diff options
Diffstat (limited to 'tests/aleksey-xkms-01')
48 files changed, 800 insertions, 0 deletions
diff --git a/tests/aleksey-xkms-01/bad-request-name-not-supported.xml b/tests/aleksey-xkms-01/bad-request-name-not-supported.xml new file mode 100644 index 00000000..f2d874f1 --- /dev/null +++ b/tests/aleksey-xkms-01/bad-request-name-not-supported.xml @@ -0,0 +1,2 @@ +<?xml version="1.0"?> +<Result xmlns="http://www.w3.org/2002/03/xkms#" Id="K5FhJO2yxpaycO7RjWW87ASoUt7qQc0h" Service="http://www.example.com/xkms" ResultMajor="Sender" ResultMinor="MessageNotSupported"/> diff --git a/tests/aleksey-xkms-01/bad-request-name.xml b/tests/aleksey-xkms-01/bad-request-name.xml new file mode 100644 index 00000000..1166191d --- /dev/null +++ b/tests/aleksey-xkms-01/bad-request-name.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="utf-8"?> +<InvalidRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + xmlns="http://www.w3.org/2002/03/xkms#" + Id="aleksey_xkms_01_bad_request_name" + Service="http://www.example.com/xkms" + Nonce="NhdGUxFjAUBgNVBAMTDUFsZWtzZXkasdfgU2Fu" + ResponseLimit="5" > + <RespondWith>KeyName</RespondWith> +</InvalidRequest> diff --git a/tests/aleksey-xkms-01/compound-example-1-no-match.xml b/tests/aleksey-xkms-01/compound-example-1-no-match.xml new file mode 100644 index 00000000..4027213c --- /dev/null +++ b/tests/aleksey-xkms-01/compound-example-1-no-match.xml @@ -0,0 +1,7 @@ +<?xml version="1.0"?> +<CompoundResult xmlns="http://www.w3.org/2002/03/xkms#" Id="PTLTkLuPfZtNrXVhhcrCqa_0o_73Sqno" Service="http://www.example.com/xkms" RequestId="Ie383fac377f1e54d2b26596c072b8b7a" ResultMajor="Sender" ResultMinor="NoMatch"> +<LocateResult Id="ADj5gRxQoJ__nZ6iWKweeUVy7C4ydhs3" Service="http://www.example.com/xkms" RequestId="I97a5c09bff0fe094d27facf5e5adb206" ResultMajor="Sender" ResultMinor="NoMatch"/> + +<LocateResult Id="tWuDz6Ahiw2U40SQXvT_X4Dq1B5KCanL" Service="http://www.example.com/xkms" RequestId="Icf173d33d71c80c74589c6204f7aeb4f" ResultMajor="Sender" ResultMinor="NoMatch"/> + +</CompoundResult> diff --git a/tests/aleksey-xkms-01/compound-example-1.xml b/tests/aleksey-xkms-01/compound-example-1.xml new file mode 100644 index 00000000..f933ab60 --- /dev/null +++ b/tests/aleksey-xkms-01/compound-example-1.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="utf-8"?> +<CompoundRequest xmlns="http://www.w3.org/2002/03/xkms#" + Id="Ie383fac377f1e54d2b26596c072b8b7a" + Service="http://www.example.com/xkms"> + <LocateRequest Id="I97a5c09bff0fe094d27facf5e5adb206" + Service="http://www.example.com/xkms"> + <RespondWith>KeyValue</RespondWith> + <QueryKeyBinding> + <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> + <X509Data> + <X509Certificate> +MIIDdDCCAx6gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCkNhbGlmb3JuaWExHjAcBgNVBAoTFWFsZWtzZXkteGttcy0wMSB0 +ZXN0czEZMBcGA1UECxMQc2Vjb25kIGxldmVsIGtleTEmMCQGA1UEAxMdaHR0cDov +L3d3dy5hbGVrc2V5LmNvbS94bWxzZWMxIjAgBgkqhkiG9w0BCQEWE2FsZWtzZXlA +YWxla3NleS5jb20wHhcNMDQwMjAyMjA1NzAyWhcNMDUwMjAxMjA1NzAyWjCBqDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHjAcBgNVBAoTFWFsZWtz +ZXkteGttcy0wMSB0ZXN0czEYMBYGA1UECxMPdGhpcmQgbGV2ZWwga2V5MSYwJAYD +VQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYzEiMCAGCSqGSIb3DQEJ +ARYTYWxla3NleUBhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDn +yQJWr0ZHBuP0uaOACOkD78aRjBr9pEfafTN9qOJv519GD3fg0NFSdZFOpsUKvNYO +vwOJiyf+S9gSOOtnJVzpAgMBAAGjggEuMIIBKjAJBgNVHRMEAjAAMCwGCWCGSAGG ++EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU +VBaMhaAXDULGX8z23piFj9uzOPowgc8GA1UdIwSBxzCBxIAUi6lU1cREQvVyXYY6 +y8pTI4qPt/yhgaikgaUwgaIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y +bmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxHjAcBgNVBAoTFWFsZWtzZXkteGttcy0w +MSB0ZXN0czEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMx +IjAgBgkqhkiG9w0BCQEWE2FsZWtzZXlAYWxla3NleS5jb22CAQEwDQYJKoZIhvcN +AQEEBQADQQAKRCJXl5CTvvDN5jMaawgGU4DYDpvKmJbMKIV7XM+ZXBFnvcooUSIy +6EGxF8UmAOSNaqZy+bPXJHiRCbmpNR3e + </X509Certificate> + </X509Data> + </KeyInfo> + <KeyUsage>Signature</KeyUsage> + </QueryKeyBinding> + </LocateRequest> + <LocateRequest Id="Icf173d33d71c80c74589c6204f7aeb4f" + Service="http://www.example.com/xkms"> + <RespondWith>KeyName</RespondWith> + <RespondWith>KeyValue</RespondWith> + <RespondWith>X509Cert</RespondWith> + <RespondWith>X509Chain</RespondWith> + <RespondWith>PGPWeb</RespondWith> + <RespondWith>PGP</RespondWith> + <QueryKeyBinding> + <KeyUsage>Encryption</KeyUsage> + <UseKeyWith Application="urn:ietf:rfc:2440" Identifier="bob@bobcorp.test"/> + <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@bobcorp.test"/> + </QueryKeyBinding> + </LocateRequest> +</CompoundRequest> diff --git a/tests/aleksey-xkms-01/keys/cert1.der b/tests/aleksey-xkms-01/keys/cert1.der Binary files differnew file mode 100644 index 00000000..491687f9 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/cert1.der diff --git a/tests/aleksey-xkms-01/keys/cert1.pem b/tests/aleksey-xkms-01/keys/cert1.pem new file mode 100644 index 00000000..c7d4e779 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/cert1.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEbTCCA9agAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEdMBsGA1UE +ChMUWE1MIFNlY3VyaXR5IExpYnJhcnkxKTAnBgNVBAsTIGFsZWtzZXkteGttcy0w +MSByb290IGNlcnRpZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXku +Y29tL3htbHNlYzEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X +DTA0MDIwMzE5MTEyN1oXDTA0MDMwNDE5MTEyN1owgcsxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxHTAbBgNVBAoT +FFhNTCBTZWN1cml0eSBMaWJyYXJ5MSkwJwYDVQQLEyBhbGVrc2V5LXhrbXMtMDEg +cm9vdCBjZXJ0aWZpY2F0ZTEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNv +bS94bWxzZWMxITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsq7Kwr1+KvsQ2FHud4ZHet3lmj8L3jnu +xinzAg3CmDmvMomawqpr11eQyJPBjWoWt+KWXIHZv435YbVSnv/MZ96lGC/QDMj+ +Ni1N6tMjjTxmp6qEXrQ0IrskI7jVs2DaceA4GGqLkQ3y1bSQ5RBbhDMwzSLsU8Mz +8xdsbYIfndkCAwEAAaOCAV0wggFZMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFAv8 +ELYR+j4WXCUEteLjbzDpxGE2MIH4BgNVHSMEgfAwge2AFAv8ELYR+j4WXCUEteLj +bzDpxGE2oYHRpIHOMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p +YTESMBAGA1UEBxMJU3Vubnl2YWxlMR0wGwYDVQQKExRYTUwgU2VjdXJpdHkgTGli +cmFyeTEpMCcGA1UECxMgYWxla3NleS14a21zLTAxIHJvb3QgY2VydGlmaWNhdGUx +JjAkBgNVBAMTHWh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjMSEwHwYJKoZI +hvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CAQAwLwYJYIZIAYb4QgENBCIWIGFs +ZWtzZXkteGttcy0wMSByb290IGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBBAUAA4GB +ABJOf0Q8mVh2IA0Z9DDx/ELDObra7jbbjbthYNmPJlBQ2nwT+zACqoV4rEAm3USR +BbY9n2ny3voxT5ODEFgi1S8s6VCoyyrou1RJttToN0h+r9kQmgEaTr/bGcKDb5pk +U07fkNzxY/VkfaLH2b68xfvmQ8J4d9bHTmahiTdZuW4h +-----END CERTIFICATE----- diff --git a/tests/aleksey-xkms-01/keys/cert2.der b/tests/aleksey-xkms-01/keys/cert2.der Binary files differnew file mode 100644 index 00000000..215727b2 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/cert2.der diff --git a/tests/aleksey-xkms-01/keys/cert2.pem b/tests/aleksey-xkms-01/keys/cert2.pem new file mode 100644 index 00000000..1d878176 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/cert2.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEJTCCA46gAwIBAgIBATANBgkqhkiG9w0BAQUFADCByzELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEdMBsGA1UE +ChMUWE1MIFNlY3VyaXR5IExpYnJhcnkxKTAnBgNVBAsTIGFsZWtzZXkteGttcy0w +MSByb290IGNlcnRpZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXku +Y29tL3htbHNlYzEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X +DTA0MDIwMzE5MTEyN1oXDTE0MDEzMTE5MTEyN1owgb8xCzAJBgNVBAYTAlVTMRMw +EQYDVQQIEwpDYWxpZm9ybmlhMR0wGwYDVQQKExRYTUwgU2VjdXJpdHkgTGlicmFy +eTExMC8GA1UECxMoYWxla3NleS14a21zLTAxIHNlY29uZCBsZXZlbCBjZXJ0aWZp +Y2F0ZTEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMxITAf +BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUA +A0sAMEgCQQDd+36RCkHXnn6pxsfTKhTo/Zocgr4pgtOzS+aT5eji+A0GzPaFHXpY +0K+nDphWUYBzjrjOkxMBzlvv+BOvc9SzAgMBAAGjggFlMIIBYTAMBgNVHRMEBTAD +AQH/MB0GA1UdDgQWBBQTZBEwsylIFyyafRuyvYQ+rY3gwzCB+AYDVR0jBIHwMIHt +gBQL/BC2Efo+FlwlBLXi428w6cRhNqGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzAR +BgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEdMBsGA1UEChMU +WE1MIFNlY3VyaXR5IExpYnJhcnkxKTAnBgNVBAsTIGFsZWtzZXkteGttcy0wMSBy +b290IGNlcnRpZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29t +L3htbHNlYzEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEAMDcG +CWCGSAGG+EIBDQQqFihhbGVrc2V5LXhrbXMtMDEgc2Vjb25kIGxldmVsIGNlcnRp +ZmljYXRlMA0GCSqGSIb3DQEBBQUAA4GBAGMs5oZgbjfJBTeWZ7VZHAOyT+sS0tzK +EPONgoId9RZLlBmxosG2zZ+Tu5xEqxh4HlkUzHEnenB7K/fmGTnQDrHHQH3Q/afI +zMot8vXO5V3GX7vdYwU6tCEWUG+2JoaJ2riDcrkVwdEpKLo6GH3bGsqkreeH05ll +oL+n2iYuEzV+ +-----END CERTIFICATE----- diff --git a/tests/aleksey-xkms-01/keys/cert3.der b/tests/aleksey-xkms-01/keys/cert3.der Binary files differnew file mode 100644 index 00000000..83eb3522 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/cert3.der diff --git a/tests/aleksey-xkms-01/keys/cert3.pem b/tests/aleksey-xkms-01/keys/cert3.pem new file mode 100644 index 00000000..67b3caf9 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/cert3.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEDTCCA7egAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBvzELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCkNhbGlmb3JuaWExHTAbBgNVBAoTFFhNTCBTZWN1cml0eSBMaWJy +YXJ5MTEwLwYDVQQLEyhhbGVrc2V5LXhrbXMtMDEgc2Vjb25kIGxldmVsIGNlcnRp +ZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYzEh +MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4XDTA0MDIwMzE5MTEy +OFoXDTE0MDEzMTE5MTEyOFowgcsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp +Zm9ybmlhMR0wGwYDVQQKExRYTUwgU2VjdXJpdHkgTGlicmFyeTE9MDsGA1UECxM0 +YWxla3NleS14a21zLTAxIHNpZ25hdHVyZSBhbmQgZW5jcnlwdGlvbiBjZXJ0aWZp +Y2F0ZTEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMxITAf +BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUA +A0sAMEgCQQDS208fS1M+MzOOewMytAU7ecT5ErtLTrK2mZr7QMqAGs696qHv9WOW +i115eDaLW50XRVNr16eiquDtXl53EfBvAgMBAAGjggGOMIIBijAJBgNVHRMEAjAA +MBEGCWCGSAGG+EIBAQQEAwIEsDALBgNVHQ8EBAMCBeAwQwYJYIZIAYb4QgENBDYW +NGFsZWtzZXkteGttcy0wMSBzaWduYXR1cmUgYW5kIGVuY3J5cHRpb24gY2VydGlm +aWNhdGUwHQYDVR0OBBYEFJw9QoFYPiU7VQheRsUV7LrY84+TMIH4BgNVHSMEgfAw +ge2AFBNkETCzKUgXLJp9G7K9hD6tjeDDoYHRpIHOMIHLMQswCQYDVQQGEwJVUzET +MBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMR0wGwYDVQQK +ExRYTUwgU2VjdXJpdHkgTGlicmFyeTEpMCcGA1UECxMgYWxla3NleS14a21zLTAx +IHJvb3QgY2VydGlmaWNhdGUxJjAkBgNVBAMTHWh0dHA6Ly93d3cuYWxla3NleS5j +b20veG1sc2VjMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CAQEw +DQYJKoZIhvcNAQEFBQADQQAsb2Wh4hp+axYEGrsTMqd9j8pKuxJqa89ob4nl/FwN +5jelwnWbB+3HG7f9GusYg6nNzga1EFD3YTfW23YWIKd9 +-----END CERTIFICATE----- diff --git a/tests/aleksey-xkms-01/keys/create-keys.sh b/tests/aleksey-xkms-01/keys/create-keys.sh new file mode 100755 index 00000000..127e1274 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/create-keys.sh @@ -0,0 +1,73 @@ +#!/bin/sh +# +# This script along with "openssl.cnf" file from this folder creates +# a chain of three certificates containing RSA 1024 keys: +# cert1 (key1) - root CA certificate (self signed). +# cert2 (key2) - second level CA certificate (signed with key1/cert1) +# cert3 (key3) - signature/encryption certificate (signed with key2/cert2) +# All the private keys are encrypted with password "secret". +# +export CA_TOP=./demoCA +export CA_PWD=secret + +echo "Remove old file" +rm -rf "$CA_TOP" *.pem *.der *.p12 *.req + +echo "Create CA folders structure" +mkdir "$CA_TOP" +mkdir "${CA_TOP}/certs" +mkdir "${CA_TOP}/crl" +mkdir "${CA_TOP}/newcerts" +mkdir "${CA_TOP}/private" +echo "01" > "$CA_TOP/serial" +touch "$CA_TOP/index.txt" + +echo "Create root key and certificate" +export CERT_NAME="aleksey-xkms-01 root certificate" +openssl req -config ./openssl.cnf -new -x509 -keyout key1.pem -out cert1.pem -batch + +echo "Generate RSA key and second level certificate" +export CERT_NAME="aleksey-xkms-01 second level certificate" +openssl genrsa -out key2.pem +openssl req -config ./openssl.cnf -batch -new -key key2.pem -out req2.pem +openssl ca -config ./openssl.cnf -passin pass:$CA_PWD -batch -extensions v3_ca -cert cert1.pem -keyfile key1.pem -out cert2.pem -infiles req2.pem + +echo "Generate another RSA key and third level certificate" +export CERT_NAME="aleksey-xkms-01 signature and encryption certificate" +openssl genrsa -out key3.pem +openssl req -config ./openssl.cnf -batch -new -key key3.pem -out req3.pem +openssl ca -config ./openssl.cnf -passin pass:$CA_PWD -batch -cert cert2.pem -keyfile key2.pem -out cert3.pem -infiles req3.pem + +echo "Convert all private keys to der, pkcs8/der and pkcs12 format" +openssl rsa -passin pass:$CA_PWD -passout pass:$CA_PWD -inform PEM -outform DER -in key1.pem -out key1.der +openssl rsa -passin pass:$CA_PWD -passout pass:$CA_PWD -inform PEM -outform DER -in key2.pem -out key2.der +openssl rsa -passin pass:$CA_PWD -passout pass:$CA_PWD -inform PEM -outform DER -in key3.pem -out key3.der + +openssl pkcs8 -passin pass:$CA_PWD -passout pass:$CA_PWD -in key1.pem -inform pem -out key1-pk8.der -outform der -topk8 +openssl pkcs8 -passin pass:$CA_PWD -passout pass:$CA_PWD -in key2.pem -inform pem -out key2-pk8.der -outform der -topk8 +openssl pkcs8 -passin pass:$CA_PWD -passout pass:$CA_PWD -in key3.pem -inform pem -out key3-pk8.der -outform der -topk8 + +openssl pkcs12 -passin pass:$CA_PWD -passout pass:$CA_PWD -export -in cert1.pem -inkey key1.pem -name key1 -out key1.p12 +openssl pkcs12 -passin pass:$CA_PWD -passout pass:$CA_PWD -export -in cert2.pem -inkey key2.pem -name key2 -out key2.p12 +openssl pkcs12 -passin pass:$CA_PWD -passout pass:$CA_PWD -export -in cert3.pem -inkey key3.pem -name key3 -out key3.p12 + +echo "Convert all certificates to der format" +openssl x509 -outform DER -in cert1.pem -out cert1.der +openssl x509 -outform DER -in cert2.pem -out cert2.der +openssl x509 -outform DER -in cert3.pem -out cert3.der + +echo "View certificates" +openssl x509 -noout -text -in cert1.pem +openssl x509 -noout -text -in cert2.pem +openssl x509 -noout -text -in cert3.pem + +echo "Test certificates" +openssl verify -CAfile cert1.pem cert2.pem +openssl verify -CAfile cert1.pem -untrusted cert2.pem cert3.pem + + +echo "Cleanup" +rm -rf "$CA_TOP" *.req + + +
\ No newline at end of file diff --git a/tests/aleksey-xkms-01/keys/key1-pk8.der b/tests/aleksey-xkms-01/keys/key1-pk8.der Binary files differnew file mode 100644 index 00000000..534bbe0f --- /dev/null +++ b/tests/aleksey-xkms-01/keys/key1-pk8.der diff --git a/tests/aleksey-xkms-01/keys/key1.der b/tests/aleksey-xkms-01/keys/key1.der Binary files differnew file mode 100644 index 00000000..418252f1 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/key1.der diff --git a/tests/aleksey-xkms-01/keys/key1.p12 b/tests/aleksey-xkms-01/keys/key1.p12 Binary files differnew file mode 100644 index 00000000..17475702 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/key1.p12 diff --git a/tests/aleksey-xkms-01/keys/key1.pem b/tests/aleksey-xkms-01/keys/key1.pem new file mode 100644 index 00000000..384146f7 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/key1.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,EF746F459C10E84C + ++vGzkn5DyrDLs2Y0Lob6vcvfA/GgjJDU6HOrOUziiujCSWE0ajdsrQROcuoLjkm3 +EyHsIxEqqawJM5uYMhw/tYH+9n+89w0GYRELhL/z+u23dUPNlJd/32ttGDmywyBB +byucTX4plVs74nrbeXuK9AJy7AKmZKV/h2fWjLNSNtWEa86A2b9wH2MrIIxfjoQX +cw9rb1ejs6O8takn0HmOfoTHvor+jq21w299jLZ32GfUhJTiTPNpfnqBwwmlKvoe +UyIPgquRi1XAstCuzTRCrfCqJTRB7OBh2dvoWgz/12/z11PULtr15XB3ex9pOZn/ +Dw/qYLwDqv4pp7sRHZeTOPRZ6By6KPTeFn3A7jd4P/s/M1IcGJ46DXSjx+wlhYs6 +QnanaZhApt1Xk9HWiLPlrGbT98QkXYorp6NHGeuAl1HB3epnZRfGB7DhgbKcVTlJ +FS/MOo6knz5XjKjbE03Jf0EQlad5UsXcwlAzxGGYDjEnCOpOwowkKBrpl4yvkEBK +Md69hiAaIHup35yz51mwTXalwUiJMNSKp6DSoM2I9MFxTvKJXnClVwa/Xy6fb1L+ +W1tMyFvLtUpe2un9NFBS/7bxfOxSeBWQGxvKFyqwcn/JC3xNhnXybpgIFPijrfXj +Dot8uDHjZZaZ0PogsnF1chd7TcNXH93VKQJSHPt/2p9+B2hM10cQE27iS9Op6AXr +S62hLDddlxja1xebclecfWG6IVZrL2fH2rDQDUWxXbZ4Mq/qWO2prkrvEBhK447h +WuupfwIAY9wVEFsTY3jbnjlpHo4ucpXCxvxJl5niXgwKwMXVoccOFg== +-----END RSA PRIVATE KEY----- diff --git a/tests/aleksey-xkms-01/keys/key2-pk8.der b/tests/aleksey-xkms-01/keys/key2-pk8.der Binary files differnew file mode 100644 index 00000000..4144ca8a --- /dev/null +++ b/tests/aleksey-xkms-01/keys/key2-pk8.der diff --git a/tests/aleksey-xkms-01/keys/key2.der b/tests/aleksey-xkms-01/keys/key2.der Binary files differnew file mode 100644 index 00000000..25012762 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/key2.der diff --git a/tests/aleksey-xkms-01/keys/key2.p12 b/tests/aleksey-xkms-01/keys/key2.p12 Binary files differnew file mode 100644 index 00000000..e1b69c2d --- /dev/null +++ b/tests/aleksey-xkms-01/keys/key2.p12 diff --git a/tests/aleksey-xkms-01/keys/key2.pem b/tests/aleksey-xkms-01/keys/key2.pem new file mode 100644 index 00000000..3786b66c --- /dev/null +++ b/tests/aleksey-xkms-01/keys/key2.