diff options
Diffstat (limited to 'src/tests/test_CA')
24 files changed, 2884 insertions, 0 deletions
diff --git a/src/tests/test_CA/Makefile.am b/src/tests/test_CA/Makefile.am new file mode 100644 index 0000000..a7ef508 --- /dev/null +++ b/src/tests/test_CA/Makefile.am @@ -0,0 +1,231 @@ +dist_noinst_DATA = \ + SSSD_test_CA.config \ + SSSD_test_CA_key.pem \ + SSSD_test_cert_0001.config \ + SSSD_test_cert_0002.config \ + SSSD_test_cert_0003.config \ + SSSD_test_cert_0004.config \ + SSSD_test_cert_0005.config \ + SSSD_test_cert_0006.config \ + SSSD_test_cert_0007.config \ + SSSD_test_cert_key_0001.pem \ + SSSD_test_cert_key_0002.pem \ + SSSD_test_cert_key_0003.pem \ + SSSD_test_cert_key_0004.pem \ + SSSD_test_cert_key_0005.pem \ + SSSD_test_cert_key_0007.pem \ + $(NULL) + +openssl_ca_config = $(srcdir)/SSSD_test_CA.config +openssl_ca_key = $(srcdir)/SSSD_test_CA_key.pem +pwdfile = pwdfile + +configs := $(notdir $(wildcard $(srcdir)/SSSD_test_cert_*.config)) +ids := $(subst SSSD_test_cert_,,$(basename $(configs))) +certs = $(addprefix SSSD_test_cert_x509_,$(addsuffix .pem,$(ids))) +certs_h = $(addprefix SSSD_test_cert_x509_,$(addsuffix .h,$(ids))) +pubkeys = $(addprefix SSSD_test_cert_pubsshkey_,$(addsuffix .pub,$(ids))) +pubkeys_h = $(addprefix SSSD_test_cert_pubsshkey_,$(addsuffix .h,$(ids))) +pkcs12 = $(addprefix SSSD_test_cert_pkcs12_,$(addsuffix .pem,$(ids))) + + +extra = softhsm2_none softhsm2_one softhsm2_two softhsm2_2tokens softhsm2_ocsp softhsm2_2certs_same_id softhsm2_pss_one SSSD_test_cert_x509_0001.der SSSD_test_cert_x509_0007.der +extra += SSSD_test_CA_crl.pem +if HAVE_FAKETIME +extra += SSSD_test_CA_expired_crl.pem +endif + +# If openssl is run in parallel there might be conflicts with the serial +.NOTPARALLEL: + +ca_all: clean serial SSSD_test_CA.pem SSSD_test_CA_crl.pem $(certs) $(certs_h) $(pubkeys) $(pubkeys_h) $(pkcs12) $(extra) + +$(pwdfile): + @echo "123456" > $@ + +SSSD_test_CA.pem: $(openssl_ca_key) $(openssl_ca_config) serial + $(OPENSSL) req -batch -config ${openssl_ca_config} -x509 -new -nodes -key $< -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out $@ + +# SSSD_test_cert_0006 should use the same key as SSSD_test_cert_0001 +.INTERMEDIATE: SSSD_test_cert_req_0006.pem +SSSD_test_cert_req_0006.pem: $(srcdir)/SSSD_test_cert_key_0001.pem $(srcdir)/SSSD_test_cert_0006.config + if [ $(shell grep -c req_exts $(srcdir)/SSSD_test_cert_0006.config) -eq 0 ]; then \ + $(OPENSSL) req -new -nodes -key $< -config $(srcdir)/SSSD_test_cert_0006.config -out $@ ; \ + else \ + $(OPENSSL) req -new -nodes -key $< -reqexts req_exts -config $(srcdir)/SSSD_test_cert_0006.config -out $@ ; \ + fi + +# SSSD_test_cert_0007 should produce a rsassapss signed cert with nondefault settings as seen by some 3rd party CA:s +.INTERMEDIATE: SSSD_test_cert_req_0007.pem +SSSD_test_cert_req_0007.pem: $(srcdir)/SSSD_test_cert_key_0007.pem $(srcdir)/SSSD_test_cert_0007.config + if [ $(shell grep -c req_exts $(srcdir)/SSSD_test_cert_0007.config) -eq 0 ]; then \ + $(OPENSSL) req -new -key $< -config $(srcdir)/SSSD_test_cert_0007.config -sigopt rsa_padding_mode\:pss -sha256 -sigopt rsa_pss_saltlen\:20 -out $@ ; \ + else \ + $(OPENSSL) req -new -key $< -reqexts req_exts -config $(srcdir)/SSSD_test_cert_0007.config -sigopt rsa_padding_mode\:pss -sha256 -sigopt rsa_pss_saltlen\:20 -out $@ ; \ + fi + +SSSD_test_cert_req_%.pem: $(srcdir)/SSSD_test_cert_key_%.pem $(srcdir)/SSSD_test_cert_%.config + if [ $(shell grep -c req_exts $(srcdir)/SSSD_test_cert_$*.config) -eq 0 ]; then \ + $(OPENSSL) req -new -nodes -key $< -config $(srcdir)/SSSD_test_cert_$*.config -out $@ ; \ + else \ + $(OPENSSL) req -new -nodes -key $< -reqexts req_exts -config $(srcdir)/SSSD_test_cert_$*.config -out $@ ; \ + fi + +SSSD_test_cert_x509_%.pem: SSSD_test_cert_req_%.pem $(openssl_ca_config) SSSD_test_CA.pem + $(OPENSSL) ca -config ${openssl_ca_config} -batch -notext -keyfile $(openssl_ca_key) -in $< -days 200 -extensions usr_cert -out $@ + +SSSD_test_cert_pkcs12_0006.pem: SSSD_test_cert_x509_0006.pem $(srcdir)/SSSD_test_cert_key_0001.pem $(pwdfile) + $(OPENSSL) pkcs12 -export -in SSSD_test_cert_x509_0006.pem -inkey $(srcdir)/SSSD_test_cert_key_0001.pem -nodes -passout file:$(pwdfile) -out $@ + +SSSD_test_cert_x509_0007.pem: SSSD_test_cert_req_0007.pem $(openssl_ca_config) SSSD_test_CA.pem + $(OPENSSL) ca -config ${openssl_ca_config} -batch -notext -keyfile $(openssl_ca_key) -in $< -sigopt rsa_padding_mode\:pss -sigopt rsa_pss_saltlen\:20 -days 200 -extensions usr_cert -out $@ + +SSSD_test_cert_pkcs12_%.pem: SSSD_test_cert_x509_%.pem $(srcdir)/SSSD_test_cert_key_%.pem $(pwdfile) + $(OPENSSL) pkcs12 -export -in SSSD_test_cert_x509_$*.pem -inkey $(srcdir)/SSSD_test_cert_key_$*.pem -nodes -passout file:$(pwdfile) -out $@ + +SSSD_test_cert_pubkey_%.pem: SSSD_test_cert_x509_%.pem + $(OPENSSL) x509 -in $< -pubkey -noout > $@ + +SSSD_test_cert_pubsshkey_%.pub: SSSD_test_cert_pubkey_%.pem + $(SSH_KEYGEN) -i -m PKCS8 -f $< > $@ + +SSSD_test_cert_x509_%.h: SSSD_test_cert_x509_%.pem + @echo "#define SSSD_TEST_CERT_$* \""$(shell cat $< |openssl x509 -outform der | base64 -w 0)"\"" > $@ + @echo "#define SSSD_TEST_CERT_SERIAL_$* \"\\x"$(shell cat $< |openssl x509 -noout -serial | cut -d= -f2)"\"" >> $@ + @echo "#define SSSD_TEST_CERT_DEC_SERIAL_$* \""$(shell echo ibase=16\; $(shell cat $< |openssl x509 -noout -serial | cut -d= -f2) | bc)"\"" >> $@ + +SSSD_test_cert_pubsshkey_%.h: SSSD_test_cert_pubsshkey_%.pub + @echo "#define SSSD_TEST_CERT_SSH_KEY_$* \""$(shell cut -d' ' -f2 $<)"\"" > $@ + +SSSD_test_CA_expired_crl.pem: + $(FAKETIME) -f '-7d' $(OPENSSL) ca -gencrl -out $@ -keyfile $(openssl_ca_key) -config ${openssl_ca_config} -crlhours 1 + +SSSD_test_CA_crl.pem: $(openssl_ca_key) SSSD_test_CA.pem + $(OPENSSL) ca -gencrl -out $@ -keyfile $(openssl_ca_key) -config $(openssl_ca_config) -crldays 99999 + +# The softhsm2 PKCS#11 setups are used in +# - src/tests/cmocka/test_pam_srv.c +softhsm2_none: softhsm2_none.conf + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + +softhsm2_none.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_none" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +softhsm2_one: softhsm2_one.conf softhsm2_mech_rsa_pkcs.conf softhsm2_mech_rsa_sha384_pkcs.conf + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0001.pem --login --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0001.pem --login --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' + +softhsm2_one.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_one" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +softhsm2_mech_rsa_pkcs.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_one" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + @echo "slots.mechanisms = CKM_RSA_PKCS" >> $@ + +softhsm2_mech_rsa_sha384_pkcs.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_one" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + @echo "slots.mechanisms = CKM_SHA384_RSA_PKCS" >> $@ + +#Export cert from softhsm2 via p11tool, should produce the same as openssl +SSSD_test_cert_x509_0001.der: softhsm2_one.conf + $(eval ID_VAR = $(shell GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --info|cut -d' ' -f2|grep ^pkcs11)) + @echo ID_VAR=$(ID_VAR) GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) '$(ID_VAR)' --export --outder --outfile $@ + +SSSD_test_cert_x509_0007.der: softhsm2_pss_one.conf + $(eval ID_VAR = $(shell GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --info|cut -d' ' -f2|grep ^pkcs11)) + @echo ID_VAR=$(ID_VAR) GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) '$(ID_VAR)' --export --outder --outfile $@ + +softhsm2_two: softhsm2_two.conf + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0002.pem --login --label 'SSSD test cert 0002' --id '5405842D56CF31F0BB025A695C5F3E907051C5B9' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0002.pem --login --label 'SSSD test cert 0002' --id '5405842D56CF31F0BB025A695C5F3E907051C5B9' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0001.pem --login --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0001.pem --login --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' + +softhsm2_two.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_two" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +softhsm2_2tokens: softhsm2_2tokens.conf + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0001.pem --login --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' pkcs11:token=SSSD%20Test%20Token + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0001.pem --login --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' pkcs11:token=SSSD%20Test%20Token + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token Number 2" --pin 654321 --so-pin 654321 --free + GNUTLS_PIN=654321 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0002.pem --login --label 'SSSD test cert 0002' --id '5405842D56CF31F0BB025A695C5F3E907051C5B9' pkcs11:token=SSSD%20Test%20Token%20Number%202 + GNUTLS_PIN=654321 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0002.pem --login --label 'SSSD test cert 0002' --id '5405842D56CF31F0BB025A695C5F3E907051C5B9' pkcs11:token=SSSD%20Test%20Token%20Number%202 + +softhsm2_2tokens.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_2tokens" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +softhsm2_ocsp: softhsm2_ocsp.conf SSSD_test_cert_x509_0005.pem + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0005.pem --login --label 'SSSD test cert 0005' --id '1195833C424AB00297F582FC43FFFFAB47A64CC9' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0005.pem --login --label 'SSSD test cert 0005' --id '1195833C424AB00297F582FC43FFFFAB47A64CC9' + +softhsm2_ocsp.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_ocsp" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +softhsm2_2certs_same_id: softhsm2_2certs_same_id.conf SSSD_test_cert_x509_0001.pem SSSD_test_cert_x509_0006.pem + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0006.pem --login --label 'SSSD test cert 0006' --id '11111111' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0001.pem --login --label 'SSSD test cert 0001' --id '11111111' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0001.pem --login --label 'SSSD test cert 0001' --id '11111111' + +softhsm2_2certs_same_id.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_2certs_same_id" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +softhsm2_pss_one: softhsm2_pss_one.conf + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0007.pem --login --label 'SSSD test cert 0007' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0007.pem --login --label 'SSSD test cert 0007' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' + +softhsm2_pss_one.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_pss_one" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +CLEANFILES = \ + index.txt index.txt.attr \ + index.txt.attr.old index.txt.old \ + serial serial.old \ + SSSD_test_CA.pem $(pwdfile) SSSD_test_CA_expired_crl.pem \ + SSSD_test_CA_crl.pem \ + $(certs) $(certs_h) $(pubkeys) $(pubkeys_h) $(pkcs12) \ + softhsm2_*.conf \ + SSSD_test_*.der \ + $(NULL) + +clean-local: + rm -rf newcerts + rm -rf softhsm* + +serial: + touch index.txt + touch index.txt.attr + mkdir newcerts + echo -n 01 > serial + +SUBDIRS = intermediate_CA diff --git a/src/tests/test_CA/Makefile.in b/src/tests/test_CA/Makefile.in new file mode 100644 index 0000000..70ce67a --- /dev/null +++ b/src/tests/test_CA/Makefile.in @@ -0,0 +1,1123 @@ +# Makefile.in generated by automake 1.16.5 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2021 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@HAVE_FAKETIME_TRUE@am__append_1 = SSSD_test_CA_expired_crl.pem +subdir = src/tests/test_CA +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/version.m4 $(top_srcdir)/src/build_macros.m4 \ + $(top_srcdir)/src/external/platform.m4 \ + $(top_srcdir)/src/conf_macros.m4 \ + $(top_srcdir)/src/external/pkg.m4 \ + $(top_srcdir)/src/external/libpopt.m4 \ + $(top_srcdir)/src/external/libtalloc.m4 \ + $(top_srcdir)/src/external/libtdb.m4 \ + $(top_srcdir)/src/external/libtevent.m4 \ + $(top_srcdir)/src/external/libldb.m4 \ + $(top_srcdir)/src/external/libdhash.m4 \ + $(top_srcdir)/src/external/libini_config.m4 \ + $(top_srcdir)/src/external/libgssapi_krb5.m4 \ + $(top_srcdir)/src/external/pam.m4 \ + $(top_srcdir)/src/external/ldap.m4 \ + $(top_srcdir)/src/external/libpcre.m4 \ + $(top_srcdir)/src/external/krb5.m4 \ + $(top_srcdir)/src/external/libcares.m4 \ + $(top_srcdir)/src/external/libcmocka.m4 \ + $(top_srcdir)/src/external/docbook.m4 \ + $(top_srcdir)/src/external/sizes.m4 \ + $(top_srcdir)/src/external/python.m4 \ + $(top_srcdir)/src/external/selinux.m4 \ + $(top_srcdir)/src/external/crypto.m4 \ + $(top_srcdir)/src/external/nsupdate.m4 \ + $(top_srcdir)/src/external/libkeyutils.m4 \ + $(top_srcdir)/src/external/libkrad.m4 \ + $(top_srcdir)/src/external/libnl.m4 \ + $(top_srcdir)/src/external/systemd.m4 \ + $(top_srcdir)/src/external/pac_responder.m4 \ + $(top_srcdir)/src/external/cifsidmap.m4 \ + $(top_srcdir)/src/external/signal.m4 \ + $(top_srcdir)/src/external/inotify.m4 \ + $(top_srcdir)/src/external/samba.m4 \ + $(top_srcdir)/src/external/sasl.m4 \ + $(top_srcdir)/src/external/libnfsidmap.m4 \ + $(top_srcdir)/src/external/cwrap.m4 \ + $(top_srcdir)/src/external/libresolv.m4 \ + $(top_srcdir)/src/external/intgcheck.m4 \ + $(top_srcdir)/src/external/systemtap.m4 \ + $(top_srcdir)/src/external/service.m4 \ + $(top_srcdir)/src/external/test_ca.m4 \ + $(top_srcdir)/src/external/ax_valgrind_check.m4 \ + $(top_srcdir)/src/external/libjansson.m4 \ + $(top_srcdir)/src/external/libcurl.m4 \ + $(top_srcdir)/src/external/libjose.m4 \ + $(top_srcdir)/src/external/libuuid.m4 \ + $(top_srcdir)/src/external/libunistring.m4 \ + $(top_srcdir)/src/external/libpasskey.m4 \ + $(top_srcdir)/src/external/p11-kit.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_noinst_DATA) \ + $(am__DIST_COMMON) +mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +DATA = $(dist_noinst_DATA) +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + distdir distdir-am +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build/mkinstalldirs README +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CARES_CFLAGS = @CARES_CFLAGS@ +CARES_LIBS = @CARES_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ +CRYPTO_LIBS = @CRYPTO_LIBS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ +CURL_CFLAGS = @CURL_CFLAGS@ +CURL_LIBS = @CURL_LIBS@ +CYGPATH_W = @CYGPATH_W@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DHASH_CFLAGS = @DHASH_CFLAGS@ +DHASH_LIBS = @DHASH_LIBS@ +DLLTOOL = @DLLTOOL@ +DOCBOOK_XSLT = @DOCBOOK_XSLT@ +DOXYGEN = @DOXYGEN@ +DSYMUTIL = @DSYMUTIL@ +DTRACE = @DTRACE@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +ENABLE_VALGRIND_drd = @ENABLE_VALGRIND_drd@ +ENABLE_VALGRIND_helgrind = @ENABLE_VALGRIND_helgrind@ +ENABLE_VALGRIND_memcheck = @ENABLE_VALGRIND_memcheck@ +ENABLE_VALGRIND_sgcheck = @ENABLE_VALGRIND_sgcheck@ +ETAGS = @ETAGS@ +EXEEXT = @EXEEXT@ +FAKETIME = @FAKETIME@ +FGREP = @FGREP@ +FIDO2_CFLAGS = @FIDO2_CFLAGS@ +FIDO2_LIBS = @FIDO2_LIBS@ +FILECMD = @FILECMD@ +GDM_PAM_EXTENSIONS_CFLAGS = @GDM_PAM_EXTENSIONS_CFLAGS@ +GDM_PAM_EXTENSIONS_LIBS = @GDM_PAM_EXTENSIONS_LIBS@ +GMSGFMT = @GMSGFMT@ +GPO_DEFAULT = @GPO_DEFAULT@ +GREP = @GREP@ +GSSAPI_KRB5_CFLAGS = @GSSAPI_KRB5_CFLAGS@ +GSSAPI_KRB5_LIBS = @GSSAPI_KRB5_LIBS@ +HAVE_FAKEROOT = @HAVE_FAKEROOT@ +HAVE_LDAPMODIFY = @HAVE_LDAPMODIFY@ +HAVE_MANPAGES = @HAVE_MANPAGES@ +HAVE_NSS_WRAPPER = @HAVE_NSS_WRAPPER@ +HAVE_PAM_WRAPPER = @HAVE_PAM_WRAPPER@ +HAVE_PYTHON2 = @HAVE_PYTHON2@ +HAVE_PYTHON2_BINDINGS = @HAVE_PYTHON2_BINDINGS@ +HAVE_PYTHON3 = @HAVE_PYTHON3@ +HAVE_PYTHON3_BINDINGS = @HAVE_PYTHON3_BINDINGS@ +HAVE_SELINUX = @HAVE_SELINUX@ +HAVE_SEMANAGE = @HAVE_SEMANAGE@ +HAVE_UID_WRAPPER = @HAVE_UID_WRAPPER@ +INI_CONFIG_CFLAGS = @INI_CONFIG_CFLAGS@ +INI_CONFIG_LIBS = @INI_CONFIG_LIBS@ +INI_CONFIG_V0_CFLAGS = @INI_CONFIG_V0_CFLAGS@ +INI_CONFIG_V0_LIBS = @INI_CONFIG_V0_LIBS@ +INI_CONFIG_V1_1_CFLAGS = @INI_CONFIG_V1_1_CFLAGS@ +INI_CONFIG_V1_1_LIBS = @INI_CONFIG_V1_1_LIBS@ +INI_CONFIG_V1_3_CFLAGS = @INI_CONFIG_V1_3_CFLAGS@ +INI_CONFIG_V1_3_LIBS = @INI_CONFIG_V1_3_LIBS@ +INI_CONFIG_V1_CFLAGS = @INI_CONFIG_V1_CFLAGS@ +INI_CONFIG_V1_LIBS = @INI_CONFIG_V1_LIBS@ +INOTIFY_LIBS = @INOTIFY_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +JANSSON_CFLAGS = @JANSSON_CFLAGS@ +JANSSON_LIBS = @JANSSON_LIBS@ +JOSE_CFLAGS = @JOSE_CFLAGS@ +JOSE_LIBS = @JOSE_LIBS@ +JOURNALD_CFLAGS = @JOURNALD_CFLAGS@ +JOURNALD_LIBS = @JOURNALD_LIBS@ +KEYUTILS_LIBS = @KEYUTILS_LIBS@ +KRAD_LIBS = @KRAD_LIBS@ +KRB5_CFLAGS = @KRB5_CFLAGS@ +KRB5_CONFIG = @KRB5_CONFIG@ +KRB5_LIBS = @KRB5_LIBS@ +LD = @LD@ +LDB_CFLAGS = @LDB_CFLAGS@ +LDB_LIBS = @LDB_LIBS@ +LDFLAGS = @LDFLAGS@ +LIBADD_DL = @LIBADD_DL@ +LIBADD_DLD_LINK = @LIBADD_DLD_LINK@ +LIBADD_DLOPEN = @LIBADD_DLOPEN@ +LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@ +LIBADD_TIMER = @LIBADD_TIMER@ +LIBCLOCK_GETTIME = @LIBCLOCK_GETTIME@ +LIBICONV = @LIBICONV@ +LIBINTL = @LIBINTL@ +LIBNL1_CFLAGS = @LIBNL1_CFLAGS@ +LIBNL1_LIBS = @LIBNL1_LIBS@ +LIBNL3_CFLAGS = @LIBNL3_CFLAGS@ +LIBNL3_LIBS = @LIBNL3_LIBS@ +LIBNL_CFLAGS = @LIBNL_CFLAGS@ +LIBNL_LIBS = @LIBNL_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBOBJS = @LTLIBOBJS@ +LT_DLLOADERS = @LT_DLLOADERS@ +LT_DLPREOPEN = @LT_DLPREOPEN@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGMERGE = @MSGMERGE@ +NDR_KRB5PAC_CFLAGS = @NDR_KRB5PAC_CFLAGS@ +NDR_KRB5PAC_LIBS = @NDR_KRB5PAC_LIBS@ +NDR_NBT_CFLAGS = @NDR_NBT_CFLAGS@ +NDR_NBT_LIBS = @NDR_NBT_LIBS@ +NFSIDMAP_CFLAGS = @NFSIDMAP_CFLAGS@ +NFSIDMAP_LIBS = @NFSIDMAP_LIBS@ +NFSIDMAP_OBJ = @NFSIDMAP_OBJ@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NSUPDATE = @NSUPDATE@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENLDAP_CFLAGS = @OPENLDAP_CFLAGS@ +OPENLDAP_LIBS = @OPENLDAP_LIBS@ +OPENSSL = @OPENSSL@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11TOOL = @P11TOOL@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_LIBS = @PAM_LIBS@ +PAM_MISC_LIBS = @PAM_MISC_LIBS@ +PASSKEY_CFLAGS = @PASSKEY_CFLAGS@ +PASSKEY_LIBS = @PASSKEY_LIBS@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PCRE_CFLAGS = @PCRE_CFLAGS@ +PCRE_LIBS = @PCRE_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PO4A = @PO4A@ +POPT_CFLAGS = @POPT_CFLAGS@ +POPT_LIBS = @POPT_LIBS@ +POSUB = @POSUB@ +PRERELEASE_VERSION = @PRERELEASE_VERSION@ +PYTHON = @PYTHON@ +PYTHON2 = @PYTHON2@ +PYTHON2_CFLAGS = @PYTHON2_CFLAGS@ +PYTHON2_EXEC_PREFIX = @PYTHON2_EXEC_PREFIX@ +PYTHON2_INCLUDES = @PYTHON2_INCLUDES@ +PYTHON2_LIBS = @PYTHON2_LIBS@ +PYTHON2_PREFIX = @PYTHON2_PREFIX@ +PYTHON2_VERSION = @PYTHON2_VERSION@ +PYTHON3 = @PYTHON3@ +PYTHON3_CFLAGS = @PYTHON3_CFLAGS@ +PYTHON3_EXEC_PREFIX = @PYTHON3_EXEC_PREFIX@ +PYTHON3_INCLUDES = @PYTHON3_INCLUDES@ +PYTHON3_LIBS = @PYTHON3_LIBS@ +PYTHON3_PREFIX = @PYTHON3_PREFIX@ +PYTHON3_VERSION = @PYTHON3_VERSION@ +PYTHON_CONFIG = @PYTHON_CONFIG@ +PYTHON_EXEC = @PYTHON_EXEC@ +PYTHON_EXEC_INTG = @PYTHON_EXEC_INTG@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +RESOLV_CFLAGS = @RESOLV_CFLAGS@ +RESOLV_LIBS = @RESOLV_LIBS@ +SAMBA_UTIL_CFLAGS = @SAMBA_UTIL_CFLAGS@ +SAMBA_UTIL_LIBS = @SAMBA_UTIL_LIBS@ +SASL_CFLAGS = @SASL_CFLAGS@ +SASL_LIBS = @SASL_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SEMANAGE_LIBS = @SEMANAGE_LIBS@ +SERVICE = @SERVICE@ +SET_MAKE = @SET_MAKE@ +SGML_CATALOG_FILES = @SGML_CATALOG_FILES@ +SHELL = @SHELL@ +SLAPD = @SLAPD@ +SMBCLIENT_CFLAGS = @SMBCLIENT_CFLAGS@ +SMBCLIENT_LIBS = @SMBCLIENT_LIBS@ +SOFTHSM2_PATH = @SOFTHSM2_PATH@ +SOFTHSM2_UTIL = @SOFTHSM2_UTIL@ +SSH_KEYGEN = @SSH_KEYGEN@ +SSL_CFLAGS = @SSL_CFLAGS@ +SSL_LIBS = @SSL_LIBS@ +SSSD_USER = @SSSD_USER@ +STRIP = @STRIP@ +SYSTEMD_DAEMON_CFLAGS = @SYSTEMD_DAEMON_CFLAGS@ +SYSTEMD_DAEMON_LIBS = @SYSTEMD_DAEMON_LIBS@ +SYSTEMD_LOGIN_CFLAGS = @SYSTEMD_LOGIN_CFLAGS@ +SYSTEMD_LOGIN_LIBS = @SYSTEMD_LOGIN_LIBS@ +TALLOC_CFLAGS = @TALLOC_CFLAGS@ +TALLOC_LIBS = @TALLOC_LIBS@ +TDB_CFLAGS = @TDB_CFLAGS@ +TDB_LIBS = @TDB_LIBS@ +TEST_DIR = @TEST_DIR@ +TEVENT_CFLAGS = @TEVENT_CFLAGS@ +TEVENT_LIBS = @TEVENT_LIBS@ +UNICODE_LIBS = @UNICODE_LIBS@ +USE_NLS = @USE_NLS@ +UUID_CFLAGS = @UUID_CFLAGS@ +UUID_LIBS = @UUID_LIBS@ +VALGRIND = @VALGRIND@ +VALGRIND_ENABLED = @VALGRIND_ENABLED@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XMLLINT = @XMLLINT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +appmodpath = @appmodpath@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +cifspluginpath = @cifspluginpath@ +config_def_ccache_dir = @config_def_ccache_dir@ +config_def_ccname_template = @config_def_ccname_template@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbpath = @dbpath@ +docdir = @docdir@ +dvidir = @dvidir@ +environment_file = @environment_file@ +exec_prefix = @exec_prefix@ +gpocachepath = @gpocachepath@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +initdir = @initdir@ +install_sh = @install_sh@ +krb5authdatapluginpath = @krb5authdatapluginpath@ +krb5pluginpath = @krb5pluginpath@ +krb5rcachedir = @krb5rcachedir@ +ldblibdir = @ldblibdir@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +logpath = @logpath@ +mandir = @mandir@ +mcpath = @mcpath@ +mkdir_p = @mkdir_p@ +nfsidmaplibdir = @nfsidmaplibdir@ +nfslibpath = @nfslibpath@ +nsslibdir = @nsslibdir@ +oldincludedir = @oldincludedir@ +pammoddir = @pammoddir@ +pdfdir = @pdfdir@ +pidpath = @pidpath@ +pipepath = @pipepath@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pluginpath = @pluginpath@ +polkitdir = @polkitdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pubconfpath = @pubconfpath@ +py2execdir = @py2execdir@ +py3execdir = @py3execdir@ +pyexecdir = @pyexecdir@ +python2dir = @python2dir@ +python3dir = @python3dir@ +pythondir = @pythondir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +secdbpath = @secdbpath@ +session_recording_shell = @session_recording_shell@ +sharedbuilddir = @sharedbuilddir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subidlibpath = @subidlibpath@ +sudolibpath = @sudolibpath@ +sysconfdir = @sysconfdir@ +systemdconfdir = @systemdconfdir@ +systemdunitdir = @systemdunitdir@ +tapset_dir = @tapset_dir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +valgrind_enabled_tools = @valgrind_enabled_tools@ +valgrind_tools = @valgrind_tools@ +winbindpluginpath = @winbindpluginpath@ +dist_noinst_DATA = \ + SSSD_test_CA.config \ + SSSD_test_CA_key.pem \ + SSSD_test_cert_0001.config \ + SSSD_test_cert_0002.config \ + SSSD_test_cert_0003.config \ + SSSD_test_cert_0004.config \ + SSSD_test_cert_0005.config \ + SSSD_test_cert_0006.config \ + SSSD_test_cert_0007.config \ + SSSD_test_cert_key_0001.pem \ + SSSD_test_cert_key_0002.pem \ + SSSD_test_cert_key_0003.pem \ + SSSD_test_cert_key_0004.pem \ + SSSD_test_cert_key_0005.pem \ + SSSD_test_cert_key_0007.pem \ + $(NULL) + +openssl_ca_config = $(srcdir)/SSSD_test_CA.config +openssl_ca_key = $(srcdir)/SSSD_test_CA_key.pem +pwdfile = pwdfile +configs := $(notdir $(wildcard $(srcdir)/SSSD_test_cert_*.config)) +ids := $(subst SSSD_test_cert_,,$(basename $(configs))) +certs = $(addprefix SSSD_test_cert_x509_,$(addsuffix .pem,$(ids))) +certs_h = $(addprefix SSSD_test_cert_x509_,$(addsuffix .h,$(ids))) +pubkeys = $(addprefix SSSD_test_cert_pubsshkey_,$(addsuffix .pub,$(ids))) +pubkeys_h = $(addprefix SSSD_test_cert_pubsshkey_,$(addsuffix .h,$(ids))) +pkcs12 = $(addprefix SSSD_test_cert_pkcs12_,$(addsuffix .pem,$(ids))) +extra = softhsm2_none softhsm2_one softhsm2_two softhsm2_2tokens \ + softhsm2_ocsp softhsm2_2certs_same_id softhsm2_pss_one \ + SSSD_test_cert_x509_0001.der SSSD_test_cert_x509_0007.der \ + SSSD_test_CA_crl.pem $(am__append_1) +CLEANFILES = \ + index.txt index.txt.attr \ + index.txt.attr.old index.txt.old \ + serial serial.old \ + SSSD_test_CA.pem $(pwdfile) SSSD_test_CA_expired_crl.pem \ + SSSD_test_CA_crl.pem \ + $(certs) $(certs_h) $(pubkeys) $(pubkeys_h) $(pkcs12) \ + softhsm2_*.conf \ + SSSD_test_*.der \ + $(NULL) + +SUBDIRS = intermediate_CA +all: all-recursive + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/tests/test_CA/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/tests/test_CA/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile $(DATA) +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-recursive + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(am__recursive_targets) install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ + check-am clean clean-generic clean-libtool clean-local \ + cscopelist-am ctags ctags-am distclean distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am + +.PRECIOUS: Makefile + + +# If openssl is run in parallel there might be conflicts with the serial +.NOTPARALLEL: + +ca_all: clean serial SSSD_test_CA.pem SSSD_test_CA_crl.pem $(certs) $(certs_h) $(pubkeys) $(pubkeys_h) $(pkcs12) $(extra) + +$(pwdfile): + @echo "123456" > $@ + +SSSD_test_CA.pem: $(openssl_ca_key) $(openssl_ca_config) serial + $(OPENSSL) req -batch -config ${openssl_ca_config} -x509 -new -nodes -key $< -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out $@ + +# SSSD_test_cert_0006 should use the same key as SSSD_test_cert_0001 +.INTERMEDIATE: SSSD_test_cert_req_0006.pem +SSSD_test_cert_req_0006.pem: $(srcdir)/SSSD_test_cert_key_0001.pem $(srcdir)/SSSD_test_cert_0006.config + if [ $(shell grep -c req_exts $(srcdir)/SSSD_test_cert_0006.config) -eq 0 ]; then \ + $(OPENSSL) req -new -nodes -key $< -config $(srcdir)/SSSD_test_cert_0006.config -out $@ ; \ + else \ + $(OPENSSL) req -new -nodes -key $< -reqexts req_exts -config $(srcdir)/SSSD_test_cert_0006.config -out $@ ; \ + fi + +# SSSD_test_cert_0007 should produce a rsassapss signed cert with nondefault settings as seen by some 3rd party CA:s +.INTERMEDIATE: SSSD_test_cert_req_0007.pem +SSSD_test_cert_req_0007.pem: $(srcdir)/SSSD_test_cert_key_0007.pem $(srcdir)/SSSD_test_cert_0007.config + if [ $(shell grep -c req_exts $(srcdir)/SSSD_test_cert_0007.config) -eq 0 ]; then \ + $(OPENSSL) req -new -key $< -config $(srcdir)/SSSD_test_cert_0007.config -sigopt rsa_padding_mode\:pss -sha256 -sigopt rsa_pss_saltlen\:20 -out $@ ; \ + else \ + $(OPENSSL) req -new -key $< -reqexts req_exts -config $(srcdir)/SSSD_test_cert_0007.config -sigopt rsa_padding_mode\:pss -sha256 -sigopt rsa_pss_saltlen\:20 -out $@ ; \ + fi + +SSSD_test_cert_req_%.pem: $(srcdir)/SSSD_test_cert_key_%.pem $(srcdir)/SSSD_test_cert_%.config + if [ $(shell grep -c req_exts $(srcdir)/SSSD_test_cert_$*.config) -eq 0 ]; then \ + $(OPENSSL) req -new -nodes -key $< -config $(srcdir)/SSSD_test_cert_$*.config -out $@ ; \ + else \ + $(OPENSSL) req -new -nodes -key $< -reqexts req_exts -config $(srcdir)/SSSD_test_cert_$*.config -out $@ ; \ + fi + +SSSD_test_cert_x509_%.pem: SSSD_test_cert_req_%.pem $(openssl_ca_config) SSSD_test_CA.pem + $(OPENSSL) ca -config ${openssl_ca_config} -batch -notext -keyfile $(openssl_ca_key) -in $< -days 200 -extensions usr_cert -out $@ + +SSSD_test_cert_pkcs12_0006.pem: SSSD_test_cert_x509_0006.pem $(srcdir)/SSSD_test_cert_key_0001.pem $(pwdfile) + $(OPENSSL) pkcs12 -export -in SSSD_test_cert_x509_0006.pem -inkey $(srcdir)/SSSD_test_cert_key_0001.pem -nodes -passout file:$(pwdfile) -out $@ + +SSSD_test_cert_x509_0007.pem: SSSD_test_cert_req_0007.pem $(openssl_ca_config) SSSD_test_CA.pem + $(OPENSSL) ca -config ${openssl_ca_config} -batch -notext -keyfile $(openssl_ca_key) -in $< -sigopt rsa_padding_mode\:pss -sigopt rsa_pss_saltlen\:20 -days 200 -extensions usr_cert -out $@ + +SSSD_test_cert_pkcs12_%.pem: SSSD_test_cert_x509_%.pem $(srcdir)/SSSD_test_cert_key_%.pem $(pwdfile) + $(OPENSSL) pkcs12 -export -in SSSD_test_cert_x509_$*.pem -inkey $(srcdir)/SSSD_test_cert_key_$*.pem -nodes -passout file:$(pwdfile) -out $@ + +SSSD_test_cert_pubkey_%.pem: SSSD_test_cert_x509_%.pem + $(OPENSSL) x509 -in $< -pubkey -noout > $@ + +SSSD_test_cert_pubsshkey_%.pub: SSSD_test_cert_pubkey_%.pem + $(SSH_KEYGEN) -i -m PKCS8 -f $< > $@ + +SSSD_test_cert_x509_%.h: SSSD_test_cert_x509_%.pem + @echo "#define SSSD_TEST_CERT_$* \""$(shell cat $< |openssl x509 -outform der | base64 -w 0)"\"" > $@ + @echo "#define SSSD_TEST_CERT_SERIAL_$* \"\\x"$(shell cat $< |openssl x509 -noout -serial | cut -d= -f2)"\"" >> $@ + @echo "#define SSSD_TEST_CERT_DEC_SERIAL_$* \""$(shell echo ibase=16\; $(shell cat $< |openssl x509 -noout -serial | cut -d= -f2) | bc)"\"" >> $@ + +SSSD_test_cert_pubsshkey_%.h: SSSD_test_cert_pubsshkey_%.pub + @echo "#define SSSD_TEST_CERT_SSH_KEY_$* \""$(shell cut -d' ' -f2 $<)"\"" > $@ + +SSSD_test_CA_expired_crl.pem: + $(FAKETIME) -f '-7d' $(OPENSSL) ca -gencrl -out $@ -keyfile $(openssl_ca_key) -config ${openssl_ca_config} -crlhours 1 + +SSSD_test_CA_crl.pem: $(openssl_ca_key) SSSD_test_CA.pem + $(OPENSSL) ca -gencrl -out $@ -keyfile $(openssl_ca_key) -config $(openssl_ca_config) -crldays 99999 + +# The softhsm2 PKCS#11 setups are used in +# - src/tests/cmocka/test_pam_srv.c +softhsm2_none: softhsm2_none.conf + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + +softhsm2_none.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_none" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +softhsm2_one: softhsm2_one.conf softhsm2_mech_rsa_pkcs.conf softhsm2_mech_rsa_sha384_pkcs.conf + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0001.pem --login --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0001.pem --login --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' + +softhsm2_one.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_one" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +softhsm2_mech_rsa_pkcs.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_one" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + @echo "slots.mechanisms = CKM_RSA_PKCS" >> $@ + +softhsm2_mech_rsa_sha384_pkcs.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_one" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + @echo "slots.mechanisms = CKM_SHA384_RSA_PKCS" >> $@ + +#Export cert from softhsm2 via p11tool, should produce the same as openssl +SSSD_test_cert_x509_0001.der: softhsm2_one.conf + $(eval ID_VAR = $(shell GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --info|cut -d' ' -f2|grep ^pkcs11)) + @echo ID_VAR=$(ID_VAR) GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) '$(ID_VAR)' --export --outder --outfile $@ + +SSSD_test_cert_x509_0007.der: softhsm2_pss_one.conf + $(eval ID_VAR = $(shell GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --info|cut -d' ' -f2|grep ^pkcs11)) + @echo ID_VAR=$(ID_VAR) GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) '$(ID_VAR)' --export --outder --outfile $@ + +softhsm2_two: softhsm2_two.conf + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0002.pem --login --label 'SSSD test cert 0002' --id '5405842D56CF31F0BB025A695C5F3E907051C5B9' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0002.pem --login --label 'SSSD test cert 0002' --id '5405842D56CF31F0BB025A695C5F3E907051C5B9' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0001.pem --login --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0001.pem --login --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' + +softhsm2_two.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_two" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +softhsm2_2tokens: softhsm2_2tokens.conf + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0001.pem --login --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' pkcs11:token=SSSD%20Test%20Token + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0001.pem --login --label 'SSSD test cert 0001' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' pkcs11:token=SSSD%20Test%20Token + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token Number 2" --pin 654321 --so-pin 654321 --free + GNUTLS_PIN=654321 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0002.pem --login --label 'SSSD test cert 0002' --id '5405842D56CF31F0BB025A695C5F3E907051C5B9' pkcs11:token=SSSD%20Test%20Token%20Number%202 + GNUTLS_PIN=654321 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0002.pem --login --label 'SSSD test cert 0002' --id '5405842D56CF31F0BB025A695C5F3E907051C5B9' pkcs11:token=SSSD%20Test%20Token%20Number%202 + +softhsm2_2tokens.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_2tokens" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +softhsm2_ocsp: softhsm2_ocsp.conf SSSD_test_cert_x509_0005.pem + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0005.pem --login --label 'SSSD test cert 0005' --id '1195833C424AB00297F582FC43FFFFAB47A64CC9' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0005.pem --login --label 'SSSD test cert 0005' --id '1195833C424AB00297F582FC43FFFFAB47A64CC9' + +softhsm2_ocsp.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_ocsp" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +softhsm2_2certs_same_id: softhsm2_2certs_same_id.conf SSSD_test_cert_x509_0001.pem SSSD_test_cert_x509_0006.pem + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0006.pem --login --label 'SSSD test cert 0006' --id '11111111' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0001.pem --login --label 'SSSD test cert 0001' --id '11111111' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0001.pem --login --label 'SSSD test cert 0001' --id '11111111' + +softhsm2_2certs_same_id.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_2certs_same_id" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +softhsm2_pss_one: softhsm2_pss_one.conf + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_cert_x509_0007.pem --login --label 'SSSD test cert 0007' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_cert_key_0007.pem --login --label 'SSSD test cert 0007' --id 'C554C9F82C2A9D58B70921C143304153A8A42F17' + +softhsm2_pss_one.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/softhsm2_pss_one" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +clean-local: + rm -rf newcerts + rm -rf softhsm* + +serial: + touch index.txt + touch index.txt.attr + mkdir newcerts + echo -n 01 > serial + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/tests/test_CA/README b/src/tests/test_CA/README new file mode 100644 index 0000000..25c8a7e --- /dev/null +++ b/src/tests/test_CA/README @@ -0,0 +1,31 @@ +Simple CA for SSSD tests + +To avoid issues with certificate lifetimes during tests certificates can be +generated with a simple OpenSSL based CA. + +To create a new certificate add a suitable and valid OpenSSL config file with a +[req] section for a certificate signing request (CSR) which must use the name +pattern SSSD_test_cert_*.config. Additionally a matching key file +SSSD_test_cert_key_%.pem should be added e.g. with + + openssl genpkey -algorithm RSA -out SSSD_test_cert_key_XYZ.pem -pkeyopt rsa_keygen_bits:2048 + openssl genpkey -algorithm RSA -out SSSD_test_cert_key_0007.pem -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:32993 + +It would be possible to generate the keys automatically as well but +pre-created keys will safe some resources on the hosts running the tests, +allow more flexibility with algorithms and key lengths and make the tests +more reproducible. + +The Makefile will pick up the config and the keys and generate a X.509 +certificate. For usage in C-code it will generate a header file +SSSD_test_cert_x509_*.h where the base64 encoded binary certificate is made +available in a macro called SSSD_TEST_CERT_*. To run test with derived ssh-keys +the ssh key is available in SSSD_test_cert_pubsshkey_*.h as +SSSD_TEST_CERT_SSH_KEY_*. + +Cert 0007 will be created with nondefault exponent setting and later on signed +with rsassapss as seen by some 3rd party CA:s. +The exponent is chosen to trigger padding errors. + +Other targets for other types of tests can be added to the Makefile and should +be documented here. diff --git a/src/tests/test_CA/SSSD_test_CA.config b/src/tests/test_CA/SSSD_test_CA.config new file mode 100644 index 0000000..7b485b4 --- /dev/null +++ b/src/tests/test_CA/SSSD_test_CA.config @@ -0,0 +1,53 @@ +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = . +database = $dir/index.txt +new_certs_dir = $dir/newcerts + +certificate = $dir/SSSD_test_CA.pem +serial = $dir/serial +private_key = $dir/SSSD_test_CA_key.pem +RANDFILE = $dir/rand + +default_days = 365 +default_crl_days = 30 +default_md = sha256 + +policy = policy_any +email_in_dn = no + +name_opt = ca_default +cert_opt = ca_default +copy_extensions = copy + +[ usr_cert ] +authorityKeyIdentifier = keyid, issuer + +[ v3_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ policy_any ] +organizationName = supplied +organizationalUnitName = supplied +commonName = supplied +emailAddress = optional + +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +O = SSSD +OU = SSSD test +CN = SSSD test CA diff --git a/src/tests/test_CA/SSSD_test_CA_key.pem b/src/tests/test_CA/SSSD_test_CA_key.pem new file mode 100644 index 0000000..4838d03 --- /dev/null +++ b/src/tests/test_CA/SSSD_test_CA_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDkKj9R0/ato8Qq +8iww/4BZc14oTk4e94pGssERG2b8wkcnq9gjn7rDaW0j7sqcEnEtR4nbn4dtjZz5 +pObXDRPebsZKf+jPac+PiIKwGMdEQFcrt/hZGlpxDrJKUt144ZmMH69CkBC1MREx +8GHl3oQ9hnLCE82j4D6i+iVRAFhD6dsmL8YWvzMtjklAiyF6yboD1Vjkxwv06wcZ +xgJptyFOcIM4RfRu212SQUmOZvfxIl9zmu6h4Vaz4Vm/e9qmRHJZ5cOJPC6wyhLn +iPyEiuRg7DAI226GO04Kl/Frus5fFrih/hq/GyqYVLHQHBdOZ0MgY/zcwD+eEVOX +KDFYKAbOwN9rDZC6UW3fPLHMnc0f/6q75s4Qvs3MyP0jtJaqjEe+DpW14u9kivUm +f6L/nFHgDMoYHavsUOXKHZu0NRAKAxj+IvAnHRlInPQktIzZQ2abYWix//bb7aDx +WhtOFN/rUXA1mqPahRxSgEst4QnSMxU0hPVET0TQO0A/XwozpkrM80NXOoq8m4kH +83vknwVurg3VaupctX5fsSZvSYunK4bJ/8+Om7c3pyrxqbV0Y/nwGzjMYIU/iQSM +XkDzs5MQfdWTmzQMsFUY7huQo0VA4s2mY96LmbABVCFnZTFSf+li3dNMadPpuTO+ +w5jhoR1tcYiWtIDPBuwIFMCwdN1N6QIDAQABAoICAC7SgKYBMokVp2cMxYbUl/lD +VJo+34c5U1YIztf84JiUIdgBStycpc3+L5iFI2z9193r5V19kmQoAIO2lGyjUWV/ +JBAbyaHu29pfsDoFC7d04K6nFT7ryo2S74GTGcH5wfHgeq3VNKiKRjYSV3S9wjOC +CMDNIZE0roXxgYDq6jIdpoxil2sJl64Mmfm104wII7Uvrgtc0ZZUOOPQH6SkISCg +tDzzFiM9vykJXtfrR4xjemUV8UylGo7Vev5xo0AlobXTEdpy0D4VaeW71d45Rn6h +WYYnybmgJ/bCkZeDAWDAH+mWZNS89XPHRaooaZv8Uuktu7FtfmCou5e0dtPZevPF +qSCExRRnEvBHxqR71e7NDZt8mHR5H9S+4Io6OMFEfTwFC13TNBEiNspg9XovAjfX +4u6wSYPKKLH88R5LAuLoBiD6dO+3SiimbaTeD/a+URCfIWUNycExS/3SnWCS2oxW +h8uS18DwbCbW0b5N8VYldfZ8QK3+GH2B4vV7ZGOFtUW43HUUPlxqL9lpakbAgPba +enrO2+YqzAIM5NWCvL1+fnaPVGc9deDi63sgq75VkJwBMoiBqIpwSUMUwOmL3RiC +NdixXJR/HgjP85UrZHQRlcCfSFMduNNjof0WgamXu2TLA4K2clbdiz1DwAgCBpLP +INKo4fiZZkjiEs3VS9iBAoIBAQD2DjnFAZ0USGpmRqecHhFOL9nZX/we/DCUrkRv +noiEP9lIz/ITmAzCvvUuyFQcDp3LBplB+T74nvfyMJ6AzbV1Kuw7CluIje5i3wKs +zYSc49EKxG3PvNlkpbrQkY2/FrBuwakZro/ByzrcCf783cey36IXc5s0EdXiqyB8 +Gn2yQQvyYShAmE1HjBjcURSC8bCn1OKQNR04gbnIIUbe5kn8IIM2SD8cUPIuvBTf +PAzAMT//6bKwi2v6Y9QK0qOIYEFLTEzonKeLlnErXxytb0wbwCbDWQLprYdSQR/3 +ctVykylPYuTXdCW5qLL5TGuxHKzJodOI0RF8A07CYj7dcQf5AoIBAQDtYuuKp+AT +ro7Oe4J1bUx/8YlAPDU4UgWbIQjAPUvdiRLZxVRecomNjDMvnz2G/lE8P3CPD0fD +DZSPhUqUnqanTYLAoVyQh8Zo8NjKJ1wlE9F5CZECeGz1RGZcQBUwK7tZr3EGNw/K +IShV8/6RVs+I3jjTll2oAoquJ4el0V7sitI6O3Bsh1AoVgZYmJV3qMdODcDJQjNj +SVetxExhsd2SJztjp5U0uTMf6fXH41CVKo3seRPvaxAhIDpG1He1XEKeeeq3l6Uu +vzpKmXvNmmzjCZLLY6APvLYv1o65UTn3N/MLIXjgEs07e2JNzhLhAuz5h6sPH0aM +bx+vOhugy1FxAoIBAQCvFcxRvSYzCpx7jocx9ctGoZIYtc5HlhhTk/Wqn1pxEKXi +w+Vzv9xEr3D0CySeml/52gYwBdWjQCsasTH4YWhfqV1TXbloX+ZjgGD86XkV0p4r +VT72dWET10Ipq4j7kn+VMETNu4Mb2StW693/vSiexbcnjOHBmXdixXZmGMucjeCc +ZjooTLeg07XU//TigGy94CQfjUvvq4+xMsylS6UVvWTguWP/GDJcwwTvHGHOWL07 +suWt7me1UlfOI7iuECAmHnMTinVGRJTe0d0sJGg5zu9GTg5ejVYfV6wRfisYTlM0 +5CAGl+VISRyhfJmc+9SP3ZESaAJTBl+CvjoRhJ6xAoIBAQC3Blq2mAJzClX+q0mF +ghTGXJLG3OTnnI3H8mtN1LTGhKXtE3CeNU8KvHrGj88fYrt9aSg+lLhukezlzw4W +kk/JlEBohsDYimaWiIONMVWhHKuX16FfNzxCyk7ld18euckEN/k7on5hCLmRs8Kl +ijoOu88yi6+AFx2XctDqLwgx9kJqNWPTuWw6/UB9VH+BN7ca3g2y3oDCX0zjpAKE +HF/KDMeEaTPn55acV4VxbTi3GY09MokFQhW4hKGJ9MyrHwwaJcOrc5ce+L9Xvwiu +GA816S6t9Az3tTb+oT1/cjnv+so/3bnVgYmM/+9mL6lspRXSuiBQU3vQUOkr7/BX +RAtxAoIBAQC2AQjrhdjyIhuzDGpL7A/IUfV9Fr37ytRY1r7pOwIVthGK3SmLbV2t +byT4LeS1XMkpuwfiM/w4uAbRz3QhMGfgv9wUjNCpR9fBd4VZqU9HPk6TasQhxxLU +q4O+XpvylEqPPzHkvpJUiVEfh7bXSoqbvTP7fUnJ/YzqMyq+NNkJzKccz8+I2BfN +/WXp6HmKAKhvF2mkFbo+2IXzJoCzHRorBvj/HzMc349cvHtYErJvHZQ2wgfY5CFC +y2/x/t1pQ6BhrJiNyC1s8jYtboY7mc1yAp6cvtWraOYYk6LCTLbRLPLNqEOKPUFH +xHflFSh7K6rCRfJGMKKFYtdA09/CAqh+ +-----END PRIVATE KEY----- diff --git a/src/tests/test_CA/SSSD_test_cert_0001.config b/src/tests/test_CA/SSSD_test_cert_0001.config new file mode 100644 index 0000000..d59023c --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_0001.config @@ -0,0 +1,21 @@ +# This certificate is used in +# - src/tests/cmocka/test_cert_utils.c +# - src/tests/cmocka/test_pam_srv.c +# - src/tests/intg/test_infopipe.py +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +O = SSSD +OU = SSSD test +CN = SSSD test cert 0001 + +[ req_exts ] +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "SSSD test Certificate" +subjectKeyIdentifier = hash +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection +subjectAltName = email:sssd-devel@lists.fedorahosted.org,URI:https://github.com/SSSD/sssd// diff --git a/src/tests/test_CA/SSSD_test_cert_0002.config b/src/tests/test_CA/SSSD_test_cert_0002.config new file mode 100644 index 0000000..d2d429b --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_0002.config @@ -0,0 +1,19 @@ +# This certificate is used in +# - src/tests/cmocka/test_pam_srv.c +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +O = SSSD +OU = SSSD test +CN = SSSD test cert 0002 + +[ req_exts ] +basicConstraints = CA:FALSE +nsCertType = client +nsComment = "SSSD test Certificate" +subjectKeyIdentifier = hash +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth +subjectAltName = email:sssd-devel@lists.fedorahosted.org,URI:https://github.com/SSSD/sssd// diff --git a/src/tests/test_CA/SSSD_test_cert_0003.config b/src/tests/test_CA/SSSD_test_cert_0003.config new file mode 100644 index 0000000..b141fc0 --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_0003.config @@ -0,0 +1,18 @@ +# This certificate is used in +# - src/tests/cmocka/test_certmap.c +# as an example for a simple certificate without EKU and SAN extensions +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +O = SSSD +OU = SSSD test +CN = SSSD test cert 0003 + +[ req_exts ] +basicConstraints = CA:FALSE +nsCertType = client +nsComment = "SSSD test Certificate" +subjectKeyIdentifier = hash +keyUsage = digitalSignature, keyEncipherment diff --git a/src/tests/test_CA/SSSD_test_cert_0004.config b/src/tests/test_CA/SSSD_test_cert_0004.config new file mode 100644 index 0000000..87ebaf4 --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_0004.config @@ -0,0 +1,16 @@ +# This certificate is used in +# - test_sss_cert_get_content_test_cert_0004 +# as an example for a simple certificate without KU, EKU and SAN extensions +# The subjectKeyIdentifier is required to make sure older versions of OpenSSL +# will generate it as newer version add it automatically. +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +O = SSSD +OU = SSSD test +CN = SSSD test cert 0004 + +[ req_exts ] +subjectKeyIdentifier=hash diff --git a/src/tests/test_CA/SSSD_test_cert_0005.config b/src/tests/test_CA/SSSD_test_cert_0005.config new file mode 100644 index 0000000..affc35f --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_0005.config @@ -0,0 +1,21 @@ +# This certificate is used in +# - src/tests/cmocka/test_pam_srv.c +# as an example with a OCSP URI +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +O = SSSD +OU = SSSD test +CN = SSSD test cert 0005 + +[ req_exts ] +basicConstraints = CA:FALSE +nsCertType = client +nsComment = "SSSD test Certificate" +subjectKeyIdentifier = hash +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth +subjectAltName = email:sssd-devel@lists.fedorahosted.org,URI:https://github.com/SSSD/sssd// +authorityInfoAccess = OCSP;URI:http://ocsp.my.server.test/ diff --git a/src/tests/test_CA/SSSD_test_cert_0006.config b/src/tests/test_CA/SSSD_test_cert_0006.config new file mode 100644 index 0000000..762de55 --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_0006.config @@ -0,0 +1,20 @@ +# This certificate is used in +# - src/tests/cmocka/test_pam_srv.c +# and should use the same key-pair as SSSD_test_cert_0001 +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +O = SSSD +OU = SSSD test +CN = SSSD test cert 0006 + +[ req_exts ] +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "SSSD test Certificate" +subjectKeyIdentifier = hash +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection +subjectAltName = email:sssd-devel@lists.fedorahosted.org,URI:https://github.com/SSSD/sssd// diff --git a/src/tests/test_CA/SSSD_test_cert_0007.config b/src/tests/test_CA/SSSD_test_cert_0007.config new file mode 100644 index 0000000..3ab6a9b --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_0007.config @@ -0,0 +1,24 @@ +# This certificate is used in +# - src/tests/cmocka/test_cert_utils.c +# - src/tests/cmocka/test_pam_srv.c +# - src/tests/cmocka/test_ssh_srv.c +# to test for non default values of the exponent in RSA and an unexpected character in the CN +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +O = SSSD +OU = SSSD test +CN = SSSD test cert 0007 /oddchar + +[ req_exts ] +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection +subjectAltName = email:sssd-devel@lists.fedorahosted.org,URI:https://github.com/SSSD/sssd// + +crlDistributionPoints=@crl_section +[crl_section] +URI.1 = http://localhost/intCA.crl diff --git a/src/tests/test_CA/SSSD_test_cert_key_0001.pem b/src/tests/test_CA/SSSD_test_cert_key_0001.pem new file mode 100644 index 0000000..365c989 --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_key_0001.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDX8xglLP+D54dG +V/lndmQ7YRg1GDuaZilzh/jfAva3psSYDnn1f9wmygNx0HUjlpG72pBOaYthdp1D +ZGayTlpSUY/3y7+pvokFlY0v9Xhg3yhUyRK95uS/LuY4L8uaoZxMXPW2iP3kzv2v +BQQlMuBCjL+ji/tX2Zl8CHUldY7QPtSLZcklXmRvu5jHPK5W/eh8E66UNeb/dueq +ZAzLBZb5g8Blv9dMjf/eSlM/R//au40ZBBa3CRpddaf/gOa9sNGVd6RmzwejZ47k +hPwkx6t23ZQ7bZkk0NI3H8+/sKkM6aWZaywmLvnyClIgjgZh5zKJgv0ZFAaQ/nST +a6ke3OetAgMBAAECggEAIHaO3qfREYcwssZu27rUfoiuFu05qJBLEu8R3pSXeiw7 +yZADjYBXHA2qTuXDdkIgTlkg8Gi1Z0VphsQFHDDjKxTPy7R5b48REiHVQ6xnGEjz +yysfAiU/pe3q9e9ZcDlzQZeH6JTXdhoX0MO0R9NKGzcFaBSXCDHR/O9YjPULLwq8 +K9wZpHV6DPajoPGmZgw1qQr7Lc35nVi9AeNyTGnSrUf4hdjKiA2WA0aC3fkeKQxp +8z6FJWKot84dGbhYK0fyM0uIMb4wS8gvTmvhjE5pltEstOY3bFebxJ5DtBJPqE5K +FL6k2tfcctuhiwDsRWar39H5SvXzxHbyaz0nwpI9AQKBgQD2Z+vpncVGZgnV0rwK +0dcdEMSCOj7i91OVS8IGAvwfpI6n8Hs6upO1PtqvWtnwt8lOMwF3omA5/25ZF1+K +Y6iPxnqcg4nApG1DVDXMrV1cWUa6Sc95afJE224sZA+yKiyTZsWdxfV5y5rc5V3L +ZOzXjHOW40W/ZuuNwKR5D9fyUQKBgQDgW5h+9NwyPg+01I9qQgsnlHPA9ndKamcH +QgnAhdM75wadPnVZTNsOa46pfg0Uy/yqYSo2NZz5CmN6W3baVanyUMMmhDWHmCuV +6nHmzwlJDiJz7S0ieEUi62NConZbU3YE6zjmKkMU0K8pZEisvX/Hb3K8Py4Jxyhy +JdX5FRmMnQKBgQCzK2GpX6VgyTWBm1hMbcUDR3v8TaoIk1rdhlaw1F7MC3YHu59/ +Vses1OVi+KbcmGbyS7hXa2SZB5kPgyVflZOt596kDCmQQH+Ko6LzD2SBkBETyDPq +zxTw6LW15ZRcMrpy/BnZ3WXfiCM1WDrZeKuXGHO8VcoToRzK2DdAKDsX4QKBgQCv +NHhrNHa8uaB0W8Y/eaHSX+jhWNehgmRA075f3WIvFmQg6cSkXxN2OGJpVCmNAxum +Rki7mrSh+w3iYIj5Sgp0U8OCUZ6n7BqlcTdPwoCCz4nyM9aaY4fCFEYopEx/VzcD +8lk1zO0j1S/kyA7E7xtZOFxGS6R9OE0KjyeA44xXNQKBgFRbzhYNerXwepfYi0bR +plJ8Jg4q4DI+m5QlKGjQLsX4e0sdyOgD8mV3iYofzrull5KZeRQy5qbO9EypFXQ5 ++16FbR7VTYgKcwHNtC+8EcsSVwgk57ox4jDY6A/X1DBKUT+m/XyJYE79ZCsFVvl+ +O8zzsFaOeoxTVyVxjHmuhZ6U +-----END PRIVATE KEY----- diff --git a/src/tests/test_CA/SSSD_test_cert_key_0002.pem b/src/tests/test_CA/SSSD_test_cert_key_0002.pem new file mode 100644 index 0000000..d80349f --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_key_0002.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCvhgVEGejE4Gcr +b2lXw2scPpvXa2BaJ2DtFNgofEKhPlBoS7E913YXIG+kSE2i7YezAzHyd0hVEBqR +QVlhGg5LCeOrQTRASSNUCgWzEXnRbPrvQbeZc7T6k1QIAmTNlpIc7mrO5bjOkR6Y +DVNTDmW90aCo4IyarJAru1xQTjS+TDtJNvIgqI1BtnpH67JXt/2UsQYAD4lQQmAf +gEj3a2bD+EuJVVFt4rar+QE3EUZi265cK3IfV6OkzDP/ZuN9sxr5adk0QE/2jC+b +1sB0VxLxWhGszuOtdhkO/bxcfjWj/EWGa0nezukDeob3k+b4f6Z5kfW9GJCdCOOQ +Rr1Mv6oZAgMBAAECggEAUICdZbCka7eoWemNXS1JsPieLV0YIgExmUsYIOls/dtA +sbUVo5FwngbIbYaj5PggZuAuRlCjIjBynvBj9/8lUxFEFEWhm2JwC5lVJ936Cy16 +ocV4Wa8R8GMmBU5jwU8v0Ikg/6eo7UTtzTs/XjaaP0cn8oyasE45CXWzTzmvQx+d +FwfcTkhc6KALf+CHTk7mE8QT3vMgVQMRiisF998fnJDkW9U4pPygcg1BAq8wjix8 +YwVAlk/Vq6MxmOViqTNEmnBd5dfZ/f9SYGkR7AvZgENEDNtkd7fE37YXdTSYfBWd +lhHm4UkTUSsHl+Xx5w5r/e9xcK/z/49WUJnK2mVcAQKBgQDUv+szGloLyy0OT9SK +qqqiL7AtUtfCRPH9Gk/UYBGLzktuioac9m1tDo5RsiInFjSmBe4wTGrkhrAJP1Vh +DOpXGqMe0cV/QqOL/XnsJi6ySHzGhiR+F+iBQLk13ya1TIiGIG65mxVU7ZceBWzH +AoAjkwV9c/lUGX3yhJ8zUPPYQQKBgQDTNL/WNNHx5PD8XV9voupVFh5nLA9CqCYR +/07O8pMKve/DjswT40mz/Bwd8xKPFIjTtPMuRd1mORnkF/Q/1WuO5dZG6UUTQT5V +KdtI8VwhQlTz7/DjXm4O+mkwY9vfhTQylUsqh2rX6WkIedj1b6rT5Jg6fHMn34N2 +/9UGEp6b2QKBgQCIJ4MIo3a5UYA2RpTJYcvuHALuHrSCWclcp/gq/Ih+JrpTtkfM +MFF7l/MxCYWd6jIrhmQXePB37FLAuE2V3MQklqGKWcnBVg6Ayum6Xf1Ij+d6zeKQ +6BAemCNv/K4zHRXKcPsrwbp3Lc6moeYpvsnu+mprDUulrOLT0FhqaQaFgQKBgQDG +dqfZUlMBub8VdWwri+wkvh8dldJVMYpsmPrmDh1MF8TIf1OXUJm+TiXhorqKxqH4 +Re3JSo9L8lY49qVmolZqteCPS73D5Sf8gNN1DJAlFJ6dhpdWIDLNUlMrzHoc5J9y +9MToFs24S7WN6GmN4Dum1wSQ2Mag7jArzyTOiwqNqQKBgFh12/YF4tiePqG1aOaB ++L5GgA/ux+6SNj5TkqeiKqPaptg1tnM/T/ChiWmwZzee1ZeMEBbDWtbEMf15In7/ +OM5OSMU+SIgWposXDTDKM9ZMQZW6h9IQy/IxwvF8BrroS0vF9vOXKOz4Aw+5Kugq +JxM2HRDRdC23CGRuGjv+hO4d +-----END PRIVATE KEY----- diff --git a/src/tests/test_CA/SSSD_test_cert_key_0003.pem b/src/tests/test_CA/SSSD_test_cert_key_0003.pem new file mode 100644 index 0000000..603e760 --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_key_0003.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDb6pvC57nKEY/y +k6PXmcbIHz3lmUXqL1OPdJrBXFgs57AxIPvbXqWNJi4/c82+nsdmzKunrU1B+ZkU +poNd9eT/c3y7RaZ7UeGBqUhUBRXd/zllQmGnDfwPLIirhK7+UTjOnez6WSPHzKWS +36ZZG6aZXj//lc9X/8xOb5kr/Upn4AFTHkhirOpzMJY2T9pEDj/gx8o+FUgHnw5o +WlarnPCod3xpn2RtNsugpTLdtDMhhPabaySUJdNeHYRfP5UUqjEr9yvWDuwfjW2y +5TMoqZreEg6RSmya6BDm9nuwqk07NAK581AvFpSNvy1H8PL1BckXe6oxskPUM2rD +XscGCuOnAgMBAAECggEBAJuoFDXBdMRs59lH3Pk2s/dj/Zisg0r90oRAgWUJarPm +DdTIRtv/wugENUneOquIkRTXG0ykooFnHI38ShFQgZS59nhLFUpGK3puCm7F5rNp ++gMNGDd484b9+4KDeKUzciT0rQ6J14SM+kjaGlEJ/EKj7mKGc+sSeFawMNdtAaRB +HeLpqZnmSGTLmyj5JMH7ZFvSNtyWIKBZPmaIY13KG3W9MqW3JZBhMnxqFnOxh7Hk +zuZbrns6q3AYSjVnSG8fOQdVKfPKTEnXSuIl+3sIZu3hH1X2DeDaG1rjBnMv/DrT +42z/hT6Ek3Lz10Jz6OtTb386Zy9qf5JRofTh1oyDZBECgYEA+wbL0+SLkAPMakBY +HWqVTKF0yJFm1/rXG6bFDqXhJ3AmebKYuqbnIbr6U5vmzGLXOT/NUoHRHf07T4vP +2VzRECUb4w9q7/Mf4AENo8iB323rzpelD+nN43ETQB3Wftu9pyg9OY7Ey6+2eLao +jofiAPQX4ZZzKB2bcjA4VwJ6OI8CgYEA4EYFqe78D6qJQLETNMh5SPKLMIZNxmOD +2Qo0veLbkqasCQ0N1J6fEwEs6uRQboj3kM3E91tmGDL8QNvLcgSdy7KfTIunhaxi +Ivsh3I5Gv3tXWtnpJ98738iZ4tucvMTdJ52ujGLMCXkMtI4K1WwVbxVbJmNgRU3J +A9MkQVhZv2kCgYEAtd/PsD9HatmFsnnaHb4KXBIi5eqLQ/LHBY7H+Xvv7L4R8lyW +0a15ivPIyOkMyIrYeu8iGSRbWcoOveyDdG4OPw9T7ChQh3d0Yb0Bn+f3SOWAUxeG +DUiN1rsngm3b6d/VwhWifmBVb2po338gEtyav6wa3WQ/HRKOfKY5O7lcyjsCgYBb +ssWmEZzmGug7lysvLbjJZsIaeQ9bylyiZVXjPdphP9yfZsL86E5KSvS+pdNtHnt6 +rWeXa7t2sYIKUtQALnsGSmZvubopIa6OdvgFYfbzW87/ypFWSCQG/9JLu1d+p091 +Xzd7Fvot9VyIhntPf/3TiXvXWlKGg6No+O+d+C3Z4QKBgQDb47BR+gthjtdTdFvh +YPuIHEjH5eiw427KPCAKlpc1+auT0HBe0jxLg7zlFw/uTHukguifHlK9if7Gsjq9 +CZ4RRghvAkvDIzlhHBPw+tXA/xYHBthQxOcK9KHSiIwbLM3v+1xhimKAZfsUEo04 +r1ThfBkpGpW1JUp6ysH6Q4+H6w== +-----END PRIVATE KEY----- diff --git a/src/tests/test_CA/SSSD_test_cert_key_0004.pem b/src/tests/test_CA/SSSD_test_cert_key_0004.pem new file mode 100644 index 0000000..e7e1b1d --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_key_0004.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCdue/OaH/8xyzm +PUXFJeVJe0GOLZv3Pv/wPuIlNjAU1JNSDQUUKBlv7SOJr7KZ+4se6RyTU22G0KMN +0qswY5hlpOtCbRlH2fp5zaYakDVbAv00UBvllPuLetQA9hjCxvz3DZLfLC/N954N +ZKJIrO2fqTDvJwKqhw7gvp4p1vZcpAcsDf/AYzPgw1oX3yZyzQhfQwQ5Gu3U0Fwc +nQL/l++mDFD2faDBfn9CFu7hPHKMQvjITsK/RwuFqZa1BzU80x0iyRMhYyDuUDWD +2tDgzgt4qlMIHJb0ACHuSZFNIiqCF2xkM63PP3is2w7DUpRSu26FR4JacoKq7v5g +yhtw9y9HAgMBAAECggEAVpNKKy03G4QkhBib5HRBoAz01dr5IkTFbZTGwxA0Yiqw +1rfo0sCT/djXyerUCSuGmKfyFHgVxYteBOdfKgdxDlHxBJwn5UWj9BnKlAgWEWfZ +nk5eka0uSchY+FIdE0Twc5dSyAdUEiVZ7xYO8f9hy2KuRodOMlZB92EKJgMlZYGS +/hYOfZYmz3c4LFWO+UEiXyKKjENtnp5CpOw+Vcrwlu77PbFiT4Y12dOOwDRP4a/a +ddXQBUaApOMDBA6gpB4jaysq5EBnrLTL5fzHNpATVKFnAL7icPuIfefjU2kxQMoo +siUL7RzZnLlx0mN37DIzTv4uGltvGzzqhkIA5X/TsQKBgQDNBt3+dih7YbDt/4cC +HtuApUAbwYDYhETzU8Zt+WRiFZdOgBcm/bacxOqBWGJ1WCYnegPYmk4WVThH1zrF +Pr2EN2sOn2KJzQlLIOR7hvtTXgLx1hqc9XVBq/8JKhvCPfk/RoCjt+GmkoLHdrWI +w1kd2milRcFs09UCV8LGa/vYSQKBgQDE8JUXD8x77IP/CBXLBmFq6tSwYkRWh4jC +l8HB75VWXrknzgjv4Iqx4FEm2T0Mp0QFZLF6WCoclUcsGiCTz7jm20eoRL+5dX1d +yASi00GSpS1p2Q9eTTU4FHVg1nD1B5F1kQB8uqBj0oSjeQLLPngaIftxTGNrkw3J +4mk5kVdrDwKBgF0iA3F1pwn05HQYIPHbpoYXirmQ+sBfxRprMbX/FZRgjmzATsQN +eAhagtPinEcFlb9U865O2a3XZEtt/2peB6Spr93ilNZX5yLTfDaIqF3EVL4aLdii +v3LneGBnWliv4irWEdVM0Bnkb7e/utK3OiIPdn2s5CJVT2tTBk0v/CTRAoGAIe04 +IeLs3SRfkN25s2IEAkE2JrSnBSkQHEW8cUZuuZRT3VGXJIvQGNiF4mVmKPnfs/Ym +xObPSmFFA4n0tsIAHnUEIS7GwJJG6JL+iXZPQ44FBskH5rzyQBj2J5qJlwyYuGIk +bVhRLSElDGxaWN0IH6hfAqOgNPX+WBsS+YHaR20CgYAVUwTRA9kQgPZJfg+mepFG +zw9Tx7/TSwILZDlL0AU/i12xn0RA7sweLW8cPEDx1OnTbv+/pqSZ46eeZDzTrlu7 +ASy844law96NdhpKuTyz/jEl6aj0RLp1wzQZLSQkV0nv3f2Qlknhz83uShhxmxJv +FqS4fShRFJNoQDwEUvE7ZA== +-----END PRIVATE KEY----- diff --git a/src/tests/test_CA/SSSD_test_cert_key_0005.pem b/src/tests/test_CA/SSSD_test_cert_key_0005.pem new file mode 100644 index 0000000..3a72442 --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_key_0005.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDM99ny9ZkJ5via +QeUTqkZ4el/BDp7CurWcCG5wOahhQrvA2k8OaQXWTJRmK7IWLPUGYNhrOBVX3SfY +ayLXmTAjQgu4tsizupIJ5T8MgtZw6FEy9ZaLMZKBDuLywpqOABDbTRk3wWx8yMwk +lOH6rghsdBJnuODHU/vY4A8c2/fdI/uSxaKoukzXg0KdkALQD26RRzrhC8eMEmkA +fNZjCHwGU9UIunV3f/zURrp+LveXt0Htrxr/22Hs91Qfy7zupheHioTPPsMrveCh +cHILc34cmF3FVfDW4GLWd6SLF4AHWJkm5t15QjZulfsEc++h6BiJQXciSI3g2H6w +NoiEbdx1AgMBAAECggEAWzhnYFDbhmOr+oMfH2xlppLX8MS/9WxBDStXc0zF2ltn +0gGWs5QcC+7TENGblXD2r5sEVluEbDE53YB45jkACoEHVHLMyehbvFmxgLDuHRvX +n3VbRaGPUS695EqlnFL9LYyXj4/e5346FIHKPNWdXB8gXdcS+sMuz6uQLkjbfCgN +spvE5F2ZG8m87QGBaYA3+4P7aIZtxUo1loZ5yhlfzXBS3EnnavoS5Bp/NH6Wx6qS +8Fm5aIF477vHU/7zz5RQ1EYcviDytERLUcTjCEZtvaRqVOLGKIay+6f9X3WdNMFT +P3yUG05ZhVL6X/zWkKdNdvrsV1yqyuSiYAlVNnED9QKBgQD7gS8FvVuCei47ceaJ +17ZKcqkSg7ySSjOHs3NOjYxQ1b1e/hFybfJQRNLDv8DhLE/aN/aQTRoAJ1iiACdW +Ye87e1qJdI3Y7rKWUcI+kMACzTTiHmo3NW/OAs/K2EwaCZzHixvQRmScXdn9GjoW +M2HzTsyrN0nInnW3z+dUH+VzQwKBgQDQobrHXS/JBu6p86th3C+YWPfH3X/iBu7W +ey12B28KA6Ove2UEyPV2uG35pi5NagyVcFvd+0o4jZt5XUxnVb4Y10wn8ISVaA03 +UTJ0j0U7rQnMpxhtHBdm8jD00MbqkKybrx8qX+WJrDccLbF3gIAkETogw1ul2aMK +Pi6zejyJ5wKBgAOfaL38bEUE3YWdrmRt5wJLhIPvwdeZmgRqYU7QWyUO7xtfLYEo +dEUTuLV5HZ4gtUW/aJ3LfoRiDLTIq8hiwL9ql3NDaoelaI0hwFqGWz2vFwPqzDzf +WCzvfW6+jtoRKWD2cAAgA3L9JxauOgf31YFbsTcGJNnu7mMna32auANhAoGAUQL7 +6/4bWAwBEK01l0JQmO+zB0DTL4lRpKcf9/za+SCApttbVohSCE+FJLOKtzS+vihr +A79YCq2x+WZpDJcWwb6YK8oRMZK9zwUQeoJHd+yxKW6Y5YVK8QaKTAXlt5+F5s4R +Y/rovpTIsYBssOKM33RxBdfV9oiT7p5GtBp693ECgYEAtyZ+Va9j60E8EkNsgVP2 +MMZ3ofGI1IAQB2CHuWH7Y2NPdg/WBbBMPFGThi68rZnOeM72IXYXWwooJvWk39w5 +VLT8kFOBdxYl6p9ve/uNGmCia+vF1aYj6qHLmnx3JOvlte/cNCLXDg0pXrh+Ah+o +F7OmwIezouHZ+d77jxDb5VY= +-----END PRIVATE KEY----- diff --git a/src/tests/test_CA/SSSD_test_cert_key_0007.pem b/src/tests/test_CA/SSSD_test_cert_key_0007.pem new file mode 100644 index 0000000..655ea4c --- /dev/null +++ b/src/tests/test_CA/SSSD_test_cert_key_0007.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCaL8sA3b2WVm46 +WKHA8y0FOi9pw7qIbLWJPbHM2kaZa3CwM+RRvNTOTYJ4yFd2Z+H9XJ2pbEKwZk/q +AEy7o9g8e5xkHOLMQxzLpVpK8RBF+23/cW4BXlXg4aZ4Mnk/A5ig4c5hPIChDP/s +FtSgno4MMAtQjSku7iq4+oiqiwKwQJ6lNtQ6TKoouXTGwYE3uumRvfx5HEx0fQo5 +aAvFa+uCRI0wrjTh6lGgL1yeCw5KZzUovie8bowHbeQfsmhuTPIo5pEfGDFHm1Np +ZLEHZVzuWTte0410J94Ov5faLzC+4wxWZIvb/DefGtJL1mSTo9p3A+9mI1fuHYPx +0BRUPsM1AgMAgOECggEAFEqiCWzQlIKuLPgqVJSL3VJHH1KsKOvZCob3jCyV80am +YiCi5qs4iWSqUnQ7pgqtIalWCu/qq7X4v5T+Q/mdJOjP36zWDSXYDwGsIlHVesQg +NrTxrsE8XQzV6u5ZMB73jklO6BZ42uZcC5BC3yw2wkPyT+AMmtvAyFqjQQDf9YUH +glNK74WfacEzGFTGwYqHwsHUhLare1hRcpaE57Wwl17IS7zYebcO16qhuJEWu0XK +yZTi+LOhs1pJV4yhYXILq70sQIt9MmjGNvblehgdSdBpg0CLjLOB4DS1Z1OpvNUD +uPPM/tObQoctCd3jQO1YLR0MnPycuz6/YJObKaDqKQKBgQDMP8Mn9+HASTL+t6v1 ++jYDpJkwruhGCQ5e/bzLA7E5TCAJTjOQMCJhQQL9DYO143OtHKXH54wTkfQ0nnZn +DkDzGlBKewi4L6sLnNU+R0HOIY48nW4eEEe+fE4AcK7Vv+dlwfABvgxQpi0CmJUe +viC0ZBR2gInnuZpiFvNygI6fJwKBgQDBQNO8ftTLkarCWPkh2oFSuTIVmSaQtuzh +MA5CmqtPDH38/eVJmIRLaWGQecjbBN+ec0vTSGuvIDvWDNV1X5hBb/TDn8mYU9vt +nBxCAcwwqcQ4CtJrrPXHS6sxWSGz3vC9DuLdc1K9imCV1LUW1P9Gjp8AtEr/++oz +v+CQXS2EQwKBgDVZ7O0GWEQ+St3LxhOetUIPJ3ajNUrdv/AvYGOla9Cg/l3RmrW0 +gX8agIdHxb451EEowyK0MOUi1479Y5LKg7FxvbZcFcjF/WDFv6pboIpXPeHCQAV2 +hcc80E2NUFQbhCk+pVSWntH43No7LRK+5WK514Ti71wloidLHzIDTbPdAoGAQafV +588gj06xxu9inT4pTEYKhWjbIfr3rEL0juFkO1/1Q7OQFYEBLQKzgjLrNYd4pFC2 +pP4VRItXx5Gh3hgHBriNnyEmXkuepFC6ulC/emhHM8qZjK/i/eQVZ8cDdUU1TdkK +Eu80aXi5h9/lSP8X0rBbX04k8tHFhfJE4gylYTMCgYAYU9xPpX3hJ8U2ZpD4vSnk +/3XrjEdkACrmmt9kacnc3IC5CKB6OfNN6PkEHC3s7DzHTr5LYqSvh1PV7dqJ+4g9 +7rUXdnHh0YIAvD8gz6H+QRglxB1OnOJ9AWwUonzt1ySAAuZMqLTdmq9pXz8Gg7IY +CrF5rU6DMEElaGiHpcwlQA== +-----END PRIVATE KEY----- diff --git a/src/tests/test_CA/intermediate_CA/Makefile.am b/src/tests/test_CA/intermediate_CA/Makefile.am new file mode 100644 index 0000000..b439f82 --- /dev/null +++ b/src/tests/test_CA/intermediate_CA/Makefile.am @@ -0,0 +1,98 @@ +dist_noinst_DATA = \ + SSSD_test_intermediate_CA.config \ + SSSD_test_intermediate_CA_key.pem \ + SSSD_test_intermediate_CA_cert_0001.config \ + SSSD_test_intermediate_CA_cert_key_0001.pem + +openssl_root_ca_config = $(abs_srcdir)/../SSSD_test_CA.config +openssl_root_ca_key = $(abs_srcdir)/../SSSD_test_CA_key.pem +openssl_intermediate_ca_config = $(srcdir)/SSSD_test_intermediate_CA.config +openssl_intermediate_ca_key = $(abs_srcdir)/SSSD_test_intermediate_CA_key.pem +pwdfile = pwdfile + +configs := $(notdir $(wildcard $(srcdir)/SSSD_test_intermediate_CA_cert_*.config)) +ids := $(subst SSSD_test_intermediate_CA_cert_,,$(basename $(configs))) +certs = $(addprefix SSSD_test_intermediate_CA_cert_x509_,$(addsuffix .pem,$(ids))) +certs_h = $(addprefix SSSD_test_intermediate_CA_cert_x509_,$(addsuffix .h,$(ids))) +pubkeys = $(addprefix SSSD_test_intermediate_CA_cert_pubsshkey_,$(addsuffix .pub,$(ids))) +pubkeys_h = $(addprefix SSSD_test_intermediate_CA_cert_pubsshkey_,$(addsuffix .h,$(ids))) +pkcs12 = $(addprefix SSSD_test_intermediate_CA_cert_pkcs12_,$(addsuffix .pem,$(ids))) + +extra = softhsm2_intermediate_one + +# If openssl is run in parallel there might be conflicts with the serial +.NOTPARALLEL: + +ca_all: clean SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_full_db.pem $(certs) $(certs_h) $(pubkeys) $(pubkeys_h) $(pkcs12) $(extra) + +$(pwdfile): + @echo "123456" > $@ + +SSSD_test_CA.pem: + $(MAKE) -C $(builddir)/.. SSSD_test_CA.pem + ln -s $(builddir)/../$@ + +SSSD_test_intermediate_CA_req.pem: $(openssl_intermediate_ca_key) $(openssl_intermediate_ca_config) SSSD_test_CA.pem + $(OPENSSL) req -batch -config ${openssl_intermediate_ca_config} -new -nodes -key $< -sha256 -extensions v3_ca -out $@ + +SSSD_test_intermediate_CA.pem: SSSD_test_intermediate_CA_req.pem $(openssl_root_ca_config) $(openssl_root_ca_key) + cd .. && $(OPENSSL) ca -config ${openssl_root_ca_config} -batch -notext -keyfile $(openssl_root_ca_key) -in $(abs_builddir)/$< -days 200 -extensions v3_intermediate_ca -out $(abs_builddir)/$@ + +SSSD_test_intermediate_CA_full_db.pem: SSSD_test_CA.pem SSSD_test_intermediate_CA.pem + cat $^ > $@ + +SSSD_test_intermediate_CA_cert_req_%.pem: $(srcdir)/SSSD_test_intermediate_CA_cert_key_%.pem $(srcdir)/SSSD_test_intermediate_CA_cert_%.config + $(OPENSSL) req -new -nodes -key $< -reqexts req_exts -config $(srcdir)/SSSD_test_intermediate_CA_cert_$*.config -out $@ + +SSSD_test_intermediate_CA_cert_x509_%.pem: SSSD_test_intermediate_CA_cert_req_%.pem $(openssl_intermediate_ca_config) SSSD_test_intermediate_CA.pem serial + $(OPENSSL) ca -config ${openssl_intermediate_ca_config} -batch -notext -keyfile $(openssl_intermediate_ca_key) -in $< -days 200 -extensions usr_cert -out $@ + +SSSD_test_intermediate_CA_cert_pkcs12_%.pem: SSSD_test_intermediate_CA_cert_x509_%.pem $(srcdir)/SSSD_test_intermediate_CA_cert_key_%.pem $(pwdfile) + $(OPENSSL) pkcs12 -export -in SSSD_test_intermediate_CA_cert_x509_$*.pem -inkey $(srcdir)/SSSD_test_intermediate_CA_cert_key_$*.pem -nodes -passout file:$(pwdfile) -out $@ + +SSSD_test_intermediate_CA_cert_pubkey_%.pem: SSSD_test_intermediate_CA_cert_x509_%.pem + $(OPENSSL) x509 -in $< -pubkey -noout > $@ + +SSSD_test_intermediate_CA_cert_pubsshkey_%.pub: SSSD_test_intermediate_CA_cert_pubkey_%.pem + $(SSH_KEYGEN) -i -m PKCS8 -f $< > $@ + +SSSD_test_intermediate_CA_cert_x509_%.h: SSSD_test_intermediate_CA_cert_x509_%.pem + @echo "#define SSSD_TEST_INTERMEDIATE_CA_CERT_$* \""$(shell cat $< |openssl x509 -outform der | base64 -w 0)"\"" > $@ + +SSSD_test_intermediate_CA_cert_pubsshkey_%.h: SSSD_test_intermediate_CA_cert_pubsshkey_%.pub + @echo "#define SSSD_TEST_INTERMEDIATE_CA_CERT_SSH_KEY_$* \""$(shell cut -d' ' -f2 $<)"\"" > $@ + + +softhsm2_intermediate_one: softhsm2_intermediate_one.conf + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test intermediate CA Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_intermediate_CA_cert_x509_0001.pem --login --label 'SSSD test intermediate cert 0001' --id '190E513C9A3DFAACDE5D2D0592F0FDFF559C10CB' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_intermediate_CA_cert_key_0001.pem --login --label 'SSSD test intermediate cert 0001' --id '190E513C9A3DFAACDE5D2D0592F0FDFF559C10CB' + +softhsm2_intermediate_one.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/intermediate_CA/softhsm2_intermediate_one" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +CLEANFILES = \ + index.txt index.txt.attr \ + index.txt.attr.old index.txt.old \ + SSSD_test_intermediate_CA.pem \ + SSSD_test_intermediate_CA_req.pem \ + SSSD_test_intermediate_CA_full_db.pem \ + SSSD_test_CA.pem \ + $(pwdfile) \ + $(certs) $(certs_h) $(pubkeys) $(pubkeys_h) $(pkcs12) \ + softhsm2_*.conf \ + $(NULL) + +clean-local: + rm -rf newcerts + rm -rf softhsm* + rm -rf serial* + +serial: + mkdir -p newcerts + touch index.txt + touch index.txt.attr + echo -n 01 > serial diff --git a/src/tests/test_CA/intermediate_CA/Makefile.in b/src/tests/test_CA/intermediate_CA/Makefile.in new file mode 100644 index 0000000..06be94a --- /dev/null +++ b/src/tests/test_CA/intermediate_CA/Makefile.in @@ -0,0 +1,812 @@ +# Makefile.in generated by automake 1.16.5 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2021 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/tests/test_CA/intermediate_CA +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/version.m4 $(top_srcdir)/src/build_macros.m4 \ + $(top_srcdir)/src/external/platform.m4 \ + $(top_srcdir)/src/conf_macros.m4 \ + $(top_srcdir)/src/external/pkg.m4 \ + $(top_srcdir)/src/external/libpopt.m4 \ + $(top_srcdir)/src/external/libtalloc.m4 \ + $(top_srcdir)/src/external/libtdb.m4 \ + $(top_srcdir)/src/external/libtevent.m4 \ + $(top_srcdir)/src/external/libldb.m4 \ + $(top_srcdir)/src/external/libdhash.m4 \ + $(top_srcdir)/src/external/libini_config.m4 \ + $(top_srcdir)/src/external/libgssapi_krb5.m4 \ + $(top_srcdir)/src/external/pam.m4 \ + $(top_srcdir)/src/external/ldap.m4 \ + $(top_srcdir)/src/external/libpcre.m4 \ + $(top_srcdir)/src/external/krb5.m4 \ + $(top_srcdir)/src/external/libcares.m4 \ + $(top_srcdir)/src/external/libcmocka.m4 \ + $(top_srcdir)/src/external/docbook.m4 \ + $(top_srcdir)/src/external/sizes.m4 \ + $(top_srcdir)/src/external/python.m4 \ + $(top_srcdir)/src/external/selinux.m4 \ + $(top_srcdir)/src/external/crypto.m4 \ + $(top_srcdir)/src/external/nsupdate.m4 \ + $(top_srcdir)/src/external/libkeyutils.m4 \ + $(top_srcdir)/src/external/libkrad.m4 \ + $(top_srcdir)/src/external/libnl.m4 \ + $(top_srcdir)/src/external/systemd.m4 \ + $(top_srcdir)/src/external/pac_responder.m4 \ + $(top_srcdir)/src/external/cifsidmap.m4 \ + $(top_srcdir)/src/external/signal.m4 \ + $(top_srcdir)/src/external/inotify.m4 \ + $(top_srcdir)/src/external/samba.m4 \ + $(top_srcdir)/src/external/sasl.m4 \ + $(top_srcdir)/src/external/libnfsidmap.m4 \ + $(top_srcdir)/src/external/cwrap.m4 \ + $(top_srcdir)/src/external/libresolv.m4 \ + $(top_srcdir)/src/external/intgcheck.m4 \ + $(top_srcdir)/src/external/systemtap.m4 \ + $(top_srcdir)/src/external/service.m4 \ + $(top_srcdir)/src/external/test_ca.m4 \ + $(top_srcdir)/src/external/ax_valgrind_check.m4 \ + $(top_srcdir)/src/external/libjansson.m4 \ + $(top_srcdir)/src/external/libcurl.m4 \ + $(top_srcdir)/src/external/libjose.m4 \ + $(top_srcdir)/src/external/libuuid.m4 \ + $(top_srcdir)/src/external/libunistring.m4 \ + $(top_srcdir)/src/external/libpasskey.m4 \ + $(top_srcdir)/src/external/p11-kit.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_noinst_DATA) \ + $(am__DIST_COMMON) +mkinstalldirs = $(SHELL) $(top_srcdir)/build/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +DATA = $(dist_noinst_DATA) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build/mkinstalldirs +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CARES_CFLAGS = @CARES_CFLAGS@ +CARES_LIBS = @CARES_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYPTO_CFLAGS = @CRYPTO_CFLAGS@ +CRYPTO_LIBS = @CRYPTO_LIBS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ +CURL_CFLAGS = @CURL_CFLAGS@ +CURL_LIBS = @CURL_LIBS@ +CYGPATH_W = @CYGPATH_W@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DHASH_CFLAGS = @DHASH_CFLAGS@ +DHASH_LIBS = @DHASH_LIBS@ +DLLTOOL = @DLLTOOL@ +DOCBOOK_XSLT = @DOCBOOK_XSLT@ +DOXYGEN = @DOXYGEN@ +DSYMUTIL = @DSYMUTIL@ +DTRACE = @DTRACE@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +ENABLE_VALGRIND_drd = @ENABLE_VALGRIND_drd@ +ENABLE_VALGRIND_helgrind = @ENABLE_VALGRIND_helgrind@ +ENABLE_VALGRIND_memcheck = @ENABLE_VALGRIND_memcheck@ +ENABLE_VALGRIND_sgcheck = @ENABLE_VALGRIND_sgcheck@ +ETAGS = @ETAGS@ +EXEEXT = @EXEEXT@ +FAKETIME = @FAKETIME@ +FGREP = @FGREP@ +FIDO2_CFLAGS = @FIDO2_CFLAGS@ +FIDO2_LIBS = @FIDO2_LIBS@ +FILECMD = @FILECMD@ +GDM_PAM_EXTENSIONS_CFLAGS = @GDM_PAM_EXTENSIONS_CFLAGS@ +GDM_PAM_EXTENSIONS_LIBS = @GDM_PAM_EXTENSIONS_LIBS@ +GMSGFMT = @GMSGFMT@ +GPO_DEFAULT = @GPO_DEFAULT@ +GREP = @GREP@ +GSSAPI_KRB5_CFLAGS = @GSSAPI_KRB5_CFLAGS@ +GSSAPI_KRB5_LIBS = @GSSAPI_KRB5_LIBS@ +HAVE_FAKEROOT = @HAVE_FAKEROOT@ +HAVE_LDAPMODIFY = @HAVE_LDAPMODIFY@ +HAVE_MANPAGES = @HAVE_MANPAGES@ +HAVE_NSS_WRAPPER = @HAVE_NSS_WRAPPER@ +HAVE_PAM_WRAPPER = @HAVE_PAM_WRAPPER@ +HAVE_PYTHON2 = @HAVE_PYTHON2@ +HAVE_PYTHON2_BINDINGS = @HAVE_PYTHON2_BINDINGS@ +HAVE_PYTHON3 = @HAVE_PYTHON3@ +HAVE_PYTHON3_BINDINGS = @HAVE_PYTHON3_BINDINGS@ +HAVE_SELINUX = @HAVE_SELINUX@ +HAVE_SEMANAGE = @HAVE_SEMANAGE@ +HAVE_UID_WRAPPER = @HAVE_UID_WRAPPER@ +INI_CONFIG_CFLAGS = @INI_CONFIG_CFLAGS@ +INI_CONFIG_LIBS = @INI_CONFIG_LIBS@ +INI_CONFIG_V0_CFLAGS = @INI_CONFIG_V0_CFLAGS@ +INI_CONFIG_V0_LIBS = @INI_CONFIG_V0_LIBS@ +INI_CONFIG_V1_1_CFLAGS = @INI_CONFIG_V1_1_CFLAGS@ +INI_CONFIG_V1_1_LIBS = @INI_CONFIG_V1_1_LIBS@ +INI_CONFIG_V1_3_CFLAGS = @INI_CONFIG_V1_3_CFLAGS@ +INI_CONFIG_V1_3_LIBS = @INI_CONFIG_V1_3_LIBS@ +INI_CONFIG_V1_CFLAGS = @INI_CONFIG_V1_CFLAGS@ +INI_CONFIG_V1_LIBS = @INI_CONFIG_V1_LIBS@ +INOTIFY_LIBS = @INOTIFY_LIBS@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +JANSSON_CFLAGS = @JANSSON_CFLAGS@ +JANSSON_LIBS = @JANSSON_LIBS@ +JOSE_CFLAGS = @JOSE_CFLAGS@ +JOSE_LIBS = @JOSE_LIBS@ +JOURNALD_CFLAGS = @JOURNALD_CFLAGS@ +JOURNALD_LIBS = @JOURNALD_LIBS@ +KEYUTILS_LIBS = @KEYUTILS_LIBS@ +KRAD_LIBS = @KRAD_LIBS@ +KRB5_CFLAGS = @KRB5_CFLAGS@ +KRB5_CONFIG = @KRB5_CONFIG@ +KRB5_LIBS = @KRB5_LIBS@ +LD = @LD@ +LDB_CFLAGS = @LDB_CFLAGS@ +LDB_LIBS = @LDB_LIBS@ +LDFLAGS = @LDFLAGS@ +LIBADD_DL = @LIBADD_DL@ +LIBADD_DLD_LINK = @LIBADD_DLD_LINK@ +LIBADD_DLOPEN = @LIBADD_DLOPEN@ +LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@ +LIBADD_TIMER = @LIBADD_TIMER@ +LIBCLOCK_GETTIME = @LIBCLOCK_GETTIME@ +LIBICONV = @LIBICONV@ +LIBINTL = @LIBINTL@ +LIBNL1_CFLAGS = @LIBNL1_CFLAGS@ +LIBNL1_LIBS = @LIBNL1_LIBS@ +LIBNL3_CFLAGS = @LIBNL3_CFLAGS@ +LIBNL3_LIBS = @LIBNL3_LIBS@ +LIBNL_CFLAGS = @LIBNL_CFLAGS@ +LIBNL_LIBS = @LIBNL_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBOBJS = @LTLIBOBJS@ +LT_DLLOADERS = @LT_DLLOADERS@ +LT_DLPREOPEN = @LT_DLPREOPEN@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGMERGE = @MSGMERGE@ +NDR_KRB5PAC_CFLAGS = @NDR_KRB5PAC_CFLAGS@ +NDR_KRB5PAC_LIBS = @NDR_KRB5PAC_LIBS@ +NDR_NBT_CFLAGS = @NDR_NBT_CFLAGS@ +NDR_NBT_LIBS = @NDR_NBT_LIBS@ +NFSIDMAP_CFLAGS = @NFSIDMAP_CFLAGS@ +NFSIDMAP_LIBS = @NFSIDMAP_LIBS@ +NFSIDMAP_OBJ = @NFSIDMAP_OBJ@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NSUPDATE = @NSUPDATE@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENLDAP_CFLAGS = @OPENLDAP_CFLAGS@ +OPENLDAP_LIBS = @OPENLDAP_LIBS@ +OPENSSL = @OPENSSL@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11TOOL = @P11TOOL@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_LIBS = @PAM_LIBS@ +PAM_MISC_LIBS = @PAM_MISC_LIBS@ +PASSKEY_CFLAGS = @PASSKEY_CFLAGS@ +PASSKEY_LIBS = @PASSKEY_LIBS@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PCRE_CFLAGS = @PCRE_CFLAGS@ +PCRE_LIBS = @PCRE_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PO4A = @PO4A@ +POPT_CFLAGS = @POPT_CFLAGS@ +POPT_LIBS = @POPT_LIBS@ +POSUB = @POSUB@ +PRERELEASE_VERSION = @PRERELEASE_VERSION@ +PYTHON = @PYTHON@ +PYTHON2 = @PYTHON2@ +PYTHON2_CFLAGS = @PYTHON2_CFLAGS@ +PYTHON2_EXEC_PREFIX = @PYTHON2_EXEC_PREFIX@ +PYTHON2_INCLUDES = @PYTHON2_INCLUDES@ +PYTHON2_LIBS = @PYTHON2_LIBS@ +PYTHON2_PREFIX = @PYTHON2_PREFIX@ +PYTHON2_VERSION = @PYTHON2_VERSION@ +PYTHON3 = @PYTHON3@ +PYTHON3_CFLAGS = @PYTHON3_CFLAGS@ +PYTHON3_EXEC_PREFIX = @PYTHON3_EXEC_PREFIX@ +PYTHON3_INCLUDES = @PYTHON3_INCLUDES@ +PYTHON3_LIBS = @PYTHON3_LIBS@ +PYTHON3_PREFIX = @PYTHON3_PREFIX@ +PYTHON3_VERSION = @PYTHON3_VERSION@ +PYTHON_CONFIG = @PYTHON_CONFIG@ +PYTHON_EXEC = @PYTHON_EXEC@ +PYTHON_EXEC_INTG = @PYTHON_EXEC_INTG@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +RESOLV_CFLAGS = @RESOLV_CFLAGS@ +RESOLV_LIBS = @RESOLV_LIBS@ +SAMBA_UTIL_CFLAGS = @SAMBA_UTIL_CFLAGS@ +SAMBA_UTIL_LIBS = @SAMBA_UTIL_LIBS@ +SASL_CFLAGS = @SASL_CFLAGS@ +SASL_LIBS = @SASL_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SEMANAGE_LIBS = @SEMANAGE_LIBS@ +SERVICE = @SERVICE@ +SET_MAKE = @SET_MAKE@ +SGML_CATALOG_FILES = @SGML_CATALOG_FILES@ +SHELL = @SHELL@ +SLAPD = @SLAPD@ +SMBCLIENT_CFLAGS = @SMBCLIENT_CFLAGS@ +SMBCLIENT_LIBS = @SMBCLIENT_LIBS@ +SOFTHSM2_PATH = @SOFTHSM2_PATH@ +SOFTHSM2_UTIL = @SOFTHSM2_UTIL@ +SSH_KEYGEN = @SSH_KEYGEN@ +SSL_CFLAGS = @SSL_CFLAGS@ +SSL_LIBS = @SSL_LIBS@ +SSSD_USER = @SSSD_USER@ +STRIP = @STRIP@ +SYSTEMD_DAEMON_CFLAGS = @SYSTEMD_DAEMON_CFLAGS@ +SYSTEMD_DAEMON_LIBS = @SYSTEMD_DAEMON_LIBS@ +SYSTEMD_LOGIN_CFLAGS = @SYSTEMD_LOGIN_CFLAGS@ +SYSTEMD_LOGIN_LIBS = @SYSTEMD_LOGIN_LIBS@ +TALLOC_CFLAGS = @TALLOC_CFLAGS@ +TALLOC_LIBS = @TALLOC_LIBS@ +TDB_CFLAGS = @TDB_CFLAGS@ +TDB_LIBS = @TDB_LIBS@ +TEST_DIR = @TEST_DIR@ +TEVENT_CFLAGS = @TEVENT_CFLAGS@ +TEVENT_LIBS = @TEVENT_LIBS@ +UNICODE_LIBS = @UNICODE_LIBS@ +USE_NLS = @USE_NLS@ +UUID_CFLAGS = @UUID_CFLAGS@ +UUID_LIBS = @UUID_LIBS@ +VALGRIND = @VALGRIND@ +VALGRIND_ENABLED = @VALGRIND_ENABLED@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XMLLINT = @XMLLINT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +appmodpath = @appmodpath@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +cifspluginpath = @cifspluginpath@ +config_def_ccache_dir = @config_def_ccache_dir@ +config_def_ccname_template = @config_def_ccname_template@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbpath = @dbpath@ +docdir = @docdir@ +dvidir = @dvidir@ +environment_file = @environment_file@ +exec_prefix = @exec_prefix@ +gpocachepath = @gpocachepath@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +initdir = @initdir@ +install_sh = @install_sh@ +krb5authdatapluginpath = @krb5authdatapluginpath@ +krb5pluginpath = @krb5pluginpath@ +krb5rcachedir = @krb5rcachedir@ +ldblibdir = @ldblibdir@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +logpath = @logpath@ +mandir = @mandir@ +mcpath = @mcpath@ +mkdir_p = @mkdir_p@ +nfsidmaplibdir = @nfsidmaplibdir@ +nfslibpath = @nfslibpath@ +nsslibdir = @nsslibdir@ +oldincludedir = @oldincludedir@ +pammoddir = @pammoddir@ +pdfdir = @pdfdir@ +pidpath = @pidpath@ +pipepath = @pipepath@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pluginpath = @pluginpath@ +polkitdir = @polkitdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pubconfpath = @pubconfpath@ +py2execdir = @py2execdir@ +py3execdir = @py3execdir@ +pyexecdir = @pyexecdir@ +python2dir = @python2dir@ +python3dir = @python3dir@ +pythondir = @pythondir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +secdbpath = @secdbpath@ +session_recording_shell = @session_recording_shell@ +sharedbuilddir = @sharedbuilddir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subidlibpath = @subidlibpath@ +sudolibpath = @sudolibpath@ +sysconfdir = @sysconfdir@ +systemdconfdir = @systemdconfdir@ +systemdunitdir = @systemdunitdir@ +tapset_dir = @tapset_dir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +valgrind_enabled_tools = @valgrind_enabled_tools@ +valgrind_tools = @valgrind_tools@ +winbindpluginpath = @winbindpluginpath@ +dist_noinst_DATA = \ + SSSD_test_intermediate_CA.config \ + SSSD_test_intermediate_CA_key.pem \ + SSSD_test_intermediate_CA_cert_0001.config \ + SSSD_test_intermediate_CA_cert_key_0001.pem + +openssl_root_ca_config = $(abs_srcdir)/../SSSD_test_CA.config +openssl_root_ca_key = $(abs_srcdir)/../SSSD_test_CA_key.pem +openssl_intermediate_ca_config = $(srcdir)/SSSD_test_intermediate_CA.config +openssl_intermediate_ca_key = $(abs_srcdir)/SSSD_test_intermediate_CA_key.pem +pwdfile = pwdfile +configs := $(notdir $(wildcard $(srcdir)/SSSD_test_intermediate_CA_cert_*.config)) +ids := $(subst SSSD_test_intermediate_CA_cert_,,$(basename $(configs))) +certs = $(addprefix SSSD_test_intermediate_CA_cert_x509_,$(addsuffix .pem,$(ids))) +certs_h = $(addprefix SSSD_test_intermediate_CA_cert_x509_,$(addsuffix .h,$(ids))) +pubkeys = $(addprefix SSSD_test_intermediate_CA_cert_pubsshkey_,$(addsuffix .pub,$(ids))) +pubkeys_h = $(addprefix SSSD_test_intermediate_CA_cert_pubsshkey_,$(addsuffix .h,$(ids))) +pkcs12 = $(addprefix SSSD_test_intermediate_CA_cert_pkcs12_,$(addsuffix .pem,$(ids))) +extra = softhsm2_intermediate_one +CLEANFILES = \ + index.txt index.txt.attr \ + index.txt.attr.old index.txt.old \ + SSSD_test_intermediate_CA.pem \ + SSSD_test_intermediate_CA_req.pem \ + SSSD_test_intermediate_CA_full_db.pem \ + SSSD_test_CA.pem \ + $(pwdfile) \ + $(certs) $(certs_h) $(pubkeys) $(pubkeys_h) $(pkcs12) \ + softhsm2_*.conf \ + $(NULL) + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/tests/test_CA/intermediate_CA/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign src/tests/test_CA/intermediate_CA/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(DATA) +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + clean-local cscopelist-am ctags-am distclean distclean-generic \ + distclean-libtool distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +# If openssl is run in parallel there might be conflicts with the serial +.NOTPARALLEL: + +ca_all: clean SSSD_test_intermediate_CA.pem SSSD_test_intermediate_CA_full_db.pem $(certs) $(certs_h) $(pubkeys) $(pubkeys_h) $(pkcs12) $(extra) + +$(pwdfile): + @echo "123456" > $@ + +SSSD_test_CA.pem: + $(MAKE) -C $(builddir)/.. SSSD_test_CA.pem + ln -s $(builddir)/../$@ + +SSSD_test_intermediate_CA_req.pem: $(openssl_intermediate_ca_key) $(openssl_intermediate_ca_config) SSSD_test_CA.pem + $(OPENSSL) req -batch -config ${openssl_intermediate_ca_config} -new -nodes -key $< -sha256 -extensions v3_ca -out $@ + +SSSD_test_intermediate_CA.pem: SSSD_test_intermediate_CA_req.pem $(openssl_root_ca_config) $(openssl_root_ca_key) + cd .. && $(OPENSSL) ca -config ${openssl_root_ca_config} -batch -notext -keyfile $(openssl_root_ca_key) -in $(abs_builddir)/$< -days 200 -extensions v3_intermediate_ca -out $(abs_builddir)/$@ + +SSSD_test_intermediate_CA_full_db.pem: SSSD_test_CA.pem SSSD_test_intermediate_CA.pem + cat $^ > $@ + +SSSD_test_intermediate_CA_cert_req_%.pem: $(srcdir)/SSSD_test_intermediate_CA_cert_key_%.pem $(srcdir)/SSSD_test_intermediate_CA_cert_%.config + $(OPENSSL) req -new -nodes -key $< -reqexts req_exts -config $(srcdir)/SSSD_test_intermediate_CA_cert_$*.config -out $@ + +SSSD_test_intermediate_CA_cert_x509_%.pem: SSSD_test_intermediate_CA_cert_req_%.pem $(openssl_intermediate_ca_config) SSSD_test_intermediate_CA.pem serial + $(OPENSSL) ca -config ${openssl_intermediate_ca_config} -batch -notext -keyfile $(openssl_intermediate_ca_key) -in $< -days 200 -extensions usr_cert -out $@ + +SSSD_test_intermediate_CA_cert_pkcs12_%.pem: SSSD_test_intermediate_CA_cert_x509_%.pem $(srcdir)/SSSD_test_intermediate_CA_cert_key_%.pem $(pwdfile) + $(OPENSSL) pkcs12 -export -in SSSD_test_intermediate_CA_cert_x509_$*.pem -inkey $(srcdir)/SSSD_test_intermediate_CA_cert_key_$*.pem -nodes -passout file:$(pwdfile) -out $@ + +SSSD_test_intermediate_CA_cert_pubkey_%.pem: SSSD_test_intermediate_CA_cert_x509_%.pem + $(OPENSSL) x509 -in $< -pubkey -noout > $@ + +SSSD_test_intermediate_CA_cert_pubsshkey_%.pub: SSSD_test_intermediate_CA_cert_pubkey_%.pem + $(SSH_KEYGEN) -i -m PKCS8 -f $< > $@ + +SSSD_test_intermediate_CA_cert_x509_%.h: SSSD_test_intermediate_CA_cert_x509_%.pem + @echo "#define SSSD_TEST_INTERMEDIATE_CA_CERT_$* \""$(shell cat $< |openssl x509 -outform der | base64 -w 0)"\"" > $@ + +SSSD_test_intermediate_CA_cert_pubsshkey_%.h: SSSD_test_intermediate_CA_cert_pubsshkey_%.pub + @echo "#define SSSD_TEST_INTERMEDIATE_CA_CERT_SSH_KEY_$* \""$(shell cut -d' ' -f2 $<)"\"" > $@ + +softhsm2_intermediate_one: softhsm2_intermediate_one.conf + mkdir $@ + SOFTHSM2_CONF=./$< $(SOFTHSM2_UTIL) --init-token --label "SSSD Test intermediate CA Token" --pin 123456 --so-pin 123456 --free + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --no-mark-private --load-certificate=SSSD_test_intermediate_CA_cert_x509_0001.pem --login --label 'SSSD test intermediate cert 0001' --id '190E513C9A3DFAACDE5D2D0592F0FDFF559C10CB' + GNUTLS_PIN=123456 SOFTHSM2_CONF=./$< $(P11TOOL) --provider=$(SOFTHSM2_PATH) --write --load-privkey=$(srcdir)/SSSD_test_intermediate_CA_cert_key_0001.pem --login --label 'SSSD test intermediate cert 0001' --id '190E513C9A3DFAACDE5D2D0592F0FDFF559C10CB' + +softhsm2_intermediate_one.conf: + @echo "directories.tokendir = "$(abs_top_builddir)"/src/tests/test_CA/intermediate_CA/softhsm2_intermediate_one" > $@ + @echo "objectstore.backend = file" >> $@ + @echo "slots.removable = true" >> $@ + +clean-local: + rm -rf newcerts + rm -rf softhsm* + rm -rf serial* + +serial: + mkdir -p newcerts + touch index.txt + touch index.txt.attr + echo -n 01 > serial + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.config b/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.config new file mode 100644 index 0000000..38033fc --- /dev/null +++ b/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA.config @@ -0,0 +1,53 @@ +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = . +database = $dir/index.txt +new_certs_dir = $dir/newcerts + +certificate = $dir/SSSD_test_intermediate_CA.pem +serial = $dir/serial +private_key = $dir/SSSD_test_intermediate_CA_key.pem +RANDFILE = $dir/rand + +default_days = 365 +default_crl_days = 30 +default_md = sha256 + +policy = policy_any +email_in_dn = no + +name_opt = ca_default +cert_opt = ca_default +copy_extensions = copy + +[ usr_cert ] +authorityKeyIdentifier = keyid, issuer + +[ v3_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ policy_any ] +organizationName = supplied +organizationalUnitName = supplied +commonName = supplied +emailAddress = optional + +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +O = SSSD +OU = SSSD test +CN = SSSD test intermediate CA diff --git a/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_cert_0001.config b/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_cert_0001.config new file mode 100644 index 0000000..5797839 --- /dev/null +++ b/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_cert_0001.config @@ -0,0 +1,20 @@ +# This certificate is used in +# - src/tests/cmocka/test_cert_utils.c +# - src/tests/cmocka/test_pam_srv.c +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +O = SSSD +OU = SSSD test intermediate CA +CN = SSSD test intermediate cert 0001 + +[ req_exts ] +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "SSSD test intermediate CA trusted Certificate" +subjectKeyIdentifier = hash +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection +subjectAltName = email:sssd-devel@lists.fedorahosted.org,URI:https://github.com/SSSD/sssd/ diff --git a/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_cert_key_0001.pem b/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_cert_key_0001.pem new file mode 100644 index 0000000..ca8a5a0 --- /dev/null +++ b/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_cert_key_0001.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCtx1CfGEY/kbwb +3Nx7h8WKSH1AHby3KXn+64p+sSrf1J2naIFKdA6Wdu7k1GX2UTbIo0rQ8WTbyEtD +SvENE34/qCTn4eCn6YcHAF1OBOa3jctrYCgpxdbKT1/ZlcquWMY9zYxANlfRAgPo +qcgKIjcG9MSX2RWqXp9PmvzSDyknkzWX3QfFJd39EwXuqE0fecw3PpnCi0p87Lyg +WlUO3dGeW9PcFsfC8tl6bb1InxX+83s/+NTDAxvJXiInPlpamtvoNqcWfFrW9YgG +mSemEt5uzeKJd7nBE2UaqFwtn53SLrV600Es1PNgm/PQ5saW7Cm7STYUr92WpQov +Sf65Q34aVTnaPpkN5bguEG+ZeqZLMmNb/DDpq5DuTgxqe13fvOr/PiIsB3oWwpGn +BDM77ajFXpT7by1D48cQbxGVAgWFeh18tbZra8sEsgtyT4wleh5rnKYLFZdbjgz5 +MFGgHcV5g94ZNF5JhdsUJwqaGuHxs4pEVaT13mLTDLf4pe9BCa+6faKcnaKCWmxV +22d2sgjEu0Y0kgZjSAI4qyGXGwAIVw0WLX8oaSyvGfr4F/speVAzaDmx1n2P3yBy +Ke7L/w1fMq97fRgtvb21qACI5w/2+AO5FOqo2iCY0EwEvY3RHtt/fG7vVfGIHyED +XeXI6POOZxl5Ar4ipXr4tz2gZfEY9wIDAQABAoICACs6rNyW3krMBx5rR9HXCZYH +yFidzSdHQxjeITq4+fBqZLmTbq5Fxqc5eN4l1CN9OoKY1HC7zBo8bjSUPPjCw6I0 +QtIIR6mdl0Bvn8Zbw8Ufmd3hMryJgZAcRLzM3XmXjeEr89q5agkNVkmXirKypjut +wgYAM7qJBVp5NLFQoi09GpTnoBoz/FALXmtrJJxS4TFQ+lEB84q2HYpKTmR/W7jo +IQDcDd96KA2jpPWe1YrxqNRWIx9L86qZJyfaBAIMCe5vQgt+7d4RgEAb81gF051+ +y/7kcKoOGBWUkjGrRkhV5EFksg7j/pMm2HU8I2TB5PO5F6H3ycjCz5DJ+Hq/xmt/ +meBLHYQi8vLUR9bQHAYxiSbujabQymW37OOwuQG/j1kULafthIEOaq9ImKPWWNWG +ZhjHOFFVKfLyBVNnOSv/tJq4d7eCexAyFFmneO5ZFAMeELl6l7WDtAONV9JM8kw1 +GLvoJ0wZ6IDNk5bprFKseTxFXmkMLnHr6NcErxBvrnjfEXQzwROFjhsXYlVBiSJX +UyTus+dqJ0ferHhAFgEZXqUeoO47lQarKNkJmSxDmr6WJngX3+j76nhD6wyzXkyH +s9sudDDwdIhlTk/lGMw/3tLnbip/pXY13tAGxMNL9O40LkUQde0NEG4N5ruOHta1 +u9QlyjDqYQ4T/iHicSkBAoIBAQDWgTK4e/9lLnKVdtntZACqPaHw7EcMJ6hNh2VB +yCbvsOsMXyfLjLK+unJ23Y10iH8gRWRtqXSUIBjnuItvJDEbqOLGKEPN9dKI1o8C +Jmxfoe2KlmUSKU5Y1iGDd4GM1wwTqsrZg3ABo1SzEOp6UL8R7UtyLLW/xlwz6dZx +w9MKiG+N3s6cSI+spHeGWwfnNbnMG15p/0s4NYG/Nek0Z8AbyD7l3oCddO65UQPL +o6DWEwUj+BHR5VzI/6aNfIrL4+1H7Y/YIaAQsmglVLkBhlYDa3o3W96C7/d/lzTs +hjZzBNQZ9Ics2hEmv+bgs+/ZMe5ACL6Guu6fM60I7NrOEu93AoIBAQDPZUJmKWEX +NBP2CdTMWsxWMR6XtAokqRCzxXRPuvYMeb421oB4eEmCnK+wDe3tfNvu1IKGU4P6 +Yeu0gRqWN0A5c1qnLMx9tkBKhN2W4GEPBIl4LYWlMgjSAy1Dv5puoJ5YhZJ1f8E0 +oJlPYc1xQF7yg7n1aDosuFm6iMa2R8Vixb1CSvP4kbgpMY2AyhhF2S8zOwmhydoV +IK0Xqa6tWtGzwlwuvPQqUnMqMvTnUtc/nxFkIb6yC7XYUL+TqeEf5Q/GiooEKYyl +J220D30/THYnwLL3e1H7nOLmYied06SlldizYulxy4TN7XWktLTahKuvXxYhh1Rt +AW1s1Q2AlIKBAoIBAQCicZ9WpNjp6D3wQNyS8ZurURd1m4nGg7XqWLHvGkOaW5H1 +gY5ikP/AfvQ2XlxEtyYG62Y9wgm+L3yM52340iC6gLCUPmPy8snoxQvyJeUGm1uI +C5MpKMzja+5fYD5kyWqk7j/Gb8qAAxAet53K2aGJUvpC0ecl/3NOATVcXF9TZ7WL +bANtyWm85aR6xC99AmvdTZC3lxWA0MycYJhmDngm0gQIEvO1ypsLDnZgXl9sH2VS +MwhTu24D7c9U8M8vz0GfqiG4HObaHjHOq5WbuP8kgd1BVTpyUIZPQtRalt1fR3XU +3iEMb2xzuvp+iuYFxtFV/wlCgQg62midDLo7O43LAoIBAQCMSbeXeYgWdQDHnjDW +ptivuPwzq/Jsh/wnTnp18Ea9e6CCYah3VQ6MjkZ9NX7q9Vmj/RXpnRaaSKBy8h20 +3NzRv8jjandM1fo5LhTiGRcuXGhM5aYQb37t6H425KWnDXju8jN2zZs4aSYrP0ID +yIIxU493hDBNzcnMVvbrmDLZtF5oOGE9k/xZyQ4pvwqaPOYjplzGls6xGfBcIEhr +NRLCoMdQSjpzYmBKfDuTOkMl4wiVjgn7T9aK41wjm3cP5xc7urzPQffEQ55+fTfA +mI0YKM4mf8GeDKqjImQf62jlJS53cYHtmrhTv7ujVSU85x9nOk+zEGK4dY26X4eJ +oWuBAoIBAQCW73dNVoFlf0uY+ffXqYvneY6NTURuCJHNdmzvoh70tqrFCmAQ2s5X +KgJdpan4fRxfM9Y+HucIK5qhl/qdIA58QlxZV8qNMSbIH6fQbCzugKWp6WAOddof +JDg0k6Aq3RUlveRW0AS+DKcCRHfOXJuJlkqhL72EjEkMDG7/HvfKKGbp5FAjEaYZ +Te6O7qNQouM2aVcH+F2jQyo3OxouSWPFnSDH8mTwQWkQ7zzYFSPr4ZxohZRi1bRg +pWDoCTeYqJCrK50dK3MVFz2+3PNiB+I04gGPmWhrOlhQa/jhHOOh5xIiscgLSGav +R3E0tlcatxgHoASu3vVk7OwL0QhTuEXz +-----END PRIVATE KEY----- diff --git a/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem b/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem new file mode 100644 index 0000000..a6a9b67 --- /dev/null +++ b/src/tests/test_CA/intermediate_CA/SSSD_test_intermediate_CA_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDKRmBGEP/6Dq6e +Z8QwwgUzO/CS89qjYgpAniDTbLleLAKeUAZxncBIt542SHnPOP+qHwke2/vCCE5v +Guuhs4qn9giBqP7KZ+VsNj9HM+6IewCkg2/QgC/O5hYeTyU41wZcslG2SCzlNy90 +0n280tyIUAlyNHglNDyF7Cf6A4QgNvi6Vi8i2ipFrkN+yOgZHizl7GCNO33F7SSn +CWk93eoqUcBdsl9zNyP3kCYM1LQcIAzS2/b11Ai/eWi5FIqGJasMxHfPQ0Vdw9LG +2yTeKR8Ej/onz9Y56O6xEmGUqJ2Wd9k4Jtkq0HZ+T/aXufYVt40kCfnCJ6SzHbY5 +D7R+nvzu8GH4ZJV6CwgrO/lTIZhcCWxZoaJjuMrAHBX2wv946NC+JahyCTjxAuVV +itM4O9LOXMHkfYheVcXZbNZscVPB8pV0ZyjuoQsXHUSeY++lAra4XTsFBzjpXkfM +ev5wDoO2P7VCzkGjx96oOoDaJnvrtLOBK1eW0lAZDa4uQ18FrnaR+4p7T+piiOGS +xxhV5jgYDyjILZ4VlVdFow5BaGehpcirgZN7635fkYeLob5swswULIGBKoEqyhO7 +hLH2JTWKrEgkzB2B4ATNG3dQNMCzIgS6LdangCkXfpxJD/kTRqDZssKY4Gkb+7CR +4iRibSoTopUn7zkBZrBnlcrRZQtkjQIDAQABAoICAH4xBaLwvCGOw1XDutwITyI1 +hNLJG1/OrEK/5A7Cx6p+nmuR1VNQbUNwel23PXcQQkAp+JCuARR+BiC+lL5eumQq +1AfAHKS9yJ2IAlYzid7PjgkUjs9vCWR0mtvx2HDrhOaTwPKNeKTPluW05AjHLBpG +hH4hScs8GX4bZJ1PUECgyu/FEMcXgEPUgfs478Or1arjmyDBOqgeWD11W5jjN1GL +iw1pWK8SeXfbEEH0+SCKxjVOUXXwAD0kSzccH4etPFdMwsolV8M1hevVj9yhnt5D +zHbF7QpXzYHey83om9fhkTy8z8MsJqCK1na151aJGp6fMpf0D4ZHRQW4TIyqN3Tl +TdYB5Ss82GbwrK/a2+wWeMZJR7rIuguw1ptQ7VkfHA69kVzy0Q/gATZcQh8wm8KW +kfLMGxDW2WzAKw19as+TdY+r/d1g8ls+gtpWsbBLO7zcs+Ufvl9Lwbwju/qdifM9 +OYeUbS/wP7teU5QzH9cjKCyZw8VH3eOkj8xa8fJW2eL/IgXqwAaP3x2d3fEfD/QY +iCqe0RHd1stN4MjsyIgaz+fYeJ3hgqVA19AEV+/nTDRnCb8TGAsK9cb0hAIOl6pg +VsGUyKMGKHot1qfpd+GbwqNMg14kcfnHKAeEmqvpIH9EjhP5RIm7MrNKbgoegmZK +lf92fn3xneyhsgqWNdOBAoIBAQDxI/0kgTSLbJ5XhIVc5h6RKIDSFs0Hqys8v9xI +kf3/qdYHsleTDRzIS8FdOjRzxic3B52qjchBD6P926TYclwpejwX/YnopkZcRcyq +22hkkCaT0lqKBR88gpt257uC5pHxpKVD1FQMTRhMYGaWsuqpH5vJBiMcHH0ocEaM +S7t+jdzqjHRjuU5aWsJTbOsULHoXumFFPMXIt+rNl991WoyZoyuTrrLWzKQeDKVM +IpqY9W+q9NOlJRGQ9v8/ojBc09SS5ITh+LAAwKeOdMczcR1bDG4rvu9IGn0mLuML +U6QZR8jYFcv1kHfznClgK2P11TQfglj5BiZxVUrnja93/8QdAoIBAQDWvUc6DGZy +Bdf/EbV9ZNG/acXwVFNuFaYCpfWQgDnnJ0u8ooYuGnsZRTlhQCH01j9FJ/QpdgDZ +bZFG6I+34nSvkMmst2Z7HBhqWcpwCM9aI90uxlYWvs8qSq7r+CkPEqMAYdtthR1b +kn3Fopu3ocThWxHjzL5C3GRXoICmN89sQQ4rxZS8iyIh8YKeGVjhvfT+59bUK6kX +qpsCEUUZmWFQeEhdMR8F1tHIOf1WZdwC0Tjg+8cf2113Ea2xDPn5KLb8/keSBVBo +hGxW2CXM1HGAXaX9ESDr+zqgvyeNJEKcQhwBWVV32QkEAdWI/U+VkgdQtKaJHUat +Ztgb7soKZVcxAoIBAD6M/1VAzsh73HcHQTDf4H3267OThou+svCHNDT+6cwv2f0V +HfJfLGAohngQaRq/A90adKORM6jszbVEDHa4838u3fe7JNLcjtPQp06Kq4GqgtdF +cYbr3TZtCrbFVbaW6LSt6NC3ezXVqb/mIbZloslMEbULin/4Q98BgMtTuccSNYQB ++w8DOnfloxLQ5gnNn74X8rNrGEMAsj+ybZybaG1SDjO41Vsyqj/BN/+P2lpjEBxg +daYY/32DFKMFB1aM/E8+R9n2EHGhh9VEJYgKh3retpVSae9iL6R/9RUzFRYZsNec +j9ObLgJbN8BigQN70pF51mqCVeaAIXX/Is0V42ECggEATMSL4xetxBOMvVYSYMqb +JWfl6F3tGYzJtWapHEiK6rUkoUIk3/R9j3Is6jRoL0QsiEeZRP03noNKDWR0hJOD +jYQgZQuHqnlHzTVeZqDvp9TsbJ1hB26dVwwt7pPf8dCCz08sh8Gv1h3PssjIDGTb +oojRI3P9jJ+Hi8AIXePT1mqHa2SOIL1IrYPOY0DCgqlLHZm6Nk2JfLl0AtAzuMwZ +exAVJqO56Hd8taztgWaWubccM2ovLJdamYeLZaEy+Dzy9gzdfzlBHqxAoudQ1CIa +lX5lKcxmzZYZxn+v3whYe84yftT19gtz6qfRM9EDE4CJ9vMuGhSKQNFkbs/2ELNb +8QKCAQAaIj5z/jNaan5VfaffBR86WQS1LRP+Ckn/WSDKZNlfCO++JTXRK4dFm0HH +grFkyWpW+sui2aUvAoK0Ddk7fNyAhf29qslMC5VxLAlJ4sd/VVFTaBnyDOF2NCZS +HXn3q3pgvf+TnYXpfdt8Q0rY4WnGfZO1fSX5HTc1dhknTiV6jGXXqt3z5MWT8+VZ +fAcWcfQ9NYbqhi3gs4YGKkx7JVQN0dyl+W4+JNLFl0TPYA2tlk6cIkzr0qReWhdj +5rUEur44TMONsEE6taetuRSVsl6iwNYfUrOYIXZuxrlVAFKC13Jqb6a8BH70z8N0 +91Ewk/mDtQkg086y4gCQIcaL04jE +-----END PRIVATE KEY----- |