If TLS is enabled (default) it will automagically generate missing pem files + dh params.
A faithful reproduction of the certs found in SGP.26_v1.5_Certificates_18_07_2024.zip available at
https://www.gsma.com/solutions-and-impact/technologies/esim/gsma_resources/sgp-26-test-certificate-definition-v1-5/
can be generated by running contrib/generate_certs.py. This allows adjusting the expiry dates, CA flag,
and other parameters FOR TESTING. Certs can be used by the smdpp by running
$ python -u osmo-smdpp.py -c generated
Change-Id: I84b2666422b8ff565620f3827ef4d4d7635a21be
The SGP.26 v3.0 certificate had expired on July 11, 2024. Let's replace
it with a cert of 10 year validity period to facilitate uninterrupted testing
with osmo-smdpp.
@@ -1,12 +1,12 @@
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 9 (0x9)
+ Serial Number: 10 (0xa)
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=Test CI, OU=TESTCERT, O=RSPTEST, C=IT
Validity
- Not Before: Jun 9 19:04:42 2023 GMT
- Not After : Jul 11 19:04:42 2024 GMT
+ Not Before: Apr 23 15:23:05 2025 GMT
+ Not After : Apr 21 15:23:05 2035 GMT
Subject: O=ACME, CN=testsmdpplus1.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Change-Id: I6f67186b9b1b9cc81bfb0699a9d3984d08be8821
Add PEM version of smdpp-data/certs/DPtls/CERT_S_SM_DP_TLS_NIST.der
A CERT_S_SM_DP_TLS_NIST.pem file is referenced in docs/osmo-smdpp.rst --
nginx apparently cannot use DER certs, so it is convenient for beginners
if the example from the docs just works without having to know that:
The added file was produced using
openssl x509 -inform DER -in CERT_S_SM_DP_TLS_NIST.der -outform PEM -out CERT_S_SM_DP_TLS_NIST.pem
Change-Id: I41ba6ebacb71df0eb8a248c0c3c9ccd709718d74
This commit introduces
* the osmo-smdpp.py program implementing the main procedures and the
HTTP/REST based ES9+
* python modules for ES8+ and non-volatile RSP Session State storage
* the ASN.1 source files required to parse/encode RSP
* 3GPP test certificates from SGP.26
* an unsigned profile package (UPP) of a SAIP v2.3 TS48 test profile
As I couldn't get the 'Klein' tls support to work, the SM-DP+ code
currently does not support HTTPS/TLS but plan HTTP, so you either have
to modify your LPA to use HTTP instead of HTTPS, or put a TLS proxy in
front.
I have successfully installed an eSIM profile on a test eUICC that
contains certificate/key data within the test CI defined in GSMA SGP.26
Change-Id: I6232847432dc6920cd2bd08c84d7099c29ca1c11
