From 31d8affc84ac72dd71ee1f2453a8974f0ebb6f87 Mon Sep 17 00:00:00 2001 From: Matt Broadstone Date: Sat, 31 Jan 2015 13:16:33 -0500 Subject: [PATCH] add support for ssl connections This adds preliminary support for SSL connections to a RabbitMQ server. Instead of providing two clients (QAmqpClient/QAmqpSslClient), the SSL support was directly rolled into QAmqpClient itself, providing signals/slots to deal with errors (sslErrors/ignoreSslErrors), and the ability to assign a QSslConfiguration. Travis testing for ssl support is currently disabled, pending a solution to a travis limitation for starting ssl listeners --- .travis.yml | 2 +- src/qamqpclient.cpp | 41 +++++++++++++-- src/qamqpclient.h | 9 ++++ src/qamqpclient_p.h | 32 +++--------- src/qamqpglobal.h | 15 +++--- tests/auto/qamqpclient/certs.qrc | 7 +++ tests/auto/qamqpclient/qamqpclient.pro | 1 + tests/auto/qamqpclient/tst_qamqpclient.cpp | 45 +++++++++++++++-- tests/files/certs/client/cert.pem | 18 +++++++ tests/files/certs/client/key.pem | 27 ++++++++++ tests/files/certs/client/keycert.p12 | Bin 0 -> 2349 bytes tests/files/certs/client/req.pem | 16 ++++++ tests/files/certs/server/cert.pem | 18 +++++++ tests/files/certs/server/key.pem | 27 ++++++++++ tests/files/certs/server/keycert.p12 | Bin 0 -> 2349 bytes tests/files/certs/server/req.pem | 16 ++++++ tests/files/certs/testca/cacert.cer | Bin 0 -> 714 bytes tests/files/certs/testca/cacert.pem | 17 +++++++ tests/files/certs/testca/certs/01.pem | 18 +++++++ tests/files/certs/testca/certs/02.pem | 18 +++++++ tests/files/certs/testca/index.txt | 2 + tests/files/certs/testca/index.txt.attr | 1 + tests/files/certs/testca/index.txt.attr.old | 1 + tests/files/certs/testca/index.txt.old | 1 + tests/files/certs/testca/openssl.cnf | 53 ++++++++++++++++++++ tests/files/certs/testca/private/cakey.pem | 28 +++++++++++ tests/files/certs/testca/serial | 1 + tests/files/certs/testca/serial.old | 1 + tests/files/travis/rabbitmq-setup.sh | 14 ++++++ tests/{ => files/travis}/test-deps.sh | 0 30 files changed, 386 insertions(+), 43 deletions(-) create mode 100644 tests/auto/qamqpclient/certs.qrc create mode 100644 tests/files/certs/client/cert.pem create mode 100644 tests/files/certs/client/key.pem create mode 100644 tests/files/certs/client/keycert.p12 create mode 100644 tests/files/certs/client/req.pem create mode 100644 tests/files/certs/server/cert.pem create mode 100644 tests/files/certs/server/key.pem create mode 100644 tests/files/certs/server/keycert.p12 create mode 100644 tests/files/certs/server/req.pem create mode 100644 tests/files/certs/testca/cacert.cer create mode 100644 tests/files/certs/testca/cacert.pem create mode 100644 tests/files/certs/testca/certs/01.pem create mode 100644 tests/files/certs/testca/certs/02.pem create mode 100644 tests/files/certs/testca/index.txt create mode 100644 tests/files/certs/testca/index.txt.attr create mode 100644 tests/files/certs/testca/index.txt.attr.old create mode 100644 tests/files/certs/testca/index.txt.old create mode 100644 tests/files/certs/testca/openssl.cnf create mode 100644 tests/files/certs/testca/private/cakey.pem create mode 100644 tests/files/certs/testca/serial create mode 100644 tests/files/certs/testca/serial.old create mode 100755 tests/files/travis/rabbitmq-setup.sh rename tests/{ => files/travis}/test-deps.sh (100%) diff --git a/.travis.yml b/.travis.yml index 353d4e4..ee641ec 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,7 +8,7 @@ services: before_install: - sudo pip install cpp-coveralls install: - - tests/test-deps.sh + - tests/files/travis/test-deps.sh script: - qmake -config gcov - make diff --git a/src/qamqpclient.cpp b/src/qamqpclient.cpp index 5b0e7e2..d6eedfe 100644 --- a/src/qamqpclient.cpp +++ b/src/qamqpclient.cpp @@ -1,7 +1,7 @@ #include -#include #include #include +#include #include #include "qamqpglobal.h" @@ -21,6 +21,7 @@ QAmqpClientPrivate::QAmqpClientPrivate(QAmqpClient *q) autoReconnect(false), timeout(0), connecting(false), + useSsl(false), socket(0), closed(false), connected(false), @@ -50,7 +51,7 @@ void QAmqpClientPrivate::init() void QAmqpClientPrivate::initSocket() { Q_Q(QAmqpClient); - socket = new QTcpSocket(q); + socket = new QSslSocket(q); QObject::connect(socket, SIGNAL(connected()), q, SLOT(_q_socketConnected())); QObject::connect(socket, SIGNAL(disconnected()), q, SLOT(_q_socketDisconnected())); QObject::connect(socket, SIGNAL(readyRead()), q, SLOT(_q_readyRead())); @@ -58,6 +59,8 @@ void QAmqpClientPrivate::initSocket() q, SLOT(_q_socketError(QAbstractSocket::SocketError))); QObject::connect(socket, SIGNAL(error(QAbstractSocket::SocketError)), q, SIGNAL(socketError(QAbstractSocket::SocketError))); + QObject::connect(socket, SIGNAL(sslErrors(QList)), + q, SIGNAL(sslErrors(QList))); } void QAmqpClientPrivate::setUsername(const QString &username) @@ -87,12 +90,13 @@ void QAmqpClientPrivate::parseConnectionString(const QString &uri) #endif if (connectionString.scheme() != AMQP_SCHEME && - connectionString.scheme() != AMQP_SSCHEME) { + connectionString.scheme() != AMQP_SSL_SCHEME) { qAmqpDebug() << Q_FUNC_INFO << "invalid scheme: " << connectionString.scheme(); return; } - port = connectionString.port(AMQP_PORT); + useSsl = (connectionString.scheme() == AMQP_SSL_SCHEME); + port = connectionString.port((useSsl ? AMQP_SSL_PORT : AMQP_PORT)); host = connectionString.host(); QString vhost = connectionString.path(); @@ -116,7 +120,11 @@ void QAmqpClientPrivate::_q_connect() _q_disconnect(); } - socket->connectToHost(host, port); + qAmqpDebug() << "connecting to host: " << host << ", port: " << port; + if (useSsl) + socket->connectToHostEncrypted(host, port); + else + socket->connectToHost(host, port); } void QAmqpClientPrivate::_q_disconnect() @@ -777,6 +785,29 @@ QString QAmqpClient::errorString() const return d->errorString; } +QSslConfiguration QAmqpClient::sslConfiguration() const +{ + Q_D(const QAmqpClient); + return d->sslConfiguration; +} + +void QAmqpClient::setSslConfiguration(const QSslConfiguration &config) +{ + Q_D(QAmqpClient); + d->sslConfiguration = config; + + if (!config.isNull()) { + d->useSsl = true; + d->port = AMQP_SSL_PORT; + } +} + +void QAmqpClient::ignoreSslErrors(const QList &errors) +{ + Q_D(QAmqpClient); + d->socket->ignoreSslErrors(errors); +} + void QAmqpClient::connectToHost(const QString &uri) { Q_D(QAmqpClient); diff --git a/src/qamqpclient.h b/src/qamqpclient.h index 2f5b019..51b15a2 100644 --- a/src/qamqpclient.h +++ b/src/qamqpclient.h @@ -4,6 +4,8 @@ #include #include #include +#include +#include #include "qamqpglobal.h" @@ -68,6 +70,9 @@ public: QAMQP::Error error() const; QString errorString() const; + QSslConfiguration sslConfiguration() const; + void setSslConfiguration(const QSslConfiguration &config); + // channels QAmqpExchange *createExchange(int channelNumber = -1); QAmqpExchange *createExchange(const QString &name, int channelNumber = -1); @@ -85,6 +90,10 @@ Q_SIGNALS: void disconnected(); void error(QAMQP::Error error); void socketError(QAbstractSocket::SocketError error); + void sslErrors(const QList &errors); + +public Q_SLOTS: + void ignoreSslErrors(const QList &errors); protected: QAmqpClient(QAmqpClientPrivate *dd, QObject *parent = 0); diff --git a/src/qamqpclient_p.h b/src/qamqpclient_p.h index b026e7a..55c0bf4 100644 --- a/src/qamqpclient_p.h +++ b/src/qamqpclient_p.h @@ -5,11 +5,8 @@ #include #include #include - -#ifndef QT_NO_SSL -# include -# include -#endif +#include +#include #include "qamqpglobal.h" #include "qamqpauthenticator.h" @@ -19,7 +16,7 @@ #define METHOD_ID_ENUM(name, id) name = id, name ## Ok class QTimer; -class QTcpSocket; +class QSslSocket; class QAmqpClient; class QAmqpQueue; class QAmqpExchange; @@ -85,8 +82,9 @@ public: bool autoReconnect; int timeout; bool connecting; - QTcpSocket *socket; + bool useSsl; + QSslSocket *socket; QHash > methodHandlersByChannel; QHash > contentHandlerByChannel; QHash > bodyHandlersByChannel; @@ -103,27 +101,11 @@ public: QAMQP::Error error; QString errorString; + QSslConfiguration sslConfiguration; + QAmqpClient * const q_ptr; Q_DECLARE_PUBLIC(QAmqpClient) }; -#ifndef QT_NO_SSL -class QAmqpSslClient; -class QAmqpSslClientPrivate : public QAmqpClientPrivate -{ -public: - QAmqpSslClientPrivate(QAmqpSslClient *q); - - virtual void initSocket(); - virtual void _q_connect(); - - // private slots - void _q_sslErrors(const