diff --git a/libs/libblade/libblade.sln b/libs/libblade/libblade.sln index 4eed1e7669..d5a1f60ad6 100644 --- a/libs/libblade/libblade.sln +++ b/libs/libblade/libblade.sln @@ -27,6 +27,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testcli", "test\testcli.vcx EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testcon", "test\testcon.vcxproj", "{D67EEF66-B323-4BCF-9E3C-3A640B9949B7}" EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "openssl", "..\win32\openssl\openssl.2015.vcxproj", "{25BD39B1-C8BF-4676-A738-9CABD9C6BC79}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|x64 = Debug|x64 @@ -231,6 +233,22 @@ Global {D67EEF66-B323-4BCF-9E3C-3A640B9949B7}.ReleaseDLL|x64.Build.0 = Release|x64 {D67EEF66-B323-4BCF-9E3C-3A640B9949B7}.ReleaseDLL|x86.ActiveCfg = Release|Win32 {D67EEF66-B323-4BCF-9E3C-3A640B9949B7}.ReleaseDLL|x86.Build.0 = Release|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x64.ActiveCfg = Debug|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x64.Build.0 = Debug|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x86.ActiveCfg = Debug|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Debug|x86.Build.0 = Debug|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x64.ActiveCfg = Debug|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x64.Build.0 = Debug|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x86.ActiveCfg = Debug|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.DebugDLL|x86.Build.0 = Debug|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x64.ActiveCfg = Release|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x64.Build.0 = Release|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x86.ActiveCfg = Release|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.Release|x86.Build.0 = Release|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x64.ActiveCfg = Release|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x64.Build.0 = Release|x64 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x86.ActiveCfg = Release|Win32 + {25BD39B1-C8BF-4676-A738-9CABD9C6BC79}.ReleaseDLL|x86.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE diff --git a/libs/libblade/src/blade_transport_wss.c b/libs/libblade/src/blade_transport_wss.c index 57d0568117..6178a560ae 100644 --- a/libs/libblade/src/blade_transport_wss.c +++ b/libs/libblade/src/blade_transport_wss.c @@ -44,11 +44,17 @@ struct blade_transport_wss_s { blade_transport_t *transport; blade_transport_callbacks_t *callbacks; + const char *ssl_key; + const char *ssl_cert; + const char *ssl_chain; ks_sockaddr_t endpoints_ipv4[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX]; ks_sockaddr_t endpoints_ipv6[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX]; int32_t endpoints_ipv4_length; int32_t endpoints_ipv6_length; int32_t endpoints_backlog; + const char *endpoints_ssl_key; + const char *endpoints_ssl_cert; + const char *endpoints_ssl_chain; volatile ks_bool_t shutdown; @@ -62,6 +68,7 @@ struct blade_transport_wss_link_s { const char *session_id; ks_socket_t sock; kws_t *kws; + SSL_CTX *ssl; }; @@ -162,6 +169,7 @@ static void blade_transport_wss_link_cleanup(void *ptr, void *arg, ks_pool_clean if (btwssl->session_id) ks_pool_free(&btwssl->session_id); if (btwssl->kws) kws_destroy(&btwssl->kws); else ks_socket_close(&btwssl->sock); + if (btwssl->ssl) SSL_CTX_free(btwssl->ssl); break; case KS_MPCL_DESTROY: break; @@ -191,26 +199,94 @@ ks_status_t blade_transport_wss_link_create(blade_transport_wss_link_t **btwsslP return KS_STATUS_SUCCESS; } +ks_status_t blade_transport_wss_link_ssl_init(blade_transport_wss_link_t *btwssl, ks_bool_t server) +{ + const SSL_METHOD *method = NULL; + const char *key = NULL; + const char *cert = NULL; + const char *chain = NULL; + + ks_assert(btwssl); + + method = server ? TLSv1_2_server_method() : TLSv1_2_client_method(); + key = server ? btwssl->transport->endpoints_ssl_key : btwssl->transport->ssl_key; + cert = server ? btwssl->transport->endpoints_ssl_cert : btwssl->transport->ssl_cert; + chain = server ? btwssl->transport->endpoints_ssl_chain : btwssl->transport->ssl_chain; + + if (key && cert) { + btwssl->ssl = SSL_CTX_new(method); + + // @todo probably manage this through configuration, but TLS 1.2 is preferred + SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_SSLv2); + SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_SSLv3); + SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_TLSv1); + SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_TLSv1_1); + SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_DTLSv1); + SSL_CTX_set_options(btwssl->ssl, SSL_OP_NO_COMPRESSION); + if (server) SSL_CTX_set_verify(btwssl->ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + + if (chain) { + if (!SSL_CTX_use_certificate_chain_file(btwssl->ssl, chain)) { + ks_log(KS_LOG_DEBUG, "SSL Chain File Error\n"); + return KS_STATUS_FAIL; + } + if (!SSL_CTX_load_verify_locations(btwssl->ssl, chain, NULL)) { + ks_log(KS_LOG_DEBUG, "SSL Verify File Error\n"); + return KS_STATUS_FAIL; + } + } + + if (!SSL_CTX_use_certificate_file(btwssl->ssl, cert, SSL_FILETYPE_PEM)) { + ks_log(KS_LOG_DEBUG, "SSL Cert File Error\n"); + return KS_STATUS_FAIL; + } + + if (!SSL_CTX_use_PrivateKey_file(btwssl->ssl, key, SSL_FILETYPE_PEM)) { + ks_log(KS_LOG_DEBUG, "SSL Key File Error\n"); + return KS_STATUS_FAIL; + } + + if (!SSL_CTX_check_private_key(btwssl->ssl)) { + ks_log(KS_LOG_DEBUG, "SSL Key File Verification Error\n"); + return KS_STATUS_FAIL; + } + + SSL_CTX_set_cipher_list(btwssl->ssl, "HIGH:!DSS:!aNULL@STRENGTH"); + } + + return KS_STATUS_SUCCESS; +} + ks_status_t blade_transport_wss_config(blade_transport_wss_t *btwss, config_setting_t *config) { + ks_pool_t *pool = NULL; config_setting_t *transport = NULL; config_setting_t *transport_wss = NULL; + config_setting_t *transport_wss_ssl = NULL; config_setting_t *transport_wss_endpoints = NULL; config_setting_t *transport_wss_endpoints_ipv4 = NULL; config_setting_t *transport_wss_endpoints_ipv6 = NULL; - config_setting_t *transport_wss_ssl = NULL; - config_setting_t *element; + config_setting_t *transport_wss_endpoints_ssl = NULL; + config_setting_t *element; config_setting_t *tmp1; config_setting_t *tmp2; + const char *ssl_key = NULL; + const char *ssl_cert = NULL; + const char *ssl_chain = NULL; ks_sockaddr_t endpoints_ipv4[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX]; ks_sockaddr_t endpoints_ipv6[BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX]; int32_t endpoints_ipv4_length = 0; int32_t endpoints_ipv6_length = 0; int32_t endpoints_backlog = 8; + const char *endpoints_ssl_key = NULL; + const char *endpoints_ssl_cert = NULL; + const char *endpoints_ssl_chain = NULL; ks_assert(btwss); ks_assert(config); + pool = ks_pool_get(btwss); + if (!config_setting_is_group(config)) { ks_log(KS_LOG_DEBUG, "!config_setting_is_group(config)\n"); return KS_STATUS_FAIL; @@ -219,69 +295,94 @@ ks_status_t blade_transport_wss_config(blade_transport_wss_t *btwss, config_sett if (transport) { transport_wss = config_setting_get_member(transport, "wss"); if (transport_wss) { - transport_wss_endpoints = config_setting_get_member(transport_wss, "endpoints"); - if (!transport_wss_endpoints) { - ks_log(KS_LOG_DEBUG, "!wss_endpoints\n"); - return KS_STATUS_FAIL; - } - transport_wss_endpoints_ipv4 = config_lookup_from(transport_wss_endpoints, "ipv4"); - transport_wss_endpoints_ipv6 = config_lookup_from(transport_wss_endpoints, "ipv6"); - if (transport_wss_endpoints_ipv4) { - if (config_setting_type(transport_wss_endpoints_ipv4) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL; - if ((endpoints_ipv4_length = config_setting_length(transport_wss_endpoints_ipv4)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX) - return KS_STATUS_FAIL; - - for (int32_t index = 0; index < endpoints_ipv4_length; ++index) { - element = config_setting_get_elem(transport_wss_endpoints_ipv4, index); - tmp1 = config_lookup_from(element, "address"); - tmp2 = config_lookup_from(element, "port"); - if (!tmp1 || !tmp2) return KS_STATUS_FAIL; - if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL; - if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL; - - if (ks_addr_set(&endpoints_ipv4[index], - config_setting_get_string(tmp1), - config_setting_get_int(tmp2), - AF_INET) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL; - ks_log(KS_LOG_DEBUG, - "Binding to IPV4 %s on port %d\n", - ks_addr_get_host(&endpoints_ipv4[index]), - ks_addr_get_port(&endpoints_ipv4[index])); - } - } - if (transport_wss_endpoints_ipv6) { - if (config_setting_type(transport_wss_endpoints_ipv6) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL; - if ((endpoints_ipv6_length = config_setting_length(transport_wss_endpoints_ipv6)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX) - return KS_STATUS_FAIL; - - for (int32_t index = 0; index < endpoints_ipv6_length; ++index) { - element = config_setting_get_elem(transport_wss_endpoints_ipv6, index); - tmp1 = config_lookup_from(element, "address"); - tmp2 = config_lookup_from(element, "port"); - if (!tmp1 || !tmp2) return KS_STATUS_FAIL; - if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL; - if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL; - - - if (ks_addr_set(&endpoints_ipv6[index], - config_setting_get_string(tmp1), - config_setting_get_int(tmp2), - AF_INET6) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL; - ks_log(KS_LOG_DEBUG, - "Binding to IPV6 %s on port %d\n", - ks_addr_get_host(&endpoints_ipv6[index]), - ks_addr_get_port(&endpoints_ipv6[index])); - } - } - if (endpoints_ipv4_length + endpoints_ipv6_length <= 0) return KS_STATUS_FAIL; - tmp1 = config_lookup_from(transport_wss_endpoints, "backlog"); - if (tmp1) { - if (config_setting_type(tmp1) != CONFIG_TYPE_INT) return KS_STATUS_FAIL; - endpoints_backlog = config_setting_get_int(tmp1); - } transport_wss_ssl = config_setting_get_member(transport_wss, "ssl"); if (transport_wss_ssl) { - // @todo: SSL stuffs from wss_ssl into config_wss_ssl envelope + tmp1 = config_setting_get_member(transport_wss_ssl, "key"); + if (tmp1) ssl_key = config_setting_get_string(tmp1); + tmp1 = config_setting_get_member(transport_wss_ssl, "cert"); + if (tmp1) ssl_cert = config_setting_get_string(tmp1); + tmp1 = config_setting_get_member(transport_wss_ssl, "chain"); + if (tmp1) ssl_chain = config_setting_get_string(tmp1); + if (!ssl_key || !ssl_cert || !ssl_chain) return KS_STATUS_FAIL; + ks_log(KS_LOG_DEBUG, + "Using SSL: %s, %s, %s\n", + ssl_key, + ssl_cert, + ssl_chain); + } + + transport_wss_endpoints = config_setting_get_member(transport_wss, "endpoints"); + if (transport_wss_endpoints) { + transport_wss_endpoints_ipv4 = config_setting_get_member(transport_wss_endpoints, "ipv4"); + transport_wss_endpoints_ipv6 = config_setting_get_member(transport_wss_endpoints, "ipv6"); + if (transport_wss_endpoints_ipv4) { + if (config_setting_type(transport_wss_endpoints_ipv4) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL; + if ((endpoints_ipv4_length = config_setting_length(transport_wss_endpoints_ipv4)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX) + return KS_STATUS_FAIL; + + for (int32_t index = 0; index < endpoints_ipv4_length; ++index) { + element = config_setting_get_elem(transport_wss_endpoints_ipv4, index); + tmp1 = config_setting_get_member(element, "address"); + tmp2 = config_setting_get_member(element, "port"); + if (!tmp1 || !tmp2) return KS_STATUS_FAIL; + if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL; + if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL; + + if (ks_addr_set(&endpoints_ipv4[index], + config_setting_get_string(tmp1), + config_setting_get_int(tmp2), + AF_INET) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL; + ks_log(KS_LOG_DEBUG, + "Binding to IPV4 %s on port %d\n", + ks_addr_get_host(&endpoints_ipv4[index]), + ks_addr_get_port(&endpoints_ipv4[index])); + } + } + if (transport_wss_endpoints_ipv6) { + if (config_setting_type(transport_wss_endpoints_ipv6) != CONFIG_TYPE_LIST) return KS_STATUS_FAIL; + if ((endpoints_ipv6_length = config_setting_length(transport_wss_endpoints_ipv6)) > BLADE_MODULE_WSS_ENDPOINTS_MULTIHOME_MAX) + return KS_STATUS_FAIL; + + for (int32_t index = 0; index < endpoints_ipv6_length; ++index) { + element = config_setting_get_elem(transport_wss_endpoints_ipv6, index); + tmp1 = config_setting_get_member(element, "address"); + tmp2 = config_setting_get_member(element, "port"); + if (!tmp1 || !tmp2) return KS_STATUS_FAIL; + if (config_setting_type(tmp1) != CONFIG_TYPE_STRING) return KS_STATUS_FAIL; + if (config_setting_type(tmp2) != CONFIG_TYPE_INT) return KS_STATUS_FAIL; + + + if (ks_addr_set(&endpoints_ipv6[index], + config_setting_get_string(tmp1), + config_setting_get_int(tmp2), + AF_INET6) != KS_STATUS_SUCCESS) return KS_STATUS_FAIL; + ks_log(KS_LOG_DEBUG, + "Binding to IPV6 %s on port %d\n", + ks_addr_get_host(&endpoints_ipv6[index]), + ks_addr_get_port(&endpoints_ipv6[index])); + } + } + if (endpoints_ipv4_length + endpoints_ipv6_length <= 0) return KS_STATUS_FAIL; + tmp1 = config_setting_get_member(transport_wss_endpoints, "backlog"); + if (tmp1) { + if (config_setting_type(tmp1) != CONFIG_TYPE_INT) return KS_STATUS_FAIL; + endpoints_backlog = config_setting_get_int(tmp1); + } + transport_wss_endpoints_ssl = config_setting_get_member(transport_wss_endpoints, "ssl"); + if (transport_wss_endpoints_ssl) { + tmp1 = config_setting_get_member(transport_wss_endpoints_ssl, "key"); + if (tmp1) endpoints_ssl_key = config_setting_get_string(tmp1); + tmp1 = config_setting_get_member(transport_wss_endpoints_ssl, "cert"); + if (tmp1) endpoints_ssl_cert = config_setting_get_string(tmp1); + tmp1 = config_setting_get_member(transport_wss_endpoints_ssl, "chain"); + if (tmp1) endpoints_ssl_chain = config_setting_get_string(tmp1); + if (!endpoints_ssl_key || !endpoints_ssl_cert || !endpoints_ssl_chain) return KS_STATUS_FAIL; + ks_log(KS_LOG_DEBUG, + "Using Endpoint SSL: %s, %s, %s\n", + endpoints_ssl_key, + endpoints_ssl_cert, + endpoints_ssl_chain); + } } } } @@ -289,6 +390,12 @@ ks_status_t blade_transport_wss_config(blade_transport_wss_t *btwss, config_sett // Configuration is valid, now assign it to the variables that are used // If the configuration was invalid, then this does not get changed + if (ssl_key) { + btwss->ssl_key = ks_pstrdup(pool, ssl_key); + btwss->ssl_cert = ks_pstrdup(pool, ssl_cert); + btwss->ssl_chain = ks_pstrdup(pool, ssl_chain); + } + for (int32_t index = 0; index < endpoints_ipv4_length; ++index) btwss->endpoints_ipv4[index] = endpoints_ipv4[index]; for (int32_t index = 0; index < endpoints_ipv6_length; ++index) @@ -296,7 +403,11 @@ ks_status_t blade_transport_wss_config(blade_transport_wss_t *btwss, config_sett btwss->endpoints_ipv4_length = endpoints_ipv4_length; btwss->endpoints_ipv6_length = endpoints_ipv6_length; btwss->endpoints_backlog = endpoints_backlog; - //btwss->ssl = ssl; + if (endpoints_ssl_key) { + btwss->endpoints_ssl_key = ks_pstrdup(pool, endpoints_ssl_key); + btwss->endpoints_ssl_cert = ks_pstrdup(pool, endpoints_ssl_cert); + btwss->endpoints_ssl_chain = ks_pstrdup(pool, endpoints_ssl_chain); + } ks_log(KS_LOG_DEBUG, "Configured\n"); @@ -739,8 +850,12 @@ blade_connection_state_hook_t blade_transport_wss_onstate_startup_inbound(blade_ btwssl = (blade_transport_wss_link_t *)blade_connection_transport_get(bc); - // @todo: SSL init stuffs based on data from config to pass into kws_init - if (kws_init(&btwssl->kws, btwssl->sock, NULL, NULL, KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) { + if (blade_transport_wss_link_ssl_init(btwssl, KS_TRUE) != KS_STATUS_SUCCESS) { + ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT; + goto done; + } + + if (kws_init(&btwssl->kws, btwssl->sock, btwssl->ssl, NULL, KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) { ks_log(KS_LOG_DEBUG, "Failed websocket init\n"); ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT; goto done; @@ -853,6 +968,8 @@ blade_connection_state_hook_t blade_transport_wss_onstate_startup_inbound(blade_ cJSON_AddStringToObject(json_result, "nodeid", nodeid); + // @todo process automatic identity registration from remote SANS entries + pool = ks_pool_get(bh); blade_upstreammgr_masterid_copy(blade_handle_upstreammgr_get(bh), pool, &master_nodeid); if (!master_nodeid) { @@ -939,8 +1056,12 @@ blade_connection_state_hook_t blade_transport_wss_onstate_startup_outbound(blade btwssl = (blade_transport_wss_link_t *)blade_connection_transport_get(bc); pool = ks_pool_get(bh); - // @todo: SSL init stuffs based on data from config to pass into kws_init - if (kws_init(&btwssl->kws, btwssl->sock, NULL, "/blade:blade.invalid:blade", KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) { + if (blade_transport_wss_link_ssl_init(btwssl, KS_FALSE) != KS_STATUS_SUCCESS) { + ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT; + goto done; + } + + if (kws_init(&btwssl->kws, btwssl->sock, btwssl->ssl, "/blade:blade.invalid:blade", KWS_BLOCK, ks_pool_get(btwssl)) != KS_STATUS_SUCCESS) { ks_log(KS_LOG_DEBUG, "Failed websocket init\n"); ret = BLADE_CONNECTION_STATE_HOOK_DISCONNECT; goto done; @@ -1010,6 +1131,8 @@ blade_connection_state_hook_t blade_transport_wss_onstate_startup_outbound(blade goto done; } + // @todo parse and process automatic identity registration coming from local SANS entries, but given back in the connect response in case there are any errors (IE: missing realm or duplicate identity) + master_nodeid = cJSON_GetObjectCstr(json_result, "master-nodeid"); if (!master_nodeid) { ks_log(KS_LOG_DEBUG, "Received message 'result' is missing 'master-nodeid'\n"); diff --git a/libs/libblade/switchblade/switchblade.cfg b/libs/libblade/switchblade/switchblade.cfg index 13adf0ac00..a0219cac65 100644 --- a/libs/libblade/switchblade/switchblade.cfg +++ b/libs/libblade/switchblade/switchblade.cfg @@ -4,7 +4,7 @@ blade: { enabled = true; nodeid = "00000000-0000-0000-0000-000000000000"; - realms = ( "mydomain.com" ); + realms = ( "freeswitch" ); }; transport: { @@ -13,14 +13,15 @@ blade: endpoints: { ipv4 = ( { address = "0.0.0.0", port = 2100 } ); - ipv6 = ( { address = "::", port = 2100 } ); - backlog = 128; - }; - # SSL group is optional, disabled when absent - ssl: - { - # todo: server SSL stuffs here - }; - }; + ipv6 = ( { address = "::", port = 2100 } ); + backlog = 128; + ssl: + { + key = "../test/ca/intermediate/private/master@freeswitch-downstream.key.pem"; + cert = "../test/ca/intermediate/certs/master@freeswitch-downstream.cert.pem"; + chain = "../test/ca/intermediate/certs/ca-chain.cert.pem"; + }; + }; + }; }; }; diff --git a/libs/libblade/test/ca/certs/ca.cert.pem b/libs/libblade/test/ca/certs/ca.cert.pem new file mode 100644 index 0000000000..7dbdbae98f --- /dev/null +++ b/libs/libblade/test/ca/certs/ca.cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFxDCCA6ygAwIBAgIJANi9lXvHAbx4MA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEG +A1UECgwKRnJlZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRl +IFJvb3QgQ0EwHhcNMTcwOTA3MDkyNDE2WhcNMjcwOTA1MDkyNDE2WjBvMQswCQYD +VQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xEzAR +BgNVBAoMCkZyZWVTV0lUQ0gxDjAMBgNVBAsMBUJsYWRlMRYwFAYDVQQDDA1CbGFk +ZSBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3Pt3X1j8 +YaRuGb4ENkhfazwZl0K4VlaPhGj4h4wiL5S2Tp8E83HoRkoyQRX0fhKCrHtjNucO +ODkVbf+QMlv1mgEwCq+3SIEA6keBzsUv5sahunfPd+Vgh6+lgp1sAfjFuFlxrRvi +ghO/yHHKE6P2BBgIz3t5QSakE/fLPwejZ98dacyAIxklzLvt4xHRVP7rxfiNFXKR +XHsQd1iaWGSUBNMkUspCl8wO5IAPX75RiFGeA80IjZ518YVjiFBjCdzQfJb9iGJC +GzrOcPJahfum+tzyIO/rIj+ldFyLPY0wbpa0wKeF58HWt52p3HmKnK5FUa7L8RNA +fc3/H+6qyDeBFx92+T6J30q61dcmPayKooUJNsTKslrZ5L2OicWZepa/Oc5dagyz +GEUc+Z11Mgl8/4pT4rUOna29v1d8+StJPN8XgWAHxmwpZ/cY/9GluSq5oB+6PTPc +Q0aFHHUAI97QqfpGOeAWjtVd/3YUcNo82Pa3577rRgh55X+XEySQmBiPWNOsfuCZ +ZvYGOkLmby1SYR/LOwH8opKJyG/bOiZq23aaTPkmEQQSLRzsKxWc2jlE/UllpYX3 +FCu8nFn+L7Tam495IImi8FrpEX16ZpTGhr7YnfbOkMYw+LaRA36U55e5DToJAB5T +CsC2CLhk8QDVoIMPfpYpY4XpdmA4EfDHOG0CAwEAAaNjMGEwHQYDVR0OBBYEFFoz +OX01zWns+ANZ9/6m9g510yWWMB8GA1UdIwQYMBaAFFozOX01zWns+ANZ9/6m9g51 +0yWWMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4ICAQAg74tSgyZKqZtqJPXt/fadZJqWS75cW5TN0rXTKWfzdDXnPfMD2dhZ +h0bH1ZQRamXmXWZni0LpWaOjvqaVNB2TMVStyjEIjLhcBLzR9fhBSXB0BkdVKXvF +Y/pmGN0ZM7BRwbbltgTPYIefftU6BvAyUP5k6y0JJZGy6RTYp7SN2iJ00msqfie/ +zmF83arhFAmW8wjDXMPsSz958+TNgeetFeQjrJ5sbMaApCE21QazHcZw6/zPMRvX +Gr+TPyx/p335MViz5SjeFThQ7XES871pZSbOhmIrugCHO8LJOat3oOlnsc8HkZ/T +AfUjka0SSPA/sRqPxjLWw/OwDn7g5GpbXl7RXpRsKR8CDIRMVrzD71Nk0SOEb3T9 +Dv7UTl6NDYlyYYqx35t/KsiwWjnPtr6Xcl8O9l/tuzf5Tjt1mz9i80BybE9wXHYi +Y3/1SGloKYVXC+HLLrLm1MEldi9GcYZDzxlydAPfHhSHlYWrvOS/J2Dq6uhH7RHn +JV0nE3bVQE01e6iR4BZMYSj4e3BrhMQvkMX67NndYEmoK6+9d77MsK7wblSXja7t +YyXysfQhcudaN/A00CLJt8VNq+h8Q9BR5PFmvIv6/jzV3kmLO4nX9z0CdERyBBUr +cFXfDn2TBpwlLvOQbEWvZPlEh7Vx2hXRRZr97NstLmFLGTdnVdAl9w== +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/index.txt b/libs/libblade/test/ca/index.txt new file mode 100644 index 0000000000..7403eb59d4 --- /dev/null +++ b/libs/libblade/test/ca/index.txt @@ -0,0 +1 @@ +V 270905092804Z 1000 unknown /C=US/ST=Illinois/O=FreeSWITCH/OU=Blade/CN=Blade Intermediate CA diff --git a/libs/libblade/test/ca/index.txt.attr b/libs/libblade/test/ca/index.txt.attr new file mode 100644 index 0000000000..8f7e63a347 --- /dev/null +++ b/libs/libblade/test/ca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/libs/libblade/test/ca/index.txt.old b/libs/libblade/test/ca/index.txt.old new file mode 100644 index 0000000000..e69de29bb2 diff --git a/libs/libblade/test/ca/intermediate/certs/ca-chain.cert.pem b/libs/libblade/test/ca/intermediate/certs/ca-chain.cert.pem new file mode 100644 index 0000000000..36ddebc71d --- /dev/null +++ b/libs/libblade/test/ca/intermediate/certs/ca-chain.cert.pem @@ -0,0 +1,66 @@ +-----BEGIN CERTIFICATE----- +MIIFtjCCA56gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbzELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApG +cmVlU1dJVENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBD +QTAeFw0xNzA5MDcwOTI4MDRaFw0yNzA5MDUwOTI4MDRaMGUxCzAJBgNVBAYTAlVT +MREwDwYDVQQIDAhJbGxpbm9pczETMBEGA1UECgwKRnJlZVNXSVRDSDEOMAwGA1UE +CwwFQmxhZGUxHjAcBgNVBAMMFUJsYWRlIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBALIlY1JmV9z6wjE6iEIXHUl2CRnsa1jD ++uDk4I/OncOdezpfv2mRO9C7VkcefXb5yDrda/qq8r9pNVm6Q2wCJICIlrK9uK90 +SLsB8WsO8Dnrv9E5Tx96U6J5qDx5Ma3IFM7fF1KUP1LVawpS4lMMKFhcyd/P1dAN +ZWlzHCBoM4O9HMo4sKYx4fzxn00yKNK+RU4Wyd3ecntOOg/Dtx3FHt1bExUFuPUW +sgVUR8b+R6Z/1U6iWe+3x/XBAUVCBhyzt7OrCpY0g3TX7wVCh7CafpZnTe54gjMo +1lqSraJ5Dr4Sn1LV1gRa8cVQrNbUZ+m2aHsNLxmpEviHDLTd267x5qXEDCNajesJ +iSALRpQzAJE/neQvVa2fiaV7PbPGlxtUcyR8J9sGfuuby48/RulPQ1CjL1+sI+IE +lnMZqTiab+1TT5OyKMYYRjQ4k3R/gUGn0MhQBcy1VOP6GVGEgeOYACbDSjvYO9HZ +dyM9ivpxLhV3BMVM2B0PmFxLgFdyBlIPkP36/5kBzOFJWdYrMLP/vahFVmTgevDm +8Uhi3PvEt6kKUnWHkBHdajzDKLvbh8y+Ucgap7PtT8apZR+8J9TX87gMFzH5r4Xc +SF97inJ/q098V8dyoPJpL6PRAzigBXGmB2fFhLgtoXfuKfI/nfgQHO7MbYCCFP4z +Och2kFZYehBTAgMBAAGjZjBkMB0GA1UdDgQWBBT24ScXvFFEdGFsK+X5SxmWnAmd +/jAfBgNVHSMEGDAWgBRaMzl9Nc1p7PgDWff+pvYOddMlljASBgNVHRMBAf8ECDAG +AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAgGzDCfJm +weo6oeSFmSLTmlBlTJZO+7igFWf8tunmTkg8wvKe+lCyDd2efNgUocI/NA+X4kRj +YtDH+hq0H+JlDu/p4y4/t6Srx/dh33Ow7eCv2wtuSCeK5Y0euysXhI9gmPquUGOC +HlHkmQcG03NbbrWt0+4IaPAaKxMuV0FR7KArudZvr+8gp9S8o0AkQVFZSbW41HQe +a7DAJmLF0vLQWoVz/YltKjwAMs/ws8OWxUdvcOA3w6XmWmjAFn5hc2MgHgu513c4 +Vbq0535ghU0Eneqc23y2ELa+8hbn5yS5wcK1AS2HG4VoDqOJw+pv4Ko3T33mCR6X +bUABSB+znX5kEZn8KQaP8sLm07kERGjCI3FLPscM1S851tah/iqBgddlIUn/YNpM +9uYQ2PWu6UWvqyZfhgVIlb2LYJNERtKZPeI05SRIbUW93wUTiC6A93fl8SEE7XHa +LMJt6+HLysR2IsXLqlSRZw3rIoT0B3G4uS9Xop89znLAknrOI57OvVAMLaeBrtkl +jepE7RrNX6VcyEY+Ar1p30ax4UJNxjxd3rszIznccerWQzuLo5wYUkuZEfNtnAFB +Z/4qlIn7wkbRevafgmlf/bhP6ZkeJFhqEjOq36Zci5JrnRu3rM/+Vex2ibHVat0E +IZjeGxeofAPEwTaLfPJT7EIWZ+33ZHMcz+8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFxDCCA6ygAwIBAgIJANi9lXvHAbx4MA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEG +A1UECgwKRnJlZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRl +IFJvb3QgQ0EwHhcNMTcwOTA3MDkyNDE2WhcNMjcwOTA1MDkyNDE2WjBvMQswCQYD +VQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xEzAR +BgNVBAoMCkZyZWVTV0lUQ0gxDjAMBgNVBAsMBUJsYWRlMRYwFAYDVQQDDA1CbGFk +ZSBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3Pt3X1j8 +YaRuGb4ENkhfazwZl0K4VlaPhGj4h4wiL5S2Tp8E83HoRkoyQRX0fhKCrHtjNucO +ODkVbf+QMlv1mgEwCq+3SIEA6keBzsUv5sahunfPd+Vgh6+lgp1sAfjFuFlxrRvi +ghO/yHHKE6P2BBgIz3t5QSakE/fLPwejZ98dacyAIxklzLvt4xHRVP7rxfiNFXKR +XHsQd1iaWGSUBNMkUspCl8wO5IAPX75RiFGeA80IjZ518YVjiFBjCdzQfJb9iGJC +GzrOcPJahfum+tzyIO/rIj+ldFyLPY0wbpa0wKeF58HWt52p3HmKnK5FUa7L8RNA +fc3/H+6qyDeBFx92+T6J30q61dcmPayKooUJNsTKslrZ5L2OicWZepa/Oc5dagyz +GEUc+Z11Mgl8/4pT4rUOna29v1d8+StJPN8XgWAHxmwpZ/cY/9GluSq5oB+6PTPc +Q0aFHHUAI97QqfpGOeAWjtVd/3YUcNo82Pa3577rRgh55X+XEySQmBiPWNOsfuCZ +ZvYGOkLmby1SYR/LOwH8opKJyG/bOiZq23aaTPkmEQQSLRzsKxWc2jlE/UllpYX3 +FCu8nFn+L7Tam495IImi8FrpEX16ZpTGhr7YnfbOkMYw+LaRA36U55e5DToJAB5T +CsC2CLhk8QDVoIMPfpYpY4XpdmA4EfDHOG0CAwEAAaNjMGEwHQYDVR0OBBYEFFoz +OX01zWns+ANZ9/6m9g510yWWMB8GA1UdIwQYMBaAFFozOX01zWns+ANZ9/6m9g51 +0yWWMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4ICAQAg74tSgyZKqZtqJPXt/fadZJqWS75cW5TN0rXTKWfzdDXnPfMD2dhZ +h0bH1ZQRamXmXWZni0LpWaOjvqaVNB2TMVStyjEIjLhcBLzR9fhBSXB0BkdVKXvF +Y/pmGN0ZM7BRwbbltgTPYIefftU6BvAyUP5k6y0JJZGy6RTYp7SN2iJ00msqfie/ +zmF83arhFAmW8wjDXMPsSz958+TNgeetFeQjrJ5sbMaApCE21QazHcZw6/zPMRvX +Gr+TPyx/p335MViz5SjeFThQ7XES871pZSbOhmIrugCHO8LJOat3oOlnsc8HkZ/T +AfUjka0SSPA/sRqPxjLWw/OwDn7g5GpbXl7RXpRsKR8CDIRMVrzD71Nk0SOEb3T9 +Dv7UTl6NDYlyYYqx35t/KsiwWjnPtr6Xcl8O9l/tuzf5Tjt1mz9i80BybE9wXHYi +Y3/1SGloKYVXC+HLLrLm1MEldi9GcYZDzxlydAPfHhSHlYWrvOS/J2Dq6uhH7RHn +JV0nE3bVQE01e6iR4BZMYSj4e3BrhMQvkMX67NndYEmoK6+9d77MsK7wblSXja7t +YyXysfQhcudaN/A00CLJt8VNq+h8Q9BR5PFmvIv6/jzV3kmLO4nX9z0CdERyBBUr +cFXfDn2TBpwlLvOQbEWvZPlEh7Vx2hXRRZr97NstLmFLGTdnVdAl9w== +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/certs/client@freeswitch-upstream.cert.pem b/libs/libblade/test/ca/intermediate/certs/client@freeswitch-upstream.cert.pem new file mode 100644 index 0000000000..b77891973f --- /dev/null +++ b/libs/libblade/test/ca/intermediate/certs/client@freeswitch-upstream.cert.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFPDCCAySgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzEyMDgwNloXDTI3MDkwNTEyMDgwNlowdzELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgQ2xpZW50IFVwc3RyZWFt +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QkR1NA64HPzuYYko7LT +ciwCWu1JLGuA3/7DkskMZ180+sQ3dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsR +ygghlevPqgGRGdf9WHIMjo9+hLM6MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uP +FGIJtX6GFiJ5Hp86wF+cqnfRRUFo+0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJ +i3pud+ulWPTKalYiUvsqN8tucjJIZb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpE +f1HsiLLJ7PEAID1fMONTL5sVXCJ1TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naq +ywIDAQABo4HjMIHgMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCG +SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUw +HQYDVR0OBBYEFCZDQ3rDX5H3YjuUjV5wsBi/GYyhMB8GA1UdIwQYMBaAFPbhJxe8 +UUR0YWwr5flLGZacCZ3+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF +BQcDAgYIKwYBBQUHAwQwHAYDVR0RBBUwE4IRY2xpZW50QGZyZWVzd2l0Y2gwDQYJ +KoZIhvcNAQELBQADggIBAETxSF12VHvtjQA/uP6oUyENmu7wSbINUQZznzyJZSUQ +X0eym9llkUqviMeT9g6wRIoFGSnoMuDkxKbG5k6xVIw6xBUeS+Ce40nhH3qmMkRi +2DZgoqpQHb4DrTszJlXCxLhnnE83DuGDGxN2MbdY1HhCUo8yHqlCiA27hnxk46xh +Xuyx44zoYsdpnROppSwBAeaW9Ewanp7GL8ayWUkbBy0kGV+8wH7u9bpijevmGZSC +iykbYBM7V+RvDvZoywfNSP+l9H77Tv3SI6G40Pfc55M5MbFOa/Po+XjNVeoTOFCu +YIgIm/kA2OUySyBiOy54HfxG5BecZYW+uUm2KIrDX5bS2tZcCww2eo4AKCXEYWrh +1NM1xbeZCregMQ+2gRap4jhB5a49JoH3KPrjFc+1fhnv68bmSAUWwF0twwxev1Aq +ugYwx5lOhAl9+wAZbtsUsmsCp0AmzsIzgv43H6lMXUMjwH8v770J7vpKgMzvXlu8 +wWxFKVMfyocQqvOvBQ3i9SwptnA0ORO8Y8/+Tyu8uW8as/H7z9qaHBcCOWl1RZkR +diBrb5f+OtnamvmDM32APxYtfomj9pgWyxK9vmeCpCILdga3c41iBHbGNJDaNz9q +y9N8z9w887aKQT+HUjoDD2/Zb92Nia1tY+NU0Qd3AQZysJjz1Pq/Eu7KRpHAirTC +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/certs/controller@freeswitch-downstream.cert.pem b/libs/libblade/test/ca/intermediate/certs/controller@freeswitch-downstream.cert.pem new file mode 100644 index 0000000000..2e4878f946 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/certs/controller@freeswitch-downstream.cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFmDCCA4CgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzA5NTIxNloXDTI3MDkwNTA5NTIxNlowfTELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEkMCIGA1UEAwwbQmxhZGUgQ29udHJvbGxlciBEb3du +c3RyZWFtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEA1njlU4qAG +2/KskXthKBI35KDTND92Dqg6gkAvbC/IGEJJyzxw7Fd2AjNMAbNLuaasK9HFRwPh +ZXOLQjvl+wjwtBEAgGw+gLqrLdC3RVuiWlxGsbfB4tAYn9Av44jURYc1Prprnvqz +l8+DIU6UTuRh9JimoyL6NC4rqgcvo8LjR01RNn27RdyeO/VhDjdiU2/vC/OujUqn +InhtGvTB/KrDJtxLEcl15zBGe0PBoolYCF2+8FS2cMFw8y2aeeNeOfvjlzMXOxGG +4vohxUNx/DZh6aNUzbh9Fp7gvJQ8ZRsRNqtI3AgGW4+7Bt4US9ekM8RQjRb51Vk/ +NcFhOKejswIDAQABo4IBODCCATQwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC +BkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0 +aWZpY2F0ZTAdBgNVHQ4EFgQUowMxPRDVCvF5Ax/Nvn+quWWny/kwgZoGA1UdIwSB +kjCBj4AU9uEnF7xRRHRhbCvl+UsZlpwJnf6hc6RxMG8xCzAJBgNVBAYTAlVTMREw +DwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEGA1UECgwKRnJl +ZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRlIFJvb3QgQ0GC +AhAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG +9w0BAQsFAAOCAgEAayl96eapLsMHWJDT/p1qfNhMYR+JtO7xaaGLJ+yiibY6T1Be +1R5dLhG7y00Ww1Os9B4F3rWScFxpGqI9GgX8FAGo94Rm3c6+qLAKj/IZmXC6Dgg/ +VzqppcxMt+wo4HsYYhiamVLCyPTrOpPZ82X0+rlR+7iQRbEQ09ubfrb1ec/rDbfU +Kucr1ugwAyOLCmTsK+PAXhAdT/9ci/pL2uO9AxKYgSqvc9VnxoyUusq4Qouxb76I +qmbkGxVN0iP67tJ9jecyaXSoAJ6kBUPAdOesp9shPXmxnU6sPbk5FuJqNU5uZmK+ +KFwGMycLOl8wGAtK88GlupSYHmUT1CDo5rKFtOtyD0wcjM1p+lieQIFYDRV4OLXh +qTa3gtgVRqEcXdn2GdtNFlO87HWR8ptr4gA3jfm/yaC3WGqsgbZtXyPerSIUSd3B +op+5tvE8oqaIahCJV+Lj5XbmXoQkVKGel1xQjZ9rZavBxvwT4BlTNjYBZQHN0wsk +T9Pd1jbytZ9Ffwf3BO/vnkeo4mXSybYN+Ohfh3+bDPMu+NDL7m2/V8ZhIuRCJP0w +YBrlHHxvn4wjVOMix/KXcYXMlVenL0V1xTUHhFhQhBWQ9V4TzzWq/YeZH18MyB/Q +J9vGivKGGFUcs2F7ze+juVOPuUv/hE4ypdPAa4uq+v4HUQAD3mYZkeJnq8o= +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/certs/controller@freeswitch-upstream.cert.pem b/libs/libblade/test/ca/intermediate/certs/controller@freeswitch-upstream.cert.pem new file mode 100644 index 0000000000..3f8d405924 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/certs/controller@freeswitch-upstream.cert.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFVjCCAz6gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzA5NTY1MFoXDTI3MDkwNTA5NTY1MFowezELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEiMCAGA1UEAwwZQmxhZGUgQ29udHJvbGxlciBVcHN0 +cmVhbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLeR7h7lhJR2/T3 +uaG8P20ko4Zo9wudGS/GN+aFv5EpFjlnRRxxbaqc5FFxWSWoJpMvrciX+4izC/jg +mVSU9L7TdK2svGT8rqbXz31H3wEIBP4irKLtW22UbOZL2JoiW8kDUMcyOsc3jTqp +Ewm96PSiYUJHvP6aTJRJdsAlmxZoJu46hxg8tNuy0V6YVPBZFU9NODEosm/wwAFo +Aly70lvUD/kXBZFPBbgMy6xHVPrXKdou2p4IwfWNqm4VmS652YkjG7avSSAnTaph +taTTCvtwOkCvrjJHvg4AG+zgwPdRxSZRqm7+zQdAIyC3zQzQRkbOizlZXej+ffXj +EiPNmNMCAwEAAaOB+TCB9jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAz +BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmlj +YXRlMB0GA1UdDgQWBBSmUpL+sqt/zQFJU1CnvyTAKVEttzAfBgNVHSMEGDAWgBT2 +4ScXvFFEdGFsK+X5SxmWnAmd/jAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI +KwYBBQUHAwIGCCsGAQUFBwMEMDIGA1UdEQQrMCmCFWNvbnRyb2xsZXJAZnJlZXN3 +aXRjaIIQY29udHJvbGxlckBibGFkZTANBgkqhkiG9w0BAQsFAAOCAgEASJ0KLhWJ +74j+jbHNAKMvqjrhCBSrAr6Ma94L7ut35umYx9jVQhlvW5FQnI+cGU9s+RRm/tkK +bze6aP+FaQdQvQMaxH9P7nCUjEXvKutzATwmXdRNv8MS+i9xVxX1vodZz2nSJ4uE +4GqwiS+HtF5W4DCSId55RQ/1lMsTHsDNi0SspV5nubGJ4qDv/EA6vgkEUMbR6X3J +phLcVTNeM+MvwYFZWZtnXkLnejZUYXMvtCCPwOW3fMQP8lWzNHwCOT+rZCboCnba +NMAOKKkZDiz525wYUsYqDrLN8Q94m1EwgCjIhd9Vn4aLZTBouKAouFW+//L8WWHA +rHFQuw4fy/efZzd1B+AaiM5FfWcKZuGQqa2LJS//GHDQGbRYZZOX505qOSKonSBU +vTLFDYIE4gIYWFFUZqzVOJnafRUGEVl1V5xLZajM7HWMuhCK8p+XA6QM7HQXDUMd +tMa9+EhU5nDF5V+gQmzjNDkh3xGLMbkZceEIP4nSRT9rTEVfILsQ8Q6G9pWYfYf7 +NsSBmax/F/8Jbx2gw9UVo7HVDx6dA5FRht4K8qiT6aA/5pRSOADMRz6ISM2idiF9 +NjadbBo+nVPtKosSF5ZGKxTAdYMUb34FMdp1N7J4UzG1ZBiLpNa3+7R3GGbtlNy5 +WLn35rnLEHYt9KvftBeYz58KVaiPQz/af8c= +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/certs/intermediate.cert.pem b/libs/libblade/test/ca/intermediate/certs/intermediate.cert.pem new file mode 100644 index 0000000000..8e915f4784 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/certs/intermediate.cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFtjCCA56gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbzELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApG +cmVlU1dJVENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBD +QTAeFw0xNzA5MDcwOTI4MDRaFw0yNzA5MDUwOTI4MDRaMGUxCzAJBgNVBAYTAlVT +MREwDwYDVQQIDAhJbGxpbm9pczETMBEGA1UECgwKRnJlZVNXSVRDSDEOMAwGA1UE +CwwFQmxhZGUxHjAcBgNVBAMMFUJsYWRlIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBALIlY1JmV9z6wjE6iEIXHUl2CRnsa1jD ++uDk4I/OncOdezpfv2mRO9C7VkcefXb5yDrda/qq8r9pNVm6Q2wCJICIlrK9uK90 +SLsB8WsO8Dnrv9E5Tx96U6J5qDx5Ma3IFM7fF1KUP1LVawpS4lMMKFhcyd/P1dAN +ZWlzHCBoM4O9HMo4sKYx4fzxn00yKNK+RU4Wyd3ecntOOg/Dtx3FHt1bExUFuPUW +sgVUR8b+R6Z/1U6iWe+3x/XBAUVCBhyzt7OrCpY0g3TX7wVCh7CafpZnTe54gjMo +1lqSraJ5Dr4Sn1LV1gRa8cVQrNbUZ+m2aHsNLxmpEviHDLTd267x5qXEDCNajesJ +iSALRpQzAJE/neQvVa2fiaV7PbPGlxtUcyR8J9sGfuuby48/RulPQ1CjL1+sI+IE +lnMZqTiab+1TT5OyKMYYRjQ4k3R/gUGn0MhQBcy1VOP6GVGEgeOYACbDSjvYO9HZ +dyM9ivpxLhV3BMVM2B0PmFxLgFdyBlIPkP36/5kBzOFJWdYrMLP/vahFVmTgevDm +8Uhi3PvEt6kKUnWHkBHdajzDKLvbh8y+Ucgap7PtT8apZR+8J9TX87gMFzH5r4Xc +SF97inJ/q098V8dyoPJpL6PRAzigBXGmB2fFhLgtoXfuKfI/nfgQHO7MbYCCFP4z +Och2kFZYehBTAgMBAAGjZjBkMB0GA1UdDgQWBBT24ScXvFFEdGFsK+X5SxmWnAmd +/jAfBgNVHSMEGDAWgBRaMzl9Nc1p7PgDWff+pvYOddMlljASBgNVHRMBAf8ECDAG +AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAgGzDCfJm +weo6oeSFmSLTmlBlTJZO+7igFWf8tunmTkg8wvKe+lCyDd2efNgUocI/NA+X4kRj +YtDH+hq0H+JlDu/p4y4/t6Srx/dh33Ow7eCv2wtuSCeK5Y0euysXhI9gmPquUGOC +HlHkmQcG03NbbrWt0+4IaPAaKxMuV0FR7KArudZvr+8gp9S8o0AkQVFZSbW41HQe +a7DAJmLF0vLQWoVz/YltKjwAMs/ws8OWxUdvcOA3w6XmWmjAFn5hc2MgHgu513c4 +Vbq0535ghU0Eneqc23y2ELa+8hbn5yS5wcK1AS2HG4VoDqOJw+pv4Ko3T33mCR6X +bUABSB+znX5kEZn8KQaP8sLm07kERGjCI3FLPscM1S851tah/iqBgddlIUn/YNpM +9uYQ2PWu6UWvqyZfhgVIlb2LYJNERtKZPeI05SRIbUW93wUTiC6A93fl8SEE7XHa +LMJt6+HLysR2IsXLqlSRZw3rIoT0B3G4uS9Xop89znLAknrOI57OvVAMLaeBrtkl +jepE7RrNX6VcyEY+Ar1p30ax4UJNxjxd3rszIznccerWQzuLo5wYUkuZEfNtnAFB +Z/4qlIn7wkbRevafgmlf/bhP6ZkeJFhqEjOq36Zci5JrnRu3rM/+Vex2ibHVat0E +IZjeGxeofAPEwTaLfPJT7EIWZ+33ZHMcz+8= +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/certs/master@freeswitch-downstream.cert.pem b/libs/libblade/test/ca/intermediate/certs/master@freeswitch-downstream.cert.pem new file mode 100644 index 0000000000..2e0a69d061 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/certs/master@freeswitch-downstream.cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFwDCCA6igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzA5NDQ1OVoXDTI3MDkwNTA5NDQ1OVoweTELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEgMB4GA1UEAwwXQmxhZGUgTWFzdGVyIERvd25zdHJl +YW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK8mciD1y9F1fz08+4 +V1d6VZfv87h0V4/JihsjFEAlvog1W1BsfMPw1eNGmykDVZPVgmmgjP95UZYBm9gW +P26ze6hzA/7wpqdCs/tG0XsiCS5NsyP/9g33hcXJqzhTQXoqn0cGRJzrre2AfPoX +2CijWpjH3ufUMyZzN7fP7/VCYNEDR/4Geyp3RjBnqw4PlFqroME2762kNC5jGkCh +hPUpYrKwNE6mvQ6H0DwjJl9cHR9ynssU81h0TDa98N6kKcDLzK7BAoFtFGRKrFkL +db8LtvbG6zyLZrpJtwkcgfyOoKtXMuHGfISnnMtbgi6IyZPfo/9RcKK6q6a3/ZHE +plwJAgMBAAGjggFkMIIBYDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAz +BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmlj +YXRlMB0GA1UdDgQWBBT5po36vCPKHCecbSz1ueDbFDZ1jjCBmgYDVR0jBIGSMIGP +gBT24ScXvFFEdGFsK+X5SxmWnAmd/qFzpHEwbzELMAkGA1UEBhMCVVMxETAPBgNV +BAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJ +VENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBDQYICEAAw +DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCoGA1UdEQQjMCGC +EW1hc3RlckBmcmVlc3dpdGNoggxtYXN0ZXJAYmxhZGUwDQYJKoZIhvcNAQELBQAD +ggIBAJ73CuGQvtFkzQxhVvmWcg7TOHeV6I1IycBXDgyEdL3MEC+z2vXpz7NwzcnD +F0gYBVXAszSkNsLxmzUsxSr2IOy6rTJ/5R/GP9/3NLfjF1H2r1lxytfngMokp6ts +AiCPu5fiIyYPlwj3Gcbw0+n8LL06oPKGf291eHRjWlJbbI0grUW2W1Mdajd9U42z +vadoY0NAtWiZI3sM+OpicAg8hsYLN40KsnEag3Y6JdsDNiT05qKDhUcqVROlVcu4 +CT4u1gNROClAt/iUGA2s8jsPutPEedtGuAcIHqDk60C6D0v1+PokdFGG2ZBgHZLg +fXRsPYzAtsqhyUW3jyR3XYEoIj1tU+zHRZT7B5wPczhOBk5LOHf+QYVVzwV3Ff5x +8de8KRXRSg2ygLQGpBWTqMzzrjVgeSBNzC5nW/WaQHkMxmSGvUyvpUVUX/ySpDFf +r4JfpYHmxSNWVdRVBmCzTBq2qM8npaPWsagXWOv/hdZcrTTi6nnrWxSIFogiY9DX +YW2GUENt56AlXlyhiKd/NCWkQN5c/pRjV8EVUSTNuLNwFsGWmdZdjiaOUeILxHQS +OyzvTgKohqHikECl1wISRuDY8Fbu+xfqUaERsSfS35CBKW3qtmnmg+9meE6MRj7I +sbWoHXx7dJZst7vcDDsBptUPNUFKsgHKqfaGrb7hJGro/vTV +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/cnf/client@freeswitch-upstream.cnf b/libs/libblade/test/ca/intermediate/cnf/client@freeswitch-upstream.cnf new file mode 100644 index 0000000000..c6c37bfca8 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/cnf/client@freeswitch-upstream.cnf @@ -0,0 +1,133 @@ +# OpenSSL intermediate CA configuration file. +# Copy to `/root/ca/intermediate/openssl.cnf`. + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = . +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/intermediate.key.pem +certificate = $dir/certs/intermediate.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/intermediate.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_loose + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = Illinois +localityName_default = Chicago +0.organizationName_default = FreeSWITCH +organizationalUnitName_default = Blade +emailAddress_default = + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection +subjectAltName = DNS: client@freeswitch + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning \ No newline at end of file diff --git a/libs/libblade/test/ca/intermediate/cnf/controller@freeswitch-upstream.cnf b/libs/libblade/test/ca/intermediate/cnf/controller@freeswitch-upstream.cnf new file mode 100644 index 0000000000..6f7c702fc2 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/cnf/controller@freeswitch-upstream.cnf @@ -0,0 +1,133 @@ +# OpenSSL intermediate CA configuration file. +# Copy to `/root/ca/intermediate/openssl.cnf`. + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = . +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/intermediate.key.pem +certificate = $dir/certs/intermediate.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/intermediate.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_loose + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = Illinois +localityName_default = Chicago +0.organizationName_default = FreeSWITCH +organizationalUnitName_default = Blade +emailAddress_default = + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection +subjectAltName = DNS: controller@freeswitch, DNS: controller@blade + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning \ No newline at end of file diff --git a/libs/libblade/test/ca/intermediate/cnf/master@freeswitch-downstream.cnf b/libs/libblade/test/ca/intermediate/cnf/master@freeswitch-downstream.cnf new file mode 100644 index 0000000000..f23e7c91e1 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/cnf/master@freeswitch-downstream.cnf @@ -0,0 +1,133 @@ +# OpenSSL intermediate CA configuration file. +# Copy to `/root/ca/intermediate/openssl.cnf`. + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = . +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/intermediate.key.pem +certificate = $dir/certs/intermediate.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/intermediate.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_loose + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = Illinois +localityName_default = Chicago +0.organizationName_default = FreeSWITCH +organizationalUnitName_default = Blade +emailAddress_default = + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth +subjectAltName = DNS: master@freeswitch, DNS: master@blade + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning \ No newline at end of file diff --git a/libs/libblade/test/ca/intermediate/crlnumber b/libs/libblade/test/ca/intermediate/crlnumber new file mode 100644 index 0000000000..e37d32abba --- /dev/null +++ b/libs/libblade/test/ca/intermediate/crlnumber @@ -0,0 +1 @@ +1000 \ No newline at end of file diff --git a/libs/libblade/test/ca/intermediate/csr/client@freeswitch-upstream.csr.pem b/libs/libblade/test/ca/intermediate/csr/client@freeswitch-upstream.csr.pem new file mode 100644 index 0000000000..f39fb3c5d0 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/csr/client@freeswitch-upstream.csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw +DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC +bGFkZTEeMBwGA1UEAwwVQmxhZGUgQ2xpZW50IFVwc3RyZWFtMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QkR1NA64HPzuYYko7LTciwCWu1JLGuA3/7D +kskMZ180+sQ3dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsRygghlevPqgGRGdf9 +WHIMjo9+hLM6MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uPFGIJtX6GFiJ5Hp86 +wF+cqnfRRUFo+0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJi3pud+ulWPTKalYi +UvsqN8tucjJIZb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpEf1HsiLLJ7PEAID1f +MONTL5sVXCJ1TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naqywIDAQABoAAwDQYJ +KoZIhvcNAQELBQADggEBAJd+fNwHr5soFlNbWb5kMP5utXwJhElEfnQ25puC0jhP +I03z63MS8Chi1Uaxo9MBpFnC84LVmhPT+7RwpRBubVJEWq2WUjZRvbt5dih+kGum +zC7dDhHAMx8Gk8TwsYnnzCDkcvetCCTfrn5otYlVxc/36PWoMB4dL426XSi5JVx0 +nxeXmbiIpZP9udwXDl6J6i8HhjtGpveiVIV3RrfleApYHAxFa5pVP9l3pwMt9RqX ++TbqXexAXrJoVoi8JENjDMGl2H/95UaXB7W/6iIHc/1hy3ebk5OCahxeIoS8LHgX +LsLKJDVsz5eOmfo5rF7lT1WVgp2TTS+W6ys2uX3j/cY= +-----END CERTIFICATE REQUEST----- diff --git a/libs/libblade/test/ca/intermediate/csr/controller@freeswitch-downstream.csr.pem b/libs/libblade/test/ca/intermediate/csr/controller@freeswitch-downstream.csr.pem new file mode 100644 index 0000000000..d143bb913f --- /dev/null +++ b/libs/libblade/test/ca/intermediate/csr/controller@freeswitch-downstream.csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICwjCCAaoCAQAwfTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw +DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC +bGFkZTEkMCIGA1UEAwwbQmxhZGUgQ29udHJvbGxlciBEb3duc3RyZWFtMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEA1njlU4qAG2/KskXthKBI35KDT +ND92Dqg6gkAvbC/IGEJJyzxw7Fd2AjNMAbNLuaasK9HFRwPhZXOLQjvl+wjwtBEA +gGw+gLqrLdC3RVuiWlxGsbfB4tAYn9Av44jURYc1Prprnvqzl8+DIU6UTuRh9Jim +oyL6NC4rqgcvo8LjR01RNn27RdyeO/VhDjdiU2/vC/OujUqnInhtGvTB/KrDJtxL +Ecl15zBGe0PBoolYCF2+8FS2cMFw8y2aeeNeOfvjlzMXOxGG4vohxUNx/DZh6aNU +zbh9Fp7gvJQ8ZRsRNqtI3AgGW4+7Bt4US9ekM8RQjRb51Vk/NcFhOKejswIDAQAB +oAAwDQYJKoZIhvcNAQELBQADggEBAHvlM/HiAI9fO2QlQRX4lAo0Y+pLYZDI0kjY +2PWsLEzI69mBYLTGFrvzYaSzwDUzkHBuypV69BTsWHQBbnMfRRvvqXQCObYcnMUa +IDaM4m4YLSYICWUYe+aCQZIMjg13TRspR8H1DlbRUlYFvsYumMeaeAauHW0t6xfL +H5vaFtNs0G4apJpb++CoCW/2cWS5Iyj4oViGitX1ajl4oRBzjPMqRQFlqUWExcM8 +a/XA1STOcIw8qlIWZw9hL7StOoMcAFhybjadZIGLYSI8Y1vCl2+Ur+bRNEU0VY4h +k9jhjr09pI0rHcXhXziZ88NRIQL4rT04MJnjR2G7AY18bKIGnqk= +-----END CERTIFICATE REQUEST----- diff --git a/libs/libblade/test/ca/intermediate/csr/controller@freeswitch-upstream.csr.pem b/libs/libblade/test/ca/intermediate/csr/controller@freeswitch-upstream.csr.pem new file mode 100644 index 0000000000..9704b1280e --- /dev/null +++ b/libs/libblade/test/ca/intermediate/csr/controller@freeswitch-upstream.csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICwDCCAagCAQAwezELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw +DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC +bGFkZTEiMCAGA1UEAwwZQmxhZGUgQ29udHJvbGxlciBVcHN0cmVhbTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLeR7h7lhJR2/T3uaG8P20ko4Zo9wud +GS/GN+aFv5EpFjlnRRxxbaqc5FFxWSWoJpMvrciX+4izC/jgmVSU9L7TdK2svGT8 +rqbXz31H3wEIBP4irKLtW22UbOZL2JoiW8kDUMcyOsc3jTqpEwm96PSiYUJHvP6a +TJRJdsAlmxZoJu46hxg8tNuy0V6YVPBZFU9NODEosm/wwAFoAly70lvUD/kXBZFP +BbgMy6xHVPrXKdou2p4IwfWNqm4VmS652YkjG7avSSAnTaphtaTTCvtwOkCvrjJH +vg4AG+zgwPdRxSZRqm7+zQdAIyC3zQzQRkbOizlZXej+ffXjEiPNmNMCAwEAAaAA +MA0GCSqGSIb3DQEBCwUAA4IBAQDTJmaPVFGJ7lgj2TOJi66WSLkXUc3wKCX7dkX/ +GIGXyr2hsabYT3FOkWlL0W/CI2KXkFEItnHPE4Plit9E+O/fZYGWjfSHhVUa6rzF +w+rM2EWklAl6s/zH1/MoliRG68aluyqv8aIyovRNfAj3F3FaDW5qiIaSVtp3Znlu +OlrIQD3ixqIa4na0+kr9MEV+wehDl5Uib0j8GLf7dM/drEywzWVkjaPRttrgvu/M +loill3Ta13RQMs0qzu1zx36mbb+hyahq5kyrabWDisV6cmWxbcSCIGCOCfgHdXMl +KYupqGBp1ey7KEl3erB4WQ8Rhl7z01+5QEhd875pNmHRE5/w +-----END CERTIFICATE REQUEST----- diff --git a/libs/libblade/test/ca/intermediate/csr/intermediate.csr.pem b/libs/libblade/test/ca/intermediate/csr/intermediate.csr.pem new file mode 100644 index 0000000000..900701b01a --- /dev/null +++ b/libs/libblade/test/ca/intermediate/csr/intermediate.csr.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEvDCCAqQCAQAwdzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw +DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC +bGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAsiVjUmZX3PrCMTqIQhcdSXYJGexrWMP64OTg +j86dw517Ol+/aZE70LtWRx59dvnIOt1r+qryv2k1WbpDbAIkgIiWsr24r3RIuwHx +aw7wOeu/0TlPH3pTonmoPHkxrcgUzt8XUpQ/UtVrClLiUwwoWFzJ38/V0A1laXMc +IGgzg70cyjiwpjHh/PGfTTIo0r5FThbJ3d5ye046D8O3HcUe3VsTFQW49RayBVRH +xv5Hpn/VTqJZ77fH9cEBRUIGHLO3s6sKljSDdNfvBUKHsJp+lmdN7niCMyjWWpKt +onkOvhKfUtXWBFrxxVCs1tRn6bZoew0vGakS+IcMtN3brvHmpcQMI1qN6wmJIAtG +lDMAkT+d5C9VrZ+JpXs9s8aXG1RzJHwn2wZ+65vLjz9G6U9DUKMvX6wj4gSWcxmp +OJpv7VNPk7IoxhhGNDiTdH+BQafQyFAFzLVU4/oZUYSB45gAJsNKO9g70dl3Iz2K ++nEuFXcExUzYHQ+YXEuAV3IGUg+Q/fr/mQHM4UlZ1isws/+9qEVWZOB68ObxSGLc ++8S3qQpSdYeQEd1qPMMou9uHzL5RyBqns+1PxqllH7wn1NfzuAwXMfmvhdxIX3uK +cn+rT3xXx3Kg8mkvo9EDOKAFcaYHZ8WEuC2hd+4p8j+d+BAc7sxtgIIU/jM5yHaQ +Vlh6EFMCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQBjDnbyUJMn5Av78pt611u3 +/QrYxH1SHEwjtSwPcusmoTCNhMIF07GLlRuLNB1teyNLFtLzq345d/sr+o9BmFAS +ODpW0rN5RGXnZKvHPrBARFRb/UdyZDlvbl/ksVT6b9fzroPRtU3IqgdAXvKnvJ7G +1RCaIxyZd7T856Z7Eq2tmn0AblyXJLWy2JpBy6CzRK4KFCuNHbs+HrVBXeHD6Tgc +pcbtIKohHw/x3r+OX2uf6hr0bfewePE7y5pf4yVb+eaN6TMQQHHSN+oIVSNi8yKk +Sr1wd8F5OEp6teYKj4Nlrc8giOkrIV91a1XUJsKgYfzpT4GevIw+8U1uIa8qB3Ow +ZchgdsltZAFR0MGmwJNKGQ6JAmFmZTGD2G43P3Y9EnXDiGYWo5k0UkdghaoJIIAO +DYxGhEGOINjHmJyQik0ha+38+cLAWoItrSIShZaHDMSXx5ujaFBrZxPa662BwkF4 +zUXmAW09ww64owAYZ+a1EuujTcLDYszSzIbF6UqBoCeDpq3L5wEgFzl0zktVIwWI +YQ99IKOj0JVbsIbikFoteXFbE1x0dR05Mgx9NaCDrIlmmydnsNW5xvwQISYnr92U +HgS0/xfgaPo8hqDpl6rjlfwj0Ay/LZTAfH/xGjN69DZbTgf55PRhkTdwMLiQuY6e +ENqjprP7sJ7aYdND59jAmQ== +-----END CERTIFICATE REQUEST----- diff --git a/libs/libblade/test/ca/intermediate/csr/master@freeswitch-downstream.csr.pem b/libs/libblade/test/ca/intermediate/csr/master@freeswitch-downstream.csr.pem new file mode 100644 index 0000000000..e8922958b8 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/csr/master@freeswitch-downstream.csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICvjCCAaYCAQAweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCElsbGlub2lzMRAw +DgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQLDAVC +bGFkZTEgMB4GA1UEAwwXQmxhZGUgTWFzdGVyIERvd25zdHJlYW0wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK8mciD1y9F1fz08+4V1d6VZfv87h0V4/J +ihsjFEAlvog1W1BsfMPw1eNGmykDVZPVgmmgjP95UZYBm9gWP26ze6hzA/7wpqdC +s/tG0XsiCS5NsyP/9g33hcXJqzhTQXoqn0cGRJzrre2AfPoX2CijWpjH3ufUMyZz +N7fP7/VCYNEDR/4Geyp3RjBnqw4PlFqroME2762kNC5jGkChhPUpYrKwNE6mvQ6H +0DwjJl9cHR9ynssU81h0TDa98N6kKcDLzK7BAoFtFGRKrFkLdb8LtvbG6zyLZrpJ +twkcgfyOoKtXMuHGfISnnMtbgi6IyZPfo/9RcKK6q6a3/ZHEplwJAgMBAAGgADAN +BgkqhkiG9w0BAQsFAAOCAQEAGJ9T9wIQ5i8X8bkvsNKJMWBWWx6O5ihP77ve6Pet +BHvfJyV++lFbaU4Af/5R5eE5aOXpfIzMm6MHmvE3sSSL9+Bkaqw+VL1jKieG919C ++5CEC1T053QWjbqYG7dp5wVTMJ3MSawvsrkD6sr2rSHhu2pcmEeF5bFcaaYSXVsG +vmCGQh7lUj8N79xdiuQvYUM1Lpgo/81WeUWXjCaMVkv6Hdzp0Hx9avCSweb6kklE +dSUjOkOKGA/+IoCXmFiLxNs0hzxrkG85aVCmv1x5fcm9mqNVoqBY2YqWWguavDnz +DT88l92ZDGqJpVmB+a5H1pC9JY54UUyii462ZMcDmrMK7g== +-----END CERTIFICATE REQUEST----- diff --git a/libs/libblade/test/ca/intermediate/index.txt b/libs/libblade/test/ca/intermediate/index.txt new file mode 100644 index 0000000000..b4cb5e3ca0 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/index.txt @@ -0,0 +1,4 @@ +V 270905094459Z 1000 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Master Downstream +V 270905095216Z 1001 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Downstream +V 270905095650Z 1002 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Upstream +V 270905120806Z 1003 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Client Upstream diff --git a/libs/libblade/test/ca/intermediate/index.txt.attr b/libs/libblade/test/ca/intermediate/index.txt.attr new file mode 100644 index 0000000000..8f7e63a347 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/libs/libblade/test/ca/intermediate/index.txt.attr.old b/libs/libblade/test/ca/intermediate/index.txt.attr.old new file mode 100644 index 0000000000..8f7e63a347 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/libs/libblade/test/ca/intermediate/index.txt.old b/libs/libblade/test/ca/intermediate/index.txt.old new file mode 100644 index 0000000000..47a2db0ebf --- /dev/null +++ b/libs/libblade/test/ca/intermediate/index.txt.old @@ -0,0 +1,3 @@ +V 270905094459Z 1000 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Master Downstream +V 270905095216Z 1001 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Downstream +V 270905095650Z 1002 unknown /C=US/ST=Illinois/L=Chicago/O=FreeSWITCH/OU=Blade/CN=Blade Controller Upstream diff --git a/libs/libblade/test/ca/intermediate/newcerts/1000.pem b/libs/libblade/test/ca/intermediate/newcerts/1000.pem new file mode 100644 index 0000000000..2e0a69d061 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/newcerts/1000.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFwDCCA6igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzA5NDQ1OVoXDTI3MDkwNTA5NDQ1OVoweTELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEgMB4GA1UEAwwXQmxhZGUgTWFzdGVyIERvd25zdHJl +YW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK8mciD1y9F1fz08+4 +V1d6VZfv87h0V4/JihsjFEAlvog1W1BsfMPw1eNGmykDVZPVgmmgjP95UZYBm9gW +P26ze6hzA/7wpqdCs/tG0XsiCS5NsyP/9g33hcXJqzhTQXoqn0cGRJzrre2AfPoX +2CijWpjH3ufUMyZzN7fP7/VCYNEDR/4Geyp3RjBnqw4PlFqroME2762kNC5jGkCh +hPUpYrKwNE6mvQ6H0DwjJl9cHR9ynssU81h0TDa98N6kKcDLzK7BAoFtFGRKrFkL +db8LtvbG6zyLZrpJtwkcgfyOoKtXMuHGfISnnMtbgi6IyZPfo/9RcKK6q6a3/ZHE +plwJAgMBAAGjggFkMIIBYDAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAz +BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmlj +YXRlMB0GA1UdDgQWBBT5po36vCPKHCecbSz1ueDbFDZ1jjCBmgYDVR0jBIGSMIGP +gBT24ScXvFFEdGFsK+X5SxmWnAmd/qFzpHEwbzELMAkGA1UEBhMCVVMxETAPBgNV +BAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJ +VENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBDQYICEAAw +DgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCoGA1UdEQQjMCGC +EW1hc3RlckBmcmVlc3dpdGNoggxtYXN0ZXJAYmxhZGUwDQYJKoZIhvcNAQELBQAD +ggIBAJ73CuGQvtFkzQxhVvmWcg7TOHeV6I1IycBXDgyEdL3MEC+z2vXpz7NwzcnD +F0gYBVXAszSkNsLxmzUsxSr2IOy6rTJ/5R/GP9/3NLfjF1H2r1lxytfngMokp6ts +AiCPu5fiIyYPlwj3Gcbw0+n8LL06oPKGf291eHRjWlJbbI0grUW2W1Mdajd9U42z +vadoY0NAtWiZI3sM+OpicAg8hsYLN40KsnEag3Y6JdsDNiT05qKDhUcqVROlVcu4 +CT4u1gNROClAt/iUGA2s8jsPutPEedtGuAcIHqDk60C6D0v1+PokdFGG2ZBgHZLg +fXRsPYzAtsqhyUW3jyR3XYEoIj1tU+zHRZT7B5wPczhOBk5LOHf+QYVVzwV3Ff5x +8de8KRXRSg2ygLQGpBWTqMzzrjVgeSBNzC5nW/WaQHkMxmSGvUyvpUVUX/ySpDFf +r4JfpYHmxSNWVdRVBmCzTBq2qM8npaPWsagXWOv/hdZcrTTi6nnrWxSIFogiY9DX +YW2GUENt56AlXlyhiKd/NCWkQN5c/pRjV8EVUSTNuLNwFsGWmdZdjiaOUeILxHQS +OyzvTgKohqHikECl1wISRuDY8Fbu+xfqUaERsSfS35CBKW3qtmnmg+9meE6MRj7I +sbWoHXx7dJZst7vcDDsBptUPNUFKsgHKqfaGrb7hJGro/vTV +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/newcerts/1001.pem b/libs/libblade/test/ca/intermediate/newcerts/1001.pem new file mode 100644 index 0000000000..2e4878f946 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/newcerts/1001.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFmDCCA4CgAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzA5NTIxNloXDTI3MDkwNTA5NTIxNlowfTELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEkMCIGA1UEAwwbQmxhZGUgQ29udHJvbGxlciBEb3du +c3RyZWFtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEA1njlU4qAG +2/KskXthKBI35KDTND92Dqg6gkAvbC/IGEJJyzxw7Fd2AjNMAbNLuaasK9HFRwPh +ZXOLQjvl+wjwtBEAgGw+gLqrLdC3RVuiWlxGsbfB4tAYn9Av44jURYc1Prprnvqz +l8+DIU6UTuRh9JimoyL6NC4rqgcvo8LjR01RNn27RdyeO/VhDjdiU2/vC/OujUqn +InhtGvTB/KrDJtxLEcl15zBGe0PBoolYCF2+8FS2cMFw8y2aeeNeOfvjlzMXOxGG +4vohxUNx/DZh6aNUzbh9Fp7gvJQ8ZRsRNqtI3AgGW4+7Bt4US9ekM8RQjRb51Vk/ +NcFhOKejswIDAQABo4IBODCCATQwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC +BkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0 +aWZpY2F0ZTAdBgNVHQ4EFgQUowMxPRDVCvF5Ax/Nvn+quWWny/kwgZoGA1UdIwSB +kjCBj4AU9uEnF7xRRHRhbCvl+UsZlpwJnf6hc6RxMG8xCzAJBgNVBAYTAlVTMREw +DwYDVQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzETMBEGA1UECgwKRnJl +ZVNXSVRDSDEOMAwGA1UECwwFQmxhZGUxFjAUBgNVBAMMDUJsYWRlIFJvb3QgQ0GC +AhAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG +9w0BAQsFAAOCAgEAayl96eapLsMHWJDT/p1qfNhMYR+JtO7xaaGLJ+yiibY6T1Be +1R5dLhG7y00Ww1Os9B4F3rWScFxpGqI9GgX8FAGo94Rm3c6+qLAKj/IZmXC6Dgg/ +VzqppcxMt+wo4HsYYhiamVLCyPTrOpPZ82X0+rlR+7iQRbEQ09ubfrb1ec/rDbfU +Kucr1ugwAyOLCmTsK+PAXhAdT/9ci/pL2uO9AxKYgSqvc9VnxoyUusq4Qouxb76I +qmbkGxVN0iP67tJ9jecyaXSoAJ6kBUPAdOesp9shPXmxnU6sPbk5FuJqNU5uZmK+ +KFwGMycLOl8wGAtK88GlupSYHmUT1CDo5rKFtOtyD0wcjM1p+lieQIFYDRV4OLXh +qTa3gtgVRqEcXdn2GdtNFlO87HWR8ptr4gA3jfm/yaC3WGqsgbZtXyPerSIUSd3B +op+5tvE8oqaIahCJV+Lj5XbmXoQkVKGel1xQjZ9rZavBxvwT4BlTNjYBZQHN0wsk +T9Pd1jbytZ9Ffwf3BO/vnkeo4mXSybYN+Ohfh3+bDPMu+NDL7m2/V8ZhIuRCJP0w +YBrlHHxvn4wjVOMix/KXcYXMlVenL0V1xTUHhFhQhBWQ9V4TzzWq/YeZH18MyB/Q +J9vGivKGGFUcs2F7ze+juVOPuUv/hE4ypdPAa4uq+v4HUQAD3mYZkeJnq8o= +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/newcerts/1002.pem b/libs/libblade/test/ca/intermediate/newcerts/1002.pem new file mode 100644 index 0000000000..3f8d405924 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/newcerts/1002.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFVjCCAz6gAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzA5NTY1MFoXDTI3MDkwNTA5NTY1MFowezELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEiMCAGA1UEAwwZQmxhZGUgQ29udHJvbGxlciBVcHN0 +cmVhbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLeR7h7lhJR2/T3 +uaG8P20ko4Zo9wudGS/GN+aFv5EpFjlnRRxxbaqc5FFxWSWoJpMvrciX+4izC/jg +mVSU9L7TdK2svGT8rqbXz31H3wEIBP4irKLtW22UbOZL2JoiW8kDUMcyOsc3jTqp +Ewm96PSiYUJHvP6aTJRJdsAlmxZoJu46hxg8tNuy0V6YVPBZFU9NODEosm/wwAFo +Aly70lvUD/kXBZFPBbgMy6xHVPrXKdou2p4IwfWNqm4VmS652YkjG7avSSAnTaph +taTTCvtwOkCvrjJHvg4AG+zgwPdRxSZRqm7+zQdAIyC3zQzQRkbOizlZXej+ffXj +EiPNmNMCAwEAAaOB+TCB9jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAz +BglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmlj +YXRlMB0GA1UdDgQWBBSmUpL+sqt/zQFJU1CnvyTAKVEttzAfBgNVHSMEGDAWgBT2 +4ScXvFFEdGFsK+X5SxmWnAmd/jAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI +KwYBBQUHAwIGCCsGAQUFBwMEMDIGA1UdEQQrMCmCFWNvbnRyb2xsZXJAZnJlZXN3 +aXRjaIIQY29udHJvbGxlckBibGFkZTANBgkqhkiG9w0BAQsFAAOCAgEASJ0KLhWJ +74j+jbHNAKMvqjrhCBSrAr6Ma94L7ut35umYx9jVQhlvW5FQnI+cGU9s+RRm/tkK +bze6aP+FaQdQvQMaxH9P7nCUjEXvKutzATwmXdRNv8MS+i9xVxX1vodZz2nSJ4uE +4GqwiS+HtF5W4DCSId55RQ/1lMsTHsDNi0SspV5nubGJ4qDv/EA6vgkEUMbR6X3J +phLcVTNeM+MvwYFZWZtnXkLnejZUYXMvtCCPwOW3fMQP8lWzNHwCOT+rZCboCnba +NMAOKKkZDiz525wYUsYqDrLN8Q94m1EwgCjIhd9Vn4aLZTBouKAouFW+//L8WWHA +rHFQuw4fy/efZzd1B+AaiM5FfWcKZuGQqa2LJS//GHDQGbRYZZOX505qOSKonSBU +vTLFDYIE4gIYWFFUZqzVOJnafRUGEVl1V5xLZajM7HWMuhCK8p+XA6QM7HQXDUMd +tMa9+EhU5nDF5V+gQmzjNDkh3xGLMbkZceEIP4nSRT9rTEVfILsQ8Q6G9pWYfYf7 +NsSBmax/F/8Jbx2gw9UVo7HVDx6dA5FRht4K8qiT6aA/5pRSOADMRz6ISM2idiF9 +NjadbBo+nVPtKosSF5ZGKxTAdYMUb34FMdp1N7J4UzG1ZBiLpNa3+7R3GGbtlNy5 +WLn35rnLEHYt9KvftBeYz58KVaiPQz/af8c= +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/newcerts/1003.pem b/libs/libblade/test/ca/intermediate/newcerts/1003.pem new file mode 100644 index 0000000000..b77891973f --- /dev/null +++ b/libs/libblade/test/ca/intermediate/newcerts/1003.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFPDCCAySgAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwZTELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRMwEQYDVQQKDApGcmVlU1dJVENIMQ4wDAYDVQQL +DAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgSW50ZXJtZWRpYXRlIENBMB4XDTE3MDkw +NzEyMDgwNloXDTI3MDkwNTEyMDgwNlowdzELMAkGA1UEBhMCVVMxETAPBgNVBAgM +CElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApGcmVlU1dJVENI +MQ4wDAYDVQQLDAVCbGFkZTEeMBwGA1UEAwwVQmxhZGUgQ2xpZW50IFVwc3RyZWFt +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QkR1NA64HPzuYYko7LT +ciwCWu1JLGuA3/7DkskMZ180+sQ3dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsR +ygghlevPqgGRGdf9WHIMjo9+hLM6MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uP +FGIJtX6GFiJ5Hp86wF+cqnfRRUFo+0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJ +i3pud+ulWPTKalYiUvsqN8tucjJIZb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpE +f1HsiLLJ7PEAID1fMONTL5sVXCJ1TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naq +ywIDAQABo4HjMIHgMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCG +SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUw +HQYDVR0OBBYEFCZDQ3rDX5H3YjuUjV5wsBi/GYyhMB8GA1UdIwQYMBaAFPbhJxe8 +UUR0YWwr5flLGZacCZ3+MA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF +BQcDAgYIKwYBBQUHAwQwHAYDVR0RBBUwE4IRY2xpZW50QGZyZWVzd2l0Y2gwDQYJ +KoZIhvcNAQELBQADggIBAETxSF12VHvtjQA/uP6oUyENmu7wSbINUQZznzyJZSUQ +X0eym9llkUqviMeT9g6wRIoFGSnoMuDkxKbG5k6xVIw6xBUeS+Ce40nhH3qmMkRi +2DZgoqpQHb4DrTszJlXCxLhnnE83DuGDGxN2MbdY1HhCUo8yHqlCiA27hnxk46xh +Xuyx44zoYsdpnROppSwBAeaW9Ewanp7GL8ayWUkbBy0kGV+8wH7u9bpijevmGZSC +iykbYBM7V+RvDvZoywfNSP+l9H77Tv3SI6G40Pfc55M5MbFOa/Po+XjNVeoTOFCu +YIgIm/kA2OUySyBiOy54HfxG5BecZYW+uUm2KIrDX5bS2tZcCww2eo4AKCXEYWrh +1NM1xbeZCregMQ+2gRap4jhB5a49JoH3KPrjFc+1fhnv68bmSAUWwF0twwxev1Aq +ugYwx5lOhAl9+wAZbtsUsmsCp0AmzsIzgv43H6lMXUMjwH8v770J7vpKgMzvXlu8 +wWxFKVMfyocQqvOvBQ3i9SwptnA0ORO8Y8/+Tyu8uW8as/H7z9qaHBcCOWl1RZkR +diBrb5f+OtnamvmDM32APxYtfomj9pgWyxK9vmeCpCILdga3c41iBHbGNJDaNz9q +y9N8z9w887aKQT+HUjoDD2/Zb92Nia1tY+NU0Qd3AQZysJjz1Pq/Eu7KRpHAirTC +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/intermediate/openssl.cnf b/libs/libblade/test/ca/intermediate/openssl.cnf new file mode 100644 index 0000000000..2a0e3561f0 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/openssl.cnf @@ -0,0 +1,132 @@ +# OpenSSL intermediate CA configuration file. +# Copy to `/root/ca/intermediate/openssl.cnf`. + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = . +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/intermediate.key.pem +certificate = $dir/certs/intermediate.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/intermediate.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_loose + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = Illinois +localityName_default = Chicago +0.organizationName_default = FreeSWITCH +organizationalUnitName_default = Blade +emailAddress_default = + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning \ No newline at end of file diff --git a/libs/libblade/test/ca/intermediate/private/client@freeswitch-upstream.key.pem b/libs/libblade/test/ca/intermediate/private/client@freeswitch-upstream.key.pem new file mode 100644 index 0000000000..60289fa059 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/private/client@freeswitch-upstream.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA7QkR1NA64HPzuYYko7LTciwCWu1JLGuA3/7DkskMZ180+sQ3 +dBG4UjujKMRc0h65oFZc//WYIfmfUznLvLsRygghlevPqgGRGdf9WHIMjo9+hLM6 +MgZ51Eqqydh42L7sen/2bO85gh/pfxno3+uPFGIJtX6GFiJ5Hp86wF+cqnfRRUFo ++0L34+rLY08fITEkTbPjNg5R2jcWa+dWJXIJi3pud+ulWPTKalYiUvsqN8tucjJI +Zb279yzrxsV2qjRqHBCToBj9/kcJHD8gKrpEf1HsiLLJ7PEAID1fMONTL5sVXCJ1 +TXpjWNZTlcTCCMAhrEghGMZV0FIm7GS//naqywIDAQABAoIBABSZ9TLJ5lQbv9Mg +FY8ku7vwl0PP28xAi7LsMZNQZgOWAsTIyQkNgTekd0nTxz177iZBW1PjxJUvXOme +3FZK7ADjNAgTtrjP6gyU+S/2uaCqWBSwfx5Z8bzBwJZKejZcYbFD7ecJ47WrkF+7 +oMHVd1oOK0na9Ux3Mo+2xyRxKuyl0ngwYp71pDh2QyCqZUXBEeY/gD6rPOf6Bt02 ++fEjsePe0wGJUpiTpThwJuYH8nHQviXIN/zEK5CN3kOFC+fVVRLrXENmOrVBUMjC +l8falZza/dtzStDDKsC5gQw+GZM3TC/1zo0eb+uzTeTLDH3o5GWsCAKC9MMImZo/ +gu9KkgECgYEA+Ecnv+nfAn6REU4jztFYcAHGMs0dEJPJK1AD/TkwMYC7Ve2uUNuz +/0KsKiz0SyqhQxsvBHnj2FVlTZCxGQFe2KhVF3cp5miALMHlH/mbQyP2nnoO2+Ny +A8GBizPNvugdDKUrnj/6jIp6S+2jhR5OfEtY2KgA5QjGRMIxndhsNo0CgYEA9Ghm +Hk+UtutZ7NPXoZBH0iuBiDj3NOfqX/84mUb4XAQ+EVUw62pGpTf2OU8RRuHgGoHf +aRcrfga/wtKx3/UA2m31xNhIWIHSGE35neyzQQXBp6fB2bhUCpPBgFCJz+fQCdOj +fcCw3vrMf2H5oS/0azIsgsDRVp9lNAOtgdfFXLcCgYB5IgZTzSBAUE4o+k3gLyWN +6F+yE38VwnUJC84Wcxt/W4aLIx7EVp0YcogbP7mlHtR1MEMdVPcEao21bV3qjE+h +N2fkvgAUaXH35FYM5rSI6nf91CGByROsn3G73/eHKCpcLA3+9MoiXcHTX8tDPIkg +fYaIlldxZ3mMvI6Gq7wIVQKBgQCba0P85GhSRalCg5fson45dPcC9A6ncw7Eityo +A8xtXzlE9mKMYWGZMNP/r3ryEzLaSFoUTuqWUp5gunDoVLl9LU2LJmoi9jLux68D +MQDwSUPTZEdONvwiWcFD4nMwZV4S0aV2kzEmKmAeZOREDuWjwR0y7IByUBwgDnKo +TdiwUwKBgQDJ8OYzNPvp6wJ0vGg3s7ula8tiHCPmFCRJVLV6H1a+UDQD4MY2DdFa +MgyxbetwglrSJNI4KJnc+WRYKspvTHlIkkr/GyJRW1EtBBED+drkOmvZE7vc51mN +vj79bK66jJls/ul7YQxaKPHhB77zVNFJzWfZ8BrOCMhNTuxIE1xpRA== +-----END RSA PRIVATE KEY----- diff --git a/libs/libblade/test/ca/intermediate/private/controller@freeswitch-downstream.key.pem b/libs/libblade/test/ca/intermediate/private/controller@freeswitch-downstream.key.pem new file mode 100644 index 0000000000..6a516337b4 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/private/controller@freeswitch-downstream.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAwEA1njlU4qAG2/KskXthKBI35KDTND92Dqg6gkAvbC/IGEJJ +yzxw7Fd2AjNMAbNLuaasK9HFRwPhZXOLQjvl+wjwtBEAgGw+gLqrLdC3RVuiWlxG +sbfB4tAYn9Av44jURYc1Prprnvqzl8+DIU6UTuRh9JimoyL6NC4rqgcvo8LjR01R +Nn27RdyeO/VhDjdiU2/vC/OujUqnInhtGvTB/KrDJtxLEcl15zBGe0PBoolYCF2+ +8FS2cMFw8y2aeeNeOfvjlzMXOxGG4vohxUNx/DZh6aNUzbh9Fp7gvJQ8ZRsRNqtI +3AgGW4+7Bt4US9ekM8RQjRb51Vk/NcFhOKejswIDAQABAoIBAQCPBjXdhGF2R/9S +WnOvt85L9WHHoS3/TMcTmGwOwpmFLvb5tTcZD9oiud59PJRrH2xSrYChCOpvLp/c +zdzoZY9u9vO7wnpREDZfpn/7Ea+G1ekuuD+Pr1l61726BzPZXs4s+63NAPtXxsMd +SbAQc1k6aAXH5ljyPO9PKpopYDc86FCJwPikedeYAHzRG7o5msMUiyTQJkiti505 +cpK+YC6F0KxLzhYKKy5UlWW9J/j5rZf1UkK9keaP+dWxi3u1177aaZh3f/RMl04I +QFxhfIElyuzcJK84uC3Ddmwjk88ix9RqP3Ho7EY+ly5WpHcuHJVXxKgOQXheRYeH +4GQN2nBBAoGBAPOwQGPrwYkHjjWUAZ6NAvhxwUfJipjcdj0mF1J9aHzg6nn3PpE3 +nbFipPGdfTIf+v6QdpQJ4BEwCEgXNctfcqyu5UUv6S5TR4vAIpkuffA10GQaxcX0 +OXkdi/KgcHle0RQW+FJXMBfkr7DXidMy4XFK06kp0VPsECrINpM4B8hJAoGBAMn2 +sCrHn8zq3N1hO9gRPCjyArLLJEwL1QzwY07oIjPQFUsIHmt9ixh3VcipMoChqxfn +dPSWqeLiq/t0e3ekSGLQf9juivoKZzv5KQqFoPg8/9eWnM988OuXQ525AgnaQIq2 +Sb1I+Yo5pS+PUShHrDBTI7Di+wMkljERZ4qy0WQbAoGAdkXU+qoyBI/mNZrgLlPC +XVLYvD7VRdu6h3M1XpP/YpzHMOsPMuwLXUzDQYFugiWDbIoxAyjH14+4dUTOlyZ8 +QdOg8zONuS4yS2G1aSNnfG6h9fQIiUs/mcj9Y4T7Ee0zDM0ZON2YOgCERRBXlGnd +gV8P28qwDktEjX8e/dTz8gECgYEAugjSHZXkTQ3KhOGcDltR3yWN9sPIm4QKq/CC +iZyqZK+37XV9D+aEyfSiwEOakYJZ55r80JA3zRae9PFHCd36D4ufOGQDAG+0yDmq +5FZTAFawFBZYO4gLI/giAJb6mbjA2wUux30A36JZ1oVdbI0YvyrWJYnvTeXVsz0k +803kMyECgYAZW+NOhX4mXr2N4qfpQqE2JZZCPY9SlOJLwbS117xXqeOuE5Ht5owr +DUO7z5Ps5dvDFdcvWf7wE4L8ZTxUNywFUbONb3dIH7AuIQXn8wcu3LqQbt15g9f3 +7vpm6snlbgebSMWarvE+W8DhklceuYizodI639HSjd8qNqCsiVWLbw== +-----END RSA PRIVATE KEY----- diff --git a/libs/libblade/test/ca/intermediate/private/controller@freeswitch-upstream.key.pem b/libs/libblade/test/ca/intermediate/private/controller@freeswitch-upstream.key.pem new file mode 100644 index 0000000000..d09a16cf66 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/private/controller@freeswitch-upstream.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA4t5HuHuWElHb9Pe5obw/bSSjhmj3C50ZL8Y35oW/kSkWOWdF +HHFtqpzkUXFZJagmky+tyJf7iLML+OCZVJT0vtN0ray8ZPyuptfPfUffAQgE/iKs +ou1bbZRs5kvYmiJbyQNQxzI6xzeNOqkTCb3o9KJhQke8/ppMlEl2wCWbFmgm7jqH +GDy027LRXphU8FkVT004MSiyb/DAAWgCXLvSW9QP+RcFkU8FuAzLrEdU+tcp2i7a +ngjB9Y2qbhWZLrnZiSMbtq9JICdNqmG1pNMK+3A6QK+uMke+DgAb7ODA91HFJlGq +bv7NB0AjILfNDNBGRs6LOVld6P599eMSI82Y0wIDAQABAoIBADhwdAdBN6R3GPFo +b5X87wqIAuZ9VnhdLNblySJgQ7gpMI43Usowrce0IFjiifsEShRz2Bf/N2Rapq/T +sFGKfRi8IlrSjkvRUOHQ7p2MM75d8GAI4EnoIsawFid01v4BbjQjzwS/SkAlYc0m +IsZZqIqzmt6SWkI8wLBjVleXA24fIvzgb/k0scAK51Zu4sgEYQmZYzzIdEjPoaj3 +SgU3YgsHFkTl6fwu56BqIyXIymmKIYmMyljFXXvEzqePsLAxH3nBoOjViIzybCRz +twoCY2Ww3ddNJpJmldccs+0pB0i+rdnxg8lS0QCExI8cLNy8fzEQmKX5BQtGnd13 +8dO+0AECgYEA/gx5Oe5GZGMFtwVkUpAdwlGHB4chaX3BWAG2aHM6qmEoV6GntQog +FMko6ifHY2oFt7gLR18bYQqgvpqkRlFieG89Y5Crsz6rSqu9HtBezuLibQ+9DRaZ +MdGDrNjZ9gIv4W4bwakp9SHnvIyVDXzvX464XBF4Xp7B3kGkIPkQh4ECgYEA5Jxc +3DYy8G2svF5hln3DmR2EKsoAfC0pdq+pxCxPDE5v6GONuwPnSB6YdP0nAZuMr+CY +VZuiajH8lbZTjKYLAvi31B8hNV7s68YegUKYM21mzlGvlc9agjkuIQsHullHN/8R +A7wuXoBC93m+0sQ86gX4Yw56kzHvmt3bt/R2qlMCgYBzYazpP6veyg59akh/Kw8p +AyglphzpsYDPfK+gzrzVRx0wd64Yjkm1xwr7Fif7odqI72DIAI0JzO7mwotbmHj1 +o+gowTsKRKs9VbSmOxLkOa2GxQAi4qGfO73nEfIkRigC5aRbl34D5GtAekT0BEsf +hk17G0AlEUuRqxRlGVmFgQKBgQCybpjMCEGaBwBbxg7FN0QDrlYKT8AxK87BJDqN +M0g/grk12P42icVrNPYp2a0oRBB69gHwT5lk6b8L21M65B6UIyzYE7QHxB+HpwsI +OMIy4aDsSDWT6FPscFTg1Ysil6xOuHa/Q5GtkM6z+gJG34Pr5N0J87MYUFGDvsZP +vi8goQKBgQDWvwsSBOdVp0A5CxjjCDdIZWSg9VnHDulNiKg1uk3Ohg/N12ZmK0ZY +HBy5hHSYBIx0PixfdKC6fkjbDdWCeKCoLqeUN3NU7WyDb+hnvDHI4uYU12CkXBnE +sSdNVzfzCouLg1czYdxnlItwYRc5pTnTdEvdZJC4lNDSvrx+wM1GeA== +-----END RSA PRIVATE KEY----- diff --git a/libs/libblade/test/ca/intermediate/private/intermediate.key.pem b/libs/libblade/test/ca/intermediate/private/intermediate.key.pem new file mode 100644 index 0000000000..8a2f0e7b2b --- /dev/null +++ b/libs/libblade/test/ca/intermediate/private/intermediate.key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAsiVjUmZX3PrCMTqIQhcdSXYJGexrWMP64OTgj86dw517Ol+/ +aZE70LtWRx59dvnIOt1r+qryv2k1WbpDbAIkgIiWsr24r3RIuwHxaw7wOeu/0TlP +H3pTonmoPHkxrcgUzt8XUpQ/UtVrClLiUwwoWFzJ38/V0A1laXMcIGgzg70cyjiw +pjHh/PGfTTIo0r5FThbJ3d5ye046D8O3HcUe3VsTFQW49RayBVRHxv5Hpn/VTqJZ +77fH9cEBRUIGHLO3s6sKljSDdNfvBUKHsJp+lmdN7niCMyjWWpKtonkOvhKfUtXW +BFrxxVCs1tRn6bZoew0vGakS+IcMtN3brvHmpcQMI1qN6wmJIAtGlDMAkT+d5C9V +rZ+JpXs9s8aXG1RzJHwn2wZ+65vLjz9G6U9DUKMvX6wj4gSWcxmpOJpv7VNPk7Io +xhhGNDiTdH+BQafQyFAFzLVU4/oZUYSB45gAJsNKO9g70dl3Iz2K+nEuFXcExUzY +HQ+YXEuAV3IGUg+Q/fr/mQHM4UlZ1isws/+9qEVWZOB68ObxSGLc+8S3qQpSdYeQ +Ed1qPMMou9uHzL5RyBqns+1PxqllH7wn1NfzuAwXMfmvhdxIX3uKcn+rT3xXx3Kg +8mkvo9EDOKAFcaYHZ8WEuC2hd+4p8j+d+BAc7sxtgIIU/jM5yHaQVlh6EFMCAwEA +AQKCAgA4vlX7qiO0fJ8cZSN/wbMPciyF+FtdA9fGiMDKraps452bw2HJ83vVCcb6 +kkiue/N+ZIb/ajI2LAHVWdId9jTASEGQH4RTRrvf7UeDrVdxa5lGwHVmdmVrbErd +MFFVpFSUbFUWdagR727P9ASpJUc4lh2rT50wTwQNaZ/85pP6E2O3OgVyepMcKa5v +PVnpfre+nt2f8ToP8qPl35ZVQjOJmHfki1UVpCwCLI1MYjRaYX+FM4toIubrbZXF +BLnDrK8H6KRPodx5fEpjJ4TnCN7nc3JMUlBOkWRtpyjthpfejTn4fapU6s715bOY +HkIXHIX9I/7rsoIbbZDrj3tpJx4rCM1SkbjIylOvgWe7fEa5awiHnVQYL2Mwx60w +Ag35r+ZvChu7+rNP/xXh812jNPOoFfwdXktJ0QSIbZp2dJGJLwaaaf2WscuYtKii +0L4eY4wuJFd08nIIKDSxx+U+kO9JImZE1gxrFZJFBkt5fR1HtiK5904AUExVHcFC +Bkkar++TztO4rZSRm5kcIQQ8e0zFFSnQNX3FAgRPt+FG7Rqq2TbN0QnyCu6WtY/a +66sUgFoJHv/kkiukUYZgzHLsUuQn12U1hl6hPKjxQFaYUQU+ZDVuT8dJ1C/XQbPO +V5REaV5gcATsCIvcWIb6R1gqqT6xaDK8AfDUdcBG7RAZFP3g6QKCAQEA2Usr0l2r +xUSSfvQEd/YgORwZaCBmDpPi+MmLDZGij44aUemo+3QlzJBu88sCQRHAHBsxshA5 +8aQxb2gLyKyhbYjp7PQwlvJdWXrsTYtQaJ5j41x62PDqZg3EuBs6hmmpHk9srl3J +RS171C4GrY+hvCetpfBFjvBpGMkS5xxuf7ghtfEqihHeWEfhoBFxCovyTcEG5EpV +bIGkAQmEqjihUkwqSs1beR7Uo3lbBQv7TJ8IpqJoO2KguuCmrqxJD7blAGA09XoC +Ndjum3/xLUVv8X1aLa3NkGgsfNBYyEVOxmbxmtrEXmrOQ7ryr6XUQcbiWCpiRJUB +le1UX5wOgOP25wKCAQEA0eELKk6nfhizZ4RT9Va5W70gidIcXk6n2bVxACybj+cZ +yDMClyYQCREl2N/ndxWzlMAJG5v8+4fzhUHMvzh6HJirdJXWU0AD8ujPHDTEO1Ot +3S8GXj+q6t9Q2Ov1bmAHIlT97rrPqiMKjgl6NrCg8LUJ5FiVqAONlPdb/vk7GRvi +KdyccJPwEO8hXWljXRMx0Rb2g7OWXfTWxTi3APf5HVAYWIpPzzAAlNfnM8i+rPxM +YnWPj3BZXNfo2T5dyL8tFvW0aNp8wSe8y31FXtanwzfkhEune9aeS6me/SJnTuVZ +D4IVS5QmBl5uxp9EM3f5Q12wx8wQf6k7CSt26IKptQKCAQAaWwjEqkHkWm3eYiCM +oFjGNIdMXumiCQP1oxRvn+N0wAqnNs0dOrg++KHMhioO1GVVw2Kis18j1QN9/MO5 +Il8uFvYwnGmsVVdHPCafPS+SkOuSryvjVk1H9ZGPtxXBKd2uZHnNKGj6MAsd8Ds1 +H//A/5sLTnpRXQ2SSQk26PbqHN5R4B+FwacTVBykupjYa6MHFUuNswprb8oBqjLi +Jp5CiiRzEDdxGHE4JscIdKyVXZDCDV7RHSRbplXxR8pQ0qEyC3lA8PyFpXtDdyA8 +mnh6dPbUJYmSY2BJ/0dVezqTy/awDqrUvOWpx2oaLeXx2HqpsPJcWSppEfEy643C +ymOvAoIBAQCBw2pr1gWo6QzDTAW9AsnH9r9PdyEjDe6ppI0hVnM4HeLK7P8FBPuV +H40O8iDieAB4T+NRtrhLrFrcYTp+YCTf2WToyFujTUkjvt2OyvEo3Sv6PUDqtOKw +JTKPbBRrEeRXTcVS/R24S8IS37k4ZyyaptRe4oZlQw0etXGjy+TGOX8z8rqmwFEF +p1QxtR9CRMPgSxpPg5HMtby0Y8SCTM8xWHw1Ag8mQr+ZR4QjeFKsEbIIjjccsJIP +3U6SQwUpQUpXj8LjsXLA2hjYl7N0V7OR99TKFxyObLuifFVYnRTSqurNs9gGyqpX +9br4AzDfwaXUCPFsFrd8tt1RZhY229KhAoIBAQCO7m9O9VCPVff5G8ZPyBx0dBa5 +9izwZ+eOJVXAMJUlw6uA5rgzne6di3JS8IOzaKOrNVK2cXESbS97n1pBybqqHibg +bBOMESsoin8VdQZVic5rGYr3f8llMrv3yaVK8UievCNBdVPXlBY58uVyZIxrkVyo +Xv2x/+6EcarY46CT874zLhYHRcq/ZNWfQpUx5V2ySO/eNgSbbob4dzEdP52HpPx1 +JAGpTHiOkicORAu1RWN1HvGxMITz6q/pY81cEwOI4QsQJQs+Qk0xMKLqW6f1EZY1 +dgvQq8YnwSo1fOrVM0TL5jvbXK7vRVT2zQ/RkEMIza1qvfeGbpCDD8/O21so +-----END RSA PRIVATE KEY----- diff --git a/libs/libblade/test/ca/intermediate/private/master@freeswitch-downstream.key.pem b/libs/libblade/test/ca/intermediate/private/master@freeswitch-downstream.key.pem new file mode 100644 index 0000000000..9a7ecbaa3c --- /dev/null +++ b/libs/libblade/test/ca/intermediate/private/master@freeswitch-downstream.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyvJnIg9cvRdX89PPuFdXelWX7/O4dFePyYobIxRAJb6INVtQ +bHzD8NXjRpspA1WT1YJpoIz/eVGWAZvYFj9us3uocwP+8KanQrP7RtF7IgkuTbMj +//YN94XFyas4U0F6Kp9HBkSc663tgHz6F9goo1qYx97n1DMmcze3z+/1QmDRA0f+ +Bnsqd0YwZ6sOD5Raq6DBNu+tpDQuYxpAoYT1KWKysDROpr0Oh9A8IyZfXB0fcp7L +FPNYdEw2vfDepCnAy8yuwQKBbRRkSqxZC3W/C7b2xus8i2a6SbcJHIH8jqCrVzLh +xnyEp5zLW4IuiMmT36P/UXCiuqumt/2RxKZcCQIDAQABAoIBADimja9uRl7qQzzm +5Vb52otllTIAAH9JafPCP2z9XCKtGux5/uspsLBrpDOzYDF0E/5HlyCf+zhsU8lD +LYCYWFh1rkHc3a9jddEi2IOeOhb4JRq/ZM8wahmsF9gBmYlz/5wiNftD7+HB/Uge +mtlJF57xzTANwvzzAkqrRP4gZ4ANct1zlqfsSojObV7a8BN7nk5xWw9lfQ2JmB8/ +ZLcXqKOyHZzH7A1XigeBoFglONWbBkxaziWiTld5QT1CiL4u3vke3QefLEUtOQq0 +ti8iaapS9q/qMcBzJuBvlEG1QdrHpz7moLlinplnLJy0tVdPFBr2ICX5im+SxHik +nUJd+QECgYEA90618dSSxGguB7EWm51yIuLw7TXlh3FPzD3O3FNhxcmdfd9HrNRO +lJYev/z8j1c2YK0F2n4zn5XRyiu2NKa6U3EpF55+LW61WibkK494HwkzLpRWQUJE +aoDVz6iNhmZQDMTecKl6xVJSIhYV2wf6uh+PRbxlxNAyFIB0dPf0cLkCgYEA0hSI +XM4l0w3goTVqAVfbm92gRi6KEq1iMO6kXTCMs3SN6b3X8BW4AgD6rIOszrhbpkqp +Y6qkPSsOoo0x0er4ErQIZgnNH+eDQIxRaj84zpkwj8NKw43NYSurK9VGDPsJz6dS +dcJPIe6jKCrYPp/XDx8fZorcAqXOHscKFFVsfdECgYEAyYbVkzxzYSO4JsJzNtol +cTJXvCWIZke7DCdt03MLIJ77/N+fS8IySrjOVAr3UGN0R3GXbIYc0TXIICRgtSUM +fwSexMV98s3dcJpyouCltTzM/W8ZntI+aD+WfELRGS10nAMtdMdW6Ub88RPoOXWW +JmejW+N7VteFh9lpjQuloNkCgYEAgwTtOrwS2PsZslDmyOmrfB0PvVV/JUDfMVdU +SQ5jYfR6IWIWD5TsCsvjir4gg1h1SFPeKtuczM1StkxK2vmpN7jyV/ka5h/0OsiI +ajP90NO3dqG8uhNxGH4spgzAQI48Qza+ddT2l1oGhaGa9guoC7VEVyaZKkmQMJ/A +CIhyPlECgYAxxTfosu1A7ZrceRPONl6rgVFGoWlqsI5COL5fcNmrl8rGfTkSOMQF +ZPNO/7rl/3Ziaah6CZf06qMSG9atVfOJ9OQ6bPcS6JLSIHGwU9NVlAjGpFSAlM2m +/KEffzPMJlyz6c7sXLt1Hb+hjO15yYsDpHZynFSSffd91GHNx8Lhew== +-----END RSA PRIVATE KEY----- diff --git a/libs/libblade/test/ca/intermediate/serial b/libs/libblade/test/ca/intermediate/serial new file mode 100644 index 0000000000..59c1122662 --- /dev/null +++ b/libs/libblade/test/ca/intermediate/serial @@ -0,0 +1 @@ +1004 diff --git a/libs/libblade/test/ca/intermediate/serial.old b/libs/libblade/test/ca/intermediate/serial.old new file mode 100644 index 0000000000..baccd0398f --- /dev/null +++ b/libs/libblade/test/ca/intermediate/serial.old @@ -0,0 +1 @@ +1003 diff --git a/libs/libblade/test/ca/newcerts/1000.pem b/libs/libblade/test/ca/newcerts/1000.pem new file mode 100644 index 0000000000..8e915f4784 --- /dev/null +++ b/libs/libblade/test/ca/newcerts/1000.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFtjCCA56gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwbzELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCElsbGlub2lzMRAwDgYDVQQHDAdDaGljYWdvMRMwEQYDVQQKDApG +cmVlU1dJVENIMQ4wDAYDVQQLDAVCbGFkZTEWMBQGA1UEAwwNQmxhZGUgUm9vdCBD +QTAeFw0xNzA5MDcwOTI4MDRaFw0yNzA5MDUwOTI4MDRaMGUxCzAJBgNVBAYTAlVT +MREwDwYDVQQIDAhJbGxpbm9pczETMBEGA1UECgwKRnJlZVNXSVRDSDEOMAwGA1UE +CwwFQmxhZGUxHjAcBgNVBAMMFUJsYWRlIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBALIlY1JmV9z6wjE6iEIXHUl2CRnsa1jD ++uDk4I/OncOdezpfv2mRO9C7VkcefXb5yDrda/qq8r9pNVm6Q2wCJICIlrK9uK90 +SLsB8WsO8Dnrv9E5Tx96U6J5qDx5Ma3IFM7fF1KUP1LVawpS4lMMKFhcyd/P1dAN +ZWlzHCBoM4O9HMo4sKYx4fzxn00yKNK+RU4Wyd3ecntOOg/Dtx3FHt1bExUFuPUW +sgVUR8b+R6Z/1U6iWe+3x/XBAUVCBhyzt7OrCpY0g3TX7wVCh7CafpZnTe54gjMo +1lqSraJ5Dr4Sn1LV1gRa8cVQrNbUZ+m2aHsNLxmpEviHDLTd267x5qXEDCNajesJ +iSALRpQzAJE/neQvVa2fiaV7PbPGlxtUcyR8J9sGfuuby48/RulPQ1CjL1+sI+IE +lnMZqTiab+1TT5OyKMYYRjQ4k3R/gUGn0MhQBcy1VOP6GVGEgeOYACbDSjvYO9HZ +dyM9ivpxLhV3BMVM2B0PmFxLgFdyBlIPkP36/5kBzOFJWdYrMLP/vahFVmTgevDm +8Uhi3PvEt6kKUnWHkBHdajzDKLvbh8y+Ucgap7PtT8apZR+8J9TX87gMFzH5r4Xc +SF97inJ/q098V8dyoPJpL6PRAzigBXGmB2fFhLgtoXfuKfI/nfgQHO7MbYCCFP4z +Och2kFZYehBTAgMBAAGjZjBkMB0GA1UdDgQWBBT24ScXvFFEdGFsK+X5SxmWnAmd +/jAfBgNVHSMEGDAWgBRaMzl9Nc1p7PgDWff+pvYOddMlljASBgNVHRMBAf8ECDAG +AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAgGzDCfJm +weo6oeSFmSLTmlBlTJZO+7igFWf8tunmTkg8wvKe+lCyDd2efNgUocI/NA+X4kRj +YtDH+hq0H+JlDu/p4y4/t6Srx/dh33Ow7eCv2wtuSCeK5Y0euysXhI9gmPquUGOC +HlHkmQcG03NbbrWt0+4IaPAaKxMuV0FR7KArudZvr+8gp9S8o0AkQVFZSbW41HQe +a7DAJmLF0vLQWoVz/YltKjwAMs/ws8OWxUdvcOA3w6XmWmjAFn5hc2MgHgu513c4 +Vbq0535ghU0Eneqc23y2ELa+8hbn5yS5wcK1AS2HG4VoDqOJw+pv4Ko3T33mCR6X +bUABSB+znX5kEZn8KQaP8sLm07kERGjCI3FLPscM1S851tah/iqBgddlIUn/YNpM +9uYQ2PWu6UWvqyZfhgVIlb2LYJNERtKZPeI05SRIbUW93wUTiC6A93fl8SEE7XHa +LMJt6+HLysR2IsXLqlSRZw3rIoT0B3G4uS9Xop89znLAknrOI57OvVAMLaeBrtkl +jepE7RrNX6VcyEY+Ar1p30ax4UJNxjxd3rszIznccerWQzuLo5wYUkuZEfNtnAFB +Z/4qlIn7wkbRevafgmlf/bhP6ZkeJFhqEjOq36Zci5JrnRu3rM/+Vex2ibHVat0E +IZjeGxeofAPEwTaLfPJT7EIWZ+33ZHMcz+8= +-----END CERTIFICATE----- diff --git a/libs/libblade/test/ca/openssl.cnf b/libs/libblade/test/ca/openssl.cnf new file mode 100644 index 0000000000..5a44dfb4b0 --- /dev/null +++ b/libs/libblade/test/ca/openssl.cnf @@ -0,0 +1,132 @@ +# OpenSSL root CA configuration file. +# Copy to `/root/ca/openssl.cnf`. + +[ ca ] +# `man ca` +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = . +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/ca.key.pem +certificate = $dir/certs/ca.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/ca.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_strict + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = Illinois +localityName_default = Chicago +0.organizationName_default = FreeSWITCH +organizationalUnitName_default = Blade +emailAddress_default = + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning \ No newline at end of file diff --git a/libs/libblade/test/ca/private/ca.key.pem b/libs/libblade/test/ca/private/ca.key.pem new file mode 100644 index 0000000000..9c305f8510 --- /dev/null +++ b/libs/libblade/test/ca/private/ca.key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEA3Pt3X1j8YaRuGb4ENkhfazwZl0K4VlaPhGj4h4wiL5S2Tp8E +83HoRkoyQRX0fhKCrHtjNucOODkVbf+QMlv1mgEwCq+3SIEA6keBzsUv5sahunfP +d+Vgh6+lgp1sAfjFuFlxrRvighO/yHHKE6P2BBgIz3t5QSakE/fLPwejZ98dacyA +IxklzLvt4xHRVP7rxfiNFXKRXHsQd1iaWGSUBNMkUspCl8wO5IAPX75RiFGeA80I +jZ518YVjiFBjCdzQfJb9iGJCGzrOcPJahfum+tzyIO/rIj+ldFyLPY0wbpa0wKeF +58HWt52p3HmKnK5FUa7L8RNAfc3/H+6qyDeBFx92+T6J30q61dcmPayKooUJNsTK +slrZ5L2OicWZepa/Oc5dagyzGEUc+Z11Mgl8/4pT4rUOna29v1d8+StJPN8XgWAH +xmwpZ/cY/9GluSq5oB+6PTPcQ0aFHHUAI97QqfpGOeAWjtVd/3YUcNo82Pa3577r +Rgh55X+XEySQmBiPWNOsfuCZZvYGOkLmby1SYR/LOwH8opKJyG/bOiZq23aaTPkm +EQQSLRzsKxWc2jlE/UllpYX3FCu8nFn+L7Tam495IImi8FrpEX16ZpTGhr7YnfbO +kMYw+LaRA36U55e5DToJAB5TCsC2CLhk8QDVoIMPfpYpY4XpdmA4EfDHOG0CAwEA +AQKCAgEAiAH9pqGONEqPuShKT16b29RRq9dUvU7pZgV1cXe+Uqqkyh71XSBuZVSl +OYnZwP6DjsUie1gaWGBJ4Dm69kPDFdZFS0568BT2CzuXmTukD9WRFMNI3fI/R0PE +Cm/5Wf1TM/NZE8Jl1slw8F2Ykh4H/N0ODyVfq8mskt2gKlr5J6Ua5VMISpHfwfKo +p2j//eAoHOCtdNXewZy8tbfCx0SgFZgecxYphmQBhoGK9NKeO9h/+Lbo3MD6tnvy +lqNjUV6mswf7Y0WWikvXY4zGSlBopV33aG5BugKSQtvylx+e/3GiLjDtKYcUME7J +jPkBZw2bfHqo6ud+ee+fZnfuhOwkdoHCGPA4aN7L3B19XJBKsI4zAoQNlUAteegg +D59Fdnq8362xLE0F0crEgwMFYj4Qg9jy12em3iSvuKa17o0FuovGug4nHiQQ5asH +nmjadXNfM6xAoQqCgbwjrVYD+i+/ofFAqDhPbjH+nOxS8l4MD+0i7nzQAIqIjsvl +S5XM548ufxcEgwpMGc2bbJS5qg1weIgHZGT/RqnzeqFfHaJ8VN33Lbk2H5w6Qj87 +QFNqE6ZxFnf/k8FRF1QJB6BhmkhExvYgiK51DElnkinDDa6nkbwlkr1dE5zVv2zQ +jLmQdBoHw2dBWEmik0lZ4m6rIvMD5rkR45oNPcyZ2wA8dKgr6AECggEBAPjmq0vK +ur8RSpqEIXvI6dvGNXayGAFM0KLaHYfB6+qWXP6j+cn2wJHvH9sxl9vmUdE8auj+ +DaoaK6XeFcvBryO4+EwzrnY4eVU6QW/UiCgmSnRupLBxeyQOSgbok+3gMeJieSPw +CpyH5cC3v9mWpg5X5dmm+ENUqv3d4hjsZzxwkJ/k92/29F7eaCVmlEOPw2skkz3O +4BBznOSL9foKp0zAx/hqV2hkJmnb6DK14D6QkX+A0o8mOvhq1NjJ0isMUtllVzkq +Lro3J8NEwkMhwYfVMOoj/URdZ8iskp5T6ez/BmIPE5zE9F8ZKmU4PkmpMoHISzDz +5zTJOBCJ9AslNuECggEBAONI81qE5gxk1DCXLkfdCDe1paoy2DTGFX2MXTeDipv+ +C466l/odu9JQZASfXgpVkyjAPKFTCgAZL20V3izuk2izskZKN16KaNG3SJWmwWx1 +o2Gle2Z0Jd8AqaXvPzAKDFio/6MfD/EQFzOv9+BEBAlCFCz39Q19neSarhS6Ckv8 +kljsOambnjGtSliPZkrFueG9BLRqaTCU3yZpXsS8DqCVTqw4xmNcMGADkhn568Jq +664iFXjD5aiAnrmBKzW7GLY7mbH4oyxmL+NNj0mwjB80evFZ8RIQuJ4tmIRFK0vo +czNWo6CPOVbd4qMbhsHk4Pm1gH7LHbbT1PFlrsZ0Tw0CggEAWFHJoLhMMbZaCaAv +HXR6fzDDEd46JGP0eIT7C4wlQXWfg//9h8vWIzJ91FKxtybwC1Xr/ccAZEarDE1U +4JtWoU9mU+vW0T5S14o3ZA4/TjfgHZaRO8bY0j97xx3KOBNgwBr/L2Bi845JWWwa +WIRbYiWQev4DhCjMEA8mxn9EVq7+sq4VmxY/OlajD/ppS9v8lM1CriD1YwETQAnl ++5bCLLsPejeJ0pIPC2sr5qqg6rJz3pGApakELdgCtPZQbFQQJfIO1EsCj7M4mdKR +OC8HNELS+5JPsW2PgSazVBkknaMUycDdzbgZmpEceRRPDeZK9MB05eb2OMXZ7gx1 +m2rWIQKCAQB6rpLk5l2CjR5YCBKsKavY3kzI3N8FRXKuLQjYAUHdR7iXVzLXiBss +v8XtFNTfASgI1BMmBTudp/qIiEg/upuI5Y4yELdoaY+Au80LMlKvp6QD/h3oxIL4 +p1PrRIO3+4SEitxKAWdKeKP9e1tyC2SeVrOrPkBhAtAqaC/U8kLCl1erdf7+BQjT +ybUarnTJoYbfSXbzp4iV95WoFzJXQScoGM+5eH/lfAqEmQjQyq0uaSZD/RPX9u3N +EXgbq5RWUWJaYztn7Eyvl4z7xY61eP15jotaIXFVjf8JKpVruCZRt+wO5xI1hXmu +4OAHqMEJgfDJ+OWeCydD233Su08mwfs1AoIBABnzt5VGd6K835vpZHsXiAxmCh5y +rk85wcnWy/Id1IpP91bDkHF/ilD/IpegS+dKGrmaEauKpRy+mRT+KyhUQAzS/Xnv +k/6wbbwzLFvmD3zm1pID4/LucetyyFQmM/45V+sDTNsf1sWA92we0n4q+MiR3Xep +apQoO90u3q2I811UlwfUzeLknnGr0+5FiQ2Lkt34GAgUr3ydNNw31fR9uWU4FRLq +JZNXYQcaeH7NoAW4bhS0fo3+KKl6Yqza8O4iu1v8wqbTgVuNd/OJSvYZSc76yDrc +Ghju++Rz9enWJfA00sTebHC+TDm97ASS6uZH2gwR6xjKggUbxlJ3uw/yQK4= +-----END RSA PRIVATE KEY----- diff --git a/libs/libblade/test/ca/serial b/libs/libblade/test/ca/serial new file mode 100644 index 0000000000..dd11724042 --- /dev/null +++ b/libs/libblade/test/ca/serial @@ -0,0 +1 @@ +1001 diff --git a/libs/libblade/test/ca/serial.old b/libs/libblade/test/ca/serial.old new file mode 100644 index 0000000000..83b33d238d --- /dev/null +++ b/libs/libblade/test/ca/serial.old @@ -0,0 +1 @@ +1000 diff --git a/libs/libblade/test/testcli.cfg b/libs/libblade/test/testcli.cfg index 6d7e93b5a0..2315c2456d 100644 --- a/libs/libblade/test/testcli.cfg +++ b/libs/libblade/test/testcli.cfg @@ -1,3 +1,15 @@ blade: { + transport: + { + wss: + { + ssl: + { + key = "./ca/intermediate/private/client@freeswitch-upstream.key.pem"; + cert = "./ca/intermediate/certs/client@freeswitch-upstream.cert.pem"; + chain = "./ca/intermediate/certs/ca-chain.cert.pem"; + }; + }; + }; }; diff --git a/libs/libblade/test/testcon.cfg b/libs/libblade/test/testcon.cfg index 6deb9958e2..011c06deb1 100644 --- a/libs/libblade/test/testcon.cfg +++ b/libs/libblade/test/testcon.cfg @@ -4,16 +4,23 @@ blade: { wss: { + ssl: + { + key = "./ca/intermediate/private/controller@freeswitch-upstream.key.pem"; + cert = "./ca/intermediate/certs/controller@freeswitch-upstream.cert.pem"; + chain = "./ca/intermediate/certs/ca-chain.cert.pem"; + }; endpoints: { ipv4 = ( { address = "0.0.0.0", port = 2101 } ); ipv6 = ( { address = "::", port = 2101 } ); backlog = 128; - }; - # SSL group is optional, disabled when absent - ssl: - { - # todo: server SSL stuffs here + ssl: + { + key = "./ca/intermediate/private/controller@freeswitch-downstream.key.pem"; + cert = "./ca/intermediate/cert/controller@freeswitch-downstream.cert.pem"; + chain = "./ca/intermediate/cert/ca-chain.cert.pem"; + }; }; }; }; diff --git a/libs/libks/src/include/ks_ssl.h b/libs/libks/src/include/ks_ssl.h index b899c64cc3..53d758154b 100644 --- a/libs/libks/src/include/ks_ssl.h +++ b/libs/libks/src/include/ks_ssl.h @@ -5,6 +5,7 @@ #include #include +#include KS_BEGIN_EXTERN_C diff --git a/libs/libks/src/include/kws.h b/libs/libks/src/include/kws.h index 2ffe523c92..734591ab59 100644 --- a/libs/libks/src/include/kws.h +++ b/libs/libks/src/include/kws.h @@ -79,6 +79,9 @@ KS_DECLARE(ks_status_t) kws_init(kws_t **kwsP, ks_socket_t sock, SSL_CTX *ssl_ct KS_DECLARE(ks_ssize_t) kws_close(kws_t *kws, int16_t reason); KS_DECLARE(void) kws_destroy(kws_t **kwsP); KS_DECLARE(ks_status_t) kws_get_buffer(kws_t *kws, char **bufP, ks_size_t *buflen); +KS_DECLARE(ks_size_t) kws_sans_count(kws_t *kws); +KS_DECLARE(const char *) kws_sans_get(kws_t *kws, ks_size_t index); + diff --git a/libs/libks/src/ks_ssl.c b/libs/libks/src/ks_ssl.c index 0670cfed19..5db491d4d5 100644 --- a/libs/libks/src/ks_ssl.c +++ b/libs/libks/src/ks_ssl.c @@ -63,6 +63,7 @@ KS_DECLARE(void) ks_ssl_init_ssl_locks(void) is_init = 1; SSL_library_init(); + SSL_load_error_strings(); if (ssl_count == 0) { num = CRYPTO_num_locks(); diff --git a/libs/libks/src/kws.c b/libs/libks/src/kws.c index c6fa4087c4..fed6668ce9 100644 --- a/libs/libks/src/kws.c +++ b/libs/libks/src/kws.c @@ -85,6 +85,9 @@ struct kws_s { char *req_uri; char *req_host; char *req_proto; + + char **sans; + ks_size_t sans_count; }; @@ -619,7 +622,8 @@ static int establish_server_logical_layer(kws_t *kws) } if (code < 0) { - if (code == -1 && SSL_get_error(kws->ssl, code) != SSL_ERROR_WANT_READ) { + int sslerr = SSL_get_error(kws->ssl, code); + if (code == -1 && sslerr != SSL_ERROR_WANT_READ) { return -1; } } @@ -733,6 +737,27 @@ KS_DECLARE(ks_status_t) kws_init(kws_t **kwsP, ks_socket_t sock, SSL_CTX *ssl_ct goto err; } + if (kws->type == KWS_SERVER) + { + X509 *cert = SSL_get_peer_certificate(kws->ssl); + + if (cert && SSL_get_verify_result(kws->ssl) == X509_V_OK) { + GENERAL_NAMES *sans = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); + if (sans) { + kws->sans_count = (ks_size_t)sk_GENERAL_NAME_num(sans); + if (kws->sans_count) kws->sans = ks_pool_calloc(pool, kws->sans_count, sizeof(char *)); + for (ks_size_t i = 0; i < kws->sans_count; i++) { + const GENERAL_NAME *gname = sk_GENERAL_NAME_value(sans, (int)i); + char *name = (char *)ASN1_STRING_data(gname->d.dNSName); + kws->sans[i] = ks_pstrdup(pool, name); + } + sk_GENERAL_NAME_pop_free(sans, GENERAL_NAME_free); + } + } + + if (cert) X509_free(cert); + } + *kwsP = kws; return KS_STATUS_SUCCESS; @@ -864,6 +889,46 @@ uint64_t ntoh64(uint64_t val) #endif } +KS_DECLARE(ks_status_t) kws_peer_sans(kws_t *kws, char *buf, ks_size_t buflen) +{ + ks_status_t ret = KS_STATUS_SUCCESS; + X509 *cert = NULL; + + ks_assert(kws); + ks_assert(buf); + ks_assert(buflen); + + cert = SSL_get_peer_certificate(kws->ssl); + if (!cert) { + ret = KS_STATUS_FAIL; + goto done; + } + + if (SSL_get_verify_result(kws->ssl) != X509_V_OK) { + ret = KS_STATUS_FAIL; + goto done; + } + + //if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert), NID_commonName, buf, (int)buflen) < 0) { + // ret = KS_STATUS_FAIL; + // goto done; + //} + + GENERAL_NAMES *san_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); + if (san_names) { + int san_names_nb = sk_GENERAL_NAME_num(san_names); + for (int i = 0; i < san_names_nb; i++) { + const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i); + char *name = (char *)ASN1_STRING_data(current_name->d.dNSName); + if (name) continue; + } + sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free); + } +done: + if (cert) X509_free(cert); + + return ret; +} KS_DECLARE(ks_ssize_t) kws_read_frame(kws_t *kws, kws_opcode_t *oc, uint8_t **data) { @@ -1182,3 +1247,17 @@ KS_DECLARE(ks_status_t) kws_get_buffer(kws_t *kws, char **bufP, ks_size_t *bufle return KS_STATUS_SUCCESS; } + +KS_DECLARE(ks_size_t) kws_sans_count(kws_t *kws) +{ + ks_assert(kws); + + return kws->sans_count; +} + +KS_DECLARE(const char *) kws_sans_get(kws_t *kws, ks_size_t index) +{ + ks_assert(kws); + if (index >= kws->sans_count) return NULL; + return kws->sans[index]; +}