Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • fornari/ngx_http_voms_module
  • cnafsd/ngx_http_voms_module
2 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 1015 deletions
vanilla-nginx-sources/t/certs/README.md deleted 100644 → 0
View file @ b3b63e6e
# Certificates for `ngx_http_voms_module` testing
This directory contains the certificates and the proxy certificates used in the unit tests of the `ngx_http_voms_module`.
The proxy certificates are generated using the [VOMS
clients](http://italiangrid.github.io/voms/documentation/voms-clients-guide/), using the following command template:
```shell
$ VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=<path_to_cert>/voms_example.cert.pem -Dvoms.fake.aaKey=<path_to_cert>/voms_example.key.pem -Dvoms.fake.notAfter=<AAAA-MM-GGT00:00:00 -Dvoms.fake.notBefore=AAAA-MM-GGT00:00:00 -Dvoms.fake.gas=<name>=<value>,<name>=<value> -Dvoms.fake.fqans=/<vo>/<fqan>,/<vo>/<fqan>/Role=<role> -Dvoms.fake.serial=<ac_serial_n>" voms-proxy-init -voms test.vo -cert <path_to test0.p12> --valid <validity> --vomsdir <path_to_vomsdir> --certdir <path_to_trust_anchors>
```
See below for some concrete examples.
As usual, the command generates a proxy certificate in `/tmp` in PEM format. To be used in these tests, they need to be
split in the corresponding certificate and key and eventually moved into this directory. Given a `name.pem` file,
`name.cert.pem` and `name.key.pem` can be obtained using the following commands:
```shell
$ awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' name.pem > name.key.pem
$ awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' name.pem > name.cert.pem
```
The following certificates and proxy certificates are used in these tests:
* `0.pem`: long-lived proxy certificate, without any Attribute Certificate (AC)
* `1.pem`: long-lived proxy certificate, with an expired AC
* `2.pem`: expired proxy certificate
* `3.pem`: long-lived proxy with valid VOMS attributes. Obtained with:
```shell
$ VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=t/certs/voms_example.cert.pem -Dvoms.fake.aaKey=t/certs/voms_example.key.pem -Dvoms.fake.notAfter=2031-12-31T00:00:00 -Dvoms.fake.notBefore=2021-11-10T00:00:00 -Dvoms.fake.gas=nickname=newland,nickname=giaco -Dvoms.fake.fqans=/test.vo/exp1,/test.vo/exp2,/test.vo/exp3/Role=PIPPO -Dvoms.fake.serial=123456" voms-proxy-init -voms test.vo -cert t/certs/test0.p12 --valid 10000:0 --vomsdir t/vomsdir --certdir t/trust-anchors --vomses t/vomses
```
* `4.pem`: long-lived proxy with VOMS generic attributes containing special characters. Obtained with:
```shell
$ VOMS_CLIENTS_JAVA_OPTIONS="-Dvoms.fake.vo=test.vo -Dvoms.fake=true -Dvoms.fake.aaCert=t/certs/voms_example.cert.pem -Dvoms.fake.aaKey=t/certs/voms_example.key.pem -Dvoms.fake.notAfter=2031-12-31T00:00:00 -Dvoms.fake.notBefore=2021-11-10T00:00:00 -Dvoms.fake.fqans=/test.vo -Dvoms.fake.gas=nickname=newland86,title=assegnista%di%ricerca@CNAF -Dvoms.fake.serial=123457" voms-proxy-init -voms test.vo -cert t/certs/test0.p12 --valid 10000:0 --vomsdir t/vomsdir --certdir t/trust-anchors --vomses t/vomses
```
* `5.pem`: long-lived proxy with valid VOMS attributes
* `6.pem`: long-lived proxy with valid VOMS attributes, with an old format for FQANs
* `7.pem`: long-lived proxy (3 delegations), without VOMS attributes
* `8.pem`: long-lived proxy (3 delegations), without VOMS attributes, plus a CA
certificate included in the chain
* `9.pem`: EEC plus CA certificate included in the chain
`voms_example.cert.pem` and `voms_example.key.pem` are the credentials of a trusted VOMS server.
`voms_example_2.cert.pem` and `voms_example_2.key.pem` are the credentials of an untrusted VOMS server.
`nginx_voms_example.cert.pem` and `nginx_voms_example.key.pem` are the Nginx server credentials.
