IPAd_Tests: add testsuite for an IPAd
With this patch we add a testsuite that can be used to test an IPAd
implementation.
The testsuite emulates the ESipa and the ES10x (pcsc cardreader)
interface and is capable of testing a direct profile download and other
ESipa features like the execution of an eIM package (eCO, PSMO).
Change-Id: Ic9ea8c69e56a2e8ddf0f506861ece6d40cbcb06d
Related: SYS#6564
diff --git a/ipad/example_ca/pki/safessl-easyrsa.cnf b/ipad/example_ca/pki/safessl-easyrsa.cnf
new file mode 100644
index 0000000..d42bba9
--- /dev/null
+++ b/ipad/example_ca/pki/safessl-easyrsa.cnf
@@ -0,0 +1,143 @@
+# For use with Easy-RSA 3.0+ and OpenSSL or LibreSSL
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = /home/user/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki # Where everything is kept
+certs = /home/user/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki # Where the issued certs are kept
+crl_dir = /home/user/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki # Where the issued crl are kept
+database = /home/user/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/index.txt # database index file.
+new_certs_dir = /home/user/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/certs_by_serial # default place for new certs.
+
+certificate = /home/user/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/ca.crt # The CA certificate
+serial = /home/user/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/serial # The current serial number
+crl = /home/user/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/crl.pem # The current CRL
+private_key = /home/user/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/private/ca.key # The private key
+RANDFILE = /home/user/work/ttcn3/testsuite/osmo-ttcn3-hacks/ipad/example_ca/pki/.rand # private random number file
+
+x509_extensions = basic_exts # The extensions to add to the cert
+
+# A placeholder to handle the --copy-ext feature:
+#%COPY_EXTS% # Do NOT remove or change this line as --copy-ext support requires it
+
+# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
+# is designed for will. In return, we get the Issuer attached to CRLs.
+crl_extensions = crl_ext
+
+default_days = 365000 # how long to certify for
+default_crl_days = 180 # how long before next CRL
+default_md = sha256 # use public key default MD
+preserve = no # keep passed DN ordering
+
+# This allows to renew certificates which have not been revoked
+unique_subject = no
+
+# A few different ways of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_anything
+
+# For the 'anything' policy, which defines allowed DN fields
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+name = optional
+emailAddress = optional
+
+####################################################################
+# Easy-RSA request handling
+# We key off $DN_MODE to determine how to format the DN
+[ req ]
+default_bits = 2048
+default_keyfile = privkey.pem
+default_md = sha256
+distinguished_name = cn_only
+x509_extensions = easyrsa_ca # The extensions to add to the self signed cert
+
+# A placeholder to handle the $EXTRA_EXTS feature:
+#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
+
+####################################################################
+# Easy-RSA DN (Subject) handling
+
+# Easy-RSA DN for cn_only support:
+[ cn_only ]
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = ChangeMe
+
+# Easy-RSA DN for org support:
+[ org ]
+countryName = Country Name (2 letter code)
+countryName_default = US
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = California
+
+localityName = Locality Name (eg, city)
+localityName_default = San Francisco
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = Copyleft Certificate Co
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = My Organizational Unit
+
+commonName = Common Name (eg: your user, host, or server name)
+commonName_max = 64
+commonName_default = ChangeMe
+
+emailAddress = Email Address
+emailAddress_default = me@example.net
+emailAddress_max = 64
+
+####################################################################
+# Easy-RSA cert extension handling
+
+# This section is effectively unused as the main script sets extensions
+# dynamically. This core section is left to support the odd usecase where
+# a user calls openssl directly.
+[ basic_exts ]
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+
+# The Easy-RSA CA extensions
+[ easyrsa_ca ]
+
+# PKIX recommendations:
+
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This could be marked critical, but it's nice to support reading by any
+# broken clients who attempt to do so.
+basicConstraints = CA:true
+
+# Limit key usage to CA tasks. If you really want to use the generated pair as
+# a self-signed cert, comment this out.
+keyUsage = cRLSign, keyCertSign
+
+# nsCertType omitted by default. Let's try to let the deprecated stuff die.
+# nsCertType = sslCA
+
+# A placeholder to handle the $X509_TYPES and CA extra extensions $EXTRA_EXTS:
+#%CA_X509_TYPES_EXTRA_EXTS% # Do NOT remove or change this line as $X509_TYPES and EXTRA_EXTS demands it
+
+# CRL extensions.
+[ crl_ext ]
+
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always