3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-10 23:57:34 +02:00
Code Issues Projects Releases Packages Wiki Activity

Move examples repo into main repo (#1102)

Browse source
This commit is contained in:
Travis Groth 2020-07-17 14:23:06 -04:00 committed by GitHub
parent b79e73b8b8
commit ca6715d3c5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
28 changed files with 851 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
examples/mutual-tls/Dockerfile Normal file
View file

@ -0,0 +1,11 @@
FROM golang:latest as build-env
WORKDIR /go/src/app
ADD . /go/src/app
RUN go get -d -v ./...
RUN go install -v ./...
FROM gcr.io/distroless/base
COPY --from=build-env /go/bin/app /
CMD ["/app"]

85
examples/mutual-tls/README.md Normal file
View file

@ -0,0 +1,85 @@
# Mutual Authenticated TLS Example
A tiny go http server that enforces client certificates and can be used to test mutual TLS with Pomerium.
## TL;DR
### Pomerium config
```yaml
# See detailed configuration settings : https://www.pomerium.io/reference/
authenticate_service_url: https://authenticate.corp.domain.example
authorize_service_url: https://authorize.corp.domain.example
# identity provider settings : https://www.pomerium.io/docs/identity-providers.html
idp_provider: google
idp_client_id: REPLACE_ME
idp_client_secret: REPLACE_ME
policy:
- from: https://mtls.corp.domain.example
to: https://localhost:8443
allowed_domains:
- domain.example
tls_custom_ca_file: "/Users/bdd/examples/mutual-tls/out/good-ca.crt"
tls_client_cert_file: "/Users/bdd/examples/mutual-tls/out/pomerium.crt"
tls_client_key_file: "/Users/bdd/examples/mutual-tls/out/pomerium.key"
- from: https://httpbin.corp.domain.example
to: https://httpbin.org
allow_public_unauthenticated_access: true
```
### Docker-compose
```yaml
version: "3"
services:
pomerium:
image: pomerium/pomerium:latest
environment:
- CERTIFICATE
- CERTIFICATE_KEY
- COOKIE_SECRET
volumes:
# Mount your config file : https://www.pomerium.io/reference/
# be sure to change the default values :)
- ./example.config.yaml:/pomerium/config.yaml:ro
ports:
- 443:443
mtls:
image: pomerium/examples:mtls
environment:
- TLS_CERT
- TLS_KEY
- CLIENT_CA
ports:
- 8443:8443
```
## Generate some certificates
This can be done a myriad of ways. The easiest for testing is probably using [certstrap](https://github.com/square/certstrap).
See [scripts/generate_certs.sh](scripts/generate_certs.sh)
## Run the server
Certificates can be set using the following base 64 encoded [environmental variables](env). For example,
```bash
source ./env && go run main.go
```
## Test the server with curl
See [scripts/curl.sh](scripts/curl.sh)
## Docker
Pull `pomerium/examples:mtls` or see [Dockerfile](Dockerfile)
## Configuring Pomerium
See [example.config.yaml](example.config.yaml)

23
examples/mutual-tls/docker-compose.yaml Normal file
View file

@ -0,0 +1,23 @@
version: "3"
services:
pomerium:
image: pomerium/pomerium:latest
environment:
- CERTIFICATE
- CERTIFICATE_KEY
- COOKIE_SECRET
volumes:
# Mount your config file : https://www.pomerium.io/reference/
# be sure to change the default values :)
- ./example.config.yaml:/pomerium/config.yaml:ro
ports:
- 443:443
mtls:
image: pomerium/examples:mtls
environment:
- TLS_CERT
- TLS_KEY
- CLIENT_CA
ports:
- 8443:8443

24
examples/mutual-tls/example.config.yaml Normal file
View file

@ -0,0 +1,24 @@
# See detailed configuration settings : https://www.pomerium.io/reference/
authenticate_service_url: https://authenticate.corp.domain.example
authorize_service_url: https://authorize.corp.domain.example
# identity provider settings : https://www.pomerium.io/docs/identity-providers.html
idp_provider: google
idp_client_id: REPLACE_ME
idp_client_secret: REPLACE_ME
policy:
- from: https://mtls.corp.domain.example
to: https://localhost:8443
allowed_domains:
- domain.example
#good-ca.crt
tls_custom_ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUU1RENDQXN5Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFTTVJBd0RnWURWUVFERXdkbmIyOWsKTFdOaE1CNFhEVEU1TURneE1ERTNOREF3TWxvWERUSXhNREl4TURFM05EQXdNbG93RWpFUU1BNEdBMVVFQXhNSApaMjl2WkMxallUQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUw3b2VldEovNmNFCkdicTcvanNtcU9FM2VyVE1aRHR0eFM4STVGV1c0TkRXbWNpOE5IdWRMZDhlM1JtOEh6Y09jSjRQL0ErcDVsYmsKTjhySzY4OUlsQzhqM28yaEhSdEk2T21saFY3NEoxaUlIOGtkSXU2V2xPMWtOdUx5dGRrbjhRaytJOUNEWjlGSAorZzhRbnVka0tMUWJkZFdDVXJzUjR4cEcyK0VkNWdua0JJNG4zbmNLMFgvWEZocWhDTEU1eFBaQk5OWktGbHJxCm1lYUl4dHoyc2ZvWVY1NmcwMnNGS1QxSUlMNTVFMG14djRUa2JtSWw5Rk9qZEtCdkhFZnJHeXl5OFRGTHErUzMKTXo2em9xNDhuOEhGMUc5cHBLVk9OMUp0Mks1UWEvV2hpbjVrcWNhYTNwNE0vN2tiNmtxU0tMWG1iN0gyN3kvVQpEYjZDUG01d2lodjA2c1FobXN2MHhuS2hqMm8vQzhlcWxzNzZZWDF1Y2NqMzlmSTRlQ1E4cENFbTlVcDh5ZkkvCkxlYVpXbGE0NEZneWw3N1lyc2MvM0U5dk1hS0ZVeGRjR3VtMXQrNUZZYWpkY0EvTlFreTJBeTJqcHRwVXV1SFUKNnhYSzdEcXY5Z01jQS8zM1VYOFpHZklPRk0rY3FlOTQxaTVPT1hGSHJoRDlqeTRQR2M4Z2kxSTRyK1VXd0tCYgoxSGg1clQ3ckJZK1NLTTBzZmtpQlZ1RU9pbnk2dDF1Z2tEdjY4dXNFWFlIWlZXaWl6b1hmcDVHbjZmckUvd1IxCkRkak13TGEvT2tQTnVEVVQ4eU1GS2hWRnFHcXdHQzY2bys1cjQyMlVwa0s4SHJ5K2tsQ3pUTys3U0RodTJiWk4KUVFGT0NLSVVldnR3bGdabVBNck1BNTZ3dzVSSnNhVnhBZ01CQUFHalJUQkRNQTRHQTFVZER3RUIvd1FFQXdJQgpCakFTQmdOVkhSTUJBZjhFQ0RBR0FRSC9BZ0VBTUIwR0ExVWREZ1FXQkJSNTRKQ3pMRlg0T0RTQ1J0dWNBUGZOCnVYVnpuREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBZituUmpBVnZuT0pSckpBQWpKWVY3aVF3bHExUXZYRGcKbHZhY0JoVFJyWFh4OW5GaVRZUzV4MkFMbXZ5WHhubTdIS2VDSUZEclJwOE5MVFkyYjJXR01BcTFxc3JBT0QvegpTNmNSSW1OQ21QNmd0UHNUNDlabzBYajNrZjZyTXBPeHBiSUlnSmZMY056UGZpL25jeC9oRDNBOHl6Zk4wQTZZCnFFd2QvSkZPajdEa3RaQmdlSXZETlJXS0pveEpJRlZ4anJqLzFiVmkxZTRWVjVvWmhOako4SzlyV1FRK1EvK3QKZ3lGK0sycGxDQ1RiRWR6eU9heDY1djh5UDJ5RCs2WkFIRk9sRjI2TnZpUkw4OWJ1VHIwaEpZa0N5VXZ3MmJZaQo4Q3MyWDZkd0NDdXVhZUdVR2VRemszMGxQeUdWSmVKL3ZJMGJRSzlpZ2I5dFozY3d0WHBQdjN6a1B1TDE3d01WCitCMXo2RW1HZVVLNXlTQ0xFWjc2aVliNU0vY3ZjTUVOMWdoeFNIN0FmaDhMS0c0eWszT21SQ253akVqdTFhaWoKZGs3cjJuc0xmYU9KWFBRNU1wMzRYU1ltdTlpTVl0VytMbWZiSDJxMW9vS3dKZDhHNVhhRWRmQmpHUEQ5Q3FkWAphSlh0MDA0cVdsalJOS3p1MFNFRmJ6UldGNHRoeXlUTzE4QVI4eTNHV0Vwak95amdKSzlFeU1sQm9Qa3RYQVVVCjZzTFhqT3ZZU0ovd202NUhxVVZBTTVsRy96WVN3TGdCTDAwc1pJKzVGa0QwblU0Rkx6QWRLV05LWkRXZFVNbUwKVi9lV0ZGNGwwVFBvNTVhM0pUL1BGc2J0RFBLVWxvWVFXeTFybmFqR3J1L0Y5bGRCcHB1bUVUa2FOS2ZWT05Jcgp4cERnc1FhVkVXOD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
# pomerium.crt
tls_client_cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVJVENDQWdtZ0F3SUJBZ0lSQVBqTEJxS1lwcWU0ekhQc0dWdFR6T0F3RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSFoyOXZaQzFqWVRBZUZ3MHhPVEE0TVRBeE9EUTVOREJhRncweU1UQXlNVEF4TnpRdwpNREZhTUJNeEVUQVBCZ05WQkFNVENIQnZiV1Z5YVhWdE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQTY3S2pxbVFZR3EwTVZ0QUNWcGVDbVhtaW5sUWJEUEdMbXNaQVVFd3VlSFFucnQzV3R2cEQKT202QWxhSk1VblcrSHU1NWpqb2thbEtlVmpUS21nWUdicVV6VkRvTWJQRGFIZWtsdGRCVE1HbE9VRnNQNFVKUwpEck80emROK3pvNDI4VFgyUG5HMkZDZFZLR3k0UEU4aWxIYldMY3I4NzFZalY1MWZ3OENMRFg5UFpKTnU4NjFDCkY3VjlpRUptNnNTZlFsbW5oTjhqMytXelZiUFFOeTFXc1I3aTllOWo2M0VxS3QyMlE5T1hMK1dBY0tza29JU20KQ05WUlVBalU4WVJWY2dRSkIrelEzNEFRUGx6ME9wNU8vUU4vTWVkamFGOHdMUytpdi96dmlTOGNxUGJ4bzZzTApxNkZOVGx0ay9Ra3hlQ2VLS1RRZS8za1BZdlFBZG5sNjVRSURBUUFCbzNFd2J6QU9CZ05WSFE4QkFmOEVCQU1DCkE3Z3dIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUIwR0ExVWREZ1FXQkJRQ1FYbWIKc0hpcS9UQlZUZVhoQ0dpNjhrVy9DakFmQmdOVkhTTUVHREFXZ0JSNTRKQ3pMRlg0T0RTQ1J0dWNBUGZOdVhWegpuREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBcm9XL2trMllleFN5NEhaQXFLNDVZaGQ5ay9QVTFiaDlFK1BRCk5jZFgzTUdEY2NDRUFkc1k4dll3NVE1cnhuMGFzcSt3VGFCcGxoYS9rMi9VVW9IQ1RqUVp1Mk94dEF3UTdPaWIKVE1tMEorU3NWT3d4YnFQTW9rK1RqVE16NFdXaFFUTzVwRmNoZDZXZXNCVHlJNzJ0aG1jcDd1c2NLU2h3YktIegpQY2h1QTQ4SzhPdi96WkxmZnduQVNZb3VCczJjd1ZiRDI3ZXZOMzdoMGFzR1BrR1VXdm1PSDduTHNVeTh3TTdqCkNGL3NwMmJmTC9OYVdNclJnTHZBMGZMS2pwWTQrVEpPbkVxQmxPcCsrbHlJTEZMcC9qMHNybjRNUnlKK0t6UTEKR1RPakVtQ1QvVEFtOS9XSThSL0FlYjcwTjEzTytYNEtaOUJHaDAxTzN3T1Vqd3BZZ3lxSnNoRnNRUG50VmMrSQpKQmF4M2VQU3NicUcwTFkzcHdHUkpRNmMrd1lxdGk2Y0tNTjliYlRkMDhCNUk1N1RRTHhNcUoycTFnWmw1R1VUCmVFZGNWRXltMnZmd0NPd0lrbGNBbThxTm5kZGZKV1FabE5VaHNOVWFBMkVINnlDeXdaZm9aak9hSDEwTXowV20KeTNpZ2NSZFQ3Mi9NR2VkZk93MlV0MVVvRFZmdEcxcysrditUQ1lpNmpUQU05dkZPckJ4UGlOeGFkUENHR2NZZAowakZIc2FWOGFPV1dQQjZBQ1JteHdDVDdRTnRTczM2MlpIOUlFWWR4Q00yMDUrZmluVHhkOUcwSmVRRTd2Kyt6CldoeWo2ZmJBWUIxM2wvN1hkRnpNSW5BOGxpekdrVHB2RHMxeTBCUzlwV3ppYmhqbVFoZGZIejdCZGpGTHVvc2wKZzlNZE5sND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
# pomerium.key
tls_client_key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcGdJQkFBS0NBUUVBNjdLanFtUVlHcTBNVnRBQ1ZwZUNtWG1pbmxRYkRQR0xtc1pBVUV3dWVIUW5ydDNXCnR2cERPbTZBbGFKTVVuVytIdTU1ampva2FsS2VWalRLbWdZR2JxVXpWRG9NYlBEYUhla2x0ZEJUTUdsT1VGc1AKNFVKU0RyTzR6ZE4rem80MjhUWDJQbkcyRkNkVktHeTRQRThpbEhiV0xjcjg3MVlqVjUxZnc4Q0xEWDlQWkpOdQo4NjFDRjdWOWlFSm02c1NmUWxtbmhOOGozK1d6VmJQUU55MVdzUjdpOWU5ajYzRXFLdDIyUTlPWEwrV0FjS3NrCm9JU21DTlZSVUFqVThZUlZjZ1FKQit6UTM0QVFQbHowT3A1Ty9RTi9NZWRqYUY4d0xTK2l2L3p2aVM4Y3FQYngKbzZzTHE2Rk5UbHRrL1FreGVDZUtLVFFlLzNrUFl2UUFkbmw2NVFJREFRQUJBb0lCQVFEQVQ0eXN2V2pSY3pxcgpKcU9SeGFPQTJEY3dXazJML1JXOFhtQWhaRmRTWHV2MkNQbGxhTU1yelBmTG41WUlmaHQzSDNzODZnSEdZc3pnClo4aWJiYWtYNUdFQ0t5N3lRSDZuZ3hFS3pRVGpiampBNWR3S0h0UFhQUnJmamQ1Y2FMczVpcDcxaWxCWEYxU3IKWERIaXUycnFtaC9kVTArWGRMLzNmK2VnVDl6bFQ5YzRyUm84dnZueWNYejFyMnVhRVZ2VExsWHVsb2NpeEVrcgoySjlTMmxveWFUb2tFTnNlMDNpSVdaWnpNNElZcVowOGJOeG9IWCszQXVlWExIUStzRkRKMlhaVVdLSkZHMHUyClp3R2w3YlZpRTFQNXdiQUdtZzJDeDVCN1MrdGQyUEpSV3Frb2VxY3F2RVdCc3RFL1FEcDFpVThCOHpiQXd0Y3IKZHc5TXZ6Q2hBb0dCQVBObzRWMjF6MGp6MWdEb2tlTVN5d3JnL2E4RkJSM2R2Y0xZbWV5VXkybmd3eHVucnFsdwo2U2IrOWdrOGovcXEvc3VQSDhVdzNqSHNKYXdGSnNvTkVqNCt2b1ZSM3UrbE5sTEw5b21rMXBoU0dNdVp0b3huCm5nbUxVbkJUMGI1M3BURkJ5WGsveE5CbElreWdBNlg5T2MreW5na3RqNlRyVnMxUERTdnVJY0s1QW9HQkFQZmoKcEUzR2F6cVFSemx6TjRvTHZmQWJBdktCZ1lPaFNnemxsK0ZLZkhzYWJGNkdudFd1dWVhY1FIWFpYZTA1c2tLcApXN2xYQ3dqQU1iUXI3QmdlazcrOSszZElwL1RnYmZCYnN3Syt6Vng3Z2doeWMrdytXRWExaHByWTZ6YXdxdkFaCkhRU2lMUEd1UGp5WXBQa1E2ZFdEczNmWHJGZ1dlTmd4SkhTZkdaT05Bb0dCQUt5WTF3MUM2U3Y2c3VuTC8vNTcKQ2Z5NTAwaXlqNUZBOWRqZkRDNWt4K1JZMnlDV0ExVGsybjZyVmJ6dzg4czBTeDMrYS9IQW1CM2dMRXBSRU5NKwo5NHVwcENFWEQ3VHdlcGUxUnlrTStKbmp4TzlDSE41c2J2U25sUnBQWlMvZzJRTVhlZ3grK2trbkhXNG1ITkFyCndqMlRrMXBBczFXbkJ0TG9WaGVyY01jSkFvR0JBSTYwSGdJb0Y5SysvRUcyY21LbUg5SDV1dGlnZFU2eHEwK0IKWE0zMWMzUHE0amdJaDZlN3pvbFRxa2d0dWtTMjBraE45dC9ibkI2TmhnK1N1WGVwSXFWZldVUnlMejVwZE9ESgo2V1BMTTYzcDdCR3cwY3RPbU1NYi9VRm5Yd0U4OHlzRlNnOUF6VjdVVUQvU0lDYkI5ZHRVMWh4SHJJK0pZRWdWCkFrZWd6N2lCQW9HQkFJRncrQVFJZUIwM01UL0lCbGswNENQTDJEak0rNDhoVGRRdjgwMDBIQU9mUWJrMEVZUDEKQ2FLR3RDbTg2MXpBZjBzcS81REtZQ0l6OS9HUzNYRk00Qm1rRk9nY1NXVENPNmZmTGdLM3FmQzN4WDJudlpIOQpYZGNKTDQrZndhY0x4c2JJKzhhUWNOVHRtb3pkUjEzQnNmUmIrSGpUL2o3dkdrYlFnSkhCT0syegotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
- from: https://httpbin.corp.domain.example
to: https://httpbin.org
allow_public_unauthenticated_access: true

125
examples/mutual-tls/main.go Normal file
View file

@ -0,0 +1,125 @@
package main
import (
"crypto/tls"
"crypto/x509"
"encoding/base64"
"fmt"
"log"
"net"
"net/http"
"os"
)
func main() {
port := "8443"
if fromEnv := os.Getenv("PORT"); fromEnv != "" {
port = fromEnv
}
tlsCert := os.Getenv("TLS_CERT")
tlsKey := os.Getenv("TLS_KEY")
clientCA := os.Getenv("CLIENT_CA")
if tlsCert == "" {
log.Fatal("TLS_CERT environment variable must be set")
}
if tlsKey == "" {
log.Fatal("TLS_KEY environment variable must be set")
}
if clientCA == "" {
log.Fatal("CLIENT_CA environment variable must be set")
}
mux := http.NewServeMux()
mux.HandleFunc("/", hello)
srv := &http.Server{Handler: mux}
ln, err := newClientCertTLSListener(":"+port, tlsCert, tlsKey, clientCA)
if err != nil {
log.Fatalf("failed creating tls listener: %v", err)
}
log.Printf("listening on port %s", port)
log.Fatal(srv.Serve(ln))
}
func hello(w http.ResponseWriter, r *http.Request) {
log.Printf("Serving request: %s", r.URL.Path)
fmt.Fprintf(w, "Hello, world!\n")
fmt.Fprintf(w, "%s %s %s\n", r.Method, r.URL, r.Proto)
fmt.Fprintf(w, "TLS\n\tServerName: %s\n\tVersion: %d \n\t CipherSuite:%d \n", r.TLS.ServerName, r.TLS.Version, r.TLS.CipherSuite)
for _, cert := range r.TLS.PeerCertificates {
fmt.Fprintf(w, "TLSPeerCertificate: Subject %+v\n", cert.Subject)
}
if headerIP := r.Header.Get("X-Forwarded-For"); headerIP != "" {
fmt.Fprintf(w, "Client IP (X-Forwarded-For): %s\n", headerIP)
}
fmt.Fprintf(w, "Headers\n")
for k, v := range r.Header {
fmt.Fprintf(w, "\t[%s]:\n\t\t%s\n", k, v)
}
}
func newClientCertTLSListener(addr, tlsCert, tlsKey, clientCA string) (net.Listener, error) {
caPool, err := decodeCertPoolFromPEM(clientCA)
if err != nil {
return nil, err
}
cert, err := decodeCertificate(tlsCert, tlsKey)
if err != nil {
return nil, err
}
tlsConfig := &tls.Config{
ClientAuth: tls.RequireAndVerifyClientCert,
ClientCAs: caPool,
MinVersion: tls.VersionTLS12,
CipherSuites: []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
},
PreferServerCipherSuites: true,
CurvePreferences: []tls.CurveID{
tls.X25519,
tls.CurveP256,
},
Certificates: []tls.Certificate{*cert},
NextProtos: []string{"h2"},
}
tlsConfig.BuildNameToCertificate()
ln, err := net.Listen("tcp", addr)
if err != nil {
return nil, err
}
return tls.NewListener(ln, tlsConfig), nil
}
func decodeCertPoolFromPEM(encPemCerts string) (*x509.CertPool, error) {
pemCerts, err := base64.StdEncoding.DecodeString(encPemCerts)
if err != nil {
return nil, fmt.Errorf("couldn't decode pem %v: %v", pemCerts, err)
}
certPool := x509.NewCertPool()
if ok := certPool.AppendCertsFromPEM(pemCerts); !ok {
return nil, fmt.Errorf("failed to append certs from pem")
}
return certPool, nil
}
func decodeCertificate(cert, key string) (*tls.Certificate, error) {
decodedCert, err := base64.StdEncoding.DecodeString(cert)
if err != nil {
return nil, fmt.Errorf("failed to decode certificate cert %v: %v", decodedCert, err)
}
decodedKey, err := base64.StdEncoding.DecodeString(key)
if err != nil {
return nil, fmt.Errorf("failed to decode certificate key %v: %v", decodedKey, err)
}
x509, err := tls.X509KeyPair(decodedCert, decodedKey)
return &x509, err
}

16
examples/mutual-tls/out/bad-ca.crl Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN X509 CRL-----
MIICgDBqAgEBMA0GCSqGSIb3DQEBCwUAMBExDzANBgNVBAMTBmJhZC1jYRcNMTkw
ODEwMTc0MDExWhcNMjEwMjEwMTc0MDA3WjAAoCMwITAfBgNVHSMEGDAWgBQq63Nb
YCpJHmrjK5UOEYdXiefewTANBgkqhkiG9w0BAQsFAAOCAgEAi4dqR+WaVMZwnDnx
tBXBWKUPYwbhicEGBRX7foRkP9lU05w1KiiBUAjNstOXteePrXWnmMlmvtErQuiN
ySwVqLXO/IwP7kstkT6i6g07J/Aj7J/L68zEsm3td9iTJQXKi+q9sZNIOv6NqhfK
U63PLQ5VhhTqO9pfmpJl3EbYFQdsyQbhLKOqJAXGWgRwWHPBpTdgf06VtAV9hDT2
Jd68wK4LTRC6VMd5guUZcRK2TSI1+3k/m0S13rtejD8ilfUoMxoUuSzUXnHr9oyL
fLsmv64phmFBJrgmtUbU9iZBEr8Xo8kvg5qp4fbYw7AmS1LgJPsLeT3gTSLOAY5e
0lqF4IwnbWjeVSVki7r9k5DNv9EeCbROyxUG0/j0TWH76xilobIE6/oz4ZiQvund
IgNa4hhZxJQbxUWj/joxHXN47FXAR+E/Udq5knIduYTnbZkIvMWA2zz9N5Btnlkt
r8gZcIApdPw12QkHNYwz3zwA+Nndr5aBuDYEm7mhqP2m6qFCMzIA1ZycJY2i79H/
ZaFAEEqO8Tfca6eyHc6aSSKUhAJXFGbCsdnhZ7Ld0DZM9R2a9ReTh2364h8kBb3o
eNoIPWEb8dGtWqLe8rTWuH9r9i9d3t3lLzAcjZwT8E+/7XXkdS+ZgO16U+nr/MSd
w9qdocuETDhJJTh1DHniJnlf5SA=
-----END X509 CRL-----

29
examples/mutual-tls/out/bad-ca.crt Normal file
View file

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE4jCCAsqgAwIBAgIBATANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZiYWQt
Y2EwHhcNMTkwODEwMTc0MDA3WhcNMjEwMjEwMTc0MDA3WjARMQ8wDQYDVQQDEwZi
YWQtY2EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDN0AnicJPTsZtF
0gRuLutXdPvqXNkJujeVew8Vfxt3jBVR5+AEaM+fN1blOmhezbqyqwUOys7XxgMc
zJSsgsYB0yfZ6UkipfsB7290R9huuz3ya6r/mMY9yrH8/iydMRn4mHYzSruCSMSn
D/VZeB702wulqE/rfNxJZ1C3oJFO+LNty4pP1IkcFEOY41GdjewwjyPUTwT2dqUl
6KMUvFfO/aHHCDKs/nf7bK4RGrtPc97/gsUhIeaU5M3qnFJCi41RyJVG+FgiRuVa
CzjiS70+SA46ENbnaw4c6SQSl3PqPMUKSm+vcAblLD6nEtUqNwVeOBy1Ghckv4EC
5MQNRTFdSkzr0H6oeNR7Uxba2W8Tz7O9i0IKlG5pIS0HEHRUu2sWU9HH41hr09CC
hiT8SiLvd6pCm7hyc6XbsdTWUlQpnPR3OlSp9zgmdUv+pHuw4CgFg8Iq2EMetOP6
oYwGAYmYRAxagT40KHL53ecHjnhNWnpLJVV/Vpscp7uA9gsImQF9jVAa9cj1GoJR
f+R55oJ0um0Fa+fewQ7bgaU4AvH0R/8tPFPFCa7QrCIFGGjhvJ2b06hyIz/+Nhoo
TQhr6U8YXmgTZtzFkSETizBxQ7cKtBJHB5UwFkJ7LwvU/KfwwTnxiks9CIIyVpg4
CnmQ5KRWLu8sbIYSUfTQ2mZVX3wZJwIDAQABo0UwQzAOBgNVHQ8BAf8EBAMCAQYw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUKutzW2AqSR5q4yuVDhGHV4nn
3sEwDQYJKoZIhvcNAQELBQADggIBADllwWq8XECqK0A8Io1OZ6ZqmwDFg5Z+xj9m
jQMWcwY53NvEXYCm/odwOcoB0pB0xVG2FDsE7cw8aP/2XMBZ5DA5YR64r0fE80Og
aS6SOXxR4H13tRrZfGgtlh+7ADYYuurYsVcvKKsqxtQTrrmR9qcHV7fEl2/bLBJP
tJyD2kXYbmLC6rbp3V2llYOxE2Ox2MXG6TTKWQ1AOcPw93GdQ8mXCdUbZyy3e/tK
dy7/Y1P+tUxvKXInyvgWPuCiKQRqswvGxpyXjx4pP9Cf5ZVpnZtQ1m051JZSFw1Q
qRJC1au/PsblKVRLdyELqYvi99W6hilVvrBYHM2QlKqH2YL6DuOuCAjB72cUrpnX
5YldQGTVZ5yVa9emFz7VatVZAgF4rsyv4Mg8ultYo1ZgVgV+WsVL+yfsDCYYNpw7
kmy9TJhi21MNpJbqY57CpYo6NoraNUfQanbuCmpFd3My0pF4Ht4CmjaN1p4m6osA
hVDNdWRWng6IGmyI4j9fUhnBySOTKrzn+TGdeml54iZoUe6qjfgbTls6HRrQbUgO
LlPijh0IcpzCWPDqXunSg2mLrQjYiUPvAOJRbK/XbG2L0zXfwH+q/HJ8cek0pXIE
bHDtujodlrco+crJ4mUwg9Pt0cA1L+SZONvvWK4AtxsqnTxr8kBx5Brug9S6gQ/V
JyG+pk4A
-----END CERTIFICATE-----

51
examples/mutual-tls/out/bad-ca.key Normal file
View file

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAzdAJ4nCT07GbRdIEbi7rV3T76lzZCbo3lXsPFX8bd4wVUefg
BGjPnzdW5TpoXs26sqsFDsrO18YDHMyUrILGAdMn2elJIqX7Ae9vdEfYbrs98muq
/5jGPcqx/P4snTEZ+Jh2M0q7gkjEpw/1WXge9NsLpahP63zcSWdQt6CRTvizbcuK
T9SJHBRDmONRnY3sMI8j1E8E9nalJeijFLxXzv2hxwgyrP53+2yuERq7T3Pe/4LF
ISHmlOTN6pxSQouNUciVRvhYIkblWgs44ku9PkgOOhDW52sOHOkkEpdz6jzFCkpv
r3AG5Sw+pxLVKjcFXjgctRoXJL+BAuTEDUUxXUpM69B+qHjUe1MW2tlvE8+zvYtC
CpRuaSEtBxB0VLtrFlPRx+NYa9PQgoYk/Eoi73eqQpu4cnOl27HU1lJUKZz0dzpU
qfc4JnVL/qR7sOAoBYPCKthDHrTj+qGMBgGJmEQMWoE+NChy+d3nB454TVp6SyVV
f1abHKe7gPYLCJkBfY1QGvXI9RqCUX/keeaCdLptBWvn3sEO24GlOALx9Ef/LTxT
xQmu0KwiBRho4bydm9OociM//jYaKE0Ia+lPGF5oE2bcxZEhE4swcUO3CrQSRweV
MBZCey8L1Pyn8ME58YpLPQiCMlaYOAp5kOSkVi7vLGyGElH00NpmVV98GScCAwEA
AQKCAgEAl+HrKXxC23q6R7BRLK7bZlMihTW3xYHy+xExdH+02Wg7Y5Jms1pVvf2s
1sVfuHbCTJAAz4XDV2D9cwdWwGhRj48wXZPXMQakUi1MZteOVUlA0eG685zez0MC
Tt2UNvzBWb/JmtiPv/nLhi40ta37yl7MHZg0QmiGeHUSEDEiitDmOSR4Eama9WnO
6Mj4tfjCUKORoWAfHXM5NNyVXPwRIOPzu1nFa/zutlDhtCWyDVRJQO5UY7sM2txv
Sa/K1Oj/hVctMo6bG9CN+QFHHVkfcxLhzOAYd/d9FsDGqiGynS3zi0CbYzCdJgqc
wdcYEGtCPuHR7aQvaCMbJfOE6vYhEo/0Eiv4D9ZSlj03VFQ1OLKDWfKu80dVpBYA
3/CNNi5jCSy7u59r7fOB3g1pjtytZ58A1YArxU5I3J1hNPY2h3ATGHnkLtG9wIrc
oJPNt0jn0Hx4ra885mK5sHu5R9o8A4a7gru4erkhn0/l19pcK0E+TI5MhzNiEgbO
mw2NwOy8jMkGiBnxYY7SmgK0jE62yZOiZcvxKmrKkvxeLpKK4I1isS9hPWEsJW2r
XFvRsazZQrOGXSvKXvnUBfYqZJmZHbU4VmaqC0PZnrfQ7tCCJSN4EomBRzPgrSmT
XcRcjx9lhcNVUjD3alBZ2wYt1KIdwPt9NceqSjqgnStI7xy5b0ECggEBAPVaWzxG
r8rzn/axskzVCSRXWkASc3SRoMzP8q7PuytDL5gpET7nWMdoGfQMFQV0OAob3z7X
QdGqhR6ydNGtIJwPY66wtZ8lteKTHvSJvevYgJAvwInROSCcacwhvF3hsinc1WEr
SeVbHN+yT6fpQyRuGvJFNupl4cf6By6OACDDYUohVt9a1ISf+LmHo6kOYhLlmBVR
YeJllCYASZUDsKvTZhnjVJN9I5Dtv5+XgnzEM8NJhXfAq6ZB7PO/R2sOGcuQ2EWH
CYi9WlGs6loUPjWsI0ne4P6MydBvh0a9COFeRxjX7/n+SqeEzHGHDTVQ60OlyJ4N
QSMgvv3A1vaEvYkCggEBANa+bRfb7zPN8lWcjzKA3MoVE1Wj93g7k3vzm5VMZpo0
3IIAMozF3TWGvaWOn1/5CAfRkRHLVPRPrNeIrOF1BC75e+adyhgbJp0G8NW/X0Kn
lzjX1FGmRQcvDUecnhmcLlRJ75YIFTaOnnY1BB8ccb0O440FXvjfg9+E/xUKPgt4
ZBfjUkgNIzBL3hJb/sTF/SFLNEPl1LHVTwczeNppjtXkWTc30bzhwaJd8ygTQPrl
KObCurDV10r/ABMYmZQjL9SM2mA8onIvacbddHwVOprT3hMEqmeYYlyuWKMgAoKR
Qi8UHw6tFwGbPzgZOXl99WHn95vpNp3oKe+Vv+5UpS8CggEBAN3NF1mAVX9VirDL
p3JJzH/r8AyoIXOqCwHco3lhFcVgcXBO/+Yr4lgyRfQX0BEkJV0OIV1/32KZkspT
bcP3jNlIGEdePHJo9uqjMYLD2suQ53hxks+EMu7GN+ZwQQdl91hc6RF0vtL28T1Q
xy32c9pFJ1sJM0HnZJsR7tgpSvhTaGpJhW1ZgXF75LBkbJFyDTskD76F2cV/KtTH
wb1Snq5W56BToKvMnxBvvaGaqD3+aQUMO/osVYBxbLJVo0ymbK9YfAsurnHNLA9W
EG3qiuqeeTBYqnGz+OXTTSmnzpVeU0ukOq93MSoLpX6kJk6inmyDPL+VH+OPwNlJ
MYueKHECggEAftZI71+7QFjzOrfXKJhOUJn0KpBHWd+uc/bmPV+79nckizB8qwMv
bi8gksnTvscDhEK2sdDsY8UvrLqQijYoe2pmUUd/l49p1jPESivXozIDstJgGL3h
ZaXX7SVHiI7kGmr1NSOfC/NfCyizP4D4eRdzNdcnSk4SwRH37EB5dyLr0+QztFT2
JM+a4jMuHqFmqqSVwUjdwQ/htrojNrZEZHeUbnXszuh1C2b8eP4uUkLKTspTpKEZ
obVOIPlVtNa3qI5taYxG0rTIgGpLJAMR82MSdx85Wyj5aA6eUfNVKDON6Oq0kWGR
BiThSUw001qfde2iJZew58G6C0Xi8G1UhwKCAQAhfeZnuBGRDnJMcsoV7HOBSpB1
3DXlGuqGUNb96bKl4AK/pKY5i7DuZF7j1LotjT7baPHSlSv9XS1CZuUxWimVV6M0
54/r25pKYYPPAtaCz80unI9gnVBf0dkKzSsTcf3BYsOulwHgrY4tu7BPAAWtqyUY
g+HwB7hYifxwNCPciqqxn3ibi3gqg0hfHEJGFcgFi33ydGBK9KuhIvzrSnm8OaQw
MnbXfATlkHlPqJ3g7hvg+Ror8zK05NJDxRTfchXKeCltUDoEcsOFarU/TcagcH6H
gh8+C1LxJ4t6sdg/V2LUsDH4mwMN6ZJgFFtya+F28Gm59IAZT9m2KH4Dc7Fm
-----END RSA PRIVATE KEY-----

25
examples/mutual-tls/out/bad-curl.crt Normal file
View file

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEIDCCAgigAwIBAgIRAJHMl1QUOc5iXrRsUUPYNK0wDQYJKoZIhvcNAQELBQAw
ETEPMA0GA1UEAxMGYmFkLWNhMB4XDTE5MDgxMDE3NDAzMVoXDTIxMDIxMDE3NDAw
NlowEzERMA8GA1UEAxMIYmFkLWN1cmwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC5ei7Ag0ESrE7J1x8mzXh0Uh4KddqyPKYt4LqeH3TN613MnFZN91DC
i2ql297F5D5PrHWgKswxWukafaz7uD7Q8QpptsqFkRodjxD7lxMqtJrd8EnmAWWz
VAS7d7LUVYg0nsPXY6cyAtOOq7THlT7AyfjSapZhj7mBIfNbfdTxUYoFEzrkUp5U
2Kq3K5rspShHH9uwPix7shiQ1LgO22sZS9nhn25LFauvQs68TXLF7Ww8NzkEDuGm
/6frWIE14gjkDmuTfOrAI1juHLJbJpiC9Bt42R99MWcuQZQbsVz8slMW/VBITRKQ
JZBH4JYoAzGvzyFhWaMohSrDYS/ERHojAgMBAAGjcTBvMA4GA1UdDwEB/wQEAwID
uDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFD4zDz3S
r+u1I9Cab5XAXcuJP3BQMB8GA1UdIwQYMBaAFCrrc1tgKkkeauMrlQ4Rh1eJ597B
MA0GCSqGSIb3DQEBCwUAA4ICAQCIraEFD0Dt/LreT0kZMlTgtKIpriSLVF6e22Lm
bX0XQ/gTqKm98kDRsxLlBEetrgUdzpdvqqU33ZTvohqvVhwnJ+PzHW3O/n6eyFkj
DiUavkmI8jO17Z5iY8G32aGlpMYeIUiGkTDB6ZoAn09BswlAqdNoOUje/xQZmBBu
RFXmHVR3c2mv7QN8iDg0184d7NKTK3TZ3n59xHEL0a8RrUgmCVb80A214N/XQlBs
mLiveprusafcLIA6yKgPXx1bdtkJw0159Jog6TVHhC8zq7e/6FZJeONAz1ZCytXZ
Ge/LrlQScd9pzbHQn7nS9yD2gUM3R6kr1m8GTnL/0aVbXX7USrh7uFwggXudPZcw
kA/BzRQyE5gfJSUow3WLnoP4g+PuJWAGbwEHS0MAQ8quSaISm+P2hmOANodk3R7c
ULUkFhXT9w0Zk/SdGpo5t5XDby1XsofFLq9Pl8vZq23iBPQvjWLQL71zzFggTN44
bsKE56pNaHmIZVZp7hY7Rt9/D6hVvR0jueVm32uB9tQwYq0CfkXgq68aGS5yt21n
Bm/MszjDTTNe93K0PWyGP0RNJOXb6jL6aNvN3GTBSGkkDD8vraTF56CcneaJcf4Q
IS+GlJZd6ACsv2RQtgOlQW7rma0hjgh9Wo1av0OOirgxuCI90t70aBuvznzxM0uu
6OHJvg==
-----END CERTIFICATE-----

15
examples/mutual-tls/out/bad-curl.csr Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICWDCCAUACAQAwEzERMA8GA1UEAxMIYmFkLWN1cmwwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC5ei7Ag0ESrE7J1x8mzXh0Uh4KddqyPKYt4LqeH3TN
613MnFZN91DCi2ql297F5D5PrHWgKswxWukafaz7uD7Q8QpptsqFkRodjxD7lxMq
tJrd8EnmAWWzVAS7d7LUVYg0nsPXY6cyAtOOq7THlT7AyfjSapZhj7mBIfNbfdTx
UYoFEzrkUp5U2Kq3K5rspShHH9uwPix7shiQ1LgO22sZS9nhn25LFauvQs68TXLF
7Ww8NzkEDuGm/6frWIE14gjkDmuTfOrAI1juHLJbJpiC9Bt42R99MWcuQZQbsVz8
slMW/VBITRKQJZBH4JYoAzGvzyFhWaMohSrDYS/ERHojAgMBAAGgADANBgkqhkiG
9w0BAQsFAAOCAQEApF1NeVOAbbfGPALlEyWb01fnzyeJolPTXLirYPNM1tkIt6/0
9M7jTwB3ZvQYqbu53+XMLQ9xw5PhRTSg8LL2IKTfw0SeRAjZO86ztMxAUjvidDzO
p6TmXSFXJflJ52wZIzrPHt+j07Qd1/bjgAFiNXonXyAr7AEYLVTw+kg7lnVm7PYu
5cRfinIS08gzxsK/wbxAs6OQzKUq0Y58y9J2djRHF93ja8O73JA8Zst/MLNjwuRy
8grtLoNjllYnyGoEfwYiSnek4OUaRPKRGYIXxYyDzA31GWn49ot88PB3DPKqU4Ps
sWYgGKMXnvrPa+qlYY074iw5pAOIiL78CjrIog==
-----END CERTIFICATE REQUEST-----

27
examples/mutual-tls/out/bad-curl.key Normal file
View file

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuXouwINBEqxOydcfJs14dFIeCnXasjymLeC6nh90zetdzJxW
TfdQwotqpdvexeQ+T6x1oCrMMVrpGn2s+7g+0PEKabbKhZEaHY8Q+5cTKrSa3fBJ
5gFls1QEu3ey1FWINJ7D12OnMgLTjqu0x5U+wMn40mqWYY+5gSHzW33U8VGKBRM6
5FKeVNiqtyua7KUoRx/bsD4se7IYkNS4DttrGUvZ4Z9uSxWrr0LOvE1yxe1sPDc5
BA7hpv+n61iBNeII5A5rk3zqwCNY7hyyWyaYgvQbeNkffTFnLkGUG7Fc/LJTFv1Q
SE0SkCWQR+CWKAMxr88hYVmjKIUqw2EvxER6IwIDAQABAoIBAB+VhtCRiUs8vE3y
rANXieOE+EifuRYQ7dtyIVU71hAavGZTWP791mrKguargkwAifvXSlBz+UGOUZOJ
QyO6RDggU72cuu/zvZa6/hFZsJHdH2IbwPnB0yeubv/daj5uMjuDraXH+nixsoTh
CG/UIlOCETUDoYgLiXNL7LzvuIs/JMPUYLU0AgQC27nRUD/bnws502VEOJFRdt59
B/VpDmeTTIHAk2iJhYpyJXRs0YM+RiVOIUJiSlsUZF3U7QMzWITUjN8yms9SD/MP
ZJMYeBLuIazWeV8jeLbyZN1zZLxKwwKuphtDU8v9lH/Yw6LuJoi5gbkRsOgQW5Ot
xSKfo0ECgYEA8Noyxeg+AG4h73aO3l2dTfGW0p/a/MqwimqCG64RxJ+LgjUZFnZj
QxGXHuFySTB2xLQzKDW/x2htnIgy5G1HmYl+w7RLjEk0V/tuXh70wxEHpbBxLjeD
qnxPOByqLvXRZFFzn+imEbuWbf/h9yNfccAYW5aqY6n4Rlvs7uaDnTUCgYEAxSRt
eVpMPTCOu1Qh61PZ0QBdkxYVyy7ZXJo2ka2n+uB6spSNMrxcM6xb3HsxpOchp//v
XJW0qOTckDMJeEL/dw6neSx2sNFLJMyGg+QtLFobs1/75QgXQpqRvovGt3wnmd0s
Q1LGCdaL0cc7SK62/CeANpfF9VCkqlJRu/5+HPcCgYEAhzhZrRbYSHGMh96uE1XH
jQ0HujSZQ7egKfXmGhg+TX+tWWrqLNxGmk7z4xh7i2+0Hnd1CSw0AYY1k947hFd+
DUtOah19FMO8qXC15A3JKQMUogdPY70zJLIp37zoJvlHl+TK34pEQkxpBlTUzmWD
nl9UzYbnHpE8nHPbr7ynQ8kCgYBgsIgc38PKsxkeGZp1P+/xyPscG9XejIDBIUWo
V4Ku0hB7q85A1w9lrKB1V9q2ZUIlkqpEP4yW1YC0HMQFPt7q9r3++WbRPCVdzA4h
e/UH7r3tUSNLZpd57DOVQBrbfUIy/b4q2tsUkiyLW+rgsAhBTeJdZD0MH1xTyQIb
cStLawKBgQDCpG5GyYqQ8hSiRGK9NzowxD//LIjLR5vNWcW0xDE5NE8zYO9EjI2W
VcS+7eVyiApwMMjl2q0JMK+1HziMTaN7YRmp+8c+U8wFU5lVZqE/FPEk6EQ2vfpj
Ir1xWZUXgRCVOM7MfaBGp2BNUeQo7sycWe0F71+bXTmxYHbdwRxqCg==
-----END RSA PRIVATE KEY-----

16
examples/mutual-tls/out/good-ca.crl Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN X509 CRL-----
MIICgTBrAgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMTB2dvb2QtY2EXDTE5
MDgxMDE3NDAwNloXDTIxMDIxMDE3NDAwMlowAKAjMCEwHwYDVR0jBBgwFoAUeeCQ
syxV+Dg0gkbbnAD3zbl1c5wwDQYJKoZIhvcNAQELBQADggIBALkD8splQjWe/LNm
7q4KhoalL1ynr/NLeoefEGJj8QlyAWlQc1Ozr3RmgKgoOVWQRJG+nMcPpS4Mr2e7
WifVcy0GXLDT3mbyUKnd+yR+V/BNnvxA6pxh9szF3A1nL3vmhVUJzKjsbx4SgXjR
hh9Mcn22wsn5J7qOcM9T60QDk2/mN47R/36TuCOnl+BEPpfOE2w5Q77wAigit7Gj
/EsfOuVEVg3hk8apAmQwotmJg/2kDhhOW2HaiOLgS3RkJHdoeiqeiKs8Pff3tPsf
U7BVUh4vKT4VEVi3BgunMNMqpH3slWXqJgC4ew4zwhocsbqW3qM/M4z+i6+cgtVY
UQp1lwBs2HeKljSi0TsVGzQk2v3VGODfLEe19XllIJCymWdPuD5cSrGpi0rAK5Ft
PXffvhBZlwYZqdSAS7jypOIwyoOstjUBaYKypYCE/ZLITqAyL042Ot/pKARWxyKH
RyaeNvjurivx9/CXTflKU4JptWKjCi14ll1CLs5JrDENqHpByXcNDznrxc0ZRCN/
AmgAoMFwVbUnQFcx7d0RTePKHZlMx1jWZnYD6tI2sQqsgCbdp3dphNQT67wwdjMj
YRxlPYE0j+kF6hwUjr6jP8Si6bHBb1Blj6zgMy+0NnA03opfvwGQflkPx9mCFjkl
nzcWwEbl1hEk9+UE+HWsAu5i1kzA
-----END X509 CRL-----

29
examples/mutual-tls/out/good-ca.crt Normal file
View file

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE5DCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdnb29k
LWNhMB4XDTE5MDgxMDE3NDAwMloXDTIxMDIxMDE3NDAwMlowEjEQMA4GA1UEAxMH
Z29vZC1jYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL7oeetJ/6cE
Gbq7/jsmqOE3erTMZDttxS8I5FWW4NDWmci8NHudLd8e3Rm8HzcOcJ4P/A+p5lbk
N8rK689IlC8j3o2hHRtI6OmlhV74J1iIH8kdIu6WlO1kNuLytdkn8Qk+I9CDZ9FH
+g8QnudkKLQbddWCUrsR4xpG2+Ed5gnkBI4n3ncK0X/XFhqhCLE5xPZBNNZKFlrq
meaIxtz2sfoYV56g02sFKT1IIL55E0mxv4TkbmIl9FOjdKBvHEfrGyyy8TFLq+S3
Mz6zoq48n8HF1G9ppKVON1Jt2K5Qa/Whin5kqcaa3p4M/7kb6kqSKLXmb7H27y/U
Db6CPm5wihv06sQhmsv0xnKhj2o/C8eqls76YX1uccj39fI4eCQ8pCEm9Up8yfI/
LeaZWla44Fgyl77Yrsc/3E9vMaKFUxdcGum1t+5FYajdcA/NQky2Ay2jptpUuuHU
6xXK7Dqv9gMcA/33UX8ZGfIOFM+cqe941i5OOXFHrhD9jy4PGc8gi1I4r+UWwKBb
1Hh5rT7rBY+SKM0sfkiBVuEOiny6t1ugkDv68usEXYHZVWiizoXfp5Gn6frE/wR1
DdjMwLa/OkPNuDUT8yMFKhVFqGqwGC66o+5r422UpkK8Hry+klCzTO+7SDhu2bZN
QQFOCKIUevtwlgZmPMrMA56ww5RJsaVxAgMBAAGjRTBDMA4GA1UdDwEB/wQEAwIB
BjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBR54JCzLFX4ODSCRtucAPfN
uXVznDANBgkqhkiG9w0BAQsFAAOCAgEAf+nRjAVvnOJRrJAAjJYV7iQwlq1QvXDg
lvacBhTRrXXx9nFiTYS5x2ALmvyXxnm7HKeCIFDrRp8NLTY2b2WGMAq1qsrAOD/z
S6cRImNCmP6gtPsT49Zo0Xj3kf6rMpOxpbIIgJfLcNzPfi/ncx/hD3A8yzfN0A6Y
qEwd/JFOj7DktZBgeIvDNRWKJoxJIFVxjrj/1bVi1e4VV5oZhNjJ8K9rWQQ+Q/+t
gyF+K2plCCTbEdzyOax65v8yP2yD+6ZAHFOlF26NviRL89buTr0hJYkCyUvw2bYi
8Cs2X6dwCCuuaeGUGeQzk30lPyGVJeJ/vI0bQK9igb9tZ3cwtXpPv3zkPuL17wMV
+B1z6EmGeUK5ySCLEZ76iYb5M/cvcMEN1ghxSH7Afh8LKG4yk3OmRCnwjEju1aij
dk7r2nsLfaOJXPQ5Mp34XSYmu9iMYtW+LmfbH2q1ooKwJd8G5XaEdfBjGPD9CqdX
aJXt004qWljRNKzu0SEFbzRWF4thyyTO18AR8y3GWEpjOyjgJK9EyMlBoPktXAUU
6sLXjOvYSJ/wm65HqUVAM5lG/zYSwLgBL00sZI+5FkD0nU4FLzAdKWNKZDWdUMmL
V/eWFF4l0TPo55a3JT/PFsbtDPKUloYQWy1rnajGru/F9ldBppumETkaNKfVONIr
xpDgsQaVEW8=
-----END CERTIFICATE-----

51
examples/mutual-tls/out/good-ca.key Normal file
View file

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAvuh560n/pwQZurv+Oyao4Td6tMxkO23FLwjkVZbg0NaZyLw0
e50t3x7dGbwfNw5wng/8D6nmVuQ3ysrrz0iULyPejaEdG0jo6aWFXvgnWIgfyR0i
7paU7WQ24vK12SfxCT4j0INn0Uf6DxCe52QotBt11YJSuxHjGkbb4R3mCeQEjife
dwrRf9cWGqEIsTnE9kE01koWWuqZ5ojG3Pax+hhXnqDTawUpPUggvnkTSbG/hORu
YiX0U6N0oG8cR+sbLLLxMUur5LczPrOirjyfwcXUb2mkpU43Um3YrlBr9aGKfmSp
xprengz/uRvqSpIoteZvsfbvL9QNvoI+bnCKG/TqxCGay/TGcqGPaj8Lx6qWzvph
fW5xyPf18jh4JDykISb1SnzJ8j8t5plaVrjgWDKXvtiuxz/cT28xooVTF1wa6bW3
7kVhqN1wD81CTLYDLaOm2lS64dTrFcrsOq/2AxwD/fdRfxkZ8g4Uz5yp73jWLk45
cUeuEP2PLg8ZzyCLUjiv5RbAoFvUeHmtPusFj5IozSx+SIFW4Q6KfLq3W6CQO/ry
6wRdgdlVaKLOhd+nkafp+sT/BHUN2MzAtr86Q824NRPzIwUqFUWoarAYLrqj7mvj
bZSmQrwevL6SULNM77tIOG7Ztk1BAU4IohR6+3CWBmY8yswDnrDDlEmxpXECAwEA
AQKCAgB5+O5sdgrxGp2VwSbdhAXCXz/249/mWGvzcSrxxEQ/Kd13c0fU8sesFnwN
RTRsaL1rP6s8FsEkIwvCdYPUG/sRY0l+E8IU/LBTF33u/32kAtTMGeGHro3YXn7y
4T9uTyahUSJwxoQ+Ik6R8XyVOlkHOcQ/ddSF0RfYYg159zBSgWynprFsPW080J8+
xERZdx9wdpjbkNpXnCxYLmtgIf30XDkfEIIDjniavsqs5457NyW2MnyUGMvR5E1P
c64OBRiHpoyTglWA+8ux8/Osfu9TTqI7zLN1KlQORkB6nsdbWKqztn0Cd1BkismX
60319wwrq98RRUPsuv9NCMn6pcyWlXWLounNV57hz8QPj6lFSuGc9oWISKZM0Fis
NxluS9wKCZsdJCGPiJl+LOl1mWLSBMeCE3bKT/ypCQS04MLZf52SC8w3XzWv9wRM
83pDmDEckZD2wt9LC8HjYJryFlXKz2PxwLbBWEW9lIdSqcPFlqetcG8N56QgEbT5
TLEoPHMiqg8sfMABvhJ4g5u+PsyH0jRZb/eCC8bQhQMqaXRJ64YUbyKO32P5xtJp
IkQ4FpNe2OK4I8p/1CKXjDahy7OvlumWxBBkffnzTVNkmJpPWQiFFI1A1Kjuz41Q
hHWXuXdSpOIEMcLt7laCftxKdOVyQz+h76mYGf7uXetVlaJYQQKCAQEA1nkkYXuA
qQVs1nSmcBRkC6QQj0gU+9iRw6IG+WI6m1BeE0kPbgJV1aKLNLaEcD8SHrW+tmyi
sfXn1TXjRoybS/doTVkdeGAcNt1X9kwtsl9C7mVv4jF4Svmycpl0MXRIuwScQfag
vlWNBDUu6bF8y78MUTTWTMOZlm60uCzyQs98byhiupfqyYDskYoa28++tsq6YQvb
eKXr2StIxWYmKDWmN7S1tLq69JftMI+BxUr6cJvl4tCMi/mXoIHYN3hDZzTmSqAG
C0O5QN34VXZY5V58hVjN8mRg1EHvZTx2tBoWKX43Ju/ZuhlBumIYRKhHjkqGqWpB
/SY1Y68hM2X3twKCAQEA499GlT40TI9Fe9U3tGcSTjPxboH8qLPjO4h4Z6WtiQER
AaRdGrjRRZaptZb9zA0aAubAe4P9lGlVRinujr8V0vTunhXSMsJDgAFUmcdRq8R2
YaIDUdPFCFj8neKOoUh+xg4lUuTh+tu9A/loo/bjAoFwr3d1YCYwQCmzJGKcOHFl
5WW4ev6OpnOwjYczjHRImUNlCVzLgoXwV8hddJdspJHBwCrzEt76rFH55sSs4Kys
d15pXKNw+TR24max6MN/aAWe6rxqQ/XnwwN3Eu91ERcWv5gXEA07p4T1JtJm9sqx
fFZr+0aAOSHGr1dw9TEOnAwUI0TwSB7/rDOJF1K8FwKCAQAUI6gA52H7fSDtOmLu
n1uNpEhRzAj8ZSe64RoajNjIANH0qaWjRODegLblqkXhbGq9K3/PDYBxiY/Ne5Pt
6gIjLgZDTRzxUsUTedFqtViNKVjVnfzVlqOfFrdk/3fjtPGnbhVmNEx/0vS88mmH
VD1NvJDhhz6gUrW3ZInfyYiuMWGT5ozuzJklds/AEuHWxjk4XO0Hc9+WAq6U4/Wf
Y6otmGwVSwjNAcPQd/uz1aXv6sx9ioYZuE+aTUOptMei3c4mgNcnJsOqhx98MdvB
2q0aTLcQpnggTMCy7cYXEYhr/Q8bslhndZpSWVDMua1htROTDvh6LBoqNU5KIAXU
F70dAoIBAQDjjWKpxH1reqMTfx9qeocwKvTMuue4/DJNkAFU14DM0JDQB/elqKvq
hwKgQNDfBLJV9WJ/tZXzr6AlOdhtGerMSCVFHltSruXDHREDo6QuGDlzU9tmykf3
Bw31CHoQGxnl49hnyALWhLpjDpvtKK0XInWJ84v14QzL9hhbnFGOl8b+Zi7sO+nt
1JeZLUtP1gttaXyq9cyQYfpZXs/cjx5B1QAbS4iC7sJ6dD5OsVZF4okzhsdGaDx3
z2lsusqsuxUupnZEyLSBez3eY0Z0VUWdNGZWG6XkNKK+rao2A2QozM6icJbSTVvc
MZt8G6DEaSHCuNkfQ0eDbdk5eBlNfiQvAoIBAHWqWmtjTIzmTlq/SGJwbOSVc8dI
Pm0PFGmCFgtrW8qk5wE8SpeLzZfICSYfeab/EvAHIu/kplKtAstwVDthH3vWlrTj
uiL3Q3rahONTSel+gXSjO6Are8L7mM/XhwUjEUo1gFZZsl+ESNujgyiATFDqFMpC
LufHOb0x8FkOf6ofuV6F6eQ6d3uXzcHdO6jQI3Jy58T+Iol1IJllCbCEIw+0BfAy
bHrWFymPLDhqhe7Srk89cpHCDiyKVsvoBHCjhDkefFSwLplxXn/2qqCOYy42+1oX
k0bF2an/MdZaYjqVzmv3JH3IJFzPo0S8ZYsVVYQs/ZDmIWMlPl0r+MnWLYU=
-----END RSA PRIVATE KEY-----

25
examples/mutual-tls/out/good-curl.crt Normal file
View file

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEIjCCAgqgAwIBAgIRANQqXXolrTowpeLNiQ7GJnowDQYJKoZIhvcNAQELBQAw
EjEQMA4GA1UEAxMHZ29vZC1jYTAeFw0xOTA4MTAxNzQwMjRaFw0yMTAyMTAxNzQw
MDFaMBQxEjAQBgNVBAMTCWdvb2QtY3VybDCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALXtXApHls1fFq5h2EcmyszIMdd85226zbS9w5n72TjURM2sFMRk
IZJhZG14zlrcjKtYWxerE1oj4475DL09DocSFDGgBIX8jl9QOPT/jqeEssToe8nn
pyJ+B5xy+dEZzThkXv5FjnHRr9wtngoWYMhhKJ8pXrr5q3WcEpX3Rm5igAwOPLAf
mGo7GFs9C2EyTlWHy8ffI8UNnJGn0Oi5frNBEev3thPtWZ/96gBsOdDZgGBQaD/0
trlYa2Chw6DBztTguAxgPalJDAKvdh38ar82bRUPpZPHsJ2XJ2JFVEe387m1GtLl
HzKeQ5233Az/FptUaCrsQbZljyEol4FzrW0CAwEAAaNxMG8wDgYDVR0PAQH/BAQD
AgO4MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQURipl
Mdci0TJWmt3MtH4wSzWriAkwHwYDVR0jBBgwFoAUeeCQsyxV+Dg0gkbbnAD3zbl1
c5wwDQYJKoZIhvcNAQELBQADggIBAEurdNd2onZmEx30aWQe4Q9JolTIsFg0NspO
ifG7wjSkzZ1EEks75nCKs4yMKW0PLJhaYOiD6y4ZNWshyVtInVGaQYR4IPDK3Xg3
+2laHvfCEI0/WRjBZEqJXUYjl2gayn5mumUvcfR4K2NQoYusd5KAihAWsUXImDaN
SWEMzM1V1ZpReHwPiHUJcfue8HMPrZDNZvHOw9bbytfpb9HkJGZPsvOg1aElvT1m
ptnSg96BKZRTgs3IPuZP26bxJLGih/XCDGTlbwRHzuwFrRkOtXhnpmjDxyWkCtLR
HYEEquoeacE0ONHDapnhkFtVMNoeana3Sbtr3wHyrtsXoSPHwvtqEYizXWhwPQej
RRIGilR6seH+Nobqk/YVzxmsImvBHTepRKx1J16fXpriZKxgRec7qcy37Em1ZJ2j
NekTly/pyY+s/I664w1z/I6oN5TyytWLyhzNruRyXlPAHNttzp6v8SxWGDJh93aY
f6swdTd5ocWj44mFogs7HSRZXkSCCuLON8ljaDLILgHnL5q/M+AIEQ3cGd29+U/9
uuq8pHp54JILfO2Oz7W0AEnIq1jiQeM5BKYqt8CfAEG27oncObjnJBdy3l6xfrVH
mAP+DnBMdpiJu1B0x1LH0JLO2Uj4fDArtsn8p4SVBF89u/qgAVXZwfWyO4RACLwp
QPCo/K4s
-----END CERTIFICATE-----

15
examples/mutual-tls/out/good-curl.csr Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICWTCCAUECAQAwFDESMBAGA1UEAxMJZ29vZC1jdXJsMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAte1cCkeWzV8WrmHYRybKzMgx13znbbrNtL3DmfvZ
ONREzawUxGQhkmFkbXjOWtyMq1hbF6sTWiPjjvkMvT0OhxIUMaAEhfyOX1A49P+O
p4SyxOh7yeenIn4HnHL50RnNOGRe/kWOcdGv3C2eChZgyGEonyleuvmrdZwSlfdG
bmKADA48sB+YajsYWz0LYTJOVYfLx98jxQ2ckafQ6Ll+s0ER6/e2E+1Zn/3qAGw5
0NmAYFBoP/S2uVhrYKHDoMHO1OC4DGA9qUkMAq92HfxqvzZtFQ+lk8ewnZcnYkVU
R7fzubUa0uUfMp5DnbfcDP8Wm1RoKuxBtmWPISiXgXOtbQIDAQABoAAwDQYJKoZI
hvcNAQELBQADggEBAF08BpT6xeTfdSFFujMjaaMT6fVpf1BIhYCxbKW7QBMLu/+F
C5CBze0dnF8WYO8nhLzKzi2KcqWIxB6mHgt1Vy/iCqeNgjzBitQo7Rygi0C7ih9S
sCCSPx98eH4IHfQqadCSa9QhX6jvBSjavnrnKvLjtcRGXTtPFoSdwUgrpYtZ0zA7
jI8PQjFq+vezEtUPdhkPAU3uO6k5lgNjWqv8OEqsuuHx1QEouxE+LuOgEapPRDwi
LdmOrC4vXWww6m1F288eB1/n/LLJjMjtahK6sVsogfhQe/sv9MJIDDpSt3kIz/kP
IvjUqzmEaazbpm3XHbrd2qbcwMZGGwwEkBjj/xs=
-----END CERTIFICATE REQUEST-----

27
examples/mutual-tls/out/good-curl.key Normal file
View file

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAte1cCkeWzV8WrmHYRybKzMgx13znbbrNtL3DmfvZONREzawU
xGQhkmFkbXjOWtyMq1hbF6sTWiPjjvkMvT0OhxIUMaAEhfyOX1A49P+Op4SyxOh7
yeenIn4HnHL50RnNOGRe/kWOcdGv3C2eChZgyGEonyleuvmrdZwSlfdGbmKADA48
sB+YajsYWz0LYTJOVYfLx98jxQ2ckafQ6Ll+s0ER6/e2E+1Zn/3qAGw50NmAYFBo
P/S2uVhrYKHDoMHO1OC4DGA9qUkMAq92HfxqvzZtFQ+lk8ewnZcnYkVUR7fzubUa
0uUfMp5DnbfcDP8Wm1RoKuxBtmWPISiXgXOtbQIDAQABAoIBAQCppXpzl4hXYHlt
CY694r2wMmrP8Ah7OXwDNAXHfKN2K/Mw+2uuK1VnA+y7bLC45/tA+LaRHpWANAFK
XJF1kg8PA1vTXs15CCbXWJ6UUA79xW9S0RxGDf+72VxNlqXASFgnYul2IPSQzKE6
J0u9Slrb4EYaDWDp6FHr7Ssjrx99ZEc79H9uH0dSzZlx41YQCzrauA/RUOvqHMX3
I9GGCXEEcGVt6DcHl6KZuQOnBiy7ukgW45HtFxsH7MR/sU8Cx5OWOKZgsnkALc95
2NKDzafLyG0yVehcWe7MiC7cbnGIISHU7+s+LJkdfnQTYM4W3e1JITRsc5OvL97z
4A6FSFGBAoGBAMhZ4k73m+cgVwHoeqtYKSAvHVWKkAxzQBWgJ2QFNAORgGF+v6HR
I14uepFnH+qUi+Y721ZDIGMyJ4mCqAftnx2/GY4pUYvsaWSd7VpkUGlUoHvybIkY
OyF1c5BuJME2zgr8FVGoMOmOjMuLQuQzCXOAiLXCSKRoUmtJYiZgrTTNAoGBAOh1
bbgEA2daZmWYvuYEg8ZcQcbEOVMEK41endvADsyR5/2U8+3fwlhMclIRbPe5cJ5Q
W+qUTESvvJuGLPpe1IhV8HbafMb7QabiS8TEqKkE4HWe3mYeiT/R8nBd1Ile01se
ua92hDT+0urFUEEQMaXF1lnvZNEy5g26/AEmx1shAoGAQHerun0yTUy6soJ79maH
1TNT3RKZB2iOVmcSRbzm378R8E04nHkPSF7sUZ09R95EpfDcwwUWhtS8pCLGrsZn
TMsRDg19j+iigR3QIiXlOf9hJID9K6AAZuPEK9VFPmbEJgS3V28nTf/wjg5hl8xU
XjYdx16cwUpQOvWB/5dcJIECgYEA51Ais9/aezfreOF75GtNrU8UbPPJjyAxLmWe
c5MzpsDxttZHvMbSHwdDIwMQCZnPxNl1/YFAO4EcDy5/B0zh9CCAPeTAEUjoVWYN
u2lt43Jk4OYLrFZqgMUrmEDmQyPG8X8rirxGZm3D97YMXBH/NVQeLjQXgExDvBn6
tjKeYcECgYAT7tuceS7YkvkNPrg6xzhjtA6+pZhKBrf2CGm36XAClpUnqX5sT/e5
CIM8AYUL1HBjtZUft2uBZNNNNFVxDr5Jy59NX+DMTLe4Frfqvn5alIz1BfSIgXG0
VgrWNLHlu4B4mHg7gB/7aPFbB8GaGX+x+RIHb1qRZnoyEWv2dVfWKw==
-----END RSA PRIVATE KEY-----

25
examples/mutual-tls/out/pomerium.crt Normal file
View file

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEITCCAgmgAwIBAgIRAPjLBqKYpqe4zHPsGVtTzOAwDQYJKoZIhvcNAQELBQAw
EjEQMA4GA1UEAxMHZ29vZC1jYTAeFw0xOTA4MTAxODQ5NDBaFw0yMTAyMTAxNzQw
MDFaMBMxETAPBgNVBAMTCHBvbWVyaXVtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA67KjqmQYGq0MVtACVpeCmXminlQbDPGLmsZAUEwueHQnrt3WtvpD
Om6AlaJMUnW+Hu55jjokalKeVjTKmgYGbqUzVDoMbPDaHekltdBTMGlOUFsP4UJS
DrO4zdN+zo428TX2PnG2FCdVKGy4PE8ilHbWLcr871YjV51fw8CLDX9PZJNu861C
F7V9iEJm6sSfQlmnhN8j3+WzVbPQNy1WsR7i9e9j63EqKt22Q9OXL+WAcKskoISm
CNVRUAjU8YRVcgQJB+zQ34AQPlz0Op5O/QN/MedjaF8wLS+iv/zviS8cqPbxo6sL
q6FNTltk/QkxeCeKKTQe/3kPYvQAdnl65QIDAQABo3EwbzAOBgNVHQ8BAf8EBAMC
A7gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQCQXmb
sHiq/TBVTeXhCGi68kW/CjAfBgNVHSMEGDAWgBR54JCzLFX4ODSCRtucAPfNuXVz
nDANBgkqhkiG9w0BAQsFAAOCAgEAroW/kk2YexSy4HZAqK45Yhd9k/PU1bh9E+PQ
NcdX3MGDccCEAdsY8vYw5Q5rxn0asq+wTaBplha/k2/UUoHCTjQZu2OxtAwQ7Oib
TMm0J+SsVOwxbqPMok+TjTMz4WWhQTO5pFchd6WesBTyI72thmcp7uscKShwbKHz
PchuA48K8Ov/zZLffwnASYouBs2cwVbD27evN37h0asGPkGUWvmOH7nLsUy8wM7j
CF/sp2bfL/NaWMrRgLvA0fLKjpY4+TJOnEqBlOp++lyILFLp/j0srn4MRyJ+KzQ1
GTOjEmCT/TAm9/WI8R/Aeb70N13O+X4KZ9BGh01O3wOUjwpYgyqJshFsQPntVc+I
JBax3ePSsbqG0LY3pwGRJQ6c+wYqti6cKMN9bbTd08B5I57TQLxMqJ2q1gZl5GUT
eEdcVEym2vfwCOwIklcAm8qNnddfJWQZlNUhsNUaA2EH6yCywZfoZjOaH10Mz0Wm
y3igcRdT72/MGedfOw2Ut1UoDVftG1s++v+TCYi6jTAM9vFOrBxPiNxadPCGGcYd
0jFHsaV8aOWWPB6ACRmxwCT7QNtSs362ZH9IEYdxCM205+finTxd9G0JeQE7v++z
Whyj6fbAYB13l/7XdFzMInA8lizGkTpvDs1y0BS9pWzibhjmQhdfHz7BdjFLuosl
g9MdNl4=
-----END CERTIFICATE-----

15
examples/mutual-tls/out/pomerium.csr Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICWDCCAUACAQAwEzERMA8GA1UEAxMIcG9tZXJpdW0wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDrsqOqZBgarQxW0AJWl4KZeaKeVBsM8YuaxkBQTC54
dCeu3da2+kM6boCVokxSdb4e7nmOOiRqUp5WNMqaBgZupTNUOgxs8Nod6SW10FMw
aU5QWw/hQlIOs7jN037OjjbxNfY+cbYUJ1UobLg8TyKUdtYtyvzvViNXnV/DwIsN
f09kk27zrUIXtX2IQmbqxJ9CWaeE3yPf5bNVs9A3LVaxHuL172PrcSoq3bZD05cv
5YBwqySghKYI1VFQCNTxhFVyBAkH7NDfgBA+XPQ6nk79A38x52NoXzAtL6K//O+J
Lxyo9vGjqwuroU1OW2T9CTF4J4opNB7/eQ9i9AB2eXrlAgMBAAGgADANBgkqhkiG
9w0BAQsFAAOCAQEAMW3hEN39eQXdNt5so5L2XCY8dAVsm6oDg/97JzgW/gf7proz
CXxratCk9KEePcRbSxpB64K1pac98M9Ehb1ILX6LFnN+H3WCTr1Yyn05z2J5v0lJ
u1pDj50yHjCGh6M2fIqubqgMNdCI6irU1hz06l+DdtKGX9yDMw+fYPlZDrTfiXL+
gXzQN2fBOZCEcP18oz01eQqOjUumRMH3n53XJclOnN0PT3jubNjAUhsa+wAoCGTa
3Tjw3mX1qwdsV1E+utxhrY64KMh/lpLTIPA/SR9D8x1BZcAh0bY9ScZReTC6D4Np
S4STZIZQl7wp/0HRNr24uJaRtNcNVAHDwHxq7Q==
-----END CERTIFICATE REQUEST-----

27
examples/mutual-tls/out/pomerium.key Normal file
View file

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEA67KjqmQYGq0MVtACVpeCmXminlQbDPGLmsZAUEwueHQnrt3W
tvpDOm6AlaJMUnW+Hu55jjokalKeVjTKmgYGbqUzVDoMbPDaHekltdBTMGlOUFsP
4UJSDrO4zdN+zo428TX2PnG2FCdVKGy4PE8ilHbWLcr871YjV51fw8CLDX9PZJNu
861CF7V9iEJm6sSfQlmnhN8j3+WzVbPQNy1WsR7i9e9j63EqKt22Q9OXL+WAcKsk
oISmCNVRUAjU8YRVcgQJB+zQ34AQPlz0Op5O/QN/MedjaF8wLS+iv/zviS8cqPbx
o6sLq6FNTltk/QkxeCeKKTQe/3kPYvQAdnl65QIDAQABAoIBAQDAT4ysvWjRczqr
JqORxaOA2DcwWk2L/RW8XmAhZFdSXuv2CPllaMMrzPfLn5YIfht3H3s86gHGYszg
Z8ibbakX5GECKy7yQH6ngxEKzQTjbjjA5dwKHtPXPRrfjd5caLs5ip71ilBXF1Sr
XDHiu2rqmh/dU0+XdL/3f+egT9zlT9c4rRo8vvnycXz1r2uaEVvTLlXulocixEkr
2J9S2loyaTokENse03iIWZZzM4IYqZ08bNxoHX+3AueXLHQ+sFDJ2XZUWKJFG0u2
ZwGl7bViE1P5wbAGmg2Cx5B7S+td2PJRWqkoeqcqvEWBstE/QDp1iU8B8zbAwtcr
dw9MvzChAoGBAPNo4V21z0jz1gDokeMSywrg/a8FBR3dvcLYmeyUy2ngwxunrqlw
6Sb+9gk8j/qq/suPH8Uw3jHsJawFJsoNEj4+voVR3u+lNlLL9omk1phSGMuZtoxn
ngmLUnBT0b53pTFByXk/xNBlIkygA6X9Oc+yngktj6TrVs1PDSvuIcK5AoGBAPfj
pE3GazqQRzlzN4oLvfAbAvKBgYOhSgzll+FKfHsabF6GntWuueacQHXZXe05skKp
W7lXCwjAMbQr7Bgek7+9+3dIp/TgbfBbswK+zVx7gghyc+w+WEa1hprY6zawqvAZ
HQSiLPGuPjyYpPkQ6dWDs3fXrFgWeNgxJHSfGZONAoGBAKyY1w1C6Sv6sunL//57
Cfy500iyj5FA9djfDC5kx+RY2yCWA1Tk2n6rVbzw88s0Sx3+a/HAmB3gLEpRENM+
94uppCEXD7Twepe1RykM+JnjxO9CHN5sbvSnlRpPZS/g2QMXegx++kknHW4mHNAr
wj2Tk1pAs1WnBtLoVhercMcJAoGBAI60HgIoF9K+/EG2cmKmH9H5utigdU6xq0+B
XM31c3Pq4jgIh6e7zolTqkgtukS20khN9t/bnB6Nhg+SuXepIqVfWURyLz5pdODJ
6WPLM63p7BGw0ctOmMMb/UFnXwE88ysFSg9AzV7UUD/SICbB9dtU1hxHrI+JYEgV
Akegz7iBAoGBAIFw+AQIeB03MT/IBlk04CPL2DjM+48hTdQv8000HAOfQbk0EYP1
CaKGtCm861zAf0sq/5DKYCIz9/GS3XFM4BmkFOgcSWTCO6ffLgK3qfC3xX2nvZH9
XdcJL4+fwacLxsbI+8aQcNTtmozdR13BsfRb+HjT/j7vGkbQgJHBOK2z
-----END RSA PRIVATE KEY-----

25
examples/mutual-tls/out/web-app.crt Normal file
View file

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIERzCCAi+gAwIBAgIRAPXxwn/7n06kIzhT3fsBWf4wDQYJKoZIhvcNAQELBQAw
EjEQMA4GA1UEAxMHZ29vZC1jYTAeFw0xOTA4MTAyMTQyMjVaFw0yMTAyMTAxNzQw
MDFaMBIxEDAOBgNVBAMTB3dlYi1hcHAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC4vnZ9idwdlFX2GFIzUoObJbmQRgXFsxh5N9CVuDbNpqzkU1roT0us
oOlAqM/geAqmFkzXBldBAK0s5RWzEt8ixirP7r+2tAAifu8CwAUypZQUhgBMLNW/
weBtqZ/d1XCZ0C/e/xh5Wzkimz9Q/vK3CY4GJLO6c0JrEKl24eWs1VM3CSEpn7by
ZgIkOCPlfAf37hlt2dkZv08U3ZIZgalE8Q9I/MPHj6z/pHp3HQmBGBjouxXMU/NX
A6YJQipdRn3SJ6+ARGfoDaywre82k88RTEHqSF1HaBqcYIFpTspiIdEP2e46SIc5
XGQs4b8jlzI8/7OvXKvgoEuvYalUPD6jAgMBAAGjgZcwgZQwDgYDVR0PAQH/BAQD
AgO4MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUD5te
BH7V+Y54qA5xm0Y5z3+q+xYwHwYDVR0jBBgwFoAUeeCQsyxV+Dg0gkbbnAD3zbl1
c5wwIwYDVR0RBBwwGoIHd2ViLWFwcIIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3
DQEBCwUAA4ICAQCDCKZq2pZAwKHU+KMBEgvz+4uaHVcJpzB2xi8EnxzDp90+HO3n
j5E/b9PQ3B5QK0hFxiAah1vOIBHlZ0Xp979QYYRyM92xRmNCQbc1UMAQJeIRfqxx
GhRkUFKXfJ8YCg+ULbMsvIgF68EzSMnSn3WKc6lRYsLyDaiZACQ1aTfufTjGZd37
0XcPMHiD7MGQVXtAMyu0sxXDl83jzYCP1BD8z4ERgqoGbIIBpZYEYHyBLY6i022K
NmqFL2TxgvnZM7y3pkSPTurFLBXjqF4UKexMGuXEi4B+O4G4STkfxBSQHzXmHhRW
7FW9kNuoKLuOnP5stNiGW38/1F5ekLKdW32MtT5L+FNqknXRddpQO+CvFbUirB2W
Yjo+nIzJV8YhIbKi50Z4U9n0yTMHDVh+TdXOPoQwd7MssC7dyD3bxxO08MzZDKMq
MZd1KyA4Zo4GrUB/1kcVagoRG119RrmMNj0lPY2fO2ZQAnY7ZuGXN98+/eVaYIwF
PGuCd1siQ9ty/yWLhi+Ut8Qpd46jboAbWWZmTddvVuUd8o0BGU9rdxYd1GxkO6sz
68DaMm+uP9hjkkEJxh6ZFOwNRokmW5kujElDfr/0yGjS2lUn6HHBee/hxvn5evI8
cNscqwNe6ls9GTa2b06caRq1UEKiyc/FothI44LBh5zGMRSg6yBntTtUog==
-----END CERTIFICATE-----

16
examples/mutual-tls/out/web-app.csr Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICjTCCAXUCAQAwEjEQMA4GA1UEAxMHd2ViLWFwcDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALi+dn2J3B2UVfYYUjNSg5sluZBGBcWzGHk30JW4Ns2m
rORTWuhPS6yg6UCoz+B4CqYWTNcGV0EArSzlFbMS3yLGKs/uv7a0ACJ+7wLABTKl
lBSGAEws1b/B4G2pn93VcJnQL97/GHlbOSKbP1D+8rcJjgYks7pzQmsQqXbh5azV
UzcJISmftvJmAiQ4I+V8B/fuGW3Z2Rm/TxTdkhmBqUTxD0j8w8ePrP+kencdCYEY
GOi7FcxT81cDpglCKl1GfdInr4BEZ+gNrLCt7zaTzxFMQepIXUdoGpxggWlOymIh
0Q/Z7jpIhzlcZCzhvyOXMjz/s69cq+CgS69hqVQ8PqMCAwEAAaA2MDQGCSqGSIb3
DQEJDjEnMCUwIwYDVR0RBBwwGoIHd2ViLWFwcIIJbG9jYWxob3N0hwR/AAABMA0G
CSqGSIb3DQEBCwUAA4IBAQAQYQEPk4FBo6NxdDu5+cPdnZrkXKc159tUhjMqr6hh
niWER1Pe2oDfgxvNv1/bAj5RqKv+UzAbr8gWpUJ412GOLNAV7iKwaShGwLuSSHBK
EB9wAgz6HD6Vb4qbjzBp1Y7oLaJvCXhwAtTie/1mr3SBA1f9mZir+mnPAmsIagmr
ZlT3/w+wXSxPrIBvPrlLApVOWF8evlKqfEBYJXEesad7N4VvcEVDaEtR3BONfRcF
Qc14bsK9Eeh/qlKBCGZdos9ZBniUURxOalathVm+jbM16qgiGeHzbb9exdI8kvVY
fIrFNBUji6DYRlcOo/jSu41pHWI6DlReIRHhmZs1sKTU
-----END CERTIFICATE REQUEST-----

27
examples/mutual-tls/out/web-app.key Normal file
View file

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAuL52fYncHZRV9hhSM1KDmyW5kEYFxbMYeTfQlbg2zaas5FNa
6E9LrKDpQKjP4HgKphZM1wZXQQCtLOUVsxLfIsYqz+6/trQAIn7vAsAFMqWUFIYA
TCzVv8Hgbamf3dVwmdAv3v8YeVs5Ips/UP7ytwmOBiSzunNCaxCpduHlrNVTNwkh
KZ+28mYCJDgj5XwH9+4ZbdnZGb9PFN2SGYGpRPEPSPzDx4+s/6R6dx0JgRgY6LsV
zFPzVwOmCUIqXUZ90ievgERn6A2ssK3vNpPPEUxB6khdR2ganGCBaU7KYiHRD9nu
OkiHOVxkLOG/I5cyPP+zr1yr4KBLr2GpVDw+owIDAQABAoIBADg5NsRj9UpHP5YC
ttmJriXEaGHg/Za6N6OEegVmp78Uj595QrxajZQ+8F3OQl11CwCa3s29z0YoF4wH
OABkqOXjW1omtc+7niLhcInsuGg+ff90/JgyOOb/8PZO3ilb8MXO1xLNnbwpKA1B
JBbZUDKmRMPX3Z7LvxXoXzqf6w8a47f/5tqMtpy1lyoLQ8tKcN6UfdwpaY3cnq1T
/tS7e39Ebx5MkKVIaVVeNiTNOWWabsoZbZUJTpgUyTRdIZm8j8EDb4JbBiqhFpKq
99qBaWoDWU5aZ75yGC6dPlZAfFc+22Th+Dv18EFeO2P2u/zT8OoijFoW/rPDl2mp
hz/N6SkCgYEAwGS1HN42pEMfM/ECMwyOyn8h0T2d5BI7KDrLZyDHHes168iYwCAi
/mMSzi8eZU46VzDNivOHYApOB+M0V9is/DHIdqnv1Vvp2RV9+2DKsYzp8mcFLqFw
8YV39OrOmPgLKkYurHoPNKrRA6W/ML3AI38lWZCpD45Osi8sv92KRW0CgYEA9dJY
jK04kPqDtehS9qeVttRPG0TyZtYfrtesyuptF9yZv8ZSShiXtf6mPct5iW0t3p3h
3chYf2msgEQit/nszRcy3o5yI2XwV3QYzcJwfRVSwAfhY4tiuZ5hJl7C5z4gA1iw
IfwCLeUwdHVlHuc4hPDeB44bhyIyCQyTAjf62k8CgYBUiyynTeLXFgPdMFhWFHue
8nTq3NfIRFaonAWMAPRe6mBch17Qdo7KGMFHx57kx5aNgA2itNdVVdHqV2ZGABos
DLhZpN2WdXhyg6ZD08necdzQP4MgdaMLDyqifphg0gceAY87Dbwm2bVVk/1LLucC
8jl4fUA9bLyaQm64tWKwlQKBgHoEKLPbH2LHFi1q3hNUZ7nSdFmixXdJ/Xv5zekC
p5fahe5s8FebEWLivX2ay/7s1IHVeFFvqo3D1D3ulBUh1uqOA0/5AKqVZNDj7ZPk
WZWcyfBLeRLCEwTzmmFDVBcX/SfsE7Eqt6I0SvLjeof2WVWTgYHahctzq8ZWGXpW
cwt9AoGAJqdcR7ghv1b41NJw6A41NjH6o2583gwKY4S92JnpXyGAaqATzTmTHOZO
Y+11BVhHyMduygeEz4ltNIcR/d6br0nutESj4mD97gdIDq4gdHKfQ/Rwzw0n0z5o
c7MgcKcYjSYj6XpRhbthH4TRP8a2RlDjEcRk9xg+wElWfZ18TZc=
-----END RSA PRIVATE KEY-----

22
examples/mutual-tls/scripts/curl.sh Executable file
View file

@ -0,0 +1,22 @@
#!/bin/bash
# A valid client cert
curl -v \
--cacert out/good-ca.crt \
--key out/good-curl.key \
--cert out/good-curl.crt \
https://127.0.0.1:8443
# an untrusted server ca, but good client cert, reject by client
# curl -v \
# --cacert out/bad-ca.crt \
# --key out/good-curl.key \
# --cert out/good-curl.crt \
# https://127.0.0.1:8443
# # an untrusted client cert from unustusted ca (rejected by server)
# curl -v \
# --cacert out/good-ca.crt \
# --key out/bad-curl.key \
# --cert out/bad-curl.crt \
# https://127.0.0.1:8443

18
examples/mutual-tls/scripts/generate_certs.sh Executable file
View file

@ -0,0 +1,18 @@
#!/bin/bash
# https://github.com/square/certstrap
certstrap init --common-name good-ca
certstrap init --common-name bad-ca
# pomerium client cert
certstrap request-cert --common-name pomerium
certstrap sign pomerium --CA good-ca
# downstream app
certstrap request-cert -ip 127.0.0.1 -domain web-app,localhost
certstrap sign web-app --CA good-ca
certstrap request-cert --common-name good-curl
certstrap sign good-curl --CA good-ca
certstrap request-cert --common-name bad-curl
certstrap sign bad-curl --CA bad-ca

17
examples/traefik/README.md Normal file
View file

@ -0,0 +1,17 @@
# Pomerium as forward-auth provider for Traefik
Run this demo locally on your docker-compose capable workstation, or replace `localhost.pomerium.io` with your own domain if running on a server.
## Includes
- Authentication and Authorization managed by pomerium
- Routing / reverse proxying handled by traefik
## How
- Update `config.yaml` for your e-mail address, if not using gmail/google.
- Replace secrets in `config.yaml`.
- Run `docker-compose up` from this directory.
- Navigate to `https://httpbin.localhost.pomerium.io`
- ???
- Profit

21
examples/traefik/config.yaml Normal file
View file

@ -0,0 +1,21 @@
# Main configuration flags : https://www.pomerium.io/docs/reference/reference/
pomerium_debug: true
address: :80
cookie_secret: YVFTMIfW8yBJw+a6sYwdW8rHbU+IAAV/SUkCTg9Jtpo=
shared_secret: 80ldlrU2d7w+wVpKNfevk6fmb8otEx6CqOfshj2LwhQ=
idp_provider: "google"
idp_client_id: REPLACEME
idp_client_secret: REPLACEME
insecure_server: true
forward_auth_url: http://pomerium
authenticate_service_url: https://authenticate.localhost.pomerium.io
policy:
- from: https://httpbin.localhost.pomerium.io
to: https://httpbin
allowed_domains:
- pomerium.io
- gmail.com

44
examples/traefik/docker-compose.yaml Normal file
View file

@ -0,0 +1,44 @@
version: "3"
services:
traefik:
image: traefik:v2.1
command:
- "--accesslog=true"
- "--api.insecure=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entryPoints.websecure.forwardedHeaders.insecure"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker=true"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
httpbin:
image: kennethreitz/httpbin:latest
labels:
- "traefik.http.middlewares.pomerium.forwardauth.authResponseHeaders=X-Pomerium-Authenticated-User-Email,x-pomerium-authenticated-user-id,x-pomerium-authenticated-user-groups,x-pomerium-jwt-assertion"
- "traefik.http.middlewares.pomerium.forwardauth.address=https://a6acdabcde358bd08f3537f4de7df7eb.m.pipedream.net"
- "traefik.http.middlewares.pomerium.forwardauth.trustForwardHeader=true"
- "traefik.http.routers.httpbin.middlewares=pomerium@docker"
- "traefik.enable=true"
- "traefik.http.routers.httpbin.rule=Host(`httpbin.localhost.pomerium.io`)"
- "traefik.http.routers.httpbin.entrypoints=websecure"
- "traefik.http.routers.httpbin.tls=true"
pomerium:
image: pomerium/pomerium:latest
volumes:
- ./config.yaml:/pomerium/config.yaml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.pomerium.rule=Host(`authenticate.localhost.pomerium.io`)"
- "traefik.http.routers.pomerium.entrypoints=websecure"
- "traefik.http.routers.pomerium.tls=true"
expose:
- 80