Cert backend, CRL tests
This commit is contained in:
vishalnayak
parent
6602aea52b
commit
fde768125c
|
|
@ -15,6 +15,230 @@ import (
|
|||
"github.com/mitchellh/mapstructure"
|
||||
)
|
||||
|
||||
const (
|
||||
serverCertPath = "test-fixtures/rootcacert.pem"
|
||||
serverKeyPath = "test-fixtures/rootcakey.pem"
|
||||
serverCAPath = serverCertPath
|
||||
|
||||
testRootCACertPath1 = "test-fixtures/testrootcacert.pem"
|
||||
testRootCAKeyPath1 = "test-fixtures/testrootcakey.pem"
|
||||
testCertPath1 = "test-fixtures/testcert.pem"
|
||||
testKeyPath1 = "test-fixtures/testkey.pem"
|
||||
testIssuedCertCRL = "test-fixtures/issuedcrl"
|
||||
|
||||
testRootCACertPath2 = "test-fixtures/testrootcacert2.pem"
|
||||
testRootCAKeyPath2 = "test-fixtures/testrootcakey2.pem"
|
||||
testRootCertCRL = "test-fixtures/rootcrl"
|
||||
)
|
||||
|
||||
// Unlike testConnState, this method does not use the same 'tls.Config' objects for
|
||||
// both dialing and listening. Instead, it runs the server without specifying its CA.
|
||||
// But the client, presents the CA cert of the server to trust the server.
|
||||
// The client can present a cert and key which is completely independent of server's CA.
|
||||
// The connection state returned will contain the certificate presented by the client.
|
||||
func connectionState(t *testing.T, serverCAPath, serverCertPath, serverKeyPath, clientCertPath, clientKeyPath string) tls.ConnectionState {
|
||||
serverKeyPair, err := tls.LoadX509KeyPair(serverCertPath, serverKeyPath)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
// Prepare the listener configuration with server's key pair
|
||||
listenConf := &tls.Config{
|
||||
Certificates: []tls.Certificate{serverKeyPair},
|
||||
ClientAuth: tls.RequestClientCert,
|
||||
}
|
||||
|
||||
clientKeyPair, err := tls.LoadX509KeyPair(clientCertPath, clientKeyPath)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
// Load the CA cert required by the client to authenticate the server.
|
||||
serverCAs, err := api.LoadCACert(serverCAPath)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
// Prepare the dial configuration that the client uses to establish the connection.
|
||||
dialConf := &tls.Config{
|
||||
Certificates: []tls.Certificate{clientKeyPair},
|
||||
RootCAs: serverCAs,
|
||||
}
|
||||
|
||||
// Start the server.
|
||||
list, err := tls.Listen("tcp", "127.0.0.1:0", listenConf)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer list.Close()
|
||||
|
||||
// Establish a connection from the client side and write a few bytes.
|
||||
go func() {
|
||||
addr := list.Addr().String()
|
||||
conn, err := tls.Dial("tcp", addr, dialConf)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
defer conn.Close()
|
||||
|
||||
// Write ping
|
||||
conn.Write([]byte("ping"))
|
||||
}()
|
||||
|
||||
// Accept the connection on the server side.
|
||||
serverConn, err := list.Accept()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer serverConn.Close()
|
||||
|
||||
// Read the ping
|
||||
buf := make([]byte, 4)
|
||||
serverConn.Read(buf)
|
||||
|
||||
// Grab the current state
|
||||
connState := serverConn.(*tls.Conn).ConnectionState()
|
||||
return connState
|
||||
}
|
||||
|
||||
func TestBackend_CRLs(t *testing.T) {
|
||||
config := logical.TestBackendConfig()
|
||||
storage := &logical.InmemStorage{}
|
||||
config.StorageView = storage
|
||||
|
||||
b, err := Factory(config)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
clientCA1, err := ioutil.ReadFile(testRootCACertPath1)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
// Register the CA certificate of the client key pair
|
||||
certData := map[string]interface{}{
|
||||
"certificate": clientCA1,
|
||||
"policies": "abc",
|
||||
"display_name": "cert1",
|
||||
"ttl": 10000,
|
||||
}
|
||||
|
||||
certReq := &logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
Path: "certs/cert1",
|
||||
Storage: storage,
|
||||
Data: certData,
|
||||
}
|
||||
|
||||
_, err = b.HandleRequest(certReq)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Connection state is presenting the client CA cert and its key.
|
||||
// This is exactly what is registered at the backend.
|
||||
connState := connectionState(t, serverCAPath, serverCertPath, serverKeyPath, testRootCACertPath1, testRootCAKeyPath1)
|
||||
loginReq := &logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
Storage: storage,
|
||||
Path: "login",
|
||||
Connection: &logical.Connection{
|
||||
ConnState: &connState,
|
||||
},
|
||||
}
|
||||
resp, err := b.HandleRequest(loginReq)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if resp == nil || resp.IsError() {
|
||||
t.Fatalf("failed to login")
|
||||
}
|
||||
|
||||
// Now, without changing the registered client CA cert, present from
|
||||
// the client side, a cert issued using the registered CA.
|
||||
connState = connectionState(t, serverCAPath, serverCertPath, serverKeyPath, testCertPath1, testKeyPath1)
|
||||
loginReq.Connection.ConnState = &connState
|
||||
|
||||
// Attempt login with the updated connection
|
||||
resp, err = b.HandleRequest(loginReq)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if resp == nil || resp.IsError() {
|
||||
t.Fatalf("failed to login")
|
||||
}
|
||||
|
||||
// Register a CRL containing the issued client certificate used above.
|
||||
issuedCRL, err := ioutil.ReadFile(testIssuedCertCRL)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
crlData := map[string]interface{}{
|
||||
"crl": issuedCRL,
|
||||
}
|
||||
|
||||
crlReq := &logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
Storage: storage,
|
||||
Path: "crls/issuedcrl",
|
||||
Data: crlData,
|
||||
}
|
||||
_, err = b.HandleRequest(crlReq)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Attempt login with the revoked certificate.
|
||||
resp, err = b.HandleRequest(loginReq)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if resp == nil || !resp.IsError() {
|
||||
t.Fatalf("expected failure due to revoked certificate")
|
||||
}
|
||||
|
||||
// Register a different client CA certificate.
|
||||
clientCA2, err := ioutil.ReadFile(testRootCACertPath2)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
certData["certificate"] = clientCA2
|
||||
_, err = b.HandleRequest(certReq)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Test login using a different client CA cert pair.
|
||||
connState = connectionState(t, serverCAPath, serverCertPath, serverKeyPath, testRootCACertPath2, testRootCAKeyPath2)
|
||||
loginReq.Connection.ConnState = &connState
|
||||
|
||||
// Attempt login with the updated connection
|
||||
resp, err = b.HandleRequest(loginReq)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if resp == nil || resp.IsError() {
|
||||
t.Fatalf("failed to login")
|
||||
}
|
||||
|
||||
// Register a CRL containing the root CA certificate used above.
|
||||
rootCRL, err := ioutil.ReadFile(testRootCertCRL)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
crlData["crl"] = rootCRL
|
||||
_, err = b.HandleRequest(crlReq)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Attempt login with the same connection state but with the CRL registered
|
||||
resp, err = b.HandleRequest(loginReq)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if resp == nil || !resp.IsError() {
|
||||
t.Fatalf("expected failure due to revoked certificate")
|
||||
}
|
||||
}
|
||||
|
||||
func testFactory(t *testing.T) logical.Backend {
|
||||
b, err := Factory(&logical.BackendConfig{
|
||||
System: &logical.StaticSystemView{
|
||||
|
|
@ -84,7 +308,7 @@ func TestBackend_basic_CA(t *testing.T) {
|
|||
}
|
||||
