diff --git a/cmd/contour/servecontext.go b/cmd/contour/servecontext.go index f2a662fa0cc..151467349f6 100644 --- a/cmd/contour/servecontext.go +++ b/cmd/contour/servecontext.go @@ -221,6 +221,7 @@ func (ctx *serveContext) tlsconfig() *tls.Config { err := ctx.verifyTLSFlags() check(err) + // load certificates and key to catch configuration errors early cert, err := tls.LoadX509KeyPair(ctx.contourCert, ctx.contourKey) check(err) @@ -232,11 +233,33 @@ func (ctx *serveContext) tlsconfig() *tls.Config { log.Fatalf("unable to append certificate in %s to CA pool", ctx.caFile) } + // lazily load certificates and key at TLS handshake to ensure that latest + // certificates are used in case they have been rotated return &tls.Config{ Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAndVerifyClientCert, ClientCAs: certPool, Rand: rand.Reader, + GetConfigForClient: func(*tls.ClientHelloInfo) (*tls.Config, error) { + + cert, err := tls.LoadX509KeyPair(ctx.contourCert, ctx.contourKey) + check(err) + + ca, err := ioutil.ReadFile(ctx.caFile) + check(err) + + certPool := x509.NewCertPool() + if ok := certPool.AppendCertsFromPEM(ca); !ok { + log.Fatalf("unable to append certificate in %s to CA pool", ctx.caFile) + } + + return &tls.Config{ + Certificates: []tls.Certificate{cert}, + ClientAuth: tls.RequireAndVerifyClientCert, + ClientCAs: certPool, + Rand: rand.Reader, + }, nil + }, } } diff --git a/cmd/contour/servecontext_test.go b/cmd/contour/servecontext_test.go index db5ccc3b6c7..7de16cec88c 100644 --- a/cmd/contour/servecontext_test.go +++ b/cmd/contour/servecontext_test.go @@ -14,11 +14,20 @@ package main import ( + "crypto/tls" + "crypto/x509" + "encoding/pem" + "io/ioutil" + "net" + "os" + "path/filepath" "reflect" "testing" "time" "github.com/google/go-cmp/cmp" + "github.com/projectcontour/contour/internal/assert" + "google.golang.org/grpc" "gopkg.in/yaml.v2" ) @@ -191,9 +200,167 @@ leaderelection: } } +// testdata for this test case can be re-generated by running: +// make gencerts +// cp certs/*.pem cmd/contour/testdata/X/ +func TestServeContextCertificateHandling(t *testing.T) { + tests := map[string]struct { + serverCredentialsDir string + clientCredentialsDir string + expectedServerCert string + expectError bool + }{ + "successful TLS connection established": { + serverCredentialsDir: "testdata/1", + clientCredentialsDir: "testdata/1", + expectedServerCert: "testdata/1/contourcert.pem", + expectError: false, + }, + "rotating server credentials returns new server cert": { + serverCredentialsDir: "testdata/2", + clientCredentialsDir: "testdata/2", + expectedServerCert: "testdata/2/contourcert.pem", + expectError: false, + }, + "fail to connect with bad client certificate": { + serverCredentialsDir: "testdata/2", + clientCredentialsDir: "testdata/1", + expectedServerCert: "testdata/2/contourcert.pem", + expectError: true, + }, + } + + // create temporary directory to store certificates and key for the server + configDir, err := ioutil.TempDir("", "contour-testdata-") + checkErr(t, err) + defer os.RemoveAll(configDir) + + ctx := serveContext{ + caFile: filepath.Join(configDir, "CAcert.pem"), + contourCert: filepath.Join(configDir, "contourcert.pem"), + contourKey: filepath.Join(configDir, "contourkey.pem"), + } + + // initial set of credentials must be linked into temp directory before + // starting the tests, to avoid error at server startup + err = linkFiles("testdata/1", configDir) + checkErr(t, err) + + // start a dummy server + opts := ctx.grpcOptions() + g := grpc.NewServer(opts...) + if g == nil { + t.Error("failed to create server") + } + + address := "localhost:8001" + l, err := net.Listen("tcp", address) + checkErr(t, err) + + go func() { + err = g.Serve(l) + checkErr(t, err) + }() + defer g.Stop() + + for name, tc := range tests { + t.Run(name, func(t *testing.T) { + // link certificates and key to temp dir used by serveContext + err = linkFiles(tc.serverCredentialsDir, configDir) + checkErr(t, err) + receivedCert, err := tryConnect(address, tc.clientCredentialsDir) + gotError := err != nil + if gotError != tc.expectError { + t.Errorf("Unexpected result when connecting to the server: %s", err) + } + if err == nil { + expectedCert, err := loadCertificate(tc.expectedServerCert) + checkErr(t, err) + assert.Equal(t, receivedCert, expectedCert) + } + }) + } +} + func checkErr(t *testing.T, err error) { t.Helper() if err != nil { t.Error(err) } } + +// create symbolic link of files in src directory to the dst directory +func linkFiles(src string, dst string) error { + absSrc, err := filepath.Abs(src) + if err != nil { + return err + } + + matches, err := filepath.Glob(filepath.Join(absSrc, "*")) + if err != nil { + return err + } + + for _, filename := range matches { + basename := filepath.Base(filename) + os.Remove(filepath.Join(dst, basename)) + err := os.Symlink(filename, filepath.Join(dst, basename)) + if err != nil { + return err + } + } + + return nil +} + +// try to establish TLS connection to the server, if successful, return the server certificate +func tryConnect(address string, clientCredentialsDir string) (*x509.Certificate, error) { + clientCert := filepath.Join(clientCredentialsDir, "envoycert.pem") + clientKey := filepath.Join(clientCredentialsDir, "envoykey.pem") + cert, err := tls.LoadX509KeyPair(clientCert, clientKey) + if err != nil { + return nil, err + } + + clientConfig := &tls.Config{ + ServerName: "localhost", + Certificates: []tls.Certificate{cert}, + InsecureSkipVerify: true, + } + conn, err := tls.Dial("tcp", address, clientConfig) + if err != nil { + return nil, err + } + defer conn.Close() + + err = peekError(conn) + if err != nil { + return nil, err + } + + return conn.ConnectionState().PeerCertificates[0], nil +} + +func loadCertificate(path string) (*x509.Certificate, error) { + buf, err := ioutil.ReadFile(path) + if err != nil { + return nil, err + } + block, _ := pem.Decode(buf) + return x509.ParseCertificate(block.Bytes) +} + +// Workaround for TLS 1.3: due to shortened handshake, TLS alert from server is +// received at first read from the socket. To receive alert for bad certificate, +// this function tries to read one byte. +// Adapted from https://golang.org/src/crypto/tls/handshake_client_test.go +func peekError(conn net.Conn) error { + _ = conn.SetReadDeadline(time.Now().Add(100 * time.Millisecond)) + _, err := conn.Read(make([]byte, 1)) + if err != nil { + if netErr, ok := err.(net.Error); !ok || !netErr.Timeout() { + return err + } + } + return nil +} diff --git a/cmd/contour/testdata/1/CAcert.pem b/cmd/contour/testdata/1/CAcert.pem new file mode 100644 index 00000000000..e80dc9ac283 --- /dev/null +++ b/cmd/contour/testdata/1/CAcert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIUHA9n4BBwtiDHvIN4Eq8isFCk+3wwDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1MzkyNFoXDTI1MDEyNzE1MzkyNFowLzEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3VyIENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyX+m7eJzYLHBRIaDftgDovBjtMGQJ8jzNezF +c6uE6PcsQhk7nIj8Czgd8Jr/AsHY8a4x/Pddm86dYzl6XBWSS2ogJYUzCaXAr59q +qT6g5j0/rHlxzWeFge+0EjPQuAphI4kZ4j9Ua014KaMLCxVFXH/c96OHxC3/L1vh +0BKyceVWKfbvn23kc47xylFkFQnmbYxIEkJA4/Jq6ewsBScB1mp24s+xyl1m6ePO +WhMo7Od2xQsUhGKDJYMFV7cXmwDXR2QudZE+OvcaSoVYMktOpyh07RSRQEkx4URY +gc61nkFRekZIc6rfbbK9xMQtcWkbvtopqDiyt1PfWbHaelTgvwIDAQABo1MwUTAd +BgNVHQ4EFgQU02g0ldN022nR81UCP3fN0PkYu7YwHwYDVR0jBBgwFoAU02g0ldN0 +22nR81UCP3fN0PkYu7YwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAmcm2vkBudVY70WcIpUZlRU8NOmUKb6wtSugJ+vPBDyDDN1H+OH0u5l4yXFA8 +87uOS8Z1n+Sxw5fKH1rp/TVbwm++nVJ7RjalRQBG5skdx6J7qEL9H2vx9VHG/7Ib +G+NL95TBtk9042KJFiZXsY8KPA4JSEFPWVIcXmaq2iTJxSMHGD3MQv33yjgXH81U +e09f27Vfbl+YFvkSljZJKxXjgwPVDlo5Sv/9e4mS51dhraEvJV+dubz7EVv/R7F/ +pHX+tVn0+WSfero8cIfhhj1H9+Cn5lnUUHYnnnbrLh5j8ZldniW2nXkOWR5LQN0J +CwkA744hrtGj9dDmI/vwcpQ1tw== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/1/CAkey.pem b/cmd/contour/testdata/1/CAkey.pem new file mode 100644 index 00000000000..0a5872db217 --- /dev/null +++ b/cmd/contour/testdata/1/CAkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJf6bt4nNgscFE +hoN+2AOi8GO0wZAnyPM17MVzq4To9yxCGTuciPwLOB3wmv8CwdjxrjH8912bzp1j +OXpcFZJLaiAlhTMJpcCvn2qpPqDmPT+seXHNZ4WB77QSM9C4CmEjiRniP1RrTXgp +owsLFUVcf9z3o4fELf8vW+HQErJx5VYp9u+fbeRzjvHKUWQVCeZtjEgSQkDj8mrp +7CwFJwHWanbiz7HKXWbp485aEyjs53bFCxSEYoMlgwVXtxebANdHZC51kT469xpK +hVgyS06nKHTtFJFASTHhRFiBzrWeQVF6Rkhzqt9tsr3ExC1xaRu+2imoOLK3U99Z +sdp6VOC/AgMBAAECggEAThXG5cbsuVsJL3oFOUGS3zDTIrgkGhbYkVwpBHNCdVlb +8F2A6V94dQyRJa2bB0GBxd6ghoyB3SBLg6lBjq/ZWppMzN16ctGmAyj/F4kqpy6z +Hy6M+HGWnkz69lbYGooDLNczjabHGzIRT+lcHTZoA7mVMu5Pban5iyvLLWwhdNsf +q9d7pYHt/TxpkkBTZOpDB8B2jFWMKcxBFSdeUE/0DzT5LkqPfgzq//86XGnc2wSj +KAhJipfASApYHwlleqi2OfXiGF+sVQdbqdiVT1SbJheSuRC3yMZc0Njeyf9iUsM+ +LL70lUKRnM+PXENyPNpRGkU6RlDEQ3pnjkNI9UOEMQKBgQDvX8ehWsCkBQmSSfbi +YYSxuu/hzfu/crA+g3fe1mdGwcBipum5kxgF2rj5i4c7RbqqDEqRtFFEpmMoQ8D8 +bHsK3SwcKFPNtX64/OQkTWq+nD0pvVi/ymS/R199Z9K13Fpb93CLU0xftXXDT4yE +UN4NQrFc+zdqEidHeLCxMdwU5wKBgQDXfmwnQk/vz45yaissw+yBanlWpRUEq2fI +acvZ3xWl+1ffkEzY+NeEeIz52BcMf7JwCkD753hSoNh507850GeHlRZ+o2Kq7XAR +N1SVZelG590p2xP1aSE0GnyfeuQd0HZEGrpje8Moi2vMQ2oYd47BoTMlZ2mqawbD +URMm1pWCaQKBgCXegTaFpPRN17XM/cHSq6tyZ4DRlYI0Iq3BHrWiNbR78nOo9FDn +dGV4tMrFyB8YaO9+Ak4KuNCjggxcq6tDfjO5ycCqoJdqnyGk4HLdzIVbMlHoIqI0 +4rtgDztHsY4Tzje+bY+dHfgGPRso+pH0OSzf4C9Vju648H3eGhXuTWMBAoGBAJNq +n9AnlAmownjQ2mJQUZ2i2gkE+6DrJR88CMEt1GBs1gtRatDPQpgT49UTF4lsXgQ5 +b4UkLvLPp+eHjHyfbgOZYP8XBGuL7KtKX6moQvJHscttXHT5C0bai8CJ0D35Gr6y +Tim6Q6Kb5g2hXJYKS/V4MkX3PZjgiIrbDq/2AedpAoGBAIBHeCNIZtydwp8l3imp +zO67h/X1Gp6OOuJe7PK0LgocBCTTmFQrezNgctHEWccV6TlXPYMG5ZrRX5cc4R8D +e7YBvgq2tNg4baRqJLV5/4YRZk93yAB30D18gqeloua8MigxGyT+Usjb0BLRWmVj +HTS5+5+m8y3RxoThspWO8DkY +-----END PRIVATE KEY----- diff --git a/cmd/contour/testdata/1/contourcert.pem b/cmd/contour/testdata/1/contourcert.pem new file mode 100644 index 00000000000..d92d8a801ea --- /dev/null +++ b/cmd/contour/testdata/1/contourcert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIUQ791kdZBTnbqToyBUaKKLuIaqqYwDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1MzkyNFoXDTI1MDEyNzE1MzkyNFowLDEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMRAwDgYDVQQDDAdjb250b3VyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAw6pOu3k8fO6TejESmIKuTFGIuZf/PW86cMImfeHw +DahGVffvbLTK0YNpTeeyuACFH3vgMPMhBpPUVRK/te8cK02kWQGNROQgQMM9KKyb +y//zQTze28SKW2kCrmBg5NWPITjTuZCpx+A/OxX8PTWNQUHXByCshC9GGt+Ks65q +kqD2EuMT5tWeedBWFDYZVYxSxG0AHs41MHbtm9Z642u1q45akNQ2HF24PPH7cxF0 +xKkNHZrdBx4XIst3fvkSTyu9CHG/jbstmHNE5ODo4+4Jk5dl3GUP93BmmPXrcOy+ +VLYZZdvPPlzGBbENRdxs4gONJf0bZE5QF4huyzjt/ISBtwIDAQABo4GdMIGaMB8G +A1UdIwQYMBaAFNNoNJXTdNtp0fNVAj93zdD5GLu2MAkGA1UdEwQCMAAwCwYDVR0P +BAQDAgTwMF8GA1UdEQRYMFaCB2NvbnRvdXKCCTEyNy4wLjAuMYIWY29udG91ci5w +cm9qZWN0Y29udG91coIoY29udG91ci5wcm9qZWN0Y29udG91ci5zdmMuY2x1c3Rl +ci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAQEAig7VDaLjtUeHdTtRXEItZEEgLWcI +6sP6XA1pUcBoCy6lRaVbeqM5Y3tm+HPX0RQoqH200Ub2b3yB84La4V2cy4+DlAoz +gASHOn6Sop7TR7TwFlHEh/r+dAXw2iENYY8oXexmCpa53s1+9WbkzWw1y5wW0fuS +DuIEMYpZvp7mFZD7lzDHQU8ulorddtNVhC60VKPoBr6pWLfT2eYulZTuGt3oUeT5 +x7rxWLFiEi7TT+5dcxEfKwn0bknyjrCWyt0bTkJNl/1anSm8RccmTDY3kGj9YZsY +hZyX+069Mi553cRwd95hWPzttJVSrNhvRCj91IpZgTYEUHLWvWhhs36xFg== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/1/contourkey.pem b/cmd/contour/testdata/1/contourkey.pem new file mode 100644 index 00000000000..e6e093be313 --- /dev/null +++ b/cmd/contour/testdata/1/contourkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAw6pOu3k8fO6TejESmIKuTFGIuZf/PW86cMImfeHwDahGVffv +bLTK0YNpTeeyuACFH3vgMPMhBpPUVRK/te8cK02kWQGNROQgQMM9KKyby//zQTze +28SKW2kCrmBg5NWPITjTuZCpx+A/OxX8PTWNQUHXByCshC9GGt+Ks65qkqD2EuMT +5tWeedBWFDYZVYxSxG0AHs41MHbtm9Z642u1q45akNQ2HF24PPH7cxF0xKkNHZrd +Bx4XIst3fvkSTyu9CHG/jbstmHNE5ODo4+4Jk5dl3GUP93BmmPXrcOy+VLYZZdvP +PlzGBbENRdxs4gONJf0bZE5QF4huyzjt/ISBtwIDAQABAoIBAA0cERBgjBv2xCzQ +suVDBDia0eVVeMV9+VVqvLd8duADYUsLRKBs8JXfDyQoHQJVDpZQb3H4KENPjk9w +5SVkcue32QYZo4R1IHAWZLef8QRXDs5VLL1eysJbI9HZJUTPxjo8m3r4ZVe9/56O +14qmVuODbMvOdaCZpkHQrnNhgUR3pCWAE61NFuCEnxve2CH09jmZosItl7RQx2g4 +lbAfAlg5zd87E9g1mbslfsWwbFvKcbGktGeTzA8VgYj/Fik/ObJmOWe9B2DTTo8K +HBELnv5fVRLSfs51YC3lTNDOVrrWuwdMTofLlcl+0RB6vEA0akpRsJJfvgfmXdYS +LPSknzkCgYEA/x68xfi4a/otJYhqqsw/TI+iy7B8t/lchcuYMAmg41ipWFKWpGrP +Uer19Ca/yJ7cgcfgyg+65HdRxby4izcixXnrSIqA2op7wswqxhNR/d7H8+c4ejMz ++GUwBbFL5yp5D6LhPl+DFGEsB1bm4D51VavLTC+MLdDQo+PZ9fXH+xUCgYEAxFcS +0k9QyIe2VYnfmpCzGUvTr916XXJPEUtvGH7rJsnR8EjLwtMcmXcM/7VO0Btf5rAD +EHFmXg2BPMcOB6DYWOITRfvMXJ/avk0kuhjc385TwzhroVAW9skrtTxiMaNNi4nE +EHxQmBoiz8ElbiaixKPDr163f97NYR7BnNqgjJsCgYEA4fiW2n/40mNxE7qmSIzL +UIQ1fVfg0JAGHNh9/6a3pEgHD51vo0icRAHrQwwDea8Ev8uMV03hi7YIby4/A8id +eu8HsWREx8472wo+pN2+FTD8SRS4GL07vjvacmBdS+959ZifDEFLeIStm/6kV2Hb +Sjv1wZCoCHjaJSCQEeVW8hUCgYB7KPuffS15fNf9dE0VUetm1M/nI5EciRXcDWuU +/BhZ7oOIrMFUZsUr5yf6Rys3E9TmikaBzACgwuvsyhic5GKR7s6UOc0J1SSL9yww +qGP06CJW9U9ekzS0faCzQTt/U6bS/wpEJRcRMmPf2pK2M/oqS2f22/1Tctl2MKrW +z7WiPQKBgHBFlEkTHjC+nqvCy9tfyW3dqseqWa8/mpn0DYyEudYUJMTam339QxVB +5ewYnCU7sSAqVH3BNTQUVWh2KJ2gVitAT3nAkUZASPI5LFrQAiLERvii6oeuhE4L +WwSKVFuctBnrT2ZDTtfhAtIQ8ebkF2kUOhmLmwfaRismiIPt4Nwu +-----END RSA PRIVATE KEY----- diff --git a/cmd/contour/testdata/1/envoycert.pem b/cmd/contour/testdata/1/envoycert.pem new file mode 100644 index 00000000000..1ab7aad52b1 --- /dev/null +++ b/cmd/contour/testdata/1/envoycert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIUQ791kdZBTnbqToyBUaKKLuIaqqcwDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1MzkyNFoXDTI1MDEyNzE1MzkyNFowKjEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMQ4wDAYDVQQDDAVlbnZveTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANYg1iHTm1qwE/LeDci65o6wd+goE354cyU8Z2oQFPPq +VQhzW5AFxnloMBOS9sbCEAWveLmHrjBvKnkAjcuOBmTWfVnCaQlm+j/Cspqx9xvF +N2RBoVrQaOKdiqEnBudTCV6wmcUKCMrtoS3ShQ81PJ7wArA7ERbzmRq3Ys3eceuo +OUJATSZzplaY3eTfBXOh7V4+Vb1hwngdOmetbj+9+xgWi39Xp7Zh6U9DL7dH2Qg8 +dOlY/E54kRuw13XffFdtIwSIRxFhlI2LqeRyhKWp21p9zkCcp+7Nfm3wOnRO62K9 +B25DsVQSGB+gUuakYeF6YLSH8nO50WHgl4g0yi0RoMcCAwEAAaNYMFYwHwYDVR0j +BBgwFoAU02g0ldN022nR81UCP3fN0PkYu7YwCQYDVR0TBAIwADALBgNVHQ8EBAMC +BPAwGwYDVR0RBBQwEoIFZW52b3mCCTEyNy4wLjAuMTANBgkqhkiG9w0BAQsFAAOC +AQEALAyIvQal5g2bKDhF2+/5VkaYV18A27RsmGNZaL5Hd0+066AB0WCCCVbSrzTa +6DlJfElBcT88ddBrf1bB+h4FyQZlNUg+ewl9RfIVOdErYSkFeO5aeCWD2ieLxdH2 +f4W24v+/H8a5daC4K0l0kK3FFM8MUDQy2BAfcbgphehME70Rj6/xX3IZKU4c+Cjb +VIWTyr+RnWgki3iRpyTSQFOkdRtEKVsk+S/mSIOoofbGby85jXpzL2z3XNpoX94K +9rOa76miggoH50TpqDjkWz+wbdQodhw3k8Yjn6s4jW0DiUK7c1ecjrNJW+1GfAOx +cUa45Lfpy5XmCzB+wAISoGvqlQ== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/1/envoykey.pem b/cmd/contour/testdata/1/envoykey.pem new file mode 100644 index 00000000000..6bd76042ee3 --- /dev/null +++ b/cmd/contour/testdata/1/envoykey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA1iDWIdObWrAT8t4NyLrmjrB36CgTfnhzJTxnahAU8+pVCHNb +kAXGeWgwE5L2xsIQBa94uYeuMG8qeQCNy44GZNZ9WcJpCWb6P8KymrH3G8U3ZEGh +WtBo4p2KoScG51MJXrCZxQoIyu2hLdKFDzU8nvACsDsRFvOZGrdizd5x66g5QkBN +JnOmVpjd5N8Fc6HtXj5VvWHCeB06Z61uP737GBaLf1entmHpT0Mvt0fZCDx06Vj8 +TniRG7DXdd98V20jBIhHEWGUjYup5HKEpanbWn3OQJyn7s1+bfA6dE7rYr0HbkOx +VBIYH6BS5qRh4XpgtIfyc7nRYeCXiDTKLRGgxwIDAQABAoIBAQCTZoNBQeN9qBvz +YbxnY5F2xC+mln/k3ZGWHmCp+GwUBEmIybBMEk2wIXKG5vINnGVfJI2cWbQlD0FT +jngNmbT5EVW0xkl7+XFnFuXP65ZJfZdF4o/qbfDlnsFhcfYko1qd3j/cDa5D0xTS +8Eo8T89tMZcILYD0JbhNVdQkF26gYyi+wxmArqayo1kbBj9uB/b2bkeDLIkIMhl5 +OWm8Nq628w/9QvszBvd5jLhBn7QG29IkNmUWse5pr6bfmfRxw5Rw6BKmTfRgZ1Ne +aVGfZOZj0+y5f165Zdoj1HQhYgj+ZDETZwLlMHryM8nAK6AjsVp8fmKg7lYeXs7z +PutbZnjhAoGBAOsjzKeqtOi1m4hXPQoXsqV/bT3m0zl3bRWtSJenDcjRjX9BQKI8 +W2ceDUpRXgP+QCmCJcL4HQCDewSJJ4itrABit2VvKUyKjztUS8dIapx4hXbilmK7 +Cm+xqwFdAsO+5bdNB+Cxliiowk7hyIQmk97/yhk40gA61DzcmtGUx9cpAoGBAOkf +2TrlAaWSrZ69sxUQJjoixIeyfULCaNbjkxGaJmFAUT1EvCWplpfMP5ypBTsQRhSK +r3oiU/Rma/SisgzQa6FrsIQ3un8Es5KKfuBFEhbOHmzsIAgGziAfutscUvwdM2nT +iagBCVIg/xB4FszEZB3el4Q60hPhfBylx7cwSWZvAoGBANGIdTZzyAIW0yILmzkD +JQ6VHqOqrU7oPSyz3ZxGIOJy2cQsQYxQfKLHBNDU8RJd3o8eisfSkQWEJHtGPRRu +rncpgIPDKuoqDrivxVcwENCeFVB7WcdhJUui5t+wImaMFefhnMN9fHF+8KeaSzR3 +rA1roowXNgs+YSJa8xsPmYUBAoGBANAPj7ZDizu19GTX08v5tNRwEU023RrHHgCj +7a9pD9X+LENtZCqM+A2UyjVMmJGFTbaprEFp/9oBy1n0Fsre/SB9V3Y5sqYIkSg5 +mVEZ9DIMVhVKjK/9Otxq1T8XQW0ntqo9lP8vpZz6PAr70wWARgZuknX+dV4vAbEj +uGJjoy7bAoGAJcoNmYMEGi+Q8F2Ksx3KtZcX8oFawnDG4rSNTavS7seu5fUTcnUm +TXlPeGMV4XFZizcRfqmALFBJM1CwkteRKqTUhLH1nxosf4xWkIZL0FmTK22YE8q6 +2U4s19wtV9g3rDVbPgpGQZSl0uvF+uVMijfF5mlMy4aQQYCG1eUKpbc= +-----END RSA PRIVATE KEY----- diff --git a/cmd/contour/testdata/2/CAcert.pem b/cmd/contour/testdata/2/CAcert.pem new file mode 100644 index 00000000000..285c1b7c191 --- /dev/null +++ b/cmd/contour/testdata/2/CAcert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIUdSK1eeLjt51gBSl4wZ3wFSy8zf8wDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1NDA0OVoXDTI1MDEyNzE1NDA0OVowLzEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3VyIENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16U6G0w/kOsWWhfgubkkam40iNBICW6c+1su +tPlIV/laJRxOIvvJ5RUJFQjdLyStfzs2CrA7zRmzIbhE2QgmU8YtOCCbJPBOwUti +C8Cfrh5OZdz2RLCauS+QD9WUlOGOvW+I+I8hzSv7gSPBINLmgM4TQShnmOdUvbD5 +PNytXmFcgWdhAkPLNBKwP+qzvHUBjPFiYqgHeFLi+5ZwEPqldzLXp5JUoSoP3s1+ +Y6iig1/pTZhIqVZP9DqFOSgQ7ZqkG34MYppOlO4cxKLTg6cdqwiLtAtFmgzCRe0g +uegT0aPwyv7uNlB7AQMilX4JJw4vnmQGCn/QrIJMJfPzeDkRcwIDAQABo1MwUTAd +BgNVHQ4EFgQU8l5nIpmMaJnu0Ug0DF1RLYHSdbswHwYDVR0jBBgwFoAU8l5nIpmM +aJnu0Ug0DF1RLYHSdbswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAyKySsIF2etQ2be9odiPNcNBuwbcUIwFxd++b4zPLf/xU5JfRxuV9a7UCbDmy ++eRX/u3WK4uOXrcA4LJ2CGTAb00XqEdRQ7GLTckR9BF514fSnYQPkSiwRNdX5Zg9 +fICt1w+/+y52JqJ2B+2AqTL7gzAojGC8PeMWmR6AfAWbEFFKinkhlMmjMWs9LsoM +C2LKOBzQ1UNTpilr6boQovC9ENtNKnbn2a0fq70rNPn3GDIcC/QfOEjqtbTwKkI7 +fhLJCGRN8vh1WJDPeX+ibPP1ZOevXuEMrp6MFUhHUNM2qRiEtzmW+mXqKngDlppL +/8R1NmX7im8Rxbbi7neK2V/QSQ== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/2/CAkey.pem b/cmd/contour/testdata/2/CAkey.pem new file mode 100644 index 00000000000..e2b151de00d --- /dev/null +++ b/cmd/contour/testdata/2/CAkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXpTobTD+Q6xZa +F+C5uSRqbjSI0EgJbpz7Wy60+UhX+VolHE4i+8nlFQkVCN0vJK1/OzYKsDvNGbMh +uETZCCZTxi04IJsk8E7BS2ILwJ+uHk5l3PZEsJq5L5AP1ZSU4Y69b4j4jyHNK/uB +I8Eg0uaAzhNBKGeY51S9sPk83K1eYVyBZ2ECQ8s0ErA/6rO8dQGM8WJiqAd4UuL7 +lnAQ+qV3MtenklShKg/ezX5jqKKDX+lNmEipVk/0OoU5KBDtmqQbfgximk6U7hzE +otODpx2rCIu0C0WaDMJF7SC56BPRo/DK/u42UHsBAyKVfgknDi+eZAYKf9Csgkwl +8/N4ORFzAgMBAAECggEAbwkrlzy2ilcSBke/NcIoBwlB0aR1Qy4KdL5pmVO2NV42 +VV9yuD6voV4odAVBZnHbR+TkGbLOx/fQra8k/B9fJMmpJPpdCDMYSh0XmfeQAOan +9XlF8O6CbJIZ+p09yT8u8UnJ3DpO7EcWVFNlsRIHEBGMBoPYe/m5P4ctfnIebrZ/ +GKhyKGL4G5J2ODoS2OYEn1j47qmE+aR2CityU0HSLl6yuu83fHrUoRZ7fG4xrLwo +QfJ3XBZCdU17zclF38baOGCm6vD9a1rugVozmlD89T7UV99FzppOPkv1xlwRkbk4 +w6OfFTEtTWiGH51OyrgyMpzhS83xO2fH6zRq4Z55uQKBgQDv0KQYj3fTODffHQs+ +xfnwi7uwPevrtWpNhAQBl/rP6xeU82l7QX1X2TuPJe5v0PjZ2edOzdVXG6YYBJBh +EENnERIrg0FnmlBgAhUqvG5FPKsNsBZnWE5EC8YUBZek7Du/S0wAw9ruzaaiGvvf +CAMiW5JAMsVpeP8HGyldiKZTtQKBgQDmMwAed5FMzV5+fFnmO/UI/5bf1q7032oh +TPyB09wGAdbehZCal3wY7BwL6RL61POwFWkncmvPSLDSQre4DMPOXrDrToSLJtOW +BaoAiF9hvdVZ+aRdXcozLccY8jweGn9hiVDBVYnGztoFWgko6jJwx5grsPfGrgv3 +BlAYs2VZhwKBgQDRpQePIPyTfbX6Kh3GhrP1AXLWo4s2x6VilmIaMo5kbRR0dkZk +JeA5iAJ1JafHwFuLtt5rGa3DNLyCiprc/6as11OXDmuC8ngJNkjiz09m3555nNI5 +Dg19lv1WS31CA/JHTL/oe09NLCLb29MMKqjyxDKaRMgnaEsqHyiOSAN/cQKBgQCX +5f1lHUbuo/F/izSTHOsy1dzLtVDbWnUgpjlUveTIvfv397CUofMMSviyz0hr5Ysr +nOU3V2RWckPjaozqUNn/2jHqA3SokaU6sGAeW958k5Qt+/H+ff4HyWRATM9omdmG +FeMIwBXa7vGkaGX07pz8GGiMJAlLu9s/VJYTxoTRDwKBgF8S8rpjc1DfqDUWBAKg +Uu1l7AhmZlKVYhOx/xali7LIAKzT1F10N8YBmQK+q4QeJ4lhlfOHzE/COBzyMfNo +RVwsgAFon3LYOwpe1Ete+/66y1EQR7QAykVdxa9lIx9FHeR1tRVZEOMKPtpk9Xpf +D6U0mFbSCrcw/a2axq9jYQpp +-----END PRIVATE KEY----- diff --git a/cmd/contour/testdata/2/contourcert.pem b/cmd/contour/testdata/2/contourcert.pem new file mode 100644 index 00000000000..5479c74b4d8 --- /dev/null +++ b/cmd/contour/testdata/2/contourcert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIUU2yskngkWNirZxeWaCsOv457Ok4wDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1NDA0OVoXDTI1MDEyNzE1NDA0OVowLDEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMRAwDgYDVQQDDAdjb250b3VyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAmW56T6NszQusDq15/09fKIXFs7JY02MqFffT5Aby ++KWeex4MKeudNgJpS4L2RaBbg39bxN5vYnCz0k6N732KFjgA663SKkO1cTFNcUkA +7+0flX0mEXhp+XJkUnCY8MGkDaP8N+D7eq4CmH8avdpXzjN5vgEQU0F5yNEDXb0x +0fm/f5OKiaIhRqiUvKGwOKz7lvyNkNOIz8st36oXg+L+gNh0P9J07t7Mq2dA+Hfv +difYiLIZaTpUnjxPghHlnbd1ePcW2oF2ZowGJO30r4SrNVKbTEHkjVJ/nhuxywvL +Tpc6F5lagmevRASkbAs/EJzG3A5Tw8quPtB5kkuA615snwIDAQABo4GdMIGaMB8G +A1UdIwQYMBaAFPJeZyKZjGiZ7tFINAxdUS2B0nW7MAkGA1UdEwQCMAAwCwYDVR0P +BAQDAgTwMF8GA1UdEQRYMFaCB2NvbnRvdXKCCTEyNy4wLjAuMYIWY29udG91ci5w +cm9qZWN0Y29udG91coIoY29udG91ci5wcm9qZWN0Y29udG91ci5zdmMuY2x1c3Rl +ci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAQEAScPu1TAnSWeUYiwLKEGCMcnD4lyh +Z5oAoDAC8Jmpn9ztHlGtDIwQk2lJBi3+wdSCsCSR9KJSM1g3Eu1B5ApbOrfGCmod +dchd2NuUfWYxfpnl2G9PciKrkI9fSVz9YwGZfIzDpzkGXise+AhE/7sRdNbVktc8 +oCllapD5njF0JA6C5WrmNFsufNxaaa0PfTXon2cfpppTfU4B7b/gRbxDd/WKTB/A +ArdYnejomi25wCMLw1zwFPtBvp2mpX8WrEFSoHLTg3kS66WRNd5Mvi+YLFMzs+kn +RNhUoFmpgs3jNSkGQh/JeXf2sL82HubRu/1ZjmiZh4Qy31aQWi9G3kTH5w== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/2/contourkey.pem b/cmd/contour/testdata/2/contourkey.pem new file mode 100644 index 00000000000..5d471ac1652 --- /dev/null +++ b/cmd/contour/testdata/2/contourkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAmW56T6NszQusDq15/09fKIXFs7JY02MqFffT5Aby+KWeex4M +KeudNgJpS4L2RaBbg39bxN5vYnCz0k6N732KFjgA663SKkO1cTFNcUkA7+0flX0m +EXhp+XJkUnCY8MGkDaP8N+D7eq4CmH8avdpXzjN5vgEQU0F5yNEDXb0x0fm/f5OK +iaIhRqiUvKGwOKz7lvyNkNOIz8st36oXg+L+gNh0P9J07t7Mq2dA+HfvdifYiLIZ +aTpUnjxPghHlnbd1ePcW2oF2ZowGJO30r4SrNVKbTEHkjVJ/nhuxywvLTpc6F5la +gmevRASkbAs/EJzG3A5Tw8quPtB5kkuA615snwIDAQABAoIBAEGtFbQDO25l4aeC +wGb1/cClymPKItWRbBFtPQktpFGk6zq+OOy0y120GIhXLb3OD34xRQH3SOx1W7PZ +Jk5uiW5LWLGJfR3UT9V9Ci5E1p7c/JkLsgDmb050ldboFb9w1B12pV7x8hOoaroG +JldAIDfGtwULBYbtzwiT14IHm0zKlm9+nCDLKUkxf3PagJTviytlljCpcTYU/heD +PH148BeJ6X8fto3lSGVCK8xsrO4axmXKAt+kGTituX3syGuCxQ6RsxW9bClFUTNI +ceDTlmJXQtIzpxzkoUw7Vo5zVWwKZ0D+TiGKgGx0yr8iaxyqeB2E4gq9q7kxtd5i +ePFdbyECgYEAxlS0nEnXAurjpFCYdydEv7gZeXBxVrx+oGVv3GO8SB6y9kWzSRLV +PvpM954e20U/bhPDaCVUYF8csfQwG3X1Lvv6ExdGB+zg9NwV5z9zKS6gTB6sOf2Y +bCDbaS+S3/lV2V74aslJ629ZQZC/vbZHofywWLyHgZn/5mEq+GYrNjECgYEAxguR +1QEPwFpD+skUtUNgsfcizBY9QaOLlzEL4dDv737+DQ6GT8WzClChhvRNJgPr41tC +JiPGxfIFnXdW28+FmnDFesPuIS8y+HUditbMylQtDAJxlLEJn0IJ3E6Lb62OXiA8 +RV486TD2sp+/vqYNJ4A0nknaulQvrmT3ZrrRi88CgYAHCHHvKN8rB1FTPlhpwUa6 +1bhxif866CxFW9N/qTnABParrQUSjkxpk06vaTgG5om9SY4gX1KCqFzIIrSiBKjR +JbZUfvrIxSmlBTjxnlpjF3gvuta4p7mD/BZLwJggwSK+NpPwlXq9kpFDtfJWs+QO +ZnuKagUUH3XnoYJ4lIbrwQKBgEZEkqCl+MXCAT65G9zYpDVgv3r0JRXmBkBFybZ8 +oLU0NMXDMoqZVdZCF52/jqP/XjHUDltj9EIFhlKBplLlhbzvaFIPtK0Xhxk6zJmX +byAWz8jkERK14fkcwEznnXepd8sT2u6t6iS/F7j3D1yApEgwp/rFr5LPDf/tmQ5d +GL5nAoGAJcW+Aag1oqCuHYrhkZoOIl9+gPIFm2q5LK8bXGvZKoaCU0WbgxttsYPS +61ucCIAf1HdVXkrhh4nSUOa+33YOvM9K5BwyYPT+YvCPZ6UnCoFi0Owbv8w7GnWU +ubVZrIIz3O+RkhFZUhHCKXUCkp8ZDTKKgffC18yO1i+u2QBDmg8= +-----END RSA PRIVATE KEY----- diff --git a/cmd/contour/testdata/2/envoycert.pem b/cmd/contour/testdata/2/envoycert.pem new file mode 100644 index 00000000000..8c073e529f6 --- /dev/null +++ b/cmd/contour/testdata/2/envoycert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIUU2yskngkWNirZxeWaCsOv457Ok8wDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1NDA0OVoXDTI1MDEyNzE1NDA0OVowKjEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMQ4wDAYDVQQDDAVlbnZveTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAMVS11SPLfVll6jpUQSU9cywH3W73y3AgFBbh0SjtaFU +BPtZnSJyUI4tqEmtCKOj6Xixbmxa0t5IrJTMxuTxeJgrynZpYGMM0buA8fQjq+MB +jz0jQ7p01R12d8tQ/xMjpop+OEQuHkWc54e1/qzSG47AOQcIFORhHJzN25Ga0Gz9 +C+JlQ5Nv+MHQVb6iI4ZvJZdpl+ArWLywfQnCbjWeKT/3CZFl8Ul1E9l0QKyZfGtx +Wp7W3Xed0mTSs9Y8y8Xru//VmYDEXqI/xRk18N27/MipwD08BqIDQPAoMcoF90PP +T0g/E9v6kzT/qqC9YoIffaprHtbRDW0CefcRYs+H1RMCAwEAAaNYMFYwHwYDVR0j +BBgwFoAU8l5nIpmMaJnu0Ug0DF1RLYHSdbswCQYDVR0TBAIwADALBgNVHQ8EBAMC +BPAwGwYDVR0RBBQwEoIFZW52b3mCCTEyNy4wLjAuMTANBgkqhkiG9w0BAQsFAAOC +AQEAxocINEiHhWii86wpdMWgp6LXpn/YwX9PTZEuod0CL6tt6f1oFfYsgacd0JuG +Y9NlqG6d9yPIuKQ7qHr+7P1Uj6zddEiGDY+PQq3hAecicuxBFFOp2EqHP6acW88G +0lydKTa17T+GMUVA6TSj0Dovtt4xcJdN0TZgEpgpOsFKNYxAbmL5MCh2xOITuoKA +isodf8ONxBWQVy0yQWrimBILg843E83lgx6WhRebVKLXha53fNGCIWwaLHesJ3a/ +SPgXEZ3KyWObJ01ty8MmGvfs8VAu8QawGhnSEMLr35K2PLgSqablVjsP/NI5gLE1 +sfMITrj/e/7I3FjxL82OPLBcJg== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/2/envoykey.pem b/cmd/contour/testdata/2/envoykey.pem new file mode 100644 index 00000000000..6361ff0d277 --- /dev/null +++ b/cmd/contour/testdata/2/envoykey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAxVLXVI8t9WWXqOlRBJT1zLAfdbvfLcCAUFuHRKO1oVQE+1md +InJQji2oSa0Io6PpeLFubFrS3kislMzG5PF4mCvKdmlgYwzRu4Dx9COr4wGPPSND +unTVHXZ3y1D/EyOmin44RC4eRZznh7X+rNIbjsA5BwgU5GEcnM3bkZrQbP0L4mVD +k2/4wdBVvqIjhm8ll2mX4CtYvLB9CcJuNZ4pP/cJkWXxSXUT2XRArJl8a3Fantbd +d53SZNKz1jzLxeu7/9WZgMReoj/FGTXw3bv8yKnAPTwGogNA8CgxygX3Q89PSD8T +2/qTNP+qoL1igh99qmse1tENbQJ59xFiz4fVEwIDAQABAoIBAHxNzHJrZBNT9W8l +07DkOdfBF4BuYpCK1QpKLnNyAehoal8Au/lINDDs2DfZdjjH+Drc42gE6xO2immO +erkc2NBbvcZMabjcCX9qIoGeuxhdEiP8hB0AnoRZ7es50gX3jmFuU/m3Z8CIsF4Q +qyepkEykEQi58ZdRCdpJ4EjgUu5kep34xpsypWy2a1BwpujrdqUw3o9CzChDyOna +u8/ALAfaemiaY/2Cs+PAF0DRzzqgLjibLbMq9nyRV+hNO3h60vshMphptDHSdEql +8Va2BNOwEiArozwCWu80PLRh1qR6MASNY2YXIIV9UaioOnh35CqT0SvIkCv+PPOS +1HvchXkCgYEA7nMwxso4X51QbVrAgSl+mNx2CBuquB3OgXY+e4NbO6AACumppV6n +uhDli3RdbjFDtrEH55QJFJW/Joa2kqpynYtKKdoBjMoXe+VBmtj4nChbDTdAwgqu +kLASwXousOgCciwwhE8Acrrxkd1TwYLlQkCBINUZ65Vp/zLLd1ydWVcCgYEA09jC +QLNO5Z76kmLNer4alm/J0CsUfst93Q7h7Ff9hJCHIwwVlZoWl5JTTEpQ0/SlbBE3 +/nM8rgl20ueHo2WiAqhIdPFvdWZLVQiPTnSt4D2PcWlFKqMEAp5HbhzqpV8Zofr6 +syvbXGQqz8x11M55e4VYsldANqrOAVTXBKBEwKUCgYBoe+capE+RbhBo6oRB1JnZ +h3jc0qq65KyxQ8vbOVLHzLNYFM02XkSmnnLG6aVq/IFMU0RAcDiOYZOR4SOtHqz8 +ZaWIszNMqt0hd/KIVJyTaIeFQfnJTP7y/YQqbUx6Th+MQdq8jxWGMG5b2RyzRZUJ +s9QhO9+QwDbjETHgyp9UHwKBgGODAZSk5d3E9Q1Ibh9HJ3QdJN6tLd51tjTd5dBA +cO0RevlClu0ESbJ/YLOIgTlfRUljOTtEZG+YMIHXkoZ1mknHROnx85phJ+fUsoR3 +GKoqILR0b7IciyizsvgNi0eNSZwmKhd59XwL7XRZJcyGBNi6BbUYeSh0yXokoTAi +HMmlAoGAJayrtjwTvjDWe+RaV6ZJHYnhFqM+PPZWqHm3zfPZq7KHHgI4l8HEUJMl +lQbPlgDj1J5ZW5kP4zbJE6oIDqD4ePZ5tKHJ0C60+1Fdx5CWfnx8mYjJO+ri+SSl +No0g+hyAoMR+Nlrg9PFOHzdLKI5i9oe7iWaPRm2XjUCY9reqD/I= +-----END RSA PRIVATE KEY-----