QList &errors); - - QSslConfiguration sslConfiguration; - -}; -#endif - #endif // QAMQPCLIENT_P_H diff --git a/src/qamqpglobal.h b/src/qamqpglobal.h index 5c84877..0f1aaf9 100644 --- a/src/qamqpglobal.h +++ b/src/qamqpglobal.h @@ -3,13 +3,14 @@ #include -#define AMQP_SCHEME "amqp" -#define AMQP_SSCHEME "amqps" -#define AMQP_PORT 5672 -#define AMQP_HOST "localhost" -#define AMQP_VHOST "/" -#define AMQP_LOGIN "guest" -#define AMQP_PSWD "guest" +#define AMQP_SCHEME "amqp" +#define AMQP_SSL_SCHEME "amqps" +#define AMQP_PORT 5672 +#define AMQP_SSL_PORT 5671 +#define AMQP_HOST "localhost" +#define AMQP_VHOST "/" +#define AMQP_LOGIN "guest" +#define AMQP_PSWD "guest" #define AMQP_FRAME_MAX 131072 #define AMQP_FRAME_MIN_SIZE 4096 diff --git a/tests/auto/qamqpclient/certs.qrc b/tests/auto/qamqpclient/certs.qrc new file mode 100644 index 0000000..5d9568c --- /dev/null +++ b/tests/auto/qamqpclient/certs.qrc @@ -0,0 +1,7 @@ + + + ../../files/certs/testca/cacert.pem + ../../files/certs/client/cert.pem + ../../files/certs/client/key.pem + + diff --git a/tests/auto/qamqpclient/qamqpclient.pro b/tests/auto/qamqpclient/qamqpclient.pro index a911c35..3d4c9aa 100644 --- a/tests/auto/qamqpclient/qamqpclient.pro +++ b/tests/auto/qamqpclient/qamqpclient.pro @@ -4,3 +4,4 @@ include($${DEPTH}/tests/tests.pri) TARGET = tst_qamqpclient SOURCES = tst_qamqpclient.cpp +RESOURCES = certs.qrc diff --git a/tests/auto/qamqpclient/tst_qamqpclient.cpp b/tests/auto/qamqpclient/tst_qamqpclient.cpp index af32f99..ffcf8db 100644 --- a/tests/auto/qamqpclient/tst_qamqpclient.cpp +++ b/tests/auto/qamqpclient/tst_qamqpclient.cpp @@ -1,10 +1,11 @@ #include -#include "qamqptestcase.h" - #include -#include "qamqpclient.h" -#include "qamqpclient_p.h" +#include + +#include "qamqptestcase.h" #include "qamqpauthenticator.h" +#include "qamqpclient_p.h" +#include "qamqpclient.h" class tst_QAMQPClient : public TestCase { @@ -20,11 +21,34 @@ private Q_SLOTS: void validateUri_data(); void validateUri(); -private: +public Q_SLOTS: // temporarily disabled void autoReconnect(); + void sslConnect(); + +private: + QSslConfiguration createSslConfiguration(); }; +QSslConfiguration tst_QAMQPClient::createSslConfiguration() +{ + QList caCerts = + QSslCertificate::fromPath(QLatin1String(":/certs/ca-cert.pem")); + QList localCerts = + QSslCertificate::fromPath(QLatin1String(":/certs/client-cert.pem")); + QFile keyFile( QLatin1String(":/certs/client-key.pem")); + keyFile.open(QIODevice::ReadOnly); + QSslKey key(&keyFile, QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey); + keyFile.close(); + + QSslConfiguration sslConfiguration; + sslConfiguration.setCaCertificates(caCerts); + sslConfiguration.setLocalCertificate(localCerts.first()); + sslConfiguration.setPrivateKey(key); + sslConfiguration.setProtocol(QSsl::SecureProtocols); + return sslConfiguration; +} + void tst_QAMQPClient::connect() { QAmqpClient client; @@ -42,6 +66,17 @@ void tst_QAMQPClient::connect() QVERIFY(waitForSignal(&client, SIGNAL(disconnected()))); } +void tst_QAMQPClient::sslConnect() +{ + QAmqpClient client; + client.setSslConfiguration(createSslConfiguration()); + QObject::connect(&client, SIGNAL(sslErrors(QList)), + &client, SLOT(ignoreSslErrors(QList))); + + client.connectToHost(); + QVERIFY(waitForSignal(&client, SIGNAL(connected()))); +} + void tst_QAMQPClient::connectProperties() { QAmqpClient client; diff --git a/tests/files/certs/client/cert.pem b/tests/files/certs/client/cert.pem new file mode 100644 index 0000000..b074554 --- /dev/null +++ b/tests/files/certs/client/cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5zCCAc+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhNeVRl +c3RDQTAeFw0xNDA4MjcxOTI2MDVaFw0xNTA4MjcxOTI2MDVaMCoxFzAVBgNVBAMM +Dm1icm9hZHN0LWJ1aWxkMQ8wDQYDVQQKDAZjbGllbnQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDrzmzjgxNXxXX+fgfjB5Pt+YbO2uQR9PDADUyk+8Kw +/v1xjZBqKSHaBJLMv2nHlfGM8p92XQoepWKtG4z49UsT6MMppfUnZ/TO6LgUuJtw +FaVYdJmzK8SPvsQ331id9f4grgMTiff+i6hM2Bb9Jq83/jnglrBm8T4KHjPjJXQi +MN8d7ZkV2bo2vFQcO/KNTODntqINp5+OFPboyjDbMoMgUTqnXJBQsWwA9EVq2JYs +FYtA5xsqk0yG9DBgI5ClfxESQQo6lHKYeX2KIuHVO5awPpm+wZbIeR3l5QFqQrQZ +zfw7ANsA1RK4c85jb8K0vHxX1wV3kB+2kqpi4jxm/ucnAgMBAAGjLzAtMAkGA1Ud +EwQCMAAwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBBQUAA4IBAQAxoTOMViXAKveeYx7I0dve/Te3TXe6XTlF0iFNIMp0FB3X0OeA +Bjknf6SUxY4qYV9DsFBGtXg8irkbothVNQKrhSedb6n+OQGy5z24oJ+vWW5jCyf3 +TBoWRLnHY52j/4KElNpbEddacreYY6Ft5VYLZuyXy2G18xWjUnE5EG+QkizgAWzw +w9aTxS7qyGb7/FklJhH5OA8izi4JNbIrLEcUw4ECgYihtdLnZz/ANTp4kwz7qjaj +X7+8V3h7R59/HOHglCbjtkhBVuRyz5ljTfMbCava4Za2solujAo4tRxvmhioog0t +QplQjUP4QM5jfFlD/1HXY2SzYPG0FIiRj93L +-----END CERTIFICATE----- diff --git a/tests/files/certs/client/key.pem b/tests/files/certs/client/key.pem new file mode 100644 index 0000000..c5e2e26 --- /dev/null +++ b/tests/files/certs/client/key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA685s44MTV8V1/n4H4weT7fmGztrkEfTwwA1MpPvCsP79cY2Q +aikh2gSSzL9px5XxjPKfdl0KHqVirRuM+PVLE+jDKaX1J2f0zui4FLibcBWlWHSZ +syvEj77EN99YnfX+IK4DE4n3/ouoTNgW/SavN/454JawZvE+Ch4z4yV0IjDfHe2Z +Fdm6NrxUHDvyjUzg57aiDaefjhT26Mow2zKDIFE6p1yQULFsAPRFatiWLBWLQOcb +KpNMhvQwYCOQpX8REkEKOpRymHl9iiLh1TuWsD6ZvsGWyHkd5eUBakK0Gc38OwDb +ANUSuHPOY2/CtLx8V9cFd5AftpKqYuI8Zv7nJwIDAQABAoIBAQDj32PSqIQ0uZlB +CcHNXzFRM2VW2Ki1waI1taRveuu153Q8G7WHIaCY8vp56i/qs7ftoTkARQDWhLRK +3OjqXQDkiHaw9LNoFUm5+aKKQ6vSMNjMFkHBp3YYAx3TcH5Oh73BDufiJd4FmihV +uizdDlkdHwwHQRfPIyn01SMHStZjgkOqIOkKq1Me8uggiYpTh/2sbX931cwxJnSF +EvDOLTvLjJdj6aWjupUaMvMsZDHJdtTZxl/YPV/KO49EkaOz0Ijv4mD8a0FQ5QRa +ud1xITFlFXOeZNjH3n6/+4ypIJDkXddpfZUuetoZ3DPRZY5aalKW+SGy3zqLu8qh +0VGPRQ7BAoGBAP7xNXis1ErCybdI1wvo3XIcsq7YHsssD+2IFmNomdBF5e9QzAwU +Q63WD6qmcLCSzjSm4dYZNvFL9RLWUCIkC7nkpqt0bftDw//NTdyinJo/JNf4Lprx +uji5njju+FuU83Whu3QoBXFTv7Ql09bX/6EgCfx1cWrJEHC6L3oGE3SpAoGBAOzI +5BfC+5TTbqWbjoH8ycdpjbEvyhpRKT920spa2j0kNjduryJHtq1AemLsR9NOH67h +cO5YHD9ClRMXxI4ogVbzOGqVAy3LdYXCJIV8GO/WTjjDINoPNb2+VfaHCkboS+8y +d1HwwcFbK7p3dJFNF3ppDVXsTfZZzDAQfFqa6A9PAoGAPzmYtjW+bFAEcJT65/Q3 +Pv6I/b2RXXeu94yBaOPfCXzcOk6CXBiGdE0bE4o1dkTiKMKeTVdxfcQFokdOFjl0 +QwTGpMy6Hc8/g2fqAGa/ia1RONJO1JRQR5MY/yucojG9cxXKBFOMjf9kEowzDhwB +RHdKoraJix8UGbDC53MsTgkCgYBepze23/Td219ByFtBTyICGwnPKMFrn8ITYpaE +2aigBFe/9PkBhRVbUIkb/kQADhzQNcKFJKe2ChG5niiugzag4X1N7d9lcQ27uI4M +5jy5szt1qVr6kFX1UZ7fe7/59GZWaiAUm194wc9LLPFmHCEkh9YS4PGRZvgexphP +R9k4NQKBgQDXYokjEt6jl67724/J8gP09oTAxZCBSweZkTHErUg8NdsUJWqBGLP9 +zFg1pOfAV9gy/qKm01SdG81lWcf8sDLa3QjB4WOW6x99DH2mQ7y69tStn8B3mAVB +o8Ddf50gjv54oSqFPrF1DAbBXWOEWfeLM44zyaBR9t28bNBJM4CEiQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/files/certs/client/keycert.p12 b/tests/files/certs/client/keycert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..a4e8643d623ef01e1f526b491d59bda6837327db GIT binary patch literal 2349 zcmV+|3DWj3f(a=C0Ru3C2=4|7Duzgg_YDCD0ic2i-~@sQ+%SR&*f4?vj|K@UhDe6@ z4FLxRpn?N{FoFYo0s#Opf&+C12`Yw2hW8Bt2LUh~1_~;MNQU%{^1jQA`qPGGbj z1L-W&g&gP>B)yF;=pO{~rh};Pm5|+uae|-C7iF4-M^+c2_UgC$`9L`{ME5Mx#PAOF zc*ibKH7Z_7RbczHR!5T+9R!gr${Az@2(Er(?^M7HekUaIev~)%{6q55e$09m#0h7A4oul%$>GtVVjJaqFPb&qH> z@@4gh2`csYhsIb~b53>yvC+=b3(t9UTK9~Jm_$6FBxCyyYwogEGxYz*f)cJl&s)y(szGgCW|1+h1oS+g% z#!N`Wh@O(CG4?JfERSt>S{Hd*7^*Tft~Jh!{Q3gEGBaEfg{LjxlescES6Yoi>B)nm zS?cG%RwIPok4k)n)2P}lHT+d)2+O>~n%3l9-~I_cQXg!oH7DBnSInfJr8c#Gc%8`U`xI>Lj%>n+ zkty-8u35$SaUuwKT)g(2{w8NDoP>7eK4{#TS0a6Vj!9~a4}8v}ZQ%2t`~B&*8Uqv$5WY=y(x z@LEtGo74!aV7V#=n`(tr**vE#9p|_MuD=5R|5gWkl`6|d*#ZpXuAk+fQ>&&W^B;u9 zfuavu<^b}B*rSi0OQ$M1?VL%9F6q!FZRkzoGcZkV*irKv(+ela{|GBeBmJ2w?a+1J z{A{r>D#H=SbLv0^o$88Y@26&MeU8|g+m9ww3Q^!cGmFtFXXX&2ka+D|7C0>#mQw4_ z(!S48ZiQ5H?ck;-^l}Qk7UNN6FoFd^1_>&LNQUUo%$G&$>8Ou5_p^tMIz2D zDEDOWl;nm`tfg-G*Iof6e~s>~f~D^jq!18QceP)oY#F^mJ`lV4v@d40gx~mNn2Cj- z@h0Y&bYF3fT_cwBy9(iiu)@CWsCc%$rO)hN+Zk732E2yeJs>~OOy5ciO`IpDRso30 zDmJ^q%&c!@BHh!pK-zN9agvjp7KGwqx9YU)=l6r&FIKzRw^-DAz=l9ApNh z8Oy{IgJm4wJc$14Gc+;^QURMaP zxTZ9rugE)s@DvGz{z}6)R$}B?Mj#m3pg`mBq)UfHqzIjXA45sfZ2M1Z6pXiiNiGJ> z2B*DfzbJl%_7EMlYp748c*|dvt zXb!_RsvM3~_+=hus%XgPH4**3#_*eEo4%E9S&oAatz?Q5y?I86MPYs)oMIqHG9 zy4$EdLeAM8!Wa85#oU8H)RUh6;|^%@1}r?Vj%GK+t9u+p2;2aqIG_Qj@z zG#%lr8|qs$arFv>z?V88`Z?woc|f+smo23h}@nh*nM`rAHZJe>2G*45mWd4dQwkh;W{7G z8}8AoDrM9%6URk@y>_Pr5pWd(e2UrtuF+{f8-b9PKVEiSLfz|swj=?|$F4ZPprU|J zI%!xL2mNiU;|nq8@gLdfH42lkwG2*U!8MIRaY8q>q&AP5AG)jy<Pzsto!V57br8{?xJqR>6~Sdr>axoNzveUyY@0OIVV%pq+U54 zA+nxD27NLUG_XL*)$5-=HD6v}0%*eHJ*to^{mMYIDu80yaJiqf#lm=`@MXCfuYzj9 zu*J2W5d7^!