diff options
Diffstat (limited to 'tests/keys')
55 files changed, 1769 insertions, 0 deletions
diff --git a/tests/keys/README b/tests/keys/README new file mode 100644 index 00000000..14515024 --- /dev/null +++ b/tests/keys/README @@ -0,0 +1,203 @@ +README + +0. Passwords + For all files the password is "secret". + +1. Files list + + cakey.pem Root CA private key + cacert.pem Root CA for cakey.pem + ca2key.pem RSA private key + ca2cert.pem Second-level RSA cert for ca2key.pem + dsakey.pem DSA private key + dsacert.pem Third level DSA cert for dsakey.pem + rsakey.pem RSA private key + rsacert.pem Third level RSA cert for rsacert.pem + hmackey.bin HMAC key ('secret') + expired.key key for expired cert + expired.crt expired certificate + rsa2key.pem RSA private key + rsa2cert.pem Self signed RSA certificate with negative serial number + +2. How certificates were generated: + + A. Create new CA + - Change DAYS and CADAYS in CA.pl to 3650 (10 years) + > export SSLEAY_CONFIG="-config ./openssl.cnf" + > CA.pl -newca + > cp ./demoCA/cacert.pem . + > cp ./demoCA/private/cakey.pem . + > openssl x509 -text -in cacert.pem + + B. Generate RSA key and second level CA + > openssl genrsa -out ca2key.pem + > openssl req -config ./openssl.cnf -new -key ca2key.pem -out ca2req.pem + > openssl ca -config ./openssl.cnf -cert cacert.pem -keyfile cakey.pem \ + -out ca2cert.pem -infiles ca2req.pem + > openssl verify -CAfile cacert.pem ca2cert.pem + + C. Generate and sign DSA key with second level CA + > openssl dsaparam -out dsakey.pem -genkey 512 + > openssl req -config ./openssl.cnf -new -key dsakey.pem -out dsareq.pem + > openssl ca -config ./openssl.cnf -cert ca2cert.pem -keyfile ca2key.pem \ + -out dsacert.pem -infiles dsareq.pem + > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem dsacert.pem + + D. Generate and sign RSA key with second level CA + > openssl genrsa -out rsakey.pem + > openssl req -config ./openssl.cnf -new -key rsakey.pem -out rsareq.pem + > openssl ca -config ./openssl.cnf -cert ca2cert.pem -keyfile ca2key.pem \ + -out rsacert.pem -infiles rsareq.pem + > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem rsacert.pem + + E. Generate and sign large RSA key with second level CA + > openssl genrsa -out largersakey.pem 4096 + > openssl req -config ./openssl.cnf -new -key largersakey.pem -out largersareq.pem + > openssl ca -config ./openssl.cnf -cert ca2cert.pem -keyfile ca2key.pem \ + -out largersacert.pem -infiles largersareq.pem + > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem largersacert.pem + + F. Generate and sign short-live RSA cert for "expired cert" test + > openssl genrsa -out expiredkey.pem + > openssl req -config ./openssl.cnf -new -days 1 -key expiredkey.pem \ + -out expiredreq.pem + > openssl ca -config ./openssl.cnf -days 1 -cert ca2cert.pem \ + -keyfile ca2key.pem -out expiredcert.pem -infiles expiredreq.pem + > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem expiredcert.pem + +3. Converting key and certs between PEM and DER formats + + - Convert PEM private key file to DER file + RSA key: + > openssl rsa -inform PEM -outform DER -in rsakey.pem -out rsakey.der + > openssl rsa -inform PEM -outform DER -in largersakey.pem -out largersakey.der + > openssl rsa -inform PEM -outform DER -in expiredkey.pem -out expiredkey.der + DSA key: + > openssl dsa -inform PEM -outform DER -in dsakey.pem -out dsakey.der + + - Convert PEM cert file to DER file + > openssl x509 -outform DER -in cacert.pem -out cacert.der + > openssl x509 -outform DER -in ca2cert.pem -out ca2cert.der + > openssl x509 -outform DER -in dsacert.pem -out dsacert.der + > openssl x509 -outform DER -in rsacert.pem -out rsacert.der + > openssl x509 -outform DER -in largersacert.pem -out largersacert.der + > openssl x509 -outform DER -in expiredcert.pem -out expiredcert.der + + - (optional) Convert PEM public key file to DER file + RSA key: + > openssl rsa -inform PEM -outform DER -pubin -pubout -in lugh.key -out lugh.der + DSA key: + > openssl dsa -inform PEM -outform DER -pubin -pubout -in lugh.key -out lugh.der + + If you aren't sure if the public key is RSA or DSA, just run one of + the above commands, and the error messaging will make it clear :) + + - (optional) Convert DER cert file to PEM file + > openssl x509 -inform DER -outform PEM -in ca2cert.der -out ca2cert.pem + +4. Converting an unencrypted PEM or DER file containing a private key + to an encrypted PEM or DER file containing the same private key but + encrypted + > openssl pkcs8 -in dsakey.pem -inform pem -out dsakey.p8-pem -outform pem -topk8 + > openssl pkcs8 -in dsakey.der -inform der -out dsakey.p8-der -outform der -topk8 + > openssl pkcs8 -in rsakey.pem -inform pem -out rsakey.p8-pem -outform pem -topk8 + > openssl pkcs8 -in rsakey.der -inform der -out rsakey.p8-der -outform der -topk8 + > openssl pkcs8 -in largersakey.pem -inform pem -out largersakey.p8-pem \ + -outform pem -topk8 + > openssl pkcs8 -in largersakey.der -inform der -out largersakey.p8-der \ + -outform der -topk8 + +5. NSS is unfriendly towards standalone private keys. + This procedure helps convert raw private keys into PKCS12 form that is + suitable for not only NSS but all crypto engines. + + > cat dsakey.pem dsacert.pem ca2cert.pem cacert.pem > alldsa.pem + > openssl pkcs12 -export -in alldsa.pem -name TestDsaKey -out dsakey.p12 + + > cat rsakey.pem rsacert.pem ca2cert.pem cacert.pem > allrsa.pem + > openssl pkcs12 -export -in allrsa.pem -name TestRsaKey -out rsakey.p12 + + > cat largersakey.pem largersacert.pem ca2cert.pem cacert.pem > alllargersa.pem + > openssl pkcs12 -export -in alllargersa.pem -name TestLargeRsaKey -out largersakey.p12 + + > cat expiredkey.pem expiredcert.pem ca2cert.pem cacert.pem > allexpired.pem + > openssl pkcs12 -export -in allexpired.pem -name TestExpiredRsaKey \ + -out expiredkey.p12 + + + 5a. + Input: DSA/RSA private key in PEM or DER format + Output: A PKCS12 file containing the private key, and a self-signed + certificate with the corresponding public key + + # first convert key file to PEM format, if not already in that format + > openssl <dsa|rsa> -inform der -outform pem -in key.der -out key.pem + + # answer questions at the prompt + # Note: use a unique subject (=issuer) for each self-signed cert you + # create (since there is no way to specify serial # using the command + # below) + > openssl req -new -keyform <der|pem> -key key.<der|pem> -x509 -sha1 -days 999999 -outform pem -out cert.pem + + # now using the cert and key in PEM format, conver them to a PKCS12 file + # enter some password on prompt + > openssl pkcs12 -export -in cert.pem -inkey key.pem -name <nickname> -out keycert.p12 + + # This pkcs12 file can be used directly on the xmlsec command line, or + # can be pre-loaded into the crypto engine database (if any). + + # In the case of NSS, you can pre-load the key using pk12util. + # The key and cert will have the nickname "nickname" (used in above step) + > pk12util -d <nss_config_dir> -i keycert.p12 + + 5b. + Input: DSA/RSA private key in PEM or DER format + KeyCert containing corresponding public key + Other certs in the chain leading from KeyCert to the root + Output: A PKCS12 file containing the private key, the KeyCert and the + certs in the chain + + # first convert key file to PEM format, if not already in that format + > openssl <dsa|rsa> -inform der -outform pem -in key.der -out key.pem + + # convert all cert files to PEM format, if not already in that format + > openssl x509 -inform der -outform pem -in cert.der -out cert.pem + + # concatenate all cert.pem files created above to 1 file - allcerts.pem + > cat keycert.pem cert1.pem cert2.pem .... > allcerts.pem + + # now using the certs and key in PEM format, conver them to a PKCS12 file + # enter some password on prompt + > openssl pkcs12 -export -in allcerts.pem -inkey key.pem \ + -name <nickname of key & keycert> + [-caname <nickname of cert1> -caname <nickname of cert2>.... ] + -out keycert.p12 + + # This pkcs12 file can be used directly on the xmlsec command line, or + # can be pre-loaded into the crypto engine database (if any). + + # In the case of NSS, you can pre-load the key using pk12util. + # The key and certs will have the nickname "nickname" + # (used in above step) + > pk12util -d <nss_config_dir> -i keycert.p12 + +6. On Windows, one needs to specify Crypto Service Provider (CSP) in the +pkcs12 file to ensure it is loaded correctly to be used with SHA2 algorithms. +Worse, the CSP is different for XP and older versions + + + Input: DSA/RSA private key in PEM or DER format + Output: A PKCS12 file containing the private key, and a self-signed + certificate with the corresponding public key. Plus the CSP + name to be used for this key/cert. + + + > cat rsakey.pem rsacert.pem ca2cert.pem cacert.pem > allrsa.pem + > openssl pkcs12 -export -in allrsa.pem -name TestRsaKey -out rsakey-winxp.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" + > openssl pkcs12 -export -in allrsa.pem -name TestRsaKey -out rsakey-win.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" + + + > cat largersakey.pem largersacert.pem ca2cert.pem cacert.pem > alllargersa.pem + > openssl pkcs12 -export -in alllargersa.pem -name TestLargeRsaKey -out largersakey-winxp.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" + > openssl pkcs12 -export -in alllargersa.pem -name TestLargeRsaKey -out largersakey-win.