✅ Test harness, of sorts.

.gitignore

@@ -21,5 +21,13 @@ go.work
 .vscode/launch.json
 build/*
 lotw-trust
-test.sh
 
+# Testcases tree
+testcases/results/*
+testcases/keys/cache/chain/*.der
+!testcases/keys/cache/chain/mockup.der
+testcases/keys/cache/*.der
+testcases/**/*.old
+
+# This, surprisingly, goes last.
+!.gitkeep

README.md

@@ -93,7 +93,9 @@ This is a [Go](https://go.dev/) program, so this should be easy enough, provided
 
     go install github.com/Mihara/lotw-trust@latest
 
-It was written with go 1.20.5 and I currently don't know what's the minimum version requirement. Binaries for a number of platforms are provided in the releases section.
+It was written with go 1.20.5 and I currently don't know what's the minimum version requirement. Binaries for a number of platforms are provided in the releases section. `build.sh` will cross-compile binaries for all supported platforms.
+
+See `testcases` and `test.sh` for simple test cases and a faux-LoTW certification tree structure to play with.
 
 ## Plans for future development
 

main.go

@@ -268,7 +268,7 @@ func main() {
 	rootFiles, _ = os.ReadDir(rootsCacheDir)
 	for _, f := range rootFiles {
 		if strings.HasSuffix(strings.ToLower(f.Name()), ".der") {
-			der, err := dataFiles.ReadFile(filepath.Join(rootsCacheDir, f.Name()))
+			der, err := os.ReadFile(filepath.Join(rootsCacheDir, f.Name()))
 			check(err, "Failed to read a root certificate from cache.")
 			crt, err := x509.ParseCertificate(der)
 			check(err, "Failed to parse a root certificate from cache.")

test.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# This is a preliminary smoke test engine, and not a proper integration test framework.
+# Yet. It lets people run tests without ever touching their real key file though.
+
+CACHE=testcases/keys/cache
+KEY=testcases/keys/N0CALL.p12
+SRC=testcases/files
+DST=testcases/results
+
+# Straightforward signature.
+go run *.go sign -c $CACHE -p changeme $KEY $SRC/sstv.jpg $DST/sstv-signed.jpg
+go run *.go verify -c $CACHE $DST/sstv-signed.jpg $DST/sstv-unsigned.jpg
+cmp -l $SRC/sstv.jpg $DST/sstv-unsigned.jpg
+
+# Uncompressed signature.
+go run *.go sign -c $CACHE -p changeme -u -a $KEY $SRC/sstv.jpg $DST/sstv-signed-unc.jpg
+go run *.go verify -c $CACHE $DST/sstv-signed-unc.jpg $DST/sstv-unsigned.jpg
+cmp -l $SRC/sstv.jpg $DST/sstv-unsigned.jpg
+
+# Text mode signing.
+go run *.go sign -t -c $CACHE -p changeme $KEY $SRC/lipsum.txt $DST/lipsum-signed.txt
+go run *.go verify -t -c $CACHE $DST/lipsum-signed.txt $DST/lipsum-unsigned.txt

