diff options
Diffstat (limited to 'test')
42 files changed, 1466 insertions, 0 deletions
diff --git a/test/01cert.pem b/test/01cert.pem new file mode 100644 index 0000000..15a8679 --- /dev/null +++ b/test/01cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBKMQswCQYDVQQGEwJDWjEO +MAwGA1UEChMFUm9rb3MxCzAJBgNVBAMTAkNBMR4wHAYJKoZIhvcNAQkBFg9taWNo +YWxAcm9rb3MuY3owHhcNMDEwOTA5MDgzNDExWhcNMDIwOTA5MDgzNDExWjBOMQsw +CQYDVQQGEwJDWjEOMAwGA1UEChMFUm9rb3MxDzANBgNVBAMTBk1pY2hhbDEeMBwG +CSqGSIb3DQEJARYPbWljaGFsQHJva29zLmN6MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDJpui4aF44GABGSm5kYglIVjGOfZiaOpx8sgAeWHY/cieHF3fcDCy9 +eUtv1BQeGOruiOuGLUk818TO5Ypsa45lc3mx5Inhusmsm6BJePNIK/pf+vYoskwH +EaGOCg3kMvyylAzsr2nqP7hYm09nSlU96OyHJVssUbUFVaXQ7wBNnQIDAQABo4Gh +MIGeMAkGA1UdEwQCMAAwHQYDVR0OBBYEFHxeY4K03AqIrFcjnWt0xO+SDE8OMHIG +A1UdIwRrMGmAFIsvMx24Ivqj37PFReOHMRnUwQSOoU6kTDBKMQswCQYDVQQGEwJD +WjEOMAwGA1UEChMFUm9rb3MxCzAJBgNVBAMTAkNBMR4wHAYJKoZIhvcNAQkBFg9t +aWNoYWxAcm9rb3MuY3qCAQAwDQYJKoZIhvcNAQEEBQADggEBAAk1AjbFJVir3a1V +k1eL3D4EKpk0/q0iK30L5jCPHKAQUSROVGbxb3t6AgdHR+eEnyaH9jHr/cgqMV4B +ce0mkDUoS3r1NvBIiLIO49Uhs/RVv0YVz2cVK/PSVNLEbWwmSv/oZNJN0bzlfhkk +qIulod3M3Vpr+tw0MCGjGHF7bfJjnvecsinJtlh1dZNElfdq/hZBD0nElKBTI5+J +UyN91hpPMPOCY48CpE7/zDneUHnLJyZ9Dxo32XPBeqTX4shaBaNZ/nlISzoHAR9h +HhcshzQx5WWgdOKnXkpZgqxizacM4Kl4xUpChUz9JhmQDydYC2LpFo8L0zfeLfnW +XuWJtfA= +-----END CERTIFICATE----- diff --git a/test/01crl.pem b/test/01crl.pem new file mode 100644 index 0000000..0c9a48f --- /dev/null +++ b/test/01crl.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBpjCBjzANBgkqhkiG9w0BAQQFADBKMQswCQYDVQQGEwJDWjEOMAwGA1UEChMF +Um9rb3MxCzAJBgNVBAMTAkNBMR4wHAYJKoZIhvcNAQkBFg9taWNoYWxAcm9rb3Mu +Y3oXDTAxMDkyMDIxMTAwMFoXDTAxMTAyMDIxMTAwMFowFDASAgEBFw0wMTA5MjAy +MTA5MDZaMA0GCSqGSIb3DQEBBAUAA4IBAQAHyNipK4xxUoNy0ui38TdRUOcmuN7o +gS0AaI+aEeio4NbRL4+J9qrm0Yf3HfE/gMzAHpBN7Jd5ABeLuRQVeztYCM4d9mtA +CwYcnVIm0s0EzMpM5SSghmKHsUZ5xQOAXuHDjdYXyCgDrTs+xPCFAPabiwhnXAyq +29IoX4V4fo0dyPgMgCZu93a3qdnpEAmdttgfdJrwEXlLIWkxhR88XXVo3ErGMsJ2 +zy2Zjt+Vm5uIHDCGMB0CNUv6zCik/v+9H1VyCmhmz/XfznJu7Fzt6y8Y/tXNLhY9 +i02Wr+IBLWL0PzPy6FOnr6EsH0gLrXO54Xb/RNn4+xDD9P7pe0ZakAgU +-----END X509 CRL----- diff --git a/test/01key.pem b/test/01key.pem new file mode 100644 index 0000000..913ed6f --- /dev/null +++ b/test/01key.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,E6D6ED83B588F034 + +QhTVi7BH3bBdJsxIjfStLVNbGZtrHaAqwCKrgNq8eHmeFh/GQmeh9wAgbVgdeBli +c49UoWug+k7XCaSKO/DQMzePavyEXVirYJGrI5iGARgYOH70gMdJdQfa8K8EZhB7 +zkv0lMCuoMOa/46ItXNS9DKkdr6RRdmPU8C+WCjfgNdQIcAuYZLeiSnvpDCj8a5t +H15ZyNxySzgpTw7OS4Z1PRETHcUWlNOs/vvNqRBtrmypw/P8VFvjXipWFA+hV6t5 +5CEHsMdXIrpb7nJ76OoyCSu9IO7FnftjiP+DuHcdJdTPJ2c7X1vXZ33QJwPqD4ci +e042ZgBfdjQqOthRATX5x+uAdqokbfqDhlt+xUkUvyZsKlfuMpZr4ATqeH5SFcUt +5vx+5oAFU0vvfnEw9PFt/8O3JbQVy/yCle9RSkVdecdpjsLgW/KzHedlc+TiNiac +K7LQqfTv99iLq5tdmQQI8tgWX/vuzTyfAXOHiVo+LnB1m5MWjgjr93Ssrf1zCThu +2EbWEDRbFENh8TRAFri8WCHay4U4/Zk7LzHOumE5sTLcoNfKUsykR/s6PI8W2Z/a +B0uvJ/SUgTiWYEb56oNzOSCJBWdtusjXMskb2GOW8wwGJwS1Vq1sT4suh7NB13dZ +DL56lKRtobdyHTNs8gylf5zgrzfJuChWXRLS0t12gyDVvLcGOXRiF2pdaape9F5V +v8dwkTictvsxFIacBo2/wk/xW9mSlQxpHSjcHLneEV+t4vd21Q5LhjmWlQUG9hS3 +G8e0BD7BKqTcUuBQ8/9bh8VAOvsZjFy26fRMDXuuWV1AABvWyAq3IQ== +-----END RSA PRIVATE KEY----- diff --git a/test/01pub.pem b/test/01pub.pem new file mode 100644 index 0000000..d3e9faa --- /dev/null +++ b/test/01pub.pem @@ -0,0 +1,5 @@ +-----BEGIN RSA PUBLIC KEY----- +MIGJAoGBAMmm6LhoXjgYAEZKbmRiCUhWMY59mJo6nHyyAB5Ydj9yJ4cXd9wMLL15 +S2/UFB4Y6u6I64YtSTzXxM7limxrjmVzebHkieG6yayboEl480gr+l/69iiyTAcR +oY4KDeQy/LKUDOyvaeo/uFibT2dKVT3o7IclWyxRtQVVpdDvAE2dAgMBAAE= +-----END RSA PUBLIC KEY----- diff --git a/test/01req.pem b/test/01req.pem new file mode 100644 index 0000000..a3400af --- /dev/null +++ b/test/01req.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBjTCB9wIBADBOMQswCQYDVQQGEwJDWjEOMAwGA1UEChMFUm9rb3MxDzANBgNV +BAMTBk1pY2hhbDEeMBwGCSqGSIb3DQEJARYPbWljaGFsQHJva29zLmN6MIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJpui4aF44GABGSm5kYglIVjGOfZiaOpx8 +sgAeWHY/cieHF3fcDCy9eUtv1BQeGOruiOuGLUk818TO5Ypsa45lc3mx5Inhusms +m6BJePNIK/pf+vYoskwHEaGOCg3kMvyylAzsr2nqP7hYm09nSlU96OyHJVssUbUF +VaXQ7wBNnQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAVovoK9kVmu/sPWQMS/8H +uDbLDWfWRnVOxZlVGnx5+ICryv8BsdYSezcF7+TYAnpypypgX7VzD7OvdO5DyYWN +HnJYpW7M0ZnjgqAQi1dKvM+byj17cew3kyPbeljBf8By4PGvXbQxqzSASUOPTPCl +XYy5y2lEGsY3jpj5IwITtvY= +-----END CERTIFICATE REQUEST----- diff --git a/test/02cert.pem b/test/02cert.pem new file mode 100644 index 0000000..2e948e8 --- /dev/null +++ b/test/02cert.pem @@ -0,0 +1,69 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=CZ, O=Rokos, CN=CA/Email=michal@rokos.cz + Validity + Not Before: Sep 27 14:51:51 2001 GMT + Not After : Sep 27 14:51:51 2002 GMT + Subject: C=CZ, O=Rokos, CN=Pokus02 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c1:aa:c0:e9:ac:d1:49:66:21:01:97:13:51:aa: + ff:df:0d:ca:e4:cf:5d:d6:f4:e9:2f:64:89:51:cb: + e8:59:bf:8e:dd:20:21:63:e3:75:a5:ad:35:cb:e5: + da:c6:ee:12:6d:41:f7:75:37:3a:31:94:a0:b3:3f: + c9:69:b6:79:22:ee:03:f0:af:93:fa:21:6f:6c:c5: + af:e6:20:3e:5b:2c:fd:03:c1:70:29:b2:da:17:8e: + d9:4c:5a:2b:30:8b:08:f1:74:90:0d:31:dd:f8:ed: + 06:01:3a:23:39:42:56:e7:59:00:9c:79:b5:27:8a: + 80:b6:6d:90:81:22:d7:0d:59 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 21:FC:47:57:07:F1:9D:E0:F7:7D:43:24:A1:20:04:F2:1E:B9:D6:C9 + X509v3 Authority Key Identifier: + keyid:8B:2F:33:1D:B8:22:FA:A3:DF:B3:C5:45:E3:87:31:19:D4:C1:04:8E + DirName:/C=CZ/O=Rokos/CN=CA/Email=michal@rokos.cz + serial:00 + + Signature Algorithm: md5WithRSAEncryption + 32:d8:78:d3:37:bb:aa:77:4d:ff:a5:e1:1d:57:4b:06:5f:f3: + 25:62:e8:01:5e:25:c8:d9:4f:3e:02:87:0c:98:56:f8:83:7a: + cd:b5:2a:99:80:19:43:32:6b:44:5f:78:00:3c:86:aa:3d:5b: + 51:ac:48:6e:84:c2:41:a1:a1:e4:dc:b0:17:9d:7d:09:b5:2a: + 59:34:df:72:34:6d:8d:80:cf:2a:14:07:41:f1:9c:13:ea:ca: + 66:c6:00:75:fa:be:5a:1b:ec:58:b5:ec:e0:1e:0f:49:12:d4: + f8:01:3e:44:26:6e:f5:fe:f6:56:93:a2:38:26:81:a0:2b:c2: + 54:b7:6a:77:01:cc:5f:7e:98:db:7a:39:15:87:5f:b1:b2:e8: + 7d:19:3d:8b:97:ae:ab:03:a5:76:15:e2:6d:28:e1:a3:4d:a1: + 4f:a0:69:01:0d:03:bf:2f:b6:ec:ae:60:2a:d7:e3:cb:94:4c: + 66:69:e6:8b:4a:50:49:31:c2:3c:e1:d9:bd:ac:bb:11:5a:53: + 10:e4:01:67:5f:16:55:c0:eb:32:15:51:ca:68:a8:3e:5c:51: + c5:09:e2:ac:7f:25:67:8a:47:59:6a:9b:03:52:b8:b8:d8:35: + 77:2d:72:6a:08:fc:b4:8e:9b:4e:29:a3:8d:e0:b5:83:cf:5c: + 6b:c5:33:69 +-----BEGIN CERTIFICATE----- +MIIDEjCCAfqgAwIBAgIBAzANBgkqhkiG9w0BAQQFADBKMQswCQYDVQQGEwJDWjEO +MAwGA1UEChMFUm9rb3MxCzAJBgNVBAMTAkNBMR4wHAYJKoZIhvcNAQkBFg9taWNo +YWxAcm9rb3MuY3owHhcNMDEwOTI3MTQ1MTUxWhcNMDIwOTI3MTQ1MTUxWjAvMQsw +CQYDVQQGEwJDWjEOMAwGA1UEChMFUm9rb3MxEDAOBgNVBAMTB1Bva3VzMDIwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMGqwOms0UlmIQGXE1Gq/98NyuTPXdb0 +6S9kiVHL6Fm/jt0gIWPjdaWtNcvl2sbuEm1B93U3OjGUoLM/yWm2eSLuA/Cvk/oh +b2zFr+YgPlss/QPBcCmy2heO2UxaKzCLCPF0kA0x3fjtBgE6IzlCVudZAJx5tSeK +gLZtkIEi1w1ZAgMBAAGjgaEwgZ4wCQYDVR0TBAIwADAdBgNVHQ4EFgQUIfxHVwfx +neD3fUMkoSAE8h651skwcgYDVR0jBGswaYAUiy8zHbgi+qPfs8VF44cxGdTBBI6h +TqRMMEoxCzAJBgNVBAYTAkNaMQ4wDAYDVQQKEwVSb2tvczELMAkGA1UEAxMCQ0Ex +HjAcBgkqhkiG9w0BCQEWD21pY2hhbEByb2tvcy5jeoIBADANBgkqhkiG9w0BAQQF +AAOCAQEAMth40ze7qndN/6XhHVdLBl/zJWLoAV4lyNlPPgKHDJhW+IN6zbUqmYAZ +QzJrRF94ADyGqj1bUaxIboTCQaGh5NywF519CbUqWTTfcjRtjYDPKhQHQfGcE+rK +ZsYAdfq+WhvsWLXs4B4PSRLU+AE+RCZu9f72VpOiOCaBoCvCVLdqdwHMX36Y23o5 +FYdfsbLofRk9i5euqwOldhXibSjho02hT6BpAQ0Dvy+27K5gKtfjy5RMZmnmi0pQ +STHCPOHZvay7EVpTEOQBZ18WVcDrMhVRymioPlxRxQnirH8lZ4pHWWqbA1K4uNg1 +dy1yagj8tI6bTimjjeC1g89ca8UzaQ== +-----END CERTIFICATE----- diff --git a/test/02key.pem b/test/02key.pem new file mode 100644 index 0000000..e2e8e08 --- /dev/null +++ b/test/02key.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,C4F9A886D458E50C + +tdvJ2y/Eu67lWI+E6UJHdEKSkmW/h2QQ5gQYtqKgQ0bavN4r6HOB7mH1PVLo+HyD +Q/aeOlWXQe0O5FbmufZ6OSZjyKuHoSyiFCwz9uuU9vAzd8SwT7dXG3ci1bKuvcP+ +0ApbTsdbL6CSHBqTw9gc7IUwUzVEa8d0Cz4skGuR4GqI3zTD/mEqmV9OBM9cFH56 +Wc+YF9BVRw4Yfl4go8wrhukYR+ixxdf5fuRCgdtho77kzm7nOhywEErAE0k44aC0 +lYN+Te9ukzlTe8m2vvd8wZQTL2WUsqN9PNP23oFDQgChPYfQ/FRt4y2Cym9kUK+J +aW+AADdtO7fgDOqXPlpFoc/e2HdCF2Ayv3zER+llIcoxgH+NC0vBW7KMTpsaFeoz +BUowS7t/uYtn+cxOmLUDhPi7cIH/Azjef6XC+puA7oraa6AlmAB7LCTSm1Kptxu4 +LEZrICj1kSnJBsOjcwiMd3Z2Hm9ORxVbj40T6iaG1/waqtdUZRzFUlXABAD/8MTc +RanKi9cZw7nwiTYWtZ8NRhvcCddcxQLrODoCygSeYBB7icbh9XO1hpTwpJNmz+mn +YZVsWkGPN4EUJBKHsgtzuKV3gizZfTfX6mZvE25gxobs+NJuOM8Awekp95N+zYta +Yp44ex/OaQhHNb9M/zwpR0z2K5BE9p+JkfRs3SwWJ5BZzJJcrkF6h0dUBbjQ/1p0 +NHERUPhsLBUEa6ayLcdopf1MqBnyrJljaKrc+8BCneVuwQVxW+ZqFxcPF4qYtrnf +6z3vF4cC8M6FAc0mIEkS4lFB5M4SDHm+Txgof7l6MLyxZAF+QzLdDA== +-----END RSA PRIVATE KEY----- diff --git a/test/02req.pem b/test/02req.pem new file mode 100644 index 0000000..3fa9be4 --- /dev/null +++ b/test/02req.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBbjCB2AIBADAvMQswCQYDVQQGEwJDWjEOMAwGA1UEChMFUm9rb3MxEDAOBgNV +BAMTB1Bva3VzMDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMGqwOms0Ulm +IQGXE1Gq/98NyuTPXdb06S9kiVHL6Fm/jt0gIWPjdaWtNcvl2sbuEm1B93U3OjGU +oLM/yWm2eSLuA/Cvk/ohb2zFr+YgPlss/QPBcCmy2heO2UxaKzCLCPF0kA0x3fjt +BgE6IzlCVudZAJx5tSeKgLZtkIEi1w1ZAgMBAAGgADANBgkqhkiG9w0BAQQFAAOB +gQCtNmh1fd1M/pm1ybiTdWh2iI8GT01Azff5D5Hxk/WbuZS0U/v0auycrEaBj1w0 +hncaYnN8+fdSACbOBN5efni7FiClvx7COuJ3+qJmB/Cnv4j5ielyydUhkeRQ81Gq +EooiyAXhDzVcCfjO8c5Gk2WkAfuQWf9h/7ZSRlVv72OcWw== +-----END CERTIFICATE REQUEST----- diff --git a/test/0cert.pem b/test/0cert.pem new file mode 100644 index 0000000..cb383c7 --- /dev/null +++ b/test/0cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjzCCAnegAwIBAgIBADANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJDWjEN +MAsGA1UEChMEUnVieTEPMA0GA1UEAxMGUnVieUNBMB4XDTAxMTEwODExNTkxMloX +DTAzMTEwODExNTkxMlowLTELMAkGA1UEBhMCQ1oxDTALBgNVBAoTBFJ1YnkxDzAN +BgNVBAMTBlJ1YnlDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOV8 +Vc1b83eGNdpfM4IFbEY8h+nx8XU9QMJ5EnWiOzSqrOZtG/R6rFP/jxDS+rDgh2FF +lzkdrRpElTVgCePEddrhSMj//8IprCN79sykiTILNAi0Wq9YHUCzADX+ViC0hkyS +rUs4kD7qr3psfp1imARD2IE2gVhs5+fuyZlNGg1xXjsEfRMX6Uf57q7NBh3edjWh +EfyKku7l51Z6X1r8tVPguyeeoZsnOPpQGKutchEskBwHjGwu0xBj9NJFKrIr9GBT +IsKL4iTG31ReZnLQrtUHlCmOQnfId3HBk+zzD3Z8db47KaUgaEFpyitl9l+1HzyU +3CjJzRmJZrYXycE3eYUCAwEAAaOBuTCBtjAPBgNVHRMECDAGAQH/AgEAMC0GCWCG +SAGG+EIBDQQgFh5HZW5lcmF0ZWQgYnkgT3BlblNTTCBmb3IgUnVieS4wHQYDVR0O +BBYEFFhFcoVGe0cAv4c8QexFYb1YqCtoMFUGA1UdIwROMEyAFFhFcoVGe0cAv4c8 +QexFYb1YqCtooTGkLzAtMQswCQYDVQQGEwJDWjENMAsGA1UEChMEUnVieTEPMA0G +A1UEAxMGUnVieUNBggEAMA0GCSqGSIb3DQEBBQUAA4IBAQDQhltRNlB8KyhgyXNZ +qYTupPvsoj1NDbXQT1nyNirOjGSqRYxcOshL2vfhgIESs5jQdcR+B41Oj3N+MEkI +rPyXIcbI1MSjB/W0pHVDpxf/++cZ7OXUhhF0f25+ZO9qnWl4mdKH3XNWJM4lnzGn +Q8UDs9aJr8FBh8puo4u27I844K6GoIWyAzAwyyDmoaCRpkt5YSJua07OVsVTUdpj +5z9rNOjmymuA82VpKvzsxFev7z4UragXRBX92OCRIzIE5Ne8zGLFTjKGt5us7D79 +bYqjOv2ax0bOj8UgTw0Fyl5mKao00uTz4nZyjhxuE7qUeaFNnoFbzQL6isZRBsST +1eph +-----END CERTIFICATE----- diff --git a/test/0key.pem b/test/0key.pem new file mode 100644 index 0000000..0ef2deb --- /dev/null +++ b/test/0key.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,26F5AE5B49B3A1FF + +cOkuSZ5jeT5T+vmiBUeBIonGBzmO3HzYMmRN2HoKKLbYHnpcaH/84mA876cZIGDB +Fpu36e1Q5W/IzEO1oWdav0gG6jG8fGIZnZBsyYwkDWayg+p+vGgEUAj6TAnwvK/f +qjAsMfbBJVIhvsMekmuz490A5LZ3tA1zgZBpl6i358JXbDidp1YreRsa2KYD2hSM +dNBNWvRksm8n9/px8U6fgKYlywV267FtmJ9e0dsMLt3gtni2WYU4uLhZfS2RvgwP +a5mwo1DcepbZ4UohCCjWPCy3UYU43A/7ugHaE2+XcWi0gh+pLOTKL7dP84PKL1Az +u3h4fiszYfkLwodUHbODIilAAU+orQv89jPJK9jjlmVjQc0jRMowkfuBvzqwLPGY +JwIjKuIeTR+uh6MEp/m4aBUiNyxfPJZ4lAgJB7mU/9aKPD3qpWvniDg12NWBeniQ +VfHI3qWvR6J2s7idBgEk+H2GeFsIXONpWfbHuqoDITjm80407ms03EbwItMynn51 +sTjY2fLTCkQik5sgnuqikNczi7EnFga7JVkbLa+ltGfBSyqAZIlNpbapr+vEtefl +ucW+S4fJ9duwFg+N/syBIUeMji2EJHNhGa7jt+1JU/Cf8ise/5oets+C/bzAMwyy +jMH4QP4rwoAhGNf7gpw4MYLek2n4LX2F4AN2cTgWj4yt94+GWKgLf5cuvlNG7SfI +Ha5akGWDaG5pfmTdfLM71iDs3S8KXNLQ2gHNYlVP2hvc9rMEZo9P8iGnxIxNKskr +C62x47FGmgsr0ShSTNTG58dqFgaVLb0On53LbD6tsgnYdtPoqC8/Z/agqK0mNIwb +lLb/g0LLAoxqV6gOUNFZ92FEXZ9iUue1YFkHHaLfSe/xeKVoSO2XqaxIhsNMp5AK +cER7/qkvxmb+BII+X5cFSjt/tOcjkCE3FXkyP8PVxlFYF6mY4BuGpKBl7wPFS8kf +Mjp+9kZvXBJm3Awfn0M7ZXF4dkMOyRdjbOfhHkqREvw2Xty1+Sa3RarUM3w3jU1v +DUg3vg5uRs0rVUZeK+HQHI7z3PaLVKMoESoDfSCI7/7kiZaBpS5hGBmMz26Aa+Lg +5CmwM+LMqRE7BcrRo8wiXMbkbh1xCeOqfcQBopii6ZC1xtQeXP3+j19BzA0dlnHV +N01UD3tuQ8cfji79atEX03hIzpLB9q75yCs+C3SDdEJzft/S53jFQjuG1SWpOxDa +xo6lKXjX71X1UUh1gAmSKMkQnrfMzw1FTHtxetwaK5s6LFmmqPgi1lYEYai3zVP/ +rwG2M/aSlvsaC7GfJnpKdfRONXiGEwggDLKodt6sRvtZQ5uddUQnyvBxDyZpV9K6 +JF0/FQXsYwgjFJq7krHIwr4ExvQxb3s2GRtKokwDd+WH6f53oFRgOpWpsWLBYyS3 +uoYSRL8AcTLIEIsco8dFLCwTXmubo5wMhpsjCS0vp4QJ//fo9zLKiOG+nn5p9Yfa +ZN5R+rEUjAchjP/W4poH/tFLIRXQmIKN6K5fTfY30EFnA08l02GpSAW1wzgaa/08 +NTY5VdXGW+vaWT+CNmZ1TB///aqcC50JztiitNecF1oKnm8Ng80QMXh/sEoLWmm2 +-----END RSA PRIVATE KEY----- diff --git a/test/1cert.pem b/test/1cert.pem new file mode 100644 index 0000000..34cfc3b --- /dev/null +++ b/test/1cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDTCCAfWgAwIBAgIBATANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJDWjEN +MAsGA1UEChMEUnVieTETMBEGA1UEAxMKUkEgT2ZmaWNlcjAeFw0wMTExMDgxMjA0 +NDNaFw0wMjExMDgxMjA0NDNaMDExCzAJBgNVBAYTAkNaMQ0wCwYDVQQKEwRSdWJ5 +MRMwEQYDVQQDEwpSQSBPZmZpY2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDmjdOjVhXIhr9kYvAiad8nJwfjtnEGluXRs1YMFOfOLi5bquu7eUL8ADiN3Fry +FKePiJppBscynd/nhaCnh24ideGEAUgFxNUiF5ER2P0q+UEJKqdIttVC3Alh8A+j +84ORre3P2uStpzyGZLBd2AfdEMaYYW+JtA8e6iNug5qrtQIDAQABo4GzMIGwMAkG +A1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkdlbmVyYXRlZCBieSBPcGVuU1NMIGZv +ciBSdWJ5LjAdBgNVHQ4EFgQUZGTsYtG/ZlqNyjRiH3X3KQpZtQswVQYDVR0jBE4w +TIAUWEVyhUZ7RwC/hzxB7EVhvVioK2ihMaQvMC0xCzAJBgNVBAYTAkNaMQ0wCwYD +VQQKEwRSdWJ5MQ8wDQYDVQQDEwZSdWJ5Q0GCAQAwDQYJKoZIhvcNAQEFBQADggEB +AD6K5cVA25rvighcsqPG530gOpOqmfiguJogEJrjugGwXD3n6Cgpu8znNhN2v9bX +v0h/7KisJAP/b0d2jyqEey+us1aZqtGNxAVk5dZ7zwU310fIOV19cujFSsF6LBZP +KlPy2qQHrGvWHtJBk5STn5VdTWEeEqv5wWNmBqYCxToaGg+lsF8U4OHX6QJiPr9Y +iOYPEqgYqpr9cJvu4PIHjXN0SSrwLcxln/wudP97J51cOoGb884zHWwwnzQVcJde +JOg4A+FI3SM4ilsd0SSoOUgy41kIKhej3VP/VS+iFdU5y2gpu9BqgVbwYy+d7hGO +vlPYILTKftShjnc1FxTAkx0= +-----END CERTIFICATE----- diff --git a/test/1key.pem b/test/1key.pem new file mode 100644 index 0000000..b82fc7f --- /dev/null +++ b/test/1key.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,5A6AD2396EEAFD8D + +bIPHC+et8QaPX8BS9xdRJeKOB+bIN3Sa1YEyEBR/nvANheD7YkgH3JOchCOL/EnC +cFzQZH04SZqjh9Ir7X1QORYk2YV5rpaEHrjC3W2TPXDH3ED+SrS55sJuKue6V6Gs +uXQYIOzC22AFs4taUCzilY0mEu2dnua61ueOivimX8mj88Sm9Td7UHPvGArC+t+P +1FeD3wSV4Wt5z5IzrDjCfEA2FOz2GTz41vYF4YmqKOv/xPMBRUCOGvzvGPfnly2C +KYH8ty6jAauQ/jTQJJi7P7oPurtK3v9nHEc3xNo07+uzkKKw1Ur8UFh3xiAHl7KE +EKPUtc05KwD/NKcYEWbwiltFt/BSJIoyhAmR7J3siM5XvJ+saqhE8ycx3HG/I5DX +8Juv8jK7XELawGQoUeHO8KWQT/uEmf9xmRS2a1KMy2NWwqUQgC/kO23c2mhKTUZI +AppciHwExHeY1lXWyq+A0skbuYA531o3S8L28mk55VYSecz8LqFjeuMha774mDVi +QG8gfURS4tliLV9ZT72p5D+rCOSYXUMeSgyZa+mZoIVbqbE8UClmZJvFOfa5MRLe +tqHXk5STM6qQBD28mDeHKHLGFP7g0SnfXlHY1wQiSSZEOjY9RsoZFRcdC3Q4f7vY +Uz5ji0DDytnXyHIoFO/sejf4QacOWcDJoYigkeUrX6WZR11d6wCRMvT1ekuViOM3 +KXZdQ+ziLnUSZVELxngqpK6Ao32QfuFYEDufKkayz8WvByMCuyLwSgrqZVdC8JmP +9CSHO4zl97lQV5DOi9pen00fGL7PpyJhH1o0Ef320xByAR6InrbMTQ== +-----END RSA PRIVATE KEY----- diff --git a/test/c/hash.c b/test/c/hash.c new file mode 100644 index 0000000..76f2fa4 --- /dev/null +++ b/test/c/hash.c @@ -0,0 +1,51 @@ +/* + * $Id$ + * RubySSL project + * Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz> + * All rights reserved. + */ +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. (You can find the licence + * in LICENCE.txt file.) + */ +#include <openssl/ssl.h> + +int main(int argc, char *argv[]) +{ + BIO *in = NULL, *out = NULL; + X509 *x509 = NULL; + ASN1_BIT_STRING *key = NULL; + ASN1_OCTET_STRING *digest = NULL; + unsigned char dig[EVP_MAX_MD_SIZE]; + EVP_MD_CTX md; + unsigned int dig_len; + char *txt = NULL; + + in = BIO_new_file("./01cert.pem", "r"); + out = BIO_new(BIO_s_file()); + BIO_set_fp(out, stdout, BIO_NOCLOSE|BIO_FP_TEXT); + + x509 = PEM_read_bio_X509(in, NULL, NULL, NULL); + key = x509->cert_info->key->public_key; + + ASN1_STRING_print(out, key); + BIO_printf(out, "\n===\n"); + + EVP_DigestInit(&md, EVP_sha1()); + EVP_DigestUpdate(&md, key->data, key->length); + EVP_DigestFinal(&md, dig, &dig_len); + + txt = hex_to_string(dig, dig_len); + BIO_printf(out, "%s\n===\n", txt); + return 0; +} +//i2v_ ... as STACK_OF(CONF_VALUE) for easy printing + diff --git a/test/c/key.c b/test/c/key.c new file mode 100644 index 0000000..5f6cbf3 --- /dev/null +++ b/test/c/key.c @@ -0,0 +1,84 @@ +/* + * $Id$ + * RubySSL project + * Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz> + * All rights reserved. + */ +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. (You can find the licence + * in LICENCE.txt file.) + */ +#include <openssl/ssl.h> + +int main(int argc, char *argv[]) +{ + RSA *rsa = NULL; + BIO *in = NULL, *out = NULL; + + OpenSSL_add_all_algorithms(); + + if (!(in = BIO_new(BIO_s_file()))) { + printf("BIO in err\n"); + return 1; + } + //if (BIO_read_filename(in, "./01key.pem") <= 0) { + if (BIO_read_filename(in, "./01rsapub.pem") <= 0) { + printf("BIO_read err\n"); + return 2; + } + //if (!(rsa = PEM_read_bio_RSAPrivateKey(in, NULL, NULL, "pejs8nek"))) { + if (!(rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL))) { + printf("PEM read err\n"); + BIO_free(in); + return 3; + } + BIO_free(in); + if(rsa->n) printf("n=Yes, "); else printf("n=NO, "); + if(rsa->e) printf("e=Yes, "); else printf("e=NO, "); + if(rsa->d) printf("d=Yes, "); else printf("d=NO, "); + if(rsa->p) printf("p=Yes, "); else printf("p=NO, "); + if(rsa->q) printf("q=Yes, "); else printf("q=NO, "); + if(rsa->dmp1) printf("dmp1=Yes, "); else printf("dmp1=NO, "); + if(rsa->dmq1) printf("dmq1=Yes, "); else printf("dmq1=NO, "); + if(rsa->iqmp) printf("iqmp=Yes\n"); else printf("iqmp=NO\n"); + +/* + if (!(out = BIO_new(BIO_s_file()))) { + printf("BIO out err\n"); + return 4; + } + if (BIO_write_filename(out, "./01rsapriv.pem") <= 0) { + printf("BIO write err\n"); + return 5; + } + if (!PEM_write_bio_RSAPrivateKey(out, rsa, EVP_des_ede3_cbc(), NULL, 0, NULL, "alfa")) { + printf("Private err\n"); + return 6; + } + BIO_free(out); + + if (!(out = BIO_new(BIO_s_file()))) { + printf("BIO out err\n"); + return 7; + } + if (BIO_write_filename(out, "./01rsapub.pem") <= 0) { + printf("BIO write err\n"); + return 8; + } + if (!PEM_write_bio_RSAPublicKey(out, rsa)) { + printf("Private err\n"); + return 9; + } + BIO_free(out); +*/ + return 0; +} + diff --git a/test/cacert.pem b/test/cacert.pem new file mode 100644 index 0000000..5b592ed --- /dev/null +++ b/test/cacert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDtDCCApygAwIBAgIBADANBgkqhkiG9w0BAQQFADBKMQswCQYDVQQGEwJDWjEO +MAwGA1UEChMFUm9rb3MxCzAJBgNVBAMTAkNBMR4wHAYJKoZIhvcNAQkBFg9taWNo +YWxAcm9rb3MuY3owHhcNMDEwOTA5MDcyMzU0WhcNMDMwOTA5MDcyMzU0WjBKMQsw +CQYDVQQGEwJDWjEOMAwGA1UEChMFUm9rb3MxCzAJBgNVBAMTAkNBMR4wHAYJKoZI +hvcNAQkBFg9taWNoYWxAcm9rb3MuY3owggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC728A7LcXmMBjNNWLM+F2cr+/yjF2z5E72ZWE7MoFmArNTD9Kpzij+ +BoQr2Epj8FOpYebPPpy3V4WiaQXiG9w59pljHAAuAKnSdtiuWP7HNk/aCGSH19x9 +VjD2HpjqPwv1BiJ2XO/TVi5p6xO9PA/oYsj3GhkfQ3EUyvdeUJo3Fze2LC9hj6ED +Yv4f15KaCGNL1DDYz1XDJtQh12Wt9l4i6GO8KHVIzZxQ4mnatfRiK7XnbaLqM3nC +Z8Qi+MQ7GTycBmSgOAmg0vzZ+8GEZRDRfg02nbhju1P+gbiYA62HM0TI8Zr9Ol/e +iWMBs6PSQ3C2dAcHPxGTXEM99SHlgTWPAgMBAAGjgaQwgaEwHQYDVR0OBBYEFIsv +Mx24Ivqj37PFReOHMRnUwQSOMHIGA1UdIwRrMGmAFIsvMx24Ivqj37PFReOHMRnU +wQSOoU6kTDBKMQswCQYDVQQGEwJDWjEOMAwGA1UEChMFUm9rb3MxCzAJBgNVBAMT +AkNBMR4wHAYJKoZIhvcNAQkBFg9taWNoYWxAcm9rb3MuY3qCAQAwDAYDVR0TBAUw +AwEB/zANBgkqhkiG9w0BAQQFAAOCAQEANZ0WpcFk/fKcYIAK2C9dFVgnHqbP6+xa +NH23epZ/29ONjVVZa4IW1OS3miufJDTGqSWncp8hLe18ux/AyJkGXcjYe0A4g/jn +qARZe7zGlE9Plg6VMGYJk6AJyTf1m8a+0f9Ek9MfUkblltE4zHSFsVEBezmav9n1 +WjjWgc3WA9amagkCx1P/M5r36noclHd7L6O+S4BXMJaOzk10ADahINQ89QmGdeCU +o2i09vtcupCwkepDCVhGU41Yp7ihjt4XJWePFXPf7Y1mf9Hhkq5cCIJVVRqT0YUL +FQrQrZweM8eGF/xouqGWCZQnTIdhDcpRIIlhAQy8MSoJJgxPR5raKw== +-----END CERTIFICATE----- diff --git a/test/config.cnf b/test/config.cnf new file mode 100644 index 0000000..2c3fcda --- /dev/null +++ b/test/config.cnf @@ -0,0 +1,244 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = md5 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 60 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always diff --git a/test/data b/test/data new file mode 100644 index 0000000..4effa19 --- /dev/null +++ b/test/data @@ -0,0 +1 @@ +hello! diff --git a/test/gen_ca_cert.rb b/test/gen_ca_cert.rb new file mode 100755 index 0000000..0a07f0b --- /dev/null +++ b/test/gen_ca_cert.rb @@ -0,0 +1,39 @@ +#!/usr/bin/env ruby + +require 'openssl' +include OpenSSL +include X509 +include PKey + +p key = RSA.new(2048) +p new = Certificate.new +name = [['C', 'CZ'],['O','Ruby'],['CN','RubyCA']] +p new.subject = Name.new(name) +p new.issuer = Name.new(name) +p new.not_before = Time.now +p new.not_after = Time.now + (2*365*24*60*60) +p new.public_key = key +p new.serial = 0 +p new.version = 3 +ef = ExtensionFactory.new +ef.subject_certificate = new +p ext1 = ef.create_extension("basicConstraints","CA:TRUE,pathlen:0") +p ext2 = ef.create_extension("nsComment","Generated by OpenSSL for Ruby.") +p ext3 = ef.create_extension("subjectKeyIdentifier", "hash") +new.extensions = [ext1, ext2, ext3] +ef.issuer_certificate = new # we needed subjectKeyInfo inside, now we have it +p ext4 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") +p new.add_extension(ext4) +p new.sign(key, Digest::SHA1.new) + +f = File.new("./#{new.serial}cert.pem","w") +f.write new.to_pem +f.close + +puts "Enter Password:" +p pass = gets.chop! + +f = File.new("./#{new.serial}key.pem", "w") +f.write key.export(Cipher::DES.new(Cipher::EDE3, Cipher::CBC), pass) +f.close + diff --git a/test/gen_cert.rb b/test/gen_cert.rb new file mode 100755 index 0000000..9d33f48 --- /dev/null +++ b/test/gen_cert.rb @@ -0,0 +1,41 @@ +#!/usr/bin/env ruby + +require 'openssl' +include OpenSSL +include X509 +include PKey + +p ca = Certificate.new(File.open("./0cert.pem").read) +p ca_key = RSA.new(File.open("./0key.pem").read) + +p key = RSA.new(1024) +p new = Certificate.new +name = [['C', 'CZ'],['O','Ruby'],['CN','RA Officer']] +p new.subject = Name.new(name) +p new.issuer = Name.new(name) +p new.not_before = Time.now +p new.not_after = Time.now + (365*24*60*60) +p new.public_key = key +p new.serial = 1 +p new.version = 3 +ef = ExtensionFactory.new +ef.subject_certificate = new +ef.issuer_certificate = ca +p ext1 = ef.create_extension("basicConstraints","CA:FALSE") +p ext2 = ef.create_extension("nsComment","Generated by OpenSSL for Ruby.") +p ext3 = ef.create_extension("subjectKeyIdentifier", "hash") +p ext4 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") +new.extensions = [ext1, ext2, ext3, ext4] +p new.sign(ca_key, Digest::SHA1.new) + +f = File.new("./#{new.serial}cert.pem","w") +f.write new.to_pem +f.close + +puts "Enter Password:" +p pass = gets.chop! + +f = File.new("./#{new.serial}key.pem", "w") +f.write key.export(Cipher::DES.new(Cipher::EDE3, Cipher::CBC), pass) +f.close + diff --git a/test/key_hash.rb b/test/key_hash.rb new file mode 100755 index 0000000..5af095c --- /dev/null +++ b/test/key_hash.rb @@ -0,0 +1,17 @@ +#!/usr/bin/env ruby + +require 'openssl' +include OpenSSL + +x509 = X509::Certificate.new(File.open("./01cert.pem").read) +key = x509.public_key +p d = Digest::SHA1.new +p d << key.to_der + +#x509 = X509::Certificate.new +#rsa = PKey::RSA.new(1024) +#x509.public_key = rsa +#rsa = x509.public_key +#d2 = Digest::SHA1.new +#p d2 << rsa.to_der + diff --git a/test/ossl_cipher.rb b/test/ossl_cipher.rb new file mode 100755 index 0000000..ce21342 --- /dev/null +++ b/test/ossl_cipher.rb @@ -0,0 +1,17 @@ +#!/usr/bin/env ruby + +require 'openssl' +include OpenSSL +include Cipher + +p des = DES.new(EDE3, CBC) #Des3 CBC mode +p "ENCRYPT" +p des.encrypt("key") #, "initial_vector") +p cipher = des.update("data1") +#p cipher = des.encrypt("key", "initial_vector", "data") +p cipher += des.cipher +p "DECRYPT" +p des.decrypt("key") +#p des.decrypt("key", "initial_vector") +p des.update(cipher) + des.cipher + diff --git a/test/ossl_config.rb b/test/ossl_config.rb new file mode 100755 index 0000000..ac24db1 --- /dev/null +++ b/test/ossl_config.rb @@ -0,0 +1,16 @@ +#!