URL: https://github.com/SSSD/sssd/pull/525 Author: sumit-bose Title: #525: TESTS: simple CA to generate certificates for test Action: opened
PR body: """ To avoid issue with certificate lifetimes a simple OpenSSL based CA is used to generate certificates for tests. To make management easy all related data is kept in src/tests/test_CA. Since some header files will be generated the generation of the needed files is added to BUILT_SOURCES as other generated code. Related to https://pagure.io/SSSD/sssd/issue/3436 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/525/head:pr525 git checkout pr525
From 8b7d88b1fcecfd7745493a32145cf0c3c76a6d56 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Thu, 14 Feb 2019 18:35:40 +0100 Subject: [PATCH 1/3] TESTS: simple CA to generate certificates for test To avoid issue with certificate lifetimes a simple OpenSSL based CA is used to generate certificates for tests. To make management easy all related data is kept in src/tests/test_CA. Since some header files will be generated the generation of the needed files is added to BUILT_SOURCES as other generated code. Related to https://pagure.io/SSSD/sssd/issue/3436 --- Makefile.am | 15 ++++- configure.ac | 4 +- contrib/sssd.spec.in | 6 ++ src/external/test_ca.m4 | 42 ++++++++++++ src/tests/test_CA/Makefile.am | 93 +++++++++++++++++++++++++++ src/tests/test_CA/README | 26 ++++++++ src/tests/test_CA/SSSD_test_CA.config | 47 ++++++++++++++ src/tests/test_CA/SSSD_test_CA_key.pem | 52 +++++++++++++++ src/tests/test_CA/SSSD_test_cert_0001.config | 20 ++++++ src/tests/test_CA/SSSD_test_cert_0002.config | 19 ++++++ src/tests/test_CA/SSSD_test_cert_key_0001.pem | 28 ++++++++ src/tests/test_CA/SSSD_test_cert_key_0002.pem | 28 ++++++++ 12 files changed, 378 insertions(+), 2 deletions(-) create mode 100644 src/external/test_ca.m4 create mode 100644 src/tests/test_CA/Makefile.am create mode 100644 src/tests/test_CA/README create mode 100644 src/tests/test_CA/SSSD_test_CA.config create mode 100644 src/tests/test_CA/SSSD_test_CA_key.pem create mode 100644 src/tests/test_CA/SSSD_test_cert_0001.config create mode 100644 src/tests/test_CA/SSSD_test_cert_0002.config create mode 100644 src/tests/test_CA/SSSD_test_cert_key_0001.pem create mode 100644 src/tests/test_CA/SSSD_test_cert_key_0002.pem diff --git a/Makefile.am b/Makefile.am index 25e996d2d..d2c095363 100644 --- a/Makefile.am +++ b/Makefile.am @@ -21,7 +21,7 @@ if HAVE_MANPAGES SUBDIRS += src/man endif -SUBDIRS += . src/tests/cwrap src/tests/intg +SUBDIRS += . src/tests/cwrap src/tests/intg src/tests/test_CA # Some old versions of automake don't define builddir builddir ?= . @@ -2411,6 +2411,7 @@ pam_srv_tests_SOURCES = \ $(NULL) pam_srv_tests_CFLAGS = \ -U SSSD_LIBEXEC_PATH -DSSSD_LIBEXEC_PATH=\"$(abs_builddir)\" \ + -I$(abs_builddir)/src \ $(AM_CFLAGS) \ $(NULL) pam_srv_tests_LDFLAGS = \ @@ -3286,6 +3287,7 @@ test_cert_utils_SOURCES = \ $(NULL) test_cert_utils_CFLAGS = \ $(AM_CFLAGS) \ + -I$(abs_builddir)/src \ $(CRYPTO_CFLAGS) \ $(NULL) test_cert_utils_LDADD = \ @@ -4974,6 +4976,17 @@ endif CLEANFILES += *.X */*.X */*/*.X +test_CA: test_CA.stamp + +test_CA.stamp: $(srcdir)/src/tests/test_CA/* + $(MAKE) -C src/tests/test_CA ca_all + touch $@ + +if BUILD_TEST_CA +BUILT_SOURCES += test_CA +endif +CLEANFILES += test_CA.stamp + tests: all $(check_PROGRAMS) (cd src/tests/cwrap && $(MAKE) $(AM_MAKEFLAGS) $@) || exit 1; diff --git a/configure.ac b/configure.ac index 69deb811e..725c28f52 100644 --- a/configure.ac +++ b/configure.ac @@ -208,6 +208,7 @@ m4_include([src/external/libresolv.m4]) m4_include([src/external/intgcheck.m4]) m4_include([src/external/systemtap.m4]) m4_include([src/external/service.m4]) +m4_include([src/external/test_ca.m4]) if test x$with_secrets = xyes; then m4_include([src/external/libhttp_parser.m4]) @@ -483,6 +484,7 @@ AM_CONDITIONAL([HAVE_CHECK], [test x$have_check != x]) AM_CHECK_CMOCKA AM_CHECK_UID_WRAPPER AM_CHECK_NSS_WRAPPER +AM_CHECK_TEST_CA # Check if the user wants SSSD to be compiled with systemtap probes AM_CHECK_SYSTEMTAP @@ -506,7 +508,7 @@ AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config contrib/sssd-pcsc.rules src/sysv/sssd src/sysv/gentoo/sssd src/sysv/SUSE/sssd po/Makefile.in src/man/Makefile src/tests/cwrap/Makefile - src/tests/intg/Makefile + src/tests/intg/Makefile src/tests/test_CA/Makefile src/lib/ipa_hbac/ipa_hbac.pc src/lib/ipa_hbac/ipa_hbac.doxy src/lib/idmap/sss_idmap.pc src/lib/idmap/sss_idmap.doxy src/lib/certmap/sss_certmap.pc src/lib/certmap/sss_certmap.doxy diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index f69f192fe..baa26a409 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -244,6 +244,12 @@ BuildRequires: libcurl-devel BuildRequires: gdm-pam-extensions-devel %endif +# Test CA requires openssl independent if SSSD is build with NSS or openssl, +# openssh is needed for ssh-keygen and iNSS builds need nss-tools for certutil +BuildRequires: openssl +BuildRequires: openssh +BuildRequires: nss-tools + %description Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward diff --git a/src/external/test_ca.m4 b/src/external/test_ca.m4 new file mode 100644 index 000000000..eb624acf3 --- /dev/null +++ b/src/external/test_ca.m4 @@ -0,0 +1,42 @@ +dnl Check for tools needed to run the test CA +AC_DEFUN([AM_CHECK_TEST_CA], +[ + AC_PATH_PROG([OPENSSL], [openssl]) + if test ! -x "$OPENSSL"; then + AC_MSG_NOTICE([Could not find openssl]) + fi + + AC_PATH_PROG([SSH_KEYGEN], [ssh-keygen]) + if test ! -x "$SSH_KEYGEN"; then + AC_MSG_NOTICE([Could not find ssh-keygen]) + else + AC_MSG_CHECKING([for -m option of ssh-keygen]) + if AC_RUN_LOG([$SSH_KEYGEN --help 2>&1 |grep -- '-m ' > /dev/null]); then + AC_MSG_RESULT([yes]) + else + SSH_KEYGEN="" + AC_MSG_RESULT([no]) + fi + fi + + if test x$cryptolib = xnss; then + AC_PATH_PROG([CERTUTIL], [certutil]) + if test ! -x "$CERTUTIL"; then + AC_MSG_NOTICE([Could not find certutil]) + fi + + AC_PATH_PROG([PK12UTIL], [pk12util]) + if test ! -x "$PK12UTIL"; then + AC_MSG_NOTICE([Could not find pk12util]) + fi + + AM_CONDITIONAL([BUILD_TEST_CA], [test -x "$OPENSSL" -a -x "$SSH_KEYGEN" -a -x "$CERTUTIL" -a -x "$PK12UTIL"]) + else + AM_CONDITIONAL([BUILD_TEST_CA], [test -x "$OPENSSL" -a -x "$SSH_KEYGEN"]) + fi + + AM_COND_IF([BUILD_TEST_CA], + [AC_DEFINE_UNQUOTED(HAVE_TEST_CA, 1, + [Build with certificates from test CA])], + [AC_MSG_WARN([Test CA cannot be build, skiping some tests])]) +]) diff --git a/src/tests/test_CA/Makefile.am b/src/tests/test_CA/Makefile.am new file mode 100644 index 000000000..a23a3feef --- /dev/null +++ b/src/tests/test_CA/Makefile.am @@ -0,0 +1,93 @@ +dist_noinst_DATA = \ + SSSD_test_CA.config \ + SSSD_test_CA_key.pem \ + SSSD_test_cert_0001.config \ + SSSD_test_cert_0002.config \ + SSSD_test_cert_key_0001.pem \ + SSSD_test_cert_key_0002.pem \ + $(NULL) + +openssl_ca_config = $(srcdir)/SSSD_test_CA.config +openssl_ca_key = $(srcdir)/SSSD_test_CA_key.pem +pwdfile = pwdfile + +configs := $(notdir $(wildcard $(srcdir)/SSSD_test_cert_*.config)) +ids := $(subst SSSD_test_cert_,,$(basename $(configs))) +certs = $(addprefix SSSD_test_cert_x509_,$(addsuffix .pem,$(ids))) +certs_h = $(addprefix SSSD_test_cert_x509_,$(addsuffix .h,$(ids))) +pubkeys = $(addprefix SSSD_test_cert_pubsshkey_,$(addsuffix .pub,$(ids))) +pubkeys_h = $(addprefix SSSD_test_cert_pubsshkey_,$(addsuffix .h,$(ids))) +pkcs12 = $(addprefix SSSD_test_cert_pkcs12_,$(addsuffix .pem,$(ids))) + +if HAVE_NSS +nssdb = p11_nssdb p11_nssdb_2certs +endif + +# If openssl is run in parallel there might be conflicts with the serial +.NOTPARALLEL: + +ca_all: clean serial SSSD_test_CA.pem $(certs) $(certs_h) $(pubkeys) $(pubkeys_h) $(pkcs12) $(nssdb) + +$(pwdfile): + @echo "12345678" > $@ + +SSSD_test_CA.pem: $(openssl_ca_key) $(openssl_ca_config) serial + $(OPENSSL) req -batch -config ${openssl_ca_config} -x509 -new -nodes -key $< -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out $@ + + +SSSD_test_cert_req_%.pem: $(srcdir)/SSSD_test_cert_key_%.pem $(srcdir)/SSSD_test_cert_%.config + $(OPENSSL) req -new -nodes -key $< -reqexts req_exts -config $(srcdir)/SSSD_test_cert_$*.config -out $@ + +SSSD_test_cert_x509_%.pem: SSSD_test_cert_req_%.pem $(openssl_ca_config) SSSD_test_CA.pem + $(OPENSSL) ca -config ${openssl_ca_config} -batch -notext -keyfile $(openssl_ca_key) -in $< -days 200 -extensions usr_cert -out $@ + +SSSD_test_cert_pkcs12_%.pem: SSSD_test_cert_x509_%.pem $(srcdir)/SSSD_test_cert_key_%.pem $(pwdfile) + $(OPENSSL) pkcs12 -export -in SSSD_test_cert_x509_$*.pem -inkey $(srcdir)/SSSD_test_cert_key_$*.pem -nodes -passout file:$(pwdfile) -out $@ + +SSSD_test_cert_pubkey_%.pem: SSSD_test_cert_x509_%.pem + $(OPENSSL) x509 -in $< -pubkey -noout > $@ + +SSSD_test_cert_pubsshkey_%.pub: SSSD_test_cert_pubkey_%.pem + $(SSH_KEYGEN) -i -m PKCS8 -f $< > $@ + +SSSD_test_cert_x509_%.h: SSSD_test_cert_x509_%.pem + @echo "#define SSSD_TEST_CERT_$* \""$(shell cat $< |openssl x509 -outform der | base64 -w 0)"\"" > $@ + +SSSD_test_cert_pubsshkey_%.h: SSSD_test_cert_pubsshkey_%.pub + @echo "#define SSSD_TEST_CERT_SSH_KEY_$* \""$(shell cut -d' ' -f2 $<)"\"" > $@ + +# This nss db is used in +# - src/tests/cmocka/test_cert_utils.c (validation only) +# - src/tests/cmocka/test_pam_srv.c +p11_nssdb: SSSD_test_cert_pkcs12_0001.pem SSSD_test_CA.pem $(pwdfile) + mkdir $@ + $(CERTUTIL) -d sql:./$@ -N --empty-password + $(CERTUTIL) -d sql:./$@ -A -n 'SSSD test CA' -t CT,CT,CT -a -i SSSD_test_CA.pem + $(PK12UTIL) -d sql:./$@ -i SSSD_test_cert_pkcs12_0001.pem -w $(pwdfile) + +# This nss db is used in +# - src/tests/cmocka/test_pam_srv.c +p11_nssdb_2certs: SSSD_test_cert_pkcs12_0001.pem SSSD_test_cert_pkcs12_0002.pem SSSD_test_CA.pem $(pwdfile) + mkdir $@ + $(CERTUTIL) -d sql:./$@ -N --empty-password + $(CERTUTIL) -d sql:./$@ -A -n 'SSSD test CA' -t CT,CT,CT -a -i SSSD_test_CA.pem + $(PK12UTIL) -d sql:./$@ p11_nssdb -i SSSD_test_cert_pkcs12_0001.pem -w $(pwdfile) + $(PK12UTIL) -d sql:./$@ p11_nssdb -i SSSD_test_cert_pkcs12_0002.pem -w $(pwdfile) + +CLEANFILES = \ + index.txt index.txt.attr \ + index.txt.attr.old index.txt.old \ + serial serial.old \ + SSSD_test_CA.pem $(pwdfile) \ + $(certs) $(certs_h) $(pubkeys) $(pubkeys_h) $(pkcs12) \ + $(NULL) + +clean-local: + rm -rf newcerts + rm -rf p11_nssdb + rm -rf p11_nssdb_2certs + +serial: clean + touch index.txt + mkdir newcerts + echo -n 01 > serial diff --git a/src/tests/test_CA/README b/src/tests/test_CA/README new file mode 100644 index 000000000..342fd5890 --- /dev/null +++ b/src/tests/test_CA/README @@ -0,0 +1,26 @@ +Simple CA for SSSD tests + +To avoid issues with certificate lifetimes during tests certificates can be +generated with a simple OpenSSL based CA. + +To create a new certificate add a suitable and valid OpenSSL config file with a +[req] section for a certificate signing request (CSR) which must use the name +pattern SSSD_test_cert_*.config. Additionally a matching key file +SSSD_test_cert_key_%.pem should be added e.g. with + + openssl genpkey -algorithm RSA -out SSSD_test_cert_key_XYZ.pem -pkeyopt rsa_keygen_bits:2048 + +It would be possible to generate the keys automatically as well but +pre-created keys will safe some resources on the hosts running the tests, +allow more flexibility with algorithms and key lengths and make the tests +more reproducible. + +The Makefile will pick up the config and the keys and generate a X.509 +certificate. For usage in C-code it will generate a header file +SSSD_test_cert_x509_*.h where the base64 encoded binary certificate is made +available in a macro called SSSD_TEST_CERT_*. To run test with derived ssh-keys +the ssh key is available in SSSD_test_cert_pubsshkey_*.h as +SSSD_TEST_CERT_SSH_KEY_*. + +Other targets for other types of tests can be added to the Makefile and should +be documented here. diff --git a/src/tests/test_CA/SSSD_test_CA.config b/src/tests/test_CA/SSSD_test_CA.config new file mode 100644 index 000000000..90ae2233c --- /dev/null +++ b/src/tests/test_CA/SSSD_test_CA.config @@ -0,0 +1,47 @@ +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = . +database = $dir/index.txt +new_certs_dir = $dir/newcerts + +certificate = $dir/SSSD_test_CA.pem +serial = $dir/serial +private_key = $dir/SSSD_test_CA_key.pem +RANDFILE = $dir/rand + +default_days = 365 +default_crl_days = 30 +default_md = sha256 + +policy = policy_any +email_in_dn = no + +name_opt = ca_default +cert_opt = ca_default +copy_extensions = copy + +[ usr_cert ] +authorityKeyIdentifier = keyid, issuer + +[ v3_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ policy_any ] +organizationName = supplied +organizationalUnitName = supplied +commonName = supplied +emailAddress = optional + +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +O = SSSD +OU = SSSD test +CN = SSSD test CA diff --git a/src/tests/test_CA/SSSD_test_CA_key.pem b/src/tests/test_CA/SSSD_test_CA_key.pem new file mode 100644 index 000000000..4838d0379 --- /dev/null +++ b/src/tests/test_CA/SSSD_test_CA_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDkKj9R0/ato8Qq +8iww/4BZc14oTk4e94pGssERG2b8wkcnq9gjn7rDaW0j7sqcEnEtR4nbn4dtjZz5 +pObXDRPebsZKf+jPac+PiIKwGMdEQFcrt/hZGlpxDrJKUt144ZmMH69CkBC1MREx +8GHl3oQ9hnLCE82j4D6i+iVRAFhD6dsmL8YWvzMtjklAiyF6yboD1Vjkxwv06wcZ +xgJptyFOcIM4RfRu212SQUmOZvfxIl9zmu6h4Vaz4Vm/e9qmRHJZ5cOJPC6wyhLn +iPyEiuRg7DAI226GO04Kl/Frus5fFrih/hq/GyqYVLHQHBdOZ0MgY/zcwD+eEVOX +KDFYKAbOwN9rDZC6UW3fPLHMnc0f/6q75s4Qvs3MyP0jtJaqjEe+DpW14u9kivUm +f6L/nFHgDMoYHavsUOXKHZu0NRAKAxj+IvAnHRlInPQktIzZQ2abYWix//bb7aDx +WhtOFN/rUXA1mqPahRxSgEst4QnSMxU0hPVET0TQO0A/XwozpkrM80NXOoq8m4kH +83vknwVurg3VaupctX5fsSZvSYunK4bJ/8+Om7c3pyrxqbV0Y/nwGzjMYIU/iQSM +XkDzs5MQfdWTmzQMsFUY7huQo0VA4s2mY96LmbABVCFnZTFSf+li3dNMadPpuTO+ +w5jhoR1tcYiWtIDPBuwIFMCwdN1N6QIDAQABAoICAC7SgKYBMokVp2cMxYbUl/lD +VJo+34c5U1YIztf84JiUIdgBStycpc3+L5iFI2z9193r5V19kmQoAIO2lGyjUWV/ +JBAbyaHu29pfsDoFC7d04K6nFT7ryo2S74GTGcH5wfHgeq3VNKiKRjYSV3S9wjOC +CMDNIZE0roXxgYDq6jIdpoxil2sJl64Mmfm104wII7Uvrgtc0ZZUOOPQH6SkISCg +tDzzFiM9vykJXtfrR4xjemUV8UylGo7Vev5xo0AlobXTEdpy0D4VaeW71d45Rn6h +WYYnybmgJ/bCkZeDAWDAH+mWZNS89XPHRaooaZv8Uuktu7FtfmCou5e0dtPZevPF +qSCExRRnEvBHxqR71e7NDZt8mHR5H9S+4Io6OMFEfTwFC13TNBEiNspg9XovAjfX +4u6wSYPKKLH88R5LAuLoBiD6dO+3SiimbaTeD/a+URCfIWUNycExS/3SnWCS2oxW +h8uS18DwbCbW0b5N8VYldfZ8QK3+GH2B4vV7ZGOFtUW43HUUPlxqL9lpakbAgPba +enrO2+YqzAIM5NWCvL1+fnaPVGc9deDi63sgq75VkJwBMoiBqIpwSUMUwOmL3RiC +NdixXJR/HgjP85UrZHQRlcCfSFMduNNjof0WgamXu2TLA4K2clbdiz1DwAgCBpLP +INKo4fiZZkjiEs3VS9iBAoIBAQD2DjnFAZ0USGpmRqecHhFOL9nZX/we/DCUrkRv +noiEP9lIz/ITmAzCvvUuyFQcDp3LBplB+T74nvfyMJ6AzbV1Kuw7CluIje5i3wKs +zYSc49EKxG3PvNlkpbrQkY2/FrBuwakZro/ByzrcCf783cey36IXc5s0EdXiqyB8 +Gn2yQQvyYShAmE1HjBjcURSC8bCn1OKQNR04gbnIIUbe5kn8IIM2SD8cUPIuvBTf +PAzAMT//6bKwi2v6Y9QK0qOIYEFLTEzonKeLlnErXxytb0wbwCbDWQLprYdSQR/3 +ctVykylPYuTXdCW5qLL5TGuxHKzJodOI0RF8A07CYj7dcQf5AoIBAQDtYuuKp+AT +ro7Oe4J1bUx/8YlAPDU4UgWbIQjAPUvdiRLZxVRecomNjDMvnz2G/lE8P3CPD0fD +DZSPhUqUnqanTYLAoVyQh8Zo8NjKJ1wlE9F5CZECeGz1RGZcQBUwK7tZr3EGNw/K +IShV8/6RVs+I3jjTll2oAoquJ4el0V7sitI6O3Bsh1AoVgZYmJV3qMdODcDJQjNj +SVetxExhsd2SJztjp5U0uTMf6fXH41CVKo3seRPvaxAhIDpG1He1XEKeeeq3l6Uu +vzpKmXvNmmzjCZLLY6APvLYv1o65UTn3N/MLIXjgEs07e2JNzhLhAuz5h6sPH0aM +bx+vOhugy1FxAoIBAQCvFcxRvSYzCpx7jocx9ctGoZIYtc5HlhhTk/Wqn1pxEKXi +w+Vzv9xEr3D0CySeml/52gYwBdWjQCsasTH4YWhfqV1TXbloX+ZjgGD86XkV0p4r +VT72dWET10Ipq4j7kn+VMETNu4Mb2StW693/vSiexbcnjOHBmXdixXZmGMucjeCc +ZjooTLeg07XU//TigGy94CQfjUvvq4+xMsylS6UVvWTguWP/GDJcwwTvHGHOWL07 +suWt7me1UlfOI7iuECAmHnMTinVGRJTe0d0sJGg5zu9GTg5ejVYfV6wRfisYTlM0 +5CAGl+VISRyhfJmc+9SP3ZESaAJTBl+CvjoRhJ6xAoIBAQC3Blq2mAJzClX+q0mF +ghTGXJLG3OTnnI3H8mtN1LTGhKXtE3CeNU8KvHrGj88fYrt9aSg+lLhukezlzw4W +kk/JlEBohsDYimaWiIONMVWhHKuX16FfNzxCyk7ld18euckEN/k7on5hCLmRs8Kl +ijoOu88yi6+AFx2XctDqLwgx9kJqNWPTuWw6/UB9VH+BN7ca3g2y3oDCX0zjpAKE +HF/KDMeEaTPn55acV4VxbTi3GY09MokFQhW4hKGJ9MyrHwwaJcOrc5ce+L9Xvwiu +GA816S6t9Az3tTb+oT1/cjnv+so/3bnVgYmM/+9mL6lspRXSuiBQU3vQUOkr7/BX +RAtxAoIBAQC2AQjrhdjyIhuzDGpL7A/IUfV9Fr37ytRY1r7pOwIVthGK3SmLbV2t +byT4LeS1XMkpuwfiM/w4uAbRz3QhMGfgv9wUjNCpR9fBd4VZqU9HPk6TasQhxxLU +q4O+XpvylEqPPzHkvpJUiVEfh7bXSoqbvTP7fUnJ/YzqMyq+NNkJzKccz8+I2BfN +/WXp6HmKAKhvF2mkFbo+2IXzJoCzHRorBvj/HzMc349cvHtYErJvHZQ2wgfY5CFC +y2/x/t1pQ6BhrJiNyC1s8jYtboY7mc1yAp6cvtWraOYYk6LCTLbRLPLNqEOKPUFH +xHflFSh7K6rCRfJGMKKFYtdA09/CAqh+ +-----END PRIVATE KEY----- diff --git a/src/tests/test_CA/SSSD_test_cert_0001.config b/src/tests/test_CA/SSSD_test_cert_0001.config new file mode 100644 index 000000000..b6c52a148 --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_0001.config @@ -0,0 +1,20 @@ +# This certificate is used in +# - src/tests/cmocka/test_cert_utils.c +# - src/tests/cmocka/test_pam_srv.c +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +O = SSSD +OU = SSSD test +CN = SSSD test cert 0001 + +[ req_exts ] +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "SSSD test Certificate" +subjectKeyIdentifier = hash +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection +subjectAltName = email:sssd-devel@lists.fedorahosted.org,URI:https://pagure.io/SSSD/sssd// diff --git a/src/tests/test_CA/SSSD_test_cert_0002.config b/src/tests/test_CA/SSSD_test_cert_0002.config new file mode 100644 index 000000000..8722ffa7e --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_0002.config @@ -0,0 +1,19 @@ +# This certificate is used in +# - src/tests/cmocka/test_pam_srv.c +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +O = SSSD +OU = SSSD test +CN = SSSD test cert 0002 + +[ req_exts ] +basicConstraints = CA:FALSE +nsCertType = client +nsComment = "SSSD test Certificate" +subjectKeyIdentifier = hash +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth +subjectAltName = email:sssd-devel@lists.fedorahosted.org,URI:https://pagure.io/SSSD/sssd// diff --git a/src/tests/test_CA/SSSD_test_cert_key_0001.pem b/src/tests/test_CA/SSSD_test_cert_key_0001.pem new file mode 100644 index 000000000..365c9897a --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_key_0001.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDX8xglLP+D54dG +V/lndmQ7YRg1GDuaZilzh/jfAva3psSYDnn1f9wmygNx0HUjlpG72pBOaYthdp1D +ZGayTlpSUY/3y7+pvokFlY0v9Xhg3yhUyRK95uS/LuY4L8uaoZxMXPW2iP3kzv2v +BQQlMuBCjL+ji/tX2Zl8CHUldY7QPtSLZcklXmRvu5jHPK5W/eh8E66UNeb/dueq +ZAzLBZb5g8Blv9dMjf/eSlM/R//au40ZBBa3CRpddaf/gOa9sNGVd6RmzwejZ47k +hPwkx6t23ZQ7bZkk0NI3H8+/sKkM6aWZaywmLvnyClIgjgZh5zKJgv0ZFAaQ/nST +a6ke3OetAgMBAAECggEAIHaO3qfREYcwssZu27rUfoiuFu05qJBLEu8R3pSXeiw7 +yZADjYBXHA2qTuXDdkIgTlkg8Gi1Z0VphsQFHDDjKxTPy7R5b48REiHVQ6xnGEjz +yysfAiU/pe3q9e9ZcDlzQZeH6JTXdhoX0MO0R9NKGzcFaBSXCDHR/O9YjPULLwq8 +K9wZpHV6DPajoPGmZgw1qQr7Lc35nVi9AeNyTGnSrUf4hdjKiA2WA0aC3fkeKQxp +8z6FJWKot84dGbhYK0fyM0uIMb4wS8gvTmvhjE5pltEstOY3bFebxJ5DtBJPqE5K +FL6k2tfcctuhiwDsRWar39H5SvXzxHbyaz0nwpI9AQKBgQD2Z+vpncVGZgnV0rwK +0dcdEMSCOj7i91OVS8IGAvwfpI6n8Hs6upO1PtqvWtnwt8lOMwF3omA5/25ZF1+K +Y6iPxnqcg4nApG1DVDXMrV1cWUa6Sc95afJE224sZA+yKiyTZsWdxfV5y5rc5V3L +ZOzXjHOW40W/ZuuNwKR5D9fyUQKBgQDgW5h+9NwyPg+01I9qQgsnlHPA9ndKamcH +QgnAhdM75wadPnVZTNsOa46pfg0Uy/yqYSo2NZz5CmN6W3baVanyUMMmhDWHmCuV +6nHmzwlJDiJz7S0ieEUi62NConZbU3YE6zjmKkMU0K8pZEisvX/Hb3K8Py4Jxyhy +JdX5FRmMnQKBgQCzK2GpX6VgyTWBm1hMbcUDR3v8TaoIk1rdhlaw1F7MC3YHu59/ +Vses1OVi+KbcmGbyS7hXa2SZB5kPgyVflZOt596kDCmQQH+Ko6LzD2SBkBETyDPq +zxTw6LW15ZRcMrpy/BnZ3WXfiCM1WDrZeKuXGHO8VcoToRzK2DdAKDsX4QKBgQCv +NHhrNHa8uaB0W8Y/eaHSX+jhWNehgmRA075f3WIvFmQg6cSkXxN2OGJpVCmNAxum +Rki7mrSh+w3iYIj5Sgp0U8OCUZ6n7BqlcTdPwoCCz4nyM9aaY4fCFEYopEx/VzcD +8lk1zO0j1S/kyA7E7xtZOFxGS6R9OE0KjyeA44xXNQKBgFRbzhYNerXwepfYi0bR +plJ8Jg4q4DI+m5QlKGjQLsX4e0sdyOgD8mV3iYofzrull5KZeRQy5qbO9EypFXQ5 ++16FbR7VTYgKcwHNtC+8EcsSVwgk57ox4jDY6A/X1DBKUT+m/XyJYE79ZCsFVvl+ +O8zzsFaOeoxTVyVxjHmuhZ6U +-----END PRIVATE KEY----- diff --git a/src/tests/test_CA/SSSD_test_cert_key_0002.pem b/src/tests/test_CA/SSSD_test_cert_key_0002.pem new file mode 100644 index 000000000..d80349f50 --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_key_0002.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCvhgVEGejE4Gcr +b2lXw2scPpvXa2BaJ2DtFNgofEKhPlBoS7E913YXIG+kSE2i7YezAzHyd0hVEBqR +QVlhGg5LCeOrQTRASSNUCgWzEXnRbPrvQbeZc7T6k1QIAmTNlpIc7mrO5bjOkR6Y +DVNTDmW90aCo4IyarJAru1xQTjS+TDtJNvIgqI1BtnpH67JXt/2UsQYAD4lQQmAf +gEj3a2bD+EuJVVFt4rar+QE3EUZi265cK3IfV6OkzDP/ZuN9sxr5adk0QE/2jC+b +1sB0VxLxWhGszuOtdhkO/bxcfjWj/EWGa0nezukDeob3k+b4f6Z5kfW9GJCdCOOQ +Rr1Mv6oZAgMBAAECggEAUICdZbCka7eoWemNXS1JsPieLV0YIgExmUsYIOls/dtA +sbUVo5FwngbIbYaj5PggZuAuRlCjIjBynvBj9/8lUxFEFEWhm2JwC5lVJ936Cy16 +ocV4Wa8R8GMmBU5jwU8v0Ikg/6eo7UTtzTs/XjaaP0cn8oyasE45CXWzTzmvQx+d +FwfcTkhc6KALf+CHTk7mE8QT3vMgVQMRiisF998fnJDkW9U4pPygcg1BAq8wjix8 +YwVAlk/Vq6MxmOViqTNEmnBd5dfZ/f9SYGkR7AvZgENEDNtkd7fE37YXdTSYfBWd +lhHm4UkTUSsHl+Xx5w5r/e9xcK/z/49WUJnK2mVcAQKBgQDUv+szGloLyy0OT9SK +qqqiL7AtUtfCRPH9Gk/UYBGLzktuioac9m1tDo5RsiInFjSmBe4wTGrkhrAJP1Vh +DOpXGqMe0cV/QqOL/XnsJi6ySHzGhiR+F+iBQLk13ya1TIiGIG65mxVU7ZceBWzH +AoAjkwV9c/lUGX3yhJ8zUPPYQQKBgQDTNL/WNNHx5PD8XV9voupVFh5nLA9CqCYR +/07O8pMKve/DjswT40mz/Bwd8xKPFIjTtPMuRd1mORnkF/Q/1WuO5dZG6UUTQT5V +KdtI8VwhQlTz7/DjXm4O+mkwY9vfhTQylUsqh2rX6WkIedj1b6rT5Jg6fHMn34N2 +/9UGEp6b2QKBgQCIJ4MIo3a5UYA2RpTJYcvuHALuHrSCWclcp/gq/Ih+JrpTtkfM +MFF7l/MxCYWd6jIrhmQXePB37FLAuE2V3MQklqGKWcnBVg6Ayum6Xf1Ij+d6zeKQ +6BAemCNv/K4zHRXKcPsrwbp3Lc6moeYpvsnu+mprDUulrOLT0FhqaQaFgQKBgQDG +dqfZUlMBub8VdWwri+wkvh8dldJVMYpsmPrmDh1MF8TIf1OXUJm+TiXhorqKxqH4 +Re3JSo9L8lY49qVmolZqteCPS73D5Sf8gNN1DJAlFJ6dhpdWIDLNUlMrzHoc5J9y +9MToFs24S7WN6GmN4Dum1wSQ2Mag7jArzyTOiwqNqQKBgFh12/YF4tiePqG1aOaB ++L5GgA/ux+6SNj5TkqeiKqPaptg1tnM/T/ChiWmwZzee1ZeMEBbDWtbEMf15In7/ +OM5OSMU+SIgWposXDTDKM9ZMQZW6h9IQy/IxwvF8BrroS0vF9vOXKOz4Aw+5Kugq +JxM2HRDRdC23CGRuGjv+hO4d +-----END PRIVATE KEY----- From 4de94572dba66fc88d1ab1a183b5242b625fca7e Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Thu, 14 Feb 2019 18:35:49 +0100 Subject: [PATCH 2/3] TESTS: replace hardcoded certificates Since the hardcoded certificates have a limited lifetime they are replaces by certificates from the test CA. Related to https://pagure.io/SSSD/sssd/issue/3436 --- src/tests/cmocka/test_cert_utils.c | 41 +++++---------- src/tests/cmocka/test_pam_srv.c | 104 ++++++++++++++----------------------- 2 files changed, 50 insertions(+), 95 deletions(-) diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c index f50030e49..dd58b73a7 100644 --- a/src/tests/cmocka/test_cert_utils.c +++ b/src/tests/cmocka/test_cert_utils.c @@ -34,6 +34,13 @@ #include "util/crypto/nss/nss_util.h" #include "util/crypto/sss_crypto.h" +#ifdef HAVE_TEST_CA +#include "tests/test_CA/SSSD_test_cert_pubsshkey_0001.h" +#include "tests/test_CA/SSSD_test_cert_x509_0001.h" +#else +#define SSSD_TEST_CERT_0001 "" +#define SSSD_TEST_CERT_SSH_KEY_0001 "" +#endif /* TODO: create a certificate for this test */ const uint8_t test_cert_der[] = { @@ -325,32 +332,6 @@ void test_sss_cert_derb64_to_ldap_filter(void **state) talloc_free(filter); } -#define SSH_TEST_CERT \ -"MIIECTCCAvGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu" \ -"REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA1MjMx" \ -"NDEzNDlaFw0xODA1MjQxNDEzNDlaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoG" \ -"A1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEP" \ -"ADCCAQoCggEBALfEAE0IUlOAgDTdZQGcYA03IPooixNnkUQruh0eU3uw+KYGQoS1" \ -"YCdCHJzRc+IfuqdNntgtGDIpWADRwB4h963pBImpMSU5L1T4uiHNCpvl9eMt4ynk" \ -"xduOa+JmJUvqvwe7Gj9iDql4lWmJcXvq74/yOc3MBSPQCdg/pHZU65+NjSZmZzlN" \ -"eNV3tQKrhMe6tM00pai2igXilfUpzOU2v+AX69oOesrqTUl9i2eCUirGanR9l95d" \ -"yVCcmIDJd2P2NLIkhbHGRitfTC/tQZ4G+Edg9STw8Y+4ljp2rTHs59dWRBe2Gn8Z" \ -"Zt8zZ5WuNxARVF1THI9X6ydX/uoaz8R7pfkCAwEAAaOCASYwggEiMB8GA1UdIwQY" \ -"MBaAFPci/0Km5D/L5z7YqwEc7E1/GwgcMDsGCCsGAQUFBwEBBC8wLTArBggrBgEF" \ -"BQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8E" \ -"BAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGsw" \ -"aaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JM" \ -"LmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRl" \ -"IEF1dGhvcml0eTAdBgNVHQ4EFgQUMydoshxYXhDXOMo/EETvrZaQuBwwDQYJKoZI" \ -"hvcNAQELBQADggEBADIrTFNvEdZGna7jD1xpiLGGUwCi11GQT+Txg5B7dydUn5U5" \ -"32zSBBZV6bsy0E+PiiAgehJObv9hBaOWnhp7ltNyQod1OLdI1t988ow2wxHvUEEi" \ -"MhRF0h2RJwdYIUIIF7XC01mKBOFj/84vvMOgLToZnGqVzArkzpr1aCaHI7EoTkpb" \ -"V16v+drZkXc47JuHg5CRjTHV/kFPm63gQ8Fstmw/dQZBzbCiVzmcG0Xm9r4jMOOf" \ -"YjVueMt/jk1LP4KoSCBY6kLMcpL5rQm53hO82rPAgV695rjdPlIUm09dvkCl28ZD" \ -"109Ju18eAaaVFewK82NDg9rsNraBKxMCBSgg0es=" - -#define SSH_PUB_KEY "AAAAB3NzaC1yc2EAAAADAQABAAABAQC3xABNCFJTgIA03WUBnGANNyD6KIsTZ5FEK7odHlN7sPimBkKEtWAnQhyc0XPiH7qnTZ7YLRgyKVgA0cAeIfet6QSJqTElOS9U+LohzQqb5fXjLeMp5MXbjmviZiVL6r8Huxo/Yg6peJVpiXF76u+P8jnNzAUj0AnYP6R2VOufjY0mZmc5TXjVd7UCq4THurTNNKWotooF4pX1KczlNr/gF+vaDnrK6k1JfYtnglIqxmp0fZfeXclQnJiAyXdj9jSyJIWxxkYrX0wv7UGeBvhHYPUk8PGPuJY6dq0x7OfXVkQXthp/GWbfM2eVrjcQEVRdUxyPV+snV/7qGs/Ee6X5" - void test_cert_to_ssh_key(void **state) { int ret; @@ -366,13 +347,13 @@ void test_cert_to_ssh_key(void **state) struct test_state *ts = talloc_get_type_abort(*state, struct test_state); assert_non_null(ts); - der = sss_base64_decode(ts, SSH_TEST_CERT, &der_size); + der = sss_base64_decode(ts, SSSD_TEST_CERT_0001, &der_size); assert_non_null(der); - exp_key = sss_base64_decode(ts, SSH_PUB_KEY, &exp_key_size); + exp_key = sss_base64_decode(ts, SSSD_TEST_CERT_SSH_KEY_0001, &exp_key_size); assert_non_null(exp_key); - ret = cert_to_ssh_key(ts, "sql:" ABS_SRC_DIR "/src/tests/cmocka/p11_nssdb", + ret = cert_to_ssh_key(ts, "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb", der, der_size, &cert_verify_opts, &key, &key_size); assert_int_equal(ret, EOK); assert_int_equal(key_size, exp_key_size); @@ -407,8 +388,10 @@ int main(int argc, const char *argv[]) setup, teardown), cmocka_unit_test_setup_teardown(test_sss_cert_derb64_to_ldap_filter, setup, teardown), +#ifdef HAVE_TEST_CA cmocka_unit_test_setup_teardown(test_cert_to_ssh_key, setup, teardown), +#endif }; /* Set debug level to invalid value so we can decide if -d 0 was used. */ diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c index c510c2d3b..e68e81f97 100644 --- a/src/tests/cmocka/test_pam_srv.c +++ b/src/tests/cmocka/test_pam_srv.c @@ -38,6 +38,14 @@ #include "util/crypto/nss/nss_util.h" #endif +#ifdef HAVE_TEST_CA +#include "tests/test_CA/SSSD_test_cert_x509_0001.h" +#include "tests/test_CA/SSSD_test_cert_x509_0002.h" +#else +#define SSSD_TEST_CERT_0001 "" +#define SSSD_TEST_CERT_0002 "" +#endif + #define TESTS_PATH "tp_" BASE_FILE_STEM #define TEST_CONF_DB "test_pam_conf.ldb" #define TEST_DOM_NAME "pam_test" @@ -52,55 +60,11 @@ #define TEST_TOKEN_NAME "SSSD Test Token" #define TEST_MODULE_NAME "NSS-Internal" -#define TEST_KEY_ID "A5EF7DEE625CA5996C8D1BA7D036708161FD49E7" -#define TEST_PROMPT "Server-Cert\nCN=ipa-devel.ipa.devel,O=IPA.DEVEL" -#define TEST_TOKEN_CERT \ -"MIIECTCCAvGgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu" \ -"REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA1MjMx" \ -"NDE0MTVaFw0xODA1MjQxNDE0MTVaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoG" \ -"A1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEP" \ -"ADCCAQoCggEBALHvOzZy/3llvoAYxrtOpux0gDVvSuSRpTGOW/bjpgdTowvXoOb5" \ -"G9Cy/9S6be7ZJ9D95lc/J9W8tX+ShKN8Q4b74l4WjmILQJ4dUsJ/BXfvoMPR8tw/" \ -"G47dGbLZanMXdWGBSTuXhoiogZWib2DhSwrX2DbEH5L3OWooeAVU5ZWOw55/HD7O" \ -"Q/7Of7H3tf4bvxNTFkxh39KQMG28wjPZSv+SZWNHMB+rj2yZgyeHBMkoPOPesAEi" \ -"7KKHxw1MHSv2xBI1AiV+aMdKfYUMy0Rq3PrRU4274i3eaBX4Q9GnDi36K/7bHjbt" \ -"LW0YTIW/L5/cH/BO88BREjxS3bEXAQqlKOcCAwEAAaOCASYwggEiMB8GA1UdIwQY" \ -"MBaAFPci/0Km5D/L5z7YqwEc7E1/GwgcMDsGCCsGAQUFBwEBBC8wLTArBggrBgEF" \ -"BQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8E" \ -"BAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGsw" \ -"aaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JM" \ -"LmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRl" \ -"IEF1dGhvcml0eTAdBgNVHQ4EFgQUIJuWIts3m3uEYqJ9pUL0y7utTiEwDQYJKoZI" \ -"hvcNAQELBQADggEBAB0GyqGxtZ99fsXA1+fHfAwKOwznT7Hh8hN9efEMBJICVud+" \ -"ivUBOH6JpSTWgNLuBhrpebV/b/DSjhn+ayuvoPWng3hjwMbSEIe0euzCEdwVcokt" \ -"bwNMMSeTxSg6wbJnEyZqQEIr2h/TR9dRNxE+RbQXyamW0fUxSVT16iueL0hMwszT" \ -"jCfI/UZv3tDMHbh6D4811A0HO8daW7ufMGb/M+kDxYigJiL2gllMZ+6xba1RRgzF" \ -"8Z+9gqZhCa7FEKJOPNR9RVtJs0qUUutMZrp1zpyx0GTmXQBA7LbgPxy8L68uymEQ" \ -"XyQBwOYRORlnfGyu+Yc9c3E0Wx8Tlznz0lqPR9g=" - -#define TEST2_KEY_ID "C8D60E009EB195D01A7083EE1D5419251AA87C2C" -#define TEST2_PROMPT "ipaCert\nCN=IPA RA,O=IPA.DEVEL" -#define TEST_TOKEN_2ND_CERT \ -"MIIDazCCAlOgAwIBAgIBBzANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu" \ -"REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA1MjMx" \ -"NDEzMDFaFw0xODA1MTMxNDEzMDFaMCUxEjAQBgNVBAoMCUlQQS5ERVZFTDEPMA0G" \ -"A1UEAwwGSVBBIFJBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3abE" \ -"8LmIc6QN16VVxsMlN/rrCOoZKyyJolSzpP4+K66t+KZUiW/1j1MZogjyYyD39U1F" \ -"zpa2H+pID74XYrdiqP7sp+uE9/k2XOv/nN3FobXDt+fSINLDriCmxNhUZqpgo2uq" \ -"Mmka+yx2iJZwkntEoJTcd3aynoa2Sa2ZZbkMBy5p6/pUQKwnD6scOwe6mUDppIBK" \ -"+ZZRm+u/NDdIRFI5wfKLRR1r/ONaJA9nz1TxSEsgLsjG/1m+Zbb6lGG4pePIFkQ9" \ -"Iotpi64obBh93oIxzQR29lBG/FMjQVHlPIbx+xuGx11Vtp5pAomgFz0HRrj0leI7" \ -"bROE+jnC/VGPLQD2aQIDAQABo4GWMIGTMB8GA1UdIwQYMBaAFPci/0Km5D/L5z7Y" \ -"qwEc7E1/GwgcMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAYYlaHR0cDovL2lw" \ -"YS1kZXZlbC5pcGEuZGV2ZWw6ODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYD" \ -"VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBg" \ -"4Sppx2C3eXPJ4Pd9XElkQPOaBReXf1vV0uk/GlK+rG+aAqAkA2Lryx5PK/iAuzAU" \ -"M6JUpELuQYgqugoCgBXMgsMlpAO/0C3CFq4ZH3KgIsRlRngKPrt6RG0UPMRD1CE2" \ -"tSVkwUWvyK83lDiu2BbWDXyMyz5eZOlp7uHusf5BKvob8jEndHj1YzaNTmVSsDM5" \ -"kiIwf8qgFhsO1HCq08PtAnbVHhqkcvnmIJN98eNWNfTKodDmFVbN8gB0wK+WB5ii" \ -"WVOw7+3/zF1QgqnYX3t+kPLRryip/wvTZkzXWwMNj/W6UHgjNF/4gWGoBgCHu+u3" \ -"EvjMmbVSrEkesibpGQS5" +#define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17" +#define TEST_PROMPT "SSSD test cert 0001 - SSSD\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD" +#define TEST2_KEY_ID "5405842D56CF31F0BB025A695C5F3E907051C5B9" +#define TEST2_PROMPT "SSSD test cert 0002 - SSSD\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD" static char CACHED_AUTH_TIMEOUT_STR[] = "4"; static const int CACHED_AUTH_TIMEOUT = 4; @@ -187,7 +151,7 @@ static errno_t setup_nss_db(void) DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n"); return ret; } - ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/cmocka/p11_nssdb' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_SRC_DIR); + ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/test_CA/p11_nssdb' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_BUILD_DIR); if (ret < 0) { DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n"); return ret; @@ -208,7 +172,7 @@ static errno_t setup_nss_db(void) DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n"); return ret; } - ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/cmocka/p11_nssdb_2certs' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_SRC_DIR); + ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/test_CA/p11_nssdb_2certs' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_BUILD_DIR); if (ret < 0) { DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n"); return ret; @@ -451,6 +415,7 @@ static int pam_test_setup(void **state) return 0; } +#ifdef HAVE_TEST_CA #ifdef HAVE_NSS static int pam_test_setup_no_verification(void **state) { @@ -476,6 +441,7 @@ static int pam_test_setup_no_verification(void **state) return 0; } #endif /* HAVE_NSS */ +#endif /* HAVE_TEST_CA */ static int pam_cached_test_setup(void **state) { @@ -1915,6 +1881,7 @@ static int test_lookup_by_cert_cb(void *pvt) return EOK; } + static int test_lookup_by_cert_cb_2nd_cert_same_user(void *pvt) { int ret; @@ -1927,7 +1894,7 @@ static int test_lookup_by_cert_cb_2nd_cert_same_user(void *pvt) attrs = sysdb_new_attrs(pam_test_ctx); assert_non_null(attrs); - der = sss_base64_decode(pam_test_ctx, TEST_TOKEN_2ND_CERT, &der_size); + der = sss_base64_decode(pam_test_ctx, SSSD_TEST_CERT_0002, &der_size); assert_non_null(der); ret = sysdb_attrs_add_mem(attrs, SYSDB_USER_MAPPED_CERT, der, der_size); @@ -2033,7 +2000,7 @@ void test_pam_preauth_cert_match(void **state) set_cert_auth_param(pam_test_ctx->pctx, NSS_DB); mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL, NULL, - test_lookup_by_cert_cb, TEST_TOKEN_CERT, false); + test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, false); will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH); will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); @@ -2057,7 +2024,7 @@ void test_pam_preauth_cert_match_gdm_smartcard(void **state) mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL, "gdm-smartcard", test_lookup_by_cert_cb, - TEST_TOKEN_CERT, false); + SSSD_TEST_CERT_0001, false); will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH); will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); @@ -2080,7 +2047,7 @@ void test_pam_preauth_cert_match_wrong_user(void **state) mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL, NULL, test_lookup_by_cert_wrong_user_cb, - TEST_TOKEN_CERT, false); + SSSD_TEST_CERT_0001, false); will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH); will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); @@ -2111,7 +2078,7 @@ void test_pam_preauth_cert_no_logon_name(void **state) * request will be done with the username found by the certificate * lookup. */ mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL, NULL, NULL, NULL, - test_lookup_by_cert_cb, TEST_TOKEN_CERT, false); + test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, false); mock_account_recv_simple(); mock_parse_inp("pamuser", NULL, EOK); @@ -2140,7 +2107,7 @@ void test_pam_preauth_cert_no_logon_name_with_hint(void **state) * during pre-auth and there is no need for an extra mocked response as in * test_pam_preauth_cert_no_logon_name. */ mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL, NULL, NULL, NULL, - test_lookup_by_cert_cb, TEST_TOKEN_CERT, false); + test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, false); will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH); will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); @@ -2162,7 +2129,8 @@ void test_pam_preauth_cert_no_logon_name_double_cert(void **state) set_cert_auth_param(pam_test_ctx->pctx, NSS_DB); mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL, NULL, NULL, NULL, - test_lookup_by_cert_double_cb, TEST_TOKEN_CERT, false); + test_lookup_by_cert_double_cb, SSSD_TEST_CERT_0001, + false); will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH); will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); @@ -2185,7 +2153,8 @@ void test_pam_preauth_cert_no_logon_name_double_cert_with_hint(void **state) pam_test_ctx->rctx->domains->user_name_hint = true; mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL, NULL, NULL, NULL, - test_lookup_by_cert_double_cb, TEST_TOKEN_CERT, false); + test_lookup_by_cert_double_cb, SSSD_TEST_CERT_0001, + false); will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH); will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); @@ -2258,8 +2227,8 @@ void test_pam_cert_auth(void **state) * in the cache and no second request to the backend is needed. */ mock_input_pam_cert(pam_test_ctx, "pamuser", "123456", "SSSD Test Token", "NSS-Internal", - "A5EF7DEE625CA5996C8D1BA7D036708161FD49E7", NULL, - test_lookup_by_cert_cb, TEST_TOKEN_CERT, true); + "C554C9F82C2A9D58B70921C143304153A8A42F17", NULL, + test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, true); will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE); will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); @@ -2292,8 +2261,8 @@ void test_pam_cert_auth_no_logon_name(void **state) * in the cache and no second request to the backend is needed. */ mock_input_pam_cert(pam_test_ctx, NULL, "123456", "SSSD Test Token", "NSS-Internal", - "A5EF7DEE625CA5996C8D1BA7D036708161FD49E7", NULL, - test_lookup_by_cert_cb, TEST_TOKEN_CERT, true); + "C554C9F82C2A9D58B70921C143304153A8A42F17", NULL, + test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, true); mock_account_recv_simple(); mock_parse_inp("pamuser", NULL, EOK); @@ -2354,8 +2323,9 @@ void test_pam_cert_auth_double_cert(void **state) mock_input_pam_cert(pam_test_ctx, "pamuser", "123456", "SSSD Test Token", "NSS-Internal", - "A5EF7DEE625CA5996C8D1BA7D036708161FD49E7", NULL, - test_lookup_by_cert_double_cb, TEST_TOKEN_CERT, true); + "C554C9F82C2A9D58B70921C143304153A8A42F17", NULL, + test_lookup_by_cert_double_cb, SSSD_TEST_CERT_0001, + true); will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE); will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); @@ -2380,7 +2350,7 @@ void test_pam_cert_preauth_2certs_one_mapping(void **state) set_cert_auth_param(pam_test_ctx->pctx, NSS_DB_2CERTS); mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL, NULL, - test_lookup_by_cert_cb, TEST_TOKEN_CERT, false); + test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, false); will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH); will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); @@ -2403,7 +2373,7 @@ void test_pam_cert_preauth_2certs_two_mappings(void **state) mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL, NULL, test_lookup_by_cert_cb_2nd_cert_same_user, - TEST_TOKEN_CERT, false); + SSSD_TEST_CERT_0001, false); will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH); will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); @@ -2812,6 +2782,7 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(test_pam_cached_auth_failed_combined_pw_with_cached_2fa, pam_cached_test_setup, pam_test_teardown), +#ifdef HAVE_TEST_CA /* p11_child is not built without NSS */ #ifdef HAVE_NSS cmocka_unit_test_setup_teardown(test_pam_preauth_cert_nocert, @@ -2856,6 +2827,7 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(test_pam_cert_auth_no_logon_name_no_key_id, pam_test_setup, pam_test_teardown), #endif /* HAVE_NSS */ +#endif /* HAVE_TEST_CA */ cmocka_unit_test_setup_teardown(test_filter_response, pam_test_setup, pam_test_teardown), From 191930e48efc5d1753dfbac084f321d0f43de99c Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Tue, 20 Feb 2018 17:41:42 +0100 Subject: [PATCH 3/3] TESTS: remove NSS test databases NSS databases with the certificates from the test CA will be automatically generated. The static databases are not needed anymore. Related to https://pagure.io/SSSD/sssd/issue/3436 --- Makefile.am | 4 ---- src/tests/cmocka/p11_nssdb/cert9.db | Bin 28672 -> 0 bytes src/tests/cmocka/p11_nssdb/key4.db | Bin 36864 -> 0 bytes src/tests/cmocka/p11_nssdb_2certs/cert9.db | Bin 36864 -> 0 bytes src/tests/cmocka/p11_nssdb_2certs/key4.db | Bin 36864 -> 0 bytes src/tests/cmocka/p11_nssdb_2certs/pkcs11.txt | 4 ---- 6 files changed, 8 deletions(-) delete mode 100644 src/tests/cmocka/p11_nssdb/cert9.db delete mode 100644 src/tests/cmocka/p11_nssdb/key4.db delete mode 100644 src/tests/cmocka/p11_nssdb_2certs/cert9.db delete mode 100644 src/tests/cmocka/p11_nssdb_2certs/key4.db delete mode 100644 src/tests/cmocka/p11_nssdb_2certs/pkcs11.txt diff --git a/Makefile.am b/Makefile.am index d2c095363..e1bc4aecb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -477,10 +477,6 @@ dist_noinst_DATA = \ contrib/ci/distro.sh \ contrib/ci/misc.sh \ contrib/ci/sssd.supp \ - src/tests/cmocka/p11_nssdb/cert9.db \ - src/tests/cmocka/p11_nssdb/key4.db \ - src/tests/cmocka/p11_nssdb_2certs/cert9.db \ - src/tests/cmocka/p11_nssdb_2certs/key4.db \ $(SYSTEMTAP_PROBES) \ $(NULL) diff --git a/src/tests/cmocka/p11_nssdb/cert9.db b/src/tests/cmocka/p11_nssdb/cert9.db deleted file mode 100644 index 71b5f530d89097275a31a018b4f764328c329a10..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 28672 zcmeI43tSY{9>-^PW*3&%AP-js+>Ht_z@6C_4~?gw=*m-3(4u8obP<7;RZ&C{6Gg9B znxT0M!qBYD@QR<VSouOty{1B``ARWK@{yX)Qab1CF0T(=Z}_>N>eCrMbM}88|KFVR zJ!k&2GrMe3f?99XNiuT{Q#D43oNy#ak_eMX2!gN%yA{|i8y^_7B?Df`PWEq^)`b5< zgFSPP5ZKa$9m6!(9<nX9jRqOKVFH){CV&ZG0+;|MfC*p%e-ME%fj}e@lPUU~3|)bC zibkK2lb;_yEj?SWwTeuP3Lg_CiHRK+HC}@1Byq8l_IinrhGS)eLik8wEK<nUr0cTV zTL`)+pt|k~@<GFBfyhlvzJUDmr=@4<w8nM?eisFEZFdch<pzaQ0#Sd<IQ04X({zS* z5xR?rsj|C9AU9~CoU{^&#bmkCs7cS(wY#?)JhRT2@CbEOXAb%dNql0==<vi8$*8Cl z$=KMKgt1ZZ2$6BI(dwAUF_Q3zxWqAj5)BJ>4(u|p%b|@5U<n6{0%0}~W&=?cHVIU~ zL<tiWOafpM2$LX~Xkd~Kk{~3-no^|5LJf{J9S5p#ER^9`sKc>Ph-0A=$3iKNg<2d7 z#W+?AQ*-xB{X@z!lZ}*RNLhxIWk^|ulx0X+hLq*VOOCwc$V-mA<j6~fYE`IKg=$r( zR%NP1nku9jfLbCx90DXmBbBkxSB6F^L%mh7V3TpM*la>wIchCOt>vgSs6<Un4PhGv zBBfyAu@#7v0+CXnqbkr*6=+_R$XAKflt@j9e6>2ITp?FNNwW!c%_ba}*@Q<hn{bF` z6OPktLV#uyQZ$(eirMUNLwL-k9d0U%o2sKbz_fG+n3nDU)6yMaT6BSF=?*Y0y1?wD z3)c)hFerr!$85sYV>aOuGMgD4rmn-xY&X$DFtttZ=uSH9PKHv$W~3wHfpBhFgdMh3 z$W=juIG#WhB_;_|_;@)R+|j3LrWtclKCS)SP2<{43WQpCe^1zhozJTvY|aWV^F!zu zVB!rE_@fETm-1)OE)EV(-8<sqq#zu?A3->PTBld+h;B_#Rd=u7k@r=f+W?yLNTP;F zg?`|r=6cb!^ocdAvzNN9KcdQ;r+FCDLV^v|5vjG;ho}r~Gj*R8_uE?^yY7mySeZNW z;%hZr`Gh;o>#UO2+8(dEbl>gB=C-D7Q?H%$KJxI=xKQt}w%5&F{>s|fk)=Ohc(HGJ zx^39o9*Mi=@@HJH+I{rq=}@=wGyON8%*q!{)69z*Qc=3-y?HCEb6+|?%I5e9)gJNk zyFpn#1^hAJtt{XD_FVUn!;y~;&#k>%_sH#Y=cK-B&ADT*vQxM3lAj#ewp^zj&Wb-+ zmc4qu_d@y$pP|iXKPEk|R4?3TulDf0v&Tuvdv?y`eItt&*c}{}b^5{4q^0#2{LfBy zy%%|Oy@US)-$$ngs;>G^?WbPwxwP`M_{Z2=I})6RCZ4Gkkv26xEhKmpNX|3R)7xjP zpxdN8jz65V|9x`-8*J^M@B?X|*IRx#oD`XaW`k95POPJV8cW;Q31i~J2M>!%j#6_2 zS$9}Q*||pQ3`TvXUaJ8QJ;SFNC+8aU#+f`Ymp~%1^G@V>75XgL(L6nNTXI~&f%jLX ze0=#;Vw=wW%hMU|Ne2VGW=@<EQszUUW$H(iKS#K98Fhi;u><;jqwXpPM%@ZZz#42H zr36@#$Z)oVTEdp_@~bEw$pa%}?FGW;N=KC5wI@kiKG8cu>_Cw{r(%^dIj7)cGF7U` zUfwy|OVtw6vvc=IK0%d`48fL=HoOurwtwH;uwp=1ZRpubQShq1$Hz@nDzb*1C>oU8 zJYI6bwPA5+a$N0$zO!a-9jg6S_w>f_qSu~^cxm(I@t-wTw;i6O4p@Ef>+<7Yt_iwS zc679-OR>YrcbdeB*FW2NJIOI_QTq9<zl?6(S(a(LGQ+wl)jsRgj0ZcevBO56St%`b zNX^(;Z|fB6vgIO~bi1wDyJB24?YU*5XoPjYMXMHya&$SXqYWO(@dISiya(a|b!#g( zyy@t<|C{@b)%|}y6|mi7=f~c~4_$4>=Ng!o*NiI<Nl8t*Tdo_va#`b{FvY@&KX0!y zPJbtHX|poDMIZ2q-_eaTjDmO14Op<bqTsvaq?J3bYHUP23Y=MM=dEYwy~~Qh3if!K z?#K2mcDd`>7P0PP=)snd6CaT7S4Piuvvy}0*ua@2+h{&Zffv>R7BH}Y25Vt2>jCo) zbYHq>|8Rk|uYlz9tw@pv@8wv|l4r@%XD1ttdBIYtK2PJHp_{JD9t^C($O;Z*rCN<N zSDT;Lc`m_H19M3dQK@qi96}4n79aR&)Tc6czq<z`&TV?8acf!V>AHDzcvZFYy>+XX z3ZGXN%kF2YdHj+i!SPo08<XqGmJ7A-Qy;1ugJuuiG~4;^g|Zc)u}`Hf(%#7l{~+Vw zwrHF8GE_r6L-t$UY9$|(4b%nswXSd@##h*7wp^&UNwHaW)-Ofs8vNF+%Qw6?Eje+L ze{mF-87JKG&9D(e0?s{GfBU1RrO}bCU!6>yvqEEUef7mgDncy^aJyym*7QDBhf=EJ z4VBru-aCIl*557T{+{`HA+5h`-8Qs9l(kMl-h4B8uv<h;*qKLOp{c8U>w?r3`v1&d z?(SW<IKE+`zASB-!AG#leoz=ZZF_fiz;m}(;VgVn;|%{t7aFLQyGHJQI&QW7r<+1R zeCGWz@!7%k^YKp{pM@|!Cw1P5aXGVS-qy_0m???Mm%dFMRd_XVY?^fI*R=B5l0vIT zUw&V{u57WGMDf{^c-5<0d^Y}n<1-lbI8%I1(ix`f4F2%K!<NuO5Snk8L$k2k`O>@D z?h=|6oDzg)E)Ya&1&Guz3vL8^x+J=@13)+cmqh0t&S?;U|9fEmyT9cz1?Cdc3z2$k zXdYq-r69CQS%22ok_Vwx+$pqbH63xaJ*ajG<MfZFF#asvmvynIP-MHsV~sG%i|MKC z6joowRY^<zf9n8X;-y+cwsf>6->5T0CaMRg>vO6V?}En)oC9kImxqlVAGFeH9`_Ea z)3rsi<_*tN0c#3hNv|%diTLSY{l?g*x-E2cVek+fc&E0mvS?1jj^i!+X4}~ev1^H| zJ%7`=Xyy$&dO0t-WzOQ;WZ;~#nrFT)K6Xto;PTA6xw$_cEARhkitnbX+w12SXm{*A z=D2XntSh_voOU&o`R7t<&U;0JPw>volbpS>!XkXX5jPG$o)FL{Bx;N3iw$oaz0Jjp zx!vmfwseGg*P+ILc<+B0oqP7kA&*aHG0T)q_EtmorB0}?WHa03m#KzDRbHNVN>bF5 zuGLQ6m=JB(aHI0ml64y4M-7hEu|u1Rq9(-rYvk*RKd3XeO*{P0+9Mg4ULeA*Z2dOW zeY<qi-~$@Rv}ed2m-+<tpENuBqx%b=&wp7lLF`-+bn95^vf(G5<ia5A%}L$kU5pLr z2A^pnn0w51<`Q!Tn0UhkFab;e6Tk#80ZafBzyvS>OaK$W1TcZW00C=?CgI1Jd}zRr z$7r+BN<jlYkmXrXv=Ba{G~NF@5{x6Wms!HZGp>Ju0pc!V0+;|MfC*p%m;fe#319-4 z049J5U;<A_fTjqNA50bW@~c;L?_H_hyYhml0%7mIJ!HE7FC>`V%zS1)vxq5tLV(yE z6Tk#80ZafBzyvS>OaK$W1TX<i029CjIuo#>oJjD`#eDe4;YpqwK!08UW$e{I1(@#t z_Yh1IbA!3e9Afr#?jp7^0ZafBzyvS>OaK$W1TX<i029CjFab>9&qBcRAi?}fyHI{) z_g{sg%#}O`%2U|sCrM2A{~r=eGt<BvV7_NQ{IiS-_X88a1TX<i029CjFab;e6Tk#8 l0ZafB_<IuQM=8jje#Fo84FXu((=WeL==%X8N+ImY_g9h(4TJyy diff --git a/src/tests/cmocka/p11_nssdb/key4.db b/src/tests/cmocka/p11_nssdb/key4.db deleted file mode 100644 index 8d5b33729cde8b49a82268f6cf526f1447043f36..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 36864 zcmeI5c|276|Ho&{*k-k5l4MLOYtF1jl$~pdY%RA%GYk<C6Xhz6qHY@!6_pUBMN;~P zv>>`kWVumMQE9&|x=Q3X=L|o$-|Y_H?_c+Of1hLKGw<_xe?G7C`aI9^8E4MJ87~jl zAfbR75Ec>26H=KdB@`NsvZ7K^D3s#xQ~ZJ~a^ey@9K$c@Kg53(Dx!=BBZ%ZrC<WX? z6ah!B!e7I$$D8B&a0_uYf7J=p0|I~mAOHve0)PM@00{i|5eSi&r)X)RMTSBiKSU5J z5c2GJLf*)$f~}{$wYNRh+uFv}o;p%X)eG{c&hvDdYwfv+>SDi$>f`3*;bTvAcca?6 zyE(Wz*?Lnw?dQ2#+u9pZ#ecPi(j_kpeG>&aimetJ6|~A<ur_jah&buXTO$lZ)_q6x zed!~SqK%v!g`$IAj5P3D$qVvd6&X1%A}ER{6vz*ob8@q@Ur0rgu!YeER6QOYV(44R zA{q-2jSwDR5Hi|C?i&px`6msgz5`Z{qN#)SmDpax4;J_dM>S->(TJ3!|D-~P==!!8 zIf}-}Xo4am*9am;Ww77KNV0!Y;nMZDaM1D;9Ub&8Q)HKo3XDcF!%~vnHd;TP9cOLh z?&)nr<w4@7c)#%&;wKZ1kqWqm4p(vERW7{BMONV^Tozog;erDfrf|W93p2Rj!3AGj zm?2V-q(l@USc48pwgaosAy|eE!8&vZ7NSG25*>o2=n$+$hhQ-}<Oi3-_9XrgWrie1 zlo^OJ15sum$_zxAfhaQ&WhT;#iS%M3y_iTZCen+8WI0HdgJd~KmLtg`njA#a6lsa@ zp(B78$VeFw+?Rojl!3TqLE?o$hpUG}SeJ>kW+JVbNNaHtX(DL|w_zcqSP;Bz7D9@J zkYXWQWg%N-A^U}m^kpMzY($NX^z{?4nJgw7mK+XY-Qf@(*l-AMVK{_`I2^*`91dZC z!y!yj5+YEB!_jUCp5fZjZk&;BoKZXCaKw%{9I+z~N9>5h5nXXOVn-Z~=!(NX=)%Vg zykT)IeBca+@X<3I!iUgs=sy|?M#F&r4Uq#u(w0AJhY#EFXY(L`K0=%e?^_7L4!317 zIcEAy899oh&R<P_qrauT^wAh2en(M&-&Kg>Ct87v5<kEK2mk_r03ZMe00Mx3R02u% z=nYsk5{dSITd4_IB$W7vL_(oRDk_@^D3t_MeC){2aC31QZuK87Vo{W#>w{zB?ie)M zOArwyh%mMlL<nI$@t?jbkdhq62a6*pI?c15X=gv*-jzNXngrKj2&zHhJY#=BlptiL zIGTw>dB3fH!(WoOKV+xo(MC?Vh&SlegN7GW9_mN&<IHd7oQR=yf=e4G)|9*DzY=a_ zhdDn^$)oRD{Cju4yjL#%&f%w@H5-eETFOG-w9jZ9e7eALM(f3rxZRs`V{H?^bS+cg z#m8G6((<f~la2oEaMkVi_boMdb!Zf~2S-xY@I+4LdlR=F6Q$*ZEq~;KyVJ(0*52J` z7Ob~c*854?uBt<Eljq#B{dz0zOkc@Y&C9A@>aM&8P03K`#Y$$o^U!XApChDwA}M75 zrWsqXzvx+XcNU>(uX4835?!?nf3H?y%S_v_qSkqR0-??>_<sLwubt&x#+@rBe6qcL zlw{m*`1Rft&THe)iLMEkO|tH5zjga?#Y4ryv*Qc}jmy*PL8H)6JemXP$>9wWe@N^j zq6xBS45WcoD~K#VwP#I;u1wJn7w(*Fi&>EH^@|J|jg3bu(CW%%-tU=rqx|yeCqrNR z4)4EW8P1K)d`op;e4O^S(`L(|>XzS&e?}>$R;r`+P*=To2<#t>ig_MXoa@jcdz&1? zqpbHVQ%}e_E<AjF0p(`=)|vgJJ=Z$IP11v%cU)i3ZmVvp3CVOXuWi)p$*(uYbsb+; zL`p1D4$PZ*>T{J<?@tYU*E@r^d+d|vdAHicSXQ(Mx8-q-w8FijeSR|U%4S3-pLfz< z@nD5Vp@Tc_!zYzFb4$aSS1(3&J0>^Jnx(tEjayQet^5<cdl09o>}U}gSTUpj$FK+U z=T$9le?D2IeI?}rK2__)!-Y$>r{y(#6y$op3f$g+`g9!q;XG04rmVOBFBaPuK%$cG zfQw7HSoC8#_SCu$S4p$3)w(W~-8&BkC)&#GKjnBr&ECf^L8~Ruc>5a9C$E+l8U^l3 zTS3B2CTh(w^@=5Ym7h8Y6`nOdoOE$*vBrY!+tRBYGV(gz9UN<OPNn<LpK!+PR)T|P z2y^Lz&hn+X7G@E4B}X@{+O*l<$=}lF>?^-1x8hR=O_rvlsZ)&OG%8z<92Hb{<u40o z<<lP<Mr8NCtl9H@-$K8H%IBBkwy{)$J(`(bm$`(4ze#*YH7=U=A<^Dr5&7O5$g|}c z!!YHIV`K9tlY^`Y6Fr*~sBLq?{k(R3I$hL<sd-mi3k4nAnNqT;PWD*GfzSYps#I=I zugn3~bl2FrvXfEM&zbTqvy9Jc@0*j<v%@>XbCBCMv!P<&4L92&om&2@%39-nFN%@| zlI!f6HrOWp5?HF|pB!29R^{pUeQO`DU_Y+XTbkA8U#6*bc)h_~txFQ$FJ$MRvo5s1 ziZj1Mm+yS`Yrn3qi~d>7?u2c9oZOn$mvMtH4LV=QKgbNlo-X$!Oqv}rC*FgnCfMz6 zpH?lStH=EM&}>zjdXbNT`?7;hc-GbkM$}G6*Oe2laG$C6>DSRok5n{$RZd0NpHTVN z!-`+6S~ox2KV{Nvt`&A+!B*^Q#ib#Y%;1>l@B6MoVd^i{$_uCGg;yICK-RiBn^Gmd zuO-i#`a(U@FzeG#Njc^I8BFEHhZ-j&yI_L{&SGBfQ$I#pA4;lsEPwwo@cDy%p95p- zI&{xtYu6Hmd-^JQq70KB3ysR=+=yGY^$iPsGJP~vS{2%IWVt>&%ZN`JW45+C1xyjd z2`8>e*xr`jl5XT$o2_$nqifCVu>JQt@TBCs6M3zbMZa$PzVCB$U)NVC2YX;Gs-BV> zn>PO7QL8NR-Mm;Of1sCOkR02w=`LrvPt(AGO*@CwuX^S^o3U^D#Qeb=dTvL+PnQTu zNyXbrhAw2>o|5k!wrIWK8HZU{NxV638lwK6GZP19I#y6}dpzsk)UWeZDrlV^vJmgm zb!v0GcLlLf;p0v+J7HS%{?E}7P)K!;+NNNIUkq;K9qT#%`PG#z7t&+mLgDMz=>P9C zI}U~*zCJI0fCUf$1ONd*01yBK00BS%5C8-K0YCr{00jPF1mrPTMff9h$@%{PiahWS z8z2}CAOHve0)PM@00;mAfB+x>2mk_r03ZMeAOtWNl%nMP|2m3%9Y6sD00BS%5C8-K z0YCr{00aO5KmZT`1OS1*I{{OSQ1L(c&o{~W|2q`<-QRtLz#kw02mk_r03ZMe00Mvj zAOHve0)PM@00@km00~1={KFk{B<KInP~>OhRsanF0YCr{00aO5KmZT`1ONd*01yBK z00BVYZ%TlIVJUv^F1PUg|5dT_C~_95pX5U<BH{@F_^bHIxM;;DMPr4n^4;=t<o3&c zl=Z-#6gLA4AOHyb^9YD&s<PJcDyYbyKwm%cjkJ9ke3qYo0ME=<@_i!=1|-@DEs;|k zzWuW-337+5M^_0D3rn>K3?}NXJlLTgSdgCjD*AVPo?6f8>WMCR3!`#wQ>L@{_OCK% zDuk0$kf_Kg{xQZ<O-q;DnDRmJ)?E~$;c?c)>)Fq4ddpsauG-^dlYDUgl|B(oMY>67 z943$S8jH?ly(*p~4D`(Va<?b)!Iz;#^Q_o}^*5_q<RU7@GP$8(LzHJ~tY*Ud!BuT% z&5REDq^Gw>8xu@cZn*cjx%r7mM_JZ#nB+>qx)G4ve+T3vjVDEGi04ku+A3pvkhgaE zBfA2Ix^K~SmXgAdRdU9bu{?GbSx=ahve9H#z`4a4ZqAkgvj-2nxn^|q_T9S~%tjw` zk&cp7kK^G;DbY(>doQUucB+48)b9A_S+O%+Mc8hiYp*f4_C7n_G?vFJvZr@VbT;2x zpl`i+`Q$<}bxK)e@}vD*?kgTLI^5#pEuxXX-Pv@y8B1U);ERt><QsR)#<8<I@5nV2 zbRU_ye=oD}h~0tkX%<d3RuxD6y1N}hXle;@W0};~Fxb$=FYPJw=-o4GsFa)W98Ec9 z<8|4h;Y@mK31latk))gCj>DwYig-86y1R*2cFWP#>c8~Y==!7ETI+1mH@_~Z_g%ea zER#O_Y7Ui{E_;!cX{T>i<>#N#l>!kizw0Xt@o}8|<873PMwDuj&mM=#$8k%(*89$= zOwZk&_u}MI_JhU0>L^$c%%*1cq$$tXF<~r|ZRa|g49pwuXiU<GAqRS^hRbji?sn}n zJ$P?Myv<xAIT4K@)g+rg4wDu=^WtRmNl>rG(?!~a&rUBgRy{X=@A2^W<fSy1DLXyK zGI_DoEl2%?Z`sR9Ue2pqkF32qsaCnGrgRUz1)u-e&wP`JhL>uR&l-ox=Npd*2^;lp zUOlU*JejH?7f^NEX1i|}E^Y8y&YlxP+s86l!AiS>S;4(>KT&6<HoDOAl1stKOIJM& z%GzBzELAH`ifA~gCdFSSHTG1lxrAacVbRnVN%F<6A+ryi^Ln0Na5Ii!xbU%NXFT!1 zhp|k)H?4o1tdPFJwWPb`=B^{!Sz*l^K4d>k#Z4-3aXl16710!>n&gaU3W`px8B$JU zba$R@_GynVzf0ax-oGQakDC3<rO1Ucr*p?LX|?o#PQ!{tCU2i)|K5PhvdHT7$~jZD zGUTqAabEHH9gZTJ!nY<N0iDecU~~VSDad>NJ&m+u&2+;8LN-NE$Gr1~66<vT>ASey z@kZFyL)@`U{&tC{y~g5H8?$F`VA$DW&bG#f?O6{?JreKw>~m_^7A>O5OE)>5Dag6% zX1bU5wl(*1U9#hzYu|jbW0GHX_B{i&UUz<GmgVEIOukE+HidruFpjU&_rfuVI8Xpx zZw<U9=bU(JvCArUMzx40C)MP*rl1yb&{6ekTMAE2KXTPK2rtAFywd$xGOFQq1G+i9 z_DN%zJdjFU<yHbYs+HAe_6A<=oI3f%!q2S4K-<#utLs1PN*2*%rJ5Yq6cn;$8}F^v z{`CQIDHqyRPc~j)`!vU<wx4*v>7{0q;lRYPOm3z;iV~(^?yY;?@OE=cO6==1nuSe| zG4t386AudPpDBxISg9t*H3hM-dlTla`=G5AD=hV^WllBEI@~!u(W;=xZUN<7&cABL zGWo;nkcD##l~c;zq%2FseZnVHg?;keJX=*M1GVbwZ4Flu4I|a$xTc`8SoM3U)n5)} z4cK>iM;tFbX*Xy3wnV*OhfMc;Esni$a4eH1y{5E@{lQA1_Av~nQ!!pf^D${<4i&CO z^joEit78|5Xfjewj%x}^@O>>CrkU@0<9_Bfw<}jg&W~PZtE~>Lj=weAT|jWej%Bjk zGCtW`H$}yhSd}WzeGzi5?L`B2HWx#9pyae;`|1>5w5%3Oq!7-FjEoM8@W*_9qhwF} z_yr#o-^gidvoO2s?gd$V=i5b`O3MOcI__6x7&gpWubW?HVt(ta*b7z(BIcYZLj~d= zJi-!oJhzzuU;kGnivRz=mpqHCNj^_rOKv6aB`+fJNH(MnQWj}|bcwW)*h9Qd(k03L z^G<xghyVdV01yBK00BS%5C8-K0YCr{_-`XH1!Il=>x(z4Qqz!%7RD0k{oM-|%F?os z(l^q7`jDP1HO(bSOY_-8X=yf}AT7;j;iaY7Je;&N2U7ed{il!q6r`rP^3u|Lww$yy cn=dOZ&1YeyrP(};v@{2j!DF-(M?O*bA8g~}2mk;8 diff --git a/src/tests/cmocka/p11_nssdb_2certs/cert9.db b/src/tests/cmocka/p11_nssdb_2certs/cert9.db deleted file mode 100644 index f8220c3784cb1e887d47476c75078d627f32d79e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 36864 zcmeI530M?I7J$3w<ZeY^<Z>o>fCAEU0%Ev9(UDseG{FG|Gl)Wl5%E9{4MJQo>rLEM zM8P8};tEN?c%Y~eVo-=;;t?g01r(zOQH-!vJp&?3VnVX(e%UJMnpa&_udDv*dPBdi zZbE{j3YDA}o1mO8Q}Kk@5DdpLcODPJFdeXIgRLhpfxzfVfKR-S{BxoXX8&BNPdvd` zx(rN@AgXk0bhC7QK>`It01-e05CKF05kLeG0Yu<65pZX*I2<k>u2>KwPl=u<Q^YJt zN(x*U6|ab9dj<P=g!=IO{Jni<@~AvsfIqJ{pJyZElY+6XOiIIaN<+LXN*>=^g7uOH zDzCo=;aG15i(}5k-=gX#EsTnjN2_`@FkjN3$?dO$Px8ll&{-VQo_;8jk`~I9y-FA_ zDN$$k*Wtt;yGn?&Ib1HDD^|&(;^n>7dj*<CPpF5d)Tb{8MGP-6*l(Iga5!(OPdIP7 zzhBUFA9w_>0DoVppI0c)!!sZ_)Q%@3!Nv!h0Bk}iQ#;@uKHTL5lTI+{L?vMnClQRq zFp|K?5k^iha)yx%Mo}Pgrc{yYn9@i>9eh%K9H@m)LN$C6>fw`65ub#b_#{-tC!sDr z36=55Xc%jnr*0pmS)i6F%>qiZfYL0WGz%!r0!p)h(k!HE38`8_s+N$dC8TOes9Xt^ zE1_~FRIWswOX-wQIvuH!6dyhXNI>;eK*G8Ls;2^~wIUJ(0Uz$xh)}PPDlMc+3#rl| zlPaPv2+N2lQX&!_TSSo(QKUrFQAN~IMbx;6sk&lHo0!rjrs_t^#X^x#3{`4Gs8=Jx zj%h@A1dRy0s1ad5H6jG45g|pjNI}tvFRD>^G<#oElk`-Ryl4&(dzu5pp5_3tr#V3E z(F??$<^ZurFA)3ah35=BFxU%E9E}Li9*qc3A&nUGLX^J{V|zvFL{OKFdeNLH*qj)# zjEsq*h&#ctB`NH%tVk$v9?Pe(I6hn)Q=5-><G~euq->!ofl5dA&fQ3UuSf@`RtuV2 zcu|iN&!DKS{(vG1hyWsh2p|H803v`0AOeU0B7g`W0*C-2@aG|*#ez5a*+eBqR1=lN z6XHH`hqzAE|9N_ddV&Zb0*C-2fCwN0hyWsh2p|H803v`0{5c3{(HS^H#KqYf0b@bI zR(f+U6AD8&G_^7`LJJ)V2FAx{(%5u{HV|e|*Z&5!7%_y<CC(75i9o^_BvC*F5CKF0 z5kLeG0Ym^1Km-s0L;w*$1pcQ9OrWRWq=;`w4q?%!Gj#N{{Q^D4d;5g>Nckg33%HN2 zXY3_csuZz`Xc>6&-D9EZodl&qwV2JIV>k;&%)u*R48AIT@KtHf^c3yE^;&)Ze-cKV zB32NSh;u|Xv6M*qpB`e=I79#uKm-s0L;w*$1P}p401-e05CKHsbrG<oN8se>0o@J+ zsjqfBuz)Lq7wo}i(+%-LEP|!^WI~t2@9`VJ`ZPznN*lcLVIaSU1!<;kz%WIk%sxh* zERP=#r16xbzWzUi5%t6a;t<hH)DWkMqpu4iIxZrB2p|H803v`0AOeU0B7g`W0*C-2 zfCxYWx^y!fT)e{-4FBdx&^QzrMsz#8ci96EdL6tx=$cHL0o_VFM6OJhEA62Y_4WS} zjA$gPi1WlhiT%WSVhLi62p|H803v`0AOeU0B7g`W0*C-2fCwN0e++@)bP;~;vH`ZO zWMi#a;)*uQP}9+7dzRU;e=dUsGYapgwnfb@%!^-RzPnbEm?3-a*Q8!S0CPRE>lWE} z-L9f<tekRcWI&$&XT`2`YJC8QF47*Tu0H4t3;Q0^xuM<6bY=L_HiN{UEv#^0En*lM z7#Q~Nn316fGXOsrW&m;xSL$K?icneoYyE~acrgPkO~Wy;;sZ+HW1vCDL4bMS_j=Lk zA3n`a+NFP`aQc~3qa8b2wOUMV?Q#l2|FNsf)%M_lCq<z-3GHh`ObfIgM)Nw_r}<pi zRK{(YOdR7xeH^u?>+bH>l^stdvs=6WcD-sx>8X#KF7Ym%I>;+J-4GhPZ_dtn`veNJ zXLiZin-bS8_0HdLZBg>!ZCPc02lC{f>aoWwT02AC_gfPmS-7yv^W2+vrB8XfDQIi! zagpO>?_lSX4_EtG&ikn`ViYm=%g_gtr}D<1JJTJ0OkUQxLH0>u<2e)WH?3AHRv)y9 zAD((6lm7)H`Ej7{Paz{cg1(=a_28L#*4ekFmu*wfa`HKEvVA}KapP^5`NLLrI#)gq zT5FFzR^Z?tOX4dWn6GKX;EOZ*kJvyHr_YF$+;@>EyBEukr4K(-;a_xDl`c-0^4(tx z`MI+mHx{u&cIsZqzw^|*_HcK7`TVx4*0s;?%y6^*>S$@&x|KVZd1XDj{kBPNl&<?W z%izj1=A!%gr!GFc=4PII-SqI)xFpU(S%#m>=B(^J85;`{=G>a9bEQFYn!B#UInE}9 z8T$Rk+*8}qEL<;mbzMj+=_u_oKRztPL@K*^=>u~9(MsXfDc$Sj(UVB-M{DErR#>lM zd~P$b@x~$C>TbcRv-(m?+sCI3#kA4O-#I%a^*z06@3?E77em%m+_t~*j`0((i@Oc% zJ8iqZ86ml6KYzINz2gqsuW^6ye{>?qaANTF5)Q6YXwyWESca03+&jlo`b{Hv=KoTF z)9lv=BM@L|1Cbqw;R{YKgm{He^Jj1mLD9fq0u{l1H!N|?Qk(ZqG$#9(hXn+k-?t_F zQ1b^^x!mH*YcUof)sABp&z|R+V?(D-Q#&ko9A@-VuTw;??9gxP^~>r&uUo(#U^V)C zddW=sYBH0SluxJOG|)4!{7idX*5s@XeH_<iVuK?@j^OC?C8Ss&<cs(Mfh2;XFYKEf zq}EK_s&DgfCPvT135?9db!eHOZ=XKgyWY&b#O=m*&V(%{S7yu>i{iW+QpYAV&g3;1 zSH15R7Esb@vSe}D#OQD3BM*3_{`C#dIfoC=JXTlGePOQDG4ILc+$&#hb-t5xahjD; zy1~^Q_1xh5$4<6~3<=1Nx>femw3d@OvAP>$wCW@D<Gxwcd7_Q<o_2ksLzY2A%*hH} zLw}<q-{B$c-Hq0pXZSL#j?Csv)*7C@Wff<Ed_kVC(lRX2OyH2%$u%q8xqa`4L#)ny z{j{#Y^w~F#M=ehtvQB?)tTQt~NxZvtMy_jkL`X-jeA33Xbv5pyRkNQREmbA&2wu}D zj%rdkeqwj=z#<iE*G;qc4sTBRJ}hM8$$Kvh}x*3OLGWX3L%3l{NNj${lcP121z zthzmmzH_T?a&7nsx41hk&0NcZBw&GIINr@*l63Gv8o(U{+`$0n!Wq&MrVSV-jDhQW zu(WJhIFrf7aR&HbP9(o4P2yRj-%+U&Cpb6^u!3-c6X_5wb4Z9zO6)t9;8X)+iDNzy zX+Z{VOQ)xw|8eSP0t>s2YR{X+qw30X+^&^oFg)@LhCM0DTciD^I9>2GR!U=L)=mgy zR~!f{%~_`%y^p?MTIalMV)3$J9k+AVyZOHnnH~LjfyYNN)#biAdtxLmR<7sRk6Q4~ zoDp(oyO#Cl*v!p(u}!xtbi#Gk-mnXIFrM)DN6inci&r;XWqvo69~+>3<ZJKAE{-?H zRkR<hU*qf5^3~Od<?ChoTKC?rqkBp@j^>Ya{+>LPT@zjqsN5c3x#!k-fvI`S)6**w zU0Z%CE1#Ici7OJ}4?heWZ|+&>e!XjqTf`RIQfKLA#TP5qSy(T9Kd@@HA}4aK(uTD~ zf2=#4wu74;aPAK3N!Ee>3dA#%wAW*w;p?V;w|&-z_Bo{QhRs;8gh4Bd&GMTUES~di z#MGttf~QA1lwD?s+g2}ScYXQK+@hTKxj1E?t*{Tq^s~>Z|Ezt6@77Y==RP;v$V`Sd zFwGA%rdhk+d>Pzmzhs(4d@(T1d?#S3MZi+S<X~0>0|WfahWY>fPad^l&cw%1q+V&7 zU3yF@Fs%-xJ!#vM2BwwU$FxSvUaZXSHL5R}amEj7Gd`MOLK^jGq2s+0jZ{G^&t=Rf z=aGthe!fGN{m&f$7;}ecWxT^QS&~Yw^a_@ak5Vis5bXm0R*-K%>H$6A0eU7V6)k(! z!}EQ<TX<VHS$*TUb?M5eg49CKAFC@4_`lKbM5n$OELrDwl$35yU0!wKO4He8dO9w8 zO#vmh9u7-g{6LSfjuzIm{QY*^X?afJsLSb>+E`}Ii%ZiIez=rt+BMI%IKO@Oij?RR zXD$s{b!5ri%Awbcl{xkabSd9@eU;6GlZWRH8x!a5Y5O&|Zqk(?$Dyu1M>wDF-E^^? z?-$zMV!O>@vb3_M?l0Eop8F=;sI9U5WC^iWT(8e|IU6ynVmlezEo`P&W#^BvdYl<9 zo!eG2|3HwhUe$x`pJf)wv=3GdDe#|IpXxKq?;le(1h-0K%NJhwTS;xqowqReyJg?H zSsZmJ9)DgoBytpf;?7WK)49vy4?bP>X41Q&S=?cpogZC_SUaiV_k1x7YN`K#S26JV zAJ<)jfnO950Ym^1Km-s0L;w*$1P}p4;J-;AJCRMfE6lJpasAvC5&v0t1$==x=qd2m zX%-g)FY-L#stD1zD%kz5;Qjzt1#mEGToruiREEi4`2_VVy%YcMx6m|h<4t77`d7P+ z{{Xk|Z}d>Sd_#hA2F$rNPH}e5$BUCb|F$D_wqK0<qYs&!&1ti~y437u7JO`f!iTi{ zQS_+R>Jb69Ptq$$BVj@4F3&cP>~ZBfv~=T|%u}Ox(T~^KSDG9&<tp>7PRo5$bX+Tz zc+WSQc-pJ}4N2+fn3F!m=ZYOSI2~*-xvanJFV(JZ$22S2Znc$kd5r5cf5^91rL;#& z*7(bV4+)*uS&?by^G(bR>J#_Xow`R${%VBTF6GlZy!ELM8pFgtp5IY>$2jbZhnVU_ z@h0|`g7A<-_wRMrycL+aw;^)r@(&(fEVkL(ty>o>y)uigzqY+RFlD4D@=1nl4+~pW m(fYCBlbXEJ;Qf9h4v%RzWqb;)%;4q}4QKz#X*1w`=YIi}_)P5p diff --git a/src/tests/cmocka/p11_nssdb_2certs/key4.db b/src/tests/cmocka/p11_nssdb_2certs/key4.db deleted file mode 100644 index e4f8a98ea83be54632084a7733ea6c4918750468..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 36864 zcmeI52|QH)-p6ONj+wEK-H^(fnK8o%*-2zqiqZ^2ipbic7(!9m6^al=NTEWMCEDy1 zLS;#4-;~HRGr0Y`|Ngkoz0ZAK&wb8e&V0}B`}=*)=e*DH`<ZiIbB>LbnY$kq<Lc$( zN%q62fVe?mFh~c30f9hB`iq19T9{br0c>G`{to^_{8u3oq%`A$Kz#+VbJ~NrI8k-* zJMcqr4bDkUd(MWxY6O%61ONg60e}EN03ZMm00{iwBjCZth87nG(-i#36c4H=)sJjI z_9HL6v+G+M>e?D&Y<2a_3^5C(7+H50jHR{7MqTSI7*oS77&~(lD?3Asg*isw!raKr zMBf%;ZD?txt8b`?q5s$FiJN=F%PF(7qV>hWAoo2k)P25tJ?Kd%vcI1fbJ=M@-wC%6 zap<wKqR~=d2WAE5-DG!{J-)t{KJEczKPub2ITLdOLwgJ}$*}OV0!EgM!{X(1SeP1{ znHnBs3f1Fh71m!gn8`nBsK^<?Ska<VV5d3T{*+x*XTP5sEWc>@&ZYmPg2UqE^r5V1 z;f1Yn_x1Is`uvoE{US4${gVm_Cl{#-W<yI!flsP2ciB&YpAlqUYHqjvEMLx!)77)E zwpGNCvGf;xzmf6umkJ|h7BEV1j3N?ak;GUeF&7zCNCd`=$e5`zW@?NXi7``W%*c!x zg+5bfN@3^bOhqh11Babk4?_iqWys*L3>_SnA%w#+lyF#v6b{SK!eJR=IIJ^cK5uW% zA5$4W7c-UdOl3S%8P8P4GnMg7Wjs?^h1p7l*-C}kN`=`<h1p7#nN?+GRhd~;W>$4B z%hXh5YN|17GWp<`fbh&M#bX(5@ysp7Gu;xf^a+n+6wikYT@_|+6=rP}W^H<sS!J#w zqYi;dihyOTo4_PRV3Hy**GgcnmB8FDL}pteQ;o<}BQo1MQ;8}B6(U1&K4j?5hl~xI z4;gEi4;h;{A2POcK4bu#4;d8aLMD{?@Mkk7p83+B%~Thfss6M>4;Spv!v#C^aKR2e zT+pS53wG$?f-XJ$gD&HkVXT;5$~bW5L&niFA2JT1`OxKONc|bQ{w-u42y=BQKkZN$ zc3g;LtP6!noW$6-SSEHxU4n|Lx||Ax6>Ti_SDoL_zfvdM&lpM{QP>%y3WENEfM_6g z5`Ff+F~txdhhh9kq{!c|oPR3;Nk0dHMAFYgAbEL@aDjNkL7_nlKl9b;X-2L8=0q0- z!3Yww^yW}7*xj3~PxbL*Xkl04c(L59P&*hW7l(<Z?ivHbO@?MT6c)iKgL1Lb%P`iu zcOM}^=~t3kMZCk_h}#OU6uB6r2xd&69MD$!Z+~w6yYi#H=Mj%{>>BD;s!dI>j|(d( z9?P;VIsapwLQ&z@T-#$_pJQx<v)Dg4V<tauG;B`3CON(yRgI=xr(FE;>cYg4$#1HT z6SHUf?_`$MT_0`7wAU43a_hToUGsNj@6N}&i+ooMIGXGof6(AuVqaju)%1vKCWR@~ zaxS(t?h{kCIt8mym&7#KDpGXD&WCLHmTZ+aaf_g~-oRSD=0mih`0nYUtuiRL7Tfph zO)+ckHq36Rre2#$B;Uvxx+`d)B^~V^T_o!vbZ8(H*8~grVrevOvqINuL^I<3chQK( zZFbkv-66-$p|#kIZhT4_)bQjxGNoQSV-=$W`r-}-fw7@rRje#4Ts~rb#3TaD#R7(6 zg<<@G_8;)1XPP3L3f3gmClAD%Z*Kn%0fS+oV0O{;h@MkEm+$lP75f};mdvLe=C;T1 zTprgnD0-6KtljP^Ji3A62w&miIy5UP28Unw*e~lK``%iw7<7GK`Zo0&daV11j=Z^& zjd89Q4tv)_E(j`fzsch@*_qjJ?Ddgn2OmwpsTrS@+bY>r>*hGJDblm#N~^xv@G*r0 z=|;BB4tejNX=<%L{K(HyCx89$_RD&X@1H*c&&1ApGz{%COS~6QdN;oxR2lsc&HH@2 zuPS-tga;z2THtEvr}calr+0+GPA4j&)uUus^3+ZSk*o9UyD6-&_fmcQ@j4x6x0;wg z((QpBA@U(Hr5y&X2CA%-w~w83>n#qUNz?VsUjz1(**t&oFv?;IODp>gIJMe)ZRe1^ zvsllR2JD%15T<LqkO7W%lxWvB>W(gszfy2Vpu5bTjU}|wSTM&Wq%v8bl;$WPkW=cC z@hr6B+@t$GD~z^J@UC?>9J6%Pm7k4gRo(IUgKs(dK6mwX{U%t*$uG_DOBQ`6TrDo1 zfb$(oAvJH;Zgw9t()WB{GX3l%NHtQ)cb(zNIv#V0CTThDFv|WeYy`J4-s9@tRXQ2J z_x%nZs_t@Yd|Jpt?z2N_e?t5Bk%&3pH+Lj$he<~}M@<UlsdU=A?XLJd61d;hLV{<L zmWXeC)ULK7a&p|wqE&1cdPMJKaC}s1)>p5!)YVY%UYn9t^U${%Z(Kt3&xn32WTAL> z$To?;ck+DX)~G1wRo^carcxxXY=GY1ywd0GjdSD5Mi)k3x8`|iw6Lu9BeF`IQs`4E z9g6*I{NdS+-}~O=5ORE<-HGNqK7FbACzaY)+Qh$@^KF7xzc;BB)p&dQ6W=={3i<i> zg7fK-?H&oK5kdxXI>hwS!S@C!x3a1an<VofSw65O9v94NTt8~i_SR@Z{(+Mmwq7YZ ze5Hm%Z<*g}D`>@$&OBd@(Gbx~N$Jn21~&WlBqn|ABMi54(@Jl=8pI!%)CgZMzx`2Z zs>{s#f%d95`HAut5yu~y|K9hl0vm-!LV#P5eP(=);D(#S64vkMd|y0dbMg?lrtB2; z)HQA=wZhRaGDFS20*Yd^wwJW;vX3&JZQ9H^^+<G*wW_CWVuk<n&>G=H3JNY$!I6na z^!zZ7q@A(R+Wa)|#7_5oOW%rEn;G9t!#5kJ!e<J_ocy&MrbPlCo?B~bGi$|Na7}3Y z)HlJ*rZr(i?_4>{br%kyg!fw{JkB=b_`UD_A*uoDsk=i=AiHW026R+H_@`Rte8V-_ zh(q_2W93&APlCl@2{CYS$vy8^z9^6=cAuna@4qO?BPEKfONwh8JL^S!@izQxau!c_ zZ`Fv9`1RFaE!TOWt8SAJ`%{Eow^*FYlD_AVKkQX^cYo@>NQitp4|=DS3obRcp}fXZ zKZvF3<w;ws=#BkvhF({?IcprNdo$=eU`&2zKWSdUIPVSq|K7957=oF@wlrh3{Nu#$ z_wO0D70jMqq_3AgY}-(M0;oPpe;c~-za6^8up)CqHy?eNS8|~SP(9YrqczMZ=k1|4 z6vvztj}xL7T2;Mi<QbFEKaS&9-fF1&%<iXFhX^%Pn&-aq3n6-K7>>)qopkszl*?w5 z4S#&@#W&H`tFxUIo^N_qx6ZuSti8JHW?69jk?bJ-i0^~j1y54oI_cupwZSZbZ_m}W zedyB`J=rgOwP%+v+Mi4_(Kr=x^dc=O%WKDTQ_jcTs`Zlblj^%<_p#WHB%Q2F4;EY3 ztpB4q_{wD257AqEHiBm4r|q#=&zrR>JsW1@sm{h&$xAUFDPgN4VfSP;hX#tl(yy{2 z8xdyW3Sa7ZiIA0tcQ$S~6wdX)U{~K%o6U*JL8XD60$=spE+Cbr6n;FBP<^fBDP$IY zOF5%Y@}2p|+g7}q*8Nw|V9p%b(Z3$Y^L#4{6a778AjRu%JTB-yusQt4!Z<Gdpc3*S z(ei%ft;-{`KPJzm+}8Fc1*W~j7~wy!d^eyMnO@)d<?1mIM?$S2C=s*ggOS_ROu&IL z_p8}Poh)sr17!3e>k7f}tbD(7cQ>OSh8|rrg-pED@2#A?Ys2xohlt(v?F}Aj7L|>y zvZJ|8N}PlF+l!GA#XN2~YYM;B>3llaLNR+h(>7`tYiZl1cR;(U(=RHAq$uuf6KHo( zV=xmR7<<h`Zs*gTRz*e@oFBjPuG?7dtx|I{V8}SOW9?d*9o?j|2bnwvaYHklqCCc$ zzHU{kr?z@M-DFv}qi0Nvw`Vu{20TIh(ldL<=%k#M&(v(&S8mZQps)GhkJk{~4_Rzo z?rBDE{(V0e9Cx#LYbC63|Hm5S+B=PA+gMIn&h>MosY2sR{DyYU;o_ZcO40t-Bd>N8 zDY~6Z+KJ>8Lx`_avkBt*!M0)sTU4TSF6QRGtHPV3qmt{5Qga3@jEozz3X@$n30zTc z4mYy)P}#P5pmJNbrn-+o*@dt@VMkm{T(s><UO7uNhbGJ@Z;MM3L@Nag*LI!1K&>6j z-R@1u#SJU?WPX}xNc_ETKj-k;v0K4W1ioEX9V#}rNL**%&iM{#-LmpygrU_I)RQ+@ z>&};Wg}67ytsP&L&k_WLtUJOn-Rr!aZH|AvTs#SFcz?AK>wfk`Tv^xymW%yoJY6;G z5=f(;AZG}x%z_?N6a=g)RikKUC|#30y)I_-xNWNS45@ofOV#Q7=K94_jg(iljY_A- zi({r^9~iVB){nX8Rxaxj>)Y^-_r>phOXgP*hwEgwWpuk#h>D*(B)?I-dd~Ma%cfG@ zBEuR^jmJ2)ftQb_WSmUpN<@dkqb60e8@eWfXC~wa#@U{xdBQGNT62kL`K$}IBJ)$@ zEew<DAu_TmKc1=YNfIo!legG@)&x#C>VpqBVQjWr;5O+c-=y3F9P&A@s1t9YkKrZW z>(8nl>2w`=nIa*gMbd%U=N*OZ<=Ey?tFr4r;O~9cfuK#*jck6aa=h#1^RT)ySz!rt zzVF1YT`?}`tB~>aU`$q}OR5TwLwc(~tSM~QbP06gwBSYLAx~tJapi~4ZeveRe{&0Z z&@Xch*0>MhmpEBVrll&6Y6{nOWcxJhH?`Q?rP+z{cCmM7v5@ReR3JuL4;<|=ah0G3 z`w97nM|UT8CM%jXW=dTMF>BEBO6lu|BV&7o$X&I?kHUWMyL990rYfFYRxr)F7s%H3 zko8uLJafJ~9C&l5KXJ*&2K9&as_w9BpFR_IVpg!mI_Kr;)2oDXXR>hF{jLYAxng3j zMwQLpNNtnIwe{L^Na2dn+8QKzow+b=>R4LD^cv$TboQuq)0?LKPTYB2t32%Crh|n? zLT#%MMeLtXporls15>^Q`d~fkNBP5cvEP%wpL20E|J$qEkvEbL1bZ^a@&E5VJ12b% zg`nPoP;coM>46C#01yBO00aO600DpiKmZ^B5C8}O1ONg6f&T;o>`)k(alsqH28D4j zPNC0z{+|S)rcsms2^$D(13&;E01yBO00aO600DpiKmZ^B5C8}O1ONhmBLIVfzz`@D z#4-2z{|pFq26gvuSs(xi00aO600DpiKmZ^B5C8}O1ONg60e}EN;NM0-0lF2u%rBxt z)S!MG^qW5X?n~>7e)Dba^Zy74^&U0yZ`&|nMF0VS06+jB01yBO00aO600DpiKmZ^B z5C91L>j}W2A`3USgCL>O9DlfD&fMq!77*$ss^wq5Vn7if01yBO00aO600DpiKmZ^B z5C8}O1ONg6f&T#lLQn$ucQ>VnprHhg-`(YwasPib*dK(-Ku#g;5XA^Mmn*ymF2)(i z(axd7ew1y9Z5?Y0%V!oVSOJU;>I}IB5usNHrhkS2O&ZOj8_Emvb$4@eray7O2}@8R z;9Rj-r@5y);PF^m2-cC6WB#W3EJ&;cR`=&37nT6Sbemw|QSrHACAzNLj*CC^5P1=T z4t#KWXG;H*HkfxdH~nUt5HJSI$;v*b0^#^$48yFcGvr@=ZOpNAxZv@1#8;0mG1Gbq z?FY??ZdV-pp4nN`qy-l@iCu<CvXF1YJ!N~`8TTJ6sdDlP$^ze<<PJAp9^x|`KO@?7 zWGRy_k%iGlNp9jRHk&t8N`KYAv!auC8}j~x8`yM<uC86CG${cV?Rk>Bsr%<ZQe9pD z5s-!>!B--meMk_SE#~Q5`N2e2?2h`-c1M<n&bM~k%lI5$%A*^~)bg{V>SN*Z9MctA zLmG!CDtM+lkNRy*dslrdOnfU%ihog$%i(y5ufr<s+DHZRi|AIR1aQ3Y3>&%z5<w_Q zIC!)}?EL<vJQnn_`|D{b?}Qa@oJhOe{e**CXkv1_ZyfhhG^7AjGeMK)`*mmIDFkO1 zSF-v)0#eg$7eZ$D*?vK{yyS#efnVS`{G*rag-qd^ij}1Hv<*v{R4aG9FY%H3&VuG4 zY*nIc^YWOv?Dp5+>Jm-#V$W{6JxP=1UEJhyNS^<sL@UjBb#<Men|03j-cjGD-)AE< zGJ?VnJ*@9!^{HCQ<l(%-0oDmYqTwHA_H>u1E2i5eC-(#@aVhUU{A9SJV}vHf^UL0z z2TA%zKt2~9DfUN{7OXuA(LYPxx8u1%9$wI?_%4B)eO4znHF7DB1I4-mB5@(gYh6nn zQq4DLyK2pxd2>hcLR)Wds!FS!22F~4QIE^vh%S?j+4m%-BWQ)oKtO!xSVqtqGa78j z?#^py^Qo8l?Mr#Q&2ssq&<2fDd2+fAJH(1m7>Nqs*ykyceH`hE=Q{0dY0{`)cQy{E zPN1q$DfAwb`NSRdWpqCSk6BythR&}^Ii*r`-r$V)N==gnovI7YLqkR$(){7UOPQ1t zmOng5DIcw{`johKww#nY21Z}hv$>_&awWN|3~NA>MlNoWv<#CvJ44O2AM{4tj%UU3 zH+`RKkZ}QbcRkQcKJq%R$!V|uQYP(AH>8)TZ6D7_GmulSb9PA`jKgx>dOum=VP`D1 zwGBj*Ml5QQLR^N);b6xfO-`$8le6P<#tXI)pE^8}V%OwSUy(MN#IyRiz)~i=OZ(g9 zHCi4EiwGY;x!Ll0LsZ#&2T!Y=eX=@KZ=)hBO`2;_lSIlgOlpo=21DeK*iXVQwn!Ge zyu3w;uXNL?eD4paZPKO^C#;t;d9&O+OYo9Y#e|5>hP_?q_tl6r@(ebVC*nHcxx>yH zVKiy@q9!SXWtbcbIq%06BKxqWgo8&6Bh2br*QOWkG{~7Wb0;hD(rolnCaVZZkD)tB zxBDWb)<}Yjw5v_?3aV?Y<tutj`?dM13TV=ti<+cAOls+WE<_#C@&a2{jK{EDHS^F) zFSQxV&3hP(SFj%z9SB97`M8wH4{A-rvFyo*&B}(#9-cfenc>xO_+#d?1Wu7WQ?v8~ z7@9Q4q9#?B(**@4G|ciu;D-iEI_!EvD|=DLE2oZUPhv9fRr}gQE@v-gQfJ#4sg|8v zl;4eHere&%(9HN`lXazTw@0tKQqI+D$Bk*y?7y1CQgK9zE0Oe%bV0V8o(Lyh?7%7H zab=>Z4^$q%K?j-iy?7rSAF2r3J4;&1<lAbpq`ziix60@#H?NYbs!^@adNQ7sTSfHR zoi=HS3ZzN1EpBo-UC@TQhsidQQT|V|O*4bXBp;3(7je$ad?L^P$%2xWp*_5m$@eiU zC2)7oaZ;ov$Bo?)(|OptU2e^+8zPz=O!p8|>uJ)gi<(?k7u1PzzaV%gvZ!#?`5Gs8 zxF4L$CfS();q!hlEt5s=5n0OQnFPch^D?Y4e??Q;C%0PzE5yd_zY!wb^vkd9ZTfgJ zmL|=zsL5q@K^~D&<aatLhg^f>ZuIaKwB8`vbp$2!T>20;A=<7mEwq%$Bk1P=esRzz z`^Q?|9qEh<dVNK-sC^h}Nn{r~OErASLz9LrYI0d!5CL{7eB=I)lHx&r<<5;ND>O3B z4XldL$tyP4j4sW(-msL(^{+kbHx}{4RlJGY9>Mt)9$x45)%u7QA9pHf&yO}?GnzDX zQIpH+f+~UppCr_OPtTY(9JKYxFE21yw<;<^_R*|b;*YCA_s=e6Qu&jbw9wQpZcoDl zc$2~dHj0~|Nfky_W{SAxa)<h$Ei`G!q9&Ks1%*4kX7LiuHM`%JcE|j74Q<2oiA?^z zp7o*4S{76;W7twAE44#oZDrzktr2wzY@~6I((dsVm=+1j^_1J>c=X;lCoqdRfyVAl z_Vo?)@^OKFd&6xg{rNjQAhcDry<1bg*TM#?`J1PNnUq(!9q8|?OI2uDdq^g?LRq7^ zgzg2#jYVW#ssOpcpFW3i9Us#ZU|j!4Bg{dlPY6$hIchCR6m<=?57mV_h1!B7BlVE| z$PDB(vKkqJ7)9Jg<RgwFWst1@%!gl~EkFPu01yBO00aO600DpiKmZ^B5cp3ZAOY0{ z|Mf*Z^rC63pg2^U+4{E^vIG{(V)=iO{?o-9zD3hm-al&p>4F8%Vp%NrFVcTHNsn4I zO+qe~rVtT}rHK@-#nKc4e6ci<%(+-v70dBU`cJ3+*cVNc*cMAu=ue*h<w*Iv^NJLf a#nKc4Y_T+v3|%a(iiN<T;v5TS6#fg2ZC5V< diff --git a/src/tests/cmocka/p11_nssdb_2certs/pkcs11.txt b/src/tests/cmocka/p11_nssdb_2certs/pkcs11.txt deleted file mode 100644 index 73f5279c3..000000000 --- a/src/tests/cmocka/p11_nssdb_2certs/pkcs11.txt +++ /dev/null @@ -1,4 +0,0 @@ -library= -name=NSS Internal PKCS #11 Module -parameters=configdir='sql:../src/tests/cmocka/p11_nssdb' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' -NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org