├── .dockerignore
├── .gitignore
├── .travis.yml
├── BUILDING.md
├── CHANGELOG
├── Dockerfile
├── Dockerfile.build
├── Dockerfile.minimal
├── LICENSE
├── README.md
├── api
├── api.go
├── api_test.go
├── bundle
│ ├── bundle.go
│ └── bundle_test.go
├── client
│ ├── api.go
│ ├── client.go
│ ├── client_test.go
│ └── group.go
├── generator
│ ├── generator.go
│ └── generator_test.go
├── info
│ ├── info.go
│ └── info_test.go
├── initca
│ ├── initca.go
│ └── initca_test.go
├── ocsp
│ ├── ocspsign.go
│ └── ocspsign_test.go
├── scan
│ ├── scan.go
│ └── scan_test.go
├── sign
│ ├── sign.go
│ └── sign_test.go
└── testdata
│ ├── broken.pem
│ ├── broken_csr.pem
│ ├── ca-bundle.pem
│ ├── ca.pem
│ ├── ca2-key.pem
│ ├── ca2.pem
│ ├── ca_key.pem
│ ├── cert.pem
│ ├── csr.pem
│ ├── int-bundle.pem
│ ├── leaf.badkey
│ ├── leaf.key
│ └── leaf.pem
├── auth
├── auth.go
├── auth_test.go
└── testdata
│ ├── authrequest.json
│ └── request.json
├── bundler
├── bundle.go
├── bundle_from_file_test.go
├── bundle_from_pem_test.go
├── bundle_from_remote_test.go
├── bundler.go
├── bundler_sha1_deprecation_test.go
├── bundler_test.go
├── doc.go
└── testdata
│ ├── bad-bundle.pem
│ ├── ca-bundle.crt.metadata
│ ├── ca-bundle.pem
│ ├── ca.key
│ ├── ca.pem
│ ├── cfssl-leaf-ecdsa256.csr
│ ├── cfssl-leaf-ecdsa256.key
│ ├── cfssl-leaf-ecdsa256.pem
│ ├── cfssl-leaf-ecdsa384.csr
│ ├── cfssl-leaf-ecdsa384.key
│ ├── cfssl-leaf-ecdsa384.pem
│ ├── cfssl-leaf-ecdsa521.csr
│ ├── cfssl-leaf-ecdsa521.key
│ ├── cfssl-leaf-ecdsa521.pem
│ ├── cfssl-leaf-rsa2048.csr
│ ├── cfssl-leaf-rsa2048.key
│ ├── cfssl-leaf-rsa2048.pem
│ ├── cfssl-leaf-rsa3072.csr
│ ├── cfssl-leaf-rsa3072.key
│ ├── cfssl-leaf-rsa3072.pem
│ ├── cfssl-leaf-rsa4096.csr
│ ├── cfssl-leaf-rsa4096.key
│ ├── cfssl-leaf-rsa4096.pem
│ ├── cfssl-leaflet-rsa4096.pem
│ ├── dsa2048.key
│ ├── dsa2048.pem
│ ├── empty.pem
│ ├── forcebundle.pem
│ ├── froyo.pem
│ ├── int-bundle.pem
│ ├── inter-L1-expired.pem
│ ├── inter-L1-sha1.pem
│ ├── inter-L1.csr
│ ├── inter-L1.key
│ ├── inter-L1.pem
│ ├── inter-L2-direct.pem
│ ├── inter-L2-sha1.pem
│ ├── inter-L2.csr
│ ├── inter-L2.key
│ ├── inter-L2.pem
│ ├── intermediates.crt
│ ├── nss.pem
│ ├── osx.pem
│ ├── partial-bundle.pem
│ └── reverse-partial-bundle.pem
├── cli
├── bundle
│ ├── bundle.go
│ └── bundle_test.go
├── cli.go
├── cli_test.go
├── config.go
├── gencert
│ ├── gencert.go
│ └── gencert_test.go
├── genkey
│ ├── genkey.go
│ └── genkey_test.go
├── info
│ └── info.go
├── ocspserve
│ └── ocspserve.go
├── ocspsign
│ └── ocspsign.go
├── printdefault
│ ├── defaults.go
│ └── printdefault.go
├── scan
│ ├── scan.go
│ └── scan_test.go
├── selfsign
│ ├── selfsign.go
│ └── selfsign_test.go
├── serve
│ ├── README.md
│ ├── serve.go
│ ├── serve_test.go
│ └── static
│ │ ├── bundle
│ │ ├── index.html
│ │ └── scan
├── sign
│ ├── sign.go
│ └── sign_test.go
└── version
│ ├── version.go
│ ├── version_dev.go
│ └── version_test.go
├── cmd
├── cfssl
│ ├── cfssl.go
│ └── cfssl_test.go
├── cfssljson
│ ├── cfssljson.go
│ └── cfssljson_test.go
├── mkbundle
│ ├── cert-bundle.crt
│ ├── mkbundle.go
│ └── mkbundle_test.go
└── multirootca
│ ├── api.go
│ ├── ca.go
│ └── config
│ ├── config.go
│ ├── config_test.go
│ └── testdata
│ ├── bad.conf
│ ├── badconfig.json
│ ├── config.json
│ ├── roots.conf
│ ├── roots_bad_certificate.conf
│ ├── roots_bad_private_key.conf
│ ├── roots_bad_whitelist.conf
│ ├── roots_bad_whitelist2.conf
│ ├── roots_badconfig.conf
│ ├── roots_badspec.conf
│ ├── roots_badspec2.conf
│ ├── roots_badspec3.conf
│ ├── roots_der.conf
│ ├── roots_ksm.conf
│ ├── roots_missing_certificate.conf
│ ├── roots_missing_certificate_entry.conf
│ ├── roots_missing_private.conf
│ ├── roots_missing_private_key_entry.conf
│ ├── roots_no_kdl_private_key.conf
│ ├── roots_whitelist.conf
│ ├── roots_whitelist_ipv6.conf
│ ├── server.crt
│ ├── server.der
│ ├── server.key
│ ├── test.conf
│ └── test2.conf
├── config
├── config.go
├── config_test.go
└── testdata
│ ├── invalid_auth.json
│ ├── invalid_auth_bad_key.json
│ ├── invalid_config.json
│ ├── invalid_default.json
│ ├── invalid_no_auth_keys.json
│ ├── invalid_no_remotes.json
│ ├── invalid_profile.json
│ ├── invalid_remotes.json
│ ├── invalid_usage.json
│ ├── valid_config.json
│ ├── valid_config_auth.json
│ ├── valid_config_auth_no_default.json
│ └── valid_config_no_default.json
├── crypto
├── doc.go
├── pkcs11key
│ ├── config.go
│ ├── key.go
│ ├── key_test.go
│ ├── pkcs11key_bench_test.go
│ ├── pkcs11key_stub.go
│ └── pool.go
├── pkcs12
│ ├── crypto.go
│ ├── pbkdf
│ │ └── pbkdf.go
│ └── pkcs12.go
└── pkcs7
│ └── pkcs7.go
├── csr
├── csr.go
└── csr_test.go
├── doc
├── README.txt
├── api
│ ├── endpoint_authsign.txt
│ ├── endpoint_bundle.txt
│ ├── endpoint_info.txt
│ ├── endpoint_init_ca.txt
│ ├── endpoint_newcert.txt
│ ├── endpoint_newkey.txt
│ ├── endpoint_scan.txt
│ ├── endpoint_scaninfo.txt
│ ├── endpoint_sign.txt
│ └── intro.txt
├── authentication.txt
├── bootstrap.txt
├── ca-bundle.crt.metadata.sample
├── cmd
│ ├── cfssl.txt
│ └── multiroot.txt
└── errorcode.txt
├── errors
├── doc.go
├── error.go
├── error_test.go
└── http.go
├── helpers
├── derhelpers
│ └── derhelpers.go
├── helpers.go
├── helpers_test.go
├── pkcs11uri
│ ├── pkcs11uri.go
│ ├── pkcs11uri_test.go
│ └── testdata
│ │ └── pin
├── testdata
│ ├── bundle.pem
│ ├── bundle_pkcs7.pem
│ ├── bundle_with_whitespace.pem
│ ├── cert.der
│ ├── cert.pem
│ ├── cert_pkcs7.pem
│ ├── cert_with_whitespace.pem
│ ├── ecdsa256.csr
│ ├── empty.pem
│ ├── emptycert.pem
│ ├── emptypasswordpkcs12.p12
│ ├── enc_priv_key.pem
│ ├── messed_up_bundle.pem
│ ├── messed_up_priv_key.pem
│ ├── messedupcert.pem
│ ├── multiplecerts.p12
│ ├── noheadercert.pem
│ ├── passwordpkcs12.p12
│ ├── priv_rsa_key.pem
│ ├── private_ecdsa_key.pem
│ └── secp256k1-key.pem
└── testsuite
│ ├── testdata
│ ├── cert_csr.json
│ └── initCA
│ │ ├── ca_csr.json
│ │ └── cfssl_output.pem
│ ├── testing_helpers.go
│ └── testing_helpers_test.go
├── info
└── info.go
├── initca
├── initca.go
├── initca_test.go
└── testdata
│ ├── ecdsa256.csr
│ ├── ecdsa384.csr
│ ├── ecdsa521.csr
│ ├── rsa2048.csr
│ ├── rsa3072.csr
│ └── rsa4096.csr
├── log
├── log.go
└── log_test.go
├── ocsp
├── config
│ └── config.go
├── ocsp.go
├── ocsp_test.go
├── pkcs11
│ ├── pkcs11.go
│ └── pkcs11_stub.go
├── responder.go
├── responder_test.go
├── testdata
│ ├── ca-key.pem
│ ├── ca.pem
│ ├── cert.pem
│ ├── resp64.pem
│ ├── response.pem
│ ├── response_broken.pem
│ ├── response_mix.pem
│ ├── server.crt
│ ├── server.key
│ ├── server_broken.crt
│ └── server_broken.key
└── universal
│ └── universal.go
├── revoke
├── revoke.go
└── revoke_test.go
├── scan
├── broad.go
├── connectivity.go
├── pki.go
├── scan_common.go
├── scan_common_test.go
├── tls_handshake.go
└── tls_session.go
├── script
└── build
├── selfsign
├── selfsign.go
└── selfsign_test.go
├── signer
├── local
│ ├── local.go
│ ├── local_test.go
│ └── testdata
│ │ ├── ca.pem
│ │ ├── ca_key.pem
│ │ ├── ecdsa256-inter.csr
│ │ ├── ecdsa256-inter.key
│ │ ├── ecdsa256.csr
│ │ ├── ecdsa256_ca.pem
│ │ ├── ecdsa256_ca_key.pem
│ │ ├── ecdsa384.csr
│ │ ├── ecdsa521.csr
│ │ ├── ex.csr
│ │ ├── ip.csr
│ │ ├── key.pem
│ │ ├── rsa2048-inter.csr
│ │ ├── rsa2048-inter.key
│ │ ├── rsa2048.csr
│ │ ├── rsa3072.csr
│ │ ├── rsa4096.csr
│ │ ├── san_domain.csr
│ │ └── test.csr
├── pkcs11
│ ├── doc.go
│ ├── pkcs11.go
│ └── pkcs11_stub.go
├── remote
│ ├── remote.go
│ ├── remote_test.go
│ └── testdata
│ │ ├── ca.pem
│ │ └── ca_key.pem
├── signer.go
├── signer_test.go
└── universal
│ ├── universal.go
│ └── universal_test.go
├── test.sh
├── testdata
├── csr.json
├── garbage.crt
├── garbage.key
├── gd_bundle.crt
├── good_config.json
├── roots
│ └── httplib2_cacerts.txt
├── server.crt
├── server.csr
├── server.key
├── ssl-verifier.sh
├── temp.crt
└── test.py
├── ubiquity
├── filter.go
├── performance.go
├── sha1.go
├── testdata
│ ├── ca.pem.metadata
│ ├── ecdsa256sha2.pem
│ ├── ecdsa384sha2.pem
│ ├── ecdsa521sha2.pem
│ ├── godzilla.pem
│ ├── macrosoft.pem
│ ├── pineapple.pem
│ ├── rsa1024sha1.pem
│ ├── rsa2048sha2.pem
│ ├── rsa3072sha2.pem
│ └── rsa4096sha2.pem
├── ubiquity_crypto.go
├── ubiquity_platform.go
└── ubiquity_test.go
└── whitelist
├── LICENSE
├── README.md
├── example
└── example_whitelist.go
├── http_test.go
├── lookup.go
├── whitelist.go
├── whitelist_net.go
├── whitelist_net_test.go
└── whitelist_test.go
/.dockerignore:
--------------------------------------------------------------------------------
1 | cfssl_*
2 | *-amd64
3 | *-386
4 | dist/*
5 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | cfssl_*
2 | *-amd64
3 | *-386
4 | dist/*
5 | cli/serve/static.rice-box.go
6 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | sudo: false
2 | language: go
3 | go:
4 | - 1.4
5 | - 1.5
6 | before_install:
7 | # CFSSL consists of multiple Go packages, which refer to each other by
8 | # their absolute GitHub path, e.g. github.com/cloudflare/crypto/pkcs11key.
9 | # That means, by default, if someone forks the repo and makes changes across
10 | # multiple packages within CFSSL, Travis won't pass for the branch on their
11 | # own repo. To fix that, we add a symlink.
12 | - mkdir -p $TRAVIS_BUILD_DIR $GOPATH/src/github.com/cloudflare
13 | - test ! -d $GOPATH/src/github.com/cloudflare/cfssl && ln -s $TRAVIS_BUILD_DIR $GOPATH/src/github.com/cloudflare/cfssl || true
14 |
15 | before_script:
16 | - go get golang.org/x/tools/cmd/vet
17 | - go get golang.org/x/tools/cmd/goimports
18 | - go get github.com/onsi/gomega
19 | - go get github.com/onsi/ginkgo
20 | - go get -u github.com/golang/lint/golint
21 | - go get golang.org/x/tools/cmd/cover
22 | - go get github.com/modocache/gover
23 | - go get -v github.com/GeertJohan/fgt
24 | script:
25 | - ./test.sh
26 | notifications:
27 | email:
28 | recipients:
29 | - nick@cloudflare.com
30 | - zi@cloudflare.com
31 | - kyle@cloudflare.com
32 | on_success: never
33 | on_failure: change
34 | env:
35 | - secure: "OmaaZ3jhU9VQ/0SYpenUJEfnmKy/MwExkefFRpDbkRSu/hTQpxxALAZV5WEHo7gxLRMRI0pytLo7w+lAd2FlX1CNcyY62MUicta/8P2twsxp+lR3v1bJ7dwk6qsDbO7Nvv3BKPCDQCHUkggbAEJaHEQGdLk4ursNEB1aGimuCEc="
36 | after_success:
37 | - bash <(curl -s https://codecov.io/bash) -f coverprofile.txt
38 |
--------------------------------------------------------------------------------
/BUILDING.md:
--------------------------------------------------------------------------------
1 | # How to Build CFSSL
2 |
3 | ## Docker
4 |
5 | The requirements to build `CFSSL` are:
6 |
7 | 1. A running instance of Docker
8 | 2. The `bash` shell
9 |
10 | To build, run:
11 |
12 | $ script/build
13 |
14 | This is will build by default all the cfssl command line utilities
15 | for darwin (OSX), linux, and windows for i386 and amd64 and output the
16 | binaries in the current path.
17 |
18 | To build a specific platform and OS, run:
19 |
20 | $ script/build -os="darwin" -arch="amd64"
21 |
22 | Note: for cross-compilation compatibility, the Docker build process will
23 | build programs without PKCS #11.
24 |
25 | ## Without Docker
26 |
27 | The requirements to build without Docker are:
28 |
29 | 1. Go version 1.4 is the minimum required version of Go.
30 | 2. A properly configured go environment
31 | 3. A properly configured GOPATH
32 | 4. The default behaviour is to build with PKCS #11, which requires the
33 | `gcc` compiler and the libtool development library and header files. On
34 | Ubuntu, this is `libltdl-dev`.
35 |
36 | To build with PKCS #11 support, run:
37 |
38 | $ go get -d ./...
39 | $ go build cmd/...
40 |
41 | To build without PKCS #11 support:
42 |
43 | $ go get -d ./...
44 | $ go build -tags nopkcs11 cmd/...
45 |
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM golang:1.4.2
2 |
3 | WORKDIR /go/src/github.com/cloudflare/cfssl
4 |
5 | ENV GOPATH /go/src/github.com/cloudflare/cfssl:/go
6 | ENV USER root
7 |
8 | EXPOSE 8888
9 |
10 | CMD ["cfssl"]
11 |
12 | RUN go get github.com/cloudflare/cf-tls/tls
13 | RUN go get github.com/cloudflare/go-metrics
14 | RUN go get github.com/cloudflare/redoctober/core
15 | RUN go get github.com/dgryski/go-rc2
16 | RUN go get golang.org/x/crypto/ocsp
17 | RUN go get github.com/GeertJohan/go.rice
18 |
19 | ADD . /go/src/github.com/cloudflare/cfssl
20 |
21 | RUN go build cmd/... && \
22 | cp cfssl /usr/local/bin && \
23 | cp multirootca /usr/local/bin
24 |
25 | WORKDIR /opt
26 |
--------------------------------------------------------------------------------
/Dockerfile.build:
--------------------------------------------------------------------------------
1 | FROM golang:1.4.2-cross
2 |
3 | # TODO: Vendor these `go get` commands using Godep.
4 | RUN go get github.com/mitchellh/gox
5 | RUN go get github.com/tools/godep
6 | RUN go get github.com/cloudflare/cf-tls/tls
7 | RUN go get github.com/cloudflare/go-metrics
8 | RUN go get github.com/cloudflare/redoctober/core
9 | RUN go get github.com/dgryski/go-rc2
10 | RUN go get golang.org/x/crypto/ocsp
11 | RUN go get github.com/GeertJohan/go.rice
12 |
13 | ENV GOPATH /go/src/github.com/cloudflare/cfssl:/go
14 | ENV USER root
15 |
16 | WORKDIR /go/src/github.com/cloudflare/cfssl
17 |
18 | ADD . /go/src/github.com/cloudflare/cfssl
19 |
--------------------------------------------------------------------------------
/Dockerfile.minimal:
--------------------------------------------------------------------------------
1 | FROM gliderlabs/alpine:3.2
2 |
3 | WORKDIR /go/src/github.com/cloudflare/cfssl
4 |
5 | ENV GOPATH /go:/go/src/github.com/cloudflare/cfssl
6 | ENV USER root
7 |
8 | EXPOSE 8888
9 |
10 | ENTRYPOINT ["/usr/bin/cfssl"]
11 |
12 | ADD . /go/src/github.com/cloudflare/cfssl
13 |
14 | RUN apk update && \
15 | apk add go git gcc libc-dev libltdl libtool libgcc && \
16 | echo "About go get..." && \
17 | go get github.com/cloudflare/cf-tls/tls && \
18 | go get github.com/cloudflare/go-metrics && \
19 | go get github.com/cloudflare/redoctober/core && \
20 | go get github.com/dgryski/go-rc2 && \
21 | go get golang.org/x/crypto/ocsp && \
22 | go get github.com/GeertJohan/go.rice && \
23 | go get github.com/miekg/pkcs11 && \
24 | echo "About build..." && \
25 | (cd cmd/cfssl && go build . ) && \
26 | (cd cmd/cfssljson && go build . ) && \
27 | (cd cmd/mkbundle && go build . ) && \
28 | (cd cmd/multirootca && go build . ) && \
29 | echo "About copy binaries..." && \
30 | mv cmd/cfssl/cfssl /usr/bin && \
31 | mv cmd/cfssljson/cfssljson /usr/bin && \
32 | mv cmd/mkbundle/mkbundle /usr/bin && \
33 | mv cmd/multirootca/multirootca /usr/bin && \
34 | echo "Cleaning up..." && \
35 | apk del go git gcc libc-dev libtool libgcc && \
36 | mv /go/src/github.com/cloudflare/cfssl/cli/serve/static /static && \
37 | rm -rf /go && \
38 | mkdir -p /go/src/github.com/cloudflare/cfssl/cli/serve && \
39 | mv /static /go/src/github.com/cloudflare/cfssl/cli/serve/static && \
40 | echo "Build complete."
41 |
42 |
43 | VOLUME [ "/etc/cfssl" ]
44 | WORKDIR /etc/cfssl
45 |
46 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2014 CloudFlare Inc.
2 |
3 | Redistribution and use in source and binary forms, with or without
4 | modification, are permitted provided that the following conditions
5 | are met:
6 |
7 | Redistributions of source code must retain the above copyright notice,
8 | this list of conditions and the following disclaimer.
9 |
10 | Redistributions in binary form must reproduce the above copyright notice,
11 | this list of conditions and the following disclaimer in the documentation
12 | and/or other materials provided with the distribution.
13 |
14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
15 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
16 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
17 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
18 | HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
19 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
20 | TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
21 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
22 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
23 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
24 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 |
--------------------------------------------------------------------------------
/api/client/api.go:
--------------------------------------------------------------------------------
1 | package client
2 |
3 | // SignResult is the result of signing a CSR.
4 | type SignResult struct {
5 | Certificate []byte `json:"certificate"`
6 | }
7 |
--------------------------------------------------------------------------------
/api/generator/generator_test.go:
--------------------------------------------------------------------------------
1 | package generator
2 |
3 | import (
4 | "bytes"
5 | "encoding/json"
6 | "net/http"
7 | "net/http/httptest"
8 | "testing"
9 |
10 | "github.com/cloudflare/cfssl/csr"
11 | )
12 |
13 | func csrData(t *testing.T) *bytes.Reader {
14 | req := &csr.CertificateRequest{
15 | Names: []csr.Name{
16 | {
17 | C: "US",
18 | ST: "California",
19 | L: "San Francisco",
20 | O: "CloudFlare",
21 | OU: "Systems Engineering",
22 | },
23 | },
24 | CN: "cloudflare.com",
25 | Hosts: []string{"cloudflare.com"},
26 | KeyRequest: csr.NewBasicKeyRequest(),
27 | }
28 | csrBytes, err := json.Marshal(req)
29 | if err != nil {
30 | t.Fatal(err)
31 | }
32 | return bytes.NewReader(csrBytes)
33 | }
34 |
35 | func TestGeneratorRESTfulVerbs(t *testing.T) {
36 | handler, _ := NewHandler(CSRValidate)
37 | ts := httptest.NewServer(handler)
38 | data := csrData(t)
39 | // POST should work.
40 | req, _ := http.NewRequest("POST", ts.URL, data)
41 | resp, _ := http.DefaultClient.Do(req)
42 | if resp.StatusCode != http.StatusOK {
43 | t.Fatal(resp.Status)
44 | }
45 |
46 | // Test GET, PUT, DELETE and whatever, expect 400 errors.
47 | req, _ = http.NewRequest("GET", ts.URL, data)
48 | resp, _ = http.DefaultClient.Do(req)
49 | if resp.StatusCode != http.StatusMethodNotAllowed {
50 | t.Fatal(resp.Status)
51 | }
52 | req, _ = http.NewRequest("PUT", ts.URL, data)
53 | resp, _ = http.DefaultClient.Do(req)
54 | if resp.StatusCode != http.StatusMethodNotAllowed {
55 | t.Fatal(resp.Status)
56 | }
57 | req, _ = http.NewRequest("DELETE", ts.URL, data)
58 | resp, _ = http.DefaultClient.Do(req)
59 | if resp.StatusCode != http.StatusMethodNotAllowed {
60 | t.Fatal(resp.Status)
61 | }
62 | req, _ = http.NewRequest("WHATEVER", ts.URL, data)
63 | resp, _ = http.DefaultClient.Do(req)
64 | if resp.StatusCode != http.StatusMethodNotAllowed {
65 | t.Fatal(resp.Status)
66 | }
67 | }
68 |
--------------------------------------------------------------------------------
/api/initca/initca.go:
--------------------------------------------------------------------------------
1 | // Package initca implements the HTTP handler for the CA initialization command
2 | package initca
3 |
4 | import (
5 | "encoding/json"
6 | "io/ioutil"
7 | "net/http"
8 |
9 | "github.com/cloudflare/cfssl/api"
10 | "github.com/cloudflare/cfssl/csr"
11 | "github.com/cloudflare/cfssl/errors"
12 | "github.com/cloudflare/cfssl/initca"
13 | "github.com/cloudflare/cfssl/log"
14 | )
15 |
16 | // A NewCA contains a private key and certificate suitable for serving
17 | // as the root key for a new certificate authority.
18 | type NewCA struct {
19 | Key string `json:"private_key"`
20 | Cert string `json:"certificate"`
21 | }
22 |
23 | // initialCAHandler is an HTTP handler that accepts a JSON blob in the
24 | // same format as the CSR endpoint; this blob should contain the
25 | // identity information for the CA's root key. This endpoint is not
26 | // suitable for creating intermediate certificates.
27 | func initialCAHandler(w http.ResponseWriter, r *http.Request) error {
28 | log.Info("setting up initial CA handler")
29 | body, err := ioutil.ReadAll(r.Body)
30 | if err != nil {
31 | log.Warningf("failed to read request body: %v", err)
32 | return errors.NewBadRequest(err)
33 | }
34 |
35 | req := new(csr.CertificateRequest)
36 | req.KeyRequest = csr.NewBasicKeyRequest()
37 | err = json.Unmarshal(body, req)
38 | if err != nil {
39 | log.Warningf("failed to unmarshal request: %v", err)
40 | return errors.NewBadRequest(err)
41 | }
42 |
43 | cert, _, key, err := initca.New(req)
44 | if err != nil {
45 | log.Warningf("failed to initialise new CA: %v", err)
46 | return err
47 | }
48 |
49 | response := api.NewSuccessResponse(&NewCA{string(key), string(cert)})
50 |
51 | enc := json.NewEncoder(w)
52 | err = enc.Encode(response)
53 | return err
54 | }
55 |
56 | // NewHandler returns a new http.Handler that handles request to
57 | // initialize a CA.
58 | func NewHandler() http.Handler {
59 | return api.HTTPHandler{Handler: api.HandlerFunc(initialCAHandler), Methods: []string{"POST"}}
60 | }
61 |
--------------------------------------------------------------------------------
/api/initca/initca_test.go:
--------------------------------------------------------------------------------
1 | package initca
2 |
3 | import (
4 | "bytes"
5 | "encoding/json"
6 | "net/http"
7 | "net/http/httptest"
8 | "testing"
9 |
10 | "github.com/cloudflare/cfssl/csr"
11 | )
12 |
13 | func csrData(t *testing.T) *bytes.Reader {
14 | req := &csr.CertificateRequest{
15 | Names: []csr.Name{
16 | {
17 | C: "US",
18 | ST: "California",
19 | L: "San Francisco",
20 | O: "CloudFlare",
21 | OU: "Systems Engineering",
22 | },
23 | },
24 | CN: "cloudflare.com",
25 | Hosts: []string{"cloudflare.com"},
26 | KeyRequest: csr.NewBasicKeyRequest(),
27 | }
28 | csrBytes, err := json.Marshal(req)
29 | if err != nil {
30 | t.Fatal(err)
31 | }
32 | return bytes.NewReader(csrBytes)
33 | }
34 |
35 | func TestInitCARESTfulVerbs(t *testing.T) {
36 | ts := httptest.NewServer(NewHandler())
37 | data := csrData(t)
38 | // POST should work.
39 | req, _ := http.NewRequest("POST", ts.URL, data)
40 | resp, _ := http.DefaultClient.Do(req)
41 | if resp.StatusCode != http.StatusOK {
42 | t.Fatal(resp.Status)
43 | }
44 |
45 | // Test GET, PUT, DELETE and whatever, expect 400 errors.
46 | req, _ = http.NewRequest("GET", ts.URL, data)
47 | resp, _ = http.DefaultClient.Do(req)
48 | if resp.StatusCode != http.StatusMethodNotAllowed {
49 | t.Fatal(resp.Status)
50 | }
51 | req, _ = http.NewRequest("PUT", ts.URL, data)
52 | resp, _ = http.DefaultClient.Do(req)
53 | if resp.StatusCode != http.StatusMethodNotAllowed {
54 | t.Fatal(resp.Status)
55 | }
56 | req, _ = http.NewRequest("DELETE", ts.URL, data)
57 | resp, _ = http.DefaultClient.Do(req)
58 | if resp.StatusCode != http.StatusMethodNotAllowed {
59 | t.Fatal(resp.Status)
60 | }
61 | req, _ = http.NewRequest("WHATEVER", ts.URL, data)
62 | resp, _ = http.DefaultClient.Do(req)
63 | if resp.StatusCode != http.StatusMethodNotAllowed {
64 | t.Fatal(resp.Status)
65 | }
66 | }
67 |
--------------------------------------------------------------------------------
/api/scan/scan.go:
--------------------------------------------------------------------------------
1 | package scan
2 |
3 | import (
4 | "encoding/json"
5 | "net/http"
6 |
7 | "github.com/cloudflare/cfssl/api"
8 | "github.com/cloudflare/cfssl/errors"
9 | "github.com/cloudflare/cfssl/log"
10 | "github.com/cloudflare/cfssl/scan"
11 | )
12 |
13 | // scanHandler is an HTTP handler that accepts GET parameters for host (required)
14 | // family and scanner, and uses these to perform scans, returning a JSON blob result.
15 | func scanHandler(w http.ResponseWriter, r *http.Request) error {
16 | if err := r.ParseForm(); err != nil {
17 | log.Warningf("failed to parse body: %v", err)
18 | return errors.NewBadRequest(err)
19 | }
20 |
21 | family := r.Form.Get("family")
22 | scanner := r.Form.Get("scanner")
23 | ip := r.Form.Get("ip")
24 | host := r.Form.Get("host")
25 | if host == "" {
26 | log.Warningf("no host given")
27 | return errors.NewBadRequestString("no host given")
28 | }
29 |
30 |
31 | results, err := scan.Default.RunScans(host, ip, family, scanner, 0)
32 | if err != nil {
33 | log.Warningf("%v", err)
34 | return errors.NewBadRequest(err)
35 | }
36 |
37 | response := api.NewSuccessResponse(results)
38 | enc := json.NewEncoder(w)
39 | return enc.Encode(response)
40 | }
41 |
42 | // NewHandler returns a new http.Handler that handles a scan request.
43 | func NewHandler() http.Handler {
44 | return api.HTTPHandler{
45 | Handler: api.HandlerFunc(scanHandler),
46 | Methods: []string{"GET"},
47 | }
48 | }
49 |
50 | // scanInfoHandler is an HTTP handler that returns a JSON blob result describing
51 | // the possible families and scans to be run.
52 | func scanInfoHandler(w http.ResponseWriter, r *http.Request) error {
53 | log.Info("setting up scaninfo handler")
54 | response := api.NewSuccessResponse(scan.Default)
55 | enc := json.NewEncoder(w)
56 | err := enc.Encode(response)
57 | return err
58 | }
59 |
60 | // NewInfoHandler returns a new http.Handler that handles a request for scan info.
61 | func NewInfoHandler() http.Handler {
62 | return api.HTTPHandler{Handler: api.HandlerFunc(scanInfoHandler), Methods: []string{"GET"}}
63 | }
64 |
--------------------------------------------------------------------------------
/api/scan/scan_test.go:
--------------------------------------------------------------------------------
1 | package scan
2 |
--------------------------------------------------------------------------------
/api/testdata/broken.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICATCCAWoCCQDidF+uNJR6czANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
3 | cyBQdHkgTHRkMB4XDTEyMDUwMTIyNTUxN1oXDTEzMDUwMTIyNTUxN1owRTELMAkG
4 | A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
5 | nodhz31kLEJoeLSkRmrv8l7exkGtO0REtIbirj9BBy64ZXVBE7khKGO2cnM8U7yj
6 | w7Ntfh+IvCjZVA3d2XqHS3Pjrt4HmU/cGCONE8+NEXoqdzLUDPOix1qDDRBvXs81
7 | IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpjl
8 | KAV2qh6CYHZbdqixhDerjvJcD4Nsd7kExEZfHuECAwEAATANBgkqhkiG9w0BAQUF
9 | AAOBgQCyOqs7+qpMrYCgL6OamDeCVojLoEp036PsnaYWf2NPmsVXdpYW40Foyyjp
10 | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
11 | iv5otkxO5rxtGPv7o2J1eMBpCuSkydvoz3Ey/QwGqbBwEXQ4xYCgra336gqW2KQt
12 | +LnDCkE8f5oBhCIisExc2i8PDvsRsY70g/2gs983ImJjVR8sDw==
13 | -----END CERTIFICATE-----
14 |
--------------------------------------------------------------------------------
/api/testdata/broken_csr.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIFGzCCAwUCAQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMR0wGwYDVQQDExRjbG91ZGZsYXJl
5 | LWludGVyLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOUKdX6+
6 | PSxU/LxKocsCUj7HCc+FaDOPZV68Po3PVm7UF5DmbnLgJYJ/4aZEZM/v5r8LnXQX
7 | DqumYicHQ2DHHBDasLTx8m0KeKOUYf9WMQ8gdjmVFoCiZwzxGDHok66/0Glkkqmv
8 | 2nJQxXncl5ZFta4sfmcQx3KT02l61LaBbG3j8PbRCWEr+0eRE6twuYRR13AgZ3AT
9 | wnMjzxzvsW67qmAy0cq+XgYYfTK9vhPs+8J0fxXa0Iftu3yuhd30xLIVXLu45GR+
10 | i6KnsSxVERSaVxjkS+lHXjUpdtmqI5CK6wn67vqYRRA2TzAJHX8Jb+KL2/UEo5WN
11 | fAJ8S0heODQA8nHVU1JIfpegOlQRMv55DgnQUv1c1uwO5hqvv7MPQ3X/m9Kjccs1
12 | FBH1/SVuzKyxYEQ34LErX3HI+6avbVnRtTR/UHkfnZVIXSrcjUm73BGj33hrtiKl
13 | 0ZyZnaUKGZPuvebOUFNiXemhTbqrfi/zAb1Tsm/h+xkn5EZ5sMj5NHdAbpih3TqX
14 | 2gRhnFZcFjtJM6zzC5O7eG5Kdqf8iladXTXtWxzrUPkb5CupzFl1dyS3dqdkoIXv
15 | kmlScnu+6jBOaYeVvwogxr2Y69y4Zfg/qbPyBOLZquX9ovbuSP1DQmC//LV5t7YH
16 | HY/1MXr5U0MMvcn+9JWUV6ou3at4AgEqfK0vAgMBAAGgSzBJBgkqhkiG9w0BCQ4x
17 | PDA6MDgGA1UdEQQxMC+CFGNsb3VkZmxhcmUtaW50ZXIuY29tghd3d3djbG91ZGZs
18 | YXJlLWludGVyLmNvbTALBgkqhkiG9w0BAQ0DggIBAHtSt/v+IHQmSK5UiQWwjRWA
19 | ZezIWVlJuselW8DEPNHzDtnraVhjPSFP995Cqh9fc89kx2Bt9hDhjNteTB+pJW6B
20 | aCRRZygJ6/m3Ii1XqTFgfEJBWwuIX1Req0PCW/ayegdLzzYbSZ31wRICCveBQyGw
21 | vRtzIBUeMvz9MgLJ8zx7eN7fDhrvy+Y1SkC4g0sAQTYYfM9P/He4k5hx79hmd2YC
22 | mUDAlNZV0g0dY0qR4cITmhniIFW5iZBplY7DmqooUXrj5yEga2QMj/RA16lPzHbz
23 | 7ceUlcH2L6/V6zMR/rfCiGRoWInxWSuuJhLIVLmoEo0590w6KVEZifHxsRpl4l09
24 | imvzwTSQGIrY8jF9AxOD0rRA9wXCT9h8XtBWyJZ1/DmzJG8+7oZ/HdE9XhzwNujD
25 | Q6lBOj+dznju7k/snYCZVq501JLPeql8vQrq0O/xSqSK4yN1IG4NisZeDK2BZEOy
26 | QhnKXodIKf+zXnFw86lZ/ZwHQFr6jOSxmbrZ2OiY34m7Yd9oeIaMPviysRih2x4Q
27 | O6DFz72f97+xFZuXIbmn8DPQV8U9bk/gbrfUCPnx/icS8UoPsBKc9Gio0FZO4+8A
28 | 4/ac3oeN0zy/WjsBP+J50CRUXMrRI9KO+/bI4pcT14B31YbuSo6ygIkIkj7YDh36
29 | +4ZG6HnUPQI8HteF9hzp=BROKEN==
30 | -----END CERTIFICATE REQUEST-----
31 |
--------------------------------------------------------------------------------
/api/testdata/ca-bundle.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICyDCCAjGgAwIBAgIJAPCgd7rafQZGMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
3 | BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
4 | c2NvMRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQLDAtERVZfVEVTVElORzEW
5 | MBQGA1UEAwwNQ0ZTU0xfVEVTVF9DQTAeFw0xNDA0MTExNjQyMjBaFw0yNDA0MDgx
6 | NjQyMjBaMH0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYD
7 | VQQHDA1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQL
8 | DAtERVZfVEVTVElORzEWMBQGA1UEAwwNQ0ZTU0xfVEVTVF9DQTCBnzANBgkqhkiG
9 | 9w0BAQEFAAOBjQAwgYkCgYEAm6f+jkP2t5q/vM0YAUZZkhq/EAYD+L1CMS59jJOL
10 | omfDnKUWOGKi/k7URBg1HNL3vm7/ESDazZWFy9l/nibWxNkSUPkQIrvrGsNivkRU
11 | zXkwgNX8IN8LOYAQ3BWxAqitXTpLjf4FeCTB6G59v9eYlAX3kicXRdY+cqhEvLFb
12 | u3MCAwEAAaNQME4wHQYDVR0OBBYEFLhe765nULfW8wflar5Vs2c6DZI+MB8GA1Ud
13 | IwQYMBaAFLhe765nULfW8wflar5Vs2c6DZI+MAwGA1UdEwQFMAMBAf8wDQYJKoZI
14 | hvcNAQEFBQADgYEABYqqOUq3ZrtMYaTAoeA7Cr/OBMjBV+/TiOe8fRNoPZ7+aKSg
15 | E1baohCGqougm+/XOtBXeLv5tVQihz/2iKdwHmX4HjkxzevAXyazjxeW4IDA21Jl
16 | fKd7xUJHM0Du/opoDkXWr/vRVztOB33ndlAK7ruSLfTR3E9HoUe3aRH7ceQ=
17 | -----END CERTIFICATE-----
18 |
--------------------------------------------------------------------------------
/api/testdata/ca.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEmzCCA4OgAwIBAgIMAMSvNBgypwaaSQ5iMA0GCSqGSIb3DQEBBQUAMIGMMQsw
3 | CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
4 | YW5jaXNjbzETMBEGA1UEChMKQ0ZTU0wgVEVTVDEbMBkGA1UEAxMSQ0ZTU0wgVEVT
5 | VCBSb290IENBMR4wHAYJKoZIhvcNAQkBFg90ZXN0QHRlc3QubG9jYWwwHhcNMTIx
6 | MjEyMDIxMDMxWhcNMjIxMDIxMDIxMDMxWjCBjDELMAkGA1UEBhMCVVMxEzARBgNV
7 | BAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAoT
8 | CkNGU1NMIFRFU1QxGzAZBgNVBAMTEkNGU1NMIFRFU1QgUm9vdCBDQTEeMBwGCSqG
9 | SIb3DQEJARYPdGVzdEB0ZXN0LmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
10 | MIIBCgKCAQEAsRp1xSfIDoD/40Bo4Hls3sFn4dav5NgxbZGpVyGF7dJI9u0eEnL4
11 | BUGssPaUFLWC83CZxujUEiEfE0oKX+uOhhGv3+j5xSTNM764m2eSiN53cdZtK05d
12 | hwq9uS8LtjKOQeN1mQ5qmiqxBMdjkKgMsVw5lMCgoYKo57kaKFyXzdpNVDzqw+pt
13 | HWmuNtDQjK3qT5Ma06mYPmIGYhIZYLY7oJGg9ZEaNR0GIw4zIT5JRsNiaSb5wTLw
14 | aa0n/4vLJyVjLJcYmJBvZWj8g+taK+C4INu/jGux+bmsC9hq14tbOaTNAn/NE0qN
15 | 8oHwcRBEqfOdEYdZkxI5NWPiKNW/Q+AeXQIDAQABo4H6MIH3MB0GA1UdDgQWBBS3
16 | 0veEuqg51fusEM4p/YuWpBPsvTCBxAYDVR0jBIG8MIG5gBS30veEuqg51fusEM4p
17 | /YuWpBPsvaGBkqSBjzCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju
18 | aWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAoTCkNGU1NMIFRFU1Qx
19 | GzAZBgNVBAMTEkNGU1NMIFRFU1QgUm9vdCBDQTEeMBwGCSqGSIb3DQEJARYPdGVz
20 | dEB0ZXN0LmxvY2FsggwAxK80GDKnBppJDmIwDwYDVR0TBAgwBgEB/wIBADANBgkq
21 | hkiG9w0BAQUFAAOCAQEAJ7r1EZYDwed6rS0+YKHdkRGRQ5Rz6A9DIVBPXrSMAGj3
22 | F5EF2m/GJbhpVbnNJTVlgP9DDyabOZNxzdrCr4cHMkYYnocDdgAodnkw6GZ/GJTc
23 | depbVTR4TpihFNzeDEGJePrEwM1DouGswpu97jyuCYZ3z1a60+a+3C1GwWaJ7Aet
24 | Uqm+yLTUrMISsfnDPqJdM1NeqW3jiZ4IgcqJkieCCSpag9Xuzrp9q6rjmePvlQkv
25 | qz020JGg6VijJ+c6Tf5y0XqbAhkBTqYtVamu9gEth9utn12EhdNjTZMPKMjjgFUd
26 | H0N6yOEuQMl4ky7RxZBM0iPyeob6i4z2LEQilgv9MQ==
27 | -----END CERTIFICATE-----
28 |
--------------------------------------------------------------------------------
/api/testdata/ca2-key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PRIVATE KEY-----
2 | MHcCAQEEILOI+Ox7VUA+HaiOuAbBtf1IOXffEsOoI/443rTOPzD5oAoGCCqGSM49
3 | AwEHoUQDQgAEoY1dLpXLl1bN5p8GFqOKrYu8C7QF0OLCMlfoiJInE6XI+PKlxXx+
4 | KlwasHd9zxV1HA4YtHifkrAL9u0CvrbdOg==
5 | -----END EC PRIVATE KEY-----
6 |
--------------------------------------------------------------------------------
/api/testdata/ca2.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICYjCCAgigAwIBAgIIB/ijVOdMMDMwCgYIKoZIzj0EAwIwgYIxCzAJBgNVBAYT
3 | AlVTMRUwEwYDVQQKEwxDRlNTTCBURVNUIDIxGzAZBgNVBAsTEkNGU1NMIFRlc3Qg
4 | Um9vdCBDQTETMBEGA1UEBxMKQ2FsaWZvcm5pYTETMBEGA1UECBMKQ2FsaWZvcm5p
5 | YTEVMBMGA1UEAxMMQ0ZTU0wgVEVTVCAyMB4XDTE1MDQwNjIzNTkwMFoXDTIwMDQw
6 | NDIzNTkwMFowgYIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxDRlNTTCBURVNUIDIx
7 | GzAZBgNVBAsTEkNGU1NMIFRlc3QgUm9vdCBDQTETMBEGA1UEBxMKQ2FsaWZvcm5p
8 | YTETMBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEAxMMQ0ZTU0wgVEVTVCAyMFkw
9 | EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoY1dLpXLl1bN5p8GFqOKrYu8C7QF0OLC
10 | MlfoiJInE6XI+PKlxXx+KlwasHd9zxV1HA4YtHifkrAL9u0CvrbdOqNmMGQwDgYD
11 | VR0PAQH/BAQDAgAGMBIGA1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFGNz0lWe
12 | 3YnOP5PykkQ+ZVcHCZp2MB8GA1UdIwQYMBaAFGNz0lWe3YnOP5PykkQ+ZVcHCZp2
13 | MAoGCCqGSM49BAMCA0gAMEUCIQCuxcZqp9vyJ8mH9eFS9cvMAbTildshZJYn7QB6
14 | 8WDscAIga1np4tMDrsIynHrmYI1GnD/TgmUi4ElBNoyUnob+B+U=
15 | -----END CERTIFICATE-----
16 |
--------------------------------------------------------------------------------
/api/testdata/ca_key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCxGnXFJ8gOgP/j
3 | QGjgeWzewWfh1q/k2DFtkalXIYXt0kj27R4ScvgFQayw9pQUtYLzcJnG6NQSIR8T
4 | Sgpf646GEa/f6PnFJM0zvribZ5KI3ndx1m0rTl2HCr25Lwu2Mo5B43WZDmqaKrEE
5 | x2OQqAyxXDmUwKChgqjnuRooXJfN2k1UPOrD6m0daa420NCMrepPkxrTqZg+YgZi
6 | EhlgtjugkaD1kRo1HQYjDjMhPklGw2JpJvnBMvBprSf/i8snJWMslxiYkG9laPyD
7 | 61or4Lgg27+Ma7H5uawL2GrXi1s5pM0Cf80TSo3ygfBxEESp850Rh1mTEjk1Y+Io
8 | 1b9D4B5dAgMBAAECggEAKHhjcSomDSptTwDo9mLI/h40HudwSlsc8GzYxZBjinUD
9 | N2n39T9QbeMUE1xFenX/9qFEgq+xxnLLJx1EQacSapCgIAqdCO/f9HMgvGJumdg8
10 | c0cMq1i9Bp7tu+OESZ5D48qWlOM2eQRIb08g8W11eRIaFmPuUPoKnuktkQuXpPJc
11 | YbS/+JuA8SDwe6sV0cMCQuS+iHFfeGwWCKrDUkhLwcL3waW3od2XFyOeFFWFhl0h
12 | HmM/mWKRuRdqR7hrmArTwFZVkB+o/1ywVYXIv+JQm0eNZ5PKLNJGL2f5oxbMR/JI
13 | AoK0bAlJmYaFp96h1KpbPwLEL/0hHSWA7sAyJIgQAQKBgQDaEAZor/w4ZUTekT1+
14 | cbId0yA+ikDXQOfXaNCSh9Pex+Psjd5zVVOqyVFJ29daRju3d7rmpN4Cm5V4h0l1
15 | /2ad207rjCAnpCHtaddJWNyJzF2IL2IaoCZQRp0k7zOjBGQpoWDTwBaEin5CCv3P
16 | kkdQkKz6FDP1xskHSLZr21/QCQKBgQDP6jXutEgGjf3yKpMFk/69EamJdon8clbt
17 | hl7cOyWtobnZhdOWVZPe00Oo3Jag2aWgFFsm3EtwnUCnR4d4+fXRKS2LkhfIUZcz
18 | cKy17Ileggdd8UGhL4RDrF/En9tJL86WcVkcoOrqLcGB2FLWrVhVpHFK74eLMCH/
19 | uc/+ioPItQKBgHYoDsD08s7AGMQcoNx90MyWVLduhFnegoFW+wUa8jOZzieka6/E
20 | wVQeR5yksZjpy3vLNYu6M83n7eLkM2rrm/fXGHlLcTTpm7SgEBZfPwivotKjEh5p
21 | PrlqucWEk082lutz1RqHz+u7e1Rfzk2F7nx6GDBdeBYpw03eGXJx6QW5AoGBAIJq
22 | 4puyAEAET1fZNtHX7IGCk7sDXTi6LCbgE57HhzHr8V0t4fQ6CABMuvMwM1gATjEk
23 | s6yjoLqqGUUUzDipanViBAy5fiuManC868lN7zkWDTLzQ3ytBqVAee4na/DziP27
24 | ae9YTSLJwskE/alloLRP6zTbHUXE0n7LelmrX1DFAoGBAMFLl+Lu+WFgCHxBjn43
25 | rHpJbQZQmsFhAMhkN4hsj6dJfAGn2gRLRiVRAika+8QF65xMZiVQWUVSUZADWERi
26 | 0SXGjzN1wYxO3Qzy3LYwws6fxFAq5lo79eb38yFT2lHdqK3x/QgiDSRVl+R6cExV
27 | xQB518/lp2eIeMpglWByDwJX
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/api/testdata/cert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIB7jCCAVmgAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD
3 | bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTEyMDkwNzIyMDAwNFoXDTEzMDkwNzIy
4 | MDUwNFowJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGd
5 | MAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEAm6f+jkP2t5q/vM0YAUZZkhq/EAYD+L1C
6 | MS59jJOLomfDnKUWOGKi/k7URBg1HNL3vm7/ESDazZWFy9l/nibWxNkSUPkQIrvr
7 | GsNivkRUzXkwgNX8IN8LOYAQ3BWxAqitXTpLjf4FeCTB6G59v9eYlAX3kicXRdY+
8 | cqhEvLFbu3MCAwEAAaMyMDAwDgYDVR0PAQH/BAQDAgCgMA0GA1UdDgQGBAQBAgME
9 | MA8GA1UdIwQIMAaABAECAwQwCwYJKoZIhvcNAQEFA4GBABndWRIcfi+QB9Sakr+m
10 | dYnXTgYCnFio53L2Z+6EHTGG+rEhWtUEGhL4p4pzXX4siAnjWvwcgXTo92cafcfi
11 | uB7wRfK+NL9CTJdpN6cdL+fiNHzH8hsl3bj1nL0CSmdn2hkUWVLbLhSgWlib/I8O
12 | aq+K7aVrgHkPnWeRiG6tl+ZA
13 | -----END CERTIFICATE-----
14 |
--------------------------------------------------------------------------------
/api/testdata/csr.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIB0jCCAVcCAQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMR0wGwYDVQQDExRjbG91ZGZsYXJl
5 | LWludGVyLmNvbTB2MBAGByqGSM49AgEGBSuBBAAiA2IABCFZIzSRsH9xdF1iR+8k
6 | ElbcbqAYnYuSTbEOxYcREHGRJd2/v9YhetEwWNmIuisCbgOpyBO9zyFxsnzYU4cO
7 | A/AomW2nJEP7n4M9g8r8clhQz8y6+013jP9MEqf4pqMVnqBLMEkGCSqGSIb3DQEJ
8 | DjE8MDowOAYDVR0RBDEwL4IUY2xvdWRmbGFyZS1pbnRlci5jb22CF3d3d2Nsb3Vk
9 | ZmxhcmUtaW50ZXIuY29tMAoGCCqGSM49BAMDA2kAMGYCMQD6kSGGc3/DeFAWrPUX
10 | qSlnTTm57DpzUoHQE306DfbFB6DFfoORNM5Z98chnZ+Ell4CMQCzYhOvIh3+GPGF
11 | MuYYIAfQV2JG+n7pjfpJ+X1Ee2bOtA4ZO39P9/FTEtJUXt+Ivqw=
12 | -----END CERTIFICATE REQUEST-----
13 |
--------------------------------------------------------------------------------
/api/testdata/leaf.key:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEpAIBAAKCAQEA0C6SSsXfuse2IV8+6hSYqSPQdoQwZ5BYQnSxuKylArCrMXx8
3 | JGHrJP6Pj7GxRmH40v9u9VwZvcrQOm8yUTuzAEf2Kd3uvXmVKJb2vc0BopsflpSE
4 | OLEuddTSHlHgdVHylqpbzB7ZrmyXXuWTtTFEaGmPVUmWcOBOy6pc/7hZv7HkTjaH
5 | LQu/uohic/NjO0oJaaUwds6muwTCNSmMvtvoP51pyQJeuZjYIoWnnu+/DbtZYmH4
6 | 4VbHD0U+uSNKLZa4beWqDq5ZDwQvEVkuLqL331awzgIf0a4bhP+uc1kdWXZ8V+8a
7 | Bbqtq6g6o9HdrzgNRR+9S3EvEelCrxuWw9FQ3QIDAQABAoIBAQDFQ5vzplQ9lIgM
8 | T0g6XpHZk8oww0lqmOhI8HKG33Dsf6N4HNE1WGOMhnpaWrH0U1mH9eqaLE9n/Aob
9 | lMpFFyCin42uVlGm0NJ5x7K+Xsex4POpp8kyPxIbLTJ88HCUOrZ39a1OWd1C3jsA
10 | /OFdy/VaSsw6sKQRCTsg2amN1o2UibDJYVW47ycv9cwjk/GEzzOSq32a9o6g6Gwd
11 | g3ycroIaxhDlGjS5l0IZ/ozhN+AS5dYcPgJRsYD/jTBqTSzIW2ePrcheznoRcgLK
12 | bb+UVQC+PZX8kycCcerPbcGc2YcBpZgmIkCj85+ITFt/BhH7+TSH9G7F8LTKAaJg
13 | qlYKF14BAoGBAPz8Jx0vAcv/4zIfCckuNy3kVu4PHBTMTBO5+tUg6CZgktRrroiV
14 | +Zq1lCuj2/Px3Lx9oaUie52iV5xgmEEax77xa1rVezY1PhGSFmngHqfumUJf8EEB
15 | snlAUpwBHvWU9B9OxKOHRrD9Y9ptXcBK30ZHLJT4t5JvbHVrKZF2J82hAoGBANKp
16 | ue+dOafhgc1F/ThD2VLuIi6Garf1pqNG3OMugMfieHAmr1RRYWwFErLoijt9dpe9
17 | gXVecUm1KO4/0ZkR+7YDzUSifXvcizaw+XqjrtFerrz+Yao4gZssFnw/sLc2pbWm
18 | 1DHWxRnmh6MyHEEiA0KxElgutswhP8GIKN7INOG9AoGAR1sD2Upp8lVBiuCQTQtZ
19 | CvutvUXLwN4C00mQw06dzD1PDNU2jFXo6kcu/MQiBQOCJDQ3RLGeNk8U8QmZyDs6
20 | fdPwWNWABEEuOZx/7+sEGo/E8KDIzj0hTuvioRf72H7kAHSiKBG+0asW4AQa/mLf
21 | 6R2oKHiipo4BBHluZxXxkiECgYEAuYXnzfH0+LhMi+77VjXKipJVYAvYqDGak2iw
22 | 1xH5MA9uabZn6iXRWkQNd6n7MvEHJBMsk6ScuIDmjwt9FwUTW/R1LeC8CfzsTToG
23 | O88zAggUczTD5hjlazakhr/AbVmfDh7h+RJferPe+AYFhAbkQDOZKDfbnGIbt+Cl
24 | va0rhTECgYAFb38TvJmEIzB1/nZ7sKbFmr2pYgzBqspQcprws6gZlWydd4OoTZiv
25 | QzSBDi3tGt07yJuntVlbuI6qejhFMmonGZuntNTvTZMmx2+W/F8EGByfWpLtB9W5
26 | S+tx5/0d4MhOYHlt0EcdC7j881swY9LCrc/EOqg1O4BlTJ5+UJer+Q==
27 | -----END RSA PRIVATE KEY-----
28 |
--------------------------------------------------------------------------------
/api/testdata/leaf.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDfDCCAwKgAwIBAgIIUYJhG37C300wCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
10 | ANAukkrF37rHtiFfPuoUmKkj0HaEMGeQWEJ0sbispQKwqzF8fCRh6yT+j4+xsUZh
11 | +NL/bvVcGb3K0DpvMlE7swBH9ind7r15lSiW9r3NAaKbH5aUhDixLnXU0h5R4HVR
12 | 8paqW8we2a5sl17lk7UxRGhpj1VJlnDgTsuqXP+4Wb+x5E42hy0Lv7qIYnPzYztK
13 | CWmlMHbOprsEwjUpjL7b6D+dackCXrmY2CKFp57vvw27WWJh+OFWxw9FPrkjSi2W
14 | uG3lqg6uWQ8ELxFZLi6i999WsM4CH9GuG4T/rnNZHVl2fFfvGgW6rauoOqPR3a84
15 | DUUfvUtxLxHpQq8blsPRUN0CAwEAAaOBgTB/MA4GA1UdDwEB/wQEAwIApDASBgNV
16 | HRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBShnoK2Oquaq/XjlNBMxs5yPTSJvjAf
17 | BgNVHSMEGDAWgBRB+YoiUjIm34/wBwHdJGE4Wufs/DAZBgNVHREEEjAQgg5jZnNz
18 | bC1sZWFmLmNvbTAKBggqhkjOPQQDAwNoADBlAjAhMWEJzBwuN5bVACPCAoVPSWI2
19 | +0DQi4Tu6sBNQl+dsyO+FPyA3+aYc0NgnBwcj+0CMQC7JOdfdWJPZj6rOAXvGV3I
20 | jGJRHZmu5q5K+9teIK1b9mustpnDJgniKAHtBGecXy4=
21 | -----END CERTIFICATE-----
22 |
--------------------------------------------------------------------------------
/auth/testdata/authrequest.json:
--------------------------------------------------------------------------------
1 | {"token": "tSU1WTE/322iXrOBfJSQ9/u1dleqpwUmCj1LXYHw07Y=", "request": "ewoJImhvc3RuYW1lIjogImt5bGVpc29tLm5ldCIsCgkicmVxdWVzdCI6ICItLS0tLUJFR0lOIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQoJICAgIE1JSUQwVENDQWpzQ0FRQXdZREVMTUFrR0ExVUVCaE1DVlZNeEVqQVFCZ05WQkFvVENXUnliM0J6YjI1a1pURVEKCSAgICBNQTRHQTFVRUN4TUhRMFl0UTJoaGRERVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeVlXNWphWE5qYnpFVE1CRUdBMVVFCgkgICAgQ0JNS1EyRnNhV1p2Y201cFlUQ0NBYUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0dQQURDQ0FZb0NnZ0dCQU1jQwoJICAgIEdCbDVMVHJla0dGV2hvdGtkYlorUjFNbG9hcld4UXY5alA0QWVrdDhVT2ljeXBIdkZPNnhPdFN3SG8rcjMyaUUKCSAgICBxblM1eXYvMDFQMk1KdXlxbmRuY1RTTXNPbFQvN242N1RNMDB1MDFLLzljL3NvZ0tFS2pseXBsVFA3eUZkRy9jCgkgICAgT3UvOXFLYi9KYWxkMndFTEZZRTZ4cTJSREZ5eHlpWk9CM2c3WjdGeGE1ZDZhZGZHUndaek50VUw0LzhzK0x5aQoJICAgIHFkdzlJMWZrUWQ2MDRwb1pGTjB3clFzNGxmaFdUVWZnMHJIdWg1d2dHS1AzVnpacGJ0OEZiMXZOamZiSHRvaHgKCSAgICBHMlBDVTZKeStEYzFiU2ZVeldjUW5lbnA4NThXNEY4ejdwRjV5YmRuRlIzMTNIam9zcVhuRzI4eklUck9hZE1UCgkgICAgSGFKNnpPaGdFYWZVT1dYT3pqTm9mRkJGYTJJdUNBVCtJVFJZMXRDL2dxcHhHd0gveXVWTjE5Qkc4VXBuMCtIQQoJICAgIGllMm1LQ0hmU0JBS1QvWGU0dW1QZWF4U2JJcVdzVzhjaytkM2I0b3I5Ulp2NWNaUmNUM29pa0p0K1NRRzY5cFcKCSAgICA0T0FiYitBQnNzL05JdXJpNnowZTdERWVJTDV6bXlTSnFkdFlIZE5ZTjcrK3Y5eEJOc0w0SXNVNklFeTMrUUlECgkgICAgQVFBQm9DNHdMQVlKS29aSWh2Y05BUWtPTVI4d0hUQWJCZ05WSFJFRUZEQVNnaEJqWmk1a2NtOXdjMjl1WkdVdQoJICAgIGJtVjBNQXNHQ1NxR1NJYjNEUUVCREFPQ0FZRUFoTUFxQmlySStrMWFVM2xmQUdRaVNtOHl0T3paaWozODloSXIKCSAgICBuVXA4K1duVHVWVGI4WFozL1YrTDlFblRJbUY2dTF3ZWFqWGQzU3VlNDk1NzBMYlltSXV4QmtHcDUwL0JkVUR6CgkgICAgdUI2eHNoaEpXczEySnhVYjkxSW1tMGJUUncyek1xZXdnYTZmdHpaL0FLNG1zeFFBMlVJYmNXWmRzS2J1TTdzbwoJICAgIEpUZlZXOWlPd3FIdC82NFpqNHRCWmY5THpPRHI3a051S0tMbndqaXpIMTg3eGZJSWhkcmpGOFdTN0g5QVBCMU8KCSAgICBTdUVVRGZxaDBTV1IzbHRXdUF1VVdlbzZTS2NIVnVzeS9HNFlFK1BCeXcxZVY3RzRTYmVHNVowbytHT1VVSy9GCgkgICAgYjU1R21XMXhhNExBcnMxQSt6ZUZidkovQkFwc2JVMmI2V1ZtTmE3V3BIejdXWElGT0p1WUpnRWtWS1BKbkt1cwoJICAgIHFxczNGZ1VxejBadjdUSzhtTWlFVEpvWFpzNnpDdk15c1FldTNKL29qZ3RBanZNaHpRYzZQUy9udk90SmRJZysKCSAgICBIMHFYNDlmaHAxQnJZeXNsYWx6UUlGMCtIMHFTVWV5b1V5VjJ3YkxCQUxhcHhNZnZUVmxoTnduYWN0Y0tReHE0CgkgICAgK3dUKzJQVEowYk0vNUFWMFRPMVNQVDBBVmlKaAoJICAgIC0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLSIsCgkicHJvZmlsZSI6ICIiLAoJInJlbW90ZSI6ICIiLAoJImxhYmVsIjogInByaW1hcnkiCn0KCg=="}
--------------------------------------------------------------------------------
/auth/testdata/request.json:
--------------------------------------------------------------------------------
1 | {
2 | "hostname": "kyleisom.net",
3 | "request": "-----BEGIN CERTIFICATE REQUEST-----
4 | MIID0TCCAjsCAQAwYDELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCWRyb3Bzb25kZTEQ
5 | MA4GA1UECxMHQ0YtQ2hhdDEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UE
6 | CBMKQ2FsaWZvcm5pYTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMcC
7 | GBl5LTrekGFWhotkdbZ+R1MloarWxQv9jP4Aekt8UOicypHvFO6xOtSwHo+r32iE
8 | qnS5yv/01P2MJuyqndncTSMsOlT/7n67TM00u01K/9c/sogKEKjlyplTP7yFdG/c
9 | Ou/9qKb/Jald2wELFYE6xq2RDFyxyiZOB3g7Z7Fxa5d6adfGRwZzNtUL4/8s+Lyi
10 | qdw9I1fkQd604poZFN0wrQs4lfhWTUfg0rHuh5wgGKP3VzZpbt8Fb1vNjfbHtohx
11 | G2PCU6Jy+Dc1bSfUzWcQnenp858W4F8z7pF5ybdnFR313HjosqXnG28zITrOadMT
12 | HaJ6zOhgEafUOWXOzjNofFBFa2IuCAT+ITRY1tC/gqpxGwH/yuVN19BG8Upn0+HA
13 | ie2mKCHfSBAKT/Xe4umPeaxSbIqWsW8ck+d3b4or9RZv5cZRcT3oikJt+SQG69pW
14 | 4OAbb+ABss/NIuri6z0e7DEeIL5zmySJqdtYHdNYN7++v9xBNsL4IsU6IEy3+QID
15 | AQABoC4wLAYJKoZIhvcNAQkOMR8wHTAbBgNVHREEFDASghBjZi5kcm9wc29uZGUu
16 | bmV0MAsGCSqGSIb3DQEBDAOCAYEAhMAqBirI+k1aU3lfAGQiSm8ytOzZij389hIr
17 | nUp8+WnTuVTb8XZ3/V+L9EnTImF6u1weajXd3Sue49570LbYmIuxBkGp50/BdUDz
18 | uB6xshhJWs12JxUb91Imm0bTRw2zMqewga6ftzZ/AK4msxQA2UIbcWZdsKbuM7so
19 | JTfVW9iOwqHt/64Zj4tBZf9LzODr7kNuKKLnwjizH187xfIIhdrjF8WS7H9APB1O
20 | SuEUDfqh0SWR3ltWuAuUWeo6SKcHVusy/G4YE+PByw1eV7G4SbeG5Z0o+GOUUK/F
21 | b55GmW1xa4LArs1A+zeFbvJ/BApsbU2b6WVmNa7WpHz7WXIFOJuYJgEkVKPJnKus
22 | qqs3FgUqz0Zv7TK8mMiETJoXZs6zCvMysQeu3J/ojgtAjvMhzQc6PS/nvOtJdIg+
23 | H0qX49fhp1BrYyslalzQIF0+H0qSUeyoUyV2wbLBALapxMfvTVlhNwnactcKQxq4
24 | +wT+2PTJ0bM/5AV0TO1SPT0AViJh
25 | -----END CERTIFICATE REQUEST-----",
26 | "profile": "",
27 | "remote": "",
28 | "label": "primary"
29 | }
30 |
31 |
--------------------------------------------------------------------------------
/bundler/doc.go:
--------------------------------------------------------------------------------
1 | // Package bundler provides an API for creating certificate bundles,
2 | // which contain a trust chain of certificates. Generally, the bundles
3 | // will also include the private key (but this is not strictly
4 | // required). In this package, a bundle refers to a certificate with
5 | // full trust chain -- all certificates in the chain in one file or
6 | // buffer.
7 | //
8 | // The first step in creating a certificate bundle is to create a
9 | // Bundler. A Bundler must be created from a pre-existing certificate
10 | // authority bundle and an intermediate certificate bundle. Once the
11 | // Bundler is initialised, bundles may be created using a variety of
12 | // methods: from PEM- or DER-encoded files, directly from the relevant
13 | // Go structures, or by starting with the certificate from a remote
14 | // system. These functions return a Bundle value, which may be
15 | // serialised to JSON.
16 | package bundler
17 |
--------------------------------------------------------------------------------
/bundler/testdata/bad-bundle.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICsDCCAjegAwIBAgIIDmHBNS+T0F8wCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIxG/fG9
10 | y/gjlAXvB77beERLbBooN98FGFAxVUA5IglylvgmfNxUmI8mM2Uw9tzOLm9vORAr
11 | aSSM4/6iSpCJreCjgYEwfzAOBgNVHQ8BAf8EBAMCAKQwEgYDVR0TAQH/BAgwBgEB
12 | /wIBATAdBgNVHQ4EFgQU4t+cr91ma5IxOPeiezgN8W9FBNowHwYDVR0jBBgwFoAU
13 | QfmKIlIyJt+P8AcB3SRhOFrn7PwwGQYDVR0RBBIwEIIOY2Zzc2wtbGVhZi5jb20w
14 | CgYIKoZIzj0EAwMDZwAwZAIwYQWcWr79DPrIBnphpHZPuxnGust6NtD0aSffB1cF
15 | NlYtggjJZDbLijAgD0Bwi3THAjA639xrNxVgc/LkJcHfSRhs8Jhv9cxQxIVf3g8w
16 | 6tBymEgJ6L8aIPGgXNRJGs7FmPs=
17 | -----END CERTIFICATE-----
18 | -----BEGIN CERTIFICATE-----
19 | MIICzzCCAlSgAwIBAgIIbOxERQylZJMwCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
20 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
21 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
22 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
23 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
24 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
25 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
26 | dWRmbGFyZS1sZWFmLmNvbTB2MBAGByqGSM49AgEGBSuBBAAiA2IABNYivDDh3Iik
27 | kb+3/Oocity4JQXmxLP2njZThYNtR4y7Bxixp05KLoq8gtazyccDklueu4OWFnpm
28 | kjyqPQ+0MIf/BJKoA4Q4iNiCN/ZfF690LR/pZPrMRZuWSGVb2890L6OBgTB/MA4G
29 | A1UdDwEB/wQEAwIApDASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBTiTQoJ
30 | uFODtNnEnbYaxy+He8lO+DAfBgNVHSMEGDAWgBRB+YoiUjIm34/wBwHdJGE4Wufs
31 | /DAZBgNVHREEEjAQgg5jZnNzbC1sZWFmLmNvbTAKBggqhkjOPQQDAwNpADBmAjEA
32 | q/sUd8AQAornMMiLZ5spBu+g6x6qx66wNPw9WE5a+T0hndHJsAqads5ndW7/5fuo
33 | AjEAiQ9wR1ugYaY56mj9UfjCZbwvo19unlB+CTLr48fh/RhvX6xjnpWXxJeXzU3G
34 | GhTH
35 | -----END CERTIFICATE-----
36 |
--------------------------------------------------------------------------------
/bundler/testdata/ca-bundle.crt.metadata:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "name":"Chrome Browser M39",
4 | "weight": 0,
5 | "hash_algo": "SHA2",
6 | "key_algo": "ECDSA256",
7 | "hash_algo_expiry": {
8 | "target": "SHA1",
9 | "effective_date": "2014-09-26T00:00:00Z",
10 | "expiry_deadline": "2017-01-01T00:00:00Z"
11 | }
12 | },
13 | {
14 | "name":"Chrome Browser M40",
15 | "weight": 0,
16 | "hash_algo": "SHA2",
17 | "key_algo": "ECDSA256",
18 | "hash_algo_expiry": {
19 | "target": "SHA1",
20 | "effective_date": "2014-09-26T00:00:00Z",
21 | "expiry_deadline": "2016-06-01T00:00:00Z"
22 | }
23 | },
24 | {
25 | "name":"Chrome Browser M41 and later",
26 | "weight": 0,
27 | "hash_algo": "SHA2",
28 | "key_algo": "ECDSA256",
29 | "hash_algo_expiry": {
30 | "target": "SHA1",
31 | "effective_date": "2014-09-26T00:00:00Z",
32 | "expiry_deadline": "2016-01-01T00:00:00Z"
33 | }
34 | },
35 | {
36 | "name":"Mozilla",
37 | "weight": 99,
38 | "hash_algo": "SHA2",
39 | "key_algo": "ECDSA256",
40 | "keystore": "nss.pem"
41 | },
42 | {
43 | "name":"OSX",
44 | "weight": 99,
45 | "hash_algo": "SHA2",
46 | "key_algo": "ECDSA256",
47 | "keystore": "osx.pem"
48 | },
49 | {
50 | "name":"Android 2.2 Froyo",
51 | "weight": 1,
52 | "hash_algo": "SHA2",
53 | "key_algo": "RSA",
54 | "keystore": "froyo.pem"
55 | }
56 | ]
57 |
--------------------------------------------------------------------------------
/bundler/testdata/ca.key:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIICXAIBAAKBgQCbp/6OQ/a3mr+8zRgBRlmSGr8QBgP4vUIxLn2Mk4uiZ8OcpRY4
3 | YqL+TtREGDUc0ve+bv8RINrNlYXL2X+eJtbE2RJQ+RAiu+saw2K+RFTNeTCA1fwg
4 | 3ws5gBDcFbECqK1dOkuN/gV4JMHobn2/15iUBfeSJxdF1j5yqES8sVu7cwIDAQAB
5 | AoGBALZOnnBV3aLRlnw04kar9MCQnvLPeNteHyanQtjg/oxqZ8sR9+J2dFzSSv6u
6 | M5bc6Nmb+xY+msZqt9g3l6bN6n+qCvNnLauIY/YPjd577uMTpx/QTOQSK8oc5Dhi
7 | WgdU8GCtUmY+LE8qYx2NFitKCN4hubdrI76c+rnezIPVncZRAkEA9T5+vlfwk/Zl
8 | DOte+JtbXx3RtXKFJPMirOFqNVp1qnIlUm8XtBW6760ugiNYbVbGHgbd8JsZnkPH
9 | NC17TNLVJwJBAKJ7pDlJ2mvVr0cLrFhjAibz45dOipt8B4+dKtDIEuqbtKzJCGuP
10 | SCk4X2SgYz0gC5kH62S7rn6Bsa9lM98dztUCQASdLWNFYkhWXWZV006YFar/c5+X
11 | TPv5+xAHmajxT79qMFuRrX983Sx/NJ3MLnC4LjgIZwqM0HmSyt+nb2dtnAcCQCKi
12 | nIUhuw+Vg0FvuZM1t7W581/DfERckfgJFqFepLmh60eRqtvStR0kSSFYFw9mj1JV
13 | n9XfM/j/iHLM7du3rOkCQAw9R64yjcIBwcoSQxW/dr0Q9j+SnYgt+EhyXYXT30DS
14 | DdOJ06GXtb/P0peFBp26BnQU4CSS75yseZ1TdB4ZqaA=
15 | -----END RSA PRIVATE KEY-----
16 |
--------------------------------------------------------------------------------
/bundler/testdata/ca.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICyDCCAjGgAwIBAgIJAPCgd7rafQZGMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
3 | BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
4 | c2NvMRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQLDAtERVZfVEVTVElORzEW
5 | MBQGA1UEAwwNQ0ZTU0xfVEVTVF9DQTAeFw0xNDA0MTExNjQyMjBaFw0yNDA0MDgx
6 | NjQyMjBaMH0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYD
7 | VQQHDA1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQL
8 | DAtERVZfVEVTVElORzEWMBQGA1UEAwwNQ0ZTU0xfVEVTVF9DQTCBnzANBgkqhkiG
9 | 9w0BAQEFAAOBjQAwgYkCgYEAm6f+jkP2t5q/vM0YAUZZkhq/EAYD+L1CMS59jJOL
10 | omfDnKUWOGKi/k7URBg1HNL3vm7/ESDazZWFy9l/nibWxNkSUPkQIrvrGsNivkRU
11 | zXkwgNX8IN8LOYAQ3BWxAqitXTpLjf4FeCTB6G59v9eYlAX3kicXRdY+cqhEvLFb
12 | u3MCAwEAAaNQME4wHQYDVR0OBBYEFLhe765nULfW8wflar5Vs2c6DZI+MB8GA1Ud
13 | IwQYMBaAFLhe765nULfW8wflar5Vs2c6DZI+MAwGA1UdEwQFMAMBAf8wDQYJKoZI
14 | hvcNAQEFBQADgYEABYqqOUq3ZrtMYaTAoeA7Cr/OBMjBV+/TiOe8fRNoPZ7+aKSg
15 | E1baohCGqougm+/XOtBXeLv5tVQihz/2iKdwHmX4HjkxzevAXyazjxeW4IDA21Jl
16 | fKd7xUJHM0Du/opoDkXWr/vRVztOB33ndlAK7ruSLfTR3E9HoUe3aRH7ceQ=
17 | -----END CERTIFICATE-----
18 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-ecdsa256.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIBkTCCATcCAQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRwwGgYDVQQDExNjbG91ZGZsYXJl
5 | LWxlYWYuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjEb98b3L+COUBe8H
6 | vtt4REtsGig33wUYUDFVQDkiCXKW+CZ83FSYjyYzZTD23M4ub285ECtpJIzj/qJK
7 | kImt4KBJMEcGCSqGSIb3DQEJDjE6MDgwNgYDVR0RBC8wLYITY2xvdWRmbGFyZS1s
8 | ZWFmLmNvbYIWd3d3Y2xvdWRmbGFyZS1sZWFmLmNvbTAKBggqhkjOPQQDAgNIADBF
9 | AiEA+hlls8mNtLv47Rr8B7dGGKCDa1/qLHectmhdAnyrTVwCIFnAgTgiPAerNAct
10 | KjOJZdHDuaBGeu5o+5SLD232m/2E
11 | -----END CERTIFICATE REQUEST-----
12 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-ecdsa256.key:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PRIVATE KEY-----
2 | MHcCAQEEIC2qaVydr67HuwWMrPQ3ljCVSsnbV7HbN78KqEX6a0GuoAoGCCqGSM49
3 | AwEHoUQDQgAEjEb98b3L+COUBe8Hvtt4REtsGig33wUYUDFVQDkiCXKW+CZ83FSY
4 | jyYzZTD23M4ub285ECtpJIzj/qJKkImt4A==
5 | -----END EC PRIVATE KEY-----
6 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-ecdsa256.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICsDCCAjegAwIBAgIIDmHBNS+T0F8wCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIxG/fG9
10 | y/gjlAXvB77beERLbBooN98FGFAxVUA5IglylvgmfNxUmI8mM2Uw9tzOLm9vORAr
11 | aSSM4/6iSpCJreCjgYEwfzAOBgNVHQ8BAf8EBAMCAKQwEgYDVR0TAQH/BAgwBgEB
12 | /wIBATAdBgNVHQ4EFgQU4t+cr91ma5IxOPeiezgN8W9FBNowHwYDVR0jBBgwFoAU
13 | QfmKIlIyJt+P8AcB3SRhOFrn7PwwGQYDVR0RBBIwEIIOY2Zzc2wtbGVhZi5jb20w
14 | CgYIKoZIzj0EAwMDZwAwZAIwYQWcWr79DPrIBnphpHZPuxnGust6NtD0aSffB1cF
15 | NlYtggjJZDbLijAgD0Bwi3THAjA639xrNxVgc/LkJcHfSRhs8Jhv9cxQxIVf3g8w
16 | 6tBymEgJ6L8aIPGgXNRJGs7FmPs=
17 | -----END CERTIFICATE-----
18 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-ecdsa384.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIBzjCCAVQCAQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRwwGgYDVQQDExNjbG91ZGZsYXJl
5 | LWxlYWYuY29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE1iK8MOHciKSRv7f86hyK
6 | 3LglBebEs/aeNlOFg21HjLsHGLGnTkouiryC1rPJxwOSW567g5YWemaSPKo9D7Qw
7 | h/8EkqgDhDiI2II39l8Xr3QtH+lk+sxFm5ZIZVvbz3QvoEkwRwYJKoZIhvcNAQkO
8 | MTowODA2BgNVHREELzAtghNjbG91ZGZsYXJlLWxlYWYuY29tghZ3d3djbG91ZGZs
9 | YXJlLWxlYWYuY29tMAoGCCqGSM49BAMDA2gAMGUCMF4FEJtaKJXcrj6ZHxtFGWp2
10 | IIBmMKRctjcQLm46S6toh9oT/TQGvIYBTiyYmxWhVgIxANsA3GzCIPSiwhKiBFxv
11 | 026lKuw4Ci9mlH4pJ7cJnCgSmxHP6jr8O+XovT7SzN1zag==
12 | -----END CERTIFICATE REQUEST-----
13 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-ecdsa384.key:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PRIVATE KEY-----
2 | MIGkAgEBBDAEwBewBsRvgqvyy/aJ0NsoTqkbwFeu3bL6rLxLGcxCfKzlOYz5te8j
3 | BR4cPZbv5WOgBwYFK4EEACKhZANiAATWIrww4dyIpJG/t/zqHIrcuCUF5sSz9p42
4 | U4WDbUeMuwcYsadOSi6KvILWs8nHA5JbnruDlhZ6ZpI8qj0PtDCH/wSSqAOEOIjY
5 | gjf2XxevdC0f6WT6zEWblkhlW9vPdC8=
6 | -----END EC PRIVATE KEY-----
7 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-ecdsa384.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICzzCCAlSgAwIBAgIIbOxERQylZJMwCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTB2MBAGByqGSM49AgEGBSuBBAAiA2IABNYivDDh3Iik
10 | kb+3/Oocity4JQXmxLP2njZThYNtR4y7Bxixp05KLoq8gtazyccDklueu4OWFnpm
11 | kjyqPQ+0MIf/BJKoA4Q4iNiCN/ZfF690LR/pZPrMRZuWSGVb2890L6OBgTB/MA4G
12 | A1UdDwEB/wQEAwIApDASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBTiTQoJ
13 | uFODtNnEnbYaxy+He8lO+DAfBgNVHSMEGDAWgBRB+YoiUjIm34/wBwHdJGE4Wufs
14 | /DAZBgNVHREEEjAQgg5jZnNzbC1sZWFmLmNvbTAKBggqhkjOPQQDAwNpADBmAjEA
15 | q/sUd8AQAornMMiLZ5spBu+g6x6qx66wNPw9WE5a+T0hndHJsAqads5ndW7/5fuo
16 | AjEAiQ9wR1ugYaY56mj9UfjCZbwvo19unlB+CTLr48fh/RhvX6xjnpWXxJeXzU3G
17 | GhTH
18 | -----END CERTIFICATE-----
19 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-ecdsa521.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIICGDCCAXoCAQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRwwGgYDVQQDExNjbG91ZGZsYXJl
5 | LWxlYWYuY29tMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBKd1KqqCaXulFe8vW
6 | Ed2vEoDKaEaLUijangPSSovty8hOqecN1rBDb8nIdQ0HOE6u57x+II0T6ju+dtXl
7 | 7G5qwGMBCtxdUXXsRSSedw2irlJ2DqoiOaXByo0w6pK9ggAYd3BNdR4Nrzx3+N76
8 | TKfNqIyhczbUiQUp51e2m/foPs4r3qigSTBHBgkqhkiG9w0BCQ4xOjA4MDYGA1Ud
9 | EQQvMC2CE2Nsb3VkZmxhcmUtbGVhZi5jb22CFnd3d2Nsb3VkZmxhcmUtbGVhZi5j
10 | b20wCgYIKoZIzj0EAwQDgYsAMIGHAkFlyII6rIxYiv7S5RwwMi8G0qACjrbb1SMa
11 | oZA9vG+3G/SRcr5WmzKYgG09OjLT61KYfXu4mybdXXlXzHbx07llRgJCAKRuWU3O
12 | 3elclbkZvAGduasj3sj0Uee3nLG0YmDvz95sZPIp5JH54naeF4KKF6NJQF/rl9TW
13 | BHa3MZqM3JM7vMkI
14 | -----END CERTIFICATE REQUEST-----
15 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-ecdsa521.key:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PRIVATE KEY-----
2 | MIHcAgEBBEIBnn+dzn3tVUMj9s3nRs8I7waob9iLi/QhsIj5leFRj44hbWGwfymm
3 | OHLJR1jIG8VzyYaNssSPo7ioMpgOpX+R14+gBwYFK4EEACOhgYkDgYYABAEp3Uqq
4 | oJpe6UV7y9YR3a8SgMpoRotSKNqeA9JKi+3LyE6p5w3WsENvych1DQc4Tq7nvH4g
5 | jRPqO7521eXsbmrAYwEK3F1RdexFJJ53DaKuUnYOqiI5pcHKjTDqkr2CABh3cE11
6 | Hg2vPHf43vpMp82ojKFzNtSJBSnnV7ab9+g+ziveqA==
7 | -----END EC PRIVATE KEY-----
8 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-ecdsa521.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIC9TCCAnqgAwIBAgIIUbwCGeeEj4AwCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEASndSqqg
10 | ml7pRXvL1hHdrxKAymhGi1Io2p4D0kqL7cvITqnnDdawQ2/JyHUNBzhOrue8fiCN
11 | E+o7vnbV5exuasBjAQrcXVF17EUknncNoq5Sdg6qIjmlwcqNMOqSvYIAGHdwTXUe
12 | Da88d/je+kynzaiMoXM21IkFKedXtpv36D7OK96oo4GBMH8wDgYDVR0PAQH/BAQD
13 | AgCkMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFDYrMNrJaqxCJjszycul
14 | XPsseU/yMB8GA1UdIwQYMBaAFEH5iiJSMibfj/AHAd0kYTha5+z8MBkGA1UdEQQS
15 | MBCCDmNmc3NsLWxlYWYuY29tMAoGCCqGSM49BAMDA2kAMGYCMQCKWeIUGeuvt9kb
16 | 5DtYw3++X5m7Nxf8CE67BuyoLV/3OpmTpo0Qp2LnapyXP63hAY8CMQCm1P3S/6+S
17 | U6oMFvMrpAcIFm6B1TtuTnSRGx89eZqoCdEJHVZuBWRyFABBnkKSf0Q=
18 | -----END CERTIFICATE-----
19 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-rsa2048.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIDGDCCAgICAQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRwwGgYDVQQDExNjbG91ZGZsYXJl
5 | LWxlYWYuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0C6SSsXf
6 | use2IV8+6hSYqSPQdoQwZ5BYQnSxuKylArCrMXx8JGHrJP6Pj7GxRmH40v9u9VwZ
7 | vcrQOm8yUTuzAEf2Kd3uvXmVKJb2vc0BopsflpSEOLEuddTSHlHgdVHylqpbzB7Z
8 | rmyXXuWTtTFEaGmPVUmWcOBOy6pc/7hZv7HkTjaHLQu/uohic/NjO0oJaaUwds6m
9 | uwTCNSmMvtvoP51pyQJeuZjYIoWnnu+/DbtZYmH44VbHD0U+uSNKLZa4beWqDq5Z
10 | DwQvEVkuLqL331awzgIf0a4bhP+uc1kdWXZ8V+8aBbqtq6g6o9HdrzgNRR+9S3Ev
11 | EelCrxuWw9FQ3QIDAQABoEkwRwYJKoZIhvcNAQkOMTowODA2BgNVHREELzAtghNj
12 | bG91ZGZsYXJlLWxlYWYuY29tghZ3d3djbG91ZGZsYXJlLWxlYWYuY29tMAsGCSqG
13 | SIb3DQEBCwOCAQEAguCRmg2XzRlcq6neK/IdHZb+EeXSPo1BXsXrhzZZTpDTw4pC
14 | Kp+L9tG97t46rnlhRpwqY8zL/sXxBAlRB3G+VpsgLQzt18Gq0ZGBTjAHZBOeraKS
15 | /GMzig241SNvvvqEQR540TAZnzRgJzGJxCGQkhaXKIrGoh6yqiiTUkn5iu+K737U
16 | wX5xa09OdUnOc6MBbHFaynyWHZYjXzKv7zuZE+0VKjyKnLuHtRw8AS7zX/TkRf39
17 | mgIp/hg3ZjWKTKDzudfMRVYS6nsbufViDTsOd7jMJa393H/wtKN2F+GyN8EIvuNt
18 | eVECUulWhbugcCAv3qgpiTgyx0eDSLBu9Ct/Kg==
19 | -----END CERTIFICATE REQUEST-----
20 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-rsa2048.key:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEpAIBAAKCAQEA0C6SSsXfuse2IV8+6hSYqSPQdoQwZ5BYQnSxuKylArCrMXx8
3 | JGHrJP6Pj7GxRmH40v9u9VwZvcrQOm8yUTuzAEf2Kd3uvXmVKJb2vc0BopsflpSE
4 | OLEuddTSHlHgdVHylqpbzB7ZrmyXXuWTtTFEaGmPVUmWcOBOy6pc/7hZv7HkTjaH
5 | LQu/uohic/NjO0oJaaUwds6muwTCNSmMvtvoP51pyQJeuZjYIoWnnu+/DbtZYmH4
6 | 4VbHD0U+uSNKLZa4beWqDq5ZDwQvEVkuLqL331awzgIf0a4bhP+uc1kdWXZ8V+8a
7 | Bbqtq6g6o9HdrzgNRR+9S3EvEelCrxuWw9FQ3QIDAQABAoIBAQDFQ5vzplQ9lIgM
8 | T0g6XpHZk8oww0lqmOhI8HKG33Dsf6N4HNE1WGOMhnpaWrH0U1mH9eqaLE9n/Aob
9 | lMpFFyCin42uVlGm0NJ5x7K+Xsex4POpp8kyPxIbLTJ88HCUOrZ39a1OWd1C3jsA
10 | /OFdy/VaSsw6sKQRCTsg2amN1o2UibDJYVW47ycv9cwjk/GEzzOSq32a9o6g6Gwd
11 | g3ycroIaxhDlGjS5l0IZ/ozhN+AS5dYcPgJRsYD/jTBqTSzIW2ePrcheznoRcgLK
12 | bb+UVQC+PZX8kycCcerPbcGc2YcBpZgmIkCj85+ITFt/BhH7+TSH9G7F8LTKAaJg
13 | qlYKF14BAoGBAPz8Jx0vAcv/4zIfCckuNy3kVu4PHBTMTBO5+tUg6CZgktRrroiV
14 | +Zq1lCuj2/Px3Lx9oaUie52iV5xgmEEax77xa1rVezY1PhGSFmngHqfumUJf8EEB
15 | snlAUpwBHvWU9B9OxKOHRrD9Y9ptXcBK30ZHLJT4t5JvbHVrKZF2J82hAoGBANKp
16 | ue+dOafhgc1F/ThD2VLuIi6Garf1pqNG3OMugMfieHAmr1RRYWwFErLoijt9dpe9
17 | gXVecUm1KO4/0ZkR+7YDzUSifXvcizaw+XqjrtFerrz+Yao4gZssFnw/sLc2pbWm
18 | 1DHWxRnmh6MyHEEiA0KxElgutswhP8GIKN7INOG9AoGAR1sD2Upp8lVBiuCQTQtZ
19 | CvutvUXLwN4C00mQw06dzD1PDNU2jFXo6kcu/MQiBQOCJDQ3RLGeNk8U8QmZyDs6
20 | fdPwWNWABEEuOZx/7+sEGo/E8KDIzj0hTuvioRf72H7kAHSiKBG+0asW4AQa/mLf
21 | 6R2oKHiipo4BBHluZxXxkiECgYEAuYXnzfH0+LhMi+77VjXKipJVYAvYqDGak2iw
22 | 1xH5MA9uabZn6iXRWkQNd6n7MvEHJBMsk6ScuIDmjwt9FwUTW/R1LeC8CfzsTToG
23 | O88zAggUczTD5hjlazakhr/AbVmfDh7h+RJferPe+AYFhAbkQDOZKDfbnGIbt+Cl
24 | va0rhTECgYAFb38TvJmEIzB1/nZ7sKbFmr2pYgzBqspQcprws6gZlWydd4OoTZiv
25 | QzSBDi3tGt07yJuntVlbuI6qejhFMmonGZuntNTvTZMmx2+W/F8EGByfWpLtB9W5
26 | S+tx5/0d4MhOYHlt0EcdC7j881swY9LCrc/EOqg1O4BlTJ5+UJer+Q==
27 | -----END RSA PRIVATE KEY-----
28 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-rsa2048.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDfDCCAwKgAwIBAgIIUYJhG37C300wCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
10 | ANAukkrF37rHtiFfPuoUmKkj0HaEMGeQWEJ0sbispQKwqzF8fCRh6yT+j4+xsUZh
11 | +NL/bvVcGb3K0DpvMlE7swBH9ind7r15lSiW9r3NAaKbH5aUhDixLnXU0h5R4HVR
12 | 8paqW8we2a5sl17lk7UxRGhpj1VJlnDgTsuqXP+4Wb+x5E42hy0Lv7qIYnPzYztK
13 | CWmlMHbOprsEwjUpjL7b6D+dackCXrmY2CKFp57vvw27WWJh+OFWxw9FPrkjSi2W
14 | uG3lqg6uWQ8ELxFZLi6i999WsM4CH9GuG4T/rnNZHVl2fFfvGgW6rauoOqPR3a84
15 | DUUfvUtxLxHpQq8blsPRUN0CAwEAAaOBgTB/MA4GA1UdDwEB/wQEAwIApDASBgNV
16 | HRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBShnoK2Oquaq/XjlNBMxs5yPTSJvjAf
17 | BgNVHSMEGDAWgBRB+YoiUjIm34/wBwHdJGE4Wufs/DAZBgNVHREEEjAQgg5jZnNz
18 | bC1sZWFmLmNvbTAKBggqhkjOPQQDAwNoADBlAjAhMWEJzBwuN5bVACPCAoVPSWI2
19 | +0DQi4Tu6sBNQl+dsyO+FPyA3+aYc0NgnBwcj+0CMQC7JOdfdWJPZj6rOAXvGV3I
20 | jGJRHZmu5q5K+9teIK1b9mustpnDJgniKAHtBGecXy4=
21 | -----END CERTIFICATE-----
22 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-rsa3072.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIEGDCCAoICAQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRwwGgYDVQQDExNjbG91ZGZsYXJl
5 | LWxlYWYuY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA9xYBDoV2
6 | tPx8lqZ/bH/wLvoPsg1/CXeknvRcNuxw1gu6c3IJBrKZlkFtiU6Y8FADiUBOVab/
7 | Y0cQ/9EdeB2srPH4M5KNiPdWZPgxARWnRq5Ez8pvVASP2E2Zya1UnH5iJBau8e6S
8 | wBl8UaXnGwcA+CUv+FXcZtdoFh0Lqt3AdItQOkHVjSE6Cfiv5lsSW0ikMcoHFOHN
9 | ps4/9A4A/griT5lRDqQIycN7WD2k4+aKVreCWxbSteU35yIDJV6PGUtw8k41arJ+
10 | kwuwYM3+YklR0Dsj0RxXn07oLqnf6IeNUogGhNVO7RvLdpfvrhlevHVXmmYj40fk
11 | GjU15KkZOKigMw/gDInI6Sc2jp8oPX9tjkaQYkF2t7AWOq01lh5TleMIoBFUqVcy
12 | +X/qejla0JaKCEyt/fiPUo7/SgucyFl8GrKfSdELUOKx5Vr2ZZ48QSfIlXle+tGt
13 | FD0AYUsO0ud0wclW5C+g8E27raTuR4RaZOj8/pmB7XNDszwxQ/97dBRpAgMBAAGg
14 | STBHBgkqhkiG9w0BCQ4xOjA4MDYGA1UdEQQvMC2CE2Nsb3VkZmxhcmUtbGVhZi5j
15 | b22CFnd3d2Nsb3VkZmxhcmUtbGVhZi5jb20wCwYJKoZIhvcNAQEMA4IBgQAKrSiJ
16 | qfeYzFQgCx+lj2rTDdGbiB9JoIamyTULWoN4WCxwS8KJWFQXOf4SkibHNLMMqBFY
17 | RpU/5mvjXVrKboNgzp6+QoWpdN/AHu6ldFz+o3Imna1yEscGZA7Qfie5hrf9kePe
18 | PCPEqnsG8j9qyip3W3p9/SsM2xUaei+YGVmAyzpXlYq0WZGsz+wVJ2zc6ZcxzTsC
19 | HN8cYafVR0ZmhruRUjhRM9mI+XXFYjk11lNo907Hue5n1acvqofz4RID2rx4e2nq
20 | 2DH4HZ1UvPDx93FJmMu/c8vLyMz17wPXCaC2M1SeVdXQeGg7JETvL95hJ++o3vLL
21 | /QJehGooK7Rcht4lc1logn6tQYNyRpIKiN6Bb+lBujTzVT461yPTk8D9xY0+jHIO
22 | nKXIXKVkoXXiL70aR0ZCviHx4sNOSZyqwhwiUedNP0rAacbk7AY4cdJWSHvcVH3/
23 | qKlTkwOyr5AGX/SK/JTDvVjQWW95OI4a1xqEMlCN5jMOrQFwa181JMx4cmM=
24 | -----END CERTIFICATE REQUEST-----
25 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-rsa3072.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIID/DCCA4KgAwIBAgIIFVfMGJwEBdcwCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB
10 | APcWAQ6FdrT8fJamf2x/8C76D7INfwl3pJ70XDbscNYLunNyCQaymZZBbYlOmPBQ
11 | A4lATlWm/2NHEP/RHXgdrKzx+DOSjYj3VmT4MQEVp0auRM/Kb1QEj9hNmcmtVJx+
12 | YiQWrvHuksAZfFGl5xsHAPglL/hV3GbXaBYdC6rdwHSLUDpB1Y0hOgn4r+ZbEltI
13 | pDHKBxThzabOP/QOAP4K4k+ZUQ6kCMnDe1g9pOPmila3glsW0rXlN+ciAyVejxlL
14 | cPJONWqyfpMLsGDN/mJJUdA7I9EcV59O6C6p3+iHjVKIBoTVTu0by3aX764ZXrx1
15 | V5pmI+NH5Bo1NeSpGTiooDMP4AyJyOknNo6fKD1/bY5GkGJBdrewFjqtNZYeU5Xj
16 | CKARVKlXMvl/6no5WtCWighMrf34j1KO/0oLnMhZfBqyn0nRC1DiseVa9mWePEEn
17 | yJV5XvrRrRQ9AGFLDtLndMHJVuQvoPBNu62k7keEWmTo/P6Zge1zQ7M8MUP/e3QU
18 | aQIDAQABo4GBMH8wDgYDVR0PAQH/BAQDAgCkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
19 | HQYDVR0OBBYEFFRI3nOBTv9Gq7OQNv8dWdCiysNQMB8GA1UdIwQYMBaAFEH5iiJS
20 | Mibfj/AHAd0kYTha5+z8MBkGA1UdEQQSMBCCDmNmc3NsLWxlYWYuY29tMAoGCCqG
21 | SM49BAMDA2gAMGUCMQDAZV84hdNMZORoY35qBjTBSDfgZH2RN7EQHBr01G3rRfrr
22 | 0pfr7IGqmUfC8ca/Dc0CMDM0Gk9ulfiXhBg/Ewzpru8UVX6/hgbhPnH9GiGq/8XZ
23 | 5HC9JXjnDj10F8BHD11QzQ==
24 | -----END CERTIFICATE-----
25 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-rsa4096.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIFGDCCAwICAQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRwwGgYDVQQDExNjbG91ZGZsYXJl
5 | LWxlYWYuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtY3sRFA2
6 | cmwm4bEttx1TVRENJnd1re3fiR8YccUPcnmZ3uNY1sfnaEiHfTsxk10hbLOo24de
7 | YAZSC6w4W1ErGZnPO21kTrdlKUysmqfwLcjLGvTj7/3HKnbpfFQx3sV91+InI5HP
8 | 141mn78/Zgw22SZizysbn1x0QpnjK9WFZLdY6o7hNkAp53Jx9g85PiRROcLh+EH6
9 | WMkxUUKx9zie0MPydFkiBlR+nGZ9SO5DGPKJGPVk7YF5n2XQNBWUXUq+cLqisAkS
10 | Op7FB1AryMiQCLVp6FATt/CRXA0O3d0hd9HirnLU6QMf6SgguYzFw/VjWF7AoCdX
11 | gNhtAo8hB5wR3/srInRhDz2YKhcTC8F6gUErCXKY6QF8QV8I8H10/Drp2MJwlxW1
12 | 9AfmSFogIs/Y5KPn0kMmcUhtMtMtx1xa21OdmbgD0vbMFE6cqoKdSYfImhK5tKfa
13 | xgQu/jPlshBztYp6jXtlfcYVQ4rcnHM/hqm6HJO4hh55U6wrw3OGv/HSfwjs63oS
14 | JJgqLzs8WWVJKahWozCotyAGrIF+/mCcsciMm7NsWWWsPizB275nDWh1t4zhUq3W
15 | P4A46klZqF2UuNCkxJsh4Dgz8C2xMReRmPkDN/hTE9iOPAunk8xL1dqtooLxGSKf
16 | oO4YLlBgEqYottodEFG3LUEycps65m4eIAkCAwEAAaBJMEcGCSqGSIb3DQEJDjE6
17 | MDgwNgYDVR0RBC8wLYITY2xvdWRmbGFyZS1sZWFmLmNvbYIWd3d3Y2xvdWRmbGFy
18 | ZS1sZWFmLmNvbTALBgkqhkiG9w0BAQ0DggIBAIry/y2+Q9mLxlNZz7mKemrqj5Iz
19 | b+0IyaM6uReys6O1YcRf2KfnZ4TtURRa1ehjqOJsyYpLFEtzvATS9SktrcL/YnvL
20 | kWctJWEGJ0PJvhMpAy0uZy9uwI7moltcDtr1HdOG2riqfbhxTY+/g8mFhqWl5vFj
21 | S+ok7sSnztN0NQmDpXfuAVZIQQwEioeSDrcT2EcCf4ltuB23wzTMYqhflHZucEB6
22 | eDr+7n8zcv4pXHvING6yR5G8eklR79zjlxO9QadNBjCWVllz9c37FMk6CvANfGLs
23 | YbIJTXYVPdmbyKMuYzIzgL1RiqTX4WNUVI1AputdGXytGkNPl7KbVvHsyp/A6tLR
24 | fZu6WW2NwjDC2s6HBYseo8huEIwG8zXV2Et1+yGZB6YHsw5Jv6W4UHD7pgpMiacg
25 | G4FOex7h66tTPGGHKmuouumCoGf2Zyr7oVeixx8OHwrl/tzoiyRzcmqZ+wW7IJA1
26 | Nx8exenau8Kq+lCkj8dJObYNZNEQ7Hljo5w2ATChTXYaJYc49KOoSKd3d/YyVqIQ
27 | Qoeq+MTmxQuDcWbNZCgDnQZEPqW4Imv1cFApPH0t5JCRSutd7WNnNtC+kSPcXYhc
28 | NV71ovaHrio/7bXeNYKxJoYrfTe2mxMwrsnfuCwK2TgrfAL9yVQ+pfn2StopJOaN
29 | iznpt2q5PEkYOJEj
30 | -----END CERTIFICATE REQUEST-----
31 |
--------------------------------------------------------------------------------
/bundler/testdata/cfssl-leaf-rsa4096.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEezCCBAKgAwIBAgIIZP3PePNium4wCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
10 | ALWN7ERQNnJsJuGxLbcdU1URDSZ3da3t34kfGHHFD3J5md7jWNbH52hIh307MZNd
11 | IWyzqNuHXmAGUgusOFtRKxmZzzttZE63ZSlMrJqn8C3Iyxr04+/9xyp26XxUMd7F
12 | fdfiJyORz9eNZp+/P2YMNtkmYs8rG59cdEKZ4yvVhWS3WOqO4TZAKedycfYPOT4k
13 | UTnC4fhB+ljJMVFCsfc4ntDD8nRZIgZUfpxmfUjuQxjyiRj1ZO2BeZ9l0DQVlF1K
14 | vnC6orAJEjqexQdQK8jIkAi1aehQE7fwkVwNDt3dIXfR4q5y1OkDH+koILmMxcP1
15 | Y1hewKAnV4DYbQKPIQecEd/7KyJ0YQ89mCoXEwvBeoFBKwlymOkBfEFfCPB9dPw6
16 | 6djCcJcVtfQH5khaICLP2OSj59JDJnFIbTLTLcdcWttTnZm4A9L2zBROnKqCnUmH
17 | yJoSubSn2sYELv4z5bIQc7WKeo17ZX3GFUOK3JxzP4apuhyTuIYeeVOsK8Nzhr/x
18 | 0n8I7Ot6EiSYKi87PFllSSmoVqMwqLcgBqyBfv5gnLHIjJuzbFllrD4swdu+Zw1o
19 | dbeM4VKt1j+AOOpJWahdlLjQpMSbIeA4M/AtsTEXkZj5Azf4UxPYjjwLp5PMS9Xa
20 | raKC8Rkin6DuGC5QYBKmKLbaHRBRty1BMnKbOuZuHiAJAgMBAAGjgYEwfzAOBgNV
21 | HQ8BAf8EBAMCAKQwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUliwSq0YZ
22 | SDgIUZ7+1t5Ntzb8sYkwHwYDVR0jBBgwFoAUQfmKIlIyJt+P8AcB3SRhOFrn7Pww
23 | GQYDVR0RBBIwEIIOY2Zzc2wtbGVhZi5jb20wCgYIKoZIzj0EAwMDZwAwZAIwGTkD
24 | /FuSQ+VDGKZ8UM6kYAFS30rvi5/vScTIkAFmAISfyJF63Puk7gesDzkzV0uNAjAZ
25 | QPl9/aXIud70gp7SRmTEWtqc2sohR2UT2OBw6neTVxxM6GWZqAGTZCu7++Z2fDw=
26 | -----END CERTIFICATE-----
27 |
--------------------------------------------------------------------------------
/bundler/testdata/dsa2048.key:
--------------------------------------------------------------------------------
1 | -----BEGIN DSA PRIVATE KEY-----
2 | MIIDPQIBAAKCAQEA27xa+d5kAGDnxWkmZON9rNHw73/M4cwKpKGMpxGEdMt+u7wB
3 | Nt6tCH0v6dHo6726L6YUopxSzKahtzngxmT8G/P2dcbiVUm6r2N1T7zX5+9tnwWY
4 | PcpexdX/mXUnoB1yNHSckDiG0k5EGlQTTFXmg22aChvINIFaoEdR5IW3fOdiIX0z
5 | NWUBQ6eezsFuoy1anIb9WjOcCtmdvjPFtWdmZwGVfUp/CmJ+720GijTmsRB3dCqp
6 | QoxsFC+BtbtOtgX7pKPPsmICaYTgDqaY6Oc2HyWvS6xnl5uaHa33sFz9EisIy48n
7 | UbajWnLN8+bqSb+iIbR9xKxe1NRUO5rvJtXCmQIVAK2dU+z5hzWPAnuHp19T9y8J
8 | Km8JAoIBABk907ebpqMBTGcJ6kQiJshgmao2zN3uUWiA3GCrdnq8JxumqoRTbsLQ
9 | sxh+nvw24U8bK94NhhoUmQHfhl1GWb4seSUygoN7NUOC9wDH9QfrEi9S9eUS07gs
10 | LQ4QEYJPbxC1Wu8MIXJ2RpuaSFh+TClsasaGK54JOwNp4Nvh3CXYfwYL1Jtt9vOc
11 | tN2tF8Rr9zQrSgZDdsJvr/cIprxhY8JB4D54Bq77D4zzULz792TKTHXyjhObL4XQ
12 | cXz8tWloYF/wC8ME64CpVOx6GveN/cy6rINLG4T9epmheVDVmM33Mg2KgY+L+V3l
13 | l3QxBX/uygjuzCmK489u+OrP4cnXxJYCggEAVl000S2oxe2zAnt+oaeHc8QUO5B4
14 | pb4k9MoLgM5AXGQQMmZcMwUaiSDe7q7FsM47ARXBI8jZkR/ZEAZuhoK/7qgo9VQV
15 | tW95SpMjesaj7LK0ocHU2djvUMzxZDWU+zkd2aJTusnbwWKwTXK64WAv97aKbf+O
16 | Avnjln3MkqfMzqR24w0ccdr8pZ9yTRyRyC6tf9G0/vnvSbZEALSsLXjuB6FIrpma
17 | 30S5KL4IR6cBIKlUHC9rf6ET3lLDFlM3B7YCVw/8VpENATd+sEez8f96lgQNcWSH
18 | 8Us611d7wGOjB6pDe7FueX+CeLFUzBEJ2YdiMRnQMVZ9nFY8i+s/KH2FFgIUeuC2
19 | 1y9hgnFoPYic5nnISNkQKP4=
20 | -----END DSA PRIVATE KEY-----
21 |
--------------------------------------------------------------------------------
/bundler/testdata/dsa2048.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIFdTCCBTWgAwIBAgIJAJfyK94Nz1yPMAkGByqGSM44BAMwcDELMAkGA1UEBhMC
3 | VVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQK
4 | EwpDbG91ZEZsYXJlMRQwEgYDVQQLEwtFbmdpbmVlcmluZzERMA8GA1UEAxMIVEVT
5 | VCBEU0EwHhcNMTQwNDEyMDUwMTUyWhcNMjQwNDA5MDUwMTUyWjBwMQswCQYDVQQG
6 | EwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNV
7 | BAoTCkNsb3VkRmxhcmUxFDASBgNVBAsTC0VuZ2luZWVyaW5nMREwDwYDVQQDEwhU
8 | RVNUIERTQTCCAzowggItBgcqhkjOOAQBMIICIAKCAQEA27xa+d5kAGDnxWkmZON9
9 | rNHw73/M4cwKpKGMpxGEdMt+u7wBNt6tCH0v6dHo6726L6YUopxSzKahtzngxmT8
10 | G/P2dcbiVUm6r2N1T7zX5+9tnwWYPcpexdX/mXUnoB1yNHSckDiG0k5EGlQTTFXm
11 | g22aChvINIFaoEdR5IW3fOdiIX0zNWUBQ6eezsFuoy1anIb9WjOcCtmdvjPFtWdm
12 | ZwGVfUp/CmJ+720GijTmsRB3dCqpQoxsFC+BtbtOtgX7pKPPsmICaYTgDqaY6Oc2
13 | HyWvS6xnl5uaHa33sFz9EisIy48nUbajWnLN8+bqSb+iIbR9xKxe1NRUO5rvJtXC
14 | mQIVAK2dU+z5hzWPAnuHp19T9y8JKm8JAoIBABk907ebpqMBTGcJ6kQiJshgmao2
15 | zN3uUWiA3GCrdnq8JxumqoRTbsLQsxh+nvw24U8bK94NhhoUmQHfhl1GWb4seSUy
16 | goN7NUOC9wDH9QfrEi9S9eUS07gsLQ4QEYJPbxC1Wu8MIXJ2RpuaSFh+TClsasaG
17 | K54JOwNp4Nvh3CXYfwYL1Jtt9vOctN2tF8Rr9zQrSgZDdsJvr/cIprxhY8JB4D54
18 | Bq77D4zzULz792TKTHXyjhObL4XQcXz8tWloYF/wC8ME64CpVOx6GveN/cy6rINL
19 | G4T9epmheVDVmM33Mg2KgY+L+V3ll3QxBX/uygjuzCmK489u+OrP4cnXxJYDggEF
20 | AAKCAQBWXTTRLajF7bMCe36hp4dzxBQ7kHilviT0yguAzkBcZBAyZlwzBRqJIN7u
21 | rsWwzjsBFcEjyNmRH9kQBm6Ggr/uqCj1VBW1b3lKkyN6xqPssrShwdTZ2O9QzPFk
22 | NZT7OR3ZolO6ydvBYrBNcrrhYC/3topt/44C+eOWfcySp8zOpHbjDRxx2vyln3JN
23 | HJHILq1/0bT++e9JtkQAtKwteO4HoUiumZrfRLkovghHpwEgqVQcL2t/oRPeUsMW
24 | UzcHtgJXD/xWkQ0BN36wR7Px/3qWBA1xZIfxSzrXV3vAY6MHqkN7sW55f4J4sVTM
25 | EQnZh2IxGdAxVn2cVjyL6z8ofYUWo4HVMIHSMB0GA1UdDgQWBBTdWYYdSWrZr5eD
26 | pf3QoSWZz0AbCDCBogYDVR0jBIGaMIGXgBTdWYYdSWrZr5eDpf3QoSWZz0AbCKF0
27 | pHIwcDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJh
28 | bmNpc2NvMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRQwEgYDVQQLEwtFbmdpbmVlcmlu
29 | ZzERMA8GA1UEAxMIVEVTVCBEU0GCCQCX8iveDc9cjzAMBgNVHRMEBTADAQH/MAkG
30 | ByqGSM44BAMDLwAwLAIUP2uvD9JJpn1e7YZ/5QJIjlXhFl8CFGfNcNS49a0bN4Md
31 | 2HTcWtoMC+5k
32 | -----END CERTIFICATE-----
33 |
--------------------------------------------------------------------------------
/bundler/testdata/empty.pem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/letsencrypt/cfssl/d88cd6e1f39f6127e4d5655cc567370c712a4866/bundler/testdata/empty.pem
--------------------------------------------------------------------------------
/bundler/testdata/inter-L1-expired.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEizCCA/agAwIBAgIISfg49he9h+AwCwYJKoZIhvcNAQELMH0xCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
4 | MRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQLDAtERVZfVEVTVElORzEWMBQG
5 | A1UEAwwNQ0ZTU0xfVEVTVF9DQTAeFw0xNDA0MTEyMjU2MzdaFw0xNDA0MTEyMzAx
6 | MzdaMIGMMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xvdWRGbGFyZTEcMBoGA1UE
7 | CxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzET
8 | MBEGA1UECBMKQ2FsaWZvcm5pYTEdMBsGA1UEAxMUY2xvdWRmbGFyZS1pbnRlci5j
9 | b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDlCnV+vj0sVPy8SqHL
10 | AlI+xwnPhWgzj2VevD6Nz1Zu1BeQ5m5y4CWCf+GmRGTP7+a/C510Fw6rpmInB0Ng
11 | xxwQ2rC08fJtCnijlGH/VjEPIHY5lRaAomcM8Rgx6JOuv9BpZJKpr9pyUMV53JeW
12 | RbWuLH5nEMdyk9NpetS2gWxt4/D20QlhK/tHkROrcLmEUddwIGdwE8JzI88c77Fu
13 | u6pgMtHKvl4GGH0yvb4T7PvCdH8V2tCH7bt8roXd9MSyFVy7uORkfouip7EsVREU
14 | mlcY5EvpR141KXbZqiOQiusJ+u76mEUQNk8wCR1/CW/ii9v1BKOVjXwCfEtIXjg0
15 | APJx1VNSSH6XoDpUETL+eQ4J0FL9XNbsDuYar7+zD0N1/5vSo3HLNRQR9f0lbsys
16 | sWBEN+CxK19xyPumr21Z0bU0f1B5H52VSF0q3I1Ju9wRo994a7YipdGcmZ2lChmT
17 | 7r3mzlBTYl3poU26q34v8wG9U7Jv4fsZJ+RGebDI+TR3QG6Yod06l9oEYZxWXBY7
18 | STOs8wuTu3huSnan/IpWnV017Vsc61D5G+QrqcxZdXckt3anZKCF75JpUnJ7vuow
19 | TmmHlb8KIMa9mOvcuGX4P6mz8gTi2arl/aL27kj9Q0Jgv/y1ebe2Bx2P9TF6+VND
20 | DL3J/vSVlFeqLt2reAIBKnytLwIDAQABo4GDMIGAMA4GA1UdDwEB/wQEAwIApDAS
21 | BgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBTXXUgpaSwO9HOrQBxGqOOSFHsH
22 | EDAfBgNVHSMEGDAWgBS4Xu+uZ1C31vMH5Wq+VbNnOg2SPjAaBgNVHREEEzARgg9j
23 | ZnNzbC1pbnRlci5jb20wCwYJKoZIhvcNAQELA4GBAJg3FejhZNUWht3AFoFz9Pmn
24 | 2B4+Rhcz3Vy2AkGTI6tNR3TkaDIejyBkeEtf4pmR480tq3xFZkCZ6BZY2f7mvRto
25 | DWo3AdXcLeYDtbDmNGJFL6mAlyG1A87n7EgUnP8hEjtiYP8dyCGJD0JOKZAy/kMq
26 | XFzYgAa1t27VSc/XkiG7
27 | -----END CERTIFICATE-----
28 |
--------------------------------------------------------------------------------
/bundler/testdata/inter-L1-sha1.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEhDCCA++gAwIBAgIIQsTa4VjjFPswCwYJKoZIhvcNAQEFMH0xCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
4 | MRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQLDAtERVZfVEVTVElORzEWMBQG
5 | A1UEAwwNQ0ZTU0xfVEVTVF9DQTAgFw0xNDA5MjMxODQ5NThaGA8yMTE0MDkyNDE4
6 | NTQ1OFowgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYD
7 | VQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
8 | MRMwEQYDVQQIEwpDYWxpZm9ybmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVy
9 | LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOUKdX6+PSxU/LxK
10 | ocsCUj7HCc+FaDOPZV68Po3PVm7UF5DmbnLgJYJ/4aZEZM/v5r8LnXQXDqumYicH
11 | Q2DHHBDasLTx8m0KeKOUYf9WMQ8gdjmVFoCiZwzxGDHok66/0Glkkqmv2nJQxXnc
12 | l5ZFta4sfmcQx3KT02l61LaBbG3j8PbRCWEr+0eRE6twuYRR13AgZ3ATwnMjzxzv
13 | sW67qmAy0cq+XgYYfTK9vhPs+8J0fxXa0Iftu3yuhd30xLIVXLu45GR+i6KnsSxV
14 | ERSaVxjkS+lHXjUpdtmqI5CK6wn67vqYRRA2TzAJHX8Jb+KL2/UEo5WNfAJ8S0he
15 | ODQA8nHVU1JIfpegOlQRMv55DgnQUv1c1uwO5hqvv7MPQ3X/m9Kjccs1FBH1/SVu
16 | zKyxYEQ34LErX3HI+6avbVnRtTR/UHkfnZVIXSrcjUm73BGj33hrtiKl0ZyZnaUK
17 | GZPuvebOUFNiXemhTbqrfi/zAb1Tsm/h+xkn5EZ5sMj5NHdAbpih3TqX2gRhnFZc
18 | FjtJM6zzC5O7eG5Kdqf8iladXTXtWxzrUPkb5CupzFl1dyS3dqdkoIXvkmlScnu+
19 | 6jBOaYeVvwogxr2Y69y4Zfg/qbPyBOLZquX9ovbuSP1DQmC//LV5t7YHHY/1MXr5
20 | U0MMvcn+9JWUV6ou3at4AgEqfK0vAgMBAAGjezB5MA4GA1UdDwEB/wQEAwIApDAT
21 | BgNVHSUEDDAKBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQW
22 | BBSIYLoYpHe4QQQb1e93UcJbFLogPzAfBgNVHSMEGDAWgBS4Xu+uZ1C31vMH5Wq+
23 | VbNnOg2SPjALBgkqhkiG9w0BAQUDgYEAXSegwl0vRG7N9FBO+9u1Neh9oeQNm5Ld
24 | U5FK1qs4BhI/F4MRW4hxN8D25B6tPMtKR93Rkeg/wGz3DPwAhvjVFCOQlzFfW0S9
25 | dEduUgl2j8ICcgLawFDp7eYsUJfcBwffGOS/RAtUG59Q52tt8FNXU9QtaKaSn/Vq
26 | mrb08gYFNzg=
27 | -----END CERTIFICATE-----
28 |
--------------------------------------------------------------------------------
/bundler/testdata/inter-L1.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIFGzCCAwUCAQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMR0wGwYDVQQDExRjbG91ZGZsYXJl
5 | LWludGVyLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOUKdX6+
6 | PSxU/LxKocsCUj7HCc+FaDOPZV68Po3PVm7UF5DmbnLgJYJ/4aZEZM/v5r8LnXQX
7 | DqumYicHQ2DHHBDasLTx8m0KeKOUYf9WMQ8gdjmVFoCiZwzxGDHok66/0Glkkqmv
8 | 2nJQxXncl5ZFta4sfmcQx3KT02l61LaBbG3j8PbRCWEr+0eRE6twuYRR13AgZ3AT
9 | wnMjzxzvsW67qmAy0cq+XgYYfTK9vhPs+8J0fxXa0Iftu3yuhd30xLIVXLu45GR+
10 | i6KnsSxVERSaVxjkS+lHXjUpdtmqI5CK6wn67vqYRRA2TzAJHX8Jb+KL2/UEo5WN
11 | fAJ8S0heODQA8nHVU1JIfpegOlQRMv55DgnQUv1c1uwO5hqvv7MPQ3X/m9Kjccs1
12 | FBH1/SVuzKyxYEQ34LErX3HI+6avbVnRtTR/UHkfnZVIXSrcjUm73BGj33hrtiKl
13 | 0ZyZnaUKGZPuvebOUFNiXemhTbqrfi/zAb1Tsm/h+xkn5EZ5sMj5NHdAbpih3TqX
14 | 2gRhnFZcFjtJM6zzC5O7eG5Kdqf8iladXTXtWxzrUPkb5CupzFl1dyS3dqdkoIXv
15 | kmlScnu+6jBOaYeVvwogxr2Y69y4Zfg/qbPyBOLZquX9ovbuSP1DQmC//LV5t7YH
16 | HY/1MXr5U0MMvcn+9JWUV6ou3at4AgEqfK0vAgMBAAGgSzBJBgkqhkiG9w0BCQ4x
17 | PDA6MDgGA1UdEQQxMC+CFGNsb3VkZmxhcmUtaW50ZXIuY29tghd3d3djbG91ZGZs
18 | YXJlLWludGVyLmNvbTALBgkqhkiG9w0BAQ0DggIBAHtSt/v+IHQmSK5UiQWwjRWA
19 | ZezIWVlJuselW8DEPNHzDtnraVhjPSFP995Cqh9fc89kx2Bt9hDhjNteTB+pJW6B
20 | aCRRZygJ6/m3Ii1XqTFgfEJBWwuIX1Req0PCW/ayegdLzzYbSZ31wRICCveBQyGw
21 | vRtzIBUeMvz9MgLJ8zx7eN7fDhrvy+Y1SkC4g0sAQTYYfM9P/He4k5hx79hmd2YC
22 | mUDAlNZV0g0dY0qR4cITmhniIFW5iZBplY7DmqooUXrj5yEga2QMj/RA16lPzHbz
23 | 7ceUlcH2L6/V6zMR/rfCiGRoWInxWSuuJhLIVLmoEo0590w6KVEZifHxsRpl4l09
24 | imvzwTSQGIrY8jF9AxOD0rRA9wXCT9h8XtBWyJZ1/DmzJG8+7oZ/HdE9XhzwNujD
25 | Q6lBOj+dznju7k/snYCZVq501JLPeql8vQrq0O/xSqSK4yN1IG4NisZeDK2BZEOy
26 | QhnKXodIKf+zXnFw86lZ/ZwHQFr6jOSxmbrZ2OiY34m7Yd9oeIaMPviysRih2x4Q
27 | O6DFz72f97+xFZuXIbmn8DPQV8U9bk/gbrfUCPnx/icS8UoPsBKc9Gio0FZO4+8A
28 | 4/ac3oeN0zy/WjsBP+J50CRUXMrRI9KO+/bI4pcT14B31YbuSo6ygIkIkj7YDh36
29 | +4ZG6HnUPQI8HteF9hzp
30 | -----END CERTIFICATE REQUEST-----
31 |
--------------------------------------------------------------------------------
/bundler/testdata/inter-L1.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEizCCA/agAwIBAgIIeM7v534l+W0wCwYJKoZIhvcNAQELMH0xCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
4 | MRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQLDAtERVZfVEVTVElORzEWMBQG
5 | A1UEAwwNQ0ZTU0xfVEVTVF9DQTAeFw0xNDA0MTEyMTIyMzdaFw0xOTA0MTEyMTI3
6 | MzdaMIGMMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xvdWRGbGFyZTEcMBoGA1UE
7 | CxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzET
8 | MBEGA1UECBMKQ2FsaWZvcm5pYTEdMBsGA1UEAxMUY2xvdWRmbGFyZS1pbnRlci5j
9 | b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDlCnV+vj0sVPy8SqHL
10 | AlI+xwnPhWgzj2VevD6Nz1Zu1BeQ5m5y4CWCf+GmRGTP7+a/C510Fw6rpmInB0Ng
11 | xxwQ2rC08fJtCnijlGH/VjEPIHY5lRaAomcM8Rgx6JOuv9BpZJKpr9pyUMV53JeW
12 | RbWuLH5nEMdyk9NpetS2gWxt4/D20QlhK/tHkROrcLmEUddwIGdwE8JzI88c77Fu
13 | u6pgMtHKvl4GGH0yvb4T7PvCdH8V2tCH7bt8roXd9MSyFVy7uORkfouip7EsVREU
14 | mlcY5EvpR141KXbZqiOQiusJ+u76mEUQNk8wCR1/CW/ii9v1BKOVjXwCfEtIXjg0
15 | APJx1VNSSH6XoDpUETL+eQ4J0FL9XNbsDuYar7+zD0N1/5vSo3HLNRQR9f0lbsys
16 | sWBEN+CxK19xyPumr21Z0bU0f1B5H52VSF0q3I1Ju9wRo994a7YipdGcmZ2lChmT
17 | 7r3mzlBTYl3poU26q34v8wG9U7Jv4fsZJ+RGebDI+TR3QG6Yod06l9oEYZxWXBY7
18 | STOs8wuTu3huSnan/IpWnV017Vsc61D5G+QrqcxZdXckt3anZKCF75JpUnJ7vuow
19 | TmmHlb8KIMa9mOvcuGX4P6mz8gTi2arl/aL27kj9Q0Jgv/y1ebe2Bx2P9TF6+VND
20 | DL3J/vSVlFeqLt2reAIBKnytLwIDAQABo4GDMIGAMA4GA1UdDwEB/wQEAwIApDAS
21 | BgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBTXXUgpaSwO9HOrQBxGqOOSFHsH
22 | EDAfBgNVHSMEGDAWgBS4Xu+uZ1C31vMH5Wq+VbNnOg2SPjAaBgNVHREEEzARgg9j
23 | ZnNzbC1pbnRlci5jb20wCwYJKoZIhvcNAQELA4GBABqJOYgV+qEgkG/BIgsGaJ/Z
24 | Neey0x0MwxPvA87e24GiYxYXX8ypR2DfLtuSjYfT0PVOWI5+3o9b3wnHhOu0aVe8
25 | YK/7XUWOakt8Jv/fE0fGs4Ps5IeMynWBgwrf/6IQWEfnf/1siCrTf0yUEn0PMGu6
26 | q2sLytoPYeibTYLuP1ED
27 | -----END CERTIFICATE-----
28 |
--------------------------------------------------------------------------------
/bundler/testdata/inter-L2-direct.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIC3TCCAkigAwIBAgIIPcD+KefD8UcwCwYJKoZIhvcNAQELMH0xCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
4 | MRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQLDAtERVZfVEVTVElORzEWMBQG
5 | A1UEAwwNQ0ZTU0xfVEVTVF9DQTAeFw0xNDA0MTIwMDA3MzhaFw0xOTA0MTIwMDE3
6 | MzhaMIGMMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xvdWRGbGFyZTEcMBoGA1UE
7 | CxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzET
8 | MBEGA1UECBMKQ2FsaWZvcm5pYTEdMBsGA1UEAxMUY2xvdWRmbGFyZS1pbnRlci5j
9 | b20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQhWSM0kbB/cXRdYkfvJBJW3G6gGJ2L
10 | kk2xDsWHERBxkSXdv7/WIXrRMFjZiLorAm4DqcgTvc8hcbJ82FOHDgPwKJltpyRD
11 | +5+DPYPK/HJYUM/MuvtNd4z/TBKn+KajFZ6jgYMwgYAwDgYDVR0PAQH/BAQDAgCk
12 | MBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFEH5iiJSMibfj/AHAd0kYTha
13 | 5+z8MB8GA1UdIwQYMBaAFLhe765nULfW8wflar5Vs2c6DZI+MBoGA1UdEQQTMBGC
14 | D2Nmc3NsLWludGVyLmNvbTALBgkqhkiG9w0BAQsDgYEAeTbzK6PFmAIWS1UQLw9L
15 | CT6xKEUUhBtaYQNOczbxQ/iUdA8HLV8l4ou0ehewX3J+hmqylfv1f1rYIkDcAMHp
16 | Lo2GfdT889wDJx+LuooBJDgLtXRvCxT7RFyKssQAsa32AJriYwxFbWNI0rkq4Ahs
17 | /gOxML7hEGLskaFRGamcFRM=
18 | -----END CERTIFICATE-----
19 |
--------------------------------------------------------------------------------
/bundler/testdata/inter-L2-sha1.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIC+zCCAmagAwIBAgIISplHJE830hMwCwYJKoZIhvcNAQEFMH0xCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
4 | MRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQLDAtERVZfVEVTVElORzEWMBQG
5 | A1UEAwwNQ0ZTU0xfVEVTVF9DQTAeFw0xNDA5MjkyMTM5NTZaFw0xNTA5MjkyMTQ0
6 | NTZaMIGMMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xvdWRGbGFyZTEcMBoGA1UE
7 | CxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzET
8 | MBEGA1UECBMKQ2FsaWZvcm5pYTEdMBsGA1UEAxMUY2xvdWRmbGFyZS1pbnRlci5j
9 | b20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQhWSM0kbB/cXRdYkfvJBJW3G6gGJ2L
10 | kk2xDsWHERBxkSXdv7/WIXrRMFjZiLorAm4DqcgTvc8hcbJ82FOHDgPwKJltpyRD
11 | +5+DPYPK/HJYUM/MuvtNd4z/TBKn+KajFZ6jgaEwgZ4wDgYDVR0PAQH/BAQDAgCg
12 | MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
13 | A1UdDgQWBBQ939xYhpjoyikg7qV0rHv10ukXVzAfBgNVHSMEGDAWgBS4Xu+uZ1C3
14 | 1vMH5Wq+VbNnOg2SPjAfBgNVHREEGDAWghRjbG91ZGZsYXJlLWludGVyLmNvbTAL
15 | BgkqhkiG9w0BAQUDgYEAjVnk7Q/SY61E4epnel+3+NDW8dSWFl4J5lNnIs81NqXX
16 | +cuXhY4gCiCmCD9u89BchhdyydqwsqCnSQHPm6Y3NZnDNnERpZw2qkPv5T0VuHJi
17 | YZ7RaZYgG+f7xWS/KbvL7bZ5IVEFBjnUgnoT2V+bFDRmIkhLxc2jCIFXWt5RPA0=
18 | -----END CERTIFICATE-----
19 |
--------------------------------------------------------------------------------
/bundler/testdata/inter-L2.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIB0jCCAVcCAQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMR0wGwYDVQQDExRjbG91ZGZsYXJl
5 | LWludGVyLmNvbTB2MBAGByqGSM49AgEGBSuBBAAiA2IABCFZIzSRsH9xdF1iR+8k
6 | ElbcbqAYnYuSTbEOxYcREHGRJd2/v9YhetEwWNmIuisCbgOpyBO9zyFxsnzYU4cO
7 | A/AomW2nJEP7n4M9g8r8clhQz8y6+013jP9MEqf4pqMVnqBLMEkGCSqGSIb3DQEJ
8 | DjE8MDowOAYDVR0RBDEwL4IUY2xvdWRmbGFyZS1pbnRlci5jb22CF3d3d2Nsb3Vk
9 | ZmxhcmUtaW50ZXIuY29tMAoGCCqGSM49BAMDA2kAMGYCMQD6kSGGc3/DeFAWrPUX
10 | qSlnTTm57DpzUoHQE306DfbFB6DFfoORNM5Z98chnZ+Ell4CMQCzYhOvIh3+GPGF
11 | MuYYIAfQV2JG+n7pjfpJ+X1Ee2bOtA4ZO39P9/FTEtJUXt+Ivqw=
12 | -----END CERTIFICATE REQUEST-----
13 |
--------------------------------------------------------------------------------
/bundler/testdata/inter-L2.key:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PRIVATE KEY-----
2 | MIGkAgEBBDAVVKPnV+KoCmQRq1zGg6n5PjjBFZdVPcKi9fNe78ZqMAMfLSfycPcS
3 | e6HJVt8ylCegBwYFK4EEACKhZANiAAQhWSM0kbB/cXRdYkfvJBJW3G6gGJ2Lkk2x
4 | DsWHERBxkSXdv7/WIXrRMFjZiLorAm4DqcgTvc8hcbJ82FOHDgPwKJltpyRD+5+D
5 | PYPK/HJYUM/MuvtNd4z/TBKn+KajFZ4=
6 | -----END EC PRIVATE KEY-----
7 |
--------------------------------------------------------------------------------
/bundler/testdata/inter-L2.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEbjCCAligAwIBAgIIeHSbZwALpoAwCwYJKoZIhvcNAQELMIGMMQswCQYDVQQG
3 | EwJVUzETMBEGA1UEChMKQ2xvdWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdp
4 | bmVlcmluZzEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZv
5 | cm5pYTEdMBsGA1UEAxMUY2xvdWRmbGFyZS1pbnRlci5jb20wHhcNMTQwNDExMjEy
6 | MjM4WhcNMTkwNDExMjEyNzM4WjCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkNs
7 | b3VkRmxhcmUxHDAaBgNVBAsTE1N5c3RlbXMgRW5naW5lZXJpbmcxFjAUBgNVBAcT
8 | DVNhbiBGcmFuY2lzY28xEzARBgNVBAgTCkNhbGlmb3JuaWExHTAbBgNVBAMTFGNs
9 | b3VkZmxhcmUtaW50ZXIuY29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEIVkjNJGw
10 | f3F0XWJH7yQSVtxuoBidi5JNsQ7FhxEQcZEl3b+/1iF60TBY2Yi6KwJuA6nIE73P
11 | IXGyfNhThw4D8CiZbackQ/ufgz2DyvxyWFDPzLr7TXeM/0wSp/imoxWeo4GDMIGA
12 | MA4GA1UdDwEB/wQEAwIApDASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBRB
13 | +YoiUjIm34/wBwHdJGE4Wufs/DAfBgNVHSMEGDAWgBTXXUgpaSwO9HOrQBxGqOOS
14 | FHsHEDAaBgNVHREEEzARgg9jZnNzbC1pbnRlci5jb20wCwYJKoZIhvcNAQELA4IC
15 | AQCaj2i8wr9r3FS8Tw5QHD+tPmryrHsiLlERVanTif9kt/fRc1/hm/pv2lTLK8kK
16 | U5Eti1jCB2T/DQGj4Z/amRndasXpUb5wTtMb9V6jN4pRfgw+C5ska9o5zFrIGJF0
17 | GbSe1VVUedJ1LH3US3a79eVGmyAwcfTRMNhn+e+uYky2VYCQIEGGQ8rZAM3TveoT
18 | N8J7Lqwtuo3DWz0IYx60DUvabpqJ+9Dl6rhTvTfyYvQK4vl2xApGf4Uo87JbNQfq
19 | q40UXfBtMaAvIPEKCyTdOVVDrfgW0DQTl7wS+Z3p6kNm0NMI53TFTbgIuU9QiPPB
20 | I5NdqISEPFW/HS5q0+zR1KdG4EmEjmpCX78s+uviHpHQloWQT9ov4KbXbf8y5Xso
21 | lv+2gcd5TVjYxPRbo3SMtGRQho5uq2BNy6Q0K0//3OE+X+v+ZDi8n4MU3uA7dGGA
22 | 7uAUZOYPzNKS7ryW3h4PZIfiI5Fv9tBNnu9O3I2UH6fHNFQQLzJPCXertPmrORjP
23 | EyCNCOhfsNwLd5Qq53cDbG1mkZro/xKDvAOx2LQcGFtmx4v1NXI204V50aSzy8vY
24 | vQnM0gEY/YxoCq3wSjc9yeUftyv2LIgJvuXjkeHkV7gQQ+jx/HY6J7fnJGSzKMKp
25 | /GPaPCNKvCY/72ik2gbmdvLbaRGeVJ07JO46YWEUrGb/1A==
26 | -----END CERTIFICATE-----
27 |
--------------------------------------------------------------------------------
/cli/bundle/bundle_test.go:
--------------------------------------------------------------------------------
1 | package bundle
2 |
--------------------------------------------------------------------------------
/cli/gencert/gencert_test.go:
--------------------------------------------------------------------------------
1 | package gencert
2 |
--------------------------------------------------------------------------------
/cli/genkey/genkey.go:
--------------------------------------------------------------------------------
1 | // Package genkey implements the genkey command.
2 | package genkey
3 |
4 | import (
5 | "encoding/json"
6 | "errors"
7 |
8 | "github.com/cloudflare/cfssl/cli"
9 | "github.com/cloudflare/cfssl/csr"
10 | cferr "github.com/cloudflare/cfssl/errors"
11 | "github.com/cloudflare/cfssl/initca"
12 | )
13 |
14 | var genkeyUsageText = `cfssl genkey -- generate a new key and CSR
15 |
16 | Usage of genkey:
17 | cfssl genkey CSRJSON
18 |
19 | Arguments:
20 | CSRJSON: JSON file containing the request, use '-' for reading JSON from stdin
21 |
22 | Flags:
23 | `
24 |
25 | var genkeyFlags = []string{"initca", "config"}
26 |
27 | func genkeyMain(args []string, c cli.Config) (err error) {
28 | csrFile, args, err := cli.PopFirstArgument(args)
29 | if err != nil {
30 | return
31 | }
32 |
33 | csrFileBytes, err := cli.ReadStdin(csrFile)
34 | if err != nil {
35 | return
36 | }
37 |
38 | req := csr.CertificateRequest{
39 | KeyRequest: csr.NewBasicKeyRequest(),
40 | }
41 | err = json.Unmarshal(csrFileBytes, &req)
42 | if err != nil {
43 | return
44 | }
45 |
46 | if c.IsCA {
47 | var key, csrPEM, cert []byte
48 | cert, csrPEM, key, err = initca.New(&req)
49 | if err != nil {
50 | return
51 | }
52 |
53 | cli.PrintCert(key, csrPEM, cert)
54 | } else {
55 | if req.CA != nil {
56 | err = errors.New("ca section only permitted in initca")
57 | return
58 | }
59 |
60 | var key, csrPEM []byte
61 | g := &csr.Generator{Validator: Validator}
62 | csrPEM, key, err = g.ProcessRequest(&req)
63 | if err != nil {
64 | key = nil
65 | return
66 | }
67 |
68 | cli.PrintCert(key, csrPEM, nil)
69 | }
70 | return nil
71 | }
72 |
73 | // Validator returns true if the csr has at least one host
74 | func Validator(req *csr.CertificateRequest) error {
75 | if len(req.Hosts) == 0 {
76 | return cferr.Wrap(cferr.PolicyError, cferr.InvalidRequest, errors.New("missing hosts field"))
77 | }
78 | return nil
79 | }
80 |
81 | // CLIGenKey is a subcommand for generating a new key and CSR from a
82 | // JSON CSR request file.
83 | var Command = &cli.Command{UsageText: genkeyUsageText, Flags: genkeyFlags, Main: genkeyMain}
84 |
--------------------------------------------------------------------------------
/cli/genkey/genkey_test.go:
--------------------------------------------------------------------------------
1 | package genkey
2 |
3 | import (
4 | "encoding/json"
5 | "os"
6 | "os/exec"
7 | "path"
8 | "testing"
9 |
10 | "github.com/cloudflare/cfssl/cli"
11 | )
12 |
13 | func TestGenkey(t *testing.T) {
14 | //testing through console
15 | gopath := os.Getenv("GOPATH")
16 | cfssl := path.Join(gopath, "bin", "cfssl")
17 | testdata := path.Join(gopath, "src", "github.com", "cloudflare", "cfssl", "testdata")
18 |
19 | out, err := exec.Command(cfssl, "genkey", path.Join(testdata, "csr.json")).Output()
20 | if err != nil {
21 | t.Fatal(err)
22 | }
23 |
24 | var response map[string]interface{}
25 | err = json.Unmarshal(out, &response)
26 | if err != nil {
27 | t.Fatal(err)
28 | }
29 |
30 | if response["key"] == nil {
31 | t.Fatal("No key is outputted.")
32 | }
33 | if response["csr"] == nil {
34 | t.Fatal("No csr is outputted.")
35 | }
36 |
37 | c := cli.Config{}
38 |
39 | err = genkeyMain([]string{path.Join(testdata, "csr.json")}, c)
40 | if err != nil {
41 | t.Fatal(err)
42 | }
43 |
44 | c.IsCA = true
45 |
46 | err = genkeyMain([]string{path.Join(testdata, "csr.json")}, c)
47 | if err != nil {
48 | t.Fatal(err)
49 | }
50 | }
51 |
--------------------------------------------------------------------------------
/cli/ocspserve/ocspserve.go:
--------------------------------------------------------------------------------
1 | // Package ocspserve implements the ocspserve function.
2 | package ocspserve
3 |
4 | import (
5 | "errors"
6 | "fmt"
7 | "net/http"
8 |
9 | "github.com/cloudflare/cfssl/cli"
10 | "github.com/cloudflare/cfssl/log"
11 | "github.com/cloudflare/cfssl/ocsp"
12 | )
13 |
14 | // Usage text of 'cfssl serve'
15 | var ocspServerUsageText = `cfssl ocspserve -- set up an HTTP server that handles OCSP requests from a file (see RFC 5019)
16 |
17 | Usage of ocspserve:
18 | cfssl ocspserve [-address address] [-port port] [-responses file]
19 |
20 | Flags:
21 | `
22 |
23 | // Flags used by 'cfssl serve'
24 | var ocspServerFlags = []string{"address", "port", "responses"}
25 |
26 | // ocspServerMain is the command line entry point to the OCSP responder.
27 | // It sets up a new HTTP server that responds to OCSP requests.
28 | func ocspServerMain(args []string, c cli.Config) error {
29 | // serve doesn't support arguments.
30 | if len(args) > 0 {
31 | return errors.New("argument is provided but not defined; please refer to the usage by flag -h")
32 | }
33 |
34 | if c.Responses == "" {
35 | return errors.New("no response file provided, please set the -responses flag")
36 | }
37 |
38 | src, err := ocsp.NewSourceFromFile(c.Responses)
39 | if err != nil {
40 | return errors.New("unable to read response file")
41 | }
42 |
43 | log.Info("Registering OCSP responder handler")
44 | http.Handle(c.Path, ocsp.Responder{Source: src})
45 |
46 | addr := fmt.Sprintf("%s:%d", c.Address, c.Port)
47 | log.Info("Now listening on ", addr)
48 | return http.ListenAndServe(addr, nil)
49 | }
50 |
51 | // CLIServer assembles the definition of Command 'serve'
52 | var Command = &cli.Command{UsageText: ocspServerUsageText, Flags: ocspServerFlags, Main: ocspServerMain}
53 |
--------------------------------------------------------------------------------
/cli/printdefault/defaults.go:
--------------------------------------------------------------------------------
1 | package printdefaults
2 |
3 | var defaults = map[string]string{
4 | "config": `{
5 | "signing": {
6 | "default": {
7 | "expiry": "168h"
8 | },
9 | "profiles": {
10 | "www": {
11 | "expiry": "8760h",
12 | "usages": [
13 | "signing",
14 | "key encipherment",
15 | "server auth"
16 | ]
17 | },
18 | "client": {
19 | "expiry": "8760h",
20 | "usages": [
21 | "signing",
22 | "key encipherment",
23 | "client auth"
24 | ]
25 | }
26 | }
27 | }
28 | }
29 | `,
30 | "csr": `{
31 | "CN": "example.net",
32 | "hosts": [
33 | "example.net",
34 | "www.example.net"
35 | ],
36 | "key": {
37 | "algo": "rsa",
38 | "size": 2048
39 | },
40 | "names": [
41 | {
42 | "C": "US",
43 | "L": "CA",
44 | "ST": "San Francisco"
45 | }
46 | ]
47 | }
48 | `,
49 | }
50 |
--------------------------------------------------------------------------------
/cli/printdefault/printdefault.go:
--------------------------------------------------------------------------------
1 | package printdefaults
2 |
3 | import (
4 | "fmt"
5 |
6 | "github.com/cloudflare/cfssl/cli"
7 | )
8 |
9 | var printDefaultsUsage = `cfssl print-defaults -- print default configurations that can be used as a template
10 |
11 | Usage of print-defaults:
12 | cfssl print-defaults TYPE
13 |
14 | If "list" is used as the TYPE, the list of supported types will be printed.
15 | `
16 |
17 | func printAvailable() {
18 | fmt.Println("Default configurations are available for:")
19 | for name := range defaults {
20 | fmt.Println("\t" + name)
21 | }
22 | }
23 |
24 | func printDefaults(args []string, c cli.Config) (err error) {
25 | arg, args, err := cli.PopFirstArgument(args)
26 | if err != nil {
27 | return
28 | }
29 |
30 | if arg == "list" {
31 | printAvailable()
32 | } else {
33 | if config, ok := defaults[arg]; !ok {
34 | printAvailable()
35 | } else {
36 | fmt.Println(config)
37 | }
38 | }
39 |
40 | return
41 | }
42 |
43 | // Command is exported for use by the CLI.
44 | var Command = &cli.Command{
45 | UsageText: printDefaultsUsage,
46 | Flags: []string{},
47 | Main: printDefaults,
48 | }
49 |
--------------------------------------------------------------------------------
/cli/scan/scan.go:
--------------------------------------------------------------------------------
1 | package scan
2 |
3 | import (
4 | "encoding/json"
5 | "fmt"
6 |
7 | "github.com/cloudflare/cfssl/cli"
8 | "github.com/cloudflare/cfssl/scan"
9 | )
10 |
11 | var scanUsageText = `cfssl scan -- scan a host for issues
12 | Usage of scan:
13 | cfssl scan [-family regexp] [-scanner regexp] [-timeout duration] [-ip IPAddr] HOST+
14 | cfssl scan -list
15 |
16 | Arguments:
17 | HOST: Host(s) to scan (including port)
18 | Flags:
19 | `
20 | var scanFlags = []string{"list", "family", "scanner", "timeout", "ip"}
21 |
22 | func printJSON(v interface{}) {
23 | b, err := json.MarshalIndent(v, "", " ")
24 | if err != nil {
25 | fmt.Println(err)
26 | }
27 | fmt.Printf("%s\n\n", b)
28 | }
29 |
30 | func scanMain(args []string, c cli.Config) (err error) {
31 | if c.List {
32 | printJSON(scan.Default)
33 | } else {
34 | // Execute for each HOST argument given
35 | for len(args) > 0 {
36 | var host string
37 | host, args, err = cli.PopFirstArgument(args)
38 | if err != nil {
39 | return
40 | }
41 |
42 | fmt.Printf("Scanning %s...\n", host)
43 |
44 | var results map[string]scan.FamilyResult
45 | results, err = scan.Default.RunScans(host, c.IP, c.Family, c.Scanner, c.Timeout)
46 | if err != nil {
47 | return
48 | }
49 | if results != nil {
50 | printJSON(results)
51 | }
52 | }
53 | }
54 | return
55 | }
56 |
57 | // Command assembles the definition of Command 'scan'
58 | var Command = &cli.Command{UsageText: scanUsageText, Flags: scanFlags, Main: scanMain}
59 |
--------------------------------------------------------------------------------
/cli/scan/scan_test.go:
--------------------------------------------------------------------------------
1 | package scan
2 |
--------------------------------------------------------------------------------
/cli/selfsign/selfsign_test.go:
--------------------------------------------------------------------------------
1 | package selfsign
2 |
--------------------------------------------------------------------------------
/cli/serve/README.md:
--------------------------------------------------------------------------------
1 | ## Compiling and serving static files using esc
2 |
3 | ```
4 | go install github.com/mjibson/esc
5 |
6 | # Compile changes to static files
7 | cd $GOPATH/src/github.com/cloudflare/cfssl
8 | esc -pkg serve -prefix cli/serve/static cli/serve/static > cli/serve/static.go
9 |
10 | # Build and run CFSSL
11 | go build ./cmd/cfssl/...
12 | ./cfssl serve
13 | ```
14 |
--------------------------------------------------------------------------------
/cli/serve/serve_test.go:
--------------------------------------------------------------------------------
1 | package serve
2 |
3 | import (
4 | "net/http"
5 | "net/http/httptest"
6 | "os"
7 | "testing"
8 |
9 | rice "github.com/GeertJohan/go.rice"
10 | )
11 |
12 | func TestServe(t *testing.T) {
13 | registerHandlers()
14 | ts := httptest.NewServer(http.DefaultServeMux)
15 | defer ts.Close()
16 | expected := make(map[string]int)
17 | for endpoint := range v1Endpoints {
18 | expected[v1APIPath(endpoint)] = http.StatusOK
19 | }
20 |
21 | err := rice.MustFindBox(staticDir).Walk("", func(path string, info os.FileInfo, err error) error {
22 | if err != nil {
23 | return err
24 | }
25 |
26 | if !info.IsDir() {
27 | expected["/"+path] = http.StatusOK
28 | }
29 | return nil
30 | })
31 | if err != nil {
32 | t.Error(err)
33 | }
34 |
35 | // Disabled endpoints should return '404 Not Found'
36 | expected[v1APIPath("sign")] = http.StatusNotFound
37 | expected[v1APIPath("authsign")] = http.StatusNotFound
38 | expected[v1APIPath("newcert")] = http.StatusNotFound
39 | expected[v1APIPath("info")] = http.StatusNotFound
40 | expected[v1APIPath("ocspsign")] = http.StatusNotFound
41 |
42 | // Enabled endpoints should return '405 Method Not Allowed'
43 | expected[v1APIPath("init_ca")] = http.StatusMethodNotAllowed
44 | expected[v1APIPath("newkey")] = http.StatusMethodNotAllowed
45 | expected[v1APIPath("bundle")] = http.StatusMethodNotAllowed
46 |
47 | // POST-only endpoints should return '400 Bad Request'
48 | expected[v1APIPath("scan")] = http.StatusBadRequest
49 |
50 | // Non-existent endpoints should return '404 Not Found'
51 | expected["/bad_endpoint"] = http.StatusNotFound
52 |
53 | for endpoint, status := range expected {
54 | resp, err := http.Get(ts.URL + endpoint)
55 | if err != nil {
56 | t.Error(err)
57 | }
58 | if resp.StatusCode != status {
59 | t.Fatalf("%s: '%s' (expected '%s')", endpoint, resp.Status, http.StatusText(status))
60 | }
61 | }
62 | }
63 |
--------------------------------------------------------------------------------
/cli/serve/static/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | CFSSL - Scan
7 |
8 |
13 |
14 |
15 |
16 |
34 |
35 |
40 |
41 |
--------------------------------------------------------------------------------
/cli/sign/sign_test.go:
--------------------------------------------------------------------------------
1 | package sign
2 |
--------------------------------------------------------------------------------
/cli/version/version.go:
--------------------------------------------------------------------------------
1 | // Package version implements the version command.
2 | package version
3 |
4 | import (
5 | "fmt"
6 | "runtime"
7 |
8 | "github.com/cloudflare/cfssl/cli"
9 | )
10 |
11 | // Version stores the semantic versioning information for CFSSL.
12 | var version = struct {
13 | Major int
14 | Minor int
15 | Patch int
16 | Revision string
17 | }{1, 1, 0, "release"}
18 |
19 | func versionString() string {
20 | return fmt.Sprintf("%d.%d.%d", version.Major, version.Minor, version.Patch)
21 | }
22 |
23 | // Usage text for 'cfssl version'
24 | var versionUsageText = `cfssl version -- print out the version of CF SSL
25 |
26 | Usage of version:
27 | cfssl version
28 | `
29 |
30 | // The main functionality of 'cfssl version' is to print out the version info.
31 | func versionMain(args []string, c cli.Config) (err error) {
32 | fmt.Printf("Version: %s\nRevision: %s\nRuntime: %s\n", versionString(), version.Revision, runtime.Version())
33 | return nil
34 | }
35 |
36 | // CLIVersioner defines Command 'version'
37 | var Command = &cli.Command{UsageText: versionUsageText, Flags: nil, Main: versionMain}
38 |
--------------------------------------------------------------------------------
/cli/version/version_dev.go:
--------------------------------------------------------------------------------
1 | // +build !release
2 |
3 | package version
4 |
5 | func init() {
6 | version.Revision = "dev"
7 | }
8 |
--------------------------------------------------------------------------------
/cli/version/version_test.go:
--------------------------------------------------------------------------------
1 | package version
2 |
--------------------------------------------------------------------------------
/cmd/cfssl/cfssl_test.go:
--------------------------------------------------------------------------------
1 | package main
2 |
--------------------------------------------------------------------------------
/cmd/cfssljson/cfssljson_test.go:
--------------------------------------------------------------------------------
1 | package main
2 |
--------------------------------------------------------------------------------
/cmd/mkbundle/mkbundle_test.go:
--------------------------------------------------------------------------------
1 | package main
2 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/bad.conf:
--------------------------------------------------------------------------------
1 | []
2 |
3 | key
4 | another key
5 | key = val
6 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/badconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "data":
3 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/config.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "default": {
4 | "expiry": "8760h",
5 | "usages": [
6 | "signing",
7 | "key encipherment",
8 | "server auth",
9 | "client auth"
10 | ],
11 | "auth_key": "default_auth"
12 | },
13 | "profiles": {
14 | "client_auth": {
15 | "expiry": "168h",
16 | "usages": [
17 | "signing",
18 | "key encipherment",
19 | "server auth",
20 | "client auth"
21 | ],
22 | "auth_key": "client_auth"
23 | }
24 | }
25 | },
26 | "auth_keys": {
27 | "default_auth": {
28 | "type": "standard",
29 | "key": "de1069ab43f7f385d9a31b76af27e7620e9aa2ad5dccd264367422a452aba67f"
30 | },
31 | "client_auth": {
32 | "type": "standard",
33 | "key": "55292b4762b352e385adf6b117179bbf9d0f5604a462b982e52950a33d48b578"
34 | }
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 |
6 | [ backup ]
7 | private = file://testdata/server.key
8 | certificate = testdata/server.crt
9 | config = testdata/config.json
10 |
11 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_bad_certificate.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 |
6 | [ backup ]
7 | private = file://testdata/server.key
8 | certificate = testdata/server.key
9 | config = testdata/config.json
10 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_bad_private_key.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 |
6 | [ backup ]
7 | private = file://testdata/server.crt
8 | certificate = testdata/server.crt
9 | config = testdata/config.json
10 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_bad_whitelist.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 | nets = 10.0.2.1/24,172.16.3.1/24,127.0.0.1
6 |
7 | [ backup ]
8 | private = file://testdata/server.key
9 | certificate = testdata/server.crt
10 | config = testdata/config.json
11 |
12 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_bad_whitelist2.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 | nets = 10.0.2.1/24,172.16.3.1/24,257.0.0.1/24
6 |
7 | [ backup ]
8 | private = file://testdata/server.key
9 | certificate = testdata/server.crt
10 | config = testdata/config.json
11 |
12 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_badconfig.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/badconfig.json
5 |
6 | [ backup ]
7 | private = file://testdata/server.key
8 | certificate = testdata/server.crt
9 | config = testdata/config.json
10 |
11 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_badspec.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 |
6 | [ backup ]
7 | private = file://testdata/nosuch.key
8 | certificate = testdata/server.crt
9 | config = testdata/config.json
10 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_badspec2.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 |
6 | [ backup ]
7 | private = ://nothing
8 | certificate = testdata/server.crt
9 | config = testdata/config.json
10 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_badspec3.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 |
6 | [ backup ]
7 | private = http://testdata/nosuch.key
8 | certificate = testdata/server.crt
9 | config = testdata/config.json
10 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_der.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.der
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 |
6 | [ backup ]
7 | private = file://testdata/server.key
8 | certificate = testdata/server.crt
9 | config = testdata/config.json
10 |
11 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_ksm.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 |
5 | [ backup ]
6 | private = ksm://test-signer
7 | certificate = testdata/server.crt
8 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_missing_certificate.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 |
6 | [ backup ]
7 | private = file://testdata/server.key
8 | certificate = testdata/enoent
9 | config = testdata/config.json
10 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_missing_certificate_entry.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 |
6 | [ backup ]
7 | private = file://testdata/server.key
8 | something_else = nothing
9 | config = testdata/config.json
10 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_missing_private.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 |
5 | [ backup ]
6 | private = file://testdata/server.key
7 | certificate = testdata/enoent
8 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_missing_private_key_entry.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 |
6 | [ backup ]
7 | certificate = testdata/server.crt
8 | config = testdata/config.json
9 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_no_kdl_private_key.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_whitelist.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 | nets = 10.0.2.1/24,172.16.3.1/24, 192.168.3.15/32
6 |
7 | [ backup ]
8 | private = file://testdata/server.key
9 | certificate = testdata/server.crt
10 | config = testdata/config.json
11 |
12 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/roots_whitelist_ipv6.conf:
--------------------------------------------------------------------------------
1 | [ primary ]
2 | private = file://testdata/server.key
3 | certificate = testdata/server.crt
4 | config = testdata/config.json
5 | nets = ::1/128, fd4d:9855:101d:e68b::/64, 10.0.4.1/24
6 |
7 | [ backup ]
8 | private = file://testdata/server.key
9 | certificate = testdata/server.crt
10 | config = testdata/config.json
11 |
12 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/server.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICATCCAWoCCQDidF+uNJR6czANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
3 | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
4 | cyBQdHkgTHRkMB4XDTEyMDUwMTIyNTUxN1oXDTEzMDUwMTIyNTUxN1owRTELMAkG
5 | A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
6 | IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpjl
7 | nodhz31kLEJoeLSkRmrv8l7exkGtO0REtIbirj9BBy64ZXVBE7khKGO2cnM8U7yj
8 | w7Ntfh+IvCjZVA3d2XqHS3Pjrt4HmU/cGCONE8+NEXoqdzLUDPOix1qDDRBvXs81
9 | KAV2qh6CYHZbdqixhDerjvJcD4Nsd7kExEZfHuECAwEAATANBgkqhkiG9w0BAQUF
10 | AAOBgQCyOqs7+qpMrYCgL6OamDeCVojLoEp036PsnaYWf2NPmsVXdpYW40Foyyjp
11 | iv5otkxO5rxtGPv7o2J1eMBpCuSkydvoz3Ey/QwGqbBwEXQ4xYCgra336gqW2KQt
12 | +LnDCkE8f5oBhCIisExc2i8PDvsRsY70g/2gs983ImJjVR8sDw==
13 | -----END CERTIFICATE-----
14 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/server.der:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/letsencrypt/cfssl/d88cd6e1f39f6127e4d5655cc567370c712a4866/cmd/multirootca/config/testdata/server.der
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/server.key:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIICXAIBAAKBgQC2mOWeh2HPfWQsQmh4tKRGau/yXt7GQa07RES0huKuP0EHLrhl
3 | dUETuSEoY7ZyczxTvKPDs21+H4i8KNlUDd3ZeodLc+Ou3geZT9wYI40Tz40Reip3
4 | MtQM86LHWoMNEG9ezzUoBXaqHoJgdlt2qLGEN6uO8lwPg2x3uQTERl8e4QIDAQAB
5 | AoGAVxnsPojZ8X4g8LPk3d9dlXGhb/4tSmk9102jcHH/Y5ssy95Pe6ZJGr1uwbN+
6 | 7m1l05PikpHeoxEryoW51cyfjDVkXUT0zPp2JC38DUA/0A8qWav/aENM64wg1I0P
7 | Dil8FywzZEonRNJst53+9cxFye70ely5br/tWxEp4/MsM1kCQQDqV4Lwn8BXOeKg
8 | xOwNmcL+0XPedvSPBSPUoGJCzu12rH6Z+UHXipXsqRNSyQ+KGlur14y0kCh5uiVA
9 | jmWYVEEjAkEAx3keAo1nFsVW35EPt5LIbh6L6ty7GrvGRvOVeSd6YLtixMety24k
10 | hpt1cEv2xlFnbjbBbMkr9eUiUNpttLT6KwJBANGKaLoSjqEwUFYjX1OV/wdtcGcn
11 | BOzx0qUouFQ2xZ0NBrNVbyt1bzPLx0yKHkwF35ybw+Qc1yRpby/3ZB6+j/MCQFLl
12 | vtcItOL9uBDJVGLSGYHKKBO/D/MYPlqWOHRVN8KjnXRyF4QHjh5y1OeKalAY3Ict
13 | Mk1nfWF/jDdVz2neHGkCQHHBR4Xt1/euDku+14z5aLpphTEQVuRD2vQoeKi/W/CY
14 | OgNmKj1DzucnCS6yRCrF8Q0Pn8l054a3Wdbl1gqI/gA=
15 | -----END RSA PRIVATE KEY-----
16 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/test.conf:
--------------------------------------------------------------------------------
1 | [ sectionName ]
2 | key1=some value
3 | key2 = some other value
4 | # we want to explain the importance and great forethought
5 | # in this next value.
6 | key3 = unintuitive value
7 | key4 = " space at beginning and end "
8 | key5 = ' is quoted with single quotes '
9 |
10 | [ anotherSection ]
11 | key1 = a value
12 | key2 = yet another value
13 | key1 = overwrites previous value of a value
14 |
--------------------------------------------------------------------------------
/cmd/multirootca/config/testdata/test2.conf:
--------------------------------------------------------------------------------
1 | key1 = some value
2 | key2 = some other value
3 | key3 = unintuitive value
4 |
--------------------------------------------------------------------------------
/config/testdata/invalid_auth.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "profiles": {
4 | "CA": {
5 | "remote": "localhost",
6 | "auth_key": "garbage"
7 | },
8 | "email": {
9 | "usages": ["s/mime"],
10 | "expiry": "720h"
11 | }
12 | },
13 | "default": {
14 | "usages": ["digital signature", "email protection"],
15 | "expiry": "8000h"
16 | }
17 | },
18 | "auth_keys": {
19 | "garbage": {
20 | "type":"stadardo",
21 | "key":"0123456789ABCDEF0123456789ABCDEF"
22 | }
23 | },
24 | "remotes": {
25 | "localhost": "127.0.0.1:8888"
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/config/testdata/invalid_auth_bad_key.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "profiles": {
4 | "CA": {
5 | "remote": "localhost",
6 | "auth_key": "garbage"
7 | },
8 | "email": {
9 | "usages": ["s/mime"],
10 | "expiry": "720h"
11 | }
12 | },
13 | "default": {
14 | "usages": ["digital signature", "email protection"],
15 | "expiry": "8000h"
16 | }
17 | },
18 | "auth_keys": {
19 | "garbage": {
20 | "type":"standard",
21 | "key":"BAD_KEY"
22 | }
23 | },
24 | "remotes": {
25 | "localhost": "127.0.0.1:8888"
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/config/testdata/invalid_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "profiles": {
4 | "CA": {
5 | "usages": ["cert sign"],
6 | "expiry": "720h"
7 | },
8 | "email": {
9 | "usages": ["s/mime"],
10 | "expiry": "720h"
11 | }
12 | },
13 | "default": {
14 | "usages": ["digital signature", "email protection"],
15 | }
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/config/testdata/invalid_default.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "profiles": {
4 | "CA": {
5 | "usages": ["cert sign"],
6 | "expiry": "720h"
7 | },
8 | "email": {
9 | "usages": ["s/mime"],
10 | "expiry": "720h"
11 | }
12 | },
13 | "default": {
14 | "usages": ["digital signature", "email protection"],
15 | "expiry": "invalid_expiry"
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/config/testdata/invalid_no_auth_keys.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "profiles": {
4 | "CA": {
5 | "remote": "localhost",
6 | "auth_key": "garbage"
7 | },
8 | "email": {
9 | "usages": ["s/mime"],
10 | "expiry": "720h"
11 | }
12 | },
13 | "default": {
14 | "usages": ["digital signature", "email protection"],
15 | "expiry": "8000h"
16 | }
17 | },
18 | "auth_keys": {
19 | },
20 | "remotes": {
21 | "localhost": "127.0.0.1:8888"
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/config/testdata/invalid_no_remotes.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "profiles": {
4 | "CA": {
5 | "auth_key": "garbage",
6 | "remote": "localhoster"
7 | },
8 | "email": {
9 | "usages": ["s/mime"],
10 | "expiry": "720h"
11 | }
12 | },
13 | "default": {
14 | "usages": ["digital signature", "email protection"],
15 | "expiry": "8000h"
16 | }
17 | },
18 | "auth_keys": {
19 | "garbage": {
20 | "type":"standard",
21 | "key":"0123456789ABCDEF0123456789ABCDEF"
22 | }
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/config/testdata/invalid_profile.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "profiles": {
4 | "CA": {
5 | "usages": ["cert sign"],
6 | "expiry": "720h"
7 | },
8 | "email": {
9 | "usages": ["s/mime"],
10 | "expiry": "invalid_expiry"
11 | }
12 | },
13 | "default": {
14 | "usages": ["digital signature", "email protection"],
15 | "expiry": "8000h"
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/config/testdata/invalid_remotes.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "profiles": {
4 | "CA": {
5 | "auth_key": "garbage",
6 | "remote": "localhoster"
7 | },
8 | "email": {
9 | "usages": ["s/mime"],
10 | "expiry": "720h"
11 | }
12 | },
13 | "default": {
14 | "usages": ["digital signature", "email protection"],
15 | "expiry": "8000h"
16 | }
17 | },
18 | "auth_keys": {
19 | "garbage": {
20 | "type":"standard",
21 | "key":"0123456789ABCDEF0123456789ABCDEF"
22 | }
23 | },
24 | "remotes": {
25 | "localhost": "127.0.0.1:8888"
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/config/testdata/invalid_usage.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "profiles": {
4 | "CA": {
5 | "usages": ["cert sign"],
6 | "expiry": "720h"
7 | },
8 | "email": {
9 | "usages": ["BAD_USAGE"],
10 | "expiry": "720h"
11 | }
12 | },
13 | "default": {
14 | "usages": ["digital signature", "email protection"],
15 | "expiry": "8000h"
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/config/testdata/valid_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "profiles": {
4 | "CA": {
5 | "usages": ["cert sign"],
6 | "expiry": "720h"
7 | },
8 | "email": {
9 | "usages": ["s/mime"],
10 | "expiry": "720h"
11 | }
12 | },
13 | "default": {
14 | "usages": ["digital signature", "email protection"],
15 | "expiry": "8000h"
16 | }
17 | },
18 | "auth_key": {
19 | "garbage": {
20 | "type":"standard",
21 | "key":"0123456789ABCDEF0123456789ABCDEF"
22 | }
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/config/testdata/valid_config_auth.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "profiles": {
4 | "CA": {
5 | "usages": ["cert sign"],
6 | "expiry": "720h",
7 | "auth_key": "garbage",
8 | "remote": "localhost"
9 | },
10 | "email": {
11 | "usages": ["s/mime"],
12 | "expiry": "720h"
13 | }
14 | },
15 | "default": {
16 | "usages": ["digital signature", "email protection"],
17 | "expiry": "8000h"
18 | }
19 | },
20 | "auth_keys": {
21 | "garbage": {
22 | "type":"standard",
23 | "key":"0123456789ABCDEF0123456789ABCDEF"
24 | }
25 | },
26 | "remotes": {
27 | "localhost": "127.0.0.1:8888"
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/config/testdata/valid_config_auth_no_default.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "profiles": {
4 | "CA": {
5 | "auth_key": "garbage",
6 | "remote": "localhost"
7 | }
8 | }
9 | },
10 | "auth_keys": {
11 | "garbage": {
12 | "type":"standard",
13 | "key":"0123456789ABCDEF0123456789ABCDEF"
14 | }
15 | },
16 | "remotes": {
17 | "localhost": "127.0.0.1:8888"
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/config/testdata/valid_config_no_default.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "profiles": {
4 | "CA": {
5 | "usages": ["cert sign"],
6 | "expiry": "720h"
7 | },
8 | "email": {
9 | "usages": ["s/mime"],
10 | "expiry": "720h"
11 | }
12 | }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/crypto/doc.go:
--------------------------------------------------------------------------------
1 | // Package crypto contains implementations of crypto.Signer.
2 | package crypto
3 |
--------------------------------------------------------------------------------
/crypto/pkcs11key/config.go:
--------------------------------------------------------------------------------
1 | package pkcs11key
2 |
3 | // Config contains configuration information required to use a PKCS
4 | // #11 key.
5 | type Config struct {
6 | Module string
7 | TokenLabel string
8 | PIN string
9 | PrivateKeyLabel string
10 | }
11 |
--------------------------------------------------------------------------------
/crypto/pkcs11key/pkcs11key_stub.go:
--------------------------------------------------------------------------------
1 | // Package pkcs11key exists to satisfy Go build tools.
2 | // Some Go tools will complain "no buildable Go source files in ..." because
3 | // pkcs11key.go only builds when the pkcs11 tag is supplied. This empty file
4 | // exists only to suppress that error, which blocks completion in some tools
5 | // (specifically godep).
6 | package pkcs11key
7 |
--------------------------------------------------------------------------------
/doc/README.txt:
--------------------------------------------------------------------------------
1 | CFSSL DOCUMENTATION GUIDE
2 |
3 | api/ API documentation
4 | authentication.txt A high-level overview of the CFSSL authentication
5 | system.
6 | bootstrap.txt Generating a CA using CFSSL.
7 | cmd/ Documentation for the programs included in CFSSL,
8 | including configuration and operations.
9 | errorcode.txt Description of the error codes returned by CFSSL.
10 |
11 |
--------------------------------------------------------------------------------
/doc/api/endpoint_authsign.txt:
--------------------------------------------------------------------------------
1 | THE AUTHENTICATED SIGNING ENDPOINT
2 |
3 | Endpoint: /api/v1/cfssl/authsign
4 | Method: POST
5 |
6 | Required parameters:
7 |
8 | * token: the authentication token
9 | * request: an encoded JSON signing request (e.g. as
10 | documented in endpoint_sign.txt).
11 |
12 | Optional parameters:
13 |
14 | The following parameters might be used by the authenticator
15 | as part of the authentication process.
16 |
17 | * timestamp: a Unix timestamp
18 | * remote_address: an address used in making the request.
19 |
20 | Result:
21 |
22 | The returned result is a JSON object with a single key:
23 |
24 | * certificate: a PEM-encoded certificate that has been signed
25 | by the server.
26 |
27 | The authentication documentation contains more information about how
28 | authentication with CFSSL works.
29 |
--------------------------------------------------------------------------------
/doc/api/endpoint_info.txt:
--------------------------------------------------------------------------------
1 | THE INFO ENDPOINT
2 |
3 | Endpoint: /api/v1/cfssl/info
4 | Method: POST
5 |
6 | Required parameters:
7 |
8 | * label: a string specifying the signer
9 |
10 | Optional parameters:
11 |
12 | * profile: a string specifying the signing profile for the signer.
13 | Signing profile specifies what key usages should be used and
14 | how long the expiry should be set
15 |
16 | Result:
17 |
18 | The returned result is a JSON object with three keys:
19 |
20 | * certificate: a PEM-encoded certificate of the signer
21 | * usage: a string array of key usages from the signing profile
22 | * expiry: the expiry string from the signing profile
23 |
24 | Example:
25 |
26 | $ curl -d '{"label": "primary"}' \
27 | ${CFSSL_HOST}/api/v1/cfssl/sign \
28 | | python -m json.tool
29 | % Total % Received % Xferd Average Speed Time Time Time Current
30 | Dload Upload Total Spent Left Speed
31 | 100 943 100 924 100 19 44029 905 --:--:-- --:--:-- --:--:-- 46200
32 | {
33 | "errors": [],
34 | "messages": [],
35 | "result": {
36 | "certificate": "-----BEGIN CERTIFICATE-----\nMIICATCCAWoCCQDidF+uNJR6czANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB\nVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0\ncyBQdHkgTHRkMB4XDTEyMDUwMTIyNTUxN1oXDTEzMDUwMTIyNTUxN1owRTELMAkG\nA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0\nIFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpjl\nnodhz31kLEJoeLSkRmrv8l7exkGtO0REtIbirj9BBy64ZXVBE7khKGO2cnM8U7yj\nw7Ntfh+IvCjZVA3d2XqHS3Pjrt4HmU/cGCONE8+NEXoqdzLUDPOix1qDDRBvXs81\nKAV2qh6CYHZbdqixhDerjvJcD4Nsd7kExEZfHuECAwEAATANBgkqhkiG9w0BAQUF\nAAOBgQCyOqs7+qpMrYCgL6OamDeCVojLoEp036PsnaYWf2NPmsVXdpYW40Foyyjp\niv5otkxO5rxtGPv7o2J1eMBpCuSkydvoz3Ey/QwGqbBwEXQ4xYCgra336gqW2KQt\n+LnDCkE8f5oBhCIisExc2i8PDvsRsY70g/2gs983ImJjVR8sDw==\n-----END CERTIFICATE-----",
37 | "expiry": "8760h",
38 | "usages": [
39 | "signing",
40 | "key encipherment",
41 | "server auth",
42 | "client auth"
43 | ]
44 | },
45 | "success": true
46 | }
47 |
--------------------------------------------------------------------------------
/doc/api/intro.txt:
--------------------------------------------------------------------------------
1 | INTRODUCTION TO THE CFSSL API
2 |
3 | The CFSSL API allows applications to access the functionality of CFSSL
4 | over an unauthenticated HTTP connection. By default, the API is
5 | unauthenticated, it is important to understand that the CFSSL API
6 | server must be running in a trusted environment in this case.
7 |
8 | There are currently nine endpoints, each of which may be found under
9 | the path `/api/v1/cfssl/`. The documentation for each
10 | endpoint is found in the `doc/api` directory in the project source
11 | under the name `endpoint_`. These nine endpoints are:
12 |
13 | - authsign: authenticated signing endpoint
14 | - bundle: build certificate bundles
15 | - info: obtain information about the CA, including the CA
16 | certificate
17 | - init_ca: initialise a new certificate authority
18 | - newkey: generate a new private key and certificate signing
19 | request
20 | - newcert: generate a new private key and certificate
21 | - scan: scan servers to determine the quality of their TLS set up
22 | - scaninfo: list options for scanning
23 | - sign: sign a certificate
24 |
25 | RESPONSES
26 |
27 | Responses take the form of the new CloudFlare API response format:
28 |
29 | {
30 | "result": ,
31 | "success": true,
32 | "errors": [],
33 | "messages": [],
34 | }
35 |
36 | Both the "messages" and "errors" fields have the same general format:
37 | a message or error has the form
38 |
39 | {
40 | "code:" 1234,
41 | "message": "Informative message."
42 | }
43 |
44 | If "success" is not "true", the result should be discarded, and the
45 | errors examined to determine what happened. The CFSSL error codes are
46 | documented in the `doc/errors.txt` file in the project source.
47 |
48 |
49 |
--------------------------------------------------------------------------------
/doc/authentication.txt:
--------------------------------------------------------------------------------
1 | CFSSL AUTHENTICATION
2 |
3 | In order to prevent a CFSSL signer from being directly available, an
4 | authentication mechanism is available to provide additional
5 | security. It is implemented as the concept of an authentication
6 | provider; a provider can generate "authentication tokens" for a given
7 | request, and verify that the token is valid for a given
8 | request. Requests are generally the JSON-encoded form of the request to
9 | be sent to the server.
10 |
11 | An authenticated request has the following fields:
12 |
13 | * token: this is a required field; it contains the computed
14 | authentication token.
15 | * request: this is a required field; the JSON-encoded request being
16 | made.
17 | * timestamp: an optional field containing a Unix timestamp. This
18 | might be used by an authentication provider; the standard
19 | authenticator does not use this.
20 | * remote_address: an optional field containing the address or
21 | hostname of the server; this may be used by an authentication
22 | provider. The standard authenticator does not use this field.
23 |
24 | The standard authenticator provided as a reference implementation uses
25 | HMAC-SHA-256 to compute the HMAC of the request, with the hex-encoded
26 | authentication key specified in the configuration file.
27 |
--------------------------------------------------------------------------------
/doc/ca-bundle.crt.metadata.sample:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "name":"Mozilla",
4 | "weight": 100,
5 | "hash_algo": "SHA2",
6 | "key_algo": "ECDSA256",
7 | "keystore": "misc/trusted_roots/nss.pem"
8 | }
9 | ]
10 |
--------------------------------------------------------------------------------
/doc/errorcode.txt:
--------------------------------------------------------------------------------
1 | 1XXX: CertificateError
2 | 1000: Unknown
3 | 1001: ReadFailed
4 | 1002: DecodeFailed
5 | 1003: ParseFailed
6 | 1100: SelfSigned
7 | 12XX: VerifyFailed
8 | 121X: CertificateInvalid
9 | 1210: NotAuthorizedToSign
10 | 1211: Expired
11 | 1212: CANotAuthorizedForThisName
12 | 1213: TooManyIntermediates
13 | 1214: IncompatibleUsage
14 | 1220: UnknownAuthority
15 | 2XXX: PrivateKeyError
16 | 2000: Unknown
17 | 2001: ReadFailed
18 | 2002: DecodeFailed
19 | 2003: ParseFailed
20 | 2100: Encrypted
21 | 2200: NotRSA
22 | 2300: KeyMismatch
23 | 3XXX: IntermediatesError
24 | 4XXX: RootError
25 | 5XXX: PolicyError
26 | 5100: NoKeyUsages
27 | 5200: InvalidPolicy
28 | 5300: InvalidRequest
29 |
30 |
--------------------------------------------------------------------------------
/errors/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Package errors provides error types returned in CF SSL.
3 |
4 | 1. Type Error is intended for errors produced by CF SSL packages.
5 | It formats to a json object that consists of an error message and a 4-digit code for error reasoning.
6 |
7 | Example: {"code":1002, "message": "Failed to decode certificate"}
8 |
9 | The index of codes are listed below:
10 | 1XXX: CertificateError
11 | 1000: Unknown
12 | 1001: ReadFailed
13 | 1002: DecodeFailed
14 | 1003: ParseFailed
15 | 1100: SelfSigned
16 | 12XX: VerifyFailed
17 | 121X: CertificateInvalid
18 | 1210: NotAuthorizedToSign
19 | 1211: Expired
20 | 1212: CANotAuthorizedForThisName
21 | 1213: TooManyIntermediates
22 | 1214: IncompatibleUsage
23 | 1220: UnknownAuthority
24 | 2XXX: PrivatekeyError
25 | 2000: Unknown
26 | 2001: ReadFailed
27 | 2002: DecodeFailed
28 | 2003: ParseFailed
29 | 2100: Encrypted
30 | 2200: NotRSA
31 | 2300: KeyMismatch
32 | 2400: GenerationFailed
33 | 2500: Unavailable
34 | 3XXX: IntermediatesError
35 | 4XXX: RootError
36 | 5XXX: PolicyError
37 | 5100: NoKeyUsages
38 | 5200: InvalidPolicy
39 | 5300: InvalidRequest
40 | 6XXX: DialError
41 |
42 | 2. Type HttpError is intended for CF SSL API to consume. It contains a HTTP status code that will be read and returned
43 | by the API server.
44 | */
45 | package errors
46 |
--------------------------------------------------------------------------------
/errors/http.go:
--------------------------------------------------------------------------------
1 | package errors
2 |
3 | import (
4 | "errors"
5 | "net/http"
6 | )
7 |
8 | // HTTPError is an augmented error with a HTTP status code.
9 | type HTTPError struct {
10 | StatusCode int
11 | error
12 | }
13 |
14 | // Error implements the error interface.
15 | func (e *HTTPError) Error() string {
16 | return e.error.Error()
17 | }
18 |
19 | // NewMethodNotAllowed returns an appropriate error in the case that
20 | // an HTTP client uses an invalid method (i.e. a GET in place of a POST)
21 | // on an API endpoint.
22 | func NewMethodNotAllowed(method string) *HTTPError {
23 | return &HTTPError{http.StatusMethodNotAllowed, errors.New(`Method is not allowed:"` + method + `"`)}
24 | }
25 |
26 | // NewBadRequest creates a HttpError with the given error and error code 400.
27 | func NewBadRequest(err error) *HTTPError {
28 | return &HTTPError{http.StatusBadRequest, err}
29 | }
30 |
31 | // NewBadRequestString returns a HttpError with the supplied message
32 | // and error code 400.
33 | func NewBadRequestString(s string) *HTTPError {
34 | return NewBadRequest(errors.New(s))
35 | }
36 |
37 | // NewBadRequestMissingParameter returns a 400 HttpError as a required
38 | // parameter is missing in the HTTP request.
39 | func NewBadRequestMissingParameter(s string) *HTTPError {
40 | return NewBadRequestString(`Missing parameter "` + s + `"`)
41 | }
42 |
43 | // NewBadRequestUnwantedParameter returns a 400 HttpError as a unnecessary
44 | // parameter is present in the HTTP request.
45 | func NewBadRequestUnwantedParameter(s string) *HTTPError {
46 | return NewBadRequestString(`Unwanted parameter "` + s + `"`)
47 | }
48 |
--------------------------------------------------------------------------------
/helpers/derhelpers/derhelpers.go:
--------------------------------------------------------------------------------
1 | // Package derhelpers implements common functionality
2 | // on DER encoded data
3 | package derhelpers
4 |
5 | import (
6 | "crypto"
7 | "crypto/ecdsa"
8 | "crypto/rsa"
9 | "crypto/x509"
10 |
11 | cferr "github.com/cloudflare/cfssl/errors"
12 | )
13 |
14 | // ParsePrivateKeyDER parses a PKCS #1, PKCS #8, or elliptic curve
15 | // DER-encoded private key. The key must not be in PEM format.
16 | func ParsePrivateKeyDER(keyDER []byte) (key crypto.Signer, err error) {
17 | generalKey, err := x509.ParsePKCS8PrivateKey(keyDER)
18 | if err != nil {
19 | generalKey, err = x509.ParsePKCS1PrivateKey(keyDER)
20 | if err != nil {
21 | generalKey, err = x509.ParseECPrivateKey(keyDER)
22 | if err != nil {
23 | // We don't include the actual error into
24 | // the final error. The reason might be
25 | // we don't want to leak any info about
26 | // the private key.
27 | return nil, cferr.New(cferr.PrivateKeyError,
28 | cferr.ParseFailed)
29 | }
30 | }
31 | }
32 |
33 | switch generalKey.(type) {
34 | case *rsa.PrivateKey:
35 | return generalKey.(*rsa.PrivateKey), nil
36 | case *ecdsa.PrivateKey:
37 | return generalKey.(*ecdsa.PrivateKey), nil
38 | }
39 |
40 | // should never reach here
41 | return nil, cferr.New(cferr.PrivateKeyError, cferr.ParseFailed)
42 | }
43 |
--------------------------------------------------------------------------------
/helpers/pkcs11uri/testdata/pin:
--------------------------------------------------------------------------------
1 | 123456
2 |
--------------------------------------------------------------------------------
/helpers/testdata/cert.der:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/letsencrypt/cfssl/d88cd6e1f39f6127e4d5655cc567370c712a4866/helpers/testdata/cert.der
--------------------------------------------------------------------------------
/helpers/testdata/cert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIB7jCCAVmgAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD
3 | bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTEyMDkwNzIyMDAwNFoXDTEzMDkwNzIy
4 | MDUwNFowJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGd
5 | MAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEAm6f+jkP2t5q/vM0YAUZZkhq/EAYD+L1C
6 | MS59jJOLomfDnKUWOGKi/k7URBg1HNL3vm7/ESDazZWFy9l/nibWxNkSUPkQIrvr
7 | GsNivkRUzXkwgNX8IN8LOYAQ3BWxAqitXTpLjf4FeCTB6G59v9eYlAX3kicXRdY+
8 | cqhEvLFbu3MCAwEAAaMyMDAwDgYDVR0PAQH/BAQDAgCgMA0GA1UdDgQGBAQBAgME
9 | MA8GA1UdIwQIMAaABAECAwQwCwYJKoZIhvcNAQEFA4GBABndWRIcfi+QB9Sakr+m
10 | dYnXTgYCnFio53L2Z+6EHTGG+rEhWtUEGhL4p4pzXX4siAnjWvwcgXTo92cafcfi
11 | uB7wRfK+NL9CTJdpN6cdL+fiNHzH8hsl3bj1nL0CSmdn2hkUWVLbLhSgWlib/I8O
12 | aq+K7aVrgHkPnWeRiG6tl+ZA
13 | -----END CERTIFICATE-----
14 |
--------------------------------------------------------------------------------
/helpers/testdata/cert_pkcs7.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PKCS7-----
2 | MIICHwYJKoZIhvcNAQcCoIICEDCCAgwCAQExADALBgkqhkiG9w0BBwGgggHyMIIB
3 | 7jCCAVmgAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBDbzES
4 | MBAGA1UEAxMJMTI3LjAuMC4xMB4XDTEyMDkwNzIyMDAwNFoXDTEzMDkwNzIyMDUw
5 | NFowJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGdMAsG
6 | CSqGSIb3DQEBAQOBjQAwgYkCgYEAm6f+jkP2t5q/vM0YAUZZkhq/EAYD+L1CMS59
7 | jJOLomfDnKUWOGKi/k7URBg1HNL3vm7/ESDazZWFy9l/nibWxNkSUPkQIrvrGsNi
8 | vkRUzXkwgNX8IN8LOYAQ3BWxAqitXTpLjf4FeCTB6G59v9eYlAX3kicXRdY+cqhE
9 | vLFbu3MCAwEAAaMyMDAwDgYDVR0PAQH/BAQDAgCgMA0GA1UdDgQGBAQBAgMEMA8G
10 | A1UdIwQIMAaABAECAwQwCwYJKoZIhvcNAQEFA4GBABndWRIcfi+QB9Sakr+mdYnX
11 | TgYCnFio53L2Z+6EHTGG+rEhWtUEGhL4p4pzXX4siAnjWvwcgXTo92cafcfiuB7w
12 | RfK+NL9CTJdpN6cdL+fiNHzH8hsl3bj1nL0CSmdn2hkUWVLbLhSgWlib/I8Oaq+K
13 | 7aVrgHkPnWeRiG6tl+ZAoQAxAA==
14 | -----END PKCS7-----
15 |
--------------------------------------------------------------------------------
/helpers/testdata/cert_with_whitespace.pem:
--------------------------------------------------------------------------------
1 |
2 | -----BEGIN CERTIFICATE-----
3 | MIIB7jCCAVmgAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD
4 | bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTEyMDkwNzIyMDAwNFoXDTEzMDkwNzIy
5 | MDUwNFowJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGd
6 | MAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEAm6f+jkP2t5q/vM0YAUZZkhq/EAYD+L1C
7 | MS59jJOLomfDnKUWOGKi/k7URBg1HNL3vm7/ESDazZWFy9l/nibWxNkSUPkQIrvr
8 | GsNivkRUzXkwgNX8IN8LOYAQ3BWxAqitXTpLjf4FeCTB6G59v9eYlAX3kicXRdY+
9 | cqhEvLFbu3MCAwEAAaMyMDAwDgYDVR0PAQH/BAQDAgCgMA0GA1UdDgQGBAQBAgME
10 | MA8GA1UdIwQIMAaABAECAwQwCwYJKoZIhvcNAQEFA4GBABndWRIcfi+QB9Sakr+m
11 | dYnXTgYCnFio53L2Z+6EHTGG+rEhWtUEGhL4p4pzXX4siAnjWvwcgXTo92cafcfi
12 | uB7wRfK+NL9CTJdpN6cdL+fiNHzH8hsl3bj1nL0CSmdn2hkUWVLbLhSgWlib/I8O
13 | aq+K7aVrgHkPnWeRiG6tl+ZA
14 | -----END CERTIFICATE-----
15 |
16 |
--------------------------------------------------------------------------------
/helpers/testdata/ecdsa256.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIBgTCCASgCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBn9Ldie6BOcMHezn2dPuYqW
6 | z/NoLYMLGNBqhOxUyEidYClI0JW2pWyUgT3A2UazFp1WgE94y7Z+2YlfRz+vcrKg
7 | PzA9BgkqhkiG9w0BCQ4xMDAuMCwGA1UdEQQlMCOCDmNsb3VkZmxhcmUuY29tghF3
8 | d3djbG91ZGZsYXJlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBM+QRxe8u6rkdr10Jy
9 | cxbR6NxrGrNeg5QqiOqF96JEmgIgDbtjd5e3y3I8W/+ih2us3WtMxgnTXfqPd48i
10 | VLcv28Q=
11 | -----END CERTIFICATE REQUEST-----
12 |
--------------------------------------------------------------------------------
/helpers/testdata/empty.pem:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/helpers/testdata/emptycert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | -----END CERTIFICATE-----LSKFSKLF
3 |
--------------------------------------------------------------------------------
/helpers/testdata/emptypasswordpkcs12.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/letsencrypt/cfssl/d88cd6e1f39f6127e4d5655cc567370c712a4866/helpers/testdata/emptypasswordpkcs12.p12
--------------------------------------------------------------------------------
/helpers/testdata/enc_priv_key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | Proc-Type: 4,ENCRYPTED
3 | DEK-Info: AES-128-CBC,90B8A5792FA2FE75B2053582F3DF394F
4 |
5 | yVY2xuth5fdJBg9gg+6eP3qTsr0CJ2mGEDW6rvYmYuATSRF1hVERrsznxJYjYLaw
6 | JHec8FVr78y4aXxI/aFzlxLkS8f12WjTtIhzHwhzgSJDwVOXSRphnLAeHWnhEKLe
7 | 7kO+vzoTPIc3ECwdvtr6//z2tP1/sac+yIhL6C+x2rS5hFHhmDUXtILPxxfHJCiM
8 | qtKiiOZz3W6008CeJMC9ZPlKHDvpq7aIL4rfVP/GkZ+/teQkgWNpMxac7+gWLKuK
9 | 109v6pu+8KT49D6SMsaZPvAb5PXcIB79ZCPI1JX0V26CKcswba4RHG/h1xifwyAF
10 | OIvmK29mmFqbx5GPlUefRUuPwRJKCXFiK6LTdhCwLYodtXde4ibvOFYy4onGoVax
11 | I5WVaOhQMqp+mxA6z7odrIvuFcQGixIA+peaaSbpNZSZGuxRvVefcdxPbJ+26Ijs
12 | wq8uyalbwhKtjPTPNkMaaYzJdWS7wd2DS4RM9JT8Y1h6NTftCY3c+/txOlt5pQzW
13 | T8n+NTd4o+PFOHzMnmEnrtf9Y/SSzXDB2OPCD95YdIXItQDdKcjK0NmnY8GNfkWL
14 | G30NJNy3/DR7Sa5u4xuqNgcgTFhgZaOQ1IVB3p5VjknqAX3gWFu2DrqzbH45071A
15 | He7VbdbzBpMHI2EdiCVOuK9fD/5sv25u9vVC2NHtG/YcoEQv+RB52TNHn9kdiMj1
16 | gLaywPqGjFmaPxI0xX07BrL+D9RruUT1GAEyw4JAHuJZIyq3+V98wmV/pEqwc7hp
17 | 8WuSi6YddetfF4NPA5cGWt8qZ1it+wD/1ydQEAQsxdANqi0XVudYpYox02EoRS02
18 | up0sd9zqz83pN9RyOOKtGcHdt85gb9DYRVeff1UszMaoVULxqxYetwtzpiHn6grL
19 | DmnSk+DYgvXKOVt8tmSJysDTumhK1VN3xb34TYYJxeBOQJLzWFjGSELEpphZAQSj
20 | rS4OM1FwoP48wvASGiWD4VUJ6v+6F+NDvJr01S+zWGLg1EeUZJmXGHW5GrGd4Kgx
21 | 3rdeOsrED9oXKp2cpgx9avXJ9upixja9MbAPp7RkSyeHMPvsuaI44xvOP3f0crmG
22 | d/5CdBKVT7nFaeTGSx/78kHb3VJyopAMm9k0V3CheKwBXXSbXmV1+0muBxMHsEI3
23 | aEKaI0y5cDfTewzo/U0l0kGtxF6kUPN1pdjFpAvssRlkGttFOC2nWxHwaNHpn7Kq
24 | gFAlN6P4cyB6kb+LvckIYTZ/tV39dx7PfL0KG5TWjJ4a9GSoL1IrAhQq+Qv6oUEt
25 | 1vlejZoKyZ/35fni0fmeYNho+pCPimm6l+sHTuXkrWgGLr0S9O00HFLz11D7R4o9
26 | 7mF4JkMNztT+ENOdT4xQBi3OGjRGMwtE6PsQPfDeu13Vq6eDtdEGUdhW1kAsGnBi
27 | eJRuysnGpnoWofJ7yS0+DhnS4GAVi907TMrQWwmez9V4CXl4NBc8X9T69TFL2LsW
28 | 2KU9NUXdiCRZqZHD41gd3+RuRA/oXh50V9oaow+uepwYKTFyzde5IH1/DgBd7tOd
29 | Fa2fM5/zSA0uFPRb3yCVhRg5d6J9t5yaPAz7Jp0D1mDDGsMBD1O/FYJvWoANEwUX
30 | -----END RSA PRIVATE KEY-----
31 |
--------------------------------------------------------------------------------
/helpers/testdata/messed_up_priv_key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEowIBAAKCAQEAvGKyz9ZzIXI/BFrtqbVQMmKQkPZGndyfV3AzeSb2ulbS/s5k
3 | yNJMH/jKZiSCvZiJNnW+JNlJrgLxORMmPStPz/N/0L0vCTotQKZUiaBttFgHgobQ
4 | LFsbMnumt9It5W/uOwgWI9binuzvqyPXywLlYwOq3jkOmA22ymhflzRrl6a3jzcY
5 | hT9evxHl0gV4bN7KZ5p4wK/UUuG1uMEQLw87lUwRRHeW3ZG52VL38+redka+f5pa
6 | SGKyG5j0oe1NPLqAjckNgqvDdPMY2gicmCq0VSLzTNpHRsURTUSJvC/iv34vVfba
7 | gIYgTvm8BvGbJSlZqP4kEVlOfd3vmB0ttUeoDwIDAQABAoIBAHZdpXCFlA1d1U6N
8 | O2s4a01dNOyAcVpa9xtfelgTLU9jomtLj3PG/uHP1oxbQHKUVxKK5JAOnwbg/mQY
9 | LhydDCbjHlovpFAt56UJXXCkBoocDYvr3P0huXL80oIJY6EXtR4ONKsMJ5Qn12c2
10 | vC3ogey2rzO1sf/EDigbcIR3AWtk1Tx8ZDUooktOFypIsDQgjjxXiURGssAlMPSh
11 | 6GVgO4JRRG6oRxEna7yDe7izmh/hC5sxSYLsEikCgYEAsBHhb/Qef5obRCSrfFuQ
12 | 41P7MCtGrXVxKD3iCDGQCzVbEbYGpmZnGsXSaHljp2FtnamaGGEudYziozGKPHjs
13 | pbTbsLIDbmNwxz1WcaZ1iyIjtOxcAEqDod8hY4hL6SaxypwTHn4Ydbw2NGzp11Eg
14 | Di4SVL82utjycATdKFvBzdsCgYB/3M+GMrt0Sh87rKcQLdL709Kzjcfhvm4HjIbJ
15 | GSXGPCZaYMKaXRTdNAjtRKxMawc9qcf0xSBEHL0GkB158TzusDQtjP1anTcYOnl6
16 | GsO4bRivp314iNlP4r3S3bIXqBxCGH3HbrvpdPFAN//qjYmAki2lFQZywfvbQOE8
17 | oFQHwQKBgHqJkTck2DGlXQIwA7jirLggISXjSPlsG4w4LuhY9ivyNKLUi4x5k1cE
18 | bX7SrRtJErQ1WaDN4TFG25xnysi5h+aPinuySatd0XmA5+dE1YjTqqShMO+lUpzi
19 | PrOQl6Eva/uw5BDAcUH4AaXTNRvvtXQptUil9qXyOh6fszikA9Mm
20 | -----END RSA PRIVATE KEY-----
21 |
--------------------------------------------------------------------------------
/helpers/testdata/messedupcert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIB7jCCAVmgAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD
3 | bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTEyMDkwNzIyMDAwNFoXDTEzMDkwNzIy
4 | MDUwNFowJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGd
5 | MAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEAm6f+jkP2t5q/vM0YAUZZkhq/EAYD+L1C
6 | cqhEvLFbu3MCAwEAAaMyMDAwDgYDVR0PAQH/BAQDAgCgMA0GA1UdDgQGBAQBAgME
7 | MA8GA1UdIwQIMAaABAECAwQwCwYJKoZIhvcNAQEFA4GBABndWRIcfi+QB9Sakr+m
8 | dYnXTgYCnFio53L2Z+6EHTGG+rEhWtUEGhL4p4pzXX4siAnjWvwcgXTo92cafcfi
9 | uB7wRfK+NL9CTJdpN6cdL+fiNHzH8hsl3bj1nL0CSmdn2hkUWVLbLhSgWlib/I8O
10 | aq+K7aVrgHkPnWeRiG6tl+ZA
11 | -----END CERTIFICATE-----
12 |
--------------------------------------------------------------------------------
/helpers/testdata/multiplecerts.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/letsencrypt/cfssl/d88cd6e1f39f6127e4d5655cc567370c712a4866/helpers/testdata/multiplecerts.p12
--------------------------------------------------------------------------------
/helpers/testdata/noheadercert.pem:
--------------------------------------------------------------------------------
1 | MIIB7jCCAVmgAwIBAgIBADALBgkqhkiG9w0BAQUwJjEQMA4GA1UEChMHQWNtZSBD
2 | bzESMBAGA1UEAxMJMTI3LjAuMC4xMB4XDTEyMDkwNzIyMDAwNFoXDTEzMDkwNzIy
3 | MDUwNFowJjEQMA4GA1UEChMHQWNtZSBDbzESMBAGA1UEAxMJMTI3LjAuMC4xMIGd
4 | MAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEAm6f+jkP2t5q/vM0YAUZZkhq/EAYD+L1C
5 | cqhEvLFbu3MCAwEAAaMyMDAwDgYDVR0PAQH/BAQDAgCgMA0GA1UdDgQGBAQBAgME
6 | MA8GA1UdIwQIMAaABAECAwQwCwYJKoZIhvcNAQEFA4GBABndWRIcfi+QB9Sakr+m
7 | dYnXTgYCnFio53L2Z+6EHTGG+rEhWtUEGhL4p4pzXX4siAnjWvwcgXTo92cafcfi
8 | uB7wRfK+NL9CTJdpN6cdL+fiNHzH8hsl3bj1nL0CSmdn2hkUWVLbLhSgWlib/I8O
9 | aq+K7aVrgHkPnWeRiG6tl+ZA
10 |
--------------------------------------------------------------------------------
/helpers/testdata/passwordpkcs12.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/letsencrypt/cfssl/d88cd6e1f39f6127e4d5655cc567370c712a4866/helpers/testdata/passwordpkcs12.p12
--------------------------------------------------------------------------------
/helpers/testdata/priv_rsa_key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEowIBAAKCAQEAvGKyz9ZzIXI/BFrtqbVQMmKQkPZGndyfV3AzeSb2ulbS/s5k
3 | yNJMH/jKZiSCvZiJNnW+JNlJrgLxORMmPStPz/N/0L0vCTotQKZUiaBttFgHgobQ
4 | LFsbMnumt9It5W/uOwgWI9binuzvqyPXywLlYwOq3jkOmA22ymhflzRrl6a3jzcY
5 | hT9evxHl0gV4bN7KZ5p4wK/UUuG1uMEQLw87lUwRRHeW3ZG52VL38+redka+f5pa
6 | SGKyG5j0oe1NPLqAjckNgqvDdPMY2gicmCq0VSLzTNpHRsURTUSJvC/iv34vVfba
7 | gIYgTvm8BvGbJSlZqP4kEVlOfd3vmB0ttUeoDwIDAQABAoIBAHZdpXCFlA1d1U6N
8 | O2s4a01dNOyAcVpa9xtfelgTLU9jomtLj3PG/uHP1oxbQHKUVxKK5JAOnwbg/mQY
9 | LhydDCbjHlovpFAt56UJXXCkBoocDYvr3P0huXL80oIJY6EXtR4ONKsMJ5Qn12c2
10 | vC3ogey2rzO1sf/EDigbcIR3AWtk1Tx8ZDUooktOFypIsDQgjjxXiURGssAlMPSh
11 | 1BFz4StRUK4bESaja0GiHwbuxHa+XYEBlK5OqMo/fpWqpgHhV/42+7wdcBMJsMr8
12 | rFBe6m+r6TTbLSGJNowyd05XrjoAI35qduckpJ3Voun90i4ynTudjdJ/vHpIqB74
13 | qQLFW2ECgYEA+GSRVqobaKKakNUFGmK0I5T5Tikz5f137YXXER6aLtDQNiSrlXNi
14 | 0aphkC/EfRO3oNvamq5+55bmmgDVoNNPDfpajKz+LZyG8GC2EXlTKO0hZS64KRRl
15 | C+bd+ZsYiUDImNVRbIHN82f+BQgsgXlTaWpBOrEqmoePO/J44O4eX3cCgYEAwieq
16 | amY4UaY+MhWPJFRK1y9M3hM8+N9N/35CFewQUdFJosC6vVQ4t8jNkSOxVQdgbNwE
17 | i/bTBgIwg82JJYbBUPuCVeTT3i6zxymf/FLumrI73URD81IN6FiH1skg0hSFrvs0
18 | 6GVgO4JRRG6oRxEna7yDe7izmh/hC5sxSYLsEikCgYEAsBHhb/Qef5obRCSrfFuQ
19 | 41P7MCtGrXVxKD3iCDGQCzVbEbYGpmZnGsXSaHljp2FtnamaGGEudYziozGKPHjs
20 | pbTbsLIDbmNwxz1WcaZ1iyIjtOxcAEqDod8hY4hL6SaxypwTHn4Ydbw2NGzp11Eg
21 | Di4SVL82utjycATdKFvBzdsCgYB/3M+GMrt0Sh87rKcQLdL709Kzjcfhvm4HjIbJ
22 | GSXGPCZaYMKaXRTdNAjtRKxMawc9qcf0xSBEHL0GkB158TzusDQtjP1anTcYOnl6
23 | GsO4bRivp314iNlP4r3S3bIXqBxCGH3HbrvpdPFAN//qjYmAki2lFQZywfvbQOE8
24 | oFQHwQKBgHqJkTck2DGlXQIwA7jirLggISXjSPlsG4w4LuhY9ivyNKLUi4x5k1cE
25 | bX7SrRtJErQ1WaDN4TFG25xnysi5h+aPinuySatd0XmA5+dE1YjTqqShMO+lUpzi
26 | PrOQl6Eva/uw5BDAcUH4AaXTNRvvtXQptUil9qXyOh6fszikA9Mm
27 | -----END RSA PRIVATE KEY-----
28 |
29 |
--------------------------------------------------------------------------------
/helpers/testdata/private_ecdsa_key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PRIVATE KEY-----
2 | MGgCAQEEHCGXsrNo2xfy8+zd4Pzj8rcQ5KqQO43au1t/7nugBwYFK4EEACGhPAM6
3 | AASJodCTtj5aYXnWxMiYhwjEgNQJJbNzJFEbsGJX9pCWZC673ammTWFHMjnMPkS/
4 | 9eU5YeW40BHqfw==
5 | -----END EC PRIVATE KEY-----
6 |
--------------------------------------------------------------------------------
/helpers/testdata/secp256k1-key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PRIVATE KEY-----
2 | MHQCAQEEIJLKycmoCAk4HqlJGdsuFyHsxfIheKsLH91tS/TNP5OOoAcGBSuBBAAK
3 | oUQDQgAEBkmL7cvC2cgchzfSuUZPGnzH0FqBtf3kGhSllQiIzGDn4envPXNqp+93
4 | V2NZ8VT+Aba4ln2Vbp9gYrKquut5Zg==
5 | -----END EC PRIVATE KEY-----
6 |
--------------------------------------------------------------------------------
/helpers/testsuite/testdata/cert_csr.json:
--------------------------------------------------------------------------------
1 | {
2 | "hosts": [
3 | "ca.example2.com"
4 | ],
5 | "names": [
6 | {
7 | "C": "US",
8 | "ST": "California",
9 | "L": "San Francisco",
10 | "O": "Internet Widgets, LLC",
11 | "OU": "Certificate Authority"
12 | }
13 | ],
14 | "key": {
15 | "algo": "rsa",
16 | "size": 2048
17 | }
18 | }
--------------------------------------------------------------------------------
/helpers/testsuite/testdata/initCA/ca_csr.json:
--------------------------------------------------------------------------------
1 | {
2 | "cn": "example.com",
3 | "hosts": [
4 | "ca.example.com"
5 | ],
6 | "names": [
7 | {
8 | "C": "US",
9 | "ST": "California",
10 | "L": "San Francisco",
11 | "O": "Internet Widgets, LLC",
12 | "OU": "Certificate Authority"
13 | }
14 | ],
15 | "key": {
16 | "algo": "rsa",
17 | "size": 2048
18 | },
19 | "ca": {
20 | "pathlen": 1,
21 | "expiry": "1/1/2015"
22 | }
23 | }
--------------------------------------------------------------------------------
/info/info.go:
--------------------------------------------------------------------------------
1 | // Package info contains the definitions for the info endpoint
2 | package info
3 |
4 | // Req is the request struct for an info API request.
5 | type Req struct {
6 | Label string `json:"label"`
7 | Profile string `json:"profile"`
8 | }
9 |
10 | // Resp is the response for an Info API request.
11 | type Resp struct {
12 | Certificate string `json:"certificate"`
13 | Usage []string `json:"usages"`
14 | ExpiryString string `json:"expiry"`
15 | }
16 |
--------------------------------------------------------------------------------
/initca/testdata/ecdsa256.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIBgTCCASgCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBn9Ldie6BOcMHezn2dPuYqW
6 | z/NoLYMLGNBqhOxUyEidYClI0JW2pWyUgT3A2UazFp1WgE94y7Z+2YlfRz+vcrKg
7 | PzA9BgkqhkiG9w0BCQ4xMDAuMCwGA1UdEQQlMCOCDmNsb3VkZmxhcmUuY29tghF3
8 | d3djbG91ZGZsYXJlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBM+QRxe8u6rkdr10Jy
9 | cxbR6NxrGrNeg5QqiOqF96JEmgIgDbtjd5e3y3I8W/+ih2us3WtMxgnTXfqPd48i
10 | VLcv28Q=
11 | -----END CERTIFICATE REQUEST-----
12 |
--------------------------------------------------------------------------------
/initca/testdata/ecdsa384.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIBvzCCAUUCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTB2MBAGByqGSM49AgEGBSuBBAAiA2IABBk/Q+zMsZOJGkufRzGCWtSUtRjq
6 | 0QqChDGWbHLaa0h6ODVeEoKYOMvFJTg4V186tuuBe97KEey0OPDegzCBp5kBIiwg
7 | HB/0xWoKdnfdRk6VyjmubPx399cGoZn8aCqgC6A/MD0GCSqGSIb3DQEJDjEwMC4w
8 | LAYDVR0RBCUwI4IOY2xvdWRmbGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAoG
9 | CCqGSM49BAMDA2gAMGUCMQC57VfwMXDyL5kM7vmO2ynbpgSAuFZT6Yd3C3NnV2jz
10 | Biozw3eqIDXqCb2LI09stZMCMGIwCuVARr2IRctxf7AmX7/O2SIaIhCpMFKRedQ7
11 | RiWGZIucp5r6AfT9381PB29bHA==
12 | -----END CERTIFICATE REQUEST-----
13 |
--------------------------------------------------------------------------------
/initca/testdata/ecdsa521.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIICCjCCAWsCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAHt/s9KTZETzu94JIAjZ3BaS
6 | toSG65hGIc1e0Gt7PhdQxPp5FP2D8rQ1wc+pcZhD2O8525kPxopaqTd+fWKBuD3O
7 | AULzoH2OX+atIuumTQzLNbTsIbP0tY3dh7d8LItuERkZn1NfsNl3z6bnNAaR137m
8 | f4aWv49ImbA/Tkv8VmoKX279oD8wPQYJKoZIhvcNAQkOMTAwLjAsBgNVHREEJTAj
9 | gg5jbG91ZGZsYXJlLmNvbYIRd3d3Y2xvdWRmbGFyZS5jb20wCgYIKoZIzj0EAwQD
10 | gYwAMIGIAkIA8OX9LxWOVnyfB25DFBz6JkjhyDpBM/PXlgLnWb/n2mEuMMB44DOG
11 | pljDV768PSW11AC3DtULoIyR92z0TyLEKYoCQgHdGd6PwUtDW5mrAMJQDgebjsxu
12 | MwfcdthzKlFlSmRpHMBnRMOJjlg5f9CTBg9d6wEdv7ZIrQSO6eqQHDQRM0VMnw==
13 | -----END CERTIFICATE REQUEST-----
14 |
--------------------------------------------------------------------------------
/initca/testdata/rsa2048.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIDCTCCAfMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTWdoYxX4KN51fP
6 | WxQAyGH++VsPbfpAoXIbCPXSmU04BvIxyjzpHQ0ChMKkT/2VNcUeFJwk2fCf+ZwU
7 | f0raTQTplofwkckE0gEYA3WcEfJp+hbvbTb/2recsf+JE6JACYJe2Uu5wsjtrE5j
8 | A+7aT2BEU9RWzBdSy/5281ZfW3PArqcWaf8+RUyA3WRxVWmjmhFsVB+mdNLhCpW0
9 | C0QNMYR1ppEZiKVnEdao8gcI5sOvSd+35t8g82aPXcNSPU6jKcx1YNUPX5wgPEmu
10 | +anfc9RliQbYqqJYVODgBmV8IR5grw93yTsODoWKtFQ4PKVlnt9CD8AS/iSMQYm3
11 | OUogqgMCAwEAAaA/MD0GCSqGSIb3DQEJDjEwMC4wLAYDVR0RBCUwI4IOY2xvdWRm
12 | bGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAsGCSqGSIb3DQEBCwOCAQEAl809
13 | gk9uZkRK+MJVYDSLjgGR2xqk5qOwnhovnispA7N3Z1GshodJRQa6ngNCKuXIm2/6
14 | AxB9kDGK14n186Qq4odXqHSHs8FG9i0zUcBXeLv1rPAKtwKTas/SLmsOpPgWPZFa
15 | iYiHHeu4HjOQoF987d7uGRYwc3xfstKwJsEXc12eCw2NH8TM1tJgSc/o6CzIpA91
16 | QnZKhx6uGM4xI2gnOaJA1YikNhyFGBuOGMZgd0k2+/IcR2pg0z4pc5oQw1bXLANx
17 | anqlA/MDrCM9v9019bRJ73zK8LQ3k/FW61PA9nL7RZ8ku65R+uYcVEdLa8pUeqnH
18 | cJZNboDRsItpccZuRQ==
19 | -----END CERTIFICATE REQUEST-----
20 |
--------------------------------------------------------------------------------
/initca/testdata/rsa3072.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIECTCCAnMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL0zzgBv+VTwZOPy
6 | LtuLFweQrj5Lfrje2hnNB7Y3TD4+yCM/cA4yTILixCe/B+N7LQysJgVDbW8u6BZQ
7 | 8ZqeDKOP6KCt37WhmcbT45tLpHmH+Z/uAnCz0hVc/7AyJ3CJXo6PaDCcJjgLuUun
8 | W47iy4h79AxyuzELmUeZZGYcO8nqClqcnAzQ6sClGZvJwSbYg2QAFGoA2lHqZ9uN
9 | ygAxNLd+rX9cP+yFwAeKzuKtOnVPiJD5lT3wufSkAbd6M7lOoqmTYnbv0A1WfA/e
10 | upXno9lbgB6iwF5U0V7OtxdA1bTbvgJgNLlxFF1do0sB28CWmqCFNwLfzcPzt5A4
11 | gLnOyLhNZOmUMXn35KOtp1Zv/yethlgZHxUYGcl6OYwMEFye3Du6dgnTwONzaLhA
12 | 7hMI8R60p2YrTLkgSKdFohAY/mKuxHyXxugOHHthlRCOn9m49edcdZ1HrkJXm9jd
13 | P9katjCXgTwSdTQlvaMJkfH7wF3ZMjAxPcDf4RKFEpF2wABeNQIDAQABoD8wPQYJ
14 | KoZIhvcNAQkOMTAwLjAsBgNVHREEJTAjgg5jbG91ZGZsYXJlLmNvbYIRd3d3Y2xv
15 | dWRmbGFyZS5jb20wCwYJKoZIhvcNAQEMA4IBgQBF/RCHNAAOAaRI4VyO0tRPA5Dw
16 | 0/1/pgmBm/VejHIwDJnMFCl9njh0RSo1RgsVLhw6ovYbk3ORb4OD4UczPTq3GrFp
17 | KP9uPR+2pR4FWJpCVfCl76YabQv6fUDdiT7ojzyRhsAmkd5rOdiMvWV3Rp+YmBuU
18 | KH/dwkukfn+OeJIbERS5unzOBtQL+g5dU4CHWAqJQIqHr373w38OlYN+JY9QLrYy
19 | sWU9Ye6RjdySXPJ5UzyfOEfc9Ji89RJsVeceB1+As5u5vBvtzGgIMSFUzN947RZo
20 | DZ48JiB71VpmKXbn9LIRn25dlbVMzxRdSeZ194L3JFVAf9OxJTsc1QNFhOacoFgy
21 | hqvtN2iKntEyPo2nacYhpz/FAdJ2JThNH+4WtpPWAqx8Lw/e1OttiDt+6M0FEuVz
22 | svkSHnK206yo+a9Md37nUDDYxtlJEB+9F2qUZNQ7Hv+dxjmJOIgHOXxy1pLEdpVU
23 | rGdGLVXeJNPCh9x+GK21QjdxZABmYAaF8k36Pv4=
24 | -----END CERTIFICATE REQUEST-----
25 |
--------------------------------------------------------------------------------
/initca/testdata/rsa4096.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIFCTCCAvMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkKL22jMn3eFCpj
6 | T6lbeq4nC3aEqwTGrLARidAmO29WIhzs6LxRpM6xSMoPI6DvJVUGpMFEKF4xNTc5
7 | X9/gSFrw2eI5Q3U3aGcaToSCxH4hXejwIzX8Ftlb/LfpXhbSsFr5MS3kiTY4zZxM
8 | n3dSy2gZljD/g0tlQf5BdHdR4WKRhWnqRiGng+BmW4rjbcO7SoN33jSXsMcguCg5
9 | 8dmYuf5G5KVXsqwEoCQBeKGnca9orcm4i90VnGt4qZUpfAn1cADzYGpRzX79USJ6
10 | tol4ovgGPN08LJFqcVl+dK8VzJ03JWBhI1jePbWS4Bz5oNtkhQQXilU+G6FQxc6a
11 | UPf6KcFyOB+qMJmEwJZD9yaNK1YbsKfSztQEsb1JEezQnVHxp91Ch3AcWoikuOiY
12 | yCg0V5lcK15SLv1+5sj9YzF7ngMmThcIJ6B5gS3swpD5AX6FJaI1BrGwT/RXKKQP
13 | tRX1BySLx8RcINjFb5wv3q9QIE8vrW1BOk9f4dfmxiFYnc+6bCCbIrg7APQVtKTa
14 | ixNJFSqZz7fm9loeNPHHXfUT5RoW5yzVa8igc+yv4qeYsWHcZ4c/Y91OJp19HMjM
15 | bYm2alt8XagBgJjO0FW8wvsKwhhlhWK0WO6sQ7Fkl7fH1GtxEpc248hAW24SZMmS
16 | led3LblCT8IC3a9BLhqJ2q8cfPp9AgMBAAGgPzA9BgkqhkiG9w0BCQ4xMDAuMCwG
17 | A1UdEQQlMCOCDmNsb3VkZmxhcmUuY29tghF3d3djbG91ZGZsYXJlLmNvbTALBgkq
18 | hkiG9w0BAQ0DggIBAAgz3NuN43+F+8+WhQ9hb7DOp6Amut7XubOkEBtBVgP3R8U1
19 | uSsgocR1rvnZ1/bhkeGyTly0eQPhcSEdMo/GgIrcn+co0KLcDyV6Rf3Cgksx9dUZ
20 | TzHSkxmFkxlxYfIGes6abH+2OPiacwK2gLvvmXFYIxEhv+LKzzteQi0xlinewv7R
21 | FnSykZ4QialsFyCgOjOxa11aEdRv6T8qKwhjUOk0VedtzOkt/k95aydTNLjXl2OV
22 | jloeTsbB00yWIqdyhG12+TgcJOa0pNP1zTjgFPodMuRUuiAcbT7Mt7sLCefKNzvZ
23 | Ln6b4y7e6N3YLOHALTIP+LI4y8ar47WlXCNw/zeOM2sW8udjYrukN6WOV3X68oMf
24 | Zsv6jqyGSaCDwdImR4VECUVvkabg9Sq4pz+ijTT+9cNA66omYL+/QAh0GahlROgW
25 | kDGI8zeEUoAC8RkAbFGMJA8jEbAfbT000ZwnLX2SZ8YRQX4Jd1FTmAH99FkvvT8N
26 | ovaGRSQQI5rWQGQYqF67So7PywEaEXeUHTBrv41Msva6CdaWHn7bh/fj4B21ETS7
27 | VJvrk5DLJTyruqon7EVJU1pn38ppaXF4Z6a9n3C8TqudT/gdJUYn/SBo5jx20uGJ
28 | d9k6vDqixntvk/TRZ848k1AXiv5uUJTdnoPPhzSGjxEaeKuB0R1ZHomVdjU4
29 | -----END CERTIFICATE REQUEST-----
30 |
--------------------------------------------------------------------------------
/log/log_test.go:
--------------------------------------------------------------------------------
1 | package log
2 |
--------------------------------------------------------------------------------
/ocsp/config/config.go:
--------------------------------------------------------------------------------
1 | // Package config in the ocsp directory provides configuration data for an OCSP
2 | // signer.
3 | package config
4 |
5 | import (
6 | "time"
7 | "github.com/cloudflare/cfssl/crypto/pkcs11key"
8 | )
9 |
10 | // Config contains configuration information required to set up an OCSP
11 | // signer. If PKCS11.Module is non-empty, PKCS11 signing will be used.
12 | // Otherwise signing from a key file will be used.
13 | type Config struct {
14 | CACertFile string
15 | ResponderCertFile string
16 | KeyFile string
17 | Interval time.Duration
18 | PKCS11 pkcs11key.Config
19 | }
20 |
--------------------------------------------------------------------------------
/ocsp/pkcs11/pkcs11.go:
--------------------------------------------------------------------------------
1 | // +build !nopkcs11
2 |
3 | // Package pkcs11 in the ocsp directory provides a way to construct a
4 | // PKCS#11-based OCSP signer.
5 | package pkcs11
6 |
7 | import (
8 | "io/ioutil"
9 | "github.com/cloudflare/cfssl/crypto/pkcs11key"
10 | "github.com/cloudflare/cfssl/errors"
11 | "github.com/cloudflare/cfssl/helpers"
12 | "github.com/cloudflare/cfssl/log"
13 | "github.com/cloudflare/cfssl/ocsp"
14 | ocspConfig "github.com/cloudflare/cfssl/ocsp/config"
15 | )
16 |
17 | // Enabled is set to true if PKCS #11 support is present.
18 | const Enabled = true
19 |
20 | // NewPKCS11Signer returns a new PKCS #11 signer.
21 | func NewPKCS11Signer(cfg ocspConfig.Config) (ocsp.Signer, error) {
22 | log.Debugf("Loading PKCS #11 module %s", cfg.PKCS11.Module)
23 | certData, err := ioutil.ReadFile(cfg.CACertFile)
24 | if err != nil {
25 | return nil, errors.New(errors.CertificateError, errors.ReadFailed)
26 | }
27 |
28 | cert, err := helpers.ParseCertificatePEM(certData)
29 | if err != nil {
30 | return nil, err
31 | }
32 |
33 | PKCS11 := cfg.PKCS11
34 | priv, err := pkcs11key.New(
35 | PKCS11.Module,
36 | PKCS11.TokenLabel,
37 | PKCS11.PIN,
38 | PKCS11.PrivateKeyLabel)
39 | if err != nil {
40 | return nil, errors.New(errors.PrivateKeyError, errors.ReadFailed)
41 | }
42 |
43 | return ocsp.NewSigner(cert, cert, priv, cfg.Interval)
44 | }
45 |
--------------------------------------------------------------------------------
/ocsp/pkcs11/pkcs11_stub.go:
--------------------------------------------------------------------------------
1 | // +build nopkcs11
2 |
3 | package pkcs11
4 |
5 | import (
6 | "github.com/cloudflare/cfssl/errors"
7 | "github.com/cloudflare/cfssl/ocsp"
8 | ocspConfig "github.com/cloudflare/cfssl/ocsp/config"
9 | )
10 |
11 | // Enabled is set to true if PKCS #11 support is present.
12 | const Enabled = false
13 |
14 | // NewPKCS11Signer returns a new PKCS #11 signer.
15 | func NewPKCS11Signer(cfg ocspConfig.Config) (ocsp.Signer, error) {
16 | return nil, errors.New(errors.PrivateKeyError, errors.Unavailable)
17 | }
18 |
--------------------------------------------------------------------------------
/ocsp/responder_test.go:
--------------------------------------------------------------------------------
1 | package ocsp
2 |
3 | import (
4 | "testing"
5 | "net/http"
6 | "net/http/httptest"
7 | "net/url"
8 | goocsp "golang.org/x/crypto/ocsp"
9 | )
10 |
11 | type testSource struct{}
12 |
13 | func (ts testSource) Response(r *goocsp.Request) ([]byte, bool) {
14 | return []byte("hi"), true
15 | }
16 |
17 | type testCase struct {
18 | method, path string
19 | expected int
20 | }
21 |
22 | func TestOCSP(t *testing.T) {
23 | cases := []testCase{
24 | testCase{"OPTIONS", "/", http.StatusMethodNotAllowed},
25 | testCase{"GET", "/", http.StatusBadRequest},
26 | // Bad URL encoding
27 | testCase{"GET", "%ZZFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest},
28 | // Bad URL encoding
29 | testCase{"GET", "%%FQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest},
30 | // Bad base64 encoding
31 | testCase{"GET", "==MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest},
32 | // Bad OCSP DER encoding
33 | testCase{"GET", "AAAMFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusBadRequest},
34 | // Good encoding all around, including a double slash
35 | testCase{"GET", "MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ55F6w46hhx%2Fo6OXOHa%2BYfe32YhgQU%2B3hPEvlgFYMsnxd%2FNBmzLjbqQYkCEwD6Wh0MaVKu9gJ3By9DI%2F%2Fxsd4%3D", http.StatusOK},
36 | }
37 |
38 | for _, tc := range cases {
39 | rw := httptest.NewRecorder()
40 | responder := Responder{testSource{}}
41 |
42 | responder.ServeHTTP(rw, &http.Request{
43 | Method: tc.method,
44 | URL: &url.URL{
45 | Path: tc.path,
46 | },
47 | })
48 | if rw.Code != tc.expected {
49 | t.Errorf("Incorrect response code: got %d, wanted %d", rw.Code, tc.expected)
50 | }
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/ocsp/testdata/ca-key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEpAIBAAKCAQEAvKOCXwP8Y6x1YkjcimQafnP1bRCF/iWY+z4ffuTWA150RRpA
3 | GnhwOen8muU5wxOEm1A2IkWhNfXQ9GYVdOnzXumTx9Go4Gm8/1nRCYG69GZbQAEr
4 | pNGx/l4wReLVj2iizCf/xkcch5ZM/5zplXWZXCQiavmKz6M+1aSYdsGP0mrLu31c
5 | yod2iJmlISt+nuP5yXkgoKxzGrKjP5qrs6XniVXrKMt+5g1Ta5blWUoft2pwM6yp
6 | 8+IAtxh+iYTIJc8dDHbVl9AjVfsfaYeS8SkHcIRyIuD8/3HgLmP/gMLDzuLXvH+W
7 | slOEYqLGMkSo2JPOwLguggDyjt1rI2cEcFkgJwIDAQABAoIBAQCTAZW6+D87ag28
8 | f22nR+XBwBp2WVcivSggO8SNvkXuMDDKHW/xcQR8jZW3HIZMOSyxYOwe/0Zn595k
9 | aB22lA9+Wuc45HIIGT8ZfGREVV5d0lqwYXkio+xjgAF8pQ6rCO89zLouSgK4w2/U
10 | D/OU7yWJwfs0hK4hrGVuVywd+DBd2Fc7UfZ4oEcy89mwUIRVK8+eXrRCav6lGDrz
11 | I+GmW6GL16U8lS8vsUNciYyNYCzgSIIa/yyiZO/Aje93yJRVpmujAK2p6/w/7vmK
12 | OareeixlpNYpiY7Nk6o3w6sKEEVzf+AquDgeH5IkzD1nkYbd+JY7bdg1cgjz3kJg
13 | IhsiIER5AoGBAOkZpicTIsiAMxz43bzMt1IMYu1ezAEw4Vk2sVEbSfFXdbO5J9gW
14 | /Ou+AhwxhsDeO6vgh3mYkG+2s5U+ztk68X1BVIf87kYBQiz175XvxcLmDBFm5S6g
15 | eyTCwsop9J4XlgQQ5HNm80G9oHnF50oujCqpUiC5xj5fEd8vULmua5jTAoGBAM8r
16 | rTTpVBHKArDlzYF5EpyXDkcFT2uAgw9Xpc6xIl/UWQ+XU1qD5Te0fmjpdwo3VZTL
17 | W2e8eg0U9O2skrxBcRLREnh1U2znCMSIGTkwYQ2JDjhz2Jjbh8r/NhvSdydql9wQ
18 | LGyPOIpcURaD+ohOExF82EtEqWgNp4QfQHH70cbdAoGAPBoy7yxN8aishTHd6opW
19 | Uj+DWnTw4PW7hQdHHQSOQj4syRRao6r5t8ccQCy89AnZFO4lwEKIK2XOVBMHvpcm
20 | IQexRgb/YOl+KJ2ZEu3p7eDnB62iNi2G0ums0/eRbRnjwlSgsui+nBrKv9s5UbVC
21 | ytUxqeJ8rSRSNVu70sSYVaUCgYALYUrSbT7A+2fKb9UqF4x+LY4LOK90KEsKvLXO
22 | 9Mv+l5uMz7M0dapRtQh8mtZ/KSr6UXFj8WaC8XPC2of072NWtUVeeJNsmARTR2ab
23 | TZ0HMVAmqbZsLyL2c651OMpyz9gnrnvCOtvQPeH2aqmIc0F45HK9L7hejuF00IKp
24 | wDt1wQKBgQC8sjlF/8e03m3AfLs2ZW/w0Rsggz52TgBdH24BMUmvd5McVZlH8uZq
25 | zwx5ht3ppVjObG28JPEj8c/FtAmsUjURDD7EVdjb5bDxrMtH++8sHrXUuMMBeUxl
26 | DN2IU+xL9MwMh5H0cyJbXnE+LWGpSefCccDnH5qlEjwNXE5/RggOrw==
27 | -----END RSA PRIVATE KEY-----
28 |
--------------------------------------------------------------------------------
/ocsp/testdata/ca.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDvjCCAqigAwIBAgIIWhorb65IXvUwCwYJKoZIhvcNAQELMG0xCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMB4XDTE1MDQxOTE2MTAwMFoXDTIwMDQxNzE2MTAwMFowbTELMAkGA1UEBhMC
6 | VVMxEzARBgNVBAoTCkNsb3VkRmxhcmUxHDAaBgNVBAsTE1N5c3RlbXMgRW5naW5l
7 | ZXJpbmcxFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAgTCkNhbGlmb3Ju
8 | aWEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8o4JfA/xjrHViSNyK
9 | ZBp+c/VtEIX+JZj7Ph9+5NYDXnRFGkAaeHA56fya5TnDE4SbUDYiRaE19dD0ZhV0
10 | 6fNe6ZPH0ajgabz/WdEJgbr0ZltAASuk0bH+XjBF4tWPaKLMJ//GRxyHlkz/nOmV
11 | dZlcJCJq+YrPoz7VpJh2wY/Sasu7fVzKh3aImaUhK36e4/nJeSCgrHMasqM/mquz
12 | peeJVesoy37mDVNrluVZSh+3anAzrKnz4gC3GH6JhMglzx0MdtWX0CNV+x9ph5Lx
13 | KQdwhHIi4Pz/ceAuY/+AwsPO4te8f5ayU4RiosYyRKjYk87AuC6CAPKO3WsjZwRw
14 | WSAnAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEC
15 | MB0GA1UdDgQWBBSrzjPP4Y5PLsqeyp6iddofBjoRmTAfBgNVHSMEGDAWgBSrzjPP
16 | 4Y5PLsqeyp6iddofBjoRmTALBgkqhkiG9w0BAQsDggEBAH7McpSm7+DeIZPQKYpF
17 | kFUlNn3N4MRvek5lxOw6jLE1QmzG3lTB79g6iBiGKsYLPoJqNS6VxMoLrMC+qFhM
18 | 0QM5eIzRpdfYa83IDIYcbUYx7fLG/azX+FMFh/O5yPtS+bqbxGinxofRIyuKGs9r
19 | dks6I5lGncRs0Liysp4mHJAjyj9G2W2onI3Y00BYhiOy4mYvZ5/S31KI4550HZ+p
20 | dnexuC29CsWGkOTXTOS7+e7Zmbh8UjsYcA5YOojew+EjJfETPVO+Pn7WGg/+XrFX
21 | 8UOG3o9k8M0ePQof4R6FTJ+BQxtSkWWdp1HrMQbZ1TXfZx84XkmFdcmy8FjYiHbP
22 | M+M=
23 | -----END CERTIFICATE-----
24 |
--------------------------------------------------------------------------------
/ocsp/testdata/cert.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIID4TCCAsugAwIBAgIIEoDcqfKl/s4wCwYJKoZIhvcNAQELMG0xCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMB4XDTE1MDQxOTE2MTkwMFoXDTE2MDQxODE2MTkwMFowXTELMAkGA1UEBhMC
6 | VVMxEDAOBgNVBAoTB0V4YW1wbGUxDzANBgNVBAsTBlRoaW5nczEWMBQGA1UEBxMN
7 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTCCASIwDQYJKoZIhvcN
8 | AQEBBQADggEPADCCAQoCggEBAK7jUnRUeD5QY9YPjbW6aiGkVWRWAebi4nZl++C+
9 | HEBHSyB0jXX+J93y97PuhgeguCuMM6KZU7C0tPZKjwdxBSqpXeyFpvcj+UWMjZjz
10 | 9FrBAzZ1DIYquqfYuKUtavoFv29IomRqzyZ4FrMJ2qy0RudnWMTqn4P6/7DrWos+
11 | oJMCpl/mdWl+YXMXypgW5JwM7ladx8GkEKQwGMtXrG9pop7qS6LNikN76tLPYWjR
12 | DhrWLBe8gCGjuXkwvxw78CeeJNyWF+P/+x4lVsWphip3jX57SUx/bjaRjsWSfpMz
13 | xHueHtuCrGffgCkFzYH1/Z60FZNxuHYqJeL4V3gcR8IIaZECAwEAAaOBmDCBlTAO
14 | BgNVHQ8BAf8EBAMCAKAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
15 | A1UdEwEB/wQCMAAwHQYDVR0OBBYEFBnFrxc1gkG2CYImTYKL0DAaGxRBMB8GA1Ud
16 | IwQYMBaAFKvOM8/hjk8uyp7KnqJ12h8GOhGZMBYGA1UdEQQPMA2CC2V4YW1wbGUu
17 | Y29tMAsGCSqGSIb3DQEBCwOCAQEAX31Jk7R9gDMw/gepIxxeKx9m+c7eOYDxjJ12
18 | bfXQVKNNPLZsO9M9r2/0BCTFsNTF2jh6ZTeIf7qy+Jw08YqTcO5m8jhiGzCjOYu5
19 | tiGxCUe+cYjXcCRk83+XGkVrQm3fQ0cVtic0yfm/fez3iv915jH0GYO5X8/d7bKa
20 | 0kWJ3uOjur6tenfnisypEsuYYjPRcQdXSG6/qgHEc4r279Z2ltjy1bFFr86hHUbj
21 | DX7XNWH/MXFgqLzfQm5VzmqBj9om+0/tgTWdkgI1DK/Hnvm9A4YZfaxh4fxv7ITo
22 | Ce8FWW13Wj55x64peb8ZiW1jUyoaJQcxQxFpRHIVu26nXApWtg==
23 | -----END CERTIFICATE-----
24 |
--------------------------------------------------------------------------------
/ocsp/testdata/resp64.pem:
--------------------------------------------------------------------------------
1 | MIICGAoBAKCCAhEwggINBgkrBgEFBQcwAQEEggH+MIIB+jCB46ADAgEAoV8wXTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0V4YW1wbGUxDzANBgNVBAsTBlRoaW5nczEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYRcRMTUwNDIzMTkwODAwLTA0MDAwaDBmMDswCQYFKw4DAhoFAAQUKO/Z4m+OZ4ZSKS2J85Kr9UaI2LAEFKvOM8/hjk8uyp7KnqJ12h8GOhGZAgIBdaADAQH/GA8wMDAxMDEwMTAwMDAwMFqgERgPMDAwMTAxMDEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQCBGs+8UNwUdkEBladnajZIV+sHtmao/mMTIvpyPqnmV2Ab9KfNWlSDSDuMtZYKS4VsEwtbZ+4kKWI8DugE6egjP3o64R7VP2aqrh41IORwccLGVsexILBpxg4h602JbhXM0sxgXoh5WAt9f1oy6PsHAt/XAuJGSo7yMNv3nHKNFwjExmZt21sNLYlWlljjtX92rlo/mBTWKO0js4YRNyeNQhchARbn9oL18jW0yAVqB9a8rees+EippbTfoktFf0cIhnmkiknPZSZ+dN2qHkxiXIujWlymZzUZcqRTNtrmmhlOdt35QSg7Vw8eyw2rl8ZU94zaI5DPWn1QYn0dk7l9
--------------------------------------------------------------------------------
/ocsp/testdata/response.pem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/letsencrypt/cfssl/d88cd6e1f39f6127e4d5655cc567370c712a4866/ocsp/testdata/response.pem
--------------------------------------------------------------------------------
/ocsp/testdata/response_broken.pem:
--------------------------------------------------------------------------------
1 | MIICGAoBAKCCAhEwggINBgkrBgEFBQcwAQEEggH+OZ4ZSKS2J85Kr9UaI2LAEFKvOM8/hjk8uyp7KnqJ12h8GOhGZAgIBdaADAQH/GA8wMDAxMDEwMTAwMDAwMFqgERgPMDAwMTAxMDEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQCBGs+8UNwUdkEBladnajZIV+sHtmao/mMTIvpyPqnmV2Ab9KfNWlSDSDuMtZYKS4VsEwtbZ+4kKWI8DugE6egjP3o64R7VP2aqrh41IORwccLGVsexILBpxg4h602JbhXM0sxgXoh5WAt9f1oy6PsHAt/XAuJGSo7yMNv3nHKNFwjExmZt21sNLYlWlljjtX92rlo/mBTWKO0js4YRNyeNQhchARbn9oL18jW0yAVqB9a8rees+EippbTfoktFf0cIhnmkiknPZSZ+dN2qHkxiXIujWlymZzUZcqRTNtrmmhlOdt35QSg7Vw8eyw2rl8ZU94zaI5DPWn1QYn0dk7l9
--------------------------------------------------------------------------------
/ocsp/testdata/response_mix.pem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/letsencrypt/cfssl/d88cd6e1f39f6127e4d5655cc567370c712a4866/ocsp/testdata/response_mix.pem
--------------------------------------------------------------------------------
/ocsp/testdata/server.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICATCCAWoCCQDidF+uNJR6czANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
3 | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
4 | cyBQdHkgTHRkMB4XDTEyMDUwMTIyNTUxN1oXDTEzMDUwMTIyNTUxN1owRTELMAkG
5 | A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
6 | IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpjl
7 | nodhz31kLEJoeLSkRmrv8l7exkGtO0REtIbirj9BBy64ZXVBE7khKGO2cnM8U7yj
8 | w7Ntfh+IvCjZVA3d2XqHS3Pjrt4HmU/cGCONE8+NEXoqdzLUDPOix1qDDRBvXs81
9 | KAV2qh6CYHZbdqixhDerjvJcD4Nsd7kExEZfHuECAwEAATANBgkqhkiG9w0BAQUF
10 | AAOBgQCyOqs7+qpMrYCgL6OamDeCVojLoEp036PsnaYWf2NPmsVXdpYW40Foyyjp
11 | iv5otkxO5rxtGPv7o2J1eMBpCuSkydvoz3Ey/QwGqbBwEXQ4xYCgra336gqW2KQt
12 | +LnDCkE8f5oBhCIisExc2i8PDvsRsY70g/2gs983ImJjVR8sDw==
13 | -----END CERTIFICATE-----
14 |
--------------------------------------------------------------------------------
/ocsp/testdata/server.key:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIICXAIBAAKBgQC2mOWeh2HPfWQsQmh4tKRGau/yXt7GQa07RES0huKuP0EHLrhl
3 | dUETuSEoY7ZyczxTvKPDs21+H4i8KNlUDd3ZeodLc+Ou3geZT9wYI40Tz40Reip3
4 | MtQM86LHWoMNEG9ezzUoBXaqHoJgdlt2qLGEN6uO8lwPg2x3uQTERl8e4QIDAQAB
5 | AoGAVxnsPojZ8X4g8LPk3d9dlXGhb/4tSmk9102jcHH/Y5ssy95Pe6ZJGr1uwbN+
6 | 7m1l05PikpHeoxEryoW51cyfjDVkXUT0zPp2JC38DUA/0A8qWav/aENM64wg1I0P
7 | Dil8FywzZEonRNJst53+9cxFye70ely5br/tWxEp4/MsM1kCQQDqV4Lwn8BXOeKg
8 | xOwNmcL+0XPedvSPBSPUoGJCzu12rH6Z+UHXipXsqRNSyQ+KGlur14y0kCh5uiVA
9 | jmWYVEEjAkEAx3keAo1nFsVW35EPt5LIbh6L6ty7GrvGRvOVeSd6YLtixMety24k
10 | hpt1cEv2xlFnbjbBbMkr9eUiUNpttLT6KwJBANGKaLoSjqEwUFYjX1OV/wdtcGcn
11 | BOzx0qUouFQ2xZ0NBrNVbyt1bzPLx0yKHkwF35ybw+Qc1yRpby/3ZB6+j/MCQFLl
12 | vtcItOL9uBDJVGLSGYHKKBO/D/MYPlqWOHRVN8KjnXRyF4QHjh5y1OeKalAY3Ict
13 | Mk1nfWF/jDdVz2neHGkCQHHBR4Xt1/euDku+14z5aLpphTEQVuRD2vQoeKi/W/CY
14 | OgNmKj1DzucnCS6yRCrF8Q0Pn8l054a3Wdbl1gqI/gA=
15 | -----END RSA PRIVATE KEY-----
16 |
--------------------------------------------------------------------------------
/ocsp/testdata/server_broken.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpjl
3 | nodhz31kLEJoeLSkRmrv8l7exkGtO0REtIbirj9BBy64ZXVBE7khKGO2cnM8U7yj
4 | w7Ntfh+IvCjZVA3d2XqHS3Pjrt4HmU/cGCONE8+NEXoqdzLUDPOix1qDDRBvXs81
5 | KAV2qh6CYHZbdqixhDerjvJcD4Nsd7kExEZfHuECAwEAATANBgkqhkiG9w0BAQUF
6 | AAOBgQCyOqs7+qpMrYCgL6OamDeCVojLoEp036PsnaYWf2NPmsVXdpYW40Foyyjp
7 | iv5otkxO5rxtGPv7o2J1eMBpCuSkydvoz3Ey/QwGqbBwEXQ4xYCgra336gqW2KQt
8 | +LnDCkE8f5oBhCIisExc2i8PDvsRsY70g/2gs983ImJjVR8sDw==
9 | -----END CERTIFICATE-----
10 |
--------------------------------------------------------------------------------
/ocsp/testdata/server_broken.key:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | jmWYVEEjAkEAx3keAo1nFsVW35EPt5LIbh6L6ty7GrvGRvOVeSd6YLtixMety24k
3 | hpt1cEv2xlFnbjbBbMkr9eUiUNpttLT6KwJBANGKaLoSjqEwUFYjX1OV/wdtcGcn
4 | BOzx0qUouFQ2xZ0NBrNVbyt1bzPLx0yKHkwF35ybw+Qc1yRpby/3ZB6+j/MCQFLl
5 | vtcItOL9uBDJVGLSGYHKKBO/D/MYPlqWOHRVN8KjnXRyF4QHjh5y1OeKalAY3Ict
6 | Mk1nfWF/jDdVz2neHGkCQHHBR4Xt1/euDku+14z5aLpphTEQVuRD2vQoeKi/W/CY
7 | OgNmKj1DzucnCS6yRCrF8Q0Pn8l054a3Wdbl1gqI/gA=
8 | -----END RSA PRIVATE KEY-----
9 |
--------------------------------------------------------------------------------
/ocsp/universal/universal.go:
--------------------------------------------------------------------------------
1 | package universal
2 |
3 | import (
4 | "github.com/cloudflare/cfssl/ocsp"
5 | ocspConfig "github.com/cloudflare/cfssl/ocsp/config"
6 | "github.com/cloudflare/cfssl/ocsp/pkcs11"
7 | )
8 |
9 | // NewSignerFromConfig generates a new OCSP signer from a config object.
10 | func NewSignerFromConfig(cfg ocspConfig.Config) (ocsp.Signer, error) {
11 | if cfg.PKCS11.Module != "" {
12 | return pkcs11.NewPKCS11Signer(cfg)
13 | }
14 | return ocsp.NewSignerFromFile(cfg.CACertFile, cfg.ResponderCertFile,
15 | cfg.KeyFile, cfg.Interval)
16 | }
17 |
18 |
--------------------------------------------------------------------------------
/scan/scan_common_test.go:
--------------------------------------------------------------------------------
1 | package scan
2 |
3 | import (
4 | "fmt"
5 | "testing"
6 | )
7 |
8 | var TestingScanner = &Scanner{
9 | Description: "Tests common scan functions",
10 | scan: func(addr, hostname string) (Grade, Output, error) {
11 | switch addr {
12 | case "bad.example.com:443":
13 | return Bad, "bad.com", nil
14 | case "Warning.example.com:443":
15 | return Warning, "Warning.com", nil
16 | case "good.example.com:443":
17 | return Good, "good.com", nil
18 | case "skipped.example.com:443/0":
19 | return Skipped, "skipped", nil
20 | default:
21 | return Grade(-1), "invalid", fmt.Errorf("scan: invalid grade")
22 | }
23 | },
24 | }
25 |
26 | var TestingFamily = &Family{
27 | Description: "Tests the scan_common",
28 | Scanners: map[string]*Scanner{
29 | "TestingScanner": TestingScanner,
30 | },
31 | }
32 |
33 | func TestCommon(t *testing.T) {
34 | if TestingFamily.Scanners["TestingScanner"] != TestingScanner {
35 | t.FailNow()
36 | }
37 |
38 | var grade Grade
39 | var output Output
40 | var err error
41 |
42 | grade, output, err = TestingScanner.Scan("bad.example.com:443", "bad.example.com")
43 | if grade != Bad || output.(string) != "bad.com" || err != nil {
44 | t.FailNow()
45 | }
46 |
47 | grade, output, err = TestingScanner.Scan("Warning.example.com:443", "Warning.example.com")
48 | if grade != Warning || output.(string) != "Warning.com" || err != nil {
49 | t.FailNow()
50 | }
51 |
52 | grade, output, err = TestingScanner.Scan("good.example.com:443", "good.example.com")
53 | if grade != Good || output.(string) != "good.com" || err != nil {
54 | t.FailNow()
55 | }
56 |
57 | grade, output, err = TestingScanner.Scan("skipped.example.com:443/0", "")
58 | if grade != Skipped || output.(string) != "skipped" || err != nil {
59 | t.FailNow()
60 | }
61 |
62 | _, _, err = TestingScanner.Scan("invalid", "invalid")
63 | if err == nil {
64 | t.FailNow()
65 | }
66 | }
67 |
--------------------------------------------------------------------------------
/scan/tls_session.go:
--------------------------------------------------------------------------------
1 | package scan
2 |
3 | import "github.com/cloudflare/cf-tls/tls"
4 |
5 | // TLSSession contains tests of host TLS Session Resumption via
6 | // Session Tickets and Session IDs
7 | var TLSSession = &Family{
8 | Description: "Scans host's implementation of TLS session resumption using session tickets/session IDs",
9 | Scanners: map[string]*Scanner{
10 | "SessionResume": {
11 | "Host is able to resume sessions across all addresses",
12 | sessionResumeScan,
13 | },
14 | },
15 | }
16 |
17 | // SessionResumeScan tests that host is able to resume sessions across all addresses.
18 | func sessionResumeScan(addr, hostname string) (grade Grade, output Output, err error) {
19 | config := defaultTLSConfig(hostname)
20 | config.ClientSessionCache = tls.NewLRUClientSessionCache(1)
21 |
22 | conn, err := tls.DialWithDialer(Dialer, Network, addr, config)
23 | if err != nil {
24 | return
25 | }
26 | if err = conn.Close(); err != nil {
27 | return
28 | }
29 |
30 | return multiscan(addr, func(addrport string) (g Grade, o Output, e error) {
31 | var conn *tls.Conn
32 | if conn, e = tls.DialWithDialer(Dialer, Network, addrport, config); e != nil {
33 | return
34 | }
35 | conn.Close()
36 |
37 | if o = conn.ConnectionState().DidResume; o.(bool) {
38 | g = Good
39 | }
40 | return
41 | })
42 | }
43 |
--------------------------------------------------------------------------------
/script/build:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 |
4 | BUILD_DIR=$(cd "$(dirname $0)"; cd ..; pwd)
5 |
6 | relabel() {
7 | chcon -R -t "${1}" "${BUILD_DIR}"
8 | }
9 |
10 | if [ -z "$1" ]; then
11 | OS_PLATFORM_ARG=(-os="darwin linux windows")
12 | else
13 | OS_PLATFORM_ARG=($1)
14 | fi
15 |
16 | if [ -z "$2" ]; then
17 | OS_ARCH_ARG=(-arch="386 amd64 arm")
18 | else
19 | OS_ARCH_ARG=($2)
20 | fi
21 |
22 | # Build Docker image unless we opt out of it
23 | if [[ -z "$SKIP_BUILD" ]]; then
24 | docker build -t cfssl-build -f Dockerfile.build .
25 | fi
26 |
27 | # Temporarily change SELinux context of build directory
28 | if [[ "$(command getenforce 2>&1)" == "Enforcing" ]]; then
29 | USER_CONTEXT="$(getfattr --only-values -n security.selinux "${BUILD_DIR}" | awk -F':' '{ print $3 }')"
30 | CONTAINER_CONTEXT="svirt_sandbox_file_t"
31 |
32 | trap "relabel '${USER_CONTEXT}'" EXIT
33 | relabel "${CONTAINER_CONTEXT}"
34 | fi
35 |
36 | # Get rid of existing binaries
37 | rm -f *-386
38 | rm -f *-amd64
39 | rm -f dist/*
40 | docker run --rm -v `pwd`:/go/src/github.com/cloudflare/cfssl cfssl-build gox -tags nopkcs11 "${OS_PLATFORM_ARG[@]}" "${OS_ARCH_ARG[@]}" -output="dist/{{.Dir}}_{{.OS}}-{{.Arch}}" -ldflags="-w" ./cmd/...
41 |
--------------------------------------------------------------------------------
/selfsign/selfsign_test.go:
--------------------------------------------------------------------------------
1 | package selfsign
2 |
--------------------------------------------------------------------------------
/signer/local/testdata/ca.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEmzCCA4OgAwIBAgIMAMSvNBgypwaaSQ5iMA0GCSqGSIb3DQEBBQUAMIGMMQsw
3 | CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
4 | YW5jaXNjbzETMBEGA1UEChMKQ0ZTU0wgVEVTVDEbMBkGA1UEAxMSQ0ZTU0wgVEVT
5 | VCBSb290IENBMR4wHAYJKoZIhvcNAQkBFg90ZXN0QHRlc3QubG9jYWwwHhcNMTIx
6 | MjEyMDIxMDMxWhcNMjIxMDIxMDIxMDMxWjCBjDELMAkGA1UEBhMCVVMxEzARBgNV
7 | BAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAoT
8 | CkNGU1NMIFRFU1QxGzAZBgNVBAMTEkNGU1NMIFRFU1QgUm9vdCBDQTEeMBwGCSqG
9 | SIb3DQEJARYPdGVzdEB0ZXN0LmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
10 | MIIBCgKCAQEAsRp1xSfIDoD/40Bo4Hls3sFn4dav5NgxbZGpVyGF7dJI9u0eEnL4
11 | BUGssPaUFLWC83CZxujUEiEfE0oKX+uOhhGv3+j5xSTNM764m2eSiN53cdZtK05d
12 | hwq9uS8LtjKOQeN1mQ5qmiqxBMdjkKgMsVw5lMCgoYKo57kaKFyXzdpNVDzqw+pt
13 | HWmuNtDQjK3qT5Ma06mYPmIGYhIZYLY7oJGg9ZEaNR0GIw4zIT5JRsNiaSb5wTLw
14 | aa0n/4vLJyVjLJcYmJBvZWj8g+taK+C4INu/jGux+bmsC9hq14tbOaTNAn/NE0qN
15 | 8oHwcRBEqfOdEYdZkxI5NWPiKNW/Q+AeXQIDAQABo4H6MIH3MB0GA1UdDgQWBBS3
16 | 0veEuqg51fusEM4p/YuWpBPsvTCBxAYDVR0jBIG8MIG5gBS30veEuqg51fusEM4p
17 | /YuWpBPsvaGBkqSBjzCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju
18 | aWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAoTCkNGU1NMIFRFU1Qx
19 | GzAZBgNVBAMTEkNGU1NMIFRFU1QgUm9vdCBDQTEeMBwGCSqGSIb3DQEJARYPdGVz
20 | dEB0ZXN0LmxvY2FsggwAxK80GDKnBppJDmIwDwYDVR0TBAgwBgEB/wIBADANBgkq
21 | hkiG9w0BAQUFAAOCAQEAJ7r1EZYDwed6rS0+YKHdkRGRQ5Rz6A9DIVBPXrSMAGj3
22 | F5EF2m/GJbhpVbnNJTVlgP9DDyabOZNxzdrCr4cHMkYYnocDdgAodnkw6GZ/GJTc
23 | depbVTR4TpihFNzeDEGJePrEwM1DouGswpu97jyuCYZ3z1a60+a+3C1GwWaJ7Aet
24 | Uqm+yLTUrMISsfnDPqJdM1NeqW3jiZ4IgcqJkieCCSpag9Xuzrp9q6rjmePvlQkv
25 | qz020JGg6VijJ+c6Tf5y0XqbAhkBTqYtVamu9gEth9utn12EhdNjTZMPKMjjgFUd
26 | H0N6yOEuQMl4ky7RxZBM0iPyeob6i4z2LEQilgv9MQ==
27 | -----END CERTIFICATE-----
28 |
--------------------------------------------------------------------------------
/signer/local/testdata/ca_key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCxGnXFJ8gOgP/j
3 | QGjgeWzewWfh1q/k2DFtkalXIYXt0kj27R4ScvgFQayw9pQUtYLzcJnG6NQSIR8T
4 | Sgpf646GEa/f6PnFJM0zvribZ5KI3ndx1m0rTl2HCr25Lwu2Mo5B43WZDmqaKrEE
5 | x2OQqAyxXDmUwKChgqjnuRooXJfN2k1UPOrD6m0daa420NCMrepPkxrTqZg+YgZi
6 | EhlgtjugkaD1kRo1HQYjDjMhPklGw2JpJvnBMvBprSf/i8snJWMslxiYkG9laPyD
7 | 61or4Lgg27+Ma7H5uawL2GrXi1s5pM0Cf80TSo3ygfBxEESp850Rh1mTEjk1Y+Io
8 | 1b9D4B5dAgMBAAECggEAKHhjcSomDSptTwDo9mLI/h40HudwSlsc8GzYxZBjinUD
9 | N2n39T9QbeMUE1xFenX/9qFEgq+xxnLLJx1EQacSapCgIAqdCO/f9HMgvGJumdg8
10 | c0cMq1i9Bp7tu+OESZ5D48qWlOM2eQRIb08g8W11eRIaFmPuUPoKnuktkQuXpPJc
11 | YbS/+JuA8SDwe6sV0cMCQuS+iHFfeGwWCKrDUkhLwcL3waW3od2XFyOeFFWFhl0h
12 | HmM/mWKRuRdqR7hrmArTwFZVkB+o/1ywVYXIv+JQm0eNZ5PKLNJGL2f5oxbMR/JI
13 | AoK0bAlJmYaFp96h1KpbPwLEL/0hHSWA7sAyJIgQAQKBgQDaEAZor/w4ZUTekT1+
14 | cbId0yA+ikDXQOfXaNCSh9Pex+Psjd5zVVOqyVFJ29daRju3d7rmpN4Cm5V4h0l1
15 | /2ad207rjCAnpCHtaddJWNyJzF2IL2IaoCZQRp0k7zOjBGQpoWDTwBaEin5CCv3P
16 | kkdQkKz6FDP1xskHSLZr21/QCQKBgQDP6jXutEgGjf3yKpMFk/69EamJdon8clbt
17 | hl7cOyWtobnZhdOWVZPe00Oo3Jag2aWgFFsm3EtwnUCnR4d4+fXRKS2LkhfIUZcz
18 | cKy17Ileggdd8UGhL4RDrF/En9tJL86WcVkcoOrqLcGB2FLWrVhVpHFK74eLMCH/
19 | uc/+ioPItQKBgHYoDsD08s7AGMQcoNx90MyWVLduhFnegoFW+wUa8jOZzieka6/E
20 | wVQeR5yksZjpy3vLNYu6M83n7eLkM2rrm/fXGHlLcTTpm7SgEBZfPwivotKjEh5p
21 | PrlqucWEk082lutz1RqHz+u7e1Rfzk2F7nx6GDBdeBYpw03eGXJx6QW5AoGBAIJq
22 | 4puyAEAET1fZNtHX7IGCk7sDXTi6LCbgE57HhzHr8V0t4fQ6CABMuvMwM1gATjEk
23 | s6yjoLqqGUUUzDipanViBAy5fiuManC868lN7zkWDTLzQ3ytBqVAee4na/DziP27
24 | ae9YTSLJwskE/alloLRP6zTbHUXE0n7LelmrX1DFAoGBAMFLl+Lu+WFgCHxBjn43
25 | rHpJbQZQmsFhAMhkN4hsj6dJfAGn2gRLRiVRAika+8QF65xMZiVQWUVSUZADWERi
26 | 0SXGjzN1wYxO3Qzy3LYwws6fxFAq5lo79eb38yFT2lHdqK3x/QgiDSRVl+R6cExV
27 | xQB518/lp2eIeMpglWByDwJX
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/signer/local/testdata/ecdsa256-inter.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIBezCCASECAQAwgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMR0wGwYDVQQDExRjbG91ZGZsYXJl
5 | LWludGVyLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLgOKlWwIAIeURde
6 | yvDMhgfn6xPp1gn8oUeLmsniBm7I+j84IsVzUso8/MpjMZ9nB8lQUanhv3Kmqcyj
7 | HNj+iFegMjAwBgkqhkiG9w0BCQ4xIzAhMB8GA1UdEQQYMBaCFGNsb3VkZmxhcmUt
8 | aW50ZXIuY29tMAoGCCqGSM49BAMCA0gAMEUCIEJcy2mn2YyK8lVE+HHmr2OsmdbH
9 | 4CLDVXFBwxke8ObqAiEAx/il1cDKvQ/I36b4XjBnOX2jcQ5oaCNPFFBE74WQ/ps=
10 | -----END CERTIFICATE REQUEST-----
11 |
--------------------------------------------------------------------------------
/signer/local/testdata/ecdsa256-inter.key:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PRIVATE KEY-----
2 | MHcCAQEEILbwI4u4bw+HtafMqFnrL7LOrqNEZH5rW5ygSrigfrVLoAoGCCqGSM49
3 | AwEHoUQDQgAEuA4qVbAgAh5RF17K8MyGB+frE+nWCfyhR4uayeIGbsj6PzgixXNS
4 | yjz8ymMxn2cHyVBRqeG/cqapzKMc2P6IVw==
5 | -----END EC PRIVATE KEY-----
6 |
--------------------------------------------------------------------------------
/signer/local/testdata/ecdsa256.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIBgTCCASgCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBn9Ldie6BOcMHezn2dPuYqW
6 | z/NoLYMLGNBqhOxUyEidYClI0JW2pWyUgT3A2UazFp1WgE94y7Z+2YlfRz+vcrKg
7 | PzA9BgkqhkiG9w0BCQ4xMDAuMCwGA1UdEQQlMCOCDmNsb3VkZmxhcmUuY29tghF3
8 | d3djbG91ZGZsYXJlLmNvbTAKBggqhkjOPQQDAgNHADBEAiBM+QRxe8u6rkdr10Jy
9 | cxbR6NxrGrNeg5QqiOqF96JEmgIgDbtjd5e3y3I8W/+ih2us3WtMxgnTXfqPd48i
10 | VLcv28Q=
11 | -----END CERTIFICATE REQUEST-----
12 |
--------------------------------------------------------------------------------
/signer/local/testdata/ecdsa256_ca.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDUzCCAj2gAwIBAgIIbjeSyheUvjYwCwYJKoZIhvcNAQELMIGMMQswCQYDVQQG
3 | EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
4 | bzETMBEGA1UEChMKQ0ZTU0wgVEVTVDEbMBkGA1UEAxMSQ0ZTU0wgVEVTVCBSb290
5 | IENBMR4wHAYJKoZIhvcNAQkBFg90ZXN0QHRlc3QubG9jYWwwHhcNMTQwNTI0MDQ1
6 | MTQwWhcNMTUwNTI0MDQ1NjQwWjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkNs
7 | b3VkRmxhcmUxHDAaBgNVBAsTE1N5c3RlbXMgRW5naW5lZXJpbmcxFjAUBgNVBAcT
8 | DVNhbiBGcmFuY2lzY28xEzARBgNVBAgTCkNhbGlmb3JuaWExHDAaBgNVBAMTE2Ns
9 | b3VkZmxhcmUtbGVhZi5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASMRv3x
10 | vcv4I5QF7we+23hES2waKDffBRhQMVVAOSIJcpb4JnzcVJiPJjNlMPbczi5vbzkQ
11 | K2kkjOP+okqQia3go4GGMIGDMA4GA1UdDwEB/wQEAwIABDAdBgNVHSUEFjAUBggr
12 | BgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQU
13 | 4t+cr91ma5IxOPeiezgN8W9FBNowHwYDVR0jBBgwFoAUt9L3hLqoOdX7rBDOKf2L
14 | lqQT7L0wCwYJKoZIhvcNAQELA4IBAQAWloyDhrcYFSaZjzb8+UKxnukPUzd7BGaX
15 | BvLktbN7hrX+z+ntA5UgXWo7uNgf2L3VwS0mVnRowwmrGV8Pbw9FX5WSisBQ+JJJ
16 | JC4ABYT2N7N+B488zKZuMZY8NmSR/ples0Suz3oArUn4ZBGxANyOR6haBbYfupDF
17 | LaCtAdQwZzNPfHAo2NsENSOlzGVhV0r1ZqalzkBf70K0KuAoLRbNG3Og17UeMb8K
18 | 5sXa7WvubgZ7/D3lr//F56yJYyfTq8SWcIi4e9AUWY5qK+Sr+7W9/gSY3baaHxY9
19 | T9SO4O1ENFJ8ecWRPdsiBNCpl53qMuYW2lh72N35Iyug6qKFDYg5
20 | -----END CERTIFICATE-----
21 |
--------------------------------------------------------------------------------
/signer/local/testdata/ecdsa256_ca_key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN EC PRIVATE KEY-----
2 | MHcCAQEEIC2qaVydr67HuwWMrPQ3ljCVSsnbV7HbN78KqEX6a0GuoAoGCCqGSM49
3 | AwEHoUQDQgAEjEb98b3L+COUBe8Hvtt4REtsGig33wUYUDFVQDkiCXKW+CZ83FSY
4 | jyYzZTD23M4ub285ECtpJIzj/qJKkImt4A==
5 | -----END EC PRIVATE KEY-----
6 |
--------------------------------------------------------------------------------
/signer/local/testdata/ecdsa384.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIBvzCCAUUCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTB2MBAGByqGSM49AgEGBSuBBAAiA2IABBk/Q+zMsZOJGkufRzGCWtSUtRjq
6 | 0QqChDGWbHLaa0h6ODVeEoKYOMvFJTg4V186tuuBe97KEey0OPDegzCBp5kBIiwg
7 | HB/0xWoKdnfdRk6VyjmubPx399cGoZn8aCqgC6A/MD0GCSqGSIb3DQEJDjEwMC4w
8 | LAYDVR0RBCUwI4IOY2xvdWRmbGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAoG
9 | CCqGSM49BAMDA2gAMGUCMQC57VfwMXDyL5kM7vmO2ynbpgSAuFZT6Yd3C3NnV2jz
10 | Biozw3eqIDXqCb2LI09stZMCMGIwCuVARr2IRctxf7AmX7/O2SIaIhCpMFKRedQ7
11 | RiWGZIucp5r6AfT9381PB29bHA==
12 | -----END CERTIFICATE REQUEST-----
13 |
--------------------------------------------------------------------------------
/signer/local/testdata/ecdsa521.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIICCjCCAWsCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAHt/s9KTZETzu94JIAjZ3BaS
6 | toSG65hGIc1e0Gt7PhdQxPp5FP2D8rQ1wc+pcZhD2O8525kPxopaqTd+fWKBuD3O
7 | AULzoH2OX+atIuumTQzLNbTsIbP0tY3dh7d8LItuERkZn1NfsNl3z6bnNAaR137m
8 | f4aWv49ImbA/Tkv8VmoKX279oD8wPQYJKoZIhvcNAQkOMTAwLjAsBgNVHREEJTAj
9 | gg5jbG91ZGZsYXJlLmNvbYIRd3d3Y2xvdWRmbGFyZS5jb20wCgYIKoZIzj0EAwQD
10 | gYwAMIGIAkIA8OX9LxWOVnyfB25DFBz6JkjhyDpBM/PXlgLnWb/n2mEuMMB44DOG
11 | pljDV768PSW11AC3DtULoIyR92z0TyLEKYoCQgHdGd6PwUtDW5mrAMJQDgebjsxu
12 | MwfcdthzKlFlSmRpHMBnRMOJjlg5f9CTBg9d6wEdv7ZIrQSO6eqQHDQRM0VMnw==
13 | -----END CERTIFICATE REQUEST-----
14 |
--------------------------------------------------------------------------------
/signer/local/testdata/ex.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIBnzCCAQgCAQAwXzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMQ8wDQYDVQQH
3 | DAZJdGhhY2ExHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQxFDASBgNVBAMM
4 | C2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBPmzv1c1e
5 | QAa1yTtJ45oPOCARrhqDYV66urzNX1zHDZzi4lruIfI3q+1McACs4FIGJAkBUC2O
6 | ZCamsR6ym5PaL9+dGfgVvf6w/GoBb65bxuw/IgHnzhfEHsk9nV8WthTEHmT9m9lh
7 | kPMZBVDIVFW6iOCCpAwR6I9XXB30oKTINwIDAQABoAAwDQYJKoZIhvcNAQELBQAD
8 | gYEAndd8OjJ+Jr74jqwuV9cUDqlItsLc84TYn+lly0EPezGQIIYz2KUoDyHQ+PQ9
9 | 7JI3G3FWR8Wpow7HooLJRxHNWOw7u8ekLCP0LjkoHse+Dou5C0jzo99jfrjXNWGt
10 | DZO0Wrpu2eDclqwMJO/DtiovzcmOsGC52NHUW6+Moo9N2lM=
11 | -----END CERTIFICATE REQUEST-----
12 |
--------------------------------------------------------------------------------
/signer/local/testdata/ip.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIBlTCB/wIBADBWMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxDzANBgNVBAcM
3 | Bkl0aGFjYTEQMA4GA1UECgwHQ29ybmVsbDEXMBUGA1UEAwwOMTI4Ljg0LjEyNi4y
4 | MTMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAME+bO/VzV5ABrXJO0njmg84
5 | IBGuGoNhXrq6vM1fXMcNnOLiWu4h8jer7UxwAKzgUgYkCQFQLY5kJqaxHrKbk9ov
6 | 350Z+BW9/rD8agFvrlvG7D8iAefOF8QeyT2dXxa2FMQeZP2b2WGQ8xkFUMhUVbqI
7 | 4IKkDBHoj1dcHfSgpMg3AgMBAAGgADANBgkqhkiG9w0BAQsFAAOBgQBS7FBieNEN
8 | PfXQRhPeiZ86QatshBBrj+TmhdC4GjtJ9lQA2NSRg2HnSHDErxdezZ7tw1ordd5D
9 | hZpJ8XkPggsb7mghwPD7Zzgp0M/ldqbZ9fFEtNcpiEL05vKtap5uSGzNn32NDbQa
10 | g+4QnDavffTQuzfuOoGJ9bG3jQtxo9HZCA==
11 | -----END CERTIFICATE REQUEST-----
12 |
--------------------------------------------------------------------------------
/signer/local/testdata/key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIICXAIBAAKBgQCbp/6OQ/a3mr+8zRgBRlmSGr8QBgP4vUIxLn2Mk4uiZ8OcpRY4
3 | YqL+TtREGDUc0ve+bv8RINrNlYXL2X+eJtbE2RJQ+RAiu+saw2K+RFTNeTCA1fwg
4 | 3ws5gBDcFbECqK1dOkuN/gV4JMHobn2/15iUBfeSJxdF1j5yqES8sVu7cwIDAQAB
5 | AoGBALZOnnBV3aLRlnw04kar9MCQnvLPeNteHyanQtjg/oxqZ8sR9+J2dFzSSv6u
6 | M5bc6Nmb+xY+msZqt9g3l6bN6n+qCvNnLauIY/YPjd577uMTpx/QTOQSK8oc5Dhi
7 | WgdU8GCtUmY+LE8qYx2NFitKCN4hubdrI76c+rnezIPVncZRAkEA9T5+vlfwk/Zl
8 | DOte+JtbXx3RtXKFJPMirOFqNVp1qnIlUm8XtBW6760ugiNYbVbGHgbd8JsZnkPH
9 | NC17TNLVJwJBAKJ7pDlJ2mvVr0cLrFhjAibz45dOipt8B4+dKtDIEuqbtKzJCGuP
10 | SCk4X2SgYz0gC5kH62S7rn6Bsa9lM98dztUCQASdLWNFYkhWXWZV006YFar/c5+X
11 | TPv5+xAHmajxT79qMFuRrX983Sx/NJ3MLnC4LjgIZwqM0HmSyt+nb2dtnAcCQCKi
12 | nIUhuw+Vg0FvuZM1t7W581/DfERckfgJFqFepLmh60eRqtvStR0kSSFYFw9mj1JV
13 | n9XfM/j/iHLM7du3rOkCQAw9R64yjcIBwcoSQxW/dr0Q9j+SnYgt+EhyXYXT30DS
14 | DdOJ06GXtb/P0peFBp26BnQU4CSS75yseZ1TdB4ZqaA=
15 | -----END RSA PRIVATE KEY-----
16 |
--------------------------------------------------------------------------------
/signer/local/testdata/rsa2048-inter.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIDCjCCAfQCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOLFLykOd2j31AQn
6 | kaToYtstGvw5wLb4YnlzipQ6aULlD0H0GHM9IwhdSmcTWUWPb/U83g/ma1uD3Pp2
7 | IdWd6xfjyOJF5XhgkyfRY65wS6vPZRm2MNSFXem+0AKHdhxIhb/QPMASqC/yaiPi
8 | nvtOpBiCNl1Q2N4y9pkV0oD/T4rrn3RXP6iL1k4CNRS54JPCd+aI5Om+axVPU8Id
9 | ZeUXQwXISaFrcC/bFXAHGX5hBMVu34lhCxvR4smweZkVmW++bIv26az8TSb5nVn4
10 | TstLJIaOoOqot0sis04+0oX/GXfTPfkWyzfTVFN7cb9H+gz0FZJKtXQZv6qdntji
11 | 9FdR+pkCAwEAAaBAMD4GCSqGSIb3DQEJDjExMC8wLQYDVR0RBCYwJIIOY2xvdWRm
12 | bGFyZS5jb22CEnd3dy5jbG91ZGZsYXJlLmNvbTALBgkqhkiG9w0BAQsDggEBABfM
13 | 9XTMqMqmfAAymWC4/W+vbh301KBoydcTnDQ/7B+ftHRE0O3FUsdL3wobj3qBieJo
14 | MiQwiL7+GksszHvN9+YOUi70wpFuKghLhadb7p5GzL0+JgK2eQnLYb37/lQSiWwn
15 | hht1YMOzErR/KHlxNUafk71bDEeytUcOvvtujf86nZiEnBpvp47zDjMkDersczM0
16 | wj7S50IY8/vRsc2Q8vy+Q7D2FPEwjs4wCGVSqzwX2NPn3fZb/2pWRCie9kxHUfUP
17 | L5xO4WoFGuirT6E2GnUWDdH661Pj5yEKvmr+qPl+eVoLjrtx0g5rAmA7rGlGrkqp
18 | r4idH/BbJUaDlRHM/Hk=
19 | -----END CERTIFICATE REQUEST-----
20 |
--------------------------------------------------------------------------------
/signer/local/testdata/rsa2048-inter.key:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEpQIBAAKCAQEA4sUvKQ53aPfUBCeRpOhi2y0a/DnAtvhieXOKlDppQuUPQfQY
3 | cz0jCF1KZxNZRY9v9TzeD+ZrW4Pc+nYh1Z3rF+PI4kXleGCTJ9FjrnBLq89lGbYw
4 | 1IVd6b7QAod2HEiFv9A8wBKoL/JqI+Ke+06kGII2XVDY3jL2mRXSgP9PiuufdFc/
5 | qIvWTgI1FLngk8J35ojk6b5rFU9Twh1l5RdDBchJoWtwL9sVcAcZfmEExW7fiWEL
6 | G9HiybB5mRWZb75si/bprPxNJvmdWfhOy0skho6g6qi3SyKzTj7Shf8Zd9M9+RbL
7 | N9NUU3txv0f6DPQVkkq1dBm/qp2e2OL0V1H6mQIDAQABAoIBAQCzT3HcCAlZoeUu
8 | p88dU3efkUnuOQhuZXcQS9E/JfTHpXHsF8Qhky0ZVxMW8BC91Q6VHt0EO5GWWm0o
9 | SrK0Q9t6F25npRcumUaizIoCi9756tMpgouX8CDzTCMUbOJyuNGxe0oeImKFDyzo
10 | VTCazHMqwgOUw/HHuQqOv9ekkrzlva8U+Z5MGZB4B2acHIAJHO9uYGzdeAjF3grm
11 | dQ3QFGXJM0JzPmXfnUiDeOWIoVbo4YROFhf7qNlcnyLdkrYe0/XsSYQM9dRGKRPK
12 | nkOkMv0sC8rOqNuJUn3tf1OOjzVQxlzB8Key6MOQ1c+kqsdCnL88/93CvI5NHazx
13 | hwUmesmBAoGBAPpkDtgeWjxeIjOfuxXDYb04XbVmKquKNOIEk5OADmaacSGzdemh
14 | XLRaNVMEYMcgMJViDDKW8g4k+zuZgzooMxNynlLNU5wfazwX2LLjReJFvZb/SxMM
15 | N9+vQo8fcGz+p5g1tbeE6w86mpsTiAGx9Wa4J4GnY8jF6XUjZHO0X91pAoGBAOfZ
16 | qrDkPMDSiVk62FP6LlPrj09bt1NTkBfv5dWhN/XeHjuus7unDhNiRmphhgF0VZse
17 | XPtT/PUO0YgYlyaYJDDDE0IxgHuoK9wvEb2sqEtkZSw7IUhehheZ/+YfXzSA5fwa
18 | vhXt0ghB0d9oVJuRoxb17MncjpjDAKy0QR5drR2xAoGBAMlNwkVseZ2JDLQ2WgHQ
19 | N/cZpvUc83dAQO3pQgBW9rz0s7mlf0naqh5xW+enYGsW7RhcYHQXuPk4MCelbsRF
20 | 53JeNv1ZCDw/YkZI4bZIVDnrWdZY3zGsJAuY6skIPKnUPkd3/uVRXm267ut4U2MR
21 | gLsZmOF7AxU6UEwVrT/8pwnpAoGAKxbVFlMUx3FZfW/mTJUujwI0fDc7dw0MtqYr
22 | POzdjaBeVhE97h46C3g0Rgkh8ptAXbfi6ALP/GtonbaUQOP9teJLbf3tNw4mOKG2
23 | 1l2EWZ6q/vFuWhjXKwO//3DNLODX3WbK9SBh7I7vBmpJbzA980J5Y3rONa3oLjDB
24 | +XbHecECgYEArOEv2D3fE3Hd6rEbxXinqekxMa+V1OCDO1IPz4wwr9RDMVUMxwqF
25 | f0es1PQ2eMJGrAMbySxPfSZG05ou/tA+zR0qPwc/+dX0BbaXCiNT3gbhvL1L2fBc
26 | 7wr+MIUe2fi54JUWrUNMDHngRhXRKt2rZZRTfqVaFmZX02Y3fMZ2dWg=
27 | -----END RSA PRIVATE KEY-----
28 |
--------------------------------------------------------------------------------
/signer/local/testdata/rsa2048.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIDCTCCAfMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTWdoYxX4KN51fP
6 | WxQAyGH++VsPbfpAoXIbCPXSmU04BvIxyjzpHQ0ChMKkT/2VNcUeFJwk2fCf+ZwU
7 | f0raTQTplofwkckE0gEYA3WcEfJp+hbvbTb/2recsf+JE6JACYJe2Uu5wsjtrE5j
8 | A+7aT2BEU9RWzBdSy/5281ZfW3PArqcWaf8+RUyA3WRxVWmjmhFsVB+mdNLhCpW0
9 | C0QNMYR1ppEZiKVnEdao8gcI5sOvSd+35t8g82aPXcNSPU6jKcx1YNUPX5wgPEmu
10 | +anfc9RliQbYqqJYVODgBmV8IR5grw93yTsODoWKtFQ4PKVlnt9CD8AS/iSMQYm3
11 | OUogqgMCAwEAAaA/MD0GCSqGSIb3DQEJDjEwMC4wLAYDVR0RBCUwI4IOY2xvdWRm
12 | bGFyZS5jb22CEXd3d2Nsb3VkZmxhcmUuY29tMAsGCSqGSIb3DQEBCwOCAQEAl809
13 | gk9uZkRK+MJVYDSLjgGR2xqk5qOwnhovnispA7N3Z1GshodJRQa6ngNCKuXIm2/6
14 | AxB9kDGK14n186Qq4odXqHSHs8FG9i0zUcBXeLv1rPAKtwKTas/SLmsOpPgWPZFa
15 | iYiHHeu4HjOQoF987d7uGRYwc3xfstKwJsEXc12eCw2NH8TM1tJgSc/o6CzIpA91
16 | QnZKhx6uGM4xI2gnOaJA1YikNhyFGBuOGMZgd0k2+/IcR2pg0z4pc5oQw1bXLANx
17 | anqlA/MDrCM9v9019bRJ73zK8LQ3k/FW61PA9nL7RZ8ku65R+uYcVEdLa8pUeqnH
18 | cJZNboDRsItpccZuRQ==
19 | -----END CERTIFICATE REQUEST-----
20 |
--------------------------------------------------------------------------------
/signer/local/testdata/rsa3072.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIECTCCAnMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL0zzgBv+VTwZOPy
6 | LtuLFweQrj5Lfrje2hnNB7Y3TD4+yCM/cA4yTILixCe/B+N7LQysJgVDbW8u6BZQ
7 | 8ZqeDKOP6KCt37WhmcbT45tLpHmH+Z/uAnCz0hVc/7AyJ3CJXo6PaDCcJjgLuUun
8 | W47iy4h79AxyuzELmUeZZGYcO8nqClqcnAzQ6sClGZvJwSbYg2QAFGoA2lHqZ9uN
9 | ygAxNLd+rX9cP+yFwAeKzuKtOnVPiJD5lT3wufSkAbd6M7lOoqmTYnbv0A1WfA/e
10 | upXno9lbgB6iwF5U0V7OtxdA1bTbvgJgNLlxFF1do0sB28CWmqCFNwLfzcPzt5A4
11 | gLnOyLhNZOmUMXn35KOtp1Zv/yethlgZHxUYGcl6OYwMEFye3Du6dgnTwONzaLhA
12 | 7hMI8R60p2YrTLkgSKdFohAY/mKuxHyXxugOHHthlRCOn9m49edcdZ1HrkJXm9jd
13 | P9katjCXgTwSdTQlvaMJkfH7wF3ZMjAxPcDf4RKFEpF2wABeNQIDAQABoD8wPQYJ
14 | KoZIhvcNAQkOMTAwLjAsBgNVHREEJTAjgg5jbG91ZGZsYXJlLmNvbYIRd3d3Y2xv
15 | dWRmbGFyZS5jb20wCwYJKoZIhvcNAQEMA4IBgQBF/RCHNAAOAaRI4VyO0tRPA5Dw
16 | 0/1/pgmBm/VejHIwDJnMFCl9njh0RSo1RgsVLhw6ovYbk3ORb4OD4UczPTq3GrFp
17 | KP9uPR+2pR4FWJpCVfCl76YabQv6fUDdiT7ojzyRhsAmkd5rOdiMvWV3Rp+YmBuU
18 | KH/dwkukfn+OeJIbERS5unzOBtQL+g5dU4CHWAqJQIqHr373w38OlYN+JY9QLrYy
19 | sWU9Ye6RjdySXPJ5UzyfOEfc9Ji89RJsVeceB1+As5u5vBvtzGgIMSFUzN947RZo
20 | DZ48JiB71VpmKXbn9LIRn25dlbVMzxRdSeZ194L3JFVAf9OxJTsc1QNFhOacoFgy
21 | hqvtN2iKntEyPo2nacYhpz/FAdJ2JThNH+4WtpPWAqx8Lw/e1OttiDt+6M0FEuVz
22 | svkSHnK206yo+a9Md37nUDDYxtlJEB+9F2qUZNQ7Hv+dxjmJOIgHOXxy1pLEdpVU
23 | rGdGLVXeJNPCh9x+GK21QjdxZABmYAaF8k36Pv4=
24 | -----END CERTIFICATE REQUEST-----
25 |
--------------------------------------------------------------------------------
/signer/local/testdata/rsa4096.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIFCTCCAvMCAQAwgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJl
3 | MRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2luZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJh
4 | bmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQDEw5jbG91ZGZsYXJl
5 | LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANkKL22jMn3eFCpj
6 | T6lbeq4nC3aEqwTGrLARidAmO29WIhzs6LxRpM6xSMoPI6DvJVUGpMFEKF4xNTc5
7 | X9/gSFrw2eI5Q3U3aGcaToSCxH4hXejwIzX8Ftlb/LfpXhbSsFr5MS3kiTY4zZxM
8 | n3dSy2gZljD/g0tlQf5BdHdR4WKRhWnqRiGng+BmW4rjbcO7SoN33jSXsMcguCg5
9 | 8dmYuf5G5KVXsqwEoCQBeKGnca9orcm4i90VnGt4qZUpfAn1cADzYGpRzX79USJ6
10 | tol4ovgGPN08LJFqcVl+dK8VzJ03JWBhI1jePbWS4Bz5oNtkhQQXilU+G6FQxc6a
11 | UPf6KcFyOB+qMJmEwJZD9yaNK1YbsKfSztQEsb1JEezQnVHxp91Ch3AcWoikuOiY
12 | yCg0V5lcK15SLv1+5sj9YzF7ngMmThcIJ6B5gS3swpD5AX6FJaI1BrGwT/RXKKQP
13 | tRX1BySLx8RcINjFb5wv3q9QIE8vrW1BOk9f4dfmxiFYnc+6bCCbIrg7APQVtKTa
14 | ixNJFSqZz7fm9loeNPHHXfUT5RoW5yzVa8igc+yv4qeYsWHcZ4c/Y91OJp19HMjM
15 | bYm2alt8XagBgJjO0FW8wvsKwhhlhWK0WO6sQ7Fkl7fH1GtxEpc248hAW24SZMmS
16 | led3LblCT8IC3a9BLhqJ2q8cfPp9AgMBAAGgPzA9BgkqhkiG9w0BCQ4xMDAuMCwG
17 | A1UdEQQlMCOCDmNsb3VkZmxhcmUuY29tghF3d3djbG91ZGZsYXJlLmNvbTALBgkq
18 | hkiG9w0BAQ0DggIBAAgz3NuN43+F+8+WhQ9hb7DOp6Amut7XubOkEBtBVgP3R8U1
19 | uSsgocR1rvnZ1/bhkeGyTly0eQPhcSEdMo/GgIrcn+co0KLcDyV6Rf3Cgksx9dUZ
20 | TzHSkxmFkxlxYfIGes6abH+2OPiacwK2gLvvmXFYIxEhv+LKzzteQi0xlinewv7R
21 | FnSykZ4QialsFyCgOjOxa11aEdRv6T8qKwhjUOk0VedtzOkt/k95aydTNLjXl2OV
22 | jloeTsbB00yWIqdyhG12+TgcJOa0pNP1zTjgFPodMuRUuiAcbT7Mt7sLCefKNzvZ
23 | Ln6b4y7e6N3YLOHALTIP+LI4y8ar47WlXCNw/zeOM2sW8udjYrukN6WOV3X68oMf
24 | Zsv6jqyGSaCDwdImR4VECUVvkabg9Sq4pz+ijTT+9cNA66omYL+/QAh0GahlROgW
25 | kDGI8zeEUoAC8RkAbFGMJA8jEbAfbT000ZwnLX2SZ8YRQX4Jd1FTmAH99FkvvT8N
26 | ovaGRSQQI5rWQGQYqF67So7PywEaEXeUHTBrv41Msva6CdaWHn7bh/fj4B21ETS7
27 | VJvrk5DLJTyruqon7EVJU1pn38ppaXF4Z6a9n3C8TqudT/gdJUYn/SBo5jx20uGJ
28 | d9k6vDqixntvk/TRZ848k1AXiv5uUJTdnoPPhzSGjxEaeKuB0R1ZHomVdjU4
29 | -----END CERTIFICATE REQUEST-----
30 |
--------------------------------------------------------------------------------
/signer/local/testdata/san_domain.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIDATCCAekCAQAwQTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQH
3 | DA1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQLDARBQ01FMIIBIjANBgkqhkiG9w0BAQEF
4 | AAOCAQ8AMIIBCgKCAQEAy5owAK9W3y4RBV6T0/z1/Tnwj/jeI8APpLIszT1c1QY8
5 | GssT0SuSF6l2KsIotWrjIHYgxjPU914moacJ90lluJ467QtrBLvcT8HMd6771olL
6 | CYxw6AlDLUcIN7paegaBVrKoxZ2daFBeu4bfRD4AiuaOOXZd7NjAb/EX+KKehWgM
7 | svkrxXSqgOgpo46Dm9bvNxnX6PS2PF11C7Mwz48YAbec2wyajXtQSIwVOSuHNikW
8 | juy9DPMq6lcmgMLFQftZLMUY4qf27JBTstbpLVc9kqWeJYemmBblUVN+54oQD+YQ
9 | GkZrfzAOe+TVGcdu8cTQL+roK9bpxxAKCG//VzEh9QIDAQABoHsweQYJKoZIhvcN
10 | AQkOMWwwajAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DBQBgNVHREESTBHgg5rYi5l
11 | eGFtcGxlLmNvbYIUaGVscGRlc2suZXhhbXBsZS5vcmeCE3N5c3RlbXMuZXhhbXBs
12 | ZS5uZXSHBMCoAQGHBMCoRQ4wDQYJKoZIhvcNAQEFBQADggEBAJ/0z/+f2sqzZIB8
13 | GoOHAEa0xslNW/3igoKM8iO6H3bylHNeB2sBAgfgppGVNItu2QkVnP/eYfZXLD91
14 | Fj44evp9L8PBIM1/pxaEUqMXNTRXgnshyq6tUc1akD7rA6CkF/v0OsyYLhxMvQBP
15 | A9hjw1CDmfX9djSot9GCVjoWFY8Vi+SvkyopWhtJ5+k8MvMMdgptShAguu3OZkSh
16 | 39KG2jAPr5PFuE2BceJafECyvUqt+gNjp7x++oTRivx6W+E4GvZQ2yAy5MSuraUb
17 | ZplmAEZckDkXZOc2bHoDwQubFTwyGW0dgqknTp9abBBdxtt04sVQCpWM3NfBYOlV
18 | SSEZghc=
19 | -----END CERTIFICATE REQUEST-----
20 |
--------------------------------------------------------------------------------
/signer/local/testdata/test.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIC0TCCAbsCAQAwVDELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkNsb3VkRmxhcmUx
3 | DDAKBgNVBAsTA1dXVzEPMA0GA1UEBxMGSXRoYWNhMREwDwYDVQQIEwhOZXcgWW9y
4 | azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANRGyaKqITV+IdyBWQ5y
5 | 2cDjWdDCq2sfv1YVQ720GnsdWgC+v3HcAV1+LxU/7LYbGeHIDsx7XcnbY1fWWvCt
6 | knf/1eW0dGgyDPinrZuZKrldO/48I1mdCcb2MujolwjEj0yzczTeqi3jWMo0NdvX
7 | mVprMkmz9FGwRgMbmXEyfmaG7/qgn/nG/zP0dikrYuR+WNbBPIIDuDIVHPHIln+7
8 | H5SNLmgVr+q5V9Pqt1DdOBf3Zwo0KyLQa4LDxzQzQ62LNWYG+AtPSb6VVt/ZWtsx
9 | vd2WrE875UGM1wgCfU6g0XaQs+8xblOteMRaqpVKqw/frpeoG9W8bdJhtiL2DqqN
10 | wKsCAwEAAaA6MDgGCSqGSIb3DQEJDjErMCkwJwYDVR0RBCAwHoILZXhhbXBsZS5j
11 | b22CD3d3dy5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAB7fimhMshyrk/sk
12 | BQIKtsOHCFFAEyj0A/mfJO7Cx2Ys16s+u+EOv6eyJssePBb+XyM9a253bt6nKL4y
13 | wETMnp98f2svsaVLZC1BzmVRxfraJzgP5J8m2L0eCYTMd920KpEx7iyCqyeoHRCs
14 | 1P8H7z0Azrx2D/dfNw1L+5VUT1Hm8xFFzke7WdwlTxYhIhe2Hds0xqDLoZK765xx
15 | tLOKmrcVE/5ZcSkL/APFXX1U87vAeECMl/KTtGYw8lLjS6mXfN3sPNk8aw2VcV0U
16 | n0ZaV96ppWUQHsBWvkomj7829QLn9yalrqdz0F49ni562d4rIuogCSdUGawpEJfN
17 | 8xnNVaU=
18 | -----END CERTIFICATE REQUEST-----
19 |
--------------------------------------------------------------------------------
/signer/pkcs11/doc.go:
--------------------------------------------------------------------------------
1 | // Package pkcs11 implements support for PKCS #11 signers. If the
2 | // package has not been built with the `pkcs11` tag, the `New`
3 | // function will be a stub.
4 | package pkcs11
5 |
--------------------------------------------------------------------------------
/signer/pkcs11/pkcs11.go:
--------------------------------------------------------------------------------
1 | // +build !nopkcs11
2 |
3 | package pkcs11
4 |
5 | import (
6 | "io/ioutil"
7 |
8 | "github.com/cloudflare/cfssl/config"
9 | "github.com/cloudflare/cfssl/crypto/pkcs11key"
10 | "github.com/cloudflare/cfssl/errors"
11 | "github.com/cloudflare/cfssl/helpers"
12 | "github.com/cloudflare/cfssl/log"
13 | "github.com/cloudflare/cfssl/signer"
14 | "github.com/cloudflare/cfssl/signer/local"
15 | )
16 |
17 | // Enabled is set to true if PKCS #11 support is present.
18 | const Enabled = true
19 |
20 | // New returns a new PKCS #11 signer.
21 | func New(caCertFile string, policy *config.Signing, cfg *pkcs11key.Config) (signer.Signer, error) {
22 | if cfg == nil {
23 | return nil, errors.New(errors.PrivateKeyError, errors.ReadFailed)
24 | }
25 |
26 | log.Debugf("Loading PKCS #11 module %s", cfg.Module)
27 | certData, err := ioutil.ReadFile(caCertFile)
28 | if err != nil {
29 | return nil, errors.New(errors.PrivateKeyError, errors.ReadFailed)
30 | }
31 |
32 | cert, err := helpers.ParseCertificatePEM(certData)
33 | if err != nil {
34 | return nil, err
35 | }
36 |
37 | priv, err := pkcs11key.New(cfg.Module, cfg.TokenLabel, cfg.PIN, cfg.PrivateKeyLabel)
38 | if err != nil {
39 | return nil, errors.New(errors.PrivateKeyError, errors.ReadFailed)
40 | }
41 | sigAlgo := signer.DefaultSigAlgo(priv)
42 |
43 | return local.NewSigner(priv, cert, sigAlgo, policy)
44 | }
45 |
--------------------------------------------------------------------------------
/signer/pkcs11/pkcs11_stub.go:
--------------------------------------------------------------------------------
1 | // +build nopkcs11
2 |
3 | package pkcs11
4 |
5 | import (
6 | "github.com/cloudflare/cfssl/config"
7 | "github.com/cloudflare/cfssl/errors"
8 | "github.com/cloudflare/cfssl/signer"
9 | )
10 |
11 | // Config contains configuration information required to use a PKCS
12 | // #11 key.
13 | type Config struct {
14 | Module string
15 | Token string
16 | PIN string
17 | Label string
18 | }
19 |
20 | // New always returns an error. If PKCS #11 support is needed, the
21 | // program should be built with the `pkcs11` build tag.
22 | func New(caCertFile string, policy *config.Signing, cfg *Config) (signer.Signer, error) {
23 | return nil, errors.New(errors.PrivateKeyError, errors.Unknown)
24 | }
25 |
26 | // Enabled is set to true if PKCS #11 support is present.
27 | const Enabled = false
28 |
--------------------------------------------------------------------------------
/signer/remote/testdata/ca.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEmzCCA4OgAwIBAgIMAMSvNBgypwaaSQ5iMA0GCSqGSIb3DQEBBQUAMIGMMQsw
3 | CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
4 | YW5jaXNjbzETMBEGA1UEChMKQ0ZTU0wgVEVTVDEbMBkGA1UEAxMSQ0ZTU0wgVEVT
5 | VCBSb290IENBMR4wHAYJKoZIhvcNAQkBFg90ZXN0QHRlc3QubG9jYWwwHhcNMTIx
6 | MjEyMDIxMDMxWhcNMjIxMDIxMDIxMDMxWjCBjDELMAkGA1UEBhMCVVMxEzARBgNV
7 | BAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAoT
8 | CkNGU1NMIFRFU1QxGzAZBgNVBAMTEkNGU1NMIFRFU1QgUm9vdCBDQTEeMBwGCSqG
9 | SIb3DQEJARYPdGVzdEB0ZXN0LmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
10 | MIIBCgKCAQEAsRp1xSfIDoD/40Bo4Hls3sFn4dav5NgxbZGpVyGF7dJI9u0eEnL4
11 | BUGssPaUFLWC83CZxujUEiEfE0oKX+uOhhGv3+j5xSTNM764m2eSiN53cdZtK05d
12 | hwq9uS8LtjKOQeN1mQ5qmiqxBMdjkKgMsVw5lMCgoYKo57kaKFyXzdpNVDzqw+pt
13 | HWmuNtDQjK3qT5Ma06mYPmIGYhIZYLY7oJGg9ZEaNR0GIw4zIT5JRsNiaSb5wTLw
14 | aa0n/4vLJyVjLJcYmJBvZWj8g+taK+C4INu/jGux+bmsC9hq14tbOaTNAn/NE0qN
15 | 8oHwcRBEqfOdEYdZkxI5NWPiKNW/Q+AeXQIDAQABo4H6MIH3MB0GA1UdDgQWBBS3
16 | 0veEuqg51fusEM4p/YuWpBPsvTCBxAYDVR0jBIG8MIG5gBS30veEuqg51fusEM4p
17 | /YuWpBPsvaGBkqSBjzCBjDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju
18 | aWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAoTCkNGU1NMIFRFU1Qx
19 | GzAZBgNVBAMTEkNGU1NMIFRFU1QgUm9vdCBDQTEeMBwGCSqGSIb3DQEJARYPdGVz
20 | dEB0ZXN0LmxvY2FsggwAxK80GDKnBppJDmIwDwYDVR0TBAgwBgEB/wIBADANBgkq
21 | hkiG9w0BAQUFAAOCAQEAJ7r1EZYDwed6rS0+YKHdkRGRQ5Rz6A9DIVBPXrSMAGj3
22 | F5EF2m/GJbhpVbnNJTVlgP9DDyabOZNxzdrCr4cHMkYYnocDdgAodnkw6GZ/GJTc
23 | depbVTR4TpihFNzeDEGJePrEwM1DouGswpu97jyuCYZ3z1a60+a+3C1GwWaJ7Aet
24 | Uqm+yLTUrMISsfnDPqJdM1NeqW3jiZ4IgcqJkieCCSpag9Xuzrp9q6rjmePvlQkv
25 | qz020JGg6VijJ+c6Tf5y0XqbAhkBTqYtVamu9gEth9utn12EhdNjTZMPKMjjgFUd
26 | H0N6yOEuQMl4ky7RxZBM0iPyeob6i4z2LEQilgv9MQ==
27 | -----END CERTIFICATE-----
28 |
--------------------------------------------------------------------------------
/signer/remote/testdata/ca_key.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCxGnXFJ8gOgP/j
3 | QGjgeWzewWfh1q/k2DFtkalXIYXt0kj27R4ScvgFQayw9pQUtYLzcJnG6NQSIR8T
4 | Sgpf646GEa/f6PnFJM0zvribZ5KI3ndx1m0rTl2HCr25Lwu2Mo5B43WZDmqaKrEE
5 | x2OQqAyxXDmUwKChgqjnuRooXJfN2k1UPOrD6m0daa420NCMrepPkxrTqZg+YgZi
6 | EhlgtjugkaD1kRo1HQYjDjMhPklGw2JpJvnBMvBprSf/i8snJWMslxiYkG9laPyD
7 | 61or4Lgg27+Ma7H5uawL2GrXi1s5pM0Cf80TSo3ygfBxEESp850Rh1mTEjk1Y+Io
8 | 1b9D4B5dAgMBAAECggEAKHhjcSomDSptTwDo9mLI/h40HudwSlsc8GzYxZBjinUD
9 | N2n39T9QbeMUE1xFenX/9qFEgq+xxnLLJx1EQacSapCgIAqdCO/f9HMgvGJumdg8
10 | c0cMq1i9Bp7tu+OESZ5D48qWlOM2eQRIb08g8W11eRIaFmPuUPoKnuktkQuXpPJc
11 | YbS/+JuA8SDwe6sV0cMCQuS+iHFfeGwWCKrDUkhLwcL3waW3od2XFyOeFFWFhl0h
12 | HmM/mWKRuRdqR7hrmArTwFZVkB+o/1ywVYXIv+JQm0eNZ5PKLNJGL2f5oxbMR/JI
13 | AoK0bAlJmYaFp96h1KpbPwLEL/0hHSWA7sAyJIgQAQKBgQDaEAZor/w4ZUTekT1+
14 | cbId0yA+ikDXQOfXaNCSh9Pex+Psjd5zVVOqyVFJ29daRju3d7rmpN4Cm5V4h0l1
15 | /2ad207rjCAnpCHtaddJWNyJzF2IL2IaoCZQRp0k7zOjBGQpoWDTwBaEin5CCv3P
16 | kkdQkKz6FDP1xskHSLZr21/QCQKBgQDP6jXutEgGjf3yKpMFk/69EamJdon8clbt
17 | hl7cOyWtobnZhdOWVZPe00Oo3Jag2aWgFFsm3EtwnUCnR4d4+fXRKS2LkhfIUZcz
18 | cKy17Ileggdd8UGhL4RDrF/En9tJL86WcVkcoOrqLcGB2FLWrVhVpHFK74eLMCH/
19 | uc/+ioPItQKBgHYoDsD08s7AGMQcoNx90MyWVLduhFnegoFW+wUa8jOZzieka6/E
20 | wVQeR5yksZjpy3vLNYu6M83n7eLkM2rrm/fXGHlLcTTpm7SgEBZfPwivotKjEh5p
21 | PrlqucWEk082lutz1RqHz+u7e1Rfzk2F7nx6GDBdeBYpw03eGXJx6QW5AoGBAIJq
22 | 4puyAEAET1fZNtHX7IGCk7sDXTi6LCbgE57HhzHr8V0t4fQ6CABMuvMwM1gATjEk
23 | s6yjoLqqGUUUzDipanViBAy5fiuManC868lN7zkWDTLzQ3ytBqVAee4na/DziP27
24 | ae9YTSLJwskE/alloLRP6zTbHUXE0n7LelmrX1DFAoGBAMFLl+Lu+WFgCHxBjn43
25 | rHpJbQZQmsFhAMhkN4hsj6dJfAGn2gRLRiVRAika+8QF65xMZiVQWUVSUZADWERi
26 | 0SXGjzN1wYxO3Qzy3LYwws6fxFAq5lo79eb38yFT2lHdqK3x/QgiDSRVl+R6cExV
27 | xQB518/lp2eIeMpglWByDwJX
28 | -----END PRIVATE KEY-----
29 |
--------------------------------------------------------------------------------
/signer/universal/universal_test.go:
--------------------------------------------------------------------------------
1 | package universal
2 |
3 | import (
4 | "testing"
5 | "time"
6 |
7 | "github.com/cloudflare/cfssl/config"
8 | )
9 |
10 | var expiry = 1 * time.Minute
11 | var validLocalConfig = &config.Config{
12 | Signing: &config.Signing{
13 | Profiles: map[string]*config.SigningProfile{
14 | "valid": {
15 | Usage: []string{"digital signature"},
16 | Expiry: expiry,
17 | },
18 | },
19 | Default: &config.SigningProfile{
20 | Usage: []string{"digital signature"},
21 | Expiry: expiry,
22 | },
23 | },
24 | }
25 |
26 | func TestNewSigner(t *testing.T) {
27 | h := map[string]string{
28 | "key-file": "../local/testdata/ca_key.pem",
29 | "cert-file": "../local/testdata/ca.pem",
30 | }
31 |
32 | r := &Root{
33 | Config: h,
34 | ForceRemote: false,
35 | }
36 |
37 | _, err := NewSigner(*r, validLocalConfig.Signing)
38 | if err != nil {
39 | t.Fatal(err)
40 | }
41 |
42 | }
43 |
--------------------------------------------------------------------------------
/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -o errexit
3 | cd $(dirname $0)
4 | ls $GOPATH/src/github.com/cloudflare/cfssl
5 |
6 | go vet ./...
7 | if ! which fgt > /dev/null ; then
8 | echo "Please install fgt from https://github.com/GeertJohan/fgt."
9 | exit 1
10 | fi
11 | if ! which golint > /dev/null ; then
12 | echo "Please install golint from github.com/golang/lint/golint."
13 | exit 1
14 | fi
15 | fgt golint ./...
16 | go test ./...
17 | go list -f '{{if len .TestGoFiles}}"go test -coverprofile={{.Dir}}/.coverprofile {{.ImportPath}}"{{end}}' ./... | xargs -i sh -c {}
18 | gover . coverprofile.txt
19 |
--------------------------------------------------------------------------------
/testdata/csr.json:
--------------------------------------------------------------------------------
1 | {
2 | "hosts": [
3 | "cloudflare.com",
4 | "www.cloudflare.com"
5 | ],
6 | "key": {
7 | "algo": "rsa",
8 | "size": 2048
9 | },
10 | "names": [
11 | {
12 | "C": "US",
13 | "L": "San Francisco",
14 | "O": "CloudFlare",
15 | "OU": "Systems Engineering",
16 | "ST": "California"
17 | }
18 | ]
19 | }
20 |
--------------------------------------------------------------------------------
/testdata/garbage.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICATCCAWoCCQDidF+uNJR6czANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
3 | cyBQdHkgTHRkMB4XDTEyMDUwMTIyNTUxN1oXDTEzMDUwMTIyNTUxN1owRTELMAkG
4 | A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
5 | nodhz31kLEJoeLSkRmrv8l7exkGtO0REtIbirj9BBy64ZXVBE7khKGO2cnM8U7yj
6 | w7Ntfh+IvCjZVA3d2XqHS3Pjrt4HmU/cGCONE8+NEXoqdzLUDPOix1qDDRBvXs81
7 | IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpjl
8 | KAV2qh6CYHZbdqixhDerjvJcD4Nsd7kExEZfHuECAwEAATANBgkqhkiG9w0BAQUF
9 | AAOBgQCyOqs7+qpMrYCgL6OamDeCVojLoEp036PsnaYWf2NPmsVXdpYW40Foyyjp
10 | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
11 | iv5otkxO5rxtGPv7o2J1eMBpCuSkydvoz3Ey/QwGqbBwEXQ4xYCgra336gqW2KQt
12 | +LnDCkE8f5oBhCIisExc2i8PDvsRsY70g/2gs983ImJjVR8sDw==
13 | -----END CERTIFICATE-----
14 |
--------------------------------------------------------------------------------
/testdata/garbage.key:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | BOzx0qUouFQ2xZ0NBrNVbyt1bzPLx0yKHkwF35ybw+Qc1yRpby/3ZB6+j/MCQFLl
3 | Dil8FywzZEonRNJst53+9cxFye70ely5br/tWxEp4/MsM1kCQQDqV4Lwn8BXOeKg
4 | dUETuSEoY7ZyczxTvKPDs21+H4i8KNlUDd3ZeodLc+Ou3geZT9wYI40Tz40Reip3
5 | MtQM86LHWoMNEG9ezzUoBXaqHoJgdlt2qLGEN6uO8lwPg2x3uQTERl8e4QIDAQAB
6 | AoGAVxnsPojZ8X4g8LPk3d9dlXGhb/4tSmk9102jcHH/Y5ssy95Pe6ZJGr1uwbN+
7 | 7m1l05PikpHeoxEryoW51cyfjDVkXUT0zPp2JC38DUA/0A8qWav/aENM64wg1I0P
8 | xOwNmcL+0XPedvSPBSPUoGJCzu12rH6Z+UHXipXsqRNSyQ+KGlur14y0kCh5uiVA
9 | jmWYVEEjAkEAx3keAo1nFsVW35EPt5LIbh6L6ty7GrvGRvOVeSd6YLtixMety24k
10 | hpt1cEv2xlFnbjbBbMkr9eUiUNpttLT6KwJBANGKaLoSjqEwUFYjX1OV/wdtcGcn
11 | vtcItOL9uBDJVGLSGYHKKBO/D/MYPlqWOHRVN8KjnXRyF4QHjh5y1OeKalAY3Ict
12 | MIICXAIBAAKBgQC2mOWeh2HPfWQsQmh4tKRGau/yXt7GQa07RES0huKuP0EHLrhl
13 | Mk1nfWF/jDdVz2neHGkCQHHBR4Xt1/euDku+14z5aLpphTEQVuRD2vQoeKi/W/CY
14 | OgNmKj1DzucnCS6yRCrF8Q0Pn8l054a3Wdbl1gqI/gA=
15 | -----END RSA PRIVATE KEY-----
16 |
--------------------------------------------------------------------------------
/testdata/good_config.json:
--------------------------------------------------------------------------------
1 | {
2 | "signing": {
3 | "default": {
4 | "expiry": "168h"
5 | },
6 | "profiles": {
7 | "www": {
8 | "usages": [
9 | "signing",
10 | "key encipherment",
11 | "server auth"
12 | ],
13 | "name_whitelist": "^.*\\.cloudflare.com$"
14 | }
15 | }
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/testdata/server.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICATCCAWoCCQDidF+uNJR6czANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJB
3 | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
4 | cyBQdHkgTHRkMB4XDTEyMDUwMTIyNTUxN1oXDTEzMDUwMTIyNTUxN1owRTELMAkG
5 | A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
6 | IFdpZGdpdHMgUHR5IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtpjl
7 | nodhz31kLEJoeLSkRmrv8l7exkGtO0REtIbirj9BBy64ZXVBE7khKGO2cnM8U7yj
8 | w7Ntfh+IvCjZVA3d2XqHS3Pjrt4HmU/cGCONE8+NEXoqdzLUDPOix1qDDRBvXs81
9 | KAV2qh6CYHZbdqixhDerjvJcD4Nsd7kExEZfHuECAwEAATANBgkqhkiG9w0BAQUF
10 | AAOBgQCyOqs7+qpMrYCgL6OamDeCVojLoEp036PsnaYWf2NPmsVXdpYW40Foyyjp
11 | iv5otkxO5rxtGPv7o2J1eMBpCuSkydvoz3Ey/QwGqbBwEXQ4xYCgra336gqW2KQt
12 | +LnDCkE8f5oBhCIisExc2i8PDvsRsY70g/2gs983ImJjVR8sDw==
13 | -----END CERTIFICATE-----
14 |
--------------------------------------------------------------------------------
/testdata/server.csr:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE REQUEST-----
2 | MIIBhDCB7gIBADBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEh
3 | MB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEB
4 | AQUAA4GNADCBiQKBgQC2mOWeh2HPfWQsQmh4tKRGau/yXt7GQa07RES0huKuP0EH
5 | LrhldUETuSEoY7ZyczxTvKPDs21+H4i8KNlUDd3ZeodLc+Ou3geZT9wYI40Tz40R
6 | eip3MtQM86LHWoMNEG9ezzUoBXaqHoJgdlt2qLGEN6uO8lwPg2x3uQTERl8e4QID
7 | AQABoAAwDQYJKoZIhvcNAQEFBQADgYEALOuXHteRZ7f+vH5mv2Odz8KHgFm+YfdD
8 | YSRDiFGnMXZ4/Z5440Jl+lsytH9XRdU+CAvMwXISCLx6NI8JfNpSMvltDNRmBGfM
9 | HjTdVKPDb9xns7by8sgwuSNnOONuefbZNXPGbjDfKzEa2UdHJT+YaLOVzCDPlPBr
10 | BUo2gGkLUAs=
11 | -----END CERTIFICATE REQUEST-----
12 |
--------------------------------------------------------------------------------
/testdata/server.key:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIICXAIBAAKBgQC2mOWeh2HPfWQsQmh4tKRGau/yXt7GQa07RES0huKuP0EHLrhl
3 | dUETuSEoY7ZyczxTvKPDs21+H4i8KNlUDd3ZeodLc+Ou3geZT9wYI40Tz40Reip3
4 | MtQM86LHWoMNEG9ezzUoBXaqHoJgdlt2qLGEN6uO8lwPg2x3uQTERl8e4QIDAQAB
5 | AoGAVxnsPojZ8X4g8LPk3d9dlXGhb/4tSmk9102jcHH/Y5ssy95Pe6ZJGr1uwbN+
6 | 7m1l05PikpHeoxEryoW51cyfjDVkXUT0zPp2JC38DUA/0A8qWav/aENM64wg1I0P
7 | Dil8FywzZEonRNJst53+9cxFye70ely5br/tWxEp4/MsM1kCQQDqV4Lwn8BXOeKg
8 | xOwNmcL+0XPedvSPBSPUoGJCzu12rH6Z+UHXipXsqRNSyQ+KGlur14y0kCh5uiVA
9 | jmWYVEEjAkEAx3keAo1nFsVW35EPt5LIbh6L6ty7GrvGRvOVeSd6YLtixMety24k
10 | hpt1cEv2xlFnbjbBbMkr9eUiUNpttLT6KwJBANGKaLoSjqEwUFYjX1OV/wdtcGcn
11 | BOzx0qUouFQ2xZ0NBrNVbyt1bzPLx0yKHkwF35ybw+Qc1yRpby/3ZB6+j/MCQFLl
12 | vtcItOL9uBDJVGLSGYHKKBO/D/MYPlqWOHRVN8KjnXRyF4QHjh5y1OeKalAY3Ict
13 | Mk1nfWF/jDdVz2neHGkCQHHBR4Xt1/euDku+14z5aLpphTEQVuRD2vQoeKi/W/CY
14 | OgNmKj1DzucnCS6yRCrF8Q0Pn8l054a3Wdbl1gqI/gA=
15 | -----END RSA PRIVATE KEY-----
16 |
--------------------------------------------------------------------------------
/testdata/ssl-verifier.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | KEY=$1
4 | CRT=$2
5 | IMM=$3
6 |
7 | if [ "`cat $KEY | grep ENCRYPTED`" ]; then
8 | echo >&2 "Key is password-protected"
9 | exit 1
10 | fi
11 |
12 | KEYMOD=`openssl rsa -noout -modulus -in $KEY`
13 | CRTMOD=`openssl x509 -noout -modulus -in $CRT`
14 |
15 | if [ "$KEYMOD" != "$CRTMOD" ]; then
16 | echo >&2 "Key doesn't match the certificate"
17 | exit 1
18 | fi
19 |
20 | if [ -n "$IMM" ]; then
21 | cat $CRT $IMM > bundle.crt
22 |
23 | if [ "`openssl verify bundle.crt`" == "$CRT: OK" ]; then
24 | echo "Done (bundle ok)"
25 | exit 0
26 | fi
27 | fi
28 |
29 | while true; do
30 |
31 | if [ "`openssl verify $CRT`" == "$CRT: OK" ]; then
32 | echo "Done"
33 | exit 0
34 | fi
35 |
36 | NEXT=`openssl x509 -noout -issuer_hash -in $CRT`
37 |
38 | if [ ! -f $NEXT ]; then
39 | echo >&2 "Could not generate trusted bundle"
40 | exit 1
41 | fi
42 |
43 | cat $CRT $NEXT > tmp.crt
44 | mv tmp.crt bundle.crt
45 | CRT="bundle.crt"
46 |
47 | done
48 |
--------------------------------------------------------------------------------
/testdata/temp.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDADCCAeqgAwIBAgIICYNCnX0enRAwCwYJKoZIhvcNAQELMIGMMQswCQYDVQQG
3 | EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
4 | bzETMBEGA1UEChMKQ0ZTU0wgVEVTVDEbMBkGA1UEAxMSQ0ZTU0wgVEVTVCBSb290
5 | IENBMR4wHAYJKoZIhvcNAQkBFg90ZXN0QHRlc3QubG9jYWwwHhcNMTQwNDI5MjIy
6 | MjQyWhcNMTkwNDI5MjIyNzQyWjAAMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
7 | gQC2mOWeh2HPfWQsQmh4tKRGau/yXt7GQa07RES0huKuP0EHLrhldUETuSEoY7Zy
8 | czxTvKPDs21+H4i8KNlUDd3ZeodLc+Ou3geZT9wYI40Tz40Reip3MtQM86LHWoMN
9 | EG9ezzUoBXaqHoJgdlt2qLGEN6uO8lwPg2x3uQTERl8e4QIDAQABo3kwdzAOBgNV
10 | HQ8BAf8EBAMCAKAwDwYDVR0TAQH/BAUwAwIBADAdBgNVHQ4EFgQUv8IODn80eHdL
11 | LQRdN5bJmn8wjNcwHwYDVR0jBBgwFoAUt9L3hLqoOdX7rBDOKf2LlqQT7L0wFAYD
12 | VR0RBA0wC4IJbG9jYWxob3N0MAsGCSqGSIb3DQEBCwOCAQEAnuCKD+UzlDjFKFIm
13 | eMmXi77DDjOx3YmL8idPuglMwL75ZYCTwhctN3yC+xWS8TpurIMfyXtyINSRv6lW
14 | oBt8hj6NhXRyo/tC5CMRPoasB5FyhcLivD1117zYdDoouGxIOlEPw/nVQGgNQKvS
15 | ebXGkgDwMNm+qkQ69V38NzNeS36BzwvX9ElUmAS9PH78CRM3RteUMfi6JtWQjDWq
16 | U6pATxkKJ4mQA2D0SFoNe64DilbAZyKhHd07K9rZoM1bZ7ND6F8Qiow7/qQz3BW2
17 | kOfSlY9zanzbOrF35H0dDCd9i0VQBkwZbWC06ZH2bgdHOCh8zn3WC2AOy9SaIuC8
18 | L4mJZQ==
19 | -----END CERTIFICATE-----
20 |
--------------------------------------------------------------------------------
/testdata/test.py:
--------------------------------------------------------------------------------
1 | import sys
2 | from m2ext import SSL
3 | from M2Crypto import X509
4 |
5 | print "Validating certificate %s using CApath %s" % (sys.argv[1], sys.argv[2])
6 | cert = X509.load_cert(sys.argv[1])
7 | ctx = SSL.Context()
8 | ctx.load_verify_locations(capath=sys.argv[2])
9 | if ctx.validate_certificate(cert):
10 | print "valid"
11 | else:
12 | print "invalid"
13 |
--------------------------------------------------------------------------------
/ubiquity/filter.go:
--------------------------------------------------------------------------------
1 | // Package ubiquity contains the ubiquity scoring logic for CFSSL bundling.
2 | package ubiquity
3 |
4 | // Ubiquity is addressed as selecting the chains that are most likely being accepted for different client systems.
5 | // To select, we decide to do multi-round filtering from different ranking perpectives.
6 | import (
7 | "crypto/x509"
8 | )
9 |
10 | // RankingFunc returns the relative rank between chain1 and chain2.
11 | // Return value:
12 | // positive integer if rank(chain1) > rank(chain2),
13 | // negative integer if rank(chain1) < rank(chain2),
14 | // 0 if rank(chain1) == (chain2).
15 | type RankingFunc func(chain1, chain2 []*x509.Certificate) int
16 |
17 | // Filter filters out the chains with highest rank according to the ranking function f.
18 | func Filter(chains [][]*x509.Certificate, f RankingFunc) [][]*x509.Certificate {
19 | // If there are no chain or only 1 chain, we are done.
20 | if len(chains) <= 1 {
21 | return chains
22 | }
23 |
24 | bestChain := chains[0]
25 | var candidateChains [][]*x509.Certificate
26 | for _, chain := range chains {
27 | r := f(bestChain, chain)
28 | if r < 0 {
29 | bestChain = chain
30 | candidateChains = [][]*x509.Certificate{chain}
31 | } else if r == 0 {
32 | candidateChains = append(candidateChains, chain)
33 | }
34 | }
35 | return candidateChains
36 | }
37 |
--------------------------------------------------------------------------------
/ubiquity/testdata/ca.pem.metadata:
--------------------------------------------------------------------------------
1 | [
2 | {
3 | "name":"Browser Everywhere",
4 | "weight": 0,
5 | "hash_algo": "SHA2",
6 | "key_algo": "ECDSA256"
7 | },
8 | {
9 | "name":"Pineapple",
10 | "weight": 1,
11 | "hash_algo": "SHA2",
12 | "key_algo": "ECDSA521",
13 | "keystore": "pineapple.pem"
14 | }
15 | ]
16 |
--------------------------------------------------------------------------------
/ubiquity/testdata/ecdsa256sha2.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICsDCCAjegAwIBAgIIDmHBNS+T0F8wCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIxG/fG9
10 | y/gjlAXvB77beERLbBooN98FGFAxVUA5IglylvgmfNxUmI8mM2Uw9tzOLm9vORAr
11 | aSSM4/6iSpCJreCjgYEwfzAOBgNVHQ8BAf8EBAMCAKQwEgYDVR0TAQH/BAgwBgEB
12 | /wIBATAdBgNVHQ4EFgQU4t+cr91ma5IxOPeiezgN8W9FBNowHwYDVR0jBBgwFoAU
13 | QfmKIlIyJt+P8AcB3SRhOFrn7PwwGQYDVR0RBBIwEIIOY2Zzc2wtbGVhZi5jb20w
14 | CgYIKoZIzj0EAwMDZwAwZAIwYQWcWr79DPrIBnphpHZPuxnGust6NtD0aSffB1cF
15 | NlYtggjJZDbLijAgD0Bwi3THAjA639xrNxVgc/LkJcHfSRhs8Jhv9cxQxIVf3g8w
16 | 6tBymEgJ6L8aIPGgXNRJGs7FmPs=
17 | -----END CERTIFICATE-----
18 |
--------------------------------------------------------------------------------
/ubiquity/testdata/ecdsa384sha2.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICzzCCAlSgAwIBAgIIbOxERQylZJMwCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTB2MBAGByqGSM49AgEGBSuBBAAiA2IABNYivDDh3Iik
10 | kb+3/Oocity4JQXmxLP2njZThYNtR4y7Bxixp05KLoq8gtazyccDklueu4OWFnpm
11 | kjyqPQ+0MIf/BJKoA4Q4iNiCN/ZfF690LR/pZPrMRZuWSGVb2890L6OBgTB/MA4G
12 | A1UdDwEB/wQEAwIApDASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBTiTQoJ
13 | uFODtNnEnbYaxy+He8lO+DAfBgNVHSMEGDAWgBRB+YoiUjIm34/wBwHdJGE4Wufs
14 | /DAZBgNVHREEEjAQgg5jZnNzbC1sZWFmLmNvbTAKBggqhkjOPQQDAwNpADBmAjEA
15 | q/sUd8AQAornMMiLZ5spBu+g6x6qx66wNPw9WE5a+T0hndHJsAqads5ndW7/5fuo
16 | AjEAiQ9wR1ugYaY56mj9UfjCZbwvo19unlB+CTLr48fh/RhvX6xjnpWXxJeXzU3G
17 | GhTH
18 | -----END CERTIFICATE-----
19 |
--------------------------------------------------------------------------------
/ubiquity/testdata/ecdsa521sha2.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIC9TCCAnqgAwIBAgIIUbwCGeeEj4AwCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEASndSqqg
10 | ml7pRXvL1hHdrxKAymhGi1Io2p4D0kqL7cvITqnnDdawQ2/JyHUNBzhOrue8fiCN
11 | E+o7vnbV5exuasBjAQrcXVF17EUknncNoq5Sdg6qIjmlwcqNMOqSvYIAGHdwTXUe
12 | Da88d/je+kynzaiMoXM21IkFKedXtpv36D7OK96oo4GBMH8wDgYDVR0PAQH/BAQD
13 | AgCkMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFDYrMNrJaqxCJjszycul
14 | XPsseU/yMB8GA1UdIwQYMBaAFEH5iiJSMibfj/AHAd0kYTha5+z8MBkGA1UdEQQS
15 | MBCCDmNmc3NsLWxlYWYuY29tMAoGCCqGSM49BAMDA2kAMGYCMQCKWeIUGeuvt9kb
16 | 5DtYw3++X5m7Nxf8CE67BuyoLV/3OpmTpo0Qp2LnapyXP63hAY8CMQCm1P3S/6+S
17 | U6oMFvMrpAcIFm6B1TtuTnSRGx89eZqoCdEJHVZuBWRyFABBnkKSf0Q=
18 | -----END CERTIFICATE-----
19 |
--------------------------------------------------------------------------------
/ubiquity/testdata/pineapple.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICyDCCAjGgAwIBAgIJAPCgd7rafQZGMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
3 | BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
4 | c2NvMRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQLDAtERVZfVEVTVElORzEW
5 | MBQGA1UEAwwNQ0ZTU0xfVEVTVF9DQTAeFw0xNDA0MTExNjQyMjBaFw0yNDA0MDgx
6 | NjQyMjBaMH0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYD
7 | VQQHDA1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQL
8 | DAtERVZfVEVTVElORzEWMBQGA1UEAwwNQ0ZTU0xfVEVTVF9DQTCBnzANBgkqhkiG
9 | 9w0BAQEFAAOBjQAwgYkCgYEAm6f+jkP2t5q/vM0YAUZZkhq/EAYD+L1CMS59jJOL
10 | omfDnKUWOGKi/k7URBg1HNL3vm7/ESDazZWFy9l/nibWxNkSUPkQIrvrGsNivkRU
11 | zXkwgNX8IN8LOYAQ3BWxAqitXTpLjf4FeCTB6G59v9eYlAX3kicXRdY+cqhEvLFb
12 | u3MCAwEAAaNQME4wHQYDVR0OBBYEFLhe765nULfW8wflar5Vs2c6DZI+MB8GA1Ud
13 | IwQYMBaAFLhe765nULfW8wflar5Vs2c6DZI+MAwGA1UdEwQFMAMBAf8wDQYJKoZI
14 | hvcNAQEFBQADgYEABYqqOUq3ZrtMYaTAoeA7Cr/OBMjBV+/TiOe8fRNoPZ7+aKSg
15 | E1baohCGqougm+/XOtBXeLv5tVQihz/2iKdwHmX4HjkxzevAXyazjxeW4IDA21Jl
16 | fKd7xUJHM0Du/opoDkXWr/vRVztOB33ndlAK7ruSLfTR3E9HoUe3aRH7ceQ=
17 | -----END CERTIFICATE-----
18 |
--------------------------------------------------------------------------------
/ubiquity/testdata/rsa1024sha1.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIICyDCCAjGgAwIBAgIJAPCgd7rafQZGMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
3 | BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
4 | c2NvMRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQLDAtERVZfVEVTVElORzEW
5 | MBQGA1UEAwwNQ0ZTU0xfVEVTVF9DQTAeFw0xNDA0MTExNjQyMjBaFw0yNDA0MDgx
6 | NjQyMjBaMH0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYD
7 | VQQHDA1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKDApDbG91ZEZsYXJlMRQwEgYDVQQL
8 | DAtERVZfVEVTVElORzEWMBQGA1UEAwwNQ0ZTU0xfVEVTVF9DQTCBnzANBgkqhkiG
9 | 9w0BAQEFAAOBjQAwgYkCgYEAm6f+jkP2t5q/vM0YAUZZkhq/EAYD+L1CMS59jJOL
10 | omfDnKUWOGKi/k7URBg1HNL3vm7/ESDazZWFy9l/nibWxNkSUPkQIrvrGsNivkRU
11 | zXkwgNX8IN8LOYAQ3BWxAqitXTpLjf4FeCTB6G59v9eYlAX3kicXRdY+cqhEvLFb
12 | u3MCAwEAAaNQME4wHQYDVR0OBBYEFLhe765nULfW8wflar5Vs2c6DZI+MB8GA1Ud
13 | IwQYMBaAFLhe765nULfW8wflar5Vs2c6DZI+MAwGA1UdEwQFMAMBAf8wDQYJKoZI
14 | hvcNAQEFBQADgYEABYqqOUq3ZrtMYaTAoeA7Cr/OBMjBV+/TiOe8fRNoPZ7+aKSg
15 | E1baohCGqougm+/XOtBXeLv5tVQihz/2iKdwHmX4HjkxzevAXyazjxeW4IDA21Jl
16 | fKd7xUJHM0Du/opoDkXWr/vRVztOB33ndlAK7ruSLfTR3E9HoUe3aRH7ceQ=
17 | -----END CERTIFICATE-----
18 |
--------------------------------------------------------------------------------
/ubiquity/testdata/rsa2048sha2.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDfDCCAwKgAwIBAgIIUYJhG37C300wCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
10 | ANAukkrF37rHtiFfPuoUmKkj0HaEMGeQWEJ0sbispQKwqzF8fCRh6yT+j4+xsUZh
11 | +NL/bvVcGb3K0DpvMlE7swBH9ind7r15lSiW9r3NAaKbH5aUhDixLnXU0h5R4HVR
12 | 8paqW8we2a5sl17lk7UxRGhpj1VJlnDgTsuqXP+4Wb+x5E42hy0Lv7qIYnPzYztK
13 | CWmlMHbOprsEwjUpjL7b6D+dackCXrmY2CKFp57vvw27WWJh+OFWxw9FPrkjSi2W
14 | uG3lqg6uWQ8ELxFZLi6i999WsM4CH9GuG4T/rnNZHVl2fFfvGgW6rauoOqPR3a84
15 | DUUfvUtxLxHpQq8blsPRUN0CAwEAAaOBgTB/MA4GA1UdDwEB/wQEAwIApDASBgNV
16 | HRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBShnoK2Oquaq/XjlNBMxs5yPTSJvjAf
17 | BgNVHSMEGDAWgBRB+YoiUjIm34/wBwHdJGE4Wufs/DAZBgNVHREEEjAQgg5jZnNz
18 | bC1sZWFmLmNvbTAKBggqhkjOPQQDAwNoADBlAjAhMWEJzBwuN5bVACPCAoVPSWI2
19 | +0DQi4Tu6sBNQl+dsyO+FPyA3+aYc0NgnBwcj+0CMQC7JOdfdWJPZj6rOAXvGV3I
20 | jGJRHZmu5q5K+9teIK1b9mustpnDJgniKAHtBGecXy4=
21 | -----END CERTIFICATE-----
22 |
--------------------------------------------------------------------------------
/ubiquity/testdata/rsa3072sha2.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIID/DCCA4KgAwIBAgIIFVfMGJwEBdcwCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB
10 | APcWAQ6FdrT8fJamf2x/8C76D7INfwl3pJ70XDbscNYLunNyCQaymZZBbYlOmPBQ
11 | A4lATlWm/2NHEP/RHXgdrKzx+DOSjYj3VmT4MQEVp0auRM/Kb1QEj9hNmcmtVJx+
12 | YiQWrvHuksAZfFGl5xsHAPglL/hV3GbXaBYdC6rdwHSLUDpB1Y0hOgn4r+ZbEltI
13 | pDHKBxThzabOP/QOAP4K4k+ZUQ6kCMnDe1g9pOPmila3glsW0rXlN+ciAyVejxlL
14 | cPJONWqyfpMLsGDN/mJJUdA7I9EcV59O6C6p3+iHjVKIBoTVTu0by3aX764ZXrx1
15 | V5pmI+NH5Bo1NeSpGTiooDMP4AyJyOknNo6fKD1/bY5GkGJBdrewFjqtNZYeU5Xj
16 | CKARVKlXMvl/6no5WtCWighMrf34j1KO/0oLnMhZfBqyn0nRC1DiseVa9mWePEEn
17 | yJV5XvrRrRQ9AGFLDtLndMHJVuQvoPBNu62k7keEWmTo/P6Zge1zQ7M8MUP/e3QU
18 | aQIDAQABo4GBMH8wDgYDVR0PAQH/BAQDAgCkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
19 | HQYDVR0OBBYEFFRI3nOBTv9Gq7OQNv8dWdCiysNQMB8GA1UdIwQYMBaAFEH5iiJS
20 | Mibfj/AHAd0kYTha5+z8MBkGA1UdEQQSMBCCDmNmc3NsLWxlYWYuY29tMAoGCCqG
21 | SM49BAMDA2gAMGUCMQDAZV84hdNMZORoY35qBjTBSDfgZH2RN7EQHBr01G3rRfrr
22 | 0pfr7IGqmUfC8ca/Dc0CMDM0Gk9ulfiXhBg/Ewzpru8UVX6/hgbhPnH9GiGq/8XZ
23 | 5HC9JXjnDj10F8BHD11QzQ==
24 | -----END CERTIFICATE-----
25 |
--------------------------------------------------------------------------------
/ubiquity/testdata/rsa4096sha2.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEezCCBAKgAwIBAgIIZP3PePNium4wCgYIKoZIzj0EAwMwgYwxCzAJBgNVBAYT
3 | AlVTMRMwEQYDVQQKEwpDbG91ZEZsYXJlMRwwGgYDVQQLExNTeXN0ZW1zIEVuZ2lu
4 | ZWVyaW5nMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9y
5 | bmlhMR0wGwYDVQQDExRjbG91ZGZsYXJlLWludGVyLmNvbTAeFw0xNDA0MTEyMTIy
6 | MzhaFw0xOTA0MTEyMTI3MzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQ2xv
7 | dWRGbGFyZTEcMBoGA1UECxMTU3lzdGVtcyBFbmdpbmVlcmluZzEWMBQGA1UEBxMN
8 | U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTEcMBoGA1UEAxMTY2xv
9 | dWRmbGFyZS1sZWFmLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
10 | ALWN7ERQNnJsJuGxLbcdU1URDSZ3da3t34kfGHHFD3J5md7jWNbH52hIh307MZNd
11 | IWyzqNuHXmAGUgusOFtRKxmZzzttZE63ZSlMrJqn8C3Iyxr04+/9xyp26XxUMd7F
12 | fdfiJyORz9eNZp+/P2YMNtkmYs8rG59cdEKZ4yvVhWS3WOqO4TZAKedycfYPOT4k
13 | UTnC4fhB+ljJMVFCsfc4ntDD8nRZIgZUfpxmfUjuQxjyiRj1ZO2BeZ9l0DQVlF1K
14 | vnC6orAJEjqexQdQK8jIkAi1aehQE7fwkVwNDt3dIXfR4q5y1OkDH+koILmMxcP1
15 | Y1hewKAnV4DYbQKPIQecEd/7KyJ0YQ89mCoXEwvBeoFBKwlymOkBfEFfCPB9dPw6
16 | 6djCcJcVtfQH5khaICLP2OSj59JDJnFIbTLTLcdcWttTnZm4A9L2zBROnKqCnUmH
17 | yJoSubSn2sYELv4z5bIQc7WKeo17ZX3GFUOK3JxzP4apuhyTuIYeeVOsK8Nzhr/x
18 | 0n8I7Ot6EiSYKi87PFllSSmoVqMwqLcgBqyBfv5gnLHIjJuzbFllrD4swdu+Zw1o
19 | dbeM4VKt1j+AOOpJWahdlLjQpMSbIeA4M/AtsTEXkZj5Azf4UxPYjjwLp5PMS9Xa
20 | raKC8Rkin6DuGC5QYBKmKLbaHRBRty1BMnKbOuZuHiAJAgMBAAGjgYEwfzAOBgNV
21 | HQ8BAf8EBAMCAKQwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUliwSq0YZ
22 | SDgIUZ7+1t5Ntzb8sYkwHwYDVR0jBBgwFoAUQfmKIlIyJt+P8AcB3SRhOFrn7Pww
23 | GQYDVR0RBBIwEIIOY2Zzc2wtbGVhZi5jb20wCgYIKoZIzj0EAwMDZwAwZAIwGTkD
24 | /FuSQ+VDGKZ8UM6kYAFS30rvi5/vScTIkAFmAISfyJF63Puk7gesDzkzV0uNAjAZ
25 | QPl9/aXIud70gp7SRmTEWtqc2sohR2UT2OBw6neTVxxM6GWZqAGTZCu7++Z2fDw=
26 | -----END CERTIFICATE-----
27 |
--------------------------------------------------------------------------------
/whitelist/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2014 Kyle Isom
2 |
3 | Permission to use, copy, modify, and distribute this software for any
4 | purpose with or without fee is hereby granted, provided that the above
5 | copyright notice and this permission notice appear in all copies.
6 |
7 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
10 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14 |
--------------------------------------------------------------------------------