mirror of
https://github.com/golang/go.git
synced 2026-06-27 03:11:23 +00:00
crypto/tls: generate test certificates
Actually switching uses of the old certs will take a while, but make the new ones easy to use so we can do it incrementally. Change-Id: Idfbd51f6a6417d7681e5ea9c5888b2a66a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/759380 Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
This commit is contained in:
Filippo Valsorda
Gopher Robot
parent
3ac09d0ab6
commit
37b75cc637
2 changed files with 997 additions and 0 deletions
379
src/crypto/tls/certificates_generator_test.go
Normal file
379
src/crypto/tls/certificates_generator_test.go
Normal file
|
|
@ -0,0 +1,379 @@
|
|||
// Copyright 2026 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package tls
|
||||
|
||||
//go:generate go test -run ^TestGenerateCertificates$ crypto/tls -generate
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/ecdsa"
|
||||
"crypto/ed25519"
|
||||
"crypto/elliptic"
|
||||
"crypto/fips140"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/pem"
|
||||
"flag"
|
||||
"fmt"
|
||||
"internal/testenv"
|
||||
"math/big"
|
||||
"os"
|
||||
"strings"
|
||||
"testing"
|
||||
"testing/cryptotest"
|
||||
"time"
|
||||
)
|
||||
|
||||
var generate = flag.Bool("generate", false, "regenerate certificates_test.go")
|
||||
|
||||
func TestGenerateCertificates(t *testing.T) {
|
||||
testenv.MustHaveSource(t)
|
||||
if testing.Short() && !*generate {
|
||||
t.Skip("set -generate to regenerate certificates_test.go, or run without -short to check")
|
||||
}
|
||||
if fips140.Version() == "v1.0.0" {
|
||||
t.Skip("FIPS 140-3 module v1.0.0 doesn't support SetGlobalRandom")
|
||||
}
|
||||
|
||||
// Allow RSA keys below 1024 bits for testRSA512.
|
||||
t.Setenv("GODEBUG", os.Getenv("GODEBUG")+",rsa1024min=0")
|
||||
// Unset cryptocustomrand to avoid MaybeReadByte non-determinism.
|
||||
t.Setenv("GODEBUG", os.Getenv("GODEBUG")+",cryptocustomrand=0")
|
||||
cryptotest.SetGlobalRandom(t, 0)
|
||||
|
||||
notBefore := time.Unix(1476984729, 0).Add(-100 * 24 * time.Hour)
|
||||
notAfter := time.Unix(1476984729, 0).Add(100 * 24 * time.Hour)
|
||||
serial := int64(0)
|
||||
nextSerial := func() *big.Int {
|
||||
serial++
|
||||
return big.NewInt(serial)
|
||||
}
|
||||
|
||||
// Root CA key and cert.
|
||||
rootKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
rootTemplate := &x509.Certificate{
|
||||
SerialNumber: nextSerial(),
|
||||
Subject: pkix.Name{CommonName: "Root"},
|
||||
NotBefore: notBefore,
|
||||
NotAfter: notAfter,
|
||||
KeyUsage: x509.KeyUsageCertSign,
|
||||
BasicConstraintsValid: true,
|
||||
IsCA: true,
|
||||
}
|
||||
rootDER, err := x509.CreateCertificate(rand.Reader, rootTemplate, rootTemplate, &rootKey.PublicKey, rootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
rootCert, err := x509.ParseCertificate(rootDER)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Client Root CA key and cert.
|
||||
clientRootKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
clientRootTemplate := &x509.Certificate{
|
||||
SerialNumber: nextSerial(),
|
||||
Subject: pkix.Name{CommonName: "Client Root"},
|
||||
NotBefore: notBefore,
|
||||
NotAfter: notAfter,
|
||||
KeyUsage: x509.KeyUsageCertSign,
|
||||
BasicConstraintsValid: true,
|
||||
IsCA: true,
|
||||
}
|
||||
clientRootDER, err := x509.CreateCertificate(rand.Reader, clientRootTemplate, clientRootTemplate, &clientRootKey.PublicKey, clientRootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
clientRootCert, err := x509.ParseCertificate(clientRootDER)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Helper to create a leaf template.
|
||||
serverLeaf := func(cn string, san string) *x509.Certificate {
|
||||
return &x509.Certificate{
|
||||
SerialNumber: nextSerial(),
|
||||
Subject: pkix.Name{CommonName: cn},
|
||||
NotBefore: notBefore,
|
||||
NotAfter: notAfter,
|
||||
KeyUsage: x509.KeyUsageDigitalSignature,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
||||
BasicConstraintsValid: true,
|
||||
DNSNames: []string{san},
|
||||
}
|
||||
}
|
||||
clientLeaf := func(cn string, san string) *x509.Certificate {
|
||||
return &x509.Certificate{
|
||||
SerialNumber: nextSerial(),
|
||||
Subject: pkix.Name{CommonName: cn},
|
||||
NotBefore: notBefore,
|
||||
NotAfter: notAfter,
|
||||
KeyUsage: x509.KeyUsageDigitalSignature,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
|
||||
BasicConstraintsValid: true,
|
||||
DNSNames: []string{san},
|
||||
}
|
||||
}
|
||||
|
||||
type certKeyPair struct {
|
||||
name string
|
||||
comment string
|
||||
certPEM string
|
||||
keyPEM string
|
||||
}
|
||||
var pairs []certKeyPair
|
||||
|
||||
emit := func(name, comment string, certDER []byte, key any) {
|
||||
keyDER, err := x509.MarshalPKCS8PrivateKey(key)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
certPEM := string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: certDER}))
|
||||
keyPEM := string(pem.EncodeToMemory(&pem.Block{Type: "TESTING KEY", Bytes: keyDER}))
|
||||
pairs = append(pairs, certKeyPair{name, comment, strings.TrimSpace(certPEM), strings.TrimSpace(keyPEM)})
|
||||
}
|
||||
|
||||
// Roots.
|
||||
emit("testRoot", "Self-signed RSA 2048 root CA, CN=Root.", rootDER, rootKey)
|
||||
emit("testClientRoot", "Self-signed RSA 2048 root CA, CN=Client Root.", clientRootDER, clientRootKey)
|
||||
|
||||
// Server certs issued by root.
|
||||
|
||||
// ECDSA P-256 (default).
|
||||
ecdsaP256Key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
tmpl := serverLeaf("ECDSA P-256", "test.golang.example")
|
||||
der, err := x509.CreateCertificate(rand.Reader, tmpl, rootCert, &ecdsaP256Key.PublicKey, rootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
emit("testECDSAP256", "ECDSA P-256 server leaf, SAN=test.golang.example, issued by Root.", der, ecdsaP256Key)
|
||||
|
||||
// RSA 2048.
|
||||
rsa2048Key, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
tmpl = serverLeaf("RSA 2048", "test.golang.example")
|
||||
der, err = x509.CreateCertificate(rand.Reader, tmpl, rootCert, &rsa2048Key.PublicKey, rootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
emit("testRSA2048", "RSA 2048 server leaf, SAN=test.golang.example, issued by Root.", der, rsa2048Key)
|
||||
|
||||
// ECDSA P-384.
|
||||
ecdsaP384Key, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
tmpl = serverLeaf("ECDSA P-384", "test.golang.example")
|
||||
der, err = x509.CreateCertificate(rand.Reader, tmpl, rootCert, &ecdsaP384Key.PublicKey, rootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
emit("testECDSAP384", "ECDSA P-384 server leaf, SAN=test.golang.example, issued by Root.", der, ecdsaP384Key)
|
||||
|
||||
// ECDSA P-521.
|
||||
ecdsaP521Key, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
tmpl = serverLeaf("ECDSA P-521", "test.golang.example")
|
||||
der, err = x509.CreateCertificate(rand.Reader, tmpl, rootCert, &ecdsaP521Key.PublicKey, rootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
emit("testECDSAP521", "ECDSA P-521 server leaf, SAN=test.golang.example, issued by Root.", der, ecdsaP521Key)
|
||||
|
||||
// Ed25519.
|
||||
ed25519Pub, ed25519Key, err := ed25519.GenerateKey(rand.Reader)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
tmpl = serverLeaf("Ed25519", "test.golang.example")
|
||||
der, err = x509.CreateCertificate(rand.Reader, tmpl, rootCert, ed25519Pub, rootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
emit("testEd25519", "Ed25519 server leaf, SAN=test.golang.example, issued by Root.", der, ed25519Key)
|
||||
|
||||
// RSA-PSS: signed by root with SHA512WithRSAPSS. The leaf SPKI is
|
||||
// rsaEncryption while the signatureAlgorithm is rsassaPss, for use
|
||||
// with the rsa_pss_rsae_* SignatureSchemes.
|
||||
rsaPSSKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
tmpl = serverLeaf("RSA-PSS", "test.golang.example")
|
||||
tmpl.SignatureAlgorithm = x509.SHA512WithRSAPSS
|
||||
der, err = x509.CreateCertificate(rand.Reader, tmpl, rootCert, &rsaPSSKey.PublicKey, rootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
emit("testRSAPSS", "RSA 2048 server leaf, SAN=test.golang.example, issued by Root.\n\t// Signature algorithm is SHA512WithRSAPSS (rsaEncryption SPKI, rsassaPss signature).", der, rsaPSSKey)
|
||||
|
||||
// RSA 1024: key is intentionally too small for rsa_pss_rsae_sha512
|
||||
// (which requires at least 1040 bits), but large enough for
|
||||
// rsa_pss_rsae_sha256. Used by TestHandshakeServerRSAPSS.
|
||||
rsa1024Key, err := rsa.GenerateKey(rand.Reader, 1024)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
tmpl = serverLeaf("RSA 1024", "test.golang.example")
|
||||
der, err = x509.CreateCertificate(rand.Reader, tmpl, rootCert, &rsa1024Key.PublicKey, rootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
emit("testRSA1024", "RSA 1024 server leaf, SAN=test.golang.example, issued by Root.\n\t// Key is too small for rsa_pss_rsae_sha512; used by TestHandshakeServerRSAPSS.", der, rsa1024Key)
|
||||
|
||||
// RSA 512: key is too small for any rsa_pss_rsae_* SignatureScheme
|
||||
// (the smallest, SHA-256, requires at least 528 bits). Used by
|
||||
// TestKeyTooSmallForRSAPSS.
