From fddacf7bce1de841a9fc83ce0035d85abd4f4ccd Mon Sep 17 00:00:00 2001 From: Guang Yee Date: Mon, 5 Nov 2012 12:22:29 -0800 Subject: bug 1069945: generate certs for the tests in one place and doc how to install signing certificate from an external CA Change-Id: I92feb8eaeea617211ee7132480ac7a63bf0a1bf1 --- examples/pki/certs/cacert.pem | 18 +++ examples/pki/certs/middleware.pem | 33 +++++ examples/pki/certs/signing_cert.pem | 17 +++ examples/pki/certs/ssl_cert.pem | 17 +++ examples/pki/cms/auth_token_revoked.json | 1 + examples/pki/cms/auth_token_revoked.pem | 42 ++++++ examples/pki/cms/auth_token_scoped.json | 1 + examples/pki/cms/auth_token_scoped.pem | 41 ++++++ examples/pki/cms/auth_token_unscoped.json | 1 + examples/pki/cms/auth_token_unscoped.pem | 17 +++ examples/pki/cms/revocation_list.json | 1 + examples/pki/cms/revocation_list.pem | 12 ++ examples/pki/gen_pki.sh | 222 ++++++++++++++++++++++++++++++ examples/pki/private/cakey.pem | 16 +++ examples/pki/private/signing_key.pem | 16 +++ examples/pki/private/ssl_key.pem | 16 +++ examples/ssl/certs/ca.pem | 18 --- examples/ssl/certs/keystone.pem | 17 --- examples/ssl/certs/middleware.pem | 33 ----- examples/ssl/gen_pki.sh | 179 ------------------------ examples/ssl/private/cakey.pem | 16 --- examples/ssl/private/keystonekey.pem | 16 --- 22 files changed, 471 insertions(+), 279 deletions(-) create mode 100644 examples/pki/certs/cacert.pem create mode 100644 examples/pki/certs/middleware.pem create mode 100644 examples/pki/certs/signing_cert.pem create mode 100644 examples/pki/certs/ssl_cert.pem create mode 100644 examples/pki/cms/auth_token_revoked.json create mode 100644 examples/pki/cms/auth_token_revoked.pem create mode 100644 examples/pki/cms/auth_token_scoped.json create mode 100644 examples/pki/cms/auth_token_scoped.pem create mode 100644 examples/pki/cms/auth_token_unscoped.json create mode 100644 examples/pki/cms/auth_token_unscoped.pem create mode 100644 examples/pki/cms/revocation_list.json create mode 100644 examples/pki/cms/revocation_list.pem create mode 100755 examples/pki/gen_pki.sh create mode 100644 examples/pki/private/cakey.pem create mode 100644 examples/pki/private/signing_key.pem create mode 100644 examples/pki/private/ssl_key.pem delete mode 100644 examples/ssl/certs/ca.pem delete mode 100644 examples/ssl/certs/keystone.pem delete mode 100644 examples/ssl/certs/middleware.pem delete mode 100755 examples/ssl/gen_pki.sh delete mode 100644 examples/ssl/private/cakey.pem delete mode 100644 examples/ssl/private/keystonekey.pem (limited to 'examples') diff --git a/examples/pki/certs/cacert.pem b/examples/pki/certs/cacert.pem new file mode 100644 index 00000000..a0d98c6e --- /dev/null +++ b/examples/pki/certs/cacert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0TCCAjqgAwIBAgIJANsHKV73HYOwMA0GCSqGSIb3DQEBBQUAMIGeMQowCAYD +VQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55 +dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMG +CSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2Vs +ZiBTaWduZWQwIBcNMTIxMTA1MTgxODI0WhgPMjA3MTA0MzAxODE4MjRaMIGeMQow +CAYDVQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1 +bm55dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTEl +MCMGCSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxML +U2VsZiBTaWduZWQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALzI17ExCaqd +r7xY2Q5CBZ1bW1lsrXxS8eNJRdQtskDuQVAluY03/OGZd8HQYiiY/ci2tYy7BNIC +bh5GaO95eqTDykJR3liOYE/tHbY6puQlj2ZivmhlSd2d5d7lF0/H28RQsLu9VktM +uw6q9DpDm35jfrr8LgSeA3MdVqcS/4OhAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEFBQADgYEAjSQND7i1dNZtLKpWgX+JqMr3BdVlM15mFeVr +C26ZspZjZVY5okdozO9gU3xcwRe4Cg30sKFOe6EBQKpkTZucFOXwBtD3h6dWJrdD +c+m/CL/rs0GatDavbaIT2vv405SQUQooCdVh72LYel+4/a6xmRd7fQx3iEXN9QYj +vmHJUcA= +-----END CERTIFICATE----- diff --git a/examples/pki/certs/middleware.pem b/examples/pki/certs/middleware.pem new file mode 100644 index 00000000..86095248 --- /dev/null +++ b/examples/pki/certs/middleware.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIICoTCCAgoCARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV +BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK +EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr +ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x +MjExMDUxODE4MjRaGA8yMDcxMDQzMDE4MTgyNFowgZAxCzAJBgNVBAYTAlVTMQsw +CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh +Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv +cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBANRG3ZkIJ+NaY9smirkZ+Lzf1Ka18xOvc2kizemUMeAchs9h +lP0Kpm8EBHal1vgzSuXncP8gyQ6nMZUw5NhFMZ1kLSfzoB/hCyTlIp/4VZbCAtn4 +3zlTUSgQQMH+6I4k4sZDOiIAE7yvzEMa71RkqBzduuFoeuhBm5oqmRa8kac5AgMB +AAEwDQYJKoZIhvcNAQEFBQADgYEAJLnmyYiBDNdykLeh3+HXCOExUt49/OzomB6c +6NWq3j7efYBfh6zCgyowx/v0hEVcxYBunTfXgOGunjx0u5X13PuLRO7Qxv6Crdy6 +st0mZ0itCsp58uGz5n+ZVhG//NiweTKw9M12Mejs0L/JGtf5gPBCFkVvrl8ffwRG +060Ep/k= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANRG3ZkIJ+NaY9sm +irkZ+Lzf1Ka18xOvc2kizemUMeAchs9hlP0Kpm8EBHal1vgzSuXncP8gyQ6nMZUw +5NhFMZ1kLSfzoB/hCyTlIp/4VZbCAtn43zlTUSgQQMH+6I4k4sZDOiIAE7yvzEMa +71RkqBzduuFoeuhBm5oqmRa8kac5AgMBAAECgYBngOI94tcoKQO1cJaFaJ964Jyc +aO1L9OmOIvVJ5gNnpiEpbwgpVY8PZGMUwwoNXV0wumfDTmYaafVoLD35IcvtcS3D +Tmsm+zC3ZQYzbQrIkQrtXE+y4bMwtscOTd61YDFQE++0omg3qckVu8IYSdFtTb9D +SjSsWMnYoDmGrBqCHQJBAP2jq2I5fMPSR3LY5FdejwhyUcqs6AKyJD0BDJzIhdV6 +d0InWWss/atR4sMnOX7WKIo1m4+X+0+T2F69kj9hge8CQQDWQKTvbvlDugiziwNc +FRl+yC7YTJ34toRFI4xbszKL3vgk4KDgfSQeoPp9KeHXmjgTfXIOwSVI83QBoL1d +LHFXAkEAglD9VVJEEDiSDSfy6hDjXGugKon8CqaMh+tqF4PPf4eUjqC5CJ/tFYDV +CX+1wr01xw0UCAsGTDSiDstHwNjQcQJAAkF3+xVeBnqE8O77wBJwzEbrR1e3KhEx +31B6f9SpKZPVZP4Ac5ydrrzfJkY0nIKBKKNfegxKijQV+pZop/x5zQJASGTmKcW2 +WKj4P8PiolVlWH2ZTARSschff5wDV6nBneb5zWNgpPORrSRPl9yrYrgqk4vvjLh5 +rUiR/G65ZjmbnA== +-----END PRIVATE KEY----- diff --git a/examples/pki/certs/signing_cert.pem b/examples/pki/certs/signing_cert.pem new file mode 100644 index 00000000..a6656490 --- /dev/null +++ b/examples/pki/certs/signing_cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICoDCCAgkCAREwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV +BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK +EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr +ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x +MjExMDUxODE4MjRaGA8yMDcxMDQzMDE4MTgyNFowgY8xCzAJBgNVBAYTAlVTMQsw +CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh +Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv +cGVuc3RhY2sub3JnMREwDwYDVQQDEwhLZXlzdG9uZTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA0GemENJ+fs5OaT8k4uA7ETRDA/oX/tUKCVAfxfYveHAdQqEK +DcUbthdXTnhkBnv0OZIpxBPxwREZSZK2I/hekPrBILZ4USzozFCgudXA43QMkBlc +uQ+VOI2/q5H4z2knxaexsBjPeIX7D9NowtTYFlOgSqCix8xWIcNW1x1En1cCAwEA +ATANBgkqhkiG9w0BAQUFAAOBgQA/EpklfmPBW7rEoxvocRDk63gDvQ1HxhQItQDF +9ALWdSwLtL8c3/TQzGgoKZ8+a+p7RnNEsmzNOWHTaWHL91GcRrAEhXwBtu4G/dLu +sXguhHj9UfT+6ivFbvDF2JK9rPpKhSqTVWVnkY5JQKinDX1wFRHLQB/SVHysT+zt +nkZ7wg== +-----END CERTIFICATE----- diff --git a/examples/pki/certs/ssl_cert.pem b/examples/pki/certs/ssl_cert.pem new file mode 100644 index 00000000..4a415ebc --- /dev/null +++ b/examples/pki/certs/ssl_cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICoTCCAgoCARAwDQYJKoZIhvcNAQEFBQAwgZ4xCjAIBgNVBAUTATUxCzAJBgNV +BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQK +EwlPcGVuU3RhY2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZr +ZXlzdG9uZUBvcGVuc3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZDAgFw0x +MjExMDUxODE4MjRaGA8yMDcxMDQzMDE4MTgyNFowgZAxCzAJBgNVBAYTAlVTMQsw +CQYDVQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3Rh +Y2sxETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBv +cGVuc3RhY2sub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEB +BQADgY0AMIGJAoGBANRG3ZkIJ+NaY9smirkZ+Lzf1Ka18xOvc2kizemUMeAchs9h +lP0Kpm8EBHal1vgzSuXncP8gyQ6nMZUw5NhFMZ1kLSfzoB/hCyTlIp/4VZbCAtn4 +3zlTUSgQQMH+6I4k4sZDOiIAE7yvzEMa71RkqBzduuFoeuhBm5oqmRa8kac5AgMB +AAEwDQYJKoZIhvcNAQEFBQADgYEAJLnmyYiBDNdykLeh3+HXCOExUt49/OzomB6c +6NWq3j7efYBfh6zCgyowx/v0hEVcxYBunTfXgOGunjx0u5X13PuLRO7Qxv6Crdy6 +st0mZ0itCsp58uGz5n+ZVhG//NiweTKw9M12Mejs0L/JGtf5gPBCFkVvrl8ffwRG +060Ep/k= +-----END CERTIFICATE----- diff --git a/examples/pki/cms/auth_token_revoked.json b/examples/pki/cms/auth_token_revoked.json new file mode 100644 index 00000000..92c6922c --- /dev/null +++ b/examples/pki/cms/auth_token_revoked.json @@ -0,0 +1 @@ +{"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2012-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "revoked_username1", "roles_links": ["role1","role2"], "id": "revoked_user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "revoked_username1"}}} diff --git a/examples/pki/cms/auth_token_revoked.pem b/examples/pki/cms/auth_token_revoked.pem new file mode 100644 index 00000000..842ff9bc --- /dev/null +++ b/examples/pki/cms/auth_token_revoked.pem @@ -0,0 +1,42 @@ +-----BEGIN CMS----- +MIIHVgYJKoZIhvcNAQcCoIIHRzCCB0MCAQExCTAHBgUrDgMCGjCCBeQGCSqGSIb3 +DQEHAaCCBdUEggXReyJhY2Nlc3MiOiB7InNlcnZpY2VDYXRhbG9nIjogW3siZW5k +cG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx +LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInJlZ2lvbiI6ICJy +ZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2 +L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInB1YmxpY1VS +TCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzYvdjEvNjRiNmYzZmJjYzUzNDM1ZThh +NjBmY2Y4OWJiNjYxN2EifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUi +OiAidm9sdW1lIiwgIm5hbWUiOiAidm9sdW1lIn0sIHsiZW5kcG9pbnRzIjogW3si +YWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3YxIiwgInJlZ2lvbiI6 +ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5 +MjkyL3YxIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjkyOTIvdjEi +fV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiaW1hZ2UiLCAibmFt +ZSI6ICJnbGFuY2UifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRw +Oi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5 +YmI2NjE3YSIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjog +Imh0dHA6Ly8xMjcuMC4wLjE6ODc3NC92MS4xLzY0YjZmM2ZiY2M1MzQzNWU4YTYw +ZmNmODliYjY2MTdhIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3 +NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSJ9XSwgImVu +ZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJjb21wdXRlIiwgIm5hbWUiOiAi +bm92YSJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMjcu +MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy +bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV +UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf +bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u +ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMi0wNi0wMlQxNDo0NzozNFoi +LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1 +ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg +ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJyZXZv +a2VkX3VzZXJuYW1lMSIsICJyb2xlc19saW5rcyI6IFsicm9sZTEiLCJyb2xlMiJd +LCAiaWQiOiAicmV2b2tlZF91c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAi +cm9sZTEifSwgeyJuYW1lIjogInJvbGUyIn1dLCAibmFtZSI6ICJyZXZva2VkX3Vz +ZXJuYW1lMSJ9fX0NCjGCAUkwggFFAgEBMIGkMIGeMQowCAYDVQQFEwE1MQswCQYD +VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55dmFsZTESMBAGA1UE +ChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMGCSqGSIb3DQEJARYW +a2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2VsZiBTaWduZWQCAREw +BwYFKw4DAhowDQYJKoZIhvcNAQEBBQAEgYDMKg2xebd6Ua2gxnNZBIHtDsRmfsGK +tfD8k03XWWDnjrKqKtYC1BKFJAhYCGgVH8a+jhM4ye8BjUZ7F42AYdnI2CrdvDGX +ULTe3iAW4WFrhvWB8KP2lllitY3fpbj+GyDwLqcMFALlWzYVioCzN00+MeCG8pUB +vdK6NKiV9sCZjg== +-----END CMS----- diff --git a/examples/pki/cms/auth_token_scoped.json b/examples/pki/cms/auth_token_scoped.json new file mode 100644 index 00000000..16eb644f --- /dev/null +++ b/examples/pki/cms/auth_token_scoped.json @@ -0,0 +1 @@ +{"access": {"serviceCatalog": [{"endpoints": [{"adminURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8776/v1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "volume", "name": "volume"}, {"endpoints": [{"adminURL": "http://127.0.0.1:9292/v1", "region": "regionOne", "internalURL": "http://127.0.0.1:9292/v1", "publicURL": "http://127.0.0.1:9292/v1"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "region": "regionOne", "internalURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a", "publicURL": "http://127.0.0.1:8774/v1.1/64b6f3fbcc53435e8a60fcf89bb6617a"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://127.0.0.1:35357/v2.0", "region": "RegionOne", "internalURL": "http://127.0.0.1:35357/v2.0", "publicURL": "http://127.0.0.1:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}],"token": {"expires": "2012-06-02T14:47:34Z", "id": "placeholder", "tenant": {"enabled": true, "description": null, "name": "tenant_name1", "id": "tenant_id1"}}, "user": {"username": "user_name1", "roles_links": ["role1","role2"], "id": "user_id1", "roles": [{"name": "role1"}, {"name": "role2"}], "name": "user_name1"}}} diff --git a/examples/pki/cms/auth_token_scoped.pem b/examples/pki/cms/auth_token_scoped.pem new file mode 100644 index 00000000..cc0da169 --- /dev/null +++ b/examples/pki/cms/auth_token_scoped.pem @@ -0,0 +1,41 @@ +-----BEGIN CMS----- +MIIHQAYJKoZIhvcNAQcCoIIHMTCCBy0CAQExCTAHBgUrDgMCGjCCBc4GCSqGSIb3 +DQEHAaCCBb8EggW7eyJhY2Nlc3MiOiB7InNlcnZpY2VDYXRhbG9nIjogW3siZW5k +cG9pbnRzIjogW3siYWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2L3Yx +LzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInJlZ2lvbiI6ICJy +ZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo4Nzc2 +L3YxLzY0YjZmM2ZiY2M1MzQzNWU4YTYwZmNmODliYjY2MTdhIiwgInB1YmxpY1VS +TCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3NzYvdjEvNjRiNmYzZmJjYzUzNDM1ZThh +NjBmY2Y4OWJiNjYxN2EifV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUi +OiAidm9sdW1lIiwgIm5hbWUiOiAidm9sdW1lIn0sIHsiZW5kcG9pbnRzIjogW3si +YWRtaW5VUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5MjkyL3YxIiwgInJlZ2lvbiI6 +ICJyZWdpb25PbmUiLCAiaW50ZXJuYWxVUkwiOiAiaHR0cDovLzEyNy4wLjAuMTo5 +MjkyL3YxIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjkyOTIvdjEi +fV0sICJlbmRwb2ludHNfbGlua3MiOiBbXSwgInR5cGUiOiAiaW1hZ2UiLCAibmFt +ZSI6ICJnbGFuY2UifSwgeyJlbmRwb2ludHMiOiBbeyJhZG1pblVSTCI6ICJodHRw +Oi8vMTI3LjAuMC4xOjg3NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5 +YmI2NjE3YSIsICJyZWdpb24iOiAicmVnaW9uT25lIiwgImludGVybmFsVVJMIjog +Imh0dHA6Ly8xMjcuMC4wLjE6ODc3NC92MS4xLzY0YjZmM2ZiY2M1MzQzNWU4YTYw +ZmNmODliYjY2MTdhIiwgInB1YmxpY1VSTCI6ICJodHRwOi8vMTI3LjAuMC4xOjg3 +NzQvdjEuMS82NGI2ZjNmYmNjNTM0MzVlOGE2MGZjZjg5YmI2NjE3YSJ9XSwgImVu +ZHBvaW50c19saW5rcyI6IFtdLCAidHlwZSI6ICJjb21wdXRlIiwgIm5hbWUiOiAi +bm92YSJ9LCB7ImVuZHBvaW50cyI6IFt7ImFkbWluVVJMIjogImh0dHA6Ly8xMjcu +MC4wLjE6MzUzNTcvdjIuMCIsICJyZWdpb24iOiAiUmVnaW9uT25lIiwgImludGVy +bmFsVVJMIjogImh0dHA6Ly8xMjcuMC4wLjE6MzUzNTcvdjIuMCIsICJwdWJsaWNV +UkwiOiAiaHR0cDovLzEyNy4wLjAuMTo1MDAwL3YyLjAifV0sICJlbmRwb2ludHNf +bGlua3MiOiBbXSwgInR5cGUiOiAiaWRlbnRpdHkiLCAibmFtZSI6ICJrZXlzdG9u +ZSJ9XSwidG9rZW4iOiB7ImV4cGlyZXMiOiAiMjAxMi0wNi0wMlQxNDo0NzozNFoi +LCAiaWQiOiAicGxhY2Vob2xkZXIiLCAidGVuYW50IjogeyJlbmFibGVkIjogdHJ1 +ZSwgImRlc2NyaXB0aW9uIjogbnVsbCwgIm5hbWUiOiAidGVuYW50X25hbWUxIiwg +ImlkIjogInRlbmFudF9pZDEifX0sICJ1c2VyIjogeyJ1c2VybmFtZSI6ICJ1c2Vy +X25hbWUxIiwgInJvbGVzX2xpbmtzIjogWyJyb2xlMSIsInJvbGUyIl0sICJpZCI6 +ICJ1c2VyX2lkMSIsICJyb2xlcyI6IFt7Im5hbWUiOiAicm9sZTEifSwgeyJuYW1l +IjogInJvbGUyIn1dLCAibmFtZSI6ICJ1c2VyX25hbWUxIn19fQ0KMYIBSTCCAUUC +AQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTES +MBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sxETAPBgNVBAsT +CEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVuc3RhY2sub3Jn +MRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkqhkiG9w0BAQEF +AASBgEWUF++cnK20YBvO8kcIsVkCsg3M+oVAHGleCQZr8ho2yvgQ06hlPYl95Ih6 ++wIHsUlO1EUxCmNBAdydGDzuonWvkHMN/KMv/PW4EbiuawpvqYYLxqRg3ADjIMNl +fxcgEbY34WAe3dYs2IAGiN70jFbqTr3ltxWHRTeeAqeltio9 +-----END CMS----- diff --git a/examples/pki/cms/auth_token_unscoped.json b/examples/pki/cms/auth_token_unscoped.json new file mode 100644 index 00000000..b2340a76 --- /dev/null +++ b/examples/pki/cms/auth_token_unscoped.json @@ -0,0 +1 @@ +{"access": {"token": {"expires": "2012-08-17T15:35:34Z", "id": "01e032c996ef4406b144335915a41e79"}, "serviceCatalog": {}, "user": {"username": "user_name1", "roles_links": [], "id": "c9c89e3be3ee453fbf00c7966f6d3fbd", "roles": [{'name': 'role1'},{'name': 'role2'},], "name": "user_name1"}}} \ No newline at end of file diff --git a/examples/pki/cms/auth_token_unscoped.pem b/examples/pki/cms/auth_token_unscoped.pem new file mode 100644 index 00000000..4b073e98 --- /dev/null +++ b/examples/pki/cms/auth_token_unscoped.pem @@ -0,0 +1,17 @@ +-----BEGIN CMS----- +MIICpwYJKoZIhvcNAQcCoIICmDCCApQCAQExCTAHBgUrDgMCGjCCATUGCSqGSIb3 +DQEHAaCCASYEggEieyJhY2Nlc3MiOiB7InRva2VuIjogeyJleHBpcmVzIjogIjIw +MTItMDgtMTdUMTU6MzU6MzRaIiwgImlkIjogIjAxZTAzMmM5OTZlZjQ0MDZiMTQ0 +MzM1OTE1YTQxZTc5In0sICJzZXJ2aWNlQ2F0YWxvZyI6IHt9LCAidXNlciI6IHsi +dXNlcm5hbWUiOiAidXNlcl9uYW1lMSIsICJyb2xlc19saW5rcyI6IFtdLCAiaWQi +OiAiYzljODllM2JlM2VlNDUzZmJmMDBjNzk2NmY2ZDNmYmQiLCAicm9sZXMiOiBb +eyduYW1lJzogJ3JvbGUxJ30seyduYW1lJzogJ3JvbGUyJ30sXSwgIm5hbWUiOiAi +dXNlcl9uYW1lMSJ9fX0xggFJMIIBRQIBATCBpDCBnjEKMAgGA1UEBRMBNTELMAkG +A1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNV +BAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEW +FmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVkAgER +MAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIGAvJ19wdrQi3umLzaUAt1Ju9Vrr0m9 +vvMEACRBGSiJB8J3R0VaSOqMb6QQYUhddrcaBX70roTA0W0fwU5vNShcTC/zvHSH +uj8FpotvJLj0YiVzzhpYzKXN6vqBIryhKm5SE6MXBmRULuyPSpIGgLCYlAIaOwdD +5s96C9aQukos8sU= +-----END CMS----- diff --git a/examples/pki/cms/revocation_list.json b/examples/pki/cms/revocation_list.json new file mode 100644 index 00000000..c3401b0f --- /dev/null +++ b/examples/pki/cms/revocation_list.json @@ -0,0 +1 @@ +{"revoked":[{"id":"7acfcfdaf6a14aebe97c61c5947bc4d3","expires":"2012-08-14T17:58:48Z"}]} diff --git a/examples/pki/cms/revocation_list.pem b/examples/pki/cms/revocation_list.pem new file mode 100644 index 00000000..a69278f9 --- /dev/null +++ b/examples/pki/cms/revocation_list.pem @@ -0,0 +1,12 @@ +-----BEGIN CMS----- +MIIB2QYJKoZIhvcNAQcCoIIByjCCAcYCAQExCTAHBgUrDgMCGjBpBgkqhkiG9w0B +BwGgXARaeyJyZXZva2VkIjpbeyJpZCI6IjdhY2ZjZmRhZjZhMTRhZWJlOTdjNjFj +NTk0N2JjNGQzIiwiZXhwaXJlcyI6IjIwMTItMDgtMTRUMTc6NTg6NDhaIn1dfQ0K +MYIBSTCCAUUCAQEwgaQwgZ4xCjAIBgNVBAUTATUxCzAJBgNVBAYTAlVTMQswCQYD +VQQIEwJDQTESMBAGA1UEBxMJU3Vubnl2YWxlMRIwEAYDVQQKEwlPcGVuU3RhY2sx +ETAPBgNVBAsTCEtleXN0b25lMSUwIwYJKoZIhvcNAQkBFhZrZXlzdG9uZUBvcGVu +c3RhY2sub3JnMRQwEgYDVQQDEwtTZWxmIFNpZ25lZAIBETAHBgUrDgMCGjANBgkq +hkiG9w0BAQEFAASBgK0KiADUUObQfhVE/zfyqQI/ROjRODXonVwAJE3WydMHHdXa +TwY/wVTaK0PwvrM/uIph6KOxwH4QelP3V1zRh0SJKERHK1ftJ8xCSxQ4zFwtFzG4 +JTiPDhQcSi1swrUqy6WfVthCJKrLuTnqCP4bTE4bC8DNzMNvilRylNxSQK4g +-----END CMS----- diff --git a/examples/pki/gen_pki.sh b/examples/pki/gen_pki.sh new file mode 100755 index 00000000..9bf6c322 --- /dev/null +++ b/examples/pki/gen_pki.sh @@ -0,0 +1,222 @@ +#!/bin/bash + +# Copyright 2012 OpenStack LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# This script generates the crypto necessary for the SSL tests. + +DIR=`dirname "$0"` +CURRENT_DIR=`cd "$DIR" && pwd` +CERTS_DIR=$CURRENT_DIR/certs +PRIVATE_DIR=$CURRENT_DIR/private +CMS_DIR=$CURRENT_DIR/cms + + +function rm_old { + rm -rf $CERTS_DIR/*.pem + rm -rf $PRIVATE_DIR/*.pem +} + +function cleanup { + rm -rf *.conf > /dev/null 2>&1 + rm -rf index* > /dev/null 2>&1 + rm -rf *.crt > /dev/null 2>&1 + rm -rf newcerts > /dev/null 2>&1 + rm -rf *.pem > /dev/null 2>&1 + rm -rf serial* > /dev/null 2>&1 +} + +function generate_ca_conf { + echo ' +[ req ] +default_bits = 1024 +default_keyfile = cakey.pem +default_md = sha1 + +prompt = no +distinguished_name = ca_distinguished_name + +x509_extensions = ca_extensions + +[ ca_distinguished_name ] +serialNumber = 5 +countryName = US +stateOrProvinceName = CA +localityName = Sunnyvale +organizationName = OpenStack +organizationalUnitName = Keystone +emailAddress = keystone@openstack.org +commonName = Self Signed + +[ ca_extensions ] +basicConstraints = critical,CA:true +' > ca.conf +} + +function generate_ssl_req_conf { + echo ' +[ req ] +default_bits = 1024 +default_keyfile = keystonekey.pem +default_md = sha1 + +prompt = no +distinguished_name = distinguished_name + +[ distinguished_name ] +countryName = US +stateOrProvinceName = CA +localityName = Sunnyvale +organizationName = OpenStack +organizationalUnitName = Keystone +commonName = localhost +emailAddress = keystone@openstack.org +' > ssl_req.conf +} + +function generate_cms_signing_req_conf { + echo ' +[ req ] +default_bits = 1024 +default_keyfile = keystonekey.pem +default_md = sha1 + +prompt = no +distinguished_name = distinguished_name + +[ distinguished_name ] +countryName = US +stateOrProvinceName = CA +localityName = Sunnyvale +organizationName = OpenStack +organizationalUnitName = Keystone +commonName = Keystone +emailAddress = keystone@openstack.org +' > cms_signing_req.conf +} + +function generate_signing_conf { + echo ' +[ ca ] +default_ca = signing_ca + +[ signing_ca ] +dir = . +database = $dir/index.txt +new_certs_dir = $dir/newcerts + +certificate = $dir/certs/cacert.pem +serial = $dir/serial +private_key = $dir/private/cakey.pem + +default_days = 21360 +default_crl_days = 30 +default_md = sha1 + +policy = policy_any + +[ policy_any ] +countryName = supplied +stateOrProvinceName = supplied +localityName = optional +organizationName = supplied +organizationalUnitName = supplied +emailAddress = supplied +commonName = supplied +' > signing.conf +} + +function setup { + touch index.txt + echo '10' > serial + generate_ca_conf + mkdir newcerts +} + +function check_error { + if [ $1 != 0 ] ; then + echo "Failed! rc=${1}" + echo 'Bailing ...' + cleanup + exit $1 + else + echo 'Done' + fi +} + +function generate_ca { + echo 'Generating New CA Certificate ...' + openssl req -x509 -newkey rsa:1024 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes + check_error $? +} + +function ssl_cert_req { + echo 'Generating SSL Certificate Request ...' + generate_ssl_req_conf + openssl req -newkey rsa:1024 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes + check_error $? + #openssl req -in req.pem -text -noout +} + +function cms_signing_cert_req { + echo 'Generating CMS Signing Certificate Request ...' + generate_cms_signing_req_conf + openssl req -newkey rsa:1024 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes + check_error $? + #openssl req -in req.pem -text -noout +} + +function issue_certs { + generate_signing_conf + echo 'Issuing SSL Certificate ...' + openssl ca -in ssl_req.pem -config signing.conf -batch + check_error $? + openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem + check_error $? + echo 'Issuing CMS Signing Certificate ...' + openssl ca -in cms_signing_req.pem -config signing.conf -batch + check_error $? + openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem + check_error $? +} + +function create_middleware_cert { + cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem + cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem +} + +function check_openssl { + echo 'Checking openssl availability ...' + which openssl + check_error $? +} + +function gen_sample_cms { + for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json" + do + openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem} + done +} + +check_openssl +rm_old +cleanup +setup +generate_ca +ssl_cert_req +cms_signing_cert_req +issue_certs +create_middleware_cert +gen_sample_cms +cleanup diff --git a/examples/pki/private/cakey.pem b/examples/pki/private/cakey.pem new file mode 100644 index 00000000..e73c13fc --- /dev/null +++ b/examples/pki/private/cakey.pem @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALzI17ExCaqdr7xY +2Q5CBZ1bW1lsrXxS8eNJRdQtskDuQVAluY03/OGZd8HQYiiY/ci2tYy7BNICbh5G +aO95eqTDykJR3liOYE/tHbY6puQlj2ZivmhlSd2d5d7lF0/H28RQsLu9VktMuw6q +9DpDm35jfrr8LgSeA3MdVqcS/4OhAgMBAAECgYEAjY9xJd5mqDicCXj6MhXRzgAu +TK0QnhQ4a72LDiLB8qx171qKe9mK18RTp9LReC3Yx8Qx+PhYEf5egnc7wq7uBgsk +wAE7bPXBPRoxFxDHtZDRASAhWxX0gkfyO3uIy88HIiQlu51v1O4mSVyNpOZFnY2b +ygLw8lg4AUJibSwE+50CQQDjWKluxXnifqoCn18BeT0FokBmV6ZLnRvHaroJP73O +kPDINiBRPxDpX1cQpQ4hXkjSRM9RrUa4Z6hAEmAUGcoPAkEA1JP7omqY6bRH+tmE +fM503jP5YiGNPB2UJRDPTXnbylII+pwf+hP0aW+2hnjm0cTAJ2yBNd9UnclLBsFO +yABHTwJBAJIvp7s3tfkjE3TeP7v11nwx6ZElWSQT4RHomblqyET0RC+pRjyX/eri +SFzGlYB1XQQABQNzFR9sX+7bIfaq4pcCQCHs1/zMnEi3z8D109IDNN19V/BUQHD2 +m3zq2NqZdv0r6GjuX6AObTQicvO0+clCaBQimeBaGuvvgvy5/vOmL7sCQQDgFxy/ +Yn5c6/jZDf2Vd/Jdk9tdV7147nC/A93c08BIWhD+jgPe/eIYMch61y7VczXizlb7 +M/BPhTX0/4yrL5Pg +-----END PRIVATE KEY----- diff --git a/examples/pki/private/signing_key.pem b/examples/pki/private/signing_key.pem new file mode 100644 index 00000000..df9b64db --- /dev/null +++ b/examples/pki/private/signing_key.pem @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANBnphDSfn7OTmk/ +JOLgOxE0QwP6F/7VCglQH8X2L3hwHUKhCg3FG7YXV054ZAZ79DmSKcQT8cERGUmS +tiP4XpD6wSC2eFEs6MxQoLnVwON0DJAZXLkPlTiNv6uR+M9pJ8WnsbAYz3iF+w/T +aMLU2BZToEqgosfMViHDVtcdRJ9XAgMBAAECgYAqcJEO5+6+oACzyhoW4ZblwADN +tIZibLvofZqa07GDE0HCKc1EVJl6EXLEFhw4fdGUT8GVnoIi0PqXUvsohBGtkmpM +Ee+Yj5ii7VEL75Z5zzJZ50CM7vI0AqZ2WMIITjgsrMKdBh0tHolTCqenqv1t2/OZ +dwAgPG1C90VsPgLW4QJBAOvuCwOZwAOlIygeSYfl9/aQuIQzP5yIQbv95Z+jeyii +ly29FrPqhZvU4+hS7xUnT8X1d5XemsQTScoE/lF3LEkCQQDiIi5crENMdYX60ax7 +/6U25Ej0XyQ3Gt8ryYDoPIaeWSlRV5TQnYfY9CdQqJmTyBWYHNBOhjHupNX4AgWJ +8y6fAkEAlYNZP4LkCGtSiE4JUzINnhfAlybTHSPMZJJWPoCfv/Sp0baO+J2a5lJX +zBcipEkxaMZSbouPkMqYbIoVkRLw4QJAD8y5looGrbnsYYjy1zsWbQ5oNoLLQfpj +q2iJ1DAea8PpCiDnaegHzNXKRW1yRYwOTjF9MG9Z38WumYRypJ/UGwJBAJShOlyg +AA3ob9ajlJ3/NMNbIrVbDuG1c14HVHarnF9nrf8wmjACXP/rjFZo9tVAbQjG6kXH +41oYgyhOVRYT578= +-----END PRIVATE KEY----- diff --git a/examples/pki/private/ssl_key.pem b/examples/pki/private/ssl_key.pem new file mode 100644 index 00000000..2002bde6 --- /dev/null +++ b/examples/pki/private/ssl_key.pem @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANRG3ZkIJ+NaY9sm +irkZ+Lzf1Ka18xOvc2kizemUMeAchs9hlP0Kpm8EBHal1vgzSuXncP8gyQ6nMZUw +5NhFMZ1kLSfzoB/hCyTlIp/4VZbCAtn43zlTUSgQQMH+6I4k4sZDOiIAE7yvzEMa +71RkqBzduuFoeuhBm5oqmRa8kac5AgMBAAECgYBngOI94tcoKQO1cJaFaJ964Jyc +aO1L9OmOIvVJ5gNnpiEpbwgpVY8PZGMUwwoNXV0wumfDTmYaafVoLD35IcvtcS3D +Tmsm+zC3ZQYzbQrIkQrtXE+y4bMwtscOTd61YDFQE++0omg3qckVu8IYSdFtTb9D +SjSsWMnYoDmGrBqCHQJBAP2jq2I5fMPSR3LY5FdejwhyUcqs6AKyJD0BDJzIhdV6 +d0InWWss/atR4sMnOX7WKIo1m4+X+0+T2F69kj9hge8CQQDWQKTvbvlDugiziwNc +FRl+yC7YTJ34toRFI4xbszKL3vgk4KDgfSQeoPp9KeHXmjgTfXIOwSVI83QBoL1d +LHFXAkEAglD9VVJEEDiSDSfy6hDjXGugKon8CqaMh+tqF4PPf4eUjqC5CJ/tFYDV +CX+1wr01xw0UCAsGTDSiDstHwNjQcQJAAkF3+xVeBnqE8O77wBJwzEbrR1e3KhEx +31B6f9SpKZPVZP4Ac5ydrrzfJkY0nIKBKKNfegxKijQV+pZop/x5zQJASGTmKcW2 +WKj4P8PiolVlWH2ZTARSschff5wDV6nBneb5zWNgpPORrSRPl9yrYrgqk4vvjLh5 +rUiR/G65ZjmbnA== +-----END PRIVATE KEY----- diff --git a/examples/ssl/certs/ca.pem b/examples/ssl/certs/ca.pem deleted file mode 100644 index 37a45216..00000000 --- a/examples/ssl/certs/ca.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC0TCCAjqgAwIBAgIJAMyVAS1JB/DRMA0GCSqGSIb3DQEBBQUAMIGeMQowCAYD -VQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1bm55 -dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTElMCMG -CSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxMLU2Vs -ZiBTaWduZWQwIBcNMTIxMDIyMTk0OTA0WhgPMjA3MTA0MTYxOTQ5MDRaMIGeMQow -CAYDVQQFEwE1MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVN1 -bm55dmFsZTESMBAGA1UEChMJT3BlblN0YWNrMREwDwYDVQQLEwhLZXlzdG9uZTEl -MCMGCSqGSIb3DQEJARYWa2V5c3RvbmVAb3BlbnN0YWNrLm9yZzEUMBIGA1UEAxML -U2VsZiBTaWduZWQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANKsTxsxbBGA -GzglqerOOnNw76g/U/ltb6RugEnfD3nBOBGT3zXW+8i0XVzCPdYsIjaltDIGZ66N -86QXSLOgxccYN+uHo2/ADvcc5HzH6Wi8mkzlYA+ZEx4JZZQPlaoN52/Tib487nn4 -3oldwbI9cvfpp0kzDHWx3HVil1fT6WwDAgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB -Af8wDQYJKoZIhvcNAQEFBQADgYEAK9reLm4pW0AKGhXFvn0D1fRl/5Wxp/cZ3MM2 -IHSAelTx7bp67VeBGw+SrVdVUM9K6pqmJemA+IWGXHcRE6WPEQYUI0Bs9R6MdwOt -ws665r9WWExDztdXELsqacg/olcDiyHi0CAXPxWh/KRYSBfO3wNjOvvGTuedpnIU -MQOy2UI= ------END CERTIFICATE----- diff --git a/examples/ssl/certs/keystone.pem b/examples/ssl/certs/keystone.pem deleted file mode 100644 index 321bd545..00000000 --- a/examples/ssl/certs/keystone.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICuzCCAiSgAwIBAgIBEDANBgkqhkiG9w0BAQUFADCBnjEKMAgGA1UEBRMBNTEL -MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQ -BgNVBAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0B -CQEWFmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVk -MCAXDTEyMTAyMjE5NDkwNFoYDzIwNzEwNDE2MTk0OTA0WjCBkDELMAkGA1UEBhMC -VVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNVBAoTCU9w -ZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEWFmtleXN0 -b25lQG9wZW5zdGFjay5vcmcxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG -9w0BAQEFAAOBjQAwgYkCgYEA0g+31KD6C4nVJKjl5jm5RS2UyZBqGvCFxvyKkTAs -VK9RnVl2R9J/1p3eUP7zwdait/g+FQTlsRQQoH6Ybf9oPZpJFeotvZXH/D5a7I+t -U8m1qLrJqd61wNad3JaubcqAa6r+wj1A7y1ZLvnzZBhZwQBXYYy3cLqTP6cTqS2u -ezECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAD -pZbC4E22H6C8phw9qryctY+jIG50QHJz0iJHf27IbIOELYK4VKtCkbaiOcQwMKtA -L0SGotIM5Z6VN+72pUJUGM8EhaGYmZpfyF/+E3JSo1r41mneqdjfYy6wpnnhMlk9 -I6COsjgq6xvnlqMdS5LR24wDIK/Ftd0dx5CrmmuYog== ------END CERTIFICATE----- diff --git a/examples/ssl/certs/middleware.pem b/examples/ssl/certs/middleware.pem deleted file mode 100644 index c18e307c..00000000 --- a/examples/ssl/certs/middleware.pem +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICuzCCAiSgAwIBAgIBEDANBgkqhkiG9w0BAQUFADCBnjEKMAgGA1UEBRMBNTEL -MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQ -BgNVBAoTCU9wZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0B -CQEWFmtleXN0b25lQG9wZW5zdGFjay5vcmcxFDASBgNVBAMTC1NlbGYgU2lnbmVk -MCAXDTEyMTAyMjE5NDkwNFoYDzIwNzEwNDE2MTk0OTA0WjCBkDELMAkGA1UEBhMC -VVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTdW5ueXZhbGUxEjAQBgNVBAoTCU9w -ZW5TdGFjazERMA8GA1UECxMIS2V5c3RvbmUxJTAjBgkqhkiG9w0BCQEWFmtleXN0 -b25lQG9wZW5zdGFjay5vcmcxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG -9w0BAQEFAAOBjQAwgYkCgYEA0g+31KD6C4nVJKjl5jm5RS2UyZBqGvCFxvyKkTAs -VK9RnVl2R9J/1p3eUP7zwdait/g+FQTlsRQQoH6Ybf9oPZpJFeotvZXH/D5a7I+t -U8m1qLrJqd61wNad3JaubcqAa6r+wj1A7y1ZLvnzZBhZwQBXYYy3cLqTP6cTqS2u -ezECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAD -pZbC4E22H6C8phw9qryctY+jIG50QHJz0iJHf27IbIOELYK4VKtCkbaiOcQwMKtA -L0SGotIM5Z6VN+72pUJUGM8EhaGYmZpfyF/+E3JSo1r41mneqdjfYy6wpnnhMlk9 -I6COsjgq6xvnlqMdS5LR24wDIK/Ftd0dx5CrmmuYog== ------END CERTIFICATE----- ------BEGIN PRIVATE KEY----- -MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANIPt9Sg+guJ1SSo -5eY5uUUtlMmQahrwhcb8ipEwLFSvUZ1ZdkfSf9ad3lD+88HWorf4PhUE5bEUEKB+ -mG3/aD2aSRXqLb2Vx/w+WuyPrVPJtai6yanetcDWndyWrm3KgGuq/sI9QO8tWS75 -82QYWcEAV2GMt3C6kz+nE6ktrnsxAgMBAAECgYEAqcmioO7srN7ftR3/lTMbGVta -ZAGigdvfhZMivW/epSSAJ1rkS/FM+z/nLjik9gxywZiZNYwbzCGXvuIUevRyX8Ei -PVTggVqK449NpW+K0aFe1D9MTn1A6axznwa1/STgAr80Q/9v8L6Pqy37AfxEBdej -ly0wZ/OMB4r6LN5hGPECQQD04EncRtsqQ5E+1pfl625vXAowjcv84ZRewhN772Ub -/vwNiL/K5JHgKixnMfQyDbltRVk09i2tIBSywVVNI+TTAkEA25qP+llyxNgwLsZ6 -S3WwBJOL4BR7HNlhAM/rO1BiWBwkwAKbh7PWEb0pXM/H5c3TrCe1VPQ2fNXCl164 -M8BtawJBAOdYru8pEg4P370aSE+z6ZXTwty0WjADfoU3nejM9x1H/SFcPLaW0yqR -LXohO6++P5z4k5rxqZ2SXXu0I77JVnkCQAIcbEHl1jqaMWxhsA9FpFmG6ZNP3xcZ -59rQJNy/GxLpwliuLbySN/6XqOwhezR0VBKVlyKn7lYo3+QAnxiwQt0CQQCEQ3sJ -lAREj2ZkImKRAFZj2uxK4cz0+wkRx6pWHyy8hil19LkaWBKbC0U6kaoUyCsDgM1O -L70bXSvi52tgTzr6 ------END PRIVATE KEY----- diff --git a/examples/ssl/gen_pki.sh b/examples/ssl/gen_pki.sh deleted file mode 100755 index 16d1c008..00000000 --- a/examples/ssl/gen_pki.sh +++ /dev/null @@ -1,179 +0,0 @@ -#!/bin/bash - -# Copyright 2012 OpenStack LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This script generates the crypto necessary for the SSL tests. - -DIR=`dirname "$0"` -CURRENT_DIR=`cd "$DIR" && pwd` -CERTS_DIR=$CURRENT_DIR/certs -PRIVATE_DIR=$CURRENT_DIR/private - - -function rm_old { - rm -rf $CERTS_DIR/*.pem - rm -rf $PRIVATE_DIR/*.pem -} - -function cleanup { - rm -rf *.conf > /dev/null 2>&1 - rm -rf index* > /dev/null 2>&1 - rm -rf *.crt > /dev/null 2>&1 - rm -rf newcerts > /dev/null 2>&1 - rm -rf *.pem > /dev/null 2>&1 - rm -rf serial* > /dev/null 2>&1 -} - -function generate_ca_conf { - echo ' -[ req ] -default_bits = 1024 -default_keyfile = cakey.pem -default_md = sha1 - -prompt = no -distinguished_name = ca_distinguished_name - -x509_extensions = ca_extensions - -[ ca_distinguished_name ] -serialNumber = 5 -countryName = US -stateOrProvinceName = CA -localityName = Sunnyvale -organizationName = OpenStack -organizationalUnitName = Keystone -emailAddress = keystone@openstack.org -commonName = Self Signed - -[ ca_extensions ] -basicConstraints = critical,CA:true -' > ca.conf -} - -function generate_req_conf { - echo ' -[ req ] -default_bits = 1024 -default_keyfile = keystonekey.pem -default_md = sha1 - -prompt = no -distinguished_name = distinguished_name - -[ distinguished_name ] -countryName = US -stateOrProvinceName = CA -localityName = Sunnyvale -organizationName = OpenStack -organizationalUnitName = Keystone -commonName = localhost -emailAddress = keystone@openstack.org -' > req.conf -} - -function generate_signing_conf { - echo ' -[ ca ] -default_ca = signing_ca - -[ signing_ca ] -dir = . -database = $dir/index.txt -new_certs_dir = $dir/newcerts - -certificate = $dir/certs/ca.pem -serial = $dir/serial -private_key = $dir/private/cakey.pem - -default_days = 21360 -default_crl_days = 30 -default_md = sha1 - -policy = policy_any - -x509_extensions = ca_extensions - -[ policy_any ] -countryName = supplied -stateOrProvinceName = supplied -localityName = optional -organizationName = supplied -organizationalUnitName = supplied -emailAddress = supplied -commonName = supplied - -[ ca_extensions ] -basicConstraints = critical,CA:true -' > signing.conf -} - -function setup { - touch index.txt - echo '10' > serial - generate_ca_conf - mkdir newcerts -} - -function check_error { - if [ $1 != 0 ] ; then - echo "Failed! rc=${1}" - echo 'Bailing ...' - cleanup - exit $1 - else - echo 'Done' - fi -} - -function generate_ca { - echo 'Generating New CA Certificate ...' - openssl req -x509 -newkey rsa:1024 -days 21360 -out $CERTS_DIR/ca.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes - check_error $? -} - -function cert_req { - echo 'Generating Certificate Request ...' - generate_req_conf - openssl req -newkey rsa:1024 -keyout $PRIVATE_DIR/keystonekey.pem -keyform PEM -out req.pem -outform PEM -config req.conf -nodes - check_error $? - #openssl req -in req.pem -text -noout -} - - -function issue_cert { - echo 'Issuing SSL Certificate ...' - generate_signing_conf - openssl ca -in req.pem -config signing.conf -batch - check_error $? - openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/keystone.pem - check_error $? -} - -function create_middleware_cert { - cp $CERTS_DIR/keystone.pem $CERTS_DIR/middleware.pem - cat $PRIVATE_DIR/keystonekey.pem >> $CERTS_DIR/middleware.pem -} - - -echo $CURRENT_DIR -rm_old -cleanup -setup -generate_ca -cert_req -issue_cert -create_middleware_cert -cleanup diff --git a/examples/ssl/private/cakey.pem b/examples/ssl/private/cakey.pem deleted file mode 100644 index 31dc9ece..00000000 --- a/examples/ssl/private/cakey.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANKsTxsxbBGAGzgl -qerOOnNw76g/U/ltb6RugEnfD3nBOBGT3zXW+8i0XVzCPdYsIjaltDIGZ66N86QX -SLOgxccYN+uHo2/ADvcc5HzH6Wi8mkzlYA+ZEx4JZZQPlaoN52/Tib487nn43old -wbI9cvfpp0kzDHWx3HVil1fT6WwDAgMBAAECgYBY/FNFpzCAi93zb2VAOu/RhyiT -pnwv5Ru9Fre1fDSrNwQZ2J31veMIObcd0SYRav7gmklsv+vXfTomW3dn+EbRNwjb -HhhyX0fWoIBl95Z9pGgEAKCqm6ooJXcNSDAoJB573IO24dB0Trvp2BTvm8AdHN6d -AIrQkOZbUZKRYCP6oQJBAPtwzF3pYGS4L/phohJRJnWwKd9vMOgJztwu9TWlISMn -Mkld8ur4obRwpTpusDiIJMOLOS3b1UKk/Usy5TObbisCQQDWfkP19g5S1DeRRdnX -Fhx7WnB6QS+D2BgB2SLOpNQeRj4RHsKhqi1t6cn8KVb7gWjOvPVgLB85wV8fa6u8 -DeWJAkBk9+XJLGcd6uyxQbWAX3/vMH+QDql39EBSILUtBpNo91t1JLnga1kcCUQA -U+SFvv3sXCLo7GcV7QUdxmFNuPOjAkEAkt2+Fwo14I0ixzv23wlq0yOn5G4B5Nrw -BUPyS2AdReV+1iYjyqJFnP75qMl9n5SKeRR1Rzau4tL/GPqWiptRUQJBAKoh+W92 -IrMHKlMt8yUh7BgYzImrAo+gI+r5Mqewn8G75t2kRf/JcdM6i7fwAPSuTaV/sfA/ -FYJ+N9ZGfFSBAJM= ------END PRIVATE KEY----- diff --git a/examples/ssl/private/keystonekey.pem b/examples/ssl/private/keystonekey.pem deleted file mode 100644 index fac3bf65..00000000 --- a/examples/ssl/private/keystonekey.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANIPt9Sg+guJ1SSo -5eY5uUUtlMmQahrwhcb8ipEwLFSvUZ1ZdkfSf9ad3lD+88HWorf4PhUE5bEUEKB+ -mG3/aD2aSRXqLb2Vx/w+WuyPrVPJtai6yanetcDWndyWrm3KgGuq/sI9QO8tWS75 -82QYWcEAV2GMt3C6kz+nE6ktrnsxAgMBAAECgYEAqcmioO7srN7ftR3/lTMbGVta -ZAGigdvfhZMivW/epSSAJ1rkS/FM+z/nLjik9gxywZiZNYwbzCGXvuIUevRyX8Ei -PVTggVqK449NpW+K0aFe1D9MTn1A6axznwa1/STgAr80Q/9v8L6Pqy37AfxEBdej -ly0wZ/OMB4r6LN5hGPECQQD04EncRtsqQ5E+1pfl625vXAowjcv84ZRewhN772Ub -/vwNiL/K5JHgKixnMfQyDbltRVk09i2tIBSywVVNI+TTAkEA25qP+llyxNgwLsZ6 -S3WwBJOL4BR7HNlhAM/rO1BiWBwkwAKbh7PWEb0pXM/H5c3TrCe1VPQ2fNXCl164 -M8BtawJBAOdYru8pEg4P370aSE+z6ZXTwty0WjADfoU3nejM9x1H/SFcPLaW0yqR -LXohO6++P5z4k5rxqZ2SXXu0I77JVnkCQAIcbEHl1jqaMWxhsA9FpFmG6ZNP3xcZ -59rQJNy/GxLpwliuLbySN/6XqOwhezR0VBKVlyKn7lYo3+QAnxiwQt0CQQCEQ3sJ -lAREj2ZkImKRAFZj2uxK4cz0+wkRx6pWHyy8hil19LkaWBKbC0U6kaoUyCsDgM1O -L70bXSvi52tgTzr6 ------END PRIVATE KEY----- -- cgit