diff --git a/certgen/main.go b/certgen/main.go index 4db9307f2..fca1c7a63 100644 --- a/certgen/main.go +++ b/certgen/main.go @@ -9,9 +9,11 @@ import ( "crypto/ecdsa" "crypto/elliptic" "crypto/rand" + "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/pem" + "fmt" "math/big" "os" "path" @@ -40,11 +42,46 @@ func writeKey(path string, keyx interface{}) { if err != nil { panic(err) } + case *rsa.PrivateKey: + m := x509.MarshalPKCS1PrivateKey(key) + err := pem.Encode(file, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: m}) + if err != nil { + panic(err) + } default: panic("Unknown key type") } } +func writeKeyEncrypted(password, path string, keyx interface{}) { + file := createFile(path) + defer file.Close() + + switch key := keyx.(type) { + case *rsa.PrivateKey: + m := x509.MarshalPKCS1PrivateKey(key) + + block := &pem.Block{ + Type: "RSA PRIVATE KEY", + Bytes: m, + } + + block, err := x509.EncryptPEMBlock(rand.Reader, block.Type, block.Bytes, + []byte(password), x509.PEMCipherAES256) + if err != nil { + panic(err) + } + + err = pem.Encode(file, block) + if err != nil { + panic(err) + } + default: + panic("Unknown key type") + } + +} + func writeCert(path string, der []byte) { file := createFile(path) defer file.Close() @@ -113,6 +150,30 @@ func generateServer(parent *x509.Certificate, parentPrivate interface{}, notBefo return key, derBytes } +func generateRsa4096Sha512(notBefore, notAfter time.Time, commonName string) (interface{}, []byte) { + key, err := rsa.GenerateKey(rand.Reader, 4096) + if err != nil { + panic(err) + } + + template := x509.Certificate{ + SerialNumber: newSerialNumber(), + NotBefore: notBefore, + NotAfter: notAfter, + Subject: pkix.Name{CommonName: commonName}, + KeyUsage: x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, + BasicConstraintsValid: true, + IsCA: true, + } + + derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key) + if err != nil { + panic(err) + } + return key, derBytes +} + func main() { basePath := path.Join(os.Args[1], "certs") @@ -177,4 +238,15 @@ func main() { untrustedRoot_server1Key, untrustedRoot_server1Der := generateServer(untrustedRootCert, untrustedRootKey, anHourAgo, tenYearsFromNow, "untrustedRoot_thehost", "thehost") writeKey(path.Join(basePath, "server", "untrustedRoot_thehost.key"), untrustedRoot_server1Key) writeCert(path.Join(basePath, "server", "untrustedRoot_thehost.pem"), untrustedRoot_server1Der) + + // Generate client's certificates + for i := 1; i <= 2; i++ { + clientKey, clientDer := generateRsa4096Sha512(anHourAgo, tenYearsFromNow, "client") + writeCert(path.Join(basePath, "driver", fmt.Sprintf("certificate%d.pem", i)), clientDer) + writeKey(path.Join(basePath, "driver", fmt.Sprintf("privatekey%d.pem", i)), clientKey) + writeKeyEncrypted(fmt.Sprintf("thepassword%d", i), + path.Join(basePath, "driver", fmt.Sprintf("privatekey%d_with_thepassword%d.pem", i, i)), clientKey) + // Copy to + writeCert(path.Join(basePath, "server", "bolt", "trusted", fmt.Sprintf("client%d.pem", i)), clientDer) + } } diff --git a/nutkit/frontend/__init__.py b/nutkit/frontend/__init__.py index 77c85b34a..5cda58965 100644 --- a/nutkit/frontend/__init__.py +++ b/nutkit/frontend/__init__.py @@ -7,6 +7,10 @@ BookmarkManager, Neo4jBookmarkManagerConfig, ) +from .client_certificate_provider import ( + ClientCertificateHolder, + ClientCertificateProvider, +) from .driver import Driver from .exceptions import ApplicationCodeError from .fake_time import FakeTime diff --git a/nutkit/frontend/auth_token_manager.py b/nutkit/frontend/auth_token_manager.py index 90e19435d..c6c36bef3 100644 --- a/nutkit/frontend/auth_token_manager.py +++ b/nutkit/frontend/auth_token_manager.py @@ -1,6 +1,5 @@ from __future__ import annotations -from dataclasses import dataclass from typing import ( Any, Callable, @@ -42,7 +41,6 @@ ] -@dataclass class AuthTokenManager: _registry: ClassVar[Dict[Any, AuthTokenManager]] = {} @@ -105,7 +103,6 @@ def close(self, hooks=None): del self._registry[self.id] -@dataclass class BasicAuthTokenManager: _registry: ClassVar[Dict[Any, BasicAuthTokenManager]] = {} @@ -163,7 +160,6 @@ def close(self, hooks=None): del self._registry[self.id] -@dataclass class BearerAuthTokenManager: _registry: ClassVar[Dict[Any, BearerAuthTokenManager]] = {} diff --git a/nutkit/frontend/bookmark_manager.py b/nutkit/frontend/bookmark_manager.py index 5340cb378..f41a9d68b 100644 --- a/nutkit/frontend/bookmark_manager.py +++ b/nutkit/frontend/bookmark_manager.py @@ -22,7 +22,6 @@ class Neo4jBookmarkManagerConfig: bookmarks_consumer: Optional[Callable[[List[str]], None]] = None -@dataclass class BookmarkManager: _registry: ClassVar[Dict[Any, BookmarkManager]] = {} diff --git a/nutkit/frontend/client_certificate_provider.py b/nutkit/frontend/client_certificate_provider.py new file mode 100644 index 000000000..b380cf605 --- /dev/null +++ b/nutkit/frontend/client_certificate_provider.py @@ -0,0 +1,85 @@ +from __future__ import annotations + +from dataclasses import dataclass +from typing import ( + Any, + Callable, + ClassVar, + Dict, +) + +from ..backend import Backend +from ..protocol import ClientCertificate +from ..protocol import ( + ClientCertificateProvider as ClientCertificateProviderMessage, +) +from ..protocol import ( + ClientCertificateProviderClose, + ClientCertificateProviderCompleted, + ClientCertificateProviderRequest, + NewClientCertificateProvider, +) + +__all__ = [ + "ClientCertificateHolder", + "ClientCertificateProvider", +] + + +@dataclass +class ClientCertificateHolder: + cert: ClientCertificate + has_update: bool = True + + +class ClientCertificateProvider: + _registry: ClassVar[Dict[Any, ClientCertificateProvider]] = {} + _backend: Any + _handler: Callable[[], ClientCertificateHolder] + + def __init__( + self, + backend: Backend, + handler: Callable[[], ClientCertificateHolder], + ): + self._backend = backend + self._handler = handler + + req = NewClientCertificateProvider() + res = backend.send_and_receive(req) + if not isinstance(res, ClientCertificateProviderMessage): + raise Exception( + f"Should be ClientCertificateProvider but was {res}" + ) + + self._client_certificate_provider = res + self._registry[self._client_certificate_provider.id] = self + + @property + def id(self): + return self._client_certificate_provider.id + + @classmethod + def process_callbacks(cls, request): + if isinstance(request, ClientCertificateProviderRequest): + if request.client_certificate_provider_id not in cls._registry: + raise Exception( + "Backend provided unknown Client Certificate Provider " + f"id: {request.client_certificate_provider_id} not found" + ) + manager = cls._registry[request.client_certificate_provider_id] + cert_holder = manager._handler() + return ClientCertificateProviderCompleted( + request.id, cert_holder.has_update, cert_holder.cert + ) + + def close(self, hooks=None): + res = self._backend.send_and_receive( + ClientCertificateProviderClose(self.id), + hooks=hooks + ) + if not isinstance(res, ClientCertificateProviderMessage): + raise Exception( + f"Should be ClientCertificateProvider but was {res}" + ) + del self._registry[self.id] diff --git a/nutkit/frontend/driver.py b/nutkit/frontend/driver.py index a9d3c85b7..6b1631d21 100644 --- a/nutkit/frontend/driver.py +++ b/nutkit/frontend/driver.py @@ -5,6 +5,7 @@ BearerAuthTokenManager, ) from .bookmark_manager import BookmarkManager +from .client_certificate_provider import ClientCertificateProvider from .session import Session @@ -18,7 +19,8 @@ def __init__(self, backend, uri, auth_token, user_agent=None, connection_acquisition_timeout_ms=None, notifications_min_severity=None, notifications_disabled_categories=None, - telemetry_disabled=None): + telemetry_disabled=None, + client_certificate=None): self._backend = backend self._resolver_fn = resolver_fn self._domain_name_resolver_fn = domain_name_resolver_fn @@ -37,6 +39,16 @@ def __init__(self, backend, uri, auth_token, user_agent=None, ) self._auth_token_manager = auth_token auth_token_manager_id = auth_token.id + client_certificate_, client_certificate_provider_id_ = None, None + if client_certificate is not None: + assert isinstance( + client_certificate, + (protocol.ClientCertificate, ClientCertificateProvider) + ) + if isinstance(client_certificate, protocol.ClientCertificate): + client_certificate_ = client_certificate + else: + client_certificate_provider_id_ = client_certificate.id req = protocol.NewDriver( uri, self._auth_token, auth_token_manager_id, @@ -50,7 +62,9 @@ def __init__(self, backend, uri, auth_token, user_agent=None, connection_acquisition_timeout_ms=connection_acquisition_timeout_ms, # noqa: E501 notifications_min_severity=notifications_min_severity, notifications_disabled_categories=notifications_disabled_categories, # noqa: E501 - telemetry_disabled=telemetry_disabled + telemetry_disabled=telemetry_disabled, + client_certificate=client_certificate_, + client_certificate_provider_id=client_certificate_provider_id_, ) res = backend.send_and_receive(req) if not isinstance(res, protocol.Driver): @@ -78,10 +92,11 @@ def receive(self, timeout=None, hooks=None, *, allow_resolution): ) continue for cb_processor in ( - AuthTokenManager, - BasicAuthTokenManager, - BearerAuthTokenManager, - BookmarkManager, + AuthTokenManager, + BasicAuthTokenManager, + BearerAuthTokenManager, + BookmarkManager, + ClientCertificateProvider, ): cb_response = cb_processor.process_callbacks(res) if cb_response is not None: diff --git a/nutkit/protocol/feature.py b/nutkit/protocol/feature.py index c0ff0def2..5671c0a80 100644 --- a/nutkit/protocol/feature.py +++ b/nutkit/protocol/feature.py @@ -67,6 +67,8 @@ class Feature(Enum): # The session supports notification filters configuration. API_SESSION_NOTIFICATIONS_CONFIG = \ "Feature:API:Session:NotificationsConfig" + # The driver implements configuration for client certificates. + API_SSL_CLIENT_CERTIFICATE = "Feature:API:SSLClientCertificate" # The driver implements explicit configuration options for SSL. # - enable / disable SSL # - verify signature against system store / custom cert / not at all diff --git a/nutkit/protocol/requests.py b/nutkit/protocol/requests.py index adcd5b736..d829ad532 100644 --- a/nutkit/protocol/requests.py +++ b/nutkit/protocol/requests.py @@ -75,7 +75,8 @@ def __init__( connection_acquisition_timeout_ms=None, notifications_min_severity=None, notifications_disabled_categories=None, - telemetry_disabled=None + telemetry_disabled=None, + client_certificate=None, client_certificate_provider_id=None, ): # Neo4j URI to connect to self.uri = uri @@ -93,6 +94,10 @@ def __init__( self.livenessCheckTimeoutMs = liveness_check_timeout_ms self.maxConnectionPoolSize = max_connection_pool_size self.connectionAcquisitionTimeoutMs = connection_acquisition_timeout_ms + assert (client_certificate is None + or client_certificate_provider_id is None) + self.clientCertificate = client_certificate + self.clientCertificateProviderId = client_certificate_provider_id if notifications_min_severity is not None: self.notificationsMinSeverity = notifications_min_severity if notifications_disabled_categories is not None: @@ -259,6 +264,58 @@ def __init__(self, request_id, auth): self.auth = auth +class ClientCertificate: + """ + Not a request but used in `NewDriver`. + + This property is used for configuring client certificates + for mutual TLS configuration. + """ + + def __init__(self, certfile, keyfile, password=None): + self.certfile = certfile + self.keyfile = keyfile + self.password = password + + +class NewClientCertificateProvider: + """ + Create a new client certificate provider on the backend. + + The backend should respond with `ClientCertificateProvider`. + """ + + def __init__(self): + pass + + +class ClientCertificateProviderClose: + """ + Request to remove a client certificate provider from the backend. + + The backend may free any resources associated with the provider and respond + with `ClientCertificateProvider` echoing back the given id. + """ + + def __init__(self, id): + # Id of the client certificate provider to close. + self.id = id + + +class ClientCertificateProviderCompleted: + """ + Result of a completed client certificate provider call. + + No response is expected. + """ + + def __init__(self, request_id, has_update, client_certificate): + self.requestId = request_id + assert isinstance(client_certificate, ClientCertificate) + self.clientCertificate = client_certificate + self.hasUpdate = bool(has_update) + + class VerifyConnectivity: """ Request to verify connectivity on the driver. diff --git a/nutkit/protocol/responses.py b/nutkit/protocol/responses.py index 491d83a78..3989e42c7 100644 --- a/nutkit/protocol/responses.py +++ b/nutkit/protocol/responses.py @@ -116,11 +116,11 @@ class BasicAuthTokenManager: Represents a new auth manager to handle password rotation. The passed id is used when creating a new driver (`NewDriver`) to refer to - this auth token manager + this auth token manager. """ def __init__(self, id): - # Id of BasicAuthTokenManager instance on backend. + # Id of BasicAuthTokenManager instance on the backend. # Note that the id space needs to be shared with AuthTokenManager. self.id = id @@ -150,7 +150,7 @@ class BearerAuthTokenManager: Represents a new auth manager to handle potentially expiring bearer tokens. The passed id is used when creating a new driver (`NewDriver`) to refer to - this auth token manager + this auth token manager. """ def __init__(self, id): @@ -179,6 +179,39 @@ def __init__(self, id, bearerAuthTokenManagerId): self.bearer_auth_token_manager_id = bearerAuthTokenManagerId +class ClientCertificateProvider: + """ + Represents a new auth manager to handle password rotation. + + The passed id is used when creating a new driver (`NewDriver`) to refer to + this client certificate provider. + """ + + def __init__(self, id): + # Id of ClientCertificateProvider instance on the backend. + self.id = id + + +class ClientCertificateProviderRequest: + """ + Represents the need for a fresh client certificate. + + This message may be sent by the backend at any time should the driver call + the `provide` method of a client certificate provider's that was previously + created in response to `ClientCertificateProvider`. + + TestKit will respond with `ClientCertificateProviderCompleted`. + """ + + def __init__(self, id, clientCertificateProviderId): + # Id of the request. TestKit will send the same id back as `requestId` + # in the `ClientCertificateProviderCompleted` response. + self.id = id + # Id of the client certificate provider whose provide method was + # called. + self.client_certificate_provider_id = clientCertificateProviderId + + class ResolverResolutionRequired: """ Represents a need for new address resolution. diff --git a/tests/neo4j/shared.py b/tests/neo4j/shared.py index be4d7a91c..d8943d674 100644 --- a/tests/neo4j/shared.py +++ b/tests/neo4j/shared.py @@ -23,7 +23,10 @@ from nutkit import protocol from nutkit.frontend import Driver -from nutkit.protocol import AuthorizationToken +from nutkit.protocol import ( + AuthorizationToken, + ClientCertificate, +) from tests.shared import ( dns_resolve_single, Potential, @@ -39,6 +42,8 @@ env_neo4j_version = "TEST_NEO4J_VERSION" env_neo4j_edition = "TEST_NEO4J_EDITION" env_neo4j_cluster = "TEST_NEO4J_CLUSTER" +env_neo4j_client_cert = "TEST_NEO4J_SSL_CLIENT_CERT" +env_neo4j_client_key = "TEST_NEO4J_SSL_CLIENT_KEY" def get_authorization(): @@ -74,7 +79,19 @@ def get_neo4j_scheme(): return scheme -def get_driver(backend, uri=None, auth=None, **kwargs): +def get_client_certificate(): + client_certificate_key = os.environ.get(env_neo4j_client_key) + client_certificate_cert = os.environ.get(env_neo4j_client_cert) + if client_certificate_cert is None or client_certificate_key is None: + if client_certificate_cert is not None or \ + client_certificate_key is not None: + raise Exception("Miss configuration of client certificate.") + return None + return ClientCertificate(client_certificate_cert, client_certificate_key) + + +def get_driver(backend, uri=None, auth=None, + client_certificate=None, **kwargs): """Return default driver for tests that do not test this aspect.""" if uri is None: scheme = get_neo4j_scheme() @@ -82,7 +99,10 @@ def get_driver(backend, uri=None, auth=None, **kwargs): uri = "%s://%s:%d" % (scheme, host, port) if auth is None: auth = get_authorization() - return Driver(backend, uri, auth, **kwargs) + if client_certificate is None: + client_certificate = get_client_certificate() + return Driver(backend, uri, auth, client_certificate=client_certificate, + **kwargs) class ServerInfo: diff --git a/tests/tls/certs/customRoot.key b/tests/tls/certs/customRoot.key index d1db4d898..16ae19933 100644 --- a/tests/tls/certs/customRoot.key +++ b/tests/tls/certs/customRoot.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIB2DavQnjDSvTFbcQ8LAiOf0jdJw2vE5ws8BXimCubHOoAoGCCqGSM49 -AwEHoUQDQgAE7iYj3U966MS9xqfqn9hbG11Fe6+5rExRZNO3qqnosyFRMqaZ7U54 -hPwjVsqHOsvhMI7M71BXqrd6iOhkHsbFIA== +MHcCAQEEIKYmthXXA++8kXENGIy2EcTMTu+ps8IcbhgumpNuQQlKoAoGCCqGSM49 +AwEHoUQDQgAEX7D1pD4WK2M3oPKd9CmeU7A57Oy8WyvS2vOizJDyW1h2XZTvvj89 +vS8WooXFSXX+TayDDaEZB/rk19B5OJfZjg== -----END EC PRIVATE KEY----- diff --git a/tests/tls/certs/customRoot2.key b/tests/tls/certs/customRoot2.key index 2d17d11c4..beee2388b 100644 --- a/tests/tls/certs/customRoot2.key +++ b/tests/tls/certs/customRoot2.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIDK5fELEd3XFyNDsHpV32VcNtBmXWejBXDO/0wLIueHGoAoGCCqGSM49 -AwEHoUQDQgAEKtc4mzv0JEBevEtp6hDadUMTGhtl78i38IJXABB3fDUjeGdQQynB -7YaHtPFbxPOmR2VfgRybMhDhwMQxZcTsAw== +MHcCAQEEIDzNIm96f6QsnVvzSaGVkj47d5lNeMYmDCOaTj6Gj5UyoAoGCCqGSM49 +AwEHoUQDQgAEimpbDnttGQAe2W4EbkYGnFztHe95YXI9ZBG2vpNpRFOCr8oEop3U +mLDUtXOGqj8hTENgj6qz2oC/7mAGVp58Bg== -----END EC PRIVATE KEY----- diff --git a/tests/tls/certs/driver/certificate1.pem b/tests/tls/certs/driver/certificate1.pem new file mode 100644 index 000000000..3e3e60cf5 --- /dev/null +++ b/tests/tls/certs/driver/certificate1.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBDCCAuygAwIBAgIRAI2TewtlIMVyyzHcv1TQ9zAwDQYJKoZIhvcNAQELBQAw +ETEPMA0GA1UEAxMGY2xpZW50MB4XDTI0MDMwNDIzNDkyMloXDTQ0MDIyOTAwNDky +MlowETEPMA0GA1UEAxMGY2xpZW50MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAylkawVY3Uzvl/RvznZjRmjDwCwt33wvXbT6FHhzTSUXBdl4XExAjY5Ej +dcTyEcbLqnKInkmo5wYZkpmtq4BImN6D9P1uWkvVwrXXUl+0BgsiIXjml6Dfkvwh +Kxt1JSdrFAiID5ESiryarc8d1qE2l5ilxmBPlYPUFcdYJthRx88A91pm5lvX8x9D +yFxGHO7id3fiQ6bdDpAHCbWYQkjAeVvPnY5PRmhEQ+9KyHjTWQ0WKAAuoGbxc7Ot +s+nanGuiOC5eu0tPO3A1nMD2LgTPley6+fgwdP0VSfdPfJIgWT+q0/IUqSGJvLDb +/yDMLr67VYL/i9fg1WU787bmNlslWeLyNUPSW4AQOhNefdeJikVrmttlRIZEScSG +cIfmJ20C5uVu+BvuxOPKb+0NAY03rmKqQmEveUsHg9DIXJYRCwK57GrrIvIXby/H +FKHNADNX/i+CWX2UXGbop6J/QjEOakRFCOc2VBJ89q7lT1bDS6CHC/3MsFC8M1DN +0wkBMpxJ2bpF0U8Nv3C1sezw05kfaPWN1fGZKCKKAa4EGuc1HEExA3VAKJhn0NGd +emiLf7Ak4EvIuZwtkNMxPdAloO1udBWtOK+H+8Wv/vBpj6Ui5AYfaI0gQL5vqRz4 +K9t3EqtVsgBwXdNN31DZWAaXlB9yokUrz4Ci7rpvekiO9bhAfC0CAwEAAaNXMFUw +DgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLSi1HOLeE+IMvJhQn4qfTR/PPwJMA0GCSqGSIb3DQEB +CwUAA4ICAQBIM2pqtwmQ+uUwHMmGkNUM6y9CTlOKMRwuDGiFr/25cVUJh0Q5pcSM +5VKc4vycj24FjqXN5+Zk86Ftj+5ip4NN+mjPMYQz4rGXaKJCWTz0I9dqT9g7gBVy +ZKNrpoJLyly39h5ktAqARoMC5Zm1pK1k+pyBBoJ+VOTEKL9FhqRQdAJguSM/A3kJ +rZCUOkR7Z6TPGJjgr7L78bta+nHagCi1giwHYkSgwWkwNQhJEQPatj6w7w8sWGSi +vinbfJVgWlZBp3lI88hh2rbnAc8IHGBwr0J5VAjK+7/ojcplyczAWayMy90w5DRO +9Qr2EuJuMP5ywTMMXqGtUK8aJZdrxZCW1X9WAJScHhm6y6Z7ZrQ7brYNDq3QFmd0 +V5U6hx19qwJ2ODWWyFqzDb9Y83VEDJPpZJMFCJ2rdOlW0wO2hwFTV0ShMcOT5l38 +WQzkfkdmKPjKZqXM+69IjzWnFBh9Nv4dXIYkQvSqhBqyNehpd6ZGJ73j83oKP8va +W31jsHiRhXVJpAUJ21xJfKKiLTDOXzQJzhm1+389gsz7VkaBZxYnxCPnSNshCr1/ +oE8XjZ8oV1v6ntCJV6UQV3Ea4stBFvflHyRW9XQTn2eRvdTJmtWMkQl6qPgYU5Du +fzSonuLmPdYu/WjcrrmjhXUU2meMdET0o31KkJ8Pcbbscz31UZFBjw== +-----END CERTIFICATE----- diff --git a/tests/tls/certs/driver/certificate2.pem b/tests/tls/certs/driver/certificate2.pem new file mode 100644 index 000000000..d5c4db1b2 --- /dev/null +++ b/tests/tls/certs/driver/certificate2.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFAzCCAuugAwIBAgIQCGhGdAoa7K1pDEAtTiXO4DANBgkqhkiG9w0BAQsFADAR +MQ8wDQYDVQQDEwZjbGllbnQwHhcNMjQwMzA0MjM0OTIyWhcNNDQwMjI5MDA0OTIy +WjARMQ8wDQYDVQQDEwZjbGllbnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQDHhp3bSy8rQkwtxZdHqukhNnHXGXYDGQp6TkJNREwKDDYl0o04t1gyTcWV +++HLtLr7rCbZZMtoUziHUIOM8TBdPEwr4fwfBxc6iSUCV8gWioYvPvosh3fs/1o+ +ER2d+u/X1yUgLZVTrJ/4obQStQr+ZWUzWrKCcU7kFcetL8x5a7y1s99lIJcTXiLO +Y9XqcELHct+CkOkklrViOiB9LFnYHW9Nnboxvn9ANC82dEsEA/jqiExadOAKKuc6 +n7i/cC4oJmnlrzOPAYwCJClTbRbct1jvBVWQvwSAAyu702rYfrkNNAM5QljvSc76 +jeCN4uoDb7VGgVhRo3a8OS1IKKo8i9O/NbrjiWdooSV/7cffvARYQHOYgI32YBb9 +3k7vAOAS4QIKQQT+cKi2NyCiDrcmRmws8vPoQPlLWk2/LcSQJyG+BMHbfrOtFosD +GaqRaT/Cr6ep5fK/e0SU+704YJOVTnhvivrGuNYK0ZHDDGtD4481iRJ2Po8NZ5yR +KDWulOPbMCLzINb0ZsNPJK/dFjnWT5+ZEyhaNXvINFDFAUX5i3KMyrcU0eT7KA33 +ba8sGqKiVbknjFGY1IxvoTkE2FoB/0qm4THvZiyWc5fotleyRMcnVZ9gtPmdNTom +XbTVqFJChLjx6i42zLudYELfPT5fWY0UNA/7XN7Pc70cov7M0QIDAQABo1cwVTAO +BgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUM5kbiHv1KFXtLCGFtYFPEh8DFRQwDQYJKoZIhvcNAQEL +BQADggIBAH30LlY/QlcgIs/YtbPeLWvE9FNnOszIcboeVhm4bXT+BtdO4mNqJp7d +30kN2SsLQtdZnhXHMHNHW0li/GasGajFeQG8mltSQi1njqTL+JItkMRWN7G2Blny +QRyNiGOHK8fp4KjrfIlKPBs7NaJBeVNnaUXa+AkcgdoC0O0T51ybxMTPma0U4kpQ +n1upXUqPwDA1l8sKmsHc2HnMefsXxYAIQaTyOAYvgKNQIpyMGfKshkR27ww2taVi +zT6N+N23cD0LFKra5cH7XR4czHxRGggSxKJcsNPX7uhq0IT7DgZx/Gvzd33wc2hD +AUiJErceDo5iTKLoDwd357vcngL2oZ1otu1rXPBU9fUkmKfwF9T8UzTQiTgeYhXN +Uxq9ZE3lg1x/u0TSnd6nJjU5K9wXjsXrNyZVxDDTSRjdGpbLkLEPcWjqO4Zx4vqB +gfB2kvi0GPpUhzSBgjOEVlc7pEAd/UnpS1Sct45/LEYKFH9YgclZhrj+W2sLYHAg +UJUF+QbGNELR4gT+FGaD55dWOiXwpZGYnabP4ax3J1fLgcOQuTJgT5F7scQ8gkAq +bFg9hflaLQfG1jBK4D8K0boyEHpiDnC66XFvbbj+6l/bba8EcwxSKFVYMpAJJU4m +5BgjWZknIjE+a5cCQ9Hyp1iSI0Ckmx5YM4+g+1I1O1tjMAuqkknu +-----END CERTIFICATE----- diff --git a/tests/tls/certs/driver/custom/customRoot.crt b/tests/tls/certs/driver/custom/customRoot.crt index 5d3b8ad74..c08a932a7 100644 --- a/tests/tls/certs/driver/custom/customRoot.crt +++ b/tests/tls/certs/driver/custom/customRoot.crt @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBfzCCASWgAwIBAgIQG6ywjQkkfBgCXAM3e21cMTAKBggqhkjOPQQDAjAVMRMw -EQYDVQQDEwpjdXN0b21Sb290MB4XDTIxMDkyNzExNDY1MFoXDTQxMDkyMjEyNDY1 -MFowFTETMBEGA1UEAxMKY3VzdG9tUm9vdDBZMBMGByqGSM49AgEGCCqGSM49AwEH -A0IABO4mI91PeujEvcan6p/YWxtdRXuvuaxMUWTTt6qp6LMhUTKmme1OeIT8I1bK -hzrL4TCOzO9QV6q3eojoZB7GxSCjVzBVMA4GA1UdDwEB/wQEAwICBDATBgNVHSUE -DDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRGg7urqkqX -cidUaYZ7IhcpqW41lTAKBggqhkjOPQQDAgNIADBFAiBeFBloeaSr9fa6N94GmeaE -3qOrcRS4dqWf5A81OwmFegIhAOs9fcjfeHBmX2r07WN07RlbYXag4xlnl1BQUbAj -UMXk +MIIBgDCCASagAwIBAgIRAOxTpjiToH/Is+xTvqE00IMwCgYIKoZIzj0EAwIwFTET +MBEGA1UEAxMKY3VzdG9tUm9vdDAeFw0yNDAzMDQyMzQ5MjJaFw00NDAyMjkwMDQ5 +MjJaMBUxEzARBgNVBAMTCmN1c3RvbVJvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMB +BwNCAARfsPWkPhYrYzeg8p30KZ5TsDns7LxbK9La86LMkPJbWHZdlO++Pz29Lxai +hcVJdf5NrIMNoRkH+uTX0Hk4l9mOo1cwVTAOBgNVHQ8BAf8EBAMCAgQwEwYDVR0l +BAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUwrluA4+N +leUQw3bofMffAVpr1lMwCgYIKoZIzj0EAwIDSAAwRQIhAKm/zboImwbkOMHQC/ah +YPSLyi0ebyJPBkvFcpIJJnPqAiApvKkHi00c5LpRiVV1CBH6XMnYlX69yNT8y9uG +JyCixg== -----END CERTIFICATE----- diff --git a/tests/tls/certs/driver/custom/customRoot2.crt b/tests/tls/certs/driver/custom/customRoot2.crt index 73afb47df..02e431fcb 100644 --- a/tests/tls/certs/driver/custom/customRoot2.crt +++ b/tests/tls/certs/driver/custom/customRoot2.crt @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBgDCCASegAwIBAgIQBFCs0ckOUAPEmdkVdEOa8DAKBggqhkjOPQQDAjAWMRQw -EgYDVQQDEwtjdXN0b21Sb290MjAeFw0yMTA5MjcxMTQ2NTBaFw00MTA5MjIxMjQ2 -NTBaMBYxFDASBgNVBAMTC2N1c3RvbVJvb3QyMFkwEwYHKoZIzj0CAQYIKoZIzj0D -AQcDQgAEKtc4mzv0JEBevEtp6hDadUMTGhtl78i38IJXABB3fDUjeGdQQynB7YaH -tPFbxPOmR2VfgRybMhDhwMQxZcTsA6NXMFUwDgYDVR0PAQH/BAQDAgIEMBMGA1Ud -JQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNDV2FCL -wDKV0dSdrhodOt+U0kmAMAoGCCqGSM49BAMCA0cAMEQCIAeUEL4P4gsY0gmOQ2i+ -/eXJvLH7iOxMmIW7RugnOc1ZAiACq1JA0BYyMZzDWl/8cn1Qs/0R35t/te+G5+K0 -VsqVbg== +MIIBgTCCASigAwIBAgIRALmJnyVOdOOJpw5D9jbnG2IwCgYIKoZIzj0EAwIwFjEU +MBIGA1UEAxMLY3VzdG9tUm9vdDIwHhcNMjQwMzA0MjM0OTIyWhcNNDQwMjI5MDA0 +OTIyWjAWMRQwEgYDVQQDEwtjdXN0b21Sb290MjBZMBMGByqGSM49AgEGCCqGSM49 +AwEHA0IABIpqWw57bRkAHtluBG5GBpxc7R3veWFyPWQRtr6TaURTgq/KBKKd1Jiw +1LVzhqo/IUxDYI+qs9qAv+5gBlaefAajVzBVMA4GA1UdDwEB/wQEAwICBDATBgNV +HSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR8YJZJ +0KgubKLq1TKMzSCp51AuMjAKBggqhkjOPQQDAgNHADBEAiBuGPhwVd5LV/auw0A0 +3v0uULL11hllozAEWxhZFrcJVAIgeKpEKQuv6arMjcYP7Znbv1jZIh+hM95IFETu +Ep66CaE= -----END CERTIFICATE----- diff --git a/tests/tls/certs/driver/privatekey1.pem b/tests/tls/certs/driver/privatekey1.pem new file mode 100644 index 000000000..615ab8067 --- /dev/null +++ b/tests/tls/certs/driver/privatekey1.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAylkawVY3Uzvl/RvznZjRmjDwCwt33wvXbT6FHhzTSUXBdl4X +ExAjY5EjdcTyEcbLqnKInkmo5wYZkpmtq4BImN6D9P1uWkvVwrXXUl+0BgsiIXjm +l6DfkvwhKxt1JSdrFAiID5ESiryarc8d1qE2l5ilxmBPlYPUFcdYJthRx88A91pm +5lvX8x9DyFxGHO7id3fiQ6bdDpAHCbWYQkjAeVvPnY5PRmhEQ+9KyHjTWQ0WKAAu +oGbxc7Ots+nanGuiOC5eu0tPO3A1nMD2LgTPley6+fgwdP0VSfdPfJIgWT+q0/IU +qSGJvLDb/yDMLr67VYL/i9fg1WU787bmNlslWeLyNUPSW4AQOhNefdeJikVrmttl +RIZEScSGcIfmJ20C5uVu+BvuxOPKb+0NAY03rmKqQmEveUsHg9DIXJYRCwK57Grr +IvIXby/HFKHNADNX/i+CWX2UXGbop6J/QjEOakRFCOc2VBJ89q7lT1bDS6CHC/3M +sFC8M1DN0wkBMpxJ2bpF0U8Nv3C1sezw05kfaPWN1fGZKCKKAa4EGuc1HEExA3VA +KJhn0NGdemiLf7Ak4EvIuZwtkNMxPdAloO1udBWtOK+H+8Wv/vBpj6Ui5AYfaI0g +QL5vqRz4K9t3EqtVsgBwXdNN31DZWAaXlB9yokUrz4Ci7rpvekiO9bhAfC0CAwEA +AQKCAgEArIjnqFzkVcNoKrbPtdxdNLVvqGtB7dzB9rNtfCyl9/9To6M815NWKYrT +CpNAuOmiNZbtaNJ0A3EPExKYo/iBbl+lcps5oiKxhRHaJLHX5aNOme3l6PpSSJlV +itUhwOlogy93HJbdkZCZ74P/9EeILiEJkSoEEf/TMjLEtnKS4OVf9ImP3fIII5TQ +DiKn4fnK/oUpV/gK22Txq1S9HB++hnxDfhue+vDi7G44fNGRnIftEXR+TWUZkkdt +4E+RiPi53F+lhNwFFjBqdluOTdTqT/MHxybZ4pb9tRD8JMLQdGk2Nvxeo4wmTs8a +9uK3V1BomdRWI56SZkKoqPmWOFjlccf804IJWNbAEFjG3tW0mpYQNPYe5sB3LQ9k +0n4AF003Z00i1zYnSrQP7YbEBqaB2GvfOUngfmOh7D1NTzTIjSZ6tgya4uXqiMRF +IfSH9/GDugqjLaJEemqUiBz8Wa3cVs5o6NVy1+ACK9JCTUAasu3HgjjXRybutWGi +UtY9wYFG85sb1i0xKUktPOWttqaDVEy9TLGup/kNMl2O6jUPCRc3Z8Csq6hulex8 +BfmECEYwQ2j43DM7/BVp2YcENCOheth7Me39+Ef24z+6X/iZtIbrsac6En99yGRS +YomBhBzlpI0XL+487MCQ7EQIWJdFcJgqfxrPnSG2SqgnUbkqcx0CggEBANqBkjOa +7U5uDpkXIIpzlKZN1q8demAyAwM3fNORnpuLnDsXqlg+WzhxJIDFAYvWEVRWgwVU +qsTPeMfxhk44xXani8Xgij3rom+S7Jd1pgDvHg8r6kXuH4a1mynL1uWuvMFzFlLz +U513XZO4NLCDwfkBjqCZO29+khb/d132PBH/iLKZlCtyy8b0EIpTx1Wgohiinpjf +MFnK5t3Wv2Kc4kU3yE77rsRcdRk93y/gsVsbqFm3eg5+kxEhHjUIxPTKeSbVzslw +nq5dFmgxhxNtlZ0KiR73nB7Vz+6uFxazGUD/b63WisHcJZtsDxkE6gBtwrVl5Xev +egFSEMxK/l0EbnsCggEBAO0Rv+gv3hVyLoQEb3jR9JCYTZs7dS4hRvxzpvYp11jd +FlruNKjfjbiyB3Cd+QoiNeTfslyQ17apzZrMEagcIyf+COQcThKtsz07umDHaiHv +9ACX/7Ix6hIrxUl4tV3FiEWac0MsCh1pVwaGE75lTytHPagkV+TUFA5BGtsXiPC2 +v6V/FxQiFbRFttR8EjkDfByfKY2Def70YudMCeLlkv2US176+DexVjfI92ar1Ufh +ivy8VL2rn2S3rgaWix1OKxJv2Zm27cvvek+iUoqU1/UAxJujIYIJlV61bqNG59qY +S2PXS2BwGo6MTNTU8lAZ+rTxuio8BGtBjkUmTcOaE3cCggEBAKBKJMIOiL7cJYFQ +YeKu3wEQYMidS0R964/UiJF7ZWqdg8IlniSVub0x4qFD49p88sF3pS2n6o3t1KB4 +IRoIs3JTfkluanr5/HL0yPJir6BHyTk/8d/SyvW7C1Qh4EclY/pVPq8jKNd+1Pqk +SqKiRQ0xgzt0rREhPHH6fcpD89UQK2s5FmS5FZuhNvECfFvoNoDz6nwiXgnAupNK +EaN5itNUFHE8V/xcBtq5dJxerDw1kc4etj8jwybxsIMfJ7ybOzyt48AKCZ3HU8Sj +cH9kCDjnnadF5RUJrDtfIjjYsVHpEDfqBmgn4r6dCoZEAJTH7+m6Ehc2dr25QfFb +ojUCJzkCggEAY+zfXxcOHSwLv0m/UsXsuCX6UDw3oEIWkcKN1aS9SI+oJJvTRns0 +WW1xBV8Q4dyZquc/XxUOV8grCdyKdLmnd+v0A3KK1gSxUFYksTZc3gEucDGhbZLs +fsxEVDu09tmUHwKDIwUlHlCQhgdtuwso260jqAPpqGJcMcXvc/nvlsbw8Oko6SuU +ym+4KMhDRhTZ85aDBUst2PFZ3vSGFkV+N7SSMG7IwXDWTp0+6t/y/mFrHCyl62yz +uthRWiWKbcfND/BlYA1jHlrKy1Y4RIGIpZS1SoTwUseHVmxTPi9c+x7GaEcPVo7q +IruwhuVbXbgVnL9nIPY7RppTRYJntNL08QKCAQAQGO/3/jeY70UKcsRAiZA6BjWT +2BcnAK5Cgq5S7Sqj+Y5D+VSTR7ZaPSuJ8mE7QK6FTv3S5oM96HN3b2pKvclMmv1z +jgZUB+bbdkstjXNZ9r1OxRoVZ13x8QtbZbfsj6vbdMR9EAM4ljknqb2+pN1xzkUt +YSNv40SW4VBVaOxljPMYvLeydOXn/s5ZvBu/WxUIZq4JBj31edBYbOoCVJobPeEx +/MR9840GcvVrp5ZlvrEroEslEGTXgKq4V42O0v2rv1LpcOEnUB9FFVfC9oHjgr3R +AK5l1ZHru6jTTv0sj/YFCokni2l6gQOgIoVur5A7wwyeIdf3JUVRAmUPWNvJ +-----END RSA PRIVATE KEY----- diff --git a/tests/tls/certs/driver/privatekey1_with_thepassword1.pem b/tests/tls/certs/driver/privatekey1_with_thepassword1.pem new file mode 100644 index 000000000..c57b1f22b --- /dev/null +++ b/tests/tls/certs/driver/privatekey1_with_thepassword1.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,7db73f09e8812b08000064a405b3d084 + +sovzUJ9PEibxRySdO6cvVniPiF+XDUYzANDbwuxLvorijkpPA+mhhRFYWw19JInC +JZJKAsvhCr5hkysdYw/RHzNpI9aAuO0b1p4+lrGjUBgBSuSDII8bsx5wt8ZDKbN9 +SJAP57HA5tuTvYIYGmTsyrIyCPutbBEs3VSXcJwbN6cwV3zAGG5EZ9ULNhSNcSLm +sWzkdanlsDHkWxm3gA+NpZcie5AXogLuAs6kyEiIT4N3MrYyXDyV9iKoaDgL65/Z +GoxbllKCFd/jytbQmttN4+4ToqkAPfEoU+CJWJFSKV2KDNFxGwU/LlwtVn6q6WDR +i4OW1+SM+zCK9edHSaUZKBjk5dBT4ikLrJyTCTSdPeggi9zfMhCp7j7sASOkTlEL +6UmV73XEmpotNrpIqlNKHRjQWI0YoJjKxEWX9PJS05LWSSQNjMAwl9Dxdhj23ZS5 +QnHvqCk8Tc1Ycbge+F1p1Bv9rvRILDxZxjvspCLZv8ntknU5eRTdBEEgBgnx7Ge+ +Uz8ALO6WfnUEGYrhuZLLXaKb/xqxwFfCJ7N6x1fhSoygShOc2U9TXFETKdM0HY77 +unzXqgGHiKRfBHdK06UW7WUG4gmmfVZVrfroQm6Vfj6OuMGu6SsHzVZey4M3k/H8 +1QUYJG6j2aZfmFYXlSOuOkTXxfewWWubtB4LkS9Xr/qxOEmZphDlDPdKMYm0mbH+ +NqPezCXTZ8orvYfxLI6YCm/QCXrF/EH8GOEkpKKi9Dd9w4/s90on2tdV4c3FxNn/ +Rl2Uic8Lb1QupbvLi1bzdGdhc6auahBjhmWMrAQYWGHE7t2KkpXN7uyWlgqUm9WP +QOeJoGS7vtfM/TLcYf3LFpRM1vQvIHH9cEXwkxergFKpbvwpX0JJ/5r6FkS52vm6 +7A0pY7/8AXhkYEoyLBBeA0erIYmAnyfQ+85pP6IQ0KbrEPvhFZtyOxSNKXnpfm92 +kqM8A4uBEqr/aWuwEfD1M0ehTy71g48d3As42u9B16mnGhlImk4G48PbL5FwWeTG +JKGxS5LU8rXqvfufKCsNxl1P7mXI64+x7iD09Le7GAGGrkwwbeldlPECcoL8LnmG +DCra7T8XU72x+IM9jPB9P0PXaD31ZzIRfnZhnAA5nyrvfIoyoWLincBB8jGdj9km +Dkz9Ocisai0IM0C1z6XZUidrlzM0oFByawxgbg9QfD73ekpvrgaRTdmUsl77578A +1EnBlxeK2MU9PRcVY3arjUinTZBa/1feqSUvmuKUnqmeQFVvfw3ZjJBmZC5Qv4Tb +NpVB5f9AKbuMsCzPAbM+11aopLgk2ZWUbBxlM6nHXE5EJDKaUF71Uu3hO46ubGRs +lAmShRRjnn6FXldjnLEuNGlR5uBiVR6TagV8ZEE299HnKwZYQX3yUfrRh6HfHRTY +jucoMpbAXVnmtbYXxh0QED2VjWYmQ3dExs4srVn295KqQXt3tOSTW6fuJVfFy7Y+ +rqGfwng+WLQIJJmFjjOhdfIMk8gJWcsz0zdZYTfMbLjY4FVX6IvUm0VKlq5BeeFr +XdSwO2BXfT2AtvYsvepugzkeOr2yfQhOIxSHsKBvtbvpe0dbKy0+JAmbiVPoLnPF +UhuuoPQ1vdfwibtvd41TZSEdxUXCzhhb9mBIZoFiCadXOqwQun/Ouyr6qGLYXB+Q +gGU7Sbvy/OaVpg3VJEh4bDJDvj1hUdjVV9AOkPAC87GBCXDjTiyLTR9xD7Yuhk0b +UXnL/7iDSc2qiiqOd2qBLwcH0Q7aMBuG+XtQ2hrcslHz3qQpFkG3gYJr1xJP6+gg +6Uk+wLMvpfct+hVKTDGzxoNN2h63DLc7VKI8TRbtRLt9lvriiVjyYr8A6lUy4eDU +fyIogKuEacd6Fq4aJ9/Bip0Z6g3UlhNWccCNEegU6W30z3iTNhBvuXTNRrEUIu2G +4BHnKD3NE9sA7u0PJb6tAECZH/pwH4knAW3SNMLYcf0TfiExwYQ+l9CX7n/Surke +m6trqx98PCEPIjCKp+HymVXNDesWXB7GgAjpyFv63cFwsSTHlkS4ACQBooF6uLGm +HdWMQLaujhOgHyqcYbOwhS/ILcq9nf4NcsVeJiGos5LCDxkfLD2gDWcGEnI0H7wX +fJt9tG/jwEaf0WGfd/xX7WU5+TzaGSmUuyIwpFT0YqBYXC8wQlBVkdsNwbyHtY4W +OtYJh8YBfI17avKUyU5wAJylxAJwM6HBY29HqH/4HwvdimDl+YJmUQEOfHOVtwsf +0A3/nZy6jm68keqazGyO7WTAlC6fMh9yX4xw+rKDFg+5DPCWSIb2P2GW80TrmeGe +O0b6lzFs6Nx/CxUqd6GC5TXackFhai6E9B3niqwW6cSo6a16D66yIRzNGwMzKA6j +RhPZrSPUkHR68Oxanq40N+MPpAekZrb6m75+KtRlWJsjSCKZlCdywbAtBIjEVkBu +VX3HPaeYEThvejk4u0g+3hmVkCpyFtMWiB/Ic8TNhukxf3aOuvsI1g47ss1eR8TU +QGa6oyRRSgASLCjAQnGkCtU+W7V7eAPhKiaKJVmklxsUGBqU+i3gM6JT5gZZuI2+ +L/gkUFIRoeUOkMEl70+g/Kc9nWDjFfEhDywabeWhIpauRvlaphEYoBV6xm1Yn3+c +XWQRrmnab9/0dCG5lfdY8mYMGngfZ6YyhCYyp6YhI/+9A6BfFuqXsYgCTspHc/zO +GoD8nZUzQmwcL2/4UMHToQEzq4O+yy0H+Mc3FiZ8O8i1K2oKcWbIiNVM3Pi+zfWY +uIEggzfhwPF8JKYaYo7yZf7jihoa/zXqZMUjIGChLyQgx5uRH01UiUY3NioYcgox +bsqUpX8d2S2RYHX/SjMPQxEaMbmKejGP+o80uY8MrxFKMhkOvOFGx1DsPObvCEbA +r/evivwC7Goc3qFaHiI0cD6+qAGuqcc3BAi3H8MMrL+WENKfFbLZ+U9vXdfwF0hW +9i5AhCfW3CaoXieU031d7lNh5XH7SXmN6zcysxRGYfMfrl5pQZfjDB9dOmrvICyy +su0yEs4iYJDLbTx6JoW20BH/qYtYaMCZFCj0Viu778fwzFGWq7n09WsiBGBVboBU +Cqq7hA6L3WWuvjaCLnOfskr9C1HpmDZ6fTquL40bzZExnsBCn4FVQIfYvXD4jv+P +-----END RSA PRIVATE KEY----- diff --git a/tests/tls/certs/driver/privatekey2.pem b/tests/tls/certs/driver/privatekey2.pem new file mode 100644 index 000000000..d769a6665 --- /dev/null +++ b/tests/tls/certs/driver/privatekey2.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAx4ad20svK0JMLcWXR6rpITZx1xl2AxkKek5CTURMCgw2JdKN +OLdYMk3Flfvhy7S6+6wm2WTLaFM4h1CDjPEwXTxMK+H8HwcXOoklAlfIFoqGLz76 +LId37P9aPhEdnfrv19clIC2VU6yf+KG0ErUK/mVlM1qygnFO5BXHrS/MeWu8tbPf +ZSCXE14izmPV6nBCx3LfgpDpJJa1YjogfSxZ2B1vTZ26Mb5/QDQvNnRLBAP46ohM +WnTgCirnOp+4v3AuKCZp5a8zjwGMAiQpU20W3LdY7wVVkL8EgAMru9Nq2H65DTQD +OUJY70nO+o3gjeLqA2+1RoFYUaN2vDktSCiqPIvTvzW644lnaKElf+3H37wEWEBz +mICN9mAW/d5O7wDgEuECCkEE/nCotjcgog63JkZsLPLz6ED5S1pNvy3EkCchvgTB +236zrRaLAxmqkWk/wq+nqeXyv3tElPu9OGCTlU54b4r6xrjWCtGRwwxrQ+OPNYkS +dj6PDWeckSg1rpTj2zAi8yDW9GbDTySv3RY51k+fmRMoWjV7yDRQxQFF+YtyjMq3 +FNHk+ygN922vLBqiolW5J4xRmNSMb6E5BNhaAf9KpuEx72YslnOX6LZXskTHJ1Wf +YLT5nTU6Jl201ahSQoS48eouNsy7nWBC3z0+X1mNFDQP+1zez3O9HKL+zNECAwEA +AQKCAgEApbkYMGbYPNQKNhJiPrKkhGOWVpTdQmFwJHoP8+GATvApoWyqw6r1ZILY +VGUr/GiWzicE9ZgUowhMcYfcXBqQk0Bb/C7tnE/laUc0KCgFF0PjhCaI4Kd8YqsN +p3PL58XfpKUcPwfdeextyrN0v/0Drp1FW0w/7Lx0TFoSybRj344u5bULHhHdqcaM +nmSp7tljfgnZv7bhDvTmnzmsdot57Fk2c39Igby6MPenJ1GcZS9vdk3TLWbaF1ff +SwATEV7513tghdfpuSQNyFGEybhYPudCxPTnRxyBfloj3xQRMNTAm0jSTKLg/4+M +jOt+0hrhSA1mwbL5SoW9P0U2aTLtgXdD/L0+H1jds+5eklv06Cm7eIgajkvd5XFs +PqNaZf5SgeK83T8clAuw5zC7KbfnfTxNZtVvsEyKYe36ED7HAiiNvToL/ddzmLkD +Xjy9jZFKP78Mh0XuKQY+y81lBnxC7mVyR34OFBUg3/UBPsKmpod0HPvp7ojtpAer +71wBfgWsCTgz4eoc0tdac5xikKOZvITaDNrdP9OAtVdODkGxiXfq7poEOMJnUeAi +PT2oSgAE9SVGa3gZNkwAzZAPRLctbiKZ5akRbp9hbm5aFNmVQqF2v1Ao5dPmkZF8 ++xdqRsyhNKU3AmnDvkJ61E/b7SvzPA7G2/BT72y2O0LNEgemsckCggEBAPnnD9NB +D0MOfC3gvmABpI61Tbf7oBaHEW/JkihZEv9ocjKd/dNb55VngbilPRtEOxaviRli +zOz+dT8GJq6FBIgzOVVqe8e3qBw1QPBxPV8y0xTb2wy8GDrF/DhIIe7UtLIhToag +Aqj2iLokjGLEa1pxHSHToutzQA00jBhILqFEbt93YDIaxqVPqQdhx2ZtYKFhqzV2 +wQr8N3BttLCYinJiBgDfC81GTGbaVaokXLdHepuOYGxR6mPDFz+H8x9Se5SWQOnx +kbJlTNruwe2vVRqlFbvIjlJQgQWko1UTro8LgIBwJ4cz631ZU2ckWpo4sNpUc72A +xIQtxL0brlszxe8CggEBAMxk5G2W8AlMWB59r7yQCxTpXyaCuCuDtrFxwWGo81ad +zh/lw+PpgTeKcc2ouoVM4D0vLfirbPhVx5dyYcxB+iRdNTJg3W1UYKUPkNrYfkSJ +hX2i91RKy9bDiEFZ7I3JjMsHKkVVGlYmPD50lFYe70TnLoQzqwHI1A2p8z9sZ2WV +jVjznPMpagmDeXX2zXyBsRXfj7ChMPH8N70IbQyIZcUT2CeA+ugBvBXdECR0CkIS +0+3YV1Vm9MgO/QvgvA+vZShO8ffITSTiTVTcV5Lf0e0EPTFlK6mNBtDAVYkbg0zl +WDLTh3XJ62qBYY9SGFtY8UdYjnH9H4kekGnIbt6fWT8CggEAEONxqVgzPNfkwoD2 +vKw/v7k2+GET75HPNtvLediTNRmM5ijRN5B1dR5aoOzh1U7mI2FXhZSsvrNvnwO+ +Z3rr1HyJumEI3nVl8goTSmyMtjtMEpPNGO45QPeSVQdi664KTCN+GBEGPP70PIgt +yJr3mlQcoOWZlAnk4T+U3Cs8o39pcsaxhJFUrWVVyf7sp9pqdl2QYXuWDjT/ViTD +2k9kw9gmCbcJKCVBEo5czbPJZEV7XrnfgFKE4ZsUniGE56/+VAtXdbfynbjE2eLa +zkJUIQnZDyi9nYh9P7FhrGU5HcesNoHd2gBDQORhg43sZZHBOfANJlhmb3xcWF9f +iCBWlwKCAQBmUfuogO8ZOIbEfNcE5ncluM5RUQ8xeXZzziao5RMsQUN25Gb0KWju +jPf7pIP7R0jaWEwDOI4Mo6SPREuBHWZD3gVLewJeQOdAulIhvE85sD6LbpGyON9i +W/BSBtpNAKDi4mte2gOdLPbrrSC1HDdbnv/CXrs04XyGepWzImmAiSWBajMf55OV +v6OGUk78DVDBSnF8UrVV7pVYpGcy5vVLe2uyGveAPZ4Ss9/o385i1VoSr0LJFglk +PVygHZkHoR5a12p6SGOWG1PrL4MHm9RTetPHboY1EsxepGotgQBx9j3487vUU4ju +gGZ+gPKAiD4BIWvt1HF9CzfwPM6D0/GxAoIBAHrq0h+77/BeJeyTDbdrfeG9WhGP +7oTEJh/kqCqKWt/5M9ff/iCJkMJ3G5v43Ye3pX94YyGVEPAyC/FCe+6uMmgN9F5Z +38QI7xUptNGxO2pPiN07xI+Kx+AQSneEW1hZwSdApEHJ9XNja8HT64A0drlqUl7i +sMqBusVguiaUGfPWFdbsvi4he6+2zFTK39T6qiNlKdufeU3wcm30dxKlQJSDNpvA +FFwHcf6l6B+J4fQ8kbwWvUvGxlHsqd4Od/JTooqYVzLhZ93IEZgYtnP3N7Ob9s3H +XEoz00WRi6BWRRZRSALcgEjr1rSqJiRCksHEtlIeKvqqS2ZiA+s3jIGWycU= +-----END RSA PRIVATE KEY----- diff --git a/tests/tls/certs/driver/privatekey2_with_thepassword2.pem b/tests/tls/certs/driver/privatekey2_with_thepassword2.pem new file mode 100644 index 000000000..84d94ecc9 --- /dev/null +++ b/tests/tls/certs/driver/privatekey2_with_thepassword2.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,d313b0de9fa3b95217301e0b8fa4f03f + +BjiO6mPks1XZgULX8Wj6cJiRquEYoW4KslgMKD/5InU935SLawmT/J5kNvM0TDo1 +1y97+Ntnt1HpUVD2IsU9yS7Ab6q4V4uPRpApDnkAr3L1nBmCZ35Zh11jv1Evvv8V +QWbTeBOs9pks/nr74/qZcEz9L8slmdMNoC5nNL9lRFhTzZURJgjVsIgtr/f3cVD7 +TeZ49FqJZ4uDvCKElSTiN0/X6qS0tZX6GoHoYnJVvjEZNnsw549Xtmms43bezuWj +RkeRKAUqLKU20fpSyx+sQTANKTccOa8DowiOyJVX8qe9DNB1mi2HFNnG2agpDLih +JiNom0hxW09ssKAS85qG2BjhwzA7lqKjGi7rO4XLoIAvY6Inz5MEjbfW4BwAZw96 +DLqRsAkAVoND8TUM/JWbFuiAAFuzSs7CXdb5QiIU0RDM7P2bmKN70plSDql8HZah +hKPvNLQCmG26y0WGJwPLvxZNF04NpRuSAgdgMwhjfid4Y25jdsYEeRR1hQAOlWiY +A7GQ/3F8CbHHfkUXTn0JsIR9dY0IbeXWqh1PWL9MHGlgHeQGaQVXrWWokdrPlvKi +/6Kt4CWPq5c2yaUbBwACEG5ZnG3Wb6bJMmSAW4X+RSMZNGxOqEBkyANE7Ax55khc +vBvOqTEBtJAzPZp6wzmGOx0a477cGUUv11fNqe5f2BRwwv8Ts81FkqwDdrADtlWq +A8wumpbWnMc9qAb9hH2uxqgQF8sUbOT1umjGz0eca5i6Hr1Ioh0hsn6FzuorrY5S +KaXAr6LkFMAgfJO8hB7iry2khyzxJHda0uRWaTBS6jb4zFkj5n7jhGJYehhK0lim +zMFMRIjBAt0ALwuhacWymZvZGfwwYfNKarm6oLfO2I6BZOqgh4tx2mdhm6MsX/AL +KvK3F/52rbqpWjSbmAG+ud24tHVCaCCLaq/QbmItK2TvUn+zwLfmswQ7VgNxrpRo +vV+Im0ispTWE3+aUP2TP7J3LWYWC+2HaS014XbxNms7rciprDUjZw62b5f46V0AX +5Nw5/RkJNSJ/eg5Ytbt5O/W/YNQTAuqCbuj7S6XzpweaL1BxXoXyhYwfpVptKOyC ++4Vdfgu/e9I08RtF0XNKEypz+mPV4+0f9zcJKm7OYlhogQsl6jSTRSeEY7JoAC1L +tZ2FYZ8DgaoTHbVPNbHb5aHohMvGJ3rXfCIVnNoDOwh5in8dccr/rc6fMAunLEmb +kMAumRbj+RhdB9CIn0Jqd+GGxuiUgtxMcTPZ/wz6UH9OBACgu6FMofjDRd6mby5N +Jpwp/4ivfm4uXkf8hq3KkVhZJUas1FF6R72KvKbRPkZjG9Oy87QNnvjJoMcWRe19 +aw+x2axLQC90gQKPKisHov0mYOCzR7TR7o1475qg3Cfen6omRF0kJIeH3KPGEC6P +dNKz1HrBsfhkb0s1U/2BTstX7Go+d5tBfl1Kkkm0IeBtIK9suliEGWjI1AmUsozv +wJC3X2kg4whCWjXcKaJ9Q4LwUQor9RGloGMxQXlKo9eY6v0wH76dZgvEyk/XYqYa +O5g4yelSmlISsPrJEgXMeZv6fTrFNeuJlX6fQbEzom9ygNrKE0qmjV62pFNkzrjV +rcBdtyBe/+PZHQsErXyepCz0C0bxac88nMHC2lHsITmpE9hHz9MsYDFi4SS9LOYO +e604ML2Rso4itlmukIUd3g8vXthvvDLKy9cgRHKKgC575hUxzN1w6mDV04+Q2gBU +Oj0eePeBVfrurLyQyztJ1C4fPiaffvStftWacKm4FHOSyYJrGTDkLjo3vV3y/qcn +VKtF30wDj5htBcwboxK9OL+tMT8smRewvs+OGfzFoX6F1ouPkRyyMe4tPmeZy5oz +O5xU+LgajmwRNxyqxBQa2qNyLvkUjFdjfPVav3H9xL0rI/X/A1GaixVbVKjb8gen +DcN+Puvy0ebKFwKgkPGmk98nUfd+oWGunwCDdhWBvEb4M2gJppl97yksmGnDcFvF +c9VsYMD4FLo7s2wJD4lawEulNW808OQnl89hz3Oj1n5+LNDVIZJ+VWLR018gik42 +KR0AxnBY6UJ9RkT9VuFxCqUnLjHEWkdbDoDv85bHbmoUJS/XW/LP+9TeVwVkRAVf +Xg9j7e8Zjv0bU4UBb90CAyhadBXF+3p2kscQxF/Cb1210S1R7hca5b3Zs0xvAncz +69mpe+6KNCwMr0Qqe087+YFo/FTAtjK2c5bx9EqSqbPhVeEqrBs5V7u83cFEDxai +//ryU6mTrl96psESRpMUraSoWf6Gtcp5mkXmCfZPl9FYBtT4EKmwaqIk6xAN99xV +NzVSxdtMVjUZv8yoPJ3e1HqpQ31EWvMaxQsVK5nsZDikWusfOPgZPtppzgYgiEK+ +AgkBEry8vhKcYPlLgZNVauFwjqO7eCfs2Z/qbp3SCqchDqmBAQHhRfOJwbwqmW8g +GYggCX8CrGeufeYpu77EXkRxvW5pvJDqWt1clFvzq9EdDNKEUI6/zW1iORSyH+kR +B6nf7ENLOg/Eh2zNa2nfBPUEqbYsDY7aDkx3Wat6UvnrEKJmMPJIRKAgozFnVmEd +nFNwQpcnVLWuOXkZNysI+WdVCAOxqrOCFiYEWAetcBMpW6oxthCykSdxwNhvxFG5 +LMaE0VXBy/3ogyzTl9JJUNag3vFoJ3g9XYaIsDP/a2jr6FwG32HmmBolJfX9PwMZ +kjGcIQd81VASeylG6BD0R7zhQNxSoG/kxC8swSDBJzE1vwhltqYKaJWxiDcTL8rH +5JXmh8f4cKdWI3jwp2jKG1/5NCFup1RL4QO6WzLQQf6NZavzPONLO27SqalQq92j +L4gUjOAr55DF5sFTelfwav20xEzDCuhg1vwiz0N4yLI/iZRAH4XJzm0BNpu/fvqU +U9L1vwv2TpMerKluNUD9wDDa0psXeI5qT6Ea0ypjdDtmbObIx8Sf5FDSjoT0oaeT +WKdrbMpVqmFgauug4Y5KzmDBJRGQdQMpPA0E4DON0ELCOKykCweQufBeOWRk6IOc +V/LVQoRsS2JpE3YjZQy54bm6y21UvVl1gllr0O2keYCG0Fw8WWD0JPST0E4iOrVL +k1g7yvzMeeZ9PZdxup4jBmCAjbq3qSYrmmDtoSemGxGh4lSYnlieQQRe1umxQ8vK +-----END RSA PRIVATE KEY----- diff --git a/tests/tls/certs/driver/trusted/trustedRoot.crt b/tests/tls/certs/driver/trusted/trustedRoot.crt index 42a69e994..7c21a26ac 100644 --- a/tests/tls/certs/driver/trusted/trustedRoot.crt +++ b/tests/tls/certs/driver/trusted/trustedRoot.crt @@ -1,10 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBYjCCAQigAwIBAgIQa3X6W6m8ncU/z6IapvH47jAKBggqhkjOPQQDAjAWMRQw -EgYDVQQDEwt0cnVzdGVkUm9vdDAeFw0yMDA4MjYwNDMxNTlaFw00MDA4MjEwNTMx -NTlaMBYxFDASBgNVBAMTC3RydXN0ZWRSb290MFkwEwYHKoZIzj0CAQYIKoZIzj0D -AQcDQgAEhoOTHBV0ZcpKAF+i8DpishgandrMMOnOb9xWi7bvwZ6ISUMcOHyi+NHU -FDl4/TC1pY9VV8C8aAVDbR68KD3iF6M4MDYwDgYDVR0PAQH/BAQDAgIEMBMGA1Ud -JQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAw -RQIgbMCAMhPgjnM928h0cVnvwhTdCWp5KK5gfh048tjdrhICIQD1FLjrJ4I3m3HJ -1idY5YFj9TwoDxKAtpugoDcyxaOgIQ== +MIIBgjCCASigAwIBAgIRAJ1txAh5eyscs+sifl0dc94wCgYIKoZIzj0EAwIwFjEU +MBIGA1UEAxMLdHJ1c3RlZFJvb3QwHhcNMjQwMzA0MjM0OTIyWhcNNDQwMjI5MDA0 +OTIyWjAWMRQwEgYDVQQDEwt0cnVzdGVkUm9vdDBZMBMGByqGSM49AgEGCCqGSM49 +AwEHA0IABA92oOT50cF4ZMjI1VtgIpP5DDg8bDfP+Eukz/60n4pUxfMZMlFQ98MI +yRAn6qQH6iUVtJ7U18mgUruRJZp2k8mjVzBVMA4GA1UdDwEB/wQEAwICBDATBgNV +HSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQtAvKO +cFuDjRQQdxOgChZAR3CDxDAKBggqhkjOPQQDAgNIADBFAiBXYnEl9eGhDR2QR/Mx +BY0q+KwdBaSt3Qi4O7UQB6A3IAIhAKMLzarbmeKp+68QFeocF+TCl/bnbDvB+eoC +vq+AtMSr -----END CERTIFICATE----- diff --git a/tests/tls/certs/server/bolt/trusted/client1.pem b/tests/tls/certs/server/bolt/trusted/client1.pem new file mode 100644 index 000000000..3e3e60cf5 --- /dev/null +++ b/tests/tls/certs/server/bolt/trusted/client1.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBDCCAuygAwIBAgIRAI2TewtlIMVyyzHcv1TQ9zAwDQYJKoZIhvcNAQELBQAw +ETEPMA0GA1UEAxMGY2xpZW50MB4XDTI0MDMwNDIzNDkyMloXDTQ0MDIyOTAwNDky +MlowETEPMA0GA1UEAxMGY2xpZW50MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAylkawVY3Uzvl/RvznZjRmjDwCwt33wvXbT6FHhzTSUXBdl4XExAjY5Ej +dcTyEcbLqnKInkmo5wYZkpmtq4BImN6D9P1uWkvVwrXXUl+0BgsiIXjml6Dfkvwh +Kxt1JSdrFAiID5ESiryarc8d1qE2l5ilxmBPlYPUFcdYJthRx88A91pm5lvX8x9D +yFxGHO7id3fiQ6bdDpAHCbWYQkjAeVvPnY5PRmhEQ+9KyHjTWQ0WKAAuoGbxc7Ot +s+nanGuiOC5eu0tPO3A1nMD2LgTPley6+fgwdP0VSfdPfJIgWT+q0/IUqSGJvLDb +/yDMLr67VYL/i9fg1WU787bmNlslWeLyNUPSW4AQOhNefdeJikVrmttlRIZEScSG +cIfmJ20C5uVu+BvuxOPKb+0NAY03rmKqQmEveUsHg9DIXJYRCwK57GrrIvIXby/H +FKHNADNX/i+CWX2UXGbop6J/QjEOakRFCOc2VBJ89q7lT1bDS6CHC/3MsFC8M1DN +0wkBMpxJ2bpF0U8Nv3C1sezw05kfaPWN1fGZKCKKAa4EGuc1HEExA3VAKJhn0NGd +emiLf7Ak4EvIuZwtkNMxPdAloO1udBWtOK+H+8Wv/vBpj6Ui5AYfaI0gQL5vqRz4 +K9t3EqtVsgBwXdNN31DZWAaXlB9yokUrz4Ci7rpvekiO9bhAfC0CAwEAAaNXMFUw +DgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLSi1HOLeE+IMvJhQn4qfTR/PPwJMA0GCSqGSIb3DQEB +CwUAA4ICAQBIM2pqtwmQ+uUwHMmGkNUM6y9CTlOKMRwuDGiFr/25cVUJh0Q5pcSM +5VKc4vycj24FjqXN5+Zk86Ftj+5ip4NN+mjPMYQz4rGXaKJCWTz0I9dqT9g7gBVy +ZKNrpoJLyly39h5ktAqARoMC5Zm1pK1k+pyBBoJ+VOTEKL9FhqRQdAJguSM/A3kJ +rZCUOkR7Z6TPGJjgr7L78bta+nHagCi1giwHYkSgwWkwNQhJEQPatj6w7w8sWGSi +vinbfJVgWlZBp3lI88hh2rbnAc8IHGBwr0J5VAjK+7/ojcplyczAWayMy90w5DRO +9Qr2EuJuMP5ywTMMXqGtUK8aJZdrxZCW1X9WAJScHhm6y6Z7ZrQ7brYNDq3QFmd0 +V5U6hx19qwJ2ODWWyFqzDb9Y83VEDJPpZJMFCJ2rdOlW0wO2hwFTV0ShMcOT5l38 +WQzkfkdmKPjKZqXM+69IjzWnFBh9Nv4dXIYkQvSqhBqyNehpd6ZGJ73j83oKP8va +W31jsHiRhXVJpAUJ21xJfKKiLTDOXzQJzhm1+389gsz7VkaBZxYnxCPnSNshCr1/ +oE8XjZ8oV1v6ntCJV6UQV3Ea4stBFvflHyRW9XQTn2eRvdTJmtWMkQl6qPgYU5Du +fzSonuLmPdYu/WjcrrmjhXUU2meMdET0o31KkJ8Pcbbscz31UZFBjw== +-----END CERTIFICATE----- diff --git a/tests/tls/certs/server/bolt/trusted/client2.pem b/tests/tls/certs/server/bolt/trusted/client2.pem new file mode 100644 index 000000000..d5c4db1b2 --- /dev/null +++ b/tests/tls/certs/server/bolt/trusted/client2.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFAzCCAuugAwIBAgIQCGhGdAoa7K1pDEAtTiXO4DANBgkqhkiG9w0BAQsFADAR +MQ8wDQYDVQQDEwZjbGllbnQwHhcNMjQwMzA0MjM0OTIyWhcNNDQwMjI5MDA0OTIy +WjARMQ8wDQYDVQQDEwZjbGllbnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQDHhp3bSy8rQkwtxZdHqukhNnHXGXYDGQp6TkJNREwKDDYl0o04t1gyTcWV +++HLtLr7rCbZZMtoUziHUIOM8TBdPEwr4fwfBxc6iSUCV8gWioYvPvosh3fs/1o+ +ER2d+u/X1yUgLZVTrJ/4obQStQr+ZWUzWrKCcU7kFcetL8x5a7y1s99lIJcTXiLO +Y9XqcELHct+CkOkklrViOiB9LFnYHW9Nnboxvn9ANC82dEsEA/jqiExadOAKKuc6 +n7i/cC4oJmnlrzOPAYwCJClTbRbct1jvBVWQvwSAAyu702rYfrkNNAM5QljvSc76 +jeCN4uoDb7VGgVhRo3a8OS1IKKo8i9O/NbrjiWdooSV/7cffvARYQHOYgI32YBb9 +3k7vAOAS4QIKQQT+cKi2NyCiDrcmRmws8vPoQPlLWk2/LcSQJyG+BMHbfrOtFosD +GaqRaT/Cr6ep5fK/e0SU+704YJOVTnhvivrGuNYK0ZHDDGtD4481iRJ2Po8NZ5yR +KDWulOPbMCLzINb0ZsNPJK/dFjnWT5+ZEyhaNXvINFDFAUX5i3KMyrcU0eT7KA33 +ba8sGqKiVbknjFGY1IxvoTkE2FoB/0qm4THvZiyWc5fotleyRMcnVZ9gtPmdNTom +XbTVqFJChLjx6i42zLudYELfPT5fWY0UNA/7XN7Pc70cov7M0QIDAQABo1cwVTAO +BgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUM5kbiHv1KFXtLCGFtYFPEh8DFRQwDQYJKoZIhvcNAQEL +BQADggIBAH30LlY/QlcgIs/YtbPeLWvE9FNnOszIcboeVhm4bXT+BtdO4mNqJp7d +30kN2SsLQtdZnhXHMHNHW0li/GasGajFeQG8mltSQi1njqTL+JItkMRWN7G2Blny +QRyNiGOHK8fp4KjrfIlKPBs7NaJBeVNnaUXa+AkcgdoC0O0T51ybxMTPma0U4kpQ +n1upXUqPwDA1l8sKmsHc2HnMefsXxYAIQaTyOAYvgKNQIpyMGfKshkR27ww2taVi +zT6N+N23cD0LFKra5cH7XR4czHxRGggSxKJcsNPX7uhq0IT7DgZx/Gvzd33wc2hD +AUiJErceDo5iTKLoDwd357vcngL2oZ1otu1rXPBU9fUkmKfwF9T8UzTQiTgeYhXN +Uxq9ZE3lg1x/u0TSnd6nJjU5K9wXjsXrNyZVxDDTSRjdGpbLkLEPcWjqO4Zx4vqB +gfB2kvi0GPpUhzSBgjOEVlc7pEAd/UnpS1Sct45/LEYKFH9YgclZhrj+W2sLYHAg +UJUF+QbGNELR4gT+FGaD55dWOiXwpZGYnabP4ax3J1fLgcOQuTJgT5F7scQ8gkAq +bFg9hflaLQfG1jBK4D8K0boyEHpiDnC66XFvbbj+6l/bba8EcwxSKFVYMpAJJU4m +5BgjWZknIjE+a5cCQ9Hyp1iSI0Ckmx5YM4+g+1I1O1tjMAuqkknu +-----END CERTIFICATE----- diff --git a/tests/tls/certs/server/customRoot2_thehost.key b/tests/tls/certs/server/customRoot2_thehost.key index 5666873f0..4fc48109d 100644 --- a/tests/tls/certs/server/customRoot2_thehost.key +++ b/tests/tls/certs/server/customRoot2_thehost.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEICzYDTUBiNlCIngyqiTQ86fkG5KAvPPIAXbUW7kcMD9YoAoGCCqGSM49 -AwEHoUQDQgAESiRDcNXhPOKcT0HSLhNcVQsICPHYMgJcpz/nzhYWVAs5SGFyQM5i -vitjDQob2TkY5N8SUPVg3BzfNu08ny5mtw== +MHcCAQEEIJ0YvrZmyjxCRAMdYRyds29vgGSd6py/qCjyQ04fMHpXoAoGCCqGSM49 +AwEHoUQDQgAE4jM2JNSS4qSzZnSQbjIQn/mj52PXbCHZz9333r7FzW7Onc+kFrf1 +Njbx8eBKuIoo+QEgXaqGDv1/cjh/e/oQsA== -----END EC PRIVATE KEY----- diff --git a/tests/tls/certs/server/customRoot2_thehost.pem b/tests/tls/certs/server/customRoot2_thehost.pem index e8bb9183a..529f1dfe6 100644 --- a/tests/tls/certs/server/customRoot2_thehost.pem +++ b/tests/tls/certs/server/customRoot2_thehost.pem @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBezCCASGgAwIBAgIQauOWHc5x54LVpRIRRzAPKTAKBggqhkjOPQQDAjAWMRQw -EgYDVQQDEwtjdXN0b21Sb290MjAeFw0yMTA5MjcxMTQ2NTBaFw00MTA5MjIxMjQ2 -NTBaMB4xHDAaBgNVBAMME2N1c3RvbVJvb3QyX3RoZWhvc3QwWTATBgcqhkjOPQIB -BggqhkjOPQMBBwNCAARKJENw1eE84pxPQdIuE1xVCwgI8dgyAlynP+fOFhZUCzlI -YXJAzmK+K2MNChvZORjk3xJQ9WDcHN827TyfLma3o0kwRzAOBgNVHQ8BAf8EBAMC +MIIBfDCCASGgAwIBAgIQaDND2RaRpB817cuKdkelATAKBggqhkjOPQQDAjAWMRQw +EgYDVQQDEwtjdXN0b21Sb290MjAeFw0yNDAzMDQyMzQ5MjJaFw00NDAyMjkwMDQ5 +MjJaMB4xHDAaBgNVBAMME2N1c3RvbVJvb3QyX3RoZWhvc3QwWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAATiMzYk1JLipLNmdJBuMhCf+aPnY9dsIdnP3ffevsXNbs6d +z6QWt/U2NvHx4Eq4iij5ASBdqoYO/X9yOH97+hCwo0kwRzAOBgNVHQ8BAf8EBAMC BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADASBgNVHREECzAJ -ggd0aGVob3N0MAoGCCqGSM49BAMCA0gAMEUCIQDOh74w1gEy/CrjGmxfMPkrFIWz -I+bG9Ck28akdACUC0QIgRnidQd3BRR10bIaws7/QFB/s0070Ok+OJhYrvhZN55Q= +ggd0aGVob3N0MAoGCCqGSM49BAMCA0kAMEYCIQCP8tpstYjFMlWet4prM9ullPYW +UrCSeUQhWTczj3B1ggIhAOpKf4KQcZE5st6j4W3gG6rEk/J43OO04cvEfnVwOgSD -----END CERTIFICATE----- diff --git a/tests/tls/certs/server/customRoot_thehost.key b/tests/tls/certs/server/customRoot_thehost.key index 73f07383e..9b973c542 100644 --- a/tests/tls/certs/server/customRoot_thehost.key +++ b/tests/tls/certs/server/customRoot_thehost.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIMF+VyuuzaUjcum67tkMJnpcQWR8B/wnkNW1tkKSYUCroAoGCCqGSM49 -AwEHoUQDQgAEPbA6GMdGy7sIXMoAKbaNEdJZa0yGrOtS04UOuodCfIKPh099YT9t -D+kJ0sJtgiWvz75CJXvBE1ZVXG5DX8XssQ== +MHcCAQEEIKeFQxzQXPv0JkLM+Ggjrxy8tdyr4ko3AZjGzB0tueQXoAoGCCqGSM49 +AwEHoUQDQgAEPQkm3WYHHYNM8fUYAKyHqtCJlO6cgWcLl8IfsSAYSA8avLPRShsM +JwEUR34WHey4rf/X3Wz2HyB5bRLz/8d7FQ== -----END EC PRIVATE KEY----- diff --git a/tests/tls/certs/server/customRoot_thehost.pem b/tests/tls/certs/server/customRoot_thehost.pem index 74306494f..58a0242fb 100644 --- a/tests/tls/certs/server/customRoot_thehost.pem +++ b/tests/tls/certs/server/customRoot_thehost.pem @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBezCCASCgAwIBAgIRAPW09/lYACnO/SApHmOa+GEwCgYIKoZIzj0EAwIwFTET -MBEGA1UEAxMKY3VzdG9tUm9vdDAeFw0yMTA5MjcxMTQ2NTBaFw00MTA5MjIxMjQ2 -NTBaMB0xGzAZBgNVBAMMEmN1c3RvbVJvb3RfdGhlaG9zdDBZMBMGByqGSM49AgEG -CCqGSM49AwEHA0IABD2wOhjHRsu7CFzKACm2jRHSWWtMhqzrUtOFDrqHQnyCj4dP -fWE/bQ/pCdLCbYIlr8++QiV7wRNWVVxuQ1/F7LGjSTBHMA4GA1UdDwEB/wQEAwIF -oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBIGA1UdEQQLMAmC -B3RoZWhvc3QwCgYIKoZIzj0EAwIDSQAwRgIhAJqA5gax2RvjhcwXkMBvoBSwTTfl -huKrHFgTkf60swI7AiEA5fYtkckwZFk+6D/fUBIjc0UZgHF0KLKM0zcFWtuYyr8= +MIIBeTCCAR+gAwIBAgIQHtumbSmi59Mc8l6iTWvv8jAKBggqhkjOPQQDAjAVMRMw +EQYDVQQDEwpjdXN0b21Sb290MB4XDTI0MDMwNDIzNDkyMloXDTQ0MDIyOTAwNDky +MlowHTEbMBkGA1UEAwwSY3VzdG9tUm9vdF90aGVob3N0MFkwEwYHKoZIzj0CAQYI +KoZIzj0DAQcDQgAEPQkm3WYHHYNM8fUYAKyHqtCJlO6cgWcLl8IfsSAYSA8avLPR +ShsMJwEUR34WHey4rf/X3Wz2HyB5bRLz/8d7FaNJMEcwDgYDVR0PAQH/BAQDAgWg +MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwEgYDVR0RBAswCYIH +dGhlaG9zdDAKBggqhkjOPQQDAgNIADBFAiB3l5sCR5mURmDjYxBu9UDtJApxExt+ +r0ermB1vuhRmHQIhANwZ0ogYHL2HV0ABtSZ/HvY/TtyUVGhTmvmMHAsR7qBX -----END CERTIFICATE----- diff --git a/tests/tls/certs/server/customRoot_thehost_expired.key b/tests/tls/certs/server/customRoot_thehost_expired.key index fc6664c37..02a7987de 100644 --- a/tests/tls/certs/server/customRoot_thehost_expired.key +++ b/tests/tls/certs/server/customRoot_thehost_expired.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIDm3744x0TZfnfTNQaxaN98clgGPS9iy7Blj6XGWTEDAoAoGCCqGSM49 -AwEHoUQDQgAEsYrhTVlHdnS6l8OtfK46y/hXW/3M6QX1DjPx/4epOXbAXk9XkmcI -phz6MV9p8YteCbDgKtAy4QuHv/dyHsLKVw== +MHcCAQEEIPjcFpMSFZMiEcDEa/k+kmJI8QeUvnPrM79DFMYJxrg8oAoGCCqGSM49 +AwEHoUQDQgAEx0XZRCnStHoYC2jeC/DGc+dKU5rPe7bJlF6MM/BTzcsQaqZVwdyV +qG1m+MTx/8G3jjztQm0nYzAWt9ZENhLdww== -----END EC PRIVATE KEY----- diff --git a/tests/tls/certs/server/customRoot_thehost_expired.pem b/tests/tls/certs/server/customRoot_thehost_expired.pem index 4b0a259b8..591c5caeb 100644 --- a/tests/tls/certs/server/customRoot_thehost_expired.pem +++ b/tests/tls/certs/server/customRoot_thehost_expired.pem @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBeDCCAR+gAwIBAgIQfYQ2BYaQwMOUjvubE4a8ZTAKBggqhkjOPQQDAjAVMRMw -EQYDVQQDEwpjdXN0b21Sb290MB4XDTAxMTAwMjEyNDY1MFoXDTIxMDkyNzExNDY1 -MFowHTEbMBkGA1UEAwwSY3VzdG9tUm9vdF90aGVob3N0MFkwEwYHKoZIzj0CAQYI -KoZIzj0DAQcDQgAEsYrhTVlHdnS6l8OtfK46y/hXW/3M6QX1DjPx/4epOXbAXk9X -kmcIphz6MV9p8YteCbDgKtAy4QuHv/dyHsLKV6NJMEcwDgYDVR0PAQH/BAQDAgWg -MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwEgYDVR0RBAswCYIH -dGhlaG9zdDAKBggqhkjOPQQDAgNHADBEAiAEcKjBFoE1iYrdmoJ7WDndMEXyvmK+ -wBGbvdlapzEUlAIgGm0uf3OPPdg3O9bP95T1DSjwqy5208+IjRwO2MJwabc= +MIIBejCCASCgAwIBAgIRAJkUs6vEtBfp2Gp/nRFPub8wCgYIKoZIzj0EAwIwFTET +MBEGA1UEAxMKY3VzdG9tUm9vdDAeFw0wNDAzMTAwMDQ5MjJaFw0yNDAzMDQyMzQ5 +MjJaMB0xGzAZBgNVBAMMEmN1c3RvbVJvb3RfdGhlaG9zdDBZMBMGByqGSM49AgEG +CCqGSM49AwEHA0IABMdF2UQp0rR6GAto3gvwxnPnSlOaz3u2yZRejDPwU83LEGqm +VcHclahtZvjE8f/Bt4487UJtJ2MwFrfWRDYS3cOjSTBHMA4GA1UdDwEB/wQEAwIF +oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBIGA1UdEQQLMAmC +B3RoZWhvc3QwCgYIKoZIzj0EAwIDSAAwRQIgIoH3W84E+ibvfuiEuSkFwV4Yz1Vd +q8RRfHo2xjH7xxgCIQDZhKVkBI5i9oKsSj9OYlEFDM19OwuD1hgnf3NKms78Tw== -----END CERTIFICATE----- diff --git a/tests/tls/certs/server/trustedRoot_thehost.key b/tests/tls/certs/server/trustedRoot_thehost.key index 481957f94..c6f1bb8a9 100644 --- a/tests/tls/certs/server/trustedRoot_thehost.key +++ b/tests/tls/certs/server/trustedRoot_thehost.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIJEGCseLAIb5bjQ1OGxO+tOCt2g1G4+a/vh2g8ReC/PVoAoGCCqGSM49 -AwEHoUQDQgAE2t9uNO4Yk30wUQTVMA2pqwvP8whnOL/L+0cDnG0y7dJotOfQnWpy -0KbTEFdGXr7cm5v5ZgG/Nl7DMO7lhrT9qA== +MHcCAQEEIEodc4qmubFEZsPn7zQo3zgrDGf4A7Xy+k3iFNso5YnGoAoGCCqGSM49 +AwEHoUQDQgAEzx/LH+yRW0V4+d5MiZacABJYLsQlxEp0ib7qft0sl1BYeddomuOb +lD6MSMK272kkRqE1IGAMOzKAaMzdXFBV7g== -----END EC PRIVATE KEY----- diff --git a/tests/tls/certs/server/trustedRoot_thehost.pem b/tests/tls/certs/server/trustedRoot_thehost.pem index 53451dbcb..001920130 100644 --- a/tests/tls/certs/server/trustedRoot_thehost.pem +++ b/tests/tls/certs/server/trustedRoot_thehost.pem @@ -1,10 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBfDCCASKgAwIBAgIRANhVWES8l75wxzCi68n9AtwwCgYIKoZIzj0EAwIwFjEU -MBIGA1UEAxMLdHJ1c3RlZFJvb3QwHhcNMjAwODI2MDQzMTU5WhcNNDAwODIxMDUz -MTU5WjAeMRwwGgYDVQQDDBN0cnVzdGVkUm9vdF90aGVob3N0MFkwEwYHKoZIzj0C -AQYIKoZIzj0DAQcDQgAE2t9uNO4Yk30wUQTVMA2pqwvP8whnOL/L+0cDnG0y7dJo -tOfQnWpy0KbTEFdGXr7cm5v5ZgG/Nl7DMO7lhrT9qKNJMEcwDgYDVR0PAQH/BAQD +MIIBfTCCASKgAwIBAgIRAN9oSl2LJiANAB/c1tNORGIwCgYIKoZIzj0EAwIwFjEU +MBIGA1UEAxMLdHJ1c3RlZFJvb3QwHhcNMjQwMzA0MjM0OTIyWhcNNDQwMjI5MDA0 +OTIyWjAeMRwwGgYDVQQDDBN0cnVzdGVkUm9vdF90aGVob3N0MFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEzx/LH+yRW0V4+d5MiZacABJYLsQlxEp0ib7qft0sl1BY +eddomuOblD6MSMK272kkRqE1IGAMOzKAaMzdXFBV7qNJMEcwDgYDVR0PAQH/BAQD AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwEgYDVR0RBAsw -CYIHdGhlaG9zdDAKBggqhkjOPQQDAgNIADBFAiAA3IBesXu3tHjVHee8M6zruVjy -w9hDHn4Xg1BgvcDQ8AIhAOPiwZOBOHWYSsH7m0Fii5Cpilig9rosjHyLmk5mK+CC +CYIHdGhlaG9zdDAKBggqhkjOPQQDAgNJADBGAiEA1Dqp1BS6Kkq7uAjUcRwC0yxb +GwgUtTkqZZV8GAy5gPgCIQCP7+XKUWOilFiQw6fs4gejqsrI1L7LDd7eW0s/VQin +fQ== -----END CERTIFICATE----- diff --git a/tests/tls/certs/server/trustedRoot_thehost_expired.key b/tests/tls/certs/server/trustedRoot_thehost_expired.key index 921829451..cf6ee1dad 100644 --- a/tests/tls/certs/server/trustedRoot_thehost_expired.key +++ b/tests/tls/certs/server/trustedRoot_thehost_expired.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIB70AZ0Yb82D6pD55QERQWaUbV8RWoDG5LNfsjLLXOxPoAoGCCqGSM49 -AwEHoUQDQgAE1MHiktyKkUk5kJSOI9UgK2/tADF33S4+7e8SimxGjAMeE75Ff++v -Xo9BRI43slLWTOuUDzxjPS6WPmHOZGn1XA== +MHcCAQEEIMA2QKrVZWaa3EEsr8k/TFnvGVDJV4X9M5s8wNFY34OyoAoGCCqGSM49 +AwEHoUQDQgAEvAzChdoOgPB/A7fezyyb5Nc+zmnz+Vd23ZTJRSpq0h6Bt4R6zEQu +TXxYhsxQL+tV3MNfU6zMW3RzY7qGfRcLqQ== -----END EC PRIVATE KEY----- diff --git a/tests/tls/certs/server/trustedRoot_thehost_expired.pem b/tests/tls/certs/server/trustedRoot_thehost_expired.pem index b6be7eeb4..4cc743693 100644 --- a/tests/tls/certs/server/trustedRoot_thehost_expired.pem +++ b/tests/tls/certs/server/trustedRoot_thehost_expired.pem @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBfDCCASKgAwIBAgIRAKMTjX+c53voo3T1QyaHrA8wCgYIKoZIzj0EAwIwFjEU -MBIGA1UEAxMLdHJ1c3RlZFJvb3QwHhcNMDAwODMxMDUzMTU5WhcNMjAwODI2MDQz -MTU5WjAeMRwwGgYDVQQDDBN0cnVzdGVkUm9vdF90aGVob3N0MFkwEwYHKoZIzj0C -AQYIKoZIzj0DAQcDQgAE1MHiktyKkUk5kJSOI9UgK2/tADF33S4+7e8SimxGjAMe -E75Ff++vXo9BRI43slLWTOuUDzxjPS6WPmHOZGn1XKNJMEcwDgYDVR0PAQH/BAQD -AgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwEgYDVR0RBAsw -CYIHdGhlaG9zdDAKBggqhkjOPQQDAgNIADBFAiEAxtkhzPGzO0dBvev10MXpCKa3 -dRwovlk/j+0Tlb9XGHECIFzSR5Z1i8dLfq+I/JNGffGddjRwZdMgRh0q5YuU64T9 +MIIBejCCASGgAwIBAgIQd9fQQIwWxeE7jujYAbGJqDAKBggqhkjOPQQDAjAWMRQw +EgYDVQQDEwt0cnVzdGVkUm9vdDAeFw0wNDAzMTAwMDQ5MjJaFw0yNDAzMDQyMzQ5 +MjJaMB4xHDAaBgNVBAMME3RydXN0ZWRSb290X3RoZWhvc3QwWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAAS8DMKF2g6A8H8Dt97PLJvk1z7OafP5V3bdlMlFKmrSHoG3 +hHrMRC5NfFiGzFAv61Xcw19TrMxbdHNjuoZ9Fwupo0kwRzAOBgNVHQ8BAf8EBAMC +BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADASBgNVHREECzAJ +ggd0aGVob3N0MAoGCCqGSM49BAMCA0cAMEQCIBdz7r1Lb/cRxnQ/3ZnNqVEvoS3x +6gA98U4uFACLSHHiAiAH0tEEZM3ClBS3OmUnxm9PxR3Cqq2LsyV6FM0qa80c/Q== -----END CERTIFICATE----- diff --git a/tests/tls/certs/server/untrustedRoot_thehost.key b/tests/tls/certs/server/untrustedRoot_thehost.key index 6430400ff..0857eb406 100644 --- a/tests/tls/certs/server/untrustedRoot_thehost.key +++ b/tests/tls/certs/server/untrustedRoot_thehost.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIMsLIQaTT8AqLaWkNdokL3d8/Z1WYqk3InAGw7yMbXI7oAoGCCqGSM49 -AwEHoUQDQgAEVmBskdRvu8z+05dwZE4XbyWhs/Dp0dQqmknBnfj1qskQM2hcraWj -7wS3NdyWmVwflpQxF5T6Szw8vJ4fTjZtjA== +MHcCAQEEIBbyHNN9WiJDNd97jV05CMe2XA9U5o2j9LYuosUJXz6soAoGCCqGSM49 +AwEHoUQDQgAEMNTIbFDXTBScCnzEPpHMOajeM9R+r0XccGLSzVge7ZycxeprZ/im +YlMfwj5L0mnsD3bLe6mTNrvsmnAwLYeSow== -----END EC PRIVATE KEY----- diff --git a/tests/tls/certs/server/untrustedRoot_thehost.pem b/tests/tls/certs/server/untrustedRoot_thehost.pem index ce33a8da6..3a6695a2f 100644 --- a/tests/tls/certs/server/untrustedRoot_thehost.pem +++ b/tests/tls/certs/server/untrustedRoot_thehost.pem @@ -1,11 +1,11 @@ -----BEGIN CERTIFICATE----- -MIIBfzCCASWgAwIBAgIQXRCyPbYSG28CzAQRenmZvzAKBggqhkjOPQQDAjAYMRYw -FAYDVQQDEw11bnRydXN0ZWRSb290MB4XDTIwMDgyNjA0MzE1OVoXDTQwMDgyMTA1 -MzE1OVowIDEeMBwGA1UEAwwVdW50cnVzdGVkUm9vdF90aGVob3N0MFkwEwYHKoZI -zj0CAQYIKoZIzj0DAQcDQgAEVmBskdRvu8z+05dwZE4XbyWhs/Dp0dQqmknBnfj1 -qskQM2hcraWj7wS3NdyWmVwflpQxF5T6Szw8vJ4fTjZtjKNJMEcwDgYDVR0PAQH/ -BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwEgYDVR0R -BAswCYIHdGhlaG9zdDAKBggqhkjOPQQDAgNIADBFAiEA0f9pHHDwBrAfhoJbUVfG -PHiQRRW1MFfMZKTxKFrovfkCIBGKkpbctyZ8pslrodMPsm6s/aF089sR/Vf01NZ4 -dPlz +MIIBgDCCASagAwIBAgIRAPJ6cQQREN2mIoFTSCQuyMAwCgYIKoZIzj0EAwIwGDEW +MBQGA1UEAxMNdW50cnVzdGVkUm9vdDAeFw0yNDAzMDQyMzQ5MjJaFw00NDAyMjkw +MDQ5MjJaMCAxHjAcBgNVBAMMFXVudHJ1c3RlZFJvb3RfdGhlaG9zdDBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABDDUyGxQ10wUnAp8xD6RzDmo3jPUfq9F3HBi0s1Y +Hu2cnMXqa2f4pmJTH8I+S9Jp7A92y3upkza77JpwMC2HkqOjSTBHMA4GA1UdDwEB +/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBIGA1Ud +EQQLMAmCB3RoZWhvc3QwCgYIKoZIzj0EAwIDSAAwRQIhAL4fY7LOXnqwm9gQi1AP +4mhk8ShTg8ocThd//lL7bhEWAiBwdzmtQmRMP5cszyjZRR796StFyZFAzb/6snej +Lqd7aA== -----END CERTIFICATE----- diff --git a/tests/tls/certs/trustedRoot.key b/tests/tls/certs/trustedRoot.key index d27e0047c..98d080fca 100644 --- a/tests/tls/certs/trustedRoot.key +++ b/tests/tls/certs/trustedRoot.key @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIAvxrkdyTpeA1vWaCJxlQOZZsq6t2nu477SX/K0/o/RwoAoGCCqGSM49 -AwEHoUQDQgAE74l9pA6YhikKz49gjmlTnS0IdT/O3mh4eODQYDlzYCsjdgRCIKtj -Tej/SW9wFPyi5v52F5y7uLGrONDxR3U1Zg== +MHcCAQEEIFIS2NB01ris13TohCWQkw2u120lijceMo9ZUpQMHmYLoAoGCCqGSM49 +AwEHoUQDQgAEUkiJaMVzO8CqVGQjN5GF73Hvsv13t9m0iTcsjqhioaC98FBYEU4t +w1kepJIXiPIooWpVAjag9qhg0b1qD38dqw== -----END EC PRIVATE KEY----- diff --git a/tests/tls/shared.py b/tests/tls/shared.py index 7b900229f..3f5878802 100644 --- a/tests/tls/shared.py +++ b/tests/tls/shared.py @@ -2,6 +2,7 @@ import subprocess import sys import time +from contextlib import contextmanager from nutkit.frontend import Driver from nutkit.protocol import ( @@ -21,7 +22,7 @@ class TlsServer: def __init__(self, server_cert, min_tls="0", max_tls="2", - disable_tls=False): + disable_tls=False, client_cert=None): # Name of server certificate, corresponds to a .pem and .key file. server_path = os.path.join(THIS_PATH, "..", "..", "tlsserver", "tlsserver") @@ -39,6 +40,9 @@ def __init__(self, server_cert, min_tls="0", max_tls="2", ] if disable_tls: params.append("--disableTls") + if client_cert is not None: + params.append("--clientCert") + params.append(client_cert) self._process = subprocess.Popen( params, stdout=subprocess.PIPE, @@ -97,19 +101,32 @@ def reset(self): class TestkitTlsTestCase(TestkitTestCase): - def _try_connect(self, server, scheme, host, **driver_config): + @contextmanager + def _make_driver(self, scheme, host, **driver_config): url = "%s://%s:6666" % (scheme, host) # Doesn't really matter auth = AuthorizationToken("basic", principal="neo4j", credentials="pass") driver = Driver(self._backend, url, auth, **driver_config) - session = driver.session("r") try: - session.run("RETURN 1 as n") - except DriverError: - pass - session.close() - driver.close() + yield driver + finally: + driver.close() + + @contextmanager + def _make_session(self, driver, mode, **session_config): + session = driver.session(mode, **session_config) + try: + yield session + finally: + session.close() + + def _try_connect(self, server, driver): + with self._make_session(driver, "r") as session: + try: + session.run("RETURN 1 AS n") + except DriverError: + pass return server.connected() @driver_feature(Feature.API_DRIVER_IS_ENCRYPTED) diff --git a/tests/tls/suites.py b/tests/tls/suites.py index 414753dc6..bf0f8c238 100644 --- a/tests/tls/suites.py +++ b/tests/tls/suites.py @@ -5,6 +5,7 @@ from tests.testenv import get_test_result_class from tests.tls import ( + test_client_certificate, test_secure_scheme, test_self_signed_scheme, test_tls_versions, @@ -18,6 +19,7 @@ tls_suite.addTests(loader.loadTestsFromModule(test_self_signed_scheme)) tls_suite.addTests(loader.loadTestsFromModule(test_tls_versions)) tls_suite.addTests(loader.loadTestsFromModule(test_unsecure_scheme)) +tls_suite.addTests(loader.loadTestsFromModule(test_client_certificate)) if __name__ == "__main__": suite_name = "TLS tests" diff --git a/tests/tls/test_client_certificate.py b/tests/tls/test_client_certificate.py new file mode 100644 index 000000000..9d61e1d5d --- /dev/null +++ b/tests/tls/test_client_certificate.py @@ -0,0 +1,191 @@ +import os + +import nutkit.protocol as types +from nutkit.frontend import ( + ClientCertificateHolder, + ClientCertificateProvider, +) +from tests.shared import get_driver_name +from tests.tls.shared import ( + TestkitTlsTestCase, + TlsServer, +) + +THIS_PATH = os.path.dirname(os.path.abspath(__file__)) + + +class _TestClientCertificateBase(TestkitTlsTestCase): + required_features = (types.Feature.API_SSL_SCHEMES, + types.Feature.API_SSL_CLIENT_CERTIFICATE) + + def setUp(self): + super().setUp() + self._server = None + self._driver = get_driver_name() + + def tearDown(self): + if self._server: + # If test raised an exception this will make sure that the stub + # server is killed, and its output is dumped for analysis. + self._server.reset() + self._server = None + super().tearDown() + + def _start_server(self, cert, **kwargs): + self._server = TlsServer(cert, **kwargs) + + @classmethod + def _client_cert_on_server(cls, i=1): + return os.path.join( + THIS_PATH, "certs", "server", "bolt", "trusted", f"client{i}.pem" + ) + + @classmethod + def _client_certificate_cert(cls, i=1): + return os.path.join( + THIS_PATH, "certs", "driver", f"certificate{i}.pem" + ) + + @classmethod + def _client_certificate_key(cls, i=1): + return os.path.join( + THIS_PATH, "certs", "driver", f"privatekey{i}.pem" + ) + + @classmethod + def _client_certificate_key_with_pwd(cls, i=1): + return os.path.join( + THIS_PATH, "certs", "driver", + f"privatekey{i}_with_thepassword{i}.pem" + ) + + @classmethod + def _client_certificate_password(cls, i=1): + return f"thepassword{i}" + + @classmethod + def _get_client_certificate(cls, i=1): + return types.ClientCertificate( + cls._client_certificate_cert(i), + cls._client_certificate_key(i) + ) + + @classmethod + def _get_client_certificate_with_password(cls, i=1): + return types.ClientCertificate( + cls._client_certificate_cert(i), + cls._client_certificate_key_with_pwd(i), + cls._client_certificate_password(i) + ) + + +class TestClientCertificate(_TestClientCertificateBase): + def test_s_and_client_certificate_present(self): + schemes = ("neo4j+s", "bolt+s") + client_certificates = (self._get_client_certificate(), + self._get_client_certificate_with_password()) + for client_certificate in client_certificates: + for scheme in schemes: + with self.subTest(scheme=scheme, + client_certificate=client_certificate): + self._start_server( + "trustedRoot_thehost", + client_cert=self._client_cert_on_server() + ) + with self._make_driver( + scheme, "thehost", + client_certificate=client_certificate + ) as driver: + self.assertTrue( + self._try_connect(self._server, driver) + ) + if self._server: + self._server.reset() + + def test_s_and_certificate_not_present(self): + schemes = ("neo4j+s", "bolt+s") + for scheme in schemes: + with self.subTest(scheme=scheme): + self._start_server( + "trustedRoot_thehost", + client_cert=self._client_cert_on_server() + ) + with self._make_driver(scheme, "thehost") as driver: + self.assertFalse(self._try_connect( + self._server, driver + )) + if self._server: + self._server.reset() + + def test_ssc_and_client_certificate_present(self): + schemes = ("neo4j+ssc", "bolt+ssc") + client_certificates = (self._get_client_certificate(), + self._get_client_certificate_with_password()) + for client_certificate in client_certificates: + for scheme in schemes: + with self.subTest(scheme=scheme, + client_certificate=client_certificate): + self._start_server( + "trustedRoot_thehost", + client_cert=self._client_cert_on_server() + ) + with self._make_driver( + scheme, "thehost", + client_certificate=client_certificate + ) as driver: + self.assertTrue( + self._try_connect(self._server, driver) + ) + if self._server: + self._server.reset() + + def test_scc_and_certificate_not_present(self): + schemes = ("neo4j+ssc", "bolt+ssc") + for scheme in schemes: + with self.subTest(scheme=scheme): + self._start_server( + "trustedRoot_thehost", + client_cert=self._client_cert_on_server() + ) + with self._make_driver(scheme, "thehost") as driver: + self.assertFalse( + self._try_connect(self._server, driver) + ) + if self._server: + self._server.reset() + + +class TestClientCertificateRotation(_TestClientCertificateBase): + + def test_client_rotation(self): + cert_calls = 0 + cert_holder = ClientCertificateHolder(self._get_client_certificate(1)) + + def get_cert() -> ClientCertificateHolder: + nonlocal cert_calls, cert_holder + cert_calls += 1 + has_update = cert_holder.has_update + cert_holder.has_update = False + return ClientCertificateHolder(cert_holder.cert, has_update) + + cert_provider = ClientCertificateProvider(self._backend, get_cert) + + with self._make_driver( + "bolt+s", "thehost", client_certificate=cert_provider + ) as driver: + for i in (1, 2): + for _ in (1, 2): + self._start_server( + "trustedRoot_thehost", + client_cert=self._client_cert_on_server(i=i) + ) + self.assertTrue(self._try_connect( + self._server, driver + )) + self._server.reset() + self.assertEqual(1, cert_calls) + cert_calls = 0 + + cert_holder = ClientCertificateHolder( + self._get_client_certificate(i + 1) + ) diff --git a/tests/tls/test_secure_scheme.py b/tests/tls/test_secure_scheme.py index 05187464c..6ceb03ff0 100644 --- a/tests/tls/test_secure_scheme.py +++ b/tests/tls/test_secure_scheme.py @@ -49,9 +49,12 @@ def test_trusted_ca_correct_hostname(self): for scheme in self.schemes: with self.subTest(scheme=scheme, driver_config=driver_config): self._start_server("thehost") - self.assertTrue(self._try_connect( - self._server, scheme, "thehost", **driver_config - )) + with self._make_driver( + scheme, "thehost", **driver_config + ) as driver: + self.assertTrue(self._try_connect( + self._server, driver + )) self._server.reset() def test_trusted_ca_expired_server_correct_hostname(self): @@ -61,9 +64,12 @@ def test_trusted_ca_expired_server_correct_hostname(self): for scheme in self.schemes: with self.subTest(scheme=scheme, driver_config=driver_config): self._start_server("thehost_expired") - self.assertFalse(self._try_connect( - self._server, scheme, "thehost", **driver_config - )) + with self._make_driver( + scheme, "thehost", **driver_config + ) as driver: + self.assertFalse(self._try_connect( + self._server, driver + )) self._server.reset() def test_trusted_ca_wrong_hostname(self): @@ -78,10 +84,12 @@ def test_trusted_ca_wrong_hostname(self): for scheme in self.schemes: with self.subTest(scheme=scheme, driver_config=driver_config): self._start_server("thehost") - self.assertFalse(self._try_connect( - self._server, scheme, "thehostbutwrong", - **driver_config - )) + with self._make_driver( + scheme, "thehostbutwrong", **driver_config + ) as driver: + self.assertFalse(self._try_connect( + self._server, driver + )) self._server.reset() def test_untrusted_ca_correct_hostname(self): @@ -91,9 +99,12 @@ def test_untrusted_ca_correct_hostname(self): for scheme in self.schemes: with self.subTest(scheme=scheme, driver_config=driver_config): self._server = TlsServer("untrustedRoot_thehost") - self.assertFalse(self._try_connect( - self._server, scheme, "thehost", **driver_config - )) + with self._make_driver( + scheme, "thehost", **driver_config + ) as driver: + self.assertFalse(self._try_connect( + self._server, driver + )) self._server.reset() def test_unencrypted(self): @@ -105,9 +116,12 @@ def test_unencrypted(self): # The server cert doesn't really matter but set it to the # one that would work if TLS happens to be on. self._start_server("thehost", disable_tls=True) - self.assertFalse(self._try_connect( - self._server, scheme, "thehost", **driver_config - )) + with self._make_driver( + scheme, "thehost", **driver_config + ) as driver: + self.assertFalse(self._try_connect( + self._server, driver + )) self._server.reset() diff --git a/tests/tls/test_self_signed_scheme.py b/tests/tls/test_self_signed_scheme.py index b52322adb..63d681aa6 100644 --- a/tests/tls/test_self_signed_scheme.py +++ b/tests/tls/test_self_signed_scheme.py @@ -40,9 +40,12 @@ def test_trusted_ca_correct_hostname(self): for scheme in self.schemes: with self.subTest(scheme=scheme, driver_config=driver_config): self._server = TlsServer("trustedRoot_thehost") - self.assertTrue(self._try_connect( - self._server, scheme, "thehost", **driver_config - )) + with self._make_driver( + scheme, "thehost", **driver_config + ) as driver: + self.assertTrue(self._try_connect( + self._server, driver + )) if self._server is not None: self._server.reset() @@ -54,9 +57,12 @@ def test_trusted_ca_expired_server_correct_hostname(self): for scheme in self.schemes: with self.subTest(scheme=scheme, driver_config=driver_config): self._server = TlsServer("trustedRoot_thehost_expired") - self.assertTrue(self._try_connect( - self._server, scheme, "thehost", **driver_config - )) + with self._make_driver( + scheme, "thehost", **driver_config + ) as driver: + self.assertTrue(self._try_connect( + self._server, driver + )) if self._server is not None: self._server.reset() @@ -73,10 +79,12 @@ def test_trusted_ca_wrong_hostname(self): for scheme in self.schemes: with self.subTest(scheme=scheme, driver_config=driver_config): self._server = TlsServer("trustedRoot_thehost") - self.assertTrue(self._try_connect( - self._server, scheme, "thehostbutwrong", - **driver_config - )) + with self._make_driver( + scheme, "thehostbutwrong", **driver_config + ) as driver: + self.assertTrue(self._try_connect( + self._server, driver + )) if self._server is not None: self._server.reset() @@ -86,9 +94,12 @@ def test_untrusted_ca_correct_hostname(self): for scheme in self.schemes: with self.subTest(scheme=scheme, driver_config=driver_config): self._server = TlsServer("untrustedRoot_thehost") - self.assertTrue(self._try_connect( - self._server, scheme, "thehost", **driver_config - )) + with self._make_driver( + scheme, "thehost", **driver_config + ) as driver: + self.assertTrue(self._try_connect( + self._server, driver + )) if self._server is not None: self._server.reset() @@ -98,10 +109,12 @@ def test_untrusted_ca_wrong_hostname(self): for scheme in self.schemes: with self.subTest(scheme=scheme, driver_config=driver_config): self._server = TlsServer("untrustedRoot_thehost") - self.assertTrue(self._try_connect( - self._server, scheme, "thehostbutwrong", - **driver_config - )) + with self._make_driver( + scheme, "thehostbutwrong", **driver_config + ) as driver: + self.assertTrue(self._try_connect( + self._server, driver + )) if self._server is not None: self._server.reset() @@ -115,9 +128,12 @@ def test_unencrypted(self): # one that would work if TLS happens to be on. self._server = TlsServer("untrustedRoot_thehost", disable_tls=True) - self.assertFalse(self._try_connect( - self._server, scheme, "thehost", **driver_config - )) + with self._make_driver( + scheme, "thehost", **driver_config + ) as driver: + self.assertFalse(self._try_connect( + self._server, driver + )) if self._server is not None: self._server.reset() diff --git a/tests/tls/test_tls_versions.py b/tests/tls/test_tls_versions.py index 7f2d7ccf5..3bfab1291 100644 --- a/tests/tls/test_tls_versions.py +++ b/tests/tls/test_tls_versions.py @@ -23,14 +23,17 @@ def tearDown(self): def _try_connect_smart(self): if self.driver_supports_features(types.Feature.API_SSL_SCHEMES): - return super()._try_connect(self._server, "neo4j+s", "thehost") + driver_ctx = self._make_driver("neo4j+s", "thehost") elif self.driver_supports_features(types.Feature.API_SSL_CONFIG): - return super()._try_connect(self._server, "neo4j", "thehost", - encrypted=True) - self.skipTest("Needs support for either of %s" % ", ".join( - map(lambda f: f.value, - (types.Feature.API_SSL_SCHEMES, types.Feature.API_SSL_CONFIG)) - )) + driver_ctx = self._make_driver("neo4j", "thehost", encrypted=True) + else: + self.skipTest("Needs support for either of %s" % ", ".join( + (types.Feature.API_SSL_SCHEMES.value, + types.Feature.API_SSL_CONFIG.value) + )) + return + with driver_ctx as driver: + return super()._try_connect(self._server, driver) def test_1_1(self): if self._driver in ["dotnet"]: diff --git a/tests/tls/test_unsecure_scheme.py b/tests/tls/test_unsecure_scheme.py index e4e286096..919b1adb5 100644 --- a/tests/tls/test_unsecure_scheme.py +++ b/tests/tls/test_unsecure_scheme.py @@ -39,9 +39,10 @@ def test_secure_server(self): for scheme in schemes: with self.subTest(scheme=scheme): self._server = TlsServer("trustedRoot_thehost") - self.assertFalse(self._try_connect( - self._server, scheme, "thehost" - )) + with self._make_driver(scheme, "thehost") as driver: + self.assertFalse(self._try_connect( + self._server, driver + )) self._server.reset() @driver_feature(types.Feature.API_SSL_CONFIG) @@ -49,7 +50,10 @@ def test_secure_server_explicitly_disabled_encryption(self): for scheme in schemes: with self.subTest(scheme=scheme): self._server = TlsServer("trustedRoot_thehost") - self.assertFalse(self._try_connect( - self._server, scheme, "thehost", encrypted=False - )) + with self._make_driver( + scheme, "thehost", encrypted=False + ) as driver: + self.assertFalse(self._try_connect( + self._server, driver + )) self._server.reset() diff --git a/tlsserver/main.go b/tlsserver/main.go index 1475a185d..6f2dafebc 100644 --- a/tlsserver/main.go +++ b/tlsserver/main.go @@ -2,16 +2,18 @@ package main import ( "crypto/tls" + "crypto/x509" "errors" "flag" "fmt" "io" + "io/ioutil" "net" "os" "time" ) -func exitWithError(err error) { +func exitWithError(err interface{}) { fmt.Println(err) os.Exit(-1) } @@ -24,6 +26,7 @@ func main() { address string certPath string keyPath string + clientCertPath string minTlsMinorVer int maxTlsMinorVer int disableTls bool @@ -34,6 +37,7 @@ func main() { flag.StringVar(&address, "bind", "0.0.0.0:6666", "Address to bind to") flag.StringVar(&certPath, "cert", "", "Path to server certificate") flag.StringVar(&keyPath, "key", "", "Path to server private key") + flag.StringVar(&clientCertPath, "clientCert", "", "Path to the client certificate") flag.IntVar(&minTlsMinorVer, "minTls", 0, "Minimum TLS version, minor part") flag.IntVar(&maxTlsMinorVer, "maxTls", 2, "Maximum TLS version, minor part") flag.Parse() @@ -52,6 +56,20 @@ func main() { MinVersion: 0x0300 | uint16(minTlsMinorVer+1), MaxVersion: 0x0300 | uint16(maxTlsMinorVer+1), } + + if clientCertPath != "" { + clientCert, err := ioutil.ReadFile(clientCertPath) + if err != nil { + exitWithError(err) + } + + certPool := x509.NewCertPool() + certPool.AppendCertsFromPEM(clientCert) + + config.ClientCAs = certPool + config.ClientAuth = tls.RequireAndVerifyClientCert + } + listener, err = tls.Listen("tcp", address, &config) if err != nil { exitWithError(err)