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" + diff --git a/tests/keys/ca2cert.der b/tests/keys/ca2cert.der Binary files differnew file mode 100644 index 00000000..0f163c46 --- /dev/null +++ b/tests/keys/ca2cert.der diff --git a/tests/keys/ca2cert.pem b/tests/keys/ca2cert.pem new file mode 100644 index 00000000..aacdd36d --- /dev/null +++ b/tests/keys/ca2cert.pem @@ -0,0 +1,66 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d6:8e:b8:e0:91:82:2c:f8 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: Jul 10 02:29:55 2005 GMT + Not After : Jul 8 02:29:55 2015 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Second Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:b2:ba:f2:89:d8:2b:94:3c:3d:f7:82:13:ed:e1: + 0f:0c:8a:57:ac:1f:15:5b:6e:9c:8a:7e:66:9b:ad: + 85:69:0c:65:43:98:e2:8a:a7:7d:fb:a8:95:19:67: + de:4a:7f:09:57:6d:1d:a3:d3:3c:8a:58:99:af:47: + 15:31:f8:fb:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E + X509v3 Authority Key Identifier: + keyid:DA:46:E9:6B:E6:AF:D3:3D:AA:E5:21:4B:52:ED:CA:66:28:E0:FE:85 + DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:D6:8E:B8:E0:91:82:2C:F7 + + Signature Algorithm: sha1WithRSAEncryption + 99:8d:11:8d:b4:95:a8:e5:3f:c6:fc:a1:4a:af:09:ba:4e:ae: + f1:b0:c7:60:85:20:ad:f8:48:0d:95:2d:55:3d:6c:fa:8a:78: + 45:e3:8e:90:2e:d6:ed:90:ce:97:c3:31:84:99:ad:e0:a3:2a: + 73:a9:e2:62:84:1e:b9:74:c0:f5:0a:4e:95:e0:6a:8b:c4:7b: + fb:47:32:78:67:9b:a3:92:4e:15:63:7b:27:bc:25:96:ea:4a: + a7:58:89:70:ab:5c:01:1c:00:ed:bb:28:fd:0e:4e:79:f0:30: + 0c:de:29:b9:c8:35:dd:f3:98:29:59:2d:17:c5:cb:42:42:14: + b1:f6 +-----BEGIN CERTIFICATE----- +MIIEFTCCA36gAwIBAgIJANaOuOCRgiz4MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG +A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh +bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw +MDIyOTU1WhcNMTUwNzA4MDIyOTU1WjCByDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw +Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKjAoBgNVBAsTIVRlc3QgU2Vjb25k +IExldmVsIFJTQSBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh +MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB +BQADSwAwSAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn +ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAaOCAVMwggFPMAwGA1UdEwQF +MAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj +YXRlMB0GA1UdDgQWBBT+5OxTJPCVlccQteFEtV05ZVrjfjCB8QYDVR0jBIHpMIHm +gBTaRulr5q/TParlIUtS7cpmKOD+haGBwqSBvzCBvDELMAkGA1UEBhMCVVMxEzAR +BgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5 +IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3Qg +Um9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG +SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkA1o644JGCLPcwDQYJKoZIhvcN +AQEFBQADgYEAmY0RjbSVqOU/xvyhSq8Juk6u8bDHYIUgrfhIDZUtVT1s+op4ReOO +kC7W7ZDOl8MxhJmt4KMqc6niYoQeuXTA9QpOleBqi8R7+0cyeGebo5JOFWN7J7wl +lupKp1iJcKtcARwA7bso/Q5OefAwDN4pucg13fOYKVktF8XLQkIUsfY= +-----END CERTIFICATE----- diff --git a/tests/keys/ca2key.pem b/tests/keys/ca2key.pem new file mode 100644 index 00000000..1b842b7d --- /dev/null +++ b/tests/keys/ca2key.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn +ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAQJBAKXFUUlar2jIyyyygCuF +L8EQ2yowlk18dULa4+6GbZO0t7D+sPAjog7xxSG3ppM0jvh2QO0w0CHz4E+DD5l4 +v/kCIQDYd4Iy9gUBDxsL2bLnVr+HWqrmA8fmksd+x9Nr0f2dBwIhANNfI1VenWH6 +76PXxDFEHeexPXm8iEu5u4oq9i10rzqVAiABZNObzGW/2f8MlnxGbRKSpozPKlsR +KwTJ1jOQUCvX5QIhALNaAcg5bT+rRlX3CmFnVBy5ttkqEVh389rsU1EEtn71AiEA +zIAQsg4C691XNHCPRdrQFG+tKoeyyuwaBr1Xn4dGpTU= +-----END RSA PRIVATE KEY----- diff --git a/tests/keys/cacert.der b/tests/keys/cacert.der Binary files differnew file mode 100644 index 00000000..170a3f69 --- /dev/null +++ b/tests/keys/cacert.der diff --git a/tests/keys/cacert.pem b/tests/keys/cacert.pem new file mode 100644 index 00000000..a86c2e77 --- /dev/null +++ b/tests/keys/cacert.pem @@ -0,0 +1,72 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d6:8e:b8:e0:91:82:2c:f7 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: Jul 10 02:29:01 2005 GMT + Not After : Jul 8 02:29:01 2015 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:da:c9:a1:5a:8c:9c:4e:75:55:3e:f0:48:f0:3b: + 7d:52:d9:7a:8d:99:8c:71:6c:77:e2:50:93:b7:c3: + 68:79:ec:e3:d4:90:a0:1c:29:ee:46:be:df:61:25: + b3:d3:6f:70:b8:6e:53:d2:70:e9:1e:d9:17:b1:2a: + 75:d2:ee:90:17:5d:bc:45:96:05:25:67:44:0a:d0: + ad:a9:76:5e:79:f4:e4:a6:ae:d1:f7:98:f3:fd:04: + 9b:ef:0c:c9:71:91:c3:63:f7:f1:1e:0f:ec:86:77: + c1:8d:ff:24:fa:3d:30:e1:f0:6f:f8:96:cc:ce:5c: + bf:ad:c8:a2:24:0b:86:2c:ff + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + DA:46:E9:6B:E6:AF:D3:3D:AA:E5:21:4B:52:ED:CA:66:28:E0:FE:85 + X509v3 Authority Key Identifier: + keyid:DA:46:E9:6B:E6:AF:D3:3D:AA:E5:21:4B:52:ED:CA:66:28:E0:FE:85 + DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:D6:8E:B8:E0:91:82:2C:F7 + + Signature Algorithm: sha1WithRSAEncryption + 54:5d:b7:4e:4d:0c:00:ad:c3:6b:6f:16:af:cc:04:69:d8:91: + 8e:9f:3a:3a:5b:34:e6:f8:e1:52:5c:2d:05:d3:c6:30:4f:c8: + d6:6e:1b:7d:ed:ef:25:34:d5:4e:05:4e:18:ff:7f:11:79:9a: + 98:0b:d3:aa:16:87:c6:d7:f3:bd:01:d4:39:f1:62:ff:15:68: + 3c:0e:03:f9:30:93:d3:4f:d9:11:53:71:54:d3:58:d4:89:7d: + be:91:b7:67:82:16:40:38:99:b4:ce:24:4d:c5:f3:4f:c0:82: + 16:3c:a6:17:c9:71:0a:41:0c:eb:9f:1c:85:7b:2d:61:3f:b7: + 20:e8 +-----BEGIN CERTIFICATE----- +MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG +A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh +bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw +MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw +Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD +ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ +ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT +b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx +kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w +DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg +Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV +HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG +EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5 +IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE +CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu +MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN +BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F +08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT +T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg +6A== +-----END CERTIFICATE----- diff --git a/tests/keys/cakey.pem b/tests/keys/cakey.pem new file mode 100644 index 00000000..0270e59c --- /dev/null +++ b/tests/keys/cakey.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,77F426A47A174623 + +FH1NdgJgrX1OGKM0WfzwRUWmLTmfawdaUPeFNJbz1+40J5DEt1DmC6o0QkXoxIPC +Te/+FS80gNruYgYIWu4WXftCSdvSfGI8LP1JZ7hmMCl055J2mLVKT4o6HqAQnHrb +hTATVG6CB/GdHTFPG3J65qIyTlG50jyzfwZtliMCCAwi+AaAlo5xzUe0DgedytB2 +sFkLq5EiD6066P/LXPH/Z5SJKiMCFOl0Gjwd3M9ohZufnEJPJT5ap2fm7OSJSfa6 +jPREY+UwhPyKkYOc2c8gojj6HrsSQlXPl176b1+31c19hhhRAtDfJBIU2OrOFVk/ +V88/Dm0I+ROyLme0rYfFg8uHz2aIymzEMds5ZKEFTFbBhaWbVYKIX7+82tftnd+P +2kT15JAK9V27F0p4SRiQ5RsDkT3rBWsZjtk9Rptkrgec9aKoTaO2fT8bPaWFR/M1 +6X7kjMqhLw1sHmsSeDKx0YCWfS+gWh7RPjGQ2EfH2pxoZkUAR5R3cZCEn3Ia1BeV +UTFWy+DwjEeSrNkO96E0pH1r8204cJAKK8cWS4HSAPMsQPf5cZjIrrAak/9Wupkq +fnrB0Ae6GFO2gHYQfbSL+KdEq6w5+S6XZyTauVyaJAjjIFDmegfaKWHzNvqCWJ4T +YPsiptUrKz6DYyhiUrNJQKcyGWHWrwMNIbldqSBNCa8OIVoaZiRibgO1SIafAGAS +9MDXXVaY6rqx1yfZYDc9VgKGXTJhBXALCeGMYF43bvAmPq3M13QJA0rlO7lAUUF2 +5INqBUeJxZrYxn6tRr9EMty/UcYnPR3YHgt0RDZycvbcqPsU5tHk9Q== +-----END RSA PRIVATE KEY----- diff --git a/tests/keys/demoCA/cacert.pem b/tests/keys/demoCA/cacert.pem new file mode 100644 index 00000000..a86c2e77 --- /dev/null +++ b/tests/keys/demoCA/cacert.pem @@ -0,0 +1,72 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d6:8e:b8:e0:91:82:2c:f7 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: Jul 10 02:29:01 2005 GMT + Not After : Jul 8 02:29:01 2015 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:da:c9:a1:5a:8c:9c:4e:75:55:3e:f0:48:f0:3b: + 7d:52:d9:7a:8d:99:8c:71:6c:77:e2:50:93:b7:c3: + 68:79:ec:e3:d4:90:a0:1c:29:ee:46:be:df:61:25: + b3:d3:6f:70:b8:6e:53:d2:70:e9:1e:d9:17:b1:2a: + 75:d2:ee:90:17:5d:bc:45:96:05:25:67:44:0a:d0: + ad:a9:76:5e:79:f4:e4:a6:ae:d1:f7:98:f3:fd:04: + 9b:ef:0c:c9:71:91:c3:63:f7:f1:1e:0f:ec:86:77: + c1:8d:ff:24:fa:3d:30:e1:f0:6f:f8:96:cc:ce:5c: + bf:ad:c8:a2:24:0b:86:2c:ff + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + DA:46:E9:6B:E6:AF:D3:3D:AA:E5:21:4B:52:ED:CA:66:28:E0:FE:85 + X509v3 Authority Key Identifier: + keyid:DA:46:E9:6B:E6:AF:D3:3D:AA:E5:21:4B:52:ED:CA:66:28:E0:FE:85 + DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:D6:8E:B8:E0:91:82:2C:F7 + + Signature Algorithm: sha1WithRSAEncryption + 54:5d:b7:4e:4d:0c:00:ad:c3:6b:6f:16:af:cc:04:69:d8:91: + 8e:9f:3a:3a:5b:34:e6:f8:e1:52:5c:2d:05:d3:c6:30:4f:c8: + d6:6e:1b:7d:ed:ef:25:34:d5:4e:05:4e:18:ff:7f:11:79:9a: + 98:0b:d3:aa:16:87:c6:d7:f3:bd:01:d4:39:f1:62:ff:15:68: + 3c:0e:03:f9:30:93:d3:4f:d9:11:53:71:54:d3:58:d4:89:7d: + be:91:b7:67:82:16:40:38:99:b4:ce:24:4d:c5:f3:4f:c0:82: + 16:3c:a6:17:c9:71:0a:41:0c:eb:9f:1c:85:7b:2d:61:3f:b7: + 20:e8 +-----BEGIN CERTIFICATE----- +MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG +A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh +bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw +MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw +Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD +ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ +ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT +b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx +kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w +DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg +Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV +HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG +EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5 +IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE +CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu +MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN +BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F +08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT +T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg +6A== +-----END CERTIFICATE----- diff --git a/tests/keys/demoCA/careq.pem b/tests/keys/demoCA/careq.pem new file mode 100644 index 00000000..751683c9 --- /dev/null +++ b/tests/keys/demoCA/careq.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICETCCAXoCAQAwgdAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh +MRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy +YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRl +c3QgUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G +CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAc +Ke5Gvt9hJbPTb3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3 +mPP9BJvvDMlxkcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQAB +oAAwDQYJKoZIhvcNAQEFBQADgYEAwvOxekaXG1dTb9oqedDGoI6iiej8rSySBFbG +7JezbVlB3MuvbSn28YVDXW/R+TEgeumiT4LxcGWRWzB15uldsTuwb3Tr8a/VBb4g +tssb19qToEo0qlhJwXyPbSnoytdkBnF0s7EVksSjNF77GJXKHkfq+nUcwB9djTa1 +IXqN41A= +-----END CERTIFICATE REQUEST----- diff --git a/tests/keys/demoCA/index.txt b/tests/keys/demoCA/index.txt new file mode 100644 index 00000000..fd1f6743 --- /dev/null +++ b/tests/keys/demoCA/index.txt @@ -0,0 +1,6 @@ +V 150708022901Z D68EB8E091822CF7 unknown /C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com +V 150708022955Z D68EB8E091822CF8 unknown /C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Second Level RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com +V 150708023159Z D68EB8E091822CF9 unknown /C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Third Level DSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com +V 150708023302Z D68EB8E091822CFA unknown /C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Third Level RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com +V 050711035156Z D68EB8E091822CFB unknown /C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Expired RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com +V 150709025011Z D68EB8E091822CFC unknown /C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Large RSA Key/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com diff --git a/tests/keys/demoCA/newcerts/01.pem b/tests/keys/demoCA/newcerts/01.pem new file mode 100644 index 00000000..1d52b059 --- /dev/null +++ b/tests/keys/demoCA/newcerts/01.pem @@ -0,0 +1,65 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=California, L=Sunnyvale, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: Feb 2 08:00:59 2002 GMT + Not After : Jan 31 08:00:59 2012 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Second Level Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:c8:2e:eb:aa:1c:0a:f2:7f:21:d8:05:b6:87:a7: + cb:a3:15:fb:32:94:18:60:47:54:b9:df:8e:b3:e4: + 39:cc:f5:e6:7e:8b:60:72:f5:61:93:57:28:17:7e: + 26:6e:1f:0b:b7:ad:31:61:71:af:4e:ea:c5:4f:39: + c0:6e:15:3a:e7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 78:D7:2D:91:61:2F:95:22:4A:BB:E1:D5:3D:C6:26:AF:AB:97:D2:04 + X509v3 Authority Key Identifier: + keyid:B4:B9:EF:9A:E6:97:0E:68:65:1E:98:CE:FA:55:0D:89:06:DB:4C:7C + DirName:/C=US/ST=California/L=Sunnyvale/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:00 + + Signature Algorithm: md5WithRSAEncryption + 71:24:77:dd:31:b7:13:3a:95:16:25:d4:2b:58:dc:c7:6d:0b: + 72:1c:c4:9d:2d:21:d3:00:b2:21:d7:43:91:86:5b:41:5d:26: + 1e:bc:9c:b0:5e:66:33:d8:5e:f4:f3:45:ae:10:3c:5d:1e:e5: + 32:b0:bf:04:28:f9:4c:ec:b4:53:26:8a:2a:57:23:38:b7:ad: + f9:51:a3:18:b2:6f:b8:4b:40:38:83:da:56:b4:70:34:49:47: + ea:f6:ae:a1:8a:1c:e6:57:10:c0:ec:bc:23:d7:de:0e:6d:13: + 4c:58:52:0b:4e:b7:d4:47:33:84:d3:14:1b:ba:d3:f0:78:c4: + 66:fe +-----BEGIN CERTIFICATE----- +MIIEFzCCA4CgAwIBAgIBATANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE +ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v +eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl +a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X +DTAyMDIwMjA4MDA1OVoXDTEyMDEzMTA4MDA1OVowgb8xCzAJBgNVBAYTAlVTMRMw +EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy +eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhTZWNv +bmQgTGV2ZWwgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf +BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUA +A0sAMEgCQQDILuuqHAryfyHYBbaHp8ujFfsylBhgR1S5346z5DnM9eZ+i2By9WGT +VygXfiZuHwu3rTFhca9O6sVPOcBuFTrnAgMBAAGjggFXMIIBUzAJBgNVHRMEAjAA +MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd +BgNVHQ4EFgQUeNctkWEvlSJKu+HVPcYmr6uX0gQwgfgGA1UdIwSB8DCB7YAUtLnv +muaXDmhlHpjO+lUNiQbbTHyhgdGkgc4wgcsxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +EwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoTNFhNTCBT +ZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykx +GTAXBgNVBAsTEFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2Fu +aW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIBADANBgkqhkiG +9w0BAQQFAAOBgQBxJHfdMbcTOpUWJdQrWNzHbQtyHMSdLSHTALIh10ORhltBXSYe +vJywXmYz2F7080WuEDxdHuUysL8EKPlM7LRTJooqVyM4t635UaMYsm+4S0A4g9pW +tHA0SUfq9q6hihzmVxDA7Lwj194ObRNMWFILTrfURzOE0xQbutPweMRm/g== +-----END CERTIFICATE----- diff --git a/tests/keys/demoCA/newcerts/02.pem b/tests/keys/demoCA/newcerts/02.pem new file mode 100644 index 00000000..46c32c64 --- /dev/null +++ b/tests/keys/demoCA/newcerts/02.pem @@ -0,0 +1,93 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Second Level Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: Feb 2 08:01:27 2002 GMT + Not After : Jan 31 08:01:27 2012 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Third Level DSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: dsaEncryption + DSA Public Key: + pub: + 3a:7f:8a:04:91:37:ab:54:d1:84:6f:51:b2:93:57: + d3:55:48:e4:2d:15:cd:2c:b8:37:f4:32:0b:86:33: + 10:43:68:ab:71:89:90:a1:c8:62:af:a0:ae:af:59: + a9:5f:71:83:61:9e:a3:fd:e6:aa:17:5c:10:d3:ad: + 61:19:96:11:f3:99:26:3d:7c:a2:e9:03:e9:33:5c: + 79:84:59:e0:78:c7:8c:ad:d6:63:7c:0a:d8:e5:7a: + 40:e9:72:fa:4d:df:c6:01:10:a4:ff:fb:22:50:a4: + 6b:96:08:08:bb:87:5e:b6:ea:8e:7e:5b:d1:77:0a: + f4:bd:86:0e:d5:8e:ca:3b + P: + 00:8a:65:ba:29:80:4f:61:70:1f:ea:2b:52:02:e6: + 2c:d5:a2:cf:7e:cf:3f:bc:11:22:ba:cb:ff:a6:5d: + 57:32:2b:8c:bc:1e:ef:ca:22:60:4a:3f:3f:35:39: + 11:72:2f:d4:5f:fa:d5:5e:ff:2b:6c:24:63:bd:81: + 57:df:1e:7f:e7:77:f8:85:ce:87:2b:3e:c9:40:8e: + 2a:a8:1e:c5:97:93:7c:eb:3a:7e:06:c4:31:35:0e: + 2d:ce:8b:ac:f5:2d:87:4d:dd:bf:cd:d4:f0:56:cb: + ce:f8:7f:65:dc:56:a1:99:5a:7f:9b:62:07:13:85: + b6:ec:96:28:17:8f:6a:3f:5d + Q: + 00:bf:fc:73:5a:a8:d1:be:27:a4:93:6a:cc:5b:7c: + 29:62:ca:53:f5:4b + G: + 50:8c:b3:50:39:4b:7b:ab:82:0a:01:78:46:1f:7c: + 7e:22:99:be:0e:b8:50:9e:05:33:92:fe:59:b0:92: + 32:65:6c:14:dd:3a:7d:3c:31:cb:79:da:3c:f3:82: + cf:3a:2e:7e:c1:ef:fc:1b:de:da:0b:eb:0e:f7:74: + ef:ca:17:58:92:5f:f4:0e:38:a4:86:67:26:47:63: + 12:19:b6:46:c0:c5:a5:73:6a:d2:d3:ca:64:57:23: + 56:c7:66:aa:0e:0c:5f:a6:0d:bb:0a:6f:66:e4:f0: + 4a:80:c6:e6:ed:50:30:dd:26:98:7f:60:99:b2:13: + de:3f:71:e0:c3:be:ec:46 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 47:B5:4E:1A:17:A3:EC:03:C3:38:6C:09:F5:B4:72:E4:4E:B8:84:96 + X509v3 Authority Key Identifier: + keyid:78:D7:2D:91:61:2F:95:22:4A:BB:E1:D5:3D:C6:26:AF:AB:97:D2:04 + DirName:/C=US/ST=California/L=Sunnyvale/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:01 + + Signature Algorithm: md5WithRSAEncryption + 7a:ba:53:30:b9:42:d6:d2:51:68:71:ec:ae:5c:48:d3:10:29: + a0:cb:82:40:af:fc:09:34:ad:58:4e:11:63:6b:3d:0e:ac:23: + 53:96:ca:4d:81:52:2d:7b:07:17:cd:db:11:8f:de:ee:b0:02: + bc:45:6a:b2:a3:ba:94:ef:af:44 +-----BEGIN CERTIFICATE----- +MIIFKTCCBNOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBvzELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy +YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxITAfBgNVBAsTGFNl +Y29uZCBMZXZlbCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh +MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4XDTAyMDIwMjA4MDEy +N1oXDTEyMDEzMTA4MDEyN1owgcIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp +Zm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDovL3d3 +dy5hbGVrc2V5LmNvbS94bWxzZWMpMSQwIgYDVQQLExtUaGlyZCBMZXZlbCBEU0Eg +Q2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0B +CQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQCK +ZbopgE9hcB/qK1IC5izVos9+zz+8ESK6y/+mXVcyK4y8Hu/KImBKPz81ORFyL9Rf ++tVe/ytsJGO9gVffHn/nd/iFzocrPslAjiqoHsWXk3zrOn4GxDE1Di3Oi6z1LYdN +3b/N1PBWy874f2XcVqGZWn+bYgcThbbsligXj2o/XQIVAL/8c1qo0b4npJNqzFt8 +KWLKU/VLAoGAUIyzUDlLe6uCCgF4Rh98fiKZvg64UJ4FM5L+WbCSMmVsFN06fTwx +y3naPPOCzzoufsHv/Bve2gvrDvd078oXWJJf9A44pIZnJkdjEhm2RsDFpXNq0tPK +ZFcjVsdmqg4MX6YNuwpvZuTwSoDG5u1QMN0mmH9gmbIT3j9x4MO+7EYDgYQAAoGA +On+KBJE3q1TRhG9RspNX01VI5C0VzSy4N/QyC4YzEENoq3GJkKHIYq+grq9ZqV9x +g2Geo/3mqhdcENOtYRmWEfOZJj18oukD6TNceYRZ4HjHjK3WY3wK2OV6QOly+k3f +xgEQpP/7IlCka5YICLuHXrbqjn5b0XcK9L2GDtWOyjujggFXMIIBUzAJBgNVHRME +AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 +ZTAdBgNVHQ4EFgQUR7VOGhej7APDOGwJ9bRy5E64hJYwgfgGA1UdIwSB8DCB7YAU +eNctkWEvlSJKu+HVPcYmr6uX0gShgdGkgc4wgcsxCzAJBgNVBAYTAlVTMRMwEQYD +VQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoTNFhN +TCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNl +YykxGTAXBgNVBAsTEFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkg +U2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIBATANBgkq +hkiG9w0BAQQFAANBAHq6UzC5QtbSUWhx7K5cSNMQKaDLgkCv/Ak0rVhOEWNrPQ6s +I1OWyk2BUi17BxfN2xGP3u6wArxFarKjupTvr0Q= +-----END CERTIFICATE----- diff --git a/tests/keys/demoCA/newcerts/03.pem b/tests/keys/demoCA/newcerts/03.pem new file mode 100644 index 00000000..899304b8 --- /dev/null +++ b/tests/keys/demoCA/newcerts/03.pem @@ -0,0 +1,60 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Second Level Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: Feb 2 08:01:48 2002 GMT + Not After : Jan 31 08:01:48 2012 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Third Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:d0:a7:a5:8b:76:b1:e1:34:c6:1c:a9:22:5d:db: + b4:bd:c1:6e:b1:1d:1c:04:50:92:92:09:84:39:e9: + ab:a0:d2:7f:b8:b1:ae:3d:da:5f:25:5a:3d:6b:62: + fa:e6:b1:db:55:df:b5:02:b4:95:aa:39:2c:28:6e: + 3f:67:a7:2b:17 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + A4:18:1D:13:D5:8C:32:84:0C:9D:D1:B8:88:34:FD:5C:37:D9:FA:48 + X509v3 Authority Key Identifier: + keyid:78:D7:2D:91:61:2F:95:22:4A:BB:E1:D5:3D:C6:26:AF:AB:97:D2:04 + DirName:/C=US/ST=California/L=Sunnyvale/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:01 + + Signature Algorithm: md5WithRSAEncryption + 2f:3f:38:6c:2b:1a:18:40:4e:54:4b:0a:63:8b:1c:79:7c:a3: + e2:76:50:03:e7:a6:79:9c:f3:eb:5c:ec:61:a3:bb:2d:4b:f8: + 74:33:c7:77:f6:e3:60:e0:b9:d1:07:d6:2e:f5:13:46:ae:2e: + 0d:7e:8a:47:33:1c:f6:dd:8f:4f +-----BEGIN CERTIFICATE----- +MIIDzTCCA3egAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBvzELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy +YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxITAfBgNVBAsTGFNl +Y29uZCBMZXZlbCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh +MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4XDTAyMDIwMjA4MDE0 +OFoXDTEyMDEzMTA4MDE0OFowgcIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp +Zm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDovL3d3 +dy5hbGVrc2V5LmNvbS94bWxzZWMpMSQwIgYDVQQLExtUaGlyZCBMZXZlbCBSU0Eg +Q2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0B +CQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDQ +p6WLdrHhNMYcqSJd27S9wW6xHRwEUJKSCYQ56aug0n+4sa492l8lWj1rYvrmsdtV +37UCtJWqOSwobj9npysXAgMBAAGjggFXMIIBUzAJBgNVHRMEAjAAMCwGCWCGSAGG ++EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU +pBgdE9WMMoQMndG4iDT9XDfZ+kgwgfgGA1UdIwSB8DCB7YAUeNctkWEvlSJKu+HV +PcYmr6uX0gShgdGkgc4wgcsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y +bmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM +aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxGTAXBgNVBAsT +EFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkq +hkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIBATANBgkqhkiG9w0BAQQFAANB +AC8/OGwrGhhATlRLCmOLHHl8o+J2UAPnpnmc8+tc7GGjuy1L+HQzx3f242DgudEH +1i71E0auLg1+ikczHPbdj08= +-----END CERTIFICATE----- diff --git a/tests/keys/demoCA/newcerts/04.pem b/tests/keys/demoCA/newcerts/04.pem new file mode 100644 index 00000000..8987ac2c --- /dev/null +++ b/tests/keys/demoCA/newcerts/04.pem @@ -0,0 +1,60 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Second Level Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: Feb 2 08:03:01 2002 GMT + Not After : May 3 08:03:01 2002 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Expired Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:c0:20:e3:2b:9b:34:1e:1c:78:cc:a6:ab:20:a5: + 6c:4b:8f:05:60:3d:1e:b9:00:bb:8a:27:d8:46:d5: + 9e:b7:c1:ab:b2:f8:e6:52:64:19:54:36:44:4b:3d: + 68:08:7e:7d:2f:6f:88:4c:41:50:2f:90:8c:35:7f: + 25:d8:e7:47:a1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + AF:B7:A6:58:73:1D:AA:14:33:37:7D:38:CE:D7:AA:00:68:26:39:61 + X509v3 Authority Key Identifier: + keyid:78:D7:2D:91:61:2F:95:22:4A:BB:E1:D5:3D:C6:26:AF:AB:97:D2:04 + DirName:/C=US/ST=California/L=Sunnyvale/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:01 + + Signature Algorithm: md5WithRSAEncryption + 17:42:07:f0:8d:90:14:c3:28:19:ec:07:4c:e0:33:54:69:c0: + 6c:07:84:c3:2f:cb:0a:1f:44:b6:15:8a:13:8c:3b:f4:3d:d3: + dc:aa:d2:14:b5:9c:04:75:57:a9:7e:46:a3:70:00:3d:ee:46: + 1f:11:79:da:34:08:00:68:bf:31 +-----BEGIN CERTIFICATE----- +MIIDxTCCA2+gAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBvzELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy +YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxITAfBgNVBAsTGFNl +Y29uZCBMZXZlbCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh +MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4XDTAyMDIwMjA4MDMw +MVoXDTAyMDUwMzA4MDMwMVowgboxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp +Zm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDovL3d3 +dy5hbGVrc2V5LmNvbS94bWxzZWMpMRwwGgYDVQQLExNFeHBpcmVkIENlcnRpZmlj +YXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxz +ZWNAYWxla3NleS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwCDjK5s0Hhx4 +zKarIKVsS48FYD0euQC7iifYRtWet8GrsvjmUmQZVDZESz1oCH59L2+ITEFQL5CM +NX8l2OdHoQIDAQABo4IBVzCCAVMwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd +T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFK+3plhzHaoU +Mzd9OM7XqgBoJjlhMIH4BgNVHSMEgfAwge2AFHjXLZFhL5UiSrvh1T3GJq+rl9IE +oYHRpIHOMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAG +A1UEBxMJU3Vubnl2YWxlMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAo +aHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRkwFwYDVQQLExBSb290IENl +cnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkB +FhJ4bWxzZWNAYWxla3NleS5jb22CAQEwDQYJKoZIhvcNAQEEBQADQQAXQgfwjZAU +wygZ7AdM4DNUacBsB4TDL8sKH0S2FYoTjDv0PdPcqtIUtZwEdVepfkajcAA97kYf +EXnaNAgAaL8x +-----END CERTIFICATE----- diff --git a/tests/keys/demoCA/newcerts/05.pem b/tests/keys/demoCA/newcerts/05.pem new file mode 100644 index 00000000..02489a43 --- /dev/null +++ b/tests/keys/demoCA/newcerts/05.pem @@ -0,0 +1,83 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=California, L=Sunnyvale, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: Mar 31 04:02:22 2003 GMT + Not After : Mar 28 04:02:22 2013 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Examples RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:97:b8:fe:b4:3f:83:35:78:16:89:04:ec:2b:61: + 8c:bf:c4:5f:00:81:4a:45:e6:d9:cd:e9:e2:3c:97: + 3b:45:ad:aa:e6:8d:0b:77:71:07:01:4f:7c:f9:7d: + e2:19:aa:dd:91:59:f4:f1:cf:3d:ba:78:46:96:11: + 9c:b6:5b:46:39:73:55:23:aa:f7:9e:00:5c:e5:e9: + 49:ec:3b:9c:3f:84:99:3a:90:ad:df:7e:64:86:c6: + 26:72:ce:31:08:79:7e:13:15:b8:e5:bf:d6:56:02: + 8d:60:21:4c:27:18:64:fb:fb:55:70:f6:33:bd:2f: + 55:70:d5:5e:7e:99:ae:a4:e0:aa:45:47:13:a8:30: + d5:a0:8a:9d:cc:20:ec:e4:8e:51:c9:54:c5:7f:3e: + 66:2d:74:bf:a3:7a:f8:f3:ec:94:57:39:b4:ac:00: + 75:62:61:54:b4:d0:e0:52:86:f8:5e:77:ec:50:43: + 9c:d2:ba:a7:8c:62:5a:bc:b2:fe:f3:cc:62:7e:23: + 60:6b:c7:51:49:37:78:7e:25:15:30:ab:fa:b4:ae: + 25:8f:22:fc:a3:48:7f:f2:0a:8a:6e:e0:fe:8d:f0: + 01:ed:c6:33:cc:6b:a1:fd:a6:80:ef:06:8c:af:f6: + 40:3a:8e:42:14:20:61:12:1f:e3:fc:05:b1:05:d5: + 65:c3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 24:84:2C:F2:D4:59:20:62:8B:2E:5C:86:90:A3:AA:30:BA:27:1A:9C + X509v3 Authority Key Identifier: + keyid:B4:B9:EF:9A:E6:97:0E:68:65:1E:98:CE:FA:55:0D:89:06:DB:4C:7C + DirName:/C=US/ST=California/L=Sunnyvale/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:00 + + Signature Algorithm: md5WithRSAEncryption + b5:3f:9b:32:31:4a:ff:2f:84:3b:a8:9b:11:5c:a6:5c:f0:76: + 52:d9:6e:f4:90:ad:fa:0d:90:c1:98:d5:4a:12:dd:82:6b:37: + e8:d9:2d:62:92:c9:61:37:98:86:8f:a4:49:6a:5e:25:d0:18: + 69:30:0f:98:8f:43:58:89:31:b2:3b:05:e2:ef:c7:a6:71:5f: + f7:fe:73:c5:a7:b2:cd:2e:73:53:71:7d:a8:4c:68:1a:32:1b: + 5e:48:2f:8f:9b:7a:a3:b5:f3:67:e8:b1:a2:89:4e:b2:4d:1b: + 79:9c:ff:f0:0d:19:4f:4e:b1:03:3d:99:f0:44:b7:8a:0b:34: + 9d:83 +-----BEGIN CERTIFICATE----- +MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE +ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v +eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl +a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X +DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw +EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy +eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt +cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf +BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt +quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E +mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg +qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53 +7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w +Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG +A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp +ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw +MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE +ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v +eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl +a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA +MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY +1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn +ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL +NJ2D +-----END CERTIFICATE----- diff --git a/tests/keys/demoCA/private/cakey.pem b/tests/keys/demoCA/private/cakey.pem new file mode 100644 index 00000000..0270e59c --- /dev/null +++ b/tests/keys/demoCA/private/cakey.