msb-public
/
helm
mirror of https://github.com/helm/helm
1
0
Code Issues Projects Releases Wiki Activity

generate cert for redirect test

Browse Source 
Signed-off-by: Simon Bein <simontheleg@gmail.com>
pull/12545/head
Simon Bein 2 years ago
parent a779b355bd
commit 94becde7f3
No known key found for this signature in database
GPG Key ID: 8A8A68258B4E118E
5 changed files with 102 additions and 89 deletions
Show Stats Download Patch File Download Diff File

2
pkg/getter/httpgetter_test.go
Unescape View File

@ -337,7 +337,7 @@ func TestDownloadTLSWithRedirect(t *testing.T) {
insecureSkipTLSverify := false
// Server 2 that will actually fulfil the request.
ca, pub, priv := filepath.Join(cd, "rootca.crt"), filepath.Join(cd, "localhost-cert.pem"), filepath.Join(cd, "key.pem")
ca, pub, priv := filepath.Join(cd, "rootca.crt"), filepath.Join(cd, "localhost-crt.pem"), filepath.Join(cd, "key.pem")
tlsConf, err := tlsutil.NewClientTLS(pub, priv, ca, insecureSkipTLSverify)
if err != nil {
t.Fatal(errors.Wrap(err, "can't create TLS config for client"))

9
testdata/generate.sh vendored
Unescape View File

@ -1,4 +1,9 @@
#!/bin/sh
openssl req -new -config openssl.conf -key key.pem -out key.csr
openssl ca -config openssl.conf -create_serial -batch -in key.csr -out crt.pem -key rootca.key -cert rootca.crt
# generate
openssl req -new -config openssl.conf -key key.pem -out key.csr -addext "subjectAltName = DNS:helm.sh, IP Address:127.0.0.1"
openssl ca -config openssl.conf -rand_serial -batch -in key.csr -out crt.pem -keyfile rootca.key -cert rootca.crt
# generate localhost certificate (mainly used for http redirect tests)
openssl req -new -config openssl.conf -key key.pem -out localhost-key.csr -addext "subjectAltName = DNS:localhost"
openssl ca -config openssl.conf -rand_serial -batch -in localhost-key.csr -out localhost-crt.pem -keyfile rootca.key -cert rootca.crt

73
testdata/localhost-cert.pem vendored
Unescape View File

@ -1,73 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:73:9a:e7:be:ce:22:31:b5:21:c9:0c:ee:b6:08:1f:37:df:25:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CO, L=Boulder, O=Helm, CN=helm.sh
Validity
Not Before: Mar 25 00:42:21 2021 GMT
Not After : Mar 23 00:42:21 2031 GMT
Subject: C=CA, ST=ON, L=Kitchener, O=Helm, CN=localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:89:55:0d:0b:f1:da:e6:c0:70:7d:d3:27:cd:
b8:a8:81:8b:7c:a4:89:e5:d1:b1:78:01:1d:df:44:
88:0b:fc:d6:81:35:3d:d1:3b:5e:8f:bb:93:b3:7e:
28:db:ed:ff:a0:13:3a:70:a3:fe:94:6b:0b:fe:fb:
63:00:b0:cb:dc:81:cd:80:dc:d0:2f:bf:b2:4f:9a:
81:d4:22:dc:97:c8:8f:27:86:59:91:fa:92:05:75:
c4:cc:6b:f5:a9:6b:74:1e:f5:db:a9:f8:bf:8c:a2:
25:fd:a0:cc:79:f4:25:57:74:a9:23:9b:e2:b7:22:
7a:14:7a:3d:ea:f1:7e:32:6b:57:6c:2e:c6:4f:75:
54:f9:6b:54:d2:ca:eb:54:1c:af:39:15:9b:d0:7c:
0f:f8:55:51:04:ea:da:fa:7b:8b:63:0f:ac:39:b1:
f6:4b:8e:4e:f6:ea:e9:7b:e6:ba:5e:5a:8e:91:ef:
dc:b1:7d:52:3f:73:83:52:46:83:48:49:ff:f2:2d:
ca:54:f2:36:bb:49:cc:59:99:c0:9e:cf:8e:78:55:
6c:ed:7d:7e:83:b8:59:2c:7d:f8:1a:81:f0:7d:f5:
27:f2:db:ae:d4:31:54:38:fe:47:b2:ee:16:20:0f:
f1:db:2d:28:bf:6f:38:eb:11:bb:9a:d4:b2:5a:3a:
4a:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:localhost
Signature Algorithm: sha256WithRSAEncryption
bd:f8:df:36:d9:9e:14:3b:4f:68:b6:d4:40:e0:89:51:e1:a1:
f1:4d:ec:9f:f2:78:e8:f1:4c:45:aa:4b:4a:7c:39:db:b1:9f:
76:56:5b:d1:7e:46:67:9a:7a:52:f3:f8:3d:26:92:d8:c9:06:
6e:00:a9:ce:4d:98:24:0a:5a:4b:cc:49:91:9a:ef:ce:77:67:
df:50:d3:66:d1:34:32:aa:17:c8:71:d5:b4:97:b0:a3:a0:9c:
3b:c4:c2:d6:b6:91:77:4d:68:89:d3:84:c9:6d:42:db:55:96:
2c:25:40:60:1d:38:41:76:0b:3f:b7:e1:7e:05:82:db:7a:56:
e0:25:ad:34:62:1f:fa:49:18:3e:62:6a:ef:5b:8f:0d:3f:06:
8a:9b:f7:a7:5f:b3:8e:26:62:5f:92:ab:43:e7:dd:79:90:c8:
01:09:c3:42:cd:d8:e0:16:17:4f:71:20:18:07:51:b8:60:c1:
61:3f:76:f1:3e:1e:ad:d5:52:33:27:c3:ef:0f:78:ab:c1:95:
0e:34:b4:5f:92:54:33:fd:e0:7d:34:27:80:e5:94:a9:2d:db:
7e:d9:c8:e2:ec:8e:cf:ec:dd:41:6e:d4:c9:2c:2d:a4:eb:63:
a7:4e:62:a7:44:a8:19:e6:7c:47:4f:d2:aa:7f:21:fd:90:a6:
4c:b4:b3:7a
-----BEGIN CERTIFICATE-----
MIIDRDCCAiygAwIBAgIUIXOa577OIjG1IckM7rYIHzffJbswDQYJKoZIhvcNAQEL
BQAwTTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMRAwDgYDVQQHDAdCb3VsZGVy
MQ0wCwYDVQQKDARIZWxtMRAwDgYDVQQDDAdoZWxtLnNoMB4XDTIxMDMyNTAwNDIy
MVoXDTMxMDMyMzAwNDIyMVowUTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAk9OMRIw
EAYDVQQHDAlLaXRjaGVuZXIxDTALBgNVBAoMBEhlbG0xEjAQBgNVBAMMCWxvY2Fs
aG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiJVQ0L8drmwHB9
0yfNuKiBi3ykieXRsXgBHd9EiAv81oE1PdE7Xo+7k7N+KNvt/6ATOnCj/pRrC/77
YwCwy9yBzYDc0C+/sk+agdQi3JfIjyeGWZH6kgV1xMxr9alrdB7126n4v4yiJf2g
zHn0JVd0qSOb4rciehR6PerxfjJrV2wuxk91VPlrVNLK61QcrzkVm9B8D/hVUQTq
2vp7i2MPrDmx9kuOTvbq6Xvmul5ajpHv3LF9Uj9zg1JGg0hJ//ItylTyNrtJzFmZ
wJ7PjnhVbO19foO4WSx9+BqB8H31J/LbrtQxVDj+R7LuFiAP8dstKL9vOOsRu5rU
slo6Sn8CAwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEB
CwUAA4IBAQC9+N822Z4UO09ottRA4IlR4aHxTeyf8njo8UxFqktKfDnbsZ92VlvR
fkZnmnpS8/g9JpLYyQZuAKnOTZgkClpLzEmRmu/Od2ffUNNm0TQyqhfIcdW0l7Cj
oJw7xMLWtpF3TWiJ04TJbULbVZYsJUBgHThBdgs/t+F+BYLbelbgJa00Yh/6SRg+
YmrvW48NPwaKm/enX7OOJmJfkqtD5915kMgBCcNCzdjgFhdPcSAYB1G4YMFhP3bx
Ph6t1VIzJ8PvD3irwZUONLRfklQz/eB9NCeA5ZSpLdt+2cji7I7P7N1BbtTJLC2k
62OnTmKnRKgZ5nxHT9KqfyH9kKZMtLN6
-----END CERTIFICATE-----

79
testdata/localhost-crt.pem vendored
Unescape View File

@ -0,0 +1,79 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:fc:01:9f:43:a7:bb:cc:41:8e:bf:41:95:a9:e9:fb:3e:a0:89:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CO, L=Boulder, O=Helm, CN=helm.sh
Validity
Not Before: Nov 6 10:45:30 2023 GMT
Not After : Nov 3 10:45:30 2033 GMT
Subject: C=US, ST=CO, L=Boulder, O=Helm, CN=helm.sh
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c8:89:55:0d:0b:f1:da:e6:c0:70:7d:d3:27:cd:
b8:a8:81:8b:7c:a4:89:e5:d1:b1:78:01:1d:df:44:
88:0b:fc:d6:81:35:3d:d1:3b:5e:8f:bb:93:b3:7e:
28:db:ed:ff:a0:13:3a:70:a3:fe:94:6b:0b:fe:fb:
63:00:b0:cb:dc:81:cd:80:dc:d0:2f:bf:b2:4f:9a:
81:d4:22:dc:97:c8:8f:27:86:59:91:fa:92:05:75:
c4:cc:6b:f5:a9:6b:74:1e:f5:db:a9:f8:bf:8c:a2:
25:fd:a0:cc:79:f4:25:57:74:a9:23:9b:e2:b7:22:
7a:14:7a:3d:ea:f1:7e:32:6b:57:6c:2e:c6:4f:75:
54:f9:6b:54:d2:ca:eb:54:1c:af:39:15:9b:d0:7c:
0f:f8:55:51:04:ea:da:fa:7b:8b:63:0f:ac:39:b1:
f6:4b:8e:4e:f6:ea:e9:7b:e6:ba:5e:5a:8e:91:ef:
dc:b1:7d:52:3f:73:83:52:46:83:48:49:ff:f2:2d:
ca:54:f2:36:bb:49:cc:59:99:c0:9e:cf:8e:78:55:
6c:ed:7d:7e:83:b8:59:2c:7d:f8:1a:81:f0:7d:f5:
27:f2:db:ae:d4:31:54:38:fe:47:b2:ee:16:20:0f:
f1:db:2d:28:bf:6f:38:eb:11:bb:9a:d4:b2:5a:3a:
4a:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:localhost
X509v3 Subject Key Identifier:
62:48:0B:D0:F1:4E:A4:45:69:08:1A:DB:78:E7:6C:19:C4:52:88:B6
X509v3 Authority Key Identifier:
89:C0:05:C4:32:17:69:9B:91:76:97:37:0F:6E:B9:CC:E7:1E:04:34
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
41:fe:c0:41:97:34:55:61:bf:64:92:10:9b:77:66:df:5a:b7:
bd:ff:8e:83:15:07:9b:7a:90:31:86:2c:ae:64:68:a4:c0:7b:
65:39:9b:4a:60:aa:85:f3:55:e4:7d:04:0c:9f:71:91:ee:fb:
9c:c2:36:74:68:ce:76:b0:bb:22:c0:c3:57:76:4a:69:fb:90:
b3:a9:be:97:73:4d:07:20:34:e3:36:94:ba:c3:be:a0:f5:e3:
48:00:57:3c:11:0d:80:cc:8d:a7:fc:a6:5b:44:80:30:f5:46:
b1:ea:ff:2f:1e:cf:88:57:3f:8a:fa:16:f2:2d:b6:9d:d1:23:
ba:df:2a:05:e5:09:d3:a9:de:47:31:0b:32:95:99:fa:6d:32:
d9:26:60:87:01:87:f5:24:85:9a:04:f2:55:15:96:d2:59:8e:
76:be:c7:18:6d:53:52:bf:e6:23:35:9e:43:2f:59:21:ca:4d:
67:e6:b8:f4:82:2e:e9:85:7d:fd:47:31:94:5e:ff:2c:5a:1a:
09:da:3d:00:df:63:37:ec:ad:2e:c5:a7:bc:0c:28:d3:ca:19:
e6:b6:e2:99:a3:c8:da:53:4a:1b:da:19:a6:74:b9:26:65:f6:
d6:16:cf:a4:7b:cd:60:80:af:24:3a:7d:d1:0b:7b:de:bc:33:
67:69:5c:d2
-----BEGIN CERTIFICATE-----
MIIDgDCCAmigAwIBAgIUZ/wBn0Onu8xBjr9Blanp+z6gifMwDQYJKoZIhvcNAQEL
BQAwTTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMRAwDgYDVQQHDAdCb3VsZGVy
MQ0wCwYDVQQKDARIZWxtMRAwDgYDVQQDDAdoZWxtLnNoMB4XDTIzMTEwNjEwNDUz
MFoXDTMzMTEwMzEwNDUzMFowTTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNPMRAw
DgYDVQQHDAdCb3VsZGVyMQ0wCwYDVQQKDARIZWxtMRAwDgYDVQQDDAdoZWxtLnNo
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIlVDQvx2ubAcH3TJ824
qIGLfKSJ5dGxeAEd30SIC/zWgTU90Ttej7uTs34o2+3/oBM6cKP+lGsL/vtjALDL
3IHNgNzQL7+yT5qB1CLcl8iPJ4ZZkfqSBXXEzGv1qWt0HvXbqfi/jKIl/aDMefQl
V3SpI5vityJ6FHo96vF+MmtXbC7GT3VU+WtU0srrVByvORWb0HwP+FVRBOra+nuL
Yw+sObH2S45O9urpe+a6XlqOke/csX1SP3ODUkaDSEn/8i3KVPI2u0nMWZnAns+O
eFVs7X1+g7hZLH34GoHwffUn8tuu1DFUOP5Hsu4WIA/x2y0ov2846xG7mtSyWjpK
fwIDAQABo1gwVjAUBgNVHREEDTALgglsb2NhbGhvc3QwHQYDVR0OBBYEFGJIC9Dx
TqRFaQga23jnbBnEUoi2MB8GA1UdIwQYMBaAFInABcQyF2mbkXaXNw9uucznHgQ0
MA0GCSqGSIb3DQEBCwUAA4IBAQBB/sBBlzRVYb9kkhCbd2bfWre9/46DFQebepAx
hiyuZGikwHtlOZtKYKqF81XkfQQMn3GR7vucwjZ0aM52sLsiwMNXdkpp+5Czqb6X
c00HIDTjNpS6w76g9eNIAFc8EQ2AzI2n/KZbRIAw9Uax6v8vHs+IVz+K+hbyLbad
0SO63yoF5QnTqd5HMQsylZn6bTLZJmCHAYf1JIWaBPJVFZbSWY52vscYbVNSv+Yj
NZ5DL1khyk1n5rj0gi7phX39RzGUXv8sWhoJ2j0A32M37K0uxae8DCjTyhnmtuKZ
o8jaU0ob2hmmdLkmZfbWFs+ke81ggK8kOn3RC3vevDNnaVzS
-----END CERTIFICATE-----

18
testdata/openssl.conf vendored
Unescape View File

@ -11,7 +11,9 @@ certificate = ./rootca.crt
default_days = 3650
default_md = sha256
policy = policy_anything
copy_extensions = copyall
copy_extensions = copy
# don't make subjects unique, as we generate two certificates using the same subject line
unique_subject = no
[policy_anything]
countryName = optional
@ -29,18 +31,18 @@ req_extensions = v3_req
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = CO
localityName = Locality Name (eg, city)
localityName_default = Boulder
organizationName = Organization Name (eg, company)
organizationName_default = Helm
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = helm.sh
[ v3_req ]
subjectAltName = @alternate_names
[alternate_names]
DNS.1 = helm.sh
IP.1 = 127.0.0.1
# # Used to generate localhost-crt.pem
# [alternate_names]
# DNS.1 = localhost
# This is now set in generate.sh as we want to generate two certs from this config
# using different alternate_names
Write Preview
Loading…
Cancel
Save