testcases/files/lipsum.txt

@@ -0,0 +1,10 @@
+Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Imperdiet massa tincidunt nunc pulvinar sapien et ligula. Enim facilisis gravida neque convallis a cras semper. Viverra maecenas accumsan lacus vel facilisis volutpat est. Nunc sed velit dignissim sodales ut eu sem. Tellus integer feugiat scelerisque varius morbi. Nec nam aliquam sem et tortor consequat. Urna porttitor rhoncus dolor purus. Ac ut consequat semper viverra. Amet venenatis urna cursus eget nunc scelerisque viverra mauris. Tortor condimentum lacinia quis vel eros. Tellus cras adipiscing enim eu turpis egestas pretium aenean. Duis convallis convallis tellus id interdum. Varius duis at consectetur lorem donec massa sapien faucibus et. Aenean euismod elementum nisi quis eleifend quam adipiscing. Nibh sit amet commodo nulla facilisi nullam. Sit amet purus gravida quis blandit. Nullam vehicula ipsum a arcu cursus vitae congue mauris.
+
+Dui accumsan sit amet nulla. Nunc sed blandit libero volutpat sed cras ornare arcu dui. Tellus at urna condimentum mattis pellentesque id nibh tortor. Magna sit amet purus gravida quis blandit turpis cursus in. Non curabitur gravida arcu ac tortor dignissim convallis aenean. Sed risus ultricies tristique nulla. Varius duis at consectetur lorem donec massa sapien. Lobortis feugiat vivamus at augue eget arcu dictum varius duis. Netus et malesuada fames ac turpis egestas integer. Lectus magna fringilla urna porttitor rhoncus dolor. Dignissim cras tincidunt lobortis feugiat vivamus at. Non odio euismod lacinia at quis. Praesent elementum facilisis leo vel fringilla.
+
+At tempor commodo ullamcorper a lacus. Sit amet massa vitae tortor condimentum lacinia quis vel eros. Non blandit massa enim nec. Tortor at risus viverra adipiscing at. Nulla pellentesque dignissim enim sit amet venenatis urna cursus. Eget lorem dolor sed viverra ipsum nunc. Vitae ultricies leo integer malesuada nunc vel risus commodo viverra. Accumsan in nisl nisi scelerisque eu. At quis risus sed vulputate odio ut enim blandit. Dictum varius duis at consectetur lorem donec massa. Ultrices dui sapien eget mi proin sed. Nisl vel pretium lectus quam id leo. Ipsum a arcu cursus vitae congue mauris rhoncus.
+
+Nisl suscipit adipiscing bibendum est ultricies integer quis auctor elit. Nulla porttitor massa id neque aliquam. Praesent semper feugiat nibh sed pulvinar proin gravida. Interdum velit laoreet id donec. Feugiat in ante metus dictum at tempor. Convallis posuere morbi leo urna molestie at elementum. Netus et malesuada fames ac turpis egestas integer eget aliquet. Gravida cum sociis natoque penatibus et. Amet facilisis magna etiam tempor orci eu lobortis elementum nibh. Tristique nulla aliquet enim tortor. At tellus at urna condimentum mattis pellentesque id nibh tortor. Lectus mauris ultrices eros in. Purus faucibus ornare suspendisse sed nisi lacus sed viverra tellus. Vestibulum lectus mauris ultrices eros in cursus turpis. Pharetra convallis posuere morbi leo urna molestie at elementum.
+
+Bibendum arcu vitae elementum curabitur vitae. Eu facilisis sed odio morbi quis commodo. Tristique et egestas quis ipsum suspendisse. Eu volutpat odio facilisis mauris sit amet massa vitae tortor. Ultricies integer quis auctor elit. Quis ipsum suspendisse ultrices gravida dictum. Integer malesuada nunc vel risus commodo viverra maecenas accumsan lacus. Eget duis at tellus at urna. Egestas egestas fringilla phasellus faucibus scelerisque eleifend donec pretium vulputate. Turpis egestas maecenas pharetra convallis posuere. Nunc sed id semper risus. Nunc scelerisque viverra mauris in aliquam sem fringilla ut morbi. Id consectetur purus ut faucibus pulvinar. Nisi porta lorem mollis aliquam ut porttitor leo a. Nunc aliquet bibendum enim facilisis gravida neque convallis a cras. Enim eu turpis egestas pretium aenean pharetra magna. Vitae nunc sed velit dignissim sodales.
+

testcases/generator/README.md

@@ -0,0 +1,8 @@
+# CA tree generator
+
+The `generate_keys.sh` script builds a certificate authority structure that looks very much like LoTW's, but isn't, in addition to producing a user certificate for N0CALL. This certificate will not be recognized by `lotw-trust` unless the requisite `mockup.der` files are placed directly into the key cache -- or the key cache is pointed at the directory where they live, `testcases/keys/cache`, with `-c` command line option. This particular stunt makes it possible to use a completely fake certificate authority structure for testing purposes.
+
+Running this script will wipe the existing structure in `testcases/generator` and start again, so signatures created with keys you had before will stop verifying.
+
+Generally you shouldn't need to do use this again, unless LoTW does something unusual.
+

testcases/generator/generate_keys.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+
+rm root/* intermediate/* user/*
+
+touch root/index.txt
+echo 01 >root/serial
+touch intermediate/index.txt
+echo 01 >intermediate/serial
+
+echo === Generating root CA.
+openssl genrsa -out root/ca.key.pem 4096
+openssl req -config ./openssl.conf \
+	-key root/ca.key.pem \
+	-new -x509 -days 7300 -sha512 -extensions v3_ca \
+	-out root/ca.cert.pem \
+	-subj "/C=US/ST=CT/L=Pseudocity/O=Fake American Radio Relay League/OU=Logbook of the World Mockup/CN=Logbook of the World Root CA Mockup/emailAddress=lotw@example.com"
+
+echo === Generating Intermediate CA CSR
+openssl genrsa -out intermediate/ca.key.pem 2048
+openssl req -config ./openssl.conf -new -sha256 \
+	-key intermediate/ca.key.pem \
+	-out intermediate/ca.csr.pem \
+	-subj "/C=US/ST=CT/L=Pseudocity/O=Fake American Radio Relay League/OU=Logbook of the World Mockup/CN=Logbook of the World Production CA Mockup/emailAddress=lotw@example.com"
+
+echo === Signing the Intermediate CA CSR with Root CA.
+openssl ca -config ./openssl.conf -extensions v3_intermediate_ca \
+	-days 6000 -notext -md sha256 -batch \
+	-in intermediate/ca.csr.pem \
+	-out intermediate/ca.cert.pem
+
+echo === Generating a callsign CSR.
+openssl genrsa -out user/user.key.pem 2048
+openssl req -config ./openssl.conf -new -sha256 \
+	-subj "/CN=John Doe/emailAddress=john@example.com/Callsign=N0CALL" \
+	-key user/user.key.pem \
+	-out user/user.csr.pem
+
+echo === Signing the callsign CSR with Intermediate CA.
+openssl ca -config openssl.conf -name CA_intermediate -batch \
+	-extensions user_cert -days 5000 -notext -md sha256 \
+	-in user/user.csr.pem \
+	-out user/user.cert.pem
+
+echo === Saving results.
+
+KEYS=../keys
+CACHE=$KEYS/cache
+
+mkdir -p $CACHE/roots
+openssl x509 -in root/ca.cert.pem -outform der -out $CACHE/roots/mockup.der
+mkdir -p $CACHE/chain
+openssl x509 -in intermediate/ca.cert.pem -outform der -out $CACHE/chain/mockup.der
+
+# Now the fun part, making a pkcs12 file...
+openssl pkcs12 -export -out $KEYS/N0CALL.p12 \
+    -password pass:changeme \
+	-inkey user/user.key.pem \
+	-in user/user.cert.pem \
+	-certfile intermediate/ca.cert.pem
+
+echo === Done!

testcases/generator/intermediate/01.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5DCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBwDELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNUMSkwJwYDVQQKDCBGYWtlIEFtZXJpY2FuIFJhZGlvIFJlbGF5
+IExlYWd1ZTEkMCIGA1UECwwbTG9nYm9vayBvZiB0aGUgV29ybGQgTW9ja3VwMTIw
+MAYDVQQDDClMb2dib29rIG9mIHRoZSBXb3JsZCBQcm9kdWN0aW9uIENBIE1vY2t1
+cDEfMB0GCSqGSIb3DQEJARYQbG90d0BleGFtcGxlLmNvbTAeFw0yMzA2MjIxMDIy
+MjVaFw0zNzAyMjgxMDIyMjVaMEsxETAPBgNVBAMMCEpvaG4gRG9lMRUwEwYJKwYB
+BAHgPAEBDAZOMENBTEwxHzAdBgkqhkiG9w0BCQEWEGpvaG5AZXhhbXBsZS5jb20w
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSxlSePX690qTCbhJ53XQs
+UzcqfJgXceSUxzq4JiVgTvbSqjRGQpuHBEAZrUmbiij+GZEnMIErcIhefZt4MBXx
+gNp+CI/820VDV1fUAitkawOc8RKqq2jFn7EBBdUTMFL4jSlshjjr+x1KDA3vKpL4
+Pt2HW+oa0Fx7G0Wt7r4BFIhDvpkRGRsVVdt2XF6LhCSJCOOjf59CuXkAVbvCRmac
+mYPA3/p0nrLodurrb3cEyVCi9t1Q7M0EFwSV0eyLkPRVhgzr0B9AAXNBnynxzAG+
+I8LlAv4kmilmryWkyfx35Fwes48oVDerSWoHuOi1RR6bZneyqmrZBdHUXWc6wbw/
+AgMBAAGjXTBbMB0GA1UdDgQWBBQ6hJqgn06AAldyLgdcx7ufjJMs6jAJBgNVHRME
+AjAAMB8GA1UdIwQYMBaAFHYffR9m6SgxxTvJuyIZ/YJQVtsFMA4GA1UdDwEB/wQE
+AwIF4DANBgkqhkiG9w0BAQsFAAOCAQEAkuTC3H28HbvCgL/2OksrOEg8xQnQ+bDo
+fRoMlcDhZNOEpCMRYxfuEwXVpkNRJufiJA+XPJg9jKtk+bTDYzp2DBZgeBsJ5C0k
+J03hn4z/rCcVMUNoArVE5C+fkZwCBx9hzaJPyYEvwnGbtpyTWPcmfnyeXtzCDj0T
+qAGLDtDQw7ERZpj25jsnCPEJN1NmvRxmw4+Tx/1IIxn8s6iWdyUGChHNXK5KJnaU
+HUJOVy6k42gjpCKXRDGrwntMyMWUjhWDwjBoUEYeVMspq5I00hptCzMRoVo2CSQC
+0PeU3f3qb4L00JzmzHEwa6uNyK0FOjPgxKXIOJUnAQsEWPcmR/i4+A==
+-----END CERTIFICATE-----

testcases/generator/intermediate/ca.cert.pem

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFbzCCA1egAwIBAgIBATANBgkqhkiG9w0BAQsFADCBzzELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgMAkNUMRMwEQYDVQQHDApQc2V1ZG9jaXR5MSkwJwYDVQQKDCBGYWtl
+IEFtZXJpY2FuIFJhZGlvIFJlbGF5IExlYWd1ZTEkMCIGA1UECwwbTG9nYm9vayBv
+ZiB0aGUgV29ybGQgTW9ja3VwMSwwKgYDVQQDDCNMb2dib29rIG9mIHRoZSBXb3Js
+ZCBSb290IENBIE1vY2t1cDEfMB0GCSqGSIb3DQEJARYQbG90d0BleGFtcGxlLmNv
+bTAeFw0yMzA2MjIxMDIyMjVaFw0zOTExMjUxMDIyMjVaMIHAMQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCQ1QxKTAnBgNVBAoMIEZha2UgQW1lcmljYW4gUmFkaW8gUmVs
+YXkgTGVhZ3VlMSQwIgYDVQQLDBtMb2dib29rIG9mIHRoZSBXb3JsZCBNb2NrdXAx
+MjAwBgNVBAMMKUxvZ2Jvb2sgb2YgdGhlIFdvcmxkIFByb2R1Y3Rpb24gQ0EgTW9j
+a3VwMR8wHQYJKoZIhvcNAQkBFhBsb3R3QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFK1iYtdMHbDp3Pe8s+EmGmPUBwpczEhK0l5
+eGzXQz4PGkCEY6fv/qi/WzVSfs6FsKrIHelPmyS4SEwL2jjQQzIxm4II9PGu3yzT
+M7un1Y1NY4jENSR2Gs1TxSmjvcMEuniLXdXv41D30ae+i8gKHlvpZ1teJzeWJyMK
+ZQKtgNd2VytjOXkYbbmzOShyBvoQrXT20NDVtH/qYzSIEJ98CVHpzh7DZQHDb9bP
+77ILSqK5NSexPaAUzQY4vP3IgxIQAg0NT+MkA8opNq11jW8f0yHwL5gfCKz+2xN6
+JkShawJm68cdYr8aRj/KFhcBujj514yxM6PIhbyF9G0BFTCeZwIDAQABo2MwYTAd
+BgNVHQ4EFgQUdh99H2bpKDHFO8m7Ihn9glBW2wUwHwYDVR0jBBgwFoAUtccMME0V
+jHrWHeP8MzpJcIRIuE0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw
+DQYJKoZIhvcNAQELBQADggIBAHisuMAGui94Xf0NG9/DU1Q9DQuMrv/MEuE4KtPp
+higiUQwXTepthmFxJycuyYhbGvoVTVoV7HO/pcQTiKp1bUcM55lAazT4rA3nJOuZ
+frj5DhnAZX9rqkyddPxHSgY51Vb8gpIAZSNdMhOAblA3bGq8bSeeIrwUMtF8viD9
+d2wdrm4APJLTiDfswCJdp3lGDQg5et+Kqlqhee3O0+/Y9pNM+xokuslQDyx/QqTf
+hhyvEw1JHMRv4RWi2/Wzs38lGSvy8UnnerW9RhYRrwuSHIVrdLFO/+LGl7w7TNnh
+9o3t1oYZZlGRN93rVp+ApbhC+OgpcqkTB16f6L7YHkX+toeKlEZYUzjGF/EMOn6T
+iLTamzIrU1+J0dJTRIpHX7EW9o+a4JhafLMcqV9xfZkadqOBS4z80/prGzJ5AtKN
+b8CAOy+G+H65+lNjBCtYrqohti9jJ8TlDf7UtDV2rg2rSFuxfbkna07+DeqzyNAq
+YsWTTnXxHcYVQcZJpqp+m2OorPnYguEr+mgnP2hTCvqOxdralqtCKF8tWa64PhSf
+2GQptkHCAmAsrMlxU7JBI8JRVRbgMNiLvONIxaooz1O7WQyRFPqkLy8fmcnQeQHl
+stqQ1JsJfsvwNZzAkL/PfBGdGsITtLRH+UhgEYzexuuZzPMZ0mWD44kE4M5ueyBg
+3JON
+-----END CERTIFICATE-----

testcases/generator/intermediate/ca.csr.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDGzCCAgMCAQAwgdUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDVDETMBEGA1UE
+BwwKUHNldWRvY2l0eTEpMCcGA1UECgwgRmFrZSBBbWVyaWNhbiBSYWRpbyBSZWxh
+eSBMZWFndWUxJDAiBgNVBAsMG0xvZ2Jvb2sgb2YgdGhlIFdvcmxkIE1vY2t1cDEy
+MDAGA1UEAwwpTG9nYm9vayBvZiB0aGUgV29ybGQgUHJvZHVjdGlvbiBDQSBNb2Nr
+dXAxHzAdBgkqhkiG9w0BCQEWEGxvdHdAZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCgUrWJi10wdsOnc97yz4SYaY9QHClzMSErSXl4
+bNdDPg8aQIRjp+/+qL9bNVJ+zoWwqsgd6U+bJLhITAvaONBDMjGbggj08a7fLNMz
+u6fVjU1jiMQ1JHYazVPFKaO9wwS6eItd1e/jUPfRp76LyAoeW+lnW14nN5YnIwpl
+Aq2A13ZXK2M5eRhtubM5KHIG+hCtdPbQ0NW0f+pjNIgQn3wJUenOHsNlAcNv1s/v
+sgtKork1J7E9oBTNBji8/ciDEhACDQ1P4yQDyik2rXWNbx/TIfAvmB8IrP7bE3om
+RKFrAmbrxx1ivxpGP8oWFwG6OPnXjLEzo8iFvIX0bQEVMJ5nAgMBAAGgADANBgkq
+hkiG9w0BAQsFAAOCAQEAkyvGwl42w3mgx9MvCRr8Q4Wi7iZeiBKoyErb612jJ/5i
+R7lksThwfW+SjpLWnQqcNxd/PZ40/YLAyQbTCkdL2v8/jbMcFNO550lu/AgsrEID
+MqaSvJvO44Lh8d2OrorCPVSm625uLg9WruaJNqc6SZ1n/8jKgn8vnI13aKsLcDHL
+Rtng/Bk1W3VpWlsXwb2fcuViUHXAVrnXsAVLGP3fht2iUie3zEpHjQCPh1epYYXX
+JHQdArzu/q3TV0FlmhWiu42nuxaZ6NzjuPEHyGk7Vta4jy7EkmhTjfMF/iz8dD6W
+iu/Fi7b0YrFyIyZPBXDm0Fn4bJRLszyaMyAEkLYrZw==
+-----END CERTIFICATE REQUEST-----

testcases/generator/intermediate/ca.key.pem

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCgUrWJi10wdsOn
+c97yz4SYaY9QHClzMSErSXl4bNdDPg8aQIRjp+/+qL9bNVJ+zoWwqsgd6U+bJLhI
+TAvaONBDMjGbggj08a7fLNMzu6fVjU1jiMQ1JHYazVPFKaO9wwS6eItd1e/jUPfR
+p76LyAoeW+lnW14nN5YnIwplAq2A13ZXK2M5eRhtubM5KHIG+hCtdPbQ0NW0f+pj
+NIgQn3wJUenOHsNlAcNv1s/vsgtKork1J7E9oBTNBji8/ciDEhACDQ1P4yQDyik2
+rXWNbx/TIfAvmB8IrP7bE3omRKFrAmbrxx1ivxpGP8oWFwG6OPnXjLEzo8iFvIX0
+bQEVMJ5nAgMBAAECggEAKyZ3s+BtoYilmmFGZWXTE05+AxrBUT6s5cCtz+rDeVav
+q+ond8cQgiMa9cqBPJ4LP4SHvf04rtIQQ20sV3ypGRzeWzOBg6O05F5lLexY/NI+
+PQbngEIjA421+T/+0Sk3EZU2NXhKS41UVfpm/6pEhu1IAciGq9l7MWdt+cfhuOZX
+QLMY/5+MWJf8Ru16tQjl34XeM0+3wFt6glcdiCtcCr/sxGYU/vsKaZvrtvqs7PkU
+82MtyJfXjAKkC94FekEVOSUJtGuKrTffxy4yH/dtNyeaNiLkRDpXIAbP1xZiAz9N
+aG7MjunfvObpLAHCeiwVQdNRkO2XjpY5VyUhLbM3gQKBgQC1qp/Tv/C0FiMTWhZE
+bF2Wy4FXHnK+rgnqCLlKCDFi0Cb760HJnlJa/kc+pWFCTRhoE+80iEdE+66aVIE2
+WdzpLuA8GPfibvklu7ASpa0R437UAkKroF8dZXXdEOKBe7u1HFrGhv1dNftM/fVu
+D4gKlA+I+cZJ5wJvb2htpKPhJwKBgQDh7GJRa4FH6JX837LYedxHI1Z6VkC6h+qL
+id9t7+svf+ftqe4CMWLqzp1+39ci1TF3trwXWdEnbBDWLOTfe9pKoDrH/e+qtF/4
+N6JL5j2afSivY6QbZadsL8sKyn3QjWTX++r/N4DpptGsQ390z/8nsVEw0Hel1RUW
+Xn4mK+kgwQKBgQCKj/jWJsluYpAgW48uY0VDFjex/kxg+hgfxMWnHPamOsPxVDBa
+mwKP2vD2bGfxjSI3iDTkaamKiTlVB22CyioARbvMuvKfaCtqx2x13J5UTaPYC11U
+0L6bil7K3e0V/A1hB56JXD72EI173RyM9RW7k9EBlhnTFns6CcyqDHDe8wKBgQCI
+nliqIdeQ835X57KQI8joH994pVYJNo3ICfzZz16qX6+R0dPC8bh+g6lMAvJm9wMu
+AIvnlwHa1AeubIGO/6d2v0QskkvvL5plUMdNHJMeLBeBUED57FP9IT2obeD9T7Ou
+xIFMCnVjVeSvRjX6HpmOmDSfz0C7QIq69zNTw/P7QQKBgBA+IpYxe6wMEcMnb124
+f3Rl8y5JvsvZMz44r9BrVRW870Aaex8IRpTtKrg0aLftks5to69frgIf/ri6PFXs
+uaACayleku6C8eWGEsqpaXNzN36bsu8D/MH5XoVG6LpP1fGLlMpujGyYO+jCQmWA
+OVYvQxVNfnIZuxll11Hk1mnz
+-----END PRIVATE KEY-----

testcases/generator/intermediate/index.txt

@@ -0,0 +1 @@
+V	370228102225Z		01	unknown	/CN=John Doe/Callsign=N0CALL/emailAddress=john@example.com

testcases/generator/intermediate/index.txt.attr

@@ -0,0 +1 @@
+unique_subject = yes

testcases/generator/intermediate/serial

@@ -0,0 +1 @@
+02

testcases/generator/openssl.conf

@@ -0,0 +1,119 @@
+
+oid_section         = lotw_oids
+
+[ lotw_oids ]
+Callsign=1.3.6.1.4.1.12348.1.1 
+
+[ ca ]
+default_ca = CA_root
+
+[ CA_root ]
+dir               = ./root
+certs             = $dir/certs
+crl_dir           = $dir/crl
+new_certs_dir     = $dir
+database          = $dir/index.txt
+serial            = $dir/serial
+RANDFILE          = $dir/private/.rand
+
+private_key       = $dir/ca.key.pem
+certificate       = $dir/ca.cert.pem
+
+crlnumber         = $dir/crlnumber
+crl               = $dir/ca.crl.pem
+crl_extensions    = crl_ext
+default_crl_days  = 30
+
+default_md        = sha256
+
+name_opt          = ca_default
+cert_opt          = ca_default
+default_days      = 375
+preserve          = no
+policy            = policy_strict
+
+[ CA_intermediate ]
+dir               = ./intermediate
+certs             = $dir
+crl_dir           = $dir
+new_certs_dir     = $dir
+database          = $dir/index.txt
+serial            = $dir/serial
+RANDFILE          = $dir/.rand
+private_key       = $dir/ca.key.pem
+certificate       = $dir/ca.cert.pem
+
+crlnumber         = $dir/crlnumber
+crl               = $dir/ca.crl.pem
+crl_extensions    = crl_ext
+default_crl_days  = 30
+
+default_md        = sha256
+
+name_opt          = ca_default
+cert_opt          = ca_default
+default_days      = 375
+preserve          = no
+policy            = policy_loose
+
+[ policy_strict ]
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = match
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ policy_loose ]
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+Callsign                = supplied
+emailAddress            = optional
+
+[ req ]
+default_bits        = 2048
+distinguished_name  = req_distinguished_name
+string_mask         = utf8only
+default_md          = sha256
+x509_extensions     = v3_ca
+
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+stateOrProvinceName             = State or Province Name
+localityName                    = Locality Name
+0.organizationName              = Organization Name
+organizationalUnitName          = Organizational Unit Name
+commonName                      = Common Name
+emailAddress                    = Email Address
+Callsign                        = Callsign
+
+countryName_default             = US
+stateOrProvinceName_default     = CT
+localityName_default            = NotNewington
+0.organizationName_default      = Logbook of the World Mockup
+organizationalUnitName_default  = Fake American Radio Relay League
+emailAddress_default            = lotw@example.com
+Callsign_default                = N0CALL
+
+[ v3_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ user_cert ]
+subjectKeyIdentifier = hash
+basicConstraints = CA:FALSE
+authorityKeyIdentifier = keyid,issuer
+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
+