From 520629d6e2b7e3fa88d765bba8dc5527a5cd29c4 Mon Sep 17 00:00:00 2001 From: Ilya Averyanov Date: Wed, 22 Dec 2021 16:10:01 +0300 Subject: [PATCH] chore(authn): test Redis authn via ssl connection --- .ci/docker-compose-file/Makefile.local | 2 + .../docker-compose-redis-single-tls.yaml | 16 +- .ci/docker-compose-file/redis/certs/ca.crt | 29 ++++ .ci/docker-compose-file/redis/certs/ca.key | 51 ++++++ .../redis/certs/client.crt | 24 +++ .../redis/certs/client.key | 27 ++++ .../redis/certs/server.crt | 24 +++ .../redis/certs/server.key | 27 ++++ .github/workflows/run_test_cases.yaml | 1 + apps/emqx_authn/test/data/certs/cacert.pem | 20 --- apps/emqx_authn/test/data/certs/cert.pem | 19 --- .../test/data/certs/client-cert.pem | 19 --- .../emqx_authn/test/data/certs/client-key.pem | 27 ---- apps/emqx_authn/test/data/certs/key.pem | 27 ---- .../test/data/certs/redis-tls-ca.crt | 29 ++++ .../test/data/certs/redis-tls-client.crt | 24 +++ .../test/data/certs/redis-tls-client.key | 27 ++++ .../test/emqx_authn_redis_SUITE.erl | 2 +- .../test/emqx_authn_redis_tls_SUITE.erl | 153 ++++++++++++++++++ .../src/emqx_plugin_libs_ssl.erl | 2 +- 20 files changed, 430 insertions(+), 120 deletions(-) create mode 100644 .ci/docker-compose-file/redis/certs/ca.crt create mode 100644 .ci/docker-compose-file/redis/certs/ca.key create mode 100644 .ci/docker-compose-file/redis/certs/client.crt create mode 100644 .ci/docker-compose-file/redis/certs/client.key create mode 100644 .ci/docker-compose-file/redis/certs/server.crt create mode 100644 .ci/docker-compose-file/redis/certs/server.key delete mode 100644 apps/emqx_authn/test/data/certs/cacert.pem delete mode 100644 apps/emqx_authn/test/data/certs/cert.pem delete mode 100644 apps/emqx_authn/test/data/certs/client-cert.pem delete mode 100644 apps/emqx_authn/test/data/certs/client-key.pem delete mode 100644 apps/emqx_authn/test/data/certs/key.pem create mode 100644 apps/emqx_authn/test/data/certs/redis-tls-ca.crt create mode 100644 apps/emqx_authn/test/data/certs/redis-tls-client.crt create mode 100644 apps/emqx_authn/test/data/certs/redis-tls-client.key create mode 100644 apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl diff --git a/.ci/docker-compose-file/Makefile.local b/.ci/docker-compose-file/Makefile.local index 14e4c95f7..1422bd3a9 100644 --- a/.ci/docker-compose-file/Makefile.local +++ b/.ci/docker-compose-file/Makefile.local @@ -22,6 +22,7 @@ up: -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \ up -d --build down: @@ -31,6 +32,7 @@ down: -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \ down ct: diff --git a/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml b/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml index bb6c3ff15..7e521a05c 100644 --- a/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml +++ b/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml @@ -1,13 +1,15 @@ version: '3.9' services: - redis_server: - container_name: redis + redis_server_tls: + container_name: redis-tls image: redis:${REDIS_TAG} volumes: - - ../../apps/emqx/etc/certs/cacert.pem:/etc/certs/ca.crt - - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/redis.crt - - ../../apps/emqx/etc/certs/key.pem:/etc/certs/redis.key + - ./redis/certs/server.crt:/etc/certs/redis.crt + - ./redis/certs/server.key:/etc/certs/redis.key + - ./redis/certs/ca.crt:/etc/certs/ca.crt + ports: + - "6380:6380" command: - redis-server - "--bind 0.0.0.0 ::" @@ -16,6 +18,8 @@ services: - --tls-cert-file /etc/certs/redis.crt - --tls-key-file /etc/certs/redis.key - --tls-ca-cert-file /etc/certs/ca.crt + - --tls-protocols "TLSv1.3" + - --tls-ciphersuites "TLS_CHACHA20_POLY1305_SHA256" restart: always networks: - - emqx_bridge + emqx_bridge: diff --git a/.ci/docker-compose-file/redis/certs/ca.crt b/.ci/docker-compose-file/redis/certs/ca.crt new file mode 100644 index 000000000..3add4693a --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5jCCAs4CCQCRt9xE7Dmf4DANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS +ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEx +MjIyMTU1OTQ5WhcNMzExMjIwMTU1OTQ5WjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0 +MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDdu/EP7YZCG2k5rkNwfjy8/X3xaVZ/B7X84BbceT0q +XFxzcCuIBCRNn8q1K4JBdg/xQpekjdzhqeXVDokDjOQ/LxQJGPTrQIArpznwbbzD +yC2YJ1lmkgzF2cZd1CZ2KNqfWgxgcyQ86Y5bVzQn5fIq6u801O9/fY5kCncVf3/0 +Eb9CClahHhBOzTC/9V89SYIRkDgg8x9PVyUqjKP7N/70YE9/WYSx0D2AOXRpPjnf +XKuBM7gfOFCr/euXApVUIk/SbhcaSHJ2ns7OTiUl50+copsfNeMYRjq0hMapiwvg +UwBSgMQHqLUDo+roqzhoAMOKwOEmEcyed7HEE4HUjdkBuqi1Glr4n5KoIrUDj3co +/XSFAMIr9XCqf2I+KeNnNWKt43Q6C/SkeR76pCzptcJsQzGePVaT7zsB+DrZMW1O +x9snhvLR8l5+ocjZMqNCntBBf+8yhdw1cznTwfNAW5J5RHPvbkuqbxG84uwaqJki ++lzPJMD24Wu/R9i2nmKo/KDmKBFDfOA7SGexGDtoaFmgSn7TVosK1UA+I1QdHECs +/ecVvIS3QOIOXDvRIecutPKNxmXZxB2XBOjS6/y+QuXAWTZM7vd97cLMlM7e1jmf +weA83Wz9IGH+Ip73kLE4QKtK9fqhQqUj1pAEAR5lTLR3uY7tQyaPD/8podWgOwBg +VwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQDXHBBaJFIiHBJtutL1WiEwoEBLBZrl +4ojxJ+Lf1tmfc3LM8F7AhJljBIP0vBt1nHX7Q5gWHBm3/3OMwrTUcFBANTbuxpPZ +KEJaXUGY9f6/hpJXVAKXlbhLTNNQa0CmXicKpZGuyC4eUjLKssFS3ix0iUFTAOWX +RJliXCwcERH9jbC+d5n3VeCtwak0uYyqah3jCssXB5fqMRn3411TwfaSKNWjvdaW +whtQD1NvY6cbsG0+kd2lrOMTRTYMC+Jm3T6p3Mn4aGikfb0Hv7fcSOgRWDzMjWcO +JEQMKG1jlajyUOqsXnaW9zSoiJhJcZNR6n96KUuj9EBqNQhbP8wdqmd33ulqj4H5 +Ocg/RtFhYog5kwCrLAQTvKcdA7MVtjsH4tCb86L69jxKWnecSNuE987nPituwJXh +AVgmEJl3nN5yuSqxWFNxlsZvTAsuhlaucYYBofAF+qB8Jvy3GGMMC76Fc5TR0BAD +wiRAYJ+M19HWaZfyEZbH+uKMfYPhjlQaUyJ1Hg/hhkpp5ro3V7q8B0osJV1SYIcB +LaLeEcg7ZhprHbnit244VN0rUpxsvgNyNJ93v38iRUd0/+s5bRhSIIxTqqtj7fwZ +/WYkWUo5NZR2kBWrE7gFLQJbhVie+WCCZ7wToYmFIo55WUKcg54VszdbuNVikcsk +UElFARdXALiZWg== +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/redis/certs/ca.key b/.ci/docker-compose-file/redis/certs/ca.key new file mode 100644 index 000000000..6d6e27c38 --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/ca.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEA3bvxD+2GQhtpOa5DcH48vP198WlWfwe1/OAW3Hk9Klxcc3Ar +iAQkTZ/KtSuCQXYP8UKXpI3c4anl1Q6JA4zkPy8UCRj060CAK6c58G28w8gtmCdZ +ZpIMxdnGXdQmdijan1oMYHMkPOmOW1c0J+XyKurvNNTvf32OZAp3FX9/9BG/QgpW +oR4QTs0wv/VfPUmCEZA4IPMfT1clKoyj+zf+9GBPf1mEsdA9gDl0aT4531yrgTO4 +HzhQq/3rlwKVVCJP0m4XGkhydp7Ozk4lJedPnKKbHzXjGEY6tITGqYsL4FMAUoDE +B6i1A6Pq6Ks4aADDisDhJhHMnnexxBOB1I3ZAbqotRpa+J+SqCK1A493KP10hQDC +K/Vwqn9iPinjZzVireN0Ogv0pHke+qQs6bXCbEMxnj1Wk+87Afg62TFtTsfbJ4by +0fJefqHI2TKjQp7QQX/vMoXcNXM508HzQFuSeURz725Lqm8RvOLsGqiZIvpczyTA +9uFrv0fYtp5iqPyg5igRQ3zgO0hnsRg7aGhZoEp+01aLCtVAPiNUHRxArP3nFbyE +t0DiDlw70SHnLrTyjcZl2cQdlwTo0uv8vkLlwFk2TO73fe3CzJTO3tY5n8HgPN1s +/SBh/iKe95CxOECrSvX6oUKlI9aQBAEeZUy0d7mO7UMmjw//KaHVoDsAYFcCAwEA +AQKCAgEAnVNQg2Cgth8E1ixTJWosZlvmFHgNKyypb7cAAYb0Yy4NWsrn2CY4K+uI +xGsOjKvcO+5n8hXF90e5Dya1CJPbDwm0SZAvlwu45UBN183E9ZT+5MpmoGRYM7mF +CeYRNB1goVgfGAAaYi3FGAITu4tn/BOdjfrXw7muYkUaoWJJwz8kWRNEzCSspXzp +bgoHfVC+vP97E8XtHTpT4JDReNoOSA5d2ZoGkLOUL3qUomfIYDc8aPvtVBl9A8uy +cP8gPQXrZP8/3SIyNQAQ9Eh2CyLIVfb54Xc2nm6WEKd03a8OyieaPu+mJ1kItoCD +mHqEFycTl0urdHuEl5uNwfWlVM8gfMrKeI7qLFIRNInuQrl3aEP1wfLdBowxTdIA +GOk7Ab8ObE1zW52jjUVE08/UZeFoMfqn7jL4ViiARk01UsDKuwXj4M1HQnrrfePn +2Y4G7fiDgdwU+GjvUS+cg9f/cI6ADKi6nxhwAUIyyVY0+OvN76BiNGyKeGE5IjL+ +MLIOY5PKs/YakGBhYfAOAlqlO0LCRPPqkVqoD6ekvQBgopmE2tNhVqlB1WA2sU5I +Ef8RxAWS1WIjGlA0131U5Z4Z0oyIEyG2Zs5i32RFjUmpKevyEV/aLICHvis1rDdD +pdX+ici7ZwSVZZHtkDyu7mH4kmkhKp77oKMcHiRdDzxGvIBM7kECggEBAP4siFF6 +qBej5A4CRld+7BY+I4HjKWRy3lNwFaPECaGsrWnyp+7eoQimNZshXBN6lV5MNbIb +b5JgiASA9Wny6JztBk1OVvxFGRrDK1HysHa6XRwA3JnsfYQV0Jzlf+KeDcA9ldBc +yWZ1X3lHt1AKrpAinAsobnMCIy5v00H2ccS3mlOpfli/l79RO5Dc8pG7Ht4PZuvr +ROamNi7DAk1qpA1fkblPyoH8GlGsWmeLtuC7533QtcXrSczArpbM+/sBb2eHojbe +bo4mdDapeXBHqbc36JJ/6p4MNvBQUVa19OIGWms+xV6iXYkg1MsahT4rhfH5XaE1 +P6RHm5U3uwkN+A8CggEBAN9Tvz34t/b06ujWhT3Qz1PgnlwPj0bvE3srMzJw9fn6 +Vo6xVFwduhpsFE8jb+q98bNb96rtk3qGZ6TegwFMZa4Hv3zDgov3eqCaAg46P9fg +A7UK6rXgBwqR8lbqEu6tq2WErniRTOIBwSSBARqM2a3YZczmqQC3EAUPSMps2Gdg +i0Tr3QpPANrPUP3TL5FaZQacRjl23dO2FTpo9xPEMhMO5IS8CMSOshp/FAhFTCRV +geYOQaNAmGOJe5ZlM5ctRnlZLTE0+Tl8flZQoGjlZs2dzRDU/OlrKgYcXkBMsy1J +nijYkCmU4BlskaoHuhUT4ScOnYj88+WQ/1ezAneMizkCggEBAPDs81YQZs7pud0R +iO2c0FoREoUm9vBQ9a6vWsO9qceHL2Vy7n28p3XUXpGqYGXSV01n/anS2cItICDs +wDNqXdWJ0uRqMoezU6WLhD+MRHp2EpXdtz1r7lnKd9CQtdTwLmafuacknH8zGImU +Ug1b4rWbKMBm1bLMPt7gfqZS3OozguR0j9+91DAz5rtcw80hSpQAk3VisA/VUxym +GkOZpuFKSo4WNQVbGvN55MOrqnCBjF80+2gcq/qaVaN5sAvwA1JmPXu3AaJajuPV +ZtfoBdY294wOFi0ztMu7xi3kEbhBf2mSuXEHhJPb+/h9LfmNNcz0qyyIlce5XJ9n +kTF2/T8CggEARmRORklMKxIdrRBY5RgZEXYeVCQvZAtdV5hRRdfnIEjw2X85eOOB +0mw4po0j7Ji8Q218jireLmOI7aWZI2KiNg2JJNk3H8j8pPyGI1fm4bNhV8I+It+f +OIyyFwUmvIaPHKuKlsQtuJsW9tuWrniw8CPiSoh1wpzw9rdPmUZfm44Jt8qkXGh0 +e4OXIrpbJvSYHVJKrDg0SVP+Mu/82QUhR3KNQu1F0jasGr/tX4IAMv+ktw/NTpjA +r7cY9lmlvkPuD7e1D+qDl8QOykQVm5qbIbpYdbK8mRJHJ6/vYVMLsv2eVX+VSRX8 +4OagrzhKRfSDJl1r+E7KzZQ7d7gb0fTBuQKCAQA8+59lX2HcJicx/YEs7aBbLb2d +tqIrMG/cj96DLIRFXeAoOjCD8X2xZYNAA5WqY1TiziTLDFbBsqAMig8KwMYNb8br +fWfvUpuW2cGFbiw5VmGbJOnf8OOqYwsKZ02RPQuJGDBVBHDYurS1/WEg772+HbL5 +sO4rdsaSBcZSk9pt1+ERsxuDDCfzQkG2mz9pBjJua7b0N6U7CfJQvM8nsxef5y78 +xEkd+PuVfmerHl3TYLdOsvhIzi81lXaqodhbReBqtXkbxeMPd18wgMx4Aav1OX3q +C+z1y2JsaF9ZiAU7uMkoWzBrccF6b2lIZmZ6MKxEHl9QTcEfsPElaXEXqKXS +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/redis/certs/client.crt b/.ci/docker-compose-file/redis/certs/client.crt new file mode 100644 index 000000000..617add4f5 --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEADCCAeigAwIBAgIJAJ1b1eCyPY+kMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV +BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe +Fw0yMTEyMjIxNTU5NTBaFw0yMjEyMjIxNTU5NTBaMCYxEzARBgNVBAoMClJlZGlz +IFRlc3QxDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAJ+Mx7WUw+ghlFF66Qb3aHqLFfeuA5NVWq4c5aae7pLuj1eXiPm6hPxP +g/UmgK/cHwV9obsbjbket3HdJ+n201bRj+VuS7h01ITyLMUbhU+tPW+TjUzUie9D +zLeaKrpWZ+qpeMrsM+L3QeEuHQ24bsugTha1aerqc2DZFIDaiw+Y8n9ifEjGpwLn +qS+CznoKEf92Zaet5mZOtqVJuJJl3Hl9IhDgG0UdUwzwtwQvXQJ7O7OwLU/QrjcN +IS9KGB8OrnUvAUcbIVvHSMQAG7i2pe0ssMkXDth1NGMO0cHcu5dEIG0EWgx9yroa +BcQvpAT9NMyZ63hetgcnreda7rYQOcUCAwEAAaMiMCAwCwYDVR0PBAQDAgWgMBEG +CWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEArJIy30EAIqJEaDkT +nkOxHY8L3xTMgsKacLbCc/Of+rkbHFHrM3ffr4f0IybhZWiNN0fgNJKgCAgkfqMY +zoS/RTn/suCgHAarIPOchf99Es4QPCyIF1B/J0V9LXNmQuCSOBWBj0xvkv6YHtKc +frFl6ByRHNIymtRvldWxOZ7sw/5ZiEuJ/k3kRdol9fPLQu3gIH9rOvwuYGjHDsmr +mR4AfMUGTtHSGQVNus2M1Vu6xGfaKa0X0jDUtnSe5EYXdQHeMgB62CEy6hsT/cnn +HJkDwTXNhmazsvcmMeCJiS/HvDnhjkyeBgC/mU823Akq2ijaGYfeJYRQ/jHXyG5z +odBHAqIRMQ916Ozsv6ZDv05r3lxJksPV+9BOKPvDF6psd6VFqQG/HslGS7Hd7Oq5 +MLzh7kW8E3L9EmM1WrwCiSFJ/kkBbfCqc6ysO1EmKKqQOWCUtzfRUr4GBp0Qp4Q3 +oKwCFiDpIp3rpK5/MHBtqWzp86DUrRAFgd8XkqUw9nYleP/6WANG9cU1eg+uAsCT +y8OfNqYNaErTgO8mUdUnIyiZByHBuvMkkfrwXE+w6KM6ZT7Q0YowI5uIwP53aU8J +nUtryOYH1CzmI6/kzCE89M8cmK+2sRbJTwEi56OytVxqaVqwFT8NR9uUa6gxo0Rr +R5q5VPKvniiw0/HiJNbNG0ZHDCU= +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/redis/certs/client.key b/.ci/docker-compose-file/redis/certs/client.key new file mode 100644 index 000000000..e62e336c5 --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAn4zHtZTD6CGUUXrpBvdoeosV964Dk1Varhzlpp7uku6PV5eI ++bqE/E+D9SaAr9wfBX2huxuNuR63cd0n6fbTVtGP5W5LuHTUhPIsxRuFT609b5ON +TNSJ70PMt5oqulZn6ql4yuwz4vdB4S4dDbhuy6BOFrVp6upzYNkUgNqLD5jyf2J8 +SManAuepL4LOegoR/3Zlp63mZk62pUm4kmXceX0iEOAbRR1TDPC3BC9dAns7s7At +T9CuNw0hL0oYHw6udS8BRxshW8dIxAAbuLal7SywyRcO2HU0Yw7Rwdy7l0QgbQRa +DH3KuhoFxC+kBP00zJnreF62Byet51ruthA5xQIDAQABAoIBACmYjGB8vm6AgqiT +gLk+O1Dnffyqs2fv8so94mmEOfK4m0pcyWtCA3W8TUzWkupGWxgVXtrnHhXLOkxH +Oia3IPYbgIZyMO+QFe/rK1zgBet14PR75XTIXIWyiWa8nLMj38fAEyvkVMqxZ82L +Nivjj48q5fDprwl9wkLXlY7aazLPZdMa3MCWzB8tzb1OmaKKvOQTnp3AV9+vuSRm +6RlXd/HLQHTrsIOFd3RQ1HXY+I9xHQTtBdFamQL7VUhrFmoGsa+ogC+Zubz90P1U +O2brliKc3lTQr3MJtZVERy2n8MV3ZyVr2b7rcCGx/QqprXKwlIKWcH2SwCSOW+HD +RGWMSYECgYEAzgfiL9Sd0ut8K/vlsWBnEovpfpXzTusLClWVP526Pcu0UYHs1PkE +dScw1eck3vl7ce4V5t5rubZHmlYgMd1cb1hyGDhqs9x2YaZxxf0vT/RYKr9EaIRb +QgAb60OzLjPQ4Fq6TlUXkICT05sqCAXnXmfOOaPMlGb9buz13ExfE3UCgYEAxj75 +ksrT++MCp2/mfIZgwFxRredIVjcJpXoqhCjF2dAbjBVYidKVx9iAEesBlhd6SFFk +xk1tyiMnCEaBFpM/TRI3kFONb/Gc/KTVnPl70CP/CAGBzB6vOnhga2xYgLEW8hZh +MSmVDHMWUlWCvvYYVi5z98VcBFRIkKnrMpWNUxECgYA+2xTcdsc3g/Q8DvuCY+DO +PbUck27JUtfpbTa9U8dv9ueqPjMcvmPnwe8aMwyCoiZRGcvAxXakD8JEiaYE0H3U +0mzsirmy6b2MCRWIy7dVczw6vmOGZ2rX9eSOn/bYT6KX79YK89belPuEgUAPdo2h +tZWq7BgL5mfHIa/YZ8xRyQKBgQCEpNpEV6Xi4Y+DDKJBK4BM9PhJzXhfB1BTAhy0 +dLt883ubDSVCgj5piviWBJH5JRhSjvNIo8IT/9U7+kChJEC0hr3auazm+9i4SmoL +L/qh15PqfWelddp02tpYxhOpd9QMguDhDhuGSvLigAiNUQgTkd1SKSFaXDJ5aNfP +7rSyoQKBgF9MOs30XLuPLOX+PkvexXOMql9uKe/1LEzeJ/gulI6K0HrjRWZrD3xU +eqEAt8sEpd9doepT6JwLo9xBEgniEjwmI1SoJgV02Hq7KLh5k8BK7U5NyJMtRPnU +l+OLhG+ufeyWGllKpaDkeBn3LvQH0LrChsin3uzGbjpi6UUb5fTM +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/redis/certs/server.crt b/.ci/docker-compose-file/redis/certs/server.crt new file mode 100644 index 000000000..092209bfc --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/server.