Initial euclide.org release

2023-11-17 06:55:06 +01:00
commit 97379c8e8a
210 changed files with 32403 additions and 0 deletions
--- a/fixtures/test/Makefile
+++ b/fixtures/test/Makefile
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+all: client-cert.pem server-cert.pem badclient-cert.pem public-key.txt root.crl.pem ldap-cert.pem webclient-cert.pem
+
+clean:
+	rm -f *.key *.pem *.csr *.crt ca.srl public-key.txt index.txt index.txt.attr index.txt.old crlnumber crlnumber.old ../replay/commands.asc
+
+myCA.key:
+	openssl genrsa -out myCA.key 2048
+
+public-key.txt:
+	rm -f ~/.gnupg/testkeys.gpg
+	gpg --no-default-keyring --keyring testkeys.gpg --batch --generate-key gpg-key-conf 
+	gpg --no-default-keyring --keyring testkeys.gpg --armor --export joe@foo.bar | sed -e ':a' -e 'N' -e '$$!ba' -e 's/\n/\\n/g' | tr -d "\n" > public-key.txt
+	rm -f ../replay/commands.asc
+	test -f ../replay/commands && gpg --no-default-keyring --keyring testkeys.gpg --clear-sign -u joe@foo.bar ../replay/commands || echo
+	rm -f ~/.gnupg/testkeys.gpg
+
+ca.crt: myCA.key
+	OPENSSL_CONF=ca.cnf openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out ca.crt
+
+server-key.pem:
+	openssl genrsa -out server-key.pem  2048
+
+server-csr.pem: server-key.pem
+	OPENSSL_CONF=server.cnf openssl req -new -key server-key.pem -out server-csr.pem
+
+client-key.pem:
+	openssl genrsa -out client-key.pem  2048
+
+badclient-csr.pem: client-key.pem
+	OPENSSL_CONF=badclient.cnf openssl req -new -key client-key.pem -out badclient-csr.pem
+
+client-csr.pem: client-key.pem
+	OPENSSL_CONF=client.cnf openssl req -new -key client-key.pem -out client-csr.pem
+
+server-cert.pem: server-csr.pem ca.crt
+	openssl x509 -req -in server-csr.pem  -CA ca.crt -CAkey myCA.key \
+	  -CAcreateserial -out server-cert.pem  -days 1825 -sha256
+
+client-cert.pem: client-csr.pem ca.crt
+	openssl x509 -req -in client-csr.pem  -CA ca.crt -CAkey myCA.key \
+	  -CAcreateserial -out client-cert.pem  -days 1825 -sha256
+
+badclient-cert.pem: badclient-csr.pem ca.crt
+	openssl x509 -req -in badclient-csr.pem  -CA ca.crt -CAkey myCA.key \
+	  -CAcreateserial -out badclient-cert.pem  -days 1825 -sha256
+
+webclient-key.pem:
+	openssl genrsa -out webclient-key.pem  2048
+
+webclient-csr.pem: webclient-key.pem
+	OPENSSL_CONF=webclient.cnf openssl req -new -key webclient-key.pem -out webclient-csr.pem
+
+webclient-cert.pem: webclient-csr.pem
+	openssl x509 -req -in webclient-csr.pem  -CA ca.crt -CAkey myCA.key \
+	  -CAcreateserial -out webclient-cert.pem  -days 1825 -sha256
+
+ldap-key.pem:
+	openssl genrsa -out ldap-key.pem  2048
+
+ldap-csr.pem: ldap-key.pem
+	OPENSSL_CONF=ldap.cnf openssl req -new -key ldap-key.pem -out ldap-csr.pem
+
+ldap-cert.pem: ldap-csr.pem
+	openssl x509 -req -in ldap-csr.pem  -CA ca.crt -CAkey myCA.key \
+			-CAcreateserial -out ldap-cert.pem  -days 1825 -sha256
+
+index.txt: badclient-cert.pem
+	touch index.txt
+	echo 01 > crlnumber
+	openssl ca -cert ca.crt -keyfile myCA.key -config ca.cnf  -revoke  badclient-cert.pem
+
+root.crl.pem: index.txt
+	openssl ca -config ca.cnf -gencrl -keyfile myCA.key  -cert ca.crt -out root.crl.pem
+	cat ca.crt >> root.crl.pem
+
+
--- a/fixtures/test/badclient.cnf
+++ b/fixtures/test/badclient.cnf
@@ -0,0 +1,22 @@
+# http://spin.atomicobject.com/2014/05/12/openssl-commands/
+[ req ]
+prompt = no
+default_bits = 2048
+encrypt_key = no
+distinguished_name = req_distinguished_name
+
+string_mask = utf8only
+
+#req_extensions = v3_req
+
+[ req_distinguished_name ]
+C=FR
+ST=Ile de France
+L=Paris
+O=Dailymoton Fake PKI
+CN=invalidserver
+
+#[ v3_req ]
+
+#basicConstraints = CA:FALSE
+#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
--- a/fixtures/test/ca.cnf
+++ b/fixtures/test/ca.cnf
@@ -0,0 +1,40 @@
+# http://spin.atomicobject.com/2014/05/12/openssl-commands/
+[ req ]
+prompt = no
+default_bits = 2048
+encrypt_key = no
+distinguished_name = req_distinguished_name
+
+[ca]
+default_ca = CA_default
+
+[ CA_default ]
+# Directory and file locations.
