Skip to content

Commit

Permalink
TODO! server_withkem.cnf, test_withserverkem.cnf: added for testing
Browse files Browse the repository at this point in the history
  • Loading branch information
rajeev-0 committed Aug 28, 2023
1 parent d9a7466 commit 3eeff05
Show file tree
Hide file tree
Showing 2 changed files with 158 additions and 0 deletions.
17 changes: 17 additions & 0 deletions test/recipes/80-test_cmp_http_data/Mock/server_withkem.cnf
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
[cmp] # mock server configuration

port = 0 # 0 means that the server should choose a random available port
srv_cert = kem.crt
srv_key = kem.key
#srv_secret = pass:test

# not needed: accept_unprotected = 1
no_check_time = 1
srv_trusted = signer_root.crt

ref_cert = signer_only.crt
rsp_cert = signer_only.crt
rsp_capubs = signer_root.crt
rsp_extracerts = signer_issuing.crt

verbosity = 7
141 changes: 141 additions & 0 deletions test/recipes/80-test_cmp_http_data/Mock/test_withserverkem.cnf
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
[default]
batch = 1 # do not use stdin
total_timeout = 8 # prevent, e.g., infinite polling due to error
trusted = trusted.crt
newkey = new.key
newkeypass =
cmd = ir
out_trusted = root.crt
#certout = test.cert.pem
policies = certificatePolicies
#policy_oids = 1.2.3.4
#policy_oids_critical = 1
#verbosity = 7

############################# server-dependent configurations

[Mock] # the built-in OpenSSL CMP mock server
# no_check_time = 1
server_host = 127.0.0.1 # localhost
server_port = 0 # 0 means that the port is determined by the server
server_tls = $server_port
server_cert = server.crt
server = $server_host:$server_port
server_path = pkix/
path = $server_path
ca_dn = /CN=Root CA
recipient = $ca_dn
server_dn = /CN=server.example
#expect_sender = $server_dn
subject = "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf"
newkey = signer.key
out_trusted = signer_root.crt
kur_port = $server_port
pbm_port = $server_port
pbm_ref =
pbm_secret = pass:test
cert = signer.crt
key = signer.p12
keypass = pass:12345
ignore_keyusage = 0
column = 0
sleep = 0

############################# aspects

[connection]
msg_timeout = 5
total_timeout =
# reset any TLS options to default:
tls_used =
tls_cert =
tls_key =
tls_keypass =
tls_trusted =
tls_host =

[tls]
server =
tls_used =
tls_cert =
tls_key =
tls_keypass =
tls_trusted =
tls_host =

[credentials]
ref =
secret =
cert =
key =
keypass =
extracerts =
digest =
unprotected_requests =

[verification]
#expect_sender =
srvcert =
trusted =
untrusted =
#unprotected_errors =
extracertsout =

[commands]
cmd =
certout =
cacertsout =
infotype =
oldcert =
revreason =
geninfo =

[enrollment]
cmd =
newkey =
newkeypass =
#subject =
issuer =
days =
reqexts =
sans =
san_nodefault = 0
#popo =
implicit_confirm = 0
disable_confirm = 0
certout =
out_trusted =
oldcert =
csr =

############################# extra cert template contents

[certificatePolicies]
certificatePolicies = "critical, @pkiPolicy"

[pkiPolicy]
policyIdentifier = 1.2.3.4

[reqexts]
basicConstraints = CA:FALSE
#basicConstraints = critical, CA:TRUE
keyUsage = critical, digitalSignature # keyAgreement, keyEncipherment, nonRepudiation
extendedKeyUsage = critical, clientAuth # serverAuth, codeSigning
#crlDistributionPoints = URI:http:
#authorityInfoAccess = URI:http:
subjectAltName = @alt_names

[alt_names]
DNS.0 = localhost
IP.0 = 127.0.0.1
IP.1 = 192.168.1.1
URI.0 = http://192.168.0.2

[reqexts_invalidkey]
subjectAltName = @alt_names_3

[alt_names_3]
DNS.0 = localhost
DNS.1 = xn--rksmrgs-5wao1o.example.com
DNS.2 = xn--rkmacka-5wa.example.com
DNS__3 = xn--rksallad-0za.example.com

0 comments on commit 3eeff05

Please sign in to comment.