From 936e5d24160e0b770a7983111f00b1a7405ac304 Mon Sep 17 00:00:00 2001 From: Brennan Kinney <5098581+polarathene@users.noreply.github.com> Date: Thu, 4 Nov 2021 09:25:25 +1300 Subject: [PATCH] tests(chore): Adjust supported FQDNs in test certs + add wildcard and `acme.json` configs (#2284) These files will replace the existing `test/config/letsencrypt` content which has some random provisioned FQDN for letsencrypt that doesn't match the FQDN tested, `acme.json` files with FQDNs that don't match those certs FQDNs and changes to certs that won't expire until 2031. `test/config/letsencrypt` will be removed with the associated test update PR. The changes amount to: - Re-configuring the FQDN values that some certs were created for (_needed for flexibility in testing_). - Adding an `*.example.test` wildcard (_both RSA and ECDSA_). - Adding `acme.json` encoded versions (_traefik extraction support will use these instead_). - Updated / new internal docs for maintainers of this content. For more detailed information on those changes, please see the associated commit messages via the PR. --- test/test-files/ssl/example.test/README.md | 130 ++++++++++++++---- test/test-files/ssl/example.test/traefik.md | 26 ++++ .../with_ca/ecdsa/ca-cert.ecdsa.pem | 12 +- .../with_ca/ecdsa/ca-key.ecdsa.pem | 6 +- .../example.test/with_ca/ecdsa/cert.ecdsa.pem | 16 +-- .../example.test/with_ca/ecdsa/cert.rsa.pem | 29 ++-- .../with_ca/ecdsa/ecdsa.acme.json | 29 ++++ .../example.test/with_ca/ecdsa/key.ecdsa.pem | 6 +- .../example.test/with_ca/ecdsa/key.rsa.pem | 50 +++---- .../example.test/with_ca/ecdsa/rsa.acme.json | 29 ++++ .../with_ca/ecdsa/wildcard/cert.ecdsa.pem | 12 ++ .../with_ca/ecdsa/wildcard/ecdsa.acme.json | 29 ++++ .../with_ca/ecdsa/wildcard/key.ecdsa.pem | 5 + .../example.test/with_ca/rsa/ecdsa.acme.json | 29 ++++ .../example.test/with_ca/rsa/rsa.acme.json | 29 ++++ .../with_ca/rsa/wildcard/cert.rsa.pem | 20 +++ .../with_ca/rsa/wildcard/key.rsa.pem | 27 ++++ .../with_ca/rsa/wildcard/rsa.acme.json | 29 ++++ 18 files changed, 423 insertions(+), 90 deletions(-) create mode 100644 test/test-files/ssl/example.test/traefik.md create mode 100644 test/test-files/ssl/example.test/with_ca/ecdsa/ecdsa.acme.json create mode 100644 test/test-files/ssl/example.test/with_ca/ecdsa/rsa.acme.json create mode 100644 test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/cert.ecdsa.pem create mode 100644 test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/ecdsa.acme.json create mode 100644 test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/key.ecdsa.pem create mode 100644 test/test-files/ssl/example.test/with_ca/rsa/ecdsa.acme.json create mode 100644 test/test-files/ssl/example.test/with_ca/rsa/rsa.acme.json create mode 100644 test/test-files/ssl/example.test/with_ca/rsa/wildcard/cert.rsa.pem create mode 100644 test/test-files/ssl/example.test/with_ca/rsa/wildcard/key.rsa.pem create mode 100644 test/test-files/ssl/example.test/with_ca/rsa/wildcard/rsa.acme.json diff --git a/test/test-files/ssl/example.test/README.md b/test/test-files/ssl/example.test/README.md index 976ae2c2..274f6338 100644 --- a/test/test-files/ssl/example.test/README.md +++ b/test/test-files/ssl/example.test/README.md @@ -6,6 +6,8 @@ These certificates for usage with TLS have been generated via the [Smallstep `st `Certificate Details` sections are the output of: `step certificate inspect cert..pem`. +Each certificate except for the wildcard one, have the SANs(Subject Alternative Name) `example.test` and `mail.example.test`. + --- **RSA (2048-bit) - self-signed:** @@ -160,8 +162,6 @@ step certificate create "Smallstep Root CA" ca-cert.ecdsa.pem ca-key.ecdsa.pem \ --profile root-ca \ --not-before "2021-01-01T00:00:00+00:00" \ --not-after "2031-01-01T00:00:00+00:00" \ - --san "example.test" \ - --san "mail.example.test" \ --kty EC --crv P-256 ``` @@ -175,16 +175,17 @@ step certificate create "Smallstep Leaf" cert.ecdsa.pem key.ecdsa.pem \ --ca-key ca-key.ecdsa.pem \ --not-before "2021-01-01T00:00:00+00:00" \ --not-after "2031-01-01T00:00:00+00:00" \ - --san "example.test" \ --san "mail.example.test" \ --kty EC --crv P-256 ``` The Root CA certificate does not need to have the same key type as the Leaf certificate, you can mix and match if necessary (eg: an ECDSA and an RSA leaf certs with shared ECDSA Root CA cert). +Both FQDN continue to be assigned as SAN to certs in `with_ca/rsa/`, while certs in `with_ca/ecdsa/` are limited to `mail.example.test` for ECDSA, and `example.test` for RSA. This is to provide a bit more flexibility in test cases where specific FQDN support is required. +
-Certificate Details (signed by Root CA key): +Certificate Details (signed by Root CA ECDSA key): `step certificate inspect with_ca/ecdsa/cert.ecdsa.pem`: @@ -192,7 +193,7 @@ The Root CA certificate does not need to have the same key type as the Leaf cert Certificate: Data: Version: 3 (0x2) - Serial Number: 28540880372304824564361820670143583738 (0x1578c60b9eedca127fe041712f9d55fa) + Serial Number: 39948191589315458296429918694374173514 (0x1e0dbde943f3ab4144909744cd58eb4a) Signature Algorithm: ECDSA-SHA256 Issuer: CN=Smallstep Root CA Validity @@ -203,13 +204,13 @@ Certificate: Public Key Algorithm: ECDSA Public-Key: (256 bit) X: - b6:64:18:5f:f6:3f:b6:b1:da:09:00:27:e9:70:4e: - 8e:11:c4:58:8d:02:a2:46:f6:5b:d5:12:9b:ea:6a: - e4:39 + f4:5b:00:6a:6a:ca:1d:b8:15:80:81:d0:82:72:be: + af:3a:3c:5e:a7:9b:64:21:16:19:27:f3:75:0b:eb: + e0:fe Y: - 87:56:d8:43:6b:4d:5d:4a:44:73:d2:81:34:1d:cd: - de:53:ed:62:c4:61:76:c6:bf:96:0a:0a:8e:10:fa: - c2:63 + 47:6a:6c:9e:d7:da:80:0e:1b:09:76:45:fe:8b:fd: + 79:09:f7:08:22:1a:93:20:21:74:5e:78:91:53:45: + 9e:71 Curve: P-256 X509v3 extensions: X509v3 Key Usage: critical @@ -217,16 +218,16 @@ Certificate: X509v3 Extended Key Usage: Server Authentication, Client Authentication X509v3 Subject Key Identifier: - 48:C4:A2:B2:31:9B:9C:3D:4D:BD:58:45:60:F0:C6:16:EB:74:C0:3B + D8:BE:56:52:27:E7:90:B0:21:5B:5F:79:D8:F8:D4:85:57:F0:2B:BC X509v3 Authority Key Identifier: - keyid:3F:3D:65:1A:72:82:16:C6:20:E8:B6:FC:1B:2E:6D:A4:9C:2C:92:78 + keyid:DE:90:B3:B9:4D:C1:B3:EE:77:00:88:8B:69:EC:71:C4:30:F9:F6:7F X509v3 Subject Alternative Name: - DNS:example.test, DNS:mail.example.test + DNS:mail.example.test Signature Algorithm: ECDSA-SHA256 - 30:46:02:21:00:b6:dc:7d:ba:f6:d9:b1:3f:28:4d:6d:4c:a4: - e9:c5:24:80:d4:6c:a5:fc:9f:74:4e:9a:bb:5b:ca:8a:5e:dd: - 32:02:21:00:e2:c8:8b:1b:be:a2:f9:5f:cd:41:8c:0a:75:71: - ca:e9:be:65:d1:ca:5e:50:77:f7:8a:c0:f8:03:77:1b:53:0a + 30:46:02:21:00:ad:08:7b:f0:82:41:2e:0e:cd:2b:f7:95:fd: + ee:73:d9:93:8d:74:7c:ef:29:4d:d5:da:33:04:f0:b6:b1:6b: + 13:02:21:00:d7:f1:95:db:be:18:b8:db:77:b9:57:07:e6:b9: + 5a:3d:00:34:d3:f5:eb:18:67:9b:ba:bf:88:62:72:e9:c9:99 ```
@@ -240,7 +241,7 @@ Certificate: Certificate: Data: Version: 3 (0x2) - Serial Number: 83158808788179848488617675347018882219 (0x3e8fcdd2d80ab546924c05b4d9339cab) + Serial Number: 91810308658606804773211369549707991484 (0x451205b3271cead885a8ea9c5c21d9bc) Signature Algorithm: ECDSA-SHA256 Issuer: CN=Smallstep Root CA Validity @@ -251,13 +252,13 @@ Certificate: Public Key Algorithm: ECDSA Public-Key: (256 bit) X: - 76:30:c0:21:d2:6c:6b:ca:de:be:1d:c3:5c:67:08: - 93:bf:73:53:2a:23:5d:d8:06:2a:8b:09:bc:39:fd: - 0b:0d + cf:62:31:60:19:3d:72:78:60:59:1e:27:13:dd:cf: + d9:11:36:28:32:af:fa:28:e4:0e:6e:ab:4b:ad:a2: + 49:00 Y: - a7:74:1f:7c:b9:95:73:6c:ba:00:00:d7:52:06:0c: - e9:00:c8:aa:bb:e1:50:e7:ec:ff:bf:e5:30:bb:9b: - 18:07 + dc:6c:89:09:98:fa:f7:f2:8d:ed:50:53:db:cf:6d: + 4f:ce:9d:1a:61:97:c5:80:72:5e:26:34:4a:bb:cb: + 81:8c Curve: P-256 X509v3 extensions: X509v3 Key Usage: critical @@ -265,12 +266,81 @@ Certificate: X509v3 Basic Constraints: critical CA:TRUE, pathlen:1 X509v3 Subject Key Identifier: - 3F:3D:65:1A:72:82:16:C6:20:E8:B6:FC:1B:2E:6D:A4:9C:2C:92:78 + DE:90:B3:B9:4D:C1:B3:EE:77:00:88:8B:69:EC:71:C4:30:F9:F6:7F Signature Algorithm: ECDSA-SHA256 - 30:45:02:21:00:bf:d7:51:c7:7b:67:41:90:ac:c5:89:cd:04: - 60:7d:6b:da:8d:75:c2:c6:1c:18:93:82:79:96:35:19:a4:ea: - 2f:02:20:5a:bc:95:3b:de:f6:8b:00:fd:1a:69:81:57:b5:b6: - 91:0f:10:ef:2b:b2:39:83:c0:3c:a0:26:21:51:4b:40:3c + 30:44:02:20:3f:3b:90:e7:ca:82:70:8e:3f:2e:72:2a:b9:27: + 46:ac:e9:e2:4a:db:56:02:bc:a2:b2:99:e4:8d:10:7a:d5:73: + 02:20:72:25:64:b6:1c:aa:a6:c3:14:e1:66:35:bf:a1:db:90: + ea:49:59:f9:44:e8:63:de:a8:c0:bb:9b:21:08:59:87 +``` + + + + +**Wildcard Certificates:** + +This is for testing the wildcard SAN `*.example.test`. + +Both `with_ca/{ecdsa,rsa}/` directories contain a wildcard cert. The only difference is the Root CA cert used, and the entire chain being purely ECDSA or RSA type. + +```sh +# Run at `example.test/with_ca/ecdsa/`: +step certificate create "Smallstep Leaf" wildcard/cert.ecdsa.pem wildcard/key.ecdsa.pem \ + --no-password --insecure \ + --profile leaf \ + --ca ca-cert.ecdsa.pem \ + --ca-key ca-key.ecdsa.pem \ + --not-before "2021-01-01T00:00:00+00:00" \ + --not-after "2031-01-01T00:00:00+00:00" \ + --san "*.example.test" \ + --kty EC --crv P-256 +``` + + +
+Certificate Details (signed by Root CA ECDSA key): + +`step certificate inspect with_ca/ecdsa/wildcard/cert.ecdsa.pem`: + +``` +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15398717504679308720407721522825999382 (0xb95af63ae03a90f3bd5a6a740133416) + Signature Algorithm: ECDSA-SHA256 + Issuer: CN=Smallstep Root CA + Validity + Not Before: Jan 1 00:00:00 2021 UTC + Not After : Jan 1 00:00:00 2031 UTC + Subject: CN=Smallstep Leaf + Subject Public Key Info: + Public Key Algorithm: ECDSA + Public-Key: (256 bit) + X: + 2f:44:73:14:e4:e8:9a:88:a1:96:82:be:f3:e5:8b: + 94:a4:8a:ec:18:c1:73:86:cf:15:8a:e8:05:bd:46: + 71:cf + Y: + a1:bd:36:84:d0:b8:b3:15:f4:73:e2:53:87:0d:cd: + e8:a5:42:9a:94:91:d8:a3:d4:e1:d1:77:5a:cb:da: + 89:ea + Curve: P-256 + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature + X509v3 Extended Key Usage: + Server Authentication, Client Authentication + X509v3 Subject Key Identifier: + CA:A0:95:BE:58:73:6C:1D:EA:50:B8:BF:34:FF:D3:F1:63:33:1F:6F + X509v3 Authority Key Identifier: + keyid:DE:90:B3:B9:4D:C1:B3:EE:77:00:88:8B:69:EC:71:C4:30:F9:F6:7F + X509v3 Subject Alternative Name: + DNS:*.example.test + Signature Algorithm: ECDSA-SHA256 + 30:46:02:21:00:f2:50:c0:b5:c9:24:e5:e9:36:a6:7b:35:5d: + 38:a7:7d:81:af:02:fc:9d:fd:79:f4:2d:4c:8a:04:55:44:a8: + 3a:02:21:00:b1:2d:d2:25:18:2d:35:19:20:97:78:f1:d5:18: + 9f:11:d5:97:a9:dc:64:95:2a:6c:9d:4e:78:69:c1:92:23:23 ```
diff --git a/test/test-files/ssl/example.test/traefik.md b/test/test-files/ssl/example.test/traefik.md new file mode 100644 index 00000000..c4bc078f --- /dev/null +++ b/test/test-files/ssl/example.test/traefik.md @@ -0,0 +1,26 @@ +# Traefik `acme.json` test files + +Traefik encodes it's provisioned certificates into `acme.json` instead of separate files, but there is nothing special about the storage or content. + +Each `*.acme.json` file provides base64 encoded representations of their equivalent cert and key files at the same relative location. + +The only relevant content being tested from these `acme.json` files is in `le.Certificates`, everything else is only placeholder values. + +--- + +Certificates have been encoded into base64 for `acme.json` files from the `example.test/with_ca/{ecdsa,rsa}/` folders: + +- Those folders each provide a Root CA cert which functions similar to _Let's Encrypt_ role for verification of the chain of trust. All leaf certificates are signed by the Root CA key file located in these two folders. +- Leaf certificates are the kind you'd get provisioned normally via a service like _Let's Encrypt_ to use with your own server. These are available in both ECDSA and RSA, where those in `with_ca/rsa/` are valid for both FQDNs `mail.example.test` and `example.test` as SANs; but those in `with_ca/ecdsa/` are restricted to one FQDN. +- Each `acme.json` file lists the supported FQDNs in the `sans` field. Presently `main` is always `Smallstep Leaf`, which is associated to the certificate "Subject CN", which was often used for an FQDN in the past prior to SAN support. `main` can still provide a valid FQDN, but none of the test `acme.json` have a matching cert to test against. +- There is also two wildcard configs, where the only difference is a pure ECDSA or RSA chain for `*.example.test`.These are valid for subdomains of `example.test` such as: `mail.example.test`, but not `example.test` itself. + +--- + +Encode and decode certs easily via the [`step base64`](https://smallstep.com/docs/step-cli/reference/base64) command: + +- Decode: `echo 'YmFzZTY0IGVuY29kZWQgc3RyaW5nCg==' | step base64 -d` + Optionally write the output to a file: `> example.test/with_ca/ecdsa/cert.rsa.pem` +- Encode: `cat example.test/with_ca/ecdsa/cert.rsa.pem | step base64` +- Inspect the PEM encoded data: `step certificate inspect example.test/with_ca/ecdsa/cert.rsa.pem` + Note: `step certificate inspect` will only work with valid PEM encoded files, not the example base64 value to decode here. diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/ca-cert.ecdsa.pem b/test/test-files/ssl/example.test/with_ca/ecdsa/ca-cert.ecdsa.pem index 57097e5b..e64f1ec6 100644 --- a/test/test-files/ssl/example.test/with_ca/ecdsa/ca-cert.ecdsa.pem +++ b/test/test-files/ssl/example.test/with_ca/ecdsa/ca-cert.ecdsa.pem @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBezCCASGgAwIBAgIQPo/N0tgKtUaSTAW02TOcqzAKBggqhkjOPQQDAjAcMRow +MIIBejCCASGgAwIBAgIQRRIFsycc6tiFqOqcXCHZvDAKBggqhkjOPQQDAjAcMRow GAYDVQQDExFTbWFsbHN0ZXAgUm9vdCBDQTAeFw0yMTAxMDEwMDAwMDBaFw0zMTAx MDEwMDAwMDBaMBwxGjAYBgNVBAMTEVNtYWxsc3RlcCBSb290IENBMFkwEwYHKoZI -zj0CAQYIKoZIzj0DAQcDQgAEdjDAIdJsa8revh3DXGcIk79zUyojXdgGKosJvDn9 -Cw2ndB98uZVzbLoAANdSBgzpAMiqu+FQ5+z/v+Uwu5sYB6NFMEMwDgYDVR0PAQH/ -BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFD89ZRpyghbGIOi2 -/BsubaScLJJ4MAoGCCqGSM49BAMCA0gAMEUCIQC/11HHe2dBkKzFic0EYH1r2o11 -wsYcGJOCeZY1GaTqLwIgWryVO972iwD9GmmBV7W2kQ8Q7yuyOYPAPKAmIVFLQDw= +zj0CAQYIKoZIzj0DAQcDQgAEz2IxYBk9cnhgWR4nE93P2RE2KDKv+ijkDm6rS62i +SQDcbIkJmPr38o3tUFPbz21Pzp0aYZfFgHJeJjRKu8uBjKNFMEMwDgYDVR0PAQH/ +BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFN6Qs7lNwbPudwCI +i2nsccQw+fZ/MAoGCCqGSM49BAMCA0cAMEQCID87kOfKgnCOPy5yKrknRqzp4krb +VgK8orKZ5I0QetVzAiByJWS2HKqmwxThZjW/oduQ6klZ+UToY96owLubIQhZhw== -----END CERTIFICATE----- diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/ca-key.ecdsa.pem b/test/test-files/ssl/example.test/with_ca/ecdsa/ca-key.ecdsa.pem index 2bbd51b1..524c8991 100644 --- a/test/test-files/ssl/example.test/with_ca/ecdsa/ca-key.ecdsa.pem +++ b/test/test-files/ssl/example.test/with_ca/ecdsa/ca-key.ecdsa.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEICSObYiRorZzuZW+17D/FqsDztCiw0bnS0NPG1MaXh7moAoGCCqGSM49 -AwEHoUQDQgAEdjDAIdJsa8revh3DXGcIk79zUyojXdgGKosJvDn9Cw2ndB98uZVz -bLoAANdSBgzpAMiqu+FQ5+z/v+Uwu5sYBw== +MHcCAQEEIJH8zwg9RIU/CowHtUHTDPe19w740Mqh+BYcFCoqAO4noAoGCCqGSM49 +AwEHoUQDQgAEz2IxYBk9cnhgWR4nE93P2RE2KDKv+ijkDm6rS62iSQDcbIkJmPr3 +8o3tUFPbz21Pzp0aYZfFgHJeJjRKu8uBjA== -----END EC PRIVATE KEY----- diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/cert.ecdsa.pem b/test/test-files/ssl/example.test/with_ca/ecdsa/cert.ecdsa.pem index 3d209924..4c387a0d 100644 --- a/test/test-files/ssl/example.test/with_ca/ecdsa/cert.ecdsa.pem +++ b/test/test-files/ssl/example.test/with_ca/ecdsa/cert.ecdsa.pem @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIB0zCCAXigAwIBAgIQFXjGC57tyhJ/4EFxL51V+jAKBggqhkjOPQQDAjAcMRow +MIIBxTCCAWqgAwIBAgIQHg296UPzq0FEkJdEzVjrSjAKBggqhkjOPQQDAjAcMRow GAYDVQQDExFTbWFsbHN0ZXAgUm9vdCBDQTAeFw0yMTAxMDEwMDAwMDBaFw0zMTAx MDEwMDAwMDBaMBkxFzAVBgNVBAMTDlNtYWxsc3RlcCBMZWFmMFkwEwYHKoZIzj0C -AQYIKoZIzj0DAQcDQgAEtmQYX/Y/trHaCQAn6XBOjhHEWI0Cokb2W9USm+pq5DmH -VthDa01dSkRz0oE0Hc3eU+1ixGF2xr+WCgqOEPrCY6OBnjCBmzAOBgNVHQ8BAf8E -BAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBRI -xKKyMZucPU29WEVg8MYW63TAOzAfBgNVHSMEGDAWgBQ/PWUacoIWxiDotvwbLm2k -nCySeDAqBgNVHREEIzAhggxleGFtcGxlLnRlc3SCEW1haWwuZXhhbXBsZS50ZXN0 -MAoGCCqGSM49BAMCA0kAMEYCIQC23H269tmxPyhNbUyk6cUkgNRspfyfdE6au1vK -il7dMgIhAOLIixu+ovlfzUGMCnVxyum+ZdHKXlB394rA+AN3G1MK +AQYIKoZIzj0DAQcDQgAE9FsAamrKHbgVgIHQgnK+rzo8XqebZCEWGSfzdQvr4P5H +amye19qADhsJdkX+i/15CfcIIhqTICF0XniRU0WecaOBkDCBjTAOBgNVHQ8BAf8E +BAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTY +vlZSJ+eQsCFbX3nY+NSFV/ArvDAfBgNVHSMEGDAWgBTekLO5TcGz7ncAiItp7HHE +MPn2fzAcBgNVHREEFTATghFtYWlsLmV4YW1wbGUudGVzdDAKBggqhkjOPQQDAgNJ +ADBGAiEArQh78IJBLg7NK/eV/e5z2ZONdHzvKU3V2jME8LaxaxMCIQDX8ZXbvhi4 +23e5VwfmuVo9ADTT9esYZ5u6v4hicunJmQ== -----END CERTIFICATE----- diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/cert.rsa.pem b/test/test-files/ssl/example.test/with_ca/ecdsa/cert.rsa.pem index 0a1bd9c2..796b2627 100644 --- a/test/test-files/ssl/example.test/with_ca/ecdsa/cert.rsa.pem +++ b/test/test-files/ssl/example.test/with_ca/ecdsa/cert.rsa.pem @@ -1,17 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICnTCCAkOgAwIBAgIQa9dHWr1hoQZ5sVU5yjIGlDAKBggqhkjOPQQDAjAcMRow -GAYDVQQDExFTbWFsbHN0ZXAgUm9vdCBDQTAeFw0yMTAxMDEwMDAwMDBaFw0zMTAx -MDEwMDAwMDBaMBkxFzAVBgNVBAMTDlNtYWxsc3RlcCBMZWFmMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraT2GdokyQRFFESQ0tQtS+lq952GoUqEhKwv -O4NIsYHtfhboUbWdjUQcI9reiBVeiv0o/BmwCZUm31dqT0tb1fF1GvEkapZufCy8 -EXe84TYeJGtek34tTWd9uxAYpSI8igVfvlrGKMPzphQlgSXoH7lyrFBjzzBv96il -9PzH7iEoYzlwBx3pHIHLeyivzFEnyvVUlKDNyaQkwroVt6/8CyAfzn46mvujutEh -owFJGgQxnbiloqJmk+BYHKw9BepbUsqB1xIv5ASUlPZSgBjR59/SfJCTV2TFsF9Q -B+L0Ev2X6Vv9va5Hlj2FszHraxV82R/vJ90pMxVfffHloe3qTwIDAQABo4GeMIGb -MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw -HQYDVR0OBBYEFFOlJeT6UG8UCSlh2f5mWlaIkPymMB8GA1UdIwQYMBaAFD89ZRpy -ghbGIOi2/BsubaScLJJ4MCoGA1UdEQQjMCGCDGV4YW1wbGUudGVzdIIRbWFpbC5l -eGFtcGxlLnRlc3QwCgYIKoZIzj0EAwIDSAAwRQIhALcFzitAGXHJ+Dnv0z8vMWMw -iW09cFkrE6nkDtKWwNhIAiBUQ3buC5dZz7UNES/54OAeMGTagjqOIyZLF0QE7ls+ -dQ== +MIICijCCAjGgAwIBAgIRAPXENYk0OaCer/5wnuExtNswCgYIKoZIzj0EAwIwHDEa +MBgGA1UEAxMRU21hbGxzdGVwIFJvb3QgQ0EwHhcNMjEwMTAxMDAwMDAwWhcNMzEw +MTAxMDAwMDAwWjAZMRcwFQYDVQQDEw5TbWFsbHN0ZXAgTGVhZjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALGRqdTJ6GR1hePrBW64R0fuZLxBiIKtTnUG +7UKl8WhQuBUrvd9EZpXXft9uZ/QIZkcxoehzGYuysKISmWlQ6jDfglKNgb/BFC9Z +BEflldcLPqGcROVsNz8hT3u0ALxABNASoyzv4b+Ml4vvoFCztaWb6KzkAdsWljmN +9o8GVil71vlI8FuPO/y+6EPpQkWvDPtMCecivBAJrzXsKL6ZlHTBQCoXCh8jsv6v +d+JkzR7IAnJ+c54kRkxuH9XDygVYmZhIJtFNeMc5v2iWBiXcLPdO4OIIBskZFK/9 +36WizsrPfq2XPK87bhwcQRBNiu+Qgpqg+9js0MTI7rBQtOf63fsCAwEAAaOBizCB +iDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC +MB0GA1UdDgQWBBQ8autoXwYktv9eakYZBjHpMn13bzAfBgNVHSMEGDAWgBTekLO5 +TcGz7ncAiItp7HHEMPn2fzAXBgNVHREEEDAOggxleGFtcGxlLnRlc3QwCgYIKoZI +zj0EAwIDRwAwRAIgPmKrjFMwmanoAavvmWzPDhyGl/wF/YIH4f95n4tSzroCIDW0 +KQ9KnNpcqGcr70qOFxtaGZ/cDGf9BwzoWT7fS/8r -----END CERTIFICATE----- diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/ecdsa.acme.json b/test/test-files/ssl/example.test/with_ca/ecdsa/ecdsa.acme.json new file mode 100644 index 00000000..93a7aa3c --- /dev/null +++ b/test/test-files/ssl/example.test/with_ca/ecdsa/ecdsa.acme.json @@ -0,0 +1,29 @@ +{ + "le": { + "Account": { + "Email": "acme@example.test", + "Registration": { + "body": { + "status": "valid", + "contact": [ + "mailto:acme@example.test" + ] + }, + "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789" + }, + "PrivateKey": "x", + "KeyType": "EC256" + }, + "Certificates": [ + { + "domain": { + "main": "Smallstep Leaf", + "sans": ["mail.example.test"] + }, + "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJ4VENDQVdxZ0F3SUJBZ0lRSGcyOTZVUHpxMEZFa0pkRXpWanJTakFLQmdncWhrak9QUVFEQWpBY01Sb3cKR0FZRFZRUURFeEZUYldGc2JITjBaWEFnVW05dmRDQkRRVEFlRncweU1UQXhNREV3TURBd01EQmFGdzB6TVRBeApNREV3TURBd01EQmFNQmt4RnpBVkJnTlZCQU1URGxOdFlXeHNjM1JsY0NCTVpXRm1NRmt3RXdZSEtvWkl6ajBDCkFRWUlLb1pJemowREFRY0RRZ0FFOUZzQWFtcktIYmdWZ0lIUWduSytyem84WHFlYlpDRVdHU2Z6ZFF2cjRQNUgKYW15ZTE5cUFEaHNKZGtYK2kvMTVDZmNJSWhxVElDRjBYbmlSVTBXZWNhT0JrRENCalRBT0JnTlZIUThCQWY4RQpCQU1DQjRBd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQjBHQTFVZERnUVdCQlRZCnZsWlNKK2VRc0NGYlgzblkrTlNGVi9BcnZEQWZCZ05WSFNNRUdEQVdnQlRla0xPNVRjR3o3bmNBaUl0cDdISEUKTVBuMmZ6QWNCZ05WSFJFRUZUQVRnaEZ0WVdsc0xtVjRZVzF3YkdVdWRHVnpkREFLQmdncWhrak9QUVFEQWdOSgpBREJHQWlFQXJRaDc4SUpCTGc3TksvZVYvZTV6MlpPTmRIenZLVTNWMmpNRThMYXhheE1DSVFEWDhaWGJ2aGk0CjIzZTVWd2ZtdVZvOUFEVFQ5ZXNZWjV1NnY0aGljdW5KbVE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==", + "key": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU1sOWx2c2lTV1VxQ1ErY3ZYZGlNQXBmVmhRL1hIOHp1aU5oRkQzSmJHdjlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFOUZzQWFtcktIYmdWZ0lIUWduSytyem84WHFlYlpDRVdHU2Z6ZFF2cjRQNUhhbXllMTlxQQpEaHNKZGtYK2kvMTVDZmNJSWhxVElDRjBYbmlSVTBXZWNRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=", + "Store": "default" + } + ] + } + } diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/key.ecdsa.pem b/test/test-files/ssl/example.test/with_ca/ecdsa/key.ecdsa.pem index b667fce1..85960121 100644 --- a/test/test-files/ssl/example.test/with_ca/ecdsa/key.ecdsa.pem +++ b/test/test-files/ssl/example.test/with_ca/ecdsa/key.ecdsa.pem @@ -1,5 +1,5 @@ -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIH8zQfeaX0H1KEwQi4NdV5Az1TsQL6HfipqhObBEBQJuoAoGCCqGSM49 -AwEHoUQDQgAEtmQYX/Y/trHaCQAn6XBOjhHEWI0Cokb2W9USm+pq5DmHVthDa01d -SkRz0oE0Hc3eU+1ixGF2xr+WCgqOEPrCYw== +MHcCAQEEIMl9lvsiSWUqCQ+cvXdiMApfVhQ/XH8zuiNhFD3JbGv9oAoGCCqGSM49 +AwEHoUQDQgAE9FsAamrKHbgVgIHQgnK+rzo8XqebZCEWGSfzdQvr4P5Hamye19qA +DhsJdkX+i/15CfcIIhqTICF0XniRU0WecQ== -----END EC PRIVATE KEY----- diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/key.rsa.pem b/test/test-files/ssl/example.test/with_ca/ecdsa/key.rsa.pem index 0be40046..5454fe09 100644 --- a/test/test-files/ssl/example.test/with_ca/ecdsa/key.rsa.pem +++ b/test/test-files/ssl/example.test/with_ca/ecdsa/key.rsa.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAraT2GdokyQRFFESQ0tQtS+lq952GoUqEhKwvO4NIsYHtfhbo -UbWdjUQcI9reiBVeiv0o/BmwCZUm31dqT0tb1fF1GvEkapZufCy8EXe84TYeJGte -k34tTWd9uxAYpSI8igVfvlrGKMPzphQlgSXoH7lyrFBjzzBv96il9PzH7iEoYzlw -Bx3pHIHLeyivzFEnyvVUlKDNyaQkwroVt6/8CyAfzn46mvujutEhowFJGgQxnbil -oqJmk+BYHKw9BepbUsqB1xIv5ASUlPZSgBjR59/SfJCTV2TFsF9QB+L0Ev2X6Vv9 -va5Hlj2FszHraxV82R/vJ90pMxVfffHloe3qTwIDAQABAoIBAQClg0uhMLFHee5u -dzyj+OKELSVsiJY/P0w5OfZ7f5PWvsWlHiirWbWnZXh9JK5ggB3x1YUvZzzIpYa7 -9BK9KlOLBfBdkeToRCNj8TACZmN/N5pblIw9glOkKDVMDPewz4Vs+dpdEyE20jB3 -6VQmWf973cRUQvwgDUdshTBK6HeZnid0SoRNSDA5ygYNU/q6LLaEWdingHw7A3GP -kwJSgB9ZCYGubgwwu+XCpAdEcX/sc24JDyLFyrp9ei/Qs2IkIAQfLoCmn2gNsD2P -77HfhkOg43bSiRBqxxfdbF+Vzta0jse8AzFY3SCsVF59skviKgmPOt55sVUhjQQc -6jzz0CShAoGBANO2bgaEbjO6mL1ye2Dh6acx9DT0N6XeQSTTkllfp4/De8vnTlqL -z4hChjLN7pO1Nb9svytCFhE7YoFmm9PsKkuMjs/YnsFpZC9fi8uZ3WU3Koml3sZ8 -askwQ2dBryVnYeOtnLKT4drDHwL7302AOzZz2pZ/PUKmQhTi/QBrhEg1AoGBANH3 -6a+8gBUbHmmnVKQ+4GjoA6TTXrtBoODwsZq3hmQUMvaU2WDTlej0XAGIuwYvEycc -tW8UOBNIkl+CoMh5OiJ/bHaduBrOyKytw5Ahp2vO/RWarrTTJJiBNNJS+GYwDXuB -F2ndseVaGzRFIU1Um8WcnB7jvIKYB2mUOeIfU+DzAoGBAKk1uaKD3gCCNunTwkCg -zzrOdjyMpJ1xked5IhNEnIwO1bcW3E0KSYjCgrfAV9q+joK8y94rJ7AGIqkB9bHf -o75WTR5aKCi1r1kdqIHGLGllOh5h8Df74O2EIZs5qF7gziBG9mLUR0Oth+++l689 -uhW/awm2EKRgdZh0A3p+dG+xAoGBALeGLODpLz7DdGK+2nGxb67iVQUFp4CfTYIv -f92O2k2xhhYXZqWGazqyE5VXsLkn/mKqaj+L+bOJND99SxHPPCwZGnHXS6tK4QZl -31CkydSmmHoAuQHep9cQ4F2SHgIbsD0qSY/EMhEZIDwgzInuETW5vJAXWJcBUUFM -SQfHgCZXAoGAKS4/ak3IDP4PwyAc0KvN2J7S7EyVpgjNGzCkznTFoaNbYj0w/dwA -9Y13LguGDxn1CcdHqwBMzgjJK+DCmoF9wSQxux5tClzMr24oN+XOn0xiM3ppTXzQ -DfB0x3N8z6/KnqA4xrc6mSlZiMb9Xcn2E0HdO4iaTjNiL5tzwU7IxNc= +MIIEogIBAAKCAQEAsZGp1MnoZHWF4+sFbrhHR+5kvEGIgq1OdQbtQqXxaFC4FSu9 +30Rmldd+325n9AhmRzGh6HMZi7KwohKZaVDqMN+CUo2Bv8EUL1kER+WV1ws+oZxE +5Ww3PyFPe7QAvEAE0BKjLO/hv4yXi++gULO1pZvorOQB2xaWOY32jwZWKXvW+Ujw +W487/L7oQ+lCRa8M+0wJ5yK8EAmvNewovpmUdMFAKhcKHyOy/q934mTNHsgCcn5z +niRGTG4f1cPKBViZmEgm0U14xzm/aJYGJdws907g4ggGyRkUr/3fpaLOys9+rZc8 +rztuHBxBEE2K75CCmqD72OzQxMjusFC05/rd+wIDAQABAoIBAGCx2bGuYYaTGN4M +VWD9qJNbFjAN37CJf3fq1bi9dMBBdHzS3Qp/zP075DL3hFQ3XrrWJDzYsMiJ/fXD ++xaGoYELtYQO2uD4220NJG+ibf40eV64IixsyYjvMsFCPERG+Ff2TjViS6RrgvsI ++lv4AKq2Q/YiE4CixBuDWwh3guQDS8wifWk6vwcDI3ANmpr0vDVYXjEY7kxBspZw +XG5TtretBHIHQGFbBVbS/l0ofVlbnQh7yLn6AxUZcVWHiTchtQx1tL95QU/H3oMn +iL3mMLASWvw/rLjWCLDDy4uOj8UWfiVqqPxxFcoyqy4BKul5gtyblB9L/5A5I5i0 +feFW1gECgYEA18FhCYlbv7woet9kOz4zY2+wCPe5lzuIp1t/jfwAfrtvz7/TVUtv +mAYDDVfOZvZXmRK1nx9Ev+M2Ob71sDsRXc8zJkffz42eKSaSRBE29TUzl7Oyond0 +YMjzXerXKFJwvIcnZychCux/dJWuMPNwbvK98XnQvnRFtRyZob2aVmECgYEA0rDU +uTrQqhdeZpkipfwuxU4sXK9ubYBRhe4HeCponVxTXFY1zTY2GDQfjZpvL69nle8S +cqsKeJZZTw5OQNKFWlP+ji+wzBvCKalS7FXYA8ddQhM6adMHkXq4le8sjUBfp0Pt +dssdhxYShEhDeDVdcu4yOnDIo9+DmWYXqoIzmdsCgYBI8zKrNc1W2/jX6taKDXL0 +qRvdPF19G/0NkStkx5MnRpr8pICBM3ts7IN1rH22ZI6jzCaqwbjOJLX9+mo6Bw7N +KDTEOcMb+2dBxK/p4eQyLqXeIj1BH6Cy5N8cnz3WfWFu7UfOYfWTKvnBYqa+GGGo +sdy1XBnPe6LiJORxQpl/oQKBgDyZg/XrBs2Ffy9/aEnZqRIzE+tswhRYzhn5hsh3 +WjO4tHlgioUFzLVVeKXf/471opOreeDldVON2w40DSnz40tB0XvQF8f9S/FztFgp +sMIVe6tfoHODsS+U3raxXl0aYOjZTtnWPh32qUjHCDDxGHnQLT5F5k/MICvlA3WV +kYX1AoGAcdctwNK1hzZNtZwmkAKtmizRGAI4Hq4tRoBqSvrCz59BCY1/VnYZYWTz +/6E/fQuzv7/7auiUy2HM0QHjzKjNzZDshM2DegPR5C6kn/LsDwYz9u5Tq7huk8L3 +5HpxnIhEoy4mQydLuXEu4ZNGprME1giiCG2tTH3o1CjsmuVAnuQ= -----END RSA PRIVATE KEY----- diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/rsa.acme.json b/test/test-files/ssl/example.test/with_ca/ecdsa/rsa.acme.json new file mode 100644 index 00000000..03a7cc14 --- /dev/null +++ b/test/test-files/ssl/example.test/with_ca/ecdsa/rsa.acme.json @@ -0,0 +1,29 @@ +{ + "le": { + "Account": { + "Email": "acme@example.test", + "Registration": { + "body": { + "status": "valid", + "contact": [ + "mailto:acme@example.test" + ] + }, + "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789" + }, + "PrivateKey": "x", + "KeyType": "RSA2048" + }, + "Certificates": [ + { + "domain": { + "main": "Smallstep Leaf", + "sans": ["example.test"] + }, + "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNpakNDQWpHZ0F3SUJBZ0lSQVBYRU5ZazBPYUNlci81d251RXh0TnN3Q2dZSUtvWkl6ajBFQXdJd0hERWEKTUJnR0ExVUVBeE1SVTIxaGJHeHpkR1Z3SUZKdmIzUWdRMEV3SGhjTk1qRXdNVEF4TURBd01EQXdXaGNOTXpFdwpNVEF4TURBd01EQXdXakFaTVJjd0ZRWURWUVFERXc1VGJXRnNiSE4wWlhBZ1RHVmhaakNDQVNJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTEdScWRUSjZHUjFoZVByQlc2NFIwZnVaTHhCaUlLdFRuVUcKN1VLbDhXaFF1QlVydmQ5RVpwWFhmdDl1Wi9RSVprY3hvZWh6R1l1eXNLSVNtV2xRNmpEZmdsS05nYi9CRkM5WgpCRWZsbGRjTFBxR2NST1ZzTno4aFQzdTBBTHhBQk5BU295enY0YitNbDR2dm9GQ3p0YVdiNkt6a0Fkc1dsam1OCjlvOEdWaWw3MXZsSThGdVBPL3krNkVQcFFrV3ZEUHRNQ2VjaXZCQUpyelhzS0w2WmxIVEJRQ29YQ2g4anN2NnYKZCtKa3pSN0lBbkorYzU0a1JreHVIOVhEeWdWWW1aaElKdEZOZU1jNXYyaVdCaVhjTFBkTzRPSUlCc2taRksvOQozNldpenNyUGZxMlhQSzg3Ymh3Y1FSQk5pdStRZ3BxZys5anMwTVRJN3JCUXRPZjYzZnNDQXdFQUFhT0JpekNCCmlEQU9CZ05WSFE4QkFmOEVCQU1DQjRBd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUMKTUIwR0ExVWREZ1FXQkJROGF1dG9Yd1lrdHY5ZWFrWVpCakhwTW4xM2J6QWZCZ05WSFNNRUdEQVdnQlRla0xPNQpUY0d6N25jQWlJdHA3SEhFTVBuMmZ6QVhCZ05WSFJFRUVEQU9nZ3hsZUdGdGNHeGxMblJsYzNRd0NnWUlLb1pJCnpqMEVBd0lEUndBd1JBSWdQbUtyakZNd21hbm9BYXZ2bVd6UERoeUdsL3dGL1lJSDRmOTVuNHRTenJvQ0lEVzAKS1E5S25OcGNxR2NyNzBxT0Z4dGFHWi9jREdmOUJ3em9XVDdmUy84cgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==", + "key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBc1pHcDFNbm9aSFdGNCtzRmJyaEhSKzVrdkVHSWdxMU9kUWJ0UXFYeGFGQzRGU3U5CjMwUm1sZGQrMzI1bjlBaG1SekdoNkhNWmk3S3dvaEtaYVZEcU1OK0NVbzJCdjhFVUwxa0VSK1dWMXdzK29aeEUKNVd3M1B5RlBlN1FBdkVBRTBCS2pMTy9odjR5WGkrK2dVTE8xcFp2b3JPUUIyeGFXT1kzMmp3WldLWHZXK1VqdwpXNDg3L0w3b1ErbENSYThNKzB3SjV5SzhFQW12TmV3b3ZwbVVkTUZBS2hjS0h5T3kvcTkzNG1UTkhzZ0NjbjV6Cm5pUkdURzRmMWNQS0JWaVptRWdtMFUxNHh6bS9hSllHSmR3czkwN2c0Z2dHeVJrVXIvM2ZwYUxPeXM5K3JaYzgKcnp0dUhCeEJFRTJLNzVDQ21xRDcyT3pReE1qdXNGQzA1L3JkK3dJREFRQUJBb0lCQUdDeDJiR3VZWWFUR040TQpWV0Q5cUpOYkZqQU4zN0NKZjNmcTFiaTlkTUJCZEh6UzNRcC96UDA3NURMM2hGUTNYcnJXSkR6WXNNaUovZlhECit4YUdvWUVMdFlRTzJ1RDQyMjBOSkcraWJmNDBlVjY0SWl4c3lZanZNc0ZDUEVSRytGZjJUalZpUzZScmd2c0kKK2x2NEFLcTJRL1lpRTRDaXhCdURXd2gzZ3VRRFM4d2lmV2s2dndjREkzQU5tcHIwdkRWWVhqRVk3a3hCc3BadwpYRzVUdHJldEJISUhRR0ZiQlZiUy9sMG9mVmxiblFoN3lMbjZBeFVaY1ZXSGlUY2h0UXgxdEw5NVFVL0gzb01uCmlMM21NTEFTV3Z3L3JMaldDTEREeTR1T2o4VVdmaVZxcVB4eEZjb3lxeTRCS3VsNWd0eWJsQjlMLzVBNUk1aTAKZmVGVzFnRUNnWUVBMThGaENZbGJ2N3dvZXQ5a096NHpZMit3Q1BlNWx6dUlwMXQvamZ3QWZydHZ6Ny9UVlV0dgptQVlERFZmT1p2WlhtUksxbng5RXYrTTJPYjcxc0RzUlhjOHpKa2ZmejQyZUtTYVNSQkUyOVRVemw3T3lvbmQwCllNanpYZXJYS0ZKd3ZJY25aeWNoQ3V4L2RKV3VNUE53YnZLOThYblF2blJGdFJ5Wm9iMmFWbUVDZ1lFQTByRFUKdVRyUXFoZGVacGtpcGZ3dXhVNHNYSzl1YllCUmhlNEhlQ3BvblZ4VFhGWTF6VFkyR0RRZmpacHZMNjlubGU4UwpjcXNLZUpaWlR3NU9RTktGV2xQK2ppK3d6QnZDS2FsUzdGWFlBOGRkUWhNNmFkTUhrWHE0bGU4c2pVQmZwMFB0CmRzc2RoeFlTaEVoRGVEVmRjdTR5T25ESW85K0RtV1lYcW9Jem1kc0NnWUJJOHpLck5jMVcyL2pYNnRhS0RYTDAKcVJ2ZFBGMTlHLzBOa1N0a3g1TW5ScHI4cElDQk0zdHM3SU4xckgyMlpJNmp6Q2Fxd2JqT0pMWDkrbW82Qnc3TgpLRFRFT2NNYisyZEJ4Sy9wNGVReUxxWGVJajFCSDZDeTVOOGNuejNXZldGdTdVZk9ZZldUS3ZuQllxYStHR0dvCnNkeTFYQm5QZTZMaUpPUnhRcGwvb1FLQmdEeVpnL1hyQnMyRmZ5OS9hRW5acVJJekUrdHN3aFJZemhuNWhzaDMKV2pPNHRIbGdpb1VGekxWVmVLWGYvNDcxb3BPcmVlRGxkVk9OMnc0MERTbno0MHRCMFh2UUY4ZjlTL0Z6dEZncApzTUlWZTZ0Zm9IT0RzUytVM3JheFhsMGFZT2paVHRuV1BoMzJxVWpIQ0REeEdIblFMVDVGNWsvTUlDdmxBM1dWCmtZWDFBb0dBY2RjdHdOSzFoelpOdFp3bWtBS3RtaXpSR0FJNEhxNHRSb0JxU3ZyQ3o1OUJDWTEvVm5ZWllXVHoKLzZFL2ZRdXp2Ny83YXVpVXkySE0wUUhqektqTnpaRHNoTTJEZWdQUjVDNmtuL0xzRHdZejl1NVRxN2h1azhMMwo1SHB4bkloRW95NG1ReWRMdVhFdTRaTkdwck1FMWdpaUNHMnRUSDNvMUNqc211VkFudVE9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==", + "Store": "default" + } + ] + } + } diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/cert.ecdsa.pem b/test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/cert.ecdsa.pem new file mode 100644 index 00000000..53fa70fa --- /dev/null +++ b/test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/cert.ecdsa.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBwjCCAWegAwIBAgIQC5WvY64DqQ871aanQBM0FjAKBggqhkjOPQQDAjAcMRow +GAYDVQQDExFTbWFsbHN0ZXAgUm9vdCBDQTAeFw0yMTAxMDEwMDAwMDBaFw0zMTAx +MDEwMDAwMDBaMBkxFzAVBgNVBAMTDlNtYWxsc3RlcCBMZWFmMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEL0RzFOTomoihloK+8+WLlKSK7BjBc4bPFYroBb1Gcc+h +vTaE0LizFfRz4lOHDc3opUKalJHYo9Th0Xday9qJ6qOBjTCBijAOBgNVHQ8BAf8E +BAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTK +oJW+WHNsHepQuL80/9PxYzMfbzAfBgNVHSMEGDAWgBTekLO5TcGz7ncAiItp7HHE +MPn2fzAZBgNVHREEEjAQgg4qLmV4YW1wbGUudGVzdDAKBggqhkjOPQQDAgNJADBG +AiEA8lDAtckk5ek2pns1XTinfYGvAvyd/Xn0LUyKBFVEqDoCIQCxLdIlGC01GSCX +ePHVGJ8R1Zep3GSVKmydTnhpwZIjIw== +-----END CERTIFICATE----- diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/ecdsa.acme.json b/test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/ecdsa.acme.json new file mode 100644 index 00000000..43e9d40e --- /dev/null +++ b/test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/ecdsa.acme.json @@ -0,0 +1,29 @@ +{ + "le": { + "Account": { + "Email": "acme@example.test", + "Registration": { + "body": { + "status": "valid", + "contact": [ + "mailto:acme@example.test" + ] + }, + "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789" + }, + "PrivateKey": "x", + "KeyType": "EC256" + }, + "Certificates": [ + { + "domain": { + "main": "Smallstep Leaf", + "sans": ["*.example.test"] + }, + "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJ3akNDQVdlZ0F3SUJBZ0lRQzVXdlk2NERxUTg3MWFhblFCTTBGakFLQmdncWhrak9QUVFEQWpBY01Sb3cKR0FZRFZRUURFeEZUYldGc2JITjBaWEFnVW05dmRDQkRRVEFlRncweU1UQXhNREV3TURBd01EQmFGdzB6TVRBeApNREV3TURBd01EQmFNQmt4RnpBVkJnTlZCQU1URGxOdFlXeHNjM1JsY0NCTVpXRm1NRmt3RXdZSEtvWkl6ajBDCkFRWUlLb1pJemowREFRY0RRZ0FFTDBSekZPVG9tb2lobG9LKzgrV0xsS1NLN0JqQmM0YlBGWXJvQmIxR2NjK2gKdlRhRTBMaXpGZlJ6NGxPSERjM29wVUthbEpIWW85VGgwWGRheTlxSjZxT0JqVENCaWpBT0JnTlZIUThCQWY4RQpCQU1DQjRBd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQjBHQTFVZERnUVdCQlRLCm9KVytXSE5zSGVwUXVMODAvOVB4WXpNZmJ6QWZCZ05WSFNNRUdEQVdnQlRla0xPNVRjR3o3bmNBaUl0cDdISEUKTVBuMmZ6QVpCZ05WSFJFRUVqQVFnZzRxTG1WNFlXMXdiR1V1ZEdWemREQUtCZ2dxaGtqT1BRUURBZ05KQURCRwpBaUVBOGxEQXRja2s1ZWsycG5zMVhUaW5mWUd2QXZ5ZC9YbjBMVXlLQkZWRXFEb0NJUUN4TGRJbEdDMDFHU0NYCmVQSFZHSjhSMVplcDNHU1ZLbXlkVG5ocHdaSWpJdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K", + "key": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUNSSk9mUGVPSVVvNXl3RW52S0R6dkVJMUtQejV2ZjFrNno5bUN0MlBwYzlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFTDBSekZPVG9tb2lobG9LKzgrV0xsS1NLN0JqQmM0YlBGWXJvQmIxR2NjK2h2VGFFMExpegpGZlJ6NGxPSERjM29wVUthbEpIWW85VGgwWGRheTlxSjZnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=", + "Store": "default" + } + ] + } + } diff --git a/test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/key.ecdsa.pem b/test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/key.ecdsa.pem new file mode 100644 index 00000000..05d98cbc --- /dev/null +++ b/test/test-files/ssl/example.test/with_ca/ecdsa/wildcard/key.ecdsa.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEICRJOfPeOIUo5ywEnvKDzvEI1KPz5vf1k6z9mCt2Ppc9oAoGCCqGSM49 +AwEHoUQDQgAEL0RzFOTomoihloK+8+WLlKSK7BjBc4bPFYroBb1Gcc+hvTaE0Liz +FfRz4lOHDc3opUKalJHYo9Th0Xday9qJ6g== +-----END EC PRIVATE KEY----- diff --git a/test/test-files/ssl/example.test/with_ca/rsa/ecdsa.acme.json b/test/test-files/ssl/example.test/with_ca/rsa/ecdsa.acme.json new file mode 100644 index 00000000..f1bd8b40 --- /dev/null +++ b/test/test-files/ssl/example.test/with_ca/rsa/ecdsa.acme.json @@ -0,0 +1,29 @@ +{ + "le": { + "Account": { + "Email": "acme@example.test", + "Registration": { + "body": { + "status": "valid", + "contact": [ + "mailto:acme@example.test" + ] + }, + "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789" + }, + "PrivateKey": "x", + "KeyType": "EC256" + }, + "Certificates": [ + { + "domain": { + "main": "Smallstep Leaf", + "sans": ["example.test", "mail.example.test"] + }, + "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNrekNDQVh1Z0F3SUJBZ0lRWHY0V05DN3lTS20xRDNwcDdtSkJyakFOQmdrcWhraUc5dzBCQVFzRkFEQWMKTVJvd0dBWURWUVFERXhGVGJXRnNiSE4wWlhBZ1VtOXZkQ0JEUVRBZUZ3MHlNVEF4TURFd01EQXdNREJhRncwegpNVEF4TURFd01EQXdNREJhTUJreEZ6QVZCZ05WQkFNVERsTnRZV3hzYzNSbGNDQk1aV0ZtTUZrd0V3WUhLb1pJCnpqMENBUVlJS29aSXpqMERBUWNEUWdBRTM0YzFCYXgrMDF5b3Q1RXlMN2dtOGpBam9MVnZtZk9oZWlybEFXc1QKNjFVV1VDbFk2UHZwZExPTHZEa0ZTb2xLa0ROZzhGQzJ2WjU3SDViTTJHN3lNcU9CbmpDQm16QU9CZ05WSFE4QgpBZjhFQkFNQ0JhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUIwR0ExVWREZ1FXCkJCUlQwcWN1MG1LR0Q2WC82UTF1NWgwOXV5czN2REFmQmdOVkhTTUVHREFXZ0JRZHorM01GRXo5M0VDNDh0MHIKNzUwbUVDOC93ekFxQmdOVkhSRUVJekFoZ2d4bGVHRnRjR3hsTG5SbGMzU0NFVzFoYVd3dVpYaGhiWEJzWlM1MApaWE4wTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBRXp4M0xPM2c4Tk9FN1ArNWkzWTBpS3YrUUc2VU1SdGVSCnZnSW1jNGw1Vm5TYThCanlBT1B2WU5FSTlnRlVlSXhDc2xNcmMxV2g0cmZIS3ltb1FrOTFLUUdrTUFPM2NiSWEKYXh5WGRNWE5sbHdPbTJGSXFURnJLMEQycFo1S1NHblFtTkdmajZiTWwzaEhIYzBRT1Y3YmdNa1NkZGJtczFQWQpIeEdmRk81VWxzZUxidkNIajh0b2ZhbUNUcit0OWk1aW9BT3BvYU9UT3lxMzRwSWdZN0FuREU0L3pNUC9hQ3FpCmR4RDZOTzhnY2VianVQckY0b2krOHdFcVNsNS9qUE5RdS93ZnVwNG1QakRsMVBlblN5dWUyUGZ1SGViSE9lRWgKMzlwWk5xKzZVZnNDbXcxMW1xaUROYTlYcWFSQlJNZEV0ek1pRXM0TUIwM1JCTHQ5N0tPTQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==", + "key": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUIvTXpNMHFLTUQ2NkptRUtPK09Ha2dXTko5R3RoZXl0bTYycmd4U0lwckxvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFMzRjMUJheCswMXlvdDVFeUw3Z204akFqb0xWdm1mT2hlaXJsQVdzVDYxVVdVQ2xZNlB2cApkTE9MdkRrRlNvbEtrRE5nOEZDMnZaNTdINWJNMkc3eU1nPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=", + "Store": "default" + } + ] + } + } diff --git a/test/test-files/ssl/example.test/with_ca/rsa/rsa.acme.json b/test/test-files/ssl/example.test/with_ca/rsa/rsa.acme.json new file mode 100644 index 00000000..da4c8010 --- /dev/null +++ b/test/test-files/ssl/example.test/with_ca/rsa/rsa.acme.json @@ -0,0 +1,29 @@ +{ + "le": { + "Account": { + "Email": "acme@example.test", + "Registration": { + "body": { + "status": "valid", + "contact": [ + "mailto:acme@example.test" + ] + }, + "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789" + }, + "PrivateKey": "x", + "KeyType": "RSA2048" + }, + "Certificates": [ + { + "domain": { + "main": "Smallstep Leaf", + "sans": ["example.test", "mail.example.test"] + }, + "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURYekNDQWtlZ0F3SUJBZ0lSQUt4NEFhdmVmdWdCZ0lKRzN6ZWwzUDR3RFFZSktvWklodmNOQVFFTEJRQXcKSERFYU1CZ0dBMVVFQXhNUlUyMWhiR3h6ZEdWd0lGSnZiM1FnUTBFd0hoY05NakV3TVRBeE1EQXdNREF3V2hjTgpNekV3TVRBeE1EQXdNREF3V2pBWk1SY3dGUVlEVlFRREV3NVRiV0ZzYkhOMFpYQWdUR1ZoWmpDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU9BVVpWek9LOUFwbWNqZnE1eDlvNDhFUUxtWm0vWGIKaGJXUUdWMDkzeUllY3NXSkQzUngvQXM1Zm80VExkelM4WGFvNmRsWHF6bFZSTmp2Q21QQVRzNmRKblZQMXRtLwphcWVWRndLSHFoNWxoSHF4OTNGWUtUUGJNY3BRSEdmVk5ZOHJEMy9hTHJUYmNXaXFHZDl3cktVQVVKTzhMT1M0CkhoRnNqY1VZd3VsWGtvc0hpWWlvWklta3NxMVovY3UxTDNmelV1UEg1V3lSazhOaCthWFV1WHBIR3hUUzFkalMKcDdkM09qRXZLNU9iOEFKUWprWTNWUzkwS2x4cVE5NGVwUFhQeHAwaGRZcE94YnN3WFUwRk1GNFNlTzF5Yy9RVwpLZXFLdFBNdlJ3ZytJWHdrVEhxRFJ5Wk1IbjV4cnZBT2FWMWprcCttakRwdG9RcFVLekIwT1hVQ0F3RUFBYU9CCm5qQ0JtekFPQmdOVkhROEJBZjhFQkFNQ0JhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUYKQndNQ01CMEdBMVVkRGdRV0JCUUducGIwbms4MmpWSTNKSW1uZmRIUjdEWWpBREFmQmdOVkhTTUVHREFXZ0JRZAp6KzNNRkV6OTNFQzQ4dDByNzUwbUVDOC93ekFxQmdOVkhSRUVJekFoZ2d4bGVHRnRjR3hsTG5SbGMzU0NFVzFoCmFXd3VaWGhoYlhCc1pTNTBaWE4wTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBS05yZTNraHdvTW9MMExvUUcKVUY4SFZpNU94enpLQ3p1ZVpRTVU4ZmovTVhRaHBQV0FrWEthNHZYd0NEdlZSQkNDMWo0dSt4U2VpcVh2TVZjUgpuN1F5eHZZS0pSblEway94MXpwOE42ZWVkMnRPRk96K2d5SGtvTlNyL2w5ZlFzQWhxb0wwRmVWYXRxY3pJMGNvCkRHZzV1eDVialp3bGxGWXc2TFJJdWh0WjRCeElRTzRHQzVweXNydmpYYjc4MnYwaUFvd1FITDN5QzB4L0V5ZnIKY2EvcW92VlNUOHpvV1lmLzFwUS83S3A5ZG84VnJhQjRkeXI1ci96QXkwR0hQZmlhOHFMODY0d1RxR2N1Um5XMwoxeTJCT2NLTGduVE5DRnAybmNXb2RtT2JzeG9tOEtnVUFWeVcwNmNEeDRYSTF3YTJGU3g0RzVtZWhCZ1NkL21RCjFBdnkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", + "key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNEJSbFhNNHIwQ21aeU4rcm5IMmpqd1JBdVptYjlkdUZ0WkFaWFQzZkloNXl4WWtQCmRISDhDemwramhNdDNOTHhkcWpwMlZlck9WVkUyTzhLWThCT3pwMG1kVS9XMmI5cXA1VVhBb2VxSG1XRWVySDMKY1ZncE05c3h5bEFjWjlVMWp5c1BmOW91dE50eGFLb1ozM0NzcFFCUWs3d3M1TGdlRVd5TnhSakM2VmVTaXdlSgppS2hraWFTeXJWbjl5N1V2ZC9OUzQ4ZmxiSkdUdzJINXBkUzVla2NiRk5MVjJOS250M2M2TVM4cms1dndBbENPClJqZFZMM1FxWEdwRDNoNms5Yy9HblNGMWlrN0Z1ekJkVFFVd1hoSjQ3WEp6OUJZcDZvcTA4eTlIQ0Q0aGZDUk0KZW9OSEprd2Vmbkd1OEE1cFhXT1NuNmFNT20yaENsUXJNSFE1ZFFJREFRQUJBb0lCQUg2WXgxT1JYNHR4bFdLNQppMWtVV20yWWQ0RGtXZ3FqQlgyNGRid0tFcUJTRjRHbWw4YXdCemZJT2NuRzZDaFVQUHRQSHg4ZHVxemZrZEFGCjdSYkNOVVBoNFRKeDh1NStpS0U1U0JDejJOYm5mOXRaNUhSeTNJUmhtRlcyd1BXZ3JXdS9aamhUYWdQZjNzakYKSVd6dFdYeTNHczc4aDFpSTlPUGZNcEZpRmV5QjhMRUUxdzRuYi9pU1NVdkZ1ZS9WWjBhRFM1ZU9tVUZWemp4eQp4TmZIWjMzUW5tUllic0o1OG9GMkZyKzNmVG1sdE00MDZ5K1RnMytEYW8rTXBmNDFOS3ErMXI1OFBuS3BVamZICmNMTzVrNC9NcWJuazR4aS9mdHpBcElldzFBNkNsTzl4d0EzK29ZRS9TMExROEpIRVZhakcxYU13OFBFWFdiT0oKd3pjWHdFRUNnWUVBN05aUURRSGpDQ3pkbUVDSVRTcjNJM3R1WGJtbnYyOVJTNHNBZXBuOWZTNE9Wb3NubnRyYwpZblJHcml1RklacHlyci8zUjVEd1RnTzYxVmVCQXF2SkRZdFZqajZ6eVQ5Zjg3ZmRtOGdKZURXN1QwRzI0dnQ2CjBINEtHOHdzOCtJL0ZqTWo3d2lDNHlONC9IY3lkOTRzcXVoKy85TmpkVHZ3ZnZTNmZyd25RUjBDZ1lFQThqWFYKU1JmQllKOFU4VkJNWnhmT212RXRKZnhhYWh0bkpHQkJFd0RjQ2ZnQitySWpWUUd3MGFaT05QS2lsRDhqaW5BdApVaUJ3eUJEa0hhVUwxNHM2SDIzK1FTNmFtNk1yOWxUeitZUHFwWVdHMFZqR0J2OGt1SFo1MEVobEJKRmFkek1iClZWUjVSNUZEUDNDaE1ReTdRNmU4Um9JSzVEUUQ4NnZLalFSZWdqa0NnWUFsRVJHc1IzeFIzanU4UlhWUHBvYlIKYmRNREpqaGoxTGREZkhqUnQySWVBbVJLRlROWlFHVzNudjBrNnpqRjNwZE9WRXNPVDFmY3plYWkxelFneCtRSwprNkVMUnpMNkwwb0VLZVdzS08yYWU4WmFEQzNrYm5sMVFoU3c3dzZtQ09YWXdwNUFIZlBtT3JvSHdWd0x1S0VECkNxbzl2Y2JXSlZCcGZrSGw3ZXF5M1FLQmdRQ0hPWkRyYnV6U3NkNHlYNzlZSzAxNDZiOW9IcnluMHNiQjQwOVIKZWNCZmZHdzJkN0FNTEpaNFpkM3g1NmpuRlYwVlZFMnBOVjFpQlRRbWJOZndyZFYwYUtkejRyNEV1Sk81d25JMwowdk4xRjloT0ZyN3dkeEFjUUdELzdQc2hFcm1zSlFkVW00WGVjL1pVZStBeWowWVpucE1aMWs2WVc0WDlTK01ZCjJlQ2QyUUtCZ1FEUVJoN0hIUzNuN1BBd3d0VURLUjlvRUZXRTBkTE9yK1JXU2VGc1h6MTBneFViUXVIdkxYVTQKbk9DR0ErQWRkNjk5NVBBczl4Y25BL0V3anUvbDNZQmdpUVB2bUxxRW5wU1pVaVJvS1FjVEUrc0FkOUZDTkIvNApsT1Job2tLNUtsSWt4VVFJU0FaNjVwMGF3UWUweXlmT0QxVkptY3ZBTEYxRlJ3V3l6NU0xVEE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=", + "Store": "default" + } + ] + } + } diff --git a/test/test-files/ssl/example.test/with_ca/rsa/wildcard/cert.rsa.pem b/test/test-files/ssl/example.test/with_ca/rsa/wildcard/cert.rsa.pem new file mode 100644 index 00000000..17696687 --- /dev/null +++ b/test/test-files/ssl/example.test/with_ca/rsa/wildcard/cert.rsa.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTjCCAjagAwIBAgIRAMjWRj4nHDOUhio1Pc+1Om8wDQYJKoZIhvcNAQELBQAw +HDEaMBgGA1UEAxMRU21hbGxzdGVwIFJvb3QgQ0EwHhcNMjEwMTAxMDAwMDAwWhcN +MzEwMTAxMDAwMDAwWjAZMRcwFQYDVQQDEw5TbWFsbHN0ZXAgTGVhZjCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALQA64PCkaIQLtzNOL3RcUwFT23canZJ +eQm4Ai6UKPE/CoHlCyc4PvLmstdegD6p7wzNX7Wp9wlrGhl0mW6fC9W5UU7ziSA9 +ffqrAjUzW0MGPusqFERq4XUY6vMIJ/DkoNxNDcsbRRcF7e3x/q60vLhnjwSD7nw6 +s1q1A08MPaz3GOC+etxb83rCa+SIVhHv6t5ScZR/IccINC5BDnQRl9ED96jaRcuE +DrX59/KUyIicOCYy6lYvqEdxxb9dUPgOYLvUiicgYWhHja56uF23nhagTz+eYMI4 +vZPIeGo2BkvT0rcyBJ7QnGOs34UvoX7bK4Xu9re2fgU+dKvVAdnjZ9UCAwEAAaOB +jTCBijAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF +BwMCMB0GA1UdDgQWBBR4Ut8IBrlcCqeanmb3/eip4J4dwjAfBgNVHSMEGDAWgBQd +z+3MFEz93EC48t0r750mEC8/wzAZBgNVHREEEjAQgg4qLmV4YW1wbGUudGVzdDAN +BgkqhkiG9w0BAQsFAAOCAQEAl8+2+jByETsTMJXBc0U4DHdUqEF+nffF5ckMu6zx +DRMhC8IuXicQ9cd4dlonl2joaP0Y1oOvhZE3JBtVAKdKjDIuiuJCMhsJMvCFimX7 +pCaErMVtIYOrobG4mYo0rQv7Faq7X8xE8/m76yaGQedx6jaeQEDqI72M042UIa8R +QrexAGIYcVBGSmOoKBXLbgTgY+kw1jweWM9ql9DqjKymdoO70SWpefJwc1k5FAR1 +Xi1eu2RNOAsGZniWsIWitPmInhOkAq3vaJ/clepL0+TUA6Kl1qIh7z2sVK64ms5E +HKF69RdtrA1UH0gHlQkAueTW8LI2EUYBuZZ+gEMSVczdbQ== +-----END CERTIFICATE----- diff --git a/test/test-files/ssl/example.test/with_ca/rsa/wildcard/key.rsa.pem b/test/test-files/ssl/example.test/with_ca/rsa/wildcard/key.rsa.pem new file mode 100644 index 00000000..facb7a4d --- /dev/null +++ b/test/test-files/ssl/example.test/with_ca/rsa/wildcard/key.rsa.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAtADrg8KRohAu3M04vdFxTAVPbdxqdkl5CbgCLpQo8T8KgeUL +Jzg+8uay116APqnvDM1ftan3CWsaGXSZbp8L1blRTvOJID19+qsCNTNbQwY+6yoU +RGrhdRjq8wgn8OSg3E0NyxtFFwXt7fH+rrS8uGePBIPufDqzWrUDTww9rPcY4L56 +3FvzesJr5IhWEe/q3lJxlH8hxwg0LkEOdBGX0QP3qNpFy4QOtfn38pTIiJw4JjLq +Vi+oR3HFv11Q+A5gu9SKJyBhaEeNrnq4XbeeFqBPP55gwji9k8h4ajYGS9PStzIE +ntCcY6zfhS+hftsrhe72t7Z+BT50q9UB2eNn1QIDAQABAoIBAQCR2Bz6yO8OjGYr +6OuMgOJ3YeYVcX2hEa7MPRcnfkweC6IL1PTQdjYqwNkuvxbRrwZNLSnbGzdZnjmr +Xlni02LXbCuA+LmmMaydKWnEiTPsfmcESzfYp3C9W88h0v3ppJThal0+r32vRdKd +9HESRMaT8vRiCDN23GjtmbRwm85tEPw6Tqm68ORO7pSacHi0Wz2xrufxkXbLij6o +b0+hFHiSgJ6pUiFIJFL9e1+GiCNJwOcQZSH57Kd23fWu0WwSvzFoW+tudvb/OTN3 +EuX8RDeQuSGsSr+b+Ahu+BbG3qryfmD5rRM4jMm3C/i6jAfoXHVrzAky97i5MRzK +mSE8T5eRAoGBAN4sT9xbYUpCkzzs/nEx6aXXMWy4pZmZ+8dyUv4WS3dFRcUbCjPK +V5fl5xXxWOIAzHEmr9TXhPBzhY2+M9xkFbSjIr1NoCVeb2xzZwzSO1FK0hIdxvcT +WTWZJp9kYWw/9U8JhfH63Xt8o/5N/MmKRHZkbB+aVSRVBRefwRy3tDzPAoGBAM9o +9VveXFcHxED+L8NV6Pxv4Pe+Pc8UatmGCjgDWVr2kpcEI0oDxPMmUkQEoTFJce+H +D5kEy9eInENb+fGsxkz89Qu5dUEyNJrMULgkPuY8wDUfUCwJguz54Kr1Gp1RsQZt +GSQQz1hYiMtG80U88R+UUr2CiqixKQAxwAczuqIbAoGBAI1dXKM1cb4yhkUp9uxH +egeP2V74TkZh+BZ749rQjMwjQ7Wa8u7pPLrmCheoLYoAQBVvLEodp/TnTH9YGt+M +v1LkymHxVojwga1b8KHz0tJy7R+h2suzf/veqviYgnTCbXAQ+y1xFiRQtnhFXydN +1yoN0854ANzRTCAwAkwnh4N5AoGAH1TPm60fbdYyg07ikDNuGpQb+9C1LY78BRgG +eyemW+NbiYyKeCfRnJlxW+0HHJbnqzNP2+GpmUl9sX83Zpae7gpYSgkd+VdIMwoi +N27iQY1zy5KLXduh94JXufuEpbctcrcQUS5o5AObxnlVTmRCWG7jgNUzdQAuHWVm +iK/7xXkCgYB6WmBfvlOdUEXok8/H/UIeAYTjPhsBynuucgz/5RcyAiXZrWDCCOei +SVqhEm7pZ01DlKhIKX1bCnbjwk7yGK382kkhkHMpSDh6JrkwfPMq6LOZvntP7HMA +Lj++wxwaCldG7g2vKazWQ4xV08JbQ0SQWMDVofH6SAF27SpPjSeicQ== +-----END RSA PRIVATE KEY----- diff --git a/test/test-files/ssl/example.test/with_ca/rsa/wildcard/rsa.acme.json b/test/test-files/ssl/example.test/with_ca/rsa/wildcard/rsa.acme.json new file mode 100644 index 00000000..e998e3bd --- /dev/null +++ b/test/test-files/ssl/example.test/with_ca/rsa/wildcard/rsa.acme.json @@ -0,0 +1,29 @@ +{ + "le": { + "Account": { + "Email": "acme@example.test", + "Registration": { + "body": { + "status": "valid", + "contact": [ + "mailto:acme@example.test" + ] + }, + "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/0123456789" + }, + "PrivateKey": "x", + "KeyType": "RSA2048" + }, + "Certificates": [ + { + "domain": { + "main": "Smallstep Leaf", + "sans": ["*.example.test"] + }, + "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUakNDQWphZ0F3SUJBZ0lSQU1qV1JqNG5IRE9VaGlvMVBjKzFPbTh3RFFZSktvWklodmNOQVFFTEJRQXcKSERFYU1CZ0dBMVVFQXhNUlUyMWhiR3h6ZEdWd0lGSnZiM1FnUTBFd0hoY05NakV3TVRBeE1EQXdNREF3V2hjTgpNekV3TVRBeE1EQXdNREF3V2pBWk1SY3dGUVlEVlFRREV3NVRiV0ZzYkhOMFpYQWdUR1ZoWmpDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxRQTY0UENrYUlRTHR6Tk9MM1JjVXdGVDIzY2FuWkoKZVFtNEFpNlVLUEUvQ29IbEN5YzRQdkxtc3RkZWdENnA3d3pOWDdXcDl3bHJHaGwwbVc2ZkM5VzVVVTd6aVNBOQpmZnFyQWpVelcwTUdQdXNxRkVScTRYVVk2dk1JSi9Ea29OeE5EY3NiUlJjRjdlM3gvcTYwdkxobmp3U0Q3bnc2CnMxcTFBMDhNUGF6M0dPQytldHhiODNyQ2ErU0lWaEh2NnQ1U2NaUi9JY2NJTkM1QkRuUVJsOUVEOTZqYVJjdUUKRHJYNTkvS1V5SWljT0NZeTZsWXZxRWR4eGI5ZFVQZ09ZTHZVaWljZ1lXaEhqYTU2dUYyM25oYWdUeitlWU1JNAp2WlBJZUdvMkJrdlQwcmN5Qko3UW5HT3MzNFV2b1g3Yks0WHU5cmUyZmdVK2RLdlZBZG5qWjlVQ0F3RUFBYU9CCmpUQ0JpakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUYKQndNQ01CMEdBMVVkRGdRV0JCUjRVdDhJQnJsY0NxZWFubWIzL2VpcDRKNGR3akFmQmdOVkhTTUVHREFXZ0JRZAp6KzNNRkV6OTNFQzQ4dDByNzUwbUVDOC93ekFaQmdOVkhSRUVFakFRZ2c0cUxtVjRZVzF3YkdVdWRHVnpkREFOCkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWw4KzIrakJ5RVRzVE1KWEJjMFU0REhkVXFFRituZmZGNWNrTXU2engKRFJNaEM4SXVYaWNROWNkNGRsb25sMmpvYVAwWTFvT3ZoWkUzSkJ0VkFLZEtqREl1aXVKQ01oc0pNdkNGaW1YNwpwQ2FFck1WdElZT3JvYkc0bVlvMHJRdjdGYXE3WDh4RTgvbTc2eWFHUWVkeDZqYWVRRURxSTcyTTA0MlVJYThSClFyZXhBR0lZY1ZCR1NtT29LQlhMYmdUZ1kra3cxandlV005cWw5RHFqS3ltZG9PNzBTV3BlZkp3YzFrNUZBUjEKWGkxZXUyUk5PQXNHWm5pV3NJV2l0UG1JbmhPa0FxM3ZhSi9jbGVwTDArVFVBNktsMXFJaDd6MnNWSzY0bXM1RQpIS0Y2OVJkdHJBMVVIMGdIbFFrQXVlVFc4TEkyRVVZQnVaWitnRU1TVmN6ZGJRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=", + "key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdEFEcmc4S1JvaEF1M00wNHZkRnhUQVZQYmR4cWRrbDVDYmdDTHBRbzhUOEtnZVVMCkp6Zys4dWF5MTE2QVBxbnZETTFmdGFuM0NXc2FHWFNaYnA4TDFibFJUdk9KSUQxOStxc0NOVE5iUXdZKzZ5b1UKUkdyaGRSanE4d2duOE9TZzNFME55eHRGRndYdDdmSCtyclM4dUdlUEJJUHVmRHF6V3JVRFR3dzlyUGNZNEw1NgozRnZ6ZXNKcjVJaFdFZS9xM2xKeGxIOGh4d2cwTGtFT2RCR1gwUVAzcU5wRnk0UU90Zm4zOHBUSWlKdzRKakxxClZpK29SM0hGdjExUStBNWd1OVNLSnlCaGFFZU5ybnE0WGJlZUZxQlBQNTVnd2ppOWs4aDRhallHUzlQU3R6SUUKbnRDY1k2emZoUytoZnRzcmhlNzJ0N1orQlQ1MHE5VUIyZU5uMVFJREFRQUJBb0lCQVFDUjJCejZ5TzhPakdZcgo2T3VNZ09KM1llWVZjWDJoRWE3TVBSY25ma3dlQzZJTDFQVFFkallxd05rdXZ4YlJyd1pOTFNuYkd6ZFpuam1yClhsbmkwMkxYYkN1QStMbW1NYXlkS1duRWlUUHNmbWNFU3pmWXAzQzlXODhoMHYzcHBKVGhhbDArcjMydlJkS2QKOUhFU1JNYVQ4dlJpQ0ROMjNHanRtYlJ3bTg1dEVQdzZUcW02OE9STzdwU2FjSGkwV3oyeHJ1ZnhrWGJMaWo2bwpiMCtoRkhpU2dKNnBVaUZJSkZMOWUxK0dpQ05Kd09jUVpTSDU3S2QyM2ZXdTBXd1N2ekZvVyt0dWR2Yi9PVE4zCkV1WDhSRGVRdVNHc1NyK2IrQWh1K0JiRzNxcnlmbUQ1clJNNGpNbTNDL2k2akFmb1hIVnJ6QWt5OTdpNU1SeksKbVNFOFQ1ZVJBb0dCQU40c1Q5eGJZVXBDa3p6cy9uRXg2YVhYTVd5NHBabVorOGR5VXY0V1MzZEZSY1ViQ2pQSwpWNWZsNXhYeFdPSUF6SEVtcjlUWGhQQnpoWTIrTTl4a0ZiU2pJcjFOb0NWZWIyeHpad3pTTzFGSzBoSWR4dmNUCldUV1pKcDlrWVd3LzlVOEpoZkg2M1h0OG8vNU4vTW1LUkhaa2JCK2FWU1JWQlJlZndSeTN0RHpQQW9HQkFNOW8KOVZ2ZVhGY0h4RUQrTDhOVjZQeHY0UGUrUGM4VWF0bUdDamdEV1ZyMmtwY0VJMG9EeFBNbVVrUUVvVEZKY2UrSApENWtFeTllSW5FTmIrZkdzeGt6ODlRdTVkVUV5TkpyTVVMZ2tQdVk4d0RVZlVDd0pndXo1NEtyMUdwMVJzUVp0CkdTUVF6MWhZaU10RzgwVTg4UitVVXIyQ2lxaXhLUUF4d0FjenVxSWJBb0dCQUkxZFhLTTFjYjR5aGtVcDl1eEgKZWdlUDJWNzRUa1poK0JaNzQ5clFqTXdqUTdXYTh1N3BQTHJtQ2hlb0xZb0FRQlZ2TEVvZHAvVG5USDlZR3QrTQp2MUxreW1IeFZvandnYTFiOEtIejB0Snk3UitoMnN1emYvdmVxdmlZZ25UQ2JYQVEreTF4RmlSUXRuaEZYeWROCjF5b04wODU0QU56UlRDQXdBa3duaDRONUFvR0FIMVRQbTYwZmJkWXlnMDdpa0ROdUdwUWIrOUMxTFk3OEJSZ0cKZXllbVcrTmJpWXlLZUNmUm5KbHhXKzBISEpibnF6TlAyK0dwbVVsOXNYODNacGFlN2dwWVNna2QrVmRJTXdvaQpOMjdpUVkxenk1S0xYZHVoOTRKWHVmdUVwYmN0Y3JjUVVTNW81QU9ieG5sVlRtUkNXRzdqZ05VemRRQXVIV1ZtCmlLLzd4WGtDZ1lCNldtQmZ2bE9kVUVYb2s4L0gvVUllQVlUalBoc0J5bnV1Y2d6LzVSY3lBaVhacldEQ0NPZWkKU1ZxaEVtN3BaMDFEbEtoSUtYMWJDbmJqd2s3eUdLMzgya2toa0hNcFNEaDZKcmt3ZlBNcTZMT1p2bnRQN0hNQQpMaisrd3h3YUNsZEc3ZzJ2S2F6V1E0eFYwOEpiUTBTUVdNRFZvZkg2U0FGMjdTcFBqU2VpY1E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=", + "Store": "default" + } + ] + } + }