check hosts in ssl certificates
This commit is contained in:
385
vendor/github.com/cloudflare/cfssl/initca/initca_test.go
generated
vendored
385
vendor/github.com/cloudflare/cfssl/initca/initca_test.go
generated
vendored
@ -1,385 +0,0 @@
|
||||
package initca
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/ecdsa"
|
||||
"crypto/rsa"
|
||||
"io/ioutil"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/cloudflare/cfssl/config"
|
||||
"github.com/cloudflare/cfssl/csr"
|
||||
"github.com/cloudflare/cfssl/helpers"
|
||||
"github.com/cloudflare/cfssl/signer"
|
||||
"github.com/cloudflare/cfssl/signer/local"
|
||||
)
|
||||
|
||||
var validKeyParams = []csr.BasicKeyRequest{
|
||||
{A: "rsa", S: 2048},
|
||||
{A: "rsa", S: 3072},
|
||||
{A: "rsa", S: 4096},
|
||||
{A: "ecdsa", S: 256},
|
||||
{A: "ecdsa", S: 384},
|
||||
{A: "ecdsa", S: 521},
|
||||
}
|
||||
|
||||
var validCAConfigs = []csr.CAConfig{
|
||||
{PathLength: 0, PathLenZero: true},
|
||||
{PathLength: 0, PathLenZero: false},
|
||||
{PathLength: 2},
|
||||
{PathLength: 2, Expiry: "1h"},
|
||||
// invalid PathLenZero value will be ignored
|
||||
{PathLength: 2, PathLenZero: true},
|
||||
}
|
||||
|
||||
var invalidCAConfig = csr.CAConfig{
|
||||
PathLength: 2,
|
||||
// Expiry must be a duration string
|
||||
Expiry: "2116/12/31",
|
||||
}
|
||||
var csrFiles = []string{
|
||||
"testdata/rsa2048.csr",
|
||||
"testdata/rsa3072.csr",
|
||||
"testdata/rsa4096.csr",
|
||||
"testdata/ecdsa256.csr",
|
||||
"testdata/ecdsa384.csr",
|
||||
"testdata/ecdsa521.csr",
|
||||
}
|
||||
|
||||
var testRSACAFile = "testdata/5min-rsa.pem"
|
||||
var testRSACAKeyFile = "testdata/5min-rsa-key.pem"
|
||||
var testECDSACAFile = "testdata/5min-ecdsa.pem"
|
||||
var testECDSACAKeyFile = "testdata/5min-ecdsa-key.pem"
|
||||
|
||||
var invalidCryptoParams = []csr.BasicKeyRequest{
|
||||
// Weak Key
|
||||
{A: "rsa", S: 1024},
|
||||
// Bad param
|
||||
{A: "rsaCrypto", S: 2048},
|
||||
{A: "ecdsa", S: 2000},
|
||||
}
|
||||
|
||||
func TestInitCA(t *testing.T) {
|
||||
var req *csr.CertificateRequest
|
||||
hostname := "cloudflare.com"
|
||||
for _, param := range validKeyParams {
|
||||
for _, caconfig := range validCAConfigs {
|
||||
req = &csr.CertificateRequest{
|
||||
Names: []csr.Name{
|
||||
{
|
||||
C: "US",
|
||||
ST: "California",
|
||||
L: "San Francisco",
|
||||
O: "CloudFlare",
|
||||
OU: "Systems Engineering",
|
||||
},
|
||||
},
|
||||
CN: hostname,
|
||||
Hosts: []string{hostname, "www." + hostname},
|
||||
KeyRequest: ¶m,
|
||||
CA: &caconfig,
|
||||
}
|
||||
certBytes, _, keyBytes, err := New(req)
|
||||
if err != nil {
|
||||
t.Fatal("InitCA failed:", err)
|
||||
}
|
||||
key, err := helpers.ParsePrivateKeyPEM(keyBytes)
|
||||
if err != nil {
|
||||
t.Fatal("InitCA private key parsing failed:", err)
|
||||
}
|
||||
cert, err := helpers.ParseCertificatePEM(certBytes)
|
||||
if err != nil {
|
||||
t.Fatal("InitCA cert parsing failed:", err)
|
||||
}
|
||||
|
||||
// Verify key parameters.
|
||||
switch req.KeyRequest.Algo() {
|
||||
case "rsa":
|
||||
if cert.PublicKey.(*rsa.PublicKey).N.BitLen() != param.Size() {
|
||||
t.Fatal("Cert key length mismatch.")
|
||||
}
|
||||
if key.(*rsa.PrivateKey).N.BitLen() != param.Size() {
|
||||
t.Fatal("Private key length mismatch.")
|
||||
}
|
||||
case "ecdsa":
|
||||
if cert.PublicKey.(*ecdsa.PublicKey).Curve.Params().BitSize != param.Size() {
|
||||
t.Fatal("Cert key length mismatch.")
|
||||
}
|
||||
if key.(*ecdsa.PrivateKey).Curve.Params().BitSize != param.Size() {
|
||||
t.Fatal("Private key length mismatch.")
|
||||
}
|
||||
}
|
||||
|
||||
// Verify CA MaxPathLen
|
||||
if caconfig.PathLength == 0 && cert.MaxPathLenZero != caconfig.PathLenZero {
|
||||
t.Fatalf("fail to init a CA cert with specified CA pathlen zero: expect %v, got %v", caconfig.PathLenZero, cert.MaxPathLenZero)
|
||||
}
|
||||
|
||||
if caconfig.PathLength != 0 {
|
||||
if cert.MaxPathLen != caconfig.PathLength {
|
||||
t.Fatalf("fail to init a CA cert with specified CA pathlen: expect %d, got %d", caconfig.PathLength, cert.MaxPathLen)
|
||||
}
|
||||
if cert.MaxPathLenZero != false {
|
||||
t.Fatalf("fail to init a CA cert with specified CA pathlen zero: expect false, got %t", cert.MaxPathLenZero)
|
||||
}
|
||||
}
|
||||
|
||||
// Replace the default CAPolicy with a test (short expiry) version.
|
||||
CAPolicy = func() *config.Signing {
|
||||
return &config.Signing{
|
||||
Default: &config.SigningProfile{
|
||||
Usage: []string{"cert sign", "crl sign"},
|
||||
ExpiryString: "300s",
|
||||
Expiry: 300 * time.Second,
|
||||
CAConstraint: config.CAConstraint{IsCA: true},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// Start a signer
|
||||
s, err := local.NewSigner(key, cert, signer.DefaultSigAlgo(key), nil)
|
||||
if err != nil {
|
||||
t.Fatal("Signer Creation error:", err)
|
||||
}
|
||||
s.SetPolicy(CAPolicy())
|
||||
|
||||
// Sign RSA and ECDSA customer CSRs.
|
||||
for _, csrFile := range csrFiles {
|
||||
csrBytes, err := ioutil.ReadFile(csrFile)
|
||||
if err != nil {
|
||||
t.Fatal("CSR loading error:", err)
|
||||
}
|
||||
req := signer.SignRequest{
|
||||
Request: string(csrBytes),
|
||||
Hosts: signer.SplitHosts(hostname),
|
||||
Profile: "",
|
||||
Label: "",
|
||||
}
|
||||
|
||||
bytes, err := s.Sign(req)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
customerCert, _ := helpers.ParseCertificatePEM(bytes)
|
||||
if customerCert.SignatureAlgorithm != s.SigAlgo() {
|
||||
t.Fatal("Signature Algorithm mismatch")
|
||||
}
|
||||
err = customerCert.CheckSignatureFrom(cert)
|
||||
if err != nil {
|
||||
t.Fatal("Signing CSR failed.", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
func TestInvalidCAConfig(t *testing.T) {
|
||||
hostname := "example.com"
|
||||
req := &csr.CertificateRequest{
|
||||
Names: []csr.Name{
|
||||
{
|
||||
C: "US",
|
||||
ST: "California",
|
||||
L: "San Francisco",
|
||||
O: "CloudFlare",
|
||||
OU: "Systems Engineering",
|
||||
},
|
||||
},
|
||||
CN: hostname,
|
||||
Hosts: []string{hostname, "www." + hostname},
|
||||
KeyRequest: &validKeyParams[0],
|
||||
CA: &invalidCAConfig,
|
||||
}
|
||||
|
||||
_, _, _, err := New(req)
|
||||
if err == nil {
|
||||
t.Fatal("InitCA with bad CAConfig should fail:", err)
|
||||
}
|
||||
}
|
||||
func TestInvalidCryptoParams(t *testing.T) {
|
||||
var req *csr.CertificateRequest
|
||||
hostname := "cloudflare.com"
|
||||
for _, invalidParam := range invalidCryptoParams {
|
||||
req = &csr.CertificateRequest{
|
||||
Names: []csr.Name{
|
||||
{
|
||||
C: "US",
|
||||
ST: "California",
|
||||
L: "San Francisco",
|
||||
O: "CloudFlare",
|
||||
OU: "Systems Engineering",
|
||||
},
|
||||
},
|
||||
CN: hostname,
|
||||
Hosts: []string{hostname, "www." + hostname},
|
||||
KeyRequest: &invalidParam,
|
||||
}
|
||||
_, _, _, err := New(req)
|
||||
if err == nil {
|
||||
t.Fatal("InitCA with bad params should fail:", err)
|
||||
}
|
||||
|
||||
if !strings.Contains(err.Error(), `"code":2400`) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
type validation struct {
|
||||
r *csr.CertificateRequest
|
||||
v bool
|
||||
}
|
||||
|
||||
var testValidations = []validation{
|
||||
{&csr.CertificateRequest{}, false},
|
||||
{&csr.CertificateRequest{
|
||||
CN: "test CA",
|
||||
}, true},
|
||||
{&csr.CertificateRequest{
|
||||
Names: []csr.Name{{}},
|
||||
}, false},
|
||||
{&csr.CertificateRequest{
|
||||
Names: []csr.Name{
|
||||
{O: "Example CA"},
|
||||
},
|
||||
}, true},
|
||||
}
|
||||
|
||||
func TestValidations(t *testing.T) {
|
||||
for i, tv := range testValidations {
|
||||
err := validator(tv.r)
|
||||
if tv.v && err != nil {
|
||||
t.Fatalf("%v", err)
|
||||
}
|
||||
|
||||
if !tv.v && err == nil {
|
||||
t.Fatalf("%d: expected error, but no error was reported", i)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestRenewRSA(t *testing.T) {
|
||||
certPEM, err := RenewFromPEM(testRSACAFile, testRSACAKeyFile)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// must parse ok
|
||||
cert, err := helpers.ParseCertificatePEM(certPEM)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if !cert.IsCA {
|
||||
t.Fatal("renewed CA certificate is not CA")
|
||||
}
|
||||
|
||||
// cert expiry must be 5 minutes
|
||||
expiry := cert.NotAfter.Sub(cert.NotBefore).Seconds()
|
||||
if expiry >= 301 || expiry <= 299 {
|
||||
t.Fatal("expiry is not correct:", expiry)
|
||||
}
|
||||
|
||||
// check subject
|
||||
|
||||
if cert.Subject.CommonName != "" {
|
||||
t.Fatal("Bad CommonName")
|
||||
}
|
||||
|
||||
if len(cert.Subject.Country) != 1 || cert.Subject.Country[0] != "US" {
|
||||
t.Fatal("Bad Subject")
|
||||
}
|
||||
|
||||
if len(cert.Subject.Organization) != 1 || cert.Subject.Organization[0] != "CloudFlare, Inc." {
|
||||
t.Fatal("Bad Subject")
|
||||
}
|
||||
}
|
||||
|
||||
func TestRenewECDSA(t *testing.T) {
|
||||
certPEM, err := RenewFromPEM(testECDSACAFile, testECDSACAKeyFile)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// must parse ok
|
||||
cert, err := helpers.ParseCertificatePEM(certPEM)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if !cert.IsCA {
|
||||
t.Fatal("renewed CA certificate is not CA")
|
||||
}
|
||||
|
||||
// cert expiry must be 5 minutes
|
||||
expiry := cert.NotAfter.Sub(cert.NotBefore).Seconds()
|
||||
if expiry >= 301 || expiry <= 299 {
|
||||
t.Fatal("expiry is not correct:", expiry)
|
||||
}
|
||||
|
||||
// check subject
|
||||
|
||||
if cert.Subject.CommonName != "" {
|
||||
t.Fatal("Bad CommonName")
|
||||
}
|
||||
|
||||
if len(cert.Subject.Country) != 1 || cert.Subject.Country[0] != "US" {
|
||||
t.Fatal("Bad Subject")
|
||||
}
|
||||
|
||||
if len(cert.Subject.Organization) != 1 || cert.Subject.Organization[0] != "CloudFlare, Inc." {
|
||||
t.Fatal("Bad Subject")
|
||||
}
|
||||
}
|
||||
|
||||
func TestRenewMismatch(t *testing.T) {
|
||||
_, err := RenewFromPEM(testECDSACAFile, testRSACAKeyFile)
|
||||
if err == nil {
|
||||
t.Fatal("Fail to detect cert/key mismatch")
|
||||
}
|
||||
}
|
||||
|
||||
func TestRenew(t *testing.T) {
|
||||
in, err := ioutil.ReadFile(testECDSACAFile)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
cert, err := helpers.ParseCertificatePEM(in)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
in, err = ioutil.ReadFile(testECDSACAKeyFile)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
priv, err := helpers.ParsePrivateKeyPEM(in)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
renewed, err := Update(cert, priv)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
newCert, err := helpers.ParseCertificatePEM(renewed)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if !bytes.Equal(newCert.RawSubjectPublicKeyInfo, cert.RawSubjectPublicKeyInfo) {
|
||||
t.Fatal("Update returned a certificate with different subject public key info")
|
||||
}
|
||||
|
||||
if !bytes.Equal(newCert.RawSubject, cert.RawSubject) {
|
||||
t.Fatal("Update returned a certificate with different subject info")
|
||||
}
|
||||
|
||||
if !bytes.Equal(newCert.RawIssuer, cert.RawIssuer) {
|
||||
t.Fatal("Update returned a certificate with different issuer info")
|
||||
}
|
||||
}
|
5
vendor/github.com/cloudflare/cfssl/initca/testdata/5min-ecdsa-key.pem
generated
vendored
5
vendor/github.com/cloudflare/cfssl/initca/testdata/5min-ecdsa-key.pem
generated
vendored
@ -1,5 +0,0 @@
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MHcCAQEEIA8OzPeVZT0cXTAPdcXYefLRIqyUXa0f0SgYMJ2J1AVcoAoGCCqGSM49
|
||||
AwEHoUQDQgAEoCV+bVOLTJMy38j50sc3vE5k41GMRgriFJt0g0OVX8yaOZ93CZTI
|
||||
7LzfGbMU+KqWTgOwGhrPvpusep3fjw+dAQ==
|
||||
-----END EC PRIVATE KEY-----
|
15
vendor/github.com/cloudflare/cfssl/initca/testdata/5min-ecdsa.pem
generated
vendored
15
vendor/github.com/cloudflare/cfssl/initca/testdata/5min-ecdsa.pem
generated
vendored
@ -1,15 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICUDCCAfagAwIBAgIIec5PjdpJcNYwCgYIKoZIzj0EAwIwejELMAkGA1UEBhMC
|
||||
VVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAhBgNVBAsTGlRlc3QgQ2Vy
|
||||
dGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYD
|
||||
VQQIEwpDYWxpZm9ybmlhMB4XDTE1MTAwODIzMDEwMFoXDTE1MTAwODIzMDYwMFow
|
||||
ejELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAhBgNV
|
||||
BAsTGlRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJh
|
||||
bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMFkwEwYHKoZIzj0CAQYIKoZIzj0D
|
||||
AQcDQgAEoCV+bVOLTJMy38j50sc3vE5k41GMRgriFJt0g0OVX8yaOZ93CZTI7Lzf
|
||||
GbMU+KqWTgOwGhrPvpusep3fjw+dAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1Ud
|
||||
EwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFDpLhSKBN3njfb6cXQCdRLzCZt0ZMB8G
|
||||
A1UdIwQYMBaAFDpLhSKBN3njfb6cXQCdRLzCZt0ZMAoGCCqGSM49BAMCA0gAMEUC
|
||||
IFU3BmzntGGeXZu2qWZx249nYn37S0AkCnQ3rUtI31bdAiEAsPICnZ+GB8yCN26N
|
||||
OL+N8dHvXiOvZ9/Vl488pyWOccY=
|
||||
-----END CERTIFICATE-----
|
27
vendor/github.com/cloudflare/cfssl/initca/testdata/5min-rsa-key.pem
generated
vendored
27
vendor/github.com/cloudflare/cfssl/initca/testdata/5min-rsa-key.pem
generated
vendored
@ -1,27 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAtrYWs9ao2CpLWWLMyJJr3Bw7eJu3vSImzoqsBuhAREMaeuHm
|
||||
vAwqbByVpdxu1o+t0u6cMp/1M4YwDSxD4Ny3zEUUGse6yZpyph0+whdHSn1LOCxY
|
||||
KVwMtcYaEswenm0a+s/b9BYpbLv6lPoJ8+6bQNDuyyracDzlvGgk/HabemqDly4+
|
||||
W64tlrMUDHBuHHIm5EMF1sqVcinLCS8KsVDVfg4qKfzsZbTw0dDo5GZh1lPslkk9
|
||||
y8NzRltZjfJ3y5acv7SvIlETpy41VxScplR+Ot/6sXNJY3aEBT10smPXPABDeWjx
|
||||
FbnU5xacL/pC7pnKy734sL4lkvzKPDWZPsNMEwIDAQABAoIBAHIFHBHKib+sVS1I
|
||||
7MbWKR1JOQvBEV6kK1eFTmlZEpIG1kWNJ/J+HRMum2zQLRMUwsL5SNyG2fv3Z5Ew
|
||||
6IMw+joteahkr/oTuixT39A7uq+PlRtPAQ1+digRoj/MxebT65xNjtO56MwEWxIR
|
||||
H5jsdFJ0kDCVY4/bUPrMexhZ5Bj1xM3j8wpCPlVv2b9Ic/FUD9p6tOZDFhfSluiE
|
||||
87VsFHUImNvu4p/BAKUuKiz58cPNDHPAABsPrJR2SVU59roC4QtEmaxbmDkXUtB1
|
||||
+o+ypJQ0saqoffzHq7URebrJU9u+AV51UWaqHjg5OAe8eElOou6MHYX8R9cWZmJX
|
||||
UQKPyVECgYEAyLqstNHtA7R7+r4bW8Tr/kF7z+VvCfV9wB6TPT+ycuv3aU5+HYgR
|
||||
YRs2RBRtwI625hPk7AXEdbMt3SKoKjcMNMSD3qUK+fJFEyvOqRXiMJ2pLg04GlYZ
|
||||
cOInJd0T1q3O2cNLZwcWB1L0/KiV0dYHc4p+p5hisai3T9w7QthTUr8CgYEA6QVW
|
||||
jcsSBRFCokf/GKpTCVXIeqDSwrcEwoZh/RN6PlvgDwjw08G2IxKdAFs3/wxbKWHT
|
||||
xss+LQiMyBL8aRJvBUfotj5e5ZYESaSDqdeYv0Sydl1vfxcknHpTBRUdbyDtsOQn
|
||||
4X1ZEmfa9vFWS5P9fTFBC0BU2zzrhSlfQb6g360CgYBmnT+zBGo07aw/p7XWuRmn
|
||||
lhRUWEbmgXAyqa69rfVs2IJXfD/umuO/j6izLvpYaNzJS7xIiD5BqUK1/ISZaCC+
|
||||
TQPY6uhslFSJk2iHed9y2PZmy2010XQaCBLZQWZl5d6L5lGCrtWtEtSY4RoN9mtC
|
||||
vrc2uCkkB0sG8V/+MRaPgwKBgBiML2oQkn1mLBbcbssyZjz9hHkmqA1LKn0zmu8G
|
||||
NkKLezcaQgSMy5s2QsPe2C9OJexeGek/T/V+iRYqqdyHzJpJ0QIh3+1fuGPpqNUj
|
||||
mTvNCN/fR/ejgH/bgxNt/gPO/Ds+TdU7Vz7RIggRtH2RwYqGvctpo4bVDBqjGR3b
|
||||
7yahAoGAAgH97uN2FU1ffK0OAfMA1N58ikq/bg07KnJxO2CP5hrgsWK2ZVfeHUmU
|
||||
3k+xqQHCIuew55yO0tARTrFAh3Rj+zarA+PrtnzqW82wCIn8Fym3PFzbK2qrIMie
|
||||
yp0p4nBXsRmzinrPWKUYlFyRNY3Tcbstm5gUw2S4czSwwQeM/No=
|
||||
-----END RSA PRIVATE KEY-----
|
23
vendor/github.com/cloudflare/cfssl/initca/testdata/5min-rsa.pem
generated
vendored
23
vendor/github.com/cloudflare/cfssl/initca/testdata/5min-rsa.pem
generated
vendored
@ -1,23 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIID3DCCAsSgAwIBAgIIfbm2I1hwBa8wDQYJKoZIhvcNAQELBQAwejELMAkGA1UE
|
||||
BhMCVVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAhBgNVBAsTGlRlc3Qg
|
||||
Q2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMw
|
||||
EQYDVQQIEwpDYWxpZm9ybmlhMB4XDTE1MTAwODIwMjEwMFoXDTE1MTAwODIwMjYw
|
||||
MFowejELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAh
|
||||
BgNVBAsTGlRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4g
|
||||
RnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEF
|
||||
AAOCAQ8AMIIBCgKCAQEAtrYWs9ao2CpLWWLMyJJr3Bw7eJu3vSImzoqsBuhAREMa
|
||||
euHmvAwqbByVpdxu1o+t0u6cMp/1M4YwDSxD4Ny3zEUUGse6yZpyph0+whdHSn1L
|
||||
OCxYKVwMtcYaEswenm0a+s/b9BYpbLv6lPoJ8+6bQNDuyyracDzlvGgk/HabemqD
|
||||
ly4+W64tlrMUDHBuHHIm5EMF1sqVcinLCS8KsVDVfg4qKfzsZbTw0dDo5GZh1lPs
|
||||
lkk9y8NzRltZjfJ3y5acv7SvIlETpy41VxScplR+Ot/6sXNJY3aEBT10smPXPABD
|
||||
eWjxFbnU5xacL/pC7pnKy734sL4lkvzKPDWZPsNMEwIDAQABo2YwZDAOBgNVHQ8B
|
||||
Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUCHoGEI1RZ8JN
|
||||
7UZ4zcTRll8nnnAwHwYDVR0jBBgwFoAUCHoGEI1RZ8JN7UZ4zcTRll8nnnAwDQYJ
|
||||
KoZIhvcNAQELBQADggEBAHRcbd6cSXV6IuT4jLV8k6OUUlxzobbiRnXJrLjy9Anx
|
||||
tyIUWv2XSh/4IEJa+/MLNIb28gU9Sa2y4GV1qAgOM5qUM2iQJyLem0pTg0WTVKlj
|
||||
ytEK1kUwQCNkc/xpDrPo5CbN3aDuW/VPntOJL1GSQzS7jzK3NeQ9sah9YYhk4Wsk
|
||||
jzHVI1sX+qzcuUqCIPhqmGR0JE8ZI5YzbMTZ4/B+oWxZ7EyzB8O+v6HVD4eQFBSq
|
||||
tyGhGbh7mUvuMpVJ8FIX4BA7QL+RwqNNtAMZKcxPjhy5I23nVclbTCz/NC2Dgp8H
|
||||
13uQsEpUZ65clgiTo4LuPzPiIouZh5cBWP4gGqbyyS4=
|
||||
-----END CERTIFICATE-----
|
11
vendor/github.com/cloudflare/cfssl/initca/testdata/README.md
generated
vendored
11
vendor/github.com/cloudflare/cfssl/initca/testdata/README.md
generated
vendored
@ -1,11 +0,0 @@
|
||||
1. To generate 5min-rsa.pem and 5min-rsa-key.pem
|
||||
```
|
||||
$ GOPATH/bin/cfssl gencert -initca ca_csr_rsa.json | GOPATH/bin/cfssljson -bare 5min-rsa
|
||||
```
|
||||
2. To generate 5min-ecdsa.pem and 5min-ecdsa-key.pem
|
||||
```
|
||||
$ GOPATH/bin/cfssl gencert -initca ca_csr_ecdsa.json | GOPATH/bin/cfssljson -bare 5min-ecdsa
|
||||
```
|
||||
|
||||
The above commands will generate 5min-rsa.csr and 5min-ecdsa.csr as well, but those
|
||||
files can be ignored.
|
18
vendor/github.com/cloudflare/cfssl/initca/testdata/ca_csr_ecdsa.json
generated
vendored
18
vendor/github.com/cloudflare/cfssl/initca/testdata/ca_csr_ecdsa.json
generated
vendored
@ -1,18 +0,0 @@
|
||||
{
|
||||
"key": {
|
||||
"algo": "ecdsa",
|
||||
"size": 256
|
||||
},
|
||||
"names": [
|
||||
{
|
||||
"C": "US",
|
||||
"L": "San Francisco",
|
||||
"ST": "California",
|
||||
"O": "CloudFlare, Inc.",
|
||||
"OU": "Test Certificate Authority"
|
||||
}
|
||||
],
|
||||
"ca": {
|
||||
"expiry": "5m"
|
||||
}
|
||||
}
|
18
vendor/github.com/cloudflare/cfssl/initca/testdata/ca_csr_rsa.json
generated
vendored
18
vendor/github.com/cloudflare/cfssl/initca/testdata/ca_csr_rsa.json
generated
vendored
@ -1,18 +0,0 @@
|
||||
{
|
||||
"key": {
|
||||
"algo": "rsa",
|
||||
"size": 2048
|
||||
},
|
||||
"names": [
|
||||
{
|
||||
"C": "US",
|
||||
"L": "San Francisco",
|
||||
"ST": "California",
|
||||
"O": "CloudFlare, Inc.",
|
||||
"OU": "Test Certificate Authority"
|
||||
}
|
||||
],
|
||||
"ca": {
|
||||
"expiry": "5m"
|
||||
}
|
||||
}
|
11
vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa256.csr
generated
vendored
11
vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa256.csr
generated
vendored
@ -1,11 +0,0 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIBgTCCASgCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
|
||||
MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
|
||||
bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
|
||||
LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBn9Ldie6BOcMHezn2dPuYqW
|
||||
z/NoLYMLGNBqhOxUyEidYClI0JW2pWyUgT3A2UazFp1WgE94y7Z+2YlfRz+vcrKg
|
||||
PzA9BgkqhkiG9w0BCQ4xMDAuMCwGA1UdEQQlMCOCDmNsb3VkZmxhcmUuY29tghF3
|
||||
d3djbG91ZGZsYXJlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBM+QRxe8u6rkdr10Jy
|
||||
cxbR6NxrGrNeg5QqiOqF96JEmgIgDbtjd5e3y3I8W/+ih2us3WtMxgnTXfqPd48i
|
||||
VLcv28Q=
|
||||
-----END CERTIFICATE REQUEST-----
|
12
vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa384.csr
generated
vendored
12
vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa384.csr
generated
vendored
@ -1,12 +0,0 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIBvzCCAUUCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
|
||||
MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
|
||||
bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
|
||||
LmNvbTB2MBAGByqGSM49AgEGBSuBBAAiA2IABBk/Q+zMsZOJGkufRzGCWtSUtRjq
|
||||
0QqChDGWbHLaa0h6ODVeEoKYOMvFJTg4V186tuuBe97KEey0OPDegzCBp5kBIiwg
|
||||
HB/0xWoKdnfdRk6VyjmubPx399cGoZn8aCqgC6A/MD0GCSqGSIb3DQEJDjEwMC4w
|
||||
LAYDVR0RBCUwI4IOY2xvdWRmbGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAoG
|
||||
CCqGSM49BAMDA2gAMGUCMQC57VfwMXDyL5kM7vmO2ynbpgSAuFZT6Yd3C3NnV2jz
|
||||
Biozw3eqIDXqCb2LI09stZMCMGIwCuVARr2IRctxf7AmX7/O2SIaIhCpMFKRedQ7
|
||||
RiWGZIucp5r6AfT9381PB29bHA==
|
||||
-----END CERTIFICATE REQUEST-----
|
13
vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa521.csr
generated
vendored
13
vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa521.csr
generated
vendored
@ -1,13 +0,0 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICCjCCAWsCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
|
||||
MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
|
||||
bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
|
||||
LmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAHt/s9KTZETzu94JIAjZ3BaS
|
||||
toSG65hGIc1e0Gt7PhdQxPp5FP2D8rQ1wc+pcZhD2O8525kPxopaqTd+fWKBuD3O
|
||||
AULzoH2OX+atIuumTQzLNbTsIbP0tY3dh7d8LItuERkZn1NfsNl3z6bnNAaR137m
|
||||
f4aWv49ImbA/Tkv8VmoKX279oD8wPQYJKoZIhvcNAQkOMTAwLjAsBgNVHREEJTAj
|
||||
gg5jbG91ZGZsYXJlLmNvbYIRd3d3Y2xvdWRmbGFyZS5jb20wCgYIKoZIzj0EAwQD
|
||||
gYwAMIGIAkIA8OX9LxWOVnyfB25DFBz6JkjhyDpBM/PXlgLnWb/n2mEuMMB44DOG
|
||||
pljDV768PSW11AC3DtULoIyR92z0TyLEKYoCQgHdGd6PwUtDW5mrAMJQDgebjsxu
|
||||
MwfcdthzKlFlSmRpHMBnRMOJjlg5f9CTBg9d6wEdv7ZIrQSO6eqQHDQRM0VMnw==
|
||||
-----END CERTIFICATE REQUEST-----
|
19
vendor/github.com/cloudflare/cfssl/initca/testdata/rsa2048.csr
generated
vendored
19
vendor/github.com/cloudflare/cfssl/initca/testdata/rsa2048.csr
generated
vendored
@ -1,19 +0,0 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIDCTCCAfMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
|
||||
MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
|
||||
bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
|
||||
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTWdoYxX4KN51fP
|
||||
WxQAyGH++VsPbfpAoXIbCPXSmU04BvIxyjzpHQ0ChMKkT/2VNcUeFJwk2fCf+ZwU
|
||||
f0raTQTplofwkckE0gEYA3WcEfJp+hbvbTb/2recsf+JE6JACYJe2Uu5wsjtrE5j
|
||||
A+7aT2BEU9RWzBdSy/5281ZfW3PArqcWaf8+RUyA3WRxVWmjmhFsVB+mdNLhCpW0
|
||||
C0QNMYR1ppEZiKVnEdao8gcI5sOvSd+35t8g82aPXcNSPU6jKcx1YNUPX5wgPEmu
|
||||
+anfc9RliQbYqqJYVODgBmV8IR5grw93yTsODoWKtFQ4PKVlnt9CD8AS/iSMQYm3
|
||||
OUogqgMCAwEAAaA/MD0GCSqGSIb3DQEJDjEwMC4wLAYDVR0RBCUwI4IOY2xvdWRm
|
||||
bGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAsGCSqGSIb3DQEBCwOCAQEAl809
|
||||
gk9uZkRK+MJVYDSLjgGR2xqk5qOwnhovnispA7N3Z1GshodJRQa6ngNCKuXIm2/6
|
||||
AxB9kDGK14n186Qq4odXqHSHs8FG9i0zUcBXeLv1rPAKtwKTas/SLmsOpPgWPZFa
|
||||
iYiHHeu4HjOQoF987d7uGRYwc3xfstKwJsEXc12eCw2NH8TM1tJgSc/o6CzIpA91
|
||||
QnZKhx6uGM4xI2gnOaJA1YikNhyFGBuOGMZgd0k2+/IcR2pg0z4pc5oQw1bXLANx
|
||||
anqlA/MDrCM9v9019bRJ73zK8LQ3k/FW61PA9nL7RZ8ku65R+uYcVEdLa8pUeqnH
|
||||
cJZNboDRsItpccZuRQ==
|
||||
-----END CERTIFICATE REQUEST-----
|
24
vendor/github.com/cloudflare/cfssl/initca/testdata/rsa3072.csr
generated
vendored
24
vendor/github.com/cloudflare/cfssl/initca/testdata/rsa3072.csr
generated
vendored
@ -1,24 +0,0 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIECTCCAnMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
|
||||
MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
|
||||
bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
|
||||
LmNvbTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL0zzgBv+VTwZOPy
|
||||
LtuLFweQrj5Lfrje2hnNB7Y3TD4+yCM/cA4yTILixCe/B+N7LQysJgVDbW8u6BZQ
|
||||
8ZqeDKOP6KCt37WhmcbT45tLpHmH+Z/uAnCz0hVc/7AyJ3CJXo6PaDCcJjgLuUun
|
||||
W47iy4h79AxyuzELmUeZZGYcO8nqClqcnAzQ6sClGZvJwSbYg2QAFGoA2lHqZ9uN
|
||||
ygAxNLd+rX9cP+yFwAeKzuKtOnVPiJD5lT3wufSkAbd6M7lOoqmTYnbv0A1WfA/e
|
||||
upXno9lbgB6iwF5U0V7OtxdA1bTbvgJgNLlxFF1do0sB28CWmqCFNwLfzcPzt5A4
|
||||
gLnOyLhNZOmUMXn35KOtp1Zv/yethlgZHxUYGcl6OYwMEFye3Du6dgnTwONzaLhA
|
||||
7hMI8R60p2YrTLkgSKdFohAY/mKuxHyXxugOHHthlRCOn9m49edcdZ1HrkJXm9jd
|
||||
P9katjCXgTwSdTQlvaMJkfH7wF3ZMjAxPcDf4RKFEpF2wABeNQIDAQABoD8wPQYJ
|
||||
KoZIhvcNAQkOMTAwLjAsBgNVHREEJTAjgg5jbG91ZGZsYXJlLmNvbYIRd3d3Y2xv
|
||||
dWRmbGFyZS5jb20wCwYJKoZIhvcNAQEMA4IBgQBF/RCHNAAOAaRI4VyO0tRPA5Dw
|
||||
0/1/pgmBm/VejHIwDJnMFCl9njh0RSo1RgsVLhw6ovYbk3ORb4OD4UczPTq3GrFp
|
||||
KP9uPR+2pR4FWJpCVfCl76YabQv6fUDdiT7ojzyRhsAmkd5rOdiMvWV3Rp+YmBuU
|
||||
KH/dwkukfn+OeJIbERS5unzOBtQL+g5dU4CHWAqJQIqHr373w38OlYN+JY9QLrYy
|
||||
sWU9Ye6RjdySXPJ5UzyfOEfc9Ji89RJsVeceB1+As5u5vBvtzGgIMSFUzN947RZo
|
||||
DZ48JiB71VpmKXbn9LIRn25dlbVMzxRdSeZ194L3JFVAf9OxJTsc1QNFhOacoFgy
|
||||
hqvtN2iKntEyPo2nacYhpz/FAdJ2JThNH+4WtpPWAqx8Lw/e1OttiDt+6M0FEuVz
|
||||
svkSHnK206yo+a9Md37nUDDYxtlJEB+9F2qUZNQ7Hv+dxjmJOIgHOXxy1pLEdpVU
|
||||
rGdGLVXeJNPCh9x+GK21QjdxZABmYAaF8k36Pv4=
|
||||
-----END CERTIFICATE REQUEST-----
|
29
vendor/github.com/cloudflare/cfssl/initca/testdata/rsa4096.csr
generated
vendored
29
vendor/github.com/cloudflare/cfssl/initca/testdata/rsa4096.csr
generated
vendored
@ -1,29 +0,0 @@
|
||||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIFCTCCAvMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
|
||||
MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
|
||||
bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
|
||||
LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkKL22jMn3eFCpj
|
||||
T6lbeq4nC3aEqwTGrLARidAmO29WIhzs6LxRpM6xSMoPI6DvJVUGpMFEKF4xNTc5
|
||||
X9/gSFrw2eI5Q3U3aGcaToSCxH4hXejwIzX8Ftlb/LfpXhbSsFr5MS3kiTY4zZxM
|
||||
n3dSy2gZljD/g0tlQf5BdHdR4WKRhWnqRiGng+BmW4rjbcO7SoN33jSXsMcguCg5
|
||||
8dmYuf5G5KVXsqwEoCQBeKGnca9orcm4i90VnGt4qZUpfAn1cADzYGpRzX79USJ6
|
||||
tol4ovgGPN08LJFqcVl+dK8VzJ03JWBhI1jePbWS4Bz5oNtkhQQXilU+G6FQxc6a
|
||||
UPf6KcFyOB+qMJmEwJZD9yaNK1YbsKfSztQEsb1JEezQnVHxp91Ch3AcWoikuOiY
|
||||
yCg0V5lcK15SLv1+5sj9YzF7ngMmThcIJ6B5gS3swpD5AX6FJaI1BrGwT/RXKKQP
|
||||
tRX1BySLx8RcINjFb5wv3q9QIE8vrW1BOk9f4dfmxiFYnc+6bCCbIrg7APQVtKTa
|
||||
ixNJFSqZz7fm9loeNPHHXfUT5RoW5yzVa8igc+yv4qeYsWHcZ4c/Y91OJp19HMjM
|
||||
bYm2alt8XagBgJjO0FW8wvsKwhhlhWK0WO6sQ7Fkl7fH1GtxEpc248hAW24SZMmS
|
||||
led3LblCT8IC3a9BLhqJ2q8cfPp9AgMBAAGgPzA9BgkqhkiG9w0BCQ4xMDAuMCwG
|
||||
A1UdEQQlMCOCDmNsb3VkZmxhcmUuY29tghF3d3djbG91ZGZsYXJlLmNvbTALBgkq
|
||||
hkiG9w0BAQ0DggIBAAgz3NuN43+F+8+WhQ9hb7DOp6Amut7XubOkEBtBVgP3R8U1
|
||||
uSsgocR1rvnZ1/bhkeGyTly0eQPhcSEdMo/GgIrcn+co0KLcDyV6Rf3Cgksx9dUZ
|
||||
TzHSkxmFkxlxYfIGes6abH+2OPiacwK2gLvvmXFYIxEhv+LKzzteQi0xlinewv7R
|
||||
FnSykZ4QialsFyCgOjOxa11aEdRv6T8qKwhjUOk0VedtzOkt/k95aydTNLjXl2OV
|
||||
jloeTsbB00yWIqdyhG12+TgcJOa0pNP1zTjgFPodMuRUuiAcbT7Mt7sLCefKNzvZ
|
||||
Ln6b4y7e6N3YLOHALTIP+LI4y8ar47WlXCNw/zeOM2sW8udjYrukN6WOV3X68oMf
|
||||
Zsv6jqyGSaCDwdImR4VECUVvkabg9Sq4pz+ijTT+9cNA66omYL+/QAh0GahlROgW
|
||||
kDGI8zeEUoAC8RkAbFGMJA8jEbAfbT000ZwnLX2SZ8YRQX4Jd1FTmAH99FkvvT8N
|
||||
ovaGRSQQI5rWQGQYqF67So7PywEaEXeUHTBrv41Msva6CdaWHn7bh/fj4B21ETS7
|
||||
VJvrk5DLJTyruqon7EVJU1pn38ppaXF4Z6a9n3C8TqudT/gdJUYn/SBo5jx20uGJ
|
||||
d9k6vDqixntvk/TRZ848k1AXiv5uUJTdnoPPhzSGjxEaeKuB0R1ZHomVdjU4
|
||||
-----END CERTIFICATE REQUEST-----
|
Reference in New Issue
Block a user