Commit cfed05e8 authored by Pekka Pessi's avatar Pekka Pessi

tport/agent.pem: updated (expires Sep 16 20:03:39 2009 GMT)

darcs-hash:20070917201851-65a35-d382f8819061268743b4447641bd16554bfd0a61.gz
parent 94d302f7
-----BEGIN CERTIFICATE-----
MIIDPjCCAqegAwIBAgIHJQIBAZACBjANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQG
EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAM
BgNVBAoTBXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1
dGhvcml0eTAeFw0wMzEyMDMxODMwMjJaFw0wNjEyMDIxODMwMjJaMGUxCzAJBgNV
MIIDIjCCAougAwIBAgIJAPHSWjotpO2kMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEO
MAwGA1UEChMFc2lwaXQxHjAcBgNVBAMTFXBla2thLm5va2lhLnNpcGl0Lm5ldDCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsdJn/O6JoIC1I2iXOVJLQypmt9sN
HmvB84853Qx9KS+xqP3U2nqNMnDQby6ZmTsRHNGAK5QuGugU11wocmYNP0/TQFaz
KNLhNt0pMBOfpAV9vG6pCSkocObsUo2XFULPTEB/SzGcvE1G1em3XmwRfPA178y9
L2+sVNT5Vtt5KfMCAwEAAaOB7DCB6TAgBgNVHREEGTAXghVwZWtrYS5ub2tpYS5z
aXBpdC5uZXQwCQYDVR0TBAIwADAdBgNVHQ4EFgQU1OjdL9cdA0NNbxPDQ9xZUZG6
NnIwgZoGA1UdIwSBkjCBj4AUa0YXFOqUdiWAVG4TVNqh41QUobahdKRyMHAxCzAJ
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9z
ZTEOMAwGA1UEChMFc2lwaXQxKTAnBgNVBAsTIFNpcGl0IFRlc3QgQ2VydGlmaWNh
dGUgQXV0aG9yaXR5ggEAMA0GCSqGSIb3DQEBBQUAA4GBADCO35LJqgiK5OUR+DuT
N4CfUhsn9T5kDSf2rikna4ZFbuS7smc/oVu4g26HHjt6DKs4UEx9OmyXFslSENZ+
tFNeVClpHJrPsNwjk/uyjhfeW1NezhXMIi6q8DYcwE5I7r+Uz2XST+jWCTb4obPY
10ysI7e7/rgCoITe+qO2U35D
MAwGA1UEChMFc2lwaXQxKTAnBgNVBAsTIFNpcGl0IFRlc3QgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MB4XDTA3MDkxNzIwMDMzOVoXDTA5MDkxNjIwMDMzOVowNzE1MDMG
A1UEAxMsQz1GSSwgTD1IZWxzaW5raSwgTz1zb2ZpYS1zaXAsIENOPXRwb3J0IHRl
c3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALUlg4LStE/8WEjUny7Edpl1
M0HCdE9Tfu8bHfcbCBDhlSQfQkAl0NilfB8tkX8Uz8LnTTsmtz76tDEORNEQRVng
FSyg2ugryDxNKURCsdq5WyMUh1XFnu0TLAdD8z5/hqAn6+jo5gcoT92uxNsXYA79
6qctdS8WMGuaRPsUUbRBAgMBAAGjgfwwgfkwCQYDVR0TBAIwADAdBgNVHQ4EFgQU
12vA8bvBkE0q8hrFrvmE033MLq4wgZoGA1UdIwSBkjCBj4AUa0YXFOqUdiWAVG4T
VNqh41QUobahdKRyMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MREwDwYDVQQHEwhTYW4gSm9zZTEOMAwGA1UEChMFc2lwaXQxKTAnBgNVBAsTIFNp
cGl0IFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggEAMCMGA1UdEQQcMBqCGHRw
b3J0LXRlc3Quc29maWEtc2lwLm9yZzALBgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEF
BQADgYEAiJ2FvB4RUOieuiqy3m3SbVtVeUJ9cLbPMF/MGKMGhxgCm61GTteQHW6y
f7gg2UkDeFoWclzqJam677fy+1IzVhpna6611vNow71w344eFBzg4GRBPhzR+qNn
X5CcWPWME2olV64dngtFsECdYnW58gGVuXhPW2CYiZ8nPq1gu18=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCx0mf87omggLUjaJc5UktDKma32w0ea8HzjzndDH0pL7Go/dTa
eo0ycNBvLpmZOxEc0YArlC4a6BTXXChyZg0/T9NAVrMo0uE23SkwE5+kBX28bqkJ
KShw5uxSjZcVQs9MQH9LMZy8TUbV6bdebBF88DXvzL0vb6xU1PlW23kp8wIDAQAB
AoGAVtICT64vqBvvVPB2FVimwo5rRI1BJH88XSyq9dBpM7jDp1z3lgyL7/rA6ef4
uqXqPwXS7HQW5rA1rMikPuawxE5UG31OG3U0+H/OGl0xwAq57mEtRDR8464jSUPY
l9bzkRpjnEgdUtkLnogm8F4mALexdc3KxIgg3uo/OOg0N5ECQQDZon1JBNEYWxEF
GBNbEvQthPy7rRLmxontgcsfhRvm5lSbuC+VP1uRHibwwIrXOUZD8uuEVdVZNzfV
bGPdh70HAkEA0Ss6HyAWczRBzrvC8eVvPmkI9XihdLqUFLTDL0R1sMCISwW/FEeH
X9yFqOY+y6EJAitzhxtol+0k+UsIJl5ctQJAXU0L6QHnokloQobPxXuasukQcGUC
dW0oNGowapLmI1cbbqbHv3QqDUyf5Rambx5ewUKjNViW3miNxzFwnshSgQJAINuQ
gskwnaJM4CPgqM0o333yeVUcz9BraKFItAkmD8D+6AIcFRxzaJykpnac0LIYTy3y
NPwaPxtynnKp8hUKrQJBAM1i5051UzJVFuRedwtPdGDrfkNwoJm27fwWozSQcBC6
G5VnTrQ6V8VCJglNzVhy9b2WqlqfWV3D5BCgxyuH984=
MIICXQIBAAKBgQC1JYOC0rRP/FhI1J8uxHaZdTNBwnRPU37vGx33GwgQ4ZUkH0JA
JdDYpXwfLZF/FM/C5007Jrc++rQxDkTREEVZ4BUsoNroK8g8TSlEQrHauVsjFIdV
xZ7tEywHQ/M+f4agJ+vo6OYHKE/drsTbF2AO/eqnLXUvFjBrmkT7FFG0QQIDAQAB
AoGAU6lrv7QIyxhEvf5VNohOLjnO3oQsq6ZobY4cnM/DPeixtOkq8+2DM0vas5uc
IxE9k0q4hKUw5MltB2sLpXLaVAz3d9GjouKhMyzIv1UcHZli6OStSIVl458usfAy
SnJLvCP12fp4S4cSAc7Q+z5v83ztGHqPvl7GOXaiNL5BNfECQQDfo8ElGtBZtUKu
MPw/+07dPoMX4DHZ6Q9+4g3gfMoxkM+1RrFItDtkZx7W5aiWzcRrHlSB+2k/33Q1
XyxyDnaHAkEAz1uxknSlLn//WwD5kwqPVOscWoQMHWNPG34H4Ktx/8IQ3WZGaECh
g/09XViIM4t5l1xDLZaWymcXBNqdRTXo9wJBAJDzBSO0fmg2eJKIQ2aAzvvNIZCf
ChCP4zA8+fuPRknb7xQyToOt9XS89ZsZXSzpDy7SiLl6pxv0C9Dv79G5GA8CQQCi
L5oIb2vznvHgADc1J4FMbkjTE41WPyLU4hLPS8nyvZvrT9+qE0NBtYWVyXVeu6zz
EpsIwUxYK6H5jfSM+cmpAkBRoE3KPkKJzqMYW2jNNk1CrE9YbHPcdWxsqh8+86CG
oK1ABCIX/PA4t1i0KWi0gJ3DQFr+c77XOhtChE0P2kA0
-----END RSA PRIVATE KEY-----
#! /bin/sh
#
# Generate agent.pem
#
# Copyright (C) 2007 Nokia Corporation
#
# Author: Pekka Pessi
# Based on Mikko Haataja's perl script
#
CN='C=FI, L=Helsinki, O=sofia-sip, CN=tport test'
ALTNAME=DNS:tport-test.sofia-sip.org
#ALTNAME=URI:sips:tport-test.sofia-sip.org
DAYS=730
umask 077
T=${TMPDIR:-/tmp}/sofia-sip-certs-${USER}-$$-`date +%N`
CA=${T}/CA
mkdir $T || exit 1
mkdir $T/CA || exit 1
cat > $CA/cakey.pem <<EOF
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,4B47A0A73ADE342E
aHmlPa+ZrOV6v+Jk0SClxzpxoG3j0ZuyoVkF9rzq2bZkzVBKLU6xhWwjMDqwA8dH
3fCRLhMGIUVnmymXYhTW9svI1gpFxMBQHJcKpV/SmgFn/fbYk98Smo2izHOniIiu
NOu2zr+bMiaBphOAZ/OCtVUxUOoBDKN9lR39UCDOgkEQzp9Vbw7l736yu5H9GMHP
JtGLJyx3RhS3TvLfLAJZhjm/wZ/9QM8GjyJEiDhMQRJVeIZGvv4Yr1u6yYHiHfjX
tX2eds8Luc83HbSvjAyjnkLtJsAZ/8cFzrd7pjFzbogLdWuil+kpkkf5h1uzh7oa
um0M1EXBE4tcDHsfg1iqEsDMIei/U+/rWfk1PrzYlklwZp8S03vulkDm1fT76W7d
mRBg4+CrHA6qYn6EPWB37OBtfEqAfINnIcI1dWzso9A0bTPD4EJO0JA0PcZ/2JgT
PaKySgooHQ8AHNQebelch6M5LFExpaOADJKrqauKcc2HeUxXaYIpac5/7drIl3io
UloqUnMlGa3eLP7BZIMsZKCfHZ8oqwU4g6mmmJath2gODRDx3mfhH6yaimDL7v4i
SAIIkrEHXfSyovrTJymfSfQtYxUraVZDqax6oj/eGllRxliGfMLYG9ceU+yU/8FN
LE7P+Cs19H5tHHzx1LlieaK43u/XvbXHlB5mqL/fZdkUIBJsjbBVx0HR8eQl2CH9
YJDMOPLADecwHoyKA0AY59oN9d41oF7yZtN9KwNdslROYH7mNJlqMMenhXCLN+Nz
vVU5/7/ugZFhZqfS46c1WdmSvuqpDp7TBtMeaH/PXjysBr0iZffOxQ==
-----END RSA PRIVATE KEY-----
EOF
cat > $CA/cacert.pem <<EOF
-----BEGIN CERTIFICATE-----
MIIDJDCCAo2gAwIBAgIBADANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxDjAMBgNVBAoT
BXNpcGl0MSkwJwYDVQQLEyBTaXBpdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0
eTAeFw0wMzA3MTgxMjIxNTJaFw0xMzA3MTUxMjIxNTJaMHAxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEOMAwGA1UE
ChMFc2lwaXQxKTAnBgNVBAsTIFNpcGl0IFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9y
aXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDIh6DkcUDLDyK9BEUxkud
+nJ4xrCVGKfgjHm6XaSuHiEtnfELHM+9WymzkBNzZpJu30yzsxwfKoIKugdNUrD4
N3viCicwcN35LgP/KnbN34cavXHr4ZlqxH+OdKB3hQTpQa38A7YXdaoz6goW2ft5
Mi74z03GNKP/G9BoKOGd5QIDAQABo4HNMIHKMB0GA1UdDgQWBBRrRhcU6pR2JYBU
bhNU2qHjVBShtjCBmgYDVR0jBIGSMIGPgBRrRhcU6pR2JYBUbhNU2qHjVBShtqF0
pHIwcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcT
CFNhbiBKb3NlMQ4wDAYDVQQKEwVzaXBpdDEpMCcGA1UECxMgU2lwaXQgVGVzdCBD
ZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQUFAAOBgQCWbRvv1ZGTRXxbH8/EqkdSCzSoUPrs+rQqR0xdQac9wNY/nlZbkR3O
qAezG6Sfmklvf+DOg5RxQq/+Y6I03LRepc7KeVDpaplMFGnpfKsibETMipwzayNQ
QgUf4cKBiF+65Ue7hZuDJa2EMv8qW4twEhGDYclpFU9YozyS1OhvUg==
-----END CERTIFICATE-----
EOF
cat > $T/a.cnf <<EOF
[ req ]
default_bits = 1024
prompt = no
distinguished_name = req_dn
[ req_dn ]
commonName = $CN
[ ext ]
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
subjectAltName=$ALTNAME
#keyUsage=digitalSignature:TRUE,keyEncipherment:TRUE
EOF
cat $T/a.cnf
openssl req -new -out $T/a_req.pem -newkey rsa:1024 -keyout $T/a_key.pem \
-sha1 -config $T/a.cnf -days $DAYS -nodes
openssl x509 -req -in $T/a_req.pem -sha1 \
-extensions ext -extfile $T/a.cnf \
-CA $CA/cacert.pem -CAkey $CA/cakey.pem \
-passin pass:password \
-CAcreateserial \
-days $DAYS \
-out $T/a_cert.pem
cat $T/a_cert.pem $T/a_key.pem
rm $CA/* && rmdir $CA && rm $T/* && rmdir $T
#!/usr/bin/perl
use strict;
use Getopt::Long;
use File::Temp;
my $cn;
my @dns = ();
my $cafile = "root.pem";
my $prefix = "agent";
my $rand = "tls_seed.dat";
my $help = 0;
GetOptions('help' => \$help,
'cn=s' => \$cn,
'dns=s' => \@dns,
'ca=s' => \$cafile,
'prefix=s' => \$prefix,
'rand=s' => \$rand);
@dns = split(/,/,join(',',@dns));
if ($help || !$cn || !@dns) {
print "Usage: make_node_cert -cn <common name>\n".
" -dns <comma separated list of dns names>\n".
" [-ca cafile (default root.pem)]\n".
" [-prefix prefix (default agent)]\n".
" [-rand <random seed file>]\n";
exit 0;
}
$_ = "DNS:$_" for @dns;
my $dnsstring = join(',', @dns);
my ($fh, $filename) = File::Temp::tempfile(UNLINK => 1);
print $fh <<"EOF";
[ req ]
default_bits = 1024
prompt = no
distinguished_name = req_dn
[ req_dn ]
commonName = $cn
[ ext ]
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
subjectAltName=$dnsstring
keyUsage=digitalSignature:TRUE,keyEncipherment:TRUE
EOF
system("openssl req -newkey rsa -nodes -keyout ${prefix}key.pem -sha1 -out ${prefix}req.pem -config $filename -rand $rand");
system("openssl x509 -req -in ${prefix}req.pem -sha1 -extensions ext -CA $cafile -CAkey $cafile -out ${prefix}cert.pem -CAcreateserial -extfile $filename");
system("cat ${prefix}cert.pem ${prefix}key.pem >${prefix}.pem");
#!/usr/bin/perl
use strict;
use Getopt::Long;
use File::Temp;
my $cn;
my @dns = ();
my $prefix = "root";
my $rand = "tls_seed.dat";
my $help = 0;
GetOptions('help' => \$help,
'cn=s' => \$cn,
'dns=s' => \@dns,
'prefix=s' => \$prefix,
'rand=s' => \$rand);
@dns = split(/,/,join(',',@dns));
if ($help || !$cn || !@dns) {
print "Usage: make_root_cert -cn <common name>\n".
" -dns <comma separated list of dns names>\n".
" [-prefix <name prefix>]\n".
" [-rand <random seed file>\n]";
exit 0;
}
$_ = "DNS:$_" for @dns;
my $dnsstring = join(',', @dns);
my ($fh, $filename) = File::Temp::tempfile(UNLINK => 1);
print $fh <<"EOF";
[ req ]
default_bits = 1024
prompt = no
distinguished_name = req_dn
[ req_dn ]
commonName = $cn
[ ext ]
basicConstraints = CA:TRUE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
subjectAltName=$dnsstring
EOF
system("openssl req -newkey rsa -nodes -keyout ${prefix}key.pem -sha1 -out ${prefix}req.pem -config $filename -rand $rand");
system("openssl x509 -req -in ${prefix}req.pem -sha1 -extensions ext -signkey ${prefix}key.pem -out ${prefix}cert.pem -extfile $filename");
system("cat ${prefix}cert.pem ${prefix}key.pem >${prefix}.pem");
#!/bin/sh
basedir=`dirname $0`
mkdir -p test/server
mkdir -p test/client
./tport_rand tls_seed.dat
cp tls_seed.dat test/server
cp tls_seed.dat test/client
./make_root_cert.pl -cn test_root -dns test_root.sip.nokia.com
cp rootcert.pem test/client/cafile.pem
cp rootcert.pem test/server/cafile.pem
./make_node_cert.pl -cn test_client -dns test_client.sip.nokia.com
cp agent.pem test/client
./make_node_cert.pl -cn test_server -dns test_server.sip.nokia.com
cp agent.pem test/server
rm agent*.pem
rm root*.pem
rm tls_seed.dat
#!/bin/sh
echo Starting TLS Test Server
./tport_test_server &
sleep 1
./tport_test_client
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment