From: Greg Hudson Date: Fri, 8 Oct 2021 21:44:15 +0000 (-0400) Subject: Make test PKINIT certs work with OpenSSL 3.0 X-Git-Tag: krb5-1.20-beta1~46 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1224%2Fhead;p=thirdparty%2Fkrb5.git Make test PKINIT certs work with OpenSSL 3.0 Add shell functions to reduce repetition in make-certs.sh. Create PKCS12 files with the -descert flag so that they can be read by OpenSSL 3.0 without enabling the legacy provider. --- diff --git a/src/tests/pkinit-certs/ca.pem b/src/tests/pkinit-certs/ca.pem index 2d7ab9d0e9..63d31c1f5f 100644 --- a/src/tests/pkinit-certs/ca.pem +++ b/src/tests/pkinit-certs/ca.pem @@ -3,27 +3,27 @@ MIIE5TCCA82gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug -b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowgacxCzAJ +b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMFoXDTMyMDkyMDIxMTEzMFowgacxCzAJ BgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRIwEAYDVQQHDAlDYW1i cmlkZ2UxDDAKBgNVBAoMA01JVDEpMCcGA1UECwwgSW5zZWN1cmUgUEtJTklUIEtl cmJlcm9zIHRlc3QgQ0ExMzAxBgNVBAMMKnBraW5pdCB0ZXN0IHN1aXRlIENBOyBk byBub3QgdXNlIG90aGVyd2lzZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAL6unmewooH+XR9tvj5VtwD+uUyd+YIBseWjQZfl447qdmNah3tqP6VCBGr4 -N3fYZrrPKL7CRLlsbF8qP52r6UnEjVGwVuYoNo4Eps0DgNS7+XcxviYBe9RCPJH3 -t/2PtY7NrnaW7A/h471N0IGTjwzudeIBixLfFKcn8prwQc+6IQ6Tz3Rg/4XCTFxI -kjby4VWyKBDWOpea3gPM9dvR7PiVsnCfCJlFB+9m7enD9+PFrie0UM7ezawZ514j -xo1luZfXsFJDpB6Zi3iAA8gNzVAF2CONMISZDlD4bTFtj58zPQmChaQlYeEise9Y -gfSjuWOLCx7PZ3l0J3Joba+pcxECAwEAAaOCARgwggEUMB0GA1UdDgQWBBRsTf69 -b/J43+2sVy3nOfj8nmyOFjCB1AYDVR0jBIHMMIHJgBRsTf69b/J43+2sVy3nOfj8 -nmyOFqGBraSBqjCBpzELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0 +ggEBAM+lV5iaVats0yBFN4FBe6bovloNe3d0F9qMuhKqlECv6cFra75gSGmHJz6t +GTK8zITU7sni429azTZC9IQnUt/2lW8dWzpZD1T5Vt1DYvYFqVzjhNfzeEDK88ig +ENfzaX/cY2P76arJr0cewGaauzaux8heYW1CjBxWmk6kWq4aD+5jggchvBeOGEE2 +NkV3MPbXut8fu+3NzuuIG7Z0ilwQv+KUvQ8QQb9VCwdsDh/ERsQ4loC9P4jtuWCJ +ikIE78GxDcOMoC1ftJtW/mBCS2iCHipXrp2BDDJMyHxZjHpl0VoDR7koWGtD3sos +EwUkXVvWIuKs432h2dXQ+u8HaBsCAwEAAaOCARgwggEUMB0GA1UdDgQWBBT0F6X7 +1QRftDiSeNSY3bks3nK0IzCB1AYDVR0jBIHMMIHJgBT0F6X71QRftDiSeNSY3bks +3nK0I6GBraSBqjCBpzELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0 dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoGA1UECgwDTUlUMSkwJwYDVQQLDCBJ bnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVzdCBDQTEzMDEGA1UEAwwqcGtpbml0 IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ugb3RoZXJ3aXNlggEBMAsGA1UdDwQE -AwIB/jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAGdouyTbxO -bnyMr6hEDnMLRrSqwozfLGnfJIrUxvwtn/9UAlFuCpnfNi1xQkwimW8zXOHlCoAF -fpeE7zpotmN6xbg2u98J9QOo7vGfoADvVgiZaDMq+Tv52ZG0OtbzTe/LyCXnjanM -G+Rgjhbmy2HW1orghyDUa5Qy9ISv4d72yOKGVjK8xxItnf9i7tRARVqqJk5p81QD -WOBc7FUZNj5jYw38YPHqmZtwlr1DhCNeXwVi5GpwPrYwFAaqGuTnspfkpcDA8wEm -iVvs7Gy69C0zy4Yz2I9ZzsDjmTV8PyZdMaZIhhpBHjQmBm+Pol/q5BubjFeAsPSU -/YaKjpqk1jNg +AwIB/jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBT2FJVPS+U +0MXa1HUOETuUPrVff7VeIvyAPm9IgX1zNbCvktCc4d7ErNB3P5ng8aZz4MKqwzuX +HVhUxbF7JKfyUI41lcixPG+k+U9mzBJaozWT+K1OhdUF//mGPxaxe5jyUhDiQArD +/6vulX0/B+1iuIa1sCfoeelzqQcYHqhZdWn6bBdcDWNARHIXWs5zPeKA975+d5TW +rofE7T8nNQJvcZoVjCSfcYXhP82D/0sA+wPCt3fgbBZdvJ89xwvIlzBtiwC++Zbe +37Rt5av0+ykpR7nmh2jyG+ItzE73nYKdBrUI5J6JLSbUcQTw4jeXHwDULUHZ6fXg +TBEM2v1VW4Df -----END CERTIFICATE----- diff --git a/src/tests/pkinit-certs/generic.p12 b/src/tests/pkinit-certs/generic.p12 index 90de08f729..35c27415bc 100644 Binary files a/src/tests/pkinit-certs/generic.p12 and b/src/tests/pkinit-certs/generic.p12 differ diff --git a/src/tests/pkinit-certs/generic.pem b/src/tests/pkinit-certs/generic.pem index c16d0e7c50..55ebb3dbff 100644 --- a/src/tests/pkinit-certs/generic.pem +++ b/src/tests/pkinit-certs/generic.pem @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDZjCCAk4CAQcwDQYJKoZIhvcNAQELBQAwgacxCzAJBgNVBAYTAlVTMRYwFAYD -VQQIDA1NYXNzYWNodXNldHRzMRIwEAYDVQQHDAlDYW1icmlkZ2UxDDAKBgNVBAoM -A01JVDEpMCcGA1UECwwgSW5zZWN1cmUgUEtJTklUIEtlcmJlcm9zIHRlc3QgQ0Ex -MzAxBgNVBAMMKnBraW5pdCB0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVy -d2lzZTAeFw0xOTAyMTgwMDI1NTZaFw0zMDAxMzEwMDI1NTZaMEoxCzAJBgNVBAYT -AlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRQwEgYDVQQKDAtLUkJURVNULkNP -TTENMAsGA1UEAwwEdXNlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AL6unmewooH+XR9tvj5VtwD+uUyd+YIBseWjQZfl447qdmNah3tqP6VCBGr4N3fY -ZrrPKL7CRLlsbF8qP52r6UnEjVGwVuYoNo4Eps0DgNS7+XcxviYBe9RCPJH3t/2P -tY7NrnaW7A/h471N0IGTjwzudeIBixLfFKcn8prwQc+6IQ6Tz3Rg/4XCTFxIkjby -4VWyKBDWOpea3gPM9dvR7PiVsnCfCJlFB+9m7enD9+PFrie0UM7ezawZ514jxo1l -uZfXsFJDpB6Zi3iAA8gNzVAF2CONMISZDlD4bTFtj58zPQmChaQlYeEise9YgfSj -uWOLCx7PZ3l0J3Joba+pcxECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAevA9z6cL -a+qiNfp4ssOo3ub87vrQZnayulbrU9rcRoVuqFZGbIvH7+dbQwZE34RP/R1N/ZCR -ElaU6VNqnMYv/1pqzGnk59b7Z00hiOSblfifPt7IM+uHZRUGrgQ37dC7SyHvjSi7 -kZsSCJRc6Fjv6O/qBBp2jui1B9ZBWXQ+FBmX6YMdD/VYiD1ivpacd9YueLrHnzCm -iIM5V/uBAiUZHLoFhkhtWDMvRBJLNHqP2zWGffg4K7jKsCriAfCcp+VUfXRAZelo -Hp1C5HFLID0UIXvSStOnhtM1HuQAROJS9eqqz6E4irl2ujxT8vEfbZFHDpD+Cdy1 -MgVZAqL7rPjILA== +MIIDazCCAlOgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx +FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG +A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz +dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug +b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMVoXDTMyMDkyMDIxMTEzMVowSjELMAkG +A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF +U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn +Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz +yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y +QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25 +YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe +yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCS +OTfZununxFDxuThhIFDWEZ9p2qSqTrxKtKx4CDvdckz4kaKybiNZTW7Dlh6IwWta +60eq98WrMHXYlSaN87r95lU0ug2RFJh4uLdq3a5NM/daIIjO0Bo86oC+8EBM961Q +mCMe7dn9ngFK92msdqO+wfpAfvhSpBPtAjQovigirheiEoER/ov9t9/3mRi5OTkY +8YfKT/z6XJrnOUIB3AgCdGyzSRvWLqLrbh7iAFVrm6Pq6D2nNr+mE9r5u7uFl3r8 +QeDgp0Unwd1ISWTHZlrP4bq29w7y2O+/2KV04Og8z+4zoGD4nRinuJBUdNqwAXVz +dz6pXFWgLRD+9ddI5jB0 -----END CERTIFICATE----- diff --git a/src/tests/pkinit-certs/kdc.pem b/src/tests/pkinit-certs/kdc.pem index 14ac0008b2..e46afc177f 100644 --- a/src/tests/pkinit-certs/kdc.pem +++ b/src/tests/pkinit-certs/kdc.pem @@ -3,27 +3,27 @@ MIIE4TCCA8mgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug -b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSTELMAkG +b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMFoXDTMyMDkyMDIxMTEzMFowSTELMAkG A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF U1QuQ09NMQwwCgYDVQQDDANLREMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQC+rp5nsKKB/l0fbb4+VbcA/rlMnfmCAbHlo0GX5eOO6nZjWod7aj+lQgRq -+Dd32Ga6zyi+wkS5bGxfKj+dq+lJxI1RsFbmKDaOBKbNA4DUu/l3Mb4mAXvUQjyR -97f9j7WOza52luwP4eO9TdCBk48M7nXiAYsS3xSnJ/Ka8EHPuiEOk890YP+Fwkxc -SJI28uFVsigQ1jqXmt4DzPXb0ez4lbJwnwiZRQfvZu3pw/fjxa4ntFDO3s2sGede -I8aNZbmX17BSQ6QemYt4gAPIDc1QBdgjjTCEmQ5Q+G0xbY+fMz0JgoWkJWHhIrHv -WIH0o7ljiwsez2d5dCdyaG2vqXMRAgMBAAGjggFzMIIBbzAdBgNVHQ4EFgQUbE3+ -vW/yeN/trFct5zn4/J5sjhYwgdQGA1UdIwSBzDCByYAUbE3+vW/yeN/trFct5zn4 -/J5sjhahga2kgaowgacxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNl +AoIBAQDPpVeYmlWrbNMgRTeBQXum6L5aDXt3dBfajLoSqpRAr+nBa2u+YEhphyc+ +rRkyvMyE1O7J4uNvWs02QvSEJ1Lf9pVvHVs6WQ9U+VbdQ2L2Balc44TX83hAyvPI +oBDX82l/3GNj++mqya9HHsBmmrs2rsfIXmFtQowcVppOpFquGg/uY4IHIbwXjhhB +NjZFdzD217rfH7vtzc7riBu2dIpcEL/ilL0PEEG/VQsHbA4fxEbEOJaAvT+I7blg +iYpCBO/BsQ3DjKAtX7SbVv5gQktogh4qV66dgQwyTMh8WYx6ZdFaA0e5KFhrQ97K +LBMFJF1b1iLirON9odnV0PrvB2gbAgMBAAGjggFzMIIBbzAdBgNVHQ4EFgQU9Bel ++9UEX7Q4knjUmN25LN5ytCMwgdQGA1UdIwSBzDCByYAU9Bel+9UEX7Q4knjUmN25 +LN5ytCOhga2kgaowgacxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNl dHRzMRIwEAYDVQQHDAlDYW1icmlkZ2UxDDAKBgNVBAoMA01JVDEpMCcGA1UECwwg SW5zZWN1cmUgUEtJTklUIEtlcmJlcm9zIHRlc3QgQ0ExMzAxBgNVBAMMKnBraW5p dCB0ZXN0IHN1aXRlIENBOyBkbyBub3QgdXNlIG90aGVyd2lzZYIBATALBgNVHQ8E BAMCA+gwDAYDVR0TAQH/BAIwADBIBgNVHREEQTA/oD0GBisGAQUCAqAzMDGgDRsL S1JCVEVTVC5DT02hIDAeoAMCAQKhFzAVGwZrcmJ0Z3QbC0tSQlRFU1QuQ09NMBIG -A1UdJQQLMAkGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggEBACoRg0+LnZehgdfM -xy/zTXj3kH30W++NTErQAOEEOm8KscaWIF/GXNDX9G+C4tvT/LN3vHCd+hnGgvTr -kkJlyYtLZZgkv7sa1PQW3yozhjOPRzdjiXitV6RsE4ujzwbcr3Zd0twZnf7nDbIt -HmgjQJF5EMUprgPc1M3xdRVvi5FP/rvoUV03eI5/EmyvJ2046XfTD45pQgJdCWnO -+KsFpaUIH6u4neWU4UdBxAsgo0/20pDYNM8GgPXY76wRi9yZ1Fgg2gJTS7QMpgyp -ux0vuwbq3iuo4VFMhNyGmR2NeCF7OGUPSmjD/pCck9Vzk7Q7ainv58PHAyXIhM0E -C+aVsEk= +A1UdJQQLMAkGBysGAQUCAwUwDQYJKoZIhvcNAQELBQADggEBAJZd7v5ZOMs8Y3ht +Kmtql8rKs0Jee73gVHYw3LXxJfHjIiNGdexxuWJ6Hy9gFnfwSco+15HP3MxMBkau +TKo3i1+Kwf+lc7gIZ0g/CEnYOx2smHGd9yGudWypunYLjGWfH/2M8/Wu1gZDTxQ1 +pNMQZ2pPLL/C6c6vYpVQJ5cA0RSh/SC5IbOESUpZaFFMYxF5TNz+28/lDr/rN41O +miklos6cH5EkJyI0WUqJMk04HHjREl/9RTak8mo/eaqjUMTAOyweSwpaYRCddBOo +y1ix9yH0fSBib1+WQ3MAHZHgbgVnu7V2GnB6qMNqRLHoGa03x+5Q1X0QuKxP6iYo +9tiGt3k= -----END CERTIFICATE----- diff --git a/src/tests/pkinit-certs/make-certs.sh b/src/tests/pkinit-certs/make-certs.sh index 8aa71a975e..5284f42599 100755 --- a/src/tests/pkinit-certs/make-certs.sh +++ b/src/tests/pkinit-certs/make-certs.sh @@ -112,6 +112,8 @@ keyUsage = nonRepudiation,digitalSignature,keyEncipherment,keyAgreement basicConstraints = critical,CA:FALSE subjectAltName = otherName:$KRB5_UPN_SAN;UTF8:user@$REALM extendedKeyUsage = $CLIENT_EKU_LIST + +[exts_none] EOF # Generate a private key. @@ -122,56 +124,49 @@ openssl rsa -in privkey.pem -out privkey-enc.pem -des3 -passout pass:encrypted SUBJECT=ca openssl req -config openssl.cnf -new -x509 -extensions exts_ca \ -set_serial 1 -days $DAYS -key privkey.pem -out ca.pem +serial=2 +gen_cert() { + SUBJECT=$1 openssl req -config openssl.cnf -new -key privkey.pem -out csr + SUBJECT=$1 openssl x509 -extfile openssl.cnf -extensions $2 \ + -set_serial $serial -days $DAYS -req -CA ca.pem -CAkey privkey.pem \ + -in csr -out $3 + serial=$((serial + 1)) + rm -f csr +} + +gen_pkcs12() { + # Use -descert to make OpenSSL 1.1 generate files OpenSSL 3.0 can + # read (the default uses RC2, which is only available in the + # legacy provider in OpenSSL 3). This option causes an algorithm + # downgrade with OpenSSL 3.0 (AES to DES3), but that isn't + # important for test certs. + openssl pkcs12 -export -descert -in "$1" -inkey privkey.pem -out "$2" \ + -passout pass:"$3" +} + # Generate a KDC certificate. -SUBJECT=kdc openssl req -config openssl.cnf -new -key privkey.pem -out kdc.csr -SUBJECT=kdc openssl x509 -extfile openssl.cnf -extensions exts_kdc \ - -set_serial 2 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \ - -out kdc.pem -in kdc.csr +gen_cert kdc exts_kdc kdc.pem # Generate a client certificate and PKCS#12 bundles. -SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \ - -out user.csr -SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_client \ - -set_serial 3 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \ - -out user.pem -in user.csr -openssl pkcs12 -export -in user.pem -inkey privkey.pem -out user.p12 \ - -passout pass: -openssl pkcs12 -export -in user.pem -inkey privkey.pem -out user-enc.p12 \ - -passout pass:encrypted - -# Generate a client certificate and PKCS#12 bundles with a UPN SAN. -SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \ - -out user-upn.csr -SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn_client \ - -set_serial 4 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \ - -out user-upn.pem -in user-upn.csr -openssl pkcs12 -export -in user-upn.pem -inkey privkey.pem -out user-upn.p12 \ - -passout pass: - -SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \ - -out user-upn2.csr -SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn2_client \ - -set_serial 5 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \ - -out user-upn2.pem -in user-upn2.csr -openssl pkcs12 -export -in user-upn2.pem -inkey privkey.pem \ - -out user-upn2.p12 -passout pass: - -SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \ - -out user-upn3.csr -SUBJECT=user openssl x509 -extfile openssl.cnf -extensions exts_upn3_client \ - -set_serial 6 -days $DAYS -req -CA ca.pem -CAkey privkey.pem \ - -out user-upn3.pem -in user-upn3.csr -openssl pkcs12 -export -in user-upn3.pem -inkey privkey.pem \ - -out user-upn3.p12 -passout pass: +gen_cert user exts_client user.pem +gen_pkcs12 user.pem user.p12 +gen_pkcs12 user.pem user-enc.p12 encrypted + +# Generate a client certificate and PKCS#12 bundle with a UPN SAN. +gen_cert user exts_upn_client user-upn.pem +gen_pkcs12 user-upn.pem user-upn.p12 + +# Same, but with no realm in the UPN SAN. +gen_cert user exts_upn2_client user-upn2.pem +gen_pkcs12 user-upn2.pem user-upn2.p12 + +# Same, but with an uppercase realm in the UPN SAN. +gen_cert user exts_upn3_client user-upn3.pem +gen_pkcs12 user-upn3.pem user-upn3.p12 # Generate a client certificate and PKCS#12 bundle with no PKINIT extensions. -SUBJECT=user openssl req -config openssl.cnf -new -key privkey.pem \ - -out generic.csr -SUBJECT=user openssl x509 -set_serial 7 -days $DAYS -req -CA ca.pem \ - -CAkey privkey.pem -out generic.pem -in generic.csr -openssl pkcs12 -export -in generic.pem -inkey privkey.pem -out generic.p12 \ - -passout pass: +gen_cert user exts_none generic.pem +gen_pkcs12 generic.pem generic.p12 # Clean up. -rm -f openssl.cnf kdc.csr user.csr user-upn.csr user-upn2.csr user-upn3.csr -rm -f generic.csr +rm -f openssl.cnf diff --git a/src/tests/pkinit-certs/privkey-enc.pem b/src/tests/pkinit-certs/privkey-enc.pem index 81e05d31aa..29d2f3d38c 100644 --- a/src/tests/pkinit-certs/privkey-enc.pem +++ b/src/tests/pkinit-certs/privkey-enc.pem @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,9F0F79BAC91A7D02 +DEK-Info: DES-EDE3-CBC,5FFF1E71BFFB65E3 -LiK+0vY3CKK7z7q/0576K/zcR/OzmiDMLdjQEN/en8Wk9fq9LkjbZ7xbnS5eNlZA -6McUX32M5MvfJE5tVPcijdlenKg3LEVQh91Omb63DT9TJaM2I+zIwKmFS8l1qqbB -tO5T3qChaHJ+vnmH24Ukn9wMZ/AgV7X0aSeIJ89B+kgYyBkfoh//h64dlWgqcd+L -4+wo6azx6k9feFV2/WwdmEG+etMS4iw3kw7jdRVG6G1himsXc9AL35TD1CKX/OAj -InMgrMaWmf7w8rO5LBNUj4i/lBjNjqElBRGZnfCmSpyoERDWv5JEBuSYjZaP6iPq -XAisHkJmfubN9omah/y5aNsJ8jbMjZDhBxdzA1mGuteKfnkckOgZ1YXvAZGXGxd4 -cGFzVmRwgnktsycVGpAy2P1wnOdTgo+FUkMpRIwPc1EfiPiOscUTNyZKnkNbTBk0 -l51QXXvLaZaL/Q/9mF+QfdiBDXLtxu2ZU+miA7/srJSdSxqp1UQH9kO8t0UFv4tT -Mc4JilR4W0+IxjTFvBqirpf64MJ6rL2f0ZdJ6k9l7nBnaIeT4G7KXhR3t0YbGqyK -kOTeUibfdgMlj66R+KHg0mlDI6E5rM/1L5GchsKIsbJs4TgD1+fcEvJMTB1XCtWM -usY3Y/JChquKbWngFrzqidcab0xO+RsFaxboMd/RoW3bsDOIiOmf+PQfPjXFpP23 -I3Plrm9DczQTbClt5YacW6g/aboMCHhjbCh8nBSEc5u0CssqmtHe2PST9XZZ/1ny -t480up13b3rMX3QWr74gRQ4vGsBxmCbN1DdkglJYZzYtIoTH5qAeUk7oRrRCW8wj -YkODoLLsb/1lJKHHlq8lj0h/ygn3aaYlmdXrXoPdnld0RwaS/35KjNZy6A6UEDGt -z91615joi/m+V4GQr/OrJ+gWKp19Rs7qUViNPY/RkvdmWAlH7uz+kmo8hK5IeshD -iWhZ179XIkX0YeeB8r2sRkO2qecVzRxhRtBFVt0MpuDUW3pZ+A6pB7utrKn2//TD -ZqWbwpdVdolWjru5iDt88nLxXHEGSs7GprH2iL3/aNsOJ6BrUwNVx52YBEGeNhFW -mH+E8nLQDaGgB68UnQUMzktrkmv2baAsPK1oQLDJSzN9nbhyE4ETiN2Ok1Kso30b -fDRDUB3SbXldWUXtVmu+NzO8pJVFpQ1StXpWimrwjWB3Kbi8bs2VYai7+B4mTXYy -8AVthJNuOnlvSB+FYMOaW9PrmuahgXT0wjsV2hkP+qe6mzj0AQHFpFJRuCtGuRog -spA2SgQvMO4cceJ3cxh1p5Z2/s+oC3V3ikDSDvmcpU/4FF5H/4Th44RSmXABcr7L -HFbYYKbJjfwlYh48feS7sJMAFlU41al8vCIJneNF8hSSFM05icZVBzqjDjzXHwb4 -kBvrIOtDf/CVZK9AzykvJRROIFI+2ifa+gPmTZ1Xgv0aqO8ibLSU8v2vx5RX2BCO -Jq+lmYEr6PZn2X5C3iqE+xvdTz7Sh0+Ilq/lE4DEJqr4NtZaGxXBwFNixLHJlXfI -u/LmbffnBsu2hf9zPxsmcm5yCqa9+XKtWNhx5PEcQsee6PXyGX/GHtek4pBOv/dd +p89x5YEL+Mb6IPZXEkkr0KC4Wj+JtgE3VKdTT0wEcRD74QVv+dbbZt62WgmpJtId +ph0Ial2z5Mws8L/aTkPdW2H/bEroApLu4TfUV+w67KcWgrc8gOg73d6gEObqx8li +qGbs7FC1cI1WfDfnNOnCbD66e5+bTI8fDuchaieNRqzROd9RHhmlBHgylTmf55us +laGuwLq2cZk/+Xz0M8PPx07uauGkAK0fyfifn/JR3PsGsE9s334osVQMjbjyT0VE +rm8HGm3PvZHHDUnkOh7AGKyEtsIa5fJAULUjugp2lQJqOigC4HVn8a33xfLI0F1+ +2nH9MZ+Ap1rtI1cJX8CDn/Ij9oFt01scLxynYekYej11zFiR6qHC0sspxu0Yi8l0 +puBPXCI0GzyF9I53ukjGeibTtssz5yw1r+2oVasR4bvfXczPjqTQCBsPSUayNNhw +RgT7k4QTY2OlrK/5XdILBzBlsvfndXgGOwEDw4YE7PMzMmz69vPMK7CfedUqtuXq +bGBks58tzeOa4NSfVDOuFLI+LMkoYWMSjPGD/I0trX41xCU+O6PZOnDyt5ZWl1Tm +klJpsB7rUcwsP8d4w4QGhyyV6Mo2MTlnTILr4CwwvmDMBch3yzwbfKdeywsFQh0S +NMrG3aYNO7csRRTD6aGvYcBCbavWq7Ujsb/fV7SOIS26f4VEqewvOFlFEXm66zaz +GJ0IcjtNHYNIIIW4690djxPqlGgbIZTblBSBlT+iOW5HrhXvrLeMmwAPxInU5dK+ +ypk2MGc4SzemkDi8H9jDW3dwbgcvVD9wn0glhVLQKWvP6F73UUdVEXMCZ+960xnR +gxeEwDdIpzXNadWdON1kRbqI2KesRY/XQErGHDOvf2gNSM9V2gPz+5humvcu3mXY +r4537On4+IdzetEVtI7D0slgojs+jN8waigpkLFB5RVl8PnzblMuWOkHNA86rrp+ +h6wNqv9kHLgPjpAyB1l/7w4VqXLXeC4PdaGc2fcpdNWOncUnHROmDmYvdTocqhIF +bAsEFV7QZoTgDB7J6vLsmbtfawtHMSb81V/wTJWRrtY/gJCrkJXR2pTYAZlPX6vK +aK7K2NuhJFMnrQD+kxsrloSEyfsZmHtk0mAVXJw4wSxlH3eGQ+Jphb/M2wtsnWV1 +w0fehxL2Vd5SyBBctAGhUirhRngbOO/E8IioymrziQ88vJZs2DxvbuNG4WKTuTwj +CIggXohCNKdqrwL2HAynm2FVEWhbKrQwe4kjZc64WjccR4cy9vv+dxFfrKl+vZ1o +Wvb0WXND7fiSBrPo7OfaYM5HjrcvIRP1AtMuArhuQYVARmawUG0l7dFLN97Rh9M+ +Ud9vBIfQYlubnTGVVm/5xrUh2isQbp2vrZLfMrUNXMQm0vSxKgGkAxqNUuklJC06 +LvCtEWMYXiBmB1zP4khwCHmHB+/E1gHBAutCzhpPu86ayEtNHBHIFkqKvZSg/UuZ ++ygDdTJV00I2neIdeQcyG+vPg6huIDIHpG5u6eQn5sLqVkhr+apeNcskMWpdkpFS +Lo62KUZDR3yB83ne63c3IGex0hWhVojJOAxykpGp6OD9uFn6Xn7x2Q== -----END RSA PRIVATE KEY----- diff --git a/src/tests/pkinit-certs/privkey.pem b/src/tests/pkinit-certs/privkey.pem index 48f0ae989f..007b6275df 100644 --- a/src/tests/pkinit-certs/privkey.pem +++ b/src/tests/pkinit-certs/privkey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qH -e2o/pUIEavg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+ -JgF71EI8kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPP -dGD/hcJMXEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQ -zt7NrBnnXiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKF -pCVh4SKx71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABAoIBAQC0kY2F6ZnqeeLb -eUQXqXnUYmM877gwacR6DqB15IgadWNI8JitwU6mAx9F4Oo9/lpB+xy9kCAea1Mw -x0RY3kvbxFqDCfcwmtIWqMcAC5o7WgqB2kQTn4IQ3eyX2bqNTkKDCbl1qbO/0oyk -XoTdv8tOVp6hOA7n/wKCzGyMVoor15PhlClBqbrAEIqBQUxfxthWibJXexlyX0ie -MOCmEleQ4zPrQM0cY6yoz3RhM4PVybVSapPMv11czfLPc2o7s5tPgRU+rRSGeoJC -Vp1EsaVVyZtYpNboKNsNojeJOoO3Gq5VRCjHImCa//05hnqBR1LWB+b1dvTRziwV -z4985FBBAoGBAPqbs6bVLL2jDNEEmc+U+gEf5nh4GSlRUeioFDMM1Dd2fDTQAgiM -0XI+a0NgZdjQI6fX3u+j5I9Ss1nfC09MzJsNxyKtjvAkQQsc6VDdZFEfHmC+qeTH -E4oOsD3dEv8dHuopHUbguw9sztsONbF7Bc9fhBr3wU+bO5zrdM/ry3wZAoGBAMLI -2zz+8NISHbSGE7mEJdAUdRyJVYXOp1NTzclgL6B3PD+hm8pCGQEVQa/SdWC6gJqJ -w9sUhC+0chu9i/dl9nnES5hXJqE+fXmAsG+slv0WIATrwMzxWDYPTODe5AvEniIY -RkQ1BDar0G7rcxxomREaPsteYBvh9DlIICgQu425AoGBAIQokjAb4VFMaBjeJULs -HH91VDQZmaNJaDmaUbSuQkfRayTqwPfDUzy9IBHTB0K0WOlNlRqpQoI2qbBuSGeU -Z54pQOfPwT5w0ABNSdlEN3/0Oi/ovG2ScoJuxpCJQlhZAhGYhwD2yI8U4W1x6+zh -pKm8hE04dLBHe8OABAUWIyQZAoGAOUXh4O99U+drwJbj2dqXW7WIMdnXwb5fyMqN -abbUijRFDNix/CivPXhIljAlv0lXYxk684H21CgUnT+Alj/u1yL2r1aAz0yWjFFg -j5WJ1+TXiVrgl+Im885P5pbjKuqnLJNCpe+Iy6J9aP/mGuZOi47SA+4+CDTKIMWq -Xt18qFECgYEAhVIGySQMn7u2MB7mywMQ0EQznxHBrFHDPUv0D6QuMvhUv70XUE8e -jVad6Wev3+hTYaoELntMQaW0VmbMrhtP6WmviENkT0eV5CZJgLEVrzGAGtYQOut3 -HUO1wgqEEQK9iu4vTPddsUTj/zsXR3SzCBrqGu6p6Xl7YIiecYzACZ8= +MIIEoAIBAAKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtr +vmBIaYcnPq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE +1/N4QMrzyKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOC +ByG8F44YQTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiW +gL0/iO25YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNH +uShYa0PeyiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABAoIBAEpnKYMR0h6xyNjo +VGIpT6BYB1UHPbVo0N9Ly6TCoIqpPe5DioDVyTye5A4OQlgu1G3ISqPme6478ApA +ZZMw7/42QgdlknnOzbKaAWkZK02Sa8RP9hrXL8CvuDisOjzXCHd7RdXevzSmPfsS +5sgdK3YFnKqMPwbCcKf61CHXvHJjWGuTIHIRh8P7gJelA4ahO0kYQ8aRXv3ldquO +ukSI5gyk9CN+aAHqt25kEmt9oOgk+8kfKpnk+5gkOCY2YOFDDckD7nL1VIIrDxwG +SmU598qjVwycDairWUY8uSuPCOLgbvDM9N8cERDMsyNQL63GE8ZZyHZsJ3Pbwdfs +JVHh5ekCgYEA/CwhaT9D0WQ49GQdeI7aqazHEYDmqPdE2/qbmr67tPMZzX8AAk9j +r4aMT+oIdtIMPdoQNNcBP6NYZLlAoMbLoAzHmWJnF5/YWLnS2Wg9OuXUOBn3jk1l +SWelJfAKGeBld5fpSLTdHjRAwJrNCX+mc0IZIiEw2IvGUPgKGX08bX8CgYEA0swx +xCDgvfoaKueInw/rUIcKxrSxK3pDhaR01Dg2pwSo7Vj9W01zf33qe+mjma6+U2SB +fk+/O2VXDuEOmVDLwvp6PkmUeRE5PyH7urTMEjy5ELNGiZd9zHoG/zJnRgPwTjuW +yguvjVGJwI1IvmODuA7Xc7iHFlvGNuxXZjPkS2UCgYA0nFxoIdvbTsaXLl/7rAow +xixOGY+GBvil0HYwZcSxrtpeRjXRRZDtqOuTLKeRaqdFLD6fV5AaH9EsSn4STQdk +n+XwuVf61M2FTVeRJi9IH3UUM06zsLAGDYqmDJt+5JMmzVnNYnaTe6FazbEjXy9x +8oNd3IDdXOQGNomc4cT+rwKBgBbABOr25Wp7cJGK1XrdO/c/69DQNYLMujbVLeqt +enCCFz0uaoGNFVcAHutqpsZyToYvha49KxVc9Y1cirfPOX58i+7nAAgk7Lm8kC9x +Tcj2Fr8PqiA1YlVMIi8uoGi1Ch1XXwnFQxgMYcKPPPeXQ+L8bxJFKwcltnm8/h3A +ofXlAn9AW6fYZLSzOfNQTMnuukhuAtZcEW9NlJHbej305zK89J66S8wroQs5iOla +5GG+S4YaZh5sVGw+mnS+FCw7cQCUk40kXwX3yTrxlX1qGSCFCQnFdJow+5NVg4D+ +dzDKzniH71OZZFxTqiiz76XxiaW/rS1uOfP/WSVR9NBLpV5n -----END RSA PRIVATE KEY----- diff --git a/src/tests/pkinit-certs/user-enc.p12 b/src/tests/pkinit-certs/user-enc.p12 index 39e9d31b06..1cc3aa3da6 100644 Binary files a/src/tests/pkinit-certs/user-enc.p12 and b/src/tests/pkinit-certs/user-enc.p12 differ diff --git a/src/tests/pkinit-certs/user-upn.p12 b/src/tests/pkinit-certs/user-upn.p12 index df931d71e3..bf47384a8a 100644 Binary files a/src/tests/pkinit-certs/user-upn.p12 and b/src/tests/pkinit-certs/user-upn.p12 differ diff --git a/src/tests/pkinit-certs/user-upn.pem b/src/tests/pkinit-certs/user-upn.pem index 37fcab8d77..14a11831d7 100644 --- a/src/tests/pkinit-certs/user-upn.pem +++ b/src/tests/pkinit-certs/user-upn.pem @@ -3,26 +3,26 @@ MIIExTCCA62gAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug -b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSjELMAkG +b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMVoXDTMyMDkyMDIxMTEzMVowSjELMAkG A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qHe2o/pUIE -avg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+JgF71EI8 -kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPPdGD/hcJM -XEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQzt7NrBnn -XiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKFpCVh4SKx -71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFGxN -/r1v8njf7axXLec5+PyebI4WMIHUBgNVHSMEgcwwgcmAFGxN/r1v8njf7axXLec5 -+PyebI4WoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz +CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn +Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz +yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y +QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25 +YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe +yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFPQX +pfvVBF+0OJJ41JjduSzecrQjMIHUBgNVHSMEgcwwgcmAFPQXpfvVBF+0OJJ41Jjd +uSzecrQjoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P BAQDAgPoMAwGA1UdEwEB/wQCMAAwKwYDVR0RBCQwIqAgBgorBgEEAYI3FAIDoBIM EHVzZXJAa3JidGVzdC5jb20wEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0B -AQsFAAOCAQEAeZXuyTRD2XQEcUoOYRXn6V1Glh61eHJ4e5ggp0QmTZoij8Y5YdmV -jt4N8PE1wdXr0f7+a49Zh+YrKt7NZw4HlevYSMIyHVEeLe05zTFYL0w9R1P+16pf -iSLmmwXZXBPX0biQq2wklD71GBFh/FF02uuetA/iPLMXvgfEUnbjVCcLpTc2/ISg -tkGvWXtE06YXwSn3ANbCQPLifUKW2PZ8jGBOLLvslebvvJruWyfFLolkNsyA+ljr -GvWZMxKTOD3LECHvLWFfl7xJsUNqL5qptz0baxeCrmaAdQdHvs4DApxebh1BZGn8 -KFV4g+N0Qz28tO0GSEA3cd2JHVz+wWQp7Q== +AQsFAAOCAQEAYTW8tzURX2s8vuDawXEJt2as5q2MnvhUmG0YPIvK4n2fODkMW/I9 +XENFhK8wwQJNdzvBUwXUXzEGjFcGPs672ZVzykRb7sAfGlNu1f15z0KrjyUj82oz +/gWoLwdYwZnO8jqtKjGtnLi2MeWjVCoiUW5ypUGwtEdcyZUG0PeRUrdrZu5cm+iZ +1B1exR4lepR1iSAPYTNhp5VF6T8BSLf2BO2IKTgFnF4Xx1vyZZTsY10mruZ8S1ZR +XiajBVdHkN1BpWWyFKt1BCt0dpRx9W7CihC3Ln9fBCsY8QA969EjRhszG2i09Xxw +0M6/UgIQRU6hy7QTlcmehDKY0zvVJ2/RLw== -----END CERTIFICATE----- diff --git a/src/tests/pkinit-certs/user-upn2.p12 b/src/tests/pkinit-certs/user-upn2.p12 index e11860e684..69ca648aab 100644 Binary files a/src/tests/pkinit-certs/user-upn2.p12 and b/src/tests/pkinit-certs/user-upn2.p12 differ diff --git a/src/tests/pkinit-certs/user-upn2.pem b/src/tests/pkinit-certs/user-upn2.pem index 66d6b3e3b2..baef41a5ac 100644 --- a/src/tests/pkinit-certs/user-upn2.pem +++ b/src/tests/pkinit-certs/user-upn2.pem @@ -3,26 +3,26 @@ MIIEuTCCA6GgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug -b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSjELMAkG +b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMVoXDTMyMDkyMDIxMTEzMVowSjELMAkG A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qHe2o/pUIE -avg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+JgF71EI8 -kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPPdGD/hcJM -XEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQzt7NrBnn -XiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKFpCVh4SKx -71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABo4IBSjCCAUYwHQYDVR0OBBYEFGxN -/r1v8njf7axXLec5+PyebI4WMIHUBgNVHSMEgcwwgcmAFGxN/r1v8njf7axXLec5 -+PyebI4WoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz +CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn +Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz +yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y +QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25 +YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe +yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABo4IBSjCCAUYwHQYDVR0OBBYEFPQX +pfvVBF+0OJJ41JjduSzecrQjMIHUBgNVHSMEgcwwgcmAFPQXpfvVBF+0OJJ41Jjd +uSzecrQjoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P BAQDAgPoMAwGA1UdEwEB/wQCMAAwHwYDVR0RBBgwFqAUBgorBgEEAYI3FAIDoAYM -BHVzZXIwEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0BAQsFAAOCAQEAWf0/ -d0284FjoywSaPpXvy4sJ3N+Ts1bXmM9NtJT+pKDpyMEisNFQ/kqO2UURT+9dZP5o -yzMttuNdi0lJ4W8gXE5CeMDJv1z9HUXl6blDOh7YYdqM9Y6rBIKwZHyFZzSlgGIQ -KHfDbj2dmOJLVPfLZM+MA42G1nmfQPGUMcc4mLp8Xu8x7LXCxJBuXV/gxSEMbLrm -YNj/mXQJhQwYIZdeBZIBUcdU2rD2bMbHcWAs183ddEg3+CSN8fdppsFT1ZX4ZlPk -XGSrv9EYC4GLZpLOtB3FwUQ1TmEDMJqzifY8jcS03UdQ0gKZBm83rVMnXvU01CgA -MI9PN0lFwPEutERN0g== +BHVzZXIwEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0BAQsFAAOCAQEAAsGC +LvikD/nW3eOym4f/uuKBscOGSByP9/HoP8QwvnLYU00i5n+zXSTQctotHIifsRc4 +xHLO8xemJp7rm0h/27C1Wo5AVxJ0cmnDKQf8Ast+QXsz9ZeaeKLa5D8sDOfnZXJB +aMTb8ChjyZz+KLjXV0VbaVkY95mfqsOoJQcl9wHhNdDOygnSucvA5Svlrbo2rlKt +75OJZJJWrZxuaBuuSYNpCKyyg61t69hPoDKDQZ8QJZHGugWqQ2swYe9dZpUYy5xV +CGTLCAk9ZOn8hTCC6xbNaJFjflIjcjpwabw0r986/9GeAF6KqSNbMXKaY4LLuk/8 +5FH9S8/3F56ZCNxbZQ== -----END CERTIFICATE----- diff --git a/src/tests/pkinit-certs/user-upn3.p12 b/src/tests/pkinit-certs/user-upn3.p12 index dae25f8636..9aabc3a897 100644 Binary files a/src/tests/pkinit-certs/user-upn3.p12 and b/src/tests/pkinit-certs/user-upn3.p12 differ diff --git a/src/tests/pkinit-certs/user-upn3.pem b/src/tests/pkinit-certs/user-upn3.pem index d39b879b4b..000d567d87 100644 --- a/src/tests/pkinit-certs/user-upn3.pem +++ b/src/tests/pkinit-certs/user-upn3.pem @@ -3,26 +3,26 @@ MIIExTCCA62gAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug -b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSjELMAkG +b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMVoXDTMyMDkyMDIxMTEzMVowSjELMAkG A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qHe2o/pUIE -avg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+JgF71EI8 -kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPPdGD/hcJM -XEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQzt7NrBnn -XiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKFpCVh4SKx -71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFGxN -/r1v8njf7axXLec5+PyebI4WMIHUBgNVHSMEgcwwgcmAFGxN/r1v8njf7axXLec5 -+PyebI4WoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz +CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn +Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz +yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y +QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25 +YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe +yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABo4IBVjCCAVIwHQYDVR0OBBYEFPQX +pfvVBF+0OJJ41JjduSzecrQjMIHUBgNVHSMEgcwwgcmAFPQXpfvVBF+0OJJ41Jjd +uSzecrQjoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P BAQDAgPoMAwGA1UdEwEB/wQCMAAwKwYDVR0RBCQwIqAgBgorBgEEAYI3FAIDoBIM EHVzZXJAS1JCVEVTVC5DT00wEgYDVR0lBAswCQYHKwYBBQIDBDANBgkqhkiG9w0B -AQsFAAOCAQEAF/V+Cx49jH70LMI7S7SGDFWr6/rtYwjJax7RgZN6JZlakd1R6GHa -JHwUMmf67V/R3qVWfThhbKjxumEY+whxiszegDwBZC+fFiYbaQMCIchHkx8vkdmK -ZJ9VznDiA/kp0Ty8JZKG6TMRkkxUo+csEXU4E6TZFZaz9pfPrhxHU21uPbeDeE3h -sUiUqH7oZBjmSS+2OmAu0v4+/Ex0QkqJACvZYNA5zFpgV0Ux/26EQt/bKiYkXYZq -CIWP7cd/MRfNqeqlbUVpKcIkk5WPpuqPVffA+f2B1Al5iJ8o1pzqN+awZBLLZv3F -p1+AeVD5nvWpyHSXmst32OYPPTBL9Yk3uA== +AQsFAAOCAQEApwXjFJ86RLM4MzbScqk0JGqm+jzaFZ6h5oyt0rlaxdhOl7kqOmIE +sLhXtvZm75roA+UULZHumB6xg3Y0p7cc6VBAYYycWoNkhWXZMdQ8Q33vMos5cwLY +kXjl4oTDK53goh8IlriRMV7Tv/QpJ8wh+7iqQn3lak0Tv51JexYGwp5sJREYm8q5 +rr3ChlgH7SWF8mhbu2EEiipm0whEqA4tlNKGBsTQBslnm8sK0VfVDcmLOGbMNjRs +r+Hkd8yVvhIJ9M+WAp/OeF2vUzPBJtAfIaJBxcZmKtNI5Jk8cK/vScJZboa0qAAz +2Y1uC9rP830mpOe0juhV2mMPron0hi1HaA== -----END CERTIFICATE----- diff --git a/src/tests/pkinit-certs/user.p12 b/src/tests/pkinit-certs/user.p12 index 97993c0731..e552011024 100644 Binary files a/src/tests/pkinit-certs/user.p12 and b/src/tests/pkinit-certs/user.p12 differ diff --git a/src/tests/pkinit-certs/user.pem b/src/tests/pkinit-certs/user.pem index ab24e99d24..182ea599ac 100644 --- a/src/tests/pkinit-certs/user.pem +++ b/src/tests/pkinit-certs/user.pem @@ -3,26 +3,26 @@ MIIE0zCCA7ugAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCVVMx FjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEMMAoG A1UECgwDTUlUMSkwJwYDVQQLDCBJbnNlY3VyZSBQS0lOSVQgS2VyYmVyb3MgdGVz dCBDQTEzMDEGA1UEAwwqcGtpbml0IHRlc3Qgc3VpdGUgQ0E7IGRvIG5vdCB1c2Ug -b3RoZXJ3aXNlMB4XDTE5MDIxODAwMjU1NVoXDTMwMDEzMTAwMjU1NVowSjELMAkG +b3RoZXJ3aXNlMB4XDTIxMTAwODIxMTEzMFoXDTMyMDkyMDIxMTEzMFowSjELMAkG A1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0dHMxFDASBgNVBAoMC0tSQlRF U1QuQ09NMQ0wCwYDVQQDDAR1c2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAvq6eZ7Cigf5dH22+PlW3AP65TJ35ggGx5aNBl+Xjjup2Y1qHe2o/pUIE -avg3d9hmus8ovsJEuWxsXyo/navpScSNUbBW5ig2jgSmzQOA1Lv5dzG+JgF71EI8 -kfe3/Y+1js2udpbsD+HjvU3QgZOPDO514gGLEt8UpyfymvBBz7ohDpPPdGD/hcJM -XEiSNvLhVbIoENY6l5reA8z129Hs+JWycJ8ImUUH72bt6cP348WuJ7RQzt7NrBnn -XiPGjWW5l9ewUkOkHpmLeIADyA3NUAXYI40whJkOUPhtMW2PnzM9CYKFpCVh4SKx -71iB9KO5Y4sLHs9neXQncmhtr6lzEQIDAQABo4IBZDCCAWAwHQYDVR0OBBYEFGxN -/r1v8njf7axXLec5+PyebI4WMIHUBgNVHSMEgcwwgcmAFGxN/r1v8njf7axXLec5 -+PyebI4WoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz +CgKCAQEAz6VXmJpVq2zTIEU3gUF7pui+Wg17d3QX2oy6EqqUQK/pwWtrvmBIaYcn +Pq0ZMrzMhNTuyeLjb1rNNkL0hCdS3/aVbx1bOlkPVPlW3UNi9gWpXOOE1/N4QMrz +yKAQ1/Npf9xjY/vpqsmvRx7AZpq7Nq7HyF5hbUKMHFaaTqRarhoP7mOCByG8F44Y +QTY2RXcw9te63x+77c3O64gbtnSKXBC/4pS9DxBBv1ULB2wOH8RGxDiWgL0/iO25 +YImKQgTvwbENw4ygLV+0m1b+YEJLaIIeKleunYEMMkzIfFmMemXRWgNHuShYa0Pe +yiwTBSRdW9Yi4qzjfaHZ1dD67wdoGwIDAQABo4IBZDCCAWAwHQYDVR0OBBYEFPQX +pfvVBF+0OJJ41JjduSzecrQjMIHUBgNVHSMEgcwwgcmAFPQXpfvVBF+0OJJ41Jjd +uSzecrQjoYGtpIGqMIGnMQswCQYDVQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVz ZXR0czESMBAGA1UEBwwJQ2FtYnJpZGdlMQwwCgYDVQQKDANNSVQxKTAnBgNVBAsM IEluc2VjdXJlIFBLSU5JVCBLZXJiZXJvcyB0ZXN0IENBMTMwMQYDVQQDDCpwa2lu aXQgdGVzdCBzdWl0ZSBDQTsgZG8gbm90IHVzZSBvdGhlcndpc2WCAQEwCwYDVR0P BAQDAgPoMAwGA1UdEwEB/wQCMAAwOQYDVR0RBDIwMKAuBgYrBgEFAgKgJDAioA0b C0tSQlRFU1QuQ09NoREwD6ADAgEBoQgwBhsEdXNlcjASBgNVHSUECzAJBgcrBgEF -AgMEMA0GCSqGSIb3DQEBCwUAA4IBAQAOBmEbWERHmV5YfMrOIY36mevch2KJokw9 -LXZqnKI4oezajEMwx0Wv+M/Gb4ZuYrfobiHSvfzCPUXyyRVWPr8sFBvDXnoBSlos -g+Y2O8+toyJ8u8gn63SrnPOHCdYkClkDeHI3EzuIcLfgn+Uyg9lkQOjBBNj5O42K -GoTNCuhoB6IAa66JD2u7E7pfBnceSUYP1DTlCK9l+1C+zOAEuG2N8K4n0ZRZbVqd -2euMypjorJwgebOzlk86TNzOb5IP8G6phs7D4tvhe7J6mfJ3tFmGbH8V7jY51iCT -EFQgm39U4J+2uQ0LlEsE3v7wXGW3MLUBY6STcGPwkBrxcmsdKNmy +AgMEMA0GCSqGSIb3DQEBCwUAA4IBAQAOBeCDK6Eg6Cu8TZ7xeAw2AbTpaW04nNSV +Fmm0aIskMgLl2a5KEmalG7rnArRXv5IZVYFjJ6X0MzjOx+BgaGUCvN8jz1fuO3Hp +iGhxPDzKjFMWJeY/z5bQRueSI6RCC8DzH8iPdlPUQ8ZhnukhY1Vt47wqraf197uT +0XP21qQr1uRY+ZcLSBKZuKe9ZP3ijh57MOLvYDdAFxVp77JLznpk+oU18ujAtYgZ +7naIGYtSQRkIi970jk82hSpc9B/KN8UcDuo+DQHWPQaDf39s30qoxooZBoue5ipp +LQHuVaX5Hoi83cWbsVluce/JsW8GfbuC8+8CosAmzJly183f8++9 -----END CERTIFICATE-----