/usr/bin/env ruby + +raise "TO BE DROPPED???..." + +require 'openssl' +include OpenSSL + +p config = Config.new("./openssl.cnf") + +p string = config.get_string("req", "x509_extensions") +p number = config.get_number("req", "default_bits") +p string = config.get_string("req", "distinguished_name") + +p sect = config.get_section(string) +p ConfigSection.new + diff --git a/test/ossl_digest.rb b/test/ossl_digest.rb new file mode 100755 index 0000000..0ea7e0e --- /dev/null +++ b/test/ossl_digest.rb @@ -0,0 +1,17 @@ +#!/usr/bin/env ruby + +require 'digest/sha1' +require 'digest/md5' +require 'openssl' + +str = "This is only bullshit! :-))" +md5 = Digest::MD5.new(str) +md5a = OpenSSL::Digest::MD5.new(str) +p md5.digest == md5a.digest +p md5.hexdigest == md5a.hexdigest + +sha1 = OpenSSL::Digest::SHA1.new(str*2) +sha1a = Digest::SHA1.new(str*2) +p sha1.digest == sha1a.digest +p sha1.hexdigest == sha1a.hexdigest + diff --git a/test/ossl_pkey.rb b/test/ossl_pkey.rb new file mode 100755 index 0000000..3b0eacd --- /dev/null +++ b/test/ossl_pkey.rb @@ -0,0 +1,82 @@ +#!/usr/bin/env ruby + +require 'openssl' +include OpenSSL +include PKey +include Cipher +include Digest + +puts "==RSA==" +p rsa = RSA.new(512) +puts ".......=sign'n'verify" +txt = <<END +Ruby is copyrighted free software by Yukihiro Matsumoto <matz@netlab.jp>. +You can redistribute it and/or modify it under either the terms of the GPL +(see the file GPL), or the conditions below: + + 1. You may make and give away verbatim copies of the source form of the + software without restriction, provided that you duplicate all of the + original copyright notices and associated disclaimers. + + 2. You may modify your copy of the software in any way, provided that + you do at least ONE of the following: + + a) place your modifications in the Public Domain or otherwise + make them Freely Available, such as by posting said + modifications to Usenet or an equivalent medium, or by allowing + the author to include your modifications in the software. + + b) use the modified software only within your corporation or + organization. + + c) rename any non-standard executables so the names do not conflict + with standard executables, which must also be provided. + + d) make other distribution arrangements with the author. + + 3. You may distribute the software in object code or executable + form, provided that you do at least ONE of the following: + + a) distribute the executables and library files of the software, + together with instructions (in the manual page or equivalent) + on where to get the original distribution. + + b) accompany the distribution with the machine-readable source of + the software. + + c) give non-standard executables non-standard names, with + instructions on where to get the original software distribution. + + d) make other distribution arrangements with the author. + + 4. You may modify and include the part of the software into any other + software (possibly commercial). But some files in the distribution + are not written by the author, so that they are not under these terms. + + For the list of those files and their copying conditions, see the + file LEGAL. + + 5. The scripts and library files supplied as input to or produced as + output from the software do not automatically fall under the + copyright of the software, but belong to whomever generated them, + and may be sold commercially, and may be aggregated with this + software. + + 6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE. +END +p sig = rsa.sign(SHA1.new, txt) +p rsa.verify(SHA1.new, sig, txt) +puts ".......=encrypt'n'decrypt" +txt2 = "Hello out there!" +p enc = rsa.public_encrypt(txt2) +p rsa.private_decrypt(enc) + +puts "==DSA==" +p dsa = DSA.new(512) +puts ".......=sign'n'verify" +p sig = dsa.sign(DSS.new, txt) +p dsa.verify(DSS.new, sig, txt) + diff --git a/test/ossl_rsa.rb b/test/ossl_rsa.rb new file mode 100755 index 0000000..1ab9cd1 --- /dev/null +++ b/test/ossl_rsa.rb @@ -0,0 +1,19 @@ +#!/usr/bin/env ruby + +require 'openssl' +include OpenSSL +include PKey +include Cipher +#p RSA.new(1024) +p priv = RSA.new(File.open("./01key.pem").read, "pejs8nek") +p priv.private? +p pub = RSA.new(File.open("./01pub.pem").read) +p pub.private? +puts exp = priv.export(DES.new(EDE3, CBC), "password") +p priv2 = RSA.new(exp, "password") +p priv.to_str == priv2.to_str +#puts priv.to_pem +#puts pub.to_str +#puts priv.to_str +#puts pub.export + diff --git a/test/ossl_x509.rb b/test/ossl_x509.rb new file mode 100755 index 0000000..c8b5b07 --- /dev/null +++ b/test/ossl_x509.rb @@ -0,0 +1,62 @@ +#!/usr/bin/env ruby + +require 'openssl' +include OpenSSL +include X509 +include PKey + +p x509 = Certificate.new(File.open("./01cert.pem").read) +#puts x509.to_pem +#p x509.serial +#puts "Version = #{x509.version}" +#p Name.new +#p subject = x509.subject +#p subject.to_str +#p issuer = x509.issuer +#p issuer.to_pem +#p ary = issuer.to_a +#p issuer.to_h +#ary[3] = ["Email", "bow@wow.com"] +#p x509.issuer = ary +#p x509.not_before +#p x509.not_before = Time.now +#p x509.not_after +#p k = x509.public_key +#p k.private? +#puts k.to_str +#p priv = RSA.new(File.open("./01key.pem").read, "pejs8nek") +#p priv.private? +#p x509.public_key = priv +#puts x509.public_key.to_str +#p x509.issuer.to_str +#p x509.sign(priv,MD5.new) +#p x509.issuer.to_str +#puts x509.to_str +#x509.extensions.each_with_index {|e, i| p e.to_a} +#puts "----end----" + +p key = RSA.new(1024) +p new = Certificate.new +name = [['C', 'CZ'],['O','Rokos'],['CN','pokusXXX']] +p new.subject = Name.new(name) +p new.issuer = Name.new(name) +p new.not_before = Time.now +p new.not_after = Time.now + (60*60*24*365) +p new.public_key = key #x509.public_key +p new.serial = 999999999 +p new.version = 3 +#p new.extensions #each_with_index {|e, i| p e.to_a} +maker = ExtensionFactory.new(nil, new) #only subject +p ext1 = maker.create_extension(["basicConstraints","CA:FALSE,pathlen:5"]) +p ext2 = maker.create_extension(["nsComment","OK, man!!!"]) +###p digest = Digest::SHA1.new(new.public_key.to_der) +###p ext3 = maker.create_extension(["subjectKeyIdentifier", digest.hexdigest]) +p ext3 = maker.create_extension(["subjectKeyIdentifier", "hash"]) +new.extensions = [ext1, ext2, ext3] +maker.issuer_certificate = new # we needed subjectKeyInfo inside, now we have it +p ext4 = maker.create_extension(["authorityKeyIdentifier", "keyid:always,issuer:always"]) +#puts ext1.to_str +p new.add_extension(ext4) +p new.sign(key, Digest::MD5.new) +puts new.to_str + diff --git a/test/ossl_x509crl.rb b/test/ossl_x509crl.rb new file mode 100755 index 0000000..e885447 --- /dev/null +++ b/test/ossl_x509crl.rb @@ -0,0 +1,15 @@ +#!/usr/bin/env ruby + +require 'openssl' +include OpenSSL +include X509 +include PKey + +p ca = Certificate.new(File.open("./cacert.pem").read) +p key = ca.public_key +p crl = CRL.new(File.open("./01crl.pem").read) +p crl.issuer.to_str +p crl.verify key +p crl.verify RSA.new(1024) +crl.revoked.each {|rev| p rev.time} + diff --git a/test/ossl_x509req.rb b/test/ossl_x509req.rb new file mode 100755 index 0000000..95550d8 --- /dev/null +++ b/test/ossl_x509req.rb @@ -0,0 +1,23 @@ +#!/usr/bin/env ruby + +require 'openssl' +include OpenSSL +include X509 +include PKey + +p req = Request.new +p req = Request.new(File.open("./01req.pem").read) +p pkey = RSA.new(File.open("./02key.pem").read, "alfa") +p k2 = Certificate.new(File.open("./02cert.pem").read).public_key +#puts req.to_str +#p req.methods.sort +p key = req.public_key +p req.verify key +p req.verify pkey +p req.verify k2 +p req.public_key = k2 +p req.sign(pkey, Digest::MD5.new) +p req.verify key +p req.verify pkey +p req.verify k2 + diff --git a/test/ossl_x509store.rb b/test/ossl_x509store.rb new file mode 100755 index 0000000..ba81100 --- /dev/null +++ b/test/ossl_x509store.rb @@ -0,0 +1,26 @@ +#!/usr/bin/ruby -w + +require 'openssl' +include OpenSSL +include X509 + +p ca = Certificate.new(File.open("./cacert.pem").read) +p cakey = ca.public_key +p cert = Certificate.new(File.open("./01cert.pem").read) +p key = cert.public_key +p cert.serial +#cert2 = Certificate.new(File.open("./02cert.pem").read) +p crl = CRL.new(File.open("./01crl.pem").read) +p crl.verify cakey +p crl.revoked[0].serial +#p ca.issuer.to_str +#p ca.subject.to_str +#p cert.subject.to_str +#p cert.issuer.to_str +p store = Store.new +#p store.add_trusted ca # :-)) +p store.add_trusted cert # :-(( +#p store.add_trusted cert2 # :-(( +p store.add_crl crl #CRL does NOT have affect on validity in current OpenSSL <= 0.9.6b !!! +p store.verify cert + diff --git a/test/pkcs7.rb b/test/pkcs7.rb new file mode 100755 index 0000000..7852c05 --- /dev/null +++ b/test/pkcs7.rb @@ -0,0 +1,39 @@ +#!/usr/bin/env ruby +require 'openssl' + +include OpenSSL +include PKey +include X509 +include PKCS7 + +data = File.open(ARGV[0]).read + +str = File.open('./server.pem').read +cert = Certificate.new(str) +key = RSA.new(str) + +p7 = PKCS7.new(SIGNED) +signer = Signer.new(key, cert, Digest::SHA1.new) +p7.add_signer(key, signer) +p7.add_certificate(cert) +p7.add_data(data, true) #...(data, (detached=false)) +puts (str = p7.to_pem) + +p store = Store.new +p store.set_default_paths +p store.load_locations("../../certs") + +ver_cb = Proc.new {|ok, store| + puts "HERE!" + true +} +p store.verify_callback = ver_cb + +p p7 = PKCS7.new(str) +p p7.verify_data(store, data) {|signer| + puts "GOT IT!" + p signer.name.to_str + p signer.serial + p signer.signed_time +} + diff --git a/test/server.pem b/test/server.pem new file mode 100644 index 0000000..750aac2 --- /dev/null +++ b/test/server.pem @@ -0,0 +1,24 @@ +issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) +subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit) +-----BEGIN CERTIFICATE----- +MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5 +MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG +A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl +cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP +Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2// +Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW +mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i +xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH +irObpESxAZLySCmPPg== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD +TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu +OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj +gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz +rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b +PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA +vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU= +-----END RSA PRIVATE KEY----- diff --git a/test/spki.pem b/test/spki.pem new file mode 100644 index 0000000..ff3c03a --- /dev/null +++ b/test/spki.pem @@ -0,0 +1 @@ +MIIBPjCBqDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuCjEDvjiNHcgya0+bU+NR7i6detQlZljdXmqx3UsQN+YmAkYPE4DIVtndRg/ofObSEV9VNgujKtwJdew111omp0tPT6gsT5VQJsceERgvJyv01J4oL3njJUKfMtet41hrUANSTDz/YAcKfiJn8fQYH+LgMEM64rWTPMXm+AFA0sCAwEAARYEcGVwYTANBgkqhkiG9w0BAQQFAAOBgQChk2Xq+RrdJWGnpQIaBkgy9Dw6pv39dfBklavXwU/Aapty3N7j+sM+j0nnkABgYpPB5/TZTX/L7RIUQHBbn3dk9GbGuj5R46AQVrKdEOQBPz96S61enXgPp6xJQqglAw5PARr3/5HOSTDz2cDvjqdDG/END21XaHiOtuRSyyZCLw==
\ No newline at end of file diff --git a/test/spki.rb b/test/spki.rb new file mode 100644 index 0000000..f88df6f --- /dev/null +++ b/test/spki.rb @@ -0,0 +1,7 @@ +require "openssl" +include OpenSSL + +txt = "MIICUDCCATgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUIhGCK7sr\r\nO+jHy7S1ZllFCEPzhlneTnjUnjZWuZEVu7c14NUhJzpNXg//6sCoiy5cQPaIYFIs\r\nded/PosTNfJVPX6El+bWk/2Elf5iVYcScRpf+RkUBR6T3WAMFPCajx3JFonhqhny\r\n5bSXU41h7/oLpnQkeeo76ujKoxjV6vl+y36jCeUAI+dzrWLznUswWVnWvdNt/z1h\r\npWILYtCKexLsz+aOqA6NdGTVDb8r+iDorU2KGL4BJjMXGr/LutYQjeVVXZTuaeN+\r\nxa75TVMcSEzvVQm8Dk1u3C3r3hm9I9zKnpta5NqiToR/fA85Qw5YhjEZMWT/Rj+7\r\nB5LBp5NcX35vAgMBAAEWEGNoYWxsZW5nZSBzdHJpbmcwDQYJKoZIhvcNAQEEBQAD\r\nggEBABdXwDZ9yDyyC5xw8rN/+/xAZSYa8xn4gsUEg4P/mM22WZaqh/NXroXUcU5F\r\nQBeGTYlT//wVlobLeES64Mk/FaCIXrZrLRAxb5QUYIupH2MifRU5XWriYcc6pp7S\r\nD1N+U6MOUFPMziqLf2AYqXBxuky1KhFeXuL6t9j1IadEY9UgTbUQ9Joyt50PoacM\r\ncc2i22GGdpowx7mrB0hnkmYmZ5CgQkrxNM2m4TCuuQwVIyaGgED5Xpa29QWaPhkM\r\njqjHBL4FOmPgYtaIFiFihQziYj5WYOtSEcIcEs/mHPx0lrY9V0fzp2yMGz+AQ3XF\r\nylBqpB33EBqXn/NGzHgWfdU1vEM=" +txt.gsub!(/(\r|\n)/,"") +puts Netscape::SPKI.new(txt).to_str + diff --git a/test/spki2cert.rb b/test/spki2cert.rb new file mode 100755 index 0000000..1bec365 --- /dev/null +++ b/test/spki2cert.rb @@ -0,0 +1,40 @@ +#!/usr/bin/env ruby + +require 'openssl' +include OpenSSL +include X509 +include PKey + +p ca = Certificate.new(File.open("./0cert.pem").read) +p ca_key = RSA.new(File.open("./0key.pem").read) + +p spki = Netscape::SPKI.new(File.open("./spki.pem").read) +p key = spki.public_key +p new = Certificate.new + +p dn = File.open("./spki_dn.txt").read +dn = dn[1..dn.size] +name = [] +dn.split("/").each {|i| name << i.split("=")} +p new.subject = Name.new(name) + +p new.issuer = ca.subject +p new.not_before = Time.now +p new.not_after = Time.now + (365*24*60*60) +p new.public_key = key +p new.serial = 2 +p new.version = 3 +ef = ExtensionFactory.new +ef.subject_certificate = new +ef.issuer_certificate = ca +p ext1 = ef.create_extension("basicConstraints","CA:FALSE") +p ext2 = ef.create_extension("nsComment","Generated by OpenSSL for Ruby.") +p ext3 = ef.create_extension("subjectKeyIdentifier", "hash") +p ext4 = ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") +new.extensions = [ext1, ext2, ext3, ext4] +p new.sign(ca_key, Digest::SHA1.new) + +f = File.new("./spki_cert.pem","w") +f.write new.to_pem +f.close + diff --git a/test/spki_cert.pem b/test/spki_cert.pem new file mode 100644 index 0000000..3bb4396 --- /dev/null +++ b/test/spki_cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHDCCAgSgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJDWjEN +MAsGA1UEChMEUnVieTEPMA0GA1UEAxMGUnVieUNBMB4XDTAxMTExMDA4MjEyN1oX +DTAyMTExMDA4MjEyN1owRDENMAsGA1UEAxMEcGVwYTEXMBUGA1UEChMOUnVieSBj +b21tdW5pdHkxDTALBgNVBAsTBFRlc3QxCzAJBgNVBAYTAkNaMIGfMA0GCSqGSIb3 +DQEBAQUAA4GNADCBiQKBgQC4KMQO+OI0dyDJrT5tT41HuLp161CVmWN1earHdSxA +35iYCRg8TgMhW2d1GD+h85tIRX1U2C6Mq3Al17DXXWianS09PqCxPlVAmxx4RGC8 +nK/TUnigveeMlQp8y163jWGtQA1JMPP9gBwp+Imfx9Bgf4uAwQzritZM8xeb4AUD +SwIDAQABo4GzMIGwMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkdlbmVyYXRl +ZCBieSBPcGVuU1NMIGZvciBSdWJ5LjAdBgNVHQ4EFgQUu3y24OVXsOp/7leyLT/f +rW2B/l8wVQYDVR0jBE4wTIAUWEVyhUZ7RwC/hzxB7EVhvVioK2ihMaQvMC0xCzAJ +BgNVBAYTAkNaMQ0wCwYDVQQKEwRSdWJ5MQ8wDQYDVQQDEwZSdWJ5Q0GCAQAwDQYJ +KoZIhvcNAQEFBQADggEBABJ26j+AMhSyEIAqgCym911MKJ0s+Athb82NbNN23/6e +adr2O0gLvDKCqJTkbNvpHuyjDheaA6udYaCSay+gbj62IkuNp+qLf2l/J5Tqk32H +w0Q6nE58wiATx0q4Y9MgOBJ97rI/dnL6cBeR7nFwy8YHmBBTpyuQf/NXRR6g0e1k +XVAw39R2R4YgEVMLQZvuc/ZV76DECL8Id3rS8ZRzJNGE97zTxM6GFilhFjuvkPyP +74kErX3Y9dk3hVq5KWcbdhtd6hGUwZCUgO/zPW2lx/0U0Iv4EkhE3N8z81zXjy5D +WV4mZ8b8tDHJchrStL04xqrPxBNkyXRqK9M13Tn22qM= +-----END CERTIFICATE----- diff --git a/test/spki_dn.txt b/test/spki_dn.txt new file mode 100644 index 0000000..44fcbfb --- /dev/null +++ b/test/spki_dn.txt @@ -0,0 +1 @@ +/CN=pepa/O=Ruby community/OU=Test/C=CZ
\ No newline at end of file diff --git a/test/ssl/cli.rb b/test/ssl/cli.rb new file mode 100755 index 0000000..82f26db --- /dev/null +++ b/test/ssl/cli.rb @@ -0,0 +1,41 @@ +#!/usr/bin/env ruby + +require 'socket' +require 'openssl' +require 'getopts' +begin require 'verify_cb'; rescue LoadError; end + +include OpenSSL +include SSL + +getopts "v", "C:", "p:2000", "c:", "k:" + +host = ARGV[0] || "localhost" + +p rsa = PKey::RSA.new(File.open($OPT_k).read) if $OPT_k && FileTest::file?($OPT_k) +p cert = X509::Certificate.new(File.open($OPT_c).read) if $OPT_c && FileTest::file?($OPT_c) + +s = TCPSocket.new(host, $OPT_p) +STDERR.print "connect to #{s.peeraddr[3]}.\n" + +ssl = SSLSocket.new(s, cert, rsa) +###ssl.ca_cert = X509::Certificate.new(File.open($OPT_C).read) if $OPT_C && FileTest::file?($OPT_C) +ssl.ca_file = $OPT_C if $OPT_C && FileTest::file?($OPT_C) +ssl.ca_path = $OPT_C if $OPT_C && FileTest::directory?($OPT_C) +ssl.verify_mode = VERIFY_PEER if $OPT_v +ssl.verify_callback = VerifyCallbackProc if defined? VerifyCallbackProc +STDERR.print "SSLSocket initialized.\n" + +ssl.connect +STDERR.print "SSLSocket connected.\n" +STDERR.print ssl.peer_cert.to_str, "\n" if ssl.peer_cert + +i = 0 +while line = gets + i += 1 + ssl.puts "#{i}: #{line.chop}" +end + +ssl.close +s.close + diff --git a/test/ssl/login.rb b/test/ssl/login.rb new file mode 100755 index 0000000..0835ef0 --- /dev/null +++ b/test/ssl/login.rb @@ -0,0 +1,39 @@ +#!/usr/bin/env ruby + +require 'net/telnets' +require 'getopts' +require 'etc' +begin require 'verify_cb'; rescue LoadError; end + +getopts 'v', 'C:', 'c:', 'k:' + +options = {} +# ordinary options. +options['Host'] = ARGV[0] || "localhost" +options['Port'] = ARGV[1] || "telnets" +options['Prompt'] = /[$%>#] \z/n + +# for SSL/TLS +options['Cert'] = $OPT_c +options['Key'] = $OPT_k +options['CAFile'] = $OPT_C if $OPT_C && File::file?($OPT_C) +options['CAPath'] = $OPT_C if $OPT_C && File::directory?($OPT_C) +options['VerifyMode'] = SSL::VERIFY_PEER if $OPT_v +options['VerifyCallback'] = VerifyCallbackProc if defined? VerifyCallbackProc + +# getting Password. +username = Etc::getlogin || Etc::getpwuid[0] +system "stty -echo" +print "Passwd for #{username}@#{options['Host']}: " +passwd = $stdin.gets.chomp +print "\n" +system "stty echo" + +t = Net::Telnet.new(options) +t.login(username, passwd) +prompt = t.ssl? ? "Telnets: " : "Telnet: " +while $stdout.write(prompt) && line = $stdin.gets + line.chomp! + t.cmd(line){|c| print c } +end +t.close diff --git a/test/ssl/svr.rb b/test/ssl/svr.rb new file mode 100755 index 0000000..d844119 --- /dev/null +++ b/test/ssl/svr.rb @@ -0,0 +1,76 @@ +#!