Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update test certificates to support SNI #716

Merged
merged 1 commit into from
Feb 22, 2021
Merged

Update test certificates to support SNI #716

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 51 additions & 25 deletions pkg/service/dial_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,12 @@ package service

import (
"context"
"crypto/sha256"
"crypto/tls"
"crypto/x509"
"encoding/hex"
"encoding/pem"
"fmt"
"io/ioutil"
"net"
"strings"
Expand Down Expand Up @@ -53,18 +56,37 @@ const (
badCert = "testdata/bad-cert.pem"
badKey = "testdata/bad-key.pem"

goodCert = "testdata/good-cert.pem"
goodKey = "testdata/good-key.pem"
goodCert = "testdata/good.crt"
goodKey = "testdata/good.key"

leafCert = "testdata/certchain/leaf.crt"
leafKey = "testdata/certchain/leaf.key"

intermediateCert = "testdata/certchain/intermediate.crt"
intermediateKey = "testdata/certchain/intermediate.key"

rootCert = "testdata/certchain/root.crt"
rootKey = "testdata/certchain/root.key"

chainPem = "testdata/certchain/chain.pem"
)

func calcCertFingerprint(t *testing.T, certpath string) string {
// openssl rsa -in certchain-old/leaf.key -outform der -pubout | openssl dgst -sha256
certcontents, err := ioutil.ReadFile(certpath)
require.NoError(t, err, "reading", certpath)

block, _ := pem.Decode(certcontents)
require.NotNil(t, block, "pem decoding", certpath)

cert, err := x509.ParseCertificate(block.Bytes)
require.NoError(t, err, "x509.ParseCertificate", certpath)

digest := sha256.Sum256(cert.RawSubjectPublicKeyInfo)

return fmt.Sprintf("%x", digest)
}

func TestSwappingCert(t *testing.T) {
cert, err := tls.LoadX509KeyPair(badCert, badKey)
require.Nil(t, err)
Expand All @@ -82,7 +104,7 @@ func TestSwappingCert(t *testing.T) {
conn, err := DialGRPC("localhost:8443", false, false, nil, nil, log.NewNopLogger(),
grpc.WithTransportCredentials(&tlsCreds{credentials.NewTLS(&tls.Config{RootCAs: pool})}),
)
require.Nil(t, err)
require.NoError(t, err)
defer conn.Close()

client := NewGRPCClient(conn, log.NewNopLogger())
Expand Down Expand Up @@ -116,23 +138,23 @@ func TestCertRemainsBad(t *testing.T) {
<-timer.C

pem1, err := ioutil.ReadFile(badCert)
require.Nil(t, err)
require.NoError(t, err)
pem2, err := ioutil.ReadFile(goodCert)
require.Nil(t, err)
require.NoError(t, err)
pool := x509.NewCertPool()
pool.AppendCertsFromPEM(pem1)
pool.AppendCertsFromPEM(pem2)

conn, err := DialGRPC("localhost:8443", false, false, nil, nil, log.NewNopLogger(),
grpc.WithTransportCredentials(&tlsCreds{credentials.NewTLS(&tls.Config{RootCAs: pool})}),
)
require.Nil(t, err)
require.NoError(t, err)
defer conn.Close()

client := NewGRPCClient(conn, log.NewNopLogger())

_, _, err = client.RequestEnrollment(context.Background(), "", "", EnrollmentDetails{})
require.NotNil(t, err)
require.Error(t, err)

stop()

Expand All @@ -143,7 +165,7 @@ func TestCertRemainsBad(t *testing.T) {

// Should still fail with bad cert
_, _, err = client.RequestEnrollment(context.Background(), "", "", EnrollmentDetails{})
require.NotNil(t, err)
require.Error(t, err)

stop()
}
Expand All @@ -162,25 +184,29 @@ func TestCertPinning(t *testing.T) {
require.True(t, ok)

testCases := []struct {
pins string
pins []string
success bool
}{
// Success cases
// pin leaf
{"eb46067da68f80b5d9f0b027985182aa875bcda6c0d8713dbdb8d1523993bd92", true},
{[]string{calcCertFingerprint(t, leafCert)}, true},
// pin leaf + extra garbage
{"deadb33f,eb46067da68f80b5d9f0b027985182aa875bcda6c0d8713dbdb8d1523993bd92", true},
{[]string{"deadb33f", calcCertFingerprint(t, leafCert)}, true},
// pin intermediate
{"73db41a73c5ede78709fc926a2b93e7ad044a40333ce4ce5ae0fb7424620646e", true},
{[]string{calcCertFingerprint(t, intermediateCert)}, true},
// pin root
{"b48364002b8ac4dd3794d41c204a0282f8cd4f7dc80b26274659512c9619ac1b", true},
{[]string{calcCertFingerprint(t, rootCert)}, true},
// pin all three
{"b48364002b8ac4dd3794d41c204a0282f8cd4f7dc80b26274659512c9619ac1b,73db41a73c5ede78709fc926a2b93e7ad044a40333ce4ce5ae0fb7424620646e,b48364002b8ac4dd3794d41c204a0282f8cd4f7dc80b26274659512c9619ac1b", true},
{[]string{
calcCertFingerprint(t, rootCert),
calcCertFingerprint(t, intermediateCert),
calcCertFingerprint(t, leafCert),
}, true},

// Failure cases
{"deadb33f", false},
{"deadb33f,34567fff", false},
{"5dc4d2318f1ffabb80d94ad67a6f05ab9f77591ffc131498ed03eef3b5075281", false},
{[]string{"deadb33f"}, false},
{[]string{"deadb33f", "34567fff"}, false},
{[]string{"5dc4d2318f1ffabb80d94ad67a6f05ab9f77591ffc131498ed03eef3b5075281"}, false},
}

for _, tt := range testCases {
Expand All @@ -194,7 +220,7 @@ func TestCertPinning(t *testing.T) {
conn, err := DialGRPC("localhost:8443", false, false, nil, nil, log.NewNopLogger(),
grpc.WithTransportCredentials(&tlsCreds{credentials.NewTLS(tlsconf)}),
)
require.Nil(t, err)
require.NoError(t, err)
defer conn.Close()

client := NewGRPCClient(conn, log.NewNopLogger())
Expand All @@ -211,15 +237,15 @@ func TestCertPinning(t *testing.T) {

func TestRootCAs(t *testing.T) {
cert, err := tls.LoadX509KeyPair(chainPem, leafKey)
require.Nil(t, err)
require.NoError(t, err)
stop := startServer(t, &tls.Config{Certificates: []tls.Certificate{cert}})
defer stop()
time.Sleep(1 * time.Second)

rootPEM, err := ioutil.ReadFile(rootCert)
require.Nil(t, err)
require.NoError(t, err)
otherPEM, err := ioutil.ReadFile(goodCert)
require.Nil(t, err)
require.NoError(t, err)

emptyPool := x509.NewCertPool()

Expand Down Expand Up @@ -253,7 +279,7 @@ func TestRootCAs(t *testing.T) {
for _, tt := range testCases {
t.Run("", func(t *testing.T) {
conn, err := DialGRPC("localhost:8443", false, false, nil, tt.pool, log.NewNopLogger())
require.Nil(t, err)
require.NoError(t, err)
defer conn.Close()

client := NewGRPCClient(conn, log.NewNopLogger())
Expand All @@ -268,10 +294,10 @@ func TestRootCAs(t *testing.T) {
}
}

func parseCertPins(pins string) ([][]byte, error) {
func parseCertPins(pins []string) ([][]byte, error) {
var certPins [][]byte
if pins != "" {
for _, hexPin := range strings.Split(pins, ",") {
if len(pins) > 0 {
for _, hexPin := range pins {
pin, err := hex.DecodeString(hexPin)
if err != nil {
return nil, errors.Wrap(err, "decoding cert pin")
Expand Down
117 changes: 56 additions & 61 deletions pkg/service/testdata/certchain/chain.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,67 +1,62 @@
-----BEGIN CERTIFICATE-----
MIIEFzCCAv+gAwIBAgIBEjANBgkqhkiG9w0BAQsFADBBMRQwEgYDVQQKDAtLb2xp
ZGUgVGVzdDEVMBMGA1UECwwMSW50ZXJtZWRpYXRlMRIwEAYDVQQDDAlsb2NhbGhv
c3QwIBcNMTgwMzIwMjIxNzU0WhgPMjI5MjAxMDIyMjE3NTRaMDkxFDASBgNVBAoM
C0tvbGlkZSBUZXN0MQ0wCwYDVQQLDARMZWFmMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBmAZ1ZXtNh8eyZTmDRv/p
hPxZmSvbynw4rIhtfo9vxkSB2NZ2KjFehIradV+v84B+18PaJiNxzewR4zNGs/LY
eg/CVFzDI+UQeYSHYPFy3HgpXvOz3P0KPeD6AYah0im5J+wb9bwWawVqX64s4ee9
i94P19Na3AiBuCo+v0CMMyrl0hwoLkrkrI0ng9mmXdktLeq/j5VN1ADsJcNs5cnS
7PfOoGBll5toViisipUvCg+k1pg8Fj3SbQ9fLtpiR83GKGBFH6GbnM3QsNooqjFF
Mfq+Eo3CfCI49CQ27fzg9FpnpqQbV9fZPVt72p4eAfBd6h515I9e2hvLKuX9Ej/B
AgMBAAGjggEeMIIBGjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglg
hkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRl
MB0GA1UdDgQWBBRymF6oK8bmdjLansuGiPBWU72dOzCBgAYDVR0jBHkwd4AUh+pK
Cb7//2FGHdAz2Ht2YFEgj52hXKRaMFgxCzAJBgNVBAYTAkdCMRAwDgYDVQQIDAdF
bmdsYW5kMRQwEgYDVQQKDAtLb2xpZGUgVGVzdDENMAsGA1UECwwEVGVzdDESMBAG
A1UEAwwJbG9jYWxob3N0ggERMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr
BgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAYVF8B9HyLAbtLfz7oDDh8SG5I38K
wwwYgTnH1hPTe6jDl1tSj1io1wLL9USHFO8Y5RVKwzZc4L9b1bBiZOByXADPNLlJ
QJZVHfGDKP+6blWIxJyj1tFP33N0DhIITOArqNDWVJ2YYTIp3vDcYdOTl+gNE0Dy
sbah5K06zjNdqJBjU19J7OuwS7HHlRW5azw+3dItB/YTH6yYtrUC0l8IifUe5zrY
kQCUplNTzScS79bjLnKsyq7SHFofAzNnK7lgD+fypedIcI74ImNZkyxMG7ox0kz+
YnYe5nOLneCMwSSlXckcA4oKnHOINVHvBLPJapXmpWXsh6yL4G+uuiJbig==
MIIDYTCCAkmgAwIBAgIJAKfnjRYUIlLEMA0GCSqGSIb3DQEBCwUAMEExFDASBgNV
BAoMC0tvbGlkZSBUZXN0MRUwEwYDVQQLDAxJbnRlcm1lZGlhdGUxEjAQBgNVBAMM
CWxvY2FsaG9zdDAeFw0yMTAyMjEwNDExNDFaFw00ODA3MDgwNDExNDFaMDkxFDAS
BgNVBAoMC0tvbGlkZSBUZXN0MQ0wCwYDVQQLDARMZWFmMRIwEAYDVQQDDAlsb2Nh
bGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4dCu1dG14MoU2
yfhpJEhcu3P5EnK37FuTJ2MR+Lg1yrFXEi1f2SAZQX9hz4MvuV3V/UXN/lUOWfPE
HiABlnH3ni/6p81Y14uzOT/+3kCzrQ6uj8YN9hPw1uCuo+msxSMxnmVtWSuKAie5
r8popcUJkzS5c2e8A0M1M7/L8DkLopiJxZShc85duzRUSkuOTwOI1mFJ0JHL4odk
HVn3y0pXJlLUsyoSIXIH6yEQZJ4K8sdf4h4lpl16NKKXzJisRUeqUf17ex3T1y7R
EIvTDDiVZ3zTaOh49y/qXHKwqNafIPnTaC0h4GQfXN83mp2TLrMuNhzbGDIEqLDt
KzKtxlvfAgMBAAGjZDBiMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLIPzaBkDozRWgi7
u43t5xfGEER7MAsGA1UdDwQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAUBgNV
HREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBALWKDlF6m+AN7m91
TQnTIolRrpXNjZ5avS0yRu8LYUu5BofeMhcz0TBmvMxPjurGaDZqATNKEhFzNibf
SxWlMijBaKiX3jSn2xAhESviqrLFQvR73j8Aqq25Ynmynw3AXYMxyNle+sHnOhli
lOF0FJoatQEoXqa6ECNvdnt8Q3imGJsUqGhpD4GFr6qn6fuidfNwhLgIllvMBmXT
LgEQkVv4gN1tc4gy1la+FAYM7F2WO5AMvmWTOID2NUYLCitQ7Z/dr+GJjiSvnH7F
WuMQWc8i9DV52btgJLJw8Pg1IerbRNhacBTDoqMz4TQtisG6HQZtyV+QyXaF+k2o
zLBZhB8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDfDCCAmSgAwIBAgIBETANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJHQjEQ
MA4GA1UECAwHRW5nbGFuZDEUMBIGA1UECgwLS29saWRlIFRlc3QxDTALBgNVBAsM
BFRlc3QxEjAQBgNVBAMMCWxvY2FsaG9zdDAgFw0xODAzMjAyMjExMDVaGA8yMjky
MDEwMjIyMTEwNVowQTEUMBIGA1UECgwLS29saWRlIFRlc3QxFTATBgNVBAsMDElu
dGVybWVkaWF0ZTESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA4/E0D1GTnwpUBebbpEL+xuuxFIfWD86R/Hot9IM/872a
AICCarQ4wzUyOK6lGnew+dNXV8q0cxqfbsUIJTfMIZLk9xc4haOHrVEkGxhh8cZn
z+cvK9nV+w1nE489GqeFhcRMT4aMTYkok30HPGhwPu1OAOae0wx8rI+xp/YQHutM
amU63P2nY0Y3fScTra+NagGBRj1CSPx9aTQFNw2DgjM+HGR4lVdvoLbRfEwihgdA
zN3ZF+JstmlUcBar8EecS55Rs9qag6MJSY2EqybaYNvyzJ9cF6qcBeocu9OmANFW
kCO/vh/CyzX6IiLfujA9+EYBSDg6qMNThdr+54zbuwIDAQABo2YwZDAdBgNVHQ4E
FgQUh+pKCb7//2FGHdAz2Ht2YFEgj50wHwYDVR0jBBgwFoAUgQtceKkR61mCgzJA
MxTaGvDanwMwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJ
KoZIhvcNAQELBQADggEBALGluU5Vq4GBBoxIGXruHXBq0YObaqE+jWyhmeTdqOWc
jl+2nppQHClwfnI7wSZ6vlEEfE+7fQwMZdIvke47vmRDx+O/p3Kcvb0q1DiiiBsY
hs+/tiCCkRML/amELVbkOQ+FOZ1X465e6C3FkFzelNost7R2kOXpNIUQgs3BdF+g
Ef0szhjKBRhgIahtMERMaymTaO9pV7HRoet0BnGsMNvzp+F+bVo/DlkT/DXMwyRA
4IQdpH4yMp49+G7RC0E8bAkd9Btr3tuufnonyN1DWWQ+UJ/zGMot2N8h03o2i4IZ
G5lZeWClTClEIRKdaIA++fX0qxjSU43gdp5vUEthEdA=
MIIDXDCCAkSgAwIBAgIJAP6ZXtailWKdMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJNQTEUMBIGA1UECgwLS29saWRlIFRlc3QxEjAQBgNV
BAMMCWxvY2FsaG9zdDAeFw0yMTAyMjEwNDExNDBaFw00ODA3MDgwNDExNDBaMEEx
FDASBgNVBAoMC0tvbGlkZSBUZXN0MRUwEwYDVQQLDAxJbnRlcm1lZGlhdGUxEjAQ
BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMCBUokGb/JOJRFmK7k1cnk5ClQfCuAZspwyS3IvZa9DSbG3pv/5b/UT6KS1/JFQ
Hqdc0NcD1M8gQKV2M3YP+flKVXafr2jEv87loc/RAjcusRJPh79H6T/iUJ5hbQ2g
iiBinsFgwKkQRjl2ywQ/NPluCOW0L/4NDWA6P6CzupAFSBefDx9nzTR330awDA5k
xiatuem2sK+S60m58O7HHck1yaz/Y+nkD5bBzOhrimTUYF8xgCIMMpPkNabwYm6z
h54dGaJRhoyh4Hoddefi2+myTquwBSlD86yMcfo+ComILwi/LPg+ywYmp9YM6zwg
CjgabC0QQ9Brj4kv+oXPCKkCAwEAAaNUMFIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4E
FgQUD5HnwQKP+zng0LwGtrbBRHUh4RAwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQM
MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQAPpqmE3Bl7AQnK3bCosIcj
wLwQ+4bAX14oQPdo0+3iqeNbY0fB6Qb4fk4GCHmJk0MzD03veSj8SRWWOlm0oqtd
5kfCMseykVXFk2IC/2Ngza2Mbu4tetUYKB7CNleC3GT0S8UAxTvcSTcY8V9EUbd4
9z7zqfNP7gJXzu6FA1oCeDPVdhGwiRX2jm3kYXzvClHMArxEgUEnUEgZwQG8Fq3g
zjAYOyhW9j9SBooFtJR25RLEEdvGuCZz30YA3W/uiqixsqqPpuKhk8vuH6pTmfC1
1FIArAbZnFarn3rpmYvrG2Bkknd3yShgBfK+wleUg6Ps8a6mnwMqZJFKk+ZctaRD
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDmDCCAoCgAwIBAgIJALt10fPSwjhiMA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV
BAYTAkdCMRAwDgYDVQQIDAdFbmdsYW5kMRQwEgYDVQQKDAtLb2xpZGUgVGVzdDEN
MAsGA1UECwwEVGVzdDESMBAGA1UEAwwJbG9jYWxob3N0MCAXDTE4MDMyMDIyMDIx
MloYDzIyOTIwMTAyMjIwMjEyWjBYMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRW5n
bGFuZDEUMBIGA1UECgwLS29saWRlIFRlc3QxDTALBgNVBAsMBFRlc3QxEjAQBgNV
BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmR
LRTYn9W9kB1QAXmY/W6g6uvKzldXFEMT+BuEtVDSCxDOgbTzdaP/BQyFBHeVKPEI
mSM04y0Jstae+sWqC+VE8cWskLDqQhmnkifxe9cm3YUb9tx0IxtnBDgcrui+E3tc
xMUD2kMti+38vESzfQ3NTuY8ojELtu5Uy17FapN4LTsxBBOHHp65+f/VBeudvXwr
SbnhtQMokNyguGZeKBgkO0eAcAnpWRA6rv5+pJIZvkqoOKOjs0Q6MjRWBFbd+kAz
89TY/f9uBlKGncxG56h/PD8XpFNIDi6nr3juSt1MIyVrFn8Jl94G/9aFlboWyy9r
a7D8yFOK9xtx9LnqNC0CAwEAAaNjMGEwHQYDVR0OBBYEFIELXHipEetZgoMyQDMU
2hrw2p8DMB8GA1UdIwQYMBaAFIELXHipEetZgoMyQDMU2hrw2p8DMA8GA1UdEwEB
/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQB4MGMp
TRT1+Z6/Dtf1XoxTat+WxMrwtOPQAZkCHIL4xP1ppMTcst5RdI5fxs82RGDBkrXr
zbsMrfF840B23nE9uphZp5G4vpJdjSZt8wsZeaf6DsHq9f0mYgexdRT8TTP14qzq
166tDUFmz28TMnsnSE/NGFnb05CyTCB5lqjSxi2TMOwzYYWT6k62M99GRM7LeqXB
qr/tTva2CJQnzYFlXTVtZnbRqknNVHgh4FLe4yIeV2R5UN8qlOXkqVi/LCy4Fmq6
tNh2DqQmAsY1NZF2YrLSsSz8XM7awPVtRKLeC7wvvkrp4Iwt/NVkHm+3FZlChThT
mhB7KKl0jotfmwfP
MIIDazCCAlOgAwIBAgIJAJmGusbxUQbSMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJNQTEUMBIGA1UECgwLS29saWRlIFRlc3QxEjAQBgNV
BAMMCWxvY2FsaG9zdDAgFw0yMTAyMjEwNDExNDBaGA8yMjk0MTIwNjA0MTE0MFow
RDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1BMRQwEgYDVQQKDAtLb2xpZGUgVGVz
dDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvYfAZDk5tyovy0DnWCywwJSH8VhT+YHPCnQEjhSKZNIrRtXe2krMSfjE
gqqnZwjRmf3tK9Dm14sYQRwSBKIR/1xnyL5BJVVTcFW+Z61vFa819QC7CFgsvy9k
AHSCG6Z+KUD0I+oU9p60tI4L3bj9XEwiZCbFeOEQYHk+wlxqXQ21g/rK7W7/dKQW
riCHev0IWmo6UagLnZ1NALWFCAor2LKTuLQit6KXQcEaYP9WkokU72/f6tRRPvvJ
ylAf9XArmW/IQhqAF19pnJ9/t+CUTHEMYCgvE4c9Y3RwnKCPNwoo3PI024DEuE7C
KiFAWAIOXkHDs3oM0WBqA7caX0QjuwIDAQABo14wXDAMBgNVHRMEBTADAQH/MB0G
A1UdDgQWBBSt50BM32eQAwHgzQD5yUYBH4yRuDAOBgNVHQ8BAf8EBAMCAgQwHQYD
VR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBT
ELjX4krOkBBm4DruulgkDURyXdWUA6bwDbC6jcY9c39+VNRo0WSr7o7A1GvEP0vj
weE0uuYvnYnxBCC39n3PDn48RyIIbzWKRuyKENVnKf/RuqJr8KN4slJ8+6nHijY6
lvnkvHxXzQPj/O2wbcAXXZaXS1SsPqk45nJM1eXRqXgmI+DKP9ZxaU/28p0TOGxS
akTgpKBGGUiJdf8V1Ghla6vMddy8yka+0wcRYtI9VY/0iBO8RUw2PJSrOWAQy8wS
EPrKN6HvUQ5DZvPEV99EhQOAJAtIMPUlzOeZdtcA93qeos4QuPOgmYm0/Z3DTtcr
BizsRCryXoQ2+82aEEsh
-----END CERTIFICATE-----
21 changes: 21 additions & 0 deletions pkg/service/testdata/certchain/intermediate.cnf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
[req]
default_bits = 2048
encrypt_key = no
default_md = sha256
prompt = no
utf8 = yes
distinguished_name = req_distinguished_name

# Extensions for SAN IP and SAN DNS
req_extensions = v3_req

[req_distinguished_name]
O = Kolide Test
OU = Intermediate
CN = localhost

[v3_req]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
keyUsage = critical, keyCertSign
extendedKeyUsage = serverAuth
37 changes: 18 additions & 19 deletions pkg/service/testdata/certchain/intermediate.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDfDCCAmSgAwIBAgIBETANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJHQjEQ
MA4GA1UECAwHRW5nbGFuZDEUMBIGA1UECgwLS29saWRlIFRlc3QxDTALBgNVBAsM
BFRlc3QxEjAQBgNVBAMMCWxvY2FsaG9zdDAgFw0xODAzMjAyMjExMDVaGA8yMjky
MDEwMjIyMTEwNVowQTEUMBIGA1UECgwLS29saWRlIFRlc3QxFTATBgNVBAsMDElu
dGVybWVkaWF0ZTESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA4/E0D1GTnwpUBebbpEL+xuuxFIfWD86R/Hot9IM/872a
AICCarQ4wzUyOK6lGnew+dNXV8q0cxqfbsUIJTfMIZLk9xc4haOHrVEkGxhh8cZn
z+cvK9nV+w1nE489GqeFhcRMT4aMTYkok30HPGhwPu1OAOae0wx8rI+xp/YQHutM
amU63P2nY0Y3fScTra+NagGBRj1CSPx9aTQFNw2DgjM+HGR4lVdvoLbRfEwihgdA
zN3ZF+JstmlUcBar8EecS55Rs9qag6MJSY2EqybaYNvyzJ9cF6qcBeocu9OmANFW
kCO/vh/CyzX6IiLfujA9+EYBSDg6qMNThdr+54zbuwIDAQABo2YwZDAdBgNVHQ4E
FgQUh+pKCb7//2FGHdAz2Ht2YFEgj50wHwYDVR0jBBgwFoAUgQtceKkR61mCgzJA
MxTaGvDanwMwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJ
KoZIhvcNAQELBQADggEBALGluU5Vq4GBBoxIGXruHXBq0YObaqE+jWyhmeTdqOWc
jl+2nppQHClwfnI7wSZ6vlEEfE+7fQwMZdIvke47vmRDx+O/p3Kcvb0q1DiiiBsY
hs+/tiCCkRML/amELVbkOQ+FOZ1X465e6C3FkFzelNost7R2kOXpNIUQgs3BdF+g
Ef0szhjKBRhgIahtMERMaymTaO9pV7HRoet0BnGsMNvzp+F+bVo/DlkT/DXMwyRA
4IQdpH4yMp49+G7RC0E8bAkd9Btr3tuufnonyN1DWWQ+UJ/zGMot2N8h03o2i4IZ
G5lZeWClTClEIRKdaIA++fX0qxjSU43gdp5vUEthEdA=
MIIDXDCCAkSgAwIBAgIJAP6ZXtailWKdMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJNQTEUMBIGA1UECgwLS29saWRlIFRlc3QxEjAQBgNV
BAMMCWxvY2FsaG9zdDAeFw0yMTAyMjEwNDExNDBaFw00ODA3MDgwNDExNDBaMEEx
FDASBgNVBAoMC0tvbGlkZSBUZXN0MRUwEwYDVQQLDAxJbnRlcm1lZGlhdGUxEjAQ
BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMCBUokGb/JOJRFmK7k1cnk5ClQfCuAZspwyS3IvZa9DSbG3pv/5b/UT6KS1/JFQ
Hqdc0NcD1M8gQKV2M3YP+flKVXafr2jEv87loc/RAjcusRJPh79H6T/iUJ5hbQ2g
iiBinsFgwKkQRjl2ywQ/NPluCOW0L/4NDWA6P6CzupAFSBefDx9nzTR330awDA5k
xiatuem2sK+S60m58O7HHck1yaz/Y+nkD5bBzOhrimTUYF8xgCIMMpPkNabwYm6z
h54dGaJRhoyh4Hoddefi2+myTquwBSlD86yMcfo+ComILwi/LPg+ywYmp9YM6zwg
CjgabC0QQ9Brj4kv+oXPCKkCAwEAAaNUMFIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4E
FgQUD5HnwQKP+zng0LwGtrbBRHUh4RAwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQM
MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQAPpqmE3Bl7AQnK3bCosIcj
wLwQ+4bAX14oQPdo0+3iqeNbY0fB6Qb4fk4GCHmJk0MzD03veSj8SRWWOlm0oqtd
5kfCMseykVXFk2IC/2Ngza2Mbu4tetUYKB7CNleC3GT0S8UAxTvcSTcY8V9EUbd4
9z7zqfNP7gJXzu6FA1oCeDPVdhGwiRX2jm3kYXzvClHMArxEgUEnUEgZwQG8Fq3g
zjAYOyhW9j9SBooFtJR25RLEEdvGuCZz30YA3W/uiqixsqqPpuKhk8vuH6pTmfC1
1FIArAbZnFarn3rpmYvrG2Bkknd3yShgBfK+wleUg6Ps8a6mnwMqZJFKk+ZctaRD
-----END CERTIFICATE-----
18 changes: 18 additions & 0 deletions pkg/service/testdata/certchain/intermediate.csr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIC6TCCAdECAQAwQTEUMBIGA1UECgwLS29saWRlIFRlc3QxFTATBgNVBAsMDElu
dGVybWVkaWF0ZTESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAwIFSiQZv8k4lEWYruTVyeTkKVB8K4BmynDJLci9lr0NJ
sbem//lv9RPopLX8kVAep1zQ1wPUzyBApXYzdg/5+UpVdp+vaMS/zuWhz9ECNy6x
Ek+Hv0fpP+JQnmFtDaCKIGKewWDAqRBGOXbLBD80+W4I5bQv/g0NYDo/oLO6kAVI
F58PH2fNNHffRrAMDmTGJq256bawr5LrSbnw7scdyTXJrP9j6eQPlsHM6GuKZNRg
XzGAIgwyk+Q1pvBibrOHnh0ZolGGjKHgeh115+Lb6bJOq7AFKUPzrIxx+j4KiYgv
CL8s+D7LBian1gzrPCAKOBpsLRBD0GuPiS/6hc8IqQIDAQABoGMwYQYJKoZIhvcN
AQkOMVQwUjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQPkefBAo/7OeDQvAa2tsFE
dSHhEDAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZI
hvcNAQELBQADggEBAEOf3zT6vyDtbJotvC0XaYVBhMe++nGIR92zcmqPnpp9pphn
5R7UMirXDO3OVvOx/4DTex8FbBwsnbnBlg65ywBQFKYaOVOfBCwccahnxK/I9nwH
UbfDTql/36JRrNIhvmLfGHDdrKvMTfax6+Xj6dERo9SLHKOaB+XC/AF5VfsKBlXw
/C/wOqUaCkDwiVxF7o7Ry+J6msK5V+qPKhpZ6muyM2qDnyEfGazOiErd0VUzWIdD
Qh3EaDWCRcnm/9s7032eTEM8pPaRDAudAXVZgjrWvIw6s+V753tFElZb3eRbP8Kw
E2WSBKRTZC3pgcsv+saVxbos//Nzz8YqZbFTU9s=
-----END CERTIFICATE REQUEST-----
Loading