-
-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4dc275e
commit 9ddc238
Showing
1 changed file
with
129 additions
and
0 deletions.
There are no files selected for viewing
129 changes: 129 additions & 0 deletions
129
wechaty-puppet-service/IO/Github/Wechaty/PuppetService/Auth/WechatyCA.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,129 @@ | ||
| <?php | ||
| /** | ||
| * Created by PhpStorm. | ||
| * User: peterzhang | ||
| * Date: 11/24/21 | ||
| * Time: 2:48 PM | ||
| */ | ||
| namespace IO\Github\Wechaty\PuppetService\Auth; | ||
|
|
||
| class WechatyCA { | ||
| /** | ||
| * Wechaty Certificate Authority Repo: | ||
| * https://github.com/wechaty/dotenv/tree/main/ca | ||
| * | ||
| * The SSL_ROOT_CERT is a root certificate generated by and for wechaty community. | ||
| * | ||
| * Because it's the default root cert for the puppet service, | ||
| * so all the Polyglot Wechaty SDK should set this cert to be trusted by default. | ||
| * | ||
| * Update: | ||
| * - Huan(202108): init, expired in 3650 days (after 2031/07) | ||
| */ | ||
| const TLS_CA_CERT = '-----BEGIN CERTIFICATE----- | ||
| MIIFxTCCA62gAwIBAgIUYddLAoa8JnLzJ80l2u5vGuFsaEIwDQYJKoZIhvcNAQEL | ||
| BQAwcjELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEjAQBgNV | ||
| BAcMCVBhbG8gQWx0bzEQMA4GA1UECgwHV2VjaGF0eTELMAkGA1UECwwCQ0ExGDAW | ||
| BgNVBAMMD3dlY2hhdHktcm9vdC1jYTAeFw0yMTA4MDkxNTQ4NTJaFw0zMTA4MDcx | ||
| NTQ4NTJaMHIxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1TYW4gRnJhbmNpc2NvMRIw | ||
| EAYDVQQHDAlQYWxvIEFsdG8xEDAOBgNVBAoMB1dlY2hhdHkxCzAJBgNVBAsMAkNB | ||
| MRgwFgYDVQQDDA93ZWNoYXR5LXJvb3QtY2EwggIiMA0GCSqGSIb3DQEBAQUAA4IC | ||
| DwAwggIKAoICAQDulLjOZhzQ58TSQ7TfWNYgdtWhlc+5L9MnKb1nznVRhzAkZo3Q | ||
| rPLRW/HDjlv2OEbt4nFLaQgaMmc1oJTUVGDBDlrzesI/lJh7z4eA/B0z8eW7f6Cw | ||
| /TGc8lgzHvq7UIE507QYPhvfSejfW4Prw+90HJnuodriPdMGS0n9AR37JPdQm6sD | ||
| iMFeEvhHmM2SXRo/o7bll8UDZi81DoFu0XuTCx0esfCX1W5QWEmAJ5oAdjWxJ23C | ||
| lxI1+EjwBQKXGqp147VP9+pwpYW5Xxpy870kctPBHKjCAti8Bfo+Y6dyWz2UAd4w | ||
| 4BFRD+18C/TgX+ECl1s9fsHMY15JitcSGgAIz8gQX1OelECaTMRTQfNaSnNW4LdS | ||
| sXMQEI9WxAU/W47GCQFmwcJeZvimqDF1QtflHSaARD3O8tlbduYqTR81LJ63bPoy | ||
| 9e1pdB6w2bVOTlHunE0YaGSJERALVc1xz40QpPGcZ52mNCb3PBg462RQc77yv/QB | ||
| x/P2RC1y0zDUF2tP9J29gTatWq6+D4MhfEk2flZNyzAgJbDuT6KAIJGzOB1ZJ/MG | ||
| o1gS13eTuZYw24LElrhd1PrR6OHK+lkyYzqUPYMulUg4HzaZIDclfHKwAC4lecKm | ||
| zC5q9jJB4m4SKMKdzxvpIOfdahoqsZMg34l4AavWRqPTpwEU0C0dboNA/QIDAQAB | ||
| o1MwUTAdBgNVHQ4EFgQU0rey3QPklTOgdhMJ9VIA6KbZ5bAwHwYDVR0jBBgwFoAU | ||
| 0rey3QPklTOgdhMJ9VIA6KbZ5bAwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B | ||
| AQsFAAOCAgEAx2uyShx9kLoB1AJ8x7Vf95v6PX95L/4JkJ1WwzJ9Dlf3BcCI7VH7 | ||
| Fp1dnQ6Ig7mFqSBDBAUUBWAptAnuqIDcgehI6XAEKxW8ZZRxD877pUNwZ/45tSC4 | ||
| b5U5y9uaiNK7oC3LlDCsB0291b3KSOtevMeDFoh12LcliXAkdIGGTccUxrH+Cyij | ||
| cBOc+EKGJFBdLqcjLDU4M6QdMMMFOdfXyAOSpYuWGYqrxqvxQjAjvianEyMpNZWM | ||
| lajggJqiPhfF67sZTB2yzvRTmtHdUq7x+iNOVonOBcCHu31aGxa9Py91XEr9jaIQ | ||
| EBdl6sycLxKo8mxF/5tyUOns9+919aWNqTOUBmI15D68bqhhOVNyvsb7aVURIt5y | ||
| 6A7Sj4gSBR9P22Ba6iFZgbvfLn0zKLzjlBonUGlSPf3rSIYUkawICtDyYPvK5mi3 | ||
| mANgIChMiOw6LYCPmmUVVAWU/tDy36kr9ZV9YTIZRYAkWswsJB340whjuzvZUVaG | ||
| DgW45GPR6bGIwlFZeqCwXLput8Z3C8Sw9bE9vjlB2ZCpjPLmWV/WbDlH3J3uDjgt | ||
| 9PoALW0sOPhHfYklH4/rrmsSWMYTUuGS/HqxrEER1vpIOOb0hIiAWENDT/mruq22 | ||
| VqO8MHX9ebjInSxPmhYOlrSZrOgEcogyMB4Z0SOtKVqPnkWmdR5hatU= | ||
| -----END CERTIFICATE-----'; | ||
|
|
||
| /** | ||
| * Huan(202108): This private key is NOT SAFE! | ||
| * | ||
| * WARNING: This CA is not safe for production. | ||
| * **use environment variables to set your safe CA data** | ||
| * | ||
| * Our system use this private key for server by default for convience. | ||
| * However, everyone can get this key and use it to see the traffic between client and server. | ||
| * | ||
| * For security, we should not use this key in production | ||
| * by setting it manually by | ||
| * either the environment variable `WECHATY_PUPPET_SERVICE_TLS_SERVER_KEY` | ||
| * or `options.tlsServerKey` | ||
| * | ||
| * So does the below `TLS_SERVER_CERT_UNSAFE` | ||
| */ | ||
| const TLS_INSECURE_SERVER_KEY = '-----BEGIN RSA PRIVATE KEY----- | ||
| MIIEpAIBAAKCAQEAtdFTXAKLW16uqNokJmSowbGtwnCvsPSqIHcdbKgdcuNpaJsZ | ||
| DTeBP0/XHFvnXcekHOyzncYgluxijzMSD1S8AKo3c2fROgem+E+WMSLYAZSTV48p | ||
| uzTRLoypvfhKfqxsrmpct2F6tRTIQ/EABOs0TYP0dY3Nd8NkCEWBmv7ioPDek/a4 | ||
| esdisN7R1Ea6jx7ToegSwjkP9aFr2XHxyqR5wjJn/Q6nYZC9A90CKdxJ2WpXtluT | ||
| xFfFfqOhR/1te5/LpqXtqxo2yOwu8k67fHub1FyLu9sAYhcsuSjHVHxbK3nPf0mN | ||
| Gt0RiSwRj84qzbpfwrjMYrAJ3EqKrlxZurmX0wIDAQABAoIBAAcG+SbUPligtzV1 | ||
| gPIu78rUuDeMrW20dyLcF7oMYV8AZSGS5Qv6ujcdOd4xuyaHwdMQXvzZHIdYyZJp | ||
| UehfyQhpi80dFRweEZkFUnPBugGNoYg/00gWCYO4EhNylkaBGY5ANCcuUFTRYdAm | ||
| b27BPHtGf1tPyMI5PhOHxDOeaFn6BKB1pcG4mQ+CNieadYxjgPcInh6mAqgJ40cR | ||
| ncWgLgSdChijLlVLW9lFVA+OAqv57vT3xW+Op1r7nBiigj67tka57spZTIEhrLXI | ||
| ZFMyRKQXlxh/l82vLmnYAhvSp/hHbARLwWfQ/znsFvTc/HXvXPocpZ2B9f0tlZ0W | ||
| dqOHSwkCgYEA3zJYAC5Afw3UKuAyApWOyI3AX+noq6ze8B3jFWEPmNdJrZpjLpzp | ||
| mntnWC8Wq0t821uiQXYlGUzF/pIg0rzVdPbc2VTdwKl+iptuCn3fC+LCTJKroRLq | ||
| 2a6GDhtmV2g0SEaNdbJt1Zfwr0KyXLNwK+ZdJxhS44vfTCRB4YBsFw0CgYEA0Ioe | ||
| pcRBEyCJud8ZJnSN/HiOQ9kCIsnd8Pk4D7q+DGWY6lLGQddhlkp9Ah7yRIGJVg91 | ||
| D6t5BfpiU8DRGFiEGMo+XWEKjLfRTxg03lBQYACJc2crgFRuG8GFuO/WQ1b9ihR5 | ||
| nsdLc9cGIm6rFXaUsnLIN9IJhJg4BmFD1U9usl8CgYEArIN+D02wnkOzDRzSqrqs | ||
| bQlbewcRxrfMbS28moa2Bn3Ivf1J0fqIeNYPL9Ldo7KqI+Z0yEIoNKDpnHWYFyrL | ||
| lidE1lrJN6QKYdn3OPbHUqmHYqYvMEWt7mj9xqOY+9BYMNEPf7xVNrXE28IimJI9 | ||
| DkF1GMWtM6GmC3Uu0rxvT3UCgYEAgroCylGDpbThAXa8cmHgXCNKs3eHIj2/dn8U | ||
| SK/80RKjUEkBZWbaEvew87Jols9JQ3y/GkqYvEmgd/ZIXWWnsU6e17Ssg1f7ywRW | ||
| qAJa0EOl5oUHPRQwTg/7ftpCS8Zte7CoKQOv5fcmLlGHyBWk01Sm9G8jbk5p2H4C | ||
| ouZ/cysCgYBqZHm6eg0tjwFPJJWgmAMdNvBlnIuW1t5dwa7B2F6ONveUTBBAxGLc | ||
| ZBVdEBseBPki5i7M7eNKNTEA3EM+Cfsfsp5U/S8ntDmzzaMoBhb+jBRor39l3+iG | ||
| qXI72DDvrh802t6KO9W6CQIfpVcxLeOy82RfUP1pHQ/sMPkx89Fd5A== | ||
| -----END RSA PRIVATE KEY-----'; | ||
|
|
||
| const TLS_INSECURE_SERVER_CERT = '-----BEGIN CERTIFICATE----- | ||
| MIIEVTCCAj0CAQEwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxFjAUBgNV | ||
| BAgMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAcMCVBhbG8gQWx0bzEQMA4GA1UECgwH | ||
| V2VjaGF0eTELMAkGA1UECwwCQ0ExGDAWBgNVBAMMD3dlY2hhdHktcm9vdC1jYTAe | ||
| Fw0yMTA4MjQxODMwMjBaFw0zMTA4MjIxODMwMjBaMG8xCzAJBgNVBAYTAlVTMRYw | ||
| FAYDVQQIDA1TYW4gRnJhbmNpc2NvMRIwEAYDVQQHDAlQYWxvIEFsdG8xEDAOBgNV | ||
| BAoMB1dlY2hhdHkxDzANBgNVBAsMBlB1cHBldDERMA8GA1UEAwwIaW5zZWN1cmUw | ||
| ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC10VNcAotbXq6o2iQmZKjB | ||
| sa3CcK+w9Kogdx1sqB1y42lomxkNN4E/T9ccW+ddx6Qc7LOdxiCW7GKPMxIPVLwA | ||
| qjdzZ9E6B6b4T5YxItgBlJNXjym7NNEujKm9+Ep+rGyualy3YXq1FMhD8QAE6zRN | ||
| g/R1jc13w2QIRYGa/uKg8N6T9rh6x2Kw3tHURrqPHtOh6BLCOQ/1oWvZcfHKpHnC | ||
| Mmf9DqdhkL0D3QIp3EnZale2W5PEV8V+o6FH/W17n8umpe2rGjbI7C7yTrt8e5vU | ||
| XIu72wBiFyy5KMdUfFsrec9/SY0a3RGJLBGPzirNul/CuMxisAncSoquXFm6uZfT | ||
| AgMBAAEwDQYJKoZIhvcNAQELBQADggIBALyPgW0VLlQfkgsNovyLg+zkF7oJZCvM | ||
| HS7m43abZb1H1xUH6Kd/sUFTQCAAPop/n4773iH0KggWtoPjkid1G1s/UWK6A0F1 | ||
| IxRp0DYLgZfL/U+PQxe175ViYRLPUKj1YwagjX6HvM5bUMEYDnIypEH2UFIrD39J | ||
| 69Q6M8hZ85oFDAo2hRqrjJo66c3+ygmXSCFIL64gsVLZkK3SHRAv3R90+blNgmo5 | ||
| Yvh2xqvGuspd1Y3yzeOQreimJkMeDr/t/xucws1TK7fqMjlk/36W4S95xT7EYykf | ||
| rQ+1cDIJvGdVU/lod0/lWcOvqMtyf6wIjzFJaGAoqS5QT2IeeXQYbhq9bZIBQzth | ||
| IfvfdHuijUqOhT8LX8TYXPWVR/UEKItqktdvA7PXuHUdDxU3ldcXsjA+m9jVO81i | ||
| gIOUJQuBR/tImNnLFaTooO6RB71lBB1XCo8HvWPu47MPjxuf/Y+1frPzuP8LFMWj | ||
| bjw0QcwFUik8v+mSiPHhOIfzp0EQlFtlncTr+k0MFuRKokl0Yrs8jXOt30JC4tKS | ||
| GKXupLWnWE3Z15L9uk9zSAskL2T8LwnctaiMP0+mzf8gWchxUaHkk0yGj4gtNVyU | ||
| iJZfrWYwBY9y4SUjp6A7pLspw+i+jIO/EmcX2jbFt1LaajRgEw+uGvNMXhHqtsHC | ||
| WqE+fOGDBUET | ||
| -----END CERTIFICATE-----'; | ||
|
|
||
| const TLS_INSECURE_SERVER_CERT_COMMON_NAME = 'insecure'; | ||
| } |