Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision
  • 29-rebase-on-openresty-1-21-4-1
  • master
  • v1.26.3+1.0.0
  • v1.28.0+1.0.0
4 results

Target

Select target project
  • fornari/ngx_http_voms_module
  • cnafsd/ngx_http_voms_module
2 results
Select Git revision
  • 29-rebase-on-openresty-1-21-4-1
  • almalinux
  • master
3 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 519 additions and 306 deletions
t/certs/voms_example.key.pem deleted 100644 → 0
View file @ 46abca85
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/ho6KmAwS9x8J/eFF4
/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4zamwyEbvT4U0DE7Uf
mTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Qr+7cnZbHFIxgFtiS
yimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT3MDclnvECcWfL8jb
c2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZmsKebwtiAzTTW7Xb
56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABAoIBACXvPXeP1sGP21hG
fKidmn/Mrsu2oF0bcHhi8i/nU14RKWAIXWYC1UDhw01P7ytcyUOLMx73PvhZLAdP
TVFNGyu6URDPHmltdEF1lrn059YOjpD3wW0uwDaxQIwwXrewg+iaTgjcEgQIjHiY
htJr65y7kQXojjeK0KvnUSSxxEzA/uWeyQi/+ZFzPRfrj5o0uwo+qnwwiYn8FSVl
9S/MPiAXZcvQTojEu5kbH/0iRUwhDzcmtj8O1M3idhMl1G/WtdU2zHsR6p78HuZK
uZu9JRnSh1K8wiDdT+8TIitvBuv87fVFJg54pbO+Sa6tsfm4q9Vf21DyY7ZVRoie
Y6IPz8ECgYEA3c8NuLLKCFvU55lZkNWl0ixicD3w4o1k2at9FKYsboPJ9BUIYpVO
vqSflUKATENNfkoWmT4iTbNq8VJxnLNn1y33uB9ztQIn99Do0YeERSW0JExb363r
dJNlirxovoXvUT6kGHqFWIJyxXkh6wEZ4gqne94ujtqj9KHWczbpw4sCgYEA2Y5G
1L49361df9VDblhxS60hNmtNC9h3XTqKwfOXLCHG61JMxNUChhKikUuDsvfmXwta
dX51WJSL56pDHlk0prLrMWli4zLhiPiXknUIFiUt07lbzfDZ0aehr9xOFM4oBnyV
oR3eBhE/YJ1W3Xt2DGUySE09eukHoEeZURrq6uECgYAqKDhLam/Ltuh4PEUxqemi
UJ1FCADIjmckl9tmGU9IkfPIWFcHpakZwuAx1jncRM5tulchORX7/qXMyAaf6dlK
pIn4jMHJHWfLSgF2EXOqUMg0Pe8YTE38EieyfqzJyVr67hTyMhc2A1UdAzDXIZZx
x+SdPlVLAXM4A6pmq4EykQKBgQCLq+9HiDe7Edd0SZu4DSn3ltg60tqtHzVK8lnB
OT01xR2rWLQWrlancvFR7LRJwyPwox5ZTm3SB9RmUAY1Rropx7Z9i5ZEHRd003yk
N2SQqx/nzRnmdpmxIzkH6Z1reAt0VqnNvZocNRiGU51AJpJcVN/aUVSGQ3N08GK7
Elf9oQKBgGKL4eCjoLp9Kuvp+UXeKeeTSR2rTSOh36ZjtxDLOhdAj5mXSFj2nvLx
j2YNCkuU0Y25Vbpt/go7DFRnbZmKucpyUJNC49m3YD4zq0CVMX4BOUkkg3rJjMhP
Ce3aEfVwC9rF9sFHp5pHTBm6HCBCZikVtpYjn05rUtLYiYcSia88
-----END RSA PRIVATE KEY-----
t/certs/voms_example_2.cert.pem deleted 100644 → 0
View file @ 46abca85
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=IT, O=IGI, CN=Test CA 2
Validity
Not Before: Mar 14 16:18:34 2018 GMT
Not After : Mar 11 16:18:34 2028 GMT
Subject: C=IT, O=IGI, CN=voms.example
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:ca:0f:d7:c6:91:cc:15:a1:97:32:0b:20:fd:94:
11:57:46:59:3a:79:3e:ef:53:ab:9b:28:30:64:da:
bc:c5:0b:90:25:67:e5:46:06:2d:cf:dd:42:15:08:
f1:1e:ed:8b:e5:c9:cb:3d:cc:4a:77:92:63:af:ac:
94:a7:e6:89:06:64:0c:bc:28:52:d1:50:48:02:54:
5b:5b:6d:9e:0f:ee:89:f4:01:21:25:ea:ac:af:06:
a4:92:ce:32:2f:10:54:f6:37:02:7e:e0:e7:2a:fd:
42:92:c8:ff:5c:f1:f2:83:62:9b:d9:7d:f6:08:cb:
84:3e:03:26:a3:01:a2:ce:9c:de:d9:37:26:7e:6c:
12:50:14:88:47:bc:68:91:6a:f6:d5:05:70:e6:fd:
10:05:65:56:45:6f:95:22:d2:d4:55:77:cc:f5:fa:
08:a4:36:2c:fa:b2:47:90:6c:c4:84:36:ac:24:f8:
