github.com/keybase/client/go@v0.0.0-20240309051027-028f7c731f8b/libkb/ca.go (about) 1 // Copyright 2015 Keybase, Inc. All rights reserved. Use of 2 // this source code is governed by the included BSD license. 3 4 package libkb 5 6 import "strings" 7 8 var apiCAOverrideForTest = "" 9 10 // GetBundledCAsFromHost returns in root CA in []byte for given host, or nil if 11 // no matching CA is found for host. 12 func GetBundledCAsFromHost(host string) (rootCA []byte, ok bool) { 13 host = strings.TrimSpace(strings.ToLower(host)) 14 realAPICA := APICA 15 if len(apiCAOverrideForTest) > 0 { 16 realAPICA = apiCAOverrideForTest 17 } 18 switch { 19 case (host == "api.keybase.io" || host == "api-0.core.keybaseapi.com" || host == "api-1.core.keybaseapi.com"): 20 return []byte(realAPICA), true 21 22 // Staging CA. 23 case strings.HasSuffix(host, "dev.keybase.io"), 24 strings.HasSuffix(host, "dev.keybaseapi.com"): 25 return []byte(KBFSDevCA), true 26 27 // Prod CA. 28 case strings.HasSuffix(host, "kbfs.keybase.io"), 29 strings.HasSuffix(host, "kbfs.keybaseapi.com"): 30 return []byte(KBFSProdCA), true 31 32 // We have services using both CAs on this domain, so need to bundle both. 33 case strings.HasSuffix(host, "core.keybase.io"), 34 strings.HasSuffix(host, "core.keybaseapi.com"): 35 return []byte(realAPICA + KBFSProdCA), true 36 37 default: 38 return nil, false 39 } 40 } 41 42 const APICA = ` 43 -----BEGIN CERTIFICATE----- 44 MIIGIzCCBAugAwIBAgIJAPzhpcIBaOeNMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD 45 VQQGEwJVUzELMAkGA1UECBMCTlkxETAPBgNVBAcTCE5ldyBZb3JrMRQwEgYDVQQK 46 EwtLZXliYXNlIExMQzEXMBUGA1UECxMOQ2VydCBBdXRob3JpdHkxLjAsBgNVBAMM 47 JWtleWJhc2UuaW8vZW1haWxBZGRyZXNzPWNhQGtleWJhc2UuaW8wIBcNMjMxMjMx 48 MTkwMzE5WhgPNjAyMzEyMzExOTAzMTlaMIGMMQswCQYDVQQGEwJVUzELMAkGA1UE 49 CBMCTlkxETAPBgNVBAcTCE5ldyBZb3JrMRQwEgYDVQQKEwtLZXliYXNlIExMQzEX 50 MBUGA1UECxMOQ2VydCBBdXRob3JpdHkxLjAsBgNVBAMMJWtleWJhc2UuaW8vZW1h 51 aWxBZGRyZXNzPWNhQGtleWJhc2UuaW8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw 52 ggIKAoICAQDewsDpkby46+aUW8UtUg5RGZxCtnIwUptW739N4OJ6aWzfDf8nNVN2 53 4P7sqJSL1HtBwJb9XVmlF5N+6ebut8AKInV+kiSNJCuCy8oMuCEjPEhLkUwjy616 54 3mnpC24mFoDCaZefzFfTkW+pY1utxdF2kviCgV2KA+wUrbGFNSJZq0syy16hKEjv 55 7OauCTHvkt4swPRsva45/zsmM7NtjzHaxQhksbA+gBPIbxZLfx7LoqQnFGMCEben 56 45NgSNhKuwC1ADoiZt4Ol9Ico4HwcXedWn/8RvgcSISxbAFFtBe8BaHcNgsa6QVb 57 TCI7QdUKhZj5scv8yprQ11EY6UuxsvhnikuuGoqBINTy6Zf1i41FFoHQ/mdOTPJT 58 prEerOr33QZ6n8jrZuOwF1hin4ONI8rjeZdGt9YmXY1NyXzEoDJ+w5b72FD2/ArS 59 2lKJw3F9i5RmzQGF+NJn9NzpnURF2BRhGJdO2iGX5JEDYiBkyWgcKWVUw2MSNeGC 60 68eAsA6ty7KFUG6mJRAZQdC+QyyvVTPxU80MU4l53C5xFTYBpHzzVuSedJt2z37M 61 0uy9QVX4ErtB2e39aQWlgvvysbBjjuayL06h13Hp8/J6DeqQkYzpzCf9ujLD2VB6 62 V5gOryTIl2LEgDG0CyQ3NE8nicO7aLNN8HJCgzx6nABZuhz+A0U5swIDAQABo4GD 63 MIGAMA4GA1UdDwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH 64 AwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQURqpATOw1gVVrzlqqFKbkfaKX 65 vwowHwYDVR0jBBgwFoAURqpATOw1gVVrzlqqFKbkfaKXvwowDQYJKoZIhvcNAQEL 66 BQADggIBALjuBecPwt0XJ6rpygOt9r1O6Oyj6WshzD2OvsK/RoHCJLjI32V8xYt3 67 YubUdFucy5m6dUEeTo6LwDd/7UpX+7NImQdRssHk6GynJJ7Sd2Jqvzlh6t+xFJHG 68 WqRt/u48T9Bm7pw1Z79QAXXi1L9DnPz8nMzu6gVTS2dzG4FAjXwzKsYV6mLoQW0L 69 adLKQELboM5hCauSILncD9ujWBZduFr7o4eHrRaZ4FiZ/46nGn/lqDhFTtgvSL53 70 +thrAiQCVv7sGkg8Niu3WTuJtIDlXzjGFuGli/l9KI9Dnr+RBe1kileQ99VZmayA 71 PgVFzkicAEd5ZzGnADGWAW0nSA8tOxAyo3qnnJ6Z1e2mNflmGv6+cryIkksfDu7A 72 oQuFQW0E3wEDmBXFHAGWgNKZQ05nxPY6zDm3FQCzS3v6CZuyJ8iwpDTKZYp4azPb 73 WLef0IJCGB62/+6YwD3bUunFq6jUR/vCgc5WRrLQd4LAbrrrP8SaLNPIlapZkYIU 74 Ba88Cg+nfTa7s0ETEJDNV+UyEoZbAMhcjCbua+aMx66WA+iinmZ++ilXxlBPNyFM 75 XNpVqc8i9YuN5ASXKwR0nna/vFyr2sFYhV/Q+QIBUh6bwZEFF9f3qtgxi908ZSEC 76 ip88muP7dUJ5jR/XrBLdYqrnMFym5dyHN7AjBdTwjSkTtFKHjAxb 77 -----END CERTIFICATE----- 78 ` 79 80 const KBFSProdCA = ` 81 -----BEGIN CERTIFICATE----- 82 MIIFkjCCA3qgAwIBAgIRALpii0WkmMIt0pcl7fLxvogwDQYJKoZIhvcNAQELBQAw 83 UTESMBAGCgmSJomT8ixkARkWAmlvMRwwGgYKCZImiZPyLGQBGRYMa2Jmcy5rZXli 84 YXNlMR0wGwYDVQQDDBRLZXliYXNlIEtCRlMgQ0EgcHJvZDAgFw0xNzA5MjYxNzA3 85 NDJaGA83MDE0MDYwMjE3MDc0MlowUTESMBAGCgmSJomT8ixkARkWAmlvMRwwGgYK 86 CZImiZPyLGQBGRYMa2Jmcy5rZXliYXNlMR0wGwYDVQQDDBRLZXliYXNlIEtCRlMg 87 Q0EgcHJvZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALtjrV8B+9ly 88 JjyMBX3m+9O8UbotvW9OQrPbQwVUY4LG8UJEeFETjtrZlYH4MZM7QhltBgxhnPlt 89 elCFxquCZTo8TScDzc6GdWZrvewDWjQTWRvxmNX++3dq5U9mbY8NqONoMoA9V4ZF 90 HL2xKrOITum0dSYjAzxfx5ofvdlmZ9MXTSDRu04lB0b0i2k3MnOfGQW7fxUA11lS 91 O5b3QrTvae20Pzhb5psjKUiaHDGMzulVO+Lz1gdsotahgxe/NCWiGjdS3OcjRbAV 92 BqNu7K/4xbxb580P1MOE+HSrziF3RDUSuryCzP8YMMqRXIf4rjaFYFrpazKbMoqG 93 pFZ//935i1lUopmIuaAkQjz/8Y11hYkdvSqVTHH0kyX7/kbEm+yIkLzn3VzoSJ5X 94 EL07XmHNY46LXBeDtIs3+Fdg0ISSMeHuSVYsm/TFK1VOrsToj8mbA0mF96laNMP6 95 d8OPWIVCbMN48MuZCT22gZCyAeHO57vXdd0Lg456WCcYcm3rQAHP0xoiHDLGxpoF 96 Yawl4dpj3qEdV1XJH0LQE450FVSrwfwL2FcH2+/6GVBhPEeJQgCECVbOwCbp/BPW 97 85Q7GntStVQQH89CqJnZEa1hglMwhaWCxVGfFDsPpM8GCh+BfXuSpQTlvOojo518 98 VRHxlMduI42VZMhnmHw7G4WorhhRC6inAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMB 99 Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRQmQ3lv6fySPlfpNjyUKG3wzh9 100 5jAfBgNVHSMEGDAWgBRQmQ3lv6fySPlfpNjyUKG3wzh95jANBgkqhkiG9w0BAQsF 101 AAOCAgEAEoOPz2/LQJZQId69QR5nedpoWZ7d7ob0tkM0/+S5fIgQCCsC31417pRD 102 QxFuPPnYh5XaEcdzWq3ECGMZZfSsDmfgJSgPwCOwtK6rXshKK+W66PK2/OGQD3Jx 103 QuBzBN1ZGT6saXg1pjhY1gdYCXuYiszXoYjpJZnp+sKegRB5BujEn9a1dnBCjVM3 104 BzXBB9PI34yc1+OJ6RusZtMa9fNgNAKJdMSTkCzVEU9qh3MhkqD/xEneUsZmdSDk 105 skv6/B1fpes0ctZM/JV99FrKDqq7eWnAlsF0e6GdnWL5MNOW0UupPK8edcDjr9op 106 cULw/+/2Hp60r50L1WWIcYEjrVmGIMpybrX1eqNilpJSjgrhX0ZqtiHh03+DcxXw 107 kZHxDQZf1bn+WwMxy0nb6YNBwcBXZEePb4S5KKy4V0T10YEDv7oOMrF6wIy/MxtU 108 wXHjIp+cd+lZkMngsGYZQExt9dq2BVmAncUiXj4ZAGQjpgSjaEuFkKDxEnRU908n 109 s+ljmQv1mMwPJqVyR+VIcwmAzhDSK1bwRpKgPjhkB10fBbiqPVllPuU40lSWCGEA 110 JB1KvwsOTY92T/h43MIeXWD2q1yzLtNmXp434uTUiZZwu2rFUYJTwagGp+z7d8TO 111 Zdjxkm8d4rsrfgqIWXdOQejJwYm8+LpRiOcUNpA47JR5l+HQAMQ= 112 -----END CERTIFICATE----- 113 ` /* ^ created on 9/26/2017; expires on 06/02/7014 */ + ` 114 -----BEGIN CERTIFICATE----- 115 MIIDkDCCAnigAwIBAgIRAL1MQ3C37AuGO8gFqfhqb9EwDQYJKoZIhvcNAQELBQAw 116 UTESMBAGCgmSJomT8ixkARkWAmlvMRwwGgYKCZImiZPyLGQBGRYMa2Jmcy5rZXli 117 YXNlMR0wGwYDVQQDDBRLZXliYXNlIEtCRlMgQ0EgcHJvZDAeFw0xNTExMDgyMzM3 118 MDFaFw0xNzExMDcyMzM3MDFaMFExEjAQBgoJkiaJk/IsZAEZFgJpbzEcMBoGCgmS 119 JomT8ixkARkWDGtiZnMua2V5YmFzZTEdMBsGA1UEAwwUS2V5YmFzZSBLQkZTIENB 120 IHByb2QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr9ttTzL093jPt 121 WstzWR19qvLprd778ALqShZYZughuXPULgOck4AQW27vlp1nY8+7sBnWgstzL6Gv 122 dTQU61e34yOeAFYyKoWPFHyeo/g1y+LANgLdLbeOatOlWyM2sb/f0K3SKpusp/9J 123 0ylpDyko97MAI28spwX1d7L/qlDV6ryce4GrzElp3J8j3TZ3cju5rEldn8BSnLYw 124 i/2/Sc93GwhkjI03MZvuWaJQXQjTMALVzx5gFzshUymV4yrJfQbmBTwODf1yucsQ 125 NrWDiKWcFXe5dR8BWBZG7lslZeGYaHQ6lc3TgGwaPobpaZpzVEt3Crb9HAuTVl8/ 126 Ynlw2XvzAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG 127 MB0GA1UdDgQWBBSg9AYko8IqCwg2awZOZO6TW+ITsjAfBgNVHSMEGDAWgBSg9AYk 128 o8IqCwg2awZOZO6TW+ITsjANBgkqhkiG9w0BAQsFAAOCAQEAAJ2oOlY+DCDWr73m 129 TrR3Kfx+bDzvU1IZviKKooGGPjG+apcz5rWoKhjkO593ORCrygAvITnAI4v2Eaic 130 h2zYfWkOnCI2YYvVChR0TSJfa2+gxZFUqxRb68zMgcTxGZTZUonEX4nCJjkrSx3M 131 ATZkFWJDPPVci6o87VbpnKOc3mep3i1s3Cvw0GMHP+yVgw8Y0BpXII5hGbCODmoh 132 d2mdg2gjlOVBCfTEAe7cgUx9/lraQwUurUjDO3g54NZo/pcoc9koIW+Ai+saF5gA 133 UnFkqAOuEw0y4Fxzr9pw9naKF3KMlEJf6CiDJ4xspNzPZFupuepKitRrlrzofYuW 134 OXgZAw== 135 -----END CERTIFICATE----- 136 ` /* ^ expires on 11/7/2017 */ 137 138 const KBFSDevCA = ` 139 -----BEGIN CERTIFICATE----- 140 MIIFjTCCA3WgAwIBAgIQFpAR2yGFjPGpRawSbyV+JzANBgkqhkiG9w0BAQsFADBP 141 MRIwEAYKCZImiZPyLGQBGRYCaW8xGzAZBgoJkiaJk/IsZAEZFgtkZXYua2V5YmFz 142 ZTEcMBoGA1UEAwwTS2V5YmFzZSBLQkZTIENBIGRldjAgFw0xNzA5MjYxNzA3MDZa 143 GA83MDE0MDYwMjE3MDcwNlowTzESMBAGCgmSJomT8ixkARkWAmlvMRswGQYKCZIm 144 iZPyLGQBGRYLZGV2LmtleWJhc2UxHDAaBgNVBAMME0tleWJhc2UgS0JGUyBDQSBk 145 ZXYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCfzXIB3edtDpdpyOrS 146 8rSBL6STOIucCQUf8737uk1FyA8kg84YCyDUtGFe242tCncQMJ3i/3Fo4542txKf 147 UQ6C7XCIUKP76ZvnG6N+KJkb0Tnr3N6pOYj0xQE6dldcXHNOgOC14m84mDABH0L9 148 0ZSpsVKmS7svn+Nr5y8hO9J2gg8/HBGl6MupJci4VGaTFgzT22D7IvjsBEcr4Pwd 149 qX6VafdeXlRONrVvPTHWJilpwpDkOo2EV6Un+61bVxTejFVsDpSRlwxE/R4zUJjm 150 sscE0GOpyZRyzmdAPlzEVhTqlMTjpFyODukQnXUq8CvkoZzzc+aCCFQbRw33T3eF 151 Je+pjqJS38pzQeaxCWs35WG53+xqiAuGVuXTcc5R31gVK2E92UmrGL96V9gRSTfg 152 YEoT4wVHzFscMIQUpKqQ2uoJm1asiOcJG6rPFSrkTTMSiCu1ITXeL62dj7Id+6gT 153 wdUv/r2W8tt4cCv24mfZPKI1cHjXUjZFslHJtFXn1kG19ka+JLj7kIAeglCona22 154 xTwdsla5nsAX2xOhtiteYlmmOkhIj3CJLDm86PYcTcsTByiDqNdgUdFGk4uvnSph 155 1yW/NulAuY4BX7yIRGqwGLgQQvnsbdsvcH+kYxu3I2nNz8dsaoAsX6cMSLQ9tH/I 156 6Cu/3jaXanvem7yFnfuFuO3abQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4G 157 A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUknKQ73ecH+pEfJicSJdhi7Ud4ekwHwYD 158 VR0jBBgwFoAUknKQ73ecH+pEfJicSJdhi7Ud4ekwDQYJKoZIhvcNAQELBQADggIB 159 AI8dK0HiAvXtdvU3sMdK1K18JKroirK7yJL2MPKAy5Fr8IT30g/9zsoWY22zTRbD 160 iTcvjAoK/9DlcTSdxjYqh5s8D5jALBOxWi9e6TFWK71m6eec103TJJIOtwS2jC6u 161 R3hk1W56XL7cbdptAtrUfcEf3iohbnORdd50iAsGOAl/Iv4FduQeGZNJXIBpINYc 162 Mjo8CLA5Iw94XlyCcc8OJPYEk33Af2MiYCnccndWlophZq8fpLTaEcPGtlIYv2sA 163 sJhGWAdvEtZ9RoI5Rp66NuP7ZuD8GSjBwglC4PsKQS+7VdLOtt2HrzX3ZXp9DT9T 164 zjt/PriziUbyadK8PaYaJzTkGgJe4J0nA0UlNbRl8peEpepomPG2SyJSuNpkWh0d 165 zHeusngGowrBMqn54hmBwGaAGPA+b4faIq9sHnZm1TRlg0f7GeQegeJhjigAsv7q 166 iq2keQ2AXXnb1SUU2NbQ6GcdNEdi1eaatiWCkmp+pZLOAAJq7FsQiOF0oqo6OicX 167 gRQVL8BaIiQ6OQYO+XpLP0Efji0aK11X0yh02oUjdTWGBfQyBAFtccwUUDZZEaRV 168 FWG2uwh+ewaxA+3q+goIbIpzwbV8HMUcBAvEGajprdkv0Qmv3PY/ZVW+Y1SaSlIN 169 We3c57PSYN4UV4034Wr8gAZY5nzlYb0irQnl/Kw5oyNP 170 -----END CERTIFICATE----- 171 ` /* ^ created on 9/26/2017; expires on 06/02/7014 */ + ` 172 -----BEGIN CERTIFICATE----- 173 MIIDjDCCAnSgAwIBAgIRANRMeoRz3Xg5c8kT2f5k9wMwDQYJKoZIhvcNAQELBQAw 174 TzESMBAGCgmSJomT8ixkARkWAmlvMRswGQYKCZImiZPyLGQBGRYLZGV2LmtleWJh 175 c2UxHDAaBgNVBAMME0tleWJhc2UgS0JGUyBDQSBkZXYwHhcNMTUwOTIzMTk0NzM3 176 WhcNMTcwOTIyMTk0NzM3WjBPMRIwEAYKCZImiZPyLGQBGRYCaW8xGzAZBgoJkiaJ 177 k/IsZAEZFgtkZXYua2V5YmFzZTEcMBoGA1UEAwwTS2V5YmFzZSBLQkZTIENBIGRl 178 djCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWCTpo8NNeGM6nIkNW+ 179 4qiM8ocuFjDw2Er6XJhncgj7xjTGf/9yZqnXeGHyHGT66AtKl5bc8son4+npWmvs 180 47OXORF7YGi89d9KBlIC4NCetZLBSVWiSG+XXSKrmIffi6D0UojpZc2blnzgejEO 181 ii1uCDSaj6TRLcC8z/eXKq+DtPcfNnPL0pu5CiUNrH1cA9PS+jO1OonCGPG5yVjW 182 bBw0nQfThhapm9IohtdbYzlQiSbE1+3ctNwCPLas3mmUWkcrrVbn1Fa54LnfNR2u 183 pnZRNZ7czfB/vtymUJ6/y8dLYTmnzMFFYy416FOmvr4NqLBkaMWg9xp+KeR30044 184 AicCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD 185 VR0OBBYEFBdb6+h+Qq5vXUWo99QbatQTX6u+MB8GA1UdIwQYMBaAFBdb6+h+Qq5v 186 XUWo99QbatQTX6u+MA0GCSqGSIb3DQEBCwUAA4IBAQArhp0KXfJHEhVcUXqYYjdn 187 pZQjq3+0aKjMjgnVWekxwwBARh4ycy2e7066ru1eDZr6myGYK+/vjXituWtq7/c/ 188 Fifezgje6o9lB1TPamgQeE8slqqAgc3OxTqbAAf+rxJelcI6aOm7tqX04k8Aiuhm 189 dr64cM/NsZTKUbrCHCVNHPNj8wWkrb9pbXH/q0+Gt/gw4MiL6p1YuSr4SIENqDpP 190 VFiOCcbOSiw5OHPe/VwLts/g3e3NSXqd53nQW1/CgpSBdT73oWw+SBfv21KuJN5K 191 745S8d9JfbLItWgM73o94MSLOpUEl2F7qqXj2eOBEYWIMbRjMMZ7Vzmuo5wo3M8i 192 -----END CERTIFICATE----- 193 ` /* ^ expired on 9/22/2017 */