+dir               = "."
+certs             = $dir
+crl_dir           = $dir
+new_certs_dir     = $dir
+database          = $dir/index.txt
+serial            = $dir/serial
+RANDFILE          = $dir/.rand
+string_mask = utf8only
+default_md        = sha256
+
+# For certificate revocation lists.
+crlnumber         = $dir/crlnumber
+crl               = $dir/ca.crl.pem
+default_crl_days  = 30
+
+#req_extensions = v3_req
+
+[ req_distinguished_name ]
+C=FR
+ST=Ile de France
+L=Paris
+O=Dailymotion Fake PKI
+CN=Dailymotion Fake CA
+
+#[ v3_req ]
+
+#basicConstraints = CA:FALSE
+#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
--- a/fixtures/test/client.cnf
+++ b/fixtures/test/client.cnf
@@ -0,0 +1,22 @@
+# http://spin.atomicobject.com/2014/05/12/openssl-commands/
+[ req ]
+prompt = no
+default_bits = 2048
+encrypt_key = no
+distinguished_name = req_distinguished_name
+
+string_mask = utf8only
+
+#req_extensions = v3_req
+
+[ req_distinguished_name ]
+C=FR
+ST=Ile de France
+L=Paris
+O=Dailymoton Fake PKI
+CN=validserver
+
+#[ v3_req ]
+
+#basicConstraints = CA:FALSE
+#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
--- a/fixtures/test/gpg-key-conf
+++ b/fixtures/test/gpg-key-conf
@@ -0,0 +1,13 @@
+     %echo Generating a basic OpenPGP key
+     %no-protection
+     Key-Type: DSA
+     Key-Length: 1024
+     Subkey-Type: ELG-E
+     Subkey-Length: 1024
+     Name-Real: Joe Tester
+     Name-Comment: with stupid passphrase
+     Name-Email: joe@foo.bar
+     Expire-Date: 0
+     # Do a commit here, so that we can later print "done" :-)
+     %commit
+     %echo done
--- a/fixtures/test/ldap.cnf
+++ b/fixtures/test/ldap.cnf
@@ -0,0 +1,28 @@
+# http://spin.atomicobject.com/2014/05/12/openssl-commands/
+[ req ]
+prompt = no
+default_bits = 2048
+encrypt_key = no
+distinguished_name = req_distinguished_name
+
+string_mask = utf8only
+
+#req_extensions = v3_req
+
+[ req_distinguished_name ]
+C=FR
+ST=Ile de France
+L=Paris
+O=Example Fake PKI
+CN=ldap.example.org
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = localhost
+DNS.2 = ldap
+#[ v3_req ]
+
+#basicConstraints = CA:FALSE
+#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
--- a/fixtures/test/server.cnf
+++ b/fixtures/test/server.cnf
@@ -0,0 +1,28 @@
+# http://spin.atomicobject.com/2014/05/12/openssl-commands/
+[ req ]
+prompt = no
+default_bits = 2048
+encrypt_key = no
+distinguished_name = req_distinguished_name
+
+string_mask = utf8only
+
+req_extensions = v3_req
+subjectAltName = @alt_names
+
+[ req_distinguished_name ]
+C=FR
+ST=Ile de France
+L=Paris
+O=Dailymoton Fake PKI
+CN=localhost
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ alt_names ]
+DNS.1 = ldap
+DNS.2 = localhost
+
+
--- a/fixtures/test/webclient.cnf
+++ b/fixtures/test/webclient.cnf
@@ -0,0 +1,25 @@
+# http://spin.atomicobject.com/2014/05/12/openssl-commands/
+[ req ]
+prompt = no
+default_bits = 2048
+encrypt_key = no
+distinguished_name = req_distinguished_name
+
+string_mask = utf8only
+
+#req_extensions = v3_req
+
+[ req_distinguished_name ]
+C=FR
+ST=Ile de France
+L=Paris
+O=Example Fake PKI
+CN=xavier@example.org
+OU=Engineering
+emailAddress=security@example.org
+
+#[ v3_req ]
+
+#basicConstraints = CA:FALSE
+#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+#Subject: CN = xaver@example.org, C = FR, ST = Ile de France, L = Paris, O = Example, OU = Engineering, emailAddress = security@example.org