1631 lines
86 KiB
Diff
1631 lines
86 KiB
Diff
From 2e0dd9a0a3e77f21a37d894133d301afdac6db7b Mon Sep 17 00:00:00 2001
|
|
From: Aram Sargsyan <aram@isc.org>
|
|
Date: Wed, 21 Sep 2022 13:15:50 +0000
|
|
Subject: [PATCH] Extend the nsupdate system test with DoT-related checks
|
|
|
|
Add a simple test PKI based on the existing one in the doth test.
|
|
|
|
Check ephemeral, forward-secrecy, and forward-secrecy-mutual-tls
|
|
TLS configurations with different scenarios.
|
|
|
|
(cherry picked from commit f2bb80d6ae172f6fd7943bf913d1b0566b5df352)
|
|
---
|
|
bin/tests/system/nsupdate/.gitignore | 5 +
|
|
bin/tests/system/nsupdate/CA/CA-other.pem | 26 +++
|
|
bin/tests/system/nsupdate/CA/CA.cfg | 77 +++++++
|
|
bin/tests/system/nsupdate/CA/CA.pem | 29 +++
|
|
bin/tests/system/nsupdate/CA/README | 2 +
|
|
.../CA/certs/srv01.client01.example.nil.key | 40 ++++
|
|
.../CA/certs/srv01.client01.example.nil.pem | 93 +++++++++
|
|
.../srv01.client02-expired.example.nil.key | 40 ++++
|
|
.../srv01.client02-expired.example.nil.pem | 93 +++++++++
|
|
.../CA/certs/srv01.crt01.example.nil.key | 40 ++++
|
|
.../CA/certs/srv01.crt01.example.nil.pem | 93 +++++++++
|
|
.../certs/srv01.crt02-expired.example.nil.key | 40 ++++
|
|
.../certs/srv01.crt02-expired.example.nil.pem | 93 +++++++++
|
|
bin/tests/system/nsupdate/CA/index.txt | 4 +
|
|
bin/tests/system/nsupdate/CA/index.txt.attr | 1 +
|
|
.../nsupdate/CA/newcerts/70B9F4EB2FA19598.pem | 93 +++++++++
|
|
.../nsupdate/CA/newcerts/70B9F4EB2FA19599.pem | 93 +++++++++
|
|
.../nsupdate/CA/newcerts/70B9F4EB2FA1959A.pem | 93 +++++++++
|
|
.../nsupdate/CA/newcerts/70B9F4EB2FA1959B.pem | 93 +++++++++
|
|
.../system/nsupdate/CA/private/CA-other.key | 39 ++++
|
|
bin/tests/system/nsupdate/CA/private/CA.key | 39 ++++
|
|
bin/tests/system/nsupdate/CA/serial | 1 +
|
|
bin/tests/system/nsupdate/dhparam3072.pem | 11 +
|
|
bin/tests/system/nsupdate/ns1/named.conf.in | 34 +++
|
|
bin/tests/system/nsupdate/ns10/named.conf.in | 2 +
|
|
bin/tests/system/nsupdate/tests.sh | 193 ++++++++++++++++++
|
|
26 files changed, 1367 insertions(+)
|
|
create mode 100644 bin/tests/system/nsupdate/.gitignore
|
|
create mode 100644 bin/tests/system/nsupdate/CA/CA-other.pem
|
|
create mode 100644 bin/tests/system/nsupdate/CA/CA.cfg
|
|
create mode 100644 bin/tests/system/nsupdate/CA/CA.pem
|
|
create mode 100644 bin/tests/system/nsupdate/CA/README
|
|
create mode 100644 bin/tests/system/nsupdate/CA/certs/srv01.client01.example.nil.key
|
|
create mode 100644 bin/tests/system/nsupdate/CA/certs/srv01.client01.example.nil.pem
|
|
create mode 100644 bin/tests/system/nsupdate/CA/certs/srv01.client02-expired.example.nil.key
|
|
create mode 100644 bin/tests/system/nsupdate/CA/certs/srv01.client02-expired.example.nil.pem
|
|
create mode 100644 bin/tests/system/nsupdate/CA/certs/srv01.crt01.example.nil.key
|
|
create mode 100644 bin/tests/system/nsupdate/CA/certs/srv01.crt01.example.nil.pem
|
|
create mode 100644 bin/tests/system/nsupdate/CA/certs/srv01.crt02-expired.example.nil.key
|
|
create mode 100644 bin/tests/system/nsupdate/CA/certs/srv01.crt02-expired.example.nil.pem
|
|
create mode 100644 bin/tests/system/nsupdate/CA/index.txt
|
|
create mode 100644 bin/tests/system/nsupdate/CA/index.txt.attr
|
|
create mode 100644 bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA19598.pem
|
|
create mode 100644 bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA19599.pem
|
|
create mode 100644 bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA1959A.pem
|
|
create mode 100644 bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA1959B.pem
|
|
create mode 100644 bin/tests/system/nsupdate/CA/private/CA-other.key
|
|
create mode 100644 bin/tests/system/nsupdate/CA/private/CA.key
|
|
create mode 100644 bin/tests/system/nsupdate/CA/serial
|
|
create mode 100644 bin/tests/system/nsupdate/dhparam3072.pem
|
|
|
|
diff --git a/bin/tests/system/nsupdate/.gitignore b/bin/tests/system/nsupdate/.gitignore
|
|
new file mode 100644
|
|
index 0000000..df5fe68
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/.gitignore
|
|
@@ -0,0 +1,5 @@
|
|
+# temporary files generated by "openssl ca"
|
|
+/CA/*.old
|
|
+# there is little point in keeping the certificate requests
|
|
+# for the issued certificates
|
|
+/CA/certs/*.csr
|
|
diff --git a/bin/tests/system/nsupdate/CA/CA-other.pem b/bin/tests/system/nsupdate/CA/CA-other.pem
|
|
new file mode 100644
|
|
index 0000000..6bdbeda
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/CA-other.pem
|
|
@@ -0,0 +1,26 @@
|
|
+-----BEGIN CERTIFICATE-----
|
|
+MIIEZTCCAs0CFDYlin3oeYDu16bFItl9tGZz1Ra4MA0GCSqGSIb3DQEBCwUAMG4x
|
|
+CzAJBgNVBAYTAlVBMRcwFQYDVQQIDA5LaGFya2l2IE9ibGFzdDEQMA4GA1UEBwwH
|
|
+S2hhcmtpdjEMMAoGA1UECgwDSVNDMSYwJAYDVQQLDB1Tb2Z0d2FyZSBFbmdlbmVl
|
|
+cmluZyAoQklORCA5KTAgFw0yMjA5MDcyMTIzNTBaGA8yMDUyMDgzMDIxMjM1MFow
|
|
+bjELMAkGA1UEBhMCVUExFzAVBgNVBAgMDktoYXJraXYgT2JsYXN0MRAwDgYDVQQH
|
|
+DAdLaGFya2l2MQwwCgYDVQQKDANJU0MxJjAkBgNVBAsMHVNvZnR3YXJlIEVuZ2Vu
|
|
+ZWVyaW5nIChCSU5EIDkpMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA
|
|
+10Xj8dH8/XCfUvhdL/S3E10TnrYY8IIDBmU0lkUR5IHwgP9IYVyR/0Mibg79FAs+
|
|
+rvuEDifUK+6wvkpj+BXNVZCspo9/u3cl7dqrLH+1SeUs50OeQnbbTrBl0PuNwvzE
|
|
+kbk7xwLlVDOyRmmvY/EEu7WkitQZgXSAYgttrk62CuJUQUmwUTX5Jxndsjydk/zW
|
|
+/DiulTsX+zv8kG5NiwpXCfL6QxBoMZNI4fUmDL3bX1XfHaFA+45GT2lHu07xc+cV
|
|
+eZIRCo0Nk+fIO53lDol8mmR8/5vna27gRnqEUSU7MZAMG6QBXkotnq3rHnrI/ku6
|
|
+dCJW4tbWV/ANQ+TG17g2tygzC/smqTuLqavyP9V5cRrdU9awEqwvy8uVbGkTmUZd
|
|
+tjkGWCcmBSWJvkH3MRJmijS7rDcb8m/g9+xKe79V1c8durGWvcfMRZZhWaoHyhnH
|
|
+g9+JLUCC3EUCp/1206w5vTXEQNpqi9Z3AZfgboPzJyji4OeYfcQ5eaIZ3OuIpyQz
|
|
+AgMBAAEwDQYJKoZIhvcNAQELBQADggGBAKdQkmmyUqcE1by7AeHoxkqFgqUeSAlh
|
|
+flXi5DD+j5+Op2GAUrx84LGy4+heKEwAkV5Cw2c9IMHmDDMnGe/g4FjBS+dTZsTs
|
|
+JRXXDR7t20eWiBpvO/3IMqVpPq9CAQY1L9PYAVuVM5cwdzsJXdH82z2BZ3Ttg3GX
|
|
+NPnybxzD/auC051vqEp28Jzbswd4c3VvTmRnYY7rYNNKnLD7812BIp7lnE6s5X2D
|
|
+y0PPSYdhscTqfJV0+GDF5hUduOFX1xTcPlXaXfyKLLelqtrw40p3ynww9v/J4mwt
|
|
+FBV+a8gguM7tCZMoV/VJZghObglV/wpokAQchL/pnxL7+U8JklRqaU4DlxyGZ+K4
|
|
+QlR5mJe19ZlkgHePk1MbwNZaTXjaOFirYmZzs4YynOp3iBHrW3CYY3kVlrUpKP08
|
|
+o101hce32VxkyST6i5W24MU02O/wuPdyQpN+rJjYv32Axsrh/ePkI5qKew9eZ63i
|
|
+WzNb7BW1LrHrQ/lXoJ3ekRQd10UX3xhk/w==
|
|
+-----END CERTIFICATE-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/CA.cfg b/bin/tests/system/nsupdate/CA/CA.cfg
|
|
new file mode 100644
|
|
index 0000000..1a3ed65
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/CA.cfg
|
|
@@ -0,0 +1,77 @@
|
|
+# See ../../doth/CA/ca.cfg for more information
|
|
+
|
|
+# certificate authority configuration
|
|
+[ca]
|
|
+default_ca = CA_default # The default ca section
|
|
+
|
|
+[CA_default]
|
|
+dir = .
|
|
+new_certs_dir = $dir/newcerts # new certs dir (must be created)
|
|
+certificate = $dir/CA.pem # The CA cert
|
|
+private_key = $dir/private/CA.key # CA private key
|
|
+
|
|
+serial = $dir/serial # serial number file for the next certificate
|
|
+ # Update before issuing it:
|
|
+ # xxd -l 8 -u -ps /dev/urandom > ./serial
|
|
+database = $dir/index.txt # (must be created manually: touch ./index.txt)
|
|
+
|
|
+default_days = 1 # how long to certify for
|
|
+
|
|
+#default_crl_days = 30 # the number of days before the
|
|
+default_crl_days = 10950 # next CRL is due. That is the
|
|
+ # days from now to place in the
|
|
+ # CRL nextUpdate field. If CRL
|
|
+ # is expired, certificate
|
|
+ # verifications will fail even
|
|
+ # for otherwise valid
|
|
+ # certificates. Clients might
|
|
+ # cache the CRL, so the expiry
|
|
+ # period should normally be
|
|
+ # relatively short (default:
|
|
+ # 30) for production CAs.
|
|
+
|
|
+default_md = sha256 # digest to use
|
|
+
|
|
+policy = policy_default # default policy
|
|
+email_in_dn = no # Don't add the email into cert DN
|
|
+
|
|
+name_opt = ca_default # Subject name display option
|
|
+cert_opt = ca_default # Certificate display option
|
|
+
|
|
+# We need the following in order to copy Subject Alt Name(s) from a
|
|
+# request to the certificate.
|
|
+copy_extensions = copy # copy extensions from request
|
|
+
|
|
+[policy_default]
|
|
+countryName = optional
|
|
+stateOrProvinceName = optional
|
|
+organizationalUnitName = optional
|
|
+commonName = supplied
|
|
+emailAddress = optional
|
|
+
|
|
+# default certificate requests settings
|
|
+[req]
|
|
+# Options for the `req` tool (`man req`).
|
|
+default_bits = 3072 # for RSA only
|
|
+distinguished_name = req_default
|
|
+string_mask = utf8only
|
|
+# SHA-1 is deprecated, so use SHA-256 instead.
|
|
+default_md = sha256
|
|
+# do not encrypt the private key file
|
|
+encrypt_key = no
|
|
+
|
|
+[req_default]
|
|
+# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
|
|
+countryName = Country Name (2 letter code)
|
|
+stateOrProvinceName = State or Province Name (full name)
|
|
+localityName = Locality Name (e.g., city)
|
|
+0.organizationName = Organization Name (e.g., company)
|
|
+organizationalUnitName = Organizational Unit Name (e.g. department)
|
|
+commonName = Common Name (e.g. server FQDN or YOUR name)
|
|
+emailAddress = Email Address
|
|
+# defaults
|
|
+countryName_default = UA
|
|
+stateOrProvinceName_default = Kharkiv Oblast
|
|
+localityName_default = Kharkiv
|
|
+0.organizationName_default = ISC
|
|
+organizationalUnitName_default = Software Engeneering (BIND 9)
|
|
diff --git a/bin/tests/system/nsupdate/CA/CA.pem b/bin/tests/system/nsupdate/CA/CA.pem
|
|
new file mode 100644
|
|
index 0000000..1f725db
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/CA.pem
|
|
@@ -0,0 +1,29 @@
|
|
+-----BEGIN CERTIFICATE-----
|
|
+MIIE3TCCA0WgAwIBAgIUeZPKrvbGEBZaRc2jNczlIsJXyPYwDQYJKoZIhvcNAQEL
|
|
+BQAwfTELMAkGA1UEBhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4G
|
|
+A1UEBwwHS2hhcmtpdjEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0
|
|
+aXVtMRwwGgYDVQQDDBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDEyNDEyNDA1
|
|
+NFoYDzIwNTIwMTE3MTI0MDU0WjB9MQswCQYDVQQGEwJVQTEYMBYGA1UECAwPS2hh
|
|
+cmtpdiBPYmxhc3QnMRAwDgYDVQQHDAdLaGFya2l2MSQwIgYDVQQKDBtJbnRlcm5l
|
|
+dCBTeXN0ZW1zIENvbnNvcnRpdW0xHDAaBgNVBAMME2NhLnRlc3QuZXhhbXBsZS5j
|
|
+b20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCi6hEegBzpUKbE1NTo
|
|
+Z7uz7EMUY7TBckkiw/7ydTLKNa8YI4JpBguFvWQsDY0dGFJIoVwyHyNx3seW/LoI
|
|
+B5zWPZ2xbOvLLceA+t2NZpbc98E7jUOVS123yED+nqlfZjCq9Zt0r/ezwnQtjnFF
|
|
+ko1mcU4H9Jvg8aIgnU2AxE78zciU9CY8799pFFNThIjbooI8oVbfjbzbpmLzxjA5
|
|
+3rDmZBTh+ySTlMa2U2oT4WPjRltZWnJVegRRLpG95GnTbQ1fkJAbj1Iu10XTkCee
|
|
+wBOqaA1UJem0a6pby5odE414Y7c0ETKcmaJtYENQyO0IJwZWDKtVe5OTIAklakia
|
|
+eyFTCAw1h5tHCYLaJW/Yu2wlLl5RNQcRZ9+cWXnldTY+TI1iBjfmADjLdKJYUlhX
|
|
+z7kWJtTi63Sdv6WYcEXxaWpxT+R3e2kaR/R7GOo4gdkWpX1siGlRteHHH2/36CSQ
|
|
+ZD2etcTUpGW+KDHFR4grnEfL1rt9UgvCjpa4KcssmZtWSSUCAwEAAaNTMFEwHQYD
|
|
+VR0OBBYEFHyJ6Fzr5R9ySATFj/uSCJz1YCY5MB8GA1UdIwQYMBaAFHyJ6Fzr5R9y
|
|
+SATFj/uSCJz1YCY5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGB
|
|
+AF3y0hvzyZWtmuG1JwIcOcc1aPl1KdRy8bao/5iHYGYYrsdDgcO5/e+y9S/izalc
|
|
+TdW7SKB5iBOCiE8fBNtToCvGP+fxNxHijpAmTr37G5sWuSo1T1VYFizHWL+df/Ig
|
|
+TcSvDrEjSnAwaEdNJUWtjoIC4VzNKTLtZf16QIATTzTZa3bfgSetpWS7LhLQbHod
|
|
+CSGI2QB1LRbqGC+a1Y85QxHv81jWzPWPzXYvnOLrDdQyBMOBcxDzrN4b6zg+5Itz
|
|
+qGYt+IS71jAH0IhxAyD/U5n1jGJv02BnSq0ynLEOD6gsnZjqAwPbt/PM9pGbtbXO
|
|
+70Q9rxr+vQc1IISKAEiH3txaEPi10wU98d6LbInJvQrmgHo/ntet8skWNYuxlEzS
|
|
+wvynuE9KvvQtOTodWt5AePtKrhHdxu527a4CHVp59nYUjKSdMKjvmhMRXM1cNjFE
|
|
+rA/pyyhozR47w3RzHMJVHw2GJ2B/HeqmxpXr1CmJjoRP38QCR7N+mqiZy85Fq2j2
|
|
+8Q==
|
|
+-----END CERTIFICATE-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/README b/bin/tests/system/nsupdate/CA/README
|
|
new file mode 100644
|
|
index 0000000..13069ca
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/README
|
|
@@ -0,0 +1,2 @@
|
|
+Please take a look at the contents of the CA.cfg file for further
|
|
+instructions and configurations options.
|
|
diff --git a/bin/tests/system/nsupdate/CA/certs/srv01.client01.example.nil.key b/bin/tests/system/nsupdate/CA/certs/srv01.client01.example.nil.key
|
|
new file mode 100644
|
|
index 0000000..5e3420e
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/certs/srv01.client01.example.nil.key
|
|
@@ -0,0 +1,40 @@
|
|
+-----BEGIN PRIVATE KEY-----
|
|
+MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCrYC6cYeOJxlIr
|
|
+vOnhBf0YZUIg9lYWQDPSy5/37yJUp8lVcMpS8OKiWDh/EK0rBeARtmkhfy04Vt3V
|
|
+5PPepzI19zMqUoCut9Z8NXTDDIrDOhhhaHNiWFb/eCVXHHu+mIgh3RyKE6WaUkiY
|
|
+2T3EKKZ+mxFWfs4Ju1GJiqgbALVzK0GTsWJAMCnq9qPnvPDpngcrrqmgHU3Z+BhN
|
|
+g0dOaO5XyFUVhjxtHvUx8d7Pwn5rjiJaxXav0AHeq3oDspYzzKAmrt7EvXaFlseI
|
|
+5Ea8P8ZUyZWDh5xJDTHdxBdSmeRlSZud863OZghX9IO+XofaQloBKm1o0Y042Riu
|
|
+Xi5UcosBRZav9aPQKV0ii7TUMK8CNsUt6SnrLOpqfiezcPyHHyvEsTqmwum3wm9G
|
|
+Y7eWLlPYt83D9LVtsvxXSayfmMn+tPV8k0guk9zpGFRjXxij5xKq/jjwc+UXHv5A
|
|
+ZYGoj2BGwhbyqJ2xG7zOBd43sqiGR72Nkt7g5UKJuOP4sSQIfpkCAwEAAQKCAYEA
|
|
+i3PT2fsp3cXcvayXID3wSvayzgHF4YtS4FhEDsuvwvVZtsX2TXGo6fQh3Pvj/dtl
|
|
+DuTBPbmwQWUmVNRewbKKADHsl6bVAdekmCQjpEhDbkOK7VDCe6do+693qyAJbfnO
|
|
+5Md5Xr5IBoCohIBaa5Gskd97R0gePvsHiYWj730vKc1sKlOwoIzQv1r92yf7Xg7y
|
|
+xM/3RcwyuojQtdp6nspyEEp7Oe2mpCEJ4x9vcN5SYxEg0X5Xaw83RkuBGRsscHA0
|
|
+GN+4eJ59Ld1R9uktLYvUA06ZdoAVZyblE4xxjk2vueE3K2/kT2ooKHVWulGI+PnF
|
|
+2xYedZsZkgwLbXcEhPXBo3vMTjzRlePh668ULi9B6ntMjWpCSCvGnz142Uwatfq0
|
|
+PeasBVgRngu9Wg+smkA4kHnDi7ih3zpLh6sTcOKL7F1cBgvtjgIyzZDp9eJUEfVH
|
|
+G/89mTCswhqV1WtQ3n9zbYVbSK9vaAxCrfK50pG+IfHXG9EqnrQPzKsRxNsDpN91
|
|
+AoHBANeNLQb3gSk6sBg53smh9oFUEwwgAjHY31ZOOInO4X7udXrtRcON6SCkZjaD
|
|
+6y1N3Orjama6mr+/eHxJeDEbWBB7INOsaqHewoQF8qaOa7HHmCbXcUIlAQFvaE6e
|
|
+Qd5e+YHLmbYZbkPfntqWmXuSmk7hUxjnPPOv1P9sgv/3b4TJQJ4FEJasKpWgIOAy
|
|
+3g8UrjtbI3ITSo3SKCei3wvOCzIdnzwgcHY420jU1yU/oDzN07D4K0iODAbasUl1
|
|
+ZH5UvwKBwQDLiNual2aCUtjKAoRLnGDtP6LOYV3eXchBrywIj2tNAMlD7TXbjG04
|
|
+Le+I9O+azRorvXQ2WBBIYzka1JozK8WTsxkQYRd9AEy2AsQgPlK5hfy3xcGxSscC
|
|
+vdxSdQQQ/ASKHHbCTKhDhnA2b2fvLhWxZqsbSO4hSmvjXrSUpGrAABFipK9VqS6Y
|
|
+Sg6uEo1AlTrwsGW66LHpFeG6YQ0uj4sF0x5mzH7R50And30lVg8DjJASdClzOIWJ
|
|
+WV+3opbgSqcCgcEAvGGJhJkyrJG57LJG3vlJsmWD8AjZYi8joQ3jo6zGrmRBEBnl
|
|
+6q5PnFORcPuBwapW9IGkL/vN2t6/sf+Tp3c6U80IN3ZsCuPgI/n+w0mdHVZOx0Nq
|
|
+nGAyrMps4qi08F8YuDL0N42qLG93KZqMsM7DRUTvlsghIOf+wuxW4NWjBO3OJ0xN
|
|
+3yDAZtv3X3mVUKDGVOGl7MCnW6LbrShOvsZoSnhQ/f9ryiaOnuxEyyz8IafQ5s09
|
|
+Jr/eCu9+GbEbDr2JAoHAXUZg7Z3IupzhAOLaYhROTyvEnrP8YrWz2nY+xcWENQvR
|
|
+MLH65pyaSQ60IZ2uWND512XBZk5BWAsw1lzsNdsvdpqzN9BnBUAn55mo6+Xj32XK
|
|
+BSY5t9g/D8CWwasiq+3y3qBgxHaA/kEUF75CcVg7VMtqStzHVLZYbyCtvRkEWu0t
|
|
+CnnSaH1Z/yyhQaD63sgE9NzCIkAVmG4QvmtPsTDTU14HJrE8xVEnE28tCPlBdCzs
|
|
+sahOfqE+gU1WEkAOyMctAoHAASVc1KFfBI48tM+cr8vDt1QklVgnKn44DL6HF5tp
|
|
+iA8/xhB2fHKq6a+xuGxubXo7jo0KbKyYXPFyE5MDrzIDKp0GLUr7WtaunNVMKbKs
|
|
+B/2YSw+PELoIc5GpiH4lqP5iFYyHKmJighou4oxLcjMlHpRWUERPdxA+L6zggPyJ
|
|
+56PX2tcezcCZMVm65VpHsX3CqEQyWnFDCt0zclRNFWPKCENsl10emenBZVnxb8fc
|
|
+smxv7aRpgoWBRa5vinKvOv2T
|
|
+-----END PRIVATE KEY-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/certs/srv01.client01.example.nil.pem b/bin/tests/system/nsupdate/CA/certs/srv01.client01.example.nil.pem
|
|
new file mode 100644
|
|
index 0000000..f546d35
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/certs/srv01.client01.example.nil.pem
|
|
@@ -0,0 +1,93 @@
|
|
+Certificate:
|
|
+ Data:
|
|
+ Version: 3 (0x2)
|
|
+ Serial Number: 8122792693893010842 (0x70b9f4eb2fa1959a)
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
|
|
+ Validity
|
|
+ Not Before: Sep 8 08:20:17 2022 GMT
|
|
+ Not After : Aug 31 08:20:17 2052 GMT
|
|
+ Subject: CN=srv01.client01.example.nil
|
|
+ Subject Public Key Info:
|
|
+ Public Key Algorithm: rsaEncryption
|
|
+ RSA Public-Key: (3072 bit)
|
|
+ Modulus:
|
|
+ 00:ab:60:2e:9c:61:e3:89:c6:52:2b:bc:e9:e1:05:
|
|
+ fd:18:65:42:20:f6:56:16:40:33:d2:cb:9f:f7:ef:
|
|
+ 22:54:a7:c9:55:70:ca:52:f0:e2:a2:58:38:7f:10:
|
|
+ ad:2b:05:e0:11:b6:69:21:7f:2d:38:56:dd:d5:e4:
|
|
+ f3:de:a7:32:35:f7:33:2a:52:80:ae:b7:d6:7c:35:
|
|
+ 74:c3:0c:8a:c3:3a:18:61:68:73:62:58:56:ff:78:
|
|
+ 25:57:1c:7b:be:98:88:21:dd:1c:8a:13:a5:9a:52:
|
|
+ 48:98:d9:3d:c4:28:a6:7e:9b:11:56:7e:ce:09:bb:
|
|
+ 51:89:8a:a8:1b:00:b5:73:2b:41:93:b1:62:40:30:
|
|
+ 29:ea:f6:a3:e7:bc:f0:e9:9e:07:2b:ae:a9:a0:1d:
|
|
+ 4d:d9:f8:18:4d:83:47:4e:68:ee:57:c8:55:15:86:
|
|
+ 3c:6d:1e:f5:31:f1:de:cf:c2:7e:6b:8e:22:5a:c5:
|
|
+ 76:af:d0:01:de:ab:7a:03:b2:96:33:cc:a0:26:ae:
|
|
+ de:c4:bd:76:85:96:c7:88:e4:46:bc:3f:c6:54:c9:
|
|
+ 95:83:87:9c:49:0d:31:dd:c4:17:52:99:e4:65:49:
|
|
+ 9b:9d:f3:ad:ce:66:08:57:f4:83:be:5e:87:da:42:
|
|
+ 5a:01:2a:6d:68:d1:8d:38:d9:18:ae:5e:2e:54:72:
|
|
+ 8b:01:45:96:af:f5:a3:d0:29:5d:22:8b:b4:d4:30:
|
|
+ af:02:36:c5:2d:e9:29:eb:2c:ea:6a:7e:27:b3:70:
|
|
+ fc:87:1f:2b:c4:b1:3a:a6:c2:e9:b7:c2:6f:46:63:
|
|
+ b7:96:2e:53:d8:b7:cd:c3:f4:b5:6d:b2:fc:57:49:
|
|
+ ac:9f:98:c9:fe:b4:f5:7c:93:48:2e:93:dc:e9:18:
|
|
+ 54:63:5f:18:a3:e7:12:aa:fe:38:f0:73:e5:17:1e:
|
|
+ fe:40:65:81:a8:8f:60:46:c2:16:f2:a8:9d:b1:1b:
|
|
+ bc:ce:05:de:37:b2:a8:86:47:bd:8d:92:de:e0:e5:
|
|
+ 42:89:b8:e3:f8:b1:24:08:7e:99
|
|
+ Exponent: 65537 (0x10001)
|
|
+ X509v3 extensions:
|
|
+ X509v3 Subject Alternative Name:
|
|
+ DNS:srv01.client01.example.nil, IP Address:10.53.0.1
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ 07:97:69:51:12:50:6a:e1:02:a0:b0:dc:93:75:16:c4:38:0f:
|
|
+ 5c:b3:47:da:bf:fa:9c:b6:de:c0:ef:38:f7:cc:d9:8d:71:ba:
|
|
+ 51:89:e5:48:36:dd:e1:f8:73:9d:92:80:1c:42:30:69:4f:8c:
|
|
+ 19:5d:f7:1d:03:e4:f2:76:e0:58:7b:c2:76:c4:0a:7e:20:69:
|
|
+ 26:6c:3e:cb:31:45:93:1d:07:5f:45:44:8e:5a:fb:87:17:7b:
|
|
+ 4d:5c:bf:37:bd:5e:ba:5c:22:84:bf:26:21:4a:c4:e9:f9:cb:
|
|
+ 73:de:fc:62:04:96:ad:aa:fd:89:09:5c:74:d6:bd:5f:07:17:
|
|
+ ef:9c:3d:ee:b7:dc:08:11:7f:12:66:ab:c4:ff:43:6d:7f:1e:
|
|
+ 01:b6:d1:19:73:53:18:e4:02:b0:7c:9e:99:63:d8:57:dd:07:
|
|
+ 79:fb:83:39:09:de:76:6e:68:b7:87:81:13:b8:26:e5:1c:c9:
|
|
+ a0:23:e5:97:39:ff:93:c7:8d:08:d8:ce:97:34:fc:ad:22:14:
|
|
+ 89:c0:ae:83:7d:0a:3f:cf:a0:9b:b4:6a:5c:b3:6d:5d:3b:88:
|
|
+ ca:1e:9b:99:54:64:57:58:3c:4c:bd:26:ee:11:c3:13:0b:1d:
|
|
+ f5:fd:d9:37:b0:31:72:6f:1d:e8:ba:43:37:46:f7:71:fe:6d:
|
|
+ 4a:30:33:29:c5:7b:37:8b:7e:06:22:89:a4:46:36:f0:fe:c6:
|
|
+ f5:f0:53:04:c0:35:52:78:6e:10:24:3a:d8:bf:7b:13:2f:98:
|
|
+ bc:69:31:41:68:02:5a:c4:f9:11:a2:6b:3f:c8:e0:d4:b3:80:
|
|
+ af:d2:be:fe:28:70:61:18:ed:8a:de:c4:cb:da:c9:60:94:91:
|
|
+ 76:63:69:8c:6e:96:f5:ba:e7:be:1e:1c:c3:84:b1:8d:e8:31:
|
|
+ f7:66:8c:0d:da:a8:78:57:19:fd:a0:8d:fa:9a:7e:51:1c:d1:
|
|
+ d0:84:07:a2:45:40:2d:c4:6b:e9:9f:86:4a:08:20:8f:9c:79:
|
|
+ 97:e3:7f:2a:14:73
|
|
+-----BEGIN CERTIFICATE-----
|
|
+MIIEVTCCAr2gAwIBAgIIcLn06y+hlZowDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
|
|
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
|
|
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
|
|
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDkwODA4MjAxN1oYDzIwNTIwODMx
|
|
+MDgyMDE3WjAlMSMwIQYDVQQDDBpzcnYwMS5jbGllbnQwMS5leGFtcGxlLm5pbDCC
|
|
+AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKtgLpxh44nGUiu86eEF/Rhl
|
|
+QiD2VhZAM9LLn/fvIlSnyVVwylLw4qJYOH8QrSsF4BG2aSF/LThW3dXk896nMjX3
|
|
+MypSgK631nw1dMMMisM6GGFoc2JYVv94JVcce76YiCHdHIoTpZpSSJjZPcQopn6b
|
|
+EVZ+zgm7UYmKqBsAtXMrQZOxYkAwKer2o+e88OmeByuuqaAdTdn4GE2DR05o7lfI
|
|
+VRWGPG0e9THx3s/CfmuOIlrFdq/QAd6regOyljPMoCau3sS9doWWx4jkRrw/xlTJ
|
|
+lYOHnEkNMd3EF1KZ5GVJm53zrc5mCFf0g75eh9pCWgEqbWjRjTjZGK5eLlRyiwFF
|
|
+lq/1o9ApXSKLtNQwrwI2xS3pKess6mp+J7Nw/IcfK8SxOqbC6bfCb0Zjt5YuU9i3
|
|
+zcP0tW2y/FdJrJ+Yyf609XyTSC6T3OkYVGNfGKPnEqr+OPBz5Rce/kBlgaiPYEbC
|
|
+FvKonbEbvM4F3jeyqIZHvY2S3uDlQom44/ixJAh+mQIDAQABoy8wLTArBgNVHREE
|
|
+JDAighpzcnYwMS5jbGllbnQwMS5leGFtcGxlLm5pbIcECjUAATANBgkqhkiG9w0B
|
|
+AQsFAAOCAYEAB5dpURJQauECoLDck3UWxDgPXLNH2r/6nLbewO8498zZjXG6UYnl
|
|
+SDbd4fhznZKAHEIwaU+MGV33HQPk8nbgWHvCdsQKfiBpJmw+yzFFkx0HX0VEjlr7
|
|
+hxd7TVy/N71eulwihL8mIUrE6fnLc978YgSWrar9iQlcdNa9XwcX75w97rfcCBF/
|
|
+EmarxP9DbX8eAbbRGXNTGOQCsHyemWPYV90HefuDOQnedm5ot4eBE7gm5RzJoCPl
|
|
+lzn/k8eNCNjOlzT8rSIUicCug30KP8+gm7RqXLNtXTuIyh6bmVRkV1g8TL0m7hHD
|
|
+Ewsd9f3ZN7Axcm8d6LpDN0b3cf5tSjAzKcV7N4t+BiKJpEY28P7G9fBTBMA1Unhu
|
|
+ECQ62L97Ey+YvGkxQWgCWsT5EaJrP8jg1LOAr9K+/ihwYRjtit7Ey9rJYJSRdmNp
|
|
+jG6W9brnvh4cw4Sxjegx92aMDdqoeFcZ/aCN+pp+URzR0IQHokVALcRr6Z+GSggg
|
|
+j5x5l+N/KhRz
|
|
+-----END CERTIFICATE-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/certs/srv01.client02-expired.example.nil.key b/bin/tests/system/nsupdate/CA/certs/srv01.client02-expired.example.nil.key
|
|
new file mode 100644
|
|
index 0000000..d8f68ac
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/certs/srv01.client02-expired.example.nil.key
|
|
@@ -0,0 +1,40 @@
|
|
+-----BEGIN PRIVATE KEY-----
|
|
+MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQDAEScXJTqthaA7
|
|
+WQsiZGN9uwUyNU9o1RkrzUa94rZCjAjPCQ2ozVjZG3fbF4r88FXy4VD0/ZCqSRVd
|
|
+6ptaR8QvggdGh/YF7xUCpDyh2vxbdTYS9xJQVfi+DH0hkeKS2EE/cf6yF8BoHQm+
|
|
+/MQk7O/SXFKpT9ZdMLiraC456YtbxvBkQve4vbKQMiJovDhwLxSuyHxjBNURsgrx
|
|
+jhMQsjtp9P464vFYViiTwSiqpxnJkRJD+PUdNFg9Mp8RZ9EfU9Tg1Qx4LG84P+GJ
|
|
+abUJPBL0qe7lL8VHZaaC+up4SDGJEbYjiiftfB1t6KugKd5A9PKbYSLanCIy9z34
|
|
+TOE4p+LDr6Rnf5Sk/VIliU30mtY1upgg8UvJpc+sclgqzTtKPukEMeKadDLVUmA0
|
|
+rQyFAmVYQXQqV5E0VTapFFtFzCgn1226VaPdnwAEpEPCr1yvhlOm1adJqjHWXpJ9
|
|
+Jt2N9IeKm0joJfTHNMrP4/eEGTtDx2q42m5vha+NDPt86sdznJsCAwEAAQKCAYBv
|
|
+D3wTHiv3+rTUnICbuoDtSx+OENWCQPb1JRYq5tWNVXwie5GycktV/1QnFE4CRNbu
|
|
+QuuVPqpQTUJVtDtw0N7Yuc+LMUNJ2x3DEUUeMoqKOBS0krm8SnozKvWQW9MwJmxU
|
|
+S46DXMida20fSvoAgCGM+mWyEcBa0rl2JB/WzP0QbNDEqRSldsuyJctP1Mat2AuV
|
|
+pciHWVv7h4BcfVL47Jb+hfQcCO6Vrfx4s9DYHRgEPibZtzPFV2dOu97PKcD65HXL
|
|
+o30hP9xhhy8nT4oFijEQ9rPi0JvOpvB5bJQ42OAznWByR0uL9ZoXopkYDDemzt7t
|
|
+D5F9X/2iH9dv3GA0AiPCF6DjyVMwbh/NOt8oxS+NMY2RPlzA+r9SZpCcyPFk1hMi
|
|
+LHzrPU8dwC2GmaMKB3Uw/bA5ufw3IpcbJIZEBJQ5Ttf7zEFcfDo/jidTz3ZOptOT
|
|
+kSKoCN73AUlmcx8UoKF9JwcpJq63ww8eef+1HLL5Dk0uM4YSKd15gI6477RgfgEC
|
|
+gcEA48ZpMdz4mz7rO0CMyPfOLdHOcxHuZI4oJg6gJ1IBxCnIB1mhy6xn+NdkS5Mm
|
|
+/1S6eFuo+DgabXO/A2xSDrJ4Lnlf4H4OjQKCeJdO9JglHjdTzv7TB8Vm/IdGC0Jk
|
|
+eDRY1lmkSXcdSmGqPVgd2AHpkcTgLyUb+iIWkIspelsaNNQBHJzd4S/x9Pp/ftrg
|
|
+CpfwGKsmNia3n3m21lkeTLtKVsPuK8CAJnCDaEI22mhV83x6grPxA0GVFZ0VHfCL
|
|
+qZVhAoHBANfd/oVKWGTiJzlc+aHJAb4XRROQzCL4yi6uspT3h9QN5QiFD7PhgIOg
|
|
+mES35mpGocN78oc19zhfD4XLNkLbQuMQhpk0D4MjLfUS/IskFoOJWuQbIBPqrMzY
|
|
+Z93DDkiBno2As1IN7fZ9amw7Thcf8Qt6yVNFjIMcfk63VmC+AnPUj4KCes7IuGDH
|
|
+SA/LjjiKgMa3g3I5/HVB6q1dyZQggBF3dCJ/V8ecgtdibUfzvvViZ52Hd7XDs1SX
|
|
+yCas+IE3ewKBwQC/YSFYBRtZjacmFNl1rkitVQCKzMEp+guf1mAYSZ40TQrFqjj4
|
|
+obaGbavWmCCHHpDCufkh/jmuRzdyT9wufyPdoJu/Sws8zaQEYNW1S/S8C66+WHvF
|
|
+psYeXiarJTC3kvwlthIErDGPIrpgap5AtXKjyPC4jAySwXuGHXdPWCaPxqXcfa0s
|
|
+HRXGSYdAdfUS0ZCpmXw0uZlFRIYsWZrMy/ztJBkE5+yE37p5qlDeeBXnzGo/UaOq
|
|
+obr6+w4YJtmiNmECgcEAsSAPqzEgrM7AnpoCn1S+4EpZvL8wMXXw+DMSh5dAVah9
|
|
+COudwdzDxb2tk51OLF/+dderXnTSgOfHZeIjiOI+1PAHcYg9Pj5MhG5q2ITpEE9R
|
|
+TCBRxuXlmkPrnhRiEO6CudsjyK1zV7D69QoIfoMQF3pN3c0QibiEj3RyJPlkK8T7
|
|
+aHxF5ozedVKvd35wGUbUebm02rJny5Mly9FMCQZN74cTvQa+cSSkW7UAtGx1gQWY
|
|
+vbKdcIC/Eidk7Q867VQnAoHBAKqiugBoItfhuN1GUI5bqIx0ya4DSVECpSFiF8h3
|
|
+eK+bO7uG4OBH+qoAmC8EqQNVPtivxpsA2aBvdoUMTYPu/S5cVFXcMkEJ1jX8L8IZ
|
|
+ImE5LXC+SiZO3G9SyHfj+rgwr66G7NWDVJhZ2t/56s4qEdewwR4Vjm99gVvHHAFP
|
|
+rrkT9jfHVmozRroL/XAMNITZpJw+vwPMwWOaRncjzyyPp0JWt0h+Wv0+A3SjBIh2
|
|
+c+Ctg5Ig6vwr2weVc7s/4jz9Kg==
|
|
+-----END PRIVATE KEY-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/certs/srv01.client02-expired.example.nil.pem b/bin/tests/system/nsupdate/CA/certs/srv01.client02-expired.example.nil.pem
|
|
new file mode 100644
|
|
index 0000000..365b493
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/certs/srv01.client02-expired.example.nil.pem
|
|
@@ -0,0 +1,93 @@
|
|
+Certificate:
|
|
+ Data:
|
|
+ Version: 3 (0x2)
|
|
+ Serial Number: 8122792693893010843 (0x70b9f4eb2fa1959b)
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
|
|
+ Validity
|
|
+ Not Before: Sep 7 08:14:18 2022 GMT
|
|
+ Not After : Sep 8 08:14:18 2022 GMT
|
|
+ Subject: CN=srv01.client02-expired.example.nil
|
|
+ Subject Public Key Info:
|
|
+ Public Key Algorithm: rsaEncryption
|
|
+ RSA Public-Key: (3072 bit)
|
|
+ Modulus:
|
|
+ 00:c0:11:27:17:25:3a:ad:85:a0:3b:59:0b:22:64:
|
|
+ 63:7d:bb:05:32:35:4f:68:d5:19:2b:cd:46:bd:e2:
|
|
+ b6:42:8c:08:cf:09:0d:a8:cd:58:d9:1b:77:db:17:
|
|
+ 8a:fc:f0:55:f2:e1:50:f4:fd:90:aa:49:15:5d:ea:
|
|
+ 9b:5a:47:c4:2f:82:07:46:87:f6:05:ef:15:02:a4:
|
|
+ 3c:a1:da:fc:5b:75:36:12:f7:12:50:55:f8:be:0c:
|
|
+ 7d:21:91:e2:92:d8:41:3f:71:fe:b2:17:c0:68:1d:
|
|
+ 09:be:fc:c4:24:ec:ef:d2:5c:52:a9:4f:d6:5d:30:
|
|
+ b8:ab:68:2e:39:e9:8b:5b:c6:f0:64:42:f7:b8:bd:
|
|
+ b2:90:32:22:68:bc:38:70:2f:14:ae:c8:7c:63:04:
|
|
+ d5:11:b2:0a:f1:8e:13:10:b2:3b:69:f4:fe:3a:e2:
|
|
+ f1:58:56:28:93:c1:28:aa:a7:19:c9:91:12:43:f8:
|
|
+ f5:1d:34:58:3d:32:9f:11:67:d1:1f:53:d4:e0:d5:
|
|
+ 0c:78:2c:6f:38:3f:e1:89:69:b5:09:3c:12:f4:a9:
|
|
+ ee:e5:2f:c5:47:65:a6:82:fa:ea:78:48:31:89:11:
|
|
+ b6:23:8a:27:ed:7c:1d:6d:e8:ab:a0:29:de:40:f4:
|
|
+ f2:9b:61:22:da:9c:22:32:f7:3d:f8:4c:e1:38:a7:
|
|
+ e2:c3:af:a4:67:7f:94:a4:fd:52:25:89:4d:f4:9a:
|
|
+ d6:35:ba:98:20:f1:4b:c9:a5:cf:ac:72:58:2a:cd:
|
|
+ 3b:4a:3e:e9:04:31:e2:9a:74:32:d5:52:60:34:ad:
|
|
+ 0c:85:02:65:58:41:74:2a:57:91:34:55:36:a9:14:
|
|
+ 5b:45:cc:28:27:d7:6d:ba:55:a3:dd:9f:00:04:a4:
|
|
+ 43:c2:af:5c:af:86:53:a6:d5:a7:49:aa:31:d6:5e:
|
|
+ 92:7d:26:dd:8d:f4:87:8a:9b:48:e8:25:f4:c7:34:
|
|
+ ca:cf:e3:f7:84:19:3b:43:c7:6a:b8:da:6e:6f:85:
|
|
+ af:8d:0c:fb:7c:ea:c7:73:9c:9b
|
|
+ Exponent: 65537 (0x10001)
|
|
+ X509v3 extensions:
|
|
+ X509v3 Subject Alternative Name:
|
|
+ DNS:srv01.client02-expired.example.nil, IP Address:10.53.0.1
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ 18:f1:7c:24:5b:d2:03:b0:60:0e:60:e6:32:f9:a7:47:d1:e4:
|
|
+ bd:3f:a3:21:53:90:84:9a:c6:2c:87:b2:16:28:95:07:a3:2a:
|
|
+ c3:33:8f:60:70:3f:26:58:be:ec:a2:6c:44:89:d3:4e:ef:bb:
|
|
+ ce:af:9b:5f:15:06:03:21:74:e3:6f:2a:dc:5c:19:4e:d3:cb:
|
|
+ ba:c3:5f:d8:76:89:59:50:82:69:5f:a1:ac:9f:be:79:e1:22:
|
|
+ 12:37:f9:d3:2e:00:35:03:03:9d:08:24:45:65:7a:e9:72:31:
|
|
+ e1:67:44:32:17:25:dd:b9:72:eb:c6:40:d7:5d:8d:5f:00:48:
|
|
+ 07:09:0d:3c:4c:a1:f1:05:4b:05:9b:2b:5a:21:09:46:f4:17:
|
|
+ 7a:cf:34:87:ad:bf:ef:bd:56:74:d7:1a:8f:07:ce:70:b1:aa:
|
|
+ 4d:82:4f:08:dc:56:27:f9:21:20:b8:06:c7:29:b4:8e:36:82:
|
|
+ b8:43:85:1c:2d:9f:be:2d:b9:9d:40:de:52:55:6a:2e:0b:28:
|
|
+ 33:fc:f8:1b:70:e9:c5:46:50:f3:05:be:8d:ed:99:ec:f1:8c:
|
|
+ 51:8a:1c:4b:95:f4:c4:dd:cd:42:74:bc:6f:66:64:54:b8:c1:
|
|
+ 6e:c8:3d:e9:fe:10:02:61:50:77:38:b9:b0:b8:13:37:8f:0e:
|
|
+ 5b:49:92:3a:9d:9a:60:51:68:99:8a:d5:7e:92:71:7e:fa:db:
|
|
+ 52:37:4d:f9:0d:6c:3b:79:a3:b9:16:b7:95:00:ea:eb:17:54:
|
|
+ e2:50:d7:a5:08:54:58:2c:79:66:01:4b:95:65:ed:b8:81:f7:
|
|
+ 4c:fa:f8:89:37:ad:d9:dc:c9:75:9d:02:3e:e5:92:b3:03:ab:
|
|
+ 70:69:83:f5:6c:a6:27:7e:2e:fc:9d:b2:59:0a:43:ad:3f:55:
|
|
+ 2f:5d:ec:ef:52:f0:3e:be:b5:d6:e2:c3:91:9d:dd:5d:e1:9e:
|
|
+ e6:18:90:0b:6a:85:f8:e3:83:2a:7c:91:c3:52:1c:6d:aa:2b:
|
|
+ 44:b8:6f:2b:af:6e
|
|
+-----BEGIN CERTIFICATE-----
|
|
+MIIEYzCCAsugAwIBAgIIcLn06y+hlZswDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
|
|
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
|
|
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
|
|
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTIyMDkwNzA4MTQxOFoXDTIyMDkwODA4
|
|
+MTQxOFowLTErMCkGA1UEAwwic3J2MDEuY2xpZW50MDItZXhwaXJlZC5leGFtcGxl
|
|
+Lm5pbDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMARJxclOq2FoDtZ
|
|
+CyJkY327BTI1T2jVGSvNRr3itkKMCM8JDajNWNkbd9sXivzwVfLhUPT9kKpJFV3q
|
|
+m1pHxC+CB0aH9gXvFQKkPKHa/Ft1NhL3ElBV+L4MfSGR4pLYQT9x/rIXwGgdCb78
|
|
+xCTs79JcUqlP1l0wuKtoLjnpi1vG8GRC97i9spAyImi8OHAvFK7IfGME1RGyCvGO
|
|
+ExCyO2n0/jri8VhWKJPBKKqnGcmREkP49R00WD0ynxFn0R9T1ODVDHgsbzg/4Ylp
|
|
+tQk8EvSp7uUvxUdlpoL66nhIMYkRtiOKJ+18HW3oq6Ap3kD08pthItqcIjL3PfhM
|
|
+4Tin4sOvpGd/lKT9UiWJTfSa1jW6mCDxS8mlz6xyWCrNO0o+6QQx4pp0MtVSYDSt
|
|
+DIUCZVhBdCpXkTRVNqkUW0XMKCfXbbpVo92fAASkQ8KvXK+GU6bVp0mqMdZekn0m
|
|
+3Y30h4qbSOgl9Mc0ys/j94QZO0PHarjabm+Fr40M+3zqx3OcmwIDAQABozcwNTAz
|
|
+BgNVHREELDAqgiJzcnYwMS5jbGllbnQwMi1leHBpcmVkLmV4YW1wbGUubmlshwQK
|
|
+NQABMA0GCSqGSIb3DQEBCwUAA4IBgQAY8XwkW9IDsGAOYOYy+adH0eS9P6MhU5CE
|
|
+msYsh7IWKJUHoyrDM49gcD8mWL7somxEidNO77vOr5tfFQYDIXTjbyrcXBlO08u6
|
|
+w1/YdolZUIJpX6Gsn7554SISN/nTLgA1AwOdCCRFZXrpcjHhZ0QyFyXduXLrxkDX
|
|
+XY1fAEgHCQ08TKHxBUsFmytaIQlG9Bd6zzSHrb/vvVZ01xqPB85wsapNgk8I3FYn
|
|
++SEguAbHKbSONoK4Q4UcLZ++LbmdQN5SVWouCygz/PgbcOnFRlDzBb6N7Zns8YxR
|
|
+ihxLlfTE3c1CdLxvZmRUuMFuyD3p/hACYVB3OLmwuBM3jw5bSZI6nZpgUWiZitV+
|
|
+knF++ttSN035DWw7eaO5FreVAOrrF1TiUNelCFRYLHlmAUuVZe24gfdM+viJN63Z
|
|
+3Ml1nQI+5ZKzA6twaYP1bKYnfi78nbJZCkOtP1UvXezvUvA+vrXW4sORnd1d4Z7m
|
|
+GJALaoX444MqfJHDUhxtqitEuG8rr24=
|
|
+-----END CERTIFICATE-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/certs/srv01.crt01.example.nil.key b/bin/tests/system/nsupdate/CA/certs/srv01.crt01.example.nil.key
|
|
new file mode 100644
|
|
index 0000000..8a1f5dc
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/certs/srv01.crt01.example.nil.key
|
|
@@ -0,0 +1,40 @@
|
|
+-----BEGIN PRIVATE KEY-----
|
|
+MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQC0mmOYBK29qym/
|
|
+InBUMN/Ha3dduF4LzQ6gbHQ350t40Zbaypl9krHkGgoetBy+7syVjFIDk4XhQENo
|
|
+hoa8amJt1grK7k+TLe5r33r23PpEpjmALDh8ic3Zo5ns6CtIbYRBPQ4aH2heF4iP
|
|
+pdpNHDYmrrR+0v6iWdVnOlbCIWUN3Zdv8OW0HoeulzUN9Juu3Io+KKq4oqvunbLF
|
|
+kfZxmaWGyzGcBdablBNGqZrJpVVfbMzQhCfisbVzOQh/gC8EJpYMjSmbvl7MOa+i
|
|
+24KCVwfmskrZPch5bmdh80g3qE+fs8+EtlAIPemF6al2UIDnLG9llcviI0FYOXDn
|
|
+eCk9wtYgfCuHML2Yh2PtSq257XpLE6E9Yl62dGTvJaPdk0eq0yV+KtcJG1xZUPHU
|
|
+xpzyZIp8y8xSN1CIS4Q1QFEOoQaiYLaw44/52I5Fd30OfRGSIhUPozeExCXcFLQg
|
|
+ercWlnLUv01d0qtxQ0S+h0TSuHT3hj/SXd1e5nSr+8yjXaaEgAsCAwEAAQKCAYAG
|
|
+wzkzeglfbsdTZuC55lKazwVbNwoeewEvNKBtb3W+AmsZqjhxIUsT9X2nhKsG4z45
|
|
+41U22RFMS/G6Oj9VUs54umkRDDdilXe2Blo+YCvm4iqJCB7dWvOgUKX03wSv45nu
|
|
+L3EVvVNVIqB0cItqE8JbVHNhxFjQj3iUMvUIs+Nqz39aK7UON45xFSxhZ2Vk+NEc
|
|
+Xr11yHGTr8f/6eVGf7BZCcbDxtwwWy0Vmkg3gL9foV1R+YDc1jarJ9mPnKcmCqPH
|
|
+lW5aT5putR0kO1vO6Rh7YfbHsqw334B9v1yjB4TgaJBKVHz5Z8KTvDFHodMtLqCC
|
|
+WV61O2h7gh4mQ6lEX5tjArqYdKMuWLAhZ+9AK9sSs4k+/nlvEbqAOCbkx7UmrZoF
|
|
+QkYfDt2Gjrk7WLwb9CCFIH0a2EEB2Fms1iHBK++S3iA4w0kfbePP0mo4GTsTwA45
|
|
+DKDbYByzJzVUvGmowMaaypE548sopQ9K4kQJ9okLV+Gc1V7fjklYIIBmwDgqfIEC
|
|
+gcEA5Xt0qFjYn4H2gu2xyD0etx83CjKUx0mjwPvdwLg79HMb9P+OTTU+NzsHTa2I
|
|
+CTEJ1gA4VkqOtKxEBJQarQmJnVL/fiIp88h9fmLBQ48HLefH33S+bF3VWvKOgJeY
|
|
+uVyyWnhTwHNQv3RsO+DEcjqG3aJ2vdzCnDLBr9ATFV8uzpk1Op0h7QljUbhHv1mS
|
|
+ip2yQVeuJwtWFixjqEp7BuTluqk/UlGP39PBjgG04Tpw3MkiZNJgk/kSnN+YYOiu
|
|
+i91rAoHBAMl4/WAaIL5lHiyakHAmE0fwUm+LUKPG1rF22qvqdBFV6OE14/VgTKNP
|
|
+LfcS7Ulzmt7hM7fbcJ0FYxeyPbbQRjBRsGXFzLU96VgoUxoI/IyFXFY83UJ0s63L
|
|
+RhZmg4GNvpO0qfOjL4wQtB3N6LPhxpF+pLkkHXSdFkUyocaXGUGOBC+ZEBaCd8Lm
|
|
+2GlGoi/f+zSl4xSY4crspS7GNG2+jcXh5K/OMdjEb1/tyRYnHf0D89WNmr10EeYG
|
|
+Pe9alaDv4QKBwDROcYa1yZqB6who2W8Ez216BfejE9pg5JxmTGNTGwda/XJYlbzv
|
|
+d+Dq6X1BIpLFxLIslqrEj8aKxW4tu+7ZD672bhn3+4v/lOsr41Vc0owaGqrKV2Un
|
|
+9iumweh5pWwKvvR0HNLu9ebNyKXVU7GduYPnNh2MpicoQpGqYc8rROX+ce2MR2Fa
|
|
+FHNaB7CL4CUMUMcoDyADK3oeYBDJ+UTXA64KSc6fnKWuBJ4zsWDtCzCn/9jvQug3
|
|
+i5CKPpdIMhDbRQKBwEekz61B/UzXVnCUEjLfR1H4osfpqaZjyerXkhE6UUXs3+Be
|
|
+Mo8KTJZyTK0kvN62zmbdfG+wCA6+YKuHhayhyaPbGLhIK3Bz8KuZw1tpwK0Tq287
|
|
+O48rQs3VkDndAHysdA3AXAM4j2rmcbZ7h3mYGu2YNGll71eNmOLIi4C8MI4AO3rV
|
|
+mkP25zGWt3RQWtJdes4RA3xKlVh86IyGjRRNg8rPdmwSDeXAjL53J1/KTz6vDiFt
|
|
+to4SXV8H7zRTaQwO4QKBwBwMU2zjMYXLJq0LAmn3h4h6CVZjPrqzR8PeSd/YM831
|
|
+qdH7OvnkadqIdqMOo6BUA9PvUIY/B5c5zSSOJg9gh1PJ3vDLIZY23zkXigh7poBe
|
|
+YW6/PLvGQJ0Rzyz5pf6uPX8AWkAqTyI1Ox3NdxzirarxWDPznvA2KsVxVF/jxnvr
|
|
+TD/R5kCQUcxZuInguahGYd1JF3dArYh6NKRPyVO0r73LfVeZ+udlo/+ZMNVGlNNF
|
|
+v3Tmy/b2gUdEwuKFCxx97g==
|
|
+-----END PRIVATE KEY-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/certs/srv01.crt01.example.nil.pem b/bin/tests/system/nsupdate/CA/certs/srv01.crt01.example.nil.pem
|
|
new file mode 100644
|
|
index 0000000..4a4556c
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/certs/srv01.crt01.example.nil.pem
|
|
@@ -0,0 +1,93 @@
|
|
+Certificate:
|
|
+ Data:
|
|
+ Version: 3 (0x2)
|
|
+ Serial Number: 8122792693893010840 (0x70b9f4eb2fa19598)
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
|
|
+ Validity
|
|
+ Not Before: Sep 7 20:28:03 2022 GMT
|
|
+ Not After : Aug 30 20:28:03 2052 GMT
|
|
+ Subject: CN=srv01.crt01.example.nil
|
|
+ Subject Public Key Info:
|
|
+ Public Key Algorithm: rsaEncryption
|
|
+ RSA Public-Key: (3072 bit)
|
|
+ Modulus:
|
|
+ 00:b4:9a:63:98:04:ad:bd:ab:29:bf:22:70:54:30:
|
|
+ df:c7:6b:77:5d:b8:5e:0b:cd:0e:a0:6c:74:37:e7:
|
|
+ 4b:78:d1:96:da:ca:99:7d:92:b1:e4:1a:0a:1e:b4:
|
|
+ 1c:be:ee:cc:95:8c:52:03:93:85:e1:40:43:68:86:
|
|
+ 86:bc:6a:62:6d:d6:0a:ca:ee:4f:93:2d:ee:6b:df:
|
|
+ 7a:f6:dc:fa:44:a6:39:80:2c:38:7c:89:cd:d9:a3:
|
|
+ 99:ec:e8:2b:48:6d:84:41:3d:0e:1a:1f:68:5e:17:
|
|
+ 88:8f:a5:da:4d:1c:36:26:ae:b4:7e:d2:fe:a2:59:
|
|
+ d5:67:3a:56:c2:21:65:0d:dd:97:6f:f0:e5:b4:1e:
|
|
+ 87:ae:97:35:0d:f4:9b:ae:dc:8a:3e:28:aa:b8:a2:
|
|
+ ab:ee:9d:b2:c5:91:f6:71:99:a5:86:cb:31:9c:05:
|
|
+ d6:9b:94:13:46:a9:9a:c9:a5:55:5f:6c:cc:d0:84:
|
|
+ 27:e2:b1:b5:73:39:08:7f:80:2f:04:26:96:0c:8d:
|
|
+ 29:9b:be:5e:cc:39:af:a2:db:82:82:57:07:e6:b2:
|
|
+ 4a:d9:3d:c8:79:6e:67:61:f3:48:37:a8:4f:9f:b3:
|
|
+ cf:84:b6:50:08:3d:e9:85:e9:a9:76:50:80:e7:2c:
|
|
+ 6f:65:95:cb:e2:23:41:58:39:70:e7:78:29:3d:c2:
|
|
+ d6:20:7c:2b:87:30:bd:98:87:63:ed:4a:ad:b9:ed:
|
|
+ 7a:4b:13:a1:3d:62:5e:b6:74:64:ef:25:a3:dd:93:
|
|
+ 47:aa:d3:25:7e:2a:d7:09:1b:5c:59:50:f1:d4:c6:
|
|
+ 9c:f2:64:8a:7c:cb:cc:52:37:50:88:4b:84:35:40:
|
|
+ 51:0e:a1:06:a2:60:b6:b0:e3:8f:f9:d8:8e:45:77:
|
|
+ 7d:0e:7d:11:92:22:15:0f:a3:37:84:c4:25:dc:14:
|
|
+ b4:20:7a:b7:16:96:72:d4:bf:4d:5d:d2:ab:71:43:
|
|
+ 44:be:87:44:d2:b8:74:f7:86:3f:d2:5d:dd:5e:e6:
|
|
+ 74:ab:fb:cc:a3:5d:a6:84:80:0b
|
|
+ Exponent: 65537 (0x10001)
|
|
+ X509v3 extensions:
|
|
+ X509v3 Subject Alternative Name:
|
|
+ DNS:srv01.crt01.example.nil, IP Address:10.53.0.1
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ 94:15:c0:4a:f1:aa:15:30:f7:cb:fe:f9:fa:ba:5f:f0:18:1f:
|
|
+ 7e:44:9a:b1:d4:9c:f9:78:d3:a7:c7:65:f2:d1:48:62:f4:cb:
|
|
+ 2f:20:ea:7c:af:08:cf:db:e2:0f:ab:c0:22:38:16:c5:0c:e5:
|
|
+ c7:6e:34:b1:ed:f6:02:1a:69:c0:09:d1:43:b3:30:77:fc:00:
|
|
+ 07:1b:da:88:97:5b:28:4e:e6:92:ca:00:cc:86:66:a9:a9:0a:
|
|
+ 75:be:74:88:7d:09:52:e7:a9:82:8f:a9:62:5e:b3:19:64:14:
|
|
+ e5:54:9e:6d:9c:98:39:8b:1f:92:92:59:f9:a2:46:75:96:11:
|
|
+ 71:8a:c8:71:05:10:2a:b8:f3:a4:19:db:eb:05:17:0a:dd:98:
|
|
+ 2c:58:54:3a:7f:8c:c2:26:9e:62:ca:04:dd:3c:99:1f:a0:64:
|
|
+ 69:fb:d6:04:c1:0b:8c:62:f6:2d:ea:bc:6c:a9:39:7b:f1:20:
|
|
+ b8:b7:04:3c:a7:65:fa:1f:db:22:e2:5b:8b:91:75:60:be:e1:
|
|
+ 1e:50:13:23:d5:4b:93:87:20:ec:46:6f:5f:94:dc:b1:60:d1:
|
|
+ 79:4b:5e:76:c9:6d:0d:be:a6:9a:6b:67:8b:a7:48:7e:51:b5:
|
|
+ 9b:9d:ec:a6:0c:c1:b3:d9:0b:26:8b:f2:7c:cf:61:d0:a2:a0:
|
|
+ 90:90:18:6b:b4:ca:56:b8:5e:5a:8b:78:71:c4:d1:fc:15:30:
|
|
+ 0a:03:26:74:85:3d:6c:ed:d3:e1:c9:c1:b0:d4:0c:b9:f3:04:
|
|
+ 93:0d:e3:a6:2c:a7:ee:e0:24:0d:dd:37:fc:6b:09:d5:b5:55:
|
|
+ 33:12:82:cf:f2:ba:0f:b0:e2:ce:f7:c0:ac:2c:7f:ab:f9:dd:
|
|
+ 87:b1:9b:95:f2:d7:32:98:dd:4c:b3:28:b7:0d:2b:2f:62:65:
|
|
+ ce:59:fb:95:d4:5f:9d:fd:83:5a:01:3b:5f:48:5f:3c:fa:4b:
|
|
+ 52:91:66:e1:49:8e:cd:09:78:f5:ce:f8:cd:5c:85:3e:ad:bd:
|
|
+ 1c:4e:e0:3f:0a:8b
|
|
+-----BEGIN CERTIFICATE-----
|
|
+MIIETzCCAregAwIBAgIIcLn06y+hlZgwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
|
|
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
|
|
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
|
|
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDkwNzIwMjgwM1oYDzIwNTIwODMw
|
|
+MjAyODAzWjAiMSAwHgYDVQQDDBdzcnYwMS5jcnQwMS5leGFtcGxlLm5pbDCCAaIw
|
|
+DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALSaY5gErb2rKb8icFQw38drd124
|
|
+XgvNDqBsdDfnS3jRltrKmX2SseQaCh60HL7uzJWMUgOTheFAQ2iGhrxqYm3WCsru
|
|
+T5Mt7mvfevbc+kSmOYAsOHyJzdmjmezoK0hthEE9DhofaF4XiI+l2k0cNiautH7S
|
|
+/qJZ1Wc6VsIhZQ3dl2/w5bQeh66XNQ30m67cij4oqriiq+6dssWR9nGZpYbLMZwF
|
|
+1puUE0apmsmlVV9szNCEJ+KxtXM5CH+ALwQmlgyNKZu+Xsw5r6LbgoJXB+ayStk9
|
|
+yHluZ2HzSDeoT5+zz4S2UAg96YXpqXZQgOcsb2WVy+IjQVg5cOd4KT3C1iB8K4cw
|
|
+vZiHY+1KrbnteksToT1iXrZ0ZO8lo92TR6rTJX4q1wkbXFlQ8dTGnPJkinzLzFI3
|
|
+UIhLhDVAUQ6hBqJgtrDjj/nYjkV3fQ59EZIiFQ+jN4TEJdwUtCB6txaWctS/TV3S
|
|
+q3FDRL6HRNK4dPeGP9Jd3V7mdKv7zKNdpoSACwIDAQABoywwKjAoBgNVHREEITAf
|
|
+ghdzcnYwMS5jcnQwMS5leGFtcGxlLm5pbIcECjUAATANBgkqhkiG9w0BAQsFAAOC
|
|
+AYEAlBXASvGqFTD3y/75+rpf8BgffkSasdSc+XjTp8dl8tFIYvTLLyDqfK8Iz9vi
|
|
+D6vAIjgWxQzlx240se32AhppwAnRQ7Mwd/wABxvaiJdbKE7mksoAzIZmqakKdb50
|
|
+iH0JUuepgo+pYl6zGWQU5VSebZyYOYsfkpJZ+aJGdZYRcYrIcQUQKrjzpBnb6wUX
|
|
+Ct2YLFhUOn+MwiaeYsoE3TyZH6BkafvWBMELjGL2Leq8bKk5e/EguLcEPKdl+h/b
|
|
+IuJbi5F1YL7hHlATI9VLk4cg7EZvX5TcsWDReUtedsltDb6mmmtni6dIflG1m53s
|
|
+pgzBs9kLJovyfM9h0KKgkJAYa7TKVrheWot4ccTR/BUwCgMmdIU9bO3T4cnBsNQM
|
|
+ufMEkw3jpiyn7uAkDd03/GsJ1bVVMxKCz/K6D7DizvfArCx/q/ndh7GblfLXMpjd
|
|
+TLMotw0rL2Jlzln7ldRfnf2DWgE7X0hfPPpLUpFm4UmOzQl49c74zVyFPq29HE7g
|
|
+PwqL
|
|
+-----END CERTIFICATE-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/certs/srv01.crt02-expired.example.nil.key b/bin/tests/system/nsupdate/CA/certs/srv01.crt02-expired.example.nil.key
|
|
new file mode 100644
|
|
index 0000000..307d26d
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/certs/srv01.crt02-expired.example.nil.key
|
|
@@ -0,0 +1,40 @@
|
|
+-----BEGIN PRIVATE KEY-----
|
|
+MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDsLIgBtYs6dFYN
|
|
+V7N1/QVYBe2Kq+gpDvFSNC4iYm5BdP94M7T/FXP6zpAQpP7SZhR7C3l71iCI+UEx
|
|
+FJpJNow4dEvz4lHn5W+9ZTjmnDCAPyRW9mieCXaBW1mBRFafHD9I8JW/YEAp36xC
|
|
+PcNvhS3DDgi29xIqUQC/z/5srtd93sFy+DIDX8k/St7l+iSQRvBKXwnYk0y/HGFM
|
|
+0tzbbPivc1u3O3robRy7JiNHh/1QBg/xtYiKqCVpV+NGO9JrUvtaAfaW6SrPE+cW
|
|
+TP1a9h8Ljfclo2jXFfxcSEkF4oUkcFex2AUkriY6AJtyqEcFxfN8LfJYcjf7wYtP
|
|
+Qo/dmqxbrm8hYq0pgbmLS2z/YZkPfAnTbQAgLbEMAGyZTJLcDhEt57p7x8ixoxph
|
|
++Mwsrxe228w2Av77ZhV3hHDNQiW3FmQorp2MgYWg4FCCqujprFH8K2NEsQi4kNeM
|
|
+HCOyGwhZhdXdOUT3R15ICDTrLN91Rwi2tuYy7XZ0d849Tf4CsTMCAwEAAQKCAYA+
|
|
+B7AtKr6HutiDJp63BZ6qsNvkCSSv7AHMAnJ/i3TD8nPK4WHPgZX1sN070eov3qnQ
|
|
+a4Ib2XCwKS9LMcsYIaCQj1MHmlDC5IsFpplcUHeYp3zm7k8p+vhKH3ERt548qhGh
|
|
+GbdrDV+s39eBinFTUBpl2cDGNXxq6t2Ug4+iggWNRL1wcenI4xabbhG/O4Tw9ADW
|
|
+t8GBRabppw2TPOrPIv7qLhVPueqdM1NRgEHR3tDUfNMhO/nB2UoCMhg6cSniEGf8
|
|
+32NDQHI7ajIcETnn9z0tAP67+w5VUYMlP3+VGr8v4UZCL6Qal9Swv4XWPqHjHoIi
|
|
+q5by4H6HEYeoUPT5hCJjMdXlHrWWUgsX/YdgY4tJJBowMR6rovA7Ypy71FxRnXkP
|
|
+2iD36jZmDI1mBQ41Yx7P5iM+veRQmBOH/x70Bd9ZbSLlmeTX5dhjAxNShjZxxeUy
|
|
+QbQGe3JLzdCGzRY9TKFMmLa/qs+Ggqxopdh4AZuHtQpKUej6g9GI9Eo0IIWTKEkC
|
|
+gcEA+EC1ms0MEIIq/JJrsN4ByEyZXbuNKny/04h8dfkT0lTXk8QihQLke6ZLLOl9
|
|
+mwgO9NOHkghtU9wdNXg/dNR2VDevUZCjIlYZT6stjEX7X0oNACJwSeBwEXxn6I94
|
|
+umuvJ9hq9WchTnQA4lrIXCETIUxThjm7jfJe9RKzghQkCfGnxzclXg0viqxvm21j
|
|
+eg0iide23y9xpFd8Qn1oq+hhzcKqHWdkHuDjRJD5gfAEPD7MJ7oT5jR4szQoIUcP
|
|
+4C+NAoHBAPOLUwAwcY5zUBAZ7oZ8wRgnAFZjHdYYWDr04ahA1DpwPeX67MczdGud
|
|
+L7hUq3APa3qcj4hrDL2jkF6FkbURhtdguMccb4hBENyYr+qjoTAfYJIZwJ9akQ/j
|
|
+x8u+5kGsN+ozaKikHFsI2xXHJhbShICL3sIfNeqGFB2onp/dv8WdywTnSf2aXGjf
|
|
+NFvVJYnaEOGiTM7uIf/F0n8Iae8HSdPZXtDTXNjnLFzzHjvFe1mfyYO55BDkxmr2
|
|
+PDnhVkbTvwKBwQCNPwQU16WNnwImQojTUP1ioXKBSjy/d8sM6BMobFdCzNL7WBTr
|
|
+6QFm+O681vyIQMWBtvjjtbe+hvZ3fbtdFaVdtXEiz1CCMMql8ZcwwICNbuyGrxGE
|
|
+dxZMXKQiRb9DEhHOcewpRExG/umh4FUvVgI0Z+D99csosEYm2kUYNa1rmvsC9fVk
|
|
+1cu+8u1tWYfH4cFM/FcoFS5revtQOVpctRMwpxlzMWhdyUaFtJbBv3YpcPFniQ/Z
|
|
+YvFpxLswc+Ysf+ECgcEAhEeMUXH+e6zOM7CiCZIBHykv2bwEHKEkawFO/6AWpZcJ
|
|
+R7y+loOwHDNIFAqJA1icvAAFRcc/KFGKvIw30+0tHBaAxkT/nzYX/nlAM2Wkywp/
|
|
+3Vr3cJY0bDj/7/5D+i+cPyylD9PzQs7QkEeWvJajOV6/Ixjoo/UnP+SyI4rB+of2
|
|
+GTe2zHPm9V8mhSqENReoS6Vnqo1VEiNUbYMYZqfCxbou8aWbrIQDaIj0RurAULGl
|
|
+NlLlOPfJfZc4pwdpYRbpAoHAJ7Vxdfn1ec+8xIpjn6dQzWDQWrOw+4pyi54sPlVb
|
|
+RUWC9nYDbTwEKkWdQ0FdyJkU7tiYIIFlVNfPAa1lkujIiC5zxe41VJ1598pXPEXn
|
|
+a6UB1yn2Ay7kmCq7/qOD6IRkAS8TKyzM6Z7nFgglMEPPdzYBkeKP/aWl75el1B4e
|
|
+mpGz7o6u6kSHXt0UWZ7VT9AspEw0oyHIoaXmYHvpXjGtWghn6MKPMngKIb87Xjvt
|
|
+bKvcUjDKJOb0BURXpKzS8Rf9
|
|
+-----END PRIVATE KEY-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/certs/srv01.crt02-expired.example.nil.pem b/bin/tests/system/nsupdate/CA/certs/srv01.crt02-expired.example.nil.pem
|
|
new file mode 100644
|
|
index 0000000..3fa0b9a
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/certs/srv01.crt02-expired.example.nil.pem
|
|
@@ -0,0 +1,93 @@
|
|
+Certificate:
|
|
+ Data:
|
|
+ Version: 3 (0x2)
|
|
+ Serial Number: 8122792693893010841 (0x70b9f4eb2fa19599)
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
|
|
+ Validity
|
|
+ Not Before: Sep 6 20:34:09 2022 GMT
|
|
+ Not After : Sep 7 20:34:09 2022 GMT
|
|
+ Subject: CN=srv01.crt02-expired.example.nil
|
|
+ Subject Public Key Info:
|
|
+ Public Key Algorithm: rsaEncryption
|
|
+ RSA Public-Key: (3072 bit)
|
|
+ Modulus:
|
|
+ 00:ec:2c:88:01:b5:8b:3a:74:56:0d:57:b3:75:fd:
|
|
+ 05:58:05:ed:8a:ab:e8:29:0e:f1:52:34:2e:22:62:
|
|
+ 6e:41:74:ff:78:33:b4:ff:15:73:fa:ce:90:10:a4:
|
|
+ fe:d2:66:14:7b:0b:79:7b:d6:20:88:f9:41:31:14:
|
|
+ 9a:49:36:8c:38:74:4b:f3:e2:51:e7:e5:6f:bd:65:
|
|
+ 38:e6:9c:30:80:3f:24:56:f6:68:9e:09:76:81:5b:
|
|
+ 59:81:44:56:9f:1c:3f:48:f0:95:bf:60:40:29:df:
|
|
+ ac:42:3d:c3:6f:85:2d:c3:0e:08:b6:f7:12:2a:51:
|
|
+ 00:bf:cf:fe:6c:ae:d7:7d:de:c1:72:f8:32:03:5f:
|
|
+ c9:3f:4a:de:e5:fa:24:90:46:f0:4a:5f:09:d8:93:
|
|
+ 4c:bf:1c:61:4c:d2:dc:db:6c:f8:af:73:5b:b7:3b:
|
|
+ 7a:e8:6d:1c:bb:26:23:47:87:fd:50:06:0f:f1:b5:
|
|
+ 88:8a:a8:25:69:57:e3:46:3b:d2:6b:52:fb:5a:01:
|
|
+ f6:96:e9:2a:cf:13:e7:16:4c:fd:5a:f6:1f:0b:8d:
|
|
+ f7:25:a3:68:d7:15:fc:5c:48:49:05:e2:85:24:70:
|
|
+ 57:b1:d8:05:24:ae:26:3a:00:9b:72:a8:47:05:c5:
|
|
+ f3:7c:2d:f2:58:72:37:fb:c1:8b:4f:42:8f:dd:9a:
|
|
+ ac:5b:ae:6f:21:62:ad:29:81:b9:8b:4b:6c:ff:61:
|
|
+ 99:0f:7c:09:d3:6d:00:20:2d:b1:0c:00:6c:99:4c:
|
|
+ 92:dc:0e:11:2d:e7:ba:7b:c7:c8:b1:a3:1a:61:f8:
|
|
+ cc:2c:af:17:b6:db:cc:36:02:fe:fb:66:15:77:84:
|
|
+ 70:cd:42:25:b7:16:64:28:ae:9d:8c:81:85:a0:e0:
|
|
+ 50:82:aa:e8:e9:ac:51:fc:2b:63:44:b1:08:b8:90:
|
|
+ d7:8c:1c:23:b2:1b:08:59:85:d5:dd:39:44:f7:47:
|
|
+ 5e:48:08:34:eb:2c:df:75:47:08:b6:b6:e6:32:ed:
|
|
+ 76:74:77:ce:3d:4d:fe:02:b1:33
|
|
+ Exponent: 65537 (0x10001)
|
|
+ X509v3 extensions:
|
|
+ X509v3 Subject Alternative Name:
|
|
+ DNS:srv01.crt02-expired.example.nil, IP Address:10.53.0.1
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ 2a:52:c4:cb:a9:2f:f7:2b:ed:04:b5:03:d5:06:59:ed:5c:7c:
|
|
+ b7:00:9e:c4:33:90:fe:d0:b0:18:f3:f2:06:30:54:18:fe:34:
|
|
+ cb:ea:61:4f:9c:23:67:3c:ae:ed:20:df:82:52:ec:59:88:45:
|
|
+ ad:3c:6c:a7:34:24:1c:4d:66:ab:71:3d:59:8c:ef:cd:a0:e2:
|
|
+ 7b:59:2d:43:94:cd:f5:0a:3c:4e:81:24:e8:fd:c6:d0:fd:ad:
|
|
+ 6f:cc:29:5b:67:0b:b7:ee:43:38:a4:91:c2:d9:3b:f8:d6:97:
|
|
+ bc:92:dd:ec:a1:ab:85:35:44:f4:0a:df:ad:8d:8c:52:c3:49:
|
|
+ 7e:39:10:a1:13:43:78:71:e2:92:aa:31:3d:d9:94:15:7f:86:
|
|
+ c8:aa:b4:a1:6d:bf:eb:55:b1:d7:41:6f:c3:7d:88:5e:9c:b7:
|
|
+ b1:4b:0d:a7:17:4f:3e:4a:46:3f:6f:48:27:8c:d0:e5:51:fc:
|
|
+ 42:ba:c5:b9:4f:63:6f:2e:f2:fd:0c:c0:6e:23:b4:59:93:68:
|
|
+ a4:2d:16:ce:f4:7b:3a:45:1d:a0:6e:98:0b:f7:6a:e6:75:0c:
|
|
+ db:56:19:6b:88:f0:7f:6b:08:f8:fc:bb:d1:3f:25:25:1a:6c:
|
|
+ 8e:34:cb:91:18:54:d5:2d:ce:9c:d0:b7:c3:bc:b5:0a:e0:b9:
|
|
+ 73:6f:4d:ad:6b:3c:b6:49:ef:c0:10:13:c7:0a:78:4d:98:7d:
|
|
+ cb:84:a1:29:40:8c:dd:31:7d:ae:c4:f5:25:5d:b9:74:b2:f5:
|
|
+ e2:2b:e0:43:c8:50:61:a3:a8:26:1a:03:ab:1a:24:3b:13:56:
|
|
+ da:0d:ee:ff:2f:bd:d5:77:82:72:63:b8:aa:e1:18:f7:3b:c1:
|
|
+ a1:f8:51:b1:70:b9:25:39:df:a3:41:79:d7:2b:ec:32:f6:cb:
|
|
+ 30:28:d2:1e:f1:b4:e1:80:03:9f:c2:0f:36:85:82:5e:39:ba:
|
|
+ 9e:eb:67:76:42:93:bf:e0:df:64:b2:b5:5f:98:a1:45:3f:4a:
|
|
+ 1f:5c:c5:04:10:f6
|
|
+-----BEGIN CERTIFICATE-----
|
|
+MIIEXTCCAsWgAwIBAgIIcLn06y+hlZkwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
|
|
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
|
|
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
|
|
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTIyMDkwNjIwMzQwOVoXDTIyMDkwNzIw
|
|
+MzQwOVowKjEoMCYGA1UEAwwfc3J2MDEuY3J0MDItZXhwaXJlZC5leGFtcGxlLm5p
|
|
+bDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOwsiAG1izp0Vg1Xs3X9
|
|
+BVgF7Yqr6CkO8VI0LiJibkF0/3gztP8Vc/rOkBCk/tJmFHsLeXvWIIj5QTEUmkk2
|
|
+jDh0S/PiUeflb71lOOacMIA/JFb2aJ4JdoFbWYFEVp8cP0jwlb9gQCnfrEI9w2+F
|
|
+LcMOCLb3EipRAL/P/myu133ewXL4MgNfyT9K3uX6JJBG8EpfCdiTTL8cYUzS3Nts
|
|
++K9zW7c7euhtHLsmI0eH/VAGD/G1iIqoJWlX40Y70mtS+1oB9pbpKs8T5xZM/Vr2
|
|
+HwuN9yWjaNcV/FxISQXihSRwV7HYBSSuJjoAm3KoRwXF83wt8lhyN/vBi09Cj92a
|
|
+rFuubyFirSmBuYtLbP9hmQ98CdNtACAtsQwAbJlMktwOES3nunvHyLGjGmH4zCyv
|
|
+F7bbzDYC/vtmFXeEcM1CJbcWZCiunYyBhaDgUIKq6OmsUfwrY0SxCLiQ14wcI7Ib
|
|
+CFmF1d05RPdHXkgINOss33VHCLa25jLtdnR3zj1N/gKxMwIDAQABozQwMjAwBgNV
|
|
+HREEKTAngh9zcnYwMS5jcnQwMi1leHBpcmVkLmV4YW1wbGUubmlshwQKNQABMA0G
|
|
+CSqGSIb3DQEBCwUAA4IBgQAqUsTLqS/3K+0EtQPVBlntXHy3AJ7EM5D+0LAY8/IG
|
|
+MFQY/jTL6mFPnCNnPK7tIN+CUuxZiEWtPGynNCQcTWarcT1ZjO/NoOJ7WS1DlM31
|
|
+CjxOgSTo/cbQ/a1vzClbZwu37kM4pJHC2Tv41pe8kt3soauFNUT0Ct+tjYxSw0l+
|
|
+ORChE0N4ceKSqjE92ZQVf4bIqrShbb/rVbHXQW/DfYhenLexSw2nF08+SkY/b0gn
|
|
+jNDlUfxCusW5T2NvLvL9DMBuI7RZk2ikLRbO9Hs6RR2gbpgL92rmdQzbVhlriPB/
|
|
+awj4/LvRPyUlGmyONMuRGFTVLc6c0LfDvLUK4Llzb02tazy2Se/AEBPHCnhNmH3L
|
|
+hKEpQIzdMX2uxPUlXbl0svXiK+BDyFBho6gmGgOrGiQ7E1baDe7/L73Vd4JyY7iq
|
|
+4Rj3O8Gh+FGxcLklOd+jQXnXK+wy9sswKNIe8bThgAOfwg82hYJeObqe62d2QpO/
|
|
+4N9ksrVfmKFFP0ofXMUEEPY=
|
|
+-----END CERTIFICATE-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/index.txt b/bin/tests/system/nsupdate/CA/index.txt
|
|
new file mode 100644
|
|
index 0000000..020155f
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/index.txt
|
|
@@ -0,0 +1,4 @@
|
|
+V 20520830202803Z 70B9F4EB2FA19598 unknown /CN=srv01.crt01.example.nil
|
|
+V 220907203409Z 70B9F4EB2FA19599 unknown /CN=srv01.crt02-expired.example.nil
|
|
+V 20520831082017Z 70B9F4EB2FA1959A unknown /CN=srv01.client01.example.nil
|
|
+V 220908081418Z 70B9F4EB2FA1959B unknown /CN=srv01.client02-expired.example.nil
|
|
diff --git a/bin/tests/system/nsupdate/CA/index.txt.attr b/bin/tests/system/nsupdate/CA/index.txt.attr
|
|
new file mode 100644
|
|
index 0000000..8f7e63a
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/index.txt.attr
|
|
@@ -0,0 +1 @@
|
|
+unique_subject = yes
|
|
diff --git a/bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA19598.pem b/bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA19598.pem
|
|
new file mode 100644
|
|
index 0000000..4a4556c
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA19598.pem
|
|
@@ -0,0 +1,93 @@
|
|
+Certificate:
|
|
+ Data:
|
|
+ Version: 3 (0x2)
|
|
+ Serial Number: 8122792693893010840 (0x70b9f4eb2fa19598)
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
|
|
+ Validity
|
|
+ Not Before: Sep 7 20:28:03 2022 GMT
|
|
+ Not After : Aug 30 20:28:03 2052 GMT
|
|
+ Subject: CN=srv01.crt01.example.nil
|
|
+ Subject Public Key Info:
|
|
+ Public Key Algorithm: rsaEncryption
|
|
+ RSA Public-Key: (3072 bit)
|
|
+ Modulus:
|
|
+ 00:b4:9a:63:98:04:ad:bd:ab:29:bf:22:70:54:30:
|
|
+ df:c7:6b:77:5d:b8:5e:0b:cd:0e:a0:6c:74:37:e7:
|
|
+ 4b:78:d1:96:da:ca:99:7d:92:b1:e4:1a:0a:1e:b4:
|
|
+ 1c:be:ee:cc:95:8c:52:03:93:85:e1:40:43:68:86:
|
|
+ 86:bc:6a:62:6d:d6:0a:ca:ee:4f:93:2d:ee:6b:df:
|
|
+ 7a:f6:dc:fa:44:a6:39:80:2c:38:7c:89:cd:d9:a3:
|
|
+ 99:ec:e8:2b:48:6d:84:41:3d:0e:1a:1f:68:5e:17:
|
|
+ 88:8f:a5:da:4d:1c:36:26:ae:b4:7e:d2:fe:a2:59:
|
|
+ d5:67:3a:56:c2:21:65:0d:dd:97:6f:f0:e5:b4:1e:
|
|
+ 87:ae:97:35:0d:f4:9b:ae:dc:8a:3e:28:aa:b8:a2:
|
|
+ ab:ee:9d:b2:c5:91:f6:71:99:a5:86:cb:31:9c:05:
|
|
+ d6:9b:94:13:46:a9:9a:c9:a5:55:5f:6c:cc:d0:84:
|
|
+ 27:e2:b1:b5:73:39:08:7f:80:2f:04:26:96:0c:8d:
|
|
+ 29:9b:be:5e:cc:39:af:a2:db:82:82:57:07:e6:b2:
|
|
+ 4a:d9:3d:c8:79:6e:67:61:f3:48:37:a8:4f:9f:b3:
|
|
+ cf:84:b6:50:08:3d:e9:85:e9:a9:76:50:80:e7:2c:
|
|
+ 6f:65:95:cb:e2:23:41:58:39:70:e7:78:29:3d:c2:
|
|
+ d6:20:7c:2b:87:30:bd:98:87:63:ed:4a:ad:b9:ed:
|
|
+ 7a:4b:13:a1:3d:62:5e:b6:74:64:ef:25:a3:dd:93:
|
|
+ 47:aa:d3:25:7e:2a:d7:09:1b:5c:59:50:f1:d4:c6:
|
|
+ 9c:f2:64:8a:7c:cb:cc:52:37:50:88:4b:84:35:40:
|
|
+ 51:0e:a1:06:a2:60:b6:b0:e3:8f:f9:d8:8e:45:77:
|
|
+ 7d:0e:7d:11:92:22:15:0f:a3:37:84:c4:25:dc:14:
|
|
+ b4:20:7a:b7:16:96:72:d4:bf:4d:5d:d2:ab:71:43:
|
|
+ 44:be:87:44:d2:b8:74:f7:86:3f:d2:5d:dd:5e:e6:
|
|
+ 74:ab:fb:cc:a3:5d:a6:84:80:0b
|
|
+ Exponent: 65537 (0x10001)
|
|
+ X509v3 extensions:
|
|
+ X509v3 Subject Alternative Name:
|
|
+ DNS:srv01.crt01.example.nil, IP Address:10.53.0.1
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ 94:15:c0:4a:f1:aa:15:30:f7:cb:fe:f9:fa:ba:5f:f0:18:1f:
|
|
+ 7e:44:9a:b1:d4:9c:f9:78:d3:a7:c7:65:f2:d1:48:62:f4:cb:
|
|
+ 2f:20:ea:7c:af:08:cf:db:e2:0f:ab:c0:22:38:16:c5:0c:e5:
|
|
+ c7:6e:34:b1:ed:f6:02:1a:69:c0:09:d1:43:b3:30:77:fc:00:
|
|
+ 07:1b:da:88:97:5b:28:4e:e6:92:ca:00:cc:86:66:a9:a9:0a:
|
|
+ 75:be:74:88:7d:09:52:e7:a9:82:8f:a9:62:5e:b3:19:64:14:
|
|
+ e5:54:9e:6d:9c:98:39:8b:1f:92:92:59:f9:a2:46:75:96:11:
|
|
+ 71:8a:c8:71:05:10:2a:b8:f3:a4:19:db:eb:05:17:0a:dd:98:
|
|
+ 2c:58:54:3a:7f:8c:c2:26:9e:62:ca:04:dd:3c:99:1f:a0:64:
|
|
+ 69:fb:d6:04:c1:0b:8c:62:f6:2d:ea:bc:6c:a9:39:7b:f1:20:
|
|
+ b8:b7:04:3c:a7:65:fa:1f:db:22:e2:5b:8b:91:75:60:be:e1:
|
|
+ 1e:50:13:23:d5:4b:93:87:20:ec:46:6f:5f:94:dc:b1:60:d1:
|
|
+ 79:4b:5e:76:c9:6d:0d:be:a6:9a:6b:67:8b:a7:48:7e:51:b5:
|
|
+ 9b:9d:ec:a6:0c:c1:b3:d9:0b:26:8b:f2:7c:cf:61:d0:a2:a0:
|
|
+ 90:90:18:6b:b4:ca:56:b8:5e:5a:8b:78:71:c4:d1:fc:15:30:
|
|
+ 0a:03:26:74:85:3d:6c:ed:d3:e1:c9:c1:b0:d4:0c:b9:f3:04:
|
|
+ 93:0d:e3:a6:2c:a7:ee:e0:24:0d:dd:37:fc:6b:09:d5:b5:55:
|
|
+ 33:12:82:cf:f2:ba:0f:b0:e2:ce:f7:c0:ac:2c:7f:ab:f9:dd:
|
|
+ 87:b1:9b:95:f2:d7:32:98:dd:4c:b3:28:b7:0d:2b:2f:62:65:
|
|
+ ce:59:fb:95:d4:5f:9d:fd:83:5a:01:3b:5f:48:5f:3c:fa:4b:
|
|
+ 52:91:66:e1:49:8e:cd:09:78:f5:ce:f8:cd:5c:85:3e:ad:bd:
|
|
+ 1c:4e:e0:3f:0a:8b
|
|
+-----BEGIN CERTIFICATE-----
|
|
+MIIETzCCAregAwIBAgIIcLn06y+hlZgwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
|
|
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
|
|
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
|
|
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDkwNzIwMjgwM1oYDzIwNTIwODMw
|
|
+MjAyODAzWjAiMSAwHgYDVQQDDBdzcnYwMS5jcnQwMS5leGFtcGxlLm5pbDCCAaIw
|
|
+DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALSaY5gErb2rKb8icFQw38drd124
|
|
+XgvNDqBsdDfnS3jRltrKmX2SseQaCh60HL7uzJWMUgOTheFAQ2iGhrxqYm3WCsru
|
|
+T5Mt7mvfevbc+kSmOYAsOHyJzdmjmezoK0hthEE9DhofaF4XiI+l2k0cNiautH7S
|
|
+/qJZ1Wc6VsIhZQ3dl2/w5bQeh66XNQ30m67cij4oqriiq+6dssWR9nGZpYbLMZwF
|
|
+1puUE0apmsmlVV9szNCEJ+KxtXM5CH+ALwQmlgyNKZu+Xsw5r6LbgoJXB+ayStk9
|
|
+yHluZ2HzSDeoT5+zz4S2UAg96YXpqXZQgOcsb2WVy+IjQVg5cOd4KT3C1iB8K4cw
|
|
+vZiHY+1KrbnteksToT1iXrZ0ZO8lo92TR6rTJX4q1wkbXFlQ8dTGnPJkinzLzFI3
|
|
+UIhLhDVAUQ6hBqJgtrDjj/nYjkV3fQ59EZIiFQ+jN4TEJdwUtCB6txaWctS/TV3S
|
|
+q3FDRL6HRNK4dPeGP9Jd3V7mdKv7zKNdpoSACwIDAQABoywwKjAoBgNVHREEITAf
|
|
+ghdzcnYwMS5jcnQwMS5leGFtcGxlLm5pbIcECjUAATANBgkqhkiG9w0BAQsFAAOC
|
|
+AYEAlBXASvGqFTD3y/75+rpf8BgffkSasdSc+XjTp8dl8tFIYvTLLyDqfK8Iz9vi
|
|
+D6vAIjgWxQzlx240se32AhppwAnRQ7Mwd/wABxvaiJdbKE7mksoAzIZmqakKdb50
|
|
+iH0JUuepgo+pYl6zGWQU5VSebZyYOYsfkpJZ+aJGdZYRcYrIcQUQKrjzpBnb6wUX
|
|
+Ct2YLFhUOn+MwiaeYsoE3TyZH6BkafvWBMELjGL2Leq8bKk5e/EguLcEPKdl+h/b
|
|
+IuJbi5F1YL7hHlATI9VLk4cg7EZvX5TcsWDReUtedsltDb6mmmtni6dIflG1m53s
|
|
+pgzBs9kLJovyfM9h0KKgkJAYa7TKVrheWot4ccTR/BUwCgMmdIU9bO3T4cnBsNQM
|
|
+ufMEkw3jpiyn7uAkDd03/GsJ1bVVMxKCz/K6D7DizvfArCx/q/ndh7GblfLXMpjd
|
|
+TLMotw0rL2Jlzln7ldRfnf2DWgE7X0hfPPpLUpFm4UmOzQl49c74zVyFPq29HE7g
|
|
+PwqL
|
|
+-----END CERTIFICATE-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA19599.pem b/bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA19599.pem
|
|
new file mode 100644
|
|
index 0000000..3fa0b9a
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA19599.pem
|
|
@@ -0,0 +1,93 @@
|
|
+Certificate:
|
|
+ Data:
|
|
+ Version: 3 (0x2)
|
|
+ Serial Number: 8122792693893010841 (0x70b9f4eb2fa19599)
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
|
|
+ Validity
|
|
+ Not Before: Sep 6 20:34:09 2022 GMT
|
|
+ Not After : Sep 7 20:34:09 2022 GMT
|
|
+ Subject: CN=srv01.crt02-expired.example.nil
|
|
+ Subject Public Key Info:
|
|
+ Public Key Algorithm: rsaEncryption
|
|
+ RSA Public-Key: (3072 bit)
|
|
+ Modulus:
|
|
+ 00:ec:2c:88:01:b5:8b:3a:74:56:0d:57:b3:75:fd:
|
|
+ 05:58:05:ed:8a:ab:e8:29:0e:f1:52:34:2e:22:62:
|
|
+ 6e:41:74:ff:78:33:b4:ff:15:73:fa:ce:90:10:a4:
|
|
+ fe:d2:66:14:7b:0b:79:7b:d6:20:88:f9:41:31:14:
|
|
+ 9a:49:36:8c:38:74:4b:f3:e2:51:e7:e5:6f:bd:65:
|
|
+ 38:e6:9c:30:80:3f:24:56:f6:68:9e:09:76:81:5b:
|
|
+ 59:81:44:56:9f:1c:3f:48:f0:95:bf:60:40:29:df:
|
|
+ ac:42:3d:c3:6f:85:2d:c3:0e:08:b6:f7:12:2a:51:
|
|
+ 00:bf:cf:fe:6c:ae:d7:7d:de:c1:72:f8:32:03:5f:
|
|
+ c9:3f:4a:de:e5:fa:24:90:46:f0:4a:5f:09:d8:93:
|
|
+ 4c:bf:1c:61:4c:d2:dc:db:6c:f8:af:73:5b:b7:3b:
|
|
+ 7a:e8:6d:1c:bb:26:23:47:87:fd:50:06:0f:f1:b5:
|
|
+ 88:8a:a8:25:69:57:e3:46:3b:d2:6b:52:fb:5a:01:
|
|
+ f6:96:e9:2a:cf:13:e7:16:4c:fd:5a:f6:1f:0b:8d:
|
|
+ f7:25:a3:68:d7:15:fc:5c:48:49:05:e2:85:24:70:
|
|
+ 57:b1:d8:05:24:ae:26:3a:00:9b:72:a8:47:05:c5:
|
|
+ f3:7c:2d:f2:58:72:37:fb:c1:8b:4f:42:8f:dd:9a:
|
|
+ ac:5b:ae:6f:21:62:ad:29:81:b9:8b:4b:6c:ff:61:
|
|
+ 99:0f:7c:09:d3:6d:00:20:2d:b1:0c:00:6c:99:4c:
|
|
+ 92:dc:0e:11:2d:e7:ba:7b:c7:c8:b1:a3:1a:61:f8:
|
|
+ cc:2c:af:17:b6:db:cc:36:02:fe:fb:66:15:77:84:
|
|
+ 70:cd:42:25:b7:16:64:28:ae:9d:8c:81:85:a0:e0:
|
|
+ 50:82:aa:e8:e9:ac:51:fc:2b:63:44:b1:08:b8:90:
|
|
+ d7:8c:1c:23:b2:1b:08:59:85:d5:dd:39:44:f7:47:
|
|
+ 5e:48:08:34:eb:2c:df:75:47:08:b6:b6:e6:32:ed:
|
|
+ 76:74:77:ce:3d:4d:fe:02:b1:33
|
|
+ Exponent: 65537 (0x10001)
|
|
+ X509v3 extensions:
|
|
+ X509v3 Subject Alternative Name:
|
|
+ DNS:srv01.crt02-expired.example.nil, IP Address:10.53.0.1
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ 2a:52:c4:cb:a9:2f:f7:2b:ed:04:b5:03:d5:06:59:ed:5c:7c:
|
|
+ b7:00:9e:c4:33:90:fe:d0:b0:18:f3:f2:06:30:54:18:fe:34:
|
|
+ cb:ea:61:4f:9c:23:67:3c:ae:ed:20:df:82:52:ec:59:88:45:
|
|
+ ad:3c:6c:a7:34:24:1c:4d:66:ab:71:3d:59:8c:ef:cd:a0:e2:
|
|
+ 7b:59:2d:43:94:cd:f5:0a:3c:4e:81:24:e8:fd:c6:d0:fd:ad:
|
|
+ 6f:cc:29:5b:67:0b:b7:ee:43:38:a4:91:c2:d9:3b:f8:d6:97:
|
|
+ bc:92:dd:ec:a1:ab:85:35:44:f4:0a:df:ad:8d:8c:52:c3:49:
|
|
+ 7e:39:10:a1:13:43:78:71:e2:92:aa:31:3d:d9:94:15:7f:86:
|
|
+ c8:aa:b4:a1:6d:bf:eb:55:b1:d7:41:6f:c3:7d:88:5e:9c:b7:
|
|
+ b1:4b:0d:a7:17:4f:3e:4a:46:3f:6f:48:27:8c:d0:e5:51:fc:
|
|
+ 42:ba:c5:b9:4f:63:6f:2e:f2:fd:0c:c0:6e:23:b4:59:93:68:
|
|
+ a4:2d:16:ce:f4:7b:3a:45:1d:a0:6e:98:0b:f7:6a:e6:75:0c:
|
|
+ db:56:19:6b:88:f0:7f:6b:08:f8:fc:bb:d1:3f:25:25:1a:6c:
|
|
+ 8e:34:cb:91:18:54:d5:2d:ce:9c:d0:b7:c3:bc:b5:0a:e0:b9:
|
|
+ 73:6f:4d:ad:6b:3c:b6:49:ef:c0:10:13:c7:0a:78:4d:98:7d:
|
|
+ cb:84:a1:29:40:8c:dd:31:7d:ae:c4:f5:25:5d:b9:74:b2:f5:
|
|
+ e2:2b:e0:43:c8:50:61:a3:a8:26:1a:03:ab:1a:24:3b:13:56:
|
|
+ da:0d:ee:ff:2f:bd:d5:77:82:72:63:b8:aa:e1:18:f7:3b:c1:
|
|
+ a1:f8:51:b1:70:b9:25:39:df:a3:41:79:d7:2b:ec:32:f6:cb:
|
|
+ 30:28:d2:1e:f1:b4:e1:80:03:9f:c2:0f:36:85:82:5e:39:ba:
|
|
+ 9e:eb:67:76:42:93:bf:e0:df:64:b2:b5:5f:98:a1:45:3f:4a:
|
|
+ 1f:5c:c5:04:10:f6
|
|
+-----BEGIN CERTIFICATE-----
|
|
+MIIEXTCCAsWgAwIBAgIIcLn06y+hlZkwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
|
|
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
|
|
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
|
|
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTIyMDkwNjIwMzQwOVoXDTIyMDkwNzIw
|
|
+MzQwOVowKjEoMCYGA1UEAwwfc3J2MDEuY3J0MDItZXhwaXJlZC5leGFtcGxlLm5p
|
|
+bDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOwsiAG1izp0Vg1Xs3X9
|
|
+BVgF7Yqr6CkO8VI0LiJibkF0/3gztP8Vc/rOkBCk/tJmFHsLeXvWIIj5QTEUmkk2
|
|
+jDh0S/PiUeflb71lOOacMIA/JFb2aJ4JdoFbWYFEVp8cP0jwlb9gQCnfrEI9w2+F
|
|
+LcMOCLb3EipRAL/P/myu133ewXL4MgNfyT9K3uX6JJBG8EpfCdiTTL8cYUzS3Nts
|
|
++K9zW7c7euhtHLsmI0eH/VAGD/G1iIqoJWlX40Y70mtS+1oB9pbpKs8T5xZM/Vr2
|
|
+HwuN9yWjaNcV/FxISQXihSRwV7HYBSSuJjoAm3KoRwXF83wt8lhyN/vBi09Cj92a
|
|
+rFuubyFirSmBuYtLbP9hmQ98CdNtACAtsQwAbJlMktwOES3nunvHyLGjGmH4zCyv
|
|
+F7bbzDYC/vtmFXeEcM1CJbcWZCiunYyBhaDgUIKq6OmsUfwrY0SxCLiQ14wcI7Ib
|
|
+CFmF1d05RPdHXkgINOss33VHCLa25jLtdnR3zj1N/gKxMwIDAQABozQwMjAwBgNV
|
|
+HREEKTAngh9zcnYwMS5jcnQwMi1leHBpcmVkLmV4YW1wbGUubmlshwQKNQABMA0G
|
|
+CSqGSIb3DQEBCwUAA4IBgQAqUsTLqS/3K+0EtQPVBlntXHy3AJ7EM5D+0LAY8/IG
|
|
+MFQY/jTL6mFPnCNnPK7tIN+CUuxZiEWtPGynNCQcTWarcT1ZjO/NoOJ7WS1DlM31
|
|
+CjxOgSTo/cbQ/a1vzClbZwu37kM4pJHC2Tv41pe8kt3soauFNUT0Ct+tjYxSw0l+
|
|
+ORChE0N4ceKSqjE92ZQVf4bIqrShbb/rVbHXQW/DfYhenLexSw2nF08+SkY/b0gn
|
|
+jNDlUfxCusW5T2NvLvL9DMBuI7RZk2ikLRbO9Hs6RR2gbpgL92rmdQzbVhlriPB/
|
|
+awj4/LvRPyUlGmyONMuRGFTVLc6c0LfDvLUK4Llzb02tazy2Se/AEBPHCnhNmH3L
|
|
+hKEpQIzdMX2uxPUlXbl0svXiK+BDyFBho6gmGgOrGiQ7E1baDe7/L73Vd4JyY7iq
|
|
+4Rj3O8Gh+FGxcLklOd+jQXnXK+wy9sswKNIe8bThgAOfwg82hYJeObqe62d2QpO/
|
|
+4N9ksrVfmKFFP0ofXMUEEPY=
|
|
+-----END CERTIFICATE-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA1959A.pem b/bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA1959A.pem
|
|
new file mode 100644
|
|
index 0000000..f546d35
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA1959A.pem
|
|
@@ -0,0 +1,93 @@
|
|
+Certificate:
|
|
+ Data:
|
|
+ Version: 3 (0x2)
|
|
+ Serial Number: 8122792693893010842 (0x70b9f4eb2fa1959a)
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
|
|
+ Validity
|
|
+ Not Before: Sep 8 08:20:17 2022 GMT
|
|
+ Not After : Aug 31 08:20:17 2052 GMT
|
|
+ Subject: CN=srv01.client01.example.nil
|
|
+ Subject Public Key Info:
|
|
+ Public Key Algorithm: rsaEncryption
|
|
+ RSA Public-Key: (3072 bit)
|
|
+ Modulus:
|
|
+ 00:ab:60:2e:9c:61:e3:89:c6:52:2b:bc:e9:e1:05:
|
|
+ fd:18:65:42:20:f6:56:16:40:33:d2:cb:9f:f7:ef:
|
|
+ 22:54:a7:c9:55:70:ca:52:f0:e2:a2:58:38:7f:10:
|
|
+ ad:2b:05:e0:11:b6:69:21:7f:2d:38:56:dd:d5:e4:
|
|
+ f3:de:a7:32:35:f7:33:2a:52:80:ae:b7:d6:7c:35:
|
|
+ 74:c3:0c:8a:c3:3a:18:61:68:73:62:58:56:ff:78:
|
|
+ 25:57:1c:7b:be:98:88:21:dd:1c:8a:13:a5:9a:52:
|
|
+ 48:98:d9:3d:c4:28:a6:7e:9b:11:56:7e:ce:09:bb:
|
|
+ 51:89:8a:a8:1b:00:b5:73:2b:41:93:b1:62:40:30:
|
|
+ 29:ea:f6:a3:e7:bc:f0:e9:9e:07:2b:ae:a9:a0:1d:
|
|
+ 4d:d9:f8:18:4d:83:47:4e:68:ee:57:c8:55:15:86:
|
|
+ 3c:6d:1e:f5:31:f1:de:cf:c2:7e:6b:8e:22:5a:c5:
|
|
+ 76:af:d0:01:de:ab:7a:03:b2:96:33:cc:a0:26:ae:
|
|
+ de:c4:bd:76:85:96:c7:88:e4:46:bc:3f:c6:54:c9:
|
|
+ 95:83:87:9c:49:0d:31:dd:c4:17:52:99:e4:65:49:
|
|
+ 9b:9d:f3:ad:ce:66:08:57:f4:83:be:5e:87:da:42:
|
|
+ 5a:01:2a:6d:68:d1:8d:38:d9:18:ae:5e:2e:54:72:
|
|
+ 8b:01:45:96:af:f5:a3:d0:29:5d:22:8b:b4:d4:30:
|
|
+ af:02:36:c5:2d:e9:29:eb:2c:ea:6a:7e:27:b3:70:
|
|
+ fc:87:1f:2b:c4:b1:3a:a6:c2:e9:b7:c2:6f:46:63:
|
|
+ b7:96:2e:53:d8:b7:cd:c3:f4:b5:6d:b2:fc:57:49:
|
|
+ ac:9f:98:c9:fe:b4:f5:7c:93:48:2e:93:dc:e9:18:
|
|
+ 54:63:5f:18:a3:e7:12:aa:fe:38:f0:73:e5:17:1e:
|
|
+ fe:40:65:81:a8:8f:60:46:c2:16:f2:a8:9d:b1:1b:
|
|
+ bc:ce:05:de:37:b2:a8:86:47:bd:8d:92:de:e0:e5:
|
|
+ 42:89:b8:e3:f8:b1:24:08:7e:99
|
|
+ Exponent: 65537 (0x10001)
|
|
+ X509v3 extensions:
|
|
+ X509v3 Subject Alternative Name:
|
|
+ DNS:srv01.client01.example.nil, IP Address:10.53.0.1
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ 07:97:69:51:12:50:6a:e1:02:a0:b0:dc:93:75:16:c4:38:0f:
|
|
+ 5c:b3:47:da:bf:fa:9c:b6:de:c0:ef:38:f7:cc:d9:8d:71:ba:
|
|
+ 51:89:e5:48:36:dd:e1:f8:73:9d:92:80:1c:42:30:69:4f:8c:
|
|
+ 19:5d:f7:1d:03:e4:f2:76:e0:58:7b:c2:76:c4:0a:7e:20:69:
|
|
+ 26:6c:3e:cb:31:45:93:1d:07:5f:45:44:8e:5a:fb:87:17:7b:
|
|
+ 4d:5c:bf:37:bd:5e:ba:5c:22:84:bf:26:21:4a:c4:e9:f9:cb:
|
|
+ 73:de:fc:62:04:96:ad:aa:fd:89:09:5c:74:d6:bd:5f:07:17:
|
|
+ ef:9c:3d:ee:b7:dc:08:11:7f:12:66:ab:c4:ff:43:6d:7f:1e:
|
|
+ 01:b6:d1:19:73:53:18:e4:02:b0:7c:9e:99:63:d8:57:dd:07:
|
|
+ 79:fb:83:39:09:de:76:6e:68:b7:87:81:13:b8:26:e5:1c:c9:
|
|
+ a0:23:e5:97:39:ff:93:c7:8d:08:d8:ce:97:34:fc:ad:22:14:
|
|
+ 89:c0:ae:83:7d:0a:3f:cf:a0:9b:b4:6a:5c:b3:6d:5d:3b:88:
|
|
+ ca:1e:9b:99:54:64:57:58:3c:4c:bd:26:ee:11:c3:13:0b:1d:
|
|
+ f5:fd:d9:37:b0:31:72:6f:1d:e8:ba:43:37:46:f7:71:fe:6d:
|
|
+ 4a:30:33:29:c5:7b:37:8b:7e:06:22:89:a4:46:36:f0:fe:c6:
|
|
+ f5:f0:53:04:c0:35:52:78:6e:10:24:3a:d8:bf:7b:13:2f:98:
|
|
+ bc:69:31:41:68:02:5a:c4:f9:11:a2:6b:3f:c8:e0:d4:b3:80:
|
|
+ af:d2:be:fe:28:70:61:18:ed:8a:de:c4:cb:da:c9:60:94:91:
|
|
+ 76:63:69:8c:6e:96:f5:ba:e7:be:1e:1c:c3:84:b1:8d:e8:31:
|
|
+ f7:66:8c:0d:da:a8:78:57:19:fd:a0:8d:fa:9a:7e:51:1c:d1:
|
|
+ d0:84:07:a2:45:40:2d:c4:6b:e9:9f:86:4a:08:20:8f:9c:79:
|
|
+ 97:e3:7f:2a:14:73
|
|
+-----BEGIN CERTIFICATE-----
|
|
+MIIEVTCCAr2gAwIBAgIIcLn06y+hlZowDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
|
|
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
|
|
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
|
|
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDkwODA4MjAxN1oYDzIwNTIwODMx
|
|
+MDgyMDE3WjAlMSMwIQYDVQQDDBpzcnYwMS5jbGllbnQwMS5leGFtcGxlLm5pbDCC
|
|
+AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKtgLpxh44nGUiu86eEF/Rhl
|
|
+QiD2VhZAM9LLn/fvIlSnyVVwylLw4qJYOH8QrSsF4BG2aSF/LThW3dXk896nMjX3
|
|
+MypSgK631nw1dMMMisM6GGFoc2JYVv94JVcce76YiCHdHIoTpZpSSJjZPcQopn6b
|
|
+EVZ+zgm7UYmKqBsAtXMrQZOxYkAwKer2o+e88OmeByuuqaAdTdn4GE2DR05o7lfI
|
|
+VRWGPG0e9THx3s/CfmuOIlrFdq/QAd6regOyljPMoCau3sS9doWWx4jkRrw/xlTJ
|
|
+lYOHnEkNMd3EF1KZ5GVJm53zrc5mCFf0g75eh9pCWgEqbWjRjTjZGK5eLlRyiwFF
|
|
+lq/1o9ApXSKLtNQwrwI2xS3pKess6mp+J7Nw/IcfK8SxOqbC6bfCb0Zjt5YuU9i3
|
|
+zcP0tW2y/FdJrJ+Yyf609XyTSC6T3OkYVGNfGKPnEqr+OPBz5Rce/kBlgaiPYEbC
|
|
+FvKonbEbvM4F3jeyqIZHvY2S3uDlQom44/ixJAh+mQIDAQABoy8wLTArBgNVHREE
|
|
+JDAighpzcnYwMS5jbGllbnQwMS5leGFtcGxlLm5pbIcECjUAATANBgkqhkiG9w0B
|
|
+AQsFAAOCAYEAB5dpURJQauECoLDck3UWxDgPXLNH2r/6nLbewO8498zZjXG6UYnl
|
|
+SDbd4fhznZKAHEIwaU+MGV33HQPk8nbgWHvCdsQKfiBpJmw+yzFFkx0HX0VEjlr7
|
|
+hxd7TVy/N71eulwihL8mIUrE6fnLc978YgSWrar9iQlcdNa9XwcX75w97rfcCBF/
|
|
+EmarxP9DbX8eAbbRGXNTGOQCsHyemWPYV90HefuDOQnedm5ot4eBE7gm5RzJoCPl
|
|
+lzn/k8eNCNjOlzT8rSIUicCug30KP8+gm7RqXLNtXTuIyh6bmVRkV1g8TL0m7hHD
|
|
+Ewsd9f3ZN7Axcm8d6LpDN0b3cf5tSjAzKcV7N4t+BiKJpEY28P7G9fBTBMA1Unhu
|
|
+ECQ62L97Ey+YvGkxQWgCWsT5EaJrP8jg1LOAr9K+/ihwYRjtit7Ey9rJYJSRdmNp
|
|
+jG6W9brnvh4cw4Sxjegx92aMDdqoeFcZ/aCN+pp+URzR0IQHokVALcRr6Z+GSggg
|
|
+j5x5l+N/KhRz
|
|
+-----END CERTIFICATE-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA1959B.pem b/bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA1959B.pem
|
|
new file mode 100644
|
|
index 0000000..365b493
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA1959B.pem
|
|
@@ -0,0 +1,93 @@
|
|
+Certificate:
|
|
+ Data:
|
|
+ Version: 3 (0x2)
|
|
+ Serial Number: 8122792693893010843 (0x70b9f4eb2fa1959b)
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
|
|
+ Validity
|
|
+ Not Before: Sep 7 08:14:18 2022 GMT
|
|
+ Not After : Sep 8 08:14:18 2022 GMT
|
|
+ Subject: CN=srv01.client02-expired.example.nil
|
|
+ Subject Public Key Info:
|
|
+ Public Key Algorithm: rsaEncryption
|
|
+ RSA Public-Key: (3072 bit)
|
|
+ Modulus:
|
|
+ 00:c0:11:27:17:25:3a:ad:85:a0:3b:59:0b:22:64:
|
|
+ 63:7d:bb:05:32:35:4f:68:d5:19:2b:cd:46:bd:e2:
|
|
+ b6:42:8c:08:cf:09:0d:a8:cd:58:d9:1b:77:db:17:
|
|
+ 8a:fc:f0:55:f2:e1:50:f4:fd:90:aa:49:15:5d:ea:
|
|
+ 9b:5a:47:c4:2f:82:07:46:87:f6:05:ef:15:02:a4:
|
|
+ 3c:a1:da:fc:5b:75:36:12:f7:12:50:55:f8:be:0c:
|
|
+ 7d:21:91:e2:92:d8:41:3f:71:fe:b2:17:c0:68:1d:
|
|
+ 09:be:fc:c4:24:ec:ef:d2:5c:52:a9:4f:d6:5d:30:
|
|
+ b8:ab:68:2e:39:e9:8b:5b:c6:f0:64:42:f7:b8:bd:
|
|
+ b2:90:32:22:68:bc:38:70:2f:14:ae:c8:7c:63:04:
|
|
+ d5:11:b2:0a:f1:8e:13:10:b2:3b:69:f4:fe:3a:e2:
|
|
+ f1:58:56:28:93:c1:28:aa:a7:19:c9:91:12:43:f8:
|
|
+ f5:1d:34:58:3d:32:9f:11:67:d1:1f:53:d4:e0:d5:
|
|
+ 0c:78:2c:6f:38:3f:e1:89:69:b5:09:3c:12:f4:a9:
|
|
+ ee:e5:2f:c5:47:65:a6:82:fa:ea:78:48:31:89:11:
|
|
+ b6:23:8a:27:ed:7c:1d:6d:e8:ab:a0:29:de:40:f4:
|
|
+ f2:9b:61:22:da:9c:22:32:f7:3d:f8:4c:e1:38:a7:
|
|
+ e2:c3:af:a4:67:7f:94:a4:fd:52:25:89:4d:f4:9a:
|
|
+ d6:35:ba:98:20:f1:4b:c9:a5:cf:ac:72:58:2a:cd:
|
|
+ 3b:4a:3e:e9:04:31:e2:9a:74:32:d5:52:60:34:ad:
|
|
+ 0c:85:02:65:58:41:74:2a:57:91:34:55:36:a9:14:
|
|
+ 5b:45:cc:28:27:d7:6d:ba:55:a3:dd:9f:00:04:a4:
|
|
+ 43:c2:af:5c:af:86:53:a6:d5:a7:49:aa:31:d6:5e:
|
|
+ 92:7d:26:dd:8d:f4:87:8a:9b:48:e8:25:f4:c7:34:
|
|
+ ca:cf:e3:f7:84:19:3b:43:c7:6a:b8:da:6e:6f:85:
|
|
+ af:8d:0c:fb:7c:ea:c7:73:9c:9b
|
|
+ Exponent: 65537 (0x10001)
|
|
+ X509v3 extensions:
|
|
+ X509v3 Subject Alternative Name:
|
|
+ DNS:srv01.client02-expired.example.nil, IP Address:10.53.0.1
|
|
+ Signature Algorithm: sha256WithRSAEncryption
|
|
+ 18:f1:7c:24:5b:d2:03:b0:60:0e:60:e6:32:f9:a7:47:d1:e4:
|
|
+ bd:3f:a3:21:53:90:84:9a:c6:2c:87:b2:16:28:95:07:a3:2a:
|
|
+ c3:33:8f:60:70:3f:26:58:be:ec:a2:6c:44:89:d3:4e:ef:bb:
|
|
+ ce:af:9b:5f:15:06:03:21:74:e3:6f:2a:dc:5c:19:4e:d3:cb:
|
|
+ ba:c3:5f:d8:76:89:59:50:82:69:5f:a1:ac:9f:be:79:e1:22:
|
|
+ 12:37:f9:d3:2e:00:35:03:03:9d:08:24:45:65:7a:e9:72:31:
|
|
+ e1:67:44:32:17:25:dd:b9:72:eb:c6:40:d7:5d:8d:5f:00:48:
|
|
+ 07:09:0d:3c:4c:a1:f1:05:4b:05:9b:2b:5a:21:09:46:f4:17:
|
|
+ 7a:cf:34:87:ad:bf:ef:bd:56:74:d7:1a:8f:07:ce:70:b1:aa:
|
|
+ 4d:82:4f:08:dc:56:27:f9:21:20:b8:06:c7:29:b4:8e:36:82:
|
|
+ b8:43:85:1c:2d:9f:be:2d:b9:9d:40:de:52:55:6a:2e:0b:28:
|
|
+ 33:fc:f8:1b:70:e9:c5:46:50:f3:05:be:8d:ed:99:ec:f1:8c:
|
|
+ 51:8a:1c:4b:95:f4:c4:dd:cd:42:74:bc:6f:66:64:54:b8:c1:
|
|
+ 6e:c8:3d:e9:fe:10:02:61:50:77:38:b9:b0:b8:13:37:8f:0e:
|
|
+ 5b:49:92:3a:9d:9a:60:51:68:99:8a:d5:7e:92:71:7e:fa:db:
|
|
+ 52:37:4d:f9:0d:6c:3b:79:a3:b9:16:b7:95:00:ea:eb:17:54:
|
|
+ e2:50:d7:a5:08:54:58:2c:79:66:01:4b:95:65:ed:b8:81:f7:
|
|
+ 4c:fa:f8:89:37:ad:d9:dc:c9:75:9d:02:3e:e5:92:b3:03:ab:
|
|
+ 70:69:83:f5:6c:a6:27:7e:2e:fc:9d:b2:59:0a:43:ad:3f:55:
|
|
+ 2f:5d:ec:ef:52:f0:3e:be:b5:d6:e2:c3:91:9d:dd:5d:e1:9e:
|
|
+ e6:18:90:0b:6a:85:f8:e3:83:2a:7c:91:c3:52:1c:6d:aa:2b:
|
|
+ 44:b8:6f:2b:af:6e
|
|
+-----BEGIN CERTIFICATE-----
|
|
+MIIEYzCCAsugAwIBAgIIcLn06y+hlZswDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
|
|
+BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
|
|
+djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
|
|
+DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTIyMDkwNzA4MTQxOFoXDTIyMDkwODA4
|
|
+MTQxOFowLTErMCkGA1UEAwwic3J2MDEuY2xpZW50MDItZXhwaXJlZC5leGFtcGxl
|
|
+Lm5pbDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMARJxclOq2FoDtZ
|
|
+CyJkY327BTI1T2jVGSvNRr3itkKMCM8JDajNWNkbd9sXivzwVfLhUPT9kKpJFV3q
|
|
+m1pHxC+CB0aH9gXvFQKkPKHa/Ft1NhL3ElBV+L4MfSGR4pLYQT9x/rIXwGgdCb78
|
|
+xCTs79JcUqlP1l0wuKtoLjnpi1vG8GRC97i9spAyImi8OHAvFK7IfGME1RGyCvGO
|
|
+ExCyO2n0/jri8VhWKJPBKKqnGcmREkP49R00WD0ynxFn0R9T1ODVDHgsbzg/4Ylp
|
|
+tQk8EvSp7uUvxUdlpoL66nhIMYkRtiOKJ+18HW3oq6Ap3kD08pthItqcIjL3PfhM
|
|
+4Tin4sOvpGd/lKT9UiWJTfSa1jW6mCDxS8mlz6xyWCrNO0o+6QQx4pp0MtVSYDSt
|
|
+DIUCZVhBdCpXkTRVNqkUW0XMKCfXbbpVo92fAASkQ8KvXK+GU6bVp0mqMdZekn0m
|
|
+3Y30h4qbSOgl9Mc0ys/j94QZO0PHarjabm+Fr40M+3zqx3OcmwIDAQABozcwNTAz
|
|
+BgNVHREELDAqgiJzcnYwMS5jbGllbnQwMi1leHBpcmVkLmV4YW1wbGUubmlshwQK
|
|
+NQABMA0GCSqGSIb3DQEBCwUAA4IBgQAY8XwkW9IDsGAOYOYy+adH0eS9P6MhU5CE
|
|
+msYsh7IWKJUHoyrDM49gcD8mWL7somxEidNO77vOr5tfFQYDIXTjbyrcXBlO08u6
|
|
+w1/YdolZUIJpX6Gsn7554SISN/nTLgA1AwOdCCRFZXrpcjHhZ0QyFyXduXLrxkDX
|
|
+XY1fAEgHCQ08TKHxBUsFmytaIQlG9Bd6zzSHrb/vvVZ01xqPB85wsapNgk8I3FYn
|
|
++SEguAbHKbSONoK4Q4UcLZ++LbmdQN5SVWouCygz/PgbcOnFRlDzBb6N7Zns8YxR
|
|
+ihxLlfTE3c1CdLxvZmRUuMFuyD3p/hACYVB3OLmwuBM3jw5bSZI6nZpgUWiZitV+
|
|
+knF++ttSN035DWw7eaO5FreVAOrrF1TiUNelCFRYLHlmAUuVZe24gfdM+viJN63Z
|
|
+3Ml1nQI+5ZKzA6twaYP1bKYnfi78nbJZCkOtP1UvXezvUvA+vrXW4sORnd1d4Z7m
|
|
+GJALaoX444MqfJHDUhxtqitEuG8rr24=
|
|
+-----END CERTIFICATE-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/private/CA-other.key b/bin/tests/system/nsupdate/CA/private/CA-other.key
|
|
new file mode 100644
|
|
index 0000000..41818aa
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/private/CA-other.key
|
|
@@ -0,0 +1,39 @@
|
|
+-----BEGIN RSA PRIVATE KEY-----
|
|
+MIIG5AIBAAKCAYEA10Xj8dH8/XCfUvhdL/S3E10TnrYY8IIDBmU0lkUR5IHwgP9I
|
|
+YVyR/0Mibg79FAs+rvuEDifUK+6wvkpj+BXNVZCspo9/u3cl7dqrLH+1SeUs50Oe
|
|
+QnbbTrBl0PuNwvzEkbk7xwLlVDOyRmmvY/EEu7WkitQZgXSAYgttrk62CuJUQUmw
|
|
+UTX5Jxndsjydk/zW/DiulTsX+zv8kG5NiwpXCfL6QxBoMZNI4fUmDL3bX1XfHaFA
|
|
++45GT2lHu07xc+cVeZIRCo0Nk+fIO53lDol8mmR8/5vna27gRnqEUSU7MZAMG6QB
|
|
+Xkotnq3rHnrI/ku6dCJW4tbWV/ANQ+TG17g2tygzC/smqTuLqavyP9V5cRrdU9aw
|
|
+Eqwvy8uVbGkTmUZdtjkGWCcmBSWJvkH3MRJmijS7rDcb8m/g9+xKe79V1c8durGW
|
|
+vcfMRZZhWaoHyhnHg9+JLUCC3EUCp/1206w5vTXEQNpqi9Z3AZfgboPzJyji4OeY
|
|
+fcQ5eaIZ3OuIpyQzAgMBAAECggGAD+vUWvsr2datgeZqhfR0YdM9czyGhasn7B4q
|
|
+EH8VPrA5iGDZCpJdHeLqNfeX0hau0SQ69Q0PDRy/J6O61wtNv2lOy5bLXKMIRBor
|
|
+FMRxNQDlHEmM999wgtZbAWTJbEVjiF+Jw0M8kMiuA7UnSp31uqhJfhcHt+JU6Gtt
|
|
+9jlOD2oDzzxS9P6n6bNpCRigkuRdRhQvHUxcjrE2EbyGsaTXIR4+Uh1xh1EcT9Hg
|
|
+uYqFIfzo3nkhpDk2jAL+UiUZiHfrpO6OfqpNQj27jju/35DT+2hgGuS2JApzpi91
|
|
+gJSDXwsDQYdP2a2B0y3K0+HwC7/YovAzlXkfes06ebtsiG4Nzl15vnKaTbON0vZO
|
|
+7jMkedmstKaLGM5PlLW0afls5ahr0dtrhWFs+1QKcv1JahcfeEvggeH9/gtjpunM
|
|
+MT31VuYbwleWAsRxjGG3OWKLgst4cJXqGTdM21JzBDOP43/ZIaaedl43jJzIgIM5
|
|
+b4ae9DrhsTNIboYO20XYdwtn9Q2pAoHBAPLO1xTWfqpCwZU6udtX73jMfpwhGlWW
|
|
+0jqg9gvxs9Neg4nfYMtiliBS5VT+6oID8YSKOSWXHWFGFkBN5hqfGbu5Nd94rY0J
|
|
+g6UYgGOAcNfoGOTpI2xljpEWJJfquTFgbajwFg+q3p6mL1zShkzvf6hzqENxbLxy
|
|
+OvEPkszN6cy16jgEUv5qK9qNf7ISB8Ki3yFSKAfuRlapny3TcRTYkJNZ0y398/sG
|
|
+E5vqrrYyjUWv5Uwz0mHmZpmZuZuaUJxtlwKBwQDi+BKnIiYYwdJPmCNCykRJB02Z
|
|
+QZlxtnrrajxZsXHysTopX5HkOQH80VSbH6fj287qX7vV0ux2maFLoszjM0wtfQhE
|
|
+8fsuKRPfzxR0cFtPFtncCHI5FVT2MOsdz5dZ8BsinCgsVlZ3SrUC9gxPKpVdRd21
|
|
+OUC3r+tOPvM0gdfyT560GDLhaH12iOA5KtWnE3FIEpk6y95D1a4E7zu4ZaoI98UU
|
|
+F8ezSREzF9UzAcdVn8MA3v82nlGQS8iFI9mHicUCgcACWkS1O/rQNYNgqcgBOxHj
|
|
+7r9PTfbOW36/+K1JolbmtmS54kMy1Uq1F3iHYUzuY5Fkgl5ZYeRz+9TdXKPdICuE
|
|
+qR+/gZDU7AGtiNY9oJH3VZVgKm4gb7944mkKW8jdlJybZXAhSLuNd/i/gn6woiVv
|
|
+gWdg9+lgzg6KJWd7uocIZ77UOh5/vpGcNYDGPex7U06sKPqgUQu3bT9Ql1riI9MK
|
|
+ynUEXhCOHxnzicuVklnSEgk7usjQEAZweI/W1SDw0xMCgcEAm9BQBdsEqlRNDAVW
|
|
+l6CB9lyEIiUNsSnkAr9AxRZzMngGhKauYi3ctnICkifOOzgIOZAVRDpzyQu41lLi
|
|
+M0thDY1bYvF4TX03vprL4Q/NL2NxloNZ3uRNGmIE1sdPkRermTv4vE9dNrHbyDef
|
|
+xa1nMswm4yV1z2R+to2yqqZE2H1eZyaBr4rrLrfSroxAdl17lE3oUZvpb0o/F/Yg
|
|
+Wnu4mkV2T0/v8Z3Ep/3BiC29aYOu/Gcab6WKOvQ7qWMuD8U9AoHBAJslXJMsMZVc
|
|
+UIaxRbknRMEBRBJW6X6EPbV3zGa+R9e9XRSG7jYSOWB9Yb2AbwjsvF4Qq+8VQq+V
|
|
+Ksxs7XOuwR202oZFzQDMoVj1LL4Cn60rRWlI+p6Q5SB2DQVo2kulTv1NtvdVR+U0
|
|
+ABa0xp5TKi7+jTY/e3CJGiT69sZc7v2VXptoiGytlUl9GVr0SImD1ZJdaJSJCPZX
|
|
+S+cEzfF6LVnnhlaq4puuv/vKjumNWDymv3zwZOy9D8nn/tMHqLKWSg==
|
|
+-----END RSA PRIVATE KEY-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/private/CA.key b/bin/tests/system/nsupdate/CA/private/CA.key
|
|
new file mode 100644
|
|
index 0000000..2d5419d
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/private/CA.key
|
|
@@ -0,0 +1,39 @@
|
|
+-----BEGIN RSA PRIVATE KEY-----
|
|
+MIIG5AIBAAKCAYEAouoRHoAc6VCmxNTU6Ge7s+xDFGO0wXJJIsP+8nUyyjWvGCOC
|
|
+aQYLhb1kLA2NHRhSSKFcMh8jcd7Hlvy6CAec1j2dsWzryy3HgPrdjWaW3PfBO41D
|
|
+lUtdt8hA/p6pX2YwqvWbdK/3s8J0LY5xRZKNZnFOB/Sb4PGiIJ1NgMRO/M3IlPQm
|
|
+PO/faRRTU4SI26KCPKFW342826Zi88YwOd6w5mQU4fskk5TGtlNqE+Fj40ZbWVpy
|
|
+VXoEUS6RveRp020NX5CQG49SLtdF05AnnsATqmgNVCXptGuqW8uaHRONeGO3NBEy
|
|
+nJmibWBDUMjtCCcGVgyrVXuTkyAJJWpImnshUwgMNYebRwmC2iVv2LtsJS5eUTUH
|
|
+EWffnFl55XU2PkyNYgY35gA4y3SiWFJYV8+5FibU4ut0nb+lmHBF8WlqcU/kd3tp
|
|
+Gkf0exjqOIHZFqV9bIhpUbXhxx9v9+gkkGQ9nrXE1KRlvigxxUeIK5xHy9a7fVIL
|
|
+wo6WuCnLLJmbVkklAgMBAAECggGBAI5ZV3v/FUQIZK+4CBDKEwizeClotZgR9DWc
|
|
+bDgOj8KABe5hmKGL1qWVRuH3NUYm6j7sP1LMQnxM3LjhOuupOzE3xYIyWhW+eoQI
|
|
+r23OJiQNl5ohZNweblUXdTMGD5h8AipfUOY0m4tGbZ0gyXixBTxt5HCvG0UB3VgC
|
|
+GqZY4Wujo5ADhSXZsqxuRiDDvZGr/YBcuTu87Tg/ulam5ZyrKIcnC9gpSVxqsva9
|
|
+DAMy/cSoxUjd7ukhJISK3G3AF3fV4GSslQcJTlyJ2D3+LnqPuHJKYTI4hc46lN3x
|
|
+E2g24GdSCPYf6SoEPwACXtbavV8TXwQPJrHN+f+0/ePCI4jkYe5NoA3gwVgMb/WB
|
|
+wFchxzVh3V4e8tPGiG+ofKl81DSAW8VZCJLUIbTEce9oxafPT78WJxdC0wWbh5S8
|
|
+V/qN6sW/yWnK3oY9SilWhJGRwKOZ+8xtStaDeCzyCaOqEcWi8ZR0QfC33UozlhdC
|
|
+SrMKnOXmn/rUuXGrVR56IzIl0M7YAQKBwQDM3GJDdlFuHn6L0syKYdHDS8gXD9ke
|
|
+s+ochIP6jvkEPcayaEoZGl8s7RT3iztqXod7wLaZdotktxfDAZnJfeuOcVrCu+Bx
|
|
+HLytnBvV6czMfp3REGgQAJQeusSgtlBCTHHVOsDzIjdnkY3WBa7IiFYWO5wnYrGx
|
|
+r3ucnwnHaUVDMj1r4YI7mYIpCuYQl6eGyW7mhWewyhVwoQXKbifdrXxjvOigL0Cp
|
|
+tgsoU9pql3hpphOaYMX6hLOincTfaMxfnCECgcEAy5UXp3dA0OwK+4iDGKr+cUpk
|
|
+AtGTheiE+8zEVh2KYFLt921mW/QZiB1+xtnkknp3c7u07Ugk8jAEXzCkwMnN5ZCx
|
|
+LrJ72fC+cLIAbRm6/vMMP8iz83wyttao4qNMeoOBBfE9rEiP+lrugpv282V3ZHYa
|
|
+IUZWTeugJbckUHTbD3RZQExmQcRVG3m/TzonBfoZ8HoRj/n3d7V2T911cHUhi8Xn
|
|
+RQIi2m63VofOIep86LgartlKneMWnL0oOPq4RKyFAoHAZUzpDkD4nUJZAx025Yrf
|
|
+ZfoYNEcy7vq6XmWsuX5vZoiBs4DcezNOMvH9NzdTJxMdXbV61cIHxcK/7j7hZABv
|
|
+NZ2Z6sdqgaRbLGIQZaPaEJjfwxygyKDwnY1vY6UjZNVWSMFn3hJiYUVZZKakuiao
|
|
+ow/Q9KzZ/2ot7tG5zTCh/ktekfUOKBiNg2wPPc8wGPeMblMzZflXxrzpFyOHdRev
|
|
+dcZZJbSX/hO1yrhEPgculNd5xBHsdCegiF4JlwvEW9bhAoHAZQQiy5bx03j8bhkr
|
|
+q6bVQFPAUmG5iL16lxLg7TYVPnyH1bk0DDaQIKk6CeN+dmxML2IZgY/FvWK0GKOj
|
|
+bIH2J43nTRuFNvwtEvBQI9KbpfvlvRSSriOXaoATJvoObdAoylEM4BrVTk2mgapw
|
|
+HA/h8Thk+NPU6S8ctPouC7ogJIf/7Va7erC35j0//0kEqgOSsW9wnXdUItMo1LI3
|
|
+nsiQD7Hwcp5/utErKcWTM+MNfdA0dUQesT9ILhfyCGvn2TOdAoHBAKldZkDyRcu9
|
|
+r9uDF1bhUEnpV2k4hgvTuCvQ3rzyx3WrVT8ChEmePC8Ke5A54ffu/YdbpDLbdf2c
|
|
+j4n5CQhHbMIZs3P2hB3WqDCImApCfMbXaltfBbaT0j7uLJPMp+2+f/wWYpc3R+bn
|
|
+HVnaRI2PoXXmG9OjQSQdVZ5gNpkEuemAo3dJOSS6BMqQaSxUynGy7o/a/d4izBjd
|
|
+B58Fwq3sZI/Xv90Se9+b6ICST3YJ3p0vn8RKzmlCQjLg/xynpCByiw==
|
|
+-----END RSA PRIVATE KEY-----
|
|
diff --git a/bin/tests/system/nsupdate/CA/serial b/bin/tests/system/nsupdate/CA/serial
|
|
new file mode 100644
|
|
index 0000000..0a263a5
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/CA/serial
|
|
@@ -0,0 +1 @@
|
|
+70B9F4EB2FA1959C
|
|
diff --git a/bin/tests/system/nsupdate/dhparam3072.pem b/bin/tests/system/nsupdate/dhparam3072.pem
|
|
new file mode 100644
|
|
index 0000000..9c2e0aa
|
|
--- /dev/null
|
|
+++ b/bin/tests/system/nsupdate/dhparam3072.pem
|
|
@@ -0,0 +1,11 @@
|
|
+-----BEGIN DH PARAMETERS-----
|
|
+MIIBiAKCAYEA5D/Oioe+G+EMf/9RVxmcV4rZAtqZpVTFHcX0ZulvdiQGCQmopm6K
|
|
+3+0uoU2J6WVMjhna5nHD2NO9miRDI/jIxX9g9k6PedSB4o3fSTtkAnGtUbB8S+Ab
|
|
+EHtWfd7FTES8P1n16HN7BfPXVbP8zTcK+jO63KdQoxueYoETcrw0Myi9Lm8ri8os
|
|
+O4oQ+XAH7GzZ60bcYV9jge0XIRUGVnYZDjWMlnwMvZyjLivxKXTC9HPNA6FF1/0H
|
|
+0LPhsfjdoLNsVHFzfQz7QELMfHbTd0C8y0UMDQw9FqUp0esHZ5gsTlqnDHp2ZHoR
|
|
+JDfNl4yVO5Gv4HiFJ0NSdggefhESU3FRAOhMmUkctOCxk5hyPqGMsvofOajY2MBp
|
|
+eCffrKuAU6/dGUeq8inwrZlAMIZ20WyskHmbHnc4DXo2Uo6xSZo3xyEq1ofXXwTZ
|
|
+vPw4e12so3RJAT2a8UsHf7DG1tH+9ke7HCAJQWxUizRFRsMi1Nl/7ikS4f3zgIbX
|
|
+GKz9+uk5eS6jAgEC
|
|
+-----END DH PARAMETERS-----
|
|
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
|
|
index 2c1899f..aaf1d9c 100644
|
|
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
|
|
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
|
|
@@ -11,14 +11,48 @@
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
+tls tls-forward-secrecy {
|
|
+ protocols { TLSv1.2; };
|
|
+ ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
|
|
+ prefer-server-ciphers yes;
|
|
+ key-file "../CA/certs/srv01.crt01.example.nil.key";
|
|
+ cert-file "../CA/certs/srv01.crt01.example.nil.pem";
|
|
+ dhparam-file "../dhparam3072.pem";
|
|
+};
|
|
+
|
|
+tls tls-forward-secrecy-mutual-tls {
|
|
+ protocols { TLSv1.2; };
|
|
+ ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
|
|
+ prefer-server-ciphers yes;
|
|
+ key-file "../CA/certs/srv01.crt01.example.nil.key";
|
|
+ cert-file "../CA/certs/srv01.crt01.example.nil.pem";
|
|
+ dhparam-file "../dhparam3072.pem";
|
|
+ ca-file "../CA/CA.pem";
|
|
+};
|
|
+
|
|
+tls tls-expired {
|
|
+ protocols { TLSv1.2; };
|
|
+ ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
|
|
+ prefer-server-ciphers yes;
|
|
+ key-file "../CA/certs/srv01.crt02-expired.example.nil.key";
|
|
+ cert-file "../CA/certs/srv01.crt02-expired.example.nil.pem";
|
|
+ dhparam-file "../dhparam3072.pem";
|
|
+};
|
|
+
|
|
+
|
|
options {
|
|
query-source address 10.53.0.1;
|
|
notify-source 10.53.0.1;
|
|
transfer-source 10.53.0.1;
|
|
port @PORT@;
|
|
+ tls-port @TLSPORT@;
|
|
pid-file "named.pid";
|
|
session-keyfile "session.key";
|
|
listen-on { 10.53.0.1; 127.0.0.1; };
|
|
+ listen-on tls ephemeral { 10.53.0.1; };
|
|
+ listen-on port @EXTRAPORT1@ tls tls-forward-secrecy { 10.53.0.1; };
|
|
+ listen-on port @EXTRAPORT2@ tls tls-forward-secrecy-mutual-tls { 10.53.0.1; };
|
|
+ listen-on port @EXTRAPORT3@ tls tls-expired { 10.53.0.1; };
|
|
listen-on-v6 { none; };
|
|
recursion no;
|
|
notify yes;
|
|
diff --git a/bin/tests/system/nsupdate/ns10/named.conf.in b/bin/tests/system/nsupdate/ns10/named.conf.in
|
|
index 25ba141..51a0b4f 100644
|
|
--- a/bin/tests/system/nsupdate/ns10/named.conf.in
|
|
+++ b/bin/tests/system/nsupdate/ns10/named.conf.in
|
|
@@ -16,9 +16,11 @@ options {
|
|
notify-source 10.53.0.10;
|
|
transfer-source 10.53.0.10;
|
|
port @PORT@;
|
|
+ tls-port @TLSPORT@;
|
|
pid-file "named.pid";
|
|
session-keyfile "session.key";
|
|
listen-on { 10.53.0.10; };
|
|
+ listen-on tls ephemeral { 10.53.0.10; };
|
|
listen-on-v6 { none; };
|
|
recursion no;
|
|
notify yes;
|
|
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
|
|
index 916f45b..735b659 100755
|
|
--- a/bin/tests/system/nsupdate/tests.sh
|
|
+++ b/bin/tests/system/nsupdate/tests.sh
|
|
@@ -1145,7 +1145,182 @@ fi
|
|
|
|
n=$((n + 1))
|
|
ret=0
|
|
+echo_i "check DoT (opportunistic-tls) ($n)"
|
|
+$NSUPDATE -D -S -O -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 || ret=1
|
|
+server 10.53.0.1 ${TLSPORT}
|
|
+update add dot-non-auth-client-o.example.nil. 600 A 10.10.10.3
|
|
+send
|
|
+END
|
|
+sleep 2
|
|
+$DIG $DIGOPTS +short @10.53.0.1 dot-non-auth-client-o.example.nil >dig.out.test$n 2>&1 || ret=1
|
|
+grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 || ret=1
|
|
+if [ $ret -ne 0 ]; then
|
|
+ echo_i "failed"
|
|
+ status=1
|
|
+fi
|
|
+
|
|
+n=$((n + 1))
|
|
+ret=0
|
|
+echo_i "check DoT (strict-tls) with an implicit hostname (by IP address) ($n)"
|
|
+$NSUPDATE -D -S -A CA/CA.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 || ret=1
|
|
+server 10.53.0.1 ${EXTRAPORT1}
|
|
+update add dot-non-auth-client.example.nil. 600 A 10.10.10.3
|
|
+send
|
|
+END
|
|
+sleep 2
|
|
+$DIG $DIGOPTS +short @10.53.0.1 dot-non-auth-client.example.nil >dig.out.test$n 2>&1 || ret=1
|
|
+grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 || ret=1
|
|
+if [ $ret -ne 0 ]; then
|
|
+ echo_i "failed"
|
|
+ status=1
|
|
+fi
|
|
+
|
|
+n=$((n + 1))
|
|
+ret=0
|
|
+echo_i "check DoT (strict-tls) with an implicit hostname (by IP address) ($n)"
|
|
+$NSUPDATE -D -S -A CA/CA.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 || ret=1
|
|
+server 10.53.0.1 ${EXTRAPORT1}
|
|
+update add dot-fs.example.nil. 600 A 10.10.10.3
|
|
+send
|
|
+END
|
|
+sleep 2
|
|
+$DIG $DIGOPTS +short @10.53.0.1 dot-fs.example.nil >dig.out.test$n 2>&1 || ret=1
|
|
+grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 || ret=1
|
|
+if [ $ret -ne 0 ]; then
|
|
+ echo_i "failed"
|
|
+ status=1
|
|
+fi
|
|
+
|
|
+n=$((n + 1))
|
|
+ret=0
|
|
+echo_i "check DoT (strict-tls) with a correct hostname ($n)"
|
|
+$NSUPDATE -D -S -A CA/CA.pem -H srv01.crt01.example.nil -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 || ret=1
|
|
+server 10.53.0.1 ${EXTRAPORT1}
|
|
+update add dot-fs-h.example.nil. 600 A 10.10.10.3
|
|
+send
|
|
+END
|
|
+sleep 2
|
|
+$DIG $DIGOPTS +short @10.53.0.1 dot-fs-h.example.nil >dig.out.test$n 2>&1 || ret=1
|
|
+grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 || ret=1
|
|
+if [ $ret -ne 0 ]; then
|
|
+ echo_i "failed"
|
|
+ status=1
|
|
+fi
|
|
+
|
|
+n=$((n + 1))
|
|
+ret=0
|
|
+echo_i "check DoT (strict-tls) with an incorrect hostname (failure expected) ($n)"
|
|
+$NSUPDATE -D -S -A CA/CA.pem -H srv01.crt01.example.bad -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 && ret=1
|
|
+server 10.53.0.1 ${EXTRAPORT1}
|
|
+update add dot-fs-h-bad.example.nil. 600 A 10.10.10.3
|
|
+send
|
|
+END
|
|
+sleep 2
|
|
+$DIG $DIGOPTS +short @10.53.0.1 dot-fs-h-bad.example.nil >dig.out.test$n 2>&1 || ret=1
|
|
+grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 && ret=1
|
|
+if [ $ret -ne 0 ]; then
|
|
+ echo_i "failed"
|
|
+ status=1
|
|
+fi
|
|
+
|
|
+n=$((n + 1))
|
|
+ret=0
|
|
+echo_i "check DoT (strict-tls) with a wrong authority (failure expected) ($n)"
|
|
+$NSUPDATE -D -S -A CA/CA-other.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 && ret=1
|
|
+server 10.53.0.1 ${EXTRAPORT1}
|
|
+update add dot-fs-auth-bad.example.nil. 600 A 10.10.10.3
|
|
+send
|
|
+END
|
|
+sleep 2
|
|
+$DIG $DIGOPTS +short @10.53.0.1 dot-fs-auth-bad.example.nil >dig.out.test$n 2>&1 || ret=1
|
|
+grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 && ret=1
|
|
+if [ $ret -ne 0 ]; then
|
|
+ echo_i "failed"
|
|
+ status=1
|
|
+fi
|
|
+
|
|
+n=$((n + 1))
|
|
+ret=0
|
|
+echo_i "check DoT (mutual-tls) with a valid client certificate ($n)"
|
|
+$NSUPDATE -D -S -A CA/CA.pem -K CA/certs/srv01.client01.example.nil.key -E CA/certs/srv01.client01.example.nil.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 || ret=1
|
|
+server 10.53.0.1 ${EXTRAPORT2}
|
|
+update add dot-fsmt.example.nil. 600 A 10.10.10.3
|
|
+send
|
|
+END
|
|
+sleep 2
|
|
+$DIG $DIGOPTS +short @10.53.0.1 dot-fsmt.example.nil >dig.out.test$n 2>&1 || ret=1
|
|
+grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 || ret=1
|
|
+if [ $ret -ne 0 ]; then
|
|
+ echo_i "failed"
|
|
+ status=1
|
|
+fi
|
|
+
|
|
+n=$((n + 1))
|
|
+ret=0
|
|
+echo_i "check DoT (mutual-tls) with a valid client certificate but with an incorrect hostname (failure expected) ($n)"
|
|
+$NSUPDATE -D -S -A CA/CA.pem -K CA/certs/srv01.client01.example.nil.key -E CA/certs/srv01.client01.example.nil.pem -H srv01.crt01.example.bad -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 && ret=1
|
|
+server 10.53.0.1 ${EXTRAPORT2}
|
|
+update add dot-fsmt-h-bad.example.nil. 600 A 10.10.10.3
|
|
+send
|
|
+END
|
|
+sleep 2
|
|
+$DIG $DIGOPTS +short @10.53.0.1 dot-fsmt-h-bad.example.nil >dig.out.test$n 2>&1 || ret=1
|
|
+grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 && ret=1
|
|
+if [ $ret -ne 0 ]; then
|
|
+ echo_i "failed"
|
|
+ status=1
|
|
+fi
|
|
|
|
+n=$((n + 1))
|
|
+ret=0
|
|
+echo_i "check DoT (mutual-tls) with a valid client certificate but with a wrong authority (failure expected) ($n)"
|
|
+$NSUPDATE -D -S -A CA/CA-other.pem -K CA/certs/srv01.client01.example.nil.key -E CA/certs/client01.crt01.example.nil.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 && ret=1
|
|
+server 10.53.0.1 ${EXTRAPORT2}
|
|
+update add dot-fsmt-auth-bad.example.nil. 600 A 10.10.10.3
|
|
+send
|
|
+END
|
|
+sleep 2
|
|
+$DIG $DIGOPTS +short @10.53.0.1 dot-fsmt-auth-bad.example.nil >dig.out.test$n 2>&1 || ret=1
|
|
+grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 && ret=1
|
|
+if [ $ret -ne 0 ]; then
|
|
+ echo_i "failed"
|
|
+ status=1
|
|
+fi
|
|
+
|
|
+n=$((n + 1))
|
|
+ret=0
|
|
+echo_i "check DoT (mutual-tls) with an expired client certificate (failure expected) ($n)"
|
|
+$NSUPDATE -D -S -A CA/CA.pem -K CA/certs/srv01.client02-expired.example.nil.key -E CA/certs/srv01.client02-expired.example.nil.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 && ret=1
|
|
+server 10.53.0.1 ${EXTRAPORT2}
|
|
+update add dot-fsmt-exp-bad.example.nil. 600 A 10.10.10.3
|
|
+send
|
|
+END
|
|
+sleep 2
|
|
+$DIG $DIGOPTS +short @10.53.0.1 dot-fsmt-exp-bad.example.nil >dig.out.test$n 2>&1 || ret=1
|
|
+grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 && ret=1
|
|
+if [ $ret -ne 0 ]; then
|
|
+ echo_i "failed"
|
|
+ status=1
|
|
+fi
|
|
+
|
|
+n=$((n + 1))
|
|
+ret=0
|
|
+echo_i "check DoT (mutual-tls) with a valid client certificate and an expired server certificate (failure expected) ($n)"
|
|
+$NSUPDATE -D -S -A CA/CA.pem -K CA/certs/srv01.client01.example.nil.key -E CA/certs/srv01.client01.example.nil.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 && ret=1
|
|
+server 10.53.0.1 ${EXTRAPORT3}
|
|
+update add dot-fsmt-exp-bad.example.nil. 600 A 10.10.10.3
|
|
+send
|
|
+END
|
|
+sleep 2
|
|
+$DIG $DIGOPTS +short @10.53.0.1 dot-fsmt-exp-bad.example.nil >dig.out.test$n 2>&1 || ret=1
|
|
+grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 && ret=1
|
|
+if [ $ret -ne 0 ]; then
|
|
+ echo_i "failed"
|
|
+ status=1
|
|
+fi
|
|
+
|
|
+n=$((n + 1))
|
|
+ret=0
|
|
echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
|
|
if $FEATURETEST --md5; then
|
|
ALGS="md5 sha1 sha224 sha256 sha384 sha512"
|
|
@@ -1409,6 +1584,7 @@ send
|
|
END
|
|
t2=$($PERL -e 'print time()')
|
|
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n >/dev/null 2>&1 || ret=1
|
|
+grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
|
|
grep "not implemented" nsupdate.out.test$n >/dev/null 2>&1 && ret=1
|
|
elapsed=$((t2 - t1))
|
|
# Check that default timeout value is respected, there should be 4 tries with 3 seconds each.
|
|
@@ -2710,6 +2886,23 @@ EOF
|
|
status=1
|
|
}
|
|
|
|
+ n=$((n + 1))
|
|
+ ret=0
|
|
+ echo_i "check ms-selfsub match using DoT (opportunistic-tls) ($n)"
|
|
+ KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
|
|
+ export KRB5CCNAME
|
|
+ $NSUPDATE -d -S -O << EOF > nsupdate.out.test$n 2>&1 || ret=1
|
|
+ gsstsig
|
|
+ realm EXAMPLE.COM
|
|
+ server 10.53.0.10 ${TLSPORT}
|
|
+ zone example.com
|
|
+ update add dot.machine.example.com 3600 IN A 10.53.0.10
|
|
+ send
|
|
+EOF
|
|
+ $DIG $DIGOPTS +tcp @10.53.0.10 dot.machine.example.com A > dig.out.ns10.test$n
|
|
+ grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
|
|
+ grep "dot.machine.example.com..*A.*10.53.0.10" dig.out.ns10.test$n > /dev/null || ret=1
|
|
+ [ $ret = 0 ] || { echo_i "failed"; status=1; }
|
|
fi
|
|
|
|
echo_i "exit status: $status"
|
|
--
|
|
2.47.0
|
|
|