github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/kbfs/kbfscrypto/root_certs.go (about) 1 // Copyright 2016 Keybase Inc. All rights reserved. 2 // Use of this source code is governed by a BSD 3 // license that can be found in the LICENSE file. 4 5 package kbfscrypto 6 7 import ( 8 "net" 9 "os" 10 ) 11 12 // TestRootCert is a CA cert which can be used for testing TLS support. 13 // 127.0.0.1 is the only supported address. 14 const TestRootCert = `Certificate: 15 Data: 16 Version: 3 (0x2) 17 Serial Number: 18 df:57:8e:02:e8:e3:a2:04:e4:3f:ab:a4:3c:50:42:53 19 Signature Algorithm: sha256WithRSAEncryption 20 Issuer: O=Keybase, Inc. **TEST CA** 21 Validity 22 Not Before: Aug 4 03:36:58 2015 GMT 23 Not After : Aug 1 03:36:58 2025 GMT 24 Subject: O=Keybase, Inc. **TEST CA** 25 Subject Public Key Info: 26 Public Key Algorithm: rsaEncryption 27 RSA Public Key: (2048 bit) 28 Modulus (2048 bit): 29 00:dc:aa:08:3a:f9:03:11:58:aa:d0:81:e4:ca:11: 30 97:ef:42:fb:c6:83:e2:de:df:c0:63:ae:0e:79:f6: 31 be:eb:70:8d:f0:1b:73:fb:f2:99:af:04:56:ff:f2: 32 c3:26:7c:fb:eb:fc:fc:fd:23:3e:9d:e5:c2:67:de: 33 59:29:42:71:24:f8:3f:e8:91:82:4d:64:81:90:a4: 34 30:46:ed:c4:25:76:3d:ba:4e:70:06:b1:ee:78:ac: 35 48:95:f1:e8:94:7d:f4:9b:b7:1e:cd:9d:9c:fd:48: 36 59:50:eb:f1:29:1f:b6:34:e4:e7:d1:85:11:67:bb: 37 08:fa:3b:c4:29:a1:a7:10:8a:0e:44:85:be:88:9f: 38 e8:e0:af:87:33:21:ea:a6:d1:24:c4:b2:8f:59:f5: 39 02:4f:b2:59:67:e3:ad:be:7e:ee:3b:ee:71:23:e1: 40 6e:66:7c:18:16:c3:18:f5:68:1d:42:f9:32:2e:67: 41 e4:08:66:8a:2e:d2:f5:26:98:70:4b:c4:14:ef:77: 42 2e:95:4b:fc:0b:32:03:f1:5f:d7:ba:06:e9:71:c4: 43 dc:a3:6a:d1:4c:f5:6a:cd:7c:96:82:df:ad:b2:9d: 44 14:26:d1:dd:dd:40:59:1f:dd:86:34:45:0e:91:51: 45 2c:42:76:57:42:61:82:c2:02:f1:c7:b0:47:06:f8: 46 f8:63 47 Exponent: 65537 (0x10001) 48 X509v3 extensions: 49 X509v3 Key Usage: critical 50 Digital Signature, Key Encipherment, Certificate Sign 51 X509v3 Extended Key Usage: 52 TLS Web Server Authentication 53 X509v3 Basic Constraints: critical 54 CA:TRUE 55 X509v3 Subject Alternative Name: 56 IP Address:127.0.0.1 57 Signature Algorithm: sha256WithRSAEncryption 58 03:72:7e:8f:b8:72:e1:ce:1e:67:92:71:e8:f7:9d:cd:ce:cc: 59 e1:6f:29:69:3d:17:59:66:95:11:23:6a:eb:82:76:c9:b4:83: 60 c2:50:e5:5a:55:2b:fd:c4:92:56:db:91:42:2a:29:56:30:5f: 61 ae:6b:ae:69:a6:61:98:51:c2:c4:88:d6:58:11:4b:e5:05:ae: 62 5d:29:74:0f:1f:05:5e:f9:33:3a:3a:98:dc:a1:0f:71:b2:8b: 63 74:fd:fb:f2:c7:38:93:0b:22:80:ac:08:d1:3f:8f:bf:32:93: 64 8a:a0:85:9a:e7:1d:d9:af:fa:94:e0:9f:6f:b4:e6:e6:98:91: 65 b8:a1:b2:f4:6d:9c:29:8b:3e:fc:f5:61:7b:e1:6d:ad:2f:fd: 66 8e:1e:ad:6d:f7:6c:75:29:48:b5:5b:01:cc:4a:a1:06:b9:03: 67 19:7f:a9:b6:7f:86:94:32:4c:5f:59:3c:b8:74:b6:aa:63:80: 68 44:59:3d:d9:61:35:01:75:52:0a:2c:ff:f5:fe:df:13:e5:d9: 69 79:3a:77:d9:d9:11:b4:40:e0:8a:b1:df:a4:19:52:1f:f1:bb: 70 3b:ac:35:96:17:de:78:dc:ed:b8:79:a1:2f:f9:9d:31:1b:9e: 71 6c:93:17:b7:fe:f1:fe:a4:00:45:eb:85:f8:82:85:6f:0d:93: 72 93:f0:d3:8c 73 -----BEGIN CERTIFICATE----- 74 MIIDGDCCAgKgAwIBAgIRAN9XjgLo46IE5D+rpDxQQlMwCwYJKoZIhvcNAQELMCQx 75 IjAgBgNVBAoTGUtleWJhc2UsIEluYy4gKipURVNUIENBKiowHhcNMTUwODA0MDMz 76 NjU4WhcNMjUwODAxMDMzNjU4WjAkMSIwIAYDVQQKExlLZXliYXNlLCBJbmMuICoq 77 VEVTVCBDQSoqMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3KoIOvkD 78 EViq0IHkyhGX70L7xoPi3t/AY64Oefa+63CN8Btz+/KZrwRW//LDJnz76/z8/SM+ 79 neXCZ95ZKUJxJPg/6JGCTWSBkKQwRu3EJXY9uk5wBrHueKxIlfHolH30m7cezZ2c 80 /UhZUOvxKR+2NOTn0YURZ7sI+jvEKaGnEIoORIW+iJ/o4K+HMyHqptEkxLKPWfUC 81 T7JZZ+Otvn7uO+5xI+FuZnwYFsMY9WgdQvkyLmfkCGaKLtL1JphwS8QU73culUv8 82 CzID8V/XugbpccTco2rRTPVqzXyWgt+tsp0UJtHd3UBZH92GNEUOkVEsQnZXQmGC 83 wgLxx7BHBvj4YwIDAQABo0kwRzAOBgNVHQ8BAf8EBAMCAKQwEwYDVR0lBAwwCgYI 84 KwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHREECDAGhwR/AAABMAsGCSqG 85 SIb3DQEBCwOCAQEAA3J+j7hy4c4eZ5Jx6Pedzc7M4W8paT0XWWaVESNq64J2ybSD 86 wlDlWlUr/cSSVtuRQiopVjBfrmuuaaZhmFHCxIjWWBFL5QWuXSl0Dx8FXvkzOjqY 87 3KEPcbKLdP378sc4kwsigKwI0T+PvzKTiqCFmucd2a/6lOCfb7Tm5piRuKGy9G2c 88 KYs+/PVhe+FtrS/9jh6tbfdsdSlItVsBzEqhBrkDGX+ptn+GlDJMX1k8uHS2qmOA 89 RFk92WE1AXVSCiz/9f7fE+XZeTp32dkRtEDgirHfpBlSH/G7O6w1lhfeeNztuHmh 90 L/mdMRuebJMXt/7x/qQAReuF+IKFbw2Tk/DTjA== 91 -----END CERTIFICATE-----` 92 93 // TestRootKey can be used with the above cert+public key to test TLS support. 94 const TestRootKey = `-----BEGIN RSA PRIVATE KEY----- 95 MIIEpQIBAAKCAQEA3KoIOvkDEViq0IHkyhGX70L7xoPi3t/AY64Oefa+63CN8Btz 96 +/KZrwRW//LDJnz76/z8/SM+neXCZ95ZKUJxJPg/6JGCTWSBkKQwRu3EJXY9uk5w 97 BrHueKxIlfHolH30m7cezZ2c/UhZUOvxKR+2NOTn0YURZ7sI+jvEKaGnEIoORIW+ 98 iJ/o4K+HMyHqptEkxLKPWfUCT7JZZ+Otvn7uO+5xI+FuZnwYFsMY9WgdQvkyLmfk 99 CGaKLtL1JphwS8QU73culUv8CzID8V/XugbpccTco2rRTPVqzXyWgt+tsp0UJtHd 100 3UBZH92GNEUOkVEsQnZXQmGCwgLxx7BHBvj4YwIDAQABAoIBAQCBB+P8J/PFRuXL 101 Osk/533CaJa1BBW7YXcsUnEgnEoTfiNhTYxKvRdkodMFozy92sOswKhmlR9eUSWW 102 ewwD9lgW2Br2sW9SNf0VSQz5zLqvdS6vLIKRR6Y8ZfGjzGrFuck47KFUdl+AM7gW 103 e4DvHR38XAW6HGeLEnEzcZNJDL+WCS4XP0ylbAoQsasBZz9xWEhQ7CXV0rC2r00b 104 E30WNnDkTAvMQlErwgDBAcqziIOejSbj2qkjJjPY4IO91718qchOwBwXKl8bP/Zs 105 7eQmtYdBLGCPXGf9ngcJWB9Fu/kVZbIh1yg/Pxlz9anZ9a0PeTlCiSkzPxjl7H5d 106 L0dQfiJhAoGBAPcOe5c9N0PHfUqHvMuV6DB/SNgr5IeXvE0jt8VfRVGQpzdrWmzM 107 NA68ENHGueSdLJw56Y9N2ENxPIbEfhw1Aj8yzTsmR/zJS+/niMk1NOF09TamhkmE 108 FzQdVKbfcmhQ6irbN7A4+bONJHLhPxfN1awfHHWelD5KZLuw7h0OmZ05AoGBAOSm 109 92jSpvmVzDtW9IN+JaPEKSA/M80F9Z8s7wXft0KFYbSOEShH3by5qLNXAfhqr/HU 110 Czy8DnoNCjjmG5a92R2gSI+Rp/69J8KxpT3dRNaFu1DGyilCV2AYrjs/CpJebwen 111 RfCfKcv9o6xbkFTd+W5zT4rLR7BAsnopo6HGa957AoGAb8TEkxJluys3+ozYE754 112 8d/Tw8Bvvgwea0Oacxd707++dqsBmLD1aCka7tyZ4txcfz0P9f4Atdo3yLyCVR6C 113 Krc/89+It8sVqK41ytlgWBNCkHvbysyQdspCLtBuANWCausMEZRlGx7ie3p9wbYk 114 UZ8tj+SzKk8brXII92pQgrkCgYEAm6dmKX+tl554J7UsQw9vBCsXbBJaaymxaain 115 FrKTCL/QIZ/M4kT6F+2zgFKszrWiDNgyxienG0MhQFa1VUrsMJTakJGxcWLHXGye 116 dpzYrcjgGT8ahDfbT1m90is6QSX0I5ulqwZO58VE1KKIgJ2TnbL15SA5Lyz70tnh 117 wNFYwV0CgYEAqD+ojYP6i7shKJal7U8mi1pPrytjIx6DyMlqY4fl3MQ3IMGdZ1nI 118 aOOhUtJxzorYWSCcNZKCUFu1esbmDO4PlkfnzaBVCqPZ3CThPnmUBZ2wg9rpZu2S 119 7Q0sQ3FFXg9WqcsduaKRy5d8LKH8ikRooQw/Q5BpZ1tfKJStU6Xjf9U= 120 -----END RSA PRIVATE KEY-----` 121 122 const ( 123 // EnvTestRootCertPEM is the environment variable name for the 124 // CA cert PEM the client uses to verify the KBFS servers when 125 // testing. Any certificate present here overrides any 126 // certificate inferred from a server address. 127 EnvTestRootCertPEM = "KEYBASE_TEST_ROOT_CERT_PEM" 128 ) 129 130 // GetRootCerts returns a byte array with the appropriate root certs 131 // for the given host:port string. 132 func GetRootCerts(serverAddr string, 133 certGetter func(host string) (certsBundle []byte, ok bool)) []byte { 134 // Use the environment variable, if set. 135 envTestRootCert := os.Getenv(EnvTestRootCertPEM) 136 if len(envTestRootCert) != 0 { 137 return []byte(envTestRootCert) 138 } 139 140 if host, _, err := net.SplitHostPort(serverAddr); err == nil { 141 if rootCA, ok := certGetter(host); ok { 142 return rootCA 143 } 144 } 145 146 // Fall back to the test cert. 147 return []byte(TestRootCert) 148 }