d9:a8:99:66:e0:5e:96:34:1e:65:48:86:0f:10:7b:
e9:3d:1a:3f:ea:53:9f:70:30:0c:30:93:d3:f9:67:
d1:66:7c:a0:40:28:fe:6b:17:72:df:d5:5b:a7:0f:
28:bc:92:d1:c8:31:a6:64:e0:d1:c0:1d:f6:dd:b8:
03:b1:31:9d:d8:0d:54:56:df:69:35:f1:55:cc:84:
52:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
5F:FE:E5:D5:AC:A3:6C:F4:19:A8:02:7D:F0:B8:9A:67:D0:A9:A1:1F
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
X509v3 Authority Key Identifier:
keyid:37:03:CB:96:42:3A:14:8F:BD:5B:72:2A:EE:F0:6B:A8:6D:4F:8C:44
X509v3 Subject Alternative Name:
DNS:voms.example
Signature Algorithm: sha1WithRSAEncryption
d2:75:21:54:90:c6:88:15:25:79:48:6d:d1:ba:5a:c7:58:a4:
b0:35:5e:30:1a:cf:ba:3f:36:fc:1e:9c:91:ab:54:ca:a8:3e:
2a:3c:75:44:55:2a:27:de:e7:0f:d8:c8:37:91:b1:65:2a:bf:
81:37:5a:0f:b4:31:d6:2c:7d:e0:ff:e1:36:c4:cf:d7:b3:a3:
20:be:7d:bb:26:ae:f6:55:df:68:46:83:4c:90:83:ee:6e:5d:
16:4c:ab:94:02:61:18:bb:48:e0:78:c3:ce:8e:87:30:cd:82:
19:8a:6a:d9:90:a4:db:00:fc:ee:fd:b1:c8:f1:0f:08:c6:47:
78:da:7e:2f:33:f1:8f:16:80:f0:97:a1:72:f9:5a:6e:30:12:
28:2a:c3:ca:cd:b3:c7:f1:ab:e1:db:b8:16:01:54:b7:5f:9e:
df:5e:56:25:6e:d4:72:78:a4:5d:c5:ea:92:c0:6b:a6:aa:bd:
06:73:6f:5f:57:29:38:db:13:f1:7d:51:60:af:21:fe:79:fa:
a5:8c:cc:12:34:76:32:92:24:9e:9e:6d:51:56:2d:05:28:09:
9b:ca:d7:8e:f3:22:ea:a5:80:82:6b:83:5e:2a:35:53:67:bc:
05:5b:ac:0e:24:48:1a:ef:98:96:e5:8a:7f:28:64:1e:ae:ec:
11:18:66:45
-----BEGIN CERTIFICATE-----
MIIDlzCCAn+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADAvMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRIwEAYDVQQDDAlUZXN0IENBIDIwHhcNMTgwMzE0MTYxODM0
WhcNMjgwMzExMTYxODM0WjAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUw
EwYDVQQDDAx2b21zLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDKD9fGkcwVoZcyCyD9lBFXRlk6eT7vU6ubKDBk2rzFC5AlZ+VGBi3P3UIV
CPEe7Yvlycs9zEp3kmOvrJSn5okGZAy8KFLRUEgCVFtbbZ4P7on0ASEl6qyvBqSS
zjIvEFT2NwJ+4Ocq/UKSyP9c8fKDYpvZffYIy4Q+AyajAaLOnN7ZNyZ+bBJQFIhH
vGiRavbVBXDm/RAFZVZFb5Ui0tRVd8z1+gikNiz6skeQbMSENqwk+NmomWbgXpY0
HmVIhg8Qe+k9Gj/qU59wMAwwk9P5Z9FmfKBAKP5rF3Lf1VunDyi8ktHIMaZk4NHA
HfbduAOxMZ3YDVRW32k18VXMhFLRAgMBAAGjgbowgbcwDAYDVR0TAQH/BAIwADAd
BgNVHQ4EFgQUX/7l1ayjbPQZqAJ98LiaZ9CpoR8wDgYDVR0PAQH/BAQDAgXgMD4G
A1UdJQQ3MDUGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4
QgQBBggrBgEFBQcDBDAfBgNVHSMEGDAWgBQ3A8uWQjoUj71bciru8GuobU+MRDAX
BgNVHREEEDAOggx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQEFBQADggEBANJ1IVSQ
xogVJXlIbdG6WsdYpLA1XjAaz7o/NvwenJGrVMqoPio8dURVKife5w/YyDeRsWUq
v4E3Wg+0MdYsfeD/4TbEz9ezoyC+fbsmrvZV32hGg0yQg+5uXRZMq5QCYRi7SOB4
w86OhzDNghmKatmQpNsA/O79scjxDwjGR3jafi8z8Y8WgPCXoXL5Wm4wEigqw8rN
s8fxq+HbuBYBVLdfnt9eViVu1HJ4pF3F6pLAa6aqvQZzb19XKTjbE/F9UWCvIf55
+qWMzBI0djKSJJ6ebVFWLQUoCZvK147zIuqlgIJrg14qNVNnvAVbrA4kSBrvmJbl
in8oZB6u7BEYZkU=
-----END CERTIFICATE-----
t/certs/voms_example_2.key.pem deleted 100644 → 0
View file @ 46abca85
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAyg/XxpHMFaGXMgsg/ZQRV0ZZOnk+71OrmygwZNq8xQuQJWfl
RgYtz91CFQjxHu2L5cnLPcxKd5Jjr6yUp+aJBmQMvChS0VBIAlRbW22eD+6J9AEh
Jeqsrwakks4yLxBU9jcCfuDnKv1Cksj/XPHyg2Kb2X32CMuEPgMmowGizpze2Tcm
