From 9c7836236bb07f680c0bf64bbc602164f3b975a1 Mon Sep 17 00:00:00 2001 From: Tero Saarni Date: Wed, 5 Feb 2020 15:06:20 +0200 Subject: [PATCH] cmd/contour: hot-reload certificates and key This change adds support for certificate rotation for XDS gRPC interface between Contour and Envoy. It is achieved by lazily loading certificates and key every time new TLS connection is established by Envoy. This change addresses only the certificate rotation in Contour (server) and similar support is needed for Envoy (client) to cover the whole use case. Signed-off-by: Tero Saarni --- cmd/contour/servecontext.go | 49 +++++-- cmd/contour/servecontext_test.go | 180 ++++++++++++++++++++++++- cmd/contour/testdata/1/CAcert.pem | 20 +++ cmd/contour/testdata/1/CAkey.pem | 28 ++++ cmd/contour/testdata/1/contourcert.pem | 21 +++ cmd/contour/testdata/1/contourkey.pem | 27 ++++ cmd/contour/testdata/1/envoycert.pem | 20 +++ cmd/contour/testdata/1/envoykey.pem | 27 ++++ cmd/contour/testdata/2/CAcert.pem | 20 +++ cmd/contour/testdata/2/CAkey.pem | 28 ++++ cmd/contour/testdata/2/contourcert.pem | 21 +++ cmd/contour/testdata/2/contourkey.pem | 27 ++++ cmd/contour/testdata/2/envoycert.pem | 20 +++ cmd/contour/testdata/2/envoykey.pem | 27 ++++ 14 files changed, 498 insertions(+), 17 deletions(-) create mode 100644 cmd/contour/testdata/1/CAcert.pem create mode 100644 cmd/contour/testdata/1/CAkey.pem create mode 100644 cmd/contour/testdata/1/contourcert.pem create mode 100644 cmd/contour/testdata/1/contourkey.pem create mode 100644 cmd/contour/testdata/1/envoycert.pem create mode 100644 cmd/contour/testdata/1/envoykey.pem create mode 100644 cmd/contour/testdata/2/CAcert.pem create mode 100644 cmd/contour/testdata/2/CAkey.pem create mode 100644 cmd/contour/testdata/2/contourcert.pem create mode 100644 cmd/contour/testdata/2/contourkey.pem create mode 100644 cmd/contour/testdata/2/envoycert.pem create mode 100644 cmd/contour/testdata/2/envoykey.pem diff --git a/cmd/contour/servecontext.go b/cmd/contour/servecontext.go index f2a662fa0cc..b93db596bf0 100644 --- a/cmd/contour/servecontext.go +++ b/cmd/contour/servecontext.go @@ -18,8 +18,8 @@ import ( "crypto/tls" "crypto/x509" "errors" + "fmt" "io/ioutil" - "log" "os" "path/filepath" "strings" @@ -217,26 +217,47 @@ func (ctx *serveContext) grpcOptions() []grpc.ServerOption { // tlsconfig returns a new *tls.Config. If the context is not properly configured // for tls communication, tlsconfig returns nil. func (ctx *serveContext) tlsconfig() *tls.Config { - err := ctx.verifyTLSFlags() check(err) - cert, err := tls.LoadX509KeyPair(ctx.contourCert, ctx.contourKey) - check(err) + // Define a closure that lazily loads certificates and key at TLS handshake + // to ensure that latest certificates are used in case they have been rotated. + loadConfig := func() (*tls.Config, error) { + cert, err := tls.LoadX509KeyPair(ctx.contourCert, ctx.contourKey) + if err != nil { + return nil, err + } + + ca, err := ioutil.ReadFile(ctx.caFile) + if err != nil { + return nil, err + } + + certPool := x509.NewCertPool() + if ok := certPool.AppendCertsFromPEM(ca); !ok { + return nil, fmt.Errorf("unable to append certificate in %s to CA pool", ctx.caFile) + } + + return &tls.Config{ + Certificates: []tls.Certificate{cert}, + ClientAuth: tls.RequireAndVerifyClientCert, + ClientCAs: certPool, + Rand: rand.Reader, + }, nil + } - ca, err := ioutil.ReadFile(ctx.caFile) + // Attempt to load certificates and key to catch configuration errors early. + _, err = loadConfig() check(err) - certPool := x509.NewCertPool() - if ok := certPool.AppendCertsFromPEM(ca); !ok { - log.Fatalf("unable to append certificate in %s to CA pool", ctx.caFile) - } - return &tls.Config{ - Certificates: []tls.Certificate{cert}, - ClientAuth: tls.RequireAndVerifyClientCert, - ClientCAs: certPool, - Rand: rand.Reader, + ClientAuth: tls.RequireAndVerifyClientCert, + Rand: rand.Reader, + GetConfigForClient: func(*tls.ClientHelloInfo) (*tls.Config, error) { + config, err := loadConfig() + check(err) + return config, err + }, } } diff --git a/cmd/contour/servecontext_test.go b/cmd/contour/servecontext_test.go index db5ccc3b6c7..de3b7594a3b 100644 --- a/cmd/contour/servecontext_test.go +++ b/cmd/contour/servecontext_test.go @@ -14,11 +14,20 @@ package main import ( + "crypto/tls" + "crypto/x509" + "encoding/pem" + "io/ioutil" + "net" + "os" + "path/filepath" "reflect" "testing" "time" "github.com/google/go-cmp/cmp" + "github.com/projectcontour/contour/internal/assert" + "google.golang.org/grpc" "gopkg.in/yaml.v2" ) @@ -181,7 +190,7 @@ leaderelection: t.Run(name, func(t *testing.T) { got := newServeContext() err := yaml.Unmarshal([]byte(tc.yamlIn), got) - checkErr(t, err) + checkFatalErr(t, err) want := tc.want() if diff := cmp.Diff(*want, *got, cmp.AllowUnexported(serveContext{})); diff != "" { @@ -191,9 +200,174 @@ leaderelection: } } -func checkErr(t *testing.T, err error) { +// Testdata for this test case can be re-generated by running: +// make gencerts +// cp certs/*.pem cmd/contour/testdata/X/ +func TestServeContextCertificateHandling(t *testing.T) { + tests := map[string]struct { + serverCredentialsDir string + clientCredentialsDir string + expectedServerCert string + expectError bool + }{ + "successful TLS connection established": { + serverCredentialsDir: "testdata/1", + clientCredentialsDir: "testdata/1", + expectedServerCert: "testdata/1/contourcert.pem", + expectError: false, + }, + "rotating server credentials returns new server cert": { + serverCredentialsDir: "testdata/2", + clientCredentialsDir: "testdata/2", + expectedServerCert: "testdata/2/contourcert.pem", + expectError: false, + }, + "rotating server credentials again to ensure rotation can be repeated": { + serverCredentialsDir: "testdata/1", + clientCredentialsDir: "testdata/1", + expectedServerCert: "testdata/1/contourcert.pem", + expectError: false, + }, + "fail to connect with client certificate which is not signed by correct CA": { + serverCredentialsDir: "testdata/2", + clientCredentialsDir: "testdata/1", + expectedServerCert: "testdata/2/contourcert.pem", + expectError: true, + }, + } + + // Create temporary directory to store certificates and key for the server. + configDir, err := ioutil.TempDir("", "contour-testdata-") + checkFatalErr(t, err) + defer os.RemoveAll(configDir) + + ctx := serveContext{ + caFile: filepath.Join(configDir, "CAcert.pem"), + contourCert: filepath.Join(configDir, "contourcert.pem"), + contourKey: filepath.Join(configDir, "contourkey.pem"), + } + + // Initial set of credentials must be linked into temp directory before + // starting the tests to avoid error at server startup. + err = linkFiles("testdata/1", configDir) + checkFatalErr(t, err) + + // Start a dummy server. + opts := ctx.grpcOptions() + g := grpc.NewServer(opts...) + if g == nil { + t.Error("failed to create server") + } + + address := "localhost:8001" + l, err := net.Listen("tcp", address) + checkFatalErr(t, err) + + go func() { + err = g.Serve(l) + checkFatalErr(t, err) + }() + defer g.Stop() + + for name, tc := range tests { + t.Run(name, func(t *testing.T) { + // Link certificates and key to temp dir used by serveContext. + err = linkFiles(tc.serverCredentialsDir, configDir) + checkFatalErr(t, err) + receivedCert, err := tryConnect(address, tc.clientCredentialsDir) + gotError := err != nil + if gotError != tc.expectError { + t.Errorf("Unexpected result when connecting to the server: %s", err) + } + if err == nil { + expectedCert, err := loadCertificate(tc.expectedServerCert) + checkFatalErr(t, err) + assert.Equal(t, receivedCert, expectedCert) + } + }) + } +} + +func checkFatalErr(t *testing.T, err error) { t.Helper() if err != nil { - t.Error(err) + t.Fatal(err) + } +} + +// linkFiles creates symbolic link of files in src directory to the dst directory. +func linkFiles(src string, dst string) error { + absSrc, err := filepath.Abs(src) + if err != nil { + return err + } + + matches, err := filepath.Glob(filepath.Join(absSrc, "*")) + if err != nil { + return err + } + + for _, filename := range matches { + basename := filepath.Base(filename) + os.Remove(filepath.Join(dst, basename)) + err := os.Symlink(filename, filepath.Join(dst, basename)) + if err != nil { + return err + } + } + + return nil +} + +// tryConnect tries to establish TLS connection to the server. +// If successful, return the server certificate. +func tryConnect(address string, clientCredentialsDir string) (*x509.Certificate, error) { + clientCert := filepath.Join(clientCredentialsDir, "envoycert.pem") + clientKey := filepath.Join(clientCredentialsDir, "envoykey.pem") + cert, err := tls.LoadX509KeyPair(clientCert, clientKey) + if err != nil { + return nil, err + } + + clientConfig := &tls.Config{ + ServerName: "localhost", + Certificates: []tls.Certificate{cert}, + InsecureSkipVerify: true, + } + conn, err := tls.Dial("tcp", address, clientConfig) + if err != nil { + return nil, err + } + defer conn.Close() + + err = peekError(conn) + if err != nil { + return nil, err + } + + return conn.ConnectionState().PeerCertificates[0], nil +} + +func loadCertificate(path string) (*x509.Certificate, error) { + buf, err := ioutil.ReadFile(path) + if err != nil { + return nil, err + } + block, _ := pem.Decode(buf) + return x509.ParseCertificate(block.Bytes) +} + +// peekError is a workaround for TLS 1.3: due to shortened handshake, TLS alert +// from server is received at first read from the socket. +// To receive alert for bad certificate, this function tries to read one byte. +// Adapted from https://golang.org/src/crypto/tls/handshake_client_test.go +func peekError(conn net.Conn) error { + _ = conn.SetReadDeadline(time.Now().Add(100 * time.Millisecond)) + _, err := conn.Read(make([]byte, 1)) + if err != nil { + if netErr, ok := err.(net.Error); !ok || !netErr.Timeout() { + return err + } } + return nil } diff --git a/cmd/contour/testdata/1/CAcert.pem b/cmd/contour/testdata/1/CAcert.pem new file mode 100644 index 00000000000..e80dc9ac283 --- /dev/null +++ b/cmd/contour/testdata/1/CAcert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIUHA9n4BBwtiDHvIN4Eq8isFCk+3wwDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1MzkyNFoXDTI1MDEyNzE1MzkyNFowLzEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3VyIENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyX+m7eJzYLHBRIaDftgDovBjtMGQJ8jzNezF +c6uE6PcsQhk7nIj8Czgd8Jr/AsHY8a4x/Pddm86dYzl6XBWSS2ogJYUzCaXAr59q +qT6g5j0/rHlxzWeFge+0EjPQuAphI4kZ4j9Ua014KaMLCxVFXH/c96OHxC3/L1vh +0BKyceVWKfbvn23kc47xylFkFQnmbYxIEkJA4/Jq6ewsBScB1mp24s+xyl1m6ePO +WhMo7Od2xQsUhGKDJYMFV7cXmwDXR2QudZE+OvcaSoVYMktOpyh07RSRQEkx4URY +gc61nkFRekZIc6rfbbK9xMQtcWkbvtopqDiyt1PfWbHaelTgvwIDAQABo1MwUTAd +BgNVHQ4EFgQU02g0ldN022nR81UCP3fN0PkYu7YwHwYDVR0jBBgwFoAU02g0ldN0 +22nR81UCP3fN0PkYu7YwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAmcm2vkBudVY70WcIpUZlRU8NOmUKb6wtSugJ+vPBDyDDN1H+OH0u5l4yXFA8 +87uOS8Z1n+Sxw5fKH1rp/TVbwm++nVJ7RjalRQBG5skdx6J7qEL9H2vx9VHG/7Ib +G+NL95TBtk9042KJFiZXsY8KPA4JSEFPWVIcXmaq2iTJxSMHGD3MQv33yjgXH81U +e09f27Vfbl+YFvkSljZJKxXjgwPVDlo5Sv/9e4mS51dhraEvJV+dubz7EVv/R7F/ +pHX+tVn0+WSfero8cIfhhj1H9+Cn5lnUUHYnnnbrLh5j8ZldniW2nXkOWR5LQN0J +CwkA744hrtGj9dDmI/vwcpQ1tw== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/1/CAkey.pem b/cmd/contour/testdata/1/CAkey.pem new file mode 100644 index 00000000000..0a5872db217 --- /dev/null +++ b/cmd/contour/testdata/1/CAkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJf6bt4nNgscFE +hoN+2AOi8GO0wZAnyPM17MVzq4To9yxCGTuciPwLOB3wmv8CwdjxrjH8912bzp1j +OXpcFZJLaiAlhTMJpcCvn2qpPqDmPT+seXHNZ4WB77QSM9C4CmEjiRniP1RrTXgp +owsLFUVcf9z3o4fELf8vW+HQErJx5VYp9u+fbeRzjvHKUWQVCeZtjEgSQkDj8mrp +7CwFJwHWanbiz7HKXWbp485aEyjs53bFCxSEYoMlgwVXtxebANdHZC51kT469xpK +hVgyS06nKHTtFJFASTHhRFiBzrWeQVF6Rkhzqt9tsr3ExC1xaRu+2imoOLK3U99Z +sdp6VOC/AgMBAAECggEAThXG5cbsuVsJL3oFOUGS3zDTIrgkGhbYkVwpBHNCdVlb +8F2A6V94dQyRJa2bB0GBxd6ghoyB3SBLg6lBjq/ZWppMzN16ctGmAyj/F4kqpy6z +Hy6M+HGWnkz69lbYGooDLNczjabHGzIRT+lcHTZoA7mVMu5Pban5iyvLLWwhdNsf +q9d7pYHt/TxpkkBTZOpDB8B2jFWMKcxBFSdeUE/0DzT5LkqPfgzq//86XGnc2wSj +KAhJipfASApYHwlleqi2OfXiGF+sVQdbqdiVT1SbJheSuRC3yMZc0Njeyf9iUsM+ +LL70lUKRnM+PXENyPNpRGkU6RlDEQ3pnjkNI9UOEMQKBgQDvX8ehWsCkBQmSSfbi +YYSxuu/hzfu/crA+g3fe1mdGwcBipum5kxgF2rj5i4c7RbqqDEqRtFFEpmMoQ8D8 +bHsK3SwcKFPNtX64/OQkTWq+nD0pvVi/ymS/R199Z9K13Fpb93CLU0xftXXDT4yE +UN4NQrFc+zdqEidHeLCxMdwU5wKBgQDXfmwnQk/vz45yaissw+yBanlWpRUEq2fI +acvZ3xWl+1ffkEzY+NeEeIz52BcMf7JwCkD753hSoNh507850GeHlRZ+o2Kq7XAR +N1SVZelG590p2xP1aSE0GnyfeuQd0HZEGrpje8Moi2vMQ2oYd47BoTMlZ2mqawbD +URMm1pWCaQKBgCXegTaFpPRN17XM/cHSq6tyZ4DRlYI0Iq3BHrWiNbR78nOo9FDn +dGV4tMrFyB8YaO9+Ak4KuNCjggxcq6tDfjO5ycCqoJdqnyGk4HLdzIVbMlHoIqI0 +4rtgDztHsY4Tzje+bY+dHfgGPRso+pH0OSzf4C9Vju648H3eGhXuTWMBAoGBAJNq +n9AnlAmownjQ2mJQUZ2i2gkE+6DrJR88CMEt1GBs1gtRatDPQpgT49UTF4lsXgQ5 +b4UkLvLPp+eHjHyfbgOZYP8XBGuL7KtKX6moQvJHscttXHT5C0bai8CJ0D35Gr6y +Tim6Q6Kb5g2hXJYKS/V4MkX3PZjgiIrbDq/2AedpAoGBAIBHeCNIZtydwp8l3imp +zO67h/X1Gp6OOuJe7PK0LgocBCTTmFQrezNgctHEWccV6TlXPYMG5ZrRX5cc4R8D +e7YBvgq2tNg4baRqJLV5/4YRZk93yAB30D18gqeloua8MigxGyT+Usjb0BLRWmVj +HTS5+5+m8y3RxoThspWO8DkY +-----END PRIVATE KEY----- diff --git a/cmd/contour/testdata/1/contourcert.pem b/cmd/contour/testdata/1/contourcert.pem new file mode 100644 index 00000000000..d92d8a801ea --- /dev/null +++ b/cmd/contour/testdata/1/contourcert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIUQ791kdZBTnbqToyBUaKKLuIaqqYwDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1MzkyNFoXDTI1MDEyNzE1MzkyNFowLDEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMRAwDgYDVQQDDAdjb250b3VyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAw6pOu3k8fO6TejESmIKuTFGIuZf/PW86cMImfeHw +DahGVffvbLTK0YNpTeeyuACFH3vgMPMhBpPUVRK/te8cK02kWQGNROQgQMM9KKyb +y//zQTze28SKW2kCrmBg5NWPITjTuZCpx+A/OxX8PTWNQUHXByCshC9GGt+Ks65q +kqD2EuMT5tWeedBWFDYZVYxSxG0AHs41MHbtm9Z642u1q45akNQ2HF24PPH7cxF0 +xKkNHZrdBx4XIst3fvkSTyu9CHG/jbstmHNE5ODo4+4Jk5dl3GUP93BmmPXrcOy+ +VLYZZdvPPlzGBbENRdxs4gONJf0bZE5QF4huyzjt/ISBtwIDAQABo4GdMIGaMB8G +A1UdIwQYMBaAFNNoNJXTdNtp0fNVAj93zdD5GLu2MAkGA1UdEwQCMAAwCwYDVR0P +BAQDAgTwMF8GA1UdEQRYMFaCB2NvbnRvdXKCCTEyNy4wLjAuMYIWY29udG91ci5w +cm9qZWN0Y29udG91coIoY29udG91ci5wcm9qZWN0Y29udG91ci5zdmMuY2x1c3Rl +ci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAQEAig7VDaLjtUeHdTtRXEItZEEgLWcI +6sP6XA1pUcBoCy6lRaVbeqM5Y3tm+HPX0RQoqH200Ub2b3yB84La4V2cy4+DlAoz +gASHOn6Sop7TR7TwFlHEh/r+dAXw2iENYY8oXexmCpa53s1+9WbkzWw1y5wW0fuS +DuIEMYpZvp7mFZD7lzDHQU8ulorddtNVhC60VKPoBr6pWLfT2eYulZTuGt3oUeT5 +x7rxWLFiEi7TT+5dcxEfKwn0bknyjrCWyt0bTkJNl/1anSm8RccmTDY3kGj9YZsY +hZyX+069Mi553cRwd95hWPzttJVSrNhvRCj91IpZgTYEUHLWvWhhs36xFg== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/1/contourkey.pem b/cmd/contour/testdata/1/contourkey.pem new file mode 100644 index 00000000000..e6e093be313 --- /dev/null +++ b/cmd/contour/testdata/1/contourkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAw6pOu3k8fO6TejESmIKuTFGIuZf/PW86cMImfeHwDahGVffv +bLTK0YNpTeeyuACFH3vgMPMhBpPUVRK/te8cK02kWQGNROQgQMM9KKyby//zQTze +28SKW2kCrmBg5NWPITjTuZCpx+A/OxX8PTWNQUHXByCshC9GGt+Ks65qkqD2EuMT +5tWeedBWFDYZVYxSxG0AHs41MHbtm9Z642u1q45akNQ2HF24PPH7cxF0xKkNHZrd +Bx4XIst3fvkSTyu9CHG/jbstmHNE5ODo4+4Jk5dl3GUP93BmmPXrcOy+VLYZZdvP +PlzGBbENRdxs4gONJf0bZE5QF4huyzjt/ISBtwIDAQABAoIBAA0cERBgjBv2xCzQ +suVDBDia0eVVeMV9+VVqvLd8duADYUsLRKBs8JXfDyQoHQJVDpZQb3H4KENPjk9w +5SVkcue32QYZo4R1IHAWZLef8QRXDs5VLL1eysJbI9HZJUTPxjo8m3r4ZVe9/56O +14qmVuODbMvOdaCZpkHQrnNhgUR3pCWAE61NFuCEnxve2CH09jmZosItl7RQx2g4 +lbAfAlg5zd87E9g1mbslfsWwbFvKcbGktGeTzA8VgYj/Fik/ObJmOWe9B2DTTo8K +HBELnv5fVRLSfs51YC3lTNDOVrrWuwdMTofLlcl+0RB6vEA0akpRsJJfvgfmXdYS +LPSknzkCgYEA/x68xfi4a/otJYhqqsw/TI+iy7B8t/lchcuYMAmg41ipWFKWpGrP +Uer19Ca/yJ7cgcfgyg+65HdRxby4izcixXnrSIqA2op7wswqxhNR/d7H8+c4ejMz ++GUwBbFL5yp5D6LhPl+DFGEsB1bm4D51VavLTC+MLdDQo+PZ9fXH+xUCgYEAxFcS +0k9QyIe2VYnfmpCzGUvTr916XXJPEUtvGH7rJsnR8EjLwtMcmXcM/7VO0Btf5rAD +EHFmXg2BPMcOB6DYWOITRfvMXJ/avk0kuhjc385TwzhroVAW9skrtTxiMaNNi4nE +EHxQmBoiz8ElbiaixKPDr163f97NYR7BnNqgjJsCgYEA4fiW2n/40mNxE7qmSIzL +UIQ1fVfg0JAGHNh9/6a3pEgHD51vo0icRAHrQwwDea8Ev8uMV03hi7YIby4/A8id +eu8HsWREx8472wo+pN2+FTD8SRS4GL07vjvacmBdS+959ZifDEFLeIStm/6kV2Hb +Sjv1wZCoCHjaJSCQEeVW8hUCgYB7KPuffS15fNf9dE0VUetm1M/nI5EciRXcDWuU +/BhZ7oOIrMFUZsUr5yf6Rys3E9TmikaBzACgwuvsyhic5GKR7s6UOc0J1SSL9yww +qGP06CJW9U9ekzS0faCzQTt/U6bS/wpEJRcRMmPf2pK2M/oqS2f22/1Tctl2MKrW +z7WiPQKBgHBFlEkTHjC+nqvCy9tfyW3dqseqWa8/mpn0DYyEudYUJMTam339QxVB +5ewYnCU7sSAqVH3BNTQUVWh2KJ2gVitAT3nAkUZASPI5LFrQAiLERvii6oeuhE4L +WwSKVFuctBnrT2ZDTtfhAtIQ8ebkF2kUOhmLmwfaRismiIPt4Nwu +-----END RSA PRIVATE KEY----- diff --git a/cmd/contour/testdata/1/envoycert.pem b/cmd/contour/testdata/1/envoycert.pem new file mode 100644 index 00000000000..1ab7aad52b1 --- /dev/null +++ b/cmd/contour/testdata/1/envoycert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIUQ791kdZBTnbqToyBUaKKLuIaqqcwDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1MzkyNFoXDTI1MDEyNzE1MzkyNFowKjEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMQ4wDAYDVQQDDAVlbnZveTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANYg1iHTm1qwE/LeDci65o6wd+goE354cyU8Z2oQFPPq +VQhzW5AFxnloMBOS9sbCEAWveLmHrjBvKnkAjcuOBmTWfVnCaQlm+j/Cspqx9xvF +N2RBoVrQaOKdiqEnBudTCV6wmcUKCMrtoS3ShQ81PJ7wArA7ERbzmRq3Ys3eceuo +OUJATSZzplaY3eTfBXOh7V4+Vb1hwngdOmetbj+9+xgWi39Xp7Zh6U9DL7dH2Qg8 +dOlY/E54kRuw13XffFdtIwSIRxFhlI2LqeRyhKWp21p9zkCcp+7Nfm3wOnRO62K9 +B25DsVQSGB+gUuakYeF6YLSH8nO50WHgl4g0yi0RoMcCAwEAAaNYMFYwHwYDVR0j +BBgwFoAU02g0ldN022nR81UCP3fN0PkYu7YwCQYDVR0TBAIwADALBgNVHQ8EBAMC +BPAwGwYDVR0RBBQwEoIFZW52b3mCCTEyNy4wLjAuMTANBgkqhkiG9w0BAQsFAAOC +AQEALAyIvQal5g2bKDhF2+/5VkaYV18A27RsmGNZaL5Hd0+066AB0WCCCVbSrzTa +6DlJfElBcT88ddBrf1bB+h4FyQZlNUg+ewl9RfIVOdErYSkFeO5aeCWD2ieLxdH2 +f4W24v+/H8a5daC4K0l0kK3FFM8MUDQy2BAfcbgphehME70Rj6/xX3IZKU4c+Cjb +VIWTyr+RnWgki3iRpyTSQFOkdRtEKVsk+S/mSIOoofbGby85jXpzL2z3XNpoX94K +9rOa76miggoH50TpqDjkWz+wbdQodhw3k8Yjn6s4jW0DiUK7c1ecjrNJW+1GfAOx +cUa45Lfpy5XmCzB+wAISoGvqlQ== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/1/envoykey.pem b/cmd/contour/testdata/1/envoykey.pem new file mode 100644 index 00000000000..6bd76042ee3 --- /dev/null +++ b/cmd/contour/testdata/1/envoykey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA1iDWIdObWrAT8t4NyLrmjrB36CgTfnhzJTxnahAU8+pVCHNb +kAXGeWgwE5L2xsIQBa94uYeuMG8qeQCNy44GZNZ9WcJpCWb6P8KymrH3G8U3ZEGh +WtBo4p2KoScG51MJXrCZxQoIyu2hLdKFDzU8nvACsDsRFvOZGrdizd5x66g5QkBN +JnOmVpjd5N8Fc6HtXj5VvWHCeB06Z61uP737GBaLf1entmHpT0Mvt0fZCDx06Vj8 +TniRG7DXdd98V20jBIhHEWGUjYup5HKEpanbWn3OQJyn7s1+bfA6dE7rYr0HbkOx +VBIYH6BS5qRh4XpgtIfyc7nRYeCXiDTKLRGgxwIDAQABAoIBAQCTZoNBQeN9qBvz +YbxnY5F2xC+mln/k3ZGWHmCp+GwUBEmIybBMEk2wIXKG5vINnGVfJI2cWbQlD0FT +jngNmbT5EVW0xkl7+XFnFuXP65ZJfZdF4o/qbfDlnsFhcfYko1qd3j/cDa5D0xTS +8Eo8T89tMZcILYD0JbhNVdQkF26gYyi+wxmArqayo1kbBj9uB/b2bkeDLIkIMhl5 +OWm8Nq628w/9QvszBvd5jLhBn7QG29IkNmUWse5pr6bfmfRxw5Rw6BKmTfRgZ1Ne +aVGfZOZj0+y5f165Zdoj1HQhYgj+ZDETZwLlMHryM8nAK6AjsVp8fmKg7lYeXs7z +PutbZnjhAoGBAOsjzKeqtOi1m4hXPQoXsqV/bT3m0zl3bRWtSJenDcjRjX9BQKI8 +W2ceDUpRXgP+QCmCJcL4HQCDewSJJ4itrABit2VvKUyKjztUS8dIapx4hXbilmK7 +Cm+xqwFdAsO+5bdNB+Cxliiowk7hyIQmk97/yhk40gA61DzcmtGUx9cpAoGBAOkf +2TrlAaWSrZ69sxUQJjoixIeyfULCaNbjkxGaJmFAUT1EvCWplpfMP5ypBTsQRhSK +r3oiU/Rma/SisgzQa6FrsIQ3un8Es5KKfuBFEhbOHmzsIAgGziAfutscUvwdM2nT +iagBCVIg/xB4FszEZB3el4Q60hPhfBylx7cwSWZvAoGBANGIdTZzyAIW0yILmzkD +JQ6VHqOqrU7oPSyz3ZxGIOJy2cQsQYxQfKLHBNDU8RJd3o8eisfSkQWEJHtGPRRu +rncpgIPDKuoqDrivxVcwENCeFVB7WcdhJUui5t+wImaMFefhnMN9fHF+8KeaSzR3 +rA1roowXNgs+YSJa8xsPmYUBAoGBANAPj7ZDizu19GTX08v5tNRwEU023RrHHgCj +7a9pD9X+LENtZCqM+A2UyjVMmJGFTbaprEFp/9oBy1n0Fsre/SB9V3Y5sqYIkSg5 +mVEZ9DIMVhVKjK/9Otxq1T8XQW0ntqo9lP8vpZz6PAr70wWARgZuknX+dV4vAbEj +uGJjoy7bAoGAJcoNmYMEGi+Q8F2Ksx3KtZcX8oFawnDG4rSNTavS7seu5fUTcnUm +TXlPeGMV4XFZizcRfqmALFBJM1CwkteRKqTUhLH1nxosf4xWkIZL0FmTK22YE8q6 +2U4s19wtV9g3rDVbPgpGQZSl0uvF+uVMijfF5mlMy4aQQYCG1eUKpbc= +-----END RSA PRIVATE KEY----- diff --git a/cmd/contour/testdata/2/CAcert.pem b/cmd/contour/testdata/2/CAcert.pem new file mode 100644 index 00000000000..285c1b7c191 --- /dev/null +++ b/cmd/contour/testdata/2/CAcert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIUdSK1eeLjt51gBSl4wZ3wFSy8zf8wDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1NDA0OVoXDTI1MDEyNzE1NDA0OVowLzEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3VyIENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16U6G0w/kOsWWhfgubkkam40iNBICW6c+1su +tPlIV/laJRxOIvvJ5RUJFQjdLyStfzs2CrA7zRmzIbhE2QgmU8YtOCCbJPBOwUti +C8Cfrh5OZdz2RLCauS+QD9WUlOGOvW+I+I8hzSv7gSPBINLmgM4TQShnmOdUvbD5 +PNytXmFcgWdhAkPLNBKwP+qzvHUBjPFiYqgHeFLi+5ZwEPqldzLXp5JUoSoP3s1+ +Y6iig1/pTZhIqVZP9DqFOSgQ7ZqkG34MYppOlO4cxKLTg6cdqwiLtAtFmgzCRe0g +uegT0aPwyv7uNlB7AQMilX4JJw4vnmQGCn/QrIJMJfPzeDkRcwIDAQABo1MwUTAd +BgNVHQ4EFgQU8l5nIpmMaJnu0Ug0DF1RLYHSdbswHwYDVR0jBBgwFoAU8l5nIpmM +aJnu0Ug0DF1RLYHSdbswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAyKySsIF2etQ2be9odiPNcNBuwbcUIwFxd++b4zPLf/xU5JfRxuV9a7UCbDmy ++eRX/u3WK4uOXrcA4LJ2CGTAb00XqEdRQ7GLTckR9BF514fSnYQPkSiwRNdX5Zg9 +fICt1w+/+y52JqJ2B+2AqTL7gzAojGC8PeMWmR6AfAWbEFFKinkhlMmjMWs9LsoM +C2LKOBzQ1UNTpilr6boQovC9ENtNKnbn2a0fq70rNPn3GDIcC/QfOEjqtbTwKkI7 +fhLJCGRN8vh1WJDPeX+ibPP1ZOevXuEMrp6MFUhHUNM2qRiEtzmW+mXqKngDlppL +/8R1NmX7im8Rxbbi7neK2V/QSQ== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/2/CAkey.pem b/cmd/contour/testdata/2/CAkey.pem new file mode 100644 index 00000000000..e2b151de00d --- /dev/null +++ b/cmd/contour/testdata/2/CAkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXpTobTD+Q6xZa +F+C5uSRqbjSI0EgJbpz7Wy60+UhX+VolHE4i+8nlFQkVCN0vJK1/OzYKsDvNGbMh +uETZCCZTxi04IJsk8E7BS2ILwJ+uHk5l3PZEsJq5L5AP1ZSU4Y69b4j4jyHNK/uB +I8Eg0uaAzhNBKGeY51S9sPk83K1eYVyBZ2ECQ8s0ErA/6rO8dQGM8WJiqAd4UuL7 +lnAQ+qV3MtenklShKg/ezX5jqKKDX+lNmEipVk/0OoU5KBDtmqQbfgximk6U7hzE +otODpx2rCIu0C0WaDMJF7SC56BPRo/DK/u42UHsBAyKVfgknDi+eZAYKf9Csgkwl +8/N4ORFzAgMBAAECggEAbwkrlzy2ilcSBke/NcIoBwlB0aR1Qy4KdL5pmVO2NV42 +VV9yuD6voV4odAVBZnHbR+TkGbLOx/fQra8k/B9fJMmpJPpdCDMYSh0XmfeQAOan +9XlF8O6CbJIZ+p09yT8u8UnJ3DpO7EcWVFNlsRIHEBGMBoPYe/m5P4ctfnIebrZ/ +GKhyKGL4G5J2ODoS2OYEn1j47qmE+aR2CityU0HSLl6yuu83fHrUoRZ7fG4xrLwo +QfJ3XBZCdU17zclF38baOGCm6vD9a1rugVozmlD89T7UV99FzppOPkv1xlwRkbk4 +w6OfFTEtTWiGH51OyrgyMpzhS83xO2fH6zRq4Z55uQKBgQDv0KQYj3fTODffHQs+ +xfnwi7uwPevrtWpNhAQBl/rP6xeU82l7QX1X2TuPJe5v0PjZ2edOzdVXG6YYBJBh +EENnERIrg0FnmlBgAhUqvG5FPKsNsBZnWE5EC8YUBZek7Du/S0wAw9ruzaaiGvvf +CAMiW5JAMsVpeP8HGyldiKZTtQKBgQDmMwAed5FMzV5+fFnmO/UI/5bf1q7032oh +TPyB09wGAdbehZCal3wY7BwL6RL61POwFWkncmvPSLDSQre4DMPOXrDrToSLJtOW +BaoAiF9hvdVZ+aRdXcozLccY8jweGn9hiVDBVYnGztoFWgko6jJwx5grsPfGrgv3 +BlAYs2VZhwKBgQDRpQePIPyTfbX6Kh3GhrP1AXLWo4s2x6VilmIaMo5kbRR0dkZk +JeA5iAJ1JafHwFuLtt5rGa3DNLyCiprc/6as11OXDmuC8ngJNkjiz09m3555nNI5 +Dg19lv1WS31CA/JHTL/oe09NLCLb29MMKqjyxDKaRMgnaEsqHyiOSAN/cQKBgQCX +5f1lHUbuo/F/izSTHOsy1dzLtVDbWnUgpjlUveTIvfv397CUofMMSviyz0hr5Ysr +nOU3V2RWckPjaozqUNn/2jHqA3SokaU6sGAeW958k5Qt+/H+ff4HyWRATM9omdmG +FeMIwBXa7vGkaGX07pz8GGiMJAlLu9s/VJYTxoTRDwKBgF8S8rpjc1DfqDUWBAKg +Uu1l7AhmZlKVYhOx/xali7LIAKzT1F10N8YBmQK+q4QeJ4lhlfOHzE/COBzyMfNo +RVwsgAFon3LYOwpe1Ete+/66y1EQR7QAykVdxa9lIx9FHeR1tRVZEOMKPtpk9Xpf +D6U0mFbSCrcw/a2axq9jYQpp +-----END PRIVATE KEY----- diff --git a/cmd/contour/testdata/2/contourcert.pem b/cmd/contour/testdata/2/contourcert.pem new file mode 100644 index 00000000000..5479c74b4d8 --- /dev/null +++ b/cmd/contour/testdata/2/contourcert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIUU2yskngkWNirZxeWaCsOv457Ok4wDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1NDA0OVoXDTI1MDEyNzE1NDA0OVowLDEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMRAwDgYDVQQDDAdjb250b3VyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAmW56T6NszQusDq15/09fKIXFs7JY02MqFffT5Aby ++KWeex4MKeudNgJpS4L2RaBbg39bxN5vYnCz0k6N732KFjgA663SKkO1cTFNcUkA +7+0flX0mEXhp+XJkUnCY8MGkDaP8N+D7eq4CmH8avdpXzjN5vgEQU0F5yNEDXb0x +0fm/f5OKiaIhRqiUvKGwOKz7lvyNkNOIz8st36oXg+L+gNh0P9J07t7Mq2dA+Hfv +difYiLIZaTpUnjxPghHlnbd1ePcW2oF2ZowGJO30r4SrNVKbTEHkjVJ/nhuxywvL +Tpc6F5lagmevRASkbAs/EJzG3A5Tw8quPtB5kkuA615snwIDAQABo4GdMIGaMB8G +A1UdIwQYMBaAFPJeZyKZjGiZ7tFINAxdUS2B0nW7MAkGA1UdEwQCMAAwCwYDVR0P +BAQDAgTwMF8GA1UdEQRYMFaCB2NvbnRvdXKCCTEyNy4wLjAuMYIWY29udG91ci5w +cm9qZWN0Y29udG91coIoY29udG91ci5wcm9qZWN0Y29udG91ci5zdmMuY2x1c3Rl +ci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAQEAScPu1TAnSWeUYiwLKEGCMcnD4lyh +Z5oAoDAC8Jmpn9ztHlGtDIwQk2lJBi3+wdSCsCSR9KJSM1g3Eu1B5ApbOrfGCmod +dchd2NuUfWYxfpnl2G9PciKrkI9fSVz9YwGZfIzDpzkGXise+AhE/7sRdNbVktc8 +oCllapD5njF0JA6C5WrmNFsufNxaaa0PfTXon2cfpppTfU4B7b/gRbxDd/WKTB/A +ArdYnejomi25wCMLw1zwFPtBvp2mpX8WrEFSoHLTg3kS66WRNd5Mvi+YLFMzs+kn +RNhUoFmpgs3jNSkGQh/JeXf2sL82HubRu/1ZjmiZh4Qy31aQWi9G3kTH5w== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/2/contourkey.pem b/cmd/contour/testdata/2/contourkey.pem new file mode 100644 index 00000000000..5d471ac1652 --- /dev/null +++ b/cmd/contour/testdata/2/contourkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAmW56T6NszQusDq15/09fKIXFs7JY02MqFffT5Aby+KWeex4M +KeudNgJpS4L2RaBbg39bxN5vYnCz0k6N732KFjgA663SKkO1cTFNcUkA7+0flX0m +EXhp+XJkUnCY8MGkDaP8N+D7eq4CmH8avdpXzjN5vgEQU0F5yNEDXb0x0fm/f5OK +iaIhRqiUvKGwOKz7lvyNkNOIz8st36oXg+L+gNh0P9J07t7Mq2dA+HfvdifYiLIZ +aTpUnjxPghHlnbd1ePcW2oF2ZowGJO30r4SrNVKbTEHkjVJ/nhuxywvLTpc6F5la +gmevRASkbAs/EJzG3A5Tw8quPtB5kkuA615snwIDAQABAoIBAEGtFbQDO25l4aeC +wGb1/cClymPKItWRbBFtPQktpFGk6zq+OOy0y120GIhXLb3OD34xRQH3SOx1W7PZ +Jk5uiW5LWLGJfR3UT9V9Ci5E1p7c/JkLsgDmb050ldboFb9w1B12pV7x8hOoaroG +JldAIDfGtwULBYbtzwiT14IHm0zKlm9+nCDLKUkxf3PagJTviytlljCpcTYU/heD +PH148BeJ6X8fto3lSGVCK8xsrO4axmXKAt+kGTituX3syGuCxQ6RsxW9bClFUTNI +ceDTlmJXQtIzpxzkoUw7Vo5zVWwKZ0D+TiGKgGx0yr8iaxyqeB2E4gq9q7kxtd5i +ePFdbyECgYEAxlS0nEnXAurjpFCYdydEv7gZeXBxVrx+oGVv3GO8SB6y9kWzSRLV +PvpM954e20U/bhPDaCVUYF8csfQwG3X1Lvv6ExdGB+zg9NwV5z9zKS6gTB6sOf2Y +bCDbaS+S3/lV2V74aslJ629ZQZC/vbZHofywWLyHgZn/5mEq+GYrNjECgYEAxguR +1QEPwFpD+skUtUNgsfcizBY9QaOLlzEL4dDv737+DQ6GT8WzClChhvRNJgPr41tC +JiPGxfIFnXdW28+FmnDFesPuIS8y+HUditbMylQtDAJxlLEJn0IJ3E6Lb62OXiA8 +RV486TD2sp+/vqYNJ4A0nknaulQvrmT3ZrrRi88CgYAHCHHvKN8rB1FTPlhpwUa6 +1bhxif866CxFW9N/qTnABParrQUSjkxpk06vaTgG5om9SY4gX1KCqFzIIrSiBKjR +JbZUfvrIxSmlBTjxnlpjF3gvuta4p7mD/BZLwJggwSK+NpPwlXq9kpFDtfJWs+QO +ZnuKagUUH3XnoYJ4lIbrwQKBgEZEkqCl+MXCAT65G9zYpDVgv3r0JRXmBkBFybZ8 +oLU0NMXDMoqZVdZCF52/jqP/XjHUDltj9EIFhlKBplLlhbzvaFIPtK0Xhxk6zJmX +byAWz8jkERK14fkcwEznnXepd8sT2u6t6iS/F7j3D1yApEgwp/rFr5LPDf/tmQ5d +GL5nAoGAJcW+Aag1oqCuHYrhkZoOIl9+gPIFm2q5LK8bXGvZKoaCU0WbgxttsYPS +61ucCIAf1HdVXkrhh4nSUOa+33YOvM9K5BwyYPT+YvCPZ6UnCoFi0Owbv8w7GnWU +ubVZrIIz3O+RkhFZUhHCKXUCkp8ZDTKKgffC18yO1i+u2QBDmg8= +-----END RSA PRIVATE KEY----- diff --git a/cmd/contour/testdata/2/envoycert.pem b/cmd/contour/testdata/2/envoycert.pem new file mode 100644 index 00000000000..8c073e529f6 --- /dev/null +++ b/cmd/contour/testdata/2/envoycert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIUU2yskngkWNirZxeWaCsOv457Ok8wDQYJKoZIhvcNAQEL +BQAwLzEYMBYGA1UECgwPUHJvamVjdCBDb250b3VyMRMwEQYDVQQDDApDb250b3Vy +IENBMB4XDTIwMDEyOTE1NDA0OVoXDTI1MDEyNzE1NDA0OVowKjEYMBYGA1UECgwP +UHJvamVjdCBDb250b3VyMQ4wDAYDVQQDDAVlbnZveTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAMVS11SPLfVll6jpUQSU9cywH3W73y3AgFBbh0SjtaFU +BPtZnSJyUI4tqEmtCKOj6Xixbmxa0t5IrJTMxuTxeJgrynZpYGMM0buA8fQjq+MB +jz0jQ7p01R12d8tQ/xMjpop+OEQuHkWc54e1/qzSG47AOQcIFORhHJzN25Ga0Gz9 +C+JlQ5Nv+MHQVb6iI4ZvJZdpl+ArWLywfQnCbjWeKT/3CZFl8Ul1E9l0QKyZfGtx +Wp7W3Xed0mTSs9Y8y8Xru//VmYDEXqI/xRk18N27/MipwD08BqIDQPAoMcoF90PP +T0g/E9v6kzT/qqC9YoIffaprHtbRDW0CefcRYs+H1RMCAwEAAaNYMFYwHwYDVR0j +BBgwFoAU8l5nIpmMaJnu0Ug0DF1RLYHSdbswCQYDVR0TBAIwADALBgNVHQ8EBAMC +BPAwGwYDVR0RBBQwEoIFZW52b3mCCTEyNy4wLjAuMTANBgkqhkiG9w0BAQsFAAOC +AQEAxocINEiHhWii86wpdMWgp6LXpn/YwX9PTZEuod0CL6tt6f1oFfYsgacd0JuG +Y9NlqG6d9yPIuKQ7qHr+7P1Uj6zddEiGDY+PQq3hAecicuxBFFOp2EqHP6acW88G +0lydKTa17T+GMUVA6TSj0Dovtt4xcJdN0TZgEpgpOsFKNYxAbmL5MCh2xOITuoKA +isodf8ONxBWQVy0yQWrimBILg843E83lgx6WhRebVKLXha53fNGCIWwaLHesJ3a/ +SPgXEZ3KyWObJ01ty8MmGvfs8VAu8QawGhnSEMLr35K2PLgSqablVjsP/NI5gLE1 +sfMITrj/e/7I3FjxL82OPLBcJg== +-----END CERTIFICATE----- diff --git a/cmd/contour/testdata/2/envoykey.pem b/cmd/contour/testdata/2/envoykey.pem new file mode 100644 index 00000000000..6361ff0d277 --- /dev/null +++ b/cmd/contour/testdata/2/envoykey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAxVLXVI8t9WWXqOlRBJT1zLAfdbvfLcCAUFuHRKO1oVQE+1md +InJQji2oSa0Io6PpeLFubFrS3kislMzG5PF4mCvKdmlgYwzRu4Dx9COr4wGPPSND +unTVHXZ3y1D/EyOmin44RC4eRZznh7X+rNIbjsA5BwgU5GEcnM3bkZrQbP0L4mVD +k2/4wdBVvqIjhm8ll2mX4CtYvLB9CcJuNZ4pP/cJkWXxSXUT2XRArJl8a3Fantbd +d53SZNKz1jzLxeu7/9WZgMReoj/FGTXw3bv8yKnAPTwGogNA8CgxygX3Q89PSD8T +2/qTNP+qoL1igh99qmse1tENbQJ59xFiz4fVEwIDAQABAoIBAHxNzHJrZBNT9W8l +07DkOdfBF4BuYpCK1QpKLnNyAehoal8Au/lINDDs2DfZdjjH+Drc42gE6xO2immO +erkc2NBbvcZMabjcCX9qIoGeuxhdEiP8hB0AnoRZ7es50gX3jmFuU/m3Z8CIsF4Q +qyepkEykEQi58ZdRCdpJ4EjgUu5kep34xpsypWy2a1BwpujrdqUw3o9CzChDyOna +u8/ALAfaemiaY/2Cs+PAF0DRzzqgLjibLbMq9nyRV+hNO3h60vshMphptDHSdEql +8Va2BNOwEiArozwCWu80PLRh1qR6MASNY2YXIIV9UaioOnh35CqT0SvIkCv+PPOS +1HvchXkCgYEA7nMwxso4X51QbVrAgSl+mNx2CBuquB3OgXY+e4NbO6AACumppV6n +uhDli3RdbjFDtrEH55QJFJW/Joa2kqpynYtKKdoBjMoXe+VBmtj4nChbDTdAwgqu +kLASwXousOgCciwwhE8Acrrxkd1TwYLlQkCBINUZ65Vp/zLLd1ydWVcCgYEA09jC +QLNO5Z76kmLNer4alm/J0CsUfst93Q7h7Ff9hJCHIwwVlZoWl5JTTEpQ0/SlbBE3 +/nM8rgl20ueHo2WiAqhIdPFvdWZLVQiPTnSt4D2PcWlFKqMEAp5HbhzqpV8Zofr6 +syvbXGQqz8x11M55e4VYsldANqrOAVTXBKBEwKUCgYBoe+capE+RbhBo6oRB1JnZ +h3jc0qq65KyxQ8vbOVLHzLNYFM02XkSmnnLG6aVq/IFMU0RAcDiOYZOR4SOtHqz8 +ZaWIszNMqt0hd/KIVJyTaIeFQfnJTP7y/YQqbUx6Th+MQdq8jxWGMG5b2RyzRZUJ +s9QhO9+QwDbjETHgyp9UHwKBgGODAZSk5d3E9Q1Ibh9HJ3QdJN6tLd51tjTd5dBA +cO0RevlClu0ESbJ/YLOIgTlfRUljOTtEZG+YMIHXkoZ1mknHROnx85phJ+fUsoR3 +GKoqILR0b7IciyizsvgNi0eNSZwmKhd59XwL7XRZJcyGBNi6BbUYeSh0yXokoTAi +HMmlAoGAJayrtjwTvjDWe+RaV6ZJHYnhFqM+PPZWqHm3zfPZq7KHHgI4l8HEUJMl +lQbPlgDj1J5ZW5kP4zbJE6oIDqD4ePZ5tKHJ0C60+1Fdx5CWfnx8mYjJO+ri+SSl +No0g+hyAoMR+Nlrg9PFOHzdLKI5i9oe7iWaPRm2XjUCY9reqD/I= +-----END RSA PRIVATE KEY-----