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,77F426A47A174623 + +FH1NdgJgrX1OGKM0WfzwRUWmLTmfawdaUPeFNJbz1+40J5DEt1DmC6o0QkXoxIPC +Te/+FS80gNruYgYIWu4WXftCSdvSfGI8LP1JZ7hmMCl055J2mLVKT4o6HqAQnHrb +hTATVG6CB/GdHTFPG3J65qIyTlG50jyzfwZtliMCCAwi+AaAlo5xzUe0DgedytB2 +sFkLq5EiD6066P/LXPH/Z5SJKiMCFOl0Gjwd3M9ohZufnEJPJT5ap2fm7OSJSfa6 +jPREY+UwhPyKkYOc2c8gojj6HrsSQlXPl176b1+31c19hhhRAtDfJBIU2OrOFVk/ +V88/Dm0I+ROyLme0rYfFg8uHz2aIymzEMds5ZKEFTFbBhaWbVYKIX7+82tftnd+P +2kT15JAK9V27F0p4SRiQ5RsDkT3rBWsZjtk9Rptkrgec9aKoTaO2fT8bPaWFR/M1 +6X7kjMqhLw1sHmsSeDKx0YCWfS+gWh7RPjGQ2EfH2pxoZkUAR5R3cZCEn3Ia1BeV +UTFWy+DwjEeSrNkO96E0pH1r8204cJAKK8cWS4HSAPMsQPf5cZjIrrAak/9Wupkq +fnrB0Ae6GFO2gHYQfbSL+KdEq6w5+S6XZyTauVyaJAjjIFDmegfaKWHzNvqCWJ4T +YPsiptUrKz6DYyhiUrNJQKcyGWHWrwMNIbldqSBNCa8OIVoaZiRibgO1SIafAGAS +9MDXXVaY6rqx1yfZYDc9VgKGXTJhBXALCeGMYF43bvAmPq3M13QJA0rlO7lAUUF2 +5INqBUeJxZrYxn6tRr9EMty/UcYnPR3YHgt0RDZycvbcqPsU5tHk9Q== +-----END RSA PRIVATE KEY----- diff --git a/tests/keys/demoCA/serial b/tests/keys/demoCA/serial new file mode 100644 index 00000000..fcb2a009 --- /dev/null +++ b/tests/keys/demoCA/serial @@ -0,0 +1 @@ +D68EB8E091822CFD diff --git a/tests/keys/dsacert.der b/tests/keys/dsacert.der Binary files differnew file mode 100644 index 00000000..fb063bec --- /dev/null +++ b/tests/keys/dsacert.der diff --git a/tests/keys/dsacert.pem b/tests/keys/dsacert.pem new file mode 100644 index 00000000..0119b658 --- /dev/null +++ b/tests/keys/dsacert.pem @@ -0,0 +1,78 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d6:8e:b8:e0:91:82:2c:f9 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Second Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: Jul 10 02:31:59 2005 GMT + Not After : Jul 8 02:31:59 2015 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third Level DSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: dsaEncryption + DSA Public Key: + pub: + 3a:27:48:30:c9:93:75:5a:21:f7:55:1c:f9:ce:8a: + d4:6a:57:95:cf:15:f3:03:92:c3:5b:d1:67:a5:9d: + 97:65:fe:aa:24:97:d7:9a:53:ef:2e:88:7e:cb:b6: + c5:34:41:85:fd:94:4f:24:4e:99:5c:51:d0:f4:6f: + 18:c3:60:9d + P: + 00:c8:31:fc:3a:3f:bf:45:73:0d:21:af:16:0a:ab: + 77:8f:87:bc:26:7a:f7:3d:e5:48:df:17:62:47:40: + 90:57:25:bf:57:14:16:b9:2d:1c:bb:d6:5c:e1:fc: + e6:0c:1f:8a:21:e2:08:a2:15:54:55:04:25:bd:1e: + 96:6a:39:33:49 + Q: + 00:94:43:ab:9a:a8:c9:1b:7b:5f:8d:4e:3d:5e:32: + 6e:33:70:17:36:c9 + G: + 05:33:c3:39:9b:a7:9d:db:67:e6:f3:0d:c3:94:e9: + 41:a1:dc:88:3f:4c:57:4b:19:76:1e:be:cd:ed:89: + 96:85:2d:af:ff:11:81:7e:97:94:dd:b2:bd:cd:42: + 91:91:45:fe:1a:ad:7b:d7:3d:9c:88:26:16:18:1c: + 95:64:ec:e3 + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + A5:58:9F:29:70:2D:1A:42:47:44:03:DA:AE:67:A7:BA:F7:29:65:3E + X509v3 Authority Key Identifier: + keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E + DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:D6:8E:B8:E0:91:82:2C:F8 + + Signature Algorithm: sha1WithRSAEncryption + 24:1f:4a:73:8f:d9:d2:14:f0:88:36:11:e5:f5:d5:3f:2c:c0: + 8c:3f:81:78:28:51:17:5e:33:b5:69:75:3a:5e:91:11:61:51: + 6c:81:9f:13:3d:d7:0e:00:87:0a:2a:1c:33:c1:31:5e:2e:f3: + 9f:6e:91:d3:bd:9c:74:1c:fb:fb +-----BEGIN CERTIFICATE----- +MIIEdDCCBB6gAwIBAgIJANaOuOCRgiz5MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG +A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD +Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j +b20wHhcNMDUwNzEwMDIzMTU5WhcNMTUwNzA4MDIzMTU5WjCBxzELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM +aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT +IFRlc3QgVGhpcmQgTGV2ZWwgRFNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr +c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wgfAw +gagGByqGSM44BAEwgZwCQQDIMfw6P79Fcw0hrxYKq3ePh7wmevc95UjfF2JHQJBX +Jb9XFBa5LRy71lzh/OYMH4oh4giiFVRVBCW9HpZqOTNJAhUAlEOrmqjJG3tfjU49 +XjJuM3AXNskCQAUzwzmbp53bZ+bzDcOU6UGh3Ig/TFdLGXYevs3tiZaFLa//EYF+ +l5Tdsr3NQpGRRf4arXvXPZyIJhYYHJVk7OMDQwACQDonSDDJk3VaIfdVHPnOitRq +V5XPFfMDksNb0WelnZdl/qokl9eaU+8uiH7LtsU0QYX9lE8kTplcUdD0bxjDYJ2j +ggFTMIIBTzAMBgNVHRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl +bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUpVifKXAtGkJHRAParmenuvcp +ZT4wgfEGA1UdIwSB6TCB5oAU/uTsUyTwlZXHELXhRLVdOWVa436hgcKkgb8wgbwx +CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwg +U2VjdXJpdHkgTGlicmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMp +MR4wHAYDVQQLExVUZXN0IFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtz +ZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJANaO +uOCRgiz4MA0GCSqGSIb3DQEBBQUAA0EAJB9Kc4/Z0hTwiDYR5fXVPyzAjD+BeChR +F14ztWl1Ol6REWFRbIGfEz3XDgCHCiocM8ExXi7zn26R072cdBz7+w== +-----END CERTIFICATE----- diff --git a/tests/keys/dsakey.der b/tests/keys/dsakey.der Binary files differnew file mode 100644 index 00000000..a056304c --- /dev/null +++ b/tests/keys/dsakey.der diff --git a/tests/keys/dsakey.p12 b/tests/keys/dsakey.p12 Binary files differnew file mode 100644 index 00000000..2ca3659d --- /dev/null +++ b/tests/keys/dsakey.p12 diff --git a/tests/keys/dsakey.p8-der b/tests/keys/dsakey.p8-der Binary files differnew file mode 100644 index 00000000..2a00d2a2 --- /dev/null +++ b/tests/keys/dsakey.p8-der diff --git a/tests/keys/dsakey.p8-pem b/tests/keys/dsakey.p8-pem new file mode 100644 index 00000000..cd0e5ec2 --- /dev/null +++ b/tests/keys/dsakey.p8-pem @@ -0,0 +1,8 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHwMBsGCSqGSIb3DQEFAzAOBAgRtaP0qtejsQICCAAEgdBZeMkYVwHBSOuUj5p8 +hNEswZwOAT+yY063ziixN/rCwXJMvnmWRvHGXBoSJ2FNtXjhZrl8W3Vk7SZBCGyw +Brez9jVTm9iZr9UcTP/e3RZo4yzLBy9iE+qJg86mGkJw+HSHaGReHtq2NV+CcnC9 +jWiBGb9WHTy/NJNpK/ne7UOamVVPYLDAoRIdZvSo8bV3NDp0Oui7flRxV+OJBsti +NQZYJskY0O74jOjvvaBdih/NIWDHKED1EtnxuKrMSOQtq57zSwdVQ6nS1hedJzms +AzZ1 +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/keys/dsakey.pem b/tests/keys/dsakey.pem new file mode 100644 index 00000000..8fdd52a9 --- /dev/null +++ b/tests/keys/dsakey.pem @@ -0,0 +1,14 @@ +-----BEGIN DSA PARAMETERS----- +MIGcAkEAyDH8Oj+/RXMNIa8WCqt3j4e8Jnr3PeVI3xdiR0CQVyW/VxQWuS0cu9Zc +4fzmDB+KIeIIohVUVQQlvR6WajkzSQIVAJRDq5qoyRt7X41OPV4ybjNwFzbJAkAF +M8M5m6ed22fm8w3DlOlBodyIP0xXSxl2Hr7N7YmWhS2v/xGBfpeU3bK9zUKRkUX+ +Gq171z2ciCYWGByVZOzj +-----END DSA PARAMETERS----- +-----BEGIN DSA PRIVATE KEY----- +MIH3AgEAAkEAyDH8Oj+/RXMNIa8WCqt3j4e8Jnr3PeVI3xdiR0CQVyW/VxQWuS0c +u9Zc4fzmDB+KIeIIohVUVQQlvR6WajkzSQIVAJRDq5qoyRt7X41OPV4ybjNwFzbJ +AkAFM8M5m6ed22fm8w3DlOlBodyIP0xXSxl2Hr7N7YmWhS2v/xGBfpeU3bK9zUKR +kUX+Gq171z2ciCYWGByVZOzjAkA6J0gwyZN1WiH3VRz5zorUaleVzxXzA5LDW9Fn +pZ2XZf6qJJfXmlPvLoh+y7bFNEGF/ZRPJE6ZXFHQ9G8Yw2CdAhQDAKSQn+F+aV8C +BUJ9PVUDOVc8rw== +-----END DSA PRIVATE KEY----- diff --git a/tests/keys/expiredcert.der b/tests/keys/expiredcert.der Binary files differnew file mode 100644 index 00000000..aefc5ea0 --- /dev/null +++ b/tests/keys/expiredcert.der diff --git a/tests/keys/expiredcert.pem b/tests/keys/expiredcert.pem new file mode 100644 index 00000000..f5581ca2 --- /dev/null +++ b/tests/keys/expiredcert.pem @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d6:8e:b8:e0:91:82:2c:fb + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Second Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: Jul 10 03:51:56 2005 GMT + Not After : Jul 11 03:51:56 2005 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Expired RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:c9:52:65:60:40:40:66:30:bf:34:3e:f4:7c:cc: + 8c:06:93:20:e2:13:96:e8:11:64:78:a4:69:9a:19: + 43:87:6d:19:c5:42:4b:76:9a:df:b8:fd:07:98:b6: + 6e:c6:45:54:54:7b:a6:09:8a:05:28:bd:4d:6e:dc: + 34:03:88:e8:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + F9:FA:89:12:34:4A:3B:59:06:DF:2E:17:F2:C0:8F:B2:26:07:78:C9 + X509v3 Authority Key Identifier: + keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E + DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:D6:8E:B8:E0:91:82:2C:F8 + + Signature Algorithm: sha1WithRSAEncryption + 98:b4:e9:2f:8a:2a:8b:e5:63:ac:b2:12:61:8c:58:e4:57:c0: + a8:00:98:00:ea:48:6c:87:56:33:64:2d:8e:8c:c1:75:0c:45: + 55:22:b6:44:79:f6:cf:55:b6:81:6c:bb:37:c5:50:99:fa:e0: + 80:de:f7:2c:82:8e:5e:ea:15:e4 +-----BEGIN CERTIFICATE----- +MIID2zCCA4WgAwIBAgIJANaOuOCRgiz7MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG +A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD +Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j +b20wHhcNMDUwNzEwMDM1MTU2WhcNMDUwNzExMDM1MTU2WjCBwzELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM +aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxJTAjBgNVBAsT +HFRlc3QgRXhwaXJlZCBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkg +U2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqG +SIb3DQEBAQUAA0sAMEgCQQDJUmVgQEBmML80PvR8zIwGkyDiE5boEWR4pGmaGUOH +bRnFQkt2mt+4/QeYtm7GRVRUe6YJigUovU1u3DQDiOjzAgMBAAGjggFTMIIBTzAM +BgNVHRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD +ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU+fqJEjRKO1kG3y4X8sCPsiYHeMkwgfEGA1Ud +IwSB6TCB5oAU/uTsUyTwlZXHELXhRLVdOWVa436hgcKkgb8wgbwxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkg +TGlicmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMR4wHAYDVQQL +ExVUZXN0IFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4x +ITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJANaOuOCRgiz4MA0G +CSqGSIb3DQEBBQUAA0EAmLTpL4oqi+VjrLISYYxY5FfAqACYAOpIbIdWM2QtjozB +dQxFVSK2RHn2z1W2gWy7N8VQmfrggN73LIKOXuoV5A== +-----END CERTIFICATE----- diff --git a/tests/keys/expiredkey.der b/tests/keys/expiredkey.der Binary files differnew file mode 100644 index 00000000..316e41bd --- /dev/null +++ b/tests/keys/expiredkey.der diff --git a/tests/keys/expiredkey.p12 b/tests/keys/expiredkey.p12 Binary files differnew file mode 100644 index 00000000..4604e11b --- /dev/null +++ b/tests/keys/expiredkey.p12 diff --git a/tests/keys/expiredkey.pem b/tests/keys/expiredkey.pem new file mode 100644 index 00000000..13344549 --- /dev/null +++ b/tests/keys/expiredkey.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBAMlSZWBAQGYwvzQ+9HzMjAaTIOITlugRZHikaZoZQ4dtGcVCS3aa +37j9B5i2bsZFVFR7pgmKBSi9TW7cNAOI6PMCAwEAAQJALeTWr2Z2R9V9ARAI9Bo9 +IZKQwHjuweCVItt4J2Ty+///KhuEnHhYJC40sH4QrpufuATLXJCzUaFHNPIAAY2G +wQIhAPc3NqqCKzaTakzy9OZWW1d2ZZpiy6OMG1NBOGXrNq6bAiEA0Hm2HJpJ4l6P +FN6ZAVTnV+VXt98DvyFRSlU8XFMr6IkCIDn/Mwz3csnf9a1NxlSPZ+hx904r5Vhe +Ez8J6wBGGVMHAiAGtXP71ac9Bqf6FvO7jDzpojLBcwbO1saj6rxHiFGoaQIgFxuV +W/NisfilEN3POFcTeuWob3qf4CSl/3/bQH6tUFU= +-----END RSA PRIVATE KEY----- diff --git a/tests/keys/expiredreq.pem b/tests/keys/expiredreq.pem new file mode 100644 index 00000000..3fcfbd29 --- /dev/null +++ b/tests/keys/expiredreq.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBkzCCAT0CAQAwgdcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh +MRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy +YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxJTAjBgNVBAsTHFRl +c3QgRXhwaXJlZCBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2Fu +aW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3 +DQEBAQUAA0sAMEgCQQDJUmVgQEBmML80PvR8zIwGkyDiE5boEWR4pGmaGUOHbRnF +Qkt2mt+4/QeYtm7GRVRUe6YJigUovU1u3DQDiOjzAgMBAAGgADANBgkqhkiG9w0B +AQQFAANBAMQmO+O1QV1h3x/NcwY9v9xSp1xmhnbdTYQXl2jRa75epxxSKwT8rzj5 +zlopg6hyt8mBTiMlXfUGfUDzccdfYG0= +-----END CERTIFICATE REQUEST----- diff --git a/tests/keys/gost2001ca.der b/tests/keys/gost2001ca.der Binary files differnew file mode 100644 index 00000000..b48d01ab --- /dev/null +++ b/tests/keys/gost2001ca.der diff --git a/tests/keys/gost2001ca.pem b/tests/keys/gost2001ca.pem new file mode 100644 index 00000000..9bc47e1c --- /dev/null +++ b/tests/keys/gost2001ca.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICCzCCAbgCAQEwCgYGKoUDAgIDBQAwgY8xCzAJBgNVBAYTAlJVMQ8wDQYDVQQH +EwZNb3Njb3cxIzAhBgNVBAMTGkdPU1QyMDAxIENyeXB0b1BybyBUZXN0IENBMRIw +EAYDVQQKEwlDcnlwdG9jb20xEzARBgNVBAsTCk9wZW5TU0wgQ0ExITAfBgkqhkiG +9w0BCQEWEnZpdHVzQGNyeXB0b2NvbS5ydTAeFw0wNTA2MDMxNTA3MjhaFw0xNTA2 +MDMxNTA3MjhaMIGPMQswCQYDVQQGEwJSVTEPMA0GA1UEBxMGTW9zY293MSMwIQYD +VQQDExpHT1NUMjAwMSBDcnlwdG9Qcm8gVGVzdCBDQTESMBAGA1UEChMJQ3J5cHRv +Y29tMRMwEQYDVQQLEwpPcGVuU1NMIENBMSEwHwYJKoZIhvcNAQkBFhJ2aXR1c0Bj +cnlwdG9jb20ucnUwYzAcBgYqhQMCAhMwEgYHKoUDAgIjAQYHKoUDAgIeAQNDAARA +gLdWGphDAny4aHnGbd5sVUaIFLJ0W7bEHiP3TQikVe76L+l/yIBI4BU1YmyOCQnX +DROKczl5PBGHOPl5J3D7ZjAKBgYqhQMCAgMFAANBANS0ZNrxY7IH6UHHBGdAqkzq +yMqz7W2v44VaioXKhSHQlgl9x9pwC4t0oirghLKXgMERcE0HJ0zHWKO9g3pqLhc= +-----END CERTIFICATE----- diff --git a/tests/keys/hmackey.bin b/tests/keys/hmackey.bin new file mode 100644 index 00000000..536aca34 --- /dev/null +++ b/tests/keys/hmackey.bin @@ -0,0 +1 @@ +secret
\ No newline at end of file diff --git a/tests/keys/keys.xml b/tests/keys/keys.xml new file mode 100644 index 00000000..cead991a --- /dev/null +++ b/tests/keys/keys.xml @@ -0,0 +1,83 @@ +<?xml version="1.0"?> +<Keys xmlns="http://www.aleksey.com/xmlsec/2002"> +<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> +<KeyName>test-hmac-sha1</KeyName> +<KeyValue> +<HMACKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">c2VjcmV0</HMACKeyValue> +</KeyValue> +</KeyInfo> +<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> +<KeyName>test-dsa</KeyName> +<KeyValue> +<DSAKeyValue> +<P> +4jl6DkcmDDBt815kg/WbxW1gnLtqH+kdjqEeFDD9m6EqGqvVhFbbvNNQqAwuaiJU +nWlR8gG47GtHKFN6w8CM1qteIo3foK504otZFNsl1p3cInQpdRCp2e/lQ+E24J/H +/n4Ix9pBNV63JIiSIqa+GpDuBpW4o3rrBRxTjOwYpWk= +</P> +<Q> +9WQwByMPy0u1C8e2SeNQTvkG6tM= +</Q> +<G> +Rrg7e8pNLHMFK0pGW7xvzb7Kh6icJSsiBaX6aHqaQc9rSzzMJG3snBuQricNaUH5 +8ipucT+hdPRTo6g0ty5noyyBmqUvYHf9NuskQhPDmC3uTtqQTHeCEuX8XoH3YYlB +uE4nXvQRGZoyy+43ISe9aDnEAgIUVQXEayTVppRF24I= +</G> +<X xmlns="http://www.aleksey.com/xmlsec/2002"> +S3Gt9BE+wZb996U6h4nSNtYxEmE= +</X> +<Y> +WT0+1bR+bj65u5iDJ0MRc6/8iEAbvj7l5sAVn/H+SdZy94wW5mnSLCC5ufN33QPp +WNvgVk2igM+W51WlhFDgA8Xz9lRPk19jW8BXQpqv11MKoIBpaSAWvnhs/0AKubiT +XxJz7i78ZJy4hVTn99Rvt6Tc16/LICZfsqIJr+VK4Sg= +</Y> +</DSAKeyValue> +</KeyValue> +</KeyInfo> +<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> +<KeyName>test-rsa</KeyName> +<KeyValue> +<RSAKeyValue> +<Modulus> +0rGgazIyv0XjPXGGBwt1wvfCPO++VAlxW15LFinbxCeBkq/5jb/71gC7R2CJtUK4 +y/tIi7g89YBwQosJpgMMZt69fz51omEv/WobD0vUFcbRxek+Yi23ZHxhZMtO42Re +zfpwgC4ep0fXL+V105BUmjGFYACnUJdtMkG8ahH8/Zs= +</Modulus> +<Exponent> +Aw== +</Exponent> +<PrivateExponent xmlns="http://www.aleksey.com/xmlsec/2002"> +jHZq8iF3Ki6Xfkuur1z5LKUsKJ/UOAZLkj7cuXE9LW+rtx/7s9VSjqsnhOsGeNcl +3VIwXSV9+QBK1wdbxAIIQ16+yWXNY+21K94h4C6ssx44lqgODL25OXDsE92EZFu0 +1gApBhqOUxV1gUXDqMnHqSWbk7/1kwX6RzsioRu0UKs= +</PrivateExponent> +</RSAKeyValue> +</KeyValue> +</KeyInfo> +<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> +<KeyName>test-des</KeyName> +<KeyValue> +<DESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002"> +zBFljViy/Qhd8AG0vGxf+SekrJ1ttpIz +</DESKeyValue> +</KeyValue> +</KeyInfo> +<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> +<KeyName>test-aes128</KeyName> +<KeyValue> +<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">0Xfy3ES+Fbv/OfWuQHKvPA==</AESKeyValue> +</KeyValue> +</KeyInfo> +<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> +<KeyName>test-aes192</KeyName> +<KeyValue> +<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">lk9DyA07xL/m45fUb7zbLoy3c0hLhw80</AESKeyValue> +</KeyValue> +</KeyInfo> +<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> +<KeyName>test-aes256</KeyName> +<KeyValue> +<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">fpCPQLCMZCw9WipH8kk1J75CqYgWBhbJDMFPiUS0hzE=</AESKeyValue> +</KeyValue> +</KeyInfo> +</Keys> diff --git a/tests/keys/largersacert.der b/tests/keys/largersacert.der Binary files differnew file mode 100644 index 00000000..93464522 --- /dev/null +++ b/tests/keys/largersacert.der diff --git a/tests/keys/largersacert.pem b/tests/keys/largersacert.pem new file mode 100644 index 00000000..7c1a4e05 --- /dev/null +++ b/tests/keys/largersacert.pem @@ -0,0 +1,100 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d6:8e:b8:e0:91:82:2c:fc + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Second Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: Jul 11 02:50:11 2005 GMT + Not After : Jul 9 02:50:11 2015 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Large RSA Key, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (4096 bit) + Modulus (4096 bit): + 00:f3:61:f9:36:54:ae:5d:17:68:1b:18:28:24:72: + 4e:39:5d:bf:20:17:c8:7c:20:59:fb:a3:42:e4:2c: + b7:0d:6d:97:7e:e1:9b:ba:59:c3:e7:e8:64:ff:76: + 35:58:e0:90:fa:2b:13:92:5f:ba:b7:7f:54:25:6e: + ce:cd:1b:a3:78:92:34:31:7f:9d:dc:80:61:3c:72: + 69:6d:b8:35:a8:f8:1f:03:6c:e5:d7:41:53:24:84: + 8a:72:70:3c:e2:39:8b:ec:70:9d:d3:cf:2e:08:f6: + 05:80:af:36:8f:ed:8e:ef:df:50:33:94:58:15:8f: + 87:c4:b4:65:3d:a1:d1:23:00:6a:67:35:60:06:58: + bd:43:8a:86:52:29:f4:a1:e1:5f:7f:59:6e:ca:4a: + 78:16:9d:da:04:d9:61:d4:a3:ea:69:72:7f:1b:aa: + ff:c8:07:51:13:50:c1:3e:7d:9b:f7:70:dc:ba:5d: + 94:a9:2b:ac:ea:56:e0:3c:7f:5d:91:ef:bd:82:25: + f2:37:eb:2c:d9:ad:b7:dd:3e:bc:86:7a:af:89:8f: + f9:32:5e:9c:d0:41:0c:8c:b7:84:5e:29:e9:4f:fc: + b5:5c:f4:f9:82:32:b9:35:ed:84:0a:32:23:32:b5: + a4:b1:c8:c5:a0:16:b5:77:8d:21:8f:53:80:c4:a1: + a4:65:ee:af:0a:84:1d:34:30:e3:07:35:ce:16:8e: + 69:7b:b7:21:91:56:26:c2:d7:3f:79:0e:e0:b2:77: + a5:ca:60:88:15:30:8f:65:aa:8f:9d:9f:d0:50:3d: + 2a:9b:4f:61:ca:43:19:b9:69:58:1b:98:77:43:42: + 1e:08:7c:30:58:52:d4:b3:eb:d1:a2:9e:28:dd:1b: + 96:fd:f9:28:fd:76:d8:ec:91:21:d1:8d:42:4c:f5: + 05:70:2e:d2:bb:9a:c5:c8:e1:77:5d:4e:5f:c2:ab: + 9f:c0:75:51:11:6e:ea:6b:0e:d4:bc:93:de:a4:95: + e3:d2:52:57:ac:74:c5:a6:e5:a2:94:3f:d8:43:0e: + 42:8c:75:ad:0c:69:d1:a8:8e:e7:49:77:2b:38:af: + c9:ac:43:77:27:90:82:1d:62:e6:31:a0:1b:17:be: + 7e:63:2c:29:ec:1b:3d:4b:52:39:ec:7a:2a:fc:48: + 2f:bd:ce:d9:1f:21:02:fb:2c:6e:d9:40:14:c5:6a: + ce:20:bc:0c:e4:ae:87:35:d2:da:5f:db:95:50:f3: + e3:ed:2c:93:ad:42:5b:af:65:fe:f8:4b:0a:dc:60: + 7f:dd:48:38:88:d0:fc:a4:aa:fc:5f:07:97:cf:ae: + b7:43:3d:87:eb:be:51:e3:f1:8c:1f:63:43:29:24: + 8c:94:23 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 90:35:36:11:52:F9:00:65:FC:71:E7:73:B0:91:ED:0B:19:84:C6:28 + X509v3 Authority Key Identifier: + keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E + DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:D6:8E:B8:E0:91:82:2C:F8 + + Signature Algorithm: sha1WithRSAEncryption + 79:cd:41:fc:f0:66:13:f1:76:bd:22:51:dd:91:2f:7a:46:fd: + b0:ea:44:e6:73:5d:ac:00:2d:6e:0c:90:a5:e1:3b:f2:4c:75: + 79:12:08:eb:7f:fa:82:7d:e0:f7:76:db:63:6c:07:e9:65:0a: + 98:88:4e:b1:0f:d2:57:3d:df:4f +-----BEGIN CERTIFICATE----- +MIIFmTCCBUOgAwIBAgIJANaOuOCRgiz8MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG +A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD +Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j +b20wHhcNMDUwNzExMDI1MDExWhcNMTUwNzA5MDI1MDExWjCBuTELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM +aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxGzAZBgNVBAsT +ElRlc3QgTGFyZ2UgUlNBIEtleTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G +CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA82H5NlSuXRdoGxgoJHJOOV2/IBfIfCBZ+6NC5Cy3DW2X +fuGbulnD5+hk/3Y1WOCQ+isTkl+6t39UJW7OzRujeJI0MX+d3IBhPHJpbbg1qPgf +A2zl10FTJISKcnA84jmL7HCd088uCPYFgK82j+2O799QM5RYFY+HxLRlPaHRIwBq +ZzVgBli9Q4qGUin0oeFff1luykp4Fp3aBNlh1KPqaXJ/G6r/yAdRE1DBPn2b93Dc +ul2UqSus6lbgPH9dke+9giXyN+ss2a233T68hnqviY/5Ml6c0EEMjLeEXinpT/y1 +XPT5gjK5Ne2ECjIjMrWkscjFoBa1d40hj1OAxKGkZe6vCoQdNDDjBzXOFo5pe7ch +kVYmwtc/eQ7gsnelymCIFTCPZaqPnZ/QUD0qm09hykMZuWlYG5h3Q0IeCHwwWFLU +s+vRop4o3RuW/fko/XbY7JEh0Y1CTPUFcC7Su5rFyOF3XU5fwqufwHVREW7qaw7U +vJPepJXj0lJXrHTFpuWilD/YQw5CjHWtDGnRqI7nSXcrOK/JrEN3J5CCHWLmMaAb +F75+Yywp7Bs9S1I57Hoq/Egvvc7ZHyEC+yxu2UAUxWrOILwM5K6HNdLaX9uVUPPj +7SyTrUJbr2X++EsK3GB/3Ug4iND8pKr8XweXz663Qz2H675R4/GMH2NDKSSMlCMC +AwEAAaOCAVMwggFPMAwGA1UdEwQFMAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5T +U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSQNTYRUvkAZfxx53Ow +ke0LGYTGKDCB8QYDVR0jBIHpMIHmgBT+5OxTJPCVlccQteFEtV05ZVrjfqGBwqSB +vzCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoT +NFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3ht +bHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMN +QWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29t +ggkA1o644JGCLPgwDQYJKoZIhvcNAQEFBQADQQB5zUH88GYT8Xa9IlHdkS96Rv2w +6kTmc12sAC1uDJCl4TvyTHV5Egjrf/qCfeD3dttjbAfpZQqYiE6xD9JXPd9P +-----END CERTIFICATE----- diff --git a/tests/keys/largersakey-win.p12 b/tests/keys/largersakey-win.p12 Binary files differnew file mode 100644 index 00000000..af04b9e4 --- /dev/null +++ b/tests/keys/largersakey-win.p12 diff --git a/tests/keys/largersakey-winxp.p12 b/tests/keys/largersakey-winxp.p12 Binary files differnew file mode 100644 index 00000000..75746297 --- /dev/null +++ b/tests/keys/largersakey-winxp.p12 diff --git a/tests/keys/largersakey.der b/tests/keys/largersakey.der Binary files differnew file mode 100644 index 00000000..c76b59fa --- /dev/null +++ b/tests/keys/largersakey.der diff --git a/tests/keys/largersakey.p12 b/tests/keys/largersakey.p12 Binary files differnew file mode 100644 index 00000000..613fc7ce --- /dev/null +++ b/tests/keys/largersakey.p12 diff --git a/tests/keys/largersakey.p8-der b/tests/keys/largersakey.p8-der Binary files differnew file mode 100644 index 00000000..1c75f06b --- /dev/null +++ b/tests/keys/largersakey.p8-der diff --git a/tests/keys/largersakey.p8-pem b/tests/keys/largersakey.p8-pem new file mode 100644 index 00000000..7991d7ac --- /dev/null +++ b/tests/keys/largersakey.p8-pem @@ -0,0 +1,53 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJaTAbBgkqhkiG9w0BBQMwDgQII/X7tBz2lDgCAggABIIJSIFZASAVzO/ZwE3K +ldJI6KQ8KJSH2b8iP5VLqAYKn7GlrAOioT9XBBF1QgE5r8B9qAxp/if8fC7CF0Wo +iruZI1hJpBjuSFgNSgomHr2jXxPVX59YxmBkM3KQ5FC4gL70+LDqzhhozIaAyrbe +c+w94NjCq3cR9w3S6lnjpc/JZaTNz9Yb/Psl6PfCdEdnGpyxiGLpKZDCnVvBgPXU +7C9yJ9/GDUQynBl1xiEWR89jVpatZjOJgz8NJU3upE5SWVVYIThXGgrm6Xolyh3M +L9qZksyKQg1r48Bd9w9kxRUOhgJzQ5ovFDHoftRmc7RMxLvorsI7SYYbSTNAz2JF +q/H7yakrPD5TYMzt8ctFp6Jh9yq98pobyzLbugSxP1QrapfJe1LWQm4qKV6tZcqw +T/mHbS1+7a1EtCFi7l4rlTT/Xu2gGAdiroT+cfNWJlwo63kCaiVpYzmEhBJVJOtS +YVRTRjf8UofWhkEXNSrn07xeFS7bIzG5icdvjvRKaRwHhXgSyVIp9eFumX8oW0ZG +nrEVqc8mjzEP2tBkytgfPmEiOnBizX9Bg6RLjL8Kzfev3Sj/eeizrCRA4qPPlzRN +uF5hdi+yFakPQN6XKQd9PuCksY7w0Vb+x51baF96LYO82Q9pThYk8AUPMek1nB1w +BTWTphukTJfwmBzAZCKm1VrMjIFgN1gRK6jO/FYtveJ5yGNx9vi6Y3Bs1heOJdVn +Hjnq0rXWzDvHR8pzlDo85R/WNqjmkH9qQ/Tnsixm7J4IguXjE6znrC+4bcfJsWRc +01a+15WgSvATGYNAa0zgUgv7JGvHsxHu+OCYnpNQnxGVYpyK0p7Kzm/DEM7mr49Z +jHm+nuZ2n/sLVoyn5OI7JeCWuHWCdHWGz8P90jOdhdFadg2RPS0OdO9JAnL9mznD +AmnI35zq02FP3lHxE/4/deAhDYVUGQzVKnAsLaXoRVZ77O5UjUMuDZN6E59EAR3w +y32IXuoUphR3ID6tW3e4nCYWEmjExxNn1ZFU/ImIlIbYZp6ym+ulZhA4ZcFafBoA +kdpcULakqCEHFW2coSeB+NtQvU2DEw9T+Vnnl2WUD8Gb1Y1G1Z8iB1gNg2Zjn2rL +tY/ZBM4IQR2uXzyus6o/poF0qpPC37DI1YTlOBMyg1oOA2fc2l4wULx+u7jMtNEL +eG//swW4F8Od5j3Hs0kJpJ00O98dqcXpYy/UaGQNdWzIUIg8AjScMdt/aFg6vluR +JmS3mmZr5GY6GG0+n4xTzDCFDHwPO+dkx2z0qry8qWUUz5cL2Ym6KS+MGqKNz4vO +kScYfg51gikT+kT6xshO62alqZwsmZB3YCp/7dD9s2LcWFaKQvVFoi+EXum/sBBL +7/fbh30Cx1eSpYN/Jb1FRwlcg/e4lcpp4et8LL2oLCghPbBfw5qYnQLN/oA2LJnB +TTVGc0lA6ZSkI1UrqfDLQvBCrLKXhO2hp3KvRoJlLc1dXXyHh40c7/8Aw+BUqkrO +/sv52jTkwttPc9RnUhR1F9LVyMrOhYD9BlgZGqzMLzi58+WHigcgtfNColps6ATi +GaMmBfCl0VSw3u686RyXOjpTwGHVgwCp0hLuHbg8USBaqqnt4PpVG5zAU95KQ6t4 +Nr7CZBJQWlGotu2orgyV2JfcvNWtZjr5usbxnA5mSLEWI09rpnQRP+JGFGCQQr00 +6PAaWnyYCs4ZFYkWWkzuAVMSE0Xvbll2+bwnprA39AfPl/2UCBzwxS2bdbvDdLgX +wh+plYaRWnUhZwbK8XIH6Gc+zfAc6glJobkP3gV2hbNXo/1yHuuPrjz5AZ1J7B05 +hnN53NoUncnrCcNc79jkTzuprJ3UkIBc7ibUXjf3vdzfsbA+9GVxKWdY1jmNU3si +yDJlywhNaMf1LwJsnq1tn4B37NrZEjtTejnk9HkLYu89q1f+t45PkSrnuf1J75ej +jXCzRQGMVkLh+vB8mCYPbraMciOPaLBNM5mQpNCITZVJ6xq7JfRqnKYK1U9LhzB+ +4r19bvri2gBuXCBM71LN6UWRSLYCRbKWDs1OJKBB4T6BtMU4FwHUGspF9Ch5Cmqw +fRzJsVI+/sFlgxN7Y++qmH5hH7LoWsQAthGmhxdXjIXGek+hTYToTnS+vu4Eyz2/ +VzMS4oPAsBVlRWkzcfE6vA2tdPMt0+pmLoow+shuskrciFCJtQl6WiOA/ei+XoTG +Amzy5cILYqJ6BW+IxcoIp4OH3KdzJPz+AccQZkBPxkYbwkw7+6wLk+RXirwyXGaz +x+s+MSUloio2IGXi8nUdeaBbEt7X32H9TB2QXIOyVPaUSKCMcozzfxGLt+NEL/+C +tUjsVUvRsPw1qW7kT2cVsmJUclg+R/6dozkXlCrEa0Er/6TmD+n3BTehUBFwO/r3 +vOOKyNUfofAC2fI7koOP/W08WBnJdDqd6RrYdyD09nKzkXcmPfq9i6pCnLe4rwZc +YA8KDMBxBRho4DA0Av4JcbMlZu872xAdk7RJMcaugIOQ8uJshNK8+KpLmy9KDkDC +nZLTunTO97KmRUqrhYC9rqPqioYZG09uWWZWjpvexoOa9zZoIY1f601tLBEg/m/7 +4AO3L7TlPG1jZZgI0rbMb7er4AajAfNEwthwJ8K4GqWLi87GijppfAsComHfhPwg +AOOQtZ5kRztEeJXXEi6LGNvyhZF8v5zvHgk4jGoF+PMg2idL/V59VOPbuFtLFkMw +QtaZ50jcqDBLeBPWfmbgdo7bHx0fVlcAdQVvUerqm218fXCDaraOQLNekqjpFwib +A1/c4+UhcVqFrFldsZYSy/c9kH1LWt/7tbL50rLKNUkGPqlqeEsgbKlVFI+PvTNZ +iMJ03tZ2Z6OL5KgHr8iVZbvK4b/JQRLy2mhkuR3UB0bSSSDzYy+6Is0Ejs4V2nYv +TK0zBETlmPqTtyK9Gsj22kSgXuE9PIrG8dfN2y7mEYsva6p5e4t/afbZBMbnK8xy +8S/QXVuQ1GlBLZNeUqUyMkBwtUq213irEbj0dA1SlaZ3DEO9Y92JOkze+swNXGQf +F+V1/Md3R3OfgGKYz6CiKZzYpdRubpxdtHq3X9bs6ESLss91lHsdTRYw5Cli+AZc +0T6x10xq/vPerq3Z3uVgdF1GREnVoZ07nZAJJJZWnyZugvM1/w1ZFSYv8xqKjl/G +n6hCl1lFtfyHieoKYA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/keys/largersakey.pem b/tests/keys/largersakey.pem new file mode 100644 index 00000000..d25dbbd2 --- /dev/null +++ b/tests/keys/largersakey.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEA82H5NlSuXRdoGxgoJHJOOV2/IBfIfCBZ+6NC5Cy3DW2XfuGb +ulnD5+hk/3Y1WOCQ+isTkl+6t39UJW7OzRujeJI0MX+d3IBhPHJpbbg1qPgfA2zl +10FTJISKcnA84jmL7HCd088uCPYFgK82j+2O799QM5RYFY+HxLRlPaHRIwBqZzVg +Bli9Q4qGUin0oeFff1luykp4Fp3aBNlh1KPqaXJ/G6r/yAdRE1DBPn2b93Dcul2U +qSus6lbgPH9dke+9giXyN+ss2a233T68hnqviY/5Ml6c0EEMjLeEXinpT/y1XPT5 +gjK5Ne2ECjIjMrWkscjFoBa1d40hj1OAxKGkZe6vCoQdNDDjBzXOFo5pe7chkVYm +wtc/eQ7gsnelymCIFTCPZaqPnZ/QUD0qm09hykMZuWlYG5h3Q0IeCHwwWFLUs+vR +op4o3RuW/fko/XbY7JEh0Y1CTPUFcC7Su5rFyOF3XU5fwqufwHVREW7qaw7UvJPe +pJXj0lJXrHTFpuWilD/YQw5CjHWtDGnRqI7nSXcrOK/JrEN3J5CCHWLmMaAbF75+ +Yywp7Bs9S1I57Hoq/Egvvc7ZHyEC+yxu2UAUxWrOILwM5K6HNdLaX9uVUPPj7SyT +rUJbr2X++EsK3GB/3Ug4iND8pKr8XweXz663Qz2H675R4/GMH2NDKSSMlCMCAwEA +AQKCAgBHktNgJ+0TEVQbS7JabYcVlb0kKfpajoUH3I5KXeADQexgcuaCGe3j4FL7 +UX8EwR3BhDOAQ0i8t+Q+EeUdKnibd5uDxvzcoKB3z0mz641UQIuWTUsWT26s+ZFh +cCJngPbmNIQlivMFzZv2qRBJqVn0rt5+HKz+wjPyI/717gV73p5r9aVkmGooV6+C +sDXx+T5FTD6pnNbOB+Paszby+rVwByzcLSCFaaltHb2GrBfW38j5wZV7Xo2+aIgP +IoGY7kDz6kbeLPoGlfDRTqbQgXnn4YAuUOaa09Zl934k1vx2+mE3kg9iO5p+Anhn +KzFwszxY0CtWFfeNzeJFrQ/cQ5D9micMaTVB9zyizarkXGgHOoncuIVBVgV8i7gA +YxxcR2jsDhySoUXcIMFWxxMVR66dx+gK4FUB/GOX26NMcvj0FgjQkUWCoDKivUSi +9ClgH2/r8bFS+nNEoWuJ23LqUO2LtGDF1z2PXSs8SVUd2SPTHjlnJ6nSFbrtrfkw +GMUov/QizIn7GH0IGUJCU5RZq3VUs5SdJqr7Glz8yjnbFacTfSrXdbLjD7toFOE8 +tNOJrAKI7mBhH9LsnQ4E0RRjpX/6GozVO6xfeNFWKsx4ocZ0T7wRjSwb6Pi/lVf5 +9VZwXgI67MJA8Px6MIGUDkPOOo63n1/Zs4YY3Pl7qKAOGr898QKCAQEA/1B8O+qi +gXbTcXCAEkmQimhQDlrylBunucWTKPLNFLd1qiAwAlx9kDVHH0GV/lxqEKh9bm00 +6OOqHpEYwOoHFWfXr0hX4+FK86fI8SCZ8TPbMWYkx7567yAwl9p44mv3wHbwuVCs +EoyQS5EKCfcOL/pLF7OyDMMWaHNLx24C+g7LRpim/NyUPQjTxmRBX4rd+4qFBIKH +1Ksan+7rm/yzY3VZCtwLzqKQntsOPrdYO0vPYpq5lieIjSsz2v7uFa+QgHVaaupU +UYEK3tpEKfLS+iLNA1aEmmlVfkFc3qWeR7y8SFN9TedBVLGg6gwjZ1kf5Yo4Zfgf +FU/0XmuL0g/JmwKCAQEA9AlJKwUBtMEeauIY00gNCdQVN1oxsCrxa8knDMDWl9EO +KEpoA6ilepROszlxj7ejdFBxHqnI0h4U6yLimsDB+LOA8ULvIhTYOWV2FIA/zpfw +ej34dcnA4QiM7Cs63z6r84c3JS+EVL13zZoNBdmTzsLIEy47Sqv8XP1VzI24mZ+t +LU6LXX50kj4iibPrFgfYkA1zsfh/amY1hBXktAj4tvOMI9sugy3py1iPlpu+UX3W +7nbUzI66bZtDguLszQWkWfMwwkHABQcjO+e6fKKVe9P/KdCH3cXz3YTK3ZK9fIWJ +jISFymS8wd9o70iI9HT+0/d4TEd8lmOpq1VCq2XsGQKCAQA0Fvyx0MZE+bRcEaLf +mEi4JF4o/588XoQS39+NXDRBRMjp49VHtg0cLfKLyvrKQZqWOXoV3IwN890SjXHq +chTt5hjYNz9PS/jZy2Kw54Dg+D6BTqC0bAVy4jNn1/gP4g1TJDEq7e2dfzY1ZKsS +q2gmm79UX6I0/lyFBPjyAFz1Ha2VgrGXJ33LEhD7ChtYXeG6X2GSMPt7hUlSVhGV +6rHC2f9HuuthxkMRVgoK+6cxud7e9Ehm/Tvb6XOT+60hmYc23jqLU7HOSzCnlQqR +MGyhAhan1rAJPPJnZviGqG2pnzUe4IHRMhxfJjp5Ze6XOFTMpS2qiDv3Qi/OT8zg +F75/AoIBAARbThUYh8lEUVizJKJQ/PqZ8K8GSzDL83drJelSYAJh1xDdEzJNhnbD +wwvsEJzyOFbRQNO9UDqAEvuHqef9XPklqz2jZkWDfcC4kP0YtQrpJ3/nL1JbAbiC +wJFOzERECCnW1iMxz/j7UPI4t9bM5ZihXZUKFEDnBSBb3XZDaXJEqYDPkClhIo+h +0FgJAD9qcHFR7CjXON8baAUtpuGX72jEvFG/jfsFjND2icm0ihdGWdn0ASSNv8JJ +LVFe379hRGfesZYmOllcoUJmhqvG80g8pqeGc4aADDR+NGj0P7HDaIs7qm/MkJod +dPAgqWFD3XDHUDx8YjsFGHhYk1IgBbECggEBAOse/fI06KcoQ3ARHUV98UsTBf4C +eLydlAkdoyJkJ+dIqFmqRLmNzOolfzfEJkp+YO9fU6KU5+mF2PUxGcU6QhUOk2Lz +DF5ARFeZSNZ6UmrFdm3QGkBHE7u+iRBjHhrR80PjE0qYM7Vjqg9L1k4hr97ccrj9 +tNRSEqPtR7XA6QfAx3RBlJfQXAmwLeSuGC6Sh0Q55UYhHegN2IblFcYdoxYr68uD +pMpypdcgbClKBaxCIvcKvbPiziHsAU2VZnLmCOA66Csqv0Tw/IjUops5EegIJ6LT +29QsXgdv3E/Wb6yQF9vS0LRWBjEy3/FRwaxs6acqslfBT3QKQMSjDADTCKo= +-----END RSA PRIVATE KEY----- diff --git a/tests/keys/largersareq.pem b/tests/keys/largersareq.pem new file mode 100644 index 00000000..c8da3dc2 --- /dev/null +++ b/tests/keys/largersareq.