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAN37fpEKQdeefqnGx9MqFOj9mhyCvimC07NL5pPl6OL4DQbM9oUd +eljQr6cOmFZRgHOOuM6TEwHOW+/4E69z1LMCAwEAAQJAdaKTHfWbktIxOXNX7bV9 +Q0Mxai5267Siz39Hf9T0p2HjERBxLjn2/wr6LbzmIsj13hLr4CcGzjS1nQFo2ogU +8QIhAP2XFRdCV6virQiK/yAkRU+oBHEcLdKdJb61h5QM3SMlAiEA4BeEycqGq8Pz +Bg86CA2cf4asTj/PzULyU7XmDgB9fPcCIQCvruqaqYiJeUm9IGatgtNN4y3omsgY +IGzU2XhrFhphzQIhALj28KXWwt3X+SoRO2cWRQyFzocv6IeWMIqj42W/RdT1AiEA +1sl/iVwvUefejP+CaD00Aswo8PW6zUiNNfoLeH4dfwo= +-----END RSA PRIVATE KEY----- diff --git a/tests/aleksey-xkms-01/keys/key3-pk8.der b/tests/aleksey-xkms-01/keys/key3-pk8.der Binary files differnew file mode 100644 index 00000000..17dcd29c --- /dev/null +++ b/tests/aleksey-xkms-01/keys/key3-pk8.der diff --git a/tests/aleksey-xkms-01/keys/key3.der b/tests/aleksey-xkms-01/keys/key3.der Binary files differnew file mode 100644 index 00000000..8209754e --- /dev/null +++ b/tests/aleksey-xkms-01/keys/key3.der diff --git a/tests/aleksey-xkms-01/keys/key3.p12 b/tests/aleksey-xkms-01/keys/key3.p12 Binary files differnew file mode 100644 index 00000000..8670b50e --- /dev/null +++ b/tests/aleksey-xkms-01/keys/key3.p12 diff --git a/tests/aleksey-xkms-01/keys/key3.pem b/tests/aleksey-xkms-01/keys/key3.pem new file mode 100644 index 00000000..9574d1d4 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/key3.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOgIBAAJBANLbTx9LUz4zM457AzK0BTt5xPkSu0tOsraZmvtAyoAazr3qoe/1 +Y5aLXXl4NotbnRdFU2vXp6Kq4O1eXncR8G8CAwEAAQJAa3T2qrUhlCZV1Pvd0l4p ++HiDKIgiSSuvKh23/Om1CXkyhUot7ky5FtH0vjPjy8C9YNeVQefcOFpUlgT13ifH +GQIhAPogHHKhfQz1RveauqOUEhUM60M861oioeDTVICgFUGTAiEA188Xz+fPHg8P +EaOnlWAfpj5MEPv/Hn1bG3Z1LRA1TzUCICmtQBA5qESIehK3zXGEMp8fT/QcKnsS +WjbD/8iO4/vRAiAzgugBJSin2RpUsIaAvifvy3DmoO+9PFixzm2bqwG+fQIhAJIA +D28ibeq5xOdikLT3yyZQQ7kuYRVp7lQeVb0K7U5l +-----END RSA PRIVATE KEY----- diff --git a/tests/aleksey-xkms-01/keys/openssl.cnf b/tests/aleksey-xkms-01/keys/openssl.cnf new file mode 100644 index 00000000..0d6326bc --- /dev/null +++ b/tests/aleksey-xkms-01/keys/openssl.cnf @@ -0,0 +1,106 @@ +# +# aleksey-xkms-01 OpenSSL configuration file. +# +# Environment variables: +# CA_TOP - the CA folder (./demoCA) +# CERT_NAME - the currently generated certificate name ("") + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] +dir = $ENV::CA_TOP # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = cert1.pem # The CA certificate +private_key = key1.pem # The private key +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +default_days = 3650 # how long to certify for +default_crl_days = 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +policy = policy_match + +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca +input_password = secret +output_password = secret +string_mask = nombstr + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = California +localityName = Locality Name (eg, city) +localityName_default = Sunnyvale +0.organizationName = Organization Name (eg, company) +0.organizationName_default = XML Security Library +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = $ENV::CERT_NAME +commonName = Common Name (eg, your name or your server\'s hostname) +commonName_default = http://www.aleksey.com/xmlsec +emailAddress = Email Address +emailAddress_default = xmlsec@aleksey.com + +[ req_attributes ] + +[ v3_req ] +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +nsComment = $ENV::CERT_NAME + +[ v3_ca ] +basicConstraints = CA:TRUE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +nsComment = $ENV::CERT_NAME + +[ usr_cert ] +basicConstraints = CA:FALSE +nsCertType = client, email, objsign +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +nsComment = $ENV::CERT_NAME +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always diff --git a/tests/aleksey-xkms-01/keys/req2.pem b/tests/aleksey-xkms-01/keys/req2.pem new file mode 100644 index 00000000..3860d8d9 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/req2.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBjzCCATkCAQAwgdMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh +MRIwEAYDVQQHEwlTdW5ueXZhbGUxHTAbBgNVBAoTFFhNTCBTZWN1cml0eSBMaWJy +YXJ5MTEwLwYDVQQLEyhhbGVrc2V5LXhrbXMtMDEgc2Vjb25kIGxldmVsIGNlcnRp +ZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYzEh +MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB +BQADSwAwSAJBAN37fpEKQdeefqnGx9MqFOj9mhyCvimC07NL5pPl6OL4DQbM9oUd +eljQr6cOmFZRgHOOuM6TEwHOW+/4E69z1LMCAwEAAaAAMA0GCSqGSIb3DQEBBAUA +A0EAoBq9CU6bylLSV9+msyb1Ya49PV4eCXJuvQ4S6lJz/FdrOnxK65BsXWI3Vo58 +KSIfJNTjAC0Xy51ANAG5mUxeyw== +-----END CERTIFICATE REQUEST----- diff --git a/tests/aleksey-xkms-01/keys/req3.pem b/tests/aleksey-xkms-01/keys/req3.pem new file mode 100644 index 00000000..16b33444 --- /dev/null +++ b/tests/aleksey-xkms-01/keys/req3.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBmzCCAUUCAQAwgd8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh +MRIwEAYDVQQHEwlTdW5ueXZhbGUxHTAbBgNVBAoTFFhNTCBTZWN1cml0eSBMaWJy +YXJ5MT0wOwYDVQQLEzRhbGVrc2V5LXhrbXMtMDEgc2lnbmF0dXJlIGFuZCBlbmNy +eXB0aW9uIGNlcnRpZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXku +Y29tL3htbHNlYzEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFww +DQYJKoZIhvcNAQEBBQADSwAwSAJBANLbTx9LUz4zM457AzK0BTt5xPkSu0tOsraZ +mvtAyoAazr3qoe/1Y5aLXXl4NotbnRdFU2vXp6Kq4O1eXncR8G8CAwEAAaAAMA0G +CSqGSIb3DQEBBAUAA0EAqBHpXfIIFP1VGwqI6em5vOuyapzYx+s4Cjrem7zHZ+7J +GM4uRSy8oE2RPiLODy9DVmPRpdit/9yhWrlQIhxalQ== +-----END CERTIFICATE REQUEST----- diff --git a/tests/aleksey-xkms-01/locate-example-1-bad-service.xml b/tests/aleksey-xkms-01/locate-example-1-bad-service.xml new file mode 100644 index 00000000..ca54d136 --- /dev/null +++ b/tests/aleksey-xkms-01/locate-example-1-bad-service.xml @@ -0,0 +1,2 @@ +<?xml version="1.0"?> +<LocateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="AK4RNs6LxPMwFfTN5X3UEaIzsts8n7i3" Service="http://www.example.com/xkms" RequestId="Ibcef5348aa386dedeff0bdf6bae872db" ResultMajor="Sender" ResultMinor="Failure"/> diff --git a/tests/aleksey-xkms-01/locate-example-1-no-match.xml b/tests/aleksey-xkms-01/locate-example-1-no-match.xml new file mode 100644 index 00000000..f3a230ab --- /dev/null +++ b/tests/aleksey-xkms-01/locate-example-1-no-match.xml @@ -0,0 +1,2 @@ +<?xml version="1.0"?> +<LocateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="i_EgHv33_VtORyYM7QcrREX_ERkxuMin" Service="http://www.example.com/xkms" RequestId="Ibcef5348aa386dedeff0bdf6bae872db" ResultMajor="Sender" ResultMinor="NoMatch"/> diff --git a/tests/aleksey-xkms-01/locate-example-1.xml b/tests/aleksey-xkms-01/locate-example-1.xml new file mode 100644 index 00000000..6c575747 --- /dev/null +++ b/tests/aleksey-xkms-01/locate-example-1.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="utf-8"?> +<LocateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + xmlns="http://www.w3.org/2002/03/xkms#" + Id="Ibcef5348aa386dedeff0bdf6bae872db" + Service="http://www.example.com/xkms"> + <RespondWith>KeyName</RespondWith> + <RespondWith>KeyValue</RespondWith> + <RespondWith>X509Cert</RespondWith> + <RespondWith>X509Chain</RespondWith> + <RespondWith>PGPWeb</RespondWith> + <RespondWith>PGP</RespondWith> + <QueryKeyBinding> + <KeyUsage>Encryption</KeyUsage> + <UseKeyWith Application="urn:ietf:rfc:2440" Identifier="bob@bobcorp.test"/> + <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@bobcorp.test"/> + </QueryKeyBinding> +</LocateRequest> diff --git a/tests/aleksey-xkms-01/locate-example-2-no-match.xml b/tests/aleksey-xkms-01/locate-example-2-no-match.xml new file mode 100644 index 00000000..57092c03 --- /dev/null +++ b/tests/aleksey-xkms-01/locate-example-2-no-match.xml @@ -0,0 +1,2 @@ +<?xml version="1.0"?> +<LocateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="kh561pqakQw3jtjxWZ19apUKn__1Ggpw" Service="http://www.example.com/xkms" RequestId="I4593b8d4b6bd9ae7262560b5de1016bc" ResultMajor="Sender" ResultMinor="NoMatch"/> diff --git a/tests/aleksey-xkms-01/locate-example-2.xml b/tests/aleksey-xkms-01/locate-example-2.xml new file mode 100644 index 00000000..cc91dc96 --- /dev/null +++ b/tests/aleksey-xkms-01/locate-example-2.xml @@ -0,0 +1,39 @@ +<?xml version="1.0" encoding="utf-8"?> +<LocateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + xmlns="http://www.w3.org/2002/03/xkms#" + Id="I4593b8d4b6bd9ae7262560b5de1016bc" + Service="http://www.example.com/xkms"> + <RespondWith>KeyValue</RespondWith> + <QueryKeyBinding> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> +MIIEDTCCA7egAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBvzELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCkNhbGlmb3JuaWExHTAbBgNVBAoTFFhNTCBTZWN1cml0eSBMaWJy +YXJ5MTEwLwYDVQQLEyhhbGVrc2V5LXhrbXMtMDEgc2Vjb25kIGxldmVsIGNlcnRp +ZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYzEh +MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4XDTA0MDIwMzE5MTEy +OFoXDTE0MDEzMTE5MTEyOFowgcsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp +Zm9ybmlhMR0wGwYDVQQKExRYTUwgU2VjdXJpdHkgTGlicmFyeTE9MDsGA1UECxM0 +YWxla3NleS14a21zLTAxIHNpZ25hdHVyZSBhbmQgZW5jcnlwdGlvbiBjZXJ0aWZp +Y2F0ZTEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMxITAf +BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUA +A0sAMEgCQQDS208fS1M+MzOOewMytAU7ecT5ErtLTrK2mZr7QMqAGs696qHv9WOW +i115eDaLW50XRVNr16eiquDtXl53EfBvAgMBAAGjggGOMIIBijAJBgNVHRMEAjAA +MBEGCWCGSAGG+EIBAQQEAwIEsDALBgNVHQ8EBAMCBeAwQwYJYIZIAYb4QgENBDYW +NGFsZWtzZXkteGttcy0wMSBzaWduYXR1cmUgYW5kIGVuY3J5cHRpb24gY2VydGlm +aWNhdGUwHQYDVR0OBBYEFJw9QoFYPiU7VQheRsUV7LrY84+TMIH4BgNVHSMEgfAw +ge2AFBNkETCzKUgXLJp9G7K9hD6tjeDDoYHRpIHOMIHLMQswCQYDVQQGEwJVUzET +MBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMR0wGwYDVQQK +ExRYTUwgU2VjdXJpdHkgTGlicmFyeTEpMCcGA1UECxMgYWxla3NleS14a21zLTAx +IHJvb3QgY2VydGlmaWNhdGUxJjAkBgNVBAMTHWh0dHA6Ly93d3cuYWxla3NleS5j +b20veG1sc2VjMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CAQEw +DQYJKoZIhvcNAQEFBQADQQAsb2Wh4hp+axYEGrsTMqd9j8pKuxJqa89ob4nl/FwN +5jelwnWbB+3HG7f9GusYg6nNzga1EFD3YTfW23YWIKd9 + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <KeyUsage>Signature</KeyUsage> + </QueryKeyBinding> +</LocateRequest> diff --git a/tests/aleksey-xkms-01/locate-opaque-client-data-no-match.xml b/tests/aleksey-xkms-01/locate-opaque-client-data-no-match.xml new file mode 100644 index 00000000..0e3f152a --- /dev/null +++ b/tests/aleksey-xkms-01/locate-opaque-client-data-no-match.xml @@ -0,0 +1,2 @@ +<?xml version="1.0"?> +<LocateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="lWW2Ua0wnq19PPm09tZdVx87UcG2Wt_g" Service="http://www.example.com/xkms" RequestId="aleksey_xkms_01_locate_opaque_client_data" ResultMajor="Sender" ResultMinor="NoMatch"/> diff --git a/tests/aleksey-xkms-01/locate-opaque-client-data.xml b/tests/aleksey-xkms-01/locate-opaque-client-data.xml new file mode 100644 index 00000000..b8345e47 --- /dev/null +++ b/tests/aleksey-xkms-01/locate-opaque-client-data.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="utf-8"?> +<xkms:LocateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + xmlns:xkms="http://www.w3.org/2002/03/xkms#" + Id="aleksey_xkms_01_locate_opaque_client_data" + Service="http://www.example.com/xkms" + Nonce="NhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2Fu" + ResponseLimit="5" > + <xkms:MessageExtension> + <example:Data xmlns:example="http://www.example.com/MessageExtension">01234</example:Data> + </xkms:MessageExtension> + <xkms:MessageExtension> + <example:Data xmlns:example="http://www.example.com/MessageExtension">56789</example:Data> + </xkms:MessageExtension> + <xkms:OpaqueClientData> + <xkms:OpaqueData>XfiZuHwu3rTFhca9O6sVPOcBuFTrnAgMBAAGjggFXMIIBUzAJBgNVHRMEAjAA</xkms:OpaqueData> + </xkms:OpaqueClientData> + <xkms:RespondWith>xkms:KeyName</xkms:RespondWith> + <xkms:RespondWith>xkms:KeyValue</xkms:RespondWith> + <xkms:RespondWith>xkms:X509Cert</xkms:RespondWith> + <xkms:RespondWith>xkms:X509Chain</xkms:RespondWith> + <xkms:RespondWith>PGPWeb</xkms:RespondWith> + <xkms:RespondWith>PGP</xkms:RespondWith> + <xkms:QueryKeyBinding> + <ds:KeyInfo> + <KeyName>key2</KeyName> + </ds:KeyInfo> + <xkms:KeyUsage>xkms:Encryption</xkms:KeyUsage> + <xkms:UseKeyWith Application="urn:ietf:rfc:2440" Identifier="bob@bobcorp.test"/> + <xkms:UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@bobcorp.test"/> + </xkms:QueryKeyBinding> +</xkms:LocateRequest> diff --git a/tests/aleksey-xkms-01/readme.txt b/tests/aleksey-xkms-01/readme.txt new file mode 100644 index 00000000..8aac6f41 --- /dev/null +++ b/tests/aleksey-xkms-01/readme.txt @@ -0,0 +1,117 @@ +XKMS Featrues + <xkms:StatusRequest> + <xkms:LocateRequest> + <xkms:ValidateRequest> + <xkms:CompundRequest> + Pending requests + <xkms:MessageExtension> + <xkms:OpaqueClientData> + <xkms:KeyUsage> + <xkms:UseKeyWith> + <xkms:TieInstant> and <xkms:ValidityInterval> + + +Expected service is http://www.example.com/xkms + +1) Tests +1.1) locate-example-1 (LocateRequest example 4.1.1 from XKMS 2.0 spec). + + * locate-example-1.xml - LocateRequest file. + * locate-example-1-no-match.xml - LocateResult: "NoMatch" error + (key not found). + * locate-example-1-bad-service.xml - LocateResult: bad "Service". + +1.2) locate-example-2 (LocateRequest example 4.1.2 from XKMS 2.0 spec +with certificate from cert2.pem file). + + * locate-example-2.xml - LocateRequest file. + * locate-example-2-no-match.xml - LocateResult: "NoMatch" error + (key not found). + +1.3) validate-example-1 (ValidateRequest example 4.2.1 from XKMS 2.0 spec +with certificates from cert2.pem and cert3.pem file). + + * validate-example-1.xml - ValidateRequest file. + * validate-example-1-no-match.xml - ValidateResult: "NoMatch" error + (key not found). + +1.4) compaund-example-1 (CompaundRequest example 2.8.1 from XKMS 2.0 spec +with certificate from cert3.pem file). + + * compaund-example-1.xml - CompaundRequest file. + * compound-example-1-no-match.xml - CompoundResult: "NoMatch" error + (key not found). + +1.5) locate-opaque-client-data (LocateRequest with xkms:MessageExtension and +xkms:OpaqueClientData nodes). + + * locate-opaque-client-data.xml - LocateRequest file. + * locate-opaque-client-data-no-match.xml + - LocateResult: "NoMatch" error + (key not found). + +1.6) status-request (simple StatusRequest) + + * status-request.xml - StatusRequest file. + * status-request-success.xml - StatusResult: success. + +1.7) soap12-locate-example-1 (SOAP 1.2 LocateRequest example 3.1.1 +from XKMS 2.0 spec + + * soap12-locate-example-1.xml - SOAP 1.2 LocateRequest file. + * soap12-locate-example-1-no-match.xml + - SOAP 1.2 LocateResult: "NoMatch" + error (key not found). + * soap12-locate-example-1-unsupported.xml + - Processing SOAP 1.2 request with + SOAP 1.1: "Unsupported SOAP Version": + +1.8) soap11-locate-example-1 (SOAP 1.1 LocateRequest example 3.1.2 +from XKMS 2.0 spec + + * soap11-locate-example-1.xml - SOAP 1.1 LocateRequest file. + * soap11-locate-example-1-no-match.xml + - SOAP 1.1 LocateResult: "NoMatch" + error (key not found). + * soap11-locate-example-1-unsupported.xml + - Processing SOAP 1.1 request with + SOAP 1.2: "Unsupported SOAP Version": + +1.9) bad-request-name (A request with invalid node name). + bad-request-name.xml - Invalid request file. + bad-request-name-not-supported.xml - Result: MessageNotSupported error. + +1.10) soap12-bad-request-name (SOAP 1.2 request with invalid node name). + soap12-bad-request-name.xml - SOAP 1.2 Invalid request file. + soap12-bad-request-name-not-supported.xml + - SOAP 1.2 Result: MessageNotSupported error. + +1.11) soap11-bad-request-name (SOAP 1.1 request with invalid node name). + soap11-bad-request-name.xml - SOAP 1.1 Invalid request file. + soap11-bad-request-name-not-supported.xml + - SOAP 1.1 Result: MessageNotSupported error. + + +2) Keys and certificates (private keys are encrypted with password "secret") + keys/create-keys.sh - shell script to create the keys and certificates chain + keys/openssl.cnf - config file for create-keys.sh script + keys/key1.pem - root certificate RSA 1024 key in PEM format + keys/key1.der - key1.pem key in DER format + keys/key1-pk8.der - key1.pem key in PKCS8 DER format + keys/key1.p12 - key1.pem key and cert1.pem in PKCS12 format + keys/cert1.pem - root certificate for key1.pem + keys/cert1.der - cert1.pem certificate in DER format + keys/key2.pem - second level CA RSA 1024 key + keys/key2.der - key2.pem key in DER format + keys/key2.p12 - key2.pem key and cert2.pem in PKCS12 format + keys/key2-pk8.der - key2.pem key in PKCS8 DER format + keys/cert2.pem - certificate for key2.pem signed with key1.pem (cert1.pem) + keys/cert2.der - cert2.pem certificate in DER format + keys/key3.pem - signature/encryption RSA 1024 key + keys/key3.der - key3.pem key in DER format + keys/key3.p12 - key3.pem key and cert3.pem in PKCS12 format + keys/key3-pk8.der - key3.pem key in PKCS8 DER format + keys/cert3.pem - certificate for key3.pem signed with key2.pem (cert2.pem) + keys/cert3.der - cert3.pem certificate in DER format + +
\ No newline at end of file diff --git a/tests/aleksey-xkms-01/soap11-bad-request-name-msg-invalid.xml b/tests/aleksey-xkms-01/soap11-bad-request-name-msg-invalid.xml new file mode 100644 index 00000000..b53a68c0 --- /dev/null +++ b/tests/aleksey-xkms-01/soap11-bad-request-name-msg-invalid.xml @@ -0,0 +1,9 @@ +<?xml version="1.0"?> +<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"> +<Body> +<Fault> +<faultcode>Client</faultcode> +<faultstring>InvalidRequest message invalid</faultstring> +</Fault> +</Body> +</Envelope> diff --git a/tests/aleksey-xkms-01/soap11-bad-request-name.xml b/tests/aleksey-xkms-01/soap11-bad-request-name.xml new file mode 100644 index 00000000..1c41d8d3 --- /dev/null +++ b/tests/aleksey-xkms-01/soap11-bad-request-name.xml @@ -0,0 +1,14 @@ +<?xml version="1.0"?> +<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> + <env:Body> + <xkms:InvalidRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + xmlns:xkms="http://www.w3.org/2002/03/xkms#" + Id="aleksey_xkms_01_bad_request_name" + Service="http://www.example.com/xkms" + Nonce="NhdGUxFjAUBgNVBAMTDUFsZWtzZXkasdfgU2Fu" + ResponseLimit="5" > + <xkms:RespondWith>KeyName</xkms:RespondWith> + </xkms:InvalidRequest> + </env:Body> +</env:Envelope> diff --git a/tests/aleksey-xkms-01/soap11-locate-example-1-no-match.xml b/tests/aleksey-xkms-01/soap11-locate-example-1-no-match.xml new file mode 100644 index 00000000..77dfc5f7 --- /dev/null +++ b/tests/aleksey-xkms-01/soap11-locate-example-1-no-match.xml @@ -0,0 +1,6 @@ +<?xml version="1.0"?> +<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"> +<Body> +<LocateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="VWctryrG7XgGsbTws4kvbVDTR_9lXg8u" Service="http://www.example.com/xkms" RequestId="I94d1048aa24259465d7271cb4433dbb4" ResultMajor="Sender" ResultMinor="NoMatch"/> +</Body> +</Envelope> diff --git a/tests/aleksey-xkms-01/soap11-locate-example-1-unsupported.xml b/tests/aleksey-xkms-01/soap11-locate-example-1-unsupported.xml new file mode 100644 index 00000000..9b0fcebe --- /dev/null +++ b/tests/aleksey-xkms-01/soap11-locate-example-1-unsupported.xml @@ -0,0 +1,13 @@ +<?xml version="1.0"?> +<Envelope xmlns="http://www.w3.org/2002/06/soap-envelope"> +<Body> +<Fault> +<Code> +<Value>VersionMismatch</Value> +</Code> +<Reason> +<Text xml:lang="en">Unsupported SOAP version</Text> +</Reason> +</Fault> +</Body> +</Envelope> diff --git a/tests/aleksey-xkms-01/soap11-locate-example-1.xml b/tests/aleksey-xkms-01/soap11-locate-example-1.xml new file mode 100644 index 00000000..67213ffd --- /dev/null +++ b/tests/aleksey-xkms-01/soap11-locate-example-1.xml @@ -0,0 +1,23 @@ +<?xml version="1.0"?> +<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> + <env:Body> + <LocateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + xmlns="http://www.w3.org/2002/03/xkms#" + Id="I94d1048aa24259465d7271cb4433dbb4" + Service="http://www.example.com/xkms"> + <RespondWith>KeyName</RespondWith> + <RespondWith>KeyValue</RespondWith> + <RespondWith>X509Cert</RespondWith> + <RespondWith>X509Chain</RespondWith> + <RespondWith>PGPWeb</RespondWith> + <RespondWith>PGP</RespondWith> + <RespondWith>Multiple</RespondWith> + <QueryKeyBinding> + <KeyUsage>Encryption</KeyUsage> + <UseKeyWith Application="urn:ietf:rfc:2440" Identifier="bob@bobcorp.test"/> + <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@bobcorp.test"/> + </QueryKeyBinding> + </LocateRequest> + </env:Body> +</env:Envelope> diff --git a/tests/aleksey-xkms-01/soap12-bad-request-name-msg-invalid.xml b/tests/aleksey-xkms-01/soap12-bad-request-name-msg-invalid.xml new file mode 100644 index 00000000..f9de89e2 --- /dev/null +++ b/tests/aleksey-xkms-01/soap12-bad-request-name-msg-invalid.xml @@ -0,0 +1,11 @@ +<?xml version="1.0"?> +<Envelope xmlns="http://www.w3.org/2002/06/soap-envelope"> +<Body> +<Fault xmlns:xkms="http://www.w3.org/2002/03/xkms#"> +<Code>xkms:MessageNotSupported</Code> +<Reason> +<Text xml:lang="en">InvalidRequest message invalid</Text> +</Reason> +</Fault> +</Body> +</Envelope> diff --git a/tests/aleksey-xkms-01/soap12-bad-request-name.xml b/tests/aleksey-xkms-01/soap12-bad-request-name.xml new file mode 100644 index 00000000..76a05cce --- /dev/null +++ b/tests/aleksey-xkms-01/soap12-bad-request-name.xml @@ -0,0 +1,14 @@ +<?xml version="1.0"?> +<env:Envelope xmlns:env="http://www.w3.org/2002/06/soap-envelope"> + <env:Body> + <xkms:InvalidRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + xmlns:xkms="http://www.w3.org/2002/03/xkms#" + Id="aleksey_xkms_01_bad_request_name" + Service="http://www.example.com/xkms" + Nonce="NhdGUxFjAUBgNVBAMTDUFsZWtzZXkasdfgU2Fu" + ResponseLimit="5" > + <xkms:RespondWith>KeyName</xkms:RespondWith> + </xkms:InvalidRequest> + </env:Body> +</env:Envelope> diff --git a/tests/aleksey-xkms-01/soap12-locate-example-1-no-match.xml b/tests/aleksey-xkms-01/soap12-locate-example-1-no-match.xml new file mode 100644 index 00000000..f4a47df1 --- /dev/null +++ b/tests/aleksey-xkms-01/soap12-locate-example-1-no-match.xml @@ -0,0 +1,6 @@ +<?xml version="1.0"?> +<Envelope xmlns="http://www.w3.org/2002/06/soap-envelope"> +<Body> +<LocateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="AlDwXZQSF4xaOGzRVMb6cympaV8fKmqU" Service="http://www.example.com/xkms" RequestId="I94d1048aa24259465d7271cb4433dbb4" ResultMajor="Sender" ResultMinor="NoMatch"/> +</Body> +</Envelope> diff --git a/tests/aleksey-xkms-01/soap12-locate-example-1-unsupported.xml b/tests/aleksey-xkms-01/soap12-locate-example-1-unsupported.xml new file mode 100644 index 00000000..02b7e2a3 --- /dev/null +++ b/tests/aleksey-xkms-01/soap12-locate-example-1-unsupported.xml @@ -0,0 +1,9 @@ +<?xml version="1.0"?> +<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/"> +<Body> +<Fault> +<faultcode>VersionMismatch</faultcode> +<faultstring>Unsupported SOAP version</faultstring> +</Fault> +</Body> +</Envelope> diff --git a/tests/aleksey-xkms-01/soap12-locate-example-1.xml b/tests/aleksey-xkms-01/soap12-locate-example-1.xml new file mode 100644 index 00000000..f5f0cc95 --- /dev/null +++ b/tests/aleksey-xkms-01/soap12-locate-example-1.xml @@ -0,0 +1,23 @@ +<?xml version="1.0"?> +<env:Envelope xmlns:env="http://www.w3.org/2002/06/soap-envelope"> + <env:Body> + <LocateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + xmlns="http://www.w3.org/2002/03/xkms#" + Id="I94d1048aa24259465d7271cb4433dbb4" + Service="http://www.example.com/xkms"> + <RespondWith>KeyName</RespondWith> + <RespondWith>KeyValue</RespondWith> + <RespondWith>X509Cert</RespondWith> + <RespondWith>X509Chain</RespondWith> + <RespondWith>PGPWeb</RespondWith> + <RespondWith>PGP</RespondWith> + <RespondWith>Multiple</RespondWith> + <QueryKeyBinding> + <KeyUsage>Encryption</KeyUsage> + <UseKeyWith Application="urn:ietf:rfc:2440" Identifier="bob@bobcorp.test"/> + <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@bobcorp.test"/> + </QueryKeyBinding> + </LocateRequest> + </env:Body> +</env:Envelope> diff --git a/tests/aleksey-xkms-01/status-request-success.xml b/tests/aleksey-xkms-01/status-request-success.xml new file mode 100644 index 00000000..14f52431 --- /dev/null +++ b/tests/aleksey-xkms-01/status-request-success.xml @@ -0,0 +1,2 @@ +<?xml version="1.0"?> +<StatusResult xmlns="http://www.w3.org/2002/03/xkms#" Id="qWvHe4Wa3MO8EpJoPhhXTY9jf_PGByYC" Service="http://www.example.com/xkms" RequestId="aleksey_xkms_01_status_request" ResultMajor="Success"/> diff --git a/tests/aleksey-xkms-01/status-request.xml b/tests/aleksey-xkms-01/status-request.xml new file mode 100644 index 00000000..bb54cf69 --- /dev/null +++ b/tests/aleksey-xkms-01/status-request.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<xkms:StatusRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + xmlns:xkms="http://www.w3.org/2002/03/xkms#" + Id="aleksey_xkms_01_status_request" + Service="http://www.example.com/xkms" > +</xkms:StatusRequest> diff --git a/tests/aleksey-xkms-01/validate-example-1-no-match.xml b/tests/aleksey-xkms-01/validate-example-1-no-match.xml new file mode 100644 index 00000000..482ddffe --- /dev/null +++ b/tests/aleksey-xkms-01/validate-example-1-no-match.xml @@ -0,0 +1,2 @@ +<?xml version="1.0"?> +<ValidateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="U8u3JSp5D5o2rbKEd8Y8yG1UBBC5_szY" Service="http://www.example.com/xkms" RequestId="Ic4d10f0affff49382b021a820613fa71" ResultMajor="Sender" ResultMinor="NoMatch"/> diff --git a/tests/aleksey-xkms-01/validate-example-1.xml b/tests/aleksey-xkms-01/validate-example-1.xml new file mode 100644 index 00000000..a184cb94 --- /dev/null +++ b/tests/aleksey-xkms-01/validate-example-1.xml @@ -0,0 +1,65 @@ +<?xml version="1.0" encoding="utf-8"?> +<ValidateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + xmlns="http://www.w3.org/2002/03/xkms#" + Id="Ic4d10f0affff49382b021a820613fa71" + Service="http://www.example.com/xkms"> + <RespondWith>KeyName</RespondWith> + <QueryKeyBinding> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate> +MIIEDTCCA7egAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBvzELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCkNhbGlmb3JuaWExHTAbBgNVBAoTFFhNTCBTZWN1cml0eSBMaWJy +YXJ5MTEwLwYDVQQLEyhhbGVrc2V5LXhrbXMtMDEgc2Vjb25kIGxldmVsIGNlcnRp +ZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYzEh +MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4XDTA0MDIwMzE5MTEy +OFoXDTE0MDEzMTE5MTEyOFowgcsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp +Zm9ybmlhMR0wGwYDVQQKExRYTUwgU2VjdXJpdHkgTGlicmFyeTE9MDsGA1UECxM0 +YWxla3NleS14a21zLTAxIHNpZ25hdHVyZSBhbmQgZW5jcnlwdGlvbiBjZXJ0aWZp +Y2F0ZTEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMxITAf +BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUA +A0sAMEgCQQDS208fS1M+MzOOewMytAU7ecT5ErtLTrK2mZr7QMqAGs696qHv9WOW +i115eDaLW50XRVNr16eiquDtXl53EfBvAgMBAAGjggGOMIIBijAJBgNVHRMEAjAA +MBEGCWCGSAGG+EIBAQQEAwIEsDALBgNVHQ8EBAMCBeAwQwYJYIZIAYb4QgENBDYW +NGFsZWtzZXkteGttcy0wMSBzaWduYXR1cmUgYW5kIGVuY3J5cHRpb24gY2VydGlm +aWNhdGUwHQYDVR0OBBYEFJw9QoFYPiU7VQheRsUV7LrY84+TMIH4BgNVHSMEgfAw +ge2AFBNkETCzKUgXLJp9G7K9hD6tjeDDoYHRpIHOMIHLMQswCQYDVQQGEwJVUzET +MBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMR0wGwYDVQQK +ExRYTUwgU2VjdXJpdHkgTGlicmFyeTEpMCcGA1UECxMgYWxla3NleS14a21zLTAx +IHJvb3QgY2VydGlmaWNhdGUxJjAkBgNVBAMTHWh0dHA6Ly93d3cuYWxla3NleS5j +b20veG1sc2VjMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CAQEw +DQYJKoZIhvcNAQEFBQADQQAsb2Wh4hp+axYEGrsTMqd9j8pKuxJqa89ob4nl/FwN +5jelwnWbB+3HG7f9GusYg6nNzga1EFD3YTfW23YWIKd9 + </ds:X509Certificate> + <ds:X509Certificate> +MIIEJTCCA46gAwIBAgIBATANBgkqhkiG9w0BAQUFADCByzELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEdMBsGA1UE +ChMUWE1MIFNlY3VyaXR5IExpYnJhcnkxKTAnBgNVBAsTIGFsZWtzZXkteGttcy0w +MSByb290IGNlcnRpZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXku +Y29tL3htbHNlYzEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X +DTA0MDIwMzE5MTEyN1oXDTE0MDEzMTE5MTEyN1owgb8xCzAJBgNVBAYTAlVTMRMw +EQYDVQQIEwpDYWxpZm9ybmlhMR0wGwYDVQQKExRYTUwgU2VjdXJpdHkgTGlicmFy +eTExMC8GA1UECxMoYWxla3NleS14a21zLTAxIHNlY29uZCBsZXZlbCBjZXJ0aWZp +Y2F0ZTEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMxITAf +BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUA +A0sAMEgCQQDd+36RCkHXnn6pxsfTKhTo/Zocgr4pgtOzS+aT5eji+A0GzPaFHXpY +0K+nDphWUYBzjrjOkxMBzlvv+BOvc9SzAgMBAAGjggFlMIIBYTAMBgNVHRMEBTAD +AQH/MB0GA1UdDgQWBBQTZBEwsylIFyyafRuyvYQ+rY3gwzCB+AYDVR0jBIHwMIHt +gBQL/BC2Efo+FlwlBLXi428w6cRhNqGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzAR +BgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEdMBsGA1UEChMU +WE1MIFNlY3VyaXR5IExpYnJhcnkxKTAnBgNVBAsTIGFsZWtzZXkteGttcy0wMSBy +b290IGNlcnRpZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29t +L3htbHNlYzEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEAMDcG +CWCGSAGG+EIBDQQqFihhbGVrc2V5LXhrbXMtMDEgc2Vjb25kIGxldmVsIGNlcnRp +ZmljYXRlMA0GCSqGSIb3DQEBBQUAA4GBAGMs5oZgbjfJBTeWZ7VZHAOyT+sS0tzK +EPONgoId9RZLlBmxosG2zZ+Tu5xEqxh4HlkUzHEnenB7K/fmGTnQDrHHQH3Q/afI +zMot8vXO5V3GX7vdYwU6tCEWUG+2JoaJ2riDcrkVwdEpKLo6GH3bGsqkreeH05ll +oL+n2iYuEzV+ + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <KeyUsage>Signature</KeyUsage> + <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="alice@alicecorp.test"/> + </QueryKeyBinding> +</ValidateRequest> |