Skip to content

Commit 9ddc238

Browse files
zhangchunshengzhangchunsheng
committed
add wechaty ca, see #16 
1 parent 4dc275e commit 9ddc238

File tree

1 file changed

+129
-0
lines changed
  • wechaty-puppet-service/IO/Github/Wechaty/PuppetService/Auth

1 file changed

+129
-0
lines changed

wechaty-puppet-service/IO/Github/Wechaty/PuppetService/Auth/WechatyCA.php

Lines changed: 129 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,129 @@
1+
<?php
2+
/**
3+
* Created by PhpStorm.
4+
* User: peterzhang
5+
* Date: 11/24/21
6+
* Time: 2:48 PM
7+
*/
8+
namespace IO\Github\Wechaty\PuppetService\Auth;
9+
10+
class WechatyCA {
11+
/**
12+
* Wechaty Certificate Authority Repo:
13+
* https://github.com/wechaty/dotenv/tree/main/ca
14+
*
15+
* The SSL_ROOT_CERT is a root certificate generated by and for wechaty community.
16+
*
17+
* Because it's the default root cert for the puppet service,
18+
* so all the Polyglot Wechaty SDK should set this cert to be trusted by default.
19+
*
20+
* Update:
21+
* - Huan(202108): init, expired in 3650 days (after 2031/07)
22+
*/
23+
const TLS_CA_CERT = '-----BEGIN CERTIFICATE-----
24+
MIIFxTCCA62gAwIBAgIUYddLAoa8JnLzJ80l2u5vGuFsaEIwDQYJKoZIhvcNAQEL
25+
BQAwcjELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEjAQBgNV
26+
BAcMCVBhbG8gQWx0bzEQMA4GA1UECgwHV2VjaGF0eTELMAkGA1UECwwCQ0ExGDAW
27+
BgNVBAMMD3dlY2hhdHktcm9vdC1jYTAeFw0yMTA4MDkxNTQ4NTJaFw0zMTA4MDcx
28+
NTQ4NTJaMHIxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1TYW4gRnJhbmNpc2NvMRIw
29+
EAYDVQQHDAlQYWxvIEFsdG8xEDAOBgNVBAoMB1dlY2hhdHkxCzAJBgNVBAsMAkNB
30+
MRgwFgYDVQQDDA93ZWNoYXR5LXJvb3QtY2EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
31+
DwAwggIKAoICAQDulLjOZhzQ58TSQ7TfWNYgdtWhlc+5L9MnKb1nznVRhzAkZo3Q
32+
rPLRW/HDjlv2OEbt4nFLaQgaMmc1oJTUVGDBDlrzesI/lJh7z4eA/B0z8eW7f6Cw
33+
/TGc8lgzHvq7UIE507QYPhvfSejfW4Prw+90HJnuodriPdMGS0n9AR37JPdQm6sD
34+
iMFeEvhHmM2SXRo/o7bll8UDZi81DoFu0XuTCx0esfCX1W5QWEmAJ5oAdjWxJ23C
35+
lxI1+EjwBQKXGqp147VP9+pwpYW5Xxpy870kctPBHKjCAti8Bfo+Y6dyWz2UAd4w
36+
4BFRD+18C/TgX+ECl1s9fsHMY15JitcSGgAIz8gQX1OelECaTMRTQfNaSnNW4LdS
37+
sXMQEI9WxAU/W47GCQFmwcJeZvimqDF1QtflHSaARD3O8tlbduYqTR81LJ63bPoy
38+
9e1pdB6w2bVOTlHunE0YaGSJERALVc1xz40QpPGcZ52mNCb3PBg462RQc77yv/QB
39+
x/P2RC1y0zDUF2tP9J29gTatWq6+D4MhfEk2flZNyzAgJbDuT6KAIJGzOB1ZJ/MG
40+
o1gS13eTuZYw24LElrhd1PrR6OHK+lkyYzqUPYMulUg4HzaZIDclfHKwAC4lecKm
41+
zC5q9jJB4m4SKMKdzxvpIOfdahoqsZMg34l4AavWRqPTpwEU0C0dboNA/QIDAQAB
42+
o1MwUTAdBgNVHQ4EFgQU0rey3QPklTOgdhMJ9VIA6KbZ5bAwHwYDVR0jBBgwFoAU
43+
0rey3QPklTOgdhMJ9VIA6KbZ5bAwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
44+
AQsFAAOCAgEAx2uyShx9kLoB1AJ8x7Vf95v6PX95L/4JkJ1WwzJ9Dlf3BcCI7VH7
45+
Fp1dnQ6Ig7mFqSBDBAUUBWAptAnuqIDcgehI6XAEKxW8ZZRxD877pUNwZ/45tSC4
46+
b5U5y9uaiNK7oC3LlDCsB0291b3KSOtevMeDFoh12LcliXAkdIGGTccUxrH+Cyij
47+
cBOc+EKGJFBdLqcjLDU4M6QdMMMFOdfXyAOSpYuWGYqrxqvxQjAjvianEyMpNZWM
48+
lajggJqiPhfF67sZTB2yzvRTmtHdUq7x+iNOVonOBcCHu31aGxa9Py91XEr9jaIQ
49+
EBdl6sycLxKo8mxF/5tyUOns9+919aWNqTOUBmI15D68bqhhOVNyvsb7aVURIt5y
50+
6A7Sj4gSBR9P22Ba6iFZgbvfLn0zKLzjlBonUGlSPf3rSIYUkawICtDyYPvK5mi3
51+
mANgIChMiOw6LYCPmmUVVAWU/tDy36kr9ZV9YTIZRYAkWswsJB340whjuzvZUVaG
52+
DgW45GPR6bGIwlFZeqCwXLput8Z3C8Sw9bE9vjlB2ZCpjPLmWV/WbDlH3J3uDjgt
53+
9PoALW0sOPhHfYklH4/rrmsSWMYTUuGS/HqxrEER1vpIOOb0hIiAWENDT/mruq22
54+
VqO8MHX9ebjInSxPmhYOlrSZrOgEcogyMB4Z0SOtKVqPnkWmdR5hatU=
55+
-----END CERTIFICATE-----';
56+
57+
/**
58+
* Huan(202108): This private key is NOT SAFE!
59+
*
60+
* WARNING: This CA is not safe for production.
61+
* **use environment variables to set your safe CA data**
62+
*
63+
* Our system use this private key for server by default for convience.
64+
* However, everyone can get this key and use it to see the traffic between client and server.
65+
*
66+
* For security, we should not use this key in production
67+
* by setting it manually by
68+
* either the environment variable `WECHATY_PUPPET_SERVICE_TLS_SERVER_KEY`
69+
* or `options.tlsServerKey`
70+
*
71+
* So does the below `TLS_SERVER_CERT_UNSAFE`
72+
*/
73+
const TLS_INSECURE_SERVER_KEY = '-----BEGIN RSA PRIVATE KEY-----
74+
MIIEpAIBAAKCAQEAtdFTXAKLW16uqNokJmSowbGtwnCvsPSqIHcdbKgdcuNpaJsZ
75+
DTeBP0/XHFvnXcekHOyzncYgluxijzMSD1S8AKo3c2fROgem+E+WMSLYAZSTV48p
76+
uzTRLoypvfhKfqxsrmpct2F6tRTIQ/EABOs0TYP0dY3Nd8NkCEWBmv7ioPDek/a4
77+
esdisN7R1Ea6jx7ToegSwjkP9aFr2XHxyqR5wjJn/Q6nYZC9A90CKdxJ2WpXtluT
78+
xFfFfqOhR/1te5/LpqXtqxo2yOwu8k67fHub1FyLu9sAYhcsuSjHVHxbK3nPf0mN
79+
Gt0RiSwRj84qzbpfwrjMYrAJ3EqKrlxZurmX0wIDAQABAoIBAAcG+SbUPligtzV1
80+
gPIu78rUuDeMrW20dyLcF7oMYV8AZSGS5Qv6ujcdOd4xuyaHwdMQXvzZHIdYyZJp
81+
UehfyQhpi80dFRweEZkFUnPBugGNoYg/00gWCYO4EhNylkaBGY5ANCcuUFTRYdAm
82+
b27BPHtGf1tPyMI5PhOHxDOeaFn6BKB1pcG4mQ+CNieadYxjgPcInh6mAqgJ40cR
83+
ncWgLgSdChijLlVLW9lFVA+OAqv57vT3xW+Op1r7nBiigj67tka57spZTIEhrLXI
84+
ZFMyRKQXlxh/l82vLmnYAhvSp/hHbARLwWfQ/znsFvTc/HXvXPocpZ2B9f0tlZ0W
85+
dqOHSwkCgYEA3zJYAC5Afw3UKuAyApWOyI3AX+noq6ze8B3jFWEPmNdJrZpjLpzp
86+
mntnWC8Wq0t821uiQXYlGUzF/pIg0rzVdPbc2VTdwKl+iptuCn3fC+LCTJKroRLq
87+
2a6GDhtmV2g0SEaNdbJt1Zfwr0KyXLNwK+ZdJxhS44vfTCRB4YBsFw0CgYEA0Ioe
88+
pcRBEyCJud8ZJnSN/HiOQ9kCIsnd8Pk4D7q+DGWY6lLGQddhlkp9Ah7yRIGJVg91
89+
D6t5BfpiU8DRGFiEGMo+XWEKjLfRTxg03lBQYACJc2crgFRuG8GFuO/WQ1b9ihR5
90+
nsdLc9cGIm6rFXaUsnLIN9IJhJg4BmFD1U9usl8CgYEArIN+D02wnkOzDRzSqrqs
91+
bQlbewcRxrfMbS28moa2Bn3Ivf1J0fqIeNYPL9Ldo7KqI+Z0yEIoNKDpnHWYFyrL
92+
lidE1lrJN6QKYdn3OPbHUqmHYqYvMEWt7mj9xqOY+9BYMNEPf7xVNrXE28IimJI9
93+
DkF1GMWtM6GmC3Uu0rxvT3UCgYEAgroCylGDpbThAXa8cmHgXCNKs3eHIj2/dn8U
94+
SK/80RKjUEkBZWbaEvew87Jols9JQ3y/GkqYvEmgd/ZIXWWnsU6e17Ssg1f7ywRW
95+
qAJa0EOl5oUHPRQwTg/7ftpCS8Zte7CoKQOv5fcmLlGHyBWk01Sm9G8jbk5p2H4C
96+
ouZ/cysCgYBqZHm6eg0tjwFPJJWgmAMdNvBlnIuW1t5dwa7B2F6ONveUTBBAxGLc
97+
ZBVdEBseBPki5i7M7eNKNTEA3EM+Cfsfsp5U/S8ntDmzzaMoBhb+jBRor39l3+iG
98+
qXI72DDvrh802t6KO9W6CQIfpVcxLeOy82RfUP1pHQ/sMPkx89Fd5A==
99+
-----END RSA PRIVATE KEY-----';
100+
101+
const TLS_INSECURE_SERVER_CERT = '-----BEGIN CERTIFICATE-----
102+
MIIEVTCCAj0CAQEwDQYJKoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxFjAUBgNV
103+
BAgMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAcMCVBhbG8gQWx0bzEQMA4GA1UECgwH
104+
V2VjaGF0eTELMAkGA1UECwwCQ0ExGDAWBgNVBAMMD3dlY2hhdHktcm9vdC1jYTAe
105+
Fw0yMTA4MjQxODMwMjBaFw0zMTA4MjIxODMwMjBaMG8xCzAJBgNVBAYTAlVTMRYw
106+
FAYDVQQIDA1TYW4gRnJhbmNpc2NvMRIwEAYDVQQHDAlQYWxvIEFsdG8xEDAOBgNV
107+
BAoMB1dlY2hhdHkxDzANBgNVBAsMBlB1cHBldDERMA8GA1UEAwwIaW5zZWN1cmUw
108+
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC10VNcAotbXq6o2iQmZKjB
109+
sa3CcK+w9Kogdx1sqB1y42lomxkNN4E/T9ccW+ddx6Qc7LOdxiCW7GKPMxIPVLwA
110+
qjdzZ9E6B6b4T5YxItgBlJNXjym7NNEujKm9+Ep+rGyualy3YXq1FMhD8QAE6zRN
111+
g/R1jc13w2QIRYGa/uKg8N6T9rh6x2Kw3tHURrqPHtOh6BLCOQ/1oWvZcfHKpHnC
112+
Mmf9DqdhkL0D3QIp3EnZale2W5PEV8V+o6FH/W17n8umpe2rGjbI7C7yTrt8e5vU
113+
XIu72wBiFyy5KMdUfFsrec9/SY0a3RGJLBGPzirNul/CuMxisAncSoquXFm6uZfT
114+
AgMBAAEwDQYJKoZIhvcNAQELBQADggIBALyPgW0VLlQfkgsNovyLg+zkF7oJZCvM
115+
HS7m43abZb1H1xUH6Kd/sUFTQCAAPop/n4773iH0KggWtoPjkid1G1s/UWK6A0F1
116+
IxRp0DYLgZfL/U+PQxe175ViYRLPUKj1YwagjX6HvM5bUMEYDnIypEH2UFIrD39J
117+
69Q6M8hZ85oFDAo2hRqrjJo66c3+ygmXSCFIL64gsVLZkK3SHRAv3R90+blNgmo5
118+
Yvh2xqvGuspd1Y3yzeOQreimJkMeDr/t/xucws1TK7fqMjlk/36W4S95xT7EYykf
119+
rQ+1cDIJvGdVU/lod0/lWcOvqMtyf6wIjzFJaGAoqS5QT2IeeXQYbhq9bZIBQzth
120+
IfvfdHuijUqOhT8LX8TYXPWVR/UEKItqktdvA7PXuHUdDxU3ldcXsjA+m9jVO81i
121+
gIOUJQuBR/tImNnLFaTooO6RB71lBB1XCo8HvWPu47MPjxuf/Y+1frPzuP8LFMWj
122+
bjw0QcwFUik8v+mSiPHhOIfzp0EQlFtlncTr+k0MFuRKokl0Yrs8jXOt30JC4tKS
123+
GKXupLWnWE3Z15L9uk9zSAskL2T8LwnctaiMP0+mzf8gWchxUaHkk0yGj4gtNVyU
124+
iJZfrWYwBY9y4SUjp6A7pLspw+i+jIO/EmcX2jbFt1LaajRgEw+uGvNMXhHqtsHC
125+
WqE+fOGDBUET
126+
-----END CERTIFICATE-----';
127+
128+
const TLS_INSECURE_SERVER_CERT_COMMON_NAME = 'insecure';
129+
}

0 commit comments

Comments
 (0)