fix the webhook unit test; the server cert needs to have a valid CN;

fix a fuzzer;
This commit is contained in:
Chao Xu 2017-09-12 17:11:30 -07:00
parent 186a0684d5
commit 856a1db57a
4 changed files with 196 additions and 190 deletions

View File

@ -53,6 +53,7 @@ func (f *fakeHookSource) Run(stopCh <-chan struct{}) {}
type fakeServiceResolver struct {
base url.URL
path string
}
func (f fakeServiceResolver) ResolveEndpoint(namespace, name string) (*url.URL, error) {
@ -60,7 +61,7 @@ func (f fakeServiceResolver) ResolveEndpoint(namespace, name string) (*url.URL,
return nil, fmt.Errorf("couldn't resolve service location")
}
u := f.base
u.Path = name
u.Path = f.path
return &u, nil
}
@ -89,7 +90,6 @@ func TestAdmit(t *testing.T) {
if err != nil {
t.Fatal(err)
}
wh.serviceResolver = fakeServiceResolver{*serverURL}
wh.clientCert = clientCert
wh.clientKey = clientKey
@ -123,16 +123,16 @@ func TestAdmit(t *testing.T) {
type test struct {
hookSource fakeHookSource
path string
expectAllow bool
errorContains string
}
ccfg := func(result string) registrationv1alpha1.AdmissionHookClientConfig {
return registrationv1alpha1.AdmissionHookClientConfig{
Service: registrationv1alpha1.ServiceReference{
Name: result,
},
CABundle: caCert,
}
ccfg := registrationv1alpha1.AdmissionHookClientConfig{
Service: registrationv1alpha1.ServiceReference{
Name: "webhook-test",
Namespace: "default",
},
CABundle: caCert,
}
matchEverythingRules := []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.OperationAll},
@ -148,66 +148,72 @@ func TestAdmit(t *testing.T) {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "nomatch",
ClientConfig: ccfg("disallow"),
ClientConfig: ccfg,
Rules: []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.Create},
}},
}},
},
path: "disallow",
expectAllow: true,
},
"match & allow": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "allow",
ClientConfig: ccfg("allow"),
ClientConfig: ccfg,
Rules: matchEverythingRules,
}},
},
path: "allow",
expectAllow: true,
},
"match & disallow": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "disallow",
ClientConfig: ccfg("disallow"),
ClientConfig: ccfg,
Rules: matchEverythingRules,
}},
},
path: "disallow",
errorContains: "without explanation",
},
"match & disallow ii": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "disallowReason",
ClientConfig: ccfg("disallowReason"),
ClientConfig: ccfg,
Rules: matchEverythingRules,
}},
},
path: "disallowReason",
errorContains: "you shall not pass",
},
"match & fail (but allow because fail open)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "internalErr A",
ClientConfig: ccfg("internalErr"),
ClientConfig: ccfg,
Rules: matchEverythingRules,
}, {
Name: "invalidReq B",
ClientConfig: ccfg("invalidReq"),
Name: "internalErr B",
ClientConfig: ccfg,
Rules: matchEverythingRules,
}, {
Name: "invalidResp C",
ClientConfig: ccfg("invalidResp"),
Name: "internalErr C",
ClientConfig: ccfg,
Rules: matchEverythingRules,
}},
},
path: "internalErr",
expectAllow: true,
},
}
for name, tt := range table {
wh.hookSource = &tt.hookSource
wh.serviceResolver = fakeServiceResolver{base: *serverURL, path: tt.path}
err = wh.Admit(admission.NewAttributesRecord(&object, &oldObject, kind, namespace, name, resource, subResource, operation, &userInfo))
if tt.expectAllow != (err == nil) {

View File

@ -20,199 +20,196 @@ limitations under the License.
package webhook
var caKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA5qdHpJR3sAg1afEWLlnxdbDV1LtAvCd9WWE/4g71+BBwvwLL
C/piPRi+m/7AYHJ9zoVwvwAUYBJM2ppQV2Gwsq4XA5dLvr8fXt4+YA/sLTAo0PAm
/QQmZziHU9v7OJ04ypjTTuA86D/EkkpEP7lRkN/NFpV3PhU0F5TTrkrzSpePBIR1
aPSzh/6Um6TtFk9oiqat05leWcMzonizrgeQU9EW6bSYY5w+gq1X2eZb1s9eR98H
0xcZfoh3qHmJ1Iq9Cc2Nr+MUohm2m45ozT+1L+g46ZMJxyPB6xLr7uOhkoJsK30q
67AZKPo58tDTmEKSXfBotIvFI5N9P3sAWxcTiQIDAQABAoIBAAaJHOWT82RAh0ru
MuOzVr0v+o8hky8Bq3KZ59Z++AdEZ/1xldFMEfaLOfNvn4HcHKZ6b3xqAynJuvXC
w54GPZyChFJsug+4mKn2gCv2p4mMQMvS0jf/IxtvpZ4BsLek9NQAypQElJU8IVTH
1/E6Tg5d2RDXwV43+Zbld64Ln6MwZGwv8UFPEHylDMjwkex5u3tzVBD5NaegI0MD
AHAf3fiCsANmAeGWjTvUXQsOes6wjaHw6kbih5QrXM6iThHfU/YHXYmgfdfSSIFC
4puLaehp3/U8HcI97xN238B0khnkOVHzUmRJpmf17SWFSkOAZyUMiFfTSFSOedvu
lFO7v0UCgYEA/FczxADDZXq4SSTvrU61XzolgI//OKblsqe4RW8JGtk8pwjZdYOQ
v4UAYEcv5rUWA3wWohcjgNWzI9EzdhOCYpC9YFqbHJalmwhGgOjRCvDy581pcXz7
xsfkm2loWm3g+PcrCIset2tGQw/5gqSkBW42E/U0ba25wCS6RlYWCFsCgYEA6f+Q
vENXPmBUBW8TsyjWj7MZKVzKuV2yyKT37Mf7RmrpSNpft0PLJDqGqRMfhe1J7Adm
Np1fv/18RngjGjV3fSnjbvQ51748gabwzGZKWKiWJPsRDqjEriiQcFInhaqVJs7F
D0TaWalBHWyjPHCQQx7rWqA8tr3Wpga0AhNUuOsCgYEAnbrQU7L6cEM+UBIzcswh
GO4apPrdWIcSSxMFXvlh4pNpkys36nmbj+tN6eB1c6s7oF//McBu48gwWrIYjbTy
KjQ4+7KHBF6yE28fytI8YK9t1jESuOqb4ovuPKqtnODT4Ct3jbaQM6xtVdv1ZZEO
KYrTaLQ72lbeJdmPSgnjacMCgYASip6kXE2ocqeVuqR7+MtvnYhr359sqsEE5xWC
HKKLhOMxU6Rr+CI7n6uV8B76VMAbxMZTo4q3wtU7HD/jzsLGFzCfVRjUQI241EqW
V7Cib9Fd4ssKN1NGXY58Z/YbwFWLOq0gtZr7qc6wDzCsFFtKBkQt7S6CaG5+v186
HuACuwKBgEd0JaREFj6AG6boytQAx+Npj+wGG7K22O8v9YslJjaS5t2i8XrvIr0F
5ltR8Ijegp9a2pCgjshaEzUqMHhxX3EGvUxVM4R430EaQ933WRPmiLlVLyhthYt0
9oPxMoN783J7UP/IkBc6AGi3a4uTn/h6Vi884wOLop4bmsK37uIt
MIIEowIBAAKCAQEArHdRY9333U04xKotqnwKwJ52ihSGwr5hf4XkoZ46+ZYiaPS1
sEeKkFPRZEZIK22cd/2glyy+AsEURi8yeFut7exu41Y6M5Cfgf64keY2EgRu9DlB
ZyQBTD67TfA64xRbztHmgJpBZHpd00R9o1I05OYso7ALFiqEtHDPvUj3PU17h7c3
xEfq1k7kQq8Tr0EbEQ+GWdE/X0IHW4J4pIjK010KHZSJz4W0wuVgsjDDvV4RGPIR
cXT/nH36gmM+rcxNgtHgNHCSQ7i6ioUMjvg3utp08Vtw0icK9V5MV2MAGjNh5zCi
Uvl+9rTsW5v7tR9Y5puWqBPEWaBpwJwjJlEaAQIDAQABAoIBAC7xMxgJnKOBl0gA
Qfm7VXnkJ8OhnqR3CTaajQZoeQjiEm+a27ElZ9Os3Lt8XbxkU0hdok5DgVxijVAl
HImh+o9d4TjDiYfrf170o+wiSulQh5q10tVt+WR1Vqn6Dy0rp2l9vE2Yrt/YZp1Q
cRn5ECiVdeT/z6Sy4ffzFLgimhj3AUyipDpBUdvqNnC6+OP2T5ZXDGC2LJGU6v4z
zLwjFV1pMRgxLJFoCD9Zy200OkbMYYAhYgaiXMyu5ZU3AjWynPdswANshccAtFt8
wqVICN20HEoOW1PEM+Z1wOUxpQYUOfL3ieJp9WKklHe7vbY3Iuaotg0Gmg74TNbR
8dcJsjkCgYEA4i1TcnUenv7Tdj9ectN6vXNeGrBUvBO4XFHKauBcGnhZQLuS9GRt
cUJ+Y3rRLpf7rKE18Zl0YDgJRycfsNjbI6U74pcXZ/XBySPLGcfVrEqaTZ9o5apV
UOwbKkP1vtEuGLipFVuvZdinVLAs5QFrO2HoqmXqcYQhjVqHtT0NmGcCgYEAwzT2
UI/r14yRH7oaRU/cPmDG0pCfMjaXlKmU/oaqyYypn750NiyZqSWdZf7rhBxOCbPE
tEtTGAPgGkEbb5GmpEDuJRtuj25kT0kIGqU6KjnYR0OO3iIr6mQN12Cv16JiFN5B
VNpNSXkR8Hi2kQimz1W/KzUXoInbzaEji9WF2VcCgYEA0FWt6t0k8pGJmP8v8ZcJ
FR8CjJTlyERl6mvQhvfY/uziUbU13PXwtYXpQ5rquf927IGmXb/bKZIUQb0w/MYT
vNbDvaks/y6pbKwStdGT6VrinSN8DSkD40FImHr3DuhBjLXz0V+dxbN2FpUdFWhk
LNO369VqyVtLSJgeLvxo3HsCgYA12kaZsxq9PGpM9mqI9J8uFkTDkmJY1/a5bI9O
KJi1QbkJ+ODWkTdTEq15lfojWCuvQYjitGUYGvmYRJ3tCaGPbtpEIm095JaHyP4T
W8HQJGUmQ90GKycyYqfu4x2fv4yPdUFQx2jK/DuWu7aiDGD4kg9LPDpob5/T+sBz
s1RZwQKBgDhwksMQXoEbQLdpllqOL45hmXu06/eOnG4tCY3OXlTf8UQXn31aPXdr
75W8VyyyB7vlNj414jI8N5xriGuRt36ihC3vmz+RotcHhCjH4sXnylP7hwg1ZuGh
QE9Df6To9LjpRfZZZ9KdAnyx7P/OZPgXPcK7vd9U3+JQ4E8YW4qG
-----END RSA PRIVATE KEY-----`)
var caCert = []byte(`-----BEGIN CERTIFICATE-----
MIIDhDCCAmygAwIBAgIJAIf67NAEFfGmMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
BAMUKWdlbmVyaWNfd2ViaG9va19hZG1pc3Npb25fcGx1Z2luX3Rlc3RzX2NhMCAX
DTE3MDUwNDIyMzMyOFoYDzIyOTEwMjE3MjIzMzI4WjA0MTIwMAYDVQQDFClnZW5l
MIIDPTCCAiWgAwIBAgIJAKa7yqtdLQh0MA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
BAMMKWdlbmVyaWNfd2ViaG9va19hZG1pc3Npb25fcGx1Z2luX3Rlc3RzX2NhMCAX
DTE3MDkxMzAwMTAwNFoYDzIyOTEwNjI5MDAxMDA0WjA0MTIwMAYDVQQDDClnZW5l
cmljX3dlYmhvb2tfYWRtaXNzaW9uX3BsdWdpbl90ZXN0c19jYTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAOanR6SUd7AINWnxFi5Z8XWw1dS7QLwnfVlh
P+IO9fgQcL8Cywv6Yj0Yvpv+wGByfc6FcL8AFGASTNqaUFdhsLKuFwOXS76/H17e
PmAP7C0wKNDwJv0EJmc4h1Pb+zidOMqY007gPOg/xJJKRD+5UZDfzRaVdz4VNBeU
065K80qXjwSEdWj0s4f+lJuk7RZPaIqmrdOZXlnDM6J4s64HkFPRFum0mGOcPoKt
V9nmW9bPXkffB9MXGX6Id6h5idSKvQnNja/jFKIZtpuOaM0/tS/oOOmTCccjwesS
6+7joZKCbCt9KuuwGSj6OfLQ05hCkl3waLSLxSOTfT97AFsXE4kCAwEAAaOBljCB
kzAdBgNVHQ4EFgQU55hOE1Dsydy16+6wgOxwsPKZ8JEwZAYDVR0jBF0wW4AU55hO
E1Dsydy16+6wgOxwsPKZ8JGhOKQ2MDQxMjAwBgNVBAMUKWdlbmVyaWNfd2ViaG9v
a19hZG1pc3Npb25fcGx1Z2luX3Rlc3RzX2NhggkAh/rs0AQV8aYwDAYDVR0TBAUw
AwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAtEa7AMnFdc/GmVrtY0aOmA3h1WJ/rhhd
SnVOp7LmA+1jnA6FMMvVCOFflYLfBwLhIPjPj4arQadWHyd5Quok6GIqgzL4RkK7
67hPMc8inNH8w+9K0kgsCls06Jy08NIt7QTtIckh8skvxQsfJ6An/ROiCNI5QiYj
oQOK3Tp8jGf/2wcsJLeO9y09ZPcOUbLkDe2YlnT+OqNMx9VXrPSvRwq2qtYphgYW
YWHPMEBnB/9XrVkEtnKeWPjtjarVd+rNnfVpCW0ImnZRFtKQQeI4rtf4Gr83Gdju
Z0gPepfIFptDMl5wKWyw4o2XVSZ69Ur8tQQynoNyX/FTIx6tQ//hzg==
hvcNAQEBBQADggEPADCCAQoCggEBAKx3UWPd991NOMSqLap8CsCedooUhsK+YX+F
5KGeOvmWImj0tbBHipBT0WRGSCttnHf9oJcsvgLBFEYvMnhbre3sbuNWOjOQn4H+
uJHmNhIEbvQ5QWckAUw+u03wOuMUW87R5oCaQWR6XdNEfaNSNOTmLKOwCxYqhLRw
z71I9z1Ne4e3N8RH6tZO5EKvE69BGxEPhlnRP19CB1uCeKSIytNdCh2Uic+FtMLl
YLIww71eERjyEXF0/5x9+oJjPq3MTYLR4DRwkkO4uoqFDI74N7radPFbcNInCvVe
TFdjABozYecwolL5fva07Fub+7UfWOablqgTxFmgacCcIyZRGgECAwEAAaNQME4w
HQYDVR0OBBYEFPa03YxFI220gcsALquzjQkfHztBMB8GA1UdIwQYMBaAFPa03YxF
I220gcsALquzjQkfHztBMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
AJkgjVhVNAoVdNA55qPPYxouOpOUNyy6GV8ZKCSepz4O5uSRl1FHxTIoodnYzBvO
RkYBJCMupB4Ee+wuMlZGPd3Tfnl6SaP1V4vGYD1iS4otMM6J2tTJBxoLqQwNaDkc
S2E2zfbQ0OxaRNbMBn9AZvZE4lN2TMVuWuTGl1amMLF7Fsxs2ndt+OCpf8d2sWpW
Enh475ch0PJfqZU0papeSV0XRdn60lTGwIbRldUowTBLYcbKo4tTMsCE3oOK7yul
0QhQ9eJktvMbZNMYwGWz+p4pjs/eqBnlBP0KuXguKFHFXILxPlyRMhsvHKURUnC8
ugGtqN9AEw6SF2Hf1rzmNno=
-----END CERTIFICATE-----`)
var badCAKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA2Mbqfl5nW+rYCSw/+G00ymtBElvTwzEI88sg3m5PXU0XMv5y
Tyjt+S3mhbzLY460ty6fXlEiveNNP0bzbo0k+tvUj7HbOG4q4Cs0JWiLvibchRXQ
LimqtndsVsT2xj56m7oTETWMYhjd8KFz1s6w7yK9dChe2pBCeeGjIbQs0def8Bf0
5h7BbsmuXQb44nnpUdWgFI/Frqcz6jO6jySYV5U3ajqCjcWOBQmXRtMi1we48Hdj
2t4jW/evbRIo/tX88kluXFSVBmTitKA3nn23AzA+/qa6kTDwzQ8OntjC09JT7ykS
764WLRiBOo+wC3a6M3eZNMkW615+DNP7wAjYEwIDAQABAoIBAC9lZnXUvDKLqUpw
I1h0wBsV0jdqXmWJ/hQXsIsRgUa8CTt8CJAoOcfGcmWBPtL4q6h1iCC+CqOL5CLW
p3jfYVt73wC/+VdgNv2mVJNtRUiBBKwQdeDx+UJF4CkkjXQQywvrZinYFGaKW1Q2
aLZpoKPYa6XPAdY1vmMZo2pGE5qZbGbIXKcl3kl5N2X0qyJKvTR6RA1Q8JiTmATh
H1U3S9K/MIGU+9OwP8zCDVKFdDI+xgJvDo05W8bt6XLfmE4bLRYHRfe0iE0uBNSC
zx5OGBNqkiHq/vMk5mLCYM0w/uzUkhB5uXqe5gSqa7DioLrHztqAe+sbtBvfL+Yd
hP3asWECgYEA9NQXa2B6AVXVf2GII67H8diPFrILKLEw4CUZjFmVbvrKIRB2ypqA
IsohpYl97s0nstetZt/75uEvkv3RPu5ad5LJaVAPHE3ESXKdAz6u4fSmi33qqPi6
PvhHLYDDXvMgC7j2yCYyANVKNg2T+EJvpWMISlXM4h7CVm21CSDVZjECgYEA4qsl
zDA3sHoClfC4nAOVrRghYlHU2bT6HPLxjLtBkcUTfj6nO6nOLGC7EFVkqYw5mUWq
uSNntk1D1+MYVnZBeKqw6y21FFsclmzzXTtAJg0vuAg1jxnMHqiDbNqpUUO8ZWLG
iz2tdAWiBAKwZv0Psv44Dy++4v/BMd8FBb/iHYMCgYEAttKmRmW91b9t9Xg0fEjp
QBzyBQWhNZrTn520rUy8PSqDxBsSSgsDgncklwPMCYYjjfZmo3rBFdC0gPSOy4qb
/cycIMtK7VzZJeuzehfV6h+SOnolwFY0Zg9qv3z257FwDbDqf92d22dqymBrTaj2
zC7eovvdSkGj53x3AsEE+hECgYAd7JJU3pi7h6AHw3vbvO1pqKHfpQYAp8/NOpWB
CsehQu9L32GcktJRMYQAqAVeDNEd1wCu6Gmsu46VVbnE0F/cWkx4/9PEGDMx+Lg4
OrZBT8RY+1x2w+UatwyCtmtb+yFIET4866uWgZfeB6zaK9aCvuUPvDHrLfCHcPXs
yGRFmQKBgQDYvcjkUqKvnZwwpV6p6BHi6PuHWyjL+GLTk/IzsxOJykHzX4SV46Sd
9IxyE+OWZhkISBMSMe8wQC/S+QYs8hDbEE3WH1DXp33joyNgt2aWI0Splu7S1f6P
Pe08fYlLgz1xrbJuJAOgvkbskAUcmfmRwFeGaZSkkCtkzVxgN7LS3Q==
MIIEpQIBAAKCAQEA5T0xQ7mapkcE+h3owavy8NDxc2eKRe9q/5/yFp27F8QpnY13
SQS0GXvDiFW1eXdXTg39loy5fG3SZLd/f0eniF2FWKsRvIJbRGyyVBzySbNvbEit
ekVeKQJTTH3Xlnb2JdRrr4vxWQC7crVPksS+AsB+MzdB39XIYxvK6hqwF7On8gro
tzJ+k9e9+/rk0u8FsOBvnE8Z9MX5qX+00UnHSVZuzQt//rTG4Dqsm1yswwTlUfe9
XpjSh7D6fpjp5YNH9p3vLZMjoY/7ZqO0svHlcWjyv/zoN35p0gMwOGrByATYi2lo
wYBckI8oC+CzyRO8ThKUDW19fa9jKYcqsIDhwQIDAQABAoIBADFvadFWFFCpXhxm
GMyzPRfLp1YgzQPZ5rQrlPRlnXQ5nFParw+zEPex5e/fs9v27X/qqnYt8M4xjL6l
h7w2Ap34tQnzEkcZwX7XBfn3qBRWur+aSLbmgLDNTJNhS/2pt9lenr5jqm9sJgBN
s1ROUz+arVx0HSOdIbKlyrODf9gMQL6hg/ZYNym2KaaYjnNfyrGtb3GQgYDn5FNQ
TSeseXOm82Ev34pSbtQ/oFtU5W4DW72VFA68ciaLM2XslVl/zcncyDk+0LpvSq+W
PYSQbwU/xZukMXXxbBoQUaorNK1fDOdYXBzSzs+Yzo+71D3azFaqPv6CMlHCYeA8
EUkDRAECgYEA8rmOnzjoHStjkOr7Yb5zqX4UyC0VvB6S9EJxy2a133K0eXJ82KPR
L7fkkvZk04PwDUpClTqcTw3gblhIaBYsFqTnCn6+8hS1Lqa6OqUYo5/UD1O4mXVh
ebLvss5CNqA2+ii80XkRZSW4w/27CG+u/iBAiS5JeYi0zm89G5PYbCECgYEA8cbR
VoUB6rFNC0VOd/D+LPMWaCU7FguAJQ+8Opoh/JgmxFqWwWYeteuX0tbGrKb8LXSA
XLEL1vrZjQ2W9tKP4hP9rgiZbvNujPABS1ey5mMFDPMy6q2OYgLY85jpeYU9PpRt
dOZiw7a0TFENRU19/WMeSfdDvEzafX6tqA/gwaECgYEA0337V6EuHrx/tPYKs9BO
15CUaxddqNy7DzoWDTUho+E+f9PSFLIow3toHuWyVNrRf8ME4SKAsCFXPM6PyKIJ
KHHnHq3xkt2YQV3lRtQz895/2BsK7ivpEzFmylYOO6q+PJria2MiVQ/ZPm0HWwJ1
Z9iSYvWB7/O+F2G1zSG1ogECgYEAtoV0VY+VsdplokORCGULTV26JactoufNtqzZ
WZgwXiNy6LrGonv4ZTfU5tszIvXw3FPd75vMp1+6Soze0biF3JNg6DgftK3bYFRz
dbBgIyLPlkYmwxmAqqchp0xhvVaDtLGSrDScjMlp9U8e6JmmqlpgbFBZd1bBfwna
CUzrTOECgYEAx98UtYAFWVwoCZwtqSfzTKHerFN/qMFY34cXhdns2ZWn6kEb6alk
dXqNDkXV/7EBGWAcvKn/zbrwlhVDwPHUETgjCUpxqST0ly6E/JnwiNbrSOWG4Yg0
RoKj46nUcolMbgRub+yeQqcQ48Y2/1OvnRUQ9aQ5MqVSyTyylgMKlB8=
-----END RSA PRIVATE KEY-----`)
var badCACert = []byte(`-----BEGIN CERTIFICATE-----
MIIDhDCCAmygAwIBAgIJAIabsJi6ILN7MA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
BAMUKWdlbmVyaWNfd2ViaG9va19hZG1pc3Npb25fcGx1Z2luX3Rlc3RzX2NhMCAX
DTE3MDUwNDIyMzMyOFoYDzIyOTEwMjE3MjIzMzI4WjA0MTIwMAYDVQQDFClnZW5l
MIIDPTCCAiWgAwIBAgIJAOQ6iHm4OCSMMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
BAMMKWdlbmVyaWNfd2ViaG9va19hZG1pc3Npb25fcGx1Z2luX3Rlc3RzX2NhMCAX
DTE3MDkxMzAwMTAwNFoYDzIyOTEwNjI5MDAxMDA0WjA0MTIwMAYDVQQDDClnZW5l
cmljX3dlYmhvb2tfYWRtaXNzaW9uX3BsdWdpbl90ZXN0c19jYTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANjG6n5eZ1vq2AksP/htNMprQRJb08MxCPPL
IN5uT11NFzL+ck8o7fkt5oW8y2OOtLcun15RIr3jTT9G826NJPrb1I+x2zhuKuAr
NCVoi74m3IUV0C4pqrZ3bFbE9sY+epu6ExE1jGIY3fChc9bOsO8ivXQoXtqQQnnh
oyG0LNHXn/AX9OYewW7Jrl0G+OJ56VHVoBSPxa6nM+ozuo8kmFeVN2o6go3FjgUJ
l0bTItcHuPB3Y9reI1v3r20SKP7V/PJJblxUlQZk4rSgN559twMwPv6mupEw8M0P
Dp7YwtPSU+8pEu+uFi0YgTqPsAt2ujN3mTTJFutefgzT+8AI2BMCAwEAAaOBljCB
kzAdBgNVHQ4EFgQU9SUu1vDxGeyGEgy7pzZjLm+WSH0wZAYDVR0jBF0wW4AU9SUu
1vDxGeyGEgy7pzZjLm+WSH2hOKQ2MDQxMjAwBgNVBAMUKWdlbmVyaWNfd2ViaG9v
a19hZG1pc3Npb25fcGx1Z2luX3Rlc3RzX2NhggkAhpuwmLogs3swDAYDVR0TBAUw
AwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAViib1ZcwLUi5YE279NRypsGLa8pfT/A8
10u41L4xw+32mD2HojMmAlAF4jnC62exaXFsAYEsze4TF+0zqwDkHyGqViw/hKAv
SrGgPUX3C7wLyiMa3pjZfcQQy+80SKiJLeClxxjkdhO0mGNo1LdJThYU5IADHVtF
u2oOKLTjWBVzkMRkTXp5RReeEoUPvFgJhPKIVLggdXdJT8oQjgIVlx6IuzjU0AeM
tJ5AIWYrsqv9FlpfUXWjdiy8uF3iLWTOpd6pICnjzfj02wQouTEkxQ2iFinl7Das
iK+7d34q6Ww1/1nu4EBBDYB1VlWdhDLJVT4F+mF8wZFBu863Ba+U5Q==
hvcNAQEBBQADggEPADCCAQoCggEBAOU9MUO5mqZHBPod6MGr8vDQ8XNnikXvav+f
8haduxfEKZ2Nd0kEtBl7w4hVtXl3V04N/ZaMuXxt0mS3f39Hp4hdhVirEbyCW0Rs
slQc8kmzb2xIrXpFXikCU0x915Z29iXUa6+L8VkAu3K1T5LEvgLAfjM3Qd/VyGMb
yuoasBezp/IK6LcyfpPXvfv65NLvBbDgb5xPGfTF+al/tNFJx0lWbs0Lf/60xuA6
rJtcrMME5VH3vV6Y0oew+n6Y6eWDR/ad7y2TI6GP+2ajtLLx5XFo8r/86Dd+adID
MDhqwcgE2ItpaMGAXJCPKAvgs8kTvE4SlA1tfX2vYymHKrCA4cECAwEAAaNQME4w
HQYDVR0OBBYEFEe2nQ5ONNJFv/+6pWnzvfqRNTR9MB8GA1UdIwQYMBaAFEe2nQ5O
NNJFv/+6pWnzvfqRNTR9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
AEORwyo3MJZVuYbqft728t9MWw0wFORzxPnFVLXMIrX223flNEmqvkA8UBSulxmq
yDYOOkOWByd2eemCZtc/MlmiSeYNFSi/PS+METkAef2cZfSQNdIUwwl5BZ4vW973
J+fDNm0LQh3ZPDngylQ3XprQkF7l+UefRVfbDDTALVDzmJCV/FCm05ijg+HssgwX
+rYI9ZdJbp2z9xftN0RRIwrBQ3S9vA1mq6OoZFco+9Oq5Li5DHv0BpQgOS64dY1z
dtOy4RvQNF8NsITkOlp7f39716448dvq8TJlCdE27ptL44hU82cZib3cwQx8cynu
45owbCivEhgee3RUY7gVuc8=
-----END CERTIFICATE-----`)
var serverKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAquioChbTG+iyTg3+SwGww/7yN84jtj55v8Xld8TgkyavSZm7
Q6WURevvXtJHMug/NAz6qoCFy/zOiozUrMB36GFOA8MtwaOddCMdHMruX7q2+CiF
amhFg58uPfVr9qit20JiyBhaPH97WmQzwsfRQt4E1mCbEHZYK6r1RlF3i00nDCxc
741wuYp4Uc5oYM0dYoVCv11DYdf62v1grLFO02a5qjAULS74KKNaJ4YDOmqnTtWt
I75ZkEJSC2TT90o8eFIRuImY17venqIbp30A+XtvMhITg55648Zdci+CGHDcqJA1
C+y0rxXZkcuFFFrK0tiN7K/cPK1LDtS08gp61QIDAQABAoIBAFhGVxTu+Rc/N2lt
fNzNALobIoyEYpms50GQO5eDDuOyZXNEfh7QlScQV9DIF5JJtutxkL8kJvdXmm6h
ku+vcb+LErqKw0Vy9s6XnF/UyQ6U6BCBDXgKZ202eLHz41HBihrnzRHA0krRJato
efuvLXy2JBV+TFlSZvQXFxy801wVIxlI7Jh94YR7CT3HYmD5qjAtiTVkSS+wmx++
cfh0rrMulkXDEUlRPm/fXqt0do+neH9eNYee4h0mbZ84f3ecz/ql3HfkfoK9ZBq+
M85VWnEvRetRF0AQlYK3IUPQH2XHIEZkUab8s+EZoIsgVBY9xvl6VTEQWFtbzRWC
7ozg2PkCgYEA3X8Pv6a5wzWBwX17RkTXcPqS44uzJ/K0adv1QSrVvXrZJQ0FEGqr
gR74aQXiaVl06X/N50y/soQIHWpvqGjoEbkA+jS5y4GkGxAviFFAuRnW9DyRePxH
nQiYFzgxBj55iDsdvdqJ2e0vM1EWNcaVmghNI25D+cBc4Qh1Zz4qFSsCgYEAxYg9
vYGepcTMJ0/dk4SVMaITi/8nAnZHnptILpSjgPNp8udsovQPkymwo+EDnjQqVPO4
OIIICEopk6Zup0Rq2iW3zRGbRJtp+uJ7mfFS+nT6sAe0tPWbGejwrudDDcx0fkx4
C+1//rJ95H0c9L4nd51azCJD0k2yKtIFyj91r/8CgYBwMkWa8exU+oyQo2xHSuXK
n9K6GnCUwrcqjDWuXfFI+qp1vyOajj3zuOlh4Y4viRXUlV2KVXEhDwpBREHtD77G
A22AUCbw8+lZoBhDt8zONk2RCAE0RK5N2CWaVWdX31uWa0OEgOelESUAnIlgkggD
r0LLuLYME6m4f51gv7d3YwKBgCFp8He0C3AjIB2uRt8DWHFy5zeRS7oA5BCSV915
S0cu5ccvGpNeEZxlOvodwAzs6hRAvfLhHBa65NmTF7i3vBN2uea4iblLSNwln57k
0ZKIYzePtiO+QCRb4QrVF+SnpzUOHmh2HmapLt6Nw24rFGYJeih5y1sxxWe060HR
BkllAoGBAMkT1a3BhhEwoyyKiwC05+gzlKfAWz7t6J//6/yx+82lXDk4/J455qcw
ny2y6P6r964EUoqMrAU0bdTs3sKDtOLdNMIt5RfoDBsdQDt2ktbv0pvii3E8SQFi
JuJWSenrfFaI+AgwE9jDo1Hy6dhF6/hnV3+QoznwEPRAO6wmPyVA
MIIEpAIBAAKCAQEAxjTbuWppAQB140aAxVVo0jdcGw5id4IAa8ji3T/X1+mDIkU8
dA8kfpwgaeurh3Nai0R6LT9ZZ5aJD8a2udhVivY0Q11snw/4G40avL2yPr1VJSKk
lv5/b1knSh53Cvj+7ma6yjn5yBxw8V7v++37yVe6LHP3B0QBvR07n9k507gKHkw/
R924I6JUdBtlqoIPwRJlWRVyJ5RawfDZ+KX2d9rY0WAxW60Xge8gWPMv8XKViyw+
p5+5ct6aHiu6/vtRP5N70lL8HXQjr+x0qaFd6m3/SajjX8AKvdIQzDocTzmjdlRL
Rj8kvLYf8fPazSybqWv0JeXkVxCZPv25SN26BwIDAQABAoIBAGYsqXgTmr2hdyQK
HCedt8NmNlzcNXZV1dG6ZPiZCLOM9MSd3GQXykBaS3tOucXBeVOBoVnh5jy4JT+0
uE1lb/OKp7ZyWqREnynUu4vAXjppb5MNILuVxiuoUdCrk8JcSU6sNm45JMI7px1G
S4AbVkicqKRxw05DiIHsp+fnGyBAPRK5+NxHzvERGH9Fxu6jKngSEfz345hZet07
C93tREsRYAPymjMO3Z/vLzO8MjwvLrL+ko6RR1/+VQjWG/tSgnSEhOpGibgWl4ni
4MvgipRzxkPfRE0qhAjbiQc/epRKDWWTkVfCDruKPSu5SIqD5NmT+MJTws25ZO4c
C3yh08ECgYEA//nPrMwOFft47maJR+y5TS+ym7pemMAztnB+9sLQB1iAF4RP29sK
s6WsQmxAiqb0X8lP6N0uRXBD/Cc30hXFfkfx4iWZl5/GYSswEVNXVx7GlFjh1DdB
dbAK/04+/pJGHWaWJFyoWy8+HRDezJ33dF/y6BVX85eA1b8jdvrBB/UCgYEAxjmm
fo2B1UDVfPb48SbiVV2w8VVo8p6/AOUxUYg10ZkJj5zSB76FC2yfYVPZGCnt2dcZ
N3EPQ4ETVbYgL9N1fgukzWSez38SFuYDajJUxJ7tt4G9W881pZPfi3B1by7xcyaW
4M9gDvsvM2QYPGiz6mH1DwxG2rtY0ktolWkbyIsCgYEAo8xmYSueY+CsbNl+RWEs
3kCEaXRj7hknvjnUdPEKj3jJVsMbGxPakESWq1Z8In1daSH4GYnXfyWsy2EJLk0y
OHGvTchDtavPFQS+2IddH2mZJvqNX/AP2lBRaTfXxa0yYsPvlcsZDGh5tb3C5Gq9
G2H+nRZzVnP/REfwWMVy2jUCgYEApgsKlT2RwQGTEx+J/e71bk6R9kX2KC2jj2ts
+X/gnRbVdHAHWydTKPOvOgbTdjNBItXUMKXLBF+tw4FQyt8VrySvwsEDaoplq7q2
p5FLgnwiYjISXUJgDLembJYiOKUY6b0sa1oqe8IakrDIwGlwM+gkL5u4CmceiuFR
1L374OsCgYAA5KmaCPoDefbvjpQ0EEZ+EFUyT9zVPHvqJa0aYo9KeWGfD/c9gYcQ
WYWmap9Ed7RfMSxSE3oS2JCFIW19Y0HlBiyu+mi3oJ1ErJRmzgNQHmMkzDr1plQ6
Zs423AVUJak0hiqLhF2o/I+pbbtGXB1TBaR6d6cGNP3wTCHtCjNc6w==
-----END RSA PRIVATE KEY-----`)
var serverCert = []byte(`-----BEGIN CERTIFICATE-----
MIIDOzCCAiOgAwIBAgIJAN0PSMLOjTVAMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
BAMUKWdlbmVyaWNfd2ViaG9va19hZG1pc3Npb25fcGx1Z2luX3Rlc3RzX2NhMCAX
DTE3MDUwNDIyMzMyOFoYDzIyOTEwMjE3MjIzMzI4WjA4MTYwNAYDVQQDDC1nZW5l
cmljX3dlYmhvb2tfYWRtaXNzaW9uX3BsdWdpbl90ZXN0c19zZXJ2ZXIwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq6KgKFtMb6LJODf5LAbDD/vI3ziO2
Pnm/xeV3xOCTJq9JmbtDpZRF6+9e0kcy6D80DPqqgIXL/M6KjNSswHfoYU4Dwy3B
o510Ix0cyu5furb4KIVqaEWDny499Wv2qK3bQmLIGFo8f3taZDPCx9FC3gTWYJsQ
dlgrqvVGUXeLTScMLFzvjXC5inhRzmhgzR1ihUK/XUNh1/ra/WCssU7TZrmqMBQt
Lvgoo1onhgM6aqdO1a0jvlmQQlILZNP3Sjx4UhG4iZjXu96eohunfQD5e28yEhOD
nnrjxl1yL4IYcNyokDUL7LSvFdmRy4UUWsrS2I3sr9w8rUsO1LTyCnrVAgMBAAGj
SjBIMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
BggrBgEFBQcDATAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBBQUAA4IBAQCA
/IFclqY/dsadGY0e9U3xq0XliIjZIHaI6OLXmO8xBdLDVf2+d6Bt3dl9gQMtGQI3
zj9vqJrM+znXR30yAERFefZItk8hTzAotk15HYExVJkIn5JQBaXRbeO2DUZFgAnu
6OU6KnuVC6i+7xDlbMl8wtRPmeZ6FS1wW4wnxLWZtKYAuLVDs0ISy6qbznGhCkWc
b0uPbxnMmZHQLVL+yF1LYWpX9+Xa9QnWXOSY7KHtcuYXZB/XV4Pt6aDncg76bFdl
MG3bocbJ9MsoS/LdlAiYzLNmKlFa243QPOo/zN170NhEZaF1lM80YBaLIE4rRtga
nrkNOnPHx1evvuleH0Yv
MIIDJjCCAg6gAwIBAgIJAPJEHs7Aav1jMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
BAMMKWdlbmVyaWNfd2ViaG9va19hZG1pc3Npb25fcGx1Z2luX3Rlc3RzX2NhMCAX
DTE3MDkxMzAwMTAwNFoYDzIyOTEwNjI5MDAxMDA0WjAjMSEwHwYDVQQDExh3ZWJo
b29rLXRlc3QuZGVmYXVsdC5zdmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDGNNu5amkBAHXjRoDFVWjSN1wbDmJ3ggBryOLdP9fX6YMiRTx0DyR+nCBp
66uHc1qLRHotP1lnlokPxra52FWK9jRDXWyfD/gbjRq8vbI+vVUlIqSW/n9vWSdK
HncK+P7uZrrKOfnIHHDxXu/77fvJV7osc/cHRAG9HTuf2TnTuAoeTD9H3bgjolR0
G2Wqgg/BEmVZFXInlFrB8Nn4pfZ32tjRYDFbrReB7yBY8y/xcpWLLD6nn7ly3poe
K7r++1E/k3vSUvwddCOv7HSpoV3qbf9JqONfwAq90hDMOhxPOaN2VEtGPyS8th/x
89rNLJupa/Ql5eRXEJk+/blI3boHAgMBAAGjSjBIMAkGA1UdEwQCMAAwCwYDVR0P
BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHREECDAG
hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQAp99rbIZlUhvNmxhiQCMcltLqtIpGs
ZorxbInV4QCdV+Kybot+L7kUDxu/OqERNLqr1qRsjqJRHUhiZZVv8gjZgwz4bO1/
ycjUyAoS92OMKEWlvXe1nMnHH3Jw+lXnwiaOumoExhB1gpMjGqsU3mBQrHXGenNS
JyJtRsBFnkgk1hGycJPgNc/juaHuGBexLDdPqOy3Zmv1AtzFhvPzOTEFpaIGa5dz
vewjDBFBCpFFTqpISD93JX6AbkucPVKnfF97DkBLyj3mr+X9Cy0pLGjwN8Gcp1Ez
5MvTqbOmqLypcRJu285K0Yxmv7a38GND7xeoijfnPFjVjYGlacCnI7ps
-----END CERTIFICATE-----`)
var clientKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA1Cf8Tch5IieN9zAI0b5FFJoMzPsN3RAYD5GAk3Xo9XNbKnvJ
38o2TKdxFu1/Q8hqG3668vWuL6TYDYVcYWtC6rwNpU/moAdJZyyEtmZIam1Va1VW
HDCpylsk4b8jbUxxm6OzF1XxZpBUJg9o/1OvL1XA0rmcDiddXN5VdL2adJZsS54t
gI57hcH0jkQocHTEv5gIl2tcTDStd4GeWxBmCotYdCQWcNk+96QMRxIai88aPPYw
QxpOQeaABrYrjPO1fJA0jimM9bhkjGXK6cnrRQrg3jkeF3vuPw9BFbE4VeENLY+y
v2OWBPYOD8ov0Tn2inge4QjE2DZyK95l46wQbwIDAQABAoIBAGZiAY1cALEt24H9
yVPG+bluelz1jwQuvx3MPvtqvIivKcC/ynVYNYoaiCXjaTZB4orwRrH3RB8z8xvb
TvCofbugEwnDHG3/9jl3L3iCtdG+f6lznkGublH8WDklL6iQaocMoeHSFNRFNIbF
iwskzHcQcCSBdEEUWCb4GM9krMQz7pBR9BloyV40ZAGilMXI9F9FZ0YBWWee09gi
jid6sEzYQveZ5RQgEEDrE/i+jzXkU8sBKsSm1GuKH62+YrtelBqP83DwVIKthMOJ
79tw6i98v5JHV+1ikqC1Na/c7OxBBF3xrgwCN47ok0cHaIXh7SX+EIN6jcwKTmRH
VZQBz2ECgYEA6tTpJEKNAzEY3KOO578zY2hWhPUNqzUTm8yLxZedhDt2rwyWjd4J
HhS7CiNqFpMT/kxFyOupA8SFJPZDhJBXttnyzO9Sb61fLWgSP739K9OQfK1FGTA6
khjc3vHtBeGrWm9+1jSxQtrwly7Rs+EmdvseDCN7yie/mgrBLS7p1l8CgYEA50fN
6BnbeAgCTK8GDBWSJPaYUlo/lebUDCn5QIp1LK93vPQWjJR8xRBwL1TbiVKGd054
dRZVuJYMJx+2mbrt5ca9UArisZp5OZgR4xz29n9u69P5XiuG8Fq/JBJXp1GXONVx
JNOsUHOW/b3w2tNUWZcMQAH601BHOtO+EtaEX/ECgYBHygz4A8xeFG1YTjwKxt3r
3uLMRKoIE/LJp093eXEzEoam3v9LoXxCEO5ZHBh7jD0JecG/uaNyvmpBsXNUnFfk
U16xndwiveqh0/X4PJmgA05hfwrnt2HAdg9XrLfcG3Ap9nnc/EDQgmQYo7yB9Cux
JfW6mkJmu54Mdos1x+i+mwKBgHmewcGe71E0bPkkRLrQERUM89bCjJNoWfO3ktIE
vU9tSjr75GuyndYHKedJ6VRSKFHO2vs/bn5tsSBVxfEbYoSlOOJBhyo8AClwNV/H
2HqRUqQCySxjGUeFgOQYHS3ocuw5GZFzGjcIQctXObPo0391NcTnBZ5fpcVimZ5Q
XjYRAoGAN2O3HQjPyThoOUOn5MJEIx0L5bMvGNDzJO+oFngAntX/zv0zu/zsD9tc
kk4EbMLluiw2/XJvYjCStieaYxbSWioKwlThy39C+iUut+IbpP2eI46SOkhvPczt
4u1/sslqjs4ZSntR4Z9UOk3vY3oxRKbiXX2/vl9cqzB/cGYu01c=
MIIEowIBAAKCAQEA1jCNOxaX7C6bH8YffvoneePNQVAnMejecJqQz+KJHdrwTlOD
dqzpBVf21tzUo2AU7xoKzpHnEZ5PvBlgzveBhBy3E48ILWRs4ZCnCXYRG62LD6fI
ub0uEt2IwHiT0A6q1fGrAYlrzLkYRz3LQyOQhL0Ca7nB2IeCzY/Vfz0TR2+4bMtY
54Go5G+lZRP1N88E2cplS8YEZLPlQqqVS6J15bkpnAMmQWL5x67cUbnXdST4qvns
3cSqjjC0LKhOd1aInxdCgwL7dT4lwF64Jz1/25OSUVFN5J5Y8xmPqQWHNtauVTjw
/StV1DYfe3LnVhVriQ+aNu/cssfe1Se7x6w7HQIDAQABAoIBACRaOy4jKIfCZTug
UaooZNjQK/8AzpYu8snjwd42kZUKmqyAihhzQl1Qz6kp88ECxqrKHblvk+sullPT
btXRth6pDP150iZ6G+yws1jsu/yZmLeAf5XeoNo81T/tdxDh3GbRTHfHTg+B/rfg
qgXsHFQbDDUiYt8QKMgguFiPEh2WbedyAe1N9LhtEazMhrnLXCUxTXIFddmcKvnk
fTcnV6mG4FftXFwh+Qn4HukphENHD+xazxIp/WFGDbbStQ8sbjkUSydU0w5x/eQ/
V6z7ibgDmlHoSyKCxc0B0wuNE/BBQzQGvy2T9UhA4V2+vwuQpcXxM77tXMNnmxaX
fEXHQBUCgYEA+sYZKOTL7JCJNnGexVVxn6OWZUuSf94LAyVBCveHnItlFgowzwU1
NYUFD894SR7orvbnSHvEOvim10C7YoyDcsH5+zt4K7dMnVJ6I6I4mNv0r/1WylHe
JyNkYP7jn6znMqVgvo4YHCMrk2OoPIE8jeH1aN+I/YOTi47BIb+MbfcCgYEA2qdG
AbgwVoWeQT7Z+3iJxTgaZGjO66Id2164HMK0NGeYjNeWikt58Y5Vitblk6h8JqQy
yOipyyIbQFnQbmTo6vlvNTKw2NOrPHkYktridIfFrinYqEmKfhbhQWnZAOTjOnpJ
9RFC5LbErmrf5G6HIWV8bfX/kBvi0QbF6VYuKosCgYB2Ztf0PeqmnCuc4BKFu2z1
YcidtQvLgawTZSCLrAmEeTBWMqOO6zePOGoGZ/+0DnrwOTVEPOOOsF4d3btbsVpS
8ZE09IQtp9LtqMZwUqSET7385hF3XyYTtpsrTM1uU7WpbPn7np11k4l8gp4pSx+r
Ide8F2bXw6sDRniblZQZSwKBgQCjN4RZmj1zCLEWcS1UuyjUcEm7NEVpvY1eCLmU
tn7AM6i7Ud8NAsRXXXFbf4jGDVoHmkBSmuLMQHxpL+IX1fnMFUA/TMSYRoEnVhnS
3dN3OzaECLazAJqB/uBM7Q9QzIsWRtzYM/dkNU5iCGNy6FK0ykX061HHKBnLAKxR
vsQdewKBgGCZiy/QYdGR3jdfD7Qytfuptgf6zFLB0BqHJTG/YmnonCDTI8ZxmDOF
DspoiVbrjYdHED0IfcnXYNK8+Bv/2vVxAGqqCdA/aJbFXx86zKJvu8ZHcFrWl6Fy
vdk6OsJjqpA0RM/lD2kVvHeaBO44qGmMFfZHv52ONu+wE4mVX6Y8
-----END RSA PRIVATE KEY-----`)
var clientCert = []byte(`-----BEGIN CERTIFICATE-----
MIIDOzCCAiOgAwIBAgIJAN0PSMLOjTVBMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNV
BAMUKWdlbmVyaWNfd2ViaG9va19hZG1pc3Npb25fcGx1Z2luX3Rlc3RzX2NhMCAX
DTE3MDUwNDIyMzMyOFoYDzIyOTEwMjE3MjIzMzI4WjA4MTYwNAYDVQQDDC1nZW5l
MIIDOzCCAiOgAwIBAgIJAPJEHs7Aav1kMA0GCSqGSIb3DQEBCwUAMDQxMjAwBgNV
BAMMKWdlbmVyaWNfd2ViaG9va19hZG1pc3Npb25fcGx1Z2luX3Rlc3RzX2NhMCAX
DTE3MDkxMzAwMTAwNFoYDzIyOTEwNjI5MDAxMDA0WjA4MTYwNAYDVQQDFC1nZW5l
cmljX3dlYmhvb2tfYWRtaXNzaW9uX3BsdWdpbl90ZXN0c19jbGllbnQwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUJ/xNyHkiJ433MAjRvkUUmgzM+w3d
EBgPkYCTdej1c1sqe8nfyjZMp3EW7X9DyGobfrry9a4vpNgNhVxha0LqvA2lT+ag
B0lnLIS2ZkhqbVVrVVYcMKnKWyThvyNtTHGbo7MXVfFmkFQmD2j/U68vVcDSuZwO
J11c3lV0vZp0lmxLni2AjnuFwfSORChwdMS/mAiXa1xMNK13gZ5bEGYKi1h0JBZw
2T73pAxHEhqLzxo89jBDGk5B5oAGtiuM87V8kDSOKYz1uGSMZcrpyetFCuDeOR4X
e+4/D0EVsThV4Q0tj7K/Y5YE9g4Pyi/ROfaKeB7hCMTYNnIr3mXjrBBvAgMBAAGj
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWMI07FpfsLpsfxh9++id5481BUCcx
6N5wmpDP4okd2vBOU4N2rOkFV/bW3NSjYBTvGgrOkecRnk+8GWDO94GEHLcTjwgt
ZGzhkKcJdhEbrYsPp8i5vS4S3YjAeJPQDqrV8asBiWvMuRhHPctDI5CEvQJrucHY
h4LNj9V/PRNHb7hsy1jngajkb6VlE/U3zwTZymVLxgRks+VCqpVLonXluSmcAyZB
YvnHrtxRudd1JPiq+ezdxKqOMLQsqE53VoifF0KDAvt1PiXAXrgnPX/bk5JRUU3k
nljzGY+pBYc21q5VOPD9K1XUNh97cudWFWuJD5o279yyx97VJ7vHrDsdAgMBAAGj
SjBIMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
BggrBgEFBQcDATAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBBQUAA4IBAQC/
TBXk511JBKLosKVqrjluo8bzbgnREUrPcKclatiAOiIFKbMBy4nE4BlGZZW34t1u
sStB1dDHBHIuEkZxs93xwjqXN03yNNfve+FkRcb+guaZJEIBRlNocNxhd+lVDo8J
axRTdoOxyEOHGCjg+gyb0i9f/rqEqLnDwnYLZbH9Qbh/yv6OgISUTYOCzH35H0/6
unY5JaBhRvmJHI0Z3KtmvMShbUyzoYD+oNLaS31fvoYIekcHsnOjZGBukaIx1bE1
4SFjCUSPGDdzJdaYxQb0UXNI7oXKr6e6YeOrglIrVbboa0X3jtqGF1U7rop8ts3v
24SeXsvxqJht40itVvGK
BggrBgEFBQcDATAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQBh
cqu6S6MkUUtNhlWR33ZfV6Ewoz06IGtUIUDDuRmVuizCDOdCcGOTDvdoXtbZMwUf
ZRVVaSyIjqdz5k+C06mHM7uEEgo+Xo7YolK1AiW9VflG8K47l/+XlLoHFv0eB9k/
KdlFkzh3pszM4uEiynkLlSpQxyyBOhyaVdQlXdamqmSfIO0HlLza1OAP2rMILeMb
GJ0y+DCxxAspwVvmCUzc5nL6t35+oEDihRk9bjGDLhfh+b0AYSO4RUjzhNlayUBG
/Kbxh6GiimYmWwpIUTcTAbO7gB7Ya5eXmEB80McS0Z6MY/AEBHnu2Cy8BVEDY30f
uOhGOj+iPQxidcxc+wuy
-----END CERTIFICATE-----`)

View File

@ -61,7 +61,7 @@ openssl req -x509 -new -nodes -key badCAKey.pem -days 100000 -out badCACert.pem
# Create a server certiticate
openssl genrsa -out serverKey.pem 2048
openssl req -new -key serverKey.pem -out server.csr -subj "/CN=${CN_BASE}_server" -config server.conf
openssl req -new -key serverKey.pem -out server.csr -subj "/CN=webhook-test.default.svc" -config server.conf
openssl x509 -req -in server.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out serverCert.pem -days 100000 -extensions v3_req -extfile server.conf
# Create a client certiticate
@ -104,4 +104,4 @@ done
rm *.pem
rm *.csr
rm *.srl
rm *.conf
rm *.conf

View File

@ -18,6 +18,7 @@ package rest
import (
"io"
"net"
"net/http"
"path/filepath"
"reflect"
@ -236,6 +237,8 @@ func TestAnonymousConfig(t *testing.T) {
func(r *clientcmdapi.AuthProviderConfig, f fuzz.Continue) {
r.Config = map[string]string{}
},
// Dial does not require fuzzer
func(r *func(network, addr string) (net.Conn, error), f fuzz.Continue) {},
)
for i := 0; i < 20; i++ {
original := &Config{}