Initial euclide.org release

fixtures/docker-compose.yml

@@ -0,0 +1,72 @@
+version: '2'
+
+services:
+
+  openldap:
+    image: osixia/openldap:1.2.5
+    container_name: openldap
+    environment:
+      LDAP_LOG_LEVEL: "256"
+      # LDAP_ORGANISATION: "example.org."
+      LDAP_DOMAIN: "example.org"
+      LDAP_BASE_DN: "dc=example,dc=org"
+      LDAP_ADMIN_PASSWORD: "admin"
+      LDAP_READONLY_USER: "false"
+      # LDAP_READONLY_USER_USERNAME: "ldap-ro"
+      # LDAP_READONLY_USER_PASSWORD: "prout"
+      LDAP_TLS: "true"
+      LDAP_TLS_CRT_FILENAME: "ldap-cert.pem"
+      LDAP_TLS_KEY_FILENAME: "ldap-key.pem"
+      LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
+      LDAP_TLS_VERIFY_CLIENT: "never"
+    tty: true
+    stdin_open: true
+    command: [ "--copy-service","--loglevel","debug" ]
+    ports:
+      - "389:389"
+      - "636:636"
+    volumes:
+      - ./openldap/test.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif
+      - ./test:/container/service/slapd/certs
+    hostname: ldap.example.org
+
+  pdns:
+    image: synyx/pdns:latest
+    container_name: pdns
+    environment:
+      PDNS_DEBUG_ENV: "true"
+      PDNS_LAUNCH: "gmysql"
+      PDNS_GMYSQL_HOST: "pdns-mysql"
+      PDNS_GMYSQL_DBNAME: "pdns"
+      PDNS_GMYSQL_USER: "pdns"
+      PDNS_GMYSQL_PASSWORD: "pdns"
+      PDNS_LOG_DNS_QUERIES: "yes"
+      PDNS_LOGLEVEL: 5
+      PDNS_API: "yes"
+      PDNS_API_KEY: "123password"
+      PDNS_API_LOFGILE: "/var/log/pdns-api.log"
+      PDNS_WEBSERVER: "yes"
+      PDNS_WEBSERVER_ADDRESS: "0.0.0.0"
+      PDNS_WEBSERVER_ALLOW_FROM: "0.0.0.0/0;::/0"
+    ports:
+      - "53:53"
+      - "53:53/udp"
+      - "8081:8081"
+      - "9120:9120"
+    hostname: pdns
+    links:
+      - pdns-mysql
+
+  pdns-mysql:
+    image: mariadb:10.3.10
+    container_name: pdns-mysql
+    environment:
+      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
+      MYSQL_DATABASE: "pdns"
+      MYSQL_USER: "pdns"
+      MYSQL_PASSWORD: "pdns"
+    ports:
+      - "3306:3306"
+    volumes:
+      - ./pdns/pdns.dump:/docker-entrypoint-initdb.d/pdns.sql
+    hostname: pdns-mysql

fixtures/openldap/default.startup.yaml

@@ -0,0 +1,58 @@
+# This is the default image startup configuration file
+# this file define environment variables used during the container **first start** in **startup files**.
+
+# General container configuration
+# see table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
+LDAP_LOG_LEVEL: 256
+
+# Ulimit
+LDAP_NOFILE: 1024
+
+# Do not perform any chown to fix file ownership
+DISABLE_CHOWN: false
+
+# Required and used for new ldap server only
+LDAP_ORGANISATION: Example Inc.
+LDAP_DOMAIN: example.org
+LDAP_BASE_DN: #if empty automatically set from LDAP_DOMAIN
+
+LDAP_ADMIN_PASSWORD: admin
+LDAP_CONFIG_PASSWORD: config
+
+LDAP_READONLY_USER: false
+LDAP_READONLY_USER_USERNAME: readonly
+LDAP_READONLY_USER_PASSWORD: readonly
+
+LDAP_RFC2307BIS_SCHEMA: false
+
+# Backend
+LDAP_BACKEND: mdb
+
+# Tls
+LDAP_TLS: true
+LDAP_TLS_CRT_FILENAME: ldap.crt
+LDAP_TLS_KEY_FILENAME: ldap.key
+LDAP_TLS_DH_PARAM_FILENAME: dhparam.pem
+LDAP_TLS_CA_CRT_FILENAME: ca.crt
+
+LDAP_TLS_ENFORCE: false
+LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
+LDAP_TLS_VERIFY_CLIENT: demand
+
+# Replication
+LDAP_REPLICATION: false
+
+
+# Do not change the ldap config
+# - If set to true with an existing database, config will remain unchanged. Image tls and replication config will not be run.
+#   The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data.
+# - If set to true when bootstrapping a new database, bootstap ldif and schema will not be added and tls and replication config will not be run.
+KEEP_EXISTING_CONFIG: false
+
+# Remove config after setup
+LDAP_REMOVE_CONFIG_AFTER_SETUP: true
+
+# ssl-helper environment variables prefix
+LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
+
+SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED: slapd

fixtures/openldap/test.ldif

@@ -0,0 +1,109 @@
+# LDIF Export for ou=users,dc=example,dc=org
+
+version: 1
+
+dn: dc=example,dc=org
+o: example
+objectClass: dcObject
+objectClass: organization
+description: Example Directory
+
+# Entry 1: ou=users,dc=example,dc=org
+dn: ou=users,dc=example,dc=org
+changetype: add
+description: Utilisateurs
+objectclass: organizationalUnit
+ou: users
+
+# Entry 2: uid=jdoe,ou=users,dc=example,dc=org
+dn: uid=jdoe,ou=users,dc=example,dc=org
+changetype: add
+cn: Jane Doe
+description: jdoe
+description: infra
+gidnumber: 0
+homedirectory: /root
+sshPublicKey: ""
+loginshell: /bin/bash
+mail: karin.aitsiamer@example.org
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: ldapPublicKey
+objectclass: person
+objectclass: top
+sn: Jane Doe
+uid: jdoe
+uidnumber: 0
+
+# Entry 3: uid=jdo,ou=users,dc=example,dc=org
+dn: uid=jdo,ou=users,dc=example,dc=org
+changetype: add
+cn: John DO
+sshPublicKey: ""
+description: jdo
+description: dev
+description: api-01.dev
+description: api-02.dev
+description: bbxlogs
+description: graphdb
+description: inspect-02
+description: ejobs
+description: eseblook
+description: esebworker
+description: esebed
+description: esebed.dev
+description: ebworker.dev
+description: eseblook.dev
+description: searchprov
+description: syslog-01
+description: cronjobs
+description: staging
+description: pebprov
+description: bodyguard
+description: webed
+description: pebed
+description: mebed
+description: ebworker
+description: prov
+description: web-01.dev
+description: web-02.dev
+description: releaseslave
+description: release
+description: inspectslave
+description: statyle
+description: inspect
+description: orscale-03
+description: dock-001
+description: npmrepo
+gidnumber: 0
+homedirectory: /home/jdo
+loginshell: /bin/bash
+mail: klemen.sever@example.org
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: ldapPublicKey
+objectclass: person
+objectclass: top
+sn: John Do
+uid: jdo
+uidnumber: 0
+
+# Entry 4: uid=xavier,ou=users,dc=example,dc=org
+dn: uid=xavier,ou=users,dc=example,dc=org
+changetype: add
+cn: Xavier Henner
+sshPublicKey: ""
+description: infra
+employeenumber: 1005
+gidnumber: 0
+homedirectory: /root
+loginshell: /bin/bash
+mail: xavier.henner@example.org
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: ldapPublicKey
+objectclass: person
+objectclass: top
+sn: Xavier Henner
+uid: xavier
+uidnumber: 0

fixtures/pdns/dummy_zone.json

@@ -0,0 +1,33 @@
+{
+    "comments": [
+        {
+            "account": "kr1",
+            "content": "My first API-created zone",
+            "name": "uhuh",
+            "type": "dunno"
+        }
+    ],
+    "kind": "Native",
+    "masters": [],
+    "name": "example2.net.",
+    "nameservers": [
+        "ns1.example.net.",
+        "ns2.example.net."
+    ],
+    "records": [
+        {
+            "content": "ns.example.net. hostmaster.example.com. 1 1800 900 604800 86400",
+            "disabled": false,
+            "name": "example.net",
+            "ttl": 86400,
+            "type": "SOA"
+        },
+        {
+            "content": "192.168.1.42",
+            "disabled": false,
+            "name": "www.example.net",
+            "ttl": 3600,
+            "type": "A"
+        }
+    ]
+}

fixtures/pdns/pdns.conf

@@ -0,0 +1,20 @@
+log-dns-queries=yes
+loglevel=5
+allow-recursion=127.0.0.1
+default-ttl=60
+disable-axfr=no
+api=yes
+api-key=123password
+api-logfile=/var/log/pdns-api.log
+webserver=yes
+webserver-address=0.0.0.0
+webserver-allow-from=0.0.0.0/0;::/0
+guardian=yes
+launch=
+local-address=0.0.0.0
+local-ipv6=::
+master=yes
+soa-expire-default=1209600
+soa-minimum-ttl=60
+soa-refresh-default=60
+soa-retry-default=60

fixtures/pdns/pdns.sql

@@ -0,0 +1,105 @@
+DROP TABLE IF EXISTS records;
+CREATE TABLE records (
+  id                    BIGINT AUTO_INCREMENT,
+  domain_id             INT DEFAULT NULL,
+  name                  VARCHAR(255) DEFAULT NULL,
+  type                  VARCHAR(10) DEFAULT NULL,
+  content               VARCHAR(64000) DEFAULT NULL,
+  ttl                   INT DEFAULT NULL,
+  prio                  INT DEFAULT NULL,
+  change_date           INT DEFAULT NULL,
+  disabled              TINYINT(1) DEFAULT 0,
+  ordername             VARCHAR(255) BINARY DEFAULT NULL,
+  auth                  TINYINT(1) DEFAULT 1,
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE INDEX nametype_index ON records(name,type);
+CREATE INDEX domain_id ON records(domain_id);
+CREATE INDEX ordername ON records (ordername);
+
+
+DROP TABLE IF EXISTS supermasters;
+CREATE TABLE supermasters (
+  ip                    VARCHAR(64) NOT NULL,
+  nameserver            VARCHAR(255) NOT NULL,
+  account               VARCHAR(40) CHARACTER SET 'utf8' NOT NULL,
+  PRIMARY KEY (ip, nameserver)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+
+DROP TABLE IF EXISTS comments;
+CREATE TABLE comments (
+  id                    INT AUTO_INCREMENT,
+  domain_id             INT NOT NULL,
+  name                  VARCHAR(255) NOT NULL,
+  type                  VARCHAR(10) NOT NULL,
+  modified_at           INT NOT NULL,
+  account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
+  comment               TEXT CHARACTER SET 'utf8' NOT NULL,
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE INDEX comments_name_type_idx ON comments (name, type);
+CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
+
+
+DROP TABLE IF EXISTS domainmetadata;
+CREATE TABLE domainmetadata (
+  id                    INT AUTO_INCREMENT,
+  domain_id             INT NOT NULL,
+  kind                  VARCHAR(32),
+  content               TEXT,
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
+
+
+DROP TABLE IF EXISTS cryptokeys;
+CREATE TABLE cryptokeys (
+  id                    INT AUTO_INCREMENT,
+  domain_id             INT NOT NULL,
+  flags                 INT NOT NULL,
+  active                BOOL,
+  content               TEXT,
+  PRIMARY KEY(id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE INDEX domainidindex ON cryptokeys(domain_id);
+
+
+DROP TABLE IF EXISTS tsigkeys;
+CREATE TABLE tsigkeys (
+  id                    INT AUTO_INCREMENT,
+  name                  VARCHAR(255),
+  algorithm             VARCHAR(50),
+  secret                VARCHAR(255),
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+DROP TABLE IF EXISTS domains;
+CREATE TABLE domains (
+  id                    INT AUTO_INCREMENT,
+  name                  VARCHAR(255) NOT NULL,
+  master                VARCHAR(128) DEFAULT NULL,
+  last_check            INT DEFAULT NULL,
+  type                  VARCHAR(6) NOT NULL,
+  notified_serial       INT DEFAULT NULL,
+  account               VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
+  PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE UNIQUE INDEX name_index ON domains(name);
+
+
+
+
+CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);
+
+ALTER TABLE records ADD CONSTRAINT `records_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;
+ALTER TABLE comments ADD CONSTRAINT `comments_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;
+ALTER TABLE domainmetadata ADD CONSTRAINT `domainmetadata_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;
+ALTER TABLE cryptokeys ADD CONSTRAINT `cryptokeys_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;
+
+

fixtures/replay/commands

@@ -0,0 +1,56 @@
+[
+ { "id": 0,  "method": "list",    "params": { "ignore-error": true }},
+ { "id": 1,  "method": "newzone", "params": { "name": "example.com" }},
+ { "id": 2,  "method": "newzone", "params": { "name": "2.0.192.in-addr.arpa" }},
+ { "id": 3,  "method": "a",       "params": { "name": "mail.example.com", "value": "192.0.2.12" }},
+ { "id": 4,  "method": "a",       "params": { "name": "localhost.example.com", "value": "127.0.0.1" }},
+ { "id": 5,  "method": "a",       "params": { "name": "www.example.com", "value": "192.0.2.10" }},
+ { "id": 6,  "method": "a",       "params": { "name": "a.example.com", "value": "192.0.2.53" }},
+ { "id": 7,  "method": "a",       "params": { "name": "b.example.com", "value": "192.0.2.54" }},
+ { "id": 8,  "method": "list" },
+ { "id": 9,  "method": "a",       "params": { "name": "toto.example.com", "value": "1.1.1.1" }},
+ { "id": 10, "method": "list" },
+ { "id": 11, "method": "dump",    "params": { "name": "example.com" }},
+ { "id": 12, "method": "a",       "params": { "name": "toto.example.com", "value": "1.1.1.1" }},
+ { "id": 13, "method": "a",       "params": { "append": true, "name": "toto.example.com", "value": "192.0.2.30" }},
+ { "id": 14, "method": "dump",    "params": { "name": "2.0.192.in-addr.arpa" }},
+ { "id": 15, "method": "a",       "params": { "name": "toto.example.com", "value": "1.1.1.1" }},
+ { "id": 16, "method": "dump",    "params": { "name": "2.0.192.in-addr.arpa" }},
+ { "id": 17, "method": "dump",    "params": { "name": "example.com" }},
+ { "id": 18, "method": "caa",     "params": { "name": "example.com", "value": "0 issue Digicert.com" }},
+ { "id": 19, "method": "txt",     "params": { "name": "toto.example.com", "value": "text and spaces" }},
+ { "id": 20, "method": "a",       "params": { "name": "toto2.example.com", "value": "1.1.1.1" }},
+ { "id": 21, "method": "ptr",     "params": { "ignore-error": true, "name": "10.2.0.192.in-addr.arpa", "value": "www.example.com" }},
+ { "id": 22, "method": "ptr",     "params": { "ignore-error": true, "name": "11.2.0.192.in-addr.arpa", "value": "mail.example.com" }},
+ { "id": 23, "method": "ptr",     "params": { "name": "12.2.0.192.in-addr.arpa", "value": "mail.example.com" }},
+ { "id": 24, "method": "ttl",     "params": { "comment": "test", "name": "toto2.example.com", "ttl": 300 }},
+ { "id": 25, "method": "ttl",     "params": { "ignore-error": true, "name": "toto2.example.com", "ttl": 300 }},
+ { "id": 26, "method": "ttl",     "params": { "ignore-error": true, "name": "toto3.example.com", "ttl": 300 }},
+ { "id": 27, "method": "dump",    "params": { "name": "example.com" }},
