From 82194e0c422966422f7a4e2157125c7ad8fbc5b5 Mon Sep 17 00:00:00 2001 From: Fei Long Wang Date: Thu, 22 Jan 2015 14:22:09 +1300 Subject: [PATCH] Make digest algorithm configurable It would be great to enhance Glance to use minimum of SHA2 to do digital signature for FIPS compliance. Since in FIPS(FEDERAL INFORMATION PROCESSING STANDARDS) says the SHA-1 is not suitable for general-purpose digital signature applications (as specified in FIPS 186-3) that require 112 bits of security. In the case of digital signatures, SHA-1 does not provide the 112 bits of collision resistance needed to achieve the security strength. Now we're using hardcode 'sha1'. So this patch will make it configurable firstly and set the default value as sha1 in Kilo for smooth upgrade, which will be changed with sha256 in next release(L). DocImpact UpgradeImapact SecurityImpact Closes-Bug: #1288545 Change-Id: I9236cc85f4e9881ac1aa35d69bc6761a59c1b6c8 --- doc/source/configuring.rst | 18 +++++ etc/glance-api.conf | 9 +++ glance/common/config.py | 9 +++ glance/common/utils.py | 11 ++- glance/tests/unit/common/test_utils.py | 11 +++ glance/tests/unit/test_opts.py | 12 ++-- glance/tests/var/ca.crt | 63 ++++++++--------- glance/tests/var/certificate.crt | 58 +++++++-------- glance/tests/var/privatekey.key | 98 +++++++++++++------------- 9 files changed, 173 insertions(+), 116 deletions(-) diff --git a/doc/source/configuring.rst b/doc/source/configuring.rst index 1f4dea4dc1..b726b9a15d 100644 --- a/doc/source/configuring.rst +++ b/doc/source/configuring.rst @@ -1395,3 +1395,21 @@ represent the proxy's URL. * ``public_endpoint=`` Optional. Default: ``None`` + +Configuring Glance digest algorithm +----------------------------------- + +Digest algorithm which will be used for digital signature; the default is +sha1 for a smooth upgrade process but the recommended value is sha256. Use the +command:: + + openssl list-message-digest-algorithms + +to get the available algorithms supported by the version of OpenSSL on the +platform. Examples are "sha1", "sha256", "sha512", etc. If an invalid +digest algorithm is configured, all digital signature operations will fail and +return a ValueError exception with "No such digest method" error. + +* ``digest_algorithm=`` + +Optional. Default: ``sha1`` diff --git a/etc/glance-api.conf b/etc/glance-api.conf index 6a94305f2e..67a3cdf72e 100644 --- a/etc/glance-api.conf +++ b/etc/glance-api.conf @@ -132,6 +132,15 @@ backlog = 4096 # Should be set to a random string of length 16, 24 or 32 bytes #metadata_encryption_key = <16, 24 or 32 char registry metadata key> + +# Digest algorithm which will be used for digital signature, the default is +# sha1 in Kilo for a smooth upgrade process, and it will be updated with +# sha256 in next release(L). Use command +# "openssl list-message-digest-algorithms" to get the available algorithms +# supported by the version of OpenSSL on the platform. Examples are 'sha1', +# 'sha256', 'sha512', etc. +#digest_algorithm = sha1 + # ============ Registry Options =============================== # Address to find the registry server diff --git a/glance/common/config.py b/glance/common/config.py index 81683438de..1ee0e2db17 100644 --- a/glance/common/config.py +++ b/glance/common/config.py @@ -150,6 +150,15 @@ common_opts = [ cfg.StrOpt('metadata_encryption_key', secret=True, help=_('Key used for encrypting sensitive metadata while ' 'talking to the registry or database.')), + cfg.StrOpt('digest_algorithm', default='sha1', + help=_('Digest algorithm which will be used for digital ' + 'signature; the default is sha1 the default in Kilo ' + 'for a smooth upgrade process, and it will be updated ' + 'with sha256 in next release(L). Use the command ' + '"openssl list-message-digest-algorithms" to get the ' + 'available algorithms supported by the version of ' + 'OpenSSL on the platform. Examples are "sha1", ' + '"sha256", "sha512", etc.')), ] CONF = cfg.CONF diff --git a/glance/common/utils.py b/glance/common/utils.py index a80becac25..def2e5915b 100644 --- a/glance/common/utils.py +++ b/glance/common/utils.py @@ -508,8 +508,15 @@ def validate_key_cert(key_file, cert_file): try: data = str(uuid.uuid4()) - digest = "sha1" - + digest = CONF.digest_algorithm + if digest == 'sha1': + LOG.warn('The FIPS (FEDERAL INFORMATION PROCESSING STANDARDS)' + ' state that the SHA-1 is not suitable for' + ' general-purpose digital signature applications (as' + ' specified in FIPS 186-3) that require 112 bits of' + ' security. The default value is sha1 in Kilo for a' + ' smooth upgrade process, and it will be updated' + ' with sha256 in next release(L).') out = crypto.sign(key, data, digest) crypto.verify(cert, out, data, digest) except crypto.Error as ce: diff --git a/glance/tests/unit/common/test_utils.py b/glance/tests/unit/common/test_utils.py index 1875d62fe8..0d02945a71 100644 --- a/glance/tests/unit/common/test_utils.py +++ b/glance/tests/unit/common/test_utils.py @@ -245,6 +245,7 @@ class TestUtils(test_utils.BaseTestCase): self.assertEqual("test passed", result(req, Fake())) def test_validate_key_cert_key(self): + self.config(digest_algorithm='sha256') var_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), '../../', 'var')) keyfile = os.path.join(var_dir, 'privatekey.key') @@ -273,6 +274,16 @@ class TestUtils(test_utils.BaseTestCase): utils.validate_key_cert, keyf.name, keyf.name) + def test_invalid_digest_algorithm(self): + self.config(digest_algorithm='fake_algorithm') + var_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), + '../../', 'var')) + keyfile = os.path.join(var_dir, 'privatekey.key') + certfile = os.path.join(var_dir, 'certificate.crt') + self.assertRaises(ValueError, + utils.validate_key_cert, + keyfile, certfile) + def test_valid_port(self): valid_inputs = [1, '1', 2, '3', '5', 8, 13, 21, '80', '3246', '65535'] diff --git a/glance/tests/unit/test_opts.py b/glance/tests/unit/test_opts.py index 1ef88ce1ca..d7243612fd 100644 --- a/glance/tests/unit/test_opts.py +++ b/glance/tests/unit/test_opts.py @@ -144,7 +144,8 @@ class OptsTestCase(utils.BaseTestCase): 'store_type_preference', 'flavor', 'config_file', - 'public_endpoint' + 'public_endpoint', + 'digest_algorithm', ] self._check_opt_groups(opt_list, expected_opt_groups) @@ -204,7 +205,8 @@ class OptsTestCase(utils.BaseTestCase): 'workers', 'max_header_line', 'flavor', - 'config_file' + 'config_file', + 'digest_algorithm', ] self._check_opt_groups(opt_list, expected_opt_groups) @@ -265,7 +267,8 @@ class OptsTestCase(utils.BaseTestCase): 'auth_strategy', 'auth_region', 'registry_host', - 'registry_port' + 'registry_port', + 'digest_algorithm', ] self._check_opt_groups(opt_list, expected_opt_groups) @@ -324,7 +327,8 @@ class OptsTestCase(utils.BaseTestCase): 'admin_tenant_name', 'auth_url', 'auth_strategy', - 'auth_region' + 'auth_region', + 'digest_algorithm', ] self._check_opt_groups(opt_list, expected_opt_groups) diff --git a/glance/tests/var/ca.crt b/glance/tests/var/ca.crt index 9d66ca6270..1384aa09e5 100644 --- a/glance/tests/var/ca.crt +++ b/glance/tests/var/ca.crt @@ -1,35 +1,32 @@ -----BEGIN CERTIFICATE----- -MIIGDDCCA/SgAwIBAgIJAPSvwQYk4qI4MA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV -BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMRUwEwYDVQQKEwxPcGVuc3RhY2sg -Q0ExEjAQBgNVBAsTCUdsYW5jZSBDQTESMBAGA1UEAxMJR2xhbmNlIENBMB4XDTEy -MDIwOTE3MTAwMloXDTIyMDIwNjE3MTAwMlowYTELMAkGA1UEBhMCQVUxEzARBgNV -BAgTClNvbWUtU3RhdGUxFTATBgNVBAoTDE9wZW5zdGFjayBDQTESMBAGA1UECxMJ -R2xhbmNlIENBMRIwEAYDVQQDEwlHbGFuY2UgQ0EwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQDmf+fapWfzy1Uylus0KGalw4X/5xZ+ltPVOr+IdCPbstvi -RTC5g+O+TvXeOP32V/cnSY4ho/+f2q730za+ZA/cgWO252rcm3Q7KTJn3PoqzJvX -/l3EXe3/TCrbzgZ7lW3QLTCTEE2eEzwYG3wfDTOyoBq+F6ct6ADh+86gmpbIRfYI -N+ixB0hVyz9427PTof97fL7qxxkjAayB28OfwHrkEBl7iblNhUC0RoH+/H9r5GEl -GnWiebxfNrONEHug6PHgiaGq7/Dj+u9bwr7J3/NoS84I08ajMnhlPZxZ8bS/O8If -ceWGZv7clPozyhABT/otDfgVcNH1UdZ4zLlQwc1MuPYN7CwxrElxc8Quf94ttGjb -tfGTl4RTXkDofYdG1qBWW962PsGl2tWmbYDXV0q5JhV/IwbrE1X9f+OksJQne1/+ -dZDxMhdf2Q1V0P9hZZICu4+YhmTMs5Mc9myKVnzp4NYdX5fXoB/uNYph+G7xG5IK -WLSODKhr1wFGTTcuaa8LhOH5UREVenGDJuc6DdgX9a9PzyJGIi2ngQ03TJIkCiU/ -4J/r/vsm81ezDiYZSp2j5JbME+ixW0GBLTUWpOIxUSHgUFwH5f7lQwbXWBOgwXQk -BwpZTmdQx09MfalhBtWeu4/6BnOCOj7e/4+4J0eVxXST0AmVyv8YjJ2nz1F9oQID -AQABo4HGMIHDMB0GA1UdDgQWBBTk7Krj4bEsTjHXaWEtI2GZ5ACQyTCBkwYDVR0j -BIGLMIGIgBTk7Krj4bEsTjHXaWEtI2GZ5ACQyaFlpGMwYTELMAkGA1UEBhMCQVUx -EzARBgNVBAgTClNvbWUtU3RhdGUxFTATBgNVBAoTDE9wZW5zdGFjayBDQTESMBAG -A1UECxMJR2xhbmNlIENBMRIwEAYDVQQDEwlHbGFuY2UgQ0GCCQD0r8EGJOKiODAM -BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQA8Zrss/MiwFHGmDlercE0h -UvzA54n/EvKP9nP3jHM2qW/VPfKdnFw99nEPFLhb+lN553vdjOpCYFm+sW0Z5Mi4 -qsFkk4AmXIIEFOPt6zKxMioLYDQ9Sw/BUv6EZGeANWr/bhmaE+dMcKJt5le/0jJm -2ahsVB9fbFu9jBFeYb7Ba/x2aLkEGMxaDLla+6EQhj148fTnS1wjmX9G2cNzJvj/ -+C2EfKJIuDJDqw2oS2FGVpP37FA2Bz2vga0QatNneLkGKCFI3ZTenBznoN+fmurX -TL3eJE4IFNrANCcdfMpdyLAtXz4KpjcehqpZMu70er3d30zbi1l0Ajz4dU+WKz/a -NQES+vMkT2wqjXHVTjrNwodxw3oLK/EuTgwoxIHJuplx5E5Wrdx9g7Gl1PBIJL8V -xiOYS5N7CakyALvdhP7cPubA2+TPAjNInxiAcmhdASS/Vrmpvrkat6XhGn8h9liv -ysDOpMQmYQkmgZBpW8yBKK7JABGGsJADJ3E6J5MMWBX2RR4kFoqVGAzdOU3oyaTy -I0kz5sfuahaWpdYJVlkO+esc0CRXw8fLDYivabK2tOgUEWeZsZGZ9uK6aV1VxTAY -9Guu3BJ4Rv/KP/hk7mP8rIeCwotV66/2H8nq72ImQhzSVyWcxbFf2rJiFQJ3BFwA -WoRMgEwjGJWqzhJZUYpUAQ== +MIIFlTCCA32gAwIBAgIJAMpqtavaLZlRMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRUwEwYDVQQKDAxPcGVuc3RhY2sg +Q0ExEjAQBgNVBAsMCUdsYW5jZSBDQTESMBAGA1UEAwwJR2xhbmNlIENBMB4XDTE0 +MDMxMzA0MTU0NFoXDTE3MDMxMjA0MTU0NFowYTELMAkGA1UEBhMCQVUxEzARBgNV +BAgMClNvbWUtU3RhdGUxFTATBgNVBAoMDE9wZW5zdGFjayBDQTESMBAGA1UECwwJ +R2xhbmNlIENBMRIwEAYDVQQDDAlHbGFuY2UgQ0EwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQCfRBNR3ula96wzKhpMkaFzvPOm0+ZZrujiNGg+9EDBoRpl +mqNn6Sy5eZwAsXzB5p7eR7/xy/Jz1MNi/oKQb7R1yn5Wj5k9BlE8QPT/dJdPDdLm +ZnaNl7+Jzv6y14lx8qDZ9SZ8Gnq/K49ygOcfTUpAo7meM/ZV4EArHknkjHGdETLP +IUHhEyjG1vbgsyYQbVtjHcPu0MRmYziJa48qwr1P5LwDj6LyXB1zEZx7kz3Wo9Et +zWQjJLxlPHEgKGCg6v53Dh2VNnat5y8cJ2JV450RwftDPuUhrP0Ofj3JRNK9b4l+ +D8uIVFf9jSHINOFHASgPRaF+YBqcTAy4wTctRqsYnspJ03e3kjrSf8rVAvF1gWY5 +Uaq81/CRI2noca5Edl6HVOty/Kz9YCLgauStN7f25SS0lSwmDnWg6e1XvjdCZB8C +SQy9XXRt5vLaXFSC+vz/OuQaeqk8Pe613wkMacNRkmeAcZsQiyD/ol7F8oagBmUc +QvmRJFQp7X7s20x7VO6xJRs4U64BtsWTHqNNG+hzR1BX6OyggFOxNHQ3msGMFGQu +Ft2hLtNFPixGYiAqk3qSTLLMZEetYzILaAwkmCCDCDV0p2h679aEB9Fe18BsP6dK +eGKocHU3+84fCR58ETXMs1qjzD81ye4kb2P4VG98W7R2PfKBba1kZhDQxAssLwID +AQABo1AwTjAdBgNVHQ4EFgQUlYvmSUw7LcOJgOVWRCh47F8y9yswHwYDVR0jBBgw +FoAUlYvmSUw7LcOJgOVWRCh47F8y9yswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B +AQsFAAOCAgEASJYIThn/3q7DfkXLiI9A/azXeDcF/2SIw33u4Xq1EQuAKpGj1Pou +jIYaZu8Kyl8O2VmA/bpPNa4Nz7cRmmCyg7+S3MNwaRcEDA2x2sLZpSGaptW4Jfh3 +5CT3hGoYhBlVijvdJlfUlq9dlra4INOguohVF/N+NTV1ngmsj3DWI93iJKhxfh1Y +xuIaCvXpdvr6BZ+avajnfw4Mn3r0jAMASa9LcFt39K6TXXiGjzmCit/LKBnFNZfk +YA7hazNhNkFEmrUaAUmB9kJE4wie6xqKJwxZmE6mSnHVYngN1fgIsB03bZSIYqxU +UWNIbCSyPpWPtMlLhCbsCONxRt4A3l91/p127ZGue3b5mjWBOlKWHvdEvBtoe6CZ +dFDeSgf4715hDb/mcVM9NeMRG3uqzJHIPu0nrJmz+3U6eQEmsdDEYvIdm4rJbEIr +PNsTkOfHeTsYcrxb3uHnZCRNKJLfLTZzDdK99fqhI5/LSbrJAhyS2W17oL3phNkP ++21eucnLzVGGBdnApt8vnknZ8XXVHXe6OzXT64IhI5/G4IU6UuJRJpQsIi9if37x +FVBdk3UUSsv8+1veyL5uk6cAkNuP2ZbsWsFImAHpyxPJnafgCTOYzgs0Nm4pmaEC +jSPA92UFJBz8lsgLfQ4R+tTHOhfKRQd0K/DmHXGOKnIB/5KKCHVhuuo= -----END CERTIFICATE----- diff --git a/glance/tests/var/certificate.crt b/glance/tests/var/certificate.crt index 3c1aa6363b..30336c3b0c 100644 --- a/glance/tests/var/certificate.crt +++ b/glance/tests/var/certificate.crt @@ -1,30 +1,32 @@ -----BEGIN CERTIFICATE----- -MIIFLjCCAxYCAQEwDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCQVUxEzARBgNV -BAgTClNvbWUtU3RhdGUxFTATBgNVBAoTDE9wZW5zdGFjayBDQTESMBAGA1UECxMJ -R2xhbmNlIENBMRIwEAYDVQQDEwlHbGFuY2UgQ0EwHhcNMTIwMjA5MTcxMDUzWhcN -MjIwMjA2MTcxMDUzWjBZMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0 -ZTESMBAGA1UEChMJT3BlbnN0YWNrMQ8wDQYDVQQLEwZHbGFuY2UxEDAOBgNVBAMT -BzAuMC4wLjAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXpUkQN6pu -avo+gz3o1K4krVdPl1m7NjNJDyD/+ZH0EGNcEN7iag1qPE7JsjqGPNZsQK1dMoXb -Sz+OSi9qvNeJnBcfwUx5qTAtwyAb9AxGkwuMafIU+lWbsclo+dPGsja01ywbXTCZ -bF32iqnpOMYhfxWUdoQYiBkhxxhW9eMPKLS/KkP8/bx+Vaa2XJiAebqkd9nrksAA -BeGc9mlafYBEmiChPdJEPw+1ePA4QVq9aPepDsqAKtGN8JLpmoC3BdxQQTbbwL3Q -8fTXK4tCNUaVk4AbDy/McFq6y0ocQoBPJjihOY35mWG/OLtcI99yPOpWGnps/5aG -/64DDJ2D67Fnaj6gKHV+6TXFO8KZxlnxtgtiZDJBZkneTBt9ArSOv+l6NBsumRz0 -iEJ4o4H1S2TSMnprAvX7WnGtc6Xi9gXahYcDHEelwwYzqAiTBv6hxSp4MZ2dNXa+ -KzOitC7ZbV2qsg0au0wjfE/oSQ3NvsvUr8nOmfutJTvHRAwbC1v4G/tuAsO7O0w2 -0u2B3u+pG06m5+rnEqp+rB9hmukRYTfgEFRRsVIvpFl/cwvPXKRcX03UIMx+lLr9 -Ft+ep7YooBhY3wY2kwCxD4lRYNmbwsCIVywZt40f/4ad98TkufR9NhsfycxGeqbr -mTMFlZ8TTlmP82iohekKCOvoyEuTIWL2+wIDAQABMA0GCSqGSIb3DQEBBQUAA4IC -AQBMUBgV0R+Qltf4Du7u/8IFmGAoKR/mktB7R1gRRAqsvecUt7kIwBexGdavGg1y -0pU0+lgUZjJ20N1SlPD8gkNHfXE1fL6fmMjWz4dtYJjzRVhpufHPeBW4tl8DgHPN -rBGAYQ+drDSXaEjiPQifuzKx8WS+DGA3ki4co5mPjVnVH1xvLIdFsk89z3b3YD1k -yCJ/a9K36x6Z/c67JK7s6MWtrdRF9+MVnRKJ2PK4xznd1kBz16V+RA466wBDdARY -vFbtkafbEqOb96QTonIZB7+fAldKDPZYnwPqasreLmaGOaM8sxtlPYAJ5bjDONbc -AaXG8BMRQyO4FyH237otDKlxPyHOFV66BaffF5S8OlwIMiZoIvq+IcTZOdtDUSW2 -KHNLfe5QEDZdKjWCBrfqAfvNuG13m03WqfmcMHl3o/KiPJlx8l9Z4QEzZ9xcyQGL -cncgeHM9wJtzi2cD/rTDNFsx/gxvoyutRmno7I3NRbKmpsXF4StZioU3USRspB07 -hYXOVnG3pS+PjVby7ThT3gvFHSocguOsxClx1epdUJAmJUbmM7NmOp5WVBVtMtC2 -Su4NG/xJciXitKzw+btb7C7RjO6OEqv/1X/oBDzKBWQAwxUC+lqmnM7W6oqWJFEM -YfTLnrjs7Hj6ThMGcEnfvc46dWK3dz0RjsQzUxugPuEkLA== +MIIFlTCCA32gAwIBAgIJAPstaPIRBPlgMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRUwEwYDVQQKDAxPcGVuc3RhY2sg +Q0ExEjAQBgNVBAsMCUdsYW5jZSBDQTESMBAGA1UEAwwJR2xhbmNlIENBMB4XDTE0 +MDMxMTA5NTMxNVoXDTE3MDMxMDA5NTMxNVowYTELMAkGA1UEBhMCQVUxEzARBgNV +BAgMClNvbWUtU3RhdGUxFTATBgNVBAoMDE9wZW5zdGFjayBDQTESMBAGA1UECwwJ +R2xhbmNlIENBMRIwEAYDVQQDDAlHbGFuY2UgQ0EwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQCfRBNR3ula96wzKhpMkaFzvPOm0+ZZrujiNGg+9EDBoRpl +mqNn6Sy5eZwAsXzB5p7eR7/xy/Jz1MNi/oKQb7R1yn5Wj5k9BlE8QPT/dJdPDdLm +ZnaNl7+Jzv6y14lx8qDZ9SZ8Gnq/K49ygOcfTUpAo7meM/ZV4EArHknkjHGdETLP +IUHhEyjG1vbgsyYQbVtjHcPu0MRmYziJa48qwr1P5LwDj6LyXB1zEZx7kz3Wo9Et +zWQjJLxlPHEgKGCg6v53Dh2VNnat5y8cJ2JV450RwftDPuUhrP0Ofj3JRNK9b4l+ +D8uIVFf9jSHINOFHASgPRaF+YBqcTAy4wTctRqsYnspJ03e3kjrSf8rVAvF1gWY5 +Uaq81/CRI2noca5Edl6HVOty/Kz9YCLgauStN7f25SS0lSwmDnWg6e1XvjdCZB8C +SQy9XXRt5vLaXFSC+vz/OuQaeqk8Pe613wkMacNRkmeAcZsQiyD/ol7F8oagBmUc +QvmRJFQp7X7s20x7VO6xJRs4U64BtsWTHqNNG+hzR1BX6OyggFOxNHQ3msGMFGQu +Ft2hLtNFPixGYiAqk3qSTLLMZEetYzILaAwkmCCDCDV0p2h679aEB9Fe18BsP6dK +eGKocHU3+84fCR58ETXMs1qjzD81ye4kb2P4VG98W7R2PfKBba1kZhDQxAssLwID +AQABo1AwTjAdBgNVHQ4EFgQUlYvmSUw7LcOJgOVWRCh47F8y9yswHwYDVR0jBBgw +FoAUlYvmSUw7LcOJgOVWRCh47F8y9yswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B +AQsFAAOCAgEAPsdd6QAA87kUBM+kFFJGIygfyOafOaykemE1i/TUwGODPaJIepLo +NDeXA9RGYdYq9bmTei+lrMPCQdUCivwF1oQBYl0NIB+k8As1QgF0oE40MA3J1vQV +JlsdhTrFX3pY9VugcoPBqf0ByuJpDRpzH0NIePu84/q4i+BOPPwcumqe3b54bgYS +v8Tx5VJY7nmoSFpFwiiAwGptcR0ERQjkxpitNxPtRO3nGP2QHsC43mWbsrEYN75O ++PrPN2sFSGEzOOMHOrkfHBSQfH3EtTVQ/oFaFy6XEYuoAkoy0ATOmHBobMQdLjmP +97TJCRLpxdNFSj2TNPiZUaj/9aMFGKrEmnHsZJHs0f20EfW9BaRmLNIt+C9OPwgX +cAGkEMSDhjQye+KSvoAMev/0SgTzLjq8e3P3DuG+z3n4Khs76fFdFRiBvqt78Jb3 +JKCCvTBqSccIkhEMME9lI5OaoNWr4n56hmcbf53/5H752HlGfwOSTdUgdgao6jwV +8Z1+jhGMDJuA00f9urSUwsABvZaUHasWrmGpSAVp0u3XuGF333Q7tcP/OYDwTJ6e +y6hHFkOQP7AohrNdNSfPgbRyIn2R7zCoP889PGrU+RJNVMt60/5Ubl6UM5XCJWvj +aZF+f/OVb/0PdvPuxswPirnetQ6poxFhkDp0ymS0sdr4SnjGHFnKLC4= -----END CERTIFICATE----- diff --git a/glance/tests/var/privatekey.key b/glance/tests/var/privatekey.key index b63df3d29d..c7e4cd1bf1 100644 --- a/glance/tests/var/privatekey.key +++ b/glance/tests/var/privatekey.key @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEA16VJEDeqbmr6PoM96NSuJK1XT5dZuzYzSQ8g//mR9BBjXBDe -4moNajxOybI6hjzWbECtXTKF20s/jkovarzXiZwXH8FMeakwLcMgG/QMRpMLjGny -FPpVm7HJaPnTxrI2tNcsG10wmWxd9oqp6TjGIX8VlHaEGIgZIccYVvXjDyi0vypD -/P28flWmtlyYgHm6pHfZ65LAAAXhnPZpWn2ARJogoT3SRD8PtXjwOEFavWj3qQ7K -gCrRjfCS6ZqAtwXcUEE228C90PH01yuLQjVGlZOAGw8vzHBaustKHEKATyY4oTmN -+Zlhvzi7XCPfcjzqVhp6bP+Whv+uAwydg+uxZ2o+oCh1fuk1xTvCmcZZ8bYLYmQy -QWZJ3kwbfQK0jr/pejQbLpkc9IhCeKOB9Utk0jJ6awL1+1pxrXOl4vYF2oWHAxxH -pcMGM6gIkwb+ocUqeDGdnTV2viszorQu2W1dqrINGrtMI3xP6EkNzb7L1K/Jzpn7 -rSU7x0QMGwtb+Bv7bgLDuztMNtLtgd7vqRtOpufq5xKqfqwfYZrpEWE34BBUUbFS -L6RZf3MLz1ykXF9N1CDMfpS6/Rbfnqe2KKAYWN8GNpMAsQ+JUWDZm8LAiFcsGbeN -H/+GnffE5Ln0fTYbH8nMRnqm65kzBZWfE05Zj/NoqIXpCgjr6MhLkyFi9vsCAwEA -AQKCAgAA96baQcWr9SLmQOR4NOwLEhQAMWefpWCZhU3amB4FgEVR1mmJjnw868RW -t0v36jH0Dl44us9K6o2Ab+jCi9JTtbWM2Osk6JNkwSlVtsSPVH2KxbbmTTExH50N -sYE3tPj12rlB7isXpRrOzlRwzWZmJBHOtrFlAsdKFYCQc03vdXlKGkBv1BuSXYP/ -8W5ltSYXMspxehkOZvhaIejbFREMPbzDvGlDER1a7Q320qQ7kUr7ISvbY1XJUzj1 -f1HwgEA6w/AhED5Jv6wfgvx+8Yo9hYnflTPbsO1XRS4x7kJxGHTMlFuEsSF1ICYH -Bcos0wUiGcBO2N6uAFuhe98BBn+nOwAPZYWwGkmVuK2psm2mXAHx94GT/XqgK/1r -VWGSoOV7Fhjauc2Nv8/vJU18DXT3OY5hc4iXVeEBkuZwRb/NVUtnFoHxVO/Mp5Fh -/W5KZaLWVrLghzvSQ/KUIM0k4lfKDZpY9ZpOdNgWDyZY8tNrXumUZZimzWdXZ9vR -dBssmd8qEKs1AHGFnMDt56IjLGou6j0qnWsLdR1e/WEFsYzGXLVHCv6vXRNkbjqh -WFw5nA+2Dw1YAsy+YkTfgx2pOe+exM/wxsVPa7tG9oZ374dywUi1k6VoHw5dkmJw -1hbXqSLZtx2N51G+SpGmNAV4vLUF0y3dy2wnrzFkFT4uxh1w8QKCAQEA+h6LwHTK -hgcJx6CQQ6zYRqXo4wdvMooY1FcqJOq7LvJUA2CX5OOLs8qN1TyFrOCuAUTurOrM -ABlQ0FpsIaP8TOGz72dHe2eLB+dD6Bqjn10sEFMn54zWd/w9ympQrO9jb5X3ViTh -sCcdYyXVS9Hz8nzbbIF+DaKlxF2Hh71uRDxXpMPxRcGbOIuKZXUj6RkTIulzqT6o -uawlegWxch05QSgzq/1ASxtjTzo4iuDCAii3N45xqxnB+fV9NXEt4R2oOGquBRPJ -LxKcOnaQKBD0YNX4muTq+zPlv/kOb8/ys2WGWDUrNkpyJXqhTve4KONjqM7+iL/U -4WdJuiCjonzk/QKCAQEA3Lc+kNq35FNLxMcnCVcUgkmiCWZ4dyGZZPdqjOPww1+n -bbudGPzY1nxOvE60dZM4or/tm6qlXYfb2UU3+OOJrK9s297EQybZ8DTZu2GHyitc -NSFV3Gl4cgvKdbieGKkk9X2dV9xSNesNvX9lJEnQxuwHDTeo8ubLHtV88Ml1xokn -7W+IFiyEuUIL4e5/fadbrI3EwMrbCF4+9VcfABx4PTNMzdc8LsncCMXE+jFX8AWp -TsT2JezTe5o2WpvBoKMAYhJQNQiaWATn00pDVY/70H1vK3ljomAa1IUdOr/AhAF7 -3jL0MYMgXSHzXZOKAtc7yf+QfFWF1Ls8+sen1clJVwKCAQEAp59rB0r+Iz56RmgL -5t7ifs5XujbURemY5E2aN+18DuVmenD0uvfoO1DnJt4NtCNLWhxpXEdq+jH9H/VJ -fG4a+ydT4IC1vjVRTrWlo9qeh4H4suQX3S1c2kKY4pvHf25blH/Lp9bFzbkZD8Ze -IRcOxxb4MsrBwL+dGnGYD9dbG63ZCtoqSxaKQSX7VS1hKKmeUopj8ivFBdIht5oz -JogBQ/J+Vqg9u1gagRFCrYgdXTcOOtRix0lW336vL+6u0ax/fXe5MjvlW3+8Zc3p -pIBgVrlvh9ccx8crFTIDg9m4DJRgqaLQV+0ifI2np3WK3RQvSQWYPetZ7sm69ltD -bvUGvQKCAQAz5CEhjUqOs8asjOXwnDiGKSmfbCgGWi/mPQUf+rcwN9z1P5a/uTKB -utgIDbj/q401Nkp2vrgCNV7KxitSqKxFnTjKuKUL5KZ4gvRtyZBTR751/1BgcauP -pJYE91K0GZBG5zGG5pWtd4XTd5Af5/rdycAeq2ddNEWtCiRFuBeohbaNbBtimzTZ -GV4R0DDJKf+zoeEQMqEsZnwG0mTHceoS+WylOGU92teQeG7HI7K5C5uymTwFzpgq -ByegRd5QFgKRDB0vWsZuyzh1xI/wHdnmOpdYcUGre0zTijhFB7ALWQ32P6SJv3ps -av78kSNxZ4j3BM7DbJf6W8sKasZazOghAoIBAHekpBcLq9gRv2+NfLYxWN2sTZVB -1ldwioG7rWvk5YQR2akukecI3NRjtC5gG2vverawG852Y4+oLfgRMHxgp0qNStwX -juTykzPkCwZn8AyR+avC3mkrtJyM3IigcYOu4/UoaRDFa0xvCC1EfumpnKXIpHag -miSQZf2sVbgqb3/LWvHIg/ceOP9oGJve87/HVfQtBoLaIe5RXCWkqB7mcI/exvTS -8ShaW6v2Fe5Bzdvawj7sbsVYRWe93Aq2tmIgSX320D2RVepb6mjD4nr0IUaM3Yed -TFT7e2ikWXyDLLgVkDTU4Qe8fr3ZKGfanCIDzvgNw6H1gRi+2WQgOmjilMQ= +MIIJKAIBAAKCAgEAn0QTUd7pWvesMyoaTJGhc7zzptPmWa7o4jRoPvRAwaEaZZqj +Z+ksuXmcALF8weae3ke/8cvyc9TDYv6CkG+0dcp+Vo+ZPQZRPED0/3SXTw3S5mZ2 +jZe/ic7+steJcfKg2fUmfBp6vyuPcoDnH01KQKO5njP2VeBAKx5J5IxxnREyzyFB +4RMoxtb24LMmEG1bYx3D7tDEZmM4iWuPKsK9T+S8A4+i8lwdcxGce5M91qPRLc1k +IyS8ZTxxIChgoOr+dw4dlTZ2recvHCdiVeOdEcH7Qz7lIaz9Dn49yUTSvW+Jfg/L +iFRX/Y0hyDThRwEoD0WhfmAanEwMuME3LUarGJ7KSdN3t5I60n/K1QLxdYFmOVGq +vNfwkSNp6HGuRHZeh1Trcvys/WAi4GrkrTe39uUktJUsJg51oOntV743QmQfAkkM +vV10beby2lxUgvr8/zrkGnqpPD3utd8JDGnDUZJngHGbEIsg/6JexfKGoAZlHEL5 +kSRUKe1+7NtMe1TusSUbOFOuAbbFkx6jTRvoc0dQV+jsoIBTsTR0N5rBjBRkLhbd +oS7TRT4sRmIgKpN6kkyyzGRHrWMyC2gMJJgggwg1dKdoeu/WhAfRXtfAbD+nSnhi +qHB1N/vOHwkefBE1zLNao8w/NcnuJG9j+FRvfFu0dj3ygW2tZGYQ0MQLLC8CAwEA +AQKCAgBL4IvvymqUu0CgE6P57LvlvxS522R4P7uV4W/05jtfxJgl5fmJzO5Q4x4u +umB8pJn1vms1EHxPMQNxS1364C0ynSl5pepUx4i2UyAmAG8B680ZlaFPrgdD6Ykw +vT0vO2/kx0XxhFAMef1aiQ0TvaftidMqCwmGOlN393Mu3rZWJVZ2lhqj15Pqv4lY +3iD5XJBYdVrekTmwqf7KgaLwtVyqDoiAjdMM8lPZeX965FhmxR8oWh0mHR9gf95J +etMmdy6Km//+EbeS/HxWRnE0CD/RsQA7NmDFnXvmhsB6/j4EoHn5xB6ssbpGAxIg +JwlY4bUrKXpaEgE7i4PYFb1q5asnTDdUZYAGAGXSBbDiUZM2YOe1aaFB/SA3Y3K2 +47brnx7UXhAXSPJ16EZHejSeFbzZfWgj2J1t3DLk18Fpi/5AxxIy/N5J38kcP7xZ +RIcSV1QEasYUrHI9buhuJ87tikDBDFEIIeLZxlyeIdwmKrQ7Vzny5Ls94Wg+2UtI +XFLDak5SEugdp3LmmTJaugF+s/OiglBVhcaosoKRXb4K29M7mQv2huEAerFA14Bd +dp2KByd8ue+fJrAiSxhAyMDAe/uv0ixnmBBtMH0YYHbfUIgl+kR1Ns/bxrJu7T7F +kBQWZV4NRbSRB+RGOG2/Ai5jxu0uLu3gtHMO4XzzElWqzHEDoQKCAQEAzfaSRA/v +0831TDL8dmOCO61TQ9GtAa8Ouj+SdyTwk9f9B7NqQWg7qdkbQESpaDLvWYiftoDw +mBFHLZe/8RHBaQpEAfbC/+DO6c7O+g1/0Cls33D5VaZOzFnnbHktT3r5xwkZfVBS +aPPWl/IZOU8TtNqujQA+mmSnrJ7IuXSsBVq71xgBQT9JBZpUcjZ4eQducmtC43CP +GqcSjq559ZKc/sa3PkAtNlKzSUS1abiMcJ86C9PgQ9gOu7y8SSqQ3ivZkVM99rxm +wo8KehCcHOPOcIUQKmx4Bs4V3chm8rvygf3aanUHi83xaMeFtIIuOgAJmE9wGQeo +k0UGvKBUDIenfwKCAQEAxfVFVxMBfI4mHrgTj/HOq7GMts8iykJK1PuELU6FZhex +XOqXRbQ5dCLsyehrKlVPFqUENhXNHaOQrCOZxiVoRje2PfU/1fSqRaPxI7+W1Fsh +Fq4PkdJ66NJZJkK5NHwE8SyQf+wpLdL3YhY5LM3tWdX5U9Rr6N8qelE3sLPssAak +1km4/428+rkp1BlCffr3FyL0KJmOYfMiAr8m6hRZWbhkvm5YqX1monxUrKdFJ218 +dxzyniqoS1yU5RClY6783dql1UO4AvxpzpCPYDFIwbEb9zkUo0przhmi4KzyxknB +/n/viMWzSnsM9YbakH6KunDTUteme1Dri3Drrq9TUQKCAQAVdvL7YOXPnxFHZbDl +7azu5ztcQAfVuxa/1kw/WnwwDDx0hwA13NUK+HNcmUtGbrh/DjwG2x032+UdHUmF +qCIN/mHkCoF8BUPLHiB38tw1J3wPNUjm4jQoG96AcYiFVf2d/pbHdo2AHplosHRs +go89M+UpELN1h7Ppy4qDuWMME86rtfa7hArqKJFQbdjUVC/wgLkx1tMzJeJLOGfB +bgwqiS8jr7CGjsvcgOqfH/qS6iU0glpG98dhTWQaA/OhE9TSzmgQxMW41Qt0eTKr +2Bn1pAhxQ2im3Odue6ou9eNqJLiUi6nDqizUjKakj0SeCs71LqIyGZg58OGo2tSn +kaOlAoIBAQCE/fO4vQcJpAJOLwLNePmM9bqAcoZ/9auKjPNO8OrEHPTGZMB+Tscu +k+wa9a9RgICiyPgcUec8m0+tpjlAGo+EZRdlZqedWUMviCWQC74MKrD/KK9DG3IB +ipfkEX2VmiBD2tm1Z3Z+17XlSuLci/iCmzNnM1XP3GYQSRIt/6Lq23vQjzTfU1z7 +4HwOh23Zb0qjW5NG12sFuS9HQx6kskkY8r2UBlRAggP686Z7W+EkzPSKnYMN6cCo +6KkLf3RtlPlDHwq8TUOJlgSLhykbyeCEaDVOkSWhUnU8wJJheS+dMZ5IGbFWZOPA +DQ02woOCAdG30ebXSBQL0uB8DL/52sYRAoIBAHtW3NomlxIMqWX8ZYRJIoGharx4 +ikTOR/jeETb9t//n6kV19c4ICiXOQp062lwEqFvHkKzxKECFhJZuwFc09hVxUXxC +LJjvDfauHWFHcrDTWWbd25CNeZ4Sq79GKf+HJ+Ov87WYcjuBFlCh8ES+2N4WZGCn +B5oBq1g6E4p1k6xA5eE6VRiHPuFH8N9t1x6IlCZvZBhuVWdDrDd4qMSDEUTlcxSY +mtcAIXTPaPcdb3CjdE5a38r59x7dZ/Te2K7FKETffjSmku7BrJITz3iXEk+sn8ex +o3mdnFgeQ6/hxvMGgdK2qNb5ER/s0teFjnfnwHuTSXngMDIDb3kLL0ecWlQ= -----END RSA PRIVATE KEY-----