http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl.py ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl.py b/python/tests/proton_tests/ssl.py new file mode 100644 index 0000000..da237f9 --- /dev/null +++ b/python/tests/proton_tests/ssl.py @@ -0,0 +1,936 @@ +from __future__ import absolute_import +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +import os +from . import common +import random +import string +import subprocess +import sys +from proton import * +from .common import Skipped, pump + + +def _testpath(file): + """ Set the full path to the certificate,keyfile, etc. for the test. + """ + if os.name=="nt": + if file.find("private-key")!=-1: + # The private key is not in a separate store + return None + # Substitute pkcs#12 equivalent for the CA/key store + if file.endswith(".pem"): + file = file[:-4] + ".p12" + return os.path.join(os.path.dirname(__file__), + "ssl_db/%s" % file) + +class SslTest(common.Test): + + def __init__(self, *args): + common.Test.__init__(self, *args) + self._testpath = _testpath + + def setUp(self): + if not common.isSSLPresent(): + raise Skipped("No SSL libraries found.") + self.server_domain = SSLDomain(SSLDomain.MODE_SERVER) + self.client_domain = SSLDomain(SSLDomain.MODE_CLIENT) + + def tearDown(self): + self.server_domain = None + self.client_domain = None + + class SslTestConnection(object): + """ Represents a single SSL connection. + """ + def __init__(self, domain=None, mode=Transport.CLIENT, + session_details=None, conn_hostname=None, + ssl_peername=None): + if not common.isSSLPresent(): + raise Skipped("No SSL libraries found.") + + self.ssl = None + self.domain = domain + self.transport = Transport(mode) + self.connection = Connection() + if conn_hostname: + self.connection.hostname = conn_hostname + if domain: + self.ssl = SSL( self.transport, self.domain, session_details ) + if ssl_peername: + self.ssl.peer_hostname = ssl_peername + # bind last, after all configuration complete: + self.transport.bind(self.connection) + + def _pump(self, ssl_client, ssl_server, buffer_size=1024): + pump(ssl_client.transport, ssl_server.transport, buffer_size) + + def _do_handshake(self, client, server): + """ Attempt to connect client to server. Will throw a TransportException if the SSL + handshake fails. + """ + client.connection.open() + server.connection.open() + self._pump(client, server) + if client.transport.closed: + return + assert client.ssl.protocol_name() is not None + client.connection.close() + server.connection.close() + self._pump(client, server) + + def test_defaults(self): + if os.name=="nt": + raise Skipped("Windows SChannel lacks anonymous cipher support.") + """ By default, both the server and the client support anonymous + ciphers - they should connect without need for a certificate. + """ + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + # check that no SSL connection exists + assert not server.ssl.cipher_name() + assert not client.ssl.protocol_name() + + #client.transport.trace(Transport.TRACE_DRV) + #server.transport.trace(Transport.TRACE_DRV) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + + # now SSL should be active + assert server.ssl.cipher_name() is not None + assert client.ssl.protocol_name() is not None + + client.connection.close() + server.connection.close() + self._pump( client, server ) + + def test_ssl_with_small_buffer(self): + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.connection.open() + server.connection.open() + + small_buffer_size = 1 + self._pump( client, server, small_buffer_size ) + + assert client.ssl.protocol_name() is not None + client.connection.close() + server.connection.close() + self._pump( client, server ) + + + def test_server_certificate(self): + """ Test that anonymous clients can still connect to a server that has + a certificate configured. + """ + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert client.ssl.protocol_name() is not None + client.connection.close() + server.connection.close() + self._pump( client, server ) + + def test_server_authentication(self): + """ Simple SSL connection with authentication of the server + """ + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert client.ssl.protocol_name() is not None + client.connection.close() + server.connection.close() + self._pump( client, server ) + + def test_certificate_fingerprint_and_subfields(self): + if os.name=="nt": + raise Skipped("Windows support for certificate fingerprint and subfield not implemented yet") + + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER, + self._testpath("ca-certificate.pem") ) + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + + # give the client a certificate, but let's not require server authentication + self.client_domain.set_credentials(self._testpath("client-certificate1.pem"), + self._testpath("client-private-key1.pem"), + "client-password") + self.client_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + + # Test the subject subfields + self.assertEqual("Client", server.ssl.get_cert_organization()) + self.assertEqual("Dev", server.ssl.get_cert_organization_unit()) + self.assertEqual("ST", server.ssl.get_cert_state_or_province()) + self.assertEqual("US", server.ssl.get_cert_country()) + self.assertEqual("City", server.ssl.get_cert_locality_or_city()) + self.assertEqual("O=Server,CN=A1.Good.Server.domain.com", client.ssl.get_cert_subject()) + self.assertEqual("O=Client,CN=127.0.0.1,C=US,ST=ST,L=City,OU=Dev", server.ssl.get_cert_subject()) + + self.assertEqual("f78f03ec31317c213dcf607c095242adbf067824", server.ssl.get_cert_fingerprint_sha1()) + self.assertEqual("3836fd0d7bbc155158997ff336de29545cc1ce4137f8419062ceb8b50fd7a6f9", server.ssl.get_cert_fingerprint_sha256()) + self.assertEqual("a8390634eb10c7a12ba3ce0837001bc6ae78c7690984f4788cf4430acdb496d5d9e02c8ec39219f5c4dcd908c34861d09481c2faf53b4ccc95dac60e623165c4", + server.ssl.get_cert_fingerprint_sha512()) + self.assertEqual("32b7bc119f61c71d368caaf9a6bf58b2", server.ssl.get_cert_fingerprint_md5()) + + # Test the various fingerprint algorithms + self.assertEqual("0aab5922c8657a7fb78402b79379506d3d7806ce", client.ssl.get_cert_fingerprint_sha1()) + self.assertEqual("de5e0c4097f841815a769ce1a30dbe912b83711438a5aaf50001da23cee5a8a8", client.ssl.get_cert_fingerprint_sha256()) + self.assertEqual("d0aceeb68ab9de57c9e1c21a43a4511c54ec94011e770a523a6352b1374f59c8b58adc93d5cad6f25aa125b5934309a61a25e74a5d5e0cb40b07c7468615944c", + client.ssl.get_cert_fingerprint_sha512()) + self.assertEqual("ae0ebcebc1f970fb696ef9f56e3235da", client.ssl.get_cert_fingerprint_md5()) + + self.assertEqual(None, client.ssl.get_cert_fingerprint(21, SSL.SHA1)) # Should be at least 41 + self.assertEqual(None, client.ssl.get_cert_fingerprint(50, SSL.SHA256)) # Should be at least 65 + self.assertEqual(None, client.ssl.get_cert_fingerprint(128, SSL.SHA512)) # Should be at least 129 + self.assertEqual(None, client.ssl.get_cert_fingerprint(10, SSL.MD5)) # Should be at least 33 + self.assertEqual(None, client.ssl._get_cert_subject_unknown_subfield()) + + self.assertNotEqual(None, client.ssl.get_cert_fingerprint(50, SSL.SHA1)) # Should be at least 41 + self.assertNotEqual(None, client.ssl.get_cert_fingerprint(70, SSL.SHA256)) # Should be at least 65 + self.assertNotEqual(None, client.ssl.get_cert_fingerprint(130, SSL.SHA512)) # Should be at least 129 + self.assertNotEqual(None, client.ssl.get_cert_fingerprint(35, SSL.MD5)) # Should be at least 33 + self.assertEqual(None, client.ssl._get_cert_fingerprint_unknown_hash_alg()) + + def test_client_authentication(self): + """ Force the client to authenticate. + """ + # note: when requesting client auth, the server _must_ send its + # certificate, so make sure we configure one! + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER, + self._testpath("ca-certificate.pem") ) + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + + # give the client a certificate, but let's not require server authentication + self.client_domain.set_credentials(self._testpath("client-certificate.pem"), + self._testpath("client-private-key.pem"), + "client-password") + self.client_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + + assert client.ssl.protocol_name() is not None + client.connection.close() + server.connection.close() + self._pump( client, server ) + + def test_client_authentication_fail_bad_cert(self): + """ Ensure that the server can detect a bad client certificate. + """ + # note: when requesting client auth, the server _must_ send its + # certificate, so make sure we configure one! + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER, + self._testpath("ca-certificate.pem") ) + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + + self.client_domain.set_credentials(self._testpath("bad-server-certificate.pem"), + self._testpath("bad-server-private-key.pem"), + "server-password") + self.client_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert client.transport.closed + assert server.transport.closed + assert client.connection.state & Endpoint.REMOTE_UNINIT + assert server.connection.state & Endpoint.REMOTE_UNINIT + + def test_client_authentication_fail_no_cert(self): + """ Ensure that the server will fail a client that does not provide a + certificate. + """ + # note: when requesting client auth, the server _must_ send its + # certificate, so make sure we configure one! + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER, + self._testpath("ca-certificate.pem") ) + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + + self.client_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert client.transport.closed + assert server.transport.closed + assert client.connection.state & Endpoint.REMOTE_UNINIT + assert server.connection.state & Endpoint.REMOTE_UNINIT + + def test_client_server_authentication(self): + """ Require both client and server to mutually identify themselves. + """ + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER, + self._testpath("ca-certificate.pem") ) + + self.client_domain.set_credentials(self._testpath("client-certificate.pem"), + self._testpath("client-private-key.pem"), + "client-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert client.ssl.protocol_name() is not None + client.connection.close() + server.connection.close() + self._pump( client, server ) + + def test_server_only_authentication(self): + """ Client verifies server, but server does not verify client. + """ + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.server_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER ) + + self.client_domain.set_credentials(self._testpath("client-certificate.pem"), + self._testpath("client-private-key.pem"), + "client-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert client.ssl.protocol_name() is not None + client.connection.close() + server.connection.close() + self._pump( client, server ) + + def test_bad_server_certificate(self): + """ A server with a self-signed certificate that is not trusted by the + client. The client should reject the server. + """ + self.server_domain.set_credentials(self._testpath("bad-server-certificate.pem"), + self._testpath("bad-server-private-key.pem"), + "server-password") + self.server_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER ) + + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert client.transport.closed + assert server.transport.closed + assert client.connection.state & Endpoint.REMOTE_UNINIT + assert server.connection.state & Endpoint.REMOTE_UNINIT + + del server + del client + + # now re-try with a client that does not require peer verification + self.client_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER ) + + client = SslTest.SslTestConnection( self.client_domain ) + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert client.ssl.protocol_name() is not None + client.connection.close() + server.connection.close() + self._pump( client, server ) + + def test_allow_unsecured_client_which_connects_unsecured(self): + """ Server allows an unsecured client to connect if configured. + """ + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER, + self._testpath("ca-certificate.pem") ) + # allow unsecured clients on this connection + self.server_domain.allow_unsecured_client() + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + + # non-ssl connection + client = SslTest.SslTestConnection() + + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert server.ssl.protocol_name() is None + client.connection.close() + server.connection.close() + self._pump( client, server ) + + def test_allow_unsecured_client_which_connects_secured(self): + """ As per test_allow_unsecured_client_which_connects_unsecured + but client actually uses SSL + """ + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER, + self._testpath("ca-certificate.pem") ) + + self.client_domain.set_credentials(self._testpath("client-certificate.pem"), + self._testpath("client-private-key.pem"), + "client-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER ) + + # allow unsecured clients on this connection + #self.server_domain.allow_unsecured_client() + + # client uses ssl. Server should detect this. + client = SslTest.SslTestConnection( self.client_domain ) + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert server.ssl.protocol_name() is not None + client.connection.close() + server.connection.close() + self._pump( client, server ) + + + def test_disallow_unsecured_client(self): + """ Non-SSL Client is disallowed from connecting to server. + """ + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.server_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER ) + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + + # non-ssl connection + client = SslTest.SslTestConnection() + + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert client.transport.closed + assert server.transport.closed + assert client.connection.state & Endpoint.REMOTE_UNINIT + assert server.connection.state & Endpoint.REMOTE_UNINIT + + def test_session_resume(self): + """ Test resume of client session. + """ + if os.name=="nt": + raise Skipped("Windows SChannel session resume not yet implemented.") + + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.server_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER ) + + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER ) + + # details will be used in initial and subsequent connections to allow session to be resumed + initial_session_details = SSLSessionDetails("my-session-id") + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain, session_details=initial_session_details ) + + # bring up the connection and store its state + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert client.ssl.protocol_name() is not None + + # cleanly shutdown the connection + client.connection.close() + server.connection.close() + self._pump( client, server ) + + # destroy the existing clients + del client + del server + + # now create a new set of connections, use last session id + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + # provide the details of the last session, allowing it to be resumed + client = SslTest.SslTestConnection( self.client_domain, session_details=initial_session_details ) + + #client.transport.trace(Transport.TRACE_DRV) + #server.transport.trace(Transport.TRACE_DRV) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert server.ssl.protocol_name() is not None + if(API_LANGUAGE=="C"): + assert client.ssl.resume_status() == SSL.RESUME_REUSED + else: + # Java gives no way to check whether a previous session has been resumed + pass + + client.connection.close() + server.connection.close() + self._pump( client, server ) + + # now try to resume using an unknown session-id, expect resume to fail + # and a new session is negotiated + + del client + del server + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain, session_details=SSLSessionDetails("some-other-session-id") ) + + client.connection.open() + server.connection.open() + self._pump( client, server ) + assert server.ssl.protocol_name() is not None + if(API_LANGUAGE=="C"): + assert client.ssl.resume_status() == SSL.RESUME_NEW + + client.connection.close() + server.connection.close() + self._pump( client, server ) + + def test_multiple_sessions(self): + """ Test multiple simultaneous active SSL sessions with bi-directional + certificate verification, shared across two domains. + """ + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER, + self._testpath("ca-certificate.pem") ) + + self.client_domain.set_credentials(self._testpath("client-certificate.pem"), + self._testpath("client-private-key.pem"), + "client-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER ) + + max_count = 100 + sessions = [(SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ), + SslTest.SslTestConnection( self.client_domain )) for x in + range(max_count)] + for s in sessions: + s[0].connection.open() + self._pump( s[0], s[1] ) + + for s in sessions: + s[1].connection.open() + self._pump( s[1], s[0] ) + assert s[0].ssl.cipher_name() is not None + assert s[1].ssl.cipher_name() == s[0].ssl.cipher_name() + + for s in sessions: + s[1].connection.close() + self._pump( s[0], s[1] ) + + for s in sessions: + s[0].connection.close() + self._pump( s[1], s[0] ) + + def test_server_hostname_authentication(self): + """ Test authentication of the names held in the server's certificate + against various configured hostnames. + """ + if os.name=="nt": + raise Skipped("PROTON-1057: disable temporarily on Windows.") + + # Check the CommonName matches (case insensitive). + # Assumes certificate contains "CN=A1.Good.Server.domain.com" + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.ssl.peer_hostname = "a1.good.server.domain.com" + assert client.ssl.peer_hostname == "a1.good.server.domain.com" + self._do_handshake( client, server ) + del server + del client + self.tearDown() + + # Should fail on CN name mismatch: + self.setUp() + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.ssl.peer_hostname = "A1.Good.Server.domain.comX" + self._do_handshake( client, server ) + assert client.transport.closed + assert server.transport.closed + assert client.connection.state & Endpoint.REMOTE_UNINIT + assert server.connection.state & Endpoint.REMOTE_UNINIT + del server + del client + self.tearDown() + + # Wildcarded Certificate + # Assumes: + # 1) certificate contains Server Alternate Names: + # "alternate.name.one.com" and "another.name.com" + # 2) certificate has wildcarded CommonName "*.prefix*.domain.com" + # + + # Pass: match an alternate + self.setUp() + self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"), + self._testpath("server-wc-private-key.pem"), + "server-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.ssl.peer_hostname = "alternate.Name.one.com" + self._do_handshake( client, server ) + del client + del server + self.tearDown() + + # Pass: match an alternate + self.setUp() + self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"), + self._testpath("server-wc-private-key.pem"), + "server-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.ssl.peer_hostname = "ANOTHER.NAME.COM" + self._do_handshake(client, server) + del client + del server + self.tearDown() + + # Pass: match the pattern + self.setUp() + self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"), + self._testpath("server-wc-private-key.pem"), + "server-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.ssl.peer_hostname = "SOME.PREfix.domain.COM" + self._do_handshake( client, server ) + del client + del server + self.tearDown() + + # Pass: match the pattern + self.setUp() + self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"), + self._testpath("server-wc-private-key.pem"), + "server-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.ssl.peer_hostname = "FOO.PREfixZZZ.domain.com" + self._do_handshake( client, server ) + del client + del server + self.tearDown() + + # Fail: must match prefix on wildcard + self.setUp() + self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"), + self._testpath("server-wc-private-key.pem"), + "server-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.ssl.peer_hostname = "FOO.PREfi.domain.com" + self._do_handshake( client, server ) + assert client.transport.closed + assert server.transport.closed + assert client.connection.state & Endpoint.REMOTE_UNINIT + assert server.connection.state & Endpoint.REMOTE_UNINIT + del server + del client + self.tearDown() + + # Fail: leading wildcards are not optional + self.setUp() + self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"), + self._testpath("server-wc-private-key.pem"), + "server-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + client.ssl.peer_hostname = "PREfix.domain.COM" + self._do_handshake( client, server ) + assert client.transport.closed + assert server.transport.closed + assert client.connection.state & Endpoint.REMOTE_UNINIT + assert server.connection.state & Endpoint.REMOTE_UNINIT + self.tearDown() + + # Pass: ensure that the user can give an alternate name that overrides + # the connection's configured hostname + self.setUp() + self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"), + self._testpath("server-wc-private-key.pem"), + "server-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME ) + + server = SslTest.SslTestConnection(self.server_domain, mode=Transport.SERVER) + client = SslTest.SslTestConnection(self.client_domain, + conn_hostname="This.Name.Does.not.Match", + ssl_peername="alternate.name.one.com") + self._do_handshake(client, server) + del client + del server + self.tearDown() + + # Pass: ensure that the hostname supplied by the connection is used if + # none has been specified for the SSL instance + self.setUp() + self.server_domain.set_credentials(self._testpath("server-certificate.pem"), + self._testpath("server-private-key.pem"), + "server-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME ) + + server = SslTest.SslTestConnection(self.server_domain, mode=Transport.SERVER) + client = SslTest.SslTestConnection(self.client_domain, + conn_hostname="a1.good.server.domain.com") + self._do_handshake(client, server) + del client + del server + self.tearDown() + + def test_server_hostname_authentication_2(self): + """Initially separated from test_server_hostname_authentication + above to force Windows checking and sidestep PROTON-1057 exclusion. + """ + + # Fail for a null peer name. + self.server_domain.set_credentials(self._testpath("server-wc-certificate.pem"), + self._testpath("server-wc-private-key.pem"), + "server-password") + self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER_NAME ) + + server = SslTest.SslTestConnection( self.server_domain, mode=Transport.SERVER ) + client = SslTest.SslTestConnection( self.client_domain ) + + # Next line results in an eventual pn_ssl_set_peer_hostname(client.ssl._ssl, None) + client.ssl.peer_hostname = None + self._do_handshake( client, server ) + assert client.transport.closed + assert server.transport.closed + assert client.connection.state & Endpoint.REMOTE_UNINIT + assert server.connection.state & Endpoint.REMOTE_UNINIT + self.tearDown() + + def test_defaults_messenger_app(self): + """ Test an SSL connection using the Messenger apps (no certificates) + """ + if os.name=="nt": + raise Skipped("Windows SChannel lacks anonymous cipher support.") + port = common.free_tcp_ports()[0] + + receiver = common.MessengerReceiverC() + receiver.subscriptions = ["amqps://~0.0.0.0:%s" % port] + receiver.receive_count = 1 + receiver.timeout = self.timeout + receiver.start() + + sender = common.MessengerSenderC() + sender.targets = ["amqps://0.0.0.0:%s/X" % port] + sender.send_count = 1 + sender.timeout = self.timeout + sender.start() + sender.wait() + assert sender.status() == 0, "Command '%s' failed" % str(sender.cmdline()) + + receiver.wait() + assert receiver.status() == 0, "Command '%s' failed" % str(receiver.cmdline()) + + def test_server_authentication_messenger_app(self): + """ Test an SSL authentication using the Messenger apps. + """ + port = common.free_tcp_ports()[0] + + receiver = common.MessengerReceiverC() + receiver.subscriptions = ["amqps://~0.0.0.0:%s" % port] + receiver.receive_count = 1 + receiver.timeout = self.timeout + # Note hack - by default we use the client-certificate for the + # _server_ because the client-certificate's common name field + # is "127.0.0.1", which will match the target address used by + # the sender. + receiver.certificate = self._testpath("client-certificate.pem") + receiver.privatekey = self._testpath("client-private-key.pem") + receiver.password = "client-password" + receiver.start() + + sender = common.MessengerSenderC() + sender.targets = ["amqps://127.0.0.1:%s/X" % port] + sender.send_count = 1 + sender.timeout = self.timeout + sender.ca_db = self._testpath("ca-certificate.pem") + sender.start() + sender.wait() + assert sender.status() == 0, "Command '%s' failed" % str(sender.cmdline()) + + receiver.wait() + assert receiver.status() == 0, "Command '%s' failed" % str(receiver.cmdline()) + + def DISABLED_test_defaults_valgrind(self): + """ Run valgrind over a simple SSL connection (no certificates) + """ + # the openssl libraries produce far too many valgrind errors to be + # useful. AFAIK, there is no way to wriate a valgrind suppression + # expression that will ignore all errors from a given library. + # Until we can, skip this test. + port = common.free_tcp_ports()[0] + + receiver = common.MessengerReceiverValgrind() + receiver.subscriptions = ["amqps://~127.0.0.1:%s" % port] + receiver.receive_count = 1 + receiver.timeout = self.timeout + receiver.start() + + sender = common.MessengerSenderValgrind() + sender.targets = ["amqps://127.0.0.1:%s/X" % port] + sender.send_count = 1 + sender.timeout = self.timeout + sender.start() + sender.wait() + assert sender.status() == 0, "Command '%s' failed" % str(sender.cmdline()) + + receiver.wait() + assert receiver.status() == 0, "Command '%s' failed" % str(receiver.cmdline()) + + # self.server_domain.set_credentials(self._testpath("client-certificate.pem"), + # self._testpath("client-private-key.pem"), + # "client-password") + + # self.client_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) + # self.client_domain.set_peer_authentication( SSLDomain.VERIFY_PEER ) + + def test_singleton(self): + """Verify that only a single instance of SSL can exist per Transport""" + transport = Transport() + ssl1 = SSL(transport, self.client_domain) + ssl2 = transport.ssl(self.client_domain) + ssl3 = transport.ssl(self.client_domain) + assert ssl1 is ssl2 + assert ssl1 is ssl3 + transport = Transport() + ssl1 = transport.ssl(self.client_domain) + ssl2 = SSL(transport, self.client_domain) + assert ssl1 is ssl2 + # catch attempt to re-configure existing SSL + try: + ssl3 = SSL(transport, self.server_domain) + assert False, "Expected error did not occur!" + except SSLException: + pass
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/README.txt ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/README.txt b/python/tests/proton_tests/ssl_db/README.txt new file mode 100644 index 0000000..20c92b2 --- /dev/null +++ b/python/tests/proton_tests/ssl_db/README.txt @@ -0,0 +1,79 @@ +The following certificate files are used by the SSL unit tests (ssl.py): + +ca-certificate.pem - contains the public certificate identifying a "trusted" Certificate +Authority. This certificate is used to sign the certificates that identify the SSL +servers and clients run by the tests. + +client-certificate.pem - the public certificate used to identify the client. Signed by +the CA. + +client-private-key.pem - encrypted key used to create client-certificate.pem. Password is +"client-password" + +server-certificate.pem - the public certificate used to identify the server. Signed by +the CA. The CommonName is "A1.Good.Server.domain.com", and is checked by some unit tests. + +server-private-key.pem - encrypted key used to create server-certificate.pem. Password is +"server-password" + +bad-server-certificate.pem, bad-server-private-key.pem - a certificate/key that is not trusted by the client, for negative test. + +server-wc-certificate.pem and server-wc-private-key.pem - similar to +server-certificate.pem and server-private-key.pem, but contains Subject Alternate Name +entries, and a wildcard CommonName. Used for certificate name checking tests. + +These certificates have been created using the OpenSSL tool. + +The following bash script can be used to create these certificates (requires keytool from Java 1.7, and openssl): + +--8<-- +#!