opensource/grpc-go
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

advancedtls: add end to end tests (#3318)

Browse Source
This commit is contained in:
ZhenLian
2020-01-28 14:24:27 -08:00
committed by GitHub
parent 822723f716
commit f97821dd2f
14 changed files with 977 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
security/advancedtls/advancedtls.go
View File

@ -322,8 +322,8 @@ func buildVerifyFunc(c *advancedTLSCreds,
}
}
// NewClient uses ClientOptions to construct a TransportCredentials based on TLS.
func NewClient(o *ClientOptions) (credentials.TransportCredentials, error) {
// NewClientCreds uses ClientOptions to construct a TransportCredentials based on TLS.
func NewClientCreds(o *ClientOptions) (credentials.TransportCredentials, error) {
conf, err := o.config()
if err != nil {
return nil, err
@ -338,8 +338,8 @@ func NewClient(o *ClientOptions) (credentials.TransportCredentials, error) {
return tc, nil
}
// NewServer uses ServerOptions to construct a TransportCredentials based on TLS.
func NewServer(o *ServerOptions) (credentials.TransportCredentials, error) {
// NewServerCreds uses ServerOptions to construct a TransportCredentials based on TLS.
func NewServerCreds(o *ServerOptions) (credentials.TransportCredentials, error) {
conf, err := o.config()
if err != nil {
return nil, err

402
security/advancedtls/advancedtls_integration_test.go Normal file
View File

@ -0,0 +1,402 @@
/*
*
* Copyright 2020 gRPC authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package advancedtls
import (
"context"
"crypto/tls"
"crypto/x509"
"fmt"
"net"
"sync"
"testing"
"time"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
pb "google.golang.org/grpc/examples/helloworld/helloworld"
"google.golang.org/grpc/security/advancedtls/testdata"
)
var (
address = "localhost:50051"
port = ":50051"
)
// stageInfo contains a stage number indicating the current phase of each integration test, and a mutex.
// Based on the stage number of current test, we will use different certificates and server authorization
// functions to check if our tests behave as expected.
type stageInfo struct {
mutex sync.Mutex
stage int
}
func (s *stageInfo) increase() {
s.mutex.Lock()
defer s.mutex.Unlock()
s.stage = s.stage + 1
}
func (s *stageInfo) read() int {
s.mutex.Lock()
defer s.mutex.Unlock()
return s.stage
}
func (s *stageInfo) reset() {
s.mutex.Lock()
defer s.mutex.Unlock()
s.stage = 0
}
// certStore contains all the certificates used in the integration tests.
type certStore struct {
// clientPeer1 is the certificate sent by client to prove its identity. It is trusted by serverTrust1.
clientPeer1 tls.Certificate
// clientPeer2 is the certificate sent by client to prove its identity. It is trusted by serverTrust2.
clientPeer2 tls.Certificate
// serverPeer1 is the certificate sent by server to prove its identity. It is trusted by clientTrust1.
serverPeer1 tls.Certificate
// serverPeer2 is the certificate sent by server to prove its identity. It is trusted by clientTrust2.
serverPeer2 tls.Certificate
clientTrust1 *x509.CertPool
clientTrust2 *x509.CertPool
serverTrust1 *x509.CertPool
serverTrust2 *x509.CertPool
}
// loadCerts function is used to load test certificates at the beginning of each integration test.
func (cs *certStore) loadCerts() error {
var err error
cs.clientPeer1, err = tls.LoadX509KeyPair(testdata.Path("client_cert_1.pem"),
testdata.Path("client_key_1.pem"))
if err != nil {
return err
}
cs.clientPeer2, err = tls.LoadX509KeyPair(testdata.Path("client_cert_2.pem"),
testdata.Path("client_key_2.pem"))
if err != nil {
return err
}
cs.serverPeer1, err = tls.LoadX509KeyPair(testdata.Path("server_cert_1.pem"),
testdata.Path("server_key_1.pem"))
if err != nil {
return err
}
cs.serverPeer2, err = tls.LoadX509KeyPair(testdata.Path("server_cert_2.pem"),
testdata.Path("server_key_2.pem"))
if err != nil {
return err
}
cs.clientTrust1, err = readTrustCert(testdata.Path("client_trust_cert_1.pem"))
if err != nil {
return err
}
cs.clientTrust2, err = readTrustCert(testdata.Path("client_trust_cert_2.pem"))
if err != nil {
return err
}
cs.serverTrust1, err = readTrustCert(testdata.Path("server_trust_cert_1.pem"))
if err != nil {
return err
}
cs.serverTrust2, err = readTrustCert(testdata.Path("server_trust_cert_2.pem"))
if err != nil {
return err
}
return nil
}
// serverImpl is used to implement pb.GreeterServer.
type serverImpl struct{}
// SayHello is a simple implementation of pb.GreeterServer.
func (s *serverImpl) SayHello(ctx context.Context, in *pb.HelloRequest) (*pb.HelloReply, error) {
return &pb.HelloReply{Message: "Hello " + in.Name}, nil
}
func callAndVerify(msg string, client pb.GreeterClient, shouldFail bool) error {
ctx, cancel := context.WithTimeout(context.Background(), time.Second)
defer cancel()
_, err := client.SayHello(ctx, &pb.HelloRequest{Name: msg})
if want, got := shouldFail == true, err != nil; got != want {
return fmt.Errorf("want and got mismatch, want shouldFail=%v, got fail=%v, rpc error: %v", want, got, err)
}
return nil
}
func callAndVerifyWithClientConn(connCtx context.Context, msg string, creds credentials.TransportCredentials, shouldFail bool) (*grpc.ClientConn, pb.GreeterClient, error) {
var conn *grpc.ClientConn
var err error
// If we want the test to fail, we establish a non-blocking connection to avoid it hangs and killed by the context.
if shouldFail {
conn, err = grpc.DialContext(connCtx, address, grpc.WithTransportCredentials(creds))
if err != nil {
return nil, nil, fmt.Errorf("client failed to connect to %s. Error: %v", address, err)
}
} else {
conn, err = grpc.DialContext(connCtx, address, grpc.WithTransportCredentials(creds), grpc.WithBlock())
if err != nil {
return nil, nil, fmt.Errorf("client failed to connect to %s. Error: %v", address, err)
}
}
greetClient := pb.NewGreeterClient(conn)
err = callAndVerify(msg, greetClient, shouldFail)
if err != nil {
return nil, nil, err
}
return conn, greetClient, nil
}
// The advanced TLS features are tested in different stages.
// At stage 0, we establish a good connection between client and server.
// At stage 1, we change one factor(it could be we change the server's certificate, or server authorization function, etc),
// and test if the following connections would be dropped.
// At stage 2, we re-establish the connection by changing the counterpart of the factor we modified in stage 1.
// (could be change the client's trust certificate, or change server authorization function, etc)
func TestEnd2End(t *testing.T) {
cs := &certStore{}
cs.loadCerts()
stage := &stageInfo{}
for _, test := range []struct {
desc string
clientCert []tls.Certificate
clientGetCert func(*tls.CertificateRequestInfo) (*tls.Certificate, error)
clientRoot *x509.CertPool
clientGetRoot func(params *GetRootCAsParams) (*GetRootCAsResults, error)
clientVerifyFunc CustomVerificationFunc
serverCert []tls.Certificate
serverGetCert func(*tls.ClientHelloInfo) (*tls.Certificate, error)
serverRoot *x509.CertPool
serverGetRoot func(params *GetRootCAsParams) (*GetRootCAsResults, error)
}{
// Test Scenarios:
// At initialization(stage = 0), client will be initialized with cert clientPeer1 and clientTrust1, server with serverPeer1 and serverTrust1.
// The mutual authentication works at the beginning, since clientPeer1 is trusted by serverTrust1, and serverPeer1 by clientTrust1.
// At stage 1, client changes clientPeer1 to clientPeer2. Since clientPeer2 is not trusted by serverTrust1, following rpc calls are expected
// to fail, while the previous rpc calls are still good because those are already authenticated.
// At stage 2, the server changes serverTrust1 to serverTrust2, and we should see it again accepts the connection, since clientPeer2 is trusted
// by serverTrust2.
{
desc: "TestClientPeerCertReloadServerTrustCertReload",
clientCert: nil,
clientGetCert: func(*tls.CertificateRequestInfo) (*tls.Certificate, error) {
switch stage.read() {
case 0:
return &cs.clientPeer1, nil
default:
return &cs.clientPeer2, nil
}
},
clientGetRoot: nil,
clientRoot: cs.clientTrust1,
clientVerifyFunc: func(params *VerificationFuncParams) (*VerificationResults, error) {
return &VerificationResults{}, nil
},
serverCert: []tls.Certificate{cs.serverPeer1},
serverGetCert: nil,
serverRoot: nil,
serverGetRoot: func(params *GetRootCAsParams) (*GetRootCAsResults, error) {
switch stage.read() {
case 0, 1:
return &GetRootCAsResults{TrustCerts: cs.serverTrust1}, nil
default:
return &GetRootCAsResults{TrustCerts: cs.serverTrust2}, nil
}
},
},
// Test Scenarios:
// At initialization(stage = 0), client will be initialized with cert clientPeer1 and clientTrust1, server with serverPeer1 and serverTrust1.
// The mutual authentication works at the beginning, since clientPeer1 is trusted by serverTrust1, and serverPeer1 by clientTrust1.
// At stage 1, server changes serverPeer1 to serverPeer2. Since serverPeer2 is not trusted by clientTrust1, following rpc calls are expected
// to fail, while the previous rpc calls are still good because those are already authenticated.
// At stage 2, the client changes clientTrust1 to clientTrust2, and we should see it again accepts the connection, since serverPeer2 is trusted
// by clientTrust2.
{
desc: "TestServerPeerCertReloadClientTrustCertReload",
clientCert: []tls.Certificate{cs.clientPeer1},
clientGetCert: nil,
clientGetRoot: func(params *GetRootCAsParams) (*GetRootCAsResults, error) {
switch stage.read() {
case 0, 1:
return &GetRootCAsResults{TrustCerts: cs.clientTrust1}, nil
default:
return &GetRootCAsResults{TrustCerts: cs.clientTrust2}, nil
}
},
clientRoot: nil,
clientVerifyFunc: func(params *VerificationFuncParams) (*VerificationResults, error) {
return &VerificationResults{}, nil
},
serverCert: nil,
serverGetCert: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
switch stage.read() {
case 0:
return &cs.serverPeer1, nil
default:
return &cs.serverPeer2, nil
}
},
serverRoot: cs.serverTrust1,
serverGetRoot: nil,
},
// Test Scenarios:
// At initialization(stage = 0), client will be initialized with cert clientPeer1 and clientTrust1, server with serverPeer1 and serverTrust1.
// The mutual authentication works at the beginning, since clientPeer1 trusted by serverTrust1, serverPeer1 by clientTrust1, and also the
// custom server authorization check allows the CommonName on serverPeer1.
// At stage 1, server changes serverPeer1 to serverPeer2, and client changes clientTrust1 to clientTrust2. Although serverPeer2 is trusted by
// clientTrust2, our authorization check only accepts serverPeer1, and hence the following calls should fail. Previous connections should
// not be affected.
// At stage 2, the client changes authorization check to only accept serverPeer2. Now we should see the connection becomes normal again.
{
desc: "TestClientCustomServerAuthz",
clientCert: []tls.Certificate{cs.clientPeer1},
clientGetCert: nil,
clientGetRoot: func(params *GetRootCAsParams) (*GetRootCAsResults, error) {
switch stage.read() {
case 0:
return &GetRootCAsResults{TrustCerts: cs.clientTrust1}, nil
default:
return &GetRootCAsResults{TrustCerts: cs.clientTrust2}, nil
}
},
clientRoot: nil,
clientVerifyFunc: func(params *VerificationFuncParams) (*VerificationResults, error) {
if len(params.RawCerts) == 0 {
return nil, fmt.Errorf("no peer certs")
}
cert, err := x509.ParseCertificate(params.RawCerts[0])
if err != nil || cert == nil {
return nil, fmt.Errorf("failed to parse certificate: " + err.Error())
}
authzCheck := false
switch stage.read() {
case 0, 1:
// foo.bar.com is the common name on serverPeer1
if cert.Subject.CommonName == "foo.bar.com" {
authzCheck = true
}
default:
// foo.bar.server2.com is the common name on serverPeer2
if cert.Subject.CommonName == "foo.bar.server2.com" {
authzCheck = true
}
}
if authzCheck {
return &VerificationResults{}, nil
}
return nil, fmt.Errorf("custom authz check fails")
},
serverCert: nil,
serverGetCert: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
switch stage.read() {
case 0:
return &cs.serverPeer1, nil
default:
return &cs.serverPeer2, nil
}
},
serverRoot: cs.serverTrust1,
serverGetRoot: nil,
},
} {
test := test
t.Run(test.desc, func(t *testing.T) {
// Start a server using ServerOptions in another goroutine.
serverOptions := &ServerOptions{
Certificates: test.serverCert,
GetCertificate: test.serverGetCert,
RootCertificateOptions: RootCertificateOptions{
RootCACerts: test.serverRoot,
GetRootCAs: test.serverGetRoot,
},
RequireClientCert: true,
}
serverTLSCreds, err := NewServerCreds(serverOptions)
if err != nil {
t.Fatalf("Failed to create server creds: %v", err)
}
s := grpc.NewServer(grpc.Creds(serverTLSCreds))
defer s.Stop()
go func(s *grpc.Server) {
lis, err := net.Listen("tcp", port)
// defer lis.Close()
if err != nil {
t.Fatalf("Failed to listen: %v", err)
}
pb.RegisterGreeterServer(s, &serverImpl{})
if err := s.Serve(lis); err != nil {
t.Fatalf("failed to serve: %v", err)
}
}(s)
clientOptions := &ClientOptions{
Certificates: test.clientCert,
GetClientCertificate: test.clientGetCert,
VerifyPeer: test.clientVerifyFunc,
RootCertificateOptions: RootCertificateOptions{
RootCACerts: test.clientRoot,
GetRootCAs: test.clientGetRoot,
},
}
clientTLSCreds, err := NewClientCreds(clientOptions)
if err != nil {
t.Fatalf("clientTLSCreds failed to create")
}
// ------------------------Scenario 1-----------------------------------------
// stage = 0, initial connection should succeed
ctx1, cancel1 := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel1()
conn, greetClient, err := callAndVerifyWithClientConn(ctx1, "rpc call 1", clientTLSCreds, false)
defer conn.Close()
if err != nil {
t.Fatal(err)
}
// ---------------------------------------------------------------------------
stage.increase()
// ------------------------Scenario 2-----------------------------------------
// stage = 1, previous connection should still succeed
err = callAndVerify("rpc call 2", greetClient, false)
if err != nil {
t.Fatal(err)
}
// ------------------------Scenario 3-----------------------------------------
// stage = 1, new connection should fail
ctx2, cancel2 := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel2()
conn2, greetClient, err := callAndVerifyWithClientConn(ctx2, "rpc call 3", clientTLSCreds, true)
defer conn2.Close()
if err != nil {
t.Fatal(err)
}
//// ---------------------------------------------------------------------------
stage.increase()
// ------------------------Scenario 4-----------------------------------------
// stage = 2, new connection should succeed
ctx3, cancel3 := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel3()
conn3, greetClient, err := callAndVerifyWithClientConn(ctx3, "rpc call 4", clientTLSCreds, false)
defer conn3.Close()
if err != nil {
t.Fatal(err)
}
// ---------------------------------------------------------------------------
stage.reset()
})
}
}

8
security/advancedtls/advancedtls_test.go
View File

@ -450,7 +450,7 @@ func TestClientServerHandshake(t *testing.T) {
close(done)
return
}
serverTLS, err := NewServer(serverOptions)
serverTLS, err := NewServerCreds(serverOptions)
if err != nil {
serverRawConn.Close()
close(done)
@ -481,7 +481,7 @@ func TestClientServerHandshake(t *testing.T) {
GetRootCAs: test.clientGetRoot,
},
}
clientTLS, newClientErr := NewClient(clientOptions)
clientTLS, newClientErr := NewClientCreds(clientOptions)
if newClientErr != nil && test.clientExpectCreateError {
return
}
@ -566,7 +566,7 @@ func TestAdvancedTLSOverrideServerName(t *testing.T) {
},
ServerNameOverride: expectedServerName,
}
c, err := NewClient(clientOptions)
c, err := NewClientCreds(clientOptions)
if err != nil {
t.Fatalf("Client is unable to create credentials. Error: %v", err)
}
@ -588,7 +588,7 @@ func TestTLSClone(t *testing.T) {
},
ServerNameOverride: expectedServerName,
}
c, err := NewClient(clientOptions)
c, err := NewClientCreds(clientOptions)
if err != nil {
t.Fatalf("Failed to create new client: %v", err)
}

2
security/advancedtls/go.mod
View File

@ -2,4 +2,4 @@ module google.golang.org/grpc/security/advancedtls
go 1.13
require google.golang.org/grpc v1.25.1
require google.golang.org/grpc v1.26.0

8
security/advancedtls/go.sum
View File

@ -1,8 +1,10 @@
cloud.google.com/go v0.26.0 h1:e0WKqKTd5BnrG8aKH3J3h+QvEIQtSUcf2n5UZ5ZgLtQ=
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@ -19,13 +21,16 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@ -34,10 +39,13 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1 h1:wdKvqQk7IttEw92GoRyKG2IDrUIpgpj6H6m81yfeMW0=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.26.0 h1:2dTRdpdFEEhJYQD8EMLB61nnrzSCTbG38PhqdhvOltg=
google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

42
security/advancedtls/testdata/README.md vendored Normal file
View File

@ -0,0 +1,42 @@
About This Directory
-------------
This testdata directory contains the certificates used in the tests of package advancedtls.
How to Generate Test Certificates Using OpenSSL
-------------
Supposing we are going to create a `subject_cert.pem` that is trusted by `ca_cert.pem`, here are the
commands we run:
1. Generate the private key, `ca_key.pem`, and the cert `ca_cert.pem`, for the CA:
```
$ openssl req -x509 -newkey rsa:4096 -keyout ca_key.pem -out ca_cert.pem -nodes -days $DURATION_DAYS
```
2. Generate a CSR `csr.pem` using `subject_key.pem`:
```
$ openssl req -new -key subject_key.pem -out csr.pem
```
3. Generate a private key `subject_key.pem` for the subject:
```
$ openssl genrsa -out subject_key.pem 4096
```
4. Use `ca_key.pem` and `ca_cert.pem` to sign `csr.pem`, and get a certificate, `subject_cert.pem`, for the subject:
This step requires some additional files and please check out [this answer from StackOverflow](https://stackoverflow.com/a/21340898) for more.
```
$ openssl ca -config openssl-ca.cnf -policy signing_policy -extensions signing_req -out subject_cert.pem -in csr.pem -keyfile ca_key.pem -cert ca_cert.pem
```
5. Verify the `subject_cert.pem` is trusted by `ca_cert.pem`:
```
$ openssl verify -verbose -CAfile ca_cert.pem subject_cert.pem
```

122
security/advancedtls/testdata/client_cert_2.pem vendored Normal file
View File

@ -0,0 +1,122 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=foo.bar.server2.trust.com
Validity
Not Before: Jan 9 22:47:15 2020 GMT
Not After : Oct 23 22:47:15 2293 GMT
Subject: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=foo.bar.client2.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b9:3e:c6:3b:cb:d6:77:4b:17:d4:8b:91:27:f4:
62:01:60:8d:01:2f:0a:a8:b1:d6:e3:59:d6:25:3a:
a1:7f:2f:5d:ef:02:f9:6f:4f:72:db:75:ce:0b:22:
a2:05:7c:e0:7c:a3:d3:c8:fa:87:c0:6c:a9:47:00:
ed:52:2b:ba:95:36:36:1a:d3:59:1e:a7:30:a7:48:
38:7f:1a:7a:3f:84:cf:83:f0:fe:60:61:9e:c0:46:
ce:44:b5:37:83:ef:14:6c:9a:ea:3b:fe:37:8a:ab:
ea:28:59:43:f0:d7:1a:a0:57:a6:5e:a7:3f:46:95:
92:fb:44:77:68:ee:41:ca:57:1b:de:4c:80:ea:16:
b7:25:c5:b2:e5:d4:47:a7:bb:8d:f5:53:9d:a3:0e:
d0:eb:59:5e:7a:6d:8e:a1:8e:f3:b7:b1:4a:8b:f1:
8a:01:f1:e1:14:85:dc:91:ce:25:7a:fd:db:17:b8:
15:60:34:4b:f5:35:df:bd:22:65:b9:85:4a:7a:39:
74:c0:88:c9:15:61:62:a8:4b:b6:ae:87:0b:2d:5f:
2b:c6:13:c5:9c:1b:63:c0:23:73:6f:24:5e:e1:f9:
f5:ed:82:81:51:90:4a:08:7f:6e:4f:bd:27:00:b2:
b4:be:a8:0b:65:95:22:a4:c7:24:5b:07:5f:3c:66:
55:2d:af:ec:d3:f7:ca:e6:07:44:09:6f:da:a2:f3:
c9:4b:1f:9b:d7:e0:0c:6c:a0:be:4d:4c:6c:c5:3a:
bb:0d:a1:c4:82:75:42:ba:c0:10:d2:93:a4:0e:4e:
41:9a:c2:3c:68:ae:17:92:ec:4b:4f:ca:ef:09:7c:
b2:6d:16:31:15:31:67:78:02:0a:57:6b:60:4e:7f:
cb:0a:27:a5:cd:dd:d9:29:a5:a2:e8:d8:f5:e9:8c:
a3:16:72:9d:b9:94:3e:ef:b1:70:27:2e:16:0f:06:
f9:50:81:99:a2:aa:b2:74:d8:b9:24:0d:08:f4:ff:
16:c1:2b:32:ad:d1:7d:c2:db:ed:e5:8c:52:26:ed:
8c:04:af:86:9e:a1:5f:48:81:20:79:bc:57:58:25:
89:85:02:ba:e1:5f:66:e4:4a:30:2e:6d:3b:89:2c:
4f:e9:02:6a:e9:9e:b3:6c:7e:9d:1b:a9:37:3e:bf:
06:ec:ce:d6:d7:6e:e3:e2:5c:2a:fd:98:dd:4d:59:
e8:43:be:44:fe:ee:0a:64:fe:fc:e3:4d:88:23:27:
46:a7:f0:b5:80:c4:d8:2c:ad:02:a9:68:a7:d5:64:
74:b9:14:21:68:c9:f5:3c:62:73:ed:b2:be:10:89:
1f:d0:1d:1b:8a:ef:5e:6b:4b:08:15:25:4d:9c:b6:
f4:2a:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:27:7D:90:FC:81:7F:F3:EE:97:CE:65:A2:AD:D2:1E:CC:D5:2B:0F
X509v3 Authority Key Identifier:
keyid:63:88:EA:4D:D0:3E:EF:5E:F8:43:91:75:40:E4:16:AB:15:B3:32:B9
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
8c:81:8f:65:38:2c:db:69:34:26:47:62:b7:5d:4e:67:41:c2:
67:b2:97:72:51:84:f5:73:8e:cf:9d:0f:a2:91:1e:ec:e4:72:
6f:08:da:26:06:c0:f0:11:fd:b8:ac:23:c7:cf:35:ac:d0:90:
e3:da:f0:8b:7b:55:16:00:5f:82:92:40:07:12:d1:ae:06:13:
c0:5d:7c:9b:64:d7:35:86:59:c3:8d:cd:b9:a8:17:03:2e:b5:
d4:8b:18:11:cf:8d:90:74:8f:12:f6:53:99:66:d8:50:b6:c6:
ef:c8:e3:bc:26:74:67:cb:6d:34:bd:c6:58:38:ef:4b:5e:56:
80:37:2d:25:64:31:96:6e:8d:13:ff:21:63:c9:ec:8f:b6:05:
5a:8b:b5:ae:88:50:af:00:c4:c7:9d:9b:88:a3:05:6c:63:85:
46:1a:b1:6b:32:11:cc:0c:a6:75:44:a2:39:c6:58:c8:2a:f8:
08:8c:9a:12:c2:49:e0:03:da:fa:f7:67:a3:7b:91:71:46:24:
71:83:3f:a9:a0:a9:4f:e5:77:9d:a4:49:2b:0e:69:dd:47:93:
b9:4d:82:3d:f7:12:b1:02:0e:ec:4c:98:76:c2:48:81:30:68:
7c:04:90:e7:a7:e5:0f:44:cf:48:e3:04:1b:9c:4a:0f:20:25:
ce:74:13:83:96:d8:78:69:a0:1c:e4:9e:8d:1b:0c:9f:e8:43:
29:72:82:96:98:6e:8e:8b:0c:0e:18:4e:dd:62:e8:e9:5c:77:
64:40:5b:c3:44:3d:21:0f:3f:ef:04:c8:83:f0:af:cc:be:9c:
b5:6b:32:c3:26:66:a0:06:bc:7b:b0:c8:54:8f:0a:d7:57:bb:
c7:d9:7a:7f:3e:61:ab:64:03:cc:32:44:a1:71:6f:9a:cc:80:
a6:e6:de:2d:8e:8a:2f:ca:bf:63:42:24:de:3f:c2:47:a4:e2:
fb:3d:6f:70:3f:6f:cb:bd:61:40:af:c9:59:75:99:39:9d:65:
e4:89:48:fc:14:1c:ad:03:fc:5f:a2:69:be:4d:a1:a3:ad:6b:
e7:f8:8d:13:64:f8:76:7d:04:af:61:f9:9c:39:68:68:99:bc:
ec:53:b9:d1:e7:f3:c2:c9:87:42:f0:26:8f:47:c3:6d:de:2a:
f5:df:b4:58:f2:1e:f5:6c:29:0b:dd:de:ea:1a:88:21:a4:d1:
bb:7f:54:c5:cd:75:71:4e:ef:d0:50:f8:ff:a2:0f:d5:02:fd:
51:52:86:b8:30:db:4f:e0:3b:f1:91:45:72:49:df:a4:17:97:
25:ca:12:9d:61:9d:29:2c:e4:5f:da:c7:3c:ee:4c:65:5d:2f:
38:a6:7d:8b:52:af:af:18
-----BEGIN CERTIFICATE-----
MIIFkzCCA3ugAwIBAgIBBjANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEL
MAkGA1UECAwCQ0ExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEi
MCAGA1UEAwwZZm9vLmJhci5zZXJ2ZXIyLnRydXN0LmNvbTAgFw0yMDAxMDkyMjQ3
MTVaGA8yMjkzMTAyMzIyNDcxNVowWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNB
MSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxHDAaBgNVBAMME2Zv
by5iYXIuY2xpZW50Mi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQC5PsY7y9Z3SxfUi5En9GIBYI0BLwqosdbjWdYlOqF/L13vAvlvT3Lbdc4LIqIF
fOB8o9PI+ofAbKlHAO1SK7qVNjYa01kepzCnSDh/Gno/hM+D8P5gYZ7ARs5EtTeD
7xRsmuo7/jeKq+ooWUPw1xqgV6Zepz9GlZL7RHdo7kHKVxveTIDqFrclxbLl1Een
u431U52jDtDrWV56bY6hjvO3sUqL8YoB8eEUhdyRziV6/dsXuBVgNEv1Nd+9ImW5
hUp6OXTAiMkVYWKoS7auhwstXyvGE8WcG2PAI3NvJF7h+fXtgoFRkEoIf25PvScA
srS+qAtllSKkxyRbB188ZlUtr+zT98rmB0QJb9qi88lLH5vX4AxsoL5NTGzFOrsN
ocSCdUK6wBDSk6QOTkGawjxorheS7EtPyu8JfLJtFjEVMWd4AgpXa2BOf8sKJ6XN
3dkppaLo2PXpjKMWcp25lD7vsXAnLhYPBvlQgZmiqrJ02LkkDQj0/xbBKzKt0X3C
2+3ljFIm7YwEr4aeoV9IgSB5vFdYJYmFArrhX2bkSjAubTuJLE/pAmrpnrNsfp0b
qTc+vwbsztbXbuPiXCr9mN1NWehDvkT+7gpk/vzjTYgjJ0an8LWAxNgsrQKpaKfV
ZHS5FCFoyfU8YnPtsr4QiR/QHRuK715rSwgVJU2ctvQqCwIDAQABo1owWDAdBgNV
HQ4EFgQU4Cd9kPyBf/Pul85loq3SHszVKw8wHwYDVR0jBBgwFoAUY4jqTdA+7174
Q5F1QOQWqxWzMrkwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEL
BQADggIBAIyBj2U4LNtpNCZHYrddTmdBwmeyl3JRhPVzjs+dD6KRHuzkcm8I2iYG
wPAR/bisI8fPNazQkOPa8It7VRYAX4KSQAcS0a4GE8BdfJtk1zWGWcONzbmoFwMu
tdSLGBHPjZB0jxL2U5lm2FC2xu/I47wmdGfLbTS9xlg470teVoA3LSVkMZZujRP/
IWPJ7I+2BVqLta6IUK8AxMedm4ijBWxjhUYasWsyEcwMpnVEojnGWMgq+AiMmhLC
SeAD2vr3Z6N7kXFGJHGDP6mgqU/ld52kSSsOad1Hk7lNgj33ErECDuxMmHbCSIEw
aHwEkOen5Q9Ez0jjBBucSg8gJc50E4OW2HhpoBzkno0bDJ/oQylygpaYbo6LDA4Y
Tt1i6Olcd2RAW8NEPSEPP+8EyIPwr8y+nLVrMsMmZqAGvHuwyFSPCtdXu8fZen8+
YatkA8wyRKFxb5rMgKbm3i2Oii/Kv2NCJN4/wkek4vs9b3A/b8u9YUCvyVl1mTmd
ZeSJSPwUHK0D/F+iab5NoaOta+f4jRNk+HZ9BK9h+Zw5aGiZvOxTudHn88LJh0Lw
Jo9Hw23eKvXftFjyHvVsKQvd3uoaiCGk0bt/VMXNdXFO79BQ+P+iD9UC/VFShrgw
20/gO/GRRXJJ36QXlyXKEp1hnSks5F/axzzuTGVdLzimfYtSr68Y
-----END CERTIFICATE-----

51
security/advancedtls/testdata/client_key_2.pem vendored Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAuT7GO8vWd0sX1IuRJ/RiAWCNAS8KqLHW41nWJTqhfy9d7wL5
b09y23XOCyKiBXzgfKPTyPqHwGypRwDtUiu6lTY2GtNZHqcwp0g4fxp6P4TPg/D+
YGGewEbORLU3g+8UbJrqO/43iqvqKFlD8NcaoFemXqc/RpWS+0R3aO5Bylcb3kyA
6ha3JcWy5dRHp7uN9VOdow7Q61leem2OoY7zt7FKi/GKAfHhFIXckc4lev3bF7gV
YDRL9TXfvSJluYVKejl0wIjJFWFiqEu2rocLLV8rxhPFnBtjwCNzbyRe4fn17YKB
UZBKCH9uT70nALK0vqgLZZUipMckWwdfPGZVLa/s0/fK5gdECW/aovPJSx+b1+AM
bKC+TUxsxTq7DaHEgnVCusAQ0pOkDk5BmsI8aK4XkuxLT8rvCXyybRYxFTFneAIK
V2tgTn/LCielzd3ZKaWi6Nj16YyjFnKduZQ+77FwJy4WDwb5UIGZoqqydNi5JA0I
9P8WwSsyrdF9wtvt5YxSJu2MBK+GnqFfSIEgebxXWCWJhQK64V9m5EowLm07iSxP
6QJq6Z6zbH6dG6k3Pr8G7M7W127j4lwq/ZjdTVnoQ75E/u4KZP78402IIydGp/C1
gMTYLK0CqWin1WR0uRQhaMn1PGJz7bK+EIkf0B0biu9ea0sIFSVNnLb0KgsCAwEA
AQKCAgBtWJWxJFBzWFs3ti630/Sp9XEmOrti+p7q0tOqZCKCLdaXyDyurMoSq0Y1
onrbHGxyhk30O5Y4SqvdYrmzoGZhv39OdGUNyAjbJbFbrahtqBrKOk4dXGJWAzWs
rv+XHGAE/6i2QwhMDdCJgq+tEXwBG9vz0WtzYcVCFpcZ1FH3e1XS8XvDMidn33wL
WDP32akhH/tUDeHamoU/ZT4lNXm9e6SSWMBrB3kiISYi1vme0QwrwxizEguoMeXh
AdXkHb7pyNKW9+cifLq8tvydps89OAlhwbgKvswx1XtFJsXvRBob2cY1/CMHQxk9
bl0Ad3xjclRP4Sly9K4MIZzgzVMHRCstG1K60cDVK5GeiBkXHKfihgXIIk5iILjH
jplpTx54KEtC+NTd0/i9DsK6/DKcATt+AAPgjoEy2giSgfTpZqyMgLgIAvYKgrYF
SME7jm4rFe950VpR7vBVtBtXKnea39/75uwbTAjL6kpqvDARM7MWb4R25voOmlo+
6Jzw4VyktVb/p7HLq0ayONGGBIF3H3P+wnvhulHR1I/OHhNwnYsH5mFju7t5qO3H
ot/DxLOTmV8PkrHgfGwvbmwF5E66dpv4m5oCYHn8SiCEsXF1PkVrnSE1yeuzq681
tAnaLPRO2UXlpe4I1CY45a/WTPoXCfxJdtjjLchY10bZXV+dEQKCAQEA6eSN8as7
aJa7ljqh4Qf9LkD2lDzvYlyxzuwIh5d4+4YoctaiZdHWxXMeI6xPTrS2gTQVyCW/
9edq9822Xo6ti4RK2yab1ewAcBDEBpDdTrcQZ9k9f5HVrCXyEuajKBCN0j5uGsPQ
cwv415xyfj/fudH/xj+FwstBnc6YDxHGC6SdhXghhLCfAJJROneu7W8eQuqt8tKo
eOGheiTo/WPGkNOPu6BXW5/lxMXXCPsqPJS6MBAphFDkCp+deXw4xjL4sKyqRWFY
HFH17tzPiyCPdOEnuytFJcrK7+0svACdwYbypbJpHSvjWmPwoB9+58mFODF4Lvub
ZD5VviRyDerf6QKCAQEAysEbRyEFquN+6PPhiS9wYdjHHiJXBtfmXf2fKBCRrLJ3
y+/qPaViyEBgb7mKblaFBluitKevg7Oge6VY22moMRTR8L9zU6mKPjt2OiHmwsB+
L0+8Z1wTO7knBJq8dwCc8Y1gpU+fWGoz5vYAWDX03yJeLsW9OG/pKm0tAFEY4GxJ
qVIz2NRjBc6ojisWN+QTonxQXkevaXw0sIL7Ol1pW0zQIXVkrzjvxV1KfdXwhXLI
jdxs5NrVOGNLCtrW8+vLBTbCuOWSJIzJOEMUH6UYhQCXLM5T+snEL3S0U46yqHOG
FcepRU2ncsHEz5eMN+JA8N6/ZVv2eIXfub/59dOV0wKCAQEAk3nsUmRgijr4vunr
ZkOuTTri/2dInaHK76j+W9iTjSzzVi2lqkPcgxVp/J5KR1tE9ETOMywyVK/9T5Cj
HA4kuSLKPFKk0gcD46V+pJE1KcveCUz+LPDcZLZsY6SPXdTKR7XboP608cWruu/H
dXl67OTPvMYS5ldY4VMBqAbR9Edwl1a+87aWGzsnApGyd72nvBPTaJeRaN8D/UtG
qXb/HhR3vZuFWZ2BuEfypZQQ9q/kkieuteJ3V4d7OL2t4rMDAgttNWACuaCoTFto
ddYq/kx1y9ultwWeXhgTK9vLnNolJ3tOMfmZWkZH0/7n+uijGmJ+4Ej/mv5+++xp
CgN9+QKCAQAstfDB+rI5QPmXfVBa5C8wJJGkP4ZZZ/rQ90DFoQG+x4xLWJibB4GF
D0001gGE22dyQ3rZw7CcplvZaFjz6ZTBXgn9wPo5lMV7e7lSkG9GuxQYcsjlMhS7
stS72zN8OpJhYf/R9ID7ClBvugfRa/SX0Ahc4BYd/++2/2RREZEezEJiKFJumkdL
3Iqm7zFzGcSKrEc8wyoXZOBpnDiyYi79hy7OcgjF6xRUvYHTxf3IL8uyHM2Wmfsy
+BJwTlngaDrY536BL37OuI0W7xPc9pc1nS+5Hba/MwckP+QUGP+kzfTfkKvvMHSg
hcJU1OKC4E3Z0AT84Q60/TCc0YzZfNMpAoIBAA3Bb4lau9KWjVMza2fLdLmPqMM0
MSCU7jo+xGH49YgET+lGFy00lbdIENMP0nv8pr7IKFy3pbMsZRHG53VPylUXSvdE
UJdW+7X/d5G8VVDypypgtSptD96kAU/ctq/Ty7uZw621vvTMuwokRTsL5ipE24ys
aA7M5GrMer9wrp3q7RNz64MVrnqJEFc4waFn9W7ZWG2i/upTj1oFcFF57QJz793m
KnFy7cOApEBahRFIkW3AuVdg0pJuYTRsrvfjYvFD5eKEON4qSXPxAgRl2zLR8i0x
jbKCySBaSFSYrnWs9Tt4QEiEYLGNe1WoCfxaUHCvM+d50GiZeJQkXCT3m80=
-----END RSA PRIVATE KEY-----

33
security/advancedtls/testdata/client_trust_cert_2.pem vendored Normal file
View File

@ -0,0 +1,33 @@
-----BEGIN CERTIFICATE-----
MIIFpTCCA42gAwIBAgIURc12C7/2O090oCXCOxpatu7h4m8wDQYJKoZIhvcNAQEL
BQAwYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMSEwHwYDVQQKDBhJbnRlcm5l
dCBXaWRnaXRzIFB0eSBMdGQxIjAgBgNVBAMMGWZvby5iYXIuY2xpZW50Mi50cnVz
dC5jb20wIBcNMjAwMTA5MjI0OTU1WhgPMjIyNTA1MTQyMjQ5NTVaMGExCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
dHkgTHRkMSIwIAYDVQQDDBlmb28uYmFyLmNsaWVudDIudHJ1c3QuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxWqK9pdKrJUupCKUCcaVGWLq1wh6
9I8YhLuWv73R15FbImFeh3085o009a4symIMSgfn8iPrN97WAMn4OSxAmJfSs0FA
DBmfpf0JOloFM5GHYVgGpdkFCiEjnJ+eTvIxRwsvbeT9EsLkeOVb8syr9bp/w5ZW
oh5Su9b7pwpAanQx67dxq2lCndVjxZLKgAXO23m70xoFOKwVaynxcUdnYVskFy30
SRhB9h0w7I0L1pb5F1BTrsMgBLtrg81JCQzdmgoTKnn8AHDnA+rwe7ushXE3eCrm
Uxj4n2OYc2siSXBQFyUa/x18kgubS/FPJNHYFPqnyw+g+yk9hraq3OQ8XwHA03eg
1TZkttQwfUV3g2gywDaC6e2PGl2q8+h1g/7kaSu9yiihlMfgQoa7cmC+j1MKAgki
FEkyuQtYGx08rAKL/Gllmgm0VxT9jO33YnuZBqDbfnF3PYGBo4ZW9ERyJDguPTI6
6Ms68uO/B10mNePwOunlKwJxnYZkDnGcqVZpm0RCt5IFWIk+b0ek1OhpzEeGmQp+
xLWzC+O62WVmW5B2aKmJ/jV4MUOA9HFELrbh0kS+Odp1ANgFr0UKQK1O04Hex+7O
3rnHHzeAjHk8SzZRENKFp0Srf5L9GpDb4/FDmNM1XWw2g12R7nD69dNvC6OCiRvi
8TQxRAMYqSU8XKcCAwEAAaNTMFEwHQYDVR0OBBYEFAF0qURhPXq7wjLN0O0g2jrE
xgLoMB8GA1UdIwQYMBaAFAF0qURhPXq7wjLN0O0g2jrExgLoMA8GA1UdEwEB/wQF
MAMBAf8wDQYJKoZIhvcNAQELBQADggIBABHATLUgMaHJwT5Rc5P/vPeIu09zZyK5
avol+tSGbMmcWAUK9gYlivyqcPzeJ6m5+GJ2WkfumdhkUY7XclddxEGyw6q/eRE6
nirt84TFlc2QleSFFg84lwTLT6wE6Ym9+qC3C2b0nOgUeGl5J9itoYqDTOp5gF7Q
Ileh2+9aZSnbaR9W3QgRteTIq+9cVnBZExwgrLa6/Iam0x1ERtd/U94prO57D6mE
Wspvj3wfn7oUfTsTGuBjq20xjmQEGxMF+zgMTJGgkOUxwIGrhXWlK80GX6ff9tJJ
3WQ1lBG2BE1eB3NWLuyQjtO0Jl9bfrpz5sUyXMWyGD9bOz/qFLLdi1AxPAu4qIWt
j8avS4DavUtU3LJarW2IVIrVVSs+hg+mrzMpjso0/8QI7kG5hV4vvD6bOxMZzoBW
g6M9+eXYsp03HjNI34Je/w5tcUY90Jfk3mVxz1hTRh1Hj5EhtSlmwxLdBgRe1fdM
Y3gsHP/OFk7MpMFWZQmxZhsfrV1Nfh1XeznKuUCx0EaGPuZcjKeqUroYvlSWKLl9
F2VfCIo0hKE1VZ9G1QxVuB65N+sdgotyj45LCn51HV1unYqY7Lsnmvbyxgevz1Sv
X9kF21BV+lBLQq8aQGyGwk2RfUVlVp2cKvWHqVT+qF9QgW66Dt1gU7+m9qC4jCTO
2OGZ/CvtfsXA
-----END CERTIFICATE-----

52
security/advancedtls/testdata/client_trust_key_2.pem vendored Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDFaor2l0qslS6k
IpQJxpUZYurXCHr0jxiEu5a/vdHXkVsiYV6HfTzmjTT1rizKYgxKB+fyI+s33tYA
yfg5LECYl9KzQUAMGZ+l/Qk6WgUzkYdhWAal2QUKISOcn55O8jFHCy9t5P0SwuR4
5VvyzKv1un/DllaiHlK71vunCkBqdDHrt3GraUKd1WPFksqABc7bebvTGgU4rBVr
KfFxR2dhWyQXLfRJGEH2HTDsjQvWlvkXUFOuwyAEu2uDzUkJDN2aChMqefwAcOcD
6vB7u6yFcTd4KuZTGPifY5hzayJJcFAXJRr/HXySC5tL8U8k0dgU+qfLD6D7KT2G
tqrc5DxfAcDTd6DVNmS21DB9RXeDaDLANoLp7Y8aXarz6HWD/uRpK73KKKGUx+BC
hrtyYL6PUwoCCSIUSTK5C1gbHTysAov8aWWaCbRXFP2M7fdie5kGoNt+cXc9gYGj
hlb0RHIkOC49Mjroyzry478HXSY14/A66eUrAnGdhmQOcZypVmmbREK3kgVYiT5v
R6TU6GnMR4aZCn7EtbML47rZZWZbkHZoqYn+NXgxQ4D0cUQutuHSRL452nUA2AWv
RQpArU7Tgd7H7s7euccfN4CMeTxLNlEQ0oWnRKt/kv0akNvj8UOY0zVdbDaDXZHu
cPr1028Lo4KJG+LxNDFEAxipJTxcpwIDAQABAoICAG9UwV+FPKCNVQtNUM0eh3EU
nrl719NZa4tXOxGQ2+lE2O9Pl/6yuwiN86Llge70Ulfhk4WzifAtI+S4AdtEQH2N
iU576sGoJad3Rp/4qlxFouJbwQwAkl3/CFVIkv+UiAO3pBzGeY3+CNjBCBSqJgPj
FDBZ9StiDGhQOgUeu+sM8iYrgtgW+XGHKMgAG2ENZXXSdgD7+JvYOBACTF4E1aFK
w9Sqnswl+PTxy2hrtpRi+cCTFU5GTiU9CMoAmEKZVdOMAPkAaARbp3xHHy24TffH
PG/xSYjtWTCR+ySD84cU5qXW0B21JE48a2ztfiOWj9Rs8vmKK8/YlxEErOD7eatg
v1e47Ygv8JBLhEvk38HQYv3EdsV/2jAXg7K3d1s4znyiJdHg2ujCuTiR98auDh5S
Er3yFG38KKagw9I7yli/S5B7RKbhjHIunBfCA2W6cJVyA7smBllQ3YraVZWWWKIX
Z9UeZrA+KoBssg16c2Pwyg0X8HuDN39n9YwTFqj2VCrap71NYNn9G0q40aI7duaA
Ehl/NOBPyBMnXbnocj+0QkuKwW/i4wMRKREkzTGRHI1fXy0/LRO4Adc3ZUXaOxZx
aIM/BnNhuifk7rBk8VHAngWxRj3vfVP4lgqmizczHQ5hHO15Tb6Rhng3LfqeDJjZ
NOgdYMNm7epr5OsMjgApAoIBAQDrVAqnLm8jkBJHyrM577RVqCrPOUsndVZ86lg+
cN4oyg6CWyNWJyKBYHpEyAx7d6qSOyRwMZfXlupXJga/sUQzvRdS96jbcBRMLXfN
ObHFRbgFF4xIuvqhUagzrMhtRPchh4dOQND8mpzRQoAvKryJrlm1o62AK1v/94a8
K4Tbtpogfc/si2RimHeNc5dilBiNRhrewA4xXYvZ2xhNBfHD1AP8O3wSsmd3aI9J
PAqLaDCFuA+h8qa0qQmQC1Rehf031PEHGWmluEGuxfA6eeCQha5fzMPj7qWIN5RL
X7oGji+dj+pyKfKGbOnNTNJzHi7ppnh2R2saf19+j7joadGtAoIBAQDWwfNZPQkS
5tEHzDeEyG+oWBn9OxMaBoJ1VEuZNrcjSbqgDxwcyczUTO6dpINz2ve7Dv3s0V8T
75YI16jorpT6iJr3oD+6F28PD3jghgCTtEJoFbojdffBXXTvGU1UwtJ5eTTBpKRe
mOuxNL8dhMqCnmDVZ+4DQSWQ8h29xshVuymnlADfSqZC/zYLjLZrPFj2Lv/QVsvt
7V+D4UFlNI9aEYgnlsMa5A7MfTr7M1cEDhfUz7QpUufZRzGvVx4gk98lF6AzuvRI
tdcpOJUAowU8XchtI8x5NubtF04e0lpmlQMKhq8eZ7+URmYwZIROim4KV2eYL0M/
PB4Jl6otwbojAoIBAQDDABb7xaxuiZm8R6kQHyMNv5YJtO4jukV6qS2KQDi3EAfJ
2P+FClS7ZFis2iANx3FeTwe4uD+cc/+nS2lYOunK/atwIqyXeV44aYzWUDKQx17f
SU4DjnzUZDe+6jQC55zo+ccS/v6t8uhzNmnFq+IjLIhFzWWdyVAo4NGS53TmI3+/
4MEEv9TlJnYajmgpVZKqribh4b9hBKU4Vybh3EUkAnFy90+upoq6Fbh19Py/3Awp
IgZCKjIdjdzQsbKtyNW1CAzZ1yMGIZK74mVX71o4J64A0Eqae0xLfdKySpZ5jCTE
qVaaV0wSO/nZFwlkPuSc1EcJq9CCWn2lAC8210jZAoIBAEI/uIsp2fe7vnXyWJoc
nt1GuFW2+JCJu4roQx3zlBFNuEWSA7EZy5ceWGnHC0odHVjWKhz5BaSHvzfhF1kY
KhsTMwL6q04D1p3Fvxs8G0d1Txr+wNoZlSFQbDcqDgH8y6Lvcgfee1o3QFX9GIvJ
oBMlOmf61KCqYyVQmz4k6T4RK6tna9F2HM4EHq73bHquNh9TplSlwekW1eVAAsVu
rl4xlFfqGSvdeHc6loxRbSFyG4XpwQESczVC0h/t9vxDwY2WuTPcE2mutr4fl0+H
+qCBqceJSJWICzrOeqnlaD/G7hY8MB9oD+B0yydYirwT1hhYmDuJMOx75iQ9ZiER
ZxMCggEAUenerHVg6/+T0IwSeWPjR3GtJ+SWij44n99ojhq67rXaJ2jHuMaC0t4N
+VsspSISO71PuOgjQNjdN8xn8QaYBcLt8HMAcZFLJnDnbhfJ4iNbToIWhKqwjtKW
8eMeNziz9kE9jazOt8l9ErRiXmxZ7P7P4fnARtX0+X2TU2r1pYFt21Mj6yrqVkj5
d4EMIl8NrHxoHhdGXN78yI6eoAxBwanLdILVw51PHShXODiCnA22lzzialsVxp09
wV0LJJv2AsnVHxFdYCVZjDKG6WDL/U8PgDgsznhkCOuvzLPUtM2rAxgq//QtJygY
QBqTUW3bGnskKC0gOUqWO3Kd9zCnbA==
-----END PRIVATE KEY-----

122
security/advancedtls/testdata/server_cert_2.pem vendored Normal file
View File

@ -0,0 +1,122 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7 (0x7)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=foo.bar.client2.trust.com
Validity
Not Before: Jan 9 22:51:54 2020 GMT
Not After : Oct 23 22:51:54 2293 GMT
Subject: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=foo.bar.server2.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b1:0b:d3:7e:5b:61:30:db:b0:5f:3f:6d:d2:e0:
3b:c6:4c:88:95:f5:7e:fd:cd:aa:20:5d:08:b9:6e:
41:db:c4:ed:0d:f8:bc:cb:b4:ee:c5:87:11:05:a0:
ac:12:3b:4e:0b:4c:e4:43:e4:17:89:c1:ae:b4:13:
58:1c:31:58:6a:f2:01:ed:df:66:e9:f9:2e:9c:c5:
85:e6:02:db:36:f4:f3:07:39:75:30:f1:b5:55:5b:
46:2f:87:b0:d4:a0:ab:57:df:30:45:ae:bd:b0:49:
9a:fc:ba:5e:bc:d0:5d:86:f4:24:45:4a:d5:4d:5b:
b6:ba:e8:b7:a1:3b:c3:2f:46:2e:b3:ad:2c:63:03:
df:cb:f4:56:62:91:bd:bc:23:00:af:a2:7a:3d:6f:
f1:33:81:60:0e:bc:20:f5:8a:49:5f:ec:58:bc:64:
d5:47:36:a0:2b:b8:1f:76:25:01:89:3e:ff:52:69:
95:03:8f:bb:14:2f:1a:38:a3:9f:c1:45:20:22:77:
70:97:5e:25:51:b8:3d:5d:89:7a:bb:15:12:cd:1d:
96:d2:9c:72:67:12:85:72:6e:27:7a:ef:25:da:af:
49:26:8d:eb:a0:34:a4:4d:64:c3:63:33:77:5d:ad:
53:c7:ee:51:32:7b:cc:43:bb:86:8d:f9:52:ba:35:
23:0e:30:5d:dc:3b:25:63:c1:e3:5f:4b:b2:02:fc:
fe:5b:18:7f:84:aa:f3:71:e4:16:b5:98:bc:73:c5:
58:13:41:38:eb:f3:a2:fa:8c:98:bd:f1:10:ee:b6:
fe:7e:a5:81:c7:5e:f2:72:54:8e:db:09:f0:35:42:
ca:b7:86:c2:48:b2:c6:18:08:ac:d1:f0:5d:de:b0:
b8:25:8b:3b:bd:61:48:0f:71:3f:ed:97:72:02:c9:
44:5d:0c:00:fc:30:ca:5d:1c:e5:13:1b:3a:d0:ce:
d9:36:a0:db:f5:c2:ad:a6:95:26:4e:7b:29:2d:fc:
c4:04:1d:47:6e:03:59:68:1e:7a:20:6d:e8:a8:e1:
3c:57:59:f8:3d:2f:16:61:7e:24:e5:13:ca:48:0a:
e6:f0:60:a3:2d:93:0b:8f:93:eb:b5:d1:06:26:52:
c0:63:1f:fc:9b:73:fe:91:c3:04:40:32:8d:09:d5:
9e:c4:f6:0b:61:3d:9f:a1:d7:94:a2:e1:3d:b6:bb:
60:26:74:89:33:25:18:0f:c3:88:db:10:5e:a0:5b:
f4:ee:d0:18:ab:36:50:c5:44:9b:6d:ba:ea:e2:6e:
52:3a:55:49:a3:72:ae:04:af:1d:f6:f2:83:27:17:
8b:9a:98:0a:f5:44:b1:c8:f2:a9:c8:ed:b0:75:ca:
52:25:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:BD:18:0B:32:AF:D0:51:8E:4C:4C:8D:B2:F6:4E:B8:6D:AB:BD:BA
X509v3 Authority Key Identifier:
keyid:01:74:A9:44:61:3D:7A:BB:C2:32:CD:D0:ED:20:DA:3A:C4:C6:02:E8
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
b5:63:0c:d8:ed:af:74:2d:4c:94:36:41:05:2a:f2:ef:45:e5:
6a:0c:76:0c:f3:90:25:e0:54:56:f3:26:23:95:7e:24:74:6b:
fd:02:0a:bc:33:ba:e8:e8:8f:a3:b3:85:2e:59:4c:cf:e3:85:
1a:d6:70:5c:7c:86:e2:7a:11:99:a8:fa:43:9a:bf:50:54:00:
9e:6a:7b:72:7f:c5:20:89:6e:18:6c:46:64:ce:44:44:47:4d:
87:b5:fc:cf:f3:b9:9f:45:a3:cb:b0:91:00:96:2d:29:68:8b:
ff:c7:e0:f1:b7:8d:31:c2:01:be:5b:51:1d:af:42:b1:17:22:
bc:91:e4:d9:b9:96:6d:64:40:79:6c:71:ed:f6:e5:49:16:0a:
e3:bc:18:95:2e:89:ba:c4:a5:ce:ba:ab:3a:32:eb:bc:d8:91:
cd:f2:ee:d1:fc:67:3a:51:00:92:bd:b8:68:0b:54:04:d5:07:
0b:97:11:2c:42:64:7c:47:c1:68:b4:eb:21:c4:e4:ad:17:a7:
16:b9:e0:e6:cd:04:c6:89:36:40:d4:4b:c3:f7:7e:26:6b:3a:
d7:68:b3:b2:da:00:65:13:c8:fa:d0:1c:2e:10:ba:71:3e:0f:
aa:8b:d0:ff:b7:3e:83:9c:bc:b3:d1:52:0c:9f:3f:21:4a:10:
dc:8f:ab:38:45:d4:2c:2a:15:2d:71:45:fe:91:a2:d8:d9:dd:
0c:dc:a7:d9:cd:1b:f5:35:fe:14:ba:c5:1f:ed:ee:fb:87:cc:
87:a1:08:c2:2e:ff:5d:af:b3:3d:6e:11:94:79:0b:28:e6:83:
4e:fc:28:8f:7f:00:85:79:7f:3a:d1:07:ee:6e:fa:94:c4:0b:
4b:2c:05:b1:68:00:e8:37:bc:b8:b2:03:5c:5a:ca:13:f2:68:
57:df:ac:fc:da:be:27:24:7e:6d:c4:a9:53:2d:f2:43:0e:30:
9c:82:d5:fb:f1:a2:0a:83:e0:a5:d8:9f:09:3e:99:c8:39:d6:
69:6d:d6:c2:27:70:59:05:3c:3c:7d:d6:41:6a:b4:9c:1f:70:
7e:3e:ee:6f:67:de:95:1d:eb:31:8b:11:c8:0d:a1:25:4e:08:
ef:3a:11:2d:a7:98:0d:a1:d9:30:2d:da:d2:a0:05:6b:34:38:
a6:87:b2:bd:0f:9c:51:cc:e0:2e:a2:1b:a3:a0:a6:eb:1f:0a:
22:70:59:f0:0b:c9:bd:94:4e:1d:65:3b:99:5d:8e:6c:18:82:
1d:b5:cc:6f:14:21:c4:89:07:9b:81:1d:9a:79:ff:bf:fd:ce:
e4:77:11:0f:47:21:dc:d9:79:f3:40:26:56:5c:b4:86:32:8e:
28:b9:14:e7:b3:fe:86:47
-----BEGIN CERTIFICATE-----
MIIFkzCCA3ugAwIBAgIBBzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEL
MAkGA1UECAwCQ0ExITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEi
MCAGA1UEAwwZZm9vLmJhci5jbGllbnQyLnRydXN0LmNvbTAgFw0yMDAxMDkyMjUx
NTRaGA8yMjkzMTAyMzIyNTE1NFowWzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNB
MSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxHDAaBgNVBAMME2Zv
by5iYXIuc2VydmVyMi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQCxC9N+W2Ew27BfP23S4DvGTIiV9X79zaogXQi5bkHbxO0N+LzLtO7FhxEFoKwS
O04LTORD5BeJwa60E1gcMVhq8gHt32bp+S6cxYXmAts29PMHOXUw8bVVW0Yvh7DU
oKtX3zBFrr2wSZr8ul680F2G9CRFStVNW7a66LehO8MvRi6zrSxjA9/L9FZikb28
IwCvono9b/EzgWAOvCD1iklf7Fi8ZNVHNqAruB92JQGJPv9SaZUDj7sULxo4o5/B
RSAid3CXXiVRuD1diXq7FRLNHZbSnHJnEoVybid67yXar0kmjeugNKRNZMNjM3dd
rVPH7lEye8xDu4aN+VK6NSMOMF3cOyVjweNfS7IC/P5bGH+EqvNx5Ba1mLxzxVgT
QTjr86L6jJi98RDutv5+pYHHXvJyVI7bCfA1Qsq3hsJIssYYCKzR8F3esLglizu9
YUgPcT/tl3ICyURdDAD8MMpdHOUTGzrQztk2oNv1wq2mlSZOeykt/MQEHUduA1lo
Hnogbeio4TxXWfg9LxZhfiTlE8pICubwYKMtkwuPk+u10QYmUsBjH/ybc/6RwwRA
Mo0J1Z7E9gthPZ+h15Si4T22u2AmdIkzJRgPw4jbEF6gW/Tu0BirNlDFRJttuuri
blI6VUmjcq4Erx328oMnF4uamAr1RLHI8qnI7bB1ylIl8wIDAQABo1owWDAdBgNV
HQ4EFgQUdL0YCzKv0FGOTEyNsvZOuG2rvbowHwYDVR0jBBgwFoAUAXSpRGE9ervC
Ms3Q7SDaOsTGAugwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwDQYJKoZIhvcNAQEL
BQADggIBALVjDNjtr3QtTJQ2QQUq8u9F5WoMdgzzkCXgVFbzJiOVfiR0a/0CCrwz
uujoj6OzhS5ZTM/jhRrWcFx8huJ6EZmo+kOav1BUAJ5qe3J/xSCJbhhsRmTORERH
TYe1/M/zuZ9Fo8uwkQCWLSloi//H4PG3jTHCAb5bUR2vQrEXIryR5Nm5lm1kQHls
ce325UkWCuO8GJUuibrEpc66qzoy67zYkc3y7tH8ZzpRAJK9uGgLVATVBwuXESxC
ZHxHwWi06yHE5K0Xpxa54ObNBMaJNkDUS8P3fiZrOtdos7LaAGUTyPrQHC4QunE+
D6qL0P+3PoOcvLPRUgyfPyFKENyPqzhF1CwqFS1xRf6RotjZ3Qzcp9nNG/U1/hS6
xR/t7vuHzIehCMIu/12vsz1uEZR5Cyjmg078KI9/AIV5fzrRB+5u+pTEC0ssBbFo
AOg3vLiyA1xayhPyaFffrPzavickfm3EqVMt8kMOMJyC1fvxogqD4KXYnwk+mcg5
1mlt1sIncFkFPDx91kFqtJwfcH4+7m9n3pUd6zGLEcgNoSVOCO86ES2nmA2h2TAt
2tKgBWs0OKaHsr0PnFHM4C6iG6OgpusfCiJwWfALyb2UTh1lO5ldjmwYgh21zG8U
IcSJB5uBHZp5/7/9zuR3EQ9HIdzZefNAJlZctIYyjii5FOez/oZH
-----END CERTIFICATE-----

51
security/advancedtls/testdata/server_key_2.pem vendored Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAsQvTflthMNuwXz9t0uA7xkyIlfV+/c2qIF0IuW5B28TtDfi8
y7TuxYcRBaCsEjtOC0zkQ+QXicGutBNYHDFYavIB7d9m6fkunMWF5gLbNvTzBzl1
MPG1VVtGL4ew1KCrV98wRa69sEma/LpevNBdhvQkRUrVTVu2uui3oTvDL0Yus60s
YwPfy/RWYpG9vCMAr6J6PW/xM4FgDrwg9YpJX+xYvGTVRzagK7gfdiUBiT7/UmmV
A4+7FC8aOKOfwUUgIndwl14lUbg9XYl6uxUSzR2W0pxyZxKFcm4neu8l2q9JJo3r
oDSkTWTDYzN3Xa1Tx+5RMnvMQ7uGjflSujUjDjBd3DslY8HjX0uyAvz+Wxh/hKrz
ceQWtZi8c8VYE0E46/Oi+oyYvfEQ7rb+fqWBx17yclSO2wnwNULKt4bCSLLGGAis
0fBd3rC4JYs7vWFID3E/7ZdyAslEXQwA/DDKXRzlExs60M7ZNqDb9cKtppUmTnsp
LfzEBB1HbgNZaB56IG3oqOE8V1n4PS8WYX4k5RPKSArm8GCjLZMLj5PrtdEGJlLA
Yx/8m3P+kcMEQDKNCdWexPYLYT2fodeUouE9trtgJnSJMyUYD8OI2xBeoFv07tAY
qzZQxUSbbbrq4m5SOlVJo3KuBK8d9vKDJxeLmpgK9USxyPKpyO2wdcpSJfMCAwEA
AQKCAgEAmB9YNs7fgLKTJhQDElk3Ixipl2gcGIm5bxthHqsdDW90XDfoSIQLUU/P
kW1PzE6GrXEBBVCb5PK1YObqIzdHCIUuoSv+anV/1pZliY/UubDYjNGS314f99p4
QOivSNNQxizwdj9Bn5JvCE4+jq/eXNGzxJIbGt/97zV8ap5GBH2iLSJT7DPs/HrS
KtmdFGVi9oZ90AI6Vo4IckC1dSTADRqv2BgvpYPLNiV7avE7E6k8ipxLvIaoMRyT
xCzbXJ4/kT3dUUJEgKX0nEU/XjYqNHIDIK3qIqQoY31AkQGhHfjUurrgxYPV1OYK
eFdFbgk63qPnwp/akCw13hFnQrXbiqt+ecpH82aGA5XW7wdngo59Ehpy7XWwG4Zn
MuyNVusSRUcclWD8PydLaweAKizjRzfVW/6nVtKiYTfkscArQTMZwEdkFkT/ZwcG
OSPTyf3hSUSmd17HPCvHm66jX2EVfB+MQfQhDulcbPyzvNDNHg83miMv0nrnWiHe
viOxT7M6pdJwMdHH7KfkkJmx+HJYDa8GwdGyCh2+dTfq42hRFvHNUMTCNrupwTO7
yrxFnKMo/c5z6m6OvYyCh5k/wAkpbgZi5/k1EQG9uo7E7crO9AdMuzAgR1bvcU48
MjJvxxh51J5A/VqV3RZR9CNomfLQ3WD6xVZUuvAyspRf3meO2akCggEBAOasi0oL
eEXNSLRlW+OxBenEL2Ke/GuAVy1+TkUAgNtHawUNK81FWSDIjv/+gB7WDZ2CaLUw
5UY6QigQ5Qjme0cE8QPnAdbCev0LSrXXbZ1aCF546szZu3VYVdU4s4PHcOojAzKk
pHYIYfbD11VHK5f5Ve8qt/I+DDGGALldfzgdSwx8K7n01Uu6zmeOvpXXirfR10AS
BOU9m/O2K5qk8g1MD33xqQjEk5BKdpgz9zfyWYlPj4rdo4IFK0em9bnwPJLPDu58
F7DbKoAH5a5GY3bsODzWMWMhThpNTTvmqgZ1bLPBepnREslQ5Mf8MJYG0WU6QPNx
7tErFtpgY9PDEzcCggEBAMR7/PmV6fIpkEeAo490csFl1uoeiFEUF62SosJD2lpx
+iUirGAqs0c59NtzS8PzheDuU6S1EAvMcd5uJetST4NH/Yw4T1xjKFqkRC6Wlq/x
iokaH8SDizFx20dRCsJiNaxqqyr/RrVVYv27R2ihtW2482NNIl/bG/GgESZKN0hb
yHplWH0UoAwwSsJDRASi4CcrS30khjr/W3LKIo2iXVEd00P+Wbin9Vo7SgrpVujS
P2jrd0pp33yxZetur8XESnAjOiyStZ2tcapp1rFvj8i2YS9Zxd9bRXoaHd2XPvb2
hm2l6VtqLZVpJyUlTNvWqWmM84EZAPSfB3BSMI/AGSUCggEAHioOBN6/GZGgokZm
3710Yn9PGvxjUcN0ovRTU96e+w25xu1T/wHEh+7yFDO5mU6wdRpqitccBDT2Fbsv
2BwbnsvcoIAC04yW/KQPXvwOz3bIhWIWgjcutkeY4csKXn8kGtn9PxAcmXq7JMOz
Uul9n9/xBtd1Om42tfsp+RNq4XGjMLzEEwsbIU4KU6xs67dF4ofEOBKjJT8LN7Fo
vk43gNmjZPrG+eiKy2GRZJHXEC/W2YfX43bcPNJkOHhyxZ/Oq/v7neAIUQ433oop
1MJLm2+EYyA3URk312SoZt7g+Ps9/budRqP6auzzHduylsvJcg1OFQefDScvU9sq
8rQdvQKCAQALgzhPZ3lNtyG9DsyGm0weCNmO3jsehQ7eHLlsqI0iv4rooh93gwj+
I2c1dIv770jo5Q4BmJpYFqKVZd7S6v+9sXopvSLpRuYWaYmVMT2jEYQMhHtYCF0f
iIxQoW7/9MEwWQ+udUavWVFzjIWim9cFltCsANkCxNPeVIKsu6yBkN8uTMHiklLO
ZAX9W/OgUerQYLkLnBhBXLT/BNkBc4IEPrsiQMUBDNZTcyXjfciZ27fbbfCPa6Ss
qbhPEy05aUbzSx0df3skwgTm90ydGOxT1lvbamctryti/CTD1xjZX5iA1DfYI2CI
YKDqjET0nJ9Qj/G0nsJvkuHcsvQleBwBAoIBAQCvilpLyh8XzVY3TAsvVEaHpoNp
y2sIwDiI2elZOBcQkeUbsD4bhA1iF/4cpI9tgl7ApK8ZmmcRiKh1/PIHI4Ru4nB4
bNqn7FP32vKyJ5O0o7bQBGGJIpLe0rVUmJ+ROB5PLw5aG/oo1bVKoMuw/u4o1z9S
90qI3LW6jNs+7UOELH6Gex6rfA+9xi//7NDUlJhQST++mS2pTm1/cq4RIaWx6EyF
N1hqjcWESyS1EtZYKp+/Mx4PDQKDAm2f9mjuTViW15EdcOBlMm40ZKRbxIJImlEe
fjZBgqsDoQKK0yYcQiVimMNc5vtNaT38lVu1NxvKJg1OeTboMBISLUOzZqQj
-----END RSA PRIVATE KEY-----

33
security/advancedtls/testdata/server_trust_cert_2.pem vendored Normal file
View File

@ -0,0 +1,33 @@
-----BEGIN CERTIFICATE-----
MIIFpTCCA42gAwIBAgIUTdt7HKlUedh94k4eA+nlamVgGSkwDQYJKoZIhvcNAQEL
BQAwYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMSEwHwYDVQQKDBhJbnRlcm5l
dCBXaWRnaXRzIFB0eSBMdGQxIjAgBgNVBAMMGWZvby5iYXIuc2VydmVyMi50cnVz
dC5jb20wIBcNMjAwMTA5MjI0NDA5WhgPMjIyNTA1MTQyMjQ0MDlaMGExCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
dHkgTHRkMSIwIAYDVQQDDBlmb28uYmFyLnNlcnZlcjIudHJ1c3QuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2KadB/xdPMRDW/LhFGJcbzVU+yoS
iRudc8w0Wq/0XpQwcDjxrq6v5XuzFIZU46Wb2g+eALNMjW7zv4BLFwEU0+CvMYWt
vgbTA2A07sU7P3WA8uZwjB25nkk0iMVBclL+g1XABnfXNobbKB/dyKArlyzFBV+w
rpV17RdkfXfGjeFWpfxF7KF4Wzh86XKSDYSQQE4kcQqSxDeZfRwm02jaXuPDmvUw
KFIxcfEW/3SadulFvOKgHWjUEirTGsT+8B8fWsfeJjGRmFcc1+utpOoOaC1+sRe6
xTe7JJB9F13mZxEPJuFxuBvjmGiSXkyLWhVWeqzhTipojZ69mYzAxMs8AVWrYeru
EKuf3MlABub8dgDLocvOYD3A0IDm5173pU5RPW9tA2jBNLnyEF+wYFLjtFfYQesl
UlldccG+nZowaeUsiUPhTBzwAYSCdB+imtJxIT0xdOQCo+h9ASvnPpgk6AYaU/2d
gsFY39CvKmTFYlH2EGIJK3MWm6YT3T1fTTUgs/s++CkLzwAXpna4w8SLDl3IdeLX
lMiXhnoNr3uYeusxkJp5rtUHBsYPbH4Ec4erNRgbUuBnHJe4nlC6LCCycLHywhBr
niPPxyNBZzvrmRrVwx5xNEQn8r4ffftpASY/uePJK2wtrZop7mWFo/OnfMO6y/3C
22FK5wIbVLLsDlECAwEAAaNTMFEwHQYDVR0OBBYEFGOI6k3QPu9e+EORdUDkFqsV
szK5MB8GA1UdIwQYMBaAFGOI6k3QPu9e+EORdUDkFqsVszK5MA8GA1UdEwEB/wQF
MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAMJtk0AbpT3pu+2G+NK3D4T2brrP66An
lRlQxDXQ0uKunGYMgam+sJWMz3agviekRVQk9Vog9FwiGoYsS3X6ojLrA1FXp/8h
oVXNmW8R87IS2KyPbzTmO+0OvO/KhYmA0USIhAmj645fyy8dGCQQOZCSfXE5/zCM
ODnrgeai3qw+KB4aGJ6fgDKMdPbyl7fyvu5EWDIycuij9S8FQJ7m2gWolxFAN4/c
nnWr/s6n8AQrb+k4Dp50nOrDA7JUEnFfQcBuJpDN2v5MD1/x83R1ZVuqNa+fOgrW
DdSm/XbaPpzZa/R6iJQxG8mNpNEjMnBq7WCa1tLLd7MrdxzrwaFdfRiMj91b/A4W
GZbX7SMrByI/6M01YoTdsPW2i/EDxJjghSGkvwuA2MPe8UqXELn5wpTXTDgCsj8V
j25GUupDB8Dm5aocLEFHiUwzAGcy19zVqepTaM4w//iA1qUuaG7DE8pVzL9XFxm+
L1CGfxSTqdbqWa9PcLUoTI/8n6KQdK+vczgY4y+aUOZdGgLcVoO1BF6McnNPiihk
d+HdWb0xGjw63XsV5kC41y6mHBQJdJTm0CE+yZ1e6gt+YEZCELxpxg530J0CngHs
tCftzNI8o2pQhDhhKzxxGiA1cuzrrLDpdqNZo6VNm5tyYPicVbicZoJSbNDxohEJ
rzhu9hQ7iDV5
-----END CERTIFICATE-----

52
security/advancedtls/testdata/server_trust_key_2.pem vendored Normal file
View File

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDYpp0H/F08xENb
8uEUYlxvNVT7KhKJG51zzDRar/RelDBwOPGurq/le7MUhlTjpZvaD54As0yNbvO/
gEsXARTT4K8xha2+BtMDYDTuxTs/dYDy5nCMHbmeSTSIxUFyUv6DVcAGd9c2htso
H93IoCuXLMUFX7CulXXtF2R9d8aN4Val/EXsoXhbOHzpcpINhJBATiRxCpLEN5l9
HCbTaNpe48Oa9TAoUjFx8Rb/dJp26UW84qAdaNQSKtMaxP7wHx9ax94mMZGYVxzX
662k6g5oLX6xF7rFN7skkH0XXeZnEQ8m4XG4G+OYaJJeTItaFVZ6rOFOKmiNnr2Z
jMDEyzwBVath6u4Qq5/cyUAG5vx2AMuhy85gPcDQgObnXvelTlE9b20DaME0ufIQ
X7BgUuO0V9hB6yVSWV1xwb6dmjBp5SyJQ+FMHPABhIJ0H6Ka0nEhPTF05AKj6H0B
K+c+mCToBhpT/Z2CwVjf0K8qZMViUfYQYgkrcxabphPdPV9NNSCz+z74KQvPABem
drjDxIsOXch14teUyJeGeg2ve5h66zGQmnmu1QcGxg9sfgRzh6s1GBtS4Gccl7ie
ULosILJwsfLCEGueI8/HI0FnO+uZGtXDHnE0RCfyvh99+2kBJj+548krbC2tminu
ZYWj86d8w7rL/cLbYUrnAhtUsuwOUQIDAQABAoICAQCioY/Hat3iu8GEyHHFh4Cz
ymkckZyQZ7ZuMqAqY2MhjERAOb7SzjckIRNxGNWofazcqFSHWhDhKqS24Gt9vUYR
NtzMY/jkaOMF6bZSdqPfIynFLM7Xn4izFWjmMozKcRq1JC2drWBUgi8Jk8I81F9k
gCr1ubs7kt6PN7wrozndT4Zn21PyKdPbRjAeXe7dTuGqI/6fDLzXppUFoZhToqYq
DPfM3rljyy9qxPvqj3FUShAbllNzQDnR2WvW8IIfZn12/An6ycLthJcWTshuv3RJ
J72u2o1NdmR5Mi102PwX6mphWWKwPd8/jWAygWsqGFJujFAlCRirFrplBY+/KoDD
bcJz7jek7elO09SGA20W2G9DHRvUr4fknUsXCUj5PCGehDQrfYFeKFt3t383i765
WIXZmak1owxPtSuOmVbXqEVvwBkQ990E0+qxKeo1Tn1aANBZZVVb1LgJ75Zkmqrp
ARRb0h75G9cKZYex+3mgjECsBWurk2eriHS2D3RfJzlDpoZWqiMhMjC32kJQonws
0X7fgGs0vl2gPxq1xAs0QLjV6BgcYwJF7QdhEXiJUUKaB7aDBpVr+7jbVl8eIoql
zPE9owqQHhN5POSEnu76RPByYHt2twHXBpF0SFWKx7Nu0DpNqNqexVpqMNlz2Ehk
tjY6xm/hdWRLw0cNUI/4AQKCAQEA9sBDIEmXbnF0RtuKXMkkDOaeS3QM6vDQbRPf
itfuC9+B+qeLUkA4yyMLYml5mNuHawx34NoClmruESw/ASqgcqCxX/R9qGBJzkXn
saN6uF1ZQKKngzZ3UdrbVf7R1RBikHZHN0/Sn7mdhwM/CyQnD6/H0EOHLTk90v1d
Ctz8zOn6yqCqpyLedQteZavO3WKLzzothzS9WmblgALuYfGG/bRhNIkoM4JtkLsB
4hdp0n/tbIEIbMNAtvemXDO4N0VvMOa4m5if26tYI0vGIvkqHc+Oe5Jx1w3u9G6J
n+gF4hvdgpa3hpmIyP6o97hmyviP4I1KaonT5lHk9UvbKVEz8QKCAQEA4MWFJ5+7
dpjvHLH9p1iBEbtdpd3Nd6wdcNjGErFdMEdsSdEQgVdbQVSbnCPqr9d79lqrzIsM
wfV6AND15SfAVdD4BS7DQI5RxwQCnMU+Z4knGTUZp72TtuWYLDQ1zkKbVfl9U97a
jtCz+YYp/GHJxHF+TVW8ltvPmNja+Cccf1DfXXwJG539Rl7NGULaBurRn4rNKNA2
JmNB5DEnI+34ly+DBt5KKzbUc1nL6dO2ddnl7uokgDW3B6xDSZ+tdLFhYPSrX1em
VhxxvteLTqv9hyLu9u5f6wxphyo6GSMXTA8Yc+ID0GNLLb8kJmi97jFYVxRbWxev
QtOJGRjn631gYQKCAQEAoBFk+kMDG0A6H+U3Qq2w1zWbpnLoFliVvMzRjO46nDUn
yoR5mqfSr+RR9Etb+E8g786szY5fc1h2i2lajdUrNHEN36NpCJs+BbPPc6sLZyIX
Thi19iaVDOKeupCNalwwtGomFLmRdtAgYn82nHGdbU2on2/O9wVVF9QIUY296Og4
Ks5DJh02llMDr4zeqzrMW2fwNO9/jm+FnZ9JKPxXh6lGDaCUFaYckXDe7d4mZclb
KbIi1vtqtca9gr6CWEiQsvZY94bw3L2wdWUoaXOdYK1OTtdXRhzh0GsMmFEZz+4n
qhk/gO+Ejm61Cc3z0OOh4heGGMrETXr+vimxSIJG4QKCAQBTYfLbmC36+RD7HCx1
ACghY9iBx56JXpgtXL1eAd4IIvbRC3WMBdQckD6J1ekiAlZCNbC12H+LFH2F//64
W97F9xeLFKXqNOGxapNthN55mi+e8kvqJjG+D74758JuGdd2NW+AxZNel52sW1EI
B17KOTAZkEy9yh1hHlFc7WVs9ZtnGrRmQl3K1TBQxrQLDOFmxh8FnPf5lajD9lgG
xCkMLNv2mE/7aAO4Jv+2ZouxfHwH/WQ9C7AycH0lus6mE4eEaD+KxwE1wKeRnHRZ
YwRSNWtgv11l3Nzo/4k9+f6SgKcZlibED5G8DsRiW0jaLAQRicO6LzcdG0wou0yN
150BAoIBAQD0dDgOjnlXzvw8OXFcNn41K9U/oXzO/cNyxbRZP4wY0f7PEUIoF2gJ
OZ4bTAXA5PQxs3fwKfC1UKN129mTcJy9HnJGJQKBRwN+W/SRbnw7yR93idwe1kGy
iGGBO1bORbgj9y40QamZgnGqDRxsYmwCVss6mamtyNJtwobkWK4Wb33Uex6ZXyFK
wJ5htqviYe5oYo2Yor9ok5Xf66npmYTtv5STAhKjk+PTvlTGckwr4zEWvkgnXHJd
XDNx0r6O6FhkxPMIlLfX5fsaCL0jBxX+tkh/vYuF70JnZAQmEphRsLljVCr2jIQs
m4DEMelbu4jDoUwmms+yra/9chKHzaRB
-----END PRIVATE KEY-----