diff options
author | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2017-02-27 18:50:59 +0900 |
---|---|---|
committer | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2017-03-10 17:17:28 +0900 |
commit | dacaaa5fc0750fd41e9f4547d048b40bf28b7829 (patch) | |
tree | e815517db942717dbf7731a924cb5f355ef6c7a4 /test/fixtures/0-dns | |
parent | b98004b79cc5c55922ecd03a4128ba0dfdd07f48 (diff) | |
download | android-node-v8-dacaaa5fc0750fd41e9f4547d048b40bf28b7829.tar.gz android-node-v8-dacaaa5fc0750fd41e9f4547d048b40bf28b7829.tar.bz2 android-node-v8-dacaaa5fc0750fd41e9f4547d048b40bf28b7829.zip |
test: add script to create 0-dns-cert.pem
0-dns-cert.pem and 0-dns-key.pem were stored in `test/fixtures/key`
directory, but the cert file cannot be created with the openssl
command via Makefile.
Added a script to create it with using `asn1.js` and
`asn1.js-rfc5280` and moved them out of key directory and put into
`test/fixtures/0-dns`.
The domains listed in the cert were also changed into example.com and
example.org to show the use for only testing.
Fixes: https://github.com/nodejs/node/issues/10228
PR-URL: https://github.com/nodejs/node/pull/11579
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Diffstat (limited to 'test/fixtures/0-dns')
-rw-r--r-- | test/fixtures/0-dns/0-dns-cert.pem | 19 | ||||
-rw-r--r-- | test/fixtures/0-dns/0-dns-key.pem | 27 | ||||
-rw-r--r-- | test/fixtures/0-dns/0-dns-rsapub.der | bin | 0 -> 270 bytes | |||
-rw-r--r-- | test/fixtures/0-dns/README.md | 26 | ||||
-rw-r--r-- | test/fixtures/0-dns/create-cert.js | 75 | ||||
-rw-r--r-- | test/fixtures/0-dns/package.json | 16 |
6 files changed, 163 insertions, 0 deletions
diff --git a/test/fixtures/0-dns/0-dns-cert.pem b/test/fixtures/0-dns/0-dns-cert.pem new file mode 100644 index 0000000000..03a4db3e2d --- /dev/null +++ b/test/fixtures/0-dns/0-dns-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGDCCAgCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5jYS5l +eGFtcGxlLmNvbTAeFw0xNzAzMDIwMTMxMjJaFw0yNzAyMjgwMTMxMjJaMBsxGTAX +BgNVBAMTEGV2aWwuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDFyJT0kv2P9L6iNY6TL7IZonAR8R9ev7iD1tR5ycMEpM/y6WTefIco +civMcBGVZWtCgkoePHiveH9UIep7HFGB4gxCYDZFYB46yGS0YH2fB5GWXTLYObYa +zxuEhgFRG0DLIwNDRLW0+0FG3disp7YdRHBtdbL58F/qNORqPEjIpoQxOJc2UqX2 +/gfomJRdFW/PSgN7uH2QwMzRQRIrKmyAFzeuEWVP+UAV4853Yg66PmYpAASyt069 +sE8QNTNE75KrerMmYzH7AmTEGvY8bukrDuVQZce2/lcK2rAE+G6at2eBNMZKOnzR +y9kWIiJ3rR7+WK55EKelLz0doZFKteu1AgMBAAGjaTBnMGUGA1UdEQReMFyCImdv +b2QuZXhhbXBsZS5vcmcALmV2aWwuZXhhbXBsZS5jb22CGGp1c3QtYW5vdGhlci5l +eGFtcGxlLmNvbYcECAgICIcECAgEBIIQbGFzdC5leGFtcGxlLmNvbTANBgkqhkiG +9w0BAQsFAAOCAQEAvreVoOZO2gpM4Dmzp70D30XZjsK9i0BCsRHBvPLPw3y8B2xg +BRtOREOI69NU0WGpj5Lbqww5M8M1hjHshiGEu2aXfZ6qM3lENaIMCpKlF9jbm02/ +wmxNaAnS8bDSZyO5rbsGr2tJb4ds7DazmMEKWhOBEpJoOp9rG6SAey+a6MkZ7NEN +0p3THCqNf3lL1KblPrMvdsyhHPEzv4uT7+YAnLKHwGzbihcWJRsRo5oipWL8ZDhn +bd3SMWtfRTSWDmghJaHke2xIjDtTwSjHjjPTFsK+rl227W8r4/EQI/X6fTQV2j3T +7zqrJLF9h9F/v3mo57k6sxsQNZ12XvhuTHC2dA== +-----END CERTIFICATE----- diff --git a/test/fixtures/0-dns/0-dns-key.pem b/test/fixtures/0-dns/0-dns-key.pem new file mode 100644 index 0000000000..4e2fdb5fc6 --- /dev/null +++ b/test/fixtures/0-dns/0-dns-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAxciU9JL9j/S+ojWOky+yGaJwEfEfXr+4g9bUecnDBKTP8ulk +3nyHKHIrzHARlWVrQoJKHjx4r3h/VCHqexxRgeIMQmA2RWAeOshktGB9nweRll0y +2Dm2Gs8bhIYBURtAyyMDQ0S1tPtBRt3YrKe2HURwbXWy+fBf6jTkajxIyKaEMTiX +NlKl9v4H6JiUXRVvz0oDe7h9kMDM0UESKypsgBc3rhFlT/lAFePOd2IOuj5mKQAE +srdOvbBPEDUzRO+Sq3qzJmMx+wJkxBr2PG7pKw7lUGXHtv5XCtqwBPhumrdngTTG +Sjp80cvZFiIid60e/liueRCnpS89HaGRSrXrtQIDAQABAoIBABcGA3j5B3VTi0F8 +tI0jtzrOsvcTt5AjB0qpnnBS8VXADcj8LFbN7jniGIEi5pkahkLmwdQFPBNJFqFn +lVEheceB1eWAJ7EpwDsdisOIm/cAPY1gagPLrAww4cYqh0q2vnMnL0EMZY6c1Pt3 +5borh8KebewAEIaR2ch8wb4wKFTbAM0DftYBFzHAF88OeCuIpdsk2Tz0sVQbA3/1 +XNLOVcJvDOVIRPEpo2l7RIN33KvDhzpMoV3qVzWxqdccPRZZFU5KmJ6DtouIPT3S +3WauIL5oVpAyYNJETTyxjBQE4DgFeNX1Wyycgk27EoLcn6Trcs0kNVrmXXblNAtJ +Nko6g10CgYEA+TjzNjyAXPrOpY88uiPVMAgepEQOnDYtMwasdDVaW3xK9KH1rrhU +dx1IDTMmOUfyU2qsj5txmJtReQz//1bpd7e73VO8mHQDUubhs2TivgGs+fqzAdmT +vJsjerfNsxf+4JENzzWmqT/Ybc976Tu55VH5mcRG9Q66fTxdAJ51+8MCgYEAyymF +gntRMBd9e/KIiqlvcxelo0ahyKEzaJC7/FkZotuSB+kAwpdJ5Unb0FeVQZxNhDPg +xgsrGOOOvHvfhv7DPU0TQ/vp6VDPdg+N6m/Ow2vr79A2v6s+7gZj3MLiLRFyEF6l +bxQNGe3qavnm3owUQQCY2RLBKYCFfv/cykYlGycCgYB6etKMRQ+QonIMS2i80f9j +q5njgM7tVnLAMPdv5QiTDXKI50+mnlBkea9/TTPr0r/03ugPa4VYSnyv0QO+qSfz +/ggFrbFx+xHnHDCvyVTlrE0mTV7L+fHxLw0wskQVUCWil6cBvow5gXcMAHwVE5U4 +biEMwLlele5wvcm3FClHoQKBgACV/RGUQ3atCqqZ13T26iBd2Bdxc7P9awWJLVGb +/CvxECm/rUXiY88qeFzQc9i9l6ei8qn/jD9FILtAbDOadnutxjly94i5t+9yOgmM +Cv+bRxHo+s9wsfzDvfP8B+TzYO3VKAr69tK1UfC/CcBojQJm+wndOPtiqH/mQv++ +VgsPAoGBAJ0aNJe3zb+blvAQ3W4iPSjhyxdMC00x46pr6ds+Y8WygbN6lzCvNDw6 +FFTINBckOs5Z/UWUNbExWYjBHZhLlhhxTezCzvIrwNvgUB8Y4sPk3S4KDsnkyy6f +/qMmEHlVyKjh2BCNs7PVnWDlfl3vECE7n8dBizFHgja76l1ia+0z +-----END RSA PRIVATE KEY----- diff --git a/test/fixtures/0-dns/0-dns-rsapub.der b/test/fixtures/0-dns/0-dns-rsapub.der Binary files differnew file mode 100644 index 0000000000..263a4b8293 --- /dev/null +++ b/test/fixtures/0-dns/0-dns-rsapub.der diff --git a/test/fixtures/0-dns/README.md b/test/fixtures/0-dns/README.md new file mode 100644 index 0000000000..650970a2c5 --- /dev/null +++ b/test/fixtures/0-dns/README.md @@ -0,0 +1,26 @@ +## Purpose +The test cert file for use `test/parallel/test-tls-0-dns-altname.js` +can be created by using `asn1.js` and `asn1.js-rfc5280`, + +## How to create a test cert. + +```sh +$ openssl genrsa -out 0-dns-key.pem 2048 +Generating RSA private key, 2048 bit long modulus +...................+++ +..............................................................................................+++ +e is 65537 (0x10001) +$ openssl rsa -in 0-dns-key.pem -RSAPublicKey_out -outform der -out 0-dns-rsapub.der +writing RSA key +$ npm install +0-dns@1.0.0 /home/github/node/test/fixtures/0-dns ++-- asn1.js@4.9.1 +| +-- bn.js@4.11.6 +| +-- inherits@2.0.3 +| `-- minimalistic-assert@1.0.0 +`-- asn1.js-rfc5280@1.2.2 + +$ node ./createCert.js +$ openssl x509 -text -in 0-dns-cert.pem +(You can not see evil.example.com in subjectAltName field) +``` diff --git a/test/fixtures/0-dns/create-cert.js b/test/fixtures/0-dns/create-cert.js new file mode 100644 index 0000000000..7a353906e4 --- /dev/null +++ b/test/fixtures/0-dns/create-cert.js @@ -0,0 +1,75 @@ +'use strict'; +const asn1 = require('asn1.js'); +const crypto = require('crypto'); +const fs = require('fs'); +const rfc5280 = require('asn1.js-rfc5280'); +const BN = asn1.bignum; + +const id_at_commonName = [ 2, 5, 4, 3 ]; +const rsaEncryption = [1, 2, 840, 113549, 1, 1, 1]; +const sha256WithRSAEncryption = [1, 2, 840, 113549, 1, 1, 11]; +const sigalg = 'RSA-SHA256'; + +const private_key = fs.readFileSync('./0-dns-key.pem'); +// public key file can be generated from the private key with +// openssl rsa -in 0-dns-key.pem -RSAPublicKey_out -outform der +// -out 0-dns-rsapub.der +const public_key = fs.readFileSync('./0-dns-rsapub.der'); + +const now = Date.now(); +const days = 3650; + +const Null_ = asn1.define('Null_', function() { + this.null_(); +}); +const null_ = Null_.encode('der'); + +const PrintStr = asn1.define('PrintStr', function() { + this.printstr(); +}); +const issuer = PrintStr.encode('ca.example.com', 'der'); +const subject = PrintStr.encode('evil.example.com', 'der'); + +const tbs = { + version: 'v3', + serialNumber: new BN('01', 16), + signature: { algorithm: sha256WithRSAEncryption, parameters: null_}, + issuer: { type: 'rdnSequence', + value: [ [{type: id_at_commonName, value: issuer}] ] }, + validity: + { notBefore: { type: 'utcTime', value: now }, + notAfter: { type: 'utcTime', value: now + days * 86400000} }, + subject: { type: 'rdnSequence', + value: [ [{type: id_at_commonName, value: subject}] ] }, + subjectPublicKeyInfo: + { algorithm: { algorithm: rsaEncryption, parameters: null_}, + subjectPublicKey: { unused: 0, data: public_key} }, + extensions: + [ { extnID: 'subjectAlternativeName', + critical: false, + // subjectAltName which contains '\0' character to check CVE-2009-2408 + extnValue: [ + { type: 'dNSName', value: 'good.example.org\u0000.evil.example.com' }, + { type: 'dNSName', value: 'just-another.example.com' }, + { type: 'iPAddress', value: Buffer.from('08080808', 'hex') }, + { type: 'iPAddress', value: Buffer.from('08080404', 'hex') }, + { type: 'dNSName', value: 'last.example.com' } ] } + ] +}; + +const tbs_der = rfc5280.TBSCertificate.encode(tbs, 'der'); + +const sign = crypto.createSign(sigalg); +sign.update(tbs_der); +const signature = sign.sign(private_key); + +const cert = { + tbsCertificate: tbs, + signatureAlgorithm: { algorithm: sha256WithRSAEncryption, parameters: null_ }, + signature: + { unused: 0, + data: signature } +}; +const pem = rfc5280.Certificate.encode(cert, 'pem', {label: 'CERTIFICATE'}); + +fs.writeFileSync('./0-dns-cert.pem', pem + '\n'); diff --git a/test/fixtures/0-dns/package.json b/test/fixtures/0-dns/package.json new file mode 100644 index 0000000000..667600c7d0 --- /dev/null +++ b/test/fixtures/0-dns/package.json @@ -0,0 +1,16 @@ +{ + "name": "0-dns", + "version": "1.0.0", + "description": "create certificate for 0-dns test", + "main": "createCert.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "author": "", + "license": "SEE LICENSE IN ../../../LICENSE", + "private": true, + "dependencies": { + "asn1.js": "^4.9.1", + "asn1.js-rfc5280": "^1.2.2" + } +} |