pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
atst/tests/fixtures
History
dandds caa633c3db Fix more tests broken by expiring CRL. 
There are still a few tests that rely on physical certificate files.
These are slightly more complicated to replace with pytest fixtures.
Updated the script for generating a CRL chain so that the CRL is good
for roughly ten years and regenerated the certs and CRL.
2019-08-21 05:47:54 -04:00
..
chain
Fix more tests broken by expiring CRL.
2019-08-21 05:47:54 -04:00
artgarfunkel@uso.mil.crt
utility function for getting user email from x509 certificate
2018-08-09 15:01:06 -04:00
disa-pki.html
add CRL functionality from authnid
2018-08-06 10:44:00 -04:00
eda_contract.xml
get CLIN info from EDA XML
2018-10-17 15:59:20 -04:00
no-email.crt
utility function for getting user email from x509 certificate
2018-08-09 15:01:06 -04:00
no-san.crt
utility function for getting user email from x509 certificate
2018-08-09 15:01:06 -04:00
README.md
readme for regenerating client cert fixtures
2018-08-09 15:02:09 -04:00
sally-darth-signed.pdf
Verify PDF signatures
2019-03-20 13:11:12 -04:00
sample2.pdf
Fix PDF clearing bug
2018-11-12 10:37:26 -05:00
sample.pdf
initial uploader and some form work
2018-08-27 13:04:41 -04:00
sample.png
Update funding form to handle uploading pdf/png
2019-01-23 11:16:54 -05:00
signed-expired-cert.pdf
Verify PDF signatures
2019-03-20 13:11:12 -04:00
signed-pdf-not-dod.pdf
Verify PDF signatures
2019-03-20 13:11:12 -04:00
test.der.crl
build individual x509 stores for each CRL
2018-08-16 14:21:03 -04:00

README.md

Regenerating Fixture Certificates

You don't need to keep the key file generated by this process.

  1. Certificate with an email as subjectAltName:
openssl req -x509 \
    -newkey rsa:4096 \
    -sha256 \
    -nodes \
    -days 3650 \
    -keyout _foo.key \
    -out artgarfunkel@uso.mil.crt \
    -subj "/CN=GARFUNKEL.ART.G.5892460358" \
    -extensions SAN \
    -config <(cat /etc/ssl/openssl.cnf; echo '[SAN]'; echo 'subjectAltName=email:artgarfunkel@uso.mil')
  1. Certificate with a DNS name as subjectAltName:
openssl req -x509 \
    -newkey rsa:4096 \
    -sha256 \
    -nodes \
    -days 3650 \
    -keyout _foo.key \
    -out no-email.crt \
    -subj "/CN=GARFUNKEL.ART.G.5892460358" \
    -extensions SAN \
    -config <(cat /etc/ssl/openssl.cnf; echo '[SAN]'; echo 'subjectAltName=DNS:artgarfunkel.com')
  1. Certificate with no subjectAltName:
openssl req -x509 \
    -newkey rsa:4096 \
    -sha256 \
    -nodes \
    -days 3650 \
    -keyout _foo.key \
    -out no-san.crt \
    -subj "/CN=GARFUNKEL.ART.G.5892460358"