From 6de89d1207bd9ed7753b798ba9c642a7983704c4 Mon Sep 17 00:00:00 2001 From: Ilya Averyanov Date: Thu, 23 Dec 2021 21:19:55 +0300 Subject: [PATCH] chore(authn): test PostgreSQL authn via ssl connection --- .ci/docker-compose-file/Makefile.local | 2 + .../docker-compose-pgsql-tls.yaml | 12 +- .ci/docker-compose-file/pgsql/Dockerfile | 10 +- .ci/docker-compose-file/pgsql/certs/ca.crt | 29 ++++ .ci/docker-compose-file/pgsql/certs/ca.key | 51 ++++++ .../pgsql/certs/client.crt | 24 +++ .../pgsql/certs/client.key | 27 +++ .../pgsql/certs/server.crt | 24 +++ .../pgsql/certs/server.key | 27 +++ .ci/docker-compose-file/pgsql/postgresql.conf | 3 + .ci/docker-compose-file/redis/certs/ca.crt | 54 +++--- .../redis/certs/client.crt | 44 ++--- .../redis/certs/dhparam2048.pem | 8 + .../redis/certs/openssl.cnf | 7 + .../redis/certs/server.crt | 44 ++--- .github/workflows/run_test_cases.yaml | 1 + .../test/data/certs/pgsql-tls-ca.crt | 29 ++++ .../test/data/certs/pgsql-tls-client.crt | 24 +++ .../test/data/certs/pgsql-tls-client.key | 27 +++ .../test/data/certs/redis-tls-ca.crt | 54 +++--- .../test/data/certs/redis-tls-client.crt | 44 ++--- .../test/emqx_authn_pgsql_SUITE.erl | 1 - .../test/emqx_authn_pgsql_tls_SUITE.erl | 156 ++++++++++++++++++ .../src/emqx_connector_pgsql.erl | 10 +- 24 files changed, 577 insertions(+), 135 deletions(-) create mode 100644 .ci/docker-compose-file/pgsql/certs/ca.crt create mode 100644 .ci/docker-compose-file/pgsql/certs/ca.key create mode 100644 .ci/docker-compose-file/pgsql/certs/client.crt create mode 100644 .ci/docker-compose-file/pgsql/certs/client.key create mode 100644 .ci/docker-compose-file/pgsql/certs/server.crt create mode 100644 .ci/docker-compose-file/pgsql/certs/server.key create mode 100644 .ci/docker-compose-file/pgsql/postgresql.conf create mode 100644 .ci/docker-compose-file/redis/certs/dhparam2048.pem create mode 100644 .ci/docker-compose-file/redis/certs/openssl.cnf create mode 100644 apps/emqx_authn/test/data/certs/pgsql-tls-ca.crt create mode 100644 apps/emqx_authn/test/data/certs/pgsql-tls-client.crt create mode 100644 apps/emqx_authn/test/data/certs/pgsql-tls-client.key create mode 100644 apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl diff --git a/.ci/docker-compose-file/Makefile.local b/.ci/docker-compose-file/Makefile.local index 1422bd3a9..aea4be034 100644 --- a/.ci/docker-compose-file/Makefile.local +++ b/.ci/docker-compose-file/Makefile.local @@ -21,6 +21,7 @@ up: -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \ up -d --build @@ -31,6 +32,7 @@ down: -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \ down diff --git a/.ci/docker-compose-file/docker-compose-pgsql-tls.yaml b/.ci/docker-compose-file/docker-compose-pgsql-tls.yaml index 72aceed69..f1fc15b30 100644 --- a/.ci/docker-compose-file/docker-compose-pgsql-tls.yaml +++ b/.ci/docker-compose-file/docker-compose-pgsql-tls.yaml @@ -1,11 +1,11 @@ version: '3.9' services: - pgsql_server: - container_name: pgsql + pgsql_server_tls: + container_name: pgsql-tls build: - context: ../.. - dockerfile: .ci/docker-compose-file/pgsql/Dockerfile + context: pgsql + dockerfile: Dockerfile args: POSTGRES_USER: postgres BUILD_FROM: postgres:${PGSQL_TAG} @@ -16,7 +16,7 @@ services: POSTGRES_USER: root POSTGRES_PASSWORD: public ports: - - "5432:5432" + - "5433:5432" command: - -c - ssl=on @@ -28,5 +28,7 @@ services: - ssl_ca_file=/var/lib/postgresql/root.crt - -c - hba_file=/var/lib/postgresql/pg_hba.conf + - -c + - ssl_min_protocol_version=TLSv1.2 networks: - emqx_bridge diff --git a/.ci/docker-compose-file/pgsql/Dockerfile b/.ci/docker-compose-file/pgsql/Dockerfile index db2cd59fe..c39b1d0b9 100644 --- a/.ci/docker-compose-file/pgsql/Dockerfile +++ b/.ci/docker-compose-file/pgsql/Dockerfile @@ -1,10 +1,10 @@ -ARG BUILD_FROM=postgres:11 +ARG BUILD_FROM=postgres:13 FROM ${BUILD_FROM} ARG POSTGRES_USER=postgres -COPY --chown=$POSTGRES_USER .ci/docker-compose-file/pgsql/pg_hba.conf /var/lib/postgresql/pg_hba.conf -COPY --chown=$POSTGRES_USER apps/emqx/etc/certs/key.pem /var/lib/postgresql/server.key -COPY --chown=$POSTGRES_USER apps/emqx/etc/certs/cert.pem /var/lib/postgresql/server.crt -COPY --chown=$POSTGRES_USER apps/emqx/etc/certs/cacert.pem /var/lib/postgresql/root.crt +COPY --chown=$POSTGRES_USER pg_hba.conf /var/lib/postgresql/pg_hba.conf +COPY --chown=$POSTGRES_USER certs/server.key /var/lib/postgresql/server.key +COPY --chown=$POSTGRES_USER certs/server.crt /var/lib/postgresql/server.crt +COPY --chown=$POSTGRES_USER certs/ca.crt /var/lib/postgresql/root.crt RUN chmod 600 /var/lib/postgresql/pg_hba.conf RUN chmod 600 /var/lib/postgresql/server.key RUN chmod 600 /var/lib/postgresql/server.crt diff --git a/.ci/docker-compose-file/pgsql/certs/ca.crt b/.ci/docker-compose-file/pgsql/certs/ca.crt new file mode 100644 index 000000000..e0b066224 --- /dev/null +++ b/.ci/docker-compose-file/pgsql/certs/ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQDo376AfE/3SzANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjMwNjQwNTFaFw00OTA1MTAwNjQwNTFaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAzfdsesQLefz8rQFMKWTSqfQrb9Tt9AXM8x56fCtlduV8 +LM83l8NAmf8CdwlcOMW0tw1igrjf7yezCOdr9ffIo9K+jQJBq4cxqF756hWLp/2J +poqqG7rJUwamky4lVXg/W6beaticxMku9Ve6uZqNekKvCZ15bb4OoWkFRfCrjCYV +SB5Q6mcrzYmXpdazbPhSba211boiCL/ltwq/9up3ejE6eRrJevlk+AFebEQXA0zG +JGeQ2kGXmqEnMUbUlYySINH24ghyMcel4kffPFbgrYXz8UtUtpKHkladk6awAQoh +JkwK8kRhsAKH/Gcom30zEMAq8M6k4DgOOvD4cwiKWFdZGWrP/r+BCij1I4M0jrAg +KnCEWWG6N7ZluAoxCvtgAFynRqQ+XB2V8VAiOpa0FuJJXe/c4+9w4OX6Yw/DqsJd +/R9l1PiOCtkOYIpv2fT/5t/n/tiH+46BgSCGYoCUq1Z8/PVXzN7iIdiyyK37CAXf +2V02jGC5JWGK7URItVEPrzLBOLW8+lqb7Qud98TW9qqdJBsx43si/1QWOISHUOkz +3SDYJGh0xka2IRhSSEAiJTGA0QbeQ44122VB+pP+0zytTAVpVdckvrMTfHI+zxhz +4pc6QbLNsr9kncvIw0cqIrzFnXtxWS6RPMRWgnydR7OoOMzcxcEtjN6XUjdpGT8C +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAtReLK45ujUH/IAYPp9ikMPZb9MOcpH+g +VarcW0LnZvU1nK8YyCQpq2vnkKYuBeJQKzWdx/OuBz4tV5d/nXH/+LfMHyxHNgC9 +QZw12NWcZ9ghr9kPBr69fFmf6tWwNaHYmgQPdY56RfWO2jQXElNsbj4BuDic2jSf +uDm96z7i3YUxPt71VLwRviD5gHIMfO3O6FsfMBV3cv1hJq5EQUEj+hydC46tj6sl +9hZxJCkGlAvLFtzyUI6FO16CChgqX9C2F6anxEia3ATUyM6McCgplBBBKp+PCLWY +e1nkgsShFHOkp6EX5RnM0UQDrXjKrHie0KDar5CrSTImdWoaDQsVcMBeuXKtIIS2 +u4fWrSMWZb7O3MiVy8Srkhr00NMI0zWPnfXG+egGCXeog2MrpPE/1h+vvg43PJXU ++DXhJXtB4PS5s+dw2DRJLj8yGyG0ph3A2W9OG8XxZa8VHHPPBCu8pnHrCn0AEpzA +wJ2g7+CIS8qclPCR21DzhC21bW0CSHAO5g/SjmwH+H2BrXhfRQeGPJ1m+lDNfyVk +TKARDtUCZDfXHesnR+GCp4ZmnInwYb8kt+8JmXjbMh4hWutQ7tpXvhvbpZaEUzuf +2E+n+kW9y6+iVVw53m7+VlxMCUrAU17dcxQ6LiXrHcI6KeriDn+b6kN0K+ZijN3w +SrAQWl5NPsA= +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/pgsql/certs/ca.key b/.ci/docker-compose-file/pgsql/certs/ca.key new file mode 100644 index 000000000..fc929cc1c --- /dev/null +++ b/.ci/docker-compose-file/pgsql/certs/ca.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAzfdsesQLefz8rQFMKWTSqfQrb9Tt9AXM8x56fCtlduV8LM83 +l8NAmf8CdwlcOMW0tw1igrjf7yezCOdr9ffIo9K+jQJBq4cxqF756hWLp/2Jpoqq +G7rJUwamky4lVXg/W6beaticxMku9Ve6uZqNekKvCZ15bb4OoWkFRfCrjCYVSB5Q +6mcrzYmXpdazbPhSba211boiCL/ltwq/9up3ejE6eRrJevlk+AFebEQXA0zGJGeQ +2kGXmqEnMUbUlYySINH24ghyMcel4kffPFbgrYXz8UtUtpKHkladk6awAQohJkwK +8kRhsAKH/Gcom30zEMAq8M6k4DgOOvD4cwiKWFdZGWrP/r+BCij1I4M0jrAgKnCE +WWG6N7ZluAoxCvtgAFynRqQ+XB2V8VAiOpa0FuJJXe/c4+9w4OX6Yw/DqsJd/R9l +1PiOCtkOYIpv2fT/5t/n/tiH+46BgSCGYoCUq1Z8/PVXzN7iIdiyyK37CAXf2V02 +jGC5JWGK7URItVEPrzLBOLW8+lqb7Qud98TW9qqdJBsx43si/1QWOISHUOkz3SDY +JGh0xka2IRhSSEAiJTGA0QbeQ44122VB+pP+0zytTAVpVdckvrMTfHI+zxhz4pc6 +QbLNsr9kncvIw0cqIrzFnXtxWS6RPMRWgnydR7OoOMzcxcEtjN6XUjdpGT8CAwEA +AQKCAgAo9aBsFZqWqtnw6cYkoTlHtRgCSFz93z1vx8rh8Jtf9qkoHBlZI+ov9cee +tozReXfDw3SovG1EGSgAiE0vABS1h45/akh2/Q7CBgk7JQe946zBIuhLVWz+Bt+P +e2jPQ3eOGXQ32VXryHp/LfAjQvoJq0M17Uwdp+Mu9DypOQBUgapPyj+bLeNHH6q5 +vyW1cPireRUlKLvl84uSSB/+0YfrE+kl9k7FFt2eeF83tp7A+D6bNMFYthyZEp1B +rm1OREM3JaosLzPOdH6nrlVVoY1S1MW7YZi6Kg+t6W2y1D5CJqqK/CpdHX4zy30R +k84+hbpnBWBEvUOKl3s0+4DdF4CzT2BbBxqfcUSoNy+xdWCNa+v/bt5GnRh8Nq/u +4xuOkyu9fE4C44zYRjvNqTE2urzcHC7Y59k+GC+1TNRm2TLr25+OBq3Uki+RNufm +HQ6ocv+W30/UIqkOf17IP4u7cuWyff9yMyQmRZknscLTyzJswec2ku0sRfWee21A +DxkQEacGn8ngsJB3Z861D5XAQz5PdW2TPAYlMrKVwBzGF/C4gURk8g48xWQVLyQr +11a58HioxsrpCcARYB19pZoDZuO0xBSILXwT84o2TNXzNq+GjqDePx2VxMCXCw9G +C4wQkWt7diJW2p54PK9lS53XEecCrycINMH67dmoreA3YLJ8IQKCAQEA7fC0sYAK +HneuNK5bih05VuG8iRfMkJKob1tURk98l1FXlJKasQNL/uTdRkLaEttONy3BY8OW +/TshOEtTRrRZ+2F3e4vnto8cU4ZuEHHJeZ2FW40XTHaTSLS65QOWGpCUx57wZM/3 +0Xt4XgXP0WTmncwtP0uyDdP53jdpOBx5qgIMcu5jyav/t+K1F/7jTiT8C7o6Smdl +ZVGXUgJi4wKK4IMe9UZlhdf2CPVeEQ4DISek8Us/BM4qtM+tNr5J8PvU64vNMRMY +O4NrF2kW/t/8H8GodvgBctDfCtkfyofMdWU2S+n8icuJ4OFi0czOwbO95RmptRF4 +t8upsv9cHLvq8QKCAQEA3ZlzzN0JWp3Oq0586vfPrCV595NpunIn1kU6KWJvwQTO +OByLZD0rDFMSVGsJTbNeNJsW2NvNGsuNWAxyu3O/Cg6orXWRkQjIzH85vX0F8NNi +7ubPECPZNVWDTeCDPNewRCYS9Nt7NncJv5xD4C09oFVY6KHlmJGuT6b3jtT6Xd0Y +BLMjmeEXYwVV65diEjF23UAflbf8J03VFqwPNWQAUDXlErLJow1ukxepDRHXpleu +DFHv9uxshb6diGywSPz9VsgyIBe/3U+yG2A5ts7cHy/h2mnfP7mnYQ7q8gdZv7eC +mGHnmUAVmcn558pzIZTtQNyhcXBIsvGt6LuWd4JnLwKCAQEAsTMs7m/jmVMaCqO7 +Cn2/ISQWC6cMsrJ1/BBxD7fMmsh6R+xyhddltlttKxFIZPisJE3QE2MrREXP9KOs +TiCsTpkEqZ7EnuGvf8jCmT6UhBy6nzbRHiHEiEYIVdu44um/03Zbo0h6T6j7OFJt +tYzGbsgK/nN6E/BEyqhLlP0n4mOKL+G3sQ6F78VHhqpNT/odNwKmvJiKG82KuwmJ +6XQQRyl/WbzmiKoP0hYhyuO7kup6XTTjpsl/Zo6vefB3EqAJrq27z4tf5Zp2m8Wo +2YGnu2K2+nqyYXaKVQLkOSmvK9KHgDuu1lQdx7syo/o6FGmuxzq4d1+enopvRB4G +1GNikQKCAQEAq2oTWIo2vSDLCFpbaMqumyQWN7uREodRZ37/YZnihnV4K5FxBeYH +Ea6ExEZT2QYBvkGlp7RG8Q451L00VupPAbGbKyqBoqYf5YgYmwpF+ScbJV/nFj4U +vBvcyPX9rqfNkrm8+il5IwVrxgtTuepk/ExozPLHDoDKTJUEdDktPkRTWvdTd6nV +lGRBNU9Rrm8S2kzK4d6DL8gWKEaKMSuczm8SNqeUMAuo2CF6REDkBqlWWfNb4y65 +N6/eXfRtXNhOA74yf/6/DKukQ2bo3g8f2QQJ+hDhf4LWBc8rUHL9Kr8CR2ucYkBf +NSo2pOVGr9hqujywqXZI1hr7AsdwuhtmQwKCAQAaB/IU6MvoCuILwEv1za/1jS1i +jAPnoFQ835r2+SjJNxPTFUseEYnxraiZPMaf/sGk2DvJGoswnTDaDnyUoWV0i17q +IgIYbZt2n1pR3SM1wLN2pOJKSN5cFKqG3UvwGO57BXIeotowd3WmnG2V0fL8HK4G +2tOPjUkbvDsKim+pgfTv/uxawJocmaKw+VWPuIaXcDkgxjdAXN4AXOmqsqwROKLp +A9t+cNEdjRHl/vkRPbEjyP1xAeRP5e2hWumdbixYV+MJPBOz9Eu53lYkP++VKBhi +PvFUuNqoF7YZ/JwYWsrs+I2qLqihJMHNH4ZeOq20zUvZd6YjIypvFrtWMDUp +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/pgsql/certs/client.crt b/.ci/docker-compose-file/pgsql/certs/client.crt new file mode 100644 index 000000000..af886570e --- /dev/null +++ b/.ci/docker-compose-file/pgsql/certs/client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAeagAwIBAgIJAPKjgQdlPyGlMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzA2NDA1MloXDTQ5MDUxMDA2NDA1MlowJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCwwqKdZfHA2cgw42+s6URM0UXzve3X7ji6nPxC3rQKM82/Ol8iQfyIrCVy +WlVoxQppCBNDoPTCy+yrlAPWBWq95P+rOiXH3MeO86Z4mK9O8rwsRz9Yv3eOA7Ql +hlfrnFPD2E1t/XgpyuDxDA5lgLaB0nIu8Xklj4ZSXWHpTciY32HlyS7jpWSK94Ol +d+6D0kcWiu3ZLZ0Xgk+Br5Zkot5SjU4aUiCsD/rpil1YTHZ851kmXWhqaxetBPAO +bFUpxXffx3ou9+eQkWy8Za4BJOA3aaija+4ArVqcjrrzkEDzW1ESElRjdWegNaCk +g03nh3hpPogQjRYCHRTjMVli47+nAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBACOZsZdARELdQRe5WBkV +MTNZqei4TSFTjV8uocEuTMR7LV6HosmMZa/RqGTe3yU4tkUpHOYzxT1F9QlFl73s +hgcbPr1LRVn7XLEof8wKlxCElgqUKAsGHbjFFzhnw47c1tiiHablhLTWjfU/pMq2 +G9kFXqE8Jo+YNvbaUaC4YxFkc/Z2q/2rqhvmVVhcjsk0WwQ9hF47IwNl7ReUUNw1 +dxcPLUAQWyw4+lUeYkwMNZFL5MeARmIkiGJiKv4/yFxDyWe1Sjvp1K5H9RifR1Bn +fp21IUUjkP0+qYMnrV4L+4u8mxKO0JiV6Y/peIKzaOOULEB9bCgakBZQUpCNsFnt +MeSmtDR8LZtg3UFGCZeGj6QxiZ82kyqWmD7hcC8ag4KFGUlzmmdNFVD2Rgz0vGc9 +W8mXbWv39eaUBXitjEe8JwKWkeEFdRvKOfw5Jm4YCpYFsFTBIho+qaoF99odslAC +pY0LIjJhtfflbsGRz9y9MLGqhtZiDEv5CExv93FcnMuOQ9ZQSnGb2M2iyNl6zs2f +uZfzawvpEYisPjeMs7T2ys1gACqMxi8hwYpfBP/TQJ6iHtioUC+l9UfL/VwP8dky +yVi7Y5jka18RNSZHMj41rxIb2wgXm1/1vxAmkEm2/6ba8fR41s0tDCv3LylDehv1 +sNWUTEwylVLrkVay8UHhFsTZ +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/pgsql/certs/client.key b/.ci/docker-compose-file/pgsql/certs/client.key new file mode 100644 index 000000000..0795d511f --- /dev/null +++ b/.ci/docker-compose-file/pgsql/certs/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAsMKinWXxwNnIMONvrOlETNFF873t1+44upz8Qt60CjPNvzpf +IkH8iKwlclpVaMUKaQgTQ6D0wsvsq5QD1gVqveT/qzolx9zHjvOmeJivTvK8LEc/ +WL93jgO0JYZX65xTw9hNbf14Kcrg8QwOZYC2gdJyLvF5JY+GUl1h6U3ImN9h5cku +46VkiveDpXfug9JHFort2S2dF4JPga+WZKLeUo1OGlIgrA/66YpdWEx2fOdZJl1o +amsXrQTwDmxVKcV338d6LvfnkJFsvGWuASTgN2moo2vuAK1anI6685BA81tREhJU +Y3VnoDWgpINN54d4aT6IEI0WAh0U4zFZYuO/pwIDAQABAoIBAFSKct5XMN5tCxue +2/3Wf61B9nQSphw9uvI+PUT6YR/0EPbiQzgOWWtA8pQT8n+upkD/9L7Gz+oPQL37 +iC4n3xq92S6bHBDQXr3XeQp69HYNEMUYuoqG4PaSfOnprElrNoEYBkiSD5Pljdqc +SpJvklrbPXOIWMoHMFZahYbhhgzfFpCdruY6NFTDlLxy8XOBUXAGCol3MJUkLBbd +ez3te1PXSVTQduE28qNi/wxIjAlTqsd6mwoakObiXp0If8lultt21UTnVmCRO9Mr +1opJFuzNnyAu03uMgh/0EEU0ecIe3tSnqntpWj1dJVWetBEx+6SkuEehC0PP8XDL +KphG3nECgYEA4U5nVIVFWzxNtyBX3i3Qy7ejt4S97vPa2GhDbGPpfx1meFZGkCXo +0Xke1syqxaXAyAZqB6TLN0iLhcjNoa+XTr7pm/f8IitSNCwqFHvhtqYpsAmV0+zn +ngsPmQP/dVPOOHYI0kCm1ktQHMmTpJ3PUjUKAJSFQCrg4TL9Z/NCYgkCgYEAyNcu +oejjuCJO3qSJ74huieOfvJonSTkWOf4CQm1wiPSgQ1w5yxGmUVlwyjMzZhAWICF7 +pJ55bOnEuo1NYcxGDjFPSaf0e9F3FMmzJRrMUfR10V4PqrTk+ouVAJ6luFHA8yzS +GeO5mvzPeW16vAQgXzB4RswyaWHD2TCkn1YFwC8CgYAmOpdtz+8ku+az29kM6dkz +t8UfrnZLxTSs44QNMCa+Ws64PGtcqhIG+PYynCedwbIkPnJfOacBil2iJaA+fvy9 +b8dTn5A4fAFGuPeq4ho6U5dfN0Ek5F2og1fyLqt5zO6AxgZZJn8ofT7qo4lZtS0o +VbeMwaaabKwbiftVWAE7gQKBgGfAwhZieUFmd9gMqDVWBcS2Eo8cE6+ADjtnPUOT +xc76kNA7lJ+TPphH3DyYtrTDGqr+oSEpvRDGsxqsZI1hOc+bKZqjaWmNjDbw+9rv +PR4Za8P9E5rcWG4WLaNkUbgmg8ccIG2/duLaN1RDemQmvZJvN7NbSa+nEcXhmym1 +BsOBAoGAQnMIGe10cS2drHitTCKSCZBrJtqNIZT6UfJ5iPy0h0Haz53anXKsfvp3 +HO++G8GV+xFxYyiDd+PuUSk13DnnFUw69f3Yb0aWY4scwMZ7+VSdJaPhPFZlslcv +jEFJstKOjIkshR2/hDQMFS+eHQ12+LYNDJqKH0SFS3lCi/Oo6Js= +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/pgsql/certs/server.crt b/.ci/docker-compose-file/pgsql/certs/server.crt new file mode 100644 index 000000000..f1c83a065 --- /dev/null +++ b/.ci/docker-compose-file/pgsql/certs/server.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEATCCAemgAwIBAgIJAPKjgQdlPyGkMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzA2NDA1MVoXDTQ5MDUxMDA2NDA1MVowKDESMBAGA1UECgwJRU1RWCBU +ZXN0MRIwEAYDVQQDDAlwZ3NxbC10bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC/FuY3pDWvJ0KudNVBurfi5j6/2MtmEcc37q1maF/13aBu+zaktMq3 +8qpjxqO4YnsKqBQ6AtEUZY4pQ2OMJAFgwrZuJ3uH5/d9NkunSSh6X0yvA0m6b5yb +TfQCa8e3q7HRtjn/aIEfMmUIEpOlgHe6/mksTpdylHZEODG2GePgldzRyrjZvfNK +Qq9F5KSha5ChZq5xQQa/PsEkxa3upe2u4JUJbyfB4TDJ/KOTJyXKfnbg6iWnQgmx +o8XfOZlMnpkK0Rq8rxnEaQcUBw6+7QHk5IzjLfexhPrQxc3bH+vQLas3MhRPPwxk +Jxm1fClafWw0Io0bQJc6ewppKlLYvYmVAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDAR +BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBAAEOEjKPrwlUOuaT +aBi8Z9V9d6sN/toQshJ9Ko7m1O5qLv7/Lkmhe3VKvPIi7fFFYBnLCj4XVbCbSxYW +kaaV34/GF1S8uEz6/fpcLXpX87Tx95240YSeGMb9TZ0yjcz5Mhi9rlae6zZGDt1Q +eU9ydKsD6QfV1gWgzJ9PWUWJQboRhC2UEokOhLNrM+q38LFXkMJO7iOpD0ppFCZy +P7RheEp/XDyUrhHq0+yioNKBtqv1gc92On9sfZ+tQOk2hM0wqLyZlP8sqrVt7asW +IB/Erph1vjZk7FHiVu2/bplXbrj8vIrDg0SJC82IMxfxK5SLMKrvPDPTKJ0cH43s +OzPaH/te9suIuMt5M125AvT6pFkJSNVz4sihnfeIu9XyUQtcHrPEoVswS6czWAF3 +BHFrkif01CA1ktm5Kbk5Sc3xB6de0hV0IJ2eE3CMLa/jUkD/tZohli4OKSWnKWhe +A4eR2ijmpP1yMYr2UZUfWIDKdv8PKFlBsADNf8WHB8LW5R9284GbS5BRdZZJxCqE +4o7wRZfAhzaGk1YO/ItiN3YqMWhqrA0U4a3hpLksB23bJL/7qu6paF0g0mzpaXpQ +xTG29JnCcvLzEUAe7rtRBD17PT20ZWmoXjHm5WIyGrfYW+akCp5wwuesj/99MlDi +oIwoXwsXrxQuFebE7t0TwdCptau8 +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/pgsql/certs/server.key b/.ci/docker-compose-file/pgsql/certs/server.key new file mode 100644 index 000000000..b36f145c9 --- /dev/null +++ b/.ci/docker-compose-file/pgsql/certs/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvxbmN6Q1rydCrnTVQbq34uY+v9jLZhHHN+6tZmhf9d2gbvs2 +pLTKt/KqY8ajuGJ7CqgUOgLRFGWOKUNjjCQBYMK2bid7h+f3fTZLp0koel9MrwNJ +um+cm030AmvHt6ux0bY5/2iBHzJlCBKTpYB3uv5pLE6XcpR2RDgxthnj4JXc0cq4 +2b3zSkKvReSkoWuQoWaucUEGvz7BJMWt7qXtruCVCW8nweEwyfyjkyclyn524Ool +p0IJsaPF3zmZTJ6ZCtEavK8ZxGkHFAcOvu0B5OSM4y33sYT60MXN2x/r0C2rNzIU +Tz8MZCcZtXwpWn1sNCKNG0CXOnsKaSpS2L2JlQIDAQABAoIBAAGbSK45FDZ3xwi+ +dLiLwFYJB4gHY5ZlGd6vhAezYvMnPN0SAaCa4IVxZdtW5TN8qHordZgTQ/y+6dYQ ++fpIpzZQDMaaUGCRI7SKy1IJvGxi9rsV9P27SH7Jxf5rN4+kwub3eD9cepFvlAfg +WBtxHBCXaPz1YDKXavMh4dEdIJxXwn1lrgfeR1QXVm9W1Pr8ndSuWfFCLmyTQoaj +8U/vlH/A8T5lAYcgmNOaUdNjnqwhgu47Bep0ORUPvKq3mic5E8YmNokODU7RfKO8 +N0O+r5kjPsOVmgxV/9HAbXE6OuXiAmffMTJ1HqeN4Axulc8/ERpUA4bucasaWkcJ +SpykbAECgYEA57J1g9ITlO//8SvR6NKw+cC1bDZf84vkJcj69+bKbqlkcvQBy3yM +wQS1HPKm/h2y/4y0FJhZiT1b8F003Iu0I2KYDPnFLsoMEEXNhq4cFisNg2wxFprR +IsNx5Pgd98rMfmaiXqd8WJ07K59DREn+frBaXpAqL8K19+JLg04D6QECgYEA0yIK +q7ck7yOXhZHRii2yT6d19q4LgH87blZ2o4C0u0QAjFKjwX5rOVGGDJHkBHr/Al39 +UPPldwelWMgMsiYX/iWsbGrUYJWjXz1VaH2OyW1AjJBfFSdoClh62MkkRqtJz3u5 +fhCdez8CanWjLZ8wPxpC5/K1fJX1rf2Lzxuq7JUCgYEAgmCLfAfkePSsIvuzfL3C +VGe6LxBR4ewgD5sOjhzSYH71RTJFKEoHsj2B5K4uheQUa3SziLtJ9s4ORC1Op6P9 +U8QRJ4wNBw0uyKFey6CBsX+8dO2Wmc+4S0WLe3qa8mqts5rxVy4L7JldSGiwI2c3 +y/ZUg82/z2xTlQ9DyrlFvgECgYEAwk5/94xzh0oANsL+TubDRZ9eZwnCOB3f+inE +wbC/o+BviLS9VGQeFgA7F/JkION5MRqC+S+dLLBysYRaetGoHxNY3eZrUgAk/I+b +vLBg6muLjlGH0BYWH/9R/5UNt6QIJ9U73xM3e6d/d66P4HqykkB+9qxd7iysj9Xa +B171LQkCgYAeRphOByb4T0pcxStTKw1D3KyKFhxesMFG1I0ZfJIro3Tj3xlvDFAI +I3/efUErLJ25fHAbwjrU5+uszi8+aRO6j4MBXzgNKP99iVFaaQrS++q5yDG49D25 +B91dDrpLsvXIFGpFraVlvVbyxoaih7Gp9RCuXL1ZduvBi9Xje/H0Rg== +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/pgsql/postgresql.conf b/.ci/docker-compose-file/pgsql/postgresql.conf new file mode 100644 index 000000000..b28b04f64 --- /dev/null +++ b/.ci/docker-compose-file/pgsql/postgresql.conf @@ -0,0 +1,3 @@ + + + diff --git a/.ci/docker-compose-file/redis/certs/ca.crt b/.ci/docker-compose-file/redis/certs/ca.crt index 3add4693a..b0f76f987 100644 --- a/.ci/docker-compose-file/redis/certs/ca.crt +++ b/.ci/docker-compose-file/redis/certs/ca.crt @@ -1,29 +1,29 @@ -----BEGIN CERTIFICATE----- -MIIE5jCCAs4CCQCRt9xE7Dmf4DANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS -ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEx -MjIyMTU1OTQ5WhcNMzExMjIwMTU1OTQ5WjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0 -MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDdu/EP7YZCG2k5rkNwfjy8/X3xaVZ/B7X84BbceT0q -XFxzcCuIBCRNn8q1K4JBdg/xQpekjdzhqeXVDokDjOQ/LxQJGPTrQIArpznwbbzD -yC2YJ1lmkgzF2cZd1CZ2KNqfWgxgcyQ86Y5bVzQn5fIq6u801O9/fY5kCncVf3/0 -Eb9CClahHhBOzTC/9V89SYIRkDgg8x9PVyUqjKP7N/70YE9/WYSx0D2AOXRpPjnf -XKuBM7gfOFCr/euXApVUIk/SbhcaSHJ2ns7OTiUl50+copsfNeMYRjq0hMapiwvg -UwBSgMQHqLUDo+roqzhoAMOKwOEmEcyed7HEE4HUjdkBuqi1Glr4n5KoIrUDj3co -/XSFAMIr9XCqf2I+KeNnNWKt43Q6C/SkeR76pCzptcJsQzGePVaT7zsB+DrZMW1O -x9snhvLR8l5+ocjZMqNCntBBf+8yhdw1cznTwfNAW5J5RHPvbkuqbxG84uwaqJki -+lzPJMD24Wu/R9i2nmKo/KDmKBFDfOA7SGexGDtoaFmgSn7TVosK1UA+I1QdHECs -/ecVvIS3QOIOXDvRIecutPKNxmXZxB2XBOjS6/y+QuXAWTZM7vd97cLMlM7e1jmf -weA83Wz9IGH+Ip73kLE4QKtK9fqhQqUj1pAEAR5lTLR3uY7tQyaPD/8podWgOwBg -VwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQDXHBBaJFIiHBJtutL1WiEwoEBLBZrl -4ojxJ+Lf1tmfc3LM8F7AhJljBIP0vBt1nHX7Q5gWHBm3/3OMwrTUcFBANTbuxpPZ -KEJaXUGY9f6/hpJXVAKXlbhLTNNQa0CmXicKpZGuyC4eUjLKssFS3ix0iUFTAOWX -RJliXCwcERH9jbC+d5n3VeCtwak0uYyqah3jCssXB5fqMRn3411TwfaSKNWjvdaW -whtQD1NvY6cbsG0+kd2lrOMTRTYMC+Jm3T6p3Mn4aGikfb0Hv7fcSOgRWDzMjWcO -JEQMKG1jlajyUOqsXnaW9zSoiJhJcZNR6n96KUuj9EBqNQhbP8wdqmd33ulqj4H5 -Ocg/RtFhYog5kwCrLAQTvKcdA7MVtjsH4tCb86L69jxKWnecSNuE987nPituwJXh -AVgmEJl3nN5yuSqxWFNxlsZvTAsuhlaucYYBofAF+qB8Jvy3GGMMC76Fc5TR0BAD -wiRAYJ+M19HWaZfyEZbH+uKMfYPhjlQaUyJ1Hg/hhkpp5ro3V7q8B0osJV1SYIcB -LaLeEcg7ZhprHbnit244VN0rUpxsvgNyNJ93v38iRUd0/+s5bRhSIIxTqqtj7fwZ -/WYkWUo5NZR2kBWrE7gFLQJbhVie+WCCZ7wToYmFIo55WUKcg54VszdbuNVikcsk -UElFARdXALiZWg== +MIIE5DCCAswCCQD2ieWzz1mwdjANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjMwNjM4MTdaFw00OTA1MTAwNjM4MTdaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA3bvxD+2GQhtpOa5DcH48vP198WlWfwe1/OAW3Hk9Klxc +c3AriAQkTZ/KtSuCQXYP8UKXpI3c4anl1Q6JA4zkPy8UCRj060CAK6c58G28w8gt +mCdZZpIMxdnGXdQmdijan1oMYHMkPOmOW1c0J+XyKurvNNTvf32OZAp3FX9/9BG/ +QgpWoR4QTs0wv/VfPUmCEZA4IPMfT1clKoyj+zf+9GBPf1mEsdA9gDl0aT4531yr +gTO4HzhQq/3rlwKVVCJP0m4XGkhydp7Ozk4lJedPnKKbHzXjGEY6tITGqYsL4FMA +UoDEB6i1A6Pq6Ks4aADDisDhJhHMnnexxBOB1I3ZAbqotRpa+J+SqCK1A493KP10 +hQDCK/Vwqn9iPinjZzVireN0Ogv0pHke+qQs6bXCbEMxnj1Wk+87Afg62TFtTsfb +J4by0fJefqHI2TKjQp7QQX/vMoXcNXM508HzQFuSeURz725Lqm8RvOLsGqiZIvpc +zyTA9uFrv0fYtp5iqPyg5igRQ3zgO0hnsRg7aGhZoEp+01aLCtVAPiNUHRxArP3n +FbyEt0DiDlw70SHnLrTyjcZl2cQdlwTo0uv8vkLlwFk2TO73fe3CzJTO3tY5n8Hg +PN1s/SBh/iKe95CxOECrSvX6oUKlI9aQBAEeZUy0d7mO7UMmjw//KaHVoDsAYFcC +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAhPGwtBjJlLr6fiuPURQdU3Mf5dwVJl3w +Ou2cdV+Cqx3BBqHEH5QOcvjTn6MhvlD4fROLa025Ad8HEA+c/SWofyHpYXN+enJn +IMGl1SXwx3dU+n3o1xVqthkP21Kp+TIsD5ZhZONT1uVKbhgc8A8qJgq6fzLH1qmS +XxmNZgss8QFg0lzILxCWq5Jao59GvM7he8b1JI1pRBFONdLMJmYfYLZ4gZfgSe/8 +omt2yqkym6MvANIArLn1x/K+ugKLWhHCz3W/qI6kHHfTYGFknRSEwswMgTsZc0Nw +Y4TbLcqZOjaB3HNXlTxE6B0UZKWGcexC9QkQZmnH32FbVv++RzVk62zD20kqll6/ +MwXTWXj6ML29xKyk7mCIhgdLCCPxJmaaBmNDUQpAzrd2ALTeTvNPj/1gjod9iSh/ +l/EXinNUnGZOSNP5hVzyH6seBhwT41yuLITghgRNwrnsGu3J/l80oRcKceWsEDe3 +yQLzEdpvcWnRH4kmULwB4d9w/20ThVESTJ8/Ran8xmpzmEfeiWZpyE7PMOSGgzy8 +xhLK8+F0ebkFyKQyMLDbSbvib+c5FAzlq5keszQfFKBDMa2reUf/qg75rAQDGwXR +C3Lw5K5/EZXSloTfo13hEMbLBttaWaKl9CIoZCcihsHdGrND3UM0ds2BWarmgqkB +/5+umpUJwJU= -----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/redis/certs/client.crt b/.ci/docker-compose-file/redis/certs/client.crt index 617add4f5..70f60e6b5 100644 --- a/.ci/docker-compose-file/redis/certs/client.crt +++ b/.ci/docker-compose-file/redis/certs/client.crt @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEADCCAeigAwIBAgIJAJ1b1eCyPY+kMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV -BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe -Fw0yMTEyMjIxNTU5NTBaFw0yMjEyMjIxNTU5NTBaMCYxEzARBgNVBAoMClJlZGlz -IFRlc3QxDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAJ+Mx7WUw+ghlFF66Qb3aHqLFfeuA5NVWq4c5aae7pLuj1eXiPm6hPxP -g/UmgK/cHwV9obsbjbket3HdJ+n201bRj+VuS7h01ITyLMUbhU+tPW+TjUzUie9D -zLeaKrpWZ+qpeMrsM+L3QeEuHQ24bsugTha1aerqc2DZFIDaiw+Y8n9ifEjGpwLn -qS+CznoKEf92Zaet5mZOtqVJuJJl3Hl9IhDgG0UdUwzwtwQvXQJ7O7OwLU/QrjcN -IS9KGB8OrnUvAUcbIVvHSMQAG7i2pe0ssMkXDth1NGMO0cHcu5dEIG0EWgx9yroa -BcQvpAT9NMyZ63hetgcnreda7rYQOcUCAwEAAaMiMCAwCwYDVR0PBAQDAgWgMBEG -CWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEArJIy30EAIqJEaDkT -nkOxHY8L3xTMgsKacLbCc/Of+rkbHFHrM3ffr4f0IybhZWiNN0fgNJKgCAgkfqMY -zoS/RTn/suCgHAarIPOchf99Es4QPCyIF1B/J0V9LXNmQuCSOBWBj0xvkv6YHtKc -frFl6ByRHNIymtRvldWxOZ7sw/5ZiEuJ/k3kRdol9fPLQu3gIH9rOvwuYGjHDsmr -mR4AfMUGTtHSGQVNus2M1Vu6xGfaKa0X0jDUtnSe5EYXdQHeMgB62CEy6hsT/cnn -HJkDwTXNhmazsvcmMeCJiS/HvDnhjkyeBgC/mU823Akq2ijaGYfeJYRQ/jHXyG5z -odBHAqIRMQ916Ozsv6ZDv05r3lxJksPV+9BOKPvDF6psd6VFqQG/HslGS7Hd7Oq5 -MLzh7kW8E3L9EmM1WrwCiSFJ/kkBbfCqc6ysO1EmKKqQOWCUtzfRUr4GBp0Qp4Q3 -oKwCFiDpIp3rpK5/MHBtqWzp86DUrRAFgd8XkqUw9nYleP/6WANG9cU1eg+uAsCT -y8OfNqYNaErTgO8mUdUnIyiZByHBuvMkkfrwXE+w6KM6ZT7Q0YowI5uIwP53aU8J -nUtryOYH1CzmI6/kzCE89M8cmK+2sRbJTwEi56OytVxqaVqwFT8NR9uUa6gxo0Rr -R5q5VPKvniiw0/HiJNbNG0ZHDCU= +MIID/jCCAeagAwIBAgIJAJ1b1eCyPY+mMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzA2MzgxN1oXDTQ5MDUxMDA2MzgxN1owJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCfjMe1lMPoIZRReukG92h6ixX3rgOTVVquHOWmnu6S7o9Xl4j5uoT8T4P1 +JoCv3B8FfaG7G425Hrdx3Sfp9tNW0Y/lbku4dNSE8izFG4VPrT1vk41M1InvQ8y3 +miq6VmfqqXjK7DPi90HhLh0NuG7LoE4WtWnq6nNg2RSA2osPmPJ/YnxIxqcC56kv +gs56ChH/dmWnreZmTralSbiSZdx5fSIQ4BtFHVMM8LcEL10CezuzsC1P0K43DSEv +ShgfDq51LwFHGyFbx0jEABu4tqXtLLDJFw7YdTRjDtHB3LuXRCBtBFoMfcq6GgXE +L6QE/TTMmet4XrYHJ63nWu62EDnFAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAAD6aGC0eqPqhoOx36g6 +Ckb+BO1/GIJRv6cPJrtzih7pLxAcxyFj0vqM5SWAXxUlsnRIZ68PAEe3/b0WyHh5 +KZ5jqZMCGOOHpe9ZecqGT49QNY1g4f+PWaDMUMhJidm8xHE5snBKXaTzvnbTtvul +CQ+4wcCTdzEq3xzPjuz8M4+Kq2Z95WO1ZmXbMOLyVGJaB7wjl2n5JPVs8bBxaQZi +Q9PHzor/Dafhlea2eqZP4bBFz6hSrZ8ye+18WwiebL6dzFS2z3sMu9yrBmmvi4SZ +hogQT/3bk9eTia0fq6LqFi56GfGloov2pushFKxpxRXnmWS1FJkukld2I/uoxeeU +kSbYk9H0Nq/KyuXgm+6frzXZqeGU7hTn3wreYwiiqpyZs9kUadaR6Q/zSio/C9D3 +Y9negp5LscHhkm6WTj12ZcBicaUJ7dToVXbttj3Me5Uf/QFtba+x4DTGPEUEsNdD +z/9y8MzuGg7/+qoSdQaXGYBOdeWeID8PS5vnwVzutn4KI2GxVLpsEL3I1a2ZVkG/ +ZvKivpyjDT3MCaAAxC7BfspsZuV6cJJfaNn5ozu1fJlgyGgWNj6MfCr67SLkXGIT +29orZbdk2FObZcF5WHa9Fqn3RbTQh+rV7tpv1loxhdZuGNKepDzkSXNN/CDyvb0Q +y49H/UmwxcGoBxxMep6YXgKm -----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/redis/certs/dhparam2048.pem b/.ci/docker-compose-file/redis/certs/dhparam2048.pem new file mode 100644 index 000000000..e6bb8ca60 --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/dhparam2048.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAu82pIpWMF4FNfu8/rENOziV+BbW6byzqLJJd7DcG3Ou47PA5Sj14 +GLQ9yzesjacqBljBSD4Qip55K0Cp7GM0pq76IOI5H6C+TpVWEdyYtNFpGYLo5SR3 +eJoziRImt2r6YPJbxLRcGFcMnsfSvbhsaCyiYwsFiUxlm8KaTITZ48A+gcPG4mG1 +BkHDXuuWJVomKrUaB7I8mPlKKsczIiPDSsRqeXbvf451mGSWP7QJypdnQveqqI9u +qVymZOPMqF+bcLZWBuwUNzG3q9D403iX310HsRzSl36m0/VaM/Y3Fxc4lzzZAfb1 +1DM/CilTJWINvlm3jtXlbxHv8B6R+jVDEwIBAg== +-----END DH PARAMETERS----- diff --git a/.ci/docker-compose-file/redis/certs/openssl.cnf b/.ci/docker-compose-file/redis/certs/openssl.cnf new file mode 100644 index 000000000..35ba4831b --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/openssl.cnf @@ -0,0 +1,7 @@ +[ server_cert ] +keyUsage = digitalSignature, keyEncipherment +nsCertType = server + +[ client_cert ] +keyUsage = digitalSignature, keyEncipherment +nsCertType = client diff --git a/.ci/docker-compose-file/redis/certs/server.crt b/.ci/docker-compose-file/redis/certs/server.crt index 092209bfc..ed7ab6557 100644 --- a/.ci/docker-compose-file/redis/certs/server.crt +++ b/.ci/docker-compose-file/redis/certs/server.crt @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEAzCCAeugAwIBAgIJAJ1b1eCyPY+jMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV -BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe -Fw0yMTEyMjIxNTU5NDlaFw0yMjEyMjIxNTU5NDlaMCkxEzARBgNVBAoMClJlZGlz -IFRlc3QxEjAQBgNVBAMMCXJlZGlzLXRsczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALteJrJx6zRKM2Yky5HKKS9VxgOieD/W48xR/G4rY/ecltHGtH6d -kER04+UdbHJ9XB0vhc7uU8yF94D4JChT6AtYqNGtFIlsrYGs9XrIBWJDYYQBr7Vh -m63FmOTp8Q/1ij8kVLcWjM92ZfL5TV5JLSl/qirVQyxp3ioudsKG+D2/kr4uyh1D -gqgnmdio5XZ5RCIPqb58ECK87vXYewUTn1I7f/g2uok1HGFAQVDX29vUX0pY9msu -6RXogtjmbGGc40kNYCwX8FlXfyDhvwl8PLxOrNw38a/VJMa8q5E0l11z16v3Fc3I -ixzwwQ9+T43Bg4W0OIFOlDFekRAx8S5NsAcCAwEAAaMiMCAwCwYDVR0PBAQDAgWg -MBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQsFAAOCAgEAhQ+gAOf6n8xA -S/N1Bt6T3B0smlODozPoZeAUuiIhZyKN3ZzJHAj41JB+Zs7PTwdQQC5MI/o10Bh+ -RmOvejTBpxSrB1OucdUvS0xOz2XASLRlnoL8MDX9dSw40QJsSOXfUZ6tJXwqN8wo -hAp1j5ogigmVSHzyxiKwfx0ULH+DWp9GuPyyfaJKeAPcbWejg2us+1sGLwbcg9+j -9QL3IaEF+Uv5BeFmWKe48irgBknJh1vesPQ4wzd63/ko96yLFFy7/celZP46YqyF -nulgqHc5HwlfxnLLjvP14han8FjEkfcLUyLwp+BNh5OcDahPVYFaQLBFygVujs+D -005Hqm1GdsNf7ImubNIgIjETlOO7jmAtMJnaQasFbSk4vf9BaUulb0RoqQs5Vjbm -T3jVfhRvKi+cATEM64zzVSNjVi5Nxa1urrYLAqv5VQCWl3stJl+2qCA1mgQ+J02k -8KIY8lfP6YcXEzuimecvhOzKhB1ccD7kWJqk4ErHpkTB+m7JqkH7+9DA7wN+0m1Q -bvAOlNV7inEyT3q9Wx+mQOVuipvk96iu/2Y1eMiyDuziFqJKgEwdr8ECldeLsVXY -FkWe+BLwMzc5IW+WZmVPIyyv7MefZhGic9SBPtjk/TejqBASp5er5iFI75LCshwJ -65Ph7RUKOkxNlslxjzZkVYpCP+NY+yU= +MIIEATCCAemgAwIBAgIJAJ1b1eCyPY+lMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzA2MzgxN1oXDTQ5MDUxMDA2MzgxN1owKDESMBAGA1UECgwJRU1RWCBU +ZXN0MRIwEAYDVQQDDAlyZWRpcy10bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC7Xiayces0SjNmJMuRyikvVcYDong/1uPMUfxuK2P3nJbRxrR+nZBE +dOPlHWxyfVwdL4XO7lPMhfeA+CQoU+gLWKjRrRSJbK2BrPV6yAViQ2GEAa+1YZut +xZjk6fEP9Yo/JFS3FozPdmXy+U1eSS0pf6oq1UMsad4qLnbChvg9v5K+LsodQ4Ko +J5nYqOV2eUQiD6m+fBAivO712HsFE59SO3/4NrqJNRxhQEFQ19vb1F9KWPZrLukV +6ILY5mxhnONJDWAsF/BZV38g4b8JfDy8TqzcN/Gv1STGvKuRNJddc9er9xXNyIsc +8MEPfk+NwYOFtDiBTpQxXpEQMfEuTbAHAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDAR +BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBAD4dH1vWISjxSCrn +zqOrkjoJr0okOGkDqJ8IqV9ZKCaC4ss7tosOp1gkgv+c9n2H8pwRug4v+0N3e5Lo +4UlTWJHifTCA+Iz6uVgB4ez8mRr7QYlOdWE3Zhm5B21V4oa2pIroTxmmSXjfgL/M +yp/EFZhYDxCCORRf7PJyDJh0mYZyQvjMWkhnGA/JC4pPAjj98mLDbo04U2YCFPUr +wyEU36zW4iueFWvh8tpbhmBGGvmyrf8yy2/XaK53ZMKRupP+DEVXg/rkIFFY6TL0 +Gl4D4hV9BsYwXgL03R3iyV42DjZ7eTKhs3mV2MHUBhJkEALsLUVLNkV2Kq/yvWbY +dpylIALCEMeKhMnssxoZQ4sxtFbFHt2y/2doLB9Ce/kprxkZyQzussHW5KO5EfMM +byCztnbNzwc+AmitBWJfKXig7TC7t1N5qGBtQFSJhhS3IyfyOsI1iKx/V2NsiOR/ +TTIv6G+uIRbayfFXTPPt+r1R5Zn5/65IptOVIYzFMRIyUswdCE51F54K7kCI+4/n +XLj1WFu9VlOzihK/OyDbeLEDPH9iSSymDGfzXDtRaDlMctRdoLn5dgsE2NiEHhzZ +XcyrDRRcvwTtACvGXi6F3DS5iHCiQ/4NO6p4TEZQ9jl0Hf8+/TCFFuE+ejzDhCFP +VQxhZDleyARpFHfZ1bH5ZZKcWYsb -----END CERTIFICATE----- diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml index adcf6be0e..b7b3894ff 100644 --- a/.github/workflows/run_test_cases.yaml +++ b/.github/workflows/run_test_cases.yaml @@ -65,6 +65,7 @@ jobs: -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \ -f .ci/docker-compose-file/docker-compose.yaml \ diff --git a/apps/emqx_authn/test/data/certs/pgsql-tls-ca.crt b/apps/emqx_authn/test/data/certs/pgsql-tls-ca.crt new file mode 100644 index 000000000..e0b066224 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/pgsql-tls-ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQDo376AfE/3SzANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjMwNjQwNTFaFw00OTA1MTAwNjQwNTFaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAzfdsesQLefz8rQFMKWTSqfQrb9Tt9AXM8x56fCtlduV8 +LM83l8NAmf8CdwlcOMW0tw1igrjf7yezCOdr9ffIo9K+jQJBq4cxqF756hWLp/2J +poqqG7rJUwamky4lVXg/W6beaticxMku9Ve6uZqNekKvCZ15bb4OoWkFRfCrjCYV +SB5Q6mcrzYmXpdazbPhSba211boiCL/ltwq/9up3ejE6eRrJevlk+AFebEQXA0zG +JGeQ2kGXmqEnMUbUlYySINH24ghyMcel4kffPFbgrYXz8UtUtpKHkladk6awAQoh +JkwK8kRhsAKH/Gcom30zEMAq8M6k4DgOOvD4cwiKWFdZGWrP/r+BCij1I4M0jrAg +KnCEWWG6N7ZluAoxCvtgAFynRqQ+XB2V8VAiOpa0FuJJXe/c4+9w4OX6Yw/DqsJd +/R9l1PiOCtkOYIpv2fT/5t/n/tiH+46BgSCGYoCUq1Z8/PVXzN7iIdiyyK37CAXf +2V02jGC5JWGK7URItVEPrzLBOLW8+lqb7Qud98TW9qqdJBsx43si/1QWOISHUOkz +3SDYJGh0xka2IRhSSEAiJTGA0QbeQ44122VB+pP+0zytTAVpVdckvrMTfHI+zxhz +4pc6QbLNsr9kncvIw0cqIrzFnXtxWS6RPMRWgnydR7OoOMzcxcEtjN6XUjdpGT8C +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAtReLK45ujUH/IAYPp9ikMPZb9MOcpH+g +VarcW0LnZvU1nK8YyCQpq2vnkKYuBeJQKzWdx/OuBz4tV5d/nXH/+LfMHyxHNgC9 +QZw12NWcZ9ghr9kPBr69fFmf6tWwNaHYmgQPdY56RfWO2jQXElNsbj4BuDic2jSf +uDm96z7i3YUxPt71VLwRviD5gHIMfO3O6FsfMBV3cv1hJq5EQUEj+hydC46tj6sl +9hZxJCkGlAvLFtzyUI6FO16CChgqX9C2F6anxEia3ATUyM6McCgplBBBKp+PCLWY +e1nkgsShFHOkp6EX5RnM0UQDrXjKrHie0KDar5CrSTImdWoaDQsVcMBeuXKtIIS2 +u4fWrSMWZb7O3MiVy8Srkhr00NMI0zWPnfXG+egGCXeog2MrpPE/1h+vvg43PJXU ++DXhJXtB4PS5s+dw2DRJLj8yGyG0ph3A2W9OG8XxZa8VHHPPBCu8pnHrCn0AEpzA +wJ2g7+CIS8qclPCR21DzhC21bW0CSHAO5g/SjmwH+H2BrXhfRQeGPJ1m+lDNfyVk +TKARDtUCZDfXHesnR+GCp4ZmnInwYb8kt+8JmXjbMh4hWutQ7tpXvhvbpZaEUzuf +2E+n+kW9y6+iVVw53m7+VlxMCUrAU17dcxQ6LiXrHcI6KeriDn+b6kN0K+ZijN3w +SrAQWl5NPsA= +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/pgsql-tls-client.crt b/apps/emqx_authn/test/data/certs/pgsql-tls-client.crt new file mode 100644 index 000000000..af886570e --- /dev/null +++ b/apps/emqx_authn/test/data/certs/pgsql-tls-client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAeagAwIBAgIJAPKjgQdlPyGlMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzA2NDA1MloXDTQ5MDUxMDA2NDA1MlowJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCwwqKdZfHA2cgw42+s6URM0UXzve3X7ji6nPxC3rQKM82/Ol8iQfyIrCVy +WlVoxQppCBNDoPTCy+yrlAPWBWq95P+rOiXH3MeO86Z4mK9O8rwsRz9Yv3eOA7Ql +hlfrnFPD2E1t/XgpyuDxDA5lgLaB0nIu8Xklj4ZSXWHpTciY32HlyS7jpWSK94Ol +d+6D0kcWiu3ZLZ0Xgk+Br5Zkot5SjU4aUiCsD/rpil1YTHZ851kmXWhqaxetBPAO +bFUpxXffx3ou9+eQkWy8Za4BJOA3aaija+4ArVqcjrrzkEDzW1ESElRjdWegNaCk +g03nh3hpPogQjRYCHRTjMVli47+nAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBACOZsZdARELdQRe5WBkV +MTNZqei4TSFTjV8uocEuTMR7LV6HosmMZa/RqGTe3yU4tkUpHOYzxT1F9QlFl73s +hgcbPr1LRVn7XLEof8wKlxCElgqUKAsGHbjFFzhnw47c1tiiHablhLTWjfU/pMq2 +G9kFXqE8Jo+YNvbaUaC4YxFkc/Z2q/2rqhvmVVhcjsk0WwQ9hF47IwNl7ReUUNw1 +dxcPLUAQWyw4+lUeYkwMNZFL5MeARmIkiGJiKv4/yFxDyWe1Sjvp1K5H9RifR1Bn +fp21IUUjkP0+qYMnrV4L+4u8mxKO0JiV6Y/peIKzaOOULEB9bCgakBZQUpCNsFnt +MeSmtDR8LZtg3UFGCZeGj6QxiZ82kyqWmD7hcC8ag4KFGUlzmmdNFVD2Rgz0vGc9 +W8mXbWv39eaUBXitjEe8JwKWkeEFdRvKOfw5Jm4YCpYFsFTBIho+qaoF99odslAC +pY0LIjJhtfflbsGRz9y9MLGqhtZiDEv5CExv93FcnMuOQ9ZQSnGb2M2iyNl6zs2f +uZfzawvpEYisPjeMs7T2ys1gACqMxi8hwYpfBP/TQJ6iHtioUC+l9UfL/VwP8dky +yVi7Y5jka18RNSZHMj41rxIb2wgXm1/1vxAmkEm2/6ba8fR41s0tDCv3LylDehv1 +sNWUTEwylVLrkVay8UHhFsTZ +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/pgsql-tls-client.key b/apps/emqx_authn/test/data/certs/pgsql-tls-client.key new file mode 100644 index 000000000..0795d511f --- /dev/null +++ b/apps/emqx_authn/test/data/certs/pgsql-tls-client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAsMKinWXxwNnIMONvrOlETNFF873t1+44upz8Qt60CjPNvzpf +IkH8iKwlclpVaMUKaQgTQ6D0wsvsq5QD1gVqveT/qzolx9zHjvOmeJivTvK8LEc/ +WL93jgO0JYZX65xTw9hNbf14Kcrg8QwOZYC2gdJyLvF5JY+GUl1h6U3ImN9h5cku +46VkiveDpXfug9JHFort2S2dF4JPga+WZKLeUo1OGlIgrA/66YpdWEx2fOdZJl1o +amsXrQTwDmxVKcV338d6LvfnkJFsvGWuASTgN2moo2vuAK1anI6685BA81tREhJU +Y3VnoDWgpINN54d4aT6IEI0WAh0U4zFZYuO/pwIDAQABAoIBAFSKct5XMN5tCxue +2/3Wf61B9nQSphw9uvI+PUT6YR/0EPbiQzgOWWtA8pQT8n+upkD/9L7Gz+oPQL37 +iC4n3xq92S6bHBDQXr3XeQp69HYNEMUYuoqG4PaSfOnprElrNoEYBkiSD5Pljdqc +SpJvklrbPXOIWMoHMFZahYbhhgzfFpCdruY6NFTDlLxy8XOBUXAGCol3MJUkLBbd +ez3te1PXSVTQduE28qNi/wxIjAlTqsd6mwoakObiXp0If8lultt21UTnVmCRO9Mr +1opJFuzNnyAu03uMgh/0EEU0ecIe3tSnqntpWj1dJVWetBEx+6SkuEehC0PP8XDL +KphG3nECgYEA4U5nVIVFWzxNtyBX3i3Qy7ejt4S97vPa2GhDbGPpfx1meFZGkCXo +0Xke1syqxaXAyAZqB6TLN0iLhcjNoa+XTr7pm/f8IitSNCwqFHvhtqYpsAmV0+zn +ngsPmQP/dVPOOHYI0kCm1ktQHMmTpJ3PUjUKAJSFQCrg4TL9Z/NCYgkCgYEAyNcu +oejjuCJO3qSJ74huieOfvJonSTkWOf4CQm1wiPSgQ1w5yxGmUVlwyjMzZhAWICF7 +pJ55bOnEuo1NYcxGDjFPSaf0e9F3FMmzJRrMUfR10V4PqrTk+ouVAJ6luFHA8yzS +GeO5mvzPeW16vAQgXzB4RswyaWHD2TCkn1YFwC8CgYAmOpdtz+8ku+az29kM6dkz +t8UfrnZLxTSs44QNMCa+Ws64PGtcqhIG+PYynCedwbIkPnJfOacBil2iJaA+fvy9 +b8dTn5A4fAFGuPeq4ho6U5dfN0Ek5F2og1fyLqt5zO6AxgZZJn8ofT7qo4lZtS0o +VbeMwaaabKwbiftVWAE7gQKBgGfAwhZieUFmd9gMqDVWBcS2Eo8cE6+ADjtnPUOT +xc76kNA7lJ+TPphH3DyYtrTDGqr+oSEpvRDGsxqsZI1hOc+bKZqjaWmNjDbw+9rv +PR4Za8P9E5rcWG4WLaNkUbgmg8ccIG2/duLaN1RDemQmvZJvN7NbSa+nEcXhmym1 +BsOBAoGAQnMIGe10cS2drHitTCKSCZBrJtqNIZT6UfJ5iPy0h0Haz53anXKsfvp3 +HO++G8GV+xFxYyiDd+PuUSk13DnnFUw69f3Yb0aWY4scwMZ7+VSdJaPhPFZlslcv +jEFJstKOjIkshR2/hDQMFS+eHQ12+LYNDJqKH0SFS3lCi/Oo6Js= +-----END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/redis-tls-ca.crt b/apps/emqx_authn/test/data/certs/redis-tls-ca.crt index 3add4693a..b0f76f987 100644 --- a/apps/emqx_authn/test/data/certs/redis-tls-ca.crt +++ b/apps/emqx_authn/test/data/certs/redis-tls-ca.crt @@ -1,29 +1,29 @@ -----BEGIN CERTIFICATE----- -MIIE5jCCAs4CCQCRt9xE7Dmf4DANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS -ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEx -MjIyMTU1OTQ5WhcNMzExMjIwMTU1OTQ5WjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0 -MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDdu/EP7YZCG2k5rkNwfjy8/X3xaVZ/B7X84BbceT0q -XFxzcCuIBCRNn8q1K4JBdg/xQpekjdzhqeXVDokDjOQ/LxQJGPTrQIArpznwbbzD -yC2YJ1lmkgzF2cZd1CZ2KNqfWgxgcyQ86Y5bVzQn5fIq6u801O9/fY5kCncVf3/0 -Eb9CClahHhBOzTC/9V89SYIRkDgg8x9PVyUqjKP7N/70YE9/WYSx0D2AOXRpPjnf -XKuBM7gfOFCr/euXApVUIk/SbhcaSHJ2ns7OTiUl50+copsfNeMYRjq0hMapiwvg -UwBSgMQHqLUDo+roqzhoAMOKwOEmEcyed7HEE4HUjdkBuqi1Glr4n5KoIrUDj3co -/XSFAMIr9XCqf2I+KeNnNWKt43Q6C/SkeR76pCzptcJsQzGePVaT7zsB+DrZMW1O -x9snhvLR8l5+ocjZMqNCntBBf+8yhdw1cznTwfNAW5J5RHPvbkuqbxG84uwaqJki -+lzPJMD24Wu/R9i2nmKo/KDmKBFDfOA7SGexGDtoaFmgSn7TVosK1UA+I1QdHECs -/ecVvIS3QOIOXDvRIecutPKNxmXZxB2XBOjS6/y+QuXAWTZM7vd97cLMlM7e1jmf -weA83Wz9IGH+Ip73kLE4QKtK9fqhQqUj1pAEAR5lTLR3uY7tQyaPD/8podWgOwBg -VwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQDXHBBaJFIiHBJtutL1WiEwoEBLBZrl -4ojxJ+Lf1tmfc3LM8F7AhJljBIP0vBt1nHX7Q5gWHBm3/3OMwrTUcFBANTbuxpPZ -KEJaXUGY9f6/hpJXVAKXlbhLTNNQa0CmXicKpZGuyC4eUjLKssFS3ix0iUFTAOWX -RJliXCwcERH9jbC+d5n3VeCtwak0uYyqah3jCssXB5fqMRn3411TwfaSKNWjvdaW -whtQD1NvY6cbsG0+kd2lrOMTRTYMC+Jm3T6p3Mn4aGikfb0Hv7fcSOgRWDzMjWcO -JEQMKG1jlajyUOqsXnaW9zSoiJhJcZNR6n96KUuj9EBqNQhbP8wdqmd33ulqj4H5 -Ocg/RtFhYog5kwCrLAQTvKcdA7MVtjsH4tCb86L69jxKWnecSNuE987nPituwJXh -AVgmEJl3nN5yuSqxWFNxlsZvTAsuhlaucYYBofAF+qB8Jvy3GGMMC76Fc5TR0BAD -wiRAYJ+M19HWaZfyEZbH+uKMfYPhjlQaUyJ1Hg/hhkpp5ro3V7q8B0osJV1SYIcB -LaLeEcg7ZhprHbnit244VN0rUpxsvgNyNJ93v38iRUd0/+s5bRhSIIxTqqtj7fwZ -/WYkWUo5NZR2kBWrE7gFLQJbhVie+WCCZ7wToYmFIo55WUKcg54VszdbuNVikcsk -UElFARdXALiZWg== +MIIE5DCCAswCCQD2ieWzz1mwdjANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjMwNjM4MTdaFw00OTA1MTAwNjM4MTdaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA3bvxD+2GQhtpOa5DcH48vP198WlWfwe1/OAW3Hk9Klxc +c3AriAQkTZ/KtSuCQXYP8UKXpI3c4anl1Q6JA4zkPy8UCRj060CAK6c58G28w8gt +mCdZZpIMxdnGXdQmdijan1oMYHMkPOmOW1c0J+XyKurvNNTvf32OZAp3FX9/9BG/ +QgpWoR4QTs0wv/VfPUmCEZA4IPMfT1clKoyj+zf+9GBPf1mEsdA9gDl0aT4531yr +gTO4HzhQq/3rlwKVVCJP0m4XGkhydp7Ozk4lJedPnKKbHzXjGEY6tITGqYsL4FMA +UoDEB6i1A6Pq6Ks4aADDisDhJhHMnnexxBOB1I3ZAbqotRpa+J+SqCK1A493KP10 +hQDCK/Vwqn9iPinjZzVireN0Ogv0pHke+qQs6bXCbEMxnj1Wk+87Afg62TFtTsfb +J4by0fJefqHI2TKjQp7QQX/vMoXcNXM508HzQFuSeURz725Lqm8RvOLsGqiZIvpc +zyTA9uFrv0fYtp5iqPyg5igRQ3zgO0hnsRg7aGhZoEp+01aLCtVAPiNUHRxArP3n +FbyEt0DiDlw70SHnLrTyjcZl2cQdlwTo0uv8vkLlwFk2TO73fe3CzJTO3tY5n8Hg +PN1s/SBh/iKe95CxOECrSvX6oUKlI9aQBAEeZUy0d7mO7UMmjw//KaHVoDsAYFcC +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAhPGwtBjJlLr6fiuPURQdU3Mf5dwVJl3w +Ou2cdV+Cqx3BBqHEH5QOcvjTn6MhvlD4fROLa025Ad8HEA+c/SWofyHpYXN+enJn +IMGl1SXwx3dU+n3o1xVqthkP21Kp+TIsD5ZhZONT1uVKbhgc8A8qJgq6fzLH1qmS +XxmNZgss8QFg0lzILxCWq5Jao59GvM7he8b1JI1pRBFONdLMJmYfYLZ4gZfgSe/8 +omt2yqkym6MvANIArLn1x/K+ugKLWhHCz3W/qI6kHHfTYGFknRSEwswMgTsZc0Nw +Y4TbLcqZOjaB3HNXlTxE6B0UZKWGcexC9QkQZmnH32FbVv++RzVk62zD20kqll6/ +MwXTWXj6ML29xKyk7mCIhgdLCCPxJmaaBmNDUQpAzrd2ALTeTvNPj/1gjod9iSh/ +l/EXinNUnGZOSNP5hVzyH6seBhwT41yuLITghgRNwrnsGu3J/l80oRcKceWsEDe3 +yQLzEdpvcWnRH4kmULwB4d9w/20ThVESTJ8/Ran8xmpzmEfeiWZpyE7PMOSGgzy8 +xhLK8+F0ebkFyKQyMLDbSbvib+c5FAzlq5keszQfFKBDMa2reUf/qg75rAQDGwXR +C3Lw5K5/EZXSloTfo13hEMbLBttaWaKl9CIoZCcihsHdGrND3UM0ds2BWarmgqkB +/5+umpUJwJU= -----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/redis-tls-client.crt b/apps/emqx_authn/test/data/certs/redis-tls-client.crt index 617add4f5..70f60e6b5 100644 --- a/apps/emqx_authn/test/data/certs/redis-tls-client.crt +++ b/apps/emqx_authn/test/data/certs/redis-tls-client.crt @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEADCCAeigAwIBAgIJAJ1b1eCyPY+kMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV -BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe -Fw0yMTEyMjIxNTU5NTBaFw0yMjEyMjIxNTU5NTBaMCYxEzARBgNVBAoMClJlZGlz -IFRlc3QxDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAJ+Mx7WUw+ghlFF66Qb3aHqLFfeuA5NVWq4c5aae7pLuj1eXiPm6hPxP -g/UmgK/cHwV9obsbjbket3HdJ+n201bRj+VuS7h01ITyLMUbhU+tPW+TjUzUie9D -zLeaKrpWZ+qpeMrsM+L3QeEuHQ24bsugTha1aerqc2DZFIDaiw+Y8n9ifEjGpwLn -qS+CznoKEf92Zaet5mZOtqVJuJJl3Hl9IhDgG0UdUwzwtwQvXQJ7O7OwLU/QrjcN -IS9KGB8OrnUvAUcbIVvHSMQAG7i2pe0ssMkXDth1NGMO0cHcu5dEIG0EWgx9yroa -BcQvpAT9NMyZ63hetgcnreda7rYQOcUCAwEAAaMiMCAwCwYDVR0PBAQDAgWgMBEG -CWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEArJIy30EAIqJEaDkT -nkOxHY8L3xTMgsKacLbCc/Of+rkbHFHrM3ffr4f0IybhZWiNN0fgNJKgCAgkfqMY -zoS/RTn/suCgHAarIPOchf99Es4QPCyIF1B/J0V9LXNmQuCSOBWBj0xvkv6YHtKc -frFl6ByRHNIymtRvldWxOZ7sw/5ZiEuJ/k3kRdol9fPLQu3gIH9rOvwuYGjHDsmr -mR4AfMUGTtHSGQVNus2M1Vu6xGfaKa0X0jDUtnSe5EYXdQHeMgB62CEy6hsT/cnn -HJkDwTXNhmazsvcmMeCJiS/HvDnhjkyeBgC/mU823Akq2ijaGYfeJYRQ/jHXyG5z -odBHAqIRMQ916Ozsv6ZDv05r3lxJksPV+9BOKPvDF6psd6VFqQG/HslGS7Hd7Oq5 -MLzh7kW8E3L9EmM1WrwCiSFJ/kkBbfCqc6ysO1EmKKqQOWCUtzfRUr4GBp0Qp4Q3 -oKwCFiDpIp3rpK5/MHBtqWzp86DUrRAFgd8XkqUw9nYleP/6WANG9cU1eg+uAsCT -y8OfNqYNaErTgO8mUdUnIyiZByHBuvMkkfrwXE+w6KM6ZT7Q0YowI5uIwP53aU8J -nUtryOYH1CzmI6/kzCE89M8cmK+2sRbJTwEi56OytVxqaVqwFT8NR9uUa6gxo0Rr -R5q5VPKvniiw0/HiJNbNG0ZHDCU= +MIID/jCCAeagAwIBAgIJAJ1b1eCyPY+mMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzA2MzgxN1oXDTQ5MDUxMDA2MzgxN1owJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCfjMe1lMPoIZRReukG92h6ixX3rgOTVVquHOWmnu6S7o9Xl4j5uoT8T4P1 +JoCv3B8FfaG7G425Hrdx3Sfp9tNW0Y/lbku4dNSE8izFG4VPrT1vk41M1InvQ8y3 +miq6VmfqqXjK7DPi90HhLh0NuG7LoE4WtWnq6nNg2RSA2osPmPJ/YnxIxqcC56kv +gs56ChH/dmWnreZmTralSbiSZdx5fSIQ4BtFHVMM8LcEL10CezuzsC1P0K43DSEv +ShgfDq51LwFHGyFbx0jEABu4tqXtLLDJFw7YdTRjDtHB3LuXRCBtBFoMfcq6GgXE +L6QE/TTMmet4XrYHJ63nWu62EDnFAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAAD6aGC0eqPqhoOx36g6 +Ckb+BO1/GIJRv6cPJrtzih7pLxAcxyFj0vqM5SWAXxUlsnRIZ68PAEe3/b0WyHh5 +KZ5jqZMCGOOHpe9ZecqGT49QNY1g4f+PWaDMUMhJidm8xHE5snBKXaTzvnbTtvul +CQ+4wcCTdzEq3xzPjuz8M4+Kq2Z95WO1ZmXbMOLyVGJaB7wjl2n5JPVs8bBxaQZi +Q9PHzor/Dafhlea2eqZP4bBFz6hSrZ8ye+18WwiebL6dzFS2z3sMu9yrBmmvi4SZ +hogQT/3bk9eTia0fq6LqFi56GfGloov2pushFKxpxRXnmWS1FJkukld2I/uoxeeU +kSbYk9H0Nq/KyuXgm+6frzXZqeGU7hTn3wreYwiiqpyZs9kUadaR6Q/zSio/C9D3 +Y9negp5LscHhkm6WTj12ZcBicaUJ7dToVXbttj3Me5Uf/QFtba+x4DTGPEUEsNdD +z/9y8MzuGg7/+qoSdQaXGYBOdeWeID8PS5vnwVzutn4KI2GxVLpsEL3I1a2ZVkG/ +ZvKivpyjDT3MCaAAxC7BfspsZuV6cJJfaNn5ozu1fJlgyGgWNj6MfCr67SLkXGIT +29orZbdk2FObZcF5WHa9Fqn3RbTQh+rV7tpv1loxhdZuGNKepDzkSXNN/CDyvb0Q +y49H/UmwxcGoBxxMep6YXgKm -----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl b/apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl index 8f1f12690..5f1e630c8 100644 --- a/apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl @@ -22,7 +22,6 @@ -include("emqx_authn.hrl"). -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --include_lib("epgsql/include/epgsql.hrl"). -include_lib("emqx/include/emqx_placeholder.hrl"). -define(PGSQL_HOST, "pgsql"). diff --git a/apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl b/apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl new file mode 100644 index 000000000..34f25f3ea --- /dev/null +++ b/apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl @@ -0,0 +1,156 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- + +-module(emqx_authn_pgsql_tls_SUITE). + +-compile(nowarn_export_all). +-compile(export_all). + +-include("emqx_authn.hrl"). +-include_lib("eunit/include/eunit.hrl"). +-include_lib("common_test/include/ct.hrl"). + +-define(PGSQL_HOST, "pgsql-tls"). +-define(PGSQL_PORT, 5432). + +-define(PATH, [authentication]). + +all() -> + emqx_common_test_helpers:all(?MODULE). + +groups() -> + []. + +init_per_testcase(_, Config) -> + {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000), + emqx_authentication:initialize_authentication(?GLOBAL, []), + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + Config. + +init_per_suite(Config) -> + _ = application:load(emqx_conf), + case emqx_authn_test_lib:is_tcp_server_available(?PGSQL_HOST, ?PGSQL_PORT) of + true -> + ok = emqx_common_test_helpers:start_apps([emqx_authn]), + ok = start_apps([emqx_resource, emqx_connector]), + Config; + false -> + {skip, no_pgsql_tls} + end. + +end_per_suite(_Config) -> + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + ok = stop_apps([emqx_resource, emqx_connector]), + ok = emqx_common_test_helpers:stop_apps([emqx_authn]). + +%%------------------------------------------------------------------------------ +%% Tests +%%------------------------------------------------------------------------------ + +t_create(_Config) -> + %% openssl s_client -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384 \ + %% -starttls postgres -connect pgsql-tls:5432 \ + %% -cert pgsql-tls-client.crt -key pgsql-tls-client.key -CAfile pgsql-tls-ca.crt + ?assertMatch( + {ok, _}, + create_pgsql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"pgsql-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.2">>], + <<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]})). + +t_create_invalid(_Config) -> + + %% invalid server_name + ?assertMatch( + {error, _}, + create_pgsql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"pgsql-tls-unknown-host">>, + <<"verify">> => <<"verify_peer">>})), + + %% invalid server_name + ?assertMatch( + {error, _}, + create_pgsql_auth_with_ssl_opts( + #{<<"verify">> => <<"verify_peer">>})), + + %% incompatible versions + ?assertMatch( + {error, _}, + create_pgsql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"pgsql-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.1">>]})), + + %% incompatible ciphers + ?assertMatch( + {error, _}, + create_pgsql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"pgsql-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.2">>], + <<"ciphers">> => [<<"ECDHE-ECDSA-AES128-GCM-SHA256">>]})). + +%%------------------------------------------------------------------------------ +%% Helpers +%%------------------------------------------------------------------------------ + +create_pgsql_auth_with_ssl_opts(SpecificSSLOpts) -> + AuthConfig = raw_pgsql_auth_config(SpecificSSLOpts), + emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, AuthConfig}). + +raw_pgsql_auth_config(SpecificSSLOpts) -> + SSLOpts = maps:merge( + client_ssl_opts(), + #{enable => <<"true">>}), + #{ + mechanism => <<"password-based">>, + password_hash_algorithm => #{name => <<"plain">>, + salt_position => <<"suffix">>}, + enable => <<"true">>, + + backend => <<"postgresql">>, + database => <<"mqtt">>, + username => <<"root">>, + password => <<"public">>, + + query => <<"SELECT password_hash, salt, is_superuser_str as is_superuser + FROM users where username = ${username} LIMIT 1">>, + server => pgsql_server(), + ssl => maps:merge(SSLOpts, SpecificSSLOpts) + }. + +pgsql_server() -> + iolist_to_binary( + io_lib:format( + "~s:~b", + [?PGSQL_HOST, ?PGSQL_PORT])). + +start_apps(Apps) -> + lists:foreach(fun application:ensure_all_started/1, Apps). + +stop_apps(Apps) -> + lists:foreach(fun application:stop/1, Apps). + +client_ssl_opts() -> + Dir = code:lib_dir(emqx_authn, test), + #{keyfile => filename:join([Dir, <<"data/certs">>, "pgsql-tls-client.key"]), + certfile => filename:join([Dir, <<"data/certs">>, "pgsql-tls-client.crt"]), + cacertfile => filename:join([Dir, <<"data/certs">>, "pgsql-tls-ca.crt"])}. diff --git a/apps/emqx_connector/src/emqx_connector_pgsql.erl b/apps/emqx_connector/src/emqx_connector_pgsql.erl index f42bed666..2f201ac94 100644 --- a/apps/emqx_connector/src/emqx_connector_pgsql.erl +++ b/apps/emqx_connector/src/emqx_connector_pgsql.erl @@ -59,10 +59,12 @@ on_start(InstId, #{server := {Host, Port}, ?SLOG(info, #{msg => "starting postgresql connector", connector => InstId, config => Config}), SslOpts = case maps:get(enable, SSL) of - true -> - [{ssl, [{server_name_indication, disable} | - emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)]}]; - false -> [] + true -> + [{ssl, true}, + {ssl_opts, + emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)}]; + false -> + [{ssl, false}] end, Options = [{host, Host}, {port, Port},