fmwSUBSIR7xokWr21QVw5v0QBWVWRW+VItLUVXfM9foIpDYs+rJHkGzEhDasJPjZ
qJlm4F6WNB5lSIYPEHvpPRo/6lOfcDAMMJPT+WfRZnygQCj+axdy39Vbpw8ovJLR
yDGmZODRwB323bgDsTGd2A1UVt9pNfFVzIRS0QIDAQABAoIBAC16D1hTrBkaO0s6
EfzAfH6mCKMOcsmujSroiqvIR0AZ8CFbFtEBxwHHjH3re0k4sYnQNvv7pK7wtZru
Pq7jRee4UN1wPeN6LBrKHZ2gODjhuQ6/ylQcUy05U4Tu/4B0LosTqm4f9CdKxNcA
gejLU4eag/UZUmx8UZEbaHC7h4b0hQxu0EKEYZGo34azLRBaBqREtm2FpVk9ycJk
+Ij4a+qUfwCDJl8Z61hh4BNT7tWJVy5R61qxlD5Y9+thG7p2pgLCAyXVskgYfwCV
/AYOblWM9mEKpfnhEkhG0e2AO9/jOSsVaXWbiKC4tq59Lh3s6P5c0vlM4lMG4ZRS
axWVRBkCgYEA6xU9AaW5sd8gtOk1zpKVga5PdcewkCMj4eABZvuXW4B2wJr3KDIi
TYAZFqz6t7yy7VxhR75lXECbmyFB1uoHxt9yl+yY6R0IQEKsLA9xvEw2Xzqr7gch
Tfv+sQsIoW+nl5Z4TTrNMRoBwvzTZNkBSUQXRhOOfWhQUKJ/ZrDvS6MCgYEA3Apx
0YPQrb5r8V4hu6OyPhfUp3ZsoKvOyLVKKv7Yhx2u/yXCtsCXP+c5sNDFN3vxoWxX
8uOgZUrwhKF5ieYSQB0uSZONzHGtItRtaAaSGdQ4s7UDbWFHEfxR9XE1ZP8m/A5Z
wN0knnTQjve1ZyovTSGSs0zzRQoZaYmw6WFYzvsCgYEA1S46V48Y+WNVPpmpsL2f
FK2k4zMGO3+SX5gKzX/j/xddGUauUWY9UziSB80vw4U8YSGAGlZfhqwUMDaVhTZP
fRpOydTFycgJHnUXuxD6W/5k5DDJjx4qJpUZnyVZW0Rsn3vVdnuXbiqeZFtvvClK
EE3OKT883R7Gjoj9rXtQVa8CgYEAkLtiACCGyzFcSMfUwlo67HK6UmgnrUs02Xm9
TiiQfdc9et/4gkKNed/6Z136yrMAzV+5Pa8Rmm6/Y03e5qBpUrie8JBYjagb7LPz
PqBLyyd3IGUo2vJIUAE6W4naSBM4LkS2LpCG/J7za4ZtUG1D7aTunHc58ChjbLK/
pdJ9Gq8CgYEAmQHYXsVzjhxLDdYJGj4Dg2abaSL4y0e+76zP/AVfeNHfAoztm2w2
WJm5Xdf1NFEP+aopuGl9D4ikGvZ5bHscAgj/L3rbrOCz1XAmIwAcpcPE782vV1Pe
AEM7dszw7BXxvh5Fld1SJcC+/bUW7JTRzPRJmfz/jF/AF4SKkE9yk6Q=
-----END RSA PRIVATE KEY-----
t/conf.d/ephemeral_ca.conf 0 → 100644
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
[ ephemeral_ca ]
dir = ${ENV::CA_NAME}
certs = $dir/certs
database = $dir/index.txt
serial = $dir/serial
certificate = $dir/ca.crt
private_key = $dir/private/ca.key
default_crl_days = 30
default_md = sha512
[ ephemeral_ca_cert ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/private/ca.key
distinguished_name = ${ENV::CA_NAME}_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = ${ENV::CA_NAME}_extensions
[ ephemeral_ca_dn ]
C = IT
O = IGI
CN = Ephemeral CA
[ ephemeral_ca_extensions ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
basicConstraints = critical, CA:true
keyUsage = critical, cRLSign, keyCertSign
t/conf.d/expired.conf 0 → 100644
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
[ expired ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/expired.key.pem
distinguished_name = expired_dn
prompt = no
output_password = pass
default_md = sha512
x509_extensions = expired_extensions
[ expired_dn ]
C = IT
O = IGI
CN = Expired
[ expired_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
authorityKeyIdentifier = keyid, issuer
subjectAltName = email:expired@cnaf.infn.it
t/conf.d/igi_test_ca.conf 0 → 100644
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
[ igi_test_ca ]
dir = ${ENV::CA_NAME}
certs = $dir/certs
database = $dir/index.txt
serial = $dir/serial
certificate = $dir/ca.crt
private_key = $dir/private/ca.key
default_crl_days = 30
default_md = sha512
[ igi_test_ca_cert ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/private/ca.key
