From 807283538f0872811d31c95eddc288f34df6f32b Mon Sep 17 00:00:00 2001 From: Peter Davies Date: Wed, 18 May 2022 23:14:37 +0000 Subject: [PATCH] Add client authentication to Web3Signer validators (#3170) ## Issue Addressed Web3Signer validators do not support client authentication. This means the `--tls-known-clients-file` option on Web3Signer can't be used with Lighthouse. ## Proposed Changes Add two new fields to Web3Signer validators, `client_identity_path` and `client_identity_password`, which specify the path and password for a PKCS12 file containing a certificate and private key. If `client_identity_path` is present, use the certificate for SSL client authentication. ## Additional Info I am successfully validating on Prater using client authentication with Web3Signer and client authentication. --- book/src/validator-web3signer.md | 5 +- .../src/validator_definitions.rs | 10 ++++ common/eth2/src/lighthouse_vc/types.rs | 4 ++ testing/web3signer_tests/src/lib.rs | 32 +++++++++-- testing/web3signer_tests/tls/cert.pem | 32 ----------- testing/web3signer_tests/tls/generate.sh | 9 ++- testing/web3signer_tests/tls/key.key | 52 ------------------ testing/web3signer_tests/tls/key.p12 | Bin 4197 -> 0 bytes .../web3signer_tests/tls/lighthouse/cert.pem | 32 +++++++++++ .../tls/{ => lighthouse}/config | 2 +- .../web3signer_tests/tls/lighthouse/key.key | 52 ++++++++++++++++++ .../web3signer_tests/tls/lighthouse/key.p12 | Bin 0 -> 4189 bytes .../tls/lighthouse/password.txt | 1 + .../tls/lighthouse/web3signer.pem | 32 +++++++++++ .../web3signer_tests/tls/web3signer/cert.pem | 32 +++++++++++ .../web3signer_tests/tls/web3signer/config | 19 +++++++ .../web3signer_tests/tls/web3signer/key.key | 52 ++++++++++++++++++ .../web3signer_tests/tls/web3signer/key.p12 | Bin 0 -> 4197 bytes .../tls/web3signer/known_clients.txt | 1 + .../tls/{ => web3signer}/password.txt | 0 validator_client/src/http_api/mod.rs | 2 + validator_client/src/http_api/remotekeys.rs | 2 + validator_client/src/http_api/tests.rs | 2 + .../src/http_api/tests/keystores.rs | 2 + .../src/initialized_validators.rs | 36 +++++++++++- 25 files changed, 316 insertions(+), 95 deletions(-) delete mode 100644 testing/web3signer_tests/tls/cert.pem delete mode 100644 testing/web3signer_tests/tls/key.key delete mode 100644 testing/web3signer_tests/tls/key.p12 create mode 100644 testing/web3signer_tests/tls/lighthouse/cert.pem rename testing/web3signer_tests/tls/{ => lighthouse}/config (95%) create mode 100644 testing/web3signer_tests/tls/lighthouse/key.key create mode 100644 testing/web3signer_tests/tls/lighthouse/key.p12 create mode 100644 testing/web3signer_tests/tls/lighthouse/password.txt create mode 100644 testing/web3signer_tests/tls/lighthouse/web3signer.pem create mode 100644 testing/web3signer_tests/tls/web3signer/cert.pem create mode 100644 testing/web3signer_tests/tls/web3signer/config create mode 100644 testing/web3signer_tests/tls/web3signer/key.key create mode 100644 testing/web3signer_tests/tls/web3signer/key.p12 create mode 100644 testing/web3signer_tests/tls/web3signer/known_clients.txt rename testing/web3signer_tests/tls/{ => web3signer}/password.txt (100%) diff --git a/book/src/validator-web3signer.md b/book/src/validator-web3signer.md index 2de641d48b..103f1ccb3c 100644 --- a/book/src/validator-web3signer.md +++ b/book/src/validator-web3signer.md @@ -43,12 +43,15 @@ remote signer: type: web3signer url: "https://my-remote-signer.com:1234" root_certificate_path: /home/paul/my-certificates/my-remote-signer.pem + client_identity_path: /home/paul/my-keys/my-identity-certificate.p12 + client_identity_password: "password" ``` When using this file, the Lighthouse VC will perform duties for the `0xa5566..` validator and defer to the `https://my-remote-signer.com:1234` server to obtain any signatures. It will load a "self-signed" SSL certificate from `/home/paul/my-certificates/my-remote-signer.pem` (on the -filesystem of the VC) to encrypt the communications between the VC and Web3Signer. +filesystem of the VC) to encrypt the communications between the VC and Web3Signer. It will use +SSL client authentication with the "self-signed" certificate in `/home/paul/my-keys/my-identity-certificate.p12`. > The `request_timeout_ms` key can also be specified. Use this key to override the default timeout > with a new timeout in milliseconds. This is the timeout before requests to Web3Signer are diff --git a/common/account_utils/src/validator_definitions.rs b/common/account_utils/src/validator_definitions.rs index 4652370c38..3f4831ae17 100644 --- a/common/account_utils/src/validator_definitions.rs +++ b/common/account_utils/src/validator_definitions.rs @@ -72,6 +72,16 @@ pub enum SigningDefinition { /// The timeout is applied from when the request starts connecting until the response body has finished. #[serde(skip_serializing_if = "Option::is_none")] request_timeout_ms: Option, + + /// Path to a PKCS12 file. + #[serde(skip_serializing_if = "Option::is_none")] + client_identity_path: Option, + + /// Password for the PKCS12 file. + /// + /// An empty password will be used if this is omitted. + #[serde(skip_serializing_if = "Option::is_none")] + client_identity_password: Option, }, } diff --git a/common/eth2/src/lighthouse_vc/types.rs b/common/eth2/src/lighthouse_vc/types.rs index 9bf7546749..fe9b6a48c0 100644 --- a/common/eth2/src/lighthouse_vc/types.rs +++ b/common/eth2/src/lighthouse_vc/types.rs @@ -92,4 +92,8 @@ pub struct Web3SignerValidatorRequest { #[serde(default)] #[serde(skip_serializing_if = "Option::is_none")] pub request_timeout_ms: Option, + #[serde(skip_serializing_if = "Option::is_none")] + pub client_identity_path: Option, + #[serde(skip_serializing_if = "Option::is_none")] + pub client_identity_password: Option, } diff --git a/testing/web3signer_tests/src/lib.rs b/testing/web3signer_tests/src/lib.rs index 128c4a6fe9..800f988654 100644 --- a/testing/web3signer_tests/src/lib.rs +++ b/testing/web3signer_tests/src/lib.rs @@ -36,7 +36,9 @@ mod tests { use types::*; use url::Url; use validator_client::{ - initialized_validators::{load_pem_certificate, InitializedValidators}, + initialized_validators::{ + load_pem_certificate, load_pkcs12_identity, InitializedValidators, + }, validator_store::ValidatorStore, SlashingDatabase, SLASHING_PROTECTION_FILENAME, }; @@ -108,7 +110,18 @@ mod tests { } fn root_certificate_path() -> PathBuf { - tls_dir().join("cert.pem") + tls_dir().join("lighthouse").join("web3signer.pem") + } + + fn client_identity_path() -> PathBuf { + tls_dir().join("lighthouse").join("key.p12") + } + + fn client_identity_password() -> String { + fs::read_to_string(tls_dir().join("lighthouse").join("password.txt")) + .unwrap() + .trim() + .to_string() } /// A testing rig which holds a live Web3Signer process. @@ -155,8 +168,9 @@ mod tests { File::create(&keystore_dir.path().join("key-config.yaml")).unwrap(); serde_yaml::to_writer(key_config_file, &key_config).unwrap(); - let tls_keystore_file = tls_dir().join("key.p12"); - let tls_keystore_password_file = tls_dir().join("password.txt"); + let tls_keystore_file = tls_dir().join("web3signer").join("key.p12"); + let tls_keystore_password_file = tls_dir().join("web3signer").join("password.txt"); + let tls_known_clients_file = tls_dir().join("web3signer").join("known_clients.txt"); let stdio = || { if SUPPRESS_WEB3SIGNER_LOGS { @@ -173,7 +187,10 @@ mod tests { )) .arg(format!("--http-listen-host={}", listen_address)) .arg(format!("--http-listen-port={}", listen_port)) - .arg("--tls-allow-any-client=true") + .arg(format!( + "--tls-known-clients-file={}", + tls_known_clients_file.to_str().unwrap() + )) .arg(format!( "--tls-keystore-file={}", tls_keystore_file.to_str().unwrap() @@ -193,8 +210,11 @@ mod tests { let url = Url::parse(&format!("https://{}:{}", listen_address, listen_port)).unwrap(); let certificate = load_pem_certificate(root_certificate_path()).unwrap(); + let identity = + load_pkcs12_identity(client_identity_path(), &client_identity_password()).unwrap(); let http_client = Client::builder() .add_root_certificate(certificate) + .identity(identity) .build() .unwrap(); @@ -358,6 +378,8 @@ mod tests { url: signer_rig.url.to_string(), root_certificate_path: Some(root_certificate_path()), request_timeout_ms: None, + client_identity_path: Some(client_identity_path()), + client_identity_password: Some(client_identity_password()), }, }; ValidatorStoreRig::new(vec![validator_definition], spec).await diff --git a/testing/web3signer_tests/tls/cert.pem b/testing/web3signer_tests/tls/cert.pem deleted file mode 100644 index 7f2d5f1f2c..0000000000 --- a/testing/web3signer_tests/tls/cert.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFmTCCA4GgAwIBAgIUd6yn4o1bKr2YpzTxcBmoiM4PorkwDQYJKoZIhvcNAQEL -BQAwajELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMREwDwYDVQQHDAhTb21lQ2l0 -eTESMBAGA1UECgwJTXlDb21wYW55MRMwEQYDVQQLDApNeURpdmlzaW9uMRIwEAYD -VQQDDAkxMjcuMC4wLjEwIBcNMjEwOTA2MDgxMDU2WhgPMjEyMTA4MTMwODEwNTZa -MGoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTERMA8GA1UEBwwIU29tZUNpdHkx -EjAQBgNVBAoMCU15Q29tcGFueTETMBEGA1UECwwKTXlEaXZpc2lvbjESMBAGA1UE -AwwJMTI3LjAuMC4xMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx/a1 -SRqehj/D18166GcJh/zOyDtZCbeoLWcVfS1aBq+J1FFy4LYKWgwNhOYsrxHLhsIr -/LpHpRm/FFqLPxGNoEPMcJi1dLcELPcJAG1l+B0Ur52V/nxOmzn71Mi0WQv0oOFx -hOtUOToY3heVW0JXgrILhdD834mWdsxBWPhq1LeLZcMth4woMgD9AH4KzxUNtFvo -8i8IneEYvoDIQ8dGZ5lHnFV5kaC8Is0hevMljTw83E9BD0B/bpp+o2rByccVulsy -/WK763tFteDxK5eZZ3/5rRId+uoN5+D4oRnG6zuki0t7+eTZo1cUPi28IIDTNjPR -Xvw35dt+SdTDjtI/FUf8VWhLIHZZXaevFliuBbcuOMpWCdjAdwb7Uf9WpMnxzZtK -fatAC9dk3VPsehFcf6w/H+ah3tu/szAaDJ5zZb0m05cAxDZekZ9SccBIPglccM3f -vzNjrDIoi4z7uCiTJc2FW0qb2MzusQsGjtLW53n7IGoSIFDvOhiZa9D+vOE2wG6o -VNf2K9/QvwNDCzRvW81mcUCRr/BhcAmX5drwYPwUEcdBXQeFPt6nZ33fmIgl2Cbv -io9kUJzjlQWOZ6BX5FmC69dWAedcfHGY693tG6LQKk9a5B+NiuIB4m1bHcvjYhsh -GqVrw980YIN52RmIoskGRdt34/gKHWcqjIEK0+kCAwEAAaM1MDMwCwYDVR0PBAQD -AgQwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZI -hvcNAQELBQADggIBAILVu5ppYnumyxvchgSLAi/ahBZV/wmtI3X8vxOHuQwYF8rZ -7b2gd+PClJBuhxeOEJZTtCSDMMUdlBXsxnoftp0TcDhFXeAlSp0JQe38qGAlX94l -4ZH39g+Ut5kVpImb/nI/iQhdOSDzQHaivTMjhNlBW+0EqvVJ1YsjjovtcxXh8gbv -4lKpGkuT6xVRrSGsZh0LQiVtngKNqte8vBvFWBQfj9JFyoYmpSvYl/LaYjYkmCya -V2FbfrhDXDI0IereknqMKDs8rF4Ik6i22b+uG91yyJsRFh63x7agEngpoxYKYV6V -5YXIzH5kLX8hklHnLgVhES2ZjhheDgC8pCRUCPqR4+KVnQcFRHP9MJCqcEIFAppD -oHITdiFDs/qE0EDV9WW1iOWgBmdgxUZ8dh1CfW+7B72+Uy0/eXWdnlrRDe5cN/hs -xXpnLCMfzSDEMA4WmImabpU/fRXL7pazZENJj7iyIAr/pEL34+QjqVfWaXkWrHoN -KsrkxTdoZNVdarBDSw9JtMUECmnWYOjMaOm1O8waib9H1SlPSSPrK5pGT/6h1g0d -LM982X36Ej8XyW33E5l6qWiLVRye7SaAvZbVLsyd+cfemi6BPsK+y09eCs4a+Qp7 -9YWZOPT6s/ahJYdTGF961JZ62ypIioimW6wx8hAMCkKKfhn1WI0+0RlOrjbw ------END CERTIFICATE----- diff --git a/testing/web3signer_tests/tls/generate.sh b/testing/web3signer_tests/tls/generate.sh index 1e45bb61b5..f00e7b7e37 100755 --- a/testing/web3signer_tests/tls/generate.sh +++ b/testing/web3signer_tests/tls/generate.sh @@ -1,4 +1,7 @@ #!/bin/bash -openssl req -x509 -sha256 -nodes -days 36500 -newkey rsa:4096 -keyout key.key -out cert.pem -config config && -openssl pkcs12 -export -out key.p12 -inkey key.key -in cert.pem -password pass:$(cat password.txt) - +openssl req -x509 -sha256 -nodes -days 36500 -newkey rsa:4096 -keyout web3signer/key.key -out web3signer/cert.pem -config web3signer/config && +openssl pkcs12 -export -out web3signer/key.p12 -inkey web3signer/key.key -in web3signer/cert.pem -password pass:$(cat web3signer/password.txt) && +cp web3signer/cert.pem lighthouse/web3signer.pem && +openssl req -x509 -sha256 -nodes -days 36500 -newkey rsa:4096 -keyout lighthouse/key.key -out lighthouse/cert.pem -config lighthouse/config && +openssl pkcs12 -export -out lighthouse/key.p12 -inkey lighthouse/key.key -in lighthouse/cert.pem -password pass:$(cat lighthouse/password.txt) && +openssl x509 -noout -fingerprint -sha256 -inform pem -in lighthouse/cert.pem | cut -b 20-| sed "s/^/lighthouse /" > web3signer/known_clients.txt diff --git a/testing/web3signer_tests/tls/key.key b/testing/web3signer_tests/tls/key.key deleted file mode 100644 index 6f1331db1a..0000000000 --- a/testing/web3signer_tests/tls/key.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDH9rVJGp6GP8PX -zXroZwmH/M7IO1kJt6gtZxV9LVoGr4nUUXLgtgpaDA2E5iyvEcuGwiv8ukelGb8U -Wos/EY2gQ8xwmLV0twQs9wkAbWX4HRSvnZX+fE6bOfvUyLRZC/Sg4XGE61Q5Ohje -F5VbQleCsguF0PzfiZZ2zEFY+GrUt4tlwy2HjCgyAP0AfgrPFQ20W+jyLwid4Ri+ -gMhDx0ZnmUecVXmRoLwizSF68yWNPDzcT0EPQH9umn6jasHJxxW6WzL9Yrvre0W1 -4PErl5lnf/mtEh366g3n4PihGcbrO6SLS3v55NmjVxQ+LbwggNM2M9Fe/Dfl235J -1MOO0j8VR/xVaEsgdlldp68WWK4Fty44ylYJ2MB3BvtR/1akyfHNm0p9q0AL12Td -U+x6EVx/rD8f5qHe27+zMBoMnnNlvSbTlwDENl6Rn1JxwEg+CVxwzd+/M2OsMiiL -jPu4KJMlzYVbSpvYzO6xCwaO0tbnefsgahIgUO86GJlr0P684TbAbqhU1/Yr39C/ -A0MLNG9bzWZxQJGv8GFwCZfl2vBg/BQRx0FdB4U+3qdnfd+YiCXYJu+Kj2RQnOOV -BY5noFfkWYLr11YB51x8cZjr3e0botAqT1rkH42K4gHibVsdy+NiGyEapWvD3zRg -g3nZGYiiyQZF23fj+AodZyqMgQrT6QIDAQABAoICAGMICuZGmaXxJIPXDvzUMsM3 -cA14XvNSEqdRuzHAaSqQexk8sUEaxuurtnJQMGcP0BVQSsqiUuMwahKheP7mKZbq -nPBSoONJ1HaUbc/ZXjvP4zPKPsPHOoLj55WNRMwpAKFApaDnj1G8NR6g3WZR59ch -aFWAmAv5LxxsshxnAzmQIShnzj+oKSwCk0pQIfhG+/+L2UVAB+tw1HlcfFIc+gBK -yE1jg46c5S/zGZaznrBg2d9eHOF51uKm/vrd31WYFGmzyv/0iw7ngTG/UpF9Rgsd -NUECjPh8PCDPqTLX+kz7v9UAsEiljye2856LtfT++BuK9DEvhlt/Jf9YsPUlqPl3 -3wUG8yiqBQrlGTUY1KUdHsulmbTiq4Q9ch5QLcvazk+9c7hlB6WP+/ofqgIPSlDt -fOHkROmO7GURz78lVM8+E/pRgy6qDq+yM1uVMeWWme4hKfOAL2lnJDTO4PKNQA4b -03YXsdVSz4mm9ppnyHIPXei6/qHpU/cRRf261HNEI16eC0ZnoIAxhORJtxo6kMns -am4yuhHm9qLjbOI1uJPAgpR/o0O5NaBgkdEzJ102pmv2grf2U743n9bqu+y/vJF9 -HRmMDdJgZSmcYxQuLe0INzLDnTzOdmjbqjB6lDsSwtrEo/KLtXIStrFMKSHIE/QV -96u8nWPomN83HqkVvQmBAoIBAQDrs8eKAQ3meWtmsSqlzCNVAsJA1xV4DtNaWBTz -MJXwRWywem/sHCoPsJ7c5UTUjQDOfNEUu8iW/m60dt0U+81/O9TLBP1Td6jxLg8X -92atLs8wHQDUqrgouce0lyS7to+R3K+N8YtWL2y9w9jbf/XT9iTL5TXGc8RFrmMg -nDQ1EShojU0U0I1lKpDJTx2R1FANfyd3iHSsENRwYj5MF8iQSag79Ek06BKLWHHt -OJj2oiO3VIAKQYVA9aKxfiiOWXWumPHq7r6UoNJK3UNzfBvguhEzl8k6VjZBCR9q -WwvSTba4mOgHMIXdV/9Wr3y8Cus2lX5YGOK4OUx/ZaCdaBtZAoIBAQDZLwwZDHen -Iw1412m/D/6HBS38bX78t+0hL7LNqgVpiZdNbLq57SGRbUnZZ/jlmtyLw3be6BV3 -IcLyflYW+4Wi8AAqVADlXjMC+GIuDNCCicwWxJeIFaAGM7Jt6Fa08H/loIAMM7NC -y1CmQnCR9OnHRdcBaU1y4ForP4f8B/hwh3hSQEFPKgF/MQwDnR7UzPgRrUOTovN/ -4D7j1Wx6FpYX9hGZL0i2K1ygRZE03t6VV7xhCkne96VvDEj1Zo/S4HFaEmDD+EjR -pvXVhPRed7GZ6AMs2JxOPhRiu3G+AQL1HPMDlA8QiPtTh0Zf99j/5NXKBEyH/fp1 -V04L1s7wf7sRAoIBAQCb3/ftJ0dXDSNe9Xl7ziXrmXh3wwYasMtLawbn0VDHZlI7 -36zW28VhPO/CrAi5/En1RIxNBubgHIF/7T/GGcRMCXhvjuwtX+wlG821jtKjY1p3 -uiaLfh9uJ3aP0ojjbxdBYk3jNENuisyCLtviRZyAQb8R7JKEnJjHcE10CnloQuGT -SycXxdhMeDrqNt0aTOtoEZg7L83g4PxtGjuSvQPRkDSm+aXUTEm/R42IUS6vpIi0 -PDi1D6GdVRT0BrexdC4kelc6hAsbZcPM6MkrvX7+Pm8TzKSyZMNafTr+bhnCScy2 -BcEkyA0vVXuyizmVbi8hmPnGLyb4qEQT2FTA5FF5AoIBAQCEj0vCCjMKB8IUTN7V -aGzBeq7b0PVeSODqjZOEJk9RYFLCRigejZccjWky0lw/wGr2v6JRYbSgVzIHEod3 -VaP2lKh1LXqyhPF70aETXGz0EClKiEm5HQHkZy90GAi8PcLCpFkjmXbDwRcDs6/D -1onOQFmAGgbUpA1FMmzMrwy7mmQdR+zU5d2uBYDAv+jumACdwXRqq14WYgfgxgaE -6j5Id7+8EPk/f230wSFk9NdErh1j2YTHG76U7hml9yi33JgzEt6PHn9Lv61y2sjQ -1BvJxawSdk/JDekhbil5gGKOu1G0kG01eXZ1QC77Kmr/nWvD9yXDJ4j0kAop/b2n -Wz8RAoIBAQDn1ZZGOJuVRUoql2A65zwtu34IrYD+2zQQCBf2hGHtwXT6ovqRFqPV -vcQ7KJP+zVT4GimFlZy7lUx8H4j7+/Bxn+PpUHHoDYjVURr12wk2w8pxwcKnbiIw -qaMkF5KG2IUVb7F8STEuKv4KKeuRlB4K2HC2J8GZOLXO21iOqNMhMRO11wp9jkKI -n83wtLH34lLRz4VzIW3rfvPeVoP1zoDkLvD8k/Oyjrf4Bishg9vCHyhQkB1JDtMU -1bfH8mxwKozakpJa23a8lE5NLoc9NOZrKM4+cefY1MZ3FjlaZfkS5jlhY4Qhx+fl -+9j5xRPaH+mkJHaJIqzQad+b1A2eIa+L ------END PRIVATE KEY----- diff --git a/testing/web3signer_tests/tls/key.p12 b/testing/web3signer_tests/tls/key.p12 deleted file mode 100644 index 2f19e57f026ee5a944632d1ffdfbfc8e92aceb1a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4197 zcmV-r5Ss5Wf)HT>0Ru3C5GMu+Duzgg_YDCD0ic2q7zBb46flAi5HNxUKL!aZhDe6@ z4FLxRpn?W4FoFgw0s#Opf(9i92`Yw2hW8Bt2LUh~1_~;MNQUItqH+EowLDnPJJRdvl?^`SaGiDqiy_nhG4)O*G zww>H&yM))zQHwu#LfAQ5)E~($GmZSI83zVUiXRH{;BM6**_$s?X!gpjcydFd1w7UD zh51mhxh8BWq@GFnExZ5k@PgK7m+LJ0K1`^ie|SfJX^FPh9$xN7WC|)h*PiIKBnTDA z1t!H`AQb?LKmwLxH-Skr>wx{+on@Tiw6(vP_qJX)I@?C;1_9=6imdp1oj~|!<;cD` zYn_K*9-e_dcG2?J`*q`k8qF~;CE*8aQ0VuWoS$>ya7kHd*IT;7-W;F$3SPh#mLOQG zSfp*7BG+A$46~{n4PxGZTv##pm-8xz=#Q3`B7Z=Zd~5G#%^X3BE}OFdD$A6{`zxZJ zg8Uhe{Qa7hDLo(}vsQ>(=B4-pnfg92+Dq##@+xg^)hu)(*3aK6%}`C`_X2Di;--lV zaY(fGu$`-_?PlCn9l<{)K?X_odW<8RC~pWGJ-7}{p93hBekjNmw$Mcp;GdQK5yysc zMli3mxmoa330NG5esYm+Pmba9^>8uMXjmVvHKuuk&ozPkg;}4l&CoozVcA_drin`q2K(D^NorG zqIsTkYXsN0z7cbH8TyihM@ks9R0AT%cvbZ>m!cKNhnwb#qtL?cN|(nx*d8M+#dFVo zQ0HvD{l2v7?nxlfV{t!qku~342nV9<_N#hv)FCuPiI!^PLJ z*?MLZw%(tBoT*7ovQ#_6RQlP>Tu@BB?O*Nxuf`wrFsw}ofFDq{W=JQl6*@*Gzeg# z6nMyNUMSz<)clZy2!=OD5p%H~(k)Jf%T&s;79}F2AFQ8Z0;S2cG-2@1&8~X%Uz=AG zHQr7?klLHgCYM&C8pa~l9*NfZ8);yXci-yM6N0LIH}HCEE}R^p__WJtt=eIV~EcQReE|3hzFx2w{ZAXfFqC* zef8-q0vD(S(bm0ecz+Dq4kF`K4Zk#+<3?+uUJ*=!(PWdG){GO;g(e`>T}~O4FED`b zsMu-0Z#@g?1lx(j_kofyj@Ckq@=q$+;Q*Qntb6E20Ahcq2IdsaPB&$LdG9nBbZPZS zZw9^eR*U5dIe+?6=~GYWvH~ePEWjIU-L_{Dm@x)uU!yS~mJwVNUloEp#sk9zaR~2P zQ%;c42i^JaY^QnXjl@kPk2XcW8{mzXZ}gi9ZHy@XwX&zPjw=9>fero!q6_f*nEyCX z0*wFInbInYz0@1$*r^fqVm?G`2{jev4jJ>J@?5r+nxE}eJgHgn%{L30HzGF!!!TF- zEiuksgt%8B%dr-?eL2*S3C}w4o9O5$qT2B30Pi!Kil(5#ptquqFo&LNQUp zu?O8JQVaqD2ml0v2~ev;g{28v66kt1KU=0bPjgH-jvp(!*7W=54~hm{o8e7~pV&bd z+}rxDW_cIro;liiD_FW%%gnRSQ9%0a8(%sEHIXjeL-$Gst>&V{hDFFmi*%g1O&q;> z;bjkk{~Bde#FQjo6kYeo^AJwNBR!+?TT|Qn==QBa2DU@pSgbZL9RnStP8&lh=@t= zzRR`k7{tY3Kp@=izz9;h$Y;Q5!dW|tb;huk;?v6gYiT#|g|WpcV#KW#UI*(V`ANK` zR@Mlk*vt(roJ1?}%k%?KuV3kk~U( zNJ&0WW^ciKGV^|3D@A*o$?xuz4d8Mlh4aK@`WC4kl4YkVwOC#MYl3 z%b&A2T=bR2LJg+Rpk<{+rX4L-kM-Q>X20h#%Cp+_23{rZ`EUS5e1yJN*2@&zQut>?0J7nqQk8}k&cSzz1n5zsCPR^T;_Wo}nhVifod7L8<9PdE6-Wzu?pE=8hT#go=$B>O`GQfioWaSC%MUkvKtQ&FJutrf5) z?+ZdBa=-+}Nla3wKXk@&MXW$=jBh82rMlY9eKRxjQHh;>gZi_On`m#4g0A$KB0!C; zV?`2G_me7Educ8t4l-Kcs!F1wDvOD55Rd<_RP*#%#utZaBvHO4Hl+Zi9X>6*3#Yb> zOg@ycTA|oY0bSt-qa~Kjf?Loqpl}H@ao?L<{qd>6j;Q#D1Dm+LLpVUg?p8f89szH& z6wSlVpI|j?2*O{vfp^h5XYI}npmQ;l!x=Xr2FI=Oaw|F1sYsk5g;#Fq3f3Ic^`??x zIA8ys$i8*9@A^@-Z@1RqkT-`~UtMdpYOLyPM(D5PGUCZd=!nPxlwz5e9#kz9wvR@k zKM3LX>TKd-XJm(W6RR>!oEct*cR>0);Hk6H#|-07j_E% zJhs6FVSt-z$r+!}(8MubUpDw(>QkT_{(iIi`@YY;PoLm>$jrx8gfzZ{Vs@inrV81X zw*fvawlOrHKeQ-qU`PIep>me-5oINt^xuf?1pKO%WrUY}YgYX`ecw2GWvCguJ}%Dt51O=8)&w>rB)a!`5)GP_>H$5f1^LbM z9oZXuuYWeE`_sQakav}PKEN)@i|KF8a-&6$ClYV2$@kxGeSRv;d+f0#GLyeeM68+} zItScG`?{_>RNbZX7Up38&D&xt(SsG@g;n77hM|G~9Q&MjF@U_cEo zehPY2NBoSyH__@%9$6B~ApM$#Vf`ygm)%f_d;|5}?&Tqtr~$rtfZAH#jUuOEu3xfv zIbrjQR1_qW-zj84?k<{BBR6BEqW}XB%j`p;<1-o&wQt=5UwbIQBmYG}Y?pl^8fx)L zU(`BS5KnGXcE^8fxer0hYZYQ*2Wh;ua|HPzkWM}#sP;8QFOA^MC1*nw72T`pynpt+#V1xH%Wt za89yhLZV`PnZue46p?Z3L8{@Un1CnH&> z?9$n@|Gou}Y`IP;RN}U2)}A}^2t5u=w^W4AEBY7MDf+@x@VqbQDiq|Aiqj&g_X8d_ zFZO<3)dMc-W^Urd&hxpK4S0ryyd$w0Fm8m>!UmZ<@N9~dNX!2l1jfpzzpBc~_Xw4G z28MC|1iz(1GWb3dt8E_RWVW=iQa) z=pGM}^c@ptMCMNwgF$>e3q z=AiO;4ca|`gHvI0BloknjWJ%S;Y(k=ThR+huG7hWxFd@?X^LW0Lc%&;kQ=d8cO0~? zNVjEsVLCA-Fe3&DDuzgg_YDCF6)_eB6w_md)w*9lB6xjm-)4CsBsaKjyD%{@AutIB v1uG5%0vZJX1Qf&8yZ(lZvg>dBvmlr6`eL>??I#2X5r^iMF-ks`0s;sC%p3y` diff --git a/testing/web3signer_tests/tls/lighthouse/cert.pem b/testing/web3signer_tests/tls/lighthouse/cert.pem new file mode 100644 index 0000000000..061b0e3cd7 --- /dev/null +++ b/testing/web3signer_tests/tls/lighthouse/cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFmzCCA4OgAwIBAgIUXpTV/0rd/GAoCfCyzPOtwcb4t7YwDQYJKoZIhvcNAQEL +BQAwazELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMREwDwYDVQQHDAhTb21lQ2l0 +eTESMBAGA1UECgwJTXlDb21wYW55MRMwEQYDVQQLDApNeURpdmlzaW9uMRMwEQYD +VQQDDApsaWdodGhvdXNlMCAXDTIyMDUxMTEzNDEwOFoYDzIxMjIwNDE3MTM0MTA4 +WjBrMQswCQYDVQQGEwJVUzELMAkGA1UECAwCVkExETAPBgNVBAcMCFNvbWVDaXR5 +MRIwEAYDVQQKDAlNeUNvbXBhbnkxEzARBgNVBAsMCk15RGl2aXNpb24xEzARBgNV +BAMMCmxpZ2h0aG91c2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC0 +HrD6fJGcqm8zwEs+Y+FGIpRYPyjdlugj3qqwvMSI9jeDW2fr1zUl/wIuf4o+O16P +XZitHgAyg3lph1x/kKL59c4rwWxUabSudAQZ6YCJHo4jWf3hR+UmMQEdNPgNrofv +vGCA7CjLPKZfW6pzZo9kvMwbgeRNuJCuKZ0v/p9Y/lOplj+TTBq16HMtsSarib3b +nKEaRdLCQgTJS3vwbtEiCC9BcZAkvs0fmVUIENRVeKGZIqcAdiOTUPvs4zctchzJ +MGG+TA2ckKIpGT0F4be8gy1uHyP0fncJAtNvkGRPmVQcNew/HIIkJjiJvmrwewn4 +dYqYAe+aEL5AB4dZhlKjIPENfq38t7iY/aXV8COTQZGMEZ7Diext1JmEb34vEXgS +7Gk9ZSCp/1X+fk/wW4uQeRlGwblaRtRxBrfJWmEoQHohzyP4jog8dajSZTjUbsA+ +HGaeZo1k3M0i3lxRBbLGamPODIO9CVGwKaiEJTy4bEpreM2tLR1rk5JECf46WPUR +SN6OdHrO5x38wzQlUv+Hb4vN4p0ZkiGJO62Duuw6hbGA6UIBffM20QuJUtz3Pa8D +un/NunIagmIL5KCsrDtZkt5wBsX3XU6OPdfZrfgOIXNfQmpbbeAUOok1NOgszXjP +DKCsnxZZBtPhXC1VnRkiWK50GNmWe8MLqXR/G12TXwIDAQABozUwMzALBgNVHQ8E +BAMCBDAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEfwAAATANBgkq +hkiG9w0BAQsFAAOCAgEAcCGqC1nhjDiuF87LgzwuKdMV4NEpTGHa8aHrta/UrzO3 +Lf7fcQvB83tR3ZFk9ndlnDbTVr0seAqDDdJxUHyaA3lX6F5g8G6W8bm76w8b5vot +Vl4ohfcA0CIxbCpp773V0qjyZNj9wDIZg8cX8mXcRi4XoUDltD5/yUwRLVjjvJba +tF+vD3NWWuCGRu65qdR3JYJGr4MtbVo06uoeBXcgZrcDsb93chlsuyH337twq2fn +QbqHbuyxAjFxtv125Jmu6li3pu9FUQrnQWQVHzvt2zvR44vOx+yDQHtil9U7H0aU +Nrzqr9OPOApCr7oQ8GoHYn4C7TAs12U/xiPsvuM1puTzbw8ofuKczFRIA8nuyUHU +XTP/9oYyZ/Vs9qyAtIVCCyEfhSobfwZLLFAT4RWzQZ4H0JmtXfNdt+PFPSWg5MZA +W321uulq/JSa4MQUJbNUEeNYeG+NqjhviM00irpt2Baz2EbVAJMT4ClndRQOwrKT +15+icdyvgx5uZbEuvXK6kyU0AHESHxhzN6C5eHPEYkMjVYgftbE7R3cp9TEj3VvK +Ecd1SXTtKOq2J91te10UrceURqquGuGXVUO7PYGVYBNugjlH47qRIwtI0njPg3ep +10XBwkOm1CgvZxHaj4P0NJf+wih+K8Z5Dg1+90nnJ4mxGFFIW8m7Cfn1tPFmEPo= +-----END CERTIFICATE----- diff --git a/testing/web3signer_tests/tls/config b/testing/web3signer_tests/tls/lighthouse/config similarity index 95% rename from testing/web3signer_tests/tls/config rename to testing/web3signer_tests/tls/lighthouse/config index d19a89b02f..6295f7fa01 100644 --- a/testing/web3signer_tests/tls/config +++ b/testing/web3signer_tests/tls/lighthouse/config @@ -10,7 +10,7 @@ ST = VA L = SomeCity O = MyCompany OU = MyDivision -CN = 127.0.0.1 +CN = lighthouse [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth diff --git a/testing/web3signer_tests/tls/lighthouse/key.key b/testing/web3signer_tests/tls/lighthouse/key.key new file mode 100644 index 0000000000..bbc69ca38b --- /dev/null +++ b/testing/web3signer_tests/tls/lighthouse/key.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC0HrD6fJGcqm8z +wEs+Y+FGIpRYPyjdlugj3qqwvMSI9jeDW2fr1zUl/wIuf4o+O16PXZitHgAyg3lp +h1x/kKL59c4rwWxUabSudAQZ6YCJHo4jWf3hR+UmMQEdNPgNrofvvGCA7CjLPKZf +W6pzZo9kvMwbgeRNuJCuKZ0v/p9Y/lOplj+TTBq16HMtsSarib3bnKEaRdLCQgTJ +S3vwbtEiCC9BcZAkvs0fmVUIENRVeKGZIqcAdiOTUPvs4zctchzJMGG+TA2ckKIp +GT0F4be8gy1uHyP0fncJAtNvkGRPmVQcNew/HIIkJjiJvmrwewn4dYqYAe+aEL5A +B4dZhlKjIPENfq38t7iY/aXV8COTQZGMEZ7Diext1JmEb34vEXgS7Gk9ZSCp/1X+ +fk/wW4uQeRlGwblaRtRxBrfJWmEoQHohzyP4jog8dajSZTjUbsA+HGaeZo1k3M0i +3lxRBbLGamPODIO9CVGwKaiEJTy4bEpreM2tLR1rk5JECf46WPURSN6OdHrO5x38 +wzQlUv+Hb4vN4p0ZkiGJO62Duuw6hbGA6UIBffM20QuJUtz3Pa8Dun/NunIagmIL +5KCsrDtZkt5wBsX3XU6OPdfZrfgOIXNfQmpbbeAUOok1NOgszXjPDKCsnxZZBtPh +XC1VnRkiWK50GNmWe8MLqXR/G12TXwIDAQABAoICAQCXUo2W856Vwy5HiQ7t7JWv +CZAdj3pyp7yBnilC8GQhONGsntdw8M2rDVG05Nusqs4nnheNoX3C8mfHO7x/Q3FY +lKTQZ+DuDhyIz9k+N8kP6ca6dnlvkao3asYn1n9rZyy3QUjGJyGilWKlDGroJsrj +dCX6GidHEH8kgruXPdB7wLdi62KgCjkKiK5zPbhiNwd1gGJsoyqMn1BMGQmYFlHG +yJ+C2Lij1lSYboZcj18EK6N/9vfc0GPU+R2dh8qseIkskWQcruJknbJO2vBEh7yI +OKCrOqhHWRQCUwh1WxabNRLP3JGM+BNx8VZgisRnIsdeoMl+KWo1wklDm8+fa9Tx +4xquIy+4PzmobWXiWBpirF7bTNhyZ4vIaMSTOP5TYiliom/hJtcpAwLf9eXxMfti +vRAogZEtr0eKTieH72dwsBVx6wNlxhazvD+ZKIq7OIzJRA6Do2H+BAmz/l4mgVR/ +geL3u0fn0j/Y+8OyFE3P+8D/PqgPzLgTYa5QSp6JtHxNlVcmWefJiLtZDAJvPpeo +UVsA+E2BHsrGveLk15GF9F+vJ867qKT7luQac3zF7V0hE9pktUKM2gY+Jy455w5i +cMxyjt4RAKY8AHAmFvCRQHNdjU2o1UjVFgYsQTYsOdvAiyq0xEJFkbeR2Zxz2sJW +JWK+YlT+UEGDL5SCaXzP4QKCAQEA7gRAy/Xq0Fjq7UZvc7oJ62h6BmseFL9BuKlW +QmvVFAilYeQVejl/ubafyL4Z9ntEeCGTkv8H4DeALs9A/isFOcDxZDoelCETrSxI +CfXllob24276eTc5dBdHmofBjRgIbovnyuFRYzK5uDalVAxYsZPFOp9/qtGa25ex +uIcyJwX+ivqqtA9B5CHu7p/znNrp155xLwGpVczx4xGqjPPr5N2rwZFOXufGFULH +AKbJBSUxiMMJnb1rN8aIuTo/Utr3/i7hc7AUO3//qieyjLdXe8tESqgxzTNvfZk3 +qYtPk4GSHql7Eesxg19fzVdG+LTnzfRKOfOtcZJPRFGGW29fjwKCAQEAwbqXsZvC +7AmmmeVVAPL7q5pXAxSEMK7VsJzPJ7G6MRQ37YjkNRcCf7SRQqNBGQubVkv3Qzvc +rmMhT9I5QfCR2JXQtrH1y09eS45T6NYbRkT6NA3E3XNmRIPO+wIeDV32v5jJwhIk +7ayuG2zBsAryxNvg3us3pWHeIQ45sX0JqNil6BTemYRBrCZmCRWHndl72zDbtR23 +kVt9GKaycSPyCZQ7yE4ZWD2VsrbgEidVJEQagknsjQrldMO68GLbHCP2ZyrIUhKN +2eeuHJpZPz+pahQ55MAEvjIsJKPWsg8cut2Vo4sqgez+xiz0v/nWiPLtvxdN+DHP +tAVbrw+0NeqnMQKCAQB3GsO+DLpLNiOhRpzhAViTZ32glpu/8BEYMgzLQiCnXMg9 +myAwQHOs4DlG//IICJkzsEGjzmEHj15iji3MwoRj6SwiZn8EyySIhN8rtNQFplYH +a3KFk9/5OukG6CYvz7Xwc6wzNts+U5TiHN5Ql7kOa47HjicZuLfQaTFy0JyFMJe2 +vkcLwZLMcTqaSIpklJtt3Yhv6FnvaJYmdaGt1SXXKiIXw/m+via+XuMsbUmsfHc0 +I709JRtxFrU2U3J6qL5ugNEqzhLhz2SFpkXP6rMpbIcpAM+jCrkg1bon6mGQw8b1 +9wNx7Qqi3egX3jPSotxYkIVQSKMjcP6fhlhAixP7AoIBAH1ynKQwHurF3RIuxPqW +XY3jpZCjCm6T6GAzSpmDpvP9CbJRQKV4Pu//N0kVeiQDthUNoBHzg5WRL5MGqHkg +lPDRIpQLbQS4YnE+uus9KfA43mQyvlZAUerwB2nXFyrEu/GZuJxpL2yQszWjGVEr +5cTANT9kxWXcmACDu6xJMaYalGRSj0qNsBEP1GbxgB4hJOjtHHiNw77mpXz/BPHq +uuKlEIlGuXbAel19ul9HBQU07I2N3RYABlG0JStgeE4io35u38T1qtF+CusOr9gb +G1NLwal1Bh07VAZt6arnykzfC/UZOu9jTh96IQrnd5q65GUnbB/Z8Yu7JIGaA7Ie +PyECggEAPZlzqPCdNcmdoCSNIDCDYZBVf2xZX8591xdphMG59Jrckp5kl5LM5bjQ +tysj1LJpMK+l60b3r8BI8a4lvj+eBqwBUck82/IImTedE9/oLF3Z64kLd1tr3aGa +W5jLXjThFF20BqfD+YbmFVEdHTwN2L+4kN0VvP/6oLadxogTLwQruMFoPlsD4B19 +HDcAKe6OnyWMer/X9nq9OY6GFGc4X6wHjJ8pj4aa4HE8VNNq40GMkRZOZaJvaPqh +orK9SC50qdJtrVQeD4fhfZMVzmRyE4RSSQBPfc9zq/sO/pjUfV9uK4c99FDbviIf +JAkxGuYLZeyrHEyeKLm7S77SLipKWg== +-----END PRIVATE KEY----- diff --git a/testing/web3signer_tests/tls/lighthouse/key.p12 b/testing/web3signer_tests/tls/lighthouse/key.p12 new file mode 100644 index 0000000000000000000000000000000000000000..22b7d7f42545e5e8eb8996d09fae59cc796e9c82 GIT binary patch literal 4189 zcmY+GWl$81w};7K|;E_Lj-9QmhN&v$pxjmyQM*TL1F>HC4~hg z1-ZU6_ul`#AI_Ya=QrnkeSZ9Kpa~u>K0h1?1rT#bt43dv<37Me!ht{nIFRfwCgO(! zWd9QZkZ=J1Uj)O$#reC~|C8YIGXO~b`vVy+fS-bZ$bW64a)|lh7akrFP8gixoGjwgg{2fk;7(1+&o<>ji1D&?Q)`4!b==k89j6X56%LjN5gcHHS68p0lp5JT6Cn zhWiC00(sNCcz%2m)dncRR;U@BoYk$$q$M)^W40EgONl-DPA>!HFUrpId=* zWqzp1qzYi>Rc?(<)hhFS+C{p$G7G2XGJCL%Co2#4#xs^l;sEvf$#<{@g^o_c??$HH zUq7kZ%KE`LQa&onA~J4BMVgWo4e^4jgvxz@gI8%oH=o-n2g}tB3IL_!?Sa{_uh~e+ z&Tf_NQQ>NjCNaS*N$??H2Q;*R(W;No~9!j;xfg{^TpkbYYFvXyJHFSQj&aVFsmC zz(mvHkL@M}MGW9>dma0Bvp(t{PwS2n{HoZqJxdeglcRQiaK+bc)qbTmoqA~H+9@8| zLFFYY?j*ZVfn-$2V`tu2H}I|aNh2b3PtEt3KJU+roi0PLkb2taee2mQzt4c%8yoiZ z73;IN^VMH{CB)w%X7)+X1p-LuVkhsEauS1I?Bcfet$|)GE~E7Z709-P!Ob`22TqFw zvjQE$KOY*GG)Jn8SQNYrS|eH_R?@F4#^GEeq&t?8t#kWjD->5?QXEPZchSr4mdCsq z=p28pKEwEqx;HRp`D?V~O?lq02hkAKKn7jz+qp=-9TT3`{Z9^&k_v{7rw1IwxzUq3 zFQod_Bgq(5OM#;zRNuW(M7`Rk5f|~Bz0IrljApreToD%HyLG^;<+6U7x zhHg0;5Ilt(KxGphK5MvFL>*Ye41czY{i%@A-yW3C>gs!IEsvWNt;nA{zVPFY{iDeI zT)Qd96jCJ=(57=fT$$O`=>9MU5i@^H#b+`1sA%vo22Amx@kI9L_mHaV7ltV6m0I`4 z!8G}AcGF)(rL=K;zSjE<$d{=Z(DyBDB>LeH)jd4Av4F&hzm~2dN_3wz?eGpqgG8jT z$0phO{gM=GCpI*DC%K(jU$|OZ?W#gEXbL>>f7*jLZ6tdKIN6}*=^SddulI{k%JmmH zlN7y{GDfEZu^3rqV4mJ&pCokCFQZ3sSZSp13;gvR1>_ zD^#hkMG}c?P8(3xL3zWaC1##sZ}3GkN_I`CQ&+P;Ykgp%H{qBGrcD%_m9&TJ)5vX0 zoDKJpBz)GEe#EmqP(J@X_(?t3J})&MJiFS zo&(#PWr8Y%Ye0y!?UZ_cT4?ylAF%|rCgkXkd(V)H>UXb2apH8!M^^Heypj4@xnLjffwP-}6Fg2P^(RiuJP0!j@x?eQ?6D+2z zBrz64#V+YU_lQf3%>E@{3HCw6(sm3(Ds=K?Jv3hxSLOU0t9!0Ai>4^8+!hQuK&*_ z`2X63SpJbUD#TNBl<^ zAT__ZQ~IzZ(tYzwODuT&JxPOE*V!%J_&aYKJO7n$EV=LY2t9^1*-X3$NvMaiOe+U7 z8qkrnM2bw`bfE4psZ!C;Lk-i!8vN{36<>>70fZZb(OMri5kIMU*q%5 zBzU2!jQ;m;%~k!)Hy@O8DN_m8SaYGwncS76lDvsNY&y)JMYs|&wn@;h$lbC=ojc~z z*S{yIXg4`+9@741TRH^|Ja@@kOgC9qX@_NpMoFw^Bh(J#XcuO)3kWrK!rG+D&RlO` zi9Pz0O?V`DV(4Mi4K$2}vx)A$;aGZ?&m7+sdSm~ArM+Km2=Wd_pdAGoN93?D%v*4V z>MC@S;D5`seNp}W>qTCcWVw8y5eIQYE60|Vs9=m-=IO|8xP-p?O*Y^st=nW<2l-1; z`h|+E{pv&!%tD?^GG|Ni@pa%h{U6_@rq^IyKB=Dfc>^9J&vHR4v0M0c*~pNsPb?p4 zZ{v%D3LZc8l2g_*x_vVB1c)BBdor}ZtOU*}Io)AZ_Ir^3^q^DR9N9Do8~s(GF(er> z{cbJGd?@RaKD~nDVGk@{{C8&t>6GFy97%?B!i1bYp+U;oK;<^|S(5rDpVadO2zUF8 z{>r7wawn&u6L@^?NYzsAP>P6*?;wWj-$J!9sCX<&*1TN{nX+ zK2-v=Q?0baw)7{CbS-_4gbx*>1d58$`VD!!WB0F9JV>lDny(!6$OF9eUdGwFNGSdj zU6lH|Bp@9T$>{PS98?6vLG@u{YWB_640J$eFCT@j2EreCS++CH?<>Ml$`x_!p<8og zl9)MgA>pN4`EMhpa*u8$8TXuK4tTmn`saOiCSTX__}5EsM)XXe{&FLgaH^kFJSE`7 zXXJtqaNr6qz+IbRYv-TN^LmlP`?L7v9EN1qcvg)G%#1|5AI;@}LqL;!Q&g=bI#P<= zB#&|&6KC1xFgFWsmyarwh^-1wv=qqR?Q+u|cYAE|uJI&!Br@0l#(`CQwK6KxPGfNm z4-BIAXpfbP+rH!&g;r~|t<{)LKfJQtwGIS~aQzl%Nnv~Mv%|+kC27|mFDG7n+nb#% zMs2_N!qS$P!UX*==zYhMlM6$OPB!%CbL|b$@2=NlqX*EqmV2fFY9&sD7d2H_hhokL z4adC;-<&Jx)L5lUUej=-DK#-``I*_A5})N6^C$n{vFuFgA_Bp3g;d}uU%s%lXz8nR zVBfRVqbW#3-o0$9LEcqN!y21W8CvDuIqwV2dGCu*yhZLE`ZJJPC{! zuIVEwWZ1HEXLo@<`9mCs;60Xk6NC;(2mBg7xSl)M_t0PImOboM|V~492KpM65rG4{;^au36BtaU<~FD!tpf; zHX=fZvE)X>?DC#)`YLd1S|=`8fx{jPuA=wD@`OBT-J`ZU4X;tx3L+Yc{_VSCMMFg$ zstih6<-{BNxSjz~xJ~6DrK_cVz00Ism6nwK^x1QHiu8jF!7Is%tH%D7+6|Du?}Uhd znxq0tX%iQt*5`X!UuliXAs~<6*s7XSahKGvO4J^yB6;hZZ}!BNi7M~DZ9??b++Xh0 zheEV`7>g#ylE#;Z-nyzJJjMM2Pg;sqLPe2z+n)@6+-5E|jc-SEE&blO&#yuOt4f|H zu~bBaEr#7LgY;lnDG^i#Q=Pia?&4^#XKo6=|HqTE(KRoeUpls}K&rXDv)jV!(Rt@273IK$Syh;w(5D19J%|1}Dy z4`Sy+-3ibW(fy!$)L5d#O^1rLwd#S@%Us;Gc&m4J9pbuba5xnAz0>H6R?&s)Zhwt9 zw2pijmgThCk>s>|S0!sAgY!N7+~yP)Ng?&p1CUiEo6fl4xL-f0TE!EZFA%BQU%8uE z+oS$~l$verxX!nW2TJH2UULG?s?@-=A$;4}h+9y+ei3%0(u*-#%&7yuFKN5x!a`t!T0@5#A-zdM_?d)K`I zoD|QSO6tKv2I4=}A&cK5J8h zpY?y+88KJ@LI5Ii)~NCALa(P?yC;~9j*`?^CQ9=Q@H6uh0|Z{{l%!@jL(k literal 0 HcmV?d00001 diff --git a/testing/web3signer_tests/tls/lighthouse/password.txt b/testing/web3signer_tests/tls/lighthouse/password.txt new file mode 100644 index 0000000000..16da1460ff --- /dev/null +++ b/testing/web3signer_tests/tls/lighthouse/password.txt @@ -0,0 +1 @@ +bark diff --git a/testing/web3signer_tests/tls/lighthouse/web3signer.pem b/testing/web3signer_tests/tls/lighthouse/web3signer.pem new file mode 100644 index 0000000000..460cb8b400 --- /dev/null +++ b/testing/web3signer_tests/tls/lighthouse/web3signer.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFmzCCA4OgAwIBAgIUSHwf3lJKpa1BNR9rFOmxhoKTD1MwDQYJKoZIhvcNAQEL +BQAwazELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMREwDwYDVQQHDAhTb21lQ2l0 +eTESMBAGA1UECgwJTXlDb21wYW55MRMwEQYDVQQLDApNeURpdmlzaW9uMRMwEQYD +VQQDDAp3ZWIzc2lnbmVyMCAXDTIyMDUxMTEzNDEwOFoYDzIxMjIwNDE3MTM0MTA4 +WjBrMQswCQYDVQQGEwJVUzELMAkGA1UECAwCVkExETAPBgNVBAcMCFNvbWVDaXR5 +MRIwEAYDVQQKDAlNeUNvbXBhbnkxEzARBgNVBAsMCk15RGl2aXNpb24xEzARBgNV +BAMMCndlYjNzaWduZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDr +aQUU4O7K/aBAiH86RV3ye/Q7vguwplUNku317chzyFdB+OnGSUga6+zjdUmr8+49 +nki1q0rLEU/xJ0NpffTdzFgk1nk6Jh7Ly26q18SNpwpuwdvbajnTeh+BPSWZQL85 +xfO9th/RkJkgpzKukxK/npjvU6PbwiufSWI7mXNIgR0lIIacFXZ4RsD1PxZo/07k +toF0N+yLGW76yfeINRw43bG1MQxklePsk6zAUqJEi0tZmXqzh1NZHH5Q1VAEKKPW +yAVTDi3bWmvh3iSfgmckesjwUHANFeMhLpdiVTOi31OaILpx9HGRYYnqjW1AUZLo +SMKkyPsm6IN60GpAVI7TP3URVpTPPW78UeEUyeYN06tABYJsFWGFChg9Hf2yvcZU +2DDGdHpxut6h4WAwx9oL5rG4VSxFjhVi6ty3Hb9B0YFE/WNfV07wWPSQADZSK/kt +fhE+8zavQzjsxm2f1Ko5L/x8cIc5MS1xyaXn/UkoqH3QdWZC1aLs9NCl4F8ZE06g +jjvN9WdsCXmTEShqaXoRsZG7SfcQsu4gUUZ/fjbJ5hRf+QxMMKv42SUpqsRhslEF +/Pqu0WQd82CgG1a7XnfUO8BYSchTJZL55vx40ZZuQAu/ULsF7toa0lktijBxCPn3 +8HEnyLEyA3e8a93P0myWoxFn/fUpegT3TVSv33anqwIDAQABozUwMzALBgNVHQ8E +BAMCBDAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEfwAAATANBgkq +hkiG9w0BAQsFAAOCAgEA1Bn7mpa2eJUo4+1X5lVLWWwtXLAfKiBf6OWNfacLV6FL +gyKpvvESTGuA5VAS0O97TPd7uyzEbUMS75TdmfAT8zecO2aXMb7aTyX+QbMj2gmk +zou72Fl4o6V1IvYpjKaNBZCS3Hk67ivRYbQCamEOk5UX9/wCdLvC9PH5Y+WqcPaz +7RLXe3OXhRbfFax4+pWzZxsgSKrEi8ZZ5gRa/bdJVVsTqk9LwS/CbMjEAkdzIBLt +cQb9BcnTJcQvp6ehNIVMdEC7GLXcDkefw7CL1ZfEh3DoJD3hiR6QwdWtdG0etoUf +w8LHZhCJD0IZxLMHiE+qiN4xkx+cznol+gAc9sfmtVK1CAW9l1Aa8zw5AfAyCg3h +jr6ymfwY8zlO21yBmCTg2+yTbU/0CqkgimQeztoYCh7+67QgnSCJMk2ffR6GPj1q +pfLI/5QNoxdFvR/lkwj5h/HRp9JZKTV/R/g0Va4Arg3Y7RTezjCYkJnX37ScnQhg +JLIeXmksFkc+Oz3yA+r60rR72+lsVzE87BCs+L0y16zcQnU5NqJXrSMMqCkjbs9l +b682+tnJKLFGQrYia/FL/Sc2L2Tn5hba5wWQTMjGujg76fkMc6VIv1qG3VGR/V1G +r11UJ+WjEcdrwZUm7E76p9DfTce52kGqGXwfrv6kQjvLhipwjzgv429txzDy82k= +-----END CERTIFICATE----- diff --git a/testing/web3signer_tests/tls/web3signer/cert.pem b/testing/web3signer_tests/tls/web3signer/cert.pem new file mode 100644 index 0000000000..460cb8b400 --- /dev/null +++ b/testing/web3signer_tests/tls/web3signer/cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFmzCCA4OgAwIBAgIUSHwf3lJKpa1BNR9rFOmxhoKTD1MwDQYJKoZIhvcNAQEL +BQAwazELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMREwDwYDVQQHDAhTb21lQ2l0 +eTESMBAGA1UECgwJTXlDb21wYW55MRMwEQYDVQQLDApNeURpdmlzaW9uMRMwEQYD +VQQDDAp3ZWIzc2lnbmVyMCAXDTIyMDUxMTEzNDEwOFoYDzIxMjIwNDE3MTM0MTA4 +WjBrMQswCQYDVQQGEwJVUzELMAkGA1UECAwCVkExETAPBgNVBAcMCFNvbWVDaXR5 +MRIwEAYDVQQKDAlNeUNvbXBhbnkxEzARBgNVBAsMCk15RGl2aXNpb24xEzARBgNV +BAMMCndlYjNzaWduZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDr +aQUU4O7K/aBAiH86RV3ye/Q7vguwplUNku317chzyFdB+OnGSUga6+zjdUmr8+49 +nki1q0rLEU/xJ0NpffTdzFgk1nk6Jh7Ly26q18SNpwpuwdvbajnTeh+BPSWZQL85 +xfO9th/RkJkgpzKukxK/npjvU6PbwiufSWI7mXNIgR0lIIacFXZ4RsD1PxZo/07k +toF0N+yLGW76yfeINRw43bG1MQxklePsk6zAUqJEi0tZmXqzh1NZHH5Q1VAEKKPW +yAVTDi3bWmvh3iSfgmckesjwUHANFeMhLpdiVTOi31OaILpx9HGRYYnqjW1AUZLo +SMKkyPsm6IN60GpAVI7TP3URVpTPPW78UeEUyeYN06tABYJsFWGFChg9Hf2yvcZU +2DDGdHpxut6h4WAwx9oL5rG4VSxFjhVi6ty3Hb9B0YFE/WNfV07wWPSQADZSK/kt +fhE+8zavQzjsxm2f1Ko5L/x8cIc5MS1xyaXn/UkoqH3QdWZC1aLs9NCl4F8ZE06g +jjvN9WdsCXmTEShqaXoRsZG7SfcQsu4gUUZ/fjbJ5hRf+QxMMKv42SUpqsRhslEF +/Pqu0WQd82CgG1a7XnfUO8BYSchTJZL55vx40ZZuQAu/ULsF7toa0lktijBxCPn3 +8HEnyLEyA3e8a93P0myWoxFn/fUpegT3TVSv33anqwIDAQABozUwMzALBgNVHQ8E +BAMCBDAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0RBAgwBocEfwAAATANBgkq +hkiG9w0BAQsFAAOCAgEA1Bn7mpa2eJUo4+1X5lVLWWwtXLAfKiBf6OWNfacLV6FL +gyKpvvESTGuA5VAS0O97TPd7uyzEbUMS75TdmfAT8zecO2aXMb7aTyX+QbMj2gmk +zou72Fl4o6V1IvYpjKaNBZCS3Hk67ivRYbQCamEOk5UX9/wCdLvC9PH5Y+WqcPaz +7RLXe3OXhRbfFax4+pWzZxsgSKrEi8ZZ5gRa/bdJVVsTqk9LwS/CbMjEAkdzIBLt +cQb9BcnTJcQvp6ehNIVMdEC7GLXcDkefw7CL1ZfEh3DoJD3hiR6QwdWtdG0etoUf +w8LHZhCJD0IZxLMHiE+qiN4xkx+cznol+gAc9sfmtVK1CAW9l1Aa8zw5AfAyCg3h +jr6ymfwY8zlO21yBmCTg2+yTbU/0CqkgimQeztoYCh7+67QgnSCJMk2ffR6GPj1q +pfLI/5QNoxdFvR/lkwj5h/HRp9JZKTV/R/g0Va4Arg3Y7RTezjCYkJnX37ScnQhg +JLIeXmksFkc+Oz3yA+r60rR72+lsVzE87BCs+L0y16zcQnU5NqJXrSMMqCkjbs9l +b682+tnJKLFGQrYia/FL/Sc2L2Tn5hba5wWQTMjGujg76fkMc6VIv1qG3VGR/V1G +r11UJ+WjEcdrwZUm7E76p9DfTce52kGqGXwfrv6kQjvLhipwjzgv429txzDy82k= +-----END CERTIFICATE----- diff --git a/testing/web3signer_tests/tls/web3signer/config b/testing/web3signer_tests/tls/web3signer/config new file mode 100644 index 0000000000..4b7e40618c --- /dev/null +++ b/testing/web3signer_tests/tls/web3signer/config @@ -0,0 +1,19 @@ +[req] +default_bits = 4096 +default_md = sha256 +distinguished_name = req_distinguished_name +x509_extensions = v3_req +prompt = no +[req_distinguished_name] +C = US +ST = VA +L = SomeCity +O = MyCompany +OU = MyDivision +CN = web3signer +[v3_req] +keyUsage = keyEncipherment, dataEncipherment +extendedKeyUsage = serverAuth +subjectAltName = @alt_names +[alt_names] +IP.1 = 127.0.0.1 diff --git a/testing/web3signer_tests/tls/web3signer/key.key b/testing/web3signer_tests/tls/web3signer/key.key new file mode 100644 index 0000000000..6e5171f374 --- /dev/null +++ b/testing/web3signer_tests/tls/web3signer/key.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRQIBADANBgkqhkiG9w0BAQEFAASCCS8wggkrAgEAAoICAQDraQUU4O7K/aBA +iH86RV3ye/Q7vguwplUNku317chzyFdB+OnGSUga6+zjdUmr8+49nki1q0rLEU/x +J0NpffTdzFgk1nk6Jh7Ly26q18SNpwpuwdvbajnTeh+BPSWZQL85xfO9th/RkJkg +pzKukxK/npjvU6PbwiufSWI7mXNIgR0lIIacFXZ4RsD1PxZo/07ktoF0N+yLGW76 +yfeINRw43bG1MQxklePsk6zAUqJEi0tZmXqzh1NZHH5Q1VAEKKPWyAVTDi3bWmvh +3iSfgmckesjwUHANFeMhLpdiVTOi31OaILpx9HGRYYnqjW1AUZLoSMKkyPsm6IN6 +0GpAVI7TP3URVpTPPW78UeEUyeYN06tABYJsFWGFChg9Hf2yvcZU2DDGdHpxut6h +4WAwx9oL5rG4VSxFjhVi6ty3Hb9B0YFE/WNfV07wWPSQADZSK/ktfhE+8zavQzjs +xm2f1Ko5L/x8cIc5MS1xyaXn/UkoqH3QdWZC1aLs9NCl4F8ZE06gjjvN9WdsCXmT +EShqaXoRsZG7SfcQsu4gUUZ/fjbJ5hRf+QxMMKv42SUpqsRhslEF/Pqu0WQd82Cg +G1a7XnfUO8BYSchTJZL55vx40ZZuQAu/ULsF7toa0lktijBxCPn38HEnyLEyA3e8 +a93P0myWoxFn/fUpegT3TVSv33anqwIDAQABAoICAQDihR2kp4Rfw4luT2nNUm5C +JFAxJH/vLT5uX1Gm8XWPI9oC21dnu6Asd5RskrGfSouWszZXyUmg+TmpXRSa796t +hjHS0KW59HBxvYDx18mEXJXHWbcK/L5D5iFmpMYHH6xiFT6i8BrR9ofCSeCU52SF +CkEzGZJ0pfR/w4dIvjGWNNcsoI2mp2hl9/84fco8ol7x6UPL5vwwJPsLS0hqwmAz +v+994IKCT1EQllEGhv0pY7fPscXF9pOXDbnmYjwqpEhzJekpsF0j03A32R/4dOx2 +x8eOpngLv2Hczg5RSpbzRF4X0yJVANg/AlJJZmkYGOZ5qXnSQqqZF+dcSCvVVwhO +GS7uci6Mcy7Ov0Gj9HWX8As0SofPtUMuO7k/nJYOzcgY+4agyIDrylIeG86gdCDQ +hGVz+T5reJZIBMp66GPT6M8r36q50cx2x9nJjxLlIjvly1EruVjQoSMUfjewHG91 +xJI0iFhlbBrCpyLx3X0smMEr0vJzM5J0GtdxQdcSocDy5244+4zuslAXgsEYwHYx +WYFMsotRif8aB2b3OSt0yH+Heh06dZehvwWa4F4/3qlP48e0/CWIL7Y/tBgZv8Gh +n3F7HsHvMx6qQqMY5AxudbkpKdM9W84gXriHPIsO2oZEU6N65J/Bpq5Ve4JBlih1 +Ji0CtvHlAR2dhGkj6Q36MQKCAQEA9z/HTd8hd4FNEfn595OVWr9CeZc1zAlNa94I +lvTLhLEFcMkGsZd9KyV87MOV3p9m+XI7UJmqllIHOkwrECF2wzFssguPk+RAJ5hW +LZJgsF0fPnhX0qJFXzSNzzqAICES6+s9jvHMO9PhtF59uv4zsRFEBmKAr0AN8Zsk +rEk+2Tl2RgC+sxzRS767De9CrbSjxm+qAHuFFh8QX/N/mPoLUa+V5Oh2srA5bTHn +t0vyfQQ9+gqTBJDy51VGYlYw5OQBAiOPTgzbSmm2gqdWYgGn2Sp5IBQLF5nGGGsV +70DvnsoxViqpsv+yObAF9PqXnu6UGoB023Jr8x683bU9/jQFLQKCAQEA8735Vbbc +kncVJIpIlG7SDPmlLCFnxokvWWmyJS2J4SrIJJykn30qknGGZFFn67NB5PulAEaw +mdG58FIxxkm8bEKwebEhdnB9sP8k3TvddPKlBXYb1WuGxzyF/xlHniEJ7jN0YAAz +D1BLxTP1OM47iX5ocyVpOPbAdq/yZK0bffvIUy/QKLeJNx0d59PKpJRb4y6T/LvS +tp3UHrBqCNYYoKsZluS9Kg6WJF4g269yn2LSdtzQlAW1IT3DgO7h+2UBYI4FwMao +BZVew44CjljGCTA2KL4jdsqnTyt0qzzAiJZ0CGkJY9gal16ODHcBUKfNGYvjU8pf +2qDEiCn0HayXNwKCAQEAlOscLuHy9Viyw94NWbnRXlwOPM//fgooUIzmHY4Jur0o +arsZxgNZR5CHws82yGS4EAxmf3Bel7WGVu2jjk6pin2NW1utOcVjgrW1SjN8+xzL +gcPYGazVHbe4phU1MKTbEa+ZXyxx96LxscKr9eG/3qlokHPp0CRDgb8RApgHO6zp +eNZgBd+YjAewAH+YaKmBbza4bRv4l89T/Ibb1pbcFHIuVTZSr+OGYyeIyhT7U6Mn +dR/DVx+6vezVvMrvHh3aIaCrYrZJqnMrk1wYomUe5KU5WUHZQHjFINX22ykAamKb +/qsplP9/KFHF9Lyub/KAz8mJGNe8/y0HUn4kfaR1bQKCAQEAhZHTsx8UXMcZNP76 +qyzXuviLhVWBExFWez8quqjr6BKTv0yAAk6LJ9lCdnMN6eI/+AXW9AHJAWIm7QV9 +9VWvBfy9zNI+rjMTDg2j3ADUaSQXPpjsw9W69C+8loD5+DPOx1Q3L+ysDnZIL3c7 +qLeLdNtqzb7wnKDL876TrIwYhr+VldCb19RMQ4GXQ9WSNQKAIE0EF/mtjRmMhozS +bqk0scdRrJkI+KUpriBPDVRmEeYLw8taGePO0LqSCnPeLu+5A3qQuIWkyfqDBdMq +n2sSizJ6W3Vm5dBEQ2Ri+Pu/3pnkWD+HP8nLOKw+V6JXfCWYhaldGCvMv3heeufS +uPg9nQKCAQEAp/boT63JB+ahU3VQGtqwlDXkRS/Ge8a7FRp4kjdK7d1mtUDqOJ9U +l2RHgOkqhNuAPy64/07caDK3R7vKeOFmSXCV/WHIcgt46SRwFQECZeyA1R+EkTes +tseTngdFrQ10Xf+DmLNqCyX5KpgQf+ccluyyH6uK6FRI/VfU4sLrUGyOblqHq/c4 +bRR4nMwiw5yga45YhQH8uJF54MI7XaD2/hPCAIJBkx88taRzMUlWl1u1VQosIvtZ +5hCRepq9A44P61c+HI/5fzXAn2xvwR2EiV0hAYLn+rmYgBId/RfcstWUR78A9wpT +/OsV3MTX1gCaTE9Q2GlZVybDh20ZvdBC/g== +-----END PRIVATE KEY----- diff --git a/testing/web3signer_tests/tls/web3signer/key.p12 b/testing/web3signer_tests/tls/web3signer/key.p12 new file mode 100644 index 0000000000000000000000000000000000000000..459f4fb62e8abcc9d97ebb6d19435da2de188422 GIT binary patch literal 4197 zcmY+GbyO3KyT_>w1~NuUhZ2$wQOZ#Q5&~n&2nlJFkRHlQj_w)=h@^z{2np#C8z9{+ zAti`(bA8Xb_x|qv<2lbcpYM5|e?MO+8e&00ObSIq1b`r+Q1#FgYGQKYY&3+K3=LuU ziy=@nP~krjFdGeo{zW1r#6*7=-+vNfC_9kyzdzg}213DP6f0Ekpjhys1PKWRQ2-in z8oT71r^3dg79Gsk({6n(oS^>1GZe`{2zOq|qukUwBKNzT&b{Dnd)Is&QZ%kkmZI&D z2|hl$!;5F5`{Ai6 zm;x2WYs`xfSRTD3Q+fmr^RaU1m|wq1nJ+;cD`1{<4Y5|u1f-?+L|W@Ax17vqBZZGOZ%O)|4LHB)%tUY!_!%X|$;NKwOYjf(LhBJKL=`CNqdb06mpVn0}ptl@HnMcb@M9!q~g zP_Sv5>9t3uQctJK5e;i(Ykxy;Ey2^N_MX~=4;Ib(5i6kiPSON$WLJ7+HxH!vQa^m> zzuYNkdQHYI`bqYd`g10@Q^^mVPPA8t_y^TVE_9HgL!&HLy!-?6JowAs>Y3MmGHGv& z2dfi&)}-yez76YtCDajjyAfBMO!-7mA8r!Nu5+IC(3Okz&IESG@r~QJe5KnjEwa(Q z%Gs2%8i(V4^q7C#BkjM<(`40>Usl+ly$h2@ZTI8lJDK>8%Lc6${n`xqBd&fPolb82 z$PJcxcd~5O-rddaO5-#n1DHiYYtIf6#7)&mAKaR9;hn8YmB$M}TT^Tiw&^@kk=`bm zb_UHh+^N;DRjst^kKv;8esKwMwtgOYCMM?FZiHJJeLW5GO&%$T8XEHyfu}BXrf0`c zpP<>57$w!~J4jKf+SX6xccx_-U0juRw<(=fH0UC4UZrV{YA$*k9xZ?V;#>I4Z$BS} zwaek2?(M9_9a-&@apE5B%;)$se~wd$aL2;GbPYTW%qb9v4Lim{7<9AO^A3`k-m~Qk zgvABXym$Ho<3WMf<@P*KdSDRox*i3=->-&W$xE&EFg=>bmBi#mdgmtBWm*^;P>Bf) zkVi<2jNTUG8$SZyo~t#T!*y3Im@eb-gpLTM-zJj4Vaerd#*F?)_up{ME8P|~>KW8S z-ZtCXey%}$q;*v?%Hs73%DB4NGv&@BtOlO9xjBr|LM<9Cs8mQ9D9r4WrveK^=SZZf z_9xWe-s7(fAv`PG0hqD+M^gh6iBPds5bK*C8ZO_GS9vI$X|zpMmOo5>Z&@*rm`r|! zTHokTc8_L#@&cX9lk5a%N%kODQmu%NN`H9Xf}whaFPgn&xfx#25hN;dhi;tx^1$A4 z`k^n^&d{Dbi}vdp1~M&ut;pYD$D8k2a)xLM7x_t$)#~ZiKJ>{Y@2bHk99M)ff@f z9IW)73ynv3Bqb%49XPn0s={+3@MZ0GujkG>zF3`U*x^c9;;G#jM2@42sz%5FFm8$y z56qJi1^2j)U0w&NVcE6#mrzF=KLPo+Ou|_Hy&X|=!IHWO8Zt1;iz)ZJ_6G*Wc5I3$ zPdh}-K}5Klso1g59bhb1=}6@LRK=FeN33peQi2CnsaQ{^X;Dz4M@Ia9+l+RpEus8~ z+bSUCrO(K{NkbemS7tY!QQyjCI3{R-89?leWBiB2K1?WunX1sEBfn2td6EfVNIS)I zwX=@pj-j#~sJCvGH)&*2cvO)9MS}?cM-U`a9)7s{hdjB{9k05cL4su~I zCbyFJEGzeiQ1*{Rm(9~bk{n9Zx|HOIgNLHdl#{0FfwLf&23bC>vS8&FfmcDz8e85` z6paXz)K;m?T#ulHa6TAYxi*>2oma_w_eC%dhb{6nuFKp0X|LhjI7RgEJZd%kmZ;RW zuQ#inDMouT&~DR}^dnexkdEKRm@sqdls0Sn;3CX81aNb$vKvm$omWL<{ev@;XIcWs z%U+nd@C36WANrwBF`M2LxFxXQ_s%1^UaM>=WGP0`2xgTWQmKc$Z&If9B7q^b_`Se0 zO94ZkNmS3sse+>js(a6LYJ!$ho^95J2a;0CsVlx+ zn*G*v6E{~qJ^yESVYF(t2G78JysK)xt>0{xUP8elApg}x{|dvZwHqYZuu)WM&d#`) zm@$QGTt!CXBNeD?*7(KZ)sD+$8rTm^vrEnBC7d-M2GxJfSlQ$Kv}Q@cBJ=4|dB==5 ztYG{uycaddVRYLY3!Y33s^Q>{tL5rWJ(HM)J~Ip2Ji8zmn$F!I?mkG|7s>Xai!R?hPrp$Q z!?Aom87iS5GNQ!(PvfORQ^@vrW|#V3&XKYPpo-x+i3o?`wxLHIkgK~9&mvxcuvF!2 z5gpK;J+>bML($^IVQV5EHmt{Xpa_gP+! z!?}P}7vU;2=11^T^@A$6g2gtK&jzc0nL#v`*5n#A7AxBpPDiy0odJbWZ6xf;otT#` zy`}18@H{WQ`T!Pm$w1-=0Q^8mmu2}CXAH(iga1mZ3hpT9>wJJBPmuo=9H(^46ZS;2 z>18&#Yt!C|Mm3zf6kcPbB*jw{z97nuy}rsx%ak|o_fvVdv2RnvIU=Ze09y zOanT2GJ;F|J^x=EY+NwB5ZgHxQxej;G00Th3dz&H>M&CJg9k`}I;8o)ZWHH|c>#21-?O#w-EO-=k77 z$aqeF&AkNxrVyN!*#{bl!^Y+qBj6^4K=*)C$6@U`R`&cHRs9kAOR%yr@4NxO_CvMk zq@YGF>$Mai&zU}%;kn#&^UpgI$=!FG)rCLBR#YE>)ns$<#fpDY z%(UeTE$S~Qm3{pgUQ_?{rIn`cxab(dwr2sezD4&wV=H=g-tv;8cR+CQiRvl-EKjf@ zNf_UFy{jYD{NRK;g1V+bJ+rQNW?g>!bF8-WW`grCjFY)G=of^#q8-Ed(_osrpeHhd zdAIcyB~ck7M#^o0dFh>gBOT-(dY*Hj%TlYV~{U{(B>;clY%i&xDdcO~)WxHE=eMn3!ENyXRf9FJv`) zSpRVNn)Lf%bTnY1V-VtqaFAB zB+}q(w}ulW6!Ga|b2>jfK%=Q*t>+GBq)Y?XjLq2WO#3?qX?@--CPNB|^1L0r4lN5$ z`eX_JjzLoCgR2>#70=B;eL>Ab|NIL)akC!x@8%nr5rH?0V7ngpT_|HZtTBt?Eqk43 zzMJNS6sw-$(QDz^LAfcI{qBohj#bg(KY9T?Xs9z>jhZCjcuX=LnHCygL9jG=#5MW zR}J&9T4LGv^-+mfPa$AgS$YG{TiBhAC;GL)MVifZL<<5p(&MFF_fKo<-(Q$Vx|}aX za;3$1tsITROfJeRo4B~XD9<`lA;9YoW~|xeCi=5|R1mOK9FQ01(gaOK-hO?4thVsv zjRCG$4hk6JCRs}=z8C?hr%MN?iKs4+)WNsT=;p)b{Z+gA+9l)f!OO_Gk!=uuO{LZq z9x-_6(}GiZd#OuTPg#rc=EIG$kmr&n=7LtTRS)mc|I+4Ubu7Xt{-O%$KkznR5DZJ? z1eO~7<7W)3e2vkOt0wu~GYqvh2N&6Vo&GsO0EwLYH@OeHl1FSTKE4OXhvW|YD7?~1 z4V=kRvvt2PUoTMTp`J=-aMN)(fo|` zZa&bCq1PTuZe4~rAN213wlol( url: web3signer.url, root_certificate_path: web3signer.root_certificate_path, request_timeout_ms: web3signer.request_timeout_ms, + client_identity_path: web3signer.client_identity_path, + client_identity_password: web3signer.client_identity_password, }, }) .collect(); diff --git a/validator_client/src/http_api/remotekeys.rs b/validator_client/src/http_api/remotekeys.rs index 5c3ec73de3..402396d4b4 100644 --- a/validator_client/src/http_api/remotekeys.rs +++ b/validator_client/src/http_api/remotekeys.rs @@ -124,6 +124,8 @@ fn import_single_remotekey( url, root_certificate_path: None, request_timeout_ms: None, + client_identity_path: None, + client_identity_password: None, }, }; handle diff --git a/validator_client/src/http_api/tests.rs b/validator_client/src/http_api/tests.rs index da9c8dc534..210555d9c0 100644 --- a/validator_client/src/http_api/tests.rs +++ b/validator_client/src/http_api/tests.rs @@ -457,6 +457,8 @@ impl ApiTester { url: format!("http://signer_{}.com/", i), root_certificate_path: None, request_timeout_ms: None, + client_identity_path: None, + client_identity_password: None, } }) .collect(); diff --git a/validator_client/src/http_api/tests/keystores.rs b/validator_client/src/http_api/tests/keystores.rs index aa633d4de1..a381378ffe 100644 --- a/validator_client/src/http_api/tests/keystores.rs +++ b/validator_client/src/http_api/tests/keystores.rs @@ -40,6 +40,8 @@ fn web3signer_validator_with_pubkey(pubkey: PublicKey) -> Web3SignerValidatorReq url: web3_signer_url(), root_certificate_path: None, request_timeout_ms: None, + client_identity_path: None, + client_identity_password: None, } } diff --git a/validator_client/src/initialized_validators.rs b/validator_client/src/initialized_validators.rs index 2e00ef36c1..0d5d4ad76e 100644 --- a/validator_client/src/initialized_validators.rs +++ b/validator_client/src/initialized_validators.rs @@ -18,7 +18,7 @@ use eth2_keystore::Keystore; use lighthouse_metrics::set_gauge; use lockfile::{Lockfile, LockfileError}; use parking_lot::{MappedMutexGuard, Mutex, MutexGuard}; -use reqwest::{Certificate, Client, Error as ReqwestError}; +use reqwest::{Certificate, Client, Error as ReqwestError, Identity}; use slog::{debug, error, info, warn, Logger}; use std::collections::{HashMap, HashSet}; use std::fs::{self, File}; @@ -88,6 +88,11 @@ pub enum Error { /// Unable to read the root certificate file for the remote signer. InvalidWeb3SignerRootCertificateFile(io::Error), InvalidWeb3SignerRootCertificate(ReqwestError), + /// Unable to read the client certificate for the remote signer. + MissingWeb3SignerClientIdentityCertificateFile, + MissingWeb3SignerClientIdentityPassword, + InvalidWeb3SignerClientIdentityCertificateFile(io::Error), + InvalidWeb3SignerClientIdentityCertificate(ReqwestError), UnableToBuildWeb3SignerClient(ReqwestError), /// Unable to apply an action to a validator. InvalidActionOnValidator, @@ -238,6 +243,8 @@ impl InitializedValidator { url, root_certificate_path, request_timeout_ms, + client_identity_path, + client_identity_password, } => { let signing_url = build_web3_signer_url(&url, &def.voting_public_key) .map_err(|e| Error::InvalidWeb3SignerUrl(e.to_string()))?; @@ -254,6 +261,20 @@ impl InitializedValidator { builder }; + let builder = if let Some(path) = client_identity_path { + let identity = load_pkcs12_identity( + path, + &client_identity_password + .ok_or(Error::MissingWeb3SignerClientIdentityPassword)?, + )?; + builder.identity(identity) + } else { + if client_identity_password.is_some() { + return Err(Error::MissingWeb3SignerClientIdentityCertificateFile); + } + builder + }; + let http_client = builder .build() .map_err(Error::UnableToBuildWeb3SignerClient)?; @@ -294,6 +315,19 @@ pub fn load_pem_certificate>(pem_path: P) -> Result>( + pkcs12_path: P, + password: &str, +) -> Result { + let mut buf = Vec::new(); + File::open(&pkcs12_path) + .map_err(Error::InvalidWeb3SignerClientIdentityCertificateFile)? + .read_to_end(&mut buf) + .map_err(Error::InvalidWeb3SignerClientIdentityCertificateFile)?; + Identity::from_pkcs12_der(&buf, password) + .map_err(Error::InvalidWeb3SignerClientIdentityCertificate) +} + fn build_web3_signer_url(base_url: &str, voting_public_key: &PublicKey) -> Result { Url::parse(base_url)?.join(&format!("api/v1/eth2/sign/{}", voting_public_key)) }