diff --git a/doc/ConfigToken.md b/doc/ConfigToken.md deleted file mode 100644 index e84cd87..0000000 --- a/doc/ConfigToken.md +++ /dev/null @@ -1,260 +0,0 @@ -# Client-Token Test (`my_`) - -> This document belongs to the test-case [test_config_token.py](/src/test/test_config_token.py) - -Our *Client-Token* itself is consistent and all validations are successful. But the `nvidia-gridd` service fails to -verify. -This probably is, because we are using certificates which are not singed by nvidia. This maybe is done by the initial -instance-token exchange. - -Maybe the only way to get successful, is to fake the whole instance-token exchange. - -## JWT - -``` -eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJkZWU5MjRiZi1iNjg4LTQ2NzQtYmM2NC03YjYwM2UxNDUyYmYiLCJpc3MiOiJOTFMgU2VydmljZSBJbnN0YW5jZSIsImF1ZCI6Ik5MUyBMaWNlbnNlZCBDbGllbnQiLCJpYXQiOjE3NDI1NTYyMTcsIm5iZiI6MTc0MjU1NjIxNywiZXhwIjoyMTIxMjQ3NDE3LCJ1cGRhdGVfbW9kZSI6IkFCU09MVVRFIiwic2NvcGVfcmVmX2xpc3QiOlsiMjAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAxIl0sImZ1bGZpbGxtZW50X2NsYXNzX3JlZl9saXN0IjpbXSwic2VydmljZV9pbnN0YW5jZV9jb25maWd1cmF0aW9uIjp7Im5sc19zZXJ2aWNlX2luc3RhbmNlX3JlZiI6IjRlNTNhMTcxLTEwM2ItNDk0Ni05ZWQ4LTVmNGMwZWU3NTBkOSIsInN2Y19wb3J0X3NldF9saXN0IjpbeyJpZHgiOjAsImRfbmFtZSI6IkRMUyIsInN2Y19wb3J0X21hcCI6W3sic2VydmljZSI6ImF1dGgiLCJwb3J0Ijo0NDN9LHsic2VydmljZSI6ImxlYXNlIiwicG9ydCI6NDQzfSx7InNlcnZpY2UiOiJxdWlja19yZWxlYXNlIiwicG9ydCI6NDQzfV19XSwibm9kZV91cmxfbGlzdCI6W3siaWR4IjowLCJ1cmwiOiIxOTIuMTY4LjE3OC4xMTAiLCJ1cmxfcXIiOiIxOTIuMTY4LjE3OC4xMTAiLCJzdmNfcG9ydF9zZXRfaWR4IjowfV19LCJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfY29uZmlndXJhdGlvbiI6eyJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfbWUiOnsibW9kIjoiZWRiMGIzNjgwZGIzMDNmNWIzNTM5ZTgzZGFlMTkzM2E3MDk3Yzg3MTJjNDc2NzM5YTlkNTJhYWJlMWJiOWMwNWMyZjE0NzRiODJiOWE2ODhmOGUyODlkYTI0MDM1ODQzOTYzZGI0OTE0ZDhmM2RlYWZmNTgyOTIzMWI3YWM2NzIxMWZlMTFhNTg5ZjNhZGYyNTI1ZDkyY2JmZTQxOTgwMDFmY2M5MTJkNDg5ZTdmYWY4MzYyNWQ2Yzg3Y2NhODYzNTVmNmVhOTlmN2IwYjZmYTBiMGM4Mzg1MDFiYjIyNjM2YzEwYTQ5ZTk5ODllYjMwZDI1Y2JlYzkwODZmZGFkOTJkYWY1ZmJlZTk5YjBkZmNmNDk4OGZkY2MzY2I4ZmFjMDY0NzUwNzNhYjRhNjg4MmQ3YzcwYzY4OThkNTM4N2UwMTQyYjRhMjgxN2Q5OTE1N2I1YzE3YjRkZTVlNmEwYmFkNjZjYzg0YjE4M2M3ZmUxZjQ4ZmNhMjZkNmNlY2ViYjRmNjY0ZDhhZTIxMDkyMDA0ZTA5ZWQ5NDY4OTE2ZTA4Y2EzODhhNTAzYjFkYjVkYjQzMmM2NThlZDA3YTVjZWJhOTA3NTg0NWI5OTZhOGE2Yzg2NWZjNWQ2OWI5YTg5MmQwMGM2ZTBiZDUxZDE0MjJiNDEwYmY5Yzg4NjgyZDkiLCJleHAiOjY1NTM3fSwic2VydmljZV9pbnN0YW5jZV9wdWJsaWNfa2V5X3BlbSI6Ii0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tXG5NSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTdiQ3phQTJ6QS9XelU1NkQydUdUXG5PbkNYeUhFc1IyYzVxZFVxcStHN25BWEM4VWRMZ3JtbWlQamlpZG9rQTFoRGxqMjBrVTJQUGVyL1dDa2pHM3JHXG5jaEgrRWFXSjg2M3lVbDJTeS81Qm1BQWZ6SkV0U0o1L3I0TmlYV3lIektoalZmYnFtZmV3dHZvTERJT0ZBYnNpXG5ZMndRcEo2Wmllc3cwbHkreVFodjJ0a3RyMSsrNlpzTi9QU1lqOXpEeTQrc0JrZFFjNnRLYUlMWHh3eG9tTlU0XG5mZ0ZDdEtLQmZaa1ZlMXdYdE41ZWFndXRac3lFc1lQSC9oOUkvS0p0Yk96cnRQWmsySzRoQ1NBRTRKN1pSb2tXXG40SXlqaUtVRHNkdGR0RExHV08wSHBjNjZrSFdFVzVscWlteUdYOFhXbTVxSkxRREc0TDFSMFVJclFRdjV5SWFDXG4yUUlEQVFBQlxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tIiwia2V5X3JldGVudGlvbl9tb2RlIjoiTEFURVNUX09OTFkifX0.Hl2EfHaP1ja18VFNYpNaIKJcddGRdtpGve7JkFcrt5rRVnbTxXNYkhYCmc4Q5EyctCchSjUkU1UKcedL0RHJQeZ25kRiUjMSEE7jaXDwU29uANY9HxiJx3I-SKUahDcFuS3KtiScKxxihcAgWTi-rNZGkXMbCT4MM08Gzn_F7R1XcH0ZXoX1ZKon9lps6w6xzhKtyzu9zsrC3Cn0W4C4P918nD3e1jLHkVXYSLR8I27KSgeCPCPKR3fMTFU0BnnYRmkHheAS1Lp3Y5KI3t518vwb-NkSgF5ucpTloot7boTv6fBHlkmcc83LpWC4GQmInu_i1gm6cDQhB7RC1zBnoA -``` - -### JWT decoded - -``` -{ - "jti": "dee924bf-b688-4674-bc64-7b603e1452bf", - "iss": "NLS Service Instance", - "aud": "NLS Licensed Client", - "iat": 1742556217, - "nbf": 1742556217, - "exp": 2121247417, - "update_mode": "ABSOLUTE", - "scope_ref_list": [ "20000000-0000-0000-0000-000000000001" ], - "fulfillment_class_ref_list": [], - "service_instance_configuration": { - "nls_service_instance_ref": "4e53a171-103b-4946-9ed8-5f4c0ee750d9", - "svc_port_set_list": [ - { - "idx": 0, - "d_name": "DLS", - "svc_port_map": [ - { "service": "auth", "port": 443 }, - { "service": "lease", "port": 443 }, - { "service": "quick_release", "port": 443 } - ] - } - ], - "node_url_list": [{ "idx": 0, "url": "192.168.178.110", "url_qr": "192.168.178.110", "svc_port_set_idx": 0 }] - }, - "service_instance_public_key_configuration": { - "service_instance_public_key_me": { - "mod": "edb0b3680db303f5b3539e83dae1933a7097c8712c476739a9d52aabe1bb9c05c2f1474b82b9a688f8e289da24035843963db4914d8f3deaff5829231b7ac67211fe11a589f3adf2525d92cbfe4198001fcc912d489e7faf83625d6c87cca86355f6ea99f7b0b6fa0b0c838501bb22636c10a49e9989eb30d25cbec9086fdad92daf5fbee99b0dfcf4988fdcc3cb8fac06475073ab4a6882d7c70c6898d5387e0142b4a2817d99157b5c17b4de5e6a0bad66cc84b183c7fe1f48fca26d6cecebb4f664d8ae21092004e09ed9468916e08ca388a503b1db5db432c658ed07a5ceba9075845b996a8a6c865fc5d69b9a892d00c6e0bd51d1422b410bf9c88682d9", - "exp": 65537 - }, - "service_instance_public_key_pem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7bCzaA2zA/WzU56D2uGT\nOnCXyHEsR2c5qdUqq+G7nAXC8UdLgrmmiPjiidokA1hDlj20kU2PPer/WCkjG3rG\nchH+EaWJ863yUl2Sy/5BmAAfzJEtSJ5/r4NiXWyHzKhjVfbqmfewtvoLDIOFAbsi\nY2wQpJ6Ziesw0ly+yQhv2tktr1++6ZsN/PSYj9zDy4+sBkdQc6tKaILXxwxomNU4\nfgFCtKKBfZkVe1wXtN5eagutZsyEsYPH/h9I/KJtbOzrtPZk2K4hCSAE4J7ZRokW\n4IyjiKUDsdtdtDLGWO0Hpc66kHWEW5lqimyGX8XWm5qJLQDG4L1R0UIrQQv5yIaC\n2QIDAQAB\n-----END PUBLIC KEY-----", - "key_retention_mode": "LATEST_ONLY" - } -} -``` - -### JWT Signature - -Signature can be verified with included `$.service_instance_public_key_configuration.service_instance_public_key_pem` - -``` ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7bCzaA2zA/WzU56D2uGT -OnCXyHEsR2c5qdUqq+G7nAXC8UdLgrmmiPjiidokA1hDlj20kU2PPer/WCkjG3rG -chH+EaWJ863yUl2Sy/5BmAAfzJEtSJ5/r4NiXWyHzKhjVfbqmfewtvoLDIOFAbsi -Y2wQpJ6Ziesw0ly+yQhv2tktr1++6ZsN/PSYj9zDy4+sBkdQc6tKaILXxwxomNU4 -fgFCtKKBfZkVe1wXtN5eagutZsyEsYPH/h9I/KJtbOzrtPZk2K4hCSAE4J7ZRokW -4IyjiKUDsdtdtDLGWO0Hpc66kHWEW5lqimyGX8XWm5qJLQDG4L1R0UIrQQv5yIaC -2QIDAQAB ------END PUBLIC KEY----- -``` - -**Details** - -``` -Algo RSA -Format X.509 - ASN1 Dump -RSA Public Key [0a:f7:53:cc:fe:4d:e3:4a:da:39:7b:65:8f:87:67:e7:86:22:3a:60] - modulus: edb0b3680db303f5b3539e83dae1933a7097c8712c476739a9d52aabe1bb9c05c2f1474b82b9a688f8e289da24035843963db4914d8f3deaff5829231b7ac67211fe11a589f3adf2525d92cbfe4198001fcc912d489e7faf83625d6c87cca86355f6ea99f7b0b6fa0b0c838501bb22636c10a49e9989eb30d25cbec9086fdad92daf5fbee99b0dfcf4988fdcc3cb8fac06475073ab4a6882d7c70c6898d5387e0142b4a2817d99157b5c17b4de5e6a0bad66cc84b183c7fe1f48fca26d6cecebb4f664d8ae21092004e09ed9468916e08ca388a503b1db5db432c658ed07a5ceba9075845b996a8a6c865fc5d69b9a892d00c6e0bd51d1422b410bf9c88682d9 - public exponent: 10001 -``` - -## Config-Token - -```json -{ - "certificateConfiguration": { - "caChain": [ - "-----BEGIN CERTIFICATE-----\r\nMIIF3TCCA8WgAwIBAgIUD2CdXDMPoAsGOH87+lhMsIwczTswDQYJKoZIhvcNAQEL\r\nBQAwcjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExJzAlBgNVBAsM\r\nHk52aWRpYSBMaWNlbnNpbmcgU2VydmljZSAoTkxTKTEPMA0GA1UECgwGTnZpZGlh\r\nMRQwEgYDVQQDDAtOTFMgUm9vdCBDQTAeFw0yNTAzMjAxMTE3NTFaFw0zNTAzMTkx\r\nMTE3NTFaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMQ8wDQYD\r\nVQQKDAZOdmlkaWExJzAlBgNVBAsMHk52aWRpYSBMaWNlbnNpbmcgU2VydmljZSAo\r\nTkxTKTEcMBoGA1UEAwwTTkxTIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcN\r\nAQEBBQADggIPADCCAgoCggIBAKY8YjANHn+yYnXMZREn+NqYE+cCJd+vaEB4d2qw\r\n2VADWM7d1bo2n3iCTX30uf/j14XgC85va3ZwPNhTHXm0EObPnnuDcMzbkZc/FxR1\r\nCB8DuVIeTNrxVj3aAo4I1ET5Y1m7gxAQsD9KUUK00uP0YfJIZMdxFs+waGLuJMDn\r\nF3bJfbrl8J2paZ8BFQiDlQX6zSd2iNasigWMyFQYar87NvQdy8SRKZ4ISRaeuf/1\r\nVJQGs/014OFNFKEOXcfo2xKX0LzFrBYv8BYWx5a3bvSP1lMREhYa4Bb7PvImcHCa\r\nMoA3V5nDjp1v5wh/E0CqtlgQwD99yBbQuMcWl+zmadPWDMWZQnUxoEENLlqXQ7DW\r\nH792QjJm95MIoN9tbSqjvmIjneyy5F+dCuWes7cnZYR5F5X2/zn0pJ8jWbZdQnSl\r\nHXOOyAhqbsmUkGUohVsTVKsUcOGYVXhwS5jdMNRzuSCbbfn/ZGBG6XWUO5ELoXFc\r\nw/iNe2PSO2SixpwXbN3kCtaIjW5YJCFikqOW+Ho9Wy1yI3U261E7SuxTle89DaNQ\r\nsNfHAJKB28yHVK3sNAzWj/Vg6ZYCjMDDlu2nOFEKzJg3OIMiowkZxmkKe+1r5qQQ\r\njgAQf2k2GQNSgGQBeWujOthgx/FdpOGOmZuP6zAPCr/kEndjvFQtpjDxVBKwCIcQ\r\nZdjJAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G\r\nA1UdDgQWBBTy/9FFg3FeMCiVc1SweFWeW4gnCjAfBgNVHSMEGDAWgBQCqIgM/Kld\r\nQ+CdLvVgsfLael0/DDANBgkqhkiG9w0BAQsFAAOCAgEAC/440Dy8dPhuXS2fxSmQ\r\n7J2LwrhCWYtFNkXJW4Dnwb9mipVzr8vvBPGXJXG1LkfsVFYYv8lVqN+ErYctqv1B\r\nqLM5ZT+avnBBogcX/2Se9hqCSy24kOsYnjNqtHFxiOoK3xoMs9kdHy0Nt0su408R\r\nv+NHV1jQasvP7KuLXreRBwijHEQcIpi9Nfyh/O5aaQikN2EtQV3ZqYI87DRnPsGs\r\nBaX/TBKlFfPfVjS6mXq6YB7y8oA8NH0IiJ1xn+7nYVjTmSHGWQnTLYOMowMuGFFT\r\n3gUiWKQnD74NHZzkvEiX82WDM4SiD1dQCV6OWsTxbs0bUsM0du78CRapi/9XwoUQ\r\nzyJaIzYUtsnHBO4YM78tNi9RZbWB52cOVb7YP2Rj6vHf34SjbIU+exRXPzgs/5d5\r\n6D8eTNj6iq2XtCSGQ50NqZL8N3iDvpypVc8xnfibYA+CLIa152s9LXxTnkACVsHh\r\n9qqyJEUW2qCxKvHxpGqzcsQ6tqQlNaNd8vCJAZU28yZQyuVfhL2rqbab0dFrZdbV\r\ntMk1lk1K3a2kuZfGL5CzWTWsht3b3UOBJT383OInNwkr1UvQr/w3Ml+JdhDDIjIB\r\nz5vrl6bd6uZ/2AUED+o6cM/1mTygdt6u6m+9XFJScplyoltuI7KItXqhf50kM5Ca\r\nOHBuH+vCm1w54MOyHsWydR8=\r\n-----END CERTIFICATE-----" - ], - "publicCert": "-----BEGIN CERTIFICATE-----\r\nMIID2zCCAsOgAwIBAgIUG9EvbFb33ajYzlLIYbD+Wb04Xh0wDQYJKoZIhvcNAQEL\r\nBQAwejELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDzANBgNVBAoM\r\nBk52aWRpYTEnMCUGA1UECwweTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMp\r\nMRwwGgYDVQQDDBNOTFMgSW50ZXJtZWRpYXRlIENBMB4XDTI1MDMyMDExMTc1MVoX\r\nDTM1MDMxOTExMTc1MVowLzEtMCsGA1UEAwwkNGU1M2ExNzEtMTAzYi00OTQ2LTll\r\nZDgtNWY0YzBlZTc1MGQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\r\n7bCzaA2zA/WzU56D2uGTOnCXyHEsR2c5qdUqq+G7nAXC8UdLgrmmiPjiidokA1hD\r\nlj20kU2PPer/WCkjG3rGchH+EaWJ863yUl2Sy/5BmAAfzJEtSJ5/r4NiXWyHzKhj\r\nVfbqmfewtvoLDIOFAbsiY2wQpJ6Ziesw0ly+yQhv2tktr1++6ZsN/PSYj9zDy4+s\r\nBkdQc6tKaILXxwxomNU4fgFCtKKBfZkVe1wXtN5eagutZsyEsYPH/h9I/KJtbOzr\r\ntPZk2K4hCSAE4J7ZRokW4IyjiKUDsdtdtDLGWO0Hpc66kHWEW5lqimyGX8XWm5qJ\r\nLQDG4L1R0UIrQQv5yIaC2QIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwIDqDAdBgNV\r\nHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFO7YfN6kz6TytpbG\r\nQsiVOBxXknNIMB8GA1UdIwQYMBaAFPL/0UWDcV4wKJVzVLB4VZ5biCcKMC8GA1Ud\r\nEQQoMCaCJDRlNTNhMTcxLTEwM2ItNDk0Ni05ZWQ4LTVmNGMwZWU3NTBkOTANBgkq\r\nhkiG9w0BAQsFAAOCAQEAsSw2FKHvL6LtxjP6lvcnRtbtqO9Y1tfanWG8ebTbiF0Z\r\nU5bok/vJ6ut/fqW9zixOSFtzzaTKe91lyeWqt9uHje2wV6SSM+Bw1RglVAvcFejd\r\nfX88/iEDSmqlDf+NAC8yyiWdZ5snboxWBaTpPcf8gziZhDUIxRUFIZCYjqJEkN1u\r\nevfJZqaVsT0zcbmwc+6W7YGD4J8JSFpkwN0odTtciAooBzXpfFzXMz0zrghjFRxA\r\nYnq1C0sQNlBb84yS+B/f4qTfDqL2eCxARZSWSl/S71VRkPn5QRs4iPE0AVeWWZAd\r\n0iHSFm6jxj1x7/+r+Q+wN9hLtT7fEXXKuW7t6ECgDg==\r\n-----END CERTIFICATE-----", - "publicKey": { - "exp": 65537, - "mod": [ - "edb0b3680db303f5b3539e83dae1933a7097c8712c476739a9d52aabe1bb9c05c2f1474b82b9a688f8e289da24035843963db4914d8f3deaff5829231b7ac67211fe11a589f3adf2525d92cbfe4198001fcc912d489e7faf83625d6c87cca86355f6ea99f7b0b6fa0b0c838501bb22636c10a49e9989eb30d25cbec9086fdad92daf5fbee99b0dfcf4988fdcc3cb8fac06475073ab4a6882d7c70c6898d5387e0142b4a2817d99157b5c17b4de5e6a0bad66cc84b183c7fe1f48fca26d6cecebb4f664d8ae21092004e09ed9468916e08ca388a503b1db5db432c658ed07a5ceba9075845b996a8a6c865fc5d69b9a892d00c6e0bd51d1422b410bf9c88682d9" - ] - } - }, - "configToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJOTFMgU2VydmljZSBJbnN0YW5jZSIsImF1ZCI6Ik5MUyBMaWNlbnNlZCBDbGllbnQiLCJpYXQiOjE3NDI1NTU4NzEsIm5iZiI6MTc0MjU1NTg3MSwiZXhwIjoyMTIxMjQ3MDcxLCJwcm90b2NvbF92ZXJzaW9uIjoiMi4wIiwiZF9uYW1lIjoiRExTIiwic2VydmljZV9pbnN0YW5jZV9yZWYiOiI0ZTUzYTE3MS0xMDNiLTQ5NDYtOWVkOC01ZjRjMGVlNzUwZDkiLCJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfY29uZmlndXJhdGlvbiI6eyJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfbWUiOnsibW9kIjoiZWRiMGIzNjgwZGIzMDNmNWIzNTM5ZTgzZGFlMTkzM2E3MDk3Yzg3MTJjNDc2NzM5YTlkNTJhYWJlMWJiOWMwNWMyZjE0NzRiODJiOWE2ODhmOGUyODlkYTI0MDM1ODQzOTYzZGI0OTE0ZDhmM2RlYWZmNTgyOTIzMWI3YWM2NzIxMWZlMTFhNTg5ZjNhZGYyNTI1ZDkyY2JmZTQxOTgwMDFmY2M5MTJkNDg5ZTdmYWY4MzYyNWQ2Yzg3Y2NhODYzNTVmNmVhOTlmN2IwYjZmYTBiMGM4Mzg1MDFiYjIyNjM2YzEwYTQ5ZTk5ODllYjMwZDI1Y2JlYzkwODZmZGFkOTJkYWY1ZmJlZTk5YjBkZmNmNDk4OGZkY2MzY2I4ZmFjMDY0NzUwNzNhYjRhNjg4MmQ3YzcwYzY4OThkNTM4N2UwMTQyYjRhMjgxN2Q5OTE1N2I1YzE3YjRkZTVlNmEwYmFkNjZjYzg0YjE4M2M3ZmUxZjQ4ZmNhMjZkNmNlY2ViYjRmNjY0ZDhhZTIxMDkyMDA0ZTA5ZWQ5NDY4OTE2ZTA4Y2EzODhhNTAzYjFkYjVkYjQzMmM2NThlZDA3YTVjZWJhOTA3NTg0NWI5OTZhOGE2Yzg2NWZjNWQ2OWI5YTg5MmQwMGM2ZTBiZDUxZDE0MjJiNDEwYmY5Yzg4NjgyZDkiLCJleHAiOjY1NTM3fSwic2VydmljZV9pbnN0YW5jZV9wdWJsaWNfa2V5X3BlbSI6Ii0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tXG5NSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTdiQ3phQTJ6QS9XelU1NkQydUdUXG5PbkNYeUhFc1IyYzVxZFVxcStHN25BWEM4VWRMZ3JtbWlQamlpZG9rQTFoRGxqMjBrVTJQUGVyL1dDa2pHM3JHXG5jaEgrRWFXSjg2M3lVbDJTeS81Qm1BQWZ6SkV0U0o1L3I0TmlYV3lIektoalZmYnFtZmV3dHZvTERJT0ZBYnNpXG5ZMndRcEo2Wmllc3cwbHkreVFodjJ0a3RyMSsrNlpzTi9QU1lqOXpEeTQrc0JrZFFjNnRLYUlMWHh3eG9tTlU0XG5mZ0ZDdEtLQmZaa1ZlMXdYdE41ZWFndXRac3lFc1lQSC9oOUkvS0p0Yk96cnRQWmsySzRoQ1NBRTRKN1pSb2tXXG40SXlqaUtVRHNkdGR0RExHV08wSHBjNjZrSFdFVzVscWlteUdYOFhXbTVxSkxRREc0TDFSMFVJclFRdjV5SWFDXG4yUUlEQVFBQlxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tIiwia2V5X3JldGVudGlvbl9tb2RlIjoiTEFURVNUX09OTFkifX0.D3soBLZ4vLVwBRwrrK3FrpX599jDfV6gJpD7OnucTfkTILg3AwLLyoPuStd9Pc0EcvW8b2BQ0B5sXgJYW3XAyeFWh08PP02T8Y0bGneWcVkY81tn1eg-zwskk9GQlMooBH3IRRAG1dg5GLjuohZqaz48hNdXY2Ok8G0A68EVELY0zrc9PyMVia0tnNIwM8msnIC3ryEymCuAqnjLpCVjPoEkmpggfgvHrJDdLsoZuMs-P-49WxgZO0vCaolHUXQIy5lYkxcI9tzy17NmXeJK-Ut0AihLIYg0_K6YhetDdxQdGQYvNliD12IzDHDE0hDHF5EasnccUjSN_dQNVWP7Sg" -} -``` - -### CA-Chain - -``` ------BEGIN CERTIFICATE----- -MIIF3TCCA8WgAwIBAgIUD2CdXDMPoAsGOH87+lhMsIwczTswDQYJKoZIhvcNAQEL -BQAwcjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExJzAlBgNVBAsM -Hk52aWRpYSBMaWNlbnNpbmcgU2VydmljZSAoTkxTKTEPMA0GA1UECgwGTnZpZGlh -MRQwEgYDVQQDDAtOTFMgUm9vdCBDQTAeFw0yNTAzMjAxMTE3NTFaFw0zNTAzMTkx -MTE3NTFaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMQ8wDQYD -VQQKDAZOdmlkaWExJzAlBgNVBAsMHk52aWRpYSBMaWNlbnNpbmcgU2VydmljZSAo -TkxTKTEcMBoGA1UEAwwTTkxTIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAKY8YjANHn+yYnXMZREn+NqYE+cCJd+vaEB4d2qw -2VADWM7d1bo2n3iCTX30uf/j14XgC85va3ZwPNhTHXm0EObPnnuDcMzbkZc/FxR1 -CB8DuVIeTNrxVj3aAo4I1ET5Y1m7gxAQsD9KUUK00uP0YfJIZMdxFs+waGLuJMDn -F3bJfbrl8J2paZ8BFQiDlQX6zSd2iNasigWMyFQYar87NvQdy8SRKZ4ISRaeuf/1 -VJQGs/014OFNFKEOXcfo2xKX0LzFrBYv8BYWx5a3bvSP1lMREhYa4Bb7PvImcHCa -MoA3V5nDjp1v5wh/E0CqtlgQwD99yBbQuMcWl+zmadPWDMWZQnUxoEENLlqXQ7DW -H792QjJm95MIoN9tbSqjvmIjneyy5F+dCuWes7cnZYR5F5X2/zn0pJ8jWbZdQnSl -HXOOyAhqbsmUkGUohVsTVKsUcOGYVXhwS5jdMNRzuSCbbfn/ZGBG6XWUO5ELoXFc -w/iNe2PSO2SixpwXbN3kCtaIjW5YJCFikqOW+Ho9Wy1yI3U261E7SuxTle89DaNQ -sNfHAJKB28yHVK3sNAzWj/Vg6ZYCjMDDlu2nOFEKzJg3OIMiowkZxmkKe+1r5qQQ -jgAQf2k2GQNSgGQBeWujOthgx/FdpOGOmZuP6zAPCr/kEndjvFQtpjDxVBKwCIcQ -ZdjJAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G -A1UdDgQWBBTy/9FFg3FeMCiVc1SweFWeW4gnCjAfBgNVHSMEGDAWgBQCqIgM/Kld -Q+CdLvVgsfLael0/DDANBgkqhkiG9w0BAQsFAAOCAgEAC/440Dy8dPhuXS2fxSmQ -7J2LwrhCWYtFNkXJW4Dnwb9mipVzr8vvBPGXJXG1LkfsVFYYv8lVqN+ErYctqv1B -qLM5ZT+avnBBogcX/2Se9hqCSy24kOsYnjNqtHFxiOoK3xoMs9kdHy0Nt0su408R -v+NHV1jQasvP7KuLXreRBwijHEQcIpi9Nfyh/O5aaQikN2EtQV3ZqYI87DRnPsGs -BaX/TBKlFfPfVjS6mXq6YB7y8oA8NH0IiJ1xn+7nYVjTmSHGWQnTLYOMowMuGFFT -3gUiWKQnD74NHZzkvEiX82WDM4SiD1dQCV6OWsTxbs0bUsM0du78CRapi/9XwoUQ -zyJaIzYUtsnHBO4YM78tNi9RZbWB52cOVb7YP2Rj6vHf34SjbIU+exRXPzgs/5d5 -6D8eTNj6iq2XtCSGQ50NqZL8N3iDvpypVc8xnfibYA+CLIa152s9LXxTnkACVsHh -9qqyJEUW2qCxKvHxpGqzcsQ6tqQlNaNd8vCJAZU28yZQyuVfhL2rqbab0dFrZdbV -tMk1lk1K3a2kuZfGL5CzWTWsht3b3UOBJT383OInNwkr1UvQr/w3Ml+JdhDDIjIB -z5vrl6bd6uZ/2AUED+o6cM/1mTygdt6u6m+9XFJScplyoltuI7KItXqhf50kM5Ca -OHBuH+vCm1w54MOyHsWydR8= ------END CERTIFICATE----- -``` - -**Details** - -- Serial Number: `0F:60:9D:5C:33:0F:A0:0B:06:38:7F:3B:FA:58:4C:B0:8C:1C:CD:3B` ( - `87789441104157334067027060312294361915113393467`) -- Subject DN: `CN=NLS Intermediate CA, OU=Nvidia Licensing Service (NLS), O=Nvidia, ST=California, C=US` -- Issuer DN: `CN=NLS Root CA, O=Nvidia, OU=Nvidia Licensing Service (NLS), ST=California, C=US` -- Critical Extensions - ``` - Certificate Signing - CRL Signing - Subject is a CA - Path Length Constraint: None - ``` -- Non Critical Extensions - ``` - Key Identifier: 0xF2FF D145 8371 5E30 2895 7354 B078 559E 5B88 270A - Key Identifier: 0x02A8 880C FCA9 5D43 E09D 2EF5 60B1 F2DA 7A5D 3F0C - ``` - -### Public-Cert - -This is used to verify JWT-Signature. - -> [!alert] -> On offical DLS we have no private/prublic key. This certificate is only -> present in database "configuration" => "DLS_SI_CERTIFICATE". -> There also is an encrypted private-key, which probably is the private-key -> belonging to this certificate. - -``` ------BEGIN CERTIFICATE----- -MIID2zCCAsOgAwIBAgIUG9EvbFb33ajYzlLIYbD+Wb04Xh0wDQYJKoZIhvcNAQEL -BQAwejELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDzANBgNVBAoM -Bk52aWRpYTEnMCUGA1UECwweTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMp -MRwwGgYDVQQDDBNOTFMgSW50ZXJtZWRpYXRlIENBMB4XDTI1MDMyMDExMTc1MVoX -DTM1MDMxOTExMTc1MVowLzEtMCsGA1UEAwwkNGU1M2ExNzEtMTAzYi00OTQ2LTll -ZDgtNWY0YzBlZTc1MGQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -7bCzaA2zA/WzU56D2uGTOnCXyHEsR2c5qdUqq+G7nAXC8UdLgrmmiPjiidokA1hD -lj20kU2PPer/WCkjG3rGchH+EaWJ863yUl2Sy/5BmAAfzJEtSJ5/r4NiXWyHzKhj -VfbqmfewtvoLDIOFAbsiY2wQpJ6Ziesw0ly+yQhv2tktr1++6ZsN/PSYj9zDy4+s -BkdQc6tKaILXxwxomNU4fgFCtKKBfZkVe1wXtN5eagutZsyEsYPH/h9I/KJtbOzr -tPZk2K4hCSAE4J7ZRokW4IyjiKUDsdtdtDLGWO0Hpc66kHWEW5lqimyGX8XWm5qJ -LQDG4L1R0UIrQQv5yIaC2QIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwIDqDAdBgNV -HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFO7YfN6kz6TytpbG -QsiVOBxXknNIMB8GA1UdIwQYMBaAFPL/0UWDcV4wKJVzVLB4VZ5biCcKMC8GA1Ud -EQQoMCaCJDRlNTNhMTcxLTEwM2ItNDk0Ni05ZWQ4LTVmNGMwZWU3NTBkOTANBgkq -hkiG9w0BAQsFAAOCAQEAsSw2FKHvL6LtxjP6lvcnRtbtqO9Y1tfanWG8ebTbiF0Z -U5bok/vJ6ut/fqW9zixOSFtzzaTKe91lyeWqt9uHje2wV6SSM+Bw1RglVAvcFejd -fX88/iEDSmqlDf+NAC8yyiWdZ5snboxWBaTpPcf8gziZhDUIxRUFIZCYjqJEkN1u -evfJZqaVsT0zcbmwc+6W7YGD4J8JSFpkwN0odTtciAooBzXpfFzXMz0zrghjFRxA -Ynq1C0sQNlBb84yS+B/f4qTfDqL2eCxARZSWSl/S71VRkPn5QRs4iPE0AVeWWZAd -0iHSFm6jxj1x7/+r+Q+wN9hLtT7fEXXKuW7t6ECgDg== ------END CERTIFICATE----- -``` - -**Details** - -- Serial Number: `1B:D1:2F:6C:56:F7:DD:A8:D8:CE:52:C8:61:B0:FE:59:BD:38:5E:1D` ( - `158807737702271588335335063867501016171838725661`) -- Subject DN: `CN=4e53a171-103b-4946-9ed8-5f4c0ee750d9` -- Issuer DN: `CN=NLS Intermediate CA, OU=Nvidia Licensing Service (NLS), O=Nvidia, ST=California, C=US` -- SASNS: `4e53a171-103b-4946-9ed8-5f4c0ee750d9` -- Critical Extensions - ``` - Digital Signature - Key Encipherment - Key Agreement - ```` -- Non Critical Extensions - ``` - Key Identifier: 0xEED8 7CDE A4CF A4F2 B696 C642 C895 381C 5792 7348 - DNS Name: 4e53a171-103b-4946-9ed8-5f4c0ee750d9 - Key Identifier: 0xF2FF D145 8371 5E30 2895 7354 B078 559E 5B88 270A - TLS Web Server Authentication (1.3.6.1.5.5.7.3.1) - TLS Web Client Authentication (1.3.6.1.5.5.7.3.2) - ``` - -## Error Message from `nvidia-gridd` - -**Result from current `config-token`** - -``` -Mär 21 12:22:10 debian-grid-test nvidia-gridd[586]: Failed to verify public certificate (error:0A000126:SSL routines::unexpected eof while reading) -Mär 21 12:22:10 debian-grid-test nvidia-gridd[586]: Failed to verify public certificate (error:00000000:lib(0)::reason(0)) -Mär 21 12:22:10 debian-grid-test nvidia-gridd[586]: Failed to validate public certificates -Mär 21 12:22:10 debian-grid-test nvidia-gridd[586]: Server configuration validation failed. Invalid certificate received from server. -Mär 21 12:22:10 debian-grid-test nvidia-gridd[586]: Failed to setup cloud License Manager: 3 -Mär 21 12:22:10 debian-grid-test nvidia-gridd[586]: Shutdown (586) -Mär 21 12:22:10 debian-grid-test systemd[1]: nvidia-gridd.service: Main process exited, code=exited, status=1/FAILURE -Mär 21 12:22:10 debian-grid-test systemd[1]: nvidia-gridd.service: Failed with result 'exit-code'. -``` - -What is interesting, that `caChain` and `publicCert` on original dls response, contains 76 chars per line, -where our (default pem) only contains 64 chars. - -But even after splitting into 76 char-chunks (so both, our and nvidias, CA files and Cert files have an equal length) - -``` -{"certificateConfiguration": {"caChain": ["-----BEGIN CERTIFICATE-----\r\nMIIF3TCCA8WgAwIBAgIUNoGIMFv9PE3CjR+dRdc0q5CqdAYwDQYJKoZIhvcNAQELBQAwcjELMAkG\r\nA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDzANBgNVBAoMBk52aWRpYTEnMCUGA1UECwwe\r\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRQwEgYDVQQDDAtOTFMgUm9vdCBDQTAeFw0y\r\nNTAzMjAxMzIwMjZaFw0zNTAzMTkxMzIwMjZaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp\r\nZm9ybmlhMQ8wDQYDVQQKDAZOdmlkaWExJzAlBgNVBAsMHk52aWRpYSBMaWNlbnNpbmcgU2Vydmlj\r\nZSAoTkxTKTEcMBoGA1UEAwwTTkxTIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD\r\nggIPADCCAgoCggIBAKZ7bMxE1/PIL18Dnm31uaw9FjIVrCko1vcIOMpikaW77Oae/dFg/UiLV1yj\r\nGqrgwdQ+8odTG4+eGBeVA0nJJp++MtJWkxj0cnwu08/W2b411qCdAvhxqiYxHV3xt/LuoLqraCgH\r\nuy1vU0Pt2siFMJiLc37yMkjujDsht99Eb4gBVnvM90L6dBsQfqy4bnMC5ktOSf7QfQUTZRc8HzKw\r\n6FBfIat/WeazFemI4ZibDZE0a1NPyZIgCNdBZuWG+jx/GEotp41NBr9Bpt1YSs1rI0Zpb2HMjnlW\r\nMiNtctviR29+afG12hzTjPUPLLxY2k1mifX+1K2UkiZq/b/KRFOgOWkuTH9KnSHfOCdnQsS+gY2p\r\ntdblG/uYkQ3YH8J9qmH6/u5sU1Sw9VqnU9uhjAkxXR2xWEtS/cSGhk/GNTtHhOVCPClOiWdmTbI7\r\nl1Xn9pnr3CIyFtwFZhIFBTd/HPR5bM00AZmzWFWbal02k0l09Nx8bYZ0WvK+fPOfl7vrlKThOI2S\r\nE47dxXxT9v7d6Fg1xtm8ONsdmY90G2inT6+mOjgHl7AedyiZFW4FBeNl0cfGiNks+HpRlUMpYaGU\r\nB+2Pjy2R+u6tPDLsC6RzeurlgR5PwEOIb/eoDFE+WCuw/iKaBsuF9sVMC4vQd46p9nbT+/JLyFnP\r\niJjsTc0/g2zBeDPbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G\r\nA1UdDgQWBBQ46ZTbRQAh77j3Jhoh8Bf2wr0ZlDAfBgNVHSMEGDAWgBTQPjF28/1NU9Q8yYjEdYIV\r\nyzkJfjANBgkqhkiG9w0BAQsFAAOCAgEAWcReY4P8KDgnEiHXhGu7uaCzj285bIghoCT8jARSxjDP\r\ntHASlgKsn20+igSoML8Ts8CGuWEKlPuIQTgfoMt0ybxXoDUJ1j/vCAULVjQex56WXadFgSrsgESZ\r\nVFc3JrrB6uuYteG3+Yfrdc/4J6WsE0ex/t0FLeohxumcjT3URPIdSNBKwh2KEbtKyu58BfjYtpu2\r\niQCFt+VJ66CJ8d7vS2UMSzQ+gotxYyEnxyrmxoEqMnc8Fj5WGVV70hV9mfnEUi7ESOq1Ei4nn3kp\r\nA3Kj2p5Vd4M88aLmC1I0SgUcDzxVdJF/798WHKZXSzlfiY3GarytXPxwdFutaD3jWtXNtlJlXEVI\r\nE3Pu/6BdLGT8QuwzML2n3ZI0OC9uA+03369+GA1AMuuYhJOm6etJ2bBniBNo3SkCUYuFaMTXJLVO\r\nvottHHwtnNVIX19KFNh9sO2vwW7FUXoXgPTkxeBToNtgDXUkQEGlAyQzr2KmkZrezZ2P5j/o/tgb\r\ntuhA2vvU41NYnWFUM4rLDSTSjTdB5c3k3IGdYrYs+ZR5cWQmyv7O7dlFeZxwBb0zaHZzgGaAAaIZ\r\nRL9YSMshPZFvxVtMSyBkWASSRMEKODYP6W/fnlM80SPaN1JuWKZ8JS0DlUlfoIEUduq/acHXPYnd\r\nLB1AoLT312tgy6B/HKzBPeCdFpQ0qOI=\r\n-----END CERTIFICATE-----"], "publicCert": "-----BEGIN CERTIFICATE-----\r\nMIIE2zCCAsOgAwIBAgIUbI4FSbGJm4+b98OLmMFCcTuUjkMwDQYJKoZIhvcNAQELBQAwejELMAkG\r\nA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDzANBgNVBAoMBk52aWRpYTEnMCUGA1UECwwe\r\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRwwGgYDVQQDDBNOTFMgSW50ZXJtZWRpYXRl\r\nIENBMB4XDTI1MDMyMDEzMjAyNloXDTM1MDMxOTEzMjAyNlowLzEtMCsGA1UEAwwkNGU1M2ExNzEt\r\nMTAzYi00OTQ2LTllZDgtNWY0YzBlZTc1MGQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\r\nAQEArHvJrSRs/oJS2g84k/lK1Qn6CDJ3Ulx3GgJdgbmYRhkA3hMBEFdk2IbDnMGL3xwksH062xX3\r\n5tIT0OQF02eKKpB1NRQXcfSvyQmyrKX4nGbPABSMgQn+wIQV+7dZ4m/69Ipsql8ba8/+YqfPuQ+r\r\nLPbUJoPzgNUl/XiAiX0waoL3Oq/pw4/P27QrbbPsA0XwsWS6/9Wzg8MXL/sHmetaeNXDgdTUE8CO\r\nc0X3vLAZbp3hZIeTXiNAAZfcucy3tpg3YAC1fHQPZlVhMLd/VHS545qpwR9TtjD+bIGVBNifx+GW\r\nU2B7WMyLSCi2Fws5LAwHWZfnIg9mf4Uwhaw3grcTpQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwID\r\nqDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFO2Br3PxPeM2OQBfSrCk\r\nRbU04YpuMB8GA1UdIwQYMBaAFDjplNtFACHvuPcmGiHwF/bCvRmUMC8GA1UdEQQoMCaCJDRlNTNh\r\nMTcxLTEwM2ItNDk0Ni05ZWQ4LTVmNGMwZWU3NTBkOTANBgkqhkiG9w0BAQsFAAOCAgEAGz5VHUAn\r\nQqBesOApDemBF6SU/VZqcbXmBZLzrm2/wbNMEnVeYurTOVinyTkRJJHdnCMzCOPurW8rRBJGfhd4\r\nsRnNNciTtzle6nHYA84bwbp3rRBeejKYo6lrCEQQ63nxnH+cejpwm1A/BtvMs4r3Ebo2cy/YsLtn\r\nIvATqJ/niPD3ykdVPUhnRqX+6ki1AvKX1OYi2m0iq39ApmAtAstRJBKTsuny3up8n/iZEtn6Ds0l\r\ngGZH5pnMw3wHzy1cQQLI9+Jky0JFhu2DaPCJRypQncrP2ziydUAJgOE/wOwgOa/299Qw3/7NTGDH\r\nplBNboggu9u2YrSKF2nOIczbPWwEV4vNCjhIITCxc9p2di2pUR2qzC14RpA2p+sORSJkLm6voIzn\r\n74sC+u9cQdK4trytn86iX24Jn3ptBTAeTciGiNcQTWFHtWlpL6e54swmvGcHHhnmA8uU167f5NxY\r\nvFxVub7vKLVlvpdHIU+YWiB3zSr5PT4x2yTfCf+pbTVeVYz5/bx4QOkM9I+M2fKpuZQA35nmu+Of\r\nTEEaFW9+ssGc6txsjb82vn0yDxXzcZcmK49XNhn2egQZIyUCRUCxTG65BkV4mWkIF+E7juyWPTOd\r\nxfSjoXKjWQCm2cmHCBtaxs6kD383bSQtX2b4uxnma8dXdZxz5imb1VTL7JoVd+o9/lU=\r\n-----END CERTIFICATE-----", "publicKey": {"exp": 65537, "mod": ["ac7bc9ad246cfe8252da0f3893f94ad509fa083277525c771a025d81b998461900de1301105764d886c39cc18bdf1c24b07d3adb15f7e6d213d0e405d3678a2a907535141771f4afc909b2aca5f89c66cf00148c8109fec08415fbb759e26ffaf48a6caa5f1b6bcffe62a7cfb90fab2cf6d42683f380d525fd7880897d306a82f73aafe9c38fcfdbb42b6db3ec0345f0b164baffd5b383c3172ffb0799eb5a78d5c381d4d413c08e7345f7bcb0196e9de16487935e23400197dcb9ccb7b698376000b57c740f66556130b77f5474b9e39aa9c11f53b630fe6c819504d89fc7e19653607b58cc8b4828b6170b392c0c075997e7220f667f853085ac3782b713a5"]}}, "configToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJOTFMgU2VydmljZSBJbnN0YW5jZSIsImF1ZCI6Ik5MUyBMaWNlbnNlZCBDbGllbnQiLCJpYXQiOjE3NDI1NjMyMjYsIm5iZiI6MTc0MjU2MzIyNiwiZXhwIjoyMTIxMjU0NDI2LCJwcm90b2NvbF92ZXJzaW9uIjoiMi4wIiwiZF9uYW1lIjoiRExTIiwic2VydmljZV9pbnN0YW5jZV9yZWYiOiI0ZTUzYTE3MS0xMDNiLTQ5NDYtOWVkOC01ZjRjMGVlNzUwZDkiLCJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfY29uZmlndXJhdGlvbiI6eyJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfbWUiOnsibW9kIjoiYWM3YmM5YWQyNDZjZmU4MjUyZGEwZjM4OTNmOTRhZDUwOWZhMDgzMjc3NTI1Yzc3MWEwMjVkODFiOTk4NDYxOTAwZGUxMzAxMTA1NzY0ZDg4NmMzOWNjMThiZGYxYzI0YjA3ZDNhZGIxNWY3ZTZkMjEzZDBlNDA1ZDM2NzhhMmE5MDc1MzUxNDE3NzFmNGFmYzkwOWIyYWNhNWY4OWM2NmNmMDAxNDhjODEwOWZlYzA4NDE1ZmJiNzU5ZTI2ZmZhZjQ4YTZjYWE1ZjFiNmJjZmZlNjJhN2NmYjkwZmFiMmNmNmQ0MjY4M2YzODBkNTI1ZmQ3ODgwODk3ZDMwNmE4MmY3M2FhZmU5YzM4ZmNmZGJiNDJiNmRiM2VjMDM0NWYwYjE2NGJhZmZkNWIzODNjMzE3MmZmYjA3OTllYjVhNzhkNWMzODFkNGQ0MTNjMDhlNzM0NWY3YmNiMDE5NmU5ZGUxNjQ4NzkzNWUyMzQwMDE5N2RjYjljY2I3YjY5ODM3NjAwMGI1N2M3NDBmNjY1NTYxMzBiNzdmNTQ3NGI5ZTM5YWE5YzExZjUzYjYzMGZlNmM4MTk1MDRkODlmYzdlMTk2NTM2MDdiNThjYzhiNDgyOGI2MTcwYjM5MmMwYzA3NTk5N2U3MjIwZjY2N2Y4NTMwODVhYzM3ODJiNzEzYTUiLCJleHAiOjY1NTM3fSwic2VydmljZV9pbnN0YW5jZV9wdWJsaWNfa2V5X3BlbSI6Ii0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tXG5NSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXJIdkpyU1JzL29KUzJnODRrL2xLXG4xUW42Q0RKM1VseDNHZ0pkZ2JtWVJoa0EzaE1CRUZkazJJYkRuTUdMM3h3a3NIMDYyeFgzNXRJVDBPUUYwMmVLXG5LcEIxTlJRWGNmU3Z5UW15cktYNG5HYlBBQlNNZ1FuK3dJUVYrN2RaNG0vNjlJcHNxbDhiYTgvK1lxZlB1UStyXG5MUGJVSm9QemdOVWwvWGlBaVgwd2FvTDNPcS9wdzQvUDI3UXJiYlBzQTBYd3NXUzYvOVd6ZzhNWEwvc0htZXRhXG5lTlhEZ2RUVUU4Q09jMFgzdkxBWmJwM2haSWVUWGlOQUFaZmN1Y3kzdHBnM1lBQzFmSFFQWmxWaE1MZC9WSFM1XG40NXFwd1I5VHRqRCtiSUdWQk5pZngrR1dVMkI3V015TFNDaTJGd3M1TEF3SFdaZm5JZzltZjRVd2hhdzNncmNUXG5wUUlEQVFBQlxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tIiwia2V5X3JldGVudGlvbl9tb2RlIjoiTEFURVNUX09OTFkifX0.db4MVvs7kUt6i4ffEok2doqXGUE_9vicssjxwfGA71VyI9OEnvJ7lJ60E6h_ScNEEYwAs_Ghy4OyK_Wk-yt_vh80sbyn5Vd-CKY1A4UgFmG20k2mFKUOpr7hmkfhxkCURUnC0auYwi9OEsNDOi8L05HmQjYbdtOBUH1VlaGVP2oPeeLX7PFPcvARP-Jhm6WppZ321zYC-M39OovdFtJIgVTMA5cJtFvfeHVzCXoo5ybmjtXPbS4ZN_5M3ua8osMEQgIlxsJSdYcD9wDNIiWSPKJuXJKKWtpBzG09FuN4ew7pU-jQ6Rcd6NIS3l7Fv68ooQSjHi4Bu7UAn4YXdXx14Q"} -``` - -it results in the same error messages - -``` -Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: NLS initialized -Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: Failed to verify public certificate (error:0A000126:SSL routines::unexpected eof while reading) -Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: Failed to verify public certificate (error:00000000:lib(0)::reason(0)) -Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: Failed to validate public certificates -Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: Server configuration validation failed. Invalid certificate received from server. -Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: Failed to setup cloud License Manager: 3 -Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: Shutdown (503) -Mär 21 14:21:43 debian-grid-test systemd[1]: nvidia-gridd.service: Main process exited, code=exited, status=1/FAILURE -Mär 21 14:21:43 debian-grid-test systemd[1]: nvidia-gridd.service: Failed with result 'exit-code'. -``` - -# Sources - -- https://8gwifi.org/PemParserFunctions.jsp \ No newline at end of file diff --git a/doc/LATEST.md b/doc/LATEST.md index 57e0498..4b92521 100644 --- a/doc/LATEST.md +++ b/doc/LATEST.md @@ -9,7 +9,7 @@ # Config-Token -See [ConfigToken.md](ConfigToken.md). +See [config-token.md](config-token.md). # Certificate and CA-Chain @@ -22,6 +22,8 @@ When *base64-decoded* both files have a length of **256 bytes**. If these files are renamed (adding `.bak`) NLS stack will come up normally. +> These files are static and don't change after resetting NLS-Instance + - `master_pwd.bin` ``` RdX1Fng5fYUEq+hSvQcDPdZmKkLfEfVd9k6OU6BG0UpFz1s9fbT5H2fqPBcxFogg @@ -48,6 +50,8 @@ When *base64-decoded* this file has a length of **256 bytes**. If this file is renamed (adding `.bak`) NLS stack will come up normally. +> This file is static and don't change after resetting NLS-Instance + ``` 0a3MZny/w+hEduuSakCLM5ADlr9oKapdjIrZIM5A7mzq3e8I0UPVb9m6DOXlzJe8 wu+X+gWdIMjPED0GqqyNUQ3MlklaXE1jIvA7NBUeskSdSAACYEX6IZRNVQvSs2Yn @@ -57,8 +61,6 @@ m56oy1WRGSdHRiBt/6Mbb2I7BQ+YNsPrq9pI9wdPxbCbyT8UbEPM0/Qo4RSH77lx ipX9bJaK63sIplYtPSBB2A== ``` - - # Other Code Interesting is that for encryption the `service_instance.deployment` **Public-Key** is used. For that one, we have no diff --git a/doc/config-token.md b/doc/config-token.md new file mode 100644 index 0000000..21ca7b4 --- /dev/null +++ b/doc/config-token.md @@ -0,0 +1,256 @@ +# Client-Token Test (`my_`) + +> This document belongs to the test-case [test_config_token.py](/src/test/test_config_token.py) + +Our *Client-Token* itself is consistent and all validations are successful. But the `nvidia-gridd` service fails to +verify. +This probably is, because we are using certificates which are not singed by nvidia. This maybe is done by the initial +instance-token exchange. + +Maybe the only way to get successful, is to fake the whole instance-token exchange. + +[TOC] + +## Response Payload + +```json +{ + "certificateConfiguration": { + "caChain": [ + "-----BEGIN CERTIFICATE-----\r\nMIIF3TCCA8WgAwIBAgIUCpVszfecRrnPa3EGwPKuyWESBmMwDQYJKoZIhvcNAQELBQAwcjELMAkG\r\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAoTBk52aWRpYTEnMCUGA1UECxMe\r\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRQwEgYDVQQDEwtOTFMgUm9vdCBDQTAeFw0y\r\nNDA5MjYwNzM4MTlaFw0zNDA5MjQwNzM4NDlaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp\r\nZm9ybmlhMQ8wDQYDVQQKEwZOdmlkaWExJzAlBgNVBAsTHk52aWRpYSBMaWNlbnNpbmcgU2Vydmlj\r\nZSAoTkxTKTEcMBoGA1UEAxMTTkxTIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD\r\nggIPADCCAgoCggIBAOIb5ZcYWR78WkJipEW4cOB2d3WkXhjzA9Omj0SBnA6fJad+zObguInmkgyB\r\nUC/0xMnHeEH1WQpZ0yZE1rdH0ziwPy07hmCgjMSC8iXSfV4QXoHzsQy80HSbD3dr0A5Fk9UrWdJu\r\nIlLnwqTfUjxMSqiVYbGI2JLVLDIPjnrCKgZ//vVTFWiMDQaGInDz5Qo3azHIt1Sw3u47/b88TzmK\r\ni3TMbjtAR3djlhQfJBY6nUdP8wWy2Fntx9fO7U723sp6cnGtHnbXGpon/QqxlPjT4RXXm1QmFQ/d\r\nyUmvmjoiJsCQ3v2KFJNei2bkUS29ZKPr4TGokojOilESQAQTLo+5s0cN7ZtPWvwZ4uets84GCRP5\r\ndC+aKoNQ7cg06A1tA3SxEL9r6D2LaTiheuWKFNiIJZzfmmbTPExsKt4Nzmv72wfG2i2+sY6l4f5x\r\nEFiKybn2EY1Hjpt0J3vL/goOOt/ejRtS5qKco3pu6zZBBWqB1qesA813AGgqbscht4y4m414rPmQ\r\naHA2PTe0JRDcradK75chFUOvLeIYD1Hy0XTxNxlhRA/5mFd2GkWZmtsW3D1iAV73VHAEvWDS0hXB\r\ng60B0y4d3fyYxI+pOTaZzsh0PAC2jUqDOhQ7dKELeYUKWsEDDMq9mg2bxqSNoQnQbITIsbu7IELu\r\nvmxIWT1omRptd5LrAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G\r\nA1UdDgQWBBRKNST8UPeZYQgLZLEKMBGklaADHjAfBgNVHSMEGDAWgBRiEXE0RonjkPN+XBjnSQbo\r\nA8X3ajANBgkqhkiG9w0BAQsFAAOCAgEAEq5FaQWhTWt1hNfoz/BeDQ68O9PEGGveCPouElE8s/uG\r\nPHYSJpmg7dq5Qoxb5dpdq1mJX2rTgixJu/iC3uRUsirdH6wsVjjqz4YsoAz5VqjlkriFJpXlfOpp\r\nw18ex5C5p4x3TrlPCowMgf9h6VBR1iCq3VikVVguqSPP/zf9G3Qhitvqs0+m7KJnbwFA/bDLMET8\r\nTJS/r4XKQYisXfu95XrG2TTCaOwytqx+uepqwB74tFMznfdjzKyztqGwniKLrcZ3kOuM4cyo5ZT4\r\nOORCV6FWmbRq2OtttI4o85zsVNkY1JF8hvyvjygRiX5dQROza5EStkXvGO6532atFU43KNJvLanZ\r\nZTaxIJvZGWeKvrH+HTCANp11cgq5qcRRltQHb7KWweYNM4nyCjyBQm5vTm7g1uVI7llVm2Txx5dT\r\n5OtenaohmJIr6POeq8Y2Z+DJ8s3UpZoZCc3Vj5PQyNZiAx2ErN6XgrsmljG3w6+k2ooLpT9Sr1Ql\r\nKc8okN5SJGUOLuFI+h8jX1hHqpQejjNKy3UkTzjosYNq6Kk0h2Tl1i8iO+wY4Wb3GbL6GtP1rcjI\r\np/d9mxPNJONlp4a0koaMEpHTODT/xyVjU7FkUyKE9Uj1O/1lBEANYsFrQGfmuHAZTGf9J+cvkrz3\r\n56OFWPHcA7gxkpU8wftrVMLFeDvLIGc=\r\n-----END CERTIFICATE-----" + ], + "publicCert": "-----BEGIN CERTIFICATE-----\r\nMIIE2zCCAsOgAwIBAgIUPyoRsVIJLnex1WKbERqLAQcXHcQwDQYJKoZIhvcNAQELBQAwejELMAkG\r\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAoTBk52aWRpYTEnMCUGA1UECxMe\r\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRwwGgYDVQQDExNOTFMgSW50ZXJtZWRpYXRl\r\nIENBMB4XDTI1MDMyNjIwMjcyMloXDTI4MDMyNTIwMjc1MlowLzEtMCsGA1UEAxMkZDhjMDdlNGEt\r\nZjZhNC00OWQwLWIyZGMtM2ZhZjBlMWJmMmJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\r\nAQEAwAJLh9/L2l2Efl+TLWp2pCuwJZJBpcHcVbksrXRTfV9dEe+UY1atNbg0HE6yz03CWkeIkTeW\r\nzYkg7oF7bdZ/usZpTIRnK0bN/FzXeXkENOGNsLgcjSGWu8IP4mJcp/k7Ucg/FgDMbxVYifBKnrOh\r\nT7HZ21UQcXgik9iEnL0chAW/JmcEHMTofkj+BuKdyUqXHj4OKDLOhmPtKCKY0gv+0wL4t7alzsGS\r\nlXsRC/59ddCLyomHlRU5BJb+Fm73ZFmhEYhR3eindFzqXJhDXQpg9d0Mt42YTFfnlKG41ECdxtmH\r\nYOOw5sSweFsrx9Dzlfcx/SSg0q9OXP0wHv+kNd/CMQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwID\r\nqDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFDtS2fehr07/mVr2ZCb5\r\n+BRuaWjNMB8GA1UdIwQYMBaAFEo1JPxQ95lhCAtksQowEaSVoAMeMC8GA1UdEQQoMCaCJGQ4YzA3\r\nZTRhLWY2YTQtNDlkMC1iMmRjLTNmYWYwZTFiZjJiZDANBgkqhkiG9w0BAQsFAAOCAgEAbrgK1TBm\r\nwUVkSGnGSy88RevUd3a52TxAYxGuVe/2qYuIkSoPfMJ1P5nbk6hnOjiBg5GGSrqv6Qwj+ZtPo6cm\r\nyg0Z8RXb5cboU+3Xru6HEQCsidLuC1bwbcsnmvyt4pJxjGG1MQvN9jBWBGiKvqSnDuLMW34eD7mg\r\nLm1W0QCMzTvxIxH2X/xylT2q7gkFdDPxHnMotYeFpeYmPn6nqI36Ot7xBv512RUZz5hdG6r20LSP\r\ndbHoBYZIbaS+wGTaAOFIpms1Xwe/S/ehQpMpArlzphqV+o9IOZn8BIRvpT3d4r8iV/a2TtbxPDVX\r\nOR/aooC9BRI7Q52b2V3L0aKYeC2P8bqqwoivBrWPnr12h+CRx18NvF7sxJ8A8O6h7+Os2psA22CX\r\nvDd0ngxnNy08CMgS1u98Nxg5nV2P596mLRY9X7dzgQikoabEfKtqdKOW4PJWI/wane44ju6vUZPK\r\n3MyAgUWJr34aB8Q0paou0atP9OW+KOeFuwICL02RQ7ke5IpBQrWSF/OlMxhnepzhnp1favk5W3rl\r\ncZNLQMFmeaxyKKrjowh3diBsfo2m6Qin/fkRA3w62Zfox37l5q4s+B/YPxMmrcJgoDFxxf2WYDc6\r\nsoqR7/ExG7kHasd+Th+oqaX8LGdGUfZMD/IY6wvOFJ1Smh7QgWTZbUyLRwTU6jZ40pM=\r\n-----END CERTIFICATE-----", + "publicKey": { + "exp": 65537, + "mod": [ + "c0024b87dfcbda5d847e5f932d6a76a42bb0259241a5c1dc55b92cad74537d5f5d11ef946356ad35b8341c4eb2cf4dc25a4788913796cd8920ee817b6dd67fbac6694c84672b46cdfc5cd779790434e18db0b81c8d2196bbc20fe2625ca7f93b51c83f1600cc6f155889f04a9eb3a14fb1d9db551071782293d8849cbd1c8405bf2667041cc4e87e48fe06e29dc94a971e3e0e2832ce8663ed282298d20bfed302f8b7b6a5cec192957b110bfe7d75d08bca89879515390496fe166ef76459a1118851dde8a7745cea5c98435d0a60f5dd0cb78d984c57e794a1b8d4409dc6d98760e3b0e6c4b0785b2bc7d0f395f731fd24a0d2af4e5cfd301effa435dfc231" + ] + } + }, + "configToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJOTFMgU2VydmljZSBJbnN0YW5jZSIsImF1ZCI6Ik5MUyBMaWNlbnNlZCBDbGllbnQiLCJpYXQiOjE3NDMwMjM4MTksIm5iZiI6MTc0MzAyMzgxOSwiZXhwIjoxNzQzMDI0NzE5LCJwcm90b2NvbF92ZXJzaW9uIjoiMi4wIiwiZF9uYW1lIjoiRExTIiwic2VydmljZV9pbnN0YW5jZV9yZWYiOiJkOGMwN2U0YS1mNmE0LTQ5ZDAtYjJkYy0zZmFmMGUxYmYyYmQiLCJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfY29uZmlndXJhdGlvbiI6eyJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfbWUiOnsibW9kIjoiZTIxMjkwNGEzYzk2NzU2MDJmOTEyYjU1M2QxODRhZTRlNmMxMGQ3ZWEwODQ1ZTE0MmU0OTgzMDc5ODhhNzVlYzQwNThmM2NhNjg3MDg2MWM0NDdlZDQ2MTgwMDZjMDMwNTNkODI3ZDY3YzYxMjM1OWU5OWU4MzNhNmJkYWE5NzE3YzBjNDUzN2Y5NDc1ZTMzNDg2OGFjY2IzYmEwZTkyMjUyNTMyOTMxOWNiMWI1MmJhYjk4NGQzNDI4Zjc5YjE3MjllN2JiNmMwY2U4MWM0NDYxNThhZjU0YzZhOTIyYmNiYzE2ZGFiMWEyNWJjODUxMWI4NTA3NDNmMTFhZGNlNTZiOGNmNmQxMWRmOWFjNjg5OWI4YjViN2Y2YTAxOTE5ZDUyZGYxODczNDA4MjI0YWQ1ZjFmZGQxNTFlZDUyYzcxNDNmODlmYjVmZTU0Njk4Mzk5Y2ViYmJhOWIyZTEyNmZmYmM4OGM0NTNhZTkyODgzOWU0MjcwNmVhNTRhNzY0MjNjZWFhZGI1NjBiNWVhZWMzMzIyZmFmMDE1MjA0ZTZiNzNmNDk2NjMzZmUyNDU5ZmNjNzJjNDQzYWU4N2Q1YzUwMjI4MWVhZWY1ZWI1ZGQ3MTI2NGYyNDI0NDY2ZDEzZmM4ZTM4NjIxY2E3ODVlZGFhNDBiODFmZDIxY2VlMDUiLCJleHAiOjY1NTM3fSwic2VydmljZV9pbnN0YW5jZV9wdWJsaWNfa2V5X3BlbSI6Ii0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tXG5NSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTRoS1FTanlXZFdBdmtTdFZQUmhLXG41T2JCRFg2Z2hGNFVMa21EQjVpS2RleEFXUFBLYUhDR0hFUisxR0dBQnNBd1U5Z24xbnhoSTFucG5vTTZhOXFwXG5jWHdNUlRmNVIxNHpTR2lzeXp1ZzZTSlNVeWt4bkxHMUs2dVlUVFFvOTVzWEtlZTdiQXpvSEVSaFdLOVV4cWtpXG52THdXMnJHaVc4aFJHNFVIUS9FYTNPVnJqUGJSSGZtc2FKbTR0YmYyb0JrWjFTM3hoelFJSWtyVjhmM1JVZTFTXG54eFEvaWZ0ZjVVYVlPWnpydTZteTRTYi92SWpFVTY2U2lEbmtKd2JxVktka0k4NnEyMVlMWHE3RE1pK3ZBVklFXG41cmMvU1dZei9pUlovTWNzUkRyb2ZWeFFJb0hxNzE2MTNYRW1UeVFrUm0wVC9JNDRZaHluaGUycVFMZ2YwaHp1XG5CUUlEQVFBQlxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tIiwia2V5X3JldGVudGlvbl9tb2RlIjoiTEFURVNUX09OTFkifX0.BpMtY8Z1_hbzW-R4b9Ntet5HjvlwTfmMyh7bZVLFG8wIMfMHWJZCJdZC99TRznkkoOQg6qkhpyWMYAMGV5AOTRvzqu9LftnLJIq8Iih5YxUWpyPHNbKu0V54C41H7yG5uR96ypn3dIfjEqzJb9LK-oIL_TYVwKEf2rKcLUs-FtoaEWMIGFqm2RBR4yPuRZBUPiHjhUZkzig2c-mS-kB_sNvzBV66cvUxKKNwQw3JgewT3OlvA7ixcLE0X3e_M4u6K67W9uX5nfa5dlY2Fm6GoRnMqW7pW8zWIHtFFt3brOQOlgTKjlippx_jqD9P3qBXBp704Pk-_V7XlfAOTGLuyA" +} +``` + +## JWT `$.configToken` + +``` +eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJOTFMgU2VydmljZSBJbnN0YW5jZSIsImF1ZCI6Ik5MUyBMaWNlbnNlZCBDbGllbnQiLCJpYXQiOjE3NDMwMjI3NjksIm5iZiI6MTc0MzAyMjc2OSwiZXhwIjoxNzQzMDIzNjY5LCJwcm90b2NvbF92ZXJzaW9uIjoiMi4wIiwiZF9uYW1lIjoiRExTIiwic2VydmljZV9pbnN0YW5jZV9yZWYiOiJkOGMwN2U0YS1mNmE0LTQ5ZDAtYjJkYy0zZmFmMGUxYmYyYmQiLCJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfY29uZmlndXJhdGlvbiI6eyJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfbWUiOnsibW9kIjoiZTIxMjkwNGEzYzk2NzU2MDJmOTEyYjU1M2QxODRhZTRlNmMxMGQ3ZWEwODQ1ZTE0MmU0OTgzMDc5ODhhNzVlYzQwNThmM2NhNjg3MDg2MWM0NDdlZDQ2MTgwMDZjMDMwNTNkODI3ZDY3YzYxMjM1OWU5OWU4MzNhNmJkYWE5NzE3YzBjNDUzN2Y5NDc1ZTMzNDg2OGFjY2IzYmEwZTkyMjUyNTMyOTMxOWNiMWI1MmJhYjk4NGQzNDI4Zjc5YjE3MjllN2JiNmMwY2U4MWM0NDYxNThhZjU0YzZhOTIyYmNiYzE2ZGFiMWEyNWJjODUxMWI4NTA3NDNmMTFhZGNlNTZiOGNmNmQxMWRmOWFjNjg5OWI4YjViN2Y2YTAxOTE5ZDUyZGYxODczNDA4MjI0YWQ1ZjFmZGQxNTFlZDUyYzcxNDNmODlmYjVmZTU0Njk4Mzk5Y2ViYmJhOWIyZTEyNmZmYmM4OGM0NTNhZTkyODgzOWU0MjcwNmVhNTRhNzY0MjNjZWFhZGI1NjBiNWVhZWMzMzIyZmFmMDE1MjA0ZTZiNzNmNDk2NjMzZmUyNDU5ZmNjNzJjNDQzYWU4N2Q1YzUwMjI4MWVhZWY1ZWI1ZGQ3MTI2NGYyNDI0NDY2ZDEzZmM4ZTM4NjIxY2E3ODVlZGFhNDBiODFmZDIxY2VlMDUiLCJleHAiOjY1NTM3fSwic2VydmljZV9pbnN0YW5jZV9wdWJsaWNfa2V5X3BlbSI6Ii0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tXG5NSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTRoS1FTanlXZFdBdmtTdFZQUmhLXG41T2JCRFg2Z2hGNFVMa21EQjVpS2RleEFXUFBLYUhDR0hFUisxR0dBQnNBd1U5Z24xbnhoSTFucG5vTTZhOXFwXG5jWHdNUlRmNVIxNHpTR2lzeXp1ZzZTSlNVeWt4bkxHMUs2dVlUVFFvOTVzWEtlZTdiQXpvSEVSaFdLOVV4cWtpXG52THdXMnJHaVc4aFJHNFVIUS9FYTNPVnJqUGJSSGZtc2FKbTR0YmYyb0JrWjFTM3hoelFJSWtyVjhmM1JVZTFTXG54eFEvaWZ0ZjVVYVlPWnpydTZteTRTYi92SWpFVTY2U2lEbmtKd2JxVktka0k4NnEyMVlMWHE3RE1pK3ZBVklFXG41cmMvU1dZei9pUlovTWNzUkRyb2ZWeFFJb0hxNzE2MTNYRW1UeVFrUm0wVC9JNDRZaHluaGUycVFMZ2YwaHp1XG5CUUlEQVFBQlxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tIiwia2V5X3JldGVudGlvbl9tb2RlIjoiTEFURVNUX09OTFkifX0.OUHugJf1npBrVL7kZAUb0HsoMJq69ejau3SjdLz0yURkYxm87oP3BVX1jXstPdM40EYJ6tKy_SUXeGHFaOe06pnCvSKbx0c2u9egAqarW_jHMkrOT5PHHKBHTdm2KbRyX5nIgHaYCvAQIyZrPEPA4S5abYpJffJzZ7XLf5Rf6nrUco5W_T-Zt0VZ2AOvPutmn1CV5VXCbBfh1ekaVjuxTr3rTl8xsuIXBfXDLm-W2L-TJCT-uB450m4MLROmc7on3If3sG64PG8Bdd5o8TqEmjigoOND2K5_3H9G6aAHjBWiI8aGgzNo9oO-s_DBYcOIODS_jOJr_2n6SM_UKIM-8w +``` + +### JWT decoded + +``` +{ + "iss": "NLS Service Instance", + "aud": "NLS Licensed Client", + "iat": 1743022769, + "nbf": 1743022769, + "exp": 1743023669, + "protocol_version": "2.0", + "d_name": "DLS", + "service_instance_ref": "d8c07e4a-f6a4-49d0-b2dc-3faf0e1bf2bd", + "service_instance_public_key_configuration": { + "service_instance_public_key_me": { + "mod": "e212904a3c9675602f912b553d184ae4e6c10d7ea0845e142e498307988a75ec4058f3ca6870861c447ed4618006c03053d827d67c612359e99e833a6bdaa9717c0c4537f9475e334868accb3ba0e922525329319cb1b52bab984d3428f79b1729e7bb6c0ce81c446158af54c6a922bcbc16dab1a25bc8511b850743f11adce56b8cf6d11df9ac6899b8b5b7f6a01919d52df1873408224ad5f1fdd151ed52c7143f89fb5fe54698399cebbba9b2e126ffbc88c453ae928839e42706ea54a76423ceaadb560b5eaec3322faf015204e6b73f496633fe2459fcc72c443ae87d5c502281eaef5eb5dd71264f2424466d13fc8e38621ca785edaa40b81fd21cee05", + "exp": 65537 + }, + "service_instance_public_key_pem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hKQSjyWdWAvkStVPRhK\n5ObBDX6ghF4ULkmDB5iKdexAWPPKaHCGHER+1GGABsAwU9gn1nxhI1npnoM6a9qp\ncXwMRTf5R14zSGisyzug6SJSUykxnLG1K6uYTTQo95sXKee7bAzoHERhWK9Uxqki\nvLwW2rGiW8hRG4UHQ/Ea3OVrjPbRHfmsaJm4tbf2oBkZ1S3xhzQIIkrV8f3RUe1S\nxxQ/iftf5UaYOZzru6my4Sb/vIjEU66SiDnkJwbqVKdkI86q21YLXq7DMi+vAVIE\n5rc/SWYz/iRZ/McsRDrofVxQIoHq71613XEmTyQkRm0T/I44Yhynhe2qQLgf0hzu\nBQIDAQAB\n-----END PUBLIC KEY-----", + "key_retention_mode": "LATEST_ONLY" + } +} +``` + +### JWT Signature + +Signature can be verified with KeyPair from Database `public_private_key_pair`. +``` +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAnApHWXQGS4wRp8JCnzoT/ufN96gsuAG0XCJMwhoFPRoVZNUq +x9AEjp7LWqFqGzCdhG5GkwT/CMeQgeAKQAiERyascHs3pwSquOct3QCd41TrbSkR +eRjm8SyfZ8mvS+4weXdTnMJhRAX6b8S1jR7os9gf2DfKPWOxSi8ziBHevQp2k5VC +p7reGwfRK4uYgq6mRSFbkrTDYg9nl5fMR0hHJfpDL177eiO+EnU6dRbKUo1pNqAa +9DutieVvEAeEM/8ZXz9xmcVhkwKDo47lATCdNidU7ivP2u+3EGegurCdeI3+lTTq +3PYGEIxDkGrLAmIyVnduWCnNdZy4N4Z7kUVuXwIDAQABAoIBAC+21Op9mA8x3ZQ2 +yrh1wfeIWmsIeeQqYURrGJ2h50gv2arjpBlFep9B31zvTsrRqtj7/4ilVncQzxdn +srqx4AEBymj6xKHFw46W4mdZ8O264eKXVEh7XOMSigvqmDfXterumhqtNaDfUx0q +QXnNocqco+Ax7x2mhmfw1wkcrceQGNoaogflWyYIPmWmGop0J+1d98rMRaT6ss4R +StKXsaAIiEt1eaxpi0a/dis2kI9qNsz66NL/R/QrdgEU6klV1DiJDvPk0M1YAkTa +mRZO5fJbNo1+jngtvUOK2YYWOv+UHoYl2gmMLa5JwFcHd6KS74rz2RQBfDpF9vtI +wdRqgQECgYEAt+PMB00e16aqXmwY3758OyBWm3Mxh2PcZjclgLW9yG283jRi8gXR +pdSaQwLKVt0m+37tPXwf7gK0Hbhk9U73NIma917JHFheQKxhgNlQWddnyxkZ0Mxt +9iIccYFOLfVePckUzQfIr3Zc0nNDRbr5VYl5y6WwzC9RcB8qblZjyU8CgYEA2Tq6 +Qisy07jlG3/tWqMaKvIHFQmxa831YlnAXHu9vknxdXwwMX2ue8bDMcQYy0U7BKu4 +Tz1YNdOXYiWFmAMtVCV99M1ICiHmYxhUJlDbTa0D5UnQil2Nb8Vp+5p5NhtDzsTq +diMs1lC2xDBenwGTwfNFU0sEmegk1w0E6mrbpfECgYAtcbpGQ6TPnnyUARrUkHqb +Eg7VM86VqvQYvqAiAsf39Easkz2wmgeJd9T3ooTmmpi7pk5y1238n+ZrQdqRVQZ6 +kVcesun4e04vpWojMZFN4pHf+0AJ/btfDGcDFfWAHhdAJaViVf4efp3J1HpXjTF5 +FhRnY3chvr/deZY+1lKquQKBgQC0Xh7pchTx10PkYYQjDepcXjmjLjky2gA1eXBP +Wi9iIONsOYGKlmCaRZ8tYzVzEji+2BZhNP5ZMycvRxh1761jgP3klc6LGzrAbSLx +7ZEqHc5uQ6v0N1mIxNILJ2gdlOXoeXh0PyCrkrkujTsDq7uT/vpA/rkDUc3FAfpi +6fcXAQKBgQCWx2z84avYKblDtD3WcZUizcRiC98iBZ7Ws+uoFgNAn8PtlwIK3Tbn +izokE+pyYQ5QScZd4EVlvRowHl9a6l40mKxJ8Navrb8+BRHeqSRpX/g2JBgjLxLn +z7gQk1e4yws6qBpi0ratWbdf4kg14w7xONGNKp1kQDf+EoEvjrXaLA== +-----END RSA PRIVATE KEY----- + +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnApHWXQGS4wRp8JCnzoT +/ufN96gsuAG0XCJMwhoFPRoVZNUqx9AEjp7LWqFqGzCdhG5GkwT/CMeQgeAKQAiE +RyascHs3pwSquOct3QCd41TrbSkReRjm8SyfZ8mvS+4weXdTnMJhRAX6b8S1jR7o +s9gf2DfKPWOxSi8ziBHevQp2k5VCp7reGwfRK4uYgq6mRSFbkrTDYg9nl5fMR0hH +JfpDL177eiO+EnU6dRbKUo1pNqAa9DutieVvEAeEM/8ZXz9xmcVhkwKDo47lATCd +NidU7ivP2u+3EGegurCdeI3+lTTq3PYGEIxDkGrLAmIyVnduWCnNdZy4N4Z7kUVu +XwIDAQAB +-----END PUBLIC KEY----- +``` + +### CA-Chain `$.certificateConfiguration.caChain[0]` + +``` +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIUCpVszfecRrnPa3EGwPKuyWESBmMwDQYJKoZIhvcNAQELBQAwcjELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAoTBk52aWRpYTEnMCUGA1UECxMe +TnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRQwEgYDVQQDEwtOTFMgUm9vdCBDQTAeFw0y +NDA5MjYwNzM4MTlaFw0zNDA5MjQwNzM4NDlaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp +Zm9ybmlhMQ8wDQYDVQQKEwZOdmlkaWExJzAlBgNVBAsTHk52aWRpYSBMaWNlbnNpbmcgU2Vydmlj +ZSAoTkxTKTEcMBoGA1UEAxMTTkxTIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAOIb5ZcYWR78WkJipEW4cOB2d3WkXhjzA9Omj0SBnA6fJad+zObguInmkgyB +UC/0xMnHeEH1WQpZ0yZE1rdH0ziwPy07hmCgjMSC8iXSfV4QXoHzsQy80HSbD3dr0A5Fk9UrWdJu +IlLnwqTfUjxMSqiVYbGI2JLVLDIPjnrCKgZ//vVTFWiMDQaGInDz5Qo3azHIt1Sw3u47/b88TzmK +i3TMbjtAR3djlhQfJBY6nUdP8wWy2Fntx9fO7U723sp6cnGtHnbXGpon/QqxlPjT4RXXm1QmFQ/d +yUmvmjoiJsCQ3v2KFJNei2bkUS29ZKPr4TGokojOilESQAQTLo+5s0cN7ZtPWvwZ4uets84GCRP5 +dC+aKoNQ7cg06A1tA3SxEL9r6D2LaTiheuWKFNiIJZzfmmbTPExsKt4Nzmv72wfG2i2+sY6l4f5x +EFiKybn2EY1Hjpt0J3vL/goOOt/ejRtS5qKco3pu6zZBBWqB1qesA813AGgqbscht4y4m414rPmQ +aHA2PTe0JRDcradK75chFUOvLeIYD1Hy0XTxNxlhRA/5mFd2GkWZmtsW3D1iAV73VHAEvWDS0hXB +g60B0y4d3fyYxI+pOTaZzsh0PAC2jUqDOhQ7dKELeYUKWsEDDMq9mg2bxqSNoQnQbITIsbu7IELu +vmxIWT1omRptd5LrAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G +A1UdDgQWBBRKNST8UPeZYQgLZLEKMBGklaADHjAfBgNVHSMEGDAWgBRiEXE0RonjkPN+XBjnSQbo +A8X3ajANBgkqhkiG9w0BAQsFAAOCAgEAEq5FaQWhTWt1hNfoz/BeDQ68O9PEGGveCPouElE8s/uG +PHYSJpmg7dq5Qoxb5dpdq1mJX2rTgixJu/iC3uRUsirdH6wsVjjqz4YsoAz5VqjlkriFJpXlfOpp +w18ex5C5p4x3TrlPCowMgf9h6VBR1iCq3VikVVguqSPP/zf9G3Qhitvqs0+m7KJnbwFA/bDLMET8 +TJS/r4XKQYisXfu95XrG2TTCaOwytqx+uepqwB74tFMznfdjzKyztqGwniKLrcZ3kOuM4cyo5ZT4 +OORCV6FWmbRq2OtttI4o85zsVNkY1JF8hvyvjygRiX5dQROza5EStkXvGO6532atFU43KNJvLanZ +ZTaxIJvZGWeKvrH+HTCANp11cgq5qcRRltQHb7KWweYNM4nyCjyBQm5vTm7g1uVI7llVm2Txx5dT +5OtenaohmJIr6POeq8Y2Z+DJ8s3UpZoZCc3Vj5PQyNZiAx2ErN6XgrsmljG3w6+k2ooLpT9Sr1Ql +Kc8okN5SJGUOLuFI+h8jX1hHqpQejjNKy3UkTzjosYNq6Kk0h2Tl1i8iO+wY4Wb3GbL6GtP1rcjI +p/d9mxPNJONlp4a0koaMEpHTODT/xyVjU7FkUyKE9Uj1O/1lBEANYsFrQGfmuHAZTGf9J+cvkrz3 +56OFWPHcA7gxkpU8wftrVMLFeDvLIGc= +-----END CERTIFICATE----- +``` + +**Details** todo + +- Serial Number: `0A:95:6C:CD:F7:9C:46:B9:CF:6B:71:06:C0:F2:AE:C9:61:12:06:63` (`60422196956716054748324366494382031228994979427`) +- Subject DN: `CN=NLS Intermediate CA, OU=Nvidia Licensing Service (NLS), O=Nvidia, ST=California, C=US` +- Issuer DN: `CN=NLS Root CA, OU=Nvidia Licensing Service (NLS), O=Nvidia, ST=California, C=US` +- Critical Extensions + ``` + Certificate Signing + CRL Signing + Subject is a CA + Path Length Constraint: None + ``` +- Non Critical Extensions (**both `Key Identifier` have changed after resetting NLS-Instance**) + ``` + Key Identifier: 0x4A35 24FC 50F7 9961 080B 64B1 0A30 11A4 95A0 031E + Key Identifier: 0x6211 7134 4689 E390 F37E 5C18 E749 06E8 03C5 F76A + ``` + +### Public-Cert `$.certificateConfiguration.publicCert` + +This is used to verify JWT-Signature. + +> [!alert] +> On official DLS we have no private/public key. This certificate is only +> present in database "configuration" => "DLS_SI_CERTIFICATE". +> There also is an encrypted private-key, which probably is the private-key +> belonging to this certificate. + +``` +-----BEGIN CERTIFICATE----- +MIIE2zCCAsOgAwIBAgIUPyoRsVIJLnex1WKbERqLAQcXHcQwDQYJKoZIhvcNAQELBQAwejELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAoTBk52aWRpYTEnMCUGA1UECxMe +TnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRwwGgYDVQQDExNOTFMgSW50ZXJtZWRpYXRl +IENBMB4XDTI1MDMyNjIwMjcyMloXDTI4MDMyNTIwMjc1MlowLzEtMCsGA1UEAxMkZDhjMDdlNGEt +ZjZhNC00OWQwLWIyZGMtM2ZhZjBlMWJmMmJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAwAJLh9/L2l2Efl+TLWp2pCuwJZJBpcHcVbksrXRTfV9dEe+UY1atNbg0HE6yz03CWkeIkTeW +zYkg7oF7bdZ/usZpTIRnK0bN/FzXeXkENOGNsLgcjSGWu8IP4mJcp/k7Ucg/FgDMbxVYifBKnrOh +T7HZ21UQcXgik9iEnL0chAW/JmcEHMTofkj+BuKdyUqXHj4OKDLOhmPtKCKY0gv+0wL4t7alzsGS +lXsRC/59ddCLyomHlRU5BJb+Fm73ZFmhEYhR3eindFzqXJhDXQpg9d0Mt42YTFfnlKG41ECdxtmH +YOOw5sSweFsrx9Dzlfcx/SSg0q9OXP0wHv+kNd/CMQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwID +qDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFDtS2fehr07/mVr2ZCb5 ++BRuaWjNMB8GA1UdIwQYMBaAFEo1JPxQ95lhCAtksQowEaSVoAMeMC8GA1UdEQQoMCaCJGQ4YzA3 +ZTRhLWY2YTQtNDlkMC1iMmRjLTNmYWYwZTFiZjJiZDANBgkqhkiG9w0BAQsFAAOCAgEAbrgK1TBm +wUVkSGnGSy88RevUd3a52TxAYxGuVe/2qYuIkSoPfMJ1P5nbk6hnOjiBg5GGSrqv6Qwj+ZtPo6cm +yg0Z8RXb5cboU+3Xru6HEQCsidLuC1bwbcsnmvyt4pJxjGG1MQvN9jBWBGiKvqSnDuLMW34eD7mg +Lm1W0QCMzTvxIxH2X/xylT2q7gkFdDPxHnMotYeFpeYmPn6nqI36Ot7xBv512RUZz5hdG6r20LSP +dbHoBYZIbaS+wGTaAOFIpms1Xwe/S/ehQpMpArlzphqV+o9IOZn8BIRvpT3d4r8iV/a2TtbxPDVX +OR/aooC9BRI7Q52b2V3L0aKYeC2P8bqqwoivBrWPnr12h+CRx18NvF7sxJ8A8O6h7+Os2psA22CX +vDd0ngxnNy08CMgS1u98Nxg5nV2P596mLRY9X7dzgQikoabEfKtqdKOW4PJWI/wane44ju6vUZPK +3MyAgUWJr34aB8Q0paou0atP9OW+KOeFuwICL02RQ7ke5IpBQrWSF/OlMxhnepzhnp1favk5W3rl +cZNLQMFmeaxyKKrjowh3diBsfo2m6Qin/fkRA3w62Zfox37l5q4s+B/YPxMmrcJgoDFxxf2WYDc6 +soqR7/ExG7kHasd+Th+oqaX8LGdGUfZMD/IY6wvOFJ1Smh7QgWTZbUyLRwTU6jZ40pM= +-----END CERTIFICATE----- +``` + +**Details** todo + +- Serial Number: `3F:2A:11:B1:52:09:2E:77:B1:D5:62:9B:11:1A:8B:01:07:17:1D:C4 ` (`360604591108124329929053425883734788758453034436`) +- Subject DN: `CN=d8c07e4a-f6a4-49d0-b2dc-3faf0e1bf2bd` +- Issuer DN: `CN=NLS Intermediate CA, OU=Nvidia Licensing Service (NLS), O=Nvidia, ST=California, C=US` +- SASNS: `d8c07e4a-f6a4-49d0-b2dc-3faf0e1bf2bd` +- Critical Extensions + ``` + Digital Signature + Key Encipherment + Key Agreement + ```` +- Non Critical Extensions (**both `Key Identifier` have changed after resetting NLS-Instance**) + ``` + Key Identifier: 0x3B52 D9F7 A1AF 4EFF 995A F664 26F9 F814 6E69 68CD + DNS Name: d8c07e4a-f6a4-49d0-b2dc-3faf0e1bf2bd + Key Identifier: 0x4A35 24FC 50F7 9961 080B 64B1 0A30 11A4 95A0 031E + TLS Web Server Authentication (1.3.6.1.5.5.7.3.1) + TLS Web Client Authentication (1.3.6.1.5.5.7.3.2) + ``` + +## Error Message from `nvidia-gridd` + +**Result from current `config-token`** + +``` +Mär 21 12:22:10 debian-grid-test nvidia-gridd[586]: Failed to verify public certificate (error:0A000126:SSL routines::unexpected eof while reading) +Mär 21 12:22:10 debian-grid-test nvidia-gridd[586]: Failed to verify public certificate (error:00000000:lib(0)::reason(0)) +Mär 21 12:22:10 debian-grid-test nvidia-gridd[586]: Failed to validate public certificates +Mär 21 12:22:10 debian-grid-test nvidia-gridd[586]: Server configuration validation failed. Invalid certificate received from server. +Mär 21 12:22:10 debian-grid-test nvidia-gridd[586]: Failed to setup cloud License Manager: 3 +Mär 21 12:22:10 debian-grid-test nvidia-gridd[586]: Shutdown (586) +Mär 21 12:22:10 debian-grid-test systemd[1]: nvidia-gridd.service: Main process exited, code=exited, status=1/FAILURE +Mär 21 12:22:10 debian-grid-test systemd[1]: nvidia-gridd.service: Failed with result 'exit-code'. +``` + +What is interesting, that `caChain` and `publicCert` on original dls response, contains 76 chars per line, +where our (default pem) only contains 64 chars. + +But even after splitting into 76 char-chunks (so both, our and nvidias, CA files and Cert files have an equal length) + +``` +{"certificateConfiguration": {"caChain": ["-----BEGIN CERTIFICATE-----\r\nMIIF3TCCA8WgAwIBAgIUNoGIMFv9PE3CjR+dRdc0q5CqdAYwDQYJKoZIhvcNAQELBQAwcjELMAkG\r\nA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDzANBgNVBAoMBk52aWRpYTEnMCUGA1UECwwe\r\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRQwEgYDVQQDDAtOTFMgUm9vdCBDQTAeFw0y\r\nNTAzMjAxMzIwMjZaFw0zNTAzMTkxMzIwMjZaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp\r\nZm9ybmlhMQ8wDQYDVQQKDAZOdmlkaWExJzAlBgNVBAsMHk52aWRpYSBMaWNlbnNpbmcgU2Vydmlj\r\nZSAoTkxTKTEcMBoGA1UEAwwTTkxTIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD\r\nggIPADCCAgoCggIBAKZ7bMxE1/PIL18Dnm31uaw9FjIVrCko1vcIOMpikaW77Oae/dFg/UiLV1yj\r\nGqrgwdQ+8odTG4+eGBeVA0nJJp++MtJWkxj0cnwu08/W2b411qCdAvhxqiYxHV3xt/LuoLqraCgH\r\nuy1vU0Pt2siFMJiLc37yMkjujDsht99Eb4gBVnvM90L6dBsQfqy4bnMC5ktOSf7QfQUTZRc8HzKw\r\n6FBfIat/WeazFemI4ZibDZE0a1NPyZIgCNdBZuWG+jx/GEotp41NBr9Bpt1YSs1rI0Zpb2HMjnlW\r\nMiNtctviR29+afG12hzTjPUPLLxY2k1mifX+1K2UkiZq/b/KRFOgOWkuTH9KnSHfOCdnQsS+gY2p\r\ntdblG/uYkQ3YH8J9qmH6/u5sU1Sw9VqnU9uhjAkxXR2xWEtS/cSGhk/GNTtHhOVCPClOiWdmTbI7\r\nl1Xn9pnr3CIyFtwFZhIFBTd/HPR5bM00AZmzWFWbal02k0l09Nx8bYZ0WvK+fPOfl7vrlKThOI2S\r\nE47dxXxT9v7d6Fg1xtm8ONsdmY90G2inT6+mOjgHl7AedyiZFW4FBeNl0cfGiNks+HpRlUMpYaGU\r\nB+2Pjy2R+u6tPDLsC6RzeurlgR5PwEOIb/eoDFE+WCuw/iKaBsuF9sVMC4vQd46p9nbT+/JLyFnP\r\niJjsTc0/g2zBeDPbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G\r\nA1UdDgQWBBQ46ZTbRQAh77j3Jhoh8Bf2wr0ZlDAfBgNVHSMEGDAWgBTQPjF28/1NU9Q8yYjEdYIV\r\nyzkJfjANBgkqhkiG9w0BAQsFAAOCAgEAWcReY4P8KDgnEiHXhGu7uaCzj285bIghoCT8jARSxjDP\r\ntHASlgKsn20+igSoML8Ts8CGuWEKlPuIQTgfoMt0ybxXoDUJ1j/vCAULVjQex56WXadFgSrsgESZ\r\nVFc3JrrB6uuYteG3+Yfrdc/4J6WsE0ex/t0FLeohxumcjT3URPIdSNBKwh2KEbtKyu58BfjYtpu2\r\niQCFt+VJ66CJ8d7vS2UMSzQ+gotxYyEnxyrmxoEqMnc8Fj5WGVV70hV9mfnEUi7ESOq1Ei4nn3kp\r\nA3Kj2p5Vd4M88aLmC1I0SgUcDzxVdJF/798WHKZXSzlfiY3GarytXPxwdFutaD3jWtXNtlJlXEVI\r\nE3Pu/6BdLGT8QuwzML2n3ZI0OC9uA+03369+GA1AMuuYhJOm6etJ2bBniBNo3SkCUYuFaMTXJLVO\r\nvottHHwtnNVIX19KFNh9sO2vwW7FUXoXgPTkxeBToNtgDXUkQEGlAyQzr2KmkZrezZ2P5j/o/tgb\r\ntuhA2vvU41NYnWFUM4rLDSTSjTdB5c3k3IGdYrYs+ZR5cWQmyv7O7dlFeZxwBb0zaHZzgGaAAaIZ\r\nRL9YSMshPZFvxVtMSyBkWASSRMEKODYP6W/fnlM80SPaN1JuWKZ8JS0DlUlfoIEUduq/acHXPYnd\r\nLB1AoLT312tgy6B/HKzBPeCdFpQ0qOI=\r\n-----END CERTIFICATE-----"], "publicCert": "-----BEGIN CERTIFICATE-----\r\nMIIE2zCCAsOgAwIBAgIUbI4FSbGJm4+b98OLmMFCcTuUjkMwDQYJKoZIhvcNAQELBQAwejELMAkG\r\nA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDzANBgNVBAoMBk52aWRpYTEnMCUGA1UECwwe\r\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRwwGgYDVQQDDBNOTFMgSW50ZXJtZWRpYXRl\r\nIENBMB4XDTI1MDMyMDEzMjAyNloXDTM1MDMxOTEzMjAyNlowLzEtMCsGA1UEAwwkNGU1M2ExNzEt\r\nMTAzYi00OTQ2LTllZDgtNWY0YzBlZTc1MGQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\r\nAQEArHvJrSRs/oJS2g84k/lK1Qn6CDJ3Ulx3GgJdgbmYRhkA3hMBEFdk2IbDnMGL3xwksH062xX3\r\n5tIT0OQF02eKKpB1NRQXcfSvyQmyrKX4nGbPABSMgQn+wIQV+7dZ4m/69Ipsql8ba8/+YqfPuQ+r\r\nLPbUJoPzgNUl/XiAiX0waoL3Oq/pw4/P27QrbbPsA0XwsWS6/9Wzg8MXL/sHmetaeNXDgdTUE8CO\r\nc0X3vLAZbp3hZIeTXiNAAZfcucy3tpg3YAC1fHQPZlVhMLd/VHS545qpwR9TtjD+bIGVBNifx+GW\r\nU2B7WMyLSCi2Fws5LAwHWZfnIg9mf4Uwhaw3grcTpQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwID\r\nqDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFO2Br3PxPeM2OQBfSrCk\r\nRbU04YpuMB8GA1UdIwQYMBaAFDjplNtFACHvuPcmGiHwF/bCvRmUMC8GA1UdEQQoMCaCJDRlNTNh\r\nMTcxLTEwM2ItNDk0Ni05ZWQ4LTVmNGMwZWU3NTBkOTANBgkqhkiG9w0BAQsFAAOCAgEAGz5VHUAn\r\nQqBesOApDemBF6SU/VZqcbXmBZLzrm2/wbNMEnVeYurTOVinyTkRJJHdnCMzCOPurW8rRBJGfhd4\r\nsRnNNciTtzle6nHYA84bwbp3rRBeejKYo6lrCEQQ63nxnH+cejpwm1A/BtvMs4r3Ebo2cy/YsLtn\r\nIvATqJ/niPD3ykdVPUhnRqX+6ki1AvKX1OYi2m0iq39ApmAtAstRJBKTsuny3up8n/iZEtn6Ds0l\r\ngGZH5pnMw3wHzy1cQQLI9+Jky0JFhu2DaPCJRypQncrP2ziydUAJgOE/wOwgOa/299Qw3/7NTGDH\r\nplBNboggu9u2YrSKF2nOIczbPWwEV4vNCjhIITCxc9p2di2pUR2qzC14RpA2p+sORSJkLm6voIzn\r\n74sC+u9cQdK4trytn86iX24Jn3ptBTAeTciGiNcQTWFHtWlpL6e54swmvGcHHhnmA8uU167f5NxY\r\nvFxVub7vKLVlvpdHIU+YWiB3zSr5PT4x2yTfCf+pbTVeVYz5/bx4QOkM9I+M2fKpuZQA35nmu+Of\r\nTEEaFW9+ssGc6txsjb82vn0yDxXzcZcmK49XNhn2egQZIyUCRUCxTG65BkV4mWkIF+E7juyWPTOd\r\nxfSjoXKjWQCm2cmHCBtaxs6kD383bSQtX2b4uxnma8dXdZxz5imb1VTL7JoVd+o9/lU=\r\n-----END CERTIFICATE-----", "publicKey": {"exp": 65537, "mod": ["ac7bc9ad246cfe8252da0f3893f94ad509fa083277525c771a025d81b998461900de1301105764d886c39cc18bdf1c24b07d3adb15f7e6d213d0e405d3678a2a907535141771f4afc909b2aca5f89c66cf00148c8109fec08415fbb759e26ffaf48a6caa5f1b6bcffe62a7cfb90fab2cf6d42683f380d525fd7880897d306a82f73aafe9c38fcfdbb42b6db3ec0345f0b164baffd5b383c3172ffb0799eb5a78d5c381d4d413c08e7345f7bcb0196e9de16487935e23400197dcb9ccb7b698376000b57c740f66556130b77f5474b9e39aa9c11f53b630fe6c819504d89fc7e19653607b58cc8b4828b6170b392c0c075997e7220f667f853085ac3782b713a5"]}}, "configToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJOTFMgU2VydmljZSBJbnN0YW5jZSIsImF1ZCI6Ik5MUyBMaWNlbnNlZCBDbGllbnQiLCJpYXQiOjE3NDI1NjMyMjYsIm5iZiI6MTc0MjU2MzIyNiwiZXhwIjoyMTIxMjU0NDI2LCJwcm90b2NvbF92ZXJzaW9uIjoiMi4wIiwiZF9uYW1lIjoiRExTIiwic2VydmljZV9pbnN0YW5jZV9yZWYiOiI0ZTUzYTE3MS0xMDNiLTQ5NDYtOWVkOC01ZjRjMGVlNzUwZDkiLCJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfY29uZmlndXJhdGlvbiI6eyJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfbWUiOnsibW9kIjoiYWM3YmM5YWQyNDZjZmU4MjUyZGEwZjM4OTNmOTRhZDUwOWZhMDgzMjc3NTI1Yzc3MWEwMjVkODFiOTk4NDYxOTAwZGUxMzAxMTA1NzY0ZDg4NmMzOWNjMThiZGYxYzI0YjA3ZDNhZGIxNWY3ZTZkMjEzZDBlNDA1ZDM2NzhhMmE5MDc1MzUxNDE3NzFmNGFmYzkwOWIyYWNhNWY4OWM2NmNmMDAxNDhjODEwOWZlYzA4NDE1ZmJiNzU5ZTI2ZmZhZjQ4YTZjYWE1ZjFiNmJjZmZlNjJhN2NmYjkwZmFiMmNmNmQ0MjY4M2YzODBkNTI1ZmQ3ODgwODk3ZDMwNmE4MmY3M2FhZmU5YzM4ZmNmZGJiNDJiNmRiM2VjMDM0NWYwYjE2NGJhZmZkNWIzODNjMzE3MmZmYjA3OTllYjVhNzhkNWMzODFkNGQ0MTNjMDhlNzM0NWY3YmNiMDE5NmU5ZGUxNjQ4NzkzNWUyMzQwMDE5N2RjYjljY2I3YjY5ODM3NjAwMGI1N2M3NDBmNjY1NTYxMzBiNzdmNTQ3NGI5ZTM5YWE5YzExZjUzYjYzMGZlNmM4MTk1MDRkODlmYzdlMTk2NTM2MDdiNThjYzhiNDgyOGI2MTcwYjM5MmMwYzA3NTk5N2U3MjIwZjY2N2Y4NTMwODVhYzM3ODJiNzEzYTUiLCJleHAiOjY1NTM3fSwic2VydmljZV9pbnN0YW5jZV9wdWJsaWNfa2V5X3BlbSI6Ii0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tXG5NSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXJIdkpyU1JzL29KUzJnODRrL2xLXG4xUW42Q0RKM1VseDNHZ0pkZ2JtWVJoa0EzaE1CRUZkazJJYkRuTUdMM3h3a3NIMDYyeFgzNXRJVDBPUUYwMmVLXG5LcEIxTlJRWGNmU3Z5UW15cktYNG5HYlBBQlNNZ1FuK3dJUVYrN2RaNG0vNjlJcHNxbDhiYTgvK1lxZlB1UStyXG5MUGJVSm9QemdOVWwvWGlBaVgwd2FvTDNPcS9wdzQvUDI3UXJiYlBzQTBYd3NXUzYvOVd6ZzhNWEwvc0htZXRhXG5lTlhEZ2RUVUU4Q09jMFgzdkxBWmJwM2haSWVUWGlOQUFaZmN1Y3kzdHBnM1lBQzFmSFFQWmxWaE1MZC9WSFM1XG40NXFwd1I5VHRqRCtiSUdWQk5pZngrR1dVMkI3V015TFNDaTJGd3M1TEF3SFdaZm5JZzltZjRVd2hhdzNncmNUXG5wUUlEQVFBQlxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tIiwia2V5X3JldGVudGlvbl9tb2RlIjoiTEFURVNUX09OTFkifX0.db4MVvs7kUt6i4ffEok2doqXGUE_9vicssjxwfGA71VyI9OEnvJ7lJ60E6h_ScNEEYwAs_Ghy4OyK_Wk-yt_vh80sbyn5Vd-CKY1A4UgFmG20k2mFKUOpr7hmkfhxkCURUnC0auYwi9OEsNDOi8L05HmQjYbdtOBUH1VlaGVP2oPeeLX7PFPcvARP-Jhm6WppZ321zYC-M39OovdFtJIgVTMA5cJtFvfeHVzCXoo5ybmjtXPbS4ZN_5M3ua8osMEQgIlxsJSdYcD9wDNIiWSPKJuXJKKWtpBzG09FuN4ew7pU-jQ6Rcd6NIS3l7Fv68ooQSjHi4Bu7UAn4YXdXx14Q"} +``` + +it results in the same error messages + +``` +Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: NLS initialized +Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: Failed to verify public certificate (error:0A000126:SSL routines::unexpected eof while reading) +Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: Failed to verify public certificate (error:00000000:lib(0)::reason(0)) +Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: Failed to validate public certificates +Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: Server configuration validation failed. Invalid certificate received from server. +Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: Failed to setup cloud License Manager: 3 +Mär 21 14:21:43 debian-grid-test nvidia-gridd[503]: Shutdown (503) +Mär 21 14:21:43 debian-grid-test systemd[1]: nvidia-gridd.service: Main process exited, code=exited, status=1/FAILURE +Mär 21 14:21:43 debian-grid-test systemd[1]: nvidia-gridd.service: Failed with result 'exit-code'. +``` + +# Sources + +- https://8gwifi.org/PemParserFunctions.jsp \ No newline at end of file diff --git a/doc/files/config-token.json b/doc/files/config-token.json new file mode 100644 index 0000000..1384a52 --- /dev/null +++ b/doc/files/config-token.json @@ -0,0 +1,15 @@ +{ + "certificateConfiguration": { + "caChain": [ + "-----BEGIN CERTIFICATE-----\r\nMIIF3TCCA8WgAwIBAgIUCpVszfecRrnPa3EGwPKuyWESBmMwDQYJKoZIhvcNAQELBQAwcjELMAkG\r\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAoTBk52aWRpYTEnMCUGA1UECxMe\r\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRQwEgYDVQQDEwtOTFMgUm9vdCBDQTAeFw0y\r\nNDA5MjYwNzM4MTlaFw0zNDA5MjQwNzM4NDlaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp\r\nZm9ybmlhMQ8wDQYDVQQKEwZOdmlkaWExJzAlBgNVBAsTHk52aWRpYSBMaWNlbnNpbmcgU2Vydmlj\r\nZSAoTkxTKTEcMBoGA1UEAxMTTkxTIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD\r\nggIPADCCAgoCggIBAOIb5ZcYWR78WkJipEW4cOB2d3WkXhjzA9Omj0SBnA6fJad+zObguInmkgyB\r\nUC/0xMnHeEH1WQpZ0yZE1rdH0ziwPy07hmCgjMSC8iXSfV4QXoHzsQy80HSbD3dr0A5Fk9UrWdJu\r\nIlLnwqTfUjxMSqiVYbGI2JLVLDIPjnrCKgZ//vVTFWiMDQaGInDz5Qo3azHIt1Sw3u47/b88TzmK\r\ni3TMbjtAR3djlhQfJBY6nUdP8wWy2Fntx9fO7U723sp6cnGtHnbXGpon/QqxlPjT4RXXm1QmFQ/d\r\nyUmvmjoiJsCQ3v2KFJNei2bkUS29ZKPr4TGokojOilESQAQTLo+5s0cN7ZtPWvwZ4uets84GCRP5\r\ndC+aKoNQ7cg06A1tA3SxEL9r6D2LaTiheuWKFNiIJZzfmmbTPExsKt4Nzmv72wfG2i2+sY6l4f5x\r\nEFiKybn2EY1Hjpt0J3vL/goOOt/ejRtS5qKco3pu6zZBBWqB1qesA813AGgqbscht4y4m414rPmQ\r\naHA2PTe0JRDcradK75chFUOvLeIYD1Hy0XTxNxlhRA/5mFd2GkWZmtsW3D1iAV73VHAEvWDS0hXB\r\ng60B0y4d3fyYxI+pOTaZzsh0PAC2jUqDOhQ7dKELeYUKWsEDDMq9mg2bxqSNoQnQbITIsbu7IELu\r\nvmxIWT1omRptd5LrAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G\r\nA1UdDgQWBBRKNST8UPeZYQgLZLEKMBGklaADHjAfBgNVHSMEGDAWgBRiEXE0RonjkPN+XBjnSQbo\r\nA8X3ajANBgkqhkiG9w0BAQsFAAOCAgEAEq5FaQWhTWt1hNfoz/BeDQ68O9PEGGveCPouElE8s/uG\r\nPHYSJpmg7dq5Qoxb5dpdq1mJX2rTgixJu/iC3uRUsirdH6wsVjjqz4YsoAz5VqjlkriFJpXlfOpp\r\nw18ex5C5p4x3TrlPCowMgf9h6VBR1iCq3VikVVguqSPP/zf9G3Qhitvqs0+m7KJnbwFA/bDLMET8\r\nTJS/r4XKQYisXfu95XrG2TTCaOwytqx+uepqwB74tFMznfdjzKyztqGwniKLrcZ3kOuM4cyo5ZT4\r\nOORCV6FWmbRq2OtttI4o85zsVNkY1JF8hvyvjygRiX5dQROza5EStkXvGO6532atFU43KNJvLanZ\r\nZTaxIJvZGWeKvrH+HTCANp11cgq5qcRRltQHb7KWweYNM4nyCjyBQm5vTm7g1uVI7llVm2Txx5dT\r\n5OtenaohmJIr6POeq8Y2Z+DJ8s3UpZoZCc3Vj5PQyNZiAx2ErN6XgrsmljG3w6+k2ooLpT9Sr1Ql\r\nKc8okN5SJGUOLuFI+h8jX1hHqpQejjNKy3UkTzjosYNq6Kk0h2Tl1i8iO+wY4Wb3GbL6GtP1rcjI\r\np/d9mxPNJONlp4a0koaMEpHTODT/xyVjU7FkUyKE9Uj1O/1lBEANYsFrQGfmuHAZTGf9J+cvkrz3\r\n56OFWPHcA7gxkpU8wftrVMLFeDvLIGc=\r\n-----END CERTIFICATE-----" + ], + "publicCert": "-----BEGIN CERTIFICATE-----\r\nMIIE2zCCAsOgAwIBAgIUPyoRsVIJLnex1WKbERqLAQcXHcQwDQYJKoZIhvcNAQELBQAwejELMAkG\r\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAoTBk52aWRpYTEnMCUGA1UECxMe\r\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRwwGgYDVQQDExNOTFMgSW50ZXJtZWRpYXRl\r\nIENBMB4XDTI1MDMyNjIwMjcyMloXDTI4MDMyNTIwMjc1MlowLzEtMCsGA1UEAxMkZDhjMDdlNGEt\r\nZjZhNC00OWQwLWIyZGMtM2ZhZjBlMWJmMmJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\r\nAQEAwAJLh9/L2l2Efl+TLWp2pCuwJZJBpcHcVbksrXRTfV9dEe+UY1atNbg0HE6yz03CWkeIkTeW\r\nzYkg7oF7bdZ/usZpTIRnK0bN/FzXeXkENOGNsLgcjSGWu8IP4mJcp/k7Ucg/FgDMbxVYifBKnrOh\r\nT7HZ21UQcXgik9iEnL0chAW/JmcEHMTofkj+BuKdyUqXHj4OKDLOhmPtKCKY0gv+0wL4t7alzsGS\r\nlXsRC/59ddCLyomHlRU5BJb+Fm73ZFmhEYhR3eindFzqXJhDXQpg9d0Mt42YTFfnlKG41ECdxtmH\r\nYOOw5sSweFsrx9Dzlfcx/SSg0q9OXP0wHv+kNd/CMQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwID\r\nqDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFDtS2fehr07/mVr2ZCb5\r\n+BRuaWjNMB8GA1UdIwQYMBaAFEo1JPxQ95lhCAtksQowEaSVoAMeMC8GA1UdEQQoMCaCJGQ4YzA3\r\nZTRhLWY2YTQtNDlkMC1iMmRjLTNmYWYwZTFiZjJiZDANBgkqhkiG9w0BAQsFAAOCAgEAbrgK1TBm\r\nwUVkSGnGSy88RevUd3a52TxAYxGuVe/2qYuIkSoPfMJ1P5nbk6hnOjiBg5GGSrqv6Qwj+ZtPo6cm\r\nyg0Z8RXb5cboU+3Xru6HEQCsidLuC1bwbcsnmvyt4pJxjGG1MQvN9jBWBGiKvqSnDuLMW34eD7mg\r\nLm1W0QCMzTvxIxH2X/xylT2q7gkFdDPxHnMotYeFpeYmPn6nqI36Ot7xBv512RUZz5hdG6r20LSP\r\ndbHoBYZIbaS+wGTaAOFIpms1Xwe/S/ehQpMpArlzphqV+o9IOZn8BIRvpT3d4r8iV/a2TtbxPDVX\r\nOR/aooC9BRI7Q52b2V3L0aKYeC2P8bqqwoivBrWPnr12h+CRx18NvF7sxJ8A8O6h7+Os2psA22CX\r\nvDd0ngxnNy08CMgS1u98Nxg5nV2P596mLRY9X7dzgQikoabEfKtqdKOW4PJWI/wane44ju6vUZPK\r\n3MyAgUWJr34aB8Q0paou0atP9OW+KOeFuwICL02RQ7ke5IpBQrWSF/OlMxhnepzhnp1favk5W3rl\r\ncZNLQMFmeaxyKKrjowh3diBsfo2m6Qin/fkRA3w62Zfox37l5q4s+B/YPxMmrcJgoDFxxf2WYDc6\r\nsoqR7/ExG7kHasd+Th+oqaX8LGdGUfZMD/IY6wvOFJ1Smh7QgWTZbUyLRwTU6jZ40pM=\r\n-----END CERTIFICATE-----", + "publicKey": { + "exp": 65537, + "mod": [ + "c0024b87dfcbda5d847e5f932d6a76a42bb0259241a5c1dc55b92cad74537d5f5d11ef946356ad35b8341c4eb2cf4dc25a4788913796cd8920ee817b6dd67fbac6694c84672b46cdfc5cd779790434e18db0b81c8d2196bbc20fe2625ca7f93b51c83f1600cc6f155889f04a9eb3a14fb1d9db551071782293d8849cbd1c8405bf2667041cc4e87e48fe06e29dc94a971e3e0e2832ce8663ed282298d20bfed302f8b7b6a5cec192957b110bfe7d75d08bca89879515390496fe166ef76459a1118851dde8a7745cea5c98435d0a60f5dd0cb78d984c57e794a1b8d4409dc6d98760e3b0e6c4b0785b2bc7d0f395f731fd24a0d2af4e5cfd301effa435dfc231" + ] + } + }, + "configToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJOTFMgU2VydmljZSBJbnN0YW5jZSIsImF1ZCI6Ik5MUyBMaWNlbnNlZCBDbGllbnQiLCJpYXQiOjE3NDMwMjI3NjksIm5iZiI6MTc0MzAyMjc2OSwiZXhwIjoxNzQzMDIzNjY5LCJwcm90b2NvbF92ZXJzaW9uIjoiMi4wIiwiZF9uYW1lIjoiRExTIiwic2VydmljZV9pbnN0YW5jZV9yZWYiOiJkOGMwN2U0YS1mNmE0LTQ5ZDAtYjJkYy0zZmFmMGUxYmYyYmQiLCJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfY29uZmlndXJhdGlvbiI6eyJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfbWUiOnsibW9kIjoiZTIxMjkwNGEzYzk2NzU2MDJmOTEyYjU1M2QxODRhZTRlNmMxMGQ3ZWEwODQ1ZTE0MmU0OTgzMDc5ODhhNzVlYzQwNThmM2NhNjg3MDg2MWM0NDdlZDQ2MTgwMDZjMDMwNTNkODI3ZDY3YzYxMjM1OWU5OWU4MzNhNmJkYWE5NzE3YzBjNDUzN2Y5NDc1ZTMzNDg2OGFjY2IzYmEwZTkyMjUyNTMyOTMxOWNiMWI1MmJhYjk4NGQzNDI4Zjc5YjE3MjllN2JiNmMwY2U4MWM0NDYxNThhZjU0YzZhOTIyYmNiYzE2ZGFiMWEyNWJjODUxMWI4NTA3NDNmMTFhZGNlNTZiOGNmNmQxMWRmOWFjNjg5OWI4YjViN2Y2YTAxOTE5ZDUyZGYxODczNDA4MjI0YWQ1ZjFmZGQxNTFlZDUyYzcxNDNmODlmYjVmZTU0Njk4Mzk5Y2ViYmJhOWIyZTEyNmZmYmM4OGM0NTNhZTkyODgzOWU0MjcwNmVhNTRhNzY0MjNjZWFhZGI1NjBiNWVhZWMzMzIyZmFmMDE1MjA0ZTZiNzNmNDk2NjMzZmUyNDU5ZmNjNzJjNDQzYWU4N2Q1YzUwMjI4MWVhZWY1ZWI1ZGQ3MTI2NGYyNDI0NDY2ZDEzZmM4ZTM4NjIxY2E3ODVlZGFhNDBiODFmZDIxY2VlMDUiLCJleHAiOjY1NTM3fSwic2VydmljZV9pbnN0YW5jZV9wdWJsaWNfa2V5X3BlbSI6Ii0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tXG5NSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTRoS1FTanlXZFdBdmtTdFZQUmhLXG41T2JCRFg2Z2hGNFVMa21EQjVpS2RleEFXUFBLYUhDR0hFUisxR0dBQnNBd1U5Z24xbnhoSTFucG5vTTZhOXFwXG5jWHdNUlRmNVIxNHpTR2lzeXp1ZzZTSlNVeWt4bkxHMUs2dVlUVFFvOTVzWEtlZTdiQXpvSEVSaFdLOVV4cWtpXG52THdXMnJHaVc4aFJHNFVIUS9FYTNPVnJqUGJSSGZtc2FKbTR0YmYyb0JrWjFTM3hoelFJSWtyVjhmM1JVZTFTXG54eFEvaWZ0ZjVVYVlPWnpydTZteTRTYi92SWpFVTY2U2lEbmtKd2JxVktka0k4NnEyMVlMWHE3RE1pK3ZBVklFXG41cmMvU1dZei9pUlovTWNzUkRyb2ZWeFFJb0hxNzE2MTNYRW1UeVFrUm0wVC9JNDRZaHluaGUycVFMZ2YwaHp1XG5CUUlEQVFBQlxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tIiwia2V5X3JldGVudGlvbl9tb2RlIjoiTEFURVNUX09OTFkifX0.OUHugJf1npBrVL7kZAUb0HsoMJq69ejau3SjdLz0yURkYxm87oP3BVX1jXstPdM40EYJ6tKy_SUXeGHFaOe06pnCvSKbx0c2u9egAqarW_jHMkrOT5PHHKBHTdm2KbRyX5nIgHaYCvAQIyZrPEPA4S5abYpJffJzZ7XLf5Rf6nrUco5W_T-Zt0VZ2AOvPutmn1CV5VXCbBfh1ekaVjuxTr3rTl8xsuIXBfXDLm-W2L-TJCT-uB450m4MLROmc7on3If3sG64PG8Bdd5o8TqEmjigoOND2K5_3H9G6aAHjBWiI8aGgzNo9oO-s_DBYcOIODS_jOJr_2n6SM_UKIM-8w" +} \ No newline at end of file diff --git a/src/test/test_config_token.py b/src/test/test_config_token.py index bb5f72e..15c2adc 100644 --- a/src/test/test_config_token.py +++ b/src/test/test_config_token.py @@ -2,6 +2,7 @@ import json from calendar import timegm from datetime import datetime, UTC, timedelta from textwrap import wrap + from cryptography import x509 from cryptography.hazmat._oid import NameOID from cryptography.hazmat.primitives import serialization, hashes @@ -16,67 +17,29 @@ Any variables prefixed with `NV_` or `nv_` are original values, dumped from an N Any variables prefixed with `MY_` or `my_` are variables which are set by fastapi-dls and are "faked". """ +### FILES + +FILE_REQUEST_ROUTING_SI = f'../../doc/database/3-after-upload-license/request_routing.service_instance.json' +FILE_CONFIG_TOKEN = f'../../doc/files/config-token.json' +FILE_SI_ARTIFACT = f'../../doc/database/3-after-upload-license/si_d8c07e4af6a449d0b2dc3faf0e1bf2bd.service_instance_artifact.json' + ### DEFAULTS -# SELECT xid FROM request_routing.service_instance -NV_SI_SITE_ID = '4e53a171-103b-4946-9ed8-5f4c0ee750d9' -# SELECT value FROM si_.service_instance_artifact WHERE namespace = 'service_instance.client.all' and name = 'private_key' -NV_SI_KEY_RSA = """-----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAyIz6i48cFn4XOK0S2GTYpLMU85xzJ1fmQmA2nC6Zod2V4BxN -Xqk+9y8nvdzZVELxmC+N47ZQGV/J5cquIadx0V42F3JTryJFDuZ+7fQsNlXUX3og -UQhhgvHuluhDJQSvdZAzpguS7N+gJGCGbGk1pZBYL2JtTDTWSIcWsQtD/w9DAPEk -K5cHGoZkovngH1LOTkVAcyEqKxLblerMnLu3rOaDVkEcf+1l2BwvHUWTU4LI6uud -CWP2em69T2EXp1qczi5IKJzc53puNfp5nXlHayrneYAdIbEAQSQg+Z40npUwNKW7 -1Ue2NsG3SoGWuj3lTyEVXlLsAw0bsCDVLipMWwIDAQABAoIBAA24FyuU221ueSHK -m49ro3Mg2dep/10ICYH6f8HcLjmBPwKlucucwehTtK3esPJ8SEQ9r8DA2zN6w56R -aHgRsrRWQL0Gq4YMTuascRWce0NirueyvKM02SoFnGl8wGfrE7wNfhSalhWkkDMg -DaujRtg2MTiMmY15z9U5gh16XjYEZipOmfmNWHLCMRnEsXV/ToZ+g7ekruKPweGD -A52tG0pN/KYVaQFX+sZ7eXpd1jEl4gCSHup1SopAM3+is0DzeHiLSg9ZUN9dd8af -L+SYAOCjRHXkUKcQN8a3FffoPInjy4D57dndkqRusiCtRJV3TEjO4Ld9cj/fqQZ2 -kDMT0YECgYEA0iPJu73Kz3wruxGfzq2zTE8RMM/EF8OAXi/qzKer40w7KLZ4aY0c -5FUJwehipYM390/OUf0x3jiwMVk3wR6M9/L9h70zN1OCIKnCbLc+e0sgK9nYY98y -XxXIu/HfRi42usAg6IQsr41z+Y7qY/zlyIDdoGJPTgra2aFUbYG/pD8CgYEA9FF2 -GfBlC5NUxwjjwEeNXvKU3wvzoZ0wS3EMrj0ylXY/4Q+thlfOWiGBKUOik8mSohgL -9qP756185Map/szCUzjlr13hgLg+nECJuP6hLWP2V4O+vS2dNg+lxWJ7EZVxhRR1 -ueJE4xkOU2v00b0H+nJyDnoEhdHlvFFVnh+roOUCgYEAnyxwoH8Q4r1hup+M91bn -m4PAt8KI/J8f2zhcmIzhTJjvrtUYvIshOWuYqoLGRizw9apD1CL/5R33iEnWS7hC -e4ZZuLn904iz5t3v4b2j3Gx5f/3RRUVJuHCdzo9V2qki1660vqtv1cJF+ODidr6X -p5rFRblx7OGYCIWFmDVR3q0CgYBZZ03eZBe1yq4lP12ISSa0bfSIQmle5JR9ptrL -D93oz6LEiuYm2Q7L8KLBJNzjU8nywvXtxUgzGUswtHoUoX0i0xlJuQMCBWnz57H+ -Hj+AyqmkkLNFquFynPs+ZbE/V/54gmoqIWCv8cVKRaEK9y9qOGMAZSouhgaZiPHZ -sSEu+QKBgQDRpPzQrn0xD0QPvQMi/gl8TJHjEfjQkGkxREa1XAKj4XcHXKwzSfdf -LdUhyKEt/if0EJd09UbH6+T7aqkuw4HthF8ab2FSlLcyQ6t0UYUlTwCLTHsquqeu -5+Le7DO89hskB8DKr4Oobmr12eulCf81UDYWSKhDYeqrBJyf3PopLg== ------END RSA PRIVATE KEY----- -""" -# SELECT value FROM service_instance_artifact WHERE namespace = 'service_instance.client.all' and name = 'public_key' -NV_SI_KEY_PUB = """-----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIz6i48cFn4XOK0S2GTY -pLMU85xzJ1fmQmA2nC6Zod2V4BxNXqk+9y8nvdzZVELxmC+N47ZQGV/J5cquIadx -0V42F3JTryJFDuZ+7fQsNlXUX3ogUQhhgvHuluhDJQSvdZAzpguS7N+gJGCGbGk1 -pZBYL2JtTDTWSIcWsQtD/w9DAPEkK5cHGoZkovngH1LOTkVAcyEqKxLblerMnLu3 -rOaDVkEcf+1l2BwvHUWTU4LI6uudCWP2em69T2EXp1qczi5IKJzc53puNfp5nXlH -ayrneYAdIbEAQSQg+Z40npUwNKW71Ue2NsG3SoGWuj3lTyEVXlLsAw0bsCDVLipM -WwIDAQAB ------END PUBLIC KEY----- -""" -MY_CLIENT_TOKEN_EXPIRE_DELTA = relativedelta(years=12) +with open(FILE_REQUEST_ROUTING_SI, 'r') as f: + NV_SI_SITE_ID = json.loads(f.read())[0].get('xid') -NV_CONFIG_TOKEN_RESPONSE = { - "certificateConfiguration": { - "caChain": [ - "-----BEGIN CERTIFICATE-----\r\nMIIF3TCCA8WgAwIBAgIUCpVszfecRrnPa3EGwPKuyWESBmMwDQYJKoZIhvcNAQELBQAwcjELMAkG\r\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAoTBk52aWRpYTEnMCUGA1UECxMe\r\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRQwEgYDVQQDEwtOTFMgUm9vdCBDQTAeFw0y\r\nNDA5MjYwNzM4MTlaFw0zNDA5MjQwNzM4NDlaMHoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp\r\nZm9ybmlhMQ8wDQYDVQQKEwZOdmlkaWExJzAlBgNVBAsTHk52aWRpYSBMaWNlbnNpbmcgU2Vydmlj\r\nZSAoTkxTKTEcMBoGA1UEAxMTTkxTIEludGVybWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD\r\nggIPADCCAgoCggIBAOIb5ZcYWR78WkJipEW4cOB2d3WkXhjzA9Omj0SBnA6fJad+zObguInmkgyB\r\nUC/0xMnHeEH1WQpZ0yZE1rdH0ziwPy07hmCgjMSC8iXSfV4QXoHzsQy80HSbD3dr0A5Fk9UrWdJu\r\nIlLnwqTfUjxMSqiVYbGI2JLVLDIPjnrCKgZ//vVTFWiMDQaGInDz5Qo3azHIt1Sw3u47/b88TzmK\r\ni3TMbjtAR3djlhQfJBY6nUdP8wWy2Fntx9fO7U723sp6cnGtHnbXGpon/QqxlPjT4RXXm1QmFQ/d\r\nyUmvmjoiJsCQ3v2KFJNei2bkUS29ZKPr4TGokojOilESQAQTLo+5s0cN7ZtPWvwZ4uets84GCRP5\r\ndC+aKoNQ7cg06A1tA3SxEL9r6D2LaTiheuWKFNiIJZzfmmbTPExsKt4Nzmv72wfG2i2+sY6l4f5x\r\nEFiKybn2EY1Hjpt0J3vL/goOOt/ejRtS5qKco3pu6zZBBWqB1qesA813AGgqbscht4y4m414rPmQ\r\naHA2PTe0JRDcradK75chFUOvLeIYD1Hy0XTxNxlhRA/5mFd2GkWZmtsW3D1iAV73VHAEvWDS0hXB\r\ng60B0y4d3fyYxI+pOTaZzsh0PAC2jUqDOhQ7dKELeYUKWsEDDMq9mg2bxqSNoQnQbITIsbu7IELu\r\nvmxIWT1omRptd5LrAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G\r\nA1UdDgQWBBRKNST8UPeZYQgLZLEKMBGklaADHjAfBgNVHSMEGDAWgBRiEXE0RonjkPN+XBjnSQbo\r\nA8X3ajANBgkqhkiG9w0BAQsFAAOCAgEAEq5FaQWhTWt1hNfoz/BeDQ68O9PEGGveCPouElE8s/uG\r\nPHYSJpmg7dq5Qoxb5dpdq1mJX2rTgixJu/iC3uRUsirdH6wsVjjqz4YsoAz5VqjlkriFJpXlfOpp\r\nw18ex5C5p4x3TrlPCowMgf9h6VBR1iCq3VikVVguqSPP/zf9G3Qhitvqs0+m7KJnbwFA/bDLMET8\r\nTJS/r4XKQYisXfu95XrG2TTCaOwytqx+uepqwB74tFMznfdjzKyztqGwniKLrcZ3kOuM4cyo5ZT4\r\nOORCV6FWmbRq2OtttI4o85zsVNkY1JF8hvyvjygRiX5dQROza5EStkXvGO6532atFU43KNJvLanZ\r\nZTaxIJvZGWeKvrH+HTCANp11cgq5qcRRltQHb7KWweYNM4nyCjyBQm5vTm7g1uVI7llVm2Txx5dT\r\n5OtenaohmJIr6POeq8Y2Z+DJ8s3UpZoZCc3Vj5PQyNZiAx2ErN6XgrsmljG3w6+k2ooLpT9Sr1Ql\r\nKc8okN5SJGUOLuFI+h8jX1hHqpQejjNKy3UkTzjosYNq6Kk0h2Tl1i8iO+wY4Wb3GbL6GtP1rcjI\r\np/d9mxPNJONlp4a0koaMEpHTODT/xyVjU7FkUyKE9Uj1O/1lBEANYsFrQGfmuHAZTGf9J+cvkrz3\r\n56OFWPHcA7gxkpU8wftrVMLFeDvLIGc=\r\n-----END CERTIFICATE-----" - ], - "publicCert": "-----BEGIN CERTIFICATE-----\r\nMIIE2zCCAsOgAwIBAgIUU1iWuS2t3ufw2dvXTEC0VmhpY4IwDQYJKoZIhvcNAQELBQAwejELMAkG\r\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAoTBk52aWRpYTEnMCUGA1UECxMe\r\nTnZpZGlhIExpY2Vuc2luZyBTZXJ2aWNlIChOTFMpMRwwGgYDVQQDExNOTFMgSW50ZXJtZWRpYXRl\r\nIENBMB4XDTI1MDMxMjEyMjY1MVoXDTI4MDMxMTEyMjcyMVowLzEtMCsGA1UEAxMkNGU1M2ExNzEt\r\nMTAzYi00OTQ2LTllZDgtNWY0YzBlZTc1MGQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\r\nAQEAsFLwIgL4xu4BAGiQSUeb66F87tZBKn057uK92QPbPMxRFCD9gN0NUxv5apEDxWLaUecugvOb\r\np3d1hCrkUkXdu7Ogb2GZMQXqCvBFvZX7S2ZFEA9XhV2hLzHYMVLz3dsVnZP/R4+rF3qPYx4rlkJq\r\n+XWr/y6kO93ocoqFkIQF0QfZ+tD6ydyfZdSAShjnOVlzds2fmaFHJJGLo/SsvjcnuVpJ+qKaoyD+\r\ndOvTVaYCrCNcI2cJ6sgSPp1xWrt9Hu21lr0tH5nou4dwWPdlciF6IfrnmHHdbwOlbCz4TS/t4hpB\r\nFD/bDNNVUobu+KRHJRGXKlrBk+Udx0dpmkUZ80WOFQIDAQABo4GjMIGgMA4GA1UdDwEB/wQEAwID\r\nqDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJ/o520oGIqKTmima73E\r\n9NgNbIk2MB8GA1UdIwQYMBaAFEo1JPxQ95lhCAtksQowEaSVoAMeMC8GA1UdEQQoMCaCJDRlNTNh\r\nMTcxLTEwM2ItNDk0Ni05ZWQ4LTVmNGMwZWU3NTBkOTANBgkqhkiG9w0BAQsFAAOCAgEAv9NcfpBU\r\nxZP9PsdJ4twWu/EQqeJRsrTV3ngg6o9JV22285p5TbhTk9aKa6HlME9KoYDlXo1yn4pwVL6TFc/W\r\nR+2UJJphrlZGEUJvTrEwDxs29QXjkWAJ+2KZoLHdKK1luV1QAV2x8/hTWUvj4pnpRUHvdXAWu3uy\r\nVUYhE2Ypj6Lq6ipzHQCh+ZM6Zyml6Em/byRrIv6dv/DH7QsQCqXmuyxajTNYmexG33HOr5R/JAX/\r\n4xC1C9KB0Ru1NcJRIKJ+OPiXEJNXugvAMx02MJw5fETEEvGY8YakjaRFn9p7cfRCBFbJWWyQ2RM8\r\n8Z9pr2JrDzDIImBZ5LY4KpvYhsWr2R2mYqtNw0P3FPfm23x0WzSx10TtRnEX1I1349CDwNIOFpQr\r\ncW3mBtX0pb/iOwazvBfxCO7Y7FrHXVxv0tPtJg6PSdCyp7Lgu2zIsWuteHOnaoo+IXocAbSuTmIN\r\n0yduLkYU0XBJOouO0fBziorL6S7ifeaVP/ppRnF0L61DLbaHy8qkqBQTe9JQRHmV+owl0lsHrYRI\r\nRKOxVxFS2UmAJZiqnJ/HI2nHRqZerH5c465u8N3xuT71HxsoFxiu4tQM0NEGGUoooefX/ramo4P+\r\neEVOavIG7uVFzYnrfadEZiCF+hLQf/DNgueHglgaibGAbSTILhVaQ+9KvlhMh5Am2tU=\r\n-----END CERTIFICATE-----", - "publicKey": { - "exp": 65537, - "mod": [ - "b052f02202f8c6ee0100689049479beba17ceed6412a7d39eee2bdd903db3ccc511420fd80dd0d531bf96a9103c562da51e72e82f39ba77775842ae45245ddbbb3a06f61993105ea0af045bd95fb4b6645100f57855da12f31d83152f3dddb159d93ff478fab177a8f631e2b96426af975abff2ea43bdde8728a85908405d107d9fad0fac9dc9f65d4804a18e739597376cd9f99a14724918ba3f4acbe3727b95a49faa29aa320fe74ebd355a602ac235c236709eac8123e9d715abb7d1eedb596bd2d1f99e8bb877058f76572217a21fae79871dd6f03a56c2cf84d2fede21a41143fdb0cd3555286eef8a4472511972a5ac193e51dc747699a4519f3458e15" - ] - } - }, - "configToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJOTFMgU2VydmljZSBJbnN0YW5jZSIsImF1ZCI6Ik5MUyBMaWNlbnNlZCBDbGllbnQiLCJpYXQiOjE3NDIxOTU4ODUsIm5iZiI6MTc0MjE5NTg4NSwiZXhwIjoxNzQyMTk2Nzg1LCJwcm90b2NvbF92ZXJzaW9uIjoiMi4wIiwiZF9uYW1lIjoiRExTIiwic2VydmljZV9pbnN0YW5jZV9yZWYiOiI0ZTUzYTE3MS0xMDNiLTQ5NDYtOWVkOC01ZjRjMGVlNzUwZDkiLCJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfY29uZmlndXJhdGlvbiI6eyJzZXJ2aWNlX2luc3RhbmNlX3B1YmxpY19rZXlfbWUiOnsibW9kIjoiYzg4Y2ZhOGI4ZjFjMTY3ZTE3MzhhZDEyZDg2NGQ4YTRiMzE0ZjM5YzczMjc1N2U2NDI2MDM2OWMyZTk5YTFkZDk1ZTAxYzRkNWVhOTNlZjcyZjI3YmRkY2Q5NTQ0MmYxOTgyZjhkZTNiNjUwMTk1ZmM5ZTVjYWFlMjFhNzcxZDE1ZTM2MTc3MjUzYWYyMjQ1MGVlNjdlZWRmNDJjMzY1NWQ0NWY3YTIwNTEwODYxODJmMWVlOTZlODQzMjUwNGFmNzU5MDMzYTYwYjkyZWNkZmEwMjQ2MDg2NmM2OTM1YTU5MDU4MmY2MjZkNGMzNGQ2NDg4NzE2YjEwYjQzZmYwZjQzMDBmMTI0MmI5NzA3MWE4NjY0YTJmOWUwMWY1MmNlNGU0NTQwNzMyMTJhMmIxMmRiOTVlYWNjOWNiYmI3YWNlNjgzNTY0MTFjN2ZlZDY1ZDgxYzJmMWQ0NTkzNTM4MmM4ZWFlYjlkMDk2M2Y2N2E2ZWJkNGY2MTE3YTc1YTljY2UyZTQ4Mjg5Y2RjZTc3YTZlMzVmYTc5OWQ3OTQ3NmIyYWU3Nzk4MDFkMjFiMTAwNDEyNDIwZjk5ZTM0OWU5NTMwMzRhNWJiZDU0N2I2MzZjMWI3NGE4MTk2YmEzZGU1NGYyMTE1NWU1MmVjMDMwZDFiYjAyMGQ1MmUyYTRjNWIiLCJleHAiOjY1NTM3fSwic2VydmljZV9pbnN0YW5jZV9wdWJsaWNfa2V5X3BlbSI6Ii0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tXG5NSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXlJejZpNDhjRm40WE9LMFMyR1RZXG5wTE1VODV4ekoxZm1RbUEybkM2Wm9kMlY0QnhOWHFrKzl5OG52ZHpaVkVMeG1DK040N1pRR1YvSjVjcXVJYWR4XG4wVjQyRjNKVHJ5SkZEdVorN2ZRc05sWFVYM29nVVFoaGd2SHVsdWhESlFTdmRaQXpwZ3VTN04rZ0pHQ0diR2sxXG5wWkJZTDJKdFREVFdTSWNXc1F0RC93OURBUEVrSzVjSEdvWmtvdm5nSDFMT1RrVkFjeUVxS3hMYmxlck1uTHUzXG5yT2FEVmtFY2YrMWwyQnd2SFVXVFU0TEk2dXVkQ1dQMmVtNjlUMkVYcDFxY3ppNUlLSnpjNTNwdU5mcDVuWGxIXG5heXJuZVlBZEliRUFRU1FnK1o0MG5wVXdOS1c3MVVlMk5zRzNTb0dXdWozbFR5RVZYbExzQXcwYnNDRFZMaXBNXG5Xd0lEQVFBQlxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tIiwia2V5X3JldGVudGlvbl9tb2RlIjoiTEFURVNUX09OTFkifX0.mZnB0NnE4WIxg0Q6zH98NSt6UYLbtbNPfWsVVJwtcn8rv9mFWmBr3vxB9BGzafY-kLo5uJztI_Ue3Q1VD5yHaMVtgrtI8K5-Ojm3d8p5hGe2qwoskQ1OXSSTE15JaGsdkTihPnZ-0r6RBRucXa-PoNWBYnvl0SbcNiU_-FAK1ugmemLW3Q9T2KZ71n8nr0-FXrJUpsxrluUEerhtDlOZmNHuCEcsU10U0ZdMPBc3iguy_psd_jR4QIDRwc6W0dp29403epDJqqkUW8c-ORi1Ny2Bk2OFNK87VBxf5GP5KxuYxlujtzf0Y1niDqnYdW1MpKl9OxRvz0E4HUEK7_JBbA" -} +with open(FILE_CONFIG_TOKEN, 'r') as f: + NV_CONFIG_TOKEN_RESPONSE = json.loads(f.read()) + +with open(FILE_SI_ARTIFACT, 'r') as f: + rows = json.loads(f.read()) + si_identity_rows = list(filter(lambda _: _.get('namespace') == 'service_instance.client.all', rows)) + si_identity_private_key = next(filter(lambda _: _.get('name') == 'private_key', si_identity_rows)) + si_identity_public_key = next(filter(lambda _: _.get('name') == 'public_key', si_identity_rows)) + NV_SI_KEY_RSA = si_identity_private_key.get('value') + NV_SI_KEY_PUB = si_identity_public_key.get('value') + +MY_CLIENT_TOKEN_EXPIRE_DELTA = relativedelta(years=12) ### VARIABLES @@ -214,7 +177,7 @@ def test_our_config_token(): }, } - # todo: maybe DLS_SI_CERTIFICATE['private_key'] + # todo: maybe DLS_SI_CERTIFICATE['private_key'] todo: try different files # our_correct_sign_key = load_key('our_correct_private_key.pem').export_key().decode('utf-8') # our_correct_sign_key = jwk.construct(our_correct_sign_key, algorithm=ALGORITHMS.RS256) nv_sign_key = jwk.construct(nv_si_private_key_pem.decode('utf-8'), algorithm=ALGORITHMS.RS256)