-
Notifications
You must be signed in to change notification settings - Fork 18
/
ca.ts
137 lines (133 loc) · 6.7 KB
/
ca.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
/**
* Wechaty Certificate Authority Repo:
* https://github.com/wechaty/dotenv/tree/main/ca
*
* The SSL_ROOT_CERT is a root certificate generated by and for wechaty community.
*
* Because it's the default root cert for the puppet service,
* so all the Polyglot Wechaty SDK should set this cert to be trusted by default.
*
* Update:
* - Huan(202108): init, expired in 3650 days (after 2031/07)
*/
const TLS_CA_CERT = `-----BEGIN CERTIFICATE-----
MIIFxTCCA62gAwIBAgIUYddLAoa8JnLzJ80l2u5vGuFsaEIwDQYJKoZIhvcNAQEL
BQAwcjELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEjAQBgNV
BAcMCVBhbG8gQWx0bzEQMA4GA1UECgwHV2VjaGF0eTELMAkGA1UECwwCQ0ExGDAW
BgNVBAMMD3dlY2hhdHktcm9vdC1jYTAeFw0yMTA4MDkxNTQ4NTJaFw0zMTA4MDcx
NTQ4NTJaMHIxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1TYW4gRnJhbmNpc2NvMRIw
EAYDVQQHDAlQYWxvIEFsdG8xEDAOBgNVBAoMB1dlY2hhdHkxCzAJBgNVBAsMAkNB
MRgwFgYDVQQDDA93ZWNoYXR5LXJvb3QtY2EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQDulLjOZhzQ58TSQ7TfWNYgdtWhlc+5L9MnKb1nznVRhzAkZo3Q
rPLRW/HDjlv2OEbt4nFLaQgaMmc1oJTUVGDBDlrzesI/lJh7z4eA/B0z8eW7f6Cw
/TGc8lgzHvq7UIE507QYPhvfSejfW4Prw+90HJnuodriPdMGS0n9AR37JPdQm6sD
iMFeEvhHmM2SXRo/o7bll8UDZi81DoFu0XuTCx0esfCX1W5QWEmAJ5oAdjWxJ23C
lxI1+EjwBQKXGqp147VP9+pwpYW5Xxpy870kctPBHKjCAti8Bfo+Y6dyWz2UAd4w
4BFRD+18C/TgX+ECl1s9fsHMY15JitcSGgAIz8gQX1OelECaTMRTQfNaSnNW4LdS
sXMQEI9WxAU/W47GCQFmwcJeZvimqDF1QtflHSaARD3O8tlbduYqTR81LJ63bPoy
9e1pdB6w2bVOTlHunE0YaGSJERALVc1xz40QpPGcZ52mNCb3PBg462RQc77yv/QB
x/P2RC1y0zDUF2tP9J29gTatWq6+D4MhfEk2flZNyzAgJbDuT6KAIJGzOB1ZJ/MG
o1gS13eTuZYw24LElrhd1PrR6OHK+lkyYzqUPYMulUg4HzaZIDclfHKwAC4lecKm
zC5q9jJB4m4SKMKdzxvpIOfdahoqsZMg34l4AavWRqPTpwEU0C0dboNA/QIDAQAB
o1MwUTAdBgNVHQ4EFgQU0rey3QPklTOgdhMJ9VIA6KbZ5bAwHwYDVR0jBBgwFoAU
0rey3QPklTOgdhMJ9VIA6KbZ5bAwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAgEAx2uyShx9kLoB1AJ8x7Vf95v6PX95L/4JkJ1WwzJ9Dlf3BcCI7VH7
Fp1dnQ6Ig7mFqSBDBAUUBWAptAnuqIDcgehI6XAEKxW8ZZRxD877pUNwZ/45tSC4
b5U5y9uaiNK7oC3LlDCsB0291b3KSOtevMeDFoh12LcliXAkdIGGTccUxrH+Cyij
cBOc+EKGJFBdLqcjLDU4M6QdMMMFOdfXyAOSpYuWGYqrxqvxQjAjvianEyMpNZWM
lajggJqiPhfF67sZTB2yzvRTmtHdUq7x+iNOVonOBcCHu31aGxa9Py91XEr9jaIQ
EBdl6sycLxKo8mxF/5tyUOns9+919aWNqTOUBmI15D68bqhhOVNyvsb7aVURIt5y
6A7Sj4gSBR9P22Ba6iFZgbvfLn0zKLzjlBonUGlSPf3rSIYUkawICtDyYPvK5mi3
mANgIChMiOw6LYCPmmUVVAWU/tDy36kr9ZV9YTIZRYAkWswsJB340whjuzvZUVaG
DgW45GPR6bGIwlFZeqCwXLput8Z3C8Sw9bE9vjlB2ZCpjPLmWV/WbDlH3J3uDjgt
9PoALW0sOPhHfYklH4/rrmsSWMYTUuGS/HqxrEER1vpIOOb0hIiAWENDT/mruq22
VqO8MHX9ebjInSxPmhYOlrSZrOgEcogyMB4Z0SOtKVqPnkWmdR5hatU=
-----END CERTIFICATE-----`
/**
* Huan(202108): This private key is NOT SAFE!
*
* WARNING: This CA is not safe for production.
* **use environment variables to set your safe CA data**
*
* Our system use this private key for server by default for convience.
* However, everyone can get this key and use it to see the traffic between client and server.
*
* For security, we should not use this key in production
* by setting it manually by
* either the environment variable `WECHATY_PUPPET_SERVICE_TLS_SERVER_KEY`
* or `options.tlsServerKey`
*
* So does the below `TLS_SERVER_CERT_UNSAFE`
*/
const TLS_INSECURE_SERVER_KEY = `-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAtdFTXAKLW16uqNokJmSowbGtwnCvsPSqIHcdbKgdcuNpaJsZ
DTeBP0/XHFvnXcekHOyzncYgluxijzMSD1S8AKo3c2fROgem+E+WMSLYAZSTV48p
uzTRLoypvfhKfqxsrmpct2F6tRTIQ/EABOs0TYP0dY3Nd8NkCEWBmv7ioPDek/a4
esdisN7R1Ea6jx7ToegSwjkP9aFr2XHxyqR5wjJn/Q6nYZC9A90CKdxJ2WpXtluT
xFfFfqOhR/1te5/LpqXtqxo2yOwu8k67fHub1FyLu9sAYhcsuSjHVHxbK3nPf0mN
Gt0RiSwRj84qzbpfwrjMYrAJ3EqKrlxZurmX0wIDAQABAoIBAAcG+SbUPligtzV1
gPIu78rUuDeMrW20dyLcF7oMYV8AZSGS5Qv6ujcdOd4xuyaHwdMQXvzZHIdYyZJp
UehfyQhpi80dFRweEZkFUnPBugGNoYg/00gWCYO4EhNylkaBGY5ANCcuUFTRYdAm
b27BPHtGf1tPyMI5PhOHxDOeaFn6BKB1pcG4mQ+CNieadYxjgPcInh6mAqgJ40cR
ncWgLgSdChijLlVLW9lFVA+OAqv57vT3xW+Op1r7nBiigj67tka57spZTIEhrLXI
ZFMyRKQXlxh/l82vLmnYAhvSp/hHbARLwWfQ/znsFvTc/HXvXPocpZ2B9f0tlZ0W
dqOHSwkCgYEA3zJYAC5Afw3UKuAyApWOyI3AX+noq6ze8B3jFWEPmNdJrZpjLpzp
mntnWC8Wq0t821uiQXYlGUzF/pIg0rzVdPbc2VTdwKl+iptuCn3fC+LCTJKroRLq
2a6GDhtmV2g0SEaNdbJt1Zfwr0KyXLNwK+ZdJxhS44vfTCRB4YBsFw0CgYEA0Ioe
pcRBEyCJud8ZJnSN/HiOQ9kCIsnd8Pk4D7q+DGWY6lLGQddhlkp9Ah7yRIGJVg91
D6t5BfpiU8DRGFiEGMo+XWEKjLfRTxg03lBQYACJc2crgFRuG8GFuO/WQ1b9ihR5
nsdLc9cGIm6rFXaUsnLIN9IJhJg4BmFD1U9usl8CgYEArIN+D02wnkOzDRzSqrqs
bQlbewcRxrfMbS28moa2Bn3Ivf1J0fqIeNYPL9Ldo7KqI+Z0yEIoNKDpnHWYFyrL
lidE1lrJN6QKYdn3OPbHUqmHYqYvMEWt7mj9xqOY+9BYMNEPf7xVNrXE28IimJI9
DkF1GMWtM6GmC3Uu0rxvT3UCgYEAgroCylGDpbThAXa8cmHgXCNKs3eHIj2/dn8U
SK/80RKjUEkBZWbaEvew87Jols9JQ3y/GkqYvEmgd/ZIXWWnsU6e17Ssg1f7ywRW
qAJa0EOl5oUHPRQwTg/7ftpCS8Zte7CoKQOv5fcmLlGHyBWk01Sm9G8jbk5p2H4C
ouZ/cysCgYBqZHm6eg0tjwFPJJWgmAMdNvBlnIuW1t5dwa7B2F6ONveUTBBAxGLc
ZBVdEBseBPki5i7M7eNKNTEA3EM+Cfsfsp5U/S8ntDmzzaMoBhb+jBRor39l3+iG
qXI72DDvrh802t6KO9W6CQIfpVcxLeOy82RfUP1pHQ/sMPkx89Fd5A==
-----END RSA PRIVATE KEY-----`
const TLS_INSECURE_SERVER_CERT = `-----BEGIN CERTIFICATE-----
MIIEVTCCAj0CAQEwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxFjAUBgNV
BAgMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAcMCVBhbG8gQWx0bzEQMA4GA1UECgwH
V2VjaGF0eTELMAkGA1UECwwCQ0ExGDAWBgNVBAMMD3dlY2hhdHktcm9vdC1jYTAe
Fw0yMTA4MjQxODMwMjBaFw0zMTA4MjIxODMwMjBaMG8xCzAJBgNVBAYTAlVTMRYw
FAYDVQQIDA1TYW4gRnJhbmNpc2NvMRIwEAYDVQQHDAlQYWxvIEFsdG8xEDAOBgNV
BAoMB1dlY2hhdHkxDzANBgNVBAsMBlB1cHBldDERMA8GA1UEAwwIaW5zZWN1cmUw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC10VNcAotbXq6o2iQmZKjB
sa3CcK+w9Kogdx1sqB1y42lomxkNN4E/T9ccW+ddx6Qc7LOdxiCW7GKPMxIPVLwA
qjdzZ9E6B6b4T5YxItgBlJNXjym7NNEujKm9+Ep+rGyualy3YXq1FMhD8QAE6zRN
g/R1jc13w2QIRYGa/uKg8N6T9rh6x2Kw3tHURrqPHtOh6BLCOQ/1oWvZcfHKpHnC
Mmf9DqdhkL0D3QIp3EnZale2W5PEV8V+o6FH/W17n8umpe2rGjbI7C7yTrt8e5vU
XIu72wBiFyy5KMdUfFsrec9/SY0a3RGJLBGPzirNul/CuMxisAncSoquXFm6uZfT
AgMBAAEwDQYJKoZIhvcNAQELBQADggIBALyPgW0VLlQfkgsNovyLg+zkF7oJZCvM
HS7m43abZb1H1xUH6Kd/sUFTQCAAPop/n4773iH0KggWtoPjkid1G1s/UWK6A0F1
IxRp0DYLgZfL/U+PQxe175ViYRLPUKj1YwagjX6HvM5bUMEYDnIypEH2UFIrD39J
69Q6M8hZ85oFDAo2hRqrjJo66c3+ygmXSCFIL64gsVLZkK3SHRAv3R90+blNgmo5
Yvh2xqvGuspd1Y3yzeOQreimJkMeDr/t/xucws1TK7fqMjlk/36W4S95xT7EYykf
rQ+1cDIJvGdVU/lod0/lWcOvqMtyf6wIjzFJaGAoqS5QT2IeeXQYbhq9bZIBQzth
IfvfdHuijUqOhT8LX8TYXPWVR/UEKItqktdvA7PXuHUdDxU3ldcXsjA+m9jVO81i
gIOUJQuBR/tImNnLFaTooO6RB71lBB1XCo8HvWPu47MPjxuf/Y+1frPzuP8LFMWj
bjw0QcwFUik8v+mSiPHhOIfzp0EQlFtlncTr+k0MFuRKokl0Yrs8jXOt30JC4tKS
GKXupLWnWE3Z15L9uk9zSAskL2T8LwnctaiMP0+mzf8gWchxUaHkk0yGj4gtNVyU
iJZfrWYwBY9y4SUjp6A7pLspw+i+jIO/EmcX2jbFt1LaajRgEw+uGvNMXhHqtsHC
WqE+fOGDBUET
-----END CERTIFICATE-----`
/**
* Common Name:
* - Server Name Indication (SNI)
* - Case insensitive
*
* Wechaty Token format: `${SNI}/${UUIDv4}`
*
* Huan(202108): the CA generated by Wechaty Puppet Service
* default set to this value:
*
* grpc.ssl_target_name_override: 'insecure'
*/
const TLS_INSECURE_SERVER_CERT_COMMON_NAME = 'insecure' // case insensitive
export {
TLS_CA_CERT,
TLS_INSECURE_SERVER_CERT_COMMON_NAME,
TLS_INSECURE_SERVER_CERT,
TLS_INSECURE_SERVER_KEY,
}