From 0bda1e43269af186e0b61280410e4630d67c5fcb Mon Sep 17 00:00:00 2001
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Mon, 8 May 2017 17:36:16 +0300
Subject: Add support for certificate name subdomain wildcard

---
 tests/auth/cert                  |  9 +++++++++
 tests/auth/self-any-cert.pem     | 30 ++++++++++++++++++++++++++++++
 tests/auth/self-any-openssl.cnf  | 22 ++++++++++++++++++++++
 tests/auth/self-cert.pem         | 30 ++++++++++++++++++++++++++++++
 tests/auth/self-openssl.cnf      | 22 ++++++++++++++++++++++
 tests/auth/subdomain-cert.pem    | 30 ++++++++++++++++++++++++++++++
 tests/auth/subdomain-openssl.cnf | 22 ++++++++++++++++++++++
 7 files changed, 165 insertions(+)
 create mode 100644 tests/auth/self-any-cert.pem
 create mode 100644 tests/auth/self-any-openssl.cnf
 create mode 100644 tests/auth/self-cert.pem
 create mode 100644 tests/auth/self-openssl.cnf
 create mode 100644 tests/auth/subdomain-cert.pem
 create mode 100644 tests/auth/subdomain-openssl.cnf

(limited to 'tests/auth')

diff --git a/tests/auth/cert b/tests/auth/cert
index 41b3b9c..5cb1237 100755
--- a/tests/auth/cert
+++ b/tests/auth/cert
@@ -16,6 +16,15 @@ openssl req -x509 -new -key key.pem -days 1825 -config mismatch-openssl.cnf > \
 openssl req -x509 -new -key key.pem -days 1825 -config noemail-openssl.cnf > \
         noemail-cert.pem
 
+openssl req -x509 -new -key key.pem -days 1825 \
+	-config subdomain-openssl.cnf > subdomain-cert.pem
+
+openssl req -x509 -new -key key.pem -days 1825 -config self-openssl.cnf > \
+        self-cert.pem
+
+openssl req -x509 -new -key key.pem -days 1825 -config self-any-openssl.cnf > \
+        self-any-cert.pem
+
 # Normally, you have no reason to regenerate expired-cert.pem, as need to keep
 # it expired for the testing purposes. But if you do, copy expired-cert.pem
 # content to the certificate value of the following manifest files:
diff --git a/tests/auth/self-any-cert.pem b/tests/auth/self-any-cert.pem
new file mode 100644
index 0000000..88553c0
--- /dev/null
+++ b/tests/auth/self-any-cert.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFMzCCAxugAwIBAgIJAL6WhYgIDFucMA0GCSqGSIb3DQEBCwUAMDUxFzAVBgNV
+BAoMDkNvZGUgU3ludGhlc2lzMRowGAYDVQQDDBFuYW1lOioqYnVpbGQyLm9yZzAe
+Fw0xNzA1MDgxNDA4NTlaFw0yMjA1MDcxNDA4NTlaMDUxFzAVBgNVBAoMDkNvZGUg
+U3ludGhlc2lzMRowGAYDVQQDDBFuYW1lOioqYnVpbGQyLm9yZzCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBANq78SXuzFzCMoFU1RnzEeAfzE0UUYGynS3F
+2lG7viH3coxjLt+BrFBudVs4XDTpjXS19hRxIohEgD71W1jhDvmUC9yCMW13PCII
+jRKTTz0efEhTcMHdhOgvKZsje0IV7svoKVXcG7DfUVl51wWPQPSbUrfsQbsXg7Pz
+5HaDx+Dt2i9hwdE1M0z4R2dtwQkszFyCKiX8RF9oPXirTz5ETLC3f19JUapLrY5l
+5ZylzQifLhPMlHLlrT0n7KkohH7waX3KyeLa0M2IIl3zaeAsuN+ErFVecAdlJIvX
+00cth2OO/Gxy09sIKlagi2q7ZDik2sMvG8dAv7gNZsXp+FOj/XXCiOI9f6D5ospJ
+dK9B5UCABjmGc8W5Odv6ZLey5Ui76luI7ciITOKfAoEkbyMiNHiRxLdM7aAeizdc
+wHU4bm6JlmiJk8UyyV85f33mvCSfuo7D+DQYiK650/xwRdTFBIqi38IwME62gT7a
+h/AOmiPshj7FjwIU7ZWHskyr9qpExQOEKJXoLZJo1rf6MRc8AsJyz6zdfQhT1BTz
+hogNfru4xjVM6fSrjRUF34msuWcz/HKo9W350Aw2y5F59kziP+m7G6uBYrqmElv/
+13Vamg2ZZ1b38KMz5Ss3SkfcDErOzz/D+0hRlOaCIeWts1G2zWcQvBnn+zGA+sTI
+u0xAFOCRAgMBAAGjRjBEMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggr
+BgEFBQcDAzAaBgNVHREEEzARgQ9pbmZvQGJ1aWxkMi5vcmcwDQYJKoZIhvcNAQEL
+BQADggIBAMkex3gIuU2G1kDg57PG2H188pDU0lRQzkC3KTy8o0n5gwH5ZPAN6hYb
+BauJj92sRYLwGP57TWPqgVwFQWYQSXQTP5mu8RbIfW6nxK88mwcHj0nne8fdO14Y
+FJms52uvuq+delypw0+pnsUUgt3MkVf+9hVhJlxxpEAH9rhJ4roSdNdvuB0JnjgE
+eKUX+9Vyptch4krlUrTrFm6aSBEm8NzI1OAsTmOLtrB59xkLTKej14YNUq09kyVA
+JsueKlXSHtHO3CxisoFWHfczonSbIJpOUJn3DDZDZ4UPft2dD+oyW3zMrDoXczKm
+DI+CTSvSqWVpwiUTHsO2IO+XI50HHZCCoMF0or3Gg0zyq9+Dj9yX7VAUeqxV2jIw
+ZvCm//k/zveCmJZrhW4doKNy0AudnSRwzufcFLVI0H6ID/q/Udb5g5J1eYXrLJRo
+V3pfY/HhtTZ3wYT2uTd+++NHSmoXud/w3hPHnHQ4zuw+6Qpb0QhyBSODNarMzxBX
+aT1KHZcF6OW/90932nesY+4IIzYHzVrWfBnR23GaXRPhfnnYneCVB5SsUhY5kEGa
+NjQDXtwFGNxiFd60nFtU7PFUVLSNx6MRy09+8XyUu4mg2smCZyDoSzKFTICaU0Gq
+vQ5Nhvg8bdSTkBJyOKPD8SNyxWs3Bdk9XyZnpCKssz1KnUk9y+VA
+-----END CERTIFICATE-----
diff --git a/tests/auth/self-any-openssl.cnf b/tests/auth/self-any-openssl.cnf
new file mode 100644
index 0000000..c0d72eb
--- /dev/null
+++ b/tests/auth/self-any-openssl.cnf
@@ -0,0 +1,22 @@
+repository = **build2.org
+company    = Code Synthesis
+email      = info@build2.org
+
+
+[ req ]
+
+distinguished_name = req_distinguished_name
+x509_extensions    = v3_req
+prompt             = no
+utf8               = yes
+
+[ req_distinguished_name ]
+
+O  = $company
+CN = name:$repository
+
+[ v3_req ]
+
+keyUsage         = critical,digitalSignature
+extendedKeyUsage = critical,codeSigning
+subjectAltName   = email:$email
diff --git a/tests/auth/self-cert.pem b/tests/auth/self-cert.pem
new file mode 100644
index 0000000..1553a2a
--- /dev/null
+++ b/tests/auth/self-cert.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFMTCCAxmgAwIBAgIJAJlKDlkC6IwmMA0GCSqGSIb3DQEBCwUAMDQxFzAVBgNV
+BAoMDkNvZGUgU3ludGhlc2lzMRkwFwYDVQQDDBBuYW1lOipidWlsZDIub3JnMB4X
+DTE3MDUwODE0MDg1OVoXDTIyMDUwNzE0MDg1OVowNDEXMBUGA1UECgwOQ29kZSBT
+eW50aGVzaXMxGTAXBgNVBAMMEG5hbWU6KmJ1aWxkMi5vcmcwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQDau/El7sxcwjKBVNUZ8xHgH8xNFFGBsp0txdpR
+u74h93KMYy7fgaxQbnVbOFw06Y10tfYUcSKIRIA+9VtY4Q75lAvcgjFtdzwiCI0S
+k089HnxIU3DB3YToLymbI3tCFe7L6ClV3Buw31FZedcFj0D0m1K37EG7F4Oz8+R2
+g8fg7dovYcHRNTNM+EdnbcEJLMxcgiol/ERfaD14q08+REywt39fSVGqS62OZeWc
+pc0Iny4TzJRy5a09J+ypKIR+8Gl9ysni2tDNiCJd82ngLLjfhKxVXnAHZSSL19NH
+LYdjjvxsctPbCCpWoItqu2Q4pNrDLxvHQL+4DWbF6fhTo/11wojiPX+g+aLKSXSv
+QeVAgAY5hnPFuTnb+mS3suVIu+pbiO3IiEzinwKBJG8jIjR4kcS3TO2gHos3XMB1
+OG5uiZZoiZPFMslfOX995rwkn7qOw/g0GIiuudP8cEXUxQSKot/CMDBOtoE+2ofw
+Dpoj7IY+xY8CFO2Vh7JMq/aqRMUDhCiV6C2SaNa3+jEXPALCcs+s3X0IU9QU84aI
+DX67uMY1TOn0q40VBd+JrLlnM/xyqPVt+dAMNsuRefZM4j/puxurgWK6phJb/9d1
+WpoNmWdW9/CjM+UrN0pH3AxKzs8/w/tIUZTmgiHlrbNRts1nELwZ5/sxgPrEyLtM
+QBTgkQIDAQABo0YwRDAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYB
+BQUHAwMwGgYDVR0RBBMwEYEPaW5mb0BidWlsZDIub3JnMA0GCSqGSIb3DQEBCwUA
+A4ICAQBhhZHfxie6sB6GO00NGBj+8Jcbg4CltB1hq2dFA3Ytx2VSFFl4bkq1jSff
+fciWh+GoVNmGIYnDok3Sdj+G5x6r53hn3zRZuZDK5CzAZ5fmagn/hgJpYhrbqCxz
+hXkuKJkxCQTLTiZOWRvdNZRu8cApNgVnlUKPcqiv7QEgAkGPqR+ZinmXzbYPDpmV
+PjP6r6jtpGMsFyIoO4N3iFgDneiV8MJHLyjSNoNddu9ylPcR9vwfmtOxMnlnr8lY
+za1AbJtkYsNJKuIZd5dvB47E1D8d4a7ZL5vIhmt9C9d+9gE80H4PZfXQJ+jPPGCl
+SUqbEFiZerRUgybfLtUppgFXtP855uXTKMR9GOeWCOEKWEklLVOmFmHO09OvpzTf
+MQSCnwV4d/rDYbIWA5w5FzlS4hB9q/SkY6JFPGu6lLfKvkMcCjIncIANDG2vtafg
+tDBTVF49GZmbCR6fSr+Rs/5TliTaRgj7GmZ8V75uIX/fSUFCklSrE1yT6WrrOsf2
+Jq4JpodZ6l+r+u993YJnp3o16r3nwpg6jVeWxI93x7JsdXxI9IRRelVoeQL44BWF
+zywo2GPwQfFTdFSOrKB7TrEgR0T+z0dKAJoI0S1lqxTxBleNSVmtBiicglxjFnqZ
+GvD6iu0+Z2aFqvfyquMjUWMfiRxioZ3altX+mj4hDjWvY6trQg==
+-----END CERTIFICATE-----
diff --git a/tests/auth/self-openssl.cnf b/tests/auth/self-openssl.cnf
new file mode 100644
index 0000000..a4a8fa8
--- /dev/null
+++ b/tests/auth/self-openssl.cnf
@@ -0,0 +1,22 @@
+repository = *build2.org
+company    = Code Synthesis
+email      = info@build2.org
+
+
+[ req ]
+
+distinguished_name = req_distinguished_name
+x509_extensions    = v3_req
+prompt             = no
+utf8               = yes
+
+[ req_distinguished_name ]
+
+O  = $company
+CN = name:$repository
+
+[ v3_req ]
+
+keyUsage         = critical,digitalSignature
+extendedKeyUsage = critical,codeSigning
+subjectAltName   = email:$email
diff --git a/tests/auth/subdomain-cert.pem b/tests/auth/subdomain-cert.pem
new file mode 100644
index 0000000..40f7e90
--- /dev/null
+++ b/tests/auth/subdomain-cert.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFMzCCAxugAwIBAgIJAPEWdjQimVTMMA0GCSqGSIb3DQEBCwUAMDUxFzAVBgNV
+BAoMDkNvZGUgU3ludGhlc2lzMRowGAYDVQQDDBFuYW1lOiouYnVpbGQyLm9yZzAe
+Fw0xNzA1MDgxNDA4NTlaFw0yMjA1MDcxNDA4NTlaMDUxFzAVBgNVBAoMDkNvZGUg
+U3ludGhlc2lzMRowGAYDVQQDDBFuYW1lOiouYnVpbGQyLm9yZzCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBANq78SXuzFzCMoFU1RnzEeAfzE0UUYGynS3F
+2lG7viH3coxjLt+BrFBudVs4XDTpjXS19hRxIohEgD71W1jhDvmUC9yCMW13PCII
+jRKTTz0efEhTcMHdhOgvKZsje0IV7svoKVXcG7DfUVl51wWPQPSbUrfsQbsXg7Pz
+5HaDx+Dt2i9hwdE1M0z4R2dtwQkszFyCKiX8RF9oPXirTz5ETLC3f19JUapLrY5l
+5ZylzQifLhPMlHLlrT0n7KkohH7waX3KyeLa0M2IIl3zaeAsuN+ErFVecAdlJIvX
+00cth2OO/Gxy09sIKlagi2q7ZDik2sMvG8dAv7gNZsXp+FOj/XXCiOI9f6D5ospJ
+dK9B5UCABjmGc8W5Odv6ZLey5Ui76luI7ciITOKfAoEkbyMiNHiRxLdM7aAeizdc
+wHU4bm6JlmiJk8UyyV85f33mvCSfuo7D+DQYiK650/xwRdTFBIqi38IwME62gT7a
+h/AOmiPshj7FjwIU7ZWHskyr9qpExQOEKJXoLZJo1rf6MRc8AsJyz6zdfQhT1BTz
+hogNfru4xjVM6fSrjRUF34msuWcz/HKo9W350Aw2y5F59kziP+m7G6uBYrqmElv/
+13Vamg2ZZ1b38KMz5Ss3SkfcDErOzz/D+0hRlOaCIeWts1G2zWcQvBnn+zGA+sTI
+u0xAFOCRAgMBAAGjRjBEMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggr
+BgEFBQcDAzAaBgNVHREEEzARgQ9pbmZvQGJ1aWxkMi5vcmcwDQYJKoZIhvcNAQEL
+BQADggIBANBDUE7sch9rO99MOAjEoPCU9gVZcndaAcNbghfCbNpIyPPUq7R5+Jy/
+70kYkHV0JanFFUlB+O99TsLWCkNBcRSQ9sQHqqddyEdI+LN5GUwlXq/uCwF/AcDA
+fZjhnLhes3vDHXO5lLfN6K4pvQ+viF5V4qL1KIo4gYKO1dyuoBsGt+JqUJXS9QS3
+xWLEq4IF7iPZiFYJ+fnXL7J8cuNvflkf3EeOlpMPxo356hOYp0ND6/z8P9lQWAXs
+0NQWzW4hlL5Cm+YroX/su8+on2INvP3Nx9GW3nMFRuCYXmq6rYGSw6zGZbgv57JD
+vA5F3D1XkTe85rytJjsJaKjJAC+xHQl9yzkjyBMzJBLwio75i/4hlkrpKtet649n
+PrkEB3LU43LczZXXUKmAWsV8XOEssHdCSZQD+/oyzW6FcW2dHcNeXBxKn/we2/2E
+Ss0vuys0uQGPlfT0TlHSuvIoXNIPAqzAefA0h9R2sisazkTYoeu04wWAA/Crobv5
+/NssbZ04/sMY4eTrwP/IZOvgmrS+dZSaEr9kVTUu/TQLmRDTgUtwxS39C0eri4QY
+/1M0qGY4Wxji+MPDFGSgmsLj3vrmX3nlsan4fG466TCnIo4yVhYc2c9rmTqZ9u42
+CLoIN099hOYbfUueMBwtiLd7+544cGo1n2z+AnGePmHfoQYxDOqw
+-----END CERTIFICATE-----
diff --git a/tests/auth/subdomain-openssl.cnf b/tests/auth/subdomain-openssl.cnf
new file mode 100644
index 0000000..1c4f91c
--- /dev/null
+++ b/tests/auth/subdomain-openssl.cnf
@@ -0,0 +1,22 @@
+repository = *.build2.org
+company    = Code Synthesis
+email      = info@build2.org
+
+
+[ req ]
+
+distinguished_name = req_distinguished_name
+x509_extensions    = v3_req
+prompt             = no
+utf8               = yes
+
+[ req_distinguished_name ]
+
+O  = $company
+CN = name:$repository
+
+[ v3_req ]
+
+keyUsage         = critical,digitalSignature
+extendedKeyUsage = critical,codeSigning
+subjectAltName   = email:$email
-- 
cgit v1.1