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFEzCCAvsCAQAwgc0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh +MRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy +YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxGzAZBgNVBAsTElRl +c3QgTGFyZ2UgUlNBIEtleTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG +SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMIICIjANBgkqhkiG9w0BAQEFAAOC +Ag8AMIICCgKCAgEA82H5NlSuXRdoGxgoJHJOOV2/IBfIfCBZ+6NC5Cy3DW2XfuGb +ulnD5+hk/3Y1WOCQ+isTkl+6t39UJW7OzRujeJI0MX+d3IBhPHJpbbg1qPgfA2zl +10FTJISKcnA84jmL7HCd088uCPYFgK82j+2O799QM5RYFY+HxLRlPaHRIwBqZzVg +Bli9Q4qGUin0oeFff1luykp4Fp3aBNlh1KPqaXJ/G6r/yAdRE1DBPn2b93Dcul2U +qSus6lbgPH9dke+9giXyN+ss2a233T68hnqviY/5Ml6c0EEMjLeEXinpT/y1XPT5 +gjK5Ne2ECjIjMrWkscjFoBa1d40hj1OAxKGkZe6vCoQdNDDjBzXOFo5pe7chkVYm +wtc/eQ7gsnelymCIFTCPZaqPnZ/QUD0qm09hykMZuWlYG5h3Q0IeCHwwWFLUs+vR +op4o3RuW/fko/XbY7JEh0Y1CTPUFcC7Su5rFyOF3XU5fwqufwHVREW7qaw7UvJPe +pJXj0lJXrHTFpuWilD/YQw5CjHWtDGnRqI7nSXcrOK/JrEN3J5CCHWLmMaAbF75+ +Yywp7Bs9S1I57Hoq/Egvvc7ZHyEC+yxu2UAUxWrOILwM5K6HNdLaX9uVUPPj7SyT +rUJbr2X++EsK3GB/3Ug4iND8pKr8XweXz663Qz2H675R4/GMH2NDKSSMlCMCAwEA +AaAAMA0GCSqGSIb3DQEBBAUAA4ICAQDW+eyCOkDNCtpO8i8ThqBMA++0WmnY1T8Q +3tSFxgne8ZVz+/2fERcB7ZuPLH7+Uu37cdsaBP0Qq5jRqe0WiMlrOiV7sdFPDPnV +uuiOCbSrxSc1FfmuSmtx2XnKZHCGpyRmArASvlN15PG+e8t/rN3EeqlAMeDnHyng +ODoWXY8WxwNC6Ft8H/1duVhM0yP0lvLSKwgrUx3jU+m9gmWZADnQN5DZo32MJr/8 +KEJrjRYJQQ1oZZ34VNLCrZgutyH5y/A8dSZRpy99RA8PJ3trd1HWN2VMQesIhuKs +uS0rZLdFov0JbH1dGe1V3DM7Omt4jvhZQ4wje6JkIDKoguuZ8izX1iZ+hfNFSxUx +vREmTvoEMmOagAbg1OGfexbTMhQE5YcoNK8YdJj9xKIcD2Oj6TnWHX6p9JclAlIV +LFxnXDsXHIRb2weoPc942PXH3yavHRWaguYAhDHYxb3TSPm5JDHKr6i7YRKCueV/ +NB84mhAGd40SKUCFGoD6wSWhKWG1KrBUNY0X2Qp8M71ZfWN4SF0sjcwB2XQQp6yr +0mvxXSbMhtr4bSGKB5RECJRM16DaJ2VapTJ3Pr3S4+bZVkxUq6KCJZY7rQeyk7RP +6U7k0u5XKUOgEmH93DL7ac0FMy70hIyaAiG4k3jE4P6ewqBmsWaW3OtT3RWtBCNd +E8XvfdMyBg== +-----END CERTIFICATE REQUEST----- diff --git a/tests/keys/merlincert.pem b/tests/keys/merlincert.pem new file mode 100644 index 00000000..cff8e3ea --- /dev/null +++ b/tests/keys/merlincert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTDCCAwugAwIBAgIGAOxN334jMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx +DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll +cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB +MB4XDTAyMDIyODE3NTI1NFoXDTAzMDIyODE3NTI1NFowbjELMAkGA1UEBhMCSUUx +DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll +cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB +MIIBtzCCASsGByqGSM44BAEwggEeAoGBAIprqepZpIuKwJlLLSm/8XQUTFjbUPqQ +zfe2ZywPV95Sm5BB7WBco0N7gHLYFUie+YlUbisc+Am+Uc1ZtuRGipiqvK4n9TLQ +SIuo4wycZiHTWhChvc1U3/YIicdTfSNLd6IdXwFWQ0q8ysyRkNlrw3yHxR3STLQd +wtFShpi2Ue15AhUAxDve3j7sEnh4rIzM5gK+5/gxxFUCgYA0u6AB/ohknGjcEI6L +nKsYRXC2UTNdyed1eF3RPPfwKdApzhIS6mbg/I/lOYu8rrhMN84Puyej9bmgjUpl +2KZ9bZziv/rBo3NlK+Jww5aEthjrbU2fqeMFzxU3CjFanMJeEqbvRvz4Phhkyf95 +TkM3x2+FO/9s0rbUV8mqOnTfdQOBhQACgYEAhiDEE1r/AVBPgmBksGXqTRTHYhLq ++PE+lUD0zi8qUQTIsgIyjoWORG8HG9XoRl/4LxXVUP3hiJSE78MINC61m3ef6Ir1 +lbWo1lSUY9gi88Gy7TJMJrkpCwgzeNgUL5U/ZACwup8lM0D04Bi7lxZ7Vt4fqPMG +MoY2QUwG2H3SUTGjNjA0MA4GA1UdDwEB/wQEAwICBDAPBgNVHRMECDAGAQH/AgEA +MBEGA1UdDgQKBAiCOqKyJnVZWzAJBgcqhkjOOAQDAzAAMC0CFQCGiGcFnv0ZDYOb +M8Ebo7XQJrgn2QIUa0pkSOjcyp9B68ZDaxsMLIpuVwM= +-----END CERTIFICATE----- diff --git a/tests/keys/openssl.cnf b/tests/keys/openssl.cnf new file mode 100644 index 00000000..ecd8b887 --- /dev/null +++ b/tests/keys/openssl.cnf @@ -0,0 +1,316 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 3650 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = US +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = California + +localityName = Locality Name (eg, city) +localityName_default = Sunnyvale + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = XML Security Library (http://www.aleksey.com/xmlsec) + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 +commonName_default = Aleksey Sanin + +emailAddress = Email Address +emailAddress_max = 64 +emailAddress_default = xmlsec@aleksey.com + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:TRUE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/keys/rsacert.der b/tests/keys/rsacert.der Binary files differnew file mode 100644 index 00000000..a480d645 --- /dev/null +++ b/tests/keys/rsacert.der diff --git a/tests/keys/rsacert.pem b/tests/keys/rsacert.pem new file mode 100644 index 00000000..89c58f0a --- /dev/null +++ b/tests/keys/rsacert.pem @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + d6:8e:b8:e0:91:82:2c:fa + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Second Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: Jul 10 02:33:02 2005 GMT + Not After : Jul 8 02:33:02 2015 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (512 bit) + Modulus (512 bit): + 00:d3:d0:6d:0f:76:9e:56:de:83:54:39:24:d1:d2: + 3b:56:1e:cb:8e:a7:67:b1:89:96:d2:d6:c3:57:1c: + 4a:fa:7b:a6:7b:e6:7d:49:be:33:9d:b5:0a:91:69: + 7e:be:04:00:4d:d4:54:13:28:53:d8:ff:86:aa:b7: + 74:50:1c:d8:7d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + D7:F4:C6:46:77:CE:37:04:23:AD:29:54:FB:B0:0E:A4:CC:43:28:19 + X509v3 Authority Key Identifier: + keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E + DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:D6:8E:B8:E0:91:82:2C:F8 + + Signature Algorithm: sha1WithRSAEncryption + 47:e3:be:65:b0:8b:68:01:a5:8b:7b:6f:01:7a:a0:78:85:2e: + 82:21:e6:48:8b:00:fa:e5:38:50:1b:3d:99:4b:0e:aa:f9:f9: + e0:dc:af:57:1f:d2:99:2c:81:6e:df:54:4f:4d:cd:34:a6:c2: + 30:c5:b8:47:0f:a8:95:7a:d8:49 +-----BEGIN CERTIFICATE----- +MIID3zCCA4mgAwIBAgIJANaOuOCRgiz6MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG +A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD +Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j +b20wHhcNMDUwNzEwMDIzMzAyWhcNMTUwNzA4MDIzMzAyWjCBxzELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM +aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT +IFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr +c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wXDAN +BgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7LjqdnsYmW0tbD +VxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQABo4IBUzCC +AU8wDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0 +ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTMQygZMIHx +BgNVHSMEgekwgeaAFP7k7FMk8JWVxxC14US1XTllWuN+oYHCpIG/MIG8MQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG +A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh +bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs ++DANBgkqhkiG9w0BAQUFAANBAEfjvmWwi2gBpYt7bwF6oHiFLoIh5kiLAPrlOFAb +PZlLDqr5+eDcr1cf0pksgW7fVE9NzTSmwjDFuEcPqJV62Ek= +-----END CERTIFICATE----- diff --git a/tests/keys/rsakey-win.p12 b/tests/keys/rsakey-win.p12 Binary files differnew file mode 100644 index 00000000..e0281f7d --- /dev/null +++ b/tests/keys/rsakey-win.p12 diff --git a/tests/keys/rsakey-winxp.p12 b/tests/keys/rsakey-winxp.p12 Binary files differnew file mode 100644 index 00000000..3817a7e1 --- /dev/null +++ b/tests/keys/rsakey-winxp.p12 diff --git a/tests/keys/rsakey.der b/tests/keys/rsakey.der Binary files differnew file mode 100644 index 00000000..6a844dbd --- /dev/null +++ b/tests/keys/rsakey.der diff --git a/tests/keys/rsakey.p12 b/tests/keys/rsakey.p12 Binary files differnew file mode 100644 index 00000000..2c6be5ed --- /dev/null +++ b/tests/keys/rsakey.p12 diff --git a/tests/keys/rsakey.p8-der b/tests/keys/rsakey.p8-der Binary files differnew file mode 100644 index 00000000..fed75a6e --- /dev/null +++ b/tests/keys/rsakey.p8-der diff --git a/tests/keys/rsakey.p8-pem b/tests/keys/rsakey.p8-pem new file mode 100644 index 00000000..f31b10ff --- /dev/null +++ b/tests/keys/rsakey.p8-pem @@ -0,0 +1,11 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBgTAbBgkqhkiG9w0BBQMwDgQIEZ3kmUDSHvUCAggABIIBYPVfp9uKbSZ7fhvF +8g5KVcikiKq1cVPUTg+9579/peIQtowRFAosI+MIAB+eTAyLSCtl7SetsuD/oykW +nONRnjzKeuF2PgQj3AwtBVQtMD6z9hZoc+uTrp7t1J53SFhKpS2NCwzEb4VyE+Fy +NpD2g30ccYmWkwWNOd9Z1kACnxRtaoGa5jj2Tim/Xz+okDeAR+TWt5vAh6K34Tfm +ndmcWHbEEh7QTEXvzzgU0WMx1CA8hbMaRRBBoGbRecCLnQ0hBBeShP5cPkM6P0mY +5ZIRBk68duKgZLchL3z9Mzy+faRKqusNod37L88PGDSkqjMIEbyQP33TwH5zCg4x +Iu5H8TmPpWLefQi54XUH/xkdW0oX648hFflLDNrP9USeSVB0l4A+xEX2qL94Q6Ed +SGFFLk+Fvwo+oPYPCJvYceHCBeuKatRX8CdsPTnkalnWMM5og4re6SyH96EAGVcK +9Gr5OGI= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/keys/rsakey.pem b/tests/keys/rsakey.pem new file mode 100644 index 00000000..8ea653ff --- /dev/null +++ b/tests/keys/rsakey.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBANPQbQ92nlbeg1Q5JNHSO1Yey46nZ7GJltLWw1ccSvp7pnvmfUm+ +M521CpFpfr4EAE3UVBMoU9j/hqq3dFAc2H0CAwEAAQJBALFVCjmsAZyQ5jqZLO5N +qEfNuHZSSUol+xPBogFIOq3BWa269eNNcAK5or5g0XWWon7EPdyGT4qyDVH9KzXK +RLECIQDzm/Nj0epUGN51/rKJgRXWkXW/nfSCMO9fvQR6Ujoq3wIhAN6WeHK9vgWg +wBWqMdq5sR211+LlDH7rOUQ6rBpbsoQjAiEA7jzpfglgPPZFOOfo+oh/LuP6X3a+ +FER/FQXpRyb7M8kCIETUrwZ8WkiPPxbz/Fqw1W5kjw/g2I5e2uSYaCP2eyuVAiEA +mOI6RhRyMqgxQyy0plJVjG1s4fdu92AWYy9AwYeyd/8= +-----END RSA PRIVATE KEY----- |