|
||||
rsa512Key, err := rsa.GenerateKey(rand.Reader, 512)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
tmpl = serverLeaf("RSA 512", "test.golang.example")
|
||||
der, err = x509.CreateCertificate(rand.Reader, tmpl, rootCert, &rsa512Key.PublicKey, rootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
emit("testRSA512", "RSA 512 server leaf, SAN=test.golang.example, issued by Root.\n\t// Key is too small for any rsa_pss_rsae_*; used by TestKeyTooSmallForRSAPSS.", der, rsa512Key)
|
||||
|
||||
// SNI cert (different SAN for SNI mismatch testing).
|
||||
sniKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
tmpl = serverLeaf("different.example.com", "different.example.com")
|
||||
der, err = x509.CreateCertificate(rand.Reader, tmpl, rootCert, &sniKey.PublicKey, rootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
emit("testSNI", "ECDSA P-256 server leaf, SAN=different.example.com, issued by Root.", der, sniKey)
|
||||
|
||||
// Client certs issued by client root.
|
||||
|
||||
clientRSAKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
tmpl = clientLeaf("clientAuth RSA 2048", "test.golang.example")
|
||||
der, err = x509.CreateCertificate(rand.Reader, tmpl, clientRootCert, &clientRSAKey.PublicKey, clientRootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
emit("testClientRSA2048", "RSA 2048 client leaf, SAN=test.golang.example, issued by Client Root.", der, clientRSAKey)
|
||||
|
||||
clientECDSAKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
tmpl = clientLeaf("clientAuth ECDSA P-256", "test.golang.example")
|
||||
der, err = x509.CreateCertificate(rand.Reader, tmpl, clientRootCert, &clientECDSAKey.PublicKey, clientRootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
emit("testClientECDSAP256", "ECDSA P-256 client leaf, SAN=test.golang.example, issued by Client Root.", der, clientECDSAKey)
|
||||
|
||||
clientEd25519Pub, clientEd25519Key, err := ed25519.GenerateKey(rand.Reader)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
tmpl = clientLeaf("clientAuth Ed25519", "test.golang.example")
|
||||
der, err = x509.CreateCertificate(rand.Reader, tmpl, clientRootCert, clientEd25519Pub, clientRootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
emit("testClientEd25519", "Ed25519 client leaf, SAN=test.golang.example, issued by Client Root.", der, clientEd25519Key)
|
||||
|
||||
// Client RSA-PSS: signed by client root with SHA512WithRSAPSS. The leaf
|
||||
// SPKI is rsaEncryption while the signatureAlgorithm is rsassaPss.
|
||||
clientRSAPSSKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
tmpl = clientLeaf("clientAuth RSA-PSS", "test.golang.example")
|
||||
tmpl.SignatureAlgorithm = x509.SHA512WithRSAPSS
|
||||
der, err = x509.CreateCertificate(rand.Reader, tmpl, clientRootCert, &clientRSAPSSKey.PublicKey, clientRootKey)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
emit("testClientRSAPSS", "RSA 2048 client leaf, SAN=test.golang.example, issued by Client Root.\n\t// Signature algorithm is SHA512WithRSAPSS (rsaEncryption SPKI, rsassaPss signature).", der, clientRSAPSSKey)
|
||||
|
||||
// Generate certificates_test.go.
|
||||
var buf bytes.Buffer
|
||||
fmt.Fprint(&buf, `// Code generated by certificates_generator_test.go; DO NOT EDIT.
|
||||
// To regenerate, run: go generate
|
||||
|
||||
package tls
|
||||
|
||||
import "crypto/x509"
|
||||
|
||||
`)
|
||||
|
||||
fmt.Fprint(&buf, `var (
|
||||
`)
|
||||
for _, p := range pairs {
|
||||
fmt.Fprintf(&buf, "\t// %s\n", p.comment)
|
||||
fmt.Fprintf(&buf, "\t%sCert = parseTestCert(%sCertPEM, %sKeyPEM)\n\n",
|
||||
p.name, p.name, p.name)
|
||||
}
|
||||
fmt.Fprint(&buf, ` // x509.CertPool containing testRootCert.
|
||||
testRootCertPool = newTestCertPool(testRootCertPEM)
|
||||
// x509.CertPool containing testClientRootCert.
|
||||
testClientRootCertPool = newTestCertPool(testClientRootCertPEM)
|
||||
)
|
||||
|
||||
`)
|
||||
|
||||
for _, p := range pairs {
|
||||
fmt.Fprintf(&buf, "const %sCertPEM = `\n%s`\n\n", p.name, p.certPEM)
|
||||
fmt.Fprintf(&buf, "const %sKeyPEM = `\n%s`\n\n", p.name, p.keyPEM)
|
||||
}
|
||||
|
||||
fmt.Fprint(&buf, `func parseTestCert(certPEM, keyPEM string) Certificate {
|
||||
tlsCert, err := X509KeyPair([]byte(certPEM), []byte(testingKey(keyPEM)))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return tlsCert
|
||||
}
|
||||
|
||||
func newTestCertPool(certPEM string) *x509.CertPool {
|
||||
pool := x509.NewCertPool()
|
||||
if !pool.AppendCertsFromPEM([]byte(certPEM)) {
|
||||
panic("failed to parse certificate for pool")
|
||||
}
|
||||
return pool
|
||||
}
|
||||
`)
|
||||
|
||||
if *generate {
|
||||
if err := os.WriteFile("certificates_test.go", buf.Bytes(), 0644); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
t.Log("wrote certificates_test.go")
|
||||
} else {
|
||||
// Check that the generated content matches the existing file.
|
||||
existing, err := os.ReadFile("certificates_test.go")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if !bytes.Equal(existing, buf.Bytes()) {
|
||||
t.Fatal("certificates_test.go is out of date; run go generate to update it")
|
||||
}
|
||||
}
|
||||
}
|
||||
618
src/crypto/tls/certificates_test.go
Normal file
618
src/crypto/tls/certificates_test.go
Normal file
|
|
@ -0,0 +1,618 @@
|
|||
// Code generated by certificates_generator_test.go; DO NOT EDIT.
|
||||
// To regenerate, run: go generate
|
||||
|
||||
package tls
|
||||
|
||||
import "crypto/x509"
|
||||
|
||||
var (
|
||||
// Self-signed RSA 2048 root CA, CN=Root.
|
||||
testRootCert = parseTestCert(testRootCertPEM, testRootKeyPEM)
|
||||
|
||||
// Self-signed RSA 2048 root CA, CN=Client Root.
|
||||
testClientRootCert = parseTestCert(testClientRootCertPEM, testClientRootKeyPEM)
|
||||
|
||||
// ECDSA P-256 server leaf, SAN=test.golang.example, issued by Root.
|
||||
testECDSAP256Cert = parseTestCert(testECDSAP256CertPEM, testECDSAP256KeyPEM)
|
||||
|
||||
// RSA 2048 server leaf, SAN=test.golang.example, issued by Root.
|
||||
testRSA2048Cert = parseTestCert(testRSA2048CertPEM, testRSA2048KeyPEM)
|
||||
|
||||
// ECDSA P-384 server leaf, SAN=test.golang.example, issued by Root.
|
||||
testECDSAP384Cert = parseTestCert(testECDSAP384CertPEM, testECDSAP384KeyPEM)
|
||||
|
||||
// ECDSA P-521 server leaf, SAN=test.golang.example, issued by Root.
|
||||
testECDSAP521Cert = parseTestCert(testECDSAP521CertPEM, testECDSAP521KeyPEM)
|
||||
|
||||
// Ed25519 server leaf, SAN=test.golang.example, issued by Root.
|
||||
testEd25519Cert = parseTestCert(testEd25519CertPEM, testEd25519KeyPEM)
|
||||
|
||||
// RSA 2048 server leaf, SAN=test.golang.example, issued by Root.
|
||||
// Signature algorithm is SHA512WithRSAPSS (rsaEncryption SPKI, rsassaPss signature).
|
||||
testRSAPSSCert = parseTestCert(testRSAPSSCertPEM, testRSAPSSKeyPEM)
|
||||
|
||||
// RSA 1024 server leaf, SAN=test.golang.example, issued by Root.
|
||||
// Key is too small for rsa_pss_rsae_sha512; used by TestHandshakeServerRSAPSS.
|
||||
testRSA1024Cert = parseTestCert(testRSA1024CertPEM, testRSA1024KeyPEM)
|
||||
|
||||
// RSA 512 server leaf, SAN=test.golang.example, issued by Root.
|
||||
// Key is too small for any rsa_pss_rsae_*; used by TestKeyTooSmallForRSAPSS.
|
||||
testRSA512Cert = parseTestCert(testRSA512CertPEM, testRSA512KeyPEM)
|
||||
|
||||
// ECDSA P-256 server leaf, SAN=different.example.com, issued by Root.
|
||||
testSNICert = parseTestCert(testSNICertPEM, testSNIKeyPEM)
|
||||
|
||||
// RSA 2048 client leaf, SAN=test.golang.example, issued by Client Root.
|
||||
testClientRSA2048Cert = parseTestCert(testClientRSA2048CertPEM, testClientRSA2048KeyPEM)
|
||||
|
||||
// ECDSA P-256 client leaf, SAN=test.golang.example, issued by Client Root.
|
||||
testClientECDSAP256Cert = parseTestCert(testClientECDSAP256CertPEM, testClientECDSAP256KeyPEM)
|
||||
|
||||
// Ed25519 client leaf, SAN=test.golang.example, issued by Client Root.
|
||||
testClientEd25519Cert = parseTestCert(testClientEd25519CertPEM, testClientEd25519KeyPEM)
|
||||
|
||||
// RSA 2048 client leaf, SAN=test.golang.example, issued by Client Root.
|
||||
// Signature algorithm is SHA512WithRSAPSS (rsaEncryption SPKI, rsassaPss signature).
|
||||
testClientRSAPSSCert = parseTestCert(testClientRSAPSSCertPEM, testClientRSAPSSKeyPEM)
|
||||
|
||||
// x509.CertPool containing testRootCert.
|
||||
testRootCertPool = newTestCertPool(testRootCertPEM)
|
||||
// x509.CertPool containing testClientRootCert.