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEAzCCAeugAwIBAgIJAJ1b1eCyPY+jMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV +BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe +Fw0yMTEyMjIxNTU5NDlaFw0yMjEyMjIxNTU5NDlaMCkxEzARBgNVBAoMClJlZGlz +IFRlc3QxEjAQBgNVBAMMCXJlZGlzLXRsczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALteJrJx6zRKM2Yky5HKKS9VxgOieD/W48xR/G4rY/ecltHGtH6d +kER04+UdbHJ9XB0vhc7uU8yF94D4JChT6AtYqNGtFIlsrYGs9XrIBWJDYYQBr7Vh +m63FmOTp8Q/1ij8kVLcWjM92ZfL5TV5JLSl/qirVQyxp3ioudsKG+D2/kr4uyh1D +gqgnmdio5XZ5RCIPqb58ECK87vXYewUTn1I7f/g2uok1HGFAQVDX29vUX0pY9msu +6RXogtjmbGGc40kNYCwX8FlXfyDhvwl8PLxOrNw38a/VJMa8q5E0l11z16v3Fc3I +ixzwwQ9+T43Bg4W0OIFOlDFekRAx8S5NsAcCAwEAAaMiMCAwCwYDVR0PBAQDAgWg +MBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQsFAAOCAgEAhQ+gAOf6n8xA +S/N1Bt6T3B0smlODozPoZeAUuiIhZyKN3ZzJHAj41JB+Zs7PTwdQQC5MI/o10Bh+ +RmOvejTBpxSrB1OucdUvS0xOz2XASLRlnoL8MDX9dSw40QJsSOXfUZ6tJXwqN8wo +hAp1j5ogigmVSHzyxiKwfx0ULH+DWp9GuPyyfaJKeAPcbWejg2us+1sGLwbcg9+j +9QL3IaEF+Uv5BeFmWKe48irgBknJh1vesPQ4wzd63/ko96yLFFy7/celZP46YqyF +nulgqHc5HwlfxnLLjvP14han8FjEkfcLUyLwp+BNh5OcDahPVYFaQLBFygVujs+D +005Hqm1GdsNf7ImubNIgIjETlOO7jmAtMJnaQasFbSk4vf9BaUulb0RoqQs5Vjbm +T3jVfhRvKi+cATEM64zzVSNjVi5Nxa1urrYLAqv5VQCWl3stJl+2qCA1mgQ+J02k +8KIY8lfP6YcXEzuimecvhOzKhB1ccD7kWJqk4ErHpkTB+m7JqkH7+9DA7wN+0m1Q +bvAOlNV7inEyT3q9Wx+mQOVuipvk96iu/2Y1eMiyDuziFqJKgEwdr8ECldeLsVXY +FkWe+BLwMzc5IW+WZmVPIyyv7MefZhGic9SBPtjk/TejqBASp5er5iFI75LCshwJ +65Ph7RUKOkxNlslxjzZkVYpCP+NY+yU= +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/redis/certs/server.key b/.ci/docker-compose-file/redis/certs/server.key new file mode 100644 index 000000000..29ce58118 --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAu14msnHrNEozZiTLkcopL1XGA6J4P9bjzFH8bitj95yW0ca0 +fp2QRHTj5R1scn1cHS+Fzu5TzIX3gPgkKFPoC1io0a0UiWytgaz1esgFYkNhhAGv +tWGbrcWY5OnxD/WKPyRUtxaMz3Zl8vlNXkktKX+qKtVDLGneKi52wob4Pb+Svi7K +HUOCqCeZ2KjldnlEIg+pvnwQIrzu9dh7BROfUjt/+Da6iTUcYUBBUNfb29RfSlj2 +ay7pFeiC2OZsYZzjSQ1gLBfwWVd/IOG/CXw8vE6s3Dfxr9UkxryrkTSXXXPXq/cV +zciLHPDBD35PjcGDhbQ4gU6UMV6REDHxLk2wBwIDAQABAoIBAQCKv47iZ6+n+iaT +xj2lSVI0Rk0rFd38UFJCVJgcsS8HBsM8tuukM2PI/dJhMOfE5IYY6r8o3J3bf30n +2RlVb8UO2emx03y4w2y88WqbMJGkEYed7G3EYHKbPQ8avQ6RJd/pICtHpYBChUe7 +pNehMYkrCOnnbCOhOQiWre+t36rmdbmD8ZAR4k85iu03lSX53ONJBC1Ivat1J43e +8xfLhQNGaIdidFSzitExTx3TnPhiF9cIs0G4Nkh14E0cEqWLwP7FrRr+FoBr0tbG +bJ0wvrBbNCIkWGOm694vPZzhkz6wEm5VnsE7DCZ8g2YZ9Sq9iEV00HGDaE4r0rhp +cN4YLmqZAoGBANs3LGN4ADuZbv42e6DzQpI+WVCeE097SU7VwW7KmqBgPpqZWpgj +rjiXHKwB2BHNH/TnN7TNC4OrSznkJaa71urebkW86BQfQQgevtTKZDbEqsQaQYNS +9PGWbWTaMuoiQzc7KshHwrp7ZUXIPlSRhG+KzQgM2yo+NUG7Sv+NOmpLAoGBANrO +5XkQPMSGDmFfuzQtBsgOMycOkyF0x7gU5ujfTQkIuVyMWPif7Gh92Gim7HDQpLjK +qmipIEO5bdo6HXCLUQLB1rFXA69VymLPHrkz/ZsN/N6yHSDcdX3p2lRNXoEewzCb +A2PlUC3F6pt24FSwGtEuvacBa5qVoEJpkWmbu/u1AoGAYSBP9X5ctAtmRxICsqw1 +SbCASBzRt3yLXXeN7bWszvP1qO/bWN8uOPqTBI8ImdKFny+22c+jk2IYwXyZRgeh +0Ixe1V0+gnPaj2t357YIss9uTdbIQhRGXKfmrjGTL3Ogzl7TtMs+tvsnQsTXAQc8 +Y2NfNnrjvBK16/q83v9G64MCgYA6+YjgGIBId9loZWUPqxMo2Krw2/zMB63M79VM +7uLUjIVpbGqOmIwfncu2aUdRIOtE41sK2orXtiLlrsRAkUxEcfpr0ggsOfNSroCZ +amnwYNTHMTqooMMKLP2ruy69noz9jMpdInF55N5XCLNuIAkaWH7FhJx8DdgkDlAj +JtaEAQKBgDrtbLhP8+4+N9QVH+KGl/mBR8mEKKkQ1nboovsvu+HAjhUey7LYgZUW +HVY3HPqYlpHDDHWBd2w3yhHpR9zL0153LugPkNdm55463B+TwUK+MQmPc/elmrxk +NpXRGwsDfVnT8N7uTkamjhpBTFUN2FpRojgin+kEMYuEqUQggHfM +-----END RSA PRIVATE KEY----- diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml index bb0fb1c82..adcf6be0e 100644 --- a/.github/workflows/run_test_cases.yaml +++ b/.github/workflows/run_test_cases.yaml @@ -66,6 +66,7 @@ jobs: -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \ -f .ci/docker-compose-file/docker-compose.yaml \ up -d --build - name: run eunit diff --git a/apps/emqx_authn/test/data/certs/cacert.pem b/apps/emqx_authn/test/data/certs/cacert.pem deleted file mode 100644 index 604fd2362..000000000 --- a/apps/emqx_authn/test/data/certs/cacert.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDUTCCAjmgAwIBAgIJAPPYCjTmxdt/MA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNV -BAYTAkNOMREwDwYDVQQIDAhoYW5nemhvdTEMMAoGA1UECgwDRU1RMQ8wDQYDVQQD -DAZSb290Q0EwHhcNMjAwNTA4MDgwNjUyWhcNMzAwNTA2MDgwNjUyWjA/MQswCQYD -VQQGEwJDTjERMA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UE -AwwGUm9vdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcgVLex1 -EZ9ON64EX8v+wcSjzOZpiEOsAOuSXOEN3wb8FKUxCdsGrsJYB7a5VM/Jot25Mod2 -juS3OBMg6r85k2TWjdxUoUs+HiUB/pP/ARaaW6VntpAEokpij/przWMPgJnBF3Ur -MjtbLayH9hGmpQrI5c2vmHQ2reRZnSFbY+2b8SXZ+3lZZgz9+BaQYWdQWfaUWEHZ -uDaNiViVO0OT8DRjCuiDp3yYDj3iLWbTA/gDL6Tf5XuHuEwcOQUrd+h0hyIphO8D -tsrsHZ14j4AWYLk1CPA6pq1HIUvEl2rANx2lVUNv+nt64K/Mr3RnVQd9s8bK+TXQ -KGHd2Lv/PALYuwIDAQABo1AwTjAdBgNVHQ4EFgQUGBmW+iDzxctWAWxmhgdlE8Pj -EbQwHwYDVR0jBBgwFoAUGBmW+iDzxctWAWxmhgdlE8PjEbQwDAYDVR0TBAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAGbhRUjpIred4cFAFJ7bbYD9hKu/yzWPWkMRa -ErlCKHmuYsYk+5d16JQhJaFy6MGXfLgo3KV2itl0d+OWNH0U9ULXcglTxy6+njo5 -CFqdUBPwN1jxhzo9yteDMKF4+AHIxbvCAJa17qcwUKR5MKNvv09C6pvQDJLzid7y -E2dkgSuggik3oa0427KvctFf8uhOV94RvEDyqvT5+pgNYZ2Yfga9pD/jjpoHEUlo -88IGU8/wJCx3Ds2yc8+oBg/ynxG8f/HmCC1ET6EHHoe2jlo8FpU/SgGtghS1YL30 -IWxNsPrUP+XsZpBJy/mvOhE5QXo6Y35zDqqj8tI7AGmAWu22jg== ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/cert.pem b/apps/emqx_authn/test/data/certs/cert.pem deleted file mode 100644 index 092390b1d..000000000 --- a/apps/emqx_authn/test/data/certs/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDEzCCAfugAwIBAgIBAjANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJDTjER -MA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UEAwwGUm9vdENB -MB4XDTIwMDUwODA4MDcwNVoXDTMwMDUwNjA4MDcwNVowPzELMAkGA1UEBhMCQ04x -ETAPBgNVBAgMCGhhbmd6aG91MQwwCgYDVQQKDANFTVExDzANBgNVBAMMBlNlcnZl -cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNeWT3pE+QFfiRJzKmn -AMUrWo3K2j/Tm3+Xnl6WLz67/0rcYrJbbKvS3uyRP/stXyXEKw9CepyQ1ViBVFkW -Aoy8qQEOWFDsZc/5UzhXUnb6LXr3qTkFEjNmhj+7uzv/lbBxlUG1NlYzSeOB6/RT -8zH/lhOeKhLnWYPXdXKsa1FL6ij4X8DeDO1kY7fvAGmBn/THh1uTpDizM4YmeI+7 -4dmayA5xXvARte5h4Vu5SIze7iC057N+vymToMk2Jgk+ZZFpyXrnq+yo6RaD3ANc -lrc4FbeUQZ5a5s5Sxgs9a0Y3WMG+7c5VnVXcbjBRz/aq2NtOnQQjikKKQA8GF080 -BQkCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEL -BQADggEBAJefnMZpaRDHQSNUIEL3iwGXE9c6PmIsQVE2ustr+CakBp3TZ4l0enLt -iGMfEVFju69cO4oyokWv+hl5eCMkHBf14Kv51vj448jowYnF1zmzn7SEzm5Uzlsa -sqjtAprnLyof69WtLU1j5rYWBuFX86yOTwRAFNjm9fvhAcrEONBsQtqipBWkMROp -iUYMkRqbKcQMdwxov+lHBYKq9zbWRoqLROAn54SRqgQk6c15JdEfgOOjShbsOkIH -UhqcwRkQic7n1zwHVGVDgNIZVgmJ2IdIWBlPEC7oLrRrBD/X1iEEXtKab6p5o22n -KB5mN+iQaE+Oe2cpGKZJiJRdM+IqDDQ= ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/client-cert.pem b/apps/emqx_authn/test/data/certs/client-cert.pem deleted file mode 100644 index 09d855221..000000000 --- a/apps/emqx_authn/test/data/certs/client-cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDEzCCAfugAwIBAgIBATANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJDTjER -MA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UEAwwGUm9vdENB -MB4XDTIwMDUwODA4MDY1N1oXDTMwMDUwNjA4MDY1N1owPzELMAkGA1UEBhMCQ04x -ETAPBgNVBAgMCGhhbmd6aG91MQwwCgYDVQQKDANFTVExDzANBgNVBAMMBkNsaWVu -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMy4hoksKcZBDbY680u6 -TS25U51nuB1FBcGMlF9B/t057wPOlxF/OcmbxY5MwepS41JDGPgulE1V7fpsXkiW -1LUimYV/tsqBfymIe0mlY7oORahKji7zKQ2UBIVFhdlvQxunlIDnw6F9popUgyHt -dMhtlgZK8oqRwHxO5dbfoukYd6J/r+etS5q26sgVkf3C6dt0Td7B25H9qW+f7oLV -PbcHYCa+i73u9670nrpXsC+Qc7Mygwa2Kq/jwU+ftyLQnOeW07DuzOwsziC/fQZa -nbxR+8U9FNftgRcC3uP/JMKYUqsiRAuaDokARZxVTV5hUElfpO6z6/NItSDvvh3i -eikCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEL -BQADggEBABchYxKo0YMma7g1qDswJXsR5s56Czx/I+B41YcpMBMTrRqpUC0nHtLk -M7/tZp592u/tT8gzEnQjZLKBAhFeZaR3aaKyknLqwiPqJIgg0pgsBGITrAK3Pv4z -5/YvAJJKgTe5UdeTz6U4lvNEux/4juZ4pmqH4qSFJTOzQS7LmgSmNIdd072rwXBd -UzcSHzsJgEMb88u/LDLjj1pQ7AtZ4Tta8JZTvcgBFmjB0QUi6fgkHY6oGat/W4kR -jSRUBlMUbM/drr2PVzRc2dwbFIl3X+ZE6n5Sl3ZwRAC/s92JU6CPMRW02muVu6xl -goraNgPISnrbpR6KjxLZkVembXzjNNc= ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/client-key.pem b/apps/emqx_authn/test/data/certs/client-key.pem deleted file mode 100644 index 2b3f30cf6..000000000 --- a/apps/emqx_authn/test/data/certs/client-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAzLiGiSwpxkENtjrzS7pNLblTnWe4HUUFwYyUX0H+3TnvA86X -EX85yZvFjkzB6lLjUkMY+C6UTVXt+mxeSJbUtSKZhX+2yoF/KYh7SaVjug5FqEqO -LvMpDZQEhUWF2W9DG6eUgOfDoX2milSDIe10yG2WBkryipHAfE7l1t+i6Rh3on+v -561LmrbqyBWR/cLp23RN3sHbkf2pb5/ugtU9twdgJr6Lve73rvSeulewL5BzszKD -BrYqr+PBT5+3ItCc55bTsO7M7CzOIL99BlqdvFH7xT0U1+2BFwLe4/8kwphSqyJE -C5oOiQBFnFVNXmFQSV+k7rPr80i1IO++HeJ6KQIDAQABAoIBAGWgvPjfuaU3qizq -uti/FY07USz0zkuJdkANH6LiSjlchzDmn8wJ0pApCjuIE0PV/g9aS8z4opp5q/gD -UBLM/a8mC/xf2EhTXOMrY7i9p/I3H5FZ4ZehEqIw9sWKK9YzC6dw26HabB2BGOnW -5nozPSQ6cp2RGzJ7BIkxSZwPzPnVTgy3OAuPOiJytvK+hGLhsNaT+Y9bNDvplVT2 -ZwYTV8GlHZC+4b2wNROILm0O86v96O+Qd8nn3fXjGHbMsAnONBq10bZS16L4fvkH -5G+W/1PeSXmtZFppdRRDxIW+DWcXK0D48WRliuxcV4eOOxI+a9N2ZJZZiNLQZGwg -w3A8+mECgYEA8HuJFrlRvdoBe2U/EwUtG74dcyy30L4yEBnN5QscXmEEikhaQCfX -Wm6EieMcIB/5I5TQmSw0cmBMeZjSXYoFdoI16/X6yMMuATdxpvhOZGdUGXxhAH+x -xoTUavWZnEqW3fkUU71kT5E2f2i+0zoatFESXHeslJyz85aAYpP92H0CgYEA2e5A -Yozt5eaA1Gyhd8SeptkEU4xPirNUnVQHStpMWUb1kzTNXrPmNWccQ7JpfpG6DcYl -zUF6p6mlzY+zkMiyPQjwEJlhiHM2NlL1QS7td0R8ewgsFoyn8WsBI4RejWrEG9td -EDniuIw+pBFkcWthnTLHwECHdzgquToyTMjrBB0CgYEA28tdGbrZXhcyAZEhHAZA -Gzog+pKlkpEzeonLKIuGKzCrEKRecIK5jrqyQsCjhS0T7ZRnL4g6i0s+umiV5M5w -fcc292pEA1h45L3DD6OlKplSQVTv55/OYS4oY3YEJtf5mfm8vWi9lQeY8sxOlQpn -O+VZTdBHmTC8PGeTAgZXHZUCgYA6Tyv88lYowB7SN2qQgBQu8jvdGtqhcs/99GCr -H3N0I69LPsKAR0QeH8OJPXBKhDUywESXAaEOwS5yrLNP1tMRz5Vj65YUCzeDG3kx -gpvY4IMp7ArX0bSRvJ6mYSFnVxy3k174G3TVCfksrtagHioVBGQ7xUg5ltafjrms -n8l55QKBgQDVzU8tQvBVqY8/1lnw11Vj4fkE/drZHJ5UkdC1eenOfSWhlSLfUJ8j -ds7vEWpRPPoVuPZYeR1y78cyxKe1GBx6Wa2lF5c7xjmiu0xbRnrxYeLolce9/ntp -asClqpnHT8/VJYTD7Kqj0fouTTZf0zkig/y+2XERppd8k+pSKjUCPQ== ------END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/key.pem b/apps/emqx_authn/test/data/certs/key.pem deleted file mode 100644 index 6c338216e..000000000 --- a/apps/emqx_authn/test/data/certs/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAs15ZPekT5AV+JEnMqacAxStajcraP9Obf5eeXpYvPrv/Stxi -sltsq9Le7JE/+y1fJcQrD0J6nJDVWIFUWRYCjLypAQ5YUOxlz/lTOFdSdvotevep -OQUSM2aGP7u7O/+VsHGVQbU2VjNJ44Hr9FPzMf+WE54qEudZg9d1cqxrUUvqKPhf -wN4M7WRjt+8AaYGf9MeHW5OkOLMzhiZ4j7vh2ZrIDnFe8BG17mHhW7lIjN7uILTn -s36/KZOgyTYmCT5lkWnJeuer7KjpFoPcA1yWtzgVt5RBnlrmzlLGCz1rRjdYwb7t -zlWdVdxuMFHP9qrY206dBCOKQopADwYXTzQFCQIDAQABAoIBAQCuvCbr7Pd3lvI/ -n7VFQG+7pHRe1VKwAxDkx2t8cYos7y/QWcm8Ptwqtw58HzPZGWYrgGMCRpzzkRSF -V9g3wP1S5Scu5C6dBu5YIGc157tqNGXB+SpdZddJQ4Nc6yGHXYERllT04ffBGc3N -WG/oYS/1cSteiSIrsDy/91FvGRCi7FPxH3wIgHssY/tw69s1Cfvaq5lr2NTFzxIG -xCvpJKEdSfVfS9I7LYiymVjst3IOR/w76/ZFY9cRa8ZtmQSWWsm0TUpRC1jdcbkm -ZoJptYWlP+gSwx/fpMYftrkJFGOJhHJHQhwxT5X/ajAISeqjjwkWSEJLwnHQd11C -Zy2+29lBAoGBANlEAIK4VxCqyPXNKfoOOi5dS64NfvyH4A1v2+KaHWc7lqaqPN49 -ezfN2n3X+KWx4cviDD914Yc2JQ1vVJjSaHci7yivocDo2OfZDmjBqzaMp/y+rX1R -/f3MmiTqMa468rjaxI9RRZu7vDgpTR+za1+OBCgMzjvAng8dJuN/5gjlAoGBANNY -uYPKtearBmkqdrSV7eTUe49Nhr0XotLaVBH37TCW0Xv9wjO2xmbm5Ga/DCtPIsBb -yPeYwX9FjoasuadUD7hRvbFu6dBa0HGLmkXRJZTcD7MEX2Lhu4BuC72yDLLFd0r+ -Ep9WP7F5iJyagYqIZtz+4uf7gBvUDdmvXz3sGr1VAoGAdXTD6eeKeiI6PlhKBztF -zOb3EQOO0SsLv3fnodu7ZaHbUgLaoTMPuB17r2jgrYM7FKQCBxTNdfGZmmfDjlLB -0xZ5wL8ibU30ZXL8zTlWPElST9sto4B+FYVVF/vcG9sWeUUb2ncPcJ/Po3UAktDG -jYQTTyuNGtSJHpad/YOZctkCgYBtWRaC7bq3of0rJGFOhdQT9SwItN/lrfj8hyHA -OjpqTV4NfPmhsAtu6j96OZaeQc+FHvgXwt06cE6Rt4RG4uNPRluTFgO7XYFDfitP -vCppnoIw6S5BBvHwPP+uIhUX2bsi/dm8vu8tb+gSvo4PkwtFhEr6I9HglBKmcmog -q6waEQKBgHyecFBeM6Ls11Cd64vborwJPAuxIW7HBAFj/BS99oeG4TjBx4Sz2dFd -rzUibJt4ndnHIvCN8JQkjNG14i9hJln+H3mRss8fbZ9vQdqG+2vOWADYSzzsNI55 -RFY7JjluKcVkp/zCDeUxTU3O6sS+v6/3VE11Cob6OYQx3lN5wrZ3 ------END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/redis-tls-ca.crt b/apps/emqx_authn/test/data/certs/redis-tls-ca.crt new file mode 100644 index 000000000..3add4693a --- /dev/null +++ b/apps/emqx_authn/test/data/certs/redis-tls-ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5jCCAs4CCQCRt9xE7Dmf4DANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS +ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEx +MjIyMTU1OTQ5WhcNMzExMjIwMTU1OTQ5WjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0 +MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDdu/EP7YZCG2k5rkNwfjy8/X3xaVZ/B7X84BbceT0q +XFxzcCuIBCRNn8q1K4JBdg/xQpekjdzhqeXVDokDjOQ/LxQJGPTrQIArpznwbbzD +yC2YJ1lmkgzF2cZd1CZ2KNqfWgxgcyQ86Y5bVzQn5fIq6u801O9/fY5kCncVf3/0 +Eb9CClahHhBOzTC/9V89SYIRkDgg8x9PVyUqjKP7N/70YE9/WYSx0D2AOXRpPjnf +XKuBM7gfOFCr/euXApVUIk/SbhcaSHJ2ns7OTiUl50+copsfNeMYRjq0hMapiwvg +UwBSgMQHqLUDo+roqzhoAMOKwOEmEcyed7HEE4HUjdkBuqi1Glr4n5KoIrUDj3co +/XSFAMIr9XCqf2I+KeNnNWKt43Q6C/SkeR76pCzptcJsQzGePVaT7zsB+DrZMW1O +x9snhvLR8l5+ocjZMqNCntBBf+8yhdw1cznTwfNAW5J5RHPvbkuqbxG84uwaqJki ++lzPJMD24Wu/R9i2nmKo/KDmKBFDfOA7SGexGDtoaFmgSn7TVosK1UA+I1QdHECs +/ecVvIS3QOIOXDvRIecutPKNxmXZxB2XBOjS6/y+QuXAWTZM7vd97cLMlM7e1jmf +weA83Wz9IGH+Ip73kLE4QKtK9fqhQqUj1pAEAR5lTLR3uY7tQyaPD/8podWgOwBg +VwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQDXHBBaJFIiHBJtutL1WiEwoEBLBZrl +4ojxJ+Lf1tmfc3LM8F7AhJljBIP0vBt1nHX7Q5gWHBm3/3OMwrTUcFBANTbuxpPZ +KEJaXUGY9f6/hpJXVAKXlbhLTNNQa0CmXicKpZGuyC4eUjLKssFS3ix0iUFTAOWX +RJliXCwcERH9jbC+d5n3VeCtwak0uYyqah3jCssXB5fqMRn3411TwfaSKNWjvdaW +whtQD1NvY6cbsG0+kd2lrOMTRTYMC+Jm3T6p3Mn4aGikfb0Hv7fcSOgRWDzMjWcO +JEQMKG1jlajyUOqsXnaW9zSoiJhJcZNR6n96KUuj9EBqNQhbP8wdqmd33ulqj4H5 +Ocg/RtFhYog5kwCrLAQTvKcdA7MVtjsH4tCb86L69jxKWnecSNuE987nPituwJXh +AVgmEJl3nN5yuSqxWFNxlsZvTAsuhlaucYYBofAF+qB8Jvy3GGMMC76Fc5TR0BAD +wiRAYJ+M19HWaZfyEZbH+uKMfYPhjlQaUyJ1Hg/hhkpp5ro3V7q8B0osJV1SYIcB +LaLeEcg7ZhprHbnit244VN0rUpxsvgNyNJ93v38iRUd0/+s5bRhSIIxTqqtj7fwZ +/WYkWUo5NZR2kBWrE7gFLQJbhVie+WCCZ7wToYmFIo55WUKcg54VszdbuNVikcsk +UElFARdXALiZWg== +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/redis-tls-client.crt b/apps/emqx_authn/test/data/certs/redis-tls-client.crt new file mode 100644 index 000000000..617add4f5 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/redis-tls-client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEADCCAeigAwIBAgIJAJ1b1eCyPY+kMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV +BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe +Fw0yMTEyMjIxNTU5NTBaFw0yMjEyMjIxNTU5NTBaMCYxEzARBgNVBAoMClJlZGlz +IFRlc3QxDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAJ+Mx7WUw+ghlFF66Qb3aHqLFfeuA5NVWq4c5aae7pLuj1eXiPm6hPxP +g/UmgK/cHwV9obsbjbket3HdJ+n201bRj+VuS7h01ITyLMUbhU+tPW+TjUzUie9D +zLeaKrpWZ+qpeMrsM+L3QeEuHQ24bsugTha1aerqc2DZFIDaiw+Y8n9ifEjGpwLn +qS+CznoKEf92Zaet5mZOtqVJuJJl3Hl9IhDgG0UdUwzwtwQvXQJ7O7OwLU/QrjcN +IS9KGB8OrnUvAUcbIVvHSMQAG7i2pe0ssMkXDth1NGMO0cHcu5dEIG0EWgx9yroa +BcQvpAT9NMyZ63hetgcnreda7rYQOcUCAwEAAaMiMCAwCwYDVR0PBAQDAgWgMBEG +CWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEArJIy30EAIqJEaDkT +nkOxHY8L3xTMgsKacLbCc/Of+rkbHFHrM3ffr4f0IybhZWiNN0fgNJKgCAgkfqMY +zoS/RTn/suCgHAarIPOchf99Es4QPCyIF1B/J0V9LXNmQuCSOBWBj0xvkv6YHtKc +frFl6ByRHNIymtRvldWxOZ7sw/5ZiEuJ/k3kRdol9fPLQu3gIH9rOvwuYGjHDsmr +mR4AfMUGTtHSGQVNus2M1Vu6xGfaKa0X0jDUtnSe5EYXdQHeMgB62CEy6hsT/cnn +HJkDwTXNhmazsvcmMeCJiS/HvDnhjkyeBgC/mU823Akq2ijaGYfeJYRQ/jHXyG5z +odBHAqIRMQ916Ozsv6ZDv05r3lxJksPV+9BOKPvDF6psd6VFqQG/HslGS7Hd7Oq5 +MLzh7kW8E3L9EmM1WrwCiSFJ/kkBbfCqc6ysO1EmKKqQOWCUtzfRUr4GBp0Qp4Q3 +oKwCFiDpIp3rpK5/MHBtqWzp86DUrRAFgd8XkqUw9nYleP/6WANG9cU1eg+uAsCT +y8OfNqYNaErTgO8mUdUnIyiZByHBuvMkkfrwXE+w6KM6ZT7Q0YowI5uIwP53aU8J +nUtryOYH1CzmI6/kzCE89M8cmK+2sRbJTwEi56OytVxqaVqwFT8NR9uUa6gxo0Rr +R5q5VPKvniiw0/HiJNbNG0ZHDCU= +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/redis-tls-client.key b/apps/emqx_authn/test/data/certs/redis-tls-client.key new file mode 100644 index 000000000..e62e336c5 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/redis-tls-client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAn4zHtZTD6CGUUXrpBvdoeosV964Dk1Varhzlpp7uku6PV5eI ++bqE/E+D9SaAr9wfBX2huxuNuR63cd0n6fbTVtGP5W5LuHTUhPIsxRuFT609b5ON +TNSJ70PMt5oqulZn6ql4yuwz4vdB4S4dDbhuy6BOFrVp6upzYNkUgNqLD5jyf2J8 +SManAuepL4LOegoR/3Zlp63mZk62pUm4kmXceX0iEOAbRR1TDPC3BC9dAns7s7At +T9CuNw0hL0oYHw6udS8BRxshW8dIxAAbuLal7SywyRcO2HU0Yw7Rwdy7l0QgbQRa +DH3KuhoFxC+kBP00zJnreF62Byet51ruthA5xQIDAQABAoIBACmYjGB8vm6AgqiT +gLk+O1Dnffyqs2fv8so94mmEOfK4m0pcyWtCA3W8TUzWkupGWxgVXtrnHhXLOkxH +Oia3IPYbgIZyMO+QFe/rK1zgBet14PR75XTIXIWyiWa8nLMj38fAEyvkVMqxZ82L +Nivjj48q5fDprwl9wkLXlY7aazLPZdMa3MCWzB8tzb1OmaKKvOQTnp3AV9+vuSRm +6RlXd/HLQHTrsIOFd3RQ1HXY+I9xHQTtBdFamQL7VUhrFmoGsa+ogC+Zubz90P1U +O2brliKc3lTQr3MJtZVERy2n8MV3ZyVr2b7rcCGx/QqprXKwlIKWcH2SwCSOW+HD +RGWMSYECgYEAzgfiL9Sd0ut8K/vlsWBnEovpfpXzTusLClWVP526Pcu0UYHs1PkE +dScw1eck3vl7ce4V5t5rubZHmlYgMd1cb1hyGDhqs9x2YaZxxf0vT/RYKr9EaIRb +QgAb60OzLjPQ4Fq6TlUXkICT05sqCAXnXmfOOaPMlGb9buz13ExfE3UCgYEAxj75 +ksrT++MCp2/mfIZgwFxRredIVjcJpXoqhCjF2dAbjBVYidKVx9iAEesBlhd6SFFk +xk1tyiMnCEaBFpM/TRI3kFONb/Gc/KTVnPl70CP/CAGBzB6vOnhga2xYgLEW8hZh +MSmVDHMWUlWCvvYYVi5z98VcBFRIkKnrMpWNUxECgYA+2xTcdsc3g/Q8DvuCY+DO +PbUck27JUtfpbTa9U8dv9ueqPjMcvmPnwe8aMwyCoiZRGcvAxXakD8JEiaYE0H3U +0mzsirmy6b2MCRWIy7dVczw6vmOGZ2rX9eSOn/bYT6KX79YK89belPuEgUAPdo2h +tZWq7BgL5mfHIa/YZ8xRyQKBgQCEpNpEV6Xi4Y+DDKJBK4BM9PhJzXhfB1BTAhy0 +dLt883ubDSVCgj5piviWBJH5JRhSjvNIo8IT/9U7+kChJEC0hr3auazm+9i4SmoL +L/qh15PqfWelddp02tpYxhOpd9QMguDhDhuGSvLigAiNUQgTkd1SKSFaXDJ5aNfP +7rSyoQKBgF9MOs30XLuPLOX+PkvexXOMql9uKe/1LEzeJ/gulI6K0HrjRWZrD3xU +eqEAt8sEpd9doepT6JwLo9xBEgniEjwmI1SoJgV02Hq7KLh5k8BK7U5NyJMtRPnU +l+OLhG+ufeyWGllKpaDkeBn3LvQH0LrChsin3uzGbjpi6UUb5fTM +-----END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl index de556a7bd..c4c7f22cf 100644 --- a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl @@ -52,7 +52,7 @@ end_per_group(require_seeds, Config) -> Config. init_per_suite(Config) -> - _ = application:load(emqx_conf), + _ = application:load(emqx_conf), case emqx_authn_test_lib:is_tcp_server_available(?REDIS_HOST, ?REDIS_PORT) of true -> ok = emqx_common_test_helpers:start_apps([emqx_authn]), diff --git a/apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl b/apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl new file mode 100644 index 000000000..22a8f013e --- /dev/null +++ b/apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl @@ -0,0 +1,153 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- + +-module(emqx_authn_redis_tls_SUITE). + +-compile(nowarn_export_all). +-compile(export_all). + +-include("emqx_authn.hrl"). +-include_lib("eunit/include/eunit.hrl"). +-include_lib("common_test/include/ct.hrl"). + +-define(REDIS_HOST, "redis-tls"). +-define(REDIS_PORT, 6380). + +-define(PATH, [authentication]). + +all() -> + emqx_common_test_helpers:all(?MODULE). + +groups() -> + []. + +init_per_testcase(_, Config) -> + {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000), + emqx_authentication:initialize_authentication(?GLOBAL, []), + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + Config. + +init_per_suite(Config) -> + _ = application:load(emqx_conf), + case emqx_authn_test_lib:is_tcp_server_available(?REDIS_HOST, ?REDIS_PORT) of + true -> + ok = emqx_common_test_helpers:start_apps([emqx_authn]), + ok = start_apps([emqx_resource, emqx_connector]), + Config; + false -> + {skip, no_redis} + end. + +end_per_suite(_Config) -> + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + ok = stop_apps([emqx_resource, emqx_connector]), + ok = emqx_common_test_helpers:stop_apps([emqx_authn]). + +%%------------------------------------------------------------------------------ +%% Tests +%%------------------------------------------------------------------------------ + +t_create(_Config) -> + ?assertMatch( + {ok, _}, + create_redis_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"redis-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.3">>], + <<"ciphers">> => [<<"TLS_CHACHA20_POLY1305_SHA256">>]})). + +t_create_invalid(_Config) -> + %% invalid server_name + ?assertMatch( + {error, _}, + create_redis_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"redis-tls-unknown-host">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.3">>], + <<"ciphers">> => [<<"TLS_CHACHA20_POLY1305_SHA256">>]})), + + %% invalid server_name (eredis connects by ip address) + ?assertMatch( + {error, _}, + create_redis_auth_with_ssl_opts( + #{<<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.3">>], + <<"ciphers">> => [<<"TLS_CHACHA20_POLY1305_SHA256">>]})), + + %% incompatible versions + ?assertMatch( + {error, _}, + create_redis_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"redis-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.1">>, <<"tlsv1.2">>]})), + + %% incompatible ciphers + ?assertMatch( + {error, _}, + create_redis_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"redis-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.3">>], + <<"ciphers">> => [<<"TLS_AES_128_GCM_SHA256">>]})). + +%%------------------------------------------------------------------------------ +%% Helpers +%%------------------------------------------------------------------------------ + +create_redis_auth_with_ssl_opts(SpecificSSLOpts) -> + AuthConfig = raw_redis_auth_config(SpecificSSLOpts), + emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, AuthConfig}). + +raw_redis_auth_config(SpecificSSLOpts) -> + SSLOpts = maps:merge( + client_ssl_opts(), + #{enable => <<"true">>}), + #{ + mechanism => <<"password-based">>, + password_hash_algorithm => #{name => <<"plain">>, + salt_position => <<"suffix">>}, + enable => <<"true">>, + + backend => <<"redis">>, + cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>, + database => <<"1">>, + password => <<"public">>, + server => redis_server(), + ssl => maps:merge(SSLOpts, SpecificSSLOpts) + }. + +redis_server() -> + iolist_to_binary( + io_lib:format( + "~s:~b", + [?REDIS_HOST, ?REDIS_PORT])). + +start_apps(Apps) -> + lists:foreach(fun application:ensure_all_started/1, Apps). + +stop_apps(Apps) -> + lists:foreach(fun application:stop/1, Apps). + +client_ssl_opts() -> + Dir = code:lib_dir(emqx_authn, test), + #{keyfile => filename:join([Dir, <<"data/certs">>, "redis-tls-client.key"]), + certfile => filename:join([Dir, <<"data/certs">>, "redis-tls-client.crt"]), + cacertfile => filename:join([Dir, <<"data/certs">>, "redis-tls-ca.crt"])}. diff --git a/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl b/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl index 2bcf66763..6a40abac2 100644 --- a/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl +++ b/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl @@ -75,7 +75,7 @@ save_files_return_opts(Options, Dir) -> CA = do_save_file(CAFile, Dir), Verify = GetD(verify, verify_none), SNI = Get(server_name_indication), - Versions = emqx_tls_lib:integral_versions(Get(tls_versions)), + Versions = emqx_tls_lib:integral_versions(Get(versions)), Ciphers = emqx_tls_lib:integral_ciphers(Versions, Get(ciphers)), filter([{keyfile, Key}, {certfile, Cert}, {cacertfile, CA}, {verify, Verify}, {server_name_indication, SNI}, {versions, Versions}, {ciphers, Ciphers}]).