distinguished_name = ${ENV::CA_NAME}_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = ${ENV::CA_NAME}_extensions
[ igi_test_ca_dn ]
C = IT
O = IGI
CN = Test CA
[ igi_test_ca_extensions ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
basicConstraints = critical, CA:true
keyUsage = critical, cRLSign, keyCertSign
t/conf.d/igi_test_ca2.conf 0 → 100644
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
[ igi_test_ca2 ]
dir = ${ENV::CA_NAME}
certs = $dir/certs
database = $dir/index.txt
serial = $dir/serial
certificate = $dir/ca.crt
private_key = $dir/private/ca.key
default_crl_days = 30
default_md = sha512
[ igi_test_ca2_cert ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/private/ca.key
distinguished_name = ${ENV::CA_NAME}_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = ${ENV::CA_NAME}_extensions
[ igi_test_ca2_dn ]
C = IT
O = IGI
CN = Test CA 2
[ igi_test_ca2_extensions ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
basicConstraints = critical, CA:true
keyUsage = critical, cRLSign, keyCertSign
t/conf.d/revoked.conf 0 → 100644
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
[ revoked ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/revoked.key.pem
distinguished_name = revoked_dn
prompt = no
output_password = pass
default_md = sha512
x509_extensions = revoked_extensions
[ revoked_dn ]
C = IT
O = IGI
CN = Revoked
[ revoked_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
authorityKeyIdentifier = keyid, issuer
subjectAltName = email:revoked@cnaf.infn.it
t/conf.d/star_test_example.conf 0 → 100644
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
[ star_test_example ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/star_test_example.key.pem
distinguished_name = star_test_example_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = star_test_example_extensions
[ star_test_example_dn ]
C = IT
O = IGI
CN = *.test.example
[ star_test_example_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, digitalSignature
extendedKeyUsage = serverAuth, clientAuth
authorityKeyIdentifier = keyid, issuer
subjectAltName = DNS:*.test.example
t/conf.d/test0.conf 0 → 100644
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
[ test0 ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/test0.key.pem
distinguished_name = test0_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = test0_extensions
[ test0_dn ]
C = IT
O = IGI
CN = Test0
[ test0_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
authorityKeyIdentifier = keyid, issuer
subjectAltName = email:test0@cnaf.infn.it
t/conf.d/test1.conf 0 → 100644
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
[ test1 ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/test1.key.pem
distinguished_name = test1_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = test1_extensions
[ test1_dn ]
C = IT
O = IGI
CN = Test1
[ test1_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
authorityKeyIdentifier = keyid, issuer
subjectAltName = email:test1@cnaf.infn.it
t/conf.d/untrusted_voms.conf 0 → 100644
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
[ untrusted_voms ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/untrusted_voms.key.pem
distinguished_name = untrusted_voms_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = untrusted_voms_extensions
[ untrusted_voms_dn ]
C = IT
O = IGI
CN = untrusted-voms.example
[ untrusted_voms_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, digitalSignature
extendedKeyUsage = serverAuth, clientAuth
authorityKeyIdentifier = keyid, issuer
subjectAltName = DNS:untrusted-voms.example
t/eec_cert1.t 0 → 100644
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: RFC proxy certificate, no AC
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$ssl_client_ee_s_dn\n$ssl_client_ee_i_dn\n$ssl_client_s_dn\n$ssl_client_i_dn\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/0.cert.pem;
proxy_ssl_certificate_key ../../certs/0.key.pem;
}
--- request
GET /
--- response_body eval
my $ee_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
my $ee_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
my $pr_s = `openssl x509 -in t/certs/0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
my $pr_i = `openssl x509 -in t/certs/0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
"$ee_s$ee_i$pr_s$pr_i";
--- error_code: 200
t/eec_chain.t 0 → 100644
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: EEC chain containing CA certificate
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$ssl_client_ee_s_dn\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/test0+ca.pem;
proxy_ssl_certificate_key ../../certs/test0.key.pem;
}
--- request
GET /
--- response_body eval
`openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
--- error_code: 200
t/eec_subject.t deleted 100644 → 0
View file @ 46abca85
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: rfc proxy certificate, no AC
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_s_dn;
echo $ssl_client_ee_i_dn;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/0.cert.pem;
proxy_ssl_certificate_key ../../certs/0.key.pem;
}
--- request
GET /
--- response_body
CN=test0,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
--- error_code: 200
=== TEST 2: standard x.509 certificate
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_s_dn;
echo $ssl_client_s_dn;
echo $ssl_client_ee_i_dn;
echo $ssl_client_i_dn;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/nginx_voms_example.cert.pem;
proxy_ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
}
--- request
GET /
--- response_body
CN=nginx-voms.example,O=IGI,C=IT
CN=nginx-voms.example,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
--- error_code: 200
=== TEST 3: three delegations proxy
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_s_dn;
echo $ssl_client_ee_i_dn;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/7.cert.pem;
proxy_ssl_certificate_key ../../certs/7.key.pem;
}
--- request
GET /
--- response_body
CN=test0,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
--- error_code: 200
=== TEST 4: three delegations proxy + CA cert
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_s_dn;
echo $ssl_client_ee_i_dn;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/8.cert.pem;
proxy_ssl_certificate_key ../../certs/8.key.pem;
}
--- request
GET /
--- response_body
CN=test0,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
--- error_code: 200
t/eec_subject2.t 0 → 100644
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: End-entity X.509 certificate
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$ssl_client_ee_s_dn\n$ssl_client_s_dn\n$ssl_client_ee_i_dn\n$ssl_client_i_dn\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/test0.cert.pem;
proxy_ssl_certificate_key ../../certs/test0.key.pem;
}
--- request
GET /
--- response_body eval
my $c_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
my $c_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
"$c_s$c_s$c_i$c_i";
--- error_code: 200
t/eec_subject3.t 0 → 100644
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: three delegations proxy
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$ssl_client_ee_s_dn\n$ssl_client_ee_i_dn\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/6.cert.pem;
proxy_ssl_certificate_key ../../certs/6.key.pem;
}
--- request
GET /
--- response_body eval
my $c_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
my $c_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
"$c_s$c_i";
--- error_code: 200
t/encoding.t
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
use Test::Nginx::Socket 'no_plan';
......@@ -7,21 +10,26 @@ __DATA__
=== TEST 1: valid AC, verification of VOMS generic attributes encoding
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
location = / {
default_type text/plain;
echo $voms_generic_attributes;
return 200 "$voms_generic_attributes\n";
}
}
--- config
......@@ -34,5 +42,5 @@ __DATA__
--- request
GET /
--- response_body
n=nickname v=newland86 q=test.vo,n=title v=assegnista%25di%25ricerca%40CNAF q=test.vo
n=nickname v=sd q=test.vo,n=title v=assegnista%25di%25ricerca%40CNAF q=test.vo
--- error_code: 200
t/expired.t
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
use Test::Nginx::Socket 'no_plan';
......@@ -7,19 +10,24 @@ __DATA__
=== TEST 1: https with x509 client authentication, expired client certificate
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
location = / {
default_type text/plain;
echo $ssl_client_s_dn;
return 200 "$ssl_client_s_dn\n";
}
}
--- config
......
t/expired_ac.t
View file @ 048fb9a4
# SPDX-FileCopyrightText: 2018 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: EUPL-1.2
use Test::Nginx::Socket 'no_plan';
......@@ -7,22 +10,26 @@ __DATA__
=== TEST 1: https with x509 client authentication, valid proxy certificate with expired VOMS attributes
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
location = / {
default_type text/plain;
echo $voms_fqans;
echo $voms_user;
return 200 "$voms_fqans\n$voms_user\n";
}
}
--- config
......@@ -33,7 +40,7 @@ __DATA__
proxy_ssl_certificate_key ../../certs/1.key.pem;
}
--- request
GET /
GET /
--- response_body_like eval
qr/\n\n/
--- error_log
......