl/request-key.pem b/spec/fixtures/ssl/request-key.pem index 407122d2969..7bcb54fe274 100644 --- a/spec/fixtures/ssl/request-key.pem +++ b/spec/fixtures/ssl/request-key.pem @@ -1,67 +1,67 @@ Private-Key: (1024 bit) modulus: - 00:da:5a:94:fd:77:48:51:fa:2b:1e:bb:38:32:17: - 71:5d:93:32:5b:67:fa:18:53:d2:4c:86:ea:1a:ec: - 7c:eb:fd:64:a5:d4:04:88:6d:92:8c:5f:8a:8a:02: - b5:c6:8e:c9:e4:a0:26:1c:7d:62:e0:1b:37:46:de: - 0a:e1:1d:7b:79:1c:9a:b1:71:de:e0:c7:31:1d:00: - a6:98:fb:6e:32:a5:9b:bf:36:30:54:7a:13:14:fe: - 2f:f3:75:a7:0c:bb:d8:96:15:05:eb:57:63:a1:cc: - 1b:32:67:c1:dc:dc:b2:34:7b:23:00:70:f0:9a:5e: - 6f:31:7f:f4:d1:cc:84:5f:25 + 00:d7:3b:cd:33:a4:10:40:7c:51:fd:2f:cb:ed:ef: + c7:86:90:04:fa:02:1e:39:37:62:f6:94:67:d7:b6: + 56:81:a9:50:3b:6c:63:12:31:96:ec:8c:87:0e:9f: + 57:f3:08:06:cc:7c:05:44:ea:93:11:e2:d6:b1:6a: + f4:7e:7c:f8:28:2c:3e:fd:a6:a0:d1:a4:25:fb:30: + 28:92:9e:8c:ef:b7:4c:e0:5f:09:46:33:ab:be:5f: + 06:ff:76:35:0e:eb:a4:23:c4:f9:0e:2e:4b:8c:ac: + 05:9a:06:4a:4b:1d:86:cf:bb:d9:7e:68:a9:84:18: + e5:68:25:f4:64:38:ab:8a:49 publicExponent: 65537 (0x10001) privateExponent: - 17:12:8d:3d:bf:35:f0:1b:9c:24:d2:29:9c:f9:67: - 2c:39:1a:90:18:0b:90:38:83:37:3c:e6:4d:d4:01: - 5b:3a:5a:41:3f:86:ff:17:7c:ed:c2:46:b4:50:96: - fe:95:25:f6:37:89:ef:66:bc:64:eb:db:4a:6c:b9: - ff:91:8a:f3:4e:39:f0:e2:bf:21:e5:4a:fe:8c:77: - 62:c7:84:2f:ba:bd:35:e9:b5:5f:49:54:f8:02:72: - 02:39:6b:ee:07:62:ec:bf:6a:51:17:9c:76:66:dd: - 8b:01:d6:ab:60:49:e2:7c:4b:40:af:34:5d:2f:29: - 67:5f:d0:23:1b:9b:52:bd + 6a:fa:60:4d:f0:97:db:55:6f:73:06:94:b7:d8:dc: + 35:37:d4:21:67:78:1a:3c:3b:46:10:11:65:18:4d: + fa:f8:6a:d6:7e:52:e7:b2:1a:2f:cc:d1:3c:25:5b: + 13:82:c3:ce:53:3e:53:38:bc:8c:c1:50:b0:b2:56: + 7f:a0:21:be:fb:d5:18:a9:1f:81:b8:e4:ca:3b:82: + 93:f7:44:c3:82:50:dd:b0:07:db:08:4d:1d:ac:e1: + b0:d1:be:5c:3f:03:85:3f:35:ab:86:b9:bf:5b:61: + e8:27:fe:db:6f:fe:09:88:4a:ae:59:bd:63:94:f6: + b9:01:d0:ac:1d:16:79:f9 prime1: - 00:f3:ff:bb:23:6c:56:8b:52:20:fc:e2:ce:7c:39: - 21:09:64:57:2d:8d:87:d6:d1:6d:d2:74:cc:20:f2: - 13:cc:ce:81:de:68:46:15:36:5b:d5:a0:11:99:79: - bd:75:0b:c9:b3:d8:bd:77:1d:58:df:b6:30:56:eb: - 2f:00:30:8d:07 + 00:fe:6c:47:8b:6a:53:8b:11:27:ee:c1:51:fb:17: + a0:a2:28:3c:e5:24:7e:ab:73:13:0f:b9:7a:76:3e: + 4c:fd:63:e7:04:b8:8a:8a:58:e3:47:8f:38:f4:9a: + 6a:f7:97:09:d1:7c:57:35:95:7b:2a:df:26:ce:18: + 87:9e:3b:5c:c3 prime2: - 00:e5:17:f1:f4:b0:8c:36:e2:6d:a2:c3:b5:3e:83: - f2:c8:35:c1:76:0c:99:be:90:e6:12:ff:c7:0d:34: - c0:9e:db:ca:69:e3:29:a4:4e:19:96:f5:7e:cc:d0: - a2:c0:82:a4:12:4e:8c:f7:ca:4b:9a:cb:d6:90:d2: - d0:e7:f6:93:73 + 00:d8:91:56:09:2a:ce:b2:70:3b:8a:dc:f8:19:d3: + 3f:e7:fb:71:07:a4:88:07:a9:86:67:5f:44:7f:55: + 71:75:89:bf:a5:2d:a5:92:95:cc:7b:62:98:01:24: + c6:75:4d:1c:54:ad:dc:3c:9f:04:ef:43:86:43:3d: + 40:5a:19:7c:03 exponent1: - 00:d6:94:48:dc:6f:33:71:14:ca:23:fb:c6:81:a2: - b0:36:15:43:41:b1:5d:0c:03:64:24:98:48:c8:94: - 7b:eb:3a:95:25:a5:e8:34:51:78:d3:d7:10:83:3b: - 77:ed:4e:6f:95:35:7f:f2:18:22:07:a3:ae:c1:51: - d5:24:c2:8d:d3 + 00:da:ac:26:31:e5:89:38:95:de:44:8f:53:ef:04: + 37:c4:27:e1:6e:f1:17:0e:35:31:c4:ea:1e:1f:53: + 1c:c9:0c:fc:9a:4a:22:89:16:2d:02:6c:4e:ff:ad: + 59:12:c4:76:63:df:02:f5:c3:2c:c1:84:5a:cd:f8: + b7:57:80:9e:11 exponent2: - 08:35:2f:6a:00:d9:45:2e:1f:97:71:43:91:15:d1: - 20:f3:2c:17:3a:a4:57:7b:81:82:b4:bf:40:ed:de: - e8:d2:1f:12:64:1d:1d:d1:de:80:d6:12:d0:eb:b8: - a9:05:05:33:d2:b4:a2:3c:11:31:5e:94:35:64:18: - 2f:f7:59:99 + 69:c4:79:37:5a:ef:bd:d7:f0:4c:7e:64:b1:00:29: + fa:db:23:35:af:56:3c:1f:c0:23:66:34:a6:d7:8c: + e4:f1:94:66:50:67:c7:b2:5f:3e:77:45:73:71:89: + 77:2a:64:c6:ba:6e:90:30:bd:91:38:f2:2e:8e:90: + 8a:30:5e:0f coefficient: - 00:97:59:ca:65:4a:37:b4:5c:af:69:d6:b7:e1:45: - c4:73:36:50:ba:30:95:19:e0:27:5c:51:05:c0:d9: - e1:02:1e:ac:c1:05:2c:53:74:e9:42:4e:22:20:c3: - 6f:ce:6c:e9:60:fd:68:1b:66:96:de:3e:5d:86:1e: - 1b:4b:f3:e8:a6 + 00:c1:7c:fd:5e:d0:9a:46:5f:6a:53:7a:c1:c1:6e: + 55:65:3a:6c:d1:91:9c:74:eb:07:51:62:d1:31:d5: + e1:ff:74:a2:ac:50:56:0b:12:92:cb:19:da:01:22: + 61:1c:bc:5b:78:5e:cf:1f:4e:d2:9e:9e:43:e5:da: + 2b:40:d7:bc:bb -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDaWpT9d0hR+iseuzgyF3FdkzJbZ/oYU9JMhuoa7Hzr/WSl1ASI -bZKMX4qKArXGjsnkoCYcfWLgGzdG3grhHXt5HJqxcd7gxzEdAKaY+24ypZu/NjBU -ehMU/i/zdacMu9iWFQXrV2OhzBsyZ8Hc3LI0eyMAcPCaXm8xf/TRzIRfJQIDAQAB -AoGAFxKNPb818BucJNIpnPlnLDkakBgLkDiDNzzmTdQBWzpaQT+G/xd87cJGtFCW -/pUl9jeJ72a8ZOvbSmy5/5GK80458OK/IeVK/ox3YseEL7q9Nem1X0lU+AJyAjlr -7gdi7L9qURecdmbdiwHWq2BJ4nxLQK80XS8pZ1/QIxubUr0CQQDz/7sjbFaLUiD8 -4s58OSEJZFctjYfW0W3SdMwg8hPMzoHeaEYVNlvVoBGZeb11C8mz2L13HVjftjBW -6y8AMI0HAkEA5Rfx9LCMNuJtosO1PoPyyDXBdgyZvpDmEv/HDTTAntvKaeMppE4Z -lvV+zNCiwIKkEk6M98pLmsvWkNLQ5/aTcwJBANaUSNxvM3EUyiP7xoGisDYVQ0Gx -XQwDZCSYSMiUe+s6lSWl6DRReNPXEIM7d+1Ob5U1f/IYIgejrsFR1STCjdMCQAg1 -L2oA2UUuH5dxQ5EV0SDzLBc6pFd7gYK0v0Dt3ujSHxJkHR3R3oDWEtDruKkFBTPS -tKI8ETFelDVkGC/3WZkCQQCXWcplSje0XK9p1rfhRcRzNlC6MJUZ4CdcUQXA2eEC -HqzBBSxTdOlCTiIgw2/ObOlg/WgbZpbePl2GHhtL8+im +MIICXQIBAAKBgQDXO80zpBBAfFH9L8vt78eGkAT6Ah45N2L2lGfXtlaBqVA7bGMS +MZbsjIcOn1fzCAbMfAVE6pMR4taxavR+fPgoLD79pqDRpCX7MCiSnozvt0zgXwlG +M6u+Xwb/djUO66QjxPkOLkuMrAWaBkpLHYbPu9l+aKmEGOVoJfRkOKuKSQIDAQAB +AoGAavpgTfCX21VvcwaUt9jcNTfUIWd4Gjw7RhARZRhN+vhq1n5S57IaL8zRPCVb +E4LDzlM+Uzi8jMFQsLJWf6AhvvvVGKkfgbjkyjuCk/dEw4JQ3bAH2whNHazhsNG+ +XD8DhT81q4a5v1th6Cf+22/+CYhKrlm9Y5T2uQHQrB0WefkCQQD+bEeLalOLESfu +wVH7F6CiKDzlJH6rcxMPuXp2Pkz9Y+cEuIqKWONHjzj0mmr3lwnRfFc1lXsq3ybO +GIeeO1zDAkEA2JFWCSrOsnA7itz4GdM/5/txB6SIB6mGZ19Ef1VxdYm/pS2lkpXM +e2KYASTGdU0cVK3cPJ8E70OGQz1AWhl8AwJBANqsJjHliTiV3kSPU+8EN8Qn4W7x +Fw41McTqHh9THMkM/JpKIokWLQJsTv+tWRLEdmPfAvXDLMGEWs34t1eAnhECQGnE +eTda773X8Ex+ZLEAKfrbIzWvVjwfwCNmNKbXjOTxlGZQZ8eyXz53RXNxiXcqZMa6 +bpAwvZE48i6OkIowXg8CQQDBfP1e0JpGX2pTesHBblVlOmzRkZx06wdRYtEx1eH/ +dKKsUFYLEpLLGdoBImEcvFt4Xs8fTtKenkPl2itA17y7 -----END RSA PRIVATE KEY----- diff --git a/spec/fixtures/ssl/request.pem b/spec/fixtures/ssl/request.pem index 3a4426a5a16..d715d87f033 100644 --- a/spec/fixtures/ssl/request.pem +++ b/spec/fixtures/ssl/request.pem @@ -6,34 +6,34 @@ Certificate Request: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: - 00:da:5a:94:fd:77:48:51:fa:2b:1e:bb:38:32:17: - 71:5d:93:32:5b:67:fa:18:53:d2:4c:86:ea:1a:ec: - 7c:eb:fd:64:a5:d4:04:88:6d:92:8c:5f:8a:8a:02: - b5:c6:8e:c9:e4:a0:26:1c:7d:62:e0:1b:37:46:de: - 0a:e1:1d:7b:79:1c:9a:b1:71:de:e0:c7:31:1d:00: - a6:98:fb:6e:32:a5:9b:bf:36:30:54:7a:13:14:fe: - 2f:f3:75:a7:0c:bb:d8:96:15:05:eb:57:63:a1:cc: - 1b:32:67:c1:dc:dc:b2:34:7b:23:00:70:f0:9a:5e: - 6f:31:7f:f4:d1:cc:84:5f:25 + 00:d7:3b:cd:33:a4:10:40:7c:51:fd:2f:cb:ed:ef: + c7:86:90:04:fa:02:1e:39:37:62:f6:94:67:d7:b6: + 56:81:a9:50:3b:6c:63:12:31:96:ec:8c:87:0e:9f: + 57:f3:08:06:cc:7c:05:44:ea:93:11:e2:d6:b1:6a: + f4:7e:7c:f8:28:2c:3e:fd:a6:a0:d1:a4:25:fb:30: + 28:92:9e:8c:ef:b7:4c:e0:5f:09:46:33:ab:be:5f: + 06:ff:76:35:0e:eb:a4:23:c4:f9:0e:2e:4b:8c:ac: + 05:9a:06:4a:4b:1d:86:cf:bb:d9:7e:68:a9:84:18: + e5:68:25:f4:64:38:ab:8a:49 Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha256WithRSAEncryption - 39:d7:a3:20:cb:15:ab:97:97:32:ff:64:cd:ac:47:ab:3e:c3: - 84:1f:ed:25:f0:c5:f1:a6:88:14:c5:8c:49:dc:d2:2c:83:5a: - ef:59:48:f4:8c:f8:30:97:fa:0a:06:24:fd:97:92:c8:cf:cf: - 5f:c5:8d:9f:b4:75:bc:88:da:84:94:0c:44:c0:e6:47:21:37: - 79:35:ff:9c:78:bf:55:51:af:dc:1c:35:c0:9f:06:87:f9:63: - 01:48:9d:0c:b4:f1:97:72:56:4b:37:9e:80:5d:19:f8:00:a1: - 20:81:31:3c:d4:b6:6d:5c:65:bb:cd:4b:34:04:75:d6:28:04: - 2e:db + 68:06:6f:57:41:a0:c6:06:61:cd:9f:a1:bd:19:9b:7a:96:67: + f4:ae:ad:9d:9a:11:b9:43:05:f2:f7:c8:ca:2e:1d:79:46:72: + a4:16:e5:2a:23:0a:d5:0f:15:f8:b3:5b:f6:28:b6:e3:2e:94: + ee:c3:60:00:30:83:3d:1b:dd:39:2e:25:94:4c:25:c9:d8:60: + 10:da:21:72:67:08:3c:0c:31:6e:b7:4d:ed:12:2d:02:81:6c: + 38:d3:e0:cd:0f:85:d9:ec:e3:f1:6b:0c:7a:ef:22:97:87:e4: + 13:11:a8:da:9c:4c:47:65:10:bf:52:ed:f5:67:52:79:bf:72: + ae:ea -----BEGIN CERTIFICATE REQUEST----- MIIBUTCBuwIBAjASMRAwDgYDVQQDDAdwZW5kaW5nMIGfMA0GCSqGSIb3DQEBAQUA -A4GNADCBiQKBgQDaWpT9d0hR+iseuzgyF3FdkzJbZ/oYU9JMhuoa7Hzr/WSl1ASI -bZKMX4qKArXGjsnkoCYcfWLgGzdG3grhHXt5HJqxcd7gxzEdAKaY+24ypZu/NjBU -ehMU/i/zdacMu9iWFQXrV2OhzBsyZ8Hc3LI0eyMAcPCaXm8xf/TRzIRfJQIDAQAB -oAAwDQYJKoZIhvcNAQELBQADgYEAOdejIMsVq5eXMv9kzaxHqz7DhB/tJfDF8aaI -FMWMSdzSLINa71lI9Iz4MJf6CgYk/ZeSyM/PX8WNn7R1vIjahJQMRMDmRyE3eTX/ -nHi/VVGv3Bw1wJ8Gh/ljAUidDLTxl3JWSzeegF0Z+AChIIExPNS2bVxlu81LNAR1 -1igELts= +A4GNADCBiQKBgQDXO80zpBBAfFH9L8vt78eGkAT6Ah45N2L2lGfXtlaBqVA7bGMS +MZbsjIcOn1fzCAbMfAVE6pMR4taxavR+fPgoLD79pqDRpCX7MCiSnozvt0zgXwlG +M6u+Xwb/djUO66QjxPkOLkuMrAWaBkpLHYbPu9l+aKmEGOVoJfRkOKuKSQIDAQAB +oAAwDQYJKoZIhvcNAQELBQADgYEAaAZvV0GgxgZhzZ+hvRmbepZn9K6tnZoRuUMF +8vfIyi4deUZypBblKiMK1Q8V+LNb9ii24y6U7sNgADCDPRvdOS4llEwlydhgENoh +cmcIPAwxbrdN7RItAoFsONPgzQ+F2ezj8WsMeu8il4fkExGo2pxMR2UQv1Lt9WdS +eb9yruo= -----END CERTIFICATE REQUEST----- diff --git a/spec/fixtures/ssl/revoked-key.pem b/spec/fixtures/ssl/revoked-key.pem index 80bf1bfdaaf..37b6701620c 100644 --- a/spec/fixtures/ssl/revoked-key.pem +++ b/spec/fixtures/ssl/revoked-key.pem @@ -1,67 +1,67 @@ Private-Key: (1024 bit) modulus: - 00:df:01:71:af:01:5d:b1:b6:af:81:20:06:b1:22: - 74:12:ec:20:f6:c8:12:0f:13:ed:a4:0e:17:af:00: - 89:7c:53:a1:5d:b7:d7:d5:3a:c0:ab:1b:2a:6d:44: - ea:8c:91:44:75:5e:19:4f:bd:2f:67:86:ed:78:1d: - 67:a5:54:e3:fb:29:7d:03:2a:3a:15:59:3f:0f:8f: - 7d:db:42:28:77:48:ae:fb:2d:8f:7c:97:31:ca:7e: - a4:a0:56:3c:15:73:c8:8e:45:0a:5b:16:4b:4e:d7: - 5e:f5:75:86:dd:aa:b6:69:ed:05:98:7c:ed:94:2f: - 05:e2:ca:33:7d:c2:e6:9b:47 + 00:a4:1d:dd:e3:22:9a:13:d9:aa:71:c3:fa:d4:6f: + a5:7e:b5:19:ab:34:31:25:c7:b3:16:23:7a:50:2e: + 9d:83:b3:26:58:5f:9f:fe:e2:22:67:e4:2d:2f:39: + 60:99:e2:83:bf:68:46:8f:66:4c:60:11:b5:bf:e3: + 54:a4:97:1d:3b:9e:68:01:c3:16:2f:71:57:39:98: + 45:03:ea:20:2a:fa:5b:9a:75:eb:58:cc:b5:04:4b: + f5:6e:93:84:65:63:63:26:20:32:a6:6c:ba:94:04: + 2b:eb:67:84:37:83:e3:70:dc:22:16:b9:e7:7d:86: + b4:99:a8:f5:e4:ee:77:5d:45 publicExponent: 65537 (0x10001) privateExponent: - 00:89:8a:d5:78:2f:ea:7e:e2:83:2a:ab:fb:14:a3: - 80:5d:ef:5f:81:75:f2:95:74:20:1d:10:48:11:3a: - ce:91:6c:ef:58:e3:3b:ee:9a:d7:1c:71:9b:e0:5b: - 22:22:e2:b2:0b:85:a7:2c:e4:2d:69:b7:f1:9d:24: - dd:b9:3e:3b:81:95:bf:3f:49:87:40:3b:af:b7:0d: - 7a:39:32:b9:dc:6a:e2:a4:42:b5:ca:cb:13:97:f3: - f7:32:54:9d:9f:55:23:81:18:2c:c8:87:63:5d:f3: - 50:7d:87:3e:b3:6e:52:c7:c9:0c:40:e3:8b:45:ff: - a7:54:0c:7e:bd:db:57:16:21 + 35:c2:82:d8:d0:90:e0:47:c1:09:9b:45:23:29:9f: + 70:ae:2a:46:66:c6:62:b5:d3:f8:40:8e:e4:8d:20: + 93:ef:af:73:eb:7f:21:a3:39:da:06:68:b6:bb:78: + e5:6f:c9:f0:7d:5b:ff:c5:66:e7:61:65:c4:01:d7: + cc:42:a4:14:49:10:74:e5:6b:e5:da:a8:d9:8d:c5: + b1:cb:c6:67:28:00:df:d2:4b:14:16:77:1c:19:c9: + b2:1f:4c:41:35:04:2c:45:3c:a0:4e:88:55:9a:31: + c0:bd:57:d0:cf:87:11:e9:2c:d0:06:70:0c:9a:d4: + af:71:47:49:4d:43:a3:81 prime1: - 00:f6:04:bd:de:d9:9e:7d:0c:54:2b:e3:eb:90:17: - e7:f0:6b:19:9a:01:74:6f:c5:7a:75:d4:1e:36:af: - dd:a2:e2:12:15:97:a2:ee:bc:e5:9d:59:b6:99:3a: - 84:ef:98:07:0f:11:75:44:e3:fd:68:03:6d:2e:bb: - a2:82:8f:de:71 + 00:d7:45:9d:a7:a7:b9:24:50:79:b9:f4:df:3e:ea: + 79:d4:a1:65:da:b4:b6:86:2f:11:44:45:22:f9:10: + 1c:fd:24:00:1c:fa:08:ce:ee:0e:44:b8:58:4d:2f: + 1d:82:ad:3d:77:b9:7c:e6:ee:8f:97:26:e2:84:7e: + d8:3b:1c:0c:59 prime2: - 00:e8:0d:ae:29:d0:22:a2:28:e5:e0:d4:27:89:76: - 15:1e:86:11:ea:a3:4f:06:61:2d:ad:c8:cf:b8:74: - 32:2c:ad:85:84:32:01:d4:46:04:d0:43:78:bc:7d: - a0:de:17:0e:ce:3f:29:a9:43:8f:9a:27:a1:b5:1c: - fb:c2:85:61:37 + 00:c3:2a:9e:9c:7e:c8:a5:79:bf:bd:e3:03:67:b6: + a2:85:d7:1c:f5:23:92:d9:af:15:38:2d:50:b1:fd: + 38:67:b5:79:5f:9a:6d:7f:8c:d7:c2:83:0a:b1:dd: + 7e:a8:41:33:b9:23:16:da:14:21:15:13:c5:18:44: + ef:5b:f6:0a:cd exponent1: - 00:bc:ab:9e:41:4d:7b:72:43:06:3a:32:ac:f0:f0: - a4:7b:88:67:35:e8:6f:b7:58:27:36:3d:da:7d:ee: - 19:77:55:10:b1:66:7d:19:c1:dc:05:f4:4b:48:ef: - cc:0b:42:f8:06:e2:48:a0:f0:87:e2:40:de:76:bc: - 87:40:c1:bc:c1 + 4a:6f:7a:ed:0e:d4:b8:d6:ce:d0:5a:f8:9a:a3:af: + 0e:b3:e4:29:34:95:6c:5e:78:04:f8:36:f8:91:f6: + c4:1d:1f:a0:e5:60:08:55:4e:3f:ba:d2:65:95:e6: + 09:5a:67:c7:af:2e:9e:17:5d:35:31:af:df:8a:90: + b0:17:a9:b9 exponent2: - 00:e2:1b:c2:62:77:ad:e7:78:16:55:f6:22:f8:2c: - 18:f3:ff:0b:22:28:32:6e:32:ee:81:71:34:05:b5: - 22:d6:a9:d5:79:34:08:d8:3f:c9:9c:ec:c1:8e:58: - 93:11:14:42:96:f0:b0:b5:7f:61:43:81:ee:6d:3d: - 6a:8a:e5:d0:0d + 74:e4:d1:0d:60:ae:a2:d6:12:2f:14:8a:54:93:42: + 32:b1:ce:09:51:9e:42:3d:a8:92:f6:29:50:02:1f: + c7:96:1d:35:52:d4:64:c2:21:f4:c1:f2:24:e8:4a: + 55:52:80:3d:52:33:fc:b8:73:bc:21:14:3a:de:07: + 13:68:81:bd coefficient: - 68:c9:e2:ac:3e:cf:75:36:14:e2:99:87:8c:06:51: - 95:a6:91:c3:22:df:a9:dc:03:a8:f8:0e:a7:77:e0: - 64:e6:9e:1a:82:99:e8:e8:20:31:8e:a2:45:2b:35: - f9:8b:be:f9:6c:fe:b9:57:ee:11:9f:ab:b1:76:6a: - 4e:a8:a5:57 + 35:23:9c:8a:44:96:ff:c7:7c:e0:06:d4:df:ca:06: + f2:37:26:d7:6f:00:36:e1:1e:61:5a:1e:15:be:2c: + c7:31:f7:cd:a3:e0:8b:4c:21:db:67:64:e3:d3:a3: + 46:3b:2f:13:35:ca:f3:2c:13:29:ac:69:0a:c9:37: + eb:3d:54:d4 -----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDfAXGvAV2xtq+BIAaxInQS7CD2yBIPE+2kDhevAIl8U6Fdt9fV -OsCrGyptROqMkUR1XhlPvS9nhu14HWelVOP7KX0DKjoVWT8Pj33bQih3SK77LY98 -lzHKfqSgVjwVc8iORQpbFktO1171dYbdqrZp7QWYfO2ULwXiyjN9wuabRwIDAQAB -AoGBAImK1Xgv6n7igyqr+xSjgF3vX4F18pV0IB0QSBE6zpFs71jjO+6a1xxxm+Bb -IiLisguFpyzkLWm38Z0k3bk+O4GVvz9Jh0A7r7cNejkyudxq4qRCtcrLE5fz9zJU -nZ9VI4EYLMiHY13zUH2HPrNuUsfJDEDji0X/p1QMfr3bVxYhAkEA9gS93tmefQxU -K+PrkBfn8GsZmgF0b8V6ddQeNq/douISFZei7rzlnVm2mTqE75gHDxF1ROP9aANt -Lruigo/ecQJBAOgNrinQIqIo5eDUJ4l2FR6GEeqjTwZhLa3Iz7h0MiythYQyAdRG -BNBDeLx9oN4XDs4/KalDj5onobUc+8KFYTcCQQC8q55BTXtyQwY6Mqzw8KR7iGc1 -6G+3WCc2Pdp97hl3VRCxZn0ZwdwF9EtI78wLQvgG4kig8IfiQN52vIdAwbzBAkEA -4hvCYnet53gWVfYi+CwY8/8LIigybjLugXE0BbUi1qnVeTQI2D/JnOzBjliTERRC -lvCwtX9hQ4HubT1qiuXQDQJAaMnirD7PdTYU4pmHjAZRlaaRwyLfqdwDqPgOp3fg -ZOaeGoKZ6OggMY6iRSs1+Yu++Wz+uVfuEZ+rsXZqTqilVw== +MIICWwIBAAKBgQCkHd3jIpoT2apxw/rUb6V+tRmrNDElx7MWI3pQLp2DsyZYX5/+ +4iJn5C0vOWCZ4oO/aEaPZkxgEbW/41Sklx07nmgBwxYvcVc5mEUD6iAq+luadetY +zLUES/Vuk4RlY2MmIDKmbLqUBCvrZ4Q3g+Nw3CIWued9hrSZqPXk7nddRQIDAQAB +AoGANcKC2NCQ4EfBCZtFIymfcK4qRmbGYrXT+ECO5I0gk++vc+t/IaM52gZotrt4 +5W/J8H1b/8Vm52FlxAHXzEKkFEkQdOVr5dqo2Y3FscvGZygA39JLFBZ3HBnJsh9M +QTUELEU8oE6IVZoxwL1X0M+HEeks0AZwDJrUr3FHSU1Do4ECQQDXRZ2np7kkUHm5 +9N8+6nnUoWXatLaGLxFERSL5EBz9JAAc+gjO7g5EuFhNLx2CrT13uXzm7o+XJuKE +ftg7HAxZAkEAwyqenH7IpXm/veMDZ7aihdcc9SOS2a8VOC1Qsf04Z7V5X5ptf4zX +woMKsd1+qEEzuSMW2hQhFRPFGETvW/YKzQJASm967Q7UuNbO0Fr4mqOvDrPkKTSV +bF54BPg2+JH2xB0foOVgCFVOP7rSZZXmCVpnx68unhddNTGv34qQsBepuQJAdOTR +DWCuotYSLxSKVJNCMrHOCVGeQj2okvYpUAIfx5YdNVLUZMIh9MHyJOhKVVKAPVIz +/LhzvCEUOt4HE2iBvQJANSOcikSW/8d84AbU38oG8jcm128ANuEeYVoeFb4sxzH3 +zaPgi0wh22dk49OjRjsvEzXK8ywTKaxpCsk36z1U1A== -----END RSA PRIVATE KEY----- diff --git a/spec/fixtures/ssl/revoked.pem b/spec/fixtures/ssl/revoked.pem index bda5da01bc0..a25dd8b542f 100644 --- a/spec/fixtures/ssl/revoked.pem +++ b/spec/fixtures/ssl/revoked.pem @@ -6,39 +6,39 @@ Certificate: Issuer: CN=Test CA Subauthority Validity Not Before: Jan 1 00:00:00 1970 GMT - Not After : Mar 9 21:35:53 2029 GMT + Not After : Mar 19 05:29:18 2029 GMT Subject: CN=revoked Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: - 00:df:01:71:af:01:5d:b1:b6:af:81:20:06:b1:22: - 74:12:ec:20:f6:c8:12:0f:13:ed:a4:0e:17:af:00: - 89:7c:53:a1:5d:b7:d7:d5:3a:c0:ab:1b:2a:6d:44: - ea:8c:91:44:75:5e:19:4f:bd:2f:67:86:ed:78:1d: - 67:a5:54:e3:fb:29:7d:03:2a:3a:15:59:3f:0f:8f: - 7d:db:42:28:77:48:ae:fb:2d:8f:7c:97:31:ca:7e: - a4:a0:56:3c:15:73:c8:8e:45:0a:5b:16:4b:4e:d7: - 5e:f5:75:86:dd:aa:b6:69:ed:05:98:7c:ed:94:2f: - 05:e2:ca:33:7d:c2:e6:9b:47 + 00:a4:1d:dd:e3:22:9a:13:d9:aa:71:c3:fa:d4:6f: + a5:7e:b5:19:ab:34:31:25:c7:b3:16:23:7a:50:2e: + 9d:83:b3:26:58:5f:9f:fe:e2:22:67:e4:2d:2f:39: + 60:99:e2:83:bf:68:46:8f:66:4c:60:11:b5:bf:e3: + 54:a4:97:1d:3b:9e:68:01:c3:16:2f:71:57:39:98: + 45:03:ea:20:2a:fa:5b:9a:75:eb:58:cc:b5:04:4b: + f5:6e:93:84:65:63:63:26:20:32:a6:6c:ba:94:04: + 2b:eb:67:84:37:83:e3:70:dc:22:16:b9:e7:7d:86: + b4:99:a8:f5:e4:ee:77:5d:45 Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption - 4f:24:56:32:a9:45:7b:f2:f2:2c:29:31:ff:03:e6:da:c9:ed: - 37:87:18:a0:b3:ff:ad:42:82:01:1a:d2:03:09:60:2d:b9:fe: - 81:46:f7:40:90:d4:d6:17:79:93:f4:32:2a:9e:7b:29:8a:97: - 82:d8:55:d8:39:84:6b:d0:da:65:39:de:28:09:33:83:8b:fa: - e2:f2:76:5f:fb:30:72:a7:28:b2:20:48:15:da:3e:87:0d:6a: - 74:1a:c2:55:12:07:7a:2e:30:ec:e6:a6:96:78:34:1b:7d:94: - 7b:67:54:5c:ca:06:98:e3:fb:c7:7f:48:ab:a3:e0:e5:87:2c: - c5:fc + 69:26:f7:09:5e:d5:c1:46:a2:8e:3a:47:b2:9f:19:71:98:d0: + f1:3d:47:7b:ae:0b:f5:72:83:4e:cc:46:ba:5a:96:d1:82:2f: + 11:e6:1d:76:06:39:22:b3:1b:79:03:23:b1:cc:18:5f:ca:89: + 85:a2:4f:2c:9f:1a:47:1f:b3:95:02:e5:06:6a:94:c8:46:ce: + ca:21:46:f2:e3:ad:67:cc:ef:45:e6:c9:44:34:a0:5a:64:74: + 0b:7c:d9:95:ab:0e:38:6f:51:e2:1f:42:e0:31:97:6c:40:a1: + 81:34:64:da:d4:dd:31:71:5b:3f:34:54:94:1f:cd:f6:34:66: + ce:38 -----BEGIN CERTIFICATE----- MIIBpTCCAQ6gAwIBAgIBBDANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRUZXN0 -IENBIFN1YmF1dGhvcml0eTAeFw03MDAxMDEwMDAwMDBaFw0yOTAzMDkyMTM1NTNa +IENBIFN1YmF1dGhvcml0eTAeFw03MDAxMDEwMDAwMDBaFw0yOTAzMTkwNTI5MTha MBIxEDAOBgNVBAMMB3Jldm9rZWQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB -AN8Bca8BXbG2r4EgBrEidBLsIPbIEg8T7aQOF68AiXxToV2319U6wKsbKm1E6oyR -RHVeGU+9L2eG7XgdZ6VU4/spfQMqOhVZPw+PfdtCKHdIrvstj3yXMcp+pKBWPBVz -yI5FClsWS07XXvV1ht2qtmntBZh87ZQvBeLKM33C5ptHAgMBAAEwDQYJKoZIhvcN -AQELBQADgYEATyRWMqlFe/LyLCkx/wPm2sntN4cYoLP/rUKCARrSAwlgLbn+gUb3 -QJDU1hd5k/QyKp57KYqXgthV2DmEa9DaZTneKAkzg4v64vJ2X/swcqcosiBIFdo+ -hw1qdBrCVRIHei4w7Oamlng0G32Ue2dUXMoGmOP7x39Iq6Pg5Ycsxfw= +AKQd3eMimhPZqnHD+tRvpX61Gas0MSXHsxYjelAunYOzJlhfn/7iImfkLS85YJni +g79oRo9mTGARtb/jVKSXHTueaAHDFi9xVzmYRQPqICr6W5p161jMtQRL9W6ThGVj +YyYgMqZsupQEK+tnhDeD43DcIha5532GtJmo9eTud11FAgMBAAEwDQYJKoZIhvcN +AQELBQADgYEAaSb3CV7VwUaijjpHsp8ZcZjQ8T1He64L9XKDTsxGulqW0YIvEeYd +dgY5IrMbeQMjscwYX8qJhaJPLJ8aRx+zlQLlBmqUyEbOyiFG8uOtZ8zvRebJRDSg +WmR0C3zZlasOOG9R4h9C4DGXbEChgTRk2tTdMXFbPzRUlB/N9jRmzjg= -----END CERTIFICATE----- diff --git a/spec/fixtures/ssl/signed-key.pem b/spec/fixtures/ssl/signed-key.pem index be6c39d2a0f..91c7bdb03b7 100644 --- a/spec/fixtures/ssl/signed-key.pem +++ b/spec/fixtures/ssl/signed-key.pem @@ -1,67 +1,67 @@ Private-Key: (1024 bit) modulus: - 00:ad:cf:8f:ff:51:7a:86:cc:99:5d:14:8f:07:0c: - f7:e7:f7:e8:3c:46:90:38:d3:fa:71:91:57:42:3a: - bd:9a:80:24:e8:df:55:26:a6:8f:74:30:5c:5a:f4: - 34:f0:db:76:24:1c:f1:cd:57:1b:80:93:2c:5c:e9: - b1:ea:21:c8:f6:58:52:ce:3f:b3:f6:32:6e:de:00: - b9:8e:a2:9f:07:08:ac:e7:32:6e:43:93:4a:eb:87: - d6:6c:e6:6a:4e:45:bd:f9:08:4b:71:d3:05:77:67: - 87:26:08:12:62:37:09:5f:37:59:09:3e:80:74:b2: - 69:43:46:32:99:b9:db:fe:05 + 00:cb:25:de:72:e8:72:10:9a:ee:70:0f:d3:41:7a: + 7d:3f:02:d9:8f:5a:3b:44:84:92:11:e2:7c:a7:a2: + eb:f9:69:1e:45:78:3b:4d:d8:94:c6:e8:a4:ca:8a: + 11:33:72:5e:08:65:a8:e4:f5:f3:88:f1:1a:fa:19: + 38:2a:ca:82:cf:73:cd:fe:72:95:3e:07:f9:15:f1: + dd:ce:d0:b7:10:b6:83:8f:d1:84:ab:34:56:f7:c4: + 08:49:24:86:16:af:8c:a3:4d:1c:41:40:7d:6a:14: + a1:70:08:7e:dd:01:3a:79:4c:10:48:33:bb:4f:9b: + 23:7f:26:9f:5c:d6:58:00:09 publicExponent: 65537 (0x10001) privateExponent: - 25:5f:98:4b:02:2e:22:86:24:04:0b:c3:a5:74:78: - 69:fc:b8:87:1d:75:2d:83:07:3b:1c:51:73:00:46: - 7c:ce:49:21:79:c4:49:87:4f:19:60:bc:bb:21:ff: - b0:3a:c0:70:8b:78:c2:fa:94:03:55:a2:18:68:77: - c5:2c:76:95:86:fb:af:4d:24:d7:ab:08:65:f3:6e: - 52:7b:cb:ec:89:74:55:e7:6c:26:93:62:ff:01:f0: - 5f:33:1c:a2:db:78:7e:fc:fc:a0:c1:75:cd:2a:aa: - 31:1e:03:ee:0f:a4:be:f8:aa:80:e5:c1:fe:12:67: - 7d:8b:4a:ba:5d:bc:89:01 + 31:b5:1e:6d:37:7b:51:9c:d7:63:0c:3c:40:f5:5b: + d8:23:36:60:e1:4f:47:40:b9:0d:2f:42:19:32:c0: + 52:d2:e9:d9:4d:c6:15:12:3d:b5:3e:0f:b4:8f:7c: + 0d:fe:9a:0b:ab:f4:5b:b1:e2:d9:4b:45:b2:94:a1: + 2d:b7:47:b2:52:e9:4f:62:76:03:ee:d8:b2:72:ff: + e3:5a:7e:90:90:15:cb:38:7d:6e:a7:c3:d5:a9:1b: + 3f:86:df:2b:4d:0a:90:86:35:37:a9:53:46:85:86: + aa:9c:f8:ce:b0:56:2c:77:a4:5e:ee:81:8a:e9:74: + 43:b8:7e:ba:f3:74:68:01 prime1: - 00:e2:de:b4:d0:ef:3c:db:51:50:0f:f5:ff:73:8e: - da:e2:1c:1e:46:3a:09:a0:00:e1:a4:97:90:c7:62: - 9a:e0:84:f4:66:ff:35:be:7f:f8:98:ed:28:50:5d: - a5:77:eb:ab:0d:9c:f8:b1:f9:ef:d0:0e:5b:9f:da: - fa:44:73:3f:d5 + 00:ff:c6:fc:c2:c5:0d:d1:14:1b:05:5d:84:63:d5: + 7d:7c:4c:6c:d2:9d:04:c8:c8:78:6c:b1:e0:35:43: + 46:2a:b8:6f:8f:e1:62:36:bf:c9:39:3b:63:4c:45: + 39:6e:81:67:19:b9:c3:d5:ef:de:05:75:35:d7:ac: + 76:5a:65:3b:41 prime2: - 00:c4:20:c8:8a:86:24:f5:be:20:82:73:f4:bb:43: - 77:d7:c7:cd:de:49:a0:58:1e:c2:5e:34:e2:4e:a0: - fd:26:16:9a:4b:32:42:f2:08:19:93:64:13:cd:d9: - 93:c5:63:0d:39:9f:1d:8d:20:80:02:27:75:71:25: - 74:24:43:0d:71 + 00:cb:53:26:89:18:0d:66:23:58:dc:7f:ef:12:9f: + 1d:a0:28:03:8a:bd:64:0d:e7:4c:7f:1b:03:6e:dd: + e3:08:a9:95:bf:0d:d2:9b:fd:1a:9e:44:e7:f5:b4: + 81:02:33:ca:43:f2:ec:88:b2:d6:1c:4d:96:d1:5e: + 40:6c:3f:fa:c9 exponent1: - 00:b6:34:1a:8f:fa:b3:ab:88:60:7e:91:18:fa:1b: - ef:1a:cd:6e:5b:04:5d:9a:8d:5a:ab:2f:b6:ed:0a: - fa:4b:fb:3b:b6:44:9d:4b:43:c7:ca:3a:1d:b8:7d: - 9d:58:f4:82:ca:4a:19:4a:06:eb:5c:f3:4b:0e:d5: - 75:4d:e8:29:89 + 35:2c:f0:75:a9:b4:12:a8:a4:69:7c:24:bf:00:ae: + 82:fd:fc:8d:d8:d9:1a:c9:1a:c8:36:3e:cf:b3:f9: + cd:7d:e4:ab:bc:06:c8:2d:1d:2f:89:da:3e:0c:12: + 41:98:23:90:24:9f:c3:45:88:1a:08:61:36:42:83: + a4:8d:71:41 exponent2: - 1e:1d:66:8d:96:a1:70:36:5c:69:8b:82:85:8a:8b: - 89:4f:7d:b5:e7:1a:3e:cd:a2:4c:b2:d4:18:fc:b1: - 42:3a:f0:40:21:9c:93:eb:58:7a:00:40:e6:37:c5: - 6f:e6:90:ae:4b:57:4f:47:31:40:a3:6c:6e:0e:31: - 32:2c:35:91 + 00:86:b8:71:b0:24:df:bb:ed:6f:d3:aa:71:1e:45: + 8f:bb:ae:c7:aa:06:13:65:a2:fc:6c:bb:d9:6a:7c: + 5b:12:42:4b:96:6b:f2:40:a9:54:19:ca:4e:67:df: + 52:1b:c3:75:21:d0:b4:29:5f:55:bf:2b:29:e3:50: + 30:1f:89:c5:01 coefficient: - 57:c8:09:23:2a:ad:d0:a4:c0:f5:5b:9c:b4:7e:36: - a2:b6:dd:8d:cc:9d:ac:db:e9:03:3d:32:a3:90:c3: - 47:9d:07:69:9c:c5:97:94:96:53:b4:b6:c5:45:96: - 56:07:e4:c6:9a:ec:56:a4:b5:c3:12:70:ee:13:ae: - 43:bd:51:39 + 38:33:d3:bc:f2:38:03:c9:f1:67:2f:85:80:53:17: + d1:6d:b1:b1:1c:a0:a4:db:6b:b7:49:64:01:fa:e3: + 7e:ac:48:c6:3f:12:19:fa:71:c9:6b:7b:37:c1:42: + a3:dd:3c:ad:68:af:a2:c1:aa:d3:59:20:84:85:0f: + 39:22:87:b6 -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQCtz4//UXqGzJldFI8HDPfn9+g8RpA40/pxkVdCOr2agCTo31Um -po90MFxa9DTw23YkHPHNVxuAkyxc6bHqIcj2WFLOP7P2Mm7eALmOop8HCKznMm5D -k0rrh9Zs5mpORb35CEtx0wV3Z4cmCBJiNwlfN1kJPoB0smlDRjKZudv+BQIDAQAB -AoGAJV+YSwIuIoYkBAvDpXR4afy4hx11LYMHOxxRcwBGfM5JIXnESYdPGWC8uyH/ -sDrAcIt4wvqUA1WiGGh3xSx2lYb7r00k16sIZfNuUnvL7Il0VedsJpNi/wHwXzMc -ott4fvz8oMF1zSqqMR4D7g+kvviqgOXB/hJnfYtKul28iQECQQDi3rTQ7zzbUVAP -9f9zjtriHB5GOgmgAOGkl5DHYprghPRm/zW+f/iY7ShQXaV366sNnPix+e/QDluf -2vpEcz/VAkEAxCDIioYk9b4ggnP0u0N318fN3kmgWB7CXjTiTqD9JhaaSzJC8ggZ -k2QTzdmTxWMNOZ8djSCAAid1cSV0JEMNcQJBALY0Go/6s6uIYH6RGPob7xrNblsE -XZqNWqsvtu0K+kv7O7ZEnUtDx8o6Hbh9nVj0gspKGUoG61zzSw7VdU3oKYkCQB4d -Zo2WoXA2XGmLgoWKi4lPfbXnGj7Nokyy1Bj8sUI68EAhnJPrWHoAQOY3xW/mkK5L -V09HMUCjbG4OMTIsNZECQFfICSMqrdCkwPVbnLR+NqK23Y3Mnazb6QM9MqOQw0ed -B2mcxZeUllO0tsVFllYH5Maa7FaktcMScO4TrkO9UTk= +MIICXAIBAAKBgQDLJd5y6HIQmu5wD9NBen0/AtmPWjtEhJIR4nynouv5aR5FeDtN +2JTG6KTKihEzcl4IZajk9fOI8Rr6GTgqyoLPc83+cpU+B/kV8d3O0LcQtoOP0YSr +NFb3xAhJJIYWr4yjTRxBQH1qFKFwCH7dATp5TBBIM7tPmyN/Jp9c1lgACQIDAQAB +AoGAMbUebTd7UZzXYww8QPVb2CM2YOFPR0C5DS9CGTLAUtLp2U3GFRI9tT4PtI98 +Df6aC6v0W7Hi2UtFspShLbdHslLpT2J2A+7YsnL/41p+kJAVyzh9bqfD1akbP4bf +K00KkIY1N6lTRoWGqpz4zrBWLHekXu6Biul0Q7h+uvN0aAECQQD/xvzCxQ3RFBsF +XYRj1X18TGzSnQTIyHhsseA1Q0YquG+P4WI2v8k5O2NMRTlugWcZucPV794FdTXX +rHZaZTtBAkEAy1MmiRgNZiNY3H/vEp8doCgDir1kDedMfxsDbt3jCKmVvw3Sm/0a +nkTn9bSBAjPKQ/LsiLLWHE2W0V5AbD/6yQJANSzwdam0EqikaXwkvwCugv38jdjZ +GskayDY+z7P5zX3kq7wGyC0dL4naPgwSQZgjkCSfw0WIGghhNkKDpI1xQQJBAIa4 +cbAk37vtb9OqcR5Fj7uux6oGE2Wi/Gy72Wp8WxJCS5Zr8kCpVBnKTmffUhvDdSHQ +tClfVb8rKeNQMB+JxQECQDgz07zyOAPJ8WcvhYBTF9FtsbEcoKTba7dJZAH6436s +SMY/Ehn6cclrezfBQqPdPK1or6LBqtNZIISFDzkih7Y= -----END RSA PRIVATE KEY----- diff --git a/spec/fixtures/ssl/signed.pem b/spec/fixtures/ssl/signed.pem index 171bdf2bf88..e3c60f49a71 100644 --- a/spec/fixtures/ssl/signed.pem +++ b/spec/fixtures/ssl/signed.pem @@ -6,39 +6,39 @@ Certificate: Issuer: CN=Test CA Subauthority Validity Not Before: Jan 1 00:00:00 1970 GMT - Not After : Mar 9 21:35:53 2029 GMT + Not After : Mar 19 05:29:18 2029 GMT Subject: CN=signed Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: - 00:ad:cf:8f:ff:51:7a:86:cc:99:5d:14:8f:07:0c: - f7:e7:f7:e8:3c:46:90:38:d3:fa:71:91:57:42:3a: - bd:9a:80:24:e8:df:55:26:a6:8f:74:30:5c:5a:f4: - 34:f0:db:76:24:1c:f1:cd:57:1b:80:93:2c:5c:e9: - b1:ea:21:c8:f6:58:52:ce:3f:b3:f6:32:6e:de:00: - b9:8e:a2:9f:07:08:ac:e7:32:6e:43:93:4a:eb:87: - d6:6c:e6:6a:4e:45:bd:f9:08:4b:71:d3:05:77:67: - 87:26:08:12:62:37:09:5f:37:59:09:3e:80:74:b2: - 69:43:46:32:99:b9:db:fe:05 + 00:cb:25:de:72:e8:72:10:9a:ee:70:0f:d3:41:7a: + 7d:3f:02:d9:8f:5a:3b:44:84:92:11:e2:7c:a7:a2: + eb:f9:69:1e:45:78:3b:4d:d8:94:c6:e8:a4:ca:8a: + 11:33:72:5e:08:65:a8:e4:f5:f3:88:f1:1a:fa:19: + 38:2a:ca:82:cf:73:cd:fe:72:95:3e:07:f9:15:f1: + dd:ce:d0:b7:10:b6:83:8f:d1:84:ab:34:56:f7:c4: + 08:49:24:86:16:af:8c:a3:4d:1c:41:40:7d:6a:14: + a1:70:08:7e:dd:01:3a:79:4c:10:48:33:bb:4f:9b: + 23:7f:26:9f:5c:d6:58:00:09 Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption - 6a:6e:bf:67:1a:d4:05:70:ea:cb:b5:e6:8c:4e:1c:67:79:d1: - 67:12:aa:ea:b9:7c:02:3e:8c:b5:98:bb:5c:b2:1d:74:2f:77: - 4e:19:15:9d:6a:ae:5e:19:2b:5c:34:94:4b:88:9f:c1:08:75: - a0:84:94:7c:83:e5:a8:14:49:2b:e8:12:06:51:10:da:d0:69: - ce:55:3c:25:17:cc:2a:6b:a3:87:a8:00:2e:5a:6e:92:c4:29: - ed:65:6b:69:9b:aa:0c:50:5d:73:1e:0d:1d:31:5d:55:3a:a5: - 7c:9c:e9:86:c4:f4:5e:a7:2e:4f:6b:99:de:4d:8b:4b:d3:95: - e3:6e + aa:7b:dd:a4:89:af:1c:e0:8e:23:19:e7:1b:3d:ad:40:9b:4f: + 2e:1a:59:56:3b:1f:61:18:71:5d:09:94:c3:ee:1c:73:af:53: + f8:72:e1:2f:51:df:d2:67:7c:d5:4a:05:91:53:70:3c:1c:39: + 6e:f0:8c:69:92:e2:ac:0d:2c:d0:17:c4:3e:cf:3b:0d:8b:a0: + 6f:fb:76:e4:ba:9a:a6:fe:e4:ef:e5:00:4a:41:57:e6:84:17: + 53:ab:28:69:b2:6f:cf:54:9c:8b:d8:eb:3e:20:23:fb:fd:1a: + fd:9c:1f:44:d9:1a:6d:5f:4f:fb:c7:24:da:b7:61:9d:9d:7c: + b5:e6 -----BEGIN CERTIFICATE----- MIIBpDCCAQ2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRUZXN0 -IENBIFN1YmF1dGhvcml0eTAeFw03MDAxMDEwMDAwMDBaFw0yOTAzMDkyMTM1NTNa +IENBIFN1YmF1dGhvcml0eTAeFw03MDAxMDEwMDAwMDBaFw0yOTAzMTkwNTI5MTha MBExDzANBgNVBAMMBnNpZ25lZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA -rc+P/1F6hsyZXRSPBwz35/foPEaQONP6cZFXQjq9moAk6N9VJqaPdDBcWvQ08Nt2 -JBzxzVcbgJMsXOmx6iHI9lhSzj+z9jJu3gC5jqKfBwis5zJuQ5NK64fWbOZqTkW9 -+QhLcdMFd2eHJggSYjcJXzdZCT6AdLJpQ0Yymbnb/gUCAwEAATANBgkqhkiG9w0B -AQsFAAOBgQBqbr9nGtQFcOrLteaMThxnedFnEqrquXwCPoy1mLtcsh10L3dOGRWd -aq5eGStcNJRLiJ/BCHWghJR8g+WoFEkr6BIGURDa0GnOVTwlF8wqa6OHqAAuWm6S -xCntZWtpm6oMUF1zHg0dMV1VOqV8nOmGxPRepy5Pa5neTYtL05Xjbg== +yyXecuhyEJrucA/TQXp9PwLZj1o7RISSEeJ8p6Lr+WkeRXg7TdiUxuikyooRM3Je +CGWo5PXziPEa+hk4KsqCz3PN/nKVPgf5FfHdztC3ELaDj9GEqzRW98QISSSGFq+M +o00cQUB9ahShcAh+3QE6eUwQSDO7T5sjfyafXNZYAAkCAwEAATANBgkqhkiG9w0B +AQsFAAOBgQCqe92kia8c4I4jGecbPa1Am08uGllWOx9hGHFdCZTD7hxzr1P4cuEv +Ud/SZ3zVSgWRU3A8HDlu8IxpkuKsDSzQF8Q+zzsNi6Bv+3bkupqm/uTv5QBKQVfm +hBdTqyhpsm/PVJyL2Os+ICP7/Rr9nB9E2RptX0/7xyTat2GdnXy15g== -----END CERTIFICATE----- diff --git a/spec/fixtures/ssl/tampered-cert.pem b/spec/fixtures/ssl/tampered-cert.pem index 7e62ae04882..e77256eea2b 100644 --- a/spec/fixtures/ssl/tampered-cert.pem +++ b/spec/fixtures/ssl/tampered-cert.pem @@ -1,44 +1,44 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 8 (0x8) + Serial Number: 9 (0x9) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Test CA Subauthority Validity Not Before: Jan 1 00:00:00 1970 GMT - Not After : Mar 9 21:35:53 2029 GMT + Not After : Mar 19 05:29:18 2029 GMT Subject: CN=signed Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: - 00:c8:59:04:8a:ae:1e:28:41:59:f9:0d:58:9c:11: - 27:30:76:f1:de:37:56:de:be:28:e2:79:4a:d0:c3: - 6f:73:c2:fc:77:3d:44:4b:42:aa:0e:02:43:c6:5f: - 52:33:a5:11:8e:65:c0:53:e8:3d:f9:a2:16:7d:1b: - 6c:b9:16:9d:8f:5d:a2:f8:c6:be:58:cc:4e:51:28: - d6:3c:bf:9a:01:e8:b2:9d:d5:75:3c:27:6e:fa:81: - e4:d5:0d:15:af:28:d2:0c:91:36:41:eb:62:32:95: - 65:e8:48:1c:b3:f6:de:bf:35:cd:8f:d3:74:71:d4: - d3:19:4c:7b:42:04:bc:66:43 + 00:e9:52:66:0c:f5:a4:c3:bf:69:a4:b4:b5:12:7c: + 06:49:56:33:03:d5:f3:ef:2f:c9:5c:1d:ad:1a:0b: + 42:f1:7b:dc:69:97:59:4e:eb:58:1b:a0:60:d4:9e: + 8d:57:b3:06:88:7b:96:74:65:ca:8d:e7:30:38:3b: + 20:74:52:9f:7f:0d:bc:57:b1:bf:ef:35:b8:65:d0: + e8:c0:9a:d1:62:60:c8:3a:b9:fb:99:2e:da:60:5b: + a7:18:ae:07:42:4f:57:ef:92:c6:dc:68:f7:b5:18: + 16:e6:b3:0a:22:38:5e:17:13:9b:b0:83:53:5a:b8: + c0:71:b1:1a:ef:71:5b:79:07 Exponent: 65537 (0x10001) Signature Algorithm: sha256WithRSAEncryption - 8b:30:32:a3:ce:74:8a:49:55:b0:c9:9d:47:b0:aa:9e:0c:8f: - b0:af:ef:e9:26:41:b3:bf:cb:dc:89:2a:fc:58:28:10:f8:67: - bd:9e:08:80:c5:77:31:63:29:34:0d:c2:5c:a7:1e:53:60:18: - d5:7c:88:68:18:f6:79:39:d3:1e:76:23:6a:24:4d:49:72:ed: - 81:fc:9f:c8:08:d1:03:e7:d6:09:9c:be:00:5b:51:56:33:cd: - 22:98:73:ec:2a:9f:1d:7b:32:bb:f5:02:46:98:8c:4e:0e:cd: - 3e:d5:e0:2f:fe:3f:b8:f9:10:ee:da:f1:b4:44:04:21:82:81: - 40:30 + 79:d2:09:0a:a6:0c:b6:35:fa:e7:57:28:ec:00:59:f0:37:39: + d2:d8:f4:3f:65:67:8a:fd:13:54:0e:ed:e4:48:b4:1b:09:fd: + 76:9f:0b:5e:1d:81:ac:c6:d7:f4:da:ac:bb:78:64:ba:2f:e1: + 03:11:df:36:0e:92:92:ac:f8:28:40:f5:cc:26:53:70:a4:30: + 6b:cf:a0:80:1e:cc:b1:4b:a5:2a:81:e2:24:e5:24:16:49:ee: + 7e:0a:36:3e:c7:f4:75:9b:13:e2:04:0f:5f:a0:95:39:d3:8e: + 80:7d:01:67:64:06:d1:d4:25:ce:75:f6:9e:03:66:71:6e:ef: + 60:51 -----BEGIN CERTIFICATE----- -MIIBpDCCAQ2gAwIBAgIBCDANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRUZXN0 -IENBIFN1YmF1dGhvcml0eTAeFw03MDAxMDEwMDAwMDBaFw0yOTAzMDkyMTM1NTNa +MIIBpDCCAQ2gAwIBAgIBCTANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRUZXN0 +IENBIFN1YmF1dGhvcml0eTAeFw03MDAxMDEwMDAwMDBaFw0yOTAzMTkwNTI5MTha MBExDzANBgNVBAMMBnNpZ25lZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA -yFkEiq4eKEFZ+Q1YnBEnMHbx3jdW3r4o4nlK0MNvc8L8dz1ES0KqDgJDxl9SM6UR -jmXAU+g9+aIWfRtsuRadj12i+Ma+WMxOUSjWPL+aAeiyndV1PCdu+oHk1Q0VryjS -DJE2QetiMpVl6Egcs/bevzXNj9N0cdTTGUx7QgS8ZkMCAwEAATANBgkqhkiG9w0B -AQsFAAOBgQCLMDKjznSKSVWwyZ1HsKqeDI+wr+/pJkGzv8vciSr8WCgQ+Ge9ngiA -xXcxYyk0DcJcpx5TYBjVfIhoGPZ5OdMediNqJE1Jcu2B/J/ICNED59YJnL4AW1FW -M80imHPsKp8dezK79QJGmIxODs0+1eAv/j+4+RDu2vG0RAQhgoFAMA== +6VJmDPWkw79ppLS1EnwGSVYzA9Xz7y/JXB2tGgtC8XvcaZdZTutYG6Bg1J6NV7MG +iHuWdGXKjecwODsgdFKffw28V7G/7zW4ZdDowJrRYmDIOrn7mS7aYFunGK4HQk9X +75LG3Gj3tRgW5rMKIjheFxObsINTWrjAcbEa73FbeQcCAwEAATANBgkqhkiG9w0B +AQsFAAOBgQB50gkKpgy2NfrnVyjsAFnwNznS2PQ/ZWeK/RNUDu3kSLQbCf12nwte +HYGsxtf02qy7eGS6L+EDEd82DpKSrPgoQPXMJlNwpDBrz6CAHsyxS6UqgeIk5SQW +Se5+CjY+x/R1mxPiBA9foJU5046AfQFnZAbR1CXOdfaeA2Zxbu9gUQ== -----END CERTIFICATE----- diff --git a/spec/fixtures/ssl/tampered-csr.pem b/spec/fixtures/ssl/tampered-csr.pem index 093cbfa5bcc..ca061b64d41 100644 --- a/spec/fixtures/ssl/tampered-csr.pem +++ b/spec/fixtures/ssl/tampered-csr.pem @@ -6,34 +6,34 @@ Certificate Request: Public Key Algorithm: rsaEncryption Public-Key: (1024 bit) Modulus: - 00:c1:cf:0a:79:46:63:ed:c2:9e:2b:a6:2a:4d:2b: - 9b:e6:f3:d0:cd:98:3e:55:ab:ea:be:a9:41:a6:db: - ad:1e:ea:33:64:b9:18:67:b1:8b:53:5a:12:69:eb: - d1:ad:a9:85:6e:7d:f0:ef:a4:4b:1a:c4:75:71:4f: - 3a:5c:7a:59:43:ab:b4:65:fd:75:0e:0a:6f:ac:a0: - 35:fc:fc:34:6c:38:9e:1d:95:26:81:cf:8b:24:d3: - c1:65:d0:57:fb:e7:b1:1b:57:61:5c:40:2a:0f:a0: - 7d:d8:26:c6:9e:b5:bf:fd:0f:72:6a:df:2b:23:2f: - 01:39:21:42:a6:43:13:07:55 + 00:ab:07:f5:c8:9f:d5:b1:13:e8:8d:35:62:9d:65: + 8d:5a:b8:30:dc:f0:a1:10:86:1b:15:46:30:98:0a: + 5b:8e:c6:db:de:91:a2:c4:6f:b6:2b:01:cb:fc:dd: + 32:44:d7:f9:b0:b2:73:02:f5:60:f6:53:e0:9a:65: + 29:42:94:cb:b1:f9:40:52:bc:af:f1:23:87:49:33: + a8:26:f0:7d:86:5c:aa:df:f9:e6:1a:d7:5b:0f:14: + 65:3c:2c:aa:4c:01:48:57:7c:f1:c8:94:82:24:54: + 3c:90:8b:bc:a2:8e:23:83:23:b4:d0:3e:0d:f0:ec: + 9a:dc:9b:69:c2:17:9a:de:0b Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha256WithRSAEncryption - 7a:96:63:e3:47:6b:3d:c2:03:79:cb:c1:98:58:b6:ec:9e:5b: - 43:fe:0a:42:7a:fc:e6:e4:0a:fc:15:6e:b6:c5:f3:5e:fb:43: - ab:d3:fb:35:83:52:ba:3e:81:77:3b:f3:9d:05:24:5b:91:a6: - 9b:90:48:13:f2:ec:2a:9d:8f:1c:c6:46:f0:a0:76:ae:fe:f9: - d4:16:5e:5a:9d:85:bc:ec:f1:28:86:1a:0f:ce:2a:f9:4f:ab: - 91:84:39:10:9e:53:61:88:cc:06:5a:32:53:6e:d8:79:6b:6d: - 3a:47:0a:5a:63:0d:73:e0:ac:96:4f:00:ea:4d:6d:44:1d:17: - 7a:9a + af:37:2f:b2:a9:2e:28:fe:3b:f8:79:7f:01:da:34:f7:95:7a: + 68:bd:44:4e:fa:14:fc:f4:2d:d5:58:71:82:5c:65:08:52:81: + c9:42:cb:24:2e:34:6d:d1:ce:28:fb:65:d3:1b:ca:32:af:16: + 16:07:3a:07:1c:cc:44:2f:92:28:85:c3:08:78:cb:72:a3:e4: + fc:a6:6e:bf:66:99:9a:96:31:29:e5:d8:b7:6f:b0:db:cd:3e: + 76:11:35:51:4e:b0:8c:f2:99:78:a7:6d:54:01:fe:65:97:ca: + bd:74:40:69:32:4a:c7:ec:fe:b0:2a:a8:2d:a2:ee:01:b2:aa: + f3:37 -----BEGIN CERTIFICATE REQUEST----- MIIBUDCBugIBAjARMQ8wDQYDVQQDDAZzaWduZWQwgZ8wDQYJKoZIhvcNAQEBBQAD -gY0AMIGJAoGBAMHPCnlGY+3CniumKk0rm+bz0M2YPlWr6r6pQabbrR7qM2S5GGex -i1NaEmnr0a2phW598O+kSxrEdXFPOlx6WUOrtGX9dQ4Kb6ygNfz8NGw4nh2VJoHP -iyTTwWXQV/vnsRtXYVxAKg+gfdgmxp61v/0PcmrfKyMvATkhQqZDEwdVAgMBAAGg -ADANBgkqhkiG9w0BAQsFAAOBgQB6lmPjR2s9wgN5y8GYWLbsnltD/gpCevzm5Ar8 -FW62xfNe+0Or0/s1g1K6PoF3O/OdBSRbkaabkEgT8uwqnY8cxkbwoHau/vnUFl5a -nYW87PEohhoPzir5T6uRhDkQnlNhiMwGWjJTbth5a206RwpaYw1z4KyWTwDqTW1E -HRd6mg== +gY0AMIGJAoGBAKsH9cif1bET6I01Yp1ljVq4MNzwoRCGGxVGMJgKW47G296RosRv +tisBy/zdMkTX+bCycwL1YPZT4JplKUKUy7H5QFK8r/Ejh0kzqCbwfYZcqt/55hrX +Ww8UZTwsqkwBSFd88ciUgiRUPJCLvKKOI4MjtNA+DfDsmtybacIXmt4LAgMBAAGg +ADANBgkqhkiG9w0BAQsFAAOBgQCvNy+yqS4o/jv4eX8B2jT3lXpovURO+hT89C3V +WHGCXGUIUoHJQsskLjRt0c4o+2XTG8oyrxYWBzoHHMxEL5IohcMIeMtyo+T8pm6/ +ZpmaljEp5di3b7DbzT52ETVRTrCM8pl4p21UAf5ll8q9dEBpMkrH7P6wKqgtou4B +sqrzNw== -----END CERTIFICATE REQUEST----- diff --git a/spec/lib/puppet/test_ca.rb b/spec/lib/puppet/test_ca.rb index 60c615b39ce..606cd4c1c18 100644 --- a/spec/lib/puppet/test_ca.rb +++ b/spec/lib/puppet/test_ca.rb @@ -30,8 +30,8 @@ def initialize end def create_request(name) - key = OpenSSL::PKey::RSA.new(1024) csr = OpenSSL::X509::Request.new + key = OpenSSL::PKey::RSA.new(1024) csr.public_key = key.public_key csr.subject = OpenSSL::X509::Name.new([["CN", name]]) csr.version = 2 @@ -40,7 +40,7 @@ def create_request(name) end def create_cert(name, issuer_cert, issuer_key, opts = {}) - key, cert = build_cert(name, issuer_cert.subject) + key, cert = build_cert(name, issuer_cert.subject, opts) ef = extension_factory_for(issuer_cert, cert) if opts[:subject_alt_names] ext = ef.create_extension(["subjectAltName", opts[:subject_alt_names], false]) @@ -123,10 +123,23 @@ def generate(name, opts) private - def build_cert(name, issuer) - key = OpenSSL::PKey::RSA.new(1024) + def build_cert(name, issuer, opts = {}) + key = if opts[:key_type] == :ec + key = OpenSSL::PKey::EC.generate('prime256v1') + else + key = OpenSSL::PKey::RSA.new(1024) + end cert = OpenSSL::X509::Certificate.new - cert.public_key = key.public_key + cert.public_key = if key.is_a?(OpenSSL::PKey::EC) + # EC#public_key doesn't following the PKey API, + # see https://github.com/ruby/openssl/issues/29 + point = key.public_key + pubkey = OpenSSL::PKey::EC.new(point.group) + pubkey.public_key = point + pubkey + else + key.public_key + end cert.subject = OpenSSL::X509::Name.new([["CN", name]]) cert.issuer = issuer cert.version = 2 diff --git a/spec/lib/puppet_spec/fixtures.rb b/spec/lib/puppet_spec/fixtures.rb index 8df8494d6d0..42e3113c68d 100644 --- a/spec/lib/puppet_spec/fixtures.rb +++ b/spec/lib/puppet_spec/fixtures.rb @@ -39,7 +39,7 @@ def crl_fixture(name) end def key_fixture(name) - OpenSSL::PKey::RSA.new(pem_content(name)) + OpenSSL::PKey.read(pem_content(name)) end def request_fixture(name) diff --git a/spec/unit/application/ssl_spec.rb b/spec/unit/application/ssl_spec.rb index 797c6e8d8f9..d5f7cf90e0a 100644 --- a/spec/unit/application/ssl_spec.rb +++ b/spec/unit/application/ssl_spec.rb @@ -115,6 +115,16 @@ def expects_command_to_fail(message) expects_command_to_pass(%r{Submitted certificate request for '#{name}' to https://.*}) end + it 'generates an EC private key' do + Puppet[:key_type] = 'ec' + File.unlink(Puppet[:hostprivkey]) + + stub_request(:put, %r{puppet-ca/v1/certificate_request/#{name}}).to_return(status: 200) + stub_request(:get, %r{puppet-ca/v1/certificate/#{name}}).to_return(status: 404) + + expects_command_to_pass(%r{Submitted certificate request for '#{name}' to https://.*}) + end + it 'submits the CSR and saves it locally' do stub_request(:put, %r{puppet-ca/v1/certificate_request/#{name}}).to_return(status: 200) stub_request(:get, %r{puppet-ca/v1/certificate/#{name}}).to_return(status: 404) diff --git a/spec/unit/ssl/ssl_provider_spec.rb b/spec/unit/ssl/ssl_provider_spec.rb index a71c4a8bf40..269873f8cf6 100644 --- a/spec/unit/ssl/ssl_provider_spec.rb +++ b/spec/unit/ssl/ssl_provider_spec.rb @@ -141,11 +141,18 @@ def as_pem_file(x509) expect(sslctx.private_key).to eq(private_key) end + it 'accepts EC keys' do + ec_key = key_fixture('ec-key.pem') + ec_cert = cert_fixture('ec.pem') + sslctx = subject.create_context(config.merge(client_cert: ec_cert, private_key: ec_key)) + expect(sslctx.private_key).to eq(ec_key) + end + it 'raises if private key is unsupported' do - ec_key = OpenSSL::PKey::EC.new + dsa_key = OpenSSL::PKey::DSA.new expect { - subject.create_context(config.merge(private_key: ec_key)) - }.to raise_error(Puppet::SSL::SSLError, /Unsupported key 'OpenSSL::PKey::EC'/) + subject.create_context(config.merge(private_key: dsa_key)) + }.to raise_error(Puppet::SSL::SSLError, /Unsupported key 'OpenSSL::PKey::DSA'/) end it 'resolves the client chain from leaf to root' do diff --git a/spec/unit/ssl/state_machine_spec.rb b/spec/unit/ssl/state_machine_spec.rb index aec2cd56040..11094ef433b 100644 --- a/spec/unit/ssl/state_machine_spec.rb +++ b/spec/unit/ssl/state_machine_spec.rb @@ -267,6 +267,17 @@ expect(st.private_key).to be_private end + it 'generates a new EC private key, saves it and passes it to the next state' do + Puppet[:key_type] = 'ec' + allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_private_key).and_return(nil) + expect_any_instance_of(Puppet::X509::CertProvider).to receive(:save_private_key) + + st = state.next_state + expect(st).to be_instance_of(Puppet::SSL::StateMachine::NeedSubmitCSR) + expect(st.private_key).to be_instance_of(OpenSSL::PKey::EC) + expect(st.private_key).to be_private + end + it 'raises an error if it fails to load the key' do allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_private_key).and_raise(OpenSSL::PKey::RSAError) diff --git a/spec/unit/x509/cert_provider_spec.rb b/spec/unit/x509/cert_provider_spec.rb index 8b9c4e47082..1244b9cd0e3 100644 --- a/spec/unit/x509/cert_provider_spec.rb +++ b/spec/unit/x509/cert_provider_spec.rb @@ -280,7 +280,7 @@ def expects_private_file(path) # password is 74695716c8b6 expect { provider.load_private_key('encrypted-key') - }.to raise_error(OpenSSL::PKey::RSAError, /Neither PUB key nor PRIV key/) + }.to raise_error(OpenSSL::PKey::PKeyError, /Could not parse PKey: no start line/) end end end diff --git a/tasks/generate_cert_fixtures.rake b/tasks/generate_cert_fixtures.rake index ce152cb2641..19c3fa6b745 100644 --- a/tasks/generate_cert_fixtures.rake +++ b/tasks/generate_cert_fixtures.rake @@ -38,7 +38,8 @@ task(:gen_cert_fixtures) do # signed.pem | +- /CN=signed # revoked.pem | +- /CN=revoked # 127.0.0.1.pem | +- /CN=127.0.0.1 (with dns alt names) - # tampered.pem | +- /CN=signed (with different public key) + # tampered-cert.pem | +- /CN=signed (with different public key) + # ec.pem | +- /CN=ec (with EC private key) # | # + /CN=Test CA Agent Subauthority # | | @@ -95,6 +96,11 @@ task(:gen_cert_fixtures) do save(dir, 'revoked.pem', revoked[:cert]) save(dir, 'revoked-key.pem', revoked[:private_key]) + # Create an EC key and cert, issued by "Test CA Subauthority" + ec = ca.create_cert('ec', inter[:cert], inter[:private_key], key_type: :ec) + save(dir, 'ec.pem', ec[:cert]) + save(dir, 'ec-key.pem', ec[:private_key]) + # Update intermediate CRL now that we've revoked save(dir, 'intermediate-crl.pem', inter_crl)