summaryrefslogtreecommitdiff
path: root/testing/tests/ikev1/multi-level-ca-ldap
diff options
context:
space:
mode:
Diffstat (limited to 'testing/tests/ikev1/multi-level-ca-ldap')
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/description.txt11
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/evaltest.dat13
-rwxr-xr-xtesting/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf31
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem25
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem27
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.secrets3
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf31
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem24
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem27
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/init.d/iptables76
-rwxr-xr-xtesting/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf46
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem23
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem22
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf11
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/posttest.dat7
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/pretest.dat10
-rw-r--r--testing/tests/ikev1/multi-level-ca-ldap/test.conf21
19 files changed, 0 insertions, 430 deletions
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/description.txt b/testing/tests/ikev1/multi-level-ca-ldap/description.txt
deleted file mode 100644
index 18fb88840..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/description.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-The VPN gateway <b>moon</b> controls the access to the hosts <b>alice</b> and
-<b>venus</b> by means of two different Intermediate CAs. Access to
-<b>alice</b> is granted to users presenting a certificate issued by the Research CA
-whereas <b>venus</b> can only be reached with a certificate issued by the
-Sales CA. The roadwarriors <b>carol</b> and <b>dave</b> have certificates from
-the Research CA and Sales CA, respectively. Therefore <b>carol</b> can access
-<b>alice</b> and <b>dave</b> can reach <b>venus</b>.
-<p>
-By setting <b>strictcrlpolicy=yes</b> the CRLs from the strongSwan, Research and
-Sales CAs must be fetched from the LDAP server <b>winnetou</b> first, before the
-connection setups can be successfully completed.
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/evaltest.dat b/testing/tests/ikev1/multi-level-ca-ldap/evaltest.dat
deleted file mode 100644
index 9cfa502aa..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/evaltest.dat
+++ /dev/null
@@ -1,13 +0,0 @@
-moon::cat /var/log/auth.log::PH_IP_CAROL.*X.509 certificate rejected::YES
-carol::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-moon::cat /var/log/auth.log::PH_IP_DAVE.*X.509 certificate rejected::YES
-dave::cat /var/log/auth.log::ignoring informational payload, type INVALID_KEY_INFORMATION::YES
-moon::cat /var/log/auth.log::fetching crl from .*ldap://ldap.strongswan.org::YES
-carol::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::alice.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::YES
-carol::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::venus.*PH_IP_CAROL.*STATE_QUICK_R2.*IPsec SA established::NO
-dave::ipsec status::venus.*STATE_QUICK_I2.*IPsec SA established::YES
-moon::ipsec status::venus.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::YES
-dave::ipsec status::alice.*STATE_QUICK_I2.*IPsec SA established::NO
-moon::ipsec status::alice.*PH_IP_DAVE.*STATE_QUICK_R2.*IPsec SA established::NO
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf
deleted file mode 100755
index d9e5b119e..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- plutodebug=control
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
-
-ca strongswan
- cacert=strongswanCert.pem
- crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev1
- left=PH_IP_CAROL
- leftcert=carolCert.pem
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
-
-conn alice
- rightsubnet=PH_IP_ALICE/32
- auto=add
-
-conn venus
- rightsubnet=PH_IP_VENUS/32
- auto=add
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
deleted file mode 100644
index 69e5c05e3..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
-N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
-BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
-dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
-hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
-HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
-3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
-Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
-AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
-891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
-YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
-ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
-il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
-CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
-n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
-8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
-pwU12A3BovJKUaR0B7Uy2A==
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
deleted file mode 100644
index 53e18680b..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
-azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
-nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
-b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
-H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
-GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
-N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
-er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
-kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
-BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
-Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
-DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
-waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
-1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
-RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
-CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
-eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
-FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
-auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
-rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
-iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
-qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
-/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
-hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
-5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.secrets b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.secrets
deleted file mode 100644
index fac55d63b..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.secrets
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/ipsec.secrets - strongSwan IPsec secrets file
-
-: RSA carolKey.pem
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 71358d6c6..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl ldap kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf
deleted file mode 100755
index bf83264af..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- plutodebug=control
- crlcheckinterval=180
- strictcrlpolicy=no
- charonstart=no
-
-ca strongswan
- cacert=strongswanCert.pem
- crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev1
- left=PH_IP_DAVE
- leftcert=daveCert.pem
- right=PH_IP_MOON
- rightid=@moon.strongswan.org
-
-conn alice
- rightsubnet=PH_IP_ALICE/32
- auto=add
-
-conn venus
- rightsubnet=PH_IP_VENUS/32
- auto=add
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
deleted file mode 100644
index 91df37a81..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
-MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
-BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
-0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
-J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
-VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
-K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
-5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
-MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
-MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
-YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
-OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
-xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
-E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
-q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
-JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
deleted file mode 100644
index 86740e86a..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
-MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
-s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
-J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
-VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
-anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
-lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
-PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
-6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
-sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
-RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
-lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
-CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
-l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
-if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
-yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
-dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
-h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
-Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
-w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
-LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
-7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
-5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
-4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
-fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index 71358d6c6..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl ldap kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/init.d/iptables
deleted file mode 100755
index 8de514a2e..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/init.d/iptables
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
- before net
- need logger
-}
-
-start() {
- ebegin "Starting firewall"
-
- # enable IP forwarding
- echo 1 > /proc/sys/net/ipv4/ip_forward
-
- # default policy is DROP
- /sbin/iptables -P INPUT DROP
- /sbin/iptables -P OUTPUT DROP
- /sbin/iptables -P FORWARD DROP
-
- # allow esp
- iptables -A INPUT -i eth0 -p 50 -j ACCEPT
- iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
- # allow IKE
- iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
- iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
- # allow ldap crl fetch from winnetou
- iptables -A INPUT -i eth0 -p tcp --sport 389 -s PH_IP_WINNETOU -j ACCEPT
- iptables -A OUTPUT -o eth0 -p tcp --dport 389 -d PH_IP_WINNETOU -j ACCEPT
-
- # allow ssh
- iptables -A INPUT -p tcp --dport 22 -j ACCEPT
- iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
- eend $?
-}
-
-stop() {
- ebegin "Stopping firewall"
- for a in `cat /proc/net/ip_tables_names`; do
- /sbin/iptables -F -t $a
- /sbin/iptables -X -t $a
-
- if [ $a == nat ]; then
- /sbin/iptables -t nat -P PREROUTING ACCEPT
- /sbin/iptables -t nat -P POSTROUTING ACCEPT
- /sbin/iptables -t nat -P OUTPUT ACCEPT
- elif [ $a == mangle ]; then
- /sbin/iptables -t mangle -P PREROUTING ACCEPT
- /sbin/iptables -t mangle -P INPUT ACCEPT
- /sbin/iptables -t mangle -P FORWARD ACCEPT
- /sbin/iptables -t mangle -P OUTPUT ACCEPT
- /sbin/iptables -t mangle -P POSTROUTING ACCEPT
- elif [ $a == filter ]; then
- /sbin/iptables -t filter -P INPUT ACCEPT
- /sbin/iptables -t filter -P FORWARD ACCEPT
- /sbin/iptables -t filter -P OUTPUT ACCEPT
- fi
- done
- eend $?
-}
-
-reload() {
- ebegin "Flushing firewall"
- for a in `cat /proc/net/ip_tables_names`; do
- /sbin/iptables -F -t $a
- /sbin/iptables -X -t $a
- done;
- eend $?
- start
-}
-
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf
deleted file mode 100755
index 50b896541..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf
+++ /dev/null
@@ -1,46 +0,0 @@
-# /etc/ipsec.conf - strongSwan IPsec configuration file
-
-config setup
- plutodebug=control
- crlcheckinterval=180
- strictcrlpolicy=yes
- charonstart=no
-
-ca strongswan
- cacert=strongswanCert.pem
- crluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA, o=Linux strongSwan, c=CH?certificateRevocationList"
- auto=add
-
-ca research
- cacert=researchCert.pem
- crluri="ldap://ldap.strongswan.org/cn=Research CA, ou=Research, o=Linux strongSwan, c=CH?certificateRevocationList"
- auto=add
-
-ca sales
- cacert=salesCert.pem
- crluri="ldap://ldap.strongswan.org/cn=Sales CA, ou=Sales, o=Linux strongSwan, c=CH?certificateRevocationList"
- auto=add
-
-conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev1
- left=PH_IP_MOON
- leftcert=moonCert.pem
- leftid=@moon.strongswan.org
- leftfirewall=yes
-
-conn alice
- leftsubnet=PH_IP_ALICE/32
- right=%any
- rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
- auto=add
-
-conn venus
- leftsubnet=PH_IP_VENUS/32
- right=%any
- rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
- auto=add
-
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
deleted file mode 100644
index d53365f78..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
-cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
-FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU
-zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO
-/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0
-C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
-+wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E
-BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
-VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
-BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
-FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
-cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
-POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
-xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
-dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
-8sFmiZI=
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
deleted file mode 100644
index a10a18cba..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
-MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
-GoxO2BfwXgFEHfOdQzHGuthhsvdMPkmWP1Z3uDrwscqrmLyq4JI87exSen1ggmCV
-Eib55T4fNxrTIGJaoe6Jn9v9ZwG2B+Ur3nFA/wdckSdqJxc6XL9DKcRk3TxZtv9S
-uDftE9G787O6PJSyfyUYhldz1EZe5PTsUoAbBJ0DDXJx3562kDtfQdwezat0LAyO
-sVabYq/0G/fBZwLLer4qGF2+3CsvP7jNXnhRYeSv2+4i2mAjgbBRI1A3iqoU3Nq1
-vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
-MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
-VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
-MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
-Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
-CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
-AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
-RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
-M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
------END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index 71358d6c6..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-pluto {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl ldap kernel-netlink
-}
-
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
-libstrongswan {
- dh_exponent_ansi_x9_42 = no
-}
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/posttest.dat b/testing/tests/ikev1/multi-level-ca-ldap/posttest.dat
deleted file mode 100644
index ec4ba6e10..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/posttest.dat
+++ /dev/null
@@ -1,7 +0,0 @@
-moon::ipsec stop
-carol::ipsec stop
-dave::ipsec stop
-moon::rm /etc/ipsec.d/cacerts/*
-winnetou::/etc/init.d/slapd stop
-moon::/etc/init.d/iptables stop 2> /dev/null
-
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/pretest.dat b/testing/tests/ikev1/multi-level-ca-ldap/pretest.dat
deleted file mode 100644
index 322f42102..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/pretest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-winnetou::/etc/init.d/slapd start
-moon::/etc/init.d/iptables start 2> /dev/null
-carol::ipsec start
-dave::ipsec start
-moon::ipsec start
-carol::sleep 2
-carol::ipsec up alice
-carol::ipsec up venus
-dave::ipsec up venus
-dave::ipsec up alice
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/test.conf b/testing/tests/ikev1/multi-level-ca-ldap/test.conf
deleted file mode 100644
index 08e5cc145..000000000
--- a/testing/tests/ikev1/multi-level-ca-ldap/test.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-#
-# This configuration file provides information on the
-# UML instances used for this test
-
-# All UML instances that are required for this test
-#
-UMLHOSTS="alice venus moon carol winnetou dave"
-
-# Corresponding block diagram
-#
-DIAGRAM="a-v-m-c-w-d.png"
-
-# UML instances on which tcpdump is to be started
-#
-TCPDUMPHOSTS=""
-
-# UML instances on which IPsec is started
-# Used for IPsec logging purposes
-#
-IPSECHOSTS="moon carol dave"
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-13 05:11:54 +0000