Skip to content

Commit

Permalink
Regenerate certificates with sensible lifetimes and add script
Browse files Browse the repository at this point in the history
  • Loading branch information
@jarhodes314
jarhodes314 committed Nov 15, 2023
1 parent e2e1bb1 commit 0153108
Show file tree
Hide file tree
Showing 19 changed files with 156 additions and 133 deletions.
54 changes: 29 additions & 25 deletions crates/common/axum_tls/src/files.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,27 +194,27 @@ mod tests {
}

fn copy_test_file_to(test_file: &str, path: impl AsRef<Path>) -> io::Result<u64> {
std::fs::copy(format!("./src/test_data/{test_file}"), path)
std::fs::copy(format!("./test_data/{test_file}"), path)
}
}

#[test]
fn load_pkey_fails_when_given_x509_certificate() {
assert_eq!(
load_pkey(Utf8Path::new("./src/test_data/ec.crt"))
load_pkey(Utf8Path::new("./test_data/ec.crt"))
.unwrap_err()
.to_string(),
"expected private key in \"./src/test_data/ec.crt\", found an X509 certificate"
"expected private key in \"./test_data/ec.crt\", found an X509 certificate"
);
}

#[test]
fn load_pkey_fails_when_given_certificate_revocation_list() {
assert_eq!(
load_pkey(Utf8Path::new("./src/test_data/demo.crl"))
load_pkey(Utf8Path::new("./test_data/demo.crl"))
.unwrap_err()
.to_string(),
"expected private key in \"./src/test_data/demo.crl\", found a CRL"
"expected private key in \"./test_data/demo.crl\", found a CRL"
);
}

Expand All @@ -223,56 +223,56 @@ mod tests {

#[tokio::test]
async fn alg_ed25519_pkcs8() {
let key = include_str!("test_data/ed25519.key");
let cert = include_str!("./test_data/ed25519.crt");
let key = test_data("ed25519.key");
let cert = test_data("ed25519.crt");

let (config, cert) = config_from_pem(key, cert).unwrap();
let (config, cert) = config_from_pem(&key, &cert).unwrap();

assert_matches!(parse_key_to_item(key), Item::PKCS8Key(_));
assert_matches!(parse_key_to_item(&key), Item::PKCS8Key(_));
assert_server_works_with(config, cert).await;
}

#[tokio::test]
async fn alg_ec() {
let key = include_str!("test_data/ec.key");
let cert = include_str!("./test_data/ec.crt");
let key = test_data("ec.key");
let cert = test_data("ec.crt");

let (config, cert) = config_from_pem(key, cert).unwrap();
let (config, cert) = config_from_pem(&key, &cert).unwrap();

assert_matches!(parse_key_to_item(key), Item::ECKey(_));
assert_matches!(parse_key_to_item(&key), Item::ECKey(_));
assert_server_works_with(config, cert).await;
}

#[tokio::test]
async fn alg_ec_pkcs8() {
let key = include_str!("test_data/ec.pkcs8.key");
let cert = include_str!("./test_data/ec.crt");
let key = test_data("ec.pkcs8.key");
let cert = test_data("ec.crt");

let (config, cert) = config_from_pem(key, cert).unwrap();
let (config, cert) = config_from_pem(&key, &cert).unwrap();

assert_matches!(parse_key_to_item(key), Item::PKCS8Key(_));
assert_matches!(parse_key_to_item(&key), Item::PKCS8Key(_));
assert_server_works_with(config, cert).await;
}

#[tokio::test]
async fn alg_rsa_pkcs8() {
let key = include_str!("./test_data/rsa.pkcs8.key");
let cert = include_str!("./test_data/rsa.crt");
let key = test_data("rsa.pkcs8.key");
let cert = test_data("rsa.crt");

let (config, cert) = config_from_pem(key, cert).unwrap();
let (config, cert) = config_from_pem(&key, &cert).unwrap();

assert_matches!(parse_key_to_item(key), Item::PKCS8Key(_));
assert_matches!(parse_key_to_item(&key), Item::PKCS8Key(_));
assert_server_works_with(config, cert).await;
}

#[tokio::test]
async fn alg_rsa_pkcs1() {
let key = include_str!("./test_data/rsa.pkcs1.key");
let cert = include_str!("./test_data/rsa.crt");
let key = test_data("rsa.pkcs1.key");
let cert = test_data("rsa.crt");

let (config, cert) = config_from_pem(key, cert).unwrap();
let (config, cert) = config_from_pem(&key, &cert).unwrap();

assert_matches!(parse_key_to_item(key), Item::RSAKey(_));
assert_matches!(parse_key_to_item(&key), Item::RSAKey(_));
assert_server_works_with(config, cert).await;
}

Expand All @@ -282,6 +282,10 @@ mod tests {
.unwrap()
}

fn test_data(file_name: &str) -> String {
std::fs::read_to_string(format!("./test_data/{file_name}")).with_context(|| format!("opening file {file_name} from test_data")).unwrap()
}

fn config_from_pem(
key: &str,
cert: &str,
Expand Down
11 changes: 0 additions & 11 deletions crates/common/axum_tls/src/test_data/ec.crt
View file

This file was deleted.

5 changes: 0 additions & 5 deletions crates/common/axum_tls/src/test_data/ec.key
View file

This file was deleted.

6 changes: 0 additions & 6 deletions crates/common/axum_tls/src/test_data/ec.pkcs8.key
View file

This file was deleted.

9 changes: 0 additions & 9 deletions crates/common/axum_tls/src/test_data/ed25519.crt
View file

This file was deleted.

3 changes: 0 additions & 3 deletions crates/common/axum_tls/src/test_data/ed25519.key
View file

This file was deleted.

19 changes: 0 additions & 19 deletions crates/common/axum_tls/src/test_data/rsa.crt
View file

This file was deleted.

27 changes: 0 additions & 27 deletions crates/common/axum_tls/src/test_data/rsa.pkcs1.key
View file

This file was deleted.

28 changes: 0 additions & 28 deletions crates/common/axum_tls/src/test_data/rsa.pkcs8.key
View file

This file was deleted.

19 changes: 19 additions & 0 deletions crates/common/axum_tls/test_data/_regenerate_certs.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#!/usr/bin/env bash

# This script generates the certificates required for the "unit"
# tests in axum_tls using openssl

days=365000
args=("-days" "$days" "-noenc" \
-subj "/CN=localhost" \
-addext "subjectAltName=DNS:localhost,DNS:*.localhost" \
-addext "basicConstraints=critical,CA:false")

set -eux

openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -keyout ec.pkcs8.key -out ec.crt "${args[@]}"
openssl req -x509 -newkey rsa -keyout rsa.pkcs8.key -out rsa.crt "${args[@]}"
openssl req -x509 -newkey ed25519 -keyout ed25519.key -out ed25519.crt "${args[@]}"

openssl ec -in ec.pkcs8.key -out ec.key
openssl pkey -in rsa.pkcs8.key -out rsa.pkcs1.key -traditional
0 ...es/common/axum_tls/src/test_data/demo.crl → crates/common/axum_tls/test_data/demo.crl
View file
File renamed without changes.
11 changes: 11 additions & 0 deletions crates/common/axum_tls/test_data/ec.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBnzCCAUWgAwIBAgIUSTUtJUfUdERMKBwsfdRv9IbvQicwCgYIKoZIzj0EAwIw
FDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIzMTExNDE2MDUwOVoYDzMwMjMwMzE3
MTYwNTA5WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjO
PQMBBwNCAAR2SVEPD34AAxFuk0xYm60p7hA7+1SW+sFHazBRg32ifFd0o2Mn+Tf+
voYflBi3v4lhr361RoWB8QfmaGN05vv+o3MwcTAdBgNVHQ4EFgQUAb4jQ7RQ/xyg
cZM+We8ik29/oxswHwYDVR0jBBgwFoAUAb4jQ7RQ/xygcZM+We8ik29/oxswIQYD
VR0RBBowGIIJbG9jYWxob3N0ggsqLmxvY2FsaG9zdDAMBgNVHRMBAf8EAjAAMAoG
CCqGSM49BAMCA0gAMEUCIA6QrxoDHQJqoly7d8VN0sj0eDvfFpbbZdSnzBd6R8AP
AiEAm/PAH3IPGuHRBIpdC0rNR8F/l3WcN9I9984qKZdG5rs=
-----END CERTIFICATE-----
5 changes: 5 additions & 0 deletions crates/common/axum_tls/test_data/ec.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIBX2Z/NKGEX14QbH4kb5GXom0pqSPfX0mxdWbLb86apEoAoGCCqGSM49
AwEHoUQDQgAEdklRDw9+AAMRbpNMWJutKe4QO/tUlvrBR2swUYN9onxXdKNjJ/k3
/r6GH5QYt7+JYa9+tUaFgfEH5mhjdOb7/g==
-----END EC PRIVATE KEY-----
5 changes: 5 additions & 0 deletions crates/common/axum_tls/test_data/ec.pkcs8.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgFfZn80oYRfXhBsfi
RvkZeibSmpI99fSbF1ZstvzpqkShRANCAAR2SVEPD34AAxFuk0xYm60p7hA7+1SW
+sFHazBRg32ifFd0o2Mn+Tf+voYflBi3v4lhr361RoWB8QfmaGN05vv+
-----END PRIVATE KEY-----
10 changes: 10 additions & 0 deletions crates/common/axum_tls/test_data/ed25519.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
-----BEGIN CERTIFICATE-----
MIIBXzCCARGgAwIBAgIUMTdemw1ehDhI74y1G3RVggvgS+kwBQYDK2VwMBQxEjAQ
BgNVBAMMCWxvY2FsaG9zdDAgFw0yMzExMTQxNjA1MTBaGA8zMDIzMDMxNzE2MDUx
MFowFDESMBAGA1UEAwwJbG9jYWxob3N0MCowBQYDK2VwAyEA/UW75ceWTm5/gUFx
s8E8V9hwunGiS3POOaOFRL1fsomjczBxMB0GA1UdDgQWBBT0bcj2U4AWeGQY6SNU
0VXdEcnjUDAfBgNVHSMEGDAWgBT0bcj2U4AWeGQY6SNU0VXdEcnjUDAhBgNVHREE
GjAYgglsb2NhbGhvc3SCCyoubG9jYWxob3N0MAwGA1UdEwEB/wQCMAAwBQYDK2Vw
A0EAw0W+9MuZ/yVpjgdBEYtDbgU41ESa4WwSwN9mLHcTtBrcFKhmHRe7zxoV50SB
hl/lsQ2UVNAAKA1xb5teTSN4AA==
-----END CERTIFICATE-----
3 changes: 3 additions & 0 deletions crates/common/axum_tls/test_data/ed25519.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIHk0JP05MzYNxrJz86L9EZfdP9Etbo0qpFWfWGsHMqJz
-----END PRIVATE KEY-----
19 changes: 19 additions & 0 deletions crates/common/axum_tls/test_data/rsa.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDKzCCAhOgAwIBAgIUYJV5nCxWPleHI2VvUR0N/PXW2AEwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTIzMTExNDE2MDUxMFoYDzMwMjMw
MzE3MTYwNTEwWjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCl4CGc5yQkcZ8zU5oeovsITD+J/oJiNQjsXAwNHZM4
3vy4rrRlVCAHULMAecKfNwuUocETZVgU/XPKrTXhuNO+v0GmIF/bbCBk8oLRpzFI
ywCgaOzybzUzeF//80neA3O2Tiplb/Y5NzK/ECvn0oZLqHrdBJcsFmskpbBn7Fep
MVz4g5b7bHNim3f5PKwODRrMLTSpqKkVNmYsBTGfdRnrRM3X0EBmt3f9Zm1Vk2uI
F9AamjvvIB1JbSR9HSGP3kJqKOQoeyWvwa001JqwK25DRGZiOQcMxkZOpE5j03IL
6lfDFwsmGOC7cFWaN3O6XO/GdtSMU0Rq1Kr+d43TVdxNAgMBAAGjczBxMB0GA1Ud
DgQWBBRNCvr3snQQYV1CeBoefp97nOcq+jAfBgNVHSMEGDAWgBRNCvr3snQQYV1C
eBoefp97nOcq+jAhBgNVHREEGjAYgglsb2NhbGhvc3SCCyoubG9jYWxob3N0MAwG
A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAB6mrO8ZbhKGR98m0NyzE2vK
PeQ8yasnUbLOf538afIlXNCEvKLQuQbYf2GlbT4fxWfimixf/iKkABYyTLGlTFMP
sM7+ZEhtALTO++S4eJJNF4+ZNE0WsBYQ5ZCv46AAYROipRYkUlVO6XGnggTBPeez
eQGImkni393b498P0qqH/PvFhwgH/T62N5kgKwhGcDuldYwmCqUYpvzWvFmUiC+x
BbrhE70ZSLsKQjglFT4Vx8bgqPQLRUgaku6SXBNcWhRf5vvED9PGBycZ3jOsLQc3
9q9piK+zSS/5AEwkTpljDg08n6AkfT8ODpHfa2XsoDf/qiVb7iTAMD+In+fIPy8=
-----END CERTIFICATE-----
27 changes: 27 additions & 0 deletions crates/common/axum_tls/test_data/rsa.pkcs1.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEApeAhnOckJHGfM1OaHqL7CEw/if6CYjUI7FwMDR2TON78uK60
ZVQgB1CzAHnCnzcLlKHBE2VYFP1zyq014bjTvr9BpiBf22wgZPKC0acxSMsAoGjs
8m81M3hf//NJ3gNztk4qZW/2OTcyvxAr59KGS6h63QSXLBZrJKWwZ+xXqTFc+IOW
+2xzYpt3+TysDg0azC00qaipFTZmLAUxn3UZ60TN19BAZrd3/WZtVZNriBfQGpo7
7yAdSW0kfR0hj95CaijkKHslr8GtNNSasCtuQ0RmYjkHDMZGTqROY9NyC+pXwxcL
Jhjgu3BVmjdzulzvxnbUjFNEatSq/neN01XcTQIDAQABAoIBAAULC9clWlVrdsuc
u44nr5fUBxDydDxwEpChY1/7bAhHpnLd/32VnQL2NgpzRK4TndLXNSXRNbp4NzyR
A83mmlnEeljPx4bhfb2lHAtQQfepJBdX3MHOVfoRT+NQ3lFjFPsm/+FXkeqfMq70
7TuplYec1+cokdIyyrij1oveUtgdK9CBXeOhdrTbGGQSvFKhijZnh+mRAe+N5hQ1
Cbuak5F8IoBKbA+BC6c8c/EWPv5tPpzTcCifG9nE7OIwbDmAYg73ljLbhtran/KC
5/K0JHuEL6JjtztfcMZUmWUdljTZVbHMLAXVVK2SUshfQE+FLdSh7/ygH8hAkEtB
8kOqbNECgYEA0VXhUMfPKfd3kxbbMgsEX0rgv31JM1Xm0q0MNHFk24ShpzrohPZT
TzO+n0Yp3kZUMiTg3RPNmPmjI87hXROnpv6CHazxm+Na9b7zzLsKbRNZU0FBBcmi
f1y9UO8Eg4HONBsxNwr4yZFW5REYTOTdpnXJ2mjPVhznk7YL583nvTECgYEAytog
pI1BxnYgs2vF+YbLMUg0Qh4lF+A7Zso0jTEbcyglsUB6iNdi1NTbNLuwOTaz3l/E
q2ZgTxv7IF5C8ifX8ALq3KcGsPog9/ebMTP505tlsZItsG2YBd/OtxYOmjzXsga5
Pwz6s5UasVCN4dQbs6pR6BDFR3ZNYWIrCfM52d0CgYANj/jXGPrtByFyICr3ZQtV
eS5yeZWCg/A+egOuaiJUrpUiloh2BNeE7B9PhmY0Bm5yCT2gVSYe4R2WtlKXiyxz
f03Cym+k3+gGv+Zfv0Z/pp9E65dg3p1ujv2c/r9WHdTUP2bC4C0aMhZlJORkJvfN
TxhS1DOKqri+My82R3raIQKBgQDAOq7+YOI5CQ56GKJ2kRcS76KeGWT7WEHSacId
HrEtkpkNfNXhwYJlwASu10HrJfyTudtstcqEjTaQeOMmCT3ns0wPp7R+l7oQYjNO
EDwqHDPlb2oeq+yJfIqvE5bo8MlSam634jvdXGn8KCMcI13RB5EwwlvBGcnAhD/W
4QgsfQKBgBHpjB1XubP4SbjWQe64zES2cjWMskbCe+lBgVXs5CC42w1VoX5m3BdP
akWTNbMQqo/lB+htUJKrLQqdFCKUVeXG7GAk7xo0zynKSP8HyJLjmGBNzB1CTg1j
UCUPiJtM1ymPwQ18y9GEREjISg2ZDm4WIxBMzFI4PrNplUp9Uc7W
-----END RSA PRIVATE KEY-----
28 changes: 28 additions & 0 deletions crates/common/axum_tls/test_data/rsa.pkcs8.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCl4CGc5yQkcZ8z
U5oeovsITD+J/oJiNQjsXAwNHZM43vy4rrRlVCAHULMAecKfNwuUocETZVgU/XPK
rTXhuNO+v0GmIF/bbCBk8oLRpzFIywCgaOzybzUzeF//80neA3O2Tiplb/Y5NzK/
ECvn0oZLqHrdBJcsFmskpbBn7FepMVz4g5b7bHNim3f5PKwODRrMLTSpqKkVNmYs
BTGfdRnrRM3X0EBmt3f9Zm1Vk2uIF9AamjvvIB1JbSR9HSGP3kJqKOQoeyWvwa00
1JqwK25DRGZiOQcMxkZOpE5j03IL6lfDFwsmGOC7cFWaN3O6XO/GdtSMU0Rq1Kr+
d43TVdxNAgMBAAECggEABQsL1yVaVWt2y5y7jievl9QHEPJ0PHASkKFjX/tsCEem
ct3/fZWdAvY2CnNErhOd0tc1JdE1ung3PJEDzeaaWcR6WM/HhuF9vaUcC1BB96kk
F1fcwc5V+hFP41DeUWMU+yb/4VeR6p8yrvTtO6mVh5zX5yiR0jLKuKPWi95S2B0r
0IFd46F2tNsYZBK8UqGKNmeH6ZEB743mFDUJu5qTkXwigEpsD4ELpzxz8RY+/m0+
nNNwKJ8b2cTs4jBsOYBiDveWMtuG2tqf8oLn8rQke4QvomO3O19wxlSZZR2WNNlV
scwsBdVUrZJSyF9AT4Ut1KHv/KAfyECQS0HyQ6ps0QKBgQDRVeFQx88p93eTFtsy
CwRfSuC/fUkzVebSrQw0cWTbhKGnOuiE9lNPM76fRineRlQyJODdE82Y+aMjzuFd
E6em/oIdrPGb41r1vvPMuwptE1lTQUEFyaJ/XL1Q7wSDgc40GzE3CvjJkVblERhM
5N2mdcnaaM9WHOeTtgvnzee9MQKBgQDK2iCkjUHGdiCza8X5hssxSDRCHiUX4Dtm
yjSNMRtzKCWxQHqI12LU1Ns0u7A5NrPeX8SrZmBPG/sgXkLyJ9fwAurcpwaw+iD3
95sxM/nTm2Wxki2wbZgF3863Fg6aPNeyBrk/DPqzlRqxUI3h1BuzqlHoEMVHdk1h
YisJ8znZ3QKBgA2P+NcY+u0HIXIgKvdlC1V5LnJ5lYKD8D56A65qIlSulSKWiHYE
14TsH0+GZjQGbnIJPaBVJh7hHZa2UpeLLHN/TcLKb6Tf6Aa/5l+/Rn+mn0Trl2De
nW6O/Zz+v1Yd1NQ/ZsLgLRoyFmUk5GQm981PGFLUM4qquL4zLzZHetohAoGBAMA6
rv5g4jkJDnoYonaRFxLvop4ZZPtYQdJpwh0esS2SmQ181eHBgmXABK7XQesl/JO5
22y1yoSNNpB44yYJPeezTA+ntH6XuhBiM04QPCocM+Vvah6r7Il8iq8TlujwyVJq
brfiO91cafwoIxwjXdEHkTDCW8EZycCEP9bhCCx9AoGAEemMHVe5s/hJuNZB7rjM
RLZyNYyyRsJ76UGBVezkILjbDVWhfmbcF09qRZM1sxCqj+UH6G1QkqstCp0UIpRV
5cbsYCTvGjTPKcpI/wfIkuOYYE3MHUJODWNQJQ+Im0zXKY/BDXzL0YRESMhKDZkO
bhYjEEzMUjg+s2mVSn1RztY=
-----END PRIVATE KEY-----

0 comments on commit 0153108

Please sign in to comment.