mirrors/scylladb
1
0
Fork 0
mirror of https://github.com/scylladb/scylladb.git synced 2026-04-19 16:15:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

tests: Add EAR tests

Browse Source 
Adds the migrated EAR/encryption tests.
Note: Until scylla CI is updated to provide all the proper
ENV vars, some tests will not execute.
This commit is contained in:
Calle Wilund
2025-01-08 11:50:16 +00:00
parent ee62b61c84
commit c596ae6eb1
8 changed files with 1830 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
configure.py
View File

@@ -475,6 +475,8 @@ scylla_tests = set([
'test/boost/double_decker_test',
'test/boost/duration_test',
'test/boost/dynamic_bitset_test',
'test/boost/encrypted_file_test',
'test/boost/encryption_at_rest_test',
'test/boost/enum_option_test',
'test/boost/enum_set_test',
'test/boost/estimated_histogram_test',
@@ -554,6 +556,7 @@ scylla_tests = set([
'test/boost/token_metadata_test',
'test/boost/top_k_test',
'test/boost/transport_test',
'test/boost/symmetric_key_test',
'test/boost/types_test',
'test/boost/utf8_test',
'test/boost/vint_serialization_test',

9
test/boost/CMakeLists.txt
View File

@@ -80,6 +80,15 @@ add_scylla_test(duration_test
add_scylla_test(dynamic_bitset_test
KIND BOOST
LIBRARIES utils)
add_scylla_test(encrypted_file_test
KIND SEASTAR
LIBRARIES
encryption)
add_scylla_test(encryption_at_rest_test
KIND SEASTAR
LIBRARIES
Boost::filesystem
encryption)
add_scylla_test(enum_option_test
KIND BOOST)
add_scylla_test(enum_set_test

265
test/boost/encrypted_file_test.cc Normal file
View File

@@ -0,0 +1,265 @@
/*
* Copyright (C) 2016 ScyllaDB
*/
#include <boost/range/irange.hpp>
#include <boost/range/adaptors.hpp>
#include <boost/range/algorithm.hpp>
#include <boost/test/unit_test.hpp>
#include <stdint.h>
#include <random>
#include <seastar/core/future-util.hh>
#include <seastar/core/seastar.hh>
#include <seastar/core/shared_ptr.hh>
#include <seastar/core/thread.hh>
#include <seastar/testing/test_case.hh>
#include "ent/encryption/encryption.hh"
#include "ent/encryption/symmetric_key.hh"
#include "ent/encryption/encrypted_file_impl.hh"
#include "test/lib/tmpdir.hh"
#include "test/lib/random_utils.hh"
#include "test/lib/exception_utils.hh"
using namespace encryption;
static tmpdir dir;
static future<std::tuple<file, ::shared_ptr<symmetric_key>>> make_file(const sstring& name, open_flags mode, ::shared_ptr<symmetric_key> k = nullptr) {
file f = co_await open_file_dma(sstring(dir.path() / std::string(name)), mode);
if (k == nullptr) {
key_info info{"AES/CBC", 256};
k = ::make_shared<symmetric_key>(info);
}
co_return std::tuple(file(make_encrypted_file(f, k)), k);
}
static temporary_buffer<uint8_t> generate_random(size_t n, size_t align) {
auto tmp = temporary_buffer<uint8_t>::aligned(align, align_up(n, align));
auto data = tests::random::get_sstring(n);
std::copy(data.begin(), data.end(), tmp.get_write());
return tmp;
}
static future<> test_random_data_disk(size_t n) {
auto name = "test_rand_" + std::to_string(n);
auto t = co_await make_file(name, open_flags::rw|open_flags::create);
auto f = std::get<0>(t);
std::exception_ptr ex = nullptr;
try {
auto k = std::get<1>(t);
auto a = f.memory_dma_alignment();
auto buf = generate_random(n, a);
auto w = co_await f.dma_write(0, buf.get(), buf.size());
co_await f.flush();
if (n != buf.size()) {
co_await f.truncate(n);
}
BOOST_REQUIRE_EQUAL(w, buf.size());
auto k2 = ::make_shared<symmetric_key>(k->info(), k->key());
auto f2 = std::get<0>(co_await make_file(name, open_flags::ro, k2));
auto tmp = temporary_buffer<uint8_t>::aligned(a, buf.size());
auto n2 = co_await f2.dma_read(0, tmp.get_write(), tmp.size());
BOOST_REQUIRE_EQUAL(n2, n);
BOOST_REQUIRE_EQUAL_COLLECTIONS(tmp.get(), tmp.get() + n2, buf.get(), buf.get() + n2);
} catch (...) {
ex = std::current_exception();
}
co_await f.close();
if (ex) {
std::rethrow_exception(ex);
}
}
static void test_random_data(size_t n) {
auto buf = generate_random(n, 8);
// first, verify padded.
{
key_info info{"AES/CBC/PKCSPadding", 256};
auto k = ::make_shared<symmetric_key>(info);
bytes b(bytes::initialized_later(), k->iv_len());
k->generate_iv(b.data(), k->iv_len());
temporary_buffer<uint8_t> tmp(n + k->block_size());
k->encrypt(buf.get(), buf.size(), tmp.get_write(), tmp.size(), b.data());
auto bytes = k->key();
auto k2 = ::make_shared<symmetric_key>(info, bytes);
temporary_buffer<uint8_t> tmp2(n + k->block_size());
k2->decrypt(tmp.get(), tmp.size(), tmp2.get_write(), tmp2.size(), b.data());
BOOST_REQUIRE_EQUAL_COLLECTIONS(tmp2.get(), tmp2.get() + n, buf.get(), buf.get() + n);
}
// unpadded
{
key_info info{"AES/CBC", 256};
auto k = ::make_shared<symmetric_key>(info);
bytes b(bytes::initialized_later(), k->iv_len());
k->generate_iv(b.data(), k->iv_len());
temporary_buffer<uint8_t> tmp(n);
k->encrypt_unpadded(buf.get(), buf.size(), tmp.get_write(), b.data());
auto bytes = k->key();
auto k2 = ::make_shared<symmetric_key>(info, bytes);
temporary_buffer<uint8_t> tmp2(buf.size());
k2->decrypt_unpadded(tmp.get(), tmp.size(), tmp2.get_write(), b.data());
BOOST_REQUIRE_EQUAL_COLLECTIONS(tmp2.get(), tmp2.get() + n, buf.get(), buf.get() + n);
}
}
BOOST_AUTO_TEST_CASE(test_encrypting_data_128) {
test_random_data(128);
}
BOOST_AUTO_TEST_CASE(test_encrypting_data_4k) {
test_random_data(4*1024);
}
SEASTAR_TEST_CASE(test_encrypted_file_data_4k) {
return test_random_data_disk(4*1024);
}
SEASTAR_TEST_CASE(test_encrypted_file_data_16k) {
return test_random_data_disk(16*1024);
}
SEASTAR_TEST_CASE(test_encrypted_file_data_unaligned) {
return test_random_data_disk(16*1024 - 3);
}
SEASTAR_TEST_CASE(test_encrypted_file_data_unaligned2) {
return test_random_data_disk(16*1024 - 4092);
}
SEASTAR_TEST_CASE(test_short) {
auto name = "test_short";
file f = co_await open_file_dma(sstring(dir.path() / name), open_flags::rw|open_flags::create);
co_await f.truncate(1);
co_await f.close();
auto t = co_await make_file(name, open_flags::ro);
f = std::get<0>(t);
std::exception_ptr ex = nullptr;
try {
temporary_buffer<char> buf(f.memory_dma_alignment());
BOOST_REQUIRE_EXCEPTION(
co_await f.dma_read(0, buf.get_write(), buf.size()),
std::domain_error,
exception_predicate::message_contains("file size 1, expected 0 or at least 16")
);
} catch (...) {
ex = std::current_exception();
}
co_await f.close();
if (ex) {
std::rethrow_exception(ex);
}
}
SEASTAR_TEST_CASE(test_truncating_empty) {
auto name = "test_truncating_empty";
auto t = co_await make_file(name, open_flags::rw|open_flags::create);
auto f = std::get<0>(t);
auto k = std::get<1>(t);
auto s = 64 * f.memory_dma_alignment();
co_await f.truncate(s);
temporary_buffer<char> buf(s);
auto n = co_await f.dma_read(0, buf.get_write(), buf.size());
co_await f.close();
BOOST_REQUIRE_EQUAL(s, n);
for (auto c : buf) {
BOOST_REQUIRE_EQUAL(c, 0);
}
}
SEASTAR_TEST_CASE(test_truncating_extend) {
auto name = "test_truncating_extend";
auto t = co_await make_file(name, open_flags::rw|open_flags::create);
auto f = std::get<0>(t);
auto k = std::get<1>(t);
auto a = f.memory_dma_alignment();
auto s = 32 * a;
auto buf = generate_random(s, a);
auto w = co_await f.dma_write(0, buf.get(), buf.size());
co_await f.flush();
BOOST_REQUIRE_EQUAL(s, w);
for (size_t i = 1; i < 64; ++i) {
// truncate smaller, unaligned
auto l = w - i;
auto r = w + 8 * a;
co_await f.truncate(l);
BOOST_REQUIRE_EQUAL(l, (co_await f.stat()).st_size);
{
auto tmp = temporary_buffer<uint8_t>::aligned(a, align_up(l, a));
auto n = co_await f.dma_read(0, tmp.get_write(), tmp.size());
BOOST_REQUIRE_EQUAL(l, n);
BOOST_REQUIRE_EQUAL_COLLECTIONS(tmp.get(), tmp.get() + l, buf.get(), buf.get() + l);
auto k = align_down(l, a);
while (k > 0) {
n = co_await f.dma_read(0, tmp.get_write(), k);
BOOST_REQUIRE_EQUAL(k, n);
BOOST_REQUIRE_EQUAL_COLLECTIONS(tmp.get(), tmp.get() + k, buf.get(), buf.get() + k);
n = co_await f.dma_read(k, tmp.get_write(), tmp.size());
BOOST_REQUIRE_EQUAL(l - k, n);
BOOST_REQUIRE_EQUAL_COLLECTIONS(tmp.get(), tmp.get() + n, buf.get() + k, buf.get() + k + n);
k -= a;
}
}
co_await f.truncate(r);
BOOST_REQUIRE_EQUAL(r, (co_await f.stat()).st_size);
auto tmp = temporary_buffer<uint8_t>::aligned(a, align_up(r, a));
auto n = co_await f.dma_read(0, tmp.get_write(), tmp.size());
BOOST_REQUIRE_EQUAL(r, n);
BOOST_REQUIRE_EQUAL_COLLECTIONS(tmp.get(), tmp.get() + l, buf.get(), buf.get() + l);
while (l < r) {
BOOST_REQUIRE_EQUAL(tmp[l], 0);
++l;
}
}
co_await f.close();
}

1098
test/boost/encryption_at_rest_test.cc Normal file
View File

File diff suppressed because it is too large Load Diff

95
test/boost/kmip_wrapper.py Normal file
View File

@@ -0,0 +1,95 @@
import ssl
import sys
from kmip.services import auth
from kmip.services.server.server import build_argument_parser
from kmip.services.server.server import KmipServer
# Helper wrapper for running pykmip in scylla testing. Needed because TLS options
# (hardcoded) in pykmip are obsolete and will not work with connecting using gnutls
# of any modern variety.
class TLS13AuthenticationSuite(auth.TLS12AuthenticationSuite):
"""
An authentication suite used to establish secure network connections.
Supports TLS 1.3. More importantly, works with gnutls-<recent>
"""
def __init__(self, cipher_suites=None):
"""
Create a TLS12AuthenticationSuite object.
Args:
cipher_suites (list): A list of strings representing the names of
cipher suites to use. Overrides the default set of cipher
suites. Optional, defaults to None.
"""
super().__init__(cipher_suites)
self._protocol = ssl.PROTOCOL_TLS_SERVER
def main():
# Build argument parser and parser command-line arguments.
parser = build_argument_parser()
opts, args = parser.parse_args(sys.argv[1:])
kwargs = {}
if opts.hostname:
kwargs['hostname'] = opts.hostname
if opts.port:
kwargs['port'] = opts.port
if opts.certificate_path:
kwargs['certificate_path'] = opts.certificate_path
if opts.key_path:
kwargs['key_path'] = opts.key_path
if opts.ca_path:
kwargs['ca_path'] = opts.ca_path
if opts.auth_suite:
kwargs['auth_suite'] = opts.auth_suite
if opts.config_path:
kwargs['config_path'] = opts.config_path
if opts.log_path:
kwargs['log_path'] = opts.log_path
if opts.policy_path:
kwargs['policy_path'] = opts.policy_path
if opts.ignore_tls_client_auth:
kwargs['enable_tls_client_auth'] = False
if opts.logging_level:
kwargs['logging_level'] = opts.logging_level
if opts.database_path:
kwargs['database_path'] = opts.database_path
kwargs['live_policies'] = True
# Create and start the server.
s = KmipServer(**kwargs)
# Fix TLS. Try to get this into mainline project, but that will take time...
s.auth_suite = TLS13AuthenticationSuite(s.auth_suite.ciphers)
# force port to zero -> select dynamically
s.config.settings['port'] = 0
def fake_wrap_ssl(sock, keyfile=None, certfile=None,
server_side=False, cert_reqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_TLS, ca_certs=None,
do_handshake_on_connect=True,
suppress_ragged_eofs=True,
ciphers=None):
ctxt = ssl.SSLContext(protocol = ssl_version)
ctxt.load_cert_chain(certfile=certfile, keyfile=keyfile)
ctxt.verify_mode = cert_reqs
ctxt.load_verify_locations(cafile=ca_certs)
ctxt.set_ciphers(ciphers)
return ctxt.wrap_socket(sock, server_side=server_side
, do_handshake_on_connect=do_handshake_on_connect
, suppress_ragged_eofs=suppress_ragged_eofs)
ssl.wrap_socket = fake_wrap_ssl
print("Starting...")
with s:
print("Listening on {}".format(s._socket.getsockname()[1]))
sys.stdout.flush()
s.serve()
if __name__ == '__main__':
main()

221
test/boost/symmetric_key_test.cc Normal file
View File

@@ -0,0 +1,221 @@
/*
* Copyright (C) 2016 ScyllaDB
*/
#include <boost/range/irange.hpp>
#include <boost/range/adaptors.hpp>
#include <boost/range/algorithm.hpp>
#include <boost/test/unit_test.hpp>
#include <boost/lexical_cast.hpp>
#include <stdint.h>
#include <random>
#include <seastar/core/future-util.hh>
#include <seastar/core/seastar.hh>
#include <seastar/core/shared_ptr.hh>
#include <seastar/core/thread.hh>
#include <seastar/core/align.hh>
#include <seastar/testing/test_case.hh>
#include "ent/encryption/encryption.hh"
#include "ent/encryption/symmetric_key.hh"
using namespace encryption;
static temporary_buffer<uint8_t> generate_random(size_t n, size_t align) {
std::random_device r;
std::default_random_engine e1(r());
std::uniform_int_distribution<uint8_t> dist('0', 'z');
auto tmp = temporary_buffer<uint8_t>::aligned(align, align_up(n, align));
std::generate(tmp.get_write(), tmp.get_write() + tmp.size(), std::bind(dist, std::ref(e1)));
return tmp;
}
static void test_random_data(const sstring& desc, unsigned int bits) {
auto buf = generate_random(128, 8);
auto n = buf.size();
// first, verify padded.
{
key_info info{desc, bits};
auto k = ::make_shared<symmetric_key>(info);
bytes b(bytes::initialized_later(), k->iv_len());
k->generate_iv(b.data(), k->iv_len());
temporary_buffer<uint8_t> tmp(n + k->block_size());
k->encrypt(buf.get(), buf.size(), tmp.get_write(), tmp.size(), b.data());
auto bytes = k->key();
auto k2 = ::make_shared<symmetric_key>(info, bytes);
temporary_buffer<uint8_t> tmp2(n + k->block_size());
k2->decrypt(tmp.get(), tmp.size(), tmp2.get_write(), tmp2.size(), b.data());
BOOST_REQUIRE_EQUAL_COLLECTIONS(tmp2.get(), tmp2.get() + n, buf.get(), buf.get() + n);
}
// unpadded
{
auto desc2 = desc;
desc2.resize(desc.find_last_of('/'));
key_info info{desc2, bits};
auto k = ::make_shared<symmetric_key>(info);
bytes b(bytes::initialized_later(), k->iv_len());
k->generate_iv(b.data(), k->iv_len());
temporary_buffer<uint8_t> tmp(n);
k->encrypt_unpadded(buf.get(), buf.size(), tmp.get_write(), b.data());
auto bytes = k->key();
auto k2 = ::make_shared<symmetric_key>(info, bytes);
temporary_buffer<uint8_t> tmp2(buf.size());
k2->decrypt_unpadded(tmp.get(), tmp.size(), tmp2.get_write(), b.data());
BOOST_REQUIRE_EQUAL_COLLECTIONS(tmp2.get(), tmp2.get() + n, buf.get(), buf.get() + n);
}
}
SEASTAR_TEST_CASE(test_cipher_types) {
static const std::unordered_map<sstring, std::vector<unsigned int>> ciphers = {
{ "AES/CBC/PKCS5Padding", { 128, 192, 256 } },
{ "AES/ECB/PKCS5Padding", { 128, 192, 256 } },
{ "DES/CBC/PKCS5Padding", { 56 } },
{ "DESede/CBC/PKCS5Padding", { 112, 168 } },
{ "Blowfish/CBC/PKCS5Padding", { 32, 64, 448 } },
{ "RC2/CBC/PKCS5Padding", { 40, 41, 64, 67, 120, 128 } },
};
for (auto & p : ciphers) {
for (auto s : p.second) {
test_random_data(p.first, s);
}
}
return make_ready_future<>();
}
// OpenSSL only supports one form of padding. We used to just allow
// non-empty string -> pkcs5/pcks7. We now instead verify this to be
// within the "sane" limits, i.e. pkcs, pkcs5 or pkcs7.
// Check an non-exhaustive set of invalid padding options and verify
// we get an exception as expected.
// See below for test for valid strings.
SEASTAR_TEST_CASE(test_invalid_padding_options) {
static const std::unordered_map<sstring, unsigned int> ciphers = {
{ "AES/CBC/PKCSU", 128 },
{ "AES/ECB/Gris", 128 },
{ "DES/CBC/PKCS12Padding", 56 },
{ "DES/CBC/KorvPadding", 56 },
{ "DES/CBC/MUPadding", 56 },
};
for (auto& p : ciphers) {
try {
key_info info{p.first, p.second};
symmetric_key k(info);
BOOST_ERROR("should not reach");
} catch (...) {
// ok.
}
}
return make_ready_future<>();
}
SEASTAR_TEST_CASE(test_valid_padding_options) {
static const std::unordered_map<sstring, unsigned int> ciphers = {
{ "AES/CBC/PKCS", 128 },
{ "AES/CBC/PKCSPadding", 128 },
{ "AES/ECB/PKCS7Padding", 128 },
{ "AES/ECB/PKCS7", 128 },
{ "DES/CBC/PKCS5Padding", 56 },
{ "DES/CBC/PKCS5", 56 },
{ "AES/CBC/NoPadding", 128 },
{ "AES/ECB/NoPadding", 128 },
{ "DES/CBC/NoPadding", 56 },
{ "AES/CBC/No", 128 },
{ "AES/ECB/No", 128 },
{ "DES/CBC/No", 56 },
};
for (auto& p : ciphers) {
key_info info{p.first, p.second};
symmetric_key k(info);
auto errors = k.validate_exact_info_result();
BOOST_REQUIRE_EQUAL(errors, std::string{});
}
return make_ready_future<>();
}
SEASTAR_TEST_CASE(test_warn_adjusted_options) {
static const std::unordered_map<sstring, std::vector<unsigned int>> ciphers = {
// blowfish only supports CBC and will become CBC whatever you say
{ "Blowfish/CFB/PKCS5Padding", { 32, 64, 448 } },
{ "Blowfish/XTS/PKCS5Padding", { 32, 64, 448 } },
};
for (auto& p : ciphers) {
for (auto s : p.second) {
auto alg = p.first;
key_info info{alg, s};
symmetric_key k(info);
auto errors = k.validate_exact_info_result();
BOOST_REQUIRE_NE(errors, std::string{});
}
}
return make_ready_future<>();
}
/**
* Verifies that when using defaults in a key, the key info returned is still
* equal to the input one (by bit and textually)
*/
SEASTAR_TEST_CASE(test_cipher_defaults) {
static const std::unordered_map<sstring, std::vector<unsigned int>> ciphers = {
{ "AES/CBC/PKCS5Padding", { 128, 192, 256 } },
{ "AES/ECB/PKCS5Padding", { 128, 192, 256 } },
{ "DES/CBC/PKCS5Padding", { 56 } },
{ "DESede/CBC/PKCS5Padding", { 112, 168 } },
{ "Blowfish/CBC/PKCS5Padding", { 32, 64, 448 } },
{ "RC2/CBC/PKCS5Padding", { 40, 41, 64, 67, 120, 128 } },
};
for (auto& p : ciphers) {
for (auto s : p.second) {
auto alg = p.first;
for (;;) {
key_info info{alg, s};
symmetric_key k(info);
BOOST_REQUIRE_EQUAL(info, k.info());
BOOST_REQUIRE_EQUAL(boost::lexical_cast<std::string>(info), boost::lexical_cast<std::string>(k.info()));
auto i = alg.find_last_of('/');
if (i != sstring::npos) {
alg.resize(i);
continue;
}
// also verify that whatever we say (or don't say), we get a blockmode
// -> iv len > 0
BOOST_CHECK_GT(k.iv_len(), 0);
auto errors = k.validate_exact_info_result();
if (i != sstring::npos) {
BOOST_REQUIRE_EQUAL(errors, std::string{});
} else {
// Again, if we cut out block mode (i.e. only cipher name left)
// we will still force a block mode. Thus this should warn.
BOOST_REQUIRE_NE(errors, std::string{});
}
break;
}
}
}
return make_ready_future<>();
}

82
test/resource/certs/cacert.pem Normal file
View File

@@ -0,0 +1,82 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1572441855 (0x5db98eff)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=HyTrust Inc., CN=HyTrust KeyControl Certificate Authority
Validity
Not Before: Jun 1 00:00:00 2011 GMT
Not After : Dec 31 23:59:59 2049 GMT
Subject: C=US, O=HyTrust Inc., CN=HyTrust KeyControl Certificate Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ce:97:5b:a1:30:b1:26:00:31:8a:aa:bd:a2:0c:
19:1b:24:83:05:20:7a:63:ac:6c:ab:0f:80:24:47:
2b:03:94:86:25:a4:10:51:fb:b6:e8:5e:33:db:e2:
91:98:f3:2a:b1:78:ef:83:a5:f2:e1:79:36:44:06:
3b:01:cd:1a:47:c1:74:89:2b:d3:3c:8d:f1:fb:c2:
90:88:fe:18:d9:81:7b:2a:e4:67:61:87:17:23:38:
29:5a:66:eb:d0:01:a6:da:c3:a5:7f:f5:d1:9e:f5:
04:dc:1c:4a:62:2e:e2:5b:5f:22:56:61:fe:ba:66:
c2:ad:a9:51:43:9c:28:e4:8f:fa:05:12:fa:0d:a5:
35:e3:2f:99:e8:a4:98:09:f9:e7:c8:e0:6c:a9:bd:
e9:59:b0:83:07:09:10:10:5b:aa:b5:72:3b:40:e6:
38:f4:e3:f8:9a:55:8e:5e:ae:5c:3e:c3:08:34:13:
9c:19:fc:65:07:ac:3f:98:ae:a0:d2:f8:1d:4c:bf:
cb:93:a7:e4:d6:37:84:0a:0c:3a:1f:86:f2:35:0c:
2e:66:b0:9b:43:8e:bc:e4:b9:b0:bf:33:67:c2:97:
df:47:6c:65:cc:55:38:70:a9:39:27:60:e1:74:14:
34:e9:a6:a0:b6:11:de:61:94:9a:6b:83:f1:84:8d:
27:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:AD:DE:45:50:5D:54:68:1F:B0:56:00:65:FB:D1:F2:97:57:EF:6E
X509v3 Authority Key Identifier:
keyid:66:AD:DE:45:50:5D:54:68:1F:B0:56:00:65:FB:D1:F2:97:57:EF:6E
DirName:/C=US/O=HyTrust Inc./CN=HyTrust KeyControl Certificate Authority
serial:5D:B9:8E:FF
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
ab:a9:19:07:07:f0:b9:74:e1:a8:49:db:bd:c1:21:fc:38:38:
79:dd:2f:3e:59:be:96:79:1d:18:d4:5e:1f:31:47:fb:bd:d4:
96:d7:be:87:7e:0d:e4:9e:7c:7a:36:c9:9a:5f:e5:63:38:33:
68:cf:b1:92:d0:b8:81:1a:6f:23:27:d8:71:50:41:63:ce:5f:
20:69:72:4c:cd:07:ab:35:58:fe:da:d5:26:1e:44:f4:97:e3:
ff:6c:80:db:31:17:13:52:6c:fb:68:34:71:11:af:b6:84:3b:
b1:5c:d3:67:25:e1:5a:31:a6:68:83:ec:c4:3e:e8:f6:08:60:
d0:2a:26:9e:fe:07:08:57:6e:9a:dd:6e:ba:a2:10:ab:2e:fd:
cd:52:a3:2f:e0:59:6d:33:39:05:ed:fd:ed:ac:b0:e7:98:5e:
f2:51:00:12:df:4c:8a:0c:e2:11:df:43:65:d0:f3:a1:85:59:
6d:d4:bb:a0:97:f7:c7:40:63:b3:24:cf:ec:5e:9e:42:1b:cc:
e2:36:43:d1:83:79:11:48:3b:3d:db:c3:2a:03:4f:cd:53:2d:
07:8d:0e:28:4a:a9:58:e0:27:c3:47:f6:ab:00:cd:fc:31:ed:
99:b9:57:2e:2d:5a:79:5f:48:14:39:8b:0e:da:1c:a0:d6:4e:
d4:81:83:49
-----BEGIN CERTIFICATE-----
MIID4jCCAsqgAwIBAgIEXbmO/zANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJV
UzEVMBMGA1UEChMMSHlUcnVzdCBJbmMuMTEwLwYDVQQDEyhIeVRydXN0IEtleUNv
bnRyb2wgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTExMDYwMTAwMDAwMFoXDTQ5
MTIzMTIzNTk1OVowVzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDEh5VHJ1c3QgSW5j
LjExMC8GA1UEAxMoSHlUcnVzdCBLZXlDb250cm9sIENlcnRpZmljYXRlIEF1dGhv
cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6XW6EwsSYAMYqq
vaIMGRskgwUgemOsbKsPgCRHKwOUhiWkEFH7tuheM9vikZjzKrF474Ol8uF5NkQG
OwHNGkfBdIkr0zyN8fvCkIj+GNmBeyrkZ2GHFyM4KVpm69ABptrDpX/10Z71BNwc
SmIu4ltfIlZh/rpmwq2pUUOcKOSP+gUS+g2lNeMvmeikmAn558jgbKm96VmwgwcJ
EBBbqrVyO0DmOPTj+JpVjl6uXD7DCDQTnBn8ZQesP5iuoNL4HUy/y5On5NY3hAoM
Oh+G8jUMLmawm0OOvOS5sL8zZ8KX30dsZcxVOHCpOSdg4XQUNOmmoLYR3mGUmmuD
8YSNJ58CAwEAAaOBtTCBsjAdBgNVHQ4EFgQUZq3eRVBdVGgfsFYAZfvR8pdX724w
gYIGA1UdIwR7MHmAFGat3kVQXVRoH7BWAGX70fKXV+9uoVukWTBXMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMSHlUcnVzdCBJbmMuMTEwLwYDVQQDEyhIeVRydXN0IEtl
eUNvbnRyb2wgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggRduY7/MAwGA1UdEwQFMAMB
Af8wDQYJKoZIhvcNAQELBQADggEBAKupGQcH8Ll04ahJ273BIfw4OHndLz5ZvpZ5
HRjUXh8xR/u91JbXvod+DeSefHo2yZpf5WM4M2jPsZLQuIEabyMn2HFQQWPOXyBp
ckzNB6s1WP7a1SYeRPSX4/9sgNsxFxNSbPtoNHERr7aEO7Fc02cl4VoxpmiD7MQ+
6PYIYNAqJp7+BwhXbprdbrqiEKsu/c1Soy/gWW0zOQXt/e2ssOeYXvJRABLfTIoM
4hHfQ2XQ86GFWW3Uu6CX98dAY7Mkz+xenkIbzOI2Q9GDeRFIOz3bwyoDT81TLQeN
DihKqVjgJ8NH9qsAzfwx7Zm5Vy4tWnlfSBQ5iw7aHKDWTtSBg0k=
-----END CERTIFICATE-----

57
test/resource/certs/scylla.pem Normal file
View File

@@ -0,0 +1,57 @@
Bag Attributes
localKeyID: 12 1A 34 A0 C8 58 91 A4 E3 B6 7F 16 F0 31 05 81 AA 27 82 05
subject=/C=US/O=HyTrust Inc./CN=scylla
issuer=/C=US/O=HyTrust Inc./CN=HyTrust KeyControl Certificate Authority
-----BEGIN CERTIFICATE-----
MIIDlTCCAn2gAwIBAgIFAPm5jwcwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMC
VVMxFTATBgNVBAoTDEh5VHJ1c3QgSW5jLjExMC8GA1UEAxMoSHlUcnVzdCBLZXlD
b250cm9sIENlcnRpZmljYXRlIEF1dGhvcml0eTAgFw0yMTAxMDQxMjMwMTlaGA8y
MDk5MDEwMTEyMzAxOVowNTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDEh5VHJ1c3Qg
SW5jLjEPMA0GA1UEAxMGc2N5bGxhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAosGginu/B4eQKyB26ar6rqg8FTMoCTf56iBwQnrOt17YN++IitlEhFyB
X0QdA0z97jLIBckTCbieTg+CdtWDeCnM8IAjoN55C0Z2zBKH6cuPTTnDu0WaZY/8
IafGwxcWllYpgQ3AiJFNK66QRIiiX+ejrS3+Co0PYWPzmSczWoxBgFhnXnTPE4ki
MLvZ+zY1iXt83NbQIw8yMUcL+RYK4RlACf3bPztOss98LmyntIkNkZL8GblLoZbc
AZc6udnDe1GuP+NlMO+1jPmyND/xz/kK2hkU4+yotBWVxM1lwpANnElsAHaRvthP
kGsjoVvZgEgg6MQX+iaDngjmiLtUlwIDAQABo4GHMIGEMAkGA1UdEwQCMAAwLAYJ
YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBTAgszBvUAggtuLWf2XucTzjLQeqDAfBgNVHSMEGDAWgBRmrd5FUF1UaB+w
VgBl+9Hyl1fvbjAJBgNVHREEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBJA9q7q5XL
H7O/EiJYagWaqrO+AGVrg3DtkP0NTaumM/zYoOq9klZNwvsGZ88+L0hBQ8fj8O/l
rTobdM7eT5p4JiwfN+MB8zXuZ+XjL+kIpqFqPJdVDtBLPGINHP7itrUo9Uk/9XcW
JqPAwufEMN5X7iwN80aUVj6/iUiQ1yqXKQmERdoIPqiyHOEBwobwIAQ1bQKtEiBT
ZE0hdDdI+ZCrtJYOES4kpR4WI3997doVhEusNGBETCWMm2HoJ8xsk7fgVgnpYlat
95tGZ/ZR1Zaa+fXSm9adxJDCviG77pTZBa7nbzPoyG3wm76cTGSeHso8rvGVHsTh
AraNJqMQkZT5
-----END CERTIFICATE-----
Bag Attributes
localKeyID: 12 1A 34 A0 C8 58 91 A4 E3 B6 7F 16 F0 31 05 81 AA 27 82 05
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCiwaCKe78Hh5Ar
IHbpqvquqDwVMygJN/nqIHBCes63Xtg374iK2USEXIFfRB0DTP3uMsgFyRMJuJ5O
D4J21YN4KczwgCOg3nkLRnbMEofpy49NOcO7RZplj/whp8bDFxaWVimBDcCIkU0r
rpBEiKJf56OtLf4KjQ9hY/OZJzNajEGAWGdedM8TiSIwu9n7NjWJe3zc1tAjDzIx
Rwv5FgrhGUAJ/ds/O06yz3wubKe0iQ2RkvwZuUuhltwBlzq52cN7Ua4/42Uw77WM
+bI0P/HP+QraGRTj7Ki0FZXEzWXCkA2cSWwAdpG+2E+QayOhW9mASCDoxBf6JoOe
COaIu1SXAgMBAAECggEAefvDdmd+6obJH/mqBkIWtpbyyTTZOeeRUM/VM45VpovY
ZDwMS3zB5K5sbFlhoVqwKzo2PlfRBAUx6PGo56XpbkNuDYcMrQJxGGlMmnD9GtZt
ZgT4VUC6kopS/2p/BzMjw7N6UfZbqj+05htkl2kMwfKb8y04bPICaA0Aw3XlAGRS
WIrfsXW32/hStXJvt8YSveIUP/WbdyEefwcKsu44LFvaq+j85KH75KLyZQre6n/A
7A67WIs1AcjiBHq/nupNF9rZUFm5YzL/kOC+g9Klq6bIIlSu+2ULIjL0WLy5be8R
OdIipE+ENa5HpC5J8z9WfGCf8yTB8/V+pt2dxZ9T6QKBgQDV2R1/9IgphiNCjPSE
M7JbY+K0XJ5Mfq64h1apLjycsq93dUX+1OI/e/qlxKS6SpqCgEajKch/x16ylZeQ
BNuG3zBuFPJH/17MfjdWFAW5ZJmbsnM05u+IU4aN0+r8laddvyNcdgLS4O6WvGrL
z5Nxio0YLkZnCFBsjdUb5Fs00wKBgQDC1mViZp4yT1b21r070sYQ1w4wgLYfVNIF
rc8AFevGh35kFRe2fFWl7T28Zqhetj7ES2LK7H93o8GdT28RuHrwst/nYL+lClmn
37iHPuHwlqDussCxg5A49HWq2qEoZ5DF379b8FJgcBYxYBsu7LSmQNEgFtCdvD7y
8C3uHieWrQKBgQCoOK0OFOxvzcc6+Or4fDpXzhFuVFVqU1Vab4xqdabUlXOWgzhW
qFx6GCsp77CtozY8ZnAqthm0+r6xuR+K+Wc/h57vWabloCuQrdEV85Y1Kr/zTMN3
4BqZoSr9srDtlUQdaNiGSYcbIDpPdVSFk3qnHJi1ZuGW92Fco4367P4aZQKBgFyZ
4V2/P/jRVJfEv/Oq3ZArZgcPZX/GpHsmfHeh84lL5HpUvAxzU5GlC+57LBK3s2VA
HxgrBvopzl+h3Twi3euAWIJzrSIXpTzwS5eb/26FaL+KHaNA0E8BgNtPRcEaV+hz
y1M7CSvkmeelscW/oqxRqhMCROxzB8gW9v1xP4eRAoGADhZOjOmsfbBD58ijzaOJ
i2bOjCPzkRsS0cxnVlILA7kWU9bPxOkHKmkZnaYIBJhAJsW9l1XA3mlS5gqf93EW
VivIJZb10wI/MeRuITxanWiHPDcbbyOjBgaj6gNBbyrS9rDordYdLRVOsmlwvvJT
a60BCRcu0IgS6uM0sKaojoc=
-----END PRIVATE KEY-----