From 520629d6e2b7e3fa88d765bba8dc5527a5cd29c4 Mon Sep 17 00:00:00 2001 From: Ilya Averyanov Date: Wed, 22 Dec 2021 16:10:01 +0300 Subject: [PATCH 1/8] chore(authn): test Redis authn via ssl connection --- .ci/docker-compose-file/Makefile.local | 2 + .../docker-compose-redis-single-tls.yaml | 16 +- .ci/docker-compose-file/redis/certs/ca.crt | 29 ++++ .ci/docker-compose-file/redis/certs/ca.key | 51 ++++++ .../redis/certs/client.crt | 24 +++ .../redis/certs/client.key | 27 ++++ .../redis/certs/server.crt | 24 +++ .../redis/certs/server.key | 27 ++++ .github/workflows/run_test_cases.yaml | 1 + apps/emqx_authn/test/data/certs/cacert.pem | 20 --- apps/emqx_authn/test/data/certs/cert.pem | 19 --- .../test/data/certs/client-cert.pem | 19 --- .../emqx_authn/test/data/certs/client-key.pem | 27 ---- apps/emqx_authn/test/data/certs/key.pem | 27 ---- .../test/data/certs/redis-tls-ca.crt | 29 ++++ .../test/data/certs/redis-tls-client.crt | 24 +++ .../test/data/certs/redis-tls-client.key | 27 ++++ .../test/emqx_authn_redis_SUITE.erl | 2 +- .../test/emqx_authn_redis_tls_SUITE.erl | 153 ++++++++++++++++++ .../src/emqx_plugin_libs_ssl.erl | 2 +- 20 files changed, 430 insertions(+), 120 deletions(-) create mode 100644 .ci/docker-compose-file/redis/certs/ca.crt create mode 100644 .ci/docker-compose-file/redis/certs/ca.key create mode 100644 .ci/docker-compose-file/redis/certs/client.crt create mode 100644 .ci/docker-compose-file/redis/certs/client.key create mode 100644 .ci/docker-compose-file/redis/certs/server.crt create mode 100644 .ci/docker-compose-file/redis/certs/server.key delete mode 100644 apps/emqx_authn/test/data/certs/cacert.pem delete mode 100644 apps/emqx_authn/test/data/certs/cert.pem delete mode 100644 apps/emqx_authn/test/data/certs/client-cert.pem delete mode 100644 apps/emqx_authn/test/data/certs/client-key.pem delete mode 100644 apps/emqx_authn/test/data/certs/key.pem create mode 100644 apps/emqx_authn/test/data/certs/redis-tls-ca.crt create mode 100644 apps/emqx_authn/test/data/certs/redis-tls-client.crt create mode 100644 apps/emqx_authn/test/data/certs/redis-tls-client.key create mode 100644 apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl diff --git a/.ci/docker-compose-file/Makefile.local b/.ci/docker-compose-file/Makefile.local index 14e4c95f7..1422bd3a9 100644 --- a/.ci/docker-compose-file/Makefile.local +++ b/.ci/docker-compose-file/Makefile.local @@ -22,6 +22,7 @@ up: -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \ up -d --build down: @@ -31,6 +32,7 @@ down: -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \ down ct: diff --git a/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml b/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml index bb6c3ff15..7e521a05c 100644 --- a/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml +++ b/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml @@ -1,13 +1,15 @@ version: '3.9' services: - redis_server: - container_name: redis + redis_server_tls: + container_name: redis-tls image: redis:${REDIS_TAG} volumes: - - ../../apps/emqx/etc/certs/cacert.pem:/etc/certs/ca.crt - - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/redis.crt - - ../../apps/emqx/etc/certs/key.pem:/etc/certs/redis.key + - ./redis/certs/server.crt:/etc/certs/redis.crt + - ./redis/certs/server.key:/etc/certs/redis.key + - ./redis/certs/ca.crt:/etc/certs/ca.crt + ports: + - "6380:6380" command: - redis-server - "--bind 0.0.0.0 ::" @@ -16,6 +18,8 @@ services: - --tls-cert-file /etc/certs/redis.crt - --tls-key-file /etc/certs/redis.key - --tls-ca-cert-file /etc/certs/ca.crt + - --tls-protocols "TLSv1.3" + - --tls-ciphersuites "TLS_CHACHA20_POLY1305_SHA256" restart: always networks: - - emqx_bridge + emqx_bridge: diff --git a/.ci/docker-compose-file/redis/certs/ca.crt b/.ci/docker-compose-file/redis/certs/ca.crt new file mode 100644 index 000000000..3add4693a --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5jCCAs4CCQCRt9xE7Dmf4DANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS +ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEx +MjIyMTU1OTQ5WhcNMzExMjIwMTU1OTQ5WjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0 +MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDdu/EP7YZCG2k5rkNwfjy8/X3xaVZ/B7X84BbceT0q +XFxzcCuIBCRNn8q1K4JBdg/xQpekjdzhqeXVDokDjOQ/LxQJGPTrQIArpznwbbzD +yC2YJ1lmkgzF2cZd1CZ2KNqfWgxgcyQ86Y5bVzQn5fIq6u801O9/fY5kCncVf3/0 +Eb9CClahHhBOzTC/9V89SYIRkDgg8x9PVyUqjKP7N/70YE9/WYSx0D2AOXRpPjnf +XKuBM7gfOFCr/euXApVUIk/SbhcaSHJ2ns7OTiUl50+copsfNeMYRjq0hMapiwvg +UwBSgMQHqLUDo+roqzhoAMOKwOEmEcyed7HEE4HUjdkBuqi1Glr4n5KoIrUDj3co +/XSFAMIr9XCqf2I+KeNnNWKt43Q6C/SkeR76pCzptcJsQzGePVaT7zsB+DrZMW1O +x9snhvLR8l5+ocjZMqNCntBBf+8yhdw1cznTwfNAW5J5RHPvbkuqbxG84uwaqJki ++lzPJMD24Wu/R9i2nmKo/KDmKBFDfOA7SGexGDtoaFmgSn7TVosK1UA+I1QdHECs +/ecVvIS3QOIOXDvRIecutPKNxmXZxB2XBOjS6/y+QuXAWTZM7vd97cLMlM7e1jmf +weA83Wz9IGH+Ip73kLE4QKtK9fqhQqUj1pAEAR5lTLR3uY7tQyaPD/8podWgOwBg +VwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQDXHBBaJFIiHBJtutL1WiEwoEBLBZrl +4ojxJ+Lf1tmfc3LM8F7AhJljBIP0vBt1nHX7Q5gWHBm3/3OMwrTUcFBANTbuxpPZ +KEJaXUGY9f6/hpJXVAKXlbhLTNNQa0CmXicKpZGuyC4eUjLKssFS3ix0iUFTAOWX +RJliXCwcERH9jbC+d5n3VeCtwak0uYyqah3jCssXB5fqMRn3411TwfaSKNWjvdaW +whtQD1NvY6cbsG0+kd2lrOMTRTYMC+Jm3T6p3Mn4aGikfb0Hv7fcSOgRWDzMjWcO +JEQMKG1jlajyUOqsXnaW9zSoiJhJcZNR6n96KUuj9EBqNQhbP8wdqmd33ulqj4H5 +Ocg/RtFhYog5kwCrLAQTvKcdA7MVtjsH4tCb86L69jxKWnecSNuE987nPituwJXh +AVgmEJl3nN5yuSqxWFNxlsZvTAsuhlaucYYBofAF+qB8Jvy3GGMMC76Fc5TR0BAD +wiRAYJ+M19HWaZfyEZbH+uKMfYPhjlQaUyJ1Hg/hhkpp5ro3V7q8B0osJV1SYIcB +LaLeEcg7ZhprHbnit244VN0rUpxsvgNyNJ93v38iRUd0/+s5bRhSIIxTqqtj7fwZ +/WYkWUo5NZR2kBWrE7gFLQJbhVie+WCCZ7wToYmFIo55WUKcg54VszdbuNVikcsk +UElFARdXALiZWg== +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/redis/certs/ca.key b/.ci/docker-compose-file/redis/certs/ca.key new file mode 100644 index 000000000..6d6e27c38 --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/ca.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEA3bvxD+2GQhtpOa5DcH48vP198WlWfwe1/OAW3Hk9Klxcc3Ar +iAQkTZ/KtSuCQXYP8UKXpI3c4anl1Q6JA4zkPy8UCRj060CAK6c58G28w8gtmCdZ +ZpIMxdnGXdQmdijan1oMYHMkPOmOW1c0J+XyKurvNNTvf32OZAp3FX9/9BG/QgpW +oR4QTs0wv/VfPUmCEZA4IPMfT1clKoyj+zf+9GBPf1mEsdA9gDl0aT4531yrgTO4 +HzhQq/3rlwKVVCJP0m4XGkhydp7Ozk4lJedPnKKbHzXjGEY6tITGqYsL4FMAUoDE +B6i1A6Pq6Ks4aADDisDhJhHMnnexxBOB1I3ZAbqotRpa+J+SqCK1A493KP10hQDC +K/Vwqn9iPinjZzVireN0Ogv0pHke+qQs6bXCbEMxnj1Wk+87Afg62TFtTsfbJ4by +0fJefqHI2TKjQp7QQX/vMoXcNXM508HzQFuSeURz725Lqm8RvOLsGqiZIvpczyTA +9uFrv0fYtp5iqPyg5igRQ3zgO0hnsRg7aGhZoEp+01aLCtVAPiNUHRxArP3nFbyE +t0DiDlw70SHnLrTyjcZl2cQdlwTo0uv8vkLlwFk2TO73fe3CzJTO3tY5n8HgPN1s +/SBh/iKe95CxOECrSvX6oUKlI9aQBAEeZUy0d7mO7UMmjw//KaHVoDsAYFcCAwEA +AQKCAgEAnVNQg2Cgth8E1ixTJWosZlvmFHgNKyypb7cAAYb0Yy4NWsrn2CY4K+uI +xGsOjKvcO+5n8hXF90e5Dya1CJPbDwm0SZAvlwu45UBN183E9ZT+5MpmoGRYM7mF +CeYRNB1goVgfGAAaYi3FGAITu4tn/BOdjfrXw7muYkUaoWJJwz8kWRNEzCSspXzp +bgoHfVC+vP97E8XtHTpT4JDReNoOSA5d2ZoGkLOUL3qUomfIYDc8aPvtVBl9A8uy +cP8gPQXrZP8/3SIyNQAQ9Eh2CyLIVfb54Xc2nm6WEKd03a8OyieaPu+mJ1kItoCD +mHqEFycTl0urdHuEl5uNwfWlVM8gfMrKeI7qLFIRNInuQrl3aEP1wfLdBowxTdIA +GOk7Ab8ObE1zW52jjUVE08/UZeFoMfqn7jL4ViiARk01UsDKuwXj4M1HQnrrfePn +2Y4G7fiDgdwU+GjvUS+cg9f/cI6ADKi6nxhwAUIyyVY0+OvN76BiNGyKeGE5IjL+ +MLIOY5PKs/YakGBhYfAOAlqlO0LCRPPqkVqoD6ekvQBgopmE2tNhVqlB1WA2sU5I +Ef8RxAWS1WIjGlA0131U5Z4Z0oyIEyG2Zs5i32RFjUmpKevyEV/aLICHvis1rDdD +pdX+ici7ZwSVZZHtkDyu7mH4kmkhKp77oKMcHiRdDzxGvIBM7kECggEBAP4siFF6 +qBej5A4CRld+7BY+I4HjKWRy3lNwFaPECaGsrWnyp+7eoQimNZshXBN6lV5MNbIb +b5JgiASA9Wny6JztBk1OVvxFGRrDK1HysHa6XRwA3JnsfYQV0Jzlf+KeDcA9ldBc +yWZ1X3lHt1AKrpAinAsobnMCIy5v00H2ccS3mlOpfli/l79RO5Dc8pG7Ht4PZuvr +ROamNi7DAk1qpA1fkblPyoH8GlGsWmeLtuC7533QtcXrSczArpbM+/sBb2eHojbe +bo4mdDapeXBHqbc36JJ/6p4MNvBQUVa19OIGWms+xV6iXYkg1MsahT4rhfH5XaE1 +P6RHm5U3uwkN+A8CggEBAN9Tvz34t/b06ujWhT3Qz1PgnlwPj0bvE3srMzJw9fn6 +Vo6xVFwduhpsFE8jb+q98bNb96rtk3qGZ6TegwFMZa4Hv3zDgov3eqCaAg46P9fg +A7UK6rXgBwqR8lbqEu6tq2WErniRTOIBwSSBARqM2a3YZczmqQC3EAUPSMps2Gdg +i0Tr3QpPANrPUP3TL5FaZQacRjl23dO2FTpo9xPEMhMO5IS8CMSOshp/FAhFTCRV +geYOQaNAmGOJe5ZlM5ctRnlZLTE0+Tl8flZQoGjlZs2dzRDU/OlrKgYcXkBMsy1J +nijYkCmU4BlskaoHuhUT4ScOnYj88+WQ/1ezAneMizkCggEBAPDs81YQZs7pud0R +iO2c0FoREoUm9vBQ9a6vWsO9qceHL2Vy7n28p3XUXpGqYGXSV01n/anS2cItICDs +wDNqXdWJ0uRqMoezU6WLhD+MRHp2EpXdtz1r7lnKd9CQtdTwLmafuacknH8zGImU +Ug1b4rWbKMBm1bLMPt7gfqZS3OozguR0j9+91DAz5rtcw80hSpQAk3VisA/VUxym +GkOZpuFKSo4WNQVbGvN55MOrqnCBjF80+2gcq/qaVaN5sAvwA1JmPXu3AaJajuPV +ZtfoBdY294wOFi0ztMu7xi3kEbhBf2mSuXEHhJPb+/h9LfmNNcz0qyyIlce5XJ9n +kTF2/T8CggEARmRORklMKxIdrRBY5RgZEXYeVCQvZAtdV5hRRdfnIEjw2X85eOOB +0mw4po0j7Ji8Q218jireLmOI7aWZI2KiNg2JJNk3H8j8pPyGI1fm4bNhV8I+It+f +OIyyFwUmvIaPHKuKlsQtuJsW9tuWrniw8CPiSoh1wpzw9rdPmUZfm44Jt8qkXGh0 +e4OXIrpbJvSYHVJKrDg0SVP+Mu/82QUhR3KNQu1F0jasGr/tX4IAMv+ktw/NTpjA +r7cY9lmlvkPuD7e1D+qDl8QOykQVm5qbIbpYdbK8mRJHJ6/vYVMLsv2eVX+VSRX8 +4OagrzhKRfSDJl1r+E7KzZQ7d7gb0fTBuQKCAQA8+59lX2HcJicx/YEs7aBbLb2d +tqIrMG/cj96DLIRFXeAoOjCD8X2xZYNAA5WqY1TiziTLDFbBsqAMig8KwMYNb8br +fWfvUpuW2cGFbiw5VmGbJOnf8OOqYwsKZ02RPQuJGDBVBHDYurS1/WEg772+HbL5 +sO4rdsaSBcZSk9pt1+ERsxuDDCfzQkG2mz9pBjJua7b0N6U7CfJQvM8nsxef5y78 +xEkd+PuVfmerHl3TYLdOsvhIzi81lXaqodhbReBqtXkbxeMPd18wgMx4Aav1OX3q +C+z1y2JsaF9ZiAU7uMkoWzBrccF6b2lIZmZ6MKxEHl9QTcEfsPElaXEXqKXS +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/redis/certs/client.crt b/.ci/docker-compose-file/redis/certs/client.crt new file mode 100644 index 000000000..617add4f5 --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEADCCAeigAwIBAgIJAJ1b1eCyPY+kMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV +BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe +Fw0yMTEyMjIxNTU5NTBaFw0yMjEyMjIxNTU5NTBaMCYxEzARBgNVBAoMClJlZGlz +IFRlc3QxDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAJ+Mx7WUw+ghlFF66Qb3aHqLFfeuA5NVWq4c5aae7pLuj1eXiPm6hPxP +g/UmgK/cHwV9obsbjbket3HdJ+n201bRj+VuS7h01ITyLMUbhU+tPW+TjUzUie9D +zLeaKrpWZ+qpeMrsM+L3QeEuHQ24bsugTha1aerqc2DZFIDaiw+Y8n9ifEjGpwLn +qS+CznoKEf92Zaet5mZOtqVJuJJl3Hl9IhDgG0UdUwzwtwQvXQJ7O7OwLU/QrjcN +IS9KGB8OrnUvAUcbIVvHSMQAG7i2pe0ssMkXDth1NGMO0cHcu5dEIG0EWgx9yroa +BcQvpAT9NMyZ63hetgcnreda7rYQOcUCAwEAAaMiMCAwCwYDVR0PBAQDAgWgMBEG +CWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEArJIy30EAIqJEaDkT +nkOxHY8L3xTMgsKacLbCc/Of+rkbHFHrM3ffr4f0IybhZWiNN0fgNJKgCAgkfqMY +zoS/RTn/suCgHAarIPOchf99Es4QPCyIF1B/J0V9LXNmQuCSOBWBj0xvkv6YHtKc +frFl6ByRHNIymtRvldWxOZ7sw/5ZiEuJ/k3kRdol9fPLQu3gIH9rOvwuYGjHDsmr +mR4AfMUGTtHSGQVNus2M1Vu6xGfaKa0X0jDUtnSe5EYXdQHeMgB62CEy6hsT/cnn +HJkDwTXNhmazsvcmMeCJiS/HvDnhjkyeBgC/mU823Akq2ijaGYfeJYRQ/jHXyG5z +odBHAqIRMQ916Ozsv6ZDv05r3lxJksPV+9BOKPvDF6psd6VFqQG/HslGS7Hd7Oq5 +MLzh7kW8E3L9EmM1WrwCiSFJ/kkBbfCqc6ysO1EmKKqQOWCUtzfRUr4GBp0Qp4Q3 +oKwCFiDpIp3rpK5/MHBtqWzp86DUrRAFgd8XkqUw9nYleP/6WANG9cU1eg+uAsCT +y8OfNqYNaErTgO8mUdUnIyiZByHBuvMkkfrwXE+w6KM6ZT7Q0YowI5uIwP53aU8J +nUtryOYH1CzmI6/kzCE89M8cmK+2sRbJTwEi56OytVxqaVqwFT8NR9uUa6gxo0Rr +R5q5VPKvniiw0/HiJNbNG0ZHDCU= +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/redis/certs/client.key b/.ci/docker-compose-file/redis/certs/client.key new file mode 100644 index 000000000..e62e336c5 --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAn4zHtZTD6CGUUXrpBvdoeosV964Dk1Varhzlpp7uku6PV5eI ++bqE/E+D9SaAr9wfBX2huxuNuR63cd0n6fbTVtGP5W5LuHTUhPIsxRuFT609b5ON +TNSJ70PMt5oqulZn6ql4yuwz4vdB4S4dDbhuy6BOFrVp6upzYNkUgNqLD5jyf2J8 +SManAuepL4LOegoR/3Zlp63mZk62pUm4kmXceX0iEOAbRR1TDPC3BC9dAns7s7At +T9CuNw0hL0oYHw6udS8BRxshW8dIxAAbuLal7SywyRcO2HU0Yw7Rwdy7l0QgbQRa +DH3KuhoFxC+kBP00zJnreF62Byet51ruthA5xQIDAQABAoIBACmYjGB8vm6AgqiT +gLk+O1Dnffyqs2fv8so94mmEOfK4m0pcyWtCA3W8TUzWkupGWxgVXtrnHhXLOkxH +Oia3IPYbgIZyMO+QFe/rK1zgBet14PR75XTIXIWyiWa8nLMj38fAEyvkVMqxZ82L +Nivjj48q5fDprwl9wkLXlY7aazLPZdMa3MCWzB8tzb1OmaKKvOQTnp3AV9+vuSRm +6RlXd/HLQHTrsIOFd3RQ1HXY+I9xHQTtBdFamQL7VUhrFmoGsa+ogC+Zubz90P1U +O2brliKc3lTQr3MJtZVERy2n8MV3ZyVr2b7rcCGx/QqprXKwlIKWcH2SwCSOW+HD +RGWMSYECgYEAzgfiL9Sd0ut8K/vlsWBnEovpfpXzTusLClWVP526Pcu0UYHs1PkE +dScw1eck3vl7ce4V5t5rubZHmlYgMd1cb1hyGDhqs9x2YaZxxf0vT/RYKr9EaIRb +QgAb60OzLjPQ4Fq6TlUXkICT05sqCAXnXmfOOaPMlGb9buz13ExfE3UCgYEAxj75 +ksrT++MCp2/mfIZgwFxRredIVjcJpXoqhCjF2dAbjBVYidKVx9iAEesBlhd6SFFk +xk1tyiMnCEaBFpM/TRI3kFONb/Gc/KTVnPl70CP/CAGBzB6vOnhga2xYgLEW8hZh +MSmVDHMWUlWCvvYYVi5z98VcBFRIkKnrMpWNUxECgYA+2xTcdsc3g/Q8DvuCY+DO +PbUck27JUtfpbTa9U8dv9ueqPjMcvmPnwe8aMwyCoiZRGcvAxXakD8JEiaYE0H3U +0mzsirmy6b2MCRWIy7dVczw6vmOGZ2rX9eSOn/bYT6KX79YK89belPuEgUAPdo2h +tZWq7BgL5mfHIa/YZ8xRyQKBgQCEpNpEV6Xi4Y+DDKJBK4BM9PhJzXhfB1BTAhy0 +dLt883ubDSVCgj5piviWBJH5JRhSjvNIo8IT/9U7+kChJEC0hr3auazm+9i4SmoL +L/qh15PqfWelddp02tpYxhOpd9QMguDhDhuGSvLigAiNUQgTkd1SKSFaXDJ5aNfP +7rSyoQKBgF9MOs30XLuPLOX+PkvexXOMql9uKe/1LEzeJ/gulI6K0HrjRWZrD3xU +eqEAt8sEpd9doepT6JwLo9xBEgniEjwmI1SoJgV02Hq7KLh5k8BK7U5NyJMtRPnU +l+OLhG+ufeyWGllKpaDkeBn3LvQH0LrChsin3uzGbjpi6UUb5fTM +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/redis/certs/server.crt b/.ci/docker-compose-file/redis/certs/server.crt new file mode 100644 index 000000000..092209bfc --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/server.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEAzCCAeugAwIBAgIJAJ1b1eCyPY+jMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV +BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe +Fw0yMTEyMjIxNTU5NDlaFw0yMjEyMjIxNTU5NDlaMCkxEzARBgNVBAoMClJlZGlz +IFRlc3QxEjAQBgNVBAMMCXJlZGlzLXRsczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALteJrJx6zRKM2Yky5HKKS9VxgOieD/W48xR/G4rY/ecltHGtH6d +kER04+UdbHJ9XB0vhc7uU8yF94D4JChT6AtYqNGtFIlsrYGs9XrIBWJDYYQBr7Vh +m63FmOTp8Q/1ij8kVLcWjM92ZfL5TV5JLSl/qirVQyxp3ioudsKG+D2/kr4uyh1D +gqgnmdio5XZ5RCIPqb58ECK87vXYewUTn1I7f/g2uok1HGFAQVDX29vUX0pY9msu +6RXogtjmbGGc40kNYCwX8FlXfyDhvwl8PLxOrNw38a/VJMa8q5E0l11z16v3Fc3I +ixzwwQ9+T43Bg4W0OIFOlDFekRAx8S5NsAcCAwEAAaMiMCAwCwYDVR0PBAQDAgWg +MBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQsFAAOCAgEAhQ+gAOf6n8xA +S/N1Bt6T3B0smlODozPoZeAUuiIhZyKN3ZzJHAj41JB+Zs7PTwdQQC5MI/o10Bh+ +RmOvejTBpxSrB1OucdUvS0xOz2XASLRlnoL8MDX9dSw40QJsSOXfUZ6tJXwqN8wo +hAp1j5ogigmVSHzyxiKwfx0ULH+DWp9GuPyyfaJKeAPcbWejg2us+1sGLwbcg9+j +9QL3IaEF+Uv5BeFmWKe48irgBknJh1vesPQ4wzd63/ko96yLFFy7/celZP46YqyF +nulgqHc5HwlfxnLLjvP14han8FjEkfcLUyLwp+BNh5OcDahPVYFaQLBFygVujs+D +005Hqm1GdsNf7ImubNIgIjETlOO7jmAtMJnaQasFbSk4vf9BaUulb0RoqQs5Vjbm +T3jVfhRvKi+cATEM64zzVSNjVi5Nxa1urrYLAqv5VQCWl3stJl+2qCA1mgQ+J02k +8KIY8lfP6YcXEzuimecvhOzKhB1ccD7kWJqk4ErHpkTB+m7JqkH7+9DA7wN+0m1Q +bvAOlNV7inEyT3q9Wx+mQOVuipvk96iu/2Y1eMiyDuziFqJKgEwdr8ECldeLsVXY +FkWe+BLwMzc5IW+WZmVPIyyv7MefZhGic9SBPtjk/TejqBASp5er5iFI75LCshwJ +65Ph7RUKOkxNlslxjzZkVYpCP+NY+yU= +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/redis/certs/server.key b/.ci/docker-compose-file/redis/certs/server.key new file mode 100644 index 000000000..29ce58118 --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAu14msnHrNEozZiTLkcopL1XGA6J4P9bjzFH8bitj95yW0ca0 +fp2QRHTj5R1scn1cHS+Fzu5TzIX3gPgkKFPoC1io0a0UiWytgaz1esgFYkNhhAGv +tWGbrcWY5OnxD/WKPyRUtxaMz3Zl8vlNXkktKX+qKtVDLGneKi52wob4Pb+Svi7K +HUOCqCeZ2KjldnlEIg+pvnwQIrzu9dh7BROfUjt/+Da6iTUcYUBBUNfb29RfSlj2 +ay7pFeiC2OZsYZzjSQ1gLBfwWVd/IOG/CXw8vE6s3Dfxr9UkxryrkTSXXXPXq/cV +zciLHPDBD35PjcGDhbQ4gU6UMV6REDHxLk2wBwIDAQABAoIBAQCKv47iZ6+n+iaT +xj2lSVI0Rk0rFd38UFJCVJgcsS8HBsM8tuukM2PI/dJhMOfE5IYY6r8o3J3bf30n +2RlVb8UO2emx03y4w2y88WqbMJGkEYed7G3EYHKbPQ8avQ6RJd/pICtHpYBChUe7 +pNehMYkrCOnnbCOhOQiWre+t36rmdbmD8ZAR4k85iu03lSX53ONJBC1Ivat1J43e +8xfLhQNGaIdidFSzitExTx3TnPhiF9cIs0G4Nkh14E0cEqWLwP7FrRr+FoBr0tbG +bJ0wvrBbNCIkWGOm694vPZzhkz6wEm5VnsE7DCZ8g2YZ9Sq9iEV00HGDaE4r0rhp +cN4YLmqZAoGBANs3LGN4ADuZbv42e6DzQpI+WVCeE097SU7VwW7KmqBgPpqZWpgj +rjiXHKwB2BHNH/TnN7TNC4OrSznkJaa71urebkW86BQfQQgevtTKZDbEqsQaQYNS +9PGWbWTaMuoiQzc7KshHwrp7ZUXIPlSRhG+KzQgM2yo+NUG7Sv+NOmpLAoGBANrO +5XkQPMSGDmFfuzQtBsgOMycOkyF0x7gU5ujfTQkIuVyMWPif7Gh92Gim7HDQpLjK +qmipIEO5bdo6HXCLUQLB1rFXA69VymLPHrkz/ZsN/N6yHSDcdX3p2lRNXoEewzCb +A2PlUC3F6pt24FSwGtEuvacBa5qVoEJpkWmbu/u1AoGAYSBP9X5ctAtmRxICsqw1 +SbCASBzRt3yLXXeN7bWszvP1qO/bWN8uOPqTBI8ImdKFny+22c+jk2IYwXyZRgeh +0Ixe1V0+gnPaj2t357YIss9uTdbIQhRGXKfmrjGTL3Ogzl7TtMs+tvsnQsTXAQc8 +Y2NfNnrjvBK16/q83v9G64MCgYA6+YjgGIBId9loZWUPqxMo2Krw2/zMB63M79VM +7uLUjIVpbGqOmIwfncu2aUdRIOtE41sK2orXtiLlrsRAkUxEcfpr0ggsOfNSroCZ +amnwYNTHMTqooMMKLP2ruy69noz9jMpdInF55N5XCLNuIAkaWH7FhJx8DdgkDlAj +JtaEAQKBgDrtbLhP8+4+N9QVH+KGl/mBR8mEKKkQ1nboovsvu+HAjhUey7LYgZUW +HVY3HPqYlpHDDHWBd2w3yhHpR9zL0153LugPkNdm55463B+TwUK+MQmPc/elmrxk +NpXRGwsDfVnT8N7uTkamjhpBTFUN2FpRojgin+kEMYuEqUQggHfM +-----END RSA PRIVATE KEY----- diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml index bb0fb1c82..adcf6be0e 100644 --- a/.github/workflows/run_test_cases.yaml +++ b/.github/workflows/run_test_cases.yaml @@ -66,6 +66,7 @@ jobs: -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \ -f .ci/docker-compose-file/docker-compose.yaml \ up -d --build - name: run eunit diff --git a/apps/emqx_authn/test/data/certs/cacert.pem b/apps/emqx_authn/test/data/certs/cacert.pem deleted file mode 100644 index 604fd2362..000000000 --- a/apps/emqx_authn/test/data/certs/cacert.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDUTCCAjmgAwIBAgIJAPPYCjTmxdt/MA0GCSqGSIb3DQEBCwUAMD8xCzAJBgNV -BAYTAkNOMREwDwYDVQQIDAhoYW5nemhvdTEMMAoGA1UECgwDRU1RMQ8wDQYDVQQD -DAZSb290Q0EwHhcNMjAwNTA4MDgwNjUyWhcNMzAwNTA2MDgwNjUyWjA/MQswCQYD -VQQGEwJDTjERMA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UE -AwwGUm9vdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcgVLex1 -EZ9ON64EX8v+wcSjzOZpiEOsAOuSXOEN3wb8FKUxCdsGrsJYB7a5VM/Jot25Mod2 -juS3OBMg6r85k2TWjdxUoUs+HiUB/pP/ARaaW6VntpAEokpij/przWMPgJnBF3Ur -MjtbLayH9hGmpQrI5c2vmHQ2reRZnSFbY+2b8SXZ+3lZZgz9+BaQYWdQWfaUWEHZ -uDaNiViVO0OT8DRjCuiDp3yYDj3iLWbTA/gDL6Tf5XuHuEwcOQUrd+h0hyIphO8D -tsrsHZ14j4AWYLk1CPA6pq1HIUvEl2rANx2lVUNv+nt64K/Mr3RnVQd9s8bK+TXQ -KGHd2Lv/PALYuwIDAQABo1AwTjAdBgNVHQ4EFgQUGBmW+iDzxctWAWxmhgdlE8Pj -EbQwHwYDVR0jBBgwFoAUGBmW+iDzxctWAWxmhgdlE8PjEbQwDAYDVR0TBAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAGbhRUjpIred4cFAFJ7bbYD9hKu/yzWPWkMRa -ErlCKHmuYsYk+5d16JQhJaFy6MGXfLgo3KV2itl0d+OWNH0U9ULXcglTxy6+njo5 -CFqdUBPwN1jxhzo9yteDMKF4+AHIxbvCAJa17qcwUKR5MKNvv09C6pvQDJLzid7y -E2dkgSuggik3oa0427KvctFf8uhOV94RvEDyqvT5+pgNYZ2Yfga9pD/jjpoHEUlo -88IGU8/wJCx3Ds2yc8+oBg/ynxG8f/HmCC1ET6EHHoe2jlo8FpU/SgGtghS1YL30 -IWxNsPrUP+XsZpBJy/mvOhE5QXo6Y35zDqqj8tI7AGmAWu22jg== ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/cert.pem b/apps/emqx_authn/test/data/certs/cert.pem deleted file mode 100644 index 092390b1d..000000000 --- a/apps/emqx_authn/test/data/certs/cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDEzCCAfugAwIBAgIBAjANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJDTjER -MA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UEAwwGUm9vdENB -MB4XDTIwMDUwODA4MDcwNVoXDTMwMDUwNjA4MDcwNVowPzELMAkGA1UEBhMCQ04x -ETAPBgNVBAgMCGhhbmd6aG91MQwwCgYDVQQKDANFTVExDzANBgNVBAMMBlNlcnZl -cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNeWT3pE+QFfiRJzKmn -AMUrWo3K2j/Tm3+Xnl6WLz67/0rcYrJbbKvS3uyRP/stXyXEKw9CepyQ1ViBVFkW -Aoy8qQEOWFDsZc/5UzhXUnb6LXr3qTkFEjNmhj+7uzv/lbBxlUG1NlYzSeOB6/RT -8zH/lhOeKhLnWYPXdXKsa1FL6ij4X8DeDO1kY7fvAGmBn/THh1uTpDizM4YmeI+7 -4dmayA5xXvARte5h4Vu5SIze7iC057N+vymToMk2Jgk+ZZFpyXrnq+yo6RaD3ANc -lrc4FbeUQZ5a5s5Sxgs9a0Y3WMG+7c5VnVXcbjBRz/aq2NtOnQQjikKKQA8GF080 -BQkCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEL -BQADggEBAJefnMZpaRDHQSNUIEL3iwGXE9c6PmIsQVE2ustr+CakBp3TZ4l0enLt -iGMfEVFju69cO4oyokWv+hl5eCMkHBf14Kv51vj448jowYnF1zmzn7SEzm5Uzlsa -sqjtAprnLyof69WtLU1j5rYWBuFX86yOTwRAFNjm9fvhAcrEONBsQtqipBWkMROp -iUYMkRqbKcQMdwxov+lHBYKq9zbWRoqLROAn54SRqgQk6c15JdEfgOOjShbsOkIH -UhqcwRkQic7n1zwHVGVDgNIZVgmJ2IdIWBlPEC7oLrRrBD/X1iEEXtKab6p5o22n -KB5mN+iQaE+Oe2cpGKZJiJRdM+IqDDQ= ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/client-cert.pem b/apps/emqx_authn/test/data/certs/client-cert.pem deleted file mode 100644 index 09d855221..000000000 --- a/apps/emqx_authn/test/data/certs/client-cert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDEzCCAfugAwIBAgIBATANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJDTjER -MA8GA1UECAwIaGFuZ3pob3UxDDAKBgNVBAoMA0VNUTEPMA0GA1UEAwwGUm9vdENB -MB4XDTIwMDUwODA4MDY1N1oXDTMwMDUwNjA4MDY1N1owPzELMAkGA1UEBhMCQ04x -ETAPBgNVBAgMCGhhbmd6aG91MQwwCgYDVQQKDANFTVExDzANBgNVBAMMBkNsaWVu -dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMy4hoksKcZBDbY680u6 -TS25U51nuB1FBcGMlF9B/t057wPOlxF/OcmbxY5MwepS41JDGPgulE1V7fpsXkiW -1LUimYV/tsqBfymIe0mlY7oORahKji7zKQ2UBIVFhdlvQxunlIDnw6F9popUgyHt -dMhtlgZK8oqRwHxO5dbfoukYd6J/r+etS5q26sgVkf3C6dt0Td7B25H9qW+f7oLV -PbcHYCa+i73u9670nrpXsC+Qc7Mygwa2Kq/jwU+ftyLQnOeW07DuzOwsziC/fQZa -nbxR+8U9FNftgRcC3uP/JMKYUqsiRAuaDokARZxVTV5hUElfpO6z6/NItSDvvh3i -eikCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEL -BQADggEBABchYxKo0YMma7g1qDswJXsR5s56Czx/I+B41YcpMBMTrRqpUC0nHtLk -M7/tZp592u/tT8gzEnQjZLKBAhFeZaR3aaKyknLqwiPqJIgg0pgsBGITrAK3Pv4z -5/YvAJJKgTe5UdeTz6U4lvNEux/4juZ4pmqH4qSFJTOzQS7LmgSmNIdd072rwXBd -UzcSHzsJgEMb88u/LDLjj1pQ7AtZ4Tta8JZTvcgBFmjB0QUi6fgkHY6oGat/W4kR -jSRUBlMUbM/drr2PVzRc2dwbFIl3X+ZE6n5Sl3ZwRAC/s92JU6CPMRW02muVu6xl -goraNgPISnrbpR6KjxLZkVembXzjNNc= ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/client-key.pem b/apps/emqx_authn/test/data/certs/client-key.pem deleted file mode 100644 index 2b3f30cf6..000000000 --- a/apps/emqx_authn/test/data/certs/client-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAzLiGiSwpxkENtjrzS7pNLblTnWe4HUUFwYyUX0H+3TnvA86X -EX85yZvFjkzB6lLjUkMY+C6UTVXt+mxeSJbUtSKZhX+2yoF/KYh7SaVjug5FqEqO -LvMpDZQEhUWF2W9DG6eUgOfDoX2milSDIe10yG2WBkryipHAfE7l1t+i6Rh3on+v -561LmrbqyBWR/cLp23RN3sHbkf2pb5/ugtU9twdgJr6Lve73rvSeulewL5BzszKD -BrYqr+PBT5+3ItCc55bTsO7M7CzOIL99BlqdvFH7xT0U1+2BFwLe4/8kwphSqyJE -C5oOiQBFnFVNXmFQSV+k7rPr80i1IO++HeJ6KQIDAQABAoIBAGWgvPjfuaU3qizq -uti/FY07USz0zkuJdkANH6LiSjlchzDmn8wJ0pApCjuIE0PV/g9aS8z4opp5q/gD -UBLM/a8mC/xf2EhTXOMrY7i9p/I3H5FZ4ZehEqIw9sWKK9YzC6dw26HabB2BGOnW -5nozPSQ6cp2RGzJ7BIkxSZwPzPnVTgy3OAuPOiJytvK+hGLhsNaT+Y9bNDvplVT2 -ZwYTV8GlHZC+4b2wNROILm0O86v96O+Qd8nn3fXjGHbMsAnONBq10bZS16L4fvkH -5G+W/1PeSXmtZFppdRRDxIW+DWcXK0D48WRliuxcV4eOOxI+a9N2ZJZZiNLQZGwg -w3A8+mECgYEA8HuJFrlRvdoBe2U/EwUtG74dcyy30L4yEBnN5QscXmEEikhaQCfX -Wm6EieMcIB/5I5TQmSw0cmBMeZjSXYoFdoI16/X6yMMuATdxpvhOZGdUGXxhAH+x -xoTUavWZnEqW3fkUU71kT5E2f2i+0zoatFESXHeslJyz85aAYpP92H0CgYEA2e5A -Yozt5eaA1Gyhd8SeptkEU4xPirNUnVQHStpMWUb1kzTNXrPmNWccQ7JpfpG6DcYl -zUF6p6mlzY+zkMiyPQjwEJlhiHM2NlL1QS7td0R8ewgsFoyn8WsBI4RejWrEG9td -EDniuIw+pBFkcWthnTLHwECHdzgquToyTMjrBB0CgYEA28tdGbrZXhcyAZEhHAZA -Gzog+pKlkpEzeonLKIuGKzCrEKRecIK5jrqyQsCjhS0T7ZRnL4g6i0s+umiV5M5w -fcc292pEA1h45L3DD6OlKplSQVTv55/OYS4oY3YEJtf5mfm8vWi9lQeY8sxOlQpn -O+VZTdBHmTC8PGeTAgZXHZUCgYA6Tyv88lYowB7SN2qQgBQu8jvdGtqhcs/99GCr -H3N0I69LPsKAR0QeH8OJPXBKhDUywESXAaEOwS5yrLNP1tMRz5Vj65YUCzeDG3kx -gpvY4IMp7ArX0bSRvJ6mYSFnVxy3k174G3TVCfksrtagHioVBGQ7xUg5ltafjrms -n8l55QKBgQDVzU8tQvBVqY8/1lnw11Vj4fkE/drZHJ5UkdC1eenOfSWhlSLfUJ8j -ds7vEWpRPPoVuPZYeR1y78cyxKe1GBx6Wa2lF5c7xjmiu0xbRnrxYeLolce9/ntp -asClqpnHT8/VJYTD7Kqj0fouTTZf0zkig/y+2XERppd8k+pSKjUCPQ== ------END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/key.pem b/apps/emqx_authn/test/data/certs/key.pem deleted file mode 100644 index 6c338216e..000000000 --- a/apps/emqx_authn/test/data/certs/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAs15ZPekT5AV+JEnMqacAxStajcraP9Obf5eeXpYvPrv/Stxi -sltsq9Le7JE/+y1fJcQrD0J6nJDVWIFUWRYCjLypAQ5YUOxlz/lTOFdSdvotevep -OQUSM2aGP7u7O/+VsHGVQbU2VjNJ44Hr9FPzMf+WE54qEudZg9d1cqxrUUvqKPhf -wN4M7WRjt+8AaYGf9MeHW5OkOLMzhiZ4j7vh2ZrIDnFe8BG17mHhW7lIjN7uILTn -s36/KZOgyTYmCT5lkWnJeuer7KjpFoPcA1yWtzgVt5RBnlrmzlLGCz1rRjdYwb7t -zlWdVdxuMFHP9qrY206dBCOKQopADwYXTzQFCQIDAQABAoIBAQCuvCbr7Pd3lvI/ -n7VFQG+7pHRe1VKwAxDkx2t8cYos7y/QWcm8Ptwqtw58HzPZGWYrgGMCRpzzkRSF -V9g3wP1S5Scu5C6dBu5YIGc157tqNGXB+SpdZddJQ4Nc6yGHXYERllT04ffBGc3N -WG/oYS/1cSteiSIrsDy/91FvGRCi7FPxH3wIgHssY/tw69s1Cfvaq5lr2NTFzxIG -xCvpJKEdSfVfS9I7LYiymVjst3IOR/w76/ZFY9cRa8ZtmQSWWsm0TUpRC1jdcbkm -ZoJptYWlP+gSwx/fpMYftrkJFGOJhHJHQhwxT5X/ajAISeqjjwkWSEJLwnHQd11C -Zy2+29lBAoGBANlEAIK4VxCqyPXNKfoOOi5dS64NfvyH4A1v2+KaHWc7lqaqPN49 -ezfN2n3X+KWx4cviDD914Yc2JQ1vVJjSaHci7yivocDo2OfZDmjBqzaMp/y+rX1R -/f3MmiTqMa468rjaxI9RRZu7vDgpTR+za1+OBCgMzjvAng8dJuN/5gjlAoGBANNY -uYPKtearBmkqdrSV7eTUe49Nhr0XotLaVBH37TCW0Xv9wjO2xmbm5Ga/DCtPIsBb -yPeYwX9FjoasuadUD7hRvbFu6dBa0HGLmkXRJZTcD7MEX2Lhu4BuC72yDLLFd0r+ -Ep9WP7F5iJyagYqIZtz+4uf7gBvUDdmvXz3sGr1VAoGAdXTD6eeKeiI6PlhKBztF -zOb3EQOO0SsLv3fnodu7ZaHbUgLaoTMPuB17r2jgrYM7FKQCBxTNdfGZmmfDjlLB -0xZ5wL8ibU30ZXL8zTlWPElST9sto4B+FYVVF/vcG9sWeUUb2ncPcJ/Po3UAktDG -jYQTTyuNGtSJHpad/YOZctkCgYBtWRaC7bq3of0rJGFOhdQT9SwItN/lrfj8hyHA -OjpqTV4NfPmhsAtu6j96OZaeQc+FHvgXwt06cE6Rt4RG4uNPRluTFgO7XYFDfitP -vCppnoIw6S5BBvHwPP+uIhUX2bsi/dm8vu8tb+gSvo4PkwtFhEr6I9HglBKmcmog -q6waEQKBgHyecFBeM6Ls11Cd64vborwJPAuxIW7HBAFj/BS99oeG4TjBx4Sz2dFd -rzUibJt4ndnHIvCN8JQkjNG14i9hJln+H3mRss8fbZ9vQdqG+2vOWADYSzzsNI55 -RFY7JjluKcVkp/zCDeUxTU3O6sS+v6/3VE11Cob6OYQx3lN5wrZ3 ------END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/redis-tls-ca.crt b/apps/emqx_authn/test/data/certs/redis-tls-ca.crt new file mode 100644 index 000000000..3add4693a --- /dev/null +++ b/apps/emqx_authn/test/data/certs/redis-tls-ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5jCCAs4CCQCRt9xE7Dmf4DANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS +ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEx +MjIyMTU1OTQ5WhcNMzExMjIwMTU1OTQ5WjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0 +MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDdu/EP7YZCG2k5rkNwfjy8/X3xaVZ/B7X84BbceT0q +XFxzcCuIBCRNn8q1K4JBdg/xQpekjdzhqeXVDokDjOQ/LxQJGPTrQIArpznwbbzD +yC2YJ1lmkgzF2cZd1CZ2KNqfWgxgcyQ86Y5bVzQn5fIq6u801O9/fY5kCncVf3/0 +Eb9CClahHhBOzTC/9V89SYIRkDgg8x9PVyUqjKP7N/70YE9/WYSx0D2AOXRpPjnf +XKuBM7gfOFCr/euXApVUIk/SbhcaSHJ2ns7OTiUl50+copsfNeMYRjq0hMapiwvg +UwBSgMQHqLUDo+roqzhoAMOKwOEmEcyed7HEE4HUjdkBuqi1Glr4n5KoIrUDj3co +/XSFAMIr9XCqf2I+KeNnNWKt43Q6C/SkeR76pCzptcJsQzGePVaT7zsB+DrZMW1O +x9snhvLR8l5+ocjZMqNCntBBf+8yhdw1cznTwfNAW5J5RHPvbkuqbxG84uwaqJki ++lzPJMD24Wu/R9i2nmKo/KDmKBFDfOA7SGexGDtoaFmgSn7TVosK1UA+I1QdHECs +/ecVvIS3QOIOXDvRIecutPKNxmXZxB2XBOjS6/y+QuXAWTZM7vd97cLMlM7e1jmf +weA83Wz9IGH+Ip73kLE4QKtK9fqhQqUj1pAEAR5lTLR3uY7tQyaPD/8podWgOwBg +VwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQDXHBBaJFIiHBJtutL1WiEwoEBLBZrl +4ojxJ+Lf1tmfc3LM8F7AhJljBIP0vBt1nHX7Q5gWHBm3/3OMwrTUcFBANTbuxpPZ +KEJaXUGY9f6/hpJXVAKXlbhLTNNQa0CmXicKpZGuyC4eUjLKssFS3ix0iUFTAOWX +RJliXCwcERH9jbC+d5n3VeCtwak0uYyqah3jCssXB5fqMRn3411TwfaSKNWjvdaW +whtQD1NvY6cbsG0+kd2lrOMTRTYMC+Jm3T6p3Mn4aGikfb0Hv7fcSOgRWDzMjWcO +JEQMKG1jlajyUOqsXnaW9zSoiJhJcZNR6n96KUuj9EBqNQhbP8wdqmd33ulqj4H5 +Ocg/RtFhYog5kwCrLAQTvKcdA7MVtjsH4tCb86L69jxKWnecSNuE987nPituwJXh +AVgmEJl3nN5yuSqxWFNxlsZvTAsuhlaucYYBofAF+qB8Jvy3GGMMC76Fc5TR0BAD +wiRAYJ+M19HWaZfyEZbH+uKMfYPhjlQaUyJ1Hg/hhkpp5ro3V7q8B0osJV1SYIcB +LaLeEcg7ZhprHbnit244VN0rUpxsvgNyNJ93v38iRUd0/+s5bRhSIIxTqqtj7fwZ +/WYkWUo5NZR2kBWrE7gFLQJbhVie+WCCZ7wToYmFIo55WUKcg54VszdbuNVikcsk +UElFARdXALiZWg== +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/redis-tls-client.crt b/apps/emqx_authn/test/data/certs/redis-tls-client.crt new file mode 100644 index 000000000..617add4f5 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/redis-tls-client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEADCCAeigAwIBAgIJAJ1b1eCyPY+kMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV +BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe +Fw0yMTEyMjIxNTU5NTBaFw0yMjEyMjIxNTU5NTBaMCYxEzARBgNVBAoMClJlZGlz +IFRlc3QxDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAJ+Mx7WUw+ghlFF66Qb3aHqLFfeuA5NVWq4c5aae7pLuj1eXiPm6hPxP +g/UmgK/cHwV9obsbjbket3HdJ+n201bRj+VuS7h01ITyLMUbhU+tPW+TjUzUie9D +zLeaKrpWZ+qpeMrsM+L3QeEuHQ24bsugTha1aerqc2DZFIDaiw+Y8n9ifEjGpwLn +qS+CznoKEf92Zaet5mZOtqVJuJJl3Hl9IhDgG0UdUwzwtwQvXQJ7O7OwLU/QrjcN +IS9KGB8OrnUvAUcbIVvHSMQAG7i2pe0ssMkXDth1NGMO0cHcu5dEIG0EWgx9yroa +BcQvpAT9NMyZ63hetgcnreda7rYQOcUCAwEAAaMiMCAwCwYDVR0PBAQDAgWgMBEG +CWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEArJIy30EAIqJEaDkT +nkOxHY8L3xTMgsKacLbCc/Of+rkbHFHrM3ffr4f0IybhZWiNN0fgNJKgCAgkfqMY +zoS/RTn/suCgHAarIPOchf99Es4QPCyIF1B/J0V9LXNmQuCSOBWBj0xvkv6YHtKc +frFl6ByRHNIymtRvldWxOZ7sw/5ZiEuJ/k3kRdol9fPLQu3gIH9rOvwuYGjHDsmr +mR4AfMUGTtHSGQVNus2M1Vu6xGfaKa0X0jDUtnSe5EYXdQHeMgB62CEy6hsT/cnn +HJkDwTXNhmazsvcmMeCJiS/HvDnhjkyeBgC/mU823Akq2ijaGYfeJYRQ/jHXyG5z +odBHAqIRMQ916Ozsv6ZDv05r3lxJksPV+9BOKPvDF6psd6VFqQG/HslGS7Hd7Oq5 +MLzh7kW8E3L9EmM1WrwCiSFJ/kkBbfCqc6ysO1EmKKqQOWCUtzfRUr4GBp0Qp4Q3 +oKwCFiDpIp3rpK5/MHBtqWzp86DUrRAFgd8XkqUw9nYleP/6WANG9cU1eg+uAsCT +y8OfNqYNaErTgO8mUdUnIyiZByHBuvMkkfrwXE+w6KM6ZT7Q0YowI5uIwP53aU8J +nUtryOYH1CzmI6/kzCE89M8cmK+2sRbJTwEi56OytVxqaVqwFT8NR9uUa6gxo0Rr +R5q5VPKvniiw0/HiJNbNG0ZHDCU= +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/redis-tls-client.key b/apps/emqx_authn/test/data/certs/redis-tls-client.key new file mode 100644 index 000000000..e62e336c5 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/redis-tls-client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAn4zHtZTD6CGUUXrpBvdoeosV964Dk1Varhzlpp7uku6PV5eI ++bqE/E+D9SaAr9wfBX2huxuNuR63cd0n6fbTVtGP5W5LuHTUhPIsxRuFT609b5ON +TNSJ70PMt5oqulZn6ql4yuwz4vdB4S4dDbhuy6BOFrVp6upzYNkUgNqLD5jyf2J8 +SManAuepL4LOegoR/3Zlp63mZk62pUm4kmXceX0iEOAbRR1TDPC3BC9dAns7s7At +T9CuNw0hL0oYHw6udS8BRxshW8dIxAAbuLal7SywyRcO2HU0Yw7Rwdy7l0QgbQRa +DH3KuhoFxC+kBP00zJnreF62Byet51ruthA5xQIDAQABAoIBACmYjGB8vm6AgqiT +gLk+O1Dnffyqs2fv8so94mmEOfK4m0pcyWtCA3W8TUzWkupGWxgVXtrnHhXLOkxH +Oia3IPYbgIZyMO+QFe/rK1zgBet14PR75XTIXIWyiWa8nLMj38fAEyvkVMqxZ82L +Nivjj48q5fDprwl9wkLXlY7aazLPZdMa3MCWzB8tzb1OmaKKvOQTnp3AV9+vuSRm +6RlXd/HLQHTrsIOFd3RQ1HXY+I9xHQTtBdFamQL7VUhrFmoGsa+ogC+Zubz90P1U +O2brliKc3lTQr3MJtZVERy2n8MV3ZyVr2b7rcCGx/QqprXKwlIKWcH2SwCSOW+HD +RGWMSYECgYEAzgfiL9Sd0ut8K/vlsWBnEovpfpXzTusLClWVP526Pcu0UYHs1PkE +dScw1eck3vl7ce4V5t5rubZHmlYgMd1cb1hyGDhqs9x2YaZxxf0vT/RYKr9EaIRb +QgAb60OzLjPQ4Fq6TlUXkICT05sqCAXnXmfOOaPMlGb9buz13ExfE3UCgYEAxj75 +ksrT++MCp2/mfIZgwFxRredIVjcJpXoqhCjF2dAbjBVYidKVx9iAEesBlhd6SFFk +xk1tyiMnCEaBFpM/TRI3kFONb/Gc/KTVnPl70CP/CAGBzB6vOnhga2xYgLEW8hZh +MSmVDHMWUlWCvvYYVi5z98VcBFRIkKnrMpWNUxECgYA+2xTcdsc3g/Q8DvuCY+DO +PbUck27JUtfpbTa9U8dv9ueqPjMcvmPnwe8aMwyCoiZRGcvAxXakD8JEiaYE0H3U +0mzsirmy6b2MCRWIy7dVczw6vmOGZ2rX9eSOn/bYT6KX79YK89belPuEgUAPdo2h +tZWq7BgL5mfHIa/YZ8xRyQKBgQCEpNpEV6Xi4Y+DDKJBK4BM9PhJzXhfB1BTAhy0 +dLt883ubDSVCgj5piviWBJH5JRhSjvNIo8IT/9U7+kChJEC0hr3auazm+9i4SmoL +L/qh15PqfWelddp02tpYxhOpd9QMguDhDhuGSvLigAiNUQgTkd1SKSFaXDJ5aNfP +7rSyoQKBgF9MOs30XLuPLOX+PkvexXOMql9uKe/1LEzeJ/gulI6K0HrjRWZrD3xU +eqEAt8sEpd9doepT6JwLo9xBEgniEjwmI1SoJgV02Hq7KLh5k8BK7U5NyJMtRPnU +l+OLhG+ufeyWGllKpaDkeBn3LvQH0LrChsin3uzGbjpi6UUb5fTM +-----END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl index de556a7bd..c4c7f22cf 100644 --- a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl @@ -52,7 +52,7 @@ end_per_group(require_seeds, Config) -> Config. init_per_suite(Config) -> - _ = application:load(emqx_conf), + _ = application:load(emqx_conf), case emqx_authn_test_lib:is_tcp_server_available(?REDIS_HOST, ?REDIS_PORT) of true -> ok = emqx_common_test_helpers:start_apps([emqx_authn]), diff --git a/apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl b/apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl new file mode 100644 index 000000000..22a8f013e --- /dev/null +++ b/apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl @@ -0,0 +1,153 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- + +-module(emqx_authn_redis_tls_SUITE). + +-compile(nowarn_export_all). +-compile(export_all). + +-include("emqx_authn.hrl"). +-include_lib("eunit/include/eunit.hrl"). +-include_lib("common_test/include/ct.hrl"). + +-define(REDIS_HOST, "redis-tls"). +-define(REDIS_PORT, 6380). + +-define(PATH, [authentication]). + +all() -> + emqx_common_test_helpers:all(?MODULE). + +groups() -> + []. + +init_per_testcase(_, Config) -> + {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000), + emqx_authentication:initialize_authentication(?GLOBAL, []), + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + Config. + +init_per_suite(Config) -> + _ = application:load(emqx_conf), + case emqx_authn_test_lib:is_tcp_server_available(?REDIS_HOST, ?REDIS_PORT) of + true -> + ok = emqx_common_test_helpers:start_apps([emqx_authn]), + ok = start_apps([emqx_resource, emqx_connector]), + Config; + false -> + {skip, no_redis} + end. + +end_per_suite(_Config) -> + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + ok = stop_apps([emqx_resource, emqx_connector]), + ok = emqx_common_test_helpers:stop_apps([emqx_authn]). + +%%------------------------------------------------------------------------------ +%% Tests +%%------------------------------------------------------------------------------ + +t_create(_Config) -> + ?assertMatch( + {ok, _}, + create_redis_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"redis-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.3">>], + <<"ciphers">> => [<<"TLS_CHACHA20_POLY1305_SHA256">>]})). + +t_create_invalid(_Config) -> + %% invalid server_name + ?assertMatch( + {error, _}, + create_redis_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"redis-tls-unknown-host">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.3">>], + <<"ciphers">> => [<<"TLS_CHACHA20_POLY1305_SHA256">>]})), + + %% invalid server_name (eredis connects by ip address) + ?assertMatch( + {error, _}, + create_redis_auth_with_ssl_opts( + #{<<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.3">>], + <<"ciphers">> => [<<"TLS_CHACHA20_POLY1305_SHA256">>]})), + + %% incompatible versions + ?assertMatch( + {error, _}, + create_redis_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"redis-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.1">>, <<"tlsv1.2">>]})), + + %% incompatible ciphers + ?assertMatch( + {error, _}, + create_redis_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"redis-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.3">>], + <<"ciphers">> => [<<"TLS_AES_128_GCM_SHA256">>]})). + +%%------------------------------------------------------------------------------ +%% Helpers +%%------------------------------------------------------------------------------ + +create_redis_auth_with_ssl_opts(SpecificSSLOpts) -> + AuthConfig = raw_redis_auth_config(SpecificSSLOpts), + emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, AuthConfig}). + +raw_redis_auth_config(SpecificSSLOpts) -> + SSLOpts = maps:merge( + client_ssl_opts(), + #{enable => <<"true">>}), + #{ + mechanism => <<"password-based">>, + password_hash_algorithm => #{name => <<"plain">>, + salt_position => <<"suffix">>}, + enable => <<"true">>, + + backend => <<"redis">>, + cmd => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>, + database => <<"1">>, + password => <<"public">>, + server => redis_server(), + ssl => maps:merge(SSLOpts, SpecificSSLOpts) + }. + +redis_server() -> + iolist_to_binary( + io_lib:format( + "~s:~b", + [?REDIS_HOST, ?REDIS_PORT])). + +start_apps(Apps) -> + lists:foreach(fun application:ensure_all_started/1, Apps). + +stop_apps(Apps) -> + lists:foreach(fun application:stop/1, Apps). + +client_ssl_opts() -> + Dir = code:lib_dir(emqx_authn, test), + #{keyfile => filename:join([Dir, <<"data/certs">>, "redis-tls-client.key"]), + certfile => filename:join([Dir, <<"data/certs">>, "redis-tls-client.crt"]), + cacertfile => filename:join([Dir, <<"data/certs">>, "redis-tls-ca.crt"])}. diff --git a/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl b/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl index 2bcf66763..6a40abac2 100644 --- a/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl +++ b/apps/emqx_plugin_libs/src/emqx_plugin_libs_ssl.erl @@ -75,7 +75,7 @@ save_files_return_opts(Options, Dir) -> CA = do_save_file(CAFile, Dir), Verify = GetD(verify, verify_none), SNI = Get(server_name_indication), - Versions = emqx_tls_lib:integral_versions(Get(tls_versions)), + Versions = emqx_tls_lib:integral_versions(Get(versions)), Ciphers = emqx_tls_lib:integral_ciphers(Versions, Get(ciphers)), filter([{keyfile, Key}, {certfile, Cert}, {cacertfile, CA}, {verify, Verify}, {server_name_indication, SNI}, {versions, Versions}, {ciphers, Ciphers}]). From 6de89d1207bd9ed7753b798ba9c642a7983704c4 Mon Sep 17 00:00:00 2001 From: Ilya Averyanov Date: Thu, 23 Dec 2021 21:19:55 +0300 Subject: [PATCH 2/8] chore(authn): test PostgreSQL authn via ssl connection --- .ci/docker-compose-file/Makefile.local | 2 + .../docker-compose-pgsql-tls.yaml | 12 +- .ci/docker-compose-file/pgsql/Dockerfile | 10 +- .ci/docker-compose-file/pgsql/certs/ca.crt | 29 ++++ .ci/docker-compose-file/pgsql/certs/ca.key | 51 ++++++ .../pgsql/certs/client.crt | 24 +++ .../pgsql/certs/client.key | 27 +++ .../pgsql/certs/server.crt | 24 +++ .../pgsql/certs/server.key | 27 +++ .ci/docker-compose-file/pgsql/postgresql.conf | 3 + .ci/docker-compose-file/redis/certs/ca.crt | 54 +++--- .../redis/certs/client.crt | 44 ++--- .../redis/certs/dhparam2048.pem | 8 + .../redis/certs/openssl.cnf | 7 + .../redis/certs/server.crt | 44 ++--- .github/workflows/run_test_cases.yaml | 1 + .../test/data/certs/pgsql-tls-ca.crt | 29 ++++ .../test/data/certs/pgsql-tls-client.crt | 24 +++ .../test/data/certs/pgsql-tls-client.key | 27 +++ .../test/data/certs/redis-tls-ca.crt | 54 +++--- .../test/data/certs/redis-tls-client.crt | 44 ++--- .../test/emqx_authn_pgsql_SUITE.erl | 1 - .../test/emqx_authn_pgsql_tls_SUITE.erl | 156 ++++++++++++++++++ .../src/emqx_connector_pgsql.erl | 10 +- 24 files changed, 577 insertions(+), 135 deletions(-) create mode 100644 .ci/docker-compose-file/pgsql/certs/ca.crt create mode 100644 .ci/docker-compose-file/pgsql/certs/ca.key create mode 100644 .ci/docker-compose-file/pgsql/certs/client.crt create mode 100644 .ci/docker-compose-file/pgsql/certs/client.key create mode 100644 .ci/docker-compose-file/pgsql/certs/server.crt create mode 100644 .ci/docker-compose-file/pgsql/certs/server.key create mode 100644 .ci/docker-compose-file/pgsql/postgresql.conf create mode 100644 .ci/docker-compose-file/redis/certs/dhparam2048.pem create mode 100644 .ci/docker-compose-file/redis/certs/openssl.cnf create mode 100644 apps/emqx_authn/test/data/certs/pgsql-tls-ca.crt create mode 100644 apps/emqx_authn/test/data/certs/pgsql-tls-client.crt create mode 100644 apps/emqx_authn/test/data/certs/pgsql-tls-client.key create mode 100644 apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl diff --git a/.ci/docker-compose-file/Makefile.local b/.ci/docker-compose-file/Makefile.local index 1422bd3a9..aea4be034 100644 --- a/.ci/docker-compose-file/Makefile.local +++ b/.ci/docker-compose-file/Makefile.local @@ -21,6 +21,7 @@ up: -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \ up -d --build @@ -31,6 +32,7 @@ down: -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \ down diff --git a/.ci/docker-compose-file/docker-compose-pgsql-tls.yaml b/.ci/docker-compose-file/docker-compose-pgsql-tls.yaml index 72aceed69..f1fc15b30 100644 --- a/.ci/docker-compose-file/docker-compose-pgsql-tls.yaml +++ b/.ci/docker-compose-file/docker-compose-pgsql-tls.yaml @@ -1,11 +1,11 @@ version: '3.9' services: - pgsql_server: - container_name: pgsql + pgsql_server_tls: + container_name: pgsql-tls build: - context: ../.. - dockerfile: .ci/docker-compose-file/pgsql/Dockerfile + context: pgsql + dockerfile: Dockerfile args: POSTGRES_USER: postgres BUILD_FROM: postgres:${PGSQL_TAG} @@ -16,7 +16,7 @@ services: POSTGRES_USER: root POSTGRES_PASSWORD: public ports: - - "5432:5432" + - "5433:5432" command: - -c - ssl=on @@ -28,5 +28,7 @@ services: - ssl_ca_file=/var/lib/postgresql/root.crt - -c - hba_file=/var/lib/postgresql/pg_hba.conf + - -c + - ssl_min_protocol_version=TLSv1.2 networks: - emqx_bridge diff --git a/.ci/docker-compose-file/pgsql/Dockerfile b/.ci/docker-compose-file/pgsql/Dockerfile index db2cd59fe..c39b1d0b9 100644 --- a/.ci/docker-compose-file/pgsql/Dockerfile +++ b/.ci/docker-compose-file/pgsql/Dockerfile @@ -1,10 +1,10 @@ -ARG BUILD_FROM=postgres:11 +ARG BUILD_FROM=postgres:13 FROM ${BUILD_FROM} ARG POSTGRES_USER=postgres -COPY --chown=$POSTGRES_USER .ci/docker-compose-file/pgsql/pg_hba.conf /var/lib/postgresql/pg_hba.conf -COPY --chown=$POSTGRES_USER apps/emqx/etc/certs/key.pem /var/lib/postgresql/server.key -COPY --chown=$POSTGRES_USER apps/emqx/etc/certs/cert.pem /var/lib/postgresql/server.crt -COPY --chown=$POSTGRES_USER apps/emqx/etc/certs/cacert.pem /var/lib/postgresql/root.crt +COPY --chown=$POSTGRES_USER pg_hba.conf /var/lib/postgresql/pg_hba.conf +COPY --chown=$POSTGRES_USER certs/server.key /var/lib/postgresql/server.key +COPY --chown=$POSTGRES_USER certs/server.crt /var/lib/postgresql/server.crt +COPY --chown=$POSTGRES_USER certs/ca.crt /var/lib/postgresql/root.crt RUN chmod 600 /var/lib/postgresql/pg_hba.conf RUN chmod 600 /var/lib/postgresql/server.key RUN chmod 600 /var/lib/postgresql/server.crt diff --git a/.ci/docker-compose-file/pgsql/certs/ca.crt b/.ci/docker-compose-file/pgsql/certs/ca.crt new file mode 100644 index 000000000..e0b066224 --- /dev/null +++ b/.ci/docker-compose-file/pgsql/certs/ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQDo376AfE/3SzANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjMwNjQwNTFaFw00OTA1MTAwNjQwNTFaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAzfdsesQLefz8rQFMKWTSqfQrb9Tt9AXM8x56fCtlduV8 +LM83l8NAmf8CdwlcOMW0tw1igrjf7yezCOdr9ffIo9K+jQJBq4cxqF756hWLp/2J +poqqG7rJUwamky4lVXg/W6beaticxMku9Ve6uZqNekKvCZ15bb4OoWkFRfCrjCYV +SB5Q6mcrzYmXpdazbPhSba211boiCL/ltwq/9up3ejE6eRrJevlk+AFebEQXA0zG +JGeQ2kGXmqEnMUbUlYySINH24ghyMcel4kffPFbgrYXz8UtUtpKHkladk6awAQoh +JkwK8kRhsAKH/Gcom30zEMAq8M6k4DgOOvD4cwiKWFdZGWrP/r+BCij1I4M0jrAg +KnCEWWG6N7ZluAoxCvtgAFynRqQ+XB2V8VAiOpa0FuJJXe/c4+9w4OX6Yw/DqsJd +/R9l1PiOCtkOYIpv2fT/5t/n/tiH+46BgSCGYoCUq1Z8/PVXzN7iIdiyyK37CAXf +2V02jGC5JWGK7URItVEPrzLBOLW8+lqb7Qud98TW9qqdJBsx43si/1QWOISHUOkz +3SDYJGh0xka2IRhSSEAiJTGA0QbeQ44122VB+pP+0zytTAVpVdckvrMTfHI+zxhz +4pc6QbLNsr9kncvIw0cqIrzFnXtxWS6RPMRWgnydR7OoOMzcxcEtjN6XUjdpGT8C +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAtReLK45ujUH/IAYPp9ikMPZb9MOcpH+g +VarcW0LnZvU1nK8YyCQpq2vnkKYuBeJQKzWdx/OuBz4tV5d/nXH/+LfMHyxHNgC9 +QZw12NWcZ9ghr9kPBr69fFmf6tWwNaHYmgQPdY56RfWO2jQXElNsbj4BuDic2jSf +uDm96z7i3YUxPt71VLwRviD5gHIMfO3O6FsfMBV3cv1hJq5EQUEj+hydC46tj6sl +9hZxJCkGlAvLFtzyUI6FO16CChgqX9C2F6anxEia3ATUyM6McCgplBBBKp+PCLWY +e1nkgsShFHOkp6EX5RnM0UQDrXjKrHie0KDar5CrSTImdWoaDQsVcMBeuXKtIIS2 +u4fWrSMWZb7O3MiVy8Srkhr00NMI0zWPnfXG+egGCXeog2MrpPE/1h+vvg43PJXU ++DXhJXtB4PS5s+dw2DRJLj8yGyG0ph3A2W9OG8XxZa8VHHPPBCu8pnHrCn0AEpzA +wJ2g7+CIS8qclPCR21DzhC21bW0CSHAO5g/SjmwH+H2BrXhfRQeGPJ1m+lDNfyVk +TKARDtUCZDfXHesnR+GCp4ZmnInwYb8kt+8JmXjbMh4hWutQ7tpXvhvbpZaEUzuf +2E+n+kW9y6+iVVw53m7+VlxMCUrAU17dcxQ6LiXrHcI6KeriDn+b6kN0K+ZijN3w +SrAQWl5NPsA= +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/pgsql/certs/ca.key b/.ci/docker-compose-file/pgsql/certs/ca.key new file mode 100644 index 000000000..fc929cc1c --- /dev/null +++ b/.ci/docker-compose-file/pgsql/certs/ca.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAzfdsesQLefz8rQFMKWTSqfQrb9Tt9AXM8x56fCtlduV8LM83 +l8NAmf8CdwlcOMW0tw1igrjf7yezCOdr9ffIo9K+jQJBq4cxqF756hWLp/2Jpoqq +G7rJUwamky4lVXg/W6beaticxMku9Ve6uZqNekKvCZ15bb4OoWkFRfCrjCYVSB5Q +6mcrzYmXpdazbPhSba211boiCL/ltwq/9up3ejE6eRrJevlk+AFebEQXA0zGJGeQ +2kGXmqEnMUbUlYySINH24ghyMcel4kffPFbgrYXz8UtUtpKHkladk6awAQohJkwK +8kRhsAKH/Gcom30zEMAq8M6k4DgOOvD4cwiKWFdZGWrP/r+BCij1I4M0jrAgKnCE +WWG6N7ZluAoxCvtgAFynRqQ+XB2V8VAiOpa0FuJJXe/c4+9w4OX6Yw/DqsJd/R9l +1PiOCtkOYIpv2fT/5t/n/tiH+46BgSCGYoCUq1Z8/PVXzN7iIdiyyK37CAXf2V02 +jGC5JWGK7URItVEPrzLBOLW8+lqb7Qud98TW9qqdJBsx43si/1QWOISHUOkz3SDY +JGh0xka2IRhSSEAiJTGA0QbeQ44122VB+pP+0zytTAVpVdckvrMTfHI+zxhz4pc6 +QbLNsr9kncvIw0cqIrzFnXtxWS6RPMRWgnydR7OoOMzcxcEtjN6XUjdpGT8CAwEA +AQKCAgAo9aBsFZqWqtnw6cYkoTlHtRgCSFz93z1vx8rh8Jtf9qkoHBlZI+ov9cee +tozReXfDw3SovG1EGSgAiE0vABS1h45/akh2/Q7CBgk7JQe946zBIuhLVWz+Bt+P +e2jPQ3eOGXQ32VXryHp/LfAjQvoJq0M17Uwdp+Mu9DypOQBUgapPyj+bLeNHH6q5 +vyW1cPireRUlKLvl84uSSB/+0YfrE+kl9k7FFt2eeF83tp7A+D6bNMFYthyZEp1B +rm1OREM3JaosLzPOdH6nrlVVoY1S1MW7YZi6Kg+t6W2y1D5CJqqK/CpdHX4zy30R +k84+hbpnBWBEvUOKl3s0+4DdF4CzT2BbBxqfcUSoNy+xdWCNa+v/bt5GnRh8Nq/u +4xuOkyu9fE4C44zYRjvNqTE2urzcHC7Y59k+GC+1TNRm2TLr25+OBq3Uki+RNufm +HQ6ocv+W30/UIqkOf17IP4u7cuWyff9yMyQmRZknscLTyzJswec2ku0sRfWee21A +DxkQEacGn8ngsJB3Z861D5XAQz5PdW2TPAYlMrKVwBzGF/C4gURk8g48xWQVLyQr +11a58HioxsrpCcARYB19pZoDZuO0xBSILXwT84o2TNXzNq+GjqDePx2VxMCXCw9G +C4wQkWt7diJW2p54PK9lS53XEecCrycINMH67dmoreA3YLJ8IQKCAQEA7fC0sYAK +HneuNK5bih05VuG8iRfMkJKob1tURk98l1FXlJKasQNL/uTdRkLaEttONy3BY8OW +/TshOEtTRrRZ+2F3e4vnto8cU4ZuEHHJeZ2FW40XTHaTSLS65QOWGpCUx57wZM/3 +0Xt4XgXP0WTmncwtP0uyDdP53jdpOBx5qgIMcu5jyav/t+K1F/7jTiT8C7o6Smdl +ZVGXUgJi4wKK4IMe9UZlhdf2CPVeEQ4DISek8Us/BM4qtM+tNr5J8PvU64vNMRMY +O4NrF2kW/t/8H8GodvgBctDfCtkfyofMdWU2S+n8icuJ4OFi0czOwbO95RmptRF4 +t8upsv9cHLvq8QKCAQEA3ZlzzN0JWp3Oq0586vfPrCV595NpunIn1kU6KWJvwQTO +OByLZD0rDFMSVGsJTbNeNJsW2NvNGsuNWAxyu3O/Cg6orXWRkQjIzH85vX0F8NNi +7ubPECPZNVWDTeCDPNewRCYS9Nt7NncJv5xD4C09oFVY6KHlmJGuT6b3jtT6Xd0Y +BLMjmeEXYwVV65diEjF23UAflbf8J03VFqwPNWQAUDXlErLJow1ukxepDRHXpleu +DFHv9uxshb6diGywSPz9VsgyIBe/3U+yG2A5ts7cHy/h2mnfP7mnYQ7q8gdZv7eC +mGHnmUAVmcn558pzIZTtQNyhcXBIsvGt6LuWd4JnLwKCAQEAsTMs7m/jmVMaCqO7 +Cn2/ISQWC6cMsrJ1/BBxD7fMmsh6R+xyhddltlttKxFIZPisJE3QE2MrREXP9KOs +TiCsTpkEqZ7EnuGvf8jCmT6UhBy6nzbRHiHEiEYIVdu44um/03Zbo0h6T6j7OFJt +tYzGbsgK/nN6E/BEyqhLlP0n4mOKL+G3sQ6F78VHhqpNT/odNwKmvJiKG82KuwmJ +6XQQRyl/WbzmiKoP0hYhyuO7kup6XTTjpsl/Zo6vefB3EqAJrq27z4tf5Zp2m8Wo +2YGnu2K2+nqyYXaKVQLkOSmvK9KHgDuu1lQdx7syo/o6FGmuxzq4d1+enopvRB4G +1GNikQKCAQEAq2oTWIo2vSDLCFpbaMqumyQWN7uREodRZ37/YZnihnV4K5FxBeYH +Ea6ExEZT2QYBvkGlp7RG8Q451L00VupPAbGbKyqBoqYf5YgYmwpF+ScbJV/nFj4U +vBvcyPX9rqfNkrm8+il5IwVrxgtTuepk/ExozPLHDoDKTJUEdDktPkRTWvdTd6nV +lGRBNU9Rrm8S2kzK4d6DL8gWKEaKMSuczm8SNqeUMAuo2CF6REDkBqlWWfNb4y65 +N6/eXfRtXNhOA74yf/6/DKukQ2bo3g8f2QQJ+hDhf4LWBc8rUHL9Kr8CR2ucYkBf +NSo2pOVGr9hqujywqXZI1hr7AsdwuhtmQwKCAQAaB/IU6MvoCuILwEv1za/1jS1i +jAPnoFQ835r2+SjJNxPTFUseEYnxraiZPMaf/sGk2DvJGoswnTDaDnyUoWV0i17q +IgIYbZt2n1pR3SM1wLN2pOJKSN5cFKqG3UvwGO57BXIeotowd3WmnG2V0fL8HK4G +2tOPjUkbvDsKim+pgfTv/uxawJocmaKw+VWPuIaXcDkgxjdAXN4AXOmqsqwROKLp +A9t+cNEdjRHl/vkRPbEjyP1xAeRP5e2hWumdbixYV+MJPBOz9Eu53lYkP++VKBhi +PvFUuNqoF7YZ/JwYWsrs+I2qLqihJMHNH4ZeOq20zUvZd6YjIypvFrtWMDUp +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/pgsql/certs/client.crt b/.ci/docker-compose-file/pgsql/certs/client.crt new file mode 100644 index 000000000..af886570e --- /dev/null +++ b/.ci/docker-compose-file/pgsql/certs/client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAeagAwIBAgIJAPKjgQdlPyGlMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzA2NDA1MloXDTQ5MDUxMDA2NDA1MlowJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCwwqKdZfHA2cgw42+s6URM0UXzve3X7ji6nPxC3rQKM82/Ol8iQfyIrCVy +WlVoxQppCBNDoPTCy+yrlAPWBWq95P+rOiXH3MeO86Z4mK9O8rwsRz9Yv3eOA7Ql +hlfrnFPD2E1t/XgpyuDxDA5lgLaB0nIu8Xklj4ZSXWHpTciY32HlyS7jpWSK94Ol +d+6D0kcWiu3ZLZ0Xgk+Br5Zkot5SjU4aUiCsD/rpil1YTHZ851kmXWhqaxetBPAO +bFUpxXffx3ou9+eQkWy8Za4BJOA3aaija+4ArVqcjrrzkEDzW1ESElRjdWegNaCk +g03nh3hpPogQjRYCHRTjMVli47+nAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBACOZsZdARELdQRe5WBkV +MTNZqei4TSFTjV8uocEuTMR7LV6HosmMZa/RqGTe3yU4tkUpHOYzxT1F9QlFl73s +hgcbPr1LRVn7XLEof8wKlxCElgqUKAsGHbjFFzhnw47c1tiiHablhLTWjfU/pMq2 +G9kFXqE8Jo+YNvbaUaC4YxFkc/Z2q/2rqhvmVVhcjsk0WwQ9hF47IwNl7ReUUNw1 +dxcPLUAQWyw4+lUeYkwMNZFL5MeARmIkiGJiKv4/yFxDyWe1Sjvp1K5H9RifR1Bn +fp21IUUjkP0+qYMnrV4L+4u8mxKO0JiV6Y/peIKzaOOULEB9bCgakBZQUpCNsFnt +MeSmtDR8LZtg3UFGCZeGj6QxiZ82kyqWmD7hcC8ag4KFGUlzmmdNFVD2Rgz0vGc9 +W8mXbWv39eaUBXitjEe8JwKWkeEFdRvKOfw5Jm4YCpYFsFTBIho+qaoF99odslAC +pY0LIjJhtfflbsGRz9y9MLGqhtZiDEv5CExv93FcnMuOQ9ZQSnGb2M2iyNl6zs2f +uZfzawvpEYisPjeMs7T2ys1gACqMxi8hwYpfBP/TQJ6iHtioUC+l9UfL/VwP8dky +yVi7Y5jka18RNSZHMj41rxIb2wgXm1/1vxAmkEm2/6ba8fR41s0tDCv3LylDehv1 +sNWUTEwylVLrkVay8UHhFsTZ +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/pgsql/certs/client.key b/.ci/docker-compose-file/pgsql/certs/client.key new file mode 100644 index 000000000..0795d511f --- /dev/null +++ b/.ci/docker-compose-file/pgsql/certs/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAsMKinWXxwNnIMONvrOlETNFF873t1+44upz8Qt60CjPNvzpf +IkH8iKwlclpVaMUKaQgTQ6D0wsvsq5QD1gVqveT/qzolx9zHjvOmeJivTvK8LEc/ +WL93jgO0JYZX65xTw9hNbf14Kcrg8QwOZYC2gdJyLvF5JY+GUl1h6U3ImN9h5cku +46VkiveDpXfug9JHFort2S2dF4JPga+WZKLeUo1OGlIgrA/66YpdWEx2fOdZJl1o +amsXrQTwDmxVKcV338d6LvfnkJFsvGWuASTgN2moo2vuAK1anI6685BA81tREhJU +Y3VnoDWgpINN54d4aT6IEI0WAh0U4zFZYuO/pwIDAQABAoIBAFSKct5XMN5tCxue +2/3Wf61B9nQSphw9uvI+PUT6YR/0EPbiQzgOWWtA8pQT8n+upkD/9L7Gz+oPQL37 +iC4n3xq92S6bHBDQXr3XeQp69HYNEMUYuoqG4PaSfOnprElrNoEYBkiSD5Pljdqc +SpJvklrbPXOIWMoHMFZahYbhhgzfFpCdruY6NFTDlLxy8XOBUXAGCol3MJUkLBbd +ez3te1PXSVTQduE28qNi/wxIjAlTqsd6mwoakObiXp0If8lultt21UTnVmCRO9Mr +1opJFuzNnyAu03uMgh/0EEU0ecIe3tSnqntpWj1dJVWetBEx+6SkuEehC0PP8XDL +KphG3nECgYEA4U5nVIVFWzxNtyBX3i3Qy7ejt4S97vPa2GhDbGPpfx1meFZGkCXo +0Xke1syqxaXAyAZqB6TLN0iLhcjNoa+XTr7pm/f8IitSNCwqFHvhtqYpsAmV0+zn +ngsPmQP/dVPOOHYI0kCm1ktQHMmTpJ3PUjUKAJSFQCrg4TL9Z/NCYgkCgYEAyNcu +oejjuCJO3qSJ74huieOfvJonSTkWOf4CQm1wiPSgQ1w5yxGmUVlwyjMzZhAWICF7 +pJ55bOnEuo1NYcxGDjFPSaf0e9F3FMmzJRrMUfR10V4PqrTk+ouVAJ6luFHA8yzS +GeO5mvzPeW16vAQgXzB4RswyaWHD2TCkn1YFwC8CgYAmOpdtz+8ku+az29kM6dkz +t8UfrnZLxTSs44QNMCa+Ws64PGtcqhIG+PYynCedwbIkPnJfOacBil2iJaA+fvy9 +b8dTn5A4fAFGuPeq4ho6U5dfN0Ek5F2og1fyLqt5zO6AxgZZJn8ofT7qo4lZtS0o +VbeMwaaabKwbiftVWAE7gQKBgGfAwhZieUFmd9gMqDVWBcS2Eo8cE6+ADjtnPUOT +xc76kNA7lJ+TPphH3DyYtrTDGqr+oSEpvRDGsxqsZI1hOc+bKZqjaWmNjDbw+9rv +PR4Za8P9E5rcWG4WLaNkUbgmg8ccIG2/duLaN1RDemQmvZJvN7NbSa+nEcXhmym1 +BsOBAoGAQnMIGe10cS2drHitTCKSCZBrJtqNIZT6UfJ5iPy0h0Haz53anXKsfvp3 +HO++G8GV+xFxYyiDd+PuUSk13DnnFUw69f3Yb0aWY4scwMZ7+VSdJaPhPFZlslcv +jEFJstKOjIkshR2/hDQMFS+eHQ12+LYNDJqKH0SFS3lCi/Oo6Js= +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/pgsql/certs/server.crt b/.ci/docker-compose-file/pgsql/certs/server.crt new file mode 100644 index 000000000..f1c83a065 --- /dev/null +++ b/.ci/docker-compose-file/pgsql/certs/server.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEATCCAemgAwIBAgIJAPKjgQdlPyGkMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzA2NDA1MVoXDTQ5MDUxMDA2NDA1MVowKDESMBAGA1UECgwJRU1RWCBU +ZXN0MRIwEAYDVQQDDAlwZ3NxbC10bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC/FuY3pDWvJ0KudNVBurfi5j6/2MtmEcc37q1maF/13aBu+zaktMq3 +8qpjxqO4YnsKqBQ6AtEUZY4pQ2OMJAFgwrZuJ3uH5/d9NkunSSh6X0yvA0m6b5yb +TfQCa8e3q7HRtjn/aIEfMmUIEpOlgHe6/mksTpdylHZEODG2GePgldzRyrjZvfNK +Qq9F5KSha5ChZq5xQQa/PsEkxa3upe2u4JUJbyfB4TDJ/KOTJyXKfnbg6iWnQgmx +o8XfOZlMnpkK0Rq8rxnEaQcUBw6+7QHk5IzjLfexhPrQxc3bH+vQLas3MhRPPwxk +Jxm1fClafWw0Io0bQJc6ewppKlLYvYmVAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDAR +BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBAAEOEjKPrwlUOuaT +aBi8Z9V9d6sN/toQshJ9Ko7m1O5qLv7/Lkmhe3VKvPIi7fFFYBnLCj4XVbCbSxYW +kaaV34/GF1S8uEz6/fpcLXpX87Tx95240YSeGMb9TZ0yjcz5Mhi9rlae6zZGDt1Q +eU9ydKsD6QfV1gWgzJ9PWUWJQboRhC2UEokOhLNrM+q38LFXkMJO7iOpD0ppFCZy +P7RheEp/XDyUrhHq0+yioNKBtqv1gc92On9sfZ+tQOk2hM0wqLyZlP8sqrVt7asW +IB/Erph1vjZk7FHiVu2/bplXbrj8vIrDg0SJC82IMxfxK5SLMKrvPDPTKJ0cH43s +OzPaH/te9suIuMt5M125AvT6pFkJSNVz4sihnfeIu9XyUQtcHrPEoVswS6czWAF3 +BHFrkif01CA1ktm5Kbk5Sc3xB6de0hV0IJ2eE3CMLa/jUkD/tZohli4OKSWnKWhe +A4eR2ijmpP1yMYr2UZUfWIDKdv8PKFlBsADNf8WHB8LW5R9284GbS5BRdZZJxCqE +4o7wRZfAhzaGk1YO/ItiN3YqMWhqrA0U4a3hpLksB23bJL/7qu6paF0g0mzpaXpQ +xTG29JnCcvLzEUAe7rtRBD17PT20ZWmoXjHm5WIyGrfYW+akCp5wwuesj/99MlDi +oIwoXwsXrxQuFebE7t0TwdCptau8 +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/pgsql/certs/server.key b/.ci/docker-compose-file/pgsql/certs/server.key new file mode 100644 index 000000000..b36f145c9 --- /dev/null +++ b/.ci/docker-compose-file/pgsql/certs/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvxbmN6Q1rydCrnTVQbq34uY+v9jLZhHHN+6tZmhf9d2gbvs2 +pLTKt/KqY8ajuGJ7CqgUOgLRFGWOKUNjjCQBYMK2bid7h+f3fTZLp0koel9MrwNJ +um+cm030AmvHt6ux0bY5/2iBHzJlCBKTpYB3uv5pLE6XcpR2RDgxthnj4JXc0cq4 +2b3zSkKvReSkoWuQoWaucUEGvz7BJMWt7qXtruCVCW8nweEwyfyjkyclyn524Ool +p0IJsaPF3zmZTJ6ZCtEavK8ZxGkHFAcOvu0B5OSM4y33sYT60MXN2x/r0C2rNzIU +Tz8MZCcZtXwpWn1sNCKNG0CXOnsKaSpS2L2JlQIDAQABAoIBAAGbSK45FDZ3xwi+ +dLiLwFYJB4gHY5ZlGd6vhAezYvMnPN0SAaCa4IVxZdtW5TN8qHordZgTQ/y+6dYQ ++fpIpzZQDMaaUGCRI7SKy1IJvGxi9rsV9P27SH7Jxf5rN4+kwub3eD9cepFvlAfg +WBtxHBCXaPz1YDKXavMh4dEdIJxXwn1lrgfeR1QXVm9W1Pr8ndSuWfFCLmyTQoaj +8U/vlH/A8T5lAYcgmNOaUdNjnqwhgu47Bep0ORUPvKq3mic5E8YmNokODU7RfKO8 +N0O+r5kjPsOVmgxV/9HAbXE6OuXiAmffMTJ1HqeN4Axulc8/ERpUA4bucasaWkcJ +SpykbAECgYEA57J1g9ITlO//8SvR6NKw+cC1bDZf84vkJcj69+bKbqlkcvQBy3yM +wQS1HPKm/h2y/4y0FJhZiT1b8F003Iu0I2KYDPnFLsoMEEXNhq4cFisNg2wxFprR +IsNx5Pgd98rMfmaiXqd8WJ07K59DREn+frBaXpAqL8K19+JLg04D6QECgYEA0yIK +q7ck7yOXhZHRii2yT6d19q4LgH87blZ2o4C0u0QAjFKjwX5rOVGGDJHkBHr/Al39 +UPPldwelWMgMsiYX/iWsbGrUYJWjXz1VaH2OyW1AjJBfFSdoClh62MkkRqtJz3u5 +fhCdez8CanWjLZ8wPxpC5/K1fJX1rf2Lzxuq7JUCgYEAgmCLfAfkePSsIvuzfL3C +VGe6LxBR4ewgD5sOjhzSYH71RTJFKEoHsj2B5K4uheQUa3SziLtJ9s4ORC1Op6P9 +U8QRJ4wNBw0uyKFey6CBsX+8dO2Wmc+4S0WLe3qa8mqts5rxVy4L7JldSGiwI2c3 +y/ZUg82/z2xTlQ9DyrlFvgECgYEAwk5/94xzh0oANsL+TubDRZ9eZwnCOB3f+inE +wbC/o+BviLS9VGQeFgA7F/JkION5MRqC+S+dLLBysYRaetGoHxNY3eZrUgAk/I+b +vLBg6muLjlGH0BYWH/9R/5UNt6QIJ9U73xM3e6d/d66P4HqykkB+9qxd7iysj9Xa +B171LQkCgYAeRphOByb4T0pcxStTKw1D3KyKFhxesMFG1I0ZfJIro3Tj3xlvDFAI +I3/efUErLJ25fHAbwjrU5+uszi8+aRO6j4MBXzgNKP99iVFaaQrS++q5yDG49D25 +B91dDrpLsvXIFGpFraVlvVbyxoaih7Gp9RCuXL1ZduvBi9Xje/H0Rg== +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/pgsql/postgresql.conf b/.ci/docker-compose-file/pgsql/postgresql.conf new file mode 100644 index 000000000..b28b04f64 --- /dev/null +++ b/.ci/docker-compose-file/pgsql/postgresql.conf @@ -0,0 +1,3 @@ + + + diff --git a/.ci/docker-compose-file/redis/certs/ca.crt b/.ci/docker-compose-file/redis/certs/ca.crt index 3add4693a..b0f76f987 100644 --- a/.ci/docker-compose-file/redis/certs/ca.crt +++ b/.ci/docker-compose-file/redis/certs/ca.crt @@ -1,29 +1,29 @@ -----BEGIN CERTIFICATE----- -MIIE5jCCAs4CCQCRt9xE7Dmf4DANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS -ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEx -MjIyMTU1OTQ5WhcNMzExMjIwMTU1OTQ5WjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0 -MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDdu/EP7YZCG2k5rkNwfjy8/X3xaVZ/B7X84BbceT0q -XFxzcCuIBCRNn8q1K4JBdg/xQpekjdzhqeXVDokDjOQ/LxQJGPTrQIArpznwbbzD -yC2YJ1lmkgzF2cZd1CZ2KNqfWgxgcyQ86Y5bVzQn5fIq6u801O9/fY5kCncVf3/0 -Eb9CClahHhBOzTC/9V89SYIRkDgg8x9PVyUqjKP7N/70YE9/WYSx0D2AOXRpPjnf -XKuBM7gfOFCr/euXApVUIk/SbhcaSHJ2ns7OTiUl50+copsfNeMYRjq0hMapiwvg -UwBSgMQHqLUDo+roqzhoAMOKwOEmEcyed7HEE4HUjdkBuqi1Glr4n5KoIrUDj3co -/XSFAMIr9XCqf2I+KeNnNWKt43Q6C/SkeR76pCzptcJsQzGePVaT7zsB+DrZMW1O -x9snhvLR8l5+ocjZMqNCntBBf+8yhdw1cznTwfNAW5J5RHPvbkuqbxG84uwaqJki -+lzPJMD24Wu/R9i2nmKo/KDmKBFDfOA7SGexGDtoaFmgSn7TVosK1UA+I1QdHECs -/ecVvIS3QOIOXDvRIecutPKNxmXZxB2XBOjS6/y+QuXAWTZM7vd97cLMlM7e1jmf -weA83Wz9IGH+Ip73kLE4QKtK9fqhQqUj1pAEAR5lTLR3uY7tQyaPD/8podWgOwBg -VwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQDXHBBaJFIiHBJtutL1WiEwoEBLBZrl -4ojxJ+Lf1tmfc3LM8F7AhJljBIP0vBt1nHX7Q5gWHBm3/3OMwrTUcFBANTbuxpPZ -KEJaXUGY9f6/hpJXVAKXlbhLTNNQa0CmXicKpZGuyC4eUjLKssFS3ix0iUFTAOWX -RJliXCwcERH9jbC+d5n3VeCtwak0uYyqah3jCssXB5fqMRn3411TwfaSKNWjvdaW -whtQD1NvY6cbsG0+kd2lrOMTRTYMC+Jm3T6p3Mn4aGikfb0Hv7fcSOgRWDzMjWcO -JEQMKG1jlajyUOqsXnaW9zSoiJhJcZNR6n96KUuj9EBqNQhbP8wdqmd33ulqj4H5 -Ocg/RtFhYog5kwCrLAQTvKcdA7MVtjsH4tCb86L69jxKWnecSNuE987nPituwJXh -AVgmEJl3nN5yuSqxWFNxlsZvTAsuhlaucYYBofAF+qB8Jvy3GGMMC76Fc5TR0BAD -wiRAYJ+M19HWaZfyEZbH+uKMfYPhjlQaUyJ1Hg/hhkpp5ro3V7q8B0osJV1SYIcB -LaLeEcg7ZhprHbnit244VN0rUpxsvgNyNJ93v38iRUd0/+s5bRhSIIxTqqtj7fwZ -/WYkWUo5NZR2kBWrE7gFLQJbhVie+WCCZ7wToYmFIo55WUKcg54VszdbuNVikcsk -UElFARdXALiZWg== +MIIE5DCCAswCCQD2ieWzz1mwdjANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjMwNjM4MTdaFw00OTA1MTAwNjM4MTdaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA3bvxD+2GQhtpOa5DcH48vP198WlWfwe1/OAW3Hk9Klxc +c3AriAQkTZ/KtSuCQXYP8UKXpI3c4anl1Q6JA4zkPy8UCRj060CAK6c58G28w8gt +mCdZZpIMxdnGXdQmdijan1oMYHMkPOmOW1c0J+XyKurvNNTvf32OZAp3FX9/9BG/ +QgpWoR4QTs0wv/VfPUmCEZA4IPMfT1clKoyj+zf+9GBPf1mEsdA9gDl0aT4531yr +gTO4HzhQq/3rlwKVVCJP0m4XGkhydp7Ozk4lJedPnKKbHzXjGEY6tITGqYsL4FMA +UoDEB6i1A6Pq6Ks4aADDisDhJhHMnnexxBOB1I3ZAbqotRpa+J+SqCK1A493KP10 +hQDCK/Vwqn9iPinjZzVireN0Ogv0pHke+qQs6bXCbEMxnj1Wk+87Afg62TFtTsfb +J4by0fJefqHI2TKjQp7QQX/vMoXcNXM508HzQFuSeURz725Lqm8RvOLsGqiZIvpc +zyTA9uFrv0fYtp5iqPyg5igRQ3zgO0hnsRg7aGhZoEp+01aLCtVAPiNUHRxArP3n +FbyEt0DiDlw70SHnLrTyjcZl2cQdlwTo0uv8vkLlwFk2TO73fe3CzJTO3tY5n8Hg +PN1s/SBh/iKe95CxOECrSvX6oUKlI9aQBAEeZUy0d7mO7UMmjw//KaHVoDsAYFcC +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAhPGwtBjJlLr6fiuPURQdU3Mf5dwVJl3w +Ou2cdV+Cqx3BBqHEH5QOcvjTn6MhvlD4fROLa025Ad8HEA+c/SWofyHpYXN+enJn +IMGl1SXwx3dU+n3o1xVqthkP21Kp+TIsD5ZhZONT1uVKbhgc8A8qJgq6fzLH1qmS +XxmNZgss8QFg0lzILxCWq5Jao59GvM7he8b1JI1pRBFONdLMJmYfYLZ4gZfgSe/8 +omt2yqkym6MvANIArLn1x/K+ugKLWhHCz3W/qI6kHHfTYGFknRSEwswMgTsZc0Nw +Y4TbLcqZOjaB3HNXlTxE6B0UZKWGcexC9QkQZmnH32FbVv++RzVk62zD20kqll6/ +MwXTWXj6ML29xKyk7mCIhgdLCCPxJmaaBmNDUQpAzrd2ALTeTvNPj/1gjod9iSh/ +l/EXinNUnGZOSNP5hVzyH6seBhwT41yuLITghgRNwrnsGu3J/l80oRcKceWsEDe3 +yQLzEdpvcWnRH4kmULwB4d9w/20ThVESTJ8/Ran8xmpzmEfeiWZpyE7PMOSGgzy8 +xhLK8+F0ebkFyKQyMLDbSbvib+c5FAzlq5keszQfFKBDMa2reUf/qg75rAQDGwXR +C3Lw5K5/EZXSloTfo13hEMbLBttaWaKl9CIoZCcihsHdGrND3UM0ds2BWarmgqkB +/5+umpUJwJU= -----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/redis/certs/client.crt b/.ci/docker-compose-file/redis/certs/client.crt index 617add4f5..70f60e6b5 100644 --- a/.ci/docker-compose-file/redis/certs/client.crt +++ b/.ci/docker-compose-file/redis/certs/client.crt @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEADCCAeigAwIBAgIJAJ1b1eCyPY+kMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV -BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe -Fw0yMTEyMjIxNTU5NTBaFw0yMjEyMjIxNTU5NTBaMCYxEzARBgNVBAoMClJlZGlz -IFRlc3QxDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAJ+Mx7WUw+ghlFF66Qb3aHqLFfeuA5NVWq4c5aae7pLuj1eXiPm6hPxP -g/UmgK/cHwV9obsbjbket3HdJ+n201bRj+VuS7h01ITyLMUbhU+tPW+TjUzUie9D -zLeaKrpWZ+qpeMrsM+L3QeEuHQ24bsugTha1aerqc2DZFIDaiw+Y8n9ifEjGpwLn -qS+CznoKEf92Zaet5mZOtqVJuJJl3Hl9IhDgG0UdUwzwtwQvXQJ7O7OwLU/QrjcN -IS9KGB8OrnUvAUcbIVvHSMQAG7i2pe0ssMkXDth1NGMO0cHcu5dEIG0EWgx9yroa -BcQvpAT9NMyZ63hetgcnreda7rYQOcUCAwEAAaMiMCAwCwYDVR0PBAQDAgWgMBEG -CWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEArJIy30EAIqJEaDkT -nkOxHY8L3xTMgsKacLbCc/Of+rkbHFHrM3ffr4f0IybhZWiNN0fgNJKgCAgkfqMY -zoS/RTn/suCgHAarIPOchf99Es4QPCyIF1B/J0V9LXNmQuCSOBWBj0xvkv6YHtKc -frFl6ByRHNIymtRvldWxOZ7sw/5ZiEuJ/k3kRdol9fPLQu3gIH9rOvwuYGjHDsmr -mR4AfMUGTtHSGQVNus2M1Vu6xGfaKa0X0jDUtnSe5EYXdQHeMgB62CEy6hsT/cnn -HJkDwTXNhmazsvcmMeCJiS/HvDnhjkyeBgC/mU823Akq2ijaGYfeJYRQ/jHXyG5z -odBHAqIRMQ916Ozsv6ZDv05r3lxJksPV+9BOKPvDF6psd6VFqQG/HslGS7Hd7Oq5 -MLzh7kW8E3L9EmM1WrwCiSFJ/kkBbfCqc6ysO1EmKKqQOWCUtzfRUr4GBp0Qp4Q3 -oKwCFiDpIp3rpK5/MHBtqWzp86DUrRAFgd8XkqUw9nYleP/6WANG9cU1eg+uAsCT -y8OfNqYNaErTgO8mUdUnIyiZByHBuvMkkfrwXE+w6KM6ZT7Q0YowI5uIwP53aU8J -nUtryOYH1CzmI6/kzCE89M8cmK+2sRbJTwEi56OytVxqaVqwFT8NR9uUa6gxo0Rr -R5q5VPKvniiw0/HiJNbNG0ZHDCU= +MIID/jCCAeagAwIBAgIJAJ1b1eCyPY+mMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzA2MzgxN1oXDTQ5MDUxMDA2MzgxN1owJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCfjMe1lMPoIZRReukG92h6ixX3rgOTVVquHOWmnu6S7o9Xl4j5uoT8T4P1 +JoCv3B8FfaG7G425Hrdx3Sfp9tNW0Y/lbku4dNSE8izFG4VPrT1vk41M1InvQ8y3 +miq6VmfqqXjK7DPi90HhLh0NuG7LoE4WtWnq6nNg2RSA2osPmPJ/YnxIxqcC56kv +gs56ChH/dmWnreZmTralSbiSZdx5fSIQ4BtFHVMM8LcEL10CezuzsC1P0K43DSEv +ShgfDq51LwFHGyFbx0jEABu4tqXtLLDJFw7YdTRjDtHB3LuXRCBtBFoMfcq6GgXE +L6QE/TTMmet4XrYHJ63nWu62EDnFAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAAD6aGC0eqPqhoOx36g6 +Ckb+BO1/GIJRv6cPJrtzih7pLxAcxyFj0vqM5SWAXxUlsnRIZ68PAEe3/b0WyHh5 +KZ5jqZMCGOOHpe9ZecqGT49QNY1g4f+PWaDMUMhJidm8xHE5snBKXaTzvnbTtvul +CQ+4wcCTdzEq3xzPjuz8M4+Kq2Z95WO1ZmXbMOLyVGJaB7wjl2n5JPVs8bBxaQZi +Q9PHzor/Dafhlea2eqZP4bBFz6hSrZ8ye+18WwiebL6dzFS2z3sMu9yrBmmvi4SZ +hogQT/3bk9eTia0fq6LqFi56GfGloov2pushFKxpxRXnmWS1FJkukld2I/uoxeeU +kSbYk9H0Nq/KyuXgm+6frzXZqeGU7hTn3wreYwiiqpyZs9kUadaR6Q/zSio/C9D3 +Y9negp5LscHhkm6WTj12ZcBicaUJ7dToVXbttj3Me5Uf/QFtba+x4DTGPEUEsNdD +z/9y8MzuGg7/+qoSdQaXGYBOdeWeID8PS5vnwVzutn4KI2GxVLpsEL3I1a2ZVkG/ +ZvKivpyjDT3MCaAAxC7BfspsZuV6cJJfaNn5ozu1fJlgyGgWNj6MfCr67SLkXGIT +29orZbdk2FObZcF5WHa9Fqn3RbTQh+rV7tpv1loxhdZuGNKepDzkSXNN/CDyvb0Q +y49H/UmwxcGoBxxMep6YXgKm -----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/redis/certs/dhparam2048.pem b/.ci/docker-compose-file/redis/certs/dhparam2048.pem new file mode 100644 index 000000000..e6bb8ca60 --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/dhparam2048.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAu82pIpWMF4FNfu8/rENOziV+BbW6byzqLJJd7DcG3Ou47PA5Sj14 +GLQ9yzesjacqBljBSD4Qip55K0Cp7GM0pq76IOI5H6C+TpVWEdyYtNFpGYLo5SR3 +eJoziRImt2r6YPJbxLRcGFcMnsfSvbhsaCyiYwsFiUxlm8KaTITZ48A+gcPG4mG1 +BkHDXuuWJVomKrUaB7I8mPlKKsczIiPDSsRqeXbvf451mGSWP7QJypdnQveqqI9u +qVymZOPMqF+bcLZWBuwUNzG3q9D403iX310HsRzSl36m0/VaM/Y3Fxc4lzzZAfb1 +1DM/CilTJWINvlm3jtXlbxHv8B6R+jVDEwIBAg== +-----END DH PARAMETERS----- diff --git a/.ci/docker-compose-file/redis/certs/openssl.cnf b/.ci/docker-compose-file/redis/certs/openssl.cnf new file mode 100644 index 000000000..35ba4831b --- /dev/null +++ b/.ci/docker-compose-file/redis/certs/openssl.cnf @@ -0,0 +1,7 @@ +[ server_cert ] +keyUsage = digitalSignature, keyEncipherment +nsCertType = server + +[ client_cert ] +keyUsage = digitalSignature, keyEncipherment +nsCertType = client diff --git a/.ci/docker-compose-file/redis/certs/server.crt b/.ci/docker-compose-file/redis/certs/server.crt index 092209bfc..ed7ab6557 100644 --- a/.ci/docker-compose-file/redis/certs/server.crt +++ b/.ci/docker-compose-file/redis/certs/server.crt @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEAzCCAeugAwIBAgIJAJ1b1eCyPY+jMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV -BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe -Fw0yMTEyMjIxNTU5NDlaFw0yMjEyMjIxNTU5NDlaMCkxEzARBgNVBAoMClJlZGlz -IFRlc3QxEjAQBgNVBAMMCXJlZGlzLXRsczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALteJrJx6zRKM2Yky5HKKS9VxgOieD/W48xR/G4rY/ecltHGtH6d -kER04+UdbHJ9XB0vhc7uU8yF94D4JChT6AtYqNGtFIlsrYGs9XrIBWJDYYQBr7Vh -m63FmOTp8Q/1ij8kVLcWjM92ZfL5TV5JLSl/qirVQyxp3ioudsKG+D2/kr4uyh1D -gqgnmdio5XZ5RCIPqb58ECK87vXYewUTn1I7f/g2uok1HGFAQVDX29vUX0pY9msu -6RXogtjmbGGc40kNYCwX8FlXfyDhvwl8PLxOrNw38a/VJMa8q5E0l11z16v3Fc3I -ixzwwQ9+T43Bg4W0OIFOlDFekRAx8S5NsAcCAwEAAaMiMCAwCwYDVR0PBAQDAgWg -MBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQsFAAOCAgEAhQ+gAOf6n8xA -S/N1Bt6T3B0smlODozPoZeAUuiIhZyKN3ZzJHAj41JB+Zs7PTwdQQC5MI/o10Bh+ -RmOvejTBpxSrB1OucdUvS0xOz2XASLRlnoL8MDX9dSw40QJsSOXfUZ6tJXwqN8wo -hAp1j5ogigmVSHzyxiKwfx0ULH+DWp9GuPyyfaJKeAPcbWejg2us+1sGLwbcg9+j -9QL3IaEF+Uv5BeFmWKe48irgBknJh1vesPQ4wzd63/ko96yLFFy7/celZP46YqyF -nulgqHc5HwlfxnLLjvP14han8FjEkfcLUyLwp+BNh5OcDahPVYFaQLBFygVujs+D -005Hqm1GdsNf7ImubNIgIjETlOO7jmAtMJnaQasFbSk4vf9BaUulb0RoqQs5Vjbm -T3jVfhRvKi+cATEM64zzVSNjVi5Nxa1urrYLAqv5VQCWl3stJl+2qCA1mgQ+J02k -8KIY8lfP6YcXEzuimecvhOzKhB1ccD7kWJqk4ErHpkTB+m7JqkH7+9DA7wN+0m1Q -bvAOlNV7inEyT3q9Wx+mQOVuipvk96iu/2Y1eMiyDuziFqJKgEwdr8ECldeLsVXY -FkWe+BLwMzc5IW+WZmVPIyyv7MefZhGic9SBPtjk/TejqBASp5er5iFI75LCshwJ -65Ph7RUKOkxNlslxjzZkVYpCP+NY+yU= +MIIEATCCAemgAwIBAgIJAJ1b1eCyPY+lMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzA2MzgxN1oXDTQ5MDUxMDA2MzgxN1owKDESMBAGA1UECgwJRU1RWCBU +ZXN0MRIwEAYDVQQDDAlyZWRpcy10bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC7Xiayces0SjNmJMuRyikvVcYDong/1uPMUfxuK2P3nJbRxrR+nZBE +dOPlHWxyfVwdL4XO7lPMhfeA+CQoU+gLWKjRrRSJbK2BrPV6yAViQ2GEAa+1YZut +xZjk6fEP9Yo/JFS3FozPdmXy+U1eSS0pf6oq1UMsad4qLnbChvg9v5K+LsodQ4Ko +J5nYqOV2eUQiD6m+fBAivO712HsFE59SO3/4NrqJNRxhQEFQ19vb1F9KWPZrLukV +6ILY5mxhnONJDWAsF/BZV38g4b8JfDy8TqzcN/Gv1STGvKuRNJddc9er9xXNyIsc +8MEPfk+NwYOFtDiBTpQxXpEQMfEuTbAHAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDAR +BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBAD4dH1vWISjxSCrn +zqOrkjoJr0okOGkDqJ8IqV9ZKCaC4ss7tosOp1gkgv+c9n2H8pwRug4v+0N3e5Lo +4UlTWJHifTCA+Iz6uVgB4ez8mRr7QYlOdWE3Zhm5B21V4oa2pIroTxmmSXjfgL/M +yp/EFZhYDxCCORRf7PJyDJh0mYZyQvjMWkhnGA/JC4pPAjj98mLDbo04U2YCFPUr +wyEU36zW4iueFWvh8tpbhmBGGvmyrf8yy2/XaK53ZMKRupP+DEVXg/rkIFFY6TL0 +Gl4D4hV9BsYwXgL03R3iyV42DjZ7eTKhs3mV2MHUBhJkEALsLUVLNkV2Kq/yvWbY +dpylIALCEMeKhMnssxoZQ4sxtFbFHt2y/2doLB9Ce/kprxkZyQzussHW5KO5EfMM +byCztnbNzwc+AmitBWJfKXig7TC7t1N5qGBtQFSJhhS3IyfyOsI1iKx/V2NsiOR/ +TTIv6G+uIRbayfFXTPPt+r1R5Zn5/65IptOVIYzFMRIyUswdCE51F54K7kCI+4/n +XLj1WFu9VlOzihK/OyDbeLEDPH9iSSymDGfzXDtRaDlMctRdoLn5dgsE2NiEHhzZ +XcyrDRRcvwTtACvGXi6F3DS5iHCiQ/4NO6p4TEZQ9jl0Hf8+/TCFFuE+ejzDhCFP +VQxhZDleyARpFHfZ1bH5ZZKcWYsb -----END CERTIFICATE----- diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml index adcf6be0e..b7b3894ff 100644 --- a/.github/workflows/run_test_cases.yaml +++ b/.github/workflows/run_test_cases.yaml @@ -65,6 +65,7 @@ jobs: -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tls.yaml \ -f .ci/docker-compose-file/docker-compose.yaml \ diff --git a/apps/emqx_authn/test/data/certs/pgsql-tls-ca.crt b/apps/emqx_authn/test/data/certs/pgsql-tls-ca.crt new file mode 100644 index 000000000..e0b066224 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/pgsql-tls-ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQDo376AfE/3SzANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjMwNjQwNTFaFw00OTA1MTAwNjQwNTFaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAzfdsesQLefz8rQFMKWTSqfQrb9Tt9AXM8x56fCtlduV8 +LM83l8NAmf8CdwlcOMW0tw1igrjf7yezCOdr9ffIo9K+jQJBq4cxqF756hWLp/2J +poqqG7rJUwamky4lVXg/W6beaticxMku9Ve6uZqNekKvCZ15bb4OoWkFRfCrjCYV +SB5Q6mcrzYmXpdazbPhSba211boiCL/ltwq/9up3ejE6eRrJevlk+AFebEQXA0zG +JGeQ2kGXmqEnMUbUlYySINH24ghyMcel4kffPFbgrYXz8UtUtpKHkladk6awAQoh +JkwK8kRhsAKH/Gcom30zEMAq8M6k4DgOOvD4cwiKWFdZGWrP/r+BCij1I4M0jrAg +KnCEWWG6N7ZluAoxCvtgAFynRqQ+XB2V8VAiOpa0FuJJXe/c4+9w4OX6Yw/DqsJd +/R9l1PiOCtkOYIpv2fT/5t/n/tiH+46BgSCGYoCUq1Z8/PVXzN7iIdiyyK37CAXf +2V02jGC5JWGK7URItVEPrzLBOLW8+lqb7Qud98TW9qqdJBsx43si/1QWOISHUOkz +3SDYJGh0xka2IRhSSEAiