From c5c285abc3fadca49e9e900832d901aec08eac19 Mon Sep 17 00:00:00 2001 From: pedroigor Date: Tue, 20 Feb 2018 17:49:34 -0300 Subject: [PATCH] [KEYCLOAK-6116] - Adding a OpenSSL CA Authority for testing --- .../auth-server/jboss/common/pki/README.md | 8 + .../common/pki/root/ca/certs/ca.cert.pem | 35 +++++ .../test-user-san-email@localhost.cert.pem | 38 +++++ .../certs/clients/test-user@localhost.key.pem | 54 +++++++ .../jboss/common/pki/root/ca/index.txt | 1 + .../jboss/common/pki/root/ca/index.txt.attr | 1 + .../jboss/common/pki/root/ca/index.txt.old | 0 .../jboss/common/pki/root/ca/intermediate/1 | 131 +++++++++++++++++ .../ca/intermediate/certs/ca-chain.cert.pem | 69 +++++++++ .../intermediate/certs/intermediate.cert.pem | 34 +++++ .../common/pki/root/ca/intermediate/crlnumber | 1 + .../ca/intermediate/csr/intermediate.csr.pem | 29 ++++ .../common/pki/root/ca/intermediate/index.txt | 1 + .../pki/root/ca/intermediate/index.txt.attr | 1 + .../pki/root/ca/intermediate/index.txt.old | 0 .../root/ca/intermediate/newcerts/1000.pem | 38 +++++ .../pki/root/ca/intermediate/openssl-san.cnf | 139 ++++++++++++++++++ .../pki/root/ca/intermediate/openssl.cnf | 135 +++++++++++++++++ .../intermediate/private/intermediate.key.pem | 54 +++++++ .../common/pki/root/ca/intermediate/serial | 1 + .../pki/root/ca/intermediate/serial.old | 1 + .../common/pki/root/ca/newcerts/1000.pem | 34 +++++ .../jboss/common/pki/root/ca/openssl.cnf | 131 +++++++++++++++++ .../common/pki/root/ca/private/ca.key.pem | 54 +++++++ .../jboss/common/pki/root/ca/serial | 1 + .../jboss/common/pki/root/ca/serial.old | 1 + 26 files changed, 992 insertions(+) create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/README.md create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/certs/ca.cert.pem create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/certs/clients/test-user-san-email@localhost.cert.pem create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/certs/clients/test-user@localhost.key.pem create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/index.txt create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/index.txt.attr create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/index.txt.old create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/1 create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/certs/ca-chain.cert.pem create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/certs/intermediate.cert.pem create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/crlnumber create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/csr/intermediate.csr.pem create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/index.txt create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/index.txt.attr create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/index.txt.old create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/newcerts/1000.pem create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/openssl-san.cnf create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/openssl.cnf create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/private/intermediate.key.pem create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/serial create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/serial.old create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/newcerts/1000.pem create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/openssl.cnf create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/private/ca.key.pem create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/serial create mode 100644 testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/serial.old diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/README.md b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/README.md new file mode 100644 index 0000000000..9766cc3b96 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/README.md @@ -0,0 +1,8 @@ +# Keycloak Arquillian Integration Testsuite + +This directory contains a OpenSSL CA and Intermediate CA that can be used to manage certificates. + +## Passwords + +Passwords for any key file is `password`. + diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/certs/ca.cert.pem b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/certs/ca.cert.pem new file mode 100644 index 0000000000..123bef7b7a --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/certs/ca.cert.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIF/jCCA+agAwIBAgIJAOMEN39fZf7uMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD +VQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcMBkJvc3RvbjEQMA4GA1UECgwH +UmVkIEhhdDERMA8GA1UECwwIS2V5Y2xvYWsxFDASBgNVBAMMC0tleWNsb2FrIENB +MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGtleWNsb2FrLm9yZzAeFw0xODAyMjAx +OTQ3NTFaFw00NTA3MDgxOTQ3NTFaMIGLMQswCQYDVQQGEwJVUzELMAkGA1UECAwC +TUExDzANBgNVBAcMBkJvc3RvbjEQMA4GA1UECgwHUmVkIEhhdDERMA8GA1UECwwI +S2V5Y2xvYWsxFDASBgNVBAMMC0tleWNsb2FrIENBMSMwIQYJKoZIhvcNAQkBFhRj +b250YWN0QGtleWNsb2FrLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAJlGjg05FzCm3f3YdIbMHNYuORfiP2n6YhX7vQyDjF/4gh7EYEYgE7spJ864 +/DySQenJ55Jn22K/1MQ1rOHcqfTioIgN3eEAyyuMDx60KU3frMBRYeCgLJVZQHr0 +6x+Sh/+SbbIYq/558+g/6PSZjmPBindHsPzGuBPaLOW4Jz47CA73L/su2qnJGeAi +UaK/tXmANs1bqJbiNRDr9IJFkdusx1mql2ElfknJT8U+LBPOOID/S7Xd83SKtpFI +Q8Vikb6C0SKnopOJiG2uWg5g7CYlNYxJpAM25zhDqp71bl8zOsIL2tFfUAvvoBnh +N31kDIl8RZJ5ELnh+t5SCfwbgdfMzS7uht8qVTeZ0/BG80Lzl1gfzNR8q45gsKC9 +7mg7Voj68kt2aZr+E3Ng1guK69gePMxCpqLyjwlKz187mNUme+zxg2gL2egs4M6u +ffqsEd0c5QryrRSTcIXi8Bim6PDhL93dBsenAIg25DOJNA6Vt2LELoe9w0TkL48U +wUvU6GYB7/zM/z3EW45ZkRhHWK+HZppqDAb05lgJeeKUxxdUSy+ot7ls6cSqACYo +fVjPoVHPD5Ncx+6NGHPGM5N3FGvMMh64PYpChyVWDTEfrZIS7Yyj9Iz/2eCxV3cO +cO4bU0K6kx/dWRic5B5ymVtRME93+Of/hQuta4uLhlo8ZxRpAgMBAAGjYzBhMB0G +A1UdDgQWBBQiuPS7cwDHKT+TgKX2HFICast6UjAfBgNVHSMEGDAWgBQiuPS7cwDH +KT+TgKX2HFICast6UjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAVCVXdx79ooKyOaL+S49S4agP7mE4IxuDefDwQ2dm +996wpk3nntg0y54Auu1Y2plJirBhTvYZ1RedLNBMVBypm6BQpNn37u5TI39/FYso +GFPINu1EzLTYl0bFKc0w7UFlFusje9zXLWISm8uTNzxJ1RGLrcnv9gfiXPKxAmN0 +cz9WY0vm+0+OV50HvLyUyqGKxyWmt2ek4jV+oEhsMMSO/MVNNXHEo2MAGcA23XPe +7FZkiFB1suDIMzzUFCrRBtoZjYSUeyN9Pd0Yg3twl96CLqld4xFjsKMIsz0ACGRI +8OpzeHAsePH4yS94E6nLwWH9YTi6pgTtoXSaVBLvIYpVHi8UAyIBFNqLMCukoq0O +BlOdkO0zescmpEtp8GiUWMuB7x+kkaSxmsujEfL3mRWshkqaz/ZHPKXaNtPBUtIM +jQnTMBF/wQjZxCGAps8dOMZ9pYnZcmVz0KeXpBJe1j+47MhItgt1wQNoyr4iBaxE +3fAF/Arr/IZtIf0erXOjc7P6dEQW+WiKWvEA5Mp+4tV3Zj2pwSSX5bKDKx4RAkoW +1jLTE1KN5RWvF8phStLty83gTd5wgykFSl65Lu7KIBW9HH3LIK46fb+cOBOZfSn3 +mdQXrbuXNUXgbhrsetnBfPNMAkJjaBQLNTxebIvXndiTIEsWqHS7h1x+kBkDOKhw +SCc= +-----END CERTIFICATE----- diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/certs/clients/test-user-san-email@localhost.cert.pem b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/certs/clients/test-user-san-email@localhost.cert.pem new file mode 100644 index 0000000000..4a00a127c4 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/certs/clients/test-user-san-email@localhost.cert.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGtDCCBJygAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYcxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJNQTEQMA4GA1UECgwHUmVkIEhhdDERMA8GA1UECwwIS2V5Y2xv +YWsxITAfBgNVBAMMGEtleWNsb2FrIEludGVybWVkaWF0ZSBDQTEjMCEGCSqGSIb3 +DQEJARYUY29udGFjdEBrZXljbG9hay5vcmcwHhcNMTgwMjIwMjAwNzMwWhcNNDUw +NzA4MjAwNzMwWjBkMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcM +BkJvc3RvbjEQMA4GA1UECgwHUmVkIEhhdDERMA8GA1UECwwIS2V5Y2xvYWsxEjAQ +BgNVBAMMCXRlc3QtdXNlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AOmK2D4VdRvGOUjAPWXol5/hkMwCNKXgO0ZrgTmBrzIn8F8O/QCYvkNgRATIBIN2 ++nNK+Pej96tHHzhPC07O7KMDLncjSEjjmZ2xmvh2FjPr+xooT+x0mzv3a9MhVCYj +WHM7x+LWuAAMne4xPx14AMVZa+P7YTmzabbMWHM9g9Itxjyl/jpkt9LmWsZh2Xvt +96NgP4CG1Vegml0nNnR6AIwKlKl2x5NMuXrhCs2yn0PrSVwzHsdIajqaTDGedwhW +pLzCy//k3KLT9ydRahhbUKWK48DPLf+cJubVGcE/hdiAQqA1C/3Um/kXR1PcIjG3 +YLeXavhmT/7H53lRe1mdHmUn1b7Vr6oYX7uln8wZqBMvceOK23wkKY970j2N46Uj +ABcw9fnUckKYgjpv8I029PgnIgBjX3rZyMmRB8Khw+McVIx0DsFx7oJcc5ZV16RM +4tHx107F084OBkDkqJ0k42pw1gpsovln+PVKGetBGFbAAsNwMMZxmJT/r1RVWk4u +pe/HfzWz1PvwcTjaRD8MzhC16xOr7HR8uDRDFU40+X5mkEJkzvT5+ih7a64TsQNZ +uU/Dx3j5ncYptLMl0FvzlNlfDkZ3XCUQfkr9o/nxdq9DTBGpy6nMaC5BMf8PKzjX +C6lioUBQTFJGrHsc59PTI0GSOXkls/gO494SmbIkCmarAgMBAAGjggFKMIIBRjAJ +BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAzBglghkgBhvhCAQ0EJhYkT3Bl +blNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmljYXRlMB0GA1UdDgQWBBT6Y/aV +XWxkiC3QOuN6nKCjZgRdbTAfBgNVHSMEGDAWgBRHEnyJC0dXGVQK9QMEzZ+GopZ2 +lDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME +MCoGA1UdHwQjMCEwH6AdoBuGGWh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC9jcmwwNgYI +KwYBBQUHAQEEKjAoMCYGCCsGAQUFBzABhhpodHRwOi8vbG9jYWxob3N0Ojg4ODgv +b3NjcDAeBgNVHREEFzAVgRN0ZXN0LXVzZXJAbG9jYWxob3N0MA0GCSqGSIb3DQEB +CwUAA4ICAQCiKCFfS/CxkFcPqu4Xg2bSxd0ge5oXYOtkr5Pe6C6nMXjvSirHTWiX +eUkxB+8FrU7TZGVUalbROsdZLCaOwPD5Xed7fjRoOKiAk7/JZxkIBjz8q9uAOXql +fFZOwrAe5DHGaux/hZBmDLc/JRy5eZY5NsW/YfP5WhhZr/zsi1R0Fxkd3QsSr5yl +SDyaq3yKWAojkGMSmsYsisPL2LXJlEz961YNtok22fTd7mlSREFL13/RcXf/Fegi +2pjhGwrLjILkil1PTdbxOav6H1UScX2Q2S13rmJmPjmAVcHQAPd/UAQN2n0MLGzB +iyFT5b7q97vgPCRAzGNE/t9So687bgw+CMPDGprz2yt1StTJnbDbWfgOZk1aj7Y8 +p8TJ2zmifD8VlAfa7+RDeNIfnSMI6Zh7vJWG0IxttKcrPNZxqfoTQKRTZBz1lOGE +Q06Cs/We6YKWctpf/5UPE29ncjLkT9XX9yqyNKLJnQWlcfltSyDRUTmhNsbhI/Pl +fxNceHMSY7ewkvfQ0FQMOj4HuXYGaTNfOknTRMRue2gmj0ezH0yxwmLsZShRgKmx ++rEdeplmwKaFRQcQc8TYGmws3uICUf5KbcL4pt2Pi0Yy2hjc/jCrf4RUw/trtwPJ +7xk/PGGFQBWwzCmZP86ZPUL3BaWOQWauNl8XWCLC9xx9e+mkaUI50w== +-----END CERTIFICATE----- diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/certs/clients/test-user@localhost.key.pem b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/certs/clients/test-user@localhost.key.pem new file mode 100644 index 0000000000..20ff9ffc1c --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/certs/clients/test-user@localhost.key.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,58507FBFA90F44D96D42E8ED4989032F + +eO/DUxz7PGUmyv6Nu89tWvad4O2Jzdr6kNCMsRcaG1JFJsMdGUNtuXjKyEaIKo9B +MLXAoFgtyW4t0TozNVzsS8mSwkU9eOP+cAGLReoHZ8C+w5y+Dm7Kuc37X+HF0HCL +4UkfNGKwgVJuXbVFVTTRVypB0Ul9Q2s43iN0YUfsYK333FHdDHxYyk7X+zvbposO +Q33oFsa0D4Ga2VdE8FQX5pDBqPOjXt8a3LaZxi5r8pZDRY+mcE04qnZLdUk6jCeQ +u4zHjsn/F+aW+EhAHH9vAwHLJ7lQOBtsdGxj2QXUAnU3LnRs2XxvYtZbxkG/p4sb +FCAP57bBxmkL51RJTM4fgnq/b1JRtGwS1kRbHSiKTnrDO8JHcmILKSoIUG9IcwNp +SFcKVZiabEdNSAiY9J+nvZMR8d946SqAQ/kA2Z7WH/6pbs4pd0ODIpYbNYwUfPcP +51tQI/fna2fyvGA0xxr5MUi3Ua8kp9KmoZaX+ghjwh8QLa82mcvOjbYaV6c2OT4m +92Eq7Si+u82fq2l5TjmKXLT5dwAUqZU1GnbG2Qd7/HW2h7PFIuReITL9UZhbCMoi +zOSz3wKniP/npE+I4+hYTRxKaV2mkAd1FC4+QhSZbmupf3WOxbtaJP6V8gd4BgRQ +O6mN9BvXYihSWyn7zQ/4MuGq5/k+XmTsxhfPZ7KW7DyeDGdl7qTcW5I7k+i6Lnh6 +YozNJn+CVQnZ67x4OhkQ9GQSBkEXudGurzWOJ3xNHOMtAGfQZRjHepcf1TeRN8C1 +voyY0Yx4V95XfbCMzbQckxhDigHJqCBk0bewp0LYXbn0traawZXNJ9nZHDFMyuX9 +Oztjx5cFdH/kxSjy0Qquzy9rtEzw72CnBw/AisaGMkMaxQWP92n0hav5XSKg5eD3 +OD42fsFWvbTN12kFXETDeQGuSJoJ3X2R9UnG2GL1Uc4lEFOu7LVpQX1hVi0qJjsv +NqFO/4pbB+IpwwHV/6Nh7hwBXQVXKcGq3fq9+iCWk4hmZLutTSrsdsLWyqxF+r+1 +a3mk2nZgpTVkmfNsOf7vY1R4fWkUu7M7Pb0R0eQ9vG8w7Aodym6snkxdZBwl09TM +YpxofsvgVGcteZWK7hgESODpBklZstNXOIk4hsDhm8+PPfWuOndBEkocAf0D/4OE +lPGcdG9gTc8HOiJLtK8QSJUbtfauJHqp9Dzkc3qNZuSTwwCvk4v2oYV7FrCzZfcC +yPgN2AhOx8EDT3vx2IV62dbHeamWlT+hpdCIiEXnyL5MVBvO3Td+g3BM+RRVSmaB +ZBgfZaFjlZvDDeqH8eOGNoKN06tGdpxeGJaPr5G3ksrmupBVB1Gay+T98Kux4zAk +fw0oFPDEyRiup+iOXpltRtP7d3SH7ngjapm6aDBs2weWrnLrcjZx5iyOed8z8zWG +Ygmar31qn0qMUf/8HZb4c3DYkc1mjpKZLQnyouP82p++1VTN8S27Kf06eTob5zYa +pWhCDHPWA8FFNF9d1zgSTBLEFawryM59rLJteg7G7yiSN43OBk7THNI2OwK8y2Mv +KvwMoyStvMbiMn4qVR8mcnLrAYUd2RhuDGX3NOExI+9EBSGpwUP22I/nQ9HRlJ9D +OoKaTIdqv0twC3QYIbYf6RUngD2Yzo8ie9Ys31dZqJidSRj9xnpkb8Xe4S5J2Sxm +HP7VJsjjlPH9X+Q+xRWqwvzPi/hDBozo5GR1wrLGOVTRSYsXHjrULu+ael+65m+m +VXg8Ufzl1j/8KttWjvHOi3RJuusOx8Z6U3E/9YoVCqyuR3rXX7ILHq6UrOLPmLhg +cOyZy3LJXH2MpLbfhVQ6C5xKUJLQm88FBzdfKTt5aSCHzGa0nmT+qzu+x/s4B37H +hk9/B0W6hUf8TCy8YYRx7vK6IKpo4qVG3R0n/brtWtw5fYCYHna1qPknQWzROUeK +2sLW1Xv7Tk1koGcDs4Xv6p3jVCgAYE3DsubqGu7y9j49t9D08IukOMbtY6tc5+b6 +zIrZfz8+XpdM9BmQ+5N5yVv2Ut0t7SGoEQ+pHOwsBu2H2dcW+DdfwyCk7izC0eUR +Fkv//R+uTaX4g3WSI3++ghDtQlcRf0nFn3c3uCK4HSP2E6doPQuuguKXXnJ+syDD +rsUZUV0Ia8X8ZCLkza7WfFgoJ2hXe6rehU7YLnvBekCMu0S99/a/oJ3t/JJFB0LF +5aw9nSlunrcCce9umPwKxc2pMcrIEAAjmmUhXza3LgHJsDiYYSDDo2e1Cbb5j61s +qCbFxB+WFYc2rRnzK/CLIDhIayWcwyelHAelpQOQ+gReh7ZZSSu5c0Rl9brTZ9tN +HfMPY5/6eBbASXxA9BStFbasLnlOARojkRgEAMOMv4ZyN4gn949Dd3nwC4gr9f++ +IjqV/YgQOKtL4rOMgvLvb5Y0rhDFOiXTdpZBqhk/6bZo1T2j4ts72FdkAmr2u5gp +VxVyLv8L/KJv8jKqGbqJeMntarl30wfq4SRNe5te81DbSWrUGaQQyYqLL0/ixL2F +E6O+0bajYmrz45ZGhJqXJRxnlwyDWL1kPy+f8IlItyXp72WqHqKb/IyImvHgxnnm +IDv06cjX1LvX+fO3B2/9AveksSqnifrMBRjtFhRxTHdLEt9E1kSOJMb4tOlm/QpI +UQV0HkQRsUE3F6N7OEmfuA88jwiNRTSjl6WbFQ0O01lKFeKmy4cPJfnSOvHNL34Z +zztSboe9Red6qXzkR1mjh8BO/5Nu2ihlk8spqxNFUoPteUU57KITanXr63IudaSX +hDA7viBAqcmjPy/j4YY0UVvvWBCqIK0ejcEghxHJak/n3qpiSm0mYMMubi51O5UT +rxzZ9aqVfw4zmmZqrh+UIAwHJRpQw+zmXIN1h7pdTR1JGuSqStNgSgL53FoX2v9K +I0QQ6RbGJ7Yleb4P8DUHkaY9ljARsioVdbmzQgYDpt45KG9iFeREadvA0WpuapKE +/WePOmKMJ+qhnvENPSLLrf5ssho95GWf/6pGEV4PmMLanQ5iGV48wLXMtbQ/ud9N +qA7XQd2Vb4fNEVQ1aNdXg1gjB3QYyJoB0/exCOm/xLrewfd7zlXk8BERXwV1yQ5f +tYumN2X4RS2+Y0s9K6ujwEkYi7HUph6vPuq3il4DcSNFj8Wop/f6AAXSml3mqxYd +-----END RSA PRIVATE KEY----- diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/index.txt b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/index.txt new file mode 100644 index 0000000000..6976f7c404 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/index.txt @@ -0,0 +1 @@ +V 450708195701Z 1000 unknown /C=US/ST=MA/O=Red Hat/OU=Keycloak/CN=Keycloak Intermediate CA/emailAddress=contact@keycloak.org diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/index.txt.attr b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/index.txt.attr new file mode 100644 index 0000000000..8f7e63a347 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/index.txt.old b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/index.txt.old new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/1 b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/1 new file mode 100644 index 0000000000..b596754b01 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/1 @@ -0,0 +1,131 @@ +# OpenSSL root CA configuration file. + +[ ca ] +# `man ca` +default_ca = Keycloak + +[ Keycloak ] +# Directory and file locations. +dir = ./ +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/ca.key.pem +certificate = $dir/certs/ca.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/ca.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_strict + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = MA +localityName_default = Boston +0.organizationName_default = Red Hat +organizationalUnitName_default = Keycloak +emailAddress_default = contact@keycloak.org + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/certs/ca-chain.cert.pem b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/certs/ca-chain.cert.pem new file mode 100644 index 0000000000..bcfaf61a04 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/certs/ca-chain.cert.pem @@ -0,0 +1,69 @@ +-----BEGIN CERTIFICATE----- +MIIF9jCCA96gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJNQTEPMA0GA1UEBwwGQm9zdG9uMRAwDgYDVQQKDAdSZWQgSGF0 +MREwDwYDVQQLDAhLZXljbG9hazEUMBIGA1UEAwwLS2V5Y2xvYWsgQ0ExIzAhBgkq +hkiG9w0BCQEWFGNvbnRhY3RAa2V5Y2xvYWsub3JnMB4XDTE4MDIyMDE5NTcwMVoX +DTQ1MDcwODE5NTcwMVowgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTEQMA4G +A1UECgwHUmVkIEhhdDERMA8GA1UECwwIS2V5Y2xvYWsxITAfBgNVBAMMGEtleWNs +b2FrIEludGVybWVkaWF0ZSBDQTEjMCEGCSqGSIb3DQEJARYUY29udGFjdEBrZXlj +bG9hay5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDYix1zJTa6 +TTsmPjctc1R56vYPsIhEeyRis7HL8s+EbFbBpO8jWSSSaJp0MWkahUtWidu9cWK5 +yPC0ezUD3LYclktG1Y6zxeY6G5RnNCUgV8EYkeCJAmlGVhgFjU+7r6HNh1L2sLJe +jUOKMsKcIxt1TpiUbph/3J1TrqPWDD1jIwB9337dvZfXdwIa45phk1Sb7wgR6aB4 +mJPKBpekkh/5Wh5QRXI+2+Vv1Mhq6Stx1MdE4P2u8lblICOlnCaIWiI6B27yot2x +hcie1wvFwa1iqtBr4tIHLIn0XNKwqoeooM+WHlkwjMF/Yp1zYJJJmkXjh1a3ZIT5 +7We1U3RxJrLfxE0D4Gm/S7Q302xxiAuDdycHx6oz4qYYwIYZVk+/8q4CDXVyo0aC +Y4e9fsAPmJvy5TwKZOKocoj+BFAyRwPd1iVrSGeAQTJBPcMgu70o9xVBnU8Pgsif +O5HzpXw9LTRrDaTS4BZ/rYA9PDLzexMVrgVCg+X1dRd3T9IsLPOlo+HCpfNGhfgR +lwp8/SRGmBuiaG5k6kaScP5mimSGYOvhjRHLNkY+Rgtl+hrMDn8DFd75PibM95hG +ia9k1qbrjmj9gRGA4xz1QBqewd2TTgAhaKxDFqQec+cJ15vf5AxB4A/KqFmqYXYX +AQpKczbt2goTyb2Annhpa5WJe/sYvYqTUwIDAQABo2YwZDAdBgNVHQ4EFgQURxJ8 +iQtHVxlUCvUDBM2fhqKWdpQwHwYDVR0jBBgwFoAUIrj0u3MAxyk/k4Cl9hxSAmrL +elIwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN +AQELBQADggIBAFwmiG2sd77dmX+klIeLVIYq4X3VwNijwzpuilDPMqSfSlBawj8f +PjwFJYzpcl2pe/Lq6sq96VMkN65/AUs/XZOW+ybgE7ZuJlfT12sk48TPgaVvP2dJ +5ud2l+DWYaH6KjU3B/xx8xttN73BilMobaJMDy02TLK6VgHPtV3bRyPOQNsGrOmp +wJMPi7t9UjcMm0THhVHdP881ryGXraNb38x5AgTILUwRYmwjtc1Rrlls0eKLtoAl +n5oScPDPeZELVunFFJ/ZX2lx5yApWpP1sMyzvJxnZhruuzfxsW60Tp+6Q8rHkabw +ZnnkHgi53/Gnp3H7l/kszM+hNYJXTDTHdPTQMETHEHqiWOzYttBTM8p/ffb3haTm +UnPb5fuRXJxX8vMxA1h6nSFWtQEQbvlGiS2oGNAOi5XlTsE+mjYMALuAPID9v8Yx +3eTyI7a4I+qy3a+0Q1iBFsAM75q6cbne7LK8FjLHDnZvHOnredoR/tmebgphD4C3 +p4xNlwocSs+Fhjqsf6L5AvAc8fLP1206f/lp/9qEnvD0kocw2KvxwZY2yDtf115z +aHxhil32iWME340LVSYyQZqwPPr3N2t4CGZsgGs8vPXLECAGqrT3V2/I3iZNF3J5 +i0GE63/1Q35BPHxPAJcqB/a5woBwo/Ae40u6qWR15keFp3UaJ0M/C9GR +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF/jCCA+agAwIBAgIJAOMEN39fZf7uMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD +VQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcMBkJvc3RvbjEQMA4GA1UECgwH +UmVkIEhhdDERMA8GA1UECwwIS2V5Y2xvYWsxFDASBgNVBAMMC0tleWNsb2FrIENB +MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGtleWNsb2FrLm9yZzAeFw0xODAyMjAx +OTQ3NTFaFw00NTA3MDgxOTQ3NTFaMIGLMQswCQYDVQQGEwJVUzELMAkGA1UECAwC +TUExDzANBgNVBAcMBkJvc3RvbjEQMA4GA1UECgwHUmVkIEhhdDERMA8GA1UECwwI +S2V5Y2xvYWsxFDASBgNVBAMMC0tleWNsb2FrIENBMSMwIQYJKoZIhvcNAQkBFhRj +b250YWN0QGtleWNsb2FrLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAJlGjg05FzCm3f3YdIbMHNYuORfiP2n6YhX7vQyDjF/4gh7EYEYgE7spJ864 +/DySQenJ55Jn22K/1MQ1rOHcqfTioIgN3eEAyyuMDx60KU3frMBRYeCgLJVZQHr0 +6x+Sh/+SbbIYq/558+g/6PSZjmPBindHsPzGuBPaLOW4Jz47CA73L/su2qnJGeAi +UaK/tXmANs1bqJbiNRDr9IJFkdusx1mql2ElfknJT8U+LBPOOID/S7Xd83SKtpFI +Q8Vikb6C0SKnopOJiG2uWg5g7CYlNYxJpAM25zhDqp71bl8zOsIL2tFfUAvvoBnh +N31kDIl8RZJ5ELnh+t5SCfwbgdfMzS7uht8qVTeZ0/BG80Lzl1gfzNR8q45gsKC9 +7mg7Voj68kt2aZr+E3Ng1guK69gePMxCpqLyjwlKz187mNUme+zxg2gL2egs4M6u +ffqsEd0c5QryrRSTcIXi8Bim6PDhL93dBsenAIg25DOJNA6Vt2LELoe9w0TkL48U +wUvU6GYB7/zM/z3EW45ZkRhHWK+HZppqDAb05lgJeeKUxxdUSy+ot7ls6cSqACYo +fVjPoVHPD5Ncx+6NGHPGM5N3FGvMMh64PYpChyVWDTEfrZIS7Yyj9Iz/2eCxV3cO +cO4bU0K6kx/dWRic5B5ymVtRME93+Of/hQuta4uLhlo8ZxRpAgMBAAGjYzBhMB0G +A1UdDgQWBBQiuPS7cwDHKT+TgKX2HFICast6UjAfBgNVHSMEGDAWgBQiuPS7cwDH +KT+TgKX2HFICast6UjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAVCVXdx79ooKyOaL+S49S4agP7mE4IxuDefDwQ2dm +996wpk3nntg0y54Auu1Y2plJirBhTvYZ1RedLNBMVBypm6BQpNn37u5TI39/FYso +GFPINu1EzLTYl0bFKc0w7UFlFusje9zXLWISm8uTNzxJ1RGLrcnv9gfiXPKxAmN0 +cz9WY0vm+0+OV50HvLyUyqGKxyWmt2ek4jV+oEhsMMSO/MVNNXHEo2MAGcA23XPe +7FZkiFB1suDIMzzUFCrRBtoZjYSUeyN9Pd0Yg3twl96CLqld4xFjsKMIsz0ACGRI +8OpzeHAsePH4yS94E6nLwWH9YTi6pgTtoXSaVBLvIYpVHi8UAyIBFNqLMCukoq0O +BlOdkO0zescmpEtp8GiUWMuB7x+kkaSxmsujEfL3mRWshkqaz/ZHPKXaNtPBUtIM +jQnTMBF/wQjZxCGAps8dOMZ9pYnZcmVz0KeXpBJe1j+47MhItgt1wQNoyr4iBaxE +3fAF/Arr/IZtIf0erXOjc7P6dEQW+WiKWvEA5Mp+4tV3Zj2pwSSX5bKDKx4RAkoW +1jLTE1KN5RWvF8phStLty83gTd5wgykFSl65Lu7KIBW9HH3LIK46fb+cOBOZfSn3 +mdQXrbuXNUXgbhrsetnBfPNMAkJjaBQLNTxebIvXndiTIEsWqHS7h1x+kBkDOKhw +SCc= +-----END CERTIFICATE----- diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/certs/intermediate.cert.pem b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/certs/intermediate.cert.pem new file mode 100644 index 0000000000..3521cbccfa --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/certs/intermediate.cert.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF9jCCA96gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJNQTEPMA0GA1UEBwwGQm9zdG9uMRAwDgYDVQQKDAdSZWQgSGF0 +MREwDwYDVQQLDAhLZXljbG9hazEUMBIGA1UEAwwLS2V5Y2xvYWsgQ0ExIzAhBgkq +hkiG9w0BCQEWFGNvbnRhY3RAa2V5Y2xvYWsub3JnMB4XDTE4MDIyMDE5NTcwMVoX +DTQ1MDcwODE5NTcwMVowgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTEQMA4G +A1UECgwHUmVkIEhhdDERMA8GA1UECwwIS2V5Y2xvYWsxITAfBgNVBAMMGEtleWNs +b2FrIEludGVybWVkaWF0ZSBDQTEjMCEGCSqGSIb3DQEJARYUY29udGFjdEBrZXlj +bG9hay5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDYix1zJTa6 +TTsmPjctc1R56vYPsIhEeyRis7HL8s+EbFbBpO8jWSSSaJp0MWkahUtWidu9cWK5 +yPC0ezUD3LYclktG1Y6zxeY6G5RnNCUgV8EYkeCJAmlGVhgFjU+7r6HNh1L2sLJe +jUOKMsKcIxt1TpiUbph/3J1TrqPWDD1jIwB9337dvZfXdwIa45phk1Sb7wgR6aB4 +mJPKBpekkh/5Wh5QRXI+2+Vv1Mhq6Stx1MdE4P2u8lblICOlnCaIWiI6B27yot2x +hcie1wvFwa1iqtBr4tIHLIn0XNKwqoeooM+WHlkwjMF/Yp1zYJJJmkXjh1a3ZIT5 +7We1U3RxJrLfxE0D4Gm/S7Q302xxiAuDdycHx6oz4qYYwIYZVk+/8q4CDXVyo0aC +Y4e9fsAPmJvy5TwKZOKocoj+BFAyRwPd1iVrSGeAQTJBPcMgu70o9xVBnU8Pgsif +O5HzpXw9LTRrDaTS4BZ/rYA9PDLzexMVrgVCg+X1dRd3T9IsLPOlo+HCpfNGhfgR +lwp8/SRGmBuiaG5k6kaScP5mimSGYOvhjRHLNkY+Rgtl+hrMDn8DFd75PibM95hG +ia9k1qbrjmj9gRGA4xz1QBqewd2TTgAhaKxDFqQec+cJ15vf5AxB4A/KqFmqYXYX +AQpKczbt2goTyb2Annhpa5WJe/sYvYqTUwIDAQABo2YwZDAdBgNVHQ4EFgQURxJ8 +iQtHVxlUCvUDBM2fhqKWdpQwHwYDVR0jBBgwFoAUIrj0u3MAxyk/k4Cl9hxSAmrL +elIwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN +AQELBQADggIBAFwmiG2sd77dmX+klIeLVIYq4X3VwNijwzpuilDPMqSfSlBawj8f +PjwFJYzpcl2pe/Lq6sq96VMkN65/AUs/XZOW+ybgE7ZuJlfT12sk48TPgaVvP2dJ +5ud2l+DWYaH6KjU3B/xx8xttN73BilMobaJMDy02TLK6VgHPtV3bRyPOQNsGrOmp +wJMPi7t9UjcMm0THhVHdP881ryGXraNb38x5AgTILUwRYmwjtc1Rrlls0eKLtoAl +n5oScPDPeZELVunFFJ/ZX2lx5yApWpP1sMyzvJxnZhruuzfxsW60Tp+6Q8rHkabw +ZnnkHgi53/Gnp3H7l/kszM+hNYJXTDTHdPTQMETHEHqiWOzYttBTM8p/ffb3haTm +UnPb5fuRXJxX8vMxA1h6nSFWtQEQbvlGiS2oGNAOi5XlTsE+mjYMALuAPID9v8Yx +3eTyI7a4I+qy3a+0Q1iBFsAM75q6cbne7LK8FjLHDnZvHOnredoR/tmebgphD4C3 +p4xNlwocSs+Fhjqsf6L5AvAc8fLP1206f/lp/9qEnvD0kocw2KvxwZY2yDtf115z +aHxhil32iWME340LVSYyQZqwPPr3N2t4CGZsgGs8vPXLECAGqrT3V2/I3iZNF3J5 +i0GE63/1Q35BPHxPAJcqB/a5woBwo/Ae40u6qWR15keFp3UaJ0M/C9GR +-----END CERTIFICATE----- diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/crlnumber b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/crlnumber new file mode 100644 index 0000000000..83b33d238d --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/crlnumber @@ -0,0 +1 @@ +1000 diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/csr/intermediate.csr.pem b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/csr/intermediate.csr.pem new file mode 100644 index 0000000000..0cc3a5bb84 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/csr/intermediate.csr.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIE3jCCAsYCAQAwgZgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTEPMA0GA1UE +BwwGQm9zdG9uMRAwDgYDVQQKDAdSZWQgSGF0MREwDwYDVQQLDAhLZXljbG9hazEh +MB8GA1UEAwwYS2V5Y2xvYWsgSW50ZXJtZWRpYXRlIENBMSMwIQYJKoZIhvcNAQkB +FhRjb250YWN0QGtleWNsb2FrLm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBANiLHXMlNrpNOyY+Ny1zVHnq9g+wiER7JGKzscvyz4RsVsGk7yNZJJJo +mnQxaRqFS1aJ271xYrnI8LR7NQPcthyWS0bVjrPF5joblGc0JSBXwRiR4IkCaUZW +GAWNT7uvoc2HUvawsl6NQ4oywpwjG3VOmJRumH/cnVOuo9YMPWMjAH3fft29l9d3 +AhrjmmGTVJvvCBHpoHiYk8oGl6SSH/laHlBFcj7b5W/UyGrpK3HUx0Tg/a7yVuUg +I6WcJohaIjoHbvKi3bGFyJ7XC8XBrWKq0Gvi0gcsifRc0rCqh6igz5YeWTCMwX9i +nXNgkkmaReOHVrdkhPntZ7VTdHEmst/ETQPgab9LtDfTbHGIC4N3JwfHqjPiphjA +hhlWT7/yrgINdXKjRoJjh71+wA+Ym/LlPApk4qhyiP4EUDJHA93WJWtIZ4BBMkE9 +wyC7vSj3FUGdTw+CyJ87kfOlfD0tNGsNpNLgFn+tgD08MvN7ExWuBUKD5fV1F3dP +0iws86Wj4cKl80aF+BGXCnz9JEaYG6JobmTqRpJw/maKZIZg6+GNEcs2Rj5GC2X6 +GswOfwMV3vk+Jsz3mEaJr2TWpuuOaP2BEYDjHPVAGp7B3ZNOACForEMWpB5z5wnX +m9/kDEHgD8qoWaphdhcBCkpzNu3aChPJvYCeeGlrlYl7+xi9ipNTAgMBAAGgADAN +BgkqhkiG9w0BAQsFAAOCAgEAtZp+hULw+DW9TCzW1Sm1+r4cb6QN/DpWe4lvbSoU +ah0oiUAa/xF9AaDR2woHvMWXzMehc42Z+4F40L+XSdM1VAg6B36BKM7fYiyGQExo +bJF0oUqeRD6WneZNCd4APnmzAiMCU6uWzgLbkoUXw9JtNr3uxhIXvg3E+BasU5/F +pb9UqTHBsSc1yAxhMT9zLOXLpkvX+mrWzkkbc09Schus8wM6naf6oWhgW5uNVQaw +M3ZemlVmY7LYUwJKamNr7CRpzSPnFed+a77ogOFY1IjfuknYLPKlAaPtBuV5kEWB +Bx0JjMNoGoqL+FxUqpX6+8RzksSGCecje6q3+j4nm8p2RrhVf4/dfupSTDI3ijGl +Z0Y+eV0H88EySvnw6TKi9QCHBEc4TVKKA4wD6nASzMK2GtuqdutLJpd3ADgV/p32 +BZ/NM8aB2iGo5S4nnDwjvGIzaHgamZbLkAuFBTQtjzghgwJK0D5FtFmWxn+0PpP4 +IKntdvJXQVMuLL/CYa0L9BFcUbSNbglykfggGAv/kU0tOmDNdW6wv8IlN1c34KOM +W2GYKDmcn5LTSzRmvN8E9kjvMLYVyFf8TeBpo8K34dkMRODu6LTQVu3EhKN2OZt9 +QXf79Y5zjNQwfdm2s4GBDK/+fkL04Hg69sbOeOID8aYQxy8fyxELad1fYsnas6P6 +u1I= +-----END CERTIFICATE REQUEST----- diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/index.txt b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/index.txt new file mode 100644 index 0000000000..60d40307c1 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/index.txt @@ -0,0 +1 @@ +V 450708200730Z 1000 unknown /C=US/ST=MA/L=Boston/O=Red Hat/OU=Keycloak/CN=test-user diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/index.txt.attr b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/index.txt.attr new file mode 100644 index 0000000000..8f7e63a347 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/index.txt.old b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/index.txt.old new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/newcerts/1000.pem b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/newcerts/1000.pem new file mode 100644 index 0000000000..4a00a127c4 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/newcerts/1000.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGtDCCBJygAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYcxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJNQTEQMA4GA1UECgwHUmVkIEhhdDERMA8GA1UECwwIS2V5Y2xv +YWsxITAfBgNVBAMMGEtleWNsb2FrIEludGVybWVkaWF0ZSBDQTEjMCEGCSqGSIb3 +DQEJARYUY29udGFjdEBrZXljbG9hay5vcmcwHhcNMTgwMjIwMjAwNzMwWhcNNDUw +NzA4MjAwNzMwWjBkMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcM +BkJvc3RvbjEQMA4GA1UECgwHUmVkIEhhdDERMA8GA1UECwwIS2V5Y2xvYWsxEjAQ +BgNVBAMMCXRlc3QtdXNlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AOmK2D4VdRvGOUjAPWXol5/hkMwCNKXgO0ZrgTmBrzIn8F8O/QCYvkNgRATIBIN2 ++nNK+Pej96tHHzhPC07O7KMDLncjSEjjmZ2xmvh2FjPr+xooT+x0mzv3a9MhVCYj +WHM7x+LWuAAMne4xPx14AMVZa+P7YTmzabbMWHM9g9Itxjyl/jpkt9LmWsZh2Xvt +96NgP4CG1Vegml0nNnR6AIwKlKl2x5NMuXrhCs2yn0PrSVwzHsdIajqaTDGedwhW +pLzCy//k3KLT9ydRahhbUKWK48DPLf+cJubVGcE/hdiAQqA1C/3Um/kXR1PcIjG3 +YLeXavhmT/7H53lRe1mdHmUn1b7Vr6oYX7uln8wZqBMvceOK23wkKY970j2N46Uj +ABcw9fnUckKYgjpv8I029PgnIgBjX3rZyMmRB8Khw+McVIx0DsFx7oJcc5ZV16RM +4tHx107F084OBkDkqJ0k42pw1gpsovln+PVKGetBGFbAAsNwMMZxmJT/r1RVWk4u +pe/HfzWz1PvwcTjaRD8MzhC16xOr7HR8uDRDFU40+X5mkEJkzvT5+ih7a64TsQNZ +uU/Dx3j5ncYptLMl0FvzlNlfDkZ3XCUQfkr9o/nxdq9DTBGpy6nMaC5BMf8PKzjX +C6lioUBQTFJGrHsc59PTI0GSOXkls/gO494SmbIkCmarAgMBAAGjggFKMIIBRjAJ +BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAzBglghkgBhvhCAQ0EJhYkT3Bl +blNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmljYXRlMB0GA1UdDgQWBBT6Y/aV +XWxkiC3QOuN6nKCjZgRdbTAfBgNVHSMEGDAWgBRHEnyJC0dXGVQK9QMEzZ+GopZ2 +lDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME +MCoGA1UdHwQjMCEwH6AdoBuGGWh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC9jcmwwNgYI +KwYBBQUHAQEEKjAoMCYGCCsGAQUFBzABhhpodHRwOi8vbG9jYWxob3N0Ojg4ODgv +b3NjcDAeBgNVHREEFzAVgRN0ZXN0LXVzZXJAbG9jYWxob3N0MA0GCSqGSIb3DQEB +CwUAA4ICAQCiKCFfS/CxkFcPqu4Xg2bSxd0ge5oXYOtkr5Pe6C6nMXjvSirHTWiX +eUkxB+8FrU7TZGVUalbROsdZLCaOwPD5Xed7fjRoOKiAk7/JZxkIBjz8q9uAOXql +fFZOwrAe5DHGaux/hZBmDLc/JRy5eZY5NsW/YfP5WhhZr/zsi1R0Fxkd3QsSr5yl +SDyaq3yKWAojkGMSmsYsisPL2LXJlEz961YNtok22fTd7mlSREFL13/RcXf/Fegi +2pjhGwrLjILkil1PTdbxOav6H1UScX2Q2S13rmJmPjmAVcHQAPd/UAQN2n0MLGzB +iyFT5b7q97vgPCRAzGNE/t9So687bgw+CMPDGprz2yt1StTJnbDbWfgOZk1aj7Y8 +p8TJ2zmifD8VlAfa7+RDeNIfnSMI6Zh7vJWG0IxttKcrPNZxqfoTQKRTZBz1lOGE +Q06Cs/We6YKWctpf/5UPE29ncjLkT9XX9yqyNKLJnQWlcfltSyDRUTmhNsbhI/Pl +fxNceHMSY7ewkvfQ0FQMOj4HuXYGaTNfOknTRMRue2gmj0ezH0yxwmLsZShRgKmx ++rEdeplmwKaFRQcQc8TYGmws3uICUf5KbcL4pt2Pi0Yy2hjc/jCrf4RUw/trtwPJ +7xk/PGGFQBWwzCmZP86ZPUL3BaWOQWauNl8XWCLC9xx9e+mkaUI50w== +-----END CERTIFICATE----- diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/openssl-san.cnf b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/openssl-san.cnf new file mode 100644 index 0000000000..4bf6ffc46e --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/openssl-san.cnf @@ -0,0 +1,139 @@ +# OpenSSL intermediate CA configuration file. + +[ ca ] +# `man ca` +default_ca = KeycloakICA + +[ KeycloakICA ] +# Directory and file locations. +dir = ./intermediate +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +email_in_dn = no + +# The root key and root certificate. +private_key = $dir/private/intermediate.key.pem +certificate = $dir/certs/intermediate.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/intermediate.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_loose + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = MA +localityName_default = Boston +0.organizationName_default = Red Hat +organizationalUnitName_default = Keycloak +emailAddress_default = contact@keycloak.org + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection +crlDistributionPoints = URI:http://localhost:8888/crl +authorityInfoAccess = OCSP;URI:http://localhost:8888/oscp +subjectAltName=email:copy +subjectAltName=email:move + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth +crlDistributionPoints = URI:http://localhost:8888/crl +authorityInfoAccess = OCSP;URI:http://localhost:8888/oscp + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/openssl.cnf b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/openssl.cnf new file mode 100644 index 0000000000..acd341ff9e --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/openssl.cnf @@ -0,0 +1,135 @@ +# OpenSSL intermediate CA configuration file. + +[ ca ] +# `man ca` +default_ca = KeycloakICA + +[ KeycloakICA ] +# Directory and file locations. +dir = ./intermediate +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/intermediate.key.pem +certificate = $dir/certs/intermediate.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/intermediate.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_loose + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = MA +localityName_default = Boston +0.organizationName_default = Red Hat +organizationalUnitName_default = +emailAddress_default = contact@keycloak.org + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection +crlDistributionPoints = URI:http://localhost:8888/crl +authorityInfoAccess = OCSP;URI:http://localhost:8888/oscp + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth +crlDistributionPoints = URI:http://localhost:8888/crl +authorityInfoAccess = OCSP;URI:http://localhost:8888/oscp + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/private/intermediate.key.pem b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/private/intermediate.key.pem new file mode 100644 index 0000000000..3116bf9414 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/private/intermediate.key.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,55738491E62D25465F4122B4D81938FA + +rivJE7agWr1e9e2zPd8OZttFzBve49d99hdvxpScz6Bl0gVwV2VGiFonGdCzKnB7 +adJgoU1R7nC9jKLoviCM1qd1bnzY7EudnCBsGMbaNhuoeaS6Sc0lEMBNryDIHdQj +XaBgbDU9drELn2f7AW2l23kofQYTfY/et4qasDlRSH9pdUOTHsMArkCNamg/FCJ2 +/5InAqOZlIOENPmEPWF7gpBLiIdsrb56CezYhxy4Cz9hTGaQrVW/9fFpfEcmA+7F +7f8TyWGb5pDTPSnBUkYXk5tFqCLghPcooI+hhkGUJR43L5SRg8SqpArYou0enHkT +r/Hbat5zXZgJAp6qJ1Xi3lH1hqO6m+5aW45SCL4MZhDahLQI632zLcJ/MQMMWLEp +bYC+l/UWTAh2JGbS+vTwZ/hluOh4qZMC/cti6QJ1oqOzDxDuN7A8UY8RKBSsA1OM +aX1L80kHHTyN4i91JNNjsGxH1lmBDS19YdWQu1XHpsM8KANRoRVqAMeU12Ip0lVD +wp5pUzTaNXRlFnoxDpu6fUTjcNxitv08EnjVNeFT5SmneVBH7ZPopLWErd1pTdnU +fMDnyrNcr7g0HkahmCRoMy4WroRz1yQ1BX0BOoMO+jrLbCR+bDFiyapl5VG7zOW1 +p5tG/ra8fuB7tkXxzqqINSLKCHaqsEsl7hJ9CJNX45ypT6jlehc0E9OGI3W5x2hK +6fG+T1gzu99YwcnAsSlsTqGgxj/VO8wwS/fPN3QA4iQMFSVdhnjt2jLO2TpbAudW +6/2G7ulYpj/G7JwdWJD7V91U9LUx6fyOja4NJbV/WB9la84VHluGjGFQul5fMuvU +nVOv1fdmuJA1WIohczH2nADunzv79rswfr0oZKXezvQUkIRC1kOg1SM6vlQcsGva +Y4obtLNDmwsJ2qyx51NTkkrewrlMuuf2AeoIy2fBZ6mhEdNCFUkvk+dwb5UsX2fG +6w8klofTwQxnsdq07+QbDQOVw/MANl3hQPAjtsE19kGWeHNyYp8X0RxGDSoS6qGp +c+Y2jG0xzK0Mo/m+GFG8AHDHbpC+hVhxU4/ll1L3QL7ZpY9ZNi+YYjI1abqexU/t +/pf2n9vjAvyrST37SvW3n3bb5ltmDDIqVHarn63Bm2ZM8cvnmK3S65FOxTp0wZ+q +tZ5fWqcyWMWxnYVV0yGqtlsZOsssYosrsMNV1NGxLI8Gkmz69/4qs2jToNqIsjNa +SBeweGKTqofFt5VtVjWURvfJMM2wleKMJ8KSOA1HS+c8577gblSrIS1ZtAo8hNlO +lKqPTuyf0SAe1lyYfzijn5k1v3XfpdC7VbGbprK6jSw9pSFYDwDeVq7rMgHFSGTR +Jv1mfHt0D3O/C9p8lVz68ROmblQgq7XjbllYmjTBEZOB3HQdRGPV0h8ag3UHHGD+ +lhV0L2RDkzwHfjjwlvJxtBUchKuN4Kxpb0aQAVVt3DzOv49sLAkUyCPzkHu8WliB +lfXf8alQ9XGbSANWhZxZJ78E/zLInaHBkMlkH4vcsuEsZ2Lwxm36v5ES6RJgjCad +sNSBg6EHRNfnnFPOVZBtzA/APsR3yMmfw9t8Qcp5vFudhtwxQ26QcWrgj29yZyJm +Qyvn4d34JIhZM122090lhGbKWDaViEZ88a26SBiMC1qeX9Aomlow+mwEaYpS4EmT +tNADYipjU2yWB07FXw5tmGaEuAFmsC3t7PcbsYULUlbdjuirbyTiG6QxruecPjW5 +KKBMb5zqcxSxKgeEPa3DsDggMcimLugKu/sc6+mBKu9ngvl40gLEvroSb2fySFJP +gGdIrjro1nNjaHAIR5U9QJFNaViOiIEiOlDHc53bRWnJadPceH3xdvGJC8d6Tm0d +T55j2OYBkAxGSwQrrt6C7oo0xoscumkz9etTLZghA6VWZh25m+Xw2sh/qVKDTrHx +2fw9NKJfSDXDfejqJDR7SWUjZ5ygLs3JI4qj8+5XYFKbat9l5EGPrpqrxWmzy2EM +CiceOWPHhWUkoAqPgfDCp8AIvtpDJyW8pyz+sMtBSTSidsM9BqacfyIySZKmDxau +SicM+9M5ggKJkmm7hJ2w0+tHjqzA+2j/HRm2+Ti2aKSBjclcGU70/CxwJooPJ+lk +dQvlW6FP9enK7sYcZgQ52NPHcsuha0VOyLdnjV5cyCv1VEDFv5XIX2KZveqNeKDS +A84D/Q2k+I3x4Rc0G5ge1uVuNJV67BiYF2agSfiyr7Gb9RAIZXuqjtPToRqXfs1f +YKfd/s9/Rq2gB//RRzXtwLdXtZ7GDAGBNsFahk1X/F9DhYg3mkfdqsAjJp6l+UOu +8khW2LwIGAmstltiC3G9I+66cYz/Z7xv2ycCoTUZ4IjXhpzw0dv3yVzu4Y7mYfls +oDyDy8Y+Z9QwQl2IYTycxOG07OuwpGmcNDzj2lUGBLLWQEZRfLa+rwFXtx9AbhZZ +qRAIeI2fAkM9qR3Txarz8HfxqeQV3uHmXMrLVhbL1KPVRvFlCic8VohzNHDa3XMV +FHn8BGkemhp/5WaaHa2O9b4EF5Ydo7SmNhxQTTkqUTfHaiL/i22ItOtyUVWiMmS3 +D7LnERSegQVA75QYe/4QFsXPa9WSY63bjfWb6QUX1LP4xeqBhl/m6VgxAvCBSknI +nAbUuyItm/dLTlelsQ7LtKDeGHZ5CWxArmSbfR7kPuCf2OiVoOGyMd+Ygnok51bS +htWN1mwVN9oHUPSN2twqDUEyuIARCzJhXl4goSm2/CtOc+ZPUuRD895AU41FEMRA +qZ6SRe6sgUh4gqpTKPaXT6z7+UKd04UKIBhfGmoUSrLwP1tbPSB6C0ppvv7WqsZl +DL7VYcHASMo0zVmMAw/zIwd0qF0SDiajXfhiSfPypAzHHavz8clq7Po6AvpgWZC3 +vjfCb7MVEXRDXCUMzCALdiaW0YGZv5D20Yj16I9lSmYijAflReGN/j28xhsSuZZz +uBFHHpD/kN/L25VvDYZslc0KUWkS0kRshkgMtuHEC/YbZy0ptan6MUZ3uWHrUHzs +FAMDf9j90CGr1dS0amXMZD0IvJ4nNatvt92OvjNCUc76fc4RJ1QGC7oHdUuJEdxF +IPl4SYWfUPh/cvEPHqPag2G5tFIsBv9252nzr+v+7ochdbDL7ZLOrrmgBAxTubY1 +-----END RSA PRIVATE KEY----- diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/serial b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/serial new file mode 100644 index 0000000000..dd11724042 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/serial @@ -0,0 +1 @@ +1001 diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/serial.old b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/serial.old new file mode 100644 index 0000000000..83b33d238d --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/intermediate/serial.old @@ -0,0 +1 @@ +1000 diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/newcerts/1000.pem b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/newcerts/1000.pem new file mode 100644 index 0000000000..3521cbccfa --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/newcerts/1000.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF9jCCA96gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVT +MQswCQYDVQQIDAJNQTEPMA0GA1UEBwwGQm9zdG9uMRAwDgYDVQQKDAdSZWQgSGF0 +MREwDwYDVQQLDAhLZXljbG9hazEUMBIGA1UEAwwLS2V5Y2xvYWsgQ0ExIzAhBgkq +hkiG9w0BCQEWFGNvbnRhY3RAa2V5Y2xvYWsub3JnMB4XDTE4MDIyMDE5NTcwMVoX +DTQ1MDcwODE5NTcwMVowgYcxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNQTEQMA4G +A1UECgwHUmVkIEhhdDERMA8GA1UECwwIS2V5Y2xvYWsxITAfBgNVBAMMGEtleWNs +b2FrIEludGVybWVkaWF0ZSBDQTEjMCEGCSqGSIb3DQEJARYUY29udGFjdEBrZXlj +bG9hay5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDYix1zJTa6 +TTsmPjctc1R56vYPsIhEeyRis7HL8s+EbFbBpO8jWSSSaJp0MWkahUtWidu9cWK5 +yPC0ezUD3LYclktG1Y6zxeY6G5RnNCUgV8EYkeCJAmlGVhgFjU+7r6HNh1L2sLJe +jUOKMsKcIxt1TpiUbph/3J1TrqPWDD1jIwB9337dvZfXdwIa45phk1Sb7wgR6aB4 +mJPKBpekkh/5Wh5QRXI+2+Vv1Mhq6Stx1MdE4P2u8lblICOlnCaIWiI6B27yot2x +hcie1wvFwa1iqtBr4tIHLIn0XNKwqoeooM+WHlkwjMF/Yp1zYJJJmkXjh1a3ZIT5 +7We1U3RxJrLfxE0D4Gm/S7Q302xxiAuDdycHx6oz4qYYwIYZVk+/8q4CDXVyo0aC +Y4e9fsAPmJvy5TwKZOKocoj+BFAyRwPd1iVrSGeAQTJBPcMgu70o9xVBnU8Pgsif +O5HzpXw9LTRrDaTS4BZ/rYA9PDLzexMVrgVCg+X1dRd3T9IsLPOlo+HCpfNGhfgR +lwp8/SRGmBuiaG5k6kaScP5mimSGYOvhjRHLNkY+Rgtl+hrMDn8DFd75PibM95hG +ia9k1qbrjmj9gRGA4xz1QBqewd2TTgAhaKxDFqQec+cJ15vf5AxB4A/KqFmqYXYX +AQpKczbt2goTyb2Annhpa5WJe/sYvYqTUwIDAQABo2YwZDAdBgNVHQ4EFgQURxJ8 +iQtHVxlUCvUDBM2fhqKWdpQwHwYDVR0jBBgwFoAUIrj0u3MAxyk/k4Cl9hxSAmrL +elIwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN +AQELBQADggIBAFwmiG2sd77dmX+klIeLVIYq4X3VwNijwzpuilDPMqSfSlBawj8f +PjwFJYzpcl2pe/Lq6sq96VMkN65/AUs/XZOW+ybgE7ZuJlfT12sk48TPgaVvP2dJ +5ud2l+DWYaH6KjU3B/xx8xttN73BilMobaJMDy02TLK6VgHPtV3bRyPOQNsGrOmp +wJMPi7t9UjcMm0THhVHdP881ryGXraNb38x5AgTILUwRYmwjtc1Rrlls0eKLtoAl +n5oScPDPeZELVunFFJ/ZX2lx5yApWpP1sMyzvJxnZhruuzfxsW60Tp+6Q8rHkabw +ZnnkHgi53/Gnp3H7l/kszM+hNYJXTDTHdPTQMETHEHqiWOzYttBTM8p/ffb3haTm +UnPb5fuRXJxX8vMxA1h6nSFWtQEQbvlGiS2oGNAOi5XlTsE+mjYMALuAPID9v8Yx +3eTyI7a4I+qy3a+0Q1iBFsAM75q6cbne7LK8FjLHDnZvHOnredoR/tmebgphD4C3 +p4xNlwocSs+Fhjqsf6L5AvAc8fLP1206f/lp/9qEnvD0kocw2KvxwZY2yDtf115z +aHxhil32iWME340LVSYyQZqwPPr3N2t4CGZsgGs8vPXLECAGqrT3V2/I3iZNF3J5 +i0GE63/1Q35BPHxPAJcqB/a5woBwo/Ae40u6qWR15keFp3UaJ0M/C9GR +-----END CERTIFICATE----- diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/openssl.cnf b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/openssl.cnf new file mode 100644 index 0000000000..b596754b01 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/openssl.cnf @@ -0,0 +1,131 @@ +# OpenSSL root CA configuration file. + +[ ca ] +# `man ca` +default_ca = Keycloak + +[ Keycloak ] +# Directory and file locations. +dir = ./ +certs = $dir/certs +crl_dir = $dir/crl +new_certs_dir = $dir/newcerts +database = $dir/index.txt +serial = $dir/serial +RANDFILE = $dir/private/.rand + +# The root key and root certificate. +private_key = $dir/private/ca.key.pem +certificate = $dir/certs/ca.cert.pem + +# For certificate revocation lists. +crlnumber = $dir/crlnumber +crl = $dir/crl/ca.crl.pem +crl_extensions = crl_ext +default_crl_days = 30 + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +name_opt = ca_default +cert_opt = ca_default +default_days = 375 +preserve = no +policy = policy_strict + +[ policy_strict ] +# The root CA should only sign intermediate certificates that match. +# See the POLICY FORMAT section of `man ca`. +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req ] +# Options for the `req` tool (`man req`). +default_bits = 2048 +distinguished_name = req_distinguished_name +string_mask = utf8only + +# SHA-1 is deprecated, so use SHA-2 instead. +default_md = sha256 + +# Extension to add when the -x509 option is used. +x509_extensions = v3_ca + +[ req_distinguished_name ] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address + +# Optionally, specify some defaults. +countryName_default = US +stateOrProvinceName_default = MA +localityName_default = Boston +0.organizationName_default = Red Hat +organizationalUnitName_default = Keycloak +emailAddress_default = contact@keycloak.org + +[ v3_ca ] +# Extensions for a typical CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ usr_cert ] +# Extensions for client certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "OpenSSL Generated Client Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection + +[ server_cert ] +# Extensions for server certificates (`man x509v3_config`). +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "OpenSSL Generated Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + +[ crl_ext ] +# Extension for CRLs (`man x509v3_config`). +authorityKeyIdentifier=keyid:always + +[ ocsp ] +# Extension for OCSP signing certificates (`man ocsp`). +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, digitalSignature +extendedKeyUsage = critical, OCSPSigning diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/private/ca.key.pem b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/private/ca.key.pem new file mode 100644 index 0000000000..9a51de04a6 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/private/ca.key.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,0DB2418CD45582213A6DA1664904B74D + +hCr065CBgHEofMLubxh+GPmnVeLFF/x1w+FhSLxGysTkFARjU2tSxE71LWB45WBX +eb1cta3aJJTdZWn1c6X/NDWHl91JM4nY3vMsA279SrSZi7/Bb/uJl+Hi4vFKyUpq +qf0AW5mDQURKZ+WsqiQqCMNXHqeFbBFRmcnN7uhnN30KnwAQyo7rgkimeMg+OWnO +VFfWT5xgpBx4ki6om8I8SETNsJWLdHmuMLUsTkRQFp+SOxCJ4vQisAiiQVuQjnZX +wqeGvSf97oSpyYUPF3qgf1kE3hdG9XswOk13rHpYc+fUFi3F/aLeuQWH1Tvc586Z +mhxGHs0Z4VmTZkMEZ7HeNa5bjszuADyh+Nyk1eXdf/TChLPaFi+JQsz0kdt5MsHE +eiUfhbQfUxQPdH6r+RPhZK4vSeE3CXY5gdKQmHIUgnoZOkr8jelK/vO6AJ0Tmzig +gL5W9w++QzuIp6YbRXF0gy804U5CWzvY86a0eX5Ao4w6esDfinT9FNHeF8GR1wkh +KUvNHQPOyFNR2DOMjFCPTfBiWrYGIral3mDp+zLIMgEIWG8sHzhVfPqup7fokYxb +/JW3jxuZXatFwUy0FwlqntcoqBZmb7wR42hi9X2uDWfWr/rVh/Vf9fMqDndTz9aF +9VjyibwJWRLXX+rtzGcG4KxJu6Tg1xjs+7zALCnQ84KifbJdG6HnItu5ME7lY1Cf +S7+qxERzASla4NYCQK8+/7p0CrSe5jer64AJbSz/PGRCR8Vs7ZCJYBJao27L0MKJ +fNgDaY/ipv2/ENgd7GUoyz++8q841iY8Q1IWzjbg7/DStVcZwQRD1aiCfzyIo83z +YwQtAy/epj9x2Jj4s+FDJsBZ+V7aGwhEEvXrfZllDfB2uw+/idopLQUJQThZWRQT +q9pHfqKNbmvwdviD2E07CNojtNh9TKU1rvzmC0dJIti9hfEGTQJipvQ8tdA7jLyQ +TIF9KekSWpvTQ1g+4x0NfmvdKTsjgM+71zUyGScOK7WuBDOURBT9bOjqvl4+AYKV +cqk6TNIf5Rf3hPBYsgNvd24hIpdA1Jab6OrF+zpbaeAVf3voFMn8Ze/QpDn76qsE +X7quBKaaWsEfZf39P44aCVYLva9jm1MI6PpFZdOsHaq/TLITcTPM1Q1ql4BQJl4t +3SYC9xDDUrJN11W8sFD/V6B4PdraxtlZ2Uehk4TU6KXksVbUkw02aNFtWPwJCMBN ++9NA5ymPtNQGm4G4VhZzm6ywHEflZ/2rUtG+pe6U4WTmU1yrinaTV9WkGV9qP3SJ +ttFrUvcJgRxxkfKCTKMfQvIKU7R3P4WbCjAuLO+W9aC8/6ljr4ALSHOXuFc5OrTs +Xkl2Z3l5xl4JY8cFagXKEZHfjWvNRNwURNQwFC/9aWFqSjuZBrJfpRbshL1HM8lb +Nef1fww7GgRtjZstjd77BgBF1pLfF6ERUmo1HrbSYtjpMUMgMp78Okj53hAYj7qQ +VO+U7ARvgDzGAkqBcRMoHD03fp+YvLrao73PQR+lMn/QfkiPFP5KZHulNKf0tJHD +ASB+v6WaNFWHAvKCSDvKcvAiVvCWd4baKGJUh72cFeVF3S0pqlKrUhdCdOVrf6Oq +HF0Qmkva8OHj6NC9vrXqOK1QlwqcKfJ6DZUYFEqc8fiWf/+sLuDcCQNmusDMzEC5 +YXHZek5JFgiGZ1OcH6UyQZwnmHcElxm8u9c0vAe3BJnmu9nBVaph8MMF0XKhEalS +c+J5FPtc1ioM/2lSy8S2eiKlwX3MiQ1kAD7bohd+AGL4hZChNLHVlTmb3n/rr3N9 +9JISLU876c1AkIvAF+dQXsZRUFiqvbMS4cwdOX2ykRBIqrCcsxZXxoBdUd9CvWvj +ABJ6780R7LD8YYrPfiGMLvAWfIBbiesACRIU2pZwIYbTRKO+wZ7dG2paZSZqskNf +DQjzW7VL19VDTchnmMcaYUk8HEYuwQt8n1Qk7qntLSH2ANDzopCF0IEtBDL4irgp +c93zzecmgilVtnfFlBm5vT7Gv7ryU/R7vJgnmYwUIAwPF3oedaPloSAXKw/KKoxT +SJBcZRhpdl8eMlp1H5OYdWiYBsjJtJuh7oHC2QplG13GN0GdGhZ4H9nFuZG3TLWP +oBE+j4StCiSxaxENc6Op9J5/xMUwCrTlxD6yVfAijqpvdZ0XIRKdnZLD1+bLFv6k +Xo6I2Qf9ruSwslaYa7UqUN1eLkyAkouyhN12XYhroQ/I7JTaUnqwMl45a4p9nArh +7vUQ4Sa52tWXbpgDQ67qHQf5g/3P4dncVbd78YiAs03pqZQ0cSCA/exKCahTuLpy +nTQy8TiSI1jTRGV86bbga//SuAnJJFkcZAhOMU+dRFYAlzENGJZaacyeEjWF0mpg +VSMmkZI4YCSmY19PjDk9wKxJYBAZulsK5fqEqBjbC4whrc9N8rPFtuNOG2T5DEoB +wuKzmJFHPKiY0+/6cd63B4L7yvNJYh6t7uHQJdsW8nzxPkp8Bddtxf5yEDy6Ej3b +eayKFDLdjzc/Pf7zL8CnKXjZNw218p0vAaHJ0zN/dwyR52GBm4uTlJDxiWVr7Gua +Uz2KBcPy/h0cAHSCedrecdqkCYKGRf/wpc9Ov7jEOgi/ahgt1qjd4ZkTKpvZ3P/b +/ZxyHRVGLlfHs17AFHEXxwRvWFvC42tnsiBJBsJPfj7qkpxTHqEtE9x4xfEdwNf3 ++faMaPkx7okYDfCkDrnqEshOxS8vOHjVyrYkOHiYVUX8+8tYdwJlNo0/V7ugT8ge +EIjTyR29N1TOR5ZuhYOAuhR3QNhG0iHf0mXTsA/qNx4UBAQMpg2aWPYepWDMaND4 +n1xGkzBt4qWKNR7umbjzC3JoQACSnI+Qp46rXc1WH8GEpVfcCQry2BGDjFRWlOd9 +fRe4ZAdgEh9mZocbkTDqVqUHZ//Y7jLzkYdZQwqFCegtDGC1RztVocaZUO/Yqcto +yVs6DWqMlcZsZtM3awXbX/UOJIfx+n7AFJ/IRbptob/p8E3MylcLZXuMIOgcJGF2 +GVOEMTXQlmgyHfUDp8PGTNJdfdtz6CZWNmx/dcrzFrX/OS9M3E9j2qhgpC2XwGza +ahuTcE9Eu+xxeEycvQkv/5pSO+phCSyfj1Zmk/o0SvUGYAMke5Bm0xCyCyGh5/Qo +-----END RSA PRIVATE KEY----- diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/serial b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/serial new file mode 100644 index 0000000000..dd11724042 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/serial @@ -0,0 +1 @@ +1001 diff --git a/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/serial.old b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/serial.old new file mode 100644 index 0000000000..83b33d238d --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/jboss/common/pki/root/ca/serial.old @@ -0,0 +1 @@ +1000