diff --git a/package-lock.json b/package-lock.json index 30792b5e5a..bee7345536 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5659,10 +5659,12 @@ "license": "Apache-2.0" }, "node_modules/@mongodb-js/devtools-connect": { - "version": "3.3.0", + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/@mongodb-js/devtools-connect/-/devtools-connect-3.3.3.tgz", + "integrity": "sha512-VGqaagbvv06cs41KuJxs/UUa7Q10e1htgQxtbfqTRmFSxuToR+0+6IDVBcEEv4F8Oh3TdXGcms/S8cVjQiRgow==", "license": "Apache-2.0", "dependencies": { - "@mongodb-js/devtools-proxy-support": "^0.4.0", + "@mongodb-js/devtools-proxy-support": "^0.4.2", "@mongodb-js/oidc-http-server-pages": "1.1.3", "lodash.merge": "^4.6.2", "mongodb-connection-string-url": "^3.0.0", @@ -5688,7 +5690,9 @@ } }, "node_modules/@mongodb-js/devtools-proxy-support": { - "version": "0.4.1", + "version": "0.4.2", + "resolved": "https://registry.npmjs.org/@mongodb-js/devtools-proxy-support/-/devtools-proxy-support-0.4.2.tgz", + "integrity": "sha512-CSsAsiAkVDkSV7/soKWlPskWYRQLlOJo7a1x+M/HdYgBulEacWpBHnKepwDsaJn/9GCIIcFCVO9nLS0tn1aGLQ==", "license": "Apache-2.0", "dependencies": { "@mongodb-js/socksv5": "^0.0.10", @@ -5706,6 +5710,8 @@ }, "node_modules/@mongodb-js/devtools-proxy-support/node_modules/data-uri-to-buffer": { "version": "4.0.1", + "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz", + "integrity": "sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A==", "license": "MIT", "engines": { "node": ">= 12" @@ -5713,6 +5719,8 @@ }, "node_modules/@mongodb-js/devtools-proxy-support/node_modules/debug": { "version": "4.3.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz", + "integrity": "sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==", "license": "MIT", "dependencies": { "ms": "^2.1.3" @@ -5727,7 +5735,9 @@ } }, "node_modules/@mongodb-js/devtools-proxy-support/node_modules/lru-cache": { - "version": "11.0.1", + "version": "11.0.2", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.0.2.tgz", + "integrity": "sha512-123qHRfJBmo2jXDbo/a5YOQrJoHF/GNQTLzQ5+IdK5pWpceK17yRc6ozlWd25FxvGKQbIUs91fDFkXmDHTKcyA==", "license": "ISC", "engines": { "node": "20 || >=22" @@ -5735,10 +5745,14 @@ }, "node_modules/@mongodb-js/devtools-proxy-support/node_modules/ms": { "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", "license": "MIT" }, "node_modules/@mongodb-js/devtools-proxy-support/node_modules/node-fetch": { "version": "3.3.2", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.3.2.tgz", + "integrity": "sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==", "license": "MIT", "dependencies": { "data-uri-to-buffer": "^4.0.0", @@ -28909,7 +28923,7 @@ "mongodb-connection-string-url": "^3.0.1" }, "devDependencies": { - "@mongodb-js/devtools-connect": "^3.3.0", + "@mongodb-js/devtools-connect": "^3.3.3", "@mongodb-js/eslint-config-mongosh": "^1.0.0", "@mongodb-js/prettier-config-devtools": "^1.0.1", "@mongodb-js/tsconfig-mongosh": "^1.0.0", @@ -29253,7 +29267,7 @@ "version": "0.0.0-dev.0", "license": "Apache-2.0", "dependencies": { - "@mongodb-js/devtools-proxy-support": "^0.4.1", + "@mongodb-js/devtools-proxy-support": "^0.4.2", "@mongosh/arg-parser": "0.0.0-dev.0", "@mongosh/autocomplete": "0.0.0-dev.0", "@mongosh/editor": "0.0.0-dev.0", @@ -29570,7 +29584,7 @@ "version": "0.0.0-dev.0", "license": "Apache-2.0", "dependencies": { - "@mongodb-js/devtools-connect": "^3.3.0", + "@mongodb-js/devtools-connect": "^3.3.3", "@mongosh/errors": "0.0.0-dev.0", "@mongosh/history": "0.0.0-dev.0", "@mongosh/types": "0.0.0-dev.0", @@ -29664,7 +29678,7 @@ "version": "0.0.0-dev.0", "license": "Apache-2.0", "dependencies": { - "@mongodb-js/devtools-connect": "^3.3.0", + "@mongodb-js/devtools-connect": "^3.3.3", "@mongodb-js/oidc-plugin": "^1.1.1", "@mongosh/errors": "0.0.0-dev.0", "@mongosh/service-provider-core": "0.0.0-dev.0", @@ -29747,7 +29761,7 @@ "version": "0.0.0-dev.0", "license": "Apache-2.0", "dependencies": { - "@mongodb-js/devtools-proxy-support": "^0.4.1", + "@mongodb-js/devtools-proxy-support": "^0.4.2", "@mongosh/errors": "0.0.0-dev.0", "@mongosh/shell-api": "0.0.0-dev.0", "@mongosh/types": "0.0.0-dev.0", @@ -29777,7 +29791,7 @@ "version": "0.0.0-dev.0", "license": "Apache-2.0", "dependencies": { - "@mongodb-js/devtools-connect": "^3.3.0" + "@mongodb-js/devtools-connect": "^3.3.3" }, "devDependencies": { "@mongodb-js/eslint-config-mongosh": "^1.0.0", diff --git a/packages/arg-parser/package.json b/packages/arg-parser/package.json index fb5f1e68db..4ff68bcd9f 100644 --- a/packages/arg-parser/package.json +++ b/packages/arg-parser/package.json @@ -40,7 +40,7 @@ "mongodb-connection-string-url": "^3.0.1" }, "devDependencies": { - "@mongodb-js/devtools-connect": "^3.3.0", + "@mongodb-js/devtools-connect": "^3.3.3", "@mongodb-js/eslint-config-mongosh": "^1.0.0", "@mongodb-js/prettier-config-devtools": "^1.0.1", "@mongodb-js/tsconfig-mongosh": "^1.0.0", diff --git a/packages/cli-repl/package.json b/packages/cli-repl/package.json index 9d3c819ab0..1c9db746cc 100644 --- a/packages/cli-repl/package.json +++ b/packages/cli-repl/package.json @@ -61,7 +61,7 @@ } }, "dependencies": { - "@mongodb-js/devtools-proxy-support": "^0.4.1", + "@mongodb-js/devtools-proxy-support": "^0.4.2", "@mongosh/arg-parser": "0.0.0-dev.0", "@mongosh/autocomplete": "0.0.0-dev.0", "@mongosh/editor": "0.0.0-dev.0", diff --git a/packages/e2e-tests/test/e2e-tls.spec.ts b/packages/e2e-tests/test/e2e-tls.spec.ts index 1e407eb134..7abe9c927f 100644 --- a/packages/e2e-tests/test/e2e-tls.spec.ts +++ b/packages/e2e-tests/test/e2e-tls.spec.ts @@ -1,4 +1,4 @@ -import { assert, expect } from 'chai'; +import { expect } from 'chai'; import { promises as fs } from 'fs'; import path from 'path'; import { startTestServer } from '../../../testing/integration-testing-hooks'; @@ -20,6 +20,10 @@ const INVALID_CLIENT_CERT = getCertPath('invalid-client.bundle.pem'); const SERVER_KEY = getCertPath('server.bundle.pem'); const SERVER_INVALIDHOST_KEY = getCertPath('server-invalidhost.bundle.pem'); const CRL_INCLUDING_SERVER = getCertPath('ca-server.crl'); +const PARTIAL_TRUST_CHAIN_CA = getCertPath('partial-trust-chain/ca.pem'); +const PARTIAL_TRUST_CHAIN_KEY_AND_CERT = getCertPath( + 'partial-trust-chain/key-and-cert.pem' +); /** * @securityTest TLS End-to-End Tests @@ -35,13 +39,19 @@ describe('e2e TLS', function () { const tmpdir = useTmpdir(); before(async function () { - assert((await fs.stat(CA_CERT)).isFile()); - assert((await fs.stat(NON_CA_CERT)).isFile()); - assert((await fs.stat(CLIENT_CERT)).isFile()); - assert((await fs.stat(CLIENT_CERT_PFX)).isFile()); - assert((await fs.stat(INVALID_CLIENT_CERT)).isFile()); - assert((await fs.stat(SERVER_KEY)).isFile()); - assert((await fs.stat(CRL_INCLUDING_SERVER)).isFile()); + for (const file of [ + CA_CERT, + NON_CA_CERT, + CLIENT_CERT, + CLIENT_CERT_PFX, + INVALID_CLIENT_CERT, + SERVER_KEY, + CRL_INCLUDING_SERVER, + PARTIAL_TRUST_CHAIN_CA, + PARTIAL_TRUST_CHAIN_KEY_AND_CERT, + ]) { + expect((await fs.stat(file)).isFile()).to.be.true; + } const homeInfo = setTemporaryHomeDirectory(); homedir = homeInfo.homedir; @@ -304,6 +314,77 @@ describe('e2e TLS', function () { } ); + // Certificate fixtures and general concept mirrors + // https://github.com/nodejs/node/blob/1b3420274ea8d8cca339a1f10301d2e80f577c4c/test/parallel/test-tls-client-allow-partial-trust-chain.js + // This basically tests that we pass allowPartialTrustChain: true in the TLS options + context( + 'connecting without client cert to server with only partial trust chain', + function () { + before(function () { + // TODO(MONGOSH-1898): Drop Node.js 16 entirely + if (process.version.startsWith('v16.')) return this.skip(); + // The Windows crypto libraries don't accept the particular certificate setup here + // ('CertAddCertificateContextToStore Failed The object or property already exists'), + // so will not let us start a mongod server + if (process.platform === 'win32') return this.skip(); + }); + + const server = startTestServer('e2e-tls-partial-trust-chain', { + args: [ + '--tlsMode', + 'requireTLS', + '--tlsCertificateKeyFile', + PARTIAL_TRUST_CHAIN_KEY_AND_CERT, + '--tlsAllowConnectionsWithoutCertificates', + '--tlsCAFile', + PARTIAL_TRUST_CHAIN_CA, + ], + }); + + it('works with matching CA (connection string)', async function () { + const shell = this.startTestShell({ + args: [ + await connectionStringWithLocalhost(server, { + tls: 'true', + tlsCAFile: PARTIAL_TRUST_CHAIN_KEY_AND_CERT, + tlsAllowInvalidHostnames: 'true', + }), + ], + }); + const result = await shell.waitForPromptOrExit(); + expect(result.state).to.equal('prompt'); + }); + + it('works with matching CA (system certs)', async function () { + if (process.platform !== 'linux') { + return this.skip(); + } + await fs.mkdir(path.join(tmpdir.path, 'certs'), { recursive: true }); + await fs.copyFile( + PARTIAL_TRUST_CHAIN_CA, + path.join(tmpdir.path, 'certs', 'somefilename.crt') + ); + + const shell = this.startTestShell({ + args: [ + await connectionStringWithLocalhost(server, { + serverSelectionTimeoutMS: '1500', + tlsAllowInvalidHostnames: 'true', + }), + '--tls', + ], + env: { + ...env, + SSL_CERT_FILE: path.join(tmpdir.path, 'certs', 'somefilename.crt'), + }, + }); + + const prompt = await shell.waitForPromptOrExit(); + expect(prompt.state).to.equal('prompt'); + }); + } + ); + context('connecting with client cert to server with valid cert', function () { after(async function () { const shell = this.startTestShell({ diff --git a/packages/logging/package.json b/packages/logging/package.json index d185dbab2e..c4629356d2 100644 --- a/packages/logging/package.json +++ b/packages/logging/package.json @@ -17,7 +17,7 @@ "node": ">=14.15.1" }, "dependencies": { - "@mongodb-js/devtools-connect": "^3.3.0", + "@mongodb-js/devtools-connect": "^3.3.3", "@mongosh/errors": "0.0.0-dev.0", "@mongosh/history": "0.0.0-dev.0", "@mongosh/types": "0.0.0-dev.0", diff --git a/packages/service-provider-node-driver/package.json b/packages/service-provider-node-driver/package.json index 143c5eab3d..b4f52bf2c1 100644 --- a/packages/service-provider-node-driver/package.json +++ b/packages/service-provider-node-driver/package.json @@ -47,7 +47,7 @@ } }, "dependencies": { - "@mongodb-js/devtools-connect": "^3.3.0", + "@mongodb-js/devtools-connect": "^3.3.3", "@mongodb-js/oidc-plugin": "^1.1.1", "@mongosh/errors": "0.0.0-dev.0", "@mongosh/service-provider-core": "0.0.0-dev.0", diff --git a/packages/snippet-manager/package.json b/packages/snippet-manager/package.json index ce30b6d89b..b157f0a33f 100644 --- a/packages/snippet-manager/package.json +++ b/packages/snippet-manager/package.json @@ -35,7 +35,7 @@ "unitTestsOnly": true }, "dependencies": { - "@mongodb-js/devtools-proxy-support": "^0.4.1", + "@mongodb-js/devtools-proxy-support": "^0.4.2", "@mongosh/errors": "0.0.0-dev.0", "@mongosh/shell-api": "0.0.0-dev.0", "@mongosh/types": "0.0.0-dev.0", diff --git a/packages/types/package.json b/packages/types/package.json index 9391cc47f6..8bad80c765 100644 --- a/packages/types/package.json +++ b/packages/types/package.json @@ -38,7 +38,7 @@ "unitTestsOnly": true }, "dependencies": { - "@mongodb-js/devtools-connect": "^3.3.0" + "@mongodb-js/devtools-connect": "^3.3.3" }, "devDependencies": { "@mongodb-js/eslint-config-mongosh": "^1.0.0", diff --git a/testing/certificates/partial-trust-chain/ca.pem b/testing/certificates/partial-trust-chain/ca.pem new file mode 100644 index 0000000000..c377518177 --- /dev/null +++ b/testing/certificates/partial-trust-chain/ca.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIUFH02wcL3Qgben6tfIibXitsApCUwDQYJKoZIhvcNAQEL +BQAwejELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0G +A1UECgwGSm95ZW50MRAwDgYDVQQLDAdOb2RlLmpzMQwwCgYDVQQDDANjYTExIDAe +BgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMCAXDTIyMDkwMzIxNDAzN1oY +DzIyOTYwNjE3MjE0MDM3WjB6MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExCzAJ +BgNVBAcMAlNGMQ8wDQYDVQQKDAZKb3llbnQxEDAOBgNVBAsMB05vZGUuanMxDDAK +BgNVBAMMA2NhMzEgMB4GCSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC76GtbMvRM7E1diL6l/Y4qQuDK +ubmGWYOpz7kkUcApfJTa8gIhQvfvNdU/itpLIf1Nhmp9cDRk3BV6gU3P4SetVP+V +x3PSiZ6MJDbQXETn7cLJIewtMexGf8wJldTJ3wcv6/1dZDU3RM3ME7XCgNGBXPOj +c/TOz2StEGf4iwXKE7MHV0D2/hquOwuctqLjV969w8jea6BNqQjcKbq5Y17V4sxH +AO+epbpC88byAaMgmRcqlM660zpKdcsfjQZ/4Vzoce9OOSd/+aHdwLZM3BVL6vAI +09UqkaB+3M4n2pK6dPCQtimbaDyo7QZYgWpmp3/YDN1Hhh6IBoMoQqSu+/DFAgMB +AAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJwGWU3qa5eT +EEP/IXeZUJuZhqND+kBvBPPUYTeCXSbVRI2c6WaU7NZUqYkDz+lVrAMMG+eGPCW1 +8h8DehudZLNDvrz8uEPsYbgvZD+grFRmWh5kUdc2yz6gVVzTTGwy7ARgSoebUqK0 +O4uI8BW/UlF+OpGSpimMBnHqAq13k1Eb9kjckyZw2qIhW02mCsv9PnVQ8waDUq+C +3No8ZoNqgQVVOFSuJz9wxGFPdt0KhizYMh0n+BP7U5srTn0LwWBEXoPsHBWhudTC +NWYtx++OIWK/3QEufal83p2W3ICxAW3yqY7Qy03Z2LW07BDDdAmoFN9NTYuZKGd4 +DQYB7oHNx8E= +-----END CERTIFICATE----- diff --git a/testing/certificates/partial-trust-chain/cert.pem b/testing/certificates/partial-trust-chain/cert.pem new file mode 100644 index 0000000000..e5cd19dc40 --- /dev/null +++ b/testing/certificates/partial-trust-chain/cert.pem @@ -0,0 +1,43 @@ +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIUW3XXftx/tbf6nxQk2kxk+4Fdy94wDQYJKoZIhvcNAQEL +BQAwejELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0G +A1UECgwGSm95ZW50MRAwDgYDVQQLDAdOb2RlLmpzMQwwCgYDVQQDDANjYTMxIDAe +BgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMCAXDTIyMDkwMzIxNDAzN1oY +DzIyOTYwNjE3MjE0MDM3WjB0MQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBl +c3QxETAPBgNVBAoMCFRyZXNvcml0MRYwFAYDVQQDDA3DgWTDoW0gTGlwcGFpMScw +JQYJKoZIhvcNAQkBFhhhZGFtLmxpcHBhaUB0cmVzb3JpdC5jb20wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL+3lXygi/1QUopZMz1aW6eMvhbCWfm8/F +a8rkI6Rc+7LNEWdG37c2V/kgh+xRjFKuwRfh0BWX4xDo77asV2ejTaz6yI5DrSJO +paQdcKxgH9xqFsG96U+ODoqykXYSfO9E5qweFDZVPlUky18Ofv1k+dxQBSDAKJe3 +e9MSt3jgQ0vD3ZQIl9A2TOfRVJIbYcm0EQthQxpZSMA15W5FTdjMc4wB3i5tanH6 +NdKYV5L0cWGiLXAXkRYGmj/iQMSHipSazEHJAmmixuBa1HLGdwaUFziQ6syI0I2x +bBqJkyj2OhiNWTFcGWHoQP1DePDfqcF5MIfDej7mRwnaL3qD27cFAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAFhJ0t5egdr3Z2zWuYmM+YQzOeLaGtfTQST7H5W64Ckx +OHwkYH1LjO5pGs+HGvbaA0DIocCB6fliWaf+kxUo7t+wyHr1Dnr5Po3ZvpHe6AU5 +i/J9bmFUk1oE28Ijgk8ktL77Lj8baihcaq1ca0o03zM16MEaA7eiT95ds2QDXgPL +8hdCsOHiEOllspcYRl3uh1WQQjzLOZmCi4dZI+nuTQ2rviD0T5KYZYJY4nzTssEK +yzfYeUUwUu14J1wYGTgTxKXAWjN0IkxFNq1hX6rC/2U819sVEYF8uWUp9dWJ1slT +z09yT9qZWiF5tebRaRNL1al/IjWkmN39W9DGEFMX2Vk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIUFH02wcL3Qgben6tfIibXitsApCUwDQYJKoZIhvcNAQEL +BQAwejELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0G +A1UECgwGSm95ZW50MRAwDgYDVQQLDAdOb2RlLmpzMQwwCgYDVQQDDANjYTExIDAe +BgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMCAXDTIyMDkwMzIxNDAzN1oY +DzIyOTYwNjE3MjE0MDM3WjB6MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExCzAJ +BgNVBAcMAlNGMQ8wDQYDVQQKDAZKb3llbnQxEDAOBgNVBAsMB05vZGUuanMxDDAK +BgNVBAMMA2NhMzEgMB4GCSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC76GtbMvRM7E1diL6l/Y4qQuDK +ubmGWYOpz7kkUcApfJTa8gIhQvfvNdU/itpLIf1Nhmp9cDRk3BV6gU3P4SetVP+V +x3PSiZ6MJDbQXETn7cLJIewtMexGf8wJldTJ3wcv6/1dZDU3RM3ME7XCgNGBXPOj +c/TOz2StEGf4iwXKE7MHV0D2/hquOwuctqLjV969w8jea6BNqQjcKbq5Y17V4sxH +AO+epbpC88byAaMgmRcqlM660zpKdcsfjQZ/4Vzoce9OOSd/+aHdwLZM3BVL6vAI +09UqkaB+3M4n2pK6dPCQtimbaDyo7QZYgWpmp3/YDN1Hhh6IBoMoQqSu+/DFAgMB +AAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJwGWU3qa5eT +EEP/IXeZUJuZhqND+kBvBPPUYTeCXSbVRI2c6WaU7NZUqYkDz+lVrAMMG+eGPCW1 +8h8DehudZLNDvrz8uEPsYbgvZD+grFRmWh5kUdc2yz6gVVzTTGwy7ARgSoebUqK0 +O4uI8BW/UlF+OpGSpimMBnHqAq13k1Eb9kjckyZw2qIhW02mCsv9PnVQ8waDUq+C +3No8ZoNqgQVVOFSuJz9wxGFPdt0KhizYMh0n+BP7U5srTn0LwWBEXoPsHBWhudTC +NWYtx++OIWK/3QEufal83p2W3ICxAW3yqY7Qy03Z2LW07BDDdAmoFN9NTYuZKGd4 +DQYB7oHNx8E= +-----END CERTIFICATE----- diff --git a/testing/certificates/partial-trust-chain/key-and-cert.pem b/testing/certificates/partial-trust-chain/key-and-cert.pem new file mode 100644 index 0000000000..8278e057df --- /dev/null +++ b/testing/certificates/partial-trust-chain/key-and-cert.pem @@ -0,0 +1,70 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAy/t5V8oIv9UFKKWTM9WlunjL4Wwln5vPxWvK5COkXPuyzRFn +Rt+3Nlf5IIfsUYxSrsEX4dAVl+MQ6O+2rFdno02s+siOQ60iTqWkHXCsYB/cahbB +velPjg6KspF2EnzvROasHhQ2VT5VJMtfDn79ZPncUAUgwCiXt3vTErd44ENLw92U +CJfQNkzn0VSSG2HJtBELYUMaWUjANeVuRU3YzHOMAd4ubWpx+jXSmFeS9HFhoi1w +F5EWBpo/4kDEh4qUmsxByQJposbgWtRyxncGlBc4kOrMiNCNsWwaiZMo9joYjVkx +XBlh6ED9Q3jw36nBeTCHw3o+5kcJ2i96g9u3BQIDAQABAoIBAAT2Ftt1xIS176wv +ascl+SPx8DOJZ9jb90+78XFfFI5WaODn/XUR1+jwdtS9uZe6LACoHaaWYxAQq8ae +nfjPH2wvZXesDRnESkNTcAxvQyILZFcIOqod1JuF6wWw2AhXFZK9cY5Bu5iTLYr5 +j1RQ7mTYVu1zUnqaAiaqUlXwNHZv4XXyuBgsRpaughcMrO85NKveMeqwU9jnEQTa +5i3m0E4qQohA8oSz22f0fXUMFrhSvNCR1e4g3ps+79ArYYPsMnVLgf4CiQIPDv2E +8jOOZ7p1V6A+rn3nn9P7lnkUi3r81Al3dJJmlXCKEKsCC9NMl2sf/ZWfn9ZWMHbo +jLmKwDkCgYEA7alWbTQLiPoKDdXUDOvjI0EmhUY1TAIeUbjplehBTgDsUugMpHvW +jZGkoNrt4dZhjhgTt6wXGCpWQNGGFKrF4/SXYAgXctxmr+4Pw2tcKLA3jf4jlcQ1 +dgDNKQ2jbZ8nqkZPrnmbAJcus1phzcNwmoVJsAa+KAuYJoUwljHcT68CgYEA27ja +Vjmq/djVMmJ8WOAiezwsFYrLOwgAsAbLLVqkHhIaOQSz3TEdq+gaHy8xMn8nF2zE +MyAvrOX5oMZW1823x9uIMDR3fPFoDP/j4v03P2XKIc55Cv1wvIfr9Y1wcdwAR11I +I9TRRswsHMUAMqIZPNcWlpg+lbx8VIp5VGfsfYsCgYB+luAuMraiM2z/iZH1f//w +W1eFTaw93DMCHJhu/NMsFVnLn0Z8pmnV5mnmNDbZQDOeWDzIbKWwfXyL8g6VG5Fk +pneq8yRqTfN0aj2DPcBM++/bdi7GK0i+nhapc1ZFoayjCeiPar6hReXeKppF24Az +DiP92tmWwvY8Ll1+4vgSiQKBgQCfYnRfX+29vnDI39A72DqrEncYGVpbM+7rwcHY +4It0lMUY32Rp65sOfIuWW3FgpAQDZg7c11g+H4T5L2cHnF7YR1N/RE/4/lTwOR9i +JTTSdFAwPcpoQnhpCmAL+9G5hlFdczlFZLd6l9jX9b+y+ws7qvrjuwSLMfMukFR6 ++ff/CQKBgQCiFqg+k0zGqhpfVOHxWaLgLZPlENUabpc54Ff6wdxrvY6d0F7F1/sy +T6PlSLvvq1VpEJJXTlEv8jc64OVsNps7jkYkgR9xG47Njytj2RVQtlZNSs+kEVmt +XfzU4J43WrX517ymzar520WksPrx4eYQO1TZICVywsAgs4vJ2ZqXVA== +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIUW3XXftx/tbf6nxQk2kxk+4Fdy94wDQYJKoZIhvcNAQEL +BQAwejELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0G +A1UECgwGSm95ZW50MRAwDgYDVQQLDAdOb2RlLmpzMQwwCgYDVQQDDANjYTMxIDAe +BgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMCAXDTIyMDkwMzIxNDAzN1oY +DzIyOTYwNjE3MjE0MDM3WjB0MQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBl +c3QxETAPBgNVBAoMCFRyZXNvcml0MRYwFAYDVQQDDA3DgWTDoW0gTGlwcGFpMScw +JQYJKoZIhvcNAQkBFhhhZGFtLmxpcHBhaUB0cmVzb3JpdC5jb20wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL+3lXygi/1QUopZMz1aW6eMvhbCWfm8/F +a8rkI6Rc+7LNEWdG37c2V/kgh+xRjFKuwRfh0BWX4xDo77asV2ejTaz6yI5DrSJO +paQdcKxgH9xqFsG96U+ODoqykXYSfO9E5qweFDZVPlUky18Ofv1k+dxQBSDAKJe3 +e9MSt3jgQ0vD3ZQIl9A2TOfRVJIbYcm0EQthQxpZSMA15W5FTdjMc4wB3i5tanH6 +NdKYV5L0cWGiLXAXkRYGmj/iQMSHipSazEHJAmmixuBa1HLGdwaUFziQ6syI0I2x +bBqJkyj2OhiNWTFcGWHoQP1DePDfqcF5MIfDej7mRwnaL3qD27cFAgMBAAEwDQYJ +KoZIhvcNAQELBQADggEBAFhJ0t5egdr3Z2zWuYmM+YQzOeLaGtfTQST7H5W64Ckx +OHwkYH1LjO5pGs+HGvbaA0DIocCB6fliWaf+kxUo7t+wyHr1Dnr5Po3ZvpHe6AU5 +i/J9bmFUk1oE28Ijgk8ktL77Lj8baihcaq1ca0o03zM16MEaA7eiT95ds2QDXgPL +8hdCsOHiEOllspcYRl3uh1WQQjzLOZmCi4dZI+nuTQ2rviD0T5KYZYJY4nzTssEK +yzfYeUUwUu14J1wYGTgTxKXAWjN0IkxFNq1hX6rC/2U819sVEYF8uWUp9dWJ1slT +z09yT9qZWiF5tebRaRNL1al/IjWkmN39W9DGEFMX2Vk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIUFH02wcL3Qgben6tfIibXitsApCUwDQYJKoZIhvcNAQEL +BQAwejELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEPMA0G +A1UECgwGSm95ZW50MRAwDgYDVQQLDAdOb2RlLmpzMQwwCgYDVQQDDANjYTExIDAe +BgkqhkiG9w0BCQEWEXJ5QHRpbnljbG91ZHMub3JnMCAXDTIyMDkwMzIxNDAzN1oY +DzIyOTYwNjE3MjE0MDM3WjB6MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExCzAJ +BgNVBAcMAlNGMQ8wDQYDVQQKDAZKb3llbnQxEDAOBgNVBAsMB05vZGUuanMxDDAK +BgNVBAMMA2NhMzEgMB4GCSqGSIb3DQEJARYRcnlAdGlueWNsb3Vkcy5vcmcwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC76GtbMvRM7E1diL6l/Y4qQuDK +ubmGWYOpz7kkUcApfJTa8gIhQvfvNdU/itpLIf1Nhmp9cDRk3BV6gU3P4SetVP+V +x3PSiZ6MJDbQXETn7cLJIewtMexGf8wJldTJ3wcv6/1dZDU3RM3ME7XCgNGBXPOj +c/TOz2StEGf4iwXKE7MHV0D2/hquOwuctqLjV969w8jea6BNqQjcKbq5Y17V4sxH +AO+epbpC88byAaMgmRcqlM660zpKdcsfjQZ/4Vzoce9OOSd/+aHdwLZM3BVL6vAI +09UqkaB+3M4n2pK6dPCQtimbaDyo7QZYgWpmp3/YDN1Hhh6IBoMoQqSu+/DFAgMB +AAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJwGWU3qa5eT +EEP/IXeZUJuZhqND+kBvBPPUYTeCXSbVRI2c6WaU7NZUqYkDz+lVrAMMG+eGPCW1 +8h8DehudZLNDvrz8uEPsYbgvZD+grFRmWh5kUdc2yz6gVVzTTGwy7ARgSoebUqK0 +O4uI8BW/UlF+OpGSpimMBnHqAq13k1Eb9kjckyZw2qIhW02mCsv9PnVQ8waDUq+C +3No8ZoNqgQVVOFSuJz9wxGFPdt0KhizYMh0n+BP7U5srTn0LwWBEXoPsHBWhudTC +NWYtx++OIWK/3QEufal83p2W3ICxAW3yqY7Qy03Z2LW07BDDdAmoFN9NTYuZKGd4 +DQYB7oHNx8E= +-----END CERTIFICATE----- diff --git a/testing/certificates/partial-trust-chain/key.pem b/testing/certificates/partial-trust-chain/key.pem new file mode 100644 index 0000000000..af88bb8d7e --- /dev/null +++ b/testing/certificates/partial-trust-chain/key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAy/t5V8oIv9UFKKWTM9WlunjL4Wwln5vPxWvK5COkXPuyzRFn +Rt+3Nlf5IIfsUYxSrsEX4dAVl+MQ6O+2rFdno02s+siOQ60iTqWkHXCsYB/cahbB +velPjg6KspF2EnzvROasHhQ2VT5VJMtfDn79ZPncUAUgwCiXt3vTErd44ENLw92U +CJfQNkzn0VSSG2HJtBELYUMaWUjANeVuRU3YzHOMAd4ubWpx+jXSmFeS9HFhoi1w +F5EWBpo/4kDEh4qUmsxByQJposbgWtRyxncGlBc4kOrMiNCNsWwaiZMo9joYjVkx +XBlh6ED9Q3jw36nBeTCHw3o+5kcJ2i96g9u3BQIDAQABAoIBAAT2Ftt1xIS176wv +ascl+SPx8DOJZ9jb90+78XFfFI5WaODn/XUR1+jwdtS9uZe6LACoHaaWYxAQq8ae +nfjPH2wvZXesDRnESkNTcAxvQyILZFcIOqod1JuF6wWw2AhXFZK9cY5Bu5iTLYr5 +j1RQ7mTYVu1zUnqaAiaqUlXwNHZv4XXyuBgsRpaughcMrO85NKveMeqwU9jnEQTa +5i3m0E4qQohA8oSz22f0fXUMFrhSvNCR1e4g3ps+79ArYYPsMnVLgf4CiQIPDv2E +8jOOZ7p1V6A+rn3nn9P7lnkUi3r81Al3dJJmlXCKEKsCC9NMl2sf/ZWfn9ZWMHbo +jLmKwDkCgYEA7alWbTQLiPoKDdXUDOvjI0EmhUY1TAIeUbjplehBTgDsUugMpHvW +jZGkoNrt4dZhjhgTt6wXGCpWQNGGFKrF4/SXYAgXctxmr+4Pw2tcKLA3jf4jlcQ1 +dgDNKQ2jbZ8nqkZPrnmbAJcus1phzcNwmoVJsAa+KAuYJoUwljHcT68CgYEA27ja +Vjmq/djVMmJ8WOAiezwsFYrLOwgAsAbLLVqkHhIaOQSz3TEdq+gaHy8xMn8nF2zE +MyAvrOX5oMZW1823x9uIMDR3fPFoDP/j4v03P2XKIc55Cv1wvIfr9Y1wcdwAR11I +I9TRRswsHMUAMqIZPNcWlpg+lbx8VIp5VGfsfYsCgYB+luAuMraiM2z/iZH1f//w +W1eFTaw93DMCHJhu/NMsFVnLn0Z8pmnV5mnmNDbZQDOeWDzIbKWwfXyL8g6VG5Fk +pneq8yRqTfN0aj2DPcBM++/bdi7GK0i+nhapc1ZFoayjCeiPar6hReXeKppF24Az +DiP92tmWwvY8Ll1+4vgSiQKBgQCfYnRfX+29vnDI39A72DqrEncYGVpbM+7rwcHY +4It0lMUY32Rp65sOfIuWW3FgpAQDZg7c11g+H4T5L2cHnF7YR1N/RE/4/lTwOR9i +JTTSdFAwPcpoQnhpCmAL+9G5hlFdczlFZLd6l9jX9b+y+ws7qvrjuwSLMfMukFR6 ++ff/CQKBgQCiFqg+k0zGqhpfVOHxWaLgLZPlENUabpc54Ff6wdxrvY6d0F7F1/sy +T6PlSLvvq1VpEJJXTlEv8jc64OVsNps7jkYkgR9xG47Njytj2RVQtlZNSs+kEVmt +XfzU4J43WrX517ymzar520WksPrx4eYQO1TZICVywsAgs4vJ2ZqXVA== +-----END RSA PRIVATE KEY-----