@@ -21,6 +21,7 @@ import (
"reflect"
"strconv"
"strings"
"sync"
"testing"
"time"
@@ -136,6 +137,7 @@ func TestPKI_RequireCN(t *testing.T) {
// Performs basic tests on CA functionality
// Uses the RSA CA key
func TestBackend_RSAKey ( t * testing . T ) {
initTest . Do ( setCerts )
defaultLeaseTTLVal := time . Hour * 24
maxLeaseTTLVal := time . Hour * 24 * 32
b , err := Factory ( context . Background ( ) , & logical . BackendConfig {
@@ -164,6 +166,7 @@ func TestBackend_RSAKey(t *testing.T) {
// Performs basic tests on CA functionality
// Uses the EC CA key
func TestBackend_ECKey ( t * testing . T ) {
initTest . Do ( setCerts )
defaultLeaseTTLVal := time . Hour * 24
maxLeaseTTLVal := time . Hour * 24 * 32
b , err := Factory ( context . Background ( ) , & logical . BackendConfig {
@@ -190,6 +193,7 @@ func TestBackend_ECKey(t *testing.T) {
}
func TestBackend_CSRValues ( t * testing . T ) {
initTest . Do ( setCerts )
defaultLeaseTTLVal := time . Hour * 24
maxLeaseTTLVal := time . Hour * 24 * 32
b , err := Factory ( context . Background ( ) , & logical . BackendConfig {
@@ -216,6 +220,7 @@ func TestBackend_CSRValues(t *testing.T) {
}
func TestBackend_URLsCRUD ( t * testing . T ) {
initTest . Do ( setCerts )
defaultLeaseTTLVal := time . Hour * 24
maxLeaseTTLVal := time . Hour * 24 * 32
b , err := Factory ( context . Background ( ) , & logical . BackendConfig {
@@ -245,6 +250,7 @@ func TestBackend_URLsCRUD(t *testing.T) {
// of role flags to ensure that they are properly restricted
// Uses the RSA CA key
func TestBackend_RSARoles ( t * testing . T ) {
initTest . Do ( setCerts )
defaultLeaseTTLVal := time . Hour * 24
maxLeaseTTLVal := time . Hour * 24 * 32
b , err := Factory ( context . Background ( ) , & logical . BackendConfig {
@@ -285,6 +291,7 @@ func TestBackend_RSARoles(t *testing.T) {
// of role flags to ensure that they are properly restricted
// Uses the RSA CA key
func TestBackend_RSARoles_CSR ( t * testing . T ) {
initTest . Do ( setCerts )
defaultLeaseTTLVal := time . Hour * 24
maxLeaseTTLVal := time . Hour * 24 * 32
b , err := Factory ( context . Background ( ) , & logical . BackendConfig {
@@ -305,7 +312,7 @@ func TestBackend_RSARoles_CSR(t *testing.T) {
Operation : logical . UpdateOperation ,
Path : "config/ca" ,
Data : map [ string ] interface { } {
"pem_bundle" : rsaCAKey + rsaCACert + rsaCAChain ,
"pem_bundle" : rsaCAKey + rsaCACert ,
} ,
} ,
} ,
@@ -325,6 +332,7 @@ func TestBackend_RSARoles_CSR(t *testing.T) {
// of role flags to ensure that they are properly restricted
// Uses the EC CA key
func TestBackend_ECRoles ( t * testing . T ) {
initTest . Do ( setCerts )
defaultLeaseTTLVal := time . Hour * 24
maxLeaseTTLVal := time . Hour * 24 * 32
b , err := Factory ( context . Background ( ) , & logical . BackendConfig {
@@ -365,6 +373,7 @@ func TestBackend_ECRoles(t *testing.T) {
// of role flags to ensure that they are properly restricted
// Uses the EC CA key
func TestBackend_ECRoles_CSR ( t * testing . T ) {
initTest . Do ( setCerts )
defaultLeaseTTLVal := time . Hour * 24
maxLeaseTTLVal := time . Hour * 24 * 32
b , err := Factory ( context . Background ( ) , & logical . BackendConfig {
@@ -840,8 +849,8 @@ func generateCATestingSteps(t *testing.T, caCert, caKey, otherCaCert string, int
Unauthenticated : true ,
Check : func ( resp * logical . Response ) error {
rawBytes := resp . Data [ "http_raw_body" ] . ( [ ] byte )
if string ( rawBytes ) != caCert {
return fmt . Errorf ( "CA certificate:\n%s \ndoes not match original:\n%s \n" , string ( rawBytes ) , caCert )
if ! reflect . DeepEqual ( rawBytes , [ ] byte ( caCert ) ) {
return fmt . Errorf ( "CA certificate:\n%#v \ndoes not match original:\n%#v \n" , rawBytes , [ ] byte ( caCert ) )
}
if resp . Data [ "http_content_type" ] . ( string ) != "application/pkix-cert" {
return fmt . Errorf ( "Expected application/pkix-cert as content-type, but got %s" , resp . Data [ "http_content_type" ] . ( string ) )
@@ -1827,8 +1836,14 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
i := mathRand . Int ( ) % 4
switch {
case i == 0 :
extUsage = x509 . ExtKeyUsageEmailProtection
roleVals . EmailProtectionFlag = tru e
// Punt on this for now since I'm not clear the actual proper
// way to format thes e
if name != "daɪ ˈ {
extUsage = x509 . ExtKeyUsageEmailProtection
roleVals . EmailProtectionFlag = true
break
}
fallthrough
case i == 1 :
extUsage = x509 . ExtKeyUsageServerAuth
roleVals . ServerFlag = true
@@ -1929,7 +1944,7 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
Type : "CERTIFICATE REQUEST" ,
Bytes : csr ,
}
issueVals . CSR = strings . TrimSpace ( string ( pem . EncodeToMemory ( & block ) ) )
issueVals . CSR = string ( pem . EncodeToMemory ( & block ) )
addTests ( getCnCheck ( issueVals . CommonName , roleVals , privKey , x509 . KeyUsage ( parsedKeyUsage ) , extUsage , validity ) )
} else {
@@ -3193,129 +3208,82 @@ func TestBackend_OID_SANs(t *testing.T) {
t . Logf ( "certificate 3 to check:\n%s" , certStr )
}
const (
rsaCAKey string = ` -----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAmPQlK7xD5p+E8iLQ8XlVmll5uU2NKMxKY3UF5tbh+0vkc+Fy
XmutLxxXAyYRPoztZ1g7ocr8XBFYsQPK26TFc3TzrLL7bBEYHQArd8M+VUHjziB7
zwwpbV7tG8WPqIScDKMNncavDcT8sDg3DUqb8/zWkBD8WEYmsVr1VfKY5pFdxIZU
kHP3/MkDpGmfrED9K5qPu17dIHTL2VYi4KxKhtIryapZTk6vDwRNfIYJD23QbQnt
Si1j0X9MTRUf3BIcd0Ch60aGvv0VSL+1NTafsZQD+z1RY/zNp9IUHz5bNIiePZ6l
JrlddodAAXZ4sN1CMetf4bA2RXssxBEIb5FyiQIDAQABAoIBAGMScSk9DvZJCUIV
zyU6JHqPzkp6sx5kBSMa37HAKiwt4lI1C3GhaVIEl0/Qzoannfa8rhOEeaXhDoPK
IxHWTpcUf+mzHSvIfsf6Hi2655stzLLtU4SvKf5P6GF+vCi5jKKa0u0JjsXqfIpg
Pzh6xT1q3kf+2JUNC28Brbv4IZXmPmqWwu21VN+t3GsMGYgOnEOzBjXMhvNnm9kN
kznV9Y2y0UIcT4dhbe2VRs4Dp8dGEyrFM7/Ovb3hIJrTkPcxjBbL5eMqpXnIkiW2
7NyPMWFvX2lGnGdZ1Erh65SVtMjnHFwnSJ8jD+x9RAH9c1LQrYASws3MvMV8Bdzg
2iljNqECgYEAw3Ow0clLx2alj9qFXcS2ap1lUCJxXZ9UiIU5lOcPxpCpHPloua14
46rj2EJ9SD1L2kyB5gCq4nGK5uUIx37AJryy1SGzUmtmIVxQLnm6XK6zKnTBk0gx
gevS6D7fHLDiVGGl3oGw4evibUFCk7dFOb/I/uBRb1zyaJrqOIlDS7UCgYEAyFYi
RYQbYJJ0k18fUWDKy/P/Rl7uy9D67Qa9+wxoYN2Kh/aQwnNxYHAbwG7Pupd0oGcW
Yl4bgUliAX3IFGs/cCkPJAIHzwWBPjUDhsJ020TGxKfL4SWP9OaxOpN5TOAixvBY
ar9aSaKEl7QShmzc/Dknxu58LcoZUwI82pKIGAUCgYAxaHJ/ZcpxOsKJjez+2jZe
1zEAQ+SyjQ96f2sh+BMl1/XYLDhMD80qiE2WoqA2/b/KDGMd+Hc6TQeW/LjubV03
raXreNxy7lFgB40BYqY4vbTu+5rfl3VkaW/kY9hU0WY1fIXIrLJBOjb/9WpWGxM1
2QR/YcdURoPE67xf1FsdrQKBgE8KdNEakzah8e6nLBMOblTTutcH4410sVvNOi2P
sqrtHZgRNwIRTB0xfjGJRtomoXQb2CANYyq6SjmuZ79upQPan0ekqXILiPeDMRX9
KN/OHeI/FdiJ2mdUkX476zLih7YX47qSLsw4m7nC6UAyOWomHsSFGWdzglRW4K2X
/KwFAoGAYQUEWhXp5vpKzAly1ivSH9+sGC59Cujdy50oJSjaw9J+W1fM5WO9z+MH
CoEpRt8epIgvCBBP2IM7uJUu8i2jQgJ/rrn3NTJgZn2UEPzyxUxbuWnSyueyUsD6
uhTwBDf8LWOpvdZHMI4CPZ5WJwxAGkvde9xtlzuZUSAlyI2X8m0=
-----END RSA PRIVATE KEY-----
`
rsaCACert string = ` -----BEGIN CERTIFICATE-----
MIIDljCCAn6gAwIBAgIUQVapfgyAeDH9rAmpw3PQrhMcjRMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3ViIEF1
dGhvcml0eTAeFw0xNjA4MDcyMjUzNTRaFw0yNjA3MjQxMDU0MjRaMDcxNTAzBgNV
BAMTLFZhdWx0IFRlc3RpbmcgSW50ZXJtZWRpYXRlIFN1YiBTdWIgQXV0aG9yaXR5
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPQlK7xD5p+E8iLQ8XlV
mll5uU2NKMxKY3UF5tbh+0vkc+FyXmutLxxXAyYRPoztZ1g7ocr8XBFYsQPK26TF
c3TzrLL7bBEYHQArd8M+VUHjziB7zwwpbV7tG8WPqIScDKMNncavDcT8sDg3DUqb
8/zWkBD8WEYmsVr1VfKY5pFdxIZUkHP3/MkDpGmfrED9K5qPu17dIHTL2VYi4KxK
htIryapZTk6vDwRNfIYJD23QbQntSi1j0X9MTRUf3BIcd0Ch60aGvv0VSL+1NTaf
sZQD+z1RY/zNp9IUHz5bNIiePZ6lJrlddodAAXZ4sN1CMetf4bA2RXssxBEIb5Fy
iQIDAQABo4GdMIGaMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G
A1UdDgQWBBRMeQTX9VkLqb1wzrvN/vFG09yhUTAfBgNVHSMEGDAWgBR0Oq2VTUBE
dOm6a1sKJTvdZMV5LjA3BgNVHREEMDAugixWYXVsdCBUZXN0aW5nIEludGVybWVk
aWF0ZSBTdWIgU3ViIEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEAagYM7uFa
tUziraBkuU7cIyX83y7lYFsDhUse2hkpqmgO14oEOwFsDox1Jg2QGt4FEfJoCOXf
oCZZN8XmaWdSrfgs1nDmtE0xwXiX1z7JuJZ+Ygt3dcRHO1zs5tmuHLxrvMnKfIfG
bsGmES4mknt0qQ7tGhpyC+KgEmcVL1QQJXNjzCrw5iQ9sgvQt+oCqV28pxOUSYkq
FdrozmNdJwMgVADywiY/FqYJWgkixlFHQkPR7eiXwpahON+zRMk1JSgr/8N8fRDj
aqVBRppPzVU9joUME0vOc8cK3VozNe4iRkKNZFelHU2NPPJSDjRLVH9tJ7jPVOEA
/k6w2PwdoRom7Q==
-----END CERTIFICATE-----
`
func setCerts ( ) {
cak , err := ecdsa . GenerateKey ( elliptic . P256 ( ) , rand . Reader )
if err != nil {
panic ( err )
}
marshaledKey , err := x509 . MarshalECPrivateKey ( cak )
if err != nil {
panic ( err )
}
keyPEMBlock := & pem . Block {
Type : "EC PRIVATE KEY" ,
Bytes : marshaledKey ,
}
ecCAKey = string ( pem . EncodeToMemory ( keyPEMBlock ) )
if err != nil {
panic ( err )
}
subjKeyID , err := certutil . GetSubjKeyID ( cak )
if err != nil {
panic ( err )
}
caCertTemplate := & x509 . Certificate {
Subject : pkix . Name {
CommonName : "root.localhost" ,
} ,
SubjectKeyId : subjKeyID ,
DNSNames : [ ] string { "root.localhost" } ,
KeyUsage : x509 . KeyUsage ( x509 . KeyUsageCertSign | x509 . KeyUsageCRLSign ) ,
SerialNumber : big . NewInt ( mathrand . Int63 ( ) ) ,
NotBefore : time . Now ( ) . Add ( - 30 * time . Second ) ,
NotAfter : time . Now ( ) . Add ( 262980 * time . Hour ) ,
BasicConstraintsValid : true ,
IsCA : true ,
}
caBytes , err := x509 . CreateCertificate ( rand . Reader , caCertTemplate , caCertTemplate , cak . Public ( ) , cak )
if err != nil {
panic ( err )
}
caCertPEMBlock := & pem . Block {
Type : "CERTIFICATE" ,
Bytes : caBytes ,
}
ecCACert = string ( pem . EncodeToMemory ( caCertPEMBlock ) )
rsaCAChain string = ` -----BEGIN CERTIFICATE-----
MIIDijCCAnKgAwIBAgIUOiGo/1EOhRhuupTRGDYnqdALk/swDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgQXV0aG9y
aXR5MB4XDTE2MDgwNzIyNTA1MloXDTI2MDcyODE0NTEyMlowMzExMC8GA1UEAxMo
VmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3ViIEF1dGhvcml0eTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTPRQREwW3BEifNcm0XElMRB0GNTXHr
XCuNoFVsVBlIEsNVQkka+SHZcmNBdEcZLBXP/W3tBT82B48GVN8jyxAGfYZ5hoOQ
ed3GVft1A7lAnxcGvf5e9kfecKDcBB4G4rBhqdDNcAtklS2hV4uZUcVcEJKggpsQ
a1wZkCn8eg6sqEYG/SxPouwL52PblxIN+Dd57sBeqx4qdL297XR8LuLkxqftwUCZ
l2iFBnSDID/06ZmHDXA38I0n3jT2ZGjgPGFnIFKxRGq1vpVc3F5ga8qk+u66ybBu
xWHzINQrrryjELbl2YBTr6i0R9HnZle6OPcXMWp0JuGjtDC1xb5NmnkCAwEAAaOB
mTCBljAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
dDqtlU1ARHTpumtbCiU73WTFeS4wHwYDVR0jBBgwFoAU+UO/nrlKr4COZCxLZSY/
ul+YMvMwMwYDVR0RBCwwKoIoVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgU3Vi
IEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEAjgCuTXsLFkf0DVkfSsKReNwI
U/yBcP8Ttbx/ltanJGIVfD5TZoCnNTWm6RkML29ohfxI27sHTUhj+/6Ba0MRiLeI
FXdclXmHOU2dTHlrmUa0m/4cb5uYoiiEnpmyWL5k94fqPOZAvJcFHnP3db4vsaUW
47YcOvJbPSJqFXZHadqnsf3Fur5NCeTkIk6yZSvwTaZJT0JIWcqfE5LK3mYAMMC3
iPaIa1cYqOZhWx9ilQfW6u6WxWeOphGuDIusP7Q4qc2Dr9sekyD59dfIYsroK5TP
QVJb69nIYINpYdg3l3VNmmkY4G30N9QNs6acaH49rYzLcRX6tLBgPklO6d+TPA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDejCCAmKgAwIBAgIUULdIdrdK4Y8d+XM9fuOpDlNcJIYwDQYJKoZIhvcNAQEL
BQAwJzElMCMGA1UEAxMcVmF1bHQgVGVzdGluZyBSb290IEF1dGhvcml0eTAeFw0x
NjA4MDcyMjUwNTFaFw0yNjA4MDExODUxMjFaMC8xLTArBgNVBAMTJFZhdWx0IFRl
c3RpbmcgSW50ZXJtZWRpYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANXa6U+MDiUrryeZeGxgkmAZdrm9wCKz/6SmxYSebKr8aZwD
nfbsPLRFxU6BXp9Nc6pP7e8HLBv6PtFTQG389zxOBwAHxZQvUsFESumUd64oTLRG
J+AErTh7rtSWbLZsgDtQVvpx+6mKkvm53f/aKcq+DbqAFOg6slYOaQix0ZvP/qL0
iWGIPr1JZk9uBJOUuIUBJdbsgTk+KQqJL9M6up8bCnM0noCafwrNKwZWtsbkfOZE
OLSycdzCEBeHejpHTIU0vgAkdj63oEy2AbK3hMPxKzNthL3DX6W0tssoVgL//92i
oSfpDTxiXqqdr+J3accpsAvA+F+D2TqaxdAfjLcCAwEAAaOBlTCBkjAOBgNVHQ8B
Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+UO/nrlKr4COZCxL
ZSY/ul+YMvMwHwYDVR0jBBgwFoAUA3jY4OUWi1Y7zQgM7S9QeXjNgIQwLwYDVR0R
BCgwJoIkVmF1bHQgVGVzdGluZyBJbnRlcm1lZGlhdGUgQXV0aG9yaXR5MA0GCSqG
SIb3DQEBCwUAA4IBAQA9VJt92LsOOegtAx35rr41LSSfPWB2SCKg0fphL2gMPO5y
fE2u8O5TF5dJWJ1fF3cg9/XK30Ohdl1/ujfHbVcX+O6Sb3cgwKTQQOhTdsAZKFRT
RPHaf/Ja8uqAXMITApxOp7YiYQwukwZr+OsKi66s+zhlfI790PoQbC3UJvgmNDmv
V5oP63mw4yhqRNPn4NOjzoC/hJSIM0AIdRB1nx2rsSUw0P354R1j9gO43L/Lj33S
NEaPmw+SC3Tbcx4yxeKnTvGdu3sw/ndmZkCjaq5jxgTy9FONqT45TPJOyk29o5gl
+AVQz5fD2M3C1L/sZIPH2OQbXxePHcsvUZVgaKyk
-----END CERTIFICATE-----
`
rak , err := rsa . GenerateKey ( rand . Reader , 2048 )
if err != nil {
panic ( err )
}
marshaledKey = x509 . MarshalPKCS1PrivateKey ( rak )
keyPEMBlock = & pem . Block {
Type : "RSA PRIVATE KEY" ,
Bytes : marshaledKey ,
}
rsaCAKey = string ( pem . EncodeToMemory ( keyPEMBlock ) )
if err != nil {
panic ( err )
}
subjKeyID , err = certutil . GetSubjKeyID ( rak )
if err != nil {
panic ( err )
}
caBytes , err = x509 . CreateCertificate ( rand . Reader , caCertTemplate , caCertTemplate , rak . Public ( ) , rak )
if err != nil {
panic ( err )
}
caCertPEMBlock = & pem . Block {
Type : "CERTIFICATE" ,
Bytes : caBytes ,
}
rsaCACert = string ( pem . EncodeToMemory ( caCertPEMBlock ) )
}
ecCAKey string = ` -----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDBP/t89wrC0RFVs0N+jiRuGPptoxI1Iyu42/PzzZWMKYnO7yCWFG/Qv
zC8cRa8PDqegBwYFK4EEACKhZANiAAQI9e8n9RD6gOd5YpWpDi5AoPbskxQSogxx
dYFzzHwS0RYIucmlcJ2CuJQNc+9E4dUCMsYr2cAnCgA4iUHzGaje3Fa4O667LVH1
imAyAj5nbfSd89iNzg4XNPkFjuVNBlE=
-----END EC PRIVATE KEY-----
`
ecCACert string = ` -----BEGIN CERTIFICATE-----
MIIDHzCCAqSgAwIBAgIUEQ4L+8Xl9+/uxU3MMCrd3Bw0HMcwCgYIKoZIzj0EAwIw
XzEjMCEGA1UEAxMaVmF1bHQgRUMgdGVzdGluZyByb290IGNlcnQxODA2BgNVBAUT
Lzk3MzY2MDk3NDQ1ODU2MDI3MDY5MDQ0MTkxNjIxODI4NjI0NjM0NTI5MTkzMTU5
MB4XDTE1MTAwNTE2MzAwMFoXDTM1MDkzMDE2MzAwMFowXzEjMCEGA1UEAxMaVmF1
bHQgRUMgdGVzdGluZyByb290IGNlcnQxODA2BgNVBAUTLzk3MzY2MDk3NDQ1ODU2
MDI3MDY5MDQ0MTkxNjIxODI4NjI0NjM0NTI5MTkzMTU5MHYwEAYHKoZIzj0CAQYF
K4EEACIDYgAECPXvJ/UQ+oDneWKVqQ4uQKD27JMUEqIMcXWBc8x8EtEWCLnJpXCd
griUDXPvROHVAjLGK9nAJwoAOIlB8xmo3txWuDuuuy1R9YpgMgI+Z230nfPYjc4O
FzT5BY7lTQZRo4IBHzCCARswDgYDVR0PAQH/BAQDAgGuMBMGA1UdJQQMMAoGCCsG
AQUFBwMJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFCIBqs15CiKuj7vqmIW5
L07WSeLhMB8GA1UdIwQYMBaAFCIBqs15CiKuj7vqmIW5L07WSeLhMEIGCCsGAQUF
BwEBBDYwNDAyBggrBgEFBQcwAoYmaHR0cDovL3ZhdWx0LmV4YW1wbGUuY29tL3Yx
L3Jvb3Rwa2kvY2EwJQYDVR0RBB4wHIIaVmF1bHQgRUMgdGVzdGluZyByb290IGNl
cnQwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL3ZhdWx0LmV4YW1wbGUuY29tL3Yx
L3Jvb3Rwa2kvY3JsMAoGCCqGSM49BAMCA2kAMGYCMQDRrxXskBtXjuZ1tUTk+qae
3bNVE1oeTDJhe0m3KN7qTykSGslxfEjlv83GYXziiv0CMQDsqu1U9uXPn3ezSbgG
O30prQ/sanDzNAeJhftoGtNPJDspwx0fzclHvKIhgl3JVUc=
-----END CERTIFICATE-----
`
var (
initTest sync . Once
rsaCAKey string
rsaCACert string
ecCAKey string
ecCACert string
)
Jeff Mitchell