-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathtls_test.go
343 lines (292 loc) · 62.5 KB
/
tls_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
package j8a
import (
"crypto/tls"
"crypto/x509"
"github.com/hako/durafmt"
"math/big"
"testing"
"time"
)
func TestPDurationAsString(t *testing.T) {
pd399 := PDuration(time.Hour * 24 * 399)
got := pd399.AsString()
want := "1 year 4 weeks"
if got != want {
t.Errorf("durafmt parse error, want %s, got %s", want, got)
}
}
func TestTlsLinkRemainingValidity29DaysTooCloseForComfort(t *testing.T) {
Runner = mockRuntime()
t1 := TlsLink{remainingValidity: PDuration(time.Hour * 24 * 29)}
if !t1.expiresTooCloseForComfort() {
t.Errorf("did not fire too close for comfort, but 29 days is")
}
}
func TestTlsLinkRemainingValidity31DaysNotTooCloseForComfort(t *testing.T) {
Runner = mockRuntime()
t1 := TlsLink{remainingValidity: PDuration(time.Hour * 24 * 31)}
if t1.expiresTooCloseForComfort() {
t.Errorf("did fire too close for comfort but 31 days is not")
}
}
func TestTlsLinkTotalValidity397DaysWithinLegalBrowserPeriod(t *testing.T) {
Runner = mockRuntime()
t1 := TlsLink{
remainingValidity: PDuration(time.Hour * 24 * 397),
browserValidity: PDuration(time.Hour * 24 * 398),
}
if t1.expiryLongerThanLegalBrowserMaximum() {
t.Errorf("397 days is not longer than browser validity but did fire")
}
}
func TestTlsLinkTotalValidity399DaysNotWithinLegalBrowserPeriod(t *testing.T) {
Runner = mockRuntime()
t1 := TlsLink{
remainingValidity: PDuration(time.Hour * 24 * 399),
browserValidity: PDuration(time.Hour * 24 * 398),
}
if !t1.expiryLongerThanLegalBrowserMaximum() {
t.Errorf("399 days is longer than browser validity but did not fire")
}
}
func TestPDuration_AsDays(t *testing.T) {
pd399 := PDuration(time.Hour * 24 * 399)
got := pd399.AsDays()
want := 399
if got != want {
t.Errorf("durafmt parse error, want %d, got %d", want, got)
}
}
func TestBrowserExpiry_AsDays(t *testing.T) {
got := Days398.AsDays()
want := 398
if got != want {
t.Errorf("wrong browser expiry days, want %d, got %d", want, got)
}
}
func TestParseTlsLinks(t *testing.T) {
//this implicitly creates a Runner without returning it because it's well...global.
mockTlsConfig()
c, _ := x509.ParseCertificate(Runner.ReloadableCert.Cert.Certificate[0])
tlsLinks := parseTlsLinks([]*x509.Certificate{c})
logCertStats(tlsLinks)
if len(tlsLinks) != 1 {
t.Errorf("tls links parsed incorrectly")
} else {
if tlsLinks[0].isCA != false {
t.Errorf("cert should not be a CA")
}
if tlsLinks[0].totalValidity.AsDuration().Seconds() != time.Duration(time.Second*352257299).Seconds() {
t.Errorf("total validity should be %s", durafmt.Parse(tlsLinks[0].totalValidity.AsDuration()))
}
}
}
func TestCheckForKeyAndCertificateErrorsPass(t *testing.T) {
certPem := "-----BEGIN CERTIFICATE-----\nMIIEkzCCAvugAwIBAgIRANiwkh9AuRgrvYh7Y5DtWIUwDQYJKoZIhvcNAQELBQAw\ngYExHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTErMCkGA1UECwwic2lt\nb25taXR0YWdAdHJvb3BlciAoU2ltb24gTWl0dGFnKTEyMDAGA1UEAwwpbWtjZXJ0\nIHNpbW9ubWl0dGFnQHRyb29wZXIgKFNpbW9uIE1pdHRhZykwHhcNMTkwNjAxMDAw\nMDAwWhcNMzAwNzMwMDExNDU5WjBjMScwJQYDVQQKEx5ta2NlcnQgZGV2ZWxvcG1l\nbnQgY2VydGlmaWNhdGUxODA2BgNVBAsML3NpbW9ubWl0dGFnQE1hY0Jvb2stUHJv\nLTE2LmxvY2FsIChTaW1vbiBNaXR0YWcpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\nMIIBCgKCAQEAsCTQ9rLTQYjIlGF7EOrTJux8E514TUoAuQ0xo1NOSssptjmDyGhb\n8K7+A/TgdU/xlPMcJf22nNDQ2MpqpgHGlDcuXt3SmVrcsTeby1Pa81gxKp23a51B\n8xAoHoHwXVSWdiMWk3H/Jjv/dtYL1L180neewcWvK26ANUwlzWG6BW1QVUXXNdRo\ndmxQ1eg2S/qMBASFj6QjCsWWJiEfmz4PQpsP8q5IqCcX85BUqGO919JlE/eXEAgk\n9Yuh61/50n39B/sPC0mU5s6vH0SPCBvz1g8SiXa8jj3jCXxa/0ZsYtAVqPe5BoRP\nvK2q1sbKbJVr7EpmiOdKxKPHonRHasweGwIDAQABo4GiMIGfMA4GA1UdDwEB/wQE\nAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY\nMBaAFMNEcloV4jg+eonB5omuJvQXiqiRMEkGA1UdEQRCMECCDyouamFiYmF0ZXN0\nLmNvbYIKamFiYmEudGVzdIIJbG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAA\nAAABMA0GCSqGSIb3DQEBCwUAA4IBgQDGI3EUWPKsEOqLCpnwSlFihu8n9+g4pV3/\njItYhUqMBz1v8TqV2zykkJUtlfNoxrp5OAg4CG0Xr1zhqjub3teKbsNKlRpV+h04\n4ncltpe66u4gg9RW+ww/f+J3C2yZRIX+brhDcTpdEMyfVoCV/5jeCxWf29MdFcLU\nBfgFdEp1oe3bK/dyZc8SbUlmizyumaDOaZACihz/DKsJ+lzRdy6c3UPQgC3r72oN\nLx/ccpnwdeumWFs+qYOjYfrCGFXaabokdtyit4XURFngxpnPUB9jHDvkI5+/eTaB\nSpdjJxE6x4mciyZSvshhu1v8j52+d9zUANs9+Y/v6EoCZ6byaaS4NAmTXdAWlnYb\nhIuRRsI4gIDhJWLrACBu1Osh7ZknaLNVMt5xo3TemCkVKud3NHGbycHTUoFBuHz/\nJOTQJ/Z1Ym3enpTAESZVcZTzS9gL62wfIfLcFvq+tVjoJZVJCcolP2fYn3U5lEiN\nvZvs72xp4sYEOa9zhvEs/yte9c6rkU0=\n-----END CERTIFICATE-----\n"
keyPem := "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwJND2stNBiMiU\nYXsQ6tMm7HwTnXhNSgC5DTGjU05Kyym2OYPIaFvwrv4D9OB1T/GU8xwl/bac0NDY\nymqmAcaUNy5e3dKZWtyxN5vLU9rzWDEqnbdrnUHzECgegfBdVJZ2IxaTcf8mO/92\n1gvUvXzSd57Bxa8rboA1TCXNYboFbVBVRdc11Gh2bFDV6DZL+owEBIWPpCMKxZYm\nIR+bPg9Cmw/yrkioJxfzkFSoY73X0mUT95cQCCT1i6HrX/nSff0H+w8LSZTmzq8f\nRI8IG/PWDxKJdryOPeMJfFr/Rmxi0BWo97kGhE+8rarWxspslWvsSmaI50rEo8ei\ndEdqzB4bAgMBAAECggEAc9nDFn7HM3MjeXQj3RyVhCRF9yC63xqtHwjufN1twQOe\ni5uIcWcyETsHFtMYThAmdDDxcotMcBdnRS7cthK06QbiGMMMoJCCVoyciz674xE+\nRSk2WjE0DwmxWV9dGAVqcIjjcFap2hvcCez+Gw4F6ueCIzBB5e7npCZRNqPwFWCY\n/og06ypz/4LHXFNatvRJC3qhWFwFo1bVC1ycZmc5RQ4IHeQHzi6oCJhSRdCbM7Q9\n7fQhmjtcw0pxvJTVV+XP7tTf9iDDwgi/Le2iEqNQ1D6c4+nYAGYj2D3919oUYnyv\ntnznZ2GTibIyP6kl4L79ChRz0JGBzraKH7aJh9H1AQKBgQDS0xd8RNLJ5hkwPitt\nx/4RNlobGGZqqvQiCKkaDvnc1E1eKR3rVlxH17/ccA/qs0vcoFDPbGyRa/OgD7p5\nRo3R+EPDFoFq1KMP4SRoGcDgrNKHQ3o06sUngmtUUP28G+DUQm46xW7cnQrvvNiK\nf9MMfeNH+tAPtssZh0HNKJa9fwKBgQDV40peDqh9b4Ag+mfiHIJGuwTN8LMvKRqr\nN5dVirl2BDYMwF6JflIwIwjBZq7ah3NsT5/Yd+nuY+ux/pO4iU5jMbTtoAOv2dc7\nVKpqNTaQdJhta5OlOdBSP5iXj4siVCMIFL1jz8JtWuXX4hUtbliG6ICZTH2/5ivG\nfaPiOhAlZQKBgQCp941jnojiRSPhhP22UBpA/jS+y3kmXhTcq2bJn3FJ289ULon0\nhXd4ZDRGIAJ1EYADqyv7TkppI0MStBt+UqdbtG/NBIPqAOxFjRmw47JgcHR6oKgR\nqYSxSbAGFhW6Zi9ocPY1Y57xNZrvlKxvXIZl98gY69h6EsDDIAyoviRpOQKBgC0g\nRjlv+EZ2tt6+VhqTjzzjClF03ikuD+1dzjUDDrwCiXDJSWjS2P5E9fzv8CY0+7o3\nVm8yZY2hUUH9hycg+QPeoeCcqQp5+HoRE99SmM+DegFj+AOdHgGsX0Jiy6UTgUyc\nK5UaaVfvHJ0emv85z72u4ir1w3YwVr4LFf+N5ogtAoGAHODQpVC7sg+nlbeSKsPf\nRbULfOG4YD5pHszNM+nCjNWs00ofJoZOFA64qXwTIc4Vrh8JLiwAkXiTGYM2guv5\nQnp+HbFi/tAc+rQu4SGBaVIglnIj7jFNdgJOb68Vw/L9v2jW1Y8VoAC0eCRWpHud\nGsMkN4GFOfQKoBI/aCXn4DM=\n-----END PRIVATE KEY-----\n"
cAPem := "-----BEGIN CERTIFICATE-----\nMIIE0zCCAzugAwIBAgIQB2bsiI7SUtxu+HwBxuNtpDANBgkqhkiG9w0BAQsFADCB\ngTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSswKQYDVQQLDCJzaW1v\nbm1pdHRhZ0B0cm9vcGVyIChTaW1vbiBNaXR0YWcpMTIwMAYDVQQDDClta2NlcnQg\nc2ltb25taXR0YWdAdHJvb3BlciAoU2ltb24gTWl0dGFnKTAeFw0yMDA1MDEyMTE2\nNDNaFw0zMDA1MDEyMTE2NDNaMIGBMR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1l\nbnQgQ0ExKzApBgNVBAsMInNpbW9ubWl0dGFnQHRyb29wZXIgKFNpbW9uIE1pdHRh\nZykxMjAwBgNVBAMMKW1rY2VydCBzaW1vbm1pdHRhZ0B0cm9vcGVyIChTaW1vbiBN\naXR0YWcpMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzivKfp5OiWpT\n362cVgbw9DBqwMP0pO32aP79Y4UYeAxCfaWQDdqQEatBdraShtZcvUX8vZ9jvgHE\noGMGSJb/DIVRxIDfhdvhh4qGQgbbSLwDkfLJTkpGMdONa/5yDC54fNZjF095YZn7\niPmsFbvYUfTwpM8qrP+jZzobByrTO4rG3Ps080gIR08RCA0E+uLg58rTpnsdBKZ0\nK2uuE4B4lVAs2AeS4KPMrH/rnCjSZz4KRwnaGqh+wiAjO0PHAfrbrhNsFB6P1/Zk\nCqzclj3TXdkMDaXhSvt0qJPEpNIPQMkvj9GROom7hExZUT7t7LPOZwODtiR2VjM3\nDDehfLqpNPRrxU3aOR7b4lFVtEL1+9NXKc3rnR5T2xPVVvBxx8FqYAxFmQtkGqpA\nYlRxImBONBreIr5/fdkr5xqd/S0s1pb8ubuK7x5COfqf0Mv++j+UjMptBQ3kYvOh\ntNrbnEI1q/7kvHNB8ETtJ4hqXikl9EHMYWdOo4nyGd4P8jo9jmGVAgMBAAGjRTBD\nMA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTD\nRHJaFeI4PnqJweaJrib0F4qokTANBgkqhkiG9w0BAQsFAAOCAYEAb+K3HO2AlDed\nS2yT7GnxD75Hcjnv1tMvMIlh1EOmRMHrzbsi7jv3Z7SDe2R5s1qRku3nxbVWj8i8\noRBi5GeRE+q/HkVloi4WPmgFGxUUbkWszAFSSGN5TAs72e5sCG/wMyEa0Gj8cOO1\ndK5SH3thP8+OjSpgQXToYfOimILlk7Hj7EgKE5Y8YX8UV+41LhGkzeK2UX9dBZn1\nof9qBc0dAQVlAA/O3dOgXorgiDbNT38cjignWEwVYzjeuJCYB91Ixf0CfHJZKHZR\nZCdIAHTJqW1tx7vsbrcl0PVAMgm+rkHLL0Dh9cp4fvONXWygVSjbqKM1s8UI9bFA\nbWU5Z3MhEn25wZCXLQDIq0uC+FwCxyS9e/exL4wmYpCLmRKVCp2gUa78Rlr/FJNa\nH9kfvP41Ya+fLzDWNKAlYQgizpZJmZuhPZu7O6n0UusaI+0WTKblCFUQJkx4aKEv\nio8QmLzoedmvVpO9Zp44Lyabmc7VnjoYTOcZczx4ECwEdKH/jswc\n-----END CERTIFICATE-----\n"
_, e := checkFullCertChainFromBytes([]byte(certPem+cAPem), []byte(keyPem))
if e != nil {
t.Errorf("cert check should have passed by but returned %v", e)
}
}
func TestCheckForKeyAndCertificateErrorsFailsWithCorruptKey(t *testing.T) {
certPem := "-----BEGIN CERTIFICATE-----\nMIIEkzCCAvugAwIBAgIRANiwkh9AuRgrvYh7Y5DtWIUwDQYJKoZIhvcNAQELBQAw\ngYExHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTErMCkGA1UECwwic2lt\nb25taXR0YWdAdHJvb3BlciAoU2ltb24gTWl0dGFnKTEyMDAGA1UEAwwpbWtjZXJ0\nIHNpbW9ubWl0dGFnQHRyb29wZXIgKFNpbW9uIE1pdHRhZykwHhcNMTkwNjAxMDAw\nMDAwWhcNMzAwNzMwMDExNDU5WjBjMScwJQYDVQQKEx5ta2NlcnQgZGV2ZWxvcG1l\nbnQgY2VydGlmaWNhdGUxODA2BgNVBAsML3NpbW9ubWl0dGFnQE1hY0Jvb2stUHJv\nLTE2LmxvY2FsIChTaW1vbiBNaXR0YWcpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\nMIIBCgKCAQEAsCTQ9rLTQYjIlGF7EOrTJux8E514TUoAuQ0xo1NOSssptjmDyGhb\n8K7+A/TgdU/xlPMcJf22nNDQ2MpqpgHGlDcuXt3SmVrcsTeby1Pa81gxKp23a51B\n8xAoHoHwXVSWdiMWk3H/Jjv/dtYL1L180neewcWvK26ANUwlzWG6BW1QVUXXNdRo\ndmxQ1eg2S/qMBASFj6QjCsWWJiEfmz4PQpsP8q5IqCcX85BUqGO919JlE/eXEAgk\n9Yuh61/50n39B/sPC0mU5s6vH0SPCBvz1g8SiXa8jj3jCXxa/0ZsYtAVqPe5BoRP\nvK2q1sbKbJVr7EpmiOdKxKPHonRHasweGwIDAQABo4GiMIGfMA4GA1UdDwEB/wQE\nAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY\nMBaAFMNEcloV4jg+eonB5omuJvQXiqiRMEkGA1UdEQRCMECCDyouamFiYmF0ZXN0\nLmNvbYIKamFiYmEudGVzdIIJbG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAA\nAAABMA0GCSqGSIb3DQEBCwUAA4IBgQDGI3EUWPKsEOqLCpnwSlFihu8n9+g4pV3/\njItYhUqMBz1v8TqV2zykkJUtlfNoxrp5OAg4CG0Xr1zhqjub3teKbsNKlRpV+h04\n4ncltpe66u4gg9RW+ww/f+J3C2yZRIX+brhDcTpdEMyfVoCV/5jeCxWf29MdFcLU\nBfgFdEp1oe3bK/dyZc8SbUlmizyumaDOaZACihz/DKsJ+lzRdy6c3UPQgC3r72oN\nLx/ccpnwdeumWFs+qYOjYfrCGFXaabokdtyit4XURFngxpnPUB9jHDvkI5+/eTaB\nSpdjJxE6x4mciyZSvshhu1v8j52+d9zUANs9+Y/v6EoCZ6byaaS4NAmTXdAWlnYb\nhIuRRsI4gIDhJWLrACBu1Osh7ZknaLNVMt5xo3TemCkVKud3NHGbycHTUoFBuHz/\nJOTQJ/Z1Ym3enpTAESZVcZTzS9gL62wfIfLcFvq+tVjoJZVJCcolP2fYn3U5lEiN\nvZvs72xp4sYEOa9zhvEs/yte9c6rkU0=\n-----END CERTIFICATE-----\n"
keyPem := "notakey"
cAPem := "-----BEGIN CERTIFICATE-----\nMIIE0zCCAzugAwIBAgIQB2bsiI7SUtxu+HwBxuNtpDANBgkqhkiG9w0BAQsFADCB\ngTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSswKQYDVQQLDCJzaW1v\nbm1pdHRhZ0B0cm9vcGVyIChTaW1vbiBNaXR0YWcpMTIwMAYDVQQDDClta2NlcnQg\nc2ltb25taXR0YWdAdHJvb3BlciAoU2ltb24gTWl0dGFnKTAeFw0yMDA1MDEyMTE2\nNDNaFw0zMDA1MDEyMTE2NDNaMIGBMR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1l\nbnQgQ0ExKzApBgNVBAsMInNpbW9ubWl0dGFnQHRyb29wZXIgKFNpbW9uIE1pdHRh\nZykxMjAwBgNVBAMMKW1rY2VydCBzaW1vbm1pdHRhZ0B0cm9vcGVyIChTaW1vbiBN\naXR0YWcpMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzivKfp5OiWpT\n362cVgbw9DBqwMP0pO32aP79Y4UYeAxCfaWQDdqQEatBdraShtZcvUX8vZ9jvgHE\noGMGSJb/DIVRxIDfhdvhh4qGQgbbSLwDkfLJTkpGMdONa/5yDC54fNZjF095YZn7\niPmsFbvYUfTwpM8qrP+jZzobByrTO4rG3Ps080gIR08RCA0E+uLg58rTpnsdBKZ0\nK2uuE4B4lVAs2AeS4KPMrH/rnCjSZz4KRwnaGqh+wiAjO0PHAfrbrhNsFB6P1/Zk\nCqzclj3TXdkMDaXhSvt0qJPEpNIPQMkvj9GROom7hExZUT7t7LPOZwODtiR2VjM3\nDDehfLqpNPRrxU3aOR7b4lFVtEL1+9NXKc3rnR5T2xPVVvBxx8FqYAxFmQtkGqpA\nYlRxImBONBreIr5/fdkr5xqd/S0s1pb8ubuK7x5COfqf0Mv++j+UjMptBQ3kYvOh\ntNrbnEI1q/7kvHNB8ETtJ4hqXikl9EHMYWdOo4nyGd4P8jo9jmGVAgMBAAGjRTBD\nMA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTD\nRHJaFeI4PnqJweaJrib0F4qokTANBgkqhkiG9w0BAQsFAAOCAYEAb+K3HO2AlDed\nS2yT7GnxD75Hcjnv1tMvMIlh1EOmRMHrzbsi7jv3Z7SDe2R5s1qRku3nxbVWj8i8\noRBi5GeRE+q/HkVloi4WPmgFGxUUbkWszAFSSGN5TAs72e5sCG/wMyEa0Gj8cOO1\ndK5SH3thP8+OjSpgQXToYfOimILlk7Hj7EgKE5Y8YX8UV+41LhGkzeK2UX9dBZn1\nof9qBc0dAQVlAA/O3dOgXorgiDbNT38cjignWEwVYzjeuJCYB91Ixf0CfHJZKHZR\nZCdIAHTJqW1tx7vsbrcl0PVAMgm+rkHLL0Dh9cp4fvONXWygVSjbqKM1s8UI9bFA\nbWU5Z3MhEn25wZCXLQDIq0uC+FwCxyS9e/exL4wmYpCLmRKVCp2gUa78Rlr/FJNa\nH9kfvP41Ya+fLzDWNKAlYQgizpZJmZuhPZu7O6n0UusaI+0WTKblCFUQJkx4aKEv\nio8QmLzoedmvVpO9Zp44Lyabmc7VnjoYTOcZczx4ECwEdKH/jswc\n-----END CERTIFICATE-----\n"
_, e := checkFullCertChainFromBytes([]byte(certPem+cAPem), []byte(keyPem))
if e == nil {
t.Errorf("cert check should have passed by but returned %v", e)
} else {
t.Logf("normal. key validation failed with %v", e)
}
}
func TestCheckForKeyAndCertificateErrorsFailsWithCorruptCert(t *testing.T) {
certPem := "notacert"
keyPem := "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwJND2stNBiMiU\nYXsQ6tMm7HwTnXhNSgC5DTGjU05Kyym2OYPIaFvwrv4D9OB1T/GU8xwl/bac0NDY\nymqmAcaUNy5e3dKZWtyxN5vLU9rzWDEqnbdrnUHzECgegfBdVJZ2IxaTcf8mO/92\n1gvUvXzSd57Bxa8rboA1TCXNYboFbVBVRdc11Gh2bFDV6DZL+owEBIWPpCMKxZYm\nIR+bPg9Cmw/yrkioJxfzkFSoY73X0mUT95cQCCT1i6HrX/nSff0H+w8LSZTmzq8f\nRI8IG/PWDxKJdryOPeMJfFr/Rmxi0BWo97kGhE+8rarWxspslWvsSmaI50rEo8ei\ndEdqzB4bAgMBAAECggEAc9nDFn7HM3MjeXQj3RyVhCRF9yC63xqtHwjufN1twQOe\ni5uIcWcyETsHFtMYThAmdDDxcotMcBdnRS7cthK06QbiGMMMoJCCVoyciz674xE+\nRSk2WjE0DwmxWV9dGAVqcIjjcFap2hvcCez+Gw4F6ueCIzBB5e7npCZRNqPwFWCY\n/og06ypz/4LHXFNatvRJC3qhWFwFo1bVC1ycZmc5RQ4IHeQHzi6oCJhSRdCbM7Q9\n7fQhmjtcw0pxvJTVV+XP7tTf9iDDwgi/Le2iEqNQ1D6c4+nYAGYj2D3919oUYnyv\ntnznZ2GTibIyP6kl4L79ChRz0JGBzraKH7aJh9H1AQKBgQDS0xd8RNLJ5hkwPitt\nx/4RNlobGGZqqvQiCKkaDvnc1E1eKR3rVlxH17/ccA/qs0vcoFDPbGyRa/OgD7p5\nRo3R+EPDFoFq1KMP4SRoGcDgrNKHQ3o06sUngmtUUP28G+DUQm46xW7cnQrvvNiK\nf9MMfeNH+tAPtssZh0HNKJa9fwKBgQDV40peDqh9b4Ag+mfiHIJGuwTN8LMvKRqr\nN5dVirl2BDYMwF6JflIwIwjBZq7ah3NsT5/Yd+nuY+ux/pO4iU5jMbTtoAOv2dc7\nVKpqNTaQdJhta5OlOdBSP5iXj4siVCMIFL1jz8JtWuXX4hUtbliG6ICZTH2/5ivG\nfaPiOhAlZQKBgQCp941jnojiRSPhhP22UBpA/jS+y3kmXhTcq2bJn3FJ289ULon0\nhXd4ZDRGIAJ1EYADqyv7TkppI0MStBt+UqdbtG/NBIPqAOxFjRmw47JgcHR6oKgR\nqYSxSbAGFhW6Zi9ocPY1Y57xNZrvlKxvXIZl98gY69h6EsDDIAyoviRpOQKBgC0g\nRjlv+EZ2tt6+VhqTjzzjClF03ikuD+1dzjUDDrwCiXDJSWjS2P5E9fzv8CY0+7o3\nVm8yZY2hUUH9hycg+QPeoeCcqQp5+HoRE99SmM+DegFj+AOdHgGsX0Jiy6UTgUyc\nK5UaaVfvHJ0emv85z72u4ir1w3YwVr4LFf+N5ogtAoGAHODQpVC7sg+nlbeSKsPf\nRbULfOG4YD5pHszNM+nCjNWs00ofJoZOFA64qXwTIc4Vrh8JLiwAkXiTGYM2guv5\nQnp+HbFi/tAc+rQu4SGBaVIglnIj7jFNdgJOb68Vw/L9v2jW1Y8VoAC0eCRWpHud\nGsMkN4GFOfQKoBI/aCXn4DM=\n-----END PRIVATE KEY-----\n"
cAPem := "-----BEGIN CERTIFICATE-----\nMIIE0zCCAzugAwIBAgIQB2bsiI7SUtxu+HwBxuNtpDANBgkqhkiG9w0BAQsFADCB\ngTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSswKQYDVQQLDCJzaW1v\nbm1pdHRhZ0B0cm9vcGVyIChTaW1vbiBNaXR0YWcpMTIwMAYDVQQDDClta2NlcnQg\nc2ltb25taXR0YWdAdHJvb3BlciAoU2ltb24gTWl0dGFnKTAeFw0yMDA1MDEyMTE2\nNDNaFw0zMDA1MDEyMTE2NDNaMIGBMR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1l\nbnQgQ0ExKzApBgNVBAsMInNpbW9ubWl0dGFnQHRyb29wZXIgKFNpbW9uIE1pdHRh\nZykxMjAwBgNVBAMMKW1rY2VydCBzaW1vbm1pdHRhZ0B0cm9vcGVyIChTaW1vbiBN\naXR0YWcpMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzivKfp5OiWpT\n362cVgbw9DBqwMP0pO32aP79Y4UYeAxCfaWQDdqQEatBdraShtZcvUX8vZ9jvgHE\noGMGSJb/DIVRxIDfhdvhh4qGQgbbSLwDkfLJTkpGMdONa/5yDC54fNZjF095YZn7\niPmsFbvYUfTwpM8qrP+jZzobByrTO4rG3Ps080gIR08RCA0E+uLg58rTpnsdBKZ0\nK2uuE4B4lVAs2AeS4KPMrH/rnCjSZz4KRwnaGqh+wiAjO0PHAfrbrhNsFB6P1/Zk\nCqzclj3TXdkMDaXhSvt0qJPEpNIPQMkvj9GROom7hExZUT7t7LPOZwODtiR2VjM3\nDDehfLqpNPRrxU3aOR7b4lFVtEL1+9NXKc3rnR5T2xPVVvBxx8FqYAxFmQtkGqpA\nYlRxImBONBreIr5/fdkr5xqd/S0s1pb8ubuK7x5COfqf0Mv++j+UjMptBQ3kYvOh\ntNrbnEI1q/7kvHNB8ETtJ4hqXikl9EHMYWdOo4nyGd4P8jo9jmGVAgMBAAGjRTBD\nMA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTD\nRHJaFeI4PnqJweaJrib0F4qokTANBgkqhkiG9w0BAQsFAAOCAYEAb+K3HO2AlDed\nS2yT7GnxD75Hcjnv1tMvMIlh1EOmRMHrzbsi7jv3Z7SDe2R5s1qRku3nxbVWj8i8\noRBi5GeRE+q/HkVloi4WPmgFGxUUbkWszAFSSGN5TAs72e5sCG/wMyEa0Gj8cOO1\ndK5SH3thP8+OjSpgQXToYfOimILlk7Hj7EgKE5Y8YX8UV+41LhGkzeK2UX9dBZn1\nof9qBc0dAQVlAA/O3dOgXorgiDbNT38cjignWEwVYzjeuJCYB91Ixf0CfHJZKHZR\nZCdIAHTJqW1tx7vsbrcl0PVAMgm+rkHLL0Dh9cp4fvONXWygVSjbqKM1s8UI9bFA\nbWU5Z3MhEn25wZCXLQDIq0uC+FwCxyS9e/exL4wmYpCLmRKVCp2gUa78Rlr/FJNa\nH9kfvP41Ya+fLzDWNKAlYQgizpZJmZuhPZu7O6n0UusaI+0WTKblCFUQJkx4aKEv\nio8QmLzoedmvVpO9Zp44Lyabmc7VnjoYTOcZczx4ECwEdKH/jswc\n-----END CERTIFICATE-----\n"
_, e := checkFullCertChainFromBytes([]byte(certPem+cAPem), []byte(keyPem))
if e == nil {
t.Errorf("cert check should have passed by but returned %v", e)
} else {
t.Logf("normal. cert validation failed with %v", e)
}
}
func TestCheckCertChain(t *testing.T) {
//this implicitly creates a Runner without returning it because it's well...global.
mockTlsConfig()
verified, err := checkFullCertChain(Runner.ReloadableCert.Cert)
if err != nil {
t.Errorf("certificate chain with 1 TLS cert, 1 root cert not validated, cause: %s", err)
}
if verified != nil && len(verified) != 2 {
t.Errorf("cert chain with 1 TLS cert, 1 root cert should be length 2, was %d", len(verified))
}
}
func TestTlsHealthCheck(t *testing.T) {
//this only needs to be covered for no runtime exceptions as it logs to console. no assertions.
mockTlsConfig()
Runner.tlsHealthCheck(false)
}
//this test uses a BAD self-signed root CA but supplies it as part of the chain. should NOT validate.
func TestCertChainC_I_R_Invalid(t *testing.T) {
certPem := "-----BEGIN CERTIFICATE-----\nMIIFkDCCA3igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwdjELMAkGA1UEBhMCQVUx\nDDAKBgNVBAgMA05TVzENMAsGA1UECgwEbXljYTEaMBgGA1UECwwRbXljYSBpbnRl\ncm1lZGlhdGUxLjAsBgNVBAMMJW15IGNlcnRpZmljYXRlIGF1dGhvcml0eSBpbnRl\ncm1lZGlhdGUwIBcNMjAwOTE3MjEzMTQ5WhgPMjEwMjExMDcyMTMxNDlaMF8xCzAJ\nBgNVBAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlN5ZG5leTENMAsGA1UE\nCgwEY2VydDEQMA4GA1UECwwHY2VydCBvdTEQMA4GA1UEAwwHY2VydCBjbjCCASIw\nDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3FFHDc3fWIyxukMDRriEbYtVA4\n1EeiQiwf7RLdDxh+N2VAazUbbxUJ06nKAslX2+6ZmJrMlS+ionX1BvPhPy3snuZI\n1movXcvH6ZV5yUGZyJDocjOTHHqNwPSDOAQX87tLjQbCa8Rw//B488GoPbaZlWYD\nvZQ0Mw5rasiu0B+OI6PL8+Vnc2jXdPlc3tiNoIVXRZ14TNei7bUDA3O1y593ift2\ntQ/TZxlY7fylZWhTV4sUm/9yk/zob+dyzro795Jy8vThlePAN//tZGLWFzG7a8o9\nMx36BPncSZ0v+EfEvP24ZffIDFRtysBewu2+33IVpISlbaHgj6nsuv8GFM0CAwEA\nAaOCATswggE3MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG\n+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD\nVR0OBBYEFEEFnOmrROOjNNQrLRoXPXsJLPkeMIGdBgNVHSMEgZUwgZKAFOlVp+B1\nWShwNQuSAVuQAvCe/teZoXakdDByMQswCQYDVQQGEwJBVTEMMAoGA1UECAwDTlNX\nMQ8wDQYDVQQHDAZTeWRuZXkxDTALBgNVBAoMBG15Y2ExEjAQBgNVBAsMCW15Y2Eg\ncm9vdDEhMB8GA1UEAwwYbXkgY2VydGlmaWNhdGUgYXV0aG9yaXR5ggIQADAOBgNV\nHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQAD\nggIBABmHgp3VwBiQ+viw9exwx8tgTkPhCu36qkDIlSnaPlKTCmlcc+Cs399ra4as\nyVuLPiTGQZ1HsNtmZ3DxaRWbtfdxKty13mZi1+x1UKr/MrGiUTtpYsptJSUYppWa\n7leA1nO/5Kz8i2WCFuk+K3HNVRdjIYmhB3pG3IEXukmaZHSVJ5fCi1ED4l9gzkPv\nTS4olPOU37RPsTgH2ibQUxqhSt0wfu/X6dgqYf3JYtEl4Ddw1XcQeKDI/08D+XP/\nuzNBciMtcAxmTDM+daTBZ8KZnHnPDeuPCj0yLxMi4/HlzuCUXmnO7TAabVyZDvoA\nTpPhkIxj4BuYjCIX9Czd+1fqIu+22tovWg54o+2vuMKyeRpbw3lwTfX3mBuzPaoc\nFu2wFSQEsSQVrpnyD3wMhvF9X2S9YlrzuwQZRJkuYpO83VMHtWIasn6q1al57V0+\nx9TQpCkT6hqv26VxyDhUumAlBkoqEEVXfk/zSa63JHck9LLEIuVt6se6muNj7pLF\nSM+JQe41CQsnxNABs4FqOxp+RhYhOPIKlpgdhBtob89y6OPlR9Sa/4Wchf7FbDPW\nj1ZCzwScOlYDVamud+/wSOsvZhjnkYv8YW13z6GQPqmyMcu0QstIBHkModoZIKOG\nK3FXY7kDCcrj6luxalsD7GbQ7gCpDIdlRe9JPfOBo342mFKR\n-----END CERTIFICATE-----\n"
keyPem := "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA3cUUcNzd9YjLG6QwNGuIRti1UDjUR6JCLB/tEt0PGH43ZUBr\nNRtvFQnTqcoCyVfb7pmYmsyVL6KidfUG8+E/Leye5kjWai9dy8fplXnJQZnIkOhy\nM5Mceo3A9IM4BBfzu0uNBsJrxHD/8Hjzwag9tpmVZgO9lDQzDmtqyK7QH44jo8vz\n5WdzaNd0+Vze2I2ghVdFnXhM16LttQMDc7XLn3eJ+3a1D9NnGVjt/KVlaFNXixSb\n/3KT/Ohv53LOujv3knLy9OGV48A3/+1kYtYXMbtryj0zHfoE+dxJnS/4R8S8/bhl\n98gMVG3KwF7C7b7fchWkhKVtoeCPqey6/wYUzQIDAQABAoIBACPJuhK8kdUdzikX\nxe+vqr5EGn5nrVoiBSu5uzhgFB+PvsDINITNeI+cllvADdMQKp3Gi6nveePGCxGe\nCREyOE/g74OaHX/lRO2txTQqAyBjAMrhuAw6oU3lsk3DHzcJ5ntDJe8BUQLSeXsF\nCdEmpU7iWgmscNuJ0PNywjjAfTWaHXNgXbcragVT/El53/fAnO36aDmd5SP4BiiQ\n984Hig9Z+B9AuqYzKour8o96+IC8eD6EzSVbyvE7WnUZiVV2Opf4mJ8qUEw1NQlg\nGScrcF5RSCJTmB1lt9/mLE1PFS2SZpt2u3iCyKPAqWLa3oAzWMqD9X45+UV2UFlV\nnrfkrsECgYEA/rEE64qKiR5dgjvZVJls6dVu2WYy+EXCSqY2mYFbzHP+rw/xs7oZ\nk39/c0QghZJXDzzxXFUgKa5oeKrkYefPBWFquUfZx/OltbWfjdk8L/z8kfpYJetB\nySELnZiq9mb0JcDPGT5TJVR/udTlCtz89VPeYVt7dOypsAF0uvSrrUcCgYEA3ujC\nvvlughdm7oqhIgaRsIZKQedXLQVb8B1X1HnrbDgnuvBXEKioxIZT6Aw73scl5IFU\n7VBA+tasm9MdwtM18wJ62XCKuN3EgAA0/XpiuageWxSMfwm4Gy2t6FnV5CM+3in/\nmEPDG4NiUqyhk8eDuuuPLWtnXpRN+HQKM5xHp0sCgYEA3dZb/bkXP6WGNxhgDRLx\nzZ6MxakBvkQsng62QfBtf+CMtfjCQxRWkKWd4k01soIreGdRp2Wx9PwnnOrkr+5T\n4FDgv2843rN245XF2qybgwTtDU0rmCOYklJJJsTCLIqyH2wYNtmVXE+ETN2FfnfL\nkPezG8Ot/cLhbh9miCzyl6MCgYEAgYU9oznLvEtcw75JYjvu62McQq7pOH+krCBg\nqFUvNfJrI3QDIurdJVPn7S0unIOawOtlLX80Qov6P5Cr+kg/ULRgLXf3IvO4+acl\nIyO5uaa1/LYz7Jz5HNGt+xQ39BeGsBA3M4IsHBB7UQ591CBZqoK07u85YPtLUtIa\nG2LzP4ECgYBHOPg3ndFMe5EBql/92nSH+RILE6ADUCa+oQUOKa5p/cdWMt6ClT0m\n6cMOJN8lMmtVzwRG/aLPhN2L/vCbtBFDBDIm8PM5gg0340uFv5Mo4p1Sf8iRZG4B\nmzl86a1/OBk4MrtJqoqKrR9yg5/BXlvwuXBJRHaLjGERxhzyhk/WaQ==\n-----END RSA PRIVATE KEY-----\n"
interCAPem := "-----BEGIN CERTIFICATE-----\nMIIFzDCCA7SgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCQVUx\nDDAKBgNVBAgMA05TVzEPMA0GA1UEBwwGU3lkbmV5MQ0wCwYDVQQKDARteWNhMRIw\nEAYDVQQLDAlteWNhIHJvb3QxITAfBgNVBAMMGG15IGNlcnRpZmljYXRlIGF1dGhv\ncml0eTAgFw0yMDA5MTcyMTE3MjdaGA8yMjM5MDkzMDIxMTcyN1owdjELMAkGA1UE\nBhMCQVUxDDAKBgNVBAgMA05TVzENMAsGA1UECgwEbXljYTEaMBgGA1UECwwRbXlj\nYSBpbnRlcm1lZGlhdGUxLjAsBgNVBAMMJW15IGNlcnRpZmljYXRlIGF1dGhvcml0\neSBpbnRlcm1lZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCm\n1qRLG0twxwbxBdt/nDeUr0Ia8LtLDtvPjdVVUDTpCp4gnlkEEzHu8JXPPsIami2C\nt5vo35JW1AI223FD5eef54wZG2rXlJbzwlB+yyE5+/V/6WSKe42rePvZDCD+Ym/Q\nyYeqzObViXGnmIvta2aEYZzLeTJPzppvQws/bM+d5IhRa43JuJOVYmjPdp1cjaOm\ntmW3zQSj/00a3i/97SHoyqaJX+y2bPQIJ+yScdBSn9W+Ke3o7/WnuP0HO/ST1fZM\nyzorGbso6aGnTswFbOdWMDUpauE97SL1M6ztoaI4a0HHD8Z8dPhtAmXWbs/5hmQr\njZqBj5W4oUik9iIjUhC2l1aYUf934Om62JjMn9if/mIIA5UTorddj/wKtIsd0n4X\nq5nhJ+X4yVXi3YjqW8iegenaq6UGuvNsm6m/JRAf+5n3FuspHH4WrCgAaIrYg0ZY\nDDu5ro6zHxTcHF6j01CXlJTDEJlStoZ6N9cIKVT94pUPM+EZBq3DGlhBDKipZWk7\n+sEu7sZoQ51WoV4haMY+4Wd7ea8o4sE50eoW+DN2o9lIPHMyxY5uFD7CluUt/b37\ntCcOYAV86JWBN5htTPYAH3wXsDBU/KFSJPLRPF96cuHL6Dq++Gvlqw0rKDKQ/gKh\nDma8lZ9SjVTskqk3l5wzHyNjy7nYFSIRItGIhVbp0wIDAQABo2YwZDAdBgNVHQ4E\nFgQU6VWn4HVZKHA1C5IBW5AC8J7+15kwHwYDVR0jBBgwFoAUD+ANepMk0O9Poxxx\nMpCnxxVyHNMwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJ\nKoZIhvcNAQELBQADggIBAAQKj6FLBiy23kqHB7iUrl3dSXjJEsPm03zApRhWhr3e\nuxGVYO/YM6RlcJlc7RiKrQAO7XMuOfGbV/TedKPYz+SAeoHCdAVmT21o9HqgwRJ2\nkbJulqIF7oRmmqFOUDIUNg+ZC68QvR9cfuhzcLsEdmfEhXvI5j6CvrhOUN3UHw8A\nO7b4kiymBVT88uXUC0i3bGeEI3h6Fz/RZLbShcvTz2BwcuqoWdInyKi+8mKNfc1O\n+HGBMjnPahNAiovaEuUGErloETdjhmSOkbPBG8h9KpkndCwclEhsBN1+skKiDzKa\nMk53cXXKjqPvPEG9dfQQu0NEnOeY3ZtyVpMqnbo+G0MtyzkozvAB5WjWlpaWZYV2\nnw/wnyCi57ruYI7UjUp+NvFDiIRlOysLC7K6xia+8m7mP8MaFJibQh0tA2UDmdXs\nwy/Z87c6KUCyDB8Hl//rLWbWg6JpHTcH+81yDkVeq2TvJkB6P8jThv51Pz1z4b6U\ndHWAMK5kLmHv+P6sw0JkE5fwszoFOaqSxABq02Pkt5+Hv2EvwxpJZvySkdp7s+Xn\nGUwXhduMscVL/Yd62ES5dYSQ+vbmZIEK3PIttcIyleif6DLFZijJnywf5etYxvrK\nY9wgX6D9PwShl32sf3nzHXh3npLdbio3XwJQUcO6c/lm49rKD7L9L5RM6FNShl8R\n-----END CERTIFICATE-----\n"
rootCAPem := "-----BEGIN CERTIFICATE-----\nMIIFzDCXXXXXXX______XXXXXXX_______CA7SgAwIBAgIJAKdYQFPloO6RMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNV\nBAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlN5ZG5leTENMAsGA1UECgwE\nbXljYTESMBAGA1UECwwJbXljYSByb290MSEwHwYDVQQDDBhteSBjZXJ0aWZpY2F0\nZSBhdXRob3JpdHkwIBcNMjAwOTE3MjA1MTM1WhgPMjI5NDA3MDMyMDUxMzVaMHIx\nCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlN5ZG5leTENMAsG\nA1UECgwEbXljYTESMBAGA1UECwwJbXljYSByb290MSEwHwYDVQQDDBhteSBjZXJ0\naWZpY2F0ZSBhdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\nAQDgvRdI24Rv9XBnirlB1LwS32MYyVM2mksTF52E0qrg1OKcMs1D2737BrgaUD6C\nB1I2lMAKR25Q3+x9fSutyww8KZ7yQkFcX2lhwsyYll0j1rvkjek0M1K4787ZFrXS\ncRihE6BSvP5886O+v7a30HxtKbI9oFHdbzgpLpTzvVAn53tokRgAJNtQZWpyJ5Qq\nIG7c96dG9zsXE5+tYT0E0p3ec1z/Ucdx6SKOFjCR8bVLX+Y97mxypOMaPEhGJ4D3\nBlxlCvwDo5sF46e/ntie3Fqghk3jRZTUXedB0IjN8iJCKODPMO1j1cESqVg21xGZ\nyZxIn/ra1iqx9VDCP8egfUOmmMF8flGV08qOGDLGEc/dpVe/yHvG3lmld3MBsW+3\nu6O2l7GIKdLHKibe3uGHhmuPbHq2vlc6IIlRtpsZtK3IXt+bpvlKdI3rxbl4MbT7\n8Z09IUpTsT5jDPEVRnX0zV78Gs4TyKqJKxJJaINx9n0AuXJ8b3jmth/Bb6OkoPgv\nsbFS2QER2Yp8whE1W2PMwtJ06u20YX0RSwuKD+CsnTVmtQwWLBXescCNRH372HwS\nLHO8dvyFWfekLaB2LfciJWYBd8thO5Y4O65FnKLGDvEUh6Ew2OOnhOpy4flWAng6\n39r5uuDQqmWrPFjDNR5HvQjQu1Bv0j81cFY4qZqSIskR9wIDAQABo2MwYTAdBgNV\nHQ4EFgQUD+ANepMk0O9PoxxxMpCnxxVyHNMwHwYDVR0jBBgwFoAUD+ANepMk0O9P\noxxxMpCnxxVyHNMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJ\nKoZIhvcNAQELBQADggIBAFdMzocjv6RojMXft1TnwYKb8H0ce6qcsBHZmd/M7IXf\nhyedRkcm7RuN7ayNjFA+44pwAr4jMMNklBQDpGD5yYt1jsltiYoYX5bwZdn2I/rr\nwNQ/FfNSp8rJWqtBhaEt0VI+snHuy0Gdx1eQGf4bJNzvsDLjjJuQ32VUjaCOzsd1\n7d8jR/yjR3Sq20oFEu3HqFSC9OCH2QORTqf6i2IkaUeJbkVTa8+uVceDDbRs3CwY\nVgk/4WcOzcrz0F2BJPpFQ4knrSuHgUbElPHPVuZcn3XZ0n1KBXZdNVCIyLVRowdr\nI+gNEgWE3670Osx55QWg7depP7hU30nQlC1cm2ej2MxM48ddbAL4Zqs8/W1gm+Xb\nDkTsfh81QZQaw6qFVGHJNRIyfMT68ekFB8AgqntulIFR2RJTr/3QJBMhGHKQkmcT\nsa0z0ZrmS/ieurRUjaCsud10Y5VbY5Y8ll5kPsuRWuyijftjcPFqHBzLSSdLacO9\nlVIGkTA3ARCGgym3v5+ZZJ4DeLOJRz9c9OCIASlCkNFFEm1aJ8oagynh2tYqe5TK\nCva1MX8QW5OjHbrm1xvQ8uZOSj55yuBQWKH47GF4QxiojzKikLv4Cpv2Tk5SR9qv\nq3C4t8B26KurNb4z99eo5XhW5XXvQdKZTQC9BqZDN7xhQlwm5lbRSuhZMBJJaQOS\n-----END CERTIFICATE-----\n"
c, e := mockTlsConfigWith(certPem, keyPem, interCAPem, rootCAPem)
if c != nil || e == nil {
t.Errorf("certificate chain with 1 TLS cert, 1 intermediate, bad root cert validated, this shouldn't happen.")
}
}
//valid cert with DNS alt names, self signed root CA supplied, should validate.
//this is the way to configure j8a with a self-signed cert.
func TestCertChainC_I_R_DNSValid(t *testing.T) {
certPem := "-----BEGIN CERTIFICATE-----\nMIIFtDCCA5ygAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwdjELMAkGA1UEBhMCQVUx\nDDAKBgNVBAgMA05TVzENMAsGA1UECgwEbXljYTEaMBgGA1UECwwRbXljYSBpbnRl\ncm1lZGlhdGUxLjAsBgNVBAMMJW15IGNlcnRpZmljYXRlIGF1dGhvcml0eSBpbnRl\ncm1lZGlhdGUwIBcNMjAwOTE5MDQxNjAwWhgPMjEwMjExMDkwNDE2MDBaMGIxCzAJ\nBgNVBAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlN5ZG5leTEOMAwGA1UE\nCgwFY2VydDIxETAPBgNVBAsMCGNlcnQyIG91MREwDwYDVQQDDAhjZXJ0MiBjbjCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3FFHDc3fWIyxukMDRriEbY\ntVA41EeiQiwf7RLdDxh+N2VAazUbbxUJ06nKAslX2+6ZmJrMlS+ionX1BvPhPy3s\nnuZI1movXcvH6ZV5yUGZyJDocjOTHHqNwPSDOAQX87tLjQbCa8Rw//B488GoPbaZ\nlWYDvZQ0Mw5rasiu0B+OI6PL8+Vnc2jXdPlc3tiNoIVXRZ14TNei7bUDA3O1y593\nift2tQ/TZxlY7fylZWhTV4sUm/9yk/zob+dyzro795Jy8vThlePAN//tZGLWFzG7\na8o9Mx36BPncSZ0v+EfEvP24ZffIDFRtysBewu2+33IVpISlbaHgj6nsuv8GFM0C\nAwEAAaOCAVwwggFYMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG\nSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw\nHQYDVR0OBBYEFEEFnOmrROOjNNQrLRoXPXsJLPkeMIGdBgNVHSMEgZUwgZKAFOlV\np+B1WShwNQuSAVuQAvCe/teZoXakdDByMQswCQYDVQQGEwJBVTEMMAoGA1UECAwD\nTlNXMQ8wDQYDVQQHDAZTeWRuZXkxDTALBgNVBAoMBG15Y2ExEjAQBgNVBAsMCW15\nY2Egcm9vdDEhMB8GA1UEAwwYbXkgY2VydGlmaWNhdGUgYXV0aG9yaXR5ggIQADAO\nBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYDVR0RBBgwFoII\nY2VydC5jb22CCiouY2VydC5jb20wDQYJKoZIhvcNAQELBQADggIBADSL8AegMDhJ\nUgRfP6CQeAcLgbHAb9cS7vo0ju9E38pSVDBKA1VachXgwf6630XJ4/YrHzCNgbGO\neX3GcwwcD8oWopnPX4bnGdwZaQ52qd4yUNgErNFpsZU02+ohgJew1Wx+caGNQ5F3\nMqsIy8X86a5FOFCGa0CUx4Iv4JieD6kKFWzJwvXwbWS6tFUxUOlpxYZRpZj4ZPb/\nyz65PBHeH9K+A0q+upwvVdK3Gp0qbcl7ZEE3rVR1GB5VSGnyG4YG0Y59Ys0JlsgR\n2jY0zdC2DTAGQdPL6u1HsNgCDz2nzUDaYGOMb1NVRTsRZ/25irkAsOJFHP/CkuSy\nW/xogRCbX5WhHwxIzucpj+tnB7Hi9TBJLcsl7MNHuhUz5vtkl3d3dUEipIESwKmC\nn/avv2+6/8tm3UV2ji2N10246nPHZX8IddAAMwdfNriwPsz5XfXaF7czgaWYvBsu\nxkd5b2mbGH3BVJiEwRDeQRo8WGBfs0vqAF3abqjIrTiJikZpcI7GbqzhYzLcJnlX\nbOc2Xo8PXj9mE7dQ0Tfkd2wAovQ2xnuKBQgu14adFJjLFhSk5xRuu3274Kn3CmrK\nlo4FaSoSIw1vHs3J9VH6z/VRpu6dwC1U3XMSSlNSLcVO7UI/FJdacypAz6NDgpfP\nlv2z+ne8UwT6KGgPPTvCs0T5kbIXjOPY\n-----END CERTIFICATE-----\n"
keyPem := "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA3cUUcNzd9YjLG6QwNGuIRti1UDjUR6JCLB/tEt0PGH43ZUBr\nNRtvFQnTqcoCyVfb7pmYmsyVL6KidfUG8+E/Leye5kjWai9dy8fplXnJQZnIkOhy\nM5Mceo3A9IM4BBfzu0uNBsJrxHD/8Hjzwag9tpmVZgO9lDQzDmtqyK7QH44jo8vz\n5WdzaNd0+Vze2I2ghVdFnXhM16LttQMDc7XLn3eJ+3a1D9NnGVjt/KVlaFNXixSb\n/3KT/Ohv53LOujv3knLy9OGV48A3/+1kYtYXMbtryj0zHfoE+dxJnS/4R8S8/bhl\n98gMVG3KwF7C7b7fchWkhKVtoeCPqey6/wYUzQIDAQABAoIBACPJuhK8kdUdzikX\nxe+vqr5EGn5nrVoiBSu5uzhgFB+PvsDINITNeI+cllvADdMQKp3Gi6nveePGCxGe\nCREyOE/g74OaHX/lRO2txTQqAyBjAMrhuAw6oU3lsk3DHzcJ5ntDJe8BUQLSeXsF\nCdEmpU7iWgmscNuJ0PNywjjAfTWaHXNgXbcragVT/El53/fAnO36aDmd5SP4BiiQ\n984Hig9Z+B9AuqYzKour8o96+IC8eD6EzSVbyvE7WnUZiVV2Opf4mJ8qUEw1NQlg\nGScrcF5RSCJTmB1lt9/mLE1PFS2SZpt2u3iCyKPAqWLa3oAzWMqD9X45+UV2UFlV\nnrfkrsECgYEA/rEE64qKiR5dgjvZVJls6dVu2WYy+EXCSqY2mYFbzHP+rw/xs7oZ\nk39/c0QghZJXDzzxXFUgKa5oeKrkYefPBWFquUfZx/OltbWfjdk8L/z8kfpYJetB\nySELnZiq9mb0JcDPGT5TJVR/udTlCtz89VPeYVt7dOypsAF0uvSrrUcCgYEA3ujC\nvvlughdm7oqhIgaRsIZKQedXLQVb8B1X1HnrbDgnuvBXEKioxIZT6Aw73scl5IFU\n7VBA+tasm9MdwtM18wJ62XCKuN3EgAA0/XpiuageWxSMfwm4Gy2t6FnV5CM+3in/\nmEPDG4NiUqyhk8eDuuuPLWtnXpRN+HQKM5xHp0sCgYEA3dZb/bkXP6WGNxhgDRLx\nzZ6MxakBvkQsng62QfBtf+CMtfjCQxRWkKWd4k01soIreGdRp2Wx9PwnnOrkr+5T\n4FDgv2843rN245XF2qybgwTtDU0rmCOYklJJJsTCLIqyH2wYNtmVXE+ETN2FfnfL\nkPezG8Ot/cLhbh9miCzyl6MCgYEAgYU9oznLvEtcw75JYjvu62McQq7pOH+krCBg\nqFUvNfJrI3QDIurdJVPn7S0unIOawOtlLX80Qov6P5Cr+kg/ULRgLXf3IvO4+acl\nIyO5uaa1/LYz7Jz5HNGt+xQ39BeGsBA3M4IsHBB7UQ591CBZqoK07u85YPtLUtIa\nG2LzP4ECgYBHOPg3ndFMe5EBql/92nSH+RILE6ADUCa+oQUOKa5p/cdWMt6ClT0m\n6cMOJN8lMmtVzwRG/aLPhN2L/vCbtBFDBDIm8PM5gg0340uFv5Mo4p1Sf8iRZG4B\nmzl86a1/OBk4MrtJqoqKrR9yg5/BXlvwuXBJRHaLjGERxhzyhk/WaQ==\n-----END RSA PRIVATE KEY-----\n"
interCAPem := "-----BEGIN CERTIFICATE-----\nMIIFzDCCA7SgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCQVUx\nDDAKBgNVBAgMA05TVzEPMA0GA1UEBwwGU3lkbmV5MQ0wCwYDVQQKDARteWNhMRIw\nEAYDVQQLDAlteWNhIHJvb3QxITAfBgNVBAMMGG15IGNlcnRpZmljYXRlIGF1dGhv\ncml0eTAgFw0yMDA5MTcyMTE3MjdaGA8yMjM5MDkzMDIxMTcyN1owdjELMAkGA1UE\nBhMCQVUxDDAKBgNVBAgMA05TVzENMAsGA1UECgwEbXljYTEaMBgGA1UECwwRbXlj\nYSBpbnRlcm1lZGlhdGUxLjAsBgNVBAMMJW15IGNlcnRpZmljYXRlIGF1dGhvcml0\neSBpbnRlcm1lZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCm\n1qRLG0twxwbxBdt/nDeUr0Ia8LtLDtvPjdVVUDTpCp4gnlkEEzHu8JXPPsIami2C\nt5vo35JW1AI223FD5eef54wZG2rXlJbzwlB+yyE5+/V/6WSKe42rePvZDCD+Ym/Q\nyYeqzObViXGnmIvta2aEYZzLeTJPzppvQws/bM+d5IhRa43JuJOVYmjPdp1cjaOm\ntmW3zQSj/00a3i/97SHoyqaJX+y2bPQIJ+yScdBSn9W+Ke3o7/WnuP0HO/ST1fZM\nyzorGbso6aGnTswFbOdWMDUpauE97SL1M6ztoaI4a0HHD8Z8dPhtAmXWbs/5hmQr\njZqBj5W4oUik9iIjUhC2l1aYUf934Om62JjMn9if/mIIA5UTorddj/wKtIsd0n4X\nq5nhJ+X4yVXi3YjqW8iegenaq6UGuvNsm6m/JRAf+5n3FuspHH4WrCgAaIrYg0ZY\nDDu5ro6zHxTcHF6j01CXlJTDEJlStoZ6N9cIKVT94pUPM+EZBq3DGlhBDKipZWk7\n+sEu7sZoQ51WoV4haMY+4Wd7ea8o4sE50eoW+DN2o9lIPHMyxY5uFD7CluUt/b37\ntCcOYAV86JWBN5htTPYAH3wXsDBU/KFSJPLRPF96cuHL6Dq++Gvlqw0rKDKQ/gKh\nDma8lZ9SjVTskqk3l5wzHyNjy7nYFSIRItGIhVbp0wIDAQABo2YwZDAdBgNVHQ4E\nFgQU6VWn4HVZKHA1C5IBW5AC8J7+15kwHwYDVR0jBBgwFoAUD+ANepMk0O9Poxxx\nMpCnxxVyHNMwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJ\nKoZIhvcNAQELBQADggIBAAQKj6FLBiy23kqHB7iUrl3dSXjJEsPm03zApRhWhr3e\nuxGVYO/YM6RlcJlc7RiKrQAO7XMuOfGbV/TedKPYz+SAeoHCdAVmT21o9HqgwRJ2\nkbJulqIF7oRmmqFOUDIUNg+ZC68QvR9cfuhzcLsEdmfEhXvI5j6CvrhOUN3UHw8A\nO7b4kiymBVT88uXUC0i3bGeEI3h6Fz/RZLbShcvTz2BwcuqoWdInyKi+8mKNfc1O\n+HGBMjnPahNAiovaEuUGErloETdjhmSOkbPBG8h9KpkndCwclEhsBN1+skKiDzKa\nMk53cXXKjqPvPEG9dfQQu0NEnOeY3ZtyVpMqnbo+G0MtyzkozvAB5WjWlpaWZYV2\nnw/wnyCi57ruYI7UjUp+NvFDiIRlOysLC7K6xia+8m7mP8MaFJibQh0tA2UDmdXs\nwy/Z87c6KUCyDB8Hl//rLWbWg6JpHTcH+81yDkVeq2TvJkB6P8jThv51Pz1z4b6U\ndHWAMK5kLmHv+P6sw0JkE5fwszoFOaqSxABq02Pkt5+Hv2EvwxpJZvySkdp7s+Xn\nGUwXhduMscVL/Yd62ES5dYSQ+vbmZIEK3PIttcIyleif6DLFZijJnywf5etYxvrK\nY9wgX6D9PwShl32sf3nzHXh3npLdbio3XwJQUcO6c/lm49rKD7L9L5RM6FNShl8R\n-----END CERTIFICATE-----\n"
rootCAPem := "-----BEGIN CERTIFICATE-----\nMIIFzDCCA7SgAwIBAgIJAKdYQFPloO6RMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNV\nBAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlN5ZG5leTENMAsGA1UECgwE\nbXljYTESMBAGA1UECwwJbXljYSByb290MSEwHwYDVQQDDBhteSBjZXJ0aWZpY2F0\nZSBhdXRob3JpdHkwIBcNMjAwOTE3MjA1MTM1WhgPMjI5NDA3MDMyMDUxMzVaMHIx\nCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlN5ZG5leTENMAsG\nA1UECgwEbXljYTESMBAGA1UECwwJbXljYSByb290MSEwHwYDVQQDDBhteSBjZXJ0\naWZpY2F0ZSBhdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\nAQDgvRdI24Rv9XBnirlB1LwS32MYyVM2mksTF52E0qrg1OKcMs1D2737BrgaUD6C\nB1I2lMAKR25Q3+x9fSutyww8KZ7yQkFcX2lhwsyYll0j1rvkjek0M1K4787ZFrXS\ncRihE6BSvP5886O+v7a30HxtKbI9oFHdbzgpLpTzvVAn53tokRgAJNtQZWpyJ5Qq\nIG7c96dG9zsXE5+tYT0E0p3ec1z/Ucdx6SKOFjCR8bVLX+Y97mxypOMaPEhGJ4D3\nBlxlCvwDo5sF46e/ntie3Fqghk3jRZTUXedB0IjN8iJCKODPMO1j1cESqVg21xGZ\nyZxIn/ra1iqx9VDCP8egfUOmmMF8flGV08qOGDLGEc/dpVe/yHvG3lmld3MBsW+3\nu6O2l7GIKdLHKibe3uGHhmuPbHq2vlc6IIlRtpsZtK3IXt+bpvlKdI3rxbl4MbT7\n8Z09IUpTsT5jDPEVRnX0zV78Gs4TyKqJKxJJaINx9n0AuXJ8b3jmth/Bb6OkoPgv\nsbFS2QER2Yp8whE1W2PMwtJ06u20YX0RSwuKD+CsnTVmtQwWLBXescCNRH372HwS\nLHO8dvyFWfekLaB2LfciJWYBd8thO5Y4O65FnKLGDvEUh6Ew2OOnhOpy4flWAng6\n39r5uuDQqmWrPFjDNR5HvQjQu1Bv0j81cFY4qZqSIskR9wIDAQABo2MwYTAdBgNV\nHQ4EFgQUD+ANepMk0O9PoxxxMpCnxxVyHNMwHwYDVR0jBBgwFoAUD+ANepMk0O9P\noxxxMpCnxxVyHNMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJ\nKoZIhvcNAQELBQADggIBAFdMzocjv6RojMXft1TnwYKb8H0ce6qcsBHZmd/M7IXf\nhyedRkcm7RuN7ayNjFA+44pwAr4jMMNklBQDpGD5yYt1jsltiYoYX5bwZdn2I/rr\nwNQ/FfNSp8rJWqtBhaEt0VI+snHuy0Gdx1eQGf4bJNzvsDLjjJuQ32VUjaCOzsd1\n7d8jR/yjR3Sq20oFEu3HqFSC9OCH2QORTqf6i2IkaUeJbkVTa8+uVceDDbRs3CwY\nVgk/4WcOzcrz0F2BJPpFQ4knrSuHgUbElPHPVuZcn3XZ0n1KBXZdNVCIyLVRowdr\nI+gNEgWE3670Osx55QWg7depP7hU30nQlC1cm2ej2MxM48ddbAL4Zqs8/W1gm+Xb\nDkTsfh81QZQaw6qFVGHJNRIyfMT68ekFB8AgqntulIFR2RJTr/3QJBMhGHKQkmcT\nsa0z0ZrmS/ieurRUjaCsud10Y5VbY5Y8ll5kPsuRWuyijftjcPFqHBzLSSdLacO9\nlVIGkTA3ARCGgym3v5+ZZJ4DeLOJRz9c9OCIASlCkNFFEm1aJ8oagynh2tYqe5TK\nCva1MX8QW5OjHbrm1xvQ8uZOSj55yuBQWKH47GF4QxiojzKikLv4Cpv2Tk5SR9qv\nq3C4t8B26KurNb4z99eo5XhW5XXvQdKZTQC9BqZDN7xhQlwm5lbRSuhZMBJJaQOS\n-----END CERTIFICATE-----\n"
//test the global Runner
verified, err := checkFullCertChainFromBytes([]byte(certPem+interCAPem+rootCAPem), []byte(keyPem))
logCertStats(verified)
if verified[0].cert.DNSNames[0] != "cert.com" {
t.Errorf("certificate should have DNS name of cert.com")
}
if verified[0].cert.DNSNames[1] != "*.cert.com" {
t.Errorf("certificate should have DNS name of *.cert.com")
}
if err != nil {
t.Errorf("certificate chain should validate with 1 cert w/ DNS, 1 intermediate and 1 root, but did not, cause: %v", err)
}
if verified == nil || len(verified) != 3 {
t.Logf("normal. certificate chain with 1 TLS cert, 1 intermediate, 1 root cert should be length 3, but was: %d", len(verified))
}
}
func TestFormalSerial(t *testing.T) {
m := big.NewInt(1)
for i := 0; i < 100; i++ {
m = m.Lsh(m, uint(i))
q := formatSerial(m)
l := len(q) - 1
if q[l:] == ":" {
t.Errorf("error. should not end with -")
} else {
t.Logf("normal. serial %s", q)
}
}
m1 := big.NewInt(0)
t.Logf("normal. serial %s", formatSerial(m1))
m2 := big.NewInt(2347239999924234320)
t.Logf("normal. serial %s", formatSerial(m2))
w2 := "20:93:12:57:FE:12:68:50"
if w2 != formatSerial(m2) {
t.Errorf("error. not formatted correctly, wanted %s, got %s", w2, formatSerial(m2))
}
m3 := big.NewInt(-1)
t.Logf("normal. serial %s", formatSerial(m3))
m4 := big.NewInt(-2347239999924234320)
t.Logf("normal. serial %s", formatSerial(m4))
m5 := big.NewInt(255)
w5 := "FF"
if w5 != formatSerial(m5) {
t.Errorf("error. not formatted correctly, wanted %s, got %s", w5, formatSerial(m5))
} else {
t.Logf("normal. serial %s", formatSerial(m5))
}
m6 := big.NewInt(256)
w6 := "01:00"
if w6 != formatSerial(m6) {
t.Errorf("not formatted correctly, wanted %s, got %s", w6, formatSerial(m6))
} else {
t.Logf("normal. serial %s", formatSerial(m6))
}
}
//this test provides a cert without DNS names which is invalid.
func TestCertChainC_I_R_NoDNSInvalid(t *testing.T) {
certPem := "-----BEGIN CERTIFICATE-----\nMIIFkDCCA3igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwdjELMAkGA1UEBhMCQVUx\nDDAKBgNVBAgMA05TVzENMAsGA1UECgwEbXljYTEaMBgGA1UECwwRbXljYSBpbnRl\ncm1lZGlhdGUxLjAsBgNVBAMMJW15IGNlcnRpZmljYXRlIGF1dGhvcml0eSBpbnRl\ncm1lZGlhdGUwIBcNMjAwOTE3MjEzMTQ5WhgPMjEwMjExMDcyMTMxNDlaMF8xCzAJ\nBgNVBAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlN5ZG5leTENMAsGA1UE\nCgwEY2VydDEQMA4GA1UECwwHY2VydCBvdTEQMA4GA1UEAwwHY2VydCBjbjCCASIw\nDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3FFHDc3fWIyxukMDRriEbYtVA4\n1EeiQiwf7RLdDxh+N2VAazUbbxUJ06nKAslX2+6ZmJrMlS+ionX1BvPhPy3snuZI\n1movXcvH6ZV5yUGZyJDocjOTHHqNwPSDOAQX87tLjQbCa8Rw//B488GoPbaZlWYD\nvZQ0Mw5rasiu0B+OI6PL8+Vnc2jXdPlc3tiNoIVXRZ14TNei7bUDA3O1y593ift2\ntQ/TZxlY7fylZWhTV4sUm/9yk/zob+dyzro795Jy8vThlePAN//tZGLWFzG7a8o9\nMx36BPncSZ0v+EfEvP24ZffIDFRtysBewu2+33IVpISlbaHgj6nsuv8GFM0CAwEA\nAaOCATswggE3MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG\n+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD\nVR0OBBYEFEEFnOmrROOjNNQrLRoXPXsJLPkeMIGdBgNVHSMEgZUwgZKAFOlVp+B1\nWShwNQuSAVuQAvCe/teZoXakdDByMQswCQYDVQQGEwJBVTEMMAoGA1UECAwDTlNX\nMQ8wDQYDVQQHDAZTeWRuZXkxDTALBgNVBAoMBG15Y2ExEjAQBgNVBAsMCW15Y2Eg\ncm9vdDEhMB8GA1UEAwwYbXkgY2VydGlmaWNhdGUgYXV0aG9yaXR5ggIQADAOBgNV\nHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQAD\nggIBABmHgp3VwBiQ+viw9exwx8tgTkPhCu36qkDIlSnaPlKTCmlcc+Cs399ra4as\nyVuLPiTGQZ1HsNtmZ3DxaRWbtfdxKty13mZi1+x1UKr/MrGiUTtpYsptJSUYppWa\n7leA1nO/5Kz8i2WCFuk+K3HNVRdjIYmhB3pG3IEXukmaZHSVJ5fCi1ED4l9gzkPv\nTS4olPOU37RPsTgH2ibQUxqhSt0wfu/X6dgqYf3JYtEl4Ddw1XcQeKDI/08D+XP/\nuzNBciMtcAxmTDM+daTBZ8KZnHnPDeuPCj0yLxMi4/HlzuCUXmnO7TAabVyZDvoA\nTpPhkIxj4BuYjCIX9Czd+1fqIu+22tovWg54o+2vuMKyeRpbw3lwTfX3mBuzPaoc\nFu2wFSQEsSQVrpnyD3wMhvF9X2S9YlrzuwQZRJkuYpO83VMHtWIasn6q1al57V0+\nx9TQpCkT6hqv26VxyDhUumAlBkoqEEVXfk/zSa63JHck9LLEIuVt6se6muNj7pLF\nSM+JQe41CQsnxNABs4FqOxp+RhYhOPIKlpgdhBtob89y6OPlR9Sa/4Wchf7FbDPW\nj1ZCzwScOlYDVamud+/wSOsvZhjnkYv8YW13z6GQPqmyMcu0QstIBHkModoZIKOG\nK3FXY7kDCcrj6luxalsD7GbQ7gCpDIdlRe9JPfOBo342mFKR\n-----END CERTIFICATE-----\n"
keyPem := "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA3cUUcNzd9YjLG6QwNGuIRti1UDjUR6JCLB/tEt0PGH43ZUBr\nNRtvFQnTqcoCyVfb7pmYmsyVL6KidfUG8+E/Leye5kjWai9dy8fplXnJQZnIkOhy\nM5Mceo3A9IM4BBfzu0uNBsJrxHD/8Hjzwag9tpmVZgO9lDQzDmtqyK7QH44jo8vz\n5WdzaNd0+Vze2I2ghVdFnXhM16LttQMDc7XLn3eJ+3a1D9NnGVjt/KVlaFNXixSb\n/3KT/Ohv53LOujv3knLy9OGV48A3/+1kYtYXMbtryj0zHfoE+dxJnS/4R8S8/bhl\n98gMVG3KwF7C7b7fchWkhKVtoeCPqey6/wYUzQIDAQABAoIBACPJuhK8kdUdzikX\nxe+vqr5EGn5nrVoiBSu5uzhgFB+PvsDINITNeI+cllvADdMQKp3Gi6nveePGCxGe\nCREyOE/g74OaHX/lRO2txTQqAyBjAMrhuAw6oU3lsk3DHzcJ5ntDJe8BUQLSeXsF\nCdEmpU7iWgmscNuJ0PNywjjAfTWaHXNgXbcragVT/El53/fAnO36aDmd5SP4BiiQ\n984Hig9Z+B9AuqYzKour8o96+IC8eD6EzSVbyvE7WnUZiVV2Opf4mJ8qUEw1NQlg\nGScrcF5RSCJTmB1lt9/mLE1PFS2SZpt2u3iCyKPAqWLa3oAzWMqD9X45+UV2UFlV\nnrfkrsECgYEA/rEE64qKiR5dgjvZVJls6dVu2WYy+EXCSqY2mYFbzHP+rw/xs7oZ\nk39/c0QghZJXDzzxXFUgKa5oeKrkYefPBWFquUfZx/OltbWfjdk8L/z8kfpYJetB\nySELnZiq9mb0JcDPGT5TJVR/udTlCtz89VPeYVt7dOypsAF0uvSrrUcCgYEA3ujC\nvvlughdm7oqhIgaRsIZKQedXLQVb8B1X1HnrbDgnuvBXEKioxIZT6Aw73scl5IFU\n7VBA+tasm9MdwtM18wJ62XCKuN3EgAA0/XpiuageWxSMfwm4Gy2t6FnV5CM+3in/\nmEPDG4NiUqyhk8eDuuuPLWtnXpRN+HQKM5xHp0sCgYEA3dZb/bkXP6WGNxhgDRLx\nzZ6MxakBvkQsng62QfBtf+CMtfjCQxRWkKWd4k01soIreGdRp2Wx9PwnnOrkr+5T\n4FDgv2843rN245XF2qybgwTtDU0rmCOYklJJJsTCLIqyH2wYNtmVXE+ETN2FfnfL\nkPezG8Ot/cLhbh9miCzyl6MCgYEAgYU9oznLvEtcw75JYjvu62McQq7pOH+krCBg\nqFUvNfJrI3QDIurdJVPn7S0unIOawOtlLX80Qov6P5Cr+kg/ULRgLXf3IvO4+acl\nIyO5uaa1/LYz7Jz5HNGt+xQ39BeGsBA3M4IsHBB7UQ591CBZqoK07u85YPtLUtIa\nG2LzP4ECgYBHOPg3ndFMe5EBql/92nSH+RILE6ADUCa+oQUOKa5p/cdWMt6ClT0m\n6cMOJN8lMmtVzwRG/aLPhN2L/vCbtBFDBDIm8PM5gg0340uFv5Mo4p1Sf8iRZG4B\nmzl86a1/OBk4MrtJqoqKrR9yg5/BXlvwuXBJRHaLjGERxhzyhk/WaQ==\n-----END RSA PRIVATE KEY-----\n"
interCAPem := "-----BEGIN CERTIFICATE-----\nMIIFzDCCA7SgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCQVUx\nDDAKBgNVBAgMA05TVzEPMA0GA1UEBwwGU3lkbmV5MQ0wCwYDVQQKDARteWNhMRIw\nEAYDVQQLDAlteWNhIHJvb3QxITAfBgNVBAMMGG15IGNlcnRpZmljYXRlIGF1dGhv\ncml0eTAgFw0yMDA5MTcyMTE3MjdaGA8yMjM5MDkzMDIxMTcyN1owdjELMAkGA1UE\nBhMCQVUxDDAKBgNVBAgMA05TVzENMAsGA1UECgwEbXljYTEaMBgGA1UECwwRbXlj\nYSBpbnRlcm1lZGlhdGUxLjAsBgNVBAMMJW15IGNlcnRpZmljYXRlIGF1dGhvcml0\neSBpbnRlcm1lZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCm\n1qRLG0twxwbxBdt/nDeUr0Ia8LtLDtvPjdVVUDTpCp4gnlkEEzHu8JXPPsIami2C\nt5vo35JW1AI223FD5eef54wZG2rXlJbzwlB+yyE5+/V/6WSKe42rePvZDCD+Ym/Q\nyYeqzObViXGnmIvta2aEYZzLeTJPzppvQws/bM+d5IhRa43JuJOVYmjPdp1cjaOm\ntmW3zQSj/00a3i/97SHoyqaJX+y2bPQIJ+yScdBSn9W+Ke3o7/WnuP0HO/ST1fZM\nyzorGbso6aGnTswFbOdWMDUpauE97SL1M6ztoaI4a0HHD8Z8dPhtAmXWbs/5hmQr\njZqBj5W4oUik9iIjUhC2l1aYUf934Om62JjMn9if/mIIA5UTorddj/wKtIsd0n4X\nq5nhJ+X4yVXi3YjqW8iegenaq6UGuvNsm6m/JRAf+5n3FuspHH4WrCgAaIrYg0ZY\nDDu5ro6zHxTcHF6j01CXlJTDEJlStoZ6N9cIKVT94pUPM+EZBq3DGlhBDKipZWk7\n+sEu7sZoQ51WoV4haMY+4Wd7ea8o4sE50eoW+DN2o9lIPHMyxY5uFD7CluUt/b37\ntCcOYAV86JWBN5htTPYAH3wXsDBU/KFSJPLRPF96cuHL6Dq++Gvlqw0rKDKQ/gKh\nDma8lZ9SjVTskqk3l5wzHyNjy7nYFSIRItGIhVbp0wIDAQABo2YwZDAdBgNVHQ4E\nFgQU6VWn4HVZKHA1C5IBW5AC8J7+15kwHwYDVR0jBBgwFoAUD+ANepMk0O9Poxxx\nMpCnxxVyHNMwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJ\nKoZIhvcNAQELBQADggIBAAQKj6FLBiy23kqHB7iUrl3dSXjJEsPm03zApRhWhr3e\nuxGVYO/YM6RlcJlc7RiKrQAO7XMuOfGbV/TedKPYz+SAeoHCdAVmT21o9HqgwRJ2\nkbJulqIF7oRmmqFOUDIUNg+ZC68QvR9cfuhzcLsEdmfEhXvI5j6CvrhOUN3UHw8A\nO7b4kiymBVT88uXUC0i3bGeEI3h6Fz/RZLbShcvTz2BwcuqoWdInyKi+8mKNfc1O\n+HGBMjnPahNAiovaEuUGErloETdjhmSOkbPBG8h9KpkndCwclEhsBN1+skKiDzKa\nMk53cXXKjqPvPEG9dfQQu0NEnOeY3ZtyVpMqnbo+G0MtyzkozvAB5WjWlpaWZYV2\nnw/wnyCi57ruYI7UjUp+NvFDiIRlOysLC7K6xia+8m7mP8MaFJibQh0tA2UDmdXs\nwy/Z87c6KUCyDB8Hl//rLWbWg6JpHTcH+81yDkVeq2TvJkB6P8jThv51Pz1z4b6U\ndHWAMK5kLmHv+P6sw0JkE5fwszoFOaqSxABq02Pkt5+Hv2EvwxpJZvySkdp7s+Xn\nGUwXhduMscVL/Yd62ES5dYSQ+vbmZIEK3PIttcIyleif6DLFZijJnywf5etYxvrK\nY9wgX6D9PwShl32sf3nzHXh3npLdbio3XwJQUcO6c/lm49rKD7L9L5RM6FNShl8R\n-----END CERTIFICATE-----\n"
rootCAPem := "-----BEGIN CERTIFICATE-----\nMIIFzDCCA7SgAwIBAgIJAKdYQFPloO6RMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNV\nBAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlN5ZG5leTENMAsGA1UECgwE\nbXljYTESMBAGA1UECwwJbXljYSByb290MSEwHwYDVQQDDBhteSBjZXJ0aWZpY2F0\nZSBhdXRob3JpdHkwIBcNMjAwOTE3MjA1MTM1WhgPMjI5NDA3MDMyMDUxMzVaMHIx\nCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlN5ZG5leTENMAsG\nA1UECgwEbXljYTESMBAGA1UECwwJbXljYSByb290MSEwHwYDVQQDDBhteSBjZXJ0\naWZpY2F0ZSBhdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\nAQDgvRdI24Rv9XBnirlB1LwS32MYyVM2mksTF52E0qrg1OKcMs1D2737BrgaUD6C\nB1I2lMAKR25Q3+x9fSutyww8KZ7yQkFcX2lhwsyYll0j1rvkjek0M1K4787ZFrXS\ncRihE6BSvP5886O+v7a30HxtKbI9oFHdbzgpLpTzvVAn53tokRgAJNtQZWpyJ5Qq\nIG7c96dG9zsXE5+tYT0E0p3ec1z/Ucdx6SKOFjCR8bVLX+Y97mxypOMaPEhGJ4D3\nBlxlCvwDo5sF46e/ntie3Fqghk3jRZTUXedB0IjN8iJCKODPMO1j1cESqVg21xGZ\nyZxIn/ra1iqx9VDCP8egfUOmmMF8flGV08qOGDLGEc/dpVe/yHvG3lmld3MBsW+3\nu6O2l7GIKdLHKibe3uGHhmuPbHq2vlc6IIlRtpsZtK3IXt+bpvlKdI3rxbl4MbT7\n8Z09IUpTsT5jDPEVRnX0zV78Gs4TyKqJKxJJaINx9n0AuXJ8b3jmth/Bb6OkoPgv\nsbFS2QER2Yp8whE1W2PMwtJ06u20YX0RSwuKD+CsnTVmtQwWLBXescCNRH372HwS\nLHO8dvyFWfekLaB2LfciJWYBd8thO5Y4O65FnKLGDvEUh6Ew2OOnhOpy4flWAng6\n39r5uuDQqmWrPFjDNR5HvQjQu1Bv0j81cFY4qZqSIskR9wIDAQABo2MwYTAdBgNV\nHQ4EFgQUD+ANepMk0O9PoxxxMpCnxxVyHNMwHwYDVR0jBBgwFoAUD+ANepMk0O9P\noxxxMpCnxxVyHNMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJ\nKoZIhvcNAQELBQADggIBAFdMzocjv6RojMXft1TnwYKb8H0ce6qcsBHZmd/M7IXf\nhyedRkcm7RuN7ayNjFA+44pwAr4jMMNklBQDpGD5yYt1jsltiYoYX5bwZdn2I/rr\nwNQ/FfNSp8rJWqtBhaEt0VI+snHuy0Gdx1eQGf4bJNzvsDLjjJuQ32VUjaCOzsd1\n7d8jR/yjR3Sq20oFEu3HqFSC9OCH2QORTqf6i2IkaUeJbkVTa8+uVceDDbRs3CwY\nVgk/4WcOzcrz0F2BJPpFQ4knrSuHgUbElPHPVuZcn3XZ0n1KBXZdNVCIyLVRowdr\nI+gNEgWE3670Osx55QWg7depP7hU30nQlC1cm2ej2MxM48ddbAL4Zqs8/W1gm+Xb\nDkTsfh81QZQaw6qFVGHJNRIyfMT68ekFB8AgqntulIFR2RJTr/3QJBMhGHKQkmcT\nsa0z0ZrmS/ieurRUjaCsud10Y5VbY5Y8ll5kPsuRWuyijftjcPFqHBzLSSdLacO9\nlVIGkTA3ARCGgym3v5+ZZJ4DeLOJRz9c9OCIASlCkNFFEm1aJ8oagynh2tYqe5TK\nCva1MX8QW5OjHbrm1xvQ8uZOSj55yuBQWKH47GF4QxiojzKikLv4Cpv2Tk5SR9qv\nq3C4t8B26KurNb4z99eo5XhW5XXvQdKZTQC9BqZDN7xhQlwm5lbRSuhZMBJJaQOS\n-----END CERTIFICATE-----\n"
//test the global Runner
verified, err := checkFullCertChainFromBytes([]byte(certPem+interCAPem+rootCAPem), []byte(keyPem))
logCertStats(verified)
if err == nil {
t.Errorf("certificate chain should not validate, no DNS name was specified in cert")
}
if verified != nil && len(verified) != 3 {
t.Logf("normal. certificate chain with 1 TLS cert, 1 intermediate, 1 root cert should be length 3, but was: %d", len(verified))
}
}
//this test has no known root certificate. intermediate supplied but system has no way to Find root.
func TestCertChainC_I_Invalid(t *testing.T) {
certPem := "-----BEGIN CERTIFICATE-----\nMIIFkDCCA3igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwdjELMAkGA1UEBhMCQVUx\nDDAKBgNVBAgMA05TVzENMAsGA1UECgwEbXljYTEaMBgGA1UECwwRbXljYSBpbnRl\ncm1lZGlhdGUxLjAsBgNVBAMMJW15IGNlcnRpZmljYXRlIGF1dGhvcml0eSBpbnRl\ncm1lZGlhdGUwIBcNMjAwOTE3MjEzMTQ5WhgPMjEwMjExMDcyMTMxNDlaMF8xCzAJ\nBgNVBAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlN5ZG5leTENMAsGA1UE\nCgwEY2VydDEQMA4GA1UECwwHY2VydCBvdTEQMA4GA1UEAwwHY2VydCBjbjCCASIw\nDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3FFHDc3fWIyxukMDRriEbYtVA4\n1EeiQiwf7RLdDxh+N2VAazUbbxUJ06nKAslX2+6ZmJrMlS+ionX1BvPhPy3snuZI\n1movXcvH6ZV5yUGZyJDocjOTHHqNwPSDOAQX87tLjQbCa8Rw//B488GoPbaZlWYD\nvZQ0Mw5rasiu0B+OI6PL8+Vnc2jXdPlc3tiNoIVXRZ14TNei7bUDA3O1y593ift2\ntQ/TZxlY7fylZWhTV4sUm/9yk/zob+dyzro795Jy8vThlePAN//tZGLWFzG7a8o9\nMx36BPncSZ0v+EfEvP24ZffIDFRtysBewu2+33IVpISlbaHgj6nsuv8GFM0CAwEA\nAaOCATswggE3MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG\n+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD\nVR0OBBYEFEEFnOmrROOjNNQrLRoXPXsJLPkeMIGdBgNVHSMEgZUwgZKAFOlVp+B1\nWShwNQuSAVuQAvCe/teZoXakdDByMQswCQYDVQQGEwJBVTEMMAoGA1UECAwDTlNX\nMQ8wDQYDVQQHDAZTeWRuZXkxDTALBgNVBAoMBG15Y2ExEjAQBgNVBAsMCW15Y2Eg\ncm9vdDEhMB8GA1UEAwwYbXkgY2VydGlmaWNhdGUgYXV0aG9yaXR5ggIQADAOBgNV\nHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQAD\nggIBABmHgp3VwBiQ+viw9exwx8tgTkPhCu36qkDIlSnaPlKTCmlcc+Cs399ra4as\nyVuLPiTGQZ1HsNtmZ3DxaRWbtfdxKty13mZi1+x1UKr/MrGiUTtpYsptJSUYppWa\n7leA1nO/5Kz8i2WCFuk+K3HNVRdjIYmhB3pG3IEXukmaZHSVJ5fCi1ED4l9gzkPv\nTS4olPOU37RPsTgH2ibQUxqhSt0wfu/X6dgqYf3JYtEl4Ddw1XcQeKDI/08D+XP/\nuzNBciMtcAxmTDM+daTBZ8KZnHnPDeuPCj0yLxMi4/HlzuCUXmnO7TAabVyZDvoA\nTpPhkIxj4BuYjCIX9Czd+1fqIu+22tovWg54o+2vuMKyeRpbw3lwTfX3mBuzPaoc\nFu2wFSQEsSQVrpnyD3wMhvF9X2S9YlrzuwQZRJkuYpO83VMHtWIasn6q1al57V0+\nx9TQpCkT6hqv26VxyDhUumAlBkoqEEVXfk/zSa63JHck9LLEIuVt6se6muNj7pLF\nSM+JQe41CQsnxNABs4FqOxp+RhYhOPIKlpgdhBtob89y6OPlR9Sa/4Wchf7FbDPW\nj1ZCzwScOlYDVamud+/wSOsvZhjnkYv8YW13z6GQPqmyMcu0QstIBHkModoZIKOG\nK3FXY7kDCcrj6luxalsD7GbQ7gCpDIdlRe9JPfOBo342mFKR\n-----END CERTIFICATE-----\n"
keyPem := "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA3cUUcNzd9YjLG6QwNGuIRti1UDjUR6JCLB/tEt0PGH43ZUBr\nNRtvFQnTqcoCyVfb7pmYmsyVL6KidfUG8+E/Leye5kjWai9dy8fplXnJQZnIkOhy\nM5Mceo3A9IM4BBfzu0uNBsJrxHD/8Hjzwag9tpmVZgO9lDQzDmtqyK7QH44jo8vz\n5WdzaNd0+Vze2I2ghVdFnXhM16LttQMDc7XLn3eJ+3a1D9NnGVjt/KVlaFNXixSb\n/3KT/Ohv53LOujv3knLy9OGV48A3/+1kYtYXMbtryj0zHfoE+dxJnS/4R8S8/bhl\n98gMVG3KwF7C7b7fchWkhKVtoeCPqey6/wYUzQIDAQABAoIBACPJuhK8kdUdzikX\nxe+vqr5EGn5nrVoiBSu5uzhgFB+PvsDINITNeI+cllvADdMQKp3Gi6nveePGCxGe\nCREyOE/g74OaHX/lRO2txTQqAyBjAMrhuAw6oU3lsk3DHzcJ5ntDJe8BUQLSeXsF\nCdEmpU7iWgmscNuJ0PNywjjAfTWaHXNgXbcragVT/El53/fAnO36aDmd5SP4BiiQ\n984Hig9Z+B9AuqYzKour8o96+IC8eD6EzSVbyvE7WnUZiVV2Opf4mJ8qUEw1NQlg\nGScrcF5RSCJTmB1lt9/mLE1PFS2SZpt2u3iCyKPAqWLa3oAzWMqD9X45+UV2UFlV\nnrfkrsECgYEA/rEE64qKiR5dgjvZVJls6dVu2WYy+EXCSqY2mYFbzHP+rw/xs7oZ\nk39/c0QghZJXDzzxXFUgKa5oeKrkYefPBWFquUfZx/OltbWfjdk8L/z8kfpYJetB\nySELnZiq9mb0JcDPGT5TJVR/udTlCtz89VPeYVt7dOypsAF0uvSrrUcCgYEA3ujC\nvvlughdm7oqhIgaRsIZKQedXLQVb8B1X1HnrbDgnuvBXEKioxIZT6Aw73scl5IFU\n7VBA+tasm9MdwtM18wJ62XCKuN3EgAA0/XpiuageWxSMfwm4Gy2t6FnV5CM+3in/\nmEPDG4NiUqyhk8eDuuuPLWtnXpRN+HQKM5xHp0sCgYEA3dZb/bkXP6WGNxhgDRLx\nzZ6MxakBvkQsng62QfBtf+CMtfjCQxRWkKWd4k01soIreGdRp2Wx9PwnnOrkr+5T\n4FDgv2843rN245XF2qybgwTtDU0rmCOYklJJJsTCLIqyH2wYNtmVXE+ETN2FfnfL\nkPezG8Ot/cLhbh9miCzyl6MCgYEAgYU9oznLvEtcw75JYjvu62McQq7pOH+krCBg\nqFUvNfJrI3QDIurdJVPn7S0unIOawOtlLX80Qov6P5Cr+kg/ULRgLXf3IvO4+acl\nIyO5uaa1/LYz7Jz5HNGt+xQ39BeGsBA3M4IsHBB7UQ591CBZqoK07u85YPtLUtIa\nG2LzP4ECgYBHOPg3ndFMe5EBql/92nSH+RILE6ADUCa+oQUOKa5p/cdWMt6ClT0m\n6cMOJN8lMmtVzwRG/aLPhN2L/vCbtBFDBDIm8PM5gg0340uFv5Mo4p1Sf8iRZG4B\nmzl86a1/OBk4MrtJqoqKrR9yg5/BXlvwuXBJRHaLjGERxhzyhk/WaQ==\n-----END RSA PRIVATE KEY-----\n"
interCAPem := "-----BEGIN CERTIFICATE-----\nMIIFzDCCA7SgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCQVUx\nDDAKBgNVBAgMA05TVzEPMA0GA1UEBwwGU3lkbmV5MQ0wCwYDVQQKDARteWNhMRIw\nEAYDVQQLDAlteWNhIHJvb3QxITAfBgNVBAMMGG15IGNlcnRpZmljYXRlIGF1dGhv\ncml0eTAgFw0yMDA5MTcyMTE3MjdaGA8yMjM5MDkzMDIxMTcyN1owdjELMAkGA1UE\nBhMCQVUxDDAKBgNVBAgMA05TVzENMAsGA1UECgwEbXljYTEaMBgGA1UECwwRbXlj\nYSBpbnRlcm1lZGlhdGUxLjAsBgNVBAMMJW15IGNlcnRpZmljYXRlIGF1dGhvcml0\neSBpbnRlcm1lZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCm\n1qRLG0twxwbxBdt/nDeUr0Ia8LtLDtvPjdVVUDTpCp4gnlkEEzHu8JXPPsIami2C\nt5vo35JW1AI223FD5eef54wZG2rXlJbzwlB+yyE5+/V/6WSKe42rePvZDCD+Ym/Q\nyYeqzObViXGnmIvta2aEYZzLeTJPzppvQws/bM+d5IhRa43JuJOVYmjPdp1cjaOm\ntmW3zQSj/00a3i/97SHoyqaJX+y2bPQIJ+yScdBSn9W+Ke3o7/WnuP0HO/ST1fZM\nyzorGbso6aGnTswFbOdWMDUpauE97SL1M6ztoaI4a0HHD8Z8dPhtAmXWbs/5hmQr\njZqBj5W4oUik9iIjUhC2l1aYUf934Om62JjMn9if/mIIA5UTorddj/wKtIsd0n4X\nq5nhJ+X4yVXi3YjqW8iegenaq6UGuvNsm6m/JRAf+5n3FuspHH4WrCgAaIrYg0ZY\nDDu5ro6zHxTcHF6j01CXlJTDEJlStoZ6N9cIKVT94pUPM+EZBq3DGlhBDKipZWk7\n+sEu7sZoQ51WoV4haMY+4Wd7ea8o4sE50eoW+DN2o9lIPHMyxY5uFD7CluUt/b37\ntCcOYAV86JWBN5htTPYAH3wXsDBU/KFSJPLRPF96cuHL6Dq++Gvlqw0rKDKQ/gKh\nDma8lZ9SjVTskqk3l5wzHyNjy7nYFSIRItGIhVbp0wIDAQABo2YwZDAdBgNVHQ4E\nFgQU6VWn4HVZKHA1C5IBW5AC8J7+15kwHwYDVR0jBBgwFoAUD+ANepMk0O9Poxxx\nMpCnxxVyHNMwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJ\nKoZIhvcNAQELBQADggIBAAQKj6FLBiy23kqHB7iUrl3dSXjJEsPm03zApRhWhr3e\nuxGVYO/YM6RlcJlc7RiKrQAO7XMuOfGbV/TedKPYz+SAeoHCdAVmT21o9HqgwRJ2\nkbJulqIF7oRmmqFOUDIUNg+ZC68QvR9cfuhzcLsEdmfEhXvI5j6CvrhOUN3UHw8A\nO7b4kiymBVT88uXUC0i3bGeEI3h6Fz/RZLbShcvTz2BwcuqoWdInyKi+8mKNfc1O\n+HGBMjnPahNAiovaEuUGErloETdjhmSOkbPBG8h9KpkndCwclEhsBN1+skKiDzKa\nMk53cXXKjqPvPEG9dfQQu0NEnOeY3ZtyVpMqnbo+G0MtyzkozvAB5WjWlpaWZYV2\nnw/wnyCi57ruYI7UjUp+NvFDiIRlOysLC7K6xia+8m7mP8MaFJibQh0tA2UDmdXs\nwy/Z87c6KUCyDB8Hl//rLWbWg6JpHTcH+81yDkVeq2TvJkB6P8jThv51Pz1z4b6U\ndHWAMK5kLmHv+P6sw0JkE5fwszoFOaqSxABq02Pkt5+Hv2EvwxpJZvySkdp7s+Xn\nGUwXhduMscVL/Yd62ES5dYSQ+vbmZIEK3PIttcIyleif6DLFZijJnywf5etYxvrK\nY9wgX6D9PwShl32sf3nzHXh3npLdbio3XwJQUcO6c/lm49rKD7L9L5RM6FNShl8R\n-----END CERTIFICATE-----\n"
rootCAPem := ""
//test the global Runner
verified, err := checkFullCertChainFromBytes([]byte(certPem+interCAPem+rootCAPem), []byte(keyPem))
logCertStats(verified)
if err == nil {
t.Errorf("certificate chain with 1 TLS cert, 1 intermediate, unknown root cert incorrectly validated")
}
}
//this test supplies only the certficate but not none of the signing CA, should not validate.
func TestCertChainC_Invalid(t *testing.T) {
certPem := "-----BEGIN CERTIFICATE-----\nMIIFkDCCA3igAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwdjELMAkGA1UEBhMCQVUx\nDDAKBgNVBAgMA05TVzENMAsGA1UECgwEbXljYTEaMBgGA1UECwwRbXljYSBpbnRl\ncm1lZGlhdGUxLjAsBgNVBAMMJW15IGNlcnRpZmljYXRlIGF1dGhvcml0eSBpbnRl\ncm1lZGlhdGUwIBcNMjAwOTE3MjEzMTQ5WhgPMjEwMjExMDcyMTMxNDlaMF8xCzAJ\nBgNVBAYTAkFVMQwwCgYDVQQIDANOU1cxDzANBgNVBAcMBlN5ZG5leTENMAsGA1UE\nCgwEY2VydDEQMA4GA1UECwwHY2VydCBvdTEQMA4GA1UEAwwHY2VydCBjbjCCASIw\nDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3FFHDc3fWIyxukMDRriEbYtVA4\n1EeiQiwf7RLdDxh+N2VAazUbbxUJ06nKAslX2+6ZmJrMlS+ionX1BvPhPy3snuZI\n1movXcvH6ZV5yUGZyJDocjOTHHqNwPSDOAQX87tLjQbCa8Rw//B488GoPbaZlWYD\nvZQ0Mw5rasiu0B+OI6PL8+Vnc2jXdPlc3tiNoIVXRZ14TNei7bUDA3O1y593ift2\ntQ/TZxlY7fylZWhTV4sUm/9yk/zob+dyzro795Jy8vThlePAN//tZGLWFzG7a8o9\nMx36BPncSZ0v+EfEvP24ZffIDFRtysBewu2+33IVpISlbaHgj6nsuv8GFM0CAwEA\nAaOCATswggE3MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG\n+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD\nVR0OBBYEFEEFnOmrROOjNNQrLRoXPXsJLPkeMIGdBgNVHSMEgZUwgZKAFOlVp+B1\nWShwNQuSAVuQAvCe/teZoXakdDByMQswCQYDVQQGEwJBVTEMMAoGA1UECAwDTlNX\nMQ8wDQYDVQQHDAZTeWRuZXkxDTALBgNVBAoMBG15Y2ExEjAQBgNVBAsMCW15Y2Eg\ncm9vdDEhMB8GA1UEAwwYbXkgY2VydGlmaWNhdGUgYXV0aG9yaXR5ggIQADAOBgNV\nHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQAD\nggIBABmHgp3VwBiQ+viw9exwx8tgTkPhCu36qkDIlSnaPlKTCmlcc+Cs399ra4as\nyVuLPiTGQZ1HsNtmZ3DxaRWbtfdxKty13mZi1+x1UKr/MrGiUTtpYsptJSUYppWa\n7leA1nO/5Kz8i2WCFuk+K3HNVRdjIYmhB3pG3IEXukmaZHSVJ5fCi1ED4l9gzkPv\nTS4olPOU37RPsTgH2ibQUxqhSt0wfu/X6dgqYf3JYtEl4Ddw1XcQeKDI/08D+XP/\nuzNBciMtcAxmTDM+daTBZ8KZnHnPDeuPCj0yLxMi4/HlzuCUXmnO7TAabVyZDvoA\nTpPhkIxj4BuYjCIX9Czd+1fqIu+22tovWg54o+2vuMKyeRpbw3lwTfX3mBuzPaoc\nFu2wFSQEsSQVrpnyD3wMhvF9X2S9YlrzuwQZRJkuYpO83VMHtWIasn6q1al57V0+\nx9TQpCkT6hqv26VxyDhUumAlBkoqEEVXfk/zSa63JHck9LLEIuVt6se6muNj7pLF\nSM+JQe41CQsnxNABs4FqOxp+RhYhOPIKlpgdhBtob89y6OPlR9Sa/4Wchf7FbDPW\nj1ZCzwScOlYDVamud+/wSOsvZhjnkYv8YW13z6GQPqmyMcu0QstIBHkModoZIKOG\nK3FXY7kDCcrj6luxalsD7GbQ7gCpDIdlRe9JPfOBo342mFKR\n-----END CERTIFICATE-----\n"
keyPem := "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA3cUUcNzd9YjLG6QwNGuIRti1UDjUR6JCLB/tEt0PGH43ZUBr\nNRtvFQnTqcoCyVfb7pmYmsyVL6KidfUG8+E/Leye5kjWai9dy8fplXnJQZnIkOhy\nM5Mceo3A9IM4BBfzu0uNBsJrxHD/8Hjzwag9tpmVZgO9lDQzDmtqyK7QH44jo8vz\n5WdzaNd0+Vze2I2ghVdFnXhM16LttQMDc7XLn3eJ+3a1D9NnGVjt/KVlaFNXixSb\n/3KT/Ohv53LOujv3knLy9OGV48A3/+1kYtYXMbtryj0zHfoE+dxJnS/4R8S8/bhl\n98gMVG3KwF7C7b7fchWkhKVtoeCPqey6/wYUzQIDAQABAoIBACPJuhK8kdUdzikX\nxe+vqr5EGn5nrVoiBSu5uzhgFB+PvsDINITNeI+cllvADdMQKp3Gi6nveePGCxGe\nCREyOE/g74OaHX/lRO2txTQqAyBjAMrhuAw6oU3lsk3DHzcJ5ntDJe8BUQLSeXsF\nCdEmpU7iWgmscNuJ0PNywjjAfTWaHXNgXbcragVT/El53/fAnO36aDmd5SP4BiiQ\n984Hig9Z+B9AuqYzKour8o96+IC8eD6EzSVbyvE7WnUZiVV2Opf4mJ8qUEw1NQlg\nGScrcF5RSCJTmB1lt9/mLE1PFS2SZpt2u3iCyKPAqWLa3oAzWMqD9X45+UV2UFlV\nnrfkrsECgYEA/rEE64qKiR5dgjvZVJls6dVu2WYy+EXCSqY2mYFbzHP+rw/xs7oZ\nk39/c0QghZJXDzzxXFUgKa5oeKrkYefPBWFquUfZx/OltbWfjdk8L/z8kfpYJetB\nySELnZiq9mb0JcDPGT5TJVR/udTlCtz89VPeYVt7dOypsAF0uvSrrUcCgYEA3ujC\nvvlughdm7oqhIgaRsIZKQedXLQVb8B1X1HnrbDgnuvBXEKioxIZT6Aw73scl5IFU\n7VBA+tasm9MdwtM18wJ62XCKuN3EgAA0/XpiuageWxSMfwm4Gy2t6FnV5CM+3in/\nmEPDG4NiUqyhk8eDuuuPLWtnXpRN+HQKM5xHp0sCgYEA3dZb/bkXP6WGNxhgDRLx\nzZ6MxakBvkQsng62QfBtf+CMtfjCQxRWkKWd4k01soIreGdRp2Wx9PwnnOrkr+5T\n4FDgv2843rN245XF2qybgwTtDU0rmCOYklJJJsTCLIqyH2wYNtmVXE+ETN2FfnfL\nkPezG8Ot/cLhbh9miCzyl6MCgYEAgYU9oznLvEtcw75JYjvu62McQq7pOH+krCBg\nqFUvNfJrI3QDIurdJVPn7S0unIOawOtlLX80Qov6P5Cr+kg/ULRgLXf3IvO4+acl\nIyO5uaa1/LYz7Jz5HNGt+xQ39BeGsBA3M4IsHBB7UQ591CBZqoK07u85YPtLUtIa\nG2LzP4ECgYBHOPg3ndFMe5EBql/92nSH+RILE6ADUCa+oQUOKa5p/cdWMt6ClT0m\n6cMOJN8lMmtVzwRG/aLPhN2L/vCbtBFDBDIm8PM5gg0340uFv5Mo4p1Sf8iRZG4B\nmzl86a1/OBk4MrtJqoqKrR9yg5/BXlvwuXBJRHaLjGERxhzyhk/WaQ==\n-----END RSA PRIVATE KEY-----\n"
interCAPem := ""
rootCAPem := ""
//test the global Runner
verified, err := checkFullCertChainFromBytes([]byte(certPem+interCAPem+rootCAPem), []byte(keyPem))
logCertStats(verified)
if err == nil {
t.Errorf("certificate chain with 1 TLS cert, 0 intermediate, 0 root cert incorrectly validated")
}
}
func TestSha1Sum(t *testing.T) {
want := "#BE:B8:11:71:AB:9F:0F:0B:9E:65:40:A8:C3:2D:F0:96:C0:DB:78:16"
got := sha1Fingerprint(parseTestCert())
if got != want {
t.Errorf("sha1sum got %s, want %s", got, want)
} else {
t.Logf("sha1 fingerprint: %s", got)
}
}
func TestSha256Sum(t *testing.T) {
want := "#FA:EC:D7:A1:22:84:7B:92:91:EE:08:3D:C4:35:20:6B:7E:3F:6F:8B:BD:BD:0D:96:4C:D4:ED:E7:53:47:3F:58"
got := sha256Fingerprint(parseTestCert())
if got != want {
t.Errorf("sha256sum got %s, want %s", got, want)
} else {
t.Logf("sha256 fingerprint: %s", got)
}
}
func TestMd5Sum(t *testing.T) {
want := "#EF:F8:6C:76:9F:12:F4:EC:B5:04:C1:BD:AF:C2:E4:80"
got := md5Fingerprint(parseTestCert())
if got != want {
t.Errorf("md5sum got %s, want %s", got, want)
} else {
t.Logf("md5 fingerprint: %s", got)
}
}
func parseTestCert() *x509.Certificate {
certPem := "-----BEGIN CERTIFICATE-----\nMIIEkzCCAvugAwIBAgIRANiwkh9AuRgrvYh7Y5DtWIUwDQYJKoZIhvcNAQELBQAw\ngYExHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTErMCkGA1UECwwic2lt\nb25taXR0YWdAdHJvb3BlciAoU2ltb24gTWl0dGFnKTEyMDAGA1UEAwwpbWtjZXJ0\nIHNpbW9ubWl0dGFnQHRyb29wZXIgKFNpbW9uIE1pdHRhZykwHhcNMTkwNjAxMDAw\nMDAwWhcNMzAwNzMwMDExNDU5WjBjMScwJQYDVQQKEx5ta2NlcnQgZGV2ZWxvcG1l\nbnQgY2VydGlmaWNhdGUxODA2BgNVBAsML3NpbW9ubWl0dGFnQE1hY0Jvb2stUHJv\nLTE2LmxvY2FsIChTaW1vbiBNaXR0YWcpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\nMIIBCgKCAQEAsCTQ9rLTQYjIlGF7EOrTJux8E514TUoAuQ0xo1NOSssptjmDyGhb\n8K7+A/TgdU/xlPMcJf22nNDQ2MpqpgHGlDcuXt3SmVrcsTeby1Pa81gxKp23a51B\n8xAoHoHwXVSWdiMWk3H/Jjv/dtYL1L180neewcWvK26ANUwlzWG6BW1QVUXXNdRo\ndmxQ1eg2S/qMBASFj6QjCsWWJiEfmz4PQpsP8q5IqCcX85BUqGO919JlE/eXEAgk\n9Yuh61/50n39B/sPC0mU5s6vH0SPCBvz1g8SiXa8jj3jCXxa/0ZsYtAVqPe5BoRP\nvK2q1sbKbJVr7EpmiOdKxKPHonRHasweGwIDAQABo4GiMIGfMA4GA1UdDwEB/wQE\nAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY\nMBaAFMNEcloV4jg+eonB5omuJvQXiqiRMEkGA1UdEQRCMECCDyouamFiYmF0ZXN0\nLmNvbYIKamFiYmEudGVzdIIJbG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAA\nAAABMA0GCSqGSIb3DQEBCwUAA4IBgQDGI3EUWPKsEOqLCpnwSlFihu8n9+g4pV3/\njItYhUqMBz1v8TqV2zykkJUtlfNoxrp5OAg4CG0Xr1zhqjub3teKbsNKlRpV+h04\n4ncltpe66u4gg9RW+ww/f+J3C2yZRIX+brhDcTpdEMyfVoCV/5jeCxWf29MdFcLU\nBfgFdEp1oe3bK/dyZc8SbUlmizyumaDOaZACihz/DKsJ+lzRdy6c3UPQgC3r72oN\nLx/ccpnwdeumWFs+qYOjYfrCGFXaabokdtyit4XURFngxpnPUB9jHDvkI5+/eTaB\nSpdjJxE6x4mciyZSvshhu1v8j52+d9zUANs9+Y/v6EoCZ6byaaS4NAmTXdAWlnYb\nhIuRRsI4gIDhJWLrACBu1Osh7ZknaLNVMt5xo3TemCkVKud3NHGbycHTUoFBuHz/\nJOTQJ/Z1Ym3enpTAESZVcZTzS9gL62wfIfLcFvq+tVjoJZVJCcolP2fYn3U5lEiN\nvZvs72xp4sYEOa9zhvEs/yte9c6rkU0=\n-----END CERTIFICATE-----\n"
keyPem := "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwJND2stNBiMiU\nYXsQ6tMm7HwTnXhNSgC5DTGjU05Kyym2OYPIaFvwrv4D9OB1T/GU8xwl/bac0NDY\nymqmAcaUNy5e3dKZWtyxN5vLU9rzWDEqnbdrnUHzECgegfBdVJZ2IxaTcf8mO/92\n1gvUvXzSd57Bxa8rboA1TCXNYboFbVBVRdc11Gh2bFDV6DZL+owEBIWPpCMKxZYm\nIR+bPg9Cmw/yrkioJxfzkFSoY73X0mUT95cQCCT1i6HrX/nSff0H+w8LSZTmzq8f\nRI8IG/PWDxKJdryOPeMJfFr/Rmxi0BWo97kGhE+8rarWxspslWvsSmaI50rEo8ei\ndEdqzB4bAgMBAAECggEAc9nDFn7HM3MjeXQj3RyVhCRF9yC63xqtHwjufN1twQOe\ni5uIcWcyETsHFtMYThAmdDDxcotMcBdnRS7cthK06QbiGMMMoJCCVoyciz674xE+\nRSk2WjE0DwmxWV9dGAVqcIjjcFap2hvcCez+Gw4F6ueCIzBB5e7npCZRNqPwFWCY\n/og06ypz/4LHXFNatvRJC3qhWFwFo1bVC1ycZmc5RQ4IHeQHzi6oCJhSRdCbM7Q9\n7fQhmjtcw0pxvJTVV+XP7tTf9iDDwgi/Le2iEqNQ1D6c4+nYAGYj2D3919oUYnyv\ntnznZ2GTibIyP6kl4L79ChRz0JGBzraKH7aJh9H1AQKBgQDS0xd8RNLJ5hkwPitt\nx/4RNlobGGZqqvQiCKkaDvnc1E1eKR3rVlxH17/ccA/qs0vcoFDPbGyRa/OgD7p5\nRo3R+EPDFoFq1KMP4SRoGcDgrNKHQ3o06sUngmtUUP28G+DUQm46xW7cnQrvvNiK\nf9MMfeNH+tAPtssZh0HNKJa9fwKBgQDV40peDqh9b4Ag+mfiHIJGuwTN8LMvKRqr\nN5dVirl2BDYMwF6JflIwIwjBZq7ah3NsT5/Yd+nuY+ux/pO4iU5jMbTtoAOv2dc7\nVKpqNTaQdJhta5OlOdBSP5iXj4siVCMIFL1jz8JtWuXX4hUtbliG6ICZTH2/5ivG\nfaPiOhAlZQKBgQCp941jnojiRSPhhP22UBpA/jS+y3kmXhTcq2bJn3FJ289ULon0\nhXd4ZDRGIAJ1EYADqyv7TkppI0MStBt+UqdbtG/NBIPqAOxFjRmw47JgcHR6oKgR\nqYSxSbAGFhW6Zi9ocPY1Y57xNZrvlKxvXIZl98gY69h6EsDDIAyoviRpOQKBgC0g\nRjlv+EZ2tt6+VhqTjzzjClF03ikuD+1dzjUDDrwCiXDJSWjS2P5E9fzv8CY0+7o3\nVm8yZY2hUUH9hycg+QPeoeCcqQp5+HoRE99SmM+DegFj+AOdHgGsX0Jiy6UTgUyc\nK5UaaVfvHJ0emv85z72u4ir1w3YwVr4LFf+N5ogtAoGAHODQpVC7sg+nlbeSKsPf\nRbULfOG4YD5pHszNM+nCjNWs00ofJoZOFA64qXwTIc4Vrh8JLiwAkXiTGYM2guv5\nQnp+HbFi/tAc+rQu4SGBaVIglnIj7jFNdgJOb68Vw/L9v2jW1Y8VoAC0eCRWpHud\nGsMkN4GFOfQKoBI/aCXn4DM=\n-----END PRIVATE KEY-----\n"
chain, _ := tls.X509KeyPair([]byte(certPem), []byte(keyPem))
chain.Leaf, _ = x509.ParseCertificate(chain.Certificate[0])
return chain.Leaf
}
func mockTlsConfig() (*tls.Config, error) {
certPem := "-----BEGIN CERTIFICATE-----\nMIIEkzCCAvugAwIBAgIRANiwkh9AuRgrvYh7Y5DtWIUwDQYJKoZIhvcNAQELBQAw\ngYExHjAcBgNVBAoTFW1rY2VydCBkZXZlbG9wbWVudCBDQTErMCkGA1UECwwic2lt\nb25taXR0YWdAdHJvb3BlciAoU2ltb24gTWl0dGFnKTEyMDAGA1UEAwwpbWtjZXJ0\nIHNpbW9ubWl0dGFnQHRyb29wZXIgKFNpbW9uIE1pdHRhZykwHhcNMTkwNjAxMDAw\nMDAwWhcNMzAwNzMwMDExNDU5WjBjMScwJQYDVQQKEx5ta2NlcnQgZGV2ZWxvcG1l\nbnQgY2VydGlmaWNhdGUxODA2BgNVBAsML3NpbW9ubWl0dGFnQE1hY0Jvb2stUHJv\nLTE2LmxvY2FsIChTaW1vbiBNaXR0YWcpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\nMIIBCgKCAQEAsCTQ9rLTQYjIlGF7EOrTJux8E514TUoAuQ0xo1NOSssptjmDyGhb\n8K7+A/TgdU/xlPMcJf22nNDQ2MpqpgHGlDcuXt3SmVrcsTeby1Pa81gxKp23a51B\n8xAoHoHwXVSWdiMWk3H/Jjv/dtYL1L180neewcWvK26ANUwlzWG6BW1QVUXXNdRo\ndmxQ1eg2S/qMBASFj6QjCsWWJiEfmz4PQpsP8q5IqCcX85BUqGO919JlE/eXEAgk\n9Yuh61/50n39B/sPC0mU5s6vH0SPCBvz1g8SiXa8jj3jCXxa/0ZsYtAVqPe5BoRP\nvK2q1sbKbJVr7EpmiOdKxKPHonRHasweGwIDAQABo4GiMIGfMA4GA1UdDwEB/wQE\nAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY\nMBaAFMNEcloV4jg+eonB5omuJvQXiqiRMEkGA1UdEQRCMECCDyouamFiYmF0ZXN0\nLmNvbYIKamFiYmEudGVzdIIJbG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAA\nAAABMA0GCSqGSIb3DQEBCwUAA4IBgQDGI3EUWPKsEOqLCpnwSlFihu8n9+g4pV3/\njItYhUqMBz1v8TqV2zykkJUtlfNoxrp5OAg4CG0Xr1zhqjub3teKbsNKlRpV+h04\n4ncltpe66u4gg9RW+ww/f+J3C2yZRIX+brhDcTpdEMyfVoCV/5jeCxWf29MdFcLU\nBfgFdEp1oe3bK/dyZc8SbUlmizyumaDOaZACihz/DKsJ+lzRdy6c3UPQgC3r72oN\nLx/ccpnwdeumWFs+qYOjYfrCGFXaabokdtyit4XURFngxpnPUB9jHDvkI5+/eTaB\nSpdjJxE6x4mciyZSvshhu1v8j52+d9zUANs9+Y/v6EoCZ6byaaS4NAmTXdAWlnYb\nhIuRRsI4gIDhJWLrACBu1Osh7ZknaLNVMt5xo3TemCkVKud3NHGbycHTUoFBuHz/\nJOTQJ/Z1Ym3enpTAESZVcZTzS9gL62wfIfLcFvq+tVjoJZVJCcolP2fYn3U5lEiN\nvZvs72xp4sYEOa9zhvEs/yte9c6rkU0=\n-----END CERTIFICATE-----\n"
keyPem := "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwJND2stNBiMiU\nYXsQ6tMm7HwTnXhNSgC5DTGjU05Kyym2OYPIaFvwrv4D9OB1T/GU8xwl/bac0NDY\nymqmAcaUNy5e3dKZWtyxN5vLU9rzWDEqnbdrnUHzECgegfBdVJZ2IxaTcf8mO/92\n1gvUvXzSd57Bxa8rboA1TCXNYboFbVBVRdc11Gh2bFDV6DZL+owEBIWPpCMKxZYm\nIR+bPg9Cmw/yrkioJxfzkFSoY73X0mUT95cQCCT1i6HrX/nSff0H+w8LSZTmzq8f\nRI8IG/PWDxKJdryOPeMJfFr/Rmxi0BWo97kGhE+8rarWxspslWvsSmaI50rEo8ei\ndEdqzB4bAgMBAAECggEAc9nDFn7HM3MjeXQj3RyVhCRF9yC63xqtHwjufN1twQOe\ni5uIcWcyETsHFtMYThAmdDDxcotMcBdnRS7cthK06QbiGMMMoJCCVoyciz674xE+\nRSk2WjE0DwmxWV9dGAVqcIjjcFap2hvcCez+Gw4F6ueCIzBB5e7npCZRNqPwFWCY\n/og06ypz/4LHXFNatvRJC3qhWFwFo1bVC1ycZmc5RQ4IHeQHzi6oCJhSRdCbM7Q9\n7fQhmjtcw0pxvJTVV+XP7tTf9iDDwgi/Le2iEqNQ1D6c4+nYAGYj2D3919oUYnyv\ntnznZ2GTibIyP6kl4L79ChRz0JGBzraKH7aJh9H1AQKBgQDS0xd8RNLJ5hkwPitt\nx/4RNlobGGZqqvQiCKkaDvnc1E1eKR3rVlxH17/ccA/qs0vcoFDPbGyRa/OgD7p5\nRo3R+EPDFoFq1KMP4SRoGcDgrNKHQ3o06sUngmtUUP28G+DUQm46xW7cnQrvvNiK\nf9MMfeNH+tAPtssZh0HNKJa9fwKBgQDV40peDqh9b4Ag+mfiHIJGuwTN8LMvKRqr\nN5dVirl2BDYMwF6JflIwIwjBZq7ah3NsT5/Yd+nuY+ux/pO4iU5jMbTtoAOv2dc7\nVKpqNTaQdJhta5OlOdBSP5iXj4siVCMIFL1jz8JtWuXX4hUtbliG6ICZTH2/5ivG\nfaPiOhAlZQKBgQCp941jnojiRSPhhP22UBpA/jS+y3kmXhTcq2bJn3FJ289ULon0\nhXd4ZDRGIAJ1EYADqyv7TkppI0MStBt+UqdbtG/NBIPqAOxFjRmw47JgcHR6oKgR\nqYSxSbAGFhW6Zi9ocPY1Y57xNZrvlKxvXIZl98gY69h6EsDDIAyoviRpOQKBgC0g\nRjlv+EZ2tt6+VhqTjzzjClF03ikuD+1dzjUDDrwCiXDJSWjS2P5E9fzv8CY0+7o3\nVm8yZY2hUUH9hycg+QPeoeCcqQp5+HoRE99SmM+DegFj+AOdHgGsX0Jiy6UTgUyc\nK5UaaVfvHJ0emv85z72u4ir1w3YwVr4LFf+N5ogtAoGAHODQpVC7sg+nlbeSKsPf\nRbULfOG4YD5pHszNM+nCjNWs00ofJoZOFA64qXwTIc4Vrh8JLiwAkXiTGYM2guv5\nQnp+HbFi/tAc+rQu4SGBaVIglnIj7jFNdgJOb68Vw/L9v2jW1Y8VoAC0eCRWpHud\nGsMkN4GFOfQKoBI/aCXn4DM=\n-----END PRIVATE KEY-----\n"
cAPem := "-----BEGIN CERTIFICATE-----\nMIIE0zCCAzugAwIBAgIQB2bsiI7SUtxu+HwBxuNtpDANBgkqhkiG9w0BAQsFADCB\ngTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSswKQYDVQQLDCJzaW1v\nbm1pdHRhZ0B0cm9vcGVyIChTaW1vbiBNaXR0YWcpMTIwMAYDVQQDDClta2NlcnQg\nc2ltb25taXR0YWdAdHJvb3BlciAoU2ltb24gTWl0dGFnKTAeFw0yMDA1MDEyMTE2\nNDNaFw0zMDA1MDEyMTE2NDNaMIGBMR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1l\nbnQgQ0ExKzApBgNVBAsMInNpbW9ubWl0dGFnQHRyb29wZXIgKFNpbW9uIE1pdHRh\nZykxMjAwBgNVBAMMKW1rY2VydCBzaW1vbm1pdHRhZ0B0cm9vcGVyIChTaW1vbiBN\naXR0YWcpMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzivKfp5OiWpT\n362cVgbw9DBqwMP0pO32aP79Y4UYeAxCfaWQDdqQEatBdraShtZcvUX8vZ9jvgHE\noGMGSJb/DIVRxIDfhdvhh4qGQgbbSLwDkfLJTkpGMdONa/5yDC54fNZjF095YZn7\niPmsFbvYUfTwpM8qrP+jZzobByrTO4rG3Ps080gIR08RCA0E+uLg58rTpnsdBKZ0\nK2uuE4B4lVAs2AeS4KPMrH/rnCjSZz4KRwnaGqh+wiAjO0PHAfrbrhNsFB6P1/Zk\nCqzclj3TXdkMDaXhSvt0qJPEpNIPQMkvj9GROom7hExZUT7t7LPOZwODtiR2VjM3\nDDehfLqpNPRrxU3aOR7b4lFVtEL1+9NXKc3rnR5T2xPVVvBxx8FqYAxFmQtkGqpA\nYlRxImBONBreIr5/fdkr5xqd/S0s1pb8ubuK7x5COfqf0Mv++j+UjMptBQ3kYvOh\ntNrbnEI1q/7kvHNB8ETtJ4hqXikl9EHMYWdOo4nyGd4P8jo9jmGVAgMBAAGjRTBD\nMA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTD\nRHJaFeI4PnqJweaJrib0F4qokTANBgkqhkiG9w0BAQsFAAOCAYEAb+K3HO2AlDed\nS2yT7GnxD75Hcjnv1tMvMIlh1EOmRMHrzbsi7jv3Z7SDe2R5s1qRku3nxbVWj8i8\noRBi5GeRE+q/HkVloi4WPmgFGxUUbkWszAFSSGN5TAs72e5sCG/wMyEa0Gj8cOO1\ndK5SH3thP8+OjSpgQXToYfOimILlk7Hj7EgKE5Y8YX8UV+41LhGkzeK2UX9dBZn1\nof9qBc0dAQVlAA/O3dOgXorgiDbNT38cjignWEwVYzjeuJCYB91Ixf0CfHJZKHZR\nZCdIAHTJqW1tx7vsbrcl0PVAMgm+rkHLL0Dh9cp4fvONXWygVSjbqKM1s8UI9bFA\nbWU5Z3MhEn25wZCXLQDIq0uC+FwCxyS9e/exL4wmYpCLmRKVCp2gUa78Rlr/FJNa\nH9kfvP41Ya+fLzDWNKAlYQgizpZJmZuhPZu7O6n0UusaI+0WTKblCFUQJkx4aKEv\nio8QmLzoedmvVpO9Zp44Lyabmc7VnjoYTOcZczx4ECwEdKH/jswc\n-----END CERTIFICATE-----\n"
return mockTlsConfigWith(certPem, keyPem, "", cAPem)
}
func mockTlsConfigWith(certPem string, keyPem string, intercAPem string, rootcAPem string) (*tls.Config, error) {
mockRunner()
Runner.Connection.Downstream.Tls.Cert = certPem + intercAPem + rootcAPem
Runner.Connection.Downstream.Tls.Key = keyPem
Runner.Connection.Downstream.Tls.Port = 8443
return Runner.tlsConfig()
}