mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Grafana: Adds support for PKCS1 encrypted certs (#93451)
This commit is contained in:
parent
caa967b270
commit
5522c3a01b
@ -860,7 +860,7 @@ func handleEncryptedCertificates(cfg *setting.Cfg) (*tls.Certificate, error) {
|
||||
|
||||
var keyBytes []byte
|
||||
// Process the PKCS-encrypted PEM block.
|
||||
if strings.Contains(keyPemBlock.Type, "ENCRYPTED") {
|
||||
if strings.Contains(keyPemBlock.Type, "ENCRYPTED PRIVATE KEY") {
|
||||
// The pkcs8 package only handles the PKCS #5 v2.0 scheme.
|
||||
decrypted, err := pkcs8.ParsePKCS8PrivateKey(keyPemBlock.Bytes, []byte(certKeyFilePassword))
|
||||
if err != nil {
|
||||
@ -870,6 +870,19 @@ func handleEncryptedCertificates(cfg *setting.Cfg) (*tls.Certificate, error) {
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error marshaling PKCS8 Private key: %w", err)
|
||||
}
|
||||
} else if strings.Contains(keyPemBlock.Type, "RSA PRIVATE KEY") {
|
||||
// Check if the PEM block is encrypted with PKCS#1
|
||||
// Even if these methods are deprecated, RSA PKCS#1 was requested by some customers and fairly used
|
||||
// nolint:staticcheck
|
||||
if !x509.IsEncryptedPEMBlock(keyPemBlock) {
|
||||
return nil, fmt.Errorf("password provided but Private key is not recorgnized as encrypted")
|
||||
}
|
||||
// Only covers encrypted PEM data with a DEK-Info header.
|
||||
// nolint:staticcheck
|
||||
keyBytes, err = x509.DecryptPEMBlock(keyPemBlock, []byte(certKeyFilePassword))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error decrypting x509 PemBlock: %w", err)
|
||||
}
|
||||
} else {
|
||||
return nil, fmt.Errorf("password provided but Private key is not encrypted or not supported")
|
||||
}
|
||||
|
@ -36,79 +36,117 @@ func TestHTTPServer_readCertificates(t *testing.T) {
|
||||
t.Run("ReadCertificates should return error when cert files are not configured", func(t *testing.T) {
|
||||
_, err := ts.readCertificates()
|
||||
assert.NotNil(t, err)
|
||||
assert.Equal(t, "cert_file cannot be empty when using HTTPS", err.Error())
|
||||
})
|
||||
}
|
||||
|
||||
func TestHTTPServer_readEncryptedCertificates(t *testing.T) {
|
||||
t.Run("readCertificates should return certificate if configuration is correct", func(t *testing.T) {
|
||||
cfg, cleanUpFunc := getHttpServerCfg(t)
|
||||
defer cleanUpFunc()
|
||||
type testCase struct {
|
||||
desc string
|
||||
primaryKey []byte
|
||||
cert []byte
|
||||
pass string
|
||||
expectedErr string
|
||||
}
|
||||
|
||||
ts := &HTTPServer{
|
||||
Cfg: cfg,
|
||||
}
|
||||
tests := []testCase{
|
||||
{
|
||||
desc: "readCertificates should return certificate if configuration is correct - PKCS#8 with password",
|
||||
primaryKey: privateKeyWithPassPKCS8,
|
||||
cert: certWithPassPKCS8,
|
||||
pass: passPKCS8,
|
||||
},
|
||||
{
|
||||
desc: "readCertificates should return certificate if configuration is correct - PKCS#1 with password",
|
||||
primaryKey: privateKeyWithPassPKCS1,
|
||||
cert: certWithPassPKCS1,
|
||||
pass: passPKCS1,
|
||||
},
|
||||
{
|
||||
desc: "readCertificates should return certificate if configuration is correct - No pass",
|
||||
primaryKey: privateKeyNoPass,
|
||||
cert: certNoPass,
|
||||
pass: "",
|
||||
},
|
||||
{
|
||||
desc: "readCertificates should return error if the password provided is not the correct one - PKCS#8 with password",
|
||||
primaryKey: privateKeyWithPassPKCS8,
|
||||
cert: certWithPassPKCS8,
|
||||
pass: "somethingThatIsNotTheCorrectPass",
|
||||
expectedErr: "error parsing PKCS8 Private key: pkcs8: incorrect password",
|
||||
},
|
||||
{
|
||||
desc: "readCertificates should return error if the password provided is not the correct one - PKCS#1 with password",
|
||||
primaryKey: privateKeyWithPassPKCS1,
|
||||
cert: certWithPassPKCS1,
|
||||
pass: "somethingThatIsNotTheCorrectPass2",
|
||||
expectedErr: "error decrypting x509 PemBlock: x509: decryption password incorrect",
|
||||
},
|
||||
}
|
||||
|
||||
c, err := ts.readCertificates()
|
||||
require.Nil(t, err)
|
||||
require.NotNil(t, c)
|
||||
})
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.desc, func(t *testing.T) {
|
||||
cfg, cleanUpFunc := getHttpServerCfg(t, tt.cert, tt.primaryKey, tt.pass)
|
||||
defer cleanUpFunc()
|
||||
|
||||
t.Run("readCertificates should return error if the password provided is not the correct one", func(t *testing.T) {
|
||||
cfg, cleanUpFunc := getHttpServerCfg(t)
|
||||
defer cleanUpFunc()
|
||||
// change for a wrong password - 32char for consistency
|
||||
cfg.CertPassword = "somethingThatIsNotTheCorrectPass"
|
||||
ts := &HTTPServer{
|
||||
Cfg: cfg,
|
||||
}
|
||||
|
||||
ts := &HTTPServer{
|
||||
Cfg: cfg,
|
||||
}
|
||||
|
||||
c, err := ts.readCertificates()
|
||||
require.Nil(t, c)
|
||||
require.NotNil(t, err)
|
||||
require.Equal(t, err.Error(), "error parsing PKCS8 Private key: pkcs8: incorrect password")
|
||||
})
|
||||
c, err := ts.readCertificates()
|
||||
if tt.expectedErr == "" {
|
||||
require.Nil(t, err)
|
||||
require.NotNil(t, c)
|
||||
} else {
|
||||
require.Nil(t, c)
|
||||
require.NotNil(t, err)
|
||||
require.Equal(t, tt.expectedErr, err.Error())
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// returns Cfg and cleanup function for the created files
|
||||
func getHttpServerCfg(t *testing.T) (*setting.Cfg, func()) {
|
||||
func getHttpServerCfg(t *testing.T, cert []byte, pk []byte, pass string) (*setting.Cfg, func()) {
|
||||
// create cert files
|
||||
cert, err := os.CreateTemp("", "certWithPass*.crt")
|
||||
certFile, err := os.CreateTemp("", "certWithPass*.crt")
|
||||
require.NoError(t, err)
|
||||
_, err = cert.Write(certWithPass)
|
||||
_, err = certFile.Write(cert)
|
||||
require.NoError(t, err)
|
||||
|
||||
privateKey, err := os.CreateTemp("", "privateKey*.key")
|
||||
privateKeyFile, err := os.CreateTemp("", "privateKeyFile*.key")
|
||||
require.NoError(t, err)
|
||||
_, err = privateKey.Write(privateKeyWithPass)
|
||||
_, err = privateKeyFile.Write(pk)
|
||||
require.NoError(t, err)
|
||||
|
||||
cfg := setting.NewCfg()
|
||||
cfg.CertPassword = password
|
||||
cfg.CertFile = cert.Name()
|
||||
cfg.KeyFile = privateKey.Name()
|
||||
cfg.CertPassword = pass
|
||||
cfg.CertFile = certFile.Name()
|
||||
cfg.KeyFile = privateKeyFile.Name()
|
||||
cfg.Protocol = "https"
|
||||
|
||||
cleanupFunc := func() {
|
||||
_ = os.Remove(cert.Name())
|
||||
_ = os.Remove(privateKey.Name())
|
||||
_ = os.Remove(certFile.Name())
|
||||
_ = os.Remove(privateKeyFile.Name())
|
||||
}
|
||||
|
||||
return cfg, cleanupFunc
|
||||
}
|
||||
|
||||
/*
|
||||
* Certificates encrypted with password used for testing. These are valid until Aug 1st 2027.
|
||||
* To generate new ones, use this commands:
|
||||
*
|
||||
* # Generate RSA private key with a passphrase '12345678901234567890123456789012'
|
||||
* sudo openssl genrsa -aes256 -passout pass:12345678901234567890123456789012 -out ./grafana_pass.key 2048
|
||||
* # Create a new Certificate Signing Request (CSR) using the private key passing passphrase '12345678901234567890123456789012'
|
||||
* sudo openssl req -new -nodes -sha256 -key ./grafana_pass.key -subj '/CN=testCertWithPass/C=us' -passin pass:12345678901234567890123456789012 -out ./grafana_pass.csr
|
||||
* # Sign the CSR using the private key to create a self-signed certificate valid for 365 days
|
||||
* sudo openssl x509 -req -days 1095 -in ./grafana_pass.csr -signkey ./grafana_pass.key -passin pass:12345678901234567890123456789012 -out ./grafana_pass.crt
|
||||
* PKCS#8
|
||||
* Certificates encrypted with password used for testing. These are valid until Aug 1st 2027.
|
||||
* To generate new ones, use this commands:
|
||||
*
|
||||
* # Generate RSA private key with a passphrase '12345678901234567890123456789012'
|
||||
* openssl genrsa -aes256 -passout pass:12345678901234567890123456789012 -out ./grafana_pass.key 2048
|
||||
* # Create a new Certificate Signing Request (CSR) using the private key passing passphrase '12345678901234567890123456789012'
|
||||
* openssl req -new -nodes -sha256 -key ./grafana_pass.key -subj '/CN=testCertWithPass/C=us' -passin pass:12345678901234567890123456789012 -out ./grafana_pass.csr
|
||||
* # Sign the CSR using the private key to create a self-signed certificate valid for 1095 days
|
||||
* openssl x509 -req -days 1095 -in ./grafana_pass.csr -signkey ./grafana_pass.key -passin pass:12345678901234567890123456789012 -out ./grafana_pass.crt
|
||||
*/
|
||||
var certWithPass = []byte(`-----BEGIN CERTIFICATE-----
|
||||
var certWithPassPKCS8 = []byte(
|
||||
`-----BEGIN CERTIFICATE-----
|
||||
MIIC1zCCAb8CFGUb9G3+Dl7bTJgCsV0HatdD6jnkMA0GCSqGSIb3DQEBCwUAMCgx
|
||||
GTAXBgNVBAMMEHRlc3RDZXJ0V2l0aFBhc3MxCzAJBgNVBAYTAnVzMB4XDTI0MDgw
|
||||
MTE4MzM0OFoXDTI3MDgwMTE4MzM0OFowKDEZMBcGA1UEAwwQdGVzdENlcnRXaXRo
|
||||
@ -127,7 +165,8 @@ fsYk656OSlFMbYlst1ktnBrmBE7AOHdW/WRynfIFQACNkwnrnPO1u8ZRSUzVlg/2
|
||||
lzZlmPUgKBVA0kA=
|
||||
-----END CERTIFICATE-----`)
|
||||
|
||||
var privateKeyWithPass = []byte(`-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
var privateKeyWithPassPKCS8 = []byte(
|
||||
`-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIpLpJYDO3y4wCAggA
|
||||
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBAx2HkCNR7WRCmF3QiOqhRzBIIE
|
||||
0O40A8q91zh6j2bseuIMGUQNEeRSf46fUUqtucgV/KAgpQMHL0/tTfhS5GaRcBlm
|
||||
@ -158,4 +197,133 @@ cobRX9pYWflHCH4n0PshBo/quh98Omy7MVcSQtP4S2kQ4uYtZV8pZj1L5K9DekK0
|
||||
Fx113Ns6T2LzzdARMN7S3qsiRveFRrz+Xm0Rtrl//KB5
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
`)
|
||||
var password = "12345678901234567890123456789012"
|
||||
var passPKCS8 = "12345678901234567890123456789012"
|
||||
|
||||
/*
|
||||
* PKCS#1
|
||||
* Certificates encrypted with password used for testing. These are valid until Sept 19th 2027.
|
||||
* To generate new ones, use this commands:
|
||||
*
|
||||
* # Generate RSA private key with a passphrase '111112222233333444445555566666612'.
|
||||
* # The -traditional flag explicitly forces the use of the PKCS#1 format for RSA private keys. This is needed for newer versions of openssl
|
||||
* openssl genrsa -traditional -aes256 -passout pass:111112222233333444445555566666612 -out encrypted_rsa_key.pem 2048
|
||||
* # Create a new Certificate Signing Request (CSR) using the private key passing passphrase '111112222233333444445555566666612'
|
||||
* openssl req -new -nodes -sha256 -key encrypted_rsa_key.pem -subj '/CN=testCertWithPass/C=us' -passin pass:111112222233333444445555566666612 -out certificate_request.csr
|
||||
* # Sign the CSR using the private key to create a self-signed certificate valid for 1095 days
|
||||
* openssl x509 -req -days 1095 -in certificate_request.csr -signkey encrypted_rsa_key.pem -passin pass:111112222233333444445555566666612 -out certificate.crt
|
||||
*/
|
||||
var certWithPassPKCS1 = []byte(
|
||||
`-----BEGIN CERTIFICATE-----
|
||||
MIIC1zCCAb8CFGKBaDfnasNQFzOg7QR1Tm1vmQZ2MA0GCSqGSIb3DQEBCwUAMCgx
|
||||
GTAXBgNVBAMMEHRlc3RDZXJ0V2l0aFBhc3MxCzAJBgNVBAYTAnVzMB4XDTI0MDkx
|
||||
OTEyMDgyOVoXDTI3MDkxOTEyMDgyOVowKDEZMBcGA1UEAwwQdGVzdENlcnRXaXRo
|
||||
UGFzczELMAkGA1UEBhMCdXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
|
||||
AQDGvaV1ROGZqNghVK4kjgME4joT32oe66nfYum4OiKJQPBA80umYiD++f/sglSl
|
||||
Nj+LIuus0EvXUFsweTJXW7CdECSlxXpzwXYuN9YncGjsX0Oywn/CMgXybVLZyOaX
|
||||
RiYB5X/pEJIWX7ywPtOS5gW1lIzuKnpyELh0EkI3oatMn7bdBcwg8kIuwJHdtF6D
|
||||
rqvrsDDfo4o9XqQfQZ2m+WXd22f1qcRR5svILzq16WT1d/6+JvVCypv2TmzNCuEZ
|
||||
SfDdwVyRGw2N8RVl9HdtTaIByFnusaYX7qbf6LfCcrKPDAnb8f1uYtJYYLDmQK3x
|
||||
JuFbtk47Qm2mh3JEWEIzwom/AgMBAAEwDQYJKoZIhvcNAQELBQADggEBADCAUlFN
|
||||
hv1t7RDB7nq9ow6Shu0VFxooP1ekeN6FuNthvG0tVI/APoetlyIwUr5Fp4Rhj9J3
|
||||
J6hnCsMARJAgDiCFya9NleG2PATzrLHm4DJL0zm005pZOtmfxDOeCt+/lDIGU+Rg
|
||||
fktYtY5Iuh4RD9UBt2COlUM9K9WuwFjgQhzspKfNys5Nm0l+3Oh4/F8XLjL15tEw
|
||||
mV+maFncQ2F1Yo5LJ4nGcF52z6v4Z5sk5lVBYuaO3S8d1ZrBgTyx5gZ8zI5+ewhH
|
||||
rTNsasDlsoXKws8yZWSGEOkldYwmMwpdEkbVoNuUbhmgL2v17gx9l8iBcVo+agn1
|
||||
KjQqJMB7C49JJ2w=
|
||||
-----END CERTIFICATE-----`)
|
||||
|
||||
var privateKeyWithPassPKCS1 = []byte(
|
||||
`-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,BFA318F0BA852F1D507C1FF646BD9E41
|
||||
|
||||
E4UOCP1+oDxm36pqaI1AqSrl4vykLE0x4tN5P0uJgwCQ6CWN0ZiAxJYtXE4MxGIq
|
||||
eLk5L5GL/oeziFPT464Cxt01TdNjL57CwAuMw7ucS+/WV56Y5370FBNXkLQTUBkV
|
||||
GKXpqtE3T7VHwltNAddJPX9sQMqC/jgpMQBCwlg6KPfvs74acE75jyjSr7za0ozR
|
||||
jDUfY5dVROU7pgjwanz0K26joaBE9PUGlbQoN3HoIAQOl85GMJaeaXoPgJiY2Txm
|
||||
oTWqhDqY52Gj8n7vqpJyykIYaw0jHwCv1QR/fWN0BT7/aRQbM1xXwmGkCurm1BTI
|
||||
Gh4tq9iDs+cXj08DLxJ2QZ9c/kkcBtaiBW6W7Cm1VEMMAFKYnTvw2o6oBkfcy5qD
|
||||
fHVxA7x4MQJCXewt7T9ONq2MMfCQYE/y0RWD7nEOEnSa0rCGmlQnyi0poEtw97MQ
|
||||
itB5RO5OuhoGqYnaPPnX///xr0Lzc5xqtXQLGNXRvRpl7MUCgeD6gOc8whEdUWUq
|
||||
rGHAXEBSyfX+TWV2XlrzlH1s+gZ3kX65Gp5xuV66QSekLfyznKLuTarHZUUEOIAM
|
||||
/78PF9GcNd7NKWtTieAfu4Rz9OWVXe4M8x3KDmYc3n7sR4ZhO2tBMNzvgI5KWuW0
|
||||
o1AxJR3zOjDDeiz7undrmCFwh08VF+ZVNdBSDCXIYsjdD0BzfrliwqL6hn3Od1MW
|
||||
71xZBuQoXBgDM+MOvtHa5fGsBgny6ehHc6V9/fjdPMe/zmWLqDn7mRgcmRtP8u2c
|
||||
egZf0EfPqR+4iy7UtzOpdh5TI4r/rlKstOMU+lbVzoIv3Jh1oUw/fBbOFVteks3L
|
||||
jR7rTFdfJgr/dsnjd/PbMfcrOIDr6OkvST+RUiyBcgOC6snaPrPrL3+6kPtEiYVE
|
||||
Hmaw8TfH5AQ8mx+xDiabhnKduX5POUEN17sw40O0jIJmHQ5KDrawYzz24ZBxOsVC
|
||||
0RLExLJwXtUYZ4fUfVtyOMLGKYHqZnz1XzmHJ1m7/rpd6ccYzFAK9+SO7zEs7mRH
|
||||
iVC+4lOsU4lfrhFIDVkFvtTBPTneF+2oHQu5psm55/Hnm0VqDzrcXPapTZQznwVZ
|
||||
HRBsiahLaHzF1zF+xQPm3PspcEm1wQNp1EEW4QlZYQyg16dAt813i0JDL8MWQR/U
|
||||
aunhNyI0w6/rE7kEeT/3iFUqdJQkAXoRRQLg5urwTZJlhV32/5MG5ADr+k/e7LQe
|
||||
s2yUbEa0P0hrN0ACPl4RsmE10GFoPuJjcYyANd+UvZPRTrfJMWT8M3Ggv7qfgZmH
|
||||
uLJ5pi/xIH/bYAWf5B/mH+7z6T40x2z8N5sHiVBsK2iYRxNFpAKzVaOJmXyAxCTu
|
||||
MadzTUuqiXXr7pnmA8oKcJ80fcpAGtSw+QaQWIqJySo68MtSYg0RdljMYJ1mV/QD
|
||||
HhSeh4jdv3uSdb2TvpXkxnmmNnKyqhiqCWvAzG7GiMvZ0VnPvfcZUBYiGBfS49oY
|
||||
Igxrr1ibkqVn987DaBb6F77FfV0YDicn/mpTVbVdkeh1LAOwisqgWIRbkI4Vwk3q
|
||||
nGUA2Etz9Oq9imNLu4Sb96r9I0WfQDKvsgxK2dhRwb9fg6kZ7y6Nb6XzqU3XJs44
|
||||
-----END RSA PRIVATE KEY-----`)
|
||||
|
||||
var passPKCS1 = "111112222233333444445555566666612"
|
||||
|
||||
/**
|
||||
* Certificates without password used for testing. These are valid until Sept 19th 2027.
|
||||
* To generate new ones, use this commands:
|
||||
*
|
||||
* # Generate RSA private key
|
||||
* openssl genrsa -out ./grafana_no_pass.key 2048
|
||||
* # Create a new Certificate Signing Request (CSR) using the private key
|
||||
* openssl req -new -key ./grafana_no_pass.key -subj '/CN=testCertWithoutPass/C=SK' -out ./grafana_no_pass.csr
|
||||
* # Sign the CSR using the private key to create a self-signed certificate valid for 365 days
|
||||
* openssl x509 -req -days 1095 -in ./grafana_no_pass.csr -signkey ./grafana_no_pass.key -out ./grafana_no_pass.crt
|
||||
*/
|
||||
|
||||
var privateKeyNoPass = []byte(
|
||||
`-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCiCb+D7DddLgsU
|
||||
TP4wu6B4fvFqmYbMH9O+mvP6iwAS2jazOrw2Was8+AKafxnSM1TrbPgH3nUS6TzM
|
||||
iSrisDgPUuZ/MxvSFG2VFNhB/vujteI6tyXZdNpiptvxJumHvPR4Qjc9wrCYl3qh
|
||||
x6T/KkKVkBEXi0+frWUJw0xFNiKu8Rdgo4ceZ3kHZt/ZqESDf26v18clQETBB7oR
|
||||
WzPmuktnCyX2WPN/B2DWl9eDNMUtQt8HzA8XhOL5nFYUYXOKmFSprD29JaeeKCrF
|
||||
YkIDfLq+k2lzxo1Btur6u1gJyOOi5X1hfoGgZNINNnWeuw0iuqX2Wgw9HjfBV1hS
|
||||
ACzeUJiVAgMBAAECggEABfQlvUsonZvbfFt324KJWuQPKsOJWGay+QXogQQqdIbg
|
||||
C6XU1Ipm6E6Uieixoi+QpzXRxzg9RPyc50cC9GFVLfr1zSarlwR5IkkpyQL9a/56
|
||||
2X1xPpQ0kftfiXTMj9g5g1GrhfFpW7H1J4yWW2nKGIS6nAraWhuc4sbyPnjGvXa/
|
||||
Pgdd1mW+bCd++qh0bsUZSosPZSc8xv/2rEA7eqa+mbADC/Cjf6OJl2lKXypJhRqg
|
||||
5wUCcYDzCPCXa0H1qcJK+9KrcejgFqUg0lC4LPEQtJfvxsOhxRnfaZUFBSD5UaR5
|
||||
eh9/jKxfAlGN6xynO73IYbZQax8OCGAG8na9SelD4QKBgQC2TOhoxhftg+d/pXK1
|
||||
CsAB/q/bIzmM1czC5HMZh52SJKGimUnRSbSKDiX2MTlXNIKxf8O00cH076FU5gZp
|
||||
18Er5D6b1nF4NhdmJEq+Y39DixqM9/ktArBoPMiqDxNMUvq0FVPRWA9vveTurVV5
|
||||
07ms5h7Ch2b2aIz4ckx1YpLg+wKBgQDji8yRZmNxzALesv5f7Rpr4Sv35Gd4UaL5
|
||||
R2N0N8C8nZAh/I+eWf9b/2u8s0tNt6v6U4YSI2F9koZyvRfAKRB9K7zOfaIcvxy7
|
||||
VTvSHpUavuK1f7FAsygNAYRDcEqX4m/7oEMs3MEBfgk1pkePA6Btoqfs2lfgc1y7
|
||||
dnx17QLXrwKBgQCKo8ioTebKomL/Z6Lp3mgR3FB/VrWgzsQvf6+tPb7u8t7eGrfR
|
||||
67zatVHXfq3+DRhLxz/eFxvrnAZU268K9aOaLrYSrC6VXoXDD1ysmFyj0Hl7teaR
|
||||
fZcNXxS4iEiD5iN1qzaYYeEzePZPMhFsWkG+JTBFftYmFXMIS1ysdTAA2wKBgQC5
|
||||
NxT3kVEG0tnPLgFSUav8/dcNO3RhgonWwJ4afjs7DEHC+FJqwbTSzJCEk6iLBSNO
|
||||
amgqIXR8gyU/Bd3sQ0CxskVICwlGvuUDMzizKsORdqkQtXSxRmMmWwKu5htBkEY4
|
||||
mlWzkajkrxOOAOAkb/5I32oyp/N5tk1YJfTfBGIY7wKBgFYFFhYsYXtZE24k+7y+
|
||||
KsTVyjc2AjRrG25BleEEvEEZkrltZ3RqirwasclAhOpdzvd59uzNgnPWwq3duj7H
|
||||
VtHK877LgPh5qhlwGI2i1i5wMO71lZtPcqNZPkvjhV5YUzp6BRF+HDsF7mn68ZA1
|
||||
7jNNIb06iJ8Ur9kYSgYdQslE
|
||||
-----END PRIVATE KEY-----`)
|
||||
|
||||
var certNoPass = []byte(
|
||||
`-----BEGIN CERTIFICATE-----
|
||||
MIIC3TCCAcUCFBL/b/HwmR9F9EK1u8PQvmNPFMo3MA0GCSqGSIb3DQEBCwUAMCsx
|
||||
HDAaBgNVBAMME3Rlc3RDZXJ0V2l0aG91dFBhc3MxCzAJBgNVBAYTAlNLMB4XDTI0
|
||||
MDkxOTEyMzQ1NFoXDTI3MDkxOTEyMzQ1NFowKzEcMBoGA1UEAwwTdGVzdENlcnRX
|
||||
aXRob3V0UGFzczELMAkGA1UEBhMCU0swggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
|
||||
ggEKAoIBAQCiCb+D7DddLgsUTP4wu6B4fvFqmYbMH9O+mvP6iwAS2jazOrw2Was8
|
||||
+AKafxnSM1TrbPgH3nUS6TzMiSrisDgPUuZ/MxvSFG2VFNhB/vujteI6tyXZdNpi
|
||||
ptvxJumHvPR4Qjc9wrCYl3qhx6T/KkKVkBEXi0+frWUJw0xFNiKu8Rdgo4ceZ3kH
|
||||
Zt/ZqESDf26v18clQETBB7oRWzPmuktnCyX2WPN/B2DWl9eDNMUtQt8HzA8XhOL5
|
||||
nFYUYXOKmFSprD29JaeeKCrFYkIDfLq+k2lzxo1Btur6u1gJyOOi5X1hfoGgZNIN
|
||||
NnWeuw0iuqX2Wgw9HjfBV1hSACzeUJiVAgMBAAEwDQYJKoZIhvcNAQELBQADggEB
|
||||
AHAoaCc0iaHOhr7nxDBOl7qPsrIpA95TU1d0rTaLQpK8Z5wC3+a0JvAxRk+RgIMA
|
||||
1Z+mL326gg2o7L3SdjVzkhBe/3+7RzAfuH/k8S8hn72G548o3XkQP87JmLUXs1+6
|
||||
2t467hpNPbuboO2lspCEEWbYs2kLFIFIE4V+iQe4xabz/tBgy2fE0hI1gwtWqonO
|
||||
ZXEiT0mcWOdtRV5WfkkSrjE0BtWUW6r+eW/0ZSLPESnGqBIpTgzDEk29bWbbMdwh
|
||||
dsdSPwCrdg9wYOPr1CNjfoA6GjX5SipJ6rU1hOzcOF8SQh0Oh9a5kpfkVD+ktHxr
|
||||
+eLHA9/oarks8uDsI8ZzsPI=
|
||||
-----END CERTIFICATE-----`)
|
||||
|
Loading…
Reference in New Issue
Block a user