diff --git a/.env.x b/.env.x index 0494de00..e9ba6508 100644 Binary files a/.env.x and b/.env.x differ diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index c3ad15cd..00000000 --- a/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -*.so filter=lfs diff=lfs merge=lfs -text diff --git a/lib/libhostapd.so b/lib/libhostapd.so index bda0bcad..719ee42e 100755 Binary files a/lib/libhostapd.so and b/lib/libhostapd.so differ diff --git a/tools/simulator/etc/README b/tools/simulator/etc/README.md similarity index 57% rename from tools/simulator/etc/README rename to tools/simulator/etc/README.md index 7bee06d7..c0d9b530 100644 --- a/tools/simulator/etc/README +++ b/tools/simulator/etc/README.md @@ -3,30 +3,64 @@ vim /usr/local/ssl/openssl.cnf - MacOS - $ openssl version -a | grep OPENSSLDIR - OPENSSLDIR: "/private/etc/ssl" - $ sudo ln -s /usr/local/etc/openssl/openssl.cnf /private/etc/ssl/openssl.cnf - $ vim /private/etc/ssl/openssl.cnf +> LibreSSL 不是标准的 OpenSSL +``` bash + alias openssl=/usr/bin/openssl + # alias openssl=/$HOMEBREW_PREFIX/bin/openssl + openssl version + LibreSSL 3.3.6 + openssl version -a | grep OPENSSLDIR + OPENSSLDIR: "/private/etc/ssl" + # sudo ln -s /usr/local/etc/openssl/openssl.cnf /private/etc/ssl/openssl.cnf + # vim /private/etc/ssl/openssl.cnf [ CA_default ] #dir = ./demoCA # TSA root directory dir = ./ # TSA root directory +``` + +# 进入目录 +cd ~/github/radius_server_python/tools/simulator/etc/certs + # 清理 rm -rf ./newcerts/ ./*.old ./*.attr index.txt serial dh *.csr *.key *.cer *.p12 -# 生成dh文件 + +# 创建 CA状态信息 数据文件: index.txt +touch index.txt + + +# 生成dh文件: dh openssl dhparam -out ./dh 2048 +cat ./dh + # 报错则更换序列号: ERROR:Serial number 99 has already been issued -touch index.txt && echo 01 > serial +[ ! -f serial ] && echo 01 > serial +cat ./serial -# 生成CA根证书私钥(KEY) -openssl genrsa -out ./ca.key 2048 +# 生成CA根证书私钥(KEY): radius.ca.key +openssl genrsa -out ./radius.ca.key 2048 -# 生成CA根证书(CER). 提供CA根证书私钥 -openssl req -new -sha256 -x509 -days 3650 -key ./ca.key -out ./ca.cer -subj "/C=CN/ST=GuangDong/L=GuangZhou/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=1000@gmail.com" +cat ./radius.ca.key + +# 生成 radius.ca.cer +openssl req -config ../openssl.macOS.cnf -new -sha256 -x509 -days 36500 -key ./radius.ca.key -out ./radius.ca.cer -subj "/C=CN/ST=GuangDong/L=GuangZhou/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=10000@gmail.com" + +cat ./radius.ca.cer + + # 生成CA根证书(CER). 提供CA根证书私钥 + | 字段 | 含义 | 你填的值 | + | ------------ | ------- | --------------------------------------- | + | C | 国家 | CN (两位国家代码) | + | ST | 省 / 州 | GuangDong | + | L | 城市 | GuangZhou | + | O | 组织 | zhuzaiyuan | + | OU | 组织单位| zhuzaiyuan | + | CN | 通用名 | WIFI | + | emailAddress | 邮箱 | 10000@gmail.com | You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. @@ -40,11 +74,14 @@ openssl req -new -sha256 -x509 -days 3650 -key ./ca.key -out ./ca.cer -subj "/C= Organization Name (eg, company) [Internet Widgits Pty Ltd]:zhuzaiyuan Organizational Unit Name (eg, section) []:zhuzaiyuan Common Name (e.g. server FQDN or YOUR name) []:WIFI - Email Address []:1000@gmail.com + Email Address []:10000@gmail.com + + +# 生成服务端私钥(KEY-加密格式的), 并使用des3加密: radius.server.key +openssl genrsa -des3 -passout pass:123456 -out ./radius.server.key 2048 +cat ./radius.server.key -# 生成服务端私钥(KEY), 并使用des3加密 -openssl genrsa -des3 -passout pass:123456 -out ./server.key 2048 Generating RSA private key, 2048 bit long modulus ...............................................+++ ..............................................+++ @@ -52,8 +89,14 @@ openssl genrsa -des3 -passout pass:123456 -out ./server.key 2048 Enter pass phrase for server.key:123456 Verifying - Enter pass phrase for server.key:123456 -# 生成服务端证书签名请求(CSR). 提供服务端私钥 -openssl req -new -sha256 -days 3650 -key ./server.key -passin pass:123456 -out ./server.csr -subj "/C=CN/ST=GuangDong/L=GuangZhou/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=1000@gmail.com" +-----BEGIN ENCRYPTED PRIVATE KEY----- +-----END ENCRYPTED PRIVATE KEY----- + +# 生成服务端证书签名请求(CSR). 提供服务端私钥: radius.server.csr +openssl req -config ../openssl.macOS.cnf -new -sha256 -key ./radius.server.key -passin pass:123456 -out ./radius.server.csr -subj "/C=CN/ST=GuangDong/L=GuangZhou/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=10000@gmail.com" + +cat ./radius.server.csr + You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. @@ -67,7 +110,7 @@ openssl req -new -sha256 -days 3650 -key ./server.key -passin pass:123456 -out Organization Name (eg, company) [Internet Widgits Pty Ltd]:zhuzaiyuan Organizational Unit Name (eg, section) []:zhuzaiyuan Common Name (e.g. server FQDN or YOUR name) []:WIFI - Email Address []:1000@gmail.com + Email Address []:10000@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request @@ -75,9 +118,17 @@ openssl req -new -sha256 -days 3650 -key ./server.key -passin pass:123456 -out An optional company name []:WIFI -# 生成服务端证书(CER). 提供CA根证书私钥、CA根证书、服务端证书签名请求 +# 确认必要文件已存在 +ls -al index.txt serial + + +# 生成服务端证书(CER). 提供CA根证书私钥、CA根证书、服务端证书签名请求: server.cer +> 可以指定 -notext 不生成 Certificate Details: 文本 mkdir newcerts -openssl ca -md sha256 -days 3650 -keyfile ./ca.key -cert ./ca.cer -in ./server.csr -out ./server.cer +openssl ca -config ../openssl.macOS.cnf -md sha256 -days 36500 -keyfile ./radius.ca.key -cert ./radius.ca.cer -in ./radius.server.csr -out ./radius.server.cer + +cat radius.server.cer + Using configuration from /usr/local/ssl/openssl.cnf Check that the request matches the signature Signature ok @@ -110,52 +161,45 @@ openssl ca -md sha256 -days 3650 -keyfile ./ca.key -cert ./ca.cer -in ./server.c Data Base Updated -# 合成p12证书文件(暂不用.p12证书) -openssl pkcs12 -export -out certificate.p12 -inkey server.key -in server.cer +# 合成p12证书文件(AC侧需要使用.p12证书): radius.certificate.p12 +openssl pkcs12 -export -out radius.certificate.p12 -inkey ./radius.server.key -in ./radius.server.cer + + Enter pass phrase for server.key: 123456 + Enter Export Password: 123456 + Verifying - Enter Export Password: 123456 # 查看公钥CER过期时间 -openssl x509 -noout -dates -in server.cer +openssl x509 -noout -dates -in ./radius.server.cer + # 验证私钥KEY密码 -openssl rsa -check -in server.key +openssl rsa -check -in ./radius.server.key + + Enter pass phrase for server.key: 123456 + +## hostapd 不需要用到 client 证书, 用于 mTLS !!!! +# 生成客户端私钥: client.key +openssl genrsa -des3 -out ./radius.client.key 2048 -## hostapd 不需要用到 client 证书 !!!! -# 生成客户端私钥 -openssl genrsa -des3 -out ./client.key 2048 Generating RSA private key, 2048 bit long modulus ....++++++++++++ .++++++++++++ e is 65537 (0x10001) - Enter pass phrase for client.key:123456 - Verifying - Enter pass phrase for client.key:123456 + Enter pass phrase for client.key: 123456 + Verifying - Enter pass phrase for client.key: 123456 + # 通过客户端私钥, 生成客户端证书签名请求 -openssl req -new -days 3650 -key ./client.key -out ./client.csr - Enter pass phrase for client.key:123456 - You are about to be asked to enter information that will be incorporated - into your certificate request. - What you are about to enter is what is called a Distinguished Name or a DN. - There are quite a few fields but you can leave some blank - For some fields there will be a default value, - If you enter '.', the field will be left blank. - ----- - Country Name (2 letter code) [AU]:CN - State or Province Name (full name) [Some-State]:GuangDong - Locality Name (eg, city) []:GuangZhou - Organization Name (eg, company) [Internet Widgits Pty Ltd]:zhuzaiyuan - Organizational Unit Name (eg, section) []:zhuzaiyuan - Common Name (e.g. server FQDN or YOUR name) []:WIFI - Email Address []:1000@gmail.com +openssl req -config ../openssl.macOS.cnf -new -days 36500 -key ./radius.client.key -out ./radius.client.csr -subj "/C=CN/ST=GuangDong/L=GuangZhou/O=client/OU=client/CN=WIFI/emailAddress=10000@gmail.com" + + Enter pass phrase for ./client.key: 123456 + - Please enter the following 'extra' attributes - to be sent with your certificate request - A challenge password []:123456 - An optional company name []:WIFI - # 通过CA根证书私钥、CA根证书、客户端证书签名请求, 生成客户端证书 -openssl ca -days 3650 -keyfile ./ca.key -cert ./ca.cer -in ./client.csr -out ./client.cer +openssl ca -config ../openssl.macOS.cnf -days 36500 -keyfile ./radius.ca.key -cert ./radius.ca.cer -in ./radius.client.csr -out ./radius.client.cer + Using configuration from /usr/local/ssl/openssl.cnf Check that the request matches the signature Signature ok @@ -186,3 +230,6 @@ openssl ca -days 3650 -keyfile ./ca.key -cert ./ca.cer -in ./client.csr -out ./c failed to update database TXT_DB error number 2 + +# 修改证书权限 +chmod 600 *.key *.cer \ No newline at end of file diff --git a/tools/simulator/etc/certs/ca.cer b/tools/simulator/etc/certs/ca.cer deleted file mode 100644 index 45deafd9..00000000 --- a/tools/simulator/etc/certs/ca.cer +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID/TCCAuWgAwIBAgIUNti3l1iKdCEURnk+ucRSXN/ZukAwDQYJKoZIhvcNAQEL -BQAwgY0xCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0RvbmcxEjAQBgNVBAcM -CUd1YW5nWmhvdTETMBEGA1UECgwKemh1emFpeXVhbjETMBEGA1UECwwKemh1emFp -eXVhbjENMAsGA1UEAwwEV0lGSTEdMBsGCSqGSIb3DQEJARYOMTAwMEBnbWFpbC5j -b20wHhcNMjQwMTI5MDMzODE4WhcNMzQwMTI2MDMzODE4WjCBjTELMAkGA1UEBhMC -Q04xEjAQBgNVBAgMCUd1YW5nRG9uZzESMBAGA1UEBwwJR3VhbmdaaG91MRMwEQYD -VQQKDAp6aHV6YWl5dWFuMRMwEQYDVQQLDAp6aHV6YWl5dWFuMQ0wCwYDVQQDDARX -SUZJMR0wGwYJKoZIhvcNAQkBFg4xMDAwQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBALsK8B43E7VMcbWYKYGgbAd+j/44lJzwRGb5PQeg -CstL+W9nlXS934Ox7Rn8towHrUU7UVqeYDmHAaq08oOuoy8xrx8+2gHHtNvYeofX -HukRTm8y5UV1Tb1s5NKCd79VQAEcE3BOD6GYifqUWEMiVsySTd9FT6dVqLkvR2kl -KHBwEyjVS+7EzTCfXs6YFPtVBpCNmPRU+lQjMFkcUYGmGl5cA/XtNcThKxXqn1Aq -W2EhwOj8NenX7WGMYegGE5XVjpkYyH5tddjhAxQIjlhPrd89n/EuruRbQ0rGqyiX -DktfVt5K8dreyaHE1qzckXpQ5CHKdeJM+sfyokUwm4nu20MCAwEAAaNTMFEwHQYD -VR0OBBYEFO3utMHmsConSUc99TB5diaQgquGMB8GA1UdIwQYMBaAFO3utMHmsCon -SUc99TB5diaQgquGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -AIEuIiuF8Lqd+IHNkZcf3R9Roijz3LzB4V41AX3hmzeddkWLWnToqE3bNPbCcRoz -BNjMCkgmU1MZO7E77RPfMm9hCu4mO/jPSc30ewnv/MMMhwRXREJwCDluLLZ2qfm/ -/EM1FVEwd6WgSnqpDywlYqk9mkD/+7B7JbgNpE5l5g/e2KmVnjKMCn3nHMIUQtEI -73GY0aVFS6u7/9DxZf1tNr84ItEjfHg56Awx75A7pD/AiU0+AWv+A7dMPnLCgTjF -uMeoz+jOMPweQO5/1UHOtFXu2NvcRcEdmXAkO2jcdOTF1IE9G8XFgmCon5rFeEH/ -9GTLoL8L/epVSkmlfjRWLMs= ------END CERTIFICATE----- diff --git a/tools/simulator/etc/certs/ca.key b/tools/simulator/etc/certs/ca.key deleted file mode 100644 index 0f327ff7..00000000 --- a/tools/simulator/etc/certs/ca.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7CvAeNxO1THG1 -mCmBoGwHfo/+OJSc8ERm+T0HoArLS/lvZ5V0vd+Dse0Z/LaMB61FO1FanmA5hwGq -tPKDrqMvMa8fPtoBx7Tb2HqH1x7pEU5vMuVFdU29bOTSgne/VUABHBNwTg+hmIn6 -lFhDIlbMkk3fRU+nVai5L0dpJShwcBMo1UvuxM0wn17OmBT7VQaQjZj0VPpUIzBZ -HFGBphpeXAP17TXE4SsV6p9QKlthIcDo/DXp1+1hjGHoBhOV1Y6ZGMh+bXXY4QMU -CI5YT63fPZ/xLq7kW0NKxqsolw5LX1beSvHa3smhxNas3JF6UOQhynXiTPrH8qJF -MJuJ7ttDAgMBAAECggEADpAC8u9J1wc9ISzYKnIBhzHY5yujknZ4dOX51PKmdH6V -TJGthrnTwa6kLa5Jziw41teP9XS4PDJhNFfDO/JoXR/KqS2dDp9sWuOHYrUigHXq -++hkBlzkMRfd1u/2f8yU36E+eDNzrxqvv3U2S//L70CC1JvSYE5ghQ6DylFszRgi -ZJj79vYUvzeXpNpGhcyge7ug2rsCuJbqb0mVRfe/azKxRi3aPqqce2mG7PDNzEt/ -IkFm/lw+plfKZrcIiTv96UlcubMzzpf3yC0FBZxvfqHsJaa7/GzdNaIQmUa4uVmJ -t/XukFAP1a+yTGKlh/0ukRgJb2O51seIOvgD17woAQKBgQD4Zj1HOvBuT0m8LV+I -uAUcpwIizzlt1Jbq4dzBM00TIZU5eGgcWmepfkt2k/pN7Nzh3+vqZl0tu4OyMrT+ -aR6LCVU6qvyLR3Cuh4KmOAy057NqxAtLxuVShF5tZG99CTLTRd9QArzJwWaoXFLw -h9RztEa+cBIqibfWZFtS5H5IAQKBgQDAxBR9nlQsCqI6oIXEoHkdi7fvI/xLXuEi -nIzGSbsehQsAIUxiXUL8yYRM6Q35YXCf1O8Ezw0F6MpCwrc+jX6J4br5XYqt0hiW -Kn95kQybPkK/3ycRYLKxAdi9PB+j6zA/logNmbAnLGBJ9HnHWL/+BeFPXoEXnJvT -2wA9cgoDQwKBgC+MWpSE+rsS4FluEgh4uTnH2kfRhPu6Iv1pKLmu2UUdO5RZsQwk -Xg16yHU1VEeQXKO8GkuvNoznhQkaXb0JYDhbG/5z9o2uqioudFrfBcenRpfcWREz -THhkMDMec5zqotkAWgPV0k+Ift8hdRrn1UokqxoPF9seq5sVcMnIRUgBAoGBAJ9O -LKT4ARX4n8OVv5cVC6LoQdUHR0y+l450FD8W1eZOCx5LZoXwDxk8LPMms17CMUJV -xkaSGnAkx2rO4oN2ifnHLC9DKAWomJsZegnsXp+5n45UDERnRqXUIduZ4YglKNWU -QNIEjjiBiv3zZeTiKqDzGRXvwv3RdlJqLdOZ+D5jAoGBAOkqxSbPDBZ9EfjdLQpv -I06x7Y9ZYlSgSROv263K8QIs5+4/N/cdEsaNioGKfqh4Yp6FuqYcDv+7fDNcz4iS -i7M2GabuFa7Cci//0XlksVy3yorAN/TeWnREy0UW+LkjP0kOOp21aTLgLiWaf26M -uJlUwpqyWqXfF5eBIDjTU26s ------END PRIVATE KEY----- diff --git a/tools/simulator/etc/certs/dh b/tools/simulator/etc/certs/dh index 3f74cfc8..50a380ff 100644 --- a/tools/simulator/etc/certs/dh +++ b/tools/simulator/etc/certs/dh @@ -1,8 +1,8 @@ -----BEGIN DH PARAMETERS----- -MIIBDAKCAQEA/vZyyu0RlRuBiWQD5wGVbzl+5MJFGgXOp8degAMROcPd61E7qRpz -KE3L7jdDAds2SE7eoLGRJrSu3Y1uvuBg5cYdPe+/XNTZ/MSp1itrMVRHyRU+nAM5 -Im1Th8/paT3Ps+LywLVSrpn/hqdLu353fnMVL+d6pnryPUUEPoA+iXvddUc8tPb3 -AR03LEjNHecvgr3L7RFt0ElrFEukqyy5METYfvLpqy1WoOYqh/CCXDBG222omjWJ -3iYBNhwUZYII8iNGYUWrprp2c1BOkqA0mR385qPK6uf2GBVk43BG/N8c4XFJOy+I -FfEA2Et9OCaC3VyeJiR9I/zA1wHbvrjn3wIBAgICAOE= +MIIBCAKCAQEA4D3f7qs1enleikIdfLuhPaX7+7AHdUeWPk3hnGPh6iST4bnqEm9L +wBoDoA6AM+JSAGVsUtYlFDe8hPqmKUO27fLX51oYnkTIizUoASz/KotkJOLx+yIU +/8z0/cQQsUjtiNY2+5Yc8TbWKdhjBgJnqVAaYKpKfdX2lLOsDsyN0y4AqKI8HZT1 +wBZE/pdr28A3/LnEGM7WYaMFlmXv0/JEWVVp7XCmuQt9ll9PxCp2c2cd6yYC5QOd +UOJHGK1kk7VS4I+1vhrSkJxKu+CvyglCzxItqsNN1xXGXb+oAx0VahxFvPchwQVo +bX0WHtXYUx6utObJq8JDG/B2Cd3HtYd5wwIBAg== -----END DH PARAMETERS----- diff --git a/tools/simulator/etc/certs/index.txt b/tools/simulator/etc/certs/index.txt index 02f09fde..0854d7d9 100644 --- a/tools/simulator/etc/certs/index.txt +++ b/tools/simulator/etc/certs/index.txt @@ -1 +1 @@ -V 340126034054Z 01 unknown /C=CN/ST=GuangDong/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=1000@gmail.com +V 21251210000742Z 01 unknown /C=CN/ST=GuangDong/O=zhuzaiyuan/OU=zhuzaiyuan/CN=WIFI/emailAddress=10000@gmail.com diff --git a/tools/simulator/etc/certs/radius.ca.cer b/tools/simulator/etc/certs/radius.ca.cer new file mode 100644 index 00000000..9c91b348 --- /dev/null +++ b/tools/simulator/etc/certs/radius.ca.cer @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID8zCCAtugAwIBAgIJAJiBHt8vVSqSMA0GCSqGSIb3DQEBCwUAMIGOMQswCQYD +VQQGEwJDTjESMBAGA1UECAwJR3VhbmdEb25nMRIwEAYDVQQHDAlHdWFuZ1pob3Ux +EzARBgNVBAoMCnpodXphaXl1YW4xEzARBgNVBAsMCnpodXphaXl1YW4xDTALBgNV +BAMMBFdJRkkxHjAcBgkqhkiG9w0BCQEWDzEwMDAwQGdtYWlsLmNvbTAgFw0yNjAx +MDMwMDA3MjRaGA8yMTI1MTIxMDAwMDcyNFowgY4xCzAJBgNVBAYTAkNOMRIwEAYD +VQQIDAlHdWFuZ0RvbmcxEjAQBgNVBAcMCUd1YW5nWmhvdTETMBEGA1UECgwKemh1 +emFpeXVhbjETMBEGA1UECwwKemh1emFpeXVhbjENMAsGA1UEAwwEV0lGSTEeMBwG +CSqGSIb3DQEJARYPMTAwMDBAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAmcoRlJ3RHGU079W7ue1fJl/3xnDX6Cya8mDeoMTtHU+osUr0 ++SqawrQOc840KcqHF42KmNoXY9AKtVcQgdQzbWyQQ8US2GpMJ7jH7JIDgVwXqHOK +pHRPoQ/nwVai4TpQEyLBblP2QX32AXt7tKLQ5LCAqFpyX6KtEkmlVvKjm/3gQ5K4 +G+mxJ+jRWUGPKw3JDEcZjvPlTh0XrVrE3tXctzccRlfIhDuA5UfS/8za3igQ23FE +F/pFKOJFrV9LF0bhuixhNG35Yq4FM90sfGgFyg3+fAAoe3Hv/jXCQ/6wbEl+hFKP +FySlMAE1IFNLG86rOAegbd4PXp3b9TDLMIzg7QIDAQABo1AwTjAdBgNVHQ4EFgQU +0pmMS8psZ54+hcPI6XCtxJBBcNcwHwYDVR0jBBgwFoAU0pmMS8psZ54+hcPI6XCt +xJBBcNcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAPfAUJWIfKVnk +vbU65hAB1LZlNdNPeIPHX214p4LbEtYj4XSfO8oE8pk/knEUrShWaEqcxLMuBEOy +andiq1661qJCbwadv3/zSimcbLAMNoq86wOE5MdtDJ0E2ELCYG2ha+cvOG1jSQAB +PRUtCYCOeXlHg4HiyYRJfpAT3thZWNiXxLDxbTPzaC7fPMztWYzdM3Y690KfZ4Uu +IXiULFB/Cbu17UG4FNJVzG262Uyd8x47x0/8VVNo4eRvlZcaNyZRiXLw7fXl70Fh +qi2i7UhiGg7qT1tl+gpSa9Ah60cuqrPj+tw4sh7Rg44Xf9KyPe7yHfRZ++G/wTT2 +r/NKGR/yUQ== +-----END CERTIFICATE----- diff --git a/tools/simulator/etc/certs/radius.ca.key b/tools/simulator/etc/certs/radius.ca.key new file mode 100644 index 00000000..73b1d5a3 --- /dev/null +++ b/tools/simulator/etc/certs/radius.ca.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAmcoRlJ3RHGU079W7ue1fJl/3xnDX6Cya8mDeoMTtHU+osUr0 ++SqawrQOc840KcqHF42KmNoXY9AKtVcQgdQzbWyQQ8US2GpMJ7jH7JIDgVwXqHOK +pHRPoQ/nwVai4TpQEyLBblP2QX32AXt7tKLQ5LCAqFpyX6KtEkmlVvKjm/3gQ5K4 +G+mxJ+jRWUGPKw3JDEcZjvPlTh0XrVrE3tXctzccRlfIhDuA5UfS/8za3igQ23FE +F/pFKOJFrV9LF0bhuixhNG35Yq4FM90sfGgFyg3+fAAoe3Hv/jXCQ/6wbEl+hFKP +FySlMAE1IFNLG86rOAegbd4PXp3b9TDLMIzg7QIDAQABAoIBAHXxT5xPkDCbuYZ5 +vzfvQLq4fNi2cA8CLm7WNcbMYCDLl88ockmpD/lkh3Tu3nhydzpr9bAWCjwlMCE0 +vVckO7CewuEGgdZxZyhLgSAANyn9S7OHsPtArFUUUqOm4tGinAig7gHD6Kb/iCxI +3G2DNHs+ld0HSJHpu5u72U6eVTVqxSxVKFetnjnW99URt7bZndNFOltK6SS9opfm +Dq9e0p74oUgx5gHq8qvL8GxzDQL57N0mCuOuQr1scLZm+yP+NuT9tpqV041+pIgm +XqTO1cw7caejsYlovWTnbNWV5xP7qP92KzBP0QgaLD8dKIA88zGM0rADya0u2ZJs +QaJfAiECgYEAyn7wD8DLfhf0eFIH+V3vNY7N9lb98gcDfIL9AsBchf4+YpaBLFDW +zTJO/FvRT08VPKtDnCaK8WJ9cmwAUp9xZbLDzx76B7/EMad17Jvxh1edEL80gPVN +QbNPrEZ1oDdUaUw05qrqABTQ6/2eu3nZlonMYDtDRTYq7P43qIRVxiUCgYEAwmyQ +Qb1ip8klFprW5CZ7TvbEd0hgHXvIRdaClKcvBVSzjjXcQKxOXUUyGPMgcIH0B6Gb +7u0ioOVcYn471V1LocE6dPqAYE87k1Ogp0B2CE4T+XZLu4FDK8aT82vcLJpsr74W +R4IJ/vrZeMcjlDwtsR37F8reqoNFokblES3CASkCgYBPteQ970CrZDah3nixGt79 +EDfXTqssSMKAkveRy7MgM9LO8Dvs++1yXOlmwaYFODY96ZT1tN5g4spK7mS6IXV7 ++QDHWYRG5KAQg8ER4NkU09JKM1oxoV5GDJXCVQIcjWs2//6bBpCSc59CJlYDqpWS +gq/m+a0jY41GOVQji+RP2QKBgF8NBFmfZSPySpeKi5Ru28n3CoXmdFb1tSuve5eB +RJOunTnhSxSzKHyg36Ui97EJV2yDreBZPpy6hTgBzu649cjW1uVpsmljUxTrxZb/ +BLV6tnk3RD8fKt+z7ZEMIlAMDya8H9hF0u09ZiSN9u75nL0Ck0dGfyWNl/WGA2cq +n7ZBAoGBALVJHRJfz3hveYsu4KhO8Y4ZtPVLNB/qwX2XBQGnp8XhYoaDnRRXd2NL +awuvLBcLre8et/Aurzb56/uoIWgJwyNjRSO96y/WOEwuaVfeN4OVtADGxTSqfmJb +dNDcIcX6XH6Iuz8TagDMzhQmCxnp8cfg95FQZV9okRXnoXDcdDnZ +-----END RSA PRIVATE KEY----- diff --git a/tools/simulator/etc/certs/radius.certificate.p12 b/tools/simulator/etc/certs/radius.certificate.p12 new file mode 100644 index 00000000..80859903 Binary files /dev/null and b/tools/simulator/etc/certs/radius.certificate.p12 differ diff --git a/tools/simulator/etc/certs/radius.server.cer b/tools/simulator/etc/certs/radius.server.cer new file mode 100644 index 00000000..e8fa3c70 --- /dev/null +++ b/tools/simulator/etc/certs/radius.server.cer @@ -0,0 +1,83 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CN, ST=GuangDong, L=GuangZhou, O=zhuzaiyuan, OU=zhuzaiyuan, CN=WIFI/emailAddress=10000@gmail.com + Validity + Not Before: Jan 3 00:07:42 2026 GMT + Not After : Dec 10 00:07:42 2125 GMT + Subject: C=CN, ST=GuangDong, O=zhuzaiyuan, OU=zhuzaiyuan, CN=WIFI/emailAddress=10000@gmail.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c7:e8:e6:e3:82:7b:a4:6b:2a:de:a9:d3:b8:e1: + bc:2f:b4:7b:73:9e:3f:c9:9a:6f:6b:2f:c0:15:4a: + 9b:15:44:6b:b2:a0:e5:f3:e6:95:c6:a7:df:4a:d1: + 4d:e0:ad:8c:b4:41:b7:f1:56:6f:60:65:eb:9c:8d: + b3:83:39:4e:f0:69:bc:f9:39:f0:24:eb:e4:11:4b: + 8d:e5:6f:26:e5:d0:94:4c:3c:6c:13:e5:62:de:c6: + 84:99:88:32:e8:b5:c0:8c:2b:57:55:2d:f9:df:1c: + 04:e2:40:ce:45:32:66:dd:37:23:2c:1d:c0:02:c8: + c6:63:f7:dc:a3:ce:7e:d6:e1:22:09:f5:33:a2:98: + e3:f0:df:c4:f8:7e:60:b5:4f:d2:e8:5f:36:c0:28: + 9d:19:f6:73:43:aa:90:da:9f:33:48:0e:9b:2d:16: + f6:76:fd:62:fe:23:e7:2c:0d:85:55:bf:63:b4:34: + a6:4e:44:11:09:80:20:0d:16:87:7e:7f:7f:d7:c7: + ad:e5:b3:b4:5f:2c:83:af:b7:6f:e3:9c:fe:9c:2e: + 6d:5e:f6:6c:29:46:38:7b:15:5a:06:32:99:83:d9: + f3:bf:18:12:49:80:b0:cc:f0:1a:f3:25:29:90:25: + 27:9d:56:47:40:58:b4:66:f4:13:b9:c4:a9:7a:a8: + 9f:55 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + F3:96:09:51:3E:B8:71:B0:23:D1:3B:BE:A4:89:43:B5:88:3D:68:62 + X509v3 Authority Key Identifier: + keyid:D2:99:8C:4B:CA:6C:67:9E:3E:85:C3:C8:E9:70:AD:C4:90:41:70:D7 + + Signature Algorithm: sha256WithRSAEncryption + 30:0f:9a:c5:d4:9e:78:9f:49:da:53:2e:44:22:d5:48:8f:83: + b8:f9:7f:14:6e:cd:31:c8:7a:3a:82:15:e3:2d:41:4b:a3:8e: + be:97:7d:5a:33:c5:33:b1:0d:42:04:b9:83:bf:8c:cd:66:bd: + d6:59:12:e3:e6:4c:91:22:89:16:62:2f:ae:02:72:4a:2c:24: + b3:02:21:5f:f8:97:57:8f:72:1b:08:57:e6:6b:73:5b:b2:c5: + b8:b8:d8:ed:cf:8e:84:4f:a9:d3:3c:f0:ac:21:04:99:07:bb: + a1:03:a2:a6:13:e6:08:c6:3d:de:c5:08:e5:70:18:99:27:a4: + 26:46:74:f2:a1:04:22:e3:1b:3e:b5:73:55:14:0a:e7:92:78: + c8:81:e4:3d:00:95:a0:0e:38:94:6d:c5:22:de:35:bb:1f:e1: + 07:ac:17:33:b1:d1:7d:ab:00:24:17:29:ab:9b:12:b9:10:0f: + 65:a8:3f:0e:11:a8:46:63:4b:67:db:3d:52:89:f0:a2:38:49: + 2f:45:06:57:be:8a:42:90:3e:a9:fa:0b:2f:a5:9a:2e:d1:e2: + e1:4d:f5:b4:20:b3:8e:69:82:bd:d1:3f:84:c6:64:c7:38:10: + ef:9a:f6:8c:84:23:49:ac:62:f9:1a:d3:a9:82:4c:62:7b:11: + e2:91:47:b2 +-----BEGIN CERTIFICATE----- +MIIEATCCAumgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCQ04x +EjAQBgNVBAgMCUd1YW5nRG9uZzESMBAGA1UEBwwJR3VhbmdaaG91MRMwEQYDVQQK +DAp6aHV6YWl5dWFuMRMwEQYDVQQLDAp6aHV6YWl5dWFuMQ0wCwYDVQQDDARXSUZJ +MR4wHAYJKoZIhvcNAQkBFg8xMDAwMEBnbWFpbC5jb20wIBcNMjYwMTAzMDAwNzQy +WhgPMjEyNTEyMTAwMDA3NDJaMHoxCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFu +Z0RvbmcxEzARBgNVBAoMCnpodXphaXl1YW4xEzARBgNVBAsMCnpodXphaXl1YW4x +DTALBgNVBAMMBFdJRkkxHjAcBgkqhkiG9w0BCQEWDzEwMDAwQGdtYWlsLmNvbTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfo5uOCe6RrKt6p07jhvC+0 +e3OeP8mab2svwBVKmxVEa7Kg5fPmlcan30rRTeCtjLRBt/FWb2Bl65yNs4M5TvBp +vPk58CTr5BFLjeVvJuXQlEw8bBPlYt7GhJmIMui1wIwrV1Ut+d8cBOJAzkUyZt03 +IywdwALIxmP33KPOftbhIgn1M6KY4/DfxPh+YLVP0uhfNsAonRn2c0OqkNqfM0gO +my0W9nb9Yv4j5ywNhVW/Y7Q0pk5EEQmAIA0Wh35/f9fHreWztF8sg6+3b+Oc/pwu +bV72bClGOHsVWgYymYPZ878YEkmAsMzwGvMlKZAlJ51WR0BYtGb0E7nEqXqon1UC +AwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5l +cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPOWCVE+uHGwI9E7vqSJQ7WIPWhi +MB8GA1UdIwQYMBaAFNKZjEvKbGeePoXDyOlwrcSQQXDXMA0GCSqGSIb3DQEBCwUA +A4IBAQAwD5rF1J54n0naUy5EItVIj4O4+X8Ubs0xyHo6ghXjLUFLo46+l31aM8Uz +sQ1CBLmDv4zNZr3WWRLj5kyRIokWYi+uAnJKLCSzAiFf+JdXj3IbCFfma3NbssW4 +uNjtz46ET6nTPPCsIQSZB7uhA6KmE+YIxj3exQjlcBiZJ6QmRnTyoQQi4xs+tXNV +FArnknjIgeQ9AJWgDjiUbcUi3jW7H+EHrBczsdF9qwAkFymrmxK5EA9lqD8OEahG +Y0tn2z1SifCiOEkvRQZXvopCkD6p+gsvpZou0eLhTfW0ILOOaYK90T+ExmTHOBDv +mvaMhCNJrGL5GtOpgkxiexHikUey +-----END CERTIFICATE----- diff --git a/tools/simulator/etc/certs/radius.server.csr b/tools/simulator/etc/certs/radius.server.csr new file mode 100644 index 00000000..96b71e3c --- /dev/null +++ b/tools/simulator/etc/certs/radius.server.csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC1DCCAbwCAQAwgY4xCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0Rvbmcx +EjAQBgNVBAcMCUd1YW5nWmhvdTETMBEGA1UECgwKemh1emFpeXVhbjETMBEGA1UE +CwwKemh1emFpeXVhbjENMAsGA1UEAwwEV0lGSTEeMBwGCSqGSIb3DQEJARYPMTAw +MDBAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+jm +44J7pGsq3qnTuOG8L7R7c54/yZpvay/AFUqbFURrsqDl8+aVxqffStFN4K2MtEG3 +8VZvYGXrnI2zgzlO8Gm8+TnwJOvkEUuN5W8m5dCUTDxsE+Vi3saEmYgy6LXAjCtX +VS353xwE4kDORTJm3TcjLB3AAsjGY/fco85+1uEiCfUzopjj8N/E+H5gtU/S6F82 +wCidGfZzQ6qQ2p8zSA6bLRb2dv1i/iPnLA2FVb9jtDSmTkQRCYAgDRaHfn9/18et +5bO0XyyDr7dv45z+nC5tXvZsKUY4exVaBjKZg9nzvxgSSYCwzPAa8yUpkCUnnVZH +QFi0ZvQTucSpeqifVQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAAhLLxEtJR4n +cCmDEE2UycfFP/giTWyvjXKcLNinegueLy3hhiKoORc84+hKgvzZaL1C7U/YglV0 +6PXuglHUFBZHy9Ynbh1iy+Kkx9BlmQV3RLyLWy0+3zovVoc3qc7yvhRtFBo2wKth +ZHUdhqCYHeDr89PSsnBptD6eqD18XWRwiUKiE16CrFwogYG+Zqh5zG42QXExw5jz +B0xt3NbJ+Rr31+fjk7EJgUT2h5vHFBS/PIXaMgwLCh96+7k7DcKGCXMmcDMeK53U +hxiJEB7ujGg49zDXEPvxbesh0B/s4SWOw85NJy/oAxjL4edVBT42WtM1JmxP62Bz +TI4mC//JQqw= +-----END CERTIFICATE REQUEST----- diff --git a/tools/simulator/etc/certs/radius.server.key b/tools/simulator/etc/certs/radius.server.key new file mode 100644 index 00000000..9d9d79c0 --- /dev/null +++ b/tools/simulator/etc/certs/radius.server.key @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,83B415EF9D4AAB00 + +/E2cw2kzisDSIf7OjH8FEeTwyuIz7qyp80UqKa7IviQoRWjpRzp82Ara0Musvu0N +vZGujs6IzHwNUIn14QqLwb8yJc8f41Ao7SDD9fIK4OrFCX4/09+H0/CvEVGh5Anj +9K+O7fSirm0K+uR3iWk4idQ2Hx1D3dd0aJ1PwWwoUDoHUc77UWdkX+kxLGB8/dQK +V95gnutqDkdXQ/89qsyvc1Xa3uAMpJQbT/44wFJIAMfU0bTTfsMeN6QYmeTFxy56 +qdExi4Fqc9Krv4P6rDh9xM5yEETo2up0Q9SuCIZn53JQVHunbA79ziVHr4HHBOsG +VlC5UImdu7U80Y7qpclUgk4Dh2Ku+RrbYmPpz9sVE3iXIf7PKsH+bDjjl1XWb6U8 +t0Dl7p1R6/L/BZFRtmghK+UhTmyxjAFK2NWzRzOPDPeOTpLMgjX/K7x5GlMErXCT +AYLUKlf6u3/93AgLx1GA43A8lNc6S9woUhdC45EVUzX2/Ucr8enB2mmOpmnErMip +2Ix8Pq7FtiqyfZr/xbDjz5+Y4xwgbsjDSkINRqvw7lOKIAt/e+b4V5oZly/YUA4V +QeaDc57LPTUXj8uV7l1PbKrqYyW7JIHpBN7/dLXDaRgXX4ZbusFq4hoY8/mPiTd8 +5iLtCIOHe+7kYiotour1ysjRxwWnCMs3kdwGz7m95fZY0BU9bPIFJqDkeQVFuPey +4RLG5szHk32dG6oKQyqYaydqLfjCJbxhe0cnYzZWvGPQ95JV3o/Obp5geuruTgIu +Rhh9gFcA/8tr4UGCD8Mr/N+03Es0vsvEpqxZp7d+fypRoOujtVNOm9wuCtTn9FQN +J+ZmSz6ChKbI8sj/aQUlZYtnLka6LX1zVDzuz9x1zyxouhuhDeP/oKR80ZIWvoJO +gHqTZzSy+9LSHomaAUdY27iZmwVjdpyOduL1kaBCkfJhEs+dXx82URX+euehcGUP +FhwpL+3wGn+xyYr4ddZNFlse9uRi/cBWS5IDSN5lP1gfbZQA75ShGBV4X9nEen5p +5YO5/9icZLU9FS0hI2XiQaKk8IweEhYrM5ZrQwtF5Zy22s23ouTtG+vtbgqvDh9/ +of2TkNoXZ+GmghggVyEYy0t6X/Mnkt6qShjwFiHccXGQnzAXHIV5sgyvJi5+KGIK +KXrMEuGOrcpB1ajFDX6wszU0yXjJGJbnKdFGrOt3Vgby2G/jRRVdMbR3k41YbAZg +Su4mxxO/ZDZLFPdIIjB3XO7fsX/Xl/1LuYojrh7+W15Ilvylsnz4BIckMxzy0qu3 +z04Gd7RDsu1FglZAzJRGpR5x+kdtFBgvrHfwOk/Q5aXhViJBWDLDZEQtZBn9SAH/ +mm+asJ7Ya3m5fnhguyvHhyZ4obkHvDAsI/BqTUcKnNl14y+KGket5MIFbFdA5zGw +mUfm1fDSleSEmBL24NItGrkAad+/tbjdBK6GnWUo7bc6Mu3zya0sIcUHjIhx/joj +sEUW6j2shEOyDZ7qeuIPcLCrCyUXTWpK/9OGjZVoVe+Cl4kFhDBZ5pMiNTyL/BEE +0DVj4rj+LelWusegdEvGl8TtWMaVAl2znAutuoKnPaMEQ41AJDuDycT6Mt2UW+cB +-----END RSA PRIVATE KEY----- diff --git a/tools/simulator/etc/certs/server.cer b/tools/simulator/etc/certs/server.cer deleted file mode 100644 index be2b3e47..00000000 --- a/tools/simulator/etc/certs/server.cer +++ /dev/null @@ -1,80 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=CN, ST=GuangDong, L=GuangZhou, O=zhuzaiyuan, OU=zhuzaiyuan, CN=WIFI/emailAddress=1000@gmail.com - Validity - Not Before: Jan 29 03:40:54 2024 GMT - Not After : Jan 26 03:40:54 2034 GMT - Subject: C=CN, ST=GuangDong, O=zhuzaiyuan, OU=zhuzaiyuan, CN=WIFI/emailAddress=1000@gmail.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:ad:bd:1b:6b:f3:ae:3d:20:9d:af:58:72:20:62: - cc:b5:e3:9e:1c:9e:5a:21:86:6b:06:93:7d:ce:6d: - 93:fc:07:8f:5a:88:51:7d:0b:56:b1:03:b0:6d:94: - e4:08:61:09:f8:dd:a6:18:1a:c4:6d:f7:2f:3d:31: - 00:23:9a:3b:6b:29:37:a8:a2:f3:7b:ff:ce:9c:04: - 9e:67:21:77:81:cf:ae:87:de:e0:3d:4d:d1:46:ea: - fa:a2:08:51:eb:0a:c3:66:d8:a0:2c:39:f3:a5:0f: - a6:b3:89:f3:b3:17:18:2f:6c:d0:a8:0e:3c:02:3b: - 4c:f7:6c:c3:09:80:67:0e:ef:53:12:da:49:76:9a: - 89:96:d5:01:7e:b8:75:1e:80:d7:0a:0f:c8:b3:d9: - 58:9b:cc:87:b5:b5:c7:22:f5:5b:0e:d6:09:aa:3b: - 5f:61:ed:4f:26:2e:78:8f:2e:78:c4:86:db:d4:af: - 3b:3a:bd:fd:f0:c2:2e:b7:a5:44:4b:2a:93:65:d9: - dd:04:9d:54:d5:ef:cd:3c:33:d2:84:c5:f4:ea:c0: - 06:0a:c0:ed:b9:9d:5a:73:52:fa:b0:b8:dc:20:b5: - 5b:8c:00:29:ca:fe:50:d0:f2:49:4f:b6:6e:f2:04: - 23:b0:bc:f9:f6:b7:17:90:3e:76:a6:c7:d7:3c:83: - 5c:71 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - 8E:38:1C:FC:83:51:B3:EB:E4:7B:D5:3F:A9:CB:7A:DD:BF:C6:09:6E - X509v3 Authority Key Identifier: - ED:EE:B4:C1:E6:B0:2A:27:49:47:3D:F5:30:79:76:26:90:82:AB:86 - Signature Algorithm: sha256WithRSAEncryption - Signature Value: - 08:0d:e1:91:1e:0e:a5:90:d7:f6:32:62:d9:85:24:26:b2:c4: - 9a:8d:89:0f:75:78:cc:48:f7:a3:3c:77:e4:cf:cf:6e:51:91: - 5f:72:ea:65:22:5b:24:e2:fa:bb:52:a1:77:c6:33:8f:9e:37: - 75:08:65:53:c7:77:cf:b4:38:e7:a0:21:2e:ea:c2:5a:f9:22: - 92:5b:1e:21:dd:ab:dc:ad:55:2a:0a:e2:53:ab:be:91:d4:54: - 38:8e:73:21:9b:29:a2:ed:25:fe:4a:62:68:b5:9c:d5:db:e1: - 5a:db:a2:4d:bb:e7:b3:fa:ae:1e:a6:08:2e:d7:9e:a5:82:e1: - 19:c6:1f:59:f1:d8:19:48:fd:de:d9:24:a2:0b:47:c4:17:a8: - dd:43:da:5f:7c:61:35:24:36:a6:19:b6:f0:6f:fc:a7:74:7a: - 05:81:0f:14:46:7a:06:1b:ed:5b:aa:81:e1:88:71:ab:12:ba: - e5:f7:c7:5e:ac:88:96:c5:9b:0d:b0:da:91:a5:64:9a:f8:b5: - 3e:18:81:f4:f8:a3:9d:03:43:a5:97:4d:76:11:43:fc:b8:65: - 89:ce:75:09:56:8c:bd:ec:a6:91:a6:b9:4f:eb:27:73:7f:0d: - da:09:a7:dd:35:10:2a:57:9d:de:b5:56:5d:77:d1:fd:00:38: - 97:91:ba:d3 ------BEGIN CERTIFICATE----- -MIIDzzCCAregAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjTELMAkGA1UEBhMCQ04x -EjAQBgNVBAgMCUd1YW5nRG9uZzESMBAGA1UEBwwJR3VhbmdaaG91MRMwEQYDVQQK -DAp6aHV6YWl5dWFuMRMwEQYDVQQLDAp6aHV6YWl5dWFuMQ0wCwYDVQQDDARXSUZJ -MR0wGwYJKoZIhvcNAQkBFg4xMDAwQGdtYWlsLmNvbTAeFw0yNDAxMjkwMzQwNTRa -Fw0zNDAxMjYwMzQwNTRaMHkxCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0Rv -bmcxEzARBgNVBAoMCnpodXphaXl1YW4xEzARBgNVBAsMCnpodXphaXl1YW4xDTAL -BgNVBAMMBFdJRkkxHTAbBgkqhkiG9w0BCQEWDjEwMDBAZ21haWwuY29tMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArb0ba/OuPSCdr1hyIGLMteOeHJ5a -IYZrBpN9zm2T/AePWohRfQtWsQOwbZTkCGEJ+N2mGBrEbfcvPTEAI5o7ayk3qKLz -e//OnASeZyF3gc+uh97gPU3RRur6oghR6wrDZtigLDnzpQ+ms4nzsxcYL2zQqA48 -AjtM92zDCYBnDu9TEtpJdpqJltUBfrh1HoDXCg/Is9lYm8yHtbXHIvVbDtYJqjtf -Ye1PJi54jy54xIbb1K87Or398MIut6VESyqTZdndBJ1U1e/NPDPShMX06sAGCsDt -uZ1ac1L6sLjcILVbjAApyv5Q0PJJT7Zu8gQjsLz59rcXkD52psfXPINccQIDAQAB -o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBSOOBz8g1Gz6+R71T+py3rdv8YJbjAf -BgNVHSMEGDAWgBTt7rTB5rAqJ0lHPfUweXYmkIKrhjANBgkqhkiG9w0BAQsFAAOC -AQEACA3hkR4OpZDX9jJi2YUkJrLEmo2JD3V4zEj3ozx35M/PblGRX3LqZSJbJOL6 -u1Khd8Yzj543dQhlU8d3z7Q456AhLurCWvkiklseId2r3K1VKgriU6u+kdRUOI5z -IZspou0l/kpiaLWc1dvhWtuiTbvns/quHqYILteepYLhGcYfWfHYGUj93tkkogtH -xBeo3UPaX3xhNSQ2phm28G/8p3R6BYEPFEZ6BhvtW6qB4YhxqxK65ffHXqyIlsWb -DbDakaVkmvi1PhiB9PijnQNDpZdNdhFD/Lhlic51CVaMveymkaa5T+snc38N2gmn -3TUQKled3rVWXXfR/QA4l5G60w== ------END CERTIFICATE----- diff --git a/tools/simulator/etc/certs/server.csr b/tools/simulator/etc/certs/server.csr deleted file mode 100644 index e8b31f6a..00000000 --- a/tools/simulator/etc/certs/server.csr +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIC0zCCAbsCAQAwgY0xCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0Rvbmcx -EjAQBgNVBAcMCUd1YW5nWmhvdTETMBEGA1UECgwKemh1emFpeXVhbjETMBEGA1UE -CwwKemh1emFpeXVhbjENMAsGA1UEAwwEV0lGSTEdMBsGCSqGSIb3DQEJARYOMTAw -MEBnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtvRtr -8649IJ2vWHIgYsy1454cnlohhmsGk33ObZP8B49aiFF9C1axA7BtlOQIYQn43aYY -GsRt9y89MQAjmjtrKTeoovN7/86cBJ5nIXeBz66H3uA9TdFG6vqiCFHrCsNm2KAs -OfOlD6azifOzFxgvbNCoDjwCO0z3bMMJgGcO71MS2kl2momW1QF+uHUegNcKD8iz -2VibzIe1tcci9VsO1gmqO19h7U8mLniPLnjEhtvUrzs6vf3wwi63pURLKpNl2d0E -nVTV7808M9KExfTqwAYKwO25nVpzUvqwuNwgtVuMACnK/lDQ8klPtm7yBCOwvPn2 -txeQPnamx9c8g1xxAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAN1H7MuUehfzx -hDrdgu14U7QLWbcryt+D6yPaCZU8Dx5Evgp+dAmG+03sEvoW5+/EBxOTIOjB4SOv -bvV8wKlaTKHEWlvq4vZ9XLfDf3jf9DIXA0x1ml9/Fk603Cp05GjAxeUc+y8KRsW1 -eNEK4eCtq3URzch3NWVxx78w2K7+gI72v07FEU8pFcLfvIVUZzaxKlx0PYJ46tb4 -WrVThj0bt+Qg5GErqO6g2MT58o8hzhxno0h3C1cY6CgmELMY2FhewTlNeR+fSJHi -h8M5Zs3fQfRX9w5lbI+scrK2rJ3P6+ysQ1i4+qJcLSvUaegRiFtxrybOLl96X3j5 -CEa67+F34A== ------END CERTIFICATE REQUEST----- diff --git a/tools/simulator/etc/certs/server.key b/tools/simulator/etc/certs/server.key deleted file mode 100644 index a70eea02..00000000 --- a/tools/simulator/etc/certs/server.key +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQZ+pSip7fkA65BZO3 -kgfNiQICCAAwDAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI+wVMkQ0vIskEggTI -xf/tEd3zGn2WMnlbera1VWHyniDrXD/DbTL7wRTZWhZAa/Nyly78qP97wvFNnXs5 -U/bn2pmuDZc+UTQYMnJBbqCqG7QvevTuA0SXW3+NWwtGRlh4xSvakKh4t+L+owvT -tLkniKuw3Cst9fu6hhsYYPpzyarqgD2PXT5ADMXu5Ude8LWnbdBLuQTMLFUxOhjG -FO6IG73The3yUzepXgUPnWYFUe35ZCfH8cOnDGseN6mnpqaIhcDclvmO/Igp3fzH -9HosfFhfl9PAQc2zG8rddOl2oEyQ6g/KJaY6T5SfoOoCYrkrOc0NbFkxbIKh1zYx -uSnET/2ZBPSq6EVfLKYsEOK0BUovgGQ+FhwDjJrOHRTAPnXQcRW9OaVFSKcITStK -x5gPvsb89tLIygK9xdxw7cn4J5kdofP0aPdKp/bs0ZHj0LpUJqzyBrTECl2aqmNY -+XmAhbthPwe7SjMlpT/4v9/nFOClVCX/ESj56x5J+d6IfrOEfohx1jAYLxzE9Htw -geGvR7ytmS0ocERyyGcijxpFd+NY6pRSPA7pTy5a9edYOIiRWpx91UAYLMquguLw -Xm6oeC3TSoUQwKr168xBb/9bQEAd280+QYFfxNh0ZyJ1YeooP6Z6Xho0ntv3fOhv -4bOjcMvJZSzFeKusNIz8Jm0C+lU3imAR93Z7M6xIeZO5JOJLlp+RlypKfESBmsnl -ncuv7cEGCqt7x/x3cXDMGF3hkvxbFhF/5cE96QslqATAyX+CqHAEnpLScYGxmA7a -yz/7OQzhY6oQAUmmC4ARGHuBEXMlqF0x7DBuYFHRKRFO/bCRymJhkvAI3ZtbtnyL -6anJLnJmTU4JGUn0zqQkkNZimYM9T4x7+qrbFdKhG5m4444Lk8sW7hA18Y+6PKM3 -gjRIM2Xvw93rIoYm4LjJRPkHCKSs3Nx4OHcxyup890/9uRT+8a/tWNXnhCqnYbbX -tA7OPirUL5FnRQ2ALADOPBO+gjWHTmdKjqvWf7exmIjnvC5MZrbyMmS1kAeBO6+M -mlVHc5I6cbBHjwFPheEvqA/a/8ta681lJLSLgPYev+TqCFvcLxrMp9IVAGUJGKe9 -HsAxpD0vgnGIYixd+K+I2sHZ7eKZcckJiePH80j6urItdn0n9JuVlx1Jc+m+jOAM -xJWriS3SkAvO9vdYjvnPYT0eyYu3XE5oEl16eerCMiYtiT3MWf9Z+HEVYiwDj2By -W/bl8sL1cai60jROw6uSgOP6P0aKlDobRlDXDhjL3K1E6/0Lk0Uwu+hEwmacpcCT -njdTSBlOYXCCopnJETjcwjP1WSfmLIvwJ2BO+X56p29ZWCatm39Xki1jpSsSYz4N -ZCEDSeOoKkzFkVYx2CmzDpCjBl6KLZeDRrz7dPvVGpcmd9iepuix+T450CebWIPt -+twxAO14Omidpm7WPHK+J+Bw51JFCKy/3ZI0j23FQkriiZ5Tff4kNwyvAXVbSrB7 -+hGYVyYYv7pCb0P9AF1CmiCmNIZypMQyP+QAzU0ndbqP2w4FBXAU7Wn8e6OrtLIt -wXw1dL3awZmIPM375pxyAkBeFo7vVa99GRy++hl3rtSv/ovoWuhnDrnSHTft89dO -we6V8dpOj44vXYOm8z/rUIpG/1DBjKcB ------END ENCRYPTED PRIVATE KEY----- diff --git a/tools/simulator/etc/openssl.macOS.cnf b/tools/simulator/etc/openssl.macOS.cnf new file mode 100644 index 00000000..c3635914 --- /dev/null +++ b/tools/simulator/etc/openssl.macOS.cnf @@ -0,0 +1,351 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +# dir = ./demoCA # Where everything is kept +dir = ./ # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no)