Dynamically generate grpc-creds at integration test startup (#7477)
The summary here is: - Move test/cert-ceremonies to test/certs - Move .hierarchy (generated by the above) to test/certs/webpki - Remove our mapping of .hierarchy to /hierarchy inside docker - Move test/grpc-creds to test/certs/ipki - Unify the generation of both test/certs/webpki and test/certs/ipki into a single script at test/certs/generate.sh - Make that script the entrypoint of a new docker compose service - Have t.sh and tn.sh invoke that service to ensure keys and certs are created before tests run No production changes are necessary, the config changes here are just for testing purposes. Part of https://github.com/letsencrypt/boulder/issues/7476
This commit is contained in:
Aaron Gable
GitHub
parent
6ee675f2f0
commit
6ae6aa8e90
|
|
@ -37,8 +37,6 @@ tags
|
|||
.idea
|
||||
|
||||
.vscode/*
|
||||
.hierarchy/
|
||||
.softhsm-tokens/
|
||||
|
||||
# ProxySQL log files
|
||||
test/proxysql/*.log*
|
||||
|
|
|
|||
|
|
@ -922,7 +922,6 @@ func TestRejectValidityTooLong(t *testing.T) {
|
|||
testCtx.fc)
|
||||
test.AssertNotError(t, err, "Failed to create CA")
|
||||
|
||||
// This time is a few minutes before the notAfter in testdata/ca_cert.pem
|
||||
future, err := time.Parse(time.RFC3339, "2025-02-10T00:30:00Z")
|
||||
|
||||
test.AssertNotError(t, err, "Failed to parse time")
|
||||
|
|
|
|||
|
|
@ -1,33 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFxDCCA6ygAwIBAgIJALe2d/gZHJqAMA0GCSqGSIb3DQEBCwUAMDExCzAJBgNV
|
||||
BAYTAlVTMRAwDgYDVQQKDAdUZXN0IENBMRAwDgYDVQQDDAdUZXN0IENBMB4XDTE1
|
||||
MDIxMzAwMzI0NFoXDTI1MDIxMDAwMzI0NFowMTELMAkGA1UEBhMCVVMxEDAOBgNV
|
||||
BAoMB1Rlc3QgQ0ExEDAOBgNVBAMMB1Rlc3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUA
|
||||
A4ICDwAwggIKAoICAQCqYzR0R/8n0wKTYi3N68vR0onziVVS1/+9DsBcWLj3a8Vd
|
||||
zds+snPbJu2M7TyhWSFGsUYaAu58vYl44GfmlRlCunpOrIIuhDh//Kua720J4bwK
|
||||
0ODGLph70uO+VyEQeFQqEAdzy4v5puUfNbEdN66Ge5OGuwsVRwlBZvXRTbsuJend
|
||||
cJadRC5kzxiPbnAqj9V44RK1Cn615dK/JTFVho2iHFER1k+MGMrso+8mn6asLZOj
|
||||
RSx5wt+JEPbrE24X9fb+cF5J/e5AWL3OrcgdAf4953OJn5N/v+6F5FyaE+t0JKzn
|
||||
THtLL1HCKMQmocpU2rTfYA1MWfLdY/KQZAdychoD6sQ6uuxCKRf6Zan/UH+4RcTW
|
||||
ciPk8QAXRztkJGyJQozzLXfLnZFFHKtrS80h55SyvAA5UhwpVGjlKwKbwFHmNDj4
|
||||
5XE3anmiZFNdrAgAwDf+Pbukmolh2ffz++vZhHJuvorFhGziG9+O9IoBdTkKvJwY
|
||||
qAkk+PP6Pe8GKgZsojvPr6vVewDEVGoBNth9/OAAVmIDXtoHEqWpk2rlCQsYcMjt
|
||||
w+bVUxNpjs5kFXGwOpe6XfOxiMQxWaadqq3VUB06XXyS4JADtYm6EjrFPtEUG6Yu
|
||||
9bGefjN/jyMls/8MwQR/HKNidueeKpuLfJYKvbudNf9XLVaZW9zf52WT0bqEdwID
|
||||
AQABo4HeMIHbMB0GA1UdDgQWBBSaJqZ383/ySesJvVCWHAHhZcKpqzBhBgNVHSME
|
||||
WjBYgBSaJqZ383/ySesJvVCWHAHhZcKpq6E1pDMwMTELMAkGA1UEBhMCVVMxEDAO
|
||||
BgNVBAoMB1Rlc3QgQ0ExEDAOBgNVBAMMB1Rlc3QgQ0GCCQC3tnf4GRyagDAPBgNV
|
||||
HRMECDAGAQH/AgEBMAsGA1UdDwQEAwIBBjA5BggrBgEFBQcBAQQtMCswKQYIKwYB
|
||||
BQUHMAGGHWh0dHA6Ly9vY3NwLmV4YW1wbGUuY29tOjgwODAvMA0GCSqGSIb3DQEB
|
||||
CwUAA4ICAQCWJo5AaOIW9n17sZIMRO4m3S2gF2Bs03X4i29/NyMCtOGlGk+VFmu/
|
||||
1rP3XYE4KJpSq+9/LV1xXFd2FTvuSz18MAvlCz2b5V7aBl88qup1htM/0VXXTy9e
|
||||
p9tapIDuclcVez1kkdxPSwXh9sejcfNoZrgkPr/skvWp4WPy+rMvskHGB1BcRIG3
|
||||
xgR0IYIS0/3N6k6mcDaDGjGHMPoKY3sgg8Q/FToTxiMux1p2eGjbTmjKzOirXOj4
|
||||
Alv82qEjIRCMdnvOkZI35cd7tiO8Z3m209fhpkmvye2IERZxSBPRC84vrFfh0aWK
|
||||
U/PisgsVD5/suRfWMqtdMHf0Mm+ycpgcTjijqMZF1gc05zfDqfzNH/MCcCdH9R2F
|
||||
13ig5W8zJU8M1tV04ftElPi0/a6pCDs9UWk+ADIsAScee7P5kW+4WWo3t7sIuj8i
|
||||
wAGiF+tljMOkzvGnxcuy+okR3EhhQdwOl+XKBgBXrK/hfvLobSQeHKk6+oUJzg4b
|
||||
wL7gg7ommDqj181eBc1tiTzXv15Jd4cy9s/hvZA0+EfZc6+21urlwEGmEmm0EsAG
|
||||
ldK1FVOTRlXJrjw0K57bI+7MxhdD06I4ikFCXRTAIxVSRlXegrDyAwUZv7CqH0mr
|
||||
8jcQV9i1MJFGXV7k3En0lQv2z5AD9aFtkc6UjHpAzB8xEWMO0ZAtBg==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIJKQIBAAKCAgEAqmM0dEf/J9MCk2ItzevL0dKJ84lVUtf/vQ7AXFi492vFXc3b
|
||||
PrJz2ybtjO08oVkhRrFGGgLufL2JeOBn5pUZQrp6TqyCLoQ4f/yrmu9tCeG8CtDg
|
||||
xi6Ye9LjvlchEHhUKhAHc8uL+ablHzWxHTeuhnuThrsLFUcJQWb10U27LiXp3XCW
|
||||
nUQuZM8Yj25wKo/VeOEStQp+teXSvyUxVYaNohxREdZPjBjK7KPvJp+mrC2To0Us
|
||||
ecLfiRD26xNuF/X2/nBeSf3uQFi9zq3IHQH+PedziZ+Tf7/uheRcmhPrdCSs50x7
|
||||
Sy9RwijEJqHKVNq032ANTFny3WPykGQHcnIaA+rEOrrsQikX+mWp/1B/uEXE1nIj
|
||||
5PEAF0c7ZCRsiUKM8y13y52RRRyra0vNIeeUsrwAOVIcKVRo5SsCm8BR5jQ4+OVx
|
||||
N2p5omRTXawIAMA3/j27pJqJYdn38/vr2YRybr6KxYRs4hvfjvSKAXU5CrycGKgJ
|
||||
JPjz+j3vBioGbKI7z6+r1XsAxFRqATbYffzgAFZiA17aBxKlqZNq5QkLGHDI7cPm
|
||||
1VMTaY7OZBVxsDqXul3zsYjEMVmmnaqt1VAdOl18kuCQA7WJuhI6xT7RFBumLvWx
|
||||
nn4zf48jJbP/DMEEfxyjYnbnniqbi3yWCr27nTX/Vy1WmVvc3+dlk9G6hHcCAwEA
|
||||
AQKCAgEAirFJ50Ubmu0V8aY/JplDRT4dcJFfVJnh36B8UC8gELY2545DYpub1s2v
|
||||
G8GYUrXcclCmgVHVktAtcKkpqfW/pCNqn1Ooe/jAjN29SdaOaTbH+/3emTMgh9o3
|
||||
6528mk14JOz7Q/Rxsft6EZeA3gmPFITOpyLleKJkFEqc2YxuSrgtz0RwNP9kzEYO
|
||||
9eGth9egqk57DcbHMYUrsM+zgqyN6WEnVF+gTKd5tnoSltvprclDnekWtN49WrLm
|
||||
ap9cREDAlogdGBmMr/AMQIoQlBwlOXqG/4VXaOtwWqhyADEqvVWFMJl+2spfwK2y
|
||||
TMfxjHSiOhlTeczV9gP/VC04Kp5aMXXoCg2Gwlcr4DBic1k6eI/lmUQv6kg/4Nbf
|
||||
yU+BCUtBW5nfKgf4DOcqX51n92ELnKbPKe41rcZxbTMvjsEQsGB51QLOMHa5tKe8
|
||||
F2R3fuP9y5k9lrMcz2vWL+9Qt4No5e++Ej+Jy1NKhrcfwQ6fGpMcZNesl0KHGjhN
|
||||
dfZZRMHNZNBbJKHrXxAHDxtvoSqWOk8XOwP12C2MbckHkSaXGTLIuGfwcW6rvdF2
|
||||
EXrSCINIT1eCmMrnXWzWCm6UWxxshLsqzU7xY5Ov8qId211gXnC2IonAezWwFDE9
|
||||
JYjwGJJzNTiEjX6WdeCzT64FMtJk4hpoa3GzroRG2LAmhhnWVaECggEBANblf0L5
|
||||
2IywbeqwGF3VsSOyT8EeiAhOD9NUj4cYfU8ueqfY0T9/0pN39kFF8StVk5kOXEmn
|
||||
dFk74gUC4+PBjrBAMoKvpQ2UpUvX9hgFQYoNmJZxSqF8KzdjS4ABcWIWi8thOAGc
|
||||
NLssTw3eBsWT7ahX097flpWFVqVaFx5OmB6DOIHVTA+ppf6RYCETgDJomaRbzn8p
|
||||
FMTpRZBYRLj/w2WxFy1J8gWGSq2sATFCMc3KNFwVQnDVS03g8W/1APqMVU0mIeau
|
||||
TltSACvdwigLgWUhYxN+1F5awBlGqMdP+TixisVrHZWZw7uFMb8L/MXW1YA4FN8h
|
||||
k2/Bp8wJTD+G/dkCggEBAMr6Tobi/VlYG+05cLmHoXGH98XaGBokYXdVrHiADGQI
|
||||
lhYtnqpXQc1vRqp+zFacjpBjcun+nd6HzIFzsoWykevxYKgONol+iTSyHaTtYDm0
|
||||
MYrgH8nBo26GSCdz3IGHJ/ux1LL8ZAbY2AbP81x63ke+g9yXQPBkZQp6vYW/SEIG
|
||||
IKhy+ZK6tZa0/z7zJNfM8PuN+bK4xJorUwbRqIv4owj0Bf92v+Q/wETYeEBpkDGU
|
||||
uJ3wDc3FVsK5+gaJECS8DNkOmZ+o5aIlMQHbwxXe8NUm4uZDT+znx0uf+Hw1wP1P
|
||||
zGL/TnjrZcmKRR47apkPXOGZWpPaNV0wkch/Xh1KEs8CggEBAJaRoJRt+LPC3pEE
|
||||
p13/3yjSxBzc5pVjFKWO5y3SE+LJ/zjhquNiDUo0UH+1oOArCsrADBuzT8tCMQAv
|
||||
4TrwoKiPopR8uxoD37l/bLex3xT6p8IpSRBSrvkVAo6C9E203Gg5CwPdzfijeBSQ
|
||||
T5BaMLe2KgZMBPdowKgEspQSn3UpngsiRzPmOx9d/svOHRG0xooppUrlnt7FT29u
|
||||
2WACHIeBCGs8F26VhHehQAiih8DX/83RO4dRe3zqsmAue2wRrabro+88jDxh/Sq/
|
||||
K03hmd0hAoljYStnTJepMZLNTyLRCxl+DvGGFmWqUou4u3hnKZq4MK+Sl/pC5u4I
|
||||
SbttOykCggEAEk0RSX4r46NbGT+Fl2TQPKFKyM8KP0kqdI0H+PFqrJZNmgBQ/wDR
|
||||
EQnIcFTwbZq+C+y7jreDWm4aFU3uObnJCGICGgT2C92Z12N74sP4WhuSH/hnRVSt
|
||||
PKjk1pHOvusFwt7c06qIBkoE6FBVm/AEHKnjz77ffw0+QvygG/AMPs+4oBeFwyIM
|
||||
f2MgZHedyctTqwq5CdE5AMGJQeMjdENdx8/gvpDhal4JIuv1o7Eg7CeBodPkGrqB
|
||||
QRttnKs9BmLiMavsVAXxdnYt/gHnjBBG3KEd8i79hNm9EWeCCwj5tp08S2zDkYl/
|
||||
6vUJmFk5GkXVVQ3zqcMR7q4TZuV9Ad0M5wKCAQAY89F3qpokGhDtlVrB78gY8Ol3
|
||||
w9eq7HwEYfu8ZTN0+TEQMTEbvLbCcNYQqfRSqAAtb8hejaBQYbxFwNx9VA6sV4Tj
|
||||
6EUMnp9ijzBf4KH0+r1wgkxobDjFH+XCewDLfTvhFDXjFcpRsaLfYRWz82JqSag6
|
||||
v+lJi6B2hbZUt750aQhomS6Bu0GE9/cE+e17xpZaMgXcWDDnse6W0JfpGHe8p6qD
|
||||
EcaaKadeO/gSnv8wM08nHL0d80JDOE/C5I0psKryMpmicJK0bI92ooGrkJsF+Sg1
|
||||
huu1W6p9RdxJHgphzmGAvTrOmrDAZeKtubsMS69VZVFjQFa1ZD/VMzWK1X2o
|
||||
-----END RSA PRIVATE KEY-----
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -3,53 +3,17 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/pem"
|
||||
"log"
|
||||
"os"
|
||||
)
|
||||
|
||||
// A 2048-bit RSA private key
|
||||
var rsaPrivateKey = `-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEA5cpXqfCaUDD+hf93j5jxbrhK4jrJAzfAEjeZj/Lx5Rv/7eEO
|
||||
uhS2DdCU2is82vR6yJ7EidUYVz/nUAjSTP7JIEsbyvfsfACABbqRyGltHlJnULVH
|
||||
y/EMjt9xKZf17T8tOLHVUEAJTxsvjKn4TMIQJTNrAqm/lNrUXmCIR41Go+3RBGC6
|
||||
YdAKEwcZMCzrjQGF06mC6/6xMmYMSMd6+VQRFIPpuPK/6BBp1Tgju2LleRC5uatj
|
||||
QcFOoilGkfh1RnZp3GJ7q58KaqHiPmjl31rkY5vS3LP7yfU5TRBcxCSG8l8LKuRt
|
||||
MArkbTEtj3PkDjbipL/SkLrZ28e5w9Egl4g1MwIDAQABAoIBABZqY5zPPK5f6SQ3
|
||||
JHmciMitL5jb9SncMV9VjyRMpa4cyh1xW9dpF81HMI4Ls7cELEoPuspbQDGaqTzU
|
||||
b3dVT1dYHFDzWF1MSzDD3162cg+IKE3mMSfCzt/NCiPtj+7hv86NAmr+pCnUVBIb
|
||||
rn4GXD7UwjaTSn4Bzr+aGREpxd9Nr0JdNQwxVHZ75A92vTihCfaXyMCjhW3JEpF9
|
||||
N89XehgidoGgtUxxeeb+WsO3nvVBpLv/HDxMTx/IDzvSA5nLlYMcqVzb7IJoeAQu
|
||||
og0WJKlniYzvIdoQ6/hGydAW5sKd0qWh0JPYs7uLKAWrdAWvrFAp7//fYKVamalU
|
||||
8pUu/WkCgYEA+tcTQ3qTnVh41O9YeM/7NULpIkuCAlR+PBRky294zho9nGQIPdaW
|
||||
VNvyqqjLaHaXJVokYHbU4hDk6RbrhoWVd4Po/5g9cUkT1f6nrdZGRkg4XOCzHWvV
|
||||
Yrqh3eYYX4bdiH5EhB78m0rrbjHfd7SF3cdYNzOUS2kJvCInYC6zPx8CgYEA6oRr
|
||||
UhZFuoqRsEb28ELM8sHvdIMA/C3aWCu+nUGQ4gHSEb4uvuOD/7tQNuCaBioiXVPM
|
||||
/4hjk9jHJcjYf5l33ANqIP7JiYAt4rzTWXF3iS6kQOhQhjksSlSnWqw0Uu1DtlpG
|
||||
rzeG1ZkBuwH7Bx0yj4sGSz5sAvyF44aRsE6AC20CgYEArafWO0ISDb1hMbFdo44B
|
||||
ELd45Pg3UluiZP+NZFWQ4cbC3pFWL1FvE+KNll5zK6fmLcLBKlM6QCOIBmKKvb+f
|
||||
YXVeCg0ghFweMmkxNqUAU8nN02bwOa8ctFQWmaOhPgkFN2iLEJjPMsdkRA6c8ad1
|
||||
gbtvNBAuWyKlzawrbGgISesCgYBkGEjGLINubx5noqJbQee/5U6S6CdPezKqV2Fw
|
||||
NT/ldul2cTn6d5krWYOPKKYU437vXokst8XooKm/Us41CAfEfCCcHKNgcLklAXsj
|
||||
ve5LOwEYQw+7ekORJjiX1tAuZN51wmpQ9t4x5LB8ZQgDrU6bPbdd/jKTw7xRtGoS
|
||||
Wi8EsQKBgG8iGy3+kVBIjKHxrN5jVs3vj/l/fQL0WRMLCMmVuDBfsKyy3f9n8R1B
|
||||
/KdwoyQFwsLOyr5vAjiDgpFurXQbVyH4GDFiJGS1gb6MNcinwSTpsbOLLV7zgibX
|
||||
A2NgiQ+UeWMia16dZVd6gGDlY3lQpeyLdsdDd+YppNfy9vedjbvT
|
||||
-----END RSA PRIVATE KEY-----`
|
||||
|
||||
// NISTP256 ECDSA private key
|
||||
var ecdsaPrivateKey = `-----BEGIN EC PRIVATE KEY-----
|
||||
MHcCAQEEIKwK8ik0Zgw26bWaGuNYa/QAtCDRwpOPS5FIhbwuFqWuoAoGCCqGSM49
|
||||
AwEHoUQDQgAEfkxXCNEy4/zfwQ4arciDYQql7/+ftYvf51JTLCJAFu8kWKvNBENT
|
||||
X8ays994FANu2VsJTF5Ud5JPYWHT87hjAA==
|
||||
-----END EC PRIVATE KEY-----`
|
||||
|
||||
func main() {
|
||||
block, _ := pem.Decode([]byte(rsaPrivateKey))
|
||||
rsaPriv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
|
||||
priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||
if err != nil {
|
||||
log.Fatalf("Failed to parse private key: %s", err)
|
||||
}
|
||||
|
|
@ -65,7 +29,7 @@ func main() {
|
|||
"Capitalizedletters.COM",
|
||||
},
|
||||
}
|
||||
csr, err := x509.CreateCertificateRequest(rand.Reader, req, rsaPriv)
|
||||
csr, err := x509.CreateCertificateRequest(rand.Reader, req, priv)
|
||||
if err != nil {
|
||||
log.Fatalf("unable to create CSR: %s", err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,77 +3,36 @@ package notmain
|
|||
import (
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/letsencrypt/boulder/core"
|
||||
"github.com/letsencrypt/boulder/test"
|
||||
)
|
||||
|
||||
func TestLoadChain_Valid(t *testing.T) {
|
||||
issuer, chainPEM, err := loadChain([]string{
|
||||
"../../test/test-ca-cross.pem",
|
||||
"../../test/test-root2.pem",
|
||||
func TestLoadChain(t *testing.T) {
|
||||
// Most of loadChain's logic is implemented in issuance.LoadChain, so this
|
||||
// test only covers the construction of the PEM bytes.
|
||||
_, chainPEM, err := loadChain([]string{
|
||||
"../../test/hierarchy/int-e1.cert.pem",
|
||||
"../../test/hierarchy/root-x2-cross.cert.pem",
|
||||
"../../test/hierarchy/root-x1.cert.pem",
|
||||
})
|
||||
test.AssertNotError(t, err, "Should load valid chain")
|
||||
|
||||
expectedIssuer, err := core.LoadCert("../../test/test-ca-cross.pem")
|
||||
test.AssertNotError(t, err, "Failed to load test issuer")
|
||||
|
||||
chainIssuerPEM, rest := pem.Decode(chainPEM)
|
||||
test.AssertNotNil(t, chainIssuerPEM, "Failed to decode chain PEM")
|
||||
parsedIssuer, err := x509.ParseCertificate(chainIssuerPEM.Bytes)
|
||||
// Parse the first certificate in the PEM blob.
|
||||
certPEM, rest := pem.Decode(chainPEM)
|
||||
test.AssertNotNil(t, certPEM, "Failed to decode chain PEM")
|
||||
_, err = x509.ParseCertificate(certPEM.Bytes)
|
||||
test.AssertNotError(t, err, "Failed to parse chain PEM")
|
||||
|
||||
// The three versions of the intermediate (the one loaded by us, the one
|
||||
// returned by loadChain, and the one parsed from the chain) should be equal.
|
||||
test.AssertByteEquals(t, issuer.Raw, expectedIssuer.Raw)
|
||||
test.AssertByteEquals(t, parsedIssuer.Raw, expectedIssuer.Raw)
|
||||
// Parse the second certificate in the PEM blob.
|
||||
certPEM, rest = pem.Decode(rest)
|
||||
test.AssertNotNil(t, certPEM, "Failed to decode chain PEM")
|
||||
_, err = x509.ParseCertificate(certPEM.Bytes)
|
||||
test.AssertNotError(t, err, "Failed to parse chain PEM")
|
||||
|
||||
// The chain should contain nothing else.
|
||||
rootIssuerPEM, _ := pem.Decode(rest)
|
||||
if rootIssuerPEM != nil {
|
||||
certPEM, rest = pem.Decode(rest)
|
||||
if certPEM != nil || len(rest) != 0 {
|
||||
t.Error("Expected chain PEM to contain one cert and nothing else")
|
||||
}
|
||||
}
|
||||
|
||||
func TestLoadChain_TooShort(t *testing.T) {
|
||||
_, _, err := loadChain([]string{"/path/to/one/cert.pem"})
|
||||
test.AssertError(t, err, "Should reject too-short chain")
|
||||
}
|
||||
|
||||
func TestLoadChain_Unloadable(t *testing.T) {
|
||||
_, _, err := loadChain([]string{
|
||||
"does-not-exist.pem",
|
||||
"../../test/test-root2.pem",
|
||||
})
|
||||
test.AssertError(t, err, "Should reject unloadable chain")
|
||||
|
||||
_, _, err = loadChain([]string{
|
||||
"../../test/test-ca-cross.pem",
|
||||
"does-not-exist.pem",
|
||||
})
|
||||
test.AssertError(t, err, "Should reject unloadable chain")
|
||||
|
||||
invalidPEMFile, _ := os.CreateTemp("", "invalid.pem")
|
||||
err = os.WriteFile(invalidPEMFile.Name(), []byte(""), 0640)
|
||||
test.AssertNotError(t, err, "Error writing invalid PEM tmp file")
|
||||
_, _, err = loadChain([]string{
|
||||
invalidPEMFile.Name(),
|
||||
"../../test/test-root2.pem",
|
||||
})
|
||||
test.AssertError(t, err, "Should reject unloadable chain")
|
||||
}
|
||||
|
||||
func TestLoadChain_InvalidSig(t *testing.T) {
|
||||
_, _, err := loadChain([]string{
|
||||
"../../test/test-root2.pem",
|
||||
"../../test/test-ca-cross.pem",
|
||||
})
|
||||
test.AssertError(t, err, "Should reject invalid signature")
|
||||
}
|
||||
|
||||
func TestLoadChain_NoRoot(t *testing.T) {
|
||||
// TODO(#5251): Implement this when we have a hierarchy which includes two
|
||||
// CA certs, neither of which is a root.
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,9 +15,10 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/miekg/pkcs11"
|
||||
|
||||
"github.com/letsencrypt/boulder/pkcs11helpers"
|
||||
"github.com/letsencrypt/boulder/test"
|
||||
"github.com/miekg/pkcs11"
|
||||
)
|
||||
|
||||
// samplePubkey returns a slice of bytes containing an encoded
|
||||
|
|
@ -575,9 +576,6 @@ func TestLoadCert(t *testing.T) {
|
|||
|
||||
_, err = loadCert("../../test/hierarchy/int-e1.key.pem")
|
||||
test.AssertError(t, err, "should have failed when trying to parse a private key")
|
||||
|
||||
_, err = loadCert("../../test/test-root.pubkey.pem")
|
||||
test.AssertError(t, err, "should have failed when trying to parse a public key")
|
||||
}
|
||||
|
||||
func TestGenerateSKID(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ import (
|
|||
)
|
||||
|
||||
func TestLoadPubKey(t *testing.T) {
|
||||
_, _, err := loadPubKey("../../test/test-root.pubkey.pem")
|
||||
_, _, err := loadPubKey("../../test/test-ca.pubkey.pem")
|
||||
test.AssertNotError(t, err, "should not have errored")
|
||||
|
||||
_, _, err = loadPubKey("../../test/hierarchy/int-e1.key.pem")
|
||||
|
|
|
|||
|
|
@ -1,9 +1,19 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
"crypto/rand"
|
||||
"crypto/x509"
|
||||
"crypto/x509/pkix"
|
||||
"encoding/pem"
|
||||
"math/big"
|
||||
"os"
|
||||
"path"
|
||||
"regexp"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/letsencrypt/boulder/metrics"
|
||||
"github.com/letsencrypt/boulder/test"
|
||||
|
|
@ -52,9 +62,43 @@ func TestPasswordConfig(t *testing.T) {
|
|||
func TestTLSConfigLoad(t *testing.T) {
|
||||
null := "/dev/null"
|
||||
nonExistent := "[nonexistent]"
|
||||
cert := "../test/grpc-creds/creds-test/cert.pem"
|
||||
key := "../test/grpc-creds/creds-test/key.pem"
|
||||
caCert := "../test/grpc-creds/minica.pem"
|
||||
tmp := t.TempDir()
|
||||
cert := path.Join(tmp, "TestTLSConfigLoad.cert.pem")
|
||||
key := path.Join(tmp, "TestTLSConfigLoad.key.pem")
|
||||
caCert := path.Join(tmp, "TestTLSConfigLoad.cacert.pem")
|
||||
|
||||
rootKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
|
||||
test.AssertNotError(t, err, "creating test root key")
|
||||
rootTemplate := &x509.Certificate{
|
||||
Subject: pkix.Name{CommonName: "test root"},
|
||||
SerialNumber: big.NewInt(12345),
|
||||
NotBefore: time.Now().Add(-24 * time.Hour),
|
||||
NotAfter: time.Now().Add(24 * time.Hour),
|
||||
IsCA: true,
|
||||
}
|
||||
rootCert, err := x509.CreateCertificate(rand.Reader, rootTemplate, rootTemplate, rootKey.Public(), rootKey)
|
||||
test.AssertNotError(t, err, "creating test root cert")
|
||||
err = os.WriteFile(caCert, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: rootCert}), os.ModeAppend)
|
||||
test.AssertNotError(t, err, "writing test root cert to disk")
|
||||
|
||||
intKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
|
||||
test.AssertNotError(t, err, "creating test intermediate key")
|
||||
intKeyBytes, err := x509.MarshalECPrivateKey(intKey)
|
||||
test.AssertNotError(t, err, "marshalling test intermediate key")
|
||||
err = os.WriteFile(key, pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: intKeyBytes}), os.ModeAppend)
|
||||
test.AssertNotError(t, err, "writing test intermediate key cert to disk")
|
||||
|
||||
intTemplate := &x509.Certificate{
|
||||
Subject: pkix.Name{CommonName: "test intermediate"},
|
||||
SerialNumber: big.NewInt(67890),
|
||||
NotBefore: time.Now().Add(-12 * time.Hour),
|
||||
NotAfter: time.Now().Add(12 * time.Hour),
|
||||
IsCA: true,
|
||||
}
|
||||
intCert, err := x509.CreateCertificate(rand.Reader, intTemplate, rootTemplate, intKey.Public(), rootKey)
|
||||
test.AssertNotError(t, err, "creating test intermediate cert")
|
||||
err = os.WriteFile(cert, pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: intCert}), os.ModeAppend)
|
||||
test.AssertNotError(t, err, "writing test intermediate cert to disk")
|
||||
|
||||
testCases := []struct {
|
||||
TLSConfig
|
||||
|
|
@ -69,26 +113,20 @@ func TestTLSConfigLoad(t *testing.T) {
|
|||
{TLSConfig{null, key, caCert}, "loading key pair.*failed to find any PEM data"},
|
||||
{TLSConfig{cert, null, caCert}, "loading key pair.*failed to find any PEM data"},
|
||||
{TLSConfig{cert, key, null}, "parsing CA certs"},
|
||||
{TLSConfig{cert, key, caCert}, ""},
|
||||
}
|
||||
for _, tc := range testCases {
|
||||
var title [3]string
|
||||
if tc.CertFile == "" {
|
||||
title[0] = "nil"
|
||||
} else {
|
||||
title[0] = tc.CertFile
|
||||
}
|
||||
if tc.KeyFile == "" {
|
||||
title[1] = "nil"
|
||||
} else {
|
||||
title[1] = tc.KeyFile
|
||||
}
|
||||
if tc.CACertFile == "" {
|
||||
title[2] = "nil"
|
||||
} else {
|
||||
title[2] = tc.CACertFile
|
||||
title := [3]string{tc.CertFile, tc.KeyFile, tc.CACertFile}
|
||||
for i := range title {
|
||||
if title[i] == "" {
|
||||
title[i] = "nil"
|
||||
}
|
||||
}
|
||||
t.Run(strings.Join(title[:], "_"), func(t *testing.T) {
|
||||
_, err := tc.TLSConfig.Load(metrics.NoopRegisterer)
|
||||
if err == nil && tc.want == "" {
|
||||
return
|
||||
}
|
||||
if err == nil {
|
||||
t.Errorf("got no error")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDETCCAfmgAwIBAgIJAJzxkS6o1QkIMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV
|
||||
BAMMFGhhcHB5IGhhY2tlciBmYWtlIENBMB4XDTE1MDQwNzIzNTAzOFoXDTI1MDQw
|
||||
NDIzNTAzOFowHzEdMBsGA1UEAwwUaGFwcHkgaGFja2VyIGZha2UgQ0EwggEiMA0G
|
||||
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCCkd5mgXFErJ3F2M0E9dw+Ta/md5i
|
||||
8TDId01HberAApqmydG7UZYF3zLTSzNjlNSOmtybvrSGUnZ9r9tSQcL8VM6WUOM8
|
||||
tnIpiIjEA2QkBycMwvRmZ/B2ltPdYs/R9BqNwO1g18GDZrHSzUYtNKNeFI6Glamj
|
||||
7GK2Vr0SmiEamlNIR5ktAFsEErzf/d4jCF7sosMsJpMCm1p58QkP4LHLShVLXDa8
|
||||
BMfVoI+ipYcA08iNUFkgW8VWDclIDxcysa0psDDtMjX3+4aPkE/cefmP+1xOfUuD
|
||||
HOGV8XFynsP4EpTfVOZr0/g9gYQ7ZArqXX7GTQkFqduwPm/w5qxSPTarAgMBAAGj
|
||||
UDBOMB0GA1UdDgQWBBT7eE8S+WAVgyyfF380GbMuNupBiTAfBgNVHSMEGDAWgBT7
|
||||
eE8S+WAVgyyfF380GbMuNupBiTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA
|
||||
A4IBAQAd9Da+Zv+TjMv7NTAmliqnWHY6d3UxEZN3hFEJ58IQVHbBZVZdW7zhRktB
|
||||
vR05Kweac0HJeK91TKmzvXl21IXLvh0gcNLU/uweD3no/snfdB4OoFompljThmgl
|
||||
zBqiqWoKBJQrLCA8w5UB+ReomRYd/EYXF/6TAfzm6hr//Xt5mPiUHPdvYt75lMAo
|
||||
vRxLSbF8TSQ6b7BYxISWjPgFASNNqJNHEItWsmQMtAjjwzb9cs01XH9pChVAWn9L
|
||||
oeMKa+SlHSYrWG93+EcrIH/dGU76uNOiaDzBSKvaehG53h25MHuO1anNICJvZovW
|
||||
rFo4Uv1EnkKJm3vJFe50eJGhEKlx
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,28 +0,0 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDCCkd5mgXFErJ3
|
||||
F2M0E9dw+Ta/md5i8TDId01HberAApqmydG7UZYF3zLTSzNjlNSOmtybvrSGUnZ9
|
||||
r9tSQcL8VM6WUOM8tnIpiIjEA2QkBycMwvRmZ/B2ltPdYs/R9BqNwO1g18GDZrHS
|
||||
zUYtNKNeFI6Glamj7GK2Vr0SmiEamlNIR5ktAFsEErzf/d4jCF7sosMsJpMCm1p5
|
||||
8QkP4LHLShVLXDa8BMfVoI+ipYcA08iNUFkgW8VWDclIDxcysa0psDDtMjX3+4aP
|
||||
kE/cefmP+1xOfUuDHOGV8XFynsP4EpTfVOZr0/g9gYQ7ZArqXX7GTQkFqduwPm/w
|
||||
5qxSPTarAgMBAAECggEAZh00uhjFOo35X1TufwSGF0z/c9uMvfMB4i1ufM2qgXud
|
||||
WXLSLcrksZhhTfLAS4KSTa3PtSKqLBoPg1tdhy9WZqZWxaIxw8ybzaGtn8HNHGyr
|
||||
LzsVlSLT2ATN4C7VAT9+DeVext0kWHtdz3r5mGagJq2Yx9jRGpQW6rBA9h4ol699
|
||||
BM09UPCcdlGmpdrb0jDjyfohG139EBSmEeB+Jim+oLO1sXe/LvWllU0UL527CExp
|
||||
ykiIjASd4s7tFErV9sVJ+bDI97GOyBUGcVMiQ+TRPKFr0kfLgbJz24l8ycPI4odp
|
||||
IGY+6igicg67n5BktAH+UfCQlUIpWbF2SwRAMht0AQKBgQD8gocy2VuCPj285hBY
|
||||
8g/1GFd58HkCh54bOhAOb2PK+NE4mRuHCBlBj/tQOmgYz2Pna2k5ldJSUwXsUKkx
|
||||
9R7hutnwXbcQTSQIRcjhYDLeGetJYXR96ylDig+6XjdW3A5SIc2JzlbVThP39TTm
|
||||
gRqE/rj9G4ARMfHxffp7YT5AqwKBgQDEuN0pYMKjaW0xvc7WYUOqGHqt2di/BwMr
|
||||
Ur438MtePArELY35P6kDcrfnlacDToA3Tebk9Rw18y1kl3BFO7VdJbQJSa6RWbp5
|
||||
aK7E5lq1pCrdyhGwiaI1f5VgzeY8ywS3TqGqU9GOqpENiZqgs1ly9l8gZSaw8/yF
|
||||
uDWGg7jiAQKBgQCyLtGEmkiuoYkjUR1cBoQoKeMgkwZxOI3jHJfT99ptkiLhU3lP
|
||||
UfGwiA+JT43BZCdVWEBKeGSP3zIgzdJ3BEekdhvwN9FEWYsBo2zbTOzYOWYExBZV
|
||||
/KmDlVr/4hge3O3mGyBVDBvOLWh94rRPq+6wxqZ3RP6cI6hdBs7IXZh2PQKBgQDB
|
||||
rav4kA4xKpvaDCC2yj3/Gmi1/zO5J2NEZQtoMgdXeM+0w5Dy4204Otq7A4jR5Ziw
|
||||
Wl9H7dZfe1Kmpb5gO1/dHEC7oDJhYjEIVTs0GgMWsFGP2OE/qNHtz/W2wCC8m7jB
|
||||
7IWYFzvLNTzoUiDNtKYNXGjdkRjdwOlOkcUI8Wi2AQKBgQC9EJsMz/ySt58IvwWy
|
||||
fQJyg742j21pXHqlMnmHygnSgNa7f3yPQK3FxjvhIPmgu7x8+sSUtXHOjKhZML3p
|
||||
SdTm/yN487hOYp03jy/wVXLcCDp9XhBeIt/z/TZMPMjAHOLG9xG6cF8AOVq7mLBc
|
||||
tsDWUHoXPZj/YciXZLq3fPuXyw==
|
||||
-----END PRIVATE KEY-----
|
||||
|
|
@ -2,6 +2,6 @@ services:
|
|||
boulder:
|
||||
environment:
|
||||
FAKE_DNS: 10.77.77.77
|
||||
BOULDER_CONFIG_DIR: &boulder_config_dir test/config-next
|
||||
BOULDER_CONFIG_DIR: test/config-next
|
||||
GOFLAGS: -mod=vendor
|
||||
GOCACHE: /boulder/.gocache/go-build-next
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ services:
|
|||
# The `letsencrypt/boulder-tools:latest` tag is automatically built in local
|
||||
# dev environments. In CI a specific BOULDER_TOOLS_TAG is passed, and it is
|
||||
# pulled with `docker compose pull`.
|
||||
image: letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-latest}
|
||||
image: &boulder_tools_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-latest}
|
||||
build:
|
||||
context: test/boulder-tools/
|
||||
# Should match one of the GO_CI_VERSIONS in test/boulder-tools/tag_and_upload.sh.
|
||||
|
|
@ -20,8 +20,7 @@ services:
|
|||
volumes:
|
||||
- .:/boulder:cached
|
||||
- ./.gocache:/root/.cache/go-build:cached
|
||||
- ./.hierarchy:/hierarchy/:cached
|
||||
- ./.softhsm-tokens/:/var/lib/softhsm/tokens/:cached
|
||||
- ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached
|
||||
networks:
|
||||
bouldernet:
|
||||
ipv4_address: 10.77.77.77
|
||||
|
|
@ -62,6 +61,20 @@ services:
|
|||
entrypoint: test/entrypoint.sh
|
||||
working_dir: &boulder_working_dir /boulder
|
||||
|
||||
bsetup:
|
||||
image: *boulder_tools_image
|
||||
volumes:
|
||||
- .:/boulder:cached
|
||||
- ./.gocache:/root/.cache/go-build:cached
|
||||
- ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached
|
||||
entrypoint: test/certs/generate.sh
|
||||
working_dir: *boulder_working_dir
|
||||
profiles:
|
||||
# Adding a profile to this container means that it won't be started by a
|
||||
# normal "docker compose up/run boulder", only when specifically invoked
|
||||
# with a "docker compose up bsetup".
|
||||
- setup
|
||||
|
||||
bmysql:
|
||||
image: mariadb:10.5
|
||||
networks:
|
||||
|
|
|
|||
|
|
@ -12,59 +12,58 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/letsencrypt/boulder/core"
|
||||
"github.com/jmhodges/clock"
|
||||
|
||||
"github.com/letsencrypt/boulder/test"
|
||||
)
|
||||
|
||||
func TestServerTransportCredentials(t *testing.T) {
|
||||
_, badCert := test.ThrowAwayCert(t, clock.New())
|
||||
goodCert := &x509.Certificate{
|
||||
DNSNames: []string{"creds-test"},
|
||||
IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1)},
|
||||
}
|
||||
acceptedSANs := map[string]struct{}{
|
||||
"creds-test": {},
|
||||
}
|
||||
certFile := "../../test/grpc-creds/creds-test/cert.pem"
|
||||
badCertFile := "testdata/example.com/cert.pem"
|
||||
goodCert, err := core.LoadCert(certFile)
|
||||
test.AssertNotError(t, err, "core.LoadCert failed on "+certFile)
|
||||
badCert, err := core.LoadCert(badCertFile)
|
||||
test.AssertNotError(t, err, "core.LoadCert failed on "+badCertFile)
|
||||
servTLSConfig := &tls.Config{}
|
||||
|
||||
// NewServerCredentials with a nil serverTLSConfig should return an error
|
||||
_, err = NewServerCredentials(nil, acceptedSANs)
|
||||
_, err := NewServerCredentials(nil, acceptedSANs)
|
||||
test.AssertEquals(t, err, ErrNilServerConfig)
|
||||
|
||||
// A creds with a empty acceptedSANs list should consider any peer valid
|
||||
// A creds with a nil acceptedSANs list should consider any peer valid
|
||||
wrappedCreds, err := NewServerCredentials(servTLSConfig, nil)
|
||||
test.AssertNotError(t, err, "NewServerCredentials failed with nil acceptedSANs")
|
||||
bcreds := wrappedCreds.(*serverTransportCredentials)
|
||||
emptyState := tls.ConnectionState{}
|
||||
err = bcreds.validateClient(emptyState)
|
||||
err = bcreds.validateClient(tls.ConnectionState{})
|
||||
test.AssertNotError(t, err, "validateClient() errored for emptyState")
|
||||
|
||||
// A creds with a empty acceptedSANs list should consider any peer valid
|
||||
wrappedCreds, err = NewServerCredentials(servTLSConfig, map[string]struct{}{})
|
||||
test.AssertNotError(t, err, "NewServerCredentials failed with empty acceptedSANs")
|
||||
bcreds = wrappedCreds.(*serverTransportCredentials)
|
||||
err = bcreds.validateClient(emptyState)
|
||||
err = bcreds.validateClient(tls.ConnectionState{})
|
||||
test.AssertNotError(t, err, "validateClient() errored for emptyState")
|
||||
|
||||
// A creds given an empty TLS ConnectionState to verify should return an error
|
||||
// A properly-initialized creds should fail to verify an empty ConnectionState
|
||||
bcreds = &serverTransportCredentials{servTLSConfig, acceptedSANs}
|
||||
err = bcreds.validateClient(emptyState)
|
||||
err = bcreds.validateClient(tls.ConnectionState{})
|
||||
test.AssertEquals(t, err, ErrEmptyPeerCerts)
|
||||
|
||||
// A creds should reject peers that don't have a leaf certificate with
|
||||
// a SAN on the accepted list.
|
||||
wrongState := tls.ConnectionState{
|
||||
err = bcreds.validateClient(tls.ConnectionState{
|
||||
PeerCertificates: []*x509.Certificate{badCert},
|
||||
}
|
||||
err = bcreds.validateClient(wrongState)
|
||||
})
|
||||
var errSANNotAccepted ErrSANNotAccepted
|
||||
test.AssertErrorWraps(t, err, &errSANNotAccepted)
|
||||
|
||||
// A creds should accept peers that have a leaf certificate with a SAN
|
||||
// that is on the accepted list
|
||||
rightState := tls.ConnectionState{
|
||||
err = bcreds.validateClient(tls.ConnectionState{
|
||||
PeerCertificates: []*x509.Certificate{goodCert},
|
||||
}
|
||||
err = bcreds.validateClient(rightState)
|
||||
})
|
||||
test.AssertNotError(t, err, "validateClient(rightState) failed")
|
||||
|
||||
// A creds configured with an IP SAN in the accepted list should accept a peer
|
||||
|
|
@ -74,7 +73,9 @@ func TestServerTransportCredentials(t *testing.T) {
|
|||
"127.0.0.1": {},
|
||||
}
|
||||
bcreds = &serverTransportCredentials{servTLSConfig, acceptedIPSans}
|
||||
err = bcreds.validateClient(rightState)
|
||||
err = bcreds.validateClient(tls.ConnectionState{
|
||||
PeerCertificates: []*x509.Certificate{goodCert},
|
||||
})
|
||||
test.AssertNotError(t, err, "validateClient(rightState) failed with an IP accepted SAN list")
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDETCCAfmgAwIBAgIITp8UbMgujuEwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgNDk2YzRkMCAXDTE2MTIyNjE5MTEyOFoYDzIxMDYx
|
||||
MjI2MTkxMTI4WjAWMRQwEgYDVQQDEwtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcN
|
||||
AQEBBQADggEPADCCAQoCggEBAL18+TWZsdGOxfObbuHQ8mOSXvc6+gtVHN9lSFOt
|
||||
x7JiM2OZhQFOlYPDox/KqQX0tlyfYZ808NZcwWConQL+Atme8AKy0pahqI99WChh
|
||||
li9ehbbbTGoWa8NxWbkqGDgD3waQ8YFZbWXosiK+dt4cAbNpAdX1yByQts/GUKW0
|
||||
PYyqwoOvjE5tBXBzrIL6PVxmGz5ALjq8GMl3HTyZXO5AfBuomNRYYkEV6zx/TOTq
|
||||
PhO7flLnMVauv0aJbsaD+ZpPF2Zi/fw/4q2nolag+oA1f55mHxjN39ocLHa++CJA
|
||||
ft4LRK/75QVaYKICn4r13DiCvGI44ltv+lmwSPZ311lvIF8CAwEAAaNXMFUwDgYD
|
||||
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV
|
||||
HRMBAf8EAjAAMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUA
|
||||
A4IBAQAp/W32B/Pnm1oZXSVWTSN6ztSWjgiB3du1ryPe5VSPBmYZU1hHvORBfjuH
|
||||
5JI9mHioW+0aoiDuABgpIXf5hMfXljyJXN+vO70C5PStUnFmHTtGADw62vRxhVVU
|
||||
PLKtSAph8QpMTEUe+skV5RZ525aqHH54GSrSm7EdkIrgrkuGQhOViZ6QEqew29I3
|
||||
UK6cNe3w4d0XTzwPej4TNDGwumwWf/TEopp/kdOsFn93aZh/C/uTuI8gyqI9HiO0
|
||||
uQCwsePBr0G0w+vns38oC9jgyu6S3bOnq8XBzLjWgJ2lL//0g7bqvc5Wi1ClJnNS
|
||||
OW48oQi9pw/ceqkYaMjCc0M5M0ix
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAvXz5NZmx0Y7F85tu4dDyY5Je9zr6C1Uc32VIU63HsmIzY5mF
|
||||
AU6Vg8OjH8qpBfS2XJ9hnzTw1lzBYKidAv4C2Z7wArLSlqGoj31YKGGWL16FtttM
|
||||
ahZrw3FZuSoYOAPfBpDxgVltZeiyIr523hwBs2kB1fXIHJC2z8ZQpbQ9jKrCg6+M
|
||||
Tm0FcHOsgvo9XGYbPkAuOrwYyXcdPJlc7kB8G6iY1FhiQRXrPH9M5Oo+E7t+Uucx
|
||||
Vq6/RoluxoP5mk8XZmL9/D/iraeiVqD6gDV/nmYfGM3f2hwsdr74IkB+3gtEr/vl
|
||||
BVpgogKfivXcOIK8YjjiW2/6WbBI9nfXWW8gXwIDAQABAoIBAQCrLixgXMGEQ8vW
|
||||
YBOSktV2WHPMOw5KkJBtzCzD05k1MHumPbknThvKFkHWZZm+VK0uDZn+XrA3p0HX
|
||||
FVwKqPhgKrI+bdfK1q3VOvIaQNaRYn2/jGuC51BhFpRsr3eDmxOu9eAG74fh6Y6L
|
||||
zq7JxllO/8z1wn0OOTm9iDWxDJwR51+tq/BSJhj681QPTOYmMxeHVxlXbZWs3JH3
|
||||
2md/s3M2ZKuyS/i6B4d2wijxMbZsbmX2gYC/N+i/DfLyfwh1+/6BvTZIsW5e1LRQ
|
||||
kcIltZxlCT/PQw/rQjgDZROujlpiuYc2jaedn5JRDYNu+tnITi5oPswXezMH7QQs
|
||||
PpQCcQfpAoGBAN53rCeLOyenihR35L5J/pqgMTwvGywEiNzVLqv9KUxyhZZvexIj
|
||||
n5nQhRBIWD+2LpM1wmkMwb0xJT9PKbZgtaxYoledkFbWC+n7F6VqG/jb8ZUlkYdD
|
||||
6QVUqAOIiuQLKJTzKStDQlAJXhGF5eItI+yAnL7utUsliLPbh1zUrLXTAoGBANoM
|
||||
u5F/bqXOf2kQqXx7PfIuFRmQau97l0e7M1R7agvsgSnFvoa47Lkkx+KztZO+n8YD
|
||||
wpEe3otuEYQAhG4WnLcZsBkAtKlGNv9JXwYOKFttKHSEtQ2LA10AsgILknJpZggE
|
||||
/rMVyam+bjwusTfb610S8gYSjl7IKMIU+S+aAdfFAoGBAMgm3VF6l882kimWMMvv
|
||||
YM0XQRTHwOeacNRWTLZaf9SS2JOfWxfXyxklHQKoRBWWQFMbs/y1iH1CASPzgjDe
|
||||
07TqzayMSzeFPpTV3tFpJR+CKtkoQsVzGOw93SfIqkU/sNRJ7YlJ6xh9RQ/46vnR
|
||||
6Rc4I045EA07CMHgyemAQp8XAoGAbIYtzKqp/WgbTcV3NXd5S1HYOpMARhUzJAZt
|
||||
87xA+ZJKbun2e8MKPtOpkJF07AXSK5Gvgt7kUG0F1rcTMl+avB7S4H7Ta/SAZuqz
|
||||
mqXtPCPGIMfz/LuVfvJbplzwFHWUzKT/x04uwob/AoESvwR7ziUhxBf0OARTFNWv
|
||||
eBukkykCgYAuJ9jYMXVXae4phx0SgUNR40y7TA/TWbK2QgVGhWoGLlOOD3eqlxRS
|
||||
xjV5ZcOy5XcCsL5tyN5IhTRUdCWF0l/v9EfvY0Zib7BWZk/dFcmLba2w2YW4cWD4
|
||||
WI5hndU1a8engsQ9C7PQPzU9GiRbcnwU8n1pGAE5Aa8u7b3WCFi2ag==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -214,12 +214,12 @@ func TestNewIssuerKeyUsage(t *testing.T) {
|
|||
|
||||
func TestLoadChain_Valid(t *testing.T) {
|
||||
chain, err := LoadChain([]string{
|
||||
"../test/test-ca-cross.pem",
|
||||
"../test/test-root2.pem",
|
||||
"../test/hierarchy/int-e1.cert.pem",
|
||||
"../test/hierarchy/root-x2.cert.pem",
|
||||
})
|
||||
test.AssertNotError(t, err, "Should load valid chain")
|
||||
|
||||
expectedIssuer, err := core.LoadCert("../test/test-ca-cross.pem")
|
||||
expectedIssuer, err := core.LoadCert("../test/hierarchy/int-e1.cert.pem")
|
||||
test.AssertNotError(t, err, "Failed to load test issuer")
|
||||
|
||||
chainIssuer := chain[0]
|
||||
|
|
@ -236,12 +236,12 @@ func TestLoadChain_TooShort(t *testing.T) {
|
|||
func TestLoadChain_Unloadable(t *testing.T) {
|
||||
_, err := LoadChain([]string{
|
||||
"does-not-exist.pem",
|
||||
"../test/test-root2.pem",
|
||||
"../test/hierarchy/root-x2.cert.pem",
|
||||
})
|
||||
test.AssertError(t, err, "Should reject unloadable chain")
|
||||
|
||||
_, err = LoadChain([]string{
|
||||
"../test/test-ca-cross.pem",
|
||||
"../test/hierarchy/int-e1.cert.pem",
|
||||
"does-not-exist.pem",
|
||||
})
|
||||
test.AssertError(t, err, "Should reject unloadable chain")
|
||||
|
|
@ -251,19 +251,19 @@ func TestLoadChain_Unloadable(t *testing.T) {
|
|||
test.AssertNotError(t, err, "Error writing invalid PEM tmp file")
|
||||
_, err = LoadChain([]string{
|
||||
invalidPEMFile.Name(),
|
||||
"../test/test-root2.pem",
|
||||
"../test/hierarchy/root-x2.cert.pem",
|
||||
})
|
||||
test.AssertError(t, err, "Should reject unloadable chain")
|
||||
}
|
||||
|
||||
func TestLoadChain_InvalidSig(t *testing.T) {
|
||||
_, err := LoadChain([]string{
|
||||
"../test/test-root2.pem",
|
||||
"../test/test-ca-cross.pem",
|
||||
"../test/hierarchy/int-e1.cert.pem",
|
||||
"../test/hierarchy/root-x1.cert.pem",
|
||||
})
|
||||
test.AssertError(t, err, "Should reject invalid signature")
|
||||
test.Assert(t, strings.Contains(err.Error(), "test-ca-cross.pem"),
|
||||
test.Assert(t, strings.Contains(err.Error(), "root-x1.cert.pem"),
|
||||
fmt.Sprintf("Expected error to mention filename, got: %s", err))
|
||||
test.Assert(t, strings.Contains(err.Error(), "signature from \"CN=happy hacker fake CA\""),
|
||||
test.Assert(t, strings.Contains(err.Error(), "signature from \"CN=(TEST) Ineffable Ice X1"),
|
||||
fmt.Sprintf("Expected error to mention subject, got: %s", err))
|
||||
}
|
||||
|
|
|
|||
3
start.py
3
start.py
|
|
@ -20,9 +20,6 @@ import startservers
|
|||
if not startservers.install(race_detection=False):
|
||||
raise(Exception("failed to build"))
|
||||
|
||||
# Setup issuance hierarchy
|
||||
startservers.setupHierarchy()
|
||||
|
||||
if not startservers.start(fakeclock=None):
|
||||
sys.exit(1)
|
||||
try:
|
||||
|
|
|
|||
3
t.sh
3
t.sh
|
|
@ -7,6 +7,9 @@ if type realpath >/dev/null 2>&1 ; then
|
|||
cd "$(realpath -- $(dirname -- "$0"))"
|
||||
fi
|
||||
|
||||
# Generate the test keys and certs necessary for the integration tests.
|
||||
docker compose up bsetup
|
||||
|
||||
# Use a predictable name for the container so we can grab the logs later
|
||||
# for use when testing logs analysis tools.
|
||||
docker rm boulder_tests
|
||||
|
|
|
|||
50
test/PKI.md
50
test/PKI.md
|
|
@ -1,50 +0,0 @@
|
|||
Boulder's test environment contains four separate PKIs:
|
||||
* WFE (simulating the public WebPKI)
|
||||
* gRPC (simulating an internal PKI)
|
||||
* Redis (simulating another internal PKI)
|
||||
* Issuance
|
||||
|
||||
In live deployment, the issuance PKI is a member of the global WebPKI, but we
|
||||
simulate them as separate PKIs here.
|
||||
|
||||
The PKI used by WFE is under `test/wfe-tls/`, with `test/wfe-tls/minica.pem`
|
||||
serving as the root. There are no intermediates. Setting
|
||||
`test/wfe-tls/minica.pem` as a trusted root is sufficient to connect to the WFE
|
||||
over HTTPS. Currently there is only one end-entity certificate in this PKI, and
|
||||
that's all we expect to need. To validate HTTPS connections to a test-mode WFE
|
||||
in Python, set the environment variable `REQUESTS_CA_BUNDLE`. For Node, set
|
||||
`NODE_EXTRA_CA_CERTS`. These variables should be set to
|
||||
`/path/to/boulder/test/wfe-tls/minica.pem` (but only in testing environments!).
|
||||
Note that in the Python case, setting this environment variable may break HTTPS
|
||||
connections to non-WFE destinations. If causes problems for you, you may need to
|
||||
create a combined bundle containing `test/wfe-tls/minica.pem` in addition to the
|
||||
other relevant root certificates.
|
||||
|
||||
The gRPC PKI is under `test/grpc-creds/`. Each Boulder component has two
|
||||
hostnames, each resolving to a different IP address in our test environment,
|
||||
plus a third hostname that resolves to both IP addresses. Certificates for these
|
||||
components contain all three hostnames, both test IP addresses, and are stored
|
||||
under `test/grpc-creds/SERVICE.boulder`.
|
||||
|
||||
To issue new certificates in the WFE or gRPC PKI, install
|
||||
https://github.com/jsha/minica, cd to the directory containing `minica.pem` for
|
||||
the PKI you want to issue in, and run `minica -domains YOUR_NEW_DOMAINs`. If
|
||||
you're updating the gRPC PKI, please make sure to update
|
||||
`grpc-creds/generate.sh`.
|
||||
|
||||
The issuance PKI consists of a RSA and ECDSA roots, several intermediates and
|
||||
cross-signed intermediates, and CRLs. These certificates and their keys are
|
||||
generated using the `ceremony` tool during integration testing. The private keys
|
||||
are stored in SoftHSM in the boulder repository root `.softhsm-tokens/` folder,
|
||||
and the public keys and certificates are written out to the boulder repository
|
||||
root in the `.hierarchy/` folder.
|
||||
|
||||
To regenerate the issuance PKI files, run the following commands:
|
||||
|
||||
sudo rm -f .hierarchy/ .softhsm-tokens/
|
||||
docker compose run -it boulder go run test/cert-ceremonies/generate.go
|
||||
|
||||
Certificate `test-example.pem`, together with `test-example.key` are self-signed
|
||||
certs used in integration tests and were generated using:
|
||||
|
||||
openssl req -x509 -newkey rsa:4096 -keyout test-example.key -out test-example.pem -days 36500 -nodes -subj "/CN=www.example.com"
|
||||
|
|
@ -15,6 +15,7 @@ RUN go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.2.0
|
|||
RUN go install github.com/letsencrypt/pebble/v2/cmd/pebble-challtestsrv@66511d8
|
||||
RUN go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.57.2
|
||||
RUN go install honnef.co/go/tools/cmd/staticcheck@2023.1.7
|
||||
RUN go install github.com/jsha/minica@v1.1.0
|
||||
|
||||
FROM rust:bullseye as rustdeps
|
||||
# Provided automatically by docker build.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
/ipki
|
||||
/webpki
|
||||
/.softhsm-tokens
|
||||
|
|
@ -0,0 +1,71 @@
|
|||
# Test keys and certificates
|
||||
|
||||
## Dynamically-Generated PKIs
|
||||
|
||||
This directory contains scripts and programs which generate PKIs (collections of
|
||||
keys and certificates) for use in our integration tests. Each PKI has its own
|
||||
subdirectory. The scripts do not regenerate a directory if it already exists, to
|
||||
allow the generated files to be re-used across many runs on a developer's
|
||||
machine. To force the scripts to regenerate a PKI, simply delete its whole
|
||||
directory.
|
||||
|
||||
This script is invoked automatically by the `bsetup` container in our docker
|
||||
compose system. It is invoked automatically by `t.sh` and `tn.sh`. If you want
|
||||
to run it manually, the expected way to do so is:
|
||||
|
||||
```sh
|
||||
$ docker compose up bsetup
|
||||
[+] Running 0/1
|
||||
Attaching to bsetup-1
|
||||
bsetup-1 | Generating ipki/...
|
||||
bsetup-1 | Generating webpki/...
|
||||
bsetup-1 exited with code 0
|
||||
```
|
||||
|
||||
To add new certificates to an existing PKI, edit the script which generates that
|
||||
PKI's subdirectory. To add a whole new PKI, create a new generation script,
|
||||
execute that script from this directory's top-level `generate.sh`, and add the
|
||||
new subdirectory to this directory's `.gitignore` file.
|
||||
|
||||
### webpki
|
||||
|
||||
The "webpki" PKI emulates our publicly-trusted hierarchy. It consists of RSA and
|
||||
ECDSA roots, several intermediates and cross-signed intermediates, and CRLs.
|
||||
These certificates and their keys are generated using the `ceremony` tool. The
|
||||
private keys are stored in SoftHSM in the `.softhsm-tokens` subdirectory.
|
||||
|
||||
This PKI is loaded by the CA, RA, and other components. It is used as the
|
||||
issuance hierarchy for all end-entity certificates issued as part of the
|
||||
integration tests.
|
||||
|
||||
### ipki
|
||||
|
||||
The "ipki" PKI emulates our internal PKI that the various Boulder services use
|
||||
to authenticate each other when establishing gRPC connections. It includes one
|
||||
certificate for each service which participates in our gRPC cluster. Some of
|
||||
these certificates (for the services that we run multiple copies of) have
|
||||
multiple names, so the same certificate can be loaded by each copy of that
|
||||
service.
|
||||
|
||||
This PKI is loaded by virtually every Boulder component.
|
||||
|
||||
## Other Test PKIs
|
||||
|
||||
A variety of other PKIs (collections of keys and certificates) exist in this
|
||||
repository for the sake of unit and integration testing. We list them here as a
|
||||
TODO-list of PKIs to remove and clean up:
|
||||
|
||||
- challtestsrv DoH: Our fake DNS challenge test server (which fulfills DNS-01
|
||||
challenges during integration tests) can negotiate DoH handshakes. The key and
|
||||
cert is uses for this are currently generated as part of the ipki directory,
|
||||
but are fundamentally different from that PKI and should be moved.
|
||||
- wfe-tls: The //test/wfe-tls/ directory holds the key and certificate which the
|
||||
WFE uses to negotiate TLS handshakes with API clients.
|
||||
- redis: The //test/redis-tls/ directory holds the key and certificate used by
|
||||
our test redis cluster. This should probably be moved into the ipki directory.
|
||||
- unit tests: the //test/hierarchy/ directory holds a variety of certificates
|
||||
used by unit tests. These should be replaced by certs which the unit tests
|
||||
dynamically generate in-memory, rather than loading from disk.
|
||||
- misc: the top-level //test/ directory contains a variety of keys and
|
||||
certificates which are used largely at random throughout the tests. These
|
||||
should be removed and replaced with one of the existing PKIs.
|
||||
|
|
@ -0,0 +1,60 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
cd "$(realpath -- $(dirname -- "$0"))"
|
||||
|
||||
ipki() (
|
||||
# Check that `minica` is installed
|
||||
command -v minica >/dev/null 2>&1 || {
|
||||
echo >&2 "No 'minica' command available.";
|
||||
echo >&2 "Check your GOPATH and run: 'go install github.com/jsha/minica@latest'.";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
# Minica generates everything in-place, so we need to cd into the subdirectory.
|
||||
# This function executes in a subshell, so this cd does not affect the parent
|
||||
# script.
|
||||
mkdir ipki
|
||||
cd ipki
|
||||
|
||||
# Used by challtestsrv to negotiate DoH handshakes.
|
||||
# TODO: Move this out of the ipki directory.
|
||||
# This also creates the issuer key, so the loops below can run in the
|
||||
# background without competing over who gets to create it.
|
||||
minica -ip-addresses 10.77.77.77,10.88.88.88
|
||||
|
||||
for SERVICE in admin-revoker expiration-mailer ocsp-responder consul \
|
||||
wfe akamai-purger bad-key-revoker crl-updater crl-storer \
|
||||
health-checker; do
|
||||
minica -domains "${SERVICE}.boulder" &
|
||||
done
|
||||
|
||||
for SERVICE in publisher nonce ra ca sa va rva ; do
|
||||
minica -domains "${SERVICE}.boulder,${SERVICE}1.boulder,${SERVICE}2.boulder" &
|
||||
done
|
||||
|
||||
wait
|
||||
|
||||
# minica sets restrictive directory permissions, but we don't want that
|
||||
chmod -R go+rX .
|
||||
)
|
||||
|
||||
webpki() (
|
||||
# Because it invokes the ceremony tool, webpki.go expects to be invoked with
|
||||
# the root of the boulder repo as the current working directory.
|
||||
# This function executes in a subshell, so this cd does not affect the parent
|
||||
# script.
|
||||
cd ../..
|
||||
mkdir ./test/certs/webpki
|
||||
go run ./test/certs/webpki.go
|
||||
)
|
||||
|
||||
if ! [ -d ipki ]; then
|
||||
echo "Generating ipki/..."
|
||||
ipki
|
||||
fi
|
||||
|
||||
if ! [ -d webpki ]; then
|
||||
echo "Generating webpki/..."
|
||||
webpki
|
||||
fi
|
||||
|
|
@ -5,11 +5,11 @@ pkcs11:
|
|||
signing-key-slot: {{ .SlotID }}
|
||||
signing-key-label: root rsa
|
||||
inputs:
|
||||
public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem
|
||||
issuer-certificate-path: /hierarchy/root-rsa.cert.pem
|
||||
certificate-to-cross-sign-path: /hierarchy/{{ .FileName }}.cert.pem
|
||||
public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem
|
||||
issuer-certificate-path: test/certs/webpki/root-rsa.cert.pem
|
||||
certificate-to-cross-sign-path: test/certs/webpki/{{ .FileName }}.cert.pem
|
||||
outputs:
|
||||
certificate-path: /hierarchy/{{ .FileName }}-cross.cert.pem
|
||||
certificate-path: test/certs/webpki/{{ .FileName }}-cross.cert.pem
|
||||
certificate-profile:
|
||||
signature-algorithm: SHA256WithRSA
|
||||
common-name: {{ .CommonName }}
|
||||
|
|
@ -5,10 +5,10 @@ pkcs11:
|
|||
signing-key-slot: {{ .SlotID }}
|
||||
signing-key-label: root ecdsa
|
||||
inputs:
|
||||
public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem
|
||||
issuer-certificate-path: /hierarchy/root-ecdsa.cert.pem
|
||||
public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem
|
||||
issuer-certificate-path: test/certs/webpki/root-ecdsa.cert.pem
|
||||
outputs:
|
||||
certificate-path: /hierarchy/{{ .FileName }}.cert.pem
|
||||
certificate-path: test/certs/webpki/{{ .FileName }}.cert.pem
|
||||
certificate-profile:
|
||||
signature-algorithm: ECDSAWithSHA384
|
||||
common-name: {{ .CommonName }}
|
||||
|
|
@ -5,10 +5,10 @@ pkcs11:
|
|||
signing-key-slot: {{ .SlotID }}
|
||||
signing-key-label: root rsa
|
||||
inputs:
|
||||
public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem
|
||||
issuer-certificate-path: /hierarchy/root-rsa.cert.pem
|
||||
public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem
|
||||
issuer-certificate-path: test/certs/webpki/root-rsa.cert.pem
|
||||
outputs:
|
||||
certificate-path: /hierarchy/{{ .FileName }}.cert.pem
|
||||
certificate-path: test/certs/webpki/{{ .FileName }}.cert.pem
|
||||
certificate-profile:
|
||||
signature-algorithm: SHA256WithRSA
|
||||
common-name: {{ .CommonName }}
|
||||
|
|
@ -8,5 +8,5 @@ key:
|
|||
type: ecdsa
|
||||
ecdsa-curve: P-384
|
||||
outputs:
|
||||
public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem
|
||||
pkcs11-config-path: /hierarchy/{{ .FileName }}.pkcs11.json
|
||||
public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem
|
||||
pkcs11-config-path: test/certs/webpki/{{ .FileName }}.pkcs11.json
|
||||
|
|
@ -8,5 +8,5 @@ key:
|
|||
type: rsa
|
||||
rsa-mod-length: 2048
|
||||
outputs:
|
||||
public-key-path: /hierarchy/{{ .FileName }}.pubkey.pem
|
||||
pkcs11-config-path: /hierarchy/{{ .FileName }}.pkcs11.json
|
||||
public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem
|
||||
pkcs11-config-path: test/certs/webpki/{{ .FileName }}.pkcs11.json
|
||||
|
|
@ -8,8 +8,8 @@ key:
|
|||
type: ecdsa
|
||||
ecdsa-curve: P-384
|
||||
outputs:
|
||||
public-key-path: /hierarchy/root-ecdsa.pubkey.pem
|
||||
certificate-path: /hierarchy/root-ecdsa.cert.pem
|
||||
public-key-path: test/certs/webpki/root-ecdsa.pubkey.pem
|
||||
certificate-path: test/certs/webpki/root-ecdsa.cert.pem
|
||||
certificate-profile:
|
||||
signature-algorithm: ECDSAWithSHA384
|
||||
common-name: root ecdsa
|
||||
|
|
@ -8,8 +8,8 @@ key:
|
|||
type: rsa
|
||||
rsa-mod-length: 4096
|
||||
outputs:
|
||||
public-key-path: /hierarchy/root-rsa.pubkey.pem
|
||||
certificate-path: /hierarchy/root-rsa.cert.pem
|
||||
public-key-path: test/certs/webpki/root-rsa.pubkey.pem
|
||||
certificate-path: test/certs/webpki/root-rsa.cert.pem
|
||||
certificate-profile:
|
||||
signature-algorithm: SHA256WithRSA
|
||||
common-name: root rsa
|
||||
|
|
@ -5,9 +5,9 @@ pkcs11:
|
|||
signing-key-slot: {{ .SlotID }}
|
||||
signing-key-label: root ecdsa
|
||||
inputs:
|
||||
issuer-certificate-path: /hierarchy/root-ecdsa.cert.pem
|
||||
issuer-certificate-path: test/certs/webpki/root-ecdsa.cert.pem
|
||||
outputs:
|
||||
crl-path: /hierarchy/root-ecdsa.crl.pem
|
||||
crl-path: test/certs/webpki/root-ecdsa.crl.pem
|
||||
crl-profile:
|
||||
this-update: 2023-01-01 12:00:00
|
||||
next-update: 2023-12-15 12:00:00
|
||||
|
|
@ -5,9 +5,9 @@ pkcs11:
|
|||
signing-key-slot: {{ .SlotID }}
|
||||
signing-key-label: root rsa
|
||||
inputs:
|
||||
issuer-certificate-path: /hierarchy/root-rsa.cert.pem
|
||||
issuer-certificate-path: test/certs/webpki/root-rsa.cert.pem
|
||||
outputs:
|
||||
crl-path: /hierarchy/root-rsa.crl.pem
|
||||
crl-path: test/certs/webpki/root-rsa.crl.pem
|
||||
crl-profile:
|
||||
this-update: 2023-01-01 12:00:00
|
||||
next-update: 2023-12-15 12:00:00
|
||||
|
|
@ -38,7 +38,7 @@ func genKey(path string, inSlot string) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
output, err := exec.Command("bin/ceremony", "-config", tmpPath).CombinedOutput()
|
||||
output, err := exec.Command("./bin/ceremony", "-config", tmpPath).CombinedOutput()
|
||||
if err != nil {
|
||||
return fmt.Errorf("error running ceremony for %s: %s:\n%s", tmpPath, err, string(output))
|
||||
}
|
||||
|
|
@ -70,7 +70,7 @@ func rewriteConfig(path string, rewrites map[string]string) (string, error) {
|
|||
|
||||
// runCeremony is used to run a ceremony with a given config.
|
||||
func runCeremony(path string) error {
|
||||
output, err := exec.Command("bin/ceremony", "-config", path).CombinedOutput()
|
||||
output, err := exec.Command("./bin/ceremony", "-config", path).CombinedOutput()
|
||||
if err != nil {
|
||||
return fmt.Errorf("error running ceremony for %s: %s:\n%s", path, err, string(output))
|
||||
}
|
||||
|
|
@ -81,17 +81,9 @@ func main() {
|
|||
_ = blog.Set(blog.StdoutLogger(6))
|
||||
defer cmd.AuditPanic()
|
||||
|
||||
// If one of the output files already exists, assume this ran once
|
||||
// already for the container and don't re-run.
|
||||
outputFile := "/hierarchy/root-rsa.pubkey.pem"
|
||||
if loc, err := os.Stat(outputFile); err == nil && loc.Mode().IsRegular() {
|
||||
fmt.Println("skipping certificate generation: already exists")
|
||||
return
|
||||
} else if err == nil && !loc.Mode().IsRegular() {
|
||||
cmd.Fail(fmt.Sprintf("statting %q: not a regular file", outputFile))
|
||||
} else if err != nil && !os.IsNotExist(err) {
|
||||
cmd.Fail(fmt.Sprintf("statting %q: %s", outputFile, err))
|
||||
}
|
||||
// Compile the ceremony binary for easy re-use.
|
||||
_, err := exec.Command("make", "build").CombinedOutput()
|
||||
cmd.FailOnError(err, "compiling ceremony tool")
|
||||
|
||||
// Create SoftHSM slots for the root signing keys
|
||||
rsaRootKeySlot, err := createSlot("Root RSA")
|
||||
|
|
@ -100,9 +92,9 @@ func main() {
|
|||
cmd.FailOnError(err, "failed creating softhsm2 slot for ECDSA root key")
|
||||
|
||||
// Generate the root signing keys and certificates
|
||||
err = genKey("test/cert-ceremonies/root-ceremony-rsa.yaml", rsaRootKeySlot)
|
||||
err = genKey("test/certs/root-ceremony-rsa.yaml", rsaRootKeySlot)
|
||||
cmd.FailOnError(err, "failed to generate RSA root key + root cert")
|
||||
err = genKey("test/cert-ceremonies/root-ceremony-ecdsa.yaml", ecdsaRootKeySlot)
|
||||
err = genKey("test/certs/root-ceremony-ecdsa.yaml", ecdsaRootKeySlot)
|
||||
cmd.FailOnError(err, "failed to generate ECDSA root key + root cert")
|
||||
|
||||
// Do everything for all of the intermediates
|
||||
|
|
@ -126,7 +118,7 @@ func main() {
|
|||
cmd.FailOnError(err, "failed to create softhsm2 slot for intermediate key")
|
||||
|
||||
// Generate key
|
||||
keyConfigTemplate := fmt.Sprintf("test/cert-ceremonies/intermediate-key-ceremony-%s.yaml", alg)
|
||||
keyConfigTemplate := fmt.Sprintf("test/certs/intermediate-key-ceremony-%s.yaml", alg)
|
||||
keyConfig, err := rewriteConfig(keyConfigTemplate, map[string]string{
|
||||
"SlotID": keySlot,
|
||||
"Label": name,
|
||||
|
|
@ -138,7 +130,7 @@ func main() {
|
|||
cmd.FailOnError(err, "failed to generate intermediate key")
|
||||
|
||||
// Generate cert
|
||||
certConfigTemplate := fmt.Sprintf("test/cert-ceremonies/intermediate-cert-ceremony-%s.yaml", alg)
|
||||
certConfigTemplate := fmt.Sprintf("test/certs/intermediate-cert-ceremony-%s.yaml", alg)
|
||||
certConfig, err := rewriteConfig(certConfigTemplate, map[string]string{
|
||||
"SlotID": rootKeySlot,
|
||||
"CommonName": name,
|
||||
|
|
@ -154,7 +146,7 @@ func main() {
|
|||
continue
|
||||
}
|
||||
|
||||
crossConfigTemplate := fmt.Sprintf("test/cert-ceremonies/intermediate-cert-ceremony-%s-cross.yaml", alg)
|
||||
crossConfigTemplate := fmt.Sprintf("test/certs/intermediate-cert-ceremony-%s-cross.yaml", alg)
|
||||
crossConfig, err := rewriteConfig(crossConfigTemplate, map[string]string{
|
||||
"SlotID": rsaRootKeySlot,
|
||||
"CommonName": name,
|
||||
|
|
@ -168,14 +160,14 @@ func main() {
|
|||
}
|
||||
|
||||
// Create CRLs stating that the intermediates are not revoked.
|
||||
rsaTmpCRLConfig, err := rewriteConfig("test/cert-ceremonies/root-crl-rsa.yaml", map[string]string{
|
||||
rsaTmpCRLConfig, err := rewriteConfig("test/certs/root-crl-rsa.yaml", map[string]string{
|
||||
"SlotID": rsaRootKeySlot,
|
||||
})
|
||||
cmd.FailOnError(err, "failed to rewrite RSA root CRL config with key ID")
|
||||
err = runCeremony(rsaTmpCRLConfig)
|
||||
cmd.FailOnError(err, "failed to generate RSA root CRL")
|
||||
|
||||
ecdsaTmpCRLConfig, err := rewriteConfig("test/cert-ceremonies/root-crl-ecdsa.yaml", map[string]string{
|
||||
ecdsaTmpCRLConfig, err := rewriteConfig("test/certs/root-crl-ecdsa.yaml", map[string]string{
|
||||
"SlotID": ecdsaRootKeySlot,
|
||||
})
|
||||
cmd.FailOnError(err, "failed to rewrite ECDSA root CRL config with key ID")
|
||||
|
|
@ -5,9 +5,9 @@
|
|||
"maxOpenConns": 1
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem"
|
||||
},
|
||||
"raService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@
|
|||
},
|
||||
"debugAddr": ":8014",
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem"
|
||||
},
|
||||
"raService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
|
|||
|
|
@ -12,9 +12,9 @@
|
|||
"accessToken": "idk-how-this-is-different-from-client-token-but-okay",
|
||||
"v3Network": "staging",
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/akamai-purger.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/akamai-purger.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/akamai-purger.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/akamai-purger.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"address": ":9099",
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@
|
|||
"maxOpenConns": 10
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/bad-key-revoker.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/bad-key-revoker.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/bad-key-revoker.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/bad-key-revoker.boulder/key.pem"
|
||||
},
|
||||
"raService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"ca": {
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/ca.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/ca.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/ca.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/ca.boulder/key.pem"
|
||||
},
|
||||
"hostnamePolicyFile": "test/hostname-policy.yaml",
|
||||
"grpcCA": {
|
||||
|
|
@ -69,8 +69,8 @@
|
|||
"ocspURL": "http://ca.example.org:4002/",
|
||||
"crlURLBase": "http://ca.example.org:4501/ecdsa-a/",
|
||||
"location": {
|
||||
"configFile": "/hierarchy/int-ecdsa-a.pkcs11.json",
|
||||
"certFile": "/hierarchy/int-ecdsa-a.cert.pem",
|
||||
"configFile": "test/certs/webpki/int-ecdsa-a.pkcs11.json",
|
||||
"certFile": "test/certs/webpki/int-ecdsa-a.cert.pem",
|
||||
"numSessions": 2
|
||||
}
|
||||
},
|
||||
|
|
@ -80,8 +80,8 @@
|
|||
"ocspURL": "http://ca.example.org:4002/",
|
||||
"crlURLBase": "http://ca.example.org:4501/ecdsa-b/",
|
||||
"location": {
|
||||
"configFile": "/hierarchy/int-ecdsa-b.pkcs11.json",
|
||||
"certFile": "/hierarchy/int-ecdsa-b.cert.pem",
|
||||
"configFile": "test/certs/webpki/int-ecdsa-b.pkcs11.json",
|
||||
"certFile": "test/certs/webpki/int-ecdsa-b.cert.pem",
|
||||
"numSessions": 2
|
||||
}
|
||||
},
|
||||
|
|
@ -91,8 +91,8 @@
|
|||
"ocspURL": "http://ca.example.org:4002/",
|
||||
"crlURLBase": "http://ca.example.org:4501/ecdsa-c/",
|
||||
"location": {
|
||||
"configFile": "/hierarchy/int-ecdsa-c.pkcs11.json",
|
||||
"certFile": "/hierarchy/int-ecdsa-c.cert.pem",
|
||||
"configFile": "test/certs/webpki/int-ecdsa-c.pkcs11.json",
|
||||
"certFile": "test/certs/webpki/int-ecdsa-c.cert.pem",
|
||||
"numSessions": 2
|
||||
}
|
||||
},
|
||||
|
|
@ -102,8 +102,8 @@
|
|||
"ocspURL": "http://ca.example.org:4002/",
|
||||
"crlURLBase": "http://ca.example.org:4501/rsa-a/",
|
||||
"location": {
|
||||
"configFile": "/hierarchy/int-rsa-a.pkcs11.json",
|
||||
"certFile": "/hierarchy/int-rsa-a.cert.pem",
|
||||
"configFile": "test/certs/webpki/int-rsa-a.pkcs11.json",
|
||||
"certFile": "test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"numSessions": 2
|
||||
}
|
||||
},
|
||||
|
|
@ -113,8 +113,8 @@
|
|||
"ocspURL": "http://ca.example.org:4002/",
|
||||
"crlURLBase": "http://ca.example.org:4501/rsa-b/",
|
||||
"location": {
|
||||
"configFile": "/hierarchy/int-rsa-b.pkcs11.json",
|
||||
"certFile": "/hierarchy/int-rsa-b.cert.pem",
|
||||
"configFile": "test/certs/webpki/int-rsa-b.pkcs11.json",
|
||||
"certFile": "test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"numSessions": 2
|
||||
}
|
||||
},
|
||||
|
|
@ -124,8 +124,8 @@
|
|||
"ocspURL": "http://ca.example.org:4002/",
|
||||
"crlURLBase": "http://ca.example.org:4501/rsa-c/",
|
||||
"location": {
|
||||
"configFile": "/hierarchy/int-rsa-c.pkcs11.json",
|
||||
"certFile": "/hierarchy/int-rsa-c.cert.pem",
|
||||
"configFile": "test/certs/webpki/int-rsa-c.pkcs11.json",
|
||||
"certFile": "test/certs/webpki/int-rsa-c.cert.pem",
|
||||
"numSessions": 2
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"crlStorer": {
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/crl-storer.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/crl-storer.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/crl-storer.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/crl-storer.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"maxConnectionAge": "30s",
|
||||
|
|
@ -21,12 +21,12 @@
|
|||
}
|
||||
},
|
||||
"issuerCerts": [
|
||||
"/hierarchy/int-rsa-a.cert.pem",
|
||||
"/hierarchy/int-rsa-b.cert.pem",
|
||||
"/hierarchy/int-rsa-c.cert.pem",
|
||||
"/hierarchy/int-ecdsa-a.cert.pem",
|
||||
"/hierarchy/int-ecdsa-b.cert.pem",
|
||||
"/hierarchy/int-ecdsa-c.cert.pem"
|
||||
"test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"test/certs/webpki/int-rsa-c.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-a.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-b.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-c.cert.pem"
|
||||
],
|
||||
"s3Endpoint": "http://localhost:4501",
|
||||
"s3Bucket": "lets-encrypt-crls",
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"crlUpdater": {
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/crl-updater.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/crl-updater.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/crl-updater.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/crl-updater.boulder/key.pem"
|
||||
},
|
||||
"saService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
@ -36,12 +36,12 @@
|
|||
"hostOverride": "crl-storer.boulder"
|
||||
},
|
||||
"issuerCerts": [
|
||||
"/hierarchy/int-rsa-a.cert.pem",
|
||||
"/hierarchy/int-rsa-b.cert.pem",
|
||||
"/hierarchy/int-rsa-c.cert.pem",
|
||||
"/hierarchy/int-ecdsa-a.cert.pem",
|
||||
"/hierarchy/int-ecdsa-b.cert.pem",
|
||||
"/hierarchy/int-ecdsa-c.cert.pem"
|
||||
"test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"test/certs/webpki/int-rsa-c.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-a.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-b.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-c.cert.pem"
|
||||
],
|
||||
"numShards": 10,
|
||||
"shardWidth": "240h",
|
||||
|
|
|
|||
|
|
@ -19,9 +19,9 @@
|
|||
"emailTemplate": "test/config-next/expiration-mailer.gotmpl",
|
||||
"parallelSends": 10,
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/expiration-mailer.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/expiration-mailer.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/expiration-mailer.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/expiration-mailer.boulder/key.pem"
|
||||
},
|
||||
"saService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
"timeout": "1s"
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/health-checker.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/health-checker.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/health-checker.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/health-checker.boulder/key.pem"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,9 +29,9 @@
|
|||
}
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/nonce.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/nonce.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/nonce.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/nonce.boulder/key.pem"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,9 +29,9 @@
|
|||
}
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/nonce.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/nonce.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/nonce.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/nonce.boulder/key.pem"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,9 +17,9 @@
|
|||
}
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/ocsp-responder.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/ocsp-responder.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/ocsp-responder.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/ocsp-responder.boulder/key.pem"
|
||||
},
|
||||
"raService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
@ -44,12 +44,12 @@
|
|||
"logSampleRate": 1,
|
||||
"path": "/",
|
||||
"issuerCerts": [
|
||||
"/hierarchy/int-rsa-a.cert.pem",
|
||||
"/hierarchy/int-rsa-b.cert.pem",
|
||||
"/hierarchy/int-rsa-c.cert.pem",
|
||||
"/hierarchy/int-ecdsa-a.cert.pem",
|
||||
"/hierarchy/int-ecdsa-b.cert.pem",
|
||||
"/hierarchy/int-ecdsa-c.cert.pem"
|
||||
"test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"test/certs/webpki/int-rsa-c.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-a.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-b.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-c.cert.pem"
|
||||
],
|
||||
"liveSigningPeriod": "60h",
|
||||
"timeout": "4.9s",
|
||||
|
|
|
|||
|
|
@ -4,20 +4,20 @@
|
|||
"blockProfileRate": 1000000000,
|
||||
"chains": [
|
||||
[
|
||||
"/hierarchy/int-rsa-a.cert.pem",
|
||||
"/hierarchy/root-rsa.cert.pem"
|
||||
"test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"test/certs/webpki/root-rsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-rsa-b.cert.pem",
|
||||
"/hierarchy/root-rsa.cert.pem"
|
||||
"test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"test/certs/webpki/root-rsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-ecdsa-a.cert.pem",
|
||||
"/hierarchy/root-ecdsa.cert.pem"
|
||||
"test/certs/webpki/int-ecdsa-a.cert.pem",
|
||||
"test/certs/webpki/root-ecdsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-ecdsa-b.cert.pem",
|
||||
"/hierarchy/root-ecdsa.cert.pem"
|
||||
"test/certs/webpki/int-ecdsa-b.cert.pem",
|
||||
"test/certs/webpki/root-ecdsa.cert.pem"
|
||||
]
|
||||
],
|
||||
"grpc": {
|
||||
|
|
@ -36,9 +36,9 @@
|
|||
}
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/publisher.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/publisher.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/publisher.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/publisher.boulder/key.pem"
|
||||
},
|
||||
"features": {}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -14,17 +14,17 @@
|
|||
"orderLifetime": "168h",
|
||||
"finalizeTimeout": "30s",
|
||||
"issuerCerts": [
|
||||
"/hierarchy/int-rsa-a.cert.pem",
|
||||
"/hierarchy/int-rsa-b.cert.pem",
|
||||
"/hierarchy/int-rsa-c.cert.pem",
|
||||
"/hierarchy/int-ecdsa-a.cert.pem",
|
||||
"/hierarchy/int-ecdsa-b.cert.pem",
|
||||
"/hierarchy/int-ecdsa-c.cert.pem"
|
||||
"test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"test/certs/webpki/int-rsa-c.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-a.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-b.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-c.cert.pem"
|
||||
],
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/ra.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/ra.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/ra.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/ra.boulder/key.pem"
|
||||
},
|
||||
"vaService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@
|
|||
"dnsAllowLoopbackAddresses": true,
|
||||
"issuerDomain": "happy-hacker-ca.invalid",
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/rva.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/rva.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/rva.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/rva.boulder/key.pem"
|
||||
},
|
||||
"skipGRPCClientCertVerification": true,
|
||||
"grpc": {
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@
|
|||
"dnsAllowLoopbackAddresses": true,
|
||||
"issuerDomain": "happy-hacker-ca.invalid",
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/rva.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/rva.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/rva.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/rva.boulder/key.pem"
|
||||
},
|
||||
"skipGRPCClientCertVerification": true,
|
||||
"grpc": {
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@
|
|||
"ParallelismPerRPC": 20,
|
||||
"lagFactor": "200ms",
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/sa.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/sa.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/sa.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/sa.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"maxConnectionAge": "30s",
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@
|
|||
"dnsAllowLoopbackAddresses": true,
|
||||
"issuerDomain": "happy-hacker-ca.invalid",
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/rva.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/rva.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/rva.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/rva.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"maxConnectionAge": "30s",
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@
|
|||
"dnsAllowLoopbackAddresses": true,
|
||||
"issuerDomain": "happy-hacker-ca.invalid",
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/rva.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/rva.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/rva.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/rva.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"maxConnectionAge": "30s",
|
||||
|
|
|
|||
|
|
@ -13,9 +13,9 @@
|
|||
"dnsAllowLoopbackAddresses": true,
|
||||
"issuerDomain": "happy-hacker-ca.invalid",
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/va.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/va.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/va.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/va.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"maxConnectionAge": "30s",
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@
|
|||
"blockedKeyFile": "test/example-blocked-keys.yaml"
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/wfe.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/wfe.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/wfe.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/wfe.boulder/key.pem"
|
||||
},
|
||||
"raService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
@ -75,28 +75,28 @@
|
|||
},
|
||||
"chains": [
|
||||
[
|
||||
"/hierarchy/int-rsa-a.cert.pem",
|
||||
"/hierarchy/root-rsa.cert.pem"
|
||||
"test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"test/certs/webpki/root-rsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-rsa-b.cert.pem",
|
||||
"/hierarchy/root-rsa.cert.pem"
|
||||
"test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"test/certs/webpki/root-rsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-ecdsa-a.cert.pem",
|
||||
"/hierarchy/root-ecdsa.cert.pem"
|
||||
"test/certs/webpki/int-ecdsa-a.cert.pem",
|
||||
"test/certs/webpki/root-ecdsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-ecdsa-b.cert.pem",
|
||||
"/hierarchy/root-ecdsa.cert.pem"
|
||||
"test/certs/webpki/int-ecdsa-b.cert.pem",
|
||||
"test/certs/webpki/root-ecdsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-ecdsa-a-cross.cert.pem",
|
||||
"/hierarchy/root-rsa.cert.pem"
|
||||
"test/certs/webpki/int-ecdsa-a-cross.cert.pem",
|
||||
"test/certs/webpki/root-rsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-ecdsa-b-cross.cert.pem",
|
||||
"/hierarchy/root-rsa.cert.pem"
|
||||
"test/certs/webpki/int-ecdsa-b-cross.cert.pem",
|
||||
"test/certs/webpki/root-rsa.cert.pem"
|
||||
]
|
||||
],
|
||||
"staleTimeout": "5m",
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@
|
|||
"maxOpenConns": 1
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem"
|
||||
},
|
||||
"raService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@
|
|||
},
|
||||
"debugAddr": ":8014",
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/admin-revoker.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/admin-revoker.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/admin-revoker.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/admin-revoker.boulder/key.pem"
|
||||
},
|
||||
"raService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
|
|||
|
|
@ -9,9 +9,9 @@
|
|||
"accessToken": "idk-how-this-is-different-from-client-token-but-okay",
|
||||
"v3Network": "staging",
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/akamai-purger.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/akamai-purger.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/akamai-purger.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/akamai-purger.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"address": ":9099",
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@
|
|||
},
|
||||
"debugAddr": ":8020",
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/bad-key-revoker.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/bad-key-revoker.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/bad-key-revoker.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/bad-key-revoker.boulder/key.pem"
|
||||
},
|
||||
"raService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@
|
|||
"ca": {
|
||||
"debugAddr": ":8001",
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/ca.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/ca.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/ca.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/ca.boulder/key.pem"
|
||||
},
|
||||
"hostnamePolicyFile": "test/hostname-policy.yaml",
|
||||
"grpcCA": {
|
||||
|
|
@ -65,8 +65,8 @@
|
|||
"ocspURL": "http://ca.example.org:4002/",
|
||||
"crlURLBase": "http://ca.example.org:4501/ecdsa-a/",
|
||||
"location": {
|
||||
"configFile": "/hierarchy/int-ecdsa-a.pkcs11.json",
|
||||
"certFile": "/hierarchy/int-ecdsa-a.cert.pem",
|
||||
"configFile": "test/certs/webpki/int-ecdsa-a.pkcs11.json",
|
||||
"certFile": "test/certs/webpki/int-ecdsa-a.cert.pem",
|
||||
"numSessions": 2
|
||||
}
|
||||
},
|
||||
|
|
@ -77,8 +77,8 @@
|
|||
"ocspURL": "http://ca.example.org:4002/",
|
||||
"crlURLBase": "http://ca.example.org:4501/rsa-a/",
|
||||
"location": {
|
||||
"configFile": "/hierarchy/int-rsa-a.pkcs11.json",
|
||||
"certFile": "/hierarchy/int-rsa-a.cert.pem",
|
||||
"configFile": "test/certs/webpki/int-rsa-a.pkcs11.json",
|
||||
"certFile": "test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"numSessions": 2
|
||||
}
|
||||
},
|
||||
|
|
@ -89,8 +89,8 @@
|
|||
"ocspURL": "http://ca.example.org:4003/",
|
||||
"crlURLBase": "http://ca.example.org:4501/rsa-b/",
|
||||
"location": {
|
||||
"configFile": "/hierarchy/int-rsa-b.pkcs11.json",
|
||||
"certFile": "/hierarchy/int-rsa-b.cert.pem",
|
||||
"configFile": "test/certs/webpki/int-rsa-b.pkcs11.json",
|
||||
"certFile": "test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"numSessions": 2
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@
|
|||
"crlStorer": {
|
||||
"debugAddr": ":9667",
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/crl-storer.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/crl-storer.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/crl-storer.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/crl-storer.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"address": ":9309",
|
||||
|
|
@ -23,9 +23,9 @@
|
|||
}
|
||||
},
|
||||
"issuerCerts": [
|
||||
"/hierarchy/int-rsa-a.cert.pem",
|
||||
"/hierarchy/int-rsa-b.cert.pem",
|
||||
"/hierarchy/int-ecdsa-a.cert.pem"
|
||||
"test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-a.cert.pem"
|
||||
],
|
||||
"s3Endpoint": "http://localhost:4501",
|
||||
"s3Bucket": "lets-encrypt-crls",
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"crlUpdater": {
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/crl-updater.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/crl-updater.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/crl-updater.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/crl-updater.boulder/key.pem"
|
||||
},
|
||||
"saService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
@ -36,9 +36,9 @@
|
|||
"hostOverride": "crl-storer.boulder"
|
||||
},
|
||||
"issuerCerts": [
|
||||
"/hierarchy/int-rsa-a.cert.pem",
|
||||
"/hierarchy/int-rsa-b.cert.pem",
|
||||
"/hierarchy/int-ecdsa-a.cert.pem"
|
||||
"test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-a.cert.pem"
|
||||
],
|
||||
"numShards": 10,
|
||||
"shardWidth": "240h",
|
||||
|
|
|
|||
|
|
@ -17,9 +17,9 @@
|
|||
"emailTemplate": "test/config/expiration-mailer.gotmpl",
|
||||
"debugAddr": ":8008",
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/expiration-mailer.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/expiration-mailer.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/expiration-mailer.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/expiration-mailer.boulder/key.pem"
|
||||
},
|
||||
"saService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
"timeout": "1s"
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/health-checker.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/health-checker.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/health-checker.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/health-checker.boulder/key.pem"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,9 +27,9 @@
|
|||
}
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/nonce.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/nonce.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/nonce.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/nonce.boulder/key.pem"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,9 +27,9 @@
|
|||
}
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/nonce.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/nonce.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/nonce.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/nonce.boulder/key.pem"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,9 +21,9 @@
|
|||
}
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/ocsp-responder.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/ocsp-responder.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/ocsp-responder.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/ocsp-responder.boulder/key.pem"
|
||||
},
|
||||
"raService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
@ -49,9 +49,9 @@
|
|||
"path": "/",
|
||||
"listenAddress": "0.0.0.0:4002",
|
||||
"issuerCerts": [
|
||||
"/hierarchy/int-rsa-a.cert.pem",
|
||||
"/hierarchy/int-rsa-b.cert.pem",
|
||||
"/hierarchy/int-ecdsa-a.cert.pem"
|
||||
"test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-a.cert.pem"
|
||||
],
|
||||
"liveSigningPeriod": "60h",
|
||||
"timeout": "4.9s",
|
||||
|
|
|
|||
|
|
@ -4,20 +4,20 @@
|
|||
"blockProfileRate": 1000000000,
|
||||
"chains": [
|
||||
[
|
||||
"/hierarchy/int-rsa-a.cert.pem",
|
||||
"/hierarchy/root-rsa.cert.pem"
|
||||
"test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"test/certs/webpki/root-rsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-rsa-b.cert.pem",
|
||||
"/hierarchy/root-rsa.cert.pem"
|
||||
"test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"test/certs/webpki/root-rsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-ecdsa-a.cert.pem",
|
||||
"/hierarchy/root-ecdsa.cert.pem"
|
||||
"test/certs/webpki/int-ecdsa-a.cert.pem",
|
||||
"test/certs/webpki/root-ecdsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-ecdsa-b.cert.pem",
|
||||
"/hierarchy/root-ecdsa.cert.pem"
|
||||
"test/certs/webpki/int-ecdsa-b.cert.pem",
|
||||
"test/certs/webpki/root-ecdsa.cert.pem"
|
||||
]
|
||||
],
|
||||
"debugAddr": ":8009",
|
||||
|
|
@ -38,9 +38,9 @@
|
|||
}
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/publisher.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/publisher.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/publisher.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/publisher.boulder/key.pem"
|
||||
},
|
||||
"features": {}
|
||||
},
|
||||
|
|
|
|||
|
|
@ -14,14 +14,14 @@
|
|||
},
|
||||
"orderLifetime": "168h",
|
||||
"issuerCerts": [
|
||||
"/hierarchy/int-rsa-a.cert.pem",
|
||||
"/hierarchy/int-rsa-b.cert.pem",
|
||||
"/hierarchy/int-ecdsa-a.cert.pem"
|
||||
"test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"test/certs/webpki/int-ecdsa-a.cert.pem"
|
||||
],
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/ra.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/ra.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/ra.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/ra.boulder/key.pem"
|
||||
},
|
||||
"vaService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
|
|||
|
|
@ -14,9 +14,9 @@
|
|||
"dnsAllowLoopbackAddresses": true,
|
||||
"issuerDomain": "happy-hacker-ca.invalid",
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/rva.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/rva.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/rva.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/rva.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"maxConnectionAge": "30s",
|
||||
|
|
|
|||
|
|
@ -14,9 +14,9 @@
|
|||
"dnsAllowLoopbackAddresses": true,
|
||||
"issuerDomain": "happy-hacker-ca.invalid",
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/rva.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/rva.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/rva.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/rva.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"maxConnectionAge": "30s",
|
||||
|
|
|
|||
|
|
@ -11,9 +11,9 @@
|
|||
"ParallelismPerRPC": 20,
|
||||
"debugAddr": ":8003",
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/sa.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/sa.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/sa.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/sa.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"maxConnectionAge": "30s",
|
||||
|
|
|
|||
|
|
@ -14,9 +14,9 @@
|
|||
"dnsAllowLoopbackAddresses": true,
|
||||
"issuerDomain": "happy-hacker-ca.invalid",
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/rva.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/rva.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/rva.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/rva.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"maxConnectionAge": "30s",
|
||||
|
|
|
|||
|
|
@ -14,9 +14,9 @@
|
|||
"dnsAllowLoopbackAddresses": true,
|
||||
"issuerDomain": "happy-hacker-ca.invalid",
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/rva.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/rva.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/rva.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/rva.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"maxConnectionAge": "30s",
|
||||
|
|
|
|||
|
|
@ -14,9 +14,9 @@
|
|||
"dnsAllowLoopbackAddresses": true,
|
||||
"issuerDomain": "happy-hacker-ca.invalid",
|
||||
"tls": {
|
||||
"caCertfile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/va.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/va.boulder/key.pem"
|
||||
"caCertfile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/va.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/va.boulder/key.pem"
|
||||
},
|
||||
"grpc": {
|
||||
"maxConnectionAge": "30s",
|
||||
|
|
|
|||
|
|
@ -17,9 +17,9 @@
|
|||
"blockedKeyFile": "test/example-blocked-keys.yaml"
|
||||
},
|
||||
"tls": {
|
||||
"caCertFile": "test/grpc-creds/minica.pem",
|
||||
"certFile": "test/grpc-creds/wfe.boulder/cert.pem",
|
||||
"keyFile": "test/grpc-creds/wfe.boulder/key.pem"
|
||||
"caCertFile": "test/certs/ipki/minica.pem",
|
||||
"certFile": "test/certs/ipki/wfe.boulder/cert.pem",
|
||||
"keyFile": "test/certs/ipki/wfe.boulder/key.pem"
|
||||
},
|
||||
"raService": {
|
||||
"dnsAuthority": "consul.service.consul",
|
||||
|
|
@ -77,28 +77,28 @@
|
|||
},
|
||||
"chains": [
|
||||
[
|
||||
"/hierarchy/int-rsa-a.cert.pem",
|
||||
"/hierarchy/root-rsa.cert.pem"
|
||||
"test/certs/webpki/int-rsa-a.cert.pem",
|
||||
"test/certs/webpki/root-rsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-rsa-b.cert.pem",
|
||||
"/hierarchy/root-rsa.cert.pem"
|
||||
"test/certs/webpki/int-rsa-b.cert.pem",
|
||||
"test/certs/webpki/root-rsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-ecdsa-a.cert.pem",
|
||||
"/hierarchy/root-ecdsa.cert.pem"
|
||||
"test/certs/webpki/int-ecdsa-a.cert.pem",
|
||||
"test/certs/webpki/root-ecdsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-ecdsa-b.cert.pem",
|
||||
"/hierarchy/root-ecdsa.cert.pem"
|
||||
"test/certs/webpki/int-ecdsa-b.cert.pem",
|
||||
"test/certs/webpki/root-ecdsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-ecdsa-a-cross.cert.pem",
|
||||
"/hierarchy/root-rsa.cert.pem"
|
||||
"test/certs/webpki/int-ecdsa-a-cross.cert.pem",
|
||||
"test/certs/webpki/root-rsa.cert.pem"
|
||||
],
|
||||
[
|
||||
"/hierarchy/int-ecdsa-b-cross.cert.pem",
|
||||
"/hierarchy/root-rsa.cert.pem"
|
||||
"test/certs/webpki/int-ecdsa-b-cross.cert.pem",
|
||||
"test/certs/webpki/root-rsa.cert.pem"
|
||||
]
|
||||
],
|
||||
"staleTimeout": "5m",
|
||||
|
|
|
|||
|
|
@ -10,10 +10,10 @@ log_level = "ERROR"
|
|||
enable_agent_tls_for_checks = true
|
||||
tls {
|
||||
defaults {
|
||||
ca_file = "test/grpc-creds/minica.pem"
|
||||
ca_path = "test/grpc-creds/minica-key.pem"
|
||||
cert_file = "test/grpc-creds/consul.boulder/cert.pem"
|
||||
key_file = "test/grpc-creds/consul.boulder/key.pem"
|
||||
ca_file = "test/certs/ipki/minica.pem"
|
||||
ca_path = "test/certs/ipki/minica-key.pem"
|
||||
cert_file = "test/certs/ipki/consul.boulder/cert.pem"
|
||||
key_file = "test/certs/ipki/consul.boulder/key.pem"
|
||||
verify_incoming = false
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,10 +14,6 @@ blocked:
|
|||
- F4j7m0doxdWXdKOzeYjL6onsVYLLU2jb7xr994zlFFg=
|
||||
# test/test-ca.pem
|
||||
- F4j7m0doxdWXdKOzeYjL6onsVYLLU2jb7xr994zlFFg=
|
||||
# test/test-example.pem
|
||||
- 6E/Drp3Lzo85pYykpzx/tZpQZXeovto8/ezq1DBiSCc=
|
||||
# test/test-root.pem
|
||||
- Jy5HDlBtUvKkLtEsGbdp0o9LvVJx1lYG3R+n5G/KgIo=
|
||||
# test/block-a-key/test/test.ecdsa.cert.pem
|
||||
- cuwGhNNI6nfob5aqY90e7BleU6l7rfxku4X3UTJ3Z7M=
|
||||
# test/block-a-key/test/test.rsa.cert.pem
|
||||
|
|
|
|||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDDjCCAfagAwIBAgIIQbFdR2fXsHswDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIzMTIwODE4MDkzMloXDTI2MDEw
|
||||
NzE4MDkzMlowFjEUMBIGA1UEAxMLMTAuNzcuNzcuNzcwggEiMA0GCSqGSIb3DQEB
|
||||
AQUAA4IBDwAwggEKAoIBAQCrE64Z4Yh4E6aQ1zQiNgCvW5LWBI9yZZybZxLV5J1C
|
||||
yMtpgY3YsCPZ/6JUI4SvabenU5Pa3T407eHjmDCRNce04j4BE6e7psPjRa7hvI2A
|
||||
+IvLB7eiaCnE+sdAMFsLxraWwTu67tmeRxYxWScMpULlFren3HNNqmtAN3a4yGy5
|
||||
y2pHMgCnOSE9R53tuF2uqJ8BRW44VLDt4kZ9hwm0dW8EJY8MBCACPGtW2YwBG/5E
|
||||
zrRKDWSBl9g3mYOwgRdxUMV1h0eVr/llVFb+/UZCLUb5zq/zKKEkYOT4Ihr7wtin
|
||||
ahLwwVwdUsMNE9NzljMC/aIR74qhBeN2xAJ3ZZQKrqL1AgMBAAGjVjBUMA4GA1Ud
|
||||
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
|
||||
AQH/BAIwADAVBgNVHREEDjAMhwQKTU1NhwQKWFhYMA0GCSqGSIb3DQEBCwUAA4IB
|
||||
AQCOa5b+zRgQBhlPWiC04K5C/Ys3dUtqKhKrWvPIiraNi792X/T5t1ZL9liV9A6n
|
||||
b10hHcCDIfyRFIJRyE8G2fyzqNlGwCr8J6puWrg4wMPt8q+6a4r2ZqaXm3aQTfGs
|
||||
4Tgxz10gOVimeiUshVyrpaceyiboOKxJbBRuLNTTK9Jp74fWRd+F8KAINWN+SpF4
|
||||
6ggzXNiPYZZTBPGeAOMyf0rnf7CWAbw017uHhCiykJkMy8sZJcmQF49gDZTIN9pt
|
||||
eI0SeB4ku5lgAOunqrTGyPLeVaevtcU//TdATuukhnCFes6vt/6yC+sWQEhEQw7P
|
||||
y2Kp8T8KcOlTeKr8Cb07B2M0
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAqxOuGeGIeBOmkNc0IjYAr1uS1gSPcmWcm2cS1eSdQsjLaYGN
|
||||
2LAj2f+iVCOEr2m3p1OT2t0+NO3h45gwkTXHtOI+AROnu6bD40Wu4byNgPiLywe3
|
||||
omgpxPrHQDBbC8a2lsE7uu7ZnkcWMVknDKVC5Ra3p9xzTaprQDd2uMhsuctqRzIA
|
||||
pzkhPUed7bhdrqifAUVuOFSw7eJGfYcJtHVvBCWPDAQgAjxrVtmMARv+RM60Sg1k
|
||||
gZfYN5mDsIEXcVDFdYdHla/5ZVRW/v1GQi1G+c6v8yihJGDk+CIa+8LYp2oS8MFc
|
||||
HVLDDRPTc5YzAv2iEe+KoQXjdsQCd2WUCq6i9QIDAQABAoIBACgZH8ifLT5/1J3E
|
||||
Y0rVf4manCsfvIOiv3dJTIfn4thhehQLsrSkbHLPUTwJazM2Qz6r/07gZpE/ZJ/U
|
||||
7yVKBromAUR9V+ZK60Uc8yWj7ULafuGiuG8PnSK3aPZpnx1+gROKzTY+f7FylggR
|
||||
Dm8PWUOa9Icay8fbdvIBTgl3qMxPOCgLyXNXNJHcKIPb71L1T5EL2H9Z5vHF9tFy
|
||||
TnbpeK0GlmBHIeseVaFzruin3sqxjRftVEgTL5XhTq/9uY3EUutq8SGRoidbpp/+
|
||||
cr0I1IpFcrJVmJHKdfJkdRI2u3LtMKS3bpqJU7MKn1DRzvQatdSQwn/V8wU3iG8o
|
||||
04dus60CgYEA3IBOLJRfMFgj6LbMSySoP8JIzVvnBHIMXGd7mzuYUlV2GjVO5oD2
|
||||
nh4Q3eGDT2TZ1GbaGGHLhpCXIx87oSXHZz+vw+sDh+WHEApLKZMRZLMxAbNcsPQL
|
||||
fhcmaQVkfxaV78rrt8TYuLDIU//bOTwGJ48Maj92RT1z5hOOiBkdQe8CgYEAxp5p
|
||||
Au9kiJFEIgHVtEN+1qHfnwZJI0xOkDfsd+a1J6PZLimHAfiYETAHfJq1cMC4Mt/G
|
||||
4l/WDqwcWXI/9A/gN7NRv0miQ+tDyVHntohaGoU+0hm6QfXag6VloWs/X8mlzCeu
|
||||
46AXAni4lbW9nNWwImEL1uSC/Oo5vB45OpHR/VsCgYAivfyTPZV58olF43dw54ey
|
||||
9BOwd6iApM+Zx5xMKymm31xKaNfTrcIty6LwstWTrto7gzEd4lrFCwclO4iTrXYr
|
||||
qHczMVZPFTUgq96H4Go/KZSxJeeW4fzlkxQ0O+tHsvFQ5PIa9GMJRqFpyshpzjFS
|
||||
DlHwc6tY4YPfXnl4rCxV9QKBgAsrwbA+kqLzuKdI/yICYdHkjNU+30Iy+oA2BQDB
|
||||
YxL1rjNgdo1v0+2zi9hAQ1AyJqoF2APHbByrJXUKbfpmIjA/z6s4kv3K76cVCjlD
|
||||
9f1j3SKn+8fV8hJRbSPlCk1y4/ZVjQqUaHblH0ycSivWAPAOEUJm288pxVGFSaa3
|
||||
qN3dAoGBAIGSn1PSjIVqypCQBBydedS4WDjqwkLoL0bOOZRLxgk+dtfD2l8wKqWp
|
||||
Helyqym23d58QPb0ZwMU3g/0pZXDqX+w+bnUvAvjfADmFNe6T1nWYiu9Mn5YHAyO
|
||||
G5s2aHfB8aSIqQSRASlWgFEmftfpuapRGAmOyZr2JYZuaELkvPmP
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1 +0,0 @@
|
|||
See ../test/PKI.md
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDIzCCAgugAwIBAgIII+r9Aa122b8wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0M1oXDTI0MTEw
|
||||
MjE4MzI0M1owIDEeMBwGA1UEAxMVYWRtaW4tcmV2b2tlci5ib3VsZGVyMIIBIjAN
|
||||
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OdP0AAqG+mEdTSvVCtQcGbxpPyd
|
||||
92EnovjLUaTw8VsNkzuhVayysBKGRemYY5ezQPcTSk5zXZ8QvwcXSuzHM6tD5Gzi
|
||||
z7vVjunWGTTbbzZyu6Kx9NudSbYl+jetPsj2GJkKbPa5eUCkdIAtEBtga+tLCAx+
|
||||
fCd/1ldqV1pNJoxjK3IYjOBq7PnDd6Ths74KFcBQ5+6jySOo9eJUleX8AD/7WKRt
|
||||
LRJ/oUmZnYZTrKSeKm/7uD/fz5ZO+A5bAlJl2zz0JMiQV06/TelhDSsKzD7OMD5m
|
||||
bKDRv8S1rw77DJN4CtWwzuj9OHVCUTBRRPbeVZ8dDkZBU8u9DQeJp2+vcwIDAQAB
|
||||
o2EwXzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
|
||||
BwMCMAwGA1UdEwEB/wQCMAAwIAYDVR0RBBkwF4IVYWRtaW4tcmV2b2tlci5ib3Vs
|
||||
ZGVyMA0GCSqGSIb3DQEBCwUAA4IBAQBMy1TRdqMV5jUIOXdAkiI3TosDM2vrRMCF
|
||||
TIfmhlE8lAy/PkoTX3i7aUPd1MYfJw18XGwaS0R+hlDusZPSgj4GmatDO19nrRoQ
|
||||
fK7Jv1vWT40uLr2KbuQcdtJtPHcBZD7H/j3nIFYgCy4KRX0Hf+a0OCKIMuQpafv/
|
||||
z8iysucwB21EndkbG/WhPBjCP/OuFYjsF4oGtndssnNm7Hze+2wBwyLRoBdets/+
|
||||
Wc64SZ+rPf8zab2qsxk5HS4xgOxL1qQJF6s1YgCJlZnMTWA0iAyZb2P5/g+Lsh9r
|
||||
5R1JRKCLCyg+skhZhPPG2Y5B0RWLiq+H3RsX7RWNwqc5cZTL1EDv
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA2OdP0AAqG+mEdTSvVCtQcGbxpPyd92EnovjLUaTw8VsNkzuh
|
||||
VayysBKGRemYY5ezQPcTSk5zXZ8QvwcXSuzHM6tD5Gziz7vVjunWGTTbbzZyu6Kx
|
||||
9NudSbYl+jetPsj2GJkKbPa5eUCkdIAtEBtga+tLCAx+fCd/1ldqV1pNJoxjK3IY
|
||||
jOBq7PnDd6Ths74KFcBQ5+6jySOo9eJUleX8AD/7WKRtLRJ/oUmZnYZTrKSeKm/7
|
||||
uD/fz5ZO+A5bAlJl2zz0JMiQV06/TelhDSsKzD7OMD5mbKDRv8S1rw77DJN4CtWw
|
||||
zuj9OHVCUTBRRPbeVZ8dDkZBU8u9DQeJp2+vcwIDAQABAoIBAQDYQGZ2fnN9OKhz
|
||||
In/bbwPXzQsG70WfKiIWfe5YDBacy6cRL9Z+UJwmp5FviqIASXLSRoPZBbZHlRth
|
||||
GXTDoqZIgWxDBbxsWF1nCwQGRYixrJtfL6o08fAzWYMroO79NecGRy75zFLG7QgJ
|
||||
jvFeqazMa952u94vckImNSk0xjc9Qcwnb+DJyyDITTp0nSYS3MeBFcP3wXD3JpaX
|
||||
eTpgk67Z3GWQpgzxcB1t7YTh8PEmcqz1ck4vQDJbSomjCfipxM+e2RS1jkCXl9NP
|
||||
anQ4doK7xQAFwO90ZS9+fwffn0ath8qJEtb+wMrZeS6HbisvRw4ye+zK1CWYsi13
|
||||
oMNgm7jBAoGBAPWPWZHm2r+02pOE5ll1/ZlL0tS8vNzLF82MK6KNioDLO5qBpWkw
|
||||
z/WYPUXvFrG1FFmBiI4BF0S9pGT2UN7rTYfkq01cH8d7e4zDBKaUR8zAalCfUvbH
|
||||
8eDdxA0+OPuBsQftPOkX0gNeUHAQF4h6VWAk+rJ5Qp+KHRa2FI9EpymbAoGBAOIg
|
||||
EYkSNJSPV/SngVKwvaBEaf5xaiFqr3rxyw/GUt0ufCEZJgxHHsvNW62f1qG7/tXn
|
||||
/HYwFs/W28giOsBLf5KFJhzkcxmbzcN6noESBcFGBU8moRmFalx8tJPSZYsk9e75
|
||||
3AslH265W7BCdSDgoBeklxEVvT95kYnjXD/6sbsJAoGAZIw8/dwMSCEyuuLZO1pv
|
||||
69w7SPa7UqEqbvTtTRMt2kzdbAeYBnmBPawHsuISZdOisH+0vYi+0Vvhu6GMPasV
|
||||
xQYiCnwlWxY54cpc1iSzPaiwH7ENVJVMemn0BAQtavaQ2ZEPttYVHWH6B9je+fg1
|
||||
ize5G2lBmXgBLzKBOqS+2e8CgYEA16A42HqRxTBDcTrhqRZ8XH2gjU9dIux21UgI
|
||||
mMxHbD7Ng0pV69NN3I3A5HnM04FPam7DYXhN6Hc8MUXivEfCKNfrFhYKY9schVFC
|
||||
IFYtQrYgje+KI6oDWJpaH7O7vMnL8sw0NjR6Gr2KXzOgOW+5eZIrs9EFG6gzTkeO
|
||||
SjwmivECgYAiApXx3ie+bHXObfGoYP1QSGStC3jQrvCktPMH8/dn/cTYI0DYOvqu
|
||||
Xrl8KinPU6y7qe77fLXgvD20uiJom3JdT3n7MdbyhGDmrVdSN8qT8l9LCsk+VKjA
|
||||
0V2M6gXDvEqSdTmu/Wp7KaEirg6gUGFGMbCuPFHtlYimsNKwzbKRQQ==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDIzCCAgugAwIBAgIIW5j5C55IeY8wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw
|
||||
MjE4MzI0NFowIDEeMBwGA1UEAxMVYWthbWFpLXB1cmdlci5ib3VsZGVyMIIBIjAN
|
||||
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWCOH+WOneLVMJOkPhza3fmH2Qg6
|
||||
2ROwwG9QUxSqBvRatXxwikJkahG4MC8vdLUvbg3WnB1yqiUJkbcobbc8KX5yS9QP
|
||||
a0RhyCaJNvVXeZQTFVNiD2ncZepuGRp0y7FGC1mqDQbx8WVMwq3qZlABeMu8mzoL
|
||||
ygWmKII73Z9cFfCbZCyI+/jY+OY5t6Gh6bMGsBxJuwn6VatvuuLX/0IXREf1srJm
|
||||
1r9k1usS2nb2WuYD3zS7pr3xizhjxPPBcFNlxyNEhObkgI67amTByZTTBKA6hnh3
|
||||
bQTV3G4UWCQVY56gDlGPNc0ke2Mrku/cgftFXK5d6hotATqM91d1nV4G4QIDAQAB
|
||||
o2EwXzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
|
||||
BwMCMAwGA1UdEwEB/wQCMAAwIAYDVR0RBBkwF4IVYWthbWFpLXB1cmdlci5ib3Vs
|
||||
ZGVyMA0GCSqGSIb3DQEBCwUAA4IBAQAdCgi6pSIIJu7Mp0zUWEF8XDadu8ys6j8F
|
||||
RUiVJwEsxPlS8yMwdcK5r0fs0A869aeFJ0+1aWR2pgSQojhhBqYYqtO41J4BW/RM
|
||||
n2sksSdr+Xyg7pU7jtsrT8x7peZHlgnm/lGkj4BwTg7phMNKTlcnbubMZDfzrqGm
|
||||
6nFkTDyVRrNsoQIQNEW5zWuOEwYVtYhC5g/0De3bRgNuWgBFeW6WANuZNdX6PzoM
|
||||
q1a9sc0HNfH/3mFyVYFY9HTWvnwMhWH3rh3bF14yGy5atyp9QffgB++xTV2rnknk
|
||||
6y6iB2ULsX0wzcaDsJRTgXFaZpIXYjrOyzQBCUfqut7wdgNKDznI
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAxWCOH+WOneLVMJOkPhza3fmH2Qg62ROwwG9QUxSqBvRatXxw
|
||||
ikJkahG4MC8vdLUvbg3WnB1yqiUJkbcobbc8KX5yS9QPa0RhyCaJNvVXeZQTFVNi
|
||||
D2ncZepuGRp0y7FGC1mqDQbx8WVMwq3qZlABeMu8mzoLygWmKII73Z9cFfCbZCyI
|
||||
+/jY+OY5t6Gh6bMGsBxJuwn6VatvuuLX/0IXREf1srJm1r9k1usS2nb2WuYD3zS7
|
||||
pr3xizhjxPPBcFNlxyNEhObkgI67amTByZTTBKA6hnh3bQTV3G4UWCQVY56gDlGP
|
||||
Nc0ke2Mrku/cgftFXK5d6hotATqM91d1nV4G4QIDAQABAoIBAHQsRrsDdJP9pRm4
|
||||
bN2aQkCQ1KKrs2d9rXU2j4K3EPSS8qkLm3nlZhEAaPcDbt00n7wZLQ4qTwlST3WS
|
||||
5prdVO3fXQrAwGqUjzEtbWoJsfj/bNQKhhcoae8asr7X0ZLqvp2DoxGT2ugIhcu4
|
||||
bdTWlmcxE8wRuEqqVIhXT0E8wQiv0eqcIdph/jfKisvRp0v8GUodX78XcKTVZVSZ
|
||||
A6OQX3LvDwun/iFxIDB28m0OQ5KYdhPG52pso+DAedtM7y8nHAmMAOfo9ERIZGtW
|
||||
6kWElCl1HAm9+i4KO8FYRD/qu+uE3MbEzKnhJUNU4BPBEFOf2J4RfVlkkficNiry
|
||||
uQMeUJkCgYEAywxeuvtfRPEA5HFYEV7hIxX0qIoj+0WvZ/3SXP7mLC1cmPRy3clO
|
||||
ekMWAW8uoUXWrP3/DPiACLaUcmTLK0evdv2vJ67QHHLRej4TPGqA0JCNFQmTI2eb
|
||||
jnnjc8O3hEE/cT/X+xG2tj+00uSjWeWBwZyReMISswh9wZfWx05SKYsCgYEA+NmT
|
||||
WLQpH7FZfwQvE8NvHWRoQfq1mqK7jEjeW/3MGLoz6eYWYGnrmlSaxCtJtWZsodTz
|
||||
uE7jCgtPcRQVq0ab+Wav/45jXdi/kp6DGVMj0fCOO2jXBS2juNjRmgjt+0qjMVS1
|
||||
oV6tPws02Pmu2cjztL4KopXg73HeDUevRSIRZsMCgYB3FuxAsspvvwKM+cVzeriF
|
||||
QY1bhJoR+A8m6QIGtSH+6yQSOd1dI4K5xrsTYEhzImkE0XxT+TPu6FcsuN1IpyTM
|
||||
n4Gpvqgk51rhXaMenkCrEv0MR69a5puf9vFmpnXuRe6V16IviXYmcjr2Lk94nFl8
|
||||
Wv4fW4RoKSTI9OttvgwGfQKBgBAJ9fVBp2TjiWEmY+JiNkcusYmPHyVYV74y9CH5
|
||||
ua3eUnpA2jBco1LPISqDn7yRXW8QyqSWcQu0ruoa4UqowmTQuYc/JihmT/KjRM/d
|
||||
C/H8Dy7FExbCWksPrnK/IJeRt/L2Ar7j20a08jMJ5LskuJBtr0HLZzQHosg4VpOe
|
||||
HoEBAoGADl98HXd9a19TOXST9bhDSIDoTQAVwbGm4Oa02vsG9jH3zJXT4eqmGe0u
|
||||
o54kve3wijfZCX6CXydavhWjMw8oPWtmgolWbq/XmCL2u2IipsmOCRJIe+d5/MR6
|
||||
w8zhTO1S01HOTt4iqPdUDm3dVLglxBWsEY54UPiWy/C5crVVjco=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDJzCCAg+gAwIBAgIIC7tqBcllYu4wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw
|
||||
MjE4MzI0NFowIjEgMB4GA1UEAxMXYmFkLWtleS1yZXZva2VyLmJvdWxkZXIwggEi
|
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl3ZqES4bxj9rIgXPNO6g4g8co
|
||||
juSenavBtnJs9Rd4tCX4Fh7i3uw5yRqumeSyqFOnnIX1BYT2vJO9ZbGYNm+yDhTj
|
||||
kNcmGVHkaEY47okcx/b1DPgsYeX/t0hF+/ol/iYaBWSXbBiol2E5K9uf8j0IjFCH
|
||||
X9zX5eIhkGGxku9S7WXh6X2XywNW4WURevs4B92dDrv+fQg59Dno7fIaRE+T5jhO
|
||||
1drWm4LO0ueCeYFHHs06i4d388pEiwUeQ3Nd7zQhovTs7SoWcDhoHU3dPwMr5p0j
|
||||
e8tZtxhMgfbT2uF/rpxNCmLHlDOR/GD/xQOb8iyqPzWo+cxbI/VbE+Y5R3FRAgMB
|
||||
AAGjYzBhMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
|
||||
BQUHAwIwDAYDVR0TAQH/BAIwADAiBgNVHREEGzAZghdiYWQta2V5LXJldm9rZXIu
|
||||
Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAFeVYM9Uo2TIMN3lnTPlmIkoAcEvb
|
||||
SO2B10ezjg8h+x9hJCw8AC0fyxY5cFvO6ZpnPlr+BS8R5lyMqA8nhyJMErDbqTla
|
||||
d/6IOzLs88VCprda5anEQSOTq0I+tbOzVP8O3Vu+fJQ8kJEgFcCQKVUllqCj/w4h
|
||||
hh8co3sfrj3oNSmy+/Nd0y5RGUpqBiRp0X0pls1flBus8MchXnDcVo+p9re788rl
|
||||
DTCO4zk+SoDMNCMihkkSJAQKAzwhSyNDgwvL7cwOexhI0tLZGC+u2NlriIFqZqAT
|
||||
qiILQnyMNTWnUfcUtu/iHr01RJcCAn2dfCuhBEUHv0XS+Y0gw2vR4YpyLw==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEA5d2ahEuG8Y/ayIFzzTuoOIPHKI7knp2rwbZybPUXeLQl+BYe
|
||||
4t7sOckarpnksqhTp5yF9QWE9ryTvWWxmDZvsg4U45DXJhlR5GhGOO6JHMf29Qz4
|
||||
LGHl/7dIRfv6Jf4mGgVkl2wYqJdhOSvbn/I9CIxQh1/c1+XiIZBhsZLvUu1l4el9
|
||||
l8sDVuFlEXr7OAfdnQ67/n0IOfQ56O3yGkRPk+Y4TtXa1puCztLngnmBRx7NOouH
|
||||
d/PKRIsFHkNzXe80IaL07O0qFnA4aB1N3T8DK+adI3vLWbcYTIH209rhf66cTQpi
|
||||
x5Qzkfxg/8UDm/Isqj81qPnMWyP1WxPmOUdxUQIDAQABAoIBAQDDF9VYKV4r0cOH
|
||||
388wRkzdQoMbGkRRl1K6g6YUceRs7sE3EVc/iKKH3PaHcFgZhiISJRfQwNF8NMtT
|
||||
uWcE4FbmkWsLRdhFHsJRkGrhURsQUWt5ynsr+B8kbSOrOlSyQEWIWkFo/zbiiDDd
|
||||
PCsYUpmYkraaXzNqDlNh11ADTclP4E+LxOD0/f34AnmP3+NjDEzjyX3u53zsJkQH
|
||||
OSlObz2Bsr6NwBUKVdj1iA3Yms3RzF+/AWlTS4IEFRywJvhGXpPmc95Eb0HgW4tB
|
||||
aZSVmJzL4M+imm8nLzlM4F2ocMLk4pWiZcdjY3EEO5Xfzy1nVGKMtjh+CD/LaUkS
|
||||
LPWxycZtAoGBAPGTy6I+4UhnPevkgrLPSN9NuSIRNfeBeRtOTqoO1EHybtWJyXFk
|
||||
1Em42RcqpV3sDj80LsajTd2iWCIMRxTxS9XIWnE4QuEcI/L05rIULXKJYzDG/lTt
|
||||
M3xPUiOF3I8hjAtg0UT+MbMaeBLKetK19WZgN7X9eUa2Gchv9l8ypqbDAoGBAPOW
|
||||
z03Z8R8zG58NShSQMwskGic4F6zRVnOI39nQbE1z4gXGlAJW2sgp9Z6KvNDTvAPh
|
||||
tmunuFw1CJeFO1d5ITmSHD2U+/6v9mICGuzPYdkAOsDgymzdziu4zkLRQcXuayAX
|
||||
D3q0OUH7PV0JCr7q1II0iqvPfU9z7VIakhflro5bAoGBAMxiZZucJY/TQVFNoMJV
|
||||
m2rJ4EMRWp5PnT3b77PzHeO5j8n8bEEStIS27nyqKQSgjaEtrhGC4oMMMhKEXrM6
|
||||
PxXdD5/QoMzBuSx5xKCPb7ACyrfe9Bi4IqIenfjN7T/vewO5YvRDN5s3XrVPN8EE
|
||||
D14RM7E2hZ+su32YNFJwkQxvAoGBAMsTZp6j3MbDB/sQzDragQN/xKH/vJUiLO3D
|
||||
JcRkY3Yq7zsbc5eDq4AGozPavFFoxC2ERl34BNYyjIgt1ew2GwHxEsQwaenJ7yGE
|
||||
WcglmJCeBV15yqj6PgDrYGIKLMiD3SFyuD/28mlUuLLQb/n8stAeV6GnKPRNVIQH
|
||||
jNaJcH5TAoGAI2yMpNV2GrV3fMIg/tzEmy76BUvue2Bwkd/6aktbcOWbbf2YpEo4
|
||||
xg8QTN6QjMyD4GPPkbpmBJe5d6I9fLsxMHqaBHuuJi3WJY1ka53K2Bcken++HaKs
|
||||
JDOz2SlfEwci5WdVPzC0l/dFmaojbtZWElNcy0tisflFEC6QwyibiC4=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDJzCCAg+gAwIBAgIIUk0XH4XG6SowDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NVoXDTI0MTEw
|
||||
MjE4MzI0NVowFTETMBEGA1UEAxMKY2EuYm91bGRlcjCCASIwDQYJKoZIhvcNAQEB
|
||||
BQADggEPADCCAQoCggEBAOu8LYhkVCZ7AHLuSBFjGgDt1Lcm/pQAaFfKtHnRJSvN
|
||||
y0EWk0hIPqLov2QR3p03ZdZlzTxQhAO8u950I7Qjp9UMghfr3+Yd0VgSdcGoOGPL
|
||||
WT7lV+mzmQpiGdcItSKRbG6kTqAo2BseQnYTaZVNLJXzaRvQ2KKfp3slefDY6oa9
|
||||
9WAPRISjAba9NS0ob2gKhiv/6pESwKNNzYT8TKXRs/bPYbZsXoraaKUuA0gADFTg
|
||||
ioLJhdyOjGcpIpyVcD4+zJmZfAGpdTlO8BDxE/GDVBd4sq+f9DL4NpCnnNI1ZtRs
|
||||
FobqNys5TAmXQYhGvAF6QG2F1QfmmQwrdlln9lwttIcCAwEAAaNwMG4wDgYDVR0P
|
||||
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
|
||||
Af8EAjAAMC8GA1UdEQQoMCaCCmNhLmJvdWxkZXKCC2NhMS5ib3VsZGVyggtjYTIu
|
||||
Ym91bGRlcjANBgkqhkiG9w0BAQsFAAOCAQEAUR6EEIUSvIW8+Ceh/nti0V3VIm0V
|
||||
cFFmFM33Gi4ZXCUxCJTgsFQHMUboXLOITba20YZLtUMWtDjwOuDI1Kq68BxagMRN
|
||||
uOM8PBXUfT69mJbCmVOmtE9NGO5Pv1lQgtQI+hdbAHOIcCnhJGEguLSLO707a21s
|
||||
MaJ5vHovH6bw4ZnKw2+qvc+9SAKeLWrdOp1BDvMOiCgI7IwxhdlK0XkV75AAVkrd
|
||||
aINmvNyiTfhtNO0/CNQfXQmrLDnF9xvJWj06VnLy9NN+bgSk+Wtl5gUwHX2uY4tl
|
||||
JU0NOQmgzDJZBd4v1a5XURbJl6Aig5nkVR1DpbBmLCVxNdjZjhhkkwGksQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEA67wtiGRUJnsAcu5IEWMaAO3Utyb+lABoV8q0edElK83LQRaT
|
||||
SEg+oui/ZBHenTdl1mXNPFCEA7y73nQjtCOn1QyCF+vf5h3RWBJ1wag4Y8tZPuVX
|
||||
6bOZCmIZ1wi1IpFsbqROoCjYGx5CdhNplU0slfNpG9DYop+neyV58Njqhr31YA9E
|
||||
hKMBtr01LShvaAqGK//qkRLAo03NhPxMpdGz9s9htmxeitpopS4DSAAMVOCKgsmF
|
||||
3I6MZykinJVwPj7MmZl8Aal1OU7wEPET8YNUF3iyr5/0Mvg2kKec0jVm1GwWhuo3
|
||||
KzlMCZdBiEa8AXpAbYXVB+aZDCt2WWf2XC20hwIDAQABAoIBAGy+aeK5JXh61UIv
|
||||
WV9r79rt22qBun5bkcat44MuT49dZ52m5Fo7uWk9JMzs0VyE6Z11aK+iFMQElEWS
|
||||
HcZDjHBjTL/sN2TX7HJMUbX7+8dNTuYMtflAuCBqELF5etVvcC257etD7CzWUKJX
|
||||
YiVVbHPfzWTfeo/KRmAwcYgBCG8O3zM30Vvy/e8S6AdNskjozSpDy/FqHB+u65Rr
|
||||
UWBWtmBM47oeo0ZQFLSOjimziqLnCq08uLtj5mQyV5/9kfqFgLQ37BrT8gSjxDmj
|
||||
KXSEsvLJOZHioe6exWRsGaq2+KrD7A0Ns+sV7GUr16QnoTHNpfdvx2GMtaFg40MO
|
||||
4dUIxIECgYEA94nv+e8wGkmEE+Fs93oLwbRmZ9HMof2TsI38miThUk8polD6ppc7
|
||||
uhs4v+FjO+KvE4Epon0sC5C+q2LkbbtX2vC1cp2XAfW++GlfB2GgrUQTBilsGiBw
|
||||
pkVfTSv0IwcADuUwwWXV10jMbLRBXP+eAMNoAHI3SNLwMPMSX26/5K8CgYEA88rz
|
||||
9wZoL0jFOtDvEzU8BfLQzdRtF7jwr6rdgX6ijk5EXf2TEfCcWlzzATbFjwULnf1t
|
||||
+puAS4XuZXT9eYjeLYefrnTwia6MB+9QuAWR+Xnw++R3BTbEF3tMqbCL44Z02K1/
|
||||
MWlyKSA9aVIHW6z9CcQUw0yOQweoBtb48ZoVU6kCgYAev87EoFa8XTd/9LfBgjKl
|
||||
rFAwQ1qFIOfQvcKML1qiC91jIWYRfaXYt3r0Mv5NuRoAdUIDwkLPaPqWdaFklCoU
|
||||
s2QGydaxUqKXXxeD5je8bkFiuZCJKlB0BxgQkQ4xr7PtJcFJtOm8ZXmnYzjfYY1y
|
||||
ENQBgi6l6DYYDonQuwQxVwKBgEAw6Bva7APHPWdHLCv6kFtgm+oWTMM6RuV6L+iw
|
||||
10xw/z9gTSEkIYcJglKHgW0u/ugSmqqp1xYLpcHBFBy0FQwX8cuVruARvX05Xh+W
|
||||
F+GAYhtxBIWy7d7g8Ead3beC57FFvX/dK9n4SzM4DgftfJLdtjnWJn8vvOZQJCw5
|
||||
TfRBAoGARbZa7WnLcgnl3oQZfxfyIhWLqDG2LPKr/mBZhqU98h/jxuxl2/GvpnPn
|
||||
XeE4YePge2WULztMc/g67YL69y8oxekzz95C4tLACVg7x3f2k+Ri8qPogCFjimcV
|
||||
ZhboOAk8b9Z7N5hOKyRopkd1j3Afzo8t55jmT8u60Rggj2jyUWs=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDFTCCAf2gAwIBAgIIRC1Y1hKKzsowDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIzMDUxOTIwNDgzM1oXDTI1MDYx
|
||||
ODIwNDgzM1owGTEXMBUGA1UEAxMOY29uc3VsLmJvdWxkZXIwggEiMA0GCSqGSIb3
|
||||
DQEBAQUAA4IBDwAwggEKAoIBAQCzmWPETAwj/uX9k6QQJzCEnBJ6khU595Q60gIS
|
||||
/KFYp5XOHHZtIXkoJDQsLAgit1Pu954x386nYslcsD9mTbYNn9JS0LQdU972fUxJ
|
||||
46eOcazSBrlodkOCzXcw2F5bqxZD0UO/QmsZ2au9MBWlL8fkjiRNHvbtRKx7zSWe
|
||||
kfN+tLzUqD/CZpw3OgYxk4JCNSqDPJZS8IEDCZKHK7rh40MDeipomWxWFplKus2z
|
||||
ScTbMB+WDPY03K92BeWFSzM489ikhCrwRd3JnngrpUaN2A4FKhNsjs6LS81/Pc3C
|
||||
oeAi8Ri07IcImo0uBoBNz96ciLLh4eI5Nx00gW4Ls+TdpPw/AgMBAAGjWjBYMA4G
|
||||
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYD
|
||||
VR0TAQH/BAIwADAZBgNVHREEEjAQgg5jb25zdWwuYm91bGRlcjANBgkqhkiG9w0B
|
||||
AQsFAAOCAQEADYSDjhevQvxsVO2mBsyxSSnH9zk8Lrlx3a0CBSaiOcfP4yVUM8UL
|
||||
Z9ZLVfIt53H3gGabLrXngCoHdE4H4OVxbvQpaHFSDsg0/hET770vhgw+5s0AnKKp
|
||||
cxC8GmyMbRm0Svn50Ym79MFyqx+rzIApDja7x8+n84DBGDab+MeBkiUtPt7oeoG0
|
||||
Tcb1IkSApaWxOznJid9ARN7sVY0LBeoaHaXPZfJ6ZooBrTJOpxkz7PD39G7On9K/
|
||||
4S4we5FnBZ8moFt2Dt1fnBUvdvPX+765RUs//0RLf2l0vH0mUQselxcbipkAXQOU
|
||||
Cwiel9a3p436EBvFmMaJ1msIJNPGqkPPdg==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAs5ljxEwMI/7l/ZOkECcwhJwSepIVOfeUOtICEvyhWKeVzhx2
|
||||
bSF5KCQ0LCwIIrdT7veeMd/Op2LJXLA/Zk22DZ/SUtC0HVPe9n1MSeOnjnGs0ga5
|
||||
aHZDgs13MNheW6sWQ9FDv0JrGdmrvTAVpS/H5I4kTR727USse80lnpHzfrS81Kg/
|
||||
wmacNzoGMZOCQjUqgzyWUvCBAwmShyu64eNDA3oqaJlsVhaZSrrNs0nE2zAflgz2
|
||||
NNyvdgXlhUszOPPYpIQq8EXdyZ54K6VGjdgOBSoTbI7Oi0vNfz3NwqHgIvEYtOyH
|
||||
CJqNLgaATc/enIiy4eHiOTcdNIFuC7Pk3aT8PwIDAQABAoIBAQCMsuhTyffg4zou
|
||||
c9GdzfXWjaZ0W6lBZlG72vZBBaUpHPDhLa8hQ431ApfU2xHskI6ysU4/aEQvIdb6
|
||||
RCEG9m5fMgvFUTcpmqEbnYF8iVqk3y0yxI3P5oZxHKH5pCgXzGp+6pwWY+QftkUy
|
||||
y07JwCrrROfvewibTKeLvWVxWonVglZAqquECeyz/JgVCQY26MI2ekPaKRNjVXYw
|
||||
uQfIwFERoNdaSKo8Q3gOPUxQYit8EEXz9MGcop14YFtq3U166UxV/cgG1S5zRA8B
|
||||
x8BBiDDlebIYRod9j+TfYIuWdxhxyRJOX1ozpwggs0pVFIP0fVZU2hpYSdOSsmBW
|
||||
ySi67OdBAoGBANohyWtCEk1kDAX0oAKqeyn+qj+8DjJA3UQebSN1zxtZeFFh8H3s
|
||||
83sx89/uZrZcF068Wcm4GSQMmLgMbg0hxGa86DxMdtogYyENP2cc752hWRKZodqm
|
||||
oFjqIb1eQKkku7pswcNiwOlVJxygrQH0uZXKbiNPkzncep17LBosQSYPAoGBANLH
|
||||
IS9lSYEQ5urwY1JwMPyF02VqiEohGHa023gHxDUjEmgsYpqPAO5H5kyMPdr/hZ+8
|
||||
RyfQOKOo3IUVQasUpgKG9OKo9+Jw4rHeLBpU0Es5gsMqQqBTFirSF+klWeP9IkVS
|
||||
6z9epDgjISv4Dd1wNO/n7od8A2x9qZkaQs42dnbRAoGBAJQaVpiVnrmfES7F/hJx
|
||||
T/ieaVemxnjGY7VJd06ZQYpPQAr5lYDabiKaMvw68NAmTMjvx4LXlXJNfy+PePU/
|
||||
lQswffna7OODE+swBHltQx/imgiv+R3s/ngAV/IsWXi+cRvNle2kUljasRiV24G1
|
||||
eIBElm0xLUQe972PEM2geIdvAoGAHGYUBIzDEI60bichWrQfBYcKanmmD0bSQvwv
|
||||
LcbuGrK1AjAowOZPm8s4Lkwe8WjIGjOF6slVOEfCHnQ0utY3X9PLHtbhPzMyeACV
|
||||
NJ8EyX3gLmd9PpizPeW8rv8HU36BpZF8fLdFrQKer4vmYlWB7Gj1bG+7Dl0IAsbV
|
||||
BW+1GmECgYBelHOPAdwkAZIImqhmXeuGcELQoryNfEx6rMaHpt5oosQit6WDc94i
|
||||
z3iu4NUrOlx0Gtxq28gt+10dXH7+ZZ+nPJ48mBgfjxBjAQInTUvMzV/rGIjOTlnn
|
||||
vm16iQjQkQ7hxOtynDCgVGX1PSbUSZiv4ARvKcxPOe3IIcZ0qHlEag==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDEzCCAfugAwIBAgIIY96sx6DAQ9gwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTI0MDQyOTE3NTMzOFoXDTI2MDUy
|
||||
OTE3NTMzOFowFTETMBEGA1UEAxMKY3JlZHMtdGVzdDCCASIwDQYJKoZIhvcNAQEB
|
||||
BQADggEPADCCAQoCggEBAPQdDqPPEpNOPY9zyjq9bDASdQ6GtueKY/t7cOURLAlI
|
||||
VeEO0dFw+n/zRSM4D6ZDC6p0JvYf+hwOoQQc8pfmJBcG9KO2DWWTX1mrJRsOVkG1
|
||||
TdMe00BlIkDK08so5x0kW1dnmh93zU7vkxNzUkzzW89FcqTw9gBfsnwTBp1/KVYH
|
||||
31AzIugUeI6oaxw6HVPVRSgiQwGdxucHDO4HJ48uGdhSpQrlHocCJfISIHN/DfiQ
|
||||
7JoDzyvdaT4OrlTHjItDYR9CjY+3NhUO2yvuVyrUa7MeZ9l9YPcTYVSQivqu0XGV
|
||||
Xpe0P7E/Neitg7rX0SGV1K6I9HKB4LoItbR5lBwA/30CAwEAAaNcMFowDgYDVR0P
|
||||
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB
|
||||
Af8EAjAAMBsGA1UdEQQUMBKCCmNyZWRzLXRlc3SHBH8AAAEwDQYJKoZIhvcNAQEL
|
||||
BQADggEBADeewOU9nIHcMRXcVsoTxBbvXLziWQOKMg0kzQFcIdSPRzHtOPdw4Qum
|
||||
hekG5GZzkEIUmmZDuuuPE1PqblGnHQMXLqGa5i1uLBPo3/w96HJrm1UE1hID1bIj
|
||||
+N8v5q4gYU4i2RSf8m5w6iXkXs3oeXd1A+0yfrvohtJ0PBrJ0IDfhosxr281v2PJ
|
||||
Yjl+eXZrMqmjY/eXJTWAMvyNs7GOXg6qDA3BG+mZk5CJ9p4+jXFSGYmPOlLp4Bfc
|
||||
eB9FDNLSjSd0TlxqdvCISj1Uuj9iV4xo5FRc66kmAS1b1SPsCV8TG87yyNJMhJbj
|
||||
BGOoynUe/jFrGjmoDpH3fZJvn+x0DGA=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEA9B0Oo88Sk049j3PKOr1sMBJ1Doa254pj+3tw5REsCUhV4Q7R
|
||||
0XD6f/NFIzgPpkMLqnQm9h/6HA6hBBzyl+YkFwb0o7YNZZNfWaslGw5WQbVN0x7T
|
||||
QGUiQMrTyyjnHSRbV2eaH3fNTu+TE3NSTPNbz0VypPD2AF+yfBMGnX8pVgffUDMi
|
||||
6BR4jqhrHDodU9VFKCJDAZ3G5wcM7gcnjy4Z2FKlCuUehwIl8hIgc38N+JDsmgPP
|
||||
K91pPg6uVMeMi0NhH0KNj7c2FQ7bK+5XKtRrsx5n2X1g9xNhVJCK+q7RcZVel7Q/
|
||||
sT816K2DutfRIZXUroj0coHgugi1tHmUHAD/fQIDAQABAoIBABGqtK+IQfjlNbFX
|
||||
GPCtWtIT0+LsPvp82oWNxnrdhklZsdVq5CZ7PbXa3ksROJi4y3RXmaZAZDJ5oI+S
|
||||
pL/3iO8dssDSYR/TzZfIuhO+MuHohCxeU72aVCNKSo+ucyN5yR6HQfE7E2G+Fu/W
|
||||
bcNh7WgPx59GTRdz1ZADNHxbgptWLFOoBQzL20//mIsB5Zl2DB7/7w8940QF+EH0
|
||||
jFn82/32Cvq3xQu2Zlovc1HIRVwewV3JXwBtTtn4+WhHwbfh9mjyYrh45xj99Nvm
|
||||
b35iriTvgiTJoi09F3Dl6dOaoTgnRCF3f9EZsCGugl+YSj2+2bpXtJIv7pY/6FBU
|
||||
sHMVuaUCgYEA/mTjhHSe/rBhVMQKIsDtZAXdhLrWRGq8tNGMgz5Dc/JL3uhPMBJL
|
||||
RwWS2t8BQd9c6VUIdib2Qp9Nk0VXY888ZNuad8JYpuK+TuowA2omaXHymeTYzC2p
|
||||
8IESdljbDHth5YXdj3iRSnTkwfXHLmMtfKFz62GjpE860rikMQSfA9MCgYEA9aeN
|
||||
+Z+daUCEDIrmRWq2yQ8M/BFLLfdybpGPTCWr/Ci8ndRIVEeDiaq2kXSPjBBYXXw2
|
||||
MO1aepbGiV63rNQ5mPTde9I/VNskrMHO++Rmu/JjLYcx8Rb1W/4c8RbRnrSmbDz7
|
||||
6lHACuY6o8EknXPPaMXQD5pCbKkQWkEHRWrs7W8CgYBamzhlvtu6PrwL4t7xTeG/
|
||||
VE93rMwQBiw8Ar6XKCACNfRL6lX5+yoQm62YgwEBozqGaKDg5DOluvN4VqQvimoq
|
||||
SgUUToYgunWpycNcE/ymZc1Qfq+w2TrDzFT1DeTG51MQ2sL1DK5C5KttYcqVfQGA
|
||||
eEi/N0F/jjCXSOhCBTFVvQKBgGlwy+3TZxtgR82iaQhur5pJTYd8XMqUJZfz/o/u
|
||||
s41+ZsdP8OPL9lfG4Ko6X8r80RD/WbtShb2MrhcUgr46MabHo7GcIvbnQSyt24wf
|
||||
E0Gk3pESMIuNES+1OPL6mmsGm1BmNLL09/s1qwHSy0aSCPqtvYqU6eH+BzjWJKrV
|
||||
JHEdAoGBALQ9UFgVG3e8GNvD6OZJKHbmzd7XOuHC+bDYP0JxDMhO0jza86YPMSQB
|
||||
Mc76VJ+drA7+GFma+7RvVCMnInqiMwPB0R4ztHGXF8quAIC7dMkx+292+xkyrZPH
|
||||
U0xUzCcBmJXYE4iWEYk8w/U5v3/b1Cjpwzq6FCtj9zJn5kPKwnaL
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDHTCCAgWgAwIBAgIIRi8x7X7lZdQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw
|
||||
MjE4MzI0NFowHTEbMBkGA1UEAxMSY3JsLXN0b3Jlci5ib3VsZGVyMIIBIjANBgkq
|
||||
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhOYZLqewkAWKmzXHaSZ1MiGyXgSVTHM
|
||||
veqwVBlJm77XRX9Jdj87bwt8lrdhau1vzE0CWUfuzd/gHo76PJYjvqKSYrxskg74
|
||||
ZN1D/RkrSr23sXFJ+a4EvPM1Ee+Efseb50dfY2vpTU2fGpUSgXTx8eLOOyYvjLZg
|
||||
4WRxAoEcMPNnbU8seWtNAb91yt18NSpInxiiybrJInDzrSDKJaLpvp221beI1SZG
|
||||
9nNh2+2AZry4of8B2pk2747ioJTkY1DuUsJcF38DI3p0b6oaGpGGK3slH4diiXc7
|
||||
OGC4dG8zIA6BUtflNBw1ElHCyFFKYRpFHlBz1PvREIBhu0mmUzyBmwIDAQABo14w
|
||||
XDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
|
||||
MAwGA1UdEwEB/wQCMAAwHQYDVR0RBBYwFIISY3JsLXN0b3Jlci5ib3VsZGVyMA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQCPSvQ7FfZ3/n/yBK1njRsLS3HTbLQ0O+WnfFapkK+3
|
||||
gieFts1wiFTN8KgE05QvFGfsSPqh6p4UqRw7XzOUoq4Zz1FCE9j2dnF7sTNpCyjv
|
||||
Yb2FU0Rz4PiINL5YHG1Wn8lnn+EamznphNVBOOoeDXIReEPrQExRXwVTv0I767J6
|
||||
N9HAZ93mF98yEZwIJSYXE2w1iEng+kBLj3EtBUgh5x/HXApKaW8CLibGuxkIQG8D
|
||||
Pjm8KcSRyr8n318rjjZHmBHAC7KMfGZR2cM6Y4oVJs5fy8nI/OqT9MrAYkFaxEuG
|
||||
SNx3VccoJKTdHJJnUloiYJO5mmt0jZHP59Zflkz13aqO
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAlhOYZLqewkAWKmzXHaSZ1MiGyXgSVTHMveqwVBlJm77XRX9J
|
||||
dj87bwt8lrdhau1vzE0CWUfuzd/gHo76PJYjvqKSYrxskg74ZN1D/RkrSr23sXFJ
|
||||
+a4EvPM1Ee+Efseb50dfY2vpTU2fGpUSgXTx8eLOOyYvjLZg4WRxAoEcMPNnbU8s
|
||||
eWtNAb91yt18NSpInxiiybrJInDzrSDKJaLpvp221beI1SZG9nNh2+2AZry4of8B
|
||||
2pk2747ioJTkY1DuUsJcF38DI3p0b6oaGpGGK3slH4diiXc7OGC4dG8zIA6BUtfl
|
||||
NBw1ElHCyFFKYRpFHlBz1PvREIBhu0mmUzyBmwIDAQABAoIBAH6A+AV4ldhyAv0y
|
||||
D8Zp+E231n4/G1z7BHXWPVo2kqiZHobze64UMPoyuYul+pUSnhmdlGxDyVV68EVy
|
||||
ChdGC81m5nQaFn6r5c/H/8Z6D9cJwqztLQktGctYSxTaTFo90foLXKnGzbsewg27
|
||||
OQUs2cEmiOatEonPNizn6KbOxD+xsrcwloK4zD7YXsIhR4QTBBS3TulvCsh6+UTf
|
||||
CY8z5Ne/lRJJEKfUZviBFtQlheMm4ChweDcZiX051ko7McahfYNKOuNp62tYVM4n
|
||||
1GLGBOEFzZKcN5WYsuL91UksNdpjxbyJkibTyTqzuLR9XnM/iCsZ1lUIQeFoOnsj
|
||||
Av6p8rECgYEAxfR2sP3yU773YP8ZJOPjdhrhLU6SqQRI2KiCum2o0yM+1hUZ7UUn
|
||||
rm4aeSUbcO7Z4VYjaupuHzWz2hqmCEKjozKEaQrwIHVxitPzQKWcwIIMefRSijbL
|
||||
HlzKd/46hJl5tmvbKWwV5p8vqWz3LZ387bC5UoUSgnGz/xMuCx4MEIMCgYEAwhUg
|
||||
1xLDqBGnJhL4I0LmOEI9U851gkF4K2ejCCGuv1NqWR0ez3usgRIb02fUx8ycpuRZ
|
||||
Jr/RTNjy3lpRznjK5S6ZexMZA5XLjoX5DvyinvQIdiASXKsSD1/BrlhFoz+MGmX6
|
||||
WAIIwyIl/WJ118kpg2cJqfBnsUpepq2y6ajSzwkCgYBR1ac/siv8zQSNl8f4RTGi
|
||||
gKg4R7Q/pSLMVpV8pprVdkuiyyRlv2IRLTlKfbmjbUqraiXILFQMGPJaJwwefBYU
|
||||
AG1W04vDj2m5/7cfMZfkyZ6IyCVbOB2uVqPpCTN938i+TkZTEHjZV1On0gE5XYfT
|
||||
Z2ylnZeyT3ke6Pnu5KQOKwKBgF+6ViFfEvxiAKTJ9HRH+g/DtEYS7mjZ6/DUxFgt
|
||||
bOjXtvvPXjQOly5uhSUH8K6/4IB83vA66nxSAbDksbb6Y3EZRACtkcfv6aAZupfG
|
||||
yltGmKnS9duZUWYd4AUjau2zWWJn7EvebP36aOyK1P8jLIOwndahSjPrL7ZctIOF
|
||||
jr0pAoGBALeYsldPCwFLUAUWc4uo+6qjVigZIwO8ZjRAmZ99qwtC2aMODayOK1w+
|
||||
P3kygVFZXXlF0XvO7zcr6g4oHgLoaJGL4AUTQGhdXhSlSWlaFn+70m4o/afToDh8
|
||||
0atWXDRfLgGnJ+VamriqSUaOdilJz2n+R5mkpB/Aw7cIPMjNG46e
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDHzCCAgegAwIBAgIIOk8TVvubJDYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
|
||||
AxMVbWluaWNhIHJvb3QgY2EgM2I4YjJjMB4XDTIyMTAwMzE4MzI0NFoXDTI0MTEw
|
||||
MjE4MzI0NFowHjEcMBoGA1UEAxMTY3JsLXVwZGF0ZXIuYm91bGRlcjCCASIwDQYJ
|
||||
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKSOlusPKKWYKIxf3UW+VVlnk6J3sGP
|
||||
t6zTIPbuZsFe50mZ5aYU0hLKpXc59Re+L0pth2NqPBhEKzicALcfYuXab50spqY0
|
||||
Bb5YEale6Exo95uK+c3ciFtg0SCxDNd4sIfoyRZMUjl/7KQnet55Irgd2RKCH450
|
||||
5F6u4Ag+PFIQ/lQyuwgeGqZvdzNvQ208Kur2VFhFL4gcn3OZg4GRxySniM8hfv9D
|
||||
ufKNYdpQPN5aczfhxs6eK15oPsatV9DNQNYrzKDaTM2T0AI7HQtxtAjdfNR1l0SA
|
||||
Sqzwxzo/bWHFk8vSNdtsdEaZTLA+oEgex24gAXLmqaPWpwO9m6fkjBMCAwEAAaNf
|
||||
MF0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
|
||||
AjAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWCE2NybC11cGRhdGVyLmJvdWxkZXIw
|
||||
DQYJKoZIhvcNAQELBQADggEBAKy8E1kQUTQWCIVtPCgraZYpudjGk0PETM1MQXz7
|
||||
FgTEE4cVpKIWFwWdD+XyfL42V4tjdGJX5iBNFDRgR/rA44QUgrKp9AE8tmhV8B3p
|
||||
FIgdWDtdsBlSQanvMzG35Zmut7Ew5bUlxREWNqt41TAvFrV0NuXvFHcVDYkQ6MH4
|
||||
oaVssPYUmMyCF4/uRXJTVrb5z+jeroIQoCmoQdRvKdVubcb0y7Nq7Of4VQvcdAfi
|
||||
5uB/7a6k2/n2c+4ZTZYyw94ZUjhiWwPxZQYhs0E/0NfrLJXVqDLo7gfavvoLa8D1
|
||||
B85C5GXB0af+FSuEBNGQsfakoZ1F3J6S90VaveebUEA5kYk=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAwpI6W6w8opZgojF/dRb5VWWeTonewY+3rNMg9u5mwV7nSZnl
|
||||
phTSEsqldzn1F74vSm2HY2o8GEQrOJwAtx9i5dpvnSympjQFvlgRqV7oTGj3m4r5
|
||||
zdyIW2DRILEM13iwh+jJFkxSOX/spCd63nkiuB3ZEoIfjnTkXq7gCD48UhD+VDK7
|
||||
CB4apm93M29DbTwq6vZUWEUviByfc5mDgZHHJKeIzyF+/0O58o1h2lA83lpzN+HG
|
||||
zp4rXmg+xq1X0M1A1ivMoNpMzZPQAjsdC3G0CN181HWXRIBKrPDHOj9tYcWTy9I1
|
||||
22x0RplMsD6gSB7HbiABcuapo9anA72bp+SMEwIDAQABAoIBAQCjMjVCmPeOw6Sv
|
||||
xeaLFkbxSrd6VoeBQIMlsTxwAUwsmuZRxIRrRgFhg5k/pFwfmwRdX/rz9rILBHpg
|
||||
E/FBp1CzTADcCwyIURAUNBg0QIeFN3Gfg/S8p2Gzi0Q9MGN+AxvGEwk+66r30YVx
|
||||
ti+HlID7fwWIUZ4YRZEanYEJSPIdPeyBYD0Xl100aDAP87haNgW1piyfMrrOATET
|
||||
4EPZZ/O4zQriJd+bk6GNFL+I9MVcp4Kw0Zx35IPREIuRVP5eW4NxpYwL1/2SnYZG
|
||||
Ab/vwkzUZ8Lj1IlMGTNOl1Sa+HRLOQ4j5iAAj5VdLHaNU/jDJHdK4KiPmLrQduRE
|
||||
NlocoBuJAoGBAPvjA1+7R2PDjMRqWx2HDgZsgJyYIFOyXqbvaEMk1Cihq8iqfz47
|
||||
E1Nyj1TY4LcXgihnIriZNVSqwmbwv7J6U2RbLbth3nIf7lfNcMAVLCkVA5dtyml7
|
||||
0qsX5/fnZdi1GjnmVeeuyUUKDKOem4aFn98NrhNqaT718jaZTPchgbHPAoGBAMW/
|
||||
nOjklMimWFwPGauHFD6Q/JHNXTJOTC+3rjMt6e1J8YeP76bSTcgphENPQWpDzVF/
|
||||
Njn70t18C0+C9BtTWNHOMo9MwnF+SFE96ezPcGZlJxeL9Oa4ylB2ZFTnYqwzCVEz
|
||||
ouUoGT+xAekes+OpWcFlBfS4PHdFd0pPcbUpFCZ9AoGAeC8bHwRWzc0yT02H6BDW
|
||||
qk3/F7imRAkpjHFSyCa8bB6nvnlLeT/qurhAl3Vb00CORATh1j6T6bAITeG1Nc2U
|
||||
GKBAs9XAs6d0q8REdgIkLf3u1sP1/lqsbCJd9jUcrUfMGbBDcOY+9ogS+8bj4k3D
|
||||
uEPouS7exMHJLi/7PzdnkJUCgYBzg3HaTaRn7VvSMvPw0dBOmA0h8o/NUhWJDkgR
|
||||
F3H9reMMKFV64oCTO0VKuGJi+8ZVI/V+O4862DoXMUz9JVvN+yBnuxQejgEajAs4
|
||||
zRhAiDgkthnSKQHtrKsBOcTXCF0Z9Qrjx9+v5+tQzSGSDJwkr6miAXk4xvhfDTdD
|
||||
9wIRVQKBgBSmjPtg0RS3GE84DvUp7zDliMXqLxvd9u16FrPjMuoEb7KZ1+BZQSye
|
||||
I2rPIJS+34SVeIoVITvpGCholkQ2246JT7gdAP+9x6b6f94At9aODHYhq+9T23XY
|
||||
3wEXd6w1vB42OR3cK4z0MtqFIVZ6/LmIDFc+nbvKpGbJn78QZXHH
|
||||
-----END RSA PRIVATE KEY-----
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue