This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new 2a02969e5 jwt: plumb JWT into mini cluster
2a02969e5 is described below
commit 2a02969e5c186b22f1bf89555f184680eaf31ca0
Author: Zoltan Chovan <zcho...@cloudera.com>
AuthorDate: Thu Feb 2 12:57:01 2023 +0100
jwt: plumb JWT into mini cluster
This patch adds options to ExternalMiniCluster to start a MiniOidc
alongside the calling process.
Co-authored-by: Andrew Wong <aw...@apache.org>
Change-Id: Id0d3e53b60933ada0194afbe0ad4775be649b653
Reviewed-on: http://gerrit.cloudera.org:8080/18475
Tested-by: Kudu Jenkins
Reviewed-by: Wenzhe Zhou <wz...@cloudera.com>
Reviewed-by: Alexey Serbin <ale...@apache.org>
---
src/kudu/integration-tests/security-itest.cc | 62 ++++
src/kudu/mini-cluster/CMakeLists.txt | 1 +
src/kudu/mini-cluster/external_mini_cluster.cc | 23 +-
src/kudu/mini-cluster/external_mini_cluster.h | 14 +
src/kudu/rpc/negotiation.cc | 2 +-
src/kudu/server/server_base.cc | 2 +-
src/kudu/util/CMakeLists.txt | 2 +-
src/kudu/util/jwt-util.cc | 4 +-
.../util/{jwt_test_certs.h => jwt_test_certs.cc} | 83 +++--
src/kudu/util/jwt_test_certs.h | 342 +++------------------
src/kudu/util/mini_oidc.cc | 2 +-
11 files changed, 181 insertions(+), 356 deletions(-)
diff --git a/src/kudu/integration-tests/security-itest.cc
b/src/kudu/integration-tests/security-itest.cc
index f8a253ae2..2d520e1b6 100644
--- a/src/kudu/integration-tests/security-itest.cc
+++ b/src/kudu/integration-tests/security-itest.cc
@@ -27,6 +27,8 @@
#include <string>
#include <tuple>
#include <type_traits>
+#include <unordered_map>
+#include <utility>
#include <vector>
#include <gflags/gflags_declare.h>
@@ -64,6 +66,7 @@
#include "kudu/tserver/tserver_service.pb.h"
#include "kudu/tserver/tserver_service.proxy.h"
#include "kudu/util/env.h"
+#include "kudu/util/mini_oidc.h"
#include "kudu/util/monotime.h"
#include "kudu/util/net/net_util.h"
#include "kudu/util/net/sockaddr.h"
@@ -509,6 +512,65 @@ void GetFullBinaryPath(string* binary) {
(*binary) = JoinPathSegments(DirName(exe), *binary);
}
+TEST_F(SecurityITest, TestJwtMiniCluster) {
+ cluster_opts_.enable_kerberos = false;
+ cluster_opts_.num_tablet_servers = 0;
+ cluster_opts_.enable_client_jwt = true;
+ MiniOidcOptions oidc_opts;
+ const auto* const kValidAccount = "valid";
+ const auto* const kInvalidAccount = "invalid";
+ oidc_opts.account_ids = {
+ { kValidAccount, true },
+ { kInvalidAccount, false },
+ };
+
+ cluster_opts_.mini_oidc_options = std::move(oidc_opts);
+ ASSERT_OK(StartCluster());
+ const auto* const kSubject = "kudu-user";
+ const auto configure_builder_for = [&] (const string& account_id,
KuduClientBuilder* b) {
+ client::AuthenticationCredentialsPB pb;
+ security::JwtRawPB jwt = security::JwtRawPB();
+ *jwt.mutable_jwt_data() = MiniOidc::CreateJwt(account_id, kSubject, true);
+ *pb.mutable_jwt() = std::move(jwt);
+ string creds;
+ CHECK(pb.SerializeToString(&creds));
+
+ for (auto i = 0; i < cluster_->num_masters(); ++i) {
+
b->add_master_server_addr(cluster_->master(i)->bound_rpc_addr().ToString());
+ }
+ b->import_authentication_credentials(creds);
+ b->require_authentication(true);
+ };
+
+ {
+ KuduClientBuilder valid_builder;
+ shared_ptr<KuduClient> client;
+ configure_builder_for(kValidAccount, &valid_builder);
+ ASSERT_OK(valid_builder.Build(&client));
+ vector<string> tables;
+ ASSERT_OK(client->ListTables(&tables));
+ }
+ {
+ KuduClientBuilder invalid_builder;
+ shared_ptr<KuduClient> client;
+ configure_builder_for(kInvalidAccount, &invalid_builder);
+ Status s = invalid_builder.Build(&client);
+ ASSERT_FALSE(s.ok()) << s.ToString();
+ ASSERT_STR_CONTAINS(s.ToString(), "FATAL_INVALID_JWT");
+ }
+ {
+ KuduClientBuilder no_jwt_builder;
+ shared_ptr<KuduClient> client;
+ for (auto i = 0; i < cluster_->num_masters(); ++i) {
+
no_jwt_builder.add_master_server_addr(cluster_->master(i)->bound_rpc_addr().ToString());
+ }
+ no_jwt_builder.require_authentication(true);
+ Status s = no_jwt_builder.Build(&client);
+ ASSERT_FALSE(s.ok()) << s.ToString();
+ ASSERT_STR_CONTAINS(s.ToString(), "Not authorized");
+ }
+}
+
TEST_F(SecurityITest, TestWorldReadableKeytab) {
const string credentials_name = GetTestPath("insecure.keytab");
NO_FATALS(CreateWorldReadableFile(credentials_name));
diff --git a/src/kudu/mini-cluster/CMakeLists.txt
b/src/kudu/mini-cluster/CMakeLists.txt
index 479e83f44..f10497a0d 100644
--- a/src/kudu/mini-cluster/CMakeLists.txt
+++ b/src/kudu/mini-cluster/CMakeLists.txt
@@ -37,6 +37,7 @@ set(MINI_CLUSTER_LIBS
master_proto
mini_hms
mini_kdc
+ mini_oidc
mini_ranger
mini_ranger_kms
server_base_proto
diff --git a/src/kudu/mini-cluster/external_mini_cluster.cc
b/src/kudu/mini-cluster/external_mini_cluster.cc
index 2cb5187dd..6db49b86e 100644
--- a/src/kudu/mini-cluster/external_mini_cluster.cc
+++ b/src/kudu/mini-cluster/external_mini_cluster.cc
@@ -72,6 +72,8 @@
#include "kudu/util/env.h"
#include "kudu/util/env_util.h"
#include "kudu/util/fault_injection.h"
+#include "kudu/util/jwt-util.h"
+#include "kudu/util/mini_oidc.h"
#include "kudu/util/monotime.h"
#include "kudu/util/net/sockaddr.h"
#include "kudu/util/net/socket.h"
@@ -140,14 +142,12 @@ ExternalMiniClusterOptions::ExternalMiniClusterOptions()
enable_encryption(FLAGS_encrypt_data_at_rest),
logtostderr(true),
start_process_timeout(MonoDelta::FromSeconds(70)),
- rpc_negotiation_timeout(MonoDelta::FromSeconds(3))
+ rpc_negotiation_timeout(MonoDelta::FromSeconds(3)),
#if !defined(NO_CHRONY)
- ,
num_ntp_servers(1),
- ntp_config_mode(BuiltinNtpConfigMode::ALL_SERVERS)
+ ntp_config_mode(BuiltinNtpConfigMode::ALL_SERVERS),
#endif // #if !defined(NO_CHRONY) ...
-{
-}
+ enable_client_jwt(false) {}
ExternalMiniCluster::ExternalMiniCluster()
: opts_(ExternalMiniClusterOptions()) {
@@ -269,12 +269,20 @@ Status ExternalMiniCluster::Start() {
gflags::FlagSaver saver;
FLAGS_dns_addr_resolution_override = dns_overrides_;
+ std::shared_ptr<PerAccountKeyBasedJwtVerifier> jwt_verifier = nullptr;
+ if (opts_.enable_client_jwt) {
+ oidc_.reset(new MiniOidc(opts_.mini_oidc_options));
+ RETURN_NOT_OK_PREPEND(oidc_->Start(), "Failed to start OIDC endpoints");
+ jwt_verifier =
std::make_shared<PerAccountKeyBasedJwtVerifier>(oidc_->url());
+ }
+
RETURN_NOT_OK_PREPEND(
rpc::MessengerBuilder("minicluster-messenger")
.set_num_reactors(1)
.set_max_negotiation_threads(1)
.set_rpc_negotiation_timeout_ms(opts_.rpc_negotiation_timeout.ToMilliseconds())
.set_sasl_proto_name(opts_.principal)
+ .set_jwt_verifier(std::move(jwt_verifier))
.Build(&messenger_),
"Failed to start Messenger for minicluster");
@@ -719,6 +727,11 @@ Status ExternalMiniCluster::CreateMaster(const
vector<HostPort>& master_rpc_addr
"ranger-client")));
flags.emplace_back("--trusted_user_acl=test-admin");
}
+ if (opts_.enable_client_jwt) {
+ flags.emplace_back("--enable_jwt_token_auth=true");
+ flags.emplace_back(Substitute("--jwks_url=$0", oidc_->url()));
+ flags.emplace_back(Substitute("--jwks_discovery_endpoint_base=$0",
oidc_->url()));
+ }
if (!opts_.master_alias_prefix.empty()) {
flags.emplace_back(Substitute("--host_for_tests=$0.$1",
opts_.master_alias_prefix, idx));
diff --git a/src/kudu/mini-cluster/external_mini_cluster.h
b/src/kudu/mini-cluster/external_mini_cluster.h
index e1ab188b0..5cf7abe69 100644
--- a/src/kudu/mini-cluster/external_mini_cluster.h
+++ b/src/kudu/mini-cluster/external_mini_cluster.h
@@ -39,6 +39,7 @@
#include "kudu/gutil/ref_counted.h"
#include "kudu/mini-cluster/mini_cluster.h"
#include "kudu/security/test/mini_kdc.h"
+#include "kudu/util/mini_oidc.h"
#include "kudu/util/monotime.h"
#include "kudu/util/net/net_util.h"
#include "kudu/util/status.h"
@@ -314,6 +315,14 @@ struct ExternalMiniClusterOptions {
std::string master_alias_prefix;
std::string tserver_alias_prefix;
+
+ MiniOidcOptions mini_oidc_options;
+
+ // When set to true, servers are configured to verify JWTs via the configured
+ // OIDC server.
+ //
+ // Default: false
+ bool enable_client_jwt;
};
// A mini-cluster made up of subprocesses running each of the daemons
@@ -440,6 +449,10 @@ class ExternalMiniCluster : public MiniCluster {
return ranger_kms_.get();
}
+ MiniOidc* oidc() const {
+ return oidc_.get();
+ }
+
const std::string& cluster_root() const {
return opts_.cluster_root;
}
@@ -615,6 +628,7 @@ class ExternalMiniCluster : public MiniCluster {
std::shared_ptr<ranger::MiniRanger> ranger_;
std::unique_ptr<security::KeyProvider> key_provider_;
std::unique_ptr<rangerkms::MiniRangerKMS> ranger_kms_;
+ std::unique_ptr<MiniOidc> oidc_;
std::shared_ptr<rpc::Messenger> messenger_;
diff --git a/src/kudu/rpc/negotiation.cc b/src/kudu/rpc/negotiation.cc
index 8f5a0cf5d..07430c8d9 100644
--- a/src/kudu/rpc/negotiation.cc
+++ b/src/kudu/rpc/negotiation.cc
@@ -17,11 +17,11 @@
#include "kudu/rpc/negotiation.h"
-#include <ctime>
#include <poll.h>
#include <sys/socket.h>
#include <cerrno>
+#include <ctime>
#include <memory>
#include <optional>
#include <ostream>
diff --git a/src/kudu/server/server_base.cc b/src/kudu/server/server_base.cc
index 14db0f359..1fac55e71 100644
--- a/src/kudu/server/server_base.cc
+++ b/src/kudu/server/server_base.cc
@@ -706,7 +706,7 @@ Status ServerBase::Init() {
std::shared_ptr<JwtVerifier> jwt_verifier;
if (FLAGS_enable_jwt_token_auth) {
if (!FLAGS_jwks_url.empty()) {
- jwt_verifier = std::make_shared<KeyBasedJwtVerifier>(FLAGS_jwks_url,
false);
+ jwt_verifier =
std::make_shared<PerAccountKeyBasedJwtVerifier>(FLAGS_jwks_url);
} else if (!FLAGS_jwks_file_path.empty()) {
jwt_verifier =
std::make_shared<KeyBasedJwtVerifier>(FLAGS_jwks_file_path, true);
} else {
diff --git a/src/kudu/util/CMakeLists.txt b/src/kudu/util/CMakeLists.txt
index bf7d8a843..51ba95ef1 100644
--- a/src/kudu/util/CMakeLists.txt
+++ b/src/kudu/util/CMakeLists.txt
@@ -356,7 +356,7 @@ target_link_libraries(kudu_curl_util
#######################################
# mini_oidc
#######################################
-set (MINI_OIDC_SRCS mini_oidc.cc)
+set (MINI_OIDC_SRCS mini_oidc.cc jwt_test_certs.cc)
add_library(mini_oidc ${MINI_OIDC_SRCS})
target_link_libraries(mini_oidc
server_process
diff --git a/src/kudu/util/jwt-util.cc b/src/kudu/util/jwt-util.cc
index cff633ad8..6ecd51cd5 100644
--- a/src/kudu/util/jwt-util.cc
+++ b/src/kudu/util/jwt-util.cc
@@ -1018,8 +1018,8 @@ Status
PerAccountKeyBasedJwtVerifier::JWTHelperForToken(const JWTHelper::JWTDeco
Status PerAccountKeyBasedJwtVerifier::Init() {
for (auto& [account_id, verifier] : jwt_by_account_id_) {
- verifier->Init(Substitute("$0?accountId=$1", oidc_uri_, account_id),
- /*is_local_file*/false);
+ RETURN_NOT_OK(verifier->Init(Substitute("$0?accountId=$1", oidc_uri_,
account_id),
+ /*is_local_file*/false));
}
return Status::OK();
}
diff --git a/src/kudu/util/jwt_test_certs.h b/src/kudu/util/jwt_test_certs.cc
similarity index 87%
copy from src/kudu/util/jwt_test_certs.h
copy to src/kudu/util/jwt_test_certs.cc
index e30d85461..3f1311d0d 100644
--- a/src/kudu/util/jwt_test_certs.h
+++ b/src/kudu/util/jwt_test_certs.cc
@@ -14,11 +14,9 @@
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
-#pragma once
+#include "kudu/util/jwt_test_certs.h"
-#include <string>
-
-const std::string kRsaPrivKeyPem = R"(-----BEGIN PRIVATE KEY-----
+const char* kRsaPrivKeyPem = R"(-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4ZtdaIrd1BPIJ
tfnF0TjIK5inQAXZ3XlCrUlJdP+XHwIRxdv1FsN12XyMYO/6ymLmo9ryoQeIrsXB
XYqlET3zfAY+diwCb0HEsVvhisthwMU4gZQu6TYW2s9LnXZB5rVtcBK69hcSlA2k
@@ -46,7 +44,7 @@
RultUEe2C0jYMDQx+JYxbPmtcopvZQrFEur3WKVuLy5UAy7EBvwMnZwIG7OOohJb
vkSpADK6VPn9lbqq7O8cTedEHttm6otmLt8ZyEl3hZMaL3hbuRj6ysjmoFKx6CrX
rK0/Ikt5ybqUzKCMJZg2VKGTxg==
-----END PRIVATE KEY-----)";
-const std::string kRsaPubKeyPem = R"(-----BEGIN PUBLIC KEY-----
+const char* kRsaPubKeyPem = R"(-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGbXWiK3dQTyCbX5xdE4
yCuYp0AF2d15Qq1JSXT/lx8CEcXb9RbDddl8jGDv+spi5qPa8qEHiK7FwV2KpRE9
83wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVs
@@ -57,15 +55,15 @@ YwIDAQAB
-----END PUBLIC KEY-----)";
// The public keys in JWK format were converted from PEM formatted crypto keys
with
// pem-to-jwk tool at https://hub.docker.com/r/danedmunds/pem-to-jwk/
-const std::string kRsaPubKeyJwkN =
+const char* kRsaPubKeyJwkN =
"uGbXWiK3dQTyCbX5xdE4yCuYp0AF2d15Qq1JSXT_lx8CEcXb9RbDddl8jGDv-sp"
"i5qPa8qEHiK7FwV2KpRE983wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qe"
"a1bXASuvYXEpQNpGbnTGVsWXI9C-yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTF"
"IF9Dm4SLHbphUS2iw7w1JgT69s7of9-I9l5lsJ9cozf1rxrXX4V1u_SotUuNB3F"
"p8oB4C1fLBEhSlMcUJirz1E8AziMCxS-VrRPDM-zfvpIJg3JljAh3PJHDiLu902"
"v9w-Iplu1WyoB2aPfitxEhRN0Yw";
-const std::string kRsaPubKeyJwkE = "AQAB";
-const std::string kRsaInvalidPubKeyJwkN =
+const char* kRsaPubKeyJwkE = "AQAB";
+const char* kRsaInvalidPubKeyJwkN =
"xzYuc22QSst_dS7geYYK5l5kLxU0tayNdixkEQ17ix-CUcUbKIsnyftZxaCYT46"
"rQtXgCaYRdJcbB3hmyrOavkhTpX79xJZnQmfuamMbZBqitvscxW9zRR9tBUL6vd"
"i_0rpoUwPMEh8-Bw7CgYR0FK0DhWYBNDfe9HKcyZEv3max8Cdq18htxjEsdYO0i"
@@ -73,7 +71,7 @@ const std::string kRsaInvalidPubKeyJwkN =
"CTmsa2Ysf712rl57SlH0Wz_Mr3F7aM9YpErzeYLrl0GhQr9BVJxOvXcVd4kmY-X"
"kiCcrkyS1cnghnllh-LCwQu1sYw";
-const std::string kRsa512PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY-----
+const char* kRsa512PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDdlatRjRjogo3WojgGHFHYLugdUWAY9iR3fy4arWNA1KoS8kVw
33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQsHUfQrSDv+MuSUMAe8jzKE4qW
+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5Do2kQ+X5xK9cipRgEKwIDAQAB
@@ -88,18 +86,18 @@
fSSjAkLRi54PKJ8TFUeOP15h9sQzydI8zJU+upvDEKZsZc/UhT/SySDOxQ4G/523
Y0sz/OZtSWcol/UMgQJALesy++GdvoIDLfJX5GBQpuFgFenRiRDabxrE9MNUZ2aP
FaFp+DyAe+b4nDwuJaW2LURbr8AEZga7oQj0uYxcYw==
-----END RSA PRIVATE KEY-----)";
-const std::string kRsa512PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
+const char* kRsa512PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdlatRjRjogo3WojgGHFHYLugd
UWAY9iR3fy4arWNA1KoS8kVw33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQs
HUfQrSDv+MuSUMAe8jzKE4qW+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5D
o2kQ+X5xK9cipRgEKwIDAQAB
-----END PUBLIC KEY-----)";
-const std::string kRsa512PubKeyJwkN =
+const char* kRsa512PubKeyJwkN =
"3ZWrUY0Y6IKN1qI4BhxR2C7oHVFgGPYkd38uGq1jQNSqEvJFcN93CYm16_G78FA"
"FKWqwsJb3Wx-nbxDn6LtP4AhULB1H0K0g7_jLklDAHvI8yhOKlvoyvsUFPWtNxl"
"Jyh5JJXvkNKV_4Oo12e69f8QCuQ6NpEPl-cSvXIqUYBCs";
-const std::string kRsa512PubKeyJwkE = "AQAB";
-const std::string kRsa512InvalidPubKeyJwkN =
+const char* kRsa512PubKeyJwkE = "AQAB";
+const char* kRsa512InvalidPubKeyJwkN =
"xzYuc22QSst_dS7geYYK5l5kLxU0tayNdixkEQ17ix-CUcUbKIsnyftZxaCYT46"
"rQtXgCaYRdJcbB3hmyrOavkhTpX79xJZnQmfuamMbZBqitvscxW9zRR9tBUL6vd"
"i_0rpoUwPMEh8-Bw7CgYR0FK0DhWYBNDfe9HKcyZEv3max8Cdq18htxjEsdYO0i"
@@ -107,7 +105,7 @@ const std::string kRsa512InvalidPubKeyJwkN =
"CTmsa2Ysf712rl57SlH0Wz_Mr3F7aM9YpErzeYLrl0GhQr9BVJxOvXcVd4kmY-X"
"kiCcrkyS1cnghnllh-LCwQu1sYw";
-const std::string kRsa1024PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY-----
+const char* kRsa1024PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDT+6sb2SvN69NB+6Zg78B7mdke0tC91CTfixzCSn7wS8JUvvZK
AO1uMgnrCQdDr2TNeRYr6urawIOCDB1Ybz1+cBSNxouVdt/aT9+cw27kzVQE59NA
PMpQyLtXaAOR6rD8xzyIgAV12QFmc1kHFl7Sjobwmsu5ZWRqYTwdXvFXIQIDAQAB
@@ -122,19 +120,19 @@
oaBgAAiDH1UPpAvK6LfALl0P6E1pjLvWjvhOg/Z4xKvS21cJIJlF0ShGFSV2CTzx
YQUiqLkHegkGxV353XRxVQJAZaW5O2BI5jKy2hK0EoAx3pSnp2X4CmkWrXsSeOgC
Zz+jDkn8QzPbRwb8cyks/IHc2CBvaFStLFKO2VQj1THDhw==
-----END RSA PRIVATE KEY-----)";
-const std::string kRsa1024PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
+const char* kRsa1024PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT+6sb2SvN69NB+6Zg78B7mdke
0tC91CTfixzCSn7wS8JUvvZKAO1uMgnrCQdDr2TNeRYr6urawIOCDB1Ybz1+cBSN
xouVdt/aT9+cw27kzVQE59NAPMpQyLtXaAOR6rD8xzyIgAV12QFmc1kHFl7Sjobw
msu5ZWRqYTwdXvFXIQIDAQAB
-----END PUBLIC KEY-----)";
-const std::string kRsa1024PubKeyJwkN =
+const char* kRsa1024PubKeyJwkN =
"0_urG9krzevTQfumYO_Ae5nZHtLQvdQk34scwkp-8EvCVL72SgDtbjIJ6wkHQ69"
"kzXkWK-rq2sCDggwdWG89fnAUjcaLlXbf2k_fnMNu5M1UBOfTQDzKUMi7V2gDke"
"qw_Mc8iIAFddkBZnNZBxZe0o6G8JrLuWVkamE8HV7xVyE";
-const std::string kRsa1024PubKeyJwkE = "AQAB";
+const char* kRsa1024PubKeyJwkE = "AQAB";
-const std::string kRsa2048PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY-----
+const char* kRsa2048PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA0jCHomsNIaRYVlsemWg9yBx3od1B9Fd9RUslk9IVE7IU+QYZ
+T4NvRVPAMjpzuurvPnN4uBVPREycXOgEcWHiJDDQEhlQD4F69W8MFE7SXpdcBih
zcj5qPYtTFP/52s6Vg7Y8SAUkBDyr0B442ONR1SBD8qEMAxpiLMH1Q/Yap+etvIj
@@ -161,7 +159,7 @@
jOODBXkCgYEAhaD3gZUCWU+ZA6QmxPotfe9L0tzjmUjsLo0QUgIHJa2VaoHzdnWC
ClvP3tFFkv2dlD6UW+g0JJFTVWcv+HEiC9WUnD/C6dXK/qA3fRvBhRKy8FTwvOis
zSVeYds6mvDJwFe+2mk0KQiKnxlx22B4PcYbbN7mZ2ClBFTFrp0+Id4=
-----END RSA PRIVATE KEY-----)";
-const std::string kRsa2048PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
+const char* kRsa2048PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jCHomsNIaRYVlsemWg9
yBx3od1B9Fd9RUslk9IVE7IU+QYZ+T4NvRVPAMjpzuurvPnN4uBVPREycXOgEcWH
iJDDQEhlQD4F69W8MFE7SXpdcBihzcj5qPYtTFP/52s6Vg7Y8SAUkBDyr0B442ON
@@ -170,16 +168,16 @@
c7x8ZlLqogPczkXvW6T+YAkwA8XwginZw0xBzfpoOEnajqm4Yikck0gJ0HwdlYFI
p72ih7uozne7PYLVGb9X97cL0H1XDiA/SXJiFKo1AKXihcOdIRiw49eo9rzsoWPy
gQIDAQAB
-----END PUBLIC KEY-----)";
-const std::string kRsa2048PubKeyJwkN =
+const char* kRsa2048PubKeyJwkN =
"0jCHomsNIaRYVlsemWg9yBx3od1B9Fd9RUslk9IVE7IU-QYZ-T4NvRVPAMjpzuu"
"rvPnN4uBVPREycXOgEcWHiJDDQEhlQD4F69W8MFE7SXpdcBihzcj5qPYtTFP_52"
"s6Vg7Y8SAUkBDyr0B442ONR1SBD8qEMAxpiLMH1Q_Yap-etvIjD1r2zQkQke53A"
"n9LvVl7OKkM8KGOcE_0tJRmc7x8ZlLqogPczkXvW6T-YAkwA8XwginZw0xBzfpo"
"OEnajqm4Yikck0gJ0HwdlYFIp72ih7uozne7PYLVGb9X97cL0H1XDiA_SXJiFKo"
"1AKXihcOdIRiw49eo9rzsoWPygQ";
-const std::string kRsa2048PubKeyJwkE = "AQAB";
+const char* kRsa2048PubKeyJwkE = "AQAB";
-const std::string kRsa4096PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY-----
+const char* kRsa4096PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAtxmYsvs6ZfhTCFKCHQBW/W3iRfh8wZN+/XPXaOiIx9SXYSFr
b/WRaTn8UOvflYuRnPYMaRGr5gVTS6/WFVvtNuZVIDOQBgEOBt5MQ0BeM0yPiM6q
acP15couRwxbJx45ODQNyh5jNF4SdzqThNFTCFHtWakL1qrkGNSKdowIMaM59dm5
@@ -230,7 +228,7 @@
rzo7tuC/a+Da3nd2UnMheqf8ajt7oXaXgrqYjzK9Fx/QJcUel12ny+Nx+NADx4UU
K43Js4kcyWyYG9ms7S643u1leDDO+hpeB6EN15U2v7zXi8rMrLqvNKrBi9bCRFDu
3zsKSPS+qeqpNBsefGtx7oluHdiQocA6w20nQ1DzIW2mOo8Pn5nzt7fPPPA=
-----END RSA PRIVATE KEY-----)";
-const std::string kRsa4096PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
+const char* kRsa4096PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtxmYsvs6ZfhTCFKCHQBW
/W3iRfh8wZN+/XPXaOiIx9SXYSFrb/WRaTn8UOvflYuRnPYMaRGr5gVTS6/WFVvt
NuZVIDOQBgEOBt5MQ0BeM0yPiM6qacP15couRwxbJx45ODQNyh5jNF4SdzqThNFT
@@ -244,7 +242,7 @@
Vw7BS7zlH9s7rCn001VBJCJcXtkGaykw9Zd1E+Jh7IKQJn8gydsQ0enlMmtwsJO/
tEvYBojFXbl4XecMWADTiExjXobX1y7u9ZTn0KRNkPpX9GTgY3oR0ei+rwOr4d+k
2CrUdkMTGfjnfcDHKjHh3LMCAwEAAQ==
-----END PUBLIC KEY-----)";
-const std::string kRsa4096PubKeyJwkN =
+const char* kRsa4096PubKeyJwkN =
"txmYsvs6ZfhTCFKCHQBW_W3iRfh8wZN-_XPXaOiIx9SXYSFrb_WRaTn8UOvflYu"
"RnPYMaRGr5gVTS6_WFVvtNuZVIDOQBgEOBt5MQ0BeM0yPiM6qacP15couRwxbJx"
"45ODQNyh5jNF4SdzqThNFTCFHtWakL1qrkGNSKdowIMaM59dm58liMHxp9h9yTm"
@@ -256,67 +254,67 @@ const std::string kRsa4096PubKeyJwkN =
"C3-i9ZXxiJ1u8avYfGjH8RrJW8dvVw7BS7zlH9s7rCn001VBJCJcXtkGaykw9Zd"
"1E-Jh7IKQJn8gydsQ0enlMmtwsJO_tEvYBojFXbl4XecMWADTiExjXobX1y7u9Z"
"Tn0KRNkPpX9GTgY3oR0ei-rwOr4d-k2CrUdkMTGfjnfcDHKjHh3LM";
-const std::string kRsa4096PubKeyJwkE = "AQAB";
+const char* kRsa4096PubKeyJwkE = "AQAB";
-const std::string kEcdsa521PrivKeyPem = R"(-----BEGIN EC PRIVATE KEY-----
+const char* kEcdsa521PrivKeyPem = R"(-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIAuZxTZjLIZM5hxgZX+JRrqt5FKpAEg/meZ7m9aSE3XbRITqtfz1Uy
h2Srn7o8+4j/jQpwHTTHZThy10u5jMjaR+mgBwYFK4EEACOhgYkDgYYABAFFah0k
6m4ddp/tUN/ObrKKwSCp4QUZdiAMaC9eY1HyNBPuuEsH5qCfeY5lmeJwSUpzCosn
rgW8M2hQ4Kr5V9OXrgHLA5WVtH6//sSkUY2/xYuqc7/Ln8gI5ddtr1qG64Xtgs05
/CNajSjFZeLm76llakvYiBTTH/ii8hIfrwukW9IP7Q==
-----END EC PRIVATE KEY-----)";
-const std::string kEcdsa521PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
+const char* kEcdsa521PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBRWodJOpuHXaf7VDfzm6yisEgqeEF
GXYgDGgvXmNR8jQT7rhLB+agn3mOZZnicElKcwqLJ64FvDNoUOCq+VfTl64BywOV
lbR+v/7EpFGNv8WLqnO/y5/ICOXXba9ahuuF7YLNOfwjWo0oxWXi5u+pZWpL2IgU
0x/4ovISH68LpFvSD+0=
-----END PUBLIC KEY-----)";
-const std::string kEcdsa521PubKeyJwkX =
+const char* kEcdsa521PubKeyJwkX =
"AUVqHSTqbh12n-1Q385usorBIKnhBRl2IAxoL15jUfI0E-64SwfmoJ95jmWZ4nB"
"JSnMKiyeuBbwzaFDgqvlX05eu";
-const std::string kEcdsa521PubKeyJwkY =
+const char* kEcdsa521PubKeyJwkY =
"AcsDlZW0fr_-xKRRjb_Fi6pzv8ufyAjl122vWobrhe2CzTn8I1qNKMVl4ubvqWV"
"qS9iIFNMf-KLyEh-vC6Rb0g_t";
-const std::string kEcdsa384PrivKeyPem = R"(-----BEGIN EC PRIVATE KEY-----
+const char* kEcdsa384PrivKeyPem = R"(-----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDCrPXJDgQDtNRpM0qNUW/zN1vrCvOVH1CsItVZ+1NeGB+w/2whnIXJQ
K7U5C1ETPHagBwYFK4EEACKhZANiAAR0JjvVJXc3u1I/7vt5mxzPtAIi1VIqxCwN
wgISZVySTYZQzyicW2GfhMlFCow28LzqTwH/eCymAvnTAmpK/P1hXhNcnxDBZNOU
WMbMLFcQrg2wwpIb/k/IXobNwjNPRBo=
-----END EC PRIVATE KEY-----)";
-const std::string kEcdsa384PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
+const char* kEcdsa384PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEdCY71SV3N7tSP+77eZscz7QCItVSKsQs
DcICEmVckk2GUM8onFthn4TJRQqMNvC86k8B/3gspgL50wJqSvz9YV4TXJ8QwWTT
lFjGzCxXEK4NsMKSG/5PyF6GzcIzT0Qa
-----END PUBLIC KEY-----)";
-const std::string kEcdsa384PubKeyJwkX =
+const char* kEcdsa384PubKeyJwkX =
"dCY71SV3N7tSP-77eZscz7QCItVSKsQsDcICEmVckk2GUM8onFthn4TJRQqMNvC8";
-const std::string kEcdsa384PubKeyJwkY =
+const char* kEcdsa384PubKeyJwkY =
"6k8B_3gspgL50wJqSvz9YV4TXJ8QwWTTlFjGzCxXEK4NsMKSG_5PyF6GzcIzT0Qa";
-const std::string kEcdsa256PrivKeyPem = R"(-----BEGIN PRIVATE KEY-----
+const char* kEcdsa256PrivKeyPem = R"(-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPGJGAm4X1fvBuC1z
SpO/4Izx6PXfNMaiKaS5RUkFqEGhRANCAARCBvmeksd3QGTrVs2eMrrfa7CYF+sX
sjyGg+Bo5mPKGH4Gs8M7oIvoP9pb/I85tdebtKlmiCZHAZE5w4DfJSV6
-----END PRIVATE KEY-----)";
-const std::string kEcdsa256PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
+const char* kEcdsa256PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQgb5npLHd0Bk61bNnjK632uwmBfr
F7I8hoPgaOZjyhh+BrPDO6CL6D/aW/yPObXXm7SpZogmRwGROcOA3yUleg==
-----END PUBLIC KEY-----)";
-const std::string kEcdsa256PubKeyJwkX =
"Qgb5npLHd0Bk61bNnjK632uwmBfrF7I8hoPgaOZjyhg";
-const std::string kEcdsa256PubKeyJwkY =
"fgazwzugi-g_2lv8jzm115u0qWaIJkcBkTnDgN8lJXo";
+const char* kEcdsa256PubKeyJwkX =
"Qgb5npLHd0Bk61bNnjK632uwmBfrF7I8hoPgaOZjyhg";
+const char* kEcdsa256PubKeyJwkY =
"fgazwzugi-g_2lv8jzm115u0qWaIJkcBkTnDgN8lJXo";
-const std::string kKid1 = "public:c424b67b-fe28-45d7-b015-f79da50b5b21";
-const std::string kKid2 = "public:9b9d0b47-b9ed-4ba6-9180-52fc5b161a3a";
+const char* kKid1 = "public:c424b67b-fe28-45d7-b015-f79da50b5b21";
+const char* kKid2 = "public:9b9d0b47-b9ed-4ba6-9180-52fc5b161a3a";
-const std::string kJwksHsFileFormat = R"(
+const char* kJwksHsFileFormat = R"(
{
"keys": [
{ "kty": "oct", "kid": "$0", "alg": "$1", "k": "$2" }
]
})";
-const std::string kJwksRsaFileFormat = R"(
+const char* kJwksRsaFileFormat = R"(
{
"keys": [
{ "kty": "RSA", "kid": "$0", "alg": "$1", "n": "$2", "e": "$3" },
@@ -324,9 +322,10 @@ const std::string kJwksRsaFileFormat = R"(
]
})";
-const std::string kJwksEcFileFormat = R"(
+const char* kJwksEcFileFormat = R"(
{
"keys": [
{ "kty": "EC", "kid": "$0", "crv": "$1", "x": "$2", "y": "$3" }
]
})";
+
diff --git a/src/kudu/util/jwt_test_certs.h b/src/kudu/util/jwt_test_certs.h
index e30d85461..1c59855f4 100644
--- a/src/kudu/util/jwt_test_certs.h
+++ b/src/kudu/util/jwt_test_certs.h
@@ -16,317 +16,53 @@
// under the License.
#pragma once
-#include <string>
-
-const std::string kRsaPrivKeyPem = R"(-----BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4ZtdaIrd1BPIJ
-tfnF0TjIK5inQAXZ3XlCrUlJdP+XHwIRxdv1FsN12XyMYO/6ymLmo9ryoQeIrsXB
-XYqlET3zfAY+diwCb0HEsVvhisthwMU4gZQu6TYW2s9LnXZB5rVtcBK69hcSlA2k
-ZudMZWxZcj0L7KMfO2rIvaHw/qaVOE9j0T257Z8Kp2CLF9MUgX0ObhIsdumFRLaL
-DvDUmBPr2zuh/34j2XmWwn1yjN/WvGtdfhXW79Ki1S40HcWnygHgLV8sESFKUxxQ
-mKvPUTwDOIwLFL5WtE8Mz7N++kgmDcmWMCHc8kcOIu73Ta/3D4imW7VbKgHZo9+K
-3ESFE3RjAgMBAAECggEBAJTEIyjMqUT24G2FKiS1TiHvShBkTlQdoR5xvpZMlYbN
-tVWxUmrAGqCQ/TIjYnfpnzCDMLhdwT48Ab6mQJw69MfiXwc1PvwX1e9hRscGul36
-ryGPKIVQEBsQG/zc4/L2tZe8ut+qeaK7XuYrPp8bk/X1e9qK5m7j+JpKosNSLgJj
-NIbYsBkG2Mlq671irKYj2hVZeaBQmWmZxK4fw0Istz2WfN5nUKUeJhTwpR+JLUg4
-ELYYoB7EO0Cej9UBG30hbgu4RyXA+VbptJ+H042K5QJROUbtnLWuuWosZ5ATldwO
-u03dIXL0SH0ao5NcWBzxU4F2sBXZRGP2x/jiSLHcqoECgYEA4qD7mXQpu1b8XO8U
-6abpKloJCatSAHzjgdR2eRDRx5PMvloipfwqA77pnbjTUFajqWQgOXsDTCjcdQui
-wf5XAaWu+TeAVTytLQbSiTsBhrnoqVrr3RoyDQmdnwHT8aCMouOgcC5thP9vQ8Us
-rVdjvRRbnJpg3BeSNimH+u9AHgsCgYEA0EzcbOltCWPHRAY7B3Ge/AKBjBQr86Kv
-TdpTlxePBDVIlH+BM6oct2gaSZZoHbqPjbq5v7yf0fKVcXE4bSVgqfDJ/sZQu9Lp
-PTeV7wkk0OsAMKk7QukEpPno5q6tOTNnFecpUhVLLlqbfqkB2baYYwLJR3IRzboJ
-FQbLY93E8gkCgYB+zlC5VlQbbNqcLXJoImqItgQkkuW5PCgYdwcrSov2ve5r/Acz
-FNt1aRdSlx4176R3nXyibQA1Vw+ztiUFowiP9WLoM3PtPZwwe4bGHmwGNHPIfwVG
-m+exf9XgKKespYbLhc45tuC08DATnXoYK7O1EnUINSFJRS8cezSI5eHcbQKBgQDC
-PgqHXZ2aVftqCc1eAaxaIRQhRmY+CgUjumaczRFGwVFveP9I6Gdi+Kca3DE3F9Pq
-PKgejo0SwP5vDT+rOGHN14bmGJUMsX9i4MTmZUZ5s8s3lXh3ysfT+GAhTd6nKrIE
-kM3Nh6HWFhROptfc6BNusRh1kX/cspDplK5x8EpJ0QKBgQDWFg6S2je0KtbV5PYe
-RultUEe2C0jYMDQx+JYxbPmtcopvZQrFEur3WKVuLy5UAy7EBvwMnZwIG7OOohJb
-vkSpADK6VPn9lbqq7O8cTedEHttm6otmLt8ZyEl3hZMaL3hbuRj6ysjmoFKx6CrX
-rK0/Ikt5ybqUzKCMJZg2VKGTxg==
------END PRIVATE KEY-----)";
-const std::string kRsaPubKeyPem = R"(-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGbXWiK3dQTyCbX5xdE4
-yCuYp0AF2d15Qq1JSXT/lx8CEcXb9RbDddl8jGDv+spi5qPa8qEHiK7FwV2KpRE9
-83wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVs
-WXI9C+yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTFIF9Dm4SLHbphUS2iw7w1JgT
-69s7of9+I9l5lsJ9cozf1rxrXX4V1u/SotUuNB3Fp8oB4C1fLBEhSlMcUJirz1E8
-AziMCxS+VrRPDM+zfvpIJg3JljAh3PJHDiLu902v9w+Iplu1WyoB2aPfitxEhRN0
-YwIDAQAB
------END PUBLIC KEY-----)";
+extern const char* kRsaPrivKeyPem;
+extern const char* kRsaPubKeyPem;
// The public keys in JWK format were converted from PEM formatted crypto keys
with
// pem-to-jwk tool at https://hub.docker.com/r/danedmunds/pem-to-jwk/
-const std::string kRsaPubKeyJwkN =
- "uGbXWiK3dQTyCbX5xdE4yCuYp0AF2d15Qq1JSXT_lx8CEcXb9RbDddl8jGDv-sp"
- "i5qPa8qEHiK7FwV2KpRE983wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qe"
- "a1bXASuvYXEpQNpGbnTGVsWXI9C-yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTF"
- "IF9Dm4SLHbphUS2iw7w1JgT69s7of9-I9l5lsJ9cozf1rxrXX4V1u_SotUuNB3F"
- "p8oB4C1fLBEhSlMcUJirz1E8AziMCxS-VrRPDM-zfvpIJg3JljAh3PJHDiLu902"
- "v9w-Iplu1WyoB2aPfitxEhRN0Yw";
-const std::string kRsaPubKeyJwkE = "AQAB";
-const std::string kRsaInvalidPubKeyJwkN =
- "xzYuc22QSst_dS7geYYK5l5kLxU0tayNdixkEQ17ix-CUcUbKIsnyftZxaCYT46"
- "rQtXgCaYRdJcbB3hmyrOavkhTpX79xJZnQmfuamMbZBqitvscxW9zRR9tBUL6vd"
- "i_0rpoUwPMEh8-Bw7CgYR0FK0DhWYBNDfe9HKcyZEv3max8Cdq18htxjEsdYO0i"
- "wzhtKRXomBWTdhD5ykd_fACVTr4-KEY-IeLvubHVmLUhbE5NgWXxrRpGasDqzKh"
- "CTmsa2Ysf712rl57SlH0Wz_Mr3F7aM9YpErzeYLrl0GhQr9BVJxOvXcVd4kmY-X"
- "kiCcrkyS1cnghnllh-LCwQu1sYw";
-
-const std::string kRsa512PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQDdlatRjRjogo3WojgGHFHYLugdUWAY9iR3fy4arWNA1KoS8kVw
-33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQsHUfQrSDv+MuSUMAe8jzKE4qW
-+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5Do2kQ+X5xK9cipRgEKwIDAQAB
-AoGAD+onAtVye4ic7VR7V50DF9bOnwRwNXrARcDhq9LWNRrRGElESYYTQ6EbatXS
-3MCyjjX2eMhu/aF5YhXBwkppwxg+EOmXeh+MzL7Zh284OuPbkglAaGhV9bb6/5Cp
-uGb1esyPbYW+Ty2PC0GSZfIXkXs76jXAu9TOBvD0ybc2YlkCQQDywg2R/7t3Q2OE
-2+yo382CLJdrlSLVROWKwb4tb2PjhY4XAwV8d1vy0RenxTB+K5Mu57uVSTHtrMK0
-GAtFr833AkEA6avx20OHo61Yela/4k5kQDtjEf1N0LfI+BcWZtxsS3jDM3i1Hp0K
-Su5rsCPb8acJo5RO26gGVrfAsDcIXKC+bQJAZZ2XIpsitLyPpuiMOvBbzPavd4gY
-6Z8KWrfYzJoI/Q9FuBo6rKwl4BFoToD7WIUS+hpkagwWiz+6zLoX1dbOZwJACmH5
-fSSjAkLRi54PKJ8TFUeOP15h9sQzydI8zJU+upvDEKZsZc/UhT/SySDOxQ4G/523
-Y0sz/OZtSWcol/UMgQJALesy++GdvoIDLfJX5GBQpuFgFenRiRDabxrE9MNUZ2aP
-FaFp+DyAe+b4nDwuJaW2LURbr8AEZga7oQj0uYxcYw==
------END RSA PRIVATE KEY-----)";
-const std::string kRsa512PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdlatRjRjogo3WojgGHFHYLugd
-UWAY9iR3fy4arWNA1KoS8kVw33cJibXr8bvwUAUparCwlvdbH6dvEOfou0/gCFQs
-HUfQrSDv+MuSUMAe8jzKE4qW+jK+xQU9a03GUnKHkkle+Q0pX/g6jXZ7r1/xAK5D
-o2kQ+X5xK9cipRgEKwIDAQAB
------END PUBLIC KEY-----)";
-const std::string kRsa512PubKeyJwkN =
- "3ZWrUY0Y6IKN1qI4BhxR2C7oHVFgGPYkd38uGq1jQNSqEvJFcN93CYm16_G78FA"
- "FKWqwsJb3Wx-nbxDn6LtP4AhULB1H0K0g7_jLklDAHvI8yhOKlvoyvsUFPWtNxl"
- "Jyh5JJXvkNKV_4Oo12e69f8QCuQ6NpEPl-cSvXIqUYBCs";
-const std::string kRsa512PubKeyJwkE = "AQAB";
-const std::string kRsa512InvalidPubKeyJwkN =
- "xzYuc22QSst_dS7geYYK5l5kLxU0tayNdixkEQ17ix-CUcUbKIsnyftZxaCYT46"
- "rQtXgCaYRdJcbB3hmyrOavkhTpX79xJZnQmfuamMbZBqitvscxW9zRR9tBUL6vd"
- "i_0rpoUwPMEh8-Bw7CgYR0FK0DhWYBNDfe9HKcyZEv3max8Cdq18htxjEsdYO0i"
- "wzhtKRXomBWTdhD5ykd_fACVTr4-KEY-IeLvubHVmLUhbE5NgWXxrRpGasDqzKh"
- "CTmsa2Ysf712rl57SlH0Wz_Mr3F7aM9YpErzeYLrl0GhQr9BVJxOvXcVd4kmY-X"
- "kiCcrkyS1cnghnllh-LCwQu1sYw";
-
-const std::string kRsa1024PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDT+6sb2SvN69NB+6Zg78B7mdke0tC91CTfixzCSn7wS8JUvvZK
-AO1uMgnrCQdDr2TNeRYr6urawIOCDB1Ybz1+cBSNxouVdt/aT9+cw27kzVQE59NA
-PMpQyLtXaAOR6rD8xzyIgAV12QFmc1kHFl7Sjobwmsu5ZWRqYTwdXvFXIQIDAQAB
-AoGBAJKDLxBgWVZJ2AmS1LvK+U50VwxmyL9rENEwZQAkXPfYZMgN9EvRuEihbRl1
-c//kCde6CQjxpMDsrfgER4QH3odypQWT9A5uXKcdfu/z+xKNtB813rSrew3Q9pXe
-wlOb0q7EcS7XHMrcPxj4gvn2yKqB40vF3TIY6oiSeZbFLUvBAkEA9NaTrGB1+FZj
-+3lIAs7UtYbxNggX53OEcXlstDbqhG3O9SzAHiccMbGu2lDBcAAghmtg9poT0Uo6
-V3VCJcnfNwJBAN2lppZFVWAXOLD2k8OMCp4jc9pRHIUtPU6kWoflU8O6kuDNNamD
-AeNMhdHX+Ed/Js3ig75eAGxsd9q+CFp/uGcCQQDFfGb0/YFqZFSVPMhm62oLWeMq
-T/DoEfdciDK0Ui9rzh7HB+eW6rkFJGsDUWwV6SRTCD3X64PcpuDUNpK6ZFCVAkEA
-oaBgAAiDH1UPpAvK6LfALl0P6E1pjLvWjvhOg/Z4xKvS21cJIJlF0ShGFSV2CTzx
-YQUiqLkHegkGxV353XRxVQJAZaW5O2BI5jKy2hK0EoAx3pSnp2X4CmkWrXsSeOgC
-Zz+jDkn8QzPbRwb8cyks/IHc2CBvaFStLFKO2VQj1THDhw==
------END RSA PRIVATE KEY-----)";
-const std::string kRsa1024PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDT+6sb2SvN69NB+6Zg78B7mdke
-0tC91CTfixzCSn7wS8JUvvZKAO1uMgnrCQdDr2TNeRYr6urawIOCDB1Ybz1+cBSN
-xouVdt/aT9+cw27kzVQE59NAPMpQyLtXaAOR6rD8xzyIgAV12QFmc1kHFl7Sjobw
-msu5ZWRqYTwdXvFXIQIDAQAB
------END PUBLIC KEY-----)";
-const std::string kRsa1024PubKeyJwkN =
- "0_urG9krzevTQfumYO_Ae5nZHtLQvdQk34scwkp-8EvCVL72SgDtbjIJ6wkHQ69"
- "kzXkWK-rq2sCDggwdWG89fnAUjcaLlXbf2k_fnMNu5M1UBOfTQDzKUMi7V2gDke"
- "qw_Mc8iIAFddkBZnNZBxZe0o6G8JrLuWVkamE8HV7xVyE";
-const std::string kRsa1024PubKeyJwkE = "AQAB";
+extern const char* kRsaPubKeyJwkN;
+extern const char* kRsaPubKeyJwkE;
+extern const char* kRsaInvalidPubKeyJwkN;
-const std::string kRsa2048PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA0jCHomsNIaRYVlsemWg9yBx3od1B9Fd9RUslk9IVE7IU+QYZ
-+T4NvRVPAMjpzuurvPnN4uBVPREycXOgEcWHiJDDQEhlQD4F69W8MFE7SXpdcBih
-zcj5qPYtTFP/52s6Vg7Y8SAUkBDyr0B442ONR1SBD8qEMAxpiLMH1Q/Yap+etvIj
-D1r2zQkQke53An9LvVl7OKkM8KGOcE/0tJRmc7x8ZlLqogPczkXvW6T+YAkwA8Xw
-ginZw0xBzfpoOEnajqm4Yikck0gJ0HwdlYFIp72ih7uozne7PYLVGb9X97cL0H1X
-DiA/SXJiFKo1AKXihcOdIRiw49eo9rzsoWPygQIDAQABAoIBAADe2BT1XgojYNqc
-s9P9UUeEof80Mst6WEe4RQknb9RozVBEX55Ut4sEAqjVbC3MnpBgtXhTfFmNem4W
-BUCa7DyFzZ/fcjc8T9sh7mQB1h3FXraHN5ZUrH9auPsjBuvfBGW/rSjUfJlQefzS
-psgu950Rwxtnt+PuDTrWc6QaKx0ylvESKPIaVoticc11Kcts5Fe/RQ2Az2epDDM7
-ptZamvtzptozPPq5YUIvpSnKCJfzOczAQT4omVewJV/7nbo/MdCALExrqHcIqXFp
-2uMpHV1QhqZ160Bzf1O+iDRCxT3rd4OZ5Y68x/fYV8dRqrqPA5BFep6ukf17cnWM
-svDqsaUCgYEA+Z5RbadUKteAM3v1Deu9RG7TucnxyoNSofpEuwMoVxo3+z+dS44v
-UpC7/MJhx1FBf15yKSPIgtjt5o/LanApcJEZVyghucsNvqy11db027P63NkIL/ic
-AgB04odLvxpgLHNv/qEWy7zHBLHhcazajzDHW+a/xBXrtJa3i2G+poUCgYEA15Ap
-OJPafAx/BPMbrYthpd5pVX5AMExXTur7rMIPi4/wh0O0vqGtulwgX3FiS0X4bAzK
-tNJ23/V2RR0F16IAIVZQqt16pIvmhx52iC55EPp3bZWkGhZ33/8Dxzkbe+rlwECa
-wRK4dOyA9hwsnlRuEb8OHva6sr+EusOxmeN6Us0CgYEAg4O/QTe057GM0RNRJFl8
-6a4+jRdx9hHEmqTCS4m5WlLtBcoZdLJgCm9JLD25yIruKE45daVtwkrK5PwD33ti
-yfUY1cvGIR5zim9yikzry0mDNZJ/ds7UW1WkP6mq5e/elezoJ871tLgsXzPdJMg+
-iszXbHshtA0cl5QE9kG0cgUCgYEAzZf3WLjbxzh75RKhMVIgnfyU5i91tRr6opBH
-3atw/CEavUf8GV1GvtmjHqSbpUNk/ljs9K1PJ6eLV7uomNMv4JvccDqxAENWaUTK
-tHPukBzyzxfL3f3T81XcGqUC65tL6aM0djUOrKXtEc4pWBEasd5Q74NO6bD0PNTs
-jOODBXkCgYEAhaD3gZUCWU+ZA6QmxPotfe9L0tzjmUjsLo0QUgIHJa2VaoHzdnWC
-ClvP3tFFkv2dlD6UW+g0JJFTVWcv+HEiC9WUnD/C6dXK/qA3fRvBhRKy8FTwvOis
-zSVeYds6mvDJwFe+2mk0KQiKnxlx22B4PcYbbN7mZ2ClBFTFrp0+Id4=
------END RSA PRIVATE KEY-----)";
-const std::string kRsa2048PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jCHomsNIaRYVlsemWg9
-yBx3od1B9Fd9RUslk9IVE7IU+QYZ+T4NvRVPAMjpzuurvPnN4uBVPREycXOgEcWH
-iJDDQEhlQD4F69W8MFE7SXpdcBihzcj5qPYtTFP/52s6Vg7Y8SAUkBDyr0B442ON
-R1SBD8qEMAxpiLMH1Q/Yap+etvIjD1r2zQkQke53An9LvVl7OKkM8KGOcE/0tJRm
-c7x8ZlLqogPczkXvW6T+YAkwA8XwginZw0xBzfpoOEnajqm4Yikck0gJ0HwdlYFI
-p72ih7uozne7PYLVGb9X97cL0H1XDiA/SXJiFKo1AKXihcOdIRiw49eo9rzsoWPy
-gQIDAQAB
------END PUBLIC KEY-----)";
-const std::string kRsa2048PubKeyJwkN =
- "0jCHomsNIaRYVlsemWg9yBx3od1B9Fd9RUslk9IVE7IU-QYZ-T4NvRVPAMjpzuu"
- "rvPnN4uBVPREycXOgEcWHiJDDQEhlQD4F69W8MFE7SXpdcBihzcj5qPYtTFP_52"
- "s6Vg7Y8SAUkBDyr0B442ONR1SBD8qEMAxpiLMH1Q_Yap-etvIjD1r2zQkQke53A"
- "n9LvVl7OKkM8KGOcE_0tJRmc7x8ZlLqogPczkXvW6T-YAkwA8XwginZw0xBzfpo"
- "OEnajqm4Yikck0gJ0HwdlYFIp72ih7uozne7PYLVGb9X97cL0H1XDiA_SXJiFKo"
- "1AKXihcOdIRiw49eo9rzsoWPygQ";
-const std::string kRsa2048PubKeyJwkE = "AQAB";
+extern const char* kRsa512PrivKeyPem;
+extern const char* kRsa512PubKeyPem;
+extern const char* kRsa512PubKeyJwkN;
+extern const char* kRsa512PubKeyJwkE;
+extern const char* kRsa512InvalidPubKeyJwkN;
-const std::string kRsa4096PrivKeyPem = R"(-----BEGIN RSA PRIVATE KEY-----
-MIIJKAIBAAKCAgEAtxmYsvs6ZfhTCFKCHQBW/W3iRfh8wZN+/XPXaOiIx9SXYSFr
-b/WRaTn8UOvflYuRnPYMaRGr5gVTS6/WFVvtNuZVIDOQBgEOBt5MQ0BeM0yPiM6q
-acP15couRwxbJx45ODQNyh5jNF4SdzqThNFTCFHtWakL1qrkGNSKdowIMaM59dm5
-8liMHxp9h9yTmqM4ZgiZkoF6Vy4KYrg9ChVqUZze4KMiyow8Xv6ESM7Eg2ncTbRe
-vuedbtYv7OVlotyozt1geFkWm/8ZUA6Z68lftYMySq0/yjAmjql0DXP1+vPL9k5s
-KGr5lpIUlB7a9JWbXdepNjvy1vslFuLjcM509d1E8e70C5VF61XthKlk3rRIBWK8
-0XupWR7o6clJsMYKxeF+ImBbzDbWrIkMxe0vTbikS6S4CLPVlYx4sMWAWu4UBpxZ
-quw4cVxyiKoZ2j5yTMAD1xiHI/b2/psFzW3qXcgQWTY7dpIP1BInhepCzHlcLSEi
-HtmMoCXNC3+i9ZXxiJ1u8avYfGjH8RrJW8dvVw7BS7zlH9s7rCn001VBJCJcXtkG
-aykw9Zd1E+Jh7IKQJn8gydsQ0enlMmtwsJO/tEvYBojFXbl4XecMWADTiExjXobX
-1y7u9ZTn0KRNkPpX9GTgY3oR0ei+rwOr4d+k2CrUdkMTGfjnfcDHKjHh3LMCAwEA
-AQKCAgBmbM4ryTfY1Pn13NnmSUtgR3jddWysiMrwEz479GCXkIgCEMTeA3wNZh+M
-UPZo3INfT5CPsg/8A5yd6UYT+rGPFXgnJFD72tky5GW69SX9AmYEvL89nR5QJjKP
-Eg1nq5OMqinQmAEcyUcBJWZiVQpizBm/Hz59HmmsrjCqshjfU5TXv60yMXBo8dOp
-Da4QQiAJi+QEvaNnY1zx7mhO3L3125AeD4Ql1B7tcOklJW1uqehQG4coub4qw2xZ
-09VwLonL9rDBgeyQ5ToOu6xE5whALJ0Ugyf8/cSD560A3Y6LjJfbN/FvBrCKFzul
-xEDts0cPTtXcfdqRgjo0PEXI0+U+tfjygf+ZrO1TUC/O0sJuiHD/V9j6aZX7IAui
-ldzoagkZwIBTmTru44Fc4OT9Ajb0h3a7BEt7QBarSgyjzGZgjJmOabDNdH9VVN2w
-iH7zkozXS16NZ2XpX6D3W8ZO3gN45L7K1yvcgy9ORhDSipStpb2loAEw2FepGiXz
-5kxF4sr7Yuj/XdxmU9/WVEv2y0x+kFQJ4lkHUuAzhDaQkBFSqTVyWO+hob9M70sT
-UJhMOLxUcJ08nKYc467yizPZ8VNIB9xZkZs2S5QeBs1femGJnTqJOqepq1YGlsRp
-LanLlWgwTwJM37itZOpGaep5RqO0NrruVOSHRNlIx1xBqgN2EQKCAQEA3Vayxmzf
-mVKilKjinVtyoHAmMWZzMxVXImt/596UvKTXExJZIlzb8eWnaxd9PLlGVQ5yifV9
-Ij1ndwcrCL2NDYmNhOaTtSNdzCsBk+rKvF6IoQC6hKg+oyo69OTQdkN34xZyO3fl
-E9afM0VQWc6IxQpjE60seBGRBvoVm4x2oRuv3+iWfSSYg95/MrSNF0DMC+acWVap
-MzfnWELe7Osgw1E8Km087DMpmdiCWUy2hpVmmWwPe1dOOBTx/lXmCQPYOhK2Kb+O
-se6DRd6ZUfDZMrye36swKpveIpxnP29CrSKu3e08od7e0FMiSy4kXQvLdNUI2YoA
-wtgUL2R6JfAMWwKCAQEA08XwJa9qoYy7UBMRfXcX8QQN3EpZUlvDNbkwlReFtZQw
-ZHnZVXf453IaZ/TzDn41Jui9Gln49XUaLzmMbwTlzsL/3eUgmuW4OAsaFRO//1HP
-awISoJkqi4cqcivkFcfg/3bpuV08dkVuLTsnNGIUVFgwpdFk+TAGVIzS7s4vzgZ7
-NIZRv+D2p8LyYks9CX9/J8ogjtnfxUFj4TCK0JPVq+WB+2AekOQxWarEeJXA2lpd
-fNpg03fWJmpAOsh7lcd6CRhoTUfaiCArrj91YN9YoClv9n5w2b64Mbd8gz6B7Lvl
-mD/KM8hpJOTVVaDLBzssL9IEZc7CPI6zAKaW1iXAiQKCAQEAg2XGt9lGXIUcE1i3
-P2dcgzZQ1h7V4MuYcMyUoBgZAGxzadUIqUerIs2NOBw3subig/gRsyjTYpJFa/oL
-aCLvK8wvAWjI403djykwxJksRetw/POrxrkChma5nUyBHNQsxdk7c2ZXzhEpbYyG
-iOn9c8wYyUOTFKyJBjVMwoz+l+IR5MD1JdGl4RMjO/zHjbhf6ei7hKXXyJo1csYw
-BUIIryr4ps82zZoJ5lUL/Ot3qCnlQMtP3Y8U1mJIzw47g7qOkNsu3VXk5miL8dyV
-9Hkg1+f2AR5ld8YUd0OWX6gzUwk1+nWt+wKOD+pqf2sjF0G7RN57ZHlyvjj8sq3Z
-fdAl5QKCAQAmChwE6OmCc0ECNSqjGs1WIaBLvZ8lyA3cjJNJdJwz7ZZztd9wFsjC
-6iAMJFe0dr8dahjtrtOlY498hB3Ro1OUPDqxpQKiUDky9+uLday7M/rKAelOp7SY
-s4LQV0n1D54+xSFehnzh0b7kqQd1xVhZfi3e2yoECLhaX6FT+/1iSI/A84+jo8kq
-gT4AofsoxZoVj50hi8lCKWjDfnCw3p0271bVzIIxDIxAywfXkS6/ChRY5PEXiyMQ
-a212IaTxVo95KsUxfIKoiP7Pod53tCa7PjY6VKP4uOVlKMxY1tWHrIilPHAZtRoN
-4nzfkK5nch2RyWu4zdbeAdPtff8CIG3hAoIBABqpu+L5lQiP3yrYAgmHbmY1iFXs
-UtXpO6Qn2sEpQl7GbaGtv/lkQ6geA9JG/ka6sO7BoIFFt0ckm1NrhFTMgunPjevm
-eVY6Sn7JZC9qyE+oCrJMg+0hzc5Gw8+/H+e0Jgca8+76WVu8gGcsLdT+NjYNQwXH
-rzo7tuC/a+Da3nd2UnMheqf8ajt7oXaXgrqYjzK9Fx/QJcUel12ny+Nx+NADx4UU
-K43Js4kcyWyYG9ms7S643u1leDDO+hpeB6EN15U2v7zXi8rMrLqvNKrBi9bCRFDu
-3zsKSPS+qeqpNBsefGtx7oluHdiQocA6w20nQ1DzIW2mOo8Pn5nzt7fPPPA=
------END RSA PRIVATE KEY-----)";
-const std::string kRsa4096PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtxmYsvs6ZfhTCFKCHQBW
-/W3iRfh8wZN+/XPXaOiIx9SXYSFrb/WRaTn8UOvflYuRnPYMaRGr5gVTS6/WFVvt
-NuZVIDOQBgEOBt5MQ0BeM0yPiM6qacP15couRwxbJx45ODQNyh5jNF4SdzqThNFT
-CFHtWakL1qrkGNSKdowIMaM59dm58liMHxp9h9yTmqM4ZgiZkoF6Vy4KYrg9ChVq
-UZze4KMiyow8Xv6ESM7Eg2ncTbRevuedbtYv7OVlotyozt1geFkWm/8ZUA6Z68lf
-tYMySq0/yjAmjql0DXP1+vPL9k5sKGr5lpIUlB7a9JWbXdepNjvy1vslFuLjcM50
-9d1E8e70C5VF61XthKlk3rRIBWK80XupWR7o6clJsMYKxeF+ImBbzDbWrIkMxe0v
-TbikS6S4CLPVlYx4sMWAWu4UBpxZquw4cVxyiKoZ2j5yTMAD1xiHI/b2/psFzW3q
-XcgQWTY7dpIP1BInhepCzHlcLSEiHtmMoCXNC3+i9ZXxiJ1u8avYfGjH8RrJW8dv
-Vw7BS7zlH9s7rCn001VBJCJcXtkGaykw9Zd1E+Jh7IKQJn8gydsQ0enlMmtwsJO/
-tEvYBojFXbl4XecMWADTiExjXobX1y7u9ZTn0KRNkPpX9GTgY3oR0ei+rwOr4d+k
-2CrUdkMTGfjnfcDHKjHh3LMCAwEAAQ==
------END PUBLIC KEY-----)";
-const std::string kRsa4096PubKeyJwkN =
- "txmYsvs6ZfhTCFKCHQBW_W3iRfh8wZN-_XPXaOiIx9SXYSFrb_WRaTn8UOvflYu"
- "RnPYMaRGr5gVTS6_WFVvtNuZVIDOQBgEOBt5MQ0BeM0yPiM6qacP15couRwxbJx"
- "45ODQNyh5jNF4SdzqThNFTCFHtWakL1qrkGNSKdowIMaM59dm58liMHxp9h9yTm"
- "qM4ZgiZkoF6Vy4KYrg9ChVqUZze4KMiyow8Xv6ESM7Eg2ncTbRevuedbtYv7OVl"
- "otyozt1geFkWm_8ZUA6Z68lftYMySq0_yjAmjql0DXP1-vPL9k5sKGr5lpIUlB7"
- "a9JWbXdepNjvy1vslFuLjcM509d1E8e70C5VF61XthKlk3rRIBWK80XupWR7o6c"
- "lJsMYKxeF-ImBbzDbWrIkMxe0vTbikS6S4CLPVlYx4sMWAWu4UBpxZquw4cVxyi"
- "KoZ2j5yTMAD1xiHI_b2_psFzW3qXcgQWTY7dpIP1BInhepCzHlcLSEiHtmMoCXN"
- "C3-i9ZXxiJ1u8avYfGjH8RrJW8dvVw7BS7zlH9s7rCn001VBJCJcXtkGaykw9Zd"
- "1E-Jh7IKQJn8gydsQ0enlMmtwsJO_tEvYBojFXbl4XecMWADTiExjXobX1y7u9Z"
- "Tn0KRNkPpX9GTgY3oR0ei-rwOr4d-k2CrUdkMTGfjnfcDHKjHh3LM";
-const std::string kRsa4096PubKeyJwkE = "AQAB";
+extern const char* kRsa1024PrivKeyPem;
+extern const char* kRsa1024PubKeyPem;
+extern const char* kRsa1024PubKeyJwkN;
+extern const char* kRsa1024PubKeyJwkE;
-const std::string kEcdsa521PrivKeyPem = R"(-----BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIAuZxTZjLIZM5hxgZX+JRrqt5FKpAEg/meZ7m9aSE3XbRITqtfz1Uy
-h2Srn7o8+4j/jQpwHTTHZThy10u5jMjaR+mgBwYFK4EEACOhgYkDgYYABAFFah0k
-6m4ddp/tUN/ObrKKwSCp4QUZdiAMaC9eY1HyNBPuuEsH5qCfeY5lmeJwSUpzCosn
-rgW8M2hQ4Kr5V9OXrgHLA5WVtH6//sSkUY2/xYuqc7/Ln8gI5ddtr1qG64Xtgs05
-/CNajSjFZeLm76llakvYiBTTH/ii8hIfrwukW9IP7Q==
------END EC PRIVATE KEY-----)";
-const std::string kEcdsa521PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
-MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBRWodJOpuHXaf7VDfzm6yisEgqeEF
-GXYgDGgvXmNR8jQT7rhLB+agn3mOZZnicElKcwqLJ64FvDNoUOCq+VfTl64BywOV
-lbR+v/7EpFGNv8WLqnO/y5/ICOXXba9ahuuF7YLNOfwjWo0oxWXi5u+pZWpL2IgU
-0x/4ovISH68LpFvSD+0=
------END PUBLIC KEY-----)";
-const std::string kEcdsa521PubKeyJwkX =
- "AUVqHSTqbh12n-1Q385usorBIKnhBRl2IAxoL15jUfI0E-64SwfmoJ95jmWZ4nB"
- "JSnMKiyeuBbwzaFDgqvlX05eu";
-const std::string kEcdsa521PubKeyJwkY =
- "AcsDlZW0fr_-xKRRjb_Fi6pzv8ufyAjl122vWobrhe2CzTn8I1qNKMVl4ubvqWV"
- "qS9iIFNMf-KLyEh-vC6Rb0g_t";
+extern const char* kRsa2048PrivKeyPem;
+extern const char* kRsa2048PubKeyPem;
+extern const char* kRsa2048PubKeyJwkN;
+extern const char* kRsa2048PubKeyJwkE;
-const std::string kEcdsa384PrivKeyPem = R"(-----BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDCrPXJDgQDtNRpM0qNUW/zN1vrCvOVH1CsItVZ+1NeGB+w/2whnIXJQ
-K7U5C1ETPHagBwYFK4EEACKhZANiAAR0JjvVJXc3u1I/7vt5mxzPtAIi1VIqxCwN
-wgISZVySTYZQzyicW2GfhMlFCow28LzqTwH/eCymAvnTAmpK/P1hXhNcnxDBZNOU
-WMbMLFcQrg2wwpIb/k/IXobNwjNPRBo=
------END EC PRIVATE KEY-----)";
-const std::string kEcdsa384PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEdCY71SV3N7tSP+77eZscz7QCItVSKsQs
-DcICEmVckk2GUM8onFthn4TJRQqMNvC86k8B/3gspgL50wJqSvz9YV4TXJ8QwWTT
-lFjGzCxXEK4NsMKSG/5PyF6GzcIzT0Qa
------END PUBLIC KEY-----)";
-const std::string kEcdsa384PubKeyJwkX =
- "dCY71SV3N7tSP-77eZscz7QCItVSKsQsDcICEmVckk2GUM8onFthn4TJRQqMNvC8";
-const std::string kEcdsa384PubKeyJwkY =
- "6k8B_3gspgL50wJqSvz9YV4TXJ8QwWTTlFjGzCxXEK4NsMKSG_5PyF6GzcIzT0Qa";
+extern const char* kRsa4096PrivKeyPem;
+extern const char* kRsa4096PubKeyPem;
+extern const char* kRsa4096PubKeyJwkN;
+extern const char* kRsa4096PubKeyJwkE;
-const std::string kEcdsa256PrivKeyPem = R"(-----BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPGJGAm4X1fvBuC1z
-SpO/4Izx6PXfNMaiKaS5RUkFqEGhRANCAARCBvmeksd3QGTrVs2eMrrfa7CYF+sX
-sjyGg+Bo5mPKGH4Gs8M7oIvoP9pb/I85tdebtKlmiCZHAZE5w4DfJSV6
------END PRIVATE KEY-----)";
-const std::string kEcdsa256PubKeyPem = R"(-----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQgb5npLHd0Bk61bNnjK632uwmBfr
-F7I8hoPgaOZjyhh+BrPDO6CL6D/aW/yPObXXm7SpZogmRwGROcOA3yUleg==
------END PUBLIC KEY-----)";
-const std::string kEcdsa256PubKeyJwkX =
"Qgb5npLHd0Bk61bNnjK632uwmBfrF7I8hoPgaOZjyhg";
-const std::string kEcdsa256PubKeyJwkY =
"fgazwzugi-g_2lv8jzm115u0qWaIJkcBkTnDgN8lJXo";
+extern const char* kEcdsa521PrivKeyPem;
+extern const char* kEcdsa521PubKeyPem;
+extern const char* kEcdsa521PubKeyJwkX;
+extern const char* kEcdsa521PubKeyJwkY;
-const std::string kKid1 = "public:c424b67b-fe28-45d7-b015-f79da50b5b21";
-const std::string kKid2 = "public:9b9d0b47-b9ed-4ba6-9180-52fc5b161a3a";
+extern const char* kEcdsa384PrivKeyPem;
+extern const char* kEcdsa384PubKeyPem;
+extern const char* kEcdsa384PubKeyJwkX;
+extern const char* kEcdsa384PubKeyJwkY;
-const std::string kJwksHsFileFormat = R"(
-{
- "keys": [
- { "kty": "oct", "kid": "$0", "alg": "$1", "k": "$2" }
- ]
-})";
+extern const char* kEcdsa256PrivKeyPem;
+extern const char* kEcdsa256PubKeyPem;
+extern const char* kEcdsa256PubKeyJwkX;
+extern const char* kEcdsa256PubKeyJwkY;
-const std::string kJwksRsaFileFormat = R"(
-{
- "keys": [
- { "kty": "RSA", "kid": "$0", "alg": "$1", "n": "$2", "e": "$3" },
- { "kty": "RSA", "kid": "$4", "alg": "$5", "n": "$6", "e": "$7" }
- ]
-})";
+extern const char* kKid1;
+extern const char* kKid2;
-const std::string kJwksEcFileFormat = R"(
-{
- "keys": [
- { "kty": "EC", "kid": "$0", "crv": "$1", "x": "$2", "y": "$3" }
- ]
-})";
+extern const char* kJwksHsFileFormat;
+extern const char* kJwksRsaFileFormat;
+extern const char* kJwksEcFileFormat;
diff --git a/src/kudu/util/mini_oidc.cc b/src/kudu/util/mini_oidc.cc
index 803ed1e14..d3e077722 100644
--- a/src/kudu/util/mini_oidc.cc
+++ b/src/kudu/util/mini_oidc.cc
@@ -119,7 +119,7 @@ Status MiniOidc::Start() {
Sockaddr addr;
RETURN_NOT_OK(jwks_server_->GetBoundAddresses(&bound_addrs));
RETURN_NOT_OK(addr.ParseString(bound_addrs[0].host(),
bound_addrs[0].port()));
- string const jwks_url = Substitute("http://$0/jwks";, addr.ToString());
+ const string jwks_url = Substitute("http://$0/jwks";, addr.ToString());
// Now start the OIDC Discovery server that points to the JWKS endpoints.
WebserverOptions oidc_opts;