|
||||
testClientRootCertPool = newTestCertPool(testClientRootCertPEM)
|
||||
)
|
||||
|
||||
const testRootCertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC2zCCAcOgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRSb290
|
||||
MB4XDTE2MDcxMjE3MzIwOVoXDTE3MDEyODE3MzIwOVowDzENMAsGA1UEAxMEUm9v
|
||||
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmvg91HhTlfaXcjKwqY
|
||||
G35v928fjA9m4NOeJsH+stqIDoQJeCwimlKwZ0uSmNgABZHhVl4qhcavP0mXBVhG
|
||||
wOAyKkZNYX5CP2Thhw8d0OFJpeP9kxDSFHev0Fa7XUGlBWQk7Zbmad72Agx+Oe6f
|
||||
RUSVt2pmpAIEzRRtQJpqO6cwtXvHH1KA2XKLBK2zLup7V32N3fQC21WjX9dZhOa+
|
||||
Y1fqyF10V+ugHbcLQJxbso0hvnhLMLW3DNrZdoL6NaXUVG7UeweIbZ9z3oITOEVk
|
||||
iEBKGbtvGd58UnFfwnecO30utOp+kaJoYLMme6w/elQ0WV+G+AysJGKFCAWRb13q
|
||||
4HcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgIEMA8GA1UdEwEB/wQFMAMBAf8wHQYD
|
||||
VR0OBBYEFMghBhPWIX5rQ3No+FB3KfrcDBEaMA0GCSqGSIb3DQEBCwUAA4IBAQAs
|
||||
aHAaPhMaHULTTn62b1/dpgxLLge+iVNyCaJmi4ic/XnkSZV3ZsZp8dvoQZPR2vmU
|
||||
BQLr3nqEMqpVvEnsPhAYJoEAYEUNkSMdiT2rKp3eLF/pt03qSfrPjyg+LTnyRMYU
|
||||
zzocbEqDHPH0NvBdQdWBCGqMIYulR02TEKKEqamuYMiFFQq2VaFS06rTIa4jOOwU
|
||||
VRBVcjqzTs3W+TKXEgT7VuGQmW6OndRHG5iQdnlpv2tFBSiNT65IwzxLfLXr7POY
|
||||
Js7Ja+lM2GRWzWSp5RZdCFs/6N4HzF911PrOzuTd6mE/jaGERCKyC+SEcUHo4PFH
|
||||
US9Fl9vXoWO16TbQsw3D
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testRootKeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJr4PdR4U5X2l3
|
||||
IysKmBt+b/dvH4wPZuDTnibB/rLaiA6ECXgsIppSsGdLkpjYAAWR4VZeKoXGrz9J
|
||||
lwVYRsDgMipGTWF+Qj9k4YcPHdDhSaXj/ZMQ0hR3r9BWu11BpQVkJO2W5mne9gIM
|
||||
fjnun0VElbdqZqQCBM0UbUCaajunMLV7xx9SgNlyiwStsy7qe1d9jd30AttVo1/X
|
||||
WYTmvmNX6shddFfroB23C0CcW7KNIb54SzC1twza2XaC+jWl1FRu1HsHiG2fc96C
|
||||
EzhFZIhAShm7bxnefFJxX8J3nDt9LrTqfpGiaGCzJnusP3pUNFlfhvgMrCRihQgF
|
||||
kW9d6uB3AgMBAAECggEAAyyjhy6SfrotN0ZS7ZpCSIWrn9CfzDhCzqHdG02OdBkT
|
||||
HWnmvc8XnbiQD6TxiejKLacdzGKf82YbuWVKnL6UV5MCjlO2dp3FUKmqDgdam8kk
|
||||
dsetcmTUFKQsQ8k0KQ3XXWGlaawbu3okwxyTfdl85hzzI5YU+8Emly03CJcmdDWt
|
||||
Yq8VZJnicXZJKhpSNrn9rZGYtY3mRb3SHF4ZYTnQZVfUPoCcEtXUY0NTjHCsLS2G
|
||||
C3C6HpqLrriInHQ7wlazkozpxspVxXMUrRhvqDwNRvO+OjLF1o0uGar1F3WD1Vy6
|
||||
PTw5JoNcxRHJW9uuN7dsuPYdYVy2MNWWQV2ztlSH2QKBgQDySEUE5O1S2oEGI504
|
||||
3ctVYVkUQYwxTImaH7vn+Pul2793pWNboTHu3+2n76gF7/4b5VwWOoeKQ5Ztn4KX
|
||||
omYgsq0Qn58xuPN9r/0oA5bWbx930JblCvmAVjnnJMNvfC1qv4Yoz0on8aoxrClW
|
||||
6WEcjn+EOAusIN5ybnxZztyhDwKBgQDVGtJfAS0D9smvBk34xIovI/SwGM/N/Kse
|
||||
pNNoO8QTMWkXToBGwlOSdmU+ZOwbVxomHpfaPnbKnyZpT3cRZncI3GvVMqX2Fy6S
|
||||
Kkl/pgRqdrL2z2ueGV6sLAKM6zRNtaqmIO2kVGr2wZh5vVDQjMpxNhRlsJ4ZULiO
|
||||
KAgJBIJ6GQKBgQC9iBOWFJAjNJOifdHMXpVmIVVSJ0TIfBtY2mJgwcH6qcFKk7L6
|
||||
R0uMltiPe0dx/aBHqlEzgm3tl5nh/9plTMGf6qbATl52wzyXokjkOIqTDTMMw7yH
|
||||
SOKNpuZ9D6FjYT0WOOV2n1JflQmS+h8Mwl0Zvc+7WyymZsAdvJjCmLS3uQKBgGJt
|
||||
lwkmg+I21ISwxsbGEIUheFz1uNWNhIQM4VBdenza741CRuFn1C3r3WtqNduS6ZL9
|
||||
wmmdPETuKVGu0HIK/6PqGyxHznvRzULZoUUCKzv5Q0PYHf7R/PZNBYiNAoV6CS3e
|
||||
O6UREK6UUJa6KF+LB94uelFVuFA9BmEygDOaD6HRAoGAFPH5t8MJBfcSFn+fCEn4
|
||||
07Fzd0Kbd1BFQVb1BODSULnZHgEr+mFuraHvhAckXv9dQqWgfgAeL7PuXbQKwDCs
|
||||
na3Xe84REd24dWz97Xw7aBSTYyIkmH1cZMT+04/5WjKqR/LLLCIVCTpcRdjyJvlL
|
||||
t1WXdk/pn9qUzJ+lbWLWK8M=
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testClientRootCertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC6TCCAdGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtDbGll
|
||||
bnQgUm9vdDAeFw0xNjA3MTIxNzMyMDlaFw0xNzAxMjgxNzMyMDlaMBYxFDASBgNV
|
||||
BAMTC0NsaWVudCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
||||
rjkvgogt5oCTTJq07XGumWrLAGsr/9c8ZuS1HNMCflb4D8CsqFSUUHWVh7C5T0AW
|
||||
K/O3B9VDCiw/NT5VWqLLvcFpOwFQz9nRHGPZYfk/KRQiQYwio8Kd48CL0wgSh5pM
|
||||
Y0zvhLsNxv3ezJqWNlRz8SDkVA551A83s8DqTt3YFmAA0odQMp+EH7e6AolbO75A
|
||||
TtUa6G4A2ywA+vSoQ+g6ccqIbTmRCKKvrTlAXOZ5Oe1vk1FyBIK0rpo7vimfUU11
|
||||
sbZ0gGbbPFfybDSp0BIUUNNSTZbfsENz51aJwR2AmszhkP5b5M7aljdVxCAylkjM
|
||||
G8ICiwcaZVcCxk3Me1/syQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0T
|
||||
AQH/BAUwAwEB/zAdBgNVHQ4EFgQUEXNuRxhdpiEaG0xhJjnI+17pdCQwDQYJKoZI
|
||||
hvcNAQELBQADggEBAHJyN8rYdY9dRT5oUfkci3SYn/q+uiguNotK8NH4qmM83Tdm
|
||||
Ekpk1iM8K4JXLhK4AxnhDEAz4jhiSJjbl8RvEODRlc4/03bHa/JQJJjBIR27oQLl
|
||||
OW+GTZNL0wyM5D8rqHPDr3PAfTEDDhCjfp+VQRaNs0uTLrJD3QAoSCSxfLptk0uW
|
||||
ZcL7u715Ns1IbacEue3ZWkqI1pwrpMHaGigV6qsMWKJvbVqu7I+XdtW6/EK1drEv
|
||||
3wk1sOmqK5oLy8sulgJ+oUHxoSsBPIRWYcdkqQZeyRf85iX1vIWqHm6eoMfYijzH
|
||||
RtP3e2dpiCGsatBcFp06TQXe1TUsw0xULmKESkk=
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testClientRootKeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCuOS+CiC3mgJNM
|
||||
mrTtca6ZassAayv/1zxm5LUc0wJ+VvgPwKyoVJRQdZWHsLlPQBYr87cH1UMKLD81
|
||||
PlVaosu9wWk7AVDP2dEcY9lh+T8pFCJBjCKjwp3jwIvTCBKHmkxjTO+Euw3G/d7M
|
||||
mpY2VHPxIORUDnnUDzezwOpO3dgWYADSh1Ayn4Qft7oCiVs7vkBO1RrobgDbLAD6
|
||||
9KhD6DpxyohtOZEIoq+tOUBc5nk57W+TUXIEgrSumju+KZ9RTXWxtnSAZts8V/Js
|
||||
NKnQEhRQ01JNlt+wQ3PnVonBHYCazOGQ/lvkztqWN1XEIDKWSMwbwgKLBxplVwLG
|
||||
Tcx7X+zJAgMBAAECggEAIos7oI/EPBUHv7NYBtFYy1n5lKRrRa+lLgiQYX30G10+
|
||||
k48CHOEiRB7ATnZrk6tTChVpV8AA6hoyUSoCDfXD3GSmKvkcjw2y0MR6dFrRW2F+
|
||||
1kzFDH+4wxDpGGdcFy9wkGrPfduBxJAPFjXbbTvK/kclhoYVQUbgJj+spYUGhI7i
|
||||
CTAg3rE/HpxFdSpkK4LDAx00TOY3Yaz86RkKXziKempCIVnpLiVJ7H8cT//KQ86X
|
||||
rQSLbd1dqWbK7thOQi8ncsD2WEo0tjNoj+oqPAmmxTLM4ex5yGjK2bOUWXwjziNs
|
||||
aOv6GHCfObdbBx7/UXFwUIejRiD3EAPFjz16LqPYFQKBgQDGWeKYklGhv+UXxqdl
|
||||
iTjlh4thE24Bsva6sxcQrgtP0S9ZyqK3/D6oPc219g87IK40ZGc10HAykU9kTmhY
|
||||
uqphXOKhsUUKRmKYb9pECiMqw1lR0YyQYldzWTL+QtzX1BMWyILisfqG3dh8ih3T
|
||||
v9BdgOWsbMJhkDJShIiSOvHMZQKBgQDg3BnN4w8Q/Bz23uldm33kc5+TJaQPsDd4
|
||||
MQr9IlP5yILIFEw9TQVCxiXyE4DiA54611v65XRZEmnR2oAReEE91VgI+2EsuZyf
|
||||
bi+iL/JamuB129qjm3k1hEFXeKrkLeF2z4IJ2FffVvAAOGXwzIQwQHanR/xOn/Go
|
||||
Dl6mmZ2+lQKBgAJP8fBNZF46WnVYf4MTgnJKjjlnfJTQfUfX5qDvJnqbua2WSydR
|
||||
7XkQn2FLqQnLa7x4nytlbqloQECvGVBPfMT9zDaOVnu0LloQk77PT3GkLVpi0vyr
|
||||
6NETbSDBrsllU4OkesIhyQXheDCbe5WIWul8IzFLY0i34Z5MpTrvLPpxAoGAAJqW
|
||||
tybU84a5zS/sEIRKYkKtOwfu2NvwSjJXhTaCYzlWoJLtYXzDdtpxX6UNw42e7ymE
|
||||
5beYCGU0Q4wCrAlWo4PfKKcEK8qT0RnKpvTaAcRItghRHf9c4/fm9QUt8E7vPBJy
|
||||
lvQtyDvDiTydiXgDIt4Jc4mN8+gaDgl715ayBcECgYBdAeBE1ouvZHsNgStO5WVA
|
||||
JHT3S8zf5wtUKqXfhQntQ1kd1F1epRj04ow9zTRsxyW4nC6ALRDY5HJ6xSZR+UEB
|
||||
ejB34PlrIQt7n6uW5UYsCtbnMP2syg4tO3NLL5t2ZuIJQXpZX9JeyYYp3B5XR95N
|
||||
AKPqm1mhD4P35csdrn7rQg==
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testECDSAP256CertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICSzCCATOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRSb290
|
||||
MB4XDTE2MDcxMjE3MzIwOVoXDTE3MDEyODE3MzIwOVowFjEUMBIGA1UEAxMLRUNE
|
||||
U0EgUC0yNTYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS9dZlr1XMmgtrhblTa
|
||||
hJ5JRmrd8xXydAesNdvvF3TkJj/OguGHsn+JU097Ehn7XvZCFaUaJJHTMCgv73ZI
|
||||
Wt4Mo3YwdDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYD
|
||||
VR0TAQH/BAIwADAfBgNVHSMEGDAWgBTIIQYT1iF+a0NzaPhQdyn63AwRGjAeBgNV
|
||||
HREEFzAVghN0ZXN0LmdvbGFuZy5leGFtcGxlMA0GCSqGSIb3DQEBCwUAA4IBAQCu
|
||||
nQ+Ay3bv3aGQ8ln16WkENHPv86heUdavb74Ij7ihfYFUhGZZCESa3uY9DpBCA4TG
|
||||
4O3NUO9A5NHxOdi+dkvgFCpbw2ZMh/Q+repCPVUadQ6vSn0XCpHowrY9vf9ZUJa1
|
||||
RYILmPs1zg8Uinkk8jZiL2ZaRUxE7UcGAFDhEnKAU5bwNZ1qVPjPvzn9k23LaSeZ
|
||||
2fT79JvR6s+Dn6o3dKBEo2Ain6VCcRuPXGc84LhXzjx6mt3W/w0475flaDsWuhui
|
||||
+WP4UprhBFIIbmQUHDGsZWgwPF3+niKsWPgdmeBewsSt5XSKqAhd/bkBOCWPvp1M
|
||||
VwJpdknLbM89X1sHqDaa
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testECDSAP256KeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgB4u8mljMa3oBNFGF
|
||||
nsxjyt0kIECav5As173/6SRrI02hRANCAAS9dZlr1XMmgtrhblTahJ5JRmrd8xXy
|
||||
dAesNdvvF3TkJj/OguGHsn+JU097Ehn7XvZCFaUaJJHTMCgv73ZIWt4M
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testRSA2048CertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDEzCCAfugAwIBAgIBBDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRSb290
|
||||
MB4XDTE2MDcxMjE3MzIwOVoXDTE3MDEyODE3MzIwOVowEzERMA8GA1UEAxMIUlNB
|
||||
IDIwNDgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkrgMsWRYjVakp
|
||||
9ycq+iHT+ab4IGOypOB+n8akx1ZgDQYK4s/28TwVqhGOOPKs1HRl82x+lD/MgLnR
|
||||
FY8rUkIPYIkOhU0yprFM4tSIvDs6fDLZyyUKZCU1J/RiNQlpfwSCw338/MFG17h8
|
||||
3I4pElDnyQLJhpG1jb85Pi/4Zin5TFaIc0J/cBPItGNWNIXaL0iI2FKJ6nORXOYc
|
||||
XTjoNfC1MlQVYC0OxbuHlT4x5MeldAGPMi7YXiPpminBXlI6ZgZj5GEtDXUnLrMm
|
||||
gxCpSplbKOYV+qPOJqkT6m4chxROSKrshrnoQH6zkQ4WXpJR52vdsN22Kjkk1fpI
|
||||
d4ime/s3AgMBAAGjdjB0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEF
|
||||
BQcDATAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFMghBhPWIX5rQ3No+FB3Kfrc
|
||||
DBEaMB4GA1UdEQQXMBWCE3Rlc3QuZ29sYW5nLmV4YW1wbGUwDQYJKoZIhvcNAQEL
|
||||
BQADggEBAAgeUB8EIZVzF12CfbK/YRuA7Vz0iBZa1WTxRS9gHFUwBa6uHjw6kXrE
|
||||
KmO9THDCtf4+BronnUWw432ax7t3AgQlPUBDTgBE62X+xr+u/V0fgeYuEdlH1w+f
|
||||
ex439hy87v0Mc/pSr1hCjy9+PkV9bIRIu+AeDxMD0AJ5C0hd9y2axb4gDG7SW28P
|
||||
A2o6qcj8AWKsJeaBFDjHkAX8qW65LEXwapjiee+0kREGIntF0lmZq+DHQICgv6+U
|
||||
VrzpH364lmIfWTiu2b5ouCv+MZeStt78Y3MkIw5jpfe/P3J4vTop4cmDwqQDH011
|
||||
n6JziaM/dzjYvLMtbmf0nh4oOauForY=
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testRSA2048KeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDkrgMsWRYjVakp
|
||||
9ycq+iHT+ab4IGOypOB+n8akx1ZgDQYK4s/28TwVqhGOOPKs1HRl82x+lD/MgLnR
|
||||
FY8rUkIPYIkOhU0yprFM4tSIvDs6fDLZyyUKZCU1J/RiNQlpfwSCw338/MFG17h8
|
||||
3I4pElDnyQLJhpG1jb85Pi/4Zin5TFaIc0J/cBPItGNWNIXaL0iI2FKJ6nORXOYc
|
||||
XTjoNfC1MlQVYC0OxbuHlT4x5MeldAGPMi7YXiPpminBXlI6ZgZj5GEtDXUnLrMm
|
||||
gxCpSplbKOYV+qPOJqkT6m4chxROSKrshrnoQH6zkQ4WXpJR52vdsN22Kjkk1fpI
|
||||
d4ime/s3AgMBAAECggEACI4XVvdkdb2BGYLQbPktRen6oARpvYefwtzzWi1xJnZP
|
||||
KDpvH4TLvKZqI/ESWjOM+eRSjTOBuxERVFMftZmibbTXgR5z/RzjWEYfsV6+tA6I
|
||||
+yRwbTJtCCS5ZrB80BlUKMLdS4j2f25szZKVaLN/08wKAKedtFKjOW06YU6aCEfv
|
||||
J7KSGC6sx3CudU0lavNJw3KB8QMz6RiD82Wu9AMUbwBURqAgL/+kDTPZxtpdLS1f
|
||||
+ISdsI/Z7DrQvgZeBdN0yJrULs5XNXDXopDxNSzoVIKykHX7CAvolpgG0NRowdDu
|
||||
I9tfbdPhdxvKb0L5Z0FdJ2oHl1N9bVLWjMOVpL7Q8QKBgQD7hRVga1dGj32fTSpH
|
||||
Src36H54Mex6F8bPopJ+absWFARXCvpKhUDYFccr9NBVb55H0BE5ZsP4Jby4r2h8
|
||||
76uNJm3JqxSXUzZOu4wkZX4scj3jCmBAfhGHJBFGj3/oRMsvsIvvzJcSmUs8eDhQ
|
||||
ftXj8abXEFGprhhJ3FSHJmkNQwKBgQDowMd6oUbx8Ser0CQQYEr/48YutsX7WK+q
|
||||
FHSnnYWwk7wo6Szzz36SbIxN3eLPxEp05BOSc8jryR/o8UpbbqGy2Nk9JX/cV7ZW
|
||||
L7x/dACpLsSjQgbwULoWPIo7lB3EwnmQi54BUnhUJYLYJNvePGZvUKncLwySoJhM
|
||||
hzNkICCg/QKBgC8VHodKELBYs/9aBowJ5HpGv0Xosoe4Y7MCj8GyMR9U5+sTVv8U
|
||||
KqtIiFwmG8mid1KiFFdWcWDGT6mSzFB23PozM2II8HXTUdszKGy3wwK27/bMPnBU
|
||||
KRvPGJzIx/zGw/JNbiSZe74zi+3p40DOPWPKHJ0tpNvKhylsYTZbblbZAoGAODzU
|
||||
Ngof1TeaiUYKYLaTiI6lhQX+gkOkdijpItLJyad4kD3+8Y4SHBkEMZBKTD82alXt
|
||||
cLZvNqFrB2K9v6fUhB0nKEIWScwbr2lrVzRVMIuvUW8TtB8dR2ArWkfohXEj5EwH
|
||||
ynP9xP8nRUhqo6Dec0j/Mcdgd1E8W0lTnn6ww5UCgYEAixPtaa24gRNXDEhJHt/h
|
||||
NHnla924ttUh6l5cSDFfEk+hEQjwIavg8wvf7lsVNpLMQk2piAM3HYCwx51CY48P
|
||||
tYxA+eH0IdI68FYdGBaa4WVEipRz350OH/mxkgH/DayAIz51J/IYjqX1KM8asw74
|
||||
51ALpcbHoVs8oQtRKt4fBmk=
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testECDSAP384CertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICaDCCAVCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRSb290
|
||||
MB4XDTE2MDcxMjE3MzIwOVoXDTE3MDEyODE3MzIwOVowFjEUMBIGA1UEAxMLRUNE
|
||||
U0EgUC0zODQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQHr6c+jKVgUjIxV4DSYp0P
|
||||
GO1UzOKqdG9pU5rsTfL3qdwqhiHqthA3r2pzDYD3U1KQ5OBbPUn6oqTOtnGwm/qB
|
||||
LNjKmG8BHso1DN0tDwkuvEsjrjwI1fccT/n2LBapeIKjdjB0MA4GA1UdDwEB/wQE
|
||||
AwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY
|
||||
MBaAFMghBhPWIX5rQ3No+FB3KfrcDBEaMB4GA1UdEQQXMBWCE3Rlc3QuZ29sYW5n
|
||||
LmV4YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAF2ToAYsdiR+hQ+G/9iNr8QSHZJA
|
||||
K5Nf1aEzLeDhsfokJs+3yExnc/P2DSSo5qWIgyOZ2aCY2jpc4GtxwBW+FTDzqApk
|
||||
gDNBksqw7Zc/HhpP9ou1qilgLzBGgVpFDq3yeiCHIZBgzL1TteqqjsYMybH25X6q
|
||||
cy6hWBljfejfhRPd7NIDOWPjxdO2v+fU+PQoQzJPhfp7TwMxMEMNaDx2EbOY59hw
|
||||
LlpIVGzrDJTrq+jQyPGuV4nEKk4/JvC41/ccc2OInGu+fGnRxUeYeyIGQqHYby60
|
||||
MrD8DF5Erq1RJNodGpMIyPgWdQbeHSZ9fCg6+mYtiW/o/Et6sIEnSyqxpqc=
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testECDSAP384KeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCL/DaTbyfSdvi56FP8
|
||||
KZsRsxukTkN8tJ1LGJIhgXoWdo130jZEV/MCTGHusfBtM7ahZANiAAQHr6c+jKVg
|
||||
UjIxV4DSYp0PGO1UzOKqdG9pU5rsTfL3qdwqhiHqthA3r2pzDYD3U1KQ5OBbPUn6
|
||||
oqTOtnGwm/qBLNjKmG8BHso1DN0tDwkuvEsjrjwI1fccT/n2LBapeII=
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testECDSAP521CertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICjjCCAXagAwIBAgIBBjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRSb290
|
||||
MB4XDTE2MDcxMjE3MzIwOVoXDTE3MDEyODE3MzIwOVowFjEUMBIGA1UEAxMLRUNE
|
||||
U0EgUC01MjEwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAEMLkvszWdMsq+lflV8
|
||||
3KdY6DhglnXL5gJO9jb1XOC0c+tFMSooS44NXQRIToAadfzJUTewGUL+VkQXlPl6
|
||||
keDmLADx4yOsffDeSribamkEK8K++qMeFHMvgwZEaN/OfgYMLKLyahSjwJoiHY5m
|
||||
C9cnNvP+u5fAkk8KUWX7PC7DsG6feqN2MHQwDgYDVR0PAQH/BAQDAgeAMBMGA1Ud
|
||||
JQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUyCEGE9Yh
|
||||
fmtDc2j4UHcp+twMERowHgYDVR0RBBcwFYITdGVzdC5nb2xhbmcuZXhhbXBsZTAN
|
||||
BgkqhkiG9w0BAQsFAAOCAQEAAzAXcKOwI3m9culoq0YKRqJP4vsYsK1J0dVZxN95
|
||||
grGk+3BI/rArCjTZLd+LHHTuDtmcUfdgE5oHu6DGJ+t3lxCClKiR0NY4E6NU7wsL
|
||||
4mCbig5UIEFxQeCbjxwztCZadNIoQSB3BaAe5Fz1NlwDXMS0rX89psViIOaDZ0K5
|
||||
d3h2Vce5ZKSKqzdGtNb/hgO54ygE8hg4tjhL8hIvR2NMZyjEvVZYbxzZknQNBgTY
|
||||
/tyx/80Z8pKtau4jAn1GlQ/KJZm8Sg60YvL+WPouAil9brK3mF6PhG519rk/HnXe
|
||||
YWgQEvYUPuolNurFdxgX39m7HmWJVvnbEICsH1IWVkJhww==
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testECDSAP521KeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIA8/P1h6fuUKfoQoLL
|
||||
EuDvoSmVZBssO1WUYanDHgjVb6fmLNFY9/0rump23QDTU6kyRhpstFKrZxGPDMF1
|
||||
wOF3QuqhgYkDgYYABAEMLkvszWdMsq+lflV83KdY6DhglnXL5gJO9jb1XOC0c+tF
|
||||
MSooS44NXQRIToAadfzJUTewGUL+VkQXlPl6keDmLADx4yOsffDeSribamkEK8K+
|
||||
+qMeFHMvgwZEaN/OfgYMLKLyahSjwJoiHY5mC9cnNvP+u5fAkk8KUWX7PC7DsG6f
|
||||
eg==
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testEd25519CertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICGDCCAQCgAwIBAgIBBzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRSb290
|
||||
MB4XDTE2MDcxMjE3MzIwOVoXDTE3MDEyODE3MzIwOVowEjEQMA4GA1UEAxMHRWQy
|
||||
NTUxOTAqMAUGAytlcAMhAFYe5dPUD+RLtPOKFJ0N/HzD2WuxG/wKWC76DF5Ahyjl
|
||||
o3YwdDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0T
|
||||
AQH/BAIwADAfBgNVHSMEGDAWgBTIIQYT1iF+a0NzaPhQdyn63AwRGjAeBgNVHREE
|
||||
FzAVghN0ZXN0LmdvbGFuZy5leGFtcGxlMA0GCSqGSIb3DQEBCwUAA4IBAQA9V3RC
|
||||
sJpWNDPG+em2o1SYsFvnNnP4PJ1I13OhXkJPbH5Q/Ro7QfDWoK8v5xDri5T4Na8m
|
||||
1OX1aaUQU5s20+/Z5z0LFjTzLSStbmzZ1JviVwgRwroA5OUf6dPKyn/nIeNQqffA
|
||||
079PbJQErPocp/X4Cuw1t2B5Kzq1fpzCB99PJW/QCl11UcHYNqQ4/Rmnlzec1lT9
|
||||
rtN5xo/UFoH5XdiVaEnCABzIH4PqPJRJgHuEDWe26enLsGYCev+nsPLWwgcgrSPF
|
||||
gnNJK1aFF8kHFxVnrKdETQzm3/+1n0fEJOH/OuSMbAurW+m0eq+12M4CsjAGhjxZ
|
||||
S1jLk5ArvL0Zox11
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testEd25519KeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEIDehsY6HTvsJId7lcQkPbTJPZtfuzzOY0ufnZsXiVwX0
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testRSAPSSCertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDejCCAi6gAwIBAgIBCDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAwUA
|
||||
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAwUAogMCAUAwDzENMAsGA1UEAxME
|
||||
Um9vdDAeFw0xNjA3MTIxNzMyMDlaFw0xNzAxMjgxNzMyMDlaMBIxEDAOBgNVBAMT
|
||||
B1JTQS1QU1MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGG/4RlVQv
|
||||
LnHGynuHsM/ff9PTd6mxt31ZyvB+1TEdTnz3YIbn9gDPkt2nNK4qHLI6oPmzwytK
|
||||
jpitEP+nJ4EgdFUOlE6WQX779CQVETBaijkRFRD9EwziD5cZXtswL002v39JAc6o
|
||||
BuJ0RGN6IJwu6FPk198o5mR1JaK6BFvYE/W8tu5eTAIw7oLwkE7/0L8dyAtMnZ16
|
||||
icESeuFLvnGV/NYqNTH1XbO47ORRnp6E7EdZMdhQIOrnS69uDXBhNXPxeSfF6b00
|
||||
X98OCHA/4iZjOGyYwVpFvW5a46ChTo2hJKRtbsgACx9s1p++D6J7WTgVCI78N+vX
|
||||
7incQlsd1ZtBAgMBAAGjdjB0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggr
|
||||
BgEFBQcDATAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFMghBhPWIX5rQ3No+FB3
|
||||
KfrcDBEaMB4GA1UdEQQXMBWCE3Rlc3QuZ29sYW5nLmV4YW1wbGUwQQYJKoZIhvcN
|
||||
AQEKMDSgDzANBglghkgBZQMEAgMFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQME
|
||||
AgMFAKIDAgFAA4IBAQCb46iLsWMUqJSeLlT7yUuuYFIWlXEamM+ZkOTUXvC5rzOq
|
||||
Mem1YbHaApGqynw0X+jrG2EC0GDKjgUTiVNtk4HnsCBKnEQ0Ew6XDC3+fCy71oky
|
||||
assPVr60mpq+iT5wnss4a8woAeCtIwIH5pfUBUU+kqX8HvQFbaTwMNJe7oyo9jRC
|
||||
esXo4f7TL51ETA+ZueqFLU5DslYMjENxQyilh1lLFrcBYOrL4Ja03PQ0q3zJDhMv
|
||||
wHTuyKJ1HJ67+8aTmTb0G/zmq3coc9HUTptgy2iTIVSdwAYNN9S77Vb3C2tAY9GZ
|
||||
EdbK1bsoMtPvAsdUsLqb15ILgmhL0SrNV6lCHtmL
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testRSAPSSKeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGG/4RlVQvLnHG
|
||||
ynuHsM/ff9PTd6mxt31ZyvB+1TEdTnz3YIbn9gDPkt2nNK4qHLI6oPmzwytKjpit
