diff --git a/.circleci/config.yml b/.circleci/config.yml
index 6940b803..200be6e7 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -13,7 +13,7 @@ jobs:
type: boolean
default: true
docker:
- - image: circleci/golang:<< parameters.go_version >>
+ - image: cimg/go:<< parameters.go_version >>
steps:
- checkout
- when:
@@ -38,7 +38,7 @@ jobs:
type: boolean
default: true
docker:
- - image: circleci/golang:<< parameters.go_version >>
+ - image: cimg/go:<< parameters.go_version >>
steps:
- checkout
- when:
@@ -62,7 +62,7 @@ jobs:
type: boolean
default: true
docker:
- - image: circleci/golang:<< parameters.go_version >>
+ - image: cimg/go:<< parameters.go_version >>
steps:
- checkout
- when:
@@ -93,12 +93,13 @@ workflows:
go_version:
- "1.16"
- "1.17"
+ - "1.18"
- test-assets:
name: assets-go-<< matrix.go_version >>
matrix:
parameters:
go_version:
- - "1.17"
+ - "1.18"
- style:
name: style
- go_version: "1.17"
+ go_version: "1.18"
diff --git a/Makefile b/Makefile
index fbed72d6..2ff51d19 100644
--- a/Makefile
+++ b/Makefile
@@ -15,3 +15,7 @@ include Makefile.common
.PHONY: test
test:: deps check_license unused common-test lint
+
+.PHONY: generate-testdata
+generate-testdata:
+ @cd config && go run generate.go
diff --git a/Makefile.common b/Makefile.common
index 5ab1b142..6c8e3e21 100644
--- a/Makefile.common
+++ b/Makefile.common
@@ -36,29 +36,6 @@ GO_VERSION ?= $(shell $(GO) version)
GO_VERSION_NUMBER ?= $(word 3, $(GO_VERSION))
PRE_GO_111 ?= $(shell echo $(GO_VERSION_NUMBER) | grep -E 'go1\.(10|[0-9])\.')
-GOVENDOR :=
-GO111MODULE :=
-ifeq (, $(PRE_GO_111))
- ifneq (,$(wildcard go.mod))
- # Enforce Go modules support just in case the directory is inside GOPATH (and for Travis CI).
- GO111MODULE := on
-
- ifneq (,$(wildcard vendor))
- # Always use the local vendor/ directory to satisfy the dependencies.
- GOOPTS := $(GOOPTS) -mod=vendor
- endif
- endif
-else
- ifneq (,$(wildcard go.mod))
- ifneq (,$(wildcard vendor))
-$(warning This repository requires Go >= 1.11 because of Go modules)
-$(warning Some recipes may not work as expected as the current Go runtime is '$(GO_VERSION_NUMBER)')
- endif
- else
- # This repository isn't using Go modules (yet).
- GOVENDOR := $(FIRST_GOPATH)/bin/govendor
- endif
-endif
PROMU := $(FIRST_GOPATH)/bin/promu
pkgs = ./...
@@ -83,7 +60,7 @@ PROMU_URL := https://github.com/prometheus/promu/releases/download/v$(PROMU_
GOLANGCI_LINT :=
GOLANGCI_LINT_OPTS ?=
-GOLANGCI_LINT_VERSION ?= v1.44.2
+GOLANGCI_LINT_VERSION ?= v1.45.2
# golangci-lint only supports linux, darwin and windows platforms on i386/amd64.
# windows isn't included here because of the path separator being different.
ifeq ($(GOHOSTOS),$(filter $(GOHOSTOS),linux darwin))
@@ -150,11 +127,7 @@ common-check_license:
.PHONY: common-deps
common-deps:
@echo ">> getting dependencies"
-ifdef GO111MODULE
- GO111MODULE=$(GO111MODULE) $(GO) mod download
-else
- $(GO) get $(GOOPTS) -t ./...
-endif
+ $(GO) mod download
.PHONY: update-go-deps
update-go-deps:
@@ -162,20 +135,17 @@ update-go-deps:
@for m in $$($(GO) list -mod=readonly -m -f '{{ if and (not .Indirect) (not .Main)}}{{.Path}}{{end}}' all); do \
$(GO) get -d $$m; \
done
- GO111MODULE=$(GO111MODULE) $(GO) mod tidy
-ifneq (,$(wildcard vendor))
- GO111MODULE=$(GO111MODULE) $(GO) mod vendor
-endif
+ $(GO) mod tidy
.PHONY: common-test-short
common-test-short: $(GOTEST_DIR)
@echo ">> running short tests"
- GO111MODULE=$(GO111MODULE) $(GOTEST) -short $(GOOPTS) $(pkgs)
+ $(GOTEST) -short $(GOOPTS) $(pkgs)
.PHONY: common-test
common-test: $(GOTEST_DIR)
@echo ">> running all tests"
- GO111MODULE=$(GO111MODULE) $(GOTEST) $(test-flags) $(GOOPTS) $(pkgs)
+ $(GOTEST) $(test-flags) $(GOOPTS) $(pkgs)
$(GOTEST_DIR):
@mkdir -p $@
@@ -183,25 +153,21 @@ $(GOTEST_DIR):
.PHONY: common-format
common-format:
@echo ">> formatting code"
- GO111MODULE=$(GO111MODULE) $(GO) fmt $(pkgs)
+ $(GO) fmt $(pkgs)
.PHONY: common-vet
common-vet:
@echo ">> vetting code"
- GO111MODULE=$(GO111MODULE) $(GO) vet $(GOOPTS) $(pkgs)
+ $(GO) vet $(GOOPTS) $(pkgs)
.PHONY: common-lint
common-lint: $(GOLANGCI_LINT)
ifdef GOLANGCI_LINT
@echo ">> running golangci-lint"
-ifdef GO111MODULE
# 'go list' needs to be executed before staticcheck to prepopulate the modules cache.
# Otherwise staticcheck might fail randomly for some reason not yet explained.
- GO111MODULE=$(GO111MODULE) $(GO) list -e -compiled -test=true -export=false -deps=true -find=false -tags= -- ./... > /dev/null
- GO111MODULE=$(GO111MODULE) $(GOLANGCI_LINT) run $(GOLANGCI_LINT_OPTS) $(pkgs)
-else
- $(GOLANGCI_LINT) run $(pkgs)
-endif
+ $(GO) list -e -compiled -test=true -export=false -deps=true -find=false -tags= -- ./... > /dev/null
+ $(GOLANGCI_LINT) run $(GOLANGCI_LINT_OPTS) $(pkgs)
endif
.PHONY: common-yamllint
@@ -218,28 +184,15 @@ endif
common-staticcheck: lint
.PHONY: common-unused
-common-unused: $(GOVENDOR)
-ifdef GOVENDOR
- @echo ">> running check for unused packages"
- @$(GOVENDOR) list +unused | grep . && exit 1 || echo 'No unused packages'
-else
-ifdef GO111MODULE
+common-unused:
@echo ">> running check for unused/missing packages in go.mod"
- GO111MODULE=$(GO111MODULE) $(GO) mod tidy
-ifeq (,$(wildcard vendor))
+ $(GO) mod tidy
@git diff --exit-code -- go.sum go.mod
-else
- @echo ">> running check for unused packages in vendor/"
- GO111MODULE=$(GO111MODULE) $(GO) mod vendor
- @git diff --exit-code -- go.sum go.mod vendor/
-endif
-endif
-endif
.PHONY: common-build
common-build: promu
@echo ">> building binaries"
- GO111MODULE=$(GO111MODULE) $(PROMU) build --prefix $(PREFIX) $(PROMU_BINARIES)
+ $(PROMU) build --prefix $(PREFIX) $(PROMU_BINARIES)
.PHONY: common-tarball
common-tarball: promu
@@ -295,12 +248,6 @@ $(GOLANGCI_LINT):
| sh -s -- -b $(FIRST_GOPATH)/bin $(GOLANGCI_LINT_VERSION)
endif
-ifdef GOVENDOR
-.PHONY: $(GOVENDOR)
-$(GOVENDOR):
- GOOS= GOARCH= $(GO) get -u github.com/kardianos/govendor
-endif
-
.PHONY: precheck
precheck::
diff --git a/config/generate.go b/config/generate.go
new file mode 100644
index 00000000..8b17f9d3
--- /dev/null
+++ b/config/generate.go
@@ -0,0 +1,245 @@
+// Copyright 2020 The Prometheus-operator Authors
+// Copyright 2022 The Prometheus Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build ignore
+// +build ignore
+
+// Program generating TLS certificates and keys for the tests.
+package main
+
+import (
+ "bytes"
+ "crypto/rand"
+ "crypto/rsa"
+ "crypto/x509"
+ "crypto/x509/pkix"
+ "encoding/pem"
+ "fmt"
+ "io"
+ "io/ioutil"
+ "log"
+ "math/big"
+ "net"
+ "time"
+)
+
+const (
+ validityPeriod = 50 * 365 * 24 * time.Hour
+)
+
+func EncodeCertificate(w io.Writer, cert *x509.Certificate) error {
+ return pem.Encode(w, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw})
+}
+
+func EncodeKey(w io.Writer, priv *rsa.PrivateKey) error {
+ b, err := x509.MarshalPKCS8PrivateKey(priv)
+ if err != nil {
+ return fmt.Errorf("failed to marshal private key: %v", err)
+ }
+
+ return pem.Encode(w, &pem.Block{Type: "PRIVATE KEY", Bytes: b})
+}
+
+var serialNumber *big.Int
+
+func init() {
+ serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+
+ var err error
+ serialNumber, err = rand.Int(rand.Reader, serialNumberLimit)
+ if err != nil {
+ panic(fmt.Errorf("failed to generate serial number: %v", err))
+ }
+}
+
+func SerialNumber() *big.Int {
+ var serial big.Int
+
+ serial.Set(serialNumber)
+ serialNumber.Add(&serial, big.NewInt(1))
+
+ return &serial
+
+}
+
+func GenerateCertificateAuthority(commonName string, parentCert *x509.Certificate, parentKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error) {
+ now := time.Now()
+
+ caKey, err := rsa.GenerateKey(rand.Reader, 4096)
+ if err != nil {
+ return nil, nil, fmt.Errorf("failed to generate CA private key: %v", err)
+ }
+
+ caCert := &x509.Certificate{
+ SerialNumber: SerialNumber(),
+ Subject: pkix.Name{
+ Country: []string{"US"},
+ Organization: []string{"Prometheus"},
+ OrganizationalUnit: []string{"Prometheus Certificate Authority"},
+ CommonName: commonName,
+ },
+ NotBefore: now,
+ NotAfter: now.Add(validityPeriod),
+ KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign,
+ IsCA: true,
+ ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
+ BasicConstraintsValid: true,
+ }
+
+ if parentCert == nil && parentKey == nil {
+ parentCert = caCert
+ parentKey = caKey
+ }
+
+ b, err := x509.CreateCertificate(rand.Reader, caCert, parentCert, &caKey.PublicKey, parentKey)
+ if err != nil {
+ return nil, nil, fmt.Errorf("failed to create CA certificate: %v", err)
+ }
+
+ caCert, err = x509.ParseCertificate(b)
+ if err != nil {
+ return nil, nil, fmt.Errorf("failed to decode CA certificate: %v", err)
+ }
+
+ return caCert, caKey, nil
+}
+
+func GenerateCertificate(caCert *x509.Certificate, caKey *rsa.PrivateKey, server bool, name string, ipAddresses ...net.IP) (*x509.Certificate, *rsa.PrivateKey, error) {
+ now := time.Now()
+
+ key, err := rsa.GenerateKey(rand.Reader, 4096)
+ if err != nil {
+ return nil, nil, fmt.Errorf("failed to generate private key: %v", err)
+ }
+
+ cert := &x509.Certificate{
+ SerialNumber: SerialNumber(),
+ Subject: pkix.Name{
+ Country: []string{"US"},
+ Organization: []string{"Prometheus"},
+ CommonName: name,
+ },
+ NotBefore: now,
+ NotAfter: now.Add(validityPeriod),
+ KeyUsage: x509.KeyUsageKeyEncipherment,
+ BasicConstraintsValid: true,
+ }
+
+ if server {
+ cert.DNSNames = []string{name}
+ cert.IPAddresses = ipAddresses
+ cert.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}
+ } else {
+ cert.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}
+ }
+
+ if caCert == nil && caKey == nil {
+ caCert = cert
+ caKey = key
+ }
+
+ b, err := x509.CreateCertificate(rand.Reader, cert, caCert, &key.PublicKey, caKey)
+ if err != nil {
+ return nil, nil, fmt.Errorf("failed to create certificate: %v", err)
+ }
+
+ cert, err = x509.ParseCertificate(b)
+ if err != nil {
+ return nil, nil, fmt.Errorf("failed to decode certificate: %v", err)
+ }
+
+ return cert, key, nil
+}
+
+func writeCertificateAndKey(path string, cert *x509.Certificate, key *rsa.PrivateKey) error {
+ var b bytes.Buffer
+
+ if err := EncodeCertificate(&b, cert); err != nil {
+ return err
+ }
+
+ if err := ioutil.WriteFile(fmt.Sprintf("%s.crt", path), b.Bytes(), 0644); err != nil {
+ return err
+ }
+
+ b.Reset()
+ if err := EncodeKey(&b, key); err != nil {
+ return err
+ }
+
+ if err := ioutil.WriteFile(fmt.Sprintf("%s.key", path), b.Bytes(), 0644); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+func main() {
+ log.Println("Generating root CA")
+ rootCert, rootKey, err := GenerateCertificateAuthority("Prometheus Root CA", nil, nil)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ log.Println("Generating CA")
+ caCert, caKey, err := GenerateCertificateAuthority("Prometheus TLS CA", rootCert, rootKey)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ log.Println("Generating server certificate")
+ cert, key, err := GenerateCertificate(caCert, caKey, true, "localhost", net.IPv4(127, 0, 0, 1), net.IPv4(127, 0, 0, 0))
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ if err := writeCertificateAndKey("testdata/server", cert, key); err != nil {
+ log.Fatal(err)
+ }
+
+ log.Println("Generating client certificate")
+ cert, key, err = GenerateCertificate(caCert, caKey, false, "localhost")
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ if err := writeCertificateAndKey("testdata/client", cert, key); err != nil {
+ log.Fatal(err)
+ }
+
+ log.Println("Generating self-signed client certificate")
+ cert, key, err = GenerateCertificate(nil, nil, false, "localhost")
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ if err := writeCertificateAndKey("testdata/self-signed-client", cert, key); err != nil {
+ log.Fatal(err)
+ }
+
+ log.Println("Generating CA bundle")
+ var b bytes.Buffer
+ if err := EncodeCertificate(&b, caCert); err != nil {
+ log.Fatal(err)
+ }
+
+ if err := EncodeCertificate(&b, rootCert); err != nil {
+ log.Fatal(err)
+ }
+
+ if err := ioutil.WriteFile("testdata/tls-ca-chain.pem", b.Bytes(), 0644); err != nil {
+ log.Fatal(err)
+ }
+}
diff --git a/config/http_config.go b/config/http_config.go
index 063edde0..b47347e4 100644
--- a/config/http_config.go
+++ b/config/http_config.go
@@ -372,6 +372,7 @@ type httpClientOptions struct {
keepAlivesEnabled bool
http2Enabled bool
idleConnTimeout time.Duration
+ userAgent string
}
// HTTPClientOption defines an option that can be applied to the HTTP client.
@@ -405,6 +406,13 @@ func WithIdleConnTimeout(timeout time.Duration) HTTPClientOption {
}
}
+// WithUserAgent allows setting the user agent.
+func WithUserAgent(ua string) HTTPClientOption {
+ return func(opts *httpClientOptions) {
+ opts.userAgent = ua
+ }
+}
+
// NewClient returns a http.Client using the specified http.RoundTripper.
func newClient(rt http.RoundTripper) *http.Client {
return &http.Client{Transport: rt}
@@ -498,8 +506,13 @@ func NewRoundTripperFromConfig(cfg HTTPClientConfig, name string, optFuncs ...HT
}
if cfg.OAuth2 != nil {
- rt = NewOAuth2RoundTripper(cfg.OAuth2, rt)
+ rt = NewOAuth2RoundTripper(cfg.OAuth2, rt, &opts)
}
+
+ if opts.userAgent != "" {
+ rt = NewUserAgentRoundTripper(opts.userAgent, rt)
+ }
+
// Return a new configured RoundTripper.
return rt, nil
}
@@ -619,12 +632,15 @@ type oauth2RoundTripper struct {
next http.RoundTripper
secret string
mtx sync.RWMutex
+ opts *httpClientOptions
+ client *http.Client
}
-func NewOAuth2RoundTripper(config *OAuth2, next http.RoundTripper) http.RoundTripper {
+func NewOAuth2RoundTripper(config *OAuth2, next http.RoundTripper, opts *httpClientOptions) http.RoundTripper {
return &oauth2RoundTripper{
config: config,
next: next,
+ opts: opts,
}
}
@@ -663,25 +679,35 @@ func (rt *oauth2RoundTripper) RoundTrip(req *http.Request) (*http.Response, erro
return nil, err
}
+ tlsTransport := func(tlsConfig *tls.Config) (http.RoundTripper, error) {
+ return &http.Transport{
+ TLSClientConfig: tlsConfig,
+ Proxy: http.ProxyURL(rt.config.ProxyURL.URL),
+ DisableKeepAlives: !rt.opts.keepAlivesEnabled,
+ MaxIdleConns: 20,
+ MaxIdleConnsPerHost: 1, // see https://github.com/golang/go/issues/13801
+ IdleConnTimeout: 10 * time.Second,
+ TLSHandshakeTimeout: 10 * time.Second,
+ ExpectContinueTimeout: 1 * time.Second,
+ }, nil
+ }
+
var t http.RoundTripper
if len(rt.config.TLSConfig.CAFile) == 0 {
- t = &http.Transport{
- TLSClientConfig: tlsConfig,
- Proxy: http.ProxyURL(rt.config.ProxyURL.URL),
- }
+ t, _ = tlsTransport(tlsConfig)
} else {
- t, err = NewTLSRoundTripper(tlsConfig, rt.config.TLSConfig.CAFile, func(tls *tls.Config) (http.RoundTripper, error) {
- return &http.Transport{
- TLSClientConfig: tls,
- Proxy: http.ProxyURL(rt.config.ProxyURL.URL),
- }, nil
- })
+ t, err = NewTLSRoundTripper(tlsConfig, rt.config.TLSConfig.CAFile, tlsTransport)
if err != nil {
return nil, err
}
}
- ctx := context.WithValue(context.Background(), oauth2.HTTPClient, &http.Client{Transport: t})
+ if ua := req.UserAgent(); ua != "" {
+ t = NewUserAgentRoundTripper(ua, t)
+ }
+
+ client := &http.Client{Transport: t}
+ ctx := context.WithValue(context.Background(), oauth2.HTTPClient, client)
tokenSource := config.TokenSource(ctx)
rt.mtx.Lock()
@@ -690,6 +716,10 @@ func (rt *oauth2RoundTripper) RoundTrip(req *http.Request) (*http.Response, erro
Base: rt.next,
Source: tokenSource,
}
+ if rt.client != nil {
+ rt.client.CloseIdleConnections()
+ }
+ rt.client = client
rt.mtx.Unlock()
}
@@ -700,7 +730,9 @@ func (rt *oauth2RoundTripper) RoundTrip(req *http.Request) (*http.Response, erro
}
func (rt *oauth2RoundTripper) CloseIdleConnections() {
- // OAuth2 RT does not support CloseIdleConnections() but the next RT might.
+ if rt.client != nil {
+ rt.client.CloseIdleConnections()
+ }
if ci, ok := rt.next.(closeIdler); ok {
ci.CloseIdleConnections()
}
@@ -911,6 +943,28 @@ func (t *tlsRoundTripper) CloseIdleConnections() {
}
}
+type userAgentRoundTripper struct {
+ userAgent string
+ rt http.RoundTripper
+}
+
+// NewUserAgentRoundTripper adds the user agent every request header.
+func NewUserAgentRoundTripper(userAgent string, rt http.RoundTripper) http.RoundTripper {
+ return &userAgentRoundTripper{userAgent, rt}
+}
+
+func (rt *userAgentRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+ req = cloneRequest(req)
+ req.Header.Set("User-Agent", rt.userAgent)
+ return rt.rt.RoundTrip(req)
+}
+
+func (rt *userAgentRoundTripper) CloseIdleConnections() {
+ if ci, ok := rt.rt.(closeIdler); ok {
+ ci.CloseIdleConnections()
+ }
+}
+
func (c HTTPClientConfig) String() string {
b, err := yaml.Marshal(c)
if err != nil {
diff --git a/config/http_config_test.go b/config/http_config_test.go
index 06eb6d04..66b5141a 100644
--- a/config/http_config_test.go
+++ b/config/http_config_test.go
@@ -43,8 +43,8 @@ const (
ServerCertificatePath = "testdata/server.crt"
ServerKeyPath = "testdata/server.key"
ClientCertificatePath = "testdata/client.crt"
- ClientKeyNoPassPath = "testdata/client-no-pass.key"
- InvalidCA = "testdata/client-no-pass.key"
+ ClientKeyNoPassPath = "testdata/client.key"
+ InvalidCA = "testdata/client.key"
WrongClientCertPath = "testdata/self-signed-client.crt"
WrongClientKeyPath = "testdata/self-signed-client.key"
EmptyFile = "testdata/empty"
@@ -664,6 +664,7 @@ func TestTLSConfig(t *testing.T) {
// tlsConfig.rootCAs.LazyCerts contains functions getCert() in go 1.16, which are
// never equal. Compare the Subjects instead.
+ //nolint:staticcheck // Ignore SA1019. (*CertPool).Subjects is deprecated because it may not include the system certs but it isn't the case here.
if !reflect.DeepEqual(tlsConfig.RootCAs.Subjects(), expectedTLSConfig.RootCAs.Subjects()) {
t.Fatalf("Unexpected RootCAs result: \n\n%+v\n expected\n\n%+v", tlsConfig.RootCAs.Subjects(), expectedTLSConfig.RootCAs.Subjects())
}
@@ -1198,7 +1199,7 @@ client_secret: 2
scopes:
- A
- B
-token_url: %s
+token_url: %s/token
endpoint_params:
hi: hello
`, ts.URL)
@@ -1207,7 +1208,7 @@ endpoint_params:
ClientSecret: "2",
Scopes: []string{"A", "B"},
EndpointParams: map[string]string{"hi": "hello"},
- TokenURL: ts.URL,
+ TokenURL: fmt.Sprintf("%s/token", ts.URL),
}
var unmarshalledConfig OAuth2
@@ -1219,7 +1220,7 @@ endpoint_params:
t.Fatalf("Got unmarshalled config %v, expected %v", unmarshalledConfig, expectedConfig)
}
- rt := NewOAuth2RoundTripper(&expectedConfig, http.DefaultTransport)
+ rt := NewOAuth2RoundTripper(&expectedConfig, http.DefaultTransport, &defaultHTTPClientOptions)
client := http.Client{
Transport: rt,
@@ -1232,6 +1233,49 @@ endpoint_params:
}
}
+func TestOAuth2UserAgent(t *testing.T) {
+ ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ if r.Header.Get("User-Agent") != "myuseragent" {
+ t.Fatalf("Expected User-Agent header in oauth request to be 'myuseragent', got '%s'", r.Header.Get("User-Agent"))
+ }
+
+ res, _ := json.Marshal(oauth2TestServerResponse{
+ AccessToken: "12345",
+ TokenType: "Bearer",
+ })
+ w.Header().Add("Content-Type", "application/json")
+ _, _ = w.Write(res)
+ }))
+ defer ts.Close()
+
+ config := DefaultHTTPClientConfig
+ config.OAuth2 = &OAuth2{
+ ClientID: "1",
+ ClientSecret: "2",
+ Scopes: []string{"A", "B"},
+ EndpointParams: map[string]string{"hi": "hello"},
+ TokenURL: fmt.Sprintf("%s/token", ts.URL),
+ }
+
+ rt, err := NewRoundTripperFromConfig(config, "test_oauth2", WithUserAgent("myuseragent"))
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ client := http.Client{
+ Transport: rt,
+ }
+ resp, err := client.Get(ts.URL)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ authorization := resp.Request.Header.Get("Authorization")
+ if authorization != "Bearer 12345" {
+ t.Fatalf("Expected authorization header to be 'Bearer 12345', got '%s'", authorization)
+ }
+}
+
func TestOAuth2WithFile(t *testing.T) {
var expectedAuth *string
var previousAuth string
@@ -1294,7 +1338,7 @@ endpoint_params:
t.Fatalf("Got unmarshalled config %v, expected %v", unmarshalledConfig, expectedConfig)
}
- rt := NewOAuth2RoundTripper(&expectedConfig, http.DefaultTransport)
+ rt := NewOAuth2RoundTripper(&expectedConfig, http.DefaultTransport, &defaultHTTPClientOptions)
client := http.Client{
Transport: rt,
diff --git a/config/testdata/client-no-pass.key b/config/testdata/client-no-pass.key
deleted file mode 100644
index ac0e28a5..00000000
--- a/config/testdata/client-no-pass.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC307b8Il9zajKw
-mkOih8sfYI+O9gSTvvyQN7Bh+Bu6lLN+XhtRxt+ZqOHfqo30EuPmdScMrqregqup
-VPGKgfkXVP3hF5rYdWqZx4XOKdyxbaarZupkAv2gtVNEBSmVSj8urt5WZOJVnF7Q
-GmhCAHpx34L5CCPYDXJBd5ExLwGIByKxQNugor7dJx8ehmVkGKto01GWjgY+sPYp
-lV9KxvD49ygXYQ6VAqgt/V2EG/PMmT0/jUtmM2tYDFztPkSISJg0vB/f9zHlYIdD
-GjkBjngekAij77T93xEuouox25UtXmg6ApqvDVEiBxZmN5Dt70HBsQ+IftENEUoY
-8jhrImwBAgMBAAECggEBAJNlgjK3SPvdKlnqx9KZuagmH9YMs+zX1eG5lYdojqtT
-snzf7l3q7b1i6gIS2pHbV7uhMjd8EmwqMIStJKPfxaAMuSj0aWeo9lnp3wNJE7l8
-54hGFCkvMLjcy7Adx5L6HqFK++IgME9e+7M3iWNqyMNn6bfO7Ba/6V5PBi9+tmaf
-nZWqgY2Kf8A2iNnm9RvmiwQ42nsjVsKcXzGdBmFTp69ar/QWtk1dWDajUVw/NctM
-cs+IypPjZiAE3CgyyiLKzG9CWCjkfMEd14uxFE73q2SAG6RWYSnv1M3WOupAF0rP
-ll/NMXaMjLlq2q3B9v2ZAaojbbWlHLDdEpE/jwXkkwECgYEA5iWN7SGH8ZE6wDfO
-EYuTQKpqYt1WbCQxv77leuGcm1KlFYfV8LsB/9xiocVtGm7N126zuwfgzfkIZWQD
-KrpoFUkz1jUg+kHCqf4FO8hzR0By3hbdTImJQILtC/K3fHJtexFKiW82mb40lgYc
-+Mk6Nb5CmL6VCX5u8MNBvD8WaLECgYEAzHofIneLLLqF2f2uVzF743CdgP1h0fPI
-BS3akp56/8qzQWNW+natJRxiTh2R8gdvB+P/UtEZR8E+FbSzZ4dIRrxIi44ew0Cr
-sROaP4LkaZFflKS/fD8S1M7yZQhussRoRWH0BDvM0hsu6UTGlESHX73b7js4AHpB
-2q4frJMTDFECgYBr2f2Aus3yLpTRr1Uqc7Y1/6aLXh4531xQ9yyjQUcaosgqJtXj
-Uj/Fn4m5NcPDN1nPM1mWtEJtQ97jZNL3GxPbpcpc/9jMbjTDZP8e3Pjo0xMBcMWU
-MH/Zc4GSr9O8xgL4QUokzbFQqwoJpCO/ks1skhSzb9x37oAe4+HSTd46gQKBgQCk
-+9hJSCl8kpdTl5Nm+R9cGU6MeGXIMKnwO9pDOSpHX7cZCF1yw/Tan7dWDhfnMEZP
-GJC3ss1yDyLYArBK1WXk5SCnsalyo6ikvQtVOXixEUIMvo1eY8n++WetS4t+JGl5
-qhponBOcZ6CHSR3tHgoYnyloZFHAWOTv3FTkOttAsQKBgQCzWSO2TA4v/vIKIrSV
-Lf2cI51imcy/JCsYUU+o66VQ6QdIJlfamuAKaKYAwfJtHtZOzAgrh09JV3qEEtN5
-duBdXiuygAz8eHbqSoSe5FYgImI0BREDq8Zm3ArgUhv6S9aBeg/mS1W/5ZfmV2cT
-0MdlE8vUtcbDkmKpi7CaklzMNw==
------END PRIVATE KEY-----
diff --git a/config/testdata/client.crt b/config/testdata/client.crt
index b406f392..5e68bd44 100644
--- a/config/testdata/client.crt
+++ b/config/testdata/client.crt
@@ -1,96 +1,32 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 3 (0x3)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus TLS CA
- Validity
- Not Before: Apr 5 08:10:12 2019 GMT
- Not After : Mar 26 08:10:12 2059 GMT
- Subject: C=US, O=Prometheus, CN=Client
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:b7:d3:b6:fc:22:5f:73:6a:32:b0:9a:43:a2:87:
- cb:1f:60:8f:8e:f6:04:93:be:fc:90:37:b0:61:f8:
- 1b:ba:94:b3:7e:5e:1b:51:c6:df:99:a8:e1:df:aa:
- 8d:f4:12:e3:e6:75:27:0c:ae:aa:de:82:ab:a9:54:
- f1:8a:81:f9:17:54:fd:e1:17:9a:d8:75:6a:99:c7:
- 85:ce:29:dc:b1:6d:a6:ab:66:ea:64:02:fd:a0:b5:
- 53:44:05:29:95:4a:3f:2e:ae:de:56:64:e2:55:9c:
- 5e:d0:1a:68:42:00:7a:71:df:82:f9:08:23:d8:0d:
- 72:41:77:91:31:2f:01:88:07:22:b1:40:db:a0:a2:
- be:dd:27:1f:1e:86:65:64:18:ab:68:d3:51:96:8e:
- 06:3e:b0:f6:29:95:5f:4a:c6:f0:f8:f7:28:17:61:
- 0e:95:02:a8:2d:fd:5d:84:1b:f3:cc:99:3d:3f:8d:
- 4b:66:33:6b:58:0c:5c:ed:3e:44:88:48:98:34:bc:
- 1f:df:f7:31:e5:60:87:43:1a:39:01:8e:78:1e:90:
- 08:a3:ef:b4:fd:df:11:2e:a2:ea:31:db:95:2d:5e:
- 68:3a:02:9a:af:0d:51:22:07:16:66:37:90:ed:ef:
- 41:c1:b1:0f:88:7e:d1:0d:11:4a:18:f2:38:6b:22:
- 6c:01
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Key Usage: critical
- Digital Signature
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Extended Key Usage:
- TLS Web Client Authentication
- X509v3 Subject Key Identifier:
- 3A:46:D1:C5:8C:42:60:AC:EF:0C:DD:4B:55:1E:F0:D7:5C:76:C3:33
- X509v3 Authority Key Identifier:
- keyid:4D:02:BF:71:95:6A:AA:58:C5:9C:B8:83:67:5E:64:16:99:E1:2A:9E
-
- Authority Information Access:
- CA Issuers - URI:http://example.com/ca/tls-ca.cer
-
- X509v3 CRL Distribution Points:
-
- Full Name:
- URI:http://example.com/ca/tls-ca.crl
-
- X509v3 Subject Alternative Name:
- email:client@prometheus.example.com
- Signature Algorithm: sha1WithRSAEncryption
- 73:fc:87:f2:cf:e3:b1:df:2f:f7:bf:f9:74:dc:0b:f0:7f:95:
- ef:77:ba:6a:7d:c6:c5:f3:d9:d6:c7:eb:f8:a8:30:d3:90:d5:
- a5:0c:32:33:95:85:a2:05:6e:78:a7:07:a5:e0:cf:f4:65:ef:
- d2:6d:86:66:2a:7f:13:78:2f:90:dd:9d:a4:34:d4:8f:df:41:
- 1b:0f:17:99:99:06:2d:26:86:e2:58:3e:84:ca:13:9e:00:ca:
- 82:07:63:e7:6c:df:e9:47:d6:b3:f7:51:1a:31:f4:3d:79:95:
- e7:ea:bf:40:84:48:09:23:ba:31:b1:67:cd:05:50:ec:e6:0a:
- d8:2b:7d:7d:73:7a:8a:5f:f7:72:28:57:9f:15:2d:b1:4e:a1:
- 3c:06:53:60:6e:b2:f9:04:08:81:3a:f2:ba:5d:7e:ac:93:f7:
- 3b:1a:de:07:6e:14:a2:0b:e2:28:6a:50:2d:d8:9b:3c:25:e2:
- 82:6b:90:7e:45:7b:dd:3a:7a:8e:71:99:a7:e8:88:5f:06:71:
- 5b:3f:18:85:70:f9:eb:c7:26:43:2b:49:8f:17:90:aa:ba:86:
- 8a:52:63:83:9f:9d:5d:79:53:af:6d:1a:7e:47:0d:ea:3f:33:
- 18:c0:5f:90:d0:c5:04:8b:e3:4a:45:3d:a6:8c:c3:d1:47:1c:
- 45:70:a4:75
-----BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET
-MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp
-Y2F0ZSBBdXRob3JpdHkxGjAYBgNVBAMMEVByb21ldGhldXMgVExTIENBMCAXDTE5
-MDQwNTA4MTAxMloYDzIwNTkwMzI2MDgxMDEyWjAzMQswCQYDVQQGEwJVUzETMBEG
-A1UECgwKUHJvbWV0aGV1czEPMA0GA1UEAwwGQ2xpZW50MIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAt9O2/CJfc2oysJpDoofLH2CPjvYEk778kDewYfgb
-upSzfl4bUcbfmajh36qN9BLj5nUnDK6q3oKrqVTxioH5F1T94Rea2HVqmceFzinc
-sW2mq2bqZAL9oLVTRAUplUo/Lq7eVmTiVZxe0BpoQgB6cd+C+Qgj2A1yQXeRMS8B
-iAcisUDboKK+3ScfHoZlZBiraNNRlo4GPrD2KZVfSsbw+PcoF2EOlQKoLf1dhBvz
-zJk9P41LZjNrWAxc7T5EiEiYNLwf3/cx5WCHQxo5AY54HpAIo++0/d8RLqLqMduV
-LV5oOgKarw1RIgcWZjeQ7e9BwbEPiH7RDRFKGPI4ayJsAQIDAQABo4IBDzCCAQsw
-DgYDVR0PAQH/BAQDAgeAMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIw
-HQYDVR0OBBYEFDpG0cWMQmCs7wzdS1Ue8NdcdsMzMB8GA1UdIwQYMBaAFE0Cv3GV
-aqpYxZy4g2deZBaZ4SqeMDwGCCsGAQUFBwEBBDAwLjAsBggrBgEFBQcwAoYgaHR0
-cDovL2V4YW1wbGUuY29tL2NhL3Rscy1jYS5jZXIwMQYDVR0fBCowKDAmoCSgIoYg
-aHR0cDovL2V4YW1wbGUuY29tL2NhL3Rscy1jYS5jcmwwKAYDVR0RBCEwH4EdY2xp
-ZW50QHByb21ldGhldXMuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQEFBQADggEBAHP8
-h/LP47HfL/e/+XTcC/B/le93ump9xsXz2dbH6/ioMNOQ1aUMMjOVhaIFbninB6Xg
-z/Rl79JthmYqfxN4L5DdnaQ01I/fQRsPF5mZBi0mhuJYPoTKE54AyoIHY+ds3+lH
-1rP3URox9D15lefqv0CESAkjujGxZ80FUOzmCtgrfX1zeopf93IoV58VLbFOoTwG
-U2BusvkECIE68rpdfqyT9zsa3gduFKIL4ihqUC3Ymzwl4oJrkH5Fe906eo5xmafo
-iF8GcVs/GIVw+evHJkMrSY8XkKq6hopSY4OfnV15U69tGn5HDeo/MxjAX5DQxQSL
-40pFPaaMw9FHHEVwpHU=
+MIIFgjCCA2qgAwIBAgIRAMMSh5NoexSCjSvDRf1fpgQwDQYJKoZIhvcNAQELBQAw
+aTELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy
+b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRowGAYDVQQDExFQcm9tZXRo
+ZXVzIFRMUyBDQTAgFw0yMjA3MDgwOTE1MDhaGA8yMDcyMDYyNTA5MTUwOFowNjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxEjAQBgNVBAMTCWxvY2Fs
+aG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKE5sMf63irOiAEo
+a5GMONLHDji9ATAVs1erm6NW/17UPOSjN1Q1n6JGTp2XLKb5gle7gdGdjXW9IB6n
+PhXwQp4ZvTaucMxcZ+Zik19tn+azKdfj/FXU0c9R5oEv4B/1jfKG258dQF5es/Ga
+A2WW3nWA6IwQkHcBcN7cBQCZZ1GcM81rxybuyU4k/FyMheehcJ5MN8iy0Y0YrMcZ
+KxmRfAR/EfVYjenWXjZNncsUXotQr5I4wBUJ/pj5pYQWpSuyO6oADX1EzcxuL6bO
+XoEHfGFqmr90lM/x19bHzllu1UxIwqmT8jW3Je89EhlBxb0htNWNg4hKY7658Khq
+L0tx0AsdIru/JuoQGXrDs4yf+3xL51zSeMr6jewl6AyGQKCc5E+c/zwklCdsVFw7
+zapbT6Hok5HjSoMnRi/EGLtd33CQjvgGooPA4LLzWpbZhoA7QZLBXhvAG3qIkTXr
+1SaDQcP6GvYItEo3Yvqle7hWqhJB5E7QJ2+0j0ztbOLZBkuQGmiT4Ebsx5IJrRaT
+jDCkqYzuHjdTAtwDQR6Tuy2Sc+AuAxI4kDH6EwpX5X7E2mkE2RyYusiu6o400K6F
+QhRysPf1BXxSwQgcvsQTjcl8InyY/JT+7q7TCOLaXoj5rQDwIQdao0IRgr1+M7FQ
+5rsuLRD92EI/vLfSikk3MxcwZ1qzAgMBAAGjVjBUMA4GA1UdDwEB/wQEAwIFIDAT
+BgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFMaa
+Hh5g0+YopeLd1IkizXyK9K/zMA0GCSqGSIb3DQEBCwUAA4ICAQA1qIgzzSid9YZS
+v3kfqaDmZ3ickDuoJg4DjOz4AoZF+o2SnS/kXrIs/pTABUcfhgxt6xNJUFPIi2Pa
+IQXkS24Ya85RJxNUrJmqwhavONoxNoC9RBdNqwQy30DxrBcB+881Y/Ln3VQu6mfj
+aLFk09LFddz3Uc26spc257GkWfvdKjki5xDiFYze8KO0s+J/OWluNOiBG1Pehj+c
+CkwPzy9lwX0JCbAhsDkJGSY4rh+MO/bg9RemuqCPrmOIH8laBnJFvMTZyZRUTQlB
+pAcS8Oa6Bth5DUV7XSwWD6ZOe8Jo5BzJmw5hd5/EA+0+LwZqxmB9d7lGMKgEOMJw
+rIQZCN5PlYYkp31y190rw5XklHMeUJUNzcZKa/tNhjwmU5Pj01gdS5/AnFqO3zRW
+w3jUI6GR7rqj8g4P/kigIUyuX1Our6K27HUWVmt/SC+DHrhF+J7xet0q3R+UwUx1
+4wTzXnA1++s19G9wzo/HenCOTvU2bprl/WQ66/lICU+xxwHfs6kltY3SItvczqOf
++iZrmDn/0jmoarkhaND0EpiG6FbsNWsCprPP1uj0ICqvcBD7VfqT4NWY8QWcoqqr
+JxiOAuuh0iNj8dmax3suNmd+XKIhVHZ3lRBRxrsqqi67axk3mgQby2j9sLxNmrqD
+Lc+UGxJB/WZg4NvzZSaj2MZmt4zOHQ==
-----END CERTIFICATE-----
diff --git a/config/testdata/client.key b/config/testdata/client.key
new file mode 100644
index 00000000..9c768235
--- /dev/null
+++ b/config/testdata/client.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQChObDH+t4qzogB
+KGuRjDjSxw44vQEwFbNXq5ujVv9e1DzkozdUNZ+iRk6dlyym+YJXu4HRnY11vSAe
+pz4V8EKeGb02rnDMXGfmYpNfbZ/msynX4/xV1NHPUeaBL+Af9Y3yhtufHUBeXrPx
+mgNllt51gOiMEJB3AXDe3AUAmWdRnDPNa8cm7slOJPxcjIXnoXCeTDfIstGNGKzH
+GSsZkXwEfxH1WI3p1l42TZ3LFF6LUK+SOMAVCf6Y+aWEFqUrsjuqAA19RM3Mbi+m
+zl6BB3xhapq/dJTP8dfWx85ZbtVMSMKpk/I1tyXvPRIZQcW9IbTVjYOISmO+ufCo
+ai9LcdALHSK7vybqEBl6w7OMn/t8S+dc0njK+o3sJegMhkCgnORPnP88JJQnbFRc
+O82qW0+h6JOR40qDJ0YvxBi7Xd9wkI74BqKDwOCy81qW2YaAO0GSwV4bwBt6iJE1
+69Umg0HD+hr2CLRKN2L6pXu4VqoSQeRO0CdvtI9M7Wzi2QZLkBpok+BG7MeSCa0W
+k4wwpKmM7h43UwLcA0Eek7stknPgLgMSOJAx+hMKV+V+xNppBNkcmLrIruqONNCu
+hUIUcrD39QV8UsEIHL7EE43JfCJ8mPyU/u6u0wji2l6I+a0A8CEHWqNCEYK9fjOx
+UOa7Li0Q/dhCP7y30opJNzMXMGdaswIDAQABAoICAHKXAmLgl09tg5TvGaVVOH33
+JNCG5XU7t0A0pGYvy0mnJ7CJoSWlB1TbC71OWVpENLQOfXJyvLxWM6IV1DbbkT21
+pZpb2agmdWJ15bEJxYC/Dpp3XD3VCVqFJ4PidzW/3afm2en5bGqmfNbXVFq8JFj3
+ylDi5QrwZzy+vH90iM6kat0yIVY2mbWE7CkLZ5D+WYDpQyzOi8nxI7xO0ydVFARO
+HIF480SkLEoEWIaib6AtNNyEoWFSvTYVGeMMBVFNWMK3Tt8eK/eEyTGRs/GZVHoY
+vuwc/Dff+Dybvrop4Ehb3p+Qm7I5/ihQC7EP4m9Oqayu7DHOTZ6docLR1dOVjPt4
+F0qkeMGaGTDnfGmocqaKskGmhNWEnav5+aaYtFRXEqkLW53lIaGcWv2kyaFfvCYg
+L810FEn9D5OVmlLjgUrzeEctFmhO2Br33dLl90imtuVI3Kg/qzsM9fiV0KbsONzq
+I7aIvZZjXrevCOFtNSTfxNT8PrkyjWYN+2sbLWCR7hRvuzSTHI/qh2TzvyhqKeWc
+ZPVlIT2qvBN5OP+j42J54VXwJNIwUmbKfnETvHMp3Cht/UaEtj/vzAkYB0paEQUs
+O80vWwN4zk6H/qRV0HewUoNIGYlnTFLg/uOlLwbkctYH9ubEaobtVtwx6hsZ12AM
+m7N27FsiAf6KJOGN2CqhAoIBAQDBuQgDxtf3XaoUc8YJKnvGRFMmuq8VWIELF2E1
+/u+IWP8f89BoUon7J5VMHvKiuvsVa6bOJpENrp/fV9+5IA7a925U7il8LmGis+v7
+Sg5pWMJ6gUXq65jssXw0PPDyHEHL0WTwI6KlcI0+Pt8zPujq0TPeHBOadlaPHdg2
+lHEWPvuoAeZknLnYWF7Eq0y3cD2LBiFiZWNRO0wccFf7CA1O5ToUDkFB0zXB5ZOJ
+RgVSUQ5Gnva2OSB+dfFc3HwOADqjnBW+nMDi/ofH2rQEysEp4iTV4N+HkWxpNUPU
+9Z3KRUN645P1BK9ufwNnqsagJU8gKNR9EJKITiPU3jqKi/IvAoIBAQDVDjDi574a
+btsUQcUcip2na+D5jRts+/5lugA5OT6GzIRyYP8WgH7JMbwC91cB3avV08y5SHMB
+P1wo04qaBL+p1by19ewZ6f4Kfytoad7ZGb/P9tX8H30N8Q/k9kucn4igpJ6XaQXU
+tJIKWoBsNuUTZkPwa0+FMBBbRFRagu+mbOwnKR6zNIXNh18K7/LCJSb9jy73xG7k
+DEuRJH10Ow0Ijo4/UACm0CLdavtVtbkGfarETfZSUPuKMHs6dyAME94+IG3WgmWW
+B1WbtrWXw6RNhaecYDfjeW3iFOjgo+MpaQpnfiz7nqNrUu5zbteJYM2EdHI1baJ+
+/VXsXsc4hdK9AoIBAEyWkJqdpIiBmVpYozTAfQrXvGAVcl7oDKyL47zrO1wWg1bo
+l76G01JeReJAYgEAF4BSfTIHgVV9cmtkXGjeScE8DXy6Y+BanfMrWuKQVr5Dfy/b
+p/7GgkEhsk8cwM2XalPgRx3BmO37X3v6c1fZSVB8wRrQ0tdAbdxLGk4JxePbpra3
+eZTReZAU7/KlHsFvOIWcONqj5u4YmXCs4bu3ZTuJ2LpRIG+bxycPUpL1AemXbiNx
+eWx1jWkxy+jAqrMGWCiS7u3bH08e/iN/TaiPWGrso0+Dhhwc3FWD33t0V5u+Yn1V
+OAuofIsc4AW+OKTb2zqFqex//s6wxe3EpjRcO7UCggEAXVL5APtn3yY92pKwp77k
+LejoRAeWQtfi6GZgILC9fchqH7vzIMUqRDD/3QDA4PVbhq9e1q4wihRZ5xw6cxqv
+ZdJU9hOB1xwTBkAMIJF3ZvuLdKn3s5eLbKbyQmXMWw/ahht1yHbdcf2iltxrsnsd
+PrEmA1LOI1YZZBD7LiZ6mRjPHJw7cV4JWiz46c6PNJGXkau9dBRcSpJEK5CjT11q
+aRwgnQULNAaprvlknHecU4aKXbCUvBvzAuYXpFV3+TJewDHuSu8VVnFiA3I1+wNc
+ngR0ld/ju0V+Z3CnTXccUxBK2WiAhbtIdAOApZmg2fFINMPZHyQl8KBBmecuNskP
+tQKCAQALxoCzLhdq6Kl/mqqdPTlvncIuAoaH2VjEc5ZpMIHShPd1YfPv5/sQkD4B
+8X7QNLPITaSGvNTevyg/KtVPuWyyCxEjmIXDXOCXkylmJFY9tgaaSGPLRJ62sIbz
+EJGmUUOBYD+/ybV+dQd3GgkGJ0Hytp+FM8NCWukCFRAxb1m56xfs+RTBuLdJpou7
+AV+RafQV1roAQ+Pj3dFsoR6jBJIM4w0S5Q6609W062hrR6hBrlVBGfZpo/Mgmv5K
+HEnQ7X+AqPaK7BLdzBQb2Qd6hGF8DMVTSBRlc/THnhK/HlVCuWMNuEliGtmIuGYE
+0FRrwC2EvZmAS7m/FHfkpry76CRU
+-----END PRIVATE KEY-----
diff --git a/config/testdata/self-signed-client.crt b/config/testdata/self-signed-client.crt
index fe2973ab..a0a5cdc6 100644
--- a/config/testdata/self-signed-client.crt
+++ b/config/testdata/self-signed-client.crt
@@ -1,121 +1,30 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 0e:47:ce:db:33:a0:10:93:9b:b1:ac:66:7c:16:2d:89:d0:b7:ea:1d
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C = US, ST = Denial, L = Springfield, O = Dis, CN = www.example.com
- Validity
- Not Before: Mar 1 16:51:42 2019 GMT
- Not After : Jul 17 16:51:42 2046 GMT
- Subject: C = US, ST = Denial, L = Springfield, O = Dis, CN = www.example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (4096 bit)
- Modulus:
- 00:ce:c6:ab:fd:9c:d2:da:55:f9:3d:5f:c0:0d:1a:
- a6:1c:d1:7f:01:f4:0d:9c:ce:85:8b:01:8f:06:73:
- 0a:b6:92:e1:6e:63:7d:e4:83:ca:c0:11:67:70:d9:
- 89:0c:a9:62:0a:c3:cc:00:53:6f:b6:1b:0b:e1:eb:
- 62:00:e8:ed:14:16:c6:29:45:0c:ee:25:40:21:10:
- c2:3d:9a:3b:5c:27:54:bb:e4:9c:f6:e3:b4:dc:f1:
- 0e:ba:c5:6f:60:94:45:b8:8d:f6:a4:1a:b4:fa:82:
- 7b:5a:55:a6:11:c1:d4:e6:41:dc:c7:41:8e:db:46:
- 6b:a2:0a:c1:13:96:47:12:4b:27:2e:d5:45:d4:51:
- c9:b6:28:f8:0d:24:44:42:12:b8:b4:cd:ab:4a:67:
- ba:8c:ff:34:92:38:b4:e5:4a:53:fe:33:72:55:df:
- 27:d9:70:0f:47:cc:7c:d5:b2:52:bf:80:c0:a7:15:
- b0:25:c8:d9:a1:41:e2:ee:e9:f5:0f:9f:27:ea:7c:
- dc:ec:19:48:73:74:48:47:13:59:ea:89:e0:61:50:
- 08:95:fc:32:9d:73:21:8e:b2:75:95:41:62:0c:61:
- c7:b9:59:e2:51:a2:4f:bd:74:1b:0d:26:3c:c8:a6:
- 1a:cb:db:10:cc:33:dd:2a:0b:38:55:60:85:f8:25:
- 74:1f:0d:26:4e:db:2d:03:12:d5:85:00:cf:51:01:
- 95:94:c8:85:cc:0e:5a:05:aa:3e:7a:34:e2:17:8b:
- 3b:c5:21:a2:da:56:0a:ed:de:6c:2c:40:10:85:25:
- 5d:df:39:e9:45:0e:10:82:bf:34:5c:64:52:35:4b:
- aa:1a:56:37:ab:1f:7f:b5:07:5f:8a:22:45:4d:96:
- 21:6c:a2:eb:47:39:bf:38:de:b5:4c:99:af:bf:de:
- f8:7c:54:8b:40:2e:1f:80:1b:97:6a:fe:2c:05:6a:
- 1b:9c:cb:a1:1c:f9:9e:36:ef:d9:a2:1d:d4:61:d0:
- 6d:d1:b6:00:f8:e7:7f:74:f8:c0:81:95:7d:68:dc:
- f3:93:7d:49:33:99:15:d5:49:d6:6d:69:82:c1:9f:
- f2:3e:c2:db:0b:b1:e6:7c:e5:98:f4:9f:01:7d:57:
- ac:36:78:15:a9:54:6f:e6:3e:52:54:68:a3:bc:8f:
- 99:3f:02:02:1f:d2:21:b1:39:70:61:4c:2f:71:e5:
- 27:d3:d0:75:46:d7:5e:78:ee:82:a5:bd:6d:12:2d:
- 0b:40:92:61:c0:9e:8c:71:be:d1:bb:4f:23:fe:4e:
- f2:79:a0:bd:60:f8:62:e4:9a:5b:1d:e0:a7:99:bd:
- 32:b2:29:7b:ca:8c:6b:1a:80:c8:6f:b3:aa:a0:9e:
- 1b:03:ab
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- D3:CB:AC:FB:69:9C:D3:14:67:44:9F:FA:0F:B9:02:60:64:95:4E:17
- X509v3 Authority Key Identifier:
- keyid:D3:CB:AC:FB:69:9C:D3:14:67:44:9F:FA:0F:B9:02:60:64:95:4E:17
-
- X509v3 Basic Constraints: critical
- CA:TRUE
- Signature Algorithm: sha256WithRSAEncryption
- 57:d6:69:ed:9e:05:ea:4d:64:3b:88:98:26:6c:00:6e:e7:b7:
- cb:ff:48:a2:c1:50:03:39:28:46:94:c0:19:7d:ff:10:7b:11:
- 6e:88:6d:fe:d8:62:3a:ce:28:33:64:86:85:0f:9f:bf:13:23:
- 48:11:b0:86:fa:7a:1d:6b:8a:e7:8c:76:fb:1b:a8:a9:d5:b3:
- b8:f0:b4:08:27:a4:91:14:1a:e3:1c:11:83:39:2c:20:f1:19:
- 21:35:9e:af:69:eb:52:ec:eb:c8:63:e2:bd:76:46:c5:4b:0c:
- c2:f7:b9:c3:2a:db:31:4a:b9:ea:a5:04:c4:e7:b6:cf:fc:7c:
- 8b:8a:88:39:ad:f9:06:e1:c6:63:47:6c:47:5c:e9:0b:24:b5:
- c1:eb:5d:67:ee:07:ac:42:5b:d4:cb:00:eb:ec:c5:2f:3a:d0:
- 76:f1:2a:9c:b9:44:3e:ed:71:40:02:4d:68:b5:b4:09:de:4d:
- ba:1c:87:86:2d:3c:b7:2c:e5:87:aa:ff:e2:5e:ad:0b:8c:bb:
- 39:9a:13:26:e3:c4:34:00:48:06:14:8f:ec:4b:cb:e7:be:80:
- bd:c7:6c:b0:75:88:4e:cd:b7:b1:7e:bf:92:85:c7:a0:45:4f:
- 73:ba:a7:27:86:8f:12:cd:35:f7:8c:34:3f:66:1a:7f:53:1d:
- 21:8c:90:22:ff:e7:d9:95:aa:15:c2:28:d0:c5:9b:6c:61:e9:
- 15:ff:63:9f:8e:d8:b4:a2:d5:06:38:1a:cc:5f:89:2a:23:70:
- a3:32:22:cd:00:20:c7:65:60:17:5e:8a:cc:dc:96:08:38:a5:
- 7d:65:46:79:79:02:11:04:4b:86:9d:f3:b3:2c:c6:2d:18:b4:
- 31:e1:86:aa:4c:0c:93:c3:fb:7a:5a:63:c2:6f:68:d3:86:2c:
- 6d:cd:ab:6d:41:d2:36:32:c1:52:25:d0:68:bc:ac:ca:f3:41:
- f6:5a:46:83:15:bd:e6:aa:3b:dc:6b:44:1f:6c:02:e9:ed:b5:
- 91:28:8d:af:6f:27:1b:71:83:61:a8:8e:15:36:01:92:42:32:
- 61:62:43:04:31:f7:f3:f3:c9:c0:93:19:c9:dd:4d:51:3b:64:
- 3b:06:90:4f:93:22:15:6e:8b:5f:2e:4e:11:a7:b9:a3:f2:fe:
- 45:c9:ea:4b:58:57:95:b3:77:29:9f:7d:bc:1d:a2:3d:5a:38:
- b3:72:b2:c7:8b:12:a9:39:4f:4f:2e:bb:7e:ce:91:bb:82:c0:
- 67:37:79:f6:9c:75:3b:39:6c:82:ac:6a:06:09:70:99:10:76:
- a4:38:46:50:7d:8e:d0:24:fb:dd:32:8f:40:00:d9:d1:50:20:
- 69:bd:86:b9:9e:89:23:60
-----BEGIN CERTIFICATE-----
-MIIFmTCCA4GgAwIBAgIUDkfO2zOgEJObsaxmfBYtidC36h0wDQYJKoZIhvcNAQEL
-BQAwXDELMAkGA1UEBhMCVVMxDzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwLU3By
-aW5nZmllbGQxDDAKBgNVBAoMA0RpczEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29t
-MB4XDTE5MDMwMTE2NTE0MloXDTQ2MDcxNzE2NTE0MlowXDELMAkGA1UEBhMCVVMx
-DzANBgNVBAgMBkRlbmlhbDEUMBIGA1UEBwwLU3ByaW5nZmllbGQxDDAKBgNVBAoM
-A0RpczEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEF
-AAOCAg8AMIICCgKCAgEAzsar/ZzS2lX5PV/ADRqmHNF/AfQNnM6FiwGPBnMKtpLh
-bmN95IPKwBFncNmJDKliCsPMAFNvthsL4etiAOjtFBbGKUUM7iVAIRDCPZo7XCdU
-u+Sc9uO03PEOusVvYJRFuI32pBq0+oJ7WlWmEcHU5kHcx0GO20ZrogrBE5ZHEksn
-LtVF1FHJtij4DSREQhK4tM2rSme6jP80kji05UpT/jNyVd8n2XAPR8x81bJSv4DA
-pxWwJcjZoUHi7un1D58n6nzc7BlIc3RIRxNZ6ongYVAIlfwynXMhjrJ1lUFiDGHH
-uVniUaJPvXQbDSY8yKYay9sQzDPdKgs4VWCF+CV0Hw0mTtstAxLVhQDPUQGVlMiF
-zA5aBao+ejTiF4s7xSGi2lYK7d5sLEAQhSVd3znpRQ4Qgr80XGRSNUuqGlY3qx9/
-tQdfiiJFTZYhbKLrRzm/ON61TJmvv974fFSLQC4fgBuXav4sBWobnMuhHPmeNu/Z
-oh3UYdBt0bYA+Od/dPjAgZV9aNzzk31JM5kV1UnWbWmCwZ/yPsLbC7HmfOWY9J8B
-fVesNngVqVRv5j5SVGijvI+ZPwICH9IhsTlwYUwvceUn09B1RtdeeO6Cpb1tEi0L
-QJJhwJ6Mcb7Ru08j/k7yeaC9YPhi5JpbHeCnmb0ysil7yoxrGoDIb7OqoJ4bA6sC
-AwEAAaNTMFEwHQYDVR0OBBYEFNPLrPtpnNMUZ0Sf+g+5AmBklU4XMB8GA1UdIwQY
-MBaAFNPLrPtpnNMUZ0Sf+g+5AmBklU4XMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggIBAFfWae2eBepNZDuImCZsAG7nt8v/SKLBUAM5KEaUwBl9/xB7
-EW6Ibf7YYjrOKDNkhoUPn78TI0gRsIb6eh1riueMdvsbqKnVs7jwtAgnpJEUGuMc
-EYM5LCDxGSE1nq9p61Ls68hj4r12RsVLDML3ucMq2zFKueqlBMTnts/8fIuKiDmt
-+QbhxmNHbEdc6QsktcHrXWfuB6xCW9TLAOvsxS860HbxKpy5RD7tcUACTWi1tAne
-Tboch4YtPLcs5Yeq/+JerQuMuzmaEybjxDQASAYUj+xLy+e+gL3HbLB1iE7Nt7F+
-v5KFx6BFT3O6pyeGjxLNNfeMND9mGn9THSGMkCL/59mVqhXCKNDFm2xh6RX/Y5+O
-2LSi1QY4GsxfiSojcKMyIs0AIMdlYBdeiszclgg4pX1lRnl5AhEES4ad87Msxi0Y
-tDHhhqpMDJPD+3paY8JvaNOGLG3Nq21B0jYywVIl0Gi8rMrzQfZaRoMVveaqO9xr
-RB9sAunttZEoja9vJxtxg2GojhU2AZJCMmFiQwQx9/PzycCTGcndTVE7ZDsGkE+T
-IhVui18uThGnuaPy/kXJ6ktYV5Wzdymffbwdoj1aOLNysseLEqk5T08uu37OkbuC
-wGc3efacdTs5bIKsagYJcJkQdqQ4RlB9jtAk+90yj0AA2dFQIGm9hrmeiSNg
+MIIFLjCCAxagAwIBAgIRAMMSh5NoexSCjSvDRf1fpgUwDQYJKoZIhvcNAQELBQAw
+NjELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxEjAQBgNVBAMTCWxv
+Y2FsaG9zdDAgFw0yMjA3MDgwOTE1MDlaGA8yMDcyMDYyNTA5MTUwOVowNjELMAkG
+A1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxEjAQBgNVBAMTCWxvY2FsaG9z
+dDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALtrXxnHr7eUM7Xh7awY
+LwompmuznbTa/8+OsihSaelUN6RDsAdm7eOMA7KMqZB5NOfeDqEqMIUoaoQ1gzIm
+0BJ4dCgi99SnA8b0MjAGqUpRJ3gLLSXsPa5647gxUSP5zQ0hWMMgGaw4rJ9LDOtU
+z2S8dtqKTHrXl34mpdsLrZyLXwyz8UJ83Jq2Ngx4cApZrbs+g1XlMRV8Vh89Z2bk
+bbKmDYmIOhTeE1wLdrZ/XecEOvkGZcj3bWiO/yTnP8mTER2hTvSxUrpyHn/55LkU
+8PR6wCO7hntZ9LLWxg85XTRdWL7cIyjgJgfL9+hVQQyNEjWC2+LTq1QExqa+IxoH
+iL4xX/1y+6o1W5XKLf/uplgaWuSK+mjQeqc387DwYbj61QWOjCoaJA1wl6RHuGGV
+6ygpdAO1l8o+2U8nuULHW5lx+1BtMG5ytAXy9dWPercs5L8gh1IRNCVXWKsQCCWg
+iG67nErFV5iRFLuAIX7ixLKJ5MGp/fVKUI9V1EViM2GUU46PVAPhhlZ1qcygjbZ5
+CelBnQ/XvGof5b4zm4eEgCc0ZkqsQDeS5jPjTtES8/y5WEKqbyijmvx2P40nuO/d
+aTxNretMwaptWzu+WXHih0WG2Sq85m41070xsIMEwlqSfdiOOPdax6393NJgkdM7
+5NKC3+pzcHK1S1+x/Guawv0NAgMBAAGjNTAzMA4GA1UdDwEB/wQEAwIFIDATBgNV
+HSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IC
+AQBTLnU8jFCmYpPUBOqj/xzBqokiQK92axG/h/3JgB7fFSLzUCV3NtvwBVCU28rA
+wHwBYPjmGhi1vyHha/hb6V2WMPt0jhMRpNxCf16dAMoyIoWNas88vU2Mef90Chfj
+8e6wLtzqAquX/ruwIfsOMnbcSGuh+y54DspCXgsTZ9cnCI2lnQroXZi4WUqi3Enj
+mFPpVc+mMlffGW6LISo3ehRLA7k3/01yJhqzpTQw44k9ZfJ7VXZTRJKJsaqeljzV
+VfzDbDfW8ftbZ8IWQGAOQfTa23aHIYcvJfvyxpfQRyrwRxjGytLHoOH/G+1TZuOt
+KBJ2Xdi9qrr+Wep4eNJm2cTBd1Fpr0hWZ9K27BwwYdZZF8Eu8eP8hSeRmA4PqzAj
+HauCl8PgWJIWzMloXVZaGxiYX7sGVs79m/Yl9A6+p8RTpK7DVB9+sDIiD2bhiZqL
+i9YWM8aD2cR20t2ZkuBBPlVTOouF/WotOWrLhT4J+SngkdmLkAjP/5jPFvpTfeGi
+THyAmp4gigwaM0nIZskPcPCbkk+zFYPToyS49ZJwQMzqK2hkjyQ9LyzUdo9vlDjL
+8lFjlUZzqaR0DF3pbf8fs5/16gPurR65SU/ebOs+uxZLYJrP2zKmeISE+q4AMudc
+rQ0Z6KmGUiXnIvpB105UJ7jlXCxbsruc8gRTbjkgW7yoXg==
-----END CERTIFICATE-----
diff --git a/config/testdata/self-signed-client.key b/config/testdata/self-signed-client.key
index f7089513..4e4b2c2e 100644
--- a/config/testdata/self-signed-client.key
+++ b/config/testdata/self-signed-client.key
@@ -1,52 +1,52 @@
-----BEGIN PRIVATE KEY-----
-MIIJRQIBADANBgkqhkiG9w0BAQEFAASCCS8wggkrAgEAAoICAQDOxqv9nNLaVfk9
-X8ANGqYc0X8B9A2czoWLAY8Gcwq2kuFuY33kg8rAEWdw2YkMqWIKw8wAU2+2Gwvh
-62IA6O0UFsYpRQzuJUAhEMI9mjtcJ1S75Jz247Tc8Q66xW9glEW4jfakGrT6gnta
-VaYRwdTmQdzHQY7bRmuiCsETlkcSSycu1UXUUcm2KPgNJERCEri0zatKZ7qM/zSS
-OLTlSlP+M3JV3yfZcA9HzHzVslK/gMCnFbAlyNmhQeLu6fUPnyfqfNzsGUhzdEhH
-E1nqieBhUAiV/DKdcyGOsnWVQWIMYce5WeJRok+9dBsNJjzIphrL2xDMM90qCzhV
-YIX4JXQfDSZO2y0DEtWFAM9RAZWUyIXMDloFqj56NOIXizvFIaLaVgrt3mwsQBCF
-JV3fOelFDhCCvzRcZFI1S6oaVjerH3+1B1+KIkVNliFsoutHOb843rVMma+/3vh8
-VItALh+AG5dq/iwFahucy6Ec+Z4279miHdRh0G3RtgD45390+MCBlX1o3POTfUkz
-mRXVSdZtaYLBn/I+wtsLseZ85Zj0nwF9V6w2eBWpVG/mPlJUaKO8j5k/AgIf0iGx
-OXBhTC9x5SfT0HVG11547oKlvW0SLQtAkmHAnoxxvtG7TyP+TvJ5oL1g+GLkmlsd
-4KeZvTKyKXvKjGsagMhvs6qgnhsDqwIDAQABAoICAQCJTCnPkF4BU6zXL8jZ6qP5
-5rEqnt6bDBZoInTRl3m5mPXO0ok5PrlVpzjEGe2CVsYe17uRS9WVWYgeTqkYaZFi
-EW0q4gqf5mQakIIpXUuk+QiuajI/TRs+yWE6avZ1bn6M+NaYSJN680DszooiqE2x
-RnJObB1rQ+scAYAKfXJbl0NBOaPQQy5oofNy5m3cYYn7o8Tk9tNL4/kITlbvGNeE
-pqx4kGBpZJsA1areSjXfqqJBT4lSzXaUOKdydC6gXNGoRZh7vJ36629ConrF3R77
-/qR00qzZFyVlFuI0ZOGxzwtK63/3LIs+BOYhaQ5bPM/2JFOXA6kKzcBuEFVkW5oq
-APoST7hk1mVdMKDigaT5pmuB8JB9RC0w/oR3OXONImKYPf3fBUSU1hw6YyVZFA6c
-6SKik3g/sWl0BZvqCJgU3v3qTLhVPXtiDj97g9pWdyfJBduE8Ft89OHljNbY2HBd
-hyW+/XSjodWW1CRr4v1DNXjg880VOWzueptROviEwFkpxi6oKFBXWegWMW5kR03d
-21XlzrB20XckTjK5c8jQ5lQG49CnX8MyYMfj6f0HNCbIghbKfMvO7fWY1sD7wAlL
-DlLr5MLxal9Wm0Jx56DQ6ZgnSCU0ms2L0RT9IVESGWC1am9/FjMvmK+zdvS3uFgb
-HzwxN+7XD+4klO7H2GQFIQKCAQEA/pKzCLvJLyX8/bu4U5J9Ndf/V1N8YW++IOdl
-MZZw/QPZPJhg23Iw/9kGOPL0W1BqxFwaC6UWuR9YXLS+/GfGUlaeLbeGvMs3w3FH
-W9RjCwLMnBu2JwUqJqSqc9dkQor0up8sa7sYOPqOrHupIFBxx/tV5o24BJ0xz2RH
-eN8VdT/XejW2CY4UX9LGk0l8iPySGRx5d9MACrHwqmCMhTqiWAob7r3D+DQxqd4r
-4q/lZ8ItKTzvrebHotBQcdMeIqIlQWG/chVKynxtB04zNOXwwtSxOKPsN1EysBsC
-vklZ3FeYFipHKsmKX/COWDjnyKmG/iRVjZ/O5vZ0rsQl8iujbwKCAQEAz+9i0Wod
-xrqX9Gd30JVANy5rz74wfvBy03J2T1KZmMxPhtVUloWU93952CiUpD2Xb6nwa00V
-LxYfXlt2YrfV+2I3YP6TC8VXiX7uQ8i6tg2JAY40mrbuYoO3P1gfgdJ909TjLhrL
-aNg+nCyJDePdeKbX0yMf4ukHBNbvSH65fkp1cl4uU1Wvb4tGNcyYcX1q953JP1ue
-PwgysbuXz/chpHmw8pH/GSZ5FAxGvHwkBmA0BYhDcpETFfKfm2NEDO5xa/4GTHNi
-o+d5/fotJmihY5IpyVlSai8Kox9mYUin6ntbFkCvK+x6m7859N1lPG0BJVJTD+Cx
-AXI6QQDyl+kVhQKCAQEAxXfd0GR5xkzdVaSLcqgq391Qf9iOnrYi8TsMz842jsyx
-ccNxPkfxokQiA4LR8RML/ozC102Ttr2NuTuq+fc1ayEtSaEWrtOjycLQ63Zv7Vaa
-iG0melYTQC5y2bC2YLeQ5kIaHubd/zS7/yddJWfBGrLnCxPbLhkRTiInHqdM6co/
-xthrADZpr3q79fwG0eu5GClyP3Q4kBM+76o81guJamlNCX/Bx4IVFAL2X7y5YibJ
-CTfvYyGksbKM8/4jXhIQfArqif/iJ/ckS4ppRhsnCroZTio5TR97BgettRUI01ZO
-7sKUuafj4k+i2uQpRwnZYMGma1kPETETiY01MgiPmQKCAQEAyQcnAk8VeovrXN6r
-d3zUGIVItg+p0w+j88k1mHrDBHaCbFjS7rM20hDsO48AJclmHw6s4RAk6uD4csD6
-M3aH6gGKiLuWbkrb1pJgyCfIWzm6u0ZAlVNGJPgysYsA6wIVpDatbGV7QmHOJi7o
-UgV6mKq0/et3aGjh4EvsCqp5qx9RbMChCPBOLAj6WAj1WMNoJvzlE9v/ofDLEgnL
-O8QxQlJkQB/mAOqxJDC6Mn/SVFet86tJifm3+gAXTqMpp1bfUQjGDiN/ufaQenrk
-K738SceFnqQ8iWvxXMN+t48GyCt6ZIkk0dJOt0SpQ5LHzSOVd/+fTjps5nkI2M+R
-ukweAQKCAQEA3dmHRAqs0gjvJ2gthayT0G7s8s6oObxfKYpRLw8Q8s+JxwZRVr0O
-aTt1kYn2eXIdO12zLBspRiX+1tmbpD3hEoO+NPplvNsfwzbPtDYofYT1bD8J19JV
-seFbdHlxNGBHaesjNLIsbTRPokATLtvhyQFNhS2SBV4OLiu3GzfSgGBMaPoSDnNN
-+OHZ/0aunQkpOF90/LzFrhMYttXhkMSgXGyg4kZkg93HLVGOvz3/WIcaEh8Merqc
-+pzLRW+nhJin0lDW8RfvAPOZlL6nTTUWZc6cr2yyJFxzw4AqvGhvCnD5Px9mPNpP
-XM9QqgBE9ayYiJyup/gvGszbv/43ZOuHPg==
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC7a18Zx6+3lDO1
+4e2sGC8KJqZrs5202v/PjrIoUmnpVDekQ7AHZu3jjAOyjKmQeTTn3g6hKjCFKGqE
+NYMyJtASeHQoIvfUpwPG9DIwBqlKUSd4Cy0l7D2ueuO4MVEj+c0NIVjDIBmsOKyf
+SwzrVM9kvHbaikx615d+JqXbC62ci18Ms/FCfNyatjYMeHAKWa27PoNV5TEVfFYf
+PWdm5G2ypg2JiDoU3hNcC3a2f13nBDr5BmXI921ojv8k5z/JkxEdoU70sVK6ch5/
++eS5FPD0esAju4Z7WfSy1sYPOV00XVi+3CMo4CYHy/foVUEMjRI1gtvi06tUBMam
+viMaB4i+MV/9cvuqNVuVyi3/7qZYGlrkivpo0HqnN/Ow8GG4+tUFjowqGiQNcJek
+R7hhlesoKXQDtZfKPtlPJ7lCx1uZcftQbTBucrQF8vXVj3q3LOS/IIdSETQlV1ir
+EAgloIhuu5xKxVeYkRS7gCF+4sSyieTBqf31SlCPVdRFYjNhlFOOj1QD4YZWdanM
+oI22eQnpQZ0P17xqH+W+M5uHhIAnNGZKrEA3kuYz407REvP8uVhCqm8oo5r8dj+N
+J7jv3Wk8Ta3rTMGqbVs7vllx4odFhtkqvOZuNdO9MbCDBMJakn3Yjjj3Wset/dzS
+YJHTO+TSgt/qc3BytUtfsfxrmsL9DQIDAQABAoICAAyGlIiIi/nc8cfKHbROuXYY
+Ny8jhfq8WDRq+QUw3Ns3QbC8xVr5ShTXGrgoJnz9XMfSU2/5/dwoY1YKrYYAig9x
+9XFpRN71eo8lauVCzLWmzth7Br1uGIE8vVNmGGIrI8Uo4WHJF24nK4JJ5cckl+fH
+oLniXFIpbnqD4rnNAgFgXy3eKNWkuqmsW9hhhDts2uuUtfpbovgooyjbVbnOsnYq
+GuWCMT+LyAdyzLBNutzhr39NKihQQQOn6u1wdxbluVMdoMVBxKGpVth+vwaPm7r7
+KTQ6KDa+QFhjekEyOERzqKa417C3qlMDEsJ4UCyikQD6ie+S7fRjjVM/ieEHd+AA
+66CbJ8u3yfXxaicn+SPCeHVKd4GKmJgsg1KDSSg0+w5JWwmAiCJjEydX2HOdx2ys
+SV2C4o+gxhA48U8ZgGTVoom0OgouQ7rnMd6n3juBDq2/Xp1FeDcE39yEffN7t4XN
+vHfD7Hjp5capxVyEnpzu0tTVf8KP00NJKtS6I7d8IavUBCgFiJZFXJWdsbhgSsg9
+UdypUMd6rW81VaaKvi3JSjWwFpmUVAhr3hFNyQB9+2rxvDCWhUqFKWqjWdPfMgxx
+qO6eam1S22vrZcyJVkfTzArFQd0J/41Ak0yErLJKLTDEYaBRxFPV0ujWskrmU96c
+f+m4/k7p3sD8KooXfrERAoIBAQDWSmsFzSOugShur9phJV162XrtbOnV7n1Ko0Vu
+U/ftohC5FNq0kHxAkY4kGMz2QHdJnqpQoJaCK8pJ+8nA1Osutt31tS3YrOotlNwk
+KsFSiy+i9xf4NcOr9xKoSEstFPJeM650xPfVP1p4sq87BB2Z3uWfLtWnRxTJnpA2
+nwwtdrK5fO3pZnVlWQ4akqbndCjUWURXVOVxDHCyDdwoiz3BpGmVV6jCYanC3e3S
+E7/OlRLJfRAXoCEbzFsQpsOYncaEG7cAz9pBBXA6VVyEPlVyMG0GHs30W7aG5Bfp
+IcbhacGyjdV5Wwx8WGun1pOHoclLX7pJ6jOXLobpUVH4FUNTAoIBAQDf5gX9aBqK
+QxBYcqhZ0aby9K9ZAXSRr03drf4s+TXSU7rUdBqV4BRj1cjQLB6pxpo2ryLoHhkf
+tLVRnEWpRgSlfu7qSYxU8rNUacAKAPnebjQxU6NMVzFx7zDQz4TJT2StsxoSIw+l
+O4MwWDvIxHcpjIrl1eZh79BSzrq5dsf3vrPCM+Xxivdkx82WJqiVX/LrY3l9R+kC
+ud1b3O5vFdhpo8e0sygCdF0+sC0jwE82SCjMMGHMZWd74rmkuHFpJ1xSQf9/jRCf
+yKhITI/su21FS4rn1rApWpzAvhfhV7HqnwWzFTtmLeGsI+yW4fb1j6oK7t/rVZ+p
+lnwISXpOPBIfAoIBADnMttNIwsAV7F72pdOgLXeuY37Y6rWeb0MLiPW6RlxdY19Y
+pakgc7NCz3EjE120g7hiyJOYzR/tSdHszT1q8MiX4ISeyu/vq/aBeWNz+NMX4dB2
+D4wOjGm86dZkMYrGZJ1OGVc7rZFiVjfKEoO7l3Rib9Mg4dYN0SiU0Vc6TSGSK6Dm
+dpGG5lFg1PIL7mLtrPmh3lIj/wMgFOGh5Wk2LYEmpKf4jfdoOk7qZ3RLiWfiQ7//
+MLD+qw+BbmquYIGwxNPrWdApQDhbjCrfzWWKHqf/Mdj9xBWOC0yVB3IFf0xbpzhP
+E255RYPgoaESupZR6CahenDnb+TuUstp+M8OhSsCggEBANw/9gJ65yi9ohWv7MY2
+g+maI+gFk3tAnPOGFnR9TqGxdidKc2CeBtDS2/FUhXFzif5jOI5oFUToSjmW5bwH
+wchfXn0gjqh9+0T9pkjw/tv9QuCHKyuM1noC1t2CVliF/j8U4X+X9+sN6RakpWLx
+SVuZAoXnbfNHqoHbFToei8W9Vi2jSf7bOlRsbGPZcZtHwLonp7pDBAeHeSbF5dNn
+BPWehHTQjHolqBhjzHPP2NxIDcIXkg00b6Ehvoc4XXAYpSvR+pmp1gGorUo57pbt
+JSe2kVVRDwgPOAYuuWUWFFH9zuiE6WKxnb7ts+4VKRAVHCwXIjTpjN+Rxj+MsIDH
+fPcCggEBAIRgZPwB6eI+rvYOPUGSeU681O+8/ZgjyAi8HSOk3dCc3J2fX31m/GsR
+xM+FExbGYJ3BfdgB9YbLSI8eY7weJRodm0FoCuHePu81z4xj9yEi5hBodXhhDjQM
+/xbgsSWeotQ+5lTmc5hgve1hl+3t09qNttHaELWASD+0ixBC6A6J4GB68ZKRIunW
++ZGiEvrNey6Uunf7T/Wgc+VDcA3HsniaY2yTZY/jWsmDxt/BAwUaQrNwAbHvm/1P
+J04mvCreWfOITe7CURcLq4FMGzsCEXtdQ77/uJllew1Uv2Yn2WFUiqVxH+UicR1P
+vOJ7/LvbOa8BlIMsprB2rz3PDSUSaIw=
-----END PRIVATE KEY-----
diff --git a/config/testdata/server.crt b/config/testdata/server.crt
index 2ead9698..1b86f58f 100644
--- a/config/testdata/server.crt
+++ b/config/testdata/server.crt
@@ -1,96 +1,33 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus TLS CA
- Validity
- Not Before: Apr 5 08:06:57 2019 GMT
- Not After : Mar 26 08:06:57 2059 GMT
- Subject: C=US, O=Prometheus, CN=prometheus.example.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:bd:6c:b6:7f:d1:2f:be:e4:41:eb:5d:ff:50:78:
- 03:2b:76:03:da:01:48:20:13:90:66:c9:ce:6e:06:
- e5:fa:2d:0d:c0:b0:46:28:44:10:a0:61:79:87:a2:
- 98:4c:29:fa:f9:bb:0f:44:c7:90:5c:5c:55:60:cd:
- 45:da:b8:e4:dd:28:72:c8:8b:a1:3e:4b:00:09:82:
- b0:2c:dc:d6:17:c9:02:f4:cd:26:c7:11:28:f3:77:
- b5:97:c2:76:c2:e0:07:d7:34:5b:e0:ed:1a:59:a5:
- b4:b7:16:09:3d:35:bd:d9:03:07:9d:7c:3b:f0:63:
- bd:5e:02:99:cf:32:e1:ac:4c:7a:3e:4c:b2:8e:98:
- 68:07:4f:59:dc:0d:bf:cc:83:04:5c:d8:90:f0:73:
- da:2b:08:17:c4:36:a7:d8:94:3d:b6:c0:af:29:0a:
- d3:19:5f:eb:7d:cc:4d:05:56:11:0a:ee:b1:f3:d7:
- c9:5a:3c:8c:57:16:91:51:14:f8:20:4e:0f:29:9e:
- 04:21:e6:f1:e4:e8:44:af:d7:25:92:08:64:fc:2c:
- 1c:2e:4f:71:53:91:53:1d:e5:f9:7b:52:0f:21:da:
- 5c:dd:19:68:96:ca:70:6a:f1:c4:0d:07:af:f8:65:
- 13:92:e9:ef:65:b3:89:86:fd:c0:74:5c:a4:6b:49:
- 62:c5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Key Usage: critical
- Digital Signature, Key Encipherment
- X509v3 Basic Constraints:
- CA:FALSE
- X509v3 Extended Key Usage:
- TLS Web Server Authentication, TLS Web Client Authentication
- X509v3 Subject Key Identifier:
- 00:61:01:AD:25:44:8A:EF:E1:2C:EC:83:5A:3A:3B:EA:A0:BD:E1:45
- X509v3 Authority Key Identifier:
- keyid:4D:02:BF:71:95:6A:AA:58:C5:9C:B8:83:67:5E:64:16:99:E1:2A:9E
-
- Authority Information Access:
- CA Issuers - URI:http://example.com/ca/tls-ca.cer
-
- X509v3 CRL Distribution Points:
-
- Full Name:
- URI:http://example.com/ca/tls-ca.crl
-
- X509v3 Subject Alternative Name:
- IP Address:127.0.0.1, IP Address:127.0.0.0, DNS:localhost
- Signature Algorithm: sha1WithRSAEncryption
- 77:97:e4:ef:db:10:8e:62:50:96:4a:6e:f5:a4:f9:1f:19:3b:
- c8:a4:dd:b3:f6:11:41:1a:fb:e3:f8:dd:0e:64:e5:2b:00:b9:
- e6:25:9f:2e:e1:d2:9a:cd:b6:f2:41:4d:27:dd:2c:9a:af:97:
- 79:e8:cf:61:fb:cf:be:25:c6:e1:19:a0:c8:90:44:a0:76:8a:
- 45:d4:37:22:e5:d4:80:b4:b3:0f:a8:33:08:24:ad:21:0b:b7:
- 98:46:93:90:8a:ae:77:0c:cb:b8:59:d3:3b:9b:fb:16:5a:22:
- ca:c2:97:9d:78:1b:fc:23:fc:a0:42:54:40:de:88:4b:07:2b:
- 19:4e:0e:79:bf:c9:9f:01:a6:46:c5:55:fa:9f:c0:0d:8a:a6:
- e1:47:16:a6:0e:be:23:c9:e9:58:d6:31:71:8c:80:9c:16:64:
- f0:14:08:22:a1:23:7c:98:b9:62:d1:4a:ce:e3:5c:59:fb:41:
- 87:a5:3b:36:dd:3d:45:48:b0:b0:77:6f:de:58:2a:27:4d:56:
- 20:54:08:20:c8:6d:79:b5:b9:e6:3a:03:24:0f:6d:67:39:20:
- 78:10:2f:47:85:83:c1:4d:17:33:79:84:75:27:fa:47:67:59:
- 56:cc:33:7b:a5:77:aa:59:9a:98:30:10:1a:78:43:34:8f:ed:
- c2:a1:a3:ea
-----BEGIN CERTIFICATE-----
-MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET
-MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp
-Y2F0ZSBBdXRob3JpdHkxGjAYBgNVBAMMEVByb21ldGhldXMgVExTIENBMCAXDTE5
-MDQwNTA4MDY1N1oYDzIwNTkwMzI2MDgwNjU3WjBDMQswCQYDVQQGEwJVUzETMBEG
-A1UECgwKUHJvbWV0aGV1czEfMB0GA1UEAwwWcHJvbWV0aGV1cy5leGFtcGxlLmNv
-bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1stn/RL77kQetd/1B4
-Ayt2A9oBSCATkGbJzm4G5fotDcCwRihEEKBheYeimEwp+vm7D0THkFxcVWDNRdq4
-5N0ocsiLoT5LAAmCsCzc1hfJAvTNJscRKPN3tZfCdsLgB9c0W+DtGlmltLcWCT01
-vdkDB518O/BjvV4Cmc8y4axMej5Mso6YaAdPWdwNv8yDBFzYkPBz2isIF8Q2p9iU
-PbbArykK0xlf633MTQVWEQrusfPXyVo8jFcWkVEU+CBODymeBCHm8eToRK/XJZII
-ZPwsHC5PcVORUx3l+XtSDyHaXN0ZaJbKcGrxxA0Hr/hlE5Lp72WziYb9wHRcpGtJ
-YsUCAwEAAaOCAREwggENMA4GA1UdDwEB/wQEAwIFoDAJBgNVHRMEAjAAMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUAGEBrSVEiu/hLOyD
-Wjo76qC94UUwHwYDVR0jBBgwFoAUTQK/cZVqqljFnLiDZ15kFpnhKp4wPAYIKwYB
-BQUHAQEEMDAuMCwGCCsGAQUFBzAChiBodHRwOi8vZXhhbXBsZS5jb20vY2EvdGxz
-LWNhLmNlcjAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vZXhhbXBsZS5jb20vY2Ev
-dGxzLWNhLmNybDAgBgNVHREEGTAXhwR/AAABhwR/AAAAgglsb2NhbGhvc3QwDQYJ
-KoZIhvcNAQEFBQADggEBAHeX5O/bEI5iUJZKbvWk+R8ZO8ik3bP2EUEa++P43Q5k
-5SsAueYlny7h0prNtvJBTSfdLJqvl3noz2H7z74lxuEZoMiQRKB2ikXUNyLl1IC0
-sw+oMwgkrSELt5hGk5CKrncMy7hZ0zub+xZaIsrCl514G/wj/KBCVEDeiEsHKxlO
-Dnm/yZ8BpkbFVfqfwA2KpuFHFqYOviPJ6VjWMXGMgJwWZPAUCCKhI3yYuWLRSs7j
-XFn7QYelOzbdPUVIsLB3b95YKidNViBUCCDIbXm1ueY6AyQPbWc5IHgQL0eFg8FN
-FzN5hHUn+kdnWVbMM3uld6pZmpgwEBp4QzSP7cKho+o=
+MIIFsDCCA5igAwIBAgIRAMMSh5NoexSCjSvDRf1fpgMwDQYJKoZIhvcNAQELBQAw
+aTELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy
+b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRowGAYDVQQDExFQcm9tZXRo
+ZXVzIFRMUyBDQTAgFw0yMjA3MDgwOTE1MDdaGA8yMDcyMDYyNTA5MTUwN1owNjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxEjAQBgNVBAMTCWxvY2Fs
+aG9zdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANPl1Iv/z+M8jHHU
+SggOhvCS/0IfNi82+OprwalmhSL1FyRrGeHDpKArIrHhal7oukizJq96wKTddUVu
+hjPR7srSYX7J2oPznjb2FmLHnD8y+zxO83XNA5WCDB0yA/KhWHhDmd2pihTTZOo9
+jvGi3+LyIqXUeiwIpxuNnH2ghoUy+DTzNCknLkIKAVnDPoM1AI0Wu24rs14A8ZVW
+ivzY/P8xGwlMmDndrrHwJzMSEMeH7IJi9hx4zJalpoYTVq6Z0Rv0+7SpS+iswi/e
+MILDhmSvLw0R4x31xkzsPOtUsocVjgBCGGGHo70ISsAxsL6E9QFe2uwZSvbBKfou
+JaM0txRIZahMeHy5egh2+J08vuZKo9PDBWwKwqQZ4Kb7WtgekiycLmFa/OYHLUX+
+Ow8QXu5HU9v9XlP9GV2FQDka2IuMTtS5JCEt5e9ddSb4KVbkRAhfL2snA+w0nmrf
+CBlrlThFz5Evy5QNAo1ORwiE+8gNUc12EAu9K3TK9WSUYNrLCbkN3oBL+DVp8Y6q
+quUpKEbElhsJ9V49Err3LPaXpz5aW7Th6oFq7UOB7chqKQ2SNl3/hTlNUw8wFb9Q
+i8AXs+4SzHo41IEe9QZBvpeucVmdewbJKvNS8Uxs2wmtTq2G2Ae3qGzWl682J7aU
+w1X6Y46OanQDNtDVQvGN1CW5kvCXAgMBAAGjgYMwgYAwDgYDVR0PAQH/BAQDAgUg
+MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB8G
+A1UdIwQYMBaAFMaaHh5g0+YopeLd1IkizXyK9K/zMCAGA1UdEQQZMBeCCWxvY2Fs
+aG9zdIcEfwAAAYcEfwAAADANBgkqhkiG9w0BAQsFAAOCAgEAUXL/lzbgbs6whVrE
+3wkp0oDGVZ0Jti1hpeQk7Slt3PHsgu9OQOSGcv9QHs0ybhkDWZQjoCH6Nurx5QaY
+GnpNQjylfy3zAziO0c7C1uXf7Z9AEMQwbOHFLefnvq86MtnwJ7sadQo+ViwtMgOW
+He4YhkTyu2CqK8GFXRQUNm/SunffXp5zErPCNQURh4hrDUGlXPzyxgx1DyqFvF4S
+X8IpsoED3d7cbEL7E9dgXNl7wuy3qoPi9P9KydFTIELBGt1oco980S1attSM9159
+t9iUIUMT4EdzmZxpIyJMCD+Lz9Y3zWVyz7DTqFWOtAtmhM4lu44K4S4d/JfAGEal
+3h3SMCbBPKwpsloO4r9TeGi2f+T7hfiFMdCezEyG8sXrObCDyVudyUnXnxDkZ5TQ
+NOzqJaUJHeKzb+Z9WSovce3Pb8ok3GoDugmwqyjuN/rz/0jsDTJm18I6HHtONbUp
+AIV/H/4+Kewc+Ztv97J7MeQB/2VKcY3vpZpMSEkg2ummRhXUfi0haxfoSCKvRwiD
+BElUVtwHTsn3OBnKMGcBt32iLVsvbb/0AtNpohznPdQT7dqDVguejmwHn/fc4u4Q
+vfAay/ACARti9XKGplQi7xn+OoYcAVPLYitYBRNEc6t+4f3EKehrDIMRCnxOFBVX
+9Dnm1DebturSQQEOuX5rP15lG1I=
-----END CERTIFICATE-----
diff --git a/config/testdata/server.key b/config/testdata/server.key
index e1226c0e..678da7b1 100644
--- a/config/testdata/server.key
+++ b/config/testdata/server.key
@@ -1,28 +1,52 @@
-----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9bLZ/0S++5EHr
-Xf9QeAMrdgPaAUggE5Bmyc5uBuX6LQ3AsEYoRBCgYXmHophMKfr5uw9Ex5BcXFVg
-zUXauOTdKHLIi6E+SwAJgrAs3NYXyQL0zSbHESjzd7WXwnbC4AfXNFvg7RpZpbS3
-Fgk9Nb3ZAwedfDvwY71eApnPMuGsTHo+TLKOmGgHT1ncDb/MgwRc2JDwc9orCBfE
-NqfYlD22wK8pCtMZX+t9zE0FVhEK7rHz18laPIxXFpFRFPggTg8pngQh5vHk6ESv
-1yWSCGT8LBwuT3FTkVMd5fl7Ug8h2lzdGWiWynBq8cQNB6/4ZROS6e9ls4mG/cB0
-XKRrSWLFAgMBAAECggEAezQ0V1o11dEc1vuiTjJgzWnLA4aF5OcUquZjb8jo2Blp
-soR0fUgYEFiV9RRaPl+nr7ptKe0rBgfAOGALKUHNCdN/JNU8oQmjEoyADg3s6jeB
-xruQlzWgDwszf2uqVwHj16Nkhx1wYBKZQeQBSmCkBHwl/daKHcahqn3CkLOleKx+
-Qlc3BzWNaGte6qpJMs0It3by1FuxRwVz5VkL8uhzj0WIOYMA84t0gTnFH9gfRO3F
-licotxg/Nl5M36wWcfL8Jq++72AtaKcD1jUEwuQpogrVeqflmeHwn/TlL++Hv6Xe
-Lq0jt3OCUKUV40eq9c5uEgTmyrVHMDkfFdXzutdMAQKBgQDsSMXk7P4SX6u6uTjV
-In9eWw6ZyJ2aL6VB9co/NMsj49GrrFT8VX9d+JPe9P/n6tuGcFbymNep22njRksR
-0ItpW1NFRR/R3g0kYe1EhkRpNm6fhY9oIuR9xhcNnPNYkqAKT3T/dxrzbwsNhomi
-X8aht/eCz4ZsK/KdOGTkPozxgQKBgQDNOvrclT1Wl4bxONp9pEV5XpRSD/qigfIp
-i5wxy7ihX/QY9RToIWJDnzMVLnEYe64RB2WB8/4WwNPOQcuaxXbFUFct/2NdhTnS
-ToJPgPe819zW9t1FLTf1fHtsRBpGFtbhdlUDOiOtJiMXYiwlRh2uyWFhjOo8TNUE
-qMwai0vLRQKBgQCDH4t6lC4W4jK5x2oLlT5bjWqX2uXjF8e8x/q5gsGspBPKEjOD
-aKrq6jSdSRbui73RaGxH6pvb7iBf+LVWKIYFLKIUUdzrqS9f3lw+Z8h1HrjbG9JO
-dvaX+aL3cf71S0E3F4sU7fLt3tSiZ+PfUQk424+mbyXox6a2qwIKS9AJgQKBgHCu
-dHROYJo9ojKpo5Ueb6K+4jLYYSV+sYZMCBtzHlFETNKzJaJ6SeiU7Ugw8pmdtqnU
-5M/gNl8pymFR0MeOqbKWdPdlZJpBfsjQoE2kouEFqFRCwKStui7IBUAheEeJXLv3
-659U+aek69l35oMkp0GDgjs8UpN/H+pp/36Hgrr9AoGAftWU405rpStHEdRVrazP
-FibQesT9HOdJgmm1gNIhj+PnFs7lKER9p0Wdl79QnIqjwyhjCXL94TFerzTKLY2c
-IRj5dcRHiiT0iK8wq8bzGNYCqV73oQXaUFMiutNAArXwzwuvPFPWNBQsjLzeDLeC
-mcOsCcPAk8cLYtVfZo2sP3g=
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDT5dSL/8/jPIxx
+1EoIDobwkv9CHzYvNvjqa8GpZoUi9Rckaxnhw6SgKyKx4Wpe6LpIsyavesCk3XVF
+boYz0e7K0mF+ydqD85429hZix5w/Mvs8TvN1zQOVggwdMgPyoVh4Q5ndqYoU02Tq
+PY7xot/i8iKl1HosCKcbjZx9oIaFMvg08zQpJy5CCgFZwz6DNQCNFrtuK7NeAPGV
+Vor82Pz/MRsJTJg53a6x8CczEhDHh+yCYvYceMyWpaaGE1aumdEb9Pu0qUvorMIv
+3jCCw4Zkry8NEeMd9cZM7DzrVLKHFY4AQhhhh6O9CErAMbC+hPUBXtrsGUr2wSn6
+LiWjNLcUSGWoTHh8uXoIdvidPL7mSqPTwwVsCsKkGeCm+1rYHpIsnC5hWvzmBy1F
+/jsPEF7uR1Pb/V5T/RldhUA5GtiLjE7UuSQhLeXvXXUm+ClW5EQIXy9rJwPsNJ5q
+3wgZa5U4Rc+RL8uUDQKNTkcIhPvIDVHNdhALvSt0yvVklGDaywm5Dd6AS/g1afGO
+qqrlKShGxJYbCfVePRK69yz2l6c+Wlu04eqBau1Dge3IaikNkjZd/4U5TVMPMBW/
+UIvAF7PuEsx6ONSBHvUGQb6XrnFZnXsGySrzUvFMbNsJrU6thtgHt6hs1pevNie2
+lMNV+mOOjmp0AzbQ1ULxjdQluZLwlwIDAQABAoICAQCxGs9jlBQ1YU4hdcXKphmy
+yan/ogavv8qcZCQhakasyRzmm32ubM8T7/m3oyg821eXm+Uhlf+dzFtQBOi2NyjW
+7LAAQMYas2vxlA1x0lSNnhbOeU6Tjx8HvwJRBJS4HpLLMfVQh3uZnHYkMf9fhzqJ
+fMfowoa6dyD0ro+1kI3elpNN7lgSbWUEXUhztfRxxcMIKY/OrUflsfQ5VXQlkVck
+E+78/r/c3aQ9pPOeg+LyYnETKZN6iJy27Q0Z0uAIXxefvksC3N1NQ9eqGpOBN9sE
+HEe/LMwfJmTvtiPUrZ3pueJN5PBr0+rO/Dc+HEoVcxs0Yguoehtl0l07dYaPumep
+TmXdrKvCkwM5cwnbXSWrCpqMS8Medb3zWvNnWO/mjRwTZyhmNdscjh3Ilvo+YCus
+wM8HJFD4FuMtL3GtIfoKeszppACTkOOYiViGHmKUiQaSEwF7nhuIQqgN3ULCP7Z5
+mhL2RhLWacPfATITNkm4g2o16mFohZ9HPZSkPGm8rw7yhB1s2emoocXsms2iR1oa
+mggNnUS3m87Z/HmOEyObIQZtYf1ZNuVAGGP4kmhhtNfMTmq3CPYM3oMRR1nb8Ci8
+zYwjEIvLYuDVlZFff4+IA7tCBZPichieoioaxutnYtO+nvuzDRiitL4my2EcXeE7
+tcIunkP9u5BNiXsfNcy3gQKCAQEA3X9eZ/IPF9Rrsjwtqkt7Oxn/uJ8JCotVBLnq
+SCd7sCSaM06jUzMjMoj4SYyjzBYLycH/q+euT4UoPdPMKCfwx2NgR87MfuehWzwG
+pmPbAbLJtLmZ+M/Bz5QzGS3J3f4qYxLptLHX971JgtTdcJhOAc+p/Elt3l43d/fr
+sMVrZ8hqHlXmA6WuwqHjHnGP1ML6xFfsjDZ2jQ3VEV17XKtinucgitvkVuHYmtdQ
+wm/yrM8vDkyglgk47j9CyfQdL10elBxe32WY5B0g9TmhIMypmlJk7inPPnAqJ4TF
+JJBMvZOB9cJAjrtsDN3tAW/1q+wPF1HLwurqTLluZEc5MVjaOQKCAQEA9OenKlxB
+5HiANjH0riaokFDtjC27iHoeBkbEt+CyegGXVHEotVcKnG+N4Tw/GXcS9m33vu/X
+Lmeowp/Z2BKxB7xvw81jQh8gEoUHFlH6DgksTPjVVSEa4wnESrqlFjRquBexpU6e
+X//xVD72b0txAqJvpvtbxZC41WIwUBTBkHDlj2hegEzUvgzdO92FPRUDrAgB0wSv
+05U6fh1/4c3XTHqIHK4/gxiVRmjnpEdjEbOZsfbN8LGQK2eq4FkIS870VKigUZ/U
+m2YB+8PKKyqKdXpWQHMZ9QvXoU9AwMw4Q+NEk4a/ZrnnMo59voKP1Qoqhd/rEAP7
+xa1AMOAl2DhhTwKCAQBdY4Z6bSTP91AxJg5a7thWYu/e967oMzb1dy3AnmUYL1aU
+q2NRgQ4mEHofCJ1HP0RZHOKfqF9mR85fwx0hETYD23KM1DSEjUULIpPrM87zOF6z
+RE4XCgG9c87XnuauIqvceezvssxMOBL2hqmW/6BkQxp4tL0ONMtOWcmWDqbqayXT
+BISmpQS6K2eHPnpWSp9QiYHC3HO/pUVgvPl2aQx70xd1dKEhwLeDEaWLVYgMNI6y
+iLxshhbq3OFcJQDpJ2ntKMkXh86e32k1+8Zj/ebEmljT0ez/dmtPnjtA31Z71+XD
+qNNvWraD9k4nfP0oL69tNZ+j30hKcSSKQz1qAPyBAoIBAGBaI3KPCX2Ryx+HV/SM
+URU2Qb883uM66EUf4pVVWeKWbatTOejebdZOLUvIICsspdE+QpJkWgxvy/2GVnak
+I/IfOPmX/M0u4bdnjvpBFlgfU8aUv5nWhHV+ijO8aubpiHMVH1ciLz0lvRSgEOSI
+kdWvgq33houb/Jw3HTrkb6McR7S8IzHnCGwdM40yAhGeCuvL2qvi1CoyM+kaQg3c
+pi/4pURjaalyKoihDUGctGVqe7WAnFVuBoKNLrVFUfZBXe9QyIJUl5jr8SvUQ93n
+xsGhd/2zSysVlahpPdicgCZ1a61+/h60VTmWxfIF/ACdF03EYv7SEmQbXX3dMgZ3
+aBECggEBALXqdEIkb9pBhwCvUHFG+c/IKBhS6j7BUj9PrZ3MATPXHo6Iy09d/dlV
+psFQzWVvBmf3pcI0MEi7xdUMSN0jhZ8xp1owDlOQSM8DCQPFLaC38sfhZNThIfz0
+Q+fWYPe1lkRBtMVSokN1PtE5zETHlUKkh3fdQs0wihX4Wikc64rjCgXqXc8ng8Lk
+NCUNBY/7pNfrEm0Zxz+8CvmRaBbL4OT2/hFsdcMiO3P24mCdAPgJ4v97pr8KxRHe
+SmOyiSdaAyXHr/6+3KgO5pX8YUn9WiTF2hxo4SG3NQuuva0SBZT9B8iFXt1uFUtP
+Rri7hsjysanKPyaPM1oofbRyWApMyRo=
-----END PRIVATE KEY-----
diff --git a/config/testdata/tls-ca-chain.pem b/config/testdata/tls-ca-chain.pem
index 722264d8..b67023a7 100644
--- a/config/testdata/tls-ca-chain.pem
+++ b/config/testdata/tls-ca-chain.pem
@@ -1,173 +1,67 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus Root CA
- Validity
- Not Before: Apr 5 08:00:37 2019 GMT
- Not After : Mar 26 08:00:37 2059 GMT
- Subject: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus TLS CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:aa:d2:34:6b:ed:f1:f4:01:08:e5:00:9f:75:c8:
- ba:fc:4b:72:c6:04:93:af:f1:f6:b5:ce:01:0d:c6:
- bd:d3:16:98:9d:e5:51:56:12:58:16:ee:18:6e:f0:
- 68:a9:42:16:65:cf:e3:31:f5:90:79:9d:13:32:87:
- 3b:1f:65:fd:84:88:a4:56:3d:26:54:69:05:27:5a:
- ea:89:02:e7:31:9b:7d:7f:76:93:54:70:bc:17:92:
- 06:9f:9f:90:4a:8a:cf:82:a7:7b:7c:71:c4:fa:34:
- 56:00:32:1a:85:c5:f8:e4:4a:63:43:37:9d:60:84:
- 4d:78:6e:87:12:c4:2b:1f:93:a5:fe:cc:5e:f1:df:
- c1:97:ff:b7:3e:20:38:1d:71:15:11:ec:6c:7a:cc:
- 0e:87:52:31:b1:b9:74:c3:07:1c:42:4b:1e:c1:17:
- bc:e4:13:b7:b0:20:2e:c4:07:93:bd:a8:11:f9:da:
- a7:d0:df:4a:48:be:9b:6d:65:c3:ae:58:56:c0:9f:
- 17:c5:d8:32:b1:04:22:fb:5b:18:f6:20:10:50:ec:
- 2d:10:4f:cc:48:8f:f2:75:dd:33:a4:0e:f5:55:da:
- 2c:89:a1:3a:52:bb:11:11:0b:97:27:17:73:35:da:
- 10:71:b3:9f:a8:42:91:e6:3a:66:00:f9:e5:11:8f:
- 5b:57
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Key Usage: critical
- Certificate Sign, CRL Sign
- X509v3 Basic Constraints: critical
- CA:TRUE, pathlen:0
- X509v3 Subject Key Identifier:
- 4D:02:BF:71:95:6A:AA:58:C5:9C:B8:83:67:5E:64:16:99:E1:2A:9E
- X509v3 Authority Key Identifier:
- keyid:3C:1E:A8:C6:4C:05:4D:20:EC:88:DB:29:D4:7B:F9:12:5D:CE:EA:1A
-
- Authority Information Access:
- CA Issuers - URI:https://example.com/ca/root-ca.cer
-
- X509v3 CRL Distribution Points:
-
- Full Name:
- URI:https://example.com/ca/root-ca.crl
-
- Signature Algorithm: sha1WithRSAEncryption
- 63:fc:ba:30:a5:05:d6:76:14:f1:77:38:b1:41:6f:81:d9:b4:
- 02:fd:bc:e5:f6:d9:e6:73:e0:71:cf:4c:fb:13:b5:6b:bd:b9:
- c6:f6:28:18:36:e1:8c:d9:93:b3:78:4a:3d:39:1b:f4:fb:69:
- 75:24:ae:e1:a0:2f:94:05:bf:10:3c:3e:d2:2b:a8:f3:31:25:
- 2e:ed:13:ad:60:5d:22:9a:26:15:20:86:98:73:4c:f6:4b:48:
- b8:1f:67:ba:4e:c9:47:ed:85:dc:38:dc:02:0c:fb:54:d5:2e:
- 6c:b4:95:18:51:d1:ae:ea:e8:fb:b4:19:50:04:bc:31:7e:51:
- 9e:85:29:4d:c8:f7:26:d6:d6:8d:35:2d:9e:e2:06:16:38:e2:
- 56:80:ec:f3:a3:34:e3:28:c4:e8:10:d0:8a:a6:6f:20:9a:b9:
- dc:b9:90:6b:ba:8a:27:2c:29:72:28:55:e7:59:a6:a7:90:ec:
- 32:e8:d0:26:4a:c1:44:dd:20:bf:dc:4d:1e:7e:cc:e5:a2:5b:
- e8:df:3d:4b:01:aa:48:56:17:e9:29:d8:71:83:05:36:8c:11:
- 4f:77:b8:95:20:b7:c7:21:06:c2:87:97:b4:6b:d3:f7:23:ba:
- 4d:5f:15:d1:0c:4d:6e:f1:6a:9d:57:5c:02:6a:d7:31:18:ef:
- 5c:fc:f8:04
-----BEGIN CERTIFICATE-----
-MIIELTCCAxWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzET
-MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp
-Y2F0ZSBBdXRob3JpdHkxGzAZBgNVBAMMElByb21ldGhldXMgUm9vdCBDQTAgFw0x
-OTA0MDUwODAwMzdaGA8yMDU5MDMyNjA4MDAzN1owaTELMAkGA1UEBhMCVVMxEzAR
-BgNVBAoMClByb21ldGhldXMxKTAnBgNVBAsMIFByb21ldGhldXMgQ2VydGlmaWNh
-dGUgQXV0aG9yaXR5MRowGAYDVQQDDBFQcm9tZXRoZXVzIFRMUyBDQTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKrSNGvt8fQBCOUAn3XIuvxLcsYEk6/x
-9rXOAQ3GvdMWmJ3lUVYSWBbuGG7waKlCFmXP4zH1kHmdEzKHOx9l/YSIpFY9JlRp
-BSda6okC5zGbfX92k1RwvBeSBp+fkEqKz4Kne3xxxPo0VgAyGoXF+ORKY0M3nWCE
-TXhuhxLEKx+Tpf7MXvHfwZf/tz4gOB1xFRHsbHrMDodSMbG5dMMHHEJLHsEXvOQT
-t7AgLsQHk72oEfnap9DfSki+m21lw65YVsCfF8XYMrEEIvtbGPYgEFDsLRBPzEiP
-8nXdM6QO9VXaLImhOlK7ERELlycXczXaEHGzn6hCkeY6ZgD55RGPW1cCAwEAAaOB
-3DCB2TAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4E
-FgQUTQK/cZVqqljFnLiDZ15kFpnhKp4wHwYDVR0jBBgwFoAUPB6oxkwFTSDsiNsp
-1Hv5El3O6howPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzAChiJodHRwczovL2V4
-YW1wbGUuY29tL2NhL3Jvb3QtY2EuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHBz
-Oi8vZXhhbXBsZS5jb20vY2Evcm9vdC1jYS5jcmwwDQYJKoZIhvcNAQEFBQADggEB
-AGP8ujClBdZ2FPF3OLFBb4HZtAL9vOX22eZz4HHPTPsTtWu9ucb2KBg24YzZk7N4
-Sj05G/T7aXUkruGgL5QFvxA8PtIrqPMxJS7tE61gXSKaJhUghphzTPZLSLgfZ7pO
-yUfthdw43AIM+1TVLmy0lRhR0a7q6Pu0GVAEvDF+UZ6FKU3I9ybW1o01LZ7iBhY4
-4laA7POjNOMoxOgQ0IqmbyCaudy5kGu6iicsKXIoVedZpqeQ7DLo0CZKwUTdIL/c
-TR5+zOWiW+jfPUsBqkhWF+kp2HGDBTaMEU93uJUgt8chBsKHl7Rr0/cjuk1fFdEM
-TW7xap1XXAJq1zEY71z8+AQ=
+MIIF1DCCA7ygAwIBAgIRAMMSh5NoexSCjSvDRf1fpgIwDQYJKoZIhvcNAQELBQAw
+ajELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy
+b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDExJQcm9tZXRo
+ZXVzIFJvb3QgQ0EwIBcNMjIwNzA4MDkxNTA2WhgPMjA3MjA2MjUwOTE1MDZaMGkx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpQcm9tZXRoZXVzMSkwJwYDVQQLEyBQcm9t
+ZXRoZXVzIENlcnRpZmljYXRlIEF1dGhvcml0eTEaMBgGA1UEAxMRUHJvbWV0aGV1
+cyBUTFMgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXtUbZhHR2
+xElyGJ+BwcZh4hm4dh1OhlJ6g98H2rEOK6bBxeO5YZnthfCnHI6WYN270ylusUc6
+JVkuU/1PO7NLYsl1D4ZIrRKQBWfg88BYrDO38HUkrm4aohlpT0+f7SiA7eRl1Mb5
+x6fi5BAVE5wnQJTE8VPBU+lXJB+SfZEixu+o1PlxVAdMYPAu1Yijakr1lDuZex+/
+j/700mihSAcwOvJ/+p4u2WNj0CMvQWiV5+VBZYrfpRN4/201FoyWILIv3HLq5OKp
+Bpl/TvJ4J8oG1Cbzjm52qLgUOvHkAJ0I04DxWWywHF0VRumwLSqae0xo+KPPijj7
+bdnCx+vy37PbFOghzKzSIbPuccfKivVpChgy9n0kkgQhm9cgFE5SBuO6jfRwto0g
+drSOMIzyXELDG0h0nB2gsPUHjD/OD1DT0VsW/9xXOPBfVgtPFn5LoZ8ninAFmk2r
+ZiRJhCXhh+Rlw2F/s2STP66RnUGVdfP2syV+UlgJlE7EPE8cDbyfQqg7FTflq+t+
+HgXFCAkJ4S34+/qCbGv3DlbnC1lq+FiVwexm1TcfL/lYfhPr/J6VoeFZw4bjTPNa
+jUILpsXv6IQzgPfCBxeZC6dDkK1D0cEXAqRRYKEFxdLnMjBcUZlWUV9uTuk01fDc
+58bmlHt5sEqhcdUqHrR5PdoWJVOSbFwYBwIDAQABo3QwcjAOBgNVHQ8BAf8EBAMC
+AqQwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTG
+mh4eYNPmKKXi3dSJIs18ivSv8zAfBgNVHSMEGDAWgBRJPrEOm2ZrMgr9AFTz9LZy
+0fDNNjANBgkqhkiG9w0BAQsFAAOCAgEAoc0OImcyyKSbVK63QA8VmD2o9Xr7abxX
+o+f+QXWDqKAlNDAuXLYBjHMCc9YFsxXa9XkuKZeIxzop4h9iGG+fxMVPTx3T0gTm
+MAuHcPka10z4Gy6ZxLzDmxJPkJ46b1n0K2fsv9XshzsHERz3VavwHXbC5mBo1CwI
+6xLLtTWMuJdoyt0261D7Dat1JAFIWm2j+kxGvyIP0gNtRsUKOFA22Tlt42sEYnXa
+7wmY7b15rndG69Xg9ZiVI5Mb/10gDJQcym23PXRn+JEgssE+WcYhll8f/LRmD49v
+ZlBBD1dVoc9JyrgT+An+2Z8lE6wCSPqWSwhzvBW4dyB/u7Jn23dlV1SwJR8x/IaW
+j/DhCELNqD6cSlRK3yjE/a2/iK0F6pNrVgKDY+/9uwFxwkjIRwqfcFtT6YpZ33mg
+kSdTTbYpeg3XkLYZayE3ntzEhooyQdrJR6YyFVwsgcBCkeLrEbC7y/AG1MQEdKsZ
+i3q730vztGQBR1ymPwgbB6qzGOXhmnhJHnQjeP2CJWnzDeOh2Vs4CxLAQZJ/dhYd
+qrbYPAT8FJkp2PvoJP8zpmD7a8QC+6Gr17kl9OupPQrIIfxCXYZKDdGOlkDSUC16
+6y0E1WZnI+LVbQB1M584lB2/8jU4xqMqUPfoIcbjkjih9nvVA6t547527MeeTvXT
+0ig2QvMFWMw=
-----END CERTIFICATE-----
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus Root CA
- Validity
- Not Before: Apr 5 07:55:00 2019 GMT
- Not After : Mar 26 07:55:00 2059 GMT
- Subject: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus Root CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:bf:b9:e2:ab:5f:61:22:e1:4e:cd:ee:da:b0:26:
- 2e:bb:b0:7e:1c:ce:10:be:16:29:35:0c:0c:1d:93:
- 01:29:2a:f6:f9:c2:6e:5c:10:44:ca:f8:dc:ad:7a:
- 06:64:0f:8a:18:ad:b2:a2:94:49:c9:ba:8c:45:94:
- 7c:d9:e0:11:45:d8:16:79:a2:20:9f:8c:63:60:72:
- 2a:5b:f9:66:80:ac:85:67:01:5a:eb:91:c1:d2:88:
- 87:9e:4c:18:c9:f2:f0:7a:18:c0:e6:ab:2c:78:de:
- 5f:b2:22:4e:94:9c:f5:cd:e6:e2:33:30:e9:20:10:
- a6:a1:75:eb:59:ab:45:a9:f7:3e:54:40:ae:05:25:
- be:74:c5:3a:fd:af:73:16:60:45:7c:4a:e0:0e:0d:
- a1:15:7f:9a:1f:c2:a7:04:ad:ef:b3:e4:f6:00:2c:
- 4e:0b:04:90:49:ee:d3:db:a6:12:c4:91:0b:32:4f:
- 11:84:c7:c4:8a:ef:51:66:7a:b0:20:2f:cb:95:8d:
- 96:57:60:66:5e:f9:4f:5a:94:9c:71:ad:eb:ca:70:
- 3e:62:06:c2:3a:29:f8:9e:86:af:da:07:78:f8:31:
- af:42:48:49:9e:4a:df:1b:27:1f:44:35:81:6d:fa:
- 7a:c5:6a:0a:35:23:c7:c4:d5:fe:c9:9e:61:c9:30:
- cd:1f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Key Usage: critical
- Certificate Sign, CRL Sign
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Subject Key Identifier:
- 3C:1E:A8:C6:4C:05:4D:20:EC:88:DB:29:D4:7B:F9:12:5D:CE:EA:1A
- X509v3 Authority Key Identifier:
- keyid:3C:1E:A8:C6:4C:05:4D:20:EC:88:DB:29:D4:7B:F9:12:5D:CE:EA:1A
-
- Signature Algorithm: sha1WithRSAEncryption
- 56:2f:79:e5:12:91:f5:19:a7:d1:32:28:fd:e3:9d:8f:e1:3c:
- bb:a3:a5:f2:55:8a:03:ad:2c:1d:18:82:e1:7f:19:75:d9:47:
- 5b:e7:7c:e4:a5:e0:eb:dc:7e:24:a3:7d:99:1a:cf:39:ba:a5:
- b4:b8:45:68:83:cf:70:ad:56:f2:34:73:65:fc:6c:b0:53:9a:
- 79:04:f7:3e:7e:4b:22:1b:e7:76:23:20:bc:9c:05:a2:5d:01:
- d2:f0:09:49:17:b2:61:74:1a:5b:f4:e0:fd:ce:11:ba:13:4a:
- e6:07:11:7d:30:e2:11:87:ee:33:1a:68:de:67:f4:ac:b5:58:
- 1a:ac:cf:7a:2d:fd:c3:44:5b:4b:cd:6c:ff:f6:49:b4:55:4a:
- 09:a0:92:2d:57:3b:69:85:54:3e:e9:ec:ef:b2:a5:7a:29:75:
- 2b:f8:eb:4b:d4:cf:68:ee:3e:c8:63:7e:12:eb:e4:2f:63:a3:
- a7:c8:0f:e9:39:ff:5c:29:65:7f:25:f0:42:bf:07:ba:06:b8:
- 5e:d6:56:ba:f8:67:56:1b:42:aa:b3:04:d8:6e:88:10:a5:70:
- b5:81:04:a4:90:a3:f0:83:4d:0c:6b:12:5d:a4:4c:83:5a:ff:
- a8:7a:86:61:ff:0f:4c:e5:0f:17:d1:64:3c:bd:d9:22:7e:b7:
- fa:9b:83:ba
-----BEGIN CERTIFICATE-----
-MIIDtDCCApygAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzET
-MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp
-Y2F0ZSBBdXRob3JpdHkxGzAZBgNVBAMMElByb21ldGhldXMgUm9vdCBDQTAgFw0x
-OTA0MDUwNzU1MDBaGA8yMDU5MDMyNjA3NTUwMFowajELMAkGA1UEBhMCVVMxEzAR
-BgNVBAoMClByb21ldGhldXMxKTAnBgNVBAsMIFByb21ldGhldXMgQ2VydGlmaWNh
-dGUgQXV0aG9yaXR5MRswGQYDVQQDDBJQcm9tZXRoZXVzIFJvb3QgQ0EwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/ueKrX2Ei4U7N7tqwJi67sH4czhC+
-Fik1DAwdkwEpKvb5wm5cEETK+NytegZkD4oYrbKilEnJuoxFlHzZ4BFF2BZ5oiCf
-jGNgcipb+WaArIVnAVrrkcHSiIeeTBjJ8vB6GMDmqyx43l+yIk6UnPXN5uIzMOkg
-EKahdetZq0Wp9z5UQK4FJb50xTr9r3MWYEV8SuAODaEVf5ofwqcEre+z5PYALE4L
-BJBJ7tPbphLEkQsyTxGEx8SK71FmerAgL8uVjZZXYGZe+U9alJxxrevKcD5iBsI6
-Kfiehq/aB3j4Ma9CSEmeSt8bJx9ENYFt+nrFago1I8fE1f7JnmHJMM0fAgMBAAGj
-YzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ8
-HqjGTAVNIOyI2ynUe/kSXc7qGjAfBgNVHSMEGDAWgBQ8HqjGTAVNIOyI2ynUe/kS
-Xc7qGjANBgkqhkiG9w0BAQUFAAOCAQEAVi955RKR9Rmn0TIo/eOdj+E8u6Ol8lWK
-A60sHRiC4X8ZddlHW+d85KXg69x+JKN9mRrPObqltLhFaIPPcK1W8jRzZfxssFOa
-eQT3Pn5LIhvndiMgvJwFol0B0vAJSReyYXQaW/Tg/c4RuhNK5gcRfTDiEYfuMxpo
-3mf0rLVYGqzPei39w0RbS81s//ZJtFVKCaCSLVc7aYVUPuns77Kleil1K/jrS9TP
-aO4+yGN+EuvkL2Ojp8gP6Tn/XCllfyXwQr8Huga4XtZWuvhnVhtCqrME2G6IEKVw
-tYEEpJCj8INNDGsSXaRMg1r/qHqGYf8PTOUPF9FkPL3ZIn63+puDug==
+MIIFtDCCA5ygAwIBAgIRAMMSh5NoexSCjSvDRf1fpgEwDQYJKoZIhvcNAQELBQAw
+ajELMAkGA1UEBhMCVVMxEzARBgNVBAoTClByb21ldGhldXMxKTAnBgNVBAsTIFBy
+b21ldGhldXMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDExJQcm9tZXRo
+ZXVzIFJvb3QgQ0EwIBcNMjIwNzA4MDkxNTA0WhgPMjA3MjA2MjUwOTE1MDRaMGox
+CzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpQcm9tZXRoZXVzMSkwJwYDVQQLEyBQcm9t
+ZXRoZXVzIENlcnRpZmljYXRlIEF1dGhvcml0eTEbMBkGA1UEAxMSUHJvbWV0aGV1
+cyBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArkzRPi21
+E299vXw4FBbMfCXI258SxvvjRVRuKdAHLOBpEEqkYH6r6ScbZaisBFtIePv4ddKl
+rmv+nDwN84/KS54OOtw1cWD4AnDB0kL3B0pWXjTS1F/u57hRLxM6Ta0UubKbta/h
+WqSOR/fAA5sgcl+JbbR61QWVeYYXg9bM8YGTwQMeJod26tIUeX/Reo9BHuiW4jPb
+pvVf7rsOs8E2cGwfYjZu6Zj2qcCxQ/ivCpopKFLNlaKko/KlGDGz9KxK5X3ik+sE
+fPK9LzLC0k2RLGc3EmcMkdyqE3VNih9nV9SalAXN5yBdYaWWjJXykty7ilU32MBF
+yO4myL48vif2K68pD/CFhG8YmIOud3woMm1IYS9xlsYKf7+f5CNlxqz+eSoOGhcG
+dSDNft3h5nuq9J/qb2rIgWMSc2puFNRsx+fis0kS5GvjVadR0lxtArbrNm4S+F22
+EjGxeBF5VIWiu31uppbdASIw6DTKcrSVVoWxq+Fk3OOB+7q+rornosop9a/omXGH
+0cTmgarjJtMqa0TEQiUPQPPnmpC1joeC7/kh7aks93wfHtY73uAVnTjLGTOwlr50
+CgRShcRoLLN049V93l46AFHU/4HWns8dqgdcdGnvIdUCFik916pKDSvEc/DfMLGh
+H6w9Xlg4+2LgCyG2/FBEMTj+bLoraydzyaECAwEAAaNTMFEwDgYDVR0PAQH/BAQD
+AgKkMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
+ST6xDptmazIK/QBU8/S2ctHwzTYwDQYJKoZIhvcNAQELBQADggIBAHM79R/uQwQX
+vsBDfKyBXWFlrhHAgX8XAwMKHjstpQYCcJoiGLRJaMMjxj31T1tylqPdcxz88THN
+uj9kVFYMo1GU5K9E9lq0LoWQBmX2R7/RgxWqB7FNS+S0xfGyeUb3YPVPI1yhtsKa
+6mCtTuCVgsgs/hTa+umjtffxj7l+IQxD8Fq0RFBae+S0v5mjVC2sUVd6usqVt7F6
+LUVuYShyAI705guIV9nkz8ZyLzUBJnQAJ8g6DU+nLmdizigUG+JoD/hBbK2hvcjX
+SL7JLAhYRI4kzWcYR0GUfDf2knFEWNhU8gCPnw70FHMD9QC3NKkQsPvyQRyJh99+
+ipwUFbGJJRYWjFBbUxlqZNqBg6+ylZNFGEnG42u2KvPXjgPdivlQWkrX6nG0ayyl
+rYrvi0FawP3OBpCrhYhqsqkA2m+5L2Pl+J2SsDv4qmPB6fh7K0YDVB37AZSG+nfL
+oXXpUtwfc9tR71S7GmgkcqYOkHfSzl7ecxXtE2xyl3zhkUPR9YcG+rQhXRRp0lxF
+kR0EtGOGuvXMCQ/vBVPNEDS3jdceqIrIRI1yPUdhFkF7lrLsfFULllOt6qQWnhn2
+A2ObxHToohwuyri/v8QhqNI2Bg0jJHcAJi8I8taToAstCWrtn+WXyfj/QknAik47
+aOK9l5wSyyqPfkHybKvT6z9pqWUchJsz
-----END CERTIFICATE-----