Refactor: move all logics into CertificationAuthority

Signed-off-by: Yuuta Liang <yuutaw@student.cs.ubc.ca>

1 files changed, 40 insertions, 48 deletions

diff --git a/tests/ca.cnf b/tests/ca.cnf
index ef5a9c9..9c034cc 100644
--- a/tests/ca.cnf
+++ b/tests/ca.cnf
@@ -15,13 +15,6 @@ RANDFILE	= $dir/.rand
 private_key	= $dir/ca.key
 certificate	= $dir/ca.crt
 
-# CRL
-crlnumber	= $dir/crlnumber
-crl		= $dir/ca.crl
-crl_extensions	= crl_ext
-# Root CA CRL: 1 year
-default_crl_days	= 365
-
 # Cryptography
 default_md	= sha512
 
@@ -54,55 +47,54 @@ x509_extensions		= extensions
 [ req_dn ]
 commonName		= Common Name
 countryName		= Country Name (2 letter code)
-# For simplicity
-#stateOrProvinceName	= State or Province Name
-#localityName		= Locality Name
-#0.organizationName	= Organization Name
-# CAB Baseline (BR) v2.0.0
-# OU name must not present
-# Email address is not recommended (as per Jimmy)
-#organizationalUnitName	= Organizational Unit Name
-#emailAddress		= Email Address
-
 commonName_default		= Test Root CA
 countryName_default		= CA
-#stateOrProvinceName_default	= British Columbia
-#localityName_default		= Vancouver
-#0.organizationName_default	= Yuuta Home
-#organizationalUnitName_default	= IT
-#emailAddress_default		= yuuta@yuuta.moe
 
 [ extensions ]
 subjectKeyIdentifier	= hash
 authorityKeyIdentifier	= keyid:always,issuer
 basicConstraints	= critical, CA:true
 keyUsage		= critical, digitalSignature, cRLSign, keyCertSign
-# Seems like it is completely unnecessary to put CRL and AIA in RootCA
-# because they point to the issuer's info.
-# crlDistributionPoints	= crldp
-# Because I don't have a real OID
-#certificatePolicies	= @polset
-# Seems like it is unnecessary.
-#authorityInfoAccess	= caIssuers;URI:http://home.yuuta.moe/pki/rootca.crt
-
-[ extensions_sub ]
+
+[ extensions_sub_normal ]
+subjectKeyIdentifier	= hash
+authorityKeyIdentifier	= keyid:always,issuer
+basicConstraints	= critical, CA:true
+keyUsage		= critical, digitalSignature, cRLSign, keyCertSign
+
+[ extensions_sub_basic_constraints_no ]
 subjectKeyIdentifier	= hash
 authorityKeyIdentifier	= keyid:always,issuer
-basicConstraints	= critical, CA:true, pathlen: 0
 keyUsage		= critical, digitalSignature, cRLSign, keyCertSign
-crlDistributionPoints	= crldp
-authorityInfoAccess	= caIssuers;URI:http://home.yuuta.moe/pki/rootca.crt
-
-#[ polset ]
-#policyIdentifier	= 1.3.6.1.4.1.191981.5.1.1
-#CPS.1			= "http://home.yuuta.moe/pki/policy"
-#userNotice.1		= @polset_notice
-#
-#[ polset_notice ]
-#explicitText	= "This certificate authority is for internal use only."
-
-[ crldp ]
-fullname	= URI:http://home.yuuta.moe/pki/rootca.crl
-
-[ crl_ext ]
-authorityKeyIdentifier	= keyid:always
+
+[ extensions_sub_basic_constraints_wrong ]
+subjectKeyIdentifier	= hash
+authorityKeyIdentifier	= keyid:always,issuer
+basicConstraints	= critical, CA:false
+keyUsage		= critical, digitalSignature, cRLSign, keyCertSign
+
+[ extensions_sub_key_usage_missing ]
+subjectKeyIdentifier	= hash
+authorityKeyIdentifier	= keyid:always,issuer
+basicConstraints	= critical, CA:true
+
+[ extensions_sub_key_usage_wrong_1 ]
+subjectKeyIdentifier	= hash
+authorityKeyIdentifier	= keyid:always,issuer
+basicConstraints	= critical, CA:true
+# No digitalSignature
+keyUsage		= critical, cRLSign, keyCertSign
+
+[ extensions_sub_key_usage_wrong_2 ]
+subjectKeyIdentifier	= hash
+authorityKeyIdentifier	= keyid:always,issuer
+basicConstraints	= critical, CA:true
+# No cRLSign
+keyUsage		= critical, digitalSignature, keyCertSign
+
+[ extensions_sub_key_usage_wrong_3 ]
+subjectKeyIdentifier	= hash
+authorityKeyIdentifier	= keyid:always,issuer
+basicConstraints	= critical, CA:true
+# No keyCertSign
+keyUsage		= critical, digitalSignature, cRLSign