+ { "id": 28, "method": "cname",   "params": { "name": "titi.example.com", "value": "toto.example.com" }},
+ { "id": 29, "method": "mx",      "params": { "ignore-error": true, "name": "example.com", "value": "titi.example.com" }},
+ { "id": 30, "method": "mx",      "params": { "ignore-error": true, "name": "example.com", "value": "20 titi.example.com" }},
+ { "id": 31, "method": "mx",      "params": { "append": true, "name": "example.com", "value": "20 www.example.com" }},
+ { "id": 32, "method": "delete",  "params": { "ignore-error": true, "name": "toto.example.com" }},
+ { "id": 33, "method": "delete",  "params": { "name": "toto.example.com", "value": "1.1.1.1" }},
+ { "id": 34, "method": "delete",  "params": { "name": "toto.example.com", "value": "text and spaces" }},
+ { "id": 35, "method": "delete",  "params": { "name": "titi.example.com" }},
+ { "id": 36, "method": "delete",  "params": { "name": "toto2.example.com" }},
+ { "id": 37, "method": "a",       "params": { "name": "device.toto.example.com", "value":"1.1.1.1" }},
+ { "id": 38, "method": "newzone", "params": { "name": "toto.example.com" }},
+ { "id": 39, "method": "cname",   "params": { "name": "bidule.titi.example.com", "value": "www.example.com" }},
+ { "id": 40, "method": "ns",      "params": { "ignore-error": true, "name": "titi.example.com", "value": "truc.example.com" }},
+ { "id": 41, "method": "ns",      "params": { "ignore-error": true, "name": "titi.example.com", "value": "bidule.example.com" }},
+ { "id": 42, "method": "ns",      "params": { "ignore-error": true, "name": "titi.example.com", "value": "truc.titi.example.com" }},
+ { "id": 43, "method": "ns",      "params": { "ignore-error": true, "name": "titi.example.com", "value": "truc.example.com" }},
+ { "id": 44, "method": "aaaa",    "params": { "name": "truc.titi.example.com", "value": "2001:7a8::1" }},
+ { "id": 45, "method": "delete",  "params": { "name": "bidule.titi.example.com", "value": "www.exa2mple.com" }},
+ { "id": 46, "method": "delete",  "params": { "name": "bidule.titi.example.com", "value": "www.example.com" }},
+ { "id": 47, "method": "ns",      "params": { "name": "titi.example.com", "value": "truc.titi.example.com" }},
+ { "id": 48, "method": "ns",      "params": { "append": true, "name": "titi.example.com", "value": "a.exemple.com" }},
+ { "id": 49, "method": "search", "params": { "name": "*" }},
+ { "id": 50, "method": "domain", "params": { "name": "www.example.com" }},
+ { "id": 51, "method": "cname",  "params": { "name": "www5.example.com", "value": "indirect.titi.example.com" }},
+ { "id": 52, "method": "domain", "params": { "ignore-error": true, "name": "www.exr*ple.com" }},
+ { "id": 53, "method": "dump",   "params": { "ignore-error": true, "name": "badexample.com" }}
+]

fixtures/test/Makefile

@@ -0,0 +1,78 @@
+#!/bin/sh
+
+all: client-cert.pem server-cert.pem badclient-cert.pem public-key.txt root.crl.pem ldap-cert.pem webclient-cert.pem
+
+clean:
+	rm -f *.key *.pem *.csr *.crt ca.srl public-key.txt index.txt index.txt.attr index.txt.old crlnumber crlnumber.old ../replay/commands.asc
+
+myCA.key:
+	openssl genrsa -out myCA.key 2048
+
+public-key.txt:
+	rm -f ~/.gnupg/testkeys.gpg
+	gpg --no-default-keyring --keyring testkeys.gpg --batch --generate-key gpg-key-conf 
+	gpg --no-default-keyring --keyring testkeys.gpg --armor --export joe@foo.bar | sed -e ':a' -e 'N' -e '$$!ba' -e 's/\n/\\n/g' | tr -d "\n" > public-key.txt
+	rm -f ../replay/commands.asc
+	test -f ../replay/commands && gpg --no-default-keyring --keyring testkeys.gpg --clear-sign -u joe@foo.bar ../replay/commands || echo
+	rm -f ~/.gnupg/testkeys.gpg
+
+ca.crt: myCA.key
+	OPENSSL_CONF=ca.cnf openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out ca.crt
+
+server-key.pem:
+	openssl genrsa -out server-key.pem  2048
+
+server-csr.pem: server-key.pem
+	OPENSSL_CONF=server.cnf openssl req -new -key server-key.pem -out server-csr.pem
+
+client-key.pem:
+	openssl genrsa -out client-key.pem  2048
+
+badclient-csr.pem: client-key.pem
+	OPENSSL_CONF=badclient.cnf openssl req -new -key client-key.pem -out badclient-csr.pem
+
+client-csr.pem: client-key.pem
+	OPENSSL_CONF=client.cnf openssl req -new -key client-key.pem -out client-csr.pem
+
+server-cert.pem: server-csr.pem ca.crt
+	openssl x509 -req -in server-csr.pem  -CA ca.crt -CAkey myCA.key \
+	  -CAcreateserial -out server-cert.pem  -days 1825 -sha256
+
+client-cert.pem: client-csr.pem ca.crt
+	openssl x509 -req -in client-csr.pem  -CA ca.crt -CAkey myCA.key \
+	  -CAcreateserial -out client-cert.pem  -days 1825 -sha256
+
+badclient-cert.pem: badclient-csr.pem ca.crt
+	openssl x509 -req -in badclient-csr.pem  -CA ca.crt -CAkey myCA.key \
+	  -CAcreateserial -out badclient-cert.pem  -days 1825 -sha256
+
+webclient-key.pem:
+	openssl genrsa -out webclient-key.pem  2048
+
+webclient-csr.pem: webclient-key.pem
+	OPENSSL_CONF=webclient.cnf openssl req -new -key webclient-key.pem -out webclient-csr.pem
+
+webclient-cert.pem: webclient-csr.pem
+	openssl x509 -req -in webclient-csr.pem  -CA ca.crt -CAkey myCA.key \
+	  -CAcreateserial -out webclient-cert.pem  -days 1825 -sha256
+
+ldap-key.pem:
+	openssl genrsa -out ldap-key.pem  2048
+
+ldap-csr.pem: ldap-key.pem
+	OPENSSL_CONF=ldap.cnf openssl req -new -key ldap-key.pem -out ldap-csr.pem
+
+ldap-cert.pem: ldap-csr.pem
+	openssl x509 -req -in ldap-csr.pem  -CA ca.crt -CAkey myCA.key \
+			-CAcreateserial -out ldap-cert.pem  -days 1825 -sha256
+
+index.txt: badclient-cert.pem
+	touch index.txt
+	echo 01 > crlnumber
+	openssl ca -cert ca.crt -keyfile myCA.key -config ca.cnf  -revoke  badclient-cert.pem
+
+root.crl.pem: index.txt
+	openssl ca -config ca.cnf -gencrl -keyfile myCA.key  -cert ca.crt -out root.crl.pem
+	cat ca.crt >> root.crl.pem
+
+

fixtures/test/badclient.cnf

@@ -0,0 +1,22 @@
+# http://spin.atomicobject.com/2014/05/12/openssl-commands/
+[ req ]
+prompt = no
+default_bits = 2048
+encrypt_key = no
+distinguished_name = req_distinguished_name
+
+string_mask = utf8only
+
+#req_extensions = v3_req
+
+[ req_distinguished_name ]
+C=FR
+ST=Ile de France
+L=Paris
+O=Dailymoton Fake PKI
+CN=invalidserver
+
+#[ v3_req ]
+
+#basicConstraints = CA:FALSE
+#keyUsage = nonRepudiation, digitalSignature, keyEncipherment

fixtures/test/ca.cnf

@@ -0,0 +1,40 @@
+# http://spin.atomicobject.com/2014/05/12/openssl-commands/
+[ req ]
+prompt = no
+default_bits = 2048
+encrypt_key = no
+distinguished_name = req_distinguished_name
+
+[ca]
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir               = "."
+certs             = $dir
+crl_dir           = $dir
+new_certs_dir     = $dir
+database          = $dir/index.txt
+serial            = $dir/serial
+RANDFILE          = $dir/.rand
+string_mask = utf8only
+default_md        = sha256
+
+# For certificate revocation lists.
+crlnumber         = $dir/crlnumber
+crl               = $dir/ca.crl.pem
+default_crl_days  = 30
+
+#req_extensions = v3_req
+
+[ req_distinguished_name ]
+C=FR
+ST=Ile de France
+L=Paris
+O=Dailymotion Fake PKI
+CN=Dailymotion Fake CA
+
+#[ v3_req ]
+
+#basicConstraints = CA:FALSE
+#keyUsage = nonRepudiation, digitalSignature, keyEncipherment

fixtures/test/client.cnf

@@ -0,0 +1,22 @@
+# http://spin.atomicobject.com/2014/05/12/openssl-commands/
+[ req ]
+prompt = no
+default_bits = 2048
+encrypt_key = no
+distinguished_name = req_distinguished_name
+
+string_mask = utf8only
+
+#req_extensions = v3_req
+
+[ req_distinguished_name ]
+C=FR
+ST=Ile de France
+L=Paris
+O=Dailymoton Fake PKI
+CN=validserver
+
+#[ v3_req ]
+
+#basicConstraints = CA:FALSE
+#keyUsage = nonRepudiation, digitalSignature, keyEncipherment

fixtures/test/gpg-key-conf

@@ -0,0 +1,13 @@
+     %echo Generating a basic OpenPGP key
+     %no-protection
+     Key-Type: DSA
+     Key-Length: 1024
+     Subkey-Type: ELG-E
+     Subkey-Length: 1024
+     Name-Real: Joe Tester
+     Name-Comment: with stupid passphrase
+     Name-Email: joe@foo.bar
+     Expire-Date: 0
+     # Do a commit here, so that we can later print "done" :-)
+     %commit
+     %echo done

fixtures/test/ldap.cnf

@@ -0,0 +1,28 @@
+# http://spin.atomicobject.com/2014/05/12/openssl-commands/
+[ req ]
+prompt = no
+default_bits = 2048
+encrypt_key = no
+distinguished_name = req_distinguished_name
+
+string_mask = utf8only
+
+#req_extensions = v3_req
+
+[ req_distinguished_name ]
+C=FR
+ST=Ile de France
+L=Paris
+O=Example Fake PKI
+CN=ldap.example.org
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = localhost
+DNS.2 = ldap
+#[ v3_req ]
+
+#basicConstraints = CA:FALSE
+#keyUsage = nonRepudiation, digitalSignature, keyEncipherment

fixtures/test/server.cnf

@@ -0,0 +1,28 @@
+# http://spin.atomicobject.com/2014/05/12/openssl-commands/
+[ req ]
+prompt = no
+default_bits = 2048
+encrypt_key = no
+distinguished_name = req_distinguished_name
+
+string_mask = utf8only
+
+req_extensions = v3_req
+subjectAltName = @alt_names
+
+[ req_distinguished_name ]
+C=FR
+ST=Ile de France
+L=Paris
+O=Dailymoton Fake PKI
+CN=localhost
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ alt_names ]
+DNS.1 = ldap
+DNS.2 = localhost
+
+

fixtures/test/webclient.cnf

@@ -0,0 +1,25 @@
+# http://spin.atomicobject.com/2014/05/12/openssl-commands/
+[ req ]
+prompt = no
+default_bits = 2048
+encrypt_key = no
+distinguished_name = req_distinguished_name
+
+string_mask = utf8only
+
+#req_extensions = v3_req
+
+[ req_distinguished_name ]
+C=FR
+ST=Ile de France
+L=Paris
+O=Example Fake PKI
+CN=xavier@example.org
+OU=Engineering
+emailAddress=security@example.org
+
+#[ v3_req ]
+
+#basicConstraints = CA:FALSE
+#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#Subject: CN = xaver@example.org, C = FR, ST = Ile de France, L = Paris, O = Example, OU = Engineering, emailAddress = security@example.org