|
||||
// Test CRL behavior
|
||||
func TestBackend_CRLs(t *testing.T) {
|
||||
func TestBackend_Basic_CRLs(t *testing.T) {
|
||||
connState := testConnState(t, "test-fixtures/keys/cert.pem",
|
||||
"test-fixtures/keys/key.pem", "test-fixtures/root/rootcacert.pem")
|
||||
ca, err := ioutil.ReadFile("test-fixtures/root/rootcacert.pem")
|
||||
|
|
|
|||
12
builtin/credential/cert/test-fixtures/issuedcrl
Normal file
12
builtin/credential/cert/test-fixtures/issuedcrl
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN X509 CRL-----
|
||||
MIIBrjCBlzANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtteXZhdWx0LmNvbRcN
|
||||
MTYwNDI5MDA1NTQwWhcNMTYwNTAyMDA1NTQwWjArMCkCFEOWF6CnaboEe7/IyD/D
|
||||
4MJjqiK9FxExNjA0MjgyMDU1NDAtMDQwMKAjMCEwHwYDVR0jBBgwFoAULYlz83DS
|
||||
o7GoN/zBNq0yxU73SkswDQYJKoZIhvcNAQELBQADggEBAHKrtTf5lUDf9+TOmtvn
|
||||
o6kq9nqydZABS5m0ZhH3xpLEEUltaIWukQexcHd8RBTlqm8Ugm0HVYsAZKW2rTGk
|
||||
h0ITzsNjRBpM+xjpWaWzIQ4b5RBrmvll92dGcG6PUUoOgH6Bi6jqcHutS3Ov2gsf
|
||||
GYwBV0h/2/TyIeBewGU/UNIwR1/A4MSA2cOGrgTFKbiIqwQ8XdJS2zzY6lA2Df90
|
||||
SuWfnL28lY2nnRv+uu3+klkMBT3WpFcWPWLC6pJP1nOxjPbbGU+zu9vrP1dn/L2f
|
||||
FKrQ+e08X591LHh7LE5mm5gLxZBnIQfo8xTrWWnyIEmb1ds3rRAs9ypRbsMNZD5X
|
||||
aa4=
|
||||
-----END X509 CRL-----
|
||||
20
builtin/credential/cert/test-fixtures/rootcacert.pem
Normal file
20
builtin/credential/cert/test-fixtures/rootcacert.pem
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDPDCCAiSgAwIBAgIUN8ptO7rZ7Oc9Y0q0Fs3B3R/xHfcwDQYJKoZIhvcNAQEL
|
||||
BQAwFjEUMBIGA1UEAxMLbXl2YXVsdC5jb20wHhcNMTYwNDI5MDAyNzEyWhcNMjYw
|
||||
NDI3MDAyNzQyWjAWMRQwEgYDVQQDEwtteXZhdWx0LmNvbTCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBAJvz6FvPLDkqrSiYuW3yh3Jk40a+/IBBzQleKsbk
|
||||
BhKJwMRGUR24KfPdc+JJVXTtpi6Gd4rFjhklXo5MiRF4QP805EOrtcRlDyYeCoLM
|
||||
YxcZP2EKAMRWdX4wJN5wKs9hxXyLJ42VWRNPstQJk1uDwUo0W7DCEGZS9UJ0WoRb
|
||||
e2lQ2U+kFzaiKF0snNhRKDhL5vrNpo6LWgxSBpTEqFbqaUj18txYVI3DmZVEdkOi
|
||||
BCqDwHXdZi0lWLk7DX105CVOTfoo66IO1zYyQ8swile2ty/V/X6HpSq689cPWp6n
|
||||
76LQlJUPnXeI8Pcwedq7/3cKyE00JAlKJ8cvNgJlDihg0bECAwEAAaOBgTB/MA4G
|
||||
A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTdlyxSIpqy
|
||||
LNMnJiGoU3EZUCDwZDAfBgNVHSMEGDAWgBTdlyxSIpqyLNMnJiGoU3EZUCDwZDAc
|
||||
BgNVHREEFTATggtteXZhdWx0LmNvbYcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEA
|
||||
aB/5JtjNbhyQhHvpgRxXKHWl32tHC9NId5btCScPOYs2FikpylrVMjZ4VcMtdUX0
|
||||
/rV3ixQ20ViWV7CVQHENloLPV0NnKgtgcrhxl+BzDMF+G6tez90BE5r3NMCL10Lx
|
||||
NxjvWddNSaMPgnGPKKe9/w6Ybk1CBDGcSQhKOoc7MQ168hPc73TkwBOaoNoNbu9L
|
||||
u8ZnmI4e1m0Gd+oqhv2FFEhGeqZdcbjk4ra3xAuwNFhqmqFU/Zw/q4b1+8qQl1mj
|
||||
5lTGNYP9aJNHgEmis9InCwA0bkGzt7DBosnVhBIFfugKrERynM3L7qvm3c+NKmTV
|
||||
Zsv5kfBVKxCrYy0XoBJ0ug==
|
||||
-----END CERTIFICATE-----
|
||||
27
builtin/credential/cert/test-fixtures/rootcakey.pem
Normal file
27
builtin/credential/cert/test-fixtures/rootcakey.pem
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAm/PoW88sOSqtKJi5bfKHcmTjRr78gEHNCV4qxuQGEonAxEZR
|
||||
Hbgp891z4klVdO2mLoZ3isWOGSVejkyJEXhA/zTkQ6u1xGUPJh4KgsxjFxk/YQoA
|
||||
xFZ1fjAk3nAqz2HFfIsnjZVZE0+y1AmTW4PBSjRbsMIQZlL1QnRahFt7aVDZT6QX
|
||||
NqIoXSyc2FEoOEvm+s2mjotaDFIGlMSoVuppSPXy3FhUjcOZlUR2Q6IEKoPAdd1m
|
||||
LSVYuTsNfXTkJU5N+ijrog7XNjJDyzCKV7a3L9X9foelKrrz1w9anqfvotCUlQ+d
|
||||
d4jw9zB52rv/dwrITTQkCUonxy82AmUOKGDRsQIDAQABAoIBAQCJ0LqG34bqIe+R
|
||||
z50WL1xI2CUMsNw8j2mdHK1aw8kl+rvx913ZkJTqX8n3r+yn/xd7R/M+HCTdzetI
|
||||
fxQl7wopPVl2/7gKjXActDF/sxTiJbqfi5Jv7yO3Vt5N//uk9nbp/6L9eHyWFzkm
|
||||
LiwdlEpsw+Y/Rs/tTORWTLJtAtcFkj5+Nrk7I0I6u01q4kP2SesGCraIFdVJDKzc
|
||||
Q7yjleicklRbOpthRgeykU0wyB6ZUItfCXSMPr588cOA7BPantM/ov/Qg1b0Z2sx
|
||||
WgpUv2a9KXsILyb9VuzYw4AxfaWl9n8MDFznGo3UkFHn9XJG7eVtJ9X/KfjwbqWa
|
||||
xzwZg669AoGBAMA3bEjqyTKUw4jHh/ZOy/5kTtGSytyv/PNZaj0tjJFkkUMmrvsm
|
||||
7P2mcveGaVqvAzFhwBMPOE8dZHH5+/dCecOBqq41Bl9jD7q8n8v9YMBIfhc3lIHz
|
||||
WIQeB6UmewJCDS/LM9wHnBbFgyOcLZm5NJI4qqrlUCejyv+4rcno28bDAoGBAM+z
|
||||
68wc/9JNJzzfaJGKzyLXwep3gS9zEgP9s3cjm+TrxoHdUOEVHDBQd3ACq9gCHvOt
|
||||
TMBo0BhDaOBucCpUQ8BGzuUG7bXI6eDM3+4BHADz8K5QRpUqEi+BpsN/2YwMvNjk
|
||||
s28iVYv2rLYomWTefRDqEyDs2No7jfK2oK325UZ7AoGAFdj21N7i2X3xL6XGPWe9
|
||||
Zf/OuaFer3DNZnd+TM/Vj10H6cMG1oMZIsd9f8bmSKllyoIay8/KDawAk7ffPL5w
|
||||
ipk9ZimevM7MpeP0ocH98j0LH+ZwWcjoAbRMGChkiOArEYieL18qDaiLfEuvHy7e
|
||||
29PXCi+gSbEjTKeYEUAHYvMCgYApTGYbPLzlLPAbW3SoU8hh7jKhk0d9jszLPFu9
|
||||
2be6qeLbmYzmZFMpjCZjgDR5C9rpqtCzBWQzHtwwm+TzlbOu/KVQxrLnTV6rkzEH
|
||||
WvMdgWOe1VljeW0KQyZMgxRXk4TNP5QqCdKmtNKcma/+bXrCrThGeLGZmvPbidKj
|
||||
JI9sFwKBgB9enxL3H589k1hMo3WEuHFgzjCbLRDJzch2a+sUPAz2wUHjbUmsEJhT
|
||||
VhY6XqiRJHWUDljMmvtcvlAfAjfpAO6XIqzAuus08GdrKw75RzBqUVMBmqVGft9f
|
||||
/WefUcApnxUzdrxHmI3z+bkvAkly1+zKU+ea/KxoMj/81IuBnW3O
|
||||
-----END RSA PRIVATE KEY-----
|
||||
12
builtin/credential/cert/test-fixtures/rootcrl
Normal file
12
builtin/credential/cert/test-fixtures/rootcrl
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN X509 CRL-----
|
||||
MIIBrjCBlzANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtteXZhdWx0LmNvbRcN
|
||||
MTYwNDI5MDI0NDU1WhcNMTYwNTAyMDI0NDU1WjArMCkCFDcPNl1VetnQ9Lj3FBVl
|
||||
4Exa/8jEFxExNjA0MjgyMjQ0NTUtMDQwMKAjMCEwHwYDVR0jBBgwFoAU2/PiKSal
|
||||
bB4ISQHSbyhmt2R2Z8swDQYJKoZIhvcNAQELBQADggEBAHVZeSRj+xSwesreyV0L
|
||||
DgkBLI4zIjmftxj1gDnSENtDtBGoPCCBa2YOtF6MmJ8eZBOUZovOVtfBz4eVK9rq
|
||||
Dg26F6rwv+dBV/7mvf1yyEePlf95ml8jkI0OYe9wwEbPcOPwQLy6xKMdKIFICjV6
|
||||
0P9+rrGHBhhW3p7S93Ro3TX7Ct9dbyQklYyPi28jChbNJhZh/j+kRVSw0X1pnhS+
|
||||
SlhvDAHluKYeUO1fVGJQy0yHsliK1EPrOk7oQisQydewCJ9XkWpxYHTZZBSgVMPN
|
||||
pjC25KY/KAqfBJXsqIxcoqK+P5pX2wC4mRS9A/ZY3xZOyQ0S81fTBrdAwUulqGbw
|
||||
iVI=
|
||||
-----END X509 CRL-----
|
||||
22
builtin/credential/cert/test-fixtures/testcert.pem
Normal file
22
builtin/credential/cert/test-fixtures/testcert.pem
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDtTCCAp2gAwIBAgIUQ5YXoKdpugR7v8jIP8PgwmOqIr0wDQYJKoZIhvcNAQEL
|
||||
BQAwFjEUMBIGA1UEAxMLbXl2YXVsdC5jb20wHhcNMTYwNDI5MDA1MzIwWhcNMTYw
|
||||
NTAyMDA1MzUwWjAbMRkwFwYDVQQDExBjZXJ0Lm15dmF1bHQuY29tMIIBIjANBgkq
|
||||
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfWblshW9TN6CV41Vo8wCAY4OqgL/cbS
|
||||
WpAaDGlDOOE0ZHfEm1Eq0//jNQXsLF3uSA9eY9hxBwzwpNsaacx98sJjqNE4En3P
|
||||
T5cXUKuOFsxmfvJK7mTahepwfqbdcgWDKh533pdHde+1QlrRtIKhXMKQmlFGvvxG
|
||||
jO9zcD1G1qUPZlB/zwLOF3EbmLk0/9qB0jR5+61Yr3fo1pSQd9lQSsXdrXYzTzmT
|
||||
E71Z05BxafoW/EtKvs0X5NrKPD9wAoGhlK9yOGabcK2bw650XQlCy1aoJyoQYJ8e
|
||||
oQL59tDULfRhYBCdcmQ7iWWq1d68ry6pp9lf66sca4CkCnbLjaPR1wIDAQABo4H1
|
||||
MIHyMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUyAlR
|
||||
TO+MtA8fKz+ZwZjqLDABcOAwHwYDVR0jBBgwFoAULYlz83DSo7GoN/zBNq0yxU73
|
||||
SkswOwYIKwYBBQUHAQEELzAtMCsGCCsGAQUFBzAChh9odHRwOi8vMTI3LjAuMC4x
|
||||
OjgyMDAvdjEvcGtpL2NhMCEGA1UdEQQaMBiCEGNlcnQubXl2YXVsdC5jb22HBH8A
|
||||
AAEwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovLzEyNy4wLjAuMTo4MjAwL3YxL3Br
|
||||
aS9jcmwwDQYJKoZIhvcNAQELBQADggEBAAzJbbmvdy7+1CHJVLZqcV+IT6z/NZHG
|
||||
De99zMlj1QlLNjnz/pg747XYCEWMmLL746Tp3FSy6XRETYwvMhp/NVmRn40RfKE3
|
||||
TuhXcoaWzfVYBLLgQW0Uf0F5PmAM19iGP80y5qbE0p26cvAlVaCc0Esr1DvvY273
|
||||
+0jI7xoeeQZXS1/VMtom4bfgXP1sQpXjawha0+CmUb89vloNjPwi5uiwviHyRsay
|
||||
gBrr3gUZ90yjASA+jLccW2iDvOO29nV9oBNn4BQddID6S7gO5+zKKWRfSOSjyXk5
|
||||
7N1rfw4smvp8JwOlcYf5bBQ5iIIPmYKUOrzuYwJ+X11BZFqw8UGbg5Y=
|
||||
-----END CERTIFICATE-----
|
||||
27
builtin/credential/cert/test-fixtures/testkey.pem
Normal file
27
builtin/credential/cert/test-fixtures/testkey.pem
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAvfWblshW9TN6CV41Vo8wCAY4OqgL/cbSWpAaDGlDOOE0ZHfE
|
||||
m1Eq0//jNQXsLF3uSA9eY9hxBwzwpNsaacx98sJjqNE4En3PT5cXUKuOFsxmfvJK
|
||||
7mTahepwfqbdcgWDKh533pdHde+1QlrRtIKhXMKQmlFGvvxGjO9zcD1G1qUPZlB/
|
||||
zwLOF3EbmLk0/9qB0jR5+61Yr3fo1pSQd9lQSsXdrXYzTzmTE71Z05BxafoW/EtK
|
||||
vs0X5NrKPD9wAoGhlK9yOGabcK2bw650XQlCy1aoJyoQYJ8eoQL59tDULfRhYBCd
|
||||
cmQ7iWWq1d68ry6pp9lf66sca4CkCnbLjaPR1wIDAQABAoIBAAagQJMb3dyjtQgK
|
||||
nzWrvPMqtF9naTOq8b9y81Wnfk7HnDo860C3rhTDAjvhPwG1LRCaaKJ29EpYqzQ0
|
||||
6FD0bxg+q5dB5QDQHqEaFhgcQ9KLwq9+6Bo0rmKpcM8aJvNJOfAILAo5oKZ+fAYa
|
||||
gOIZBGPl7YFUgHE8/4D/ATnTCVuHSu1EHceANLj4WXmyhiBp870sZFMHF5xAHlIg
|
||||
xrxvmTIEyt18Okq8l67HA/0oIRjvbMgBep3MRiynccgiOz5LAKETzCESEjzG3awo
|
||||
1budODxfbku1I73xyNrAU4MZp018gxu3QH3MDRrA6FRaBhLeoF1OyOkJJtobLQM3
|
||||
AkrBEaECgYEAxTg4YOy4mXMfbQOlwAXptvwCdtCTAUH6ibHsj61QzTn1Y/zl8qp5
|
||||
RMD0hwkanxTm2zIV1klrR2HSr7BPOiSjDRZI7UzND7A2rF+RBELcRPcdmSENyS3A
|
||||
xH7TG7fD4MW5/tuePN438b9MvvC71ioyvD+d5LHdU/WYlwf83bK2DP8CgYEA9pNv
|
||||
zPP8PQVnIiWJu97Ux1ngUZ+iOJfZzuCrfWhlY8CiPPZSA2Ql8Ti5u0Em9HsXhVEC
|
||||
xH9ccThEhv8O9t8vjf1YRhxnOs2OLYpbfX2DPM+Oiodn0X3zw5B5E9b/Pk9jThxC
|
||||
bI5J+b3HDObjeABQc1mLo4+UAsbB2a0j+qXrQykCgYEAkqqmst4YwnVs74OA5nb/
|
||||
QkfUBUxDpvHMQk6BYLBBoP3zUjKnR3ojyU++ChZpJ9lBfc2Xk87x6xoCtwllQhYw
|
||||
8/CYt3EgJwSjBDnl/MdETD2CU3jTacOO0hKHKNvW3fftxGzLFvUjobLkfjNFXZXw
|
||||
OTMOVx83O9MvcVJNaQoYfT0CgYEA9iaZJXEsDX6nRl9S8EmzAI+ob9N8jiKJPQzs
|
||||
JXViQgK78z+y/8+qUPTf9R9FVCrNgDkvGhpKnnwdbOaSecC0KHsQ9GzGYN1zYeMN
|
||||
EmmJ6dsJ4SDrcybZghFnzXaDuCBockGjzdr93mKloyubSOCHb5+k1tMuXtcsDbHa
|
||||
iQ25noECgYBR8sAqrI7iVy8i2I39MojzZ/WwX6cOxrLnLAGZNH0zqX08jXMuiJmx
|
||||
5o/HfXEtfF3omW9sreqXBl+/DR4b7+sbQG8dFjQcRPCm1LVTzTCZEbEqrdzIQZQ8
|
||||
LBvME7CziOVj1XaXh5Q0A9nvDTryTmJZPThGkfm8G1bQi+BggMCtow==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
20
builtin/credential/cert/test-fixtures/testrootcacert.pem
Normal file
20
builtin/credential/cert/test-fixtures/testrootcacert.pem
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDPDCCAiSgAwIBAgIUQcXZZo9q4z+uGaZMwyQCWIrOCuAwDQYJKoZIhvcNAQEL
|
||||
BQAwFjEUMBIGA1UEAxMLbXl2YXVsdC5jb20wHhcNMTYwNDI5MDA0OTM1WhcNMjYw
|
||||
NDI3MDA1MDA1WjAWMRQwEgYDVQQDEwtteXZhdWx0LmNvbTCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBAMRVZsQlTp0sw2fLQmh0mP43cshVrUWjg7GWsf6k
|
||||
8/TvoXYA6hMBqK5/UvLDDcoJLVyLdAsJeFJcT6VbpHO7BH2xShGIht1ZA5V9rshC
|
||||
fONcvLvToCRiTWplm8GNC5/dmmGoVe6GpGbskEIlg2t4rCekjemCB0+Yy5arqd1n
|
||||
QgcR8iftu6SR59wvdcVPseH/PC0HIF9wdhJXcod0K2jbZ7m3WVqoG0yk+1ok5frw
|
||||
eKFkopPIFk7RLeTm1M5s4uY7tqPXcfskGX0Y8LSYAJUz4kZI1EphIYSsdQAlSuC8
|
||||
RZNnOVRwxxQfaZpv6qHygkdTgh8UL+wVUMOdmp8k+uSyap8CAwEAAaOBgTB/MA4G
|
||||
A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQtiXPzcNKj
|
||||
sag3/ME2rTLFTvdKSzAfBgNVHSMEGDAWgBQtiXPzcNKjsag3/ME2rTLFTvdKSzAc
|
||||
BgNVHREEFTATggtteXZhdWx0LmNvbYcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEA
|
||||
NKO/wkPepxzBfcTalprpjRDBNo+El4SsmSUKdC38MOc1jyQ8ScQzYRCD+q6v2Sih
|
||||
ap/unGVCnDMQmSyRr/RdhQtcw1zs1zIVa+THBGYhemFf7tJ7KZ8XkE3BEnMeAvnJ
|
||||
ZAt1hn+pkc2vmxzrpb/NPukWfFJOByED5ffGyTc99IpWb6shbOcARXyYLJg+7pWp
|
||||
rC+gdVw72XLTcx1VSEeFZNDVK+tDFybxAZd7yjKdXvQiWPacqzSU7Ejg9HToohne
|
||||
DTk867BKvsTl47JjW8l6wEKr/B0tBZeCH1oGtbXKqYq8DqDh+KZSDkpR33ZgX8V6
|
||||
IIo4+Te8d8sfXABrMUc1LA==
|
||||
-----END CERTIFICATE-----
|
||||
20
builtin/credential/cert/test-fixtures/testrootcacert2.pem
Normal file
20
builtin/credential/cert/test-fixtures/testrootcacert2.pem
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDPDCCAiSgAwIBAgIUNw82XVV62dD0uPcUFWXgTFr/yMQwDQYJKoZIhvcNAQEL
|
||||
BQAwFjEUMBIGA1UEAxMLbXl2YXVsdC5jb20wHhcNMTYwNDI5MDI0MTM4WhcNMjYw
|
||||
NDI3MDI0MjA4WjAWMRQwEgYDVQQDEwtteXZhdWx0LmNvbTCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBAN7rILk/ABRrnEU1olA8Nn8TGhSOM/nxJ8V8Z9gW
|
||||
QjRRzvvKJvqJ9WqQJTQmaqfHPbDjHfk71tK9kfB02gdWFrmIgZrUcPh9WL3qrWoW
|
||||
y2O64pYa3Xqni7RWW86haCgXDFaWIDP2SljVQSEkvTIOMZdnMn5BxwiyFSoUdglh
|
||||
x7BAJgW3z1VkZsTnLWyy0Y2yu1Fb8FxlJzxHSIQTugqUioDf0pkohUItJIWbIncO
|
||||
v73sxtWIUXdlEq7fcvxSiBNd5WXxEPoXHYHd5FYLpuDBOyUc4vV82n+O9DBzrVuV
|
||||
XxYKhql5lQpDVzBSz9eEIN1DGAAkL7gDphar1gMOZIIfW+MCAwEAAaOBgTB/MA4G
|
||||
A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTb8+IpJqVs
|
||||
HghJAdJvKGa3ZHZnyzAfBgNVHSMEGDAWgBTb8+IpJqVsHghJAdJvKGa3ZHZnyzAc
|
||||
BgNVHREEFTATggtteXZhdWx0LmNvbYcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEA
|
||||
z5pwDJcYqDTp+hHGrumzzb/FwDfwtxI2wOPhcA48pFVaqDhmH+38H2XoPEEMvYik
|
||||
bpR+CP8DSqAzKIh+aO6fgva0strRxN0+KIrr/HSpxSadXeFcTS/SN1xAuUvoYX2z
|
||||
Movqr/ZOYlNcQiJDzFMRkzMJSClDSKk8oYDB2kUuZu4fi0WvvT8yNK9bSWcGzj+d
|
||||
4GYBRTWUvB7aVEI1PGpbe8K1Gnu0tpukcVY1yveo77Zk1QAf3hJBex8v1gwYX/TB
|
||||
/LvLCwzRoUdLozSWClH3Hu0iqTW9FKxG0QLi6YQijWyYwZd2s+pIi2LVSdMf9sEK
|
||||
fAMclYTqopTL4Qemorc57w==
|
||||
-----END CERTIFICATE-----
|
||||
27
builtin/credential/cert/test-fixtures/testrootcakey.pem
Normal file
27
builtin/credential/cert/test-fixtures/testrootcakey.pem
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpgIBAAKCAQEAxFVmxCVOnSzDZ8tCaHSY/jdyyFWtRaODsZax/qTz9O+hdgDq
|
||||
EwGorn9S8sMNygktXIt0Cwl4UlxPpVukc7sEfbFKEYiG3VkDlX2uyEJ841y8u9Og
|
||||
JGJNamWbwY0Ln92aYahV7oakZuyQQiWDa3isJ6SN6YIHT5jLlqup3WdCBxHyJ+27
|
||||
pJHn3C91xU+x4f88LQcgX3B2Eldyh3QraNtnubdZWqgbTKT7WiTl+vB4oWSik8gW
|
||||
TtEt5ObUzmzi5ju2o9dx+yQZfRjwtJgAlTPiRkjUSmEhhKx1ACVK4LxFk2c5VHDH
|
||||
FB9pmm/qofKCR1OCHxQv7BVQw52anyT65LJqnwIDAQABAoIBAQCLdkKWiA2stjRj
|
||||
0U1t140p34dIaRu5AOq2Rl5PjSrBzUp7ATFEqQQCV+07BnUQE67GM0UN5f8zOeFV
|
||||
i6BomOsawcnkZH+wUd+q2+lA1YHTG3fxT+VMkwt8zYpzVVZxi79zKVlJIxk7B0V9
|
||||
xxnwSHq5ejlYKoY480eC0pPJ8uRDEiy44ivfkCgOp2LyNTSVhjfxlhZ6yukuRMc4
|
||||
qTcrrTKDv+RHLgcw6IXDV7Ow6yPWUdATUcBN4RC1TYz12BTFr4SlrhI2rKkttuRY
|
||||
trSfVEGIL80AvpaPx9sFot30kjpCMRudCoUrgDP/5c7/gB2BJqwrWH9kDC1KLuzt
|
||||
6GPAhLn5AoGBAOaZW+ww02u8UqAVy8e5Vyfbef6nN76am6wxpPnKHk2yut+c8C6j
|
||||
gIi9hhPVO1VVGw3iQJfLqzd6ZOFnu7Gvr62WgrOceyPeP2SWDppop4jkfDorrjZ7
|
||||
2DnGT4ZwyKsLyYO4nvMazJirTA3T+n6QXFZQScR2psGijNRhfaqAognNAoGBANn1
|
||||
yz6QJZWQe2BPMpQZaJsoY+pgkxmkbjOd1vtDEQcrz8BLVG67Qg0cKJ4Lmq7aEqdQ
|
||||
Dvu5OXhdC1xuk+Dr/99L10g00WaUxQCZGyaxLpFwAGh4kUzlBDvxj5Q2lXiILjGt
|
||||
wcqdRDD26rjLcbAQ+VScboO9YnQmB7Bxex0zPuobAoGBAMAfgbCVNXCLZKOvxSpP
|
||||
xseUWl3KX+1TzuN2MSdUOE8v2/Y2QP36hzpl/PFFNLvxviqhGIPf0nTUanxJ+t0d
|
||||
rNaJkbenZgkKP/LD+sK28u5gvweQIQOPxyTLjrJKAUZQ+cHe7b9J0rBX93OF6yvL
|
||||
hsL6/ZrL6D9n+MFxwEtwBJD5AoGBALbpzmovoEr3GIMHk8Oz2xSy/b7Y0zomwxDw
|
||||
OlVcwDKLcurGjRHsdo73/aI8zNBGVHcy+ZAIrpEzTHCCn/mXNIFZbU68fKsg2H8a
|
||||
/i0nbpRBMSZ7YDzuyPHhVAQnFqMzbcjlMAfwmSSaYvs4SK1gYU2/hgNq8O/WZoeN
|
||||
hKtJsVfXAoGBALQxwvlhN5dUiR8nmOi19tnouiWhp658iIVbvJgK+H8QReaqATCq
|
||||
EsmsCv+TWdPWLyzlZ0G5dqRNUKV30nK3+Y8eLtogBurRvnkInjvyQBaDqa5CQX3v
|
||||
kMdbQtIkHnX1/rqbIpZ7uAA7NH7gnigGThVYRk7gpBWiWFxFA/RgYvLt
|
||||
-----END RSA PRIVATE KEY-----
|
||||
27
builtin/credential/cert/test-fixtures/testrootcakey2.pem
Normal file
27
builtin/credential/cert/test-fixtures/testrootcakey2.pem
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpgIBAAKCAQEA3usguT8AFGucRTWiUDw2fxMaFI4z+fEnxXxn2BZCNFHO+8om
|
||||
+on1apAlNCZqp8c9sOMd+TvW0r2R8HTaB1YWuYiBmtRw+H1YveqtahbLY7rilhrd
|
||||
eqeLtFZbzqFoKBcMVpYgM/ZKWNVBISS9Mg4xl2cyfkHHCLIVKhR2CWHHsEAmBbfP
|
||||
VWRmxOctbLLRjbK7UVvwXGUnPEdIhBO6CpSKgN/SmSiFQi0khZsidw6/vezG1YhR
|
||||
d2USrt9y/FKIE13lZfEQ+hcdgd3kVgum4ME7JRzi9Xzaf470MHOtW5VfFgqGqXmV
|
||||
CkNXMFLP14Qg3UMYACQvuAOmFqvWAw5kgh9b4wIDAQABAoIBAQCgh5ySKo9JJVFs
|
||||
+bnApAvuqPfgE6PUe1jTu8ogb68PdFZlNmepho3oRpO0IXIvDqkbaALex7vlGUUu
|
||||
b0fPfqxwwZ/rus7783Bjm8t0GaQwVpXz2LbkLCHMJWCJxex26lolRIk+Qj+6ByCW
|
||||
2JkyocwOpu9SwtWtKmlZW1DBYtvlzIPbesBP04DvJZGMtLZXgLILAv5K8zuuuruX
|
||||
YBoXv0EZ58gMbXCqOs/HR3KbpjhM4rboHm4OW8pNiKblijGuYxtyzqM6MdAPY6+K
|
||||
J8KKDpcSA7Y7+yF1eHsXfbyOYtGaYgDWdaN1/DvKBck2CofkxSPiCIuqFk2tqqxQ
|
||||
7NR66lqJAoGBAPrbOhVXyDv6oPk5KmUOrFKmKdNg+zlGclbPBVKNXEoofc20mHfA
|
||||
+b8c9NnEeFeI5HXXTHOVC9LzKzkgeYqC1hlj+0knPQm6/jIL3Lu/b7wsXESadEw4
|
||||
b4Z3lVDB2QSKykSH2OeCMJNjDG4yPXcHxLvKZ8jqQLVCaSYcA+mOV++FAoGBAON9
|
||||
QHiTa2B4j08Txa4ib/lEFyRVEx2Ul+9vEtVXy6sgkUPaAR3Od6ZsiwAWXPP/Dh8b
|
||||
T8zTbV02abA16u1t9mee24sDP03hgi6M8wvyu9VVjBJuk0C5KeT7JMefEjybKwVf
|
||||
CJo+qDHdcRBikyQZ/zdmTunlF3J96h6C+8MPFJZHAoGBAMsylUQAjSN4irgWBC9D
|
||||
yXZRPoQIhLcKR0fl/Wu3MdCoJ+9eoDowyJxz+ioDqW9OZbDGqxjc3G0NqC9oDMuT
|
||||
25VJlZzV+e1N2OX1EeHK2dlVHZA8hIPRGxWS/BIkU4QIYHtOhvZQUMSycLk6XOt0
|
||||
EXoEJDls9ulcWAwUmV6wfK55AoGBAKWeja57HWSpwSQAMB474iumv/ZqnbUedpMR
|
||||
2bNK7POUjU3JzKBHreKTCYuxvFDDcyOAfdOQZgHD2KQ6TOQ493ivNgT6Az+PG3kK
|
||||
kvQy7z88vfK5YClx5SdZFIjkraFEEskhTCEH1uoe3u7f5WIWLzHFIVS1viFTvHwk
|
||||
PmjfdMyHAoGBANgqNmdx7b6h/vwPhNWdvuwp09C0IMaZ45NVO48oXT3Qx89UhzEK
|
||||
zcrZPhwx0yaIPMLfu28KfewMSH8ADostQWIGIBved0A1+3FOrw3VmqLS0/wgbbr4
|
||||
Mpaiykvl9p0cKcQ+aZrCWi9yH3kNzx8j2xVzLUIvCTEdNrLqMukiLVeG
|
||||
-----END RSA PRIVATE KEY-----
|
||||
1
builtin/credential/cert/test-fixtures/testrootcaserial2
Normal file
1
builtin/credential/cert/test-fixtures/testrootcaserial2
Normal file
|
|
@ -0,0 +1 @@
|
|||
37:0f:36:5d:55:7a:d9:d0:f4:b8:f7:14:15:65:e0:4c:5a:ff:c8:c4
|
||||
Loading…
Reference in a new issue