diff options
Diffstat (limited to 'testing/tests/ikev2/acert-inline')
7 files changed, 53 insertions, 30 deletions
diff --git a/testing/tests/ikev2/acert-inline/hosts/carol/etc/ipsec.d/acerts/carol-sales.pem b/testing/tests/ikev2/acert-inline/hosts/carol/etc/ipsec.d/acerts/carol-sales.pem index a188a1d3d..18b26109e 100644 --- a/testing/tests/ikev2/acert-inline/hosts/carol/etc/ipsec.d/acerts/carol-sales.pem +++ b/testing/tests/ikev2/acert-inline/hosts/carol/etc/ipsec.d/acerts/carol-sales.pem @@ -1,18 +1,18 @@ -----BEGIN ATTRIBUTE CERTIFICATE----- MIIC7zCCAdcCAQEwgbCgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp -bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHaFe +bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMKFe pFwwWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZ6BG MESkQjBAMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEW -MBQGA1UEAxMNc3Ryb25nU3dhbiBBQTANBgkqhkiG9w0BAQUFAAIIYO/yp98Yxu4w -IhgPMjAxNDAyMDcxMDAxNTdaGA8yMDIyMDQyNjEwMDE1N1owGTAXBggrBgEFBQcK +MBQGA1UEAxMNc3Ryb25nU3dhbiBBQTANBgkqhkiG9w0BAQUFAAIIWKuUaKxtshcw +IhgPMjAxNDEwMDMxMDEzMTFaGA8yMDI0MDkzMDEwMTMxMVowGTAXBggrBgEFBQcK BDELMAkwBwwFc2FsZXMwfzByBgNVHSMEazBpCwHqxzoCXPi2xMHh2q7CV/ZSsLCh SaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRsw GQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GCCBVOfhWvHBdhMAkGA1UdOAQCBQAw -DQYJKoZIhvcNAQEFBQADggEBAJA/duSysWae5X9JTC0BLY6gK8ggj5V9H3d60rM4 -7A8HVQldWe5QwYIRZmLS0XhMVHWiIvXJHwue2Xgs8DyAqILSCKIKpCJRhqPIxHCh -bek1nzw2YzVaU+E37He5V9PSkkRFO9tRvELhW3t4Wya7p4l6MVFW9ETOOtUqZYmt -bxAq/XEFZl/aFb2FW2RoKjUZpwxbrccCaV1hKIxtNen2ro31dNd9YHXe+fE4Fc7r -FTwbhOg3QLvZDXmiZt3LCXdMKAhayLbuSVsycuEtac44OVSvKhJ8GYykTRRn67nU -qCFNDe266KTNDqUMilrHm3FYGkpFtREOBajH4EqdMAJSdXg= +DQYJKoZIhvcNAQEFBQADggEBAFkNsX6dyQCYzYPeBcUJWWwWaAwIAQ8sQTqWOXGu +ccnicZNTLEEDcHYz+99MpU7akrVNd5W7qMu3cViab+24JL2pHXKnvdDnsj6ayGL1 +DZfENdhYuYa6cLxWtzo6TsFAZeLddkR7/tBUqQnneOOiWonIY8dP/5tX0qfU/JWQ +iE9AmCuwVieNf3WDt7ja+TUUuovaoEaXZgRWPpzKlFAmOf7FEt58r8gMrgzo6uqz +h32Y0XmIxAWbvVBmVjg1pl2Bvx235SsmwQ1fEfkDNFjhfQblbiV5gbnqLib3d8Eq +eyB6tzO5kHiVI0DjGygKpnP0kKeyfwtDOXoIb8EgU16svSM= -----END ATTRIBUTE CERTIFICATE----- diff --git a/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf index dc937641c..f585edfca 100644 --- a/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem b/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem index e612607aa..8c8fac57f 100644 --- a/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem +++ b/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem @@ -1,18 +1,18 @@ -----BEGIN ATTRIBUTE CERTIFICATE----- MIIC7TCCAdUCAQEwgbGgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp -bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHKFf +bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMaFf pF0wWzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzAR BgNVBAsTCkFjY291bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmeg QzBBpD8wPTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x -EzARBgNVBAMTCmV4cGlyZWQgQUEwDQYJKoZIhvcNAQEFBQACCG25qKzXgZ9HMCIY -DzIwMTQwMjA3MTAxMzQyWhgPMjAyMjA0MjYxMDEzNDJaMBkwFwYIKwYBBQUHCgQx +EzARBgNVBAMTCmV4cGlyZWQgQUEwDQYJKoZIhvcNAQEFBQACCA3IIXAIe9+8MCIY +DzIwMTQxMDAzMTAxNzA2WhgPMjAyNDA5MzAxMDE3MDZaMBkwFwYIKwYBBQUHCgQx CzAJMAcMBXNhbGVzMH8wcgYDVR0jBGswabOoTOBJ6lXcG4NAowI32Y/oXa9/oUmk RzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkG A1UEAxMSc3Ryb25nU3dhbiBSb290IENBgggqIkNljRd9CTAJBgNVHTgEAgUAMA0G -CSqGSIb3DQEBBQUAA4IBAQCfX/84tHCidlVbOU4is/1hZc+FpK4GG1jcywM9mtjB -QUeX28LYkewDdRpe49zJuTbvuIIABTp+4alf/oo7sKLk+o2/qq6CPfx8BSRL1a61 -Y1wVeGmXqcRQgtX+r3asMtLBoAFO8VaHt6pY52bg2YMNVRrUnCUVLqQjT+/Ujr4f -Lhs74VOxn7S94YbqvP5rytNFjdzBREipmb8j4mhIyfwUluoWFCkzxuwRaSEGhSMO -NobJuj/mK0PUU+TMYEcOMpQ/nVyb9rBtOvDoNU3BeD+ovuamErT9/9vWhEOwMD4C -OeR+ofespDX+AdCyZ1Dr1GMyUmIRK7GERdasIhx5pYMk +CSqGSIb3DQEBBQUAA4IBAQASoU5dvb9Khy4/RzU1v9RR5tST+D1Wc8LvRTZZKTQq +Xr/bew1I0blr+r23jCsL820Reu1W1dinx3mJ7lcp7dxrmkG2U70NHj0eHjx0poms +nCS6XgRpPM4M1jOqWM8eDKvvu9Qr8VcQlTVRWpyPUtweBuR4Xw/UpmQVEPm/ZgI+ +IyQC1g1r9pIuyTPM+e35u39ui8/6Ojqe5/FoTYhyxG/wohmx2+N2UMLtoByEZtQ8 +3FapsFYMpuVM5YU75WeaTARUbuhW6roeMjqGKdeLsXNETXS368yrPmCKtLaZ2l1u +hslX9uJoubP0agQrjJ2stuY198VaGlL8oBrNT1oT2yyg -----END ATTRIBUTE CERTIFICATE----- diff --git a/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem b/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem index 2f646c39d..23a8b8547 100644 --- a/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem +++ b/testing/tests/ikev2/acert-inline/hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem @@ -1,18 +1,18 @@ -----BEGIN ATTRIBUTE CERTIFICATE----- MIIC9DCCAdwCAQEwgbGgTjBJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExp -bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBHKFf +bnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQQIBMaFf pF0wWzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEzAR BgNVBAsTCkFjY291bnRpbmcxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmeg RjBEpEIwQDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4x -FjAUBgNVBAMTDXN0cm9uZ1N3YW4gQUEwDQYJKoZIhvcNAQEFBQACCCPxWgWKmOUM -MCIYDzIwMTQwMjA3MDg1OTM3WhgPMjAyMjA0MjYwODU5MzdaMB0wGwYIKwYBBQUH +FjAUBgNVBAMTDXN0cm9uZ1N3YW4gQUEwDQYJKoZIhvcNAQEFBQACCAak0VAwh8bc +MCIYDzIwMTQxMDAzMTAxNTE3WhgPMjAyNDA5MzAxMDE1MTdaMB0wGwYIKwYBBQUH CgQxDzANMAsMCW1hcmtldGluZzB/MHIGA1UdIwRrMGkLAerHOgJc+LbEweHarsJX 9lKwsKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIIFU5+Fa8cF2EwCQYDVR04 -BAIFADANBgkqhkiG9w0BAQUFAAOCAQEAThlKhGVv34sfnCSQn6nYUdxMhboTuC98 -+DgvTQ/tH0hddCJNg00SpO8AbStwEsqHFaSqFzAGHcMk+XUrBRSGszAwg8nKAKfT -MCvJbK6lWQcPF0WPSSk9/r1TLan4I9xhneNIIGQf1fnNo7NrQnmhJjolUgXQNwFA -qZgKBsk0jWcOSvI0bpK90km5flCHn/OA1rDCdaPuMwreDhvNDoApORYFPZVsLhid -CXSqT+FWfm2NfegS+Q4VHP3YLbY4vLepCerU9aMTUIPit0kf1N8piG/l6AUno1XP -VrcTvruQUWQb08H9aYt7l7kyhzOKkuXjVbdn5egZnK0m4WKmV50guA== +BAIFADANBgkqhkiG9w0BAQUFAAOCAQEAWdsybtPblq5EDLHKE4xakwLmbE5Jd5IV +0E/jOJWrdN/XOR1pGe55YjW/WFCDklAZcsR+Ap07x2L+idK+XfW3sMRgoXUYe9JO +1NSAPquy8zl206GpqiN5gmYQnQv2UshnbnEMd9osMmFIdqFVjFZFLtb8O+QRSVW1 +jiiL5a20amtQvyOI7B4vWImJ/EZh5lB3AxABVayeJvJJ4oQBBH/RIGCVocHykr4y +jG9Vq/CxOIu6xUKvBlT/r68tiS7Rtg2Br5sAY7MmnXzkJxgdNyfsCTThdFExGzzj +FHjzgHPjlAFofV22otSUzdOE6b22Dh7c1mxuDgUzlpPh2ycsp21CRw== -----END ATTRIBUTE CERTIFICATE----- diff --git a/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf index dc937641c..f585edfca 100644 --- a/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf index cd836a2b7..bae8628f3 100644 --- a/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation acert hmac xcbc stroke kernel-netlink socket-default updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation acert hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/acert-inline/reissue.txt b/testing/tests/ikev2/acert-inline/reissue.txt new file mode 100644 index 000000000..994fa0f60 --- /dev/null +++ b/testing/tests/ikev2/acert-inline/reissue.txt @@ -0,0 +1,23 @@ +# Carols sales acert +pki --acert \ + --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \ + --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem --in \ + ../../../hosts/carol/etc/ipsec.d/certs/carolCert.pem \ + --group sales -l 87600 -f pem \ + > hosts/carol/etc/ipsec.d/acerts/carol-sales.pem + +# Daves marketing acert +pki --acert \ + --issuercert hosts/moon/etc/ipsec.d/aacerts/aa.pem \ + --issuerkey hosts/moon/etc/ipsec.d/private/aa.pem \ + --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \ + --group marketing -l 87600 -f pem + > hosts/dave/etc/ipsec.d/acerts/dave-marketing.pem + +# Daves sales acert from expired AA +pki --acert \ + --issuercert hosts/moon/etc/ipsec.d/aacerts/aa-expired.pem \ + --issuerkey hosts/moon/etc/ipsec.d/private/aa-expired.pem \ + --in ../../../hosts/dave/etc/ipsec.d/certs/daveCert.pem \ + --group sales -l 87600 -f pem \ + > hosts/dave/etc/ipsec.d/acerts/dave-expired-aa.pem |