/usr/bin/env ruby + +require 'socket' +require 'openssl' +require 'getopts' +begin require 'verify_cb'; rescue LoadError; end + +include OpenSSL +include SSL + +getopts "v", "C:", "p:2000", "c:", "k:" + +p [ $OPT_p, $OPT_k, $OPT_c ] + + if $OPT_k + p rsa = PKey::RSA.new(File.open($OPT_k).read) + else + p rsa = PKey::RSA.new(512) + end + + if $OPT_c + p cert = X509::Certificate.new(File.open($OPT_c).read) + else + cert = X509::Certificate.new + cert.version = 3 + cert.serial = 0 + name = X509::Name.new([["C","CZ"],["O","Ruby"],["CN","Test"]]) + cert.subject = name + cert.issuer = name + cert.not_before = Time.now + cert.not_after = Time.now + (365*24*60*60) + cert.public_key = rsa.public_key + ef = X509::ExtensionFactory.new(nil,cert) + cert.extensions = [ef.create_extension("basicConstraints","CA:FALSE"), ef.create_extension("subjectKeyIdentifier", "hash")] + ef.issuer_certificate = cert + cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always") + cert.add_extension ef.create_extension("nsComment","Generated by OpenSSL for Ruby!") + cert.sign(rsa, Digest::SHA1.new) + puts cert.to_str + end + +ns = TCPServer.new($OPT_p) +loop do + begin + s = ns.accept + STDERR.print "connect from #{s.peeraddr[3]}.\n" + + ssl = SSLSocket.new(s, cert, rsa) + ###ssl.ca_cert = X509::Certificate.new(File.open($OPT_C).read) if $OPT_C && FileTest::file?($OPT_C) + ssl.ca_file = $OPT_C if $OPT_C && FileTest::file?($OPT_C) + ssl.ca_path = $OPT_C if $OPT_C && FileTest::directory?($OPT_C) + ssl.verify_mode = VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT if $OPT_v + ssl.verify_callback = VerifyCallbackProc if defined? VerifyCallbackProc + STDERR.print "SSLSocket initialized.\n" + + ssl.accept + STDERR.print "SSLSocket accepted.\n" + STDERR.print ssl.peer_cert.inspect, "\n" if ssl.peer_cert + rescue + ssl.close + s.close + print $!, "\n" + next + end + + Thread.start{ + puts "Thread started" + while line = ssl.gets + p line + end + STDERR.print "connection closed.\n" + ssl.close + s.close + } +end + diff --git a/test/ssl/verify_cb.rb b/test/ssl/verify_cb.rb new file mode 100644 index 0000000..3196973 --- /dev/null +++ b/test/ssl/verify_cb.rb @@ -0,0 +1,21 @@ +VerifyCallbackProc = Proc.new{ |ok, x509_store_ctx| + code = x509_store_ctx.verify_status + msg = x509_store_ctx.verify_message + depth = x509_store_ctx.verify_depth + x509 = x509_store_ctx.cert + + if $OPT_v + STDERR.print <<-_eof_ + ------verify callback start------ + ok,code,depth = #{ok},#{code}:#{msg},#{depth} + x509 = #{x509.to_str} + -------verify callback end------- + _eof_ + if !ok + STDERR.print "Couldn't verify peer. Do you want to progerss? [y]: " + ok = true unless /^n/i =~ STDIN.gets() + end + end + ok +} + diff --git a/test/ssl/wget.rb b/test/ssl/wget.rb new file mode 100755 index 0000000..e71f55a --- /dev/null +++ b/test/ssl/wget.rb @@ -0,0 +1,88 @@ +#!/usr/bin/env ruby + +require 'socket' +require 'getopts' +require 'openssl' +begin require 'verify_cb'; rescue LoadError; end + +include OpenSSL +include SSL + +STDOUT.sync = true +STDERR.sync = true + +getopts "v", "c:" + +scheme = host = port = path = nil +p_scheme = p_host = p_port = nil + +# parse request URI. +uri = ARGV[0] +if %r!(https?)://(.*?)(?::(\d+))?(/.*)! =~ uri + scheme = $1 + host = $2 + port = $3 ? $3.to_i : Socket.getservbyname(scheme) + path = $4 || "/" +else + STDERR.print "Invalid URI.\n" + exit 2 +end + +# parse HTTP_PROXY environment variable. +if proxy = ENV['HTTP_PROXY'] + if %r!(http)://(.*?)(?::(\d+))?(/.*)! =~ proxy + p_scheme = $1 + p_host = $2 + p_port = $3 ? $3.to_i : Socket.getservbyname(p_scheme) + else + STDERR.print "Invalid HTTP_PROXY.\n" + exit 2 + end +end + +# Connect to server. +to = proxy ? [ p_host, p_port ] : [ host, port ] +sock = TCPSocket.new(to[0], to[1]) + +# If scheme is ``https'' we are going to initiate SSL session. +if scheme == "https" + # If the peer is a proxy server, send CONNECT method to + # be switched to being a tunnel. + if proxy + sock.write "CONNECT #{host}:#{port} HTTP/1.0\r\n\r\n" + while line = sock.gets + STDERR.print line + break if line == "\r\n" + end + end + + # start SSL session. + sock = SSLSocket.new(sock) + ##sock.ca_cert = X509::Certificate.new(File.open($OPT_c).read) if $OPT_c && FileTest.file?($OPT_c) + sock.ca_file = $OPT_c if $OPT_c && FileTest.file?($OPT_c) + sock.ca_path = $OPT_c if $OPT_c && FileTest.directory?($OPT_c) + # verify server. + sock.verify_mode = VERIFY_PEER if $OPT_v + sock.verify_callback = VerifyCallbackProc if defined? VerifyCallbackProc + + sock.connect # start ssl session. + STDERR.puts "SSLSocket connected." + STDERR.puts cert.to_str if cert = sock.peer_cert +end + +# I expect most servers accept the absoluteURI in requests. +sock.write "GET #{scheme}://#{host}:#{port}#{path} HTTP/1.0\r\n" +sock.write "Connection: close\r\n" +sock.write "\r\n" + +while line = sock.gets + STDERR.print line + break if line == "\r\n" +end + +while data = sock.read(100) + print data +end + +sock.close + diff --git a/test/ssl/wget2.rb b/test/ssl/wget2.rb new file mode 100644 index 0000000..e163b7b --- /dev/null +++ b/test/ssl/wget2.rb @@ -0,0 +1,43 @@ +#!/usr/local/bin/ruby + +require 'net/https' +require 'getopts' +begin require 'verify_cb'; rescue LoadError; end + +getopts 'v', 'p:' + +uri = ARGV[0] +if %r!(https?)://(.*?)(?::(\d+))?(/.*)! =~ uri + scheme = $1 + host = $2 + port = $3 ? $3.to_i : Socket.getservbyname(scheme) + path = $4 || "/" +else + STDERR.print "Invalid URI.\n" + exit 2 +end + +# parse HTTP_PROXY environment variable. +if proxy = ENV['HTTP_PROXY'] + if %r!(http)://(.*?)(?::(\d+))?(/.*)! =~ proxy + p_scheme = $1 + p_host = $2 + p_port = $3 ? $3.to_i : Socket.getservbyname(p_scheme) + else + STDERR.print "Invalid HTTP_PROXY.\n" + exit 2 + end +end + +h = Net::HTTP.new(host, port, p_host, p_port) +h.set_pipe($stderr) if $DEBUG +if scheme == "https" + h.use_ssl = true + h.verify_mode = SSL::VERIFY_PEER if $OPT_v + h.verify_callback = VerifyCallbackProc if defined? VerifyCallbackProc +end +h.get2(path){ |resp| + STDERR.puts h.peer_cert.inspect if h.peer_cert + print resp.body +} + |