From 92b72139b8f5960f3b95ac66d4eaae6d1e7a6481 Mon Sep 17 00:00:00 2001 From: Rob Stradling Date: Thu, 13 Apr 2023 13:40:12 -0400 Subject: [PATCH] Don't allow the same private key to be used by more than one configured log (#1046) --- CHANGELOG.md | 1 + trillian/ctfe/ct_server/main.go | 26 ++++++++++++++++++++ trillian/ctfe/instance.go | 8 ++++++ trillian/docs/ManualDeployment.md | 6 ++--- trillian/integration/ct_integration_test.cfg | 12 ++++----- trillian/integration/ct_lifecycle_test.cfg | 12 ++++----- trillian/integration/demo-script.cfg | 4 +-- trillian/integration/goshawk.cfg | 6 ++--- trillian/integration/gosmin.cfg | 6 ++--- 9 files changed, 58 insertions(+), 23 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a93350a72..0c82e514fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ ### Public/Private Key Consistency * #1044: If a public key has been configured for a log, check that it is consistent with the private key. + * #1046: Ensure that no two logs in the CTFE configuration use the same private key. ### Cleanup diff --git a/trillian/ctfe/ct_server/main.go b/trillian/ctfe/ct_server/main.go index 7e099584a7..4eee55cc15 100644 --- a/trillian/ctfe/ct_server/main.go +++ b/trillian/ctfe/ct_server/main.go @@ -18,6 +18,9 @@ package main import ( "context" "crypto" + "crypto/ecdsa" + "crypto/ed25519" + "crypto/rsa" "flag" "fmt" "net/http" @@ -201,6 +204,7 @@ func main() { // Register handlers for all the configured logs using the correct RPC // client. + var publicKeys []crypto.PublicKey for _, c := range cfg.LogConfigs.Config { inst, err := setupAndRegister(ctx, clientMap[c.LogBackendName], *rpcDeadline, c, corsMux, *handlerPrefix, *maskInternalErrors) if err != nil { @@ -209,6 +213,28 @@ func main() { if *getSTHInterval > 0 { go inst.RunUpdateSTH(ctx, *getSTHInterval) } + + // Ensure that this log does not share the same private key as any other + // log that has already been set up and registered. + if publicKey := inst.GetPublicKey(); publicKey != nil { + for _, p := range publicKeys { + switch pub := publicKey.(type) { + case *ecdsa.PublicKey: + if pub.Equal(p) { + klog.Exitf("Same private key used by more than one log") + } + case ed25519.PublicKey: + if pub.Equal(p) { + klog.Exitf("Same private key used by more than one log") + } + case *rsa.PublicKey: + if pub.Equal(p) { + klog.Exitf("Same private key used by more than one log") + } + } + } + publicKeys = append(publicKeys, publicKey) + } } // Return a 200 on the root, for GCE default health checking :/ diff --git a/trillian/ctfe/instance.go b/trillian/ctfe/instance.go index a33f8cd473..1163972a15 100644 --- a/trillian/ctfe/instance.go +++ b/trillian/ctfe/instance.go @@ -95,6 +95,14 @@ func (i *Instance) RunUpdateSTH(ctx context.Context, period time.Duration) { }) } +// GetPublicKey returns the public key from the instance's signer. +func (i *Instance) GetPublicKey() crypto.PublicKey { + if i.li != nil && i.li.signer != nil { + return i.li.signer.Public() + } + return nil +} + // SetUpInstance sets up a log (or log mirror) instance using the provided // configuration, and returns an object containing a set of handlers for this // log, and an STH getter. diff --git a/trillian/docs/ManualDeployment.md b/trillian/docs/ManualDeployment.md index e4bd9de6ff..cdf2c37c13 100644 --- a/trillian/docs/ManualDeployment.md +++ b/trillian/docs/ManualDeployment.md @@ -188,9 +188,9 @@ log instances, each configured separately in the config file. ### Key Generation -Each CT Log needs to have a private key that is used to sign cryptographic -content from the Log. The [OpenSSL](https://www.openssl.org/) command line can -be used to +Each CT Log needs to have a unique private key that is used to sign +cryptographic content from the Log. The [OpenSSL](https://www.openssl.org/) +command line can be used to [generate](https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations#Generating_EC_Keys_and_Parameters) a suitable private key. diff --git a/trillian/integration/ct_integration_test.cfg b/trillian/integration/ct_integration_test.cfg index 0c2bbd0996..dcdbd206a9 100644 --- a/trillian/integration/ct_integration_test.cfg +++ b/trillian/integration/ct_integration_test.cfg @@ -4,11 +4,11 @@ config { roots_pem_file: "@TESTDATA@/fake-ca.cert" roots_pem_file: "@TESTDATA@/../../testdata/gossip-root.cert" public_key: { - der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x2d\x6c\xdc\x30\xf8\x03\x5e\x7f\x0f\x90\x69\xd3\xdf\xcd\xd3\xd3\x82\x45\x7b\x0e\xa2\xcb\xa9\x48\x4c\x97\xad\x3c\xc0\x88\x6f\xdb\xc2\x95\x28\xb6\x62\xa0\x2f\x81\x89\x32\x6e\xc7\xd4\x88\xc1\xf3\xd0\x5c\x54\x64\x74\xdc\x26\xb1\xcf\x74\xc5\x25\xa6\xa1\xeb\x0f" } private_key: { [type.googleapis.com/keyspb.PrivateKey] { - der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\x84\x33\x84\xfa\x1c\x30\xf8\x12\xf3\xe7\x38\x8f\x52\xe0\xd9\xd3\x5a\x05\x20\x6f\xfa\xe7\xe9\xc7\xea\x23\xc5\x32\x01\x79\xd4\x85\xa1\x44\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\xc4\x2d\x99\xc7\x9e\x31\x77\x99\xd7\xda\x4c\xab\xdb\xb9\x37\xeb\x95\xde\x6a\x72\x1b\x84\xbd\x0b\xfe\xb3\x4b\x1e\xce\xa8\xbb\x2f\xa1\x44\x03\x42\x00\x04\x2d\x6c\xdc\x30\xf8\x03\x5e\x7f\x0f\x90\x69\xd3\xdf\xcd\xd3\xd3\x82\x45\x7b\x0e\xa2\xcb\xa9\x48\x4c\x97\xad\x3c\xc0\x88\x6f\xdb\xc2\x95\x28\xb6\x62\xa0\x2f\x81\x89\x32\x6e\xc7\xd4\x88\xc1\xf3\xd0\x5c\x54\x64\x74\xdc\x26\xb1\xcf\x74\xc5\x25\xa6\xa1\xeb\x0f" } } max_merge_delay_sec: 86400 @@ -19,11 +19,11 @@ config { prefix: "porthos" roots_pem_file: "@TESTDATA@/fake-ca.cert" public_key: { - der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x44\x6d\x69\x2c\x00\xec\xf3\xc7\xbb\x87\x7e\x57\xea\x04\xc3\x4b\x49\x01\xc4\x9a\x19\xf2\x49\x9b\x4c\x44\x1c\xac\xe0\xff\x27\x11\xce\x94\xa8\x85\xd9\xed\x42\x22\x5c\x54\xf6\x33\x73\xa3\x3d\x8b\xe8\x53\x48\xf5\x57\x50\x61\x96\x30\x5b\xc4\x9b\xa3\x04\xc3\x4b" } private_key: { [type.googleapis.com/keyspb.PrivateKey] { - der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\x84\x33\x84\xfa\x1c\x30\xf8\x12\xf3\xe7\x38\x8f\x52\xe0\xd9\xd3\x5a\x05\x20\x6f\xfa\xe7\xe9\xc7\xea\x23\xc5\x32\x01\x79\xd4\x85\xa1\x44\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\xd8\x8a\x49\xa2\x15\x3c\xbe\xb5\xb7\x6c\x63\xdc\xfd\xc0\x36\x64\x24\x88\xc3\x57\x9d\xfa\xd4\xa8\x70\x78\x32\x72\x29\x1a\xb1\x6f\xa1\x44\x03\x42\x00\x04\x44\x6d\x69\x2c\x00\xec\xf3\xc7\xbb\x87\x7e\x57\xea\x04\xc3\x4b\x49\x01\xc4\x9a\x19\xf2\x49\x9b\x4c\x44\x1c\xac\xe0\xff\x27\x11\xce\x94\xa8\x85\xd9\xed\x42\x22\x5c\x54\xf6\x33\x73\xa3\x3d\x8b\xe8\x53\x48\xf5\x57\x50\x61\x96\x30\x5b\xc4\x9b\xa3\x04\xc3\x4b" } } max_merge_delay_sec: 86400 @@ -34,11 +34,11 @@ config { prefix: "aramis" roots_pem_file: "@TESTDATA@/fake-ca.cert" public_key: { - der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd6\xaf\x18\x80\x8c\x66\xc2\xcc\xb3\xb8\xd1\x84\x2a\xa7\xd3\x62\xae\x4f\xe3\xa5\x94\x41\x3d\x64\x65\x1c\x86\x63\x57\xc2\x06\x85\x1e\xa6\x3d\xa1\x27\x63\xc6\xcd\xe5\x9f\x41\xd6\x98\x87\x56\x19\x16\x15\x6c\xf8\x15\x35\x53\x1b\x7f\x39\x9a\x99\x38\x50\xba\x7e" } private_key: { [type.googleapis.com/keyspb.PrivateKey] { - der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\x84\x33\x84\xfa\x1c\x30\xf8\x12\xf3\xe7\x38\x8f\x52\xe0\xd9\xd3\x5a\x05\x20\x6f\xfa\xe7\xe9\xc7\xea\x23\xc5\x32\x01\x79\xd4\x85\xa1\x44\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\x97\x94\x1f\x33\xa7\x36\xac\x0b\xcb\x11\x09\x23\x8a\xfb\x73\xc1\x17\xc5\xc5\x23\x5d\xdb\xa8\x8f\x32\x94\xc5\xdd\x67\x4b\xff\x5e\xa1\x44\x03\x42\x00\x04\xd6\xaf\x18\x80\x8c\x66\xc2\xcc\xb3\xb8\xd1\x84\x2a\xa7\xd3\x62\xae\x4f\xe3\xa5\x94\x41\x3d\x64\x65\x1c\x86\x63\x57\xc2\x06\x85\x1e\xa6\x3d\xa1\x27\x63\xc6\xcd\xe5\x9f\x41\xd6\x98\x87\x56\x19\x16\x15\x6c\xf8\x15\x35\x53\x1b\x7f\x39\x9a\x99\x38\x50\xba\x7e" } } max_merge_delay_sec: 86400 diff --git a/trillian/integration/ct_lifecycle_test.cfg b/trillian/integration/ct_lifecycle_test.cfg index dd79c51b06..c0d704c7d1 100644 --- a/trillian/integration/ct_lifecycle_test.cfg +++ b/trillian/integration/ct_lifecycle_test.cfg @@ -3,11 +3,11 @@ config { prefix: "alpha" roots_pem_file: "@TESTDATA@/fake-ca.cert" public_key: { - der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x78\xf4\xe5\xd4\x49\x4e\xf9\xe1\x7e\x28\x5e\x88\xf5\x58\x2d\x6c\xf0\x92\xaf\xd7\xb4\x22\x75\x7b\xc6\xb4\x15\x17\xeb\x59\xad\xd4\x7e\x91\x8c\x92\xbb\x07\xa1\xba\x25\x69\xc7\x38\x04\x9f\x00\x4f\x26\xad\xc8\x54\x3a\x35\x1a\xfe\x67\xf9\x8a\xba\x2a\xdb\x77\x15" } private_key: { [type.googleapis.com/keyspb.PrivateKey] { - der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\x84\x33\x84\xfa\x1c\x30\xf8\x12\xf3\xe7\x38\x8f\x52\xe0\xd9\xd3\x5a\x05\x20\x6f\xfa\xe7\xe9\xc7\xea\x23\xc5\x32\x01\x79\xd4\x85\xa1\x44\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\x6f\x67\x62\x64\x1e\x9e\x4d\xe7\x91\xbe\x2d\xd6\x0c\x9e\xb2\x6d\xc3\x46\xc0\x23\x5b\x4b\x77\x6e\x6e\xa3\xac\x70\x01\xf2\x71\xd2\xa1\x44\x03\x42\x00\x04\x78\xf4\xe5\xd4\x49\x4e\xf9\xe1\x7e\x28\x5e\x88\xf5\x58\x2d\x6c\xf0\x92\xaf\xd7\xb4\x22\x75\x7b\xc6\xb4\x15\x17\xeb\x59\xad\xd4\x7e\x91\x8c\x92\xbb\x07\xa1\xba\x25\x69\xc7\x38\x04\x9f\x00\x4f\x26\xad\xc8\x54\x3a\x35\x1a\xfe\x67\xf9\x8a\xba\x2a\xdb\x77\x15" } } max_merge_delay_sec: 86400 @@ -18,11 +18,11 @@ config { prefix: "beta" roots_pem_file: "@TESTDATA@/fake-ca.cert" public_key: { - der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x75\x79\x7c\x29\x9e\xbb\x39\x5b\x35\x24\x53\xd9\xfb\x58\x5d\x7f\x55\x02\x29\x7b\x3c\x9e\x7c\x72\x51\xfc\xc4\xe4\x01\x22\x00\xd3\xbc\xa9\x5a\xff\x06\x99\x5e\x55\xc8\xa9\xf9\xf2\x13\x9c\x80\xc3\xf1\x26\x1f\xe9\x55\x53\x2d\x46\xbb\x2f\x10\x85\xf9\x17\xe2\xe8" } private_key: { [type.googleapis.com/keyspb.PrivateKey] { - der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\x84\x33\x84\xfa\x1c\x30\xf8\x12\xf3\xe7\x38\x8f\x52\xe0\xd9\xd3\x5a\x05\x20\x6f\xfa\xe7\xe9\xc7\xea\x23\xc5\x32\x01\x79\xd4\x85\xa1\x44\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\x6b\x0d\xda\x1d\x9f\x23\x43\x94\xea\xa8\xce\x8e\x3b\x05\x71\x6c\xf1\xff\xd5\x0a\x14\xb4\xad\x9a\x9c\x9c\x0a\x64\x29\xb6\xa1\x1d\xa1\x44\x03\x42\x00\x04\x75\x79\x7c\x29\x9e\xbb\x39\x5b\x35\x24\x53\xd9\xfb\x58\x5d\x7f\x55\x02\x29\x7b\x3c\x9e\x7c\x72\x51\xfc\xc4\xe4\x01\x22\x00\xd3\xbc\xa9\x5a\xff\x06\x99\x5e\x55\xc8\xa9\xf9\xf2\x13\x9c\x80\xc3\xf1\x26\x1f\xe9\x55\x53\x2d\x46\xbb\x2f\x10\x85\xf9\x17\xe2\xe8" } } max_merge_delay_sec: 86400 @@ -33,11 +33,11 @@ config { prefix: "gamma" roots_pem_file: "@TESTDATA@/fake-ca.cert" public_key: { - der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x55\x32\x88\x34\xe9\x87\x81\x16\x6f\x41\xb3\xd5\x9d\x64\xae\x6c\x24\xbc\x9c\x6a\x21\x41\x0b\xb8\xd6\x0a\xf7\x8f\xc0\x7a\x0a\xc4\x10\xcf\x88\x0e\xa6\x78\xfd\xba\xde\x4f\x1f\x2b\xc7\x06\xec\x71\xed\x77\x34\xb1\xc7\x7d\xe5\x43\xd3\xdc\x15\x6f\x69\x7b\xf0\x56" } private_key: { [type.googleapis.com/keyspb.PrivateKey] { - der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\x84\x33\x84\xfa\x1c\x30\xf8\x12\xf3\xe7\x38\x8f\x52\xe0\xd9\xd3\x5a\x05\x20\x6f\xfa\xe7\xe9\xc7\xea\x23\xc5\x32\x01\x79\xd4\x85\xa1\x44\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\xff\x81\x10\xd0\xb3\x06\x48\xf6\x75\x68\x77\x16\x95\xdd\x34\x80\x4c\x3e\x0f\x60\xc9\x2c\x5a\xf4\xe4\xcf\x07\xc7\x06\x68\xb3\x73\xa1\x44\x03\x42\x00\x04\x55\x32\x88\x34\xe9\x87\x81\x16\x6f\x41\xb3\xd5\x9d\x64\xae\x6c\x24\xbc\x9c\x6a\x21\x41\x0b\xb8\xd6\x0a\xf7\x8f\xc0\x7a\x0a\xc4\x10\xcf\x88\x0e\xa6\x78\xfd\xba\xde\x4f\x1f\x2b\xc7\x06\xec\x71\xed\x77\x34\xb1\xc7\x7d\xe5\x43\xd3\xdc\x15\x6f\x69\x7b\xf0\x56" } } max_merge_delay_sec: 86400 diff --git a/trillian/integration/demo-script.cfg b/trillian/integration/demo-script.cfg index 4b19ae57e0..759f5e4e57 100644 --- a/trillian/integration/demo-script.cfg +++ b/trillian/integration/demo-script.cfg @@ -3,11 +3,11 @@ config { prefix: "athos" roots_pem_file: "@TESTDATA@/fake-ca.cert" public_key: { - der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x2d\x6c\xdc\x30\xf8\x03\x5e\x7f\x0f\x90\x69\xd3\xdf\xcd\xd3\xd3\x82\x45\x7b\x0e\xa2\xcb\xa9\x48\x4c\x97\xad\x3c\xc0\x88\x6f\xdb\xc2\x95\x28\xb6\x62\xa0\x2f\x81\x89\x32\x6e\xc7\xd4\x88\xc1\xf3\xd0\x5c\x54\x64\x74\xdc\x26\xb1\xcf\x74\xc5\x25\xa6\xa1\xeb\x0f" } private_key: { [type.googleapis.com/keyspb.PrivateKey] { - der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\x84\x33\x84\xfa\x1c\x30\xf8\x12\xf3\xe7\x38\x8f\x52\xe0\xd9\xd3\x5a\x05\x20\x6f\xfa\xe7\xe9\xc7\xea\x23\xc5\x32\x01\x79\xd4\x85\xa1\x44\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x81\x87\x02\x01\x00\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x04\x6d\x30\x6b\x02\x01\x01\x04\x20\xc4\x2d\x99\xc7\x9e\x31\x77\x99\xd7\xda\x4c\xab\xdb\xb9\x37\xeb\x95\xde\x6a\x72\x1b\x84\xbd\x0b\xfe\xb3\x4b\x1e\xce\xa8\xbb\x2f\xa1\x44\x03\x42\x00\x04\x2d\x6c\xdc\x30\xf8\x03\x5e\x7f\x0f\x90\x69\xd3\xdf\xcd\xd3\xd3\x82\x45\x7b\x0e\xa2\xcb\xa9\x48\x4c\x97\xad\x3c\xc0\x88\x6f\xdb\xc2\x95\x28\xb6\x62\xa0\x2f\x81\x89\x32\x6e\xc7\xd4\x88\xc1\xf3\xd0\x5c\x54\x64\x74\xdc\x26\xb1\xcf\x74\xc5\x25\xa6\xa1\xeb\x0f" } } max_merge_delay_sec: 86400 diff --git a/trillian/integration/goshawk.cfg b/trillian/integration/goshawk.cfg index d4764cce72..048d5a0047 100644 --- a/trillian/integration/goshawk.cfg +++ b/trillian/integration/goshawk.cfg @@ -5,7 +5,7 @@ source_log: < seconds: 1 > public_key: { - der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x44\x6d\x69\x2c\x00\xec\xf3\xc7\xbb\x87\x7e\x57\xea\x04\xc3\x4b\x49\x01\xc4\x9a\x19\xf2\x49\x9b\x4c\x44\x1c\xac\xe0\xff\x27\x11\xce\x94\xa8\x85\xd9\xed\x42\x22\x5c\x54\xf6\x33\x73\xa3\x3d\x8b\xe8\x53\x48\xf5\x57\x50\x61\x96\x30\x5b\xc4\x9b\xa3\x04\xc3\x4b" } > source_log: < @@ -15,7 +15,7 @@ source_log: < seconds: 1 > public_key: { - der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd6\xaf\x18\x80\x8c\x66\xc2\xcc\xb3\xb8\xd1\x84\x2a\xa7\xd3\x62\xae\x4f\xe3\xa5\x94\x41\x3d\x64\x65\x1c\x86\x63\x57\xc2\x06\x85\x1e\xa6\x3d\xa1\x27\x63\xc6\xcd\xe5\x9f\x41\xd6\x98\x87\x56\x19\x16\x15\x6c\xf8\x15\x35\x53\x1b\x7f\x39\x9a\x99\x38\x50\xba\x7e" } > dest_hub: < @@ -25,6 +25,6 @@ dest_hub: < seconds: 10 > public_key: { - der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x2d\x6c\xdc\x30\xf8\x03\x5e\x7f\x0f\x90\x69\xd3\xdf\xcd\xd3\xd3\x82\x45\x7b\x0e\xa2\xcb\xa9\x48\x4c\x97\xad\x3c\xc0\x88\x6f\xdb\xc2\x95\x28\xb6\x62\xa0\x2f\x81\x89\x32\x6e\xc7\xd4\x88\xc1\xf3\xd0\x5c\x54\x64\x74\xdc\x26\xb1\xcf\x74\xc5\x25\xa6\xa1\xeb\x0f" } > diff --git a/trillian/integration/gosmin.cfg b/trillian/integration/gosmin.cfg index a7b99d90cc..b1feaac45e 100644 --- a/trillian/integration/gosmin.cfg +++ b/trillian/integration/gosmin.cfg @@ -5,7 +5,7 @@ source_log: < seconds: 10 > public_key: { - der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x44\x6d\x69\x2c\x00\xec\xf3\xc7\xbb\x87\x7e\x57\xea\x04\xc3\x4b\x49\x01\xc4\x9a\x19\xf2\x49\x9b\x4c\x44\x1c\xac\xe0\xff\x27\x11\xce\x94\xa8\x85\xd9\xed\x42\x22\x5c\x54\xf6\x33\x73\xa3\x3d\x8b\xe8\x53\x48\xf5\x57\x50\x61\x96\x30\x5b\xc4\x9b\xa3\x04\xc3\x4b" } > source_log: < @@ -15,7 +15,7 @@ source_log: < seconds: 10 > public_key: { - der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd6\xaf\x18\x80\x8c\x66\xc2\xcc\xb3\xb8\xd1\x84\x2a\xa7\xd3\x62\xae\x4f\xe3\xa5\x94\x41\x3d\x64\x65\x1c\x86\x63\x57\xc2\x06\x85\x1e\xa6\x3d\xa1\x27\x63\xc6\xcd\xe5\x9f\x41\xd6\x98\x87\x56\x19\x16\x15\x6c\xf8\x15\x35\x53\x1b\x7f\x39\x9a\x99\x38\x50\xba\x7e" } > dest_hub: < @@ -25,7 +25,7 @@ dest_hub: < seconds: 25 > public_key: { - der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x07\xf8\x51\xaf\xaa\x8c\x56\x83\x90\x31\xb7\x80\xe3\xd6\x1a\xf7\x2f\x36\x06\x71\xec\xdd\x3b\xbe\x7e\x36\x6f\x0d\x1c\x1c\x60\x0b\x7f\xf5\x9f\xff\xe5\x24\x49\x34\x56\xf2\x4b\x10\x5f\xbf\x08\x1f\xf9\x0e\xcf\x35\xb5\x8a\x8a\x8b\x30\x0a\x54\xb7\xbf\x1d\x4d\xb9" + der: "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x2d\x6c\xdc\x30\xf8\x03\x5e\x7f\x0f\x90\x69\xd3\xdf\xcd\xd3\xd3\x82\x45\x7b\x0e\xa2\xcb\xa9\x48\x4c\x97\xad\x3c\xc0\x88\x6f\xdb\xc2\x95\x28\xb6\x62\xa0\x2f\x81\x89\x32\x6e\xc7\xd4\x88\xc1\xf3\xd0\x5c\x54\x64\x74\xdc\x26\xb1\xcf\x74\xc5\x25\xa6\xa1\xeb\x0f" } > root_cert: "-----BEGIN CERTIFICATE-----\nMIICQTCCAeegAwIBAgIEBAbK/jAKBggqhkjOPQQDAjBpMQswCQYDVQQGEwJHQjEP\nMA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xDzANBgNVBAoTBkdvb2ds\nZTEMMAoGA1UECxMDRW5nMRkwFwYDVQQDExBUZXN0R29zc2lwZXJSb290MB4XDTE4\nMDIyNTA4MTA1M1oXDTI4MDIyMzA4MTA1M1owaTELMAkGA1UEBhMCR0IxDzANBgNV\nBAgTBkxvbmRvbjEPMA0GA1UEBxMGTG9uZG9uMQ8wDQYDVQQKEwZHb29nbGUxDDAK\nBgNVBAsTA0VuZzEZMBcGA1UEAxMQVGVzdEdvc3NpcGVyUm9vdDBZMBMGByqGSM49\nAgEGCCqGSM49AwEHA0IABOqzZufPSU6hMJOIbljkjklDvQKBGYW9VenI6i7HSiyH\nccPUuh3F3fbbe2MrLtuRCjH7nqvcELPqBJsL3IVgQJijfTB7MB0GA1UdDgQWBBRq\n6hoXslGgHhrCVJMu4jrYlksyZjAfBgNVHSMEGDAWgBRq6hoXslGgHhrCVJMu4jrY\nlksyZjASBgNVHRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwICBDAVBgNVHSUE\nDjAMBgorBgEEAdZ5AgQGMAoGCCqGSM49BAMCA0gAMEUCIQCQCnWTIOlC6LqkcdH0\nfWZeNo5E3AaZBb9Tkv76ET2fJAIgOeGJvfiiOIlDV41/bIOg5eTHb/fxg80TCQBe\n6ia6ZS8=\n-----END CERTIFICATE-----"