├── .coveralls.yml
├── .github
    ├── CODEOWNERS
    ├── FUNDING.yml
    ├── ISSUE_TEMPLATE
    │   ├── config.yml
    │   ├── defect.yml
    │   └── proposal.yml
    ├── PULL_REQUEST_TEMPLATE.md
    ├── actions
    │   └── nightly-release
    │   │   └── action.yaml
    ├── dependabot.yml
    └── workflows
    │   ├── cov.yaml
    │   ├── long-tests.yaml
    │   ├── mqtt-test.yaml
    │   ├── nightly.yaml
    │   ├── release.yaml
    │   ├── stale-issues.yaml
    │   └── tests.yaml
├── .gitignore
├── .golangci.yml
├── .goreleaser-nightly.yml
├── .goreleaser.yml
├── AMBASSADORS.md
├── CODE-OF-CONDUCT.md
├── CONTRIBUTING.md
├── DEPENDENCIES.md
├── GOVERNANCE.md
├── LICENSE
├── MAINTAINERS.md
├── README.md
├── TODO.md
├── conf
    ├── fuzz.go
    ├── includes
    │   ├── passwords.conf
    │   └── users.conf
    ├── lex.go
    ├── lex_test.go
    ├── parse.go
    ├── parse_test.go
    └── simple.conf
├── doc
    └── README.md
├── docker
    ├── Dockerfile.nightly
    └── nats-server.conf
├── go.mod
├── go.sum
├── internal
    ├── antithesis
    │   ├── noop.go
    │   └── test_assert.go
    ├── fastrand
    │   ├── LICENSE
    │   ├── fastrand.go
    │   └── fastrand_test.go
    ├── ldap
    │   ├── dn.go
    │   └── dn_test.go
    ├── ocsp
    │   └── ocsp.go
    └── testhelper
    │   └── logging.go
├── locksordering.txt
├── logger
    ├── log.go
    ├── log_test.go
    ├── syslog.go
    ├── syslog_test.go
    ├── syslog_windows.go
    └── syslog_windows_test.go
├── logos
    ├── nats-horizontal-color.png
    └── nats-server.png
├── main.go
├── scripts
    ├── cov.sh
    ├── runTestsOnTravis.sh
    └── updateCopyrights.sh
├── server
    ├── README-MQTT.md
    ├── README.md
    ├── accounts.go
    ├── accounts_test.go
    ├── ats
    │   ├── ats.go
    │   └── ats_test.go
    ├── auth.go
    ├── auth_callout.go
    ├── auth_callout_test.go
    ├── auth_test.go
    ├── avl
    │   ├── norace_test.go
    │   ├── seqset.go
    │   └── seqset_test.go
    ├── benchmark_publish_test.go
    ├── certidp
    │   ├── certidp.go
    │   ├── certidp_test.go
    │   ├── messages.go
    │   └── ocsp_responder.go
    ├── certstore
    │   ├── certstore.go
    │   ├── certstore_other.go
    │   ├── certstore_windows.go
    │   └── errors.go
    ├── certstore_windows_test.go
    ├── ciphersuites.go
    ├── client.go
    ├── client_test.go
    ├── closed_conns_test.go
    ├── config_check_test.go
    ├── configs
    │   ├── accounts.conf
    │   ├── authorization.conf
    │   ├── certs
    │   │   ├── cert.new.pem
    │   │   ├── key.new.pem
    │   │   ├── key.pem
    │   │   ├── server.pem
    │   │   └── tls
    │   │   │   ├── benchmark-ca-cert.pem
    │   │   │   ├── benchmark-ca-key.pem
    │   │   │   ├── benchmark-server-cert-ed25519.pem
    │   │   │   ├── benchmark-server-cert-rsa-1024.pem
    │   │   │   ├── benchmark-server-cert-rsa-2048.pem
    │   │   │   ├── benchmark-server-cert-rsa-4096.pem
    │   │   │   ├── benchmark-server-key-ed25519.pem
    │   │   │   ├── benchmark-server-key-rsa-1024.pem
    │   │   │   ├── benchmark-server-key-rsa-2048.pem
    │   │   │   └── benchmark-server-key-rsa-4096.pem
    │   ├── cluster.conf
    │   ├── gwa.conf
    │   ├── gwb.conf
    │   ├── gws.conf
    │   ├── include_bad_conf_check_a.conf
    │   ├── include_bad_conf_check_b.conf
    │   ├── include_conf_check_a.conf
    │   ├── include_conf_check_b.conf
    │   ├── include_conf_check_c.conf
    │   ├── js-op.conf
    │   ├── listen-1.conf
    │   ├── listen.conf
    │   ├── listen_port.conf
    │   ├── listen_port_with_colon.conf
    │   ├── malformed_cluster_address.conf
    │   ├── malformed_listen_address.conf
    │   ├── multiple_errors.conf
    │   ├── multiple_users.conf
    │   ├── new_style_authorization.conf
    │   ├── one.creds
    │   ├── reload
    │   │   ├── authorization_1.conf
    │   │   ├── authorization_2.conf
    │   │   ├── basic.conf
    │   │   ├── defaultsentinel_1.conf
    │   │   ├── defaultsentinel_2.conf
    │   │   ├── file_rotate.conf
    │   │   ├── file_rotate1.conf
    │   │   ├── invalid.conf
    │   │   ├── max_connections.conf
    │   │   ├── max_payload.conf
    │   │   ├── multiple_users_1.conf
    │   │   ├── multiple_users_2.conf
    │   │   ├── reload.conf
    │   │   ├── reload_unsupported.conf
    │   │   ├── single_user_authentication_1.conf
    │   │   ├── single_user_authentication_2.conf
    │   │   ├── srv_a_1.conf
    │   │   ├── srv_a_2.conf
    │   │   ├── srv_a_3.conf
    │   │   ├── srv_a_4.conf
    │   │   ├── srv_b_1.conf
    │   │   ├── srv_b_2.conf
    │   │   ├── srv_c_1.conf
    │   │   ├── test.conf
    │   │   ├── tls_multi_cert_1.conf
    │   │   ├── tls_multi_cert_2.conf
    │   │   ├── tls_multi_cert_3.conf
    │   │   ├── tls_test.conf
    │   │   ├── tls_verify_test.conf
    │   │   ├── token_authentication_1.conf
    │   │   └── token_authentication_2.conf
    │   ├── seed.conf
    │   ├── seed_tls.conf
    │   ├── srv_a.conf
    │   ├── srv_a_bcrypt.conf
    │   ├── srv_b.conf
    │   ├── srv_b_bcrypt.conf
    │   ├── test.conf
    │   ├── tls.conf
    │   ├── tls
    │   │   ├── tls-ed25519.conf
    │   │   ├── tls-none.conf
    │   │   ├── tls-rsa-1024.conf
    │   │   ├── tls-rsa-2048.conf
    │   │   └── tls-rsa-4096.conf
    │   ├── tls_bad_cipher.conf
    │   ├── tls_bad_curve_prefs.conf
    │   ├── tls_ciphers.conf
    │   ├── tls_curve_prefs.conf
    │   ├── tls_empty_cipher.conf
    │   └── tls_empty_curve_prefs.conf
    ├── const.go
    ├── consumer.go
    ├── core_benchmarks_test.go
    ├── dirstore.go
    ├── dirstore_test.go
    ├── disk_avail.go
    ├── disk_avail_netbsd.go
    ├── disk_avail_openbsd.go
    ├── disk_avail_wasm.go
    ├── disk_avail_windows.go
    ├── errors.go
    ├── errors.json
    ├── errors_gen.go
    ├── errors_test.go
    ├── events.go
    ├── events_test.go
    ├── filestore.go
    ├── filestore_test.go
    ├── fuzz.go
    ├── gateway.go
    ├── gateway_test.go
    ├── gsl
    │   ├── gsl.go
    │   └── gsl_test.go
    ├── ipqueue.go
    ├── ipqueue_test.go
    ├── jetstream.go
    ├── jetstream_api.go
    ├── jetstream_benchmark_test.go
    ├── jetstream_cluster.go
    ├── jetstream_cluster_1_test.go
    ├── jetstream_cluster_2_test.go
    ├── jetstream_cluster_3_test.go
    ├── jetstream_cluster_4_test.go
    ├── jetstream_cluster_long_test.go
    ├── jetstream_consumer_test.go
    ├── jetstream_errors.go
    ├── jetstream_errors_generated.go
    ├── jetstream_errors_test.go
    ├── jetstream_events.go
    ├── jetstream_helpers_test.go
    ├── jetstream_jwt_test.go
    ├── jetstream_leafnode_test.go
    ├── jetstream_meta_benchmark_test.go
    ├── jetstream_sourcing_scaling_test.go
    ├── jetstream_super_cluster_test.go
    ├── jetstream_test.go
    ├── jetstream_tpm_test.go
    ├── jetstream_versioning.go
    ├── jetstream_versioning_test.go
    ├── jwt.go
    ├── jwt_test.go
    ├── leafnode.go
    ├── leafnode_test.go
    ├── log.go
    ├── log_test.go
    ├── memstore.go
    ├── memstore_test.go
    ├── monitor.go
    ├── monitor_sort_opts.go
    ├── monitor_test.go
    ├── mqtt.go
    ├── mqtt_ex_bench_test.go
    ├── mqtt_ex_test_test.go
    ├── mqtt_test.go
    ├── msgtrace.go
    ├── msgtrace_test.go
    ├── nkey.go
    ├── nkey_test.go
    ├── norace_1_test.go
    ├── norace_2_test.go
    ├── ocsp.go
    ├── ocsp_peer.go
    ├── ocsp_responsecache.go
    ├── opts.go
    ├── opts_test.go
    ├── parser.go
    ├── parser_test.go
    ├── ping_test.go
    ├── proto.go
    ├── pse
    │   ├── freebsd.txt
    │   ├── pse_darwin.go
    │   ├── pse_dragonfly.go
    │   ├── pse_freebsd_cgo.go
    │   ├── pse_freebsd_sysctl.go
    │   ├── pse_linux.go
    │   ├── pse_netbsd.go
    │   ├── pse_openbsd.go
    │   ├── pse_rumprun.go
    │   ├── pse_solaris.go
    │   ├── pse_test.go
    │   ├── pse_wasm.go
    │   ├── pse_windows.go
    │   ├── pse_windows_test.go
    │   └── pse_zos.go
    ├── raft.go
    ├── raft_chain_of_blocks_helpers_test.go
    ├── raft_helpers_test.go
    ├── raft_test.go
    ├── rate_counter.go
    ├── rate_counter_test.go
    ├── reload.go
    ├── reload_test.go
    ├── ring.go
    ├── ring_test.go
    ├── route.go
    ├── routes_test.go
    ├── sdm.go
    ├── sendq.go
    ├── server.go
    ├── server_test.go
    ├── service.go
    ├── service_test.go
    ├── service_windows.go
    ├── service_windows_test.go
    ├── signal.go
    ├── signal_test.go
    ├── signal_wasm.go
    ├── signal_windows.go
    ├── split_test.go
    ├── store.go
    ├── store_test.go
    ├── stream.go
    ├── stree
    │   ├── dump.go
    │   ├── helper_test.go
    │   ├── leaf.go
    │   ├── node.go
    │   ├── node10.go
    │   ├── node16.go
    │   ├── node256.go
    │   ├── node4.go
    │   ├── node48.go
    │   ├── parts.go
    │   ├── stree.go
    │   ├── stree_test.go
    │   └── util.go
    ├── subject_transform.go
    ├── subject_transform_test.go
    ├── sublist.go
    ├── sublist_test.go
    ├── sysmem
    │   ├── mem_bsd.go
    │   ├── mem_darwin.go
    │   ├── mem_linux.go
    │   ├── mem_wasm.go
    │   ├── mem_windows.go
    │   ├── mem_zos.go
    │   └── sysctl.go
    ├── test_test.go
    ├── thw
    │   ├── helper_test.go
    │   ├── thw.go
    │   └── thw_test.go
    ├── tpm
    │   ├── js_ek_tpm_other.go
    │   ├── js_ek_tpm_test.go
    │   └── js_ek_tpm_windows.go
    ├── trust_test.go
    ├── util.go
    ├── util_test.go
    ├── websocket.go
    └── websocket_test.go
├── test
    ├── accounts_cycles_test.go
    ├── auth_test.go
    ├── bench_results.txt
    ├── bench_test.go
    ├── client_auth_test.go
    ├── client_cluster_test.go
    ├── cluster_test.go
    ├── cluster_tls_test.go
    ├── configs
    │   ├── auth_seed.conf
    │   ├── authorization.conf
    │   ├── auths.conf
    │   ├── certs
    │   │   ├── ca.pem
    │   │   ├── client-cert.pem
    │   │   ├── client-id-auth-cert.pem
    │   │   ├── client-id-auth-key.pem
    │   │   ├── client-key.pem
    │   │   ├── ocsp
    │   │   │   ├── ca-cert.pem
    │   │   │   ├── ca-key.pem
    │   │   │   ├── client-cert.pem
    │   │   │   ├── client-key.pem
    │   │   │   ├── desgsign
    │   │   │   │   ├── ca-cert.pem
    │   │   │   │   ├── ca-chain-cert.pem
    │   │   │   │   ├── ca-interm-cert.pem
    │   │   │   │   ├── ca-interm-key.pem
    │   │   │   │   ├── ca-key.pem
    │   │   │   │   ├── server-01-cert.pem
    │   │   │   │   ├── server-01-key.pem
    │   │   │   │   ├── server-02-cert.pem
    │   │   │   │   └── server-02-key.pem
    │   │   │   ├── gen.sh
    │   │   │   ├── server-cert.pem
    │   │   │   ├── server-key.pem
    │   │   │   ├── server-status-request-cert.pem
    │   │   │   ├── server-status-request-key.pem
    │   │   │   ├── server-status-request-url-01-cert.pem
    │   │   │   ├── server-status-request-url-01-key.pem
    │   │   │   ├── server-status-request-url-02-cert.pem
    │   │   │   ├── server-status-request-url-02-key.pem
    │   │   │   ├── server-status-request-url-03-cert.pem
    │   │   │   ├── server-status-request-url-03-key.pem
    │   │   │   ├── server-status-request-url-04-cert.pem
    │   │   │   ├── server-status-request-url-04-key.pem
    │   │   │   ├── server-status-request-url-05-cert.pem
    │   │   │   ├── server-status-request-url-05-key.pem
    │   │   │   ├── server-status-request-url-06-cert.pem
    │   │   │   ├── server-status-request-url-06-key.pem
    │   │   │   ├── server-status-request-url-07-cert.pem
    │   │   │   ├── server-status-request-url-07-key.pem
    │   │   │   ├── server-status-request-url-08-cert.pem
    │   │   │   └── server-status-request-url-08-key.pem
    │   │   ├── ocsp_peer
    │   │   │   └── mini-ca
    │   │   │   │   ├── caocsp
    │   │   │   │       ├── caocsp_cert.pem
    │   │   │   │       └── private
    │   │   │   │       │   └── caocsp_keypair.pem
    │   │   │   │   ├── client1
    │   │   │   │       ├── System_bundle.pem
    │   │   │   │       ├── System_cert.pem
    │   │   │   │       ├── UserA1_bundle.pem
    │   │   │   │       ├── UserA1_cert.pem
    │   │   │   │       ├── UserA2_bundle.pem
    │   │   │   │       ├── UserA2_cert.pem
    │   │   │   │       ├── certfile.pem
    │   │   │   │       └── private
    │   │   │   │       │   ├── System_keypair.pem
    │   │   │   │       │   ├── UserA1_keypair.pem
    │   │   │   │       │   └── UserA2_keypair.pem
    │   │   │   │   ├── client2
    │   │   │   │       ├── UserB1_bundle.pem
    │   │   │   │       ├── UserB1_cert.pem
    │   │   │   │       ├── UserB2_bundle.pem
    │   │   │   │       ├── UserB2_cert.pem
    │   │   │   │       ├── certfile.pem
    │   │   │   │       └── private
    │   │   │   │       │   ├── UserB1_keypair.pem
    │   │   │   │       │   └── UserB2_keypair.pem
    │   │   │   │   ├── intermediate1
    │   │   │   │       ├── intermediate1_cert.pem
    │   │   │   │       └── private
    │   │   │   │       │   └── intermediate1_keypair.pem
    │   │   │   │   ├── intermediate2
    │   │   │   │       ├── intermediate2_cert.pem
    │   │   │   │       └── private
    │   │   │   │       │   └── intermediate2_keypair.pem
    │   │   │   │   ├── misc
    │   │   │   │       ├── misconfig_TestServer1_bundle.pem
    │   │   │   │       ├── trust_config1_bundle.pem
    │   │   │   │       ├── trust_config2_bundle.pem
    │   │   │   │       └── trust_config3_bundle.pem
    │   │   │   │   ├── ocsp1
    │   │   │   │       ├── ocsp1_bundle.pem
    │   │   │   │       ├── ocsp1_cert.pem
    │   │   │   │       └── private
    │   │   │   │       │   └── ocsp1_keypair.pem
    │   │   │   │   ├── ocsp2
    │   │   │   │       ├── ocsp2_bundle.pem
    │   │   │   │       ├── ocsp2_cert.pem
    │   │   │   │       └── private
    │   │   │   │       │   └── ocsp2_keypair.pem
    │   │   │   │   ├── root
    │   │   │   │       ├── private
    │   │   │   │       │   └── root_keypair.pem
    │   │   │   │       └── root_cert.pem
    │   │   │   │   ├── server1
    │   │   │   │       ├── TestServer1_bundle.pem
    │   │   │   │       ├── TestServer1_cert.pem
    │   │   │   │       ├── TestServer2_bundle.pem
    │   │   │   │       ├── TestServer2_cert.pem
    │   │   │   │       └── private
    │   │   │   │       │   ├── TestServer1_keypair.pem
    │   │   │   │       │   └── TestServer2_keypair.pem
    │   │   │   │   └── server2
    │   │   │   │       ├── TestServer3_bundle.pem
    │   │   │   │       ├── TestServer3_cert.pem
    │   │   │   │       ├── TestServer4_bundle.pem
    │   │   │   │       ├── TestServer4_cert.pem
    │   │   │   │       └── private
    │   │   │   │           ├── TestServer3_keypair.pem
    │   │   │   │           └── TestServer4_keypair.pem
    │   │   ├── rdns
    │   │   │   ├── ca.key
    │   │   │   ├── ca.pem
    │   │   │   ├── client-a.key
    │   │   │   ├── client-a.pem
    │   │   │   ├── client-b.key
    │   │   │   ├── client-b.pem
    │   │   │   ├── client-c.key
    │   │   │   ├── client-c.pem
    │   │   │   ├── client-d.key
    │   │   │   ├── client-d.pem
    │   │   │   ├── client-e.key
    │   │   │   ├── client-e.pem
    │   │   │   ├── client-f.key
    │   │   │   ├── client-f.pem
    │   │   │   ├── server.key
    │   │   │   └── server.pem
    │   │   ├── regenerate_rdns_svid.sh
    │   │   ├── regenerate_top.sh
    │   │   ├── sans
    │   │   │   ├── ca.pem
    │   │   │   ├── client-key.pem
    │   │   │   ├── client.pem
    │   │   │   ├── dev-email-key.pem
    │   │   │   ├── dev-email.pem
    │   │   │   ├── dev-key.pem
    │   │   │   ├── dev.pem
    │   │   │   ├── prod-key.pem
    │   │   │   ├── prod.pem
    │   │   │   ├── server-key.pem
    │   │   │   └── server.pem
    │   │   ├── server-cert.pem
    │   │   ├── server-iponly.pem
    │   │   ├── server-key-iponly.pem
    │   │   ├── server-key-noip.pem
    │   │   ├── server-key.pem
    │   │   ├── server-noip.pem
    │   │   ├── srva-cert.pem
    │   │   ├── srva-key.pem
    │   │   ├── srvb-cert.pem
    │   │   ├── srvb-key.pem
    │   │   ├── svid
    │   │   │   ├── ca.key
    │   │   │   ├── ca.pem
    │   │   │   ├── client-a.key
    │   │   │   ├── client-a.pem
    │   │   │   ├── client-b.key
    │   │   │   ├── client-b.pem
    │   │   │   ├── server.key
    │   │   │   ├── server.pem
    │   │   │   ├── svid-user-a.key
    │   │   │   ├── svid-user-a.pem
    │   │   │   ├── svid-user-b.key
    │   │   │   └── svid-user-b.pem
    │   │   └── tlsauth
    │   │   │   ├── ca.pem
    │   │   │   ├── certstore
    │   │   │       ├── ca.p12
    │   │   │       ├── client.p12
    │   │   │       ├── delete-cert-from-store.ps1
    │   │   │       ├── ecdsa_server.key
    │   │   │       ├── ecdsa_server.pem
    │   │   │       ├── ecdsa_server.pfx
    │   │   │       ├── expired.p12
    │   │   │       ├── generate_ecdsa_test_cert.sh
    │   │   │       ├── import-p12-ca.ps1
    │   │   │       ├── import-p12-client.ps1
    │   │   │       ├── import-p12-server.ps1
    │   │   │       ├── not-expired.p12
    │   │   │       ├── pkcs12.md
    │   │   │       └── server.p12
    │   │   │   ├── client-key.pem
    │   │   │   ├── client.pem
    │   │   │   ├── client2-key.pem
    │   │   │   ├── client2.pem
    │   │   │   ├── server-key.pem
    │   │   │   ├── server-no-ou-key.pem
    │   │   │   ├── server-no-ou.pem
    │   │   │   └── server.pem
    │   ├── cluster.conf
    │   ├── jetstream
    │   │   ├── restore_bad_stream
    │   │   │   ├── backup.json
    │   │   │   └── stream.tar.s2
    │   │   ├── restore_empty_R1F_stream
    │   │   │   ├── backup.json
    │   │   │   └── stream.tar.s2
    │   │   └── restore_empty_R3F_stream
    │   │   │   ├── backup.json
    │   │   │   └── stream.tar.s2
    │   ├── multi_accounts.conf
    │   ├── multi_user.conf
    │   ├── new_cluster.conf
    │   ├── nkeys
    │   │   ├── op.jwt
    │   │   ├── sigkeys.txt
    │   │   └── test.seed
    │   ├── operator.conf
    │   ├── operator_inline.conf
    │   ├── override.conf
    │   ├── resolver_preload.conf
    │   ├── seed.conf
    │   ├── srv_a.conf
    │   ├── srv_a_leaf.conf
    │   ├── srv_a_perms.conf
    │   ├── srv_a_tls.conf
    │   ├── srv_b.conf
    │   ├── srv_b_tls.conf
    │   ├── srv_c.conf
    │   ├── tls.conf
    │   ├── tls_cert_cn.conf
    │   ├── tls_cert_cn_gateways.conf
    │   ├── tls_cert_cn_gateways_invalid_auth.conf
    │   ├── tls_cert_cn_routes.conf
    │   ├── tls_cert_cn_routes_invalid_auth.conf
    │   ├── tls_cert_id.conf
    │   ├── tls_cert_san_auth.conf
    │   ├── tls_cert_san_emails.conf
    │   ├── tls_curve_pref.conf
    │   ├── tls_mixed.conf
    │   ├── tlsverify.conf
    │   └── tlsverify_noca.conf
    ├── fanout_test.go
    ├── gateway_test.go
    ├── gosrv_test.go
    ├── leafnode_test.go
    ├── log_test.go
    ├── maxpayload_test.go
    ├── monitor_test.go
    ├── new_routes_test.go
    ├── norace_test.go
    ├── ocsp_peer_test.go
    ├── ocsp_test.go
    ├── operator_test.go
    ├── opts_test.go
    ├── pedantic_test.go
    ├── pid_test.go
    ├── ping_test.go
    ├── port_test.go
    ├── ports_test.go
    ├── proto_test.go
    ├── route_discovery_test.go
    ├── routes_test.go
    ├── service_latency_test.go
    ├── services_test.go
    ├── system_services_test.go
    ├── test.go
    ├── test_test.go
    ├── tls_test.go
    ├── user_authorization_test.go
    └── verbose_test.go
└── util
    ├── nats-server-hardened.service
    └── nats-server.service


/.coveralls.yml:
--------------------------------------------------------------------------------
1 | service_name: travis-pro
2 | 


--------------------------------------------------------------------------------
/.github/CODEOWNERS:
--------------------------------------------------------------------------------
1 | * @nats-io/server
2 | 


--------------------------------------------------------------------------------
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | # These are supported funding model platforms
2 | 
3 | # NATS.io
4 | community_bridge: nats-io
5 | 
6 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
1 | blank_issues_enabled: false
2 | contact_links:
3 |   - name: Discussion
4 |     url: https://github.com/nats-io/nats-server/discussions
5 |     about: Ideal for ideas, feedback, or longer form questions.
6 |   - name: Chat
7 |     url: https://slack.nats.io
8 |     about: Ideal for short, one-off questions, general conversation, and meeting other NATS users!
9 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/proposal.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Proposal
 3 | description: Propose an enhancement or new feature.
 4 | labels:
 5 |   - proposal
 6 | body:
 7 |   - type: textarea
 8 |     id: change
 9 |     attributes:
10 |       label: Proposed change
11 |       description: This could be a behavior change, enhanced API, or a new feature.
12 |     validations:
13 |       required: true
14 |   - type: textarea
15 |     id: usecase
16 |     attributes:
17 |       label: Use case
18 |       description: What is the use case or general motivation for this proposal?
19 |     validations:
20 |       required: true
21 |   - type: textarea
22 |     id: contribute
23 |     attributes:
24 |       label: Contribution
25 |       description: |-
26 |         Are you intending or interested in contributing code for this proposal if accepted?
27 |     validations:
28 |       required: false
29 | 


--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | <!-- Please make sure to read CONTRIBUTING.md, then delete this notice and replace it with your PR description. The below sign-off certifies that the contribution is your original work and that you license the work to the project under the Apache-2.0 license. We cannot accept contributions without it. -->
2 | 
3 | Signed-off-by: Your Name <your.email@example.com>
4 | 


--------------------------------------------------------------------------------
/.github/actions/nightly-release/action.yaml:
--------------------------------------------------------------------------------
 1 | name: Nightly Docker Releaser
 2 | description: Builds nightly docker images
 3 | 
 4 | inputs:
 5 |   hub_username:
 6 |     description: Docker hub username
 7 |     required: true
 8 | 
 9 |   hub_password:
10 |     description: Docker hub password
11 |     required: true
12 | 
13 |   workdir:
14 |     description: The working directory for actions requiring it
15 |     required: true
16 | 
17 | runs:
18 |   using: composite
19 |   steps:
20 |     - name: Log in to Docker Hub
21 |       shell: bash
22 |       run: docker login -u "${{ inputs.hub_username }}" -p "${{ inputs.hub_password }}"
23 | 
24 |     - name: Set up Go
25 |       uses: actions/setup-go@v5
26 |       with:
27 |         go-version: stable
28 | 
29 |     - name: Build and push Docker images
30 |       # Use commit hash here to avoid a re-tagging attack, as this is a third-party action
31 |       # Commit 9ed2f89a662bf1735a48bc8557fd212fa902bebf = tag v6.1.0
32 |       uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf
33 |       with:
34 |         workdir: "${{ inputs.workdir }}"
35 |         version: ~> v2
36 |         args: release --skip=announce,validate --config .goreleaser-nightly.yml
37 | 


--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
 1 | version: 2
 2 | updates:
 3 |   - package-ecosystem: "gomod"
 4 |     directory: "/"
 5 |     schedule:
 6 |       interval: "weekly"
 7 |   - package-ecosystem: "github-actions"
 8 |     directory: "/"
 9 |     schedule:
10 |       interval: "weekly"


--------------------------------------------------------------------------------
/.github/workflows/long-tests.yaml:
--------------------------------------------------------------------------------
 1 | name: NATS Server Long Tests
 2 | 
 3 | on:
 4 |   # Allow manual trigger (any branch)
 5 |   workflow_dispatch:
 6 |   # Run daily at 12:30 on default branch
 7 |   schedule:
 8 |     - cron: "30 12 * * *"
 9 | 
10 | concurrency:
11 |   # At most one of these workflow per ref running
12 |   group: ${{ github.workflow }}-${{ github.ref }}
13 |   # New one cancels in-progress one
14 |   cancel-in-progress: true
15 | 
16 | jobs:
17 |   js-long:
18 |     name: Long JetStream tests
19 |     runs-on: ${{ vars.GHA_WORKER_MEDIUM || 'ubuntu-latest' }}
20 |     steps:
21 |       - name: Checkout
22 |         uses: actions/checkout@v4
23 | 
24 |       - name: Install Go
25 |         uses: actions/setup-go@v5
26 |         with:
27 |           go-version: stable
28 | 
29 |       - name: Run tests
30 |         run: go test -race -v -run='^TestLong.*' ./server -tags=include_js_long_tests -count=1 -vet=off -timeout=60m -shuffle on -p 1 -failfast
31 | 


--------------------------------------------------------------------------------
/.github/workflows/nightly.yaml:
--------------------------------------------------------------------------------
 1 | name: Docker Nightly
 2 | on:
 3 |   workflow_dispatch:
 4 |     inputs:
 5 |       target:
 6 |         description: "Override source branch (optional)"
 7 |         type: string
 8 |         required: false
 9 | 
10 |   schedule:
11 |     - cron: "40 4 * * *"
12 | 
13 | jobs:
14 |   run:
15 |     runs-on: ${{ vars.GHA_WORKER_RELEASE || 'ubuntu-latest' }}
16 |     steps:
17 |       - name: Checkout code
18 |         uses: actions/checkout@v4
19 |         with:
20 |           path: src/github.com/nats-io/nats-server
21 |           ref: ${{ inputs.target || 'main' }}
22 |           fetch-depth: 0
23 |           fetch-tags: true
24 | 
25 |       - uses: ./src/github.com/nats-io/nats-server/.github/actions/nightly-release
26 |         with:
27 |           workdir: src/github.com/nats-io/nats-server
28 |           hub_username: "${{ secrets.DOCKER_USERNAME }}"
29 |           hub_password: "${{ secrets.DOCKER_PASSWORD }}"
30 | 


--------------------------------------------------------------------------------
/.github/workflows/stale-issues.yaml:
--------------------------------------------------------------------------------
 1 | name: Stale Issues
 2 | on:
 3 |   schedule:
 4 |     - cron: "30 1 * * *"
 5 | 
 6 | permissions:
 7 |   issues: write
 8 |   pull-requests: write
 9 | 
10 | jobs:
11 |   stale:
12 |     runs-on: ubuntu-latest
13 | 
14 |     steps:
15 |       - uses: actions/stale@v9
16 |         with:
17 |           stale-issue-label: stale
18 |           stale-pr-label: stale
19 |           days-before-stale: 56 # Mark stale after 8 weeks (56 days) of inactivity
20 |           days-before-close: -1 # Disable auto-closing
21 |           exempt-all-milestones: true # Any issue/PR within a milestone will be omitted
22 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Compiled Object files, Static and Dynamic libs (Shared Objects)
 2 | *.o
 3 | *.a
 4 | *.so
 5 | 
 6 | # Folders
 7 | _obj
 8 | _test
 9 | dist
10 | 
11 | # Configuration Files
12 | *.conf
13 | *.cfg
14 | 
15 | # Architecture specific extensions/prefixes
16 | *.[568vq]
17 | [568vq].out
18 | 
19 | *.cgo1.go
20 | *.cgo2.c
21 | _cgo_defun.c
22 | _cgo_gotypes.go
23 | _cgo_export.*
24 | 
25 | _testmain.go
26 | 
27 | *.exe
28 | 
29 | # Eclipse
30 | .project
31 | 
32 | # IntelliJ
33 | .idea/
34 | 
35 | # Emacs
36 | *~
37 | \#*\#
38 | .\#*
39 | 
40 | # Visual Studio Code
41 | .vscode
42 | 
43 | # Mac
44 | .DS_Store
45 | 
46 | # bin
47 | nats-server
48 | gnatsd
49 | check
50 | 
51 | # coverage
52 | coverage.out
53 | 
54 | # Cross compiled binaries
55 | pkg
56 | 


--------------------------------------------------------------------------------
/.goreleaser-nightly.yml:
--------------------------------------------------------------------------------
 1 | project_name: nats-server
 2 | version: 2
 3 | 
 4 | builds:
 5 |   - main: .
 6 |     id: nats-server
 7 |     binary: nats-server
 8 |     ldflags:
 9 |       - -w -X github.com/nats-io/nats-server/v2/server.gitCommit={{.ShortCommit}}
10 |     env:
11 |       - GO111MODULE=on
12 |       - CGO_ENABLED=0
13 |     goos:
14 |       - linux
15 |     goarch:
16 |       - amd64
17 |     mod_timestamp: "{{ .CommitTimestamp }}"
18 | 
19 | release:
20 |   disable: true
21 | 
22 | dockers:
23 |   - goos: linux
24 |     goarch: amd64
25 |     dockerfile: docker/Dockerfile.nightly
26 |     skip_push: false
27 |     build_flag_templates:
28 |       - '--build-arg=VERSION={{ if ne .Branch "main" }}{{ replace .Branch "/" "-" }}{{ else }}nightly{{ end }}-{{ time "20060102" }}'
29 |     image_templates:
30 |       - synadia/nats-server:{{ if ne .Branch "main" }}{{ replace .Branch "/" "-" }}{{ else }}nightly{{ end }}
31 |       - synadia/nats-server:{{ if ne .Branch "main" }}{{ replace .Branch "/" "-" }}{{ else }}nightly{{ end }}-{{ time "20060102" }}
32 |     extra_files:
33 |       - docker/nats-server.conf
34 | 
35 | checksum:
36 |   name_template: "SHA256SUMS"
37 |   algorithm: sha256
38 | 
39 | snapshot:
40 |   version_template: '{{ if ne .Branch "main" }}{{ replace .Branch "/" "-" }}{{ else }}nightly{{ end }}-{{ time "20060102" }}'
41 | 


--------------------------------------------------------------------------------
/AMBASSADORS.md:
--------------------------------------------------------------------------------
1 | # Ambassadors
2 | 
3 | The NATS ambassador program recognizes community members that go above and beyond in their contributions to the community and the ecosystem. Learn more [here](https://nats.io/community#nats-ambassador-program).
4 | 
5 | - [Maurice van Veen](https://nats.io/community#maurice-van-veen) <contact@mauricevanveen.com>
6 | 


--------------------------------------------------------------------------------
/CODE-OF-CONDUCT.md:
--------------------------------------------------------------------------------
1 | ## Community Code of Conduct
2 | 
3 | NATS follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
4 | 


--------------------------------------------------------------------------------
/DEPENDENCIES.md:
--------------------------------------------------------------------------------
 1 | # External Dependencies
 2 | 
 3 | This file lists the dependencies used in this repository.
 4 | 
 5 | | Dependency | License |
 6 | |-|-|
 7 | | Go | BSD 3-Clause "New" or "Revised" License |
 8 | | github.com/nats-io/nats-server/v2 | Apache License 2.0 |
 9 | | github.com/google/go-tpm | Apache License 2.0 |
10 | | github.com/klauspost/compress | BSD 3-Clause "New" or "Revised" License |
11 | | github.com/minio/highwayhash | Apache License 2.0 |
12 | | github.com/nats-io/jwt/v2 | Apache License 2.0 |
13 | | github.com/nats-io/nats.go | Apache License 2.0 |
14 | | github.com/nats-io/nkeys | Apache License 2.0 |
15 | | github.com/nats-io/nuid  | Apache License 2.0 |
16 | | go.uber.org/automaxprocs | MIT License |
17 | | golang.org/x/crypto | BSD 3-Clause "New" or "Revised" License |
18 | | golang.org/x/sys | BSD 3-Clause "New" or "Revised" License |
19 | | golang.org/x/time | BSD 3-Clause "New" or "Revised" License |
20 | 


--------------------------------------------------------------------------------
/GOVERNANCE.md:
--------------------------------------------------------------------------------
1 | # NATS Server Governance
2 | 
3 | NATS Server is part of the NATS project and is subject to the [NATS Governance](https://github.com/nats-io/nats-general/blob/main/GOVERNANCE.md).
4 | 


--------------------------------------------------------------------------------
/MAINTAINERS.md:
--------------------------------------------------------------------------------
 1 | # Maintainers
 2 | 
 3 | Maintainership is on a per project basis. Reference [NATS Governance Model](https://github.com/nats-io/nats-general/blob/main/GOVERNANCE.md).
 4 | 
 5 | ### Maintainers
 6 |   - Derek Collison <derek@nats.io> [@derekcollison](https://github.com/derekcollison)
 7 |   - Ivan Kozlovic <ivan@nats.io> [@kozlovic](https://github.com/kozlovic)
 8 |   - Waldemar Quevedo <wally@nats.io> [@wallyqs](https://github.com/wallyqs)
 9 |   - Oleg Shaldybin <olegsh@google.com> [@olegshaldybin](https://github.com/olegshaldybin)
10 |   - R.I. Pienaar <rip@devco.net> [@ripienaar](https://github.com/ripienaar)
11 | 


--------------------------------------------------------------------------------
/conf/fuzz.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2020-2021 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build gofuzz
15 | 
16 | package conf
17 | 
18 | func Fuzz(data []byte) int {
19 | 	_, err := Parse(string(data))
20 | 	if err != nil {
21 | 		return 0
22 | 	}
23 | 	return 1
24 | }
25 | 


--------------------------------------------------------------------------------
/conf/includes/passwords.conf:
--------------------------------------------------------------------------------
1 | # Just foo & bar for testing
2 | ALICE_PASS: $2a$10$UHR6GhotWhpLsKtVP0/i6.Nh9.fuY73cWjLoJjb2sKT8KISBcUW5q
3 | BOB_PASS: $2a$11$dZM98SpGeI7dCFFGSpt.JObQcix8YHml4TBUZoge9R1uxnMIln5ly
4 | 


--------------------------------------------------------------------------------
/conf/includes/users.conf:
--------------------------------------------------------------------------------
1 | # Users configuration
2 | 
3 | include ./passwords.conf;
4 | 
5 | users = [
6 |   {user: alice, password: $ALICE_PASS}
7 |   {user: bob,   password: $BOB_PASS}
8 | ]
9 | 


--------------------------------------------------------------------------------
/conf/simple.conf:
--------------------------------------------------------------------------------
1 | listen: 127.0.0.1:4222
2 | 
3 | authorization {
4 |   include 'includes/users.conf' # Pull in from file
5 |   timeout: 0.5
6 | }
7 | 


--------------------------------------------------------------------------------
/doc/README.md:
--------------------------------------------------------------------------------
1 | # Architecture Decision Records
2 | 
3 | The NATS ADR documents have moved to their [own repository](https://github.com/nats-io/nats-architecture-and-design/)
4 | 


--------------------------------------------------------------------------------
/docker/Dockerfile.nightly:
--------------------------------------------------------------------------------
 1 | FROM golang:alpine AS builder
 2 | 
 3 | ARG VERSION="nightly"
 4 | 
 5 | RUN apk add --update git
 6 | RUN mkdir -p src/github.com/nats-io && \
 7 |     cd src/github.com/nats-io/ && \
 8 |     git clone https://github.com/nats-io/natscli.git && \
 9 |     cd natscli/nats && \
10 |     go build -ldflags "-w -X main.version=${VERSION}" -o /nats
11 | 
12 | RUN go install github.com/nats-io/nsc/v2@latest
13 | 
14 | FROM alpine:latest
15 | 
16 | RUN apk add --update ca-certificates && mkdir -p /nats/bin && mkdir /nats/conf
17 | 
18 | COPY docker/nats-server.conf /nats/conf/nats-server.conf
19 | COPY nats-server /bin/nats-server
20 | COPY --from=builder /nats /bin/nats
21 | COPY --from=builder /go/bin/nsc /bin/nsc
22 | 
23 | EXPOSE 4222 8222 6222 5222
24 | 
25 | ENTRYPOINT ["/bin/nats-server"]
26 | CMD ["-c", "/nats/conf/nats-server.conf"]
27 | 


--------------------------------------------------------------------------------
/docker/nats-server.conf:
--------------------------------------------------------------------------------
 1 | 
 2 | # Client port of 4222 on all interfaces
 3 | port: 4222
 4 | 
 5 | # HTTP monitoring port
 6 | monitor_port: 8222
 7 | 
 8 | # This is for clustering multiple servers together.
 9 | cluster {
10 | 
11 |   # Route connections to be received on any interface on port 6222
12 |   port: 6222
13 | 
14 |   # Routes are protected, so need to use them with --routes flag
15 |   # e.g. --routes=nats-route://ruser:T0pS3cr3t@otherdockerhost:6222
16 |   authorization {
17 |     user: ruser
18 |     password: T0pS3cr3t
19 |     timeout: 2
20 |   }
21 | 
22 |   # Routes are actively solicited and connected to from this server.
23 |   # This Docker image has none by default, but you can pass a
24 |   # flag to the nats-server docker image to create one to an existing server.
25 |   routes = []
26 | }
27 | 


--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
 1 | module github.com/nats-io/nats-server/v2
 2 | 
 3 | go 1.23.0
 4 | 
 5 | toolchain go1.23.9
 6 | 
 7 | require (
 8 | 	github.com/antithesishq/antithesis-sdk-go v0.4.3-default-no-op
 9 | 	github.com/google/go-tpm v0.9.5
10 | 	github.com/klauspost/compress v1.18.0
11 | 	github.com/minio/highwayhash v1.0.3
12 | 	github.com/nats-io/jwt/v2 v2.7.4
13 | 	github.com/nats-io/nats.go v1.42.0
14 | 	github.com/nats-io/nkeys v0.4.11
15 | 	github.com/nats-io/nuid v1.0.1
16 | 	go.uber.org/automaxprocs v1.6.0
17 | 	golang.org/x/crypto v0.38.0
18 | 	golang.org/x/sys v0.33.0
19 | 	golang.org/x/time v0.11.0
20 | )
21 | 


--------------------------------------------------------------------------------
/internal/antithesis/noop.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2022-2024 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | // This file is used iff the `enable_antithesis_sdk` build tag is not present
15 | //go:build !enable_antithesis_sdk
16 | 
17 | package antithesis
18 | 
19 | import (
20 | 	"testing"
21 | )
22 | 
23 | // AssertUnreachable this implementation is a NOOP
24 | func AssertUnreachable(_ testing.TB, _ string, _ map[string]any) {}
25 | 
26 | // Assert this implementation is a NOOP
27 | func Assert(_ testing.TB, _ bool, _ string, _ map[string]any) {}
28 | 


--------------------------------------------------------------------------------
/internal/fastrand/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2011 The LevelDB-Go Authors. All rights reserved.
 2 | 
 3 | Redistribution and use in source and binary forms, with or without
 4 | modification, are permitted provided that the following conditions are
 5 | met:
 6 | 
 7 |    * Redistributions of source code must retain the above copyright
 8 | notice, this list of conditions and the following disclaimer.
 9 |    * Redistributions in binary form must reproduce the above
10 | copyright notice, this list of conditions and the following disclaimer
11 | in the documentation and/or other materials provided with the
12 | distribution.
13 |    * Neither the name of Google Inc. nor the names of its
14 | contributors may be used to endorse or promote products derived from
15 | this software without specific prior written permission.
16 | 
17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


--------------------------------------------------------------------------------
/internal/fastrand/fastrand.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2020-2023 The LevelDB-Go, Pebble and NATS Authors. All rights reserved.
 2 | // Use of this source code is governed by a BSD-style license that can be found in
 3 | // the LICENSE file.
 4 | 
 5 | package fastrand
 6 | 
 7 | import _ "unsafe" // required by go:linkname
 8 | 
 9 | // Uint32 returns a lock free uint32 value.
10 | //
11 | //go:linkname Uint32 runtime.fastrand
12 | func Uint32() uint32
13 | 
14 | // Uint32n returns a lock free uint32 value in the interval [0, n).
15 | //
16 | //go:linkname Uint32n runtime.fastrandn
17 | func Uint32n(n uint32) uint32
18 | 
19 | // Uint64 returns a lock free uint64 value.
20 | func Uint64() uint64 {
21 | 	v := uint64(Uint32())
22 | 	return v<<32 | uint64(Uint32())
23 | }
24 | 


--------------------------------------------------------------------------------
/internal/fastrand/fastrand_test.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2020-23 The LevelDB-Go, Pebble and NATS Authors. All rights reserved.
 2 | // Use of this source code is governed by a BSD-style license that can be found in
 3 | // the LICENSE file.
 4 | 
 5 | package fastrand
 6 | 
 7 | import (
 8 | 	"math/rand"
 9 | 	"sync"
10 | 	"testing"
11 | 	"time"
12 | )
13 | 
14 | type defaultRand struct {
15 | 	mu  sync.Mutex
16 | 	src rand.Source64
17 | }
18 | 
19 | func newDefaultRand() *defaultRand {
20 | 	r := &defaultRand{
21 | 		src: rand.New(rand.NewSource(time.Now().UnixNano())),
22 | 	}
23 | 	return r
24 | }
25 | 
26 | func (r *defaultRand) Uint32() uint32 {
27 | 	r.mu.Lock()
28 | 	i := uint32(r.src.Uint64())
29 | 	r.mu.Unlock()
30 | 	return i
31 | }
32 | 
33 | func (r *defaultRand) Uint64() uint64 {
34 | 	r.mu.Lock()
35 | 	i := uint64(r.src.Uint64())
36 | 	r.mu.Unlock()
37 | 	return i
38 | }
39 | 
40 | func BenchmarkFastRand32(b *testing.B) {
41 | 	b.RunParallel(func(pb *testing.PB) {
42 | 		for pb.Next() {
43 | 			Uint32()
44 | 		}
45 | 	})
46 | }
47 | 
48 | func BenchmarkFastRand64(b *testing.B) {
49 | 	b.RunParallel(func(pb *testing.PB) {
50 | 		for pb.Next() {
51 | 			Uint64()
52 | 		}
53 | 	})
54 | }
55 | 
56 | func BenchmarkDefaultRand32(b *testing.B) {
57 | 	r := newDefaultRand()
58 | 	b.RunParallel(func(pb *testing.PB) {
59 | 		for pb.Next() {
60 | 			r.Uint32()
61 | 		}
62 | 	})
63 | }
64 | 
65 | func BenchmarkDefaultRand64(b *testing.B) {
66 | 	r := newDefaultRand()
67 | 	b.RunParallel(func(pb *testing.PB) {
68 | 		for pb.Next() {
69 | 			r.Uint64()
70 | 		}
71 | 	})
72 | }
73 | 


--------------------------------------------------------------------------------
/locksordering.txt:
--------------------------------------------------------------------------------
 1 | Here is the list of some established lock ordering.
 2 | 
 3 | In this list, A -> B means that you can have A.Lock() then B.Lock(), not the opposite.
 4 | 
 5 | jetStream -> jsAccount -> Server -> client -> Account
 6 | 
 7 | jetStream -> jsAccount -> stream -> consumer
 8 | 
 9 | A lock to protect jetstream account's usage has been introduced: jsAccount.usageMu.
10 | This lock is independent and can be invoked under any other lock: jsAccount -> jsa.usageMu, stream -> jsa.usageMu, etc...
11 | 
12 | A lock to protect the account's leafnodes list was also introduced to
13 | allow that lock to be held and the acquire a client lock which is not
14 | possible with the normal account lock.
15 | 
16 | accountLeafList -> client
17 | 
18 | AccountResolver interface has various implementations, but assume: AccountResolver -> Server
19 | 
20 | A reloadMu lock was added to prevent newly connecting clients racing with the configuration reload.
21 | This must be taken out as soon as a reload is about to happen before any other locks:
22 | 
23 |     reloadMu -> Server
24 |     reloadMu -> optsMu
25 | 
26 | The "jscmMu" lock in the Account is used to serialise calls to checkJetStreamMigrate and
27 | clearObserverState so that they cannot interleave which would leave Raft nodes in
28 | inconsistent observer states.
29 | 
30 |     jscmMu -> Account -> jsAccount
31 |     jscmMu -> stream.clsMu
32 |     jscmMu -> RaftNode
33 | 
34 | The "clsMu" lock protects the consumer list on a stream, used for signalling consumer activity.
35 | 
36 |     stream -> clsMu
37 | 


--------------------------------------------------------------------------------
/logos/nats-horizontal-color.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nats-io/nats-server/887d92857e6ce58f5c32501e8460405a1f218b56/logos/nats-horizontal-color.png


--------------------------------------------------------------------------------
/logos/nats-server.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nats-io/nats-server/887d92857e6ce58f5c32501e8460405a1f218b56/logos/nats-server.png


--------------------------------------------------------------------------------
/scripts/updateCopyrights.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Ensure script is run at the root of a git repository
 4 | git rev-parse --is-inside-work-tree &>/dev/null || { echo "Not inside a git repository"; exit 1; }
 5 | 
 6 | # Find all .go files tracked by git
 7 | git ls-files "*.go" | while read -r file; do
 8 |     # Skip files that don't have a copyright belonging to "The NATS Authors"
 9 |     current_copyright=$(grep -oE "^// Copyright [0-9]{4}(-[0-9]{4})? The NATS Authors" "$file" || echo "")
10 |     [[ -z "$current_copyright" ]] && continue
11 | 
12 |     # Get the last commit year for the file
13 |     last_year=$(git log --follow --format="%ad" --date=format:%Y -- "$file" | head -1)
14 |     existing_years=$(echo "$current_copyright" | grep -oE "[0-9]{4}(-[0-9]{4})?")
15 | 
16 |     # Determine the new copyright range
17 |     if [[ "$existing_years" =~ ^([0-9]{4})-([0-9]{4})$ ]]; then
18 |         first_year=${BASH_REMATCH[1]}
19 |         new_copyright="// Copyright $first_year-$last_year The NATS Authors"
20 |     elif [[ "$existing_years" =~ ^([0-9]{4})$ ]]; then
21 |         first_year=${BASH_REMATCH[1]}
22 |         if [[ "$first_year" == "$last_year" ]]; then
23 |             new_copyright="// Copyright $first_year The NATS Authors"
24 |         else
25 |             new_copyright="// Copyright $first_year-$last_year The NATS Authors"
26 |         fi
27 |     else
28 |         continue # If the format is somehow incorrect, skip the file
29 |     fi
30 | 
31 |     # Update the first line
32 |     if sed --version &>/dev/null; then
33 |         # Linux sed
34 |         sed -i "1s|^// Copyright.*|$new_copyright|" "$file"
35 |     else
36 |         # BSD/macOS sed, needs -i ''
37 |         sed -i '' "1s|^// Copyright.*|$new_copyright|" "$file"
38 |     fi
39 | done
40 | 


--------------------------------------------------------------------------------
/server/README.md:
--------------------------------------------------------------------------------
 1 | # Tests
 2 | 
 3 | Tests that run on Travis have been split into jobs that run in their own VM in parallel. This reduces the overall running time but also is allowing recycling of a job when we get a flapper as opposed to have to recycle the whole test suite.
 4 | 
 5 | ## JetStream Tests
 6 | 
 7 | For JetStream tests, we need to observe a naming convention so that no tests are omitted when running on Travis.
 8 | 
 9 | The script `runTestsOnTravis.sh` will run a given job based on the definition found in "`.travis.yml`".
10 | 
11 | As for the naming convention:
12 | 
13 | - All JetStream test name should start with `TestJetStream`
14 | - Cluster tests should go into `jetstream_cluster_test.go` and start with `TestJetStreamCluster`
15 | - Super-cluster tests should go into `jetstream_super_cluster_test.go` and start with `TestJetStreamSuperCluster`
16 | 
17 | Not following this convention means that some tests may not be executed on Travis.
18 | 


--------------------------------------------------------------------------------
/server/certidp/certidp_test.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2023 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | package certidp
15 | 
16 | import "testing"
17 | 
18 | // Checks the return values of the function GetStatusAssertionStr
19 | func TestGetStatusAssertionStr(t *testing.T) {
20 | 	tests := []struct {
21 | 		name     string
22 | 		input    int
23 | 		expected string
24 | 	}{
25 | 		{
26 | 			name:     "GoodStatus",
27 | 			input:    0,
28 | 			expected: "good",
29 | 		},
30 | 		{
31 | 			name:     "RevokedStatus",
32 | 			input:    1,
33 | 			expected: "revoked",
34 | 		},
35 | 		{
36 | 			name:     "UnknownStatus",
37 | 			input:    2,
38 | 			expected: "unknown",
39 | 		},
40 | 		// Invalid status assertion value.
41 | 		{
42 | 			name:     "InvalidStatus",
43 | 			input:    42,
44 | 			expected: "unknown",
45 | 		},
46 | 	}
47 | 
48 | 	for _, tt := range tests {
49 | 		t.Run(tt.name, func(t *testing.T) {
50 | 			got := GetStatusAssertionStr(tt.input)
51 | 			if got != tt.expected {
52 | 				t.Errorf("Expected GetStatusAssertionStr: %v, got %v", tt.expected, got)
53 | 			}
54 | 		})
55 | 	}
56 | }
57 | 


--------------------------------------------------------------------------------
/server/certstore/certstore_other.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2022-2023 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build !windows
15 | 
16 | package certstore
17 | 
18 | import (
19 | 	"crypto"
20 | 	"crypto/tls"
21 | 	"io"
22 | )
23 | 
24 | var _ = MATCHBYEMPTY
25 | 
26 | // otherKey implements crypto.Signer and crypto.Decrypter to satisfy linter on platforms that don't implement certstore
27 | type otherKey struct{}
28 | 
29 | func TLSConfig(_ StoreType, _ MatchByType, _ string, _ []string, _ bool, _ *tls.Config) error {
30 | 	return ErrOSNotCompatCertStore
31 | }
32 | 
33 | // Public always returns nil public key since this is a stub on non-supported platform
34 | func (k otherKey) Public() crypto.PublicKey {
35 | 	return nil
36 | }
37 | 
38 | // Sign always returns a nil signature since this is a stub on non-supported platform
39 | func (k otherKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) {
40 | 	_, _, _ = rand, digest, opts
41 | 	return nil, nil
42 | }
43 | 
44 | // Verify interface conformance.
45 | var _ credential = &otherKey{}
46 | 


--------------------------------------------------------------------------------
/server/configs/accounts.conf:
--------------------------------------------------------------------------------
 1 | 
 2 | accounts: {
 3 |   synadia: {
 4 |     nkey: ADMHMDX2LEUJRZQHGVSVRWZEJ2CPNHYO6TB4ZCZ37LXAX5SYNEW252GF
 5 | 
 6 |     users = [
 7 |       # Bob
 8 |       {nkey : UC6NLCN7AS34YOJVCYD4PJ3QB7QGLYG5B5IMBT25VW5K4TNUJODM7BOX}
 9 |       # Alice
10 |       {nkey : UBAAQWTW6CG2G6ANGNKB5U2B7HRWHSGMZEZX3AQSAJOQDAUGJD46LD2E}
11 |     ]
12 | 
13 |     exports = [
14 |       {stream: "public.>"} # No accounts means public.
15 |       {stream: "synadia.private.>", accounts: [cncf, nats.io]}
16 |       {service: "pub.request"} # No accounts means public.
17 |       {service: "pub.special.request", accounts: [nats.io]}
18 |     ]
19 | 
20 |     imports = [
21 |       {service: {account: "nats.io", subject: "nats.time"}}
22 |     ]
23 |   }
24 | 
25 |   nats.io: {
26 |     nkey: AB5UKNPVHDWBP5WODG742274I3OGY5FM3CBIFCYI4OFEH7Y23GNZPXFE
27 | 
28 |     users = [
29 |       # Ivan
30 |       {nkey : UBRYMDSRTC6AVJL6USKKS3FIOE466GMEU67PZDGOWYSYHWA7GSKO42VW}
31 |       # Derek
32 |       {nkey : UDEREK22W43P2NFQCSKGM6BWD23OVWEDR7JE7LSNCD232MZIC4X2MEKZ}
33 |     ]
34 | 
35 |     imports = [
36 |       {stream: {account: "synadia", subject:"public.synadia"}, prefix: "imports.synadia", allow_trace: true}
37 |       {stream: {account: "synadia", subject:"synadia.private.*"}}
38 |       {service: {account: "synadia", subject: "pub.special.request"}, to: "synadia.request"}
39 |     ]
40 | 
41 |     exports = [
42 |       {service: "nats.time", response: stream, allow_trace: true}
43 |       {service: "nats.photo", response: chunked}
44 |       {service: "nats.add", response: singleton, accounts: [cncf], allow_trace: true}
45 |       {service: "nats.sub"}
46 |     ]
47 |   }
48 | 
49 |   cncf: { nkey: ABDAYEV6KZVLW3GSJ3V7IWC542676TFYILXF2C7Z56LCPSMVHJE5BVYO}
50 | }
51 | 


--------------------------------------------------------------------------------
/server/configs/authorization.conf:
--------------------------------------------------------------------------------
 1 | listen: 127.0.0.1:4222
 2 | 
 3 | authorization {
 4 |   # Our role based permissions.
 5 | 
 6 |   # Superuser can do anything.
 7 |   super_user = {
 8 |     publish = "*"
 9 |     subscribe = ">"
10 |   }
11 |   # Can do requests on foo or bar, and subscribe to anything
12 |   # that is a response to an _INBOX.
13 |   #
14 |   # Notice that authorization filters can be singletons or arrays.
15 |   req_pub_user = {
16 |     publish = ["req.foo", "req.bar"]
17 |     subscribe = "_INBOX.>"
18 |   }
19 | 
20 |   # Setup a default user that can subscribe to anything, but has
21 |   # no publish capabilities.
22 |   default_user = {
23 |     subscribe = "PUBLIC.>"
24 |   }
25 | 
26 |   # Service can listen on the request subject and respond to any
27 |   # received reply subject.
28 |   my_service = {
29 |     subscribe = "my.service.req"
30 |     publish_allow_responses: true
31 |   }
32 | 
33 |   # Can support a map with max messages and expiration of the permission.
34 |   my_stream_service = {
35 |     subscribe = "my.service.req"
36 |     allow_responses: {max: 10, expires: "1m"}
37 |   }
38 | 
39 |   # Default permissions if none presented. e.g. susan below.
40 |   default_permissions: $default_user
41 | 
42 |   # Users listed with persmissions.
43 |   users = [
44 |     {user: alice, password: foo, permissions: $super_user}
45 |     {user: bob,   password: bar, permissions: $req_pub_user}
46 |     {user: susan, password: baz}
47 |     {user: svca,  password: pc,  permissions: $my_service}
48 |     {user: svcb,  password: sam, permissions: $my_stream_service}
49 |   ]
50 | }
51 | 


--------------------------------------------------------------------------------
/server/configs/certs/cert.new.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDnjCCAoagAwIBAgIJAM/HacKKaH7zMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYD
 3 | VQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC0xvcyBBbmdlbGVzMSQwIgYD
 4 | VQQKDBtTeW5hZGlhIENvbW11bmljYXRpb25zIEluYy4xKzApBgNVBAMMIm5hdHMu
 5 | aW8vZW1haWxBZGRyZXNzPWRlcmVrQG5hdHMuaW8wHhcNMTkxMDE3MTIyODIxWhcN
 6 | MjkxMDE0MTIyODIxWjCBgzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYD
 7 | VQQHDAtMb3MgQW5nZWxlczEkMCIGA1UECgwbU3luYWRpYSBDb21tdW5pY2F0aW9u
 8 | cyBJbmMuMSswKQYDVQQDDCJuYXRzLmlvL2VtYWlsQWRkcmVzcz1kZXJla0BuYXRz
 9 | LmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBIAVUr4gCEBRVbA
10 | HSweCLExOrMZmII4AdvgIqT+svjBkJd+vdkbd5b/SC1HQx1E14kiRJ/JrZIZoMqi
11 | +7pK3kFM63Fkhkg8rWOxn0tQznSymKTpha5NdDWxnB0dXlXFCQG1e/cuDalR7UhF
12 | LPHiuK42gAvhivBcymDPV0hTYt4rHb71SQ1DwfCYzcLkDvDFA/W7kronaEhRyWn6
13 | uvZvHkdvScoubdzoW/kNBH4JYZw5svLzGz3z20rUGeLttF4ge5SCAz9unZk96HUO
14 | EFmUDvFmxdnTXrYINjraNvgu7fPFmVzupWrWPA/7U+cxOvm3qBMdqxFxNr7bq+Md
15 | UPKi3QIDAQABoxMwETAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4IB
16 | AQCCgFKP/bMi5cvasJOzXKLpwOneW+oItL2t/5NxPumIBMDo5NnShzsFLfGmujYw
17 | fjcMharynkkbz/oeDAm8h1mySAJrnqtabiWgaW8zbNJfJOrAq4Jvs9COMAzjJclL
18 | +h9GWtvVylDnsNtd18n1gA5OYv0A6YjuSrWINL8Sp5QvTF/5tT8jFrDOIjZl7m50
19 | lX4R70N9GLt2jIlKro+qdsi6qUZccuJmoQxUpG1iQcRNFHtWfDPr5KFEXaO6IoYt
20 | D1kYWmo/A3WQm7nbXeZw/zaSGSS0t6/hKZwm+gPCL6TEdDrjhjxpCZQTwaMd6jj2
21 | bvT2OA0ZpzUWyxnaX6u+cDfM
22 | -----END CERTIFICATE-----
23 | 


--------------------------------------------------------------------------------
/server/configs/certs/server.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDnjCCAoagAwIBAgIJAOXpOWk41Pd7MA0GCSqGSIb3DQEBCwUAMIGDMQswCQYD
 3 | VQQGEwJVUzELMAkGA1UECAwCQ0ExFDASBgNVBAcMC0xvcyBBbmdlbGVzMSQwIgYD
 4 | VQQKDBtTeW5hZGlhIENvbW11bmljYXRpb25zIEluYy4xKzApBgNVBAMMIm5hdHMu
 5 | aW8vZW1haWxBZGRyZXNzPWRlcmVrQG5hdHMuaW8wHhcNMTkxMDE3MTIzMjQ5WhcN
 6 | MjkxMDE0MTIzMjQ5WjCBgzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYD
 7 | VQQHDAtMb3MgQW5nZWxlczEkMCIGA1UECgwbU3luYWRpYSBDb21tdW5pY2F0aW9u
 8 | cyBJbmMuMSswKQYDVQQDDCJuYXRzLmlvL2VtYWlsQWRkcmVzcz1kZXJla0BuYXRz
 9 | LmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PGGsZYijbGvDInc
10 | ELA10tDCOM/mT9VDFvVP1bdqk4np2LNy+iqns0X8BB9gKBO18r0Hc3j1d2jdYANC
11 | 95gCokthTdw4cUemPA/yTW+WAOj5dH5WjCp1pLZmv0jDn+6O3ku2bemZiL7QYKdW
12 | bUUmUh+uCkqguOu3hgch515tuWe1H/9qzvCtY7JkcIAxCaCS+WeL2uKcqV+Squzs
13 | VpPGWudCrpOg7XUXyHJ1I6A2nbGMxh8xe5Kdf99XpUNmlD6fXul92lrvvoCb+W6w
14 | TLFnkPhE5owjD6saFwzNgCasD+94qxC1OzzlEf6t4KKKstegb06e02i7wLSnT0iu
15 | 5JdUFQIDAQABoxMwETAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4IB
16 | AQDIMNgMqgGdXwZTIDxz4iq76iHdSHxZK4YwJr/4xRSq1uEddxmUfAQzo+gBboA5
17 | c0XxYxc0xViuueThnqdLhHmEyCs8uGFRLaQAI5Bq1PdMQP12m5fCWRAyKrCxdtli
18 | zm8ByDq7mWpkfMTd/rJGR4wCR9qI9Y5Bp6p4FBKZ3pzEanFXMV9IHhkm1BGh9tbe
19 | l6GQyBptEpfTiRwNCC/ympeiL3G8hfDCPkcLed5sQ+OhPe5iWMVPncZh/qehnUJK
20 | B5CIXcagcROFutsDYPCurKcfQOsfqulu0q95h7FQUOsIeU7jIlcLxIii19qjlTZh
21 | sFjsul5G7qqMEgIUsx3U985v
22 | -----END CERTIFICATE-----
23 | 


--------------------------------------------------------------------------------
/server/configs/certs/tls/benchmark-ca-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIID2zCCAsOgAwIBAgIUZj0PngA93uUSShcRndTQju/J88YwDQYJKoZIhvcNAQEL
 3 | BQAwfDETMBEGA1UEAwwKbmF0cy5pby5DQTEiMCAGA1UECwwZUGVyZm9ybWFuY2VB
 4 | bmRSZWxpYWJpbGl0eTEQMA4GA1UECgwHU3luYWRpYTEQMA4GA1UEBwwHVG9yb250
 5 | bzEQMA4GA1UECAwHT250YXJpbzELMAkGA1UEBhMCQ0EwIBcNMjMwODE0MTUyNzU3
 6 | WhgPMjEyMzA3MjExNTI3NTdaMHwxEzARBgNVBAMMCm5hdHMuaW8uQ0ExIjAgBgNV
 7 | BAsMGVBlcmZvcm1hbmNlQW5kUmVsaWFiaWxpdHkxEDAOBgNVBAoMB1N5bmFkaWEx
 8 | EDAOBgNVBAcMB1Rvcm9udG8xEDAOBgNVBAgMB09udGFyaW8xCzAJBgNVBAYTAkNB
 9 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cCyJL+DExUyZto2eFLm
10 | MBRSkQLxM9pOWB9O8TecHlPcc/SPGq/x9lpguJ/IiaUj+VffVWy236KW2JL5Xj83
11 | PZwhXi1yZzxlIBsKAgAUeNfWuTAc0K0Qm9pR5Wjv5eNcT0mw6JX0SPgUQAl9BSwU
12 | WvtMOTxOt0hBjHmZaEamp7nLmwogpvgPsrubD6U4O/vUQm3JTsbp2rFQxXPpkG19
13 | 69PGsT37r0/w9Zv0xNAcB/zCWdNBXCTA2ACV2IpJedWm8Jrjcn3Kp4Fv3TKTsCZl
14 | eWtfxCdljndk88+NFK7cEw7b9Bs5R5Zhu20C+Ne8vmMWhYbVBFYws5/jGzPBkVTD
15 | 7wIDAQABo1MwUTAdBgNVHQ4EFgQUEqfeAemfeIp4MM4C7H1bJS+mra4wHwYDVR0j
16 | BBgwFoAUEqfeAemfeIp4MM4C7H1bJS+mra4wDwYDVR0TAQH/BAUwAwEB/zANBgkq
17 | hkiG9w0BAQsFAAOCAQEAiamiPxOlZ0pwOJvv0ylDreHVk2kast67YlhAOcZoSMvi
18 | e2jbKL98U3+ZznGj21AKqEaOkO7UmKoJ/3QlrjgElXzcMUrUrJ1WNowlbXPlAhyL
19 | KhNthLKUr72Tv6wv5GZdAR6DaAwq3iYTbpnLq4oCnFHiXgDWgWyJDLsTGulWve/K
20 | GGM2JMcnacNgNC18uki440Wcfp0vGj9HhO6I/u63oGewZnIK87GQMQCt3JLFyiUc
21 | hrn9nWoixFWcJfCjBcMlwZXMIAlDdelU1/hWtSknKCs57GvZuACcicAYiYIkWCkd
22 | p1pF4G0Ic6irAnLTqhdGwL4+5pjNd1Ih0Gezn9hJLg==
23 | -----END CERTIFICATE-----
24 | 


--------------------------------------------------------------------------------
/server/configs/certs/tls/benchmark-server-cert-ed25519.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDHTCCAgWgAwIBAgIUc31LCktokAIQGqLsSC2BlsLCTsYwDQYJKoZIhvcNAQEL
 3 | BQAwfDETMBEGA1UEAwwKbmF0cy5pby5DQTEiMCAGA1UECwwZUGVyZm9ybWFuY2VB
 4 | bmRSZWxpYWJpbGl0eTEQMA4GA1UECgwHU3luYWRpYTEQMA4GA1UEBwwHVG9yb250
 5 | bzEQMA4GA1UECAwHT250YXJpbzELMAkGA1UEBhMCQ0EwIBcNMjMwODE0MTUyNzU3
 6 | WhgPMjEyMzA3MjExNTI3NTdaMHkxEDAOBgNVBAMMB25hdHMuaW8xIjAgBgNVBAsM
 7 | GVBlcmZvcm1hbmNlQW5kUmVsaWFiaWxpdHkxEDAOBgNVBAoMB1N5bmFkaWExEDAO
 8 | BgNVBAcMB1Rvcm9udG8xEDAOBgNVBAgMB09udGFyaW8xCzAJBgNVBAYTAkNBMCow
 9 | BQYDK2VwAyEAyyc9y9iZgWWSsPRahbeGxF6XN3VOFPZBvD/HQps6jr6jgZEwgY4w
10 | CwYDVR0PBAQDAgQwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMCoGA1UdEQQjMCGCDnJl
11 | dWJlbi5uYXRzLmlvgg9yZXViZW4ubmF0cy5jb20wHQYDVR0OBBYEFBwkwMU8xuQO
12 | FN1Ck5o2qQ4Dz87ZMB8GA1UdIwQYMBaAFBKn3gHpn3iKeDDOAux9WyUvpq2uMA0G
13 | CSqGSIb3DQEBCwUAA4IBAQALjCynuxEobk1MYQAFhkrfAD29H6yRpOcKigHCZjTJ
14 | Dnpupip1xvaFPPvhi4nxtuWcXgKpWEfd1jOPaiNV6lrefahitZpzcflD7wNOxqvx
15 | Hau2U3lFnjnGaC0ppp66x26cQznp6YcTdxrJ1QF4vkOejxqNvaTzmiwzSPIIYm7+
16 | iKVWT+Z86WKof3vAdsX/f148YH1YSPk0ykiBzlbLScbyWebbaydrAIpU01IkSvMo
17 | qDYu+Fba0tpONLe1BUklc608riwQjw9HiJJ2zJIAOBAUev5+48RP91/K111Ix1bl
18 | fGPT8/1TJbyGG2jeJwyLoSIu72aDnnIBfqGkVunRTmeg
19 | -----END CERTIFICATE-----
20 | 


--------------------------------------------------------------------------------
/server/configs/certs/tls/benchmark-server-cert-rsa-1024.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDkzCCAnugAwIBAgIUc31LCktokAIQGqLsSC2BlsLCTsMwDQYJKoZIhvcNAQEL
 3 | BQAwfDETMBEGA1UEAwwKbmF0cy5pby5DQTEiMCAGA1UECwwZUGVyZm9ybWFuY2VB
 4 | bmRSZWxpYWJpbGl0eTEQMA4GA1UECgwHU3luYWRpYTEQMA4GA1UEBwwHVG9yb250
 5 | bzEQMA4GA1UECAwHT250YXJpbzELMAkGA1UEBhMCQ0EwIBcNMjMwODE0MTUyNzU3
 6 | WhgPMjEyMzA3MjExNTI3NTdaMHkxEDAOBgNVBAMMB25hdHMuaW8xIjAgBgNVBAsM
 7 | GVBlcmZvcm1hbmNlQW5kUmVsaWFiaWxpdHkxEDAOBgNVBAoMB1N5bmFkaWExEDAO
 8 | BgNVBAcMB1Rvcm9udG8xEDAOBgNVBAgMB09udGFyaW8xCzAJBgNVBAYTAkNBMIGf
 9 | MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyHHaVHinB3jBsicR4hp7uopz0u3+O
10 | kUicIUSQXDcWiPzdvE+7YZ/s4+Ud4aw4g9q0wHzkZSaMg8nil4tCKmTrUKolVTVj
11 | CCCBmtqq3LwzNLapyoDJRyXsWqHt5TWYSxaf/UQT6sWOgqHOLrbd4J8F0sjxEniB
12 | GDHR1ZXpJCBaIQIDAQABo4GRMIGOMAsGA1UdDwQEAwIEMDATBgNVHSUEDDAKBggr
13 | BgEFBQcDATAqBgNVHREEIzAhgg5yZXViZW4ubmF0cy5pb4IPcmV1YmVuLm5hdHMu
14 | Y29tMB0GA1UdDgQWBBQk5kWOUcUNn7FppddLANe3droUlzAfBgNVHSMEGDAWgBQS
15 | p94B6Z94ingwzgLsfVslL6atrjANBgkqhkiG9w0BAQsFAAOCAQEA2Njy2f1PUZRf
16 | G1/oZ0El7J8L6Ql1HmEC7tOTzbORg7U9uMHKqIFL/IXXAdAlE/EjFEA2riPO8cu/
17 | bvL2A4CapYzt2kDD9PPYfVtniRr7mv0EVntPwEvfiySMAEeZuW/M2liPfgPpQkhL
18 | fzwPeCOfqM8AjpyDab8NEGX5Bbf421oQorlENpm4PKQCXoUN5cWpBwuwWxj7yndj
19 | 256MevLDKKe/ALSLQEo/2Jgpnmp7Qol0GtomCzsLgZ+ASuVtCsGTFmaRrsqVPspJ
20 | oOl6qby5gYwN9TR8zfRYL1m1sbYROz+5+ofEoiTnaOoOSjiBIoYoMeSC/jvJQTPT
21 | VdD8QeQ6Og==
22 | -----END CERTIFICATE-----
23 | 


--------------------------------------------------------------------------------
/server/configs/certs/tls/benchmark-server-cert-rsa-2048.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIEFzCCAv+gAwIBAgIUc31LCktokAIQGqLsSC2BlsLCTsQwDQYJKoZIhvcNAQEL
 3 | BQAwfDETMBEGA1UEAwwKbmF0cy5pby5DQTEiMCAGA1UECwwZUGVyZm9ybWFuY2VB
 4 | bmRSZWxpYWJpbGl0eTEQMA4GA1UECgwHU3luYWRpYTEQMA4GA1UEBwwHVG9yb250
 5 | bzEQMA4GA1UECAwHT250YXJpbzELMAkGA1UEBhMCQ0EwIBcNMjMwODE0MTUyNzU3
 6 | WhgPMjEyMzA3MjExNTI3NTdaMHkxEDAOBgNVBAMMB25hdHMuaW8xIjAgBgNVBAsM
 7 | GVBlcmZvcm1hbmNlQW5kUmVsaWFiaWxpdHkxEDAOBgNVBAoMB1N5bmFkaWExEDAO
 8 | BgNVBAcMB1Rvcm9udG8xEDAOBgNVBAgMB09udGFyaW8xCzAJBgNVBAYTAkNBMIIB
 9 | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyx3O+Z6u8Y1SiuHu3szWbLvL
10 | WrZpSpEiZkll+wk5205S1FRcQLccfr4ubdtjOBdi+RzILCtkflUI01Dbqu6cV7/2
11 | yfLthxBeNDiXMhjyOFkYLwwE4w7CdTwWWsmW31oUH1rYXIDPoeb7WPF7w3NwaUJu
12 | ZXnqM98LRgWDTmh+nsqDDW/bz1fYIdxcO9az6iBOnJ2AGWI2ur5GzWc4+gNMOZiZ
13 | Xj657g0MbyVM4Gzyc4Au22hShZ/YorLP8NAiwNJamlrCFzlnZN/ePjuQPcI6glnb
14 | oO9IAGfPdAOJptfayuPAZgUngzewB38yY0Q/rKG1GJKSkQ8X6/lXiWaRPZJjYwID
15 | AQABo4GRMIGOMAsGA1UdDwQEAwIEMDATBgNVHSUEDDAKBggrBgEFBQcDATAqBgNV
16 | HREEIzAhgg5yZXViZW4ubmF0cy5pb4IPcmV1YmVuLm5hdHMuY29tMB0GA1UdDgQW
17 | BBRtanJZScdSlsPsi58lBcpdj+bV/zAfBgNVHSMEGDAWgBQSp94B6Z94ingwzgLs
18 | fVslL6atrjANBgkqhkiG9w0BAQsFAAOCAQEAV4TZ3b8cYO7ZeRyoCQtCBAab9gNe
19 | kbQpWqICvkVQOk5Anq3opwAWk2FuIRs5KoT7ssckHpXwTwWLs+KuIVo+Fet19IH6
20 | BQfck1jwhzM04MA6zLO/F2j548XlrJy3IzViPM/VxwMMTt5YSoogrz/3TzzJPIe0
21 | eQomf5HbpVgrf08pMVkdaI7PCd7N/CxeWiD5zEWqBu9FqofO188Kb/umx0VwgBju
22 | dX46MKO5TyUc91UrG3M35/r4Z7fd52SWWWFQiI7UBOl2L27samjHlJsKjyFoBF3Z
23 | alvnoUVzo7zwAYmhEdPYDNVceF4KtAFpGipoQPRMg83G87LgYBA4Sa6uKw==
24 | -----END CERTIFICATE-----
25 | 


--------------------------------------------------------------------------------
/server/configs/certs/tls/benchmark-server-key-ed25519.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MC4CAQAwBQYDK2VwBCIEIJRCtUNxUuutNs9j8OtcwFw1xkbs+zxjHhpAqVuqDNo5
3 | -----END PRIVATE KEY-----
4 | 


--------------------------------------------------------------------------------
/server/configs/certs/tls/benchmark-server-key-rsa-1024.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN PRIVATE KEY-----
 2 | MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALIcdpUeKcHeMGyJ
 3 | xHiGnu6inPS7f46RSJwhRJBcNxaI/N28T7thn+zj5R3hrDiD2rTAfORlJoyDyeKX
 4 | i0IqZOtQqiVVNWMIIIGa2qrcvDM0tqnKgMlHJexaoe3lNZhLFp/9RBPqxY6Coc4u
 5 | tt3gnwXSyPESeIEYMdHVlekkIFohAgMBAAECgYAwt8RfyV5WnvXT2mMZLIlwcJ5J
 6 | +rdLQcYAnsDoU7DlwxaXeBi/AlcCLtvOrpmy464A3t3KgzhmGu4vwo/ey0XK+nTQ
 7 | tzORP/PXTaVC8DzJ8PnJmUaB7l+H7a88OSPLbjgnbpw4SyvDpKUHiiw0EDYC7L6Y
 8 | 1vvCOlnprptXbE5eeQJBAOpjwdBVWkVtmStjsxbxZsUTI7XKxS2VZinRLH0l5/hI
 9 | hIHRxwy9oRbeNrf5815lGolTUD0mq+N0dJRlMop1yKsCQQDCiGDkH/pQqhB8ibmD
10 | 0XNw0EzxJmPFACO/x49VCfCPE5p1FQhpyIl6JkyAFNN7Xs4HX8jMHTuvNgJVti61
11 | O0BjAkEAj0wr2vXDubyWrztF61nszcG0zFjKkeLL0fcLLvv0xQt4z3F0MyrgCH4U
12 | kAflLSm8voZMAQbagbXZ7DuuWY5G/wJAWyKnOdidXZL+3ElthwrmKVD86vEQRqe1
13 | F9C3HqDkeTM25mkvItfXSEmPB2Y6WY7luOCv4qhDYOdNmrgaE7+pfwJAcbV5ZVJW
14 | OZvH1ofsJVvUA8J58tzv1+KPb96pI3YRAu8xbMC0mzezPsYjg2wjaRgJ2C+7On27
15 | BaArNo75B20AkA==
16 | -----END PRIVATE KEY-----
17 | 


--------------------------------------------------------------------------------
/server/configs/cluster.conf:
--------------------------------------------------------------------------------
 1 | # Cluster config file
 2 | 
 3 | port: 4242
 4 | net: 127.0.0.1
 5 | 
 6 | authorization {
 7 |   user:     derek
 8 |   password: porkchop
 9 |   timeout:  1
10 | }
11 | 
12 | pid_file: '/tmp/nats-server/nats_cluster_test.pid'
13 | 
14 | cluster {
15 |   host: 127.0.0.1
16 |   port: 4244
17 |   name: "abc"
18 | 
19 |   authorization {
20 |     user: route_user
21 |     password: top_secret
22 |     timeout: 1
23 |   }
24 | 
25 |   # Routes are actively solicited and connected to from this server.
26 |   # Other servers can connect to us if they supply the correct credentials
27 |   # in their routes definitions from above.
28 | 
29 |   routes = [
30 |     nats-route://foo:bar@127.0.0.1:4245
31 |     nats-route://foo:bar@127.0.0.1:4246
32 |   ]
33 | 
34 |   no_advertise: true
35 |   connect_retries: 2
36 | }
37 | 


--------------------------------------------------------------------------------
/server/configs/gwa.conf:
--------------------------------------------------------------------------------
1 | listen: "127.0.0.1:-1"
2 | gateway {
3 |     name: "A"
4 |     listen: "127.0.0.1:5227"
5 |     include 'gws.conf'
6 | }
7 | 


--------------------------------------------------------------------------------
/server/configs/gwb.conf:
--------------------------------------------------------------------------------
1 | listen: "127.0.0.1:-1"
2 | gateway {
3 |     name: "B"
4 |     listen: "127.0.0.1:5228"
5 |     include 'gws.conf'
6 | }
7 | 


--------------------------------------------------------------------------------
/server/configs/gws.conf:
--------------------------------------------------------------------------------
 1 | gateways [
 2 |     {
 3 |         name: "A"
 4 |         url: "nats://127.0.0.1:5227"
 5 |     }
 6 |     {
 7 |         name: "B"
 8 |         url: "nats://127.0.0.1:5228"
 9 |     }
10 | ]
11 | 


--------------------------------------------------------------------------------
/server/configs/include_bad_conf_check_a.conf:
--------------------------------------------------------------------------------
1 | 
2 | port = 4222
3 | 
4 | include "include_bad_conf_check_b.conf"
5 | 
6 | # http_port = $monitoring_port
7 | 


--------------------------------------------------------------------------------
/server/configs/include_bad_conf_check_b.conf:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 |                   monitoring_port = 8222
11 | 
12 | include "include_conf_check_c.conf"
13 | 


--------------------------------------------------------------------------------
/server/configs/include_conf_check_a.conf:
--------------------------------------------------------------------------------
1 | 
2 | port = 4222
3 | 
4 | include "include_conf_check_b.conf"
5 | 
6 | http_port = $monitoring_port
7 | 


--------------------------------------------------------------------------------
/server/configs/include_conf_check_b.conf:
--------------------------------------------------------------------------------
1 | 
2 | monitoring_port = 8222
3 | 
4 | include "include_conf_check_c.conf"
5 | 


--------------------------------------------------------------------------------
/server/configs/include_conf_check_c.conf:
--------------------------------------------------------------------------------
1 | 
2 | authorization {
3 |   user = "foo"
4 |   pass = "bar"
5 | }
6 | 


--------------------------------------------------------------------------------
/server/configs/listen-1.conf:
--------------------------------------------------------------------------------
1 | # Make sure -1 works in listen directives too.
2 | listen: 10.0.1.22:-1
3 | 
4 | http: -1
5 | https: :-1
6 | 


--------------------------------------------------------------------------------
/server/configs/listen.conf:
--------------------------------------------------------------------------------
 1 | # Test all permutations of listen address parsing, client, cluster and http.
 2 | 
 3 | listen: 10.0.1.22:4422
 4 | 
 5 | http: 127.0.0.1:8422
 6 | https: 127.0.0.1:9443
 7 | 
 8 | cluster {
 9 |   listen: 127.0.0.1:4244
10 |   name: "abc"
11 | }
12 | 


--------------------------------------------------------------------------------
/server/configs/listen_port.conf:
--------------------------------------------------------------------------------
1 | listen: 8922
2 | 


--------------------------------------------------------------------------------
/server/configs/listen_port_with_colon.conf:
--------------------------------------------------------------------------------
1 | listen: :8922
2 | 


--------------------------------------------------------------------------------
/server/configs/malformed_cluster_address.conf:
--------------------------------------------------------------------------------
1 | # Test malformed cluster listen address
2 | cluster {
3 |   listen: 266.0.0.1:foo
4 | }
5 | 


--------------------------------------------------------------------------------
/server/configs/malformed_listen_address.conf:
--------------------------------------------------------------------------------
1 | # test garbage listen address for failure
2 | listen: 10.0.1.22:foo


--------------------------------------------------------------------------------
/server/configs/multiple_errors.conf:
--------------------------------------------------------------------------------
 1 | 
 2 | authorization {
 3 |   user = foo
 4 |   pass = bar
 5 |   token = quux
 6 | }
 7 | 
 8 | http_port = 8222
 9 | 
10 | monitoring = 8222
11 | 
12 | write_deadline = 5
13 | 
14 | accounts {
15 |   synadia {
16 |     exports = [
17 |       { stream: "synadia.>" }
18 |     ]
19 |   
20 |     # Malformed nkeys
21 |     nkey = "OC5GRL36RQV7MJ2GT6WQSCKDKJKYTK4T2LGLWJ2SEJKRDHFOQQWGGFQL"
22 | 
23 |     users [
24 |       {
25 |         # Malformed nkeys
26 |         nkey = "OCARKS2E3KVB7YORL2DG34XLT7PUCOL2SVM7YXV6ETHLW6Z46UUJ2VZ3"
27 |       }
28 |     ]
29 |   }
30 | 
31 |   #
32 |   # + nats < synadia
33 |   #
34 |   nats {
35 |     # Malformed nkeys
36 |     nkey = "ODRZ42QBM7SXQDXXTSVWT2WLLFYOQGAFC4TO6WOAXHEKQHIXR4HFYJDS"
37 | 
38 |     users [
39 |       {
40 |         # Malformed nkeys
41 |         nkey = "OD6AYQSOIN2IN5OGC6VQZCR4H3UFMIOXSW6NNS6N53CLJA4PB56CEJJI"
42 |       }
43 |     ]
44 | 
45 |     imports = [
46 |       { stream: { account: "synadia", subject: "synadia.>" }, prefix: "imports.nats" }
47 |     ]
48 |   }
49 | 
50 |   # + cncf < synadia
51 |   cncf {
52 |     nkey = "AD4YRVUJF2KASKPGRMNXTYKIYSCB3IHHB4Y2ME6B2PDIV5QJ23C2ZRIT"
53 | 
54 |     users [
55 |       {
56 |         nkey = "UB57IEMPG4KOTPFV5A66QKE2HZ3XBXFHVRCCVMJEWKECMVN2HSH3VTSJ"
57 |       }
58 |     ]
59 | 
60 |     imports = [
61 |       { stream: { account: "synadia", subject: "synadia.>" }, prefix: "imports.cncf" }
62 |     ]
63 |   }
64 | }
65 | 
66 | cluster {
67 |   authorization {
68 |     users = []
69 |   }
70 | }
71 | 


--------------------------------------------------------------------------------
/server/configs/multiple_users.conf:
--------------------------------------------------------------------------------
 1 | listen: 127.0.0.1:4443
 2 | 
 3 | authorization {
 4 |     users = [
 5 |       {user: alice, password: foo}
 6 |       {user: bob,   password: bar}
 7 |     ]
 8 |     timeout: 0.5
 9 | }
10 | 


--------------------------------------------------------------------------------
/server/configs/new_style_authorization.conf:
--------------------------------------------------------------------------------
 1 | listen: 127.0.0.1:4222
 2 | 
 3 | authorization {
 4 |   # Our new style role based permissions.
 5 |   # These support both allow and deny.
 6 | 
 7 |   # If allow is empty it means all or ">"
 8 |   # If deny is empty it means none, or empty list.
 9 | 
10 |   normal_user = {
11 |     # Can send to foo, bar or baz only.
12 |     publish = {
13 |       allow = ["foo", "bar", "baz"]
14 |     }
15 |     # Can subscribe to everything but $SYS prefixed subjects.
16 |     subscribe = {
17 |       deny = "$SYS.>"
18 |     }
19 |   }
20 | 
21 |  admin_user = {
22 |    publish = "$SYS.>"
23 |    subscribe = {
24 |      deny = ["foo", "bar", "baz"]
25 |    }
26 |  }
27 | 
28 |   # Users listed with persmissions.
29 |   users = [
30 |     {user: alice, password: foo, permissions: $normal_user}
31 |     {user: bob, password: special, permissions: $admin_user}
32 |   ]
33 | }
34 | 


--------------------------------------------------------------------------------
/server/configs/one.creds:
--------------------------------------------------------------------------------
 1 | -----BEGIN NATS USER JWT-----
 2 | eyJ0eXAiOiJKV1QiLCJhbGciOiJlZDI1NTE5LW5rZXkifQ.eyJqdGkiOiJHRUNQVEpISE1TM01DTUtMVFBHWUdBTzQ1R1E2TjZRUFlXUTRHUExBRUIzM1ZDUkpOUlZRIiwiaWF0IjoxNjE2MjQ3MjMyLCJpc3MiOiJBQlZSWktKNlo3TklNUElZSlJDSEVZRlJVTzdFTk42TldPS1FERkxGREZWUFNNMzZVUFgyVUNQUCIsIm5hbWUiOiJvbmUiLCJzdWIiOiJVRENJQkdHR0hDSkJRUE9PNFNDSkpCSFpEUjM3TlFHR0NJV01ORzJEREFLSjZXTUtCTUFLWElNTyIsIm5hdHMiOnsicHViIjp7fSwic3ViIjp7fSwic3VicyI6LTEsImRhdGEiOi0xLCJwYXlsb2FkIjotMSwidHlwZSI6InVzZXIiLCJ2ZXJzaW9uIjoyfX0.VLhSDtGZEF_jdvgmhgkdISXAt5wFMMZxxwm5w8UrsnlM1hkUvtxBlTe4IP0xJIf4xf8JOR2Bmf73xUGJKUZECQ
 3 | ------END NATS USER JWT------
 4 | 
 5 | ************************* IMPORTANT *************************
 6 | NKEY Seed printed below can be used to sign and prove identity.
 7 | NKEYs are sensitive and should be treated as secrets.
 8 | 
 9 | -----BEGIN USER NKEY SEED-----
10 | SUAPCDMU5TSHHLWUUZSOUABJXP2GXRCZVEOVWPSVM5XRSXYGQMRRFDYNMY
11 | ------END USER NKEY SEED------
12 | 
13 | *************************************************************
14 | 


--------------------------------------------------------------------------------
/server/configs/reload/authorization_1.conf:
--------------------------------------------------------------------------------
 1 | listen:   127.0.0.1:-1
 2 | 
 3 | authorization {
 4 |   # Our role based permissions.
 5 | 
 6 |   # Superuser can do anything.
 7 |   super_user = {
 8 |     publish = ">"
 9 |     subscribe = ">"
10 |   }
11 |   # Can do requests on foo or bar, and subscribe to anything
12 |   # that is a response to an _INBOX.
13 |   #
14 |   # Notice that authorization filters can be singletons or arrays.
15 |   req_pub_user = {
16 |     publish = ["req.foo", "req.bar"]
17 |     subscribe = "_INBOX.>"
18 |   }
19 | 
20 |   # Setup a default user that can subscribe to anything, but has
21 |   # no publish capabilities.
22 |   default_user = {
23 |     subscribe = {
24 |       allow: ["PUBLIC.>", "foo.*"]
25 |       deny: "foo.bar"
26 |     }
27 |   }
28 | 
29 |   # Default permissions if none presented. e.g. susan below.
30 |   default_permissions: $default_user
31 | 
32 |   # Users listed with persmissions.
33 |   users = [
34 |     {user: alice, password: foo, permissions: $super_user}
35 |     {user: bob,   password: bar, permissions: $req_pub_user}
36 |     {user: susan, password: baz}
37 |   ]
38 | }
39 | 


--------------------------------------------------------------------------------
/server/configs/reload/authorization_2.conf:
--------------------------------------------------------------------------------
 1 | listen:   127.0.0.1:-1
 2 | 
 3 | authorization {
 4 |   # Our role based permissions.
 5 | 
 6 |   # Superuser can do anything.
 7 |   super_user = {
 8 |     publish = ">"
 9 |     subscribe = ">"
10 |   }
11 |   # Can do requests on _INBOX.foo.bar, and subscribe to anything
12 |   # that is a response to an _INBOX.foo.
13 |   #
14 |   # Notice that authorization filters can be singletons or arrays.
15 |   req_pub_user = {
16 |     publish = ["_INBOX.foo.bar"]
17 |     subscribe = "_INBOX.foo.>"
18 |   }
19 | 
20 |   # Setup a default user that can subscribe to anything, but has
21 |   # no publish capabilities.
22 |   default_user = {
23 |     subscribe = {
24 |       allow: ["PUBLIC.>", "foo.*"]
25 |       deny: ["PUBLIC.foo"]
26 |     }
27 |   }
28 | 
29 |   # Default permissions if none presented. e.g. susan below.
30 |   default_permissions: $default_user
31 | 
32 |   # Users listed with persmissions.
33 |   users = [
34 |     {user: alice, password: foo, permissions: $super_user}
35 |     {user: bob,   password: bar, permissions: $req_pub_user}
36 |     {user: susan, password: baz}
37 |   ]
38 | }
39 | 


--------------------------------------------------------------------------------
/server/configs/reload/basic.conf:
--------------------------------------------------------------------------------
1 | listen:   127.0.0.1:-1
2 | 


--------------------------------------------------------------------------------
/server/configs/reload/file_rotate.conf:
--------------------------------------------------------------------------------
1 | listen:   127.0.0.1:-1
2 | logfile: "log.txt"
3 | pid_file: "nats-server.pid"
4 | 


--------------------------------------------------------------------------------
/server/configs/reload/file_rotate1.conf:
--------------------------------------------------------------------------------
1 | listen:   127.0.0.1:-1
2 | logfile: "log1.txt"
3 | pid_file: "nats-server1.pid"
4 | 


--------------------------------------------------------------------------------
/server/configs/reload/invalid.conf:
--------------------------------------------------------------------------------
1 | # Invalid config file
2 | trace:
3 | 


--------------------------------------------------------------------------------
/server/configs/reload/max_connections.conf:
--------------------------------------------------------------------------------
1 | listen:   127.0.0.1:-1
2 | 
3 | max_connections: 1
4 | 


--------------------------------------------------------------------------------
/server/configs/reload/max_payload.conf:
--------------------------------------------------------------------------------
1 | listen:   127.0.0.1:-1
2 | 
3 | max_payload: 1
4 | 


--------------------------------------------------------------------------------
/server/configs/reload/multiple_users_1.conf:
--------------------------------------------------------------------------------
 1 | listen:   127.0.0.1:-1
 2 | 
 3 | authorization {
 4 |     users = [
 5 |       {user: alice, password: foo}
 6 |       {user: bob,   password: bar}
 7 |     ]
 8 |     timeout: 0.5
 9 | }
10 | 


--------------------------------------------------------------------------------
/server/configs/reload/multiple_users_2.conf:
--------------------------------------------------------------------------------
 1 | listen:   127.0.0.1:-1
 2 | 
 3 | authorization {
 4 |     users = [
 5 |       {user: alice, password: baz}
 6 |       {user: bob,   password: bar}
 7 |     ]
 8 |     timeout: 0.5
 9 | }
10 | 


--------------------------------------------------------------------------------
/server/configs/reload/reload.conf:
--------------------------------------------------------------------------------
 1 | include 'platform.conf'
 2 | 
 3 | port: 2233
 4 | 
 5 | # logging options
 6 | debug:         true # enable on reload
 7 | trace:         true # enable on reload
 8 | logtime:       true # enable on reload
 9 | logtime_utc:   true # enable on reload
10 | 
11 | log_file:         "nats-server.log" # change on reload
12 | pid_file:         "nats-server.pid" # change on reload
13 | max_control_line: 512 # change on reload
14 | ping_interval:    5 # change on reload
15 | ping_max:         1 # change on reload
16 | write_deadline:   "3s" # change on reload
17 | max_payload:      1024 # change on reload
18 | 
19 | # Enable TLS on reload
20 | tls {
21 |     cert_file: "../test/configs/certs/server-cert.pem"
22 |     key_file: "../test/configs/certs/server-key.pem"
23 |     ca_file: "../test/configs/certs/ca.pem"
24 |     verify: true
25 | }
26 | 
27 | # Enable authorization on reload
28 | authorization {
29 |     user:     tyler
30 |     password: T0pS3cr3t
31 |     timeout:  2
32 | }
33 | 
34 | cluster {
35 |     listen:       127.0.0.1:-1
36 |     name: "abc"
37 |     no_advertise: true # enable on reload
38 |     ping_interval: '20s'
39 |     ping_max: 8
40 | }
41 | 


--------------------------------------------------------------------------------
/server/configs/reload/reload_unsupported.conf:
--------------------------------------------------------------------------------
1 | # logging options
2 | debug:   false
3 | trace:   true
4 | logtime: true
5 | 
6 | # Removes cluster host, which is unsupported.
7 | 


--------------------------------------------------------------------------------
/server/configs/reload/single_user_authentication_1.conf:
--------------------------------------------------------------------------------
1 | listen:   127.0.0.1:-1
2 | 
3 | authorization {
4 |     user:     tyler
5 |     password: T0pS3cr3t
6 | }
7 | 


--------------------------------------------------------------------------------
/server/configs/reload/single_user_authentication_2.conf:
--------------------------------------------------------------------------------
1 | listen:   127.0.0.1:-1
2 | 
3 | authorization {
4 |     user:     derek
5 |     password: passw0rd
6 | }
7 | 


--------------------------------------------------------------------------------
/server/configs/reload/srv_a_1.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server A
 2 | 
 3 | listen: 127.0.0.1:-1
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:7244
 7 |   name: "abc"
 8 | 
 9 |   routes = [
10 |     nats-route://127.0.0.1:7246
11 |   ]
12 | }
13 | 
14 | no_sys_acc: true
15 | 


--------------------------------------------------------------------------------
/server/configs/reload/srv_a_2.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server A
 2 | 
 3 | listen: 127.0.0.1:-1
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:7244
 7 |   name: "abc"
 8 | 
 9 |   routes = [
10 |     nats-route://tyler:foo@127.0.0.1:7246 # Use route credentials
11 |   ]
12 | }
13 | 
14 | no_sys_acc: true
15 | 


--------------------------------------------------------------------------------
/server/configs/reload/srv_a_3.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server A
 2 | 
 3 | listen: 127.0.0.1:-1
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:7244
 7 |   name: "abc"
 8 | 
 9 |   routes = [
10 |     nats-route://127.0.0.1:7247 # Remove srv b route and add srv c
11 |   ]
12 | }
13 | 
14 | no_sys_acc: true
15 | 


--------------------------------------------------------------------------------
/server/configs/reload/srv_a_4.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server A
 2 | 
 3 | listen: 127.0.0.1:-1
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:7244
 7 |   name: "abc"
 8 | }
 9 | 
10 | no_sys_acc: true
11 | 


--------------------------------------------------------------------------------
/server/configs/reload/srv_b_1.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server B
 2 | 
 3 | listen: 127.0.0.1:-1
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:7246
 7 |   name: "abc"
 8 | }
 9 | 
10 | no_sys_acc: true
11 | 


--------------------------------------------------------------------------------
/server/configs/reload/srv_b_2.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server B
 2 | 
 3 | listen: 127.0.0.1:-1
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:7246
 7 |   name: "abc"
 8 | 
 9 |   # Enable route authorization.
10 |   authorization {
11 |     user:     tyler
12 |     password: foo
13 |   }
14 | }
15 | 
16 | no_sys_acc: true
17 | 


--------------------------------------------------------------------------------
/server/configs/reload/srv_c_1.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server C
 2 | 
 3 | listen: 127.0.0.1:-1
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:7247
 7 |   name: "abc"
 8 | }
 9 | 
10 | no_sys_acc: true
11 | 


--------------------------------------------------------------------------------
/server/configs/reload/test.conf:
--------------------------------------------------------------------------------
 1 | port: 2233
 2 | 
 3 | # logging options
 4 | debug:   false
 5 | trace:   false
 6 | logtime: false
 7 | 
 8 | cluster {
 9 |     listen:       127.0.0.1:-1
10 |     name:         "abc"
11 |     no_advertise: false
12 | }
13 | 


--------------------------------------------------------------------------------
/server/configs/reload/tls_multi_cert_1.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen:   127.0.0.1:-1
 4 | 
 5 | tls {
 6 |   certs = [
 7 |     {
 8 |       cert_file: "../test/configs/certs/srva-cert.pem"
 9 |       key_file:  "../test/configs/certs/srva-key.pem"
10 |     }
11 |   ]
12 |   timeout:    2
13 | }
14 | 


--------------------------------------------------------------------------------
/server/configs/reload/tls_multi_cert_2.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen:   127.0.0.1:-1
 4 | 
 5 | tls {
 6 |   certs = [
 7 |     {
 8 |       cert_file: "../test/configs/certs/srva-cert.pem"
 9 |       key_file:  "../test/configs/certs/srva-key.pem"
10 |     },
11 |     {
12 |       cert_file: "../test/configs/certs/srvb-cert.pem"
13 |       key_file:  "../test/configs/certs/srvb-key.pem"
14 |     }
15 |   ]
16 |   ca_file: "../test/configs/certs/ca.pem"
17 |   verify:  true
18 |   timeout: 2
19 | }
20 | 


--------------------------------------------------------------------------------
/server/configs/reload/tls_multi_cert_3.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen:   127.0.0.1:-1
 4 | 
 5 | tls {
 6 |   certs = [
 7 |     {
 8 |       cert_file: "../test/configs/certs/srvb-cert.pem"
 9 |       key_file:  "../test/configs/certs/srvb-key.pem"
10 |     }
11 |   ]
12 |   timeout: 2
13 | }
14 | 


--------------------------------------------------------------------------------
/server/configs/reload/tls_test.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen:   127.0.0.1:-1
 4 | 
 5 | tls {
 6 |   cert_file:  "./configs/certs/server.pem"
 7 |   key_file:   "./configs/certs/key.pem"
 8 |   timeout:    2
 9 | }
10 | 


--------------------------------------------------------------------------------
/server/configs/reload/tls_verify_test.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen:   127.0.0.1:-1
 4 | 
 5 | tls {
 6 |   cert_file:  "./configs/certs/cert.new.pem"
 7 |   key_file:   "./configs/certs/key.new.pem"
 8 |   ca_file:    "./configs/certs/cert.new.pem"
 9 |   verify:     true
10 |   timeout:    2
11 | }
12 | 


--------------------------------------------------------------------------------
/server/configs/reload/token_authentication_1.conf:
--------------------------------------------------------------------------------
1 | listen:   127.0.0.1:-1
2 | 
3 | authorization {
4 |     token: T0pS3cr3t
5 | }
6 | 


--------------------------------------------------------------------------------
/server/configs/reload/token_authentication_2.conf:
--------------------------------------------------------------------------------
1 | listen:   127.0.0.1:-1
2 | 
3 | authorization {
4 |     token: passw0rd
5 | }
6 | 


--------------------------------------------------------------------------------
/server/configs/seed.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Seed Node
 2 | 
 3 | listen: 127.0.0.1:7222
 4 | 
 5 | http: 127.0.0.1:9222
 6 | 
 7 | cluster {
 8 |   listen: 127.0.0.1:7248
 9 |   name: "abc"
10 | }
11 | 


--------------------------------------------------------------------------------
/server/configs/seed_tls.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Seed Node
 2 | 
 3 | listen: 127.0.0.1:7222
 4 | 
 5 | http: 127.0.0.1:9222
 6 | 
 7 | cluster {
 8 |   listen: 127.0.0.1:7248
 9 |   name: "abc"
10 | 
11 |   tls {
12 |     # Route cert
13 |     cert_file: "../test/configs/certs/server-cert.pem"
14 |     # Private key
15 |     key_file:  "../test/configs/certs/server-key.pem"
16 |     # Specified time for handshake to complete
17 |     timeout: 2
18 | 
19 |     # Optional certificate authority verifying connected routes
20 |     # Required when we have self-signed CA, etc.
21 |     ca_file:   "../test/configs/certs/ca.pem"
22 |   }
23 | }
24 | 


--------------------------------------------------------------------------------
/server/configs/srv_a.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server A
 2 | 
 3 | listen: 127.0.0.1:7222
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:7244
 7 |   name: "abc"
 8 | 
 9 |   authorization {
10 |     user: ruser
11 |     password: top_secret
12 |     timeout: 0.5
13 |   }
14 | 
15 |   # Routes are actively solicited and connected to from this server.
16 |   # Other servers can connect to us if they supply the correct credentials
17 |   # in their routes definitions from above.
18 | 
19 |   routes = [
20 |     nats-route://ruser:top_secret@127.0.0.1:7246
21 |   ]
22 | }
23 | 


--------------------------------------------------------------------------------
/server/configs/srv_a_bcrypt.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server A
 2 | 
 3 | listen: 127.0.0.1:7222
 4 | 
 5 | authorization {
 6 |   user: user
 7 |   password: foo
 8 |   timeout: 2
 9 | }
10 | 
11 | cluster {
12 |   listen: 127.0.0.1:7244
13 |   name: "abc"
14 | 
15 |   authorization {
16 |     user: ruser
17 |     # bcrypt version of 'bar'
18 |     password: $2a$10$LoRPzN3GtF2pNX5QgCBBHeUr6/zVN./RVGOu5U8SpHyg2sfzvfXji
19 |     timeout: 5
20 |   }
21 | }
22 | 


--------------------------------------------------------------------------------
/server/configs/srv_b.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server B
 2 | 
 3 | listen: 127.0.0.1:7224
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:7246
 7 |   name: "abc"
 8 | 
 9 |   authorization {
10 |     user: ruser
11 |     password: top_secret
12 |     timeout: 0.5
13 |   }
14 | 
15 |   # Routes are actively solicited and connected to from this server.
16 |   # Other servers can connect to us if they supply the correct credentials
17 |   # in their routes definitions from above.
18 | 
19 |   routes = [
20 |     nats-route://ruser:top_secret@127.0.0.1:7244
21 |   ]
22 | }
23 | 


--------------------------------------------------------------------------------
/server/configs/srv_b_bcrypt.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server B
 2 | 
 3 | listen: 127.0.0.1:7224
 4 | 
 5 | authorization {
 6 |   user: user
 7 |   password: foo
 8 |   timeout: 2
 9 | }
10 | 
11 | cluster {
12 |   listen: 127.0.0.1:7246
13 |   name: "abc"
14 | 
15 |   authorization {
16 |     user: ruser
17 |     # bcrypt version of 'bar'
18 |     password: $2a$10$LoRPzN3GtF2pNX5QgCBBHeUr6/zVN./RVGOu5U8SpHyg2sfzvfXji
19 |     timeout: 5
20 |   }
21 | 
22 |   # Routes are actively solicited and connected to from this server.
23 |   # Other servers can connect to us if they supply the correct credentials
24 |   # in their routes definitions from above.
25 | 
26 |   routes = [
27 |     nats-route://ruser:bar@127.0.0.1:7244
28 |   ]
29 | }
30 | 


--------------------------------------------------------------------------------
/server/configs/test.conf:
--------------------------------------------------------------------------------
 1 | # Simple config file
 2 | 
 3 | server_name: testing_server
 4 | 
 5 | listen: 127.0.0.1:4242
 6 | 
 7 | http: 8222
 8 | 
 9 | http_base_path: /nats
10 | 
11 | authorization {
12 |   user:     derek
13 |   password: porkchop
14 |   timeout:  1
15 | }
16 | 
17 | # logging options
18 | debug:   false
19 | trace:   true
20 | logtime: false
21 | syslog: true
22 | remote_syslog: "udp://foo.com:33"
23 | 
24 | # pid file
25 | pid_file: "/tmp/nats-server/nats-server.pid"
26 | 
27 | # prof_port
28 | prof_port: 6543
29 | 
30 | # max_connections
31 | max_connections: 100
32 | 
33 | # max_subscriptions (per connection)
34 | max_subscriptions: 1000
35 | 
36 | # max_pending
37 | max_pending: 10000000
38 | 
39 | # maximum control line
40 | max_control_line: 2048
41 | 
42 | # maximum payload
43 | max_payload: 65536
44 | 
45 | # ping interval and no pong threshold
46 | ping_interval: "60s"
47 | ping_max: 3
48 | 
49 | # how long server can block on a socket write to a client
50 | write_deadline: "3s"
51 | 
52 | lame_duck_duration: "4m"
53 | 
54 | # report repeated failed route/gateway/leafNode connection
55 | # every 24hour (24*60*60)
56 | connect_error_reports: 86400
57 | 
58 | # report failed reconnect events every 5 attempts
59 | reconnect_error_reports: 5
60 | 


--------------------------------------------------------------------------------
/server/configs/tls.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen: 127.0.0.1:4443
 4 | 
 5 | tls {
 6 |   cert_file:  "./configs/certs/server.pem"
 7 |   key_file:   "./configs/certs/key.pem"
 8 |   timeout:    "2s"
 9 | }
10 | 
11 | authorization {
12 |   user:     derek
13 |   password: foo
14 |   timeout:  1
15 | }
16 | 


--------------------------------------------------------------------------------
/server/configs/tls/tls-ed25519.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS (ed25519) config file
 2 | 
 3 | listen: 127.0.0.1:-1
 4 | 
 5 | tls {
 6 |   cert_file:  "./configs/certs/tls/benchmark-server-cert-ed25519.pem"
 7 |   key_file:   "./configs/certs/tls/benchmark-server-key-ed25519.pem"
 8 |   ca_file:    "./configs/certs/tls/benchmark-ca-cert.pem"
 9 |   timeout:    "5s"
10 | }
11 | 


--------------------------------------------------------------------------------
/server/configs/tls/tls-none.conf:
--------------------------------------------------------------------------------
1 | # Simple config file
2 | 
3 | listen: 127.0.0.1:-1
4 | 
5 | 


--------------------------------------------------------------------------------
/server/configs/tls/tls-rsa-1024.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS (rsa-1024) config file
 2 | 
 3 | listen: 127.0.0.1:-1
 4 | 
 5 | tls {
 6 |   cert_file:  "./configs/certs/tls/benchmark-server-cert-rsa-1024.pem"
 7 |   key_file:   "./configs/certs/tls/benchmark-server-key-rsa-1024.pem"
 8 |   ca_file:    "./configs/certs/tls/benchmark-ca-cert.pem"
 9 |   timeout:    "5s"
10 | }
11 | 


--------------------------------------------------------------------------------
/server/configs/tls/tls-rsa-2048.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS (rsa-2048) config file
 2 | 
 3 | listen: 127.0.0.1:-1
 4 | 
 5 | tls {
 6 |   cert_file:  "./configs/certs/tls/benchmark-server-cert-rsa-2048.pem"
 7 |   key_file:   "./configs/certs/tls/benchmark-server-key-rsa-2048.pem"
 8 |   ca_file:    "./configs/certs/tls/benchmark-ca-cert.pem"
 9 |   timeout:    "5s"
10 | }
11 | 


--------------------------------------------------------------------------------
/server/configs/tls/tls-rsa-4096.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS (rsa-4096) config file
 2 | 
 3 | listen: 127.0.0.1:-1
 4 | 
 5 | tls {
 6 |   cert_file:  "./configs/certs/tls/benchmark-server-cert-rsa-4096.pem"
 7 |   key_file:   "./configs/certs/tls/benchmark-server-key-rsa-4096.pem"
 8 |   ca_file:    "./configs/certs/tls/benchmark-ca-cert.pem"
 9 |   timeout:    "5s"
10 | }
11 | 


--------------------------------------------------------------------------------
/server/configs/tls_bad_cipher.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen: 127.0.0.1:4443
 4 | 
 5 | tls {
 6 |   cert_file:  "./configs/certs/server.pem"
 7 |   key_file:   "./configs/certs/key.pem"
 8 |   timeout: 2
 9 | 
10 |   # this should generate an error
11 |   cipher_suites: [
12 | 	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
13 | 	"BAD_CIPHER_SPEC",
14 | 	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
15 | 	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
16 |   ]
17 | }
18 | 


--------------------------------------------------------------------------------
/server/configs/tls_bad_curve_prefs.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen: 127.0.0.1:4443
 4 | 
 5 | tls {
 6 |   cert_file:  "./configs/certs/server.pem"
 7 |   key_file:   "./configs/certs/key.pem"
 8 |   timeout: 2
 9 |   curve_preferences: [
10 | 		"GARBAGE"
11 |   ]
12 | }
13 | 


--------------------------------------------------------------------------------
/server/configs/tls_ciphers.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen: 127.0.0.1:4443
 4 | 
 5 | tls {
 6 |   cert_file:  "./configs/certs/server.pem"
 7 |   key_file:   "./configs/certs/key.pem"
 8 |   timeout: 2
 9 |   cipher_suites: [
10 | 	"TLS_RSA_WITH_RC4_128_SHA",
11 | 	"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
12 | 	"TLS_RSA_WITH_AES_128_CBC_SHA",
13 | 	"TLS_RSA_WITH_AES_256_CBC_SHA",
14 | 	"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
15 | 	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
16 | 	"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
17 | 	"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
18 | 	"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
19 | 	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
20 | 	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
21 | 	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
22 | 	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
23 |   ]
24 | }
25 | 
26 | authorization {
27 |   user:     derek
28 |   password: monkey
29 |   timeout:  1
30 | }
31 | 


--------------------------------------------------------------------------------
/server/configs/tls_curve_prefs.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen: 127.0.0.1:4443
 4 | 
 5 | tls {
 6 |   cert_file:  "./configs/certs/server.pem"
 7 |   key_file:   "./configs/certs/key.pem"
 8 |   timeout: 2
 9 |   curve_preferences: [
10 | 		"CurveP256"
11 |   ]
12 | }
13 | 


--------------------------------------------------------------------------------
/server/configs/tls_empty_cipher.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen: 127.0.0.1:4443
 4 | 
 5 | tls {
 6 |   cert_file:  "./configs/certs/server.pem"
 7 |   key_file:   "./configs/certs/key.pem"
 8 |   timeout: 2
 9 | 
10 |   # this should generate an error
11 |   cipher_suites: [
12 |   ]
13 | }
14 | 


--------------------------------------------------------------------------------
/server/configs/tls_empty_curve_prefs.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen: 127.0.0.1:4443
 4 | 
 5 | tls {
 6 |   cert_file:  "./configs/certs/server.pem"
 7 |   key_file:   "./configs/certs/key.pem"
 8 |   timeout: 2
 9 |   curve_preferences: [
10 |   ]
11 | }
12 | 


--------------------------------------------------------------------------------
/server/disk_avail.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2020-2022 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build !windows && !openbsd && !netbsd && !wasm
15 | 
16 | package server
17 | 
18 | import (
19 | 	"os"
20 | 	"syscall"
21 | )
22 | 
23 | func diskAvailable(storeDir string) int64 {
24 | 	var ba int64
25 | 	if _, err := os.Stat(storeDir); os.IsNotExist(err) {
26 | 		os.MkdirAll(storeDir, defaultDirPerms)
27 | 	}
28 | 	var fs syscall.Statfs_t
29 | 	if err := syscall.Statfs(storeDir, &fs); err == nil {
30 | 		// Estimate 75% of available storage.
31 | 		ba = int64(uint64(fs.Bavail) * uint64(fs.Bsize) / 4 * 3)
32 | 	} else {
33 | 		// Used 1TB default as a guess if all else fails.
34 | 		ba = JetStreamMaxStoreDefault
35 | 	}
36 | 	return ba
37 | }
38 | 


--------------------------------------------------------------------------------
/server/disk_avail_netbsd.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2022 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build netbsd
15 | 
16 | package server
17 | 
18 | // TODO - See if there is a version of this for NetBSD.
19 | func diskAvailable(storeDir string) int64 {
20 | 	return JetStreamMaxStoreDefault
21 | }
22 | 


--------------------------------------------------------------------------------
/server/disk_avail_openbsd.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2021 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build openbsd
15 | 
16 | package server
17 | 
18 | import (
19 | 	"os"
20 | 	"syscall"
21 | )
22 | 
23 | func diskAvailable(storeDir string) int64 {
24 | 	var ba int64
25 | 	if _, err := os.Stat(storeDir); os.IsNotExist(err) {
26 | 		os.MkdirAll(storeDir, defaultDirPerms)
27 | 	}
28 | 	var fs syscall.Statfs_t
29 | 	if err := syscall.Statfs(storeDir, &fs); err == nil {
30 | 		// Estimate 75% of available storage.
31 | 		ba = int64(uint64(fs.F_bavail) * uint64(fs.F_bsize) / 4 * 3)
32 | 	} else {
33 | 		// Used 1TB default as a guess if all else fails.
34 | 		ba = JetStreamMaxStoreDefault
35 | 	}
36 | 	return ba
37 | }
38 | 


--------------------------------------------------------------------------------
/server/disk_avail_wasm.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2022-2021 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build wasm
15 | 
16 | package server
17 | 
18 | func diskAvailable(storeDir string) int64 {
19 | 	return JetStreamMaxStoreDefault
20 | }
21 | 


--------------------------------------------------------------------------------
/server/disk_avail_windows.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2020-2021 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build windows
15 | 
16 | package server
17 | 
18 | // TODO(dlc) - See if there is a version of this for windows.
19 | func diskAvailable(storeDir string) int64 {
20 | 	return JetStreamMaxStoreDefault
21 | }
22 | 


--------------------------------------------------------------------------------
/server/fuzz.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2020-2022 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build gofuzz
15 | 
16 | package server
17 | 
18 | var defaultFuzzServerOptions = Options{
19 | 	Host:                  "127.0.0.1",
20 | 	Trace:                 true,
21 | 	Debug:                 true,
22 | 	DisableShortFirstPing: true,
23 | 	NoLog:                 true,
24 | 	NoSigs:                true,
25 | }
26 | 
27 | func dummyFuzzClient() *client {
28 | 	return &client{srv: New(&defaultFuzzServerOptions), msubs: -1, mpay: MAX_PAYLOAD_SIZE, mcl: MAX_CONTROL_LINE_SIZE}
29 | }
30 | 
31 | func FuzzClient(data []byte) int {
32 | 	if len(data) < 100 {
33 | 		return -1
34 | 	}
35 | 	c := dummyFuzzClient()
36 | 
37 | 	err := c.parse(data[:50])
38 | 	if err != nil {
39 | 		return 0
40 | 	}
41 | 
42 | 	err = c.parse(data[50:])
43 | 	if err != nil {
44 | 		return 0
45 | 	}
46 | 	return 1
47 | }
48 | 


--------------------------------------------------------------------------------
/server/nkey.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2018-2023 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | package server
15 | 
16 | import (
17 | 	crand "crypto/rand"
18 | 	"encoding/base64"
19 | )
20 | 
21 | // Raw length of the nonce challenge
22 | const (
23 | 	nonceRawLen = 11
24 | 	nonceLen    = 15 // base64.RawURLEncoding.EncodedLen(nonceRawLen)
25 | )
26 | 
27 | // NonceRequired tells us if we should send a nonce.
28 | func (s *Server) NonceRequired() bool {
29 | 	s.mu.Lock()
30 | 	defer s.mu.Unlock()
31 | 	return s.nonceRequired()
32 | }
33 | 
34 | // nonceRequired tells us if we should send a nonce.
35 | // Lock should be held on entry.
36 | func (s *Server) nonceRequired() bool {
37 | 	return s.getOpts().AlwaysEnableNonce || len(s.nkeys) > 0 || s.trustedKeys != nil
38 | }
39 | 
40 | // Generate a nonce for INFO challenge.
41 | // Assumes server lock is held
42 | func (s *Server) generateNonce(n []byte) {
43 | 	var raw [nonceRawLen]byte
44 | 	data := raw[:]
45 | 	crand.Read(data)
46 | 	base64.RawURLEncoding.Encode(n, data)
47 | }
48 | 


--------------------------------------------------------------------------------
/server/pse/freebsd.txt:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * Compile and run this as a C program to get the kinfo_proc offsets
 3 |  * for your architecture.
 4 |  * While FreeBSD works hard at binary-compatibility within an ABI, various
 5 |  * we can't say for sure that these are right for _all_ use on a hardware
 6 |  * platform.  The LP64 ifdef affects the offsets considerably.
 7 |  *
 8 |  * We use these offsets in hardware-specific files for FreeBSD, to avoid a cgo
 9 |  * compilation-time dependency, allowing us to cross-compile for FreeBSD from
10 |  * other hardware platforms, letting us distribute binaries for FreeBSD.
11 |  */
12 | 
13 | #include <stddef.h>
14 | #include <stdint.h>
15 | #include <stdio.h>
16 | #include <sys/types.h>
17 | #include <sys/user.h>
18 | 
19 | #define SHOW_OFFSET(FIELD) printf(" KIP_OFF_%s = %zu\n", #FIELD, offsetof(struct kinfo_proc, ki_ ## FIELD))
20 | 
21 | int main(int argc, char *argv[]) {
22 | 	/* Uncomment these if you want some extra debugging aids:
23 | 	SHOW_OFFSET(pid);
24 | 	SHOW_OFFSET(ppid);
25 | 	SHOW_OFFSET(uid);
26 | 	*/
27 | 	SHOW_OFFSET(size);
28 | 	SHOW_OFFSET(rssize);
29 | 	SHOW_OFFSET(pctcpu);
30 | }
31 | 


--------------------------------------------------------------------------------
/server/pse/pse_dragonfly.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2015-2023 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | //
14 | // Copied from pse_openbsd.go
15 | 
16 | package pse
17 | 
18 | import (
19 | 	"fmt"
20 | 	"os"
21 | 	"os/exec"
22 | )
23 | 
24 | // ProcUsage returns CPU usage
25 | func ProcUsage(pcpu *float64, rss, vss *int64) error {
26 | 	pidStr := fmt.Sprintf("%d", os.Getpid())
27 | 	out, err := exec.Command("ps", "o", "pcpu=,rss=,vsz=", "-p", pidStr).Output()
28 | 	if err != nil {
29 | 		*rss, *vss = -1, -1
30 | 		return fmt.Errorf("ps call failed:%v", err)
31 | 	}
32 | 	fmt.Sscanf(string(out), "%f %d %d", pcpu, rss, vss)
33 | 	*rss *= 1024 // 1k blocks, want bytes.
34 | 	*vss *= 1024 // 1k blocks, want bytes.
35 | 	return nil
36 | }
37 | 


--------------------------------------------------------------------------------
/server/pse/pse_netbsd.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2022 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | //
14 | // Copied from pse_openbsd.go
15 | 
16 | package pse
17 | 
18 | import (
19 | 	"fmt"
20 | 	"os"
21 | 	"os/exec"
22 | )
23 | 
24 | // ProcUsage returns CPU usage
25 | func ProcUsage(pcpu *float64, rss, vss *int64) error {
26 | 	pidStr := fmt.Sprintf("%d", os.Getpid())
27 | 	out, err := exec.Command("ps", "o", "pcpu=,rss=,vsz=", "-p", pidStr).Output()
28 | 	if err != nil {
29 | 		*rss, *vss = -1, -1
30 | 		return fmt.Errorf("ps call failed:%v", err)
31 | 	}
32 | 	fmt.Sscanf(string(out), "%f %d %d", pcpu, rss, vss)
33 | 	*rss *= 1024 // 1k blocks, want bytes.
34 | 	*vss *= 1024 // 1k blocks, want bytes.
35 | 	return nil
36 | }
37 | 


--------------------------------------------------------------------------------
/server/pse/pse_openbsd.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2015-2018 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | //
14 | // Copied from pse_darwin.go
15 | 
16 | package pse
17 | 
18 | import (
19 | 	"fmt"
20 | 	"os"
21 | 	"os/exec"
22 | )
23 | 
24 | // ProcUsage returns CPU usage
25 | func ProcUsage(pcpu *float64, rss, vss *int64) error {
26 | 	pidStr := fmt.Sprintf("%d", os.Getpid())
27 | 	out, err := exec.Command("ps", "o", "pcpu=,rss=,vsz=", "-p", pidStr).Output()
28 | 	if err != nil {
29 | 		*rss, *vss = -1, -1
30 | 		return fmt.Errorf("ps call failed:%v", err)
31 | 	}
32 | 	fmt.Sscanf(string(out), "%f %d %d", pcpu, rss, vss)
33 | 	*rss *= 1024 // 1k blocks, want bytes.
34 | 	*vss *= 1024 // 1k blocks, want bytes.
35 | 	return nil
36 | }
37 | 


--------------------------------------------------------------------------------
/server/pse/pse_rumprun.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2015-2021 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build rumprun
15 | 
16 | package pse
17 | 
18 | // This is a placeholder for now.
19 | func ProcUsage(pcpu *float64, rss, vss *int64) error {
20 | 	*pcpu = 0.0
21 | 	*rss = 0
22 | 	*vss = 0
23 | 
24 | 	return nil
25 | }
26 | 


--------------------------------------------------------------------------------
/server/pse/pse_solaris.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2015-2018 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | package pse
15 | 
16 | // This is a placeholder for now.
17 | func ProcUsage(pcpu *float64, rss, vss *int64) error {
18 | 	*pcpu = 0.0
19 | 	*rss = 0
20 | 	*vss = 0
21 | 
22 | 	return nil
23 | }
24 | 


--------------------------------------------------------------------------------
/server/pse/pse_wasm.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2022 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build wasm
15 | 
16 | package pse
17 | 
18 | // This is a placeholder for now.
19 | func ProcUsage(pcpu *float64, rss, vss *int64) error {
20 | 	*pcpu = 0.0
21 | 	*rss = 0
22 | 	*vss = 0
23 | 
24 | 	return nil
25 | }
26 | 


--------------------------------------------------------------------------------
/server/pse/pse_zos.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2023 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build zos
15 | 
16 | package pse
17 | 
18 | // This is a placeholder for now.
19 | func ProcUsage(pcpu *float64, rss, vss *int64) error {
20 | 	*pcpu = 0.0
21 | 	*rss = 0
22 | 	*vss = 0
23 | 
24 | 	return nil
25 | }
26 | 


--------------------------------------------------------------------------------
/server/rate_counter.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2021-2021 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | package server
15 | 
16 | import (
17 | 	"sync"
18 | 	"time"
19 | )
20 | 
21 | type rateCounter struct {
22 | 	limit    int64
23 | 	count    int64
24 | 	blocked  uint64
25 | 	end      time.Time
26 | 	interval time.Duration
27 | 	mu       sync.Mutex
28 | }
29 | 
30 | func newRateCounter(limit int64) *rateCounter {
31 | 	return &rateCounter{
32 | 		limit:    limit,
33 | 		interval: time.Second,
34 | 	}
35 | }
36 | 
37 | func (r *rateCounter) allow() bool {
38 | 	now := time.Now()
39 | 
40 | 	r.mu.Lock()
41 | 
42 | 	if now.After(r.end) {
43 | 		r.count = 0
44 | 		r.end = now.Add(r.interval)
45 | 	} else {
46 | 		r.count++
47 | 	}
48 | 	allow := r.count < r.limit
49 | 	if !allow {
50 | 		r.blocked++
51 | 	}
52 | 
53 | 	r.mu.Unlock()
54 | 
55 | 	return allow
56 | }
57 | 
58 | func (r *rateCounter) countBlocked() uint64 {
59 | 	r.mu.Lock()
60 | 	blocked := r.blocked
61 | 	r.blocked = 0
62 | 	r.mu.Unlock()
63 | 
64 | 	return blocked
65 | }
66 | 


--------------------------------------------------------------------------------
/server/rate_counter_test.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2021-2021 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | package server
15 | 
16 | import (
17 | 	"testing"
18 | 	"time"
19 | )
20 | 
21 | func TestRateCounter(t *testing.T) {
22 | 	counter := newRateCounter(10)
23 | 	counter.interval = 100 * time.Millisecond
24 | 
25 | 	var i int
26 | 	for i = 0; i < 10; i++ {
27 | 		if !counter.allow() {
28 | 			t.Errorf("counter should allow (iteration %d)", i)
29 | 		}
30 | 	}
31 | 	for i = 0; i < 5; i++ {
32 | 		if counter.allow() {
33 | 			t.Errorf("counter should not allow (iteration %d)", i)
34 | 		}
35 | 	}
36 | 
37 | 	blocked := counter.countBlocked()
38 | 	if blocked != 5 {
39 | 		t.Errorf("Expected blocked = 5, got %d", blocked)
40 | 	}
41 | 
42 | 	blocked = counter.countBlocked()
43 | 	if blocked != 0 {
44 | 		t.Errorf("Expected blocked = 0, got %d", blocked)
45 | 	}
46 | 
47 | 	time.Sleep(150 * time.Millisecond)
48 | 
49 | 	if !counter.allow() {
50 | 		t.Errorf("Expected true after current time window expired")
51 | 	}
52 | }
53 | 


--------------------------------------------------------------------------------
/server/service.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2012-2021 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build !windows
15 | 
16 | package server
17 | 
18 | // Run starts the NATS server. This wrapper function allows Windows to add a
19 | // hook for running NATS as a service.
20 | func Run(server *Server) error {
21 | 	server.Start()
22 | 	return nil
23 | }
24 | 
25 | // isWindowsService indicates if NATS is running as a Windows service.
26 | func isWindowsService() bool {
27 | 	return false
28 | }
29 | 


--------------------------------------------------------------------------------
/server/service_test.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2012-2021 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build !windows
15 | 
16 | package server
17 | 
18 | import (
19 | 	"testing"
20 | 	"time"
21 | )
22 | 
23 | func TestRun(t *testing.T) {
24 | 	var (
25 | 		s       = New(DefaultOptions())
26 | 		started = make(chan error, 1)
27 | 		errC    = make(chan error, 1)
28 | 	)
29 | 	go func() {
30 | 		errC <- Run(s)
31 | 	}()
32 | 	go func() {
33 | 		if err := s.readyForConnections(time.Second); err != nil {
34 | 			started <- err
35 | 			return
36 | 		}
37 | 		s.Shutdown()
38 | 		close(started)
39 | 	}()
40 | 
41 | 	select {
42 | 	case err := <-errC:
43 | 		if err != nil {
44 | 			t.Fatalf("Unexpected error: %v", err)
45 | 		}
46 | 	case <-time.After(2 * time.Second):
47 | 		t.Fatal("Timed out")
48 | 	}
49 | 	if err := <-started; err != nil {
50 | 		t.Fatalf("Unexpected error: %v", err)
51 | 	}
52 | }
53 | 


--------------------------------------------------------------------------------
/server/signal_wasm.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2022 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build wasm
15 | 
16 | package server
17 | 
18 | func (s *Server) handleSignals() {
19 | 
20 | }
21 | 
22 | func ProcessSignal(command Command, service string) error {
23 | 	return nil
24 | }
25 | 


--------------------------------------------------------------------------------
/server/stree/helper_test.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2023-2024 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | package stree
15 | 
16 | import "testing"
17 | 
18 | func require_True(t *testing.T, b bool) {
19 | 	t.Helper()
20 | 	if !b {
21 | 		t.Fatalf("require true, but got false")
22 | 	}
23 | }
24 | 
25 | func require_False(t *testing.T, b bool) {
26 | 	t.Helper()
27 | 	if b {
28 | 		t.Fatalf("require false, but got true")
29 | 	}
30 | }
31 | 
32 | func require_Equal[T comparable](t *testing.T, a, b T) {
33 | 	t.Helper()
34 | 	if a != b {
35 | 		t.Fatalf("require %T equal, but got: %v != %v", a, a, b)
36 | 	}
37 | }
38 | 


--------------------------------------------------------------------------------
/server/stree/node.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2023-2024 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | package stree
15 | 
16 | // Internal node interface.
17 | type node interface {
18 | 	isLeaf() bool
19 | 	base() *meta
20 | 	setPrefix(pre []byte)
21 | 	addChild(c byte, n node)
22 | 	findChild(c byte) *node
23 | 	deleteChild(c byte)
24 | 	isFull() bool
25 | 	grow() node
26 | 	shrink() node
27 | 	matchParts(parts [][]byte) ([][]byte, bool)
28 | 	kind() string
29 | 	iter(f func(node) bool)
30 | 	children() []node
31 | 	numChildren() uint16
32 | 	path() []byte
33 | }
34 | 
35 | type meta struct {
36 | 	prefix []byte
37 | 	size   uint16
38 | }
39 | 
40 | func (n *meta) isLeaf() bool { return false }
41 | func (n *meta) base() *meta  { return n }
42 | 
43 | func (n *meta) setPrefix(pre []byte) {
44 | 	n.prefix = append([]byte(nil), pre...)
45 | }
46 | 
47 | func (n *meta) numChildren() uint16 { return n.size }
48 | func (n *meta) path() []byte        { return n.prefix }
49 | 
50 | // Will match parts against our prefix.
51 | func (n *meta) matchParts(parts [][]byte) ([][]byte, bool) {
52 | 	return matchParts(parts, n.prefix)
53 | }
54 | 


--------------------------------------------------------------------------------
/server/stree/util.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2023-2025 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | package stree
15 | 
16 | // For subject matching.
17 | const (
18 | 	pwc  = '*'
19 | 	fwc  = '>'
20 | 	tsep = '.'
21 | )
22 | 
23 | // Determine index of common prefix. No match at all is 0, etc.
24 | func commonPrefixLen(s1, s2 []byte) int {
25 | 	limit := min(len(s1), len(s2))
26 | 	var i int
27 | 	for ; i < limit; i++ {
28 | 		if s1[i] != s2[i] {
29 | 			break
30 | 		}
31 | 	}
32 | 	return i
33 | }
34 | 
35 | // Helper to copy bytes.
36 | func copyBytes(src []byte) []byte {
37 | 	if len(src) == 0 {
38 | 		return nil
39 | 	}
40 | 	dst := make([]byte, len(src))
41 | 	copy(dst, src)
42 | 	return dst
43 | }
44 | 
45 | type position interface{ int | uint16 }
46 | 
47 | // No pivot available.
48 | const noPivot = byte(127)
49 | 
50 | // Can return 127 (DEL) if we have all the subject as prefixes.
51 | // We used to use 0, but when that was in the subject would cause infinite recursion in some situations.
52 | func pivot[N position](subject []byte, pos N) byte {
53 | 	if int(pos) >= len(subject) {
54 | 		return noPivot
55 | 	}
56 | 	return subject[pos]
57 | }
58 | 


--------------------------------------------------------------------------------
/server/sysmem/mem_bsd.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2019-2021 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build freebsd || openbsd || dragonfly || netbsd
15 | 
16 | package sysmem
17 | 
18 | func Memory() int64 {
19 | 	return sysctlInt64("hw.physmem")
20 | }
21 | 


--------------------------------------------------------------------------------
/server/sysmem/mem_darwin.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2019-2021 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build darwin
15 | 
16 | package sysmem
17 | 
18 | func Memory() int64 {
19 | 	return sysctlInt64("hw.memsize")
20 | }
21 | 


--------------------------------------------------------------------------------
/server/sysmem/mem_linux.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2019-2021 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build linux
15 | 
16 | package sysmem
17 | 
18 | import "syscall"
19 | 
20 | func Memory() int64 {
21 | 	var info syscall.Sysinfo_t
22 | 	err := syscall.Sysinfo(&info)
23 | 	if err != nil {
24 | 		return 0
25 | 	}
26 | 	return int64(info.Totalram) * int64(info.Unit)
27 | }
28 | 


--------------------------------------------------------------------------------
/server/sysmem/mem_wasm.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2022 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build wasm
15 | 
16 | package sysmem
17 | 
18 | func Memory() int64 {
19 | 	// TODO: We don't know the system memory
20 | 	return 0
21 | }
22 | 


--------------------------------------------------------------------------------
/server/sysmem/mem_windows.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2019-2024 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build windows
15 | 
16 | package sysmem
17 | 
18 | import (
19 | 	"unsafe"
20 | 
21 | 	"golang.org/x/sys/windows"
22 | )
23 | 
24 | var winKernel32 = windows.NewLazySystemDLL("kernel32.dll")
25 | var winGlobalMemoryStatusEx = winKernel32.NewProc("GlobalMemoryStatusEx")
26 | 
27 | func init() {
28 | 	if err := winKernel32.Load(); err != nil {
29 | 		panic(err)
30 | 	}
31 | 	if err := winGlobalMemoryStatusEx.Find(); err != nil {
32 | 		panic(err)
33 | 	}
34 | }
35 | 
36 | // https://docs.microsoft.com/en-us/windows/win32/api/sysinfoapi/ns-sysinfoapi-memorystatusex
37 | type _memoryStatusEx struct {
38 | 	dwLength     uint32
39 | 	dwMemoryLoad uint32
40 | 	ullTotalPhys uint64
41 | 	unused       [6]uint64 // ignore rest of struct
42 | }
43 | 
44 | func Memory() int64 {
45 | 	msx := &_memoryStatusEx{dwLength: 64}
46 | 	res, _, _ := winGlobalMemoryStatusEx.Call(uintptr(unsafe.Pointer(msx)))
47 | 	if res == 0 {
48 | 		return 0
49 | 	}
50 | 	return int64(msx.ullTotalPhys)
51 | }
52 | 


--------------------------------------------------------------------------------
/server/sysmem/mem_zos.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2022-2023 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build zos
15 | 
16 | package sysmem
17 | 
18 | func Memory() int64 {
19 | 	// TODO: We don't know the system memory
20 | 	return 0
21 | }
22 | 


--------------------------------------------------------------------------------
/server/sysmem/sysctl.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2019-2024 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build darwin || freebsd || openbsd || dragonfly || netbsd
15 | 
16 | package sysmem
17 | 
18 | import (
19 | 	"syscall"
20 | 	"unsafe"
21 | )
22 | 
23 | func sysctlInt64(name string) int64 {
24 | 	s, err := syscall.Sysctl(name)
25 | 	if err != nil {
26 | 		return 0
27 | 	}
28 | 	// Make sure it's 8 bytes when we do the cast below.
29 | 	// We were getting fatal error: checkptr: converted pointer straddles multiple allocations in go 1.22.1 on darwin.
30 | 	var b [8]byte
31 | 	copy(b[:], s)
32 | 	return *(*int64)(unsafe.Pointer(&b[0]))
33 | }
34 | 


--------------------------------------------------------------------------------
/server/thw/helper_test.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2024 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | package thw
15 | 
16 | import (
17 | 	"strings"
18 | 	"testing"
19 | )
20 | 
21 | func require_NoError(t *testing.T, err error) {
22 | 	t.Helper()
23 | 	if err != nil {
24 | 		t.Fatalf("require no error, but got: %v", err)
25 | 	}
26 | }
27 | 
28 | func require_Error(t *testing.T, err error, expected ...error) {
29 | 	t.Helper()
30 | 	if err == nil {
31 | 		t.Fatalf("require error, but got none")
32 | 	}
33 | 	if len(expected) == 0 {
34 | 		return
35 | 	}
36 | 	eStr := err.Error()
37 | 	for _, e := range expected {
38 | 		if err == e || strings.Contains(eStr, e.Error()) || strings.Contains(e.Error(), eStr) {
39 | 			return
40 | 		}
41 | 	}
42 | 	t.Fatalf("Expected one of %v, got '%v'", expected, err)
43 | }
44 | 
45 | func require_True(t *testing.T, b bool) {
46 | 	t.Helper()
47 | 	if !b {
48 | 		t.Fatalf("require true, but got false")
49 | 	}
50 | }
51 | 
52 | func require_Equal[T comparable](t *testing.T, a, b T) {
53 | 	t.Helper()
54 | 	if a != b {
55 | 		t.Fatalf("require %T equal, but got: %v != %v", a, a, b)
56 | 	}
57 | }
58 | 


--------------------------------------------------------------------------------
/server/tpm/js_ek_tpm_other.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2024 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | //go:build !windows
15 | 
16 | package tpm
17 | 
18 | import "fmt"
19 | 
20 | // LoadJetStreamEncryptionKeyFromTPM here is a stub for unsupported platforms.
21 | func LoadJetStreamEncryptionKeyFromTPM(srkPassword, jsKeyFile, jsKeyPassword string, pcr int) (string, error) {
22 | 	return "", fmt.Errorf("TPM functionality is not supported on this platform")
23 | }
24 | 


--------------------------------------------------------------------------------
/test/configs/auth_seed.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Seed Node
 2 | 
 3 | listen: 127.0.0.1:5222
 4 | 
 5 | http: 8222
 6 | 
 7 | cluster {
 8 |   listen: 127.0.0.1:4248
 9 |   name: xyz
10 | 
11 |   authorization {
12 |     user: ruser
13 |     password: T0PS3cr3T!
14 |     timeout: 1
15 |   }
16 | }
17 | 
18 | no_sys_acc: true
19 | 


--------------------------------------------------------------------------------
/test/configs/authorization.conf:
--------------------------------------------------------------------------------
 1 | listen: 127.0.0.1:2442
 2 | 
 3 | authorization {
 4 |   # Authorizations
 5 |   include "auths.conf"
 6 | 
 7 |   # Just foo for testing
 8 |   PASS: $2a$04$P/.bd.7unw9Ew7yWJqXsl.f4oNRLQGvadEL2YnqQXbbb.IVQajRdK
 9 | 
10 |   # Users listed with permissions.
11 |   users = [
12 |     {user: alice, password: $PASS, permissions: $ADMIN}
13 |     {user: bob,   password: $PASS, permissions: $REQUESTOR}
14 |     {user: bench, password: $PASS, permissions: $BENCH}
15 |     {user: joe,   password: $PASS}
16 |     {user: ns, password: $PASS, permissions: $NEW_STYLE}
17 |     {user: ns-pub, password: $PASS, permissions: $NS_PUB}
18 |     {user: bench-deny, password: $PASS, permissions: $BENCH_DENY}
19 |     {user: svca, password: $PASS, permissions: $MY_SERVICE}
20 |     {user: svcb, password: $PASS, permissions: $MY_STREAM_SERVICE}
21 |   ]
22 | }
23 | 


--------------------------------------------------------------------------------
/test/configs/auths.conf:
--------------------------------------------------------------------------------
 1 | # Our role based permissions.
 2 | 
 3 | # Admin can do anything.
 4 | ADMIN = {
 5 |   publish = ">"
 6 |   subscribe = ">"
 7 | }
 8 | 
 9 | # Can do requests on req.foo or req.bar, and subscribe to anything
10 | # that is a response, e.g. _INBOX.*
11 | #
12 | # Notice that authorization filters can be singletons or arrays.
13 | 
14 | REQUESTOR = {
15 |   publish = ["req.foo", "req.bar"]
16 |   subscribe = "_INBOX.*"
17 | }
18 | 
19 | # Default permissions if none presented. e.g. Joe below.
20 | DEFAULT_PERMISSIONS = {
21 |    publish = "SANDBOX.*"
22 |    subscribe = ["PUBLIC.>", "_INBOX.>"]
23 | }
24 | 
25 | # This is to benchmark pub performance.
26 | BENCH = {
27 |    publish = "a"
28 | }
29 | 
30 | # New Style Permissions
31 | 
32 | NEW_STYLE = {
33 |   publish = {
34 |     allow = "*.*"
35 |     deny = ["SYS.*", "bar.baz", "foo.*"]
36 |   }
37 |   subscribe = {
38 |     allow = ["foo.*", "SYS.TEST.>"]
39 |     deny = ["foo.baz", "SYS.*"]
40 |   }
41 | }
42 | 
43 | NS_PUB = {
44 |   publish = "foo.baz"
45 |   subscribe = "foo.baz"
46 | }
47 | 
48 | BENCH_DENY = {
49 |    subscribe = {
50 |     allow = ["foo", "*"]
51 |     deny = "foo.bar"
52 |   }
53 | }
54 | 
55 | # This is for services where you only want
56 | # responses to reply subjects to be allowed.
57 | MY_SERVICE = {
58 |     subscribe = "my.service.req"
59 |     publish_allow_responses: true
60 |   }
61 | 
62 | # This is a more detailed example where responses
63 | # could be streams and you want to set the TTL
64 | # and maximum allowed.
65 | MY_STREAM_SERVICE = {
66 |     subscribe = "my.service.req"
67 |     allow_responses = {max: 10, ttl: "50ms"}
68 | }
69 | 


--------------------------------------------------------------------------------
/test/configs/certs/ca.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIEkDCCA3igAwIBAgIUSZwW7btc9EUbrMWtjHpbM0C2bSEwDQYJKoZIhvcNAQEL
 3 | BQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEDAOBgNVBAoM
 4 | B1N5bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xKTAnBgNVBAMMIENlcnRpZmljYXRl
 5 | IEF1dGhvcml0eSAyMDIyLTA4LTI3MB4XDTIyMDgyNzIwMjMwMloXDTMyMDgyNDIw
 6 | MjMwMlowcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEDAOBgNV
 7 | BAoMB1N5bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xKTAnBgNVBAMMIENlcnRpZmlj
 8 | YXRlIEF1dGhvcml0eSAyMDIyLTA4LTI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 9 | MIIBCgKCAQEAqilVqyY8rmCpTwAsLF7DEtWEq37KbljBWVjmlp2Wo6TgMd3b537t
10 | 6iO8+SbI8KH75i63RcxV3Uzt1/L9Yb6enDXF52A/U5ugmDhaa+Vsoo2HBTbCczmp
11 | qndp7znllQqn7wNLv6aGSvaeIUeYS5Dmlh3kt7Vqbn4YRANkOUTDYGSpMv7jYKSu
12 | 1ee05Rco3H674zdwToYto8L8V7nVMrky42qZnGrJTaze+Cm9tmaIyHCwUq362CxS
13 | dkmaEuWx11MOIFZvL80n7ci6pveDxe5MIfwMC3/oGn7mbsSqidPMcTtjw6ey5NEu
14 | Z0UrC/2lL1FtF4gnVMKUSaEhU2oKjj0ZAQIDAQABo4IBHjCCARowHQYDVR0OBBYE
15 | FP7Pfz4u7sSt6ltviEVsx4hIFIs6MIGuBgNVHSMEgaYwgaOAFP7Pfz4u7sSt6ltv
16 | iEVsx4hIFIs6oXWkczBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5p
17 | YTEQMA4GA1UECgwHU3luYWRpYTEQMA4GA1UECwwHbmF0cy5pbzEpMCcGA1UEAwwg
18 | Q2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMjItMDgtMjeCFEmcFu27XPRFG6zFrYx6
19 | WzNAtm0hMAwGA1UdEwQFMAMBAf8wOgYJYIZIAYb4QgENBC0WK25hdHMuaW8gbmF0
20 | cy1zZXJ2ZXIgdGVzdC1zdWl0ZSB0cmFuc2llbnQgQ0EwDQYJKoZIhvcNAQELBQAD
21 | ggEBAHDCHLQklYZlnzHDaSwxgGSiPUrCf2zhk2DNIYSDyBgdzrIapmaVYQRrCBtA
22 | j/4jVFesgw5WDoe4TKsyha0QeVwJDIN8qg2pvpbmD8nOtLApfl0P966vcucxDwqO
23 | dQWrIgNsaUdHdwdo0OfvAlTfG0v/y2X0kbL7h/el5W9kWpxM/rfbX4IHseZL2sLq
24 | FH69SN3FhMbdIm1ldrcLBQVz8vJAGI+6B9hSSFQWljssE0JfAX+8VW/foJgMSx7A
25 | vBTq58rLkAko56Jlzqh/4QT+ckayg9I73v1Q5/44jP1mHw35s5ZrzpDQt2sVv4l5
26 | lwRPJFXMwe64flUs9sM+/vqJaIY=
27 | -----END CERTIFICATE-----
28 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/ca-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDqDCCApCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJVUzEL
 3 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 4 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xFTATBgNVBAMMDGxvY2FsaG9zdCBjYTAe
 5 | Fw0yMTA3MDExNTU2NTlaFw0yOTEwMTQxMzU3MjZaMG0xCzAJBgNVBAYTAlVTMQsw
 6 | CQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEQMA4GA1UECgwHU3lu
 7 | YWRpYTEQMA4GA1UECwwHbmF0cy5pbzEVMBMGA1UEAwwMbG9jYWxob3N0IGNhMIIB
 8 | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwy+fupDc9MZldhetmGqPJtuM
 9 | sp5VV6W9amlzkTck15B9Vc3laC6ph7Ble7FrT2L0sjG3U94MwU9/AHTXOmZdmbjM
10 | FpkjkLIVdFkbcWiErXYWDBHdA6dzOu+dagn0OyxRDjfqo1QUVKYVNu8Jw6MyWHXJ
11 | gljFl2ymHaQEhta/87tSvPULZ7gcEZ5CPFLENHWOlJPtQrPhJHDKjS8XHlbE1uXp
12 | i8kHqPCkImlv/s7Jw/QRIknV/kiAXAWGJCMbqLDG9JEatp7ektytcwMCr9pz9VzF
13 | 6O/4LvOC8UCbu50eW7OudppN8G18IF3cMgH9jWsJpgVmXfJR+VZNe92/6ePTgQID
14 | AQABo1MwUTAdBgNVHQ4EFgQU7upCnRG44j5THcgKd28H4ESXBFkwHwYDVR0jBBgw
15 | FoAU7upCnRG44j5THcgKd28H4ESXBFkwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
16 | 9w0BAQsFAAOCAQEAfBHCa8sm0e767+oIZj3JIRi9MWN24hB9i4lVjDrwdOMaapMC
17 | YLLj5urqIgjOULjdsxBMzdNgNgH1vPenRYUUvIQcq7tk1q8DpfvmHEg2DHajpTAC
18 | DroutE5fYtlmFPSQ5UGG1if237osd6pDarVhGAdxex4YhwM+y+OXgpLqk6oC85oI
19 | fatf+hcovwFOlNeOTUqNZW6fEC+iFdH5g4+dtlx2LAJLpW57+5z25iTH7z16nUwB
20 | Vi76fezpaGA3xwkP/NMujgD4MbpVpF22a0YdK5fjUjXFwRI4Vu1zAjyJFhVuOWCS
21 | yT9yNzidtD5pho+Iv3JMzu54VWSq7nSUoPmKHQ==
22 | -----END CERTIFICATE-----
23 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/ca-key.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEowIBAAKCAQEAwy+fupDc9MZldhetmGqPJtuMsp5VV6W9amlzkTck15B9Vc3l
 3 | aC6ph7Ble7FrT2L0sjG3U94MwU9/AHTXOmZdmbjMFpkjkLIVdFkbcWiErXYWDBHd
 4 | A6dzOu+dagn0OyxRDjfqo1QUVKYVNu8Jw6MyWHXJgljFl2ymHaQEhta/87tSvPUL
 5 | Z7gcEZ5CPFLENHWOlJPtQrPhJHDKjS8XHlbE1uXpi8kHqPCkImlv/s7Jw/QRIknV
 6 | /kiAXAWGJCMbqLDG9JEatp7ektytcwMCr9pz9VzF6O/4LvOC8UCbu50eW7OudppN
 7 | 8G18IF3cMgH9jWsJpgVmXfJR+VZNe92/6ePTgQIDAQABAoIBAC5RXtYnCkgLzIf5
 8 | lnhU0SOndfvtFtN1wT0/SO1s6JE++H8kHQxcBl7svShdMdnk4axnn9mHF//HnZu+
 9 | HlT9dbjE4al7LbVojS7O9nQzGUkQfKrgklILqoyR0AkZ05s3KQT2v/eCPFDaGK6w
10 | iuCiGZBkYy1LY5hLcCAYi/pze5mar1m6S2ZqvfpZWjlrlZOVi73cZOq91Es2g/iU
11 | TYaiR4HGHJ0McXFNjL6q7DxCBkRLWb6i+Xy+9+84XFZAVzRBAo1EaFJBPg0p88EC
12 | VKxQt4X0jgWYgLRABAqoQ+DkNEEoaCEQuUV67aIcIyV++ddn1FsegPtGYo38z7mr
13 | M+fzUAECgYEA/XL53y3eNnZ/U90gfr1HYIvyo6WShXEoIFw/s9QJnd5/ZkxcQFWr
14 | wUtMDNyjKFPnTTSLPr+vc3CGYqh8wFNxfids9KP95bMpVN8XGoTI99QqYK2tIgFl
15 | T8q46igOTcrg0f49ecqtQjL9F/dnZqzMlh5nJLMVGqRpNoZz9YpiS0kCgYEAxSaH
16 | uvaW7WxiBC+xf2vvgf585Wn9jh6QDX+MQjA7Ao7Tk4ZjDwAPMJkYd475BWp+DHSl
17 | b74x/nbRHwdLAfkxvYEsv4KrPR0yzdzGrXVATWcOP2bftEGPYVQnlgjjzMpLVXdt
18 | QErRS1vVnkavJLsxOHw++qiiyGENQk8LR2yOTnkCgYBBzy30dluBtskfBIbggdNb
19 | zVrmhSKDhbtOk8VyszcAB/r6nA9EITqkySFpIY039nlTwbX6SBmNlwU97tPduIz6
20 | ndAbwc02bIvp3reICjyIpU2PpukSsFwXGONk4Zu9NVWlESfzTN4qF0VCiNoPfgTt
21 | Yd2UWO+86D3ti4HmmtUlCQKBgDRFYvdPKfUJJ3O0sXr3QylUMAkjcPadY9QwXR+v
22 | afXjqHUUzG7NtTlNXg9U+PFWqtTimHpoExlEp21yoZCEYYu9FAAyxPQPKckrIAId
23 | dE8RY9WrkORZ/Ynwpg5BjSRe/lpKr8y8CYHRd3Hfi9BRUVuIlaofzAkUsk9CZdsq
24 | DREBAoGBAKfvd2PpW9B8Wu248h/zxkK4M58XQUubkFTvUm6ErH0GWFBwfq8b8Q5Y
25 | 7/KnzZ3BefqQcNQKyoM06bTDT/YjlPLZdZtgN8UulGZQjBbLV9EIZJwRj+AUwMQV
26 | X+U8NAibD6yFqnOoJ0P5r8rlKPMg9+BkdZfnbhaCXb/KygYxqGcH
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/client-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIID0jCCArqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJVUzEL
 3 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 4 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xFTATBgNVBAMMDGxvY2FsaG9zdCBjYTAe
 5 | Fw0yMTA3MDExNTU2NTlaFw0yOTEwMTQxMzU3MjZaMHExCzAJBgNVBAYTAlVTMQsw
 6 | CQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEQMA4GA1UECgwHU3lu
 7 | YWRpYTEQMA4GA1UECwwHbmF0cy5pbzEZMBcGA1UEAwwQbG9jYWxob3N0IGNsaWVu
 8 | dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMn1VyxBY4AkODPmOxK5
 9 | VG3F2qQ+0jNFeikwcgJPHvFamqn3cA5AIJIUVmMtBiUfjnperHVKeuPfmW1bJw4E
10 | ne3V2eccDySoAR/BTX4kw0SPtIO3hnHyhOLX4bY4/Xw5OWgw2HMEwEwuoWxd+jpc
11 | GGzXY49J9gRKqxJFXR9tXD6T+1ABZPynqrTm3SYYCJoWq/C6feTSkf13HvnTnf8k
12 | fWcFum1Y5FegAObqbPqJwA0TGiuXSFkqw5oV0uAZzRQ7zqB6V8MB3W1U1pw86F1h
13 | 09EN78PrW1yXX1LZrLKwlqPTVh53Y1HuT+mwJkdQjFbOGXwh3x7rmp8+A3QLD4pR
14 | 5tsCAwEAAaN5MHcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYI
15 | KwYBBQUHAwEGCCsGAQUFBwMCMD4GA1UdEQQ3MDWHBH8AAAGHEAAAAAAAAAAAAAAA
16 | AAAAAAGCCWxvY2FsaG9zdIIQY2xpZW50LmxvY2FsaG9zdDANBgkqhkiG9w0BAQsF
17 | AAOCAQEAWie6Pz2iJP6F9HfVH7anKVHeIXecwXJj4iLgEONaIcOyMcLPU4cthx1S
18 | OdvKAh+D9tT2PhVaIeDyYTUgFg/aaZUqI/W3odRH5HwQmE2YJDfXQusRtdFDTAUV
19 | XDqFkkNoJo4w3OQmlnQGm6QVReedyQ3jMTvqDRV+pa8gx6aH64jhP9fQRS4WkpYX
20 | d0HjWarV9/GzCP/+vGVZhwrhRG9p4F2ZCsflBzTx0YMGdo+vLDCSjwMbIT9t0T6/
21 | mt07Q70QSk8M3QAClrqarvLk+5z5XSZjtM06s/Z6opyqK2X8KYcOYX4WQyNFbOpy
22 | 0YHy3iqmx/Ii0Zn5XZUXzAVGyJk5Yg==
23 | -----END CERTIFICATE-----
24 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/desgsign/ca-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIEITCCAwmgAwIBAgIUBAbcj/g36HWhhWkPhGuGuEczfycwDQYJKoZIhvcNAQEL
 3 | BQAwgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZy
 4 | YW5jaXNjbzETMBEGA1UECgwKTG9jYWwgSG9zdDEiMCAGA1UECwwZTG9jYWwgSG9z
 5 | dCBUcnVzdCBTZXJ2aWNlczEVMBMGA1UEAwwMY2EubG9jYWxob3N0MRswGQYJKoZI
 6 | hvcNAQkBFgxjYUBsb2NhbGhvc3QwHhcNMjExMTE2MTgwMzMwWhcNMjExMjE2MTgw
 7 | MzMwWjCBnzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4g
 8 | RnJhbmNpc2NvMRMwEQYDVQQKDApMb2NhbCBIb3N0MSIwIAYDVQQLDBlMb2NhbCBI
 9 | b3N0IFRydXN0IFNlcnZpY2VzMRUwEwYDVQQDDAxjYS5sb2NhbGhvc3QxGzAZBgkq
10 | hkiG9w0BCQEWDGNhQGxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
11 | AQoCggEBAMK9Y88QNOVAyN43ESTQVCFJkBnpgAup/1oFAAv77pLuV0Wl1UVO8gKM
12 | W5k1qTahVSZXkX+gL0uoRe7n7XZb40iIcza1emEdMKcIOxSQ/jzj8xikziBdZrtk
13 | cM/MkpkDCg/45wuPUuq4umjXn7sJ3XwpKmR87PTNcSVRG7YCj8Vqze/KBhCDmTPa
14 | DPs0GGWBqlGHjx8LmG9WYPIxbV9wi5SYUQ4Iww29xEoZBcTPd1YluaAzF9OsYsFu
15 | NIuaYjh/XpZFbxGA99BfoYtIK1/X+CO1OEkCTcfS2DRwPzGV9uj39yGEmd/cOji3
16 | Nqj55DglphjbdGR87CTKiwinKaLwXzMCAwEAAaNTMFEwHQYDVR0OBBYEFHTL54rz
17 | mJCUnDGtWCqne0MRIS0iMB8GA1UdIwQYMBaAFHTL54rzmJCUnDGtWCqne0MRIS0i
18 | MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJinrS32gInu3tTB
19 | u0Q3nXj99YMjHfyIO7kFrvyoZo4IEJhcPefhtt40Gbmnzo8ZJsx6HjAVDMnkj57b
20 | XkdRH23JKpcBeTHz1xqIcf93ij9HjO6AcVDCl5Ew3Tir2F81j/skXKqUZL4KeD0F
21 | gF5nQTEkpH9vlIg35T0eWygchRumKmRb+aw6/QvAmnfEWZskghV0zzPvG51B99bp
22 | pZPaqZ25GyxqxwBcA6pUdbmBKoXRATyDwGcLhX40Rb6nCBeb2vQQTJ51lrEsCurh
23 | rU67Tcf+r9nS9fIWPoasmdaamEXFZNoZbw2g/EeH1OTXfR87sGCXZpBXIgsg9QIH
24 | tCztUKY=
25 | -----END CERTIFICATE-----
26 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/desgsign/ca-interm-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIEmTCCA4GgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMCVVMx
 3 | CzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKDApM
 4 | b2NhbCBIb3N0MSIwIAYDVQQLDBlMb2NhbCBIb3N0IFRydXN0IFNlcnZpY2VzMRUw
 5 | EwYDVQQDDAxjYS5sb2NhbGhvc3QxGzAZBgkqhkiG9w0BCQEWDGNhQGxvY2FsaG9z
 6 | dDAeFw0yMTExMTYxODAzMzBaFw0yOTEwMTQxMzU3MjZaMIGsMQswCQYDVQQGEwJV
 7 | UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoM
 8 | CkxvY2FsIEhvc3QxITAfBgNVBAsMGExvY2FsIEhvc3QgVHJ1c3QgU2VydmljZTEc
 9 | MBoGA1UEAwwTY2EtaW50ZXJtLmxvY2FsaG9zdDEiMCAGCSqGSIb3DQEJARYTY2Et
10 | aW50ZXJtQGxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
11 | ALljsfg9PNMYfmCgDQ4z+7VsfqUEHB+t/6NkACkBQi6NjNKhXxD1APfI6K5ZeCMo
12 | jeSTmjmIDB7Shu9oU8Db5LFBxe7PE+dbHpX0/SAzBkW5UyCoX691MHhb2VbrS94q
13 | ttBtl0U/DgtCwfVxHWf1GBhsJqsPUnBLRInxB/BMXlzhw8FSS6B5PkHmEyJgiUoa
14 | AyN60sEOUswa8IDzHlH/mDuYDUJKCHIgenVH7N8qZZfkK68bJfSjNHoPWT3sWPYq
15 | NEyPgvLqsb1ewTSAsKWTAEefhgE/DzVpsxEw613VvW/n/Tl9jay4IpQ38cuL8HhP
16 | 1d7pF5kpg+tCDIjK6zjCCm8CAwEAAaOB0DCBzTAPBgNVHRMBAf8EBTADAQH/MB0G
17 | A1UdDgQWBBRMb9Of/qEuaW3cAAI66e/fsBYy2zALBgNVHQ8EBAMCAcYwHwYDVR0j
18 | BBgwFoAUdMvnivOYkJScMa1YKqd7QxEhLSIwKgYDVR0lAQH/BCAwHgYIKwYBBQUH
19 | AwkGCCsGAQUFBwMBBggrBgEFBQcDAjBBBgNVHREEOjA4hwR/AAABhxAAAAAAAAAA
20 | AAAAAAAAAAABghNjYS1pbnRlcm0ubG9jYWxob3N0gglsb2NhbGhvc3QwDQYJKoZI
21 | hvcNAQELBQADggEBACjDl6q3l6F1YouwalK2sQJyn8gBjx2W5w95n+zuQrw4UGkp
22 | JE+wOVCmlj7mv77GOjZUhTPqW6cDKQfjCDiLWiw2Gw0HiLxgxiyOB3hS9hGCSiPx
23 | W7MLJ81dINq+ogEO22gC8fb0BoyqdkqteyLsjzz6aKaUnCB8UCMD/Ysjm/beVvPy
24 | /i1K7Ki1NnqeiCGOO8WTHdNOn2YWrt6Exbh/nsFMB7/wE8poQs2ynotTsFNBwuTr
25 | y6iwdnVnJLyQd6AzJiE5gOdvqRobKhUzh6C1d7wwDl3V4WAydsPXjTboRzJ0lFS+
26 | Tp0aK3KjLHaWIehFoVgLuZhaLwXKpyRlyK54z14=
27 | -----END CERTIFICATE-----
28 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/desgsign/server-01-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIEiTCCA3GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBrDELMAkGA1UEBhMCVVMx
 3 | CzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKDApM
 4 | b2NhbCBIb3N0MSEwHwYDVQQLDBhMb2NhbCBIb3N0IFRydXN0IFNlcnZpY2UxHDAa
 5 | BgNVBAMME2NhLWludGVybS5sb2NhbGhvc3QxIjAgBgkqhkiG9w0BCQEWE2NhLWlu
 6 | dGVybUBsb2NhbGhvc3QwHhcNMjExMTE2MTgwMzMwWhcNMjkxMDE0MTM1NzI2WjCB
 7 | rDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbmNp
 8 | c2NvMRMwEQYDVQQKDApMb2NhbCBIb3N0MSEwHwYDVQQLDBhMb2NhbCBIb3N0IFRy
 9 | dXN0IFNlcnZpY2UxHDAaBgNVBAMME3NlcnZlci0wMS5sb2NhbGhvc3QxIjAgBgkq
10 | hkiG9w0BCQEWE3NlcnZlci0wMUBsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUA
11 | A4IBDwAwggEKAoIBAQDF2MDDwVEZqC/dje8+soPRapPa9C4V8hmHuCQS9sg27HZv
12 | bJlywJMJE0PKm+612JoVB9p5tsXlV29gKcIK7zLEhesGlhiW9d2/7MOrPBSwqJfo
13 | IeabwlUfUTZ2M3XWGvU5Z65cK+cK7f0FABUzwTqb4/M3UR41cRvNtSK95nwl48Kb
14 | x4Dew4MIqvIN/H1qmjkNM8lsDHrCV2IyyYc1W1zDqZVU1JdpjO7tBBL6pkwlM31k
15 | 8xjMr+hiVA64N+fESCauf4xArnqcHdhAkfnX+8DWCfSLFjP1lBZZTw1ByLEBBeNr
16 | kHt22RhO1mvBUHnML78k7TEFIWeKuNmOv1RGksfzAgMBAAGjgbMwgbAwDAYDVR0T
17 | AQH/BAIwADALBgNVHQ8EBAMCBeAwMQYIKwYBBQUHAQEEJTAjMCEGCCsGAQUFBzAB
18 | hhVodHRwOi8vMTI3LjAuMC4xOjg4ODgwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
19 | AQUFBwMCMEEGA1UdEQQ6MDiHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAGCE3NlcnZl
20 | ci0wMS5sb2NhbGhvc3SCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAngLW
21 | TZx4PVsbAQ+saPRJErZU4JfA8Csx1MpdOkmvqbTwpIvnkgE6mER6DA31z+Fml2J1
22 | q+TpGh83mZTaH2yivF1i7/EU4h/lDhCXOns+yPto1t8GbIGNRTvG9VwJjhjgbILm
23 | 5l5cZQY7NeIryU4LmbELJCwPoHt52HnK0pfbhjCbD3Q6ugEx7xzESeqIwVS4gP5M
24 | so/S+lvlQi1YWn1JJrj+SM8E5k/7x1kjTQZ/sHXAsUTwdtE6Qk/xbT5dbZYuhhPU
25 | TF6sSfQpIO3Ju5Z+MTbcaCbJmqSe/y6J21e0Di1ve1BORKAy833F4leyPX8Ziv1x
26 | iB8gZs4dMh88tJHqgw==
27 | -----END CERTIFICATE-----
28 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/desgsign/server-02-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIEiTCCA3GgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBrDELMAkGA1UEBhMCVVMx
 3 | CzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKDApM
 4 | b2NhbCBIb3N0MSEwHwYDVQQLDBhMb2NhbCBIb3N0IFRydXN0IFNlcnZpY2UxHDAa
 5 | BgNVBAMME2NhLWludGVybS5sb2NhbGhvc3QxIjAgBgkqhkiG9w0BCQEWE2NhLWlu
 6 | dGVybUBsb2NhbGhvc3QwHhcNMjExMTE2MTgwMzMwWhcNMjkxMDE0MTM1NzI2WjCB
 7 | rDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbmNp
 8 | c2NvMRMwEQYDVQQKDApMb2NhbCBIb3N0MSEwHwYDVQQLDBhMb2NhbCBIb3N0IFRy
 9 | dXN0IFNlcnZpY2UxHDAaBgNVBAMME3NlcnZlci0wMi5sb2NhbGhvc3QxIjAgBgkq
10 | hkiG9w0BCQEWE3NlcnZlci0wMkBsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUA
11 | A4IBDwAwggEKAoIBAQDWzAyE9A/EzJv5TcQlM9o4C/UOIQD4Rzs8S80x4ckGyF00
12 | 8xF5FMmGzGMka4a9FNPDBzbBM41hlhJXcDhxRfvQodzvpOUXqi8Siha2SsyFzhD5
13 | o3exxV8ETkHMtST1nW/bwuYqQbDf3PLpVV5qZgv4jIByyGE4nCPDqHMKX0h1xXIQ
14 | E3fv2qTcs5j72c3jcTlINFJ9aqTaFgSvvGwg+0KLrOjs1Og3408zTIHYSjTScFHd
15 | heDLHjfmIx8oqXj4+g3F+5BgLNvO2E6if9YYGOFjxzRCPOrRw4JB8nveI1gZhTD9
16 | +OmUkIMoNLX/+4Kbq+a47/kqrXv5GxLxwola8do3AgMBAAGjgbMwgbAwDAYDVR0T
17 | AQH/BAIwADALBgNVHQ8EBAMCBeAwMQYIKwYBBQUHAQEEJTAjMCEGCCsGAQUFBzAB
18 | hhVodHRwOi8vMTI3LjAuMC4xOjg4ODgwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
19 | AQUFBwMCMEEGA1UdEQQ6MDiHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAGCE3NlcnZl
20 | ci0wMi5sb2NhbGhvc3SCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAH9jr
21 | P5EepmTiJzxYsrGE9q5BqhspBYqomgCbLWH3vDX50MwmxZ4ETe1icpHbXiddDA1k
22 | dfBxn/1HXEWXxwHCTgoRsSzufgacHdk/LgXCxkFB0JBZ9c+ewOFdUQihxFUx1rMt
23 | Sz0QnO40aopTk7PN8YlinihAvil/JC8fN54T0myCSjtE54dtZq2wwFiiorxR6hyi
24 | hLL4zYKi/kCFa6DG0qmR6Yl2VsKiq3yp+6QxZ8w5srXTeeOoTOEyUkYKCTND7U1G
25 | 5vyCdMFNIDWHSB35I+7e0D1QFaH5XQlFztUfmLoOMSMLbOuzG2cFO6J+Y0AgTP5h
26 | pZ5mw1ixmVdNmkSf3g==
27 | -----END CERTIFICATE-----
28 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/server-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIID0jCCArqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJVUzEL
 3 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 4 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xFTATBgNVBAMMDGxvY2FsaG9zdCBjYTAe
 5 | Fw0yMTA3MDExNTU2NTlaFw0yOTEwMTQxMzU3MjZaMHExCzAJBgNVBAYTAlVTMQsw
 6 | CQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEQMA4GA1UECgwHU3lu
 7 | YWRpYTEQMA4GA1UECwwHbmF0cy5pbzEZMBcGA1UEAwwQbG9jYWxob3N0IHNlcnZl
 8 | cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN/v4lwsEQqEr8gqG6Xu
 9 | UjNfvUBN/enc/26FqtsAF6ms0r4oHcyR3RZQGQj+Z0RF3Wu0Kq9692gk7FD/QulE
10 | hYJTjq6lEwvETuUHbkNmIAppNJW1JvgLsTOfm38VorBVU5PUMbrcfsVsFijXVACj
11 | 9VMZ23So4dxtlvnqrd5/fVx0Pql5EjY87bJEKH5Zngy1v+AR5kybZaorOX9T4/Nl
12 | e0P184GwGs15hKAokoQMPm9uIhG527JMyhQh5J/2wooY2DBZ9jDt5FVXNpb0C+nr
13 | M+AULk5QHQsobTtmC3RSNHiNw5B5w+gmauhGziurq8gcx0DctqAslKFBkCLkL9fc
14 | F30CAwEAAaN5MHcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYI
15 | KwYBBQUHAwEGCCsGAQUFBwMCMD4GA1UdEQQ3MDWHBH8AAAGHEAAAAAAAAAAAAAAA
16 | AAAAAAGCCWxvY2FsaG9zdIIQc2VydmVyLmxvY2FsaG9zdDANBgkqhkiG9w0BAQsF
17 | AAOCAQEATM/K671w3aHt665HBMawzMIZZPq/ZoBfEUkSUW9KdnQHgTxatHcZonsL
18 | aFn4XZBYQ0Pqkz7H1w39mHdvpURQ5ZMnsmn4jH3LECsOtQ4ztrLk2fhLSoMQBVdb
19 | UjdYhrM8AuILKRCzOBNsDm/ZB/vPSlmYhnaEBUjO0t+I/A0X1z5eDcYPLl578kfJ
20 | WjlvRluWr7Uku1DaZUy7TByYvUuOjP4c33DAnbZ5Sldx18repZ20REASxsCpa/CW
21 | tptxVfUvLcGRHIY0FxOn+5Pfm1QDo2uh6yVYHgsOCh1qW8FHfJvgnrMlvvXniKXu
22 | 5H6A5GeyCkIVvAENDfl1cN9LaV5eQg==
23 | -----END CERTIFICATE-----
24 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/server-status-request-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIEBjCCAu6gAwIBAgIBBDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJVUzEL
 3 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 4 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xFTATBgNVBAMMDGxvY2FsaG9zdCBjYTAe
 5 | Fw0yMTA3MDExNTU2NTlaFw0yOTEwMTQxMzU3MjZaMIGAMQswCQYDVQQGEwJVUzEL
 6 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 7 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xKDAmBgNVBAMMH2xvY2FsaG9zdCBzZXJ2
 8 | ZXIgc3RhdHVzIHJlcXVlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
 9 | AQDViockMMFbHDOsiD+JLalZc1g3rd10xbXwHFHsgFQUdr+g6guGnnQhKMHEsQWf
10 | bGmn5G+K0QG2jxpz2IpfXA2UpMIrYLhIcf5faEbUgmwd8zaNXNs0I6sZZk8GrKYw
11 | PLHhXam94FUfVwsecJ/V+sK7limOB/T1AuPamBhgqIgubz40N3Qmkh9J/rkhq2b1
12 | ffgr2v6qKjQ8bIyPPDh9OB10KffjqoaN8ogXuE3hZdQTniRWW1nT38NqQdJg6T+N
13 | cEheH0H4pYUSx/TdF6AHXMxWFD6lX9nLU9UGpXLAHY63rVJCv2KIMMsCGBUPKkKK
14 | TujdFu2KHh52CstdasQ3gpnRAgMBAAGjgZwwgZkwCQYDVR0TBAIwADALBgNVHQ8E
15 | BAMCBeAwEQYIKwYBBQUHARgEBTADAgEFMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
16 | BgEFBQcDAjBNBgNVHREERjBEhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABgglsb2Nh
17 | bGhvc3SCH3NlcnZlci1zdGF0dXMtcmVxdWVzdC5sb2NhbGhvc3QwDQYJKoZIhvcN
18 | AQELBQADggEBAIObz14Fkbn0Cp6qo1Sbvv8owyKxPULnV3i6qx9abThlAusbMvjt
19 | I4MXVmgn+mNV8raivSauqKKSp0QWKVrToMUIYurJOHqDBf7idL/g6ZP9u0RIcxE2
20 | b4gK54xdfh2gnc4BS+5LITB0bS96zFouz5gfz+pj7Yoe8dteylSDeG7rlO6g6qgI
21 | Y2EkS9eayCTfr99joCfvHhuJxqWFQq++OAPujbMSC03CKb87Jg7jk3WKq8RzFgut
22 | tuTtJjPGvDgv15axrQk1zktIzzfMG3//gOAVH185AUbIA5tsiUmXY+q3mHxJejPS
23 | sr1dXay2Kw2scEgWeYiu4X7SrJg2C9ksCtw=
24 | -----END CERTIFICATE-----
25 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/server-status-request-url-01-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIERzCCAy+gAwIBAgIBBTANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJVUzEL
 3 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 4 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xFTATBgNVBAMMDGxvY2FsaG9zdCBjYTAe
 5 | Fw0yMTA3MDExNTU2NTlaFw0yOTEwMTQxMzU3MjZaMIGHMQswCQYDVQQGEwJVUzEL
 6 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 7 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xLzAtBgNVBAMMJmxvY2FsaG9zdCBzZXJ2
 8 | ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 9 | MIIBCgKCAQEA3yzlI0YFwf0JWbT1kOtRc2HbTfU4ktVmfYAgNHYry1ARxw9MT5rT
10 | 8qSV/xZR7EAj6lmE2AtYFeUI8WIVIYd8yrEegM4U5Foytbjem+xgZOJ4n7Mr/BqU
11 | BQQ/7IjPJ/EymIdvTJ6LEtZQNWyuHgNL2Z1MCJPPUBLwSujS+cPebKxrYMIWzgxr
12 | UzT8EK8VPJQGo/GJdQLk53GVS15Khtn+eymviFoNYEToLY9geaoewy1DWxUrWFwN
13 | jngB7iMBvrIjq+Pn9exObVHSpbdPHYDqKvdEykzpRl+bPS5O371z59/IQbxFfzwH
14 | 4k3blC/M4JSN/HRsZQvnERyjHTjjwgadowIDAQABo4HWMIHTMAkGA1UdEwQCMAAw
15 | CwYDVR0PBAQDAgXgMDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0cDov
16 | LzEyNy4wLjAuMTo4ODg4MBEGCCsGAQUFBwEYBAUwAwIBBTAdBgNVHSUEFjAUBggr
17 | BgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0RBE0wS4cEfwAAAYcQAAAAAAAAAAAAAAAA
18 | AAAAAYIJbG9jYWxob3N0giZzZXJ2ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTAxLmxv
19 | Y2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAPyxQodHHHRAW9t9A3jR1LE9FkEzN
20 | FmzFb3sZpYIzw/wTmD0KvbW3D8YVe/lj5e/LxhtHzun+AnFa/JXoK0t5uLzItges
21 | zGEyOGFj3zP+E9Chr1fr2X8sHJjqnUrknC9dQPoiBKlNRCWTP2eeKC+yODgEmgzS
22 | fEdcuuqGuM7MFbf3eVwtkWNCv1R14GZN4cuSeQn3xA8/8aLcGEHV2N1GLVxK55x0
23 | hbB1hjTaq/t9a66ByIiaeEex832H1MRRkPMhEQxAIx8HZFQJSX+yf9CtTJTc18Z+
24 | I/1utSjX9VW+4YW/vN7kvYgQ3YQUbMSGjqkROe/hb12TCTSbSt6O7P3JTw==
25 | -----END CERTIFICATE-----
26 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/server-status-request-url-02-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIERzCCAy+gAwIBAgIBBjANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJVUzEL
 3 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 4 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xFTATBgNVBAMMDGxvY2FsaG9zdCBjYTAe
 5 | Fw0yMTA3MDExNTU2NTlaFw0yOTEwMTQxMzU3MjZaMIGHMQswCQYDVQQGEwJVUzEL
 6 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 7 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xLzAtBgNVBAMMJmxvY2FsaG9zdCBzZXJ2
 8 | ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 9 | MIIBCgKCAQEAvpS9BNTijovvNY6lTOYqAdsYKjraohGUTHgtt+6NL5S9bnm3bLi/
10 | F1PWpqaUrR6pT6YtHBIO6acjYc0XgyvW2ECStpmpiDW1GS11A4vtnJwdk1ZojJbB
11 | bt2didXHM4I82hwf1Zn75syqIffNGz2re8X+H4MRPeLmoS0ubZBYk2+WlEUhGlWP
12 | rNRIWi9OxKPNXX7WBBzaF4QFnbVvkAlNfyOgH8QryRxVTUeLvO/QbOutPVyB8rIC
13 | SUkq/PAqNrMbhpV4Wro3zhl3JIfnXKjLTITEpGcf2z7VgdZxqtZOARtY6lmCUUmm
14 | Bc9voyT7QjSXalynFFjU70UguNc7soEAZQIDAQABo4HWMIHTMAkGA1UdEwQCMAAw
15 | CwYDVR0PBAQDAgXgMDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0cDov
16 | LzEyNy4wLjAuMTo4ODg4MBEGCCsGAQUFBwEYBAUwAwIBBTAdBgNVHSUEFjAUBggr
17 | BgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0RBE0wS4cEfwAAAYcQAAAAAAAAAAAAAAAA
18 | AAAAAYIJbG9jYWxob3N0giZzZXJ2ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTAyLmxv
19 | Y2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAjbMrXjneMWFNr4IHuVsjso86Ay83
20 | 6E8ltbjOeqsyWI6uyWzaJvBlec2Gyr4rib+wgFOAGFDAGPB/hvyveas6wg4JUbQ/
21 | P3e8a+0Ls6eTYz6ijrwUGFxVsEu2VQTF7oy7SEbfabsC2g9sQSiaWJ0Js1txIhaH
22 | bqR2bzRDorgQ3HoLjiKbVGNvifg6qjLE2M8AhJ7FhnOpUpewsanBn4p0BCjfG8Ne
23 | v2EaxdJxK+kHiWX4D7ybOeIKRzX9E0HMmCh1KyEkV+qGsOrYq3ErWPcoPODOT/f3
24 | CLrfKmdHHGdxCc+NTxxSyc/CMZceMnV8yplX2ixPY7o1gFQyT3CvJ40Vnw==
25 | -----END CERTIFICATE-----
26 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/server-status-request-url-03-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIERzCCAy+gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJVUzEL
 3 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 4 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xFTATBgNVBAMMDGxvY2FsaG9zdCBjYTAe
 5 | Fw0yMTA3MDExNTU2NTlaFw0yOTEwMTQxMzU3MjZaMIGHMQswCQYDVQQGEwJVUzEL
 6 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 7 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xLzAtBgNVBAMMJmxvY2FsaG9zdCBzZXJ2
 8 | ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 9 | MIIBCgKCAQEAydHQHjnTS8Anevj4KyqNrionnZgRcwh275OIwJ5o9v8qxatSMQdn
10 | RvQBehShr1R2QGtPPVvXxlIYoKr3H+EGXZEpcyYPuaZ1dKhSZPQpLo+gIQbNXDzY
11 | 9754HhCxBLHwx0wtb+flKbb+pgsWQI9t954LWnrNqZUtzPfKh9qg3ODG5sqnuk8Q
12 | R/E7reifsWs2x/iiza8HavTJXZlvED8r7fUEVoxA4UCSHvWogR2VZxCPprbLLVYy
13 | dXthGepvWNSGGZKOMrnJspe0d1zJXUTrzGFc2G6wm+LOJDl02XsfUCP1jHBIoYTK
14 | FpWsPhMZJp5v6Ucw8UPKVvdD3FMoN4XYnwIDAQABo4HWMIHTMAkGA1UdEwQCMAAw
15 | CwYDVR0PBAQDAgXgMDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0cDov
16 | LzEyNy4wLjAuMTo4ODg4MBEGCCsGAQUFBwEYBAUwAwIBBTAdBgNVHSUEFjAUBggr
17 | BgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0RBE0wS4cEfwAAAYcQAAAAAAAAAAAAAAAA
18 | AAAAAYIJbG9jYWxob3N0giZzZXJ2ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTAzLmxv
19 | Y2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAM0XD1w1gEzD/1AubpOF5r0zvRGl3
20 | Cr9ucLLAXA7/7kq0KsL3FKDU4ybVRZauZVEQYVKXAJGu8mGHM0VIRXtvEjriGw8o
21 | 8acKXoMWfKVriAzaKPzHDgPfc1Cq6ejsLrsFMge4BqSua7OVmMNedshEU+Z7bvRD
22 | w+ikh+S0DxWcZxFVnKQqn9WSGvlCF+n0RG0yVjOHt2tLygfzcUVAifAuVs3ktyeH
23 | enX54T/drMIUaUBRjwlMOBXwehRBfOnPpx+RZ/W3IIpf4Pi2XfTEAHVXiDSPz3vM
24 | l+Kqp4ntmJII1XJfoC2+NS7sR2OGDJoIFlrpmetFWhUkSMojPxoeKieR9g==
25 | -----END CERTIFICATE-----
26 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/server-status-request-url-04-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIERzCCAy+gAwIBAgIBCDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJVUzEL
 3 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 4 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xFTATBgNVBAMMDGxvY2FsaG9zdCBjYTAe
 5 | Fw0yMTA3MDExNTU3MDBaFw0yOTEwMTQxMzU3MjZaMIGHMQswCQYDVQQGEwJVUzEL
 6 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 7 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xLzAtBgNVBAMMJmxvY2FsaG9zdCBzZXJ2
 8 | ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTA0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 9 | MIIBCgKCAQEAsSTz1GlWezoGY6Soz2hGAP4gvsWnWdMl8xoYdmUtorcEsauKVv2x
10 | m+9XRX/OxjR9Kq9IyFooMBHJE/Eavft2LkT0BQ33g+NAp/NUGew5hQ/jlN2Dm/C3
11 | dAbHBeHAvwR9z2XUE6lf58BVsK83xPJau1PuVWC3yxiRC2B08tWm1Ign2soE6XQw
12 | G7tEjPHbgldtgD/dxcXuuovU5UsFB4gB0rRu06M2j2J5sfWvLarWV8sJ2PXZs6Cp
13 | LmkAVf5EtRnfugqbCJ0Xsb5rgfMJ4iWWyYrIVEWbQ6JmNFDuBEWakh3fKSfvBK1I
14 | gbWYeLik5hQUt4WZVZ8q9jjtyewgBgZDvQIDAQABo4HWMIHTMAkGA1UdEwQCMAAw
15 | CwYDVR0PBAQDAgXgMDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0cDov
16 | LzEyNy4wLjAuMTo4ODg4MBEGCCsGAQUFBwEYBAUwAwIBBTAdBgNVHSUEFjAUBggr
17 | BgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0RBE0wS4cEfwAAAYcQAAAAAAAAAAAAAAAA
18 | AAAAAYIJbG9jYWxob3N0giZzZXJ2ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTA0Lmxv
19 | Y2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAGWF7FwDv6NE0oEBsjmOoLXNw9qyJ
20 | TEiTfrWgHfJ2XFDIbpj8dmquX3TmSneWTFRS8LUwR73zl/JJ3Op6Q5ISBpwSXCh4
21 | 8V9XWOB02fhJN1NhXOqxPgNH4EM2m+x/C1wdpZuOrmZjuH3uAW4lxi3lXS+H2AQu
22 | ixD5dXgzrR8l7LIo6RAibqUs2aNG393ck19BF5ghAL+iZtZs0klTrsAyQnzHIGMP
23 | Za2DnK9yjir0M7n4AXspTvtvFj8Zr3WzCAwKW4w025iGxrbJ7Nu4ED9p65s/KZr0
24 | u8ES5UVaVM1v+7Y+fLzt0v7EX5bSx4okWbNbcMJ3e14JqUGoGMhB8o7IPw==
25 | -----END CERTIFICATE-----
26 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/server-status-request-url-05-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIERzCCAy+gAwIBAgIBCTANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJVUzEL
 3 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 4 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xFTATBgNVBAMMDGxvY2FsaG9zdCBjYTAe
 5 | Fw0yMTA3MDExNTU3MDBaFw0yOTEwMTQxMzU3MjZaMIGHMQswCQYDVQQGEwJVUzEL
 6 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 7 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xLzAtBgNVBAMMJmxvY2FsaG9zdCBzZXJ2
 8 | ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 9 | MIIBCgKCAQEApT8gUAdz5Zgt6Zn+MEqRVn+6R/K9RNKZn7w+KXix7Khfi/67ZOxt
10 | pZnWtUdjgGqPj/Zq9r93OrSb4ZXkquFox1XYdVfyWnq1seIOJfWea2s9iK5UOZEA
11 | MvFHbQOVhV3b2OAtnJEEpuvtbwJsvIRZGYZKxwE2E4rXXeXRzWOWM91KV0Ynoi+V
12 | u1klX/UVB4NPH/ktsm5lzay1otybAEUwy5W2NOY2NhayigV3NHD8vsDnRolD0DF0
13 | mmlaLfinrzyR8/mPrWkCf58sACwIuc1+f8eaQ+j6MxRZHJzX/lzAXlMMDIGAKlld
14 | +ThiCbbOIvTQDdmQnwI8+iRzQLS8SgnTXwIDAQABo4HWMIHTMAkGA1UdEwQCMAAw
15 | CwYDVR0PBAQDAgXgMDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0cDov
16 | LzEyNy4wLjAuMTo4ODg4MBEGCCsGAQUFBwEYBAUwAwIBBTAdBgNVHSUEFjAUBggr
17 | BgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0RBE0wS4cEfwAAAYcQAAAAAAAAAAAAAAAA
18 | AAAAAYIJbG9jYWxob3N0giZzZXJ2ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTA1Lmxv
19 | Y2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAkmk/YJoaCGip+h+kUjmUQHT929TP
20 | Ix3Jd/nA1LT1QQ7b8rP+jImw51CSLbWwNGihVRKkOOR/kkKZLgWdsa77jySKvqnf
21 | 2QX4YcpaSzXitctiVoJAXhyJwEo4y6sRJS27IwFOh+X3gHzPdz7y5KYRfj6OHutC
22 | ArqD6Ohy5dRg1Ixwf2+2go7I1pZIEfzhFHzFUylFmh9ko5EyTQ7cQw8I/D3UI9TB
23 | 3TCPUrlSNGOHuREsGMtF7An5Idxytx6Rsx45sJq89tB1eipS//Pk/obRGCZYIb2v
24 | ZmsOSYeppa+97tr2j3ox1cXgXlIvt7ANroZzVHrPhiOMCztrlkFhlqUibA==
25 | -----END CERTIFICATE-----
26 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/server-status-request-url-06-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIERzCCAy+gAwIBAgIBCjANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJVUzEL
 3 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 4 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xFTATBgNVBAMMDGxvY2FsaG9zdCBjYTAe
 5 | Fw0yMTA3MDExNTU3MDBaFw0yOTEwMTQxMzU3MjZaMIGHMQswCQYDVQQGEwJVUzEL
 6 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 7 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xLzAtBgNVBAMMJmxvY2FsaG9zdCBzZXJ2
 8 | ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTA2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 9 | MIIBCgKCAQEAoVGwsG/awAsfsLb0Sy/GPapkjGnAbumZh9c/9tEKa5ZmbKJnWZVQ
10 | /Qju30IlEiGtPrvBsdpQKowExT6aSK64DytS/aJndT9K9lvzv+Gs4m8eSx1K5Yez
11 | G3QoIxp8TtZOOPMQtSVesUjDOcgmrYXtg4qHayKsKTFzs30t0rzGfjX4V8lYirw+
12 | hhVQAPRAyTtNOG+Xh66t+nUMtOYbM5QWIn5WDPPqzMU1H+DZd7HrOX008/LgL2Pa
13 | z2FNSGhxz6y8re1hF+G+CC68kMayftYRy3B2NX2E6mLI+Rq0mW7iQR/FNicEtGLd
14 | w5LYzIJ460FUc1iRXyO9We1+IgLaLKbeuwIDAQABo4HWMIHTMAkGA1UdEwQCMAAw
15 | CwYDVR0PBAQDAgXgMDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0cDov
16 | LzEyNy4wLjAuMTo4ODg4MBEGCCsGAQUFBwEYBAUwAwIBBTAdBgNVHSUEFjAUBggr
17 | BgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0RBE0wS4cEfwAAAYcQAAAAAAAAAAAAAAAA
18 | AAAAAYIJbG9jYWxob3N0giZzZXJ2ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTA2Lmxv
19 | Y2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAYGlcBAP3Hdc7sruYdxXk8FYFIBrh
20 | vqLLElpR2qQZHfnXBTDjRf4ZyHbrEPsv7JWDlQMXI3U5SBReiqvv4LYgQ3W6PvZ/
21 | W3nKUlClu5L64E7ZGGQvGh2lyNWEdG21dlpves3Sb5UNtZdAuOBBJihHcJsUJGSE
22 | P2+lKy4O6lTTba0H9wt0uOiqwUVkwHMF6rqirncRLihXaLcAOFb+NSuFDOMMEX7D
23 | bAZBFDkk38Y7fBlWQ3sR2EvWpXp1uzg0ug8zl+JbFnlDswGSom1Y/NXBzIDYx87c
24 | BlPrhizNUKrCYT1OFz+a6VIYTNM01vyNZ2QEMYgcL4Ug3wYeb88HxEEeMA==
25 | -----END CERTIFICATE-----
26 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/server-status-request-url-07-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIERzCCAy+gAwIBAgIBCzANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJVUzEL
 3 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 4 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xFTATBgNVBAMMDGxvY2FsaG9zdCBjYTAe
 5 | Fw0yMTA3MDExNTU3MDBaFw0yOTEwMTQxMzU3MjZaMIGHMQswCQYDVQQGEwJVUzEL
 6 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 7 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xLzAtBgNVBAMMJmxvY2FsaG9zdCBzZXJ2
 8 | ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTA3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 9 | MIIBCgKCAQEAqAFsSyRNQXcB3wCzvNycy+hkNORi9gjJBM0lu0BnxVgvlnroEDT/
10 | /ZXwWF4Z/D5jbqCqi9iharH1O2wa0/zofAs0DYxLuSEp9efF/CXCURcQviaNHlkg
11 | iar8KeIB0r31ump0KwRUJgZZuDUgCkgNpn2J6QtjwIe7EB/0wssQE5IemHbMyyCh
12 | MwSoMzwDGtpY2tDRfORPN8WMTnIh6Rfl4naszQ2gvveW0z6Ill8O5OmhOZA1niQB
13 | h80f77MYfC9let5wV+yqHFA6++ro4yiSY4+VLAVEIxw7KZt5nmFn5h+v6Gam3dHv
14 | t8MW7yBzA1vDvDO1+fCywV7F3MGpq/bRTwIDAQABo4HWMIHTMAkGA1UdEwQCMAAw
15 | CwYDVR0PBAQDAgXgMDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0cDov
16 | LzEyNy4wLjAuMTo4ODg4MBEGCCsGAQUFBwEYBAUwAwIBBTAdBgNVHSUEFjAUBggr
17 | BgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0RBE0wS4cEfwAAAYcQAAAAAAAAAAAAAAAA
18 | AAAAAYIJbG9jYWxob3N0giZzZXJ2ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTA3Lmxv
19 | Y2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAUcf3kUOmWALEcw/2DPQWzY7nn0mv
20 | RGlgQP4xl3W0MLXg2IywAqpOsrdR8sx9sNBA7WYtUT0fdR4gs1PWbddQeJqIwjLZ
21 | kOxjNwKVCp4DWiKStYA6bIdzNnxXvMKD4FHAUMBo7jsEGzvln0IfutNeE8WKloAB
22 | nezVDTefi+kbB8npk93yag3HXQldAKjUt8VZwebJKu1TvCSLiq4BXXV2DjGIrmTb
23 | 0Zhdbar1HeEhf1IsnUyxfuCS+eXrVmF6XesRiaWux7Y79SGD37bBAH+dMwEuKH7+
24 | 025W+IXGls4RvwfoXjVe2GNT9G5aLzzKwY2SE+A3GeeAqf8WCeCAA10nCg==
25 | -----END CERTIFICATE-----
26 | 


--------------------------------------------------------------------------------
/test/configs/certs/ocsp/server-status-request-url-08-cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIERzCCAy+gAwIBAgIBDDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJVUzEL
 3 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 4 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xFTATBgNVBAMMDGxvY2FsaG9zdCBjYTAe
 5 | Fw0yMTA3MDExNTU3MDBaFw0yOTEwMTQxMzU3MjZaMIGHMQswCQYDVQQGEwJVUzEL
 6 | MAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEDAOBgNVBAoMB1N5
 7 | bmFkaWExEDAOBgNVBAsMB25hdHMuaW8xLzAtBgNVBAMMJmxvY2FsaG9zdCBzZXJ2
 8 | ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 9 | MIIBCgKCAQEAuDPg2JZudC65wAhHA8hQ/PydGDk8V7ocO1RDKFTp7Lw0Jb5Uz/kP
10 | F5PnZ763kKUA8AIp88AKTxFw4+GTiQJRV5Mg4mvprHzHHkqk1fTSfvWQU4NjancD
11 | RmevCNf9k5H272saSUTNi6wE7vay8nKNEgsWlsJUVGrQHreSXc8VKgNtSl3Qnc9m
12 | umtPHPfS98DvtAWZzCRfTMpeJoAXbntV+TmsSKu4eJPR57u9ZDbMcNnYSB2gwrUV
13 | W6FkRhhrgfCPhBkRw4/WaZcBMoDdg/fjf4LmGeqdrJIwzcoaeAZQhW2+HzsU7zcJ
14 | u0oKFLtTWlySevVPZnOwi06z4uBGv5f/bwIDAQABo4HWMIHTMAkGA1UdEwQCMAAw
15 | CwYDVR0PBAQDAgXgMDEGCCsGAQUFBwEBBCUwIzAhBggrBgEFBQcwAYYVaHR0cDov
16 | LzEyNy4wLjAuMTo4ODg4MBEGCCsGAQUFBwEYBAUwAwIBBTAdBgNVHSUEFjAUBggr
17 | BgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0RBE0wS4cEfwAAAYcQAAAAAAAAAAAAAAAA
18 | AAAAAYIJbG9jYWxob3N0giZzZXJ2ZXItc3RhdHVzLXJlcXVlc3QtdXJsLTA4Lmxv
19 | Y2FsaG9zdDANBgkqhkiG9w0BAQsFAAOCAQEAgIB/wKMd38ZiSGP+Pj3t/h7H3uDV
20 | onmoqGw5+By0B555k3g8AHaGzRw2DTWz+1ncxkDZlZvt/GNDX+gg3B/MxA/HKlQp
21 | nf6Ctbo4MFkHtw2DlLPZSo4KHn5TZnBw26R6SApCIJspGBTjCd71l2i50LsaLC9S
22 | fX5OWl2Abgz5xjX7iGBGbR/4S5tWOc/JmSQJtawLGF1w6JDyCHIjWlmz0EjzKu5d
23 | w0+8BGzR8s116TA9PNn/BMf7lxD3bEM2Vh0wchikliFNO5Bdtzz8CCakvBrHhUK4
24 | Pu28NEST4868VmxhBpn0Im3/3QFfaKuQN2AeAZAojdLorqXwzDZ8wc4XHA==
25 | -----END CERTIFICATE-----
26 | 


--------------------------------------------------------------------------------
/test/configs/certs/rdns/ca.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDBzCCAe+gAwIBAgIUC6fLO8KV763IBygl6/0w7EKectswDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA5MDYyMjMwMjNaGA8yMTI0MDgx
 4 | MzIyMzAyM1owEjEQMA4GA1UEAwwHTkFUUyBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
 5 | ggEPADCCAQoCggEBAN3y74turmqPGPQPxh2i4dWWycf7xQfWykpGvnfBGp09fuoL
 6 | 17IEMwnyW1RUB9BwqNeo/cQ3basCb7Uvy9Jdx2rE7akZK1dt+t28Mh6Iy4knbOnP
 7 | ibeDlP3wBw0VTHJRB63isse1AbLMr5KxNI4oKDuFQsy+dcwuNQlMGwOBJg83EvDe
 8 | OVumlNoRWGdrvh3RpE0GQdUm87wEmxMnf2LPZKuG8bMZ+ErYlui/RA8LjiEhXbwA
 9 | WvApskjyAHuQP0FZ7iE1+qgQIs/Yr9mpjDbthuv2dRULdlKdO50C54fCxP49rmps
10 | Gg3DhAbDIJzvL2eiUg6iyLtErUvHE5Ljvsj05GsCAwEAAaNTMFEwHQYDVR0OBBYE
11 | FHMfJfiA8Nb10G8rKcO/am9Ogo6tMB8GA1UdIwQYMBaAFHMfJfiA8Nb10G8rKcO/
12 | am9Ogo6tMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBABMr45yW
13 | SDHQ+zOW6MXCn2CAqagr9TaRjkqYmaaNh0uDBI+oaFKi8WHCi7jt1iSb2f8wp6dv
14 | jQ97osGsAsU5KgyyliweIaTftd58oegpmADwpQTpVa2RIz6o4z2FKnDm6ZtH5fm+
15 | RRS+FpcS81s1m6e3gJ3Ie4nIqQRrBcvKpQEgMgiwJH4v2rIB0RvkTztA2EeVyyH/
16 | IjbrbO6Rc7EpEJNbsVWHcKt0tMNx9F1qicgscrcEgAPG77yz1bP4jKSqhXt6OhM9
17 | lhXFq+EbzAhbPzkgQuxghHxJuDNZDafKvf1cl/b7jEykLEiKo3s1oto+9yzRKZ2y
18 | uKJ+WESZ0V6XOU4=
19 | -----END CERTIFICATE-----
20 | 


--------------------------------------------------------------------------------
/test/configs/certs/rdns/client-a.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDpzCCAo+gAwIBAgIURF3HIP6jjAixTsMisMxARhqRfcIwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA5MDYyMjMwMjNaGA8yMTI0MDgx
 4 | MzIyMzAyM1owgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL
 5 | TG9zIEFuZ2VsZXMxDTALBgNVBAoMBE5BVFMxDTALBgNVBAsMBE5BVFMxEjAQBgNV
 6 | BAMMCWxvY2FsaG9zdDEUMBIGCgmSJomT8ixkARkWBGZvbzExFDASBgoJkiaJk/Is
 7 | ZAEZFgRmb28yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtslLv6qg
 8 | Q/qyhatn9iErsOymZaZ3uTTeEV4QCtX3tW+k7WYv4Q3g2gaNAObbRZ/pZm/fQ1sE
 9 | IeVGTjq47nnmS44ZDCAaplWNGfMLtAbnWBVq42xBBc9qADeFF8buj7ynXB7CUB2z
10 | I1b8Uo+xmrlGn2dTGZnMUYs0A1tPmw9DQyhEUeCa6KVwvvQrYbPTBvFSlxs2BAV9
11 | YPY9q6UWdOuGQ1BDNyJmSOXwHXlD2brrYNifbMIF76aVaVzjEDxkek1GbEGQvGd/
12 | c5tzir7MqihOdfYKQuWTUzJvcWg/g3fLcr9zoTJ1WbyBAb7ScrCktO+nBqscCHhT
13 | Wec5Mojc2egNowIDAQABo3YwdDAyBgNVHREEKzApgglsb2NhbGhvc3SCC2V4YW1w
14 | bGUuY29tgg93d3cuZXhhbXBsZS5jb20wHQYDVR0OBBYEFCkA7CbJMs70HE5rQxHm
15 | qHL/UgkOMB8GA1UdIwQYMBaAFHMfJfiA8Nb10G8rKcO/am9Ogo6tMA0GCSqGSIb3
16 | DQEBCwUAA4IBAQC87KaD2UuvQWIbSPOKy2iPc5bHrsmzxtPzT219NqzI4JZ9QeAz
17 | btvLlMxgACreCb6wzYxaOjbU+O2LqO7mq/M4UyY1+wrAwYn+c3rVcimuPa2bGKin
18 | Le+aBr/4yXAahqH4DW5K4x3x/7c7wyNlj9MHUQDl9A/JHsit68hw1YY/1ALPaOpg
19 | 9L5K52gGHVXrxb8In8OkJEoM38G5Zstiuh1umsWNWBp6Nd/FlNr+XbvNuFsWLC/V
20 | lTaHxFt9WRQNINc8RpK4YCHRdaOiEqAGexDkHgNaLHeHEwCvP3Zhj7Zpp+svlmm8
21 | cLL2A5wl0T0OEehT9wxKaG5cyP7jfYfJmENW
22 | -----END CERTIFICATE-----
23 | 


--------------------------------------------------------------------------------
/test/configs/certs/rdns/client-b.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDejCCAmKgAwIBAgIURF3HIP6jjAixTsMisMxARhqRfcMwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA5MDYyMjMwMjNaGA8yMTI0MDgx
 4 | MzIyMzAyM1owYjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtM
 5 | b3MgQW5nZWxlczENMAsGA1UECgwETkFUUzENMAsGA1UECwwETkFUUzESMBAGA1UE
 6 | AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0h0s
 7 | cYMqt2HeBy6c5qUXHgkPMuKqrMrImdgv/R4cHL76FF0SbyweVc2G9e9NgGTYG3n3
 8 | 68/EURnGmmLj0V8JIrURm/zHZgvwBYtmgC5NTOBCsxocOSI8i+rX5PqmocZtCAAi
 9 | VUFvVu07PDuqHap6np71y870zZ9FFlr+42aJzqap0d+gqMSI/VhjVyJcA7XE8AqC
10 | 33fVfpFM1z8myFawC9d7Sz8qWe36cgJMHf+KmAGefR20bEAzb2CLZMHuCUIhbeD0
11 | PePnhg17ZA6rbSj4uLlFIEhqkc0zZL5DPigIIUQ+OVzdidboMNehhlLeLECj1Ykw
12 | 4dOskPzk0V+wsrr5hwIDAQABo3YwdDAyBgNVHREEKzApgglsb2NhbGhvc3SCC2V4
13 | YW1wbGUuY29tgg93d3cuZXhhbXBsZS5jb20wHQYDVR0OBBYEFBN5/1B/G8UTcl5O
14 | tqEHRzrAJ4IHMB8GA1UdIwQYMBaAFHMfJfiA8Nb10G8rKcO/am9Ogo6tMA0GCSqG
15 | SIb3DQEBCwUAA4IBAQAioN2YIK8yKkyn3x/UH+YhgLJj9CZfkCPa2uJTBaXCmZcv
16 | KBPfjs4bQ/c6omLzbGnIVEDHjUEzwxUf40cVQbciPXvrVxB5PIcUY/e8RAgFux7j
17 | YnP4F4fM4DC1yOA5AIqWZGX66GVnw7rslxz5Pko6QKNaHuVgwHHEizN0d8hHexdH
18 | rGHtX3tsFmI7GOwsVgLJNV3VcpT+W8ZdviHtbjL2gR3N/KpXSU3FHmDC56Zi8HyA
19 | iUICVuCo06LCEq5J8M8f5dBEMtLJ31gDX1c/arLJuS6VS/+XrC7lKNT571SXPa9x
20 | gRmY0EtzyYut/yfG2qXWV9Xi0DbrZUKZVIUcqd8y
21 | -----END CERTIFICATE-----
22 | 


--------------------------------------------------------------------------------
/test/configs/certs/rdns/client-c.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDpzCCAo+gAwIBAgIURF3HIP6jjAixTsMisMxARhqRfcQwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA5MDYyMjMwMjNaGA8yMTI0MDgx
 4 | MzIyMzAyM1owgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL
 5 | TG9zIEFuZ2VsZXMxDTALBgNVBAoMBE5BVFMxDTALBgNVBAsMBE5BVFMxEjAQBgNV
 6 | BAMMCWxvY2FsaG9zdDEUMBIGCgmSJomT8ixkARkWBGZvbzMxFDASBgoJkiaJk/Is
 7 | ZAEZFgRmb280MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtHi5pKY
 8 | +Ee6Oz4cfhFLiJzCpBw9sqGFSA3N/oqb4/926bcVlXEWaFq6BS61K6EhpzwSNrLV
 9 | xxhbYuapAgo5rFi7InaPJbg7C56/ZAUGnwaFfrY/rv2ZCUnkyfm1V2hkvRkeKxr2
10 | D4MEQ3crnm0Uq6lvxgeQoadF+CasTRq1/kq7VOH89t3gaYNfk7/U3d8YZcOBXVQK
11 | YUmEvTWC4O3zaSFcFy3L8l4C8mtiDryLRxjNU8lquI7Dq4FNt8+uNBs01BCInN+C
12 | pIBe/AXt2TftKBIiK6I6VG/SNJOdjYRy+iY8btNfyCIGp+J+4f7a9zuOGDnjX6Ub
13 | Z+0UgAnpZIl1KQIDAQABo3YwdDAyBgNVHREEKzApgglsb2NhbGhvc3SCC2V4YW1w
14 | bGUuY29tgg93d3cuZXhhbXBsZS5jb20wHQYDVR0OBBYEFNZnXD/At0QIFoqsEUNn
15 | hd0XqkJWMB8GA1UdIwQYMBaAFHMfJfiA8Nb10G8rKcO/am9Ogo6tMA0GCSqGSIb3
16 | DQEBCwUAA4IBAQCiIEr4+IiHo4PLK41l6Yuo6QKETZg5tNKluqkT7r5ulYaTss+C
17 | O7nBIZaVAK3h5+uRTzrL2mEUyme4tYBUaIxqVTnjDgIbeKvg3Z0k07Zld7+eeE/B
18 | vnPk3c4aZaKshcbKoA+tZUeHk+BYZ28YkDH70OYsyVhemvTVDDy2EZGdgeaWJAbx
19 | RcQ7iVAIR8SEgJy9PWZMAFChNxa2N7Q1AcEqnU9UV0+XOHVHe+PYgK7SfuNOxM6x
20 | rP2NnkLenDoZ7IXEvl2WYVlnJpIZiNTRz94nkTz5MqjCuWS+YGYlPz76gpGPJ5NT
21 | VEfAZXP0EW8NWJ1XEIM6+u6c1SWnSJfTt6im
22 | -----END CERTIFICATE-----
23 | 


--------------------------------------------------------------------------------
/test/configs/certs/rdns/client-d.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDrTCCApWgAwIBAgIURF3HIP6jjAixTsMisMxARhqRfcUwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA5MDYyMjMwMjNaGA8yMTI0MDgx
 4 | MzIyMzAyM1owgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL
 5 | TG9zIEFuZ2VsZXMxDTALBgNVBAsMBE5BVFMxDTALBgNVBAoMBE5BVFMxFjAUBgNV
 6 | BAMMDSouZXhhbXBsZS5jb20xFzAVBgoJkiaJk/IsZAEZFgdleGFtcGxlMRMwEQYK
 7 | CZImiZPyLGQBGRYDY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
 8 | sZDwEJA7szb6if4lTrrnBou59jd1SNAlwaACFE5clp3+95tlTo3l1AgS/ebKN7hg
 9 | XdUPkfQcBJzx98PD+8xJ9NO7a8s7JBssIxKgp9lmFt0ygRrhYbk3ObBROCHrAo4J
10 | UcHm7Ap+/Fe5BEZ8/f4UYFCxCET41mZHcJ8TtN0v+J/5czMQpGXS48iFqa/fQfZe
11 | Wd3QBZTHIUaiiu/iCRqKzYxCJFS0CB3VhVAJyNmQYdF5Lnm6sYNOtXYRJ76PGgYv
12 | 4KnHP/CFX51G15pkDOJz8ERczmNf/oXwijiEdTAEGe8nVytQtLbqEd60r1BD4E+z
13 | GwKIvD2SGqCwgWxQ7ENC4wIDAQABo3YwdDAyBgNVHREEKzApgglsb2NhbGhvc3SC
14 | C2V4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5jb20wHQYDVR0OBBYEFM4b9lmfPrfM
15 | tHVxnMbxR8oyE0ZtMB8GA1UdIwQYMBaAFHMfJfiA8Nb10G8rKcO/am9Ogo6tMA0G
16 | CSqGSIb3DQEBCwUAA4IBAQB3O3Q+oTfAVitx8K4+ZzXILszfblsGO4kvwvxV6EUB
17 | BUsat6mjawFTGhB1TdBR0CflA/nCjTZpoXNY+nCoJmr/Lxk1V+UNn5zhFTTfhZjU
18 | PA+++5QcYxXz3ukCEqTHLPZKvv2xB24xQUmsdwLlX3VGE1VqBfaz/2x6jFTVT3lz
19 | 4W5JPltgFSVOLqQC1T0MY8L0h4eL+JpynHPjMkEwb0U4RPaSBhiRSjHD8dgoZ8Ft
20 | ZbV6WCJeBYey0edKNwujuLl+McVpx6DIy8BPGPEcuo20Sy1BP3JAoN1Wu5J3zLBA
21 | AXwUZ6r7jAjU5v1nx6ijwtv3qavBVdclOlW0aDu3+Y3z
22 | -----END CERTIFICATE-----
23 | 


--------------------------------------------------------------------------------
/test/configs/certs/rdns/client-e.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDnzCCAoegAwIBAgIURF3HIP6jjAixTsMisMxARhqRfcYwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA5MDYyMjMwMjNaGA8yMTI0MDgx
 4 | MzIyMzAyM1owgYYxETAPBgNVBAMMCEpvaG4gRG9lMQ8wDQYDVQQDDAYxMjM0NTYx
 5 | DTALBgNVBAMMBGpkb2UxDjAMBgNVBAsMBVVzZXJzMRYwFAYDVQQLDA1Pcmdhbmlj
 6 | IFVuaXRzMRQwEgYKCZImiZPyLGQBGRYEYWNtZTETMBEGCgmSJomT8ixkARkWA2Nv
 7 | bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGg6vnpOjEgyfClqVW4
 8 | UnAOc+i0DS2geZB7b6IZS2w5oNBblRIrKdXtis/YOQFPNqL4rKgDpxbpvcyLwUiK
 9 | 8mT2GTGdansK5KfR0VlWjIzBK7J6XD59/7wKfqE2aD2zQGBCSWTql7kuwaFHC6fo
10 | I0+eUlqljJzBofd7tbh+IWuzmePPjKthBNBk8Dp8HJu1xPk1q08xYHMIeX0egHMt
11 | YQ6mE3sP49rkLHTPCod/yHn80lRZec07z38pxr2gZk6bq3b4OTQ5hr6fDWx3UJaX
12 | NJihuKVCIQSJguc+BEug2Im3uENmoTi5tVwgOm039J+I6vlyDppqjZV1vQ+I1wqf
13 | nfUCAwEAAaN2MHQwMgYDVR0RBCswKYIJbG9jYWxob3N0ggtleGFtcGxlLmNvbYIP
14 | d3d3LmV4YW1wbGUuY29tMB0GA1UdDgQWBBToYUZkIK4kXJRs9Af7V10od3oJiDAf
15 | BgNVHSMEGDAWgBRzHyX4gPDW9dBvKynDv2pvToKOrTANBgkqhkiG9w0BAQsFAAOC
16 | AQEAKMs8gDYeTAITUMJ2cfQqU2t1I7DGIt4eQ/bJ1LWOhC6eUXpUrwjjNo4pq95P
17 | cct0haleycD4vjZF4/Jv81oSIUsGzQ8r3LZhJlPnzbZzaA4i4Tpxnw8JRE5iiF+z
18 | lm0Cl783Nh8voVKE1uJrSx+pMTH9Ihwu7vBklNI192zLPLPtDFSZ497oLVt1e8Wt
19 | 2urYXF4/Wb1pyGL49gp/eOAEpw2j6pyxGSK/QyXyvvPnDLqNXJCOTyx7YQRvZnBy
20 | h9vTtHg4HSKmgrOHA/taW051lh2PQbi3pbi+ik3rk68QY/Y7b3fKjc/6lvXPRoh+
21 | 94valHgOVFJaSG+Qil0A8i6bzQ==
22 | -----END CERTIFICATE-----
23 | 


--------------------------------------------------------------------------------
/test/configs/certs/rdns/client-f.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDfDCCAmSgAwIBAgIURF3HIP6jjAixTsMisMxARhqRfccwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA5MDYyMjMwMjNaGA8yMTI0MDgx
 4 | MzIyMzAyM1owZDETMBEGCgmSJomT8ixkARkWA29yZzEXMBUGCgmSJomT8ixkARkW
 5 | B09wZW5TU0wxITAMBgNVBAoMBXVzZXJzMBEGCgmSJomT8ixkARkWA0RFVjERMA8G
 6 | A1UEAwwISm9obiBEb2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg
 7 | F4OXW1j7wJKDKq7dKn4MU19yTzR01MkX1rsrC5kkFsihxNYd2pc8MdGB+VaJXaDw
 8 | T7p/TL1FpGtKykgIp01nzceJNrfV6T79aslhvB/nt0BTKlCDDZTRogS6viJUAZGq
 9 | RSWzbGcXt5GRLpRGeXO6OpjVdQQqDwTMdbuHRTZ99VDfy1x8TwzWX4NA7xNUuoPf
10 | ynWmmHKf80/FkIgxWaRHDwUtKxn4ItVKNfMDAWfArdTMH7ZO4AYfIyM2WS82H587
11 | a0DilwR1Pcr2q7o6mFB807sdSrjiClUhWwM6A0KVsxnUvQAWkyYh9n01vnDYHrrY
12 | K74q1uMUJogc45EXMhGfAgMBAAGjdjB0MDIGA1UdEQQrMCmCCWxvY2FsaG9zdIIL
13 | ZXhhbXBsZS5jb22CD3d3dy5leGFtcGxlLmNvbTAdBgNVHQ4EFgQU1Fzej0nnnMw9
14 | Aai0AC5g2XsdiDcwHwYDVR0jBBgwFoAUcx8l+IDw1vXQbyspw79qb06Cjq0wDQYJ
15 | KoZIhvcNAQELBQADggEBAKqH6YEyYgW5CnhHNOlbvB7kCNrQN/nAITWJILkJRtch
16 | hMhsODV49fj593Rp3vTJXJ+fRCwJeF5pCfHIyUaEC9FM8IERzK7yZUW3h6X/KfwW
17 | vHdRabjsuNuXk92wvslZK82jjosDBvdLv0pnApVv5OPnSXDUr/kGFnXhe7OQgLAb
18 | OE5o3jRHWGCiSa1CnXrY4fzjDNR/MRgk7N7nQ29cY5fC//3jtBlYlcY7smjH81OF
19 | 9kFgQK1Mf83cN3zFLkVejLpquVM1CX210Z0GV7hEg6zr0jS8v1YRnCQ9xp+Euhd+
20 | TIU2SuidadW4ww/yCWsBfBuoX8ijByvG8sYyQ/jXL3s=
21 | -----END CERTIFICATE-----
22 | 


--------------------------------------------------------------------------------
/test/configs/certs/rdns/server.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDLDCCAhSgAwIBAgIURF3HIP6jjAixTsMisMxARhqRfcEwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA5MDYyMjMwMjNaGA8yMTI0MDgx
 4 | MzIyMzAyM1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
 5 | AAOCAQ8AMIIBCgKCAQEAo3NC7pQ04mKV17U011vLm2bnlN2m6teq4sWyG6UPoWZa
 6 | RoTzjA0GwRCXRbrq7ehosFCWLz6J7Li8TFYcAwRsCgLPEsNL48CB6DzQaPKCmu5V
 7 | ugXtr79flQYgznfLmu8Z6ywZqSoAAz+NGiflQIEkggFQQNfbRtOQiW8RpxhwYF6j
 8 | cDGpkfg4UGKdSVfCaorxgOFKjgHIRzsqfbnBSLSiehHgf6qtTudypxHAeVqh2Bst
 9 | Ov7ST0P47HUMWpEmlTKyr64U2OF5EjDwALDnK1/wRaVpJaDbYSAmD9kTs1dh2Ew3
10 | 0IBrdUlOMHTbHjrEX7NE0ESjGtvYMe4kCKR9w9ovxQIDAQABo3YwdDAyBgNVHREE
11 | KzApgglsb2NhbGhvc3SCC2V4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5jb20wHQYD
12 | VR0OBBYEFBTXnZytLW93IszwKUGgXXh7OdNtMB8GA1UdIwQYMBaAFHMfJfiA8Nb1
13 | 0G8rKcO/am9Ogo6tMA0GCSqGSIb3DQEBCwUAA4IBAQDCrwa/UTnBOoJ/X2FIfaWP
14 | g0llr0OSQx3l2RweWte6O90VB9AWTgstYRVErmYyXV70lYNp+HOPpxak1DEGr+P8
15 | 4REsMjX+odz9+UGOq/n5N+0VAfLTsQ9CG5EnHsfzwamgL/Ax3czrzgvmP4lz0tvp
16 | 07le9YUWkuG9UsUhN4/qe65LVweg8AfhihiijlcQe3WnrB7WvyyOZO81lBnLIIar
17 | qq62NSNxPWNa/TGX/og+E5HwTPcMNeMOsok5D5TQtx1zNX+2Zj7i2Py3ScTCCY/G
18 | 4U1nO4k+APE/3BKuvnrz8ZJ1UglT0lrVEkVqzW7TNCJpDz37A9QIQVLpw8oOr+Yc
19 | -----END CERTIFICATE-----
20 | 


--------------------------------------------------------------------------------
/test/configs/certs/sans/ca.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDBzCCAe+gAwIBAgIUc56AEpW980qCeFPAyYjDMQmgD4MwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA0MTcwNzU4NTlaGA8yMTI0MDMy
 4 | NDA3NTg1OVowEjEQMA4GA1UEAwwHTkFUUyBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
 5 | ggEPADCCAQoCggEBALcG8Uka9njBYwtVEachD6ZzpiEZV8CVHU4lfXv2e0VD6D/z
 6 | Q8DTWc7TRMy+15u/h8ZSNSQm2mNVDUA5SbJPoeka6LqXl47ZMhY9fwIa860KxphQ
 7 | ODdwu75v6jjh2IZz4BW3PGjeVAN6pJfejmn07y/lGa+jDvKPl0BEee+Vj2APpDu0
 8 | JRtnNoLvJryuddQq9AaagPXP5wsvS5mRVqjM3w9dvvxGJUZW+nEKDX0cEw3nv1h4
 9 | K57Z/fIHOk9cTH2b960QG/MjadJi/8tvVduBRt6ZZj9M5xQ4dg5+28lJbVq4eoAi
10 | lN4XIbah1tg2q0zWBprYieVLWEgT6680rFMrI2cCAwEAAaNTMFEwHQYDVR0OBBYE
11 | FK442m9BmE189lFzd57Hbz/b95psMB8GA1UdIwQYMBaAFK442m9BmE189lFzd57H
12 | bz/b95psMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEx7HfRg
13 | QoInmdQwN8IKVB21RU7gdkFT6DxmS/ZEW3SFXctrkPftyToJ3PoFlp7rYooKCI8e
14 | MPOo2GeSt8Ocv2A9qgV+X5euZzKDrOW53kvk6BpvqiadfmOjw/aa4HwjSDh3lUwP
15 | hgQWriNYK7NBXINIxHXT6tRv9NvIvR3UeJ2DBujwAF5rBmTIBI9b5N1oQnE2jeY/
16 | 2LsV8rcnWRcYEoyhb55AJ5aD640saGJ0StmdwRK9nOFzg02xUP4z8QuentlwPVVo
17 | DhCGGbMLY9fneXjrD4jEUjAHn4CWuPLdn/agIrC96qv+PZYUl9hJoDJnshuPczyR
18 | UQFYI1rGa9JuwRw=
19 | -----END CERTIFICATE-----
20 | 


--------------------------------------------------------------------------------
/test/configs/certs/sans/client.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDLjCCAhagAwIBAgIUTOgYUed1dyp+Gan755liL7b29wEwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA0MTcwNzU5MDBaGA8yMTI0MDMy
 4 | NDA3NTkwMFowFjEUMBIGA1UEAwwLd3d3Lm5hdHMuaW8wggEiMA0GCSqGSIb3DQEB
 5 | AQUAA4IBDwAwggEKAoIBAQDkjw4sZLkZJPTP/c4gIPXr0IacaCvNJne8fivl1FnV
 6 | g0mG80zXQcXuPKi1HF3Qg/qZu38p6oZTfeJmsjkCGVSsNTSY3yqZCM2mLIgQmaSC
 7 | uKtnvIWjeBUtmMAx6bA0OphD5rYaItflqaVTkJd2qDALXh6cHI8esCigBAZsnUS9
 8 | 0mAgDCQVahMIDkz4jFC/AXwnJUlNzqa7w9PASIakuGFvCWgv6uS57BOgn+c3134f
 9 | CYi2s+A8xhg4o+GanV6+5sbLuwMPo+0DvBfyvkXIt51WoMm04gNymiVYYZxbNpe9
10 | M33ICQuFAoTb7RdN7mUylBVM9MDfdG7ne6TG8J8Rzl39AgMBAAGjdjB0MDIGA1Ud
11 | EQQrMCmCCWxvY2FsaG9zdIILZXhhbXBsZS5jb22CD3d3dy5leGFtcGxlLmNvbTAd
12 | BgNVHQ4EFgQUiUGJiS99EVH6/iPsQESqZSfXxCIwHwYDVR0jBBgwFoAUrjjab0GY
13 | TXz2UXN3nsdvP9v3mmwwDQYJKoZIhvcNAQELBQADggEBAAugrGg7+6LX7UZ6YhCM
14 | P/CGBnxIMODeuikNf3OAEjwNRJjdcy8OyHKd9pSwEzNZ0jZCN127UDPHQzZGw5JE
15 | KCe3B4a0Lh0G5BQVOOTcUJM9et6aFtBDvNbKhiiwi11d5aAEQX7k3ugPPaEjP9si
16 | SM1b8UBcaO3mGSnveMVjBiInzSkJdc8kPaAsssqvledmQa9RyM1y3ZEcvixbF+6d
17 | pfQG61UXR3rnGEUAoHWmnKzJ+o/kFlThd2jtKT8T4qp2Ws1ga43V5kacFqyWcpfy
18 | 6dK1lfr3Mx4qHMlnFp7O9L4ciFLtLiv4ua9fi4zH8zS7EALkwQKxhaDHo6Afi1mI
19 | ASw=
20 | -----END CERTIFICATE-----
21 | 


--------------------------------------------------------------------------------
/test/configs/certs/sans/dev-email.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDPDCCAiSgAwIBAgIUTOgYUed1dyp+Gan755liL7b29wAwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA0MTcwNzU5MDBaGA8yMTI0MDMy
 4 | NDA3NTkwMFowFjEUMBIGA1UEAwwLd3d3Lm5hdHMuaW8wggEiMA0GCSqGSIb3DQEB
 5 | AQUAA4IBDwAwggEKAoIBAQCoFArKsSQLasobBGo4+d2WUxjW3rp7qMZ2M92RvefI
 6 | nqsAq3MBstcsKIV6RrvJYiMeCw4gXkrcnYGM56/QtNx6fapKltO8FSOs7dSWLQqu
 7 | vOmYbPHmhDzVyb4/Wcied0i/LyeP5HlUtz/9F22R+MNLhCYacSytogTz9ZoCLLuq
 8 | faAfP7MdqajDeewSn9fO4AAtGbR7ysYU5lkT7loxW9+VDXN1wKP3U+ziHJVPX2+4
 9 | 38OXEVFlM2FCk8qdOja7lmHJnvZcQD7qOywQqEsY+mcjh/+JZk2xbhScSB/bsZFF
10 | IIfSu5qwUJm2lP9uBksk51FCxWjB1ldAh9mSyH1rT3x9AgMBAAGjgYMwgYAwPgYD
11 | VR0RBDcwNYIMYXBwLm5hdHMuZGV2gRJhZG1pbkBhcHAubmF0cy5kZXaBEXJvb3RA
12 | YXBwLm5hdHMuZGV2MB0GA1UdDgQWBBQfZUwRFVCxJAU4eNYLvovRmH6WezAfBgNV
13 | HSMEGDAWgBSuONpvQZhNfPZRc3eex28/2/eabDANBgkqhkiG9w0BAQsFAAOCAQEA
14 | dVs5iZ1SPtR7fGQoNnMocd2GECOMZQ5cQz27GtLb8jKVbblBjWYNECUpHA44gWhx
15 | YhT4gEBww0w7FeQEnWyNMj8vidEm/Fkz4c01zDqwCd5Lh4UyQlWRwppHnV9+j9Xa
16 | Ye2T89L9txLFzkaHZDhbZJy5/SDs2lRy+6IE1vxmiMZdVIzVzHhLQUIBfC1gh0Yc
17 | qfn2RVbulW11CUgSNXj7G5TPkHw/RG/vs3AsDdgXaCKfwttTirrpFl4OvGKH+xSV
18 | XMykd7Ck3ScD3oPpp3oY/Nq8iHBB8EgB6SZSSVVL9zl/4jo1s5IBr2ekAhSv9HGj
19 | 29VtK+VVixHazzkGdvS/OA==
20 | -----END CERTIFICATE-----
21 | 


--------------------------------------------------------------------------------
/test/configs/certs/sans/dev.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDIzCCAgugAwIBAgIUTOgYUed1dyp+Gan755liL7b29v8wDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA0MTcwNzU5MDBaGA8yMTI0MDMy
 4 | NDA3NTkwMFowFjEUMBIGA1UEAwwLd3d3Lm5hdHMuaW8wggEiMA0GCSqGSIb3DQEB
 5 | AQUAA4IBDwAwggEKAoIBAQCdqfE5jKdpe3cJ1Pd2mwBtfaDnaGsfOxyy7VsIFMGd
 6 | ekkJ7KIN6wX+O0nFT8X8lpC7YnIgTzpZl2/YGzlntFaAZ7cZMaeCuce6HsE/vofO
 7 | mMrNnT2pEp7z0DZn7TzjMdCAyeCnG3N4XGe8lRCQLVqHwkuhjlcr8r0A9CWfx0bc
 8 | 2zA1ZkiprnF3Qf0KbN4SfR+oHczsEO48yXD27X42IX3tUU5sljVbDd3TFKSyS4l2
 9 | EebzhX1bNUj68jvxrDgo5ZTrMSIaiMtLSsoHftyCbvG/Rxd8LlAeWqgqkdKXUj8g
10 | sL4dCfzRjj1MjWSx1Mjcjp6ujHRyXeFrbvSq6bvzPXoDAgMBAAGjazBpMCcGA1Ud
11 | EQQgMB6CDGFwcC5uYXRzLmRldoIOKi5hcHAubmF0cy5kZXYwHQYDVR0OBBYEFDvM
12 | qcu0rwkeE32c0A2VgPLmf4eDMB8GA1UdIwQYMBaAFK442m9BmE189lFzd57Hbz/b
13 | 95psMA0GCSqGSIb3DQEBCwUAA4IBAQBxVdfxsnSvL3WTuZroo+inViR8T7RV2Dys
14 | 8NiwvO1o+uNATmzV5v2iLux2INEXBgt+71OqzcPPiTvjHcBkh6aTCk2N54mYRK6Q
15 | L3d7wfeYJhHUfeC/idM5c8UQVHkKa7Em+6D/IoWnzen6QTs2CtxJ+UE4Ie56DTHQ
16 | 1qc96IqNUKVAq61tZe9u89sCsn9S5r/cyBa8pTMzfjZ6FHJFC/MZHu8InfNJ13MB
17 | q5edoCH761+MbyXz/JyrU2hTcno0z1ZSS6VteehDPdnDPjysoZPCjn1jP7G4rZ3W
18 | eevtdw2p2SP+jdFt5Hy6tvy4sXtj79C4MHVbsAVw6hkE5PNoNRM3
19 | -----END CERTIFICATE-----
20 | 


--------------------------------------------------------------------------------
/test/configs/certs/sans/prod.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDJTCCAg2gAwIBAgIUTOgYUed1dyp+Gan755liL7b29v4wDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA0MTcwNzU5MDBaGA8yMTI0MDMy
 4 | NDA3NTkwMFowFjEUMBIGA1UEAwwLd3d3Lm5hdHMuaW8wggEiMA0GCSqGSIb3DQEB
 5 | AQUAA4IBDwAwggEKAoIBAQDQhGgjBMhK3sIJIAKwXPUd/QrxbHQ+fGkXsHm9EIMz
 6 | m9krVfVvsAqjrZyWHqiJ16N66+ysWqVe0AiuV+tHoilSzEZhfTRsVz+CPDBotyW8
 7 | rK25SgLRoQ3AnmG2Co6s1Y05HNMyuUIpoXg6Y0+klARJFsOp2kDhCyjW2Vz+M4pJ
 8 | IMY69y4IGjlCWOc4IiQKKIJjD12FxAe0/wtnU4uypTXqKAYUQX88TS4mCBgxPYh7
 9 | XZrWfwZzYkXnUAxXy3OIqXtI2ZuQ3MkgaUckjPJkJNBaLcGgAJq3Msd7t2kXulmI
10 | JTnpw0D4jd12v19wDJCxTuaBdiUhhkZX9fyFLe6T6NopAgMBAAGjbTBrMCkGA1Ud
11 | EQQiMCCCDWFwcC5uYXRzLnByb2SCDyouYXBwLm5hdHMucHJvZDAdBgNVHQ4EFgQU
12 | Knk97WhPStd4LcWf52kZxmG4PVowHwYDVR0jBBgwFoAUrjjab0GYTXz2UXN3nsdv
13 | P9v3mmwwDQYJKoZIhvcNAQELBQADggEBACiIPya5Mgy2y4+PrBv6KbYBvpSMA0+g
14 | 6OCq3pX4+okIGBoytjL+0DJchEAVGHxf6qnMWSQKnBFgjCHbi805JgJu819PDWFr
15 | lyWsH/YuWP/Df9zl6KiXbrLUBBnGT+bxaqc/FVEsJrhB+29kIrDmxdcL/CcmihwF
16 | pAeYMDs7zjn3W8BQiBG+odapzP7VHsA0L/HpWOZrvJnSIU4vAujnn6SYRyk5y1T1
17 | 7o7nSKo7Fh4YjteTUGzOKFKDS+Mk3SxXA+TIqskV0ZWgZD4KebN69VZWRXgDwTpT
18 | E9jt46Yzmk3RD1NsrfwmgNSGet1+mOzjOLzzXjlxl7qmpYvbyx8U+9c=
19 | -----END CERTIFICATE-----
20 | 


--------------------------------------------------------------------------------
/test/configs/certs/sans/server.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDLDCCAhSgAwIBAgIUTOgYUed1dyp+Gan755liL7b29v0wDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA0MTcwNzU4NTlaGA8yMTI0MDMy
 4 | NDA3NTg1OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
 5 | AAOCAQ8AMIIBCgKCAQEAyy4AWAwUnjXpofG/cj5homiZEpCbWly+xEntYf2jaXQk
 6 | a5I2u13R6kNtGth/V/eJ17s7xW6ScPFRk6vInxnrd/vvgCbxD/i3yux0iL58nsCl
 7 | 2fjqn+QCYNWCG95N9VRsxhI4451uxfxsONqisme/ghJyBW6OJSxQaExr8yaNjsA1
 8 | Skwm8vRONvLXu6x9fhdDjgDUhvki85eVY24na+Dq8kz4ztqiUrNtq1Z742XXBt/G
 9 | dWprOrOH8cEFr7g/agQa29Bhrb1T9nGAXl3zkzsnUuSMTnq29BG24o7nV1YfsR93
10 | UYL33iWVk6noApLU+jhGtaXu0NwaDC7ZNByTu+0bawIDAQABo3YwdDAyBgNVHREE
11 | KzApgglsb2NhbGhvc3SCC2V4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5jb20wHQYD
12 | VR0OBBYEFG5wB9htqpiQze/q1+9rPaq1HlcpMB8GA1UdIwQYMBaAFK442m9BmE18
13 | 9lFzd57Hbz/b95psMA0GCSqGSIb3DQEBCwUAA4IBAQA1tni0pG6LtlStmEUmn9xJ
14 | mcWlWgZtmUbZD7aE5P+SFLt02TY9ea7IoMy3Rv1yRihxLgURNB9Y8aON9IrraVRf
15 | U+EizfG9goQQINs652TNMoxjNEwbF19TzgY7k445gkcl8aZ5fGJJhxP7UGBC5xYL
16 | 1Cx0uINiqs0fb3pPrcvhxD+I5tHDwJY7maW0fks/JD1M738hl5zpV1POMvarDFW0
17 | L4LUDweUuNeylOWyCBv6WFV7avSsMmoQmUvUZoPqp2gk0A17pDeuufI84fHhEghU
18 | UigXcElvZkaoThbE3YA0Hq8UJHSzAe8x0bDSRz4WfNzeqq1RtdZ+H1uPoMIJbZ4D
19 | -----END CERTIFICATE-----
20 | 


--------------------------------------------------------------------------------
/test/configs/certs/svid/ca.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDBzCCAe+gAwIBAgIUHba56kOIMIRpaKPovfEccmejyJcwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA5MDYyMjMwMzZaGA8yMTI0MDgx
 4 | MzIyMzAzNlowEjEQMA4GA1UEAwwHTkFUUyBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
 5 | ggEPADCCAQoCggEBANdiWWtGIZHVY86tPTt83ttjmrw+exvXNo7XdmVN1CmI2wRr
 6 | 0CQ4vs1oBkVkn34p2FBhCBsBRvkK/LBQivJ1O8OurOCFAtoef1UQfHvElYlFoJhK
 7 | oHswFkKxzui//ie0hA7gf9piEF1xfOMQump4xJIumcf370qZlTgCvFTR2rH7ZjNS
 8 | gINezOwPznjXv3uSyvGtmcuS43EOa1lQufnmlj8xPtOrSCRQD5F4Okd4SVC5/0vj
 9 | Q4N255Km15HiYM09CYuhMTmrBOzKGMUGCG37XbUKG7e1HCmsmrESPB79gHqsAVWe
10 | WBbAu6Z9h6v+MjxQ2hKyJWWPxOgxHXWQhUXo0ZMCAwEAAaNTMFEwHQYDVR0OBBYE
11 | FCcUWYVGF5cPrQMR/VNkapjuXMRbMB8GA1UdIwQYMBaAFCcUWYVGF5cPrQMR/VNk
12 | apjuXMRbMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALdP3pUX
13 | SkBo3xJ1m7KskL6Xtic9eDxu9aJKYUH4qw16Aoyj+tZm5R1UvyaEsHMG+hFOZRRp
14 | tArbOknL4RZG7Tx/ATTiSQl6ozmkZ8GRpKY6VsN5c6Y1e9sbdXeGgfitWMUkQQhD
15 | Ftqps2TM6IfJBdj4BhVGAjG45tUhOTfMjZliaNZexVyR6XjuhDHcDDpcdaFgDfDA
16 | uAYDDbfhO7MIKxplzrPcI7e9zDdb9mgB8UExNltxrH9w3J1cG4VpKxFtXYs5FO4d
17 | swXWTr2cY4sTT/bhVJET+YnHyyZgg+Ear4n7eujA9klUHEMwPy/QDCn8u/091yew
18 | NnOmSiP2A+dWQB4=
19 | -----END CERTIFICATE-----
20 | 


--------------------------------------------------------------------------------
/test/configs/certs/svid/client-a.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIID1DCCArygAwIBAgIUU+CvNNI2Hg/kyKWUkP+fw3bsFe4wDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA5MDYyMjMwMzZaGA8yMTI0MDgx
 4 | MzIyMzAzNlowgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL
 5 | TG9zIEFuZ2VsZXMxDTALBgNVBAoMBE5BVFMxDTALBgNVBAsMBE5BVFMxEjAQBgNV
 6 | BAMMCWxvY2FsaG9zdDEUMBIGCgmSJomT8ixkARkWBGZvbzExFDASBgoJkiaJk/Is
 7 | ZAEZFgRmb28yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLqkVfs1
 8 | MsFP4PEOc+ovpiccxwl4zNVzyrt4Jlh7U030W0LbxnRYOZlhy/K4LxJHmJCvsp+j
 9 | ZhhTz8/LyQy8lc8+9GEKYtUL9gMHtGx04MJQlwClJR3xGqQ4d9OvIRKJ89hafJ+u
10 | dgKzXaGihyQlGbSiH5tdHLPp1/nLor/ra3yVFWMT8q0Ibu5YVoTUcA1nnSN6XO9/
11 | NpsM3ksBX7dDItQMiuyYVTETOpXfdTF7iZSzXxyhHo67ppLenSD96O3CSRsVuCBY
12 | w7OIISCvXHeiTHmEF7PQXNN4SmswigliE6zz4s9AQ+23oqhVDXD4Dpc6r3gZ6rF8
13 | kSxIxIkPWvUMAwIDAQABo4GiMIGfMF0GA1UdEQRWMFSCCWxvY2FsaG9zdIILZXhh
14 | bXBsZS5jb22CD3d3dy5leGFtcGxlLmNvbYYpc3BpZmZlOi8vbG9jYWxob3N0L215
15 | LW5hdHMtc2VydmljZS91c2VyLWEwHQYDVR0OBBYEFDFDpnqTvAQQBUIBMzip3XCT
16 | FdsTMB8GA1UdIwQYMBaAFCcUWYVGF5cPrQMR/VNkapjuXMRbMA0GCSqGSIb3DQEB
17 | CwUAA4IBAQA8lg93kYHKkc4iF+mB8xHtyT1Pmy8CoxbDGy98cac1ny9s9K5kROTZ
18 | rE9p2FaC00jf5T/+si5diXa0EnIjWCk0uRlrW5PL85UbsqHJkWav7zCk7cDa9YrR
19 | nk4LMABf40RP3SOM4yxjjoVU13jFwIZ5M69Hce3CJ6ZkSoWRzWlKf6ECAbX/JIcJ
20 | u8wLBXbJaAvc1CQiZpiSWDvItg+sUn1dU1nmk2o1YmyBPN6uVF874f3Ihazb9wmJ
21 | dkWO48O+FaahjR6GzfjEx7w765ATqvTVYAgGZ55ps65VwfjcQbP1jYO4Sb3Aeeub
22 | yapE1595oBWoWdwtEeOTJrzSIEhkhyiC
23 | -----END CERTIFICATE-----
24 | 


--------------------------------------------------------------------------------
/test/configs/certs/svid/client-b.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDYjCCAkqgAwIBAgIUU+CvNNI2Hg/kyKWUkP+fw3bsFe8wDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA5MDYyMjMwMzZaGA8yMTI0MDgx
 4 | MzIyMzAzNlowHTELMAkGA1UEBhMCVVMxDjAMBgNVBAoMBVNQSVJFMIIBIjANBgkq
 5 | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2zple/6hsvtS/nIAWsJueZcUtsPEEK/
 6 | 5Wa6uJP6ZUAtlA0bxjw2iIoW72z/qX4gIH0olnf7PkIXa6Di/4JACaP4g/B2LvRT
 7 | fmOLz5ScqBILjSczskXu1PWJ1vhrHn8K+tD6Hoin1yuQfCeSmoUkEpGt4YFvsqeB
 8 | AswKqY6GxlKczaBVaENKPYAbLwVlTgidNoeZHMLCxUkm4Ye+hT4nnSh7QN1QI/r6
 9 | 4O62E+MB6ZkgHSWe7jb242weCb9+Xm055ZMsAXDyYt2BrVCPDvB0wz9SvJpU4rc7
10 | 6hxjA7Yk+jkCaX37iYTifj513eJzsCjfgADEPEcT8e5b+Z9qGJqtLwIDAQABo4Gi
11 | MIGfMF0GA1UdEQRWMFSCCWxvY2FsaG9zdIILZXhhbXBsZS5jb22CD3d3dy5leGFt
12 | cGxlLmNvbYYpc3BpZmZlOi8vbG9jYWxob3N0L215LW5hdHMtc2VydmljZS91c2Vy
13 | LWIwHQYDVR0OBBYEFAiaPOQsBb3+rAOlSevDy5kp7zCnMB8GA1UdIwQYMBaAFCcU
14 | WYVGF5cPrQMR/VNkapjuXMRbMA0GCSqGSIb3DQEBCwUAA4IBAQBq7BxhZMCTl6Xe
15 | i3GcPlOLp9JPP8bcyYZVB6nAf38eErpwYSPvp4I3IFU+KyZgtDIAb6Oy04BNV9eT
16 | BlpX300ZbylO/TLCrlMIJDYLIt5NciVe8IxsE//uLXFq5wZpcCcL9aQA2g0wW8hi
17 | pkK1dQd3W1ryR/LwKiy0fcZJw/EFskoqq6vPJATIFvH/O0OxdKP9T24YVGgLBzwj
18 | xzUqVlU0CuP0snx6x4F3Oha6kJGwc90RlXszh2ELhO+o4sk4wtfAlEYaM+H3kbAK
19 | lRe8FENyGprOjlxjy6N1noJW9Mgisx9kNcsCzW8auGY6l8Vs3wW3vO3n4ZUnq9qc
20 | t95/tstH
21 | -----END CERTIFICATE-----
22 | 


--------------------------------------------------------------------------------
/test/configs/certs/svid/server.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDLDCCAhSgAwIBAgIUU+CvNNI2Hg/kyKWUkP+fw3bsFe0wDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAgFw0yNDA5MDYyMjMwMzZaGA8yMTI0MDgx
 4 | MzIyMzAzNlowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
 5 | AAOCAQ8AMIIBCgKCAQEAppk6tXw7bDClVJHPY1m/yZTl1Nou7Obj8xE7pYK0EYRw
 6 | lhOoAAlt1WIUwnnEn+k8i2hXk5MFbKr/q7XjpXdIEcgPzXQjdH2NODhn6+3oN3Q8
 7 | ivqLxiJz9a4fulKzJdmPiMuZ/5cphTxZHRKKmio17+Z6RkEnL6702DfIRbusMNxH
 8 | TyN6wGMKJboxmnW17baay0SGb2ULmCN9CS8nQlbBTMH5tJZ3oBB7a/5cdlG8V3sn
 9 | /ZyDpXu1LDwHUe6EV6Jn+RQqF1Llmo790FvTWRDOBNDtkmx/0TtdjJpnlx9JsELr
10 | 62QL4BLXPGQzM5kWfgDsgl8aehezBPUqwaUKku5YzwIDAQABo3YwdDAyBgNVHREE
11 | KzApgglsb2NhbGhvc3SCC2V4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5jb20wHQYD
12 | VR0OBBYEFO2EJhb54LzOxx6W7lqphByWFT8pMB8GA1UdIwQYMBaAFCcUWYVGF5cP
13 | rQMR/VNkapjuXMRbMA0GCSqGSIb3DQEBCwUAA4IBAQA86URTSVJU6k6VjcnT9Fzh
14 | fnid+OV2NPoKzczw4pTc7aGjkZxtCD1ENlYhHlcni0ZFMIRtLiDARjwhBkVJ5S84
15 | 1NS5l4J86ymazkSFZ27m8y0UeSDuPxZJFA/yBAmt/BoKRNMAAmonepdx73JpbiGE
16 | yMD9RU5qI2E6BGo0B2khRYuY+POPFGPueVbqg3qR+LJPlxp8OIet9HGagEcUK7lG
17 | PeFNKSUCfmuHHD/QO/gmG4ZM9/qB7M3McYh4/+CIihEmhfVK9Odo6Fs0t5MQdcEo
18 | v6++7DlnpwRnmgC8GtEBMK5XJAILb6cI11TearTphFoP7xpvz0VHp3Gy9mA5cdwx
19 | -----END CERTIFICATE-----
20 | 


--------------------------------------------------------------------------------
/test/configs/certs/svid/svid-user-a.key:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgST6YP9hyfw/Vmoxo
3 | MFp6MJFZu4xaYK3OweYcANEFTkmhRANCAAQCY7xD5sWZDVSRmBu2l4sjJYzpGVqg
4 | d7M8I6LnFjkhkJFc0h9n8jPud8POip9BfXJyLBzmtW+CfZC84zlFSknN
5 | -----END PRIVATE KEY-----
6 | 


--------------------------------------------------------------------------------
/test/configs/certs/svid/svid-user-b.key:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEiQo4GXKbViodiF2
3 | LltOkXLauMoyKJu01c/FUoGpnXahRANCAASiSiVhimnedxcnXY1ffLWV6Ez9XIkq
4 | 3pXxtk6q6jvDfn3OPPjIB47OH4KCqNaMoIsKxwK/mtOEETb0/gFqeQWa
5 | -----END PRIVATE KEY-----
6 | 


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/ca.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDBTCCAe2gAwIBAgIUYm7HlYXiXY8u67v2vKjU5LUCHDUwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAeFw0yNDAyMDMyMTQ4MjRaFw0zNDAxMzEy
 4 | MTQ4MjRaMBIxEDAOBgNVBAMMB05BVFMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
 5 | DwAwggEKAoIBAQC9GEoJ84UWZTsnovuz3StEtri3NdKlOqzNCGvurd3rZgop/jZB
 6 | RtJXQz9ZxdKx1ARpDV1m3CrQe63UbBRXJxA2XGfmBQ/BPo3IPEXJOsNEs9x5RsSL
 7 | RiJ2re7jbWKeQv/ucQPdmLJumAp+TGAzdOM/AnDaVTSLPoARp/Va8Frs7iFfPpuJ
 8 | tObvux4qnb/hxS2z39MWjyeM0dVOmjGwx9opxcE0hNI5ZutkoNxpmRayZqJSe85V
 9 | BSPGsuBwgncvA2GWTNIGFfN2oxQhSuI8yM7+l/0+BHFWfm2G7/09tWDvFnWTSpTQ
10 | VISM3+6Wh91c6qSd0wsIb8q6jADAD6H8yhT/AgMBAAGjUzBRMB0GA1UdDgQWBBQk
11 | vMZGyNfVHU3oTUASSfYiT4arNTAfBgNVHSMEGDAWgBQkvMZGyNfVHU3oTUASSfYi
12 | T4arNTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBxN8yaacok
13 | 1lyg7eTEv7/Sn4VGkfbuWm9ZQ3DPLKJhbe7uVxNChRrR8nKshwlGv1Wa8i0c0lJ3
14 | O+Uw24gjfhl/8zhFyxh4ijllj6/FVBNqsTvnGQqtKJP4h8kScUIH21mQ6JQAvh4e
15 | RY1sjPwZp+6vvogSrgQQ32jBaa8vfzcL2wECvnT1YqePVZYuRqEBjIvyG0ALlmE9
16 | DqZ8gH+W8E5IVulLVJxnYArCT1dW5AyM2fBETLB3PAWvSBkaCBl6QR+hLuyeR4vT
17 | m6Qx9EKr8MgIpiH7psnx8C9eF5j5HiwHfhwAdWD9W2tRzTxSZP2LJ9E+qjaohdLf
18 | 6NYxXL8AHa17
19 | -----END CERTIFICATE-----
20 | 


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/ca.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nats-io/nats-server/887d92857e6ce58f5c32501e8460405a1f218b56/test/configs/certs/tlsauth/certstore/ca.p12


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/client.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nats-io/nats-server/887d92857e6ce58f5c32501e8460405a1f218b56/test/configs/certs/tlsauth/certstore/client.p12


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/delete-cert-from-store.ps1:
--------------------------------------------------------------------------------
1 | $issuer="NATS CA"
2 | Get-ChildItem Cert:\CurrentUser\My | Where-Object {$_.Issuer -match $issuer} | Remove-Item
3 | Get-ChildItem Cert:\CurrentUser\CA| Where-Object {$_.Issuer -match $issuer} | Remove-Item
4 | Get-ChildItem Cert:\CurrentUser\AuthRoot | Where-Object {$_.Issuer -match $issuer} | Remove-Item
5 | Get-ChildItem Cert:\CurrentUser\Root | Where-Object {$_.Issuer -match $issuer} | Remove-Item
6 | 


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/ecdsa_server.key:
--------------------------------------------------------------------------------
1 | -----BEGIN PRIVATE KEY-----
2 | MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAfrq5ri+W7sYQp/6xc
3 | lH6YbTy43dnnrKUbbdlzsDn4DPzO1k15LVXx8EPK+7vuh5uhZANiAAR6V4nqBt3k
4 | ZfO9H664fPB8PkuDhphBfzxbSFFcr2DXj11g0ZV56Yjnh3RMC4Lud29ofpTQd8IP
5 | 9bspEvjnBvOw60tH9WiquWqxLgSREUZVLEMD1dZ3JSVUfDCI2zzf00s=
6 | -----END PRIVATE KEY-----
7 | 


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/ecdsa_server.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIB2jCCAWCgAwIBAgIUKRYMoky98mN3mpyL6PMIY8/d2OswCgYIKoZIzj0EAwMw
 3 | FjEUMBIGA1UEAwwLbmF0cy1zZXJ2ZXIwHhcNMjUwMjA3MTgxNDM5WhcNMzUwMjA1
 4 | MTgxNDM5WjAWMRQwEgYDVQQDDAtuYXRzLXNlcnZlcjB2MBAGByqGSM49AgEGBSuB
 5 | BAAiA2IABHpXieoG3eRl870frrh88Hw+S4OGmEF/PFtIUVyvYNePXWDRlXnpiOeH
 6 | dEwLgu53b2h+lNB3wg/1uykS+OcG87DrS0f1aKq5arEuBJERRlUsQwPV1nclJVR8
 7 | MIjbPN/TS6NvMG0wHQYDVR0OBBYEFHbcfCfGs+l2bVg22WLTdV10AnpTMB8GA1Ud
 8 | IwQYMBaAFHbcfCfGs+l2bVg22WLTdV10AnpTMA8GA1UdEwEB/wQFMAMBAf8wGgYD
 9 | VR0RBBMwEYcEfwAAAYIJbG9jYWxob3N0MAoGCCqGSM49BAMDA2gAMGUCMQDhzRyw
10 | Q+m2fMFyqIgFc890jLIzh2bGqlmdkUpb+/Z/y9zKZQPSG5xhXp7A/FhvM24CMHVW
11 | ZIWBCJJRhw/L3s73QHX1d+M6mNqES16cnnht6j9DF1AddIipcsnBcpo4s7K/Xg==
12 | -----END CERTIFICATE-----
13 | 


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/ecdsa_server.pfx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nats-io/nats-server/887d92857e6ce58f5c32501e8460405a1f218b56/test/configs/certs/tlsauth/certstore/ecdsa_server.pfx


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/expired.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nats-io/nats-server/887d92857e6ce58f5c32501e8460405a1f218b56/test/configs/certs/tlsauth/certstore/expired.p12


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/generate_ecdsa_test_cert.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | set -eou pipefail
 4 | 
 5 | SCRIPT_ROOT="$(cd -P "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"
 6 | 
 7 | cert_file_prefix="${SCRIPT_ROOT}/ecdsa_server"
 8 | export_password="s3cr3t"
 9 | 
10 | openssl req -x509 \
11 |   -days 3650 \
12 |   -newkey ec \
13 |   -pkeyopt ec_paramgen_curve:secp384r1 \
14 |   -sha384 \
15 |   -subj "/CN=nats-server" \
16 |   --addext "subjectAltName=IP:127.0.0.1,DNS:localhost" \
17 |   -nodes \
18 |   -out "${cert_file_prefix}.pem" \
19 |   -keyout "${cert_file_prefix}.key" \
20 |   -outform PEM >/dev/null 2>&1
21 | 
22 | openssl pkcs12 \
23 |   -inkey "${cert_file_prefix}.key" \
24 |   -in "${cert_file_prefix}.pem" \
25 |   -export \
26 |   -password "pass:${export_password}" \
27 |   -out "${cert_file_prefix}.pfx" >/dev/null 2>&1
28 | 


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/import-p12-ca.ps1:
--------------------------------------------------------------------------------
1 | $fileLocale = $PSScriptRoot + "\ca.p12"
2 | $Pass = ConvertTo-SecureString -String 's3cr3t' -Force -AsPlainText
3 | $User = "whatever"
4 | $Cred = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $User, $Pass
5 | Import-PfxCertificate -FilePath $filelocale -CertStoreLocation Cert:\CurrentUser\My -Password $Cred.Password
6 | #Import-PfxCertificate -FilePath $filelocale -CertStoreLocation Cert:\LocalMachine\Root -Password $Cred.Password
7 | # TODO?  Move to trusted enterprise?  Requires some fingerprint parsing.


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/import-p12-client.ps1:
--------------------------------------------------------------------------------
1 | $fileLocale = $PSScriptRoot + "\client.p12"
2 | $Pass = ConvertTo-SecureString -String 's3cr3t' -Force -AsPlainText
3 | $User = "whatever"
4 | $Cred = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $User, $Pass
5 | Import-PfxCertificate -FilePath $filelocale -CertStoreLocation Cert:\CurrentUser\My -Password $Cred.Password


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/import-p12-server.ps1:
--------------------------------------------------------------------------------
1 | $file=$args[0]
2 | if (!$file) { $file="server.p12 "}
3 | $fileLocale = $PSScriptRoot + "\" + $file
4 | echo "Installing certificate $fileLocale"
5 | $Pass = ConvertTo-SecureString -String 's3cr3t' -Force -AsPlainText
6 | $User = "whatever"
7 | $Cred = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $User, $Pass
8 | Import-PfxCertificate -FilePath $filelocale -CertStoreLocation Cert:\CurrentUser\My -Password $Cred.Password


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/not-expired.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nats-io/nats-server/887d92857e6ce58f5c32501e8460405a1f218b56/test/configs/certs/tlsauth/certstore/not-expired.p12


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/pkcs12.md:
--------------------------------------------------------------------------------
 1 | # PKCS12 Files
 2 | 
 3 | Refresh PKCS12 files when test certificates and keys (PEM files) are refreshed (e.g. expiry workflow)
 4 | 
 5 | - `client.p12` is a p12/pfx packaging of `client.pem` and `client-key.pem`
 6 | 
 7 | `openssl pkcs12 -export -inkey ./client-key.pem -in ./client.pem -out client.p12`
 8 | 
 9 | To add the CA, use the following:
10 | 
11 | `openssl pkcs12 -export -nokeys -in ..\ca.pem -out ca.p12`
12 | 
13 | > Note: set the PKCS12 bundle password to `s3cr3t` as required by provisioning scripts
14 | 
15 | ## Cert Store Provisioning Scripts
16 | 
17 | Windows cert store supports p12/pfx bundle for certificate-with-key import.  Windows cert store tests will execute 
18 | a Powershell script to import relevant PKCS12 bundle into the Windows store before the test. Equivalent to:
19 | 
20 | `powershell.exe -command "& '..\test\configs\certs\tlsauth\certstore\import-<client,server>-p12.ps1'"`
21 | 
22 | The `delete-cert-from-store.ps1` script deletes imported certificates from the Windows store (if present) that can
23 | cause side-effects and impact the validity of different use tests.
24 | 
25 | > Note: Tests are configured for "current user" store context. Execute tests with appropriate Windows permissions
26 | > (e.g. as Admin) if adding tests with "local machine" store context specified.


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/certstore/server.p12:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nats-io/nats-server/887d92857e6ce58f5c32501e8460405a1f218b56/test/configs/certs/tlsauth/certstore/server.p12


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/client.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDPjCCAiagAwIBAgIUTKhkrEgzI82ef4hYCjeQsZ2FipYwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAeFw0yNDAyMDMyMTQ5MzRaFw0zNDAxMzEy
 4 | MTQ5MzRaMCgxEDAOBgNVBAsMB05BVFMuaW8xFDASBgNVBAMMC2V4YW1wbGUuY29t
 5 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowGnoyecKsLLLe0+9S0A
 6 | nbG0aXLWVNmW0yDmpRLxzYpJHQdoCKsZZrMMSExVbTadiL1YXHeCmjRnbmuLlHOw
 7 | Ynxul8BbZsOeEj05WxbWW69cuJoxevlpt7VdF5zLTNfML5EZu8G2BuX8/AX1peLW
 8 | wgxfJZ7gt2BxcFSbLfqNR6GeGDbrQxSajF5B7sRD7COT5kt1xx6bbT0Bq7yp6GEd
 9 | MtAn+Mtywn0AkPmxXtiUt9+VpictilZvnaTfi9gEjvFb1f2E5bUsvH+B0Nw3f1Y2
10 | ba4uwDT+tV668eDiUuiEZD6N7sWkd9OqCshfWuIq19SmPlYtYKWDl/X6HJlbpglg
11 | qwIDAQABo3YwdDAyBgNVHREEKzApgglsb2NhbGhvc3SCC2V4YW1wbGUuY29tgg93
12 | d3cuZXhhbXBsZS5jb20wHQYDVR0OBBYEFA5GJsoT3uf5GCyL5KSFoyEuRVltMB8G
13 | A1UdIwQYMBaAFCS8xkbI19UdTehNQBJJ9iJPhqs1MA0GCSqGSIb3DQEBCwUAA4IB
14 | AQAmBOQOp3CR5/P27RUonsgf5MCzblt6tBPJBMiZwB8sJyl9fXCTkzdqD0rJQb7q
15 | 5s7p00rUXdeh13oRjFcoFuopMDCk3kBYnKJHXRREJNLHfp6CPUMKlg0GJUZ6v04A
16 | V7gVuhvmynHrmlbibMwbgZtZMnRU3x8JjawEUsEhoj3O2Qfen3sNfaOBlnwVUCBQ
17 | ygSHQ0Pto1kQS+1Pc5DCwnOZ/qh5lORPdO1MNKqeu8HiiSJfuaCrQQM9zm72CHHY
18 | F755qy8OvWjwK0H9rCFBYSrAnYk/pTvXIeBsgNRlURS/qv1rqIEvAbXhRnw7oyvl
19 | P4bYY4pcpk32Ir2mFQFRQnSh
20 | -----END CERTIFICATE-----
21 | 


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/client2.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDOzCCAiOgAwIBAgIUTKhkrEgzI82ef4hYCjeQsZ2FipcwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAeFw0yNDAyMDMyMTUwMzlaFw0zNDAxMzEy
 4 | MTUwMzlaMCUxDTALBgNVBAsMBENOQ0YxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIB
 5 | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLB7CGHcRrfMLHqMRkELOCvg
 6 | H7858LlvkG58fnhk0vjkmi6i/bvNSXV8YXngFbFY0bc+aj91/Vbu+YEkFPgFYRae
 7 | vPVTUeNb2jrCr19nc1QmlghML+ugnpAKKfPb8gen5teLkq/SLrIsR7ur347s3thW
 8 | ROcXMOZkmDMrKik2zOAzI1xSVxYOZsNWAvc5Id8wllGXZonWn8DgejIiZFWbAEIw
 9 | MHOaGg+CP7mwnZlq/AjmG28FJd9pPrdHkH4/XL3ePke7gWFTVrtQTYNEajWWZSDO
10 | BFaJ3NSfnje6BqOe4y68H+IwjpHINsHel+tgrrkB4cHXUHpOChrYTCVCB+0PUwID
11 | AQABo3YwdDAyBgNVHREEKzApgglsb2NhbGhvc3SCC2V4YW1wbGUuY29tgg93d3cu
12 | ZXhhbXBsZS5jb20wHQYDVR0OBBYEFEbKWjY1gwvxJusV+M5wUn+7MKR5MB8GA1Ud
13 | IwQYMBaAFCS8xkbI19UdTehNQBJJ9iJPhqs1MA0GCSqGSIb3DQEBCwUAA4IBAQAo
14 | 873zVMG6tfoPRUZ/kEJcPEIaLmaolALyLEx3sZHe/B8hszuuMecBEfa02HwTSlzq
15 | fKrkME95LGE9D+4hxyPEqPTqruESShUvBFQIoTQxePAhhUG9icF4gqUpYvRHXMiR
16 | xIyfH3/KojDlBXRfDOaoXEXshiXfcYqbeh2qFdaoN24Vyh6lkNa2K3SUDAtKVFiF
17 | jjBtNXuH/IJ3EWbs5AOOy98QtBMlT7kmummJVeaRR4QUfnzFrlj5nMSIopoxDm4N
18 | QeoQSC+63fce6ZJLGQqEFQNR6howBcDQ/8fMR/oLsJ1Hr9VshIsu3kGTk4RUqHI9
19 | ipGt1UTvVf/uMUzA3yoC
20 | -----END CERTIFICATE-----
21 | 


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/server-no-ou.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDKjCCAhKgAwIBAgIUTKhkrEgzI82ef4hYCjeQsZ2FipUwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAeFw0yNDAyMDMyMTQ4MzJaFw0zNDAxMzEy
 4 | MTQ4MzJaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQAD
 5 | ggEPADCCAQoCggEBAN6k+Hi1ZjDrqk8YISCljMFNbfr+ztxGey6qGSJSiVzlEH/8
 6 | lhpHP+xsiVju0zxnbWeaNTQhe+Uo9S37paKe/tWoNTtLWA6yycg9tWFcYJvh8Lck
 7 | aNDaoP+k7lZ+hSHzJimH20WDTv7MzJBeAmITwmCUoJ4PuSOdrT+WSTrd11A/Sels
 8 | fn3jegy8cOPtSMnIF0TydZfUtdYCZglbHKbowN+NZNWfLPCqbx+SX8Een1+H3w1/
 9 | 1Tr+CmrRyRFQcvimuEzDQKGEFWOQFDwKteunzZNBlt4U+be5ZNXfF/ludt47zt2C
10 | Jc/jvK+pUVJAjZwXKjYnMSrotUB5U9N0rMQ1fIUCAwEAAaN2MHQwMgYDVR0RBCsw
11 | KYIJbG9jYWxob3N0ggtleGFtcGxlLmNvbYIPd3d3LmV4YW1wbGUuY29tMB0GA1Ud
12 | DgQWBBS/WuyC1fvhLL8rnKIXWFdQFnGpozAfBgNVHSMEGDAWgBQkvMZGyNfVHU3o
13 | TUASSfYiT4arNTANBgkqhkiG9w0BAQsFAAOCAQEAVgdcRJgo95MEDgEACekziOHn
14 | n86DdgNin4FDkL7Y2sBDrpej4B0jKPm2H/M4qdB2Z17Ru2TdcXOyk/sMc395GHsN
15 | BAdKuAcysvQ+USR3UXasJmC/CvoKGBOmFf9/Jor8U4Rs01bkXSd6pW8ytT3kyMak
16 | 3r5tNugzRxpJvVDgjHlUkfhBoLeeCr+k1cN1OvR4cFhY6vxqS6GBdopFGC3DlnTL
17 | LPetNhQCd+r2mH1RT/56aLLRawy76GkBEZm/+mg+mYjxN3J1hWibouF4ccutvxtt
18 | h2/4PJNsXv5yt4wibazFixJ843KPdfw6pafXbYZsvvgNfvLrpp8beCUwHEYq+w==
19 | -----END CERTIFICATE-----
20 | 


--------------------------------------------------------------------------------
/test/configs/certs/tlsauth/server.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIDRjCCAi6gAwIBAgIUTKhkrEgzI82ef4hYCjeQsZ2FipgwDQYJKoZIhvcNAQEL
 3 | BQAwEjEQMA4GA1UEAwwHTkFUUyBDQTAeFw0yNDAyMDMyMjA0NTdaFw0zNDAxMzEy
 4 | MjA0NTdaMDAxGjAYBgNVBAsMEU5BVFMuaW8gT3BlcmF0b3JzMRIwEAYDVQQDDAls
 5 | b2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAgrLiRyYc
 6 | P54+AlElXoMjhOMg+VZjkVnC4CVXk+3jmKqAzI6bum9QHBnSdN/ULaPFU4Vgoqt1
 7 | Puv8J9snNlSSE4CcgCCmWihFIwSpIaXW/GWCZVvCQDn3QxAZt48vTtEI27tMsRTC
 8 | k/tVkuShJ7OxrJyXcntBWbS+TeSOMVIF/v6lqWGjaDauPK0cpesa/qLElaHNlIV0
 9 | +pM+5b3LIcEpuaECVwu5n5c9m/qdX7ZyPF2x8Z2I0zO5nLyFxb3WolPjok/qnZbh
10 | C/GpOX459F6yCVBmjkakaJocV1Ue7V0dFB7u3aYW0dwa+7Zb0613ZHMWKfAOzJKO
11 | iZC5xYXBxO4DAgMBAAGjdjB0MDIGA1UdEQQrMCmCCWxvY2FsaG9zdIILZXhhbXBs
12 | ZS5jb22CD3d3dy5leGFtcGxlLmNvbTAdBgNVHQ4EFgQUcpTmScu/KZHhs0KbdxtN
13 | GXndXBEwHwYDVR0jBBgwFoAUJLzGRsjX1R1N6E1AEkn2Ik+GqzUwDQYJKoZIhvcN
14 | AQELBQADggEBAKdqG82z3JBim/hiGf4LZT90ZHhw7ngPT9HUV4jYRIk0ngJ37ogK
15 | KCYW0UBCkugdf0elxcggjAsJZGlz+hW2j8MynEqJ9UU7jPPp4AKJqZHy5x49Y1iL
16 | kFlJE5a3LFJUaVG4JeYMqTL2zDtoj+hk7QPPoz88moDUbOHg3HccObHlISelVPON
17 | K/kvnJ2NfXImYkh7MusRxVuB4LcRRi5rwT0pOdtSPBCeSH96BOeCHTriPHGecgc4
18 | 71tgSaELXPM1YnaM2WmXoGU1MZ7Dx6c2q97FI+SWgKfm7B1GQGyAghgKxlRyhfNj
19 | UvCrbaZDInrMWpMo3+upIBWpHzfmJVvUcYI=
20 | -----END CERTIFICATE-----
21 | 


--------------------------------------------------------------------------------
/test/configs/cluster.conf:
--------------------------------------------------------------------------------
 1 | # Cluster config file
 2 | 
 3 | listen: 127.0.0.1:5242
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:5244
 7 |   name: xyz
 8 | 
 9 |   authorization {
10 |     user: route_user
11 |     password: top_secret
12 |     timeout: 0.5
13 |   }
14 | 
15 |   # Routes are actively solicited and connected to from this server.
16 |   # Other servers can connect to us if they supply the correct credentials
17 |   # in their routes definitions from above.
18 | 
19 |   routes = [
20 |     nats-route://foo:bar@127.0.0.1:5245
21 |     nats-route://foo:bar@127.0.0.1:5246
22 |   ]
23 | }
24 | 
25 | no_sys_acc: true
26 | 


--------------------------------------------------------------------------------
/test/configs/jetstream/restore_bad_stream/backup.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "config": {
 3 |     "name": "TEST",
 4 |     "subjects": [
 5 |       "foo"
 6 |     ],
 7 |     "retention": "limits",
 8 |     "max_consumers": -1,
 9 |     "max_msgs_per_subject": -1,
10 |     "max_msgs": -1,
11 |     "max_bytes": -1,
12 |     "max_age": 0,
13 |     "max_msg_size": -1,
14 |     "storage": "file",
15 |     "discard": "old",
16 |     "num_replicas": 1,
17 |     "duplicate_window": 120000000000,
18 |     "sealed": false,
19 |     "deny_delete": false,
20 |     "deny_purge": false,
21 |     "allow_rollup_hdrs": false
22 |   },
23 |   "state": {
24 |     "messages": 10,
25 |     "bytes": 381,
26 |     "first_seq": 1,
27 |     "first_ts": "2022-03-07T23:59:01.710801Z",
28 |     "last_seq": 10,
29 |     "last_ts": "2022-03-07T23:59:01.712378Z",
30 |     "num_subjects": 1,
31 |     "consumer_count": 1
32 |   }
33 | }


--------------------------------------------------------------------------------
/test/configs/jetstream/restore_bad_stream/stream.tar.s2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nats-io/nats-server/887d92857e6ce58f5c32501e8460405a1f218b56/test/configs/jetstream/restore_bad_stream/stream.tar.s2


--------------------------------------------------------------------------------
/test/configs/jetstream/restore_empty_R1F_stream/backup.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "config": {
 3 |     "name": "STREAM",
 4 |     "subjects": [
 5 |       "stream"
 6 |     ],
 7 |     "retention": "limits",
 8 |     "max_consumers": -1,
 9 |     "max_msgs_per_subject": -1,
10 |     "max_msgs": -1,
11 |     "max_bytes": -1,
12 |     "max_age": 0,
13 |     "max_msg_size": -1,
14 |     "storage": "file",
15 |     "discard": "old",
16 |     "num_replicas": 1,
17 |     "duplicate_window": 120000000000,
18 |     "sealed": false,
19 |     "deny_delete": false,
20 |     "deny_purge": false,
21 |     "allow_rollup_hdrs": false,
22 |     "allow_direct": true,
23 |     "mirror_direct": false,
24 |     "consumer_limits": {}
25 |   },
26 |   "state": {
27 |     "messages": 0,
28 |     "bytes": 0,
29 |     "first_seq": 0,
30 |     "first_ts": "0001-01-01T00:00:00Z",
31 |     "last_seq": 0,
32 |     "last_ts": "0001-01-01T00:00:00Z",
33 |     "consumer_count": 0
34 |   }
35 | }


--------------------------------------------------------------------------------
/test/configs/jetstream/restore_empty_R1F_stream/stream.tar.s2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nats-io/nats-server/887d92857e6ce58f5c32501e8460405a1f218b56/test/configs/jetstream/restore_empty_R1F_stream/stream.tar.s2


--------------------------------------------------------------------------------
/test/configs/jetstream/restore_empty_R3F_stream/backup.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "config": {
 3 |     "name": "STREAM",
 4 |     "subjects": [
 5 |       "stream"
 6 |     ],
 7 |     "retention": "limits",
 8 |     "max_consumers": -1,
 9 |     "max_msgs_per_subject": -1,
10 |     "max_msgs": -1,
11 |     "max_bytes": -1,
12 |     "max_age": 0,
13 |     "max_msg_size": -1,
14 |     "storage": "file",
15 |     "discard": "old",
16 |     "num_replicas": 3,
17 |     "duplicate_window": 120000000000,
18 |     "sealed": false,
19 |     "deny_delete": false,
20 |     "deny_purge": false,
21 |     "allow_rollup_hdrs": false,
22 |     "allow_direct": true,
23 |     "mirror_direct": false,
24 |     "consumer_limits": {}
25 |   },
26 |   "state": {
27 |     "messages": 0,
28 |     "bytes": 0,
29 |     "first_seq": 0,
30 |     "first_ts": "0001-01-01T00:00:00Z",
31 |     "last_seq": 0,
32 |     "last_ts": "0001-01-01T00:00:00Z",
33 |     "consumer_count": 0
34 |   }
35 | }


--------------------------------------------------------------------------------
/test/configs/jetstream/restore_empty_R3F_stream/stream.tar.s2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/nats-io/nats-server/887d92857e6ce58f5c32501e8460405a1f218b56/test/configs/jetstream/restore_empty_R3F_stream/stream.tar.s2


--------------------------------------------------------------------------------
/test/configs/multi_accounts.conf:
--------------------------------------------------------------------------------
 1 | listen: 127.0.0.1:4033
 2 | http: 127.0.0.1:8033
 3 | 
 4 | password = "s3cr3t!"
 5 | 
 6 | accounts: {
 7 |    engineering: {
 8 |       users = [
 9 |         {user: alice, password: $password}
10 |         {user: bob,   password: $password}
11 |       ]
12 |     }
13 | 
14 |     legal: {
15 |       users = [
16 |         {user: john,  password: $password}
17 |         {user: mary,  password: $password}
18 |       ]
19 |     }
20 | 
21 |     finance: {
22 |       users = [
23 |         {user: peter, password: $password}
24 |         {user: paul,  password: $password}
25 |       ]
26 |     }
27 | }
28 | 
29 | no_sys_acc: true
30 | 


--------------------------------------------------------------------------------
/test/configs/multi_user.conf:
--------------------------------------------------------------------------------
 1 | listen: 127.0.0.1:4233
 2 | http: 127.0.0.1:8233
 3 | 
 4 | authorization {
 5 |     users = [
 6 |       {user: alice, password: foo}
 7 |       {user: bob,   password: bar}
 8 |     ]
 9 | }
10 | 


--------------------------------------------------------------------------------
/test/configs/new_cluster.conf:
--------------------------------------------------------------------------------
 1 | # New Cluster config file
 2 | 
 3 | listen: 127.0.0.1:5343
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:5344
 7 |   name: xyz
 8 | 
 9 |   # Routes are actively solicited and connected to from this server.
10 |   # Other servers can connect to us if they supply the correct credentials
11 |   # in their routes definitions from above.
12 | 
13 |   routes = [
14 |     nats-route://127.0.0.1:5345
15 |     nats-route://127.0.0.1:5346
16 |   ]
17 | }
18 | 
19 | no_sys_acc: true
20 | 


--------------------------------------------------------------------------------
/test/configs/nkeys/op.jwt:
--------------------------------------------------------------------------------
1 | -----BEGIN TEST OPERATOR JWT-----
2 | eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJhdWQiOiJURVNUUyIsImV4cCI6MTg1OTEyMTI3NSwianRpIjoiWE5MWjZYWVBIVE1ESlFSTlFPSFVPSlFHV0NVN01JNVc1SlhDWk5YQllVS0VRVzY3STI1USIsImlhdCI6MTU0Mzc2MTI3NSwiaXNzIjoiT0NBVDMzTVRWVTJWVU9JTUdOR1VOWEo2NkFIMlJMU0RBRjNNVUJDWUFZNVFNSUw2NU5RTTZYUUciLCJuYW1lIjoiU3luYWRpYSBDb21tdW5pY2F0aW9ucyBJbmMuIiwibmJmIjoxNTQzNzYxMjc1LCJzdWIiOiJPQ0FUMzNNVFZVMlZVT0lNR05HVU5YSjY2QUgyUkxTREFGM01VQkNZQVk1UU1JTDY1TlFNNlhRRyIsInR5cGUiOiJvcGVyYXRvciIsIm5hdHMiOnsic2lnbmluZ19rZXlzIjpbIk9EU0tSN01ZRlFaNU1NQUo2RlBNRUVUQ1RFM1JJSE9GTFRZUEpSTUFWVk40T0xWMllZQU1IQ0FDIiwiT0RTS0FDU1JCV1A1MzdEWkRSVko2NTdKT0lHT1BPUTZLRzdUNEhONk9LNEY2SUVDR1hEQUhOUDIiLCJPRFNLSTM2TFpCNDRPWTVJVkNSNlA1MkZaSlpZTVlXWlZXTlVEVExFWjVUSzJQTjNPRU1SVEFCUiJdfX0.hyfz6E39BMUh0GLzovFfk3wT4OfualftjdJ_eYkLfPvu5tZubYQ_Pn9oFYGCV_6yKy3KMGhWGUCyCdHaPhalBw
3 | ------END TEST OPERATOR JWT------


--------------------------------------------------------------------------------
/test/configs/nkeys/sigkeys.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | ########################################################
 3 | #                     TESTS ONLY                       #
 4 | ########################################################
 5 | 
 6 | # These are the public signing keys
 7 | 
 8 | -----BEGIN SIGNING KEYS-----
 9 | ODSKR7MYFQZ5MMAJ6FPMEETCTE3RIHOFLTYPJRMAVVN4OLV2YYAMHCAC
10 | ODSKACSRBWP537DZDRVJ657JOIGOPOQ6KG7T4HN6OK4F6IECGXDAHNP2
11 | ODSKI36LZB44OY5IVCR6P52FZJZYMYWZVWNUDTLEZ5TK2PN3OEMRTABR
12 | ------END SIGNING KEYS------
13 | 
14 | # These are the seeds.
15 | 
16 | ----BEGIN SIGNING SEEDS-----
17 | SOAO7RDW6CLJORHHBS4DPYYIIIAASEIUJ5WWS5FMWLNTFHUCKQ5CAC45AA
18 | SOAEL3NFOTU6YK3DBTEKQYZ2C5IWSVZWWZCQDASBUOHJKBFLVANK27JMMQ
19 | SOACSMP662P2BZDKVF6WCB6FIQYORADDWWWEAI55QY24CQRTY4METUING4
20 | ------END SIGING SEEDS------
21 | 


--------------------------------------------------------------------------------
/test/configs/nkeys/test.seed:
--------------------------------------------------------------------------------
1 | ########################################################
2 | #                     TESTS ONLY                       #
3 | ########################################################
4 | 
5 | -----BEGIN TEST OPERATOR SEED-----
6 | SOAFYNORQLQFJYBYNUGC5D7SH2MXMUX5BFEWWGHN3EK4VGG5TPT5DZP7QU
7 | ------END TEST OPERATOR SEED------
8 | 


--------------------------------------------------------------------------------
/test/configs/operator.conf:
--------------------------------------------------------------------------------
 1 | # Server that loads an operator JWT
 2 | 
 3 | listen: 127.0.0.1:22222
 4 | 
 5 | # Can be an array of filenames as well.
 6 | # Key can be operator, operators, roots, root, root_operators, root_operator
 7 | 
 8 | operator = "./configs/nkeys/op.jwt"
 9 | 
10 | # This is for account resolution.
11 | # Can be MEMORY (Testing) or can be URL(url).
12 | # The resolver will append the account name to url for retrieval.
13 | # E.g.
14 | # resolver = URL("https://api.synadia.com/ngs/v1/accounts/jwt")
15 | #
16 | resolver = MEMORY
17 | 


--------------------------------------------------------------------------------
/test/configs/operator_inline.conf:
--------------------------------------------------------------------------------
 1 | # Server that loads an operator JWT
 2 | 
 3 | listen: 127.0.0.1:22222
 4 | 
 5 | # This example is a single inline JWT.
 6 | operator = "eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJhdWQiOiJURVNUUyIsImV4cCI6MTg1OTEyMTI3NSwianRpIjoiWE5MWjZYWVBIVE1ESlFSTlFPSFVPSlFHV0NVN01JNVc1SlhDWk5YQllVS0VRVzY3STI1USIsImlhdCI6MTU0Mzc2MTI3NSwiaXNzIjoiT0NBVDMzTVRWVTJWVU9JTUdOR1VOWEo2NkFIMlJMU0RBRjNNVUJDWUFZNVFNSUw2NU5RTTZYUUciLCJuYW1lIjoiU3luYWRpYSBDb21tdW5pY2F0aW9ucyBJbmMuIiwibmJmIjoxNTQzNzYxMjc1LCJzdWIiOiJPQ0FUMzNNVFZVMlZVT0lNR05HVU5YSjY2QUgyUkxTREFGM01VQkNZQVk1UU1JTDY1TlFNNlhRRyIsInR5cGUiOiJvcGVyYXRvciIsIm5hdHMiOnsic2lnbmluZ19rZXlzIjpbIk9EU0tSN01ZRlFaNU1NQUo2RlBNRUVUQ1RFM1JJSE9GTFRZUEpSTUFWVk40T0xWMllZQU1IQ0FDIiwiT0RTS0FDU1JCV1A1MzdEWkRSVko2NTdKT0lHT1BPUTZLRzdUNEhONk9LNEY2SUVDR1hEQUhOUDIiLCJPRFNLSTM2TFpCNDRPWTVJVkNSNlA1MkZaSlpZTVlXWlZXTlVEVExFWjVUSzJQTjNPRU1SVEFCUiJdfX0.hyfz6E39BMUh0GLzovFfk3wT4OfualftjdJ_eYkLfPvu5tZubYQ_Pn9oFYGCV_6yKy3KMGhWGUCyCdHaPhalBw"
 7 | 
 8 | # This is for account resolution.
 9 | # Can be MEMORY (Testing) or can be URL(url).
10 | # The resolver will append the account name to url for retrieval.
11 | # E.g.
12 | # resolver = URL("https://api.synadia.com/ngs/v1/accounts/jwt")
13 | #
14 | resolver = MEMORY
15 | 


--------------------------------------------------------------------------------
/test/configs/override.conf:
--------------------------------------------------------------------------------
1 | # Config file to test overrides to client
2 | 
3 | listen: 127.0.0.1:5224
4 | 
5 | # maximum payload
6 | max_payload: 2222
7 | 


--------------------------------------------------------------------------------
/test/configs/resolver_preload.conf:
--------------------------------------------------------------------------------
 1 | # Server that loads an operator JWT
 2 | 
 3 | listen: 127.0.0.1:22222
 4 | 
 5 | # Can be an array of filenames as well.
 6 | # Key can be operator, operators, roots, root, root_operators, root_operator
 7 | 
 8 | operator = "./configs/nkeys/op.jwt"
 9 | 
10 | system_account = "AD2VB6C25DQPEUUQ7KJBUFX2J4ZNVBPOHSCBISC7VFZXVWXZA7VASQZG"
11 | 
12 | # This is for account resolution.
13 | # Can be MEMORY (Testing) or can be URL(url).
14 | # The resolver will append the account name to url for retrieval.
15 | # E.g.
16 | # resolver = URL("https://api.synadia.com/ngs/v1/accounts/jwt")
17 | #
18 | resolver = MEMORY
19 | 
20 | # This is a map that can preload keys:jwts into a memory resolver.
21 | resolver_preload = {
22 |     AD2VB6C25DQPEUUQ7KJBUFX2J4ZNVBPOHSCBISC7VFZXVWXZA7VASQZG : "eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJDSzU1UERKSUlTWU5QWkhLSUpMVURVVTdJT1dINlM3UkE0RUc2TTVGVUQzUEdGQ1RWWlJRIiwiaWF0IjoxNTQzOTU4NjU4LCJpc3MiOiJPQ0FUMzNNVFZVMlZVT0lNR05HVU5YSjY2QUgyUkxTREFGM01VQkNZQVk1UU1JTDY1TlFNNlhRRyIsInN1YiI6IkFEMlZCNkMyNURRUEVVVVE3S0pCVUZYMko0Wk5WQlBPSFNDQklTQzdWRlpYVldYWkE3VkFTUVpHIiwidHlwZSI6ImFjY291bnQiLCJuYXRzIjp7ImxpbWl0cyI6e319fQ.7m1fysYUsBw15Lj88YmYoHxOI4HlOzu6qgP8Zg-1q9mQXUURijuDGVZrtb7gFYRlo-nG9xZyd2ZTRpMA-b0xCQ"
23 | 
24 |     ADM2CIIL3RWXBA6T2HW3FODNCQQOUJEHHQD6FKCPVAMHDNTTSMO73ROX: "eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJCMk0zTFRMT1ZNRk03REY3U0M3SE9RTzNXUzI2RFhMTURINk0zRzY3RzRXRFdTWExPNlVBIiwiaWF0IjoxNTQzOTU4NzI0LCJpc3MiOiJPQ0FUMzNNVFZVMlZVT0lNR05HVU5YSjY2QUgyUkxTREFGM01VQkNZQVk1UU1JTDY1TlFNNlhRRyIsInN1YiI6IkFETTJDSUlMM1JXWEJBNlQySFczRk9ETkNRUU9VSkVISFFENkZLQ1BWQU1IRE5UVFNNTzczUk9YIiwidHlwZSI6ImFjY291bnQiLCJuYXRzIjp7ImxpbWl0cyI6e319fQ.pvvPmBei_IFEbspHGN5FkWJoSfHk8BVeJCCVODTgul8-xUU8p1fidvsg3sgMvrXqXtmL8SFc68jGQd0nGtk5Dw"
25 | 
26 | }
27 | 


--------------------------------------------------------------------------------
/test/configs/seed.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Seed Node
 2 | 
 3 | listen: 127.0.0.1:5222
 4 | 
 5 | http: 8222
 6 | 
 7 | cluster {
 8 |   listen: 127.0.0.1:4248
 9 |   name: xyz
10 | }
11 | 
12 | no_sys_acc: true
13 | 


--------------------------------------------------------------------------------
/test/configs/srv_a.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server A
 2 | 
 3 | listen: 127.0.0.1:5222
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:5244
 7 |   name: xyz
 8 | 
 9 |   authorization {
10 |     user: ruser
11 |     password: top_secret
12 |     timeout: 0.5
13 |   }
14 | 
15 |   # Routes are actively solicited and connected to from this server.
16 |   # Other servers can connect to us if they supply the correct credentials
17 |   # in their routes definitions from above.
18 | 
19 |   routes = [
20 |     nats-route://ruser:top_secret@127.0.0.1:5246
21 |   ]
22 | }
23 | 
24 | no_sys_acc: true
25 | 


--------------------------------------------------------------------------------
/test/configs/srv_a_leaf.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server A
 2 | 
 3 | listen: 127.0.0.1:5222
 4 | 
 5 | leafnodes {
 6 |   listen: 127.0.0.1:5223
 7 | }
 8 | 
 9 | cluster {
10 |   listen: 127.0.0.1:5244
11 |   name: xyz
12 | 
13 |   authorization {
14 |     user: ruser
15 |     password: top_secret
16 |     timeout: 0.5
17 |   }
18 | 
19 |   # Routes are actively solicited and connected to from this server.
20 |   # Other servers can connect to us if they supply the correct credentials
21 |   # in their routes definitions from above.
22 | 
23 |   routes = [
24 |     nats-route://ruser:top_secret@127.0.0.1:5246
25 |   ]
26 | }
27 | 


--------------------------------------------------------------------------------
/test/configs/srv_a_perms.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server A with Permissions
 2 | 
 3 | listen: 127.0.0.1:5222
 4 | http: 127.0.0.1:5223
 5 | 
 6 | cluster {
 7 |   listen: 127.0.0.1:5244
 8 |   name: xyz
 9 | 
10 |   authorization {
11 |     user: ruser
12 |     password: top_secret
13 |     timeout: 0.5
14 |   }
15 | 
16 |   permissions {
17 |     import: "foo"
18 |     export: {
19 |       allow: "*"
20 |       deny: ["foo", "nats"]
21 |     }
22 |   }
23 | 
24 |   # Routes are actively solicited and connected to from this server.
25 |   # Other servers can connect to us if they supply the correct credentials
26 |   # in their routes definitions from above.
27 | 
28 |   routes = [
29 |     nats-route://ruser:top_secret@127.0.0.1:5246
30 |   ]
31 | }
32 | 
33 | no_sys_acc: true
34 | 


--------------------------------------------------------------------------------
/test/configs/srv_a_tls.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server A
 2 | 
 3 | listen: 127.0.0.1:5222
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:5244
 7 |   name: xyz
 8 | 
 9 |   tls {
10 |     # Route cert
11 |     cert_file: "./configs/certs/srva-cert.pem"
12 |     # Private key
13 |     key_file:  "./configs/certs/srva-key.pem"
14 |     # Specified time for handshake to complete
15 |     timeout: 2
16 | 
17 |     # Optional certificate authority verifying connected routes
18 |     # Required when we have self-signed CA, etc.
19 |     ca_file:   "./configs/certs/ca.pem"
20 |   }
21 | 
22 |   # Routes are actively solicited and connected to from this server.
23 |   # Other servers can connect to us if they supply the correct credentials
24 |   # in their routes definitions from above.
25 | 
26 |   routes = [
27 |     nats-route://127.0.0.1:5246
28 |   ]
29 | }
30 | 
31 | no_sys_acc: true
32 | 


--------------------------------------------------------------------------------
/test/configs/srv_b.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server B
 2 | 
 3 | listen: 127.0.0.1:5224
 4 | http: 127.0.0.1:5225
 5 | 
 6 | cluster {
 7 |   listen: 127.0.0.1:5246
 8 |   name: xyz
 9 | 
10 |   authorization {
11 |     user: ruser
12 |     password: top_secret
13 |     timeout: 0.5
14 |   }
15 | 
16 |   # Routes are actively solicited and connected to from this server.
17 |   # Other servers can connect to us if they supply the correct credentials
18 |   # in their routes definitions from above.
19 | 
20 |   routes = [
21 |     nats-route://ruser:top_secret@127.0.0.1:5244
22 |   ]
23 | }
24 | 
25 | no_sys_acc: true
26 | 


--------------------------------------------------------------------------------
/test/configs/srv_b_tls.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server B
 2 | 
 3 | listen: 127.0.0.1:5224
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:5246
 7 |   name: xyz
 8 | 
 9 |   tls {
10 |     # Route cert
11 |     cert_file: "./configs/certs/srvb-cert.pem"
12 |     # Private key
13 |     key_file:  "./configs/certs/srvb-key.pem"
14 |     # Specified time for handshake to complete
15 |     timeout: 2
16 | 
17 |     # Optional certificate authority verifying connected routes
18 |     # Required when we have self-signed CA, etc.
19 |     ca_file:   "./configs/certs/ca.pem"
20 |   }
21 | 
22 |   # Routes are actively solicited and connected to from this server.
23 |   # Other servers can connect to us if they supply the correct credentials
24 |   # in their routes definitions from above.
25 | 
26 |   routes = [
27 |     nats-route://127.0.0.1:5244
28 |   ]
29 | }
30 | 
31 | no_sys_acc: true
32 | 


--------------------------------------------------------------------------------
/test/configs/srv_c.conf:
--------------------------------------------------------------------------------
 1 | # Cluster Server C
 2 | 
 3 | listen: 127.0.0.1:5226
 4 | 
 5 | cluster {
 6 |   listen: 127.0.0.1:5248
 7 |   name: xyz
 8 | 
 9 |   authorization {
10 |     user: ruser
11 |     password: top_secret
12 |     timeout: 0.5
13 |   }
14 | 
15 |   # Routes are actively solicited and connected to from this server.
16 |   # Other servers can connect to us if they supply the correct credentials
17 |   # in their routes definitions from above.
18 | 
19 |   routes = [
20 |     nats-route://ruser:top_secret@127.0.0.1:5244
21 |   ]
22 | }
23 | 
24 | no_sys_acc: true
25 | 


--------------------------------------------------------------------------------
/test/configs/tls.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen: 127.0.0.1:5443
 4 | 
 5 | https: 11522
 6 | 
 7 | tls {
 8 |   # Server cert
 9 |   cert_file: "./configs/certs/server-cert.pem"
10 |   # Server private key
11 |   key_file:  "./configs/certs/server-key.pem"
12 |   # Specified time for handshake to complete
13 |   timeout: 2
14 | }
15 | 
16 | authorization {
17 |   user:     derek
18 |   password: monkey
19 |   timeout:  1
20 | }
21 | 


--------------------------------------------------------------------------------
/test/configs/tls_cert_cn.conf:
--------------------------------------------------------------------------------
 1 | 
 2 | listen: localhost:9334
 3 | 
 4 | tls {
 5 |   cert_file = "./configs/certs/tlsauth/server.pem"
 6 |   key_file = "./configs/certs/tlsauth/server-key.pem"
 7 |   ca_file = "./configs/certs/tlsauth/ca.pem"
 8 |   verify = true
 9 |   verify_and_map = true
10 | }
11 | 
12 | authorization {
13 |   # Default permissions
14 |   permissions {
15 |     publish {
16 |       allow = ["public.>"]
17 |     }
18 |     subscribe {
19 |       allow = ["public.>"]
20 |     }
21 |   }
22 | 
23 |   users [
24 |     { user = "CN=example.com,OU=NATS.io" }
25 |     { user = "CN=example.com,OU=CNCF", permissions = {
26 | 	publish {
27 | 	  allow = [">"]
28 | 	}
29 | 	subscribe {
30 | 	  allow = [">"]
31 | 	}
32 |       }
33 |     }
34 |   ]
35 | }
36 | 


--------------------------------------------------------------------------------
/test/configs/tls_cert_cn_gateways.conf:
--------------------------------------------------------------------------------
 1 | 
 2 | gateway {
 3 |   tls {
 4 |     cert_file = "./configs/certs/tlsauth/server.pem"
 5 |     key_file = "./configs/certs/tlsauth/server-key.pem"
 6 |     ca_file = "./configs/certs/tlsauth/ca.pem"
 7 |     verify_and_map = true
 8 |     timeout = 2
 9 |   }
10 | 
11 |   authorization {
12 |     user = "CN=localhost,OU=NATS.io Operators"
13 |   }
14 | }
15 | 


--------------------------------------------------------------------------------
/test/configs/tls_cert_cn_gateways_invalid_auth.conf:
--------------------------------------------------------------------------------
 1 | 
 2 | gateway {
 3 |   tls {
 4 |     cert_file = "./configs/certs/tlsauth/server-no-ou.pem"
 5 |     key_file = "./configs/certs/tlsauth/server-no-ou-key.pem"
 6 |     ca_file = "./configs/certs/tlsauth/ca.pem"
 7 |     verify_and_map = true
 8 |     timeout = 2
 9 |   }
10 | 
11 |   authorization {
12 |     user = "CN=localhost"
13 |   }
14 | }
15 | 


--------------------------------------------------------------------------------
/test/configs/tls_cert_cn_routes.conf:
--------------------------------------------------------------------------------
 1 | 
 2 | cluster {
 3 |   tls {
 4 |     cert_file = "./configs/certs/tlsauth/server.pem"
 5 |     key_file = "./configs/certs/tlsauth/server-key.pem"
 6 |     ca_file = "./configs/certs/tlsauth/ca.pem"
 7 |     verify_and_map = true
 8 |     timeout = 2
 9 |   }
10 | 
11 |   permissions {
12 |     publish {
13 |   	allow = ["public.>"]
14 |     }
15 |     subscribe {
16 |   	allow = ["public.>"]
17 |     }
18 |   }
19 | 
20 |   authorization {
21 |     user = "CN=localhost,OU=NATS.io Operators"
22 |   }
23 | }
24 | 


--------------------------------------------------------------------------------
/test/configs/tls_cert_cn_routes_invalid_auth.conf:
--------------------------------------------------------------------------------
 1 | 
 2 | cluster {
 3 |   tls {
 4 |     cert_file = "./configs/certs/tlsauth/server-no-ou.pem"
 5 |     key_file = "./configs/certs/tlsauth/server-no-ou-key.pem"
 6 |     ca_file = "./configs/certs/tlsauth/ca.pem"
 7 |     verify_and_map = true
 8 |     timeout = 2
 9 |   }
10 | 
11 |   no_advertise = true
12 | 
13 |   permissions {
14 |     publish {
15 |   	allow = ["public.>"]
16 |     }
17 |     subscribe {
18 |   	allow = ["public.>"]
19 |     }
20 |   }
21 | 
22 |   authorization {
23 |     user = "CN=localhost"
24 |   }
25 | }
26 | 


--------------------------------------------------------------------------------
/test/configs/tls_cert_id.conf:
--------------------------------------------------------------------------------
 1 | # TLS config file
 2 | # We require client certs and pull the user from the cert itself.
 3 | 
 4 | listen: 127.0.0.1:9333
 5 | 
 6 | tls {
 7 |   # Server cert
 8 |   cert_file: "./configs/certs/server-cert.pem"
 9 |   # Server private key
10 |   key_file:  "./configs/certs/server-key.pem"
11 |   # Specified time for handshake to complete
12 |   timeout: 2
13 |   # Optional certificate authority for clients
14 |   ca_file:   "./configs/certs/ca.pem"
15 |   # Require a client certificate and map user id from certificate
16 |   verify_and_map: true
17 | }
18 | 
19 | # User authenticated from above in certificate.
20 | authorization {
21 |   users = [
22 |     {user: derek@nats.io, permissions: { publish:"foo" }}
23 |   ]
24 | }
25 | 


--------------------------------------------------------------------------------
/test/configs/tls_cert_san_auth.conf:
--------------------------------------------------------------------------------
 1 | 
 2 | listen: localhost:9335
 3 | 
 4 | tls {
 5 |   cert_file = "./configs/certs/sans/server.pem"
 6 |   key_file = "./configs/certs/sans/server-key.pem"
 7 |   ca_file = "./configs/certs/sans/ca.pem"
 8 |   verify = true
 9 |   verify_and_map = true
10 | }
11 | 
12 | authorization {
13 |   # Default permissions
14 |   permissions {
15 |     publish {
16 |       allow = ["public.>"]
17 |     }
18 |     subscribe {
19 |       allow = ["public.>"]
20 |     }
21 |   }
22 | 
23 |   users [
24 |     # CN used by default if there are no SANs
25 |     { user = "CN=www.nats.io" }
26 | 
27 |     # All permissions
28 |     { user = "app.nats.prod", permissions = {
29 | 	publish {
30 | 	  allow = [">"]
31 | 	}
32 | 	subscribe {
33 | 	  allow = [">"]
34 | 	}
35 |       }
36 |     }
37 | 
38 |     # Dev certs are isolated to own sandbox but can
39 |     # also publish to public.
40 |     { user = "app.nats.dev", permissions = {
41 | 	publish {
42 | 	  allow = ["public.>", "sandbox.>"]
43 | 	}
44 | 	subscribe {
45 | 	  allow = ["public.>", "sandbox.>"]
46 | 	}
47 |       }
48 |     }
49 |   ]
50 | }
51 | 


--------------------------------------------------------------------------------
/test/configs/tls_cert_san_emails.conf:
--------------------------------------------------------------------------------
 1 | 
 2 | listen: localhost:9336
 3 | 
 4 | tls {
 5 |   cert_file = "./configs/certs/sans/server.pem"
 6 |   key_file = "./configs/certs/sans/server-key.pem"
 7 |   ca_file = "./configs/certs/sans/ca.pem"
 8 |   verify = true
 9 |   verify_and_map = true
10 | }
11 | 
12 | authorization {
13 |   # Default permissions
14 |   permissions {
15 |     publish {
16 |       allow = ["public.>"]
17 |     }
18 |     subscribe {
19 |       allow = ["public.>"]
20 |     }
21 |   }
22 | 
23 |   users [
24 |     # CN used by default if there are no SANs
25 |     { user = "CN=www.nats.io" }
26 | 
27 |     # All permissions
28 |     { user = "*.app.nats.prod", permissions = {
29 | 	publish {
30 | 	  allow = [">"]
31 | 	}
32 | 	subscribe {
33 | 	  allow = [">"]
34 | 	}
35 |       }
36 |     }
37 | 
38 |     # Dev certs are isolated to own sandbox but can
39 |     # also publish to public.
40 |     { user = "root@app.nats.dev", permissions = {
41 | 	publish {
42 | 	  allow = ["public.>", "sandbox.>"]
43 | 	}
44 | 	subscribe {
45 | 	  allow = ["public.>", "sandbox.>"]
46 | 	}
47 |       }
48 |     }
49 |   ]
50 | }
51 | 


--------------------------------------------------------------------------------
/test/configs/tls_curve_pref.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen: 127.0.0.1:5443
 4 | 
 5 | https: 11522
 6 | 
 7 | tls {
 8 |   # Server cert
 9 |   cert_file: "./configs/certs/server-cert.pem"
10 |   # Server private key
11 |   key_file:  "./configs/certs/server-key.pem"
12 |   # Specified time for handshake to complete
13 |   timeout: 2
14 |   curve_preferences: [
15 | 		"CurveP256"
16 |   ]
17 | }
18 | 
19 | authorization {
20 |   user:     derek
21 |   password: boo
22 |   timeout:  1
23 | }
24 | 


--------------------------------------------------------------------------------
/test/configs/tls_mixed.conf:
--------------------------------------------------------------------------------
 1 | # Allow TLS and non TLS on same port.
 2 | 
 3 | listen: 127.0.0.1:-1
 4 | 
 5 | tls {
 6 |   # Server cert
 7 |   cert_file: "./configs/certs/server-cert.pem"
 8 |   # Server private key
 9 |   key_file:  "./configs/certs/server-key.pem"
10 |   # Specified time for handshake to complete
11 |   timeout: 2
12 | }
13 | 
14 | # This allows non tls traffic on same port.
15 | allow_non_tls: true
16 | 


--------------------------------------------------------------------------------
/test/configs/tlsverify.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen: 127.0.0.1:5443
 4 | 
 5 | tls {
 6 |   # Server cert
 7 |   cert_file: "./configs/certs/server-cert.pem"
 8 |   # Server private key
 9 |   key_file:  "./configs/certs/server-key.pem"
10 |   # Specified time for handshake to complete
11 |   timeout: 2
12 |   # Optional certificate authority for clients
13 |   ca_file:   "./configs/certs/ca.pem"
14 |   # Require a client certificate
15 |   verify:    true
16 | }
17 | 


--------------------------------------------------------------------------------
/test/configs/tlsverify_noca.conf:
--------------------------------------------------------------------------------
 1 | # Simple TLS config file
 2 | 
 3 | listen: 127.0.0.1:5443
 4 | 
 5 | tls {
 6 |   # Server cert
 7 |   cert_file: "./configs/certs/server-cert.pem"
 8 |   # Server private key
 9 |   key_file:  "./configs/certs/server-key.pem"
10 |   # Specified time for handshake to complete
11 |   timeout: 2
12 |   # Require a client certificate
13 |   verify:    true
14 |   # Omit the client CA, this is to verify that
15 |   # the server is really trying to verify the
16 |   # client certificate.
17 | }
18 | 


--------------------------------------------------------------------------------
/test/opts_test.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2015-2020 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | package test
15 | 
16 | import (
17 | 	"testing"
18 | )
19 | 
20 | func TestServerConfig(t *testing.T) {
21 | 	srv, opts := RunServerWithConfig("./configs/override.conf")
22 | 	defer srv.Shutdown()
23 | 
24 | 	c := createClientConn(t, opts.Host, opts.Port)
25 | 	defer c.Close()
26 | 
27 | 	sinfo := checkInfoMsg(t, c)
28 | 	if sinfo.MaxPayload != opts.MaxPayload {
29 | 		t.Fatalf("Expected max_payload from server, got %d vs %d",
30 | 			opts.MaxPayload, sinfo.MaxPayload)
31 | 	}
32 | }
33 | 
34 | func TestTLSConfig(t *testing.T) {
35 | 	srv, opts := RunServerWithConfig("./configs/tls.conf")
36 | 	defer srv.Shutdown()
37 | 
38 | 	c := createClientConn(t, opts.Host, opts.Port)
39 | 	defer c.Close()
40 | 
41 | 	sinfo := checkInfoMsg(t, c)
42 | 	if !sinfo.TLSRequired {
43 | 		t.Fatal("Expected TLSRequired to be true when configured")
44 | 	}
45 | }
46 | 


--------------------------------------------------------------------------------
/test/pid_test.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2012-2022 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | package test
15 | 
16 | import (
17 | 	"fmt"
18 | 	"os"
19 | 	"testing"
20 | )
21 | 
22 | func TestPidFile(t *testing.T) {
23 | 	opts := DefaultTestOptions
24 | 
25 | 	file := createTempFile(t, "nats-server:pid_")
26 | 	file.Close()
27 | 	opts.PidFile = file.Name()
28 | 
29 | 	s := RunServer(&opts)
30 | 	s.Shutdown()
31 | 
32 | 	buf, err := os.ReadFile(opts.PidFile)
33 | 	if err != nil {
34 | 		t.Fatalf("Could not read pid_file: %v", err)
35 | 	}
36 | 	if len(buf) <= 0 {
37 | 		t.Fatal("Expected a non-zero length pid_file")
38 | 	}
39 | 
40 | 	pid := 0
41 | 	fmt.Sscanf(string(buf), "%d", &pid)
42 | 	if pid != os.Getpid() {
43 | 		t.Fatalf("Expected pid to be %d, got %d\n", os.Getpid(), pid)
44 | 	}
45 | }
46 | 


--------------------------------------------------------------------------------
/test/port_test.go:
--------------------------------------------------------------------------------
 1 | // Copyright 2014-2019 The NATS Authors
 2 | // Licensed under the Apache License, Version 2.0 (the "License");
 3 | // you may not use this file except in compliance with the License.
 4 | // You may obtain a copy of the License at
 5 | //
 6 | // http://www.apache.org/licenses/LICENSE-2.0
 7 | //
 8 | // Unless required by applicable law or agreed to in writing, software
 9 | // distributed under the License is distributed on an "AS IS" BASIS,
10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | // See the License for the specific language governing permissions and
12 | // limitations under the License.
13 | 
14 | package test
15 | 
16 | import (
17 | 	"net"
18 | 	"strconv"
19 | 	"testing"
20 | 
21 | 	"github.com/nats-io/nats-server/v2/server"
22 | )
23 | 
24 | func TestResolveRandomPort(t *testing.T) {
25 | 	opts := &server.Options{Host: "127.0.0.1", Port: server.RANDOM_PORT, NoSigs: true}
26 | 	s := RunServer(opts)
27 | 	defer s.Shutdown()
28 | 
29 | 	addr := s.Addr()
30 | 	_, port, err := net.SplitHostPort(addr.String())
31 | 	if err != nil {
32 | 		t.Fatalf("Expected no error: Got %v\n", err)
33 | 	}
34 | 
35 | 	portNum, err := strconv.Atoi(port)
36 | 	if err != nil {
37 | 		t.Fatalf("Expected no error: Got %v\n", err)
38 | 	}
39 | 
40 | 	if portNum == server.DEFAULT_PORT {
41 | 		t.Fatalf("Expected server to choose a random port\nGot: %d", server.DEFAULT_PORT)
42 | 	}
43 | 
44 | 	if portNum == server.RANDOM_PORT {
45 | 		t.Fatalf("Expected server to choose a random port\nGot: %d", server.RANDOM_PORT)
46 | 	}
47 | 
48 | 	if opts.Port != portNum {
49 | 		t.Fatalf("Options port (%d) should have been overridden by chosen random port (%d)",
50 | 			opts.Port, portNum)
51 | 	}
52 | }
53 | 


--------------------------------------------------------------------------------
/util/nats-server.service:
--------------------------------------------------------------------------------
 1 | [Unit]
 2 | Description=NATS Server
 3 | After=network-online.target ntp.service
 4 | 
 5 | [Service]
 6 | PrivateTmp=true
 7 | Type=simple
 8 | ExecStart=/usr/sbin/nats-server -c /etc/nats-server.conf
 9 | ExecReload=/bin/kill -s HUP $MAINPID
10 | 
11 | # The nats-server uses SIGUSR2 to trigger Lame Duck Mode (LDM) shutdown
12 | # https://docs.nats.io/running-a-nats-service/nats_admin/lame_duck_mode
13 | ExecStop=/bin/kill -s SIGUSR2  $MAINPID
14 | 
15 | # This should be `lame_duck_duration` + some buffer to finish the shutdown.
16 | # By default, `lame_duck_duration` is 2 mins.
17 | TimeoutStopSec=150
18 | 
19 | Restart=on-failure
20 | 
21 | User=nats
22 | Group=nats
23 | 
24 | [Install]
25 | WantedBy=multi-user.target
26 | 


--------------------------------------------------------------------------------