aboutsummaryrefslogtreecommitdiffstats
path: root/test/rubygems/encrypted_private_key.pem
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2016-04-25 22:08:33 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-05-05 18:43:53 +0900
commitca758422e7d97ea7b44ba1e4216ac3c03aa37e85 (patch)
treef66a33c89e480f6a8cf38f29c70338b0846ec0b4 /test/rubygems/encrypted_private_key.pem
parent26dea2a545e230c6eb5508b6afbcee90673dc8fc (diff)
downloadruby-feature/openssl-110-v2.tar.gz
test/rubygems: regenerate certificatesfeature/openssl-110-v2
Regenerate test CA certificates with appropriate extensions Test certificates in test/rubygems lack the basic constraints extension. Here is the patch against rubygems' util/create_certs.rb. ruby util/create_certs.rb && cp test/rubygems/*.pem /path/to/ruby/test/rubygems/ && ruby util/create_encrypted_key.rb && cp test/rubygems/encrypted_private_key.pem /path/to/ruby/test/rubygems/ ------------------------ >8 ------------------------ diff --git a/util/create_certs.rb b/util/create_certs.rb index 4f6f9ea..313a724 100644 --- a/util/create_certs.rb +++ b/util/create_certs.rb @@ -4,37 +4,41 @@ require 'time' class CertificateBuilder - attr_reader :today + attr_reader :start def initialize key_size = 2048 - today = Time.now.utc - @today = Time.utc today.year, today.month, today.day + @start = Time.utc 2012, 01, 01, 00, 00, 00 @end_of_time = Time.utc 9999, 12, 31, 23, 59, 59 @end_of_time_32 = Time.utc 2038, 01, 19, 03, 14, 07 + @key_size = key_size @serial = 0 end - def create_certificates(key, subject, issuer_key = key, issuer = subject, - not_before: @today, not_after: :end_of_time) + def create_certificates(key, subject, issuer_key = key, issuer_cert = nil, + not_before: @start, not_after: :end_of_time, + is_ca: false) certificates = [] not_before, not_before_32 = validity_for not_before not_after, not_after_32 = validity_for not_after + issuer_cert, issuer_cert_32 = issuer_cert certificates << - create_certificate(key, subject, issuer_key, issuer, - not_before, not_after) + create_certificate(key, subject, issuer_key, issuer_cert, + not_before, not_after, is_ca) certificates << - create_certificate(key, subject, issuer_key, issuer, - not_before_32, not_after_32) + create_certificate(key, subject, issuer_key, issuer_cert_32, + not_before_32, not_after_32, is_ca) certificates end - def create_certificate key, subject, issuer_key, issuer, not_before, not_after - puts "creating cert - subject: #{subject}, issuer: #{issuer}" + def create_certificate(key, subject, issuer_key, issuer_cert, + not_before, not_after, is_ca) cert = OpenSSL::X509::Certificate.new + issuer_cert ||= cert # if not specified, create self signing cert + cert.version = 2 cert.serial = 0 @@ -45,32 +49,41 @@ class CertificateBuilder cert.public_key = key.public_key - cert.subject = - OpenSSL::X509::Name.new [%W[CN #{subject}], %w[DC example]] - cert.issuer = - OpenSSL::X509::Name.new [%W[CN #{issuer}], %w[DC example]] + cert.subject = OpenSSL::X509::Name.new [%W[CN #{subject}], %w[DC example]] + cert.issuer = issuer_cert.subject - ef = OpenSSL::X509::ExtensionFactory.new nil, cert + ef = OpenSSL::X509::ExtensionFactory.new issuer_cert, cert cert.extensions = [ - ef.create_extension('subjectAltName', "email:#{subject}@example") + ef.create_extension('subjectAltName', "email:#{subject}@example"), + ef.create_extension('subjectKeyIdentifier', 'hash') ] + if cert != issuer_cert # not self-signed cert + cert.add_extension ef.create_extension('authorityKeyIdentifier', 'keyid:always') + end + + if is_ca + cert.add_extension ef.create_extension('basicConstraints', 'CA:TRUE', true) + cert.add_extension ef.create_extension('keyUsage', 'keyCertSign', true) + end + cert.sign issuer_key, OpenSSL::Digest::SHA1.new + puts "created cert - subject: #{cert.subject}, issuer: #{cert.issuer}" cert end def create_key puts "creating key" - OpenSSL::PKey::RSA.new 2048 + OpenSSL::PKey::RSA.new @key_size end def create_keys names keys = {} names.each do |name| - keys[name] = create_key + keys[name] = OpenSSL::PKey::RSA.new File.read(File.join "test/rubygems/#{name}_key.pem") end keys @@ -108,37 +121,39 @@ keys = cb.create_keys [ keys[:public] = keys[:private].public_key -certs = { - alternate: - cb.create_certificates(keys[:alternate], 'alternate'), - child: - cb.create_certificates(keys[:child], 'child', - keys[:private], 'nobody'), - expired: - cb.create_certificates(keys[:private], 'nobody', - not_before: Time.at(0), - not_after: Time.at(0)), - future: - cb.create_certificates(keys[:private], 'nobody', - not_before: :end_of_time, - not_after: :end_of_time), - grandchild: - cb.create_certificates(keys[:grandchild], 'grandchild', - keys[:child], 'child'), - invalid_issuer: - cb.create_certificates(keys[:invalid], 'invalid', - keys[:invalid], 'nobody'), - invalid_signer: - cb.create_certificates(keys[:invalid], 'invalid', - keys[:private], 'invalid'), - invalidchild: - cb.create_certificates(keys[:invalidchild], 'invalidchild', - keys[:invalid], 'child'), - public: - cb.create_certificates(keys[:private], 'nobody'), - wrong_key: - cb.create_certificates(keys[:alternate], 'nobody'), -} +certs = {} +certs[:public] = + cb.create_certificates(keys[:private], 'nobody', + is_ca: true) +certs[:child] = + cb.create_certificates(keys[:child], 'child', + keys[:private], certs[:public], + is_ca: true) +certs[:alternate] = + cb.create_certificates(keys[:alternate], 'alternate') +certs[:expired] = + cb.create_certificates(keys[:private], 'nobody', + not_before: Time.at(0), + not_after: Time.at(0)) +certs[:future] = + cb.create_certificates(keys[:private], 'nobody', + not_before: :end_of_time, + not_after: :end_of_time) +certs[:invalid_issuer] = + cb.create_certificates(keys[:invalid], 'invalid', + keys[:invalid], certs[:public], + is_ca: true) +certs[:grandchild] = + cb.create_certificates(keys[:grandchild], 'grandchild', + keys[:child], certs[:child]) +certs[:invalid_signer] = + cb.create_certificates(keys[:invalid], 'invalid', + keys[:private], certs[:invalid]) +certs[:invalidchild] = + cb.create_certificates(keys[:invalidchild], 'invalidchild', + keys[:invalid], certs[:child]) +certs[:wrong_key] = + cb.create_certificates(keys[:alternate], 'nobody') base_dir = 'test/rubygems'
Diffstat (limited to 'test/rubygems/encrypted_private_key.pem')
-rw-r--r--test/rubygems/encrypted_private_key.pem52
1 files changed, 26 insertions, 26 deletions
diff --git a/test/rubygems/encrypted_private_key.pem b/test/rubygems/encrypted_private_key.pem
index 2a9affd..178fffa 100644
--- a/test/rubygems/encrypted_private_key.pem
+++ b/test/rubygems/encrypted_private_key.pem
@@ -1,30 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-CBC,27887B3B3BAA3B18
+DEK-Info: DES-CBC,FE4C81C4B34C0BFD
-GUZSuxjWdx6b35JMzppCBpAfK3l9IV9D3Oculgz8yT8+qFY5iXiij+fdBQ1fgUdl
-nT3f1wC5Cj1adIQq3UYo4+MK1p3HGKYB/H600YVHNvOgnLaMybSW0uyeKwoweZrC
-mRqN41O8slS6tFY3/BdKXV8qnT7SDl28rYFejVm3Ocb9PtrREA7H48089hME2+yF
-xm8VvGWsHTfdMO9gei4aAU6OVNxvOttc6fMOV3JZYmuKRiVX8Y6y4m+YLA8rTGG7
-kiUi/Ik1YjNa4aVef8kS/xX9sfO3+Q14vE/eOU6qt0u+6zYQcyJvC9grkWolokK0
-ak/yRIDW+irVAK1niEtwnPFSs3koKemwuh2VDMX5GddLJCQmV5Ne4beI6obWVXJY
-6qaKQTMK/BulsoBnxc8Ql9izulfqpRUpWBNUBllhWg/wxnzRxzraPIlLchV6j8aa
-klRVJy1kxgnlk5+RYsDNiNyWBTB0y81Op3svA5oB05dX0AcWEoFoQruLl448IQiC
-WlQV/uDZrqqDu6JAA4D9VNpZuHB6IsGEqaRi4veWwkICbgblOLFpYS4TIxbpNqMT
-8AX7IpDEPL3Rv1NMaByfbBA2VI2HeEPELU0ietwU0KOHcxHJv8QV9ZtppeTiL3pb
-cqYdfcw89eI9h4gy5p4zrrUJM60ONC2DppRmCPZzaFqVajX2DpoEuNZGW+ZUMp3g
-l300ChvAIRjriU/ju6qmVCrJqJNG5zThAvlK/SapBSKly7vSV7q7HlVzM7Dkanqh
-+aYl5MwbaSKCcQ7F2uGNgsdollQpAS3iRC1FRe06IkIaL+BzdqFc++qt36ALPiBa
-zhgjT6dTP0iRIoc1dANsJ13rmlLrEEetmIWTeEpKiVCRBHRVu8BPLtIGmiDT+0c9
-d5lwrtdha3SOq5tafqufTQ7Yxi2XteuVSFwDSmzP9l+fBXMYRWPW1otHwg42nPhn
-9SvXl3MJtYKpbzvO5IeqZ0OdTNz+gZwroCBy0ZaIPSYi88LRUzWKDp7gbqBA/ouL
-UEX5T5J4vnXJfPdTmISorPmQblqdFG+A2qCmyou6RumdKHYg/uCeMFNkLDzexTC4
-LooO0clIKKlNFktdkIq3mEaZbSf4UdVSfxRfvbLWXR1orE6ObHpJamuDFWYwWrMY
-qH4asefD8j3lmB1lwpsAbyWeOtIMGnxO6ayo2jzpQQuTVduMCR/HREuoT/6klKiT
-T58OWLa7/GHdoPv0HFNktPNXsgpmdC37IoRZhgbiTSJV6y1gEgdM3reJFXPNXTN6
-q/QCAl5UZWBEmTA2CHvrmekN58X5dv1JEl/RIKtevP/7SZp/TtJMjkKqc1Nvx8EZ
-4pvkMdlbY8cwATORSUdGPCGtPy5x+aDuQWgHOz3G/gGNmGQy98CD3AucI9tcbTiz
-VPdsnumUvkhD5suZCTEBa8JI5d/nCY7/hA6n58fC2eojIFchgtUuJoOFb6GYHItA
-V1couQWj89PubyDPbS0vjxkiCxEk3CK1eDPsjHs/8NEcn582DXkKThZZvfwUu4sR
-EzPlmAeU38pCpJ7jWZtpaAttMTRXMzIY9O0bzU+K3DrtG85OQ6c48g==
+Tg367faYu6jbKq3zTzdrhWjOUoZmSykc/oJ9Q1K05kDYwDU+tTLaSYwfcUjhEnW0
+HZbCTVOMDGzEk881P8xX+KHPKpPc3JK3p068WHega+qEaiYF4qZjqXHDxaVxNYEW
+Mv9b7Ei4HLYyYOoIs8CYPprGXDJXBx5kAC1QRRM2UvrN9XkyK/WZd0jtGP2wxIXu
+aVuccnEkPuR7Cjz4XPRgGrhOXSReCPwGERHDmPafL96+SlTM84aFuODfxCwuONex
+D82534cd3PPpUC55wocnLsgLBGa7SyuO9j2qMpD4Az3qcCoELq168raHOSnivMfR
+TFf7MqoN8WzHnEcVbaFbbYpGy5nPTYXf1t2z+TRWo83UahkILVFqRjCr6lhEoFFq
++7z0pQRyXeAhMLR/yF5pl2rfiEi2MEYWprjZNr4+hEyyZl2Dsw9q+EJtw60A126b
++tFU+CfrhlikyXQQXUdUdOKYl1I8/0hoGn4VJ9wfNjjFyQ7/r13IFpVPX0eqUQIP
+XBMsTDDBdqLBEbmu1JHjrXJxxrVVfSp28j12RwWf+AY2xyPjqHfRQ3m/gXvc1nRk
+L4NlUQXmz8fRSk+Je+51kFotlfvR22pfpp3l3iASq13AN1wp7EETDkKOOtCE++JW
+IEffX8nocl9icHdIinjGfFSH5mxWlToK7Cct99JTKaKcmPbwBdLaxKGYiSw9BF/k
+5+mXAd47nk2iKipQtKNMDi+qG1/ebKuh3USwhqk96unKuQ7ZfqBAeIbIp5dJ/+X+
+wx1ecQ8dmDwMGe67gbKr5Nlq21Q74qi+GcEF2mI898zFaVH25eSGwtxB9p9qd39m
+6dtWy/wsaoOVU8UVrT/6aMRjy+uuZp/5DS+37PqcqoJiet8rPN84bn2IG7BbnDYW
+QneTFKP0Rh9hx52GDI8D91x1U4XrWZUxgv679nhmNsg5bHNdEiM0McpgDo8E0OdM
+LLiAMngsl5D6xlTFcTMqItANRrxXAuBth9pgvm0ezxhTvuoqjiU6H3OTwCGk74ws
+QseEjU/2G5++2H2HXYU27Um+9RdsEXB5ENt5clLuq+X15R1285e+AMDI7Q3a4LxH
+965RLq6e8UdSZwFUQWYbW0G968D4MOJAeWW0cFVh4EtnYuWJqgK/jX0RNxb8EpwX
+4XQ3KHlwJs3tWY7RvBz3Kv8mGBL7T2HK5iDjZZDVm8a7BNb54L+ll/c1sQM7caeU
+Y3rOKdnYtTxWXwcxyUiNLloHgmbqdCGUI53KJGg39JO8umbn7X/URJUUpE9OjUQb
++g55TRgvdh/zHZjQYABpQLuPYOPZDai2hsfCNiQwoVtWpQV2DRp7vAOiarEet9wF
+qDYhcLIx5wev38A3g81fmFTfH5lzrqwUOcsVvTTiANn47//IVYLrXFSxPUBHD1t0
+B9Ab8DdhwAblPuCGbbcUzPbnbPcY5RivXyRgZj2g+oYzP5pOsHAeeIAA//8AQ/zn
+GzDq9h52F88B9T5ek0OsiUjVRrnMRqwpAP2gcpjYaXOvDDGWtNp+RbQFSyFQ1O4j
+513N5ev3d34hEilznISeITGmUazXdcuSlO7wnUanaVY7TAlAHrC8Ig==
-----END RSA PRIVATE KEY-----