Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-30 22:34:13 -05:00
Code Issues Activity

tls: require mutual auth only when htpasswd not available

Browse source
This commit is contained in:
Ramkumar Chinchani 2019-07-20 17:30:58 -07:00
parent 066bf1b9eb
commit 36ca298507
17 changed files with 113 additions and 183 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Makefile
View file

@ -1,4 +1,5 @@
export GO111MODULE=on export GO111MODULE=on
TOP_LEVEL=$(shell git rev-parse --show-toplevel)
.PHONY: all .PHONY: all
all: doc binary debug test check all: doc binary debug test check
@ -13,6 +14,7 @@ debug: doc
.PHONY: test .PHONY: test
test: test:
$(shell cd test/data; ./gen_certs.sh; cd ${TOP_LEVEL})
go test -v -race -cover -coverprofile=coverage.txt -covermode=atomic ./... go test -v -race -cover -coverprofile=coverage.txt -covermode=atomic ./...
./bin/golangci-lint: ./bin/golangci-lint:

2
docs/docs.go
View file

@ -1,6 +1,6 @@
// GENERATED BY THE COMMAND ABOVE; DO NOT EDIT // GENERATED BY THE COMMAND ABOVE; DO NOT EDIT
// This file was generated by swaggo/swag at // This file was generated by swaggo/swag at
// 2019-07-10 17:20:00.064076444 -0700 PDT m=+0.118699568 // 2019-07-21 12:44:36.256745172 -0700 PDT m=+0.084868637
package docs package docs

2
examples/config-example.json
View file

@ -8,7 +8,7 @@
"port":"8080", "port":"8080",
"realm":"zot", "realm":"zot",
"tls": { "tls": {
"cert":"test/data/server.crt", "cert":"test/data/server.cert",
"key":"test/data/server.key" "key":"test/data/server.key"
}, },
"auth": { "auth": {

2
examples/config-example.yaml
View file

@ -8,7 +8,7 @@ http:
port: 8080 port: 8080
realm: zot realm: zot
tls: tls:
cert: test/data/server.crt cert: test/data/server.cert
key: test/data/server.key key: test/data/server.key
auth: auth:
htpasswd: htpasswd:

7
pkg/api/controller.go
View file

@ -44,6 +44,11 @@ func (c *Controller) Run() error {
return err return err
} }
clientAuth := tls.VerifyClientCertIfGiven
if c.Config.HTTP.Auth.HTPasswd.Path == "" {
clientAuth = tls.RequireAndVerifyClientCert
}
if c.Config.HTTP.TLS.Key != "" && c.Config.HTTP.TLS.Cert != "" { if c.Config.HTTP.TLS.Key != "" && c.Config.HTTP.TLS.Cert != "" {
if c.Config.HTTP.TLS.CACert != "" { if c.Config.HTTP.TLS.CACert != "" {
caCert, err := ioutil.ReadFile(c.Config.HTTP.TLS.CACert) caCert, err := ioutil.ReadFile(c.Config.HTTP.TLS.CACert)
@ -53,7 +58,7 @@ func (c *Controller) Run() error {
caCertPool := x509.NewCertPool() caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert) caCertPool.AppendCertsFromPEM(caCert)
server.TLSConfig = &tls.Config{ server.TLSConfig = &tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert, ClientAuth: clientAuth,
ClientCAs: caCertPool, ClientCAs: caCertPool,
} }
} }

108
pkg/api/controller_test.go
View file

@ -19,9 +19,13 @@ const (
BaseURL1 = "http://127.0.0.1:8081" BaseURL1 = "http://127.0.0.1:8081"
BaseURL2 = "http://127.0.0.1:8082" BaseURL2 = "http://127.0.0.1:8082"
BaseSecureURL2 = "https://127.0.0.1:8082" BaseSecureURL2 = "https://127.0.0.1:8082"
SecurePort1 = "8081"
SecurePort2 = "8082"
username = "test" username = "test"
passphrase = "test" passphrase = "test"
htpasswdPath = "../../test/data/htpasswd" // nolint (gosec) - this is just test data htpasswdPath = "../../test/data/htpasswd" // nolint (gosec) - this is just test data
ServerCert = "../../test/data/server.cert"
ServerKey = "../../test/data/server.key"
) )
func TestNew(t *testing.T) { func TestNew(t *testing.T) {
@ -35,7 +39,7 @@ func TestNew(t *testing.T) {
func TestBasicAuth(t *testing.T) { func TestBasicAuth(t *testing.T) {
Convey("Make a new controller", t, func() { Convey("Make a new controller", t, func() {
config := api.NewConfig() config := api.NewConfig()
config.HTTP.Port = "8081" config.HTTP.Port = SecurePort1
config.HTTP.Auth.HTPasswd.Path = htpasswdPath config.HTTP.Auth.HTPasswd.Path = htpasswdPath
c := api.NewController(config) c := api.NewController(config)
dir, err := ioutil.TempDir("", "oci-repo-test") dir, err := ioutil.TempDir("", "oci-repo-test")
@ -95,10 +99,10 @@ func TestTLSWithBasicAuth(t *testing.T) {
resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool}) resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool})
defer func() { resty.SetTLSClientConfig(nil) }() defer func() { resty.SetTLSClientConfig(nil) }()
config := api.NewConfig() config := api.NewConfig()
config.HTTP.Port = "8082" config.HTTP.Port = SecurePort2
config.HTTP.Auth.HTPasswd.Path = htpasswdPath config.HTTP.Auth.HTPasswd.Path = htpasswdPath
config.HTTP.TLS.Cert = "../../test/data/server.crt" config.HTTP.TLS.Cert = ServerCert
config.HTTP.TLS.Key = "../../test/data/server.key" config.HTTP.TLS.Key = ServerKey
c := api.NewController(config) c := api.NewController(config)
dir, err := ioutil.TempDir("", "oci-repo-test") dir, err := ioutil.TempDir("", "oci-repo-test")
@ -164,10 +168,9 @@ func TestTLSMutualAuth(t *testing.T) {
resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool}) resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool})
defer func() { resty.SetTLSClientConfig(nil) }() defer func() { resty.SetTLSClientConfig(nil) }()
config := api.NewConfig() config := api.NewConfig()
config.HTTP.Port = "8082" config.HTTP.Port = SecurePort2
config.HTTP.Auth.HTPasswd.Path = htpasswdPath config.HTTP.TLS.Cert = ServerCert
config.HTTP.TLS.Cert = "../../test/data/server.crt" config.HTTP.TLS.Key = ServerKey
config.HTTP.TLS.Key = "../../test/data/server.key"
config.HTTP.TLS.CACert = "../../test/data/ca.crt" config.HTTP.TLS.CACert = "../../test/data/ca.crt"
c := api.NewController(config) c := api.NewController(config)
@ -213,7 +216,94 @@ func TestTLSMutualAuth(t *testing.T) {
So(err, ShouldNotBeNil) So(err, ShouldNotBeNil)
// setup TLS mutual auth // setup TLS mutual auth
cert, err := tls.LoadX509KeyPair("../../test/data/client.crt", "../../test/data/client.key") cert, err := tls.LoadX509KeyPair("../../test/data/client.cert", "../../test/data/client.key")
So(err, ShouldBeNil)
resty.SetCertificates(cert)
defer func() { resty.SetCertificates(tls.Certificate{}) }()
// with client certs but without creds, should succeed
resp, err = resty.R().Get(BaseSecureURL2 + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
// with client certs and creds, should get expected status code
resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(BaseSecureURL2)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 404)
// with client certs, creds shouldn't matter
resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(BaseSecureURL2 + "/v2/")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
})
}
func TestTLSMutualAndBasicAuth(t *testing.T) {
Convey("Make a new controller", t, func() {
caCert, err := ioutil.ReadFile("../../test/data/ca.crt")
So(err, ShouldBeNil)
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool})
defer func() { resty.SetTLSClientConfig(nil) }()
config := api.NewConfig()
config.HTTP.Port = SecurePort2
config.HTTP.TLS.Cert = ServerCert
config.HTTP.TLS.Key = ServerKey
config.HTTP.TLS.CACert = "../../test/data/ca.crt"
config.HTTP.Auth.HTPasswd.Path = htpasswdPath
c := api.NewController(config)
dir, err := ioutil.TempDir("", "oci-repo-test")
if err != nil {
panic(err)
}
defer os.RemoveAll(dir)
c.Config.Storage.RootDirectory = dir
go func() {
// this blocks
if err := c.Run(); err != nil {
return
}
}()
// wait till ready
for {
_, err := resty.R().Get(BaseURL2)
if err == nil {
break
}
time.Sleep(100 * time.Millisecond)
}
defer func() {
ctx := context.Background()
_ = c.Server.Shutdown(ctx)
}()
// accessing insecure HTTP site should fail
resp, err := resty.R().Get(BaseURL2)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 400)
// without client certs and creds, should fail
_, err = resty.R().Get(BaseSecureURL2)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 400)
// with creds but without certs, should succeed
_, err = resty.R().SetBasicAuth(username, passphrase).Get(BaseSecureURL2)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 400)
// setup TLS mutual auth
cert, err := tls.LoadX509KeyPair("../../test/data/client.cert", "../../test/data/client.key")
So(err, ShouldBeNil) So(err, ShouldBeNil)
resty.SetCertificates(cert) resty.SetCertificates(cert)

2
pkg/storage/storage.go
View file

@ -360,7 +360,7 @@ func (is *ImageStore) PutImageManifest(repo string, reference string,
// manifest contents have changed for the same tag // manifest contents have changed for the same tag
desc = m desc = m
desc.Digest = mDigest desc.Digest = mDigest
index.Manifests = append(index.Manifests[:i], index.Manifests[1+1:]...) index.Manifests = append(index.Manifests[:i], index.Manifests[i+1:]...)
break break
} }
} }

18
test/data/ca.crt
View file

@ -1,18 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIC7jCCAdagAwIBAgIJALuTIoaFxZVtMA0GCSqGSIb3DQEBCwUAMAwxCjAIBgNV
BAMMASowHhcNMTkwNjIwMDIzNzAwWhcNMjkwNjE3MDIzNzAwWjAMMQowCAYDVQQD
DAEqMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0nMLwovfHblPjVV
0EmdUbgvf4Yz0zhFPQn4g7qsXAYl4RoatUxD0Ow6Ovij6UFTCTi2WDiS+ihnLswp
ZGlHXmdGtmMnltAL7YAADma5cZhvNEdG2mtGkANZ6IiABVPOU7qHUc3IGCBWbpHK
9zywrbv4DN3667C2tFEIt4FNw55uEjpkrF7D7Befc9y4gRPYneGgtWiznQA9vMKi
JvOpxBYbVIujz/BWCzNN/Oavbtd3oJUaObXcr4K/jfaMl/Pc5AVx6OxzlptpleMG
Lg36dza+ChkQ4FsHJw/O1a8Vp3BIbHzXhQev2dKcXGKUElyEqsxEkh72WYjZMmW4
T2V+CwIDAQABo1MwUTAdBgNVHQ4EFgQUEOS5BfVHrqbQjfUYM8MjPgi+k3MwHwYD
VR0jBBgwFoAUEOS5BfVHrqbQjfUYM8MjPgi+k3MwDwYDVR0TAQH/BAUwAwEB/zAN
BgkqhkiG9w0BAQsFAAOCAQEAPO4r8geI4MufGmaTPE3yRcEfOtZ9d7CTjPYbRyYk
g2p/bO2XVUbpfuwo/n2fctddemkqgW8p0SLS0cdFYHW9TzHYUxhL5BWwVkFTz5O8
+WrheSkLLR3R4iifNaFL79SEugTH3Alirkz3NjdjPzdql7wHahyxMzPWX+FjYzi1
eU+dcKIYjWa/Vs2BUwf2jVC1U7Q+SyoTCjCiyAwfqiwBd3qkiZ3ArxoolfidIArF
tA5v6ZHGWP42ZtKxMAz0lfoE3CnjXTVwgtjoIGR0MQ08lPd2PQjtUOMKyYssB2J4
v3RmDx5ygZQQHJoR+0oMcLuhkJ8g8O0hS3rSlzU6IN6stA==
-----END CERTIFICATE-----

28
test/data/ca.key
View file

@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDHScwvCi98duU+
NVXQSZ1RuC9/hjPTOEU9CfiDuqxcBiXhGhq1TEPQ7Do6+KPpQVMJOLZYOJL6KGcu
zClkaUdeZ0a2YyeW0AvtgAAOZrlxmG80R0baa0aQA1noiIAFU85TuodRzcgYIFZu
kcr3PLCtu/gM3frrsLa0UQi3gU3Dnm4SOmSsXsPsF59z3LiBE9id4aC1aLOdAD28
wqIm86nEFhtUi6PP8FYLM0385q9u13eglRo5tdyvgr+N9oyX89zkBXHo7HOWm2mV
4wYuDfp3Nr4KGRDgWwcnD87VrxWncEhsfNeFB6/Z0pxcYpQSXISqzESSHvZZiNky
ZbhPZX4LAgMBAAECggEAP+aD2Bl1/HzLKNVFPNI95XQfls5bU8DZQqctzl9O4Pr/
rlwGcFeR7y2vxjTvqd1OWMicf1E0n43Q+Apyw0WWosiOvfCxQwRWrsK6QePiVnBA
SA0KxQJcz9SjQZJzKkIjCGno9ev72vCThkStRfVp2WtKMCYFTQmOq+bH2r9VRgG3
IBjsF2Al2YVSew/SgLVkiflsME3EG50QHNHCzBbQf2q0dDDpROVmsph325THdd9A
WJ1BJZD6cxU0WC2Grt0rQP8VrKwRn5nCcR+5buL61hJGPMoMchEUD9qEpaZcSy7J
9sV2WPZPFt2ePsIWIO547O3S/f3kCaNt1jLJ7XY3MQKBgQD8VTcS4mMsIDdV0E1X
DtwD6ZFPn7K6/x5IDKZ6EyuLrL+pcGg2p9v3r+zHSFQkNRZ5KyKfEZ7D8vgFQOA4
H6MkVjnSvZaIYdbKjeSuBnTAoIeVo5CeTKEUCiS6pifhIh8/HVs7rcW4129P3hCr
mvbBMIZbwXHq10zn8ATwzJUhFwKBgQDKLzvw1pOQqVyF9hRklS7GwEb7qlxHlx6O
3stX7m9yfNnL7qW2CKQTmwxQOatJI/zOgrsXQFTipWZPOcq9eiT8HX6MSiK/0Q0C
HJqjHhEgx2TdtbDBkOfmYhtjUfeynRuQ8+qzkSDHjpLk12SutaqYezCXXbyjVLo0
7LRAVSDbLQKBgBYK56W5qwomwk63xJnPTX71/2CiRb26HY4TtNNDK3GnJJMLo77q
iPepIZkDA36qOI1bLEoTAviBGBN1aGDeuqSo96ImN6kwStAk9w4QuFA/dbinsjFx
5jxW6oB3lVJAZdRgnyCmfHg6MZobfv9OqTGVKJeJXYczSZ+VQwk6Bej/AoGAKkMT
UXVY5R0xtOLKQngYjfz1GXfz0BcbkRuq/5dcfl7wm7snslQ+D8cSHNbhIem+11/m
Qab112Zha2AWK+MTRgvYPvTkLJpDENTv0fbf960WPW3UI7Hpd3O8a9dfYluKvpLt
1VkZs/zuYZ1Qc2CP502gy5MRckasoZF04BmrQ4UCgYBK+0m7IJDHy8Mjo/9hf/Jy
kcJ21JTvpsl3IqnC5BtpYm/+RRRE4hYczTh/Z0Wlsc2ro2f0U03er72ugjXiJcKl
wD0qQT/HcdgY1Suue//IVLKNX/RaO6R4V//+4E7rGbRznPG2iLau7w/j9eaRX4d8
YwDdc7C5g8anbO83Ns5xCw==
-----END PRIVATE KEY-----

1
test/data/ca.srl
View file

@ -1 +0,0 @@
93A4FC959A3453F0

17
test/data/client.crt
View file

@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICqTCCAZECCQCTpPyVmjRT8DANBgkqhkiG9w0BAQsFADAMMQowCAYDVQQDDAEq
MB4XDTE5MDYyMDAyMzcwMFoXDTI5MDYxNzAyMzcwMFowITETMBEGA1UECwwKVGVz
dENsaWVudDEKMAgGA1UEAwwBKjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALiJ4GscF/7ZNfRgztdoJ8naCwvlZ8Jk2uf3w7saBsuOCDYFop9ZsmNJ6Sac
ds406DmNY/I01JjZYDDE+d4b+a1WF45YXy+O8spQPSlY1sdASCvKU/V/6GPPjt8e
UNsCv37tFawpDJrtoWNMWJETBbdNeSoRWHYAhpda70Jyy5te3S9MJkw/y6IRYGQD
O8AvpeNPBWkqgor98XcXdMW33NGC8rFeYwp4XkixntEhk+7pVDbgcXf4K/awfpsA
OS4eyIssM5Co9rctbmtssYPbbZ31+L67bTGYksrQJaUX0X6qz74xB+0LL4LB2+ww
MohJcF5X5mpPO0JvLfJqsj/hXo8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEArW0g
m/eWwO4goZIWcVXc7ndGvH0woBUTdUBiZ4zYwnibXkAYrN037osdY5vrLlLHcZSj
qHuHmAnd8N+qcuR+IOQMhPZw6uw/7s+E0N+wro+DnhhzPFfDwFNW7tCKmuuQOlDF
bEcUJQOvPF//XdWVn4QoTbe38gqwqbBKG/I7AYm3qZLOUE8F+WxM9wKXk8dEg/4v
S1sykCtl0g0EobdJcacQpwMrMJYiiahC63CjQAI9oW9CQgQ0ePH7DI6lwCm3ylt1
ZY5AuKsFnzMea6C/0EDP08EpE2EhuAqk0pmZnuQdS1Q9pJg15NoSVJPM8hgnNzrK
+TrcrDdPcJ6Zeg2EDQ==
-----END CERTIFICATE-----

15
test/data/client.csr
View file

@ -1,15 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICZjCCAU4CAQAwITETMBEGA1UECwwKVGVzdENsaWVudDEKMAgGA1UEAwwBKjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALiJ4GscF/7ZNfRgztdoJ8na
CwvlZ8Jk2uf3w7saBsuOCDYFop9ZsmNJ6Sacds406DmNY/I01JjZYDDE+d4b+a1W
F45YXy+O8spQPSlY1sdASCvKU/V/6GPPjt8eUNsCv37tFawpDJrtoWNMWJETBbdN
eSoRWHYAhpda70Jyy5te3S9MJkw/y6IRYGQDO8AvpeNPBWkqgor98XcXdMW33NGC
8rFeYwp4XkixntEhk+7pVDbgcXf4K/awfpsAOS4eyIssM5Co9rctbmtssYPbbZ31
+L67bTGYksrQJaUX0X6qz74xB+0LL4LB2+wwMohJcF5X5mpPO0JvLfJqsj/hXo8C
AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAFm5BhNj51g+BpU8YRKeFVwhb2XBsC
yk5Qp7cV1D60DevFmE3MyzSol6bCSvDbuXRWBI6A6c7ejwlsxMUgScGUinFTMCP0
IOiVMGp+hz5Y4ZYi77XAvflz8Rj32Tmu6LnKkQ3GmjXmOoMXapPA874PxfxKb9ho
TWaBJ7/6mz4xU/XHZhVn28ijek/wETcACYSsjVK3U52UhSnzjoQMVnkHVgHSIbqE
YpfC1TeUBxerMWVDvZRm6vcp/rRvT06tcyRO5SqGBUOmeXzUBCrn7u9QQayu0yAO
aHSszx9MEp5uW2Pyq4+LAEP5Q4Ke+7BcjWHm9kF48Ilbfy24Q7O6cGqz
-----END CERTIFICATE REQUEST-----

28
test/data/client.key
View file

@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4ieBrHBf+2TX0
YM7XaCfJ2gsL5WfCZNrn98O7GgbLjgg2BaKfWbJjSekmnHbONOg5jWPyNNSY2WAw
xPneG/mtVheOWF8vjvLKUD0pWNbHQEgrylP1f+hjz47fHlDbAr9+7RWsKQya7aFj
TFiREwW3TXkqEVh2AIaXWu9CcsubXt0vTCZMP8uiEWBkAzvAL6XjTwVpKoKK/fF3
F3TFt9zRgvKxXmMKeF5IsZ7RIZPu6VQ24HF3+Cv2sH6bADkuHsiLLDOQqPa3LW5r
bLGD222d9fi+u20xmJLK0CWlF9F+qs++MQftCy+CwdvsMDKISXBeV+ZqTztCby3y
arI/4V6PAgMBAAECggEAetMqD6BvSCyCgNk+Upj8gpkh6RUTbot6OBLsr8eu5iTu
yiYOC0nENdmn2Q8i9DS6rDOzZi5LokBsiYlRVcgA8qHuo8ul7x2R855cVvzOV2gt
oRfVsf0kS+qGCXNAFcVKd8yNND1OKoAnftP9zvF+SHbEQn+xBTlsW6kmvm9xnULw
f3cffwOLZwV5UFymugBEhJt9EiRVjWJJdVt3f29/ljQg4ZJnnCh8UprtKl73Rkya
nVMde6Uq9lD8EyadX6zi3hMSmTO9+qnYIu4rPFdPlE0cVlGRmogMu2FIBVwuZkX3
NqppTq3uGdagVP6s6NmZjB2m3/rNulK7M5IghDuogQKBgQDqmBlAajATsabOQo71
Zn7bo5v6a1HHqjXIV2wvYM7Mv88zaQb/QMZWdYgSfcJ1e0Ysu6nu6wGpKYiCVvYd
E8gV/4xrkiB5Gu7owhMGY2XvNOZks9RycNCEyI6NQ/T5fvjnRlGTJCyhLYnH/645
NUjiAiUHBiljDR0itcxSkWvQcQKBgQDJYIbUMYgQJRcRDUD2eKMczpIw3xXiqK0r
r0NXE+EENDx5RMz+tf+7RtSRe4+QCsXqgRJXXPCmdrJD74MTZ00sycydjIvIM4Vs
0ecAZgB4EwTqq6CrwewMBElqhC8NaiFuamNveQiklsgiUQkWacI2826xrMVltji6
d7jag8ee/wKBgQDm3/2qCVd7alERmSt8k/yxSFlPoKMBb6AypOcR0aJ0myjeHbUH
LMaFfHIIUMA6QrITgDWDrsEZrIhuTgs1HqzCCZg2nb9bsIgDhkyW8uf0/QjpfpnM
bv6oT4ELwh+sE6v+YJQTzXwmu9xnelgKcUhjNV0fho7grp1H9cc6U2fZ4QKBgC17
gbhXX5XV6rnNNoj0glK1TUuAd170Hfip4xm9warDaY0yPuKglJvlyYj6UViFNmJa
uJvGwAu471ZsuDwfrsyY34AOCFw1VsNXPUdXwm9cTFX8YZOpfvjP1w0Zwc7T060u
ljrNKWiTLayihNztEhJ7NNsoXIU2fOWQuM2RyfpdAoGAVOKzRPR5B3DNMXXbzT/m
IhmiJ+w+OSgZYL+lejhX4VbV93+LzVsIUez+T/Tqurx9/Pj3SWqJxW6XZFtaL5vZ
pPs2k8yysEv27SSQ6mDnotplyLmFiYJY5VLShzGg5LxzoxzH5y5l8D1c/eS+VF+G
W493RdVuc7hz1lVxuv2fe6k=
-----END PRIVATE KEY-----

4
test/data/gen_certs.sh
View file

@ -24,7 +24,7 @@ openssl x509 \
-CA ca.crt \ -CA ca.crt \
-CAkey ca.key \ -CAkey ca.key \
-CAcreateserial \ -CAcreateserial \
-out server.crt \ -out server.cert \
-extfile <(echo subjectAltName = IP:127.0.0.1) -extfile <(echo subjectAltName = IP:127.0.0.1)
openssl req \ openssl req \
@ -42,4 +42,4 @@ openssl x509 \
-CA ca.crt \ -CA ca.crt \
-CAkey ca.key \ -CAkey ca.key \
-CAcreateserial \ -CAcreateserial \
-out client.crt -out client.cert