vanilla-nginx-sources/t/certs/nginx_voms_example.cert.pem deleted 100644 → 0
View file @ b3b63e6e
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 788 (0x314)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=IT, O=IGI, CN=Test CA
Validity
Not Before: Mar 2 16:20:13 2018 GMT
Not After : Feb 28 16:20:13 2028 GMT
Subject: C=IT, O=IGI, CN=nginx-voms.example
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b0:40:e2:d8:57:f2:36:5b:8d:a4:0a:b0:8a:c2:
15:44:3d:3a:a3:c5:3a:a6:86:76:7a:ce:2c:93:5c:
7a:b2:ac:42:2d:e7:4f:20:fe:65:fa:ec:c7:84:3d:
78:2b:31:58:11:c6:04:3f:5e:f2:9b:c8:c1:0a:9c:
30:14:74:64:ae:23:0c:8a:4d:c6:ab:2a:9a:24:b5:
8b:89:c6:5d:0c:72:e2:12:ec:06:e6:7f:54:80:8b:
2a:a1:2a:0e:2e:96:ee:0d:af:6e:fd:57:f2:48:34:
a7:6b:8f:c0:c9:39:4c:83:24:96:75:94:be:b7:1c:
6c:bb:e8:c8:00:43:46:ef:8d:d7:1c:e6:79:d7:a8:
20:4f:66:65:6c:c5:4e:51:c7:b3:dc:39:43:84:65:
18:14:57:a4:37:55:8c:5f:5b:63:b6:20:7e:bb:b6:
c3:99:4f:41:fa:87:3a:73:ed:34:91:c5:a8:3b:50:
15:2d:de:8e:76:ab:87:06:cc:5b:0c:44:8d:30:24:
6f:2d:6e:a7:b0:97:7c:5d:50:52:6b:66:3b:8f:f8:
2e:41:c4:71:ad:52:14:07:c2:35:57:4e:64:d6:d2:
9f:46:d3:d4:28:c1:15:3b:bb:ff:b1:73:9d:d0:1b:
7e:81:9c:50:48:55:c1:58:63:a8:25:12:4e:1c:aa:
90:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
2F:BA:E2:77:B3:3E:47:82:3B:5C:8C:A1:13:7A:4D:59:50:4D:8C:FD
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
X509v3 Authority Key Identifier:
keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6
X509v3 Subject Alternative Name:
DNS:nginx-voms.example
Signature Algorithm: sha256WithRSAEncryption
4f:13:10:00:61:f5:76:3b:2d:43:ab:89:55:4c:a5:b3:16:84:
dd:bf:18:6d:f3:4a:b3:65:32:0a:fa:14:aa:5e:61:45:05:fa:
f8:35:1e:ad:b9:ff:3e:70:be:94:99:3c:04:28:59:4d:12:88:
5f:e4:2a:e5:bc:eb:c7:59:49:59:b8:f7:79:a3:2f:ec:99:af:
eb:f9:05:5e:68:14:fb:bb:35:a3:3e:d7:1b:55:c2:91:a5:cc:
b5:88:15:0c:36:aa:25:e8:76:bc:e5:b0:b7:a8:b4:af:7b:c9:
8a:52:ae:34:07:4e:18:5a:e2:83:21:bf:10:fe:8c:91:1f:88:
b0:0e:60:ea:8a:40:df:2e:d5:0e:70:2b:07:95:d5:00:02:3b:
be:b6:22:ff:a2:30:5e:52:83:7b:b9:44:ce:56:be:de:d0:55:
35:35:e7:3f:45:1a:ad:93:42:65:84:2d:d4:86:b6:5c:7e:06:
e8:76:87:2e:2e:e3:fa:d6:65:1e:00:7a:a4:71:be:c8:4a:2f:
8a:06:bf:15:02:68:53:99:44:ce:45:8e:d0:e9:5d:76:3f:93:
e9:57:91:2c:af:56:ce:a4:20:88:5d:fc:49:44:cc:78:d6:4e:
0e:e3:8e:1b:f7:81:9e:eb:15:26:ba:97:f6:c3:ca:6f:3f:5f:
3d:23:a0:fd
-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgICAxQwDQYJKoZIhvcNAQELBQAwLTELMAkGA1UEBhMCSVQx
DDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0xODAzMDIxNjIwMTNa
Fw0yODAyMjgxNjIwMTNaMDgxCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJR0kxGzAZ
BgNVBAMMEm5naW54LXZvbXMuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALBA4thX8jZbjaQKsIrCFUQ9OqPFOqaGdnrOLJNcerKsQi3nTyD+
Zfrsx4Q9eCsxWBHGBD9e8pvIwQqcMBR0ZK4jDIpNxqsqmiS1i4nGXQxy4hLsBuZ/
VICLKqEqDi6W7g2vbv1X8kg0p2uPwMk5TIMklnWUvrccbLvoyABDRu+N1xzmedeo
IE9mZWzFTlHHs9w5Q4RlGBRXpDdVjF9bY7Ygfru2w5lPQfqHOnPtNJHFqDtQFS3e
jnarhwbMWwxEjTAkby1up7CXfF1QUmtmO4/4LkHEca1SFAfCNVdOZNbSn0bT1CjB
FTu7/7FzndAbfoGcUEhVwVhjqCUSThyqkKECAwEAAaOBwDCBvTAMBgNVHRMBAf8E
AjAAMB0GA1UdDgQWBBQvuuJ3sz5HgjtcjKETek1ZUE2M/TAOBgNVHQ8BAf8EBAMC
BeAwPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglg
hkgBhvhCBAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOi
EUnGMB0GA1UdEQQWMBSCEm5naW54LXZvbXMuZXhhbXBsZTANBgkqhkiG9w0BAQsF
AAOCAQEATxMQAGH1djstQ6uJVUylsxaE3b8YbfNKs2UyCvoUql5hRQX6+DUerbn/
PnC+lJk8BChZTRKIX+Qq5bzrx1lJWbj3eaMv7Jmv6/kFXmgU+7s1oz7XG1XCkaXM
tYgVDDaqJeh2vOWwt6i0r3vJilKuNAdOGFrigyG/EP6MkR+IsA5g6opA3y7VDnAr
B5XVAAI7vrYi/6IwXlKDe7lEzla+3tBVNTXnP0UarZNCZYQt1Ia2XH4G6HaHLi7j
+tZlHgB6pHG+yEoviga/FQJoU5lEzkWO0Olddj+T6VeRLK9WzqQgiF38SUTMeNZO
DuOOG/eBnusVJrqX9sPKbz9fPSOg/Q==
-----END CERTIFICATE-----
vanilla-nginx-sources/t/certs/nginx_voms_example.key.pem deleted 100644 → 0
View file @ b3b63e6e
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAsEDi2FfyNluNpAqwisIVRD06o8U6poZ2es4sk1x6sqxCLedP
IP5l+uzHhD14KzFYEcYEP17ym8jBCpwwFHRkriMMik3GqyqaJLWLicZdDHLiEuwG
5n9UgIsqoSoOLpbuDa9u/VfySDSna4/AyTlMgySWdZS+txxsu+jIAENG743XHOZ5
16ggT2ZlbMVOUcez3DlDhGUYFFekN1WMX1tjtiB+u7bDmU9B+oc6c+00kcWoO1AV
Ld6OdquHBsxbDESNMCRvLW6nsJd8XVBSa2Y7j/guQcRxrVIUB8I1V05k1tKfRtPU
KMEVO7v/sXOd0Bt+gZxQSFXBWGOoJRJOHKqQoQIDAQABAoIBAQCt47Zqn4n2GymJ
GIrIu2bj5ky+Ws3ckXi+/D56PJlJQi4gv78P3C2c/JJzY3n1kz9CecyjAPf2vn/G
CgZdh9/09dtfcBB7uxJM+Vfr2+rdZ1KoPHkqW6FxGNw8GRPY30uJ8PVdubDtkBVF
R5R6cq+MC0LuSoxGeCLG2YjIyZdoqzLKGyHy6Sv1Cdd1ctXa4DHKBA6XUwKTN6tB
GFdrNiz5ucGB9AzOcpXSRD/F8Vy7beb8Gb+4skEXp2hAVzVFOd9xbrsZZRpPmQky
4UN3E8Fy+1hbqlXBnCJF8pRywVLEtuCOF8BJlFCqgnV79JxKsxf/iIV+gXJje2i8
MRbKbZjJAoGBANeMHUiJeF2y40lD+9VHHPj5Y69aN6osUQs++IXE+9bT513TGvLx
6WtwRE45tWFg2VT45NoVJ1a5HW6aj0LbSqHsgO80A4yumdPd8W4Fa1LhqNSwKqKx
38RsZL8AS1FghEt/HayxaboqGDl/q4qP0b3lzgIM98LGpIgDbPwoePQfAoGBANFU
6e2FquwmxX9ZsOd5tYU6mLrdhvEBbXlVF3V/JpdYMwS4OEyV8pkIdaw+lapcF7/G
l9Atksb44xYCNf45e/SUR+dLpvCDjKgkO9vmfnNM/sv057KyfjaLU5ogag0cfKFQ
qYvYRzd4ujUj4EoM7DMNsF6IPrhqNbqwIChDseM/AoGBALZkOeNHcDLZTLqSbGbs
5fdIELIxBSlalrmNb37CUNhYN0+NcyBg08O2HBaVfoYIDd95PS3M+JzJx73vy4on
Rd/+4JuIx/gjRseg5srSix53FQXkjC9flJoBnr6A4TrbERdRWSrodS6ysAz3m5CE
YlbuPoQ9tOl8bX0qaO520OLBAoGAPYwO35ROhfJ8XQ488kIZudtZro+VrmSyEFuR
cy14ZkU7cubLPtFTq+UN3B/ml1lObkdwuXe80R26fu0VfPLf3DCA16OpqMu03ncQ
1n31reb0f3k5apQKgfUDFqzzIXm/txplT0W+4rNvZFJxDrSv+e7LbW/3qPcpZwOD
4PLOabcCgYASw9uVfE9JhOoawDtROQkiOtg8gx5CffvdSqztRnIbR/LN9Ne+CMsl
UJuPaEj/O7y00ZyfHNmOfKMjFNwEGyk+LdLUkKEw0feNZQzHvfTmuBCqwWQYM8dL
mA0WApTCO1rMTg/KouRSy9QFCpUx0oMJN7mgKo0BaH+H2RhIlssOAg==
-----END RSA PRIVATE KEY-----
vanilla-nginx-sources/t/certs/test0.cert.pem deleted 100644 → 0
View file @ b3b63e6e
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
vanilla-nginx-sources/t/certs/test0.key.pem deleted 100644 → 0
View file @ b3b63e6e
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqbOgT0owFy8CAggA
MBQGCCqGSIb3DQMHBAi0pGFZzZYROgSCBMhwhhXisB/ishN/r4FGku1DY/CNq/ZF
XhH1YvEoZRT4GA4HLa6hrh7yPdYyH0hhvMKuLGaH4Df+YUOXZq5c0mHgBjk9YkCp
PHhZHUwBFrryF/RV5P7u3zXqce/huQJ5yq2TLRv3NS8WiwavWmcbYSgyCFwSOHf4
Vxz21ggY+oNLa32X0dDxDJ4TlGSK0vSQzIjCjOpzxkewJ6LpA1c3LqTu155y/cdM
mFgd0XN3hUh+j6yQ9JMrNAKOrP0mPmphvEqXoS6l0RV+8x7PzQXvjfmULPsMxEhm
P+D8EBap8AhnvgAlEPwHTxC5uBqh+bdE7NnMsaetivWZ1wNSkLXuh+CKHfAtqDea
zWn1mCQG12H4SGrONoV95yqC6Z1SoMCrll0I/M7b7VUwas63Mp+abXFPv1X6GLAr
ONSua6wAs3GxDvxEtPJmL3nVvWoVvr/jSQ9i2k5y7RoAr2r17qF7fcossq9DVST2
q1a3sd/0gzIyfVdtxU+akOlbW/+vYl2Dc18SmwIGpi5It6eCozUHOxhFFFHFczyY
RmjwohaHzGbuhwqNOzIfX0xlmVE/NW4xchSQsRQnq7c8mEQmiwLrABj19Jme29vW
ThFepYK8yGxuULYSFfVnhuGkWgmr61YwjpeyrOPefeydr++qP+45o6bHZhmH7leC
MIUS79BHFck/y4ZA6XltoF07MBmFnDz3OJKSmMGh5a7gFHJjA/e+QNvkGju+97mq
V1mc+xxkyIJPEn3hw0v60//4ByQcGTY57BQVVQXYJB/4Jr8T749G8eQl4YmPmv5p
hPls688ECXfiHQCRrp3yub8415zEkc2k+J3HXr17LRNBxvJ5qOC/CfiGlH6rG6Al
ufL8mbY1yMKgMUBuU5VQ/fX0EID34dOBbb+/FbyEoVmzWJEAzJj6bNUQe2M/JkfK
G6yzrO2TCFbFBz9DZ577xGHlylPeSG1UmICg4o4kyeUkD47K0RnJ8NZfozCs463S
T9LCWH11ReAVJfiEB9T6yLBd5jKEa/IEDB8S74knVyWu1qDnlh9USenJ6kzT8fKR
v5pTEGaH2toE8pzmKeaPxXtJBwcMv4SBd/NCoBEnutTfjYmdS/7qG/G0uC2jN9Si
eYZSGS/mlIYIhSvamCDnLl1FBoD69cWF0bz2ywSwJedJy1AIWpcfn+pNCTQF92cy
QkbG19jrrFOQJhQoeUCcAA8p8KBCkNCHrwEe7QIRCiJmCMYOhiGjAE3iqW8DSXAE
OqonWY6FyvEsrgKBrHtVuWQjC4jUrnzEsjQj+nHpAsKktlrBOynkLOWyeRexGLl7
xElx6WZkOtmCVM3gLa+vH0hH7vEmXZnDKyhsSbQ8kEOSXLCsUZR9ggav+rO57W2O
Vnx6Qko3ynOfFfPVrMVetJCm7p+ar6qgsyZpi52FFxeIGHmJ2STv3QSXQhvnWtP4
pIMdYudQ7Kw90L0vDf1+cpI+a8jUGRU1KrtfV2jVrN/7mf8Tf1bGiUt+WPF6l1es
WyEBcH3+xYu9W5N82bIFtrlogJI/gj6qtmN3QIeUrIPsrvJ8iuUqNWLB5aQFtbAd
poYVj+8hScMgQ2HiKqlffyDOWNghuePlFJecgcJcpusm+LqiYaWPo2RNvPdWvb+I
1o0=
-----END ENCRYPTED PRIVATE KEY-----
vanilla-nginx-sources/t/certs/test0.p12 deleted 100644 → 0
View file @ b3b63e6e
File deleted
vanilla-nginx-sources/t/certs/voms_example.cert.pem deleted 100644 → 0
View file @ b3b63e6e
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 787 (0x313)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=IT, O=IGI, CN=Test CA
Validity
Not Before: Dec 6 09:46:37 2017 GMT
Not After : Dec 4 09:46:37 2027 GMT
Subject: C=IT, O=IGI, CN=voms.example
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:bc:7f:c8:da:1e:0d:93:50:b4:98:22:1a:2f:ad:
23:f4:92:2b:72:91:12:9b:ef:e1:a3:a2:a6:03:04:
bd:c7:c2:7f:78:51:78:fd:94:06:d3:aa:e8:dd:56:
8f:1d:d5:1d:a5:49:3f:4c:b2:4c:d1:3e:69:2c:60:
c0:8f:5f:0f:7c:6d:a4:cb:58:0c:6e:de:33:6a:6c:
32:11:bb:d3:e1:4d:03:13:b5:1f:99:35:1d:1f:af:
b4:7b:da:b6:1b:5a:76:76:54:04:f3:e8:d7:60:6b:
c6:55:d9:d4:12:eb:7b:f2:3d:df:ec:9e:da:d4:df:
10:af:ee:dc:9d:96:c7:14:8c:60:16:d8:92:ca:29:
8c:df:f7:4f:8f:8b:a7:80:01:e7:f7:7a:4f:3c:32:
42:af:ce:2e:f8:1a:7b:bc:b5:eb:20:a7:d5:28:c1:
a4:d3:54:d3:dc:c0:dc:96:7b:c4:09:c5:9f:2f:c8:
db:73:61:01:e4:2e:97:b9:05:64:1a:dc:76:09:09:
eb:af:be:6c:47:b9:5b:41:86:c1:51:c0:fe:65:23:
2b:94:ac:b0:81:46:99:9a:c2:9e:6f:0b:62:03:34:
d3:5b:b5:db:e7:ac:38:0e:31:63:ed:81:1f:6e:bc:
41:65:89:b1:8d:2f:5f:fa:8a:da:88:ac:f8:cb:3f:
eb:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
33:8C:09:D4:49:94:01:CE:D1:FB:0B:9D:19:5E:AD:C4:D7:F5:90:C4
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
X509v3 Authority Key Identifier:
keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6
X509v3 Subject Alternative Name:
DNS:voms.example
Signature Algorithm: sha256WithRSAEncryption
e0:c5:08:e4:92:9b:26:09:04:64:b9:9e:c9:27:82:2c:90:4c:
4b:f1:3c:1a:4d:cd:f6:5a:fe:8a:58:6b:36:42:3b:7b:d0:e0:
66:2a:ee:2d:ad:d0:2a:59:52:c8:44:85:b6:90:af:12:49:cc:
de:a4:65:aa:e9:6e:83:e1:cf:20:d3:98:8f:3e:a8:a1:82:f8:
f5:6e:97:73:78:be:46:a7:5a:a7:10:30:b7:01:13:cf:b4:03:
c6:74:f7:e4:b8:51:21:33:79:4a:88:d6:01:cb:c1:22:37:6e:
9f:1d:2c:3e:eb:d0:09:51:3b:0a:5f:b5:19:b6:1a:35:63:95:
94:f5:99:a1:bc:18:bc:84:aa:9b:70:3a:b2:2d:c2:ed:50:19:
20:16:94:21:ea:49:e1:d8:61:10:9d:f5:29:65:11:a2:15:2b:
8a:f7:14:5a:49:b8:2d:5c:0f:fc:77:20:e7:03:3a:15:b8:21:
31:d8:33:fc:8f:70:1c:a6:90:80:84:b3:af:1f:2d:28:9e:c6:
e2:8a:43:ec:26:32:bf:d7:6a:aa:42:5a:2c:50:29:33:5d:b7:
e8:58:22:b6:c7:7b:bf:a4:ac:55:32:2d:51:58:1a:ee:9e:80:
d2:4d:24:4b:6a:e3:97:2e:a7:5c:e3:50:84:33:b5:ec:a4:20:
6e:70:1d:e9
-----BEGIN CERTIFICATE-----
MIIDljCCAn6gAwIBAgICAxMwDQYJKoZIhvcNAQELBQAwLTELMAkGA1UEBhMCSVQx
DDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0xNzEyMDYwOTQ2Mzda
Fw0yNzEyMDQwOTQ2MzdaMDIxCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJR0kxFTAT
BgNVBAMMDHZvbXMuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALx/yNoeDZNQtJgiGi+tI/SSK3KREpvv4aOipgMEvcfCf3hReP2UBtOq6N1W
jx3VHaVJP0yyTNE+aSxgwI9fD3xtpMtYDG7eM2psMhG70+FNAxO1H5k1HR+vtHva
thtadnZUBPPo12BrxlXZ1BLre/I93+ye2tTfEK/u3J2WxxSMYBbYksopjN/3T4+L
p4AB5/d6TzwyQq/OLvgae7y16yCn1SjBpNNU09zA3JZ7xAnFny/I23NhAeQul7kF
ZBrcdgkJ66++bEe5W0GGwVHA/mUjK5SssIFGmZrCnm8LYgM001u12+esOA4xY+2B
H268QWWJsY0vX/qK2ois+Ms/6ysCAwEAAaOBujCBtzAMBgNVHRMBAf8EAjAAMB0G
A1UdDgQWBBQzjAnUSZQBztH7C50ZXq3E1/WQxDAOBgNVHQ8BAf8EBAMCBeAwPgYD
VR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhC
BAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOiEUnGMBcG
A1UdEQQQMA6CDHZvbXMuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOCAQEA4MUI5JKb
JgkEZLmeySeCLJBMS/E8Gk3N9lr+ilhrNkI7e9DgZiruLa3QKllSyESFtpCvEknM
3qRlqulug+HPINOYjz6ooYL49W6Xc3i+RqdapxAwtwETz7QDxnT35LhRITN5SojW
AcvBIjdunx0sPuvQCVE7Cl+1GbYaNWOVlPWZobwYvISqm3A6si3C7VAZIBaUIepJ
4dhhEJ31KWURohUrivcUWkm4LVwP/Hcg5wM6FbghMdgz/I9wHKaQgISzrx8tKJ7G
4opD7CYyv9dqqkJaLFApM1236Fgitsd7v6SsVTItUVga7p6A0k0kS2rjly6nXONQ
hDO17KQgbnAd6Q==
-----END CERTIFICATE-----
vanilla-nginx-sources/t/certs/voms_example.key.pem deleted 100644 → 0
View file @ b3b63e6e
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/ho6KmAwS9x8J/eFF4
/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4zamwyEbvT4U0DE7Uf
mTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Qr+7cnZbHFIxgFtiS
yimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT3MDclnvECcWfL8jb
c2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZmsKebwtiAzTTW7Xb
56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABAoIBACXvPXeP1sGP21hG
fKidmn/Mrsu2oF0bcHhi8i/nU14RKWAIXWYC1UDhw01P7ytcyUOLMx73PvhZLAdP
TVFNGyu6URDPHmltdEF1lrn059YOjpD3wW0uwDaxQIwwXrewg+iaTgjcEgQIjHiY
htJr65y7kQXojjeK0KvnUSSxxEzA/uWeyQi/+ZFzPRfrj5o0uwo+qnwwiYn8FSVl
9S/MPiAXZcvQTojEu5kbH/0iRUwhDzcmtj8O1M3idhMl1G/WtdU2zHsR6p78HuZK
uZu9JRnSh1K8wiDdT+8TIitvBuv87fVFJg54pbO+Sa6tsfm4q9Vf21DyY7ZVRoie
Y6IPz8ECgYEA3c8NuLLKCFvU55lZkNWl0ixicD3w4o1k2at9FKYsboPJ9BUIYpVO
vqSflUKATENNfkoWmT4iTbNq8VJxnLNn1y33uB9ztQIn99Do0YeERSW0JExb363r
dJNlirxovoXvUT6kGHqFWIJyxXkh6wEZ4gqne94ujtqj9KHWczbpw4sCgYEA2Y5G
1L49361df9VDblhxS60hNmtNC9h3XTqKwfOXLCHG61JMxNUChhKikUuDsvfmXwta
dX51WJSL56pDHlk0prLrMWli4zLhiPiXknUIFiUt07lbzfDZ0aehr9xOFM4oBnyV
oR3eBhE/YJ1W3Xt2DGUySE09eukHoEeZURrq6uECgYAqKDhLam/Ltuh4PEUxqemi
UJ1FCADIjmckl9tmGU9IkfPIWFcHpakZwuAx1jncRM5tulchORX7/qXMyAaf6dlK
pIn4jMHJHWfLSgF2EXOqUMg0Pe8YTE38EieyfqzJyVr67hTyMhc2A1UdAzDXIZZx
x+SdPlVLAXM4A6pmq4EykQKBgQCLq+9HiDe7Edd0SZu4DSn3ltg60tqtHzVK8lnB
OT01xR2rWLQWrlancvFR7LRJwyPwox5ZTm3SB9RmUAY1Rropx7Z9i5ZEHRd003yk
N2SQqx/nzRnmdpmxIzkH6Z1reAt0VqnNvZocNRiGU51AJpJcVN/aUVSGQ3N08GK7
Elf9oQKBgGKL4eCjoLp9Kuvp+UXeKeeTSR2rTSOh36ZjtxDLOhdAj5mXSFj2nvLx
j2YNCkuU0Y25Vbpt/go7DFRnbZmKucpyUJNC49m3YD4zq0CVMX4BOUkkg3rJjMhP
Ce3aEfVwC9rF9sFHp5pHTBm6HCBCZikVtpYjn05rUtLYiYcSia88
-----END RSA PRIVATE KEY-----
vanilla-nginx-sources/t/certs/voms_example_2.cert.pem deleted 100644 → 0
View file @ b3b63e6e
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=IT, O=IGI, CN=Test CA 2
Validity
Not Before: Mar 14 16:18:34 2018 GMT
Not After : Mar 11 16:18:34 2028 GMT
Subject: C=IT, O=IGI, CN=voms.example
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:ca:0f:d7:c6:91:cc:15:a1:97:32:0b:20:fd:94:
11:57:46:59:3a:79:3e:ef:53:ab:9b:28:30:64:da:
bc:c5:0b:90:25:67:e5:46:06:2d:cf:dd:42:15:08:
f1:1e:ed:8b:e5:c9:cb:3d:cc:4a:77:92:63:af:ac:
94:a7:e6:89:06:64:0c:bc:28:52:d1:50:48:02:54:
5b:5b:6d:9e:0f:ee:89:f4:01:21:25:ea:ac:af:06:
a4:92:ce:32:2f:10:54:f6:37:02:7e:e0:e7:2a:fd:
42:92:c8:ff:5c:f1:f2:83:62:9b:d9:7d:f6:08:cb:
84:3e:03:26:a3:01:a2:ce:9c:de:d9:37:26:7e:6c:
12:50:14:88:47:bc:68:91:6a:f6:d5:05:70:e6:fd:
10:05:65:56:45:6f:95:22:d2:d4:55:77:cc:f5:fa:
08:a4:36:2c:fa:b2:47:90:6c:c4:84:36:ac:24:f8:
d9:a8:99:66:e0:5e:96:34:1e:65:48:86:0f:10:7b:
e9:3d:1a:3f:ea:53:9f:70:30:0c:30:93:d3:f9:67:
d1:66:7c:a0:40:28:fe:6b:17:72:df:d5:5b:a7:0f:
28:bc:92:d1:c8:31:a6:64:e0:d1:c0:1d:f6:dd:b8:
03:b1:31:9d:d8:0d:54:56:df:69:35:f1:55:cc:84:
52:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
5F:FE:E5:D5:AC:A3:6C:F4:19:A8:02:7D:F0:B8:9A:67:D0:A9:A1:1F
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
X509v3 Authority Key Identifier:
keyid:37:03:CB:96:42:3A:14:8F:BD:5B:72:2A:EE:F0:6B:A8:6D:4F:8C:44
X509v3 Subject Alternative Name:
DNS:voms.example
Signature Algorithm: sha1WithRSAEncryption
d2:75:21:54:90:c6:88:15:25:79:48:6d:d1:ba:5a:c7:58:a4:
b0:35:5e:30:1a:cf:ba:3f:36:fc:1e:9c:91:ab:54:ca:a8:3e:
2a:3c:75:44:55:2a:27:de:e7:0f:d8:c8:37:91:b1:65:2a:bf:
81:37:5a:0f:b4:31:d6:2c:7d:e0:ff:e1:36:c4:cf:d7:b3:a3:
20:be:7d:bb:26:ae:f6:55:df:68:46:83:4c:90:83:ee:6e:5d:
16:4c:ab:94:02:61:18:bb:48:e0:78:c3:ce:8e:87:30:cd:82:
19:8a:6a:d9:90:a4:db:00:fc:ee:fd:b1:c8:f1:0f:08:c6:47:
78:da:7e:2f:33:f1:8f:16:80:f0:97:a1:72:f9:5a:6e:30:12:
28:2a:c3:ca:cd:b3:c7:f1:ab:e1:db:b8:16:01:54:b7:5f:9e:
