diff --git a/Cargo.lock b/Cargo.lock index a9c387b2d0..0a83f15cde 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -7797,7 +7797,9 @@ dependencies = [ "pin-project", "prost 0.11.6", "prost-derive 0.11.6", + "rustls-pemfile", "tokio", + "tokio-rustls", "tokio-stream", "tokio-util", "tower", diff --git a/Cargo.toml b/Cargo.toml index ad5d7d792b..72b40ea478 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -72,7 +72,7 @@ snafu = { version = "0.7", features = ["backtraces"] } sqlparser = "0.28" tokio = { version = "1.24.2", features = ["full"] } tokio-util = "0.7" -tonic = "0.8" +tonic = { version = "0.8", features = ["tls"] } uuid = { version = "1", features = ["serde", "v4", "fast-rng"] } [profile.release] diff --git a/src/common/grpc/src/channel_manager.rs b/src/common/grpc/src/channel_manager.rs index a78bf608b6..70e70893d4 100644 --- a/src/common/grpc/src/channel_manager.rs +++ b/src/common/grpc/src/channel_manager.rs @@ -18,18 +18,20 @@ use std::time::Duration; use dashmap::mapref::entry::Entry; use dashmap::DashMap; -use snafu::ResultExt; -use tonic::transport::{Channel as InnerChannel, Endpoint, Uri}; +use snafu::{OptionExt, ResultExt}; +use tonic::transport::{ + Certificate, Channel as InnerChannel, ClientTlsConfig, Endpoint, Identity, Uri, +}; use tower::make::MakeConnection; -use crate::error; -use crate::error::Result; +use crate::error::{CreateChannelSnafu, InvalidConfigFilePathSnafu, InvalidTlsConfigSnafu, Result}; const RECYCLE_CHANNEL_INTERVAL_SECS: u64 = 60; #[derive(Clone, Debug)] pub struct ChannelManager { config: ChannelConfig, + client_tls_config: Option, pool: Arc, } @@ -52,7 +54,37 @@ impl ChannelManager { recycle_channel_in_loop(cloned_pool, RECYCLE_CHANNEL_INTERVAL_SECS).await; }); - Self { config, pool } + Self { + config, + client_tls_config: None, + pool, + } + } + + pub fn with_tls_config(config: ChannelConfig) -> Result { + let mut cm = Self::with_config(config.clone()); + + // setup tls + let path_config = config.client_tls.context(InvalidTlsConfigSnafu { + msg: "no config input", + })?; + + let server_root_ca_cert = std::fs::read_to_string(path_config.server_ca_cert_path) + .context(InvalidConfigFilePathSnafu)?; + let server_root_ca_cert = Certificate::from_pem(server_root_ca_cert); + let client_cert = std::fs::read_to_string(path_config.client_cert_path) + .context(InvalidConfigFilePathSnafu)?; + let client_key = std::fs::read_to_string(path_config.client_key_path) + .context(InvalidConfigFilePathSnafu)?; + let client_identity = Identity::from_pem(client_cert, client_key); + + cm.client_tls_config = Some( + ClientTlsConfig::new() + .ca_certificate(server_root_ca_cert) + .identity(client_identity), + ); + + Ok(cm) } pub fn config(&self) -> &ChannelConfig { @@ -119,8 +151,7 @@ impl ChannelManager { } fn build_endpoint(&self, addr: &str) -> Result { - let mut endpoint = - Endpoint::new(format!("http://{addr}")).context(error::CreateChannelSnafu)?; + let mut endpoint = Endpoint::new(format!("http://{addr}")).context(CreateChannelSnafu)?; if let Some(dur) = self.config.timeout { endpoint = endpoint.timeout(dur); @@ -152,6 +183,12 @@ impl ChannelManager { if let Some(enabled) = self.config.http2_adaptive_window { endpoint = endpoint.http2_adaptive_window(enabled); } + if let Some(tls_config) = &self.client_tls_config { + endpoint = endpoint + .tls_config(tls_config.clone()) + .context(CreateChannelSnafu)?; + } + endpoint = endpoint .tcp_keepalive(self.config.tcp_keepalive) .tcp_nodelay(self.config.tcp_nodelay); @@ -160,6 +197,13 @@ impl ChannelManager { } } +#[derive(Clone, Debug, PartialEq, Eq)] +pub struct ClientTlsOption { + pub server_ca_cert_path: String, + pub client_cert_path: String, + pub client_key_path: String, +} + #[derive(Clone, Debug, PartialEq, Eq)] pub struct ChannelConfig { pub timeout: Option, @@ -174,6 +218,7 @@ pub struct ChannelConfig { pub http2_adaptive_window: Option, pub tcp_keepalive: Option, pub tcp_nodelay: bool, + pub client_tls: Option, } impl Default for ChannelConfig { @@ -191,6 +236,7 @@ impl Default for ChannelConfig { http2_adaptive_window: None, tcp_keepalive: None, tcp_nodelay: true, + client_tls: None, } } } @@ -307,6 +353,16 @@ impl ChannelConfig { ..self } } + + /// Set the value of tls client auth. + /// + /// Disabled by default. + pub fn client_tls_config(self, client_tls_option: ClientTlsOption) -> Self { + Self { + client_tls: Some(client_tls_option), + ..self + } + } } #[derive(Debug)] @@ -401,7 +457,11 @@ mod tests { async fn test_access_count() { let pool = Arc::new(Pool::default()); let config = ChannelConfig::new(); - let mgr = Arc::new(ChannelManager { pool, config }); + let mgr = Arc::new(ChannelManager { + pool, + config, + client_tls_config: None, + }); let addr = "test_uri"; let mut joins = Vec::with_capacity(10); @@ -443,6 +503,7 @@ mod tests { http2_adaptive_window: None, tcp_keepalive: None, tcp_nodelay: true, + client_tls: None, }, default_cfg ); @@ -459,7 +520,12 @@ mod tests { .http2_keep_alive_while_idle(true) .http2_adaptive_window(true) .tcp_keepalive(Duration::from_secs(2)) - .tcp_nodelay(false); + .tcp_nodelay(false) + .client_tls_config(ClientTlsOption { + server_ca_cert_path: "some_server_path".to_string(), + client_cert_path: "some_cert_path".to_string(), + client_key_path: "some_key_path".to_string(), + }); assert_eq!( ChannelConfig { @@ -475,6 +541,11 @@ mod tests { http2_adaptive_window: Some(true), tcp_keepalive: Some(Duration::from_secs(2)), tcp_nodelay: false, + client_tls: Some(ClientTlsOption { + server_ca_cert_path: "some_server_path".to_string(), + client_cert_path: "some_cert_path".to_string(), + client_key_path: "some_key_path".to_string(), + }), }, cfg ); @@ -496,7 +567,11 @@ mod tests { .http2_adaptive_window(true) .tcp_keepalive(Duration::from_secs(2)) .tcp_nodelay(true); - let mgr = ChannelManager { pool, config }; + let mgr = ChannelManager { + pool, + config, + client_tls_config: None, + }; let res = mgr.build_endpoint("test_addr"); @@ -512,7 +587,11 @@ mod tests { let pool = Arc::new(pool); let config = ChannelConfig::new(); - let mgr = ChannelManager { pool, config }; + let mgr = ChannelManager { + pool, + config, + client_tls_config: None, + }; let addr = "test_addr"; let res = mgr.get(addr); diff --git a/src/common/grpc/src/error.rs b/src/common/grpc/src/error.rs index c26e44db3f..df408371e1 100644 --- a/src/common/grpc/src/error.rs +++ b/src/common/grpc/src/error.rs @@ -13,6 +13,7 @@ // limitations under the License. use std::any::Any; +use std::io; use common_error::prelude::{ErrorExt, StatusCode}; use snafu::{Backtrace, ErrorCompat, Snafu}; @@ -22,6 +23,15 @@ pub type Result = std::result::Result; #[derive(Debug, Snafu)] #[snafu(visibility(pub))] pub enum Error { + #[snafu(display("Invalid client tls config, {}", msg))] + InvalidTlsConfig { msg: String }, + + #[snafu(display("Invalid config file path, {}", source))] + InvalidConfigFilePath { + source: io::Error, + backtrace: Backtrace, + }, + #[snafu(display("Missing required field in protobuf, field: {}", field))] MissingField { field: String, backtrace: Backtrace }, @@ -81,7 +91,9 @@ pub enum Error { impl ErrorExt for Error { fn status_code(&self) -> StatusCode { match self { - Error::MissingField { .. } + Error::InvalidTlsConfig { .. } + | Error::InvalidConfigFilePath { .. } + | Error::MissingField { .. } | Error::TypeMismatch { .. } | Error::InvalidFlightData { .. } => StatusCode::InvalidArguments, diff --git a/src/common/grpc/tests/mod.rs b/src/common/grpc/tests/mod.rs new file mode 100644 index 0000000000..d11affe7e2 --- /dev/null +++ b/src/common/grpc/tests/mod.rs @@ -0,0 +1,57 @@ +// Copyright 2023 Greptime Team +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use common_grpc::channel_manager::{ChannelConfig, ChannelManager, ClientTlsOption}; + +#[tokio::test] +async fn test_mtls_config() { + // test no config + let config = ChannelConfig::new(); + let re = ChannelManager::with_tls_config(config); + assert!(re.is_err()); + + // test wrong file + let config = ChannelConfig::new().client_tls_config(ClientTlsOption { + server_ca_cert_path: "tests/tls/wrong_server.cert.pem".to_string(), + client_cert_path: "tests/tls/wrong_client.cert.pem".to_string(), + client_key_path: "tests/tls/wrong_client.key.pem".to_string(), + }); + + let re = ChannelManager::with_tls_config(config); + assert!(re.is_err()); + + // test corrupted file content + let config = ChannelConfig::new().client_tls_config(ClientTlsOption { + server_ca_cert_path: "tests/tls/server.cert.pem".to_string(), + client_cert_path: "tests/tls/client.cert.pem".to_string(), + client_key_path: "tests/tls/corrupted".to_string(), + }); + + let re = ChannelManager::with_tls_config(config); + assert!(re.is_ok()); + let re = re.unwrap().get("127.0.0.1:0"); + assert!(re.is_err()); + + // success + let config = ChannelConfig::new().client_tls_config(ClientTlsOption { + server_ca_cert_path: "tests/tls/server.cert.pem".to_string(), + client_cert_path: "tests/tls/client.cert.pem".to_string(), + client_key_path: "tests/tls/client.key.pem".to_string(), + }); + + let re = ChannelManager::with_tls_config(config); + assert!(re.is_ok()); + let re = re.unwrap().get("127.0.0.1:0"); + assert!(re.is_ok()); +} diff --git a/src/common/grpc/tests/tls/client.cert.pem b/src/common/grpc/tests/tls/client.cert.pem new file mode 100644 index 0000000000..a0ab813717 --- /dev/null +++ b/src/common/grpc/tests/tls/client.cert.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGOzCCBCOgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMCSU4x +EjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQkFOR0FMT1JFMRUwEwYDVQQK +DAxHb0xpbnV4Q2xvdWQxEjAQBgNVBAMMCWNhLXNlcnZlcjElMCMGCSqGSIb3DQEJ +ARYWYWRtaW5AZ29saW51eGNsb3VkLmNvbTAeFw0yMzAyMTQxMTM4MDFaFw0yNzA4 +MjIxMTM4MDFaMHIxCzAJBgNVBAYTAklOMRIwEAYDVQQIDAlLYXJuYXRha2ExFTAT +BgNVBAoMDEdvTGludXhDbG91ZDERMA8GA1UEAwwIc2VydmVyLTIxJTAjBgkqhkiG +9w0BCQEWFmFkbWluQGdvbGludXhjbG91ZC5jb20wggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDNPiXZFK1cDOevdU5628xqAZjHn2e86hD9ih0IHvQKbcAm +a8fhFMQ+Gki+p2+Ga1fxHDi1+aUn00UjyLAxSMQVulpZWYHsRj3koyD9LyTvpDQk +SwJhFNtL33WlqUMtjgVXoznjECfhc/hwKJ9BS0b5j21XzqYkSKTJNcxZmoNLJVvL +dfbsWjLywSAHbcF1gs2w3IxruPQwyMXL1URjcwGRTtK+zk6QGxgyXsIEJDW4EZqR +xXgmEz7jx7vfDLaYc8GoujTki2dkyTWQkdDrJ4/N7VWGOGjL60EJDOcQyCowDuAq +sbB5C9OuhB59o2/wzeSeaY7qS5nLOufwiYmvc1S6kgi9emirxqFLmrcaJv8QPDEX +6ufI8wSkCS/CX/IUNXPkSripU3zQcjorinAw3w9pGY1VNknz5AgDXrEAW17aZKsp +QyLSyl87vG9dhjybdkc7QyBghTxweggYT1INY6dmj9ijIyU+9V64xOTb9dlbgLW/ +qAvZyeq2H9Z5aBwkG31n1b2rX0JEK+/NC+8PRs2tWq63EOB8hzh4mF9RKLcZC3zS +9eJa1B0ugyy5fw8GGWA49H3rFoU2u7+Gazzdn5uD9sqLuVnzW1FREDhMHGd4VdRx +vuhUp9jz9u0WDRr2Ix7N7Vd57mwhBPivUywg7QwZSTqlIrGVoQFPL4BjWwSSswID +AQABo4HFMIHCMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMDMGCWCGSAGG ++EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQgQ2VydGlmaWNhdGUwHQYD +VR0OBBYEFI056bMc2jHoeOTUGBCpBGGY/UfQMB8GA1UdIwQYMBaAFKVZwpSJCPkN +wGXyJX1sl2Pbby4FMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcD +AgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggIBABHQ/EGnAFeIdzKTbaP3kaSd +A3tCyjWVwo9eULXBjsMFFyf4NDw8bkrYdJos6rBpzi6R1PUb4UMc9CUF6ee9zbTK +mDeusqwhDOLmYZot1aZbujMngpbMoQx5keSQ9Eg10npbYMl6Sq3qFbAST9l/hlDh +Ue9KhfrAvrSobP0WWb/EpEXZMt2DafKpoz4nvtFpcOO5kbsQ+/eQfWHmR/k6sCYG +UycFYCJCFQz2xG8wtbExg5iyaR3nE0LfqZwRxhIa4iSWlCecYc1XUJnOh8fIeop4 +9fD5k2wqvCEBAZiaKg2RYbaw6LIFkg7c99B4Gt5eez7Bs878T7lS+xl9wbzinzez +WFIgsDYHYjmK8s5WXXWwT7UhqSA12FHOp8grqFllXV/dOPTFz+dq9Mn1VGgH6MS4 +Ls3r2LH5ycAz+gkoY2wlnF++ItpB2K3LTlqk+OvQZ1oXMq8u5F6XsM7Uirc7Da+9 +MEG1zBpGvA/iAd2kKd3APS+EuoytSt022bD7YDJ1isuxT5q2Hpa4p14BJHCgDKTZ +vPYIdzCh05vwLwB28T8bh7s5OLOcRY9KmxVPkT0SYLOk11j5nZ1N/hQvGDxL60e2 +RBS3ADHkymIE55Xf1VLXcs17zR9fLV+5fiSQ40FLjcBEjhkvrzcDe3tVFsA/ty9h +dBCSsexiXj/S5KwKtz/c +-----END CERTIFICATE----- diff --git a/src/common/grpc/tests/tls/client.key.pem b/src/common/grpc/tests/tls/client.key.pem new file mode 100644 index 0000000000..f71c2cd95e --- /dev/null +++ b/src/common/grpc/tests/tls/client.key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAzT4l2RStXAznr3VOetvMagGYx59nvOoQ/YodCB70Cm3AJmvH +4RTEPhpIvqdvhmtX8Rw4tfmlJ9NFI8iwMUjEFbpaWVmB7EY95KMg/S8k76Q0JEsC +YRTbS991palDLY4FV6M54xAn4XP4cCifQUtG+Y9tV86mJEikyTXMWZqDSyVby3X2 +7Foy8sEgB23BdYLNsNyMa7j0MMjFy9VEY3MBkU7Svs5OkBsYMl7CBCQ1uBGakcV4 +JhM+48e73wy2mHPBqLo05ItnZMk1kJHQ6yePze1Vhjhoy+tBCQznEMgqMA7gKrGw +eQvTroQefaNv8M3knmmO6kuZyzrn8ImJr3NUupIIvXpoq8ahS5q3Gib/EDwxF+rn +yPMEpAkvwl/yFDVz5Eq4qVN80HI6K4pwMN8PaRmNVTZJ8+QIA16xAFte2mSrKUMi +0spfO7xvXYY8m3ZHO0MgYIU8cHoIGE9SDWOnZo/YoyMlPvVeuMTk2/XZW4C1v6gL +2cnqth/WeWgcJBt9Z9W9q19CRCvvzQvvD0bNrVqutxDgfIc4eJhfUSi3GQt80vXi +WtQdLoMsuX8PBhlgOPR96xaFNru/hms83Z+bg/bKi7lZ81tRURA4TBxneFXUcb7o +VKfY8/btFg0a9iMeze1Xee5sIQT4r1MsIO0MGUk6pSKxlaEBTy+AY1sEkrMCAwEA +AQKCAgEAw2jBZj5+k96hk/dPIkA1DlS43o7RmRcN2CdwXrQBzBAUW0BRDObVtP8X +dZY647M+BozFHdUzPoizEk/YGQRb1QgZT2qd/ZQfB5mdJhGFzDf9gPR9rmrKJCH8 +hB50nGHUik0ZJyvRnKDqz/aNMgB28dJx26Efo/oaEoyLJGCtUpWeIUgOMZfrXB8t +3ITOJZDFP/esJj/xFqWBVQGXXEw6GNwAYLRSLnftgL+hX4oOL1NrZBCrxSybuwkG +wWX8T4gewQOQqmxjo5zCyANc8xc2nmyx+dmpRUWWJQTI1ryNFjaDjYKiL41oHIcj +9KDwSkftvDlqXX5fThSmkeiRU5+t8UMj4+Bt7opCzIlwHtQe+95BqiXQ7bHfCjn7 +GvShZgHo45rDkfwWDz/pYhHQ2Wb9DkhEtwa0cu3mDMGc6BY+4yo+Vz6Rk1TypxQw +LIa43WgVCRm66Mq65sObx7wkdxvolUE8j1Io3AHwgeBjV+gISV9srj2m/HnOmFFb +16SKQEDEVoaci+v6DT8A7UOZH4sgYSbknHdjMy6c6UlYgd8UNqbY3h/ohZ2JOcPd +8DqGUDGKbpS7OxWogxb9K++6SPSn86sPmUjzRPMgijVjU5pyK42DpZj1/RIe8Tml +JXVqHuZvURK4Qi3ECQ09m9vQ9nS88HMRVJ7sFSca6HOFYSFyAfkCggEBAPN35hva +OhbgQlFJrpo5YDYS5v7l7YjLbry6DaCR1CpYaKlTPkc4tiznCUHe1N41mR4qu2Tc +4+m7GN9BZfLU8w/Jvrp7mAO7fZXZtIzTQrZQDbAZppUGBbGBoAOlLVxR4NrN2TSk +49Ljj87UynhxeCv6RWx0F1p1/VIZertLELbSdb3C43pAsNSXzbkb7LtT9RXemyUL +LBK4ugcXMSZrzHJK1Ct31LoGd9m+TEp/VW2aGMeWliuIticJx44OW4tlJ70qKrd0 +KezBZVMHPa3FqW7kdYwdlISoqZsE9OVPgLCQNVLhDO1YMaTl3WEHKTRBxTF70pvv +zMkSRQGoU4ff7AUCggEBANfOkCsx2mRvJV+UYxW8R6510w2H1bNbNRbfTJAo8kld +/7dXU4H3QrhUrCsSyc5ijm09q7I4+rc+uMxfT/R1mO5tq9AueCWhg85WV+NBR1FE +Yg7MX+zblpHqUDQoTj9vvgwLyqvZ7k9NON42Zz+Tj2worICnVlDvahm/3NaItT9B +oGhsEoJjYFK4Hq7RwosU+KPXkQBxWzrNLipo8jx0XFpPZVHSLIFs9eW25bnj/qxc +toMgx4IsvEDlzS/oqfycCrDdKwqiW74w0Djb5TiJv+dYzl9GnN6istqbUTNZkJjn +lkbmegrtfz3Yd1ORvjkNqHuANyuR+YnUSIsb0PV5eVcCggEAck5bgb4eQbk+SY3P +ZOcFLb4IJ6ppsCzaq86qMTXmJ49kbAMCHUwZ89DwvrVQuZbucYRcgMlYU9ccoUzC +AZVLHKF6Y3E9eJshJiaVJvzUuGWzV3djh1nReHpEVxHIzyw95lx42seDkvJ2BQRQ +nuWfJv6Uc4u5nyYALfh6b86ZZUxALTx/slkG7HjtBDiBF54eVgsySd0J7yw9YrDX +yZMY5JwPKu1SuZfp0xgOF3fa8t9DPQmNLZk88+0afK5u+m4ejyhp78GhIV/XI3kl +0x0XJFIsggEtRm8tWfOkyrhd0geSkXvJpvEeNa4aFsDW7ormewoIYl/ehJSIQ3P0 +67kMxQKCAQA12iP7w2r+GQY4fazkJaG1lU1fWQAoy5/J31sZtj4PtNc1ByOdkPgj +S23TKdMWH13vQK5xwOo/g/VVeotXM2lARjnTr2Tn7xAXE1DHMuj7DJdznehqELnY +G6J8AXrVNas1ElQ24iEnxNtmCClnogjuMpApYpiVhcjyOACBwIeKC3Rd2mocA3Rr +7+ooMcvcLRWGvSo/9AmR+NWGW73m/Bp3psxfyJS2j1wlQKi+5HgOxuv8eNeQUl1/ +zFiRlfulP8MjM22kL7O5GDE9nxHqM+Whc3W8LMDEhdEf4BY5PCZrIY9MjgLyayWP +Z08PmZTgY9ohR3N8+eZNUJ3xqLVSLEftAoIBAQDF1K8lPXAs8e4V0oc9hq4GFLvi +E0KC+8X1ShzvkVGV/3Kz1FJ0bwix/M3C5XSSNguxHI6CG2GprJlExp1qqwlvmGr2 +hHdfemvq6tF4qjXLgPXvgoWocBGNUvBXxFVuc0hOHgT/X3+GsPYtNvZb3fp+4Bm6 +ugUu05drqrHSOY5kUbU3jf/5KctnDFmOsSeOgGiI/JJWVcKJALpDkhazRL0nxfuW +6xU6pZazhCAby2Qn+wn0xyi4bEZSNobiQTgOXOC0DA1uGD3XHctCMnSBtYtocQjq +IFT2l3u4pEKpVQwuc4+yObWUT47oBxV6vFneXsnV89vd2SSUPuR8GIYYeA+/ +-----END RSA PRIVATE KEY----- diff --git a/src/common/grpc/tests/tls/corrupted b/src/common/grpc/tests/tls/corrupted new file mode 100644 index 0000000000..6a40c13ead --- /dev/null +++ b/src/common/grpc/tests/tls/corrupted @@ -0,0 +1,50 @@ +rWtZ7U3SoVAl6yMhfJsB +LcEGbuCfgFxk2ADw0N1G +byTKlrUgoRZeSc0cYHTf +0XjbRCBtMV9yYaVJKPwi +rGofQgFoc1lW0U5x2bnN +O9nn9aDe5t5LAlGS81uX +aBMvuzVjHbZKOlabXl4W +ZJc06qngAcQWQUu8nAnR +FLsjhoaTyuaDMY3OWJAx +5Dt7YglND5uFAqYwRG9L +agLGOCH8suwnXGYaPxjM +Ysb5RANkpgcbSulLZiic +4sLmpJomjokwZbctODVW +pCLiQT3wWDJ7YjIePR6g +P3Jlg0LDhbgSwXxgjjUR +6qGRfcb8LFlVlT7O1ze2 +lFBNWzijkPeKyKmwpOSa +oGCR2OUg71n0Tzt2a3ir +WLijq0bL1Cetz24fv738 +L3MEAwezFBW38U4QilNz +uza1bC3PgToermGSgKLx +WMdgjZIszK4t6Rehelx8 +YpCJWVXTob3Gn4bMwWJO +xpJ9qhvMBdD8iamheF4b +bUm1YmHW4gPT1ujiqCmN +I7hOFurjJ6zvXGETyfCn +w23W8PNFWbqpHUKN59Bz +HpbsIRDVVpEGxnoWmdjq +58BUOxDdbTZxCKt0UqLD +uUPOlW8bRhuC1tK1NL5u +wq9ybcfwZ4jIHyYlHZ5M +4t4zKLRG2DN6icHmctOW +TzYp3np0OFsTlzCwkogM +Os6SOvjU0Irq2Xo5wLvn +1nN6FQwUxcw0H5rfQEZo +NioHP0JdBv3HmIaQZs1n +8lJWLVof1TBWtRUKmWmO +79DcTURdzt28Vdn6F0K0 +UiG15bda4Pb81I9IE9ug +iZkC7CE98aE6WQK9Ghlu +dNXJTkUD3uVg6Tqi3957 +Hfa9xMclyrxsOvkGcudI +QbcvG5Apom6nBWIGHRMQ +68rn9eZEcq5mJLaiNmHr +5AOtHddC5NVgQLgdmmKb +gQlrcSXzxT6V6jzbxZ79 +xmulvmkeqG4kj6TAuJEg +u9dCkExxv5tLSpF8hC08 +HHU4QE56UC97djO5EpmK +g3rElyboRHlAYPWviWbm diff --git a/src/common/grpc/tests/tls/server.cert.pem b/src/common/grpc/tests/tls/server.cert.pem new file mode 100644 index 0000000000..1472fa8926 --- /dev/null +++ b/src/common/grpc/tests/tls/server.cert.pem @@ -0,0 +1,40 @@ +-----BEGIN CERTIFICATE----- +MIIG+jCCBOKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBhzELMAkGA1UEBhMCSU4x +EjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQkFOR0FMT1JFMRUwEwYDVQQK +DAxHb0xpbnV4Q2xvdWQxEjAQBgNVBAMMCWNhLXNlcnZlcjElMCMGCSqGSIb3DQEJ +ARYWYWRtaW5AZ29saW51eGNsb3VkLmNvbTAeFw0yMzAyMTQxMTM5NDBaFw0yNzA4 +MjIxMTM5NDBaMHAxCzAJBgNVBAYTAklOMRIwEAYDVQQIDAlLYXJuYXRha2ExFTAT +BgNVBAoMDEdvTGludXhDbG91ZDEPMA0GA1UEAwwGc2VydmVyMSUwIwYJKoZIhvcN +AQkBFhZhZG1pbkBnb2xpbnV4Y2xvdWQuY29tMIICIjANBgkqhkiG9w0BAQEFAAOC +Ag8AMIICCgKCAgEAvVtxAoRjLRs3Ei4+CgzqJ2+bpc0sBdUm/4LM/D+0KbXxwD7w +HP6GcKl/9zf9GJg56pVXxXMaerMDLS4Est25+mBgqcePC6utCBYrKA25pKbkFkxZ +TPh9/R4RHGVJ3KHy9vc4VzqoV7XFMJFFUQ2fQywHZlXh6MNz0WPTIGaH7hvYoHbK +I3NpPq8TjRuuV61XB0hK+RW0K6/5Yuj74h/mfheX1VIUOjGwKnTPccZQAlrKYjeW +BZBS4YqahkTIaGLa06SdUSkuhL85rqAxWvhK9GIRlQLNYJOzg+E3jGyqf566xX60 +fxM6alLYf+ZzCwSBuDDj5f+j752gPLYUI82YL4xQ+AEHNR8U1uMvt0EzzFt7mSRe +fobVr+Y2zpci+mo7kcQGOhenzGclsm+qXwMhYUnJcOYFZWtTJlFaaPreL4M3Dh+2 +pmKj23ZU6zcT3MYtE6phjCLJl0DsFIcOn+tSqMdpwB20EeQjo9bVJuw/HJrlpcnY +U9aLsnm/4Ls5A0BQutZnxKBIJjpzp8VfK0WU8a4iKok3AS0z1/K+atNrgSUB9DCH +0MvLqqQmM9TdLcZj7NSEfLyyFVwPRc5dt4CrNDL7JUpMzt36ezU83JU+nfqWDZsL ++2JOaE4gGLZDcA3cfP83/mYRaAnYW/9W4vEnIpa6subzq1aFOeY/3dKLTx8CAwEA +AaOCAYUwggGBMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG ++EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD +VR0OBBYEFLijeA+RFDQtuVeMUkaXqF7LF50GMIG8BgNVHSMEgbQwgbGAFKVZwpSJ +CPkNwGXyJX1sl2Pbby4FoYGNpIGKMIGHMQswCQYDVQQGEwJJTjESMBAGA1UECAwJ +S2FybmF0YWthMRIwEAYDVQQHDAlCQU5HQUxPUkUxFTATBgNVBAoMDEdvTGludXhD +bG91ZDESMBAGA1UEAwwJY2Etc2VydmVyMSUwIwYJKoZIhvcNAQkBFhZhZG1pbkBn +b2xpbnV4Y2xvdWQuY29tggkA7NvbvF8jodEwDgYDVR0PAQH/BAQDAgWgMBMGA1Ud +JQQMMAoGCCsGAQUFBwMBMCkGA1UdEQQiMCCHBMCoAHKHBAoAAg+CEnNlcnZlci5l +eGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAXvaS9+y5g2Kw/4EPsnhjpN1v +CxXW0+UYSWOaxVJdEAjGQI/1m9LOiF9IHImmiwluJ/Bex1TzuaTCKmpluPwGvd9D +Zgf0A5SmVqW4WTT4d2nSecxw4OICJ3j6ubKkvMVf9s+ZJwb+fMMUaSt80bWqp1TY +XbZguv67PkBECPqVe6rgzXnTLwM3lE8EgG8VtM3IOy9a5SIEjm5L8SQ2I2hiytmE +e4jR1fbZsB5NbBdfA3GFMKQEE2dIymkG3Bz71M3tZi1y4RnHtRKdrFtrIlgclrwd +nVnQn/NiXUOOzsL2+vwSF32SSbiLvOxu63qO1YDBkKVChog3P/2f6xcJ23wkbHlL +qaL2jvLo6ylvMPUYHf5ZWat5zayaGUMHYDKcbD4Dw7aY3M0tNgEHdqUqNePmKvmn +luyXof3KmmLgWlcfBoX96a7hXDtxFyB2N4nzfQBXh+0VAlgqa+ZZhpdEqRQaWkkR +MDBdsVJ9O3812IaNfMzpS1vb701GFDCM5Hcyw6a/v6Ln08NMhYut4saLi13kHilS +Wq7wOAfW3rzxuhjOJJxsi0jJNI775q+a/BbbG/CPl826bXPGH43BdPV8mKwsX5HM +wwDKf3otP/v7bxwJabfhv2EKUy+W1kkFW9FEZ919yTtfhSDrTNcrXtE7RkiAepfm +95I025URIlhJGLGBUlA= +-----END CERTIFICATE-----