Adding zenoh certificates

[ahcorde]

I'm playing with zenoh and security in particular with authentication.

The recomended tool to generate certificates in zenoh is minica which is generating certificates with more extensions and with the algorithm SHA384.

This draft PR try to generate using the ros2 common tools the required certificate for zenoh. It's not working I will open this as a draft PR.

Related with ros2/rmw_zenoh#412

[ahcorde]

This is the ca certificate generated with both tools:

cert.perm minica

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 399421111636366251 (0x58b076282e093ab)
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: CN = minica root ca 058b07
        Validity
            Not Before: Jan 14 13:14:22 2025 GMT
            Not After : Jan 14 13:14:22 2125 GMT
        Subject: CN = minica root ca 058b07
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:
                    04:7c:b3:f0:f4:d0:20:dc:e0:0d:5c:69:18:2e:1f:
                    33:69:ee:ea:3d:ec:95:65:6a:b8:6e:dd:46:cf:97:
                    22:8c:75:71:09:8a:e3:36:d9:34:d5:45:b6:3e:d4:
                    bb:ff:f2:84:d2:7d:08:58:a6:4c:64:a4:b3:6e:9c:
                    30:af:39:a9:0c:f4:63:7c:b0:f6:62:d3:09:23:0b:
                    5a:79:ae:d8:aa:f5:c2:70:35:c9:04:3f:ce:47:98:
                    12:ce:50:4c:7f:ac:f0
                ASN1 OID: secp384r1
                NIST CURVE: P-384
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Subject Key Identifier: 
                FC:B4:51:52:61:F6:5D:E5:10:16:04:D6:7D:7F:7D:A1:37:F7:84:65
            X509v3 Authority Key Identifier: 
                FC:B4:51:52:61:F6:5D:E5:10:16:04:D6:7D:7F:7D:A1:37:F7:84:65
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:66:02:31:00:c7:33:3c:2d:54:ef:74:2f:e4:fc:8f:20:bd:
        32:0a:65:c3:3c:65:18:1d:d0:4f:e4:c3:54:c9:92:8f:fc:6e:
        6b:19:9a:39:be:d1:be:3a:16:ec:f6:05:40:33:20:28:ea:02:
        31:00:8f:fd:af:e0:b8:91:81:0c:a9:cc:07:5b:be:d7:28:bd:
        2b:23:1b:ca:f1:72:1a:1c:ac:f5:9b:4e:e5:1d:0f:ea:59:37:
        db:ec:34:9c:14:57:68:f8:70:b6:7f:99:cb:0c

public/ca.cert.pem

```plain Certificate: Data: Version: 3 (0x2) Serial Number: 7e:1e:f8:ec:3b:07:9d:ea:9b:a8:fe:a6:38:79:8b:fe:f5:91:a4:44 Signature Algorithm: ecdsa-with-SHA384 Issuer: CN = sros2CA Validity Not Before: Jan 15 15:33:15 2025 GMT Not After : Jan 14 15:33:15 2035 GMT Subject: CN = sros2CA Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) pub: 04:60:46:c7:57:0b:4f:c4:c9:1d:a2:14:bb:dd:86: a2:39:e9:d7:39:9e:b3:07:4d:0a:eb:c6:bc:ca:40: 65:cf:32:f0:20:d9:43:22:b6:56:59:1a:14:46:26: ae:72:ef:66:06:8b:9e:af:88:d3:b7:88:88:a4:62: 7b:0d:e9:79:d8:43:ad:6d:47:df:cf:ec:06:b8:9e: a3:72:63:f3:31:70:a6:fb:96:5c:7a:1c:6d:aa:88: 5d:ab:2f:aa:2c:d0:d6 ASN1 OID: secp384r1 NIST CURVE: P-384 X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Key Usage: critical Digital Signature, Certificate Sign X509v3 Authority Key Identifier: B2:A0:75:8C:CF:B4:99:5F:6F:B9:85:45:E2:0F:43:54:2B:31:D9:FB X509v3 Subject Key Identifier: B2:A0:75:8C:CF:B4:99:5F:6F:B9:85:45:E2:0F:43:54:2B:31:D9:FB Signature Algorithm: ecdsa-with-SHA384 Signature Value: 30:66:02:31:00:93:c1:69:de:e5:ca:67:3d:01:e4:b3:77:b5: 05:fa:fd:ec:42:ff:bd:18:1b:27:8e:ad:bd:45:31:cf:b6:fb: 2a:84:c5:d3:0c:f4:8c:3a:62:4c:51:7b:20:75:d1:f3:db:02: 31:00:94:49:40:72:fc:f1:7c:ec:e8:e4:b5:8c:7a:e0:36:3d: 4f:8b:ab:11:51:af:30:dd:56:ad:a3:82:b4:33:c3:9b:e3:04: 15:49:11:df:ba:90:46:d0:da:de:d6:bc:01:07 ```