Documented test certificate creation

jekuaitk · jekuaitk · commit ef2527d82e16 · 2025-01-17T13:48:42.000+01:00
diff --git a/README.md b/README.md
@@ -163,11 +163,57 @@ docker run --rm --volume ${PWD}:/app --workdir /app itkdev/php8.3-fpm ./scripts/
 We use [PHPUnit](https://phpunit.de/documentation.html) for unit testing.
 
 Testing mostly centers around the conversion and parsing of certificates. For this purpose a bunch of test
-certificates has been generated.
+certificates has been generated. See [Test certificates](#test-certificates) for how this is done.
 
 Running PHPUnit tests in a standalone Drupal module is a bit tricky, so we use a helper script to run the
 analysis:
 
 ```shell
 docker run --rm --volume ${PWD}:/app --workdir /app itkdev/php8.3-fpm ./scripts/unit-tests
 ```
+
+### Test certificates
+
+Certificates have been generated in the follow way
+
+```shell
+# p12 with password
+openssl req -x509 -newkey rsa:4096 -days 365 -subj "/CN=example.com" -passout pass:test -keyout test.key -out test.crt
+openssl pkcs12 -export -out test_with_passphrase.p12 -passin pass:test -passout pass:test -inkey test.key -in test.crt
+openssl pkcs12 -in test_with_passphrase.p12 -passin pass:test -noenc
+
+# p12 without password
+openssl req -x509 -newkey rsa:4096 -days 365 -subj "/CN=example.com" -passout pass:''   -keyout test_without_passphrase.key -out test_without_passphrase.crt
+openssl pkcs12 -export -out test_without_passphrase.p12 -passin pass:'' -passout pass:'' -inkey test_without_passphrase.key -in test_without_passphrase.crt
+openssl pkcs12 -in test_without_passphrase.p12 -passin pass:'' -noenc
+
+# PEM with password
+openssl req -x509 -newkey rsa:4096 -days 365 -subj "/CN=example.com" -passout pass:test -keyout test.key -out test.crt
+cat test.crt test.key > test_with_passphrase.pem
+openssl x509 -in test_with_passphrase.pem
+
+# PEM without password
+openssl req -x509 -newkey rsa:4096 -days 365 -subj "/CN=example.com" -passout pass:''   -keyout test_without_passphrase.key -out test_without_passphrase.crt -noenc
+cat test_without_passphrase.crt test_without_passphrase.key > test_without_passphrase.pem
+openssl x509 -in test_without_passphrase.pem
+```
+
+Extraction of certificate and private key parts in the following way
+
+```shell
+# P12 with passphrase
+openssl pkcs12 -in test_with_passphrase.p12 -passin pass:test -clcerts -nokeys | sed -ne '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' > p12_with_passphrase_cert.txt
+openssl pkcs12 -in test_with_passphrase.p12 -passin pass:test -nocerts -nodes | sed -ne '/-----BEGIN PRIVATE KEY-----/,/-----END PRIVATE KEY-----/p' > p12_with_passphrase_pkey.txt
+
+# P12 without passphrase
+openssl pkcs12 -in test_without_passphrase.p12 -passin pass: -clcerts -nokeys | sed -ne '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' > p12_without_passphrase_cert.txt
+openssl pkcs12 -in test_without_passphrase.p12 -passin pass: -nocerts -nodes | sed -ne '/-----BEGIN PRIVATE KEY-----/,/-----END PRIVATE KEY-----/p' > p12_without_passphrase_pkey.txt
+
+# PEM with passphrase
+openssl x509 -in test_with_passphrase.pem -passin pass:test -out pem_with_passphrase_cert.txt
+openssl pkey -in test_with_passphrase.pem -passin pass:test -out pem_with_passphrase_pkey.txt
+
+# PEM without passphrase
+openssl x509 -in test_without_passphrase.pem -passin pass: -out pem_without_passphrase_cert.txt
+openssl pkey -in test_without_passphrase.pem -passin pass: -out pem_without_passphrase_pkey.txt
+```