|
||||
EP+nJ4EgdFUOlE6WQX779CQVETBaijkRFRD9EwziD5cZXtswL002v39JAc6oBuJ0
|
||||
RGN6IJwu6FPk198o5mR1JaK6BFvYE/W8tu5eTAIw7oLwkE7/0L8dyAtMnZ16icES
|
||||
euFLvnGV/NYqNTH1XbO47ORRnp6E7EdZMdhQIOrnS69uDXBhNXPxeSfF6b00X98O
|
||||
CHA/4iZjOGyYwVpFvW5a46ChTo2hJKRtbsgACx9s1p++D6J7WTgVCI78N+vX7inc
|
||||
Qlsd1ZtBAgMBAAECggEAEVagVxoeZs22C/urMY4+NzWZDKwvqBvixuHNyA/xDztQ
|
||||
ERd73x/G5OPZ7dkcuBdQWvS9PegiKRGPV7BB67d3o+dCjXbZ5OkhC7yLjuN0+6uW
|
||||
wIG7Pab17PAH3aLRZKdzJsw+P92+YDLQDXRxz128xZc0RnZFM+9sEdukIQsiHahE
|
||||
H97Qx1rLcksvCXSGzJYZ6O+loasCgWNNrdyqgOvmR4ATImYHX7lDvCVUEHOotKSs
|
||||
Y9fUoQUs4Ooc9pRlQ+3kDYyXjxaEhY6/0jzgdr/8cCUD90JWjQ21m2Ke0zBjOTgN
|
||||
JIeXvIipfck49T9ZAfsqia8EZoZTdMHATNrk7AST1QKBgQDlG6wm/A8HfmHienW7
|
||||
uWAKcDQmpY7WpaL7F8JVVlzfEBn5s1vDpPohRhqccilfoyDKaBy8Vax3TZKRvfin
|
||||
FbYDVKAilTq+0pLU0ru0iRZ1t2NnfAo8ZJcbT5uHsEf580hlAqpsrZpMTZPhU5U8
|
||||
HRG77/uUPwaUVDmiYf38tWzA3QKBgQDdXNuSz3Yg9GBQfwy9M8Qc1k1cIWZcJIAp
|
||||
HJH9iGStLyN4vuDwdjsjEo7JiifVv4imTdRtVq9qWK7YRqHl/XwSKYLi3B/JMCWB
|
||||
togvil3MALECBTEPjq4IdY1hOI/WHuyUA5mZJLJ0l9YtBwMvx4aVRK5xwq7+cml9
|
||||
D/dpBerLtQKBgQCcE3v1muUKL9izFsW5uxFoSwPcCBEEvRYIhCkJRapC848egkdT
|
||||
QsJ7hGyAg20YD+M4wDBDRQIWzCu7SXVpLesu3amxpYO9l2obvevNk05Ppzz6tI+s
|
||||
kMI4AsVrbHW8GzYISgabvrBMptTFPdF+gDciltwGI+FxjucsbiE+1MFfqQKBgH6u
|
||||
AlZc9YxcbbYDT0YDluqt1W2xC4QVu2ZLnFyMLplRjaovCklyT9t9Zkt+DdfsGYaa
|
||||
qcO8xPxGLiFFIqeczeES8n1jXalkLUKzM/KI666wgpvWXsI5c+0RYMxPczklT1xR
|
||||
Rxh2AM5qij4QcklolONdf7tIn56r2SSh+4OVyE21AoGAfyh7R4Aav6HoqVhYebBp
|
||||
P1woELziAUZcBj6s8MOJrpwftnDzSB0g849JZjd5QBQREY3TGKV0mO41zWB7oo7P
|
||||
dlCJYKMUj4c99/wCiAj0dRetM8MxqqvMMXYLxdXB1fJgEefkPw3phMQTje7L4DRB
|
||||
VKQIwE/j/jUCaREu2Zh7FW4=
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testRSA1024CertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICjzCCAXegAwIBAgIBCTANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRSb290
|
||||
MB4XDTE2MDcxMjE3MzIwOVoXDTE3MDEyODE3MzIwOVowEzERMA8GA1UEAxMIUlNB
|
||||
IDEwMjQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANs/JRcBqvbSn/lx+Rt7
|
||||
V/E5lOSgIwPRZTO6M2y/7j0BbRkiRgl/3N/pmW5zxQ+NYg5QB0aeYrQ1xDnPTe5Y
|
||||
PI24cBq58N1pSneZr+KM4fp9/l13ZrweNkOzd5Mmurzd1m32ShyxtmHrwe7NQV6F
|
||||
/RMWLHhHMypfK+untwfHjuRPAgMBAAGjdjB0MA4GA1UdDwEB/wQEAwIHgDATBgNV
|
||||
HSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFMghBhPW
|
||||
IX5rQ3No+FB3KfrcDBEaMB4GA1UdEQQXMBWCE3Rlc3QuZ29sYW5nLmV4YW1wbGUw
|
||||
DQYJKoZIhvcNAQELBQADggEBAAnjkK72QX1944AppqMLw//F18wTvv9a0oh4keac
|
||||
g3p7SP7C4aljOX7Udv1deovoJv+y2az4VRz2y/tVgVedhL3p173QffSln/YoEeFT
|
||||
z3/CgXo158AMHdBcM7kiItfVV7WMqxS52CeuX3Mr7CxzGbndGcWw+Ux2+CWlxaqv
|
||||
7gPWMNGiZJiHnbfYgtJ/Ux2LqRFZ+gONHADs6tKo7xLa5Vd2gzaZrp75UA8nkOgX
|
||||
I7Z4kOrtYGoUgFYzc7LBK8UN5NZbs4F2lrfesm5boP6745Dslbt4QibJgkdwgmDv
|
||||
5xwNg2i3w5E5C3oP0P/TI5JVa9aaEDV9GNoBdHoiumYTTt8=
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testRSA1024KeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANs/JRcBqvbSn/lx
|
||||
+Rt7V/E5lOSgIwPRZTO6M2y/7j0BbRkiRgl/3N/pmW5zxQ+NYg5QB0aeYrQ1xDnP
|
||||
Te5YPI24cBq58N1pSneZr+KM4fp9/l13ZrweNkOzd5Mmurzd1m32ShyxtmHrwe7N
|
||||
QV6F/RMWLHhHMypfK+untwfHjuRPAgMBAAECgYAEL88CAvakUv5aEZqbsz3JLfvR
|
||||
Z9tzUbbYh4g+3eVrRdEzBywGN2pc3kWfTdeoBd+m/VE+QH0LCvHN1s8aq5WwaBX/
|
||||
Dxt8THCWL614OFKW32rMqfrbKSc2eVjL8TDe8xLOjBBthW/hJ0t8M6qlkAWuOOxf
|
||||
Kvkvo4XaXSmtVxHX7QJBAPFHkIjBCmmsTMRG8Gq/XNqSYvWlPdygh4h43W4ARCxN
|
||||
gp0fZAyHoCcSKisJRW7lbocybuhuwU+SCHoUkqGAr1MCQQDon3VonKqdQCYTJ04F
|
||||
VP+eX/7Y/oYhMFosk3bS2OvefAH6XGkZ5rw1rLNRWUqOzy4z1BK1hznEH0e2rYDB
|
||||
/aOVAkAdl69sdnC2gUFxGVpHXW0gCbBFfJzXwICfBmPyJ+o0nNUWPFFjEAdeg2XU
|
||||
nXB8p3sk7dSYgW0IO1r6zicl08itAkEAj2nfpIMR3Kiz0JMm0rq4bReZsoYYg1Wg
|
||||
AmNXml4J7LxfK87VLRbHaf/y/XAjOzAXt/RDJI8d2f++4qzM+Mw6kQJAMRSaXW3+
|
||||
YvNVgLLvZlerVvFcN6nBweiQxxO/IiNHRMr6YHHzDqFWTkXhGLXllAAOYt0y6G+R
|
||||
NkIDYZn2WDHWLw==
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testRSA512CertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICSjCCATKgAwIBAgIBCjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRSb290
|
||||
MB4XDTE2MDcxMjE3MzIwOVoXDTE3MDEyODE3MzIwOVowEjEQMA4GA1UEAxMHUlNB
|
||||
IDUxMjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDIRxnTSVsGi0+ghNABVB1yCR1p
|
||||
7VD+udOWRkJKKRqVYe6UT7B3VKZiD+S8qzVmFis2xfuZ4IONrXOzYYL1HAJ/AgMB
|
||||
AAGjdjB0MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNV
|
||||
HRMBAf8EAjAAMB8GA1UdIwQYMBaAFMghBhPWIX5rQ3No+FB3KfrcDBEaMB4GA1Ud
|
||||
EQQXMBWCE3Rlc3QuZ29sYW5nLmV4YW1wbGUwDQYJKoZIhvcNAQELBQADggEBADzR
|
||||
lznTzLetqyKR+mXUrnQbkELjbudjzCkHNPKv0vxzHkqtlJYF6v9aySAuBm4p2dU3
|
||||
5J+Pnmcom37uuRdYQG1jjJiN5a4O8nKYRQ+H+GSJTe7aRT04jd6Q9NZSGcbKuaEI
|
||||
rT9BdnyqVv77/A4a+4tDZR8POCeB27UpzC03iJQYn8zUx2mGMIJAALvA+DnC5mMW
|
||||
ed/JPwqa1CBdXvwtP/lusFpMhiYWM5cWb24RVbE2bK6586YOkSDOqZRQ99vcv6o0
|
||||
l1k3qNdhroS+qSbEQ4WFHtDnjDZOIg3IGUbVm3ACQyXFwpJMNr7F6Sdkb44tTs6S
|
||||
QlDy9XnSkXatsgSwAyo=
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testRSA512KeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAyEcZ00lbBotPoITQ
|
||||
AVQdcgkdae1Q/rnTlkZCSikalWHulE+wd1SmYg/kvKs1ZhYrNsX7meCDja1zs2GC
|
||||
9RwCfwIDAQABAkA2IB0HIHKEtL6ay3npegGRMYxs9bFnffIEUU2V/EDOcNNg3Niu
|
||||
kyr5/f9WSxfzUAEurHeMulTJoIilu1+x70hlAiEA/UB5UBcxKwF/HE4YkdmgZe+F
|
||||
lDc9e2BR8FDFisB6/PsCIQDKc3drx+Ivjpn/8BhXTG4S8ZalnvRiqpTPyrSxqK/R
|
||||
TQIhAIoR5pHFsyaxMC2sXjTWI16v0XHXFAv5nXKZdrmI6wSVAiB/B8itJnS0ZoQW
|
||||
5e5ACMMgu9pM/dpWdrZ9U7Hhr/jyGQIhAOuVBcwqFKC+QUh5FiVjWGZw1nSbjJNA
|
||||
4dsEckX2ysJ2
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testSNICertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICVzCCAT+gAwIBAgIBCzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRSb290
|
||||
MB4XDTE2MDcxMjE3MzIwOVoXDTE3MDEyODE3MzIwOVowIDEeMBwGA1UEAxMVZGlm
|
||||
ZmVyZW50LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5dCd
|
||||
gbt7rpOpqnc4uy2iSZ19dW6bKrFoJ9Or+pD2O47ZHpZcp9ckaJnE9LSfZQBWQvl8
|
||||
gKQiHcPnbG9a4DFCqKN4MHYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
|
||||
AQUFBwMBMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUyCEGE9YhfmtDc2j4UHcp
|
||||
+twMERowIAYDVR0RBBkwF4IVZGlmZmVyZW50LmV4YW1wbGUuY29tMA0GCSqGSIb3
|
||||
DQEBCwUAA4IBAQC7xKlz92vEX0gIvf2uVJRO70oDd0Vm1qeqFTXH3slUundmtPxD
|
||||
9UwENbgQHD+w47g62ZQ35Fx7GOQHW+YgW5f9JLmcNvZ0brElYLggAZFslzic08AS
|
||||
Pg2KDKUAUsPhyxw38tSa8RQatql2RtjUynrtEYX2enJcFCdDWKd+zeMu3uBOgsTU
|
||||
2UehsFoUV4RGsqiahRflTuEV6fCQGOOea96xEdxYDYEXUPdTGnAk4hm07/3P1xN3
|
||||
ot6BNI2pA8bxoOs/gctlQNuVKIHmbV38GyFDMU2umqOCgQwKHxaQ415Eh+TPUeYU
|
||||
bE9+HU83VYt1mE/lmyb4w1WqSPd6+pJJi2Eo
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testSNIKeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg2TNUbp3GTmOdLExt
|
||||
XJ1nVXVhvfE+nYjlG7HYpdxDaOKhRANCAATl0J2Bu3uuk6mqdzi7LaJJnX11bpsq
|
||||
sWgn06v6kPY7jtkellyn1yRomcT0tJ9lAFZC+XyApCIdw+dsb1rgMUKo
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testClientRSA2048CertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDJTCCAg2gAwIBAgIBDDANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtDbGll
|
||||
bnQgUm9vdDAeFw0xNjA3MTIxNzMyMDlaFw0xNzAxMjgxNzMyMDlaMB4xHDAaBgNV
|
||||
BAMTE2NsaWVudEF1dGggUlNBIDIwNDgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
|
||||
ggEKAoIBAQDsBErzJLpTQ4ugNsigS1xz5kZ4usEzLVvlasvRhpRhVej79uqu68ri
|
||||
p8IET/ftCdQqscO0aLWr03Gs4A4OdNTDKz7yQVhrhaJJ4kwOxXZEtqgfjJiQP7sM
|
||||
1MAX068FZkUFgcaUsIr8tqntkRWadq2ysAFT0P9QS/2F4br6GywZkjCAyEzifzKx
|
||||
7wRwWTh5WqaWJ1EqaaZi9biox0jGS4KXcaTbkFoLgBGjFW+oMMxb28qXxJeO81BW
|
||||
wHz0J15YWUnp3aitQ/rjWV3+JQ9q6EASuBkMxXqhco4i0MwpQTRi21MbkDccgqld
|
||||
te837Ap98z/VHN1yjP0ak8SDhuqweAGxAgMBAAGjdjB0MA4GA1UdDwEB/wQEAwIH
|
||||
gDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaA
|
||||
FBFzbkcYXaYhGhtMYSY5yPte6XQkMB4GA1UdEQQXMBWCE3Rlc3QuZ29sYW5nLmV4
|
||||
YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAEMFtQ7FkFmLDXNe3xlmYUu5UcVCaIik
|
||||
QE1c5RK10WEm1ar4lXbzW3QPMis7dQbUpRv+AdBS3L4yIIZGpET+N6X4OXSZXFjA
|
||||
eZvjmq4nkZJeUPGDhlzm4wybw13dEJIoMPEBsCp+5bfgAOcHkHxLWeQNPHIRzW2x
|
||||
gMrzJBalAuF+YcWJf8g9KcwLB0+lvjc+gUwtXTAIViLcfxoGr804WkJ1gG0shAfG
|
||||
WosRlhFS3OwfljlPDmACQAVqL48AeDUPgkZQZKbA4tVjOlpfwdjrp3o+mi4NeYvJ
|
||||
u2+Z1JpxrEtMRU5K3ws02cfR6YDV5a/lUFij/qLJi90oyOOP0aAsf60=
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testClientRSA2048KeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDsBErzJLpTQ4ug
|
||||
NsigS1xz5kZ4usEzLVvlasvRhpRhVej79uqu68rip8IET/ftCdQqscO0aLWr03Gs
|
||||
4A4OdNTDKz7yQVhrhaJJ4kwOxXZEtqgfjJiQP7sM1MAX068FZkUFgcaUsIr8tqnt
|
||||
kRWadq2ysAFT0P9QS/2F4br6GywZkjCAyEzifzKx7wRwWTh5WqaWJ1EqaaZi9bio
|
||||
x0jGS4KXcaTbkFoLgBGjFW+oMMxb28qXxJeO81BWwHz0J15YWUnp3aitQ/rjWV3+
|
||||
JQ9q6EASuBkMxXqhco4i0MwpQTRi21MbkDccgqldte837Ap98z/VHN1yjP0ak8SD
|
||||
huqweAGxAgMBAAECggEAJc0ANhYlU42ncMcldersCVIR6mc651f19nYW492SqU5J
|
||||
rQVcjByO16N3wxoNwuTGmvnyttPoePc6Jy6RgcY7h3DHOaS2pS33kq7QcLM2oIXC
|
||||
wp7RlpTmgAUZKRfJ2esJ1fp1lD38XMJiz/5jP+SPKGXhKIv6QGGTXtyLBmDQvN1q
|
||||
5L+za0fda7jeDrtu3rLKgwHEOapWMeH8+V2dhd6xLlxWwrj64B3Jn8WX1hkgIZ+m
|
||||
9NwMR2cJC+UdDpDa5LeOoYbrXHkbRxOH5mrAUeGWBSUxxBQda75Sz9za6jMwJqnx
|
||||
UqIvGzvut83w5skoFP7iM6CyT2MuWvX0GydNUkIYEwKBgQD/UwoQ/1+FbSE7N8hQ
|
||||
WLTuv7JKM2IJdSFLQj+Yzo0/wwswqCMuq+db8uv4NfPPO6JPcraWHUpd18WGKXEp
|
||||
FTI2HulBWLpqw6bD3zE4a0Bol5kiQ969Kd82fN4UP06/thxg3mujGTVLbSRRexWK
|
||||
6rXb2rrkVfQxJXKuUjGSnMKM1wKBgQDspCyXJs8Hh9eoIn6AsLKQ582daSHupsep
|
||||
xF1mQIoUUYQF0Hx7vsualyVLHUrANUPxJqoOSTo1uemjAs8MoNtQ+6JTLN6KZm5A
|
||||
kMKtiLM++4lTs1UD7jwTrvruRplEvd1fODdT2ON+v9wk6JpI8J0/PFIx4y9n0x+S
|
||||
rAZfcObMtwKBgDrq25DOjSlJ5Hg4yBWaUq4hODAdKUtLZxJpyCknyLpk9KkWs3+q
|
||||
lWnHZaJSON+iQDMbIn0DZ0y+ZMsvtvgm9v48JdE5e1L1sP7T+xSs0yEPknuws65t
|
||||
AiAdslVzwmVEzcmgqa/qOj0cg1v2DiOPQ8Xm9GeKWh4ZKRyGxP+zAsXjAoGBAJWF
|
||||
EkubENrAQUoSKX4kp18Zp/ha0j7ZkHS7BwyxoM0/yDxoRA9oOXt/Hug8JNwXi8tW
|
||||
U8LdD/OceXwvLSXciVa8+A633hDysZ0IGonNQvx7sIR7Xi8ymzEQsapWX0do8/PT
|
||||
MFpBQ1T14yJK+hk2NxUahxDQbEacxmlFWm15h8s3AoGBAKajlsx7B9VCfaqzjU53
|
||||
CzMHz3hoszC/+HPBT82s/BGCyXRV0jQeA4T9bp7LPs+eY+cZ4N6OGQ70uK+3076x
|
||||
gAAWi9aEA6kbNdknWDb5KO6vuTN+f3zZ3YpeP8ifAektv7sIbpurM/69VdPVUwEH
|
||||
TJXn9YjuZYTmpBrk5KtDEYUh
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testClientECDSAP256CertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICXTCCAUWgAwIBAgIBDTANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtDbGll
|
||||
bnQgUm9vdDAeFw0xNjA3MTIxNzMyMDlaFw0xNzAxMjgxNzMyMDlaMCExHzAdBgNV
|
||||
BAMTFmNsaWVudEF1dGggRUNEU0EgUC0yNTYwWTATBgcqhkjOPQIBBggqhkjOPQMB
|
||||
BwNCAASDWYW9MxCCKZnZaUjaf/hL4QD2i874rm2R1U5I1O47WZeul/Y6J2422O0z
|
||||
3r/xuqlqhYOp8P5yoo6YR/XwXA1eo3YwdDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0l
|
||||
BAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQRc25HGF2m
|
||||
IRobTGEmOcj7Xul0JDAeBgNVHREEFzAVghN0ZXN0LmdvbGFuZy5leGFtcGxlMA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQBaI1xV46tLs+TLAQerTUzvBTZmPvs+kziXHHmuC6jx
|
||||
q7ZOs9h+DpJDFArKSrAfM9vjzO08vvX8b/doc00KdvN/bQkMA0BQlg6X8g3H8S5V
|
||||
uUGDdAiWGN3NGQbB5fYI5XYNAVoGTOtBjEIGSd0Ty4kX1C5dUkO27QkX0AFo/F4c
|
||||
LqqAl7QZUXhhGctZ11z+GSJ7cCgEqCOPlcVyG9mX0d7NcoDaNUDFVpORSY/plLJ9
|
||||
h1exVocKmOWmodVygR9F7rVKGkNJyu0nFc/Zt9qCZ7rLPF7rEXOdk9ahswRXsW6y
|
||||
kGuCyxJjcWMqvlsXRqoKX4VIEnr8IBfN3z1q8KHbdW9f
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testClientECDSAP256KeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgoCm3FG8lQ9/Sy062
|
||||
erOhhh6UhBhurb1pyTFfLcn9kV+hRANCAASDWYW9MxCCKZnZaUjaf/hL4QD2i874
|
||||
rm2R1U5I1O47WZeul/Y6J2422O0z3r/xuqlqhYOp8P5yoo6YR/XwXA1e
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testClientEd25519CertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICKjCCARKgAwIBAgIBDjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtDbGll
|
||||
bnQgUm9vdDAeFw0xNjA3MTIxNzMyMDlaFw0xNzAxMjgxNzMyMDlaMB0xGzAZBgNV
|
||||
BAMTEmNsaWVudEF1dGggRWQyNTUxOTAqMAUGAytlcAMhAJWTDErnPfxfZDEmCvWk
|
||||
Xl9fKxG/U4KP1v21Rx1XwNVHo3YwdDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAww
|
||||
CgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQRc25HGF2mIRob
|
||||
TGEmOcj7Xul0JDAeBgNVHREEFzAVghN0ZXN0LmdvbGFuZy5leGFtcGxlMA0GCSqG
|
||||
SIb3DQEBCwUAA4IBAQBnn5ZTqWKjSM5WRHyyBWL+kb5syhzZlOLunjqb7oPjhqIf
|
||||
akRypE3IaHLkMZctvDbkMlPEfkpBhIG9pvLnf3/Y7iuvMZJsHQomHfBn46TtX/Zv
|
||||
cRNjYQz1kBgIHmjEoxmgmMjyqcHcaGvxEf+ot8qJbhr3OqFOybwx3N0NITbGvNwc
|
||||
WX8V1exg//f0ezn+VrMKs0c0fSFgJz/7IooNEuB5qpnNp9jbklfUw8B4BhiuDfx7
|
||||
cNk1e9cYz1vRjYnPxYPc/TcfEpOA3xKoM53+L5qRVfvzuQe3pfy6uKOauF0AOE6p
|
||||
Vbiw6DoJb36H/yulheD1PWcEB7BakpgYbto1Tnet
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testClientEd25519KeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MC4CAQAwBQYDK2VwBCIEINmF+fxP1U+/SJ0ujrdEM4bffoMfzJSs+xw9VN1BmSBB
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
const testClientRSAPSSCertPEM = `
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDjDCCAkCgAwIBAgIBDzBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAwUA
|
||||
oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAwUAogMCAUAwFjEUMBIGA1UEAxML
|
||||
Q2xpZW50IFJvb3QwHhcNMTYwNzEyMTczMjA5WhcNMTcwMTI4MTczMjA5WjAdMRsw
|
||||
GQYDVQQDExJjbGllbnRBdXRoIFJTQS1QU1MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
||||
DwAwggEKAoIBAQCr9HTdPKgp8OzGrWHAdvJKtvomYL6MuXI7lcReWU76dIwoP4fg
|
||||
jxO0T1/4kjFmhFNlt8N8sU7QNiPconHOuaPRNHKAD8dxceQHXteh2RI/FBPWfax/
|
||||
Oepj8sBhDaJITgv+sqPJXS4oonDCVWPCe9JJntQOd4B/W97dJaYeQzEhHN7OKegW
|
||||
qbc6/PzUQtstcqfwztwW4ukfDo05m7vdJ3hkYRfs/+ryX0tHqJUtuptQ5i/ttazP
|
||||
5RGTdg2t4/JDcEcLAt+ue1h2VsLV1ybtmrqo2GKT5D1RaEk1P2s6klAEQ/VxAiDB
|
||||
SnPQuL/nPKKvlxOvCInC25iEKjFiVOSuHbn9AgMBAAGjdjB0MA4GA1UdDwEB/wQE
|
||||
AwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY
|
||||
MBaAFBFzbkcYXaYhGhtMYSY5yPte6XQkMB4GA1UdEQQXMBWCE3Rlc3QuZ29sYW5n
|
||||
LmV4YW1wbGUwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgMFAKEcMBoGCSqG
|
||||
SIb3DQEBCDANBglghkgBZQMEAgMFAKIDAgFAA4IBAQABrT3Yg/StetX89IRCAykP
|
||||
b7mIg3C/+5fVb2qA5WvF/S38zbFr0o27xdizOyeH8mP3DTSEaxJVTRvm/CJoWCM9
|
||||
UNljoLp/n8JPIJ3QDx8Hy4XBSIP3IgPoaqyLMezhFwnjyb+t5eRakTSUarlT2ssE
|
||||
GGPTTbM2FX7TBqyaOhMH+LNSsm7YQFoYWU1A5HQ7mLkYxlQXYhiRG0+flTPGuSbA
|
||||
UJs4c20upw+Bl+O/fACowK4/eHtHAgKshufLIIaI6p4YCdDMZeRsbXQmGC8asv+l
|
||||
EFd6ADn7vFps1e66aaExreM7qnfNdnttWOvHs9kzcASzn5RIlseguJVW65rHwWa/
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
const testClientRSAPSSKeyPEM = `
|
||||
-----BEGIN TESTING KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCr9HTdPKgp8OzG
|
||||
rWHAdvJKtvomYL6MuXI7lcReWU76dIwoP4fgjxO0T1/4kjFmhFNlt8N8sU7QNiPc
|
||||
onHOuaPRNHKAD8dxceQHXteh2RI/FBPWfax/Oepj8sBhDaJITgv+sqPJXS4oonDC
|
||||
VWPCe9JJntQOd4B/W97dJaYeQzEhHN7OKegWqbc6/PzUQtstcqfwztwW4ukfDo05
|
||||
m7vdJ3hkYRfs/+ryX0tHqJUtuptQ5i/ttazP5RGTdg2t4/JDcEcLAt+ue1h2VsLV
|
||||
1ybtmrqo2GKT5D1RaEk1P2s6klAEQ/VxAiDBSnPQuL/nPKKvlxOvCInC25iEKjFi
|
||||
VOSuHbn9AgMBAAECggEABFYzVVOrwEUKGUrZo1Q/15g/4yEymEavP02PaO6/lTiR
|
||||
XIyy1VXE1WatrbP0++T19bCGnsaZzYDNpjydk+BhzCUShzEx4nLqh8oOgULOsqZD
|
||||
utFE43+KYXA60sFlUjjPru7ovquAMZIPng/i86gSSjBWILHgXOkfZYkgl6flQ9rv
|
||||
NiK2t/bbC0ciayZ+fKJaei2kS7uMuB9tQwV065uvORwYf9mXJX59xAq4xuTVfFK2
|
||||
OlekWJgFzf/zIX2VDu93948iNgdyJpMTVOaJZctfXbXdy7tjh9/tFQyep9JYF/Wu
|
||||
TdkNt0f7KEwmSSAy/HwcIhzCznVglhGVOaNzyMbsSQKBgQDR1qVbkxmlIn+k1xTz
|
||||
TvtOW03Uk3N5qDUi4g9sMBJed5CXZxcAkl+WCuMw9+7OI5rkLVNCBOQf7c0gk85k
|
||||
Gu7jXzPoIZRxa6fEqdpuVfqgFxc+27zdBB75+QQghAEv9dHW9IM4AqgImnP6EHiK
|
||||
ctXmajfUDhOKlEVAZjwq8fstSQKBgQDRyFgM0MLNOKeUxI88n/jWw5ovv5282Ttx
|
||||
oStY75TEbhPl/P5z5CHduAuPCHus5+AhqzthZMr3k2AIdLZpBaUFICo6sM2RDgJv
|
||||
hwJ5rHBOEifvYGYgHaqNZtr5+zA0RqRCuYbOXM9oGCp17DBVX10wTRRIYtO9wxNe
|
||||
aC+VN2nrFQKBgFXG7pV+jk8oyRDzMwc61BP10t0A4YVrszztN+y7weaH7b1WUNrU
|
||||
+un0zWZpE1+Ewn5f4Nbt9OrwZJfak9XsBJdBhZBwmaO7pDsKS9Yqo2bpyYDShmO6
|
||||
mYcJuhwomeunCv5ZuYId496QdLRWI1BFHRcxeFzg3DAb6CspH5NWk5yxAoGBALEd
|
||||
B5HSUxV2xq2oghI6MZoIzM2RZriBY1mdK/7LT3vEQBKF1cK8kgciksew7tHddvKW
|
||||
Ie0pbt81UvfwqezjMh6wuFaS3Quhm1bT0rgtaSfQ1lyYs8Bbq5n0g95YP6tzFM2s
|
||||
226xFv8YoAitX2VEvWXBPeWbYo+s+lZTehDuFwO9AoGAD6n29mfkAtGeU7rdyoug
|
||||
C+lmDFi1Oquz9sS4GMhzg+NsSxYly+QzV65EyIVvJBUgV66hbpnU/hq7fbQE8/Vr
|
||||
jxrfmmrMaIXhnSWAXeBn6Gz+VAgRhfiZpP5/4YS8rPV1d8pOfuQGuP+zDmke1nLC
|
||||
sZpT/jzJuZsUkbuLREQbZGQ=
|
||||
-----END TESTING KEY-----`
|
||||
|
||||
func parseTestCert(certPEM, keyPEM string) Certificate {
|
||||
tlsCert, err := X509KeyPair([]byte(certPEM), []byte(testingKey(keyPEM)))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return tlsCert
|
||||
}
|
||||
|
||||
func newTestCertPool(certPEM string) *x509.CertPool {
|
||||
pool := x509.NewCertPool()
|
||||
if !pool.AppendCertsFromPEM([]byte(certPEM)) {
|
||||
panic("failed to parse certificate for pool")
|
||||
}
|
||||
return pool
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue