Generate csr files to test v3 extensions

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

6 files changed, 66 insertions, 0 deletions

diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 388b0ce..a87e0cc 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -93,6 +93,15 @@ cert_example_multi.csr: rsa_pkcs1_1024_clear.pem
 cert_example_multi.crt: cert_example_multi.csr
 	$(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -extensions dns_alt_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@
 
+test_csr_v3_keyUsage.csr: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -out $@ -reqexts csr_ext_v3_keyUsage
+test_csr_v3_subjectAltName.csr: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -out $@ -reqexts csr_ext_v3_subjectAltName
+test_csr_v3_nsCertType.csr: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -out $@ -reqexts csr_ext_v3_nsCertType
+test_csr_v3_all.csr: rsa_pkcs1_1024_clear.pem
+	$(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -out $@ -reqexts csr_ext_v3_all
+
 $(test_ca_key_file_rsa_alt):test-ca.opensslconf
 	$(OPENSSL) genrsa -out $@ 2048
 test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file)
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index b2c2fa1..bd12760 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -82,3 +82,17 @@ fullname=URI:http://pki.example.com/
 # these IPs are the ascii values for 'abcd' and 'abcd.example.com'
 [tricky_ip_san]
 subjectAltName=IP:97.98.99.100,IP:6162:6364:2e65:7861:6d70:6c65:2e63:6f6d
+
+[csr_ext_v3_keyUsage]
+keyUsage = digitalSignature, keyEncipherment
+
+[csr_ext_v3_subjectAltName]
+subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org
+
+[csr_ext_v3_nsCertType]
+nsCertType=server
+
+[csr_ext_v3_all]
+keyUsage = cRLSign
+subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
+nsCertType=client
diff --git a/tests/data_files/test_csr_v3_all.csr b/tests/data_files/test_csr_v3_all.csr
new file mode 100644
index 0000000..fecca32
--- /dev/null
+++ b/tests/data_files/test_csr_v3_all.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBsTCCARoCAQAwDzENMAsGA1UEAwwEZXRjZDCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAxziSxcP0cBAIa/gTNezzARyKJQ+VgjYeqh6WElUarPh7dTMLcFcz
+nNmV8U1MRDfIvsSgP+RkPNPzyQJDPcN8W455qgmEroITNwq/hWm9KjVibLH+5Kzg
+QrJBfHvknScUmywHa45DPT9sdjpGmhxwDSWdvAjHQPzYAjdi/33r/C0CAwEAAaBi
+MGAGCSqGSIb3DQEJDjFTMFEwCwYDVR0PBAQDAgECMC8GA1UdEQQoMCagJAYIKwYB
+BQUHCASgGDAWBgcrBgEEAREDBAsxMjOAgQCBgDMyMTARBglghkgBhvhCAQEEBAMC
+B4AwDQYJKoZIhvcNAQELBQADgYEAk9a+49SVlwdJJKBhvfDQ0I6pqB+Uglsg7jvo
+AIgIQwY5wRy4Y2wT4CPu3zGyRxQlgqPH/JL3ZmiL9NoYXMrMbJ4Sy82y2iyW31Qq
+8taoZ6jJfmusmURU7uQPOK1g/Io2ryumuGRlsIK1aa/aqeYG1xs34+F0UX3pGxf+
+nIeQXuM=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/test_csr_v3_keyUsage.csr b/tests/data_files/test_csr_v3_keyUsage.csr
new file mode 100644
index 0000000..c22b392
--- /dev/null
+++ b/tests/data_files/test_csr_v3_keyUsage.csr
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBbDCB1gIBADAPMQ0wCwYDVQQDDARldGNkMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDHOJLFw/RwEAhr+BM17PMBHIolD5WCNh6qHpYSVRqs+Ht1MwtwVzOc
+2ZXxTUxEN8i+xKA/5GQ80/PJAkM9w3xbjnmqCYSughM3Cr+Fab0qNWJssf7krOBC
+skF8e+SdJxSbLAdrjkM9P2x2OkaaHHANJZ28CMdA/NgCN2L/fev8LQIDAQABoB4w
+HAYJKoZIhvcNAQkOMQ8wDTALBgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQELBQADgYEA
+rKFX2WcYZNns9j0YL+SlR/EnR53r5xFeiMa8lqj7DbjvxXly97JjkTM8qgiYDbsd
+r3EsRCtf6sGoxpCWIT370zToUYQndKJFthlnM9w6san7t3QcryDpYXvSTft0O3/X
+nypfGe7QuEYl0R/XKxlot1HzGCqaZB0QonfxxAFE3Tw=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/test_csr_v3_nsCertType.csr b/tests/data_files/test_csr_v3_nsCertType.csr
new file mode 100644
index 0000000..0398743
--- /dev/null
+++ b/tests/data_files/test_csr_v3_nsCertType.csr
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBcjCB3AIBADAPMQ0wCwYDVQQDDARldGNkMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDHOJLFw/RwEAhr+BM17PMBHIolD5WCNh6qHpYSVRqs+Ht1MwtwVzOc
+2ZXxTUxEN8i+xKA/5GQ80/PJAkM9w3xbjnmqCYSughM3Cr+Fab0qNWJssf7krOBC
+skF8e+SdJxSbLAdrjkM9P2x2OkaaHHANJZ28CMdA/NgCN2L/fev8LQIDAQABoCQw
+IgYJKoZIhvcNAQkOMRUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEL
+BQADgYEAYDqW7nG8/adwpHZXhmMSgdJmzovjOfMCRRe1FshTLSMmcB64wkZNuCc6
+5rLdubZpZtvA0pCp8pHqhdi6Mhl5dP7ZHxJgcW2jG1ZvxuoC65r1w+SH05RdLS0G
+IX2MEfp0J9hR4hVXJt4FbFtGmzkHi114oTMFMRWq84KiMrUugnM=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/test_csr_v3_subjectAltName.csr b/tests/data_files/test_csr_v3_subjectAltName.csr
new file mode 100644
index 0000000..65808c5
--- /dev/null
+++ b/tests/data_files/test_csr_v3_subjectAltName.csr
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBkzCB/QIBADAPMQ0wCwYDVQQDDARldGNkMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDHOJLFw/RwEAhr+BM17PMBHIolD5WCNh6qHpYSVRqs+Ht1MwtwVzOc
+2ZXxTUxEN8i+xKA/5GQ80/PJAkM9w3xbjnmqCYSughM3Cr+Fab0qNWJssf7krOBC
+skF8e+SdJxSbLAdrjkM9P2x2OkaaHHANJZ28CMdA/NgCN2L/fev8LQIDAQABoEUw
+QwYJKoZIhvcNAQkOMTYwNDAyBgNVHREEKzApggtleGFtcGxlLmNvbYILZXhhbXBs
+ZS5uZXSCDSouZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAUyi46hqfD91x
+TVRf+IeI3rDf1gSu0IMZuoR5xr2jf/+Oq747gmH+ET2Yfgo96LWQpMVkuOaa68Hj
+0r4wvLgV3Re2dO4obHF9AVftZYTcLQ/GK/X3fvT1si7ynv9cfBRdHp4TBlSxeG+a
+c9kTX4hTnt3G106vea9FHgCpfG+AkV4=
+-----END CERTIFICATE REQUEST-----