diff --git a/.circleci/config.yml b/.circleci/config.yml index 6940b803..200be6e7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -13,7 +13,7 @@ jobs: type: boolean default: true docker: - - image: circleci/golang:<< parameters.go_version >> + - image: cimg/go:<< parameters.go_version >> steps: - checkout - when: @@ -38,7 +38,7 @@ jobs: type: boolean default: true docker: - - image: circleci/golang:<< parameters.go_version >> + - image: cimg/go:<< parameters.go_version >> steps: - checkout - when: @@ -62,7 +62,7 @@ jobs: type: boolean default: true docker: - - image: circleci/golang:<< parameters.go_version >> + - image: cimg/go:<< parameters.go_version >> steps: - checkout - when: @@ -93,12 +93,13 @@ workflows: go_version: - "1.16" - "1.17" + - "1.18" - test-assets: name: assets-go-<< matrix.go_version >> matrix: parameters: go_version: - - "1.17" + - "1.18" - style: name: style - go_version: "1.17" + go_version: "1.18" diff --git a/Makefile b/Makefile index fbed72d6..2ff51d19 100644 --- a/Makefile +++ b/Makefile @@ -15,3 +15,7 @@ include Makefile.common .PHONY: test test:: deps check_license unused common-test lint + +.PHONY: generate-testdata +generate-testdata: + @cd config && go run generate.go diff --git a/Makefile.common b/Makefile.common index 5ab1b142..6c8e3e21 100644 --- a/Makefile.common +++ b/Makefile.common @@ -36,29 +36,6 @@ GO_VERSION ?= $(shell $(GO) version) GO_VERSION_NUMBER ?= $(word 3, $(GO_VERSION)) PRE_GO_111 ?= $(shell echo $(GO_VERSION_NUMBER) | grep -E 'go1\.(10|[0-9])\.') -GOVENDOR := -GO111MODULE := -ifeq (, $(PRE_GO_111)) - ifneq (,$(wildcard go.mod)) - # Enforce Go modules support just in case the directory is inside GOPATH (and for Travis CI). - GO111MODULE := on - - ifneq (,$(wildcard vendor)) - # Always use the local vendor/ directory to satisfy the dependencies. - GOOPTS := $(GOOPTS) -mod=vendor - endif - endif -else - ifneq (,$(wildcard go.mod)) - ifneq (,$(wildcard vendor)) -$(warning This repository requires Go >= 1.11 because of Go modules) -$(warning Some recipes may not work as expected as the current Go runtime is '$(GO_VERSION_NUMBER)') - endif - else - # This repository isn't using Go modules (yet). - GOVENDOR := $(FIRST_GOPATH)/bin/govendor - endif -endif PROMU := $(FIRST_GOPATH)/bin/promu pkgs = ./... @@ -83,7 +60,7 @@ PROMU_URL := https://github.com/prometheus/promu/releases/download/v$(PROMU_ GOLANGCI_LINT := GOLANGCI_LINT_OPTS ?= -GOLANGCI_LINT_VERSION ?= v1.44.2 +GOLANGCI_LINT_VERSION ?= v1.45.2 # golangci-lint only supports linux, darwin and windows platforms on i386/amd64. # windows isn't included here because of the path separator being different. ifeq ($(GOHOSTOS),$(filter $(GOHOSTOS),linux darwin)) @@ -150,11 +127,7 @@ common-check_license: .PHONY: common-deps common-deps: @echo ">> getting dependencies" -ifdef GO111MODULE - GO111MODULE=$(GO111MODULE) $(GO) mod download -else - $(GO) get $(GOOPTS) -t ./... -endif + $(GO) mod download .PHONY: update-go-deps update-go-deps: @@ -162,20 +135,17 @@ update-go-deps: @for m in $$($(GO) list -mod=readonly -m -f '{{ if and (not .Indirect) (not .Main)}}{{.Path}}{{end}}' all); do \ $(GO) get -d $$m; \ done - GO111MODULE=$(GO111MODULE) $(GO) mod tidy -ifneq (,$(wildcard vendor)) - GO111MODULE=$(GO111MODULE) $(GO) mod vendor -endif + $(GO) mod tidy .PHONY: common-test-short common-test-short: $(GOTEST_DIR) @echo ">> running short tests" - GO111MODULE=$(GO111MODULE) $(GOTEST) -short $(GOOPTS) $(pkgs) + $(GOTEST) -short $(GOOPTS) $(pkgs) .PHONY: common-test common-test: $(GOTEST_DIR) @echo ">> running all tests" - GO111MODULE=$(GO111MODULE) $(GOTEST) $(test-flags) $(GOOPTS) $(pkgs) + $(GOTEST) $(test-flags) $(GOOPTS) $(pkgs) $(GOTEST_DIR): @mkdir -p $@ @@ -183,25 +153,21 @@ $(GOTEST_DIR): .PHONY: common-format common-format: @echo ">> formatting code" - GO111MODULE=$(GO111MODULE) $(GO) fmt $(pkgs) + $(GO) fmt $(pkgs) .PHONY: common-vet common-vet: @echo ">> vetting code" - GO111MODULE=$(GO111MODULE) $(GO) vet $(GOOPTS) $(pkgs) + $(GO) vet $(GOOPTS) $(pkgs) .PHONY: common-lint common-lint: $(GOLANGCI_LINT) ifdef GOLANGCI_LINT @echo ">> running golangci-lint" -ifdef GO111MODULE # 'go list' needs to be executed before staticcheck to prepopulate the modules cache. # Otherwise staticcheck might fail randomly for some reason not yet explained. - GO111MODULE=$(GO111MODULE) $(GO) list -e -compiled -test=true -export=false -deps=true -find=false -tags= -- ./... > /dev/null - GO111MODULE=$(GO111MODULE) $(GOLANGCI_LINT) run $(GOLANGCI_LINT_OPTS) $(pkgs) -else - $(GOLANGCI_LINT) run $(pkgs) -endif + $(GO) list -e -compiled -test=true -export=false -deps=true -find=false -tags= -- ./... > /dev/null + $(GOLANGCI_LINT) run $(GOLANGCI_LINT_OPTS) $(pkgs) endif .PHONY: common-yamllint @@ -218,28 +184,15 @@ endif common-staticcheck: lint .PHONY: common-unused -common-unused: $(GOVENDOR) -ifdef GOVENDOR - @echo ">> running check for unused packages" - @$(GOVENDOR) list +unused | grep . && exit 1 || echo 'No unused packages' -else -ifdef GO111MODULE +common-unused: @echo ">> running check for unused/missing packages in go.mod" - GO111MODULE=$(GO111MODULE) $(GO) mod tidy -ifeq (,$(wildcard vendor)) + $(GO) mod tidy @git diff --exit-code -- go.sum go.mod -else - @echo ">> running check for unused packages in vendor/" - GO111MODULE=$(GO111MODULE) $(GO) mod vendor - @git diff --exit-code -- go.sum go.mod vendor/ -endif -endif -endif .PHONY: common-build common-build: promu @echo ">> building binaries" - GO111MODULE=$(GO111MODULE) $(PROMU) build --prefix $(PREFIX) $(PROMU_BINARIES) + $(PROMU) build --prefix $(PREFIX) $(PROMU_BINARIES) .PHONY: common-tarball common-tarball: promu @@ -295,12 +248,6 @@ $(GOLANGCI_LINT): | sh -s -- -b $(FIRST_GOPATH)/bin $(GOLANGCI_LINT_VERSION) endif -ifdef GOVENDOR -.PHONY: $(GOVENDOR) -$(GOVENDOR): - GOOS= GOARCH= $(GO) get -u github.com/kardianos/govendor -endif - .PHONY: precheck precheck:: diff --git a/config/generate.go b/config/generate.go new file mode 100644 index 00000000..8b17f9d3 --- /dev/null +++ b/config/generate.go @@ -0,0 +1,245 @@ +// Copyright 2020 The Prometheus-operator Authors +// Copyright 2022 The Prometheus Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +//go:build ignore +// +build ignore + +// Program generating TLS certificates and keys for the tests. +package main + +import ( + "bytes" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "fmt" + "io" + "io/ioutil" + "log" + "math/big" + "net" + "time" +) + +const ( + validityPeriod = 50 * 365 * 24 * time.Hour +) + +func EncodeCertificate(w io.Writer, cert *x509.Certificate) error { + return pem.Encode(w, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}) +} + +func EncodeKey(w io.Writer, priv *rsa.PrivateKey) error { + b, err := x509.MarshalPKCS8PrivateKey(priv) + if err != nil { + return fmt.Errorf("failed to marshal private key: %v", err) + } + + return pem.Encode(w, &pem.Block{Type: "PRIVATE KEY", Bytes: b}) +} + +var serialNumber *big.Int + +func init() { + serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) + + var err error + serialNumber, err = rand.Int(rand.Reader, serialNumberLimit) + if err != nil { + panic(fmt.Errorf("failed to generate serial number: %v", err)) + } +} + +func SerialNumber() *big.Int { + var serial big.Int + + serial.Set(serialNumber) + serialNumber.Add(&serial, big.NewInt(1)) + + return &serial + +} + +func GenerateCertificateAuthority(commonName string, parentCert *x509.Certificate, parentKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error) { + now := time.Now() + + caKey, err := rsa.GenerateKey(rand.Reader, 4096) + if err != nil { + return nil, nil, fmt.Errorf("failed to generate CA private key: %v", err) + } + + caCert := &x509.Certificate{ + SerialNumber: SerialNumber(), + Subject: pkix.Name{ + Country: []string{"US"}, + Organization: []string{"Prometheus"}, + OrganizationalUnit: []string{"Prometheus Certificate Authority"}, + CommonName: commonName, + }, + NotBefore: now, + NotAfter: now.Add(validityPeriod), + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign, + IsCA: true, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, + BasicConstraintsValid: true, + } + + if parentCert == nil && parentKey == nil { + parentCert = caCert + parentKey = caKey + } + + b, err := x509.CreateCertificate(rand.Reader, caCert, parentCert, &caKey.PublicKey, parentKey) + if err != nil { + return nil, nil, fmt.Errorf("failed to create CA certificate: %v", err) + } + + caCert, err = x509.ParseCertificate(b) + if err != nil { + return nil, nil, fmt.Errorf("failed to decode CA certificate: %v", err) + } + + return caCert, caKey, nil +} + +func GenerateCertificate(caCert *x509.Certificate, caKey *rsa.PrivateKey, server bool, name string, ipAddresses ...net.IP) (*x509.Certificate, *rsa.PrivateKey, error) { + now := time.Now() + + key, err := rsa.GenerateKey(rand.Reader, 4096) + if err != nil { + return nil, nil, fmt.Errorf("failed to generate private key: %v", err) + } + + cert := &x509.Certificate{ + SerialNumber: SerialNumber(), + Subject: pkix.Name{ + Country: []string{"US"}, + Organization: []string{"Prometheus"}, + CommonName: name, + }, + NotBefore: now, + NotAfter: now.Add(validityPeriod), + KeyUsage: x509.KeyUsageKeyEncipherment, + BasicConstraintsValid: true, + } + + if server { + cert.DNSNames = []string{name} + cert.IPAddresses = ipAddresses + cert.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth} + } else { + cert.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth} + } + + if caCert == nil && caKey == nil { + caCert = cert + caKey = key + } + + b, err := x509.CreateCertificate(rand.Reader, cert, caCert, &key.PublicKey, caKey) + if err != nil { + return nil, nil, fmt.Errorf("failed to create certificate: %v", err) + } + + cert, err = x509.ParseCertificate(b) + if err != nil { + return nil, nil, fmt.Errorf("failed to decode certificate: %v", err) + } + + return cert, key, nil +} + +func writeCertificateAndKey(path string, cert *x509.Certificate, key *rsa.PrivateKey) error { + var b bytes.Buffer + + if err := EncodeCertificate(&b, cert); err != nil { + return err + } + + if err := ioutil.WriteFile(fmt.Sprintf("%s.crt", path), b.Bytes(), 0644); err != nil { + return err + } + + b.Reset() + if err := EncodeKey(&b, key); err != nil { + return err + } + + if err := ioutil.WriteFile(fmt.Sprintf("%s.key", path), b.Bytes(), 0644); err != nil { + return err + } + + return nil +} + +func main() { + log.Println("Generating root CA") + rootCert, rootKey, err := GenerateCertificateAuthority("Prometheus Root CA", nil, nil) + if err != nil { + log.Fatal(err) + } + + log.Println("Generating CA") + caCert, caKey, err := GenerateCertificateAuthority("Prometheus TLS CA", rootCert, rootKey) + if err != nil { + log.Fatal(err) + } + + log.Println("Generating server certificate") + cert, key, err := GenerateCertificate(caCert, caKey, true, "localhost", net.IPv4(127, 0, 0, 1), net.IPv4(127, 0, 0, 0)) + if err != nil { + log.Fatal(err) + } + + if err := writeCertificateAndKey("testdata/server", cert, key); err != nil { + log.Fatal(err) + } + + log.Println("Generating client certificate") + cert, key, err = GenerateCertificate(caCert, caKey, false, "localhost") + if err != nil { + log.Fatal(err) + } + + if err := writeCertificateAndKey("testdata/client", cert, key); err != nil { + log.Fatal(err) + } + + log.Println("Generating self-signed client certificate") + cert, key, err = GenerateCertificate(nil, nil, false, "localhost") + if err != nil { + log.Fatal(err) + } + + if err := writeCertificateAndKey("testdata/self-signed-client", cert, key); err != nil { + log.Fatal(err) + } + + log.Println("Generating CA bundle") + var b bytes.Buffer + if err := EncodeCertificate(&b, caCert); err != nil { + log.Fatal(err) + } + + if err := EncodeCertificate(&b, rootCert); err != nil { + log.Fatal(err) + } + + if err := ioutil.WriteFile("testdata/tls-ca-chain.pem", b.Bytes(), 0644); err != nil { + log.Fatal(err) + } +} diff --git a/config/http_config_test.go b/config/http_config_test.go index 06eb6d04..42cd851b 100644 --- a/config/http_config_test.go +++ b/config/http_config_test.go @@ -43,8 +43,8 @@ const ( ServerCertificatePath = "testdata/server.crt" ServerKeyPath = "testdata/server.key" ClientCertificatePath = "testdata/client.crt" - ClientKeyNoPassPath = "testdata/client-no-pass.key" - InvalidCA = "testdata/client-no-pass.key" + ClientKeyNoPassPath = "testdata/client.key" + InvalidCA = "testdata/client.key" WrongClientCertPath = "testdata/self-signed-client.crt" WrongClientKeyPath = "testdata/self-signed-client.key" EmptyFile = "testdata/empty" diff --git a/config/testdata/client-no-pass.key b/config/testdata/client-no-pass.key deleted file mode 100644 index ac0e28a5..00000000 --- a/config/testdata/client-no-pass.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC307b8Il9zajKw -mkOih8sfYI+O9gSTvvyQN7Bh+Bu6lLN+XhtRxt+ZqOHfqo30EuPmdScMrqregqup -VPGKgfkXVP3hF5rYdWqZx4XOKdyxbaarZupkAv2gtVNEBSmVSj8urt5WZOJVnF7Q -GmhCAHpx34L5CCPYDXJBd5ExLwGIByKxQNugor7dJx8ehmVkGKto01GWjgY+sPYp -lV9KxvD49ygXYQ6VAqgt/V2EG/PMmT0/jUtmM2tYDFztPkSISJg0vB/f9zHlYIdD -GjkBjngekAij77T93xEuouox25UtXmg6ApqvDVEiBxZmN5Dt70HBsQ+IftENEUoY -8jhrImwBAgMBAAECggEBAJNlgjK3SPvdKlnqx9KZuagmH9YMs+zX1eG5lYdojqtT -snzf7l3q7b1i6gIS2pHbV7uhMjd8EmwqMIStJKPfxaAMuSj0aWeo9lnp3wNJE7l8 -54hGFCkvMLjcy7Adx5L6HqFK++IgME9e+7M3iWNqyMNn6bfO7Ba/6V5PBi9+tmaf -nZWqgY2Kf8A2iNnm9RvmiwQ42nsjVsKcXzGdBmFTp69ar/QWtk1dWDajUVw/NctM -cs+IypPjZiAE3CgyyiLKzG9CWCjkfMEd14uxFE73q2SAG6RWYSnv1M3WOupAF0rP -ll/NMXaMjLlq2q3B9v2ZAaojbbWlHLDdEpE/jwXkkwECgYEA5iWN7SGH8ZE6wDfO -EYuTQKpqYt1WbCQxv77leuGcm1KlFYfV8LsB/9xiocVtGm7N126zuwfgzfkIZWQD -KrpoFUkz1jUg+kHCqf4FO8hzR0By3hbdTImJQILtC/K3fHJtexFKiW82mb40lgYc -+Mk6Nb5CmL6VCX5u8MNBvD8WaLECgYEAzHofIneLLLqF2f2uVzF743CdgP1h0fPI -BS3akp56/8qzQWNW+natJRxiTh2R8gdvB+P/UtEZR8E+FbSzZ4dIRrxIi44ew0Cr -sROaP4LkaZFflKS/fD8S1M7yZQhussRoRWH0BDvM0hsu6UTGlESHX73b7js4AHpB -2q4frJMTDFECgYBr2f2Aus3yLpTRr1Uqc7Y1/6aLXh4531xQ9yyjQUcaosgqJtXj -Uj/Fn4m5NcPDN1nPM1mWtEJtQ97jZNL3GxPbpcpc/9jMbjTDZP8e3Pjo0xMBcMWU -MH/Zc4GSr9O8xgL4QUokzbFQqwoJpCO/ks1skhSzb9x37oAe4+HSTd46gQKBgQCk -+9hJSCl8kpdTl5Nm+R9cGU6MeGXIMKnwO9pDOSpHX7cZCF1yw/Tan7dWDhfnMEZP -GJC3ss1yDyLYArBK1WXk5SCnsalyo6ikvQtVOXixEUIMvo1eY8n++WetS4t+JGl5 -qhponBOcZ6CHSR3tHgoYnyloZFHAWOTv3FTkOttAsQKBgQCzWSO2TA4v/vIKIrSV -Lf2cI51imcy/JCsYUU+o66VQ6QdIJlfamuAKaKYAwfJtHtZOzAgrh09JV3qEEtN5 -duBdXiuygAz8eHbqSoSe5FYgImI0BREDq8Zm3ArgUhv6S9aBeg/mS1W/5ZfmV2cT -0MdlE8vUtcbDkmKpi7CaklzMNw== ------END PRIVATE KEY----- diff --git a/config/testdata/client.crt b/config/testdata/client.crt index b406f392..5e68bd44 100644 --- a/config/testdata/client.crt +++ b/config/testdata/client.crt @@ -1,96 +1,32 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 3 (0x3) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus TLS CA - Validity - Not Before: Apr 5 08:10:12 2019 GMT - Not After : Mar 26 08:10:12 2059 GMT - Subject: C=US, O=Prometheus, CN=Client - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:b7:d3:b6:fc:22:5f:73:6a:32:b0:9a:43:a2:87: - cb:1f:60:8f:8e:f6:04:93:be:fc:90:37:b0:61:f8: - 1b:ba:94:b3:7e:5e:1b:51:c6:df:99:a8:e1:df:aa: - 8d:f4:12:e3:e6:75:27:0c:ae:aa:de:82:ab:a9:54: - f1:8a:81:f9:17:54:fd:e1:17:9a:d8:75:6a:99:c7: - 85:ce:29:dc:b1:6d:a6:ab:66:ea:64:02:fd:a0:b5: - 53:44:05:29:95:4a:3f:2e:ae:de:56:64:e2:55:9c: - 5e:d0:1a:68:42:00:7a:71:df:82:f9:08:23:d8:0d: - 72:41:77:91:31:2f:01:88:07:22:b1:40:db:a0:a2: - be:dd:27:1f:1e:86:65:64:18:ab:68:d3:51:96:8e: - 06:3e:b0:f6:29:95:5f:4a:c6:f0:f8:f7:28:17:61: - 0e:95:02:a8:2d:fd:5d:84:1b:f3:cc:99:3d:3f:8d: - 4b:66:33:6b:58:0c:5c:ed:3e:44:88:48:98:34:bc: - 1f:df:f7:31:e5:60:87:43:1a:39:01:8e:78:1e:90: - 08:a3:ef:b4:fd:df:11:2e:a2:ea:31:db:95:2d:5e: - 68:3a:02:9a:af:0d:51:22:07:16:66:37:90:ed:ef: - 41:c1:b1:0f:88:7e:d1:0d:11:4a:18:f2:38:6b:22: - 6c:01 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature - X509v3 Basic Constraints: - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Client Authentication - X509v3 Subject Key Identifier: - 3A:46:D1:C5:8C:42:60:AC:EF:0C:DD:4B:55:1E:F0:D7:5C:76:C3:33 - X509v3 Authority Key Identifier: - keyid:4D:02:BF:71:95:6A:AA:58:C5:9C:B8:83:67:5E:64:16:99:E1:2A:9E - - Authority Information Access: - CA Issuers - URI:http://example.com/ca/tls-ca.cer - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://example.com/ca/tls-ca.crl - - X509v3 Subject Alternative Name: - email:client@prometheus.example.com - Signature Algorithm: sha1WithRSAEncryption - 73:fc:87:f2:cf:e3:b1:df:2f:f7:bf:f9:74:dc:0b:f0:7f:95: - ef:77:ba:6a:7d:c6:c5:f3:d9:d6:c7:eb:f8:a8:30:d3:90:d5: - a5:0c:32:33:95:85:a2:05:6e:78:a7:07:a5:e0:cf:f4:65:ef: - d2:6d:86:66:2a:7f:13:78:2f:90:dd:9d:a4:34:d4:8f:df:41: - 1b:0f:17:99:99:06:2d:26:86:e2:58:3e:84:ca:13:9e:00:ca: - 82:07:63:e7:6c:df:e9:47:d6:b3:f7:51:1a:31:f4:3d:79:95: - e7:ea:bf:40:84:48:09:23:ba:31:b1:67:cd:05:50:ec:e6:0a: - d8:2b:7d:7d:73:7a:8a:5f:f7:72:28:57:9f:15:2d:b1:4e:a1: - 3c:06:53:60:6e:b2:f9:04:08:81:3a:f2:ba:5d:7e:ac:93:f7: - 3b:1a:de:07:6e:14:a2:0b:e2:28:6a:50:2d:d8:9b:3c:25:e2: - 82:6b:90:7e:45:7b:dd:3a:7a:8e:71:99:a7:e8:88:5f:06:71: - 5b:3f:18:85:70:f9:eb:c7:26:43:2b:49:8f:17:90:aa:ba:86: - 8a:52:63:83:9f:9d:5d:79:53:af:6d:1a:7e:47:0d:ea:3f:33: - 18:c0:5f:90:d0:c5:04:8b:e3:4a:45:3d:a6:8c:c3:d1:47:1c: - 45:70:a4:75 -----BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET -MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp -Y2F0ZSBBdXRob3JpdHkxGjAYBgNVBAMMEVByb21ldGhldXMgVExTIENBMCAXDTE5 -MDQwNTA4MTAxMloYDzIwNTkwMzI2MDgxMDEyWjAzMQswCQYDVQQGEwJVUzETMBEG -A1UECgwKUHJvbWV0aGV1czEPMA0GA1UEAwwGQ2xpZW50MIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAt9O2/CJfc2oysJpDoofLH2CPjvYEk778kDewYfgb -upSzfl4bUcbfmajh36qN9BLj5nUnDK6q3oKrqVTxioH5F1T94Rea2HVqmceFzinc -sW2mq2bqZAL9oLVTRAUplUo/Lq7eVmTiVZxe0BpoQgB6cd+C+Qgj2A1yQXeRMS8B -iAcisUDboKK+3ScfHoZlZBiraNNRlo4GPrD2KZVfSsbw+PcoF2EOlQKoLf1dhBvz -zJk9P41LZjNrWAxc7T5EiEiYNLwf3/cx5WCHQxo5AY54HpAIo++0/d8RLqLqMduV -LV5oOgKarw1RIgcWZjeQ7e9BwbEPiH7RDRFKGPI4ayJsAQIDAQABo4IBDzCCAQsw -DgYDVR0PAQH/BAQDAgeAMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIw -HQYDVR0OBBYEFDpG0cWMQmCs7wzdS1Ue8NdcdsMzMB8GA1UdIwQYMBaAFE0Cv3GV -aqpYxZy4g2deZBaZ4SqeMDwGCCsGAQUFBwEBBDAwLjAsBggrBgEFBQcwAoYgaHR0 -cDovL2V4YW1wbGUuY29tL2NhL3Rscy1jYS5jZXIwMQYDVR0fBCowKDAmoCSgIoYg -aHR0cDovL2V4YW1wbGUuY29tL2NhL3Rscy1jYS5jcmwwKAYDVR0RBCEwH4EdY2xp -ZW50QHByb21ldGhldXMuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQEFBQADggEBAHP8 -h/LP47HfL/e/+XTcC/B/le93ump9xsXz2dbH6/ioMNOQ1aUMMjOVhaIFbninB6Xg -z/Rl79JthmYqfxN4L5DdnaQ01I/fQRsPF5mZBi0mhuJYPoTKE54AyoIHY+ds3+lH -1rP3URox9D15lefqv0CESAkjujGxZ80FUOzmCtgrfX1zeopf93IoV58VLbFOoTwG -U2BusvkECIE68rpdfqyT9zsa3gduFKIL4ihqUC3Ymzwl4oJrkH5Fe906eo5xmafo -iF8GcVs/GIVw+evHJkMrSY8XkKq6hopSY4OfnV15U69tGn5HDeo/MxjAX5DQxQSL -40pFPaaMw9FHHEVwpHU= +MIIFgjCCA2qgAwIBAgIRAMMSh5NoexSCjSvDRf1fpgQwDQYJKoZIhvcNAQELBQAw +aTELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy +b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRowGAYDVQQDExFQcm9tZXRo +ZXVzIFRMUyBDQTAgFw0yMjA3MDgwOTE1MDhaGA8yMDcyMDYyNTA5MTUwOFowNjEL +MAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxEjAQBgNVBAMTCWxvY2Fs +aG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKE5sMf63irOiAEo +a5GMONLHDji9ATAVs1erm6NW/17UPOSjN1Q1n6JGTp2XLKb5gle7gdGdjXW9IB6n +PhXwQp4ZvTaucMxcZ+Zik19tn+azKdfj/FXU0c9R5oEv4B/1jfKG258dQF5es/Ga +A2WW3nWA6IwQkHcBcN7cBQCZZ1GcM81rxybuyU4k/FyMheehcJ5MN8iy0Y0YrMcZ +KxmRfAR/EfVYjenWXjZNncsUXotQr5I4wBUJ/pj5pYQWpSuyO6oADX1EzcxuL6bO +XoEHfGFqmr90lM/x19bHzllu1UxIwqmT8jW3Je89EhlBxb0htNWNg4hKY7658Khq +L0tx0AsdIru/JuoQGXrDs4yf+3xL51zSeMr6jewl6AyGQKCc5E+c/zwklCdsVFw7 +zapbT6Hok5HjSoMnRi/EGLtd33CQjvgGooPA4LLzWpbZhoA7QZLBXhvAG3qIkTXr +1SaDQcP6GvYItEo3Yvqle7hWqhJB5E7QJ2+0j0ztbOLZBkuQGmiT4Ebsx5IJrRaT +jDCkqYzuHjdTAtwDQR6Tuy2Sc+AuAxI4kDH6EwpX5X7E2mkE2RyYusiu6o400K6F +QhRysPf1BXxSwQgcvsQTjcl8InyY/JT+7q7TCOLaXoj5rQDwIQdao0IRgr1+M7FQ +5rsuLRD92EI/vLfSikk3MxcwZ1qzAgMBAAGjVjBUMA4GA1UdDwEB/wQEAwIFIDAT +BgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFMaa +Hh5g0+YopeLd1IkizXyK9K/zMA0GCSqGSIb3DQEBCwUAA4ICAQA1qIgzzSid9YZS +v3kfqaDmZ3ickDuoJg4DjOz4AoZF+o2SnS/kXrIs/pTABUcfhgxt6xNJUFPIi2Pa +IQXkS24Ya85RJxNUrJmqwhavONoxNoC9RBdNqwQy30DxrBcB+881Y/Ln3VQu6mfj +aLFk09LFddz3Uc26spc257GkWfvdKjki5xDiFYze8KO0s+J/OWluNOiBG1Pehj+c +CkwPzy9lwX0JCbAhsDkJGSY4rh+MO/bg9RemuqCPrmOIH8laBnJFvMTZyZRUTQlB +pAcS8Oa6Bth5DUV7XSwWD6ZOe8Jo5BzJmw5hd5/EA+0+LwZqxmB9d7lGMKgEOMJw +rIQZCN5PlYYkp31y190rw5XklHMeUJUNzcZKa/tNhjwmU5Pj01gdS5/AnFqO3zRW +w3jUI6GR7rqj8g4P/kigIUyuX1Our6K27HUWVmt/SC+DHrhF+J7xet0q3R+UwUx1 +4wTzXnA1++s19G9wzo/HenCOTvU2bprl/WQ66/lICU+xxwHfs6kltY3SItvczqOf ++iZrmDn/0jmoarkhaND0EpiG6FbsNWsCprPP1uj0ICqvcBD7VfqT4NWY8QWcoqqr +JxiOAuuh0iNj8dmax3suNmd+XKIhVHZ3lRBRxrsqqi67axk3mgQby2j9sLxNmrqD +Lc+UGxJB/WZg4NvzZSaj2MZmt4zOHQ== -----END CERTIFICATE----- diff --git a/config/testdata/client.key b/config/testdata/client.key new file mode 100644 index 00000000..9c768235 --- /dev/null +++ b/config/testdata/client.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQChObDH+t4qzogB +KGuRjDjSxw44vQEwFbNXq5ujVv9e1DzkozdUNZ+iRk6dlyym+YJXu4HRnY11vSAe +pz4V8EKeGb02rnDMXGfmYpNfbZ/msynX4/xV1NHPUeaBL+Af9Y3yhtufHUBeXrPx +mgNllt51gOiMEJB3AXDe3AUAmWdRnDPNa8cm7slOJPxcjIXnoXCeTDfIstGNGKzH +GSsZkXwEfxH1WI3p1l42TZ3LFF6LUK+SOMAVCf6Y+aWEFqUrsjuqAA19RM3Mbi+m +zl6BB3xhapq/dJTP8dfWx85ZbtVMSMKpk/I1tyXvPRIZQcW9IbTVjYOISmO+ufCo +ai9LcdALHSK7vybqEBl6w7OMn/t8S+dc0njK+o3sJegMhkCgnORPnP88JJQnbFRc +O82qW0+h6JOR40qDJ0YvxBi7Xd9wkI74BqKDwOCy81qW2YaAO0GSwV4bwBt6iJE1 +69Umg0HD+hr2CLRKN2L6pXu4VqoSQeRO0CdvtI9M7Wzi2QZLkBpok+BG7MeSCa0W +k4wwpKmM7h43UwLcA0Eek7stknPgLgMSOJAx+hMKV+V+xNppBNkcmLrIruqONNCu +hUIUcrD39QV8UsEIHL7EE43JfCJ8mPyU/u6u0wji2l6I+a0A8CEHWqNCEYK9fjOx +UOa7Li0Q/dhCP7y30opJNzMXMGdaswIDAQABAoICAHKXAmLgl09tg5TvGaVVOH33 +JNCG5XU7t0A0pGYvy0mnJ7CJoSWlB1TbC71OWVpENLQOfXJyvLxWM6IV1DbbkT21 +pZpb2agmdWJ15bEJxYC/Dpp3XD3VCVqFJ4PidzW/3afm2en5bGqmfNbXVFq8JFj3 +ylDi5QrwZzy+vH90iM6kat0yIVY2mbWE7CkLZ5D+WYDpQyzOi8nxI7xO0ydVFARO +HIF480SkLEoEWIaib6AtNNyEoWFSvTYVGeMMBVFNWMK3Tt8eK/eEyTGRs/GZVHoY +vuwc/Dff+Dybvrop4Ehb3p+Qm7I5/ihQC7EP4m9Oqayu7DHOTZ6docLR1dOVjPt4 +F0qkeMGaGTDnfGmocqaKskGmhNWEnav5+aaYtFRXEqkLW53lIaGcWv2kyaFfvCYg +L810FEn9D5OVmlLjgUrzeEctFmhO2Br33dLl90imtuVI3Kg/qzsM9fiV0KbsONzq +I7aIvZZjXrevCOFtNSTfxNT8PrkyjWYN+2sbLWCR7hRvuzSTHI/qh2TzvyhqKeWc +ZPVlIT2qvBN5OP+j42J54VXwJNIwUmbKfnETvHMp3Cht/UaEtj/vzAkYB0paEQUs +O80vWwN4zk6H/qRV0HewUoNIGYlnTFLg/uOlLwbkctYH9ubEaobtVtwx6hsZ12AM +m7N27FsiAf6KJOGN2CqhAoIBAQDBuQgDxtf3XaoUc8YJKnvGRFMmuq8VWIELF2E1 +/u+IWP8f89BoUon7J5VMHvKiuvsVa6bOJpENrp/fV9+5IA7a925U7il8LmGis+v7 +Sg5pWMJ6gUXq65jssXw0PPDyHEHL0WTwI6KlcI0+Pt8zPujq0TPeHBOadlaPHdg2 +lHEWPvuoAeZknLnYWF7Eq0y3cD2LBiFiZWNRO0wccFf7CA1O5ToUDkFB0zXB5ZOJ +RgVSUQ5Gnva2OSB+dfFc3HwOADqjnBW+nMDi/ofH2rQEysEp4iTV4N+HkWxpNUPU +9Z3KRUN645P1BK9ufwNnqsagJU8gKNR9EJKITiPU3jqKi/IvAoIBAQDVDjDi574a +btsUQcUcip2na+D5jRts+/5lugA5OT6GzIRyYP8WgH7JMbwC91cB3avV08y5SHMB +P1wo04qaBL+p1by19ewZ6f4Kfytoad7ZGb/P9tX8H30N8Q/k9kucn4igpJ6XaQXU +tJIKWoBsNuUTZkPwa0+FMBBbRFRagu+mbOwnKR6zNIXNh18K7/LCJSb9jy73xG7k +DEuRJH10Ow0Ijo4/UACm0CLdavtVtbkGfarETfZSUPuKMHs6dyAME94+IG3WgmWW +B1WbtrWXw6RNhaecYDfjeW3iFOjgo+MpaQpnfiz7nqNrUu5zbteJYM2EdHI1baJ+ +/VXsXsc4hdK9AoIBAEyWkJqdpIiBmVpYozTAfQrXvGAVcl7oDKyL47zrO1wWg1bo +l76G01JeReJAYgEAF4BSfTIHgVV9cmtkXGjeScE8DXy6Y+BanfMrWuKQVr5Dfy/b +p/7GgkEhsk8cwM2XalPgRx3BmO37X3v6c1fZSVB8wRrQ0tdAbdxLGk4JxePbpra3 +eZTReZAU7/KlHsFvOIWcONqj5u4YmXCs4bu3ZTuJ2LpRIG+bxycPUpL1AemXbiNx +eWx1jWkxy+jAqrMGWCiS7u3bH08e/iN/TaiPWGrso0+Dhhwc3FWD33t0V5u+Yn1V +OAuofIsc4AW+OKTb2zqFqex//s6wxe3EpjRcO7UCggEAXVL5APtn3yY92pKwp77k +LejoRAeWQtfi6GZgILC9fchqH7vzIMUqRDD/3QDA4PVbhq9e1q4wihRZ5xw6cxqv +ZdJU9hOB1xwTBkAMIJF3ZvuLdKn3s5eLbKbyQmXMWw/ahht1yHbdcf2iltxrsnsd +PrEmA1LOI1YZZBD7LiZ6mRjPHJw7cV4JWiz46c6PNJGXkau9dBRcSpJEK5CjT11q +aRwgnQULNAaprvlknHecU4aKXbCUvBvzAuYXpFV3+TJewDHuSu8VVnFiA3I1+wNc +ngR0ld/ju0V+Z3CnTXccUxBK2WiAhbtIdAOApZmg2fFINMPZHyQl8KBBmecuNskP +tQKCAQALxoCzLhdq6Kl/mqqdPTlvncIuAoaH2VjEc5ZpMIHShPd1YfPv5/sQkD4B +8X7QNLPITaSGvNTevyg/KtVPuWyyCxEjmIXDXOCXkylmJFY9tgaaSGPLRJ62sIbz +EJGmUUOBYD+/ybV+dQd3GgkGJ0Hytp+FM8NCWukCFRAxb1m56xfs+RTBuLdJpou7 +AV+RafQV1roAQ+Pj3dFsoR6jBJIM4w0S5Q6609W062hrR6hBrlVBGfZpo/Mgmv5K +HEnQ7X+AqPaK7BLdzBQb2Qd6hGF8DMVTSBRlc/THnhK/HlVCuWMNuEliGtmIuGYE +0FRrwC2EvZmAS7m/FHfkpry76CRU +-----END PRIVATE KEY----- diff --git a/config/testdata/self-signed-client.crt b/config/testdata/self-signed-client.crt index fe2973ab..a0a5cdc6 100644 --- a/config/testdata/self-signed-client.crt +++ b/config/testdata/self-signed-client.crt @@ -1,121 +1,30 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 0e:47:ce:db:33:a0:10:93:9b:b1:ac:66:7c:16:2d:89:d0:b7:ea:1d - Signature Algorithm: sha256WithRSAEncryption - Issuer: C = US, ST = Denial, L = Springfield, O = Dis, CN = www.example.com - Validity - Not Before: Mar 1 16:51:42 2019 GMT - Not After : Jul 17 16:51:42 2046 GMT - Subject: C = US, ST = Denial, L = Springfield, O = Dis, CN = www.example.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (4096 bit) - Modulus: - 00:ce:c6:ab:fd:9c:d2:da:55:f9:3d:5f:c0:0d:1a: - a6:1c:d1:7f:01:f4:0d:9c:ce:85:8b:01:8f:06:73: - 0a:b6:92:e1:6e:63:7d:e4:83:ca:c0:11:67:70:d9: - 89:0c:a9:62:0a:c3:cc:00:53:6f:b6:1b:0b:e1:eb: - 62:00:e8:ed:14:16:c6:29:45:0c:ee:25:40:21:10: - c2:3d:9a:3b:5c:27:54:bb:e4:9c:f6:e3:b4:dc:f1: - 0e:ba:c5:6f:60:94:45:b8:8d:f6:a4:1a:b4:fa:82: - 7b:5a:55:a6:11:c1:d4:e6:41:dc:c7:41:8e:db:46: - 6b:a2:0a:c1:13:96:47:12:4b:27:2e:d5:45:d4:51: - c9:b6:28:f8:0d:24:44:42:12:b8:b4:cd:ab:4a:67: - ba:8c:ff:34:92:38:b4:e5:4a:53:fe:33:72:55:df: - 27:d9:70:0f:47:cc:7c:d5:b2:52:bf:80:c0:a7:15: - b0:25:c8:d9:a1:41:e2:ee:e9:f5:0f:9f:27:ea:7c: - dc:ec:19:48:73:74:48:47:13:59:ea:89:e0:61:50: - 08:95:fc:32:9d:73:21:8e:b2:75:95:41:62:0c:61: - c7:b9:59:e2:51:a2:4f:bd:74:1b:0d:26:3c:c8:a6: - 1a:cb:db:10:cc:33:dd:2a:0b:38:55:60:85:f8:25: - 74:1f:0d:26:4e:db:2d:03:12:d5:85:00:cf:51:01: - 95:94:c8:85:cc:0e:5a:05:aa:3e:7a:34:e2:17:8b: - 3b:c5:21:a2:da:56:0a:ed:de:6c:2c:40:10:85:25: - 5d:df:39:e9:45:0e:10:82:bf:34:5c:64:52:35:4b: - aa:1a:56:37:ab:1f:7f:b5:07:5f:8a:22:45:4d:96: - 21:6c:a2:eb:47:39:bf:38:de:b5:4c:99:af:bf:de: - f8:7c:54:8b:40:2e:1f:80:1b:97:6a:fe:2c:05:6a: - 1b:9c:cb:a1:1c:f9:9e:36:ef:d9:a2:1d:d4:61:d0: - 6d:d1:b6:00:f8:e7:7f:74:f8:c0:81:95:7d:68:dc: - f3:93:7d:49:33:99:15:d5:49:d6:6d:69:82:c1:9f: - f2:3e:c2:db:0b:b1:e6:7c:e5:98:f4:9f:01:7d:57: - ac:36:78:15:a9:54:6f:e6:3e:52:54:68:a3:bc:8f: - 99:3f:02:02:1f:d2:21:b1:39:70:61:4c:2f:71:e5: - 27:d3:d0:75:46:d7:5e:78:ee:82:a5:bd:6d:12:2d: - 0b:40:92:61:c0:9e:8c:71:be:d1:bb:4f:23:fe:4e: - f2:79:a0:bd:60:f8:62:e4:9a:5b:1d:e0:a7:99:bd: - 32:b2:29:7b:ca:8c:6b:1a:80:c8:6f:b3:aa:a0:9e: - 1b:03:ab - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - D3:CB:AC:FB:69:9C:D3:14:67:44:9F:FA:0F:B9:02:60:64:95:4E:17 - X509v3 Authority Key Identifier: - keyid:D3:CB:AC:FB:69:9C:D3:14:67:44:9F:FA:0F:B9:02:60:64:95:4E:17 - - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: sha256WithRSAEncryption - 57:d6:69:ed:9e:05:ea:4d:64:3b:88:98:26:6c:00:6e:e7:b7: - cb:ff:48:a2:c1:50:03:39:28:46:94:c0:19:7d:ff:10:7b:11: - 6e:88:6d:fe:d8:62:3a:ce:28:33:64:86:85:0f:9f:bf:13:23: - 48:11:b0:86:fa:7a:1d:6b:8a:e7:8c:76:fb:1b:a8:a9:d5:b3: - b8:f0:b4:08:27:a4:91:14:1a:e3:1c:11:83:39:2c:20:f1:19: - 21:35:9e:af:69:eb:52:ec:eb:c8:63:e2:bd:76:46:c5:4b:0c: - c2:f7:b9:c3:2a:db:31:4a:b9:ea:a5:04:c4:e7:b6:cf:fc:7c: - 8b:8a:88:39:ad:f9:06:e1:c6:63:47:6c:47:5c:e9:0b:24:b5: - c1:eb:5d:67:ee:07:ac:42:5b:d4:cb:00:eb:ec:c5:2f:3a:d0: - 76:f1:2a:9c:b9:44:3e:ed:71:40:02:4d:68:b5:b4:09:de:4d: - ba:1c:87:86:2d:3c:b7:2c:e5:87:aa:ff:e2:5e:ad:0b:8c:bb: - 39:9a:13:26:e3:c4:34:00:48:06:14:8f:ec:4b:cb:e7:be:80: - bd:c7:6c:b0:75:88:4e:cd:b7:b1:7e:bf:92:85:c7:a0:45:4f: - 73:ba:a7:27:86:8f:12:cd:35:f7:8c:34:3f:66:1a:7f:53:1d: - 21:8c:90:22:ff:e7:d9:95:aa:15:c2:28:d0:c5:9b:6c:61:e9: - 15:ff:63:9f:8e:d8:b4:a2:d5:06:38:1a:cc:5f:89:2a:23:70: - a3:32:22:cd:00:20:c7:65:60:17:5e:8a:cc:dc:96:08:38:a5: - 7d:65:46:79:79:02:11:04:4b:86:9d:f3:b3:2c:c6:2d:18:b4: - 31:e1:86:aa:4c:0c:93:c3:fb:7a:5a:63:c2:6f:68:d3:86:2c: - 6d:cd:ab:6d:41:d2:36:32:c1:52:25:d0:68:bc:ac:ca:f3:41: - f6:5a:46:83:15:bd:e6:aa:3b:dc:6b:44:1f:6c:02:e9:ed:b5: - 91:28:8d:af:6f:27:1b:71:83:61:a8:8e:15:36:01:92:42:32: - 61:62:43:04:31:f7:f3:f3:c9:c0:93:19:c9:dd:4d:51:3b:64: - 3b:06:90:4f:93:22:15:6e:8b:5f:2e:4e:11:a7:b9:a3:f2:fe: - 45:c9:ea:4b:58:57:95:b3:77:29:9f:7d:bc:1d:a2:3d:5a:38: - b3:72:b2:c7:8b:12:a9:39:4f:4f:2e:bb:7e:ce:91:bb:82:c0: - 67:37:79:f6:9c:75:3b:39:6c:82:ac:6a:06:09:70:99:10:76: - a4:38:46:50:7d:8e:d0:24:fb:dd:32:8f:40:00:d9:d1:50:20: - 69:bd:86:b9:9e:89:23:60 -----BEGIN CERTIFICATE----- -MIIFmTCCA4GgAwIBAgIUDkfO2zOgEJObsaxmfBYtidC36h0wDQYJKoZIhvcNAQEL -BQAwXDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwLU3By -aW5nZmllbGQxDDAKBgNVBAoMA0RpczEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29t -MB4XDTE5MDMwMTE2NTE0MloXDTQ2MDcxNzE2NTE0MlowXDELMAkGA1UEBhMCVVMx -DzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwLU3ByaW5nZmllbGQxDDAKBgNVBAoM -A0RpczEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEAzsar/ZzS2lX5PV/ADRqmHNF/AfQNnM6FiwGPBnMKtpLh -bmN95IPKwBFncNmJDKliCsPMAFNvthsL4etiAOjtFBbGKUUM7iVAIRDCPZo7XCdU -u+Sc9uO03PEOusVvYJRFuI32pBq0+oJ7WlWmEcHU5kHcx0GO20ZrogrBE5ZHEksn -LtVF1FHJtij4DSREQhK4tM2rSme6jP80kji05UpT/jNyVd8n2XAPR8x81bJSv4DA -pxWwJcjZoUHi7un1D58n6nzc7BlIc3RIRxNZ6ongYVAIlfwynXMhjrJ1lUFiDGHH -uVniUaJPvXQbDSY8yKYay9sQzDPdKgs4VWCF+CV0Hw0mTtstAxLVhQDPUQGVlMiF -zA5aBao+ejTiF4s7xSGi2lYK7d5sLEAQhSVd3znpRQ4Qgr80XGRSNUuqGlY3qx9/ -tQdfiiJFTZYhbKLrRzm/ON61TJmvv974fFSLQC4fgBuXav4sBWobnMuhHPmeNu/Z -oh3UYdBt0bYA+Od/dPjAgZV9aNzzk31JM5kV1UnWbWmCwZ/yPsLbC7HmfOWY9J8B -fVesNngVqVRv5j5SVGijvI+ZPwICH9IhsTlwYUwvceUn09B1RtdeeO6Cpb1tEi0L -QJJhwJ6Mcb7Ru08j/k7yeaC9YPhi5JpbHeCnmb0ysil7yoxrGoDIb7OqoJ4bA6sC -AwEAAaNTMFEwHQYDVR0OBBYEFNPLrPtpnNMUZ0Sf+g+5AmBklU4XMB8GA1UdIwQY -MBaAFNPLrPtpnNMUZ0Sf+g+5AmBklU4XMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggIBAFfWae2eBepNZDuImCZsAG7nt8v/SKLBUAM5KEaUwBl9/xB7 -EW6Ibf7YYjrOKDNkhoUPn78TI0gRsIb6eh1riueMdvsbqKnVs7jwtAgnpJEUGuMc -EYM5LCDxGSE1nq9p61Ls68hj4r12RsVLDML3ucMq2zFKueqlBMTnts/8fIuKiDmt -+QbhxmNHbEdc6QsktcHrXWfuB6xCW9TLAOvsxS860HbxKpy5RD7tcUACTWi1tAne -Tboch4YtPLcs5Yeq/+JerQuMuzmaEybjxDQASAYUj+xLy+e+gL3HbLB1iE7Nt7F+ -v5KFx6BFT3O6pyeGjxLNNfeMND9mGn9THSGMkCL/59mVqhXCKNDFm2xh6RX/Y5+O -2LSi1QY4GsxfiSojcKMyIs0AIMdlYBdeiszclgg4pX1lRnl5AhEES4ad87Msxi0Y -tDHhhqpMDJPD+3paY8JvaNOGLG3Nq21B0jYywVIl0Gi8rMrzQfZaRoMVveaqO9xr -RB9sAunttZEoja9vJxtxg2GojhU2AZJCMmFiQwQx9/PzycCTGcndTVE7ZDsGkE+T -IhVui18uThGnuaPy/kXJ6ktYV5Wzdymffbwdoj1aOLNysseLEqk5T08uu37OkbuC -wGc3efacdTs5bIKsagYJcJkQdqQ4RlB9jtAk+90yj0AA2dFQIGm9hrmeiSNg +MIIFLjCCAxagAwIBAgIRAMMSh5NoexSCjSvDRf1fpgUwDQYJKoZIhvcNAQELBQAw +NjELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxEjAQBgNVBAMTCWxv +Y2FsaG9zdDAgFw0yMjA3MDgwOTE1MDlaGA8yMDcyMDYyNTA5MTUwOVowNjELMAkG +A1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxEjAQBgNVBAMTCWxvY2FsaG9z +dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALtrXxnHr7eUM7Xh7awY +LwompmuznbTa/8+OsihSaelUN6RDsAdm7eOMA7KMqZB5NOfeDqEqMIUoaoQ1gzIm +0BJ4dCgi99SnA8b0MjAGqUpRJ3gLLSXsPa5647gxUSP5zQ0hWMMgGaw4rJ9LDOtU +z2S8dtqKTHrXl34mpdsLrZyLXwyz8UJ83Jq2Ngx4cApZrbs+g1XlMRV8Vh89Z2bk +bbKmDYmIOhTeE1wLdrZ/XecEOvkGZcj3bWiO/yTnP8mTER2hTvSxUrpyHn/55LkU +8PR6wCO7hntZ9LLWxg85XTRdWL7cIyjgJgfL9+hVQQyNEjWC2+LTq1QExqa+IxoH +iL4xX/1y+6o1W5XKLf/uplgaWuSK+mjQeqc387DwYbj61QWOjCoaJA1wl6RHuGGV +6ygpdAO1l8o+2U8nuULHW5lx+1BtMG5ytAXy9dWPercs5L8gh1IRNCVXWKsQCCWg +iG67nErFV5iRFLuAIX7ixLKJ5MGp/fVKUI9V1EViM2GUU46PVAPhhlZ1qcygjbZ5 +CelBnQ/XvGof5b4zm4eEgCc0ZkqsQDeS5jPjTtES8/y5WEKqbyijmvx2P40nuO/d +aTxNretMwaptWzu+WXHih0WG2Sq85m41070xsIMEwlqSfdiOOPdax6393NJgkdM7 +5NKC3+pzcHK1S1+x/Guawv0NAgMBAAGjNTAzMA4GA1UdDwEB/wQEAwIFIDATBgNV +HSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IC +AQBTLnU8jFCmYpPUBOqj/xzBqokiQK92axG/h/3JgB7fFSLzUCV3NtvwBVCU28rA +wHwBYPjmGhi1vyHha/hb6V2WMPt0jhMRpNxCf16dAMoyIoWNas88vU2Mef90Chfj +8e6wLtzqAquX/ruwIfsOMnbcSGuh+y54DspCXgsTZ9cnCI2lnQroXZi4WUqi3Enj +mFPpVc+mMlffGW6LISo3ehRLA7k3/01yJhqzpTQw44k9ZfJ7VXZTRJKJsaqeljzV +VfzDbDfW8ftbZ8IWQGAOQfTa23aHIYcvJfvyxpfQRyrwRxjGytLHoOH/G+1TZuOt +KBJ2Xdi9qrr+Wep4eNJm2cTBd1Fpr0hWZ9K27BwwYdZZF8Eu8eP8hSeRmA4PqzAj +HauCl8PgWJIWzMloXVZaGxiYX7sGVs79m/Yl9A6+p8RTpK7DVB9+sDIiD2bhiZqL +i9YWM8aD2cR20t2ZkuBBPlVTOouF/WotOWrLhT4J+SngkdmLkAjP/5jPFvpTfeGi +THyAmp4gigwaM0nIZskPcPCbkk+zFYPToyS49ZJwQMzqK2hkjyQ9LyzUdo9vlDjL +8lFjlUZzqaR0DF3pbf8fs5/16gPurR65SU/ebOs+uxZLYJrP2zKmeISE+q4AMudc +rQ0Z6KmGUiXnIvpB105UJ7jlXCxbsruc8gRTbjkgW7yoXg== -----END CERTIFICATE----- diff --git a/config/testdata/self-signed-client.key b/config/testdata/self-signed-client.key index f7089513..4e4b2c2e 100644 --- a/config/testdata/self-signed-client.key +++ b/config/testdata/self-signed-client.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJRQIBADANBgkqhkiG9w0BAQEFAASCCS8wggkrAgEAAoICAQDOxqv9nNLaVfk9 -X8ANGqYc0X8B9A2czoWLAY8Gcwq2kuFuY33kg8rAEWdw2YkMqWIKw8wAU2+2Gwvh -62IA6O0UFsYpRQzuJUAhEMI9mjtcJ1S75Jz247Tc8Q66xW9glEW4jfakGrT6gnta -VaYRwdTmQdzHQY7bRmuiCsETlkcSSycu1UXUUcm2KPgNJERCEri0zatKZ7qM/zSS -OLTlSlP+M3JV3yfZcA9HzHzVslK/gMCnFbAlyNmhQeLu6fUPnyfqfNzsGUhzdEhH -E1nqieBhUAiV/DKdcyGOsnWVQWIMYce5WeJRok+9dBsNJjzIphrL2xDMM90qCzhV -YIX4JXQfDSZO2y0DEtWFAM9RAZWUyIXMDloFqj56NOIXizvFIaLaVgrt3mwsQBCF -JV3fOelFDhCCvzRcZFI1S6oaVjerH3+1B1+KIkVNliFsoutHOb843rVMma+/3vh8 -VItALh+AG5dq/iwFahucy6Ec+Z4279miHdRh0G3RtgD45390+MCBlX1o3POTfUkz -mRXVSdZtaYLBn/I+wtsLseZ85Zj0nwF9V6w2eBWpVG/mPlJUaKO8j5k/AgIf0iGx -OXBhTC9x5SfT0HVG11547oKlvW0SLQtAkmHAnoxxvtG7TyP+TvJ5oL1g+GLkmlsd -4KeZvTKyKXvKjGsagMhvs6qgnhsDqwIDAQABAoICAQCJTCnPkF4BU6zXL8jZ6qP5 -5rEqnt6bDBZoInTRl3m5mPXO0ok5PrlVpzjEGe2CVsYe17uRS9WVWYgeTqkYaZFi -EW0q4gqf5mQakIIpXUuk+QiuajI/TRs+yWE6avZ1bn6M+NaYSJN680DszooiqE2x -RnJObB1rQ+scAYAKfXJbl0NBOaPQQy5oofNy5m3cYYn7o8Tk9tNL4/kITlbvGNeE -pqx4kGBpZJsA1areSjXfqqJBT4lSzXaUOKdydC6gXNGoRZh7vJ36629ConrF3R77 -/qR00qzZFyVlFuI0ZOGxzwtK63/3LIs+BOYhaQ5bPM/2JFOXA6kKzcBuEFVkW5oq -APoST7hk1mVdMKDigaT5pmuB8JB9RC0w/oR3OXONImKYPf3fBUSU1hw6YyVZFA6c -6SKik3g/sWl0BZvqCJgU3v3qTLhVPXtiDj97g9pWdyfJBduE8Ft89OHljNbY2HBd -hyW+/XSjodWW1CRr4v1DNXjg880VOWzueptROviEwFkpxi6oKFBXWegWMW5kR03d -21XlzrB20XckTjK5c8jQ5lQG49CnX8MyYMfj6f0HNCbIghbKfMvO7fWY1sD7wAlL -DlLr5MLxal9Wm0Jx56DQ6ZgnSCU0ms2L0RT9IVESGWC1am9/FjMvmK+zdvS3uFgb -HzwxN+7XD+4klO7H2GQFIQKCAQEA/pKzCLvJLyX8/bu4U5J9Ndf/V1N8YW++IOdl -MZZw/QPZPJhg23Iw/9kGOPL0W1BqxFwaC6UWuR9YXLS+/GfGUlaeLbeGvMs3w3FH -W9RjCwLMnBu2JwUqJqSqc9dkQor0up8sa7sYOPqOrHupIFBxx/tV5o24BJ0xz2RH -eN8VdT/XejW2CY4UX9LGk0l8iPySGRx5d9MACrHwqmCMhTqiWAob7r3D+DQxqd4r -4q/lZ8ItKTzvrebHotBQcdMeIqIlQWG/chVKynxtB04zNOXwwtSxOKPsN1EysBsC -vklZ3FeYFipHKsmKX/COWDjnyKmG/iRVjZ/O5vZ0rsQl8iujbwKCAQEAz+9i0Wod -xrqX9Gd30JVANy5rz74wfvBy03J2T1KZmMxPhtVUloWU93952CiUpD2Xb6nwa00V -LxYfXlt2YrfV+2I3YP6TC8VXiX7uQ8i6tg2JAY40mrbuYoO3P1gfgdJ909TjLhrL -aNg+nCyJDePdeKbX0yMf4ukHBNbvSH65fkp1cl4uU1Wvb4tGNcyYcX1q953JP1ue -PwgysbuXz/chpHmw8pH/GSZ5FAxGvHwkBmA0BYhDcpETFfKfm2NEDO5xa/4GTHNi -o+d5/fotJmihY5IpyVlSai8Kox9mYUin6ntbFkCvK+x6m7859N1lPG0BJVJTD+Cx -AXI6QQDyl+kVhQKCAQEAxXfd0GR5xkzdVaSLcqgq391Qf9iOnrYi8TsMz842jsyx -ccNxPkfxokQiA4LR8RML/ozC102Ttr2NuTuq+fc1ayEtSaEWrtOjycLQ63Zv7Vaa -iG0melYTQC5y2bC2YLeQ5kIaHubd/zS7/yddJWfBGrLnCxPbLhkRTiInHqdM6co/ -xthrADZpr3q79fwG0eu5GClyP3Q4kBM+76o81guJamlNCX/Bx4IVFAL2X7y5YibJ -CTfvYyGksbKM8/4jXhIQfArqif/iJ/ckS4ppRhsnCroZTio5TR97BgettRUI01ZO -7sKUuafj4k+i2uQpRwnZYMGma1kPETETiY01MgiPmQKCAQEAyQcnAk8VeovrXN6r -d3zUGIVItg+p0w+j88k1mHrDBHaCbFjS7rM20hDsO48AJclmHw6s4RAk6uD4csD6 -M3aH6gGKiLuWbkrb1pJgyCfIWzm6u0ZAlVNGJPgysYsA6wIVpDatbGV7QmHOJi7o -UgV6mKq0/et3aGjh4EvsCqp5qx9RbMChCPBOLAj6WAj1WMNoJvzlE9v/ofDLEgnL -O8QxQlJkQB/mAOqxJDC6Mn/SVFet86tJifm3+gAXTqMpp1bfUQjGDiN/ufaQenrk -K738SceFnqQ8iWvxXMN+t48GyCt6ZIkk0dJOt0SpQ5LHzSOVd/+fTjps5nkI2M+R -ukweAQKCAQEA3dmHRAqs0gjvJ2gthayT0G7s8s6oObxfKYpRLw8Q8s+JxwZRVr0O -aTt1kYn2eXIdO12zLBspRiX+1tmbpD3hEoO+NPplvNsfwzbPtDYofYT1bD8J19JV -seFbdHlxNGBHaesjNLIsbTRPokATLtvhyQFNhS2SBV4OLiu3GzfSgGBMaPoSDnNN -+OHZ/0aunQkpOF90/LzFrhMYttXhkMSgXGyg4kZkg93HLVGOvz3/WIcaEh8Merqc -+pzLRW+nhJin0lDW8RfvAPOZlL6nTTUWZc6cr2yyJFxzw4AqvGhvCnD5Px9mPNpP -XM9QqgBE9ayYiJyup/gvGszbv/43ZOuHPg== +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC7a18Zx6+3lDO1 +4e2sGC8KJqZrs5202v/PjrIoUmnpVDekQ7AHZu3jjAOyjKmQeTTn3g6hKjCFKGqE +NYMyJtASeHQoIvfUpwPG9DIwBqlKUSd4Cy0l7D2ueuO4MVEj+c0NIVjDIBmsOKyf +SwzrVM9kvHbaikx615d+JqXbC62ci18Ms/FCfNyatjYMeHAKWa27PoNV5TEVfFYf +PWdm5G2ypg2JiDoU3hNcC3a2f13nBDr5BmXI921ojv8k5z/JkxEdoU70sVK6ch5/ ++eS5FPD0esAju4Z7WfSy1sYPOV00XVi+3CMo4CYHy/foVUEMjRI1gtvi06tUBMam +viMaB4i+MV/9cvuqNVuVyi3/7qZYGlrkivpo0HqnN/Ow8GG4+tUFjowqGiQNcJek +R7hhlesoKXQDtZfKPtlPJ7lCx1uZcftQbTBucrQF8vXVj3q3LOS/IIdSETQlV1ir +EAgloIhuu5xKxVeYkRS7gCF+4sSyieTBqf31SlCPVdRFYjNhlFOOj1QD4YZWdanM +oI22eQnpQZ0P17xqH+W+M5uHhIAnNGZKrEA3kuYz407REvP8uVhCqm8oo5r8dj+N +J7jv3Wk8Ta3rTMGqbVs7vllx4odFhtkqvOZuNdO9MbCDBMJakn3Yjjj3Wset/dzS +YJHTO+TSgt/qc3BytUtfsfxrmsL9DQIDAQABAoICAAyGlIiIi/nc8cfKHbROuXYY +Ny8jhfq8WDRq+QUw3Ns3QbC8xVr5ShTXGrgoJnz9XMfSU2/5/dwoY1YKrYYAig9x +9XFpRN71eo8lauVCzLWmzth7Br1uGIE8vVNmGGIrI8Uo4WHJF24nK4JJ5cckl+fH +oLniXFIpbnqD4rnNAgFgXy3eKNWkuqmsW9hhhDts2uuUtfpbovgooyjbVbnOsnYq +GuWCMT+LyAdyzLBNutzhr39NKihQQQOn6u1wdxbluVMdoMVBxKGpVth+vwaPm7r7 +KTQ6KDa+QFhjekEyOERzqKa417C3qlMDEsJ4UCyikQD6ie+S7fRjjVM/ieEHd+AA +66CbJ8u3yfXxaicn+SPCeHVKd4GKmJgsg1KDSSg0+w5JWwmAiCJjEydX2HOdx2ys +SV2C4o+gxhA48U8ZgGTVoom0OgouQ7rnMd6n3juBDq2/Xp1FeDcE39yEffN7t4XN +vHfD7Hjp5capxVyEnpzu0tTVf8KP00NJKtS6I7d8IavUBCgFiJZFXJWdsbhgSsg9 +UdypUMd6rW81VaaKvi3JSjWwFpmUVAhr3hFNyQB9+2rxvDCWhUqFKWqjWdPfMgxx +qO6eam1S22vrZcyJVkfTzArFQd0J/41Ak0yErLJKLTDEYaBRxFPV0ujWskrmU96c +f+m4/k7p3sD8KooXfrERAoIBAQDWSmsFzSOugShur9phJV162XrtbOnV7n1Ko0Vu +U/ftohC5FNq0kHxAkY4kGMz2QHdJnqpQoJaCK8pJ+8nA1Osutt31tS3YrOotlNwk +KsFSiy+i9xf4NcOr9xKoSEstFPJeM650xPfVP1p4sq87BB2Z3uWfLtWnRxTJnpA2 +nwwtdrK5fO3pZnVlWQ4akqbndCjUWURXVOVxDHCyDdwoiz3BpGmVV6jCYanC3e3S +E7/OlRLJfRAXoCEbzFsQpsOYncaEG7cAz9pBBXA6VVyEPlVyMG0GHs30W7aG5Bfp +IcbhacGyjdV5Wwx8WGun1pOHoclLX7pJ6jOXLobpUVH4FUNTAoIBAQDf5gX9aBqK +QxBYcqhZ0aby9K9ZAXSRr03drf4s+TXSU7rUdBqV4BRj1cjQLB6pxpo2ryLoHhkf +tLVRnEWpRgSlfu7qSYxU8rNUacAKAPnebjQxU6NMVzFx7zDQz4TJT2StsxoSIw+l +O4MwWDvIxHcpjIrl1eZh79BSzrq5dsf3vrPCM+Xxivdkx82WJqiVX/LrY3l9R+kC +ud1b3O5vFdhpo8e0sygCdF0+sC0jwE82SCjMMGHMZWd74rmkuHFpJ1xSQf9/jRCf +yKhITI/su21FS4rn1rApWpzAvhfhV7HqnwWzFTtmLeGsI+yW4fb1j6oK7t/rVZ+p +lnwISXpOPBIfAoIBADnMttNIwsAV7F72pdOgLXeuY37Y6rWeb0MLiPW6RlxdY19Y +pakgc7NCz3EjE120g7hiyJOYzR/tSdHszT1q8MiX4ISeyu/vq/aBeWNz+NMX4dB2 +D4wOjGm86dZkMYrGZJ1OGVc7rZFiVjfKEoO7l3Rib9Mg4dYN0SiU0Vc6TSGSK6Dm +dpGG5lFg1PIL7mLtrPmh3lIj/wMgFOGh5Wk2LYEmpKf4jfdoOk7qZ3RLiWfiQ7// +MLD+qw+BbmquYIGwxNPrWdApQDhbjCrfzWWKHqf/Mdj9xBWOC0yVB3IFf0xbpzhP +E255RYPgoaESupZR6CahenDnb+TuUstp+M8OhSsCggEBANw/9gJ65yi9ohWv7MY2 +g+maI+gFk3tAnPOGFnR9TqGxdidKc2CeBtDS2/FUhXFzif5jOI5oFUToSjmW5bwH +wchfXn0gjqh9+0T9pkjw/tv9QuCHKyuM1noC1t2CVliF/j8U4X+X9+sN6RakpWLx +SVuZAoXnbfNHqoHbFToei8W9Vi2jSf7bOlRsbGPZcZtHwLonp7pDBAeHeSbF5dNn +BPWehHTQjHolqBhjzHPP2NxIDcIXkg00b6Ehvoc4XXAYpSvR+pmp1gGorUo57pbt +JSe2kVVRDwgPOAYuuWUWFFH9zuiE6WKxnb7ts+4VKRAVHCwXIjTpjN+Rxj+MsIDH +fPcCggEBAIRgZPwB6eI+rvYOPUGSeU681O+8/ZgjyAi8HSOk3dCc3J2fX31m/GsR +xM+FExbGYJ3BfdgB9YbLSI8eY7weJRodm0FoCuHePu81z4xj9yEi5hBodXhhDjQM +/xbgsSWeotQ+5lTmc5hgve1hl+3t09qNttHaELWASD+0ixBC6A6J4GB68ZKRIunW ++ZGiEvrNey6Uunf7T/Wgc+VDcA3HsniaY2yTZY/jWsmDxt/BAwUaQrNwAbHvm/1P +J04mvCreWfOITe7CURcLq4FMGzsCEXtdQ77/uJllew1Uv2Yn2WFUiqVxH+UicR1P +vOJ7/LvbOa8BlIMsprB2rz3PDSUSaIw= -----END PRIVATE KEY----- diff --git a/config/testdata/server.crt b/config/testdata/server.crt index 2ead9698..1b86f58f 100644 --- a/config/testdata/server.crt +++ b/config/testdata/server.crt @@ -1,96 +1,33 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus TLS CA - Validity - Not Before: Apr 5 08:06:57 2019 GMT - Not After : Mar 26 08:06:57 2059 GMT - Subject: C=US, O=Prometheus, CN=prometheus.example.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:bd:6c:b6:7f:d1:2f:be:e4:41:eb:5d:ff:50:78: - 03:2b:76:03:da:01:48:20:13:90:66:c9:ce:6e:06: - e5:fa:2d:0d:c0:b0:46:28:44:10:a0:61:79:87:a2: - 98:4c:29:fa:f9:bb:0f:44:c7:90:5c:5c:55:60:cd: - 45:da:b8:e4:dd:28:72:c8:8b:a1:3e:4b:00:09:82: - b0:2c:dc:d6:17:c9:02:f4:cd:26:c7:11:28:f3:77: - b5:97:c2:76:c2:e0:07:d7:34:5b:e0:ed:1a:59:a5: - b4:b7:16:09:3d:35:bd:d9:03:07:9d:7c:3b:f0:63: - bd:5e:02:99:cf:32:e1:ac:4c:7a:3e:4c:b2:8e:98: - 68:07:4f:59:dc:0d:bf:cc:83:04:5c:d8:90:f0:73: - da:2b:08:17:c4:36:a7:d8:94:3d:b6:c0:af:29:0a: - d3:19:5f:eb:7d:cc:4d:05:56:11:0a:ee:b1:f3:d7: - c9:5a:3c:8c:57:16:91:51:14:f8:20:4e:0f:29:9e: - 04:21:e6:f1:e4:e8:44:af:d7:25:92:08:64:fc:2c: - 1c:2e:4f:71:53:91:53:1d:e5:f9:7b:52:0f:21:da: - 5c:dd:19:68:96:ca:70:6a:f1:c4:0d:07:af:f8:65: - 13:92:e9:ef:65:b3:89:86:fd:c0:74:5c:a4:6b:49: - 62:c5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - X509v3 Basic Constraints: - CA:FALSE - X509v3 Extended Key Usage: - TLS Web Server Authentication, TLS Web Client Authentication - X509v3 Subject Key Identifier: - 00:61:01:AD:25:44:8A:EF:E1:2C:EC:83:5A:3A:3B:EA:A0:BD:E1:45 - X509v3 Authority Key Identifier: - keyid:4D:02:BF:71:95:6A:AA:58:C5:9C:B8:83:67:5E:64:16:99:E1:2A:9E - - Authority Information Access: - CA Issuers - URI:http://example.com/ca/tls-ca.cer - - X509v3 CRL Distribution Points: - - Full Name: - URI:http://example.com/ca/tls-ca.crl - - X509v3 Subject Alternative Name: - IP Address:127.0.0.1, IP Address:127.0.0.0, DNS:localhost - Signature Algorithm: sha1WithRSAEncryption - 77:97:e4:ef:db:10:8e:62:50:96:4a:6e:f5:a4:f9:1f:19:3b: - c8:a4:dd:b3:f6:11:41:1a:fb:e3:f8:dd:0e:64:e5:2b:00:b9: - e6:25:9f:2e:e1:d2:9a:cd:b6:f2:41:4d:27:dd:2c:9a:af:97: - 79:e8:cf:61:fb:cf:be:25:c6:e1:19:a0:c8:90:44:a0:76:8a: - 45:d4:37:22:e5:d4:80:b4:b3:0f:a8:33:08:24:ad:21:0b:b7: - 98:46:93:90:8a:ae:77:0c:cb:b8:59:d3:3b:9b:fb:16:5a:22: - ca:c2:97:9d:78:1b:fc:23:fc:a0:42:54:40:de:88:4b:07:2b: - 19:4e:0e:79:bf:c9:9f:01:a6:46:c5:55:fa:9f:c0:0d:8a:a6: - e1:47:16:a6:0e:be:23:c9:e9:58:d6:31:71:8c:80:9c:16:64: - f0:14:08:22:a1:23:7c:98:b9:62:d1:4a:ce:e3:5c:59:fb:41: - 87:a5:3b:36:dd:3d:45:48:b0:b0:77:6f:de:58:2a:27:4d:56: - 20:54:08:20:c8:6d:79:b5:b9:e6:3a:03:24:0f:6d:67:39:20: - 78:10:2f:47:85:83:c1:4d:17:33:79:84:75:27:fa:47:67:59: - 56:cc:33:7b:a5:77:aa:59:9a:98:30:10:1a:78:43:34:8f:ed: - c2:a1:a3:ea -----BEGIN CERTIFICATE----- -MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET -MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp -Y2F0ZSBBdXRob3JpdHkxGjAYBgNVBAMMEVByb21ldGhldXMgVExTIENBMCAXDTE5 -MDQwNTA4MDY1N1oYDzIwNTkwMzI2MDgwNjU3WjBDMQswCQYDVQQGEwJVUzETMBEG -A1UECgwKUHJvbWV0aGV1czEfMB0GA1UEAwwWcHJvbWV0aGV1cy5leGFtcGxlLmNv -bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1stn/RL77kQetd/1B4 -Ayt2A9oBSCATkGbJzm4G5fotDcCwRihEEKBheYeimEwp+vm7D0THkFxcVWDNRdq4 -5N0ocsiLoT5LAAmCsCzc1hfJAvTNJscRKPN3tZfCdsLgB9c0W+DtGlmltLcWCT01 -vdkDB518O/BjvV4Cmc8y4axMej5Mso6YaAdPWdwNv8yDBFzYkPBz2isIF8Q2p9iU -PbbArykK0xlf633MTQVWEQrusfPXyVo8jFcWkVEU+CBODymeBCHm8eToRK/XJZII -ZPwsHC5PcVORUx3l+XtSDyHaXN0ZaJbKcGrxxA0Hr/hlE5Lp72WziYb9wHRcpGtJ -YsUCAwEAAaOCAREwggENMA4GA1UdDwEB/wQEAwIFoDAJBgNVHRMEAjAAMB0GA1Ud -JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUAGEBrSVEiu/hLOyD -Wjo76qC94UUwHwYDVR0jBBgwFoAUTQK/cZVqqljFnLiDZ15kFpnhKp4wPAYIKwYB -BQUHAQEEMDAuMCwGCCsGAQUFBzAChiBodHRwOi8vZXhhbXBsZS5jb20vY2EvdGxz -LWNhLmNlcjAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vZXhhbXBsZS5jb20vY2Ev -dGxzLWNhLmNybDAgBgNVHREEGTAXhwR/AAABhwR/AAAAgglsb2NhbGhvc3QwDQYJ -KoZIhvcNAQEFBQADggEBAHeX5O/bEI5iUJZKbvWk+R8ZO8ik3bP2EUEa++P43Q5k -5SsAueYlny7h0prNtvJBTSfdLJqvl3noz2H7z74lxuEZoMiQRKB2ikXUNyLl1IC0 -sw+oMwgkrSELt5hGk5CKrncMy7hZ0zub+xZaIsrCl514G/wj/KBCVEDeiEsHKxlO -Dnm/yZ8BpkbFVfqfwA2KpuFHFqYOviPJ6VjWMXGMgJwWZPAUCCKhI3yYuWLRSs7j -XFn7QYelOzbdPUVIsLB3b95YKidNViBUCCDIbXm1ueY6AyQPbWc5IHgQL0eFg8FN -FzN5hHUn+kdnWVbMM3uld6pZmpgwEBp4QzSP7cKho+o= +MIIFsDCCA5igAwIBAgIRAMMSh5NoexSCjSvDRf1fpgMwDQYJKoZIhvcNAQELBQAw +aTELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy +b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRowGAYDVQQDExFQcm9tZXRo +ZXVzIFRMUyBDQTAgFw0yMjA3MDgwOTE1MDdaGA8yMDcyMDYyNTA5MTUwN1owNjEL +MAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxEjAQBgNVBAMTCWxvY2Fs +aG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANPl1Iv/z+M8jHHU +SggOhvCS/0IfNi82+OprwalmhSL1FyRrGeHDpKArIrHhal7oukizJq96wKTddUVu +hjPR7srSYX7J2oPznjb2FmLHnD8y+zxO83XNA5WCDB0yA/KhWHhDmd2pihTTZOo9 +jvGi3+LyIqXUeiwIpxuNnH2ghoUy+DTzNCknLkIKAVnDPoM1AI0Wu24rs14A8ZVW +ivzY/P8xGwlMmDndrrHwJzMSEMeH7IJi9hx4zJalpoYTVq6Z0Rv0+7SpS+iswi/e +MILDhmSvLw0R4x31xkzsPOtUsocVjgBCGGGHo70ISsAxsL6E9QFe2uwZSvbBKfou +JaM0txRIZahMeHy5egh2+J08vuZKo9PDBWwKwqQZ4Kb7WtgekiycLmFa/OYHLUX+ +Ow8QXu5HU9v9XlP9GV2FQDka2IuMTtS5JCEt5e9ddSb4KVbkRAhfL2snA+w0nmrf +CBlrlThFz5Evy5QNAo1ORwiE+8gNUc12EAu9K3TK9WSUYNrLCbkN3oBL+DVp8Y6q +quUpKEbElhsJ9V49Err3LPaXpz5aW7Th6oFq7UOB7chqKQ2SNl3/hTlNUw8wFb9Q +i8AXs+4SzHo41IEe9QZBvpeucVmdewbJKvNS8Uxs2wmtTq2G2Ae3qGzWl682J7aU +w1X6Y46OanQDNtDVQvGN1CW5kvCXAgMBAAGjgYMwgYAwDgYDVR0PAQH/BAQDAgUg +MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB8G +A1UdIwQYMBaAFMaaHh5g0+YopeLd1IkizXyK9K/zMCAGA1UdEQQZMBeCCWxvY2Fs +aG9zdIcEfwAAAYcEfwAAADANBgkqhkiG9w0BAQsFAAOCAgEAUXL/lzbgbs6whVrE +3wkp0oDGVZ0Jti1hpeQk7Slt3PHsgu9OQOSGcv9QHs0ybhkDWZQjoCH6Nurx5QaY +GnpNQjylfy3zAziO0c7C1uXf7Z9AEMQwbOHFLefnvq86MtnwJ7sadQo+ViwtMgOW +He4YhkTyu2CqK8GFXRQUNm/SunffXp5zErPCNQURh4hrDUGlXPzyxgx1DyqFvF4S +X8IpsoED3d7cbEL7E9dgXNl7wuy3qoPi9P9KydFTIELBGt1oco980S1attSM9159 +t9iUIUMT4EdzmZxpIyJMCD+Lz9Y3zWVyz7DTqFWOtAtmhM4lu44K4S4d/JfAGEal +3h3SMCbBPKwpsloO4r9TeGi2f+T7hfiFMdCezEyG8sXrObCDyVudyUnXnxDkZ5TQ +NOzqJaUJHeKzb+Z9WSovce3Pb8ok3GoDugmwqyjuN/rz/0jsDTJm18I6HHtONbUp +AIV/H/4+Kewc+Ztv97J7MeQB/2VKcY3vpZpMSEkg2ummRhXUfi0haxfoSCKvRwiD +BElUVtwHTsn3OBnKMGcBt32iLVsvbb/0AtNpohznPdQT7dqDVguejmwHn/fc4u4Q +vfAay/ACARti9XKGplQi7xn+OoYcAVPLYitYBRNEc6t+4f3EKehrDIMRCnxOFBVX +9Dnm1DebturSQQEOuX5rP15lG1I= -----END CERTIFICATE----- diff --git a/config/testdata/server.key b/config/testdata/server.key index e1226c0e..678da7b1 100644 --- a/config/testdata/server.key +++ b/config/testdata/server.key @@ -1,28 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9bLZ/0S++5EHr -Xf9QeAMrdgPaAUggE5Bmyc5uBuX6LQ3AsEYoRBCgYXmHophMKfr5uw9Ex5BcXFVg -zUXauOTdKHLIi6E+SwAJgrAs3NYXyQL0zSbHESjzd7WXwnbC4AfXNFvg7RpZpbS3 -Fgk9Nb3ZAwedfDvwY71eApnPMuGsTHo+TLKOmGgHT1ncDb/MgwRc2JDwc9orCBfE -NqfYlD22wK8pCtMZX+t9zE0FVhEK7rHz18laPIxXFpFRFPggTg8pngQh5vHk6ESv -1yWSCGT8LBwuT3FTkVMd5fl7Ug8h2lzdGWiWynBq8cQNB6/4ZROS6e9ls4mG/cB0 -XKRrSWLFAgMBAAECggEAezQ0V1o11dEc1vuiTjJgzWnLA4aF5OcUquZjb8jo2Blp -soR0fUgYEFiV9RRaPl+nr7ptKe0rBgfAOGALKUHNCdN/JNU8oQmjEoyADg3s6jeB -xruQlzWgDwszf2uqVwHj16Nkhx1wYBKZQeQBSmCkBHwl/daKHcahqn3CkLOleKx+ -Qlc3BzWNaGte6qpJMs0It3by1FuxRwVz5VkL8uhzj0WIOYMA84t0gTnFH9gfRO3F -licotxg/Nl5M36wWcfL8Jq++72AtaKcD1jUEwuQpogrVeqflmeHwn/TlL++Hv6Xe -Lq0jt3OCUKUV40eq9c5uEgTmyrVHMDkfFdXzutdMAQKBgQDsSMXk7P4SX6u6uTjV -In9eWw6ZyJ2aL6VB9co/NMsj49GrrFT8VX9d+JPe9P/n6tuGcFbymNep22njRksR -0ItpW1NFRR/R3g0kYe1EhkRpNm6fhY9oIuR9xhcNnPNYkqAKT3T/dxrzbwsNhomi -X8aht/eCz4ZsK/KdOGTkPozxgQKBgQDNOvrclT1Wl4bxONp9pEV5XpRSD/qigfIp -i5wxy7ihX/QY9RToIWJDnzMVLnEYe64RB2WB8/4WwNPOQcuaxXbFUFct/2NdhTnS -ToJPgPe819zW9t1FLTf1fHtsRBpGFtbhdlUDOiOtJiMXYiwlRh2uyWFhjOo8TNUE -qMwai0vLRQKBgQCDH4t6lC4W4jK5x2oLlT5bjWqX2uXjF8e8x/q5gsGspBPKEjOD -aKrq6jSdSRbui73RaGxH6pvb7iBf+LVWKIYFLKIUUdzrqS9f3lw+Z8h1HrjbG9JO -dvaX+aL3cf71S0E3F4sU7fLt3tSiZ+PfUQk424+mbyXox6a2qwIKS9AJgQKBgHCu -dHROYJo9ojKpo5Ueb6K+4jLYYSV+sYZMCBtzHlFETNKzJaJ6SeiU7Ugw8pmdtqnU -5M/gNl8pymFR0MeOqbKWdPdlZJpBfsjQoE2kouEFqFRCwKStui7IBUAheEeJXLv3 -659U+aek69l35oMkp0GDgjs8UpN/H+pp/36Hgrr9AoGAftWU405rpStHEdRVrazP -FibQesT9HOdJgmm1gNIhj+PnFs7lKER9p0Wdl79QnIqjwyhjCXL94TFerzTKLY2c -IRj5dcRHiiT0iK8wq8bzGNYCqV73oQXaUFMiutNAArXwzwuvPFPWNBQsjLzeDLeC -mcOsCcPAk8cLYtVfZo2sP3g= +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDT5dSL/8/jPIxx +1EoIDobwkv9CHzYvNvjqa8GpZoUi9Rckaxnhw6SgKyKx4Wpe6LpIsyavesCk3XVF +boYz0e7K0mF+ydqD85429hZix5w/Mvs8TvN1zQOVggwdMgPyoVh4Q5ndqYoU02Tq +PY7xot/i8iKl1HosCKcbjZx9oIaFMvg08zQpJy5CCgFZwz6DNQCNFrtuK7NeAPGV +Vor82Pz/MRsJTJg53a6x8CczEhDHh+yCYvYceMyWpaaGE1aumdEb9Pu0qUvorMIv +3jCCw4Zkry8NEeMd9cZM7DzrVLKHFY4AQhhhh6O9CErAMbC+hPUBXtrsGUr2wSn6 +LiWjNLcUSGWoTHh8uXoIdvidPL7mSqPTwwVsCsKkGeCm+1rYHpIsnC5hWvzmBy1F +/jsPEF7uR1Pb/V5T/RldhUA5GtiLjE7UuSQhLeXvXXUm+ClW5EQIXy9rJwPsNJ5q +3wgZa5U4Rc+RL8uUDQKNTkcIhPvIDVHNdhALvSt0yvVklGDaywm5Dd6AS/g1afGO +qqrlKShGxJYbCfVePRK69yz2l6c+Wlu04eqBau1Dge3IaikNkjZd/4U5TVMPMBW/ +UIvAF7PuEsx6ONSBHvUGQb6XrnFZnXsGySrzUvFMbNsJrU6thtgHt6hs1pevNie2 +lMNV+mOOjmp0AzbQ1ULxjdQluZLwlwIDAQABAoICAQCxGs9jlBQ1YU4hdcXKphmy +yan/ogavv8qcZCQhakasyRzmm32ubM8T7/m3oyg821eXm+Uhlf+dzFtQBOi2NyjW +7LAAQMYas2vxlA1x0lSNnhbOeU6Tjx8HvwJRBJS4HpLLMfVQh3uZnHYkMf9fhzqJ +fMfowoa6dyD0ro+1kI3elpNN7lgSbWUEXUhztfRxxcMIKY/OrUflsfQ5VXQlkVck +E+78/r/c3aQ9pPOeg+LyYnETKZN6iJy27Q0Z0uAIXxefvksC3N1NQ9eqGpOBN9sE +HEe/LMwfJmTvtiPUrZ3pueJN5PBr0+rO/Dc+HEoVcxs0Yguoehtl0l07dYaPumep +TmXdrKvCkwM5cwnbXSWrCpqMS8Medb3zWvNnWO/mjRwTZyhmNdscjh3Ilvo+YCus +wM8HJFD4FuMtL3GtIfoKeszppACTkOOYiViGHmKUiQaSEwF7nhuIQqgN3ULCP7Z5 +mhL2RhLWacPfATITNkm4g2o16mFohZ9HPZSkPGm8rw7yhB1s2emoocXsms2iR1oa +mggNnUS3m87Z/HmOEyObIQZtYf1ZNuVAGGP4kmhhtNfMTmq3CPYM3oMRR1nb8Ci8 +zYwjEIvLYuDVlZFff4+IA7tCBZPichieoioaxutnYtO+nvuzDRiitL4my2EcXeE7 +tcIunkP9u5BNiXsfNcy3gQKCAQEA3X9eZ/IPF9Rrsjwtqkt7Oxn/uJ8JCotVBLnq +SCd7sCSaM06jUzMjMoj4SYyjzBYLycH/q+euT4UoPdPMKCfwx2NgR87MfuehWzwG +pmPbAbLJtLmZ+M/Bz5QzGS3J3f4qYxLptLHX971JgtTdcJhOAc+p/Elt3l43d/fr +sMVrZ8hqHlXmA6WuwqHjHnGP1ML6xFfsjDZ2jQ3VEV17XKtinucgitvkVuHYmtdQ +wm/yrM8vDkyglgk47j9CyfQdL10elBxe32WY5B0g9TmhIMypmlJk7inPPnAqJ4TF +JJBMvZOB9cJAjrtsDN3tAW/1q+wPF1HLwurqTLluZEc5MVjaOQKCAQEA9OenKlxB +5HiANjH0riaokFDtjC27iHoeBkbEt+CyegGXVHEotVcKnG+N4Tw/GXcS9m33vu/X +Lmeowp/Z2BKxB7xvw81jQh8gEoUHFlH6DgksTPjVVSEa4wnESrqlFjRquBexpU6e +X//xVD72b0txAqJvpvtbxZC41WIwUBTBkHDlj2hegEzUvgzdO92FPRUDrAgB0wSv +05U6fh1/4c3XTHqIHK4/gxiVRmjnpEdjEbOZsfbN8LGQK2eq4FkIS870VKigUZ/U +m2YB+8PKKyqKdXpWQHMZ9QvXoU9AwMw4Q+NEk4a/ZrnnMo59voKP1Qoqhd/rEAP7 +xa1AMOAl2DhhTwKCAQBdY4Z6bSTP91AxJg5a7thWYu/e967oMzb1dy3AnmUYL1aU +q2NRgQ4mEHofCJ1HP0RZHOKfqF9mR85fwx0hETYD23KM1DSEjUULIpPrM87zOF6z +RE4XCgG9c87XnuauIqvceezvssxMOBL2hqmW/6BkQxp4tL0ONMtOWcmWDqbqayXT +BISmpQS6K2eHPnpWSp9QiYHC3HO/pUVgvPl2aQx70xd1dKEhwLeDEaWLVYgMNI6y +iLxshhbq3OFcJQDpJ2ntKMkXh86e32k1+8Zj/ebEmljT0ez/dmtPnjtA31Z71+XD +qNNvWraD9k4nfP0oL69tNZ+j30hKcSSKQz1qAPyBAoIBAGBaI3KPCX2Ryx+HV/SM +URU2Qb883uM66EUf4pVVWeKWbatTOejebdZOLUvIICsspdE+QpJkWgxvy/2GVnak +I/IfOPmX/M0u4bdnjvpBFlgfU8aUv5nWhHV+ijO8aubpiHMVH1ciLz0lvRSgEOSI +kdWvgq33houb/Jw3HTrkb6McR7S8IzHnCGwdM40yAhGeCuvL2qvi1CoyM+kaQg3c +pi/4pURjaalyKoihDUGctGVqe7WAnFVuBoKNLrVFUfZBXe9QyIJUl5jr8SvUQ93n +xsGhd/2zSysVlahpPdicgCZ1a61+/h60VTmWxfIF/ACdF03EYv7SEmQbXX3dMgZ3 +aBECggEBALXqdEIkb9pBhwCvUHFG+c/IKBhS6j7BUj9PrZ3MATPXHo6Iy09d/dlV +psFQzWVvBmf3pcI0MEi7xdUMSN0jhZ8xp1owDlOQSM8DCQPFLaC38sfhZNThIfz0 +Q+fWYPe1lkRBtMVSokN1PtE5zETHlUKkh3fdQs0wihX4Wikc64rjCgXqXc8ng8Lk +NCUNBY/7pNfrEm0Zxz+8CvmRaBbL4OT2/hFsdcMiO3P24mCdAPgJ4v97pr8KxRHe +SmOyiSdaAyXHr/6+3KgO5pX8YUn9WiTF2hxo4SG3NQuuva0SBZT9B8iFXt1uFUtP +Rri7hsjysanKPyaPM1oofbRyWApMyRo= -----END PRIVATE KEY----- diff --git a/config/testdata/tls-ca-chain.pem b/config/testdata/tls-ca-chain.pem index 722264d8..b67023a7 100644 --- a/config/testdata/tls-ca-chain.pem +++ b/config/testdata/tls-ca-chain.pem @@ -1,173 +1,67 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus Root CA - Validity - Not Before: Apr 5 08:00:37 2019 GMT - Not After : Mar 26 08:00:37 2059 GMT - Subject: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus TLS CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:aa:d2:34:6b:ed:f1:f4:01:08:e5:00:9f:75:c8: - ba:fc:4b:72:c6:04:93:af:f1:f6:b5:ce:01:0d:c6: - bd:d3:16:98:9d:e5:51:56:12:58:16:ee:18:6e:f0: - 68:a9:42:16:65:cf:e3:31:f5:90:79:9d:13:32:87: - 3b:1f:65:fd:84:88:a4:56:3d:26:54:69:05:27:5a: - ea:89:02:e7:31:9b:7d:7f:76:93:54:70:bc:17:92: - 06:9f:9f:90:4a:8a:cf:82:a7:7b:7c:71:c4:fa:34: - 56:00:32:1a:85:c5:f8:e4:4a:63:43:37:9d:60:84: - 4d:78:6e:87:12:c4:2b:1f:93:a5:fe:cc:5e:f1:df: - c1:97:ff:b7:3e:20:38:1d:71:15:11:ec:6c:7a:cc: - 0e:87:52:31:b1:b9:74:c3:07:1c:42:4b:1e:c1:17: - bc:e4:13:b7:b0:20:2e:c4:07:93:bd:a8:11:f9:da: - a7:d0:df:4a:48:be:9b:6d:65:c3:ae:58:56:c0:9f: - 17:c5:d8:32:b1:04:22:fb:5b:18:f6:20:10:50:ec: - 2d:10:4f:cc:48:8f:f2:75:dd:33:a4:0e:f5:55:da: - 2c:89:a1:3a:52:bb:11:11:0b:97:27:17:73:35:da: - 10:71:b3:9f:a8:42:91:e6:3a:66:00:f9:e5:11:8f: - 5b:57 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Basic Constraints: critical - CA:TRUE, pathlen:0 - X509v3 Subject Key Identifier: - 4D:02:BF:71:95:6A:AA:58:C5:9C:B8:83:67:5E:64:16:99:E1:2A:9E - X509v3 Authority Key Identifier: - keyid:3C:1E:A8:C6:4C:05:4D:20:EC:88:DB:29:D4:7B:F9:12:5D:CE:EA:1A - - Authority Information Access: - CA Issuers - URI:https://example.com/ca/root-ca.cer - - X509v3 CRL Distribution Points: - - Full Name: - URI:https://example.com/ca/root-ca.crl - - Signature Algorithm: sha1WithRSAEncryption - 63:fc:ba:30:a5:05:d6:76:14:f1:77:38:b1:41:6f:81:d9:b4: - 02:fd:bc:e5:f6:d9:e6:73:e0:71:cf:4c:fb:13:b5:6b:bd:b9: - c6:f6:28:18:36:e1:8c:d9:93:b3:78:4a:3d:39:1b:f4:fb:69: - 75:24:ae:e1:a0:2f:94:05:bf:10:3c:3e:d2:2b:a8:f3:31:25: - 2e:ed:13:ad:60:5d:22:9a:26:15:20:86:98:73:4c:f6:4b:48: - b8:1f:67:ba:4e:c9:47:ed:85:dc:38:dc:02:0c:fb:54:d5:2e: - 6c:b4:95:18:51:d1:ae:ea:e8:fb:b4:19:50:04:bc:31:7e:51: - 9e:85:29:4d:c8:f7:26:d6:d6:8d:35:2d:9e:e2:06:16:38:e2: - 56:80:ec:f3:a3:34:e3:28:c4:e8:10:d0:8a:a6:6f:20:9a:b9: - dc:b9:90:6b:ba:8a:27:2c:29:72:28:55:e7:59:a6:a7:90:ec: - 32:e8:d0:26:4a:c1:44:dd:20:bf:dc:4d:1e:7e:cc:e5:a2:5b: - e8:df:3d:4b:01:aa:48:56:17:e9:29:d8:71:83:05:36:8c:11: - 4f:77:b8:95:20:b7:c7:21:06:c2:87:97:b4:6b:d3:f7:23:ba: - 4d:5f:15:d1:0c:4d:6e:f1:6a:9d:57:5c:02:6a:d7:31:18:ef: - 5c:fc:f8:04 -----BEGIN CERTIFICATE----- -MIIELTCCAxWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzET -MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp -Y2F0ZSBBdXRob3JpdHkxGzAZBgNVBAMMElByb21ldGhldXMgUm9vdCBDQTAgFw0x -OTA0MDUwODAwMzdaGA8yMDU5MDMyNjA4MDAzN1owaTELMAkGA1UEBhMCVVMxEzAR -BgNVBAoMClByb21ldGhldXMxKTAnBgNVBAsMIFByb21ldGhldXMgQ2VydGlmaWNh -dGUgQXV0aG9yaXR5MRowGAYDVQQDDBFQcm9tZXRoZXVzIFRMUyBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKrSNGvt8fQBCOUAn3XIuvxLcsYEk6/x -9rXOAQ3GvdMWmJ3lUVYSWBbuGG7waKlCFmXP4zH1kHmdEzKHOx9l/YSIpFY9JlRp -BSda6okC5zGbfX92k1RwvBeSBp+fkEqKz4Kne3xxxPo0VgAyGoXF+ORKY0M3nWCE -TXhuhxLEKx+Tpf7MXvHfwZf/tz4gOB1xFRHsbHrMDodSMbG5dMMHHEJLHsEXvOQT -t7AgLsQHk72oEfnap9DfSki+m21lw65YVsCfF8XYMrEEIvtbGPYgEFDsLRBPzEiP -8nXdM6QO9VXaLImhOlK7ERELlycXczXaEHGzn6hCkeY6ZgD55RGPW1cCAwEAAaOB -3DCB2TAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4E -FgQUTQK/cZVqqljFnLiDZ15kFpnhKp4wHwYDVR0jBBgwFoAUPB6oxkwFTSDsiNsp -1Hv5El3O6howPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzAChiJodHRwczovL2V4 -YW1wbGUuY29tL2NhL3Jvb3QtY2EuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHBz -Oi8vZXhhbXBsZS5jb20vY2Evcm9vdC1jYS5jcmwwDQYJKoZIhvcNAQEFBQADggEB -AGP8ujClBdZ2FPF3OLFBb4HZtAL9vOX22eZz4HHPTPsTtWu9ucb2KBg24YzZk7N4 -Sj05G/T7aXUkruGgL5QFvxA8PtIrqPMxJS7tE61gXSKaJhUghphzTPZLSLgfZ7pO -yUfthdw43AIM+1TVLmy0lRhR0a7q6Pu0GVAEvDF+UZ6FKU3I9ybW1o01LZ7iBhY4 -4laA7POjNOMoxOgQ0IqmbyCaudy5kGu6iicsKXIoVedZpqeQ7DLo0CZKwUTdIL/c -TR5+zOWiW+jfPUsBqkhWF+kp2HGDBTaMEU93uJUgt8chBsKHl7Rr0/cjuk1fFdEM -TW7xap1XXAJq1zEY71z8+AQ= +MIIF1DCCA7ygAwIBAgIRAMMSh5NoexSCjSvDRf1fpgIwDQYJKoZIhvcNAQELBQAw +ajELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy +b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDExJQcm9tZXRo +ZXVzIFJvb3QgQ0EwIBcNMjIwNzA4MDkxNTA2WhgPMjA3MjA2MjUwOTE1MDZaMGkx +CzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpQcm9tZXRoZXVzMSkwJwYDVQQLEyBQcm9t +ZXRoZXVzIENlcnRpZmljYXRlIEF1dGhvcml0eTEaMBgGA1UEAxMRUHJvbWV0aGV1 +cyBUTFMgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXtUbZhHR2 +xElyGJ+BwcZh4hm4dh1OhlJ6g98H2rEOK6bBxeO5YZnthfCnHI6WYN270ylusUc6 +JVkuU/1PO7NLYsl1D4ZIrRKQBWfg88BYrDO38HUkrm4aohlpT0+f7SiA7eRl1Mb5 +x6fi5BAVE5wnQJTE8VPBU+lXJB+SfZEixu+o1PlxVAdMYPAu1Yijakr1lDuZex+/ +j/700mihSAcwOvJ/+p4u2WNj0CMvQWiV5+VBZYrfpRN4/201FoyWILIv3HLq5OKp +Bpl/TvJ4J8oG1Cbzjm52qLgUOvHkAJ0I04DxWWywHF0VRumwLSqae0xo+KPPijj7 +bdnCx+vy37PbFOghzKzSIbPuccfKivVpChgy9n0kkgQhm9cgFE5SBuO6jfRwto0g +drSOMIzyXELDG0h0nB2gsPUHjD/OD1DT0VsW/9xXOPBfVgtPFn5LoZ8ninAFmk2r +ZiRJhCXhh+Rlw2F/s2STP66RnUGVdfP2syV+UlgJlE7EPE8cDbyfQqg7FTflq+t+ +HgXFCAkJ4S34+/qCbGv3DlbnC1lq+FiVwexm1TcfL/lYfhPr/J6VoeFZw4bjTPNa +jUILpsXv6IQzgPfCBxeZC6dDkK1D0cEXAqRRYKEFxdLnMjBcUZlWUV9uTuk01fDc +58bmlHt5sEqhcdUqHrR5PdoWJVOSbFwYBwIDAQABo3QwcjAOBgNVHQ8BAf8EBAMC +AqQwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTG +mh4eYNPmKKXi3dSJIs18ivSv8zAfBgNVHSMEGDAWgBRJPrEOm2ZrMgr9AFTz9LZy +0fDNNjANBgkqhkiG9w0BAQsFAAOCAgEAoc0OImcyyKSbVK63QA8VmD2o9Xr7abxX +o+f+QXWDqKAlNDAuXLYBjHMCc9YFsxXa9XkuKZeIxzop4h9iGG+fxMVPTx3T0gTm +MAuHcPka10z4Gy6ZxLzDmxJPkJ46b1n0K2fsv9XshzsHERz3VavwHXbC5mBo1CwI +6xLLtTWMuJdoyt0261D7Dat1JAFIWm2j+kxGvyIP0gNtRsUKOFA22Tlt42sEYnXa +7wmY7b15rndG69Xg9ZiVI5Mb/10gDJQcym23PXRn+JEgssE+WcYhll8f/LRmD49v +ZlBBD1dVoc9JyrgT+An+2Z8lE6wCSPqWSwhzvBW4dyB/u7Jn23dlV1SwJR8x/IaW +j/DhCELNqD6cSlRK3yjE/a2/iK0F6pNrVgKDY+/9uwFxwkjIRwqfcFtT6YpZ33mg +kSdTTbYpeg3XkLYZayE3ntzEhooyQdrJR6YyFVwsgcBCkeLrEbC7y/AG1MQEdKsZ +i3q730vztGQBR1ymPwgbB6qzGOXhmnhJHnQjeP2CJWnzDeOh2Vs4CxLAQZJ/dhYd +qrbYPAT8FJkp2PvoJP8zpmD7a8QC+6Gr17kl9OupPQrIIfxCXYZKDdGOlkDSUC16 +6y0E1WZnI+LVbQB1M584lB2/8jU4xqMqUPfoIcbjkjih9nvVA6t547527MeeTvXT +0ig2QvMFWMw= -----END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus Root CA - Validity - Not Before: Apr 5 07:55:00 2019 GMT - Not After : Mar 26 07:55:00 2059 GMT - Subject: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus Root CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:bf:b9:e2:ab:5f:61:22:e1:4e:cd:ee:da:b0:26: - 2e:bb:b0:7e:1c:ce:10:be:16:29:35:0c:0c:1d:93: - 01:29:2a:f6:f9:c2:6e:5c:10:44:ca:f8:dc:ad:7a: - 06:64:0f:8a:18:ad:b2:a2:94:49:c9:ba:8c:45:94: - 7c:d9:e0:11:45:d8:16:79:a2:20:9f:8c:63:60:72: - 2a:5b:f9:66:80:ac:85:67:01:5a:eb:91:c1:d2:88: - 87:9e:4c:18:c9:f2:f0:7a:18:c0:e6:ab:2c:78:de: - 5f:b2:22:4e:94:9c:f5:cd:e6:e2:33:30:e9:20:10: - a6:a1:75:eb:59:ab:45:a9:f7:3e:54:40:ae:05:25: - be:74:c5:3a:fd:af:73:16:60:45:7c:4a:e0:0e:0d: - a1:15:7f:9a:1f:c2:a7:04:ad:ef:b3:e4:f6:00:2c: - 4e:0b:04:90:49:ee:d3:db:a6:12:c4:91:0b:32:4f: - 11:84:c7:c4:8a:ef:51:66:7a:b0:20:2f:cb:95:8d: - 96:57:60:66:5e:f9:4f:5a:94:9c:71:ad:eb:ca:70: - 3e:62:06:c2:3a:29:f8:9e:86:af:da:07:78:f8:31: - af:42:48:49:9e:4a:df:1b:27:1f:44:35:81:6d:fa: - 7a:c5:6a:0a:35:23:c7:c4:d5:fe:c9:9e:61:c9:30: - cd:1f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Subject Key Identifier: - 3C:1E:A8:C6:4C:05:4D:20:EC:88:DB:29:D4:7B:F9:12:5D:CE:EA:1A - X509v3 Authority Key Identifier: - keyid:3C:1E:A8:C6:4C:05:4D:20:EC:88:DB:29:D4:7B:F9:12:5D:CE:EA:1A - - Signature Algorithm: sha1WithRSAEncryption - 56:2f:79:e5:12:91:f5:19:a7:d1:32:28:fd:e3:9d:8f:e1:3c: - bb:a3:a5:f2:55:8a:03:ad:2c:1d:18:82:e1:7f:19:75:d9:47: - 5b:e7:7c:e4:a5:e0:eb:dc:7e:24:a3:7d:99:1a:cf:39:ba:a5: - b4:b8:45:68:83:cf:70:ad:56:f2:34:73:65:fc:6c:b0:53:9a: - 79:04:f7:3e:7e:4b:22:1b:e7:76:23:20:bc:9c:05:a2:5d:01: - d2:f0:09:49:17:b2:61:74:1a:5b:f4:e0:fd:ce:11:ba:13:4a: - e6:07:11:7d:30:e2:11:87:ee:33:1a:68:de:67:f4:ac:b5:58: - 1a:ac:cf:7a:2d:fd:c3:44:5b:4b:cd:6c:ff:f6:49:b4:55:4a: - 09:a0:92:2d:57:3b:69:85:54:3e:e9:ec:ef:b2:a5:7a:29:75: - 2b:f8:eb:4b:d4:cf:68:ee:3e:c8:63:7e:12:eb:e4:2f:63:a3: - a7:c8:0f:e9:39:ff:5c:29:65:7f:25:f0:42:bf:07:ba:06:b8: - 5e:d6:56:ba:f8:67:56:1b:42:aa:b3:04:d8:6e:88:10:a5:70: - b5:81:04:a4:90:a3:f0:83:4d:0c:6b:12:5d:a4:4c:83:5a:ff: - a8:7a:86:61:ff:0f:4c:e5:0f:17:d1:64:3c:bd:d9:22:7e:b7: - fa:9b:83:ba -----BEGIN CERTIFICATE----- -MIIDtDCCApygAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzET -MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp -Y2F0ZSBBdXRob3JpdHkxGzAZBgNVBAMMElByb21ldGhldXMgUm9vdCBDQTAgFw0x -OTA0MDUwNzU1MDBaGA8yMDU5MDMyNjA3NTUwMFowajELMAkGA1UEBhMCVVMxEzAR -BgNVBAoMClByb21ldGhldXMxKTAnBgNVBAsMIFByb21ldGhldXMgQ2VydGlmaWNh -dGUgQXV0aG9yaXR5MRswGQYDVQQDDBJQcm9tZXRoZXVzIFJvb3QgQ0EwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/ueKrX2Ei4U7N7tqwJi67sH4czhC+ -Fik1DAwdkwEpKvb5wm5cEETK+NytegZkD4oYrbKilEnJuoxFlHzZ4BFF2BZ5oiCf -jGNgcipb+WaArIVnAVrrkcHSiIeeTBjJ8vB6GMDmqyx43l+yIk6UnPXN5uIzMOkg -EKahdetZq0Wp9z5UQK4FJb50xTr9r3MWYEV8SuAODaEVf5ofwqcEre+z5PYALE4L -BJBJ7tPbphLEkQsyTxGEx8SK71FmerAgL8uVjZZXYGZe+U9alJxxrevKcD5iBsI6 -Kfiehq/aB3j4Ma9CSEmeSt8bJx9ENYFt+nrFago1I8fE1f7JnmHJMM0fAgMBAAGj -YzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ8 -HqjGTAVNIOyI2ynUe/kSXc7qGjAfBgNVHSMEGDAWgBQ8HqjGTAVNIOyI2ynUe/kS -Xc7qGjANBgkqhkiG9w0BAQUFAAOCAQEAVi955RKR9Rmn0TIo/eOdj+E8u6Ol8lWK -A60sHRiC4X8ZddlHW+d85KXg69x+JKN9mRrPObqltLhFaIPPcK1W8jRzZfxssFOa -eQT3Pn5LIhvndiMgvJwFol0B0vAJSReyYXQaW/Tg/c4RuhNK5gcRfTDiEYfuMxpo -3mf0rLVYGqzPei39w0RbS81s//ZJtFVKCaCSLVc7aYVUPuns77Kleil1K/jrS9TP -aO4+yGN+EuvkL2Ojp8gP6Tn/XCllfyXwQr8Huga4XtZWuvhnVhtCqrME2G6IEKVw -tYEEpJCj8INNDGsSXaRMg1r/qHqGYf8PTOUPF9FkPL3ZIn63+puDug== +MIIFtDCCA5ygAwIBAgIRAMMSh5NoexSCjSvDRf1fpgEwDQYJKoZIhvcNAQELBQAw +ajELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy +b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDExJQcm9tZXRo +ZXVzIFJvb3QgQ0EwIBcNMjIwNzA4MDkxNTA0WhgPMjA3MjA2MjUwOTE1MDRaMGox +CzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpQcm9tZXRoZXVzMSkwJwYDVQQLEyBQcm9t +ZXRoZXVzIENlcnRpZmljYXRlIEF1dGhvcml0eTEbMBkGA1UEAxMSUHJvbWV0aGV1 +cyBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArkzRPi21 +E299vXw4FBbMfCXI258SxvvjRVRuKdAHLOBpEEqkYH6r6ScbZaisBFtIePv4ddKl +rmv+nDwN84/KS54OOtw1cWD4AnDB0kL3B0pWXjTS1F/u57hRLxM6Ta0UubKbta/h +WqSOR/fAA5sgcl+JbbR61QWVeYYXg9bM8YGTwQMeJod26tIUeX/Reo9BHuiW4jPb +pvVf7rsOs8E2cGwfYjZu6Zj2qcCxQ/ivCpopKFLNlaKko/KlGDGz9KxK5X3ik+sE +fPK9LzLC0k2RLGc3EmcMkdyqE3VNih9nV9SalAXN5yBdYaWWjJXykty7ilU32MBF +yO4myL48vif2K68pD/CFhG8YmIOud3woMm1IYS9xlsYKf7+f5CNlxqz+eSoOGhcG +dSDNft3h5nuq9J/qb2rIgWMSc2puFNRsx+fis0kS5GvjVadR0lxtArbrNm4S+F22 +EjGxeBF5VIWiu31uppbdASIw6DTKcrSVVoWxq+Fk3OOB+7q+rornosop9a/omXGH +0cTmgarjJtMqa0TEQiUPQPPnmpC1joeC7/kh7aks93wfHtY73uAVnTjLGTOwlr50 +CgRShcRoLLN049V93l46AFHU/4HWns8dqgdcdGnvIdUCFik916pKDSvEc/DfMLGh +H6w9Xlg4+2LgCyG2/FBEMTj+bLoraydzyaECAwEAAaNTMFEwDgYDVR0PAQH/BAQD +AgKkMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +ST6xDptmazIK/QBU8/S2ctHwzTYwDQYJKoZIhvcNAQELBQADggIBAHM79R/uQwQX +vsBDfKyBXWFlrhHAgX8XAwMKHjstpQYCcJoiGLRJaMMjxj31T1tylqPdcxz88THN +uj9kVFYMo1GU5K9E9lq0LoWQBmX2R7/RgxWqB7FNS+S0xfGyeUb3YPVPI1yhtsKa +6mCtTuCVgsgs/hTa+umjtffxj7l+IQxD8Fq0RFBae+S0v5mjVC2sUVd6usqVt7F6 +LUVuYShyAI705guIV9nkz8ZyLzUBJnQAJ8g6DU+nLmdizigUG+JoD/hBbK2hvcjX +SL7JLAhYRI4kzWcYR0GUfDf2knFEWNhU8gCPnw70FHMD9QC3NKkQsPvyQRyJh99+ +ipwUFbGJJRYWjFBbUxlqZNqBg6+ylZNFGEnG42u2KvPXjgPdivlQWkrX6nG0ayyl +rYrvi0FawP3OBpCrhYhqsqkA2m+5L2Pl+J2SsDv4qmPB6fh7K0YDVB37AZSG+nfL +oXXpUtwfc9tR71S7GmgkcqYOkHfSzl7ecxXtE2xyl3zhkUPR9YcG+rQhXRRp0lxF +kR0EtGOGuvXMCQ/vBVPNEDS3jdceqIrIRI1yPUdhFkF7lrLsfFULllOt6qQWnhn2 +A2ObxHToohwuyri/v8QhqNI2Bg0jJHcAJi8I8taToAstCWrtn+WXyfj/QknAik47 +aOK9l5wSyyqPfkHybKvT6z9pqWUchJsz -----END CERTIFICATE-----