bug 1069945: generate certs for the tests in one place
and doc how to install signing certificate from an external CA Change-Id: I92feb8eaeea617211ee7132480ac7a63bf0a1bf1
This commit is contained in:
parent
a6ef09d943
commit
fddacf7bce
|
@ -111,6 +111,85 @@ The values that specify where to read the certificates are under the
|
||||||
* ``valid_days`` - Default is ``3650``
|
* ``valid_days`` - Default is ``3650``
|
||||||
* ``ca_password`` - Password required to read the ca_file. Default is None
|
* ``ca_password`` - Password required to read the ca_file. Default is None
|
||||||
|
|
||||||
|
Signing Certificate Issued by External CA
|
||||||
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
You may use a signing certificate issued by an external CA instead of generated
|
||||||
|
by keystone-manage. However, certificate issued by external CA must satisfy
|
||||||
|
the following conditions:
|
||||||
|
|
||||||
|
* all certificate and key files must be in Privacy Enhanced Mail (PEM) format
|
||||||
|
* private key files must not be protected by a password
|
||||||
|
|
||||||
|
When using signing certificate issued by an external CA, you do not need to
|
||||||
|
specify ``key_size``, ``valid_days``, and ``ca_password`` as they will be
|
||||||
|
ignored.
|
||||||
|
|
||||||
|
The basic workflow for using a signing certificate issed by an external CA involves:
|
||||||
|
|
||||||
|
1. `Request Signing Certificate from External CA`_
|
||||||
|
2. convert certificate and private key to PEM if needed
|
||||||
|
3. `Install External Signing Certificate`_
|
||||||
|
|
||||||
|
|
||||||
|
Request Signing Certificate from External CA
|
||||||
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
One way to request a signing certificate from an external CA is to first
|
||||||
|
generate a PKCS #10 Certificate Request Syntax (CRS) using OpenSSL CLI.
|
||||||
|
|
||||||
|
First create a certificate request configuration file (e.g. ``cert_req.conf``)::
|
||||||
|
|
||||||
|
[ req ]
|
||||||
|
default_bits = 1024
|
||||||
|
default_keyfile = keystonekey.pem
|
||||||
|
default_md = sha1
|
||||||
|
|
||||||
|
prompt = no
|
||||||
|
distinguished_name = distinguished_name
|
||||||
|
|
||||||
|
[ distinguished_name ]
|
||||||
|
countryName = US
|
||||||
|
stateOrProvinceName = CA
|
||||||
|
localityName = Sunnyvale
|
||||||
|
organizationName = OpenStack
|
||||||
|
organizationalUnitName = Keystone
|
||||||
|
commonName = Keystone Signing
|
||||||
|
emailAddress = keystone@openstack.org
|
||||||
|
|
||||||
|
Then generate a CRS with OpenSSL CLI. **Do not encrypt the generated private
|
||||||
|
key. Must use the -nodes option.**
|
||||||
|
|
||||||
|
For example::
|
||||||
|
|
||||||
|
openssl req -newkey rsa:1024 -keyout signing_key.pem -keyform PEM -out signing_cert_req.pem -outform PEM -config cert_req.conf -nodes
|
||||||
|
|
||||||
|
|
||||||
|
If everything is successfully, you should end up with ``signing_cert_req.pem``
|
||||||
|
and ``signing_key.pem``. Send ``signing_cert_req.pem`` to your CA to request a token signing certificate and make sure to ask the certificate to be in PEM format. Also, make sure your trusted CA certificate chain is also in PEM format.
|
||||||
|
|
||||||
|
|
||||||
|
Install External Signing Certificate
|
||||||
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
Assuming you have the following already:
|
||||||
|
|
||||||
|
* ``signing_cert.pem`` - (Keystone token) signing certificate in PEM format
|
||||||
|
* ``signing_key.pem`` - corresponding (non-encrypted) private key in PEM format
|
||||||
|
* ``cacert.pem`` - trust CA certificate chain in PEM format
|
||||||
|
|
||||||
|
Copy the above to your certificate directory. For example::
|
||||||
|
|
||||||
|
mkdir -p /etc/keystone/ssl/certs
|
||||||
|
cp signing_cert.pem /etc/keystone/ssl/certs/
|
||||||
|
cp signing_key.pem /etc/keystone/ssl/certs/
|
||||||
|
cp cacert.pem /etc/keystone/ssl/certs/
|
||||||
|
chmod -R 700 /etc/keystone/ssl/certs
|
||||||
|
|
||||||
|
**Make sure the certificate directory is root-protected.**
|
||||||
|
|
||||||
|
If your certificate directory path is different from the default ``/etc/keystone/ssl/certs``, make sure it is reflected in the ``[signing]`` section of the
|
||||||
|
configuration file.
|
||||||
|
|
||||||
|
|
||||||
Service Catalog
|
Service Catalog
|
||||||
|
@ -229,16 +308,16 @@ SSL
|
||||||
Keystone may be configured to support 2-way SSL out-of-the-box. The x509
|
Keystone may be configured to support 2-way SSL out-of-the-box. The x509
|
||||||
certificates used by Keystone must be obtained externally and configured for use
|
certificates used by Keystone must be obtained externally and configured for use
|
||||||
with Keystone as described in this section. However, a set of sample certficates
|
with Keystone as described in this section. However, a set of sample certficates
|
||||||
is provided in the examples/ssl directory with the Keystone distribution for testing.
|
is provided in the examples/pki/certs and examples/pki/private directories with the Keystone distribution for testing.
|
||||||
Here is the description of each of them and their purpose:
|
Here is the description of each of them and their purpose:
|
||||||
|
|
||||||
Types of certificates
|
Types of certificates
|
||||||
^^^^^^^^^^^^^^^^^^^^^
|
^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
ca.pem
|
cacert.pem
|
||||||
Certificate Authority chain to validate against.
|
Certificate Authority chain to validate against.
|
||||||
|
|
||||||
keystone.pem
|
ssl_cert.pem
|
||||||
Public certificate for Keystone server.
|
Public certificate for Keystone server.
|
||||||
|
|
||||||
middleware.pem
|
middleware.pem
|
||||||
|
@ -247,7 +326,7 @@ middleware.pem
|
||||||
cakey.pem
|
cakey.pem
|
||||||
Private key for the CA.
|
Private key for the CA.
|
||||||
|
|
||||||
keystonekey.pem
|
ssl_key.pem
|
||||||
Private key for the Keystone server.
|
Private key for the Keystone server.
|
||||||
|
|
||||||
Note that you may choose whatever names you want for these certificates, or combine
|
Note that you may choose whatever names you want for these certificates, or combine
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIC0TCCAjqgAwIBAgIJANsHKV73HYOwMA0GCSqGSIb3DQEBBQUAMIGeMQowCAYD
|
||||||
|
VQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55
|
||||||
|
dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMG
|
||||||
|
CSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2Vs
|
||||||
|
ZiBTaWduZWQwIBcNMTIxMTA1MTgxODI0WhgPMjA3MTA0MzAxODE4MjRaMIGeMQow
|
||||||
|
CAYDVQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1
|
||||||
|
bm55dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTEl
|
||||||
|
MCMGCSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxML
|
||||||
|
U2VsZiBTaWduZWQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALzI17ExCaqd
|
||||||
|
r7xY2Q5CBZ1bW1lsrXxS8eNJRdQtskDuQVAluY03/OGZd8HQYiiY/ci2tYy7BNIC
|
||||||
|
bh5GaO95eqTDykJR3liOYE/tHbY6puQlj2ZivmhlSd2d5d7lF0/H28RQsLu9VktM
|
||||||
|
uw6q9DpDm35jfrr8LgSeA3MdVqcS/4OhAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB
|
||||||
|
Af8wDQYJKoZIhvcNAQEFBQADgYEAjSQND7i1dNZtLKpWgX+JqMr3BdVlM15mFeVr
|
||||||
|
C26ZspZjZVY5okdozO9gU3xcwRe4Cg30sKFOe6EBQKpkTZucFOXwBtD3h6dWJrdD
|
||||||
|
c+m/CL/rs0GatDavbaIT2vv405SQUQooCdVh72LYel+4/a6xmRd7fQx3iEXN9QYj
|
||||||
|
vmHJUcA=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,33 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICoTCCAgoCARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV
|
||||||
|
BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK
|
||||||
|
EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr
|
||||||
|
ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x
|
||||||
|
MjExMDUxODE4MjRaGA8yMDcxMDQzMDE4MTgyNFowgZAxCzAJBgNVBAYTAlVTMQsw
|
||||||
|
CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh
|
||||||
|
Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv
|
||||||
|
cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEB
|
||||||
|
BQADgY0AMIGJAoGBANRG3ZkIJ+NaY9smirkZ+Lzf1Ka18xOvc2kizemUMeAchs9h
|
||||||
|
lP0Kpm8EBHal1vgzSuXncP8gyQ6nMZUw5NhFMZ1kLSfzoB/hCyTlIp/4VZbCAtn4
|
||||||
|
3zlTUSgQQMH+6I4k4sZDOiIAE7yvzEMa71RkqBzduuFoeuhBm5oqmRa8kac5AgMB
|
||||||
|
AAEwDQYJKoZIhvcNAQEFBQADgYEAJLnmyYiBDNdykLeh3+HXCOExUt49/OzomB6c
|
||||||
|
6NWq3j7efYBfh6zCgyowx/v0hEVcxYBunTfXgOGunjx0u5X13PuLRO7Qxv6Crdy6
|
||||||
|
st0mZ0itCsp58uGz5n+ZVhG//NiweTKw9M12Mejs0L/JGtf5gPBCFkVvrl8ffwRG
|
||||||
|
060Ep/k=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANRG3ZkIJ+NaY9sm
|
||||||
|
irkZ+Lzf1Ka18xOvc2kizemUMeAchs9hlP0Kpm8EBHal1vgzSuXncP8gyQ6nMZUw
|
||||||
|
5NhFMZ1kLSfzoB/hCyTlIp/4VZbCAtn43zlTUSgQQMH+6I4k4sZDOiIAE7yvzEMa
|
||||||
|
71RkqBzduuFoeuhBm5oqmRa8kac5AgMBAAECgYBngOI94tcoKQO1cJaFaJ964Jyc
|
||||||
|
aO1L9OmOIvVJ5gNnpiEpbwgpVY8PZGMUwwoNXV0wumfDTmYaafVoLD35IcvtcS3D
|
||||||
|
Tmsm+zC3ZQYzbQrIkQrtXE+y4bMwtscOTd61YDFQE++0omg3qckVu8IYSdFtTb9D
|
||||||
|
SjSsWMnYoDmGrBqCHQJBAP2jq2I5fMPSR3LY5FdejwhyUcqs6AKyJD0BDJzIhdV6
|
||||||
|
d0InWWss/atR4sMnOX7WKIo1m4+X+0+T2F69kj9hge8CQQDWQKTvbvlDugiziwNc
|
||||||
|
FRl+yC7YTJ34toRFI4xbszKL3vgk4KDgfSQeoPp9KeHXmjgTfXIOwSVI83QBoL1d
|
||||||
|
LHFXAkEAglD9VVJEEDiSDSfy6hDjXGugKon8CqaMh+tqF4PPf4eUjqC5CJ/tFYDV
|
||||||
|
CX+1wr01xw0UCAsGTDSiDstHwNjQcQJAAkF3+xVeBnqE8O77wBJwzEbrR1e3KhEx
|
||||||
|
31B6f9SpKZPVZP4Ac5ydrrzfJkY0nIKBKKNfegxKijQV+pZop/x5zQJASGTmKcW2
|
||||||
|
WKj4P8PiolVlWH2ZTARSschff5wDV6nBneb5zWNgpPORrSRPl9yrYrgqk4vvjLh5
|
||||||
|
rUiR/G65ZjmbnA==
|
||||||
|
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,17 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICoDCCAgkCAREwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV
|
||||||
|
BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK
|
||||||
|
EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr
|
||||||
|
ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x
|
||||||
|
MjExMDUxODE4MjRaGA8yMDcxMDQzMDE4MTgyNFowgY8xCzAJBgNVBAYTAlVTMQsw
|
||||||
|
CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh
|
||||||
|
Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv
|
||||||
|
cGVuc3RhY2sub3JnMREwDwYDVQQDEwhLZXlzdG9uZTCBnzANBgkqhkiG9w0BAQEF
|
||||||
|
AAOBjQAwgYkCgYEA0GemENJ+fs5OaT8k4uA7ETRDA/oX/tUKCVAfxfYveHAdQqEK
|
||||||
|
DcUbthdXTnhkBnv0OZIpxBPxwREZSZK2I/hekPrBILZ4USzozFCgudXA43QMkBlc
|
||||||
|
uQ+VOI2/q5H4z2knxaexsBjPeIX7D9NowtTYFlOgSqCix8xWIcNW1x1En1cCAwEA
|
||||||
|
ATANBgkqhkiG9w0BAQUFAAOBgQA/EpklfmPBW7rEoxvocRDk63gDvQ1HxhQItQDF
|
||||||
|
9ALWdSwLtL8c3/TQzGgoKZ8+a+p7RnNEsmzNOWHTaWHL91GcRrAEhXwBtu4G/dLu
|
||||||
|
sXguhHj9UfT+6ivFbvDF2JK9rPpKhSqTVWVnkY5JQKinDX1wFRHLQB/SVHysT+zt
|
||||||
|
nkZ7wg==
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,17 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICoTCCAgoCARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV
|
||||||
|
BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK
|
||||||
|
EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr
|
||||||
|
ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x
|
||||||
|
MjExMDUxODE4MjRaGA8yMDcxMDQzMDE4MTgyNFowgZAxCzAJBgNVBAYTAlVTMQsw
|
||||||
|
CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh
|
||||||
|
Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv
|
||||||
|
cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEB
|
||||||
|
BQADgY0AMIGJAoGBANRG3ZkIJ+NaY9smirkZ+Lzf1Ka18xOvc2kizemUMeAchs9h
|
||||||
|
lP0Kpm8EBHal1vgzSuXncP8gyQ6nMZUw5NhFMZ1kLSfzoB/hCyTlIp/4VZbCAtn4
|
||||||
|
3zlTUSgQQMH+6I4k4sZDOiIAE7yvzEMa71RkqBzduuFoeuhBm5oqmRa8kac5AgMB
|
||||||
|
AAEwDQYJKoZIhvcNAQEFBQADgYEAJLnmyYiBDNdykLeh3+HXCOExUt49/OzomB6c
|
||||||
|
6NWq3j7efYBfh6zCgyowx/v0hEVcxYBunTfXgOGunjx0u5X13PuLRO7Qxv6Crdy6
|
||||||
|
st0mZ0itCsp58uGz5n+ZVhG//NiweTKw9M12Mejs0L/JGtf5gPBCFkVvrl8ffwRG
|
||||||
|
060Ep/k=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -1,5 +1,5 @@
|
||||||
-----BEGIN CMS-----
|
-----BEGIN CMS-----
|
||||||
MIIHAwYJKoZIhvcNAQcCoIIG9DCCBvACAQExCTAHBgUrDgMCGjCCBeQGCSqGSIb3
|
MIIHVgYJKoZIhvcNAQcCoIIHRzCCB0MCAQExCTAHBgUrDgMCGjCCBeQGCSqGSIb3
|
||||||
DQEHAaCCBdUEggXReyJhY2Nlc3MiOiB7InNlcnZpY2VDYXRhbG9nIjogW3siZW5k
|
DQEHAaCCBdUEggXReyJhY2Nlc3MiOiB7InNlcnZpY2VDYXRhbG9nIjogW3siZW5k
|
||||||
cG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx
|
cG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx
|
||||||
LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInJlZ2lvbiI6ICJy
|
LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInJlZ2lvbiI6ICJy
|
||||||
|
@ -31,10 +31,12 @@ ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJyZXZv
|
||||||
a2VkX3VzZXJuYW1lMSIsICJyb2xlc19saW5rcyI6IFsicm9sZTEiLCJyb2xlMiJd
|
a2VkX3VzZXJuYW1lMSIsICJyb2xlc19saW5rcyI6IFsicm9sZTEiLCJyb2xlMiJd
|
||||||
LCAiaWQiOiAicmV2b2tlZF91c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAi
|
LCAiaWQiOiAicmV2b2tlZF91c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAi
|
||||||
cm9sZTEifSwgeyJuYW1lIjogInJvbGUyIn1dLCAibmFtZSI6ICJyZXZva2VkX3Vz
|
cm9sZTEifSwgeyJuYW1lIjogInJvbGUyIn1dLCAibmFtZSI6ICJyZXZva2VkX3Vz
|
||||||
ZXJuYW1lMSJ9fX0NCjGB9zCB9AIBATBUME8xFTATBgNVBAoTDFJlZCBIYXQsIElu
|
ZXJuYW1lMSJ9fX0NCjGCAUkwggFFAgEBMIGkMIGeMQowCAYDVQQFEwE1MQswCQYD
|
||||||
YzERMA8GA1UEBxMIV2VzdGZvcmQxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxCzAJ
|
VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55dmFsZTESMBAGA1UE
|
||||||
BgNVBAYTAlVTAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAXstA+yZ5N/cS
|
ChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMGCSqGSIb3DQEJARYW
|
||||||
+i7Mmlhi585cckvwSVAGj9huPTpqBItpbO44+U3yUojEwcghomtpygI/wzUa8Z40
|
a2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2VsZiBTaWduZWQCAREw
|
||||||
UW/L3nGlATlOG833zhGvLKrp76GIitYMgk1e0OEmzGXeAWLnQZFev8ooMPs9rwYW
|
BwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYDMKg2xebd6Ua2gxnNZBIHtDsRmfsGK
|
||||||
MgEdAfDMWWqX+Tb7exdboLpRUiCQx1c=
|
tfD8k03XWWDnjrKqKtYC1BKFJAhYCGgVH8a+jhM4ye8BjUZ7F42AYdnI2CrdvDGX
|
||||||
|
ULTe3iAW4WFrhvWB8KP2lllitY3fpbj+GyDwLqcMFALlWzYVioCzN00+MeCG8pUB
|
||||||
|
vdK6NKiV9sCZjg==
|
||||||
-----END CMS-----
|
-----END CMS-----
|
|
@ -1,5 +1,5 @@
|
||||||
-----BEGIN CMS-----
|
-----BEGIN CMS-----
|
||||||
MIIG7QYJKoZIhvcNAQcCoIIG3jCCBtoCAQExCTAHBgUrDgMCGjCCBc4GCSqGSIb3
|
MIIHQAYJKoZIhvcNAQcCoIIHMTCCBy0CAQExCTAHBgUrDgMCGjCCBc4GCSqGSIb3
|
||||||
DQEHAaCCBb8EggW7eyJhY2Nlc3MiOiB7InNlcnZpY2VDYXRhbG9nIjogW3siZW5k
|
DQEHAaCCBb8EggW7eyJhY2Nlc3MiOiB7InNlcnZpY2VDYXRhbG9nIjogW3siZW5k
|
||||||
cG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx
|
cG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx
|
||||||
LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInJlZ2lvbiI6ICJy
|
LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInJlZ2lvbiI6ICJy
|
||||||
|
@ -30,11 +30,12 @@ ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg
|
||||||
ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJ1c2Vy
|
ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJ1c2Vy
|
||||||
X25hbWUxIiwgInJvbGVzX2xpbmtzIjogWyJyb2xlMSIsInJvbGUyIl0sICJpZCI6
|
X25hbWUxIiwgInJvbGVzX2xpbmtzIjogWyJyb2xlMSIsInJvbGUyIl0sICJpZCI6
|
||||||
ICJ1c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAicm9sZTEifSwgeyJuYW1l
|
ICJ1c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAicm9sZTEifSwgeyJuYW1l
|
||||||
IjogInJvbGUyIn1dLCAibmFtZSI6ICJ1c2VyX25hbWUxIn19fQ0KMYH3MIH0AgEB
|
IjogInJvbGUyIn1dLCAibmFtZSI6ICJ1c2VyX25hbWUxIn19fQ0KMYIBSTCCAUUC
|
||||||
MFQwTzEVMBMGA1UEChMMUmVkIEhhdCwgSW5jMREwDwYDVQQHEwhXZXN0Zm9yZDEW
|
AQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTES
|
||||||
MBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMCAQEwBwYFKw4DAhow
|
MBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sxETAPBgNVBAsT
|
||||||
DQYJKoZIhvcNAQEBBQAEgYAD6hPEpc/0wHe3rYDBFec52h7gxdbrTNEN7jmwdFto
|
CEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVuc3RhY2sub3Jn
|
||||||
xw0QnucmCREh9IUikJ2ob0c0uUC6cmNPajD9aFkGWhvNswNH2W2BYzUiC3CHM7U0
|
MRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkqhkiG9w0BAQEF
|
||||||
7nsIe3OOatqyUAyoQUhHZnIAx1tOgdPBVflnrtdIV1vkdqxednlJZ52Hxob2PP3h
|
AASBgEWUF++cnK20YBvO8kcIsVkCsg3M+oVAHGleCQZr8ho2yvgQ06hlPYl95Ih6
|
||||||
xg==
|
+wIHsUlO1EUxCmNBAdydGDzuonWvkHMN/KMv/PW4EbiuawpvqYYLxqRg3ADjIMNl
|
||||||
|
fxcgEbY34WAe3dYs2IAGiN70jFbqTr3ltxWHRTeeAqeltio9
|
||||||
-----END CMS-----
|
-----END CMS-----
|
|
@ -0,0 +1,17 @@
|
||||||
|
-----BEGIN CMS-----
|
||||||
|
MIICpwYJKoZIhvcNAQcCoIICmDCCApQCAQExCTAHBgUrDgMCGjCCATUGCSqGSIb3
|
||||||
|
DQEHAaCCASYEggEieyJhY2Nlc3MiOiB7InRva2VuIjogeyJleHBpcmVzIjogIjIw
|
||||||
|
MTItMDgtMTdUMTU6MzU6MzRaIiwgImlkIjogIjAxZTAzMmM5OTZlZjQ0MDZiMTQ0
|
||||||
|
MzM1OTE1YTQxZTc5In0sICJzZXJ2aWNlQ2F0YWxvZyI6IHt9LCAidXNlciI6IHsi
|
||||||
|
dXNlcm5hbWUiOiAidXNlcl9uYW1lMSIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQi
|
||||||
|
OiAiYzljODllM2JlM2VlNDUzZmJmMDBjNzk2NmY2ZDNmYmQiLCAicm9sZXMiOiBb
|
||||||
|
eyduYW1lJzogJ3JvbGUxJ30seyduYW1lJzogJ3JvbGUyJ30sXSwgIm5hbWUiOiAi
|
||||||
|
dXNlcl9uYW1lMSJ9fX0xggFJMIIBRQIBATCBpDCBnjEKMAgGA1UEBRMBNTELMAkG
|
||||||
|
A1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNV
|
||||||
|
BAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEW
|
||||||
|
FmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVkAgER
|
||||||
|
MAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAvJ19wdrQi3umLzaUAt1Ju9Vrr0m9
|
||||||
|
vvMEACRBGSiJB8J3R0VaSOqMb6QQYUhddrcaBX70roTA0W0fwU5vNShcTC/zvHSH
|
||||||
|
uj8FpotvJLj0YiVzzhpYzKXN6vqBIryhKm5SE6MXBmRULuyPSpIGgLCYlAIaOwdD
|
||||||
|
5s96C9aQukos8sU=
|
||||||
|
-----END CMS-----
|
|
@ -0,0 +1,12 @@
|
||||||
|
-----BEGIN CMS-----
|
||||||
|
MIIB2QYJKoZIhvcNAQcCoIIByjCCAcYCAQExCTAHBgUrDgMCGjBpBgkqhkiG9w0B
|
||||||
|
BwGgXARaeyJyZXZva2VkIjpbeyJpZCI6IjdhY2ZjZmRhZjZhMTRhZWJlOTdjNjFj
|
||||||
|
NTk0N2JjNGQzIiwiZXhwaXJlcyI6IjIwMTItMDgtMTRUMTc6NTg6NDhaIn1dfQ0K
|
||||||
|
MYIBSTCCAUUCAQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYD
|
||||||
|
VQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sx
|
||||||
|
ETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVu
|
||||||
|
c3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkq
|
||||||
|
hkiG9w0BAQEFAASBgK0KiADUUObQfhVE/zfyqQI/ROjRODXonVwAJE3WydMHHdXa
|
||||||
|
TwY/wVTaK0PwvrM/uIph6KOxwH4QelP3V1zRh0SJKERHK1ftJ8xCSxQ4zFwtFzG4
|
||||||
|
JTiPDhQcSi1swrUqy6WfVthCJKrLuTnqCP4bTE4bC8DNzMNvilRylNxSQK4g
|
||||||
|
-----END CMS-----
|
|
@ -20,6 +20,7 @@ DIR=`dirname "$0"`
|
||||||
CURRENT_DIR=`cd "$DIR" && pwd`
|
CURRENT_DIR=`cd "$DIR" && pwd`
|
||||||
CERTS_DIR=$CURRENT_DIR/certs
|
CERTS_DIR=$CURRENT_DIR/certs
|
||||||
PRIVATE_DIR=$CURRENT_DIR/private
|
PRIVATE_DIR=$CURRENT_DIR/private
|
||||||
|
CMS_DIR=$CURRENT_DIR/cms
|
||||||
|
|
||||||
|
|
||||||
function rm_old {
|
function rm_old {
|
||||||
|
@ -63,7 +64,7 @@ basicConstraints = critical,CA:true
|
||||||
' > ca.conf
|
' > ca.conf
|
||||||
}
|
}
|
||||||
|
|
||||||
function generate_req_conf {
|
function generate_ssl_req_conf {
|
||||||
echo '
|
echo '
|
||||||
[ req ]
|
[ req ]
|
||||||
default_bits = 1024
|
default_bits = 1024
|
||||||
|
@ -81,7 +82,28 @@ organizationName = OpenStack
|
||||||
organizationalUnitName = Keystone
|
organizationalUnitName = Keystone
|
||||||
commonName = localhost
|
commonName = localhost
|
||||||
emailAddress = keystone@openstack.org
|
emailAddress = keystone@openstack.org
|
||||||
' > req.conf
|
' > ssl_req.conf
|
||||||
|
}
|
||||||
|
|
||||||
|
function generate_cms_signing_req_conf {
|
||||||
|
echo '
|
||||||
|
[ req ]
|
||||||
|
default_bits = 1024
|
||||||
|
default_keyfile = keystonekey.pem
|
||||||
|
default_md = sha1
|
||||||
|
|
||||||
|
prompt = no
|
||||||
|
distinguished_name = distinguished_name
|
||||||
|
|
||||||
|
[ distinguished_name ]
|
||||||
|
countryName = US
|
||||||
|
stateOrProvinceName = CA
|
||||||
|
localityName = Sunnyvale
|
||||||
|
organizationName = OpenStack
|
||||||
|
organizationalUnitName = Keystone
|
||||||
|
commonName = Keystone
|
||||||
|
emailAddress = keystone@openstack.org
|
||||||
|
' > cms_signing_req.conf
|
||||||
}
|
}
|
||||||
|
|
||||||
function generate_signing_conf {
|
function generate_signing_conf {
|
||||||
|
@ -94,7 +116,7 @@ dir = .
|
||||||
database = $dir/index.txt
|
database = $dir/index.txt
|
||||||
new_certs_dir = $dir/newcerts
|
new_certs_dir = $dir/newcerts
|
||||||
|
|
||||||
certificate = $dir/certs/ca.pem
|
certificate = $dir/certs/cacert.pem
|
||||||
serial = $dir/serial
|
serial = $dir/serial
|
||||||
private_key = $dir/private/cakey.pem
|
private_key = $dir/private/cakey.pem
|
||||||
|
|
||||||
|
@ -104,8 +126,6 @@ default_md = sha1
|
||||||
|
|
||||||
policy = policy_any
|
policy = policy_any
|
||||||
|
|
||||||
x509_extensions = ca_extensions
|
|
||||||
|
|
||||||
[ policy_any ]
|
[ policy_any ]
|
||||||
countryName = supplied
|
countryName = supplied
|
||||||
stateOrProvinceName = supplied
|
stateOrProvinceName = supplied
|
||||||
|
@ -114,9 +134,6 @@ organizationName = supplied
|
||||||
organizationalUnitName = supplied
|
organizationalUnitName = supplied
|
||||||
emailAddress = supplied
|
emailAddress = supplied
|
||||||
commonName = supplied
|
commonName = supplied
|
||||||
|
|
||||||
[ ca_extensions ]
|
|
||||||
basicConstraints = critical,CA:true
|
|
||||||
' > signing.conf
|
' > signing.conf
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -140,40 +157,66 @@ function check_error {
|
||||||
|
|
||||||
function generate_ca {
|
function generate_ca {
|
||||||
echo 'Generating New CA Certificate ...'
|
echo 'Generating New CA Certificate ...'
|
||||||
openssl req -x509 -newkey rsa:1024 -days 21360 -out $CERTS_DIR/ca.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes
|
openssl req -x509 -newkey rsa:1024 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes
|
||||||
check_error $?
|
check_error $?
|
||||||
}
|
}
|
||||||
|
|
||||||
function cert_req {
|
function ssl_cert_req {
|
||||||
echo 'Generating Certificate Request ...'
|
echo 'Generating SSL Certificate Request ...'
|
||||||
generate_req_conf
|
generate_ssl_req_conf
|
||||||
openssl req -newkey rsa:1024 -keyout $PRIVATE_DIR/keystonekey.pem -keyform PEM -out req.pem -outform PEM -config req.conf -nodes
|
openssl req -newkey rsa:1024 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes
|
||||||
check_error $?
|
check_error $?
|
||||||
#openssl req -in req.pem -text -noout
|
#openssl req -in req.pem -text -noout
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function cms_signing_cert_req {
|
||||||
function issue_cert {
|
echo 'Generating CMS Signing Certificate Request ...'
|
||||||
echo 'Issuing SSL Certificate ...'
|
generate_cms_signing_req_conf
|
||||||
generate_signing_conf
|
openssl req -newkey rsa:1024 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes
|
||||||
openssl ca -in req.pem -config signing.conf -batch
|
|
||||||
check_error $?
|
check_error $?
|
||||||
openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/keystone.pem
|
#openssl req -in req.pem -text -noout
|
||||||
|
}
|
||||||
|
|
||||||
|
function issue_certs {
|
||||||
|
generate_signing_conf
|
||||||
|
echo 'Issuing SSL Certificate ...'
|
||||||
|
openssl ca -in ssl_req.pem -config signing.conf -batch
|
||||||
|
check_error $?
|
||||||
|
openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem
|
||||||
|
check_error $?
|
||||||
|
echo 'Issuing CMS Signing Certificate ...'
|
||||||
|
openssl ca -in cms_signing_req.pem -config signing.conf -batch
|
||||||
|
check_error $?
|
||||||
|
openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem
|
||||||
check_error $?
|
check_error $?
|
||||||
}
|
}
|
||||||
|
|
||||||
function create_middleware_cert {
|
function create_middleware_cert {
|
||||||
cp $CERTS_DIR/keystone.pem $CERTS_DIR/middleware.pem
|
cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem
|
||||||
cat $PRIVATE_DIR/keystonekey.pem >> $CERTS_DIR/middleware.pem
|
cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function check_openssl {
|
||||||
|
echo 'Checking openssl availability ...'
|
||||||
|
which openssl
|
||||||
|
check_error $?
