Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • fornari/ngx_http_voms_module
  • cnafsd/ngx_http_voms_module
2 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 500 additions and 157 deletions
t/certs/test0.key.pem deleted 100644 → 0
View file @ cf553629
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqbOgT0owFy8CAggA
MBQGCCqGSIb3DQMHBAi0pGFZzZYROgSCBMhwhhXisB/ishN/r4FGku1DY/CNq/ZF
XhH1YvEoZRT4GA4HLa6hrh7yPdYyH0hhvMKuLGaH4Df+YUOXZq5c0mHgBjk9YkCp
PHhZHUwBFrryF/RV5P7u3zXqce/huQJ5yq2TLRv3NS8WiwavWmcbYSgyCFwSOHf4
Vxz21ggY+oNLa32X0dDxDJ4TlGSK0vSQzIjCjOpzxkewJ6LpA1c3LqTu155y/cdM
mFgd0XN3hUh+j6yQ9JMrNAKOrP0mPmphvEqXoS6l0RV+8x7PzQXvjfmULPsMxEhm
P+D8EBap8AhnvgAlEPwHTxC5uBqh+bdE7NnMsaetivWZ1wNSkLXuh+CKHfAtqDea
zWn1mCQG12H4SGrONoV95yqC6Z1SoMCrll0I/M7b7VUwas63Mp+abXFPv1X6GLAr
ONSua6wAs3GxDvxEtPJmL3nVvWoVvr/jSQ9i2k5y7RoAr2r17qF7fcossq9DVST2
q1a3sd/0gzIyfVdtxU+akOlbW/+vYl2Dc18SmwIGpi5It6eCozUHOxhFFFHFczyY
RmjwohaHzGbuhwqNOzIfX0xlmVE/NW4xchSQsRQnq7c8mEQmiwLrABj19Jme29vW
ThFepYK8yGxuULYSFfVnhuGkWgmr61YwjpeyrOPefeydr++qP+45o6bHZhmH7leC
MIUS79BHFck/y4ZA6XltoF07MBmFnDz3OJKSmMGh5a7gFHJjA/e+QNvkGju+97mq
V1mc+xxkyIJPEn3hw0v60//4ByQcGTY57BQVVQXYJB/4Jr8T749G8eQl4YmPmv5p
hPls688ECXfiHQCRrp3yub8415zEkc2k+J3HXr17LRNBxvJ5qOC/CfiGlH6rG6Al
ufL8mbY1yMKgMUBuU5VQ/fX0EID34dOBbb+/FbyEoVmzWJEAzJj6bNUQe2M/JkfK
G6yzrO2TCFbFBz9DZ577xGHlylPeSG1UmICg4o4kyeUkD47K0RnJ8NZfozCs463S
T9LCWH11ReAVJfiEB9T6yLBd5jKEa/IEDB8S74knVyWu1qDnlh9USenJ6kzT8fKR
v5pTEGaH2toE8pzmKeaPxXtJBwcMv4SBd/NCoBEnutTfjYmdS/7qG/G0uC2jN9Si
eYZSGS/mlIYIhSvamCDnLl1FBoD69cWF0bz2ywSwJedJy1AIWpcfn+pNCTQF92cy
QkbG19jrrFOQJhQoeUCcAA8p8KBCkNCHrwEe7QIRCiJmCMYOhiGjAE3iqW8DSXAE
OqonWY6FyvEsrgKBrHtVuWQjC4jUrnzEsjQj+nHpAsKktlrBOynkLOWyeRexGLl7
xElx6WZkOtmCVM3gLa+vH0hH7vEmXZnDKyhsSbQ8kEOSXLCsUZR9ggav+rO57W2O
Vnx6Qko3ynOfFfPVrMVetJCm7p+ar6qgsyZpi52FFxeIGHmJ2STv3QSXQhvnWtP4
pIMdYudQ7Kw90L0vDf1+cpI+a8jUGRU1KrtfV2jVrN/7mf8Tf1bGiUt+WPF6l1es
WyEBcH3+xYu9W5N82bIFtrlogJI/gj6qtmN3QIeUrIPsrvJ8iuUqNWLB5aQFtbAd
poYVj+8hScMgQ2HiKqlffyDOWNghuePlFJecgcJcpusm+LqiYaWPo2RNvPdWvb+I
1o0=
-----END ENCRYPTED PRIVATE KEY-----
t/certs/test0.p12 deleted 100644 → 0
View file @ cf553629
File deleted
t/certs/voms_example.cert.pem deleted 100644 → 0
View file @ cf553629
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 787 (0x313)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=IT, O=IGI, CN=Test CA
Validity
Not Before: Dec 6 09:46:37 2017 GMT
Not After : Dec 4 09:46:37 2027 GMT
Subject: C=IT, O=IGI, CN=voms.example
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:bc:7f:c8:da:1e:0d:93:50:b4:98:22:1a:2f:ad:
23:f4:92:2b:72:91:12:9b:ef:e1:a3:a2:a6:03:04:
bd:c7:c2:7f:78:51:78:fd:94:06:d3:aa:e8:dd:56:
8f:1d:d5:1d:a5:49:3f:4c:b2:4c:d1:3e:69:2c:60:
c0:8f:5f:0f:7c:6d:a4:cb:58:0c:6e:de:33:6a:6c:
32:11:bb:d3:e1:4d:03:13:b5:1f:99:35:1d:1f:af:
b4:7b:da:b6:1b:5a:76:76:54:04:f3:e8:d7:60:6b:
c6:55:d9:d4:12:eb:7b:f2:3d:df:ec:9e:da:d4:df:
10:af:ee:dc:9d:96:c7:14:8c:60:16:d8:92:ca:29:
8c:df:f7:4f:8f:8b:a7:80:01:e7:f7:7a:4f:3c:32:
42:af:ce:2e:f8:1a:7b:bc:b5:eb:20:a7:d5:28:c1:
a4:d3:54:d3:dc:c0:dc:96:7b:c4:09:c5:9f:2f:c8:
db:73:61:01:e4:2e:97:b9:05:64:1a:dc:76:09:09:
eb:af:be:6c:47:b9:5b:41:86:c1:51:c0:fe:65:23:
2b:94:ac:b0:81:46:99:9a:c2:9e:6f:0b:62:03:34:
d3:5b:b5:db:e7:ac:38:0e:31:63:ed:81:1f:6e:bc:
41:65:89:b1:8d:2f:5f:fa:8a:da:88:ac:f8:cb:3f:
eb:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
33:8C:09:D4:49:94:01:CE:D1:FB:0B:9D:19:5E:AD:C4:D7:F5:90:C4
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
X509v3 Authority Key Identifier:
keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6
X509v3 Subject Alternative Name:
DNS:voms.example
Signature Algorithm: sha256WithRSAEncryption
e0:c5:08:e4:92:9b:26:09:04:64:b9:9e:c9:27:82:2c:90:4c:
4b:f1:3c:1a:4d:cd:f6:5a:fe:8a:58:6b:36:42:3b:7b:d0:e0:
66:2a:ee:2d:ad:d0:2a:59:52:c8:44:85:b6:90:af:12:49:cc:
de:a4:65:aa:e9:6e:83:e1:cf:20:d3:98:8f:3e:a8:a1:82:f8:
f5:6e:97:73:78:be:46:a7:5a:a7:10:30:b7:01:13:cf:b4:03:
c6:74:f7:e4:b8:51:21:33:79:4a:88:d6:01:cb:c1:22:37:6e:
9f:1d:2c:3e:eb:d0:09:51:3b:0a:5f:b5:19:b6:1a:35:63:95:
94:f5:99:a1:bc:18:bc:84:aa:9b:70:3a:b2:2d:c2:ed:50:19:
20:16:94:21:ea:49:e1:d8:61:10:9d:f5:29:65:11:a2:15:2b:
8a:f7:14:5a:49:b8:2d:5c:0f:fc:77:20:e7:03:3a:15:b8:21:
31:d8:33:fc:8f:70:1c:a6:90:80:84:b3:af:1f:2d:28:9e:c6:
e2:8a:43:ec:26:32:bf:d7:6a:aa:42:5a:2c:50:29:33:5d:b7:
e8:58:22:b6:c7:7b:bf:a4:ac:55:32:2d:51:58:1a:ee:9e:80:
d2:4d:24:4b:6a:e3:97:2e:a7:5c:e3:50:84:33:b5:ec:a4:20:
6e:70:1d:e9
-----BEGIN CERTIFICATE-----
MIIDljCCAn6gAwIBAgICAxMwDQYJKoZIhvcNAQELBQAwLTELMAkGA1UEBhMCSVQx
DDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0xNzEyMDYwOTQ2Mzda
Fw0yNzEyMDQwOTQ2MzdaMDIxCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJR0kxFTAT
BgNVBAMMDHZvbXMuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALx/yNoeDZNQtJgiGi+tI/SSK3KREpvv4aOipgMEvcfCf3hReP2UBtOq6N1W
jx3VHaVJP0yyTNE+aSxgwI9fD3xtpMtYDG7eM2psMhG70+FNAxO1H5k1HR+vtHva
thtadnZUBPPo12BrxlXZ1BLre/I93+ye2tTfEK/u3J2WxxSMYBbYksopjN/3T4+L
p4AB5/d6TzwyQq/OLvgae7y16yCn1SjBpNNU09zA3JZ7xAnFny/I23NhAeQul7kF
ZBrcdgkJ66++bEe5W0GGwVHA/mUjK5SssIFGmZrCnm8LYgM001u12+esOA4xY+2B
H268QWWJsY0vX/qK2ois+Ms/6ysCAwEAAaOBujCBtzAMBgNVHRMBAf8EAjAAMB0G
A1UdDgQWBBQzjAnUSZQBztH7C50ZXq3E1/WQxDAOBgNVHQ8BAf8EBAMCBeAwPgYD
VR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhC
BAEGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOiEUnGMBcG
A1UdEQQQMA6CDHZvbXMuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOCAQEA4MUI5JKb
JgkEZLmeySeCLJBMS/E8Gk3N9lr+ilhrNkI7e9DgZiruLa3QKllSyESFtpCvEknM
3qRlqulug+HPINOYjz6ooYL49W6Xc3i+RqdapxAwtwETz7QDxnT35LhRITN5SojW
AcvBIjdunx0sPuvQCVE7Cl+1GbYaNWOVlPWZobwYvISqm3A6si3C7VAZIBaUIepJ
4dhhEJ31KWURohUrivcUWkm4LVwP/Hcg5wM6FbghMdgz/I9wHKaQgISzrx8tKJ7G
4opD7CYyv9dqqkJaLFApM1236Fgitsd7v6SsVTItUVga7p6A0k0kS2rjly6nXONQ
hDO17KQgbnAd6Q==
-----END CERTIFICATE-----
t/certs/voms_example.key.pem deleted 100644 → 0
View file @ cf553629
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/ho6KmAwS9x8J/eFF4
/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4zamwyEbvT4U0DE7Uf
mTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Qr+7cnZbHFIxgFtiS
yimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT3MDclnvECcWfL8jb
c2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZmsKebwtiAzTTW7Xb
56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABAoIBACXvPXeP1sGP21hG
fKidmn/Mrsu2oF0bcHhi8i/nU14RKWAIXWYC1UDhw01P7ytcyUOLMx73PvhZLAdP
TVFNGyu6URDPHmltdEF1lrn059YOjpD3wW0uwDaxQIwwXrewg+iaTgjcEgQIjHiY
htJr65y7kQXojjeK0KvnUSSxxEzA/uWeyQi/+ZFzPRfrj5o0uwo+qnwwiYn8FSVl
9S/MPiAXZcvQTojEu5kbH/0iRUwhDzcmtj8O1M3idhMl1G/WtdU2zHsR6p78HuZK
uZu9JRnSh1K8wiDdT+8TIitvBuv87fVFJg54pbO+Sa6tsfm4q9Vf21DyY7ZVRoie
Y6IPz8ECgYEA3c8NuLLKCFvU55lZkNWl0ixicD3w4o1k2at9FKYsboPJ9BUIYpVO
vqSflUKATENNfkoWmT4iTbNq8VJxnLNn1y33uB9ztQIn99Do0YeERSW0JExb363r
dJNlirxovoXvUT6kGHqFWIJyxXkh6wEZ4gqne94ujtqj9KHWczbpw4sCgYEA2Y5G
1L49361df9VDblhxS60hNmtNC9h3XTqKwfOXLCHG61JMxNUChhKikUuDsvfmXwta
dX51WJSL56pDHlk0prLrMWli4zLhiPiXknUIFiUt07lbzfDZ0aehr9xOFM4oBnyV
oR3eBhE/YJ1W3Xt2DGUySE09eukHoEeZURrq6uECgYAqKDhLam/Ltuh4PEUxqemi
UJ1FCADIjmckl9tmGU9IkfPIWFcHpakZwuAx1jncRM5tulchORX7/qXMyAaf6dlK
pIn4jMHJHWfLSgF2EXOqUMg0Pe8YTE38EieyfqzJyVr67hTyMhc2A1UdAzDXIZZx
x+SdPlVLAXM4A6pmq4EykQKBgQCLq+9HiDe7Edd0SZu4DSn3ltg60tqtHzVK8lnB
OT01xR2rWLQWrlancvFR7LRJwyPwox5ZTm3SB9RmUAY1Rropx7Z9i5ZEHRd003yk
N2SQqx/nzRnmdpmxIzkH6Z1reAt0VqnNvZocNRiGU51AJpJcVN/aUVSGQ3N08GK7
Elf9oQKBgGKL4eCjoLp9Kuvp+UXeKeeTSR2rTSOh36ZjtxDLOhdAj5mXSFj2nvLx
j2YNCkuU0Y25Vbpt/go7DFRnbZmKucpyUJNC49m3YD4zq0CVMX4BOUkkg3rJjMhP
Ce3aEfVwC9rF9sFHp5pHTBm6HCBCZikVtpYjn05rUtLYiYcSia88
-----END RSA PRIVATE KEY-----
t/conf.d/ephemeral_ca.conf 0 → 100644
View file @ 3c4a7183
[ ephemeral_ca ]
dir = ${ENV::CA_NAME}
certs = $dir/certs
database = $dir/index.txt
serial = $dir/serial
certificate = $dir/ca.crt
private_key = $dir/private/ca.key
default_crl_days = 30
default_md = sha512
[ ephemeral_ca_cert ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/private/ca.key
distinguished_name = ${ENV::CA_NAME}_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = ${ENV::CA_NAME}_extensions
[ ephemeral_ca_dn ]
C = IT
O = IGI
CN = Ephemeral CA
[ ephemeral_ca_extensions ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
basicConstraints = critical, CA:true
keyUsage = critical, cRLSign, keyCertSign
t/conf.d/expired.conf 0 → 100644
View file @ 3c4a7183
[ expired ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/expired.key.pem
distinguished_name = expired_dn
prompt = no
output_password = pass
default_md = sha512
x509_extensions = expired_extensions
[ expired_dn ]
C = IT
O = IGI
CN = Expired
[ expired_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
authorityKeyIdentifier = keyid, issuer
subjectAltName = email:expired@cnaf.infn.it
t/conf.d/igi_test_ca.conf 0 → 100644
View file @ 3c4a7183
[ igi_test_ca ]
dir = ${ENV::CA_NAME}
certs = $dir/certs
database = $dir/index.txt
serial = $dir/serial
certificate = $dir/ca.crt
private_key = $dir/private/ca.key
default_crl_days = 30
default_md = sha512
[ igi_test_ca_cert ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/private/ca.key
distinguished_name = ${ENV::CA_NAME}_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = ${ENV::CA_NAME}_extensions
[ igi_test_ca_dn ]
C = IT
O = IGI
CN = Test CA
[ igi_test_ca_extensions ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
basicConstraints = critical, CA:true
keyUsage = critical, cRLSign, keyCertSign
t/conf.d/igi_test_ca2.conf 0 → 100644
View file @ 3c4a7183
[ igi_test_ca2 ]
dir = ${ENV::CA_NAME}
certs = $dir/certs
database = $dir/index.txt
serial = $dir/serial
certificate = $dir/ca.crt
private_key = $dir/private/ca.key
default_crl_days = 30
default_md = sha512
[ igi_test_ca2_cert ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/private/ca.key
distinguished_name = ${ENV::CA_NAME}_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = ${ENV::CA_NAME}_extensions
[ igi_test_ca2_dn ]
C = IT
O = IGI
CN = Test CA 2
[ igi_test_ca2_extensions ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
basicConstraints = critical, CA:true
keyUsage = critical, cRLSign, keyCertSign
t/conf.d/revoked.conf 0 → 100644
View file @ 3c4a7183
[ revoked ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/revoked.key.pem
distinguished_name = revoked_dn
prompt = no
output_password = pass
default_md = sha512
x509_extensions = revoked_extensions
[ revoked_dn ]
C = IT
O = IGI
CN = Revoked
[ revoked_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
authorityKeyIdentifier = keyid, issuer
subjectAltName = email:revoked@cnaf.infn.it
t/conf.d/star_test_example.conf 0 → 100644
View file @ 3c4a7183
[ star_test_example ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/star_test_example.key.pem
distinguished_name = star_test_example_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = star_test_example_extensions
[ star_test_example_dn ]
C = IT
O = IGI
CN = *.test.example
[ star_test_example_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, digitalSignature
extendedKeyUsage = serverAuth, clientAuth
authorityKeyIdentifier = keyid, issuer
subjectAltName = DNS:*.test.example
t/conf.d/test0.conf 0 → 100644
View file @ 3c4a7183
[ test0 ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/test0.key.pem
distinguished_name = test0_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = test0_extensions
[ test0_dn ]
C = IT
O = IGI
CN = Test0
[ test0_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
authorityKeyIdentifier = keyid, issuer
subjectAltName = email:test0@cnaf.infn.it
t/conf.d/test1.conf 0 → 100644
View file @ 3c4a7183
[ test1 ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/test1.key.pem
distinguished_name = test1_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = test1_extensions
[ test1_dn ]
C = IT
O = IGI
CN = Test1
[ test1_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
authorityKeyIdentifier = keyid, issuer
subjectAltName = email:test1@cnaf.infn.it
t/conf.d/untrusted_voms.conf 0 → 100644
View file @ 3c4a7183
[ untrusted_voms ]
default_bits = 2048
default_keyfile = ${ENV::CA_NAME}/certs/untrusted_voms.key.pem
distinguished_name = untrusted_voms_dn
prompt = no
encrypt_key = no
default_md = sha512
x509_extensions = untrusted_voms_extensions
[ untrusted_voms_dn ]
C = IT
O = IGI
CN = untrusted-voms.example
[ untrusted_voms_extensions ]
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
keyUsage = critical, digitalSignature
extendedKeyUsage = serverAuth, clientAuth
authorityKeyIdentifier = keyid, issuer
subjectAltName = DNS:untrusted-voms.example
t/eec_cert1.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: RFC proxy certificate, no AC
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$ssl_client_ee_s_dn\n$ssl_client_ee_i_dn\n$ssl_client_s_dn\n$ssl_client_i_dn\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/0.cert.pem;
proxy_ssl_certificate_key ../../certs/0.key.pem;
}
--- request
GET /
--- response_body eval
my $ee_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
my $ee_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
my $pr_s = `openssl x509 -in t/certs/0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
my $pr_i = `openssl x509 -in t/certs/0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
"$ee_s$ee_i$pr_s$pr_i";
--- error_code: 200
t/eec_chain.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: EEC chain containing CA certificate
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$ssl_client_ee_s_dn\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/test0+ca.pem;
proxy_ssl_certificate_key ../../certs/test0.key.pem;
}
--- request
GET /
--- response_body eval
`openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
--- error_code: 200
t/eec_subject2.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: End-entity X.509 certificate
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$ssl_client_ee_s_dn\n$ssl_client_s_dn\n$ssl_client_ee_i_dn\n$ssl_client_i_dn\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/test0.cert.pem;
proxy_ssl_certificate_key ../../certs/test0.key.pem;
}
--- request
GET /
--- response_body eval
my $c_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
my $c_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
"$c_s$c_s$c_i$c_i";
--- error_code: 200
t/eec_subject3.t 0 → 100644
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: three delegations proxy
--- main_config
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$ssl_client_ee_s_dn\n$ssl_client_ee_i_dn\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/6.cert.pem;
proxy_ssl_certificate_key ../../certs/6.key.pem;
}
--- request
GET /
--- response_body eval
my $c_s = `openssl x509 -in t/certs/test0.cert.pem -noout -subject -nameopt RFC2253` =~ s/^subject=//r;
my $c_i = `openssl x509 -in t/certs/test0.cert.pem -noout -issuer -nameopt RFC2253` =~ s/^issuer=//r;
"$c_s$c_i";
--- error_code: 200
t/voms_generic_attributes.t t/encoding.t
View file @ 3c4a7183
use Test::Nginx::Socket 'no_plan';
run_tests();
__DATA__
=== TEST 1: valid AC, including generic attributes
=== TEST 1: valid AC, verification of VOMS generic attributes encoding
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
location = / {
default_type text/plain;
echo $voms_user;
echo $voms_user_ca;
echo $voms_fqans;
echo $voms_server;
echo $voms_server_ca;
echo $voms_vo;
echo $voms_server_uri;
echo $voms_not_before;
echo $voms_not_after;
echo $voms_generic_attributes;
echo $voms_serial;
return 200 "$voms_generic_attributes\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/4.cert.pem;
proxy_ssl_certificate_key ../../certs/4.key.pem;
......@@ -43,15 +38,5 @@ __DATA__
--- request
GET /
--- response_body
/C=IT/O=IGI/CN=test0
/C=IT/O=IGI/CN=Test CA
/test/exp1,/test/exp2,/test/exp3/Role=PIPPO
/C=IT/O=IGI/CN=voms.example
/C=IT/O=IGI/CN=Test CA
test.vo
voms.example:15000
20180101000000Z
20300101000000Z
n=nickname v=newland q=test.vo,n=nickname v=giaco q=test.vo
0
n=nickname v=sd q=test.vo,n=title v=assegnista%25di%25ricerca%40CNAF q=test.vo
--- error_code: 200
t/expired_proxy.t t/expired.t
View file @ 3c4a7183
......@@ -7,23 +7,29 @@ __DATA__
=== TEST 1: https with x509 client authentication, expired client certificate
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
location = / {
default_type text/plain;
echo $ssl_client_s_dn;
return 200 "$ssl_client_s_dn\n";
}
}
--- config
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/2.cert.pem;
proxy_ssl_certificate_key ../../certs/2.key.pem;
......
t/expired_ac_proxy.t t/expired_ac.t
View file @ 3c4a7183
......@@ -7,32 +7,37 @@ __DATA__
=== TEST 1: https with x509 client authentication, valid proxy certificate with expired VOMS attributes
--- main_config
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=t/vomsdir;
env X509_CERT_DIR=t/trust-anchors;
load_module /etc/nginx/modules/ngx_http_voms_module.so;
--- http_config
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ../../certs/nginx_voms_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi-test-ca.pem;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
location = / {
default_type text/plain;
echo $voms_fqans;
echo $voms_user;
return 200 "$voms_fqans\n$voms_user\n";
}
}
--- config
location = / {
location = / {
error_log logs/error-proxy.log debug;
proxy_pass https://localhost:8443/;
proxy_ssl_certificate ../../certs/1.cert.pem;
proxy_ssl_certificate_key ../../certs/1.key.pem;
}
--- request
GET /
GET /
--- response_body_like eval
qr/\n\n/
--- error_log
......