[fixes 254] Add mTLS support with client cert and key.

docs/data-sources/http.md

@@ -144,6 +144,8 @@ resource "null_resource" "example" {
 ### Optional
 
 - `ca_cert_pem` (String) Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
+- `client_cert_pem` (String) Certificate data of the Client certificate in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
+- `client_key_pem` (String) Certificate data of the Client certificate in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
 - `insecure` (Boolean) Disables verification of the server's certificate chain and hostname. Defaults to `false`
 - `method` (String) The HTTP Method for the request. Allowed methods are a subset of methods defined in [RFC7231](https://datatracker.ietf.org/doc/html/rfc7231#section-4.3) namely, `GET`, `HEAD`, and `POST`. `POST` support is only intended for read-only URLs, such as submitting a search.
 - `request_body` (String) The request body as a string.

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/hashicorp/terraform-plugin-framework v1.2.0
 	github.com/hashicorp/terraform-plugin-framework-validators v0.10.0
 	github.com/hashicorp/terraform-plugin-go v0.14.3
-	github.com/hashicorp/terraform-plugin-testing v1.2.0
+	github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1
 	golang.org/x/net v0.8.0
 )
 
@@ -38,7 +38,6 @@ require (
 	github.com/hashicorp/terraform-exec v0.18.1 // indirect
 	github.com/hashicorp/terraform-json v0.16.0 // indirect
 	github.com/hashicorp/terraform-plugin-log v0.8.0 // indirect
-	github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1 // indirect
 	github.com/hashicorp/terraform-registry-address v0.1.0 // indirect
 	github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 // indirect
 	github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect

go.sum

@@ -126,8 +126,6 @@ github.com/hashicorp/terraform-plugin-log v0.8.0 h1:pX2VQ/TGKu+UU1rCay0OlzosNKe4
 github.com/hashicorp/terraform-plugin-log v0.8.0/go.mod h1:1myFrhVsBLeylQzYYEV17VVjtG8oYPRFdaZs7xdW2xs=
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1 h1:G9WAfb8LHeCxu7Ae8nc1agZlQOSCUWsb610iAogBhCs=
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1/go.mod h1:xcOSYlRVdPLmDUoqPhO9fiO/YCN/l6MGYeTzGt5jgkQ=
-github.com/hashicorp/terraform-plugin-testing v1.2.0 h1:pASRAe6BOZFO4xSGQr9WzitXit0nrQAYDk8ziuRfn9E=
-github.com/hashicorp/terraform-plugin-testing v1.2.0/go.mod h1:+8bp3O7xUb1UtBcdknrGdVRIuTw4b62TYSIgXHqlyew=
 github.com/hashicorp/terraform-registry-address v0.1.0 h1:W6JkV9wbum+m516rCl5/NjKxCyTVaaUBbzYcMzBDO3U=
 github.com/hashicorp/terraform-registry-address v0.1.0/go.mod h1:EnyO2jYO6j29DTHbJcm00E5nQTFeTtyZH3H5ycydQ5A=
 github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 h1:HKLsbzeOsfXmKNpr3GiT18XAblV0BjCbzL8KQAMZGa0=

internal/provider/data_source_http.go

@@ -5,6 +5,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"io"
 	"mime"
 	"net/http"
@@ -111,6 +112,24 @@ your control should be treated as untrustworthy.`,
 				},
 			},
 
+			"client_cert_pem": schema.StringAttribute{
+				Description: "Certificate data of the Client certificate " +
+					"in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.",
+				Optional: true,
+				Validators: []validator.String{
+					stringvalidator.AlsoRequires(path.MatchRoot("client_key_pem")),
+				},
+			},
+
+			"client_key_pem": schema.StringAttribute{
+				Description: "Certificate data of the Client certificate " +
+					"in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.",
+				Optional: true,
+				Validators: []validator.String{
+					stringvalidator.AlsoRequires(path.MatchRoot("client_cert_pem")),
+				},
+			},
+
 			"insecure": schema.BoolAttribute{
 				Description: "Disables verification of the server's certificate chain and hostname. Defaults to `false`",
 				Optional:    true,
@@ -195,6 +214,15 @@ func (d *httpDataSource) Read(ctx context.Context, req datasource.ReadRequest, r
 		clonedTr.TLSClientConfig.RootCAs = caCertPool
 	}
 
+	if !model.ClientCert.IsNull() && !model.ClientKey.IsNull() {
+		cert, err := tls.X509KeyPair([]byte(model.ClientCert.ValueString()), []byte(model.ClientKey.ValueString()))
+		if err != nil {
+			resp.Diagnostics.Append(diag.NewErrorDiagnostic("error creating x509 key pair",
+				fmt.Sprintf("error creating x509 key pair from provided pem blocks\n\nError: %s", err)))
+		}
+		clonedTr.TLSClientConfig.Certificates = []tls.Certificate{cert}
+	}
+
 	client := &http.Client{
 		Transport: clonedTr,
 	}
@@ -306,6 +334,8 @@ type modelV0 struct {
 	RequestBody     types.String `tfsdk:"request_body"`
 	ResponseHeaders types.Map    `tfsdk:"response_headers"`
 	CaCertificate   types.String `tfsdk:"ca_cert_pem"`
+	ClientCert      types.String `tfsdk:"client_cert_pem"`
+	ClientKey       types.String `tfsdk:"client_key_pem"`
 	Insecure        types.Bool   `tfsdk:"insecure"`
 	ResponseBody    types.String `tfsdk:"response_body"`
 	Body            types.String `tfsdk:"body"`

internal/provider/data_source_http_test.go

@@ -1,19 +1,20 @@
 package provider
 
 import (
+	"crypto/tls"
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 	"net/http"
 	"net/http/httptest"
 	"net/http/httputil"
 	"net/url"
+	"os"
 	"regexp"
 	"strings"
 	"testing"
-
-	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
-	"github.com/hashicorp/terraform-plugin-testing/terraform"
 )
 
 func TestDataSource_200(t *testing.T) {
@@ -374,6 +375,27 @@ EOF
 	})
 }
 
+func TestDataSource_WithClientCert(t *testing.T) {
+	s := setupMockMTLSHttpServer(t)
+	defer s.server.Close()
+
+	resource.UnitTest(t, resource.TestCase{
+		ProtoV5ProviderFactories: protoV5ProviderFactories(),
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`
+data "http" "http_test" {
+  url = "%s"
+  ca_cert_pem = file("testdata/certs/ca.cert.pem")
+  client_cert_pem = file("testdata/certs/client.crt")
+  client_key_pem = file("testdata/certs/client.key")
+}
+`, s.server.URL),
+			},
+		},
+	})
+}
+
 func TestDataSource_WithCACertificateFalse(t *testing.T) {
 	testHttpMock := setUpMockHttpServer(true)
 	defer testHttpMock.server.Close()
@@ -430,7 +452,7 @@ func TestDataSource_InsecureFalse(t *testing.T) {
 
   								insecure = false
 							}`, testHttpMock.server.URL),
-				ExpectError: regexp.MustCompile(fmt.Sprintf(`Error making request: Get "%s/200": x509: `, testHttpMock.server.URL)),
+				ExpectError: regexp.MustCompile(fmt.Sprintf(`Error making request: Get "%s/200": (:?x509|tls): `, testHttpMock.server.URL)),
 			},
 		},
 	})
@@ -448,7 +470,7 @@ func TestDataSource_InsecureUnconfigured(t *testing.T) {
 							data "http" "http_test" {
   								url = "%s/200"
 							}`, testHttpMock.server.URL),
-				ExpectError: regexp.MustCompile(fmt.Sprintf(`Error making request: Get "%s/200": x509: `, testHttpMock.server.URL)),
+				ExpectError: regexp.MustCompile(fmt.Sprintf(`Error making request: Get "%s/200": (:?x509|tls): `, testHttpMock.server.URL)),
 			},
 		},
 	})
@@ -547,6 +569,33 @@ type TestHttpMock struct {
 	server *httptest.Server
 }
 
+func setupMockMTLSHttpServer(t *testing.T) *TestHttpMock {
+	server := httptest.NewUnstartedServer(
+		http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			httpReqHandler(w, r)
+		}),
+	)
+	CAs := x509.NewCertPool()
+	data, err := os.ReadFile("testdata/certs/ca.cert.pem")
+	if err != nil {
+		t.Fatalf("error reading testdata/certs/ca.cert.pem: %v", err)
+	}
+	if !CAs.AppendCertsFromPEM(data) {
+		t.Fatalf("error AppendCertsFromPEM from testdata/certs/ca.cert.pem: %v", err)
+	}
+	serverCert, err := tls.LoadX509KeyPair("testdata/certs/server.crt", "testdata/certs/server.key")
+	if err != nil {
+		t.Fatalf("error loading server key pair: %v", err)
+	}
+	server.TLS = &tls.Config{
+		ClientAuth:   tls.RequireAndVerifyClientCert,
+		ClientCAs:    CAs,
+		Certificates: []tls.Certificate{serverCert},
+	}
+	server.StartTLS()
+	return &TestHttpMock{server: server}
+}
+
 func setUpMockHttpServer(tls bool) *TestHttpMock {
 	var Server *httptest.Server
 

internal/provider/testdata/certs/ca.cert.pem

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFBzCCAu+gAwIBAgIUVfGh49cbMRNPRqkxKOoNT1ttbTgwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHdGVzdC1jYTAgFw0yMjEyMTYwMTQxNThaGA8zMDIyMDQx
+ODAxNDE1OFowEjEQMA4GA1UEAwwHdGVzdC1jYTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBANbhry//aJNTBPuqT2qFp5MonJJ3fk+ev8kdEx32uDmZKDSH
+ueY6C1QRQv0bClS/0R70Pi5MUF/gAXqqTR7rowzr4d70AQcbs5dawfyuHg/UxRHY
+cLSB+EGxc1AGfFObqBBH+RDFsha0V6TSBzPqeaRxVBd/5QV14lEik6xxVMTPmcA3
+DYyU6T21FomXHL0jkA3utTBCD7iRuOWNobMGblywrKuVLwFEimqBFckG5+BYRtxP
+4+f7HtaWOe2mZKyDy8y+mgLM2B2Uu/LyawXwcs4cMlnEtdN4kHC09Zdduf3Hu1dM
+EEwY9GOz7O61xTwhxh7yf/31/di58O1N7OdHTVpoEzak34jcHURrsa1fe16srrYs
+OkjZOQmtDjAlp9fs6y+bTn2sB5otZx7+NnXka/CL0GBC0+2XjDPqo9MFAxWGk+zP
++6He3XMADZ0RPwW7lwGGXk+K+kbJFxoz9v3KQMBWP4tIztXaBL0e4Z+nmlVTgYJV
+DczOS9oXb/mW2LDDjYa8HMJIYITkxTa4k709dFYKbsl48RqbXeM2kKVJa0oOIWzT
+GnHneCD/4w/DSrnueYSvE1Y98iJzgE08C3CyiHgF9rhA6Lhvd7u2qXY6Y67Kf0zQ
+nzBVG3iNSbDZb0A+l0EB3Vd/K2mKeZ51Y5jkFNpJeUPIWnCdXMxiS/0hrAnhAgMB
+AAGjUzBRMB0GA1UdDgQWBBSR2P+Gv6hwbbiIO40VSQWlMFWPnjAfBgNVHSMEGDAW
+gBSR2P+Gv6hwbbiIO40VSQWlMFWPnjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4ICAQAobsF+CrPrRMIcGyGhmNUWp7wHSdlMaTx3eyHBwfExNXA8xOPN
+s7d0CrtTBPDKdTv9SYsEM8bpEU2Z4tlwnaNeKm97j/Xr3nQcdQnIkFQ9xFyi0AtM
+tKDkFwG+bavUXU8QiSjXGhzw1AFFKYQPo67b2YMWbhb5EaJwj1Sp/fnFVEBXqwlE
+SGDItvxSkQOQ1Sxl+shrkXetleII3qL6NReLEx3xXZJ22h3OwGNRAojeYhDzl6Wf
+UPxZUCdRNEV5YZz9Wv6IYvA9h58yjgZB31LOp82dFXB+7f7HLs8N+S0BOk0PizYc
+S8DYdKmHpRBGjWMb8cM0EnR3/9jPyKXIXwhjw4y3j7818PpqGbNpPyyLJJp1KFj4
+tmpfyemNxlK/vC2e035Uc9NNc9KLHQUSqXxGyFjC2gkl6obQybQzsakeBE5KyLPd
+o6DyB0xh7tNJLgVlU9SzqKJN3bXa4DX6UnuOteYhiqvKa9onIBr/u2M+mCQTXecO
+EtlKsz/Y0WsqY+GZgRhtq4oLMhRT7dkuvsFAsNsw3uO2ClUhbhPt3nV/qc9L5XgL
+Utkf3IxZCFNnhsIbbFuCPGL8Iiu1vZZEEk6Z+M1zGe0sb8ZTvxGf6+kuVLt2No36
+s4R4ZCfkAkw23Bk+voAH4FLEq4Jg9hOHcHMD0l61x2KcqDmezBgiJQjoyw==
+-----END CERTIFICATE-----

internal/provider/testdata/certs/ca.cert.srl

@@ -0,0 +1 @@
+654A65EB3A4E7CB53E55BFF12717DFB7FC6771D7

internal/provider/testdata/certs/ca.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDW4a8v/2iTUwT7
+qk9qhaeTKJySd35Pnr/JHRMd9rg5mSg0h7nmOgtUEUL9GwpUv9Ee9D4uTFBf4AF6
+qk0e66MM6+He9AEHG7OXWsH8rh4P1MUR2HC0gfhBsXNQBnxTm6gQR/kQxbIWtFek
+0gcz6nmkcVQXf+UFdeJRIpOscVTEz5nANw2MlOk9tRaJlxy9I5AN7rUwQg+4kbjl
+jaGzBm5csKyrlS8BRIpqgRXJBufgWEbcT+Pn+x7WljntpmSsg8vMvpoCzNgdlLvy
+8msF8HLOHDJZxLXTeJBwtPWXXbn9x7tXTBBMGPRjs+zutcU8IcYe8n/99f3YufDt
+TeznR01aaBM2pN+I3B1Ea7GtX3terK62LDpI2TkJrQ4wJafX7Osvm059rAeaLWce
+/jZ15Gvwi9BgQtPtl4wz6qPTBQMVhpPsz/uh3t1zAA2dET8Fu5cBhl5PivpGyRca
+M/b9ykDAVj+LSM7V2gS9HuGfp5pVU4GCVQ3MzkvaF2/5ltiww42GvBzCSGCE5MU2
+uJO9PXRWCm7JePEam13jNpClSWtKDiFs0xpx53gg/+MPw0q57nmErxNWPfIic4BN
+PAtwsoh4Bfa4QOi4b3e7tql2OmOuyn9M0J8wVRt4jUmw2W9APpdBAd1Xfytpinme
+dWOY5BTaSXlDyFpwnVzMYkv9IawJ4QIDAQABAoICAAOLxuHSY63mtVLX3SajXQAT
+L/5ExYtX0c9mUO3yJ9kfe2feg4VWmOBCxqm5nAKJBdDuc+Y8sSjb3/pfvBUSC2dH
+rzsIKMouvVh2kXPzhaB6QORJ/5Yi/O9Ml9wOt1eD3pKiNWx+7rDsOfQI2UCUknxR
+uHMI08UyzFDNcsVqO11iFaXz4p/axzyS8/PCUCGY6CQqt8e7l1nS4cu7+hqjtQeH
+jNnqBNQPBv+58JuYJxRvMIArO1YVMU2WPg97avbj1+WhkZYRPlHCphVcxcJb1PEs
+yvHrSpraRvvtKI5eaBbViHRo124CDWplyjeoPUCASC4zj0QoHo/Ihb7MxeeNKCwZ
+gtTA/HiOfnjDeuIwt8vIiKb1I6lV9NJefTe8JdeTw2NhdUoSQhAvp8ojHFpvwHNk
+XLme7WloaYQ6KY6okW1XMnTWVad3WBMFDsr4P8LTX0hEGeSPxPZugwa1AJE6hy0L
+qTsFIC+KnrmwW+5H7ZdFEw7IB0dQz1QnB2v4R+mVGgkM/1yQZ2yHIWHQKwZJgSdM
+2qLLTGbXrm/fJQS/YIvRdJ30agZykzTaGMguY9Lk6y+vEWwkVUJjfpNN9WesDfoC
+boEFejvFka/hHlga5JmPqqOV2wbC2FyRrBMmyJELOavd4daCzs8VXlqQFOcHuZMf
+TijRpbdRJtVVwICHoRW/AoIBAQDgGn+1mqmoDLHMlqqwI+FlKkgd32oyFMFYEVJ3
+NbC2AGaDZISRyixsHo9GextnKXn7rEn7x6UBDN8nveJgWCzVJmT0ksYklSBbwPQu
+d7EEWnel8EtjM2MU601P+eHh/O9AmUsvAjcsejygbugQO4PAfSl2LroEf2yK1RSJ
+AAAOGIsjk/Xs2S1X9MSHiYccrvrcU+YDa8j8yx9ycGOUMai0OfEA/b9AMQUOFIhk
+FQsttOrHyIk+lsvMG8yIScPeOuiTe6smzmWo45WrpR6FBEO6/mXwsdSZewODtJ6V
+EmeSWaXNksL8qWEmArgqcuvzgVyzTL+8PfEi/Fgl+rUA77ZjAoIBAQD1dywmA4e/
+eqzoVPa1Bqc3jgTFLxWo4TeSCbaoCVtD8bv+Eo/Bj5RnsfIX9L55QyOkHXaU6tQM
+/N8xffL7C76HlBsjm4+gWnaXFpC7T+TW7gl9crY9bhOGYMVtc4bgeeMc7AlWOsSY
+4l2thlSuPjlzOHUEuwMlA/HnIN807mGlGKFm9vitbr2O90eSe9eOYYLx/wpLdW0O
+00FSDwCjSLu+Zvjp5/HUsHYtTqP5EaK96I57Na8cnRdGO3s/9OQ6hpeEWVTUNqtZ
+8Hoe2PjZxv0qNERgMlTHych4F016R9H51HxrZVp7VLqXfWzgbfxxjqyaA0yVv7d9
+p7TWN2nyMf/rAoIBAAU2GIosko1p3iiXyFhYPUGQ/iRTsbCAcw6NOJG1Gerhj4C2
+sa6COQ46l7JX4oc/m6qSkxXbyqZ/miDedYkwA7rhLa/SSfFH1nzLu+HovqEPSYD+
+WYJxC3jND/swIGSU8StbZTguoQHTxd0lNxhJigLL5k7tPz4jiG6iDdwxt86cG4A0
+TJ+5XSiSdI+CTzYHi6Xb/ZlOxFm8j3qlymsDzJyETGptfCkN+sQdDh7lrmDduCf1
+Ldvavdp9OwBgVsGwNQBY+93nJs4KnMxlBpSpSLnseIpkWEFJbwd9B8MHrojktMpX
+A1nExpGPtqCmE36SH4m72ymRdy4NGC+p6NOgv2kCggEAbHnH1tzEhsgN1XaGuCVC
+jHiEfyd5qPIufqkwQT4xSOtxKqzFPsLW0KSA2jlcW3ZiL8qddt336+1sLRD96hec
+kYnQHIJIjJKtycM9HqoF9T2oj/m7s5YLptzpIp9lQZpb1ZIx5ht+ehm/UEoG7iGt
+fc+7VuXWU+tUYdHTEi8uk6k42qnV578CokWBKaj074UEOzF8OTChi2WsfjkHDSG9
+Zj1XTvcjldyNvSP9rrouc0JshOKKiliZyn3Kz87HdV25Y9GefVHTk6GENlGoV4Vq
+p9YFSYW0lb4Ei52wrZNDpeZTPZrCy7H766qQDPZOE1j7yewfUiYxTqRodCp09YVH
+FQKCAQBT7OT/txFW2s3Qpf/WVojNTpfsqDSJLzgwjeZFCuaTAvJHcZ1fKeIxMfZv
+7/zjmwywkksd40A1vpyd2m9OKEtg3W7ukg0bzGZZj/P+89kb94xWpnLPmwkfIOdx
+khht0HhLdfwnEzAfiGskIhXxgMgIOBq8vohRnqYUyrjYO5lvIAxMhryr6Ni9xRMn
+7jLr5LvhmZl6vr3Hc05R1TmbWigtrwHUFR1wCjB4RB+R8heC/9nlUibm3ww3Tr9n
+Be1L0MXjepKqtXFLzC0kTpCYqeg1NO1Dd4SHbVYQqA6AvsbRSXaYAnIdWUbXn9B8
+HnFYZz0A02D2zoL1bkOjja/AuCs7
+-----END PRIVATE KEY-----

internal/provider/testdata/certs/client.crt

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFCzCCAvOgAwIBAgIUZUpl6zpOfLU+Vb/xJxfft/xncdcwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHdGVzdC1jYTAgFw0yMjEyMTYwMTQyMzNaGA8zMDIyMDQx
+ODAxNDIzM1owFjEUMBIGA1UEAwwLdGVzdC1jbGllbnQwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDia2YsE5UxOL28YDRgIXgsQzWx+IKcQCrJDMAUMSR5
+37rSbggPo2s3xK3Pt6yL/LzHf6mJ7l74Q+MWx1TRwEYNH0OMuf/BlBuxceuna8Vt
+228HI/kQAUPzeDXYg+ToyZkkh0ljN/8uV3/PpzJDyvUDPcZUNMAFb1bFinRkPrZ4
+/nrlLijHwr9jZrXhvvST1LSo5qhMqer48PZw9kpE1Oks7vky6BlqpZ39bc6c7PAj
+qCJ/4cfqO5FtoNw4zwRdaR2+mpbi8UyaZ1gnYsM2XEQ9Zs7wmQbeGVfDe1gJ5L5f
+XDHWPRIbfOLejllJKv4ocEH0vLd3h/4keVZSLQtYodwP6o3OO/oM4Wti//oJnglB
+11y0LDGnVzYX1njme0JrNVRNjXFGGD/RQNKIInVpUFkNAY1lynXH8r3VD5IoBsmw
+75E9Mfe7WqqPSiKY6+F2O9+mlAwagdk3DOxAy8KtGaSVDU4Drdex/gu1/fyTS90w
+RWLVks1JB9aSmPSmlY98qvhDRfVVu3P6wkHIGm4BG6FPBc9TEc9n9qRadZtMCQKz
+1IHFEWtd2/4Fue6BMWAGd+fjwBgBDBGSp2o/vg4czUDoMi0lojL0LM8ns4RFjhiJ
+AY/UhVQZLdTEL22n8B9/2YVFbKAf1LsORiwTP7799gAULpECGlU2kBVrdGCFMv2L
+OwIDAQABo1MwUTAPBgNVHREECDAGhwR/AAABMB0GA1UdDgQWBBTLnXnMMnFv3/9D
+2tD32ObaI4mQEjAfBgNVHSMEGDAWgBSR2P+Gv6hwbbiIO40VSQWlMFWPnjANBgkq
+hkiG9w0BAQsFAAOCAgEAzMaQcx/Uahb41h0S6luyH9ChLXRvEVYTyA/zrpNaWNi5
+p5ZbQ7CvBM6TJqwwW7RhUmNed8cKv+hFyuAFUkWIB6214L5vl6WR4juVsnRgExdb
+kBwubwP7d/89qJO4Bn8+7EE49PGEN/R95YGv+iZsQXCaLCTsCwgttbqTM4tyBxUT
+rQwYrJijaFdck12kB2dZ1lBCJYcJtSNB3H/eUiE/exubJcDt6+19TGMq+tAj6hTv
+Q0Nxds/Q69GAegte877ClKwTTXheFyUR3bm0C29pakWLbJHAF3XdSjz0HYMyNtja
+0oSA3Ls3lfHlD20QCyHtoaQNlSOs5FyzxkuaGXnHexKChVDiZEAay+wWAyJgQCQi
+n7V88n5eCR3SAcCiNpwPOeJC+wlgVUrWHIG1jZIYpb7w7AbzTOi2ufuZ29PgcSKI
+4nqP65laS1elBZA4EP5st8xLtmVnktaZ6FUzwQpDm3A/LwU9NEJMSozBKsVV2AlP
+H+Mx7GNDtuDT30/8ToazDXOS7S9SPEqwAcPVMIYmAMDKXeJiO2eQZKMrcNOPTSuW
+kmybuvKny+7KUsa1X2B4eyO2UBsquF1H8YL4tUqSB8JT0vvQ5/OFaNDKMRcNbtnx
+BPhJSKBt3Pep9Kau4GBHeZSLopKAAR6BCQImn4LcNZfTRidd+ixWvKpLreVOiRs=
+-----END CERTIFICATE-----

internal/provider/testdata/certs/client.csr

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEfTCCAmUCAQAwFjEUMBIGA1UEAwwLdGVzdC1jbGllbnQwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQDia2YsE5UxOL28YDRgIXgsQzWx+IKcQCrJDMAU
+MSR537rSbggPo2s3xK3Pt6yL/LzHf6mJ7l74Q+MWx1TRwEYNH0OMuf/BlBuxceun
+a8Vt228HI/kQAUPzeDXYg+ToyZkkh0ljN/8uV3/PpzJDyvUDPcZUNMAFb1bFinRk
+PrZ4/nrlLijHwr9jZrXhvvST1LSo5qhMqer48PZw9kpE1Oks7vky6BlqpZ39bc6c
+7PAjqCJ/4cfqO5FtoNw4zwRdaR2+mpbi8UyaZ1gnYsM2XEQ9Zs7wmQbeGVfDe1gJ
+5L5fXDHWPRIbfOLejllJKv4ocEH0vLd3h/4keVZSLQtYodwP6o3OO/oM4Wti//oJ
+nglB11y0LDGnVzYX1njme0JrNVRNjXFGGD/RQNKIInVpUFkNAY1lynXH8r3VD5Io
+Bsmw75E9Mfe7WqqPSiKY6+F2O9+mlAwagdk3DOxAy8KtGaSVDU4Drdex/gu1/fyT
+S90wRWLVks1JB9aSmPSmlY98qvhDRfVVu3P6wkHIGm4BG6FPBc9TEc9n9qRadZtM
+CQKz1IHFEWtd2/4Fue6BMWAGd+fjwBgBDBGSp2o/vg4czUDoMi0lojL0LM8ns4RF
+jhiJAY/UhVQZLdTEL22n8B9/2YVFbKAf1LsORiwTP7799gAULpECGlU2kBVrdGCF
+Mv2LOwIDAQABoCIwIAYJKoZIhvcNAQkOMRMwETAPBgNVHREECDAGhwR/AAABMA0G
+CSqGSIb3DQEBCwUAA4ICAQABOneaJg2VUEaVU74uNrXYBNPnHkCG4gUknYIL/fUi
+qXxuOI5svh7NBIl0Z8vshBpzT8A2tlhLdRpmlWrfn7cRwNSumRjtoCcNeXkR8XPX
+rWGQ85O7yXInBECeJF5+lIoKZPEMlHcejXAru4ieDNEthbuGYds3RuSicVvKP1fP
+21PsFoURzVIVjRZ6n57bEy4PqBAzfpoBw/nh8d7j5oP0AxVUd+OBZdoe50HIaVal
+r6Zv59Bzwk4xkntoQqqYetFuMKUI6PPObjGVMKx2RBz4anfvPnDEjhYX8y1etVNL
+s1moL3C+UkCT7tnKHQkATuH82/heoosU+8E56Ujke3QZHKzSUwwHdP2zRd/M6BFe
+r0tAe71aQUwQ3+WllznfcsvL863C+qZWtIRmE5N9hgnmkvyb5HDLURiL/WTuj6rM
+RdPT1PvINO0RlJfVYCGUa3uLxiweyyUZ0T7i2ZKtT6CJMMXMOs8qFIAelolMaZAx
+nO9uju7fuJGqXR6ehi0VBh6SH4AA3OvpHOd1+9whiubPo4df3ZFCeh6kOdvIIxRF
+qb9+bILdkdIL9v1E1dV2DxX9FZakJTGNap2WhPWN2UhQMfkA1GvB3IgMzXNBBKOi
+dCakbe5B2+LS5NPm3/tg/LIcnlx4BuISc5+rQMCXGVLFU2PhWPOmqY8Olf1O2hrC
+KA==
+-----END CERTIFICATE REQUEST-----

internal/provider/testdata/certs/client.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDia2YsE5UxOL28
+YDRgIXgsQzWx+IKcQCrJDMAUMSR537rSbggPo2s3xK3Pt6yL/LzHf6mJ7l74Q+MW
+x1TRwEYNH0OMuf/BlBuxceuna8Vt228HI/kQAUPzeDXYg+ToyZkkh0ljN/8uV3/P
+pzJDyvUDPcZUNMAFb1bFinRkPrZ4/nrlLijHwr9jZrXhvvST1LSo5qhMqer48PZw
+9kpE1Oks7vky6BlqpZ39bc6c7PAjqCJ/4cfqO5FtoNw4zwRdaR2+mpbi8UyaZ1gn
+YsM2XEQ9Zs7wmQbeGVfDe1gJ5L5fXDHWPRIbfOLejllJKv4ocEH0vLd3h/4keVZS
+LQtYodwP6o3OO/oM4Wti//oJnglB11y0LDGnVzYX1njme0JrNVRNjXFGGD/RQNKI
+InVpUFkNAY1lynXH8r3VD5IoBsmw75E9Mfe7WqqPSiKY6+F2O9+mlAwagdk3DOxA
+y8KtGaSVDU4Drdex/gu1/fyTS90wRWLVks1JB9aSmPSmlY98qvhDRfVVu3P6wkHI
+Gm4BG6FPBc9TEc9n9qRadZtMCQKz1IHFEWtd2/4Fue6BMWAGd+fjwBgBDBGSp2o/
+vg4czUDoMi0lojL0LM8ns4RFjhiJAY/UhVQZLdTEL22n8B9/2YVFbKAf1LsORiwT
+P7799gAULpECGlU2kBVrdGCFMv2LOwIDAQABAoICAG9C4GvDWbpczBu/2KzudXum
+sUGZwTDf9UZjjhW+ClMbRlY2fJ6Wqs62RsT+WHtXwDp2eMzPRnrP/U0JuZvy1FmJ
+ZevG0K+CxNL/DJJySouP23DSVAbx4D7JcQhK09cyjZ8eHcl0UGCo3aUgX3phxuGH
+Xyis3Tkue6DJxyUljgxJ3QE2nBKBmAPUCod6ivwD95zR75zwmIco/akH1foZ99U9
+P1atKCQ4azkIVxHU+rJC4mUeAVuQVwfclqsRy27NgzDRDVlKwt5S70Y3aX8SevQD
+S6h+QhossOxd9aay8Xuxtcm1q+q3BVLg924VgtxDQZ3uiGdj+9ZXi7wI53zv2M9K
+zdBsO0+IAkQVDmNGKE4nZX34i+6pG/DHx5/DS0D8Sfv4GVZXmmVp6p8PYjFdAPiH
+FfZpBSXLaXn36RNujG42xT5D6WebmigPuZ6Nf2Nwq19QQxbpaczi7+QUJh2WZeR7
+x+K2apuGaoEShVZACMYpjK9Y0RnWdw7PEcbRogMDRVbmwWW6B/H8aHb3KDeLw15Y
+V7riXvo0mFOaKQM7SSfMxncqBJcq0b3hIpqiibv7a+ebc6VVZHkTqa1v757hR0Ki
+B9jH2471df1yJz8BtmgkkJrkE+b2dP8sBf/K3XlHCinpkQpiy+comfzkjL67J59T
+Zp1V/hQiDiZ+jshdnWINAoIBAQDuOVxGTCf2uEzdzvp3mGmNBN0e/LOWJ1aaS5+f
+CUhvIWwppszXBr6itI7pZDl0PPjd2AKOrMr+piP6XF3dq4k/yFZOYRungyMJTC+d
+9qP3CLeZccEvecb34JTrypNw7ttV/vFxF/gSU1NGTv0zXfiwBz5G/EH26m/LAZw3
+DtH9ZzFL6k6flvZOafcyCGtEubw30cIA3yGE4WyxeEz9XVJfyqiAFYDuGDehX4xs
+ZGyg4QprVmQYbmT4+lJvA/V4tJAZFxMcl5mcjrAWPE/QTEF4dfZHfxLKfV/3Y1nQ
+xAc25anL4N3kbY9JNf89tsIE0Ly8GBS+hub/dTGZ8rOI2U7vAoIBAQDzUItVSlce
+0vZHSYehwIuJCYynm+By/NyvlYe7/C3c7gKvMtTKUB0ERZ/TgI6oCzLDaXoOSpfk
+D5KUJYTYuYMYzU84lXaM/N+b6PuBTy859GOwIK1VNoRVuuErg0foSKO4H+yx3rFd
+AAYd+BaJMUsk0nngS8oy1J67Q5xKExLr6trlXmo+btx5IjSmQAUOj8QHRJIyuES7
+EpsjaC3UAKUPeN+yZOO17pty1m3g3JhM8CllhOcdC9yYMX5A6NUBU7HiyAtk0VOJ
+Rtz1JF6+IezeASV/KASsEaToyhK4HW45xR/ihvAYUxvJOwynlceC0MAP+nENWhm3
+S+aGK1MWGwh1AoIBAC/ddpzpUF5SSZ+HpuvAw/SBtaw0OiFBZjU6XKgnxVYO8Ryt
+VxsdT9CBVvWuHZ0tYxOwA1OHhIIF/9SeGn4fqUQXjL/S4yuVPcTweeDTXb6VEc7S
+/G39mezUQxfdbCKU2507zGdc2YtVErZdyKI5j25PBkRdCyQBltTDThAB+k9gHJeU
+TJfkTTkUMYbsCiGU8CyHCOQD8UgxwxUlhtKhnZuBrLmPmIg+dW8HM7/Trb/ld6J5
+iUMfa0pbgZSsxvWp0go4iK6GB2ddhCPzmlXP/JennARhk/T7m/ypCbLYsFpnauZ8
+GBl9qfybzN0pi3JMPp/Mdt6RXHiXo4+7JDeq8iECggEAGoi/GScJRzBEcVPAedBQ
+pzomX6TtHj0bJ/7LlaGTstM18bs+X23LLEsXee48IHFQMOVQzTwvQky8dHF/Ak+A
+z3ScXhRWoFt3Wz5WJyzmfpB7SprVrERMvDisE522estpJ0w7+M3LU9QL1rrWYlHA
+2xwk9GPvggmT4eImqiFYX+f1xSu9tF9Mpd0oFrVGl+bvvscolmVoAWqvBnZ3APat
+CXnqEz9TYeTKiQR/aRVFeqZ6LTsIJS/E98f198gsan+hF5UvQOhfDspukEFOH7f9
+Z9yCJVLM56Lo9AYNcoyrF5u6tW53wn9VuWU6JRB9eHOhblymdYlM4qNhWWJiJjf+
+fQKCAQB8BlS8PanEfxVjnzt1fA97RjYb3n+9y8LELM7C42OzOQwl2zOhSFy8bbi2
+pCUhQHH8e3asDaAiBMjTjlawo3GNvE6v9An/ZaYMMXwR/u15MZRlMljplalXhRO1
+uwNU+2ealGsfMglzWKi/LLImDFoRD7D0NlUv6ZXYkVzWY3/pUzqXBibbTfsOfb6i
+MPfnjxfR08i3JpYLLVzSujSVyQ2I8k+fwx64KDWX1kIFQTuRvgxbxgyTnOGsYX44
+VwNc6rdL2YYX81KU9JPT9XCzSxgd/7o7Nj7PzLEqbgxfZNQ9Z4xqma7QA+/cPeRC
+Ye1Um7/na1KEXpRs6KO1G/ZXaGWi
+-----END PRIVATE KEY-----