/bin/bash +#set -x + +rm -f *.pem *.pkcs12 + +# Create a self-signed certificate for the CA, and a private key to sign certificate requests: +keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -genkey -dname "O=Trust Me Inc.,CN=Trusted.CA.com" -validity 99999 -ext bc:c=ca:true,pathlen:0 -ext ku:c=digitalSignature,keyCertSign -ext ExtendedkeyUsage=serverAuth,clientAuth +openssl pkcs12 -nokeys -passin pass:ca-password -in ca.pkcs12 -passout pass:ca-password -out ca-certificate.pem + +# Create a certificate request for the server certificate. Use the CA's certificate to sign it: +keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -genkey -dname "O=Server,CN=A1.Good.Server.domain.com" -validity 99999 +keytool -storetype pkcs12 -keystore server.pkcs12 -storepass server-password -alias server-certificate -keypass server-password -certreq -file server-request.pem +keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-request.pem -outfile server-certificate.pem +openssl pkcs12 -nocerts -passin pass:server-password -in server.pkcs12 -passout pass:server-password -out server-private-key.pem + +# Create a certificate request for the client certificate. Use the CA's certificate to sign it: +keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -genkey -dname "O=Client,CN=127.0.0.1" -validity 99999 +keytool -storetype pkcs12 -keystore client.pkcs12 -storepass client-password -alias client-certificate -keypass client-password -certreq -file client-request.pem +keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile client-request.pem -outfile client-certificate.pem +openssl pkcs12 -nocerts -passin pass:client-password -in client.pkcs12 -passout pass:client-password -out client-private-key.pem + +# Create another client certificate with a different subject line +keytool -storetype pkcs12 -keystore client1.pkcs12 -storepass client-password -alias client-certificate1 -keypass client-password -genkey -dname "O=Client,CN=127.0.0.1,C=US,ST=ST,L=City,OU=Dev" -validity 99999 +keytool -storetype pkcs12 -keystore client1.pkcs12 -storepass client-password -alias client-certificate1 -keypass client-password -certreq -file client-request1.pem +keytool -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile client-request1.pem -outfile client-certificate1.pem +openssl pkcs12 -nocerts -passin pass:client-password -in client1.pkcs12 -passout pass:client-password -out client-private-key1.pem + +# Create a "bad" certificate - not signed by a trusted authority +keytool -storetype pkcs12 -keystore bad-server.pkcs12 -storepass server-password -alias bad-server -keypass server-password -genkey -dname "O=Not Trusted Inc,CN=127.0.0.1" -validity 99999 +openssl pkcs12 -nocerts -passin pass:server-password -in bad-server.pkcs12 -passout pass:server-password -out bad-server-private-key.pem +openssl pkcs12 -nokeys -passin pass:server-password -in bad-server.pkcs12 -passout pass:server-password -out bad-server-certificate.pem + +# Create a server certificate with several alternate names, including a wildcarded common name: +keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server-wc.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -genkeypair -dname "O=Server,CN=*.prefix*.domain.com" -validity 99999 +keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore server-wc.pkcs12 -storepass server-password -alias server-wc-certificate -keypass server-password -certreq -file server-wc-request.pem +keytool -ext san=dns:alternate.name.one.com,dns:another.name.com -storetype pkcs12 -keystore ca.pkcs12 -storepass ca-password -alias ca -keypass ca-password -gencert -rfc -validity 99999 -infile server-wc-request.pem -outfile server-wc-certificate.pem +openssl pkcs12 -nocerts -passin pass:server-password -in server-wc.pkcs12 -passout pass:server-password -out server-wc-private-key.pem + +# Create pkcs12 versions of the above certificates (for Windows SChannel) +# The CA certificate store/DB is created without public keys. +# Give the "p12" files the same base name so the tests can just change the extension to switch between platforms. +# These certificates might work for OpenSSL <-> SChannel interop tests, but note that the DH cypher suite +# overlap is poor between platforms especially for older Windows versions. RSA certificates are better for +# interop (or PFS-friendly certificates on newer platforms). +openssl pkcs12 -export -out ca-certificate.p12 -in ca-certificate.pem -name ca-certificate -nokeys -passout pass: +openssl pkcs12 -export -out server-certificate.p12 -passin pass:server-password -passout pass:server-password -inkey server-private-key.pem -in server-certificate.pem -name server-certificate +openssl pkcs12 -export -out client-certificate.p12 -passin pass:client-password -passout pass:client-password -inkey client-private-key.pem -in client-certificate.pem -name client-certificate +openssl pkcs12 -export -out client-certificate1.p12 -passin pass:client-password -passout pass:client-password -inkey client-private-key1.pem -in client-certificate1.pem -name client-certificate1 +openssl pkcs12 -export -out bad-server-certificate.p12 -passin pass:server-password -passout pass:server-password -inkey bad-server-private-key.pem -in bad-server-certificate.pem -name bad-server +openssl pkcs12 -export -out server-wc-certificate.p12 -passin pass:server-password -passout pass:server-password -inkey server-wc-private-key.pem -in server-wc-certificate.pem -name server-wc-certificate http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/bad-server-certificate.p12 ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/bad-server-certificate.p12 b/python/tests/proton_tests/ssl_db/bad-server-certificate.p12 new file mode 100644 index 0000000..7906831 Binary files /dev/null and b/python/tests/proton_tests/ssl_db/bad-server-certificate.p12 differ http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/bad-server-certificate.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/bad-server-certificate.pem b/python/tests/proton_tests/ssl_db/bad-server-certificate.pem new file mode 100644 index 0000000..1dc288b --- /dev/null +++ b/python/tests/proton_tests/ssl_db/bad-server-certificate.pem @@ -0,0 +1,22 @@ +Bag Attributes + friendlyName: bad-server + localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 38 32 39 36 +subject=/CN=127.0.0.1/O=Not Trusted Inc +issuer=/CN=127.0.0.1/O=Not Trusted Inc +-----BEGIN CERTIFICATE----- +MIICuzCCAnmgAwIBAgIELMpW4jALBgcqhkjOOAQDBQAwLjESMBAGA1UEAxMJMTI3 +LjAuMC4xMRgwFgYDVQQKEw9Ob3QgVHJ1c3RlZCBJbmMwIBcNMTcwODAyMjE1MzM4 +WhgPMjI5MTA1MTcyMTUzMzhaMC4xEjAQBgNVBAMTCTEyNy4wLjAuMTEYMBYGA1UE +ChMPTm90IFRydXN0ZWQgSW5jMIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4Ed +dRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs +14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue +wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BY +HPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+Zx +BxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx ++2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAK3E +5j/UaiVHJYAf3DAIl5hjTZcChTp57GjODdfDteHeDh85HFyW0kxmXyhpUdODzAgG +THhpxy/+Kkd8jmUBVFnU1EXByvGORBfnJkMTkuhmk9veytxlskQ0tQV8gmRNb0Xe +hie7T9UT8TQJy9mPS74pSuviFSx0Hz0dKGi0eVUYoyEwHzAdBgNVHQ4EFgQUg2PE +qycdV1oxVaA33ULDrVdSjhkwCwYHKoZIzjgEAwUAAy8AMCwCFGybqSwG3TauRJVw +XA/xeSxpYbcBAhQ6ylf9XZAvM7tMyQQTcDAkmt+YWQ== +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/bad-server-private-key.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/bad-server-private-key.pem b/python/tests/proton_tests/ssl_db/bad-server-private-key.pem new file mode 100644 index 0000000..331ade0 --- /dev/null +++ b/python/tests/proton_tests/ssl_db/bad-server-private-key.pem @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: bad-server + localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 38 32 39 36 +Key Attributes: <No Attributes> +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqgLLe7iT+1wCAggA +MBQGCCqGSIb3DQMHBAhg98ZJQMtngwSCAVCdhdOMr+VVTNaIPSy4nSwdRTlXIuRa +4wPi+07mToJmEtGfpJ4MPjDF9yRptVQI4RoN/RrLl0WX/HNZ5U4JluL0j68+JB1d +MoeSRiRc+Yd2vxey8reBrvx1m1mB3LXvm38oZVDFrQ9FNGK09EtTLN1rqckr1fxQ +Imcvb63nu5UZB8WMCVfKqe9Zm9dQlsSlp3M5OCRm296Xsr0eWwe2W1/rJiKMZN7x +eJMf4pWVrBHoi6VJHAEA7ZvhRfcHkSbyze5ouDpKbMZS9gq38Hs4d+wkxe9x3emx +6OvppcpBolZhntF1vJXUXMc6D5Pw3mGEsRGwcMJqWCc8XJTkyP0ylNFNyaHaz0oC +jSWmUu0s5628K+m8nGY4X7msfOddTA16W6mODjE2ddlTqwTFu2CYBk3WbprBRXo0 +ionZQTPTqcM0UR3KyF9CHRZbnQ/d7bk57/w= +-----END ENCRYPTED PRIVATE KEY----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/bad-server.pkcs12 ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/bad-server.pkcs12 b/python/tests/proton_tests/ssl_db/bad-server.pkcs12 new file mode 100644 index 0000000..dea2143 Binary files /dev/null and b/python/tests/proton_tests/ssl_db/bad-server.pkcs12 differ http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/ca-certificate.p12 ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/ca-certificate.p12 b/python/tests/proton_tests/ssl_db/ca-certificate.p12 new file mode 100644 index 0000000..767b24d Binary files /dev/null and b/python/tests/proton_tests/ssl_db/ca-certificate.p12 differ http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/ca-certificate.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/ca-certificate.pem b/python/tests/proton_tests/ssl_db/ca-certificate.pem new file mode 100644 index 0000000..6d27395 --- /dev/null +++ b/python/tests/proton_tests/ssl_db/ca-certificate.pem @@ -0,0 +1,24 @@ +Bag Attributes + friendlyName: ca + localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 36 34 37 32 +subject=/CN=Trusted.CA.com/O=Trust Me Inc. +issuer=/CN=Trusted.CA.com/O=Trust Me Inc. +-----BEGIN CERTIFICATE----- +MIIDBDCCAsKgAwIBAgIEBGGY1zALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1 +c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1 +MzM2WhgPMjI5MTA1MTcyMTUzMzZaMDExFzAVBgNVBAMTDlRydXN0ZWQuQ0EuY29t +MRYwFAYDVQQKEw1UcnVzdCBNZSBJbmMuMIIBuDCCASwGByqGSM44BAEwggEfAoGB +AP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6 +MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E ++4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmC +ouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeO +utRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/ +C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUA +AoGBALsRT+tH1c+TC78EYtPh+KQ0DosKKtxeSRos4eQ49erdI+tYhzeqN3Ebmeky +TWfGjjU64PGRFDNGjpf9l7Yo22jk9U5zIFkFp5gP9DVBHrOrh8mdT+/oBhhVHxI5 +rWLqSjI/zXhRzRwueR81p0D3XJlV3g/xlOlWALoRnUWpDAo3o2QwYjASBgNVHRMB +Af8ECDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNV +HQ8BAf8EBAMCAoQwHQYDVR0OBBYEFLI2ezwilYHGS5MRPMWlifHH+Y5qMAsGByqG +SM44BAMFAAMvADAsAhRxomjEvDfhe1p+D6KLc0IGjDNgtgIUIZXb0/Fpzy6dpCwe +Ay+soxvpfMU= +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/ca.pkcs12 ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/ca.pkcs12 b/python/tests/proton_tests/ssl_db/ca.pkcs12 new file mode 100644 index 0000000..d9ca00c Binary files /dev/null and b/python/tests/proton_tests/ssl_db/ca.pkcs12 differ http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/client-certificate.p12 ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/client-certificate.p12 b/python/tests/proton_tests/ssl_db/client-certificate.p12 new file mode 100644 index 0000000..82271f9 Binary files /dev/null and b/python/tests/proton_tests/ssl_db/client-certificate.p12 differ http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/client-certificate.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/client-certificate.pem b/python/tests/proton_tests/ssl_db/client-certificate.pem new file mode 100644 index 0000000..4c0d4d4 --- /dev/null +++ b/python/tests/proton_tests/ssl_db/client-certificate.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC1jCCApOgAwIBAgIEeg2f8DALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1 +c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1 +MzM3WhgPMjI5MTA1MTcyMTUzMzdaMCUxEjAQBgNVBAMTCTEyNy4wLjAuMTEPMA0G +A1UEChMGQ2xpZW50MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9K +nC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00 +b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNa +FpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA +9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJ +FnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7 +zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAJ3g1ohpHgoxH +3Yj0SIfiPcUaM5FIszemFwQ2FZoG/J7MiVIw442JheTR/iEB3LYheHBp7ToqhaMY +NYidcxxUzgZJs3worXqAuUgDdbDcW6AjQ4olyGVt7sX9OL2amMq9BFCIt7SlyDKW +8Accx46H+8BffMdCu56yw5WQtZ3cPD2jQjBAMB8GA1UdIwQYMBaAFLI2ezwilYHG +S5MRPMWlifHH+Y5qMB0GA1UdDgQWBBQg7FbClmtrSAHA9lR8E7uexl5p1jALBgcq +hkjOOAQDBQADMAAwLQIVAIpUbUYyA3DisZyENQwcN0rDQ+FyAhRPcfg9Slb6MfO4 +SBFqOiesk+cpqw== +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/client-certificate1.p12 ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/client-certificate1.p12 b/python/tests/proton_tests/ssl_db/client-certificate1.p12 new file mode 100644 index 0000000..d35f88f Binary files /dev/null and b/python/tests/proton_tests/ssl_db/client-certificate1.p12 differ http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/client-certificate1.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/client-certificate1.pem b/python/tests/proton_tests/ssl_db/client-certificate1.pem new file mode 100644 index 0000000..c63b4f1 --- /dev/null +++ b/python/tests/proton_tests/ssl_db/client-certificate1.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDDDCCAsqgAwIBAgIEBmzTzzALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1 +c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1 +MzM4WhgPMjI5MTA1MTcyMTUzMzhaMFwxDDAKBgNVBAsTA0RldjENMAsGA1UEBxME +Q2l0eTELMAkGA1UECBMCU1QxCzAJBgNVBAYTAlVTMRIwEAYDVQQDEwkxMjcuMC4w +LjExDzANBgNVBAoTBkNsaWVudDCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OB +HXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tV +bNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPF +HsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvw +WBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/m +cQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi +8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKBgHVu +urVq1FFws/JN+I3yfA2RVmFwlYJID8yyO9lkHBPBDE0dqfFBF6F3nwsCiZF0n/v4 +od6MuuRSplV4kZH0jOOVw7e9cF2RNd/KahsIpm/Oq5aosm6W7KDK/xIwNyW+3DFt +TGDTOZ6ejVMgGR2rAD+FEp2yycJACQBP1GtTSFXTo0IwQDAfBgNVHSMEGDAWgBSy +Nns8IpWBxkuTETzFpYnxx/mOajAdBgNVHQ4EFgQUz4cx+zNqsCmWpBU2dw8GHO33 ++eEwCwYHKoZIzjgEAwUAAy8AMCwCFCsfHJPB4Tq6qX5U+DZBc3jmLBiXAhRF17Dz +fq+AxqyQ9PvTtH3UbFh1hQ== +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/client-private-key.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/client-private-key.pem b/python/tests/proton_tests/ssl_db/client-private-key.pem new file mode 100644 index 0000000..bca85eb --- /dev/null +++ b/python/tests/proton_tests/ssl_db/client-private-key.pem @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: client-certificate + localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 37 32 33 39 +Key Attributes: <No Attributes> +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIHmVKa1dEtm4CAggA +MBQGCCqGSIb3DQMHBAgpc0Ay33xL9ASCAVBJ8D5DVRd0d6t3gSvTFBAflpUROv2/ +pQlMLGbGlJIoEPyMIc9/GcgS7U19nMdoJjI1TuT/hGwObualnRRjY6KL5cbK2oUQ +371yUs6jGIQxtCeb1WgKpA/FKw9jRO7Tg5ztObItPiSQvkOcssfdRJYI1+W+ovj+ +j1BKMkJu197twIChYaz+3ppJzrh3qlqFgdRdE9H04ffWpNaZ6aOIIJHPMuZ8FScu +bQyvD9JjI+JWJUaCyp/3dxxxVrZ3vu8i6LmrL6Nm9IkJtFMZOfgPkoRLML2DWKqB +1qLk/Z45/THXDAxrPggFfqMvuctwJmtAGvo3MIbfCi+aewJE6/DjlSHDv6wGvOGB +T5golvZ5siahHqwmufSQG8ZTsGcpu/jCA5ipIvcTVgWIxscNc2Yx9FDNWVNzUcTy +ctRX6DS+s7rAy9ISjch4BbAtI7yALFt63eU= +-----END ENCRYPTED PRIVATE KEY----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/client-private-key1.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/client-private-key1.pem b/python/tests/proton_tests/ssl_db/client-private-key1.pem new file mode 100644 index 0000000..bedf540 --- /dev/null +++ b/python/tests/proton_tests/ssl_db/client-private-key1.pem @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: client-certificate1 + localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 37 37 37 32 +Key Attributes: <No Attributes> +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIg1n9vdGttqoCAggA +MBQGCCqGSIb3DQMHBAgRjlrRQfGcLQSCAVChui/M+36/e0WzeM79aJV7YZds/OJY +gprtJ2g5Cxb1L9hymwgxJtOAaRUqLUcfLHcKSxA+MaB+Ij+/8TH+miq0zZ9q0jZV +BAm56FNgUjW0nPLueTNhWzVVfQU6H9Tj33OuKm1PQo84Af3OPMtE03pvGDPEAPbH +a72HUgZyI7WTux4wpxfvUEVkT5OXgBHrFlqXiHHCI+9kqBXMCV3oHgZBcO+dqPKS +rlaTY7xoQWLenB6EQeYopMA2GNUVtzB3y6/nX2z0Yp5oHqKPBNOyFlVmwCrENN1/ +qnrFfzVbnksWLKhg9O+TPsId1UIZVvBh67y5N5IZRrpuE03qd2BScKM/Tn6vkWNB +Eus74Vba5vw9prauRC45FVgDe2YYYoULYPfhXWSiiWHDNKOBlz3l3hGlZsC8wKe5 +QlV5bVcOTfGIaBkD7SQyfRjMr8SWj4WMw1M= +-----END ENCRYPTED PRIVATE KEY----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/client-request.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/client-request.pem b/python/tests/proton_tests/ssl_db/client-request.pem new file mode 100644 index 0000000..b247aab --- /dev/null +++ b/python/tests/proton_tests/ssl_db/client-request.pem @@ -0,0 +1,15 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +MIICWTCCAhcCAQAwJTESMBAGA1UEAxMJMTI3LjAuMC4xMQ8wDQYDVQQKEwZDbGll +bnQwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I8 +70QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWk +n5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX +Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8 +q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fP +CTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD +3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAACgYAneDWiGkeCjEfdiPRIh+I9xRoz +kUizN6YXBDYVmgb8nsyJUjDjjYmF5NH+IQHctiF4cGntOiqFoxg1iJ1zHFTOBkmz +fCiteoC5SAN1sNxboCNDiiXIZW3uxf04vZqYyr0EUIi3tKXIMpbwBxzHjof7wF98 +x0K7nrLDlZC1ndw8PaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0OBBYEFCDsVsKW +a2tIAcD2VHwTu57GXmnWMAsGByqGSM44BAMFAAMvADAsAhQY5Zy4fQcy/SZOJ2Ix +cl3/QfimvQIUVvSdet7NKWzMQoBDhlJTdTzJvE8= +-----END NEW CERTIFICATE REQUEST----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/client-request1.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/client-request1.pem b/python/tests/proton_tests/ssl_db/client-request1.pem new file mode 100644 index 0000000..b46eb0a --- /dev/null +++ b/python/tests/proton_tests/ssl_db/client-request1.pem @@ -0,0 +1,16 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +MIICkTCCAk4CAQAwXDEMMAoGA1UECxMDRGV2MQ0wCwYDVQQHEwRDaXR5MQswCQYD +VQQIEwJTVDELMAkGA1UEBhMCVVMxEjAQBgNVBAMTCTEyNy4wLjAuMTEPMA0GA1UE +ChMGQ2xpZW50MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s +5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/Jm +YLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy +9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+Gg +hdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj +6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTx +vqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAdW66tWrUUXCz8k34 +jfJ8DZFWYXCVgkgPzLI72WQcE8EMTR2p8UEXoXefCwKJkXSf+/ih3oy65FKmVXiR +kfSM45XDt71wXZE138pqGwimb86rlqiybpbsoMr/EjA3Jb7cMW1MYNM5np6NUyAZ +HasAP4USnbLJwkAJAE/Ua1NIVdOgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQW +BBTPhzH7M2qwKZakFTZ3DwYc7ff54TALBgcqhkjOOAQDBQADMAAwLQIUFs17HaTm +vest72/4Caoo1sH39n0CFQCR680PPwr3lZ5jjEOp+n4htQNUvw== +-----END NEW CERTIFICATE REQUEST----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/client.pkcs12 ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/client.pkcs12 b/python/tests/proton_tests/ssl_db/client.pkcs12 new file mode 100644 index 0000000..575a551 Binary files /dev/null and b/python/tests/proton_tests/ssl_db/client.pkcs12 differ http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/client1.pkcs12 ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/client1.pkcs12 b/python/tests/proton_tests/ssl_db/client1.pkcs12 new file mode 100644 index 0000000..0e7c888 Binary files /dev/null and b/python/tests/proton_tests/ssl_db/client1.pkcs12 differ http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/server-certificate.p12 ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/server-certificate.p12 b/python/tests/proton_tests/ssl_db/server-certificate.p12 new file mode 100644 index 0000000..cacfa89 Binary files /dev/null and b/python/tests/proton_tests/ssl_db/server-certificate.p12 differ http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/server-certificate.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/server-certificate.pem b/python/tests/proton_tests/ssl_db/server-certificate.pem new file mode 100644 index 0000000..462f3a5 --- /dev/null +++ b/python/tests/proton_tests/ssl_db/server-certificate.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5jCCAqSgAwIBAgIEX8z6MDALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1 +c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1 +MzM3WhgPMjI5MTA1MTcyMTUzMzdaMDUxIjAgBgNVBAMTGUExLkdvb2QuU2VydmVy +LmRvbWFpbi5jb20xDzANBgNVBAoTBlNlcnZlcjCCAbgwggEsBgcqhkjOOAQBMIIB +HwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6 +v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58ao +phUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvM +spK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4Jn +UVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1 +kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kq +A4GFAAKBgQCERpy6RrkNHpgXT/uL9gN/IgwY7kp3Iwzr1lrqo+HqmydE+Cz9uqPH +VyxjX7nHVrdwl7xgsoki3QyoKcrZfTL1oS79kodWG7t6CyOtj2L3KGMUdIlqWepZ +wzCKTWrb07VjpqhMh0Qh8+IqEmvfC/4UVOec9alX0NO/ckDbIBhITqNCMEAwHwYD +VR0jBBgwFoAUsjZ7PCKVgcZLkxE8xaWJ8cf5jmowHQYDVR0OBBYEFBhEDdcBRqn5 +wFEbAad559yrQPE7MAsGByqGSM44BAMFAAMvADAsAhRuMRxWMKxy3USjfSFn47H4 +Z5VIHgIUB2i6+RQi7dHOEQYKKmxdQvAPA9M= +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/server-private-key.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/server-private-key.pem b/python/tests/proton_tests/ssl_db/server-private-key.pem new file mode 100644 index 0000000..3ae25f8 --- /dev/null +++ b/python/tests/proton_tests/ssl_db/server-private-key.pem @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: server-certificate + localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 36 36 35 36 +Key Attributes: <No Attributes> +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI6jwDH/9bZYMCAggA +MBQGCCqGSIb3DQMHBAgbIQ8UrRfmAgSCAVDejPh9sT2PMvDjjzXG6xpSmBPNZRiz +f2k2a9EaI8L4xadveiZTzOpk2C/nltMCNY2Vwf/LMtbvcLiadBRWM/4Uf5fvL/94 +zlKE77wPSWK1R+btZm0KIaA+EPAvnIGcjHlcSU58eQexwVlMXJ9pdeHm9KWbV1D+ +PjrlJ+SDq7OSGprTCz9r+gQ7Fy2Oe9OKc92tE29QD2AZXtSodvY9CosXCx4cqXr3 +ey+HXmVXJohsL89NycL80TvkxppqZ1hT3DZMkrFg2jFPz505rzE48y62FMoKNCjQ +6HXvsniWYXf7ipr+A4/diSSMBr/zmA+H+ZHKlNO8FJqZ8eI1eqRO+PjO1VV9bbG0 +lYoeoFu0Y1xw6V2jLYnFF1mTCC6kegl6kruvnwO7Oy+6kPEvDrejuI6uozW2etej +cBq1lUK5QNKSoaB7Qw+2qlyFg/KFwXXDBqk= +-----END ENCRYPTED PRIVATE KEY----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/server-request.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/server-request.pem b/python/tests/proton_tests/ssl_db/server-request.pem new file mode 100644 index 0000000..bd53fab --- /dev/null +++ b/python/tests/proton_tests/ssl_db/server-request.pem @@ -0,0 +1,15 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +MIICazCCAigCAQAwNTEiMCAGA1UEAxMZQTEuR29vZC5TZXJ2ZXIuZG9tYWluLmNv +bTEPMA0GA1UEChMGU2VydmVyMIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4Ed +dRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs +14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208Ue +wwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BY +HPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+Zx +BxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx ++2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAIRG +nLpGuQ0emBdP+4v2A38iDBjuSncjDOvWWuqj4eqbJ0T4LP26o8dXLGNfucdWt3CX +vGCyiSLdDKgpytl9MvWhLv2Sh1Ybu3oLI62PYvcoYxR0iWpZ6lnDMIpNatvTtWOm +qEyHRCHz4ioSa98L/hRU55z1qVfQ079yQNsgGEhOoDAwLgYJKoZIhvcNAQkOMSEw +HzAdBgNVHQ4EFgQUGEQN1wFGqfnAURsBp3nn3KtA8TswCwYHKoZIzjgEAwUAAzAA +MC0CFFIXSYKFVq90wR3lH+KCwvL+j0A4AhUAlxeczUtqTQFeGXFsDwIGO+5/uA4= +-----END NEW CERTIFICATE REQUEST----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/server-wc-certificate.p12 ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/server-wc-certificate.p12 b/python/tests/proton_tests/ssl_db/server-wc-certificate.p12 new file mode 100644 index 0000000..3f8a53d Binary files /dev/null and b/python/tests/proton_tests/ssl_db/server-wc-certificate.p12 differ http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/server-wc-certificate.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/server-wc-certificate.pem b/python/tests/proton_tests/ssl_db/server-wc-certificate.pem new file mode 100644 index 0000000..4d32b40 --- /dev/null +++ b/python/tests/proton_tests/ssl_db/server-wc-certificate.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFTCCAtOgAwIBAgIEVTK/cTALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1 +c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTcwODAyMjE1 +MzM4WhgPMjI5MTA1MTcyMTUzMzhaMDAxHTAbBgNVBAMMFCoucHJlZml4Ki5kb21h +aW4uY29tMQ8wDQYDVQQKEwZTZXJ2ZXIwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA +/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow +9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7 +g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi +64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV466 +1FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L ++iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC +gYATsU4dSb5vvYkuhnLJPYpiHOEOagLSwwggm8CD4JqA8CC/lzIJBI3LkR7Ve1Mw +xYiDbQQPaxGsdCxaDuE+rOHmJcCNxum4gIYxeOOGHLa9eezTXLu2s0kBgsWx3I0U +98lI4E+gRHiU27NXlNiEKvVq3GhzWvKdUqClbtLZ+67gzqN3MHUwHwYDVR0jBBgw +FoAUsjZ7PCKVgcZLkxE8xaWJ8cf5jmowMwYDVR0RBCwwKoIWYWx0ZXJuYXRlLm5h +bWUub25lLmNvbYIQYW5vdGhlci5uYW1lLmNvbTAdBgNVHQ4EFgQUas7dEjv/R3ig +GcCdPRLL5P3HPU8wCwYHKoZIzjgEAwUAAy8AMCwCFFuvuEosI+5a+lSmpEahvhyE +31WUAhR6+NkSdChlT0v6HmjyhBL1hLZYNA== +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/server-wc-private-key.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/server-wc-private-key.pem b/python/tests/proton_tests/ssl_db/server-wc-private-key.pem new file mode 100644 index 0000000..7bae296 --- /dev/null +++ b/python/tests/proton_tests/ssl_db/server-wc-private-key.pem @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: server-wc-certificate + localKeyID: 54 69 6D 65 20 31 35 30 31 37 31 30 38 31 38 34 39 33 +Key Attributes: <No Attributes> +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFt9KwMYb/OQCAggA +MBQGCCqGSIb3DQMHBAjQ+Hr462sAigSCAVAmqByfn+Ujb9TfpEI0d6mlW7Nyko00 +chzSFz61RVA/twfbLImhYvEo7P+UglcqGc1H3DaysDuMjbiNqgP25lDHO6ndhN7r +XaeNshI8U3RQfUrhTwcA2pGpHQ6t+TGNKifRuJMbcHxWDNr+Tdod8uUADZt8Ywb+ +WQOqIrByNJryx5i2yZT7FphYrz6N0L5cNKVIirNv9/FOlKiyuzzg5c4NmABkpajE +ZyT2H1p/qFipz8XeQ7BvFVDWSGn6Jb8vRvcc/swoCNSs8Wukr7tbryie2IbgktES +gw7mVOw/Wdw6u26Q8Dz1c+eyy1WPuCiubFKUK12Ul0X9KKYCufVvQPoQBsMGikRM +JcvrMd1cZ60pANJhnrogE6VEYE3NQrPC6SNao0NB+g4CW3tOH6m80H5+yHrMdvjo +MQNXdlwdNWrCEH6hXJxzuE1qM5Ajc82bfwo= +-----END ENCRYPTED PRIVATE KEY----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/server-wc-request.pem ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/server-wc-request.pem b/python/tests/proton_tests/ssl_db/server-wc-request.pem new file mode 100644 index 0000000..f6f13bd --- /dev/null +++ b/python/tests/proton_tests/ssl_db/server-wc-request.pem @@ -0,0 +1,16 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +MIICmTCCAlcCAQAwMDEdMBsGA1UEAwwUKi5wcmVmaXgqLmRvbWFpbi5jb20xDzAN +BgNVBAoTBlNlcnZlcjCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLf +Spwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4Ad +NG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQT +WhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGB +APfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0 +SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEk +O8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GEAAKBgBOxTh1Jvm+9 +iS6Gcsk9imIc4Q5qAtLDCCCbwIPgmoDwIL+XMgkEjcuRHtV7UzDFiINtBA9rEax0 +LFoO4T6s4eYlwI3G6biAhjF444Yctr157NNcu7azSQGCxbHcjRT3yUjgT6BEeJTb +s1eU2IQq9WrcaHNa8p1SoKVu0tn7ruDOoGUwYwYJKoZIhvcNAQkOMVYwVDAzBgNV +HREELDAqghZhbHRlcm5hdGUubmFtZS5vbmUuY29tghBhbm90aGVyLm5hbWUuY29t +MB0GA1UdDgQWBBRqzt0SO/9HeKAZwJ09Esvk/cc9TzALBgcqhkjOOAQDBQADLwAw +LAIUNn3ravBNvEsgZRjQd4EPPvQ1k9wCFEuakAyAzmt2ZfIKX3ZmTIgNKsvy +-----END NEW CERTIFICATE REQUEST----- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/server-wc.pkcs12 ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/server-wc.pkcs12 b/python/tests/proton_tests/ssl_db/server-wc.pkcs12 new file mode 100644 index 0000000..0ceccbc Binary files /dev/null and b/python/tests/proton_tests/ssl_db/server-wc.pkcs12 differ http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/9778eda8/python/tests/proton_tests/ssl_db/server.pkcs12 ---------------------------------------------------------------------- diff --git a/python/tests/proton_tests/ssl_db/server.pkcs12 b/python/tests/proton_tests/ssl_db/server.pkcs12 new file mode 100644 index 0000000..f3c19e2 Binary files /dev/null and b/python/tests/proton_tests/ssl_db/server.pkcs12 differ --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org