_xjGkHHv|QnOk|+%xb(`R}UG3sl;Bm7eLQO@fKuE`UlaKnU*v0+Ff$F=9RO>ueNFFzXP^ z&nBD+!g{1dLYxqIQ5-AIrA_?UXJiL!_OaBc%Dn97(nMcDXExs1QM~*2+)%Kxt#9C> z%G*lJphtnEn*VH=_!;@>3cz=;*&ka9HAZunGIwJmz+DvOK$sdE<0{f16V8IYu_{3> zbstlh3K@I(|2*uh^Ye|a>J5U!h;txbvf`NsLMbsNFe3&DDuzgg_YDCF6)_eB6mceH z=ro88GX{)#DNXH5e2+raDKIfGAutIB1uG5%0vZJX1QZhqWGdD|?r-~oeWi%f7k;9w Tb*}^ngp_br|I#Q`0s;sCu8d=2 literal 0 HcmV?d00001 diff --git a/tests/files/certs/client/req.pem b/tests/files/certs/client/req.pem new file mode 100644 index 0000000..38d7472 --- /dev/null +++ b/tests/files/certs/client/req.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICbzCCAVcCAQAwKjEXMBUGA1UEAwwObWJyb2Fkc3QtYnVpbGQxDzANBgNVBAoM +BmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOvObOODE1fF +df5+B+MHk+35hs7a5BH08MANTKT7wrD+/XGNkGopIdoEksy/aceV8Yzyn3ZdCh6l +Yq0bjPj1SxPowyml9Sdn9M7ouBS4m3AVpVh0mbMrxI++xDffWJ31/iCuAxOJ9/6L +qEzYFv0mrzf+OeCWsGbxPgoeM+MldCIw3x3tmRXZuja8VBw78o1M4Oe2og2nn44U +9ujKMNsygyBROqdckFCxbAD0RWrYliwVi0DnGyqTTIb0MGAjkKV/ERJBCjqUcph5 +fYoi4dU7lrA+mb7Blsh5HeXlAWpCtBnN/DsA2wDVErhzzmNvwrS8fFfXBXeQH7aS +qmLiPGb+5ycCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAyDAY1l3GDSkLXOKId +GM0sB0Ve7tT64IsqFacp29wV15fgJH1368VOMwxiXRQVSvGQGWog0JzuX0qH12ZZ ++6zQnGhumuKtoqfwlPBFNtvFRFxQ61Dzk6RZaO5fC7ZW+cLrfcEjTh9X3ts2POwP +/iuFdr+r+422YDOmHY3gNKBYKg8MtaDUNSLSiwNEQ/CPNs3FsyObHutiMPgIKwqt +vZ2hkvvMWcYPf2dtPTS3AfMPWVP+zR4eDfeiKYoxCyYZHsvQEyYqP5P5U1elqia1 +gR9WUuC6Li+7wju6ksFrrLKGPNDXvfOm3Ecqfc5JPgU+U4bJLFRT1CFEOuYRnViK +V/jK +-----END CERTIFICATE REQUEST----- diff --git a/tests/files/certs/server/cert.pem b/tests/files/certs/server/cert.pem new file mode 100644 index 0000000..8bbd244 --- /dev/null +++ b/tests/files/certs/server/cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5zCCAc+gAwIBAgIBATANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhNeVRl +c3RDQTAeFw0xNDA4MjcxOTI0MjNaFw0xNTA4MjcxOTI0MjNaMCoxFzAVBgNVBAMM +Dm1icm9hZHN0LWJ1aWxkMQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDDV2SFR4wdqcGTJjXoxufcRcg1QPBrsglR2rvQL40i +oF9U9QAASwtn5c1+A5pkEdOb6xOrND/qiCW1jQgBKzi9qMnL9+61Z/Xykq5Op4qj +oqf1l6DV5nyHo9DOmqMKlBUGFR1PvwRcxmtl76+ekLxRP3Z38YbJHj1FT2H/9Dno +ThoImcxiSeMI1T7yBfv5SZ4TVheRIabkRcwT5FrU3P6TkVJq2PBjH4n6cNlLAMka +Ias4Jnxip4Xg/kk9JXlfce45EAMlgEpp/6zSYQqvpESo/2elElP39sFBPvv7HNIh +si7AKzIsFlEpsUFlcBkC1SD9jxV2xVbXZssCiX3ZM5F1AgMBAAGjLzAtMAkGA1Ud +EwQCMAAwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3 +DQEBBQUAA4IBAQCHXuSqK4vEDNIqZxMQiFqB4zwkz5KG3uZrbhqfHaqxxjinwlNJ +Sky9lAx2QN/sRDuk8M+8HZxRMsASIPzELMjjj19CduadkLFV4cj+0nP2m6K1li8y +RyGQpEwQi5MG2o+iQt3Ygw07KQJYhOXaifjEFJ8Q1U00KO+e9H7iLF8GrhLzmOv3 +usLPIvE8dnNu+EkrC57c48g9vkzR+BWl4TA1TcJBy9r219Z4jGrIysPWJUPwhKJj +tf9Uk9oHbMkuv5Qc+NhCumkB82phIt5WxeL1mKgwKVxiZJ+4DysfD7cgni8jhq86 +KZgEOMel6CekBa7ToLzUdvjU0SjT2DBBK6YD +-----END CERTIFICATE----- diff --git a/tests/files/certs/server/key.pem b/tests/files/certs/server/key.pem new file mode 100644 index 0000000..0d859d1 --- /dev/null +++ b/tests/files/certs/server/key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAw1dkhUeMHanBkyY16Mbn3EXINUDwa7IJUdq70C+NIqBfVPUA +AEsLZ+XNfgOaZBHTm+sTqzQ/6ogltY0IASs4vajJy/futWf18pKuTqeKo6Kn9Zeg +1eZ8h6PQzpqjCpQVBhUdT78EXMZrZe+vnpC8UT92d/GGyR49RU9h//Q56E4aCJnM +YknjCNU+8gX7+UmeE1YXkSGm5EXME+Ra1Nz+k5FSatjwYx+J+nDZSwDJGiGrOCZ8 +YqeF4P5JPSV5X3HuORADJYBKaf+s0mEKr6REqP9npRJT9/bBQT77+xzSIbIuwCsy +LBZRKbFBZXAZAtUg/Y8VdsVW12bLAol92TORdQIDAQABAoIBAFKRwEWuBoYLWW2P +uz3Xxe4P+R65gmajbNkSsky/rNK0I1fP794v2nRiaMgZUct21ZGUfk3h2hqSzg29 +vWJxGJzimdoDxP0dIpMUeWV54FpmyMRBAZUoxf63ue164+v2yCQ4DJnGzltA6+i8 +tek6mL9nKfZtO2ILzC5d7bi5TTjp/SXUiKG3VAFSxgxoBC9PGlL7BNFbm9JXSket +LVIWNj781pqBMEHvj9aLVG0uKpkY5jRjShHQ1a1v3l/WSDBsoVaG8xzvZSE5wd7s +Fjzk53siyzapOBhTCJc8NFoA88SfYYQfxCVrhIxpDhH6rYBMi/j99DTlj+Goi6eo +7aqEkwECgYEA7YwtwqGtPbakc5Y6shmLyniDah8xaVfrK4duGBvuoZCMek+ee2DN +WaeUKcSBBL0wWGVxnTm5MHleeadc92vF8eI/T7LKDnqPGfg9I9nteI43wCuRqKbz +YDseZnngBWFM6QnhYJrL1mH66zTAolaW8e+4U0ZsNO/Wk3RP8FrZDFUCgYEA0oPp +DIW+6i43dC9AOKxPv6lWdYOHnnh050WftR3sYfQ5FEqLln0jbio1WvaukQtPeruz +WhhAYbrkSjy1286NMjkhO3FbofiUkTgpI9YSubIchbGcem9G58IfhA41mAGzrGer +t65ip6f2jwOZkRM+t5/65iqQuGoCIWlnBpO3kKECgYB6mX6ElSz0TO9TOJXSlZyw +QsKQYsj9tYKKVLtddg0TFadq+OyygKN7QiIV7HUqHPp2pOSeYMxTWFCKOPaiO91N +mZdTatMd5eM1ZAkqF6+YKM5dQB9NC91QLTLjcMNOA4nOPGs1kK7jVm5KNk+1eTsu +YqqfUBlIuP/l2oHnavvagQKBgFPIYiE0vbXwLOvVvmaP1bF/EMT2Uyxz3nsJD7YC +sciObYUw4ftD1K0MqW2JjhJ2AOzk9U2fJ0h+HEube/l+bF2XtS02QXTmPSLKyjzT +/2HejFF9TbzAuuSUMvzYtuXHj53HKOWSxvrY810Z3q2JjkWAq1edizmKH0zy6SkJ +813hAoGAIGMMqi8HsqsvgTQebYohwkRBG+G+JPVF6rPD/+WfglnIoo4sNWNBnh6Z +e/+TkLsZR0QVnbQtStabroxxCkBkjzoDgu2Ff2mKhcFMsuNwWm/2hWHD8VLMomWi +7BK4OjVcBxOoQelmBEuwIaCiuADZBFgGEbV5yBdv8yD+ewUP/Z0= +-----END RSA PRIVATE KEY----- diff --git a/tests/files/certs/server/keycert.p12 b/tests/files/certs/server/keycert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d7477e712196787d1fd94439704d8edd2255ff73 GIT binary patch literal 2349 zcmV+|3DWj3f(a=C0Ru3C2=4|7Duzgg_YDCD0ic2i-~@sQ+%SR&*f4?vj|K@UhDe6@ z4FLxRpn?N{FoFYo0s#Opf&+C12`Yw2hW8Bt2LUh~1_~;MNQUC$|k2kmpcIwt~E&?A<{VkU#CQwm4Ci`JOMAhBkgb0BN$ zgtWshw9CfMwYs|3&|ScehIyV?&J7*r7GmS+e|*l z{y{SCp}XcDgB0i!P3H*{z}(T%BK?PRW}<{Tr}I-8{xvrt$6a0ZOE%3-+YL|!ffI_0 z;6{9T5p< z_C=El58}x96EEp<8rDrnKr(wC%O3Y3OsQhcT`o;K)(&XXm|`e%q96c=z@pGvGeBC{ zC17&ND{??=$GEPD^i*!7|JGSCAdGnXY~e(mV?0Xl43h$7J`e$vE8o8eccQz{X6d}$ zh&AaTihI@!s{+#cY?Y!?Tml6Z_NSLwKdC{>DQCe~bspyY_Bi~EaE0BdzjuNX$*M?z`j{2heS6Kmr&jYbuqBuSAq{|)7&Yj(2ci>!2vUzlmCO#${u5u_E;4C z1qt_;J?rQK3|^i5PKa1!quXHeLM9KLIlIgUT+J5ERNP5PT*M<*oWL`8otoY}YV-3X& zlKNC?k(vZL5ra6YMj=o(p}9-J$pFSs-Ktk(b>`x!04#Nw!eqjYC_n)AddFSEfTH9{XSe?E80` zQj!l4LJ=&*@9jWl(8kR5Z+wOeC*R(Ol952j&_$9S$+))g!##vu=`5_!6#b+b@~_VL z{QZeV@`3RXz%MV#(@10-bY&PdFoFd^1_>&LNQU8MQsJ-h@b!Aoa_J2#zwAUqyq8)WD-gGhin~YL3Z!*?QoX(FC z>x)f;kYj+P^5?yBxBlN|tLk?X5UkxDGS3h=2oSrfk|pFlCtLJL{1U}3doh}rOg?)5 zvW?oP#x2CZL##zU&fW)6U%1WX0=t^ zv+2VHnZC5v{#V*246ClL&`mL*a5q5rsa8L)%KJ4X07Hwk*2$X3qlYL3P_HOajTy~C z3eMxK-lByO`lE&}PJeJ3{5=Ko;^8PtMe$j14Dq%^=f<~wS>CB0;UHxzG>OnMYFQ77 z!V6WN#|5cz6H7<6fGZlt_YjHf8%d5lZ_!5VH-FDWgZ)&SmqccZMD3W~Ehf}^hn?uG zQj5EU(yp@(^$x%v`Lgqk{)G=(7;CV>_$72CDlx6_HJ@sAP1?(d%ZZR1nRQLiF&>>H zy0WA5_-)ACz59Y7v=vT#;J!xQ!D9qiXHuY5?e~pU=%g;JQ(NH6&JP>lfJDKkLKUD0 zs?{9M*HYIATMfeHLJkn%oVa^r!e^Qtfl8*oW)+>kLg>0i3Ss#?n%Y-wH53?Nv*Ytc zM1?Zq+@O6P0V|Gpe#wGVEYXXQ-8d$Bxp!#k_aJJ@I2LT9&2wLB^pelV#6Ha{JV+xQzse)%foFC=Gs;(9pUjM-;ApR z`+|ytpYD$7z~6XK{7D)`WC!snIUnid7s~N28%2Q7j=SnT=CYDd!b2zyS!7RecjBQGL!d2`uT_S=g=7( zctR*fF}YnFlLM{997!=ko3%`#FY^z^obp2Gc$(tGY^AHJf#sElf z;m{D?2G$;jJ7(?t>B^O4cA}eNeM(GJy*WN$_#o}J@_5^_zu}vtxMnOmbNCrm5p#JAe*loC7xoaCzv#SW8%zd9YCjupg zlC6b&Z7n6nbE(p+)ePhytsEoWEpe3urBM@nWJZ5S&`a7bjWN8b4Z@nQP)FA>MX77N z>$tTnUK?BRV2R@yC+Mh8cFe3&DDuzgg_YDCF6)_eB6o{@g zLLYQiR4{p4Qm)D78SG~9{aj|P^VpKvloRO7*xrvdV0q6)W zrY1&4hW-96iKmJl`DDs8{@Udm!xeV>;^~Y77Qt=r<|jP3B_C?GMed_W&n4jlU$qk% zZdq*UdLbRO?X+p8`6S+-65rVuPY=F%IWysW!n||E>!arXekk+D$lRJG=X*r(s=`mX zFKj0F|4|VB=^1P47I#Y7>B6Db9u}J`(`K-qJ|B6yKSAb-oZjh~q8kLJPZFK8yV2%| z+x%Ba3}03sy>hg%p^`UuZu7clI%NSC?f2>)`>5Yq@MQLtgc-g)CnBzXY*Rk;cg>SL zn_n}2FW#E)zy3l>^a`m`8;N-eBB6ecELj>)wL_v#O5R=+T9ajSR3Hv#|Z{Dis@_V*X2 zeU5qEpK86tHVZ%uL9bYm)_VNuya0pxRklcnQrSx zKI?AZdE)kKT1d!|G;5P3Di6NeHHSBEoUnXi(uTvo12%ne+3jbvYr|oMHB%1Ned5nl zd$7u6qTB)zo%Ww;f)jWnO=kFf@yKQ1DXJ)Zk?=-PcJm%9VV%tuo>kKX3*UrK`0{d| VY0c6Tyc#;5Q`67xn;9*A7XaT1DjWa+ literal 0 HcmV?d00001 diff --git a/tests/files/certs/testca/cacert.pem b/tests/files/certs/testca/cacert.pem new file mode 100644 index 0000000..090055e --- /dev/null +++ b/tests/files/certs/testca/cacert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxjCCAa6gAwIBAgIJAOZK1btq1p0yMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV +BAMTCE15VGVzdENBMB4XDTE0MDgyNzE5MjI0MloXDTE1MDgyNzE5MjI0MlowEzER +MA8GA1UEAxMITXlUZXN0Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQC/T4RhynLiTGkcgfq6TVwKVtvRy2jAOFOG7p9g4NofVTa0HvEUjNITwPUrYQDa +OLSK6BtStss1aTeSDfkY9wejl1PZ02lgz2CeznOvWp/74Rz8Mjc7BGz3WFOqcfJt +6DyTj/wgE/lJXTVGXsojQtDChYwEPNSWmAXLz1nLj2Ac1B4uy5kVsBCXkhWcu4E8 +xEaf6mIA9KvF1MWBgHkNbZ2DruYsdlA4h95+40wn2qDkm9RgmE2MyFjV8YYjwv2s +5G48+pj7o7Vg/3/QZFuoGnU8GJ4gFFVOQQRqKOUrVFrJGduiVXxqPNjTt1rfopX4 +pC8GZ69NotARfrwlBflM+Dm/AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P +BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAJxWhxMpYywwJOkB243RhD76Y9OJ0q +RAboh03wrHpx5jgRZj4PxJrMdoDop/7mP9e/2UfIWVkVzKGH3ZPSrDaJ7bRooqgu +nR1T8yWm+/zDoKoZGl+pdc25rr+PcWbzXOuPZTukSM01AqgGuwmiRB70HzqJpV3u +IPLvkvrqUIcjpdi7ULmfB1caNzTMizviTK7b3ORG+pZUVMRmOzSkJOD1PoNXg7GQ +p5FisMP7ULL0RLtOMrqwwyCslMJ+8g9pJuCqNJEeoBQsh/lmEZANWTSYTPRIbQAM +cnhx6GDsER2zvDoTLLM4SXqWEXHsV5D06Z41fKXIDSgsSZVnzb6ZWxvd +-----END CERTIFICATE----- diff --git a/tests/files/certs/testca/certs/01.pem b/tests/files/certs/testca/certs/01.pem new file mode 100644 index 0000000..8bbd244 --- /dev/null +++ b/tests/files/certs/testca/certs/01.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5zCCAc+gAwIBAgIBATANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhNeVRl +c3RDQTAeFw0xNDA4MjcxOTI0MjNaFw0xNTA4MjcxOTI0MjNaMCoxFzAVBgNVBAMM +Dm1icm9hZHN0LWJ1aWxkMQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDDV2SFR4wdqcGTJjXoxufcRcg1QPBrsglR2rvQL40i +oF9U9QAASwtn5c1+A5pkEdOb6xOrND/qiCW1jQgBKzi9qMnL9+61Z/Xykq5Op4qj +oqf1l6DV5nyHo9DOmqMKlBUGFR1PvwRcxmtl76+ekLxRP3Z38YbJHj1FT2H/9Dno +ThoImcxiSeMI1T7yBfv5SZ4TVheRIabkRcwT5FrU3P6TkVJq2PBjH4n6cNlLAMka +Ias4Jnxip4Xg/kk9JXlfce45EAMlgEpp/6zSYQqvpESo/2elElP39sFBPvv7HNIh +si7AKzIsFlEpsUFlcBkC1SD9jxV2xVbXZssCiX3ZM5F1AgMBAAGjLzAtMAkGA1Ud +EwQCMAAwCwYDVR0PBAQDAgUgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3 +DQEBBQUAA4IBAQCHXuSqK4vEDNIqZxMQiFqB4zwkz5KG3uZrbhqfHaqxxjinwlNJ +Sky9lAx2QN/sRDuk8M+8HZxRMsASIPzELMjjj19CduadkLFV4cj+0nP2m6K1li8y +RyGQpEwQi5MG2o+iQt3Ygw07KQJYhOXaifjEFJ8Q1U00KO+e9H7iLF8GrhLzmOv3 +usLPIvE8dnNu+EkrC57c48g9vkzR+BWl4TA1TcJBy9r219Z4jGrIysPWJUPwhKJj +tf9Uk9oHbMkuv5Qc+NhCumkB82phIt5WxeL1mKgwKVxiZJ+4DysfD7cgni8jhq86 +KZgEOMel6CekBa7ToLzUdvjU0SjT2DBBK6YD +-----END CERTIFICATE----- diff --git a/tests/files/certs/testca/certs/02.pem b/tests/files/certs/testca/certs/02.pem new file mode 100644 index 0000000..b074554 --- /dev/null +++ b/tests/files/certs/testca/certs/02.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5zCCAc+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhNeVRl +c3RDQTAeFw0xNDA4MjcxOTI2MDVaFw0xNTA4MjcxOTI2MDVaMCoxFzAVBgNVBAMM +Dm1icm9hZHN0LWJ1aWxkMQ8wDQYDVQQKDAZjbGllbnQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDrzmzjgxNXxXX+fgfjB5Pt+YbO2uQR9PDADUyk+8Kw +/v1xjZBqKSHaBJLMv2nHlfGM8p92XQoepWKtG4z49UsT6MMppfUnZ/TO6LgUuJtw +FaVYdJmzK8SPvsQ331id9f4grgMTiff+i6hM2Bb9Jq83/jnglrBm8T4KHjPjJXQi +MN8d7ZkV2bo2vFQcO/KNTODntqINp5+OFPboyjDbMoMgUTqnXJBQsWwA9EVq2JYs +FYtA5xsqk0yG9DBgI5ClfxESQQo6lHKYeX2KIuHVO5awPpm+wZbIeR3l5QFqQrQZ +zfw7ANsA1RK4c85jb8K0vHxX1wV3kB+2kqpi4jxm/ucnAgMBAAGjLzAtMAkGA1Ud +EwQCMAAwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBBQUAA4IBAQAxoTOMViXAKveeYx7I0dve/Te3TXe6XTlF0iFNIMp0FB3X0OeA +Bjknf6SUxY4qYV9DsFBGtXg8irkbothVNQKrhSedb6n+OQGy5z24oJ+vWW5jCyf3 +TBoWRLnHY52j/4KElNpbEddacreYY6Ft5VYLZuyXy2G18xWjUnE5EG+QkizgAWzw +w9aTxS7qyGb7/FklJhH5OA8izi4JNbIrLEcUw4ECgYihtdLnZz/ANTp4kwz7qjaj +X7+8V3h7R59/HOHglCbjtkhBVuRyz5ljTfMbCava4Za2solujAo4tRxvmhioog0t +QplQjUP4QM5jfFlD/1HXY2SzYPG0FIiRj93L +-----END CERTIFICATE----- diff --git a/tests/files/certs/testca/index.txt b/tests/files/certs/testca/index.txt new file mode 100644 index 0000000..2598edd --- /dev/null +++ b/tests/files/certs/testca/index.txt @@ -0,0 +1,2 @@ +V 150827192423Z 01 unknown /CN=mbroadst-build/O=server +V 150827192605Z 02 unknown /CN=mbroadst-build/O=client diff --git a/tests/files/certs/testca/index.txt.attr b/tests/files/certs/testca/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/tests/files/certs/testca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/tests/files/certs/testca/index.txt.attr.old b/tests/files/certs/testca/index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/tests/files/certs/testca/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/tests/files/certs/testca/index.txt.old b/tests/files/certs/testca/index.txt.old new file mode 100644 index 0000000..0082fe6 --- /dev/null +++ b/tests/files/certs/testca/index.txt.old @@ -0,0 +1 @@ +V 150827192423Z 01 unknown /CN=mbroadst-build/O=server diff --git a/tests/files/certs/testca/openssl.cnf b/tests/files/certs/testca/openssl.cnf new file mode 100644 index 0000000..1e23cb5 --- /dev/null +++ b/tests/files/certs/testca/openssl.cnf @@ -0,0 +1,53 @@ +[ ca ] +default_ca = testca + +[ testca ] +dir = . +certificate = $dir/cacert.pem +database = $dir/index.txt +new_certs_dir = $dir/certs +private_key = $dir/private/cakey.pem +serial = $dir/serial + +default_crl_days = 7 +default_days = 365 +default_md = sha1 + +policy = testca_policy +x509_extensions = certificate_extensions + +[ testca_policy ] +commonName = supplied +stateOrProvinceName = optional +countryName = optional +emailAddress = optional +organizationName = optional +organizationalUnitName = optional + +[ certificate_extensions ] +basicConstraints = CA:false + +[ req ] +default_bits = 2048 +default_keyfile = ./private/cakey.pem +default_md = sha1 +prompt = yes +distinguished_name = root_ca_distinguished_name +x509_extensions = root_ca_extensions + +[ root_ca_distinguished_name ] +commonName = hostname + +[ root_ca_extensions ] +basicConstraints = CA:true +keyUsage = keyCertSign, cRLSign + +[ client_ca_extensions ] +basicConstraints = CA:false +keyUsage = digitalSignature +extendedKeyUsage = 1.3.6.1.5.5.7.3.2 + +[ server_ca_extensions ] +basicConstraints = CA:false +keyUsage = keyEncipherment +extendedKeyUsage = 1.3.6.1.5.5.7.3.1 \ No newline at end of file diff --git a/tests/files/certs/testca/private/cakey.pem b/tests/files/certs/testca/private/cakey.pem new file mode 100644 index 0000000..c1bda7f --- /dev/null +++ b/tests/files/certs/testca/private/cakey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/T4RhynLiTGkc +gfq6TVwKVtvRy2jAOFOG7p9g4NofVTa0HvEUjNITwPUrYQDaOLSK6BtStss1aTeS +DfkY9wejl1PZ02lgz2CeznOvWp/74Rz8Mjc7BGz3WFOqcfJt6DyTj/wgE/lJXTVG +XsojQtDChYwEPNSWmAXLz1nLj2Ac1B4uy5kVsBCXkhWcu4E8xEaf6mIA9KvF1MWB +gHkNbZ2DruYsdlA4h95+40wn2qDkm9RgmE2MyFjV8YYjwv2s5G48+pj7o7Vg/3/Q +ZFuoGnU8GJ4gFFVOQQRqKOUrVFrJGduiVXxqPNjTt1rfopX4pC8GZ69NotARfrwl +BflM+Dm/AgMBAAECggEAUGYEhmxkN4JRMi/VxPG52oaCPvqy/QUu5SfnRvl38W8I +XE4clrxPlQmkfyR3DT6DcVT2Fp7Ha5zaQ8EnjDxUs4VnMcXNJWhBfLvaljkJvvru +CXa5C05i1NgD4T+d2F6fBoyeMoTyYMiRGQ/A92ye+wDQxP8jgF5HIU30uL16cOJh +/Znu6JJBjYgE9g7ce8REEpi2Fru2Ixj147ge1ICW801i0Xy5susCJvH3I817GKoq +NonAn5P+5zTv9mECDnNkhRViATigrQ8DYikNewPknrmfb0IMAvF8dTnCWI4KuorD +c4TD7w/zzrpncWNCnsDgWfgq9u9Anp6bvhED0VLiMQKBgQDgewv8skGmm4xAUKdR +BsDYIUgip57qj4EmPkjypn8lzVjDUnbBhr/NAUQK5pKnrzFE2H9/H7M1zlNwk1FS +m6GYjx4DmnGAvQ0LCBs4gxlT878n7TYTxkTge69tYQ0lmmAGGajmv2G4TtVADMlG +rojrQIYoSggVkUI+AyGhHhm8xQKBgQDaLCyBUSWPOMc33AozWMm2OYJ4nFWd1A0C +SLgpR6/+D8mT3o6YRYIMmh6AUFCENAKitbKujQOaKRll5aaNWO4JohhgcuzGEj5C +4F++7SXd6E/1+gtExnOHkPJ9z3FIeSoGCDK3DmfE8H9fcMM5mFZG7OVna3arINv4 +nT8s3aAMswKBgQDDM5yn3+Zg17AtGTV1qxa0mrRclkAFnkZjGBRdFNVJ7Pf72VC1 +VtSgkzI0/G2Y7So9wLmVtN4ksscyBJjZ6cWqoQErhvieR0b5SdJJ4Q58R1/5ezfk +GCw6vLM+vP8urMBFbbjG9rMmDz83FCdOlGUxlQlULZQ8FPVycUykC0W8NQKBgEjA +fj7JLnsp9dS8vXIN44Wue8F4cFxm/8eJNFAfpaJU5WU3y9kfJJTLN+yV26OaLF7R +tDncsBzSI7QE9psf0pDHytUuvaH3J2fppkPmlMAA3dkqfmN6wb+tKA+oAyCltsu4 +JCFC3nufrvnGgnNMR0jzajQoc7PxCylGVnDBnsNdAoGAV62Nc+T6HdZa9yDSPU5p +bNT40q0iZHmTUa6QQl+ZsRZP8u4w+RnfcUOK+QKJr43DraJgjWtwbO2VnCIMTA21 +EsSGuOCEMuYLMkswOrAJfM80FalsF3I74s5TbGYaczXXOe54XZJ8tyWSP0IiwreO ++eejI2bW3rU9TfBDdpR5Ks8= +-----END PRIVATE KEY----- diff --git a/tests/files/certs/testca/serial b/tests/files/certs/testca/serial new file mode 100644 index 0000000..75016ea --- /dev/null +++ b/tests/files/certs/testca/serial @@ -0,0 +1 @@ +03 diff --git a/tests/files/certs/testca/serial.old b/tests/files/certs/testca/serial.old new file mode 100644 index 0000000..9e22bcb --- /dev/null +++ b/tests/files/certs/testca/serial.old @@ -0,0 +1 @@ +02 diff --git a/tests/files/travis/rabbitmq-setup.sh b/tests/files/travis/rabbitmq-setup.sh new file mode 100755 index 0000000..15ff6d7 --- /dev/null +++ b/tests/files/travis/rabbitmq-setup.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +echo "[ + {rabbit, [ + {ssl_listeners, [5671]}, + {ssl_options, [{cacertfile,'${TRAVIS_BUILD_DIR}/tests/files/certs/testca/cacert.pem'}, + {certfile,'${TRAVIS_BUILD_DIR}/tests/files/certs/server/cert.pem'}, + {keyfile, '${TRAVIS_BUILD_DIR}/tests/files/certs/server/key.pem'}, + {verify,verify_peer}, + {fail_if_no_peer_cert,false}]} + ]} +]." >> rabbitmq.config + +sudo CONFIG_FILE=$PWD RABBITMQ_NODENAME=test-rabbitmq rabbitmq-server -detached diff --git a/tests/test-deps.sh b/tests/files/travis/test-deps.sh similarity index 100% rename from tests/test-deps.sh rename to tests/files/travis/test-deps.sh