about summary refs log tree commit diff stats
path: root/tests/by-name/em/email-dns/nodes/acme/certs
diff options
context:
space:
mode:
Diffstat (limited to 'tests/by-name/em/email-dns/nodes/acme/certs')
-rwxr-xr-xtests/by-name/em/email-dns/nodes/acme/certs/generate66
-rwxr-xr-xtests/by-name/em/email-dns/nodes/acme/certs/generate.ca38
-rwxr-xr-xtests/by-name/em/email-dns/nodes/acme/certs/generate.client44
-rw-r--r--tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.cert.pem11
-rw-r--r--tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.key.pem25
-rw-r--r--tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.template5
-rw-r--r--tests/by-name/em/email-dns/nodes/acme/certs/output/ca.cert.pem10
-rw-r--r--tests/by-name/em/email-dns/nodes/acme/certs/output/ca.key.pem25
-rw-r--r--tests/by-name/em/email-dns/nodes/acme/certs/output/ca.template5
-rw-r--r--tests/by-name/em/email-dns/nodes/acme/certs/snakeoil-certs.nix13
10 files changed, 242 insertions, 0 deletions
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/generate b/tests/by-name/em/email-dns/nodes/acme/certs/generate
new file mode 100755
index 0000000..0d6258e
--- /dev/null
+++ b/tests/by-name/em/email-dns/nodes/acme/certs/generate
@@ -0,0 +1,66 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -p gnutls -p dash -i dash --impure
+# shellcheck shell=dash
+
+# For development and testing.
+# Create a CA key and cert, and use that to generate a server key and cert.
+# Creates:
+#   ca.key.pem
+#   ca.cert.pem
+#   server.key.pem
+#   server.cert.pem
+
+export SEC_PARAM=ultra
+export EXPIRATION_DAYS=123456
+export ORGANIZATION="Vhack.eu Test Keys"
+export COUNTRY=EU
+export SAN="acme.test"
+export KEY_TYPE="ed25519"
+
+BASEDIR="$(dirname "$0")"
+GENERATION_LOCATION="$BASEDIR/output"
+cd "$BASEDIR" || {
+    echo "(BUG?) No basedir ('$BASEDIR')" 1>&2
+    exit 1
+}
+
+ca=false
+clients=false
+
+usage() {
+    echo "Usage: $0 --ca|--clients"
+    exit 2
+}
+
+if [ "$#" -eq 0 ]; then
+    usage
+fi
+
+for arg in "$@"; do
+    case "$arg" in
+    "--ca")
+        ca=true
+        ;;
+    "--clients")
+        clients=true
+        ;;
+    *)
+        usage
+        ;;
+    esac
+done
+
+[ -d "$GENERATION_LOCATION" ] || mkdir --parents "$GENERATION_LOCATION"
+cd "$GENERATION_LOCATION" || echo "(BUG?) No generation location fould!" 1>&2
+
+[ "$ca" = true ] && ../generate.ca
+
+# Creates:
+#   <client_name>.key.pem
+#   <client_name>.cert.pem
+#
+[ "$clients" = true ] && ../generate.client "acme.test"
+
+echo "(INFO) Look for the keys at: $GENERATION_LOCATION"
+
+# vim: ft=sh
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/generate.ca b/tests/by-name/em/email-dns/nodes/acme/certs/generate.ca
new file mode 100755
index 0000000..92832c5
--- /dev/null
+++ b/tests/by-name/em/email-dns/nodes/acme/certs/generate.ca
@@ -0,0 +1,38 @@
+#! /usr/bin/env sh
+
+# Take the correct binary to create the certificates
+CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null)
+if [ -z "$CERTTOOL" ]; then
+    echo "ERROR: No certtool found" >&2
+    exit 1
+fi
+
+# Create a CA key.
+$CERTTOOL \
+    --generate-privkey \
+    --sec-param "$SEC_PARAM" \
+    --key-type "$KEY_TYPE" \
+    --outfile ca.key.pem
+
+chmod 600 ca.key.pem
+
+# Sign a CA cert.
+cat <<EOF >ca.template
+country = $COUNTRY
+dns_name = "$SAN"
+expiration_days = $EXPIRATION_DAYS
+organization = $ORGANIZATION
+ca
+EOF
+#state = $STATE
+#locality = $LOCALITY
+
+$CERTTOOL \
+    --generate-self-signed \
+    --load-privkey ca.key.pem \
+    --template ca.template \
+    --outfile ca.cert.pem
+
+chmod 600 ca.cert.pem
+
+# vim: ft=sh
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/generate.client b/tests/by-name/em/email-dns/nodes/acme/certs/generate.client
new file mode 100755
index 0000000..5930298
--- /dev/null
+++ b/tests/by-name/em/email-dns/nodes/acme/certs/generate.client
@@ -0,0 +1,44 @@
+#! /usr/bin/env sh
+
+# Take the correct binary to create the certificates
+CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null)
+if [ -z "$CERTTOOL" ]; then
+    echo "ERROR: No certtool found" >&2
+    exit 1
+fi
+
+NAME=client
+if [ $# -gt 0 ]; then
+    NAME="$1"
+fi
+
+# Create a client key.
+$CERTTOOL \
+    --generate-privkey \
+    --sec-param "$SEC_PARAM" \
+    --key-type "$KEY_TYPE" \
+    --outfile "$NAME".key.pem
+
+chmod 600 "$NAME".key.pem
+
+# Sign a client cert with the key.
+cat <<EOF >"$NAME".template
+dns_name = "$NAME"
+dns_name = "$SAN"
+expiration_days = $EXPIRATION_DAYS
+organization = $ORGANIZATION
+encryption_key
+signing_key
+EOF
+
+$CERTTOOL \
+    --generate-certificate \
+    --load-privkey "$NAME".key.pem \
+    --load-ca-certificate ca.cert.pem \
+    --load-ca-privkey ca.key.pem \
+    --template "$NAME".template \
+    --outfile "$NAME".cert.pem
+
+chmod 600 "$NAME".cert.pem
+
+# vim: ft=sh
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.cert.pem b/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.cert.pem
new file mode 100644
index 0000000..687101d
--- /dev/null
+++ b/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.cert.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBjTCCAT+gAwIBAgIUfiDKld3eiPKuFhsaiHpPNmbMJU8wBQYDK2VwMCoxCzAJ
+BgNVBAYTAkVVMRswGQYDVQQKExJWaGFjay5ldSBUZXN0IEtleXMwIBcNMjUwMzAx
+MTEyNjU2WhgPMjM2MzAzMDYxMTI2NTZaMB0xGzAZBgNVBAoTElZoYWNrLmV1IFRl
+c3QgS2V5czAqMAUGAytlcAMhAHYq2cjrfrlslWxvcKjs2cD7THbpmtq+jf/dlrKW
+UEo8o4GBMH8wDAYDVR0TAQH/BAIwADAfBgNVHREEGDAWgglhY21lLnRlc3SCCWFj
+bWUudGVzdDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFN/1UyS0jnC3LoryMIL2
+/6cdsYBBMB8GA1UdIwQYMBaAFLUZcL/zguHlulHg5GYyYhXmVt/6MAUGAytlcANB
+ALz3u7lBreHeVZ0YXrwK3SDwlhWIH/SeUQwbxQlarzR47qu3cwQQ93Y1xjtOdu+h
+hOM/ig3nLGVOT6qL8IsZrQk=
+-----END CERTIFICATE-----
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.key.pem b/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.key.pem
new file mode 100644
index 0000000..06195b8
--- /dev/null
+++ b/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.key.pem
@@ -0,0 +1,25 @@
+Public Key Info:
+	Public Key Algorithm: EdDSA (Ed25519)
+	Key Security Level: High (256 bits)
+
+curve:	Ed25519
+private key:
+	9d:25:38:89:f2:37:d7:65:41:f5:24:ba:4c:19:fb:0f
+	86:c8:a3:cf:f7:08:57:69:cc:64:cf:55:2d:8e:99:3e
+	
+
+x:
+	76:2a:d9:c8:eb:7e:b9:6c:95:6c:6f:70:a8:ec:d9:c0
+	fb:4c:76:e9:9a:da:be:8d:ff:dd:96:b2:96:50:4a:3c
+	
+
+
+Public Key PIN:
+	pin-sha256:NPwZitkDv4isUmdiicSsM1t1OtYoxqhdvBUnqSc4bFQ=
+Public Key ID:
+	sha256:34fc198ad903bf88ac52676289c4ac335b753ad628c6a85dbc1527a927386c54
+	sha1:dff55324b48e70b72e8af23082f6ffa71db18041
+
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIJ0lOInyN9dlQfUkukwZ+w+GyKPP9whXacxkz1Utjpk+
+-----END PRIVATE KEY-----
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.template b/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.template
new file mode 100644
index 0000000..320a170
--- /dev/null
+++ b/tests/by-name/em/email-dns/nodes/acme/certs/output/acme.test.template
@@ -0,0 +1,5 @@
+dns_name = "acme.test"
+dns_name = "acme.test"
+expiration_days = 123456
+organization = Vhack.eu Test Keys
+encryption_key
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.cert.pem b/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.cert.pem
new file mode 100644
index 0000000..0fa9d14
--- /dev/null
+++ b/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.cert.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBYDCCARKgAwIBAgIUdhVVcf+NgElqGuutU55FUDBtFVMwBQYDK2VwMCoxCzAJ
+BgNVBAYTAkVVMRswGQYDVQQKExJWaGFjay5ldSBUZXN0IEtleXMwIBcNMjUwMzAx
+MTEyNjU2WhgPMjM2MzAzMDYxMTI2NTZaMCoxCzAJBgNVBAYTAkVVMRswGQYDVQQK
+ExJWaGFjay5ldSBUZXN0IEtleXMwKjAFBgMrZXADIQCkO1LhHINvJjt41JD6UEc4
+ZKKUubB8lKPxSOyTkFBOgqNIMEYwDwYDVR0TAQH/BAUwAwEB/zAUBgNVHREEDTAL
+gglhY21lLnRlc3QwHQYDVR0OBBYEFLUZcL/zguHlulHg5GYyYhXmVt/6MAUGAytl
+cANBAFMFFy5tjuQtp5GVEN6qM50L4lteQuxfhlQqmOOfl06HV6153wJnrlKaTOYO
+t0dKlSqKROMYUYeU39xDp07MLAc=
+-----END CERTIFICATE-----
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.key.pem b/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.key.pem
new file mode 100644
index 0000000..64263bc
--- /dev/null
+++ b/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.key.pem
@@ -0,0 +1,25 @@
+Public Key Info:
+	Public Key Algorithm: EdDSA (Ed25519)
+	Key Security Level: High (256 bits)
+
+curve:	Ed25519
+private key:
+	82:0d:fc:f0:d6:82:89:63:e5:bc:23:78:ba:98:38:83
+	09:2d:e0:78:4c:53:92:e3:db:5b:2f:e4:39:ce:96:3d
+	
+
+x:
+	a4:3b:52:e1:1c:83:6f:26:3b:78:d4:90:fa:50:47:38
+	64:a2:94:b9:b0:7c:94:a3:f1:48:ec:93:90:50:4e:82
+	
+
+
+Public Key PIN:
+	pin-sha256:jpzYZMOHDPCeSXxfL+YUXgSPcbO9MAs8foGMP5CJiD8=
+Public Key ID:
+	sha256:8e9cd864c3870cf09e497c5f2fe6145e048f71b3bd300b3c7e818c3f9089883f
+	sha1:b51970bff382e1e5ba51e0e466326215e656dffa
+
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIIIN/PDWgolj5bwjeLqYOIMJLeB4TFOS49tbL+Q5zpY9
+-----END PRIVATE KEY-----
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.template b/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.template
new file mode 100644
index 0000000..a2295d8
--- /dev/null
+++ b/tests/by-name/em/email-dns/nodes/acme/certs/output/ca.template
@@ -0,0 +1,5 @@
+country = EU
+dns_name = "acme.test"
+expiration_days = 123456
+organization = Vhack.eu Test Keys
+ca
diff --git a/tests/by-name/em/email-dns/nodes/acme/certs/snakeoil-certs.nix b/tests/by-name/em/email-dns/nodes/acme/certs/snakeoil-certs.nix
new file mode 100644
index 0000000..aeb6dfc
--- /dev/null
+++ b/tests/by-name/em/email-dns/nodes/acme/certs/snakeoil-certs.nix
@@ -0,0 +1,13 @@
+let
+  domain = "acme.test";
+in {
+  inherit domain;
+  ca = {
+    cert = ./output/ca.cert.pem;
+    key = ./output/ca.key.pem;
+  };
+  "${domain}" = {
+    cert = ./output/. + "/${domain}.cert.pem";
+    key = ./output/. + "/${domain}.key.pem";
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-03-13 02:58:15 +0000