df:5e:56:25:6e:d4:72:78:a4:5d:c5:ea:92:c0:6b:a6:aa:bd:
06:73:6f:5f:57:29:38:db:13:f1:7d:51:60:af:21:fe:79:fa:
a5:8c:cc:12:34:76:32:92:24:9e:9e:6d:51:56:2d:05:28:09:
9b:ca:d7:8e:f3:22:ea:a5:80:82:6b:83:5e:2a:35:53:67:bc:
05:5b:ac:0e:24:48:1a:ef:98:96:e5:8a:7f:28:64:1e:ae:ec:
11:18:66:45
-----BEGIN CERTIFICATE-----
MIIDlzCCAn+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADAvMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRIwEAYDVQQDDAlUZXN0IENBIDIwHhcNMTgwMzE0MTYxODM0
WhcNMjgwMzExMTYxODM0WjAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUw
EwYDVQQDDAx2b21zLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDKD9fGkcwVoZcyCyD9lBFXRlk6eT7vU6ubKDBk2rzFC5AlZ+VGBi3P3UIV
CPEe7Yvlycs9zEp3kmOvrJSn5okGZAy8KFLRUEgCVFtbbZ4P7on0ASEl6qyvBqSS
zjIvEFT2NwJ+4Ocq/UKSyP9c8fKDYpvZffYIy4Q+AyajAaLOnN7ZNyZ+bBJQFIhH
vGiRavbVBXDm/RAFZVZFb5Ui0tRVd8z1+gikNiz6skeQbMSENqwk+NmomWbgXpY0
HmVIhg8Qe+k9Gj/qU59wMAwwk9P5Z9FmfKBAKP5rF3Lf1VunDyi8ktHIMaZk4NHA
HfbduAOxMZ3YDVRW32k18VXMhFLRAgMBAAGjgbowgbcwDAYDVR0TAQH/BAIwADAd
BgNVHQ4EFgQUX/7l1ayjbPQZqAJ98LiaZ9CpoR8wDgYDVR0PAQH/BAQDAgXgMD4G
A1UdJQQ3MDUGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4
QgQBBggrBgEFBQcDBDAfBgNVHSMEGDAWgBQ3A8uWQjoUj71bciru8GuobU+MRDAX
BgNVHREEEDAOggx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQEFBQADggEBANJ1IVSQ
xogVJXlIbdG6WsdYpLA1XjAaz7o/NvwenJGrVMqoPio8dURVKife5w/YyDeRsWUq
v4E3Wg+0MdYsfeD/4TbEz9ezoyC+fbsmrvZV32hGg0yQg+5uXRZMq5QCYRi7SOB4
w86OhzDNghmKatmQpNsA/O79scjxDwjGR3jafi8z8Y8WgPCXoXL5Wm4wEigqw8rN
s8fxq+HbuBYBVLdfnt9eViVu1HJ4pF3F6pLAa6aqvQZzb19XKTjbE/F9UWCvIf55
+qWMzBI0djKSJJ6ebVFWLQUoCZvK147zIuqlgIJrg14qNVNnvAVbrA4kSBrvmJbl
in8oZB6u7BEYZkU=
-----END CERTIFICATE-----
vanilla-nginx-sources/t/certs/voms_example_2.key.pem deleted 100644 → 0
View file @ b3b63e6e
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAyg/XxpHMFaGXMgsg/ZQRV0ZZOnk+71OrmygwZNq8xQuQJWfl
RgYtz91CFQjxHu2L5cnLPcxKd5Jjr6yUp+aJBmQMvChS0VBIAlRbW22eD+6J9AEh
Jeqsrwakks4yLxBU9jcCfuDnKv1Cksj/XPHyg2Kb2X32CMuEPgMmowGizpze2Tcm
fmwSUBSIR7xokWr21QVw5v0QBWVWRW+VItLUVXfM9foIpDYs+rJHkGzEhDasJPjZ
qJlm4F6WNB5lSIYPEHvpPRo/6lOfcDAMMJPT+WfRZnygQCj+axdy39Vbpw8ovJLR
yDGmZODRwB323bgDsTGd2A1UVt9pNfFVzIRS0QIDAQABAoIBAC16D1hTrBkaO0s6
EfzAfH6mCKMOcsmujSroiqvIR0AZ8CFbFtEBxwHHjH3re0k4sYnQNvv7pK7wtZru
Pq7jRee4UN1wPeN6LBrKHZ2gODjhuQ6/ylQcUy05U4Tu/4B0LosTqm4f9CdKxNcA
gejLU4eag/UZUmx8UZEbaHC7h4b0hQxu0EKEYZGo34azLRBaBqREtm2FpVk9ycJk
+Ij4a+qUfwCDJl8Z61hh4BNT7tWJVy5R61qxlD5Y9+thG7p2pgLCAyXVskgYfwCV
/AYOblWM9mEKpfnhEkhG0e2AO9/jOSsVaXWbiKC4tq59Lh3s6P5c0vlM4lMG4ZRS
axWVRBkCgYEA6xU9AaW5sd8gtOk1zpKVga5PdcewkCMj4eABZvuXW4B2wJr3KDIi
TYAZFqz6t7yy7VxhR75lXECbmyFB1uoHxt9yl+yY6R0IQEKsLA9xvEw2Xzqr7gch
Tfv+sQsIoW+nl5Z4TTrNMRoBwvzTZNkBSUQXRhOOfWhQUKJ/ZrDvS6MCgYEA3Apx
0YPQrb5r8V4hu6OyPhfUp3ZsoKvOyLVKKv7Yhx2u/yXCtsCXP+c5sNDFN3vxoWxX
8uOgZUrwhKF5ieYSQB0uSZONzHGtItRtaAaSGdQ4s7UDbWFHEfxR9XE1ZP8m/A5Z
wN0knnTQjve1ZyovTSGSs0zzRQoZaYmw6WFYzvsCgYEA1S46V48Y+WNVPpmpsL2f
FK2k4zMGO3+SX5gKzX/j/xddGUauUWY9UziSB80vw4U8YSGAGlZfhqwUMDaVhTZP
fRpOydTFycgJHnUXuxD6W/5k5DDJjx4qJpUZnyVZW0Rsn3vVdnuXbiqeZFtvvClK
EE3OKT883R7Gjoj9rXtQVa8CgYEAkLtiACCGyzFcSMfUwlo67HK6UmgnrUs02Xm9
TiiQfdc9et/4gkKNed/6Z136yrMAzV+5Pa8Rmm6/Y03e5qBpUrie8JBYjagb7LPz
PqBLyyd3IGUo2vJIUAE6W4naSBM4LkS2LpCG/J7za4ZtUG1D7aTunHc58ChjbLK/
pdJ9Gq8CgYEAmQHYXsVzjhxLDdYJGj4Dg2abaSL4y0e+76zP/AVfeNHfAoztm2w2
WJm5Xdf1NFEP+aopuGl9D4ikGvZ5bHscAgj/L3rbrOCz1XAmIwAcpcPE782vV1Pe
AEM7dszw7BXxvh5Fld1SJcC+/bUW7JTRzPRJmfz/jF/AF4SKkE9yk6Q=
-----END RSA PRIVATE KEY-----
vanilla-nginx-sources/t/eec_cert.t deleted 100644 → 0
View file @ b3b63e6e
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: rfc proxy certificate, no AC
--- main_config
load_module /etc/nginx/modules/ngx_http_echo_module.so;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_cert;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/0.cert.pem;
proxy_ssl_certificate_key ../../certs/0.key.pem;
}
--- request
GET /
--- response_body
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
--- error_code: 200
=== TEST 2: EEC
--- main_config
load_module /etc/nginx/modules/ngx_http_echo_module.so;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_cert;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/test0.cert.pem;
proxy_ssl_certificate_key ../../certs/9.key.pem;
}
--- request
GET /
--- response_body
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
--- error_code: 200
vanilla-nginx-sources/t/eec_chain.t deleted 100644 → 0
View file @ b3b63e6e
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: EEC chain containing CA certificate
--- main_config
load_module /etc/nginx/modules/ngx_http_echo_module.so;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_cert;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/9.pem;
proxy_ssl_certificate_key ../../certs/9.key.pem;
}
--- request
GET /
--- response_body
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
--- error_code: 200
vanilla-nginx-sources/t/eec_subject.t deleted 100644 → 0
View file @ b3b63e6e
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: rfc proxy certificate, no AC
--- main_config
load_module /etc/nginx/modules/ngx_http_echo_module.so;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_s_dn;
echo $ssl_client_ee_i_dn;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/0.cert.pem;
proxy_ssl_certificate_key ../../certs/0.key.pem;
}
--- request
GET /
--- response_body
CN=test0,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
--- error_code: 200
=== TEST 2: standard x.509 certificate
--- main_config
load_module /etc/nginx/modules/ngx_http_echo_module.so;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_s_dn;
echo $ssl_client_s_dn;
echo $ssl_client_ee_i_dn;
echo $ssl_client_i_dn;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/nginx_voms_example.cert.pem;
proxy_ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
}
--- request
GET /
--- response_body
CN=nginx-voms.example,O=IGI,C=IT
CN=nginx-voms.example,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
--- error_code: 200
=== TEST 3: three delegations proxy
--- main_config
load_module /etc/nginx/modules/ngx_http_echo_module.so;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_s_dn;
echo $ssl_client_ee_i_dn;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/7.cert.pem;
proxy_ssl_certificate_key ../../certs/7.key.pem;
}
--- request
GET /
--- response_body
CN=test0,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
--- error_code: 200
=== TEST 4: three delegations proxy + CA cert
--- main_config
load_module /etc/nginx/modules/ngx_http_echo_module.so;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_ee_s_dn;
echo $ssl_client_ee_i_dn;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/8.cert.pem;
proxy_ssl_certificate_key ../../certs/8.key.pem;
}
--- request
GET /
--- response_body
CN=test0,O=IGI,C=IT
CN=Test CA,O=IGI,C=IT
--- error_code: 200
vanilla-nginx-sources/t/expired.t deleted 100644 → 0
View file @ b3b63e6e
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: https with x509 client authentication, expired client certificate
--- main_config
load_module /etc/nginx/modules/ngx_http_echo_module.so;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
echo $ssl_client_s_dn;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/2.cert.pem;
proxy_ssl_certificate_key ../../certs/2.key.pem;
}
--- request
GET /
--- response_body_like eval
qr/\n/
--- error_log
certificate has expired
--- error_code: 400
vanilla-nginx-sources/t/my-echo-test.t deleted 100644 → 0
View file @ b3b63e6e
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: hello, world
This is just a simple demonstration of the echo directive provided by ngx_http_echo_module.
--- main_config
load_module /etc/nginx/modules/ngx_http_echo_module.so;
--- config
location = /hello {
echo "hello, world!";
}
--- request
GET /hello
--- response_body
hello, world!
--- error_code: 200
\ No newline at end of file
vanilla-nginx-sources/t/my-simple-test.t deleted 100644 → 0
View file @ b3b63e6e
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: hello world
--- config
location = /hello {
return 200 "hello world\n";
}
--- request
GET /hello
--- response_body
hello world
vanilla-nginx-sources/t/no_ssl.t deleted 100644 → 0
View file @ b3b63e6e
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: HTTP connection, no SSL
--- main_config
load_module /etc/nginx/modules/ngx_http_echo_module.so;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
env X509_VOMS_DIR=t/vomsdir;
--- http_config
server {
error_log logs/error.log debug;
listen 8443;
location = / {
default_type text/plain;
echo $voms_user;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass http://localhost:8443/;
}
--- request
GET /
--- response_body_like eval
qr/\n/
--- error_log
SSL not enabled
--- error_code: 200
vanilla-nginx-sources/t/ssl_log_voms_plain_http.t deleted 100644 → 0
View file @ b3b63e6e
use Test::Nginx::Socket 'no_plan';
master_on();
run_tests();
__DATA__
=== TEST 1: SSL server, logging a VOMS variabile, but plain HTTP request
--- main_config
load_module /etc/nginx/modules/ngx_http_echo_module.so;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
env X509_VOMS_DIR=t/vomsdir;
--- http_config
log_format voms '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'[$voms_user]';
server {
error_log logs/error.log debug;
access_log logs/access.log voms;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
location = / {
default_type text/plain;
echo $voms_user;
}
}
--- config
location = /lua {
error_log logs/error-proxy.log debug;
access_log logs/access-proxy.log;
content_by_lua_block {
local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", 8443)
if not ok then
ngx.say("failed to connect to upstream: ", err)
return
end
ngx.say("successfully connected to upstream!")
sock:send("G")
sock:close()
}
}
--- request
GET /lua
--- error_log
client prematurely closed connection
retrieve_voms_ac_from_proxy
plain HTTP
--- error_code: 200
vanilla-nginx-sources/t/ssl_no_client_authn.t deleted 100644 → 0
View file @ b3b63e6e
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: HTTPS with no X.509 client authentication
--- main_config
load_module /etc/nginx/modules/ngx_http_echo_module.so;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
env X509_VOMS_DIR=t/vomsdir;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
location = / {
default_type text/plain;
echo $voms_user;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
}
--- request
GET /
--- response_body_like eval
qr/\n/
--- error_log
no SSL peer certificate available
--- error_code: 200
vanilla-nginx-sources/t/subrequest.t deleted 100644 → 0
View file @ b3b63e6e
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: valid AC, verification of valid VOMS attributes extracted by ngx_http_voms_module
--- main_config
load_module /etc/nginx/modules/ngx_http_echo_module.so;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
--- http_config
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
auth_request /authz;
default_type text/plain;
echo $some_var;
}
location = /authz {
internal;
set $some_var $voms_user;
return 200;
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443;
proxy_ssl_certificate ../../certs/3.cert.pem;
proxy_ssl_certificate_key ../../certs/3.key.pem;
}
--- request
GET /
--- response_body
/C=IT/O=IGI/CN=test0
--- error_code: 200