17
test/data/server.crt
View file

@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICwzCCAaugAwIBAgIJAJOk/JWaNFPvMA0GCSqGSIb3DQEBCwUAMAwxCjAIBgNV
BAMMASowHhcNMTkwNjIwMDIzNzAwWhcNMjkwNjE3MDIzNzAwWjAhMRMwEQYDVQQL
DApUZXN0U2VydmVyMQowCAYDVQQDDAEqMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAs8ZX1Qp2w2cQLIUIz7LtOitb3E0gv1zuSg8hsG7TNYydQNi06fF2
VpDEGMFau1ZqwtyP6SsjqGYuT78eIHQKMVXnURviv6vp1/5f07LJNy1eLisF/Ng5
nkfMR/J4h+yziOeT8CwZfXMLY7u0rti5VqWpV4B8ylGMV79Tz+wXR02xGVQZtcYU
K+WNaf0wWZEOQUeHzNCDc46PDsukBvNDMkeDJUy9MnEzLxx/WVYCt/p9xwan/fj+
BigSJcG5SzR3MilUEr/pn5PSWgY40Lx8C0W5lnLaO+jaSMSTfhXoCvCLwsgdjA7y
6s9nvApL80+Y8Jt8bhCyu2M1vewrblfacQIDAQABoxMwETAPBgNVHREECDAGhwR/
AAABMA0GCSqGSIb3DQEBCwUAA4IBAQCIKnzHFciUufTUDIiPYePfmk30XvddOFeT
4WUzNhxPxfv1bWX9iefZTsZAEmSDWeE4qMQuJdvICd426sZT5V/VtWcy/a114mjQ
At97/Y1GMq+XEnS4295S48QiRjahlZd6N+9X70SnHPqo8YX33+j+8aMorvIpDKVk
WBJ0U9prfOhVhm37nHUjemZ/p4oS51XBo79kbXT9tWD63FAAl4SK99/6ZMPXJHoe
OuXZdn1X41983z0cV1Ze9QhSgEZum9lCjeGZt8b6s/EhByG3yDoNpDCHtkmk921w
a/CH4WZvQe3Q+aFp7tk3XrDPfFuxay2IXE6rXSutYMwiQaZEUs2U
-----END CERTIFICATE-----

15
test/data/server.csr
View file

@ -1,15 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICZjCCAU4CAQAwITETMBEGA1UECwwKVGVzdFNlcnZlcjEKMAgGA1UEAwwBKjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPGV9UKdsNnECyFCM+y7Tor
W9xNIL9c7koPIbBu0zWMnUDYtOnxdlaQxBjBWrtWasLcj+krI6hmLk+/HiB0CjFV
51Eb4r+r6df+X9OyyTctXi4rBfzYOZ5HzEfyeIfss4jnk/AsGX1zC2O7tK7YuVal
qVeAfMpRjFe/U8/sF0dNsRlUGbXGFCvljWn9MFmRDkFHh8zQg3OOjw7LpAbzQzJH
gyVMvTJxMy8cf1lWArf6fccGp/34/gYoEiXBuUs0dzIpVBK/6Z+T0loGONC8fAtF
uZZy2jvo2kjEk34V6Arwi8LIHYwO8urPZ7wKS/NPmPCbfG4QsrtjNb3sK25X2nEC
AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCpj3yysx0u7LRQw9EaSZJhZ92vTnqT
KLK1+8GRLLt8obZhq9Iw0s6Q47GRC0dDfu6DwE/sOBPUXXOkdSys+QtqPPHZZPNT
JzezflInuATliHGNbXHiQ9Z9uHsbeiiEi604e85mj+m8rf5LOYYGxhTyNN5AONFZ
6p1R0IMa/9i8PV6G0JgN0Y8JfGYFuJgVM0Le90bSG0q97W+8Rs7DLQqI//2yV20K
PHSRufZoNayh6bVdIimx3ji8/s/VjvI+0hT110RBqUJk8phzZGnKAkiZDMa66weM
y8AzuOsLc7TdtxVBGer+ClTSH/VjyuDIqBqxN2hfeB6yD9qWCu1ysvxy
-----END CERTIFICATE REQUEST-----

28
test/data/server.key
View file

@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCzxlfVCnbDZxAs
hQjPsu06K1vcTSC/XO5KDyGwbtM1jJ1A2LTp8XZWkMQYwVq7VmrC3I/pKyOoZi5P
vx4gdAoxVedRG+K/q+nX/l/Tssk3LV4uKwX82DmeR8xH8niH7LOI55PwLBl9cwtj
u7Su2LlWpalXgHzKUYxXv1PP7BdHTbEZVBm1xhQr5Y1p/TBZkQ5BR4fM0INzjo8O
y6QG80MyR4MlTL0ycTMvHH9ZVgK3+n3HBqf9+P4GKBIlwblLNHcyKVQSv+mfk9Ja
BjjQvHwLRbmWcto76NpIxJN+FegK8IvCyB2MDvLqz2e8CkvzT5jwm3xuELK7YzW9
7CtuV9pxAgMBAAECggEAVKyTKhDnp1mf0JhIciuAeOl7NuRNDFUlF1TRNVy9tnco
iiaH77h/WH6PHmnT5nDpkCZ60gQzo1mdbopCEl8Vfe9MKHPN9SFv3wA8+mU3SPnh
ZjV1eIYPfXGr0iduhfcDCPSqRXFAAEpzjuIWVFRX12vnuwMVw+VtCNdhDonQ3Q/8
jpGi1LDjadckmDkf9QbHBiec9Me/oXd18R9npK9yp8zJCvLUhVeWHdFl1YTvK8QE
s9/IffRO/CLofie4VvR4lLT02Hj47jgMfuKyF0Y+qDykT2AxJsBpdIIMy21hLDTp
RoHHbzJlcwL9ITzas/daVWHqFADSvyK7ZfWggxjgAQKBgQDg09Qw3hN98Deo6fsA
rcn1BDflDHLEc0hY/L/NqLb0EnUMYKZSGI9QbyZP3Oh3jG2G/WdOeq9QLpEIrauF
kd5BTDBRgjx0YzwqIu6rv0vwdo5a7+TATETTGH1gZUTmno3yL2b2OdTA33ewyX7o
rwDEYaTg4ACJLwPqT+vwJCaugQKBgQDMs2KjjpXkEZgTz4tbcTQsNL7ulTOcwYR7
mOsntXTPHSxB9UiTLFvvgo+/okoCUtW1qztDGzdCjilLNc3lcgpHvGS+pX9MtFKo
lsVnw8cUM7kGHEAjoauGCVYmaZNuOCcbhWvaQEPo8424TkC29PCZNHbC6n5gBQMV
ndQfnfoT8QKBgQC54WkGHhWvgfQCy7CilwzqblpoHSqmEUo3iIBr4Jmiob/0Q9Q+
+99BeSQL03C/pnLHsKrAz94yRM3UhwHQpRFEm2E3gp3I/GK507fQd5Cpdturg7t0
4ZnljdHa6N9WbLCfE2HlIVstO5URrQYoCshvlOtkoM7QnPZ3uywulzUEAQKBgF4g
vuLm1hYh4QR7E2HhFFSfjIy5HxqeAgWzs652ylfS2l8aI11JsJzaNK+yOMYIwSzg
qEebZDW+mU50V1GCtyd1gf4IrBjhcoEDk5K7e/fWMOaWZwf7d5wS/wJ62ch9Gb6W
A5pAovmjxS9TDH8U8u4AKfxHSAVvSJPQF5LSWgSBAoGBANbFPrVXgcmCxHRAq9U4
tybOgJuU1MkGHQBW6i3bQZqxBu2A+h7ORBp/mFZzFKUrxaG8YrBqfiQOznQnPLyZ
k0C4sWPSF7CDD9ZjVS86yOYRzBVlCFWSaGttii2rFuuSEdDjPUOoUhO1NcKSevm1
KqLTO/4DvBVib2nMAPzTt1pZ
-----END PRIVATE KEY-----