diff --git a/internal/envconfig/envconfig.go b/internal/envconfig/envconfig.go index e8dc791299ea..7ad6fb44ca85 100644 --- a/internal/envconfig/envconfig.go +++ b/internal/envconfig/envconfig.go @@ -88,6 +88,22 @@ var ( // feature can be disabled by setting the environment variable // GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING to "false". PickFirstWeightedShuffling = boolFromEnv("GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING", true) + + // DisableStrictPathChecking indicates whether strict path checking is + // disabled. This feature can be disabled by setting the environment + // variable GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING to "true". + // + // When strict path checking is enabled, gRPC will reject requests with + // paths that do not conform to the gRPC over HTTP/2 specification found at + // https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md. + // + // When disabled, gRPC will allow paths that do not contain a leading slash. + // Enabling strict path checking is recommended for security reasons, as it + // prevents potential path traversal vulnerabilities. + // + // A future release will remove this environment variable, enabling strict + // path checking behavior unconditionally. + DisableStrictPathChecking = boolFromEnv("GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING", false) ) func boolFromEnv(envVar string, def bool) bool { diff --git a/server.go b/server.go index 1b5cefe81715..8efb29a7b95c 100644 --- a/server.go +++ b/server.go @@ -42,6 +42,7 @@ import ( "google.golang.org/grpc/internal" "google.golang.org/grpc/internal/binarylog" "google.golang.org/grpc/internal/channelz" + "google.golang.org/grpc/internal/envconfig" "google.golang.org/grpc/internal/grpcsync" "google.golang.org/grpc/internal/grpcutil" istats "google.golang.org/grpc/internal/stats" @@ -149,6 +150,8 @@ type Server struct { serverWorkerChannel chan func() serverWorkerChannelClose func() + + strictPathCheckingLogEmitted atomic.Bool } type serverOptions struct { @@ -1762,6 +1765,24 @@ func (s *Server) processStreamingRPC(ctx context.Context, stream *transport.Serv return ss.s.WriteStatus(statusOK) } +func (s *Server) handleMalformedMethodName(stream *transport.ServerStream, ti *traceInfo) { + if ti != nil { + ti.tr.LazyLog(&fmtStringer{"Malformed method name %q", []any{stream.Method()}}, true) + ti.tr.SetError() + } + errDesc := fmt.Sprintf("malformed method name: %q", stream.Method()) + if err := stream.WriteStatus(status.New(codes.Unimplemented, errDesc)); err != nil { + if ti != nil { + ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true) + ti.tr.SetError() + } + channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream failed to write status: %v", err) + } + if ti != nil { + ti.tr.Finish() + } +} + func (s *Server) handleStream(t transport.ServerTransport, stream *transport.ServerStream) { ctx := stream.Context() ctx = contextWithServer(ctx, s) @@ -1782,26 +1803,30 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Ser } sm := stream.Method() - if sm != "" && sm[0] == '/' { + if sm == "" { + s.handleMalformedMethodName(stream, ti) + return + } + if sm[0] != '/' { + // TODO(easwars): Add a link to the CVE in the below log messages once + // published. + if envconfig.DisableStrictPathChecking { + if old := s.strictPathCheckingLogEmitted.Swap(true); !old { + channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream received malformed method name %q. Allowing it because the environment variable GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING is set to true, but this option will be removed in a future release.", sm) + } + } else { + if old := s.strictPathCheckingLogEmitted.Swap(true); !old { + channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream rejected malformed method name %q. To temporarily allow such requests, set the environment variable GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING to true. Note that this is not recommended as it may allow requests to bypass security policies.", sm) + } + s.handleMalformedMethodName(stream, ti) + return + } + } else { sm = sm[1:] } pos := strings.LastIndex(sm, "/") if pos == -1 { - if ti != nil { - ti.tr.LazyLog(&fmtStringer{"Malformed method name %q", []any{sm}}, true) - ti.tr.SetError() - } - errDesc := fmt.Sprintf("malformed method name: %q", stream.Method()) - if err := stream.WriteStatus(status.New(codes.Unimplemented, errDesc)); err != nil { - if ti != nil { - ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true) - ti.tr.SetError() - } - channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream failed to write status: %v", err) - } - if ti != nil { - ti.tr.Finish() - } + s.handleMalformedMethodName(stream, ti) return } service := sm[:pos] diff --git a/test/malformed_method_test.go b/test/malformed_method_test.go new file mode 100644 index 000000000000..00e391a25958 --- /dev/null +++ b/test/malformed_method_test.go @@ -0,0 +1,177 @@ +/* + * + * Copyright 2026 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package test + +import ( + "bytes" + "context" + "net" + "testing" + + "golang.org/x/net/http2" + "golang.org/x/net/http2/hpack" + "google.golang.org/grpc/internal/envconfig" + "google.golang.org/grpc/internal/stubserver" + "google.golang.org/grpc/internal/testutils" + + testpb "google.golang.org/grpc/interop/grpc_testing" +) + +// TestMalformedMethodPath tests that the server responds with Unimplemented +// when the method path is malformed. This verifies that the server does not +// route requests with a malformed method path to the application handler. +func (s) TestMalformedMethodPath(t *testing.T) { + tests := []struct { + name string + path string + envVar bool + wantStatus string // string representation of codes.Code + }{ + { + name: "missing_leading_slash_disableStrictPathChecking_false", + path: "grpc.testing.TestService/UnaryCall", + wantStatus: "12", // Unimplemented + }, + { + name: "empty_path_disableStrictPathChecking_false", + path: "", + wantStatus: "12", // Unimplemented + }, + { + name: "just_slash_disableStrictPathChecking_false", + path: "/", + wantStatus: "12", // Unimplemented + }, + { + name: "missing_leading_slash_disableStrictPathChecking_true", + path: "grpc.testing.TestService/UnaryCall", + envVar: true, + wantStatus: "0", // OK + }, + { + name: "empty_path_disableStrictPathChecking_true", + path: "", + envVar: true, + wantStatus: "12", // Unimplemented + }, + { + name: "just_slash_disableStrictPathChecking_true", + path: "/", + envVar: true, + wantStatus: "12", // Unimplemented + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) + defer cancel() + + testutils.SetEnvConfig(t, &envconfig.DisableStrictPathChecking, tc.envVar) + + ss := &stubserver.StubServer{ + UnaryCallF: func(context.Context, *testpb.SimpleRequest) (*testpb.SimpleResponse, error) { + return &testpb.SimpleResponse{Payload: &testpb.Payload{Body: []byte("pwned")}}, nil + }, + } + if err := ss.Start(nil); err != nil { + t.Fatalf("Error starting endpoint server: %v", err) + } + defer ss.Stop() + + // Open a raw TCP connection to the server and speak HTTP/2 directly. + tcpConn, err := net.Dial("tcp", ss.Address) + if err != nil { + t.Fatalf("Failed to dial tcp: %v", err) + } + defer tcpConn.Close() + + // Write the HTTP/2 connection preface and the initial settings frame. + if _, err := tcpConn.Write([]byte("PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n")); err != nil { + t.Fatalf("Failed to write preface: %v", err) + } + framer := http2.NewFramer(tcpConn, tcpConn) + if err := framer.WriteSettings(); err != nil { + t.Fatalf("Failed to write settings: %v", err) + } + + // Encode and write the HEADERS frame. + var headerBuf bytes.Buffer + enc := hpack.NewEncoder(&headerBuf) + writeHeader := func(name, value string) { + enc.WriteField(hpack.HeaderField{Name: name, Value: value}) + } + writeHeader(":method", "POST") + writeHeader(":scheme", "http") + writeHeader(":authority", ss.Address) + writeHeader(":path", tc.path) + writeHeader("content-type", "application/grpc") + writeHeader("te", "trailers") + if err := framer.WriteHeaders(http2.HeadersFrameParam{ + StreamID: 1, + BlockFragment: headerBuf.Bytes(), + EndStream: false, + EndHeaders: true, + }); err != nil { + t.Fatalf("Failed to write headers: %v", err) + } + + // Send a small gRPC-encoded data frame (0 length). + if err := framer.WriteData(1, true, []byte{0, 0, 0, 0, 0}); err != nil { + t.Fatalf("Failed to write data: %v", err) + } + + // Read responses and look for grpc-status. + gotStatus := "" + dec := hpack.NewDecoder(4096, func(f hpack.HeaderField) { + if f.Name == "grpc-status" { + gotStatus = f.Value + } + }) + done := make(chan struct{}) + go func() { + defer close(done) + for { + frame, err := framer.ReadFrame() + if err != nil { + return + } + if headers, ok := frame.(*http2.HeadersFrame); ok { + if _, err := dec.Write(headers.HeaderBlockFragment()); err != nil { + return + } + if headers.StreamEnded() { + return + } + } + } + }() + + select { + case <-done: + case <-ctx.Done(): + t.Fatalf("Timed out waiting for response") + } + + if gotStatus != tc.wantStatus { + t.Errorf("Got grpc-status %v, want %v", gotStatus, tc.wantStatus) + } + }) + } +} diff --git a/testdata/spiffe_end2end/README.md b/testdata/spiffe_end2end/README.md index e2ca443500ef..171cc8bb2746 100644 --- a/testdata/spiffe_end2end/README.md +++ b/testdata/spiffe_end2end/README.md @@ -1,6 +1,6 @@ All of the following files in this directory except `server_spiffebundle.json` and `client_spiffebundle.json` are generated with the `generate.sh` and -`generate_intermediate.sh` script in this directory. +`intermediate_gen.sh` script in this directory. These comprise a root trust certificate authority (CA) that signs two certificates - `client_spiffe.pem` and `server_spiffe.pem`. These are valid @@ -28,7 +28,7 @@ certificate by getting the RSA key from the cert and extracting the value. This can be done in golang with the following codeblock: ``` -func(GetBase64ModulusFromPublicKey(key *rsa.PublicKey) string { +func GetBase64ModulusFromPublicKey(key *rsa.PublicKey) string { return base64.RawURLEncoding.EncodeToString(key.N.Bytes()) } diff --git a/testdata/spiffe_end2end/ca.key b/testdata/spiffe_end2end/ca.key index bb60bf90fb7b..282b76bf237b 100644 --- a/testdata/spiffe_end2end/ca.key +++ b/testdata/spiffe_end2end/ca.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC19PImArmxbwgq -o2QG2si8BU6E69Bvyqxz8Je3swxBIGwZ9uIobMSBLeTCYyXuf+o90Zf0kMwzmrAK -eLEeky5W/j07zGXAtgUBPA7L1Uk0TxOdJXBCUvEm5Oc4GxubfO7F+pdJKZ+XkRVq -bnStGe5qX6KNs5rcJfFUhewbtM0snGEIf2yhaA0mNNuGtlIm4VB7jmiyHNU5YTow -ByVCVrV3/t2RI9+T4ya0AlkW93rU0M0qQauJ35LkJIXifbzrnLxmztEyb+mnVUB+ -GJgz01E4teWo/PJb1aNJ/ojf/UONsQ5IFRdza6RhaQB7C+Dxlnt/SJ3MMaxHgVyc -YuJeVtJQuncGRSuQ2YrmW9b36HVnxa0xBDeSluUjv48hMRlLNaXaH4yuK6oc8TNJ -ie++/ir6Kb4H+0RjcKMGqxZYfotU1obxa+5N3wzGSjUDUrhofzlfvqbp+NCwdFH+ -qczM4IZPL8YMMh6goKr9BRN9/xRIieotyH6rfKNcnkUgDp750U0cZ7P2eRUpldyc -9hZS5AlF4cKQXgLIrv1LrZHkiIietetInUEBAa/PF2YHRLXUyI1PCSBKBu7wdwAU -15J9dVFC9jkmOLYhoRdPfrobpWhs5+FfPJumSoiusdGXd7x4l313xi2V02YXz5mR -GbT2lCb6aJPweuziiEBZn+5KV++DkQIDAQABAoICAADWyAO4mVHKyGYpOdNT36do -4HZZAir2+CCTv9z8wLnrF2cF36+xvNp+an5PoYdjoxL+HP5EVT4fFWLQ22VQw5N5 -uEKAoZDGBXUpNJ/UKO1rFWA8U+iHFmDYsxlzX7lrjSkBk4fOw1rJ12HcFZo1580V -J/GO1TmVcf0Z2jLX9Q6+TD2xTzsWFIMWp/PPMP5FqokXeBQij3LluW4Wsbf2qEBu -/a2g5HjL6QhBgxqci6eX7b3b7sbHjLp66G+kM6n4JIFE4+Z1+sypdVBYoUESRjlB -9qIF5Gb53QTgLYgn93AKD/hGtJ7jUcrESliAoCgWbdkYDm/vkStkX6vWdXmX01fl -hfv6c1eYTkDhOboVZL0p0DxZwHU4Ci6UF0PflrHmospKo12bLoa2dea+5LfQVgB0 -icijZ1ZF4oePzFOtIdDYmNDfTkBe7q52HKNIPbLytXTFv9gHj/XpRdDUDgNzS7TO -wXP1k4zY96H9YEgXNr/Ze7IQt711/Szj/bIPfuCyJTSMRh40wPW+1TzGkdQepBDO -lHk1uVs185lJd3TryUGhfXu9X49hXOpvq1nhOy3UW/FoDPLGckOoQGe9PikP3zQC -6poTttdmfmTy7D3vniZUjDmbztyml3twM50+KGhGJTbjEKDqs9dASbn5B69LbnOA -kq3SzgJOGgTiTT8EFwjzAoIBAQD8LjTqiEB8TY9qQjihtcidDWBA7TcBjIQ/Wm4p -3ff0NdGPa6/qaCPX7769wBW5/fJfoJu9ZhebWfLLYacK2Dz1BYn5EqoAf4mF4C9S -ZDY4NO3tl8t902bjlQs+ehojyzOOVHxuATZ4mBrCFUYuFn1YPXR0qIvvXsvhRM4k -LCf9lGl1ldUpWNbdxTxUl7NZVuZKevwBvfsGB9SPgnvDCgg0Mh4pBGUDP0WZqwaS -frvB2iP4hVH5e/lUl2XxtlJIil8Eb1rGH2O6CmbvkSc6Sceg67/E0N6u4w9i+g1G -uu+FFdPQSve3jUrOrhQjO7tqjh6p8J858H7CvoJo7Uojk8yjAoIBAQC4tnUCvlns -VJQ9SVqabVuIWPJvgDf/EVHncVFwJZtdsFRchs+QFtUWyJRD6mRtHtBdyIpsQCBb -YxPYbMoQClpEC7VNC9Y6RDKVxRM+A1cQ1JiP4PQTyzYIVfoU/RbWuixXHOvGOYsb -LwjGZ7WQtaG8Pyqt8P97OIqZzeuQK5y+ZuixDZpBsy3xhYyQcC1oowLLgf7ip1QU -ueEF/fi3OZCd7oIbZX10EYr/QINnlyYstRxnHz2AOO4kilQEt4Yq2YKxo/GiXVp+ -HlDD53xl/1HfT1sV9BnnoRQksmt61LO3qz6hI7TgQtFt4+Z3TsXB4siWoFtmfGRo -njuShRAdjt47AoIBADo2EFDzEq+e17QXhSsO4zgdllJmb4QUA5L8NOHFMy9UHQOW -QA1D7MIzvTvf0yQT0pbwZALcRia+JKV97Sk7sRZ+KNMt08A5sG0Oyt2h9EIVNbba -i0aIPf/ar7XESbRpe4UnS3G5JfHAaqzSbFjHKDfuN6uWHHcs0rM1RsBi0PhgAdf6 -tjHNKAwZM0vzmJrOzGn06acdS4yg0hgubpMfBbXGu9+L/CU7vb0zFVlLl9uvlw4O -+FU2oN8983JQO74y8qv7aGDDbinLrOcwAnYaAdLLmIC+FikYkLywK9Bf5lo6J6K1 -K2lbXCFJXaykZSa7l6hyus6NDTW29DN0UuDThTECggEBAIlRU0G74zv3UNETBGFD -pUWC4pCT4I0mAh6uNp3Jx2vqF31F127GGpo6eUbYLNqWis79tDJvpd5qlKlTjxBH -sf1eOuVRRGzCoFyJSxnR/9sKQXTNBobkjoG58RXDZUQy2Z3VaU5PHyQRXlOpa+ht -rxQ0XXU8caHYUemvlUzzry45cQmXFDN9kk04PFxwmMFuVjiWprc3MCHMYgZDXbBR -Ajr2whC97XrpQ80o18eeLYoVBk1/gwgcyqWtlHKBQSP/2dJYD93lys1xmhdZszhc -jDAYXZ2/f7acIE57ub1x/T0w+HlxAxmpcupf/8h4bjoKb5bTFb/l//tqjt0JQQbI -XFsCggEBALd+S5rIRYz3YpXCnt+uT6ELbD7RfDtoGdWtLavm3vQb3yZCXGwlHesP -ud1xXZ5w1Ky3GSqvXJ4F+UiVd+DLEoq6u0Y8adkKmNpwElJffG7+/9ZgDgAUQDhr -i4yqH5wYHs2tSdc0hHEqmLjn0uylX+y4pWojHD1l0w7KrepUzj9SNVrOyzl8D7D2 -xXFNb+rSY4B9ZwPofYqxGxM6GGo47GFFOGqFsCtwp8lcbSMgzx0j36Ibg9uPmoeM -53ea7Fbqv+fWVzhu+6r7BE7mp0rYBWPMRg/euciYl2X3FBRjhqt1/GENDwejYkFS -qLeaSJiKSNSUyCl91Qu0eb4FbE5qLwI= +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDZRezL1GWM/0um +gcLNGI9fsp0sabLUN1rUTwXjCGHvGAt9cPY1xK6P6+/QXeBkYogmwC3Udhwl+8x3 +AOu2FKP9QeveW+hB4N3SCtY4D+nGxPWnL1Yjh0170tkVRPkh89wPX4XdtAcIgZjj +NgPH9wR3eWH8E3cDRvxjosy4e9aw0/VTHb0lZ2Ko6mY8x2bJNFUExmuh157b//yH +dcL8O1K1h13o6YSqSlnLmnaSHpHA5/21erSjszE3ZjiPZFR6cl/RDjpJRKrh/eQA +Aeg7XO00VokrvZnK07mZ2nNyp4z1yCV4fwWCdBMfFfUSm0EgN8D65JxGj1He5bm4 +LVv6WuWj+cqgAzRhHjp8iZsmLFKvAoXSg1eJ+mG8vw5P9ZVd38M8N2DtifvmCkE1 +fln84oQj42wDgNQuwSafbGQIhNYrnsgbf+2lNj5IIYm/ScUcexbmCmKyOZfNcVQN +AF26vQOvibBDOFyDW2qdi2tIGJgTPhkJPbDqKJx4UqNxIuoam28PifmK51Cn4i9r +WOpQ2nM7JGX1Q3IE6S5iaVnogp2+SSh3PhktxQOK9IUX7ysX9eVQAdN8lnKgaIZu +yYOx9H9jWValZ/dCLa2Y/BuFslx4NRVLtoJkUIakdTepo83ZrrSs3c4DSEIJJkgV +PBmBkua3RdYB1Cw+A8T0C8nvExyJbwIDAQABAoICACiqtFwgWJOP8y5qqjXuK2O7 +kDyQWhbrd3Y2hkEMwBva0ce8XXEJ66xnej7zWz0eziIGpW1XYARiAU6i3vt5GIqe +DJJVfH7cIliei6L5o4V/NwWAUCydNgz/lX8sJj9LH/zGoc0x1YErlJyubv2+B9l+ +4C6ozAVSg4n4nj3HfBMj0Q6qCc2W8LnyCYnFvsDZKTKYGuwzafn+i1slWQYR6nSs +rhCaqKig+vanZhsKWriTE4MkwOvE7ejTGrIIEuHKR5HfClzNW/ipp0OzF68IwSMj +MVB9D+yNPXeFEke7AaC9QfowOC1HIY8XcoP1iDaKCPZM1M1GJQpF0EGfR9Bvs/xp +Jp1Yp8idegZKz75S1fKq5EvOp0sIfyFST6aeSlYHz1/MRKf4H+8klRQeOpAnVqhO +8wT/NT0NHYU6d/fa74H7BkE146P8I3N2fsmuUkmwpn9h3nruTIh92PnDs+krI+TF +/TZzfQxS4BZ1ky/IgqmmhWK3RwFVr65v7Reyo4F56vHkxukcJh2L1WM0RyFeZM17 +9aSbdQpLj7x6jOLM4JlYa8+KUarmzfHs8A4ulApY5RnRs898mCE6XeuI3Rl9EsY0 +JcvS0vQcunGY89dk8tw2Lay9BIFgGcPKI1zKJlbbf6nmcZEruQdRl5+Z2q8ZaTtb +DmOGV6aTa9h50t20pxqNAoIBAQD5kblDIzGlSh5sn8WMOMgsoiH9L0vw8amw6PFy +JohYiMtgrUovuV84a6G3xe2dGya/9t38Z7ywTocKkxaYM6dqQ41COisJdUwD4tvR +RrTbZqnyiFjC3iLYqpXgxUy0IVZd1uzkoiUB95fgMr3TsZGHipvo2HTj/G2nIgSO +4mNN39L4tQNSqig9FOUvYj4T9qac1D0kbucd3gZ7NhifuuGRVF3yH600+6niNyCr +7wPwEcsZCdz5N6O9upKmQ/zhMmwyTT5XskamJw7ltMOZ6S+ihSy/y0ZuIXYCDir8 +VrNFXutt1dntyK0IIVb2Zk4n7/ETbkoZfPqMaIU/xsNfKQmtAoIBAQDe3yk8aC+q +TbvVKwU+v4OqUwlWNOVgLg50ZfvU4OQ9CbfFtvDmKbTxEmNHN2ENO3/6092QUIQs +ZrkZ3QBDkjABTFvRA5a6wOqgxZ2goIwwZWJkYrJFA5d+ExB+AciT1ZaVUKbBWM5R +V90NfnJWdqlssnw3+lkvBkfOUNt/JUaY0V3cVIdZkCnu+/hGbeZFFwpdnkALXDGu +WIy3zDFv196bO8qdX4UU3t15UYrkpdvM/QEEF9RNVpSkOB/SuEExI5h6YWaiGiiw +HcFqZ2CF3ZoBf8ATL+c5WLbIvwSuGW8QEv69hb198tpQswa+R7DX+IA22xL3pvgv +7NqzcQIT33sLAoIBAHEK3aSYa2NYGEHReNST36+/3K9m3foMLHWyfbLb20Rm6eAn +fgPx7jyLHBw2rfNMmhe3hUNP5briRu62QzS7qOhMIs7NtDK7i6vy9OhtI3yBmxb9 +RV826QfE9NBz7dNlik5FDNZez259rLBjq3IY6zc+xHIKoZ+m9jAPC4uA5cQfTttS +emfWJRXNwiXdVQsL3NoKlItNJKh1qe/jR/IJ3yRJ16fVS0pFd+S8XbMjN2BlXt4/ +hnToC+XjfYuMHh4PDc0XCdcFLFUUOf44C6VKZ0YxFlzlgUhfJam2qyfTSa5xWShO +BkFbdWzKVS6UlnAmkcbgXPYAkyhIK5sAt/wBhZ0CggEAMPI/wyV6emNyAgHduAcl +am2sGkOpsHLM9+FB6mGtnn4Y3xIrW9EDDQKlzQkrhlVv6O1Itp4IORwiQLzZhv1/ +D3nunDu2ibM+lCpyUMmRoDtT3YoTbra4OZcEQzgvDdCVrps01DelsBWk1YbUo4qR +8O5N+5k+puYxNO1rF0RfecZZX78sro3Lt9GcmBMgxEGoJCFSHWyU+J434VG19cMp +/1ulRuSofInph/BRmZ+XYzCZXYXCOW3vXRV6X7PZlWok3ZOwj59BGlSemrizaRLe +9L9StqQJmv2Rvwq8g2PQkW4qhgLuN8/zBFAdBgMGopfPyLxaMQt5bEUPTuNdunGV +OwKCAQEA9GEIEXos7dTzp68cqytYN/SeiuRgHgtvi2zDlD1HUL/7V3c192NBgAR1 +tPfR/Gl9TrKZox45sHvUCyt395aqB7fpSkmJBBtPmqXkX//E7wtjWiry/TSAjYVP +6hqo70XlgBNPpqNV7/PoXagfGzFxp2l3LIB52xePuHbwOa3Z7UB/2IItsu4liNfG +9mYRloSNALglbWZaFyzG51OUywCM+s7DylAOv2dRJEZ/wPybDpQsTG/h9AJsb6Wa +ZrO+m0pyvFjAGnHuqVpwjkKT0Y4sTqZUOaQMQsG1fB6wfYIagypKrdxMtF0w7PvJ +vmWw2Uw4DH8zFu1I9deCqW6ilOly7w== -----END PRIVATE KEY----- diff --git a/testdata/spiffe_end2end/ca.pem b/testdata/spiffe_end2end/ca.pem index c086690f0651..3d2f55bd0f37 100644 --- a/testdata/spiffe_end2end/ca.pem +++ b/testdata/spiffe_end2end/ca.pem @@ -1,32 +1,32 @@ -----BEGIN CERTIFICATE----- -MIIFlTCCA32gAwIBAgIUCD73sHXu5IURolSTiJ127a/xUO4wDQYJKoZIhvcNAQEL +MIIFlTCCA32gAwIBAgIUZ4e1KRtWw0c8V5NnA9VEoUMvzq4wDQYJKoZIhvcNAQEL BQAwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMSEwHwYDVQQKDBhJbnRlcm5l dCBXaWRnaXRzIFB0eSBMdGQxGzAZBgNVBAMMEmZvby5iYXIuaG9vLmNhLmNvbTAe -Fw0yNTAzMDcxOTM0NDZaFw0yNjAzMDcxOTM0NDZaMFoxCzAJBgNVBAYTAlVTMQsw +Fw0yNjAzMDkwNTI4MjBaFw0zNjAzMDYwNTI4MjBaMFoxCzAJBgNVBAYTAlVTMQsw CQYDVQQIDAJWQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRsw GQYDVQQDDBJmb28uYmFyLmhvby5jYS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQC19PImArmxbwgqo2QG2si8BU6E69Bvyqxz8Je3swxBIGwZ9uIo -bMSBLeTCYyXuf+o90Zf0kMwzmrAKeLEeky5W/j07zGXAtgUBPA7L1Uk0TxOdJXBC -UvEm5Oc4GxubfO7F+pdJKZ+XkRVqbnStGe5qX6KNs5rcJfFUhewbtM0snGEIf2yh -aA0mNNuGtlIm4VB7jmiyHNU5YTowByVCVrV3/t2RI9+T4ya0AlkW93rU0M0qQauJ -35LkJIXifbzrnLxmztEyb+mnVUB+GJgz01E4teWo/PJb1aNJ/ojf/UONsQ5IFRdz -a6RhaQB7C+Dxlnt/SJ3MMaxHgVycYuJeVtJQuncGRSuQ2YrmW9b36HVnxa0xBDeS -luUjv48hMRlLNaXaH4yuK6oc8TNJie++/ir6Kb4H+0RjcKMGqxZYfotU1obxa+5N -3wzGSjUDUrhofzlfvqbp+NCwdFH+qczM4IZPL8YMMh6goKr9BRN9/xRIieotyH6r -fKNcnkUgDp750U0cZ7P2eRUpldyc9hZS5AlF4cKQXgLIrv1LrZHkiIietetInUEB -Aa/PF2YHRLXUyI1PCSBKBu7wdwAU15J9dVFC9jkmOLYhoRdPfrobpWhs5+FfPJum -SoiusdGXd7x4l313xi2V02YXz5mRGbT2lCb6aJPweuziiEBZn+5KV++DkQIDAQAB -o1MwUTAdBgNVHQ4EFgQUL/YTEXKZRjbOv82CwGMuBeNwErIwHwYDVR0jBBgwFoAU -L/YTEXKZRjbOv82CwGMuBeNwErIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B -AQsFAAOCAgEAIYtNERVMj4dS/KgoXD3a6mF6KD+IuxDTlVbVTwDJMzdNW5UPB2qC -iDKbirK8Eedh90r3qxKzBiQPE5AHDZrbWSBAxDhlpQqCXgx8Z+nCB38K9i8hbKM/ -ablm9DkeHiHohoP1kJEN2HtPz1K6OabbKbPtVGt8y+QTIlZDodPPzKPmQ6dUTm9t -WlU1oIxl4pPVR6WXDr0qAmNRvdW7+8/Ai+gMDi6fKQJCe/r/meVrI9lSrnn8VQyO -4xXvyolHEROTUiomlJ1QE9IWAM9LNFOuWFwQjayo2d6O+zHqjGUtbzBHFb8/BLJc -QzogWYT0/+rEboJhR+/OGe0ntPPkudmLL0HTx0Q1aajnChMVlaOd2wucePZSa6Gq -GEVA+lCqwbteqwJCnL7deVHo+UlORFgQwYir2CQbyN9Yd4MtQT7VZuDiVC6tlGbj -1ogrpOnW8n49jXrNPWuPz2hcPQb2gzYFGI9WRKIX4SjvvS3QcHUyigQkjAQ12Ldj -5CXBYTjSmjcgsa2QfUY5qrXsHLz7e4uXD9XYnB/XEEfxQfQTFEy5CtzTrTxnT+cw -RuBooIr6InjqdbdJ+UbkWcIY6w+c7ndFT849pUgtrojbVpm9ZzsmHhAahR/+iHYH -+LGeHYIpq71o/YDgM4vV9z3sWic7u1YE9JULBdlaDw8Xik82zjvw4IA= +DwAwggIKAoICAQDZRezL1GWM/0umgcLNGI9fsp0sabLUN1rUTwXjCGHvGAt9cPY1 +xK6P6+/QXeBkYogmwC3Udhwl+8x3AOu2FKP9QeveW+hB4N3SCtY4D+nGxPWnL1Yj +h0170tkVRPkh89wPX4XdtAcIgZjjNgPH9wR3eWH8E3cDRvxjosy4e9aw0/VTHb0l +Z2Ko6mY8x2bJNFUExmuh157b//yHdcL8O1K1h13o6YSqSlnLmnaSHpHA5/21erSj +szE3ZjiPZFR6cl/RDjpJRKrh/eQAAeg7XO00VokrvZnK07mZ2nNyp4z1yCV4fwWC +dBMfFfUSm0EgN8D65JxGj1He5bm4LVv6WuWj+cqgAzRhHjp8iZsmLFKvAoXSg1eJ ++mG8vw5P9ZVd38M8N2DtifvmCkE1fln84oQj42wDgNQuwSafbGQIhNYrnsgbf+2l +Nj5IIYm/ScUcexbmCmKyOZfNcVQNAF26vQOvibBDOFyDW2qdi2tIGJgTPhkJPbDq +KJx4UqNxIuoam28PifmK51Cn4i9rWOpQ2nM7JGX1Q3IE6S5iaVnogp2+SSh3Phkt +xQOK9IUX7ysX9eVQAdN8lnKgaIZuyYOx9H9jWValZ/dCLa2Y/BuFslx4NRVLtoJk +UIakdTepo83ZrrSs3c4DSEIJJkgVPBmBkua3RdYB1Cw+A8T0C8nvExyJbwIDAQAB +o1MwUTAdBgNVHQ4EFgQU/LjtA3oVWCTz3qfAQXuc/dC7b84wHwYDVR0jBBgwFoAU +/LjtA3oVWCTz3qfAQXuc/dC7b84wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B +AQsFAAOCAgEAZFJDbhKL1M16Ya7eAvrgUWI9vbC4xm/68HzIGuQLeP9yr7QMfk5w +zh9umYcGWs/hkz2jg/88PbPUEP35psTw+dZGtnQwi/0icM9w7m0HZrDx8vMYvX5A +oEaPb5PqbjwhBxzd2Hpv/Y+PLLRO9uh1Xeh95J4yp5t/xOPyimljKLTam+rpj7Be +vYftlSXuIWrR6sldIt9I1zT5CfcBSefmSVo2WtgLdqfOBIAD73OMbcxEPDiTF4/q +8S1qHeA8eNUXc5IrWEI2NirhpvR0ZXMyjY1gJoZ4XqPFSXg+1oi9qpbjMhKU5J+R +m8brv/HmACaP90hSPXjuRl2Tp/NJ6idV1heNd4MdTeAlH+deQ+UQ/rFo6HY95S3l +tdcaDX8V7WdpRUQddv2DS5VPPi60LJuOdxKB+XFtjdLUtxwOw3Hoj91YWZLuMu2x +zVeASeA6FsB0vZwQdqn8FX1BQNSIEHGs7tieV7N0AlLavQBpyRYfhgKOL9Utbl4C +p6C6k42uFo/tFREUdzgtt0JqT+/NMJRA6rOJYHVUWNeG2ggGpuCtHXkwktC4JBnU +wnvdVZX3sXPslmiFzMO6S/+PesHA0TclifTZNOETHphF8efGsRFL/lkhcBRkZKBV +OkWKdKMUnXPgDKLyu/e1WQXCXmyTjv8FEiG2Ni8U4P0c2PldooYVjw4= -----END CERTIFICATE----- diff --git a/testdata/spiffe_end2end/client.key b/testdata/spiffe_end2end/client.key index d3f694ad1ccd..15c27d59c31d 100644 --- a/testdata/spiffe_end2end/client.key +++ b/testdata/spiffe_end2end/client.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/Y4KWLto/B3f3 -YRlwJXn2l+hlre80L36k0dNmyvZW6nY0zZfXGJBHV3UlIT3YB+vIsePu3KtpfJak -xjBuyL65LtZphxkR+1mfL6ucVqgroI6b7WFt/Zo6vjElTbJGMaNcprItlLNjBxKw -d0elYWS4q/TkhUw9cPfywE+FCNy3OPLPbI677lD1C29AlI8ToTHfjY1PqJ+9dS2j -xg7qAskWUsOTjfXO8SiQbF15DkD2hZDg9I2/BBC9YhB5xUOCywb5U9Ucomp7Q9aH -J3OkvsN1n0Un7GHkEn1iyXaa61vh94uk7M1e/ewvBdmC+JUgLaU0tKdg7dFIgc4g -KF4ewvITAgMBAAECggEAGNHb1oQe83uReDhUZzHE/lC257DFy5u5LcC0TKlXhvAD -AlgDL/bUhxv1aipEbeahEjbXm1tss1Jf6uB02XkZGsTTM348pxNUjQtOkwi96GJ6 -/Aet0ejIfoO5td+8ldPMHrDTfIvDM71wFAhz9yOJP1W1fYk32OP0k7uS1GrQzMXQ -6y5pA+Mvn1lXb9zsufkrvyp4F+QGUiXnPNEPXC+9u5pNqY0OkNvudn3cfU6t2jJO -lUies9xiX5GatWQ4kp/i26HoTGvefuM3mnNmm37dSt/5zalfrECC9e3mKkba1StY -XPavOtXkjA1X51w5MqVL1wEBYQCQTlr+KSATR44y2QKBgQD98MID26fNYSrNuTxN -I9YHGqFmwB3qe2jOec9dqmOtdh8ji+UEX1z10Sm6Vrdk75LwwCp066LBxyYVTJo2 -PgN6Dn0ARHEF0j4GgJiYWKhOJk+mwVHDENuQFSpGgP+mLXGGyo8irCz/HP6g5uww -70h+QDPtNEccDHLAUaaA92DdfQKBgQDA8OEtKPtgWZBdTEvcKQbn49m1aihqjV/q -kr8Nn28Y39i90vyGoO67muTuSAvDNgW6ne/W2Ic5VhSicIVyVHV0p3cUB2NGwdnp -RvT+7wd22pVUMW9Lys4hAg1O4TtoO5Th/lRDXf28IAmxQPz7jc3alr2AEgaawrEH -t/gyph5izwKBgAm/uHMVd7e2x0Hmnp4Hhiv3pcKgFYXu/vMOUhuycukx47glosEs -OBFn2kZBFgFWATok5nxen3z4/ElNC46RiuigrcPY3M3waFkvjqwqmyuE5QHt4gmv -F/7METdrtGTY0cbu99fI7GFO56edteubBBl0tYmhvCkjgTRI7i99T8axAoGADvGZ -PzoxXiERwWgrZ/31fvhy4E48myQgDbcX/SIgJLkRvIIe9P55/yXcHWiPIKuKfg3F -icpzjslQB9TXQSexgTuHSZHY6p4RFrRcPXKeDWKYtlCt4hzvIjdaeIWRaF1VBrwA -Iseg43VHyubRsVomW4vZWZYL1OjHdWWWX7XmHJkCgYEA2LUeWNkdqABJ9Yta7kKu -02gkOsjnQyyYIeFCteGSM9oejE4zDM+WSCpVCLzq8DcRK8M/xBhCIf+mVZRroHAz -g5YpFrg5a7kuuTgQJv/6ju+Mbd+DGpsul/N2zIPFzy6T27gIzL8+QExUK0y1XkL/ -7yGUwV4OO2kuwh8YT+TiCts= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCeb12R71ES72b6 +ag0gDK+8Hf6DPc2szn1Iwa6L7qoqBfFXxZImPhqVIuBTISxIlweib+lVOKtJDFym +a/ILGiWwKy19H+9dwf/R5keufOjs+dkSt2kwNNAgednGiMiuBi6186QSCxhp1+lF +q4UnBTZDsVjm232NPF3w7xUMLzB7XesY7A7cSLFBOdB/ObDB+UYMR6BpyN7C8gH3 +Y2t9wYHpw8NpMNsGshGSG5Ti8R48j7ZS4lZslW6qPzquYMrdNQx8XhsHOr3q9LDw +SIfR7j4M0A5FRQQlWpslmAUlxDqmrXQ6FdAMSyU8Qa9VVHzO0PrrEXOFijQdguL0 +QT0WWd9JAgMBAAECggEANHlaGl2TEpxsFQBO/JB3G+0rQLiViGiToidT8lDH10dE +mfd74mKrVz3H4oCYNCqhgrFiLLGqOXV4sj4KWpb8aI7EcC7Fjt4UJqcIksgYNXTC +6qoIksjLLhZthI4FOW4exnC9pKQ8H8I9JrAaV8QoJt90PHHx8XdO/d+RrwlqG1GI +a1iIPLEEx54hMkpUDojmzTSaWihZTeBnl55fy0bXcCK1WA6lp9UODhP1HXgf5HyT +hopVGwIzP2xr4hTsKujwGp0rIF+42ty9llGKP8mZQ4kDaf2gHDflORjvXE0GS7Sd +6dLv/uOBvRVqiG/FnUKCFsPQab1I8iIJSCUw9wxuKQKBgQDRipuRFCkPa/pBWa9j +xLg1r7zbb2fLX4HMC5+DeQYnrURDDGUglAgUUcgLeALTKpDbZdpPoDm62nCWNPbM +CMreMuz6yxPpV6Gc+8aIVg25ExxyuBBc8x8raVVRUaQQJblur6LnPHTP6fme5D9Q +fCPQAmop/8RIozNuYNULvlt7wwKBgQDBkABkPsGR1TbGXG9b9RriAomYY0pFxQZs +yUey+SqPrNJ3Y9lFbCU2yuG8BUaXKGYHWji9Zn10Jv393d2Y1mIUA+O+KWOmMdce +NBBkSHsOJkeQSc16bZpcZ7gwSaLiJp/LJ8tFoerY72kpoqk14zLHBb0RjbnPpp7b ++7kTjKAkAwKBgQCAYmZye2G0+zl3tNWLUUp0SlpyME3uA3Rpam2vhgVJZhW+5udH +EKvqlzj0HfHNI/VhF4Ss6MS2QYRd49GarYBup9Ee0DJA89onbvPzMJZz4Mu7Vh9g +c+2TEZSeoGDfK93zfVVYTGhdw0OYIMzSKV1f4zrcxMKkpqmqZVXjPhybNQKBgEdo +ytww0tTsZiLUIzk3uc07xmtz5gjLYU1tDIiYp/0NczAcpCGafjgyrQjioWJOwyVf +QaOOViYt5HJuEby7Cr/7l1+mgV7k8EnyR0HYA536vVgcAjRyjwocMbWO1Qq92SHn +8nQkAjI6UP/NRMPep/MIyPHa6XwUKnNZ8LOno8TlAoGAYGlDV2mbgTLKbIyXfKhe +EX+NP1OvhKrk+GJhkeTXwnu0Vz11KwLdRSSt2olLiMgl7phKinWlspWiNU0RGf3i +BZkmGzRHiSn/ykKY792ujN7iodjjuR2644e1FdDGCOJVH9erh+H7lwI6v2om32Rf +W4GdaqQ/t7TaabJqPPtLBFs= -----END PRIVATE KEY----- diff --git a/testdata/spiffe_end2end/client_spiffe.pem b/testdata/spiffe_end2end/client_spiffe.pem index 475b49093a5e..2458a44668a5 100644 --- a/testdata/spiffe_end2end/client_spiffe.pem +++ b/testdata/spiffe_end2end/client_spiffe.pem @@ -1,28 +1,28 @@ -----BEGIN CERTIFICATE----- -MIIEvjCCAqagAwIBAgIUBoJ396S7DO0kRqDUn4TB6zKKIIkwDQYJKoZIhvcNAQEL +MIIEvjCCAqagAwIBAgIUCzY7jU+NrvxZf0WMdg/5AM5i8XUwDQYJKoZIhvcNAQEL BQAwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMSEwHwYDVQQKDBhJbnRlcm5l dCBXaWRnaXRzIFB0eSBMdGQxGzAZBgNVBAMMEmZvby5iYXIuaG9vLmNhLmNvbTAe -Fw0yNTAzMDcxOTM0NDZaFw0zNTAzMDUxOTM0NDZaMEwxCzAJBgNVBAYTAlVTMQsw +Fw0yNjAzMDkwNTI4MjBaFw0zNjAzMDYwNTI4MjBaMEwxCzAJBgNVBAYTAlVTMQsw CQYDVQQIDAJDQTEMMAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBDMRMwEQYDVQQD -DAp0ZXN0Y2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2OC -li7aPwd392EZcCV59pfoZa3vNC9+pNHTZsr2Vup2NM2X1xiQR1d1JSE92AfryLHj -7tyraXyWpMYwbsi+uS7WaYcZEftZny+rnFaoK6COm+1hbf2aOr4xJU2yRjGjXKay -LZSzYwcSsHdHpWFkuKv05IVMPXD38sBPhQjctzjyz2yOu+5Q9QtvQJSPE6Ex342N -T6ifvXUto8YO6gLJFlLDk431zvEokGxdeQ5A9oWQ4PSNvwQQvWIQecVDgssG+VPV -HKJqe0PWhydzpL7DdZ9FJ+xh5BJ9Ysl2mutb4feLpOzNXv3sLwXZgviVIC2lNLSn -YO3RSIHOICheHsLyEwIDAQABo4GJMIGGMEQGA1UdEQQ9MDuGOXNwaWZmZTovL2Zv +DAp0ZXN0Y2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnm9d +ke9REu9m+moNIAyvvB3+gz3NrM59SMGui+6qKgXxV8WSJj4alSLgUyEsSJcHom/p +VTirSQxcpmvyCxolsCstfR/vXcH/0eZHrnzo7PnZErdpMDTQIHnZxojIrgYutfOk +EgsYadfpRauFJwU2Q7FY5tt9jTxd8O8VDC8we13rGOwO3EixQTnQfzmwwflGDEeg +acjewvIB92NrfcGB6cPDaTDbBrIRkhuU4vEePI+2UuJWbJVuqj86rmDK3TUMfF4b +Bzq96vSw8EiH0e4+DNAORUUEJVqbJZgFJcQ6pq10OhXQDEslPEGvVVR8ztD66xFz +hYo0HYLi9EE9FlnfSQIDAQABo4GJMIGGMEQGA1UdEQQ9MDuGOXNwaWZmZTovL2Zv by5iYXIuY29tLzllZWJjY2QyLTEyYmYtNDBhNi1iMjYyLTY1ZmUwNDg3ZDQ1MzAd -BgNVHQ4EFgQUVHpZYzO6JCGBTQwzWbj/CVC6sTAwHwYDVR0jBBgwFoAUL/YTEXKZ -RjbOv82CwGMuBeNwErIwDQYJKoZIhvcNAQELBQADggIBACa1C7Zn0rXXIXC9SI8G -MPSTyebo2s/OZCQ2sKQEK90yL33Ae97beiBVgFlt2TTXeEW91iZMZMfn9BlRDYkZ -j8qdcNbG1QQEco2ZT3Ti13psVoSIgX2yMbds5DFkalJhXCx21xxNHLVUtd1xRDhu -JvFm+V4TNFi1ka0U5fNcxRAGeVkR7tzpvUy8La+aNHOOAEaOX4oCQKueDXhGJGcL -EXMz6N/KyLq4otaKGO67D2q5or6hH1afgrIcdZV0Gb7Cf+nR18QNWvH0Nm1cXdkT -OL/iKlDqbhLGznGazz6T1EWlbynGjupFWdXDIPjsgN0xrAJS7NWjkUSgWcA94J7Z -JwtIsjgP0DWg7fQsYa4cR9rxS+gYtkiKZuRTONSGYxQLAxJEb5NCCXE6fBC6jfHZ -xtsY1ExlA6f6t+E7mS0OkRqbb6KZqTFGgSyx99jDL46FUH3zqA4IOs8Q4loo/Zkh -LNjeG/3MoO7RvyY9g58y+yf3ZOp92zoyKMSqCBsvdTMRP0hWGq4BqoW/3Sn3ujf1 -uf5KEE+peuYzEqK1mtuZQHe/+1Vm7h88/TlER7mijMN3/MFZzmor890vBbzqf7KQ -Q2QCRwIISj3a0puskpZM13Jt0r8cM+npkk1evfgmpBjNLrOinIQgWy30Qlxt5fIh -jYaOBLHtSFI01OHnivQ1dFWG +BgNVHQ4EFgQUWhXxI5pA878mNWlbVFscM7rPD30wHwYDVR0jBBgwFoAU/LjtA3oV +WCTz3qfAQXuc/dC7b84wDQYJKoZIhvcNAQELBQADggIBAMqDRhSCS+cSozh7oeqQ +RJehfP/3pX8grzezk/PmohG8NiPx0Zwy9Huqf9BV5VG1iRwF1DJmbj2VV59jTuLa +B6LNWVDwmToI3nVCedM4pTLGEKIvtKEMZQserR/FrN9WEHG3nU2SnS1jqTRVu+lv +69sOtkenXs51X6YzyRvY/MD+b78JuyuFu9/33Tzn+mJ82CBWuGspKveWanwKsYZp +N5XXPNLF6YWO8MfcX9ephjQXguPxmavoWno/QDmPuZzAwX6T9MqvNKk6aK8hdQfU +Gw5E9nQ+oyZyQXZw7FwsEsj+MOhPp3wR4Ubwth2PXfXWs6icvDr0Cq2O/x5eCQ9w +F1fy8ORBFLSqwmqCuTjt0rF2dqMUDiV7EVRzg8ACWB4gCoSAZhT1/uIkO452Tasa +zF5c29bWo1TCe8lJ2QkFBxZyVTPwJU1uIMhWUHrykqaO6oueZZFp+qLK9HevTqjd +5Cp4OzdemWyhQhk8u30sNUM0u+Elk125BnGkuBr6DH3AbKP5JK1gtyWGt/6CfDR/ +iBG18B7aQEEb46vmLd4EsgLnwssOir1+t/IBFQ0cXsuqQekuez1GqA9+IQfcg028 +lrjLvMejJjfofvIUmQ5R5IgZX1xThb2kM05CifJANceu2sORxieefVC6izDc3gOB +2cRdNb9kp9E89P7FnBkku+9Y -----END CERTIFICATE----- diff --git a/testdata/spiffe_end2end/client_spiffebundle.json b/testdata/spiffe_end2end/client_spiffebundle.json index 18f81dafe6ef..892ce0b14b65 100644 --- a/testdata/spiffe_end2end/client_spiffebundle.json +++ b/testdata/spiffe_end2end/client_spiffebundle.json @@ -6,10 +6,8 @@ { "kty": "RSA", "use": "x509-svid", - "x5c": [ - "MIIFlTCCA32gAwIBAgIUCD73sHXu5IURolSTiJ127a/xUO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxGzAZBgNVBAMMEmZvby5iYXIuaG9vLmNhLmNvbTAeFw0yNTAzMDcxOTM0NDZaFw0yNjAzMDcxOTM0NDZaMFoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDDBJmb28uYmFyLmhvby5jYS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC19PImArmxbwgqo2QG2si8BU6E69Bvyqxz8Je3swxBIGwZ9uIobMSBLeTCYyXuf+o90Zf0kMwzmrAKeLEeky5W/j07zGXAtgUBPA7L1Uk0TxOdJXBCUvEm5Oc4GxubfO7F+pdJKZ+XkRVqbnStGe5qX6KNs5rcJfFUhewbtM0snGEIf2yhaA0mNNuGtlIm4VB7jmiyHNU5YTowByVCVrV3/t2RI9+T4ya0AlkW93rU0M0qQauJ35LkJIXifbzrnLxmztEyb+mnVUB+GJgz01E4teWo/PJb1aNJ/ojf/UONsQ5IFRdza6RhaQB7C+Dxlnt/SJ3MMaxHgVycYuJeVtJQuncGRSuQ2YrmW9b36HVnxa0xBDeSluUjv48hMRlLNaXaH4yuK6oc8TNJie++/ir6Kb4H+0RjcKMGqxZYfotU1obxa+5N3wzGSjUDUrhofzlfvqbp+NCwdFH+qczM4IZPL8YMMh6goKr9BRN9/xRIieotyH6rfKNcnkUgDp750U0cZ7P2eRUpldyc9hZS5AlF4cKQXgLIrv1LrZHkiIietetInUEBAa/PF2YHRLXUyI1PCSBKBu7wdwAU15J9dVFC9jkmOLYhoRdPfrobpWhs5+FfPJumSoiusdGXd7x4l313xi2V02YXz5mRGbT2lCb6aJPweuziiEBZn+5KV++DkQIDAQABo1MwUTAdBgNVHQ4EFgQUL/YTEXKZRjbOv82CwGMuBeNwErIwHwYDVR0jBBgwFoAUL/YTEXKZRjbOv82CwGMuBeNwErIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAIYtNERVMj4dS/KgoXD3a6mF6KD+IuxDTlVbVTwDJMzdNW5UPB2qCiDKbirK8Eedh90r3qxKzBiQPE5AHDZrbWSBAxDhlpQqCXgx8Z+nCB38K9i8hbKM/ablm9DkeHiHohoP1kJEN2HtPz1K6OabbKbPtVGt8y+QTIlZDodPPzKPmQ6dUTm9tWlU1oIxl4pPVR6WXDr0qAmNRvdW7+8/Ai+gMDi6fKQJCe/r/meVrI9lSrnn8VQyO4xXvyolHEROTUiomlJ1QE9IWAM9LNFOuWFwQjayo2d6O+zHqjGUtbzBHFb8/BLJcQzogWYT0/+rEboJhR+/OGe0ntPPkudmLL0HTx0Q1aajnChMVlaOd2wucePZSa6GqGEVA+lCqwbteqwJCnL7deVHo+UlORFgQwYir2CQbyN9Yd4MtQT7VZuDiVC6tlGbj1ogrpOnW8n49jXrNPWuPz2hcPQb2gzYFGI9WRKIX4SjvvS3QcHUyigQkjAQ12Ldj5CXBYTjSmjcgsa2QfUY5qrXsHLz7e4uXD9XYnB/XEEfxQfQTFEy5CtzTrTxnT+cwRuBooIr6InjqdbdJ+UbkWcIY6w+c7ndFT849pUgtrojbVpm9ZzsmHhAahR/+iHYH+LGeHYIpq71o/YDgM4vV9z3sWic7u1YE9JULBdlaDw8Xik82zjvw4IA=" - ], - "n": "tfTyJgK5sW8IKqNkBtrIvAVOhOvQb8qsc_CXt7MMQSBsGfbiKGzEgS3kwmMl7n_qPdGX9JDMM5qwCnixHpMuVv49O8xlwLYFATwOy9VJNE8TnSVwQlLxJuTnOBsbm3zuxfqXSSmfl5EVam50rRnual-ijbOa3CXxVIXsG7TNLJxhCH9soWgNJjTbhrZSJuFQe45oshzVOWE6MAclQla1d_7dkSPfk-MmtAJZFvd61NDNKkGrid-S5CSF4n2865y8Zs7RMm_pp1VAfhiYM9NROLXlqPzyW9WjSf6I3_1DjbEOSBUXc2ukYWkAewvg8ZZ7f0idzDGsR4FcnGLiXlbSULp3BkUrkNmK5lvW9-h1Z8WtMQQ3kpblI7-PITEZSzWl2h-MriuqHPEzSYnvvv4q-im-B_tEY3CjBqsWWH6LVNaG8WvuTd8Mxko1A1K4aH85X76m6fjQsHRR_qnMzOCGTy_GDDIeoKCq_QUTff8USInqLch-q3yjXJ5FIA6e-dFNHGez9nkVKZXcnPYWUuQJReHCkF4CyK79S62R5IiInrXrSJ1BAQGvzxdmB0S11MiNTwkgSgbu8HcAFNeSfXVRQvY5Jji2IaEXT366G6VobOfhXzybpkqIrrHRl3e8eJd9d8YtldNmF8-ZkRm09pQm-miT8Hrs4ohAWZ_uSlfvg5E", + "x5c": ["MIIFlTCCA32gAwIBAgIUZ4e1KRtWw0c8V5NnA9VEoUMvzq4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxGzAZBgNVBAMMEmZvby5iYXIuaG9vLmNhLmNvbTAeFw0yNjAzMDkwNTI4MjBaFw0zNjAzMDYwNTI4MjBaMFoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDDBJmb28uYmFyLmhvby5jYS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDZRezL1GWM/0umgcLNGI9fsp0sabLUN1rUTwXjCGHvGAt9cPY1xK6P6+/QXeBkYogmwC3Udhwl+8x3AOu2FKP9QeveW+hB4N3SCtY4D+nGxPWnL1Yjh0170tkVRPkh89wPX4XdtAcIgZjjNgPH9wR3eWH8E3cDRvxjosy4e9aw0/VTHb0lZ2Ko6mY8x2bJNFUExmuh157b//yHdcL8O1K1h13o6YSqSlnLmnaSHpHA5/21erSjszE3ZjiPZFR6cl/RDjpJRKrh/eQAAeg7XO00VokrvZnK07mZ2nNyp4z1yCV4fwWCdBMfFfUSm0EgN8D65JxGj1He5bm4LVv6WuWj+cqgAzRhHjp8iZsmLFKvAoXSg1eJ+mG8vw5P9ZVd38M8N2DtifvmCkE1fln84oQj42wDgNQuwSafbGQIhNYrnsgbf+2lNj5IIYm/ScUcexbmCmKyOZfNcVQNAF26vQOvibBDOFyDW2qdi2tIGJgTPhkJPbDqKJx4UqNxIuoam28PifmK51Cn4i9rWOpQ2nM7JGX1Q3IE6S5iaVnogp2+SSh3PhktxQOK9IUX7ysX9eVQAdN8lnKgaIZuyYOx9H9jWValZ/dCLa2Y/BuFslx4NRVLtoJkUIakdTepo83ZrrSs3c4DSEIJJkgVPBmBkua3RdYB1Cw+A8T0C8nvExyJbwIDAQABo1MwUTAdBgNVHQ4EFgQU/LjtA3oVWCTz3qfAQXuc/dC7b84wHwYDVR0jBBgwFoAU/LjtA3oVWCTz3qfAQXuc/dC7b84wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAZFJDbhKL1M16Ya7eAvrgUWI9vbC4xm/68HzIGuQLeP9yr7QMfk5wzh9umYcGWs/hkz2jg/88PbPUEP35psTw+dZGtnQwi/0icM9w7m0HZrDx8vMYvX5AoEaPb5PqbjwhBxzd2Hpv/Y+PLLRO9uh1Xeh95J4yp5t/xOPyimljKLTam+rpj7BevYftlSXuIWrR6sldIt9I1zT5CfcBSefmSVo2WtgLdqfOBIAD73OMbcxEPDiTF4/q8S1qHeA8eNUXc5IrWEI2NirhpvR0ZXMyjY1gJoZ4XqPFSXg+1oi9qpbjMhKU5J+Rm8brv/HmACaP90hSPXjuRl2Tp/NJ6idV1heNd4MdTeAlH+deQ+UQ/rFo6HY95S3ltdcaDX8V7WdpRUQddv2DS5VPPi60LJuOdxKB+XFtjdLUtxwOw3Hoj91YWZLuMu2xzVeASeA6FsB0vZwQdqn8FX1BQNSIEHGs7tieV7N0AlLavQBpyRYfhgKOL9Utbl4Cp6C6k42uFo/tFREUdzgtt0JqT+/NMJRA6rOJYHVUWNeG2ggGpuCtHXkwktC4JBnUwnvdVZX3sXPslmiFzMO6S/+PesHA0TclifTZNOETHphF8efGsRFL/lkhcBRkZKBVOkWKdKMUnXPgDKLyu/e1WQXCXmyTjv8FEiG2Ni8U4P0c2PldooYVjw4="], + "n": "2UXsy9RljP9LpoHCzRiPX7KdLGmy1Dda1E8F4whh7xgLfXD2NcSuj-vv0F3gZGKIJsAt1HYcJfvMdwDrthSj_UHr3lvoQeDd0grWOA_pxsT1py9WI4dNe9LZFUT5IfPcD1-F3bQHCIGY4zYDx_cEd3lh_BN3A0b8Y6LMuHvWsNP1Ux29JWdiqOpmPMdmyTRVBMZrodee2__8h3XC_DtStYdd6OmEqkpZy5p2kh6RwOf9tXq0o7MxN2Y4j2RUenJf0Q46SUSq4f3kAAHoO1ztNFaJK72ZytO5mdpzcqeM9cgleH8FgnQTHxX1EptBIDfA-uScRo9R3uW5uC1b-lrlo_nKoAM0YR46fImbJixSrwKF0oNXifphvL8OT_WVXd_DPDdg7Yn75gpBNX5Z_OKEI-NsA4DULsEmn2xkCITWK57IG3_tpTY-SCGJv0nFHHsW5gpisjmXzXFUDQBdur0Dr4mwQzhcg1tqnYtrSBiYEz4ZCT2w6iiceFKjcSLqGptvD4n5iudQp-Iva1jqUNpzOyRl9UNyBOkuYmlZ6IKdvkkodz4ZLcUDivSFF-8rF_XlUAHTfJZyoGiGbsmDsfR_Y1lWpWf3Qi2tmPwbhbJceDUVS7aCZFCGpHU3qaPN2a60rN3OA0hCCSZIFTwZgZLmt0XWAdQsPgPE9AvJ7xMciW8", "e": "AQAB" } ] diff --git a/testdata/spiffe_end2end/generate.sh b/testdata/spiffe_end2end/generate.sh index 9ba3388f0525..d52c81f48da8 100755 --- a/testdata/spiffe_end2end/generate.sh +++ b/testdata/spiffe_end2end/generate.sh @@ -1,7 +1,7 @@ #!/bin/bash # Generate client/server self signed CAs and certs. -openssl req -x509 -newkey rsa:4096 -keyout ca.key -out ca.pem -days 365 -nodes -subj "/C=US/ST=VA/O=Internet Widgits Pty Ltd/CN=foo.bar.hoo.ca.com" +openssl req -x509 -newkey rsa:4096 -keyout ca.key -out ca.pem -days 3650 -nodes -subj "/C=US/ST=VA/O=Internet Widgits Pty Ltd/CN=foo.bar.hoo.ca.com" # The SPIFFE related extensions are listed in spiffe-openssl.cnf config. Both # client_spiffe.pem and server_spiffe.pem are generated in the same way with diff --git a/testdata/spiffe_end2end/intermediate_ca.key b/testdata/spiffe_end2end/intermediate_ca.key index 3e5fe818bb89..4400555ddf3c 100644 --- a/testdata/spiffe_end2end/intermediate_ca.key +++ b/testdata/spiffe_end2end/intermediate_ca.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7XOGe2r5KNdo7 -ELwJ7GRAIVqxAkT9bB6+7rUyDhJnxWeI7E9vr+I4clDRYREoxnuXq6oGTICKlWiv -vrxBASSdA0PpjLsMNnNU1n9XHXEBEa3YM7w85UBvf/8IdlpiyHgPkg+1DdvuToOa -0Xhejnq/aCcNyErjjNN26k/06joO3+feYvsn1tToXomif4HUU+SE5xIGiuPHcDwJ -tjk/Iugh+pNPdltOguxq2E7m8upQvwShe2A6azD1wV9HiyFtkf7tlp4f900MmRyb -kHb7zXfgXBwlf7waa2RP3UDZbJAZZZkOFQmPcujNvkAz/ghaf0Uf2Ix/P0Zh69LU -notPVa35AgMBAAECggEADMnb740UMHoJBX+Qqie7twHf0BWs0lRjK9qcvQgnWvRn -KvogOOobKYmp+QSkWHFlxbY2onvtySfGD7rX3CMBFgN/Su1rZfvAdwG2CuLsT+ue -P1PWrRxjv8iPhosXg8cVpNBuKIhD4vnycyqJigC1IaPxCHiLngkCdQssvnWPVWz2 -nXp0SKcDKJu/sU8Mp0UW490DIUi8iSQHkjbpXu+RExAPAjhe+vvEuExZFs8dN0Rp -g3oj8l6pLkfJ/M4tfib7WiQxxtZWEEuEYsz3JDpxySFWR59SRZ2tYKv4k9TNbQXA -qX8jqVGT+YubWKY4HtRxd2L3yy443ERQdwQecLsYIQKBgQDgPpRts1pz9UnrXnr8 -ee8nO4SSxsJxge4OX5/yX7Lm/JwOPyk6/nCH3LKqxOWMOZpOpgI3ithA1Qvb1JuM -vDQo13z4Xi5RMJm8h3B5O0f9brw3L2h+hrImJfYuozj0icyFSbT/PjO1pGB/QAAF -ie6G3JQLRlBFF0dclcqb4tpEEQKBgQDV5UAYKGz+sdDpzgarTmsyd0YVTRitdBMv -S7eddG/gCBMaISXXXksYXX+Y74zbs2LCfkLz+i4j8BDoRFPfPlK/daCOMOriJ++Z -LNBClmkBiwqlZXs9d1dEWmJis5GbJEiAneoNskAy6UspFMCLu4QJJHfB5aZsAphm -4509tRqTaQKBgF8gDOTwVWmlXyMaZD+gFiRlahq9eBSgknTEedxeXk0AUc71Wi8t -al0n8R7iAaJXeS7t2zjmjFAMUEiDyyyLVfERYHEXurw0SrMgHUVAMYy/odYjJUev -Kflm1yT3lpydrAXKu54fK95dCZZRdvDijy3kemTCAiEc++e5n0Y7mG2RAoGAeMtN -5ha2byPWeqOqaoYPzeFEB/WRMSuzRet514cRQzDsML51k2oh+LGcxK7MGqr05CfQ -Ad7QveTud21W/GVC7/Mq6AJCM9Qf4J5JQsGUrZVrPrrP3YePFgABPgJxAW99Ln1/ -15pJ3TaZBqs8je0pBMy+gRcDZE4W6Uwz2cx0JLkCgYAn6/C71GXvLkjDdmRHS2zA -K+gOTCb4YdGDCnv5Cez64pega6mUy+EIznJYpI3KwHbAsUFkYgNJ7VvUtVIu2z9U -UHSBHilN/cMWRCgN3KXyYOHr50g0P+gei0bhiWddIh8+tC1J/627g2r2Jwowuarn -1JLr0ZYgh3SXglOkgyvIKA== +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDnXje+M6pAPFnr +Ve2XjBMSslqLQc/PBLMGplOloIwgoqcw3UnC8LfZjoYXT7dfjA0IOxIg4mj+XGiQ +voNMaudWEjTwf0goRE6kBUCVy+mxVq1XHR9Oooc49fGQZgx+YkIMGAZPgg6T4THd +tQezPg4cEjx6b4C4x+pmWs0ZvoYPi0MvZCDSt4sN20sw9/mYH4wfZyEVBWpqJKUN +jjwc5lzcweA0QkuO8LAZVQy9pwXeVhLEyCCtaDrnT4wRsiL2hRZ0s+RFHKIG6I88 +uv8ZAWzthladh19a5/C74vACtpU/UyNipJrTpyOPePmhESAP3ut2arMryAvaDi4Q +Lb2oQtG7AgMBAAECggEAV5qKk7d/QrQ3Pc661/NfM2iZtPm1xAZc/OsUZ/WaqS69 +DFj1eVzo1/TJm+EApyphstie/BmONKVrqEaic1hVAHeDWP5wpWJ7vkoI0s8zTITr +vDzYIk+S0MP687hYCbCNnoOoPAmcGG0fkvldEYaxE/rpsFgwzoZPn/LIjvNfUlmp +yRIj5qTPl0XyDJE7cDgc7sjohAeKH3IQYZ9llgRlXIX8I8cPo6WOus7RmBx8xAyR +Z3bsdxeTV6jjJUiAQi8vPb5GM23ghKmZnoRmYgwzetTwktIlWiFRKPQ+EZ9EVFlV +SWitTH3af1q2xn736o/xTmCta5mnZw4+wgGfIQWXfQKBgQDz7KtGn+YOru2qcA89 +REIE/4VMzT32DobSCRLBBdnKnArYO0gVXsvdne7SPeIC64oQxUw/rpF4wwSpdfnU +FEgmKlTTQ40tHFstpjqNiPd1eHTu7aG0uBn7NY86hBKfF4R26aar7KxI+2cNv5kK +nBFpUMQnMZ0Yup+7/R9lamUzLwKBgQDy0mq5tB+tfK5H8DEu/cs5hkaJSO3Iug1h +AJMdJ1GIlPTSB5/z+r5MMA/ufMwteQ2TOpbU44p32ZFAT83alAYSInt1STfj7/ZK +3U8loiYVh5o9Uxzs5CHgRRNpLJwxlTEnctQCgIEJP5H0HxpP+6RomutAfkqCC8wp +vhXEHCoXNQKBgAPBZA2tToxxUwVpvkJSN7X9/R5mloqgRKEdNKW2IllFN8GGgCCc +GgVqdg/UlhM3byO89eSRGnpCfmLhhxwlx8qWokGya40DP8AfLA2byzuKxDodfHzc +zMGaXH8pI2RBp29xP3isJybkf/ytM3z/VCFL9gkocWO9E9KAHiigj7hPAoGAbrsh +zDml0HlxCIEyDJnT2RGwjN5jAQxHGZsnez344m37DuRHPv1zVk78lOb4PSxc0mz/ +Z2m0NV9T653449powlBTOHMBN8Kv8AfoFeNRtrO11I1YPXbzM9CMP4QGXl4IolKs +988eCNeieU7NsvewS7uJ2Ek/NPqoScjTKDEnyJkCgYAXX/BzB0FtxW9Rbm3YAQrY +kFh/R5aHpkuz18U3u961A62HSfSR19ZfQUqmguea1jfZvsidd3+OeepW6qeqCUFt +PchZKTjdYpNRyyZ3HeMof4ciitns119tsnTcpGwknGgiiQUjeGd9dTPqwvOhkc0K +Hwb1z80PO5jU95PTWdkPYQ== -----END PRIVATE KEY----- diff --git a/testdata/spiffe_end2end/intermediate_ca.pem b/testdata/spiffe_end2end/intermediate_ca.pem index 84cabe6aa59c..b6a0f25df2a4 100644 --- a/testdata/spiffe_end2end/intermediate_ca.pem +++ b/testdata/spiffe_end2end/intermediate_ca.pem @@ -1,27 +1,27 @@ -----BEGIN CERTIFICATE----- -MIIEkzCCAnugAwIBAgIUa4ZkytupQZ5OwDMPw/vRY8deFc4wDQYJKoZIhvcNAQEL +MIIEkzCCAnugAwIBAgIUScL7tRZAHT2l5ZGw+YblRNRRuO4wDQYJKoZIhvcNAQEL BQAwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMSEwHwYDVQQKDBhJbnRlcm5l dCBXaWRnaXRzIFB0eSBMdGQxGzAZBgNVBAMMEmZvby5iYXIuaG9vLmNhLmNvbTAe -Fw0yNTAzMTgxNjE4NTFaFw0zNTAzMTYxNjE4NTFaMCcxJTAjBgNVBAMMHGludGVy +Fw0yNjAzMDkwNTI4MzdaFw0zNjAzMDYwNTI4MzdaMCcxJTAjBgNVBAMMHGludGVy bWVkaWF0ZWNlcnQuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQC7XOGe2r5KNdo7ELwJ7GRAIVqxAkT9bB6+7rUyDhJnxWeI7E9vr+I4 -clDRYREoxnuXq6oGTICKlWivvrxBASSdA0PpjLsMNnNU1n9XHXEBEa3YM7w85UBv -f/8IdlpiyHgPkg+1DdvuToOa0Xhejnq/aCcNyErjjNN26k/06joO3+feYvsn1tTo -Xomif4HUU+SE5xIGiuPHcDwJtjk/Iugh+pNPdltOguxq2E7m8upQvwShe2A6azD1 -wV9HiyFtkf7tlp4f900MmRybkHb7zXfgXBwlf7waa2RP3UDZbJAZZZkOFQmPcujN -vkAz/ghaf0Uf2Ix/P0Zh69LUnotPVa35AgMBAAGjgYMwgYAwDgYDVR0PAQH/BAQD +ggEKAoIBAQDnXje+M6pAPFnrVe2XjBMSslqLQc/PBLMGplOloIwgoqcw3UnC8LfZ +joYXT7dfjA0IOxIg4mj+XGiQvoNMaudWEjTwf0goRE6kBUCVy+mxVq1XHR9Oooc4 +9fGQZgx+YkIMGAZPgg6T4THdtQezPg4cEjx6b4C4x+pmWs0ZvoYPi0MvZCDSt4sN +20sw9/mYH4wfZyEVBWpqJKUNjjwc5lzcweA0QkuO8LAZVQy9pwXeVhLEyCCtaDrn +T4wRsiL2hRZ0s+RFHKIG6I88uv8ZAWzthladh19a5/C74vACtpU/UyNipJrTpyOP +ePmhESAP3ut2arMryAvaDi4QLb2oQtG7AgMBAAGjgYMwgYAwDgYDVR0PAQH/BAQD AgGmMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTAD -AQH/MB0GA1UdDgQWBBTozd97no7w/qAJQZxNFwSYq6ydVjAfBgNVHSMEGDAWgBQv -9hMRcplGNs6/zYLAYy4F43ASsjANBgkqhkiG9w0BAQsFAAOCAgEApXU0I4IWvGYo -qpU0EdDcja7qAV3MaXQRk5hgViaSd+iAd3I04EMDeWomTVb3ZFSPBR2cwPy3vJ6Y -cLx1gxRCH2gJNj85EjwQ44Fj4/gbSnx2rNVeTmzjyQ4bt6dzdaorGW6ydZgqfX3f -n++wx9an7Q56NuBOLihInTMHOocVnizHrse5zXN3dXMZxBOU1EHCgKi9xAGMZRmR -r+AYYXcWB6PRxxwCX7VG4STGYz+GRb4rx0hEl/oQatMqxatN1nAvXCwBASWp47UX -3n3Tl0/jq0c7DSbL5i+VQridDaifRozBbOkDowS+JDbV1BzYQ/oo9C3kzjraRCXI -ZJrO9pMNTyLHOXwC9LdlN/30Pe1j40jVo1CR29uONeqmUeJKHfPFBtucVE7ohqHu -ESHuxZWb0VP7uVWaVIOQ9l8XZcLXtnmSQpHW+4aYbE4q9L0abZ312yRAtyOM/NSH -wdJn8436jJnu1t8Va85M6lzQHY1E0gxuT9cw02PuS65odFseW7H9gGtlqlOzfVV2 -/psCLlAjVSRQ78zIH6y8DvWGMqabyznIAgZf/PVj9cydPA1he9We6V//Kdcv/Bb8 -RQyryujLBalUTyA9AtDGijp+NWkb1h1uyX0vhiIjJubEu6KKQ5YrZkLXjz+E4I20 -E5GmOYoJhLGkeoUjoTC2wuNFsLFJJHs= +AQH/MB0GA1UdDgQWBBROacRArm/eG2joV3rxYZUe/WpdpDAfBgNVHSMEGDAWgBT8 +uO0DehVYJPPep8BBe5z90LtvzjANBgkqhkiG9w0BAQsFAAOCAgEAcGPtuw1yoTGp +nOe1GxBmokrKQ+K2WTeSoAjAx1kkCTk+VCCzgZWFDZRCdIY94U2I2jviJbKttZmE +TIRd3uHXhVQKH93paQxdo1xfhL4akSg9CCdeiqkUBZ0JCZKovm0UdSnz0VBEPRZ5 +jZ5WGxD/VnSTt6Hw4u6OjwV6GrZ8ld8ftqbfy34zWOnK2zdpE1gKUrpsWGOHUhd/ +e1wZklsJ/Vyu2L4y2hCWvmAG1NBJgE6AhQMpM9McbcKs4012VZczfV0xUIo1wD7c +ccvhlz7KSIppAnXrvCrahCpv/vmpWnSExTuYmohW+LCvFSO89eSryfIQ+xHEb7Ck +PPiwja7lWGr7KCFX7E98LMl6HX1P76snNXOyxM6++r2/KzGnb0xV84g8VGbdgzhN +RUPRdoV89i0OwfNZlLMklNr0ilNTEYiWEjnD2bz1sHG6Ck5RK6tZfFew8JX+KA30 +WNs7s3YgKNS3s0/JJ3b7YrvByBQQnFGtVMNEk27RfGLd7dzNvlFtofX/d0GYyg9Y +b5pQrVd78mUCDg7MWZCW6unk8BrJXF+d6nw0V3FgY03eGr3wOAGkSzJUdJdqtycx +04JeL1n3Sl8r6mJJMJLzn1YAqDgM4Gt9W9corJFPCm2XnfUGjC/rDM7ACQYic8II +J9QTW19kU+UwDdBp1lX+hb8AbA4otBM= -----END CERTIFICATE----- diff --git a/testdata/spiffe_end2end/intermediate_gen.sh b/testdata/spiffe_end2end/intermediate_gen.sh old mode 100644 new mode 100755 diff --git a/testdata/spiffe_end2end/leaf_and_intermediate_chain.pem b/testdata/spiffe_end2end/leaf_and_intermediate_chain.pem index a1cd9010a479..0092a486607d 100644 --- a/testdata/spiffe_end2end/leaf_and_intermediate_chain.pem +++ b/testdata/spiffe_end2end/leaf_and_intermediate_chain.pem @@ -1,50 +1,50 @@ -----BEGIN CERTIFICATE----- -MIIDvjCCAqagAwIBAgIUSuuNuIcMCQ1UZrOtCL689eeZx9EwDQYJKoZIhvcNAQEL +MIIDvjCCAqagAwIBAgIUSWu6PDuiG6sb3Xq6vlh6VJJaM8EwDQYJKoZIhvcNAQEL BQAwJzElMCMGA1UEAwwcaW50ZXJtZWRpYXRlY2VydC5leGFtcGxlLmNvbTAeFw0y -NTAzMTgxNjE4NTFaFw0zNTAzMTYxNjE4NTFaMEwxCzAJBgNVBAYTAlVTMQswCQYD +NjAzMDkwNTI4MzdaFw0zNjAzMDYwNTI4MzdaMEwxCzAJBgNVBAYTAlVTMQswCQYD VQQIDAJDQTEMMAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBDMRMwEQYDVQQDDAp0 -ZXN0c2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAue2BY6B4 -JNz5SnYr0b4IUsXfpSxqXzpx3CymRzNiPL+ZYERQd+5PPbwyj/K0ZUPNcdGtgj0i -jCSpKl6fGNx11vY/Z5BS7DN9Z6Fqf8/sBr5BIko33UafdqB/s1avrIzFNRD1n6Fu -X1EwlQpXwjiTMLswuf6X6mJVJ2VhA/xtyO4S6fTeK2jUlFn4MYHVczJBDTiMCUPX -1Z/9SXkcwZbQTbRaWvd6c0OEWZKSWxSzWG6d4qOmq9C0Tse39cmjuDpeBvtiGik4 -pYrTmmswiQ8lgLbOY1/YGjvOD+qlxXkX9Y/cYjdygrQoY7mqnjMcUFvWK/OW0XCB -CJ1jeSflrYUd4QIDAQABo4G8MIG5MHcGA1UdEQRwMG6CECoudGVzdC5nb29nbGUu +ZXN0c2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0RCm1Zy +1skITm0HxKRPj0c4eI98kUay30ZsdgWR0BWv76+LoleJ8CYn5t7m1E2fvhTH7yye +hiZLSMC3I9/653/wjhOSK3dnow43ErGgStGr22TdQPIiUAj9UNuQ9LhWJtTUwQXm +ial5SZzMS+OfQhjiK6lxUFh6sDk8KTRqDVVF65RLYMhGyhSOn+aI8SXGoWu+3y/G +UrOOLo8MlBN1YrK9Sgu4JZzYgdUAxs6PR8WSssoBykdq7Ak9Kr3/P1k0aF+eLEN+ +pjUgwC8z+Lx0xJcXZMKAHsGIFoFWP3hCEmtHWW7OzZ/FOeZARJ4EDg3u+cQr+Dqn +11/Vi9ruZH12mwIDAQABo4G8MIG5MHcGA1UdEQRwMG6CECoudGVzdC5nb29nbGUu ZnKCGHdhdGVyem9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29t hwTAqAEDhiZzcGlmZmU6Ly9leGFtcGxlLmNvbS93b3JrbG9hZC85ZWViY2NkMjAd -BgNVHQ4EFgQUsMpVfuYdrW5+i5mFW/hCaOZiKKcwHwYDVR0jBBgwFoAU6M3fe56O -8P6gCUGcTRcEmKusnVYwDQYJKoZIhvcNAQELBQADggEBABReEQ2cIaZv5wZKOjFS -5b5QfpkbR29JTQQxrkiqdXcnonX+Q/dCH+tnzUp9LCCIsVjp6is4pdKTvPNg1ZPT -WB0KEFpVG9LAOmfcgu9pwIsKUCS384PeVhffMKXsKWfgfRGP1E7XeEIdSgpwPKzK -Defa7kwTG276xre/36WOAu9RZ32s0ltXyvHtTi0pfaGuOmryX+XeHtVpxQSjhdDB -tpLvolS+7cRsvKNKIL5X/789IKbdShMgpwPDDe6Z3riBjGPBydnA40IofRc8y3jL -0TKiBiKYOz8nj6DLAiVPqQ2vo5NzihNoqgu/HpkhSG26OAJq2NDYurMsT+Myiuq4 -YkE= +BgNVHQ4EFgQUXaDeLUuKpyHPOFRSzjDft8OqIRIwHwYDVR0jBBgwFoAUTmnEQK5v +3hto6Fd68WGVHv1qXaQwDQYJKoZIhvcNAQELBQADggEBABjU2ZTLcaMSM6uwbw48 +WrTMwxhCKhOWtirGxJkKzr/g6E5j7VMayWYWuDLDn+snWNOPuCEEFLOY15FYxvX8 +iVQ0uBYBNvbKmcLggm3eu3JleMGvHh4RnwJ7MprYB2UEHqGkD2p9CNm67eO4uqCh +FpNj0kwrlL2nzO8jgJVnV8gn60UJ5OUA5q09HaDg0Eh6QNTVHL5V5WJPp2aGgTK8 +Ku/gIjjAanWlpk9A5jsHz5UD0I97+E3jn+ZJGHBEM9u6pQUyhwL/K9VirLqCLd/x +UjCphAIfz1JN/+ZypSTyk+MDKU37hjbnk/uxh6ltv+Q3SnyRKM23FlDwG74jHLYJ +nVI= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIEkzCCAnugAwIBAgIUa4ZkytupQZ5OwDMPw/vRY8deFc4wDQYJKoZIhvcNAQEL +MIIEkzCCAnugAwIBAgIUScL7tRZAHT2l5ZGw+YblRNRRuO4wDQYJKoZIhvcNAQEL BQAwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMSEwHwYDVQQKDBhJbnRlcm5l dCBXaWRnaXRzIFB0eSBMdGQxGzAZBgNVBAMMEmZvby5iYXIuaG9vLmNhLmNvbTAe -Fw0yNTAzMTgxNjE4NTFaFw0zNTAzMTYxNjE4NTFaMCcxJTAjBgNVBAMMHGludGVy +Fw0yNjAzMDkwNTI4MzdaFw0zNjAzMDYwNTI4MzdaMCcxJTAjBgNVBAMMHGludGVy bWVkaWF0ZWNlcnQuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQC7XOGe2r5KNdo7ELwJ7GRAIVqxAkT9bB6+7rUyDhJnxWeI7E9vr+I4 -clDRYREoxnuXq6oGTICKlWivvrxBASSdA0PpjLsMNnNU1n9XHXEBEa3YM7w85UBv -f/8IdlpiyHgPkg+1DdvuToOa0Xhejnq/aCcNyErjjNN26k/06joO3+feYvsn1tTo -Xomif4HUU+SE5xIGiuPHcDwJtjk/Iugh+pNPdltOguxq2E7m8upQvwShe2A6azD1 -wV9HiyFtkf7tlp4f900MmRybkHb7zXfgXBwlf7waa2RP3UDZbJAZZZkOFQmPcujN -vkAz/ghaf0Uf2Ix/P0Zh69LUnotPVa35AgMBAAGjgYMwgYAwDgYDVR0PAQH/BAQD +ggEKAoIBAQDnXje+M6pAPFnrVe2XjBMSslqLQc/PBLMGplOloIwgoqcw3UnC8LfZ +joYXT7dfjA0IOxIg4mj+XGiQvoNMaudWEjTwf0goRE6kBUCVy+mxVq1XHR9Oooc4 +9fGQZgx+YkIMGAZPgg6T4THdtQezPg4cEjx6b4C4x+pmWs0ZvoYPi0MvZCDSt4sN +20sw9/mYH4wfZyEVBWpqJKUNjjwc5lzcweA0QkuO8LAZVQy9pwXeVhLEyCCtaDrn +T4wRsiL2hRZ0s+RFHKIG6I88uv8ZAWzthladh19a5/C74vACtpU/UyNipJrTpyOP +ePmhESAP3ut2arMryAvaDi4QLb2oQtG7AgMBAAGjgYMwgYAwDgYDVR0PAQH/BAQD AgGmMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTAD -AQH/MB0GA1UdDgQWBBTozd97no7w/qAJQZxNFwSYq6ydVjAfBgNVHSMEGDAWgBQv -9hMRcplGNs6/zYLAYy4F43ASsjANBgkqhkiG9w0BAQsFAAOCAgEApXU0I4IWvGYo -qpU0EdDcja7qAV3MaXQRk5hgViaSd+iAd3I04EMDeWomTVb3ZFSPBR2cwPy3vJ6Y -cLx1gxRCH2gJNj85EjwQ44Fj4/gbSnx2rNVeTmzjyQ4bt6dzdaorGW6ydZgqfX3f -n++wx9an7Q56NuBOLihInTMHOocVnizHrse5zXN3dXMZxBOU1EHCgKi9xAGMZRmR -r+AYYXcWB6PRxxwCX7VG4STGYz+GRb4rx0hEl/oQatMqxatN1nAvXCwBASWp47UX -3n3Tl0/jq0c7DSbL5i+VQridDaifRozBbOkDowS+JDbV1BzYQ/oo9C3kzjraRCXI -ZJrO9pMNTyLHOXwC9LdlN/30Pe1j40jVo1CR29uONeqmUeJKHfPFBtucVE7ohqHu -ESHuxZWb0VP7uVWaVIOQ9l8XZcLXtnmSQpHW+4aYbE4q9L0abZ312yRAtyOM/NSH -wdJn8436jJnu1t8Va85M6lzQHY1E0gxuT9cw02PuS65odFseW7H9gGtlqlOzfVV2 -/psCLlAjVSRQ78zIH6y8DvWGMqabyznIAgZf/PVj9cydPA1he9We6V//Kdcv/Bb8 -RQyryujLBalUTyA9AtDGijp+NWkb1h1uyX0vhiIjJubEu6KKQ5YrZkLXjz+E4I20 -E5GmOYoJhLGkeoUjoTC2wuNFsLFJJHs= +AQH/MB0GA1UdDgQWBBROacRArm/eG2joV3rxYZUe/WpdpDAfBgNVHSMEGDAWgBT8 +uO0DehVYJPPep8BBe5z90LtvzjANBgkqhkiG9w0BAQsFAAOCAgEAcGPtuw1yoTGp +nOe1GxBmokrKQ+K2WTeSoAjAx1kkCTk+VCCzgZWFDZRCdIY94U2I2jviJbKttZmE +TIRd3uHXhVQKH93paQxdo1xfhL4akSg9CCdeiqkUBZ0JCZKovm0UdSnz0VBEPRZ5 +jZ5WGxD/VnSTt6Hw4u6OjwV6GrZ8ld8ftqbfy34zWOnK2zdpE1gKUrpsWGOHUhd/ +e1wZklsJ/Vyu2L4y2hCWvmAG1NBJgE6AhQMpM9McbcKs4012VZczfV0xUIo1wD7c +ccvhlz7KSIppAnXrvCrahCpv/vmpWnSExTuYmohW+LCvFSO89eSryfIQ+xHEb7Ck +PPiwja7lWGr7KCFX7E98LMl6HX1P76snNXOyxM6++r2/KzGnb0xV84g8VGbdgzhN +RUPRdoV89i0OwfNZlLMklNr0ilNTEYiWEjnD2bz1sHG6Ck5RK6tZfFew8JX+KA30 +WNs7s3YgKNS3s0/JJ3b7YrvByBQQnFGtVMNEk27RfGLd7dzNvlFtofX/d0GYyg9Y +b5pQrVd78mUCDg7MWZCW6unk8BrJXF+d6nw0V3FgY03eGr3wOAGkSzJUdJdqtycx +04JeL1n3Sl8r6mJJMJLzn1YAqDgM4Gt9W9corJFPCm2XnfUGjC/rDM7ACQYic8II +J9QTW19kU+UwDdBp1lX+hb8AbA4otBM= -----END CERTIFICATE----- diff --git a/testdata/spiffe_end2end/leaf_signed_by_intermediate.key b/testdata/spiffe_end2end/leaf_signed_by_intermediate.key index 23c07a777ca0..2e5cca61ced2 100644 --- a/testdata/spiffe_end2end/leaf_signed_by_intermediate.key +++ b/testdata/spiffe_end2end/leaf_signed_by_intermediate.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC57YFjoHgk3PlK -divRvghSxd+lLGpfOnHcLKZHM2I8v5lgRFB37k89vDKP8rRlQ81x0a2CPSKMJKkq -Xp8Y3HXW9j9nkFLsM31noWp/z+wGvkEiSjfdRp92oH+zVq+sjMU1EPWfoW5fUTCV -ClfCOJMwuzC5/pfqYlUnZWED/G3I7hLp9N4raNSUWfgxgdVzMkENOIwJQ9fVn/1J -eRzBltBNtFpa93pzQ4RZkpJbFLNYbp3io6ar0LROx7f1yaO4Ol4G+2IaKTilitOa -azCJDyWAts5jX9gaO84P6qXFeRf1j9xiN3KCtChjuaqeMxxQW9Yr85bRcIEInWN5 -J+WthR3hAgMBAAECggEACGVwarbpIAyK1TUQkeVnl7HUAX/3yoa/lDBfvq7ESp8i -KnPRULYuRcjfPWsJ4JoTD7cW418WhZ7E9SruWzt+9pL6nmcZCI3DdbPnVN/nTi9m -rnlMrCljm4JAXBFfx+54PCcQuYmLLAKlC5D60TR3+KsWZmrX8kuoIeohC0KZtFlw -xHC1fz6k9qbStDW8UBWUY8I1N2Zh9U5kYGNG9j5rLYzs7zJ23xWmiGOwywGlLSii -2i9vC+XwQATFmgFyVM9F9W4P//ElOADDXDhBU8R3UXXoK5+s+Bx12gyTeBfSLgy1 -I5/ee2rFJdlGUsOvEO39npHDCeFDKe0MjeJY8FcSUQKBgQDcXJYnxM6ULY3T9jrf -rSiVi4S7Rewq7KdFDKo32Lqr85VJ3+nqOtLjdyTnHpsRYQSBDbMluMjImfcWxLym -e/3ldNdRR4W6YSdL8kvnKvxsCYR/XC5wihfgKLY3yU7iydrJjFdQZlmFLbCAom7U -P26OJXo8STCD9BURFKlzm24W0QKBgQDX/0lBWuWNhF8h65WK7Lp8zj2LzZFfNOB2 -YysKKteYxDmyV7dKZogG9KDDbDpiylDhg58i8c949/73diCGbZHRMCFFeTO6SOjx -+2Z0iLgMs1IxqLCLhv/H/nfyNii+/G80JDHKR0d0xFQRfAzIVbBaxjL6JiI9aJdl -Y+yJYHZ6EQKBgQCTtPftVk1GI7bSolTaQ35VpzxkLz1blF+WuCOM5ZhS1CZ4az+n -AqEDWYSB6xD0ODzFqIIxwcfMNu/Z8iulyKzqVkRRtghcYuztSk84d6bVYBfRKt/y -DY5tcbyabjSTbcxalticCs7spzCNONPjL1WSsGpb6I89k6lfVqMy27eSUQKBgQCG -rFdidmg2Klieb6LX8e38ryLUriF7uR5S8lX9iuTODVrkBaj0rKUXoSMzdaGZwwdW -9JgeU6LGi+nfJTn2Vw7Z3SaBiKZl+du0NMmW0z/eO1h+Oe2JsWx9p/3leTtCiWZU -nlSlCHhXJ6o7FJtrtXG1x2o1ad1jaHks8Hak2Q5F4QKBgQCQpMwv662qJai06bpQ -Q1A3rzn/LbDIPZmkadRE9+Lv1KDHp3uhkxX53DK7K560adwUYurzfsyp3VV763h4 -73Lk/z6wOTjmXNO3b/+asKx9z063XZc0vUxct7Del5+C28s026XfUOy30IMaIQqr -ei17qa7SQn3GwetSxblr+IQKHg== +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCfREKbVnLWyQhO +bQfEpE+PRzh4j3yRRrLfRmx2BZHQFa/vr4uiV4nwJifm3ubUTZ++FMfvLJ6GJktI +wLcj3/rnf/COE5Ird2ejDjcSsaBK0avbZN1A8iJQCP1Q25D0uFYm1NTBBeaJqXlJ +nMxL459CGOIrqXFQWHqwOTwpNGoNVUXrlEtgyEbKFI6f5ojxJcaha77fL8ZSs44u +jwyUE3Visr1KC7glnNiB1QDGzo9HxZKyygHKR2rsCT0qvf8/WTRoX54sQ36mNSDA +LzP4vHTElxdkwoAewYgWgVY/eEISa0dZbs7Nn8U55kBEngQODe75xCv4OqfXX9WL +2u5kfXabAgMBAAECgf9AcpewyOJaQLNeJWtBrB9DTRNdfOuMiKcIliruxqeGU58g +cYB3258uoXFxIPq5AUf4MUEoO60ZpUjkkA3XwmKfg+0ymln9iKlBboihvA+cSgyy +11bW1J+4k+qrW89DEf9+05dqEpDiGmZF8ahuFprplgu2qNDcU4ksJRlsBNysdO9q +w8HN25ERWniAzsuXuG+w9AGBFk2eNuumKmQUBJmeqYcJb45YsXhLM4k1rQOJlmYZ +OI+HhHexRn7/iLOsZns+Sm9DXadWy7Gdf+WaU4AR4M9JoBGi4qG9LMP2NDVFvPr0 +S+nfsri+4Z08SvcgdG+sHPzsxwojSAeSm8EIIpECgYEAysvpoISbu0j3noNAjA81 ++0YyN3XQ/dSkogTtbJFE8Zm0YjpvMYwpO5oJFXnbE2ofAHNUXicpnO2gw0lna8Bp +RmYfdjI8/w//+x9Mw3yBhBQ0YlDK4MC2A90G69/AsJsKqiqHOy6aQg0yeLLIVJn7 +bsAjOyUpuhpBzGQcG9bwZvMCgYEAyQzSU2tbxYiKiZcnrP87alPa/43XtUSsTILX +EbmsWL9gMyqz3UOf0QQomUis0njbuQHi8MU+8ecQPG43AjAnpyHuwtgDUUV4EDPb +IhGCE39Or6Jn9cNLkDpSdANCXE1Q+qjdvmaYChYpO/o4xR1036XUBz7qNYWXWj4O +pmk267kCgYEAi923dA4Bmlno7lp32iFjiboQSE/ppCdUpKnhVk+azUbFMjo7FmEk +zwad3UH95pX6a8UfGxDHkoQRrJ6jxZ0e/n7QlCRyDThrxDcCKpFkgkOtHWG7iude +oat/ao8XxrYn1NUgD6FEoumXNceYg0DwOKIrqk8nSENzvhQNjuXfSCECgYAymveV +58AByIyWdWWXNedOrCzDhoB1MAPufkCERagL7p/YQTdkylC/27wcWR6nG6SyvLbS +w9NEMFT14QgXlOdmOjRO9vBe1I2UBnlx6dZD8hdsPgTM54ttkkCO0wMxGIT5kue9 +tTUv1MQsRJ9lfjSc1rC34i4xqp6eKGCnonQggQKBgQCBYfAGIrZy3OLbr3EybT7w +lq5LXSnxRkVAXYAY9Ekrha2TjKZvnLWcPvej60wi9swf0756Oyz672XAoPe+cveJ +mVhE3HurAHtUyC/PQhh8foqvO0dEtRrOdpCZIGv0mGflrHDzU8qHWBGuCtwmYsZU +rJEMcQLW2d6IFQkizWc9+A== -----END PRIVATE KEY----- diff --git a/testdata/spiffe_end2end/leaf_signed_by_intermediate.pem b/testdata/spiffe_end2end/leaf_signed_by_intermediate.pem index e9c9f064a4d5..75b2a0bdaf17 100644 --- a/testdata/spiffe_end2end/leaf_signed_by_intermediate.pem +++ b/testdata/spiffe_end2end/leaf_signed_by_intermediate.pem @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- -MIIDvjCCAqagAwIBAgIUSuuNuIcMCQ1UZrOtCL689eeZx9EwDQYJKoZIhvcNAQEL +MIIDvjCCAqagAwIBAgIUSWu6PDuiG6sb3Xq6vlh6VJJaM8EwDQYJKoZIhvcNAQEL BQAwJzElMCMGA1UEAwwcaW50ZXJtZWRpYXRlY2VydC5leGFtcGxlLmNvbTAeFw0y -NTAzMTgxNjE4NTFaFw0zNTAzMTYxNjE4NTFaMEwxCzAJBgNVBAYTAlVTMQswCQYD +NjAzMDkwNTI4MzdaFw0zNjAzMDYwNTI4MzdaMEwxCzAJBgNVBAYTAlVTMQswCQYD VQQIDAJDQTEMMAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBDMRMwEQYDVQQDDAp0 -ZXN0c2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAue2BY6B4 -JNz5SnYr0b4IUsXfpSxqXzpx3CymRzNiPL+ZYERQd+5PPbwyj/K0ZUPNcdGtgj0i -jCSpKl6fGNx11vY/Z5BS7DN9Z6Fqf8/sBr5BIko33UafdqB/s1avrIzFNRD1n6Fu -X1EwlQpXwjiTMLswuf6X6mJVJ2VhA/xtyO4S6fTeK2jUlFn4MYHVczJBDTiMCUPX -1Z/9SXkcwZbQTbRaWvd6c0OEWZKSWxSzWG6d4qOmq9C0Tse39cmjuDpeBvtiGik4 -pYrTmmswiQ8lgLbOY1/YGjvOD+qlxXkX9Y/cYjdygrQoY7mqnjMcUFvWK/OW0XCB -CJ1jeSflrYUd4QIDAQABo4G8MIG5MHcGA1UdEQRwMG6CECoudGVzdC5nb29nbGUu +ZXN0c2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0RCm1Zy +1skITm0HxKRPj0c4eI98kUay30ZsdgWR0BWv76+LoleJ8CYn5t7m1E2fvhTH7yye +hiZLSMC3I9/653/wjhOSK3dnow43ErGgStGr22TdQPIiUAj9UNuQ9LhWJtTUwQXm +ial5SZzMS+OfQhjiK6lxUFh6sDk8KTRqDVVF65RLYMhGyhSOn+aI8SXGoWu+3y/G +UrOOLo8MlBN1YrK9Sgu4JZzYgdUAxs6PR8WSssoBykdq7Ak9Kr3/P1k0aF+eLEN+ +pjUgwC8z+Lx0xJcXZMKAHsGIFoFWP3hCEmtHWW7OzZ/FOeZARJ4EDg3u+cQr+Dqn +11/Vi9ruZH12mwIDAQABo4G8MIG5MHcGA1UdEQRwMG6CECoudGVzdC5nb29nbGUu ZnKCGHdhdGVyem9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29t hwTAqAEDhiZzcGlmZmU6Ly9leGFtcGxlLmNvbS93b3JrbG9hZC85ZWViY2NkMjAd -BgNVHQ4EFgQUsMpVfuYdrW5+i5mFW/hCaOZiKKcwHwYDVR0jBBgwFoAU6M3fe56O -8P6gCUGcTRcEmKusnVYwDQYJKoZIhvcNAQELBQADggEBABReEQ2cIaZv5wZKOjFS -5b5QfpkbR29JTQQxrkiqdXcnonX+Q/dCH+tnzUp9LCCIsVjp6is4pdKTvPNg1ZPT -WB0KEFpVG9LAOmfcgu9pwIsKUCS384PeVhffMKXsKWfgfRGP1E7XeEIdSgpwPKzK -Defa7kwTG276xre/36WOAu9RZ32s0ltXyvHtTi0pfaGuOmryX+XeHtVpxQSjhdDB -tpLvolS+7cRsvKNKIL5X/789IKbdShMgpwPDDe6Z3riBjGPBydnA40IofRc8y3jL -0TKiBiKYOz8nj6DLAiVPqQ2vo5NzihNoqgu/HpkhSG26OAJq2NDYurMsT+Myiuq4 -YkE= +BgNVHQ4EFgQUXaDeLUuKpyHPOFRSzjDft8OqIRIwHwYDVR0jBBgwFoAUTmnEQK5v +3hto6Fd68WGVHv1qXaQwDQYJKoZIhvcNAQELBQADggEBABjU2ZTLcaMSM6uwbw48 +WrTMwxhCKhOWtirGxJkKzr/g6E5j7VMayWYWuDLDn+snWNOPuCEEFLOY15FYxvX8 +iVQ0uBYBNvbKmcLggm3eu3JleMGvHh4RnwJ7MprYB2UEHqGkD2p9CNm67eO4uqCh +FpNj0kwrlL2nzO8jgJVnV8gn60UJ5OUA5q09HaDg0Eh6QNTVHL5V5WJPp2aGgTK8 +Ku/gIjjAanWlpk9A5jsHz5UD0I97+E3jn+ZJGHBEM9u6pQUyhwL/K9VirLqCLd/x +UjCphAIfz1JN/+ZypSTyk+MDKU37hjbnk/uxh6ltv+Q3SnyRKM23FlDwG74jHLYJ +nVI= -----END CERTIFICATE----- diff --git a/testdata/spiffe_end2end/server.key b/testdata/spiffe_end2end/server.key index 6bc006ce5971..a876edeb1a8f 100644 --- a/testdata/spiffe_end2end/server.key +++ b/testdata/spiffe_end2end/server.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCpfq2SvTp7uxmk -ux2D9fM3yBOum3YjRx3HLplC0GkBOHCwvsvw03ipQk8DJOSz0enun6SaLEhOZJ3Z -9Y24qEeMEeWfm2rWrCzULmf2qH9lmJ1fYdj3V/v8x+ulgUWiSRB9LiwJzSFt0uTK -L+PZZLjfkze8SFB6Zn6NBnTKzWbLs/ZxjiJcin8YLMoAnS5FfEVMfaDwE3RO9kED -Jt0YG8bf6p8Tv773aOrDW2WszxWSUwoVMe2ByHajf6vC7/oyh1lrq0QIUy0AnXst -3DKPolenY+Qt+17XP9HZf52cLVolzuhjw+yjEKMxbwHtXewayMHkoV5ySck5VrC9 -iF34jyTfAgMBAAECggEABxYYw63NqCamZ9C65y19QbPHvuEZC1iJ0i4MklKMUVS+ -wWT4udTdkpYHH6aHOU1pbmSWSSvYyg5C2z388t92PlDxPL8OtHL2XNij2BgrW2AK -FFbO72hqTKM/IuhItQRBADrR9IbzAthyYFGoQQqJAC/zgJe1ZairWdIPR/tWdOW7 -1+ctVWIMCKpTpomuoI1oK7PJos6ciIQ5yCWPhMVyQ4EInG4YHF4r2agxWyaF5MLT -gu/qH7tKvkCgo+jjofEntCrw7QYqW8HSFLGm5wxus4/vxoyrwRAgwSotm13tpbg8 -ODleK3u8S50zXuVk/+smskHv1QMGVAxuVFi7ZpPHAQKBgQDU6KpvYOZPR5+XdQNn -BBGbkgaw0qQ7E+1w3pbcaEpglcLQRQn2fjwUOc7YWV8SpMXIneqfhvGLPJXKExXK -coCdjyPAy77zAt7HOVJwAfYaLaoyxnAxnFIgTCLUOchvysWuvauYOkBF5d1GCbXK -v5XUqbLiWnQoLPESubm/IJEEfwKBgQDLzJ/wmEn8vCZk6saEJoFkfG43oJaGrDOT -kKE5pgLSNOtBB6ML4xliU1rwbHz+gpmQKBpb1zQedSyB9rd5G+NzPFQ14RoTsR10 -71S6o8jacIJxo6vZWrS3yOJSBcEhU2K8yFRGgI3cy53JtT5gZIckyINnovdTZpR7 -7vdhPngvoQKBgQC4FH4flGEsVJnIYrRRYjQzFLtSMJ0sMxuNBfbblBQSlAl+9uIZ -S6V4O076wbKwtOQIg3iy+wJmRzifIYcqpXtMPtFDxSVQiL/C8m2zSA7XLXpFMksY -qbZcFFfctCT3exMV9QmisWKWzJpXDtgt9x19ZEe0604Y2lqIvSm69VZM0wKBgHHG -I8gijLOOqnSOaRMfl/7sRG/DtCUs/4IzLP7NAiguKOPeCpU5TFOLK2qrdkBz0p0a -9lQtWUhjq9xGSvlOq3UKygxmRbOWnlZIwmmLxDbGttwQPoESVW+As3CNC9u5/JZd -1EajwA7ykX0pNNCFbrkHQ+zYmvCxhNWHfA2K3XfhAoGAUtwFJFNRCYIGiFVrQ19n -nwCt4+3zYT8wTL1EbyWa0pKhADFSwnwdhJ1ZNev1hKu663+iQO5KdlBeoicicpOA -hNkrw5Al4pvJBp+WV6pqCLtMbuJUBYAWOpUipGnnJsEYTC9SxDnIqh+6Qc7tsEYv -xDykqFvrNxQXLahWavYW8Lg= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7mwFKwCTD58lp +Pq+aQUpum9+CADQxiiFY2B9zWGCkotIaZhtCA/ZVdy5Wn17T0AosLAeyxWsqg9OV +cEBRgs7xvvZxXM8MUlfOjTNMgfFgI8VNYOK94Skwo/CTdNz1KkWLthkNwdL8vjWH +KQgdqwp3HvuqYL0N+b27MPEQdImY+sqGWqWtHqFbTIPJcyyWPS1Wyw9jh+YwTo/w +jPXW6mcODRNWv8ZZfbtOaQVNQ60t8U9sdJhESZ5XqQrWsTwulKxGw5mXl1K10iTW +mX28k8QS9NsgtZKYyBwIFGcjc+19EiP46xDlXmWcE3YL+huogP7KDXuUoKIo/oRB +xaYJ9mujAgMBAAECggEAEeoBO5QRbquJbgVQW1h0tQ8pTo6abUiVWph4mFkOEWqC +yYaKf8lFEnAo+piJQ4yQDBvAOG/lhc/EunZXjfEBtc/YVIbaNoD+ZXjSNzIJTHbd +9j+UJzGC72QYKtxz5O0+atLenZOug/fdwKRIZBzbCPjqayCFrPn2BhPsUPfv062l +AzP2om5rrT1ZdXLNlEy7BXjMs1qljj1b3VmfWvnrsA5khq0DHYJoJ7rP0f/tKhBR +t4+Gh7/6Wec4Qqoy10rco6Oa3OpIolKFJMYQ3enA2aaTIM7L7E+kVrRm62+OB7mn +pkpkPMYN9IC52FqHSaWc16vftynr+PjbNbkcElk4gQKBgQDsnleyATqTNtX2qDH9 +eYv4I05hulbVyI1OgsiWKLHQooGuaHdReUwW/RuofSVo/owJXSIvqnldltyuQ9Da +ZPYbOlpEl4twSRIx5To4w7zuYgpFr8643lPCpij+PLGPryvn2JuJAoNPU4rzEN7y +1vxU2U7Bqoh/X0S9ZYpBwzIyQwKBgQDK+OhJZdBVVeta3Nip9Bli7XXhcZV++7ip +JDxzIMrDqjYzY4sQDtkhpysuos2Mgp90C4HwhpDsfP2whVuypFLj6ChEspot/1DI +rFo2KhEOVOXOfdTnLrtWlitSp38i2E2C5g53T9Jigyq8ssQfZwoqlVP7fOK+79FV +CBJpIC27IQKBgEunTO6zCeFr1PlqSaF7rU8HKtaAV6c+2j9R/YRVOpU0gDYdXJkG +KVfoUWGLsdxiFrAfwQBwhyFvTNvC/xH02eNWwunPclvSYSjm27iujMfDPPmO/o+J +Nkq0CcNP8I26OlWEoiYqUYWZdoHE0SPfrQoL+Oxe9AmVkkrkHlJscK41AoGAB3Ut +08SR6xDFHQmQTG5ToHbpJedufsPw/QX/0psZ2Cag5zJ5IZXqFHp387a3proF8dWa +aKQJHydYiuvbeqze/tDA6gVF9Pq0lSsABY12IvirmPK2p+fnqj7KSLcuzLD16CFb +1rZwHH6FS3mmCyFWFkp2U387NZjKMD2jr4knJQECgYEAxexweu0XMPRujIL4/ONO +XjKf0N7/WJOaMt4cxP/po02taLSg+9Nw3/7rEM2sX6046mG3mPTKb2Aj6gpdmPIj +DdpkFBoxgZy3/QBscm4Xmi6AOgmAVy0cNgnXLDbFY8pzUiaBaxpqtHlBxzxNk2UG +3DB1bo79CURbSmdFaUklpkQ= -----END PRIVATE KEY----- diff --git a/testdata/spiffe_end2end/server_spiffe.pem b/testdata/spiffe_end2end/server_spiffe.pem index f607d7c848d2..cc924d005b90 100644 --- a/testdata/spiffe_end2end/server_spiffe.pem +++ b/testdata/spiffe_end2end/server_spiffe.pem @@ -1,29 +1,29 @@ -----BEGIN CERTIFICATE----- -MIIE+DCCAuCgAwIBAgIUBoJ396S7DO0kRqDUn4TB6zKKIIowDQYJKoZIhvcNAQEL +MIIE+DCCAuCgAwIBAgIUCzY7jU+NrvxZf0WMdg/5AM5i8XYwDQYJKoZIhvcNAQEL BQAwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMSEwHwYDVQQKDBhJbnRlcm5l dCBXaWRnaXRzIFB0eSBMdGQxGzAZBgNVBAMMEmZvby5iYXIuaG9vLmNhLmNvbTAe -Fw0yNTAzMDcxOTM0NDZaFw0zNTAzMDUxOTM0NDZaMFMxCzAJBgNVBAYTAlVTMQsw +Fw0yNjAzMDkwNTI4MjFaFw0zNjAzMDYwNTI4MjFaMFMxCzAJBgNVBAYTAlVTMQsw CQYDVQQIDAJDQTEMMAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBDMRowGAYDVQQD DBEqLnRlc3QuZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAKl+rZK9Onu7GaS7HYP18zfIE66bdiNHHccumULQaQE4cLC+y/DTeKlCTwMk -5LPR6e6fpJosSE5kndn1jbioR4wR5Z+batasLNQuZ/aof2WYnV9h2PdX+/zH66WB -RaJJEH0uLAnNIW3S5Mov49lkuN+TN7xIUHpmfo0GdMrNZsuz9nGOIlyKfxgsygCd -LkV8RUx9oPATdE72QQMm3Rgbxt/qnxO/vvdo6sNbZazPFZJTChUx7YHIdqN/q8Lv -+jKHWWurRAhTLQCdey3cMo+iV6dj5C37Xtc/0dl/nZwtWiXO6GPD7KMQozFvAe1d -7BrIweShXnJJyTlWsL2IXfiPJN8CAwEAAaOBvDCBuTB3BgNVHREEcDBughAqLnRl +ggEBALubAUrAJMPnyWk+r5pBSm6b34IANDGKIVjYH3NYYKSi0hpmG0ID9lV3Llaf +XtPQCiwsB7LFayqD05VwQFGCzvG+9nFczwxSV86NM0yB8WAjxU1g4r3hKTCj8JN0 +3PUqRYu2GQ3B0vy+NYcpCB2rCnce+6pgvQ35vbsw8RB0iZj6yoZapa0eoVtMg8lz +LJY9LVbLD2OH5jBOj/CM9dbqZw4NE1a/xll9u05pBU1DrS3xT2x0mERJnlepCtax +PC6UrEbDmZeXUrXSJNaZfbyTxBL02yC1kpjIHAgUZyNz7X0SI/jrEOVeZZwTdgv6 +G6iA/soNe5Sgoij+hEHFpgn2a6MCAwEAAaOBvDCBuTB3BgNVHREEcDBughAqLnRl c3QuZ29vZ2xlLmZyghh3YXRlcnpvb2kudGVzdC5nb29nbGUuYmWCEioudGVzdC55 b3V0dWJlLmNvbYcEwKgBA4Ymc3BpZmZlOi8vZXhhbXBsZS5jb20vd29ya2xvYWQv -OWVlYmNjZDIwHQYDVR0OBBYEFDJn3wGxfbvBrS/dTLOScNtTMi9EMB8GA1UdIwQY -MBaAFC/2ExFymUY2zr/NgsBjLgXjcBKyMA0GCSqGSIb3DQEBCwUAA4ICAQCaWp4p -qmG5il353PrAedmk7kk5+YigeX/uUBYCdOm/j/M4IpJpsmkfFStYIhJAq3H2KViQ -x7MNRLd15Z2fcdx9qWJ7aHq9fp9W7L1dINbiFD0KTp9c9oD2HpXnldy8r1EIDDaQ -VxIlJDd3rUsebLT4oPZ13HQDp5clJ44WdcybqFgbvcJoxhXYMlBXOKwsLlm+abDO -0XWEfubO/irsrsByUmaoGc/0Adf2O+wgDo9xSB4d2b601K02dYpl71NNelRvBrB5 -FubExuAef+4xgha/eMn+qcRBhH2jv7Fjc1HuKH8srukcRJHblQy96reJj2bcDhp/ -bPJ2xBzc13UZ2do9A209qGRCHONd5VH5NY++484XlFf12jJUEQiUCT7jOReFbUbR -FkiHbyapVEmqnI8RifPbRIov/XzCqkaCZuMW+64cr6eBpuoi8YV+xV37zHYhT2bf -Wpk83uyuvw6qZApQPLc2MQ6MpRv3740S/0+lKjNoG5xi2loNCMTGCgtt7EQT93cZ -z/picgGigC1qIPonukQsdf+cCD3eC0Kd45VEj8bon4MxmjbROUdVzVwG4wmptF7l -jB3GjnqHfEJl1RuDsLFEtBSqjESQTeeOuNMcPKSfNVbePLf4CxuRmIXumpwAxicw -aeSaOwEPybd7LBd8qJHSRgfKMMgKnpZgzV4SZQ== +OWVlYmNjZDIwHQYDVR0OBBYEFBX+f5l5bG5acfhtDIBG57WD+zAtMB8GA1UdIwQY +MBaAFPy47QN6FVgk896nwEF7nP3Qu2/OMA0GCSqGSIb3DQEBCwUAA4ICAQCWvSe3 +kD21ksNBbH5COlpLhKbbnnlrkBAzzZjeJfkdDROXXUWAepxubX81cd5aZwhucFWL +bEL08D9+f+cUrseAafMxNXqBoK9fzJJq2v8fD27Ian63oAfcR5pG7EuvoJ99zwqL +Bi3SYuakq+u59LfWOmq/ohSi9H9pFbSJHjmMi0CynfL6qYJKacJcEjDq8yJTC4t7 +/s8eJGz+w1sSIlpkgbnNva3MA2HrLVzdQwC7JzZ69FljX4JZH37PXTQfi6Ri1WJq +G8OlEnk4NVt/pimiK5OLmhcfk7fbFL274A7rLzrHT1IZE6NUmDq9i8BwqnTNumMI +mwNQWe7ZPO6SNyv8lVrcuZF/wRx4b5KP0OBqi9I5emjolU1n+OcfurClgkFgN46d +GSBeIToQekBOWFm1Hb4a/nBMqaiLHnslnBbGsZGZ+miD8Rue/yqtCD10NjYJkaUC +jHOSwZ3hNn1Po9S0HehKA9MZO/ES3MQHedqtP3K3HG52ZmKQ8NNKIQ34zSsgrNHP +vZgWpmdvcUrnzh1Ft1oq4nLws3Y2F4/c7YUfVWzo+ydePy5eaYQaMjYdhosBJWHk +3fMQJm+mkeLZmM2Akk5Zza68U6FuyBTyERbl60TV2pU7pZ5cqaOOO16/kfZTmYSq +9g6wsjV7y0tVXlPir4ezSeI0SyYikuS9/v6Ycw== -----END CERTIFICATE----- diff --git a/testdata/spiffe_end2end/server_spiffebundle.json b/testdata/spiffe_end2end/server_spiffebundle.json index 928d15b35cce..ddc2382e0352 100644 --- a/testdata/spiffe_end2end/server_spiffebundle.json +++ b/testdata/spiffe_end2end/server_spiffebundle.json @@ -6,10 +6,8 @@ { "kty": "RSA", "use": "x509-svid", - "x5c": [ - "MIIFlTCCA32gAwIBAgIUCD73sHXu5IURolSTiJ127a/xUO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxGzAZBgNVBAMMEmZvby5iYXIuaG9vLmNhLmNvbTAeFw0yNTAzMDcxOTM0NDZaFw0yNjAzMDcxOTM0NDZaMFoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDDBJmb28uYmFyLmhvby5jYS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC19PImArmxbwgqo2QG2si8BU6E69Bvyqxz8Je3swxBIGwZ9uIobMSBLeTCYyXuf+o90Zf0kMwzmrAKeLEeky5W/j07zGXAtgUBPA7L1Uk0TxOdJXBCUvEm5Oc4GxubfO7F+pdJKZ+XkRVqbnStGe5qX6KNs5rcJfFUhewbtM0snGEIf2yhaA0mNNuGtlIm4VB7jmiyHNU5YTowByVCVrV3/t2RI9+T4ya0AlkW93rU0M0qQauJ35LkJIXifbzrnLxmztEyb+mnVUB+GJgz01E4teWo/PJb1aNJ/ojf/UONsQ5IFRdza6RhaQB7C+Dxlnt/SJ3MMaxHgVycYuJeVtJQuncGRSuQ2YrmW9b36HVnxa0xBDeSluUjv48hMRlLNaXaH4yuK6oc8TNJie++/ir6Kb4H+0RjcKMGqxZYfotU1obxa+5N3wzGSjUDUrhofzlfvqbp+NCwdFH+qczM4IZPL8YMMh6goKr9BRN9/xRIieotyH6rfKNcnkUgDp750U0cZ7P2eRUpldyc9hZS5AlF4cKQXgLIrv1LrZHkiIietetInUEBAa/PF2YHRLXUyI1PCSBKBu7wdwAU15J9dVFC9jkmOLYhoRdPfrobpWhs5+FfPJumSoiusdGXd7x4l313xi2V02YXz5mRGbT2lCb6aJPweuziiEBZn+5KV++DkQIDAQABo1MwUTAdBgNVHQ4EFgQUL/YTEXKZRjbOv82CwGMuBeNwErIwHwYDVR0jBBgwFoAUL/YTEXKZRjbOv82CwGMuBeNwErIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAIYtNERVMj4dS/KgoXD3a6mF6KD+IuxDTlVbVTwDJMzdNW5UPB2qCiDKbirK8Eedh90r3qxKzBiQPE5AHDZrbWSBAxDhlpQqCXgx8Z+nCB38K9i8hbKM/ablm9DkeHiHohoP1kJEN2HtPz1K6OabbKbPtVGt8y+QTIlZDodPPzKPmQ6dUTm9tWlU1oIxl4pPVR6WXDr0qAmNRvdW7+8/Ai+gMDi6fKQJCe/r/meVrI9lSrnn8VQyO4xXvyolHEROTUiomlJ1QE9IWAM9LNFOuWFwQjayo2d6O+zHqjGUtbzBHFb8/BLJcQzogWYT0/+rEboJhR+/OGe0ntPPkudmLL0HTx0Q1aajnChMVlaOd2wucePZSa6GqGEVA+lCqwbteqwJCnL7deVHo+UlORFgQwYir2CQbyN9Yd4MtQT7VZuDiVC6tlGbj1ogrpOnW8n49jXrNPWuPz2hcPQb2gzYFGI9WRKIX4SjvvS3QcHUyigQkjAQ12Ldj5CXBYTjSmjcgsa2QfUY5qrXsHLz7e4uXD9XYnB/XEEfxQfQTFEy5CtzTrTxnT+cwRuBooIr6InjqdbdJ+UbkWcIY6w+c7ndFT849pUgtrojbVpm9ZzsmHhAahR/+iHYH+LGeHYIpq71o/YDgM4vV9z3sWic7u1YE9JULBdlaDw8Xik82zjvw4IA=" - ], - "n": "tfTyJgK5sW8IKqNkBtrIvAVOhOvQb8qsc_CXt7MMQSBsGfbiKGzEgS3kwmMl7n_qPdGX9JDMM5qwCnixHpMuVv49O8xlwLYFATwOy9VJNE8TnSVwQlLxJuTnOBsbm3zuxfqXSSmfl5EVam50rRnual-ijbOa3CXxVIXsG7TNLJxhCH9soWgNJjTbhrZSJuFQe45oshzVOWE6MAclQla1d_7dkSPfk-MmtAJZFvd61NDNKkGrid-S5CSF4n2865y8Zs7RMm_pp1VAfhiYM9NROLXlqPzyW9WjSf6I3_1DjbEOSBUXc2ukYWkAewvg8ZZ7f0idzDGsR4FcnGLiXlbSULp3BkUrkNmK5lvW9-h1Z8WtMQQ3kpblI7-PITEZSzWl2h-MriuqHPEzSYnvvv4q-im-B_tEY3CjBqsWWH6LVNaG8WvuTd8Mxko1A1K4aH85X76m6fjQsHRR_qnMzOCGTy_GDDIeoKCq_QUTff8USInqLch-q3yjXJ5FIA6e-dFNHGez9nkVKZXcnPYWUuQJReHCkF4CyK79S62R5IiInrXrSJ1BAQGvzxdmB0S11MiNTwkgSgbu8HcAFNeSfXVRQvY5Jji2IaEXT366G6VobOfhXzybpkqIrrHRl3e8eJd9d8YtldNmF8-ZkRm09pQm-miT8Hrs4ohAWZ_uSlfvg5E", + "x5c": ["MIIFlTCCA32gAwIBAgIUZ4e1KRtWw0c8V5NnA9VEoUMvzq4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxGzAZBgNVBAMMEmZvby5iYXIuaG9vLmNhLmNvbTAeFw0yNjAzMDkwNTI4MjBaFw0zNjAzMDYwNTI4MjBaMFoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRswGQYDVQQDDBJmb28uYmFyLmhvby5jYS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDZRezL1GWM/0umgcLNGI9fsp0sabLUN1rUTwXjCGHvGAt9cPY1xK6P6+/QXeBkYogmwC3Udhwl+8x3AOu2FKP9QeveW+hB4N3SCtY4D+nGxPWnL1Yjh0170tkVRPkh89wPX4XdtAcIgZjjNgPH9wR3eWH8E3cDRvxjosy4e9aw0/VTHb0lZ2Ko6mY8x2bJNFUExmuh157b//yHdcL8O1K1h13o6YSqSlnLmnaSHpHA5/21erSjszE3ZjiPZFR6cl/RDjpJRKrh/eQAAeg7XO00VokrvZnK07mZ2nNyp4z1yCV4fwWCdBMfFfUSm0EgN8D65JxGj1He5bm4LVv6WuWj+cqgAzRhHjp8iZsmLFKvAoXSg1eJ+mG8vw5P9ZVd38M8N2DtifvmCkE1fln84oQj42wDgNQuwSafbGQIhNYrnsgbf+2lNj5IIYm/ScUcexbmCmKyOZfNcVQNAF26vQOvibBDOFyDW2qdi2tIGJgTPhkJPbDqKJx4UqNxIuoam28PifmK51Cn4i9rWOpQ2nM7JGX1Q3IE6S5iaVnogp2+SSh3PhktxQOK9IUX7ysX9eVQAdN8lnKgaIZuyYOx9H9jWValZ/dCLa2Y/BuFslx4NRVLtoJkUIakdTepo83ZrrSs3c4DSEIJJkgVPBmBkua3RdYB1Cw+A8T0C8nvExyJbwIDAQABo1MwUTAdBgNVHQ4EFgQU/LjtA3oVWCTz3qfAQXuc/dC7b84wHwYDVR0jBBgwFoAU/LjtA3oVWCTz3qfAQXuc/dC7b84wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAZFJDbhKL1M16Ya7eAvrgUWI9vbC4xm/68HzIGuQLeP9yr7QMfk5wzh9umYcGWs/hkz2jg/88PbPUEP35psTw+dZGtnQwi/0icM9w7m0HZrDx8vMYvX5AoEaPb5PqbjwhBxzd2Hpv/Y+PLLRO9uh1Xeh95J4yp5t/xOPyimljKLTam+rpj7BevYftlSXuIWrR6sldIt9I1zT5CfcBSefmSVo2WtgLdqfOBIAD73OMbcxEPDiTF4/q8S1qHeA8eNUXc5IrWEI2NirhpvR0ZXMyjY1gJoZ4XqPFSXg+1oi9qpbjMhKU5J+Rm8brv/HmACaP90hSPXjuRl2Tp/NJ6idV1heNd4MdTeAlH+deQ+UQ/rFo6HY95S3ltdcaDX8V7WdpRUQddv2DS5VPPi60LJuOdxKB+XFtjdLUtxwOw3Hoj91YWZLuMu2xzVeASeA6FsB0vZwQdqn8FX1BQNSIEHGs7tieV7N0AlLavQBpyRYfhgKOL9Utbl4Cp6C6k42uFo/tFREUdzgtt0JqT+/NMJRA6rOJYHVUWNeG2ggGpuCtHXkwktC4JBnUwnvdVZX3sXPslmiFzMO6S/+PesHA0TclifTZNOETHphF8efGsRFL/lkhcBRkZKBVOkWKdKMUnXPgDKLyu/e1WQXCXmyTjv8FEiG2Ni8U4P0c2PldooYVjw4="], + "n": "2UXsy9RljP9LpoHCzRiPX7KdLGmy1Dda1E8F4whh7xgLfXD2NcSuj-vv0F3gZGKIJsAt1HYcJfvMdwDrthSj_UHr3lvoQeDd0grWOA_pxsT1py9WI4dNe9LZFUT5IfPcD1-F3bQHCIGY4zYDx_cEd3lh_BN3A0b8Y6LMuHvWsNP1Ux29JWdiqOpmPMdmyTRVBMZrodee2__8h3XC_DtStYdd6OmEqkpZy5p2kh6RwOf9tXq0o7MxN2Y4j2RUenJf0Q46SUSq4f3kAAHoO1ztNFaJK72ZytO5mdpzcqeM9cgleH8FgnQTHxX1EptBIDfA-uScRo9R3uW5uC1b-lrlo_nKoAM0YR46fImbJixSrwKF0oNXifphvL8OT_WVXd_DPDdg7Yn75gpBNX5Z_OKEI-NsA4DULsEmn2xkCITWK57IG3_tpTY-SCGJv0nFHHsW5gpisjmXzXFUDQBdur0Dr4mwQzhcg1tqnYtrSBiYEz4ZCT2w6iiceFKjcSLqGptvD4n5iudQp-Iva1jqUNpzOyRl9UNyBOkuYmlZ6IKdvkkodz4ZLcUDivSFF-8rF_XlUAHTfJZyoGiGbsmDsfR_Y1lWpWf3Qi2tmPwbhbJceDUVS7aCZFCGpHU3qaPN2a60rN3OA0hCCSZIFTwZgZLmt0XWAdQsPgPE9AvJ7xMciW8", "e": "AQAB" } ]