From 1c97fa5b89acc529221987ee9501dcbaa1b7fa6c Mon Sep 17 00:00:00 2001 From: Michael Lumish Date: Wed, 17 Sep 2025 13:43:49 -0700 Subject: [PATCH] Add TLS examples --- examples/data/x509/README.md | 6 ++ examples/data/x509/ca_cert.pem | 35 +++++++++++ examples/data/x509/ca_key.pem | 52 ++++++++++++++++ examples/data/x509/client_ca_cert.pem | 35 +++++++++++ examples/data/x509/client_ca_key.pem | 52 ++++++++++++++++ examples/data/x509/client_cert.pem | 32 ++++++++++ examples/data/x509/client_key.pem | 52 ++++++++++++++++ examples/data/x509/create.sh | 69 ++++++++++++++++++++++ examples/data/x509/openssl.cnf | 28 +++++++++ examples/data/x509/server_cert.pem | 32 ++++++++++ examples/data/x509/server_key.pem | 52 ++++++++++++++++ examples/data/x509/x509/README.md | 6 ++ examples/data/x509/x509/ca_cert.pem | 34 +++++++++++ examples/data/x509/x509/ca_key.pem | 52 ++++++++++++++++ examples/data/x509/x509/client_ca_cert.pem | 34 +++++++++++ examples/data/x509/x509/client_ca_key.pem | 52 ++++++++++++++++ examples/data/x509/x509/client_cert.pem | 32 ++++++++++ examples/data/x509/x509/client_key.pem | 51 ++++++++++++++++ examples/data/x509/x509/create.sh | 69 ++++++++++++++++++++++ examples/data/x509/x509/openssl.cnf | 28 +++++++++ examples/data/x509/x509/server_cert.pem | 32 ++++++++++ examples/data/x509/x509/server_key.pem | 51 ++++++++++++++++ examples/encryption/README.md | 48 +++++++++++++++ examples/encryption/TLS/client.js | 64 ++++++++++++++++++++ examples/encryption/TLS/server.js | 61 +++++++++++++++++++ examples/encryption/mTLS/client.js | 66 +++++++++++++++++++++ examples/encryption/mTLS/server.js | 62 +++++++++++++++++++ 27 files changed, 1187 insertions(+) create mode 100644 examples/data/x509/README.md create mode 100644 examples/data/x509/ca_cert.pem create mode 100644 examples/data/x509/ca_key.pem create mode 100644 examples/data/x509/client_ca_cert.pem create mode 100644 examples/data/x509/client_ca_key.pem create mode 100644 examples/data/x509/client_cert.pem create mode 100644 examples/data/x509/client_key.pem create mode 100755 examples/data/x509/create.sh create mode 100644 examples/data/x509/openssl.cnf create mode 100644 examples/data/x509/server_cert.pem create mode 100644 examples/data/x509/server_key.pem create mode 100644 examples/data/x509/x509/README.md create mode 100644 examples/data/x509/x509/ca_cert.pem create mode 100644 examples/data/x509/x509/ca_key.pem create mode 100644 examples/data/x509/x509/client_ca_cert.pem create mode 100644 examples/data/x509/x509/client_ca_key.pem create mode 100644 examples/data/x509/x509/client_cert.pem create mode 100644 examples/data/x509/x509/client_key.pem create mode 100755 examples/data/x509/x509/create.sh create mode 100644 examples/data/x509/x509/openssl.cnf create mode 100644 examples/data/x509/x509/server_cert.pem create mode 100644 examples/data/x509/x509/server_key.pem create mode 100644 examples/encryption/README.md create mode 100644 examples/encryption/TLS/client.js create mode 100644 examples/encryption/TLS/server.js create mode 100644 examples/encryption/mTLS/client.js create mode 100644 examples/encryption/mTLS/server.js diff --git a/examples/data/x509/README.md b/examples/data/x509/README.md new file mode 100644 index 000000000..3b9a05dac --- /dev/null +++ b/examples/data/x509/README.md @@ -0,0 +1,6 @@ +This directory contains x509 certificates and associated private keys used in +examples. + +How were these test certs/keys generated ? +------------------------------------------ +Run `./create.sh` diff --git a/examples/data/x509/ca_cert.pem b/examples/data/x509/ca_cert.pem new file mode 100644 index 000000000..e3335bfd1 --- /dev/null +++ b/examples/data/x509/ca_cert.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGAjCCA+qgAwIBAgIUIPV2ERZ/WS8Fl2Ab+ZPlT/iNSfUwDQYJKoZIhvcNAQEL +BQAwUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRlc3Qtc2VydmVyX2NhMB4XDTI1MDkxNzE3 +MDkwNFoXDTM1MDkxNTE3MDkwNFowUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNB +MQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRlc3Qtc2Vy +dmVyX2NhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyBG+PaCnirTV +AdUhttmGPcSxxWknq+v5eHc5Niyqb889RH021lCOYxn8/wvvhBF9+2WtJeQDrW0I +apRl6HcdzDQ4pOwE7QLC1fY6IAr6icz1i5AMDJxNjvWBxO0FRgthqFM4awMYO8Mi +Z5Fqx0qAQc1iOlfqvdkWYeZBF4OP2+81G6gan6sWotu/o16ZPo2NvFPuY+o0LNIm +3Ji33ugyfXjA3x04QqB86/eYQR934xHU0/Ju5Tn+AT35UcsZFzJuHpV37qADt3Sg ++RyDkY/JdoQmlzeN6Lund84ZGvJk0Tc5LSPwYbLQC9pU5leQxmo6ph3HdtAKdZK+ +u2pGqt2e4/Xj2sRT2UROzWMH3DICAELSbuhaoTyHtZ7EJ3I4imPWki42aBFulklu +EWU1kV4uAFcm443DNFRuTqMpM8XRmOqb0UIzzGD5IJF4ia53QLhoqR0dO5+PnMnP +5pft17DcXnQ8e1mNzMp0JXNQ0GqSA09mo9SaYdoy2ECp53bJcj96/Ea8gBUiYT+F +X2ZmBySSpGh15/Mfgn40JWVEkywMbh3G8TYoQNUv22cXeXBvdZqtwxFIpI4Q5fQd +wSyvHcWIH1DbVOycKN3FVZ67n72oWA2THKmpSpoUWE0vw61Psgyx+WVbscHofN+b +gdAJ773nlbbdoFMG+iLw4Av6ssab7l8CAwEAAaOB0zCB0DAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBQNs6EYijW5kEZkMu0Oy+F4p8ncMTCBjQYDVR0jBIGFMIGC +gBQNs6EYijW5kEZkMu0Oy+F4p8ncMaFUpFIwUDELMAkGA1UEBhMCVVMxCzAJBgNV +BAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRl +c3Qtc2VydmVyX2NhghQg9XYRFn9ZLwWXYBv5k+VP+I1J9TAOBgNVHQ8BAf8EBAMC +AgQwDQYJKoZIhvcNAQELBQADggIBACjqjFPBf1uElwi3iG/5Z5HsDteu5tkUtjLH +vHeqEpgezNUnrMCsIdTQMDxVsRuYI9EErs9yEr+zFRdDFsuXRtcuV2abn/W4MEB1 +9U+9ixuKz/dAmJbNPwQJrg/fQeMqNH/9Q/e/LhwygZw77f3Hv2VL5XRbU3Pi7dT8 +/An3GdjIzYet5xYXgyZtHBSuzCK55+hvH+gmSbJeodwhp1l1qsuz7YvT77K67ftY +0p9u4nEl1mfbgOt0Kf1/huDjpW82vcO2K890gsvnpxLa3Id4FY78x4wYXkHKGsrJ +zc6SAYnFmuSaofc5hTea5/ixsMYAavrtL36r7EKxxoZuxNBttGIlkwYSOa8p68hb +u7eRrc5ea/UGVKkIGZLXzFjFKlVl8zeEbm4xFV9Q7M8Qiv3Q8cEODapS/ka5ZM26 +xEggUiM6yu3im027e3n4gb5SKOzYGh8g9O+pBYo6KET/UawkV0+jml3IBhpPE1oJ +YDc7m8IS+JDaa7ogSekF2S90d5HEXgltQ6rBg5rMxyT4cYWp8oFxWBMfT99wyc4W +X+7YzOKyiLXFxyv058/txLfdF8iDzK6i1gAZyAswJ6z4gXzz10Wwd1e2PEto6bP7 +0nkALQmRZ0jXiDKyJVe8tpghDWhdutzzCRyBJ59qbyInCOYbJHFpMA6ceSUdBTFM +QBn8XBLE +-----END CERTIFICATE----- diff --git a/examples/data/x509/ca_key.pem b/examples/data/x509/ca_key.pem new file mode 100644 index 000000000..8f7d4a854 --- /dev/null +++ b/examples/data/x509/ca_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDIEb49oKeKtNUB +1SG22YY9xLHFaSer6/l4dzk2LKpvzz1EfTbWUI5jGfz/C++EEX37Za0l5AOtbQhq +lGXodx3MNDik7ATtAsLV9jogCvqJzPWLkAwMnE2O9YHE7QVGC2GoUzhrAxg7wyJn +kWrHSoBBzWI6V+q92RZh5kEXg4/b7zUbqBqfqxai27+jXpk+jY28U+5j6jQs0ibc +mLfe6DJ9eMDfHThCoHzr95hBH3fjEdTT8m7lOf4BPflRyxkXMm4elXfuoAO3dKD5 +HIORj8l2hCaXN43ou6d3zhka8mTRNzktI/BhstAL2lTmV5DGajqmHcd20Ap1kr67 +akaq3Z7j9ePaxFPZRE7NYwfcMgIAQtJu6FqhPIe1nsQncjiKY9aSLjZoEW6WSW4R +ZTWRXi4AVybjjcM0VG5OoykzxdGY6pvRQjPMYPkgkXiJrndAuGipHR07n4+cyc/m +l+3XsNxedDx7WY3MynQlc1DQapIDT2aj1Jph2jLYQKnndslyP3r8RryAFSJhP4Vf +ZmYHJJKkaHXn8x+CfjQlZUSTLAxuHcbxNihA1S/bZxd5cG91mq3DEUikjhDl9B3B +LK8dxYgfUNtU7Jwo3cVVnrufvahYDZMcqalKmhRYTS/DrU+yDLH5ZVuxweh835uB +0AnvveeVtt2gUwb6IvDgC/qyxpvuXwIDAQABAoIB/z6nIYYLwURdWEzMJyR2D+qE +c1WTJyhlBR4TTB12wj4WI0BvjWJigGjKJiQ0nGSsAALTpjN25p7AGhhdcD+Qh4uZ +k/g/8rEzluFiyDjNsEF9EPsZjrzXLZ3mZEKwWBCPIFmUoHpdu614y5INXigBHz1H +0zZaPnclDqJb7VlF8dARNVbyAOz6UHL746jII+J5pUB/XUbFQChXpdhWjTs2kvc2 +3fSCBfq5ldF/+CIvgtzXDcS4FQSK0Qx26bwnP82eX9cWL6SzA9W7A+MLFtXNFFyu +qqsIVTQly6BM0QUHB0p3X4bKzRAn4mg8UMb9kmZZHiESjhjrq8EXDsGdqwKOviGj +xvRw4bxNoGuF0/rMrhNdxBo2C9dOmpe1ZER7rsFf5FJBTREpEmxl7d97dBVbkE2Y +BlZHlrP9/S80dEZHi50bmWnQ4VdyE7RNa6mXMfNKGH0sPXh08d+ooEedMbWy+v2r +myIQqZjvbVYswIihNVIFjOVsUS6UK5W4oXwGbGOnKhXzN13jQf1CUdwk5d9ID485 +P1hX30WAnQeaAF2zDwJwMv5VNViqavdjtXjHssJcYLo6L10YpebKTqg8k1pKEa8d +21ySdKXSMB5Tvrw6oBAgdMWSna+3Gqmx2XebCG4uqrQNWlJZ3qRlumTqO5WDINtQ +kwq2wG1Wqf8JkKI7zrECggEBAPuY/IlN7dzzvWEAKlKYK/+oEKH5BFMCgUz6xruL +0N/yEyb7LEjuwPbUYJBBJ3wKzi6W9NQpe3KuMEjrsWw0ywCJhIrlSlTD4tEI+L+b +Cc1lzeHvBzSsac+ei10VvGMLASlz2CUwpg8btQwpjkJhwRJFUhp4flSxUIX5KlBl +t3MXB9lWuzJn5OwE1EB+SbPx/+bE8YeiO3Yrtuw01x04/FiHt/VXZpHbBFrvCw5b +jo4lV1DS5WoqWSYYKUWV0A1BUh/RUETz9tSCluuKiMR5ztjuyp6x5+2UFUh23UbW +Wf0V/sixAM0U8yzxJ6qWYXB+nVNZ/l4KiAWW50SBMNl8RBMCggEBAMuR8HhbMSXz +0QjMJ9pdcgblm8+d4qjGSJXV2tRKPQmsgplyPYyj+wshNomhNkSbdnuG0yoOwSpa +jZva7IWbv76YKscuwIl5lvAkAitaiwCACR5Df9EffsShO6ENCpkzk3t3jbAhC5WS +bV9/K5vuop1ZgVtR9/2to4CdydIh6JA45yFsn8oOPO704U8Sz4raYKunDApy6F/k +yf2K4EKGvVVzJLFSdqjadKmlR9MkSbYVD5bWEX/OdDutCNM5VlWdX9BciiV5vGh5 +muNnwMEvzPZu9HsJk/Hd3XLgvaHIC6hJSrBfhaSw77yUjZ+8GvyZGMSueSmrHyMj +wNmYnBjGPgUCggEBAPNf2rFq67O3JzMEuOvqfW0xgt1bh15Q5wiy8LiMmAF5JiOo +Bf+KzKg3ai1AiVRJE4cnyS7N7bdSXiy7qYW1T8V2QPsmr49taSOxnQWjkIjaeJyb +3omKWlRW1hK2KuRXycjyYVwgQhINSEW6kP0PmHb3DWPDuNhuKSlfjBn3Osyes53+ +cthgfaX9SeAVCXCCoHr3eXgta3107d5xgsCm1htBNaai4/olNYJNB5Hc6PoBjwQE +7ZyT2GasKohAUd/wluNmU1JP+C07IYg5GvGLrpZT7zYxe9tqSmgtawDR6nyR4UL7 +TX4UTOLlZ+xwyVLLd54gSJlpcIiPn6i5m6pVtXcCggEAVjDAQ/U4Zf1JcBQge5A9 +CzaENe9/XD431Vjqgh+8oC/uS9HWxYlYbWnukW80bu/zxnFbTt9YYfpdIrQamKdN +FAGReywMUSiuA5b7ZCe92sRbF/k0UPKo1c/+Uz4WUq9Hrmr8DqqvIPESZfCOIkNz +jnOrFWMrQLkYFQi5vsKkmQu+sKQxM3e7zODZ1IT+Yqf7bjIYIwRr5s4Tx8nZEdHC +sD9ENd/YZb24z2svcfJXU0SviQmx9w8On4Wvyt7n8u/i9XF4/E0CvKlgLxBqyGDY +wy5PTRjNDwcFD/Kf17O/W81MVkjbaNORbaLoI82dD34ywnOs0Tumv1YP/RFkZgjp +kQKCAQAkocVT/fzx7pqCD8Sbqj8UmwonWY1gAXjtVMEbShIsvd6tC17Zt8zaASF0 +9MTPOxj9a9wHRZMIKJyJSCfxy0iAPxBbPsIzmbrWdSjrd8MHY0Yo/C81g16tQLvd +jk2Q/Stbz+pFD79KZs/euS+4CTuLAEw5dVm5URitc3HKFJND4rRHx0t6XOqIGUdu +1VCiCLQEUntAAn89TDDQ61uW8hmVSnjRMmkgkeu0vtjCBa4wilayALjApY4p04Cy +wiLKmDQf8R0DvzqK/Gqk1CMtTbvcMQwbH8wwTvSXYCBj3rg5hNVAf2ddIzY9mVRl +rjzlPgeLBZae1+7UCXeioQniof5q +-----END PRIVATE KEY----- diff --git a/examples/data/x509/client_ca_cert.pem b/examples/data/x509/client_ca_cert.pem new file mode 100644 index 000000000..0d99b6f1c --- /dev/null +++ b/examples/data/x509/client_ca_cert.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGAjCCA+qgAwIBAgIURGfUPy0ORjQXQL1XjhKGh9t9CEUwDQYJKoZIhvcNAQEL +BQAwUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRlc3QtY2xpZW50X2NhMB4XDTI1MDkxNzE3 +MDkwNFoXDTM1MDkxNTE3MDkwNFowUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNB +MQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRlc3QtY2xp +ZW50X2NhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwh9DwaR9Eyuq +9V706Hgthxmm19Sh1Pxet5I+cZ3CRclgt2hwHEbuSs+R/Vbwq+OyiCv18LXgOzfS +VPP+xgklxSeRTT5hvplC08g+BvLwC6TVaeaQiDDfft5uVt2XUjZ35wzE/grIS+eW +ej7osM9h6JZ3QDTLUi3VwU02GIMC6GMa42gy1Qosz5oln1e3qzAPuCLHce1cFg9W +ZOVDcJ03bQFFLZACSu46UZ2310PNsjbb2h52nWrvbS8ut4r7REu24EhzsQ94NHRY +NNUTVKGuIv7pO3ZPRVCcHvnfGJEkjuc2MKUMIo5W9TLxbOXFJRSh1Md74QeSw+9K +4OCbtLz4odfJXQ/gtOvHJoKubUQ27CJcr5pbj+Vm1IA/bNYP9GDd5KjtJvupbcy+ +EfdeTYUWJ+TKLLwl8WqSUCm/Sl1+XqKYBThX6BexJKfuMkMTSmjUKr+vYVlq/gE0 +hy9agPXU4C/jEYL23KEuAoITyTW0QmXCEAJBsdW9YurxXMyT6MVeKJS3gVsXLS5d +FoP0WMILIoqdyBX7S26MIXbl1E+Bwt7oc9h7Tkh2EZ5NGQUUxAm1lPQ/JlGONMZg +HH7VmxTpWM9AeiskYKJ2a03i7omcnKi3j9PflTSMxUk2/Dkhl+5cT1vPsMceVu6K +WSWWCg/+NqLyQYMyElXivmh6Rv+/+qECAwEAAaOB0zCB0DAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBQ6JhLgDsFLcVRm388mhm+vMyuNLDCBjQYDVR0jBIGFMIGC +gBQ6JhLgDsFLcVRm388mhm+vMyuNLKFUpFIwUDELMAkGA1UEBhMCVVMxCzAJBgNV +BAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRl +c3QtY2xpZW50X2NhghREZ9Q/LQ5GNBdAvVeOEoaH230IRTAOBgNVHQ8BAf8EBAMC +AgQwDQYJKoZIhvcNAQELBQADggIBAIy307WBMjb1nuro4G09qzoS0AwjPqhHUIbk +lxmN0QYmd4Y2TrdqALiwP1ocwupmYCVFCRiSwzrs17GaZ2YopMrPo7M+XoLU44dY +FPmsV+y/2El4IlKh8HUr2VO7VJX2Ev6lWnsotTnsNoQMCSvJBdBWTZwfEpsnNoiB +iLOcZaD9tdNzwzBc+bkqJ0x812KmLbxaPboM6HFH6ObEnK0IkrhuoPTnuvMilie5 +LOjO2vVgdkznUtKzKD8JoPb1oT8voqmMlXhT8cwMrXi2Kbh7k1Iur16ak9vPI0Ua +DqIwlni8cpCWuHZYNrwHVdQREgUC+pvsrkNE4g/tHMGXhkg/p4RszmQ2RAt5f17g +iPZ1G+unoCLkQyNJ/Ghtv7iaZyrzQ0b9Ib9MERkxu6DYRPjgKe3oWRRXVzxqg9uz +45dauNEpHBfArrcT0cNm2bm6xCTWoZJL1Pb8GJHJ8/0j4JmdyYEjsDloI8+QL4CO +Hs656/zGNLBRj0idR3Nq9OmbW1bgQwmblTiyTL2iAb01u0O64avmIQDZDiWblqvk +qZcnt6/6wK/2SMDwrb/trjKKIGyz8mlmRA+kZF97oBhlfEDpwBEilv0UR+nQdvEE +rjgaxZkaPodMXRvi8v+TPn5QdjxW83iB3LSFlsGb/oBFBDXjmmqg+TUdktmH9P4S +x+6k0BbS +-----END CERTIFICATE----- diff --git a/examples/data/x509/client_ca_key.pem b/examples/data/x509/client_ca_key.pem new file mode 100644 index 000000000..bd2068fb3 --- /dev/null +++ b/examples/data/x509/client_ca_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDCH0PBpH0TK6r1 +XvToeC2HGabX1KHU/F63kj5xncJFyWC3aHAcRu5Kz5H9VvCr47KIK/XwteA7N9JU +8/7GCSXFJ5FNPmG+mULTyD4G8vALpNVp5pCIMN9+3m5W3ZdSNnfnDMT+CshL55Z6 +Puiwz2HolndANMtSLdXBTTYYgwLoYxrjaDLVCizPmiWfV7erMA+4Isdx7VwWD1Zk +5UNwnTdtAUUtkAJK7jpRnbfXQ82yNtvaHnadau9tLy63ivtES7bgSHOxD3g0dFg0 +1RNUoa4i/uk7dk9FUJwe+d8YkSSO5zYwpQwijlb1MvFs5cUlFKHUx3vhB5LD70rg +4Ju0vPih18ldD+C068cmgq5tRDbsIlyvmluP5WbUgD9s1g/0YN3kqO0m+6ltzL4R +915NhRYn5MosvCXxapJQKb9KXX5eopgFOFfoF7Ekp+4yQxNKaNQqv69hWWr+ATSH +L1qA9dTgL+MRgvbcoS4CghPJNbRCZcIQAkGx1b1i6vFczJPoxV4olLeBWxctLl0W +g/RYwgsiip3IFftLbowhduXUT4HC3uhz2HtOSHYRnk0ZBRTECbWU9D8mUY40xmAc +ftWbFOlYz0B6KyRgonZrTeLuiZycqLeP09+VNIzFSTb8OSGX7lxPW8+wxx5W7opZ +JZYKD/42ovJBgzISVeK+aHpG/7/6oQIDAQABAoICABWJcHQActv4oUv90AAmrS5q ++ybA8X92zG9ja0ghr5ccg311udJ5UCC+rLzFs4fuiDUxY2TkWM9ZHx3LwD1qcGVS +QX2naSLDUDW85pzQwS8Zh4/rQ6fIfFNQDD/Y79vwLRdWRFjHC3fYZsqDRj+vknZC +k1JtSQ2CBlAe59yKVH1B2Y7XVaRrL5OMz5XBHqCAgY31Vdle8zODWhtxkCzjVG3k +kS8/5fE4QwIhFG9ul1ipW3T0okZOweeEL5OveLcYC18Qyr0fMT/olIywAygFlBNP +4sJ1GtBe5CNPp5/LIpo0Lr/w38rJrf4gO8bQKzI0+stnomfR9keEufL/GGdR++eO +5tn47F6RcQwjyElwDj2py26RtB42H7OJytbLTtprv9hk1ujda/eG+WIshRGvCEJp +bhEVv/bB4CV6eaCk5x6u0fvf9Ggdl8LLLYX+G4B79EGyDj/TzGrB1km5Bn8KiROE +KIawdtOX4cbU1ZwnDufAXpJc8A5M7BdhH/LKfIXzt9Ngw/KHmBf7qGYMViSiJeq4 +IdDTdPDzGpK44wG1nyRGahV9gx4bDu3dD6LNZV3LDWYUZ7lYkiWNsvTbIw5rI8k8 +o2DwMsFn8Yy9ZcozcTxySMT04SnQw7FhM1zZs9LC/iEQzIxfnljtZ4qLuZWUnYi7 +3gW4yK2QQPX0D4WCCvZdAoIBAQD+9DkFL24CPIn/gGNv95QCiqEDAQrriZSsCYIX +yE8zOxfODtVHxJOBxGH4iTOgBju0eiNDYc/MQEVL9HBei0LhwR3/d4s9UQXKQKdI +xXbqPztnfJS4oJj00HT5bDltaJ/rUmbW4QRTDEvrXAPb/zyj2Fl4QwNlasDHqxvQ +l8fR4raHJpNCeOWwdOBTQ0c8WqR5m/nuvt7iEljhA6stFmGO2P6sdVAxxKWCJZ5s +XRkWdP6Ucu2p8RDHO1pF0HGDgjxF8AfR4Zixz2wueTedUvOxcBuQWOP75HZVnDJq +1CtIL+195MWqVbw28LLfedRtjclFReMUhZBM/haIkdkoUA2fAoIBAQDC6yaDqAj8 +x1xMYW9Snx7x1ca5520hpxxbU7fBoxdEcQu2hdDUFI/USoVKhZfv6ItFYrbqIqXd +3/13Hv7OH7tj3ayIMOG6uj2I2YweDuxV49lmEo12bSS2ujTPOGQD7f32VKRMwhUM +xZ5GATdL3kIYTYnFcnAn66xpOM6lv6AUevMAGua38wpqADvwQO5NuVWcPL7c/WMB +dGccz7nIkq0hyLE3aNX66ZUXxVKiScab9sk41DjtEAVn8OCRrYtesg6LMZ56yj3U +B4yOege3z9fPWGGClIEzHKG67aG8iKDnoSqXnsGzl0IbQjGVgB6999OGxSKDtuHW +zvXKPPG/Vo+/AoIBAEFvBMNj7OP+DZzZoqu16vLMCY7v0ZGp+dI9jnn0Gv+XBwEH +pY2J0iHX+R0EeY90ihZD0pEUpXRSenaIAd8B9uRh4AUU9VODW+0Qst5mb6KnH+Pr +gW/xJ9CNP7hUIlkGJSUMPQChN67o1QNO1l68HyAeArhu2oxI3blhHP5oNgyUFyyQ +pfLFfI3RMVGtTrcavGPJuFeh/Sogc1cszd4AhIFZB+PTKAXd5myEoyhErI+q7zvC +U2TuTdQUU5LfcILEBhwdAqTHNZ1NEwLKcY+bHphHoYtmhPy9IfHO6NGqKoGYa2eI +M4MIBgpDtGTOq8qCPUneKe22adaYz8e1RvqlsRkCggEAU+8opZbtT9SVVTq70ks8 +6wyQR6t1XgF0/4q8XUDamxlG3vEerMSx7susPBvtAl0T4+wPMiF7ZWC359zMAny9 +l9J0Ii1SdrMOHmj3olXwxUeZbQ/eJLn5Dkp+xSDWSK7qJnHqUjddEyPh9Ok/I4dw +1MBG7GRMEZS1qJXSvqMWztrm2wu6gEnDGURCi0GanJOLXvz1f3oJcS3r3QdCTDGF +JkAit+aIBkUhc5v/6mx0fuK1YahZXxQAD/M08OZXVo68HopeYSfHmg8qIow/2JJC +r0Gys6U5QYY5yqHbfLElALlw+ttdM/WVfOFzMpp6Inmed7FaHHfbJkH2q4C05Rzk +RwKCAQEAgdErs3lLSdgC2dSu4BtrVww7S9raDsUVG0UHGd5b34UhaovJwuwV50l1 +VIVyqLbObfij04j/Xx8WcRjNA5jkhS3GlzaD9Jt3ZXbxh+neXXlRi71OhFhS4hFk +yE7f+u9lZjfmrWALbSYHAYZ0EXccZ87GXnx10ZurUYCvGPQL2yeLjswKkzLFbqrk +MRymUse9r9nG5QFYY7lF+MCwN7uxlCEg6CEHR7g1slJuNjVdXrorKdQy/cPGWlc3 +OUQ4+iW8M8dOWapQt1Njz6ilCVUEaQnhiSX5/sK63Flmmbi1g4CWq5TgGnUf4NKg +qexnJsLQLNgIy+am0ldF2ZffQgZI7w== +-----END PRIVATE KEY----- diff --git a/examples/data/x509/client_cert.pem b/examples/data/x509/client_cert.pem new file mode 100644 index 000000000..460bbbe08 --- /dev/null +++ b/examples/data/x509/client_cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFkjCCA3qgAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNV +BAMMDnRlc3QtY2xpZW50X2NhMB4XDTI1MDkxNzE3MDkwNVoXDTM1MDkxNTE3MDkw +NVowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAPikucha+hzH8Ggx6PVIzHnG0Oo6aOyDzvZr6jy4 +jofYEsyo7iyXgYovATtSsJ6WfL18LEotk+8F/uHjKbmaEFPlBtx3k5I5MMGeWuR5 +b1rFqcVV4PjYJ7Nrw4XFTUgDEYjnq/mG54q1yc07/WoOQF0GBnffdBfJNk/89XdN +JRTKs383eVjrReR3vOFzL8wEw3G4fG8TDLf69wCCotGgZmcBqcsQGrVi5NWiYgyN +Gy5oHy28s4Og9gaMFZPIlOnPAVR3Z4CAIvwK9KwhYG/CXpB15SkQ4htZ2dUaumFy +tK9KPUGLp/4rQNy+5GNPzvY4dL0Yh4txcMH+DJFQamJU0RpNGe0JEIkgQy4nBuKh +19jP3+lV/6relvJxqgcp69oHlYaeSfoyMMzaPvfWIA/KPyQO/HUTwytVM1hmVVZD +YB3knM37dy6Q2m5htA8+QJ8eOnq/7QZy3Z7SekCZblATv+SghjDxT6idWsfpLMxS +qO2E3UxxVYtbSjdAYsbXV+MxaUkUckSOiq5zYXvUjcopQ+Bfpn0bA6aUSonqtJl1 +jbBf19thQD2kJFrYUBgyYjLNnA4obSfqJRIOhlMHWUoQg55S4mvqg2G+ic5I2NWa +g+w57DmHj5ywV4wSk7d81CLYHkTkI0hSGRXtlShEZqcHrmAYC5ZMZLBcANkHkk/3 +bQ+9AgMBAAGjeDB2MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOXgJmPdd9x77it2 +HeHf3ikgOGYWMA4GA1UdDwEB/wQEAwIF4DAWBgNVHSUBAf8EDDAKBggrBgEFBQcD +AjAfBgNVHSMEGDAWgBQ6JhLgDsFLcVRm388mhm+vMyuNLDANBgkqhkiG9w0BAQsF +AAOCAgEATg8Mr8F5zRShU0NamUuclvW8cmXxTv7hhPGgknKd1Jn3ZkYEyJZDFoFW +fJlcYwVYNdWxle+NwTQEGpjYhW9cH95qlRyTL/KzFdOZAY8AbjDN2osHGdRpWHKZ +KbjJgI8F+0rFxoTYlUPM/WSChHbiwKAQJmKKMYrUZ9DqRqK775z2Aanej5OC54hP +0c/O+3enwsx2evzbD2SJqQg1eWfPmhkLciVOD1+nfxeB3v/U7+lRcGaIjOrXX3Hw +IQ0sJkcdMOIcMCrTpDhF6QzGZXlCMBzy8+/Tn6uZTuxzCINvHd+CHKRE6OWxXTw7 +pN2V4i01xO6lC9VvYKjbwKANtUYbgpNs8UHvbSMXetdls5GgREFUuXLCTyBoramd ++isRO1To4PH0S5WKN16+w6OVUbD9OMtrHT2bGPpBRSnNR+mAT3I0ziFEFoo9jwoe +CyAhIQn0HeCrDC5kNpon7O1ju1ew/b2/7xGZ5mD4J0mlU2mh/KCUqqqQPed1TLi9 +j0pj2mYlTYVM/UFaPBolZK4Qg7JgJWvMfuMJvCEFpr90trWlxl23eGAUlq2HtwMA +7m7euYRUNp0YTzhJU9grxq2bxjyQIaV02xKDPpEJED1byiXOdHc1L+WKPCbS6534 +QmnOTy5duo6peNcIZDA8uhl4MkFpCsl9fUiWLPMLBfkf4GVC5xE= +-----END CERTIFICATE----- diff --git a/examples/data/x509/client_key.pem b/examples/data/x509/client_key.pem new file mode 100644 index 000000000..1e92af6f9 --- /dev/null +++ b/examples/data/x509/client_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQD4pLnIWvocx/Bo +Mej1SMx5xtDqOmjsg872a+o8uI6H2BLMqO4sl4GKLwE7UrCelny9fCxKLZPvBf7h +4ym5mhBT5Qbcd5OSOTDBnlrkeW9axanFVeD42Ceza8OFxU1IAxGI56v5hueKtcnN +O/1qDkBdBgZ333QXyTZP/PV3TSUUyrN/N3lY60Xkd7zhcy/MBMNxuHxvEwy3+vcA +gqLRoGZnAanLEBq1YuTVomIMjRsuaB8tvLODoPYGjBWTyJTpzwFUd2eAgCL8CvSs +IWBvwl6QdeUpEOIbWdnVGrphcrSvSj1Bi6f+K0DcvuRjT872OHS9GIeLcXDB/gyR +UGpiVNEaTRntCRCJIEMuJwbiodfYz9/pVf+q3pbycaoHKevaB5WGnkn6MjDM2j73 +1iAPyj8kDvx1E8MrVTNYZlVWQ2Ad5JzN+3cukNpuYbQPPkCfHjp6v+0Gct2e0npA +mW5QE7/koIYw8U+onVrH6SzMUqjthN1McVWLW0o3QGLG11fjMWlJFHJEjoquc2F7 +1I3KKUPgX6Z9GwOmlEqJ6rSZdY2wX9fbYUA9pCRa2FAYMmIyzZwOKG0n6iUSDoZT +B1lKEIOeUuJr6oNhvonOSNjVmoPsOew5h4+csFeMEpO3fNQi2B5E5CNIUhkV7ZUo +RGanB65gGAuWTGSwXADZB5JP920PvQIDAQABAoICADrTNgT5ySyf/PeZv0SwuXei +GvEfao1yTbetJljBTS9EZoY2/Updec9IeaEgWhra/Z4Sz6OpDtPA9mFYzhlUIsLG +b44fWDGDCE72eQiO1lKCazz9qWEWOqZPO43ddQAxgaeDMAOz7/m4Mos0wyqhPocD +kuovWpb6Crh331cfUEOQBVF2vWXVG88GqRApoUhCZD72Z7IbrqmkXWWogn7X1QJP +uW0KXVdGk18bsNjJVYHwLlgyycG9hhdccwporRp32Be0vC8BocVBjktfBiLKuHay +/clubiAMbOXnEetWKPtDtCRatx8B+rF/FCeOzSchijTmpcLOzt+GjFCg1tp2uJVq +AFzPYPDrlSSa1tHSqHVfkNqrP0VP5Ho2kN2jKN6uy8ZcehrN36LHQfHUnKFVED81 +PJhss4PtfSzih8JmO5yY3BI24biV/5QiVS0pGb612HULPSQUrEd8rdKDs8ZS2qQI +vY53BwtJgsFLm8Z3q4T7ZFjOdRbjZz9YxbGZdDhV1CFOo7KLUA8kteK7KwqdH+Nq +h7BDoC12u6Im8KFAPk6nOteDnAwBnf7vBZPywZNIL2a6xle4Dj8yTikahaTuiQDR +bCzcQNC7FDcFM4Biw/Vkzc5VXgk4uc85Gz9sLd+eoEXv2gfRfaWk5Ll4I7HjisPQ +V3Be4996KUVWytGFoYhBAoIBAQD+GdRS2v2HEE0Qs0MZokXPIkZBhE8qYfcm9X0x +K/OPqEDBZmv3tpTG0yyK/HuJhJBDyioZ5oOuCbDK8rpu0+pj0QtvfSQ21qIdR06v +Qc1P8eEoMNko9gJ36hWe7/1GXLm5Au8AGlZPR0OIGWMpgftyK0cT9C/GL7nKw6wk +sxb+11f7ExhhvjEtMve6n8Q2OxptWTzR7Gt5k7gNSIIfIwjsF/Vt3WpRw/Vn/uaa +pc8uJxTBBlRjPAZ4IRMT14uFq/vYWiXezvhYYzd8Lmp/WbOVo8m58hE7pW9wIrtZ +A2yWVQzh7cuxG1QkPzpbNh2rU4DOzxbwkNUKF1gict/KvaKxAoIBAQD6gHRiTiyr +T1+xPZIAeCUwa5MQF0skEjVG7EasWIMg5A6pv0sQFkB7S4wMRlXUn37AQMdH7Q5m +Tnvw1Z/Gxwgv/18aXfCIiiCsBmTBAheBMR+Zcvqvp6UwDypxBQ0ZjWM3ZhRhF/XJ +KeA9Q0IBm+W5cvaCHlnoHhfzYjTQwy5WQj3tfGkAKP3p4sYPoXuWCYHdlDfLNIDI +Cv5mz+3ILu+tlCpUvbDWFUvH2VegyqudKsroFe6D/Q1cjWF9aMGHIOMk+TPtIdAD +8gRbuSLmZAXf+5Og9s8WiLyTeYuYYGzf7aHfs68xXtrTDe+uB1d2EWjm4JYr056X +uVVOMeiY0EjNAoIBAQCFgwbX/i7GP99uTfKMzoHFoymtFRsPlufo9YYxRvmz2uEj +fXBveOTVT3IRGTbD+/5dUCUs9LztvjPBfyZMQ1bd2aIbk3Jqyf3mSmhil72MKvh2 +SKxh5FlJrpprp4e559DCEHOJ50zAXR5zrXs3/Q8kXu764gwUI1GI46VYpy0G/BlD +WDYwbWGjcStPSNEs+YMaP5BAcOvLtr03ZYjRWXQ/sRsI/hT2H3ObkAiU61hf1LMH +9Q50Eb8IccB3ZYLu2n36oOtTFgbRUlh+DFlyzqwYjTXaWQGLCJL0JZuw2qa8mrWp +JGwpg8WDQiGkeVu/gKGmiJNyFXeK1Nc/SoKiIWARAoIBAEYpfG+cXb6NuMu35xDi +lef9+W7kV1N/FhULULAtCm1H8yNwROH4mY7vFgbKHHg1RBctDaQDrajSCrzl2J6g +WJa4/DYyYZCcv5HvKIE2yMaSr7sXDUftuMLBPK3zMDwb8dIucT7QqzLw27HNCMvS +koFixdCkF6J/601sEEb4pB3c5+OAmRhGYvgDYF44aJkZiJo7TXVI+1kMWz0IuBz9 +qHwBp+mcR89un48WPQj4OyEGP1bJ7chiND/cCZZKpQnoGDbe5cBhXBX+z2GxdSj6 +kvqtSCgpeM9i9Q6JWKQRPe1qbZBuj39QhhHfMWaY/9I+BhfEh8s2tpDghBgmunMy +w3ECggEBANd6XGIMmB0pmdinVU7gBsXlMYcnQEdtJWcMeJKRaZjhrmnSEQGfl5se +U9AGGxaVZg32+q7/AXEY2p0RRYDpG1mAYFisa2hglrsBU1hkQWHZ7xdHBKgQOgCG +wMOO5hZH94uyF2PPh5YG6XvZCudEfdkFNNlU3yFepG3/lNHXh4bEGOJvLSz/77XW +gshQRyggqDJ2B9K/iobO4wg0f2U/MmX3VOljwPxrp74M2JJkplmrCJ6JNbD7dFo9 ++bW6K7QplpsPAfYQMV3oOeitgtu5RycR/ADW4sIZw2JBa/2T3JNIgsgyG/Wz9SAR +DC5I2TQD/DsjdPJFAk94MNL1SxrgOu4= +-----END PRIVATE KEY----- diff --git a/examples/data/x509/create.sh b/examples/data/x509/create.sh new file mode 100755 index 000000000..2b5aa5cff --- /dev/null +++ b/examples/data/x509/create.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +# Create the server CA certs. +openssl req -x509 \ + -newkey rsa:4096 \ + -nodes \ + -days 3650 \ + -keyout ca_key.pem \ + -out ca_cert.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server_ca/ \ + -config ./openssl.cnf \ + -extensions test_ca \ + -sha256 + +# Create the client CA certs. +openssl req -x509 \ + -newkey rsa:4096 \ + -nodes \ + -days 3650 \ + -keyout client_ca_key.pem \ + -out client_ca_cert.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client_ca/ \ + -config ./openssl.cnf \ + -extensions test_ca \ + -sha256 + +# Generate a server cert. +openssl genrsa -out server_key.pem 4096 +openssl req -new \ + -key server_key.pem \ + -days 3650 \ + -out server_csr.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server1/ \ + -config ./openssl.cnf \ + -reqexts test_server +openssl x509 -req \ + -in server_csr.pem \ + -CAkey ca_key.pem \ + -CA ca_cert.pem \ + -days 3650 \ + -set_serial 1000 \ + -out server_cert.pem \ + -extfile ./openssl.cnf \ + -extensions test_server \ + -sha256 +openssl verify -verbose -CAfile ca_cert.pem server_cert.pem + +# Generate a client cert. +openssl genrsa -out client_key.pem 4096 +openssl req -new \ + -key client_key.pem \ + -days 3650 \ + -out client_csr.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client1/ \ + -config ./openssl.cnf \ + -reqexts test_client +openssl x509 -req \ + -in client_csr.pem \ + -CAkey client_ca_key.pem \ + -CA client_ca_cert.pem \ + -days 3650 \ + -set_serial 1000 \ + -out client_cert.pem \ + -extfile ./openssl.cnf \ + -extensions test_client \ + -sha256 +openssl verify -verbose -CAfile client_ca_cert.pem client_cert.pem + +rm *_csr.pem diff --git a/examples/data/x509/openssl.cnf b/examples/data/x509/openssl.cnf new file mode 100644 index 000000000..d1034214e --- /dev/null +++ b/examples/data/x509/openssl.cnf @@ -0,0 +1,28 @@ +[req] +distinguished_name = req_distinguished_name +attributes = req_attributes + +[req_distinguished_name] + +[req_attributes] + +[test_ca] +basicConstraints = critical,CA:TRUE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = critical,keyCertSign + +[test_server] +basicConstraints = critical,CA:FALSE +subjectKeyIdentifier = hash +keyUsage = critical,digitalSignature,keyEncipherment,keyAgreement +subjectAltName = @server_alt_names + +[server_alt_names] +DNS.1 = *.test.example.com + +[test_client] +basicConstraints = critical,CA:FALSE +subjectKeyIdentifier = hash +keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment +extendedKeyUsage = critical,clientAuth diff --git a/examples/data/x509/server_cert.pem b/examples/data/x509/server_cert.pem new file mode 100644 index 000000000..963f78c1a --- /dev/null +++ b/examples/data/x509/server_cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFmTCCA4GgAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNV +BAMMDnRlc3Qtc2VydmVyX2NhMB4XDTI1MDkxNzE3MDkwNVoXDTM1MDkxNTE3MDkw +NVowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3Qtc2VydmVyMTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAJKa94AjQ+jMqv4RdMjogvrqb8y4NMoFPHb/A/Eo +0ahQsLu8enexiCAHq3QenIIvSp6KxvL5ERoYfsv1c9jG5B4/Z7wD1Tkut7bOiAG1 +cO3sgkz6+ttSWYDomBxHw19h2qJl/XIIgz4FO84tBMJIU2lXQejRd6a+/rKyvk5e +IZIeBf82ujO1I/9O04rNkZGHRhX/AoGmF5LuUAoex2yWU5/8V2y7svJb0+AOOJH9 +tCW/mEVwb/5Gz3iD04cqhJKDtwMXYIa41BnkgQfr+AsGE0H2sdlYmCDVp/DbLMOU +pqjWuCzYA37ef4mGTH20eFbIoaZ7lVDxY8S0jV5DH+nsrj74keBG4azj2SL7rf/H +bniycFukSx+GFRAWpxTPD8vp4TGpV1qFyef3IANAPSlrhIwFfAPz8mUnHWE1n6wb +gWt2rtgGu8abbOF6U0F2aRGUPH3jijUIJD6Mr3cy8slkRZ1w8nv2nxMspnJcpR3V +tN+Mkm6y0o4lTFzsYvjRPNWNLNROA4md+cTgfhSOKVzsYGXUqRDNn3NGOPgYzXDS +Cw0AXIHlaGgVLb33enkU26vWdkNHR1RmlSpWc07jCvBuvoF/lz/FB+8Y0wNeZAgv +tWv6NCwaBWFkMG2StiGFweOdszk+cwyCaGXPeNe+d73Atauk4s/+T08jRwdhseLU +T5/DAgMBAAGjfzB9MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJtMvOAJdZ4zZgZa +plJQO1JJC1cgMA4GA1UdDwEB/wQEAwIDqDAdBgNVHREEFjAUghIqLnRlc3QuZXhh +bXBsZS5jb20wHwYDVR0jBBgwFoAUDbOhGIo1uZBGZDLtDsvheKfJ3DEwDQYJKoZI +hvcNAQELBQADggIBAHJO/nRYCkq9HxunWeDZjY0A6paBb0Ys/NMpv27+vvljzJ0w +zsh3vRqb54GFsSNUM6sDuG0ujxFKPNRmMXChdZkZVVhO9RFzw4+vdetq3mT4pPVt +mq6PkK82RCP2v/b6vmZcJk6lqb9W5FkM9GoAWwUrFQSzgXGOi25IfFWXXqlNukso +XCHI6bpwqYFIeiWoKJKSoTXbyZYrlKIGJOEedVn1tbynl+IaEsndA4Oa0+TTxLFT +3TNCyBOVroMz61iI1MRelyLMWE+3fY///l9OJG2cm0qvoXh1IPqexeQHeJd14AGI +sHUjNQFgV3dNV2El8Lk56bUOebjclmZOXZCXsfol3pJ8PMSfLYl3rlv9Hurmc+oR +7TmaP9SRPjYLWdzcicwsZn/PRrbl4siUa1PH8XkaPASE8VQiIoovtMz1y/GlO4e0 +cMYRYHDJ/dDtD1VDvDZGgTZauCp+dMJof9IGSWR+X4dyzMo7MQ4ErgY57gcmLGYa +JW27X9wh+rpIsGu3csGCGHFmWaD2vBWrSLMrx6gmhbqUUIgHNQYpelDV024wiLj2 +BS/zTQUNWFZgkuzHnAF1abHvFHCd12+AeVBV1NZoDgjcPokJGDWVeqHWbJwsquy1 +sqP79Pup+LHd32yCIEZZlMb8M3o08aqemoqjVcVb57puKNyfwk8sT5tBq9Hv +-----END CERTIFICATE----- diff --git a/examples/data/x509/server_key.pem b/examples/data/x509/server_key.pem new file mode 100644 index 000000000..5dfdd5e68 --- /dev/null +++ b/examples/data/x509/server_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCSmveAI0PozKr+ +EXTI6IL66m/MuDTKBTx2/wPxKNGoULC7vHp3sYggB6t0HpyCL0qeisby+REaGH7L +9XPYxuQeP2e8A9U5Lre2zogBtXDt7IJM+vrbUlmA6JgcR8NfYdqiZf1yCIM+BTvO +LQTCSFNpV0Ho0Xemvv6ysr5OXiGSHgX/NroztSP/TtOKzZGRh0YV/wKBpheS7lAK +HsdsllOf/Fdsu7LyW9PgDjiR/bQlv5hFcG/+Rs94g9OHKoSSg7cDF2CGuNQZ5IEH +6/gLBhNB9rHZWJgg1afw2yzDlKao1rgs2AN+3n+Jhkx9tHhWyKGme5VQ8WPEtI1e +Qx/p7K4++JHgRuGs49ki+63/x254snBbpEsfhhUQFqcUzw/L6eExqVdahcnn9yAD +QD0pa4SMBXwD8/JlJx1hNZ+sG4Frdq7YBrvGm2zhelNBdmkRlDx944o1CCQ+jK93 +MvLJZEWdcPJ79p8TLKZyXKUd1bTfjJJustKOJUxc7GL40TzVjSzUTgOJnfnE4H4U +jilc7GBl1KkQzZ9zRjj4GM1w0gsNAFyB5WhoFS2993p5FNur1nZDR0dUZpUqVnNO +4wrwbr6Bf5c/xQfvGNMDXmQIL7Vr+jQsGgVhZDBtkrYhhcHjnbM5PnMMgmhlz3jX +vne9wLWrpOLP/k9PI0cHYbHi1E+fwwIDAQABAoICAAgdEXODACAjK5dyCd+Qlqci +UFupGirQDV+cj3BKTQgepxlMvg5fwePb6M49X3YI/f02Ovp5dEvYbTQGeonVwAw4 +gBo0sBlBD6PLXFWT4BMa0r9F6Jo4vYFX3gs6oYJm3P293T/xXqoRChVIAopqDEu5 +K4miBhgxW9Ex+TxHE16N0NEmCzoPXVWk3CpDZDoEnYlcGpxoP8e+7qkQuQK2cxxY +j9IRtT6afGhbASB7RPwN1XSKW3hcHOFTkmJZpQqixX8jTRFHq11fexCgK5MYm/o7 +l+4qbAjtKiU3TAvq7ypK79hzgAYGdFJ9H0CZu0s6QVAAaOwY3+ekAmrkFiERGzeF +gqe7EQaWr/5GzcGNOmv/4AOr6kDhdleAdpHXzyDX+BliNqg5T6kkT8UOa8MtkJfG +sL2moh/4P93KoTp4mBpmbzAAnaq34yCNCnleK5CILLPqVyR5z1E1QT3pCFNQwhjO +GEYgEeA384cVQulJhWzQPWDt9vEl4BcnLxzGTnn/xn7o6sdOjuJx7HzC4tP1uN+b +8PDxNo8imXhAkpw2umUplPFrZup/PPcozz/IzdA9x6zfNyOQTw/QHNDdQkJ1d32F +3nUExzAEccWhrWiXS/qX99PUDvhC3aPc9N/b/ihSdrZpzR3e4v2B59KV09RrXjWI +lfg/QkhxWvi1nyGE96n5AoIBAQDCnSEqDxdq0+NVvXTiDSyzyQ41p9yEi8WBo5Wy +9XVQP7Ygg3w4sgRvqFB4sgdHGEp2VxjBy0PJU4UtvVFFesOxxm0Sf5mq+sQBRbIL +/PPFWMaT58VPQp92l9fb3KrqMrVL9VYqOYjL9DITMUcnH7OzLvc6DZ10q7ItcLqE +hQLBZHadNICUkH0mZtMvRwW5VpXvKleVYzfZ69ojkIZYX4IceIXv50tXxwaxHItc +3GnRBFjEej4cLL/o4Isv601uBZD8FqJpY5P0t73rDN62Hj7c44RYOUP11zcW/AY1 +Xq5w+HCGMf+e3tHve4UsJqls9Tw+2yy4snwHQ3oHoFP2cEAtAoIBAQDA2TPf225R +8p4Z1SG69ll0dBeVUmO0liPGoKkURTS2yPvCa2BisxDqSctUFaSf9QT64tSDRGET +RAiaeyg9z6wtigToHku+jiz9LiPfzfa5aoVWDam+ZrzCxijQZliPSjQBnzAUP7A4 +w9LUW5cgu9OTN3t4fvxZTRifTpE0I0w/2s9eZCiiNQyp3J/IXL2BCv0U9Sr8ju3p +wL2KUPnopvZjSH4WXyto8+wD6692PkjBVuhmtXUxBl58xkpvWzpHYNqttjG0RzPa +XQxRdVogZ9LYHX92gDeO0rQBkYkB5kF7kSZGXktaejvL2bb2p5hfJD6kGzNiOzss +Jdmt7lPsimWvAoIBAGMw6SVhucLGKnmZ7cgFhQJBeI+adgfMoacYtIUZHGkBgBeE +TL0s5pvugs1xl8oBtHoqnECyFGO5wQh2FMU/9BxZEWC7TpxZ4arwVfZMQAcW32el +WuiyAUrVy7yQ9UAXBlanvfoZhwLE/PzRQf3L57BtQK8DH3zGwjLs4PQIQ0ZEqTwo +9VxDZLY89GiFX4J+gj77KtbGUkItNuqnkAHc9BkEyOdk0P71PxDohpOW+AwDlibW +U2/S0yGjyO1slfN8vM/vzWm/yjqRqCf0UFMsiUfWYq8AyQW1YqvBWny7PFfyGJAd +TbcwxHm2UEMXlYUmXUWAOoQM3LBrEPhwHDtgLSUCggEAcCLcgyK5N3V4cVT5VBnD +Um/e9rj9uRhEnU72gg7r5A1iN17woPO2tkVKsg4Tt99lke0r3Vh5ihZZWlqav7Zu +S9yhlcdoC9noVx/pRE4jVRWXir5PIaPjxu4q9WNNw6RGMVs7Pcr60Ucs5MaNTj9p +e4UbiqlsWxD1bEznKgYMZGT7h8t9xTRLtMnRL1Sd7NdS6kjVQh5qQS4OCMulRZ8w +TfLtPl0AhPqxFmaJlJwK+kFqya5iAqvNbYhv5+iILtEm1zPGGyn8ANFyRDuUuJsm +gvxEDcfohmgGu5LAtBYLpap1Mx3Je0bwVky2kx5I/6m3sv0OF+SRN86akQSwUC75 +iQKCAQEAp2OlklCIQjyp4z7Amqyh5YZm0XrXPn09ihxnAqn2Ie5zb8BVSnoNYDpl +dsZQLPOLrDAU/haAl9RNIibravCh+zMEZ12t+PD33TWWRxqQ/Di6biNfYzDGv/Y4 +MhGWF7RXeUobU9ShI/jyfWMVOa2Zg5YcAVFlHNbqfy7uMREovvSFXCG2Mmq1RZ4Y +s1rWh7ZsfbXbF5mFoqlK4CaASdicsxOaoSy+yhXJLvg95O/wftyaboTqbRq165Ae +sPBsgNq5oOulS0d+CO53+V0mRYLWBZpuPTdk9qierTuERklGbLGTdeQpDvZLeB/U +dqcVC951MqK11/LGybm+ojj5JFsbog== +-----END PRIVATE KEY----- diff --git a/examples/data/x509/x509/README.md b/examples/data/x509/x509/README.md new file mode 100644 index 000000000..3b9a05dac --- /dev/null +++ b/examples/data/x509/x509/README.md @@ -0,0 +1,6 @@ +This directory contains x509 certificates and associated private keys used in +examples. + +How were these test certs/keys generated ? +------------------------------------------ +Run `./create.sh` diff --git a/examples/data/x509/x509/ca_cert.pem b/examples/data/x509/x509/ca_cert.pem new file mode 100644 index 000000000..868a01eb9 --- /dev/null +++ b/examples/data/x509/x509/ca_cert.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF6jCCA9KgAwIBAgIJANQvyb7tgLDkMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV +BAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBD +MRcwFQYDVQQDDA50ZXN0LXNlcnZlcl9jYTAeFw0yMjAzMTgyMTQ0NTZaFw0zMjAz +MTUyMTQ0NTZaMFAxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwD +U1ZMMQ0wCwYDVQQKDARnUlBDMRcwFQYDVQQDDA50ZXN0LXNlcnZlcl9jYTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANGmhBQQ5f3n4UhgJLsXHh3CE3ej +Ox36ob+Hnny9Gb/OquA4FMKjTTaSrhKIQapqlCLODai50XKSRBJcgsvsqWk9UdL2 +3zf7CzAPmg5CmzpWWwgpKPTuK5W+gLA1+uMKecBdH5gqSswQ3TD1fMfnJuq9mNfC +GsMkplaqS5VATNFPVnqS7us3OXKEITmBaQP4wOpGP1PgqX7K08aZEeAyQJaTS5um +4MNlBLYa/nQ9Wca0Uk5tzoNjE6mWH7bTuwdoZgOIwKFmBbmsC9y/HzwV/zRsL8Yp ++7FwfIYuZ5j8gBNqSFQjDFkm6Q7RcQ/lyHHj9YduOgTciIFVgx+j8aZvFqH127h8 +WIb7Jppy0DEDJE1hRP6iV2uVoaUxhXWrCWLBUU+naLix7SJ8rqw8gHwRNWfM/Lwg +I3rGXdw5WIHVQcuxevN6qVSZeWVYAlAgfxjKtM5cKZyM+W80CSdVKEku1XA0sq6h +jaiJdo6hpm8BLIB2k7LWafc5MASst7XULk4uDC/OYcEz3+C3Ryn1qBltr1gA3+5K +ANuhjYCZH4P0pX08I1MpeVP6h8XhbBPEZg2txbVGlnDXEFoJN9Eg5iEKRBo/HKhf +lP84ljtBSmCnsF6K/y3vnRiu+BVNP5KMq179DNqEy7tSygzgY41m3pSFojdvA59N +JWJoy9/NZzdlU4nzAgMBAAGjgcYwgcMwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQUW5AMXXg/zPSaLHwSO/7LwoBeZYUwgYAGA1UdIwR5MHeAFFuQDF14P8z0mix8 +Ejv+y8KAXmWFoVSkUjBQMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDDAKBgNV +BAcMA1NWTDENMAsGA1UECgwEZ1JQQzEXMBUGA1UEAwwOdGVzdC1zZXJ2ZXJfY2GC +CQDUL8m+7YCw5DAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggIBAKTh +Ofg4WospSN7Gg/q3bQqfSMT5XTFC7cj0j3cWDZBnmqb0HAFPmzHT+w3kBVNCyx1r +iatOhaZRH7RA0vacZQT5pD2MGU48/zFfwBV/qHENQWuRLD2WOOEU3cjjoINBclfP +im7ml/xgz0ACOgUyf+/2hkS7VLq4p9QQVGf2TQt65DZA9mUylZTdsBf4AfEg7IXv +gaYpq6tYmNi7fXDzR/LT+fPd4ejQARy9U7uVhecyH9zTUMzm2Fr/p7HhydSXNwhF +JUfPWw7XYO0lyA+8PxUSAKXOfsT44WNtHAeRm/Gkmn8inBdedFia/+M67k45b/wY +RF11QzvaMR33jmrdZWxCc0Xjg8oZIP7T9MfGFULEGCpB3NY4YjnRrid/JZ/edhPR +2iOiEiek4qAaxeIne3CR2dqCM+n+FV1zCs4n3S0os4+kknnS5aNR5wZpqpZfG0Co +FyWE+dE51cGcub1wT1oi5Xrxg/iRteCfd33Ky668FYKA/tHHdqkVfBflATU6iOtw +dIzvFJk1H1mUwpJrH/aNOHzVCQ5KSpcc+kXcOQPafTHFB6zMVJ6O+Vm7SrqiSENM +2b1fBKxHIsxOtwrKuzbRhU5+eAICqwMd6gcIpT/JSR1r+UfHVcrXalbeazmT2DS5 +CFOeinj4WQvtPYOdbYsWg8Y9zGN4L9zH6GovM1wD +-----END CERTIFICATE----- diff --git a/examples/data/x509/x509/ca_key.pem b/examples/data/x509/x509/ca_key.pem new file mode 100644 index 000000000..4dccea1be --- /dev/null +++ b/examples/data/x509/x509/ca_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDRpoQUEOX95+FI +YCS7Fx4dwhN3ozsd+qG/h558vRm/zqrgOBTCo002kq4SiEGqapQizg2oudFykkQS +XILL7KlpPVHS9t83+wswD5oOQps6VlsIKSj07iuVvoCwNfrjCnnAXR+YKkrMEN0w +9XzH5ybqvZjXwhrDJKZWqkuVQEzRT1Z6ku7rNzlyhCE5gWkD+MDqRj9T4Kl+ytPG +mRHgMkCWk0ubpuDDZQS2Gv50PVnGtFJObc6DYxOplh+207sHaGYDiMChZgW5rAvc +vx88Ff80bC/GKfuxcHyGLmeY/IATakhUIwxZJukO0XEP5chx4/WHbjoE3IiBVYMf +o/Gmbxah9du4fFiG+yaactAxAyRNYUT+oldrlaGlMYV1qwliwVFPp2i4se0ifK6s +PIB8ETVnzPy8ICN6xl3cOViB1UHLsXrzeqlUmXllWAJQIH8YyrTOXCmcjPlvNAkn +VShJLtVwNLKuoY2oiXaOoaZvASyAdpOy1mn3OTAErLe11C5OLgwvzmHBM9/gt0cp +9agZba9YAN/uSgDboY2AmR+D9KV9PCNTKXlT+ofF4WwTxGYNrcW1RpZw1xBaCTfR +IOYhCkQaPxyoX5T/OJY7QUpgp7Beiv8t750YrvgVTT+SjKte/QzahMu7UsoM4GON +Zt6UhaI3bwOfTSViaMvfzWc3ZVOJ8wIDAQABAoICAQCxi7A9AhaUUWRzE6DnpGtH +zk0IO39cIx4KAsNQZiDBVDdXzYafUwaX2d57KVNbDAlJ9HCS3FKpEX9+gUPviQvr +aRe7boCZewv9dqkDvJqS7AEJxzm9O1pD5WI8WGqRDhUPuI2CIwbXDM0VokA7VuGZ +WFlxFxvs+UO5D10VF7A2blcRVQ/quQj4lzc/6P1TdL2DaVxGH3PLQd/ZR1ZhJI2Y +N0OHnOqp7wnvYqrtK+u0oI83hjym/ifvrYhMH8E7Q8lo4s4noSvmEvK0zlKYYxSO +g7RtwK47lcSPKgtn/yZDyvVX85qIgbBLcUmrqfB3qxMKz2lpJo6f4Rg7mm6SgW+K +zxYnGNCTPfiyPKiufM3rQPfJ4giqQ1XDKiZEKUJBo4mzzV6LcAoDaEqhHBlySpi3 +Z38I0rmAT62PRJ1sMkQl6j1Ben9TpwTzJmLX1sEO1Jsabsk8rRdV+ni5oRRUdW4H ++ratyQ8pmegLYyhAZqkD7FzKBLdznLmWXVTcBQkRoD5lQkCP2OF78TdL4twNvoTH +X4kQ3cNysWFXsm+yf4jSCHl4BEtGA2jOU690T0trtMf13aI3wEULmcBgc2ix+tch +wX79hwBYcjGGDfTMb39r/DrcgWMVFXawru78QFoN9vVxznit9LrOERBm6zN2ok4X +E1kD4YZGr8dxUHax0or4CQKCAQEA7W1Sxeqc0gV0ANQf3eCsFNjvT97z/RSzzUYF +wCe4rpzQ9ZNsY2UYMYmEzUuRBuQxYKCNTWot3hu+6OPMCp4pLuu2l8ha/wCM2TkY +6hceduvXkdUNUG1xZNSR8waw4PTXNeoOD30+GB4OpHdjzsF5pEzx853/Qo/ERJFx +A+aZZJy/Sfw82KTseYTniWYjH4iYUbC8TVLfRjPw6V2VcF78pYkdAQenGglqw/sI +4a3FhJspN9xV/PoPbb7PjBJFHUt7ZRQt+D3WPuhLSjyPxwV+3u2OsQ1/J/sxcih6 +rW2g+OJYrK4YkOqX9tLRB39RjO4H6Eiv5eUAw/+vHHufKRu1HwKCAQEA4gzxZNzm +r1X/5GAwwyBJ4eQUHFvEQsC2L4GTJnNNAvmJzSIWnmxGfFLhfJSabnlCMYelMhKS +Ntxokk5ItOhxlUbA1CucEtQgehJwREpUljlk7cii5MLZEkz11QxIVoAhGlq3svFG +B/gwYWNVWl2CXcK2o6BBD9sIgzgp7qhmdJej16h8YkWn7HibKs+OBcdCu+ri7wU+ +VdLpdhN3uqo1b1tO58Gv+40vuQE3ZKDdMy55V30+0qEqg6dXvDQ9nwYFkw6C31Ad +Wpa9ZB0A0HNSou1xTWyl/hDie6dlN84RHGX8on4sjgPrb8A8WVis+R2abvh9ApZA +fRZ3H/ZYXB1crQKCAQBgjgEHc+3qi0UtwRZkiSXyJHbOKIFY/r5QUJWuG3lDqYph +FF8T3N0F6EMVqhGEl/Bst14/iVq15Nqyo1ErUD63UiyjdVtsMLEW9d1n9ZbyDd9Q +8y/C8X8X3kqsZqAwG+IZjuHA8tH5xN93iwYP4yaw5onO5QYV75mFuRAY4gKnpAc2 +81lbUVbJ5H60pdDK1iX7ssAhQf6C8kSa4vAPDtH4D9a3wID4WbQNl115Sc31q5QL +n5NomdkEbIDDGfr5euTnqlk3hw5F7voPaqmd6mI6Dqnk3vRDMihdoJCjTt4T2Rju +wK5E4OKEAh/3yJNFmNemY0kFWSgCjUyNbMjBUv9JAoIBAQCYS9QO+m1JUA2ZVd1E +eWqNkFakTIdL2f5kv03ep+wIxwq6c+79SUGr3UMh5hStvXCFYjhAJhbwc0rY13lQ +uRJdWk/sIn2CifxfgjC1MccPdxeyxGxK56PMGqG9qgrKjITA9sGxA7EFCYe+9We5 +/Coq9VaLoxpyjkWL8rj9m+N7RfcTAubaZseeIBuamj+7UOZ7KOM/2i6HMBQugys1 +Thu2LLRanDnups6yPEmPuHmPVA5YjX9X9VFpZcNMf33MuAflbe9qeNVuBQUQgCHe +TvQr5QFjAoJLTCDq4nrlQCZzFZtB9vQZsjZbEg8WuxG+vN0hSrUemxBTtmEH3bbm +SLn5AoIBABGxznQFXXlF3eLIZqLvItDMSTpFp8YPk8GQWPT2V3pNNjvK/j7eg+tn +VouXv5LjyLTzWLKnPjIU4t+qwu6R9nohZ62OjGl6lssVdjPnf4R6UKzRa0iIZtH4 +BlGncnAbzb6TJuLX7dNwICoUCGyvk9tdnThH1FY3ZAEhOi1G8LEh7aBrj9/vUZ2d +S5jzZ7kLh04AB8OP1MXM3sZE7VlIxUtT/NLlwC8zRsg84pAjg3U7PygIDYQDzCRB +4yIvDziTPqDB/vdCKt7/Xary5Xj4NwqcPCRf6HvdHYCVeW7V+mWcMKZgodQARQhv +qQCK9iiN08MAFNia/0/Bj4D7XKurNRY= +-----END PRIVATE KEY----- diff --git a/examples/data/x509/x509/client_ca_cert.pem b/examples/data/x509/x509/client_ca_cert.pem new file mode 100644 index 000000000..62a0ce054 --- /dev/null +++ b/examples/data/x509/x509/client_ca_cert.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF6jCCA9KgAwIBAgIJAOhoXtjjP6JdMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV +BAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBD +MRcwFQYDVQQDDA50ZXN0LWNsaWVudF9jYTAeFw0yMjAzMTgyMTQ0NThaFw0zMjAz +MTUyMTQ0NThaMFAxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwD +U1ZMMQ0wCwYDVQQKDARnUlBDMRcwFQYDVQQDDA50ZXN0LWNsaWVudF9jYTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO7fTqeU+8OfKMwXABNF90+RYL4X +YS4ULx4rpf14Ntp1SF6o3itCSM3jJfHzexj2Pm16aL+OQll8ODtvTadqVSMndMCn +UN/jVjxiMmjkSNKpwUGG69CsQzCKoueKBCEy/CZSopQae6Wxn7mqTAzhFlh3idNL +J+12UtdqDxnPDsiG2XBET3UrKyJeBxMgRyPi/g4wHfhH9oJ97jkdacUlLko8l22s +ZiMSSwwOlWxtTY5t0FbHu08ufP4eYTqC0LL3z1Fon4v+4BqUyK7BT3dISwPBmSd1 +uTD7Wbaa/QmfU6Y18dkNlK00GUAcKWgPfLcm7EH/AAz5XkqozVR3z5FLBYFTxVrA +Ly/Gu5HLx/uwoYWeYRWBOSkqvdgf9PT57imO4fOi1CTQuq/1LAdaxGkm7yXaz0YP +ySTiT6PvcLWFEbjrbufxdBrF4/ZsQz5vdJiKq2IQmCIKONJOFHWqgoF4AA7Ze1cl +mrK0eLzUlG1WmSy5mpjByRanahQWYvK1s0tc8IwMRRJY4DS6Dp99EVyteKZP/jc0 +x+ILet2ThDhjY3AxtkzlejyylABgl2AyGoGzZzbaf1q/0LfM6SfYBSVZK3TFR3Kt +8lQnG0tztoM+bnM/JZ8UZ61s16jJVxWzlZ+rx8rCpIvh3Cnl52DGo6oA4Kt60uDP +3iiTLGNYqEyHmzgnAgMBAAGjgcYwgcMwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQUdOqNqaSjcn7BRN3fLs4eTIp1W9MwgYAGA1UdIwR5MHeAFHTqjamko3J+wUTd +3y7OHkyKdVvToVSkUjBQMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDDAKBgNV +BAcMA1NWTDENMAsGA1UECgwEZ1JQQzEXMBUGA1UEAwwOdGVzdC1jbGllbnRfY2GC +CQDoaF7Y4z+iXTAOBgNVHQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggIBAOnH +CrwiJd51oBic5PwjQBhQcUtGOfR1BJe/PACpLXTf1Fbo8bLT5GxZLATlw9+EVO9P +JhhH+oiUuvA7dE2SRiZXpY7faqtDgvVfssyCrvACkM7pcP9A5kM4LiunX7dpY2xp +naJAqDV5Av1mOohHuVEZHqV6xQSREQFW2IusfpCsPP+P+RPKM2o571e6oz5RGbuP +dQ39QycBTK8ezccxaDaH614peAnBi4Q1GuxzgNmXq2FPDcf7F1QcWMrW3jUI8npi +Q9rXRwrqUYP7Yzz+dIziGdpOfZd7x/MyCXuqRdFdA+bulGM2Es5lvtguPOFhcWp0 +3hzLJ+yolxyqxnNNdaU0r+TDbgxOBjw0VxahuhzFDeZsP6Civzp+Y6MRdvofNXBm +IBD4uqmQtUUyE2uoznXvZkXaSc+0VIGgs04AMS9irBC2oVEGDp0AbelcIhdgToam +/NTuOmxgadwDuEn3TIFYkzx84J81kL8g0HQ1N09nSXChkSVb+XlxC+Wosxoazydr +M4FOvaa1V4vnmIdA2aF1nWTzJNcc9FC23zTmQkV2YJ1IKNmxGd3xBZzUtUBu5OgZ +vPXECtUjRcraNuXeL6gSX0qBaaVkcdxhp8CpI8k6Qb+mgOaq/ixrVEKtczBVXjHD +pO6QmwMZtqR8JsStbMCYXa2owt4k8F3yMlIKE6qX +-----END CERTIFICATE----- diff --git a/examples/data/x509/x509/client_ca_key.pem b/examples/data/x509/x509/client_ca_key.pem new file mode 100644 index 000000000..77065d5cc --- /dev/null +++ b/examples/data/x509/x509/client_ca_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDu306nlPvDnyjM +FwATRfdPkWC+F2EuFC8eK6X9eDbadUheqN4rQkjN4yXx83sY9j5temi/jkJZfDg7 +b02nalUjJ3TAp1Df41Y8YjJo5EjSqcFBhuvQrEMwiqLnigQhMvwmUqKUGnulsZ+5 +qkwM4RZYd4nTSyftdlLXag8Zzw7IhtlwRE91KysiXgcTIEcj4v4OMB34R/aCfe45 +HWnFJS5KPJdtrGYjEksMDpVsbU2ObdBWx7tPLnz+HmE6gtCy989RaJ+L/uAalMiu +wU93SEsDwZkndbkw+1m2mv0Jn1OmNfHZDZStNBlAHCloD3y3JuxB/wAM+V5KqM1U +d8+RSwWBU8VawC8vxruRy8f7sKGFnmEVgTkpKr3YH/T0+e4pjuHzotQk0Lqv9SwH +WsRpJu8l2s9GD8kk4k+j73C1hRG4627n8XQaxeP2bEM+b3SYiqtiEJgiCjjSThR1 +qoKBeAAO2XtXJZqytHi81JRtVpksuZqYwckWp2oUFmLytbNLXPCMDEUSWOA0ug6f +fRFcrXimT/43NMfiC3rdk4Q4Y2NwMbZM5Xo8spQAYJdgMhqBs2c22n9av9C3zOkn +2AUlWSt0xUdyrfJUJxtLc7aDPm5zPyWfFGetbNeoyVcVs5Wfq8fKwqSL4dwp5edg +xqOqAOCretLgz94okyxjWKhMh5s4JwIDAQABAoICAAmMq9xPPHFpn3vpP3uFxIlN +yoxO6veonumZ3Rzw/WBmZ+pA3gDkuXxhpFaz4SvyTDScPCvMSCLDsIvPu08CFT0+ +ipBZIAaTVBM96b3/wlmJp8wy1KKXAGikYjbXcarSGvp9OzqohGDvZO9LO5cYOIh4 +3u2vh30ayd0KxGfHu1OQ8IhocrTAcQ0CrU26cJ2iqX1vtwMB/XziA/AMmPnkrqER +IwyjY8HrLUziGF8pT3xuL3IIshhMR3rxQ/nO2QEOnx8mC5rRKaxmXk9+MusV3Mnd +p33IWwr2QXPnZk5ILFPsvCptPJBgENJbTdx3IglAaRmKVDowjfB2Jx9FWur4ENQy ++yCzf0ygRoXnugtwE48/L7P8mlqZlZsxQbUUjXEPtht8rtM4CR5b0v7PHXiLh1oM +igfy1RDAQAZQRGIlWCOeV2soiyKLnCGyAaVXcM2ksDkYOSH4ObE4KwF1Ph87lNaG +ywolsPvQD0ygymXcuStrYHWamTp8qRjNvZBcThs3SaKN+lxXxPng2tBPUwU0S6nj +e0pjWco74elBk+fjjd0wNolKjUD7FhRXlWiXz9BgcCjRD9TLoVk8mp9cFL7OLzJc +735JmNKP8C5Qs91Ugo6Z9tWQQTdGHZe9ElUY0fWP0bs+4iBaadl63R26tchLncZE +LnYsi2AjDdV908cEkAiBAoIBAQD6LbGeyFHZA42nuSw/NFsMVldqU6QwmADQI3Tw +JEdw2thS8VIX2c8aeJkVL++dNmSPcqs4NqhzgJSm9o1xNqGZovAPK/B3NmLl1kzG +JPwSr8QwNxmKwUlbt1K48qIV0JmetOgRG/ll5ux2CxgWHzwgRwtvpbnxDa7Gf7BA +UfH7AfZJ3iV+HlJSxr9XxNgFoNEtpP9sqbOgt10f5JJlIELCTa38iMBojAGxlzyj +7DGYY/diQDr+6mRNnv2pY57dOnmdvN1w+p1W7saaeRCeltva/G+5n5AWMFl5qBjT +LDktBE+okH5wapkUsZzZTByTgFXdBC2wY2qBrOexBAyS8/F3AoIBAQD0bkNBc1ya +KYmWlCsVSUZxUGSOp9g7ZdzlB/1G523s3PltXSphsC4mACs7ZAs5OAO/bu05kurp +dOqEAxsC05IxD2/gGoarC6QfTum9CMNoKrvtczA7Gl+6D5djum17lULY6YSBO75J +L0FQK6nCVGfAbBRAqhiFi+9kXvNThuqjgoiCNwQYxaG8aovoAKTFdkzQjDw2tUgM +jqCM6ifOBJIRolFq2CBom8nB+wpsI1naFLaOdg0Luz/Ds03gD9nWa6a4XIowKCml +Tek1Q+S2hZoTgfOlKRbCcM1KyoaI9LKI/pbKmpNyyrADw/kZKevfsKnYwMpHlaTR +NSuQ2VJKuxrRAoIBAQCBQ3bQ+eQAYyugC7dm+OBKYZpNH+ZoDUHuSUO0iKo5D3pS +cMnf9PRjUwiVv+zoqCARVkhNhUBIXZlxI1c1teqNfXjX/fYDQqCa7L1Ca/2qkhKm +bvHNlc0XjIM7eHJzHxMgw4xcur2D/2sSGu1ZEM56RvsLtu96M32opnUk5rJG5V6i +EBwDLBuRFYvsB5MuZUdvdB9dv9lGIzgEsI9LnP2hc42APBBedGizn9b/Q5zkhlJd ++53/9I/a41lhWk3NNNd9vwYTyAnfzwPi8Ma7imsSnPgFSwKh1F2G1GnvQpxQPDgE +epQ59XofDR5j0EW7mMXEqtIIn3V6hyI3fkYY795FAoIBAQCsx7x26YsN1krRzA7g +TxmiQ8exJ2gsJIcOxqT8l98WTeVqry6kOxuD9R6aLs/YNIZBrbG2vuma+PBFPMS9 +LLzsPRNCAL4s7l+nWerTmvw2B+8rm/796Fi+dwL2lfOKJipIllj52TdbGDI874Bi +Q7PLSxrN0u7eh9pCwvORmY8G4eCI20bkE9+OBmq7JqlSg5ss19RAf8hcR/2pXmOg +t45hNLIEqp3OFEF8A26MnjiHdZjN/xidsFEUjwx/U/USIqqJK7Dq9ZjqprYw1rs3 +Yh1VqMiHeRIDhCU5twt+iCojuILy2G1d+XSOVNsiNIXtaz3EYBMcouUMlV8kVtpa +xQPhAoIBAEr8U7ZaAxN2Ptgb6B8M1CVNE6q7S1VuX+T8xkciadW2aRjJ3PufFfsk +Zo12fP9K/NeOPTIz0dQB6Gy/CKzDLb8NnJCJnCUUaO8E45C2L9r6qvIJpXWHp3vo +neGO49y/5st7suOZkWU2B6ZGwNWH90296mfSKcUNxSRMaHCotPdVDyvOgLC24ZWR +6teRaxB2sVZYqmoz+4+G8SOK40bHJKf1kwujbrS3OqzDzEeC/STtqYZWPW03MFkk +MBPQvwCWMJINv4zz4YrnOaA9COc1/fTXCG5kKYyalPD8VKxi1usas1pZwIqZkuwm +D6kBMuZ4gkKW24IYzXzOni0/BOnpOfM= +-----END PRIVATE KEY----- diff --git a/examples/data/x509/x509/client_cert.pem b/examples/data/x509/x509/client_cert.pem new file mode 100644 index 000000000..e35b94b1f --- /dev/null +++ b/examples/data/x509/x509/client_cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFcTCCA1mgAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNV +BAMMDnRlc3QtY2xpZW50X2NhMB4XDTIyMDMxODIxNDQ1OVoXDTMyMDMxNTIxNDQ1 +OVowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAL2ec6a93OYIioefCs3KRz752E5VfJPyVuxalBMc +7Dx84NsdwpbUyDT6fO7ePYM8IvYAsLc5coLCP1HKGGRmYm423WZf8Kn93BDl0XcN +4bgtW9ZrekvYcXqSzygz3ifdQeZljZrqW43dkkYR2vWc+uJXs+vrRVZyUSLLbe97 +9zUbWbOfHBc1jK1vTUakl08VhllYbO0m0SYZIni0sioItVdVWTz9XE2COavLqwwL +MIq8N7JXEdYJC49JWfdzvqZYTxOn5FSTCWen7/mcZmuLYPwUCkSu05M5T2o1ygkd +ohA+/X9yjToPJ7NO509lKHWo7+sp9if6jZsiOU45/t84pD6juVZSZ20/A9i6hjtj +C0SqYk2iQEtRp+lT6yYa5ffeNllFUGtM+xq2are2n93PnXwMTUlYGuTtkyRPG717 +ZtQjKQuwfdJNoNbJl2cfQpmtLdm4Jzrg5cWiiFro+aqnZxIfUEEDkIBaUjYmwMkS +Qq+S32L4f4u7rtbnzdo/jVwq0wpSjTGQJEab+v2wZpDhVbQblTyI30A+TvBIzLil +09OX49/teZCp05kOJy0V/yXdQtPwlQGXdsCUmD6dnGav17fB1witXDdG+4SNoyF/ +PN+8wtlMQ8fWvLdxLsd/Rq6CEZQV9mBhrQxXUmFFDhd0O6wfxR/lVFxIWg70Fz7P ++z7tAgMBAAGjVzBVMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFG0psrHrGny8ziVm +RtulG3f9ROrhMA4GA1UdDwEB/wQEAwIF4DAWBgNVHSUBAf8EDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAgEAtr1dzSQswIOlEGlLtoAwkL7ys/gP2fcdh7Jl +ggiPs266yzZFyGGdd2GKo6tcjdBNjfnO8T5h8eLzj7QlzKPqA/l0BgAW7s7WX9QF +wCivw1DHE815ujlQNo3yve38pd2/I0hdf9GtQLGyOirYpwW5YcHvpmLezrW6J3UU +CWIfYhqO6bSs+HCLkvQdsCG1TpveWYXfC9aXHjw+ZGOjBMEt6AgdWctwzTjQfZub +VjZosBC3ZkDjkA9LTqKP5f8XSWt89J4JCYkiFRiJuYYiNYcZpb0Ug93XjEHIHXMG +N/cD9fCB2HovoVu8YnezpSrqEhqEikHSq80fwbf+NaT0CEbPMx3UMzt8d8gwUiwE +nzzf/o4uOwoofNWfka0J1VPY1AtjUDvz44LyVhp4uvkEJEK1WQ46mM68H/EOUmpd +fHANEbV8HLq2iOjR78n5+MCHRcX7duScp5wT0ajfDg41VrhvV/u7YctFj8ynQJg5 +cqbH+GgTrEfAFFm5mZH1SGqNPyxr1eQFWXMRGE7R/NoyQo2uqrSRmz6JFXlnWtxF +YmLhnOdQaytcpiYN2YVyC/rLK3l3Tbh4u5axvlZP/hi+nQluiZzkH97iUqXcBU/9 +jYNohnJzXMHTIZM8FQY+9uGw9ErdDo7FmX5Xkp4TzEz9k10m1fnt0njSEzITtqpg +MoO9n00= +-----END CERTIFICATE----- diff --git a/examples/data/x509/x509/client_key.pem b/examples/data/x509/x509/client_key.pem new file mode 100644 index 000000000..d9c4bae3b --- /dev/null +++ b/examples/data/x509/x509/client_key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAvZ5zpr3c5giKh58KzcpHPvnYTlV8k/JW7FqUExzsPHzg2x3C +ltTINPp87t49gzwi9gCwtzlygsI/UcoYZGZibjbdZl/wqf3cEOXRdw3huC1b1mt6 +S9hxepLPKDPeJ91B5mWNmupbjd2SRhHa9Zz64lez6+tFVnJRIstt73v3NRtZs58c +FzWMrW9NRqSXTxWGWVhs7SbRJhkieLSyKgi1V1VZPP1cTYI5q8urDAswirw3slcR +1gkLj0lZ93O+plhPE6fkVJMJZ6fv+Zxma4tg/BQKRK7TkzlPajXKCR2iED79f3KN +Og8ns07nT2Uodajv6yn2J/qNmyI5Tjn+3zikPqO5VlJnbT8D2LqGO2MLRKpiTaJA +S1Gn6VPrJhrl9942WUVQa0z7GrZqt7af3c+dfAxNSVga5O2TJE8bvXtm1CMpC7B9 +0k2g1smXZx9Cma0t2bgnOuDlxaKIWuj5qqdnEh9QQQOQgFpSNibAyRJCr5LfYvh/ +i7uu1ufN2j+NXCrTClKNMZAkRpv6/bBmkOFVtBuVPIjfQD5O8EjMuKXT05fj3+15 +kKnTmQ4nLRX/Jd1C0/CVAZd2wJSYPp2cZq/Xt8HXCK1cN0b7hI2jIX8837zC2UxD +x9a8t3Eux39GroIRlBX2YGGtDFdSYUUOF3Q7rB/FH+VUXEhaDvQXPs/7Pu0CAwEA +AQKCAgAtlwQ9adbLo/ASrYV+dwzsMkv0gY9DTvfhOeHyOnj+DhRN+njHpP9B5ZvW +Hq7xd6r8NKxIUVKb57Irqwh0Uz2FPEG9FIIbjQK1OVxEYJ0NmDJFem/b/n1CODwA +cYAPW541k+MZBRHgKQ67NB3OAeE8PFPw/A8euruRPxH+i3KjXSETE8VAO0rIhEMz +Ie2TQRydLKp71mJg45grJ17Sxmc7STT8efoQVKgjCwPkEGiqYpiNk2uhZ2lVGRC9 +cyG6gu74TdyTDQss1e7Xt+fUIZ2+3d6eJt6NvjC+25Ho4SwO9eYjF1qnQ++KqATr +TOoOaADPLLaXZCFZ1D+s9Dq4Vrj+QGk8Fajotj4gBpUtc0JxtvYM9EhlW7DpchYm +Cxe8vmEi/54YErXKawTUXYBB8IeDzwtvi3v3ktmH8BsGJ6Y3RXDI9KIG/6IE5Xeu +hkPCJnB0e3G2nlaffNSrVknxF+z74DB3T2kj0zC/4H4/hHo4W5D/pswcGWlhREWG +E7ViXJjBRkc5tpS9HfNdZ2wHiccioDIdGSHGqGMF4rLCUE2n+zc4m6pvvNCjN5KB +S4+zps50Gqtbp3DH2h1YLtkzuzvDhgpMPyJ1qZsdgelRSi2IaE5oekuBGP2WeXFw +DLI/cijc13cCacH+kpllQL//zBP8mMGmussWGgrVXdm9ZqD+rQKCAQEA6OG+s8sa +QZJ8W1nukcaS5rSvJBeZO6neCd6EB4oew5UGJsSz+x4RtJ7aJhdTGtyCXqiR2uFw +SBYdTcOgNbBUXg39vWAv+k2lmxiMGuLnAcNcGYyDLXr1SUJwe4Be984WNFdqzY0z +LCd9NvutWWX0Xd1VBdhlDuu3eBenzPBKIxTk3N2gLvzYxC/62e29Trsm7Sur11ut +Jay/CRdomjaqIiZ8q8qgdSU+pPe2DZYzUOutySJhLUegrrgWvPS/i8FHf7AGRgki +wpFn3gy5zCsFzr6n/TzJ5zQvlz+PcbUHHb06U1cnT45fkFNAJJvBYa4vi/tRx92E +Bi8d4bn40fUo3wKCAQEA0HFDHzhRxN/RbzBkymGlgfrsKcBdaAzgClo5uAXr8sdi +efsgBFo228I5lK6ywfzOfD/UxGB6ucdkZb/tRLtoK0OqOGiNx2Q1yazRVbuhrBrR +Y7DDbh7164o/MAYqPGxTMUxzXia7WBtNm00Tv9pDsw+NTzbrk7OxkLZWbjQEj99T +A9pcqXYA1RJtD/6io/43/oVscWPdRrbrNrJz+27Bsau20MBheVmX5sLTO2iWKTN4 +/ofrvOv0ru0I3ACHiLIaQFXs4snQjlhJm5MJ6kuZVdYKAzyNE+YOPnAxoiQAlHau +E1aV8ON7jmjhwxa2QICCwVcUNmwXU4UztGyGZ5a1swKCAQAi90Ia3LPkhIoHbUlU +uev0l8x0LtbjDm44LSDFwQc9dnKl/4LGgY1HAVLfxUDFF7a7X7QGmTKyoB9mPakg +ZolEVfVzKa4Kdv4We2kN4GOu8BYz/9TyTzPk/ATHhk68BkVvNnDizACS8JrsVn2A +nr5CGalaZ1NFGj9B2MtpCesXuVtjjiMu6ufhDRMtBXUXDSKbGaODglBNB9LnGoyq +GusQlZbCdHoDHMR7IHZFM/ggfkJpoK/WjJqjoSBI3raj1TFXCqbmfRiq/goKXP7I +mO0WTaoLa8Uk4cEDhJeVCwk2feL0AHH2j/npQZav6HLwp6ab7fApgikAhLKH4dRq +MdUhAoIBAQC7svJVf7qqRT3sGTD5yXpnlJPreOzj0IxC5kKJgtOYuJDl9Qw8vxwd +QkXlrHcOFl++JSCsgZCiEHpI4c6AER5Zr0HuL8BUJ9oDtJqA0EhimXeqhLdHR5v9 +sWz7CuInrQgxIX3V75zOVy/IRF0fayWBbeS6y2LRi4O/I2KrNC5TfC/eDVlZxAg1 +1rTdLVg5wqebi3w+k0Xj8r3WcFXeuTq0ikNCsapUwyf1RcU+/wwRJ+exlKXkZrnc +d1h9/AAQSQk4m+eHxWIHfFs0O/E2yULXt7kmdvU3UPfMo+0d67uV9VUF1veIhuBx +OeLqcV5GsTKNdaOe6jELJayMsRlK2LzfAoIBAEoWFSUdf3ruvj+ONju0TDtdvvTb ++i+3ttqMK/duYM2TlD3Lvqyx3kNxlMTAArfvnwtKVSw0ZIGSPc/5KHnxldcdALgT +4Ub1YesUv5585thMw1EWyXAPognLhfTEVSLYKcMPoBNCv7FvAT3Mk5SZPReRkbT9 +oqDAzg7r+0+pjD9LmnIXfCxfbSV6zcBFF8/iGAmzh3CanDqVkUds1+Ia8018cfDS +KW5PQAEnJC/BZAI7SQsxH0J9M7NYxJRN0bua5Be0N+uuYSOa+d9yecugfmvga6jf +9nEcohJShacCSkQvIXlq5Uy/WBb6sbiTmHjjW14FG25B0rrQUjmFAUiYceI= +-----END RSA PRIVATE KEY----- diff --git a/examples/data/x509/x509/create.sh b/examples/data/x509/x509/create.sh new file mode 100755 index 000000000..2b5aa5cff --- /dev/null +++ b/examples/data/x509/x509/create.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +# Create the server CA certs. +openssl req -x509 \ + -newkey rsa:4096 \ + -nodes \ + -days 3650 \ + -keyout ca_key.pem \ + -out ca_cert.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server_ca/ \ + -config ./openssl.cnf \ + -extensions test_ca \ + -sha256 + +# Create the client CA certs. +openssl req -x509 \ + -newkey rsa:4096 \ + -nodes \ + -days 3650 \ + -keyout client_ca_key.pem \ + -out client_ca_cert.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client_ca/ \ + -config ./openssl.cnf \ + -extensions test_ca \ + -sha256 + +# Generate a server cert. +openssl genrsa -out server_key.pem 4096 +openssl req -new \ + -key server_key.pem \ + -days 3650 \ + -out server_csr.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server1/ \ + -config ./openssl.cnf \ + -reqexts test_server +openssl x509 -req \ + -in server_csr.pem \ + -CAkey ca_key.pem \ + -CA ca_cert.pem \ + -days 3650 \ + -set_serial 1000 \ + -out server_cert.pem \ + -extfile ./openssl.cnf \ + -extensions test_server \ + -sha256 +openssl verify -verbose -CAfile ca_cert.pem server_cert.pem + +# Generate a client cert. +openssl genrsa -out client_key.pem 4096 +openssl req -new \ + -key client_key.pem \ + -days 3650 \ + -out client_csr.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client1/ \ + -config ./openssl.cnf \ + -reqexts test_client +openssl x509 -req \ + -in client_csr.pem \ + -CAkey client_ca_key.pem \ + -CA client_ca_cert.pem \ + -days 3650 \ + -set_serial 1000 \ + -out client_cert.pem \ + -extfile ./openssl.cnf \ + -extensions test_client \ + -sha256 +openssl verify -verbose -CAfile client_ca_cert.pem client_cert.pem + +rm *_csr.pem diff --git a/examples/data/x509/x509/openssl.cnf b/examples/data/x509/x509/openssl.cnf new file mode 100644 index 000000000..d1034214e --- /dev/null +++ b/examples/data/x509/x509/openssl.cnf @@ -0,0 +1,28 @@ +[req] +distinguished_name = req_distinguished_name +attributes = req_attributes + +[req_distinguished_name] + +[req_attributes] + +[test_ca] +basicConstraints = critical,CA:TRUE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = critical,keyCertSign + +[test_server] +basicConstraints = critical,CA:FALSE +subjectKeyIdentifier = hash +keyUsage = critical,digitalSignature,keyEncipherment,keyAgreement +subjectAltName = @server_alt_names + +[server_alt_names] +DNS.1 = *.test.example.com + +[test_client] +basicConstraints = critical,CA:FALSE +subjectKeyIdentifier = hash +keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment +extendedKeyUsage = critical,clientAuth diff --git a/examples/data/x509/x509/server_cert.pem b/examples/data/x509/x509/server_cert.pem new file mode 100644 index 000000000..f1a374008 --- /dev/null +++ b/examples/data/x509/x509/server_cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFeDCCA2CgAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNV +BAMMDnRlc3Qtc2VydmVyX2NhMB4XDTIyMDMxODIxNDQ1OFoXDTMyMDMxNTIxNDQ1 +OFowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3Qtc2VydmVyMTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAL5GBWw+qfXyelelYL/RDA/Fk4GA8DlcBQgBOjBa +XCVDMAJj63sN+ubKBtphWe6Y9SWLJa2mt8a/ZTQZm2R5FPSp9rwdr04UQgmL11wh +DCmO+wkRUeTYwsqcidEHRwOxoctyO+lwgYw983T/fp83qtNS4bw+1kJwrLtFdgok +Kd9UGIugs8BTFqE/7CxFRXTYsNy/gj0pp411Dtgknl1UefPdjco2Qon8f3Dm5iDf +AyUM1oL8+fnRQj/r6P3XC4AOiBsF3duxiBzUp87YgmwDOaa8paKOx2UNLA/eP/aP +Uhd7HkygqOX+tc3H8dvYONo6lhwQD1JqyG6IOOWe2uf5YXKK2TphPPRnCW4QIED4 +PuXYHjIvGYA4Kf0Wmb2hPk6bxJidNoLp9lsJyqGfk3QnT5PRJVgO0mlzo/UsZo77 +5j+yq87yLe5OL2HrZd1KTfg7SKOtMJ9N6tm2Hw2jwypKz+x2jlEZOgXHmYb5aUaI ++4xG+9fqc8x3ScoHQGNujF3qHO5SxnXkufNUSVbWbv1Ble8peiKyG6AFQvtcs7KG +pEoFztGSlaABwSvxO8J3aJPAEok4OI5IAGJNy92XaBMLtyt270FC8JtUnL+JEubV +t8tY5cCcGK7EtRHb47mM0K8HEq+IU2nAq6/29Ka0IZlkb5fPoWzQAZEIVKgLNHt4 +96g9AgMBAAGjXjBcMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNx36JXsCIzVWCOw +1ETtaxlN79XrMA4GA1UdDwEB/wQEAwIDqDAdBgNVHREEFjAUghIqLnRlc3QuZXhh +bXBsZS5jb20wDQYJKoZIhvcNAQELBQADggIBAAEEZln7lsS/HIysNPJktc0Gdu3n +X1BcA3wXh95YTugcxSSeLLx2SykXnwX+cJncc1OKbboO9DA5mZ+huCesGIOKeUkg +azQZL6FAdw9PQKdqKg3RgSQ4XhK990fPcmmBhSXY24jNNhRHxGw5lGBrD6X2SdW3 +m66yYzn9hMXL4yrweGO7OC4bdyISDrJiP+St/xeCoIcXP2s07dE6jl2VorJCWn4J +SxKfDhPPohZKl6dL9npkmPcpz2zRAYpo4tsVdAAQDBRui44Vvm1eBPUo7EH2UOEh +/3JtTeDUpldM8fDaKE0kTa1Ttxzs2e0Jm3M4/FMOxqSesyJldw54F4+4m24e/iQU +gceArYMFVFTipgrLfUuRvRxx/7D7V92pqTyuD3T78+KdTqrlxvCTOqSHhFE05jWD +RdynS6Ev/1QZLlnWgMwhQAnjhc1NKkso+namF1ZmHH9owiTRBlWDMNcHMDReaELd +QmFUvutHUpjidt1z+G6lzbP0XB5w+0vW4BsT0FqaYsFbK5ftryj1/K0VctrSd/ke +GI0vxrErAyLG2B8bdK88u2w7DCuXjAOp+CeA7HUmk93TsPEAhrxQ6lR51IC6LcK0 +gACSdnQDPGtkoRX00DTvdcOpzmkSgaGr/mXTqp2lR9IuZIhwKbhS3lDKsAZ/hinB +yaBwLiXfcvZrZOwy +-----END CERTIFICATE----- diff --git a/examples/data/x509/x509/server_key.pem b/examples/data/x509/x509/server_key.pem new file mode 100644 index 000000000..1c778db7c --- /dev/null +++ b/examples/data/x509/x509/server_key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAvkYFbD6p9fJ6V6Vgv9EMD8WTgYDwOVwFCAE6MFpcJUMwAmPr +ew365soG2mFZ7pj1JYslraa3xr9lNBmbZHkU9Kn2vB2vThRCCYvXXCEMKY77CRFR +5NjCypyJ0QdHA7Ghy3I76XCBjD3zdP9+nzeq01LhvD7WQnCsu0V2CiQp31QYi6Cz +wFMWoT/sLEVFdNiw3L+CPSmnjXUO2CSeXVR5892NyjZCifx/cObmIN8DJQzWgvz5 ++dFCP+vo/dcLgA6IGwXd27GIHNSnztiCbAM5pryloo7HZQ0sD94/9o9SF3seTKCo +5f61zcfx29g42jqWHBAPUmrIbog45Z7a5/lhcorZOmE89GcJbhAgQPg+5dgeMi8Z +gDgp/RaZvaE+TpvEmJ02gun2WwnKoZ+TdCdPk9ElWA7SaXOj9SxmjvvmP7KrzvIt +7k4vYetl3UpN+DtIo60wn03q2bYfDaPDKkrP7HaOURk6BceZhvlpRoj7jEb71+pz +zHdJygdAY26MXeoc7lLGdeS581RJVtZu/UGV7yl6IrIboAVC+1yzsoakSgXO0ZKV +oAHBK/E7wndok8ASiTg4jkgAYk3L3ZdoEwu3K3bvQULwm1Scv4kS5tW3y1jlwJwY +rsS1EdvjuYzQrwcSr4hTacCrr/b0prQhmWRvl8+hbNABkQhUqAs0e3j3qD0CAwEA +AQKCAgBnR3CoGbd9hZl8u4qxc5IdeXwgflFmgRlGCAyCtHlxzG9hzMTD7Ymz/hMM +NG1xQltGfqn8AROd8MPJLOEY/1QtnZgM8fv24K4bqmlCW7nTUQXYHSubkUDiY2e3 +K0ETszaETMRSaLwY2IOujQQ4/ilePY3D9UOtmqVXnVN+G7USwP31xEvtZ+xPqHfU +a+FQlFIj8FuMQXDuKozdK7s+I51yjl7pVNx3M7QlH1/olcSKNta1EQXK4RgZxD6a +kkBuyPR93ohXOJ0OMSvI7eKVKIcBh0JM4z0+D5FMJ7IGbjL8Bdsjcs1a0g/y28Xf +NBVf9w8Fun3mmYmj3ZMsqDZgVg/bAfP2z7O9kMzbuqmjelOz8HXxTm/+GIHuseMx +b/nDZgB0ZN+FhATv/onshJcjr2L3SJYzEWqjYiqaCQo5qtib+/kxh6SHPhAY2o8l +zzMhKFsJMhmwW91FXqeDS9FTlcRXtYH1EJxNGa01GpyVa6plvvFTGBNkEUJnVuEp +ULohJw0NJQYQOz5omYaQVJ49lpzVhwLEolgSlIBiM3s9nSDvVBYu+bB1ovw5OTIJ +Wlc9cBrYmdxYdAj5n6JzIC1wixgxrFw1jBm8cL/2FQYtR7daZabTMyZj5vAUqjxr +OV+uvkSFcIyBs1ty9TnnKC3yd5Ma+5chR5u7JPc1lSSor6AwQQKCAQEA4d5XrCq5 +EikGII/unhkVZsh9xmILp/4PRKc+fV7TFEpGyn8HFCBToZk6nXv99roUBdeZFobw +gDuZqBa4ougm2zgBbhdQXGaW4yZdChJlSs9yY7OAVvnG9gjuHGmWsLhvmhaeXSr2 +auxVGRaltr3r8hP9eHhloDM6qdSSAQpsdeTBQD8Ep3//aL/BLqGcF0gLrZLPwo0+ +cku8jQoVXSSOW1+YSaXRGxueuIR8lldU4I3yp2DO++DGLsOZoGFT/+ZXc2B4nE1h +o1hCWt6RKw0q2rCkZ+i6SiPGsVgb9xn6W8wHFIPA/0sOwOdtbKqKd0xwn5DnX+vt +d8shlRRUDF7HDQKCAQEA16gR/2n59HZiQQhHU9BCvGFi4nxlsuij+nqDx9fUerDU +fK79NaOuraWNkCqz+2lqfu5o3e3XNFHlVsj98SyfmTdMZ8Fj19awqN20nCOmfRkk +/MDuEzRzvNlOYBa0PpMkKJn2sahEiXGNVI4g3cGip1c5wJ1HL3jF61io4F/auBLP +grLtw8CoTqc6VpJUvsWFjopTmNdAze8WMf3vK6AKu7PKkXH7mFQZusacpO/E61Ud +euiG9BYDIIkrnWIQdLpODgliLZzPNcJDTKTFJAfIzr3WQvUaFc1+tHyX3XhpicvP +J4zyNfHd2dZMK1csXQJvFSnPgXpy531Wca0riAYZ8QKCAQEAhaVEBxE4dLBlebrw +nAeHjEuxcELvVrWTXzH+XbxP9T+F56eGDriaA5JhBnIpcWXlFxfc82FgyN97KeRX +17y50Riwb+3HlQT23u0CPEVqPfvFWY0KsWwV99qM2a74hRR8pJYhmksjh1zTdYbb +AugZxiFh53iF2Wa2nWq0AX2jc5apalRfcqTgAaEEs4zYiUYN8uRdnmZovsRliqae +wYAx44sK1vkQY5PSNKff+C0wgbY8ECHOF2eGnIEMU8ODKnWm5RP+Ca4Xyckdahsr +lmeyJbhDb2BbaicFGEZkNa/fXZW50r+q4OQOlMHbE2NNjw1hzmi1HyLAXhOJiWZ/ +3NnvuQKCAQEAg04a/zeocBcwhcYjn717FLX6/kmdpkwNo3G7EQ+xmK5YAj6Nf35U +2fel9PR7N4WcyQIiKZYp5PpEOA4SyChSWHiZ9caDIyTd1UOAN11hfmOz6I0Tp+/U +1FQ/azQHtN3kMzBjSxJYAJN56NTM4BiJD3iFemiIsjfH0h7eXBcg1djmLf8B06FX +GOSrGZDpNmqPghVpBvNwyrJbAj9Jw3cjcdvrZ5lOBhaWv+kz8Rzn+h2N4Ir5uF46 +szGxs5bEzD2vTs6Zz4ndhC7uyRi9y81Nj8t4TLZtln7TOdNup/Mr1zGXxM4Fn6DP +YlYfdHgUU+Eqf2lApeZHVfkzi+1TRvPoEQKCAQAELU/d33TNwQ/Ylo2VhwAscY3s +hv31O4tpu5koHHjOo3RDPzjuEfwy006u8NVAoj97LrU2n+XTIlnXf14TKuKWQ+8q +ajIVNj+ZAbD3djCmYXbIEL+u6aL4K1ENdjo6DNTGgPMfISE79WrmGBIKtB//uMqy +fGTUSPeo+R5WmTGN29YxAnRE/jtwOgAcicACTc0e9nghHj3c2raI0IazY5XFP0/h +LszTNUQzWx6DjWsbB+Ymuhu4fHZTYftCrIMpjmjC9pkNggeJnkxylQz/pwO73uWg +ycDgJhRyaVhM8sJXiBk+OC/ySP2Lxo60aPa514LEYJKQxUCukCTXth/6p0Qo +-----END RSA PRIVATE KEY----- diff --git a/examples/encryption/README.md b/examples/encryption/README.md new file mode 100644 index 000000000..35d4b20a2 --- /dev/null +++ b/examples/encryption/README.md @@ -0,0 +1,48 @@ +# Encryption + +This directory contains two related examples: one for TLS and one for mTLS. + +## Try it + +In each example's subdirectory: + +``` +node server.js +``` + +``` +node client.js +``` + +## Explanation + +### TLS + +TLS is a commonly used cryptographic protocol to provide end-to-end communication security. In the example, we show how to set up a server authenticated TLS connection to transmit RPC. + +The function [`grpc.credentials.createSsl`](https://grpc.github.io/grpc/node/grpc.credentials.html#.createSsl__anchor) can be used to create client TLS credentials, and the function [`grpc.ServerCredentials.createSsl`](https://grpc.github.io/grpc/node/grpc.ServerCredentials.html#.createSsl__anchor) can be used to create server TLS credentials. + +This example uses public/private keys created in advance (found in `examples/data/x509`): + + - `server_cert.pem` contains the server certificate (public key). + - `server_key.pem` contains the server private key. + - `ca_cert.pem` contains the certificate (certificate authority) that can verify the server's certificate. + +The server credentials can be passed to the `Server#bindAsync` method, and the client credentials can be passed to the `Client` constructor. + +### mTLS + +In mutual TLS (mTLS), the client and the server authenticate each other. gRPC allows users to configure mutual TLS at the connection level. + +This example uses public/private keys created in advance (found in `examples/data/x509`): + + - `server_cert.pem` contains the server's certificate (public key). + - `server_key.pem` contains the server's private key. + - `ca_cert.pem` contains the certificate of the certificate authority that can verify the server's certificate. + - `client_cert.pem` contains the client's certificate (public key). + - `client_key.pem` contains the client's private key. + - `client_ca_cert.pem` contains the certificate of the certificate authority that can verify the client's certificate. + +In normal TLS, the server is only concerned with presenting the server certificate for clients to verify. In mutual TLS, the server also loads in a list of trusted CA files for verifying the client's presented certificates. This is done by passing the CA file as the first argument to `grpc.ServerCredentials.createSsl`, and by setting the last argument `checkClientCertificate` to `true`. + +In normal TLS, the client is only concerned with authenticating the server by using one or more trusted CA file. In mutual TLS, the client also presents its client certificate to the server for authentication. This is done by passing the key and cert files as the second and third arguments to `grpc.credentials.createSsl`. diff --git a/examples/encryption/TLS/client.js b/examples/encryption/TLS/client.js new file mode 100644 index 000000000..ecd88ba12 --- /dev/null +++ b/examples/encryption/TLS/client.js @@ -0,0 +1,64 @@ +/* + * + * Copyright 2025 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +const grpc = require('@grpc/grpc-js'); +const protoLoader = require('@grpc/proto-loader'); +const parseArgs = require('minimist'); +const fs = require('fs'); + +const PROTO_PATH = __dirname + '/../../protos/echo.proto'; + +const packageDefinition = protoLoader.loadSync( + PROTO_PATH, + {keepCase: true, + longs: String, + enums: String, + defaults: true, + oneofs: true + }); +const echoProto = grpc.loadPackageDefinition(packageDefinition).grpc.examples.echo; + +const DATA_DIR = `${__dirname}/../../data/x509`; + +function callUnaryEcho(client, message) { + return new Promise((resolve, reject) => { + const deadline = new Date(); + deadline.setSeconds(deadline.getSeconds() + 10); + client.unaryEcho({message: message}, {deadline}, (error, value) => { + if (error) { + reject(error); + return; + } + console.log(`UnaryEcho: ${JSON.stringify(value)}`); + resolve(); + }); + }); +} + +async function main() { + let argv = parseArgs(process.argv.slice(2), { + string: 'target', + default: {target: 'localhost:50051'} + }); + const caFile = fs.readFileSync(`${DATA_DIR}/ca_cert.pem`); + const credentials = grpc.credentials.createSsl(caFile) + const client = new echoProto.Echo(argv.target, credentials, {'grpc.ssl_target_name_override': 'x.test.example.com'}); + await callUnaryEcho(client, 'hello world'); +} + +main() diff --git a/examples/encryption/TLS/server.js b/examples/encryption/TLS/server.js new file mode 100644 index 000000000..93f2489aa --- /dev/null +++ b/examples/encryption/TLS/server.js @@ -0,0 +1,61 @@ +/* + * + * Copyright 2025 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +const grpc = require('@grpc/grpc-js'); +const protoLoader = require('@grpc/proto-loader'); +const parseArgs = require('minimist'); +const fs = require('fs'); + +const PROTO_PATH = __dirname + '/../../protos/echo.proto'; + +const packageDefinition = protoLoader.loadSync( + PROTO_PATH, + {keepCase: true, + longs: String, + enums: String, + defaults: true, + oneofs: true + }); +const echoProto = grpc.loadPackageDefinition(packageDefinition).grpc.examples.echo; + +const DATA_DIR = `${__dirname}/../../data/x509`; + +function unaryEcho(call, callback) { + console.log(`unary echoing message ${call.request.message}`); + callback(null, call.request); +} + +function main() { + const argv = parseArgs(process.argv.slice(2), { + string: 'port', + default: {port: '50051'} + }); + const server = new grpc.Server(); + server.addService(echoProto.Echo.service, { unaryEcho }); + const keyFile = fs.readFileSync(`${DATA_DIR}/server_key.pem`); + const certFile = fs.readFileSync(`${DATA_DIR}/server_cert.pem`); + const credentials = grpc.ServerCredentials.createSsl(null, [{ private_key: keyFile, cert_chain: certFile }]); + server.bindAsync(`0.0.0.0:${argv.port}`, credentials, (err, port) => { + if (err != null) { + return console.error(err); + } + console.log(`gRPC listening on ${port}`) + }); +} + +main(); diff --git a/examples/encryption/mTLS/client.js b/examples/encryption/mTLS/client.js new file mode 100644 index 000000000..41ac562f6 --- /dev/null +++ b/examples/encryption/mTLS/client.js @@ -0,0 +1,66 @@ +/* + * + * Copyright 2025 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +const grpc = require('@grpc/grpc-js'); +const protoLoader = require('@grpc/proto-loader'); +const parseArgs = require('minimist'); +const fs = require('fs'); + +const PROTO_PATH = __dirname + '/../../protos/echo.proto'; + +const packageDefinition = protoLoader.loadSync( + PROTO_PATH, + {keepCase: true, + longs: String, + enums: String, + defaults: true, + oneofs: true + }); +const echoProto = grpc.loadPackageDefinition(packageDefinition).grpc.examples.echo; + +const DATA_DIR = `${__dirname}/../../data/x509`; + +function callUnaryEcho(client, message) { + return new Promise((resolve, reject) => { + const deadline = new Date(); + deadline.setSeconds(deadline.getSeconds() + 10); + client.unaryEcho({message: message}, {deadline}, (error, value) => { + if (error) { + reject(error); + return; + } + console.log(`UnaryEcho: ${JSON.stringify(value)}`); + resolve(); + }); + }); +} + +async function main() { + let argv = parseArgs(process.argv.slice(2), { + string: 'target', + default: {target: 'localhost:50051'} + }); + const caFile = fs.readFileSync(`${DATA_DIR}/ca_cert.pem`); + const keyFile = fs.readFileSync(`${DATA_DIR}/client_key.pem`); + const certFile = fs.readFileSync(`${DATA_DIR}/client_cert.pem`); + const credentials = grpc.credentials.createSsl(caFile, keyFile, certFile); + const client = new echoProto.Echo(argv.target, credentials, {'grpc.ssl_target_name_override': 'x.test.example.com'}); + await callUnaryEcho(client, 'hello world'); +} + +main() diff --git a/examples/encryption/mTLS/server.js b/examples/encryption/mTLS/server.js new file mode 100644 index 000000000..de7aa1c50 --- /dev/null +++ b/examples/encryption/mTLS/server.js @@ -0,0 +1,62 @@ +/* + * + * Copyright 2025 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +const grpc = require('@grpc/grpc-js'); +const protoLoader = require('@grpc/proto-loader'); +const parseArgs = require('minimist'); +const fs = require('fs'); + +const PROTO_PATH = __dirname + '/../../protos/echo.proto'; + +const packageDefinition = protoLoader.loadSync( + PROTO_PATH, + {keepCase: true, + longs: String, + enums: String, + defaults: true, + oneofs: true + }); +const echoProto = grpc.loadPackageDefinition(packageDefinition).grpc.examples.echo; + +const DATA_DIR = `${__dirname}/../../data/x509`; + +function unaryEcho(call, callback) { + console.log(`unary echoing message ${call.request.message}`); + callback(null, call.request); +} + +function main() { + const argv = parseArgs(process.argv.slice(2), { + string: 'port', + default: {port: '50051'} + }); + const server = new grpc.Server(); + server.addService(echoProto.Echo.service, { unaryEcho }); + const clientCaFile = fs.readFileSync(`${DATA_DIR}/client_ca_cert.pem`); + const keyFile = fs.readFileSync(`${DATA_DIR}/server_key.pem`); + const certFile = fs.readFileSync(`${DATA_DIR}/server_cert.pem`); + const credentials = grpc.ServerCredentials.createSsl(clientCaFile, [{ private_key: keyFile, cert_chain: certFile }], true); + server.bindAsync(`0.0.0.0:${argv.port}`, credentials, (err, port) => { + if (err != null) { + return console.error(err); + } + console.log(`gRPC listening on ${port}`) + }); +} + +main();