diff --git a/test/certs/ct-server-key-public.pem b/test/certs/ct-server-key-public.pem deleted file mode 100644 index c35ce3f483b6f15649a3a89065e5cd743151e505..0000000000000000000000000000000000000000 --- a/test/certs/ct-server-key-public.pem +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3U -yEJ04r5ZrRXGdpYM8K+hB0pXrGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w== ------END PUBLIC KEY----- diff --git a/test/certs/ct-server-key.pem b/test/certs/ct-server-key.pem deleted file mode 100644 index ab6a5575bb018ee719315d246b24609c42121b07..0000000000000000000000000000000000000000 --- a/test/certs/ct-server-key.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIFLw4uhuCruGKjrS9MoNeXFbypqZe+Sgh+EL1gnRn1d4oAoGCCqGSM49 -AwEHoUQDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3UyEJ04r5ZrRXGdpYM8K+hB0pX -rGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w== ------END EC PRIVATE KEY----- diff --git a/test/certs/embeddedSCTs1-key.pem b/test/certs/embeddedSCTs1-key.pem index 28dd206dbe8dd50a045e1337171a834c43baa683..e3e66d55c51060f7772b13ca408807baab06a9b9 100644 --- a/test/certs/embeddedSCTs1-key.pem +++ b/test/certs/embeddedSCTs1-key.pem @@ -1,27 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAuIjpA4/iCpDA2mjywI5zG6IBX6bNcRQYDsB7Cv0VonNXtJBw -XxMENP4jVpvEmWpJ5iMBknGHV+XWBkngYapczIsY4LGn6aMU6ySABBVQpNOQSRfT -48xGGPR9mzOBG/yplmpFOVq1j+b65lskvAXKYaLFpFn3oY/pBSdcCNBP8LypVXAJ -b3IqEXsBL/ErgHG9bgIRP8VxBAaryCz77kLzAXkfHL2LfSGIfNONyEKB3xI94S4L -eouOSoWL1VkEfJs87vG4G5xoXw3KOHyiueQUUlMnu8p+Bx0xPVKPEsLje3R9k0rG -a5ca7dXAn9UypKKp25x4NXpnjGX5txVEYfNvqQIDAQABAoIBAE0zqhh9Z5n3+Vbm -tTht4CZdXqm/xQ9b0rzJNjDgtN5j1vuJuhlsgUQSVoJzZIqydvw7BPtZV8AkPagf -3Cm/9lb0kpHegVsziRrfCFes+zIZ+LE7sMAKxADIuIvnvkoRKHnvN8rI8lCj16/r -zbCD06mJSZp6sSj8ZgZr8wsU63zRGt1TeGM67uVW4agphfzuKGlXstPLsSMwknpF -nxFS2TYbitxa9oH76oCpEk5fywYsYgUP4TdzOzfVAgMzNSu0FobvWl0CECB+G3RQ -XQ5VWbYkFoj5XbE5kYz6sYHMQWL1NQpglUp+tAQ1T8Nca0CvbSpD77doRGm7UqYw -ziVQKokCgYEA6BtHwzyD1PHdAYtOcy7djrpnIMaiisSxEtMhctoxg8Vr2ePEvMpZ -S1ka8A1Pa9GzjaUk+VWKWsTf+VkmMHGtpB1sv8S7HjujlEmeQe7p8EltjstvLDmi -BhAA7ixvZpXXjQV4GCVdUVu0na6gFGGueZb2FHEXB8j1amVwleJj2lcCgYEAy4f3 -2wXqJfz15+YdJPpG9BbH9d/plKJm5ID3p2ojAGo5qvVuIJMNJA4elcfHDwzCWVmn -MtR/WwtxYVVmy1BAnmk6HPSYc3CStvv1800vqN3fyJWtZ1P+8WBVZWZzIQdjdiaU -JSRevPnjQGc+SAZQQIk1yVclbz5790yuXsdIxf8CgYEApqlABC5lsvfga4Vt1UMn -j57FAkHe4KmPRCcZ83A88ZNGd/QWhkD9kR7wOsIz7wVqWiDkxavoZnjLIi4jP9HA -jwEZ3zER8wl70bRy0IEOtZzj8A6fSzAu6Q+Au4RokU6yse3lZ+EcepjQvhBvnXLu -ZxxAojj6AnsHzVf9WYJvlI0CgYEAoATIw/TEgRV/KNHs/BOiEWqP0Co5dVix2Nnk -3EVAO6VIrbbE3OuAm2ZWeaBWSujXLHSmVfpoHubCP6prZVI1W9aTkAxmh+xsDV3P -o3h+DiBTP1seuGx7tr7spQqFXeR3OH9gXktYCO/W0d3aQ7pjAjpehWv0zJ+ty2MI -fQ/lkXUCgYEAgbP+P5UmY7Fqm/mi6TprEJ/eYktji4Ne11GDKGFQCfjF5RdKhdw1 -5+elGhZes+cpzu5Ak6zBDu4bviT+tRTWJu5lVLEzlHHv4nAU7Ks5Aj67ApH21AnP -RtlATdhWOt5Dkdq1WSpDfz5bvWgvyBx9D66dSmQdbKKe2dH327eQll4= +MIICWwIBAAKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/BH634c4VyVui+A7k +WL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWkEM2cW9tdSSdyba8X +EPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWwFAn/Xdh+tQIDAQAB +AoGAK/daG0vt6Fkqy/hdrtSJSKUVRoGRmS2nnba4Qzlwzh1+x2kdbMFuaOu2a37g +PvmeQclheKZ3EG1+Jb4yShwLcBCV6pkRJhOKuhvqGnjngr6uBH4gMCjpZVj7GDMf +flYHhdJCs3Cz/TY0wKN3o1Fldil2DHR/AEOc1nImeSp5/EUCQQDjKS3W957kYtTU +X5BeRjvg03Ug8tJq6IFuhTFvUJ+XQ5bAc0DmxAbQVKqRS7Wje59zTknVvS+MFdeQ +pz4dGuV7AkEA1y0X2yarIls+0A/S1uwkvwRTIkfS+QwFJ1zVya8sApRdKAcidIzA +b70hkKLilU9+LrXg5iZdFp8l752qJiw9jwJAXjItN/7mfH4fExGto+or2kbVQxxt +9LcFNPc2UJp2ExuL37HrL8YJrUnukOF8KJaSwBWuuFsC5GwKP4maUCdfEQJAUwBR +83c3DEmmMRvpeH4erpA8gTyzZN3+HvDwhpvLnjMcvBQEdnDUykVqbSBnxrCjO+Fs +n1qtDczWFVf8Cj2GgQJAQ14Awx32Cn9sF+3M+sEVtlAf6CqiEbkYeYdSCbsplMmZ +1UoaxiwXY3z+B7epsRnnPR3KaceAlAxw2/zQJMFNOQ== -----END RSA PRIVATE KEY----- diff --git a/test/certs/embeddedSCTs1.pem b/test/certs/embeddedSCTs1.pem index d2a111fb8235833aebef9e85a272adebdbadd4f2..d1e85120a04389be26773bd0c9899ab11112c466 100644 --- a/test/certs/embeddedSCTs1.pem +++ b/test/certs/embeddedSCTs1.pem @@ -1,21 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDeDCCAuGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk +MIIDWTCCAsKgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX -YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMDAxMjUxMTUwMTNaGA8yMTIwMDEy -NjExNTAxM1owGTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQC4iOkDj+IKkMDaaPLAjnMbogFfps1xFBgOwHsK -/RWic1e0kHBfEwQ0/iNWm8SZaknmIwGScYdX5dYGSeBhqlzMixjgsafpoxTrJIAE -FVCk05BJF9PjzEYY9H2bM4Eb/KmWakU5WrWP5vrmWyS8BcphosWkWfehj+kFJ1wI -0E/wvKlVcAlvcioRewEv8SuAcb1uAhE/xXEEBqvILPvuQvMBeR8cvYt9IYh8043I -QoHfEj3hLgt6i45KhYvVWQR8mzzu8bgbnGhfDco4fKK55BRSUye7yn4HHTE9Uo8S -wuN7dH2TSsZrlxrt1cCf1TKkoqnbnHg1emeMZfm3FURh82+pAgMBAAGjggEMMIIB -CDAdBgNVHQ4EFgQUtMa8XD5ylrF9AqCdnPEhXa63H2owHwYDVR0jBBgwFoAUX52I -Dchz5lTU+A3Y5rDBJLRHw1UwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD -ATCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN8cLsEVAJRSR6lhaDJd3Fx5Wej3xtOI -/AAuC70/dNdkAAABb15m6AAAAAQDAEcwRQIgfDPo8RArm/vcSEZ608Q1u+XQ55QB -u67SZEuZxLpbUM0CIQDRsgcTud4PDy8Cgg+lHeAS7UxgSKBbWAznYOuorwNewzAZ -BgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOBgQCWFKKR -RNkDRzB25NK07OLkbzebhnpKtbP4i3blRx1HAvTSamf/3uuHI7kfiPJorJymJpT1 -IuJvSVKyMu1qONWBimiBfiyGL7+le1izHEJIP5lVTbddfzSIBIvrlHHcWIOL3H+W -YT6yTEIzJuO07Xp61qnB1CE2TrinUWlyC46Zkw== +YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw +MDAwMDBaMFIxCzAJBgNVBAYTAkdCMSEwHwYDVQQKExhDZXJ0aWZpY2F0ZSBUcmFu +c3BhcmVuY3kxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/ +BH634c4VyVui+A7kWL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWk +EM2cW9tdSSdyba8XEPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWw +FAn/Xdh+tQIDAQABo4IBOjCCATYwHQYDVR0OBBYEFCAxVBryXAX/2GWLaEN5T16Q +Nve0MH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQswCQYD +VQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4w +DAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAJBgNVHRMEAjAAMIGK +BgorBgEEAdZ5AgQCBHwEegB4AHYA3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4L +vT9012QAAAE92yffkwAABAMARzBFAiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUw +KI+j5eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8IMA0GCSqG +SIb3DQEBBQUAA4GBAIoMS+8JnUeSea+goo5on5HhxEIb4tJpoupspOghXd7dyhUE +oR58h8S3foDw6XkDUmjyfKIOFmgErlVvMWmB+Wo5Srer/T4lWsAERRP+dlcMZ5Wr +5HAxM9MD+J86+mu8/FFzGd/ZW5NCQSEfY0A1w9B4MHpoxgdaLiDInza4kQyg -----END CERTIFICATE----- diff --git a/test/certs/embeddedSCTs1.sct b/test/certs/embeddedSCTs1.sct index 9e413e3dc7b987aa1281e6bfe42937d87111a357..59362dcee1f46b0f9b0951a9fa3949c78e83916f 100644 --- a/test/certs/embeddedSCTs1.sct +++ b/test/certs/embeddedSCTs1.sct @@ -2,11 +2,11 @@ Signed Certificate Timestamp: Version : v1 (0x0) Log ID : DF:1C:2E:C1:15:00:94:52:47:A9:61:68:32:5D:DC:5C: 79:59:E8:F7:C6:D3:88:FC:00:2E:0B:BD:3F:74:D7:64 - Timestamp : Jan 1 00:00:00.000 2020 GMT + Timestamp : Apr 5 17:04:16.275 2013 GMT Extensions: none Signature : ecdsa-with-SHA256 - 30:45:02:20:7C:33:E8:F1:10:2B:9B:FB:DC:48:46:7A: - D3:C4:35:BB:E5:D0:E7:94:01:BB:AE:D2:64:4B:99:C4: - BA:5B:50:CD:02:21:00:D1:B2:07:13:B9:DE:0F:0F:2F: - 02:82:0F:A5:1D:E0:12:ED:4C:60:48:A0:5B:58:0C:E7: - 60:EB:A8:AF:03:5E:C3 + 30:45:02:20:48:2F:67:51:AF:35:DB:A6:54:36:BE:1F: + D6:64:0F:3D:BF:9A:41:42:94:95:92:45:30:28:8F:A3: + E5:E2:3E:06:02:21:00:E4:ED:C0:DB:3A:C5:72:B1:E2: + F5:E8:AB:6A:68:06:53:98:7D:CF:41:02:7D:FE:FF:A1: + 05:51:9D:89:ED:BF:08 \ No newline at end of file diff --git a/test/certs/embeddedSCTs1.tlssct b/test/certs/embeddedSCTs1.tlssct deleted file mode 100644 index 0586c94ab0b79adc189216f7696255d5807ab4b5..0000000000000000000000000000000000000000 Binary files a/test/certs/embeddedSCTs1.tlssct and /dev/null differ diff --git a/test/certs/embeddedSCTs1_issuer-key.pem b/test/certs/embeddedSCTs1_issuer-key.pem deleted file mode 100644 index 9326e38b1eb7b63425da1381ff2c1f875cf1db94..0000000000000000000000000000000000000000 --- a/test/certs/embeddedSCTs1_issuer-key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7jHbrkVfT0PtLO1FuzsvR -yY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjPKDHM5nugSlojgZ88ujfm -JNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnLsvfP34b7arnRsQIDAQAB -AoGAJLR6xEJp+5IXRFlLn7WTkFvO0ddtxJ7bXhiIkTctyruyfqp7LF9Jv1G2m3PK -QPUtBc73w/GYkfnwIwdfJbOmPHL7XyEGHZYmEXgIgEtw6LXvAv0G5JpUnNwsSBfL -GfSQqI5Z5ytyzlJXkMcTGA2kTgNAYc73h4EnU+pwUnDPdAECQQD2aj+4LtYk1XPq -r3gjgI6MoGvgYJfPmAtZhxxVbhXQKciFUCAcBiwlQdHIdLWE9j65ctmZRWidKifr -4O4nz+TBAkEA3djNW/rTQq5fKZy+mCF1WYnIU/3yhJaptzRqLm7AHqe7+hdrGXJw -+mCtU8T3L/Ms8bH1yFBZhmkp1PbR8gl48QJAQo70YyWThiN5yfxXcQ96cZWrTdIJ -b3NcLXSHPLQdhDqlBQ1dfvRT3ERpC8IqfZ2d162kBPhwh3MpkVcSPQK0gQJAC/dY -xGBYKt2a9nSk9zG+0bCT5Kvq++ngh6hFHfINXNnxUsEWns3EeEzkrIMQTj7QqszN -lBt5aL2dawZRNrv6EQJBAOo4STF9KEwQG0HLC/ryh1FeB0OBA5yIepXze+eJVKei -T0cCECOQJKfWHEzYJYDJhyEFF/sYp9TXwKSDjOifrsU= ------END RSA PRIVATE KEY----- diff --git a/test/certs/embeddedSCTs3.sct b/test/certs/embeddedSCTs3.sct index 579a890a9a8ab4ccc22169953a24e4d5f650b276..ad1ccf0ffc38a8e9b1437bd90bac2ec29ff84a56 100644 --- a/test/certs/embeddedSCTs3.sct +++ b/test/certs/embeddedSCTs3.sct @@ -33,4 +33,4 @@ Signed Certificate Timestamp: 55:83:D2:9D:E5:A1:8D:B6:3D:A6:73:89:42:32:9C:91: 0F:3B:6A:74:02:21:00:86:EE:10:F9:10:E6:7B:17:65: D9:2D:37:53:4A:3B:F0:AE:03:E4:21:76:37:EF:AF:B4: - 44:2E:2B:F5:5C:C6:91 + 44:2E:2B:F5:5C:C6:91 \ No newline at end of file diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh index 790d20f8c1acfad8cf06f955b5dc56fc36910fa1..ebb71c177857166ef7e59123b0152dd97941cc8f 100755 --- a/test/certs/mkcert.sh +++ b/test/certs/mkcert.sh @@ -288,56 +288,4 @@ gennocn() { cert "$cert" "" -signkey "${key}.pem" -set_serial 1 -days -1 "$@" } -genct() { - local OPTIND=1 - local purpose=serverAuth - - while getopts p: o - do - case $o in - p) purpose="$OPTARG";; - *) echo "Usage: $0 genct [-p EKU] cn keyname certname cakeyname cacertname ctlogkey" >&2 - return 1;; - esac - done - - shift $((OPTIND - 1)) - local cn=$1; shift - local key=$1; shift - local cert=$1; shift - local cakey=$1; shift - local ca=$1; shift - local logkey=$1; shift - - exts=$(printf "%s\n%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \ - "subjectKeyIdentifier = hash" \ - "authorityKeyIdentifier = keyid, issuer" \ - "basicConstraints = CA:false" \ - "extendedKeyUsage = $purpose" \ - "1.3.6.1.4.1.11129.2.4.3 = critical,ASN1:NULL"\ - "subjectAltName = @alts" "DNS=${cn}") - csr=$(req "$key" "CN = $cn") || return 1 - echo "$csr" | - cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ - -set_serial 2 -days "${DAYS}" "$@" - cat ${cert}.pem ${ca}.pem > ${cert}-chain.pem - go run github.com/google/certificate-transparency-go/ctutil/sctgen \ - --log_private_key ${logkey}.pem \ - --timestamp="2020-01-01T00:00:00Z" \ - --cert_chain ${cert}-chain.pem \ - --tls_out ${cert}.tlssct - rm ${cert}-chain.pem - filesize=$(wc -c <${cert}.tlssct) - exts=$(printf "%s\n%s\n%s\n%s\n%s%04X%04X%s\n%s\n[alts]\n%s\n" \ - "subjectKeyIdentifier = hash" \ - "authorityKeyIdentifier = keyid, issuer" \ - "basicConstraints = CA:false" \ - "extendedKeyUsage = $purpose" \ - "1.3.6.1.4.1.11129.2.4.2 = ASN1:FORMAT:HEX,OCT:" $((filesize+2)) $filesize `xxd -p ${cert}.tlssct | tr -d '\n'` \ - "subjectAltName = @alts" "DNS=${cn}") - echo "$csr" | - cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ - -set_serial 2 -days "${DAYS}" "$@" -} - "$@" diff --git a/test/certs/setup.sh b/test/certs/setup.sh index d58d0d789b4e6cc483487fa9351b1cc4564d18e3..2d53ea5b08c6cb91d8fd45b644009cc92489660a 100755 --- a/test/certs/setup.sh +++ b/test/certs/setup.sh @@ -376,9 +376,6 @@ openssl req -new -nodes -subj "/CN=localhost" \ ./mkcert.sh geneenocsr "Server RSA-PSS restricted cert" \ server-pss-restrict-cert rootkey rootcert -# CT entry -./mkcert.sh genct server.example embeddedSCTs1-key embeddedSCTs1 embeddedSCTs1_issuer-key embeddedSCTs1_issuer ct-server-key - OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genroot "Root Ed448" \ root-ed448-key root-ed448-cert OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 \ diff --git a/test/ct_test.c b/test/ct_test.c index 4dd6a67a7c58f50a197eadc4ccb7ae8de391b416..78d11ca98cf7ef6bfddf5bd294b8cdc3d88c0c49 100644 --- a/test/ct_test.c +++ b/test/ct_test.c @@ -63,7 +63,7 @@ static CT_TEST_FIXTURE *set_up(const char *const test_case_name) if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) goto end; fixture->test_case_name = test_case_name; - fixture->epoch_time_in_ms = 1580335307000ULL; /* Wed 29 Jan 2020 10:01:47 PM UTC */ + fixture->epoch_time_in_ms = 1473269626000ULL; /* Sep 7 17:33:46 2016 GMT */ if (!TEST_ptr(fixture->ctlog_store = CTLOG_STORE_new()) || !TEST_int_eq( CTLOG_STORE_load_default_file(fixture->ctlog_store), 1)) @@ -160,10 +160,6 @@ static int compare_extension_printout(X509_EXTENSION *extension, X509V3_EXT_DEFAULT, 0))) goto end; - /* Append \n because it's easier to create files that end with one. */ - if (!TEST_true(BIO_write(text_buffer, "\n", 1))) - goto end; - /* Append \0 because we're about to use the buffer contents as a string. */ if (!TEST_true(BIO_write(text_buffer, "\0", 1))) goto end;