From 345a2640dce86cebe15d4c578564e2a9ac432669 Mon Sep 17 00:00:00 2001 From: Michael Schurter Date: Thu, 10 Nov 2016 12:18:13 -0800 Subject: [PATCH] Fix tlsutil tests --- helper/tlsutil/config_test.go | 64 +++++++++++-------- helper/tlsutil/test/ca/certindex | 5 -- helper/tlsutil/test/ca/myca.conf | 34 ---------- helper/tlsutil/test/ca/privkey.pem | 27 -------- helper/tlsutil/test/ca/root.cer | 28 -------- helper/tlsutil/test/ca/serialfile | 1 - helper/tlsutil/test/hostname/Alice.crt | 25 -------- helper/tlsutil/test/hostname/Alice.key | 27 -------- helper/tlsutil/test/hostname/CertAuth.crt | 29 --------- helper/tlsutil/test/key/ourdomain.cer | 23 ------- helper/tlsutil/test/key/ourdomain.csr | 13 ---- helper/tlsutil/test/key/ourdomain.key | 15 ----- helper/tlsutil/test/key/ssl-cert-snakeoil.key | 28 -------- helper/tlsutil/test/key/ssl-cert-snakeoil.pem | 17 ----- helper/tlsutil/test/notes.txt | 1 - helper/tlsutil/testdata/README.md | 31 +++++++++ helper/tlsutil/testdata/ca-bad-csr.json | 16 +++++ helper/tlsutil/testdata/ca-bad-key.pem | 5 ++ helper/tlsutil/testdata/ca-bad.csr | 9 +++ helper/tlsutil/testdata/ca-bad.pem | 14 ++++ helper/tlsutil/testdata/ca-config.json | 14 ++++ helper/tlsutil/testdata/ca-csr.json | 16 +++++ helper/tlsutil/testdata/ca-key.pem | 5 ++ helper/tlsutil/testdata/ca.csr | 9 +++ helper/tlsutil/testdata/ca.pem | 14 ++++ helper/tlsutil/testdata/nomad-bad-csr.json | 20 ++++++ helper/tlsutil/testdata/nomad-bad-key.pem | 5 ++ helper/tlsutil/testdata/nomad-bad.csr | 11 ++++ helper/tlsutil/testdata/nomad-bad.pem | 17 +++++ helper/tlsutil/testdata/nomad-foo-csr.json | 20 ++++++ helper/tlsutil/testdata/nomad-foo-key.pem | 5 ++ helper/tlsutil/testdata/nomad-foo.csr | 11 ++++ helper/tlsutil/testdata/nomad-foo.pem | 17 +++++ 33 files changed, 276 insertions(+), 300 deletions(-) delete mode 100644 helper/tlsutil/test/ca/certindex delete mode 100644 helper/tlsutil/test/ca/myca.conf delete mode 100644 helper/tlsutil/test/ca/privkey.pem delete mode 100644 helper/tlsutil/test/ca/root.cer delete mode 100644 helper/tlsutil/test/ca/serialfile delete mode 100644 helper/tlsutil/test/hostname/Alice.crt delete mode 100644 helper/tlsutil/test/hostname/Alice.key delete mode 100644 helper/tlsutil/test/hostname/CertAuth.crt delete mode 100644 helper/tlsutil/test/key/ourdomain.cer delete mode 100644 helper/tlsutil/test/key/ourdomain.csr delete mode 100644 helper/tlsutil/test/key/ourdomain.key delete mode 100644 helper/tlsutil/test/key/ssl-cert-snakeoil.key delete mode 100644 helper/tlsutil/test/key/ssl-cert-snakeoil.pem delete mode 100644 helper/tlsutil/test/notes.txt create mode 100644 helper/tlsutil/testdata/README.md create mode 100644 helper/tlsutil/testdata/ca-bad-csr.json create mode 100644 helper/tlsutil/testdata/ca-bad-key.pem create mode 100644 helper/tlsutil/testdata/ca-bad.csr create mode 100644 helper/tlsutil/testdata/ca-bad.pem create mode 100644 helper/tlsutil/testdata/ca-config.json create mode 100644 helper/tlsutil/testdata/ca-csr.json create mode 100644 helper/tlsutil/testdata/ca-key.pem create mode 100644 helper/tlsutil/testdata/ca.csr create mode 100644 helper/tlsutil/testdata/ca.pem create mode 100644 helper/tlsutil/testdata/nomad-bad-csr.json create mode 100644 helper/tlsutil/testdata/nomad-bad-key.pem create mode 100644 helper/tlsutil/testdata/nomad-bad.csr create mode 100644 helper/tlsutil/testdata/nomad-bad.pem create mode 100644 helper/tlsutil/testdata/nomad-foo-csr.json create mode 100644 helper/tlsutil/testdata/nomad-foo-key.pem create mode 100644 helper/tlsutil/testdata/nomad-foo.csr create mode 100644 helper/tlsutil/testdata/nomad-foo.pem diff --git a/helper/tlsutil/config_test.go b/helper/tlsutil/config_test.go index 086199845..8a526317b 100644 --- a/helper/tlsutil/config_test.go +++ b/helper/tlsutil/config_test.go @@ -11,6 +11,15 @@ import ( "github.com/hashicorp/yamux" ) +const ( + // See README.md for documentation + cacert = "./testdata/ca.pem" + foocert = "./testdata/nomad-foo.pem" + fookey = "./testdata/nomad-foo-key.pem" + badcert = "./testdata/nomad-bad.pem" + badkey = "./testdata/nomad-bad-key.pem" +) + func TestConfig_AppendCA_None(t *testing.T) { conf := &Config{} pool := x509.NewCertPool() @@ -25,7 +34,7 @@ func TestConfig_AppendCA_None(t *testing.T) { func TestConfig_CACertificate_Valid(t *testing.T) { conf := &Config{ - CAFile: "./test/ca/root.cer", + CAFile: cacert, } pool := x509.NewCertPool() err := conf.AppendCA(pool) @@ -50,8 +59,8 @@ func TestConfig_KeyPair_None(t *testing.T) { func TestConfig_KeyPair_Valid(t *testing.T) { conf := &Config{ - CertFile: "./test/key/ourdomain.cer", - KeyFile: "./test/key/ourdomain.key", + CertFile: foocert, + KeyFile: fookey, } cert, err := conf.KeyPair() if err != nil { @@ -77,7 +86,7 @@ func TestConfig_OutgoingTLS_MissingCA(t *testing.T) { func TestConfig_OutgoingTLS_OnlyCA(t *testing.T) { conf := &Config{ - CAFile: "./test/ca/root.cer", + CAFile: cacert, } tls, err := conf.OutgoingTLSConfig() if err != nil { @@ -91,7 +100,7 @@ func TestConfig_OutgoingTLS_OnlyCA(t *testing.T) { func TestConfig_OutgoingTLS_VerifyOutgoing(t *testing.T) { conf := &Config{ VerifyOutgoing: true, - CAFile: "./test/ca/root.cer", + CAFile: cacert, } tls, err := conf.OutgoingTLSConfig() if err != nil { @@ -111,7 +120,7 @@ func TestConfig_OutgoingTLS_VerifyOutgoing(t *testing.T) { func TestConfig_OutgoingTLS_VerifyHostname(t *testing.T) { conf := &Config{ VerifyServerHostname: true, - CAFile: "./test/ca/root.cer", + CAFile: cacert, } tls, err := conf.OutgoingTLSConfig() if err != nil { @@ -131,9 +140,9 @@ func TestConfig_OutgoingTLS_VerifyHostname(t *testing.T) { func TestConfig_OutgoingTLS_WithKeyPair(t *testing.T) { conf := &Config{ VerifyOutgoing: true, - CAFile: "./test/ca/root.cer", - CertFile: "./test/key/ourdomain.cer", - KeyFile: "./test/key/ourdomain.key", + CAFile: cacert, + CertFile: foocert, + KeyFile: fookey, } tls, err := conf.OutgoingTLSConfig() if err != nil { @@ -192,9 +201,9 @@ func startTLSServer(config *Config) (net.Conn, chan error) { // TODO sign the certificates for "server.regionFoo.nomad func TestConfig_outgoingWrapper_OK(t *testing.T) { config := &Config{ - CAFile: "./test/hostname/CertAuth.crt", - CertFile: "./test/hostname/Alice.crt", - KeyFile: "./test/hostname/Alice.key", + CAFile: cacert, + CertFile: foocert, + KeyFile: fookey, VerifyServerHostname: true, VerifyOutgoing: true, } @@ -228,9 +237,9 @@ func TestConfig_outgoingWrapper_BadCert(t *testing.T) { // TODO this test is currently hanging, need to investigate more. t.SkipNow() config := &Config{ - CAFile: "./test/ca/root.cer", - CertFile: "./test/key/ourdomain.cer", - KeyFile: "./test/key/ourdomain.key", + CAFile: cacert, + CertFile: foocert, + KeyFile: fookey, VerifyServerHostname: true, VerifyOutgoing: true, } @@ -261,9 +270,9 @@ func TestConfig_outgoingWrapper_BadCert(t *testing.T) { func TestConfig_wrapTLS_OK(t *testing.T) { config := &Config{ - CAFile: "./test/ca/root.cer", - CertFile: "./test/key/ourdomain.cer", - KeyFile: "./test/key/ourdomain.key", + CAFile: cacert, + CertFile: foocert, + KeyFile: fookey, VerifyOutgoing: true, } @@ -291,8 +300,9 @@ func TestConfig_wrapTLS_OK(t *testing.T) { func TestConfig_wrapTLS_BadCert(t *testing.T) { serverConfig := &Config{ - CertFile: "./test/key/ssl-cert-snakeoil.pem", - KeyFile: "./test/key/ssl-cert-snakeoil.key", + CAFile: cacert, + CertFile: badcert, + KeyFile: badkey, } client, errc := startTLSServer(serverConfig) @@ -301,7 +311,7 @@ func TestConfig_wrapTLS_BadCert(t *testing.T) { } clientConfig := &Config{ - CAFile: "./test/ca/root.cer", + CAFile: cacert, VerifyOutgoing: true, } @@ -327,9 +337,9 @@ func TestConfig_wrapTLS_BadCert(t *testing.T) { func TestConfig_IncomingTLS(t *testing.T) { conf := &Config{ VerifyIncoming: true, - CAFile: "./test/ca/root.cer", - CertFile: "./test/key/ourdomain.cer", - KeyFile: "./test/key/ourdomain.key", + CAFile: cacert, + CertFile: foocert, + KeyFile: fookey, } tlsC, err := conf.IncomingTLSConfig() if err != nil { @@ -352,8 +362,8 @@ func TestConfig_IncomingTLS(t *testing.T) { func TestConfig_IncomingTLS_MissingCA(t *testing.T) { conf := &Config{ VerifyIncoming: true, - CertFile: "./test/key/ourdomain.cer", - KeyFile: "./test/key/ourdomain.key", + CertFile: foocert, + KeyFile: fookey, } _, err := conf.IncomingTLSConfig() if err == nil { @@ -364,7 +374,7 @@ func TestConfig_IncomingTLS_MissingCA(t *testing.T) { func TestConfig_IncomingTLS_MissingKey(t *testing.T) { conf := &Config{ VerifyIncoming: true, - CAFile: "./test/ca/root.cer", + CAFile: cacert, } _, err := conf.IncomingTLSConfig() if err == nil { diff --git a/helper/tlsutil/test/ca/certindex b/helper/tlsutil/test/ca/certindex deleted file mode 100644 index e3abd88b0..000000000 --- a/helper/tlsutil/test/ca/certindex +++ /dev/null @@ -1,5 +0,0 @@ -V 150407190456Z 0A unknown /CN=testco.internal/ST=California/C=US/emailAddress=test@testco.com/O=TestCo/OU=Beta -V 150407194146Z 0B unknown /CN=testco.internal/ST=California/C=US/emailAddress=test@testco.com/O=TestCo/OU=Beta -V 150526223338Z 0C unknown /CN=*.testco.internal/ST=California/C=US/emailAddress=test@testco.com/O=TestCo/OU=Beta -V 160526220537Z 0D unknown /CN=test.internal/ST=CA/C=US/emailAddress=test@internal.com/O=HashiCorp Test Cert/OU=Dev -V 170604185910Z 0E unknown /CN=testco.internal/ST=California/C=US/emailAddress=test@testco.com/O=Hashicorp Test Cert/OU=Beta diff --git a/helper/tlsutil/test/ca/myca.conf b/helper/tlsutil/test/ca/myca.conf deleted file mode 100644 index 922660dec..000000000 --- a/helper/tlsutil/test/ca/myca.conf +++ /dev/null @@ -1,34 +0,0 @@ -[ ca ] -default_ca = myca - -[ crl_ext ] -# issuerAltName=issuer:copy #this would copy the issuer name to altname -authorityKeyIdentifier=keyid:always - -[ myca ] -new_certs_dir = /tmp -unique_subject = no -certificate = root.cer -database = certindex -private_key = privkey.pem -serial = serialfile -default_days = 365 -default_md = sha1 -policy = myca_policy -x509_extensions = myca_extensions - -[ myca_policy ] -commonName = supplied -stateOrProvinceName = supplied -countryName = supplied -emailAddress = optional -organizationName = supplied -organizationalUnitName = optional - -[ myca_extensions ] -basicConstraints = CA:false -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always -keyUsage = digitalSignature,keyEncipherment -extendedKeyUsage = serverAuth,clientAuth -crlDistributionPoints = URI:http://path.to.crl/myca.crl diff --git a/helper/tlsutil/test/ca/privkey.pem b/helper/tlsutil/test/ca/privkey.pem deleted file mode 100644 index 3f22711a1..000000000 --- a/helper/tlsutil/test/ca/privkey.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAxrs6JK4NpiOItxrpNR/1ppUUmH7p2BgLCBZ6eHdclle9J56i -68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsUd0HejRqfHRMtg2O+UQkv4Z66 -+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcGxcFZzTRFFZt2vPnyHj8cHcaF -o/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvgU2jQuC7Fhnl33Zd3B6d3mQH6 -O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/fpFIIcHSiHRfoqHLGsGg+3swI -d/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQIDAQABAoIBABreo6zj76p/8XM4 -a0GokZE1ZPR9bGawUYWFbIevM9CMCmI5+7M/RoHbBQJKDOapJsJviNkoSdpllxcz -4CpFhXAiVNEPEeUoLU1EE4pJSSkxwcySppsiTYNFi5rMomgwe2qeuiKhgZNl/AEt -82dubjwxW3QPgXHSWGjkfTht3wOhrczA8xyEjc9Bsad2ooA9IQk+VXYlPZXyXjs1 -WwLYHmcSfveauLliLXeVU2Ux5PPwyreKMhyAfSHVQCycxK008u8WPy8nkAlpxKMC -UwCN+JKl69WCCA3CxXgM83zz4pXvB4EyMr8aTiqmOID8RIIrPcjCmVJki6KbJ9WG -S2CQVG0CgYEA5kVACrnjLtov426ZNifF2zUXu9x//7D6GkbJxzZLwXP/BJFcEOdQ -Fnjcs3s7wYh/wdTnEcQVWSJSAqnRt98c9yAXVnG5z1M0DYpAsY8xrdhEitxOf2oB -2cbvi4+cvUuUxk1hgva18UCT23aLP+iY2+t/ydBXAZ9kq1zz5CcpEBMCgYEA3O/R -g1Y9O36XxBmSYnkoCF5yGrPunnKKNBJc/WA7pTkQFYHr64Y/h5EKubzHD/VEd1Li -nDuGYxVMewf+5pHUhqSdpZtTxv25hjOsqLf5o5wm18JThGifs2zEVCTJOPti5n2M -RHakxuq1I625/QHidLBTQYuEBS/vywhapfaSaD8CgYEAhd1OPK4R30PiQRIjqXL3 -t9ampISsOKXWz33FgbUT1zOq1in23rDKQzYh/4ktlPXYZ4NwjUhzrKyiBoBYtc7T -1OpoBs34Wgmhohl0QIThOZIXTq6CR9oFl2fqDDUBxp3wsFN905e+77A+BIBmtVFv -w7GlSVp/qibSbDiOZF1LptcCgYB8sJBi+jnmqOSIVRJLpysTxhHJxkDmhahACRkY -Gsau0cylBsUaEJMsNIyEFOmXtQml+k5QdDu9EdkvGm0evbDfKGqce1RF2w5okiNg -uSwXzVoSrOartMxk2/7VqkkycpX3lWWjgf4vEWmXsEVmaDjhOF5UgKPKtao0wQs/ -3S/1ywKBgAIGgOuvL/GBcGqLikHLC+cputMvBAuE/tJnFHPxFoobskocVsMKbDTy -NYF7uPlzSGGClZsjE6DQyyGf5E9/U+EdwDKZwHYGCkzVjplUBo0BT3EN0vcc9jB/ -ML9Ta4ETPyf66BhSVcD+eeNipPFAul0Q7uZhErH1zr1evTy8XXyI ------END RSA PRIVATE KEY----- diff --git a/helper/tlsutil/test/ca/root.cer b/helper/tlsutil/test/ca/root.cer deleted file mode 100644 index ae9fb00b1..000000000 --- a/helper/tlsutil/test/ca/root.cer +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEtzCCA5+gAwIBAgIJAIewRMI8OnvTMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYD -VQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHDAa -BgNVBAoTE0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsTA0RldjEWMBQGA1UE -AxMNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRlcm5hbC5j -b20wHhcNMTQwNDA3MTkwMTA4WhcNMjQwNDA0MTkwMTA4WjCBmDELMAkGA1UEBhMC -VVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQK -ExNIYXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRl -c3QuaW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrs6JK4NpiOItxrpNR/1ppUU -mH7p2BgLCBZ6eHdclle9J56i68adt8J85zaqphCfz6VDP58DsFx+N50PZyjQaDsU -d0HejRqfHRMtg2O+UQkv4Z66+Vo+gc6uGuANi2xMtSYDVTAqqzF48OOPQDgYkzcG -xcFZzTRFFZt2vPnyHj8cHcaFo/NMNVh7C3yTXevRGNm9u2mrbxCEeiHzFC2WUnvg -U2jQuC7Fhnl33Zd3B6d3mQH6O23ncmwxTcPUJe6xZaIRrDuzwUcyhLj5Z3faag/f -pFIIcHSiHRfoqHLGsGg+3swId/zVJSSDHr7pJUu7Cre+vZa63FqDaooqvnisrQID -AQABo4IBADCB/TAdBgNVHQ4EFgQUo/nrOfqvbee2VklVKIFlyQEbuJUwgc0GA1Ud -IwSBxTCBwoAUo/nrOfqvbee2VklVKIFlyQEbuJWhgZ6kgZswgZgxCzAJBgNVBAYT -AlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEcMBoGA1UE -ChMTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw10 -ZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0QGludGVybmFsLmNvbYIJ -AIewRMI8OnvTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADa9fV9h -gjapBlkNmu64WX0Ufub5dsJrdHS8672P30S7ILB7Mk0W8sL65IezRsZnG898yHf9 -2uzmz5OvNTM9K380g7xFlyobSVq+6yqmmSAlA/ptAcIIZT727P5jig/DB7fzJM3g -jctDlEGOmEe50GQXc25VKpcpjAsNQi5ER5gowQ0v3IXNZs+yU+LvxLHc0rUJ/XSp -lFCAMOqd5uRoMOejnT51G6krvLNzPaQ3N9jQfNVY4Q0zfs0M+6dRWvqfqB9Vyq8/ -POLMld+HyAZEBk9zK3ZVIXx6XS4dkDnSNR91njLq7eouf6M7+7s/oMQZZRtAfQ6r -wlW975rYa1ZqEdA= ------END CERTIFICATE----- diff --git a/helper/tlsutil/test/ca/serialfile b/helper/tlsutil/test/ca/serialfile deleted file mode 100644 index 0ced2f35e..000000000 --- a/helper/tlsutil/test/ca/serialfile +++ /dev/null @@ -1 +0,0 @@ -0F diff --git a/helper/tlsutil/test/hostname/Alice.crt b/helper/tlsutil/test/hostname/Alice.crt deleted file mode 100644 index b56d79179..000000000 --- a/helper/tlsutil/test/hostname/Alice.crt +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEOzCCAiWgAwIBAgIRAOpEyvnjEG/Z15f0PrOT7iowCwYJKoZIhvcNAQELMBMx -ETAPBgNVBAMTCENlcnRBdXRoMB4XDTE1MDUxMTIyNTMxN1oXDTE3MDUxMTIyNTMx -OFowEDEOMAwGA1UEAxMFQWxpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCyxmMV9V0Cdp2mAXxL6h64cWLQlKsumsQfhZNImea8jLYT7+yyLpeHIF4G -7JiushloTnERyTi1wbq9BlU3BVYdX6tqvPXFFwFUXyOkDaSGS3vMCZUYd9PZg0TI -pyQK0/6+jSU7x7jDGVUMhJyvmXB9CgKxG0S8WiR6uGB9oWrTeDnXAzN1T4wNE4M+ -a3P1ToT2k2IDklZ1t5gg6u9EiOAzK7QfpKXrO2MsGyGHhm+tQqNP6LuZv0u2nGW3 -up+i3beQOvLQV0aeiy7zfR3KkIUCvDnmiPnkm35o6wmqFOXTNIU6VoT/l4WtU85F -Ikdtk1gkDLO1iyKiMRbj/hlRqKGxAgMBAAGjgZAwgY0wDgYDVR0PAQH/BAQDAgC4 -MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUgt2Os881 -V/je/BOaLavjeorhbi4wHwYDVR0jBBgwFoAUB2s4Gdz7ornOiti84HF+W+nwAj8w -HAYDVR0RBBUwE4IRc2VydmVyLmRjMS5jb25zdWwwCwYJKoZIhvcNAQELA4ICAQCX -Thsbgo1Z5maIyvBJOKX5vQifaSF8kRtX9fZvipvzHCjYxvOHfaTvgtWyxHXCc3tK -DyBswsc2MeHiZ5g0KG113lwLrhcSwEsg5yo0eB7tOTQp1rmCiF6DQYs1XyOqD7P8 -S6clMgJWgpM8Ltw5mYALqDpShv1ND3AOJqENj/0tvdP7Y7cilG+s76HFXRcwKTRw -4rVP+Wr+t4WdXeS8cGxboQqGc40L3HNd5cxsbIM1kucfdrPBljWmyM9aiO1Nipm2 -8dyyir8AFnvoGQ6DPi58jVCCbqosL/GXtVk+IgJ+8eE5T8jvhxBovzxArSSVYIaj -ZxYi85ixfLr1DC5mg5CWWB8ZzmjaUwfyQAcL/F3Q11CkqHw1VDoDzvTBWbguBu6X -xXexlgOQx4/lr8X1pjbbAZktNTOYDt4dTuhrKPU35zW35wTnSBoPrQ3cpGlRcszE -IksZSHi41IQd0zUOGCNZYpPFq8mTwu5ECGHfNvWDH7zEuSkO54tS5Dukxqd8VIQl -h9GB2Uyel8tFm4s/Dx9+glKyvsXDJQz3JmFaB2wPyAPZ1KL4GFI5R0LjUVSFJapP -TO3Ia24naOu3qYXWQK6jGwaCbTT6tdhgNy8EI0aDmv2AgqOXycutMJXF5UqkDmwY -ZqpVdf/TrmBy42pk/C0vpqiy6E4N7WllxhiY2AekkA== ------END CERTIFICATE----- diff --git a/helper/tlsutil/test/hostname/Alice.key b/helper/tlsutil/test/hostname/Alice.key deleted file mode 100644 index fc37e7258..000000000 --- a/helper/tlsutil/test/hostname/Alice.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAssZjFfVdAnadpgF8S+oeuHFi0JSrLprEH4WTSJnmvIy2E+/s -si6XhyBeBuyYrrIZaE5xEck4tcG6vQZVNwVWHV+rarz1xRcBVF8jpA2khkt7zAmV -GHfT2YNEyKckCtP+vo0lO8e4wxlVDIScr5lwfQoCsRtEvFokerhgfaFq03g51wMz -dU+MDRODPmtz9U6E9pNiA5JWdbeYIOrvRIjgMyu0H6Sl6ztjLBshh4ZvrUKjT+i7 -mb9Ltpxlt7qfot23kDry0FdGnosu830dypCFArw55oj55Jt+aOsJqhTl0zSFOlaE -/5eFrVPORSJHbZNYJAyztYsiojEW4/4ZUaihsQIDAQABAoIBAF3C9szZdwKHu38J -YGtgSuRpc235yx4SRbJSmECHlyBknEowl2+MSCSysR3okNtuxSyTl3HAm2GYTZw9 -6guFXPji6EB/AldwDV5213Z/QT698Bu/GtdOYWm/EyA5qQmUzhKabGDCCwEoFBcQ -piziyMCLs4W3y4ENtfw3H0REmIZ3s0XQRzuDdFCEMbr0Ij6EhP3hSD6es4PWTeHY -LSwoXm0WAxyZudJLhWZaBRxvl+TDY7nVV1jRPQ+ojMJjXfyPo+c2hbbS6luj++qH -6qO7fEpr8EXhO8/0/bPUi0ozE1LVy1kXtEwfszesU9r5XeBq7yTCIa7TTJ35Niwf -T7Ar9NECgYEA0L77+B/3dtedhsMdyiHpcxV6A77OIHsezh8uJzE+nQEgqvJ88N1W -BbF7YByYmaP1/dBrPI7ON52AnDOyo2lM7fVOwr7Ch12tpoa5HFb2WndKt6KokXi/ -Tk8+zoCCZICCv1mtfIaepRTmxAeyqaFthchAv1nc7ojS1BWeXMLa9usCgYEA2z6N -YD8wV44d/qIMaSDVJlusyp8pi9l0ddB591KOYHhJ5RRF1qEd0pshj9sW6pcGGJqf -XFHAkEr/ZIACJK65Y+AFcbgzhyqX8Vy9LLYzWtpFP4SpjH19pYDTHaXvWsIjBlNG -poxtGYCQ8Uedm8IhtrbUorElQVjPlmRGU14B2tMCgYAPQCTAd/VoZVBI7DBc+CVK -FyOW6nW8wcH6ZSTGED720YJFevnNzx3dxJ2y4+PyNZxfMr7i6bv/LC6dOtmuPp80 -M1vRtoYXxaxOIkGb5G6TJWv8BpIyLpQrcHayN4lPNmRW/oJCOsOUY/aIE9fltLl/ -sKWqVTJi6vQcMogjVskQiQKBgHcH7f+sLtXKTdSaLDzDW5X4vcZARXEs/YKdTiqN -wsjzZcMej5AoZyWZnc4Zd8ajeebPw+d+Zxqv7RqmOQOrbPGhhbMo+6jN4jJjVD27 -KgSQbno+z0J8O0QovfXhyiKvNg7QFZKEuRLYb1jftd0DuAQYHTe7D2v8CLAw/tFy -P3WLAoGABcEQEDUWqxfFFCed4mYSoOHvD44YMIzeMMOHXRnGGWug0WkULxzUV1L4 -fTFPCqo6xsn/F3i7xRFpIWXlOzjZKHvw16ZpeZBNcdPjyk7XifhafJYLuknRe1fZ -lzLjhmvizTpd9GQIUS+39aGwGE9JI3H0NAdNA4pvEdKlPhJnG5U= ------END RSA PRIVATE KEY----- diff --git a/helper/tlsutil/test/hostname/CertAuth.crt b/helper/tlsutil/test/hostname/CertAuth.crt deleted file mode 100644 index 6c9d01ed0..000000000 --- a/helper/tlsutil/test/hostname/CertAuth.crt +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFADCCAuqgAwIBAgIBATALBgkqhkiG9w0BAQswEzERMA8GA1UEAxMIQ2VydEF1 -dGgwHhcNMTUwNTExMjI0NjQzWhcNMjUwNTExMjI0NjU0WjATMREwDwYDVQQDEwhD -ZXJ0QXV0aDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALcMByyynHsA -+K4PJwo5+XHygaEZAhPGvHiKQK2Cbc9NDm0ZTzx0rA/dRTZlvouhDyzcJHm+6R1F -j6zQv7iaSC3qQtJiPnPsfZ+/0XhFZ3fQWMnfDiGbZpF1kJF01ofB6vnsuocFC0zG -aGC+SZiLAzs+QMP3Bebw1elCBIeoN+8NWnRYmLsYIaYGJGBSbNo/lCpLTuinofUn -L3ehWEGv1INwpHnSVeN0Ml2GFe23d7PUlj/wNIHgUdpUR+KEJxIP3klwtsI3QpSH -c4VjWdf4aIcka6K3IFuw+K0PUh3xAAPnMpAQOtCZk0AhF5rlvUbevC6jADxpKxLp -OONmvCTer4LtyNURAoBH52vbK0r/DNcTpPEFV0IP66nXUFgkk0mRKsu8HTb4IOkC -X3K4mp18EiWUUtrHZAnNct0iIniDBqKK0yhSNhztG6VakVt/1WdQY9Ey3mNtxN1O -thqWFKdpKUzPKYC3P6PfVpiE7+VbWTLLXba+8BPe8BxWPsVkjJqGSGnCte4COusz -M8/7bbTgifwJfsepwFtZG53tvwjWlO46Exl30VoDNTaIGvs1fO0GqJlh2A7FN5F2 -S1rS5VYHtPK8QdmUSvyq+7JDBc1HNT5I2zsIQbNcLwDTZ5EsbU6QR7NHDJKxjv/w -bs3eTXJSSNcFD74wRU10pXjgE5wOFu9TAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIA -BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQHazgZ3Puiuc6K2LzgcX5b6fAC -PzAfBgNVHSMEGDAWgBQHazgZ3Puiuc6K2LzgcX5b6fACPzALBgkqhkiG9w0BAQsD -ggIBAEmeNrSUhpHg1I8dtfqu9hCU/6IZThjtcFA+QcPkkMa+Z1k0SOtsgW8MdlcA -gCf5g5yQZ0DdpWM9nDB6xDIhQdccm91idHgf8wmpEHUj0an4uyn2ESCt8eqrAWf7 -AClYORCASTYfguJCxcfvwtI1uqaOeCxSOdmFay79UVitVsWeonbCRGsVgBDifJxw -G2oCQqoYAmXPM4J6syk5GHhB1O9MMq+g1+hOx9s+XHyTui9FL4V+IUO1ygVqEQB5 -PSiRBvcIsajSGVao+vK0gf2XfcXzqr3y3NhBky9rFMp1g+ykb2yWekV4WiROJlCj -TsWwWZDRyjiGahDbho/XW8JciouHZhJdjhmO31rqW3HdFviCTdXMiGk3GQIzz/Jg -P+enOaHXoY9lcxzDvY9z1BysWBgNvNrMnVge/fLP9o+a0a0PRIIVl8T0Ef3zeg1O -CLCSy/1Vae5Tx63ZTFvGFdOSusYkG9rlAUHXZE364JRCKzM9Bz0bM+t+LaO0MaEb -YoxcXEPU+gB2IvmARpInN3oHexR6ekuYHVTRGdWrdmuHFzc7eFwygRqTFdoCCU+G -QZEkd+lOEyv0zvQqYg+Jp0AEGz2B2zB53uBVECtn0EqrSdPtRzUBSByXVs6QhSXn -eVmy+z3U3MecP63X6oSPXekqSyZFuegXpNNuHkjNoL4ep2ix ------END CERTIFICATE----- diff --git a/helper/tlsutil/test/key/ourdomain.cer b/helper/tlsutil/test/key/ourdomain.cer deleted file mode 100644 index 447cd3710..000000000 --- a/helper/tlsutil/test/key/ourdomain.cer +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBDjANBgkqhkiG9w0BAQUFADCBmDELMAkGA1UEBhMCVVMx -CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKExNI -YXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLEwNEZXYxFjAUBgNVBAMTDXRlc3Qu -aW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMB4XDTE2 -MDYwNDE4NTkxMFoXDTE3MDYwNDE4NTkxMFowgYkxGDAWBgNVBAMTD3Rlc3Rjby5p -bnRlcm5hbDETMBEGA1UECBMKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxHjAcBgkq -hkiG9w0BCQEWD3Rlc3RAdGVzdGNvLmNvbTEcMBoGA1UEChMTSGFzaGljb3JwIFRl -c3QgQ2VydDENMAsGA1UECxMEQmV0YTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC -gYEAzNCiwaIhJ26tqXzmwB+oJzstp41X8ygpsywCOzEuHgD+Dck2CLOhlJHmqO3b -sHfv87g3HtdJaF1tO1PQqdHxpJS3vyogUuP8iy6rHgkGtExWgsRxILtbpfzyG1Rt -TgO4pg7uOlCe1p5oDNnHj1YTgmhtRpB0x054DdSvjKVHY5UCAwEAAaOBqDCBpTAJ -BgNVHRMEAjAAMB0GA1UdDgQWBBTHULSXbpeHHFM+lq/HYq8m38a00TAfBgNVHSME -GDAWgBSj+es5+q9t57ZWSVUogWXJARu4lTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYw -FAYIKwYBBQUHAwEGCCsGAQUFBwMCMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly9w -YXRoLnRvLmNybC9teWNhLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAjJKtWTVyFk7u -WGQlXHRBgt0/qWjnHzVOXcVJxaL1uuddhY1mOsmHxuvbM5SqfvnyRf1Dbvmm4y+E -8hNn9lESmQKRiq1XX2H0/K8AXfNIglqLCB+Fx5GgLJ8jboDsuJsq7SxYHVj4NIOY -9gf83cwxpxAV9JuR9izBIs7afP75MvjjuveLgIpyNzbdCt9/71WQY3Wt0epYRWLD -DGeP4zEBR6KMu3vILWX3kRlpvX1OcfqvcRpzpNRDmpzzMwOHQBtBp3/7lf43yGLg -ZxWuUzWCN5RXZZHhsSNqlplXjcyCEyAPTxiE0hbAKhAJeWjadnUJ88SC41bGjDor -FU3JVe6aqw== ------END CERTIFICATE----- diff --git a/helper/tlsutil/test/key/ourdomain.csr b/helper/tlsutil/test/key/ourdomain.csr deleted file mode 100644 index 149827cb3..000000000 --- a/helper/tlsutil/test/key/ourdomain.csr +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIB4DCCAUkCAQAwgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh -MRQwEgYDVQQHEwtMb3MgQW5nZWxlczEcMBoGA1UEChMTSGFzaGljb3JwIFRlc3Qg -Q2VydDENMAsGA1UECxMEQmV0YTEYMBYGA1UEAxMPdGVzdGNvLmludGVybmFsMR4w -HAYJKoZIhvcNAQkBFg90ZXN0QHRlc3Rjby5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD -gY0AMIGJAoGBAMzQosGiISdural85sAfqCc7LaeNV/MoKbMsAjsxLh4A/g3JNgiz -oZSR5qjt27B37/O4Nx7XSWhdbTtT0KnR8aSUt78qIFLj/Isuqx4JBrRMVoLEcSC7 -W6X88htUbU4DuKYO7jpQntaeaAzZx49WE4JobUaQdMdOeA3Ur4ylR2OVAgMBAAGg -ADANBgkqhkiG9w0BAQUFAAOBgQBvz0CFO6td/cc6MzyWXNgfiYqdvDvq9JoEvROS -CG6ZsOAJc15ePw9px4wYK2fQZQVZkSWl0vpIZNnIWAdQboAKAQmfnE6CPHc+5ePJ -LxFIL2vG/4UYnKdbR2dxSpNxyfF59tXwVDS6qeietaZz596F2D3cBwBflxJcK2nD -JkTOOA== ------END CERTIFICATE REQUEST----- diff --git a/helper/tlsutil/test/key/ourdomain.key b/helper/tlsutil/test/key/ourdomain.key deleted file mode 100644 index 9e033369e..000000000 --- a/helper/tlsutil/test/key/ourdomain.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDM0KLBoiEnbq2pfObAH6gnOy2njVfzKCmzLAI7MS4eAP4NyTYI -s6GUkeao7duwd+/zuDce10loXW07U9Cp0fGklLe/KiBS4/yLLqseCQa0TFaCxHEg -u1ul/PIbVG1OA7imDu46UJ7WnmgM2cePVhOCaG1GkHTHTngN1K+MpUdjlQIDAQAB -AoGAJY4oGdtRuvpHa6mUYiwr2C24vF1lgBegNdNfAV2OOEA0VXDMsKHHggeSxO0A -eIY1gHoJ2WTed/2RluxSeaEebpwNp1e2V+JpJRVAF+PNBGng1WMIlK81vC6zZspm -AKe9O3XQZmIGKw1YyTOmYERAImjAarP0sKRAjkdfRTHEEcECQQD1W6ZtCJQvdDC/ -GKKEOUzIB8l/hUAQSHc0pEhctLWU1VnFGfhFFRnUr2FFrbnF5gvvz8GdQtEXXuzX -9NSlnrblAkEA1bLQNwRz77ZQoMHme/E13ITDoBl+YUWZVN7+n0DkUgu6JdRsmYh6 -nAIcoAS0CjxyNoPssDshdjyLcMxuT27+8QJAYCYEN+IOv/HWUGyE8y/JKPH0Qmaj -Tj43iIeAW+Ps7GAXB6g/pEK6lqALjFSh4i1eLCHMC6Ztba0jPxWQZz6lCQJBAJfD -oQmhmPChyssQSa62FGlixEecM1vDgOx8XdodzMjT2URqgyHagjDvcwLVtEMcwIQk -1uAlblM5FlJqbODu1BECQQC71WumyTo9/9Z9QR67WRd0yE1JHs3HUUvzw4JFNkRs -n0Tu7GZHDdzLaSodtC47tPJfYkdJwxBr20+RSCzF3VZF ------END RSA PRIVATE KEY----- diff --git a/helper/tlsutil/test/key/ssl-cert-snakeoil.key b/helper/tlsutil/test/key/ssl-cert-snakeoil.key deleted file mode 100644 index 22cc4acb1..000000000 --- a/helper/tlsutil/test/key/ssl-cert-snakeoil.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDYVw5skn/3Ka72 -32ZaCrKtRVoQzan3tghq41KpQe3yZxIZbKy7sbwfdXnXVSwTAbq/3BYi9rya2t/v -W95yZh6JgfrLBvWl9Jo1EttZIxDhzCXGP+MPWm2KdNtHr84JznJbdxRpR0Jb4ykK -2d9dXbLJvCw8eEDFgOVGrj60USMir46sZFRvGWlMi+yHSOE+WQXaU40Dr0ZJqNvd -RNO9BtqpLaecZQaYTvlkyVdhjUE3+gQ0zEAQqpLcWi+zB5/IyR2+KwxDT3vAJumd -G7rIaGatPE8k0Ahb+zMKFFGYCoQ3sjbAbrQmrVtH4SU6ggl+CxpVdxshrK1W05Ms -WAiPw81/AgMBAAECggEAKjDIKlpjxGMHsTOeNV8yu2H0D6TcSefhOl885q9p5UU+ -nWC5Sx19b7EsYtdEcix7LCGS25y86YJX+8kx16OcvvpvW5ru2z+Zt1IHHxocl7yF -fWVGNd9Pz5m8jf12NClj2fyeKW3xPhROE8Srr/yu+nLNObnF//6EOEWRCv9r176C -+dzYvYVNPP48Ug7NpjQB94CBprtJyqvuoXvBPtpARXazVniYEhnzG1Gaj1TiCII5 -+emaMjKcWIEJ5stbBb3lUtqgm8bRNb/qcxoFfqTzHP+hbum9hbRz0KEIlAkm7uAv -S0TlyLuaj+gPQ+LwNX8EhGKUdlK/VM5bj2kq/tg3AQKBgQD/+A8ruHNa5nKGKNzP -dp+hXiL2sSzefMjDa2+sRJ0yftIMqYRfCJwzYumjfyycfCsu1LHainlQjSO6Kkgc -c0xVxnahWyPCQiqZuo9lLx4EVXCdRqWRg+pbyQhTSz90hfWEKD7XWsI8uRkOEnW8 -36FiyovGDFxl0esaKrFNSFdmgQKBgQDYXcSIRJk41f7vL6FVmchpUnVYoD75k9YT -FqEplNMw6gXcqbC2aNH5wj7EJlRboyVpjXV4N0d2Cz6AwREJpr/rYpq68AixXmVs -kTKwevoHm/tln7CN+CyIEy6KXdLp4KoWLFfSG6tHWRwIGFxWEGrrIZS6Eznu4GPe -V2yOnMkz/wKBgC6nXtSALP5PbGZJgl2J6HR3/PVru5rdsZX0ugjzBJfUh6JpL0hH -AHlZOO5k2pO3CgPiHnyPqqbk4rMmy7frx+kGYE7ulqjseGlGmKY/nT/69qij3L+W -BJwwGwVbfLhXRjWNRE7qKub4cbmf4bfIJtkjw7AYRqsERM6jI2fLnKqBAoGAUBzY -CkSsHxlNXa7bI+DfDfBUNs6OwsZ0e3jjj4vlbrUYGo5SOhgxtzKvHt26Wnvb/Gs+ -VZbSROkA6ZeTAWnWogdOl20NKu9yynIwvJusPGkK+qPYMZj0lCXWE7GNyL9A+xjM -I6XPE4nxESZD+jH2BL3YXdWEm+hF0iu4rE1tSm0CgYEAxssvvX7qcfTmxsp1YSHJ -H5j9ifkakci5W2VbCbdMtdOlgIlCFr2JYguaL98jx7WIJ4iH54ue/fbOdlkPCOsz -YGU4TceSRHeEJ7F6c67NOXm8j2TquAW2uYH87w07g2PIUwl/pp439qoDiThA6jEX -2ztyXgNUi7poqehPUoQuvC0= ------END PRIVATE KEY----- diff --git a/helper/tlsutil/test/key/ssl-cert-snakeoil.pem b/helper/tlsutil/test/key/ssl-cert-snakeoil.pem deleted file mode 100644 index b8ad2c8a6..000000000 --- a/helper/tlsutil/test/key/ssl-cert-snakeoil.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICsjCCAZqgAwIBAgIJAMi7aUCplU3VMA0GCSqGSIb3DQEBBQUAMBExDzANBgNV -BAMTBnVidW50dTAeFw0xMjEyMDIwNDQ3MzBaFw0yMjExMzAwNDQ3MzBaMBExDzAN -BgNVBAMTBnVidW50dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANhX -DmySf/cprvbfZloKsq1FWhDNqfe2CGrjUqlB7fJnEhlsrLuxvB91eddVLBMBur/c -FiL2vJra3+9b3nJmHomB+ssG9aX0mjUS21kjEOHMJcY/4w9abYp020evzgnOclt3 -FGlHQlvjKQrZ311dssm8LDx4QMWA5UauPrRRIyKvjqxkVG8ZaUyL7IdI4T5ZBdpT -jQOvRkmo291E070G2qktp5xlBphO+WTJV2GNQTf6BDTMQBCqktxaL7MHn8jJHb4r -DENPe8Am6Z0bushoZq08TyTQCFv7MwoUUZgKhDeyNsButCatW0fhJTqCCX4LGlV3 -GyGsrVbTkyxYCI/DzX8CAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQUF -AAOCAQEAQaS5yAih5NBV2edX1wkIQfAUElqmzoXvxsozDYy+P+S5tJeFXDSqzTAy -qkd/6qjkBdaARfKUJZeT/jRjqxoNtE9SR4PMOnD4zrqD26ujgZRVtPImbmVxCnMI -1B9LwvhpDHZuPGN5bPp3o+iDYea8zkS3Y31Ic889KSwKBDb1LlNogOdved+2DGd1 -yCxEErImbl4B0+QPrRk2bWbDfKhDfJ2FV+9kWIoEuCQBpr2tj1E5zvTadOVm5P2M -u7kjGl4w0GIAONiMC9l2TwMmPuG1jpM/WjQkG0sTKOCl7xQKgXBNJ78Wm2bfGtgb -shr/PNbS/EyISlUa07+zJtiRnr/EiQ== ------END CERTIFICATE----- diff --git a/helper/tlsutil/test/notes.txt b/helper/tlsutil/test/notes.txt deleted file mode 100644 index ae4f70982..000000000 --- a/helper/tlsutil/test/notes.txt +++ /dev/null @@ -1 +0,0 @@ -Instructions from https://langui.sh/2009/01/18/openssl-self-signed-ca/ diff --git a/helper/tlsutil/testdata/README.md b/helper/tlsutil/testdata/README.md new file mode 100644 index 000000000..234500c7f --- /dev/null +++ b/helper/tlsutil/testdata/README.md @@ -0,0 +1,31 @@ +# Nomad Test Certificate + +Using [cfssl 1.2.0](https://github.com/cloudflare/cfssl) + +| File | Description | +|---------------------|---------------------------| +| `ca.pem` | CA certificate | +| `ca-key.pem` | CA Key | +| `nomad-foo.pem` | Nomad cert for foo region | +| `nomad-foo-key.pem` | Nomad key for foo region | +| `ca-bad.pem` | CA cert for bad region | +| `ca-key-bad.pem` | CA key for bad region | +| `nomad-bad.pem` | Nomad cert for bad region | +| `nomad-bad-key.pem` | Nomad key for bad region | + +## Generating self-signed certs +```sh +# Write defaults and update +cfssl print-defaults csr > ca-csr.json +cfssl print-defaults config > ca.config.json + +# Generate CA certificate and key +cfssl gencert -config ca-config.json -initca ca-csr.json | cfssljson -bare ca - + +# Generate Nomad certificate and key +cfssl gencert -ca ca.pem -ca-key ca-key.pem -config ca-config.json nomad-foo-csr.json | cfssljson -bare nomad-foo + +# Generate bad region CA and certificate +cfssl gencert -config ca-config.json -initca ca-bad-csr.json | cfssljson -bare ca-bad - +cfssl gencert -ca ca-bad.pem -ca-key ca-bad-key.pem -config ca-config.json nomad-bad-csr.json | cfssljson -bare nomad-bad +``` diff --git a/helper/tlsutil/testdata/ca-bad-csr.json b/helper/tlsutil/testdata/ca-bad-csr.json new file mode 100644 index 000000000..83de7c50e --- /dev/null +++ b/helper/tlsutil/testdata/ca-bad-csr.json @@ -0,0 +1,16 @@ +{ + "CN": "bad.nomad.hashicorp", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "C": "US", + "L": "San Francisco", + "O": "HashiCorp", + "OU": "Nomad", + "ST": "California" + } + ] +} diff --git a/helper/tlsutil/testdata/ca-bad-key.pem b/helper/tlsutil/testdata/ca-bad-key.pem new file mode 100644 index 000000000..564b55385 --- /dev/null +++ b/helper/tlsutil/testdata/ca-bad-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIMoAkGQf6pbzlfkfde2eqJ2aRHd57UlLGyeHKZl5uBCRoAoGCCqGSM49 +AwEHoUQDQgAEVdRIolwS83FQtAGQr1B+TLei8Dl16ohJKRU9VabjAsfAes+Bdc7J +W0pSdKR7OodyvASRkswPEV8a8Q7UEE+nQQ== +-----END EC PRIVATE KEY----- diff --git a/helper/tlsutil/testdata/ca-bad.csr b/helper/tlsutil/testdata/ca-bad.csr new file mode 100644 index 000000000..723e3bd08 --- /dev/null +++ b/helper/tlsutil/testdata/ca-bad.csr @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBODCB3gIBADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEW +MBQGA1UEBxMNU2FuIEZyYW5jaXNjbzESMBAGA1UEChMJSGFzaGlDb3JwMQ4wDAYD +VQQLEwVOb21hZDEcMBoGA1UEAxMTYmFkLm5vbWFkLmhhc2hpY29ycDBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABFXUSKJcEvNxULQBkK9Qfky3ovA5deqISSkVPVWm +4wLHwHrPgXXOyVtKUnSkezqHcrwEkZLMDxFfGvEO1BBPp0GgADAKBggqhkjOPQQD +AgNJADBGAiEAlDrhex3blc/xFbgtqbgm6W6EfLTkc8nqypeujpRhkFkCIQCsNM3u +/mfAk4r1krhVe74l65Qkwe4SyPY72O1xwNtmDw== +-----END CERTIFICATE REQUEST----- diff --git a/helper/tlsutil/testdata/ca-bad.pem b/helper/tlsutil/testdata/ca-bad.pem new file mode 100644 index 000000000..68f1ddf40 --- /dev/null +++ b/helper/tlsutil/testdata/ca-bad.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICPDCCAeKgAwIBAgIUfYHyE7pTzpWRRdlA8PrR0EphEXowCgYIKoZIzj0EAwIw +fDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh +biBGcmFuY2lzY28xEjAQBgNVBAoTCUhhc2hpQ29ycDEOMAwGA1UECxMFTm9tYWQx +HDAaBgNVBAMTE2JhZC5ub21hZC5oYXNoaWNvcnAwHhcNMTYxMTEwMjAxMDAwWhcN +MjExMTA5MjAxMDAwWjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p +YTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzESMBAGA1UEChMJSGFzaGlDb3JwMQ4w +DAYDVQQLEwVOb21hZDEcMBoGA1UEAxMTYmFkLm5vbWFkLmhhc2hpY29ycDBZMBMG +ByqGSM49AgEGCCqGSM49AwEHA0IABFXUSKJcEvNxULQBkK9Qfky3ovA5deqISSkV +PVWm4wLHwHrPgXXOyVtKUnSkezqHcrwEkZLMDxFfGvEO1BBPp0GjQjBAMA4GA1Ud +DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQc8MtKDOUeoESH +5zgDsd5PQZbKAjAKBggqhkjOPQQDAgNIADBFAiBQOS75fLCOvNKo8yNlPFW0/QRA +yq6X3mXiVysaoWA7zwIhAIbRn1g6KFhvLNWGgVrl4DRn1PtNIiPWiGoeMRzM0PKI +-----END CERTIFICATE----- diff --git a/helper/tlsutil/testdata/ca-config.json b/helper/tlsutil/testdata/ca-config.json new file mode 100644 index 000000000..798788396 --- /dev/null +++ b/helper/tlsutil/testdata/ca-config.json @@ -0,0 +1,14 @@ +{ + "signing": { + "default": { + "expiry": "876000h", + "usages": [ + "signing", + "key encipherment", + "server auth", + "client auth" + ] + } + } +} + diff --git a/helper/tlsutil/testdata/ca-csr.json b/helper/tlsutil/testdata/ca-csr.json new file mode 100644 index 000000000..bb2770c27 --- /dev/null +++ b/helper/tlsutil/testdata/ca-csr.json @@ -0,0 +1,16 @@ +{ + "CN": "nomad.hashicorp", + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "C": "US", + "L": "San Francisco", + "O": "HashiCorp", + "OU": "Nomad", + "ST": "California" + } + ] +} diff --git a/helper/tlsutil/testdata/ca-key.pem b/helper/tlsutil/testdata/ca-key.pem new file mode 100644 index 000000000..32dbbf25e --- /dev/null +++ b/helper/tlsutil/testdata/ca-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIA2odCg8+DKEDN1JgtU9FEikLPTBlbwqOwfnWKCMHecdoAoGCCqGSM49 +AwEHoUQDQgAEXyZk3R82CDDw/EivpI+RnO/X5qTnIOsJ2+CTVcAqlsPTvrjXWSWV +kouEP+B6IzORU0gamMTYEq5mP6N6EKwj5Q== +-----END EC PRIVATE KEY----- diff --git a/helper/tlsutil/testdata/ca.csr b/helper/tlsutil/testdata/ca.csr new file mode 100644 index 000000000..37d6497e3 --- /dev/null +++ b/helper/tlsutil/testdata/ca.csr @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBNDCB2gIBADB4MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEW +MBQGA1UEBxMNU2FuIEZyYW5jaXNjbzESMBAGA1UEChMJSGFzaGlDb3JwMQ4wDAYD +VQQLEwVOb21hZDEYMBYGA1UEAxMPbm9tYWQuaGFzaGljb3JwMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEXyZk3R82CDDw/EivpI+RnO/X5qTnIOsJ2+CTVcAqlsPT +vrjXWSWVkouEP+B6IzORU0gamMTYEq5mP6N6EKwj5aAAMAoGCCqGSM49BAMCA0kA +MEYCIQD2LSQOIxKrDTDmGNyVxWZMrdKake40LTQV8oE26FlWOAIhAON6vRr1KVVg +uLc9+7FyjRvL/q8GLWKKuFO2RvtRSmnS +-----END CERTIFICATE REQUEST----- diff --git a/helper/tlsutil/testdata/ca.pem b/helper/tlsutil/testdata/ca.pem new file mode 100644 index 000000000..9666d2912 --- /dev/null +++ b/helper/tlsutil/testdata/ca.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICMzCCAdqgAwIBAgIUNZ9L86Xp9EuDH0/qyAesh599LXQwCgYIKoZIzj0EAwIw +eDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh +biBGcmFuY2lzY28xEjAQBgNVBAoTCUhhc2hpQ29ycDEOMAwGA1UECxMFTm9tYWQx +GDAWBgNVBAMTD25vbWFkLmhhc2hpY29ycDAeFw0xNjExMTAxOTQ4MDBaFw0yMTEx +MDkxOTQ4MDBaMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYw +FAYDVQQHEw1TYW4gRnJhbmNpc2NvMRIwEAYDVQQKEwlIYXNoaUNvcnAxDjAMBgNV +BAsTBU5vbWFkMRgwFgYDVQQDEw9ub21hZC5oYXNoaWNvcnAwWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAARfJmTdHzYIMPD8SK+kj5Gc79fmpOcg6wnb4JNVwCqWw9O+ +uNdZJZWSi4Q/4HojM5FTSBqYxNgSrmY/o3oQrCPlo0IwQDAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUOjVq/BectnhcKn6EHUD4NJFm +/UAwCgYIKoZIzj0EAwIDRwAwRAIgTemDJGSGtcQPXLWKiQNw4SKO9wAPhn/WoKW4 +Ln2ZUe8CIDsQswBQS7URbqnKYDye2Y4befJkr4fmhhmMQb2ex9A4 +-----END CERTIFICATE----- diff --git a/helper/tlsutil/testdata/nomad-bad-csr.json b/helper/tlsutil/testdata/nomad-bad-csr.json new file mode 100644 index 000000000..869a65cf3 --- /dev/null +++ b/helper/tlsutil/testdata/nomad-bad-csr.json @@ -0,0 +1,20 @@ +{ + "CN": "regionBad.nomad", + "hosts": [ + "server.regionBad.nomad", + "client.regionBad.nomad" + ], + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "C": "US", + "L": "San Francisco", + "O": "HashiCorp", + "OU": "Nomad", + "ST": "California" + } + ] +} diff --git a/helper/tlsutil/testdata/nomad-bad-key.pem b/helper/tlsutil/testdata/nomad-bad-key.pem new file mode 100644 index 000000000..857170d51 --- /dev/null +++ b/helper/tlsutil/testdata/nomad-bad-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIK7Z1byjkuIHrqi+yEv4YFECfWwRgVe/+jM2ubT/vSHtoAoGCCqGSM49 +AwEHoUQDQgAEJOqFycJcTayr5epKXnkeDSXORGBSNm98u6HY2LueSaeLCPdSVQ6p +6cmrZMhpmr3QFmuLdFOh5HmlqipNev2XGA== +-----END EC PRIVATE KEY----- diff --git a/helper/tlsutil/testdata/nomad-bad.csr b/helper/tlsutil/testdata/nomad-bad.csr new file mode 100644 index 000000000..d42fd6757 --- /dev/null +++ b/helper/tlsutil/testdata/nomad-bad.csr @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBgDCCASYCAQAweDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx +FjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoTCUhhc2hpQ29ycDEOMAwG +A1UECxMFTm9tYWQxGDAWBgNVBAMTD3JlZ2lvbkJhZC5ub21hZDBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABCTqhcnCXE2sq+XqSl55Hg0lzkRgUjZvfLuh2Ni7nkmn +iwj3UlUOqenJq2TIaZq90BZri3RToeR5paoqTXr9lxigTDBKBgkqhkiG9w0BCQ4x +PTA7MDkGA1UdEQQyMDCCFnNlcnZlci5yZWdpb25CYWQubm9tYWSCFmNsaWVudC5y +ZWdpb25CYWQubm9tYWQwCgYIKoZIzj0EAwIDSAAwRQIgXmUj5179tpsp/dkLBLJD +TcMCsPOowiEZ+49yxGT6NuwCIQCPGRJTCZ9qlUQCZ5zaFbigxscl1ACMNLhlhaWx +XawgdQ== +-----END CERTIFICATE REQUEST----- diff --git a/helper/tlsutil/testdata/nomad-bad.pem b/helper/tlsutil/testdata/nomad-bad.pem new file mode 100644 index 000000000..b1890d5bd --- /dev/null +++ b/helper/tlsutil/testdata/nomad-bad.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtTCCAlqgAwIBAgIUQp/L2szbgE4b1ASlPOZMReFE27owCgYIKoZIzj0EAwIw +fDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh +biBGcmFuY2lzY28xEjAQBgNVBAoTCUhhc2hpQ29ycDEOMAwGA1UECxMFTm9tYWQx +HDAaBgNVBAMTE2JhZC5ub21hZC5oYXNoaWNvcnAwIBcNMTYxMTEwMjAxMDAwWhgP +MjExNjEwMTcyMDEwMDBaMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y +bmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRIwEAYDVQQKEwlIYXNoaUNvcnAx +DjAMBgNVBAsTBU5vbWFkMRgwFgYDVQQDEw9yZWdpb25CYWQubm9tYWQwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAQk6oXJwlxNrKvl6kpeeR4NJc5EYFI2b3y7odjY +u55Jp4sI91JVDqnpyatkyGmavdAWa4t0U6HkeaWqKk16/ZcYo4G7MIG4MA4GA1Ud +DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T +AQH/BAIwADAdBgNVHQ4EFgQUxhzOftFR2L0QAPx8LOuP99WPbpgwHwYDVR0jBBgw +FoAUHPDLSgzlHqBEh+c4A7HeT0GWygIwOQYDVR0RBDIwMIIWc2VydmVyLnJlZ2lv +bkJhZC5ub21hZIIWY2xpZW50LnJlZ2lvbkJhZC5ub21hZDAKBggqhkjOPQQDAgNJ +ADBGAiEAq2rnBeX/St/8i9Cab7Yw0C7pjcaE+mrFYeQByng1Uc0CIQD/o4BrZdkX +Nm7QGTRZbUFZTHYZr0ULz08Iaz2aHQ6Mcw== +-----END CERTIFICATE----- diff --git a/helper/tlsutil/testdata/nomad-foo-csr.json b/helper/tlsutil/testdata/nomad-foo-csr.json new file mode 100644 index 000000000..69a173cce --- /dev/null +++ b/helper/tlsutil/testdata/nomad-foo-csr.json @@ -0,0 +1,20 @@ +{ + "CN": "regionFoo.nomad", + "hosts": [ + "server.regionFoo.nomad", + "client.regionFoo.nomad" + ], + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "C": "US", + "L": "San Francisco", + "O": "HashiCorp", + "OU": "Nomad", + "ST": "California" + } + ] +} diff --git a/helper/tlsutil/testdata/nomad-foo-key.pem b/helper/tlsutil/testdata/nomad-foo-key.pem new file mode 100644 index 000000000..79b50cdbe --- /dev/null +++ b/helper/tlsutil/testdata/nomad-foo-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIIQUxKnz5rmqTCrpNk93WMWMtGTQ1tWk6vIojuvFm86aoAoGCCqGSM49 +AwEHoUQDQgAE6oZIU2Ob4QGUtiXGYg/pJBN1fxT/qFs9Y5sHR9+QQ78IXB55ghVZ +vcUo0+pgCWEyqDUrSKV4PQVuETNqs/Swvg== +-----END EC PRIVATE KEY----- diff --git a/helper/tlsutil/testdata/nomad-foo.csr b/helper/tlsutil/testdata/nomad-foo.csr new file mode 100644 index 000000000..8f387aa73 --- /dev/null +++ b/helper/tlsutil/testdata/nomad-foo.csr @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBgDCCASYCAQAweDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx +FjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoTCUhhc2hpQ29ycDEOMAwG +A1UECxMFTm9tYWQxGDAWBgNVBAMTD3JlZ2lvbkZvby5ub21hZDBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABOqGSFNjm+EBlLYlxmIP6SQTdX8U/6hbPWObB0ffkEO/ +CFweeYIVWb3FKNPqYAlhMqg1K0ileD0FbhEzarP0sL6gTDBKBgkqhkiG9w0BCQ4x +PTA7MDkGA1UdEQQyMDCCFnNlcnZlci5yZWdpb25Gb28ubm9tYWSCFmNsaWVudC5y +ZWdpb25Gb28ubm9tYWQwCgYIKoZIzj0EAwIDSAAwRQIgCsKcfFyhJT9emjXo/0Zj +kGtL5gXi/cIT49S6Ju7oF/8CIQCelbGtYcq6iHqAwYyMWkC03vlwo5hIsY5BFNVi +1FAZHw== +-----END CERTIFICATE REQUEST----- diff --git a/helper/tlsutil/testdata/nomad-foo.pem b/helper/tlsutil/testdata/nomad-foo.pem new file mode 100644 index 000000000..eeba48033 --- /dev/null +++ b/helper/tlsutil/testdata/nomad-foo.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrzCCAlagAwIBAgIUN+4rYZ6wqQCIBzYYd0sfX2e8hDowCgYIKoZIzj0EAwIw +eDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh +biBGcmFuY2lzY28xEjAQBgNVBAoTCUhhc2hpQ29ycDEOMAwGA1UECxMFTm9tYWQx +GDAWBgNVBAMTD25vbWFkLmhhc2hpY29ycDAgFw0xNjExMTAxOTU2MDBaGA8yMTE2 +MTAxNzE5NTYwMFoweDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx +FjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoTCUhhc2hpQ29ycDEOMAwG +A1UECxMFTm9tYWQxGDAWBgNVBAMTD3JlZ2lvbkZvby5ub21hZDBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABOqGSFNjm+EBlLYlxmIP6SQTdX8U/6hbPWObB0ffkEO/ +CFweeYIVWb3FKNPqYAlhMqg1K0ileD0FbhEzarP0sL6jgbswgbgwDgYDVR0PAQH/ +BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E +AjAAMB0GA1UdDgQWBBQnMcjU4yI3k0AoMtapACpO+w9QMTAfBgNVHSMEGDAWgBQ6 +NWr8F5y2eFwqfoQdQPg0kWb9QDA5BgNVHREEMjAwghZzZXJ2ZXIucmVnaW9uRm9v +Lm5vbWFkghZjbGllbnQucmVnaW9uRm9vLm5vbWFkMAoGCCqGSM49BAMCA0cAMEQC +ICrvzc5NzqhdT/HkazAx5OOUU8hqoptnmhRmwn6X+0y9AiA8bNvMUxHz3ZLjGBiw +PLBDC2UaSDqJqiiYpYegLhbQtw== +-----END CERTIFICATE-----