check hosts in ssl certificates

vendor/github.com/cloudflare/cfssl/initca/initca_test.go

@@ -1,385 +0,0 @@
-package initca
-
-import (
-	"bytes"
-	"crypto/ecdsa"
-	"crypto/rsa"
-	"io/ioutil"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/cloudflare/cfssl/config"
-	"github.com/cloudflare/cfssl/csr"
-	"github.com/cloudflare/cfssl/helpers"
-	"github.com/cloudflare/cfssl/signer"
-	"github.com/cloudflare/cfssl/signer/local"
-)
-
-var validKeyParams = []csr.BasicKeyRequest{
-	{A: "rsa", S: 2048},
-	{A: "rsa", S: 3072},
-	{A: "rsa", S: 4096},
-	{A: "ecdsa", S: 256},
-	{A: "ecdsa", S: 384},
-	{A: "ecdsa", S: 521},
-}
-
-var validCAConfigs = []csr.CAConfig{
-	{PathLength: 0, PathLenZero: true},
-	{PathLength: 0, PathLenZero: false},
-	{PathLength: 2},
-	{PathLength: 2, Expiry: "1h"},
-	// invalid PathLenZero value will be ignored
-	{PathLength: 2, PathLenZero: true},
-}
-
-var invalidCAConfig = csr.CAConfig{
-	PathLength: 2,
-	// Expiry must be a duration string
-	Expiry: "2116/12/31",
-}
-var csrFiles = []string{
-	"testdata/rsa2048.csr",
-	"testdata/rsa3072.csr",
-	"testdata/rsa4096.csr",
-	"testdata/ecdsa256.csr",
-	"testdata/ecdsa384.csr",
-	"testdata/ecdsa521.csr",
-}
-
-var testRSACAFile = "testdata/5min-rsa.pem"
-var testRSACAKeyFile = "testdata/5min-rsa-key.pem"
-var testECDSACAFile = "testdata/5min-ecdsa.pem"
-var testECDSACAKeyFile = "testdata/5min-ecdsa-key.pem"
-
-var invalidCryptoParams = []csr.BasicKeyRequest{
-	// Weak Key
-	{A: "rsa", S: 1024},
-	// Bad param
-	{A: "rsaCrypto", S: 2048},
-	{A: "ecdsa", S: 2000},
-}
-
-func TestInitCA(t *testing.T) {
-	var req *csr.CertificateRequest
-	hostname := "cloudflare.com"
-	for _, param := range validKeyParams {
-		for _, caconfig := range validCAConfigs {
-			req = &csr.CertificateRequest{
-				Names: []csr.Name{
-					{
-						C:  "US",
-						ST: "California",
-						L:  "San Francisco",
-						O:  "CloudFlare",
-						OU: "Systems Engineering",
-					},
-				},
-				CN:         hostname,
-				Hosts:      []string{hostname, "www." + hostname},
-				KeyRequest: &param,
-				CA:         &caconfig,
-			}
-			certBytes, _, keyBytes, err := New(req)
-			if err != nil {
-				t.Fatal("InitCA failed:", err)
-			}
-			key, err := helpers.ParsePrivateKeyPEM(keyBytes)
-			if err != nil {
-				t.Fatal("InitCA private key parsing failed:", err)
-			}
-			cert, err := helpers.ParseCertificatePEM(certBytes)
-			if err != nil {
-				t.Fatal("InitCA cert parsing failed:", err)
-			}
-
-			// Verify key parameters.
-			switch req.KeyRequest.Algo() {
-			case "rsa":
-				if cert.PublicKey.(*rsa.PublicKey).N.BitLen() != param.Size() {
-					t.Fatal("Cert key length mismatch.")
-				}
-				if key.(*rsa.PrivateKey).N.BitLen() != param.Size() {
-					t.Fatal("Private key length mismatch.")
-				}
-			case "ecdsa":
-				if cert.PublicKey.(*ecdsa.PublicKey).Curve.Params().BitSize != param.Size() {
-					t.Fatal("Cert key length mismatch.")
-				}
-				if key.(*ecdsa.PrivateKey).Curve.Params().BitSize != param.Size() {
-					t.Fatal("Private key length mismatch.")
-				}
-			}
-
-			// Verify CA MaxPathLen
-			if caconfig.PathLength == 0 && cert.MaxPathLenZero != caconfig.PathLenZero {
-				t.Fatalf("fail to init a CA cert with specified CA pathlen zero: expect %v, got %v", caconfig.PathLenZero, cert.MaxPathLenZero)
-			}
-
-			if caconfig.PathLength != 0 {
-				if cert.MaxPathLen != caconfig.PathLength {
-					t.Fatalf("fail to init a CA cert with specified CA pathlen: expect %d, got %d", caconfig.PathLength, cert.MaxPathLen)
-				}
-				if cert.MaxPathLenZero != false {
-					t.Fatalf("fail to init a CA cert with specified CA pathlen zero: expect false, got %t", cert.MaxPathLenZero)
-				}
-			}
-
-			// Replace the default CAPolicy with a test (short expiry) version.
-			CAPolicy = func() *config.Signing {
-				return &config.Signing{
-					Default: &config.SigningProfile{
-						Usage:        []string{"cert sign", "crl sign"},
-						ExpiryString: "300s",
-						Expiry:       300 * time.Second,
-						CAConstraint: config.CAConstraint{IsCA: true},
-					},
-				}
-			}
-
-			// Start a signer
-			s, err := local.NewSigner(key, cert, signer.DefaultSigAlgo(key), nil)
-			if err != nil {
-				t.Fatal("Signer Creation error:", err)
-			}
-			s.SetPolicy(CAPolicy())
-
-			// Sign RSA and ECDSA customer CSRs.
-			for _, csrFile := range csrFiles {
-				csrBytes, err := ioutil.ReadFile(csrFile)
-				if err != nil {
-					t.Fatal("CSR loading error:", err)
-				}
-				req := signer.SignRequest{
-					Request: string(csrBytes),
-					Hosts:   signer.SplitHosts(hostname),
-					Profile: "",
-					Label:   "",
-				}
-
-				bytes, err := s.Sign(req)
-				if err != nil {
-					t.Fatal(err)
-				}
-				customerCert, _ := helpers.ParseCertificatePEM(bytes)
-				if customerCert.SignatureAlgorithm != s.SigAlgo() {
-					t.Fatal("Signature Algorithm mismatch")
-				}
-				err = customerCert.CheckSignatureFrom(cert)
-				if err != nil {
-					t.Fatal("Signing CSR failed.", err)
-				}
-			}
-		}
-	}
-}
-func TestInvalidCAConfig(t *testing.T) {
-	hostname := "example.com"
-	req := &csr.CertificateRequest{
-		Names: []csr.Name{
-			{
-				C:  "US",
-				ST: "California",
-				L:  "San Francisco",
-				O:  "CloudFlare",
-				OU: "Systems Engineering",
-			},
-		},
-		CN:         hostname,
-		Hosts:      []string{hostname, "www." + hostname},
-		KeyRequest: &validKeyParams[0],
-		CA:         &invalidCAConfig,
-	}
-
-	_, _, _, err := New(req)
-	if err == nil {
-		t.Fatal("InitCA with bad CAConfig should fail:", err)
-	}
-}
-func TestInvalidCryptoParams(t *testing.T) {
-	var req *csr.CertificateRequest
-	hostname := "cloudflare.com"
-	for _, invalidParam := range invalidCryptoParams {
-		req = &csr.CertificateRequest{
-			Names: []csr.Name{
-				{
-					C:  "US",
-					ST: "California",
-					L:  "San Francisco",
-					O:  "CloudFlare",
-					OU: "Systems Engineering",
-				},
-			},
-			CN:         hostname,
-			Hosts:      []string{hostname, "www." + hostname},
-			KeyRequest: &invalidParam,
-		}
-		_, _, _, err := New(req)
-		if err == nil {
-			t.Fatal("InitCA with bad params should fail:", err)
-		}
-
-		if !strings.Contains(err.Error(), `"code":2400`) {
-			t.Fatal(err)
-		}
-	}
-}
-
-type validation struct {
-	r *csr.CertificateRequest
-	v bool
-}
-
-var testValidations = []validation{
-	{&csr.CertificateRequest{}, false},
-	{&csr.CertificateRequest{
-		CN: "test CA",
-	}, true},
-	{&csr.CertificateRequest{
-		Names: []csr.Name{{}},
-	}, false},
-	{&csr.CertificateRequest{
-		Names: []csr.Name{
-			{O: "Example CA"},
-		},
-	}, true},
-}
-
-func TestValidations(t *testing.T) {
-	for i, tv := range testValidations {
-		err := validator(tv.r)
-		if tv.v && err != nil {
-			t.Fatalf("%v", err)
-		}
-
-		if !tv.v && err == nil {
-			t.Fatalf("%d: expected error, but no error was reported", i)
-		}
-	}
-}
-
-func TestRenewRSA(t *testing.T) {
-	certPEM, err := RenewFromPEM(testRSACAFile, testRSACAKeyFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// must parse ok
-	cert, err := helpers.ParseCertificatePEM(certPEM)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if !cert.IsCA {
-		t.Fatal("renewed CA certificate is not CA")
-	}
-
-	// cert expiry must be 5 minutes
-	expiry := cert.NotAfter.Sub(cert.NotBefore).Seconds()
-	if expiry >= 301 || expiry <= 299 {
-		t.Fatal("expiry is not correct:", expiry)
-	}
-
-	// check subject
-
-	if cert.Subject.CommonName != "" {
-		t.Fatal("Bad CommonName")
-	}
-
-	if len(cert.Subject.Country) != 1 || cert.Subject.Country[0] != "US" {
-		t.Fatal("Bad Subject")
-	}
-
-	if len(cert.Subject.Organization) != 1 || cert.Subject.Organization[0] != "CloudFlare, Inc." {
-		t.Fatal("Bad Subject")
-	}
-}
-
-func TestRenewECDSA(t *testing.T) {
-	certPEM, err := RenewFromPEM(testECDSACAFile, testECDSACAKeyFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// must parse ok
-	cert, err := helpers.ParseCertificatePEM(certPEM)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if !cert.IsCA {
-		t.Fatal("renewed CA certificate is not CA")
-	}
-
-	// cert expiry must be 5 minutes
-	expiry := cert.NotAfter.Sub(cert.NotBefore).Seconds()
-	if expiry >= 301 || expiry <= 299 {
-		t.Fatal("expiry is not correct:", expiry)
-	}
-
-	// check subject
-
-	if cert.Subject.CommonName != "" {
-		t.Fatal("Bad CommonName")
-	}
-
-	if len(cert.Subject.Country) != 1 || cert.Subject.Country[0] != "US" {
-		t.Fatal("Bad Subject")
-	}
-
-	if len(cert.Subject.Organization) != 1 || cert.Subject.Organization[0] != "CloudFlare, Inc." {
-		t.Fatal("Bad Subject")
-	}
-}
-
-func TestRenewMismatch(t *testing.T) {
-	_, err := RenewFromPEM(testECDSACAFile, testRSACAKeyFile)
-	if err == nil {
-		t.Fatal("Fail to detect cert/key mismatch")
-	}
-}
-
-func TestRenew(t *testing.T) {
-	in, err := ioutil.ReadFile(testECDSACAFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	cert, err := helpers.ParseCertificatePEM(in)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	in, err = ioutil.ReadFile(testECDSACAKeyFile)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	priv, err := helpers.ParsePrivateKeyPEM(in)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	renewed, err := Update(cert, priv)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	newCert, err := helpers.ParseCertificatePEM(renewed)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if !bytes.Equal(newCert.RawSubjectPublicKeyInfo, cert.RawSubjectPublicKeyInfo) {
-		t.Fatal("Update returned a certificate with different subject public key info")
-	}
-
-	if !bytes.Equal(newCert.RawSubject, cert.RawSubject) {
-		t.Fatal("Update returned a certificate with different subject info")
-	}
-
-	if !bytes.Equal(newCert.RawIssuer, cert.RawIssuer) {
-		t.Fatal("Update returned a certificate with different issuer info")
-	}
-}

vendor/github.com/cloudflare/cfssl/initca/testdata/5min-ecdsa-key.pem

@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIA8OzPeVZT0cXTAPdcXYefLRIqyUXa0f0SgYMJ2J1AVcoAoGCCqGSM49
-AwEHoUQDQgAEoCV+bVOLTJMy38j50sc3vE5k41GMRgriFJt0g0OVX8yaOZ93CZTI
-7LzfGbMU+KqWTgOwGhrPvpusep3fjw+dAQ==
------END EC PRIVATE KEY-----

vendor/github.com/cloudflare/cfssl/initca/testdata/5min-ecdsa.pem

@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICUDCCAfagAwIBAgIIec5PjdpJcNYwCgYIKoZIzj0EAwIwejELMAkGA1UEBhMC
-VVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAhBgNVBAsTGlRlc3QgQ2Vy
-dGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYD
-VQQIEwpDYWxpZm9ybmlhMB4XDTE1MTAwODIzMDEwMFoXDTE1MTAwODIzMDYwMFow
-ejELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAhBgNV
-BAsTGlRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMFkwEwYHKoZIzj0CAQYIKoZIzj0D
-AQcDQgAEoCV+bVOLTJMy38j50sc3vE5k41GMRgriFJt0g0OVX8yaOZ93CZTI7Lzf
-GbMU+KqWTgOwGhrPvpusep3fjw+dAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1Ud
-EwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFDpLhSKBN3njfb6cXQCdRLzCZt0ZMB8G
-A1UdIwQYMBaAFDpLhSKBN3njfb6cXQCdRLzCZt0ZMAoGCCqGSM49BAMCA0gAMEUC
-IFU3BmzntGGeXZu2qWZx249nYn37S0AkCnQ3rUtI31bdAiEAsPICnZ+GB8yCN26N
-OL+N8dHvXiOvZ9/Vl488pyWOccY=
------END CERTIFICATE-----

vendor/github.com/cloudflare/cfssl/initca/testdata/5min-rsa-key.pem

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAtrYWs9ao2CpLWWLMyJJr3Bw7eJu3vSImzoqsBuhAREMaeuHm
-vAwqbByVpdxu1o+t0u6cMp/1M4YwDSxD4Ny3zEUUGse6yZpyph0+whdHSn1LOCxY
-KVwMtcYaEswenm0a+s/b9BYpbLv6lPoJ8+6bQNDuyyracDzlvGgk/HabemqDly4+
-W64tlrMUDHBuHHIm5EMF1sqVcinLCS8KsVDVfg4qKfzsZbTw0dDo5GZh1lPslkk9
-y8NzRltZjfJ3y5acv7SvIlETpy41VxScplR+Ot/6sXNJY3aEBT10smPXPABDeWjx
-FbnU5xacL/pC7pnKy734sL4lkvzKPDWZPsNMEwIDAQABAoIBAHIFHBHKib+sVS1I
-7MbWKR1JOQvBEV6kK1eFTmlZEpIG1kWNJ/J+HRMum2zQLRMUwsL5SNyG2fv3Z5Ew
-6IMw+joteahkr/oTuixT39A7uq+PlRtPAQ1+digRoj/MxebT65xNjtO56MwEWxIR
-H5jsdFJ0kDCVY4/bUPrMexhZ5Bj1xM3j8wpCPlVv2b9Ic/FUD9p6tOZDFhfSluiE
-87VsFHUImNvu4p/BAKUuKiz58cPNDHPAABsPrJR2SVU59roC4QtEmaxbmDkXUtB1
-+o+ypJQ0saqoffzHq7URebrJU9u+AV51UWaqHjg5OAe8eElOou6MHYX8R9cWZmJX
-UQKPyVECgYEAyLqstNHtA7R7+r4bW8Tr/kF7z+VvCfV9wB6TPT+ycuv3aU5+HYgR
-YRs2RBRtwI625hPk7AXEdbMt3SKoKjcMNMSD3qUK+fJFEyvOqRXiMJ2pLg04GlYZ
-cOInJd0T1q3O2cNLZwcWB1L0/KiV0dYHc4p+p5hisai3T9w7QthTUr8CgYEA6QVW
-jcsSBRFCokf/GKpTCVXIeqDSwrcEwoZh/RN6PlvgDwjw08G2IxKdAFs3/wxbKWHT
-xss+LQiMyBL8aRJvBUfotj5e5ZYESaSDqdeYv0Sydl1vfxcknHpTBRUdbyDtsOQn
-4X1ZEmfa9vFWS5P9fTFBC0BU2zzrhSlfQb6g360CgYBmnT+zBGo07aw/p7XWuRmn
-lhRUWEbmgXAyqa69rfVs2IJXfD/umuO/j6izLvpYaNzJS7xIiD5BqUK1/ISZaCC+
-TQPY6uhslFSJk2iHed9y2PZmy2010XQaCBLZQWZl5d6L5lGCrtWtEtSY4RoN9mtC
-vrc2uCkkB0sG8V/+MRaPgwKBgBiML2oQkn1mLBbcbssyZjz9hHkmqA1LKn0zmu8G
-NkKLezcaQgSMy5s2QsPe2C9OJexeGek/T/V+iRYqqdyHzJpJ0QIh3+1fuGPpqNUj
-mTvNCN/fR/ejgH/bgxNt/gPO/Ds+TdU7Vz7RIggRtH2RwYqGvctpo4bVDBqjGR3b
-7yahAoGAAgH97uN2FU1ffK0OAfMA1N58ikq/bg07KnJxO2CP5hrgsWK2ZVfeHUmU
-3k+xqQHCIuew55yO0tARTrFAh3Rj+zarA+PrtnzqW82wCIn8Fym3PFzbK2qrIMie
-yp0p4nBXsRmzinrPWKUYlFyRNY3Tcbstm5gUw2S4czSwwQeM/No=
------END RSA PRIVATE KEY-----

vendor/github.com/cloudflare/cfssl/initca/testdata/5min-rsa.pem

@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID3DCCAsSgAwIBAgIIfbm2I1hwBa8wDQYJKoZIhvcNAQELBQAwejELMAkGA1UE
-BhMCVVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAhBgNVBAsTGlRlc3Qg
-Q2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMw
-EQYDVQQIEwpDYWxpZm9ybmlhMB4XDTE1MTAwODIwMjEwMFoXDTE1MTAwODIwMjYw
-MFowejELMAkGA1UEBhMCVVMxGTAXBgNVBAoTEENsb3VkRmxhcmUsIEluYy4xIzAh
-BgNVBAsTGlRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4g
-RnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAtrYWs9ao2CpLWWLMyJJr3Bw7eJu3vSImzoqsBuhAREMa
-euHmvAwqbByVpdxu1o+t0u6cMp/1M4YwDSxD4Ny3zEUUGse6yZpyph0+whdHSn1L
-OCxYKVwMtcYaEswenm0a+s/b9BYpbLv6lPoJ8+6bQNDuyyracDzlvGgk/HabemqD
-ly4+W64tlrMUDHBuHHIm5EMF1sqVcinLCS8KsVDVfg4qKfzsZbTw0dDo5GZh1lPs
-lkk9y8NzRltZjfJ3y5acv7SvIlETpy41VxScplR+Ot/6sXNJY3aEBT10smPXPABD
-eWjxFbnU5xacL/pC7pnKy734sL4lkvzKPDWZPsNMEwIDAQABo2YwZDAOBgNVHQ8B
-Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUCHoGEI1RZ8JN
-7UZ4zcTRll8nnnAwHwYDVR0jBBgwFoAUCHoGEI1RZ8JN7UZ4zcTRll8nnnAwDQYJ
-KoZIhvcNAQELBQADggEBAHRcbd6cSXV6IuT4jLV8k6OUUlxzobbiRnXJrLjy9Anx
-tyIUWv2XSh/4IEJa+/MLNIb28gU9Sa2y4GV1qAgOM5qUM2iQJyLem0pTg0WTVKlj
-ytEK1kUwQCNkc/xpDrPo5CbN3aDuW/VPntOJL1GSQzS7jzK3NeQ9sah9YYhk4Wsk
-jzHVI1sX+qzcuUqCIPhqmGR0JE8ZI5YzbMTZ4/B+oWxZ7EyzB8O+v6HVD4eQFBSq
-tyGhGbh7mUvuMpVJ8FIX4BA7QL+RwqNNtAMZKcxPjhy5I23nVclbTCz/NC2Dgp8H
-13uQsEpUZ65clgiTo4LuPzPiIouZh5cBWP4gGqbyyS4=
------END CERTIFICATE-----

vendor/github.com/cloudflare/cfssl/initca/testdata/README.md

@@ -1,11 +0,0 @@
-1. To generate 5min-rsa.pem and 5min-rsa-key.pem
-```
-$ GOPATH/bin/cfssl gencert -initca ca_csr_rsa.json | GOPATH/bin/cfssljson -bare 5min-rsa
-```
-2. To generate 5min-ecdsa.pem and 5min-ecdsa-key.pem
-```
-$ GOPATH/bin/cfssl gencert -initca ca_csr_ecdsa.json | GOPATH/bin/cfssljson -bare 5min-ecdsa
-```
-
-The above commands will generate 5min-rsa.csr and 5min-ecdsa.csr as well, but those
-files can be ignored.

vendor/github.com/cloudflare/cfssl/initca/testdata/ca_csr_ecdsa.json

@@ -1,18 +0,0 @@
-{
-  "key": {
-    "algo": "ecdsa",
-    "size": 256
-  },
-  "names": [
-    {
-    "C": "US",
-    "L": "San Francisco",
-    "ST": "California",
-    "O": "CloudFlare, Inc.",
-    "OU": "Test Certificate Authority"
-    }
-  ],
-  "ca": {
-    "expiry": "5m"
-  }
-}

vendor/github.com/cloudflare/cfssl/initca/testdata/ca_csr_rsa.json

@@ -1,18 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-    "C": "US",
-    "L": "San Francisco",
-    "ST": "California",
-    "O": "CloudFlare, Inc.",
-    "OU": "Test Certificate Authority"
-    }
-  ],
-  "ca": {
-    "expiry": "5m"
-  }
-}

vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa256.csr

@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBgTCCASgCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBn9Ldie6BOcMHezn2dPuYqW
-z/NoLYMLGNBqhOxUyEidYClI0JW2pWyUgT3A2UazFp1WgE94y7Z+2YlfRz+vcrKg
-PzA9BgkqhkiG9w0BCQ4xMDAuMCwGA1UdEQQlMCOCDmNsb3VkZmxhcmUuY29tghF3
-d3djbG91ZGZsYXJlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBM+QRxe8u6rkdr10Jy
-cxbR6NxrGrNeg5QqiOqF96JEmgIgDbtjd5e3y3I8W/+ih2us3WtMxgnTXfqPd48i
-VLcv28Q=
------END CERTIFICATE REQUEST-----

vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa384.csr

@@ -1,12 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBvzCCAUUCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTB2MBAGByqGSM49AgEGBSuBBAAiA2IABBk/Q+zMsZOJGkufRzGCWtSUtRjq
-0QqChDGWbHLaa0h6ODVeEoKYOMvFJTg4V186tuuBe97KEey0OPDegzCBp5kBIiwg
-HB/0xWoKdnfdRk6VyjmubPx399cGoZn8aCqgC6A/MD0GCSqGSIb3DQEJDjEwMC4w
-LAYDVR0RBCUwI4IOY2xvdWRmbGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAoG
-CCqGSM49BAMDA2gAMGUCMQC57VfwMXDyL5kM7vmO2ynbpgSAuFZT6Yd3C3NnV2jz
-Biozw3eqIDXqCb2LI09stZMCMGIwCuVARr2IRctxf7AmX7/O2SIaIhCpMFKRedQ7
-RiWGZIucp5r6AfT9381PB29bHA==
------END CERTIFICATE REQUEST-----

vendor/github.com/cloudflare/cfssl/initca/testdata/ecdsa521.csr

@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICCjCCAWsCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAHt/s9KTZETzu94JIAjZ3BaS
-toSG65hGIc1e0Gt7PhdQxPp5FP2D8rQ1wc+pcZhD2O8525kPxopaqTd+fWKBuD3O
-AULzoH2OX+atIuumTQzLNbTsIbP0tY3dh7d8LItuERkZn1NfsNl3z6bnNAaR137m
-f4aWv49ImbA/Tkv8VmoKX279oD8wPQYJKoZIhvcNAQkOMTAwLjAsBgNVHREEJTAj
-gg5jbG91ZGZsYXJlLmNvbYIRd3d3Y2xvdWRmbGFyZS5jb20wCgYIKoZIzj0EAwQD
-gYwAMIGIAkIA8OX9LxWOVnyfB25DFBz6JkjhyDpBM/PXlgLnWb/n2mEuMMB44DOG
-pljDV768PSW11AC3DtULoIyR92z0TyLEKYoCQgHdGd6PwUtDW5mrAMJQDgebjsxu
-MwfcdthzKlFlSmRpHMBnRMOJjlg5f9CTBg9d6wEdv7ZIrQSO6eqQHDQRM0VMnw==
------END CERTIFICATE REQUEST-----

vendor/github.com/cloudflare/cfssl/initca/testdata/rsa2048.csr

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIDCTCCAfMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTWdoYxX4KN51fP
-WxQAyGH++VsPbfpAoXIbCPXSmU04BvIxyjzpHQ0ChMKkT/2VNcUeFJwk2fCf+ZwU
-f0raTQTplofwkckE0gEYA3WcEfJp+hbvbTb/2recsf+JE6JACYJe2Uu5wsjtrE5j
-A+7aT2BEU9RWzBdSy/5281ZfW3PArqcWaf8+RUyA3WRxVWmjmhFsVB+mdNLhCpW0
-C0QNMYR1ppEZiKVnEdao8gcI5sOvSd+35t8g82aPXcNSPU6jKcx1YNUPX5wgPEmu
-+anfc9RliQbYqqJYVODgBmV8IR5grw93yTsODoWKtFQ4PKVlnt9CD8AS/iSMQYm3
-OUogqgMCAwEAAaA/MD0GCSqGSIb3DQEJDjEwMC4wLAYDVR0RBCUwI4IOY2xvdWRm
-bGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAsGCSqGSIb3DQEBCwOCAQEAl809
-gk9uZkRK+MJVYDSLjgGR2xqk5qOwnhovnispA7N3Z1GshodJRQa6ngNCKuXIm2/6
-AxB9kDGK14n186Qq4odXqHSHs8FG9i0zUcBXeLv1rPAKtwKTas/SLmsOpPgWPZFa
-iYiHHeu4HjOQoF987d7uGRYwc3xfstKwJsEXc12eCw2NH8TM1tJgSc/o6CzIpA91
-QnZKhx6uGM4xI2gnOaJA1YikNhyFGBuOGMZgd0k2+/IcR2pg0z4pc5oQw1bXLANx
-anqlA/MDrCM9v9019bRJ73zK8LQ3k/FW61PA9nL7RZ8ku65R+uYcVEdLa8pUeqnH
-cJZNboDRsItpccZuRQ==
------END CERTIFICATE REQUEST-----

vendor/github.com/cloudflare/cfssl/initca/testdata/rsa3072.csr

@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIECTCCAnMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL0zzgBv+VTwZOPy
-LtuLFweQrj5Lfrje2hnNB7Y3TD4+yCM/cA4yTILixCe/B+N7LQysJgVDbW8u6BZQ
-8ZqeDKOP6KCt37WhmcbT45tLpHmH+Z/uAnCz0hVc/7AyJ3CJXo6PaDCcJjgLuUun
-W47iy4h79AxyuzELmUeZZGYcO8nqClqcnAzQ6sClGZvJwSbYg2QAFGoA2lHqZ9uN
-ygAxNLd+rX9cP+yFwAeKzuKtOnVPiJD5lT3wufSkAbd6M7lOoqmTYnbv0A1WfA/e
-upXno9lbgB6iwF5U0V7OtxdA1bTbvgJgNLlxFF1do0sB28CWmqCFNwLfzcPzt5A4
-gLnOyLhNZOmUMXn35KOtp1Zv/yethlgZHxUYGcl6OYwMEFye3Du6dgnTwONzaLhA
-7hMI8R60p2YrTLkgSKdFohAY/mKuxHyXxugOHHthlRCOn9m49edcdZ1HrkJXm9jd
-P9katjCXgTwSdTQlvaMJkfH7wF3ZMjAxPcDf4RKFEpF2wABeNQIDAQABoD8wPQYJ
-KoZIhvcNAQkOMTAwLjAsBgNVHREEJTAjgg5jbG91ZGZsYXJlLmNvbYIRd3d3Y2xv
-dWRmbGFyZS5jb20wCwYJKoZIhvcNAQEMA4IBgQBF/RCHNAAOAaRI4VyO0tRPA5Dw
-0/1/pgmBm/VejHIwDJnMFCl9njh0RSo1RgsVLhw6ovYbk3ORb4OD4UczPTq3GrFp
-KP9uPR+2pR4FWJpCVfCl76YabQv6fUDdiT7ojzyRhsAmkd5rOdiMvWV3Rp+YmBuU
-KH/dwkukfn+OeJIbERS5unzOBtQL+g5dU4CHWAqJQIqHr373w38OlYN+JY9QLrYy
-sWU9Ye6RjdySXPJ5UzyfOEfc9Ji89RJsVeceB1+As5u5vBvtzGgIMSFUzN947RZo
-DZ48JiB71VpmKXbn9LIRn25dlbVMzxRdSeZ194L3JFVAf9OxJTsc1QNFhOacoFgy
-hqvtN2iKntEyPo2nacYhpz/FAdJ2JThNH+4WtpPWAqx8Lw/e1OttiDt+6M0FEuVz
-svkSHnK206yo+a9Md37nUDDYxtlJEB+9F2qUZNQ7Hv+dxjmJOIgHOXxy1pLEdpVU
-rGdGLVXeJNPCh9x+GK21QjdxZABmYAaF8k36Pv4=
------END CERTIFICATE REQUEST-----

vendor/github.com/cloudflare/cfssl/initca/testdata/rsa4096.csr

@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIFCTCCAvMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
-MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
-bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
-LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkKL22jMn3eFCpj
-T6lbeq4nC3aEqwTGrLARidAmO29WIhzs6LxRpM6xSMoPI6DvJVUGpMFEKF4xNTc5
-X9/gSFrw2eI5Q3U3aGcaToSCxH4hXejwIzX8Ftlb/LfpXhbSsFr5MS3kiTY4zZxM
-n3dSy2gZljD/g0tlQf5BdHdR4WKRhWnqRiGng+BmW4rjbcO7SoN33jSXsMcguCg5
-8dmYuf5G5KVXsqwEoCQBeKGnca9orcm4i90VnGt4qZUpfAn1cADzYGpRzX79USJ6
-tol4ovgGPN08LJFqcVl+dK8VzJ03JWBhI1jePbWS4Bz5oNtkhQQXilU+G6FQxc6a
-UPf6KcFyOB+qMJmEwJZD9yaNK1YbsKfSztQEsb1JEezQnVHxp91Ch3AcWoikuOiY
-yCg0V5lcK15SLv1+5sj9YzF7ngMmThcIJ6B5gS3swpD5AX6FJaI1BrGwT/RXKKQP
-tRX1BySLx8RcINjFb5wv3q9QIE8vrW1BOk9f4dfmxiFYnc+6bCCbIrg7APQVtKTa
-ixNJFSqZz7fm9loeNPHHXfUT5RoW5yzVa8igc+yv4qeYsWHcZ4c/Y91OJp19HMjM
-bYm2alt8XagBgJjO0FW8wvsKwhhlhWK0WO6sQ7Fkl7fH1GtxEpc248hAW24SZMmS
-led3LblCT8IC3a9BLhqJ2q8cfPp9AgMBAAGgPzA9BgkqhkiG9w0BCQ4xMDAuMCwG
-A1UdEQQlMCOCDmNsb3VkZmxhcmUuY29tghF3d3djbG91ZGZsYXJlLmNvbTALBgkq
-hkiG9w0BAQ0DggIBAAgz3NuN43+F+8+WhQ9hb7DOp6Amut7XubOkEBtBVgP3R8U1
-uSsgocR1rvnZ1/bhkeGyTly0eQPhcSEdMo/GgIrcn+co0KLcDyV6Rf3Cgksx9dUZ
-TzHSkxmFkxlxYfIGes6abH+2OPiacwK2gLvvmXFYIxEhv+LKzzteQi0xlinewv7R
-FnSykZ4QialsFyCgOjOxa11aEdRv6T8qKwhjUOk0VedtzOkt/k95aydTNLjXl2OV
-jloeTsbB00yWIqdyhG12+TgcJOa0pNP1zTjgFPodMuRUuiAcbT7Mt7sLCefKNzvZ
-Ln6b4y7e6N3YLOHALTIP+LI4y8ar47WlXCNw/zeOM2sW8udjYrukN6WOV3X68oMf
-Zsv6jqyGSaCDwdImR4VECUVvkabg9Sq4pz+ijTT+9cNA66omYL+/QAh0GahlROgW
-kDGI8zeEUoAC8RkAbFGMJA8jEbAfbT000ZwnLX2SZ8YRQX4Jd1FTmAH99FkvvT8N
-ovaGRSQQI5rWQGQYqF67So7PywEaEXeUHTBrv41Msva6CdaWHn7bh/fj4B21ETS7
-VJvrk5DLJTyruqon7EVJU1pn38ppaXF4Z6a9n3C8TqudT/gdJUYn/SBo5jx20uGJ
-d9k6vDqixntvk/TRZ848k1AXiv5uUJTdnoPPhzSGjxEaeKuB0R1ZHomVdjU4
------END CERTIFICATE REQUEST-----