From 4e443ea9d892fb8b1947e11c65e93bc982f88a72 Mon Sep 17 00:00:00 2001 From: Robert Fitzpatrick Date: Wed, 23 Sep 2020 22:12:08 +0100 Subject: [PATCH] resolving test certificate expiry errors and re-formatting --- cmd/k8s-kms-plugin/cmd/test.go | 49 +++++++++------------------- pkg/providers/p11.go | 59 ++++++++++++++++------------------ 2 files changed, 44 insertions(+), 64 deletions(-) diff --git a/cmd/k8s-kms-plugin/cmd/test.go b/cmd/k8s-kms-plugin/cmd/test.go index 57ddc315..338150a0 100644 --- a/cmd/k8s-kms-plugin/cmd/test.go +++ b/cmd/k8s-kms-plugin/cmd/test.go @@ -41,13 +41,12 @@ var loop bool var maxLoops int var loopTime, timeout time.Duration - const dummyCaCert = "-----BEGIN CERTIFICATE-----\nMIIGADCCA7SgAwIBAgIQAzUe9pVQo20RU9LSiRiDkDBBBgkqhkiG9w0BAQowNKAP\nMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMC\nASAwLTEQMA4GA1UEChMHQWNtZSBDbzEZMBcGA1UEAxMQdGVzdC5leGFtcGxlLmNv\nbTAeFw0yMDA5MTUxMDEwNTlaFw0zMDA5MTMxMDEwNTlaMC0xEDAOBgNVBAoTB0Fj\nbWUgQ28xGTAXBgNVBAMTEHRlc3QuZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCuaGKyDvJ0ebW/9Kq7fltuLZhWQJb613EcHc2eV7ht\nejffCYklRJeKONhkozroxsb5y0ETvlWRiBDVBj0Zq0dyHY781N/QJZcBons0cRXV\nYNBd4nUaJ//FufzI1mbSXohpSaV1hkoQ2uTqB4B7yUWaiM1nIx1snzdXJSGhVYxy\nRhdTHMNd/z8ut+dwRojFIiU7S5NXaCc9LL9LryXy1N+VZo6sHK6NZQu27ryE7wv1\nh+bvG6TsfIsmfcv94ghX94olxY/+h38sDrX3LboKt3j8Tktg3amnwuKENYnvTOMZ\nkHkofj6k8kx+lCzJLDi2hCcq3r3ZPoT146mU5v3nwGF0zPSN3+GertuI9rmSvUy+\ngeD5QeWczUgADaALMVBTQY+wEBNhzyWa6O/l/yPErW2epFSibHIyz+97Nlen9CaF\nKBAUhRYVJIaUOCPmCK5VW4ghadF8zflUsgo5s/himfs9CWF12yAEYS1MjhyTTmAa\n0/DymJ0M8kaTuVUoQW6rrPGAzVRQEBeeVa3OJY6mPvOq0XosYGXtROSq9DMPGwcy\no9OlXhw6uD/rBPxNC8cqDZviM3QHKoN4lGatgfuSrowIU5Bi1yzgMxKdouY78OEI\nThtQTw2XxdoUy+Vr0XlQg9gAJqP0mq1O8fu7zjhua9k8Pdm6B0fxGsBa0Yz4MMQn\nIwIDAQABo4GzMIGwMA4GA1UdDwEB/wQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD\nAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zANBgNVHQ4EBgQEAQIDBDBfBggr\nBgEFBQcBAQRTMFEwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmV4YW1wbGUuY29t\nMCoGCCsGAQUFBzAChh5odHRwOi8vY3J0LmV4YW1wbGUuY29tL2NhMS5jcnQwQQYJ\nKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglg\nhkgBZQMEAgEFAKIDAgEgA4ICAQCfFnc0Cajm48LiDw2NxSsNMCGCT/uju6KJG3O8\naXG6rEorDJs3uWCdyn6PhzyhqEdPGiBfJVJnmY9OfF8wWx3zXVAxstOp1RIrA3yI\nfIZAMoTsAYYKXH9gMda9wcPMFOFKrjbmDJKk8c3WwXth5NIeqqQPGTTh0ovHVc8Q\nHDSZo3lyBEmUDjrF2qu0VGn4m2kuxFl8lPUAu8lUR2+KLj6XStqhDd6gXCa2/quZ\nSROFRccS5bPEwJh7l1QSqhwHjS0oKU0sIGq6+VPq2TKUcf4F1zaw4dOKqhBbm+o1\nN7K49deaQH3Zb40jR7f2Rw+s86MM1ujS8tu98yRcu8+KPq1vb1fOQlG/UnOAtYd7\n8kej0ot/QYb7NxDqxNqW2vePbkUoOHV9TtRNQDV0hQooWB/GzZGWUrILDRugDwH+\nX7XNzC5ov1TbRpXkvmpBkY80oBFb9P4bCtUb2dmcdxM7KM5dnoHOQ8Fb7aSWcstE\nSOI2qbSnl2/uigjWLayWpn6k1OTszsLQTxAcezNLL6cTI+eWb3oC0KoAP458FtNH\nb/W8F2WNIxCjD9ydVU2JFPRSy1FfAQFhNMPwyIoT4AZ46G/u4gNu/AIPERfCUqdG\nQWUMsGgTs6NVDmo5YeasplU5uYyEvqPnUhZFsxNSPu/wmDiIcjrtIeEym7Dq4MiG\neOMvxQ==\n-----END CERTIFICATE-----" -const dummyIntermediateCaCert = "-----BEGIN CERTIFICATE-----\nMIIGDzCCA8OgAwIBAgIQDVAZahWkOfdgwjPDptX6RzBBBgkqhkiG9w0BAQowNKAP\nMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMC\nASAwLTEQMA4GA1UEChMHQWNtZSBDbzEZMBcGA1UEAxMQdGVzdC5leGFtcGxlLmNv\nbTAeFw0yMDA5MjMxMzE1MDRaFw0yMDA5MjMxNDE1MDRaMCsxDjAMBgNVBAoTBWlz\ndGlvMRkwFwYDVQQDExB0ZXN0LmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEF\nAAOCAg8AMIICCgKCAgEAuFPWfIzgD6k0hTr8UkztPggDjHRQ1b2Du4KTKRhC91Kh\nw67mR57fw/8LtMisEW6BttvWFPeU1JaHJ0Mkxx9SxQFSCReU9C70imHGSEuWYt6p\n5ud6Cb7gMdenaMGsIl/5a9JS2DIiLM7tiXJqmSr5KjQ6XF5Ol5O+OUWHNkegC8gL\nScBZyVgPJsWXRwrjyO/5+i07zWPgEvB682EqrIaCwJjd6Vhk/iOcR2/dpcNZtA3d\nOkZPIz8c2RlZPTTv+U4AyGp0m715HFF5G5QjIdRyAi847esK2sz+6VONx/S+1iTF\nJS5du8C1IeCA9kfnds3WoFsixF8/HN/TZfBMpfi9/CRRem6dE70tENYSk5RPz8Vk\nUE1aVg3J3IesouV60qwy3znzHhTwQ010Abc2gl68hrODBK3bIPso5pYFzeu14GFd\nvIeF2dvOod0YtcDE///dLYyZDZe+OdFT+hDaV5F/qW1oobTFRjZihl1OmikE/pTl\nMfBFY1IjcCTq91LgFknbp6Y9v49daehnj4qHJHVAWrPWWy18VYtxDy5FGIDKyq6u\nSAmpqqwISqIHWhODvZMpduVdRYGqIyadH322Sjuf9ncBRZ491VYFqhhEtL2HQgY8\n9j8f/su2EzO0kR89YtLZyRtQS2JGS5qc/0IyqpQXNbWJK9KN6Q+GjcyASufMUH0C\nAwEAAaOBxDCBwTAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wDQYDVR0OBAYEBAECAwQwDwYDVR0j\nBAgwBoAEAQIDBDBfBggrBgEFBQcBAQRTMFEwIwYIKwYBBQUHMAGGF2h0dHA6Ly9v\nY3NwLmV4YW1wbGUuY29tMCoGCCsGAQUFBzAChh5odHRwOi8vY3J0LmV4YW1wbGUu\nY29tL2NhMS5jcnQwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoG\nCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4ICAQCgv+NsLV6KTzbY/ylE\nSYZ1e+yKi5Hs/DaPd6eD3xB1RuFkTLnMAtcUgpk36MsQf9tLlhgjcxWGqjDP3mA9\nBTOkoyN1Fja76WJgg4HeniGUioSuXNJNm4Nstku9e/AP4Rky7bgoDoDkTysqgRpK\niGSac3plM0ssYeZoofLMHewPkD5xutdJoHXlW8myh1jLWV0oVbCXlEiRgSJZnY92\nBJiPsKCPx4QENNH2c4/InJCHWV1gC2gpRWNeNsJYSBUtiC/ZtTstPc6PMOYzH8bA\nuILmQ+sy/zfQ6ZA0P95Lvv/lv5pMftoJ56tFqL3IVwoyDTUgs/6zxltEi7FdgN4M\nB3DumrzgygeyFPLsjQGuBKEoIvzctmfYszl3c9rfqSxY9iaXD1iNtDaYCKGkCn5F\n0up3mN5R2NcALJIir6mxYwz5RmxvAOT5FsI0V15+PTSJTT1y4pBTn6g9tcJYTung\nf01UuDc4sksNtH0tTlNYK6LcIDXOM7OxKAh4ec/o7y9yO5lYzwvtkFIWFyfhY1bM\nEiS1SJB3sWt8RqaQPlkmSb1NcmMYvV/YQb/fOffZadDrJLYk9Utuoh72lCEnS8el\nSb4UUnp2URim+eem/JHldnwHxcaNMFttpnTYtxTHLZvD3sMrVQtPFj14tvIaYGU5\nus+/yTTJe7DIquTifVRp15AtQA==\n-----END CERTIFICATE-----" +const dummyIntermediateCaCert = "-----BEGIN CERTIFICATE-----\nMIIGDzCCA8OgAwIBAgIQfGS4lokSufw1gITDy4UDTTBBBgkqhkiG9w0BAQowNKAP\nMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMC\nASAwLTEQMA4GA1UEChMHQWNtZSBDbzEZMBcGA1UEAxMQdGVzdC5leGFtcGxlLmNv\nbTAeFw0yMDA5MjMyMTA0MzNaFw0zMDA5MjEyMTA0MzNaMCsxDjAMBgNVBAoTBWlz\ndGlvMRkwFwYDVQQDExB0ZXN0LmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEF\nAAOCAg8AMIICCgKCAgEAve0zQRQG9o+5BVzRur+wRj5pjUowcd4s8jdO8RP4V/6B\nprO8CaRTD7NjKH0D98Rp+jrvavCS8c2UPvEbpc/06nzxf/BJ3frG77BPoqlRRWZI\n5Fg2K/x7+uVslBt54+0y1eaXuoi9Encsll9NvXUPR6A8A6AImxNbY3ha0udaZaFH\n26ZfPtDnBLrQoLOg5NLT0FjoLrJ3esXV7e6v5eT/eE4tWD4u0GK/4RX+zh/+Y8En\nvj6PD8qJ6MtAf9+++Zi31yUGGhQl/iuW/yeYGcdiMLRBCpC7mzqEJy6CqoSuY8Cq\nOAr+oC7fckwUm6b/fZbWH57l47CCwDSjFpO2zHcykWBTNu7RkWjBnwgf2btG1bkM\nPuW97ZyFfswJGcMNsxKTEWgET4ZDzHRK+pQY1Xr1NH5CPa8j2Y00aBYKuYYhOkwr\nEkHkmH6Q16OcaUj8sRj/bmDSjZpwjw4wzRzjTaky66efHqpLrcIlVI66NZH3e0ge\ntg/uhb9IYBBJwFK1J6TUZqQDXzk1FiT8L7JZaTY10/wEWGBKV1yv++god/xBYIm2\nQalYssMBtRhWCq+ABeQnPZjaClfrGuZ5bXyo8SZUpUxJ89xBXUHhdjdjO19SFY80\nXf+RiXdGOxUIdqBvO8m2Nmm4bWp+oN0wLsMA0Iy4M9oMOwsHS64TlSarPHtxSNMC\nAwEAAaOBxDCBwTAOBgNVHQ8BAf8EBAMCAgQwHQYDVR0lBBYwFAYIKwYBBQUHAwEG\nCCsGAQUFBwMCMA8GA1UdEwEB/wQFMAMBAf8wDQYDVR0OBAYEBAECAwQwDwYDVR0j\nBAgwBoAEAQIDBDBfBggrBgEFBQcBAQRTMFEwIwYIKwYBBQUHMAGGF2h0dHA6Ly9v\nY3NwLmV4YW1wbGUuY29tMCoGCCsGAQUFBzAChh5odHRwOi8vY3J0LmV4YW1wbGUu\nY29tL2NhMS5jcnQwQQYJKoZIhvcNAQEKMDSgDzANBglghkgBZQMEAgEFAKEcMBoG\nCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIDAgEgA4ICAQBCrITqMprwR/Cf/RPf\ny7M6A5yCxZDldi6GtoVTtgYHy/EJmo5td8BWSU33xkZt2g94JUSZbhoLHczGX0zT\nIy2GFY+o258Nmd4wpqHUBa9rS/+I0F/WDqk4AInTRwijmU/4OhPPhAEsqQOJ0UCx\ny2zmBshMNTOuKWSiXWbkzqj9DrXl3KQIJxCRF6UDyyX6dTuX5nl6u8zphQ3aci15\naYEvvXhCHZ4ZqZ8h0paubBTva6XmSlIgVJlnyiWpGOUHT3nmUfqLm/OehlXoRuuJ\nzbHrc/n6axqeX8OmE+4j4zDE7ICu+Cfb5NzEKtT3n5hEg3d2roVE0En6YIewy/iA\nVfzH+wC4ANWXig+pwlfD7alOPsEvbVrVls2BPBSehpRAu+RC6sxvsqvDWZsaAZY2\n7KzWHZtcwFAI7+gOA6VLmsbR4MXTa9MTb/j6Jv1UssjLxSJv8knoVPQLc8Zs5Phn\nGaMKlUsqd5Duo7hb0TZC5Mp/6L8xWK8ZZEMw7jDAloBUYcbDuRiVg2F3zRzOa1YE\nPdeKFA0DSGI7iuCiRScS5V///6vubO9V2ufuKgdAbOShQGfxLojtBPMJjxsQX7j6\ngHto2S62Og4DSkDtkJIionqvxgFqpk6POxWhyj1gP/aK2KzwqNy/rfRlkUheTBsm\nijrJCBNELSQ8gsZSfXBJ/MEkXA==\n-----END CERTIFICATE-----" const dummyBadCaCert = "-----BEGIN CERTIFICATE-----\nMIIF6jCCA56gAwIBAgIQIRNhVqA6SlfIGPAo7n/a5DBBBgkqhkiG9w0BAQowNKAP\nMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMC\nASAwIjEPMA0GA1UEChMGVGhhbGVzMQ8wDQYDVQQDEwZCYWQgQ0EwHhcNMjAwOTIz\nMTM0MDM2WhcNMzAwOTIxMTM0MDM2WjAiMQ8wDQYDVQQKEwZUaGFsZXMxDzANBgNV\nBAMTBkJhZCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK80Ramp\nC6l05gz9G2rJgEvPynYkRAC1ObsuCo35eWEUfSe31Vyn9aLRDHiILyJhZEk3TTz9\nCyGPOGaDPTdcT1YcndeQ3FaQqZrXaxOuh9/WUhQKX3DILlkz0WOzBX45R51tAoCy\n+MiwCYKXD6zh59xdvBRiFW2Xjr3GFrmI9UtG1nLQU5e1e5AVyQKMxlKUVuQ9g6Xc\nRiZ8V6q6B2wAsT6J5LkJuCfFD5hjGJfxq5FYg3urh8jHTKzllMbcHf8J2X/d+b09\nFppcxMnJmJTIV7xF9y639Zq7epPfw6AebUnw51pN5TpcdAXUFOrhFF9H0Wx3ue8y\nHoHk5e1ujkypot9EO2dj0dTXTsqemgE8A8cmwGGfl/S7lwjuttabCHFqzLztVyZD\n1xFAd3JfykhfVcg89pu4JKJ5BYJ2MRKVdnNBNdOQxq3SPoSjJhFfspHT0q2Tw63s\nIoIqpyrm964vbZn/2ULlcWmp4WhEvy2Z+0CM/4h7dHA/Aq8IPGdTqYoZV0A8V9Z+\nPvRjvMtizrrtXsEfkuEUrRtcb06hILImX5ZI3O8PAG0pQ5XtMhpVoln9e5MSuU7J\n5YWbHzMnOAX88OK4miJOaTRHIriNZZJsSUsKGGsZhIwsL2rPyvaUuSU5v36+EOZD\nkOpyJdFfax27jer1qD2T92Md1eZi8vioOwwXAgMBAAGjgbMwgbAwDgYDVR0PAQH/\nBAQDAgIEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAPBgNVHRMBAf8E\nBTADAQH/MA0GA1UdDgQGBAQBAgMEMF8GCCsGAQUFBwEBBFMwUTAjBggrBgEFBQcw\nAYYXaHR0cDovL29jc3AuZXhhbXBsZS5jb20wKgYIKwYBBQUHMAKGHmh0dHA6Ly9j\ncnQuZXhhbXBsZS5jb20vY2ExLmNydDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFl\nAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASADggIBAHhD\njrTVDK/n2Tn3z+4V0AFSq+trpY/Pl2BzPU4bLWyHvh/HvxhvuwfH2DPjO9KhxMwQ\nkzA2O1GkFwOHDJRuJTHm6imoDBK2fEEZ7Ppi9yDc+fa8pYPWj7hTTunvLq1tXMCQ\njqqGHFD8EJPXoscqCfmVcw2R2pRGTMybliIBwCBiiK0qpkr6+fzQdHg96/P4S8kE\nIejOD+oSvcU3jLrSn/6aoHfmGNYqK4D2gdsx5YRHHKKJOixEBvZRQ1CjTVuUN2GK\nNv1jFFprkOT6xcWRhPKKRIPGWkA2aIQYBOOC4Qs2bhsHgwTYPHNZEHP5Hbein5q9\n0LpVkXCIDf2eLJ2CQyxTDJP93jAhCP/zbUoifATcB+ycbuzkXtE5jy65AsJEUnK3\nX1nUF7jZk4T8mBgWVj5buCLz6+dz5cRggx0DawpiSynciKbGu0eXHTofI9spUhFn\ny9T/PpINRl5/9BDpILET8IdcTh+0oPcDaelA394asi+wmd32UwXIZOu2Xmskkinx\nBR7M01S0voQ2gk38mC8OT3XmezYwDDq4NyxU8ZvxDhAP8ANpYB2b7qzL2cVrEu3H\nFouuaX+YMmTanQ8UVHTAguQ+0AEKBKoOR2ntIAUwrXZv0dPQmM4dURr6tQN02HdC\ny8dSfX2foQbmGABJQMRp5nBbCrmlV699TWShq4bI\n-----END CERTIFICATE-----" const dummyBadCaPrivKey = "-----BEGIN RSA PRIVATE KEY-----\nMIIJKQIBAAKCAgEArzRFqakLqXTmDP0basmAS8/KdiREALU5uy4Kjfl5YRR9J7fV\nXKf1otEMeIgvImFkSTdNPP0LIY84ZoM9N1xPVhyd15DcVpCpmtdrE66H39ZSFApf\ncMguWTPRY7MFfjlHnW0CgLL4yLAJgpcPrOHn3F28FGIVbZeOvcYWuYj1S0bWctBT\nl7V7kBXJAozGUpRW5D2DpdxGJnxXqroHbACxPonkuQm4J8UPmGMYl/GrkViDe6uH\nyMdMrOWUxtwd/wnZf935vT0WmlzEycmYlMhXvEX3Lrf1mrt6k9/DoB5tSfDnWk3l\nOlx0BdQU6uEUX0fRbHe57zIegeTl7W6OTKmi30Q7Z2PR1NdOyp6aATwDxybAYZ+X\n9LuXCO621psIcWrMvO1XJkPXEUB3cl/KSF9VyDz2m7gkonkFgnYxEpV2c0E105DG\nrdI+hKMmEV+ykdPSrZPDrewigiqnKub3ri9tmf/ZQuVxaanhaES/LZn7QIz/iHt0\ncD8Crwg8Z1OpihlXQDxX1n4+9GO8y2LOuu1ewR+S4RStG1xvTqEgsiZflkjc7w8A\nbSlDle0yGlWiWf17kxK5TsnlhZsfMyc4Bfzw4riaIk5pNEciuI1lkmxJSwoYaxmE\njCwvas/K9pS5JTm/fr4Q5kOQ6nIl0V9rHbuN6vWoPZP3Yx3V5mLy+Kg7DBcCAwEA\nAQKCAgBrs6drPzajCfBtZZ5YC9xpPigIbgy7nqwJi6kDU6uw6OZy5wgq+DkAyJ9w\n7M6ExPfgJjW92xPfomoaYmzcPkuq9NZ28F7ye+U3AVuacryl9dro5ON8siIDxd3e\n+urSiCWk+aEDOoHC5KxD8da6APkGNzzqDs17XCJsOHw5u56Gkto7JCNu7Co0DaBO\nh/lWREgR8FqgOAOLnv5JPihX1Skf96Z5tSbWk8YdeDVjGjXMmGvjNzO2UgWpd0v4\n3tE1uXlRqEPgd9AQPhzeqqW4OFvuqdfkiUNaxgr5IiHgqTOns4aUtbPHJ5RPDOt6\n47ghRkXP9t1+1AF6+hn51e914wXyUwgBV1NnhIRlYuyN5BwQIDmCa4mp8i4ikJpp\nFuc2HCUvF5wM3o2d5wopk7PEEWROplLh+x7/3PqWP2jAWiGg6jliKtwDDFDmXbqk\n3o8h2nnl1O2KE75aLCjDWIc9Qe6OeWLlqhZXb3DnIZzWffazedl0o2K9zTr84MG8\n5v6vPErdhHy2UwJf0lDrPjUn3F3TAtXOJ9woBwlHpEM4HbpH49BTI0nx7zl2IajG\need2Z0K7h/RfLW4Lok6+yatw4EikP0xZrK8zdOlZOqZExV5vrdyKnWMTXrxNEY+U\nho7pe2UTm+WE+6OB/5TInKJ2TgC+G5Dgol59izs7HQiztTFaQQKCAQEA3uWyk4uS\n4PbA0sG9G7WuAbEw0aYYpkEG0bl/pzbRLHo0N8MXjGPpEzAr4okOnD9CzujJASSd\n66hMNafrhQU9A0HSJR9Z3BnOGSY+1paqUwOx5UnEi0Ncmj+RNNPgW6ui0aA+xo1a\nO83o8s8p1K7eXhKgdU0CZ69CM0VMx1IgRBJMjaDoU4aW91b5oT95pzQIJ+dP8WcM\nT6FxVJ2RytrleIqLTPk5xSPW/4ql9cZ3e8ws8I+g9gO1JZZF+nTvDhTmewg2jzfz\n6E38dZsVOZqNC1J7lR/iX+R3wVqqSuZeAqSw5K91Se8SRkjA76p0VVfyHCMHbppe\nuHzNDo92ekFDtwKCAQEAyTlWfjV6Bxg7+ZjOSs27OYxbDFtyo6lV0K4AH7Gx6axo\nxFn4A8uBdv7YCa9clu3Gx+1mptqIggmmaEuXtaTseyGo02nhpmVbwynaXojSlKEn\nN3mRhuTKPDwQKMKdXgzBHHw2sGthYlgBxdRVkn5gkNdF2Q3r2WR0SYhuYJMudsj3\nRT4fHdxbfL/QMs4oJTvnBsAXfBs2NGPhn26Hg+koAlYEss1s0JdaQTPUNRGYvXKO\njKnNVYX1/6vBHfrynO28dJHoiaNjbu8uTpt2uaLb726noVVJgsl+CnaJmEWnJIIW\nrvuzoCCUOr2W8AdN1e1nbvhBvB1QlkWlWop7Uug6oQKCAQEAgHnnX5IwvAiehhxz\nsxgaTxFh8UWKqbGLi7EfOjOnh7p8hLOnzBz+iDfY479aM4dnK7oTudvwRpgALWE3\nqLmnPExhI1KZyfr5x5c62xeG30ie7mmBpz/RjXscaFXD2TLqK2fxJyLsotIB9oqg\nMt4EgDa+VD5qJ3dmcgT8x1q4DGR7yZq4rwRB2hlA08exiEW+ebmjY6Kg/vkwSLR2\nB3X6lGtO9bQlr1MEJtE07aBS2IGMWbB/962VaS/f8AgcjoJPgxTt1clLhlgFL4iP\nSF+j8qW9Y+w34EvhFwr6Yye7gkyJRZc4xL/PScG/q6UVXufNPpiWPRMvi6krzLu2\nb6tUqwKCAQADVNSuwDnl9ivABRydNmy8FivHt5fdR8do7giIfcuhP754SbkGbw8U\npkFzX5jb0tHwq2iAqKuL45cCsQWw9ysHGtaNsXoP5CuxvnakDAXYehaJH5UeM5l5\nh9EIq7gpP3LPAutw3kY9d5GH8ez8wOTeYQICBu35qmUWdpDFPoqNYuRdHBstxmEp\nXo+W17zoaOZ5QSLiZhzunxy0JANQVsLXzw7C2w3LIkZXQAFqY4Ew2b2sbH8+xDn/\nYpuO4IG1wWXWVDgSV0clJgaRPJepmR2lCCL0U9IkvSs+BxpeEAElZJX1jas6om9x\nzYO7M5PBT+3fc3K7J40W/84uAo7qH3ghAoIBAQDRwL5KFIHaJA7pjts69EviDuzK\nNj/IpVT9ylQrhBAAjJBSzmqFeZK8wxHBSjygdh85Vj+Z+f2u44KFh5ELAz26WoIM\noKyTfLBt54KzgDkZYfhKMO3FwSEk9+Kh5ZSfiUwjNHcmwG5t8bFrlYEpx3l5/lAo\nVd83UisfMtjnvPDHe+xj37JhC4anlRAF5NeJi/OJHvmszDTu0x5/ojTL3yTYpBJT\n5tVgyuPmQ+o0/Mf0RQdz9PMF7UoMbZZI2dNLezPuzfyJjW3ZodeyHI4ooH5K60mE\nXi0Fr3tI/tl/B9+Mb1koKSSMFjkyHSUcijulLnPkOrdL7P3OL9CLHYad306c\n-----END RSA PRIVATE KEY-----" const dummyCaPrivKey = "-----BEGIN PRIVATE KEY-----\nMIIJKAIBAAKCAgEArmhisg7ydHm1v/Squ35bbi2YVkCW+tdxHB3Nnle4bXo33wmJ\nJUSXijjYZKM66MbG+ctBE75VkYgQ1QY9GatHch2O/NTf0CWXAaJ7NHEV1WDQXeJ1\nGif/xbn8yNZm0l6IaUmldYZKENrk6geAe8lFmojNZyMdbJ83VyUhoVWMckYXUxzD\nXf8/LrfncEaIxSIlO0uTV2gnPSy/S68l8tTflWaOrByujWULtu68hO8L9Yfm7xuk\n7HyLJn3L/eIIV/eKJcWP/od/LA619y26Crd4/E5LYN2pp8LihDWJ70zjGZB5KH4+\npPJMfpQsySw4toQnKt692T6E9eOplOb958BhdMz0jd/hnq7biPa5kr1MvoHg+UHl\nnM1IAA2gCzFQU0GPsBATYc8lmujv5f8jxK1tnqRUomxyMs/vezZXp/QmhSgQFIUW\nFSSGlDgj5giuVVuIIWnRfM35VLIKObP4Ypn7PQlhddsgBGEtTI4ck05gGtPw8pid\nDPJGk7lVKEFuq6zxgM1UUBAXnlWtziWOpj7zqtF6LGBl7UTkqvQzDxsHMqPTpV4c\nOrg/6wT8TQvHKg2b4jN0ByqDeJRmrYH7kq6MCFOQYtcs4DMSnaLmO/DhCE4bUE8N\nl8XaFMvla9F5UIPYACaj9JqtTvH7u844bmvZPD3ZugdH8RrAWtGM+DDEJyMCAwEA\nAQKCAgBG1grP+xYqjIxvLHZztHx6IXawAYfQ1dQQ8WHkIAi+Hle29O6I/nT2JORu\n64UvqhyCtDT4SeQDOdpsSx5h4JkiFjNPKT7GEZ5lgZK81/lgMvQuTZ32Q6y0qDet\ncrdMVizdZpYXR7WpZt521xkuLa9hdpLGgxKeXYRilqg0GMT0XNd4YERRVyxYU0Vi\n6qL+PkIU9Tsg0yKszBHeMYMeP6uXyJHGAdg7gYDiidBzxYt76/i1wOqZSnRR6+IA\ned+dquKnOLilTm8ue8MYY7AeTiqLf1lKPH19r7/EpuIhGX9bkLxE4BGdePPsrU4L\nXzShnMczuEgvhh8Gp7Lm0XLqv85UsIp1wunVGqivCcBwKMlnV062wcoL3OomT4ka\nhWDJON6BiR2+P2zLZyt3SLypNkkkP42gs9Rnfk/QXIWkKIB5+PrurYd8gOxOgxu4\nJY7Bh4EOkDmA3z+PPdibJR4Jgq8xSEIY5oqE4vq7IdXXlDBWixbWy9QRn1+k444j\nxNHw2aTjJ35xH5hzOL3QyRbeiOC2dyATpErXId3IfkU66Uf88S6okaYN+NmOxXZI\nYk4dNBPRhU/CFo2YhyJf+r8R3zkX1uVunln6rQjQHBsG9tuZrsqXPGhLU1zgJyhg\nVYLgLyJRnVqFaJfAAiHy0tGA7K/lw6PDXaw+KBN0ct3SaPIrkQKCAQEA0QiIyqpq\ntDW4+m2IvoTuoezhzz2GnppYp/RCqDD8DGcE/kQx2aPHQTtnk2FmCWA9XVCMCmdG\ndCQJ2XZi8geSHhPgydSGAlpKbdXJ+f8D4QI6j+tc1lqINQoxAKzqUdeoZ4G+SPE/\nAj16v2W7wTAYIAhwuFC8D29PdgYbPjg5olRhRuk3ZL0LBTGKy6SztYN89WdZd0IX\nxG8xG+8iOMe6vFPUAO4h21p4mBwcTOT9nAGRmV1H4EauWQ9GvGXOOOOxIeE0SQDf\nwWUqyqYMPF8Y2WQjMtGjJXrDnfmu7O1uYXHQ/h0AOUwVr4ILHhNwMvHPJ5RlwpUB\nQdW5ZIvlCGO4DwKCAQEA1Zg1qFRh7VHflL2B/cPn80jDjwo1UJIKLCT7skXhzMXG\n1FdDOKqFMgkazOWluYPmzQJG4UDE0tQD5IGz+Wa673hx5RdCxCTecdwhKV/d6V6L\nzJF/xSSrnwdLmkwKdi5aQlHisKMv9Rb2QKdTLNvjbpdCZNbBm/KFMGj3jmGmk5bn\nDBFW5QFpsok2flRIXcgg27jamefsE7bLf04+QzkA0+cOFhTEpJSWE86cawhq79BP\nyH2pKqgNwlz4CzS9VvzPmx5xPtwbxHN7dAZf4+DRIzul6pfJWcv7GhqFxBq55PoE\nnQhrNEMnRqZYS55jZaf8Ah3x+35yKX8BT0iKSuXrrQKCAQEAkMlKhqY3to8niz5n\nYx+MctgzKGrDXgQmuF719K3JR4Xr7Xqq1Mcecs6E1Y63MHNazdHGzkXuhO+ZaukX\na/FWgkLehq4QDH0h5KYaenDq7OWwTpOGAGtAwQxIGOGsg/fOi7NQbBG9xP10kjIT\nNKLtcvKlsOUq/b3p2iQsppInSYsMviM33S0b/wLr0lZIq8dhvFFTpMlA0Sz7ZQ/k\nMlQVwfCGfgZzqQ4nTaTa7WAHUhG8GfCEopISnVl5c3FIwBrmTENDBfX3BmvekfMl\nsoNkIN+9iauvR3ybFkclpLJorFI7omfQCd/rfV+j97cbFg5roEynl3nCHym8eipz\n/7WifQKCAQB/p3hqIgRk0YnOW3RVNcBqphI6at9yR9XMjE3hPeK1f35VadHDDCaO\nwOJDkvx441wNKk8yUINRfWTWLK5jYAJZHKL1R/GfSGmpouYu1BzMXLUwjcTPDhuD\n79g/XzLhbtKC0G2rI9yFnjOOcHJFXSWP8ta7bZ5IlakERbeuYK4thwKPM827EB0b\nluX6mmSlp/X7W39KfFGbdqQocZrEkkzsWCsTB1Z/Bk6rh8/0KBPBP75vFKsF02pl\nvyp/iAWg93ccPhVwfBwcTOh7b1Pf3X0gkYWXrx+ni0GHWFKZ4V84ejRHpcBse7X9\ng21BxGejWcJDgaIdrHSOWFlwCOqd2MwBAoIBAFyCjmzg6g9728ATW1Zar85k2REb\nE4Sjjpf5cQ8BGA0t9X8VK9dTo7uUD0pYeGqEI00TgXUdo50IiAsdRFR4K8xeQ9eP\nnmjyY7aBR7UCm6ydOsdpdYWICjyfLPdEAjiJVr/zgByZtNn+D3ctCRHeWOYNNKjv\nzgVCYF2NEVn5Fx2nc5hfijVC2/8jjmmTc3ry6Z5BfJtFzjLAt4M+EUQGXA6ifi3v\nUGOJ4OOqlyQVLLic+Y8gJCwrUcUEeS8HuWplTS0jV8Vd3a1sLRuuzGdg2VrEXT4w\ng1HlE7rumKdlFWddzacGCAGXLl3XpX4I9DlDlSqgTGLtiiOZk90ZyKJkEWk=\n-----END PRIVATE KEY-----\n" -const dummyIntermediateCaPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\nMIIJKgIBAAKCAgEAuFPWfIzgD6k0hTr8UkztPggDjHRQ1b2Du4KTKRhC91Khw67m\nR57fw/8LtMisEW6BttvWFPeU1JaHJ0Mkxx9SxQFSCReU9C70imHGSEuWYt6p5ud6\nCb7gMdenaMGsIl/5a9JS2DIiLM7tiXJqmSr5KjQ6XF5Ol5O+OUWHNkegC8gLScBZ\nyVgPJsWXRwrjyO/5+i07zWPgEvB682EqrIaCwJjd6Vhk/iOcR2/dpcNZtA3dOkZP\nIz8c2RlZPTTv+U4AyGp0m715HFF5G5QjIdRyAi847esK2sz+6VONx/S+1iTFJS5d\nu8C1IeCA9kfnds3WoFsixF8/HN/TZfBMpfi9/CRRem6dE70tENYSk5RPz8VkUE1a\nVg3J3IesouV60qwy3znzHhTwQ010Abc2gl68hrODBK3bIPso5pYFzeu14GFdvIeF\n2dvOod0YtcDE///dLYyZDZe+OdFT+hDaV5F/qW1oobTFRjZihl1OmikE/pTlMfBF\nY1IjcCTq91LgFknbp6Y9v49daehnj4qHJHVAWrPWWy18VYtxDy5FGIDKyq6uSAmp\nqqwISqIHWhODvZMpduVdRYGqIyadH322Sjuf9ncBRZ491VYFqhhEtL2HQgY89j8f\n/su2EzO0kR89YtLZyRtQS2JGS5qc/0IyqpQXNbWJK9KN6Q+GjcyASufMUH0CAwEA\nAQKCAgEAgP7rE67i/xLDFpn5Cv+a59Zj5V9hUrOWBRuUMSYxdzP00SUNMwIURu2u\nG450HJ7hWD7wyyuYlE3jt65dhpx9KDGMX6CJNXnG2TEjumRrkjWRYW6NEVTrQPZS\nyhT/ie7wdmxyXap4EDOgOJhB0X8pcEessAevqJRUg3AM+AeYEaalf6+FJkriD5go\nDieo0W5f2pzdRReoMJjq8ngFjUd1KaPRaQPbaZ8yNywqSV8037T0JVwe9eOtJKGA\nujzZ0/aqxZb6lCM9Jnw97Pb2vy4Vu0Gg7Z+XsRfVLSS0DENTajnBXgvcvRBXsqWS\nmsgnTBUxJnehFRwy5toc7zID8gLpsOIBKtHsIcwH/0LcLwi+eBJZVlDatlUA+7eF\nnhVNgScEQ4c8otIL4qfZEhSLuN4vDm1cnHoVed/ceI5J7KE4M9qNoTsDBZtMN95W\nl0mAo1zf0LY0Cf/pZ9nVAFlLk3h/8k4D4QPUeUhi/WS5/n00QxBDoMMvOPiinUtA\nYMurLIBwW+fZcYAhJLm4pTrmessaDNparFOaCU3sDS7O/SSybr6RKKviEl1JtTsh\nQ1pUejHpCWTZj5G+9srHpR/a0hMZKjKY5lLvgWWZqMM6cUacC5ZQt92J5rlIxE+6\nMIfDRU0TS4qjRIhvZYCug3w13Zvp3g7rnP1T2d+OEM4BN6jrFGECggEBAOwP6Ucn\nV0K7IqqaTUWocGZs9f/j0/Tm7gWrWRCzHKLOwMxGtCf98rUdabpFnCoPXkrrgt+l\nbk5icQpwWSSzNEQws9H4UaVM/bB15PuJlb9KG4ppiftwuIcdhlnLdjc+7hKhmLD2\neqlG3oqBYnU0J5YhNFoeE+3XcpYqF/fknQ/5JlkCJp7qGcdWhOkOPOtUUA4Ri/6p\nnI3juamK41+vDzqHCXoBRH4ohwINdy4/dC2ZtJlsE0sEEXtFRM+KCHZqMcllUB/8\nntQfgRIIgpR+RMommRRFCtJtn9X8x9yx5sITYqseHru5vtgkal9svpC+29skif8B\nSWSj1uoGH2qsqjsCggEBAMflVH9BSr6IMbcJymkDcayn6PWIr9MB0/sNzgje+/vg\nG69btoOdlJT36r6pSf8MMzCrGYvX5yhuRAJCeSLKpe+1yZCwlPLYhRTBPOvbpnWa\n/M8erbJumES85G5AJsQyeL4Y+vNYNfqH0cFBkTzXwnlNhLcnG7pp9vX2E8GegOLq\nsnbdakRt7W2plamq+WQ1DP1WY08d79NTCydsIXYKygzHx2WUIthLdHiwcHj7ec92\nVSFIBeYDH9wGRbfc8On8lPeJ3nmfc+wob4FfUDTWsmHASBm+N4Rh3z8u4FXE+Gyf\n3EqDzl2m86Q3z3TT+krWtcpxP1CeqxRyisnoB/ojjKcCggEAOVUf9h0S720d3Ut+\nivV+3xGFqbF+sBNKKexUxF6MDOqkHrjpVnEx+lT7cbcoV3rGDvImJgU6xiTYiY2B\nyQ0RG6KsecmSotARKUNo6sKesQfhqns5fO0ClCZSlAp7Wq2ZCsNen1QttGE2+XK1\nI/wXxTmpSl3Vv0U9WkU87wMCNnfvnVyNXrlCq4xS2XuQxiMDEnemhaJSGI//brMB\nyCJvU2qqnYwjQ3S6XYBBuuTEZbLYDw8VnHmPeV34eWNv7Lqb/urxS+OB+8jvAx83\n/7KvKF25fhfKqhLf6AvtyqcWgXpN03uMQVG6jSpC/4wcuHDyWsYEEgARADVepBX6\nmWD4MwKCAQEAlshjG3aJxfz/2zzUZLBHX+BsdkF7tyPq3bYFE2X4F39uArGgk9ka\nyd/UP6t8+JkgR/bYV0ctw66hOD8iFt9bmdy7RZwdTq2KfSRiKttNzepyBl3y0eRg\nkYEWoh9b3qTftS0spsCEPw2SaD9oKcfqlwulL26dmNjzg4byUhuYxxIYOlc8II/3\nB8Bi90/TvQXTXYl7caN4UySSBlOnTd5HmKpduz6pphQMsDkPLgMrWBW/k1I7uMvk\njVhh4JYVV7rCN5LUsVNY4uuBaMoXuzOz7M5Y1KpKQF5/Qq6+Y5Qne/B9/+s6kCQu\nJlI+97YqV6dsC1+vTcXR8KOSE0kmM0X7gwKCAQEAnrygPYCUJPdoKX8e5uNiiOqY\nQYfRPhATciscEEYxlvWLDwE4EoBITVmUNBsB5VPQRpjgiSySBsp8fYZDoeiAgvlj\njn34KCXIh/wcgYf3bddLrWhmRrWsCinlecprDFE0OAr0WjR2RYBIZeSXPc2nDjZJ\nYGPiDpJcmDTYwcPmTiF4kXD1bmfEbWcBsZm1jbScZFYVRt6JZNwMEX07r47iXl8s\nfJLe00VGKQeJxvMqI5as7M+Tp00bgJKEDDglCNFUzqglw2MJMNB2PPTMi0B3iFqA\nFsAsuFGqsM4hCuywGlRhGQtNwOamKDfEwG4MMxDA/4aBZxYjMRWOF18G0/oSIA==\n-----END RSA PRIVATE KEY-----" +const dummyIntermediateCaPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\nMIIJKQIBAAKCAgEAve0zQRQG9o+5BVzRur+wRj5pjUowcd4s8jdO8RP4V/6BprO8\nCaRTD7NjKH0D98Rp+jrvavCS8c2UPvEbpc/06nzxf/BJ3frG77BPoqlRRWZI5Fg2\nK/x7+uVslBt54+0y1eaXuoi9Encsll9NvXUPR6A8A6AImxNbY3ha0udaZaFH26Zf\nPtDnBLrQoLOg5NLT0FjoLrJ3esXV7e6v5eT/eE4tWD4u0GK/4RX+zh/+Y8Envj6P\nD8qJ6MtAf9+++Zi31yUGGhQl/iuW/yeYGcdiMLRBCpC7mzqEJy6CqoSuY8CqOAr+\noC7fckwUm6b/fZbWH57l47CCwDSjFpO2zHcykWBTNu7RkWjBnwgf2btG1bkMPuW9\n7ZyFfswJGcMNsxKTEWgET4ZDzHRK+pQY1Xr1NH5CPa8j2Y00aBYKuYYhOkwrEkHk\nmH6Q16OcaUj8sRj/bmDSjZpwjw4wzRzjTaky66efHqpLrcIlVI66NZH3e0getg/u\nhb9IYBBJwFK1J6TUZqQDXzk1FiT8L7JZaTY10/wEWGBKV1yv++god/xBYIm2QalY\nssMBtRhWCq+ABeQnPZjaClfrGuZ5bXyo8SZUpUxJ89xBXUHhdjdjO19SFY80Xf+R\niXdGOxUIdqBvO8m2Nmm4bWp+oN0wLsMA0Iy4M9oMOwsHS64TlSarPHtxSNMCAwEA\nAQKCAgA3Ou02tY440R6q0o0i0299XdTwA20HD+beIPtR287SN+6X/Zhm7WRCIpZp\nRcGLoZB39f99h6wTqQa9LvwtQcYlEmRgIg45AR4swYbG9Jnvpoj37jcCn4+mLGVg\nxISzpVytGztwQSdKYWGT8O74czwYRh5tp3IZNo3S5UL0JdcByt7Mnxr/d1xW4cSd\nlt7o6+4wnkoWmktoZnOJl2mLXwZzg7hn+t0+OBk4aV8JrgAaHidiiWqs2uczzTda\neERe7Ow5Ikkd+FH8Ecz9MhRnGrYRF7n6SpBj2aZohnv0/lSAKZzWY0wcZMURxdIQ\nWYXejaiC1YBgsAm1vxjWDeqQlvEbGRswoI5A2fLJMqFDR7d143Lp0CTVMeWhERK5\n+sV3uxCkeYnDxUIiIEz7xml7Akf8G+PiEKM9EGITEZWKM0auzy15rO9QqrEOSqP9\nYYQv70tNXqcm3I0Cp80kyHYl/bnfudkL5M8JioHGV4+iZvfOLAPs7awfz7XSx422\nVSrmm8iB027p02UavSFuPEetb15zPfO2dumHox95ZTRaZbLFPx6TUyTgLuCKryZe\nnRB6ca/8+y7CyfeGGvMt4PewhIHRzLKW3HxHUWjj1YUa+zJtfDegDEPHf/dby3wb\n4864S17IuHW3bIO20OrddATTf/iX708fnfOEM+44zQTLuvP10QKCAQEA0vw9w4Zx\nxof9/ccnklWsiP9LcBuZFRyO2PrxWryHIvQ/rptbMKj7fwZ/wCoNck1AnJeCLRfc\nv+P3b+5+fH5jiLPje6rarDqBubpzp7XHqNRM6gHhulUB0jgenu+T397kRNq109bl\nOGFt12clUz+fLB06Cw97AG/10WRz06oB5/6LIIKoYrYHALcZ3q2RoLu4y0Ibgm/S\nwVF/UI8+6ZtS7IwPNBJMYRJjkNj5Nm1A+GQd8kGzTy4gqdNHfwNv863cF1FdxMNV\ng9Y3YcPCECQK1wUI1sO8IUmlYIFKXqq8dxWlNrkiegyz1RPTddY4Nje3T5Y2ISJb\n0zSXCLD91+8yPwKCAQEA5nLBdCrW4Szu53EyxzInS38H/091ngT8N6wVy+oVHsOa\npdlJrAFJ+w419AUdQQGY3QTyae5b6RPkk9VqmvBfBslMdHziJLyt7bh6paKOliO0\n+38B2TtYFWwdPH7a94L4UW2+zw5CrJeI/eZrogKA2aWlXsaFVZeAceEpv16YHwNm\nRijEWNWk93THoCvpwfexjOvEGTMBTqBvJn+t6Nt5xnxz7sjJW5ybHhvD3dSi4VwI\nQx26E7HvUr3wol0i5dbDbIX8Dugti82LvpYy1l/QcJnFBzl7SuE2UmPhVJ5tgoN/\nZcszzhiG6HDX3T3WTjnitgydLAxma1IFMWE1pGYcbQKCAQEAmN3h8lTrAqltwf4W\nEdS5Wdl/Uw7r73vtlBDd5pxKXW0S5vPxMmR9NCAFV7ogW/zVH6A21W1AqFgH47Wt\nN45rl5Se8e9s2PTbITKSsaTnsM+BmtsaLeOBmkrHBOkY/0+DnM/Khl5hXmRZLYSy\naoriTRgwAeuJd1ung7uAoI/BKdIoA7onPr4cfMwtlkW0Cf15euu++tcCoMbns/rV\n3nSHtJQWP+gyJvMn6L8Mcf7e4BnKCMjJnkkRqXpHhyN6bdg+azas9e+BejAvmEo5\nxXAX2orvSIwxNv0hMbb7p3OVccLhHbEt5bhmY7Alum8n80CTNLrlJUS7u1+TPtze\nTyIkCQKCAQBOM+MyaNdC0ty/7cotjveGxzUPjwd6+HYe7mb3LBi+t+JjJbm6hTV1\n3PyyMooa5U/asTMSf7DxB68p++KRccDNrMIlRbv4e48KfPAiBWgdy0A/mHooHdtm\naaoCPYpRNEDQYU2/NjeqGkKC5w7fi7nuIihcYUIeKauM+bwRFSjKXXz3kh4Ph3DU\nCO01jbFmAYhfKiMB6i0nYYpWpj1+J/zLPrCY98pdLGf3b7SoMuCTWYf0PsJGrLtq\neMqQTsro9FidG1rONDxAlSA3LQFTfnBdxdD3Aqq0XnjwvLRa4uiGwdkZ0jtiVTBy\n8NhQXAu9wCcPYHh12j9nbA4XE8YAZCaBAoIBAQDGLx+wJW8Dz0RMrI8S9QP5QbCx\nspGQdE4qr/jZz5ePEXwytr2RRcXb9fAOW6TFxuZeldFCiJQonEjztur40uZB63q9\n4ZeR1jXwwuCcbsz+R90RZ5OddHHtXEDetGimJEWC5CG/G4JyyntXwUUJzWm/9qna\nZRvpb+RfSa2wx6Opb5Mr2Ne1tqtgA+5x0efqk4nyY6knkfFPMkbwZV8hWkhMHtt/\n+5CiaG26ahQREMAFb0eZ1W66O0doSS592WK4NK7j4LAduxtBiRrOJbzluFiEMRfl\njYhbQ9aciqQzhF6umq7dm2xAoNcsINGyWpFbQOs7ySpo+n1c42MF8IC9MOFq\n-----END RSA PRIVATE KEY-----" func hashCsrTemplate(hashF hash.Hash, csrTemplate *x509.CertificateRequest) (digest []byte, err error) { @@ -93,7 +92,7 @@ func hashCsrTemplate(hashF hash.Hash, csrTemplate *x509.CertificateRequest) (dig // testCmd represents the test command var testCmd = &cobra.Command{ Use: "test", - Short: "Test connectivety to the socket for some encrypt/decrypt", + Short: "Test connectivity to the socket for some encrypt/decrypt", RunE: func(cmd *cobra.Command, args []string) error { time.Sleep(2 * time.Second) @@ -262,39 +261,37 @@ func runTest() error { logrus.Info("Test 5 AuthenticatedEncrypt ") var aeResp *istio.AuthenticatedEncryptResponse if aeResp, err = ic.AuthenticatedEncrypt(ictx, &istio.AuthenticatedEncryptRequest{ - KekKid: genKEKResp.KekKid, + KekKid: genKEKResp.KekKid, EncryptedDekBlob: genDEKResp.EncryptedDekBlob, - Plaintext: istioIntermediateCaCSR, - Aad: aadHashOfSelectedCsrTemplateFields, + Plaintext: istioIntermediateCaCSR, + Aad: aadHashOfSelectedCsrTemplateFields, }); err != nil { logrus.Fatal(err) return err } - /* AuthenticatedDecrypt */ logrus.Info("Test 6 AuthenticatedDecrypt ") var adResp *istio.AuthenticatedDecryptResponse if adResp, err = ic.AuthenticatedDecrypt(ictx, &istio.AuthenticatedDecryptRequest{ - KekKid: genKEKResp.KekKid, - EncryptedDekBlob: genDEKResp.EncryptedDekBlob, - Ciphertext: aeResp.Ciphertext, - Aad: aadHashOfSelectedCsrTemplateFields, + KekKid: genKEKResp.KekKid, + EncryptedDekBlob: genDEKResp.EncryptedDekBlob, + Ciphertext: aeResp.Ciphertext, + Aad: aadHashOfSelectedCsrTemplateFields, }); err != nil { logrus.Fatal(err) return err } logrus.Infof("Test 6 Returned AuthenticatedDecrypt (b64): %s", base64.URLEncoding.EncodeToString(adResp.Plaintext)) - logrus.Info("Test 7 ImportCACert ") var icResp *istio.ImportCACertResponse if icResp, err = ic.ImportCACert(ictx, &istio.ImportCACertRequest{ CaId: caKid, - CaCertBlob: []byte(dummyCaCert), + CaCertBlob: []byte(dummyCaCert), }); err != nil { logrus.Fatal(err) return err @@ -331,9 +328,6 @@ func runTest() error { return fmt.Errorf("VerifyCertChain returned false") } - - - /* VerifyCertChain - provides the target cert and the root cert (which matches one already in the HSM) */ @@ -358,11 +352,6 @@ func runTest() error { return fmt.Errorf("VerifyCertChain returned false") } - - - - - /* VerifyCertChain - provides the target cert and an intermediate cert (which verifies against one already in the HSM) */ @@ -390,12 +379,9 @@ func runTest() error { return err } - var signedCertByIntermediate []byte signedCertByIntermediate, err = dummyCaCertSigner(istioIntermediateCaCSRForEnd, dummyIntermediateCaCert, dummyIntermediateCaPrivateKey) - - chain = nil chain = make([][]byte, 0) // Append the intermediate cert first @@ -423,7 +409,7 @@ func runTest() error { logrus.Info("Test 11 VerifyCertChain (only target cert - negative)") - badCert, _ := x509.ParseCertificate(signedCert) + badCert, _ := x509.ParseCertificate(signedCert) badCert.Signature[42] ^= badCert.Signature[42] chain = nil @@ -487,8 +473,6 @@ func init() { // testCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") } - - func dummyCaCertSigner(p10Csr []byte, pemCaCert, pemCaPrivKey string) (signedCert []byte, err error) { var reloadedCsr *x509.CertificateRequest @@ -507,7 +491,6 @@ func dummyCaCertSigner(p10Csr []byte, pemCaCert, pemCaPrivKey string) (signedCer return } - var pemKeyBlock *pem.Block pemKeyBlock, _ = pem.Decode([]byte(pemCaPrivKey)) var parsedCaPrivKey *rsa.PrivateKey @@ -533,7 +516,7 @@ func dummyCaCertSigner(p10Csr []byte, pemCaCert, pemCaPrivKey string) (signedCer SerialNumber: serialNumber, Subject: pkix.Name{ Organization: reloadedCsr.Subject.Organization, - CommonName: reloadedCsr.Subject.CommonName, + CommonName: reloadedCsr.Subject.CommonName, }, SignatureAlgorithm: x509.SHA256WithRSAPSS, @@ -541,10 +524,10 @@ func dummyCaCertSigner(p10Csr []byte, pemCaCert, pemCaPrivKey string) (signedCer SubjectKeyId: []byte{1, 2, 3, 4}, - IsCA: true, + IsCA: true, NotBefore: time.Now(), - NotAfter: time.Now().Add(time.Hour * 1), + NotAfter: time.Now().Add(time.Hour * 24 * 365 * 10), KeyUsage: x509.KeyUsageCertSign, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, @@ -576,5 +559,5 @@ func dummyCaCertSigner(p10Csr []byte, pemCaCert, pemCaPrivKey string) (signedCer return } - return + return } diff --git a/pkg/providers/p11.go b/pkg/providers/p11.go index 863ce96b..ccd04c60 100644 --- a/pkg/providers/p11.go +++ b/pkg/providers/p11.go @@ -507,15 +507,15 @@ func (p *P11) VerifyCertChain(ctx context.Context, request *istio.VerifyCertChai var parsedTargetCert *x509.Certificate /* - Regardless of the length of the supplied chain, we need to try and turn this into a valid chain, with the head of - the chain being something we pull from the HSM - The length of the chain must be at least 2 when we're done + Regardless of the length of the supplied chain, we need to try and turn this into a valid chain, with the head of + the chain being something we pull from the HSM + The length of the chain must be at least 2 when we're done */ var retrievedRootCert *x509.Certificate var verifyOpts = x509.VerifyOptions{ - Roots: x509.NewCertPool(), + Roots: x509.NewCertPool(), Intermediates: x509.NewCertPool(), } @@ -544,10 +544,10 @@ func (p *P11) VerifyCertChain(ctx context.Context, request *istio.VerifyCertChai default: { - /* - We try to verify the chain as supplied - if this verifies we then look at the returned chain root and see - if matches our existing root cert - */ + /* + We try to verify the chain as supplied - if this verifies we then look at the returned chain root and see + if matches our existing root cert + */ var parsedFirstCert *x509.Certificate if parsedFirstCert, err = x509.ParseCertificate(request.Certificates[0]); nil != err { @@ -562,13 +562,13 @@ func (p *P11) VerifyCertChain(ctx context.Context, request *istio.VerifyCertChai } var preliminaryVerifyOpts = x509.VerifyOptions{ - Roots: x509.NewCertPool(), + Roots: x509.NewCertPool(), Intermediates: x509.NewCertPool(), } preliminaryVerifyOpts.Roots.AddCert(parsedFirstCert) // And add any supplied intermediate certs - for i := 1; i < len(request.Certificates) - 1; i++ { + for i := 1; i < len(request.Certificates)-1; i++ { var parsedAdditionalIntermediateCert *x509.Certificate if parsedAdditionalIntermediateCert, err = x509.ParseCertificate(request.Certificates[i]); nil != err { @@ -581,17 +581,17 @@ func (p *P11) VerifyCertChain(ctx context.Context, request *istio.VerifyCertChai var parsedChains [][]*x509.Certificate if parsedChains, err = parsedTargetCert.Verify(preliminaryVerifyOpts); nil != err { logrus.Errorf("supplied chain does not verify") - return + return } else { /* - Here we examine the verified chains, as yet ignoring our CA certs. - If the verified chain root matches our CA cert, all is good + Here we examine the verified chains, as yet ignoring our CA certs. + If the verified chain root matches our CA cert, all is good - If not, we treat it as an intermediate cert and proceed to a verification which takes this into account + If not, we treat it as an intermediate cert and proceed to a verification which takes this into account - For now, we should only have a single chain, so crash out if there's more than one - */ + For now, we should only have a single chain, so crash out if there's more than one + */ if 1 != len(parsedChains) { err = fmt.Errorf("unhandled: multiple verification chains") return @@ -603,25 +603,24 @@ func (p *P11) VerifyCertChain(ctx context.Context, request *istio.VerifyCertChai } /* - Here, if the preliminary verification root matches our HSM-stored root, we add to verifyOpts.Roots - Else, we haven't seen this before, so add to verifyOpts.Intermediates - */ - if !retrievedRootCert.Equal(parsedChains[0][len(parsedChains[0]) - 1]) { - verifyOpts.Intermediates.AddCert(parsedChains[0][len(parsedChains[0]) - 1]) - // And add our HSM-sourced CA cert as a root - verifyOpts.Roots.AddCert(retrievedRootCert) + Here, if the preliminary verification root matches our HSM-stored root, we add to verifyOpts.Roots + Else, we haven't seen this before, so add to verifyOpts.Intermediates + */ + if !retrievedRootCert.Equal(parsedChains[0][len(parsedChains[0])-1]) { + verifyOpts.Intermediates.AddCert(parsedChains[0][len(parsedChains[0])-1]) + // And add our HSM-sourced CA cert as a root + verifyOpts.Roots.AddCert(retrievedRootCert) } else { - verifyOpts.Roots.AddCert(parsedChains[0][len(parsedChains[0]) - 1]) + verifyOpts.Roots.AddCert(parsedChains[0][len(parsedChains[0])-1]) } } - /* - And add any more possible intermediates (these are treated as being any certificates which are not the - first or the last) - */ - for i := 1; i < len(request.Certificates) - 1; i++ { + And add any more possible intermediates (these are treated as being any certificates which are not the + first or the last) + */ + for i := 1; i < len(request.Certificates)-1; i++ { var parsedAdditionalIntermediateCert *x509.Certificate if parsedAdditionalIntermediateCert, err = x509.ParseCertificate(request.Certificates[i]); nil != err { @@ -634,8 +633,6 @@ func (p *P11) VerifyCertChain(ctx context.Context, request *istio.VerifyCertChai } } - - resp = &istio.VerifyCertChainResponse{} _, verifyErr := parsedTargetCert.Verify(verifyOpts)