From 5147d71466455b3d087b3f3a7472a35e8216c55a Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 24 Jan 2013 11:34:47 +0100 Subject: Add basic trust module This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects. --- build/Makefile.am | 2 ++ build/certs/Makefile.am | 27 +++++++++++++++++++++++++++ build/certs/cacert-ca.der | Bin 0 -> 1857 bytes build/certs/cacert3.der | Bin 0 -> 1885 bytes build/certs/self-server.der | Bin 0 -> 396 bytes build/certs/self-signed-with-eku.der | Bin 0 -> 480 bytes build/certs/self-signed-with-ku.der | Bin 0 -> 501 bytes build/certs/testing-ca.der | Bin 0 -> 970 bytes build/certs/testing-server.der | Bin 0 -> 554 bytes build/certs/with-eku.conf | 19 +++++++++++++++++++ build/certs/with-ku.conf | 19 +++++++++++++++++++ 11 files changed, 67 insertions(+) create mode 100644 build/certs/Makefile.am create mode 100644 build/certs/cacert-ca.der create mode 100644 build/certs/cacert3.der create mode 100644 build/certs/self-server.der create mode 100644 build/certs/self-signed-with-eku.der create mode 100644 build/certs/self-signed-with-ku.der create mode 100644 build/certs/testing-ca.der create mode 100644 build/certs/testing-server.der create mode 100644 build/certs/with-eku.conf create mode 100644 build/certs/with-ku.conf (limited to 'build') diff --git a/build/Makefile.am b/build/Makefile.am index f8841ec..de76c58 100644 --- a/build/Makefile.am +++ b/build/Makefile.am @@ -1,4 +1,6 @@ +SUBDIRS = certs + EXTRA_DIST = \ cutest \ Makefile.tests diff --git a/build/certs/Makefile.am b/build/certs/Makefile.am new file mode 100644 index 0000000..03dca0d --- /dev/null +++ b/build/certs/Makefile.am @@ -0,0 +1,27 @@ + +# Note that nothing here is distributed. It just lives in the git repository +# We copy everything into its final location, and those test files are +# distributed in the tarballs + +TRUST = $(top_srcdir)/trust/tests + +prepare-certs: + cp -v cacert3.der $(TRUST)/anchors + cp -v cacert3.der $(TRUST)/files + cp -v cacert-ca.der $(TRUST)/certificates + cp -v cacert-ca.der $(TRUST)/files + cp -v self-server.der $(TRUST)/files + cp -v self-signed-with-eku.der $(TRUST)/certificates + cp -v self-signed-with-ku.der $(TRUST)/certificates + cp -v testing-ca.der $(TRUST)/anchors + cp -v testing-server.der $(TRUST)/files + +# Rebuild the self-signed certificates. This is almost never necessary and +# will require other changes in the code, mostly here as documentation +build-self-signed: + openssl req -new -x509 -outform DER -out self-signed-with-eku.der \ + -newkey rsa -keyout /dev/null -nodes -subj /CN=self-signed-with-eku.example.com \ + -config with-eku.conf -set_serial 888 -extensions v3_ca + openssl req -new -x509 -outform DER -out self-signed-with-ku.der \ + -newkey rsa -keyout /dev/null -nodes -subj /CN=self-signed-with-ku.example.com \ + -config with-ku.conf -set_serial 888 -extensions v3_ca diff --git a/build/certs/cacert-ca.der b/build/certs/cacert-ca.der new file mode 100644 index 0000000..719b0ff Binary files /dev/null and b/build/certs/cacert-ca.der differ diff --git a/build/certs/cacert3.der b/build/certs/cacert3.der new file mode 100644 index 0000000..56f8c88 Binary files /dev/null and b/build/certs/cacert3.der differ diff --git a/build/certs/self-server.der b/build/certs/self-server.der new file mode 100644 index 0000000..68fe9af Binary files /dev/null and b/build/certs/self-server.der differ diff --git a/build/certs/self-signed-with-eku.der b/build/certs/self-signed-with-eku.der new file mode 100644 index 0000000..33e0760 Binary files /dev/null and b/build/certs/self-signed-with-eku.der differ diff --git a/build/certs/self-signed-with-ku.der b/build/certs/self-signed-with-ku.der new file mode 100644 index 0000000..e6f36e3 Binary files /dev/null and b/build/certs/self-signed-with-ku.der differ diff --git a/build/certs/testing-ca.der b/build/certs/testing-ca.der new file mode 100644 index 0000000..d3f70ea Binary files /dev/null and b/build/certs/testing-ca.der differ diff --git a/build/certs/testing-server.der b/build/certs/testing-server.der new file mode 100644 index 0000000..cf2de65 Binary files /dev/null and b/build/certs/testing-server.der differ diff --git a/build/certs/with-eku.conf b/build/certs/with-eku.conf new file mode 100644 index 0000000..8eab21d --- /dev/null +++ b/build/certs/with-eku.conf @@ -0,0 +1,19 @@ +# +# Use with the following command +# $ openssl req -new -x509 -outform DER -out self-signed-with-ku.pem \ +# -newkey rsa -keyout self-signed-with-ku.key -nodes \ +# -config with-ku.conf -set_serial 888 -extensions v3_ca +# + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name +x509_extensions = v3_ca +dirstring_type = nobmp + +[ req_distinguished_name ] +commonName = Common Name +commonName_max = 64 + +[ v3_ca ] +keyUsage=keyCertSign,digitalSignature \ No newline at end of file diff --git a/build/certs/with-ku.conf b/build/certs/with-ku.conf new file mode 100644 index 0000000..aa0acc1 --- /dev/null +++ b/build/certs/with-ku.conf @@ -0,0 +1,19 @@ +# +# Use with the following command +# $ openssl req -new -x509 -outform DER -out self-signed-with-eku.pem \ +# -newkey rsa -keyout self-signed-with-eku.key -nodes \ +# -config with-eku.conf -set_serial 888 -extensions v3_ca +# + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name +x509_extensions = v3_ca +dirstring_type = nobmp + +[ req_distinguished_name ] +commonName = Common Name +commonName_max = 64 + +[ v3_ca ] +extendedKeyUsage=clientAuth,emailProtection,1.2.3.4 \ No newline at end of file -- cgit v1.1