From: Martin Willi <martin@revosec.ch>
Date: Fri, 3 Oct 2014 10:31:01 +0000 (+0200)
Subject: testing: Add some notes about how to reissue attribute certificates
X-Git-Tag: 5.2.1dr1~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ab320def39c290e18e249b9d4aa938656df6577;p=thirdparty%2Fstrongswan.git

testing: Add some notes about how to reissue attribute certificates
---

diff --git a/testing/tests/ikev2/acert-cached/reissue.txt b/testing/tests/ikev2/acert-cached/reissue.txt
new file mode 100644
index 0000000000..6ab98f12ae
--- /dev/null
+++ b/testing/tests/ikev2/acert-cached/reissue.txt
@@ -0,0 +1,23 @@
+# Carols acert for sales and finance
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+	--group sales --group finance -l 87600 -f pem \
+	> hosts/moon/etc/ipsec.d/acerts/carol-sales-finance.pem
+
+# Daves acert for marketing
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+	--group marketing -l 87600 -f pem \
+	> hosts/moon/etc/ipsec.d/acerts/dave-marketing.pem
+
+# Daves expired acert for sales
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+	--group sales -F "01.01.13 08:00:00" -l 240 -f pem \
+	> hosts/moon/etc/ipsec.d/acerts/dave-sales-expired.pem
diff --git a/testing/tests/ikev2/acert-fallback/reissue.txt b/testing/tests/ikev2/acert-fallback/reissue.txt
new file mode 100644
index 0000000000..2e1cd68921
--- /dev/null
+++ b/testing/tests/ikev2/acert-fallback/reissue.txt
@@ -0,0 +1,15 @@
+# Carols expired acert for finance
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+	--group finance -F "01.01.13 08:00:00" -l 240 -f pem \
+	> ./hosts/carol/etc/ipsec.d/acerts/carol-finance-expired.pem
+
+# Carols valid acert for sales
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+	--group sales -l 87600 -f pem \
+	> hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
diff --git a/testing/tests/ikev2/acert-inline/reissue.txt b/testing/tests/ikev2/acert-inline/reissue.txt
new file mode 100644
index 0000000000..994fa0f601
--- /dev/null
+++ b/testing/tests/ikev2/acert-inline/reissue.txt
@@ -0,0 +1,23 @@
+# Carols sales acert
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem --in \
+	../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \
+	--group sales -l 87600 -f pem \
+	> hosts/carol/etc/ipsec.d/acerts/carol-sales.pem
+
+# Daves marketing acert
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \
+	--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+	--group marketing -l 87600 -f pem
+	> hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem
+
+# Daves sales acert from expired AA
+pki --acert \
+	--issuercert hosts/moon/etc/ipsec.d/aacerts/aa-expired.pem \
+	--issuerkey hosts/moon/etc/ipsec.d/private/aa-expired.pem \
+	--in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \
+	--group sales -l 87600 -f pem \
+	> hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem