Commits

Jajcus  committed 1e73056

More tests for pyxmpp2.cert

Also, fixes to some problems found by the tests

  • Participants
  • Parent commits fd9063b

Comments (0)

Files changed (11)

File pyxmpp2/cert.py

         :Returtype: `list` of `JID`
         """
         result = []
-        if "XmppAddr" in self.alt_names or "DNS" in self.alt_names:
-            addrs =  self.alt_names.get("XmppAddr", []) + self.alt_names.get(
-                                                                    "DNS", [])
+        if ("XmppAddr" in self.alt_names or "DNS" in self.alt_names
+                                                or "SRVName" in alt_names):
+            addrs =  self.alt_names.get("XmppAddr", []) 
+            addrs += [ addr for addr in self.alt_names.get("DNS", [])
+                                            if not addr.startswith("*.") ]
+            addrs += [ addr.split(".", 1)[1] for addr 
+                                        in self.alt_names.get("SRVName", [])
+                                        if addr.startswith("_xmpp-server.") ]
+            warn_bad = True
         elif self.common_names:
             addrs = [addr for addr in self.common_names
                                 if "@" not in addr and "/" not in addr]
+            warn_bad = False
         else:
             return []
         for addr in addrs:
                 if jid not in result:
                     result.append(jid)
             except JIDError, err:
-                logger.warning(u"Bad JID in the certificate: {0!r}: {1}"
+                if warn_bad:
+                    logger.warning(u"Bad JID in the certificate: {0!r}: {1}"
                                                             .format(addr, err))
         return result
 
         except AttributeError:
             # PyPy doesn't have .getppercert
             return cert
+        logger.debug("Certificate data from ssl module: {0!r}".format(data))
         if not data:
             return cert
         cert.validated = True
             self.alt_names[key] = new
 
 DN_OIDS = {
-        (2, 5, 4, 41): u"Name",
-        (2, 5, 4, 4): u"Surname",
-        (2, 5, 4, 42): u"GivenName",
-        (2, 5, 4, 43): u"Initials",
-        (2, 5, 4, 3): u"CommonName",
-        (2, 5, 4, 7): u"LocalityName",
-        (2, 5, 4, 8): u"StateOrProvinceName",
-        (2, 5, 4, 10): u"OrganizationName",
-        (2, 5, 4, 11): u"OrganizationalUnitName",
-        (2, 5, 4, 12): u"Title",
-        (2, 5, 4, 6): u"CountryName",
+        (2, 5, 4, 41): u"name",
+        (2, 5, 4, 4): u"surname",
+        (2, 5, 4, 42): u"givenName",
+        (2, 5, 4, 43): u"initials",
+        (2, 5, 4, 3): u"commonName",
+        (2, 5, 4, 7): u"localityName",
+        (2, 5, 4, 8): u"stateOrProvinceName",
+        (2, 5, 4, 10): u"organizationName",
+        (2, 5, 4, 11): u"organizationalUnitName",
+        (2, 5, 4, 12): u"title",
+        (2, 5, 4, 6): u"countryName",
 }
 
 def _decode_asn1_string(data):
     _cert_asn1_type = None
     @classmethod
     def from_ssl_socket(cls, ssl_socket):
-        """Load certificate data from an SSL socket.
-        """
+        
         try:
             data = ssl_socket.getpeercert(True)
         except AttributeError:
                     except UnicodeError:
                         logger.debug("Cannot decode value: {0!r}".format(value))
                         continue
-                    if val_type == u"CommonName":
+                    if val_type == u"commonName":
                         self.common_names.append(value)
                     rdnss_list.append((val_type, value))
                 subject_name.append(tuple(rdnss_list))

File pyxmpp2/test/cert.py

 import socket
 import ssl
 import threading
-
 import logging
 
+from datetime import datetime
+
 from pyxmpp2.test import _support
 
+from pyxmpp2.jid import JID
+
 from pyxmpp2.cert import HAVE_PYASN1
 from pyxmpp2.cert import get_certificate_from_ssl_socket
 from pyxmpp2.cert import get_certificate_from_file
 
 logger = logging.getLogger("pyxmpp2.test.cert")
 
-def socket_with_cert(cert_path, key_path, cacert_path):
+def socket_with_cert(cert_path, key_path, cacert_path, server_cert = True):
     cert_path = os.path.join(_support.DATA_DIR, cert_path)
     key_path = os.path.join(_support.DATA_DIR, key_path)
     cacert_path = os.path.join(_support.DATA_DIR, cacert_path)
             sock.setblocking(True)
             try:
                 ssl_sock = ssl.wrap_socket(sock, key_path, cert_path,
-                                            True, ca_certs = cacert_path)
+                             server_side = server_cert, ca_certs = cacert_path)
             finally:
                 sock.close()
         finally:
     thread.start()
     client_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     client_sock.connect(addr)
-    return ssl.wrap_socket(client_sock, cert_reqs = ssl.CERT_REQUIRED,
+    if server_cert:
+        return ssl.wrap_socket(client_sock, cert_reqs = ssl.CERT_REQUIRED,
+                        server_side = False, ca_certs = cacert_path)
+    else:
+        s_cert_path = os.path.join(_support.DATA_DIR, "server.pem")
+        s_key_path = os.path.join(_support.DATA_DIR, "server-key.pem")
+        return ssl.wrap_socket(client_sock, s_key_path, s_cert_path,
+                        cert_reqs = ssl.CERT_REQUIRED, server_side = True,
                                                     ca_certs = cacert_path)
     
 class TestCertFunctions(unittest.TestCase):
         self.assertIsInstance(cert, ASN1CertificateData)
         self.assertFalse(cert.validated)
         self.assertTrue("user@server.example.org" in cert.alt_names["XmppAddr"])
+
+class TestBasicCertificateData(unittest.TestCase):
+    @staticmethod
+    def load_certificate(name, server_cert = True):
+        cert_file = name + ".pem"
+        key_file = name + "-key.pem"
+        socket = socket_with_cert(cert_file, key_file, "ca.pem", server_cert)
+        return BasicCertificateData.from_ssl_socket(socket)
+
+    def test_server_cert_fields(self):
+        cert = self.load_certificate("server", True)
+        self.assertEqual(cert.subject_name, (
+                                (('organizationName', u'PyXMPP'),),
+                                (('organizationalUnitName', u'Unit Tests'),),
+                                (('commonName', u'server.example.org'),)
+                                            ))
+        self.assertIsInstance(cert.not_after, datetime)
+        self.assertGreater(cert.not_after, datetime.now())
+        self.assertEqual(list(cert.common_names), [u"server.example.org"])
+        self.assertEqual(list(cert.alt_names["DNS"]), [u"server.example.org"])
+        if not isinstance(cert, BasicCertificateData):
+            self.assertEqual(list(cert.alt_names["SRVName"]),
+                                        [u"_xmpp-server.server.example.org"])
+        self.assertEqual(cert.display_name, u"organizationName=PyXMPP, "
+                            u"organizationalUnitName=Unit Tests, "
+                            u"commonName=server.example.org")
+        self.assertEqual(cert.get_jids(), [JID("server.example.org")])
+
+    def test_client_cert_fields(self):
+        cert = self.load_certificate("client", False)
+        self.assertEqual(cert.subject_name, (
+                                (('organizationName', u'PyXMPP'),),
+                                (('organizationalUnitName', u'Unit Tests'),),
+                                (('commonName', u'Client Name'),)
+                                            ))
+        self.assertIsInstance(cert.not_after, datetime)
+        self.assertGreater(cert.not_after, datetime.now())
+        self.assertEqual(list(cert.common_names), [u"Client Name"])
+        self.assertFalse(cert.alt_names.get("DNS"))
+        self.assertFalse(cert.alt_names.get("SRVName"))
+        if not isinstance(cert, BasicCertificateData):
+            self.assertEqual(list(cert.alt_names["XmppAddr"]),
+                                        [u"user@server.example.org"])
+        self.assertEqual(cert.display_name, u"organizationName=PyXMPP, "
+                            u"organizationalUnitName=Unit Tests, "
+                            u"commonName=Client Name")
+        if not isinstance(cert, BasicCertificateData):
+            self.assertEqual(cert.get_jids(), [JID("user@server.example.org")])
+
+    def test_server1_cert_fields(self):
+        cert = self.load_certificate("server1", True)
+        self.assertEqual(cert.subject_name, (
+                                (('organizationName', u'PyXMPP'),),
+                                (('organizationalUnitName', u'Unit Tests'),),
+                                (('commonName', u'common-name.example.org'),)
+                                            ))
+        self.assertIsInstance(cert.not_after, datetime)
+        self.assertGreater(cert.not_after, datetime.now())
+        self.assertEqual(list(cert.common_names), [u"common-name.example.org"])
+        self.assertEqual(list(cert.alt_names["DNS"]), 
+                                [u"dns1.example.org", u"dns2.example.org",
+                                    u"*.wild.example.org"])
+        if not isinstance(cert, BasicCertificateData):
+            self.assertEqual(list(cert.alt_names["SRVName"]),
+                                    [u"_xmpp-server.srv1.example.org",
+                                        u"_xmpp-server.srv2.example.org"])
+            self.assertEqual(list(cert.alt_names["XmppAddr"]),
+                                    [u"xmppaddr1.example.org",
+                                        u"xmppaddr2.example.org"])
+        self.assertEqual(cert.display_name, u"organizationName=PyXMPP, "
+                            u"organizationalUnitName=Unit Tests, "
+                            u"commonName=common-name.example.org")
+        jids = [JID("dns1.example.org"), JID("dns2.example.org")]
+        if not isinstance(cert, BasicCertificateData):
+            jids += [
+                    JID("srv1.example.org"), JID("srv2.example.org"),
+                    JID("xmppaddr1.example.org"), JID("xmppaddr2.example.org")]
+        self.assertEqual(set(cert.get_jids()), set(jids))
+
+    def _test_client1_cert_fields(self):
+        cert = self.load_certificate("client", False)
+        self.assertEqual(cert.subject_name, (
+                                (('organizationName', u'PyXMPP'),),
+                                (('organizationalUnitName', u'Unit Tests'),),
+                                (('commonName', u'common-name@example.org'),)
+                                            ))
+        self.assertIsInstance(cert.not_after, datetime)
+        self.assertGreater(cert.not_after, datetime.now())
+        self.assertEqual(list(cert.common_names), [u"common-name@example.org"])
+        self.assertFalse(cert.alt_names.get("DNS"))
+        self.assertFalse(cert.alt_names.get("SRVName"))
+        if not isinstance(cert, BasicCertificateData):
+            self.assertEqual(list(cert.alt_names["XmppAddr"]),
+                            [u"user1@server.example.org",
+                                            u"user2@server.example.org"])
+        self.assertEqual(cert.display_name, u"organizationName=PyXMPP, "
+                            u"organizationalUnitName=Unit Tests, "
+                            u"commonName=common-name@example.org")
+        if not isinstance(cert, BasicCertificateData):
+            self.assertEqual(cert.get_jids(), [JID("user1@server.example.org"),
+                                            JID("user2@server.example.org")])
+
+
+@unittest.skipUnless(HAVE_PYASN1, "No pyasn1")
+class TestASN1CertificateData(TestBasicCertificateData):
+    @staticmethod
+    def load_certificate(name, server_cert = True):
+        cert_file = os.path.join(_support.DATA_DIR, name + ".pem")
+        return ASN1CertificateData.from_file(cert_file)
  
 # pylint: disable=W0611
 from pyxmpp2.test._support import load_tests, setup_logging

File pyxmpp2/test/data/Makefile

 
 .PHONY: certs
 
-certs: ca.pem client.pem client-key.pem server.pem server-key.pem
+certs: ca.pem client.pem client-key.pem client1.pem client1-key.pem server.pem server-key.pem server1.pem server1-key.pem
 
 ca.pem ca-key.pem: openssl-ca.cnf
 	openssl req -config openssl-ca.cnf -new -x509 -nodes -keyout ca-key.pem -out ca.pem -days 3650
 client.pem: client-req.pem ca.pem ca-key.pem
 	openssl x509 -extfile openssl-client.cnf -extensions v3_req -req -in client-req.pem -CA ca.pem -CAkey ca-key.pem -set_serial 1 -days 3650 -out client.pem
 
+client1-req.pem client1-key.pem: openssl-client1.cnf
+	openssl req -config openssl-client1.cnf -new -nodes -keyout client1-key.pem -out client1-req.pem -days 3650
+
+client1.pem: client1-req.pem ca.pem ca-key.pem
+	openssl x509 -extfile openssl-client1.cnf -extensions v3_req -req -in client1-req.pem -CA ca.pem -CAkey ca-key.pem -set_serial 1 -days 3650 -out client1.pem
+
 server-req.pem server-key.pem: openssl-server.cnf
 	openssl req -config openssl-server.cnf -new -nodes -keyout server-key.pem -out server-req.pem -days 3650
 
 server.pem: server-req.pem ca.pem ca-key.pem
 	openssl x509 -extfile openssl-server.cnf -extensions v3_req -req -in server-req.pem -CA ca.pem -CAkey ca-key.pem -set_serial 2 -days 3650 -out server.pem
 
+server1-req.pem server1-key.pem: openssl-server1.cnf
+	openssl req -config openssl-server1.cnf -new -nodes -keyout server1-key.pem -out server1-req.pem -days 3650
+
+server1.pem: server1-req.pem ca.pem ca-key.pem
+	openssl x509 -extfile openssl-server1.cnf -extensions v3_req -req -in server1-req.pem -CA ca.pem -CAkey ca-key.pem -set_serial 2 -days 3650 -out server1.pem
+

File pyxmpp2/test/data/client1-key.pem

+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALX5WdQcSC+61BYK
+xLajaMtkLrp7NRmySHuff6RJ/kQfwwaZNDhWbRZSdHatV0RazD/0riJKcD8Jz5ZX
+QfouDMn1z+3FFq0f2/3TE/FM4qQE1S+pYRxYPyoEao4TtdV3QV8CHGSC49Xn5nTI
+M4Ki2rEDW09lxvpW9Qiwvdl6YqrlAgMBAAECgYEAjmdhioHPY7qaud0Xb62VFoWB
+o+FC/qbr3gJFSvW0iu8oGYPOv7+ygmNoTG79+bnsWKhLlP4XtN0inA4QzY0354hh
+8r6dZKoRrVdb7ilBUp1eXfrg2xmEbA2b69QzPjKJIjdDMP+YC9+L+7wYXjvi6S8U
+wG8yG07CSaXcArUNlEECQQDvOK3GcddW8EoHpr1+gy9BnFXA5gxB0s6q4CntZBkQ
+xzD+kwHO0r1ddwADtOGLlpZl9EcAov6CoaFlNCFQK3ApAkEAwrzFdSySGem39mNX
+YWYEB0r2yxsaqHC92qnw5xSES6+EMnNpQimye/XdK/r1cqqyQAyya3UOFZuwpq/D
+PbEMXQJBAIE6Ig3Ac66AUc1+UoFkRoPv+xcgbuCkC4adX6jg2PWKVTpAmcprZ2Z1
+IWnfLbQlXgungS+j3U8eFzy/g3t2a7kCQAsHpid83smY81KBTfG2VYQUOuZGIrxn
+plk8RujPwK6IwnQZFV0p/3IF+wECteRIxs/Z6EEt4B5ZMyg9zFEyNgECQQDGJG5G
+cLn4VQzxmUwi8PTe0x8B4Y2Usxi3TNosjsAjR9o8k+7iXaT2i/wkn3UZsbJkijZZ
+jyUCn7JI6gXX84b8
+-----END PRIVATE KEY-----

File pyxmpp2/test/data/client1-req.pem

+-----BEGIN CERTIFICATE REQUEST-----
+MIICDjCCAXcCAQAwSDEPMA0GA1UECgwGUHlYTVBQMRMwEQYDVQQLDApVbml0IFRl
+c3RzMSAwHgYDVQQDDBdjb21tb24tbmFtZUBleGFtcGxlLm9yZzCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAtflZ1BxIL7rUFgrEtqNoy2Quuns1GbJIe59/pEn+
+RB/DBpk0OFZtFlJ0dq1XRFrMP/SuIkpwPwnPlldB+i4MyfXP7cUWrR/b/dMT8Uzi
+pATVL6lhHFg/KgRqjhO11XdBXwIcZILj1efmdMgzgqLasQNbT2XG+lb1CLC92Xpi
+quUCAwEAAaCBhTCBggYJKoZIhvcNAQkOMXUwczAJBgNVHRMEAjAAMAsGA1UdDwQE
+AwIF4DBZBgNVHREEUjBQoCYGCCsGAQUFBwgFoBoMGHVzZXIxQHNlcnZlci5leGFt
+cGxlLm9yZ6AmBggrBgEFBQcIBaAaDBh1c2VyMkBzZXJ2ZXIuZXhhbXBsZS5vcmcw
+DQYJKoZIhvcNAQEFBQADgYEAWGmj/TwHIQ3G+3H8/pplVXDdo1ZgtPRFtFJgfMVP
+LDH74ukTzFo4brj4NIpffRdiQFsqy07LVpBjTTsGh5dIIE/ek3RadDj1zSH5eRod
+P8ZNcp6mT23u76loLaXe3twmjFcN8XPWCsxGMcByI6KRoxgwuHFebAH8GzbSQNyG
+uYc=
+-----END CERTIFICATE REQUEST-----

File pyxmpp2/test/data/client1.pem

+-----BEGIN CERTIFICATE-----
+MIICZjCCAc+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAzMQ8wDQYDVQQKDAZQeVhN
+UFAxEzARBgNVBAsMClVuaXQgVGVzdHMxCzAJBgNVBAMMAkNBMB4XDTExMDkwNTE4
+MDkyN1oXDTIxMDkwMjE4MDkyN1owSDEPMA0GA1UECgwGUHlYTVBQMRMwEQYDVQQL
+DApVbml0IFRlc3RzMSAwHgYDVQQDDBdjb21tb24tbmFtZUBleGFtcGxlLm9yZzCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtflZ1BxIL7rUFgrEtqNoy2Quuns1
+GbJIe59/pEn+RB/DBpk0OFZtFlJ0dq1XRFrMP/SuIkpwPwnPlldB+i4MyfXP7cUW
+rR/b/dMT8UzipATVL6lhHFg/KgRqjhO11XdBXwIcZILj1efmdMgzgqLasQNbT2XG
++lb1CLC92XpiquUCAwEAAaN1MHMwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwWQYD
+VR0RBFIwUKAmBggrBgEFBQcIBaAaDBh1c2VyMUBzZXJ2ZXIuZXhhbXBsZS5vcmeg
+JgYIKwYBBQUHCAWgGgwYdXNlcjJAc2VydmVyLmV4YW1wbGUub3JnMA0GCSqGSIb3
+DQEBBQUAA4GBAJ9QPGp90Y2p93bnf/vssR/3IKLnaWndtfBIB9upDuAwj2Ll3JZR
+mxYQ5q0vQABOeI2YMS7PsNhybyZJzLwPTQK2kDGAzKkmMwlC8ee6/zTIqHgdHeb+
+BuFSznwRinKSkcuQa106XQTcEOXBaTPaCLtp2GQOu9gg3UVeufdWo41r
+-----END CERTIFICATE-----

File pyxmpp2/test/data/openssl-client1.cnf

+oid_section = new_oids
+
+[ new_oids ]
+xmppAddr = 1.3.6.1.5.5.7.8.5
+SRVName = 1.3.6.1.5.5.7.8.7
+
+[ req ]
+prompt = no
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+string_mask = utf8only
+req_extensions = v3_req
+x509_extensions = v3_req
+
+[ req_distinguished_name ]
+organizationName	= PyXMPP
+organizationalUnitName	= Unit Tests
+commonName		= common-name@example.org
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:user1@server.example.org,otherName:1.3.6.1.5.5.7.8.5;UTF8:user2@server.example.org

File pyxmpp2/test/data/openssl-server1.cnf

+oid_section = new_oids
+
+[ new_oids ]
+xmppAddr = 1.3.6.1.5.5.7.8.5
+SRVName = 1.3.6.1.5.5.7.8.7
+
+[ req ]
+prompt = no
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+string_mask = utf8only
+req_extensions = v3_req
+
+[ req_distinguished_name ]
+organizationName	= PyXMPP
+organizationalUnitName	= Unit Tests
+commonName		= common-name.example.org
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName=DNS:dns1.example.org,DNS:dns2.example.org,DNS:*.wild.example.org,otherName:1.3.6.1.5.5.7.8.7;IA5:_xmpp-server.srv1.example.org,otherName:1.3.6.1.5.5.7.8.7;IA5:_xmpp-server.srv2.example.org,otherName:1.3.6.1.5.5.7.8.5;UTF8:xmppaddr1.example.org,otherName:1.3.6.1.5.5.7.8.5;UTF8:xmppaddr2.example.org

File pyxmpp2/test/data/server1-key.pem

+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAPh+eXefG213bE4i
+eFZbJIdwCP/8WbSX7oVCKfZ1+cLiwVNlsn0ixLdXxVx25C3g0cfZThsGfU6Y+GsT
+52eI0OYh2P9GfnLwQcFuQS+O2fKUgfjFAGLl9rsNuJoOV2YCvXRiniCKZDtXbU65
+8KbmOkvjx/sMi4lVAvZAVqBHn9qfAgMBAAECgYEA9RAFyqrm6bX04bms471O8SLU
+PWApN6j+Wf0+VQlUH5ZxAkYxGKfJSOcOhHnb3kLxoB32oUBtI65Ij5E5jSmomNsX
+2MLvAE6lsYl6761yFwT95gxn6d088A7OQMbOX14r84k+OjCVRaEfuSa9aRV3prqe
+LnVnyqGmHLPE78CNcEECQQD+p/nvPQUlIy78yKbQk1p3zlbQ3zIvZwn9HuZzlDqR
+anisvJ8//iQMxaAQJ4ViS0LqDXegygK+IsJxS/UDr1ztAkEA+c4sboPM7WmrcpgG
+ywHIqQ5XOfHC9dhcYdIziXbwEyMQyyLMbOh9jV3n3VCH0lMeMmW25fLEb9WX/vIx
+T80wOwJBAN/snR39rjSFx5+IYQcvS3HmAvkQCnUcSfBF56biRM3xrcNW6UHAG7sP
+XDxYRDW2sFRXG0ZL3DWNIyW1APIIldECQCcqNvcgvOlgDtxJj48WeYJf2Dcie2GW
+CW3gyem8dwlZDxH6I7jTfpPCbE7biF/mXi6imdlVhYzPHSSAjlCnp+8CQQCrcVSX
+6bLxT00A5FlhCaptxHzvE2kK3GdDmUpNzk5KqNh2V39z6uP/sKNnsl46BUe+FSox
+W+Ny81+Ut1nyOaoY
+-----END PRIVATE KEY-----

File pyxmpp2/test/data/server1-req.pem

+-----BEGIN CERTIFICATE REQUEST-----
+MIICozCCAgwCAQAwSDEPMA0GA1UECgwGUHlYTVBQMRMwEQYDVQQLDApVbml0IFRl
+c3RzMSAwHgYDVQQDDBdjb21tb24tbmFtZS5leGFtcGxlLm9yZzCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEA+H55d58bbXdsTiJ4Vlskh3AI//xZtJfuhUIp9nX5
+wuLBU2WyfSLEt1fFXHbkLeDRx9lOGwZ9Tpj4axPnZ4jQ5iHY/0Z+cvBBwW5BL47Z
+8pSB+MUAYuX2uw24mg5XZgK9dGKeIIpkO1dtTrnwpuY6S+PH+wyLiVUC9kBWoEef
+2p8CAwEAAaCCARkwggEVBgkqhkiG9w0BCQ4xggEGMIIBAjAJBgNVHRMEAjAAMAsG
+A1UdDwQEAwIF4DCB5wYDVR0RBIHfMIHcghBkbnMxLmV4YW1wbGUub3JnghBkbnMy
+LmV4YW1wbGUub3JnghIqLndpbGQuZXhhbXBsZS5vcmegKwYIKwYBBQUHCAegHxYd
+X3htcHAtc2VydmVyLnNydjEuZXhhbXBsZS5vcmegKwYIKwYBBQUHCAegHxYdX3ht
+cHAtc2VydmVyLnNydjIuZXhhbXBsZS5vcmegIwYIKwYBBQUHCAWgFwwVeG1wcGFk
+ZHIxLmV4YW1wbGUub3JnoCMGCCsGAQUFBwgFoBcMFXhtcHBhZGRyMi5leGFtcGxl
+Lm9yZzANBgkqhkiG9w0BAQUFAAOBgQBUFvQwcI9rLk7tKS7az1qAFPpDMoVEXVhG
+7m5R4MxD/7dVjsMK2QX2/xk0/k6ZKHpIrCZ1TqBJPN5Pcq6aoQZLDOjK52ZxgSSb
+lrd1p5GqT6v1TFsgwROpM1pPmZEOaID4wI59Z0ctcIdlhoUtNSEZrkvFJ6R4QNsf
+wqCb0a/etg==
+-----END CERTIFICATE REQUEST-----

File pyxmpp2/test/data/server1.pem

+-----BEGIN CERTIFICATE-----
+MIIC+TCCAmKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAzMQ8wDQYDVQQKDAZQeVhN
+UFAxEzARBgNVBAsMClVuaXQgVGVzdHMxCzAJBgNVBAMMAkNBMB4XDTExMDkwNTE4
+MjU1OFoXDTIxMDkwMjE4MjU1OFowSDEPMA0GA1UECgwGUHlYTVBQMRMwEQYDVQQL
+DApVbml0IFRlc3RzMSAwHgYDVQQDDBdjb21tb24tbmFtZS5leGFtcGxlLm9yZzCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+H55d58bbXdsTiJ4Vlskh3AI//xZ
+tJfuhUIp9nX5wuLBU2WyfSLEt1fFXHbkLeDRx9lOGwZ9Tpj4axPnZ4jQ5iHY/0Z+
+cvBBwW5BL47Z8pSB+MUAYuX2uw24mg5XZgK9dGKeIIpkO1dtTrnwpuY6S+PH+wyL
+iVUC9kBWoEef2p8CAwEAAaOCAQYwggECMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXg
+MIHnBgNVHREEgd8wgdyCEGRuczEuZXhhbXBsZS5vcmeCEGRuczIuZXhhbXBsZS5v
+cmeCEioud2lsZC5leGFtcGxlLm9yZ6ArBggrBgEFBQcIB6AfFh1feG1wcC1zZXJ2
+ZXIuc3J2MS5leGFtcGxlLm9yZ6ArBggrBgEFBQcIB6AfFh1feG1wcC1zZXJ2ZXIu
+c3J2Mi5leGFtcGxlLm9yZ6AjBggrBgEFBQcIBaAXDBV4bXBwYWRkcjEuZXhhbXBs
+ZS5vcmegIwYIKwYBBQUHCAWgFwwVeG1wcGFkZHIyLmV4YW1wbGUub3JnMA0GCSqG
+SIb3DQEBBQUAA4GBAEYCT986NszS4XTflhkeTc9ivntt+TWgCf/LyfUOLEvrSTfz
+YD8CtysNNGz2tC0e3Vc6Ut2f/1YCn893JE7idtbouSoxb4twTpSjs2FXG+unEpa+
+RkuIHQyqsc69D8pfXt7KDFJyE12UsZXaSE4ARqpFCTVIXvVUZQfLgfbEd/E8
+-----END CERTIFICATE-----