From 5447ae59a2ed6a31ab315399e3d76fa3e08ccf09 Mon Sep 17 00:00:00 2001 From: Tero Saarni Date: Wed, 5 Feb 2020 15:06:20 +0200 Subject: [PATCH] cmd/contour: hot-reload certificates and key This change adds support for certificate rotation for XDS gRPC interface between Contour and Envoy. It is achieved by lazily loading certificates and key every time new TLS connection is established by Envoy. Signed-off-by: Tero Saarni --- cmd/contour/servecontext.go | 23 ++++ cmd/contour/servecontext_test.go | 167 +++++++++++++++++++++++++ cmd/contour/testdata/1/CAcert.pem | 20 +++ cmd/contour/testdata/1/CAkey.pem | 28 +++++ cmd/contour/testdata/1/contourcert.pem | 21 ++++ cmd/contour/testdata/1/contourkey.pem | 27 ++++ cmd/contour/testdata/1/envoycert.pem | 20 +++ cmd/contour/testdata/1/envoykey.pem | 27 ++++ cmd/contour/testdata/2/CAcert.pem | 20 +++ cmd/contour/testdata/2/CAkey.pem | 28 +++++ cmd/contour/testdata/2/contourcert.pem | 21 ++++ cmd/contour/testdata/2/contourkey.pem | 27 ++++ cmd/contour/testdata/2/envoycert.pem | 20 +++ cmd/contour/testdata/2/envoykey.pem | 27 ++++ 14 files changed, 476 insertions(+) create mode 100644 cmd/contour/testdata/1/CAcert.pem create mode 100644 cmd/contour/testdata/1/CAkey.pem create mode 100644 cmd/contour/testdata/1/contourcert.pem create mode 100644 cmd/contour/testdata/1/contourkey.pem create mode 100644 cmd/contour/testdata/1/envoycert.pem create mode 100644 cmd/contour/testdata/1/envoykey.pem create mode 100644 cmd/contour/testdata/2/CAcert.pem create mode 100644 cmd/contour/testdata/2/CAkey.pem create mode 100644 cmd/contour/testdata/2/contourcert.pem create mode 100644 cmd/contour/testdata/2/contourkey.pem create mode 100644 cmd/contour/testdata/2/envoycert.pem create mode 100644 cmd/contour/testdata/2/envoykey.pem diff --git a/cmd/contour/servecontext.go b/cmd/contour/servecontext.go index f2a662fa0cc..151467349f6 100644 --- a/cmd/contour/servecontext.go +++ b/cmd/contour/servecontext.go @@ -221,6 +221,7 @@ func (ctx *serveContext) tlsconfig() *tls.Config { err := ctx.verifyTLSFlags() check(err) + // load certificates and key to catch configuration errors early cert, err := tls.LoadX509KeyPair(ctx.contourCert, ctx.contourKey) check(err) @@ -232,11 +233,33 @@ func (ctx *serveContext) tlsconfig() *tls.Config { log.Fatalf("unable to append certificate in %s to CA pool", ctx.caFile) } + // lazily load certificates and key at TLS handshake to ensure that latest + // certificates are used in case they have been rotated return &tls.Config{ Certificates: []tls.Certificate{cert}, ClientAuth: tls.RequireAndVerifyClientCert, ClientCAs: certPool, Rand: rand.Reader, + GetConfigForClient: func(*tls.ClientHelloInfo) (*tls.Config, error) { + + cert, err := tls.LoadX509KeyPair(ctx.contourCert, ctx.contourKey) + check(err) + + ca, err := ioutil.ReadFile(ctx.caFile) + check(err) + + certPool := x509.NewCertPool() + if ok := certPool.AppendCertsFromPEM(ca); !ok { + log.Fatalf("unable to append certificate in %s to CA pool", ctx.caFile) + } + + return &tls.Config{ + Certificates: []tls.Certificate{cert}, + ClientAuth: tls.RequireAndVerifyClientCert, + ClientCAs: certPool, + Rand: rand.Reader, + }, nil + }, } } diff --git a/cmd/contour/servecontext_test.go b/cmd/contour/servecontext_test.go index db5ccc3b6c7..7de16cec88c 100644 --- a/cmd/contour/servecontext_test.go +++ b/cmd/contour/servecontext_test.go @@ -14,11 +14,20 @@ package main import ( + "crypto/tls" + "crypto/x509" + "encoding/pem" + "io/ioutil" + "net" + "os" + "path/filepath" "reflect" "testing" "time" "github.com/google/go-cmp/cmp" + "github.com/projectcontour/contour/internal/assert" + "google.golang.org/grpc" "gopkg.in/yaml.v2" ) @@ -191,9 +200,167 @@ leaderelection: } } +// testdata for this test case can be re-generated by running: +// make gencerts +// cp certs/*.pem cmd/contour/testdata/X/ +func TestServeContextCertificateHandling(t *testing.T) { + tests := map[string]struct { + serverCredentialsDir string + clientCredentialsDir string + expectedServerCert string + expectError bool + }{ + "successful TLS connection established": { + serverCredentialsDir: "testdata/1", + clientCredentialsDir: "testdata/1", + expectedServerCert: "testdata/1/contourcert.pem", + expectError: false, + }, + "rotating server credentials returns new server cert": { + serverCredentialsDir: "testdata/2", + clientCredentialsDir: "testdata/2", + expectedServerCert: "testdata/2/contourcert.pem", + expectError: false, + }, + "fail to connect with bad client certificate": { + serverCredentialsDir: "testdata/2", + clientCredentialsDir: "testdata/1", + expectedServerCert: "testdata/2/contourcert.pem", + expectError: true, + }, + } + + // create temporary directory to store certificates and key for the server + configDir, err := ioutil.TempDir("", "contour-testdata-") + checkErr(t, err) + defer os.RemoveAll(configDir) + + ctx := serveContext{ + caFile: filepath.Join(configDir, "CAcert.pem"), + contourCert: filepath.Join(configDir, "contourcert.pem"), + contourKey: filepath.Join(configDir, "contourkey.pem"), + } + + // initial set of credentials must be linked into temp directory before + // starting the tests, to avoid error at server startup + err = linkFiles("testdata/1", configDir) + checkErr(t, err) + + // start a dummy server + opts := ctx.grpcOptions() + g := grpc.NewServer(opts...) + if g == nil { + t.Error("failed to create server") + } + + address := "localhost:8001" + l, err := net.Listen("tcp", address) + checkErr(t, err) + + go func() { + err = g.Serve(l) + checkErr(t, err) + }() + defer g.Stop() + + for name, tc := range tests { + t.Run(name, func(t *testing.T) { + // link certificates and key to temp dir used by serveContext + err = linkFiles(tc.serverCredentialsDir, configDir) + checkErr(t, err) + receivedCert, err := tryConnect(address, tc.clientCredentialsDir) + gotError := err != nil + if gotError != tc.expectError { + t.Errorf("Unexpected result when connecting to the server: %s", err) + } + if err == nil { + expectedCert, err := loadCertificate(tc.expectedServerCert) + checkErr(t, err) + assert.Equal(t, receivedCert, expectedCert) + } + }) + } +} + func checkErr(t *testing.T, err error) { t.Helper() if err != nil { t.Error(err) } } + +// create symbolic link of files in src directory to the dst directory +func linkFiles(src string, dst string) error { + absSrc, err := filepath.Abs(src) + if err != nil { + return err + } + + matches, err := filepath.Glob(filepath.Join(absSrc, "*")) + if err != nil { + return err + } + + for _, filename := range matches { + basename := filepath.Base(filename) + os.Remove(filepath.Join(dst, basename)) + err := os.Symlink(filename, filepath.Join(dst, basename)) + if err != nil { + return err + } + } + + return nil +} + +// try to establish TLS connection to the server, if successful, return the server certificate +func tryConnect(address string, clientCredentialsDir string) (*x509.Certificate, error) { + clientCert := filepath.Join(clientCredentialsDir, "envoycert.pem") + clientKey := filepath.Join(clientCredentialsDir, "envoykey.pem") + cert, err := tls.LoadX509KeyPair(clientCert, clientKey) + if err != nil { + return nil, err + } + + clientConfig := &tls.Config{ + ServerName: "localhost", + Certificates: []tls.Certificate{cert}, + InsecureSkipVerify: true, + } + conn, err := tls.Dial("tcp", address, clientConfig) + if err != nil { + return nil, err + } + defer conn.Close() + + err = peekError(conn) + if err != nil { + return nil, err + } + + return conn.ConnectionState().PeerCertificates[0], nil +} + +func loadCertificate(path string) (*x509.Certificate, error) { + buf, err := ioutil.ReadFile(path) + if err != nil { + return nil, err + } + block, _ := pem.Decode(buf) + return x509.ParseCertificate(block.Bytes) +} + +// Workaround for TLS 1.3: due to shortened handshake, TLS alert from server is +// received at first read from the socket. To receive alert for bad certificate, +// this function tries to read one byte. +// Adapted from https://golang.org/src/crypto/tls/handshake_client_test.go +func peekError(conn net.Conn) error { + _ = conn.SetReadDeadline(time.Now().Add(100 * time.Millisecond)) + _, err := conn.Read(make([]byte, 1)) + if err != nil { + if netErr, ok := err.(net.Error); !ok || !netErr.Timeout() { + return err + } + } + return nil +} diff --git a/cmd/contour/testdata/1/CAcert.pem b/cmd/contour/testdata/1/CAcert.pem new file mode 100644 index 00000000000..e80dc9ac283 --- /dev/null +++ b/cmd/contour/testdata/1/CAcert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIUHA9n4BBwtiDHvIN4Eq8isFCk+3wwDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1MzkyNFoXDTI1MDEyNzE1MzkyNFowLzEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3VyIENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyX+m7eJzYLHBRIaDftgDovBjtMGQJ8jzNezF +c6uE6PcsQhk7nIj8Czgd8Jr/AsHY8a4x/Pddm86dYzl6XBWSS2ogJYUzCaXAr59q +qT6g5j0/rHlxzWeFge+0EjPQuAphI4kZ4j9Ua014KaMLCxVFXH/c96OHxC3/L1vh +0BKyceVWKfbvn23kc47xylFkFQnmbYxIEkJA4/Jq6ewsBScB1mp24s+xyl1m6ePO +WhMo7Od2xQsUhGKDJYMFV7cXmwDXR2QudZE+OvcaSoVYMktOpyh07RSRQEkx4URY +gc61nkFRekZIc6rfbbK9xMQtcWkbvtopqDiyt1PfWbHaelTgvwIDAQABo1MwUTAd +BgNVHQ4EFgQU02g0ldN022nR81UCP3fN0PkYu7YwHwYDVR0jBBgwFoAU02g0ldN0 +22nR81UCP3fN0PkYu7YwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAmcm2vkBudVY70WcIpUZlRU8NOmUKb6wtSugJ+vPBDyDDN1H+OH0u5l4yXFA8 +87uOS8Z1n+Sxw5fKH1rp/TVbwm++nVJ7RjalRQBG5skdx6J7qEL9H2vx9VHG/7Ib +G+NL95TBtk9042KJFiZXsY8KPA4JSEFPWVIcXmaq2iTJxSMHGD3MQv33yjgXH81U +e09f27Vfbl+YFvkSljZJKxXjgwPVDlo5Sv/9e4mS51dhraEvJV+dubz7EVv/R7F/ +pHX+tVn0+WSfero8cIfhhj1H9+Cn5lnUUHYnnnbrLh5j8ZldniW2nXkOWR5LQN0J +CwkA744hrtGj9dDmI/vwcpQ1tw== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/1/CAkey.pem b/cmd/contour/testdata/1/CAkey.pem new file mode 100644 index 00000000000..0a5872db217 --- /dev/null +++ b/cmd/contour/testdata/1/CAkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJf6bt4nNgscFE +hoN+2AOi8GO0wZAnyPM17MVzq4To9yxCGTuciPwLOB3wmv8CwdjxrjH8912bzp1j +OXpcFZJLaiAlhTMJpcCvn2qpPqDmPT+seXHNZ4WB77QSM9C4CmEjiRniP1RrTXgp +owsLFUVcf9z3o4fELf8vW+HQErJx5VYp9u+fbeRzjvHKUWQVCeZtjEgSQkDj8mrp +7CwFJwHWanbiz7HKXWbp485aEyjs53bFCxSEYoMlgwVXtxebANdHZC51kT469xpK +hVgyS06nKHTtFJFASTHhRFiBzrWeQVF6Rkhzqt9tsr3ExC1xaRu+2imoOLK3U99Z +sdp6VOC/AgMBAAECggEAThXG5cbsuVsJL3oFOUGS3zDTIrgkGhbYkVwpBHNCdVlb +8F2A6V94dQyRJa2bB0GBxd6ghoyB3SBLg6lBjq/ZWppMzN16ctGmAyj/F4kqpy6z +Hy6M+HGWnkz69lbYGooDLNczjabHGzIRT+lcHTZoA7mVMu5Pban5iyvLLWwhdNsf +q9d7pYHt/TxpkkBTZOpDB8B2jFWMKcxBFSdeUE/0DzT5LkqPfgzq//86XGnc2wSj +KAhJipfASApYHwlleqi2OfXiGF+sVQdbqdiVT1SbJheSuRC3yMZc0Njeyf9iUsM+ +LL70lUKRnM+PXENyPNpRGkU6RlDEQ3pnjkNI9UOEMQKBgQDvX8ehWsCkBQmSSfbi +YYSxuu/hzfu/crA+g3fe1mdGwcBipum5kxgF2rj5i4c7RbqqDEqRtFFEpmMoQ8D8 +bHsK3SwcKFPNtX64/OQkTWq+nD0pvVi/ymS/R199Z9K13Fpb93CLU0xftXXDT4yE +UN4NQrFc+zdqEidHeLCxMdwU5wKBgQDXfmwnQk/vz45yaissw+yBanlWpRUEq2fI +acvZ3xWl+1ffkEzY+NeEeIz52BcMf7JwCkD753hSoNh507850GeHlRZ+o2Kq7XAR +N1SVZelG590p2xP1aSE0GnyfeuQd0HZEGrpje8Moi2vMQ2oYd47BoTMlZ2mqawbD +URMm1pWCaQKBgCXegTaFpPRN17XM/cHSq6tyZ4DRlYI0Iq3BHrWiNbR78nOo9FDn +dGV4tMrFyB8YaO9+Ak4KuNCjggxcq6tDfjO5ycCqoJdqnyGk4HLdzIVbMlHoIqI0 +4rtgDztHsY4Tzje+bY+dHfgGPRso+pH0OSzf4C9Vju648H3eGhXuTWMBAoGBAJNq +n9AnlAmownjQ2mJQUZ2i2gkE+6DrJR88CMEt1GBs1gtRatDPQpgT49UTF4lsXgQ5 +b4UkLvLPp+eHjHyfbgOZYP8XBGuL7KtKX6moQvJHscttXHT5C0bai8CJ0D35Gr6y +Tim6Q6Kb5g2hXJYKS/V4MkX3PZjgiIrbDq/2AedpAoGBAIBHeCNIZtydwp8l3imp +zO67h/X1Gp6OOuJe7PK0LgocBCTTmFQrezNgctHEWccV6TlXPYMG5ZrRX5cc4R8D +e7YBvgq2tNg4baRqJLV5/4YRZk93yAB30D18gqeloua8MigxGyT+Usjb0BLRWmVj +HTS5+5+m8y3RxoThspWO8DkY +-----END PRIVATE KEY----- diff --git a/cmd/contour/testdata/1/contourcert.pem b/cmd/contour/testdata/1/contourcert.pem new file mode 100644 index 00000000000..d92d8a801ea --- /dev/null +++ b/cmd/contour/testdata/1/contourcert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIUQ791kdZBTnbqToyBUaKKLuIaqqYwDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1MzkyNFoXDTI1MDEyNzE1MzkyNFowLDEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMRAwDgYDVQQDDAdjb250b3VyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAw6pOu3k8fO6TejESmIKuTFGIuZf/PW86cMImfeHw +DahGVffvbLTK0YNpTeeyuACFH3vgMPMhBpPUVRK/te8cK02kWQGNROQgQMM9KKyb +y//zQTze28SKW2kCrmBg5NWPITjTuZCpx+A/OxX8PTWNQUHXByCshC9GGt+Ks65q +kqD2EuMT5tWeedBWFDYZVYxSxG0AHs41MHbtm9Z642u1q45akNQ2HF24PPH7cxF0 +xKkNHZrdBx4XIst3fvkSTyu9CHG/jbstmHNE5ODo4+4Jk5dl3GUP93BmmPXrcOy+ +VLYZZdvPPlzGBbENRdxs4gONJf0bZE5QF4huyzjt/ISBtwIDAQABo4GdMIGaMB8G +A1UdIwQYMBaAFNNoNJXTdNtp0fNVAj93zdD5GLu2MAkGA1UdEwQCMAAwCwYDVR0P +BAQDAgTwMF8GA1UdEQRYMFaCB2NvbnRvdXKCCTEyNy4wLjAuMYIWY29udG91ci5w +cm9qZWN0Y29udG91coIoY29udG91ci5wcm9qZWN0Y29udG91ci5zdmMuY2x1c3Rl +ci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAQEAig7VDaLjtUeHdTtRXEItZEEgLWcI +6sP6XA1pUcBoCy6lRaVbeqM5Y3tm+HPX0RQoqH200Ub2b3yB84La4V2cy4+DlAoz +gASHOn6Sop7TR7TwFlHEh/r+dAXw2iENYY8oXexmCpa53s1+9WbkzWw1y5wW0fuS +DuIEMYpZvp7mFZD7lzDHQU8ulorddtNVhC60VKPoBr6pWLfT2eYulZTuGt3oUeT5 +x7rxWLFiEi7TT+5dcxEfKwn0bknyjrCWyt0bTkJNl/1anSm8RccmTDY3kGj9YZsY +hZyX+069Mi553cRwd95hWPzttJVSrNhvRCj91IpZgTYEUHLWvWhhs36xFg== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/1/contourkey.pem b/cmd/contour/testdata/1/contourkey.pem new file mode 100644 index 00000000000..e6e093be313 --- /dev/null +++ b/cmd/contour/testdata/1/contourkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAw6pOu3k8fO6TejESmIKuTFGIuZf/PW86cMImfeHwDahGVffv +bLTK0YNpTeeyuACFH3vgMPMhBpPUVRK/te8cK02kWQGNROQgQMM9KKyby//zQTze +28SKW2kCrmBg5NWPITjTuZCpx+A/OxX8PTWNQUHXByCshC9GGt+Ks65qkqD2EuMT +5tWeedBWFDYZVYxSxG0AHs41MHbtm9Z642u1q45akNQ2HF24PPH7cxF0xKkNHZrd +Bx4XIst3fvkSTyu9CHG/jbstmHNE5ODo4+4Jk5dl3GUP93BmmPXrcOy+VLYZZdvP +PlzGBbENRdxs4gONJf0bZE5QF4huyzjt/ISBtwIDAQABAoIBAA0cERBgjBv2xCzQ +suVDBDia0eVVeMV9+VVqvLd8duADYUsLRKBs8JXfDyQoHQJVDpZQb3H4KENPjk9w +5SVkcue32QYZo4R1IHAWZLef8QRXDs5VLL1eysJbI9HZJUTPxjo8m3r4ZVe9/56O +14qmVuODbMvOdaCZpkHQrnNhgUR3pCWAE61NFuCEnxve2CH09jmZosItl7RQx2g4 +lbAfAlg5zd87E9g1mbslfsWwbFvKcbGktGeTzA8VgYj/Fik/ObJmOWe9B2DTTo8K +HBELnv5fVRLSfs51YC3lTNDOVrrWuwdMTofLlcl+0RB6vEA0akpRsJJfvgfmXdYS +LPSknzkCgYEA/x68xfi4a/otJYhqqsw/TI+iy7B8t/lchcuYMAmg41ipWFKWpGrP +Uer19Ca/yJ7cgcfgyg+65HdRxby4izcixXnrSIqA2op7wswqxhNR/d7H8+c4ejMz ++GUwBbFL5yp5D6LhPl+DFGEsB1bm4D51VavLTC+MLdDQo+PZ9fXH+xUCgYEAxFcS +0k9QyIe2VYnfmpCzGUvTr916XXJPEUtvGH7rJsnR8EjLwtMcmXcM/7VO0Btf5rAD +EHFmXg2BPMcOB6DYWOITRfvMXJ/avk0kuhjc385TwzhroVAW9skrtTxiMaNNi4nE +EHxQmBoiz8ElbiaixKPDr163f97NYR7BnNqgjJsCgYEA4fiW2n/40mNxE7qmSIzL +UIQ1fVfg0JAGHNh9/6a3pEgHD51vo0icRAHrQwwDea8Ev8uMV03hi7YIby4/A8id +eu8HsWREx8472wo+pN2+FTD8SRS4GL07vjvacmBdS+959ZifDEFLeIStm/6kV2Hb +Sjv1wZCoCHjaJSCQEeVW8hUCgYB7KPuffS15fNf9dE0VUetm1M/nI5EciRXcDWuU +/BhZ7oOIrMFUZsUr5yf6Rys3E9TmikaBzACgwuvsyhic5GKR7s6UOc0J1SSL9yww +qGP06CJW9U9ekzS0faCzQTt/U6bS/wpEJRcRMmPf2pK2M/oqS2f22/1Tctl2MKrW +z7WiPQKBgHBFlEkTHjC+nqvCy9tfyW3dqseqWa8/mpn0DYyEudYUJMTam339QxVB +5ewYnCU7sSAqVH3BNTQUVWh2KJ2gVitAT3nAkUZASPI5LFrQAiLERvii6oeuhE4L +WwSKVFuctBnrT2ZDTtfhAtIQ8ebkF2kUOhmLmwfaRismiIPt4Nwu +-----END RSA PRIVATE KEY----- diff --git a/cmd/contour/testdata/1/envoycert.pem b/cmd/contour/testdata/1/envoycert.pem new file mode 100644 index 00000000000..1ab7aad52b1 --- /dev/null +++ b/cmd/contour/testdata/1/envoycert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIUQ791kdZBTnbqToyBUaKKLuIaqqcwDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1MzkyNFoXDTI1MDEyNzE1MzkyNFowKjEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMQ4wDAYDVQQDDAVlbnZveTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANYg1iHTm1qwE/LeDci65o6wd+goE354cyU8Z2oQFPPq +VQhzW5AFxnloMBOS9sbCEAWveLmHrjBvKnkAjcuOBmTWfVnCaQlm+j/Cspqx9xvF +N2RBoVrQaOKdiqEnBudTCV6wmcUKCMrtoS3ShQ81PJ7wArA7ERbzmRq3Ys3eceuo +OUJATSZzplaY3eTfBXOh7V4+Vb1hwngdOmetbj+9+xgWi39Xp7Zh6U9DL7dH2Qg8 +dOlY/E54kRuw13XffFdtIwSIRxFhlI2LqeRyhKWp21p9zkCcp+7Nfm3wOnRO62K9 +B25DsVQSGB+gUuakYeF6YLSH8nO50WHgl4g0yi0RoMcCAwEAAaNYMFYwHwYDVR0j +BBgwFoAU02g0ldN022nR81UCP3fN0PkYu7YwCQYDVR0TBAIwADALBgNVHQ8EBAMC +BPAwGwYDVR0RBBQwEoIFZW52b3mCCTEyNy4wLjAuMTANBgkqhkiG9w0BAQsFAAOC +AQEALAyIvQal5g2bKDhF2+/5VkaYV18A27RsmGNZaL5Hd0+066AB0WCCCVbSrzTa +6DlJfElBcT88ddBrf1bB+h4FyQZlNUg+ewl9RfIVOdErYSkFeO5aeCWD2ieLxdH2 +f4W24v+/H8a5daC4K0l0kK3FFM8MUDQy2BAfcbgphehME70Rj6/xX3IZKU4c+Cjb +VIWTyr+RnWgki3iRpyTSQFOkdRtEKVsk+S/mSIOoofbGby85jXpzL2z3XNpoX94K +9rOa76miggoH50TpqDjkWz+wbdQodhw3k8Yjn6s4jW0DiUK7c1ecjrNJW+1GfAOx +cUa45Lfpy5XmCzB+wAISoGvqlQ== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/1/envoykey.pem b/cmd/contour/testdata/1/envoykey.pem new file mode 100644 index 00000000000..6bd76042ee3 --- /dev/null +++ b/cmd/contour/testdata/1/envoykey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA1iDWIdObWrAT8t4NyLrmjrB36CgTfnhzJTxnahAU8+pVCHNb +kAXGeWgwE5L2xsIQBa94uYeuMG8qeQCNy44GZNZ9WcJpCWb6P8KymrH3G8U3ZEGh +WtBo4p2KoScG51MJXrCZxQoIyu2hLdKFDzU8nvACsDsRFvOZGrdizd5x66g5QkBN +JnOmVpjd5N8Fc6HtXj5VvWHCeB06Z61uP737GBaLf1entmHpT0Mvt0fZCDx06Vj8 +TniRG7DXdd98V20jBIhHEWGUjYup5HKEpanbWn3OQJyn7s1+bfA6dE7rYr0HbkOx +VBIYH6BS5qRh4XpgtIfyc7nRYeCXiDTKLRGgxwIDAQABAoIBAQCTZoNBQeN9qBvz +YbxnY5F2xC+mln/k3ZGWHmCp+GwUBEmIybBMEk2wIXKG5vINnGVfJI2cWbQlD0FT +jngNmbT5EVW0xkl7+XFnFuXP65ZJfZdF4o/qbfDlnsFhcfYko1qd3j/cDa5D0xTS +8Eo8T89tMZcILYD0JbhNVdQkF26gYyi+wxmArqayo1kbBj9uB/b2bkeDLIkIMhl5 +OWm8Nq628w/9QvszBvd5jLhBn7QG29IkNmUWse5pr6bfmfRxw5Rw6BKmTfRgZ1Ne +aVGfZOZj0+y5f165Zdoj1HQhYgj+ZDETZwLlMHryM8nAK6AjsVp8fmKg7lYeXs7z +PutbZnjhAoGBAOsjzKeqtOi1m4hXPQoXsqV/bT3m0zl3bRWtSJenDcjRjX9BQKI8 +W2ceDUpRXgP+QCmCJcL4HQCDewSJJ4itrABit2VvKUyKjztUS8dIapx4hXbilmK7 +Cm+xqwFdAsO+5bdNB+Cxliiowk7hyIQmk97/yhk40gA61DzcmtGUx9cpAoGBAOkf +2TrlAaWSrZ69sxUQJjoixIeyfULCaNbjkxGaJmFAUT1EvCWplpfMP5ypBTsQRhSK +r3oiU/Rma/SisgzQa6FrsIQ3un8Es5KKfuBFEhbOHmzsIAgGziAfutscUvwdM2nT +iagBCVIg/xB4FszEZB3el4Q60hPhfBylx7cwSWZvAoGBANGIdTZzyAIW0yILmzkD +JQ6VHqOqrU7oPSyz3ZxGIOJy2cQsQYxQfKLHBNDU8RJd3o8eisfSkQWEJHtGPRRu +rncpgIPDKuoqDrivxVcwENCeFVB7WcdhJUui5t+wImaMFefhnMN9fHF+8KeaSzR3 +rA1roowXNgs+YSJa8xsPmYUBAoGBANAPj7ZDizu19GTX08v5tNRwEU023RrHHgCj +7a9pD9X+LENtZCqM+A2UyjVMmJGFTbaprEFp/9oBy1n0Fsre/SB9V3Y5sqYIkSg5 +mVEZ9DIMVhVKjK/9Otxq1T8XQW0ntqo9lP8vpZz6PAr70wWARgZuknX+dV4vAbEj +uGJjoy7bAoGAJcoNmYMEGi+Q8F2Ksx3KtZcX8oFawnDG4rSNTavS7seu5fUTcnUm +TXlPeGMV4XFZizcRfqmALFBJM1CwkteRKqTUhLH1nxosf4xWkIZL0FmTK22YE8q6 +2U4s19wtV9g3rDVbPgpGQZSl0uvF+uVMijfF5mlMy4aQQYCG1eUKpbc= +-----END RSA PRIVATE KEY----- diff --git a/cmd/contour/testdata/2/CAcert.pem b/cmd/contour/testdata/2/CAcert.pem new file mode 100644 index 00000000000..285c1b7c191 --- /dev/null +++ b/cmd/contour/testdata/2/CAcert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIUdSK1eeLjt51gBSl4wZ3wFSy8zf8wDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1NDA0OVoXDTI1MDEyNzE1NDA0OVowLzEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3VyIENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16U6G0w/kOsWWhfgubkkam40iNBICW6c+1su +tPlIV/laJRxOIvvJ5RUJFQjdLyStfzs2CrA7zRmzIbhE2QgmU8YtOCCbJPBOwUti +C8Cfrh5OZdz2RLCauS+QD9WUlOGOvW+I+I8hzSv7gSPBINLmgM4TQShnmOdUvbD5 +PNytXmFcgWdhAkPLNBKwP+qzvHUBjPFiYqgHeFLi+5ZwEPqldzLXp5JUoSoP3s1+ +Y6iig1/pTZhIqVZP9DqFOSgQ7ZqkG34MYppOlO4cxKLTg6cdqwiLtAtFmgzCRe0g +uegT0aPwyv7uNlB7AQMilX4JJw4vnmQGCn/QrIJMJfPzeDkRcwIDAQABo1MwUTAd +BgNVHQ4EFgQU8l5nIpmMaJnu0Ug0DF1RLYHSdbswHwYDVR0jBBgwFoAU8l5nIpmM +aJnu0Ug0DF1RLYHSdbswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAyKySsIF2etQ2be9odiPNcNBuwbcUIwFxd++b4zPLf/xU5JfRxuV9a7UCbDmy ++eRX/u3WK4uOXrcA4LJ2CGTAb00XqEdRQ7GLTckR9BF514fSnYQPkSiwRNdX5Zg9 +fICt1w+/+y52JqJ2B+2AqTL7gzAojGC8PeMWmR6AfAWbEFFKinkhlMmjMWs9LsoM +C2LKOBzQ1UNTpilr6boQovC9ENtNKnbn2a0fq70rNPn3GDIcC/QfOEjqtbTwKkI7 +fhLJCGRN8vh1WJDPeX+ibPP1ZOevXuEMrp6MFUhHUNM2qRiEtzmW+mXqKngDlppL +/8R1NmX7im8Rxbbi7neK2V/QSQ== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/2/CAkey.pem b/cmd/contour/testdata/2/CAkey.pem new file mode 100644 index 00000000000..e2b151de00d --- /dev/null +++ b/cmd/contour/testdata/2/CAkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXpTobTD+Q6xZa +F+C5uSRqbjSI0EgJbpz7Wy60+UhX+VolHE4i+8nlFQkVCN0vJK1/OzYKsDvNGbMh +uETZCCZTxi04IJsk8E7BS2ILwJ+uHk5l3PZEsJq5L5AP1ZSU4Y69b4j4jyHNK/uB +I8Eg0uaAzhNBKGeY51S9sPk83K1eYVyBZ2ECQ8s0ErA/6rO8dQGM8WJiqAd4UuL7 +lnAQ+qV3MtenklShKg/ezX5jqKKDX+lNmEipVk/0OoU5KBDtmqQbfgximk6U7hzE +otODpx2rCIu0C0WaDMJF7SC56BPRo/DK/u42UHsBAyKVfgknDi+eZAYKf9Csgkwl +8/N4ORFzAgMBAAECggEAbwkrlzy2ilcSBke/NcIoBwlB0aR1Qy4KdL5pmVO2NV42 +VV9yuD6voV4odAVBZnHbR+TkGbLOx/fQra8k/B9fJMmpJPpdCDMYSh0XmfeQAOan +9XlF8O6CbJIZ+p09yT8u8UnJ3DpO7EcWVFNlsRIHEBGMBoPYe/m5P4ctfnIebrZ/ +GKhyKGL4G5J2ODoS2OYEn1j47qmE+aR2CityU0HSLl6yuu83fHrUoRZ7fG4xrLwo +QfJ3XBZCdU17zclF38baOGCm6vD9a1rugVozmlD89T7UV99FzppOPkv1xlwRkbk4 +w6OfFTEtTWiGH51OyrgyMpzhS83xO2fH6zRq4Z55uQKBgQDv0KQYj3fTODffHQs+ +xfnwi7uwPevrtWpNhAQBl/rP6xeU82l7QX1X2TuPJe5v0PjZ2edOzdVXG6YYBJBh +EENnERIrg0FnmlBgAhUqvG5FPKsNsBZnWE5EC8YUBZek7Du/S0wAw9ruzaaiGvvf +CAMiW5JAMsVpeP8HGyldiKZTtQKBgQDmMwAed5FMzV5+fFnmO/UI/5bf1q7032oh +TPyB09wGAdbehZCal3wY7BwL6RL61POwFWkncmvPSLDSQre4DMPOXrDrToSLJtOW +BaoAiF9hvdVZ+aRdXcozLccY8jweGn9hiVDBVYnGztoFWgko6jJwx5grsPfGrgv3 +BlAYs2VZhwKBgQDRpQePIPyTfbX6Kh3GhrP1AXLWo4s2x6VilmIaMo5kbRR0dkZk +JeA5iAJ1JafHwFuLtt5rGa3DNLyCiprc/6as11OXDmuC8ngJNkjiz09m3555nNI5 +Dg19lv1WS31CA/JHTL/oe09NLCLb29MMKqjyxDKaRMgnaEsqHyiOSAN/cQKBgQCX +5f1lHUbuo/F/izSTHOsy1dzLtVDbWnUgpjlUveTIvfv397CUofMMSviyz0hr5Ysr +nOU3V2RWckPjaozqUNn/2jHqA3SokaU6sGAeW958k5Qt+/H+ff4HyWRATM9omdmG +FeMIwBXa7vGkaGX07pz8GGiMJAlLu9s/VJYTxoTRDwKBgF8S8rpjc1DfqDUWBAKg +Uu1l7AhmZlKVYhOx/xali7LIAKzT1F10N8YBmQK+q4QeJ4lhlfOHzE/COBzyMfNo +RVwsgAFon3LYOwpe1Ete+/66y1EQR7QAykVdxa9lIx9FHeR1tRVZEOMKPtpk9Xpf +D6U0mFbSCrcw/a2axq9jYQpp +-----END PRIVATE KEY----- diff --git a/cmd/contour/testdata/2/contourcert.pem b/cmd/contour/testdata/2/contourcert.pem new file mode 100644 index 00000000000..5479c74b4d8 --- /dev/null +++ b/cmd/contour/testdata/2/contourcert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIUU2yskngkWNirZxeWaCsOv457Ok4wDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1NDA0OVoXDTI1MDEyNzE1NDA0OVowLDEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMRAwDgYDVQQDDAdjb250b3VyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAmW56T6NszQusDq15/09fKIXFs7JY02MqFffT5Aby ++KWeex4MKeudNgJpS4L2RaBbg39bxN5vYnCz0k6N732KFjgA663SKkO1cTFNcUkA +7+0flX0mEXhp+XJkUnCY8MGkDaP8N+D7eq4CmH8avdpXzjN5vgEQU0F5yNEDXb0x +0fm/f5OKiaIhRqiUvKGwOKz7lvyNkNOIz8st36oXg+L+gNh0P9J07t7Mq2dA+Hfv +difYiLIZaTpUnjxPghHlnbd1ePcW2oF2ZowGJO30r4SrNVKbTEHkjVJ/nhuxywvL +Tpc6F5lagmevRASkbAs/EJzG3A5Tw8quPtB5kkuA615snwIDAQABo4GdMIGaMB8G +A1UdIwQYMBaAFPJeZyKZjGiZ7tFINAxdUS2B0nW7MAkGA1UdEwQCMAAwCwYDVR0P +BAQDAgTwMF8GA1UdEQRYMFaCB2NvbnRvdXKCCTEyNy4wLjAuMYIWY29udG91ci5w +cm9qZWN0Y29udG91coIoY29udG91ci5wcm9qZWN0Y29udG91ci5zdmMuY2x1c3Rl +ci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAQEAScPu1TAnSWeUYiwLKEGCMcnD4lyh +Z5oAoDAC8Jmpn9ztHlGtDIwQk2lJBi3+wdSCsCSR9KJSM1g3Eu1B5ApbOrfGCmod +dchd2NuUfWYxfpnl2G9PciKrkI9fSVz9YwGZfIzDpzkGXise+AhE/7sRdNbVktc8 +oCllapD5njF0JA6C5WrmNFsufNxaaa0PfTXon2cfpppTfU4B7b/gRbxDd/WKTB/A +ArdYnejomi25wCMLw1zwFPtBvp2mpX8WrEFSoHLTg3kS66WRNd5Mvi+YLFMzs+kn +RNhUoFmpgs3jNSkGQh/JeXf2sL82HubRu/1ZjmiZh4Qy31aQWi9G3kTH5w== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/2/contourkey.pem b/cmd/contour/testdata/2/contourkey.pem new file mode 100644 index 00000000000..5d471ac1652 --- /dev/null +++ b/cmd/contour/testdata/2/contourkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAmW56T6NszQusDq15/09fKIXFs7JY02MqFffT5Aby+KWeex4M +KeudNgJpS4L2RaBbg39bxN5vYnCz0k6N732KFjgA663SKkO1cTFNcUkA7+0flX0m +EXhp+XJkUnCY8MGkDaP8N+D7eq4CmH8avdpXzjN5vgEQU0F5yNEDXb0x0fm/f5OK +iaIhRqiUvKGwOKz7lvyNkNOIz8st36oXg+L+gNh0P9J07t7Mq2dA+HfvdifYiLIZ +aTpUnjxPghHlnbd1ePcW2oF2ZowGJO30r4SrNVKbTEHkjVJ/nhuxywvLTpc6F5la +gmevRASkbAs/EJzG3A5Tw8quPtB5kkuA615snwIDAQABAoIBAEGtFbQDO25l4aeC +wGb1/cClymPKItWRbBFtPQktpFGk6zq+OOy0y120GIhXLb3OD34xRQH3SOx1W7PZ +Jk5uiW5LWLGJfR3UT9V9Ci5E1p7c/JkLsgDmb050ldboFb9w1B12pV7x8hOoaroG +JldAIDfGtwULBYbtzwiT14IHm0zKlm9+nCDLKUkxf3PagJTviytlljCpcTYU/heD +PH148BeJ6X8fto3lSGVCK8xsrO4axmXKAt+kGTituX3syGuCxQ6RsxW9bClFUTNI +ceDTlmJXQtIzpxzkoUw7Vo5zVWwKZ0D+TiGKgGx0yr8iaxyqeB2E4gq9q7kxtd5i +ePFdbyECgYEAxlS0nEnXAurjpFCYdydEv7gZeXBxVrx+oGVv3GO8SB6y9kWzSRLV +PvpM954e20U/bhPDaCVUYF8csfQwG3X1Lvv6ExdGB+zg9NwV5z9zKS6gTB6sOf2Y +bCDbaS+S3/lV2V74aslJ629ZQZC/vbZHofywWLyHgZn/5mEq+GYrNjECgYEAxguR +1QEPwFpD+skUtUNgsfcizBY9QaOLlzEL4dDv737+DQ6GT8WzClChhvRNJgPr41tC +JiPGxfIFnXdW28+FmnDFesPuIS8y+HUditbMylQtDAJxlLEJn0IJ3E6Lb62OXiA8 +RV486TD2sp+/vqYNJ4A0nknaulQvrmT3ZrrRi88CgYAHCHHvKN8rB1FTPlhpwUa6 +1bhxif866CxFW9N/qTnABParrQUSjkxpk06vaTgG5om9SY4gX1KCqFzIIrSiBKjR +JbZUfvrIxSmlBTjxnlpjF3gvuta4p7mD/BZLwJggwSK+NpPwlXq9kpFDtfJWs+QO +ZnuKagUUH3XnoYJ4lIbrwQKBgEZEkqCl+MXCAT65G9zYpDVgv3r0JRXmBkBFybZ8 +oLU0NMXDMoqZVdZCF52/jqP/XjHUDltj9EIFhlKBplLlhbzvaFIPtK0Xhxk6zJmX +byAWz8jkERK14fkcwEznnXepd8sT2u6t6iS/F7j3D1yApEgwp/rFr5LPDf/tmQ5d +GL5nAoGAJcW+Aag1oqCuHYrhkZoOIl9+gPIFm2q5LK8bXGvZKoaCU0WbgxttsYPS +61ucCIAf1HdVXkrhh4nSUOa+33YOvM9K5BwyYPT+YvCPZ6UnCoFi0Owbv8w7GnWU +ubVZrIIz3O+RkhFZUhHCKXUCkp8ZDTKKgffC18yO1i+u2QBDmg8= +-----END RSA PRIVATE KEY----- diff --git a/cmd/contour/testdata/2/envoycert.pem b/cmd/contour/testdata/2/envoycert.pem new file mode 100644 index 00000000000..8c073e529f6 --- /dev/null +++ b/cmd/contour/testdata/2/envoycert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIUU2yskngkWNirZxeWaCsOv457Ok8wDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1NDA0OVoXDTI1MDEyNzE1NDA0OVowKjEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMQ4wDAYDVQQDDAVlbnZveTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAMVS11SPLfVll6jpUQSU9cywH3W73y3AgFBbh0SjtaFU +BPtZnSJyUI4tqEmtCKOj6Xixbmxa0t5IrJTMxuTxeJgrynZpYGMM0buA8fQjq+MB +jz0jQ7p01R12d8tQ/xMjpop+OEQuHkWc54e1/qzSG47AOQcIFORhHJzN25Ga0Gz9 +C+JlQ5Nv+MHQVb6iI4ZvJZdpl+ArWLywfQnCbjWeKT/3CZFl8Ul1E9l0QKyZfGtx +Wp7W3Xed0mTSs9Y8y8Xru//VmYDEXqI/xRk18N27/MipwD08BqIDQPAoMcoF90PP +T0g/E9v6kzT/qqC9YoIffaprHtbRDW0CefcRYs+H1RMCAwEAAaNYMFYwHwYDVR0j +BBgwFoAU8l5nIpmMaJnu0Ug0DF1RLYHSdbswCQYDVR0TBAIwADALBgNVHQ8EBAMC +BPAwGwYDVR0RBBQwEoIFZW52b3mCCTEyNy4wLjAuMTANBgkqhkiG9w0BAQsFAAOC +AQEAxocINEiHhWii86wpdMWgp6LXpn/YwX9PTZEuod0CL6tt6f1oFfYsgacd0JuG +Y9NlqG6d9yPIuKQ7qHr+7P1Uj6zddEiGDY+PQq3hAecicuxBFFOp2EqHP6acW88G +0lydKTa17T+GMUVA6TSj0Dovtt4xcJdN0TZgEpgpOsFKNYxAbmL5MCh2xOITuoKA +isodf8ONxBWQVy0yQWrimBILg843E83lgx6WhRebVKLXha53fNGCIWwaLHesJ3a/ +SPgXEZ3KyWObJ01ty8MmGvfs8VAu8QawGhnSEMLr35K2PLgSqablVjsP/NI5gLE1 +sfMITrj/e/7I3FjxL82OPLBcJg== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/2/envoykey.pem b/cmd/contour/testdata/2/envoykey.pem new file mode 100644 index 00000000000..6361ff0d277 --- /dev/null +++ b/cmd/contour/testdata/2/envoykey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAxVLXVI8t9WWXqOlRBJT1zLAfdbvfLcCAUFuHRKO1oVQE+1md +InJQji2oSa0Io6PpeLFubFrS3kislMzG5PF4mCvKdmlgYwzRu4Dx9COr4wGPPSND +unTVHXZ3y1D/EyOmin44RC4eRZznh7X+rNIbjsA5BwgU5GEcnM3bkZrQbP0L4mVD +k2/4wdBVvqIjhm8ll2mX4CtYvLB9CcJuNZ4pP/cJkWXxSXUT2XRArJl8a3Fantbd +d53SZNKz1jzLxeu7/9WZgMReoj/FGTXw3bv8yKnAPTwGogNA8CgxygX3Q89PSD8T +2/qTNP+qoL1igh99qmse1tENbQJ59xFiz4fVEwIDAQABAoIBAHxNzHJrZBNT9W8l +07DkOdfBF4BuYpCK1QpKLnNyAehoal8Au/lINDDs2DfZdjjH+Drc42gE6xO2immO +erkc2NBbvcZMabjcCX9qIoGeuxhdEiP8hB0AnoRZ7es50gX3jmFuU/m3Z8CIsF4Q +qyepkEykEQi58ZdRCdpJ4EjgUu5kep34xpsypWy2a1BwpujrdqUw3o9CzChDyOna +u8/ALAfaemiaY/2Cs+PAF0DRzzqgLjibLbMq9nyRV+hNO3h60vshMphptDHSdEql +8Va2BNOwEiArozwCWu80PLRh1qR6MASNY2YXIIV9UaioOnh35CqT0SvIkCv+PPOS +1HvchXkCgYEA7nMwxso4X51QbVrAgSl+mNx2CBuquB3OgXY+e4NbO6AACumppV6n +uhDli3RdbjFDtrEH55QJFJW/Joa2kqpynYtKKdoBjMoXe+VBmtj4nChbDTdAwgqu +kLASwXousOgCciwwhE8Acrrxkd1TwYLlQkCBINUZ65Vp/zLLd1ydWVcCgYEA09jC +QLNO5Z76kmLNer4alm/J0CsUfst93Q7h7Ff9hJCHIwwVlZoWl5JTTEpQ0/SlbBE3 +/nM8rgl20ueHo2WiAqhIdPFvdWZLVQiPTnSt4D2PcWlFKqMEAp5HbhzqpV8Zofr6 +syvbXGQqz8x11M55e4VYsldANqrOAVTXBKBEwKUCgYBoe+capE+RbhBo6oRB1JnZ +h3jc0qq65KyxQ8vbOVLHzLNYFM02XkSmnnLG6aVq/IFMU0RAcDiOYZOR4SOtHqz8 +ZaWIszNMqt0hd/KIVJyTaIeFQfnJTP7y/YQqbUx6Th+MQdq8jxWGMG5b2RyzRZUJ +s9QhO9+QwDbjETHgyp9UHwKBgGODAZSk5d3E9Q1Ibh9HJ3QdJN6tLd51tjTd5dBA +cO0RevlClu0ESbJ/YLOIgTlfRUljOTtEZG+YMIHXkoZ1mknHROnx85phJ+fUsoR3 +GKoqILR0b7IciyizsvgNi0eNSZwmKhd59XwL7XRZJcyGBNi6BbUYeSh0yXokoTAi +HMmlAoGAJayrtjwTvjDWe+RaV6ZJHYnhFqM+PPZWqHm3zfPZq7KHHgI4l8HEUJMl +lQbPlgDj1J5ZW5kP4zbJE6oIDqD4ePZ5tKHJ0C60+1Fdx5CWfnx8mYjJO+ri+SSl +No0g+hyAoMR+Nlrg9PFOHzdLKI5i9oe7iWaPRm2XjUCY9reqD/I= +-----END RSA PRIVATE KEY-----