diff --git a/diracx-db/tests/proxy/data/ca/b236481c.0 b/diracx-db/tests/proxy/data/ca/b236481c.0 new file mode 100644 index 000000000..4d371a4fc --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/b236481c.0 @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFjjCCA3agAwIBAgIJAKy80LkrR8XYMA0GCSqGSIb3DQEBCwUAMFQxGDAWBgNV +BAoMD0RJUkFDIENvbXB1dGluZzE4MDYGA1UEAwwvRElSQUMgQ29tcHV0aW5nIFNp +Z25pbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgwODIyMDkxMDE2WhcN +MzgwODE3MDkxMDE2WjBUMRgwFgYDVQQKDA9ESVJBQyBDb21wdXRpbmcxODA2BgNV +BAMML0RJUkFDIENvbXB1dGluZyBTaWduaW5nIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsrXwFhkrthG+zviv +tLYo0phBGnSfa2RZ5UwVR5SMmz5NwtJ8FA2inDrRD2q5zXz2wIeZz83tw8x0UP+8 +9TpuYNlwL0WY/vAl25+yCs3w5iBud14iO2z19z6E6gg6JnUo8srPfHSOZj/0q59B +/M2yGVEGoJbuAmW4ofzMM0OiDuXA5vmcO2jADEq4f1MJpckqeUZtgn6t4DmEfy3F ++c6K4N6lIxIDFN+pjaWNYwnqnpGqfGrGjRvqGWo5nBKPf39/fB9fGvfx7yVxQF7v +sk2B1nmjdWoLjkZfnKREBTgqrR53lI8VNSP2XRBkKMkBuH8rdHXDcA8rsJpDYGqi +vKoDsd8jrB2c4L08s5eTgrK+gTTPPS8vy4XVFDHYd/adUog83+uVT25cia/Kvmgr +s0fU3p6AnazKVBKOVY5Rzb+oRCNl9VoOLhBo7Nuorjpd9U7l0AjUJ1hkrZCSVzDj +f2V4IW/3heK+CBLekMXSG0BdAnaa/o8vGfvfxpe2Qt65JC4f+Ov1tcMRQfd+CPg3 +YczyiE2pFNqt368SI7UI0hzBjCmF95Bh62CKoYuJpRYVw3V8PGBboz0ROhMb2No2 +7ohLg0EgYnsRf+RVb6IBxfA5EFlp0IzhSzFlKYlQnHRIQAbKV5aPhm6TmucT7CYj +++OdNPy6ZpHhf6oWVMsSmaPPYT0CAwEAAaNjMGEwHQYDVR0OBBYEFATCF684ZOCG +vx/JAG6Xbxu7TocfMB8GA1UdIwQYMBaAFATCF684ZOCGvx/JAG6Xbxu7TocfMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC +AQAOekRqM+76KGuXic5wwvcKgGMMqgqs37SfVtvS0teZpLItZEU4RiE7GP3rLn4H +NRwAPl0tUh4nUcm8WA5hinx1V/A2WyYrA7kg8G3OFL1ZVDnmd+/rH6TgyXhOLOEw ++A7EKikXUasmzjuRDgI+/oayvCcakAscRwmExc7z/4rs/HA4S2ZGiC7Y88jll5bf +ifhiPxmk4kV/U9tsjTeFEzRAXH8jNN4ZK8/QfXMc+VkwpYkooZ/EyjVUKw8H2qDS +RPokErZFUPcYwUpM4MKboxFqTsy+zM5IYhhWhcglL9cbwhdZ+/ZGvblGx4Vi03pE +vT2zMOA/8xeadUinKDvXzByTZ4E9FoWVOTDP6dVO8NxH0n0GFqnibFF9EE6hbR5w +wgtNLdtbbjZ2REBs0yDyf4kcwgG6OpSoxTvjIxd5qcf7K7uMO5MEUnNBTPMjhCnj +Z2MGmbHPXYRmOx4uWO53qOeDJcuoKrn+qprA0+Fqn8YHws2PnzifAiKXZpmAiM+g +wn0cOmFV+69D9fu4yb1x8LeJrYcvPmrdcGmdg8PBbW5aiL13Q0WIa3u/s3unEPor +ch7wbkWi1T0+p4ppaVmzudRoY54EodMWAxhKGG3o1pMiUGoXuNf4PXalaVZz7cI2 +NTXgTwrmzdBPhd4JXg1y4O7NYae7xhN+iZogsSTU3bVpaQ== +-----END CERTIFICATE----- diff --git a/diracx-db/tests/proxy/data/ca/ca.cert.pem b/diracx-db/tests/proxy/data/ca/ca.cert.pem new file mode 100644 index 000000000..4d371a4fc --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/ca.cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFjjCCA3agAwIBAgIJAKy80LkrR8XYMA0GCSqGSIb3DQEBCwUAMFQxGDAWBgNV +BAoMD0RJUkFDIENvbXB1dGluZzE4MDYGA1UEAwwvRElSQUMgQ29tcHV0aW5nIFNp +Z25pbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgwODIyMDkxMDE2WhcN +MzgwODE3MDkxMDE2WjBUMRgwFgYDVQQKDA9ESVJBQyBDb21wdXRpbmcxODA2BgNV +BAMML0RJUkFDIENvbXB1dGluZyBTaWduaW5nIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsrXwFhkrthG+zviv +tLYo0phBGnSfa2RZ5UwVR5SMmz5NwtJ8FA2inDrRD2q5zXz2wIeZz83tw8x0UP+8 +9TpuYNlwL0WY/vAl25+yCs3w5iBud14iO2z19z6E6gg6JnUo8srPfHSOZj/0q59B +/M2yGVEGoJbuAmW4ofzMM0OiDuXA5vmcO2jADEq4f1MJpckqeUZtgn6t4DmEfy3F ++c6K4N6lIxIDFN+pjaWNYwnqnpGqfGrGjRvqGWo5nBKPf39/fB9fGvfx7yVxQF7v +sk2B1nmjdWoLjkZfnKREBTgqrR53lI8VNSP2XRBkKMkBuH8rdHXDcA8rsJpDYGqi +vKoDsd8jrB2c4L08s5eTgrK+gTTPPS8vy4XVFDHYd/adUog83+uVT25cia/Kvmgr +s0fU3p6AnazKVBKOVY5Rzb+oRCNl9VoOLhBo7Nuorjpd9U7l0AjUJ1hkrZCSVzDj +f2V4IW/3heK+CBLekMXSG0BdAnaa/o8vGfvfxpe2Qt65JC4f+Ov1tcMRQfd+CPg3 +YczyiE2pFNqt368SI7UI0hzBjCmF95Bh62CKoYuJpRYVw3V8PGBboz0ROhMb2No2 +7ohLg0EgYnsRf+RVb6IBxfA5EFlp0IzhSzFlKYlQnHRIQAbKV5aPhm6TmucT7CYj +++OdNPy6ZpHhf6oWVMsSmaPPYT0CAwEAAaNjMGEwHQYDVR0OBBYEFATCF684ZOCG +vx/JAG6Xbxu7TocfMB8GA1UdIwQYMBaAFATCF684ZOCGvx/JAG6Xbxu7TocfMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC +AQAOekRqM+76KGuXic5wwvcKgGMMqgqs37SfVtvS0teZpLItZEU4RiE7GP3rLn4H +NRwAPl0tUh4nUcm8WA5hinx1V/A2WyYrA7kg8G3OFL1ZVDnmd+/rH6TgyXhOLOEw ++A7EKikXUasmzjuRDgI+/oayvCcakAscRwmExc7z/4rs/HA4S2ZGiC7Y88jll5bf +ifhiPxmk4kV/U9tsjTeFEzRAXH8jNN4ZK8/QfXMc+VkwpYkooZ/EyjVUKw8H2qDS +RPokErZFUPcYwUpM4MKboxFqTsy+zM5IYhhWhcglL9cbwhdZ+/ZGvblGx4Vi03pE +vT2zMOA/8xeadUinKDvXzByTZ4E9FoWVOTDP6dVO8NxH0n0GFqnibFF9EE6hbR5w +wgtNLdtbbjZ2REBs0yDyf4kcwgG6OpSoxTvjIxd5qcf7K7uMO5MEUnNBTPMjhCnj +Z2MGmbHPXYRmOx4uWO53qOeDJcuoKrn+qprA0+Fqn8YHws2PnzifAiKXZpmAiM+g +wn0cOmFV+69D9fu4yb1x8LeJrYcvPmrdcGmdg8PBbW5aiL13Q0WIa3u/s3unEPor +ch7wbkWi1T0+p4ppaVmzudRoY54EodMWAxhKGG3o1pMiUGoXuNf4PXalaVZz7cI2 +NTXgTwrmzdBPhd4JXg1y4O7NYae7xhN+iZogsSTU3bVpaQ== +-----END CERTIFICATE----- diff --git a/diracx-db/tests/proxy/data/ca/ca.key.pem b/diracx-db/tests/proxy/data/ca/ca.key.pem new file mode 100644 index 000000000..ae9966b13 --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/ca.key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAsrXwFhkrthG+zvivtLYo0phBGnSfa2RZ5UwVR5SMmz5NwtJ8 +FA2inDrRD2q5zXz2wIeZz83tw8x0UP+89TpuYNlwL0WY/vAl25+yCs3w5iBud14i +O2z19z6E6gg6JnUo8srPfHSOZj/0q59B/M2yGVEGoJbuAmW4ofzMM0OiDuXA5vmc +O2jADEq4f1MJpckqeUZtgn6t4DmEfy3F+c6K4N6lIxIDFN+pjaWNYwnqnpGqfGrG +jRvqGWo5nBKPf39/fB9fGvfx7yVxQF7vsk2B1nmjdWoLjkZfnKREBTgqrR53lI8V +NSP2XRBkKMkBuH8rdHXDcA8rsJpDYGqivKoDsd8jrB2c4L08s5eTgrK+gTTPPS8v +y4XVFDHYd/adUog83+uVT25cia/Kvmgrs0fU3p6AnazKVBKOVY5Rzb+oRCNl9VoO +LhBo7Nuorjpd9U7l0AjUJ1hkrZCSVzDjf2V4IW/3heK+CBLekMXSG0BdAnaa/o8v +Gfvfxpe2Qt65JC4f+Ov1tcMRQfd+CPg3YczyiE2pFNqt368SI7UI0hzBjCmF95Bh +62CKoYuJpRYVw3V8PGBboz0ROhMb2No27ohLg0EgYnsRf+RVb6IBxfA5EFlp0Izh +SzFlKYlQnHRIQAbKV5aPhm6TmucT7CYj++OdNPy6ZpHhf6oWVMsSmaPPYT0CAwEA +AQKCAgEAkhpSNQ7RAKHTWAxSQbBnAXz+RK2xo6/AGskv4Hxe05CFLFC+pfpbxdQE +FNGRI6EVbmOt6QkXaGrfcVUS232wvbcmk08X/NzCZqJRganKV6mOBkLMQ78Z+89+ +BINDXyuLlasfJEV6IbgJxMGHxjE4eKAYhfO+k/ErmCs/mm2hsQI+ydap1pwV3ja8 +TUPK8GHdOpbMctI0PstnOj5my4sDWUJMybYxFMCiMq51P9HcoVS/h8YXm0eGBM8m +WCWIcZj/1a8kJr0savI2e4Th++iHzJtXemd/GQsJodtdzNKVeUEeTDMKCI7lHEKJ +UBq9MGOvWB/q7tNISbJkgQ/NCecI6uVAHEzyYyBNaDRQSkEYqoFbqmmv4xMfqaQb +7qr/WW3SDgHCSyntZjnRm3qLuccFmSx4r55kaLPqkxTTGIF43q5gKtZqtUpQGzA0 +SJTEUC0hXYmS5tA+wd/jZ2hM04q2CNQAeflhdxTXipzlk2cs9CzPHQaaT/reQ1+W +BMOBrpSpPOOti8nlzG3noMAg9d748oT5zteHhuunC7vm/Lp3PRhAwjTfhvPUwpup +DGj35n8NMjYciidundIFIwXtf0yrUQM+yLBoSVpAa7Sia0TOGyJEHWELLBLbjMpt +/GjiG7+K5SbP6O/+0yG77lxtw/0378SwFW+v/6xoyQCidYJT3tUCggEBAOAXgyD3 +9/gRo718SkzeGuC3u/JvyosqDqN9ejQoP6DZl7Q1SbqIdCfJZpQskxeHvpwaw5hB ++WEkk6zgC6xlFSplt6IYP7uw+1cJ+rgaOiivQ1NQs2HeyalblwygdO5geM8J1ePi +0CSz/abVe8APbKAwBovSVlQHdoEFGf6yjs1iP4+NLWUnOiZstWV2lhV/EPLxGUjZ +CQkI2/6DCF8CbFeoNelAe26997/A4m8gR6/W94ZFX2ZXBtqGj4Kb2YxFc1nM1yQQ +4D23ePJY0kMBTqSL1CpAtyVm5oZRkgzsIH9R6ipQ2KiVVnLvpjmANk+PcVQsv8yS +bFd383vzTOXseKMCggEBAMwoNr4RfR+fYm0u/2ZCWbbnlmNGBdkPmEK3k1DbEBRK +AKg/uTI6PxMqQDWzZJ2RPnHg7X9h+hvxH2TBzpdDIBtujyH9wjwYfDFnd/mOpAMa +EJnbO32/OvgspgHoMWJX98fZOTSu3fCvpPSHV06ScHNvg3IiOfBQ/oPEVQL9KmlP +FQ+CXq0/+vI4zcpolaFL3mC2p8Ck9zM+w1uroaqAQLf8C/ZBY3es5acXRGc6hLnq +xexPuU5K+0gz3il4x5ltSFfllEJrQVXjobgJAlHyYqMVDwc59zHeweL3NdTfrC46 +krFLy6t1GG5ug1uqUgcIHeR/q6LFgES++ATtarcQ/J8CggEBAKRMWNXpOKNmu3iI +Eim9hlNQIrqjgAr8cPMpYlmvUMdsAbAcicv7k75ACbeF3uqXmgb2EIYniOHSYXuU +YLqq+hO1tCdiRAgmwICWTn6ArDd8GI6TUpHlOFG1V0/orRLBJJIXkfydJSJj3Qte +5nZwWKIx0/rb4nOFbTs3NFHrNIwdBqEHT0sksZvOhEi541wrZ4/XeURR7C/1kOZP +x+lw62Jxb+VuY5FUMrsifmIfdq/TmnOVlVaBZAMAOWP3RE919BbY+rv0q5RUWpbE +zJRX9wLpikrYW+9OPKIqWDylO0ZeFqOj1tXzeAiY8HSkLi2y69JdZNpmWIzg42Hz +hmPlNqUCggEAXffggomgMu70qdao/ZNqodJkmRsA1BDmf0bpypyaAQyy0r5J6sF+ +iL64wT7p/9B7koT6K9iX+0Z3sbO2+E6QN7Ait32KaojGmSLLyRULjtXvcDHFZzKe +3N4IJvaNzHs69ESanRIj24WtAlRNLkAe/DMGqIDydBeDnni+vFp0q/YXdoUGOO4q +/lSA/Do5LP2zxIYuHnCPy4mG9+m+xrCzmTus8dLVCp+NMOR3up/nuX9DTGrBmzTO +BkTBbAtIq+juFG76V7vwXa0hoYicBcXv+qpVuXjHu6+RRHuOzoWJRdn17R87Bpcm +AKZjVczGZrAouiS9hnUrffj8RaBVrx9ldwKCAQAQ/Z1K+eBkDmr+RP9fuuMdnkPw +EHgEj/Sd6aiECIqf0wum9P8BA441j2IBZbxruNINxxXLRwCy8K9nrl76++emE2fh +uVHD+51nHY8vGcS74lVsvW24etT/SFcE6wN7GW8c4moTMK/aXRzg6aZvKmraqsDs +b93oxoClgc2BpgpyvivkWpppWmp9ZNiX0ju8ypnXjoTjGpImZiqWoFxKvlM3/Y6l +HhxHIwsiUalMmb1yw2DJunDvrxzBU79HolLE6j9SxcK0YcGOPggT9loGpfhmUy6p +dvZ7L6V6cteUH+/BR3xs2YZXsgWGl9K6wfjmCXUS50Yuyv67xONpq6Bb+U7k +-----END RSA PRIVATE KEY----- diff --git a/diracx-db/tests/proxy/data/ca/crlnumber b/diracx-db/tests/proxy/data/ca/crlnumber new file mode 100644 index 000000000..83b33d238 --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/crlnumber @@ -0,0 +1 @@ +1000 diff --git a/diracx-db/tests/proxy/data/ca/index.txt b/diracx-db/tests/proxy/data/ca/index.txt new file mode 100644 index 000000000..0989c52d6 --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/index.txt @@ -0,0 +1,2 @@ +V 371021091514Z 1001 unknown /O=Dirac Computing/O=CERN/CN=MrUser +V 371021091817Z 1002 unknown /O=Dirac Computing/O=CERN/CN=VOBox diff --git a/diracx-db/tests/proxy/data/ca/index.txt.attr b/diracx-db/tests/proxy/data/ca/index.txt.attr new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/diracx-db/tests/proxy/data/ca/index.txt.attr.old b/diracx-db/tests/proxy/data/ca/index.txt.attr.old new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/diracx-db/tests/proxy/data/ca/index.txt.old b/diracx-db/tests/proxy/data/ca/index.txt.old new file mode 100644 index 000000000..73d4026d2 --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/index.txt.old @@ -0,0 +1 @@ +V 371021091514Z 1001 unknown /O=Dirac Computing/O=CERN/CN=MrUser diff --git a/diracx-db/tests/proxy/data/ca/newcerts/1000.pem b/diracx-db/tests/proxy/data/ca/newcerts/1000.pem new file mode 100644 index 000000000..e826e2753 --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/newcerts/1000.pem @@ -0,0 +1,127 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=DIRAC Computing, CN=DIRAC Computing Signing Certification Authority + Validity + Not Before: Aug 22 09:14:03 2018 GMT + Not After : Sep 1 09:14:03 2019 GMT + Subject: O=Dirac Computing, O=CERN, CN=MrUser + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:a9:f6:67:7f:dc:0a:f9:af:aa:c7:c9:1f:46:52: + 1a:7a:1c:c3:da:2c:7e:e9:32:99:27:ec:3d:68:19: + 61:d7:56:f9:70:f7:e6:20:c3:a6:4c:45:de:f2:b0: + f9:1b:a5:8a:a1:f3:8a:34:18:90:e2:f5:f6:b4:4b: + fb:a6:c6:29:7a:d3:30:43:d4:79:92:ce:bb:44:df: + d8:18:59:33:10:43:bb:8f:36:05:b5:6b:12:da:36: + ec:74:75:5f:ff:6c:1e:8c:80:8f:84:00:58:3f:5b: + 06:69:06:d1:5a:d7:29:eb:dd:1f:67:de:dc:33:57: + 3b:02:e3:7f:7c:56:7d:9b:79:80:a2:8a:79:05:ce: + a9:d6:1a:96:49:7c:99:71:ef:f4:27:ef:d2:8e:da: + cb:79:66:3c:ca:f3:31:e3:3b:51:fb:cc:10:1b:e8: + 57:10:08:9f:9d:3e:fb:cf:0c:5e:1f:ba:4f:93:08: + f7:20:5a:51:a3:38:a6:4e:66:8f:83:4c:29:c1:42: + 57:51:df:0b:a4:f9:c5:ea:90:5e:64:f3:32:6c:9e: + 1b:e1:37:e8:75:d0:97:48:5f:f0:4f:ba:bd:51:f4: + ca:a6:d7:28:2d:ac:85:08:ba:7e:98:d2:48:2a:42: + 94:ce:6f:f5:08:13:05:92:17:a7:cd:23:fb:ba:18: + e1:bb:74:b0:af:a4:97:97:3d:69:11:6e:c1:f4:51: + 72:ca:08:4b:77:b1:4c:12:e0:c8:02:ef:14:2e:a2: + c0:01:31:51:f7:9a:79:79:cd:c6:6c:e6:d5:e0:e5: + f8:1b:55:29:f5:fe:af:0e:57:be:aa:1c:24:43:cd: + 6e:5b:17:9b:b1:a5:56:bd:e5:28:df:c1:ec:97:7e: + dd:ab:10:7d:23:13:4e:0b:f9:d3:42:ee:7c:97:72: + a7:2e:87:4c:3b:07:82:98:39:f3:1c:5a:c2:e5:5f: + 7a:a5:8a:ca:39:a1:63:d8:88:e0:e9:33:b9:99:a4: + 07:a3:48:5f:c2:20:02:14:d2:2f:60:36:fc:03:13: + 66:0f:33:95:00:06:64:77:f6:34:9d:b6:1e:68:ee: + bf:78:d2:73:46:2c:09:18:a6:4c:9d:70:b7:52:9c: + d1:98:80:5e:9c:34:d5:30:28:c4:3b:56:63:b1:77: + b4:87:08:d2:d3:fb:11:ca:d6:47:37:58:d6:ce:d9: + cc:b9:87:ed:bb:70:4b:51:02:50:2f:47:26:91:6b: + cf:1a:35:ca:05:df:64:1e:1b:98:8e:d6:6e:f9:21: + 32:2e:78:be:e9:55:c9:24:2c:91:ef:fd:a4:9a:59: + 2a:f5:48:a6:07:e4:4b:03:e1:1e:99:6e:c8:93:4a: + 03:23:8f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 4A:C2:FD:EB:2C:C5:F1:63:A5:F2:17:62:43:6B:9D:82:6C:9A:13:24 + X509v3 Authority Key Identifier: + keyid:04:C2:17:AF:38:64:E0:86:BF:1F:C9:00:6E:97:6F:1B:BB:4E:87:1F + + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + Netscape Comment: + OpenSSL Generated Client Certificate + Signature Algorithm: sha256WithRSAEncryption + 69:94:90:e8:07:e6:11:fd:a8:ce:df:0e:88:b0:e9:02:12:ff: + d5:b2:f7:31:21:6a:fb:69:b6:d1:d7:11:51:c2:6d:c7:c8:f0: + 95:e6:55:73:65:6c:c1:45:c6:f6:72:37:55:6b:09:ed:a7:2b: + ce:87:a8:54:96:0c:b8:39:a4:7f:df:e8:23:0f:78:7b:93:3f: + 6e:50:ae:bf:0b:72:16:86:b8:8b:20:e0:14:92:17:83:e3:6f: + ab:62:1b:9b:e2:8c:1d:36:4b:50:14:78:dd:bf:9b:d5:fb:7a: + b7:3f:73:ce:a8:21:9e:1a:5b:f7:20:41:08:37:7f:ce:36:ed: + 83:43:75:c8:e4:91:a2:38:0e:1e:50:51:72:d3:21:31:1a:13: + f5:48:fc:e3:46:47:91:ea:5c:d0:77:6c:73:95:ed:7e:9b:68: + e5:30:45:9b:c9:b0:4d:25:3f:46:54:a5:2f:c3:24:d9:e7:88: + 48:b2:b4:af:ac:1a:18:3f:c0:03:5c:50:f8:67:a6:bf:72:0c: + 53:1c:2c:9f:da:42:49:b8:7d:76:44:7a:7b:a8:a6:72:67:0d: + b4:c7:ee:1e:82:c0:3b:67:30:91:64:28:3c:b7:5b:e9:f7:24: + 4f:d8:e5:0a:a8:b7:cd:e3:69:e9:78:82:53:fd:f7:ec:65:a5: + 54:9a:91:33:92:be:1a:4f:c9:34:10:5c:4e:97:57:0d:d7:d8: + 4a:81:82:bc:eb:9e:d2:a1:9d:65:c5:6e:cc:50:b3:eb:82:5a: + fd:f3:a6:af:9d:d4:b2:a8:54:5a:91:75:01:38:f5:46:5a:a6: + bf:11:24:f6:03:29:f3:36:2f:05:56:e7:2a:e7:b1:f6:c2:24: + 4e:ce:85:ad:95:d8:19:25:63:ba:b9:09:66:c9:9f:3b:02:34: + d6:d5:c8:b4:df:32:a0:85:74:0c:4a:28:31:b0:9b:ce:49:dc: + b9:d1:3f:fa:58:4b:2e:ca:a0:9c:3e:f6:36:e5:f9:f6:6d:31: + 8c:cc:48:78:20:ea:78:33:a9:83:7b:4e:f7:68:b4:92:4e:9a: + 78:81:c6:24:91:62:4a:e9:af:ff:30:3e:22:42:7c:05:49:d9: + 49:15:6f:46:30:51:61:05:8f:19:7c:6e:65:6a:78:db:56:a2: + 47:a6:2a:11:0c:ef:27:0c:7e:2b:ce:ff:0c:eb:9d:49:47:e9: + 97:f6:b5:c8:c9:d7:9c:9c:6e:8a:f4:62:ee:0e:53:75:bf:ca: + 3e:b3:2a:bc:1d:a7:64:f3:3a:bf:a2:6c:77:5e:28:68:7a:aa: + fd:b3:1d:37:79:b8:d6:17:02:d3:87:0e:25:7d:70:9b:9e:31: + 45:42:dc:a6:2b:a3:09:7c +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwVDEYMBYGA1UECgwPRElS +QUMgQ29tcHV0aW5nMTgwNgYDVQQDDC9ESVJBQyBDb21wdXRpbmcgU2lnbmluZyBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xODA4MjIwOTE0MDNaFw0xOTA5MDEw +OTE0MDNaMDoxGDAWBgNVBAoMD0RpcmFjIENvbXB1dGluZzENMAsGA1UECgwEQ0VS +TjEPMA0GA1UEAwwGTXJVc2VyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEAqfZnf9wK+a+qx8kfRlIaehzD2ix+6TKZJ+w9aBlh11b5cPfmIMOmTEXe8rD5 +G6WKofOKNBiQ4vX2tEv7psYpetMwQ9R5ks67RN/YGFkzEEO7jzYFtWsS2jbsdHVf +/2wejICPhABYP1sGaQbRWtcp690fZ97cM1c7AuN/fFZ9m3mAoop5Bc6p1hqWSXyZ +ce/0J+/SjtrLeWY8yvMx4ztR+8wQG+hXEAifnT77zwxeH7pPkwj3IFpRozimTmaP +g0wpwUJXUd8LpPnF6pBeZPMybJ4b4TfoddCXSF/wT7q9UfTKptcoLayFCLp+mNJI +KkKUzm/1CBMFkhenzSP7uhjhu3Swr6SXlz1pEW7B9FFyyghLd7FMEuDIAu8ULqLA +ATFR95p5ec3GbObV4OX4G1Up9f6vDle+qhwkQ81uWxebsaVWveUo38Hsl37dqxB9 +IxNOC/nTQu58l3KnLodMOweCmDnzHFrC5V96pYrKOaFj2Ijg6TO5maQHo0hfwiAC +FNIvYDb8AxNmDzOVAAZkd/Y0nbYeaO6/eNJzRiwJGKZMnXC3UpzRmIBenDTVMCjE +O1ZjsXe0hwjS0/sRytZHN1jWztnMuYftu3BLUQJQL0cmkWvPGjXKBd9kHhuYjtZu ++SEyLni+6VXJJCyR7/2kmlkq9UimB+RLA+EemW7Ik0oDI48CAwEAAaOBqDCBpTAJ +BgNVHRMEAjAAMB0GA1UdDgQWBBRKwv3rLMXxY6XyF2JDa52CbJoTJDAfBgNVHSME +GDAWgBQEwhevOGTghr8fyQBul28bu06HHzAOBgNVHQ8BAf8EBAMCBeAwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk +IENsaWVudCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAaZSQ6AfmEf2o +zt8OiLDpAhL/1bL3MSFq+2m20dcRUcJtx8jwleZVc2VswUXG9nI3VWsJ7acrzoeo +VJYMuDmkf9/oIw94e5M/blCuvwtyFoa4iyDgFJIXg+Nvq2Ibm+KMHTZLUBR43b+b +1ft6tz9zzqghnhpb9yBBCDd/zjbtg0N1yOSRojgOHlBRctMhMRoT9Uj840ZHkepc +0Hdsc5Xtfpto5TBFm8mwTSU/RlSlL8Mk2eeISLK0r6waGD/AA1xQ+Gemv3IMUxws +n9pCSbh9dkR6e6imcmcNtMfuHoLAO2cwkWQoPLdb6fckT9jlCqi3zeNp6XiCU/33 +7GWlVJqRM5K+Gk/JNBBcTpdXDdfYSoGCvOue0qGdZcVuzFCz64Ja/fOmr53UsqhU +WpF1ATj1RlqmvxEk9gMp8zYvBVbnKuex9sIkTs6FrZXYGSVjurkJZsmfOwI01tXI +tN8yoIV0DEooMbCbzkncudE/+lhLLsqgnD72NuX59m0xjMxIeCDqeDOpg3tO92i0 +kk6aeIHGJJFiSumv/zA+IkJ8BUnZSRVvRjBRYQWPGXxuZWp421aiR6YqEQzvJwx+ +K87/DOudSUfpl/a1yMnXnJxuivRi7g5Tdb/KPrMqvB2nZPM6v6Jsd14oaHqq/bMd +N3m41hcC04cOJX1wm54xRULcpiujCXw= +-----END CERTIFICATE----- diff --git a/diracx-db/tests/proxy/data/ca/newcerts/1001.pem b/diracx-db/tests/proxy/data/ca/newcerts/1001.pem new file mode 100644 index 000000000..6dadd75c4 --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/newcerts/1001.pem @@ -0,0 +1,127 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=DIRAC Computing, CN=DIRAC Computing Signing Certification Authority + Validity + Not Before: Aug 22 09:15:14 2018 GMT + Not After : Oct 21 09:15:14 2037 GMT + Subject: O=Dirac Computing, O=CERN, CN=MrUser + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:a9:f6:67:7f:dc:0a:f9:af:aa:c7:c9:1f:46:52: + 1a:7a:1c:c3:da:2c:7e:e9:32:99:27:ec:3d:68:19: + 61:d7:56:f9:70:f7:e6:20:c3:a6:4c:45:de:f2:b0: + f9:1b:a5:8a:a1:f3:8a:34:18:90:e2:f5:f6:b4:4b: + fb:a6:c6:29:7a:d3:30:43:d4:79:92:ce:bb:44:df: + d8:18:59:33:10:43:bb:8f:36:05:b5:6b:12:da:36: + ec:74:75:5f:ff:6c:1e:8c:80:8f:84:00:58:3f:5b: + 06:69:06:d1:5a:d7:29:eb:dd:1f:67:de:dc:33:57: + 3b:02:e3:7f:7c:56:7d:9b:79:80:a2:8a:79:05:ce: + a9:d6:1a:96:49:7c:99:71:ef:f4:27:ef:d2:8e:da: + cb:79:66:3c:ca:f3:31:e3:3b:51:fb:cc:10:1b:e8: + 57:10:08:9f:9d:3e:fb:cf:0c:5e:1f:ba:4f:93:08: + f7:20:5a:51:a3:38:a6:4e:66:8f:83:4c:29:c1:42: + 57:51:df:0b:a4:f9:c5:ea:90:5e:64:f3:32:6c:9e: + 1b:e1:37:e8:75:d0:97:48:5f:f0:4f:ba:bd:51:f4: + ca:a6:d7:28:2d:ac:85:08:ba:7e:98:d2:48:2a:42: + 94:ce:6f:f5:08:13:05:92:17:a7:cd:23:fb:ba:18: + e1:bb:74:b0:af:a4:97:97:3d:69:11:6e:c1:f4:51: + 72:ca:08:4b:77:b1:4c:12:e0:c8:02:ef:14:2e:a2: + c0:01:31:51:f7:9a:79:79:cd:c6:6c:e6:d5:e0:e5: + f8:1b:55:29:f5:fe:af:0e:57:be:aa:1c:24:43:cd: + 6e:5b:17:9b:b1:a5:56:bd:e5:28:df:c1:ec:97:7e: + dd:ab:10:7d:23:13:4e:0b:f9:d3:42:ee:7c:97:72: + a7:2e:87:4c:3b:07:82:98:39:f3:1c:5a:c2:e5:5f: + 7a:a5:8a:ca:39:a1:63:d8:88:e0:e9:33:b9:99:a4: + 07:a3:48:5f:c2:20:02:14:d2:2f:60:36:fc:03:13: + 66:0f:33:95:00:06:64:77:f6:34:9d:b6:1e:68:ee: + bf:78:d2:73:46:2c:09:18:a6:4c:9d:70:b7:52:9c: + d1:98:80:5e:9c:34:d5:30:28:c4:3b:56:63:b1:77: + b4:87:08:d2:d3:fb:11:ca:d6:47:37:58:d6:ce:d9: + cc:b9:87:ed:bb:70:4b:51:02:50:2f:47:26:91:6b: + cf:1a:35:ca:05:df:64:1e:1b:98:8e:d6:6e:f9:21: + 32:2e:78:be:e9:55:c9:24:2c:91:ef:fd:a4:9a:59: + 2a:f5:48:a6:07:e4:4b:03:e1:1e:99:6e:c8:93:4a: + 03:23:8f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 4A:C2:FD:EB:2C:C5:F1:63:A5:F2:17:62:43:6B:9D:82:6C:9A:13:24 + X509v3 Authority Key Identifier: + keyid:04:C2:17:AF:38:64:E0:86:BF:1F:C9:00:6E:97:6F:1B:BB:4E:87:1F + + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + Netscape Comment: + OpenSSL Generated Client Certificate + Signature Algorithm: sha256WithRSAEncryption + 39:ed:ae:11:4d:7b:51:63:94:88:3b:19:58:b0:d5:60:2f:36: + d2:c5:dc:0b:5f:62:8d:ca:3d:cc:d0:d5:7c:29:0a:cc:f3:0a: + 28:f9:44:03:9e:9d:63:f2:ad:d1:c5:80:b6:29:25:3c:e8:96: + 12:d2:b2:6e:c3:3b:6b:26:76:14:48:8f:74:14:9d:f4:ff:2a: + 1d:81:4c:95:bb:17:73:28:9b:e5:05:e9:74:77:9b:72:2a:6e: + f4:e4:73:a7:e8:65:16:f4:c0:d5:f1:44:ac:39:fe:9c:f5:be: + c5:30:a9:d7:db:5d:96:b3:72:c3:10:d6:5d:b0:78:28:96:7f: + 57:14:95:b9:3e:25:31:96:27:eb:05:0e:30:53:7f:c6:3e:35: + 7a:f1:aa:a9:07:c9:9b:ec:93:7d:e5:b7:9f:60:a5:0c:20:db: + 93:76:eb:ff:72:98:f1:e0:8f:2d:49:65:65:f7:49:82:73:76: + e1:25:ab:4b:84:b4:b4:1b:8e:66:df:a1:4e:de:cb:21:23:d2: + 3c:88:b1:c5:73:6c:c4:b0:97:ab:b2:ac:12:52:25:cc:f3:db: + 32:c7:6a:0c:9f:e5:84:35:28:1c:f6:59:bb:d7:21:8b:8b:7c: + 17:92:46:93:37:27:d4:c3:92:9a:7e:5d:ef:89:31:49:80:f5: + 41:38:2f:5f:be:ed:d0:0d:44:ec:6e:79:35:88:99:25:34:a3: + a1:a2:10:89:0c:01:34:46:a4:ec:ec:fd:40:28:7e:e6:a1:f0: + 47:f3:69:e2:fa:38:f9:de:29:ca:e5:b1:a7:31:c7:06:e4:2b: + 57:a7:43:67:49:8e:34:15:b1:ea:0c:69:90:53:78:da:6b:7c: + 11:47:76:e9:f6:86:ee:47:9b:6d:e5:68:52:dd:55:05:37:29: + f4:71:c7:0c:a4:2a:f6:5a:28:76:01:a8:91:aa:f2:70:57:89: + f2:5f:99:30:cf:77:62:83:cf:56:5b:22:8c:6e:89:9a:7f:94: + ad:93:73:c1:b8:b9:25:c1:3b:df:5a:84:ba:b1:98:53:89:23: + a7:3a:62:ad:ab:b0:0a:73:a0:4a:6e:c3:c1:ac:0d:a2:29:4b: + 14:e4:92:87:7f:e2:66:00:e3:33:28:6c:a4:62:76:17:05:c1: + 94:99:bb:c0:15:b2:4b:ed:2a:4e:7b:1e:92:a4:da:9a:e4:c3: + 4c:03:c9:46:16:f6:2c:f5:45:97:42:fc:f9:fa:e4:d6:09:29: + c3:82:93:0b:31:b0:e2:b2:96:fb:e1:14:8d:2d:62:d3:db:2a: + d8:3b:fa:fd:f5:bf:c9:ba:b1:a5:13:aa:9b:22:c7:6e:a1:04: + c6:3d:3f:84:fc:4f:28:fc +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwVDEYMBYGA1UECgwPRElS +QUMgQ29tcHV0aW5nMTgwNgYDVQQDDC9ESVJBQyBDb21wdXRpbmcgU2lnbmluZyBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xODA4MjIwOTE1MTRaFw0zNzEwMjEw +OTE1MTRaMDoxGDAWBgNVBAoMD0RpcmFjIENvbXB1dGluZzENMAsGA1UECgwEQ0VS +TjEPMA0GA1UEAwwGTXJVc2VyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEAqfZnf9wK+a+qx8kfRlIaehzD2ix+6TKZJ+w9aBlh11b5cPfmIMOmTEXe8rD5 +G6WKofOKNBiQ4vX2tEv7psYpetMwQ9R5ks67RN/YGFkzEEO7jzYFtWsS2jbsdHVf +/2wejICPhABYP1sGaQbRWtcp690fZ97cM1c7AuN/fFZ9m3mAoop5Bc6p1hqWSXyZ +ce/0J+/SjtrLeWY8yvMx4ztR+8wQG+hXEAifnT77zwxeH7pPkwj3IFpRozimTmaP +g0wpwUJXUd8LpPnF6pBeZPMybJ4b4TfoddCXSF/wT7q9UfTKptcoLayFCLp+mNJI +KkKUzm/1CBMFkhenzSP7uhjhu3Swr6SXlz1pEW7B9FFyyghLd7FMEuDIAu8ULqLA +ATFR95p5ec3GbObV4OX4G1Up9f6vDle+qhwkQ81uWxebsaVWveUo38Hsl37dqxB9 +IxNOC/nTQu58l3KnLodMOweCmDnzHFrC5V96pYrKOaFj2Ijg6TO5maQHo0hfwiAC +FNIvYDb8AxNmDzOVAAZkd/Y0nbYeaO6/eNJzRiwJGKZMnXC3UpzRmIBenDTVMCjE +O1ZjsXe0hwjS0/sRytZHN1jWztnMuYftu3BLUQJQL0cmkWvPGjXKBd9kHhuYjtZu ++SEyLni+6VXJJCyR7/2kmlkq9UimB+RLA+EemW7Ik0oDI48CAwEAAaOBqDCBpTAJ +BgNVHRMEAjAAMB0GA1UdDgQWBBRKwv3rLMXxY6XyF2JDa52CbJoTJDAfBgNVHSME +GDAWgBQEwhevOGTghr8fyQBul28bu06HHzAOBgNVHQ8BAf8EBAMCBeAwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk +IENsaWVudCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAOe2uEU17UWOU +iDsZWLDVYC820sXcC19ijco9zNDVfCkKzPMKKPlEA56dY/Kt0cWAtiklPOiWEtKy +bsM7ayZ2FEiPdBSd9P8qHYFMlbsXcyib5QXpdHebcipu9ORzp+hlFvTA1fFErDn+ +nPW+xTCp19tdlrNywxDWXbB4KJZ/VxSVuT4lMZYn6wUOMFN/xj41evGqqQfJm+yT +feW3n2ClDCDbk3br/3KY8eCPLUllZfdJgnN24SWrS4S0tBuOZt+hTt7LISPSPIix +xXNsxLCXq7KsElIlzPPbMsdqDJ/lhDUoHPZZu9chi4t8F5JGkzcn1MOSmn5d74kx +SYD1QTgvX77t0A1E7G55NYiZJTSjoaIQiQwBNEak7Oz9QCh+5qHwR/Np4vo4+d4p +yuWxpzHHBuQrV6dDZ0mONBWx6gxpkFN42mt8EUd26faG7kebbeVoUt1VBTcp9HHH +DKQq9loodgGokarycFeJ8l+ZMM93YoPPVlsijG6Jmn+UrZNzwbi5JcE731qEurGY +U4kjpzpirauwCnOgSm7DwawNoilLFOSSh3/iZgDjMyhspGJ2FwXBlJm7wBWyS+0q +TnsekqTamuTDTAPJRhb2LPVFl0L8+frk1gkpw4KTCzGw4rKW++EUjS1i09sq2Dv6 +/fW/ybqxpROqmyLHbqEExj0/hPxPKPw= +-----END CERTIFICATE----- diff --git a/diracx-db/tests/proxy/data/ca/newcerts/1002.pem b/diracx-db/tests/proxy/data/ca/newcerts/1002.pem new file mode 100644 index 000000000..3b641d744 --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/newcerts/1002.pem @@ -0,0 +1,134 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4098 (0x1002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=DIRAC Computing, CN=DIRAC Computing Signing Certification Authority + Validity + Not Before: Aug 22 09:18:17 2018 GMT + Not After : Oct 21 09:18:17 2037 GMT + Subject: O=Dirac Computing, O=CERN, CN=VOBox + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:e3:57:96:3a:01:02:3a:d6:76:47:cb:a8:63:af: + 53:33:88:51:5e:87:fc:f5:0d:d0:20:90:f7:e2:52: + 71:d0:2f:15:ad:bd:71:9c:73:8b:17:fe:d0:5c:0f: + ab:6f:34:a4:f3:24:2c:32:15:50:0c:2f:45:8d:4c: + 3f:f0:e3:cd:13:52:61:88:2e:54:6d:83:ed:7b:a9: + f4:96:7d:e0:af:0f:28:12:6c:63:48:35:7f:a5:6b: + 46:ae:12:a6:3b:bb:9a:17:b7:08:45:00:49:ea:05: + ef:ba:a7:3b:e0:7d:3a:73:87:c7:8e:b4:14:ab:aa: + 02:54:c0:cb:5a:23:cd:4f:e8:b4:27:e6:ea:c8:41: + b2:7b:86:0f:47:2a:1f:5d:01:7f:a6:47:f9:b0:c4: + 34:cf:a7:34:cf:e9:84:f9:a2:2a:97:13:98:51:68: + f0:0e:ea:26:de:18:67:6e:ca:98:45:88:0c:15:cc: + 05:76:07:95:1f:07:8b:4b:f0:2f:d2:7b:23:d7:ef: + ee:f4:5b:ea:5a:1c:3e:df:7c:96:87:2c:a1:50:8d: + d0:3d:ab:b1:07:44:66:e6:d3:af:3e:68:f4:66:34: + 22:ad:97:5a:6d:81:b6:2a:b9:59:a9:d0:38:8e:e6: + a3:92:ab:e2:d4:da:ff:16:e7:fc:bc:5b:be:43:6a: + 3c:aa:19:b2:6e:31:da:38:cc:c8:c2:bc:e6:9f:3a: + f1:c7:69:b3:9f:62:b3:87:70:8e:8c:34:9c:76:67: + ab:ff:1b:40:bb:98:c5:70:70:13:dc:b8:b9:2a:b6: + 26:b6:b8:f9:f3:c0:37:30:c5:52:f7:c0:af:ee:26: + 21:c7:c3:74:fa:a1:d9:8e:13:fe:8a:c5:83:3e:48: + 97:fd:c1:e0:5f:44:55:bf:7c:27:e4:59:87:c4:03: + 51:49:86:77:1f:0d:93:f3:c2:22:67:40:94:eb:46: + 5b:37:eb:ba:f0:9c:d2:c7:d1:59:2f:c4:32:ce:1d: + 8e:cb:86:5f:a3:d6:fc:1d:76:78:ce:35:8a:ca:54: + cb:6d:7f:52:1f:14:de:50:74:c5:f6:ad:1a:e4:2d: + 7d:a3:65:75:da:27:82:01:79:50:56:58:f5:66:5a: + 3f:1e:f3:dd:9d:87:61:69:cd:95:7c:f1:71:3b:db: + 2d:7b:61:1c:7e:b9:7e:f1:ff:be:a9:dc:9f:47:de: + f1:08:d0:b8:ff:e7:7a:b7:97:11:ff:5b:75:51:1a: + 76:da:73:bb:53:ee:4b:d5:a2:a7:94:69:77:38:01: + 08:88:17:6b:65:47:67:6d:8c:76:ce:00:0d:d2:97: + b2:82:c4:90:6f:69:df:32:ab:b6:12:9b:62:39:f2: + c4:0d:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Server Certificate + X509v3 Subject Key Identifier: + CB:42:51:C8:96:0A:29:92:78:B0:03:BC:B1:0A:9B:90:EB:C8:18:81 + X509v3 Authority Key Identifier: + keyid:04:C2:17:AF:38:64:E0:86:BF:1F:C9:00:6E:97:6F:1B:BB:4E:87:1F + DirName:/O=DIRAC Computing/CN=DIRAC Computing Signing Certification Authority + serial:AC:BC:D0:B9:2B:47:C5:D8 + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:VOBox, DNS:localhost + Signature Algorithm: sha256WithRSAEncryption + 1d:fc:23:38:6c:79:28:d4:2c:cf:34:65:d8:86:e8:69:58:68: + e8:81:18:84:60:94:12:49:a8:37:ac:96:18:5e:8b:db:a9:82: + 7d:f9:cb:3e:b8:46:a3:28:33:86:c5:59:26:9e:d2:01:42:30: + 63:40:75:5e:43:21:75:19:89:37:d9:21:12:aa:37:7e:73:38: + 46:6f:6c:05:3f:b7:91:e2:ef:4b:5e:77:70:cf:38:05:cc:e1: + 76:a0:86:71:46:83:6e:99:4c:1f:3a:67:a0:e9:87:7d:d0:24: + ba:8d:92:a5:3c:a1:a3:9f:97:51:13:e1:30:e8:8a:6a:68:95: + 02:34:33:cd:9d:6a:d3:e5:84:37:b6:12:4b:cf:8c:96:9c:94: + d5:ca:19:9d:24:5f:98:2a:b9:92:8a:a5:36:1e:f9:c8:ff:e0: + 4e:c0:1b:d9:80:41:30:7d:33:a5:d7:a7:1e:62:fc:4f:8d:2e: + 41:8b:8c:29:b4:e5:06:5d:6e:58:4b:98:9e:0c:8e:3d:a2:08: + 63:0e:2f:fc:f6:fd:b8:67:70:96:15:c9:c7:80:00:51:bf:7d: + 36:f6:62:4e:ae:5e:8f:f2:0d:a9:2a:dd:27:f2:ac:ea:52:cb: + 9f:db:73:2e:58:55:c6:86:3a:56:a1:ef:8a:69:07:6e:a5:6c: + ef:dc:25:60:0e:71:39:ba:ce:ba:0b:cd:0b:5e:a2:b2:43:89: + ff:7a:12:c4:89:8f:97:f1:18:a0:e7:49:17:20:f8:af:b6:b0: + 0d:dc:f8:6f:f7:f7:91:47:9f:5a:8a:45:19:5c:36:6f:f2:21: + 6c:92:ae:45:23:b5:b4:a4:64:70:a1:49:4e:6f:7e:3c:25:22: + ae:5a:71:5f:d7:b6:45:c9:a5:8e:cb:e2:c7:10:d0:07:85:0c: + a7:48:85:b5:f1:f1:a8:d5:c0:1a:d4:fc:6c:f2:32:6c:3b:fa: + 9d:0f:56:fc:cd:15:94:a7:d3:4e:83:eb:32:3a:0d:1c:14:70: + fa:7f:35:13:62:d6:8c:6b:9f:3b:f5:5d:56:7f:32:d8:96:14: + d6:60:cf:e9:a7:aa:96:a4:39:40:2c:08:6b:7d:62:21:25:54: + 56:a7:99:2e:e2:32:4a:a1:a1:bb:79:e1:49:45:5e:17:dd:f8: + 54:32:44:8d:a4:4a:b5:bc:90:bf:1e:22:cd:f7:75:98:09:65: + 34:ff:29:2b:06:f1:ef:3c:dc:84:81:6f:9c:c3:78:de:3b:a7: + 18:d4:e6:91:7f:ba:19:36:fd:e0:58:d4:4c:04:7a:fa:58:75: + 03:e8:91:8d:11:1e:26:b5:c6:4a:41:28:e3:d1:63:40:6b:48: + 60:9d:11:44:f9:fa:27:2d +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwVDEYMBYGA1UECgwPRElS +QUMgQ29tcHV0aW5nMTgwNgYDVQQDDC9ESVJBQyBDb21wdXRpbmcgU2lnbmluZyBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xODA4MjIwOTE4MTdaFw0zNzEwMjEw +OTE4MTdaMDkxGDAWBgNVBAoMD0RpcmFjIENvbXB1dGluZzENMAsGA1UECgwEQ0VS +TjEOMAwGA1UEAwwFVk9Cb3gwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDjV5Y6AQI61nZHy6hjr1MziFFeh/z1DdAgkPfiUnHQLxWtvXGcc4sX/tBcD6tv +NKTzJCwyFVAML0WNTD/w480TUmGILlRtg+17qfSWfeCvDygSbGNINX+la0auEqY7 +u5oXtwhFAEnqBe+6pzvgfTpzh8eOtBSrqgJUwMtaI81P6LQn5urIQbJ7hg9HKh9d +AX+mR/mwxDTPpzTP6YT5oiqXE5hRaPAO6ibeGGduyphFiAwVzAV2B5UfB4tL8C/S +eyPX7+70W+paHD7ffJaHLKFQjdA9q7EHRGbm068+aPRmNCKtl1ptgbYquVmp0DiO +5qOSq+LU2v8W5/y8W75DajyqGbJuMdo4zMjCvOafOvHHabOfYrOHcI6MNJx2Z6v/ +G0C7mMVwcBPcuLkqtia2uPnzwDcwxVL3wK/uJiHHw3T6odmOE/6KxYM+SJf9weBf +RFW/fCfkWYfEA1FJhncfDZPzwiJnQJTrRls367rwnNLH0VkvxDLOHY7Lhl+j1vwd +dnjONYrKVMttf1IfFN5QdMX2rRrkLX2jZXXaJ4IBeVBWWPVmWj8e892dh2FpzZV8 +8XE72y17YRx+uX7x/76p3J9H3vEI0Lj/53q3lxH/W3VRGnbac7tT7kvVoqeUaXc4 +AQiIF2tlR2dtjHbOAA3Sl7KCxJBvad8yq7YSm2I58sQN1wIDAQABo4IBNjCCATIw +CQYDVR0TBAIwADAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2Vy +dmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBTLQlHIlgopkniwA7yxCpuQ68gYgTCB +hAYDVR0jBH0we4AUBMIXrzhk4Ia/H8kAbpdvG7tOhx+hWKRWMFQxGDAWBgNVBAoM +D0RJUkFDIENvbXB1dGluZzE4MDYGA1UEAwwvRElSQUMgQ29tcHV0aW5nIFNpZ25p +bmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCCQCsvNC5K0fF2DAOBgNVHQ8BAf8E +BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdEQQUMBKC +BVZPQm94gglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggIBAB38IzhseSjULM80 +ZdiG6GlYaOiBGIRglBJJqDeslhhei9upgn35yz64RqMoM4bFWSae0gFCMGNAdV5D +IXUZiTfZIRKqN35zOEZvbAU/t5Hi70ted3DPOAXM4XaghnFGg26ZTB86Z6Dph33Q +JLqNkqU8oaOfl1ET4TDoimpolQI0M82datPlhDe2EkvPjJaclNXKGZ0kX5gquZKK +pTYe+cj/4E7AG9mAQTB9M6XXpx5i/E+NLkGLjCm05QZdblhLmJ4Mjj2iCGMOL/z2 +/bhncJYVyceAAFG/fTb2Yk6uXo/yDakq3SfyrOpSy5/bcy5YVcaGOlah74ppB26l +bO/cJWAOcTm6zroLzQteorJDif96EsSJj5fxGKDnSRcg+K+2sA3c+G/395FHn1qK +RRlcNm/yIWySrkUjtbSkZHChSU5vfjwlIq5acV/XtkXJpY7L4scQ0AeFDKdIhbXx +8ajVwBrU/GzyMmw7+p0PVvzNFZSn006D6zI6DRwUcPp/NRNi1oxrnzv1XVZ/MtiW +FNZgz+mnqpakOUAsCGt9YiElVFanmS7iMkqhobt54UlFXhfd+FQyRI2kSrW8kL8e +Is33dZgJZTT/KSsG8e883ISBb5zDeN47pxjU5pF/uhk2/eBY1EwEevpYdQPokY0R +Hia1xkpBKOPRY0BrSGCdEUT5+ict +-----END CERTIFICATE----- diff --git a/diracx-db/tests/proxy/data/ca/openssl_config_ca.cnf b/diracx-db/tests/proxy/data/ca/openssl_config_ca.cnf new file mode 100644 index 000000000..53782e2d2 --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/openssl_config_ca.cnf @@ -0,0 +1,109 @@ +# OpenSSL root CA configuration file + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +# EDIT HERE +dir = /home/chaen/dirac/DIRAC/Core/Security/test/certs/ca #PUT THE RIGHT DIR HERE! +####### +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/ca.key.pem +certificate = $dir/ca.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/ca.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_loose + +# This option is dangerous, but allows to +# set subjectAlternativeName on the Request +# `man ca` is your friend +copy_extensions=copy + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only +prompt = no + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +# EDIT HERE OPTIONALLY +O = DIRAC Computing +CN = DIRAC Computing Signing Certification Authority +######## + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth + + +# Whatever is in the request will be copied, unless it is already defined. +# So we have some double definitions here with the other ssl config files, +# but that's allright. The basicConstraints = CA:FALSE is a protection that MUST stay +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +# Our servers need both serverAuth and clientAuth +extendedKeyUsage = serverAuth,clientAuth diff --git a/diracx-db/tests/proxy/data/ca/serial b/diracx-db/tests/proxy/data/ca/serial new file mode 100644 index 000000000..baccd0398 --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/serial @@ -0,0 +1 @@ +1003 diff --git a/diracx-db/tests/proxy/data/ca/serial.old b/diracx-db/tests/proxy/data/ca/serial.old new file mode 100644 index 000000000..7d802a3e7 --- /dev/null +++ b/diracx-db/tests/proxy/data/ca/serial.old @@ -0,0 +1 @@ +1002 diff --git a/diracx-db/tests/proxy/data/certs/ca/b236481c.0 b/diracx-db/tests/proxy/data/certs/ca/b236481c.0 new file mode 100644 index 000000000..4d371a4fc --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/b236481c.0 @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFjjCCA3agAwIBAgIJAKy80LkrR8XYMA0GCSqGSIb3DQEBCwUAMFQxGDAWBgNV +BAoMD0RJUkFDIENvbXB1dGluZzE4MDYGA1UEAwwvRElSQUMgQ29tcHV0aW5nIFNp +Z25pbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgwODIyMDkxMDE2WhcN +MzgwODE3MDkxMDE2WjBUMRgwFgYDVQQKDA9ESVJBQyBDb21wdXRpbmcxODA2BgNV +BAMML0RJUkFDIENvbXB1dGluZyBTaWduaW5nIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsrXwFhkrthG+zviv +tLYo0phBGnSfa2RZ5UwVR5SMmz5NwtJ8FA2inDrRD2q5zXz2wIeZz83tw8x0UP+8 +9TpuYNlwL0WY/vAl25+yCs3w5iBud14iO2z19z6E6gg6JnUo8srPfHSOZj/0q59B +/M2yGVEGoJbuAmW4ofzMM0OiDuXA5vmcO2jADEq4f1MJpckqeUZtgn6t4DmEfy3F ++c6K4N6lIxIDFN+pjaWNYwnqnpGqfGrGjRvqGWo5nBKPf39/fB9fGvfx7yVxQF7v +sk2B1nmjdWoLjkZfnKREBTgqrR53lI8VNSP2XRBkKMkBuH8rdHXDcA8rsJpDYGqi +vKoDsd8jrB2c4L08s5eTgrK+gTTPPS8vy4XVFDHYd/adUog83+uVT25cia/Kvmgr +s0fU3p6AnazKVBKOVY5Rzb+oRCNl9VoOLhBo7Nuorjpd9U7l0AjUJ1hkrZCSVzDj +f2V4IW/3heK+CBLekMXSG0BdAnaa/o8vGfvfxpe2Qt65JC4f+Ov1tcMRQfd+CPg3 +YczyiE2pFNqt368SI7UI0hzBjCmF95Bh62CKoYuJpRYVw3V8PGBboz0ROhMb2No2 +7ohLg0EgYnsRf+RVb6IBxfA5EFlp0IzhSzFlKYlQnHRIQAbKV5aPhm6TmucT7CYj +++OdNPy6ZpHhf6oWVMsSmaPPYT0CAwEAAaNjMGEwHQYDVR0OBBYEFATCF684ZOCG +vx/JAG6Xbxu7TocfMB8GA1UdIwQYMBaAFATCF684ZOCGvx/JAG6Xbxu7TocfMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC +AQAOekRqM+76KGuXic5wwvcKgGMMqgqs37SfVtvS0teZpLItZEU4RiE7GP3rLn4H +NRwAPl0tUh4nUcm8WA5hinx1V/A2WyYrA7kg8G3OFL1ZVDnmd+/rH6TgyXhOLOEw ++A7EKikXUasmzjuRDgI+/oayvCcakAscRwmExc7z/4rs/HA4S2ZGiC7Y88jll5bf +ifhiPxmk4kV/U9tsjTeFEzRAXH8jNN4ZK8/QfXMc+VkwpYkooZ/EyjVUKw8H2qDS +RPokErZFUPcYwUpM4MKboxFqTsy+zM5IYhhWhcglL9cbwhdZ+/ZGvblGx4Vi03pE +vT2zMOA/8xeadUinKDvXzByTZ4E9FoWVOTDP6dVO8NxH0n0GFqnibFF9EE6hbR5w +wgtNLdtbbjZ2REBs0yDyf4kcwgG6OpSoxTvjIxd5qcf7K7uMO5MEUnNBTPMjhCnj +Z2MGmbHPXYRmOx4uWO53qOeDJcuoKrn+qprA0+Fqn8YHws2PnzifAiKXZpmAiM+g +wn0cOmFV+69D9fu4yb1x8LeJrYcvPmrdcGmdg8PBbW5aiL13Q0WIa3u/s3unEPor +ch7wbkWi1T0+p4ppaVmzudRoY54EodMWAxhKGG3o1pMiUGoXuNf4PXalaVZz7cI2 +NTXgTwrmzdBPhd4JXg1y4O7NYae7xhN+iZogsSTU3bVpaQ== +-----END CERTIFICATE----- diff --git a/diracx-db/tests/proxy/data/certs/ca/ca.cert.pem b/diracx-db/tests/proxy/data/certs/ca/ca.cert.pem new file mode 100644 index 000000000..4d371a4fc --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/ca.cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFjjCCA3agAwIBAgIJAKy80LkrR8XYMA0GCSqGSIb3DQEBCwUAMFQxGDAWBgNV +BAoMD0RJUkFDIENvbXB1dGluZzE4MDYGA1UEAwwvRElSQUMgQ29tcHV0aW5nIFNp +Z25pbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgwODIyMDkxMDE2WhcN +MzgwODE3MDkxMDE2WjBUMRgwFgYDVQQKDA9ESVJBQyBDb21wdXRpbmcxODA2BgNV +BAMML0RJUkFDIENvbXB1dGluZyBTaWduaW5nIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsrXwFhkrthG+zviv +tLYo0phBGnSfa2RZ5UwVR5SMmz5NwtJ8FA2inDrRD2q5zXz2wIeZz83tw8x0UP+8 +9TpuYNlwL0WY/vAl25+yCs3w5iBud14iO2z19z6E6gg6JnUo8srPfHSOZj/0q59B +/M2yGVEGoJbuAmW4ofzMM0OiDuXA5vmcO2jADEq4f1MJpckqeUZtgn6t4DmEfy3F ++c6K4N6lIxIDFN+pjaWNYwnqnpGqfGrGjRvqGWo5nBKPf39/fB9fGvfx7yVxQF7v +sk2B1nmjdWoLjkZfnKREBTgqrR53lI8VNSP2XRBkKMkBuH8rdHXDcA8rsJpDYGqi +vKoDsd8jrB2c4L08s5eTgrK+gTTPPS8vy4XVFDHYd/adUog83+uVT25cia/Kvmgr +s0fU3p6AnazKVBKOVY5Rzb+oRCNl9VoOLhBo7Nuorjpd9U7l0AjUJ1hkrZCSVzDj +f2V4IW/3heK+CBLekMXSG0BdAnaa/o8vGfvfxpe2Qt65JC4f+Ov1tcMRQfd+CPg3 +YczyiE2pFNqt368SI7UI0hzBjCmF95Bh62CKoYuJpRYVw3V8PGBboz0ROhMb2No2 +7ohLg0EgYnsRf+RVb6IBxfA5EFlp0IzhSzFlKYlQnHRIQAbKV5aPhm6TmucT7CYj +++OdNPy6ZpHhf6oWVMsSmaPPYT0CAwEAAaNjMGEwHQYDVR0OBBYEFATCF684ZOCG +vx/JAG6Xbxu7TocfMB8GA1UdIwQYMBaAFATCF684ZOCGvx/JAG6Xbxu7TocfMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IC +AQAOekRqM+76KGuXic5wwvcKgGMMqgqs37SfVtvS0teZpLItZEU4RiE7GP3rLn4H +NRwAPl0tUh4nUcm8WA5hinx1V/A2WyYrA7kg8G3OFL1ZVDnmd+/rH6TgyXhOLOEw ++A7EKikXUasmzjuRDgI+/oayvCcakAscRwmExc7z/4rs/HA4S2ZGiC7Y88jll5bf +ifhiPxmk4kV/U9tsjTeFEzRAXH8jNN4ZK8/QfXMc+VkwpYkooZ/EyjVUKw8H2qDS +RPokErZFUPcYwUpM4MKboxFqTsy+zM5IYhhWhcglL9cbwhdZ+/ZGvblGx4Vi03pE +vT2zMOA/8xeadUinKDvXzByTZ4E9FoWVOTDP6dVO8NxH0n0GFqnibFF9EE6hbR5w +wgtNLdtbbjZ2REBs0yDyf4kcwgG6OpSoxTvjIxd5qcf7K7uMO5MEUnNBTPMjhCnj +Z2MGmbHPXYRmOx4uWO53qOeDJcuoKrn+qprA0+Fqn8YHws2PnzifAiKXZpmAiM+g +wn0cOmFV+69D9fu4yb1x8LeJrYcvPmrdcGmdg8PBbW5aiL13Q0WIa3u/s3unEPor +ch7wbkWi1T0+p4ppaVmzudRoY54EodMWAxhKGG3o1pMiUGoXuNf4PXalaVZz7cI2 +NTXgTwrmzdBPhd4JXg1y4O7NYae7xhN+iZogsSTU3bVpaQ== +-----END CERTIFICATE----- diff --git a/diracx-db/tests/proxy/data/certs/ca/ca.key.pem b/diracx-db/tests/proxy/data/certs/ca/ca.key.pem new file mode 100644 index 000000000..ae9966b13 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/ca.key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAsrXwFhkrthG+zvivtLYo0phBGnSfa2RZ5UwVR5SMmz5NwtJ8 +FA2inDrRD2q5zXz2wIeZz83tw8x0UP+89TpuYNlwL0WY/vAl25+yCs3w5iBud14i +O2z19z6E6gg6JnUo8srPfHSOZj/0q59B/M2yGVEGoJbuAmW4ofzMM0OiDuXA5vmc +O2jADEq4f1MJpckqeUZtgn6t4DmEfy3F+c6K4N6lIxIDFN+pjaWNYwnqnpGqfGrG +jRvqGWo5nBKPf39/fB9fGvfx7yVxQF7vsk2B1nmjdWoLjkZfnKREBTgqrR53lI8V +NSP2XRBkKMkBuH8rdHXDcA8rsJpDYGqivKoDsd8jrB2c4L08s5eTgrK+gTTPPS8v +y4XVFDHYd/adUog83+uVT25cia/Kvmgrs0fU3p6AnazKVBKOVY5Rzb+oRCNl9VoO +LhBo7Nuorjpd9U7l0AjUJ1hkrZCSVzDjf2V4IW/3heK+CBLekMXSG0BdAnaa/o8v +Gfvfxpe2Qt65JC4f+Ov1tcMRQfd+CPg3YczyiE2pFNqt368SI7UI0hzBjCmF95Bh +62CKoYuJpRYVw3V8PGBboz0ROhMb2No27ohLg0EgYnsRf+RVb6IBxfA5EFlp0Izh +SzFlKYlQnHRIQAbKV5aPhm6TmucT7CYj++OdNPy6ZpHhf6oWVMsSmaPPYT0CAwEA +AQKCAgEAkhpSNQ7RAKHTWAxSQbBnAXz+RK2xo6/AGskv4Hxe05CFLFC+pfpbxdQE +FNGRI6EVbmOt6QkXaGrfcVUS232wvbcmk08X/NzCZqJRganKV6mOBkLMQ78Z+89+ +BINDXyuLlasfJEV6IbgJxMGHxjE4eKAYhfO+k/ErmCs/mm2hsQI+ydap1pwV3ja8 +TUPK8GHdOpbMctI0PstnOj5my4sDWUJMybYxFMCiMq51P9HcoVS/h8YXm0eGBM8m +WCWIcZj/1a8kJr0savI2e4Th++iHzJtXemd/GQsJodtdzNKVeUEeTDMKCI7lHEKJ +UBq9MGOvWB/q7tNISbJkgQ/NCecI6uVAHEzyYyBNaDRQSkEYqoFbqmmv4xMfqaQb +7qr/WW3SDgHCSyntZjnRm3qLuccFmSx4r55kaLPqkxTTGIF43q5gKtZqtUpQGzA0 +SJTEUC0hXYmS5tA+wd/jZ2hM04q2CNQAeflhdxTXipzlk2cs9CzPHQaaT/reQ1+W +BMOBrpSpPOOti8nlzG3noMAg9d748oT5zteHhuunC7vm/Lp3PRhAwjTfhvPUwpup +DGj35n8NMjYciidundIFIwXtf0yrUQM+yLBoSVpAa7Sia0TOGyJEHWELLBLbjMpt +/GjiG7+K5SbP6O/+0yG77lxtw/0378SwFW+v/6xoyQCidYJT3tUCggEBAOAXgyD3 +9/gRo718SkzeGuC3u/JvyosqDqN9ejQoP6DZl7Q1SbqIdCfJZpQskxeHvpwaw5hB ++WEkk6zgC6xlFSplt6IYP7uw+1cJ+rgaOiivQ1NQs2HeyalblwygdO5geM8J1ePi +0CSz/abVe8APbKAwBovSVlQHdoEFGf6yjs1iP4+NLWUnOiZstWV2lhV/EPLxGUjZ +CQkI2/6DCF8CbFeoNelAe26997/A4m8gR6/W94ZFX2ZXBtqGj4Kb2YxFc1nM1yQQ +4D23ePJY0kMBTqSL1CpAtyVm5oZRkgzsIH9R6ipQ2KiVVnLvpjmANk+PcVQsv8yS +bFd383vzTOXseKMCggEBAMwoNr4RfR+fYm0u/2ZCWbbnlmNGBdkPmEK3k1DbEBRK +AKg/uTI6PxMqQDWzZJ2RPnHg7X9h+hvxH2TBzpdDIBtujyH9wjwYfDFnd/mOpAMa +EJnbO32/OvgspgHoMWJX98fZOTSu3fCvpPSHV06ScHNvg3IiOfBQ/oPEVQL9KmlP +FQ+CXq0/+vI4zcpolaFL3mC2p8Ck9zM+w1uroaqAQLf8C/ZBY3es5acXRGc6hLnq +xexPuU5K+0gz3il4x5ltSFfllEJrQVXjobgJAlHyYqMVDwc59zHeweL3NdTfrC46 +krFLy6t1GG5ug1uqUgcIHeR/q6LFgES++ATtarcQ/J8CggEBAKRMWNXpOKNmu3iI +Eim9hlNQIrqjgAr8cPMpYlmvUMdsAbAcicv7k75ACbeF3uqXmgb2EIYniOHSYXuU +YLqq+hO1tCdiRAgmwICWTn6ArDd8GI6TUpHlOFG1V0/orRLBJJIXkfydJSJj3Qte +5nZwWKIx0/rb4nOFbTs3NFHrNIwdBqEHT0sksZvOhEi541wrZ4/XeURR7C/1kOZP +x+lw62Jxb+VuY5FUMrsifmIfdq/TmnOVlVaBZAMAOWP3RE919BbY+rv0q5RUWpbE +zJRX9wLpikrYW+9OPKIqWDylO0ZeFqOj1tXzeAiY8HSkLi2y69JdZNpmWIzg42Hz +hmPlNqUCggEAXffggomgMu70qdao/ZNqodJkmRsA1BDmf0bpypyaAQyy0r5J6sF+ +iL64wT7p/9B7koT6K9iX+0Z3sbO2+E6QN7Ait32KaojGmSLLyRULjtXvcDHFZzKe +3N4IJvaNzHs69ESanRIj24WtAlRNLkAe/DMGqIDydBeDnni+vFp0q/YXdoUGOO4q +/lSA/Do5LP2zxIYuHnCPy4mG9+m+xrCzmTus8dLVCp+NMOR3up/nuX9DTGrBmzTO +BkTBbAtIq+juFG76V7vwXa0hoYicBcXv+qpVuXjHu6+RRHuOzoWJRdn17R87Bpcm +AKZjVczGZrAouiS9hnUrffj8RaBVrx9ldwKCAQAQ/Z1K+eBkDmr+RP9fuuMdnkPw +EHgEj/Sd6aiECIqf0wum9P8BA441j2IBZbxruNINxxXLRwCy8K9nrl76++emE2fh +uVHD+51nHY8vGcS74lVsvW24etT/SFcE6wN7GW8c4moTMK/aXRzg6aZvKmraqsDs +b93oxoClgc2BpgpyvivkWpppWmp9ZNiX0ju8ypnXjoTjGpImZiqWoFxKvlM3/Y6l +HhxHIwsiUalMmb1yw2DJunDvrxzBU79HolLE6j9SxcK0YcGOPggT9loGpfhmUy6p +dvZ7L6V6cteUH+/BR3xs2YZXsgWGl9K6wfjmCXUS50Yuyv67xONpq6Bb+U7k +-----END RSA PRIVATE KEY----- diff --git a/diracx-db/tests/proxy/data/certs/ca/crlnumber b/diracx-db/tests/proxy/data/certs/ca/crlnumber new file mode 100644 index 000000000..83b33d238 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/crlnumber @@ -0,0 +1 @@ +1000 diff --git a/diracx-db/tests/proxy/data/certs/ca/index.txt b/diracx-db/tests/proxy/data/certs/ca/index.txt new file mode 100644 index 000000000..0989c52d6 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/index.txt @@ -0,0 +1,2 @@ +V 371021091514Z 1001 unknown /O=Dirac Computing/O=CERN/CN=MrUser +V 371021091817Z 1002 unknown /O=Dirac Computing/O=CERN/CN=VOBox diff --git a/diracx-db/tests/proxy/data/certs/ca/index.txt.attr b/diracx-db/tests/proxy/data/certs/ca/index.txt.attr new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/diracx-db/tests/proxy/data/certs/ca/index.txt.attr.old b/diracx-db/tests/proxy/data/certs/ca/index.txt.attr.old new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/diracx-db/tests/proxy/data/certs/ca/index.txt.old b/diracx-db/tests/proxy/data/certs/ca/index.txt.old new file mode 100644 index 000000000..73d4026d2 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/index.txt.old @@ -0,0 +1 @@ +V 371021091514Z 1001 unknown /O=Dirac Computing/O=CERN/CN=MrUser diff --git a/diracx-db/tests/proxy/data/certs/ca/newcerts/1000.pem b/diracx-db/tests/proxy/data/certs/ca/newcerts/1000.pem new file mode 100644 index 000000000..e826e2753 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/newcerts/1000.pem @@ -0,0 +1,127 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=DIRAC Computing, CN=DIRAC Computing Signing Certification Authority + Validity + Not Before: Aug 22 09:14:03 2018 GMT + Not After : Sep 1 09:14:03 2019 GMT + Subject: O=Dirac Computing, O=CERN, CN=MrUser + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:a9:f6:67:7f:dc:0a:f9:af:aa:c7:c9:1f:46:52: + 1a:7a:1c:c3:da:2c:7e:e9:32:99:27:ec:3d:68:19: + 61:d7:56:f9:70:f7:e6:20:c3:a6:4c:45:de:f2:b0: + f9:1b:a5:8a:a1:f3:8a:34:18:90:e2:f5:f6:b4:4b: + fb:a6:c6:29:7a:d3:30:43:d4:79:92:ce:bb:44:df: + d8:18:59:33:10:43:bb:8f:36:05:b5:6b:12:da:36: + ec:74:75:5f:ff:6c:1e:8c:80:8f:84:00:58:3f:5b: + 06:69:06:d1:5a:d7:29:eb:dd:1f:67:de:dc:33:57: + 3b:02:e3:7f:7c:56:7d:9b:79:80:a2:8a:79:05:ce: + a9:d6:1a:96:49:7c:99:71:ef:f4:27:ef:d2:8e:da: + cb:79:66:3c:ca:f3:31:e3:3b:51:fb:cc:10:1b:e8: + 57:10:08:9f:9d:3e:fb:cf:0c:5e:1f:ba:4f:93:08: + f7:20:5a:51:a3:38:a6:4e:66:8f:83:4c:29:c1:42: + 57:51:df:0b:a4:f9:c5:ea:90:5e:64:f3:32:6c:9e: + 1b:e1:37:e8:75:d0:97:48:5f:f0:4f:ba:bd:51:f4: + ca:a6:d7:28:2d:ac:85:08:ba:7e:98:d2:48:2a:42: + 94:ce:6f:f5:08:13:05:92:17:a7:cd:23:fb:ba:18: + e1:bb:74:b0:af:a4:97:97:3d:69:11:6e:c1:f4:51: + 72:ca:08:4b:77:b1:4c:12:e0:c8:02:ef:14:2e:a2: + c0:01:31:51:f7:9a:79:79:cd:c6:6c:e6:d5:e0:e5: + f8:1b:55:29:f5:fe:af:0e:57:be:aa:1c:24:43:cd: + 6e:5b:17:9b:b1:a5:56:bd:e5:28:df:c1:ec:97:7e: + dd:ab:10:7d:23:13:4e:0b:f9:d3:42:ee:7c:97:72: + a7:2e:87:4c:3b:07:82:98:39:f3:1c:5a:c2:e5:5f: + 7a:a5:8a:ca:39:a1:63:d8:88:e0:e9:33:b9:99:a4: + 07:a3:48:5f:c2:20:02:14:d2:2f:60:36:fc:03:13: + 66:0f:33:95:00:06:64:77:f6:34:9d:b6:1e:68:ee: + bf:78:d2:73:46:2c:09:18:a6:4c:9d:70:b7:52:9c: + d1:98:80:5e:9c:34:d5:30:28:c4:3b:56:63:b1:77: + b4:87:08:d2:d3:fb:11:ca:d6:47:37:58:d6:ce:d9: + cc:b9:87:ed:bb:70:4b:51:02:50:2f:47:26:91:6b: + cf:1a:35:ca:05:df:64:1e:1b:98:8e:d6:6e:f9:21: + 32:2e:78:be:e9:55:c9:24:2c:91:ef:fd:a4:9a:59: + 2a:f5:48:a6:07:e4:4b:03:e1:1e:99:6e:c8:93:4a: + 03:23:8f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 4A:C2:FD:EB:2C:C5:F1:63:A5:F2:17:62:43:6B:9D:82:6C:9A:13:24 + X509v3 Authority Key Identifier: + keyid:04:C2:17:AF:38:64:E0:86:BF:1F:C9:00:6E:97:6F:1B:BB:4E:87:1F + + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + Netscape Comment: + OpenSSL Generated Client Certificate + Signature Algorithm: sha256WithRSAEncryption + 69:94:90:e8:07:e6:11:fd:a8:ce:df:0e:88:b0:e9:02:12:ff: + d5:b2:f7:31:21:6a:fb:69:b6:d1:d7:11:51:c2:6d:c7:c8:f0: + 95:e6:55:73:65:6c:c1:45:c6:f6:72:37:55:6b:09:ed:a7:2b: + ce:87:a8:54:96:0c:b8:39:a4:7f:df:e8:23:0f:78:7b:93:3f: + 6e:50:ae:bf:0b:72:16:86:b8:8b:20:e0:14:92:17:83:e3:6f: + ab:62:1b:9b:e2:8c:1d:36:4b:50:14:78:dd:bf:9b:d5:fb:7a: + b7:3f:73:ce:a8:21:9e:1a:5b:f7:20:41:08:37:7f:ce:36:ed: + 83:43:75:c8:e4:91:a2:38:0e:1e:50:51:72:d3:21:31:1a:13: + f5:48:fc:e3:46:47:91:ea:5c:d0:77:6c:73:95:ed:7e:9b:68: + e5:30:45:9b:c9:b0:4d:25:3f:46:54:a5:2f:c3:24:d9:e7:88: + 48:b2:b4:af:ac:1a:18:3f:c0:03:5c:50:f8:67:a6:bf:72:0c: + 53:1c:2c:9f:da:42:49:b8:7d:76:44:7a:7b:a8:a6:72:67:0d: + b4:c7:ee:1e:82:c0:3b:67:30:91:64:28:3c:b7:5b:e9:f7:24: + 4f:d8:e5:0a:a8:b7:cd:e3:69:e9:78:82:53:fd:f7:ec:65:a5: + 54:9a:91:33:92:be:1a:4f:c9:34:10:5c:4e:97:57:0d:d7:d8: + 4a:81:82:bc:eb:9e:d2:a1:9d:65:c5:6e:cc:50:b3:eb:82:5a: + fd:f3:a6:af:9d:d4:b2:a8:54:5a:91:75:01:38:f5:46:5a:a6: + bf:11:24:f6:03:29:f3:36:2f:05:56:e7:2a:e7:b1:f6:c2:24: + 4e:ce:85:ad:95:d8:19:25:63:ba:b9:09:66:c9:9f:3b:02:34: + d6:d5:c8:b4:df:32:a0:85:74:0c:4a:28:31:b0:9b:ce:49:dc: + b9:d1:3f:fa:58:4b:2e:ca:a0:9c:3e:f6:36:e5:f9:f6:6d:31: + 8c:cc:48:78:20:ea:78:33:a9:83:7b:4e:f7:68:b4:92:4e:9a: + 78:81:c6:24:91:62:4a:e9:af:ff:30:3e:22:42:7c:05:49:d9: + 49:15:6f:46:30:51:61:05:8f:19:7c:6e:65:6a:78:db:56:a2: + 47:a6:2a:11:0c:ef:27:0c:7e:2b:ce:ff:0c:eb:9d:49:47:e9: + 97:f6:b5:c8:c9:d7:9c:9c:6e:8a:f4:62:ee:0e:53:75:bf:ca: + 3e:b3:2a:bc:1d:a7:64:f3:3a:bf:a2:6c:77:5e:28:68:7a:aa: + fd:b3:1d:37:79:b8:d6:17:02:d3:87:0e:25:7d:70:9b:9e:31: + 45:42:dc:a6:2b:a3:09:7c +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwVDEYMBYGA1UECgwPRElS +QUMgQ29tcHV0aW5nMTgwNgYDVQQDDC9ESVJBQyBDb21wdXRpbmcgU2lnbmluZyBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xODA4MjIwOTE0MDNaFw0xOTA5MDEw +OTE0MDNaMDoxGDAWBgNVBAoMD0RpcmFjIENvbXB1dGluZzENMAsGA1UECgwEQ0VS +TjEPMA0GA1UEAwwGTXJVc2VyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEAqfZnf9wK+a+qx8kfRlIaehzD2ix+6TKZJ+w9aBlh11b5cPfmIMOmTEXe8rD5 +G6WKofOKNBiQ4vX2tEv7psYpetMwQ9R5ks67RN/YGFkzEEO7jzYFtWsS2jbsdHVf +/2wejICPhABYP1sGaQbRWtcp690fZ97cM1c7AuN/fFZ9m3mAoop5Bc6p1hqWSXyZ +ce/0J+/SjtrLeWY8yvMx4ztR+8wQG+hXEAifnT77zwxeH7pPkwj3IFpRozimTmaP +g0wpwUJXUd8LpPnF6pBeZPMybJ4b4TfoddCXSF/wT7q9UfTKptcoLayFCLp+mNJI +KkKUzm/1CBMFkhenzSP7uhjhu3Swr6SXlz1pEW7B9FFyyghLd7FMEuDIAu8ULqLA +ATFR95p5ec3GbObV4OX4G1Up9f6vDle+qhwkQ81uWxebsaVWveUo38Hsl37dqxB9 +IxNOC/nTQu58l3KnLodMOweCmDnzHFrC5V96pYrKOaFj2Ijg6TO5maQHo0hfwiAC +FNIvYDb8AxNmDzOVAAZkd/Y0nbYeaO6/eNJzRiwJGKZMnXC3UpzRmIBenDTVMCjE +O1ZjsXe0hwjS0/sRytZHN1jWztnMuYftu3BLUQJQL0cmkWvPGjXKBd9kHhuYjtZu ++SEyLni+6VXJJCyR7/2kmlkq9UimB+RLA+EemW7Ik0oDI48CAwEAAaOBqDCBpTAJ +BgNVHRMEAjAAMB0GA1UdDgQWBBRKwv3rLMXxY6XyF2JDa52CbJoTJDAfBgNVHSME +GDAWgBQEwhevOGTghr8fyQBul28bu06HHzAOBgNVHQ8BAf8EBAMCBeAwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk +IENsaWVudCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAaZSQ6AfmEf2o +zt8OiLDpAhL/1bL3MSFq+2m20dcRUcJtx8jwleZVc2VswUXG9nI3VWsJ7acrzoeo +VJYMuDmkf9/oIw94e5M/blCuvwtyFoa4iyDgFJIXg+Nvq2Ibm+KMHTZLUBR43b+b +1ft6tz9zzqghnhpb9yBBCDd/zjbtg0N1yOSRojgOHlBRctMhMRoT9Uj840ZHkepc +0Hdsc5Xtfpto5TBFm8mwTSU/RlSlL8Mk2eeISLK0r6waGD/AA1xQ+Gemv3IMUxws +n9pCSbh9dkR6e6imcmcNtMfuHoLAO2cwkWQoPLdb6fckT9jlCqi3zeNp6XiCU/33 +7GWlVJqRM5K+Gk/JNBBcTpdXDdfYSoGCvOue0qGdZcVuzFCz64Ja/fOmr53UsqhU +WpF1ATj1RlqmvxEk9gMp8zYvBVbnKuex9sIkTs6FrZXYGSVjurkJZsmfOwI01tXI +tN8yoIV0DEooMbCbzkncudE/+lhLLsqgnD72NuX59m0xjMxIeCDqeDOpg3tO92i0 +kk6aeIHGJJFiSumv/zA+IkJ8BUnZSRVvRjBRYQWPGXxuZWp421aiR6YqEQzvJwx+ +K87/DOudSUfpl/a1yMnXnJxuivRi7g5Tdb/KPrMqvB2nZPM6v6Jsd14oaHqq/bMd +N3m41hcC04cOJX1wm54xRULcpiujCXw= +-----END CERTIFICATE----- diff --git a/diracx-db/tests/proxy/data/certs/ca/newcerts/1001.pem b/diracx-db/tests/proxy/data/certs/ca/newcerts/1001.pem new file mode 100644 index 000000000..6dadd75c4 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/newcerts/1001.pem @@ -0,0 +1,127 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=DIRAC Computing, CN=DIRAC Computing Signing Certification Authority + Validity + Not Before: Aug 22 09:15:14 2018 GMT + Not After : Oct 21 09:15:14 2037 GMT + Subject: O=Dirac Computing, O=CERN, CN=MrUser + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:a9:f6:67:7f:dc:0a:f9:af:aa:c7:c9:1f:46:52: + 1a:7a:1c:c3:da:2c:7e:e9:32:99:27:ec:3d:68:19: + 61:d7:56:f9:70:f7:e6:20:c3:a6:4c:45:de:f2:b0: + f9:1b:a5:8a:a1:f3:8a:34:18:90:e2:f5:f6:b4:4b: + fb:a6:c6:29:7a:d3:30:43:d4:79:92:ce:bb:44:df: + d8:18:59:33:10:43:bb:8f:36:05:b5:6b:12:da:36: + ec:74:75:5f:ff:6c:1e:8c:80:8f:84:00:58:3f:5b: + 06:69:06:d1:5a:d7:29:eb:dd:1f:67:de:dc:33:57: + 3b:02:e3:7f:7c:56:7d:9b:79:80:a2:8a:79:05:ce: + a9:d6:1a:96:49:7c:99:71:ef:f4:27:ef:d2:8e:da: + cb:79:66:3c:ca:f3:31:e3:3b:51:fb:cc:10:1b:e8: + 57:10:08:9f:9d:3e:fb:cf:0c:5e:1f:ba:4f:93:08: + f7:20:5a:51:a3:38:a6:4e:66:8f:83:4c:29:c1:42: + 57:51:df:0b:a4:f9:c5:ea:90:5e:64:f3:32:6c:9e: + 1b:e1:37:e8:75:d0:97:48:5f:f0:4f:ba:bd:51:f4: + ca:a6:d7:28:2d:ac:85:08:ba:7e:98:d2:48:2a:42: + 94:ce:6f:f5:08:13:05:92:17:a7:cd:23:fb:ba:18: + e1:bb:74:b0:af:a4:97:97:3d:69:11:6e:c1:f4:51: + 72:ca:08:4b:77:b1:4c:12:e0:c8:02:ef:14:2e:a2: + c0:01:31:51:f7:9a:79:79:cd:c6:6c:e6:d5:e0:e5: + f8:1b:55:29:f5:fe:af:0e:57:be:aa:1c:24:43:cd: + 6e:5b:17:9b:b1:a5:56:bd:e5:28:df:c1:ec:97:7e: + dd:ab:10:7d:23:13:4e:0b:f9:d3:42:ee:7c:97:72: + a7:2e:87:4c:3b:07:82:98:39:f3:1c:5a:c2:e5:5f: + 7a:a5:8a:ca:39:a1:63:d8:88:e0:e9:33:b9:99:a4: + 07:a3:48:5f:c2:20:02:14:d2:2f:60:36:fc:03:13: + 66:0f:33:95:00:06:64:77:f6:34:9d:b6:1e:68:ee: + bf:78:d2:73:46:2c:09:18:a6:4c:9d:70:b7:52:9c: + d1:98:80:5e:9c:34:d5:30:28:c4:3b:56:63:b1:77: + b4:87:08:d2:d3:fb:11:ca:d6:47:37:58:d6:ce:d9: + cc:b9:87:ed:bb:70:4b:51:02:50:2f:47:26:91:6b: + cf:1a:35:ca:05:df:64:1e:1b:98:8e:d6:6e:f9:21: + 32:2e:78:be:e9:55:c9:24:2c:91:ef:fd:a4:9a:59: + 2a:f5:48:a6:07:e4:4b:03:e1:1e:99:6e:c8:93:4a: + 03:23:8f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 4A:C2:FD:EB:2C:C5:F1:63:A5:F2:17:62:43:6B:9D:82:6C:9A:13:24 + X509v3 Authority Key Identifier: + keyid:04:C2:17:AF:38:64:E0:86:BF:1F:C9:00:6E:97:6F:1B:BB:4E:87:1F + + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + Netscape Comment: + OpenSSL Generated Client Certificate + Signature Algorithm: sha256WithRSAEncryption + 39:ed:ae:11:4d:7b:51:63:94:88:3b:19:58:b0:d5:60:2f:36: + d2:c5:dc:0b:5f:62:8d:ca:3d:cc:d0:d5:7c:29:0a:cc:f3:0a: + 28:f9:44:03:9e:9d:63:f2:ad:d1:c5:80:b6:29:25:3c:e8:96: + 12:d2:b2:6e:c3:3b:6b:26:76:14:48:8f:74:14:9d:f4:ff:2a: + 1d:81:4c:95:bb:17:73:28:9b:e5:05:e9:74:77:9b:72:2a:6e: + f4:e4:73:a7:e8:65:16:f4:c0:d5:f1:44:ac:39:fe:9c:f5:be: + c5:30:a9:d7:db:5d:96:b3:72:c3:10:d6:5d:b0:78:28:96:7f: + 57:14:95:b9:3e:25:31:96:27:eb:05:0e:30:53:7f:c6:3e:35: + 7a:f1:aa:a9:07:c9:9b:ec:93:7d:e5:b7:9f:60:a5:0c:20:db: + 93:76:eb:ff:72:98:f1:e0:8f:2d:49:65:65:f7:49:82:73:76: + e1:25:ab:4b:84:b4:b4:1b:8e:66:df:a1:4e:de:cb:21:23:d2: + 3c:88:b1:c5:73:6c:c4:b0:97:ab:b2:ac:12:52:25:cc:f3:db: + 32:c7:6a:0c:9f:e5:84:35:28:1c:f6:59:bb:d7:21:8b:8b:7c: + 17:92:46:93:37:27:d4:c3:92:9a:7e:5d:ef:89:31:49:80:f5: + 41:38:2f:5f:be:ed:d0:0d:44:ec:6e:79:35:88:99:25:34:a3: + a1:a2:10:89:0c:01:34:46:a4:ec:ec:fd:40:28:7e:e6:a1:f0: + 47:f3:69:e2:fa:38:f9:de:29:ca:e5:b1:a7:31:c7:06:e4:2b: + 57:a7:43:67:49:8e:34:15:b1:ea:0c:69:90:53:78:da:6b:7c: + 11:47:76:e9:f6:86:ee:47:9b:6d:e5:68:52:dd:55:05:37:29: + f4:71:c7:0c:a4:2a:f6:5a:28:76:01:a8:91:aa:f2:70:57:89: + f2:5f:99:30:cf:77:62:83:cf:56:5b:22:8c:6e:89:9a:7f:94: + ad:93:73:c1:b8:b9:25:c1:3b:df:5a:84:ba:b1:98:53:89:23: + a7:3a:62:ad:ab:b0:0a:73:a0:4a:6e:c3:c1:ac:0d:a2:29:4b: + 14:e4:92:87:7f:e2:66:00:e3:33:28:6c:a4:62:76:17:05:c1: + 94:99:bb:c0:15:b2:4b:ed:2a:4e:7b:1e:92:a4:da:9a:e4:c3: + 4c:03:c9:46:16:f6:2c:f5:45:97:42:fc:f9:fa:e4:d6:09:29: + c3:82:93:0b:31:b0:e2:b2:96:fb:e1:14:8d:2d:62:d3:db:2a: + d8:3b:fa:fd:f5:bf:c9:ba:b1:a5:13:aa:9b:22:c7:6e:a1:04: + c6:3d:3f:84:fc:4f:28:fc +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwVDEYMBYGA1UECgwPRElS +QUMgQ29tcHV0aW5nMTgwNgYDVQQDDC9ESVJBQyBDb21wdXRpbmcgU2lnbmluZyBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xODA4MjIwOTE1MTRaFw0zNzEwMjEw +OTE1MTRaMDoxGDAWBgNVBAoMD0RpcmFjIENvbXB1dGluZzENMAsGA1UECgwEQ0VS +TjEPMA0GA1UEAwwGTXJVc2VyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEAqfZnf9wK+a+qx8kfRlIaehzD2ix+6TKZJ+w9aBlh11b5cPfmIMOmTEXe8rD5 +G6WKofOKNBiQ4vX2tEv7psYpetMwQ9R5ks67RN/YGFkzEEO7jzYFtWsS2jbsdHVf +/2wejICPhABYP1sGaQbRWtcp690fZ97cM1c7AuN/fFZ9m3mAoop5Bc6p1hqWSXyZ +ce/0J+/SjtrLeWY8yvMx4ztR+8wQG+hXEAifnT77zwxeH7pPkwj3IFpRozimTmaP +g0wpwUJXUd8LpPnF6pBeZPMybJ4b4TfoddCXSF/wT7q9UfTKptcoLayFCLp+mNJI +KkKUzm/1CBMFkhenzSP7uhjhu3Swr6SXlz1pEW7B9FFyyghLd7FMEuDIAu8ULqLA +ATFR95p5ec3GbObV4OX4G1Up9f6vDle+qhwkQ81uWxebsaVWveUo38Hsl37dqxB9 +IxNOC/nTQu58l3KnLodMOweCmDnzHFrC5V96pYrKOaFj2Ijg6TO5maQHo0hfwiAC +FNIvYDb8AxNmDzOVAAZkd/Y0nbYeaO6/eNJzRiwJGKZMnXC3UpzRmIBenDTVMCjE +O1ZjsXe0hwjS0/sRytZHN1jWztnMuYftu3BLUQJQL0cmkWvPGjXKBd9kHhuYjtZu ++SEyLni+6VXJJCyR7/2kmlkq9UimB+RLA+EemW7Ik0oDI48CAwEAAaOBqDCBpTAJ +BgNVHRMEAjAAMB0GA1UdDgQWBBRKwv3rLMXxY6XyF2JDa52CbJoTJDAfBgNVHSME +GDAWgBQEwhevOGTghr8fyQBul28bu06HHzAOBgNVHQ8BAf8EBAMCBeAwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk +IENsaWVudCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAOe2uEU17UWOU +iDsZWLDVYC820sXcC19ijco9zNDVfCkKzPMKKPlEA56dY/Kt0cWAtiklPOiWEtKy +bsM7ayZ2FEiPdBSd9P8qHYFMlbsXcyib5QXpdHebcipu9ORzp+hlFvTA1fFErDn+ +nPW+xTCp19tdlrNywxDWXbB4KJZ/VxSVuT4lMZYn6wUOMFN/xj41evGqqQfJm+yT +feW3n2ClDCDbk3br/3KY8eCPLUllZfdJgnN24SWrS4S0tBuOZt+hTt7LISPSPIix +xXNsxLCXq7KsElIlzPPbMsdqDJ/lhDUoHPZZu9chi4t8F5JGkzcn1MOSmn5d74kx +SYD1QTgvX77t0A1E7G55NYiZJTSjoaIQiQwBNEak7Oz9QCh+5qHwR/Np4vo4+d4p +yuWxpzHHBuQrV6dDZ0mONBWx6gxpkFN42mt8EUd26faG7kebbeVoUt1VBTcp9HHH +DKQq9loodgGokarycFeJ8l+ZMM93YoPPVlsijG6Jmn+UrZNzwbi5JcE731qEurGY +U4kjpzpirauwCnOgSm7DwawNoilLFOSSh3/iZgDjMyhspGJ2FwXBlJm7wBWyS+0q +TnsekqTamuTDTAPJRhb2LPVFl0L8+frk1gkpw4KTCzGw4rKW++EUjS1i09sq2Dv6 +/fW/ybqxpROqmyLHbqEExj0/hPxPKPw= +-----END CERTIFICATE----- diff --git a/diracx-db/tests/proxy/data/certs/ca/newcerts/1002.pem b/diracx-db/tests/proxy/data/certs/ca/newcerts/1002.pem new file mode 100644 index 000000000..3b641d744 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/newcerts/1002.pem @@ -0,0 +1,134 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4098 (0x1002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=DIRAC Computing, CN=DIRAC Computing Signing Certification Authority + Validity + Not Before: Aug 22 09:18:17 2018 GMT + Not After : Oct 21 09:18:17 2037 GMT + Subject: O=Dirac Computing, O=CERN, CN=VOBox + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:e3:57:96:3a:01:02:3a:d6:76:47:cb:a8:63:af: + 53:33:88:51:5e:87:fc:f5:0d:d0:20:90:f7:e2:52: + 71:d0:2f:15:ad:bd:71:9c:73:8b:17:fe:d0:5c:0f: + ab:6f:34:a4:f3:24:2c:32:15:50:0c:2f:45:8d:4c: + 3f:f0:e3:cd:13:52:61:88:2e:54:6d:83:ed:7b:a9: + f4:96:7d:e0:af:0f:28:12:6c:63:48:35:7f:a5:6b: + 46:ae:12:a6:3b:bb:9a:17:b7:08:45:00:49:ea:05: + ef:ba:a7:3b:e0:7d:3a:73:87:c7:8e:b4:14:ab:aa: + 02:54:c0:cb:5a:23:cd:4f:e8:b4:27:e6:ea:c8:41: + b2:7b:86:0f:47:2a:1f:5d:01:7f:a6:47:f9:b0:c4: + 34:cf:a7:34:cf:e9:84:f9:a2:2a:97:13:98:51:68: + f0:0e:ea:26:de:18:67:6e:ca:98:45:88:0c:15:cc: + 05:76:07:95:1f:07:8b:4b:f0:2f:d2:7b:23:d7:ef: + ee:f4:5b:ea:5a:1c:3e:df:7c:96:87:2c:a1:50:8d: + d0:3d:ab:b1:07:44:66:e6:d3:af:3e:68:f4:66:34: + 22:ad:97:5a:6d:81:b6:2a:b9:59:a9:d0:38:8e:e6: + a3:92:ab:e2:d4:da:ff:16:e7:fc:bc:5b:be:43:6a: + 3c:aa:19:b2:6e:31:da:38:cc:c8:c2:bc:e6:9f:3a: + f1:c7:69:b3:9f:62:b3:87:70:8e:8c:34:9c:76:67: + ab:ff:1b:40:bb:98:c5:70:70:13:dc:b8:b9:2a:b6: + 26:b6:b8:f9:f3:c0:37:30:c5:52:f7:c0:af:ee:26: + 21:c7:c3:74:fa:a1:d9:8e:13:fe:8a:c5:83:3e:48: + 97:fd:c1:e0:5f:44:55:bf:7c:27:e4:59:87:c4:03: + 51:49:86:77:1f:0d:93:f3:c2:22:67:40:94:eb:46: + 5b:37:eb:ba:f0:9c:d2:c7:d1:59:2f:c4:32:ce:1d: + 8e:cb:86:5f:a3:d6:fc:1d:76:78:ce:35:8a:ca:54: + cb:6d:7f:52:1f:14:de:50:74:c5:f6:ad:1a:e4:2d: + 7d:a3:65:75:da:27:82:01:79:50:56:58:f5:66:5a: + 3f:1e:f3:dd:9d:87:61:69:cd:95:7c:f1:71:3b:db: + 2d:7b:61:1c:7e:b9:7e:f1:ff:be:a9:dc:9f:47:de: + f1:08:d0:b8:ff:e7:7a:b7:97:11:ff:5b:75:51:1a: + 76:da:73:bb:53:ee:4b:d5:a2:a7:94:69:77:38:01: + 08:88:17:6b:65:47:67:6d:8c:76:ce:00:0d:d2:97: + b2:82:c4:90:6f:69:df:32:ab:b6:12:9b:62:39:f2: + c4:0d:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Server Certificate + X509v3 Subject Key Identifier: + CB:42:51:C8:96:0A:29:92:78:B0:03:BC:B1:0A:9B:90:EB:C8:18:81 + X509v3 Authority Key Identifier: + keyid:04:C2:17:AF:38:64:E0:86:BF:1F:C9:00:6E:97:6F:1B:BB:4E:87:1F + DirName:/O=DIRAC Computing/CN=DIRAC Computing Signing Certification Authority + serial:AC:BC:D0:B9:2B:47:C5:D8 + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:VOBox, DNS:localhost + Signature Algorithm: sha256WithRSAEncryption + 1d:fc:23:38:6c:79:28:d4:2c:cf:34:65:d8:86:e8:69:58:68: + e8:81:18:84:60:94:12:49:a8:37:ac:96:18:5e:8b:db:a9:82: + 7d:f9:cb:3e:b8:46:a3:28:33:86:c5:59:26:9e:d2:01:42:30: + 63:40:75:5e:43:21:75:19:89:37:d9:21:12:aa:37:7e:73:38: + 46:6f:6c:05:3f:b7:91:e2:ef:4b:5e:77:70:cf:38:05:cc:e1: + 76:a0:86:71:46:83:6e:99:4c:1f:3a:67:a0:e9:87:7d:d0:24: + ba:8d:92:a5:3c:a1:a3:9f:97:51:13:e1:30:e8:8a:6a:68:95: + 02:34:33:cd:9d:6a:d3:e5:84:37:b6:12:4b:cf:8c:96:9c:94: + d5:ca:19:9d:24:5f:98:2a:b9:92:8a:a5:36:1e:f9:c8:ff:e0: + 4e:c0:1b:d9:80:41:30:7d:33:a5:d7:a7:1e:62:fc:4f:8d:2e: + 41:8b:8c:29:b4:e5:06:5d:6e:58:4b:98:9e:0c:8e:3d:a2:08: + 63:0e:2f:fc:f6:fd:b8:67:70:96:15:c9:c7:80:00:51:bf:7d: + 36:f6:62:4e:ae:5e:8f:f2:0d:a9:2a:dd:27:f2:ac:ea:52:cb: + 9f:db:73:2e:58:55:c6:86:3a:56:a1:ef:8a:69:07:6e:a5:6c: + ef:dc:25:60:0e:71:39:ba:ce:ba:0b:cd:0b:5e:a2:b2:43:89: + ff:7a:12:c4:89:8f:97:f1:18:a0:e7:49:17:20:f8:af:b6:b0: + 0d:dc:f8:6f:f7:f7:91:47:9f:5a:8a:45:19:5c:36:6f:f2:21: + 6c:92:ae:45:23:b5:b4:a4:64:70:a1:49:4e:6f:7e:3c:25:22: + ae:5a:71:5f:d7:b6:45:c9:a5:8e:cb:e2:c7:10:d0:07:85:0c: + a7:48:85:b5:f1:f1:a8:d5:c0:1a:d4:fc:6c:f2:32:6c:3b:fa: + 9d:0f:56:fc:cd:15:94:a7:d3:4e:83:eb:32:3a:0d:1c:14:70: + fa:7f:35:13:62:d6:8c:6b:9f:3b:f5:5d:56:7f:32:d8:96:14: + d6:60:cf:e9:a7:aa:96:a4:39:40:2c:08:6b:7d:62:21:25:54: + 56:a7:99:2e:e2:32:4a:a1:a1:bb:79:e1:49:45:5e:17:dd:f8: + 54:32:44:8d:a4:4a:b5:bc:90:bf:1e:22:cd:f7:75:98:09:65: + 34:ff:29:2b:06:f1:ef:3c:dc:84:81:6f:9c:c3:78:de:3b:a7: + 18:d4:e6:91:7f:ba:19:36:fd:e0:58:d4:4c:04:7a:fa:58:75: + 03:e8:91:8d:11:1e:26:b5:c6:4a:41:28:e3:d1:63:40:6b:48: + 60:9d:11:44:f9:fa:27:2d +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwVDEYMBYGA1UECgwPRElS +QUMgQ29tcHV0aW5nMTgwNgYDVQQDDC9ESVJBQyBDb21wdXRpbmcgU2lnbmluZyBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xODA4MjIwOTE4MTdaFw0zNzEwMjEw +OTE4MTdaMDkxGDAWBgNVBAoMD0RpcmFjIENvbXB1dGluZzENMAsGA1UECgwEQ0VS +TjEOMAwGA1UEAwwFVk9Cb3gwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDjV5Y6AQI61nZHy6hjr1MziFFeh/z1DdAgkPfiUnHQLxWtvXGcc4sX/tBcD6tv +NKTzJCwyFVAML0WNTD/w480TUmGILlRtg+17qfSWfeCvDygSbGNINX+la0auEqY7 +u5oXtwhFAEnqBe+6pzvgfTpzh8eOtBSrqgJUwMtaI81P6LQn5urIQbJ7hg9HKh9d +AX+mR/mwxDTPpzTP6YT5oiqXE5hRaPAO6ibeGGduyphFiAwVzAV2B5UfB4tL8C/S +eyPX7+70W+paHD7ffJaHLKFQjdA9q7EHRGbm068+aPRmNCKtl1ptgbYquVmp0DiO +5qOSq+LU2v8W5/y8W75DajyqGbJuMdo4zMjCvOafOvHHabOfYrOHcI6MNJx2Z6v/ +G0C7mMVwcBPcuLkqtia2uPnzwDcwxVL3wK/uJiHHw3T6odmOE/6KxYM+SJf9weBf +RFW/fCfkWYfEA1FJhncfDZPzwiJnQJTrRls367rwnNLH0VkvxDLOHY7Lhl+j1vwd +dnjONYrKVMttf1IfFN5QdMX2rRrkLX2jZXXaJ4IBeVBWWPVmWj8e892dh2FpzZV8 +8XE72y17YRx+uX7x/76p3J9H3vEI0Lj/53q3lxH/W3VRGnbac7tT7kvVoqeUaXc4 +AQiIF2tlR2dtjHbOAA3Sl7KCxJBvad8yq7YSm2I58sQN1wIDAQABo4IBNjCCATIw +CQYDVR0TBAIwADAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2Vy +dmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBTLQlHIlgopkniwA7yxCpuQ68gYgTCB +hAYDVR0jBH0we4AUBMIXrzhk4Ia/H8kAbpdvG7tOhx+hWKRWMFQxGDAWBgNVBAoM +D0RJUkFDIENvbXB1dGluZzE4MDYGA1UEAwwvRElSQUMgQ29tcHV0aW5nIFNpZ25p +bmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCCQCsvNC5K0fF2DAOBgNVHQ8BAf8E +BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdEQQUMBKC +BVZPQm94gglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggIBAB38IzhseSjULM80 +ZdiG6GlYaOiBGIRglBJJqDeslhhei9upgn35yz64RqMoM4bFWSae0gFCMGNAdV5D +IXUZiTfZIRKqN35zOEZvbAU/t5Hi70ted3DPOAXM4XaghnFGg26ZTB86Z6Dph33Q +JLqNkqU8oaOfl1ET4TDoimpolQI0M82datPlhDe2EkvPjJaclNXKGZ0kX5gquZKK +pTYe+cj/4E7AG9mAQTB9M6XXpx5i/E+NLkGLjCm05QZdblhLmJ4Mjj2iCGMOL/z2 +/bhncJYVyceAAFG/fTb2Yk6uXo/yDakq3SfyrOpSy5/bcy5YVcaGOlah74ppB26l +bO/cJWAOcTm6zroLzQteorJDif96EsSJj5fxGKDnSRcg+K+2sA3c+G/395FHn1qK +RRlcNm/yIWySrkUjtbSkZHChSU5vfjwlIq5acV/XtkXJpY7L4scQ0AeFDKdIhbXx +8ajVwBrU/GzyMmw7+p0PVvzNFZSn006D6zI6DRwUcPp/NRNi1oxrnzv1XVZ/MtiW +FNZgz+mnqpakOUAsCGt9YiElVFanmS7iMkqhobt54UlFXhfd+FQyRI2kSrW8kL8e +Is33dZgJZTT/KSsG8e883ISBb5zDeN47pxjU5pF/uhk2/eBY1EwEevpYdQPokY0R +Hia1xkpBKOPRY0BrSGCdEUT5+ict +-----END CERTIFICATE----- diff --git a/diracx-db/tests/proxy/data/certs/ca/openssl_config_ca.cnf b/diracx-db/tests/proxy/data/certs/ca/openssl_config_ca.cnf new file mode 100644 index 000000000..53782e2d2 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/openssl_config_ca.cnf @@ -0,0 +1,109 @@ +# OpenSSL root CA configuration file + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +# EDIT HERE +dir = /home/chaen/dirac/DIRAC/Core/Security/test/certs/ca #PUT THE RIGHT DIR HERE! +####### +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/ca.key.pem +certificate = $dir/ca.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/ca.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_loose + +# This option is dangerous, but allows to +# set subjectAlternativeName on the Request +# `man ca` is your friend +copy_extensions=copy + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only +prompt = no + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +# EDIT HERE OPTIONALLY +O = DIRAC Computing +CN = DIRAC Computing Signing Certification Authority +######## + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth + + +# Whatever is in the request will be copied, unless it is already defined. +# So we have some double definitions here with the other ssl config files, +# but that's allright. The basicConstraints = CA:FALSE is a protection that MUST stay +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +# Our servers need both serverAuth and clientAuth +extendedKeyUsage = serverAuth,clientAuth diff --git a/diracx-db/tests/proxy/data/certs/ca/serial b/diracx-db/tests/proxy/data/certs/ca/serial new file mode 100644 index 000000000..baccd0398 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/serial @@ -0,0 +1 @@ +1003 diff --git a/diracx-db/tests/proxy/data/certs/ca/serial.old b/diracx-db/tests/proxy/data/certs/ca/serial.old new file mode 100644 index 000000000..7d802a3e7 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/ca/serial.old @@ -0,0 +1 @@ +1002 diff --git a/diracx-db/tests/proxy/data/certs/host/hostcert.pem b/diracx-db/tests/proxy/data/certs/host/hostcert.pem new file mode 100644 index 000000000..3b641d744 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/host/hostcert.pem @@ -0,0 +1,134 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4098 (0x1002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=DIRAC Computing, CN=DIRAC Computing Signing Certification Authority + Validity + Not Before: Aug 22 09:18:17 2018 GMT + Not After : Oct 21 09:18:17 2037 GMT + Subject: O=Dirac Computing, O=CERN, CN=VOBox + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:e3:57:96:3a:01:02:3a:d6:76:47:cb:a8:63:af: + 53:33:88:51:5e:87:fc:f5:0d:d0:20:90:f7:e2:52: + 71:d0:2f:15:ad:bd:71:9c:73:8b:17:fe:d0:5c:0f: + ab:6f:34:a4:f3:24:2c:32:15:50:0c:2f:45:8d:4c: + 3f:f0:e3:cd:13:52:61:88:2e:54:6d:83:ed:7b:a9: + f4:96:7d:e0:af:0f:28:12:6c:63:48:35:7f:a5:6b: + 46:ae:12:a6:3b:bb:9a:17:b7:08:45:00:49:ea:05: + ef:ba:a7:3b:e0:7d:3a:73:87:c7:8e:b4:14:ab:aa: + 02:54:c0:cb:5a:23:cd:4f:e8:b4:27:e6:ea:c8:41: + b2:7b:86:0f:47:2a:1f:5d:01:7f:a6:47:f9:b0:c4: + 34:cf:a7:34:cf:e9:84:f9:a2:2a:97:13:98:51:68: + f0:0e:ea:26:de:18:67:6e:ca:98:45:88:0c:15:cc: + 05:76:07:95:1f:07:8b:4b:f0:2f:d2:7b:23:d7:ef: + ee:f4:5b:ea:5a:1c:3e:df:7c:96:87:2c:a1:50:8d: + d0:3d:ab:b1:07:44:66:e6:d3:af:3e:68:f4:66:34: + 22:ad:97:5a:6d:81:b6:2a:b9:59:a9:d0:38:8e:e6: + a3:92:ab:e2:d4:da:ff:16:e7:fc:bc:5b:be:43:6a: + 3c:aa:19:b2:6e:31:da:38:cc:c8:c2:bc:e6:9f:3a: + f1:c7:69:b3:9f:62:b3:87:70:8e:8c:34:9c:76:67: + ab:ff:1b:40:bb:98:c5:70:70:13:dc:b8:b9:2a:b6: + 26:b6:b8:f9:f3:c0:37:30:c5:52:f7:c0:af:ee:26: + 21:c7:c3:74:fa:a1:d9:8e:13:fe:8a:c5:83:3e:48: + 97:fd:c1:e0:5f:44:55:bf:7c:27:e4:59:87:c4:03: + 51:49:86:77:1f:0d:93:f3:c2:22:67:40:94:eb:46: + 5b:37:eb:ba:f0:9c:d2:c7:d1:59:2f:c4:32:ce:1d: + 8e:cb:86:5f:a3:d6:fc:1d:76:78:ce:35:8a:ca:54: + cb:6d:7f:52:1f:14:de:50:74:c5:f6:ad:1a:e4:2d: + 7d:a3:65:75:da:27:82:01:79:50:56:58:f5:66:5a: + 3f:1e:f3:dd:9d:87:61:69:cd:95:7c:f1:71:3b:db: + 2d:7b:61:1c:7e:b9:7e:f1:ff:be:a9:dc:9f:47:de: + f1:08:d0:b8:ff:e7:7a:b7:97:11:ff:5b:75:51:1a: + 76:da:73:bb:53:ee:4b:d5:a2:a7:94:69:77:38:01: + 08:88:17:6b:65:47:67:6d:8c:76:ce:00:0d:d2:97: + b2:82:c4:90:6f:69:df:32:ab:b6:12:9b:62:39:f2: + c4:0d:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Server Certificate + X509v3 Subject Key Identifier: + CB:42:51:C8:96:0A:29:92:78:B0:03:BC:B1:0A:9B:90:EB:C8:18:81 + X509v3 Authority Key Identifier: + keyid:04:C2:17:AF:38:64:E0:86:BF:1F:C9:00:6E:97:6F:1B:BB:4E:87:1F + DirName:/O=DIRAC Computing/CN=DIRAC Computing Signing Certification Authority + serial:AC:BC:D0:B9:2B:47:C5:D8 + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + X509v3 Subject Alternative Name: + DNS:VOBox, DNS:localhost + Signature Algorithm: sha256WithRSAEncryption + 1d:fc:23:38:6c:79:28:d4:2c:cf:34:65:d8:86:e8:69:58:68: + e8:81:18:84:60:94:12:49:a8:37:ac:96:18:5e:8b:db:a9:82: + 7d:f9:cb:3e:b8:46:a3:28:33:86:c5:59:26:9e:d2:01:42:30: + 63:40:75:5e:43:21:75:19:89:37:d9:21:12:aa:37:7e:73:38: + 46:6f:6c:05:3f:b7:91:e2:ef:4b:5e:77:70:cf:38:05:cc:e1: + 76:a0:86:71:46:83:6e:99:4c:1f:3a:67:a0:e9:87:7d:d0:24: + ba:8d:92:a5:3c:a1:a3:9f:97:51:13:e1:30:e8:8a:6a:68:95: + 02:34:33:cd:9d:6a:d3:e5:84:37:b6:12:4b:cf:8c:96:9c:94: + d5:ca:19:9d:24:5f:98:2a:b9:92:8a:a5:36:1e:f9:c8:ff:e0: + 4e:c0:1b:d9:80:41:30:7d:33:a5:d7:a7:1e:62:fc:4f:8d:2e: + 41:8b:8c:29:b4:e5:06:5d:6e:58:4b:98:9e:0c:8e:3d:a2:08: + 63:0e:2f:fc:f6:fd:b8:67:70:96:15:c9:c7:80:00:51:bf:7d: + 36:f6:62:4e:ae:5e:8f:f2:0d:a9:2a:dd:27:f2:ac:ea:52:cb: + 9f:db:73:2e:58:55:c6:86:3a:56:a1:ef:8a:69:07:6e:a5:6c: + ef:dc:25:60:0e:71:39:ba:ce:ba:0b:cd:0b:5e:a2:b2:43:89: + ff:7a:12:c4:89:8f:97:f1:18:a0:e7:49:17:20:f8:af:b6:b0: + 0d:dc:f8:6f:f7:f7:91:47:9f:5a:8a:45:19:5c:36:6f:f2:21: + 6c:92:ae:45:23:b5:b4:a4:64:70:a1:49:4e:6f:7e:3c:25:22: + ae:5a:71:5f:d7:b6:45:c9:a5:8e:cb:e2:c7:10:d0:07:85:0c: + a7:48:85:b5:f1:f1:a8:d5:c0:1a:d4:fc:6c:f2:32:6c:3b:fa: + 9d:0f:56:fc:cd:15:94:a7:d3:4e:83:eb:32:3a:0d:1c:14:70: + fa:7f:35:13:62:d6:8c:6b:9f:3b:f5:5d:56:7f:32:d8:96:14: + d6:60:cf:e9:a7:aa:96:a4:39:40:2c:08:6b:7d:62:21:25:54: + 56:a7:99:2e:e2:32:4a:a1:a1:bb:79:e1:49:45:5e:17:dd:f8: + 54:32:44:8d:a4:4a:b5:bc:90:bf:1e:22:cd:f7:75:98:09:65: + 34:ff:29:2b:06:f1:ef:3c:dc:84:81:6f:9c:c3:78:de:3b:a7: + 18:d4:e6:91:7f:ba:19:36:fd:e0:58:d4:4c:04:7a:fa:58:75: + 03:e8:91:8d:11:1e:26:b5:c6:4a:41:28:e3:d1:63:40:6b:48: + 60:9d:11:44:f9:fa:27:2d +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwVDEYMBYGA1UECgwPRElS +QUMgQ29tcHV0aW5nMTgwNgYDVQQDDC9ESVJBQyBDb21wdXRpbmcgU2lnbmluZyBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xODA4MjIwOTE4MTdaFw0zNzEwMjEw +OTE4MTdaMDkxGDAWBgNVBAoMD0RpcmFjIENvbXB1dGluZzENMAsGA1UECgwEQ0VS +TjEOMAwGA1UEAwwFVk9Cb3gwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDjV5Y6AQI61nZHy6hjr1MziFFeh/z1DdAgkPfiUnHQLxWtvXGcc4sX/tBcD6tv +NKTzJCwyFVAML0WNTD/w480TUmGILlRtg+17qfSWfeCvDygSbGNINX+la0auEqY7 +u5oXtwhFAEnqBe+6pzvgfTpzh8eOtBSrqgJUwMtaI81P6LQn5urIQbJ7hg9HKh9d +AX+mR/mwxDTPpzTP6YT5oiqXE5hRaPAO6ibeGGduyphFiAwVzAV2B5UfB4tL8C/S +eyPX7+70W+paHD7ffJaHLKFQjdA9q7EHRGbm068+aPRmNCKtl1ptgbYquVmp0DiO +5qOSq+LU2v8W5/y8W75DajyqGbJuMdo4zMjCvOafOvHHabOfYrOHcI6MNJx2Z6v/ +G0C7mMVwcBPcuLkqtia2uPnzwDcwxVL3wK/uJiHHw3T6odmOE/6KxYM+SJf9weBf +RFW/fCfkWYfEA1FJhncfDZPzwiJnQJTrRls367rwnNLH0VkvxDLOHY7Lhl+j1vwd +dnjONYrKVMttf1IfFN5QdMX2rRrkLX2jZXXaJ4IBeVBWWPVmWj8e892dh2FpzZV8 +8XE72y17YRx+uX7x/76p3J9H3vEI0Lj/53q3lxH/W3VRGnbac7tT7kvVoqeUaXc4 +AQiIF2tlR2dtjHbOAA3Sl7KCxJBvad8yq7YSm2I58sQN1wIDAQABo4IBNjCCATIw +CQYDVR0TBAIwADAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2Vy +dmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBTLQlHIlgopkniwA7yxCpuQ68gYgTCB +hAYDVR0jBH0we4AUBMIXrzhk4Ia/H8kAbpdvG7tOhx+hWKRWMFQxGDAWBgNVBAoM +D0RJUkFDIENvbXB1dGluZzE4MDYGA1UEAwwvRElSQUMgQ29tcHV0aW5nIFNpZ25p +bmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCCQCsvNC5K0fF2DAOBgNVHQ8BAf8E +BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdEQQUMBKC +BVZPQm94gglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggIBAB38IzhseSjULM80 +ZdiG6GlYaOiBGIRglBJJqDeslhhei9upgn35yz64RqMoM4bFWSae0gFCMGNAdV5D +IXUZiTfZIRKqN35zOEZvbAU/t5Hi70ted3DPOAXM4XaghnFGg26ZTB86Z6Dph33Q +JLqNkqU8oaOfl1ET4TDoimpolQI0M82datPlhDe2EkvPjJaclNXKGZ0kX5gquZKK +pTYe+cj/4E7AG9mAQTB9M6XXpx5i/E+NLkGLjCm05QZdblhLmJ4Mjj2iCGMOL/z2 +/bhncJYVyceAAFG/fTb2Yk6uXo/yDakq3SfyrOpSy5/bcy5YVcaGOlah74ppB26l +bO/cJWAOcTm6zroLzQteorJDif96EsSJj5fxGKDnSRcg+K+2sA3c+G/395FHn1qK +RRlcNm/yIWySrkUjtbSkZHChSU5vfjwlIq5acV/XtkXJpY7L4scQ0AeFDKdIhbXx +8ajVwBrU/GzyMmw7+p0PVvzNFZSn006D6zI6DRwUcPp/NRNi1oxrnzv1XVZ/MtiW +FNZgz+mnqpakOUAsCGt9YiElVFanmS7iMkqhobt54UlFXhfd+FQyRI2kSrW8kL8e +Is33dZgJZTT/KSsG8e883ISBb5zDeN47pxjU5pF/uhk2/eBY1EwEevpYdQPokY0R +Hia1xkpBKOPRY0BrSGCdEUT5+ict +-----END CERTIFICATE----- diff --git a/diracx-db/tests/proxy/data/certs/host/hostkey.pem b/diracx-db/tests/proxy/data/certs/host/hostkey.pem new file mode 100644 index 000000000..66da4ef2a --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/host/hostkey.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEA41eWOgECOtZ2R8uoY69TM4hRXof89Q3QIJD34lJx0C8Vrb1x +nHOLF/7QXA+rbzSk8yQsMhVQDC9FjUw/8OPNE1JhiC5UbYPte6n0ln3grw8oEmxj +SDV/pWtGrhKmO7uaF7cIRQBJ6gXvuqc74H06c4fHjrQUq6oCVMDLWiPNT+i0J+bq +yEGye4YPRyofXQF/pkf5sMQ0z6c0z+mE+aIqlxOYUWjwDuom3hhnbsqYRYgMFcwF +dgeVHweLS/Av0nsj1+/u9FvqWhw+33yWhyyhUI3QPauxB0Rm5tOvPmj0ZjQirZda +bYG2KrlZqdA4juajkqvi1Nr/Fuf8vFu+Q2o8qhmybjHaOMzIwrzmnzrxx2mzn2Kz +h3COjDScdmer/xtAu5jFcHAT3Li5KrYmtrj588A3MMVS98Cv7iYhx8N0+qHZjhP+ +isWDPkiX/cHgX0RVv3wn5FmHxANRSYZ3Hw2T88IiZ0CU60ZbN+u68JzSx9FZL8Qy +zh2Oy4Zfo9b8HXZ4zjWKylTLbX9SHxTeUHTF9q0a5C19o2V12ieCAXlQVlj1Zlo/ +HvPdnYdhac2VfPFxO9ste2Ecfrl+8f++qdyfR97xCNC4/+d6t5cR/1t1URp22nO7 +U+5L1aKnlGl3OAEIiBdrZUdnbYx2zgAN0peygsSQb2nfMqu2EptiOfLEDdcCAwEA +AQKCAgALVwIaUJSQ5MOvnxv+JO+sgV81rOjUPGUmSrTiqCQfM0oMiYeSOz0z7DTu +cqWlfWXA7wv5T5DXmsAIZUZHOMWw8goFZfI2KD9/TKHzo8HCWaoxCREGuAxu7uPu +qOV700bDahDSiEonjzY/BDp7XyO8QYiVuKvTSD6nhZpfG6wREVVzLBSH+qbxfGVk +slgwJnP8kliFFbRgq0F6IXbNkOY49PRDE03uIIXhzCvUnexsg3W+3JdlJMmua4zq +M8fe4t+N1N0BeVg+OGx2b1t+0J4XS4uYl+jTqPjNCMAUB94w/ua/6+3Jyo+QoAA1 +9Tns/ton5cUBww64UMgNiTH7YOA3r8brOj7DVHLGn4SLF5Sz9Wcenatbt7AVMNbN +UzGkj/IOtdbcosKzaomgkflgHe9OUBBln6eHXUXLgdgb1ejQ0G/GfgPb06phFvsq +kHbY4vVZR9F3DxLvKsI3ksOiKxO1FXVv+h1in0S6FfpGo2cD5Bx30ve/90+I1j7d +3WaxMk9092Z6PYS2zRVF3w77wKozjz5DoEjI1Jf/die0jrv34jx45eJJcZkqxtDh +O/QilFNwu2vCHfNQGBSoK/t1zVL8CWYI7yrB1w5KJGvP8tWGHjBJh+3Q+MtNoXdO +eZmH0yL2FnQyH2kHMb5wj71ex1IaWyTM78e4b3ssbB6UTEYJOQKCAQEA/6HneXJe +ZsL7d0HHpwYb8IM89rjqHLONjD876e+0Qp+XLq/NKQU4Hs9RmRZ1gWRLtcoMCrLu +5fREvrM5QDLN+8g9C2zQC01RzUHWxyme08s2NbxUF8sO99Ab8ihlS50Zvv8Llpyb +kgzxqJgEzqJ/iCwyuabNTYmC6b2wUaIAHZPpZaSJP7EbqEwlZWPQWH3f10oh8lBL +Vc6ugrRu+Rqqu/zBhCpdcVQ8l4qfduvija9gjevv9JcHVVFVigiaY6w+2JOAcDs3 +hiiCLHTSGhvn5eTvVDXv5429Po6DONe+y39aGmgY4x8KaovavAe/LndPyZfsRRgd +Rzgax1e5+dsPMwKCAQEA46tE7QgcjhwXcJ+0P+iSzAlOO+XU7NAygYWz38ivRg9u +gUxXHDHKfDrkV+EuthpL6uO7PVCgFt0eMdGRQJCB6PpMbfR+EsPDz1g5VUm2+qn/ +qzoUj5RHlvJ3+gSR63qjGlsU586/o3EEWODvRryr92P31qjnv4k6ECpIY7Z5rRsk +VXbEVSpFK1vi8v6MWscXvXlzpFEzneFF8cUjG4nOhieex0QHw6TWK54WyJOiV2Hr +rgKyXhQRZifL3dDcHffcv7kNfZGsW/xdJJtsyyPtkvtY+iOqdXQOxtqAPiueHq+I +4BgBeoLqtRf0lTzueOceNWD5MRlzRasBM+TgssuWzQKCAQAyaD+XsBizVMF3W649 +3jOGMqrDz+TCMhm4TQPIdm7qMEQEfcAL1a6iTKk/cbFMCXXwa94CAhSfnZIstHSW +ly4M9wgqh5NilyWJPvFWJnveMZUH9ZHzeyQBc7T/BD4tMdZQ1kP3t/vpScohP5C7 +GknhlS2PdDfJkVMSOkhZYIN7UZ5VX6N8vrTAc/tvycXcnT2VW1XkTTb9vZqlxWSY +lEyUcxvJrvzsCvtDup8FOTBcVffJJHwVk+5rQXWHmXiwLNfbpwJNny+ssbIxh/ui +EFyi9YjH5zbeRxHJExsHC2vg/sTKrjoyFv3b0qYYK8LkK7y8+MsrOL0VPRfytPbE +MREHAoIBAQDMRbV4P5jvYQEfCgw+czyTWZ4aXCLpv/ww/nffyD6LS/lIheh64ane +QTD0MJUqyvlm7aHoZ9jb6tXWuUPsfDwzf7Dnz0D3MTMVbQE0JwnIapN9XIVqNg7t +vuwrJcKPV9/UG/jr7DNCQHs4C8pk25AoTkfnEHGvBz9TlbyRyv3tdbbp/8A08dJS +DwXYJNBl+tCwLrK1si3v8FpDjS/s2360HAR4oe+deN65EAU9PkmgwbkmzkCf7L2X +vQlMIsP9F5G3bCBQlE3j0tD3sYSx17Cn+mFhPnMJI3LGtPHv1k7vFWxoNOHOvHw+ +tBm9dYg6bpRKLJIpnb4xujdACpIZmlXZAoIBAQCQuQcn45OUjBWx+LiD9sknEACd +5cKzbMToJ55ugubwDVqjBLF8h/kHLJWsA3RlJm9BP+3mmKMYLBKvDlD5bmTVRYAN +zvYmX8hePRt+j7yhkQR7R5IhPZ9d53POSrK3uoWjRzuAW6KIzaLzzBdG6r7HgKFk +z2gmI5LQXKgdSPGPxMwKTfs7mUFgkL4QS6v3GYuYzsBAm0dizHm7Yedtf+Av49hN +0rMvubkzJQxUIdMmGZ2kvDmnnENB3KkZNBi+wCN93zwQTw+2/z7XPBx3ngdBetb8 +yBNmTiRMCw7R6kK+X2bO0J/WojezXAq3qx2K9M3YCF07fsbrPURhpmYtZn4y +-----END RSA PRIVATE KEY----- diff --git a/diracx-db/tests/proxy/data/certs/host/hostkey.pem.bak b/diracx-db/tests/proxy/data/certs/host/hostkey.pem.bak new file mode 100644 index 000000000..66da4ef2a --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/host/hostkey.pem.bak @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEA41eWOgECOtZ2R8uoY69TM4hRXof89Q3QIJD34lJx0C8Vrb1x +nHOLF/7QXA+rbzSk8yQsMhVQDC9FjUw/8OPNE1JhiC5UbYPte6n0ln3grw8oEmxj +SDV/pWtGrhKmO7uaF7cIRQBJ6gXvuqc74H06c4fHjrQUq6oCVMDLWiPNT+i0J+bq +yEGye4YPRyofXQF/pkf5sMQ0z6c0z+mE+aIqlxOYUWjwDuom3hhnbsqYRYgMFcwF +dgeVHweLS/Av0nsj1+/u9FvqWhw+33yWhyyhUI3QPauxB0Rm5tOvPmj0ZjQirZda +bYG2KrlZqdA4juajkqvi1Nr/Fuf8vFu+Q2o8qhmybjHaOMzIwrzmnzrxx2mzn2Kz +h3COjDScdmer/xtAu5jFcHAT3Li5KrYmtrj588A3MMVS98Cv7iYhx8N0+qHZjhP+ +isWDPkiX/cHgX0RVv3wn5FmHxANRSYZ3Hw2T88IiZ0CU60ZbN+u68JzSx9FZL8Qy +zh2Oy4Zfo9b8HXZ4zjWKylTLbX9SHxTeUHTF9q0a5C19o2V12ieCAXlQVlj1Zlo/ +HvPdnYdhac2VfPFxO9ste2Ecfrl+8f++qdyfR97xCNC4/+d6t5cR/1t1URp22nO7 +U+5L1aKnlGl3OAEIiBdrZUdnbYx2zgAN0peygsSQb2nfMqu2EptiOfLEDdcCAwEA +AQKCAgALVwIaUJSQ5MOvnxv+JO+sgV81rOjUPGUmSrTiqCQfM0oMiYeSOz0z7DTu +cqWlfWXA7wv5T5DXmsAIZUZHOMWw8goFZfI2KD9/TKHzo8HCWaoxCREGuAxu7uPu +qOV700bDahDSiEonjzY/BDp7XyO8QYiVuKvTSD6nhZpfG6wREVVzLBSH+qbxfGVk +slgwJnP8kliFFbRgq0F6IXbNkOY49PRDE03uIIXhzCvUnexsg3W+3JdlJMmua4zq +M8fe4t+N1N0BeVg+OGx2b1t+0J4XS4uYl+jTqPjNCMAUB94w/ua/6+3Jyo+QoAA1 +9Tns/ton5cUBww64UMgNiTH7YOA3r8brOj7DVHLGn4SLF5Sz9Wcenatbt7AVMNbN +UzGkj/IOtdbcosKzaomgkflgHe9OUBBln6eHXUXLgdgb1ejQ0G/GfgPb06phFvsq +kHbY4vVZR9F3DxLvKsI3ksOiKxO1FXVv+h1in0S6FfpGo2cD5Bx30ve/90+I1j7d +3WaxMk9092Z6PYS2zRVF3w77wKozjz5DoEjI1Jf/die0jrv34jx45eJJcZkqxtDh +O/QilFNwu2vCHfNQGBSoK/t1zVL8CWYI7yrB1w5KJGvP8tWGHjBJh+3Q+MtNoXdO +eZmH0yL2FnQyH2kHMb5wj71ex1IaWyTM78e4b3ssbB6UTEYJOQKCAQEA/6HneXJe +ZsL7d0HHpwYb8IM89rjqHLONjD876e+0Qp+XLq/NKQU4Hs9RmRZ1gWRLtcoMCrLu +5fREvrM5QDLN+8g9C2zQC01RzUHWxyme08s2NbxUF8sO99Ab8ihlS50Zvv8Llpyb +kgzxqJgEzqJ/iCwyuabNTYmC6b2wUaIAHZPpZaSJP7EbqEwlZWPQWH3f10oh8lBL +Vc6ugrRu+Rqqu/zBhCpdcVQ8l4qfduvija9gjevv9JcHVVFVigiaY6w+2JOAcDs3 +hiiCLHTSGhvn5eTvVDXv5429Po6DONe+y39aGmgY4x8KaovavAe/LndPyZfsRRgd +Rzgax1e5+dsPMwKCAQEA46tE7QgcjhwXcJ+0P+iSzAlOO+XU7NAygYWz38ivRg9u +gUxXHDHKfDrkV+EuthpL6uO7PVCgFt0eMdGRQJCB6PpMbfR+EsPDz1g5VUm2+qn/ +qzoUj5RHlvJ3+gSR63qjGlsU586/o3EEWODvRryr92P31qjnv4k6ECpIY7Z5rRsk +VXbEVSpFK1vi8v6MWscXvXlzpFEzneFF8cUjG4nOhieex0QHw6TWK54WyJOiV2Hr +rgKyXhQRZifL3dDcHffcv7kNfZGsW/xdJJtsyyPtkvtY+iOqdXQOxtqAPiueHq+I +4BgBeoLqtRf0lTzueOceNWD5MRlzRasBM+TgssuWzQKCAQAyaD+XsBizVMF3W649 +3jOGMqrDz+TCMhm4TQPIdm7qMEQEfcAL1a6iTKk/cbFMCXXwa94CAhSfnZIstHSW +ly4M9wgqh5NilyWJPvFWJnveMZUH9ZHzeyQBc7T/BD4tMdZQ1kP3t/vpScohP5C7 +GknhlS2PdDfJkVMSOkhZYIN7UZ5VX6N8vrTAc/tvycXcnT2VW1XkTTb9vZqlxWSY +lEyUcxvJrvzsCvtDup8FOTBcVffJJHwVk+5rQXWHmXiwLNfbpwJNny+ssbIxh/ui +EFyi9YjH5zbeRxHJExsHC2vg/sTKrjoyFv3b0qYYK8LkK7y8+MsrOL0VPRfytPbE +MREHAoIBAQDMRbV4P5jvYQEfCgw+czyTWZ4aXCLpv/ww/nffyD6LS/lIheh64ane +QTD0MJUqyvlm7aHoZ9jb6tXWuUPsfDwzf7Dnz0D3MTMVbQE0JwnIapN9XIVqNg7t +vuwrJcKPV9/UG/jr7DNCQHs4C8pk25AoTkfnEHGvBz9TlbyRyv3tdbbp/8A08dJS +DwXYJNBl+tCwLrK1si3v8FpDjS/s2360HAR4oe+deN65EAU9PkmgwbkmzkCf7L2X +vQlMIsP9F5G3bCBQlE3j0tD3sYSx17Cn+mFhPnMJI3LGtPHv1k7vFWxoNOHOvHw+ +tBm9dYg6bpRKLJIpnb4xujdACpIZmlXZAoIBAQCQuQcn45OUjBWx+LiD9sknEACd +5cKzbMToJ55ugubwDVqjBLF8h/kHLJWsA3RlJm9BP+3mmKMYLBKvDlD5bmTVRYAN +zvYmX8hePRt+j7yhkQR7R5IhPZ9d53POSrK3uoWjRzuAW6KIzaLzzBdG6r7HgKFk +z2gmI5LQXKgdSPGPxMwKTfs7mUFgkL4QS6v3GYuYzsBAm0dizHm7Yedtf+Av49hN +0rMvubkzJQxUIdMmGZ2kvDmnnENB3KkZNBi+wCN93zwQTw+2/z7XPBx3ngdBetb8 +yBNmTiRMCw7R6kK+X2bO0J/WojezXAq3qx2K9M3YCF07fsbrPURhpmYtZn4y +-----END RSA PRIVATE KEY----- diff --git a/diracx-db/tests/proxy/data/certs/host/openssl_config_host.cnf b/diracx-db/tests/proxy/data/certs/host/openssl_config_host.cnf new file mode 100644 index 000000000..72f6eca5f --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/host/openssl_config_host.cnf @@ -0,0 +1,39 @@ +# OpenSSL root CA configuration file + + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only +prompt = no +encrypt_key = yes + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add in the request +req_extensions = v3_req + +[ req_distinguished_name ] +# CAUTION the name also needs to be in the alt_names as per RFC (don't remember the number) +# See . +O = Dirac Computing +0.O = CERN # Adapt here to your institute +CN = VOBox + + +[ v3_req ] +# Extensions to ask for the cert (`man x509v3_config`). +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth,clientAuth +subjectKeyIdentifier = hash +subjectAltName = @alt_names + + + + + +[ alt_names ] +DNS.1 = VOBox +DNS.2 = localhost diff --git a/diracx-db/tests/proxy/data/certs/host/request.csr.pem b/diracx-db/tests/proxy/data/certs/host/request.csr.pem new file mode 100644 index 000000000..5874dd8ca --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/host/request.csr.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIE+jCCAuICAQAwOTEYMBYGA1UECgwPRGlyYWMgQ29tcHV0aW5nMQ0wCwYDVQQK +DARDRVJOMQ4wDAYDVQQDDAVWT0JveDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBAONXljoBAjrWdkfLqGOvUzOIUV6H/PUN0CCQ9+JScdAvFa29cZxzixf+ +0FwPq280pPMkLDIVUAwvRY1MP/DjzRNSYYguVG2D7Xup9JZ94K8PKBJsY0g1f6Vr +Rq4Spju7mhe3CEUASeoF77qnO+B9OnOHx460FKuqAlTAy1ojzU/otCfm6shBsnuG +D0cqH10Bf6ZH+bDENM+nNM/phPmiKpcTmFFo8A7qJt4YZ27KmEWIDBXMBXYHlR8H +i0vwL9J7I9fv7vRb6locPt98locsoVCN0D2rsQdEZubTrz5o9GY0Iq2XWm2Btiq5 +WanQOI7mo5Kr4tTa/xbn/LxbvkNqPKoZsm4x2jjMyMK85p868cdps59is4dwjow0 +nHZnq/8bQLuYxXBwE9y4uSq2Jra4+fPANzDFUvfAr+4mIcfDdPqh2Y4T/orFgz5I +l/3B4F9EVb98J+RZh8QDUUmGdx8Nk/PCImdAlOtGWzfruvCc0sfRWS/EMs4djsuG +X6PW/B12eM41ispUy21/Uh8U3lB0xfatGuQtfaNlddonggF5UFZY9WZaPx7z3Z2H +YWnNlXzxcTvbLXthHH65fvH/vqncn0fe8QjQuP/nereXEf9bdVEadtpzu1PuS9Wi +p5RpdzgBCIgXa2VHZ22Mds4ADdKXsoLEkG9p3zKrthKbYjnyxA3XAgMBAAGgfDB6 +BgkqhkiG9w0BCQ4xbTBrMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFMtCUciWCimSeLADvLEKm5DryBiBMBsG +A1UdEQQUMBKCBVZPQm94gglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggIBACse +8VXn8b4njNopff+BXvNFhEEDY4sNEI2xwYV3yvrTUi+OKYv0JpisU9oNxOrsGQgW +KxIHX5BYhsJzDgMIUO33+DTiHlrdrXi7ucQayMUT7k+TZVS5Ph2PX3nJCRplxA6r +S38DWa81ChmcUWEjxQqKtXVeheoy9inHQLjFPEuku3qsohjbu+UpRmVlhJo7KW8t +jo4AU6+vPXf5gK+iroRaiIgWIHKSS4okXw1mMHyBBVZ8v/uiwyRl4iBjH5ViI15p +GHJBVE0fXkSsA9/YKCNWiphtCLJGzAlDGulr7zJPVvd1Pi8FnBMToUI9I8o8WC2i +jbjMuoD6qxT55+C3V+li01QAwqM4oGUA2PNwhFsCyyBjBs1YH5jifsw6rMv0I5lq +hjrVBF3KGY2ySnngTJkGvQtcfR/QoxVkWwgLOn8hvk6ELTuALE1frRETt2i4KDOL +H++7TZo1yOc9gukKPLCquHbvTXHEE+TH1ORPzHAcLC2b7mN/iltlhWk0G8hrzGKu +b/KI0mNhihRR2HulJS4UbH4a13xKHOKljhj/ygLkcAR8fN2Vly+xmiKJw5x2B/40 +dhP7uV3rBI7RIBVLjlLITIRRTLd2aAuC3wFdmVxcCqcycF+IdnaRbZBYL1SK55YJ +8Ts7UF+hZF0l97HnUNoFm5EW76wE06uo1+e7mCm/ +-----END CERTIFICATE REQUEST----- diff --git a/diracx-db/tests/proxy/data/certs/key/encrypted_key_pass_0000.pem b/diracx-db/tests/proxy/data/certs/key/encrypted_key_pass_0000.pem new file mode 100644 index 000000000..9833eb517 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/key/encrypted_key_pass_0000.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,803C06DFC172EB659FF7B62B4A5B8791 + +GPuBIKlKh2UaD8PBNJYf/hYNiKPsTpHD4B6sa1ll24s3heql9/l+hlP8nnIjMbZx +hwUfxwrW/RjaiUuoNjMali1maq6rzjnNwUS5bLHE15iP93ngYgGamw1OrjieTzhl +EHTEBaA1fKpGRPW/23RlaI2Q3z3GmBtoDCBVg15r0kDqiPPkj5EZbBW0SZpMJJwm +UN2zjFcpemfAri10qhgZFpNpimLYUw2VBWOKjLpNBynbn2ibIcbGeGpWGOOlhlmL +ouji6o4Os8pOWBnPxnhQCsTjsCPlEdisw3XIfWm74bAJs+xgg0qjALw1mOxA+u8o +lAHsLmUew3GdAuI34eL7g6xBeuobTV0wn7mjRJt2tCNSGS1vxJBfffyZLVqVF127 +umtTzVnKlkH8plvjdiiojWyxba+EdevymuYHp1KeUJXoHezk/MTVo4zd2rEIohII +S+hi/99jCkzTX3s1ZzWjBVXxWxiDv6ZU2vj0AAzpi+Des3SgpNf5svrkjosQYySR +KzS1++aLIdme5yvAC/IygUzde8haDepZ+QtjJbmlafGz3+c1mZc57gAMNAYu1rIB +sZF3RAOpM7WB7FwH++MNE0BxMndLmM7XSiXL5xpMu6z2va5e6W4UdPiEEwYRKUtY +5hoBej89kkLp2OusTGjO1vdegDtyc72SK0ZJIjJbhQhJwhAE+4xbsAYg0wSmTD4T +gaGirZRKHQp8NvxtRIDhgqhh3vc/3VyWqdiitAts+GhApeGOIU8qw80qnXikc/Ey +HS2+0qZ6j6dYOjKDtyaG4AfzLyqGH+GjsJl+rvgDSkMxFlMiUvFV2ku/ydBIX8mg +1LDunHTmIOJ0r+c0CtdoHNwRKtj3bNgoyZr040MDkOtkclqoCZD/dS31r/vchXal +FmtNFD3Tc9vvD7/y6AJ+R4quDCwoGRYe3X0VGj+ZckaL3Hpoj9Twa/DfxbraTTm4 +wVdXXtiMmfW+//YAjtw0KzldIQyBsXpOY4faKCaqfOv9IgSqPgLa+pXe3/29cZD0 +f9QXuqDLfh25277EpQ9tewaCnR/avWoQUdVCeVIWvtXlhE3xFqw01TjZdIfphQus +UQc4UAgDsiGgZmYiPCiIkH09NFti+hbhEtWzujwfUcuMAOnFDb1VePLGJ4H/5UgQ +gEVDpDrvmnDuiRiq97s0PSswOSvS9koYB/wfWXlUJkag/0hsis0mvT82Lexy8bML +m5Wc39X+YAfzmK7U+HOmJeP3+c7EJ1xOPH2jB79oNq/7NKt6AkdXoeNGLu3KGD+O +RjP4IUfDylgh0A//E2jFxrD47aLa3MnDVXaxKm52AfWCdDBt3zaug+hv1myIfh3J +ZYcisX4ZmqPvrQTsjZ9vNu69AIiA3CWEXqHuGq6ET55bEnmQgXLAt6iWO3+ZgCRU +fTwYzV7vMaSl49fuZKaW9uHf6OI17OosSs3Njb80uw0t9EE+fqBBZOWm+q7eE2kP +Ysv8tymISTvGjhAzadN3jbFFS4pfVrHEd4DsiJ92wtj1xnm4o8/gQCGBk9+q1V5m +cVmEzNPufqwWmsNmm/P0p6g5o/xAO6y/RXHCr88ukTUQxbIRujwJ6RHEfSo5tRbw +XqNt9sCi/ufWNKOX84zoo5+CvXFxOFm7L2xUhQLoh7gcSZNxrWgwyJt9ufTxOwKI +xPHunm+0CkdUglOsEL3eGf77qX24T41wW6J4LSckMyTJlR6MmxTpi5xZEcfx83Nm +1f9luBf5xLgxP0x5pCVVNyxLwzkIZzFtMN5CSZ3ENpjqmi3ZxhIYham33wzi748P +1ZVOrkc3xrVNXz3zWnf98W7SbFM+MUZvXRoKshlrtqBPYt3tW2Ja4gz/PAUDdZja +b9wAPgiGOU0r29nYHxN0PAc9DYdrejWhz49XZBNxnppnGgm9+AfvGZsS10CJHnLk +VDCpFeopUr7mIWStDohRY7ZjF24HTzQ8BXYf73g9TeecWLkpHqmXdxMehdu5I+Rg +FK1TBVOwwHscy3ahvxA+8C4mteAAXRdlYCrIr4m5oAdhr5rAoG5pZkLaTeqeOYaJ +uy02YkWT8B7hz4aMlTtuGn5e2uMCPqW4yIuRyi0XFpgUoBpVSqQHMIp/y5wypzvH +lJnfXZKCs3X2V5OsrJkN2VO/RX3ML5OQjs04DryVEnwFkVYwvD5iCutyYIRCPexz +3Eql8x/jkYcN3nbwHqjNAchiQW2o8EZtpThU4NLzELlvzrifWkmXVeeiMem6dnK8 +A2PPkAzD14CvTyDhBjBufK5R90Pqq/bL5prpT2wKxefSD2rYr++aYhDOPHg8cu30 +CNXziMTZIaIGzPLmKODldYkMrliwkllsNDGWJXYrSZTsM0mrjr3WOHAbTyj8WKQn +NxLflTvTe5SRwo55817KefTZ0pC43uGnDC1D8kYrT348dTcJdMxqBb93Pt4mf+l8 +vbnxi0u8yt2NdAOKUmzTTYz7S5XO2u9mZZ2oFN9vzJXUueTgkLYBCwsVlU2CvKet +Etm+YWesUtwg7hmpnVyzgHfTvgtQEX/BKCh+Y7XsHDeXh/GpTMuMjhBcNf+ytBDe +O/g4ms2BRcTeG4+s52d2fpOHJ8LryWh8ljxwWFR/LcNXQ1kHsfLmd6kH6hkOgNVj +RELaCcZKrIwhT9tBhHyxlry3nwI0WVQRns2J0vzv7Bf+BuvJ9WE0WRyjlXfg1IhW +8QQ394xCJc0Hva3n4qzox6uvDw1Ud6HL7cmc1jZ+2luUrmqkm1iXa2zNVBNuC1p7 +WII14OQseZ4M+FIbm/H/v1chBFHUnp7KqOMQJ0DidNUOhfAdCyw5meEidGM8OxPV +sdkd/maGLOLx0pxgLUjmyT5nCArvvMtYcoZjdGmjCd3iHODZBhKgA02s4khmJkM6 +3hL0QMogQ6NpCFnEeb7/30Eguhgr88bjmgBdUEiqakTCaZZ4DVwwN4ne+fgf64i4 +wD+xTLAqducqIBcEFN1WENeszigb0r0lW05SFhjtJOf+NgXvVYbR0s+sl12IzfGK +wBTMqYsNnGyuWy/QFIqg0uiTiaf6nZdejiC5rbx6LLss8dA2WfuBqeP38bE4Fcem +yykrMOqOQvjcUEzX8d5eA099ypdbWPt+qum4rqy96KhkFmQAoWDPp1gX4Z1q1nkZ +-----END RSA PRIVATE KEY----- diff --git a/diracx-db/tests/proxy/data/certs/user/openssl_config_user.cnf b/diracx-db/tests/proxy/data/certs/user/openssl_config_user.cnf new file mode 100644 index 000000000..a3aa0ce95 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/user/openssl_config_user.cnf @@ -0,0 +1,19 @@ +[ req ] +default_bits = 4096 +encrypt_key = yes +distinguished_name = req_dn +prompt = no +req_extensions = v3_req + +# Generates the following subject +# Subject: O=Dirac Computing, O=CERN, CN=MrUser +[ req_dn ] +O = Dirac Computing +0.O = CERN +CN = MrUser + +[ v3_req ] +# Extensions for client certificates (`man x509v3_config`). +nsComment = "OpenSSL Generated Client Certificate" +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth diff --git a/diracx-db/tests/proxy/data/certs/user/request.csr.pem b/diracx-db/tests/proxy/data/certs/user/request.csr.pem new file mode 100644 index 000000000..e84c0c404 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/user/request.csr.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIE6jCCAtICAQAwOjEYMBYGA1UECgwPRGlyYWMgQ29tcHV0aW5nMQ0wCwYDVQQK +DARDRVJOMQ8wDQYDVQQDDAZNclVzZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQCp9md/3Ar5r6rHyR9GUhp6HMPaLH7pMpkn7D1oGWHXVvlw9+Ygw6ZM +Rd7ysPkbpYqh84o0GJDi9fa0S/umxil60zBD1HmSzrtE39gYWTMQQ7uPNgW1axLa +Nux0dV//bB6MgI+EAFg/WwZpBtFa1ynr3R9n3twzVzsC4398Vn2beYCiinkFzqnW +GpZJfJlx7/Qn79KO2st5ZjzK8zHjO1H7zBAb6FcQCJ+dPvvPDF4fuk+TCPcgWlGj +OKZOZo+DTCnBQldR3wuk+cXqkF5k8zJsnhvhN+h10JdIX/BPur1R9Mqm1ygtrIUI +un6Y0kgqQpTOb/UIEwWSF6fNI/u6GOG7dLCvpJeXPWkRbsH0UXLKCEt3sUwS4MgC +7xQuosABMVH3mnl5zcZs5tXg5fgbVSn1/q8OV76qHCRDzW5bF5uxpVa95SjfweyX +ft2rEH0jE04L+dNC7nyXcqcuh0w7B4KYOfMcWsLlX3qliso5oWPYiODpM7mZpAej +SF/CIAIU0i9gNvwDE2YPM5UABmR39jSdth5o7r940nNGLAkYpkydcLdSnNGYgF6c +NNUwKMQ7VmOxd7SHCNLT+xHK1kc3WNbO2cy5h+27cEtRAlAvRyaRa88aNcoF32Qe +G5iO1m75ITIueL7pVckkLJHv/aSaWSr1SKYH5EsD4R6ZbsiTSgMjjwIDAQABoGsw +aQYJKoZIhvcNAQkOMVwwWjAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0 +ZWQgQ2xpZW50IENlcnRpZmljYXRlMA4GA1UdDwEB/wQEAwIF4DATBgNVHSUEDDAK +BggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAgEAWOM4Xm2eMtZB+g+D8Dho+Wy4 +SwC00lyosgZVubAzkqsomRspC3L4gsnsIzEMfr3saUJlTBUlrYAxXvwmCQDpsW4W +TTUlzw5N6PXk1+TakZnPyMcWKApXOeaMhXAtz4oDn04FpNwmJW726O2S7xBOm2Y6 +4En4yd9PsKe1vgQSTxywMWfapGci8demfljRJUm/93xRX4wYPluTohKMo1fXNNUK +/B7aQ19fsLWM35PojnisT53ylmzMsDypsc6YxqU2sNs+KkHEUNof4cVVRvWcurNF +EGgdqvA/TP2QFgx5KZqMhZUbb1/UHEw7Zf9aitg3+7QcjSkg0PLuOZtTbLxVYrDt +nohKKRXRCQgMZrGrDx8YGORH4SjUm9lWHrvkAddgRSy68CJu+XcRKoZnWK0sgL03 +soiEn9KrqaFLLuaZUO2cQOm/YloG22uakLsWilQsp58OMspbs6HfuRPI4X8//9HZ +FJxsnzdGBKFatju3siUKnGbHvPFYKHjHrJJUd6LngDdGwSu2nIN5rprPKgnct6S5 +aLe8ztgEgHkb4neAOx8JSvd7F4gjj4vDQzydaG9ACEOerwTKmfxfKB54Hg6mMWBT +psZPSad3ysqQMJ7/rD1TkIrsXa7Ubnm5Gl1uIGXPAED8f2XXtGlgSox+UNAeCLxh +Z4JCTxpI/ZQ/Cp5m/Zw= +-----END CERTIFICATE REQUEST----- diff --git a/diracx-db/tests/proxy/data/certs/user/usercert.pem b/diracx-db/tests/proxy/data/certs/user/usercert.pem new file mode 100644 index 000000000..6dadd75c4 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/user/usercert.pem @@ -0,0 +1,127 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=DIRAC Computing, CN=DIRAC Computing Signing Certification Authority + Validity + Not Before: Aug 22 09:15:14 2018 GMT + Not After : Oct 21 09:15:14 2037 GMT + Subject: O=Dirac Computing, O=CERN, CN=MrUser + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:a9:f6:67:7f:dc:0a:f9:af:aa:c7:c9:1f:46:52: + 1a:7a:1c:c3:da:2c:7e:e9:32:99:27:ec:3d:68:19: + 61:d7:56:f9:70:f7:e6:20:c3:a6:4c:45:de:f2:b0: + f9:1b:a5:8a:a1:f3:8a:34:18:90:e2:f5:f6:b4:4b: + fb:a6:c6:29:7a:d3:30:43:d4:79:92:ce:bb:44:df: + d8:18:59:33:10:43:bb:8f:36:05:b5:6b:12:da:36: + ec:74:75:5f:ff:6c:1e:8c:80:8f:84:00:58:3f:5b: + 06:69:06:d1:5a:d7:29:eb:dd:1f:67:de:dc:33:57: + 3b:02:e3:7f:7c:56:7d:9b:79:80:a2:8a:79:05:ce: + a9:d6:1a:96:49:7c:99:71:ef:f4:27:ef:d2:8e:da: + cb:79:66:3c:ca:f3:31:e3:3b:51:fb:cc:10:1b:e8: + 57:10:08:9f:9d:3e:fb:cf:0c:5e:1f:ba:4f:93:08: + f7:20:5a:51:a3:38:a6:4e:66:8f:83:4c:29:c1:42: + 57:51:df:0b:a4:f9:c5:ea:90:5e:64:f3:32:6c:9e: + 1b:e1:37:e8:75:d0:97:48:5f:f0:4f:ba:bd:51:f4: + ca:a6:d7:28:2d:ac:85:08:ba:7e:98:d2:48:2a:42: + 94:ce:6f:f5:08:13:05:92:17:a7:cd:23:fb:ba:18: + e1:bb:74:b0:af:a4:97:97:3d:69:11:6e:c1:f4:51: + 72:ca:08:4b:77:b1:4c:12:e0:c8:02:ef:14:2e:a2: + c0:01:31:51:f7:9a:79:79:cd:c6:6c:e6:d5:e0:e5: + f8:1b:55:29:f5:fe:af:0e:57:be:aa:1c:24:43:cd: + 6e:5b:17:9b:b1:a5:56:bd:e5:28:df:c1:ec:97:7e: + dd:ab:10:7d:23:13:4e:0b:f9:d3:42:ee:7c:97:72: + a7:2e:87:4c:3b:07:82:98:39:f3:1c:5a:c2:e5:5f: + 7a:a5:8a:ca:39:a1:63:d8:88:e0:e9:33:b9:99:a4: + 07:a3:48:5f:c2:20:02:14:d2:2f:60:36:fc:03:13: + 66:0f:33:95:00:06:64:77:f6:34:9d:b6:1e:68:ee: + bf:78:d2:73:46:2c:09:18:a6:4c:9d:70:b7:52:9c: + d1:98:80:5e:9c:34:d5:30:28:c4:3b:56:63:b1:77: + b4:87:08:d2:d3:fb:11:ca:d6:47:37:58:d6:ce:d9: + cc:b9:87:ed:bb:70:4b:51:02:50:2f:47:26:91:6b: + cf:1a:35:ca:05:df:64:1e:1b:98:8e:d6:6e:f9:21: + 32:2e:78:be:e9:55:c9:24:2c:91:ef:fd:a4:9a:59: + 2a:f5:48:a6:07:e4:4b:03:e1:1e:99:6e:c8:93:4a: + 03:23:8f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 4A:C2:FD:EB:2C:C5:F1:63:A5:F2:17:62:43:6B:9D:82:6C:9A:13:24 + X509v3 Authority Key Identifier: + keyid:04:C2:17:AF:38:64:E0:86:BF:1F:C9:00:6E:97:6F:1B:BB:4E:87:1F + + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + Netscape Comment: + OpenSSL Generated Client Certificate + Signature Algorithm: sha256WithRSAEncryption + 39:ed:ae:11:4d:7b:51:63:94:88:3b:19:58:b0:d5:60:2f:36: + d2:c5:dc:0b:5f:62:8d:ca:3d:cc:d0:d5:7c:29:0a:cc:f3:0a: + 28:f9:44:03:9e:9d:63:f2:ad:d1:c5:80:b6:29:25:3c:e8:96: + 12:d2:b2:6e:c3:3b:6b:26:76:14:48:8f:74:14:9d:f4:ff:2a: + 1d:81:4c:95:bb:17:73:28:9b:e5:05:e9:74:77:9b:72:2a:6e: + f4:e4:73:a7:e8:65:16:f4:c0:d5:f1:44:ac:39:fe:9c:f5:be: + c5:30:a9:d7:db:5d:96:b3:72:c3:10:d6:5d:b0:78:28:96:7f: + 57:14:95:b9:3e:25:31:96:27:eb:05:0e:30:53:7f:c6:3e:35: + 7a:f1:aa:a9:07:c9:9b:ec:93:7d:e5:b7:9f:60:a5:0c:20:db: + 93:76:eb:ff:72:98:f1:e0:8f:2d:49:65:65:f7:49:82:73:76: + e1:25:ab:4b:84:b4:b4:1b:8e:66:df:a1:4e:de:cb:21:23:d2: + 3c:88:b1:c5:73:6c:c4:b0:97:ab:b2:ac:12:52:25:cc:f3:db: + 32:c7:6a:0c:9f:e5:84:35:28:1c:f6:59:bb:d7:21:8b:8b:7c: + 17:92:46:93:37:27:d4:c3:92:9a:7e:5d:ef:89:31:49:80:f5: + 41:38:2f:5f:be:ed:d0:0d:44:ec:6e:79:35:88:99:25:34:a3: + a1:a2:10:89:0c:01:34:46:a4:ec:ec:fd:40:28:7e:e6:a1:f0: + 47:f3:69:e2:fa:38:f9:de:29:ca:e5:b1:a7:31:c7:06:e4:2b: + 57:a7:43:67:49:8e:34:15:b1:ea:0c:69:90:53:78:da:6b:7c: + 11:47:76:e9:f6:86:ee:47:9b:6d:e5:68:52:dd:55:05:37:29: + f4:71:c7:0c:a4:2a:f6:5a:28:76:01:a8:91:aa:f2:70:57:89: + f2:5f:99:30:cf:77:62:83:cf:56:5b:22:8c:6e:89:9a:7f:94: + ad:93:73:c1:b8:b9:25:c1:3b:df:5a:84:ba:b1:98:53:89:23: + a7:3a:62:ad:ab:b0:0a:73:a0:4a:6e:c3:c1:ac:0d:a2:29:4b: + 14:e4:92:87:7f:e2:66:00:e3:33:28:6c:a4:62:76:17:05:c1: + 94:99:bb:c0:15:b2:4b:ed:2a:4e:7b:1e:92:a4:da:9a:e4:c3: + 4c:03:c9:46:16:f6:2c:f5:45:97:42:fc:f9:fa:e4:d6:09:29: + c3:82:93:0b:31:b0:e2:b2:96:fb:e1:14:8d:2d:62:d3:db:2a: + d8:3b:fa:fd:f5:bf:c9:ba:b1:a5:13:aa:9b:22:c7:6e:a1:04: + c6:3d:3f:84:fc:4f:28:fc +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwVDEYMBYGA1UECgwPRElS +QUMgQ29tcHV0aW5nMTgwNgYDVQQDDC9ESVJBQyBDb21wdXRpbmcgU2lnbmluZyBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xODA4MjIwOTE1MTRaFw0zNzEwMjEw +OTE1MTRaMDoxGDAWBgNVBAoMD0RpcmFjIENvbXB1dGluZzENMAsGA1UECgwEQ0VS +TjEPMA0GA1UEAwwGTXJVc2VyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEAqfZnf9wK+a+qx8kfRlIaehzD2ix+6TKZJ+w9aBlh11b5cPfmIMOmTEXe8rD5 +G6WKofOKNBiQ4vX2tEv7psYpetMwQ9R5ks67RN/YGFkzEEO7jzYFtWsS2jbsdHVf +/2wejICPhABYP1sGaQbRWtcp690fZ97cM1c7AuN/fFZ9m3mAoop5Bc6p1hqWSXyZ +ce/0J+/SjtrLeWY8yvMx4ztR+8wQG+hXEAifnT77zwxeH7pPkwj3IFpRozimTmaP +g0wpwUJXUd8LpPnF6pBeZPMybJ4b4TfoddCXSF/wT7q9UfTKptcoLayFCLp+mNJI +KkKUzm/1CBMFkhenzSP7uhjhu3Swr6SXlz1pEW7B9FFyyghLd7FMEuDIAu8ULqLA +ATFR95p5ec3GbObV4OX4G1Up9f6vDle+qhwkQ81uWxebsaVWveUo38Hsl37dqxB9 +IxNOC/nTQu58l3KnLodMOweCmDnzHFrC5V96pYrKOaFj2Ijg6TO5maQHo0hfwiAC +FNIvYDb8AxNmDzOVAAZkd/Y0nbYeaO6/eNJzRiwJGKZMnXC3UpzRmIBenDTVMCjE +O1ZjsXe0hwjS0/sRytZHN1jWztnMuYftu3BLUQJQL0cmkWvPGjXKBd9kHhuYjtZu ++SEyLni+6VXJJCyR7/2kmlkq9UimB+RLA+EemW7Ik0oDI48CAwEAAaOBqDCBpTAJ +BgNVHRMEAjAAMB0GA1UdDgQWBBRKwv3rLMXxY6XyF2JDa52CbJoTJDAfBgNVHSME +GDAWgBQEwhevOGTghr8fyQBul28bu06HHzAOBgNVHQ8BAf8EBAMCBeAwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk +IENsaWVudCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAOe2uEU17UWOU +iDsZWLDVYC820sXcC19ijco9zNDVfCkKzPMKKPlEA56dY/Kt0cWAtiklPOiWEtKy +bsM7ayZ2FEiPdBSd9P8qHYFMlbsXcyib5QXpdHebcipu9ORzp+hlFvTA1fFErDn+ +nPW+xTCp19tdlrNywxDWXbB4KJZ/VxSVuT4lMZYn6wUOMFN/xj41evGqqQfJm+yT +feW3n2ClDCDbk3br/3KY8eCPLUllZfdJgnN24SWrS4S0tBuOZt+hTt7LISPSPIix +xXNsxLCXq7KsElIlzPPbMsdqDJ/lhDUoHPZZu9chi4t8F5JGkzcn1MOSmn5d74kx +SYD1QTgvX77t0A1E7G55NYiZJTSjoaIQiQwBNEak7Oz9QCh+5qHwR/Np4vo4+d4p +yuWxpzHHBuQrV6dDZ0mONBWx6gxpkFN42mt8EUd26faG7kebbeVoUt1VBTcp9HHH +DKQq9loodgGokarycFeJ8l+ZMM93YoPPVlsijG6Jmn+UrZNzwbi5JcE731qEurGY +U4kjpzpirauwCnOgSm7DwawNoilLFOSSh3/iZgDjMyhspGJ2FwXBlJm7wBWyS+0q +TnsekqTamuTDTAPJRhb2LPVFl0L8+frk1gkpw4KTCzGw4rKW++EUjS1i09sq2Dv6 +/fW/ybqxpROqmyLHbqEExj0/hPxPKPw= +-----END CERTIFICATE----- diff --git a/diracx-db/tests/proxy/data/certs/user/userkey.pem b/diracx-db/tests/proxy/data/certs/user/userkey.pem new file mode 100644 index 000000000..80ea30905 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/user/userkey.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAqfZnf9wK+a+qx8kfRlIaehzD2ix+6TKZJ+w9aBlh11b5cPfm +IMOmTEXe8rD5G6WKofOKNBiQ4vX2tEv7psYpetMwQ9R5ks67RN/YGFkzEEO7jzYF +tWsS2jbsdHVf/2wejICPhABYP1sGaQbRWtcp690fZ97cM1c7AuN/fFZ9m3mAoop5 +Bc6p1hqWSXyZce/0J+/SjtrLeWY8yvMx4ztR+8wQG+hXEAifnT77zwxeH7pPkwj3 +IFpRozimTmaPg0wpwUJXUd8LpPnF6pBeZPMybJ4b4TfoddCXSF/wT7q9UfTKptco +LayFCLp+mNJIKkKUzm/1CBMFkhenzSP7uhjhu3Swr6SXlz1pEW7B9FFyyghLd7FM +EuDIAu8ULqLAATFR95p5ec3GbObV4OX4G1Up9f6vDle+qhwkQ81uWxebsaVWveUo +38Hsl37dqxB9IxNOC/nTQu58l3KnLodMOweCmDnzHFrC5V96pYrKOaFj2Ijg6TO5 +maQHo0hfwiACFNIvYDb8AxNmDzOVAAZkd/Y0nbYeaO6/eNJzRiwJGKZMnXC3UpzR +mIBenDTVMCjEO1ZjsXe0hwjS0/sRytZHN1jWztnMuYftu3BLUQJQL0cmkWvPGjXK +Bd9kHhuYjtZu+SEyLni+6VXJJCyR7/2kmlkq9UimB+RLA+EemW7Ik0oDI48CAwEA +AQKCAgAuEvP/v0DiavKa8jSeNYej7sRREprc0LCgF/SVkbvqSlOYgjtKSn98Ubyc +gckl63xnZsPiV35/aDoWqjpv/WwlNbbxzFmgqJYvl5bXEuc604G20ug9Q+d6bEUx +VNhPP5oQcJF3MTi7BAv60LRUMdvVar4mxE1hRZZjtBRNOo0WZpuudGdWYa28srxm +83YNYwUHBoZH35wlLsfwJHkzplMVNT5wsk1XtV6/m+FbQXkKlNEZhOapSJK08phy +zG6/Ixh2oWtWcGaRtHwomDZem2bh9wKLzUIhHgjEv+0/T9oeq4N8MvtbVldCBHxp +JSgW/LGmPMdqBu4Nqof8nnKRAkm+vAmrodfJlyeSbE+j/HcA6MU8Udf5SJrzlNjc +rO0+5xIV65bNQ3NLb+hJot+4TcIoZ7wJ812MdDMCIdDfOS63W0bVTPnYrNiy6Q0n +FbfQh0vlZdPqjvX7IA51CmGBjjWKvjB47Q3UzAdA4cUzY2ljlNCdUYJpQBVet5ce +4lrNLcB+OBW8paOg2GJAIjRjlL6Sg+xjc/2qKBLa03/9xpx6AdlAXb7JiPEWe00l +wrKApJXUEbCSZ846OX8U8h/LnwnhIVJsPpZitjhZXZD0q1S/HgT1fEExAmyTshUA +vCKVcv0JyYWZQ5oKziQFbZesY5GhH6j1drC67oTQasYds4LDIQKCAQEA318EAWvr +H9SeqDqPO9nr+vGkOWceW2VlelZHv7MY2m/xomeOAN900U1KSHq5nUd8yeQ9Afb4 +eiFurW7lN8AYCQAo7PVY1hX2+U+OjGeRTbTd8zb8SfWIW0NkSXOBkcwjXBgKrg3n +A/cVJPdZPZCNO1GSlCA8sBgNjhiq2lEkXUvC6gH6QMQDbtyb4p5ak0BXzsU9wGWN +N1FplySPcV7YMV9SiwfuOi7suRiFrPwTRYtTZNdjh6pdfcKDCqceIsPPXAN0tuhY +1Yrhl9IPXaJk/m4mrTzWp/ekXn6eLP40xzhWeB7oZlhroG9SfcoXBxGafV63lLW6 +5vF5vvten/W3SQKCAQEAwsoq95cPeF9BHzROHTDtCpUImF6G08UO8tGmXS/WufLe +QtD6uZ08r1+zXCMpNinMYTIyQyQtTJlZkM9nb292ibflSoVZdqtB/6kkSNkaeUAe +aOwZabM1ZDLeQj9+h2RO8c9S12fu+FjBLHj5G59Rq0bbP0LAMt4qpqAbMv36vK6l +N7V2mowMzkW9yhTSpG3QV+5150vL/sYs1nHCjE39ELmi4gv1nHYvbzweFEKIKWvL +6QJfIDOWKmg7PeHlaUr9t1DITa7wIFd7Z+xTUkDYfroJywcDasGpveXwTLXhlIeB +2qZ6BA5TnsxO6lMBgGk7MJOU58YjjVSI6UJZNlZMFwKCAQEAtZeKKxmwAaWaAkvx +LAgjF1ShXOVfQZAyKn3AQLF6MAM33v7u6/i+AHYkQL487gczBPLfQhykrq1FTAvO +nz80iwStQM7JFOqwaMhrq+t6rkCu+84k1n+dBgzImAomOQBLctA8xnmY6JlTgETy +MOG2X5YWYwO+Mq6rPm0BYRD8TjiMUi+fYk24OMVymY6BNhrmB7xEUoh8gI9YFz7q +upEPkzvaYBrnajfBzUyJSDN5+1ykRGPyj1VKQjYC0INCNaMYjcZleVl09s28Tu+/ +/DBMiKfGG6pNHCpwXz3ym8Nh5t//NBJ0fte9T6WQ26CSjfWasfdxqZ0AQEXp4wB6 +UfKxuQKCAQB9SZ2zXIVFzjbLxE/N9M8ydENwBbTA90mzIufXnlKFjdIptdLemmUT +BAIQbEkwnlfn2Gp9xwIf966lNtH32gCreg3QDc9KRcMQlxFQjdu6S2SD5gA+fVcF +GLbec4qFuR4R6GEHTcFmGWg+m5zWiHX2LYANw3ht/3n9bJOyC6w/ujFokJ41r4j5 +D+CP3y7RNhTAyg8p8xXFzF/AmrEgn3T7UfuTW0/iEB5YdJmAPH7p7XzdZXob8zJO +GnaoSejN/b8NLrd3R+MJWlt0r4u0JyNY934fCWbIPsJX81LJdF8gsrvyEAwBGdnt +FMpZa4RWvNimWPZ40XfCirH5HoTVL1KHAoIBABhRqS6vH5S+JVOAJ3rUeRrNgRWh +wXqshi9aVmNaD4BfIxP2jWnyA7OjasDASDkJnpIRDsQX/U4vaiQ2k5EzciIjxWEt +/7JvrYX6iRVTGV/Cyp40p7Ugqf6Rg2BCyfhjmMDp6nJ4u6bBePnL8UJkZCNSx6SM +IlDjJ4sHHz1QraBB3SeT59IxRZHAFVT1i8l3Dx9FqYJJRRrwjb71bYUZGU7k+Gct +kF4D+nXyCv9lAFAxOlJNaHZDcgLcPXdrZH2Y8c2/HYxnXJkwm1c8kXZJIUbKf4K0 +G4Pql35ok5QMjxN7geVRTyWHMeYCS6GI6apQeCo9PHiACOb3Fp7f0XBNbS8= +-----END RSA PRIVATE KEY----- diff --git a/diracx-db/tests/proxy/data/certs/voms/README b/diracx-db/tests/proxy/data/certs/voms/README new file mode 100644 index 000000000..f21ef8fb2 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/voms/README @@ -0,0 +1,15 @@ +This fake voms proxy was generated using the following command line: + +voms-proxy-fake --cert ../user/usercert.pem \ + --key ../user/userkey.pem \ + -rfc \ + -fqan "/fakevo/Role=user/Capability=NULL" \ + -uri fakeserver.cern.ch:15000 \ + -voms fakevo \ + -hostcert ../host/hostcert.pem \ + -hostkey ../host/hostkey.pem \ + -out proxy.pem \ + -hours 50000 + + +Don't forget to update VOMS_PROXY_ATTR in src/DIRAC/Core/Security/test/x509TestUtilities.py diff --git a/diracx-db/tests/proxy/data/certs/voms/proxy.pem b/diracx-db/tests/proxy/data/certs/voms/proxy.pem new file mode 100644 index 000000000..0ffbf53f7 --- /dev/null +++ b/diracx-db/tests/proxy/data/certs/voms/proxy.pem @@ -0,0 +1,124 @@ +-----BEGIN CERTIFICATE----- +MIIN1DCCC7ygAwIBAgIFAJE4lx0wDQYJKoZIhvcNAQELBQAwOjEYMBYGA1UECgwP +RGlyYWMgQ29tcHV0aW5nMQ0wCwYDVQQKDARDRVJOMQ8wDQYDVQQDDAZNclVzZXIw +HhcNMjMwNDI4MTM0OTM3WhcNMjkwMTA5MjE1NDM3WjBPMRgwFgYDVQQKDA9EaXJh +YyBDb21wdXRpbmcxDTALBgNVBAoMBENFUk4xDzANBgNVBAMMBk1yVXNlcjETMBEG +A1UEAxMKMjQzNjQwNTAyMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwuMn +cGbojNiEOxdk75s5u9FrGLsC/HF9R8pBKiJO50Eq8YVUX7qz1k0GuynVceVHKtmp +4AmG1BQSx2mrj8R7xZ3XfNX9oLuX90u16DRVc/B+6IqT5THynOyQ1efBLdKClJG+ +tLXGGHwcqeesHma+GGvD9LjQPMkpBUhm+KnbONUCAwEAAaOCCk4wggpKMIIJ5QYK +KwYBBAG+RWRkBQSCCdUwggnRMIIJzTCCCckwggexAgEBMEagRDA+pDwwOjEYMBYG +A1UECgwPRGlyYWMgQ29tcHV0aW5nMQ0wCwYDVQQKDARDRVJOMQ8wDQYDVQQDDAZN +clVzZXICAhABoD8wPaQ7MDkxGDAWBgNVBAoMD0RpcmFjIENvbXB1dGluZzENMAsG +A1UECgwEQ0VSTjEOMAwGA1UEAwwFVk9Cb3gwDQYJKoZIhvcNAQELBQACAQEwIhgP +MjAyMzA0MjgxMzU0MzdaGA8yMDI5MDEwOTIxNTQzN1owXDBaBgorBgEEAb5FZGQE +MUwwSqAjhiFmYWtldm86Ly9mYWtlc2VydmVyLmNlcm4uY2g6MTUwMDAwIwQhL2Zh +a2V2by9Sb2xlPXVzZXIvQ2FwYWJpbGl0eT1OVUxMMIIGjTCCBl0GCisGAQQBvkVk +ZAoEggZNMIIGSTCCBkUwggZBMIIEKaADAgECAgIQAjANBgkqhkiG9w0BAQsFADBU +MRgwFgYDVQQKDA9ESVJBQyBDb21wdXRpbmcxODA2BgNVBAMML0RJUkFDIENvbXB1 +dGluZyBTaWduaW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4MDgyMjA5 +MTgxN1oXDTM3MTAyMTA5MTgxN1owOTEYMBYGA1UECgwPRGlyYWMgQ29tcHV0aW5n +MQ0wCwYDVQQKDARDRVJOMQ4wDAYDVQQDDAVWT0JveDCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAONXljoBAjrWdkfLqGOvUzOIUV6H/PUN0CCQ9+JScdAv +Fa29cZxzixf+0FwPq280pPMkLDIVUAwvRY1MP/DjzRNSYYguVG2D7Xup9JZ94K8P +KBJsY0g1f6VrRq4Spju7mhe3CEUASeoF77qnO+B9OnOHx460FKuqAlTAy1ojzU/o +tCfm6shBsnuGD0cqH10Bf6ZH+bDENM+nNM/phPmiKpcTmFFo8A7qJt4YZ27KmEWI +DBXMBXYHlR8Hi0vwL9J7I9fv7vRb6locPt98locsoVCN0D2rsQdEZubTrz5o9GY0 +Iq2XWm2Btiq5WanQOI7mo5Kr4tTa/xbn/LxbvkNqPKoZsm4x2jjMyMK85p868cdp +s59is4dwjow0nHZnq/8bQLuYxXBwE9y4uSq2Jra4+fPANzDFUvfAr+4mIcfDdPqh +2Y4T/orFgz5Il/3B4F9EVb98J+RZh8QDUUmGdx8Nk/PCImdAlOtGWzfruvCc0sfR +WS/EMs4djsuGX6PW/B12eM41ispUy21/Uh8U3lB0xfatGuQtfaNlddonggF5UFZY +9WZaPx7z3Z2HYWnNlXzxcTvbLXthHH65fvH/vqncn0fe8QjQuP/nereXEf9bdVEa +dtpzu1PuS9Wip5RpdzgBCIgXa2VHZ22Mds4ADdKXsoLEkG9p3zKrthKbYjnyxA3X +AgMBAAGjggE2MIIBMjAJBgNVHRMEAjAAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NM +IEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFMtCUciWCimS +eLADvLEKm5DryBiBMIGEBgNVHSMEfTB7gBQEwhevOGTghr8fyQBul28bu06HH6FY +pFYwVDEYMBYGA1UECgwPRElSQUMgQ29tcHV0aW5nMTgwNgYDVQQDDC9ESVJBQyBD +b21wdXRpbmcgU2lnbmluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIJAKy80Lkr +R8XYMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH +AwIwGwYDVR0RBBQwEoIFVk9Cb3iCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOC +AgEAHfwjOGx5KNQszzRl2IboaVho6IEYhGCUEkmoN6yWGF6L26mCffnLPrhGoygz +hsVZJp7SAUIwY0B1XkMhdRmJN9khEqo3fnM4Rm9sBT+3keLvS153cM84BczhdqCG +cUaDbplMHzpnoOmHfdAkuo2SpTyho5+XURPhMOiKamiVAjQzzZ1q0+WEN7YSS8+M +lpyU1coZnSRfmCq5koqlNh75yP/gTsAb2YBBMH0zpdenHmL8T40uQYuMKbTlBl1u +WEuYngyOPaIIYw4v/Pb9uGdwlhXJx4AAUb99NvZiTq5ej/INqSrdJ/Ks6lLLn9tz +LlhVxoY6VqHvimkHbqVs79wlYA5xObrOugvNC16iskOJ/3oSxImPl/EYoOdJFyD4 +r7awDdz4b/f3kUefWopFGVw2b/IhbJKuRSO1tKRkcKFJTm9+PCUirlpxX9e2Rcml +jsvixxDQB4UMp0iFtfHxqNXAGtT8bPIybDv6nQ9W/M0VlKfTToPrMjoNHBRw+n81 +E2LWjGufO/VdVn8y2JYU1mDP6aeqlqQ5QCwIa31iISVUVqeZLuIySqGhu3nhSUVe +F934VDJEjaRKtbyQvx4izfd1mAllNP8pKwbx7zzchIFvnMN43junGNTmkX+6GTb9 +4FjUTAR6+lh1A+iRjREeJrXGSkEo49FjQGtIYJ0RRPn6Jy0wCQYDVR04BAIFADAf +BgNVHSMEGDAWgBTLQlHIlgopkniwA7yxCpuQ68gYgTANBgkqhkiG9w0BAQsFAAOC +AgEAwdT0u3rYK+Et7h+d7ymTb4Iwo2BHOj3LaQZ+kla0bsmoH2oaZml6j9lO+YVp +EH34JE1TtctHiZKfEvwMMHovswhUcMV46Y+n+ofEwOmOCkwbuI6N1TmB2iUzykpP +JiSh2nOrAXHxe/d6yJD/oOQqpagiZJ0cUeW0NrHkyPXQk8+txNxwGiAP+IxJr4He +uSG4zRg0wSVRDRebmK6CO54tJ2Q5aCGPSGgLTTw1OdtmlpJ7jmluMa72U4/0caJr +OX0rYpCPqp9k+ENMtCVYa3nu8275tvmunF6d18ntFxQoH+035Tev0472zbt22Z4F ++VovShOwpP2Gzlf8bCpuD5fCw9kOI0qIS8ah3pmio9Aq0xE70UuiojaGJMtu94nr +ylu8m21U35Tma3NtBPN/yBXe1AsgFZneq6XEItmKpRdlV/x0NvyqqFn5QYTuxqGw +ypKd4Fd90EAscif9nCk78UpMc3lke/iIYqI83EjevB1cj8Pfz8i+qAjMIBtkFM+E +BF3FF3nk48T5RlZ4N8xwsGuwZrHU4DEDPhgvV2xgOUGt06HORfdYC1uxaMa4qOqZ +UW4kbxLELPQxG8wNwVLXV1W6BZ+CtLOtPXwNT4aLjR+ChQt+l/Rsem1UyXF5QcI4 +ZsIS1ETAhQpre9iPJjdygYfUNbEYPHA4RcvMlfxnxRMNGPEwDgYDVR0PAQH/BAQD +AgWgMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUSsL96yzF8WOl8hdiQ2udgmya +EyQwIAYIKwYBBQUHAQ4BAf8EETAPAgEBMAoGCCsGAQUFBxUBMA0GCSqGSIb3DQEB +CwUAA4ICAQCSjShCFZzCdIFdK58iA0ynsIS27Ro7H0Ukybzcv1a42O84rkqaEyow +0pZ2qXDH6GSeTeG9rub/jJd+uXrTP2YaAvJOnHTkA2lmdtlUKbKnoCY9mMvhKZRq +gE27vrAogpsNh4wESgI1QrZhjsdPko7rcx2z0I5X6eayQYLcq8+kUT1cWdiqRaz6 +glqnNQ/gb22OHjhvKtd5adnYaRT+QbEgoHPmeBfRN3ItbNLbPUFE9cFb2dVf5TXA +4Q0P8c0VYJwg7CYftTBgYcnQSm1d0UAg3x56weUQog0E7C8GW2iVuEx+u+jTyf1g +y2yvqLUa1Oe8H1UGBHxHzoBBB2DA821/u7c3DrJ/X7mma9pMb3anX+37xbzjpim4 +PtyZiI/Rrq8ECyrOwl472p0ov7YGEJH1zRT4Z8I2v/75MK2k+Ur5DcUzO/H48cD2 +hSFBi1814ejoyCH60Pn2DrFMo+eKlksKFkSn9idOn/PdkmqdTLn6PCa4zTE1UsFk +sKK2N/LzQ8t8PrNWMRJqnSd9v7IKEQzCf4mBrmzdUDjpr6pXf61cBmzkXSSlFxeF +bpLVDsiDqkSRycwVg3afPoRJogwUDoUHI2hhSRHmmGRckkmr234KGHfMSQdgsi+v +OwMyyZzIHiosUYQ9jDqpX/t0TVYEh/ks7a/dbxJftOJQlwnsC07KOw== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDC4ydwZuiM2IQ7F2Tvmzm70WsYuwL8cX1HykEqIk7nQSrxhVRf +urPWTQa7KdVx5Ucq2angCYbUFBLHaauPxHvFndd81f2gu5f3S7XoNFVz8H7oipPl +MfKc7JDV58Et0oKUkb60tcYYfByp56weZr4Ya8P0uNA8ySkFSGb4qds41QIDAQAB +AoGBAI2fVwS2s93OZeEvMflxOvZCy+nv1M6whlMKJmrA/cfNsrBKrLLYUWG1HeQb +FXIsJJh+DpWxNpqdb7wcDUFvjmUbJl4OrsLKk6IJW22VJ1RRw3+fdochfJdefR3c +KaE8i36G0/W0h6Gx/S9nqbcW1ZvwP9zf8hHSiXNghZuFFMnBAkEA62p9LpdSTC/8 +2vpJK+GQ8a4EXulUmXEBlFts4YAQUf17gZoMKL9fCITou1qzarCjtVce0bV5M3Yy +HgurbgU9cQJBANPteoc8EeQbjc93FguHILmi8N9n2pOHvEddeH+dql3vvniOa6VS +KRrBYQaDQQAUjtUDBuT/amOAk6aWAANxD6UCQQDDOGSk3VGe4nCR+tnw7LYw5Li1 +KFNCh0bjC0noWjWueEESQXfx1njtbKI+s8FzKRYpDBz/lLj0ZwC6j7zSmL/RAkEA +0oVfaCNl6mDsuCCmB4GOIpoYCPUTjeYSRBo37x1h9bqITR29FRbOukNK7LtJwJir +YjKFkMmgl4NMKPlsvf57+QJAWncg1cGz6E8oPXGQ8HO8iNpjk5CZzZMDM8d1tLJz +GeX1UgSzQR80eqBkdRR/LUt/Rq7+TYr5bBec2qXAqbERxg== +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwVDEYMBYGA1UECgwPRElS +QUMgQ29tcHV0aW5nMTgwNgYDVQQDDC9ESVJBQyBDb21wdXRpbmcgU2lnbmluZyBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xODA4MjIwOTE1MTRaFw0zNzEwMjEw +OTE1MTRaMDoxGDAWBgNVBAoMD0RpcmFjIENvbXB1dGluZzENMAsGA1UECgwEQ0VS +TjEPMA0GA1UEAwwGTXJVc2VyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEAqfZnf9wK+a+qx8kfRlIaehzD2ix+6TKZJ+w9aBlh11b5cPfmIMOmTEXe8rD5 +G6WKofOKNBiQ4vX2tEv7psYpetMwQ9R5ks67RN/YGFkzEEO7jzYFtWsS2jbsdHVf +/2wejICPhABYP1sGaQbRWtcp690fZ97cM1c7AuN/fFZ9m3mAoop5Bc6p1hqWSXyZ +ce/0J+/SjtrLeWY8yvMx4ztR+8wQG+hXEAifnT77zwxeH7pPkwj3IFpRozimTmaP +g0wpwUJXUd8LpPnF6pBeZPMybJ4b4TfoddCXSF/wT7q9UfTKptcoLayFCLp+mNJI +KkKUzm/1CBMFkhenzSP7uhjhu3Swr6SXlz1pEW7B9FFyyghLd7FMEuDIAu8ULqLA +ATFR95p5ec3GbObV4OX4G1Up9f6vDle+qhwkQ81uWxebsaVWveUo38Hsl37dqxB9 +IxNOC/nTQu58l3KnLodMOweCmDnzHFrC5V96pYrKOaFj2Ijg6TO5maQHo0hfwiAC +FNIvYDb8AxNmDzOVAAZkd/Y0nbYeaO6/eNJzRiwJGKZMnXC3UpzRmIBenDTVMCjE +O1ZjsXe0hwjS0/sRytZHN1jWztnMuYftu3BLUQJQL0cmkWvPGjXKBd9kHhuYjtZu ++SEyLni+6VXJJCyR7/2kmlkq9UimB+RLA+EemW7Ik0oDI48CAwEAAaOBqDCBpTAJ +BgNVHRMEAjAAMB0GA1UdDgQWBBRKwv3rLMXxY6XyF2JDa52CbJoTJDAfBgNVHSME +GDAWgBQEwhevOGTghr8fyQBul28bu06HHzAOBgNVHQ8BAf8EBAMCBeAwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk +IENsaWVudCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAOe2uEU17UWOU +iDsZWLDVYC820sXcC19ijco9zNDVfCkKzPMKKPlEA56dY/Kt0cWAtiklPOiWEtKy +bsM7ayZ2FEiPdBSd9P8qHYFMlbsXcyib5QXpdHebcipu9ORzp+hlFvTA1fFErDn+ +nPW+xTCp19tdlrNywxDWXbB4KJZ/VxSVuT4lMZYn6wUOMFN/xj41evGqqQfJm+yT +feW3n2ClDCDbk3br/3KY8eCPLUllZfdJgnN24SWrS4S0tBuOZt+hTt7LISPSPIix +xXNsxLCXq7KsElIlzPPbMsdqDJ/lhDUoHPZZu9chi4t8F5JGkzcn1MOSmn5d74kx +SYD1QTgvX77t0A1E7G55NYiZJTSjoaIQiQwBNEak7Oz9QCh+5qHwR/Np4vo4+d4p +yuWxpzHHBuQrV6dDZ0mONBWx6gxpkFN42mt8EUd26faG7kebbeVoUt1VBTcp9HHH +DKQq9loodgGokarycFeJ8l+ZMM93YoPPVlsijG6Jmn+UrZNzwbi5JcE731qEurGY +U4kjpzpirauwCnOgSm7DwawNoilLFOSSh3/iZgDjMyhspGJ2FwXBlJm7wBWyS+0q +TnsekqTamuTDTAPJRhb2LPVFl0L8+frk1gkpw4KTCzGw4rKW++EUjS1i09sq2Dv6 +/fW/ybqxpROqmyLHbqEExj0/hPxPKPw= +-----END CERTIFICATE----- diff --git a/diracx-db/tests/proxy/data/proxy.pem b/diracx-db/tests/proxy/data/proxy.pem new file mode 100644 index 000000000..c93e7ccc9 --- /dev/null +++ b/diracx-db/tests/proxy/data/proxy.pem @@ -0,0 +1,86 @@ +-----BEGIN CERTIFICATE----- +MIIEOTCCAiGgAwIBAgIFAUXu3+AwDQYJKoZIhvcNAQELBQAwOjEYMBYGA1UECgwP +RGlyYWMgQ29tcHV0aW5nMQ0wCwYDVQQKDARDRVJOMQ8wDQYDVQQDDAZNclVzZXIw +HhcNMjMxMTI4MjExMDIzWhcNMzMxMTI1MjEyNTIzWjBPMRgwFgYDVQQKDA9EaXJh +YyBDb21wdXRpbmcxDTALBgNVBAoMBENFUk4xDzANBgNVBAMMBk1yVXNlcjETMBEG +A1UEAwwKNTQ2ODI1MDA4MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AP3qqOreMUBzNxGFCuqGb1Oh8H0oHRvkxptVixOw7+ckg36Lxn8l0tpHBCuAJeDQ +w8lKCix5SDVBK/FsKBhCCln8uMlv9dM+X8kez2rPFc0Hp6L6W5zEzW/0CbPs4Zwd +xvWysGcC3dVlxhXw/UAsUC4aJtD74VQGXUI03y7ozh/UmjUDTt5m33UIlIZEisPI +YZpA+6RMgNLJXx8EOhrdCJI3oD45+mBMqZUvRGWRAsIWYRr1jAdSmIEGLvLx/7dt +Dmi7L9Y4ZLcz7Wal83OWcUp1uX1y+k5yTss3SWzN2GLqQZIHL1XmgfOwrdqe50qa +Q3ii2qdWbH6ldS6ap2mGrrsCAwEAAaMxMC8wDgYDVR0PAQH/BAQDAgSwMB0GCCsG +AQUFBwEOAQH/BA4wDDAKBggrBgEFBQcVATANBgkqhkiG9w0BAQsFAAOCAgEABskd +Tjksd8cMhz7Ar8waASgIj9mjf/Jhg8L1BIMYKsCMi8rVTGX5Wl2F2WLfiMrp0RqO +MxSUk9sJ6b5JjrXNpvTQzFm4AKemmMC40k1N4FjkQngVemE0xiHxanxLtrggO2/9 +zxgTobEqaXV94gBXcRLrhIvHTcEDPekc9hBY6RRdH7PA7jpyZblF+RuwIbSCC+vM +JvL3PY5PiYRgzxeC1qDKXjo/NHO0cQ/LhjKDZoguFz8lYctLLezlCyocj0Wl5zwm +kbzejs9mA39UOYC7HYGJbfXXqEYjnNBtfcPE6naW5J0C26J6WPMrs+hm0jshIli5 +c1aQraEm9IYzY2s4ovmx0ZGfGUdnSOfbamJpYQLVsY0BNh4yzp5Qn3jEJm3ktoQ5 +0U54biUYbbUfg1WdthBqi+Zogk9+AbJ8b+C2ZzDwI/QsF5r9jPbh/J+dAshVUquz +UbCmERbq5dfNNO3qp1DAfCSAu20mDnO6ig105aU+58beL8Y6FphmZWm9JaIDnln4 +TXq1YGv+IuaYftuoBF/I2oa5k3WfteNVki7widk/bx3fW1luYitSROjsVDiU1ZkW +CWjclXEmsXKL/44mqx9iPzVAy3zhfkJ84gLr7gdhlnCP2KHJpyJWb9JOWFYi+fwf +2jTePuiDTA63Qb6/o4kLx3NR9fRO6G8/AZw8lvo= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD96qjq3jFAczcR +hQrqhm9TofB9KB0b5MabVYsTsO/nJIN+i8Z/JdLaRwQrgCXg0MPJSgoseUg1QSvx +bCgYQgpZ/LjJb/XTPl/JHs9qzxXNB6ei+lucxM1v9Amz7OGcHcb1srBnAt3VZcYV +8P1ALFAuGibQ++FUBl1CNN8u6M4f1Jo1A07eZt91CJSGRIrDyGGaQPukTIDSyV8f +BDoa3QiSN6A+OfpgTKmVL0RlkQLCFmEa9YwHUpiBBi7y8f+3bQ5ouy/WOGS3M+1m +pfNzlnFKdbl9cvpOck7LN0lszdhi6kGSBy9V5oHzsK3anudKmkN4otqnVmx+pXUu +mqdphq67AgMBAAECggEATc7DHVmiCQhlRxKYQj6Yza1xhsCsjtgffgkMGageE5vu +SXBmjp7WCno5jmTx9n6yiDOOg4tUs7D5WL0WWjyedG3LaDrNPwK9kmFFGQtFOHNQ +jNIgEZ2DAHvtHzwG9HJxfefYQ3Cu7o4F0cJrsGcD2OS9oUuWBEwA9uFBxNulEj5V +E4h6KMD8TMbvTIuRiJYoPl0vIARqeD2nY+/C3gw1n2376PZuC0omeIiMJY0EegfC +5MAoFx5DGwjwnMldFeY0iN+qY6wnrZK/5tV4K2TrW34JJa/QrA6SF+Pqt+mVaMD4 +c0hOvecj3EJCSEPv4msYSNBzY/ZAbwaj0PR2jxmcbQKBgQD/P5GFp5zwUEGBcfzR +2WVtQt3u8Y1hMK6N7uXOx+4l5VPMr7wExVCE8G4jOmwrFJDo3firxroVKItk5MMA +8/ka1LdW3X6Scr5iVtXeUXstBcoi8Qt0fsGkz2COlLXY/W8+ihlJPIeqMaYUoiB1 +81nQORuUvqhj59gUYm0njyZ0hQKBgQD+qhZicqE0mdpxeV5uS+1mYscUJySJKsZM +0vIui/UuNVmE2tAXRmC6zKdR857VvVZ/FVyftWo7EGEybAfF4zWcb5LwuNq3zQXt +WYN++69GEriLRuMHIQwhlJwt+X6XVB0a+urR7HM4+jlf6HGXaA2ZINYEhAmCpf8J +pg2SxpiaPwKBgEQLb0DhKQ5LZtsaRxquSMKy47UyQc1aC/6cZDkWxV7m3ssfQhFH +hKqb6dCMX4+wgN0DZ6prZOoFD/wKnA2h/JNxh5qpm3dxDV3r5kHJGPwsofFkrvgU +Xo0QF56K+FtrXH+gkxMaBtSRPcQcYGjxQc0nnDmwBfX0NX9hqdW07Lx9AoGAN4Y8 +JTDbBw34e787oI67bxRgVXuHUsTZwYxIs29egLmvD/FpZ3m3w2K1pH+ahP2oK0Ms +E8JJLCGRH55AP5wfZ0FIZ2XWgjaYcTyQGBKmD4ArbmqBO1+wNm4hc0Cvoiz7v5Mv +uZ91K9oawld61MkiFd3767YiILMynRbwZK0aPp8CgYBOVPxXPIPPTcE+Y66ARhQb +up0YsDn8YlvGIrSzF+ujGxXLEyJBSzr8eytmASpT3C+6xRkmdLMFzJHxeutl1VaI +IK02GbFZz0NWPBc7o4uwpVkvKWayvsoojfzAV6UwETRxCYTyMx2OaejeZRx3Z68z +QtFezp67ih0dS7gBa7eh7A== +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwVDEYMBYGA1UECgwPRElS +QUMgQ29tcHV0aW5nMTgwNgYDVQQDDC9ESVJBQyBDb21wdXRpbmcgU2lnbmluZyBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xODA4MjIwOTE1MTRaFw0zNzEwMjEw +OTE1MTRaMDoxGDAWBgNVBAoMD0RpcmFjIENvbXB1dGluZzENMAsGA1UECgwEQ0VS +TjEPMA0GA1UEAwwGTXJVc2VyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEAqfZnf9wK+a+qx8kfRlIaehzD2ix+6TKZJ+w9aBlh11b5cPfmIMOmTEXe8rD5 +G6WKofOKNBiQ4vX2tEv7psYpetMwQ9R5ks67RN/YGFkzEEO7jzYFtWsS2jbsdHVf +/2wejICPhABYP1sGaQbRWtcp690fZ97cM1c7AuN/fFZ9m3mAoop5Bc6p1hqWSXyZ +ce/0J+/SjtrLeWY8yvMx4ztR+8wQG+hXEAifnT77zwxeH7pPkwj3IFpRozimTmaP +g0wpwUJXUd8LpPnF6pBeZPMybJ4b4TfoddCXSF/wT7q9UfTKptcoLayFCLp+mNJI +KkKUzm/1CBMFkhenzSP7uhjhu3Swr6SXlz1pEW7B9FFyyghLd7FMEuDIAu8ULqLA +ATFR95p5ec3GbObV4OX4G1Up9f6vDle+qhwkQ81uWxebsaVWveUo38Hsl37dqxB9 +IxNOC/nTQu58l3KnLodMOweCmDnzHFrC5V96pYrKOaFj2Ijg6TO5maQHo0hfwiAC +FNIvYDb8AxNmDzOVAAZkd/Y0nbYeaO6/eNJzRiwJGKZMnXC3UpzRmIBenDTVMCjE +O1ZjsXe0hwjS0/sRytZHN1jWztnMuYftu3BLUQJQL0cmkWvPGjXKBd9kHhuYjtZu ++SEyLni+6VXJJCyR7/2kmlkq9UimB+RLA+EemW7Ik0oDI48CAwEAAaOBqDCBpTAJ +BgNVHRMEAjAAMB0GA1UdDgQWBBRKwv3rLMXxY6XyF2JDa52CbJoTJDAfBgNVHSME +GDAWgBQEwhevOGTghr8fyQBul28bu06HHzAOBgNVHQ8BAf8EBAMCBeAwEwYDVR0l +BAwwCgYIKwYBBQUHAwIwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk +IENsaWVudCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAOe2uEU17UWOU +iDsZWLDVYC820sXcC19ijco9zNDVfCkKzPMKKPlEA56dY/Kt0cWAtiklPOiWEtKy +bsM7ayZ2FEiPdBSd9P8qHYFMlbsXcyib5QXpdHebcipu9ORzp+hlFvTA1fFErDn+ +nPW+xTCp19tdlrNywxDWXbB4KJZ/VxSVuT4lMZYn6wUOMFN/xj41evGqqQfJm+yT +feW3n2ClDCDbk3br/3KY8eCPLUllZfdJgnN24SWrS4S0tBuOZt+hTt7LISPSPIix +xXNsxLCXq7KsElIlzPPbMsdqDJ/lhDUoHPZZu9chi4t8F5JGkzcn1MOSmn5d74kx +SYD1QTgvX77t0A1E7G55NYiZJTSjoaIQiQwBNEak7Oz9QCh+5qHwR/Np4vo4+d4p +yuWxpzHHBuQrV6dDZ0mONBWx6gxpkFN42mt8EUd26faG7kebbeVoUt1VBTcp9HHH +DKQq9loodgGokarycFeJ8l+ZMM93YoPPVlsijG6Jmn+UrZNzwbi5JcE731qEurGY +U4kjpzpirauwCnOgSm7DwawNoilLFOSSh3/iZgDjMyhspGJ2FwXBlJm7wBWyS+0q +TnsekqTamuTDTAPJRhb2LPVFl0L8+frk1gkpw4KTCzGw4rKW++EUjS1i09sq2Dv6 +/fW/ybqxpROqmyLHbqEExj0/hPxPKPw= +-----END CERTIFICATE-----