From cc46194f294468b4c7f2f4b3ddfc92d75ff9a6d5 Mon Sep 17 00:00:00 2001 From: zyy17 Date: Thu, 19 Jan 2023 13:13:33 +0800 Subject: [PATCH] refactor: support TLS private key of RSA format and add the full test certificates generation (#885) chore: add the full certificate generation Signed-off-by: zyy17 Signed-off-by: zyy17 --- src/servers/src/tls.rs | 22 +++-- src/servers/tests/mysql/mysql_server_test.rs | 90 +++++++++++++------ src/servers/tests/postgres/mod.rs | 59 +++++++++--- src/servers/tests/ssl/cert.conf | 10 +++ src/servers/tests/ssl/csr.conf | 23 +++++ src/servers/tests/ssl/gen-certs.sh | 26 ++++++ src/servers/tests/ssl/root-ca.crt | 17 ++++ src/servers/tests/ssl/root-ca.key | 28 ++++++ src/servers/tests/ssl/root-ca.srl | 1 + src/servers/tests/ssl/server-pkcs8.key | 28 ++++++ src/servers/tests/ssl/server-rsa.key | 27 ++++++ src/servers/tests/ssl/server.crt | 95 +++++--------------- src/servers/tests/ssl/server.csr | 19 ++++ src/servers/tests/ssl/server.key | 28 ------ 14 files changed, 326 insertions(+), 147 deletions(-) create mode 100644 src/servers/tests/ssl/cert.conf create mode 100644 src/servers/tests/ssl/csr.conf create mode 100755 src/servers/tests/ssl/gen-certs.sh create mode 100644 src/servers/tests/ssl/root-ca.crt create mode 100644 src/servers/tests/ssl/root-ca.key create mode 100644 src/servers/tests/ssl/root-ca.srl create mode 100644 src/servers/tests/ssl/server-pkcs8.key create mode 100644 src/servers/tests/ssl/server-rsa.key create mode 100644 src/servers/tests/ssl/server.csr delete mode 100644 src/servers/tests/ssl/server.key diff --git a/src/servers/src/tls.rs b/src/servers/src/tls.rs index 906d685027..b0651f56c1 100644 --- a/src/servers/src/tls.rs +++ b/src/servers/src/tls.rs @@ -16,7 +16,7 @@ use std::fs::File; use std::io::{BufReader, Error, ErrorKind}; use rustls::{Certificate, PrivateKey, ServerConfig}; -use rustls_pemfile::{certs, pkcs8_private_keys}; +use rustls_pemfile::{certs, pkcs8_private_keys, rsa_private_keys}; use serde::{Deserialize, Serialize}; use strum::EnumString; @@ -80,11 +80,21 @@ impl TlsOption { .map_err(|_| Error::new(ErrorKind::InvalidInput, "invalid cert")) .map(|mut certs| certs.drain(..).map(Certificate).collect())?; - // TODO(SSebo): support more private key types - let key = pkcs8_private_keys(&mut BufReader::new(File::open(&self.key_path)?)) - .map_err(|_| Error::new(ErrorKind::InvalidInput, "invalid key")) - .map(|mut keys| keys.drain(..).map(PrivateKey).next())? - .ok_or_else(|| Error::new(ErrorKind::InvalidInput, "invalid key"))?; + let key = { + let mut pkcs8 = pkcs8_private_keys(&mut BufReader::new(File::open(&self.key_path)?)) + .map_err(|_| Error::new(ErrorKind::InvalidInput, "invalid key"))?; + if !pkcs8.is_empty() { + PrivateKey(pkcs8.remove(0)) + } else { + let mut rsa = rsa_private_keys(&mut BufReader::new(File::open(&self.key_path)?)) + .map_err(|_| Error::new(ErrorKind::InvalidInput, "invalid key"))?; + if !rsa.is_empty() { + PrivateKey(rsa.remove(0)) + } else { + return Err(Error::new(ErrorKind::InvalidInput, "invalid key")); + } + } + }; // TODO(SSebo): with_client_cert_verifier if TlsMode is Required. let config = ServerConfig::builder() diff --git a/src/servers/tests/mysql/mysql_server_test.rs b/src/servers/tests/mysql/mysql_server_test.rs index 0ddb426162..9ec9f1caf7 100644 --- a/src/servers/tests/mysql/mysql_server_test.rs +++ b/src/servers/tests/mysql/mysql_server_test.rs @@ -183,40 +183,29 @@ async fn test_query_all_datatypes() -> Result<()> { #[tokio::test(flavor = "multi_thread", worker_threads = 2)] async fn test_server_prefer_secure_client_plain() -> Result<()> { - let server_tls = TlsOption { - mode: servers::tls::TlsMode::Prefer, - cert_path: "tests/ssl/server.crt".to_owned(), - key_path: "tests/ssl/server.key".to_owned(), - }; - - let client_tls = false; - do_test_query_all_datatypes(server_tls, client_tls).await?; + do_test_query_all_datatypes_with_secure_server(servers::tls::TlsMode::Prefer, false, false) + .await?; Ok(()) } #[tokio::test(flavor = "multi_thread", worker_threads = 2)] -async fn test_server_prefer_secure_client_secure() -> Result<()> { - let server_tls = TlsOption { - mode: servers::tls::TlsMode::Prefer, - cert_path: "tests/ssl/server.crt".to_owned(), - key_path: "tests/ssl/server.key".to_owned(), - }; - - let client_tls = true; - do_test_query_all_datatypes(server_tls, client_tls).await?; +async fn test_server_prefer_secure_client_plain_with_pkcs8_priv_key() -> Result<()> { + do_test_query_all_datatypes_with_secure_server(servers::tls::TlsMode::Prefer, false, true) + .await?; Ok(()) } #[tokio::test(flavor = "multi_thread", worker_threads = 4)] async fn test_server_require_secure_client_secure() -> Result<()> { - let server_tls = TlsOption { - mode: servers::tls::TlsMode::Require, - cert_path: "tests/ssl/server.crt".to_owned(), - key_path: "tests/ssl/server.key".to_owned(), - }; + do_test_query_all_datatypes_with_secure_server(servers::tls::TlsMode::Require, true, false) + .await?; + Ok(()) +} - let client_tls = true; - do_test_query_all_datatypes(server_tls, client_tls).await?; +#[tokio::test(flavor = "multi_thread", worker_threads = 4)] +async fn test_server_require_secure_client_secure_with_pkcs8_priv_key() -> Result<()> { + do_test_query_all_datatypes_with_secure_server(servers::tls::TlsMode::Require, true, true) + .await?; Ok(()) } @@ -225,7 +214,38 @@ async fn test_server_required_secure_client_plain() -> Result<()> { let server_tls = TlsOption { mode: servers::tls::TlsMode::Require, cert_path: "tests/ssl/server.crt".to_owned(), - key_path: "tests/ssl/server.key".to_owned(), + key_path: "tests/ssl/server-rsa.key".to_owned(), + }; + + let client_tls = false; + + #[allow(unused)] + let TestingData { + column_schemas, + mysql_columns_def, + columns, + mysql_text_output_rows, + } = all_datatype_testing_data(); + let schema = Arc::new(Schema::new(column_schemas.clone())); + let recordbatch = RecordBatch::new(schema, columns).unwrap(); + let table = MemTable::new("all_datatypes", recordbatch); + + let mysql_server = create_mysql_server(table, server_tls)?; + + let listening = "127.0.0.1:0".parse::().unwrap(); + let server_addr = mysql_server.start(listening).await.unwrap(); + + let r = create_connection(server_addr.port(), None, client_tls).await; + assert!(r.is_err()); + Ok(()) +} + +#[tokio::test(flavor = "multi_thread", worker_threads = 2)] +async fn test_server_required_secure_client_plain_with_pkcs8_priv_key() -> Result<()> { + let server_tls = TlsOption { + mode: servers::tls::TlsMode::Require, + cert_path: "tests/ssl/server.crt".to_owned(), + key_path: "tests/ssl/server-pkcs8.key".to_owned(), }; let client_tls = false; @@ -393,3 +413,23 @@ async fn create_connection( mysql_async::Conn::new(opts).await } + +async fn do_test_query_all_datatypes_with_secure_server( + server_tls_mode: servers::tls::TlsMode, + client_tls: bool, + is_pkcs8_priv_key: bool, +) -> Result<()> { + let server_tls = TlsOption { + mode: server_tls_mode, + cert_path: "tests/ssl/server.crt".to_owned(), + key_path: { + if is_pkcs8_priv_key { + "tests/ssl/server-pkcs8.key".to_owned() + } else { + "tests/ssl/server-rsa.key".to_owned() + } + }, + }; + + do_test_query_all_datatypes(server_tls, client_tls).await +} diff --git a/src/servers/tests/postgres/mod.rs b/src/servers/tests/postgres/mod.rs index de05fe66bf..871b089067 100644 --- a/src/servers/tests/postgres/mod.rs +++ b/src/servers/tests/postgres/mod.rs @@ -235,15 +235,28 @@ async fn test_query_pg_concurrently() -> Result<()> { #[tokio::test(flavor = "multi_thread", worker_threads = 2)] async fn test_server_secure_prefer_client_plain() -> Result<()> { common_telemetry::init_default_ut_logging(); + do_simple_query_with_secure_server(servers::tls::TlsMode::Prefer, false, false).await?; + Ok(()) +} - let server_tls = TlsOption { - mode: servers::tls::TlsMode::Prefer, - cert_path: "tests/ssl/server.crt".to_owned(), - key_path: "tests/ssl/server.key".to_owned(), - }; +#[tokio::test(flavor = "multi_thread", worker_threads = 2)] +async fn test_server_secure_prefer_client_plain_with_pkcs8_priv_key() -> Result<()> { + common_telemetry::init_default_ut_logging(); + do_simple_query_with_secure_server(servers::tls::TlsMode::Prefer, false, true).await?; + Ok(()) +} - let client_tls = false; - do_simple_query(server_tls, client_tls).await?; +#[tokio::test(flavor = "multi_thread", worker_threads = 2)] +async fn test_server_secure_require_client_secure() -> Result<()> { + common_telemetry::init_default_ut_logging(); + do_simple_query_with_secure_server(servers::tls::TlsMode::Require, true, false).await?; + Ok(()) +} + +#[tokio::test(flavor = "multi_thread", worker_threads = 2)] +async fn test_server_secure_require_client_secure_with_pkcs8_priv_key() -> Result<()> { + common_telemetry::init_default_ut_logging(); + do_simple_query_with_secure_server(servers::tls::TlsMode::Require, true, true).await?; Ok(()) } @@ -254,7 +267,7 @@ async fn test_server_secure_require_client_plain() -> Result<()> { let server_tls = TlsOption { mode: servers::tls::TlsMode::Require, cert_path: "tests/ssl/server.crt".to_owned(), - key_path: "tests/ssl/server.key".to_owned(), + key_path: "tests/ssl/server-rsa.key".to_owned(), }; let server_port = start_test_server(server_tls).await?; let r = create_plain_connection(server_port, false).await; @@ -263,17 +276,17 @@ async fn test_server_secure_require_client_plain() -> Result<()> { } #[tokio::test(flavor = "multi_thread", worker_threads = 2)] -async fn test_server_secure_require_client_secure() -> Result<()> { +async fn test_server_secure_require_client_plain_with_pkcs8_priv_key() -> Result<()> { common_telemetry::init_default_ut_logging(); let server_tls = TlsOption { mode: servers::tls::TlsMode::Require, cert_path: "tests/ssl/server.crt".to_owned(), - key_path: "tests/ssl/server.key".to_owned(), + key_path: "tests/ssl/server-pkcs8.key".to_owned(), }; - - let client_tls = true; - do_simple_query(server_tls, client_tls).await?; + let server_port = start_test_server(server_tls).await?; + let r = create_plain_connection(server_port, false).await; + assert!(r.is_err()); Ok(()) } @@ -434,3 +447,23 @@ impl ServerCertVerifier for AcceptAllVerifier { Ok(ServerCertVerified::assertion()) } } + +async fn do_simple_query_with_secure_server( + server_tls_mode: servers::tls::TlsMode, + client_tls: bool, + is_pkcs8_priv_key: bool, +) -> Result<()> { + let server_tls = TlsOption { + mode: server_tls_mode, + cert_path: "tests/ssl/server.crt".to_owned(), + key_path: { + if is_pkcs8_priv_key { + "tests/ssl/server-pkcs8.key".to_owned() + } else { + "tests/ssl/server-rsa.key".to_owned() + } + }, + }; + + do_simple_query(server_tls, client_tls).await +} diff --git a/src/servers/tests/ssl/cert.conf b/src/servers/tests/ssl/cert.conf new file mode 100644 index 0000000000..f2764fbe22 --- /dev/null +++ b/src/servers/tests/ssl/cert.conf @@ -0,0 +1,10 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = *.greptime.com +DNS.2 = *.greptime.cloud +DNS.3 = localhost +IP.1 = 127.0.0.1 diff --git a/src/servers/tests/ssl/csr.conf b/src/servers/tests/ssl/csr.conf new file mode 100644 index 0000000000..d911e0270e --- /dev/null +++ b/src/servers/tests/ssl/csr.conf @@ -0,0 +1,23 @@ +[ req ] +default_bits = 2048 +prompt = no +default_md = sha256 +req_extensions = req_ext +distinguished_name = dn + +[ dn ] +C = CN +ST = Hangzhou +L = Hangzhou +O = Greptime +OU = Greptime Developer +CN = greptime.com + +[ req_ext ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = *.greptime.com +DNS.2 = *.greptime.cloud +DNS.3 = localhost +IP.1 = 127.0.0.1 diff --git a/src/servers/tests/ssl/gen-certs.sh b/src/servers/tests/ssl/gen-certs.sh new file mode 100755 index 0000000000..3e1479b482 --- /dev/null +++ b/src/servers/tests/ssl/gen-certs.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +# Create the self-signed CA certificate. +openssl req -x509 \ + -sha256 -days 356 \ + -nodes \ + -newkey rsa:2048 \ + -subj "/CN=greptime-ca" \ + -keyout root-ca.key -out root-ca.crt + +# Create the server private key. +openssl genrsa -out server-rsa.key 2048 + +# Create the server certificate signing request. +openssl req -new -key server-rsa.key -out server.csr -config csr.conf + +# Create the server certificate. +openssl x509 -req \ + -in server.csr \ + -CA root-ca.crt -CAkey root-ca.key \ + -CAcreateserial -out server.crt \ + -days 365 \ + -sha256 -extfile cert.conf + +# Create private key of pkcs8 format from rsa key. +openssl pkcs8 -topk8 -inform PEM -in ./server-rsa.key -outform pem -nocrypt -out server-pkcs8.key diff --git a/src/servers/tests/ssl/root-ca.crt b/src/servers/tests/ssl/root-ca.crt new file mode 100644 index 0000000000..1d95f3a18e --- /dev/null +++ b/src/servers/tests/ssl/root-ca.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICqDCCAZACCQC7+cxd19y8qjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtn +cmVwdGltZS1jYTAeFw0yMzAxMTYxMzQ5MzVaFw0yNDAxMDcxMzQ5MzVaMBYxFDAS +BgNVBAMMC2dyZXB0aW1lLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAwzdEpod7Br06SU41onxvspu1WdYIxx0Zybfv4YeaTbtmIAmSaZON237La1P2 +V72S5lcbH+ImuyJwQkGVy1KZBw4waDbc4pfICX2Sm/UoWCwzegITcBzwYW2Exz4C +skPH09ZU8uHOF4VubJzZwtC3Tx27VUwj+F88/xOD4Ws4btXAPZ+/1Y0CZ8nv5Yjb +t2r+A2B+6YSrifojdKFttTqM8Y8WXRHqhb+YeO9MdxSiqPAWInmwy1sOOXNATVwC +k/BFEfpsjqajCy/NNS9NWUcdvDNAz/zRywJDHzwMk+b5KXzvUkNZuf/ZTXl5jL+d +zzgRmlYKwJylNILH2NsHyERcVwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCi+0Uf +Qd+h2kKo6nm38/RAk6+5sINUzYStoq1C/pNjrYYYz/zVMn4OjBhk5/VtKArSHtEq +YrZL8X6bXqy9e7gNlrwZ4eVxmiCsif5gQt2/jdFrT7hrTRYdax7tEj6yf9XBgjHv +/XZ0TLflbhOhNhy9KA0OyRxmNh9SAcT46psNN+t9S18tLORAHuhE2R95C13P7GHa +HauFFRoG16Wgp1kXXLcrU+mPeJ/+ybWm4OSkyn0ye0wO9XUPfLOLZePTCTeu7xFG +CwXAD1oGR6ZaglZm+guuTR38qG34pPXGcSzLCsBUuTeiMu5amAMOwMIjAbnnH1qe +AtvukomW0uRXHUMw +-----END CERTIFICATE----- diff --git a/src/servers/tests/ssl/root-ca.key b/src/servers/tests/ssl/root-ca.key new file mode 100644 index 0000000000..7458af34b6 --- /dev/null +++ b/src/servers/tests/ssl/root-ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDN0Smh3sGvTpJ +TjWifG+ym7VZ1gjHHRnJt+/hh5pNu2YgCZJpk43bfstrU/ZXvZLmVxsf4ia7InBC +QZXLUpkHDjBoNtzil8gJfZKb9ShYLDN6AhNwHPBhbYTHPgKyQ8fT1lTy4c4XhW5s +nNnC0LdPHbtVTCP4Xzz/E4Phazhu1cA9n7/VjQJnye/liNu3av4DYH7phKuJ+iN0 +oW21OozxjxZdEeqFv5h470x3FKKo8BYiebDLWw45c0BNXAKT8EUR+myOpqMLL801 +L01ZRx28M0DP/NHLAkMfPAyT5vkpfO9SQ1m5/9lNeXmMv53POBGaVgrAnKU0gsfY +2wfIRFxXAgMBAAECggEAU1LSzZXEUEMSjtmAESO19XF6vaaaxopISI5nKEdd+FHF +rGUJhmDByu9a2ivTWO4EtqZ1YG2CBJwVeGJQEqHlyVooFUNdkqYgbtSXcFP67W+o +ZSpfq5nejGdXpkd0lSxTLbstNSJmeims0VU9qWa252EUZbsDG29jNKjawKuoQb3h +J/e2RHoAoYcV1G+C/xcryBsKCUppLf0OwDjvsL3XNJq+EI6hViwho0VOIjggwfRn +4DRPnN+lQA0tVVdhyV4+aUv32nPt9/Ss5WpqFRR0+pL1nnd022MkXZXm5796B/8W +YKIxRvRWw1fSufsjc9Q8Hzx42k+tBh5UwF4+XGUEwQKBgQDz9Jb23zPkRHKm196K +U5MQ6Td77TnL2bAuOsjWl8DuBlPoUMi1sH9e30J4q6RWWdjBR0VJKMaYWtvaDRGE +CjchQ82HDtfD9T0ee3nDBjP7kzKgGpJ/giQ5/Jg/ZUyQOB/YGw5w7cc+j+gJc3iK +/tznXXD85pTqq6vn/wJBzKd2oQKBgQDM2qXfGTareMZGEK6m4SfpvbF4mZQOM/YM +bEP6F/FOlNJLpExWVHkoy0vJ0IZMhyAZr2AmyzFWYZ8L9LW5LyrCkFWASXVPKIUe +tF7xS3JKxml1YXUES6GSofb6BPNLB+KEz0G0SLcHQ5kpSOnSso+kJKMpQ1DBiZYn +qGZ4qeKH9wKBgF47lXDI6P98nRjre6/M9prqqx74lIG0lcRVuqyBs+l9kj3DrrPX ++GtKLB/2lSUx0XNfN1k6IfRJ7HB+6cwqMf9sdGB+EERGX5R9t5vosn2z7zM+8GXG +fH3Vn22lkHyI4WwVj295uaPl7IhyDRcLuYK5amKWIuG+7ElSDKokBm/hAoGBAJXb +JRgtU6bgdPrwXTNK5m3BDMCSaJJzRH0V/ixHs4iuqaAYEpfct7016r05w+TbvInN +l2MJpY/xXe3bF8zeSkOGXmW4Vw6PL8KkZAfUD0nQF3l8z6NSyGGCBjAjyu6KWBSb +oQ8HWoz/0F05L4OoiBeljY4z5jGOOr/MGxoN/N9FAoGAIApQmghUZ9+EtqfQcuCe +KZ8t5ckQYHMvZbgn2sZkZfHtThbkYIRi/E5+2yb9CkY3sBL6OpvYzx3qKLJ7iso/ +RSCEvQEj+bdM9QDBCzznC7zdhRGFEYQ3MLjAXSag41HnsxdF5IXKrHlYvb0Rp/lZ +l/TLwp65NEuQ4KMFQOVL5Eo= +-----END PRIVATE KEY----- diff --git a/src/servers/tests/ssl/root-ca.srl b/src/servers/tests/ssl/root-ca.srl new file mode 100644 index 0000000000..9d1029aa35 --- /dev/null +++ b/src/servers/tests/ssl/root-ca.srl @@ -0,0 +1 @@ +EE4175C4833353A6 diff --git a/src/servers/tests/ssl/server-pkcs8.key b/src/servers/tests/ssl/server-pkcs8.key new file mode 100644 index 0000000000..9764e9c64f --- /dev/null +++ b/src/servers/tests/ssl/server-pkcs8.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDNuWUJloRnDJc4 +UvdOqF+YtFdIXn2MPvhzyBdEEqr+vY9nGNnBjBoOhSu6/2yojJpQhFlw8r68p02Q +SKO6ENHrxeZdgs0hQKAFUZBULgF3O3XHWkQ+6P9ajZw8impeYl4cOjFCzYGBXoP1 +r1wnpWRDtvmq8U2lISky9HflcTJz0wqnW/qqzhLLV/i7tik0ShoWeCdr9CpKK95C +vyG1NKsOogM3yc5iIkc/zZX82sZ1o8Fsv4oJIpbrePIowZp93T1Vo5iOSSTEzuBY +DVZhaVkSVLWZtemPOqJs2htKVyIEyTpPsA7ulKhN8mEmbiJyP9Ri+pBkZvjRR3vy +0nH/B5c9AgMBAAECggEBAJ6ysdqfnivQbqcoeVbYVEZ8eAh/u+IAgbDvXeNJc1dn +68PgS7se1Mr2uDFc8Plk3XXXYxfaaoElnpP7NTJH32g+FeN1D8DjFY6EyQ3nH4JX +ABh07ciJ/NJiA3BAZqXAxFCKI44g8hJWUv2n9TMwRxRlhlv0Ia2M0zdXl1YL6Jun +guUi4B9vTSbD1xDxBHRuB8VRNidIocBhT2rLmpiMougRoc2hBoVM7wSNDracpD9a +DL3Rm7Ujv0CwbJbTUPxQuaaRNnkIS6TDqsZvj76n2E35aEOIk+116Fl0nRYZ7LHk +PywnbzLhzVMOQsneiDkEWW7tz735nPNdSIPe96mEeYECgYEA9X9292NW6KR6YpKS ++4IG/TqedKjmwdFPOaEyPj3NoXurVZlM4U+Urgc6M7Lw2m8qM7lcw11Xzhbijz29 +ntjQeMNAOZH0W9/jGjsgkpelO6jF34QRNw2/Cfxl3+nQL14kZjID/7Gw9kyCZa2S +ChJWluudDHZPpS9PybgtvaoRztUCgYEA1oZaldnpDeLN9ftm17UgMUdl8enta6rQ +nN95YEu3gyjtWf2ry3pxTQ44/ZqcrRLRj1y+iu0D5qSqkuz14vntzwGxoVQz3gjq +zdHEkXv9ZpA3M+uMt+dLUbZ9ebpNIGhLf+oxCQxk+v/cEpo2cO5HaZCGiblXQZSr +S7vuov3IaskCgYEAzYKMxn+ka0/1G7tzy5OH4khGCYay1aEwXx/v/WajUwFB5oBU +eXCzGBP4xvqO4WyZuX78hpcHQACsXBjlOapqqg1ZIFhsZNTBOl4w4EaODak1K+1U +s++P8v4VEiKbImv+sIZCDrRjXWui5Rct37yGPAS1DY+lELTQaB8EO3e5PJkCgYBh +uOY+6PsvJigoa5NXo9y8VgfsgWFz8GYDcBF8ekFocBZfLh06HdbLATWY4PuKI85u +fhMWeg2S3WQOdf80nCFmcSEXmqHd/TXo+CuREmhGdl+POTfq9mPrHzRdZS6JGrl5 +1ZbsxkahyDfaCYHPQ9woDHwc9N74st6tKzjz6qOHcQKBgQCP6HeweuBLkCsZfaAv +MUDw1r6MFAosjvAUO+kKtxBSHkxehUwVuhDN/t/nmO2ddetRoQbIDvpTg/3R2obO +vJOiC+FxV8LX+WA8IaTHpv/5Qjl/FDyjGFHWkN+gY+xQ+BTJsR5MPCq9m6ai+ihF +1ynlhxQGWqh6cjuGhdSXYZ6WJg== +-----END PRIVATE KEY----- diff --git a/src/servers/tests/ssl/server-rsa.key b/src/servers/tests/ssl/server-rsa.key new file mode 100644 index 0000000000..5530ed0a11 --- /dev/null +++ b/src/servers/tests/ssl/server-rsa.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAzbllCZaEZwyXOFL3TqhfmLRXSF59jD74c8gXRBKq/r2PZxjZ +wYwaDoUruv9sqIyaUIRZcPK+vKdNkEijuhDR68XmXYLNIUCgBVGQVC4Bdzt1x1pE +Puj/Wo2cPIpqXmJeHDoxQs2BgV6D9a9cJ6VkQ7b5qvFNpSEpMvR35XEyc9MKp1v6 +qs4Sy1f4u7YpNEoaFngna/QqSiveQr8htTSrDqIDN8nOYiJHP82V/NrGdaPBbL+K +CSKW63jyKMGafd09VaOYjkkkxM7gWA1WYWlZElS1mbXpjzqibNobSlciBMk6T7AO +7pSoTfJhJm4icj/UYvqQZGb40Ud78tJx/weXPQIDAQABAoIBAQCesrHan54r0G6n +KHlW2FRGfHgIf7viAIGw713jSXNXZ+vD4Eu7HtTK9rgxXPD5ZN1112MX2mqBJZ6T ++zUyR99oPhXjdQ/A4xWOhMkN5x+CVwAYdO3IifzSYgNwQGalwMRQiiOOIPISVlL9 +p/UzMEcUZYZb9CGtjNM3V5dWC+ibp4LlIuAfb00mw9cQ8QR0bgfFUTYnSKHAYU9q +y5qYjKLoEaHNoQaFTO8EjQ62nKQ/Wgy90Zu1I79AsGyW01D8ULmmkTZ5CEukw6rG +b4++p9hN+WhDiJPtdehZdJ0WGeyx5D8sJ28y4c1TDkLJ3og5BFlu7c+9+ZzzXUiD +3vephHmBAoGBAPV/dvdjVuikemKSkvuCBv06nnSo5sHRTzmhMj49zaF7q1WZTOFP +lK4HOjOy8NpvKjO5XMNdV84W4o89vZ7Y0HjDQDmR9Fvf4xo7IJKXpTuoxd+EETcN +vwn8Zd/p0C9eJGYyA/+xsPZMgmWtkgoSVpbrnQx2T6UvT8m4Lb2qEc7VAoGBANaG +WpXZ6Q3izfX7Zte1IDFHZfHp7Wuq0JzfeWBLt4Mo7Vn9q8t6cU0OOP2anK0S0Y9c +vortA+akqpLs9eL57c8BsaFUM94I6s3RxJF7/WaQNzPrjLfnS1G2fXm6TSBoS3/q +MQkMZPr/3BKaNnDuR2mQhom5V0GUq0u77qL9yGrJAoGBAM2CjMZ/pGtP9Ru7c8uT +h+JIRgmGstWhMF8f7/1mo1MBQeaAVHlwsxgT+Mb6juFsmbl+/IaXB0AArFwY5Tmq +aqoNWSBYbGTUwTpeMOBGjg2pNSvtVLPvj/L+FRIimyJr/rCGQg60Y11rouUXLd+8 +hjwEtQ2PpRC00GgfBDt3uTyZAoGAYbjmPuj7LyYoKGuTV6PcvFYH7IFhc/BmA3AR +fHpBaHAWXy4dOh3WywE1mOD7iiPObn4TFnoNkt1kDnX/NJwhZnEhF5qh3f016Pgr +kRJoRnZfjzk36vZj6x80XWUuiRq5edWW7MZGocg32gmBz0PcKAx8HPTe+LLerSs4 +8+qjh3ECgYEAj+h3sHrgS5ArGX2gLzFA8Na+jBQKLI7wFDvpCrcQUh5MXoVMFboQ +zf7f55jtnXXrUaEGyA76U4P90dqGzryTogvhcVfC1/lgPCGkx6b/+UI5fxQ8oxhR +1pDfoGPsUPgUybEeTDwqvZumovooRdcp5YcUBlqoenI7hoXUl2GeliY= +-----END RSA PRIVATE KEY----- diff --git a/src/servers/tests/ssl/server.crt b/src/servers/tests/ssl/server.crt index 308430c8bc..3b4eca6956 100644 --- a/src/servers/tests/ssl/server.crt +++ b/src/servers/tests/ssl/server.crt @@ -1,77 +1,22 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 1e:a1:44:88:27:3d:5c:c8:ff:ef:06:2e:da:21:05:29:30:a5:ce:2c - Signature Algorithm: sha256WithRSAEncryption - Issuer: CN = localhost - Validity - Not Before: Oct 11 07:36:01 2022 GMT - Not After : Oct 8 07:36:01 2032 GMT - Subject: CN = localhost - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:d5:b0:29:38:63:13:5e:1e:1d:ae:1f:47:88:b4: - 44:96:21:d8:d7:03:a3:d8:f9:03:2f:4e:79:66:e6: - db:19:55:1d:85:9b:f1:78:2d:87:f3:72:91:13:dc: - ff:00:cb:ab:fd:a1:c8:3a:56:26:e3:88:1d:ec:98: - 4a:af:eb:f9:60:80:27:e1:06:ba:c0:0d:c3:09:0e: - fe:d8:86:1e:25:b4:04:62:a5:75:46:8e:11:e8:61: - 59:aa:97:17:ea:c7:4c:c6:13:8c:6d:54:2a:b9:78: - 86:54:a9:6f:d6:31:96:c6:41:76:a3:c7:67:40:6f: - f2:1a:4c:0d:77:05:bb:3d:0b:16:f8:c7:de:6c:de: - 7b:2e:b6:29:85:4b:a8:36:d3:f2:84:75:e0:85:17: - ce:22:84:4b:94:02:17:8a:36:2b:13:ee:2f:aa:55: - 6b:ff:8b:df:d3:e0:23:8d:fd:c3:f8:e2:c8:a7:d5: - 76:a6:73:7d:a8:5f:6a:49:02:78:a2:c5:66:14:ee: - 86:50:3b:d1:67:7f:1b:0c:27:0d:84:ec:44:0d:39: - 08:ba:69:65:e0:35:a4:67:aa:19:e7:fe:0e:4b:9f: - 23:1e:4e:38:ed:d7:93:57:6e:94:31:05:d3:ae:f7: - 6c:01:3c:30:69:19:f4:7b:b5:48:95:71:c9:9c:30: - 43:9d - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 8E:81:0B:60:B1:F9:7D:D8:64:91:BB:30:86:E5:3D:CD:B7:82:D8:31 - X509v3 Authority Key Identifier: - keyid:8E:81:0B:60:B1:F9:7D:D8:64:91:BB:30:86:E5:3D:CD:B7:82:D8:31 - - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: sha256WithRSAEncryption - 6c:ae:ee:3e:e3:d4:5d:29:37:62:b0:32:ce:a4:36:c7:25:b4: - 6a:9f:ba:b4:f0:2f:0a:96:2f:dc:6d:df:7d:92:e7:f0:ee:f7: - de:44:9d:52:36:ff:0c:98:ef:8b:7f:27:df:6e:fe:64:11:7c: - 01:5d:7f:c8:73:a3:24:24:ba:81:fd:a8:ae:28:4f:93:bb:92: - ff:86:d6:48:a2:ca:a5:1f:ea:1c:0d:02:22:e8:71:23:27:22: - 4f:0f:37:58:9a:d9:fd:70:c5:4c:93:7d:47:1c:b6:ea:1b:4f: - 4e:7c:eb:9d:9a:d3:28:78:67:27:e9:b1:ea:f6:93:68:76:e5: - 2e:52:c6:29:91:ba:0a:96:2e:14:33:69:35:d7:b5:e0:c0:ef: - 05:77:09:9b:a1:cc:7b:b2:f0:6a:cb:5c:5f:a1:27:69:b0:2c: - 6e:93:eb:37:98:cd:97:8d:9e:78:a8:f5:99:12:66:86:48:cf: - b2:e0:68:6f:77:98:06:13:24:55:d1:c3:80:1d:59:53:1f:44: - 85:bc:5d:29:aa:2a:a1:06:17:6b:e7:2b:11:0b:fd:e3:f8:88: - 89:32:57:a3:70:f7:1b:6c:c1:66:c7:3c:a4:2d:e8:5f:00:1c: - 55:2f:72:ed:d4:3a:3f:d0:95:de:6c:a4:96:6e:b4:63:0e:80: - 08:b2:25:d5 -----BEGIN CERTIFICATE----- -MIIDCTCCAfGgAwIBAgIUHqFEiCc9XMj/7wYu2iEFKTClziwwDQYJKoZIhvcNAQEL -BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMTAxMTA3MzYwMVoXDTMyMTAw -ODA3MzYwMVowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA1bApOGMTXh4drh9HiLREliHY1wOj2PkDL055ZubbGVUd -hZvxeC2H83KRE9z/AMur/aHIOlYm44gd7JhKr+v5YIAn4Qa6wA3DCQ7+2IYeJbQE -YqV1Ro4R6GFZqpcX6sdMxhOMbVQquXiGVKlv1jGWxkF2o8dnQG/yGkwNdwW7PQsW -+MfebN57LrYphUuoNtPyhHXghRfOIoRLlAIXijYrE+4vqlVr/4vf0+Ajjf3D+OLI -p9V2pnN9qF9qSQJ4osVmFO6GUDvRZ38bDCcNhOxEDTkIumll4DWkZ6oZ5/4OS58j -Hk447deTV26UMQXTrvdsATwwaRn0e7VIlXHJnDBDnQIDAQABo1MwUTAdBgNVHQ4E -FgQUjoELYLH5fdhkkbswhuU9zbeC2DEwHwYDVR0jBBgwFoAUjoELYLH5fdhkkbsw -huU9zbeC2DEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAbK7u -PuPUXSk3YrAyzqQ2xyW0ap+6tPAvCpYv3G3ffZLn8O733kSdUjb/DJjvi38n327+ -ZBF8AV1/yHOjJCS6gf2orihPk7uS/4bWSKLKpR/qHA0CIuhxIyciTw83WJrZ/XDF -TJN9Rxy26htPTnzrnZrTKHhnJ+mx6vaTaHblLlLGKZG6CpYuFDNpNde14MDvBXcJ -m6HMe7LwastcX6EnabAsbpPrN5jNl42eeKj1mRJmhkjPsuBob3eYBhMkVdHDgB1Z -Ux9EhbxdKaoqoQYXa+crEQv94/iIiTJXo3D3G2zBZsc8pC3oXwAcVS9y7dQ6P9CV -3myklm60Yw6ACLIl1Q== +MIIDnzCCAoegAwIBAgIJAO5BdcSDM1OmMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV +BAMMC2dyZXB0aW1lLWNhMB4XDTIzMDExNjEzNDkzNVoXDTI0MDExNjEzNDkzNVow +ejELMAkGA1UEBhMCQ04xETAPBgNVBAgMCEhhbmd6aG91MREwDwYDVQQHDAhIYW5n +emhvdTERMA8GA1UECgwIR3JlcHRpbWUxGzAZBgNVBAsMEkdyZXB0aW1lIERldmVs +b3BlcjEVMBMGA1UEAwwMZ3JlcHRpbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAzbllCZaEZwyXOFL3TqhfmLRXSF59jD74c8gXRBKq/r2PZxjZ +wYwaDoUruv9sqIyaUIRZcPK+vKdNkEijuhDR68XmXYLNIUCgBVGQVC4Bdzt1x1pE +Puj/Wo2cPIpqXmJeHDoxQs2BgV6D9a9cJ6VkQ7b5qvFNpSEpMvR35XEyc9MKp1v6 +qs4Sy1f4u7YpNEoaFngna/QqSiveQr8htTSrDqIDN8nOYiJHP82V/NrGdaPBbL+K +CSKW63jyKMGafd09VaOYjkkkxM7gWA1WYWlZElS1mbXpjzqibNobSlciBMk6T7AO +7pSoTfJhJm4icj/UYvqQZGb40Ud78tJx/weXPQIDAQABo4GLMIGIMDAGA1UdIwQp +MCehGqQYMBYxFDASBgNVBAMMC2dyZXB0aW1lLWNhggkAu/nMXdfcvKowCQYDVR0T +BAIwADALBgNVHQ8EBAMCBPAwPAYDVR0RBDUwM4IOKi5ncmVwdGltZS5jb22CECou +Z3JlcHRpbWUuY2xvdWSCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOC +AQEAXiy7KEFEuxsWzEkY59C2TMPjtUL3vrceExyvsguZDZ2DeGSraq5CWH9f6vD8 +fjJhehSYFC7Y0YZlJOo9b0kh7yAvN5T6US0+wzFOr8RMVmCWJhVAiC3weT5YyDMK +V3dfJZtCej/E0Vd5tAR+lArV/FqTsoMR4k9g+8IXwlJVzQ4eX1GAIOEocAHmw/Et +HIQlUAZZTXBWMFDWl9Z+Ro0jPjNS5cvqZxBV27NoIM/3Y5PoqTQ7NSw1CTqLjZoR +J30GrrF3oXtIqgNAPUefCdwa+QJ9Td4n6NvFsNVl6tIodCN10wjqwWpAnadePYmx +tPqVZk/RXHRBC5Z3jsH5jmnLBw== -----END CERTIFICATE----- diff --git a/src/servers/tests/ssl/server.csr b/src/servers/tests/ssl/server.csr new file mode 100644 index 0000000000..115c1abc45 --- /dev/null +++ b/src/servers/tests/ssl/server.csr @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDDjCCAfYCAQAwejELMAkGA1UEBhMCQ04xETAPBgNVBAgMCEhhbmd6aG91MREw +DwYDVQQHDAhIYW5nemhvdTERMA8GA1UECgwIR3JlcHRpbWUxGzAZBgNVBAsMEkdy +ZXB0aW1lIERldmVsb3BlcjEVMBMGA1UEAwwMZ3JlcHRpbWUuY29tMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbllCZaEZwyXOFL3TqhfmLRXSF59jD74 +c8gXRBKq/r2PZxjZwYwaDoUruv9sqIyaUIRZcPK+vKdNkEijuhDR68XmXYLNIUCg +BVGQVC4Bdzt1x1pEPuj/Wo2cPIpqXmJeHDoxQs2BgV6D9a9cJ6VkQ7b5qvFNpSEp +MvR35XEyc9MKp1v6qs4Sy1f4u7YpNEoaFngna/QqSiveQr8htTSrDqIDN8nOYiJH +P82V/NrGdaPBbL+KCSKW63jyKMGafd09VaOYjkkkxM7gWA1WYWlZElS1mbXpjzqi +bNobSlciBMk6T7AO7pSoTfJhJm4icj/UYvqQZGb40Ud78tJx/weXPQIDAQABoE8w +TQYJKoZIhvcNAQkOMUAwPjA8BgNVHREENTAzgg4qLmdyZXB0aW1lLmNvbYIQKi5n +cmVwdGltZS5jbG91ZIIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IB +AQAEL6seksdR8Y2BBuyglesooQmZ7gslbMFz6SAf116c6pg7Jmfm4s+X9bNkIR1F +hJenBoFFVLYTcIOQsmyS8xbEd9Mu39VkCT6vZwE1hUq3SC2z6r5/CflMY12EjWmn +DpNEY7GtyB6jFXmeIMsI+BLt57QuDnA8uP9/dGMO0bb43RVucLwqoaBZPfeO6KYz +kXcQUCzdXzYmRC3FDmfST+LbAC6ZAh7orFQR7RxjgQcVk0cLGqrgNkq/E8BLDumH +c1TeHjMVy2EmM+rMXa7bF12SoZjaBcH/o0O8HjelY1SSqJ4hvzMRH6EiVEdxYU3I +zs5tbOAAnMKrJ6PKkzNDA0vq +-----END CERTIFICATE REQUEST----- diff --git a/src/servers/tests/ssl/server.key b/src/servers/tests/ssl/server.key deleted file mode 100644 index 61b3c4eb90..0000000000 --- a/src/servers/tests/ssl/server.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDVsCk4YxNeHh2u -H0eItESWIdjXA6PY+QMvTnlm5tsZVR2Fm/F4LYfzcpET3P8Ay6v9ocg6VibjiB3s -mEqv6/lggCfhBrrADcMJDv7Yhh4ltARipXVGjhHoYVmqlxfqx0zGE4xtVCq5eIZU -qW/WMZbGQXajx2dAb/IaTA13Bbs9Cxb4x95s3nsutimFS6g20/KEdeCFF84ihEuU -AheKNisT7i+qVWv/i9/T4CON/cP44sin1Xamc32oX2pJAniixWYU7oZQO9FnfxsM -Jw2E7EQNOQi6aWXgNaRnqhnn/g5LnyMeTjjt15NXbpQxBdOu92wBPDBpGfR7tUiV -ccmcMEOdAgMBAAECggEBAMMCIJv0zpf1o+Bja0S2PmFEQj72c3Buzxk85E2kIA7e -PjLQPW0PICJrSzp1U8HGHQ85tSCHvrWmYqin0oD5OHt4eOxC1+qspHB/3tJ6ksiV -n+rmVEAvJuiK7ulfOdRoTQf2jxC23saj1vMsLYOrfY0v8LVGJFQJ1UdqYF9eO6FX -8i6eQekV0n8u+DMUysYXfePDXEwpunKrlZwZtThgBY31gAIOdNo/FOAFe1yBJdPl -rUFZes1IrE0c4CNxodajuRNCjtNWoX8TK1cXQVUpPprdFLBcYG2P9mPZ7SkZWJc7 -rkyPX6Wkb7q3laUCBxuKL1iOJIwaVBYaKfv4HS7VuYECgYEA9H7VB8+whWx2cTFb -9oYbcaU3HtbKRh6KQP8eB4IWeKV/c/ceWVAxtU9Hx2QU1zZ2fLl+KkaOGeECNNqD -BP1O5qk2qmkjJcP4kzh1K+p7zkqAkrhHqB36y/gwptB8v7JbCchQq9cnBeYsXNIa -j13KvteprRSnanKu18d2aC43cNMCgYEA3746ITtqy1g6AQ0Q/MXN/axsXixKfVjf -kgN/lpjy6oeoEIWKqiNrOQpwy4NeBo6ZN+cwjUUr9SY/BKsZqMGErO8Xuu+QtJYD -ioW/My9rTrTElbpsLpSvZDLc9IRepV4k+5PpXTIRBqp7Q3BZnTjbRMc8x/owG23G -eXnfVKlWM88CgYEA5HBQuMCrzK3/qFkW9Kpun+tfKfhD++nzATGcrCU2u7jd8cr1 -1zsfhqkxhrIS6tYfNP/XSsarZLCgcCOuAQ5wFwIJaoVbaqDE80Dv8X1f+eoQYYW+ -peyE9OjLBEGOHUoW13gLL9ORyWg7EOraGBPpKBC2n1nJ5qKKjF/4WPS9pjMCgYEA -3UuUyxGtivn0RN3bk2dBWkmT1YERG/EvD4gORbF5caZDADRU9fqaLoy5C1EfSnT3 -7mbnipKD67CsW72vX04oH7NLUUVpZnOJhRTMC6A3Dl2UolMEdP3yi7QS/nV99ymq -gnnFMrw2QtWTnRweRnbZyKkW4OP/eOGWkMeNsHrcG9kCgYEAz/09cKumk349AIXV -g6Jw64gCTjWh157wnD3ZSPPEcr/09/fZwf1W0gkY/tbCVrVPJHWb3K5t2nRXjLlz -HMnQXmcMxMlY3Ufvm2H3ov1ODPKwpcBWUZqnpFTZX7rC58lO/wvgiKpgtHA3pDdw -oYDaaozVP4EnnByxhmHaM7ce07U= ------END PRIVATE KEY-----