|
||||||
|
}
|
||||||
|
|
||||||
echo $CURRENT_DIR
|
function gen_sample_cms {
|
||||||
|
for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json"
|
||||||
|
do
|
||||||
|
openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem}
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
check_openssl
|
||||||
rm_old
|
rm_old
|
||||||
cleanup
|
cleanup
|
||||||
setup
|
setup
|
||||||
generate_ca
|
generate_ca
|
||||||
cert_req
|
ssl_cert_req
|
||||||
issue_cert
|
cms_signing_cert_req
|
||||||
|
issue_certs
|
||||||
create_middleware_cert
|
create_middleware_cert
|
||||||
|
gen_sample_cms
|
||||||
cleanup
|
cleanup
|
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALzI17ExCaqdr7xY
|
||||||
|
2Q5CBZ1bW1lsrXxS8eNJRdQtskDuQVAluY03/OGZd8HQYiiY/ci2tYy7BNICbh5G
|
||||||
|
aO95eqTDykJR3liOYE/tHbY6puQlj2ZivmhlSd2d5d7lF0/H28RQsLu9VktMuw6q
|
||||||
|
9DpDm35jfrr8LgSeA3MdVqcS/4OhAgMBAAECgYEAjY9xJd5mqDicCXj6MhXRzgAu
|
||||||
|
TK0QnhQ4a72LDiLB8qx171qKe9mK18RTp9LReC3Yx8Qx+PhYEf5egnc7wq7uBgsk
|
||||||
|
wAE7bPXBPRoxFxDHtZDRASAhWxX0gkfyO3uIy88HIiQlu51v1O4mSVyNpOZFnY2b
|
||||||
|
ygLw8lg4AUJibSwE+50CQQDjWKluxXnifqoCn18BeT0FokBmV6ZLnRvHaroJP73O
|
||||||
|
kPDINiBRPxDpX1cQpQ4hXkjSRM9RrUa4Z6hAEmAUGcoPAkEA1JP7omqY6bRH+tmE
|
||||||
|
fM503jP5YiGNPB2UJRDPTXnbylII+pwf+hP0aW+2hnjm0cTAJ2yBNd9UnclLBsFO
|
||||||
|
yABHTwJBAJIvp7s3tfkjE3TeP7v11nwx6ZElWSQT4RHomblqyET0RC+pRjyX/eri
|
||||||
|
SFzGlYB1XQQABQNzFR9sX+7bIfaq4pcCQCHs1/zMnEi3z8D109IDNN19V/BUQHD2
|
||||||
|
m3zq2NqZdv0r6GjuX6AObTQicvO0+clCaBQimeBaGuvvgvy5/vOmL7sCQQDgFxy/
|
||||||
|
Yn5c6/jZDf2Vd/Jdk9tdV7147nC/A93c08BIWhD+jgPe/eIYMch61y7VczXizlb7
|
||||||
|
M/BPhTX0/4yrL5Pg
|
||||||
|
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANBnphDSfn7OTmk/
|
||||||
|
JOLgOxE0QwP6F/7VCglQH8X2L3hwHUKhCg3FG7YXV054ZAZ79DmSKcQT8cERGUmS
|
||||||
|
tiP4XpD6wSC2eFEs6MxQoLnVwON0DJAZXLkPlTiNv6uR+M9pJ8WnsbAYz3iF+w/T
|
||||||
|
aMLU2BZToEqgosfMViHDVtcdRJ9XAgMBAAECgYAqcJEO5+6+oACzyhoW4ZblwADN
|
||||||
|
tIZibLvofZqa07GDE0HCKc1EVJl6EXLEFhw4fdGUT8GVnoIi0PqXUvsohBGtkmpM
|
||||||
|
Ee+Yj5ii7VEL75Z5zzJZ50CM7vI0AqZ2WMIITjgsrMKdBh0tHolTCqenqv1t2/OZ
|
||||||
|
dwAgPG1C90VsPgLW4QJBAOvuCwOZwAOlIygeSYfl9/aQuIQzP5yIQbv95Z+jeyii
|
||||||
|
ly29FrPqhZvU4+hS7xUnT8X1d5XemsQTScoE/lF3LEkCQQDiIi5crENMdYX60ax7
|
||||||
|
/6U25Ej0XyQ3Gt8ryYDoPIaeWSlRV5TQnYfY9CdQqJmTyBWYHNBOhjHupNX4AgWJ
|
||||||
|
8y6fAkEAlYNZP4LkCGtSiE4JUzINnhfAlybTHSPMZJJWPoCfv/Sp0baO+J2a5lJX
|
||||||
|
zBcipEkxaMZSbouPkMqYbIoVkRLw4QJAD8y5looGrbnsYYjy1zsWbQ5oNoLLQfpj
|
||||||
|
q2iJ1DAea8PpCiDnaegHzNXKRW1yRYwOTjF9MG9Z38WumYRypJ/UGwJBAJShOlyg
|
||||||
|
AA3ob9ajlJ3/NMNbIrVbDuG1c14HVHarnF9nrf8wmjACXP/rjFZo9tVAbQjG6kXH
|
||||||
|
41oYgyhOVRYT578=
|
||||||
|
-----END PRIVATE KEY-----
|
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANRG3ZkIJ+NaY9sm
|
||||||
|
irkZ+Lzf1Ka18xOvc2kizemUMeAchs9hlP0Kpm8EBHal1vgzSuXncP8gyQ6nMZUw
|
||||||
|
5NhFMZ1kLSfzoB/hCyTlIp/4VZbCAtn43zlTUSgQQMH+6I4k4sZDOiIAE7yvzEMa
|
||||||
|
71RkqBzduuFoeuhBm5oqmRa8kac5AgMBAAECgYBngOI94tcoKQO1cJaFaJ964Jyc
|
||||||
|
aO1L9OmOIvVJ5gNnpiEpbwgpVY8PZGMUwwoNXV0wumfDTmYaafVoLD35IcvtcS3D
|
||||||
|
Tmsm+zC3ZQYzbQrIkQrtXE+y4bMwtscOTd61YDFQE++0omg3qckVu8IYSdFtTb9D
|
||||||
|
SjSsWMnYoDmGrBqCHQJBAP2jq2I5fMPSR3LY5FdejwhyUcqs6AKyJD0BDJzIhdV6
|
||||||
|
d0InWWss/atR4sMnOX7WKIo1m4+X+0+T2F69kj9hge8CQQDWQKTvbvlDugiziwNc
|
||||||
|
FRl+yC7YTJ34toRFI4xbszKL3vgk4KDgfSQeoPp9KeHXmjgTfXIOwSVI83QBoL1d
|
||||||
|
LHFXAkEAglD9VVJEEDiSDSfy6hDjXGugKon8CqaMh+tqF4PPf4eUjqC5CJ/tFYDV
|
||||||
|
CX+1wr01xw0UCAsGTDSiDstHwNjQcQJAAkF3+xVeBnqE8O77wBJwzEbrR1e3KhEx
|
||||||
|
31B6f9SpKZPVZP4Ac5ydrrzfJkY0nIKBKKNfegxKijQV+pZop/x5zQJASGTmKcW2
|
||||||
|
WKj4P8PiolVlWH2ZTARSschff5wDV6nBneb5zWNgpPORrSRPl9yrYrgqk4vvjLh5
|
||||||
|
rUiR/G65ZjmbnA==
|
||||||
|
-----END PRIVATE KEY-----
|
|
@ -1,18 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIC0TCCAjqgAwIBAgIJAMyVAS1JB/DRMA0GCSqGSIb3DQEBBQUAMIGeMQowCAYD
|
|
||||||
VQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55
|
|
||||||
dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMG
|
|
||||||
CSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2Vs
|
|
||||||
ZiBTaWduZWQwIBcNMTIxMDIyMTk0OTA0WhgPMjA3MTA0MTYxOTQ5MDRaMIGeMQow
|
|
||||||
CAYDVQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1
|
|
||||||
bm55dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTEl
|
|
||||||
MCMGCSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxML
|
|
||||||
U2VsZiBTaWduZWQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANKsTxsxbBGA
|
|
||||||
GzglqerOOnNw76g/U/ltb6RugEnfD3nBOBGT3zXW+8i0XVzCPdYsIjaltDIGZ66N
|
|
||||||
86QXSLOgxccYN+uHo2/ADvcc5HzH6Wi8mkzlYA+ZEx4JZZQPlaoN52/Tib487nn4
|
|
||||||
3oldwbI9cvfpp0kzDHWx3HVil1fT6WwDAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB
|
|
||||||
Af8wDQYJKoZIhvcNAQEFBQADgYEAK9reLm4pW0AKGhXFvn0D1fRl/5Wxp/cZ3MM2
|
|
||||||
IHSAelTx7bp67VeBGw+SrVdVUM9K6pqmJemA+IWGXHcRE6WPEQYUI0Bs9R6MdwOt
|
|
||||||
ws665r9WWExDztdXELsqacg/olcDiyHi0CAXPxWh/KRYSBfO3wNjOvvGTuedpnIU
|
|
||||||
MQOy2UI=
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,17 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIICuzCCAiSgAwIBAgIBEDANBgkqhkiG9w0BAQUFADCBnjEKMAgGA1UEBRMBNTEL
|
|
||||||
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQ
|
|
||||||
BgNVBAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0B
|
|
||||||
CQEWFmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVk
|
|
||||||
MCAXDTEyMTAyMjE5NDkwNFoYDzIwNzEwNDE2MTk0OTA0WjCBkDELMAkGA1UEBhMC
|
|
||||||
VVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNVBAoTCU9w
|
|
||||||
ZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEWFmtleXN0
|
|
||||||
b25lQG9wZW5zdGFjay5vcmcxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG
|
|
||||||
9w0BAQEFAAOBjQAwgYkCgYEA0g+31KD6C4nVJKjl5jm5RS2UyZBqGvCFxvyKkTAs
|
|
||||||
VK9RnVl2R9J/1p3eUP7zwdait/g+FQTlsRQQoH6Ybf9oPZpJFeotvZXH/D5a7I+t
|
|
||||||
U8m1qLrJqd61wNad3JaubcqAa6r+wj1A7y1ZLvnzZBhZwQBXYYy3cLqTP6cTqS2u
|
|
||||||
ezECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAD
|
|
||||||
pZbC4E22H6C8phw9qryctY+jIG50QHJz0iJHf27IbIOELYK4VKtCkbaiOcQwMKtA
|
|
||||||
L0SGotIM5Z6VN+72pUJUGM8EhaGYmZpfyF/+E3JSo1r41mneqdjfYy6wpnnhMlk9
|
|
||||||
I6COsjgq6xvnlqMdS5LR24wDIK/Ftd0dx5CrmmuYog==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,33 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIICuzCCAiSgAwIBAgIBEDANBgkqhkiG9w0BAQUFADCBnjEKMAgGA1UEBRMBNTEL
|
|
||||||
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQ
|
|
||||||
BgNVBAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0B
|
|
||||||
CQEWFmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVk
|
|
||||||
MCAXDTEyMTAyMjE5NDkwNFoYDzIwNzEwNDE2MTk0OTA0WjCBkDELMAkGA1UEBhMC
|
|
||||||
VVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNVBAoTCU9w
|
|
||||||
ZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEWFmtleXN0
|
|
||||||
b25lQG9wZW5zdGFjay5vcmcxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG
|
|
||||||
9w0BAQEFAAOBjQAwgYkCgYEA0g+31KD6C4nVJKjl5jm5RS2UyZBqGvCFxvyKkTAs
|
|
||||||
VK9RnVl2R9J/1p3eUP7zwdait/g+FQTlsRQQoH6Ybf9oPZpJFeotvZXH/D5a7I+t
|
|
||||||
U8m1qLrJqd61wNad3JaubcqAa6r+wj1A7y1ZLvnzZBhZwQBXYYy3cLqTP6cTqS2u
|
|
||||||
ezECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAD
|
|
||||||
pZbC4E22H6C8phw9qryctY+jIG50QHJz0iJHf27IbIOELYK4VKtCkbaiOcQwMKtA
|
|
||||||
L0SGotIM5Z6VN+72pUJUGM8EhaGYmZpfyF/+E3JSo1r41mneqdjfYy6wpnnhMlk9
|
|
||||||
I6COsjgq6xvnlqMdS5LR24wDIK/Ftd0dx5CrmmuYog==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANIPt9Sg+guJ1SSo
|
|
||||||
5eY5uUUtlMmQahrwhcb8ipEwLFSvUZ1ZdkfSf9ad3lD+88HWorf4PhUE5bEUEKB+
|
|
||||||
mG3/aD2aSRXqLb2Vx/w+WuyPrVPJtai6yanetcDWndyWrm3KgGuq/sI9QO8tWS75
|
|
||||||
82QYWcEAV2GMt3C6kz+nE6ktrnsxAgMBAAECgYEAqcmioO7srN7ftR3/lTMbGVta
|
|
||||||
ZAGigdvfhZMivW/epSSAJ1rkS/FM+z/nLjik9gxywZiZNYwbzCGXvuIUevRyX8Ei
|
|
||||||
PVTggVqK449NpW+K0aFe1D9MTn1A6axznwa1/STgAr80Q/9v8L6Pqy37AfxEBdej
|
|
||||||
ly0wZ/OMB4r6LN5hGPECQQD04EncRtsqQ5E+1pfl625vXAowjcv84ZRewhN772Ub
|
|
||||||
/vwNiL/K5JHgKixnMfQyDbltRVk09i2tIBSywVVNI+TTAkEA25qP+llyxNgwLsZ6
|
|
||||||
S3WwBJOL4BR7HNlhAM/rO1BiWBwkwAKbh7PWEb0pXM/H5c3TrCe1VPQ2fNXCl164
|
|
||||||
M8BtawJBAOdYru8pEg4P370aSE+z6ZXTwty0WjADfoU3nejM9x1H/SFcPLaW0yqR
|
|
||||||
LXohO6++P5z4k5rxqZ2SXXu0I77JVnkCQAIcbEHl1jqaMWxhsA9FpFmG6ZNP3xcZ
|
|
||||||
59rQJNy/GxLpwliuLbySN/6XqOwhezR0VBKVlyKn7lYo3+QAnxiwQt0CQQCEQ3sJ
|
|
||||||
lAREj2ZkImKRAFZj2uxK4cz0+wkRx6pWHyy8hil19LkaWBKbC0U6kaoUyCsDgM1O
|
|
||||||
L70bXSvi52tgTzr6
|
|
||||||
-----END PRIVATE KEY-----
|
|
|
@ -1,16 +0,0 @@
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANKsTxsxbBGAGzgl
|
|
||||||
qerOOnNw76g/U/ltb6RugEnfD3nBOBGT3zXW+8i0XVzCPdYsIjaltDIGZ66N86QX
|
|
||||||
SLOgxccYN+uHo2/ADvcc5HzH6Wi8mkzlYA+ZEx4JZZQPlaoN52/Tib487nn43old
|
|
||||||
wbI9cvfpp0kzDHWx3HVil1fT6WwDAgMBAAECgYBY/FNFpzCAi93zb2VAOu/RhyiT
|
|
||||||
pnwv5Ru9Fre1fDSrNwQZ2J31veMIObcd0SYRav7gmklsv+vXfTomW3dn+EbRNwjb
|
|
||||||
HhhyX0fWoIBl95Z9pGgEAKCqm6ooJXcNSDAoJB573IO24dB0Trvp2BTvm8AdHN6d
|
|
||||||
AIrQkOZbUZKRYCP6oQJBAPtwzF3pYGS4L/phohJRJnWwKd9vMOgJztwu9TWlISMn
|
|
||||||
Mkld8ur4obRwpTpusDiIJMOLOS3b1UKk/Usy5TObbisCQQDWfkP19g5S1DeRRdnX
|
|
||||||
Fhx7WnB6QS+D2BgB2SLOpNQeRj4RHsKhqi1t6cn8KVb7gWjOvPVgLB85wV8fa6u8
|
|
||||||
DeWJAkBk9+XJLGcd6uyxQbWAX3/vMH+QDql39EBSILUtBpNo91t1JLnga1kcCUQA
|
|
||||||
U+SFvv3sXCLo7GcV7QUdxmFNuPOjAkEAkt2+Fwo14I0ixzv23wlq0yOn5G4B5Nrw
|
|
||||||
BUPyS2AdReV+1iYjyqJFnP75qMl9n5SKeRR1Rzau4tL/GPqWiptRUQJBAKoh+W92
|
|
||||||
IrMHKlMt8yUh7BgYzImrAo+gI+r5Mqewn8G75t2kRf/JcdM6i7fwAPSuTaV/sfA/
|
|
||||||
FYJ+N9ZGfFSBAJM=
|
|
||||||
-----END PRIVATE KEY-----
|
|
|
@ -1,16 +0,0 @@
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANIPt9Sg+guJ1SSo
|
|
||||||
5eY5uUUtlMmQahrwhcb8ipEwLFSvUZ1ZdkfSf9ad3lD+88HWorf4PhUE5bEUEKB+
|
|
||||||
mG3/aD2aSRXqLb2Vx/w+WuyPrVPJtai6yanetcDWndyWrm3KgGuq/sI9QO8tWS75
|
|
||||||
82QYWcEAV2GMt3C6kz+nE6ktrnsxAgMBAAECgYEAqcmioO7srN7ftR3/lTMbGVta
|
|
||||||
ZAGigdvfhZMivW/epSSAJ1rkS/FM+z/nLjik9gxywZiZNYwbzCGXvuIUevRyX8Ei
|
|
||||||
PVTggVqK449NpW+K0aFe1D9MTn1A6axznwa1/STgAr80Q/9v8L6Pqy37AfxEBdej
|
|
||||||
ly0wZ/OMB4r6LN5hGPECQQD04EncRtsqQ5E+1pfl625vXAowjcv84ZRewhN772Ub
|
|
||||||
/vwNiL/K5JHgKixnMfQyDbltRVk09i2tIBSywVVNI+TTAkEA25qP+llyxNgwLsZ6
|
|
||||||
S3WwBJOL4BR7HNlhAM/rO1BiWBwkwAKbh7PWEb0pXM/H5c3TrCe1VPQ2fNXCl164
|
|
||||||
M8BtawJBAOdYru8pEg4P370aSE+z6ZXTwty0WjADfoU3nejM9x1H/SFcPLaW0yqR
|
|
||||||
LXohO6++P5z4k5rxqZ2SXXu0I77JVnkCQAIcbEHl1jqaMWxhsA9FpFmG6ZNP3xcZ
|
|
||||||
59rQJNy/GxLpwliuLbySN/6XqOwhezR0VBKVlyKn7lYo3+QAnxiwQt0CQQCEQ3sJ
|
|
||||||
lAREj2ZkImKRAFZj2uxK4cz0+wkRx6pWHyy8hil19LkaWBKbC0U6kaoUyCsDgM1O
|
|
||||||
L70bXSvi52tgTzr6
|
|
||||||
-----END PRIVATE KEY-----
|
|
|
@ -1,34 +0,0 @@
|
||||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
||||||
|
|
||||||
# Copyright 2012 Red Hat,. Inc
|
|
||||||
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
# not use this file except in compliance with the License. You may obtain
|
|
||||||
# a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
# License for the specific language governing permissions and limitations
|
|
||||||
# under the License.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
.SUFFIXES: .json .pem
|
|
||||||
|
|
||||||
SOURCES=auth_token_unscoped.json auth_token_scoped.json revocation_list.json
|
|
||||||
SIGNED=$(SOURCES:.json=.pem)
|
|
||||||
TARGETS=$(SIGNED)
|
|
||||||
|
|
||||||
all: $(TARGETS)
|
|
||||||
clean:
|
|
||||||
rm -f $(TARGETS) *~
|
|
||||||
|
|
||||||
.json.pem :
|
|
||||||
openssl cms -sign -in $< -nosmimecap -signer signing_cert.pem -inkey private_key.pem -outform PEM -nodetach -nocerts -noattr -out $@
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
The commands to create the various pem files for the signed tokens and
|
|
||||||
revocation list were generated by the associated make file.
|
|
||||||
|
|
||||||
The hashed value in the revocation list was generated using the revoked token using
|
|
||||||
the following python code
|
|
||||||
|
|
||||||
from keystone.common import cms,utils
|
|
||||||
f=open("tests/signing/auth_token_revoked.pem","r")
|
|
||||||
r=f.read()
|
|
||||||
utils.hash_signed_token(cms.cms_to_token(r))
|
|
||||||
f.close()
|
|
|
@ -1,14 +0,0 @@
|
||||||
-----BEGIN CMS-----
|
|
||||||
MIICLwYJKoZIhvcNAQcCoIICIDCCAhwCAQExCTAHBgUrDgMCGjCCARAGCSqGSIb3
|
|
||||||
DQEHAaCCAQEEgf57ImFjY2VzcyI6IHsidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAx
|
|
||||||
Mi0wOC0xN1QxNTozNTozNFoiLCAiaWQiOiAiMDFlMDMyYzk5NmVmNDQwNmIxNDQz
|
|
||||||
MzU5MTVhNDFlNzkifSwgInNlcnZpY2VDYXRhbG9nIjoge30sICJ1c2VyIjogeyJ1
|
|
||||||
c2VybmFtZSI6ICJ1c2VyX25hbWUxIiwgInJvbGVzX2xpbmtzIjogW10sICJpZCI6
|
|
||||||
ICJjOWM4OWUzYmUzZWU0NTNmYmYwMGM3OTY2ZjZkM2ZiZCIsICJyb2xlcyI6IFtd
|
|
||||||
LCAibmFtZSI6ICJ1c2VyX25hbWUxIn19fTGB9zCB9AIBATBUME8xFTATBgNVBAoT
|
|
||||||
DFJlZCBIYXQsIEluYzERMA8GA1UEBxMIV2VzdGZvcmQxFjAUBgNVBAgTDU1hc3Nh
|
|
||||||
Y2h1c2V0dHMxCzAJBgNVBAYTAlVTAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUA
|
|
||||||
BIGAisEcxeNzNYbZPuWEEL+0SRAHjfaSFuhDHAAZ67P6LkoSN8IAio+2fqH2d1Ix
|
|
||||||
qfUYBW/cVEYdEZ3itbR0KdDucemHFpows+eZVUe6nsV7hgMqXBmfrKyEC4PBuIoI
|
|
||||||
/nofrwbV/R88v1jAIyrB3IbPUydXDK79lThL47rcGCeOuwI=
|
|
||||||
-----END CMS-----
|
|
|
@ -1,18 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIICzjCCAjegAwIBAgIJAMwBikmrmZ0sMA0GCSqGSIb3DQEBBAUAME8xFTATBgNV
|
|
||||||
BAoTDFJlZCBIYXQsIEluYzERMA8GA1UEBxMIV2VzdGZvcmQxFjAUBgNVBAgTDU1h
|
|
||||||
c3NhY2h1c2V0dHMxCzAJBgNVBAYTAlVTMB4XDTEyMDUxODE5MzQ1MVoXDTIyMDUx
|
|
||||||
NjE5MzQ1MVowTzEVMBMGA1UEChMMUmVkIEhhdCwgSW5jMREwDwYDVQQHEwhXZXN0
|
|
||||||
Zm9yZDEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMwgZ8wDQYJ
|
|
||||||
KoZIhvcNAQEBBQADgY0AMIGJAoGBAORnyPRzimWPxIeTJ3DEedU5hzRjzfDC8ZHP
|
|
||||||
ZgmB81V5VUiPTB72uNf8Wh6p0mhBMSmVkmvWJNjdrGWXU/SmtVd9EFLRyLwUt9kk
|
|
||||||
3fjEHBl7HXLc1kAwaBsmA6LGDHvxQ34zXB2hvqd5x3BwPGnzN5XUEHjIjQncLkhi
|
|
||||||
86BqaTkhAgMBAAGjgbEwga4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUv20jLjrl
|
|
||||||
MDv+KyKSjzuEmagGCekwfwYDVR0jBHgwdoAUv20jLjrlMDv+KyKSjzuEmagGCemh
|
|
||||||
U6RRME8xFTATBgNVBAoTDFJlZCBIYXQsIEluYzERMA8GA1UEBxMIV2VzdGZvcmQx
|
|
||||||
FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxCzAJBgNVBAYTAlVTggkAzAGKSauZnSww
|
|
||||||
DQYJKoZIhvcNAQEEBQADgYEAYLM3oI2qawJpyNODliOkwRvlSsotF/2pn5EU85I5
|
|
||||||
vGewZxrgwwy2DbK6w8EECcarOjRJwz1ZYyi8ZpATipbLTX2JtmSwiye6YjhJyU4f
|
|
||||||
yp7jtnalLlpoDigHHWjc1jzoKDQTk7g1F/XzUBTG5rcEB24IzLXgr7vt2TU+7/nq
|
|
||||||
KbY=
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,16 +0,0 @@
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKaTKHl5YfzfWUkV
|
|
||||||
QS5O6UoBLQ+Sh/tHjXpKhsSmFXkKD4nFQiIf2X1HGdQkKFY258pVvWbVNb82LT4k
|
|
||||||
F7r+tElQh4zzPO2f633hPs+GrrvzyDwXIKU2Y0/7aAy9mcPpHEK0ACnn0vYzF5Ax
|
|
||||||
1FhqHmXpeNpxla4dxK1wPFNIwWgdAgMBAAECgYBTNwjtRnpxPZL5M6kQXVOmKNg+
|
|
||||||
A1Hzcld3VGvnKaFoimIgzW6wZYDdWPvKQxXznBJHvnWUPcdP8ty/QoCoZj3h5ABA
|
|
||||||
PaaJjsMDYzP5XzvFi1X0bWu5DZbrd5aCqCJV7qiHrAg6kfOzzqGgQULrh/LJh0nn
|
|
||||||
1ZIDzx4o7RM9nreOAQJBANJxRNgh3msy4K72dipHewSX0ZBg0TlophfqXYuBauK0
|
|
||||||
twIiqOtZwNmBM+bO8sYOqki/eagbzihEjcomVP+THCECQQDKor5ZKxRLPGW5t0B4
|
|
||||||
ix85mbIHo7jkbVjcwEFEwnIZ5uLj0KD3G31UqmrocXuzJmWhwryWmwx0+BHMlhTq
|
|
||||||
Nyx9AkEAmVZRTI75KvEqiDIrjckB2SnqWCJDsWoQRDLQMJt/T2tQQi0RGlQO0i1z
|
|
||||||
rQU0Hp6G83UZZyXDhNHW4uolWwhNIQJAU3UT0MXdZd9KRmMjOoKSKbcTi/HyhKJE
|
|
||||||
pybHuvoa5HAjopCauyunQuetgG6889wsn6ME6UKSrto8+nYVxyFSQQJALJ6x4AxJ
|
|
||||||
IJJiR9lHIGQKw2SD1cty1FkSxHWcSc3CMTy3COrchI6o4wSJ/jMIRT95c09Ir5bT
|
|
||||||
Mgus0nrjlXFl7w==
|
|
||||||
-----END PRIVATE KEY-----
|
|
|
@ -1,11 +0,0 @@
|
||||||
-----BEGIN CMS-----
|
|
||||||
MIIBhgYJKoZIhvcNAQcCoIIBdzCCAXMCAQExCTAHBgUrDgMCGjBpBgkqhkiG9w0B
|
|
||||||
BwGgXARaeyJyZXZva2VkIjpbeyJpZCI6IjdhY2ZjZmRhZjZhMTRhZWJlOTdjNjFj
|
|
||||||
NTk0N2JjNGQzIiwiZXhwaXJlcyI6IjIwMTItMDgtMTRUMTc6NTg6NDhaIn1dfQ0K
|
|
||||||
MYH3MIH0AgEBMFQwTzEVMBMGA1UEChMMUmVkIEhhdCwgSW5jMREwDwYDVQQHEwhX
|
|
||||||
ZXN0Zm9yZDEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czELMAkGA1UEBhMCVVMCAQEw
|
|
||||||
BwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYCVDgl1puOfsn2BNliKnHNsSucYI3xn
|
|
||||||
aJvZ8UM2hg+TGgshMPhNjo1/p1VBqwyIb0+AAUnFj7fikCNE6dypvT+xX/vUgGnv
|
|
||||||
4EJ2cqG/0PFB/8B6Tz3FSsFMhXUIRnXKKxLxMCkge1b072BapJ1FJm8sXSem5ecO
|
|
||||||
adoOjW3kjFJk/A==
|
|
||||||
-----END CMS-----
|
|
|
@ -1,13 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIICCzCCAXQCAQEwDQYJKoZIhvcNAQEEBQAwTzEVMBMGA1UEChMMUmVkIEhhdCwg
|
|
||||||
SW5jMREwDwYDVQQHEwhXZXN0Zm9yZDEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEL
|
|
||||||
MAkGA1UEBhMCVVMwHhcNMTIwNTE4MTk0MTQyWhcNMTMwNTE4MTk0MTQyWjBNMQsw
|
|
||||||
CQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEVMBMGA1UEChMMUmVk
|
|
||||||
IEhhdCwgSW5jMQ8wDQYDVQQDEwZheW91bmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
|
|
||||||
MIGJAoGBAKaTKHl5YfzfWUkVQS5O6UoBLQ+Sh/tHjXpKhsSmFXkKD4nFQiIf2X1H
|
|
||||||
GdQkKFY258pVvWbVNb82LT4kF7r+tElQh4zzPO2f633hPs+GrrvzyDwXIKU2Y0/7
|
|
||||||
aAy9mcPpHEK0ACnn0vYzF5Ax1FhqHmXpeNpxla4dxK1wPFNIwWgdAgMBAAEwDQYJ
|
|
||||||
KoZIhvcNAQEEBQADgYEA1Nr9B+iTLLzlMc+8dsyJpDEzVPACVkElhVDojODfOW3p
|
|
||||||
MD0rINb+icprJVp+zBOR0MDYtGyBFUNGLFE3z2i5gWKu/63Ge3wfC0KBLFs6UQEd
|
|
||||||
82MQS3pBEub+4SM7XkhKajx12YgkX0ntEpNCAkm/YdGW4af5xlkViJ3cBpqWwuk=
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -30,6 +30,13 @@ from keystone.openstack.common import timeutils
|
||||||
from keystone import test
|
from keystone import test
|
||||||
|
|
||||||
|
|
||||||
|
CERTDIR = test.rootdir("examples/pki/certs")
|
||||||
|
KEYDIR = test.rootdir("examples/pki/private")
|
||||||
|
CMSDIR = test.rootdir("examples/pki/cms")
|
||||||
|
SIGNING_CERT = os.path.join(CERTDIR, 'signing_cert.pem')
|
||||||
|
SIGNING_KEY = os.path.join(KEYDIR, 'signing_key.pem')
|
||||||
|
CA = os.path.join(CERTDIR, 'ca.pem')
|
||||||
|
|
||||||
REVOCATION_LIST = None
|
REVOCATION_LIST = None
|
||||||
REVOKED_TOKEN = None
|
REVOKED_TOKEN = None
|
||||||
REVOKED_TOKEN_HASH = None
|
REVOKED_TOKEN_HASH = None
|
||||||
|
@ -145,7 +152,7 @@ TOKEN_RESPONSES = {
|
||||||
# in the signing subdirectory. In order to keep the values consistent between
|
# in the signing subdirectory. In order to keep the values consistent between
|
||||||
# the tests and the signed documents, we read them in for use in the tests.
|
# the tests and the signed documents, we read them in for use in the tests.
|
||||||
def setUpModule(self):
|
def setUpModule(self):
|
||||||
signing_path = os.path.join(os.path.dirname(__file__), 'signing')
|
signing_path = CMSDIR
|
||||||
with open(os.path.join(signing_path, 'auth_token_scoped.pem')) as f:
|
with open(os.path.join(signing_path, 'auth_token_scoped.pem')) as f:
|
||||||
self.SIGNED_TOKEN_SCOPED = cms.cms_to_token(f.read())
|
self.SIGNED_TOKEN_SCOPED = cms.cms_to_token(f.read())
|
||||||
with open(os.path.join(signing_path, 'auth_token_unscoped.pem')) as f:
|
with open(os.path.join(signing_path, 'auth_token_unscoped.pem')) as f:
|
||||||
|
@ -314,7 +321,7 @@ class BaseAuthTokenMiddlewareTest(test.TestCase):
|
||||||
'auth_host': 'keystone.example.com',
|
'auth_host': 'keystone.example.com',
|
||||||
'auth_port': 1234,
|
'auth_port': 1234,
|
||||||
'auth_admin_prefix': '/testadmin',
|
'auth_admin_prefix': '/testadmin',
|
||||||
'signing_dir': 'signing',
|
'signing_dir': CERTDIR,
|
||||||
}
|
}
|
||||||
|
|
||||||
self.middleware = auth_token.AuthProtocol(FakeApp(expected_env), conf)
|
self.middleware = auth_token.AuthProtocol(FakeApp(expected_env), conf)
|
||||||
|
|
|
@ -9,6 +9,6 @@ driver = keystone.catalog.backends.templated.TemplatedCatalog
|
||||||
template_file = default_catalog.templates
|
template_file = default_catalog.templates
|
||||||
|
|
||||||
[signing]
|
[signing]
|
||||||
certfile = signing/signing_cert.pem
|
certfile = ../examples/pki/certs/signing_cert.pem
|
||||||
keyfile = signing/private_key.pem
|
keyfile = ../examples/pki/private/signing_key.pem
|
||||||
ca_certs = signing/cacert.pem
|
ca_certs = ../examples/pki/certs/cacert.pem
|
||||||
|
|
|
@ -25,11 +25,11 @@ from keystone import test
|
||||||
|
|
||||||
CONF = config.CONF
|
CONF = config.CONF
|
||||||
|
|
||||||
CERTDIR = test.rootdir("examples/ssl/certs")
|
CERTDIR = test.rootdir("examples/pki/certs")
|
||||||
KEYDIR = test.rootdir("examples/ssl/private")
|
KEYDIR = test.rootdir("examples/pki/private")
|
||||||
CERT = os.path.join(CERTDIR, 'keystone.pem')
|
CERT = os.path.join(CERTDIR, 'ssl_cert.pem')
|
||||||
KEY = os.path.join(KEYDIR, 'keystonekey.pem')
|
KEY = os.path.join(KEYDIR, 'ssl_key.pem')
|
||||||
CA = os.path.join(CERTDIR, 'ca.pem')
|
CA = os.path.join(CERTDIR, 'cacert.pem')
|
||||||
CLIENT = os.path.join(CERTDIR, 'middleware.pem')
|
CLIENT = os.path.join(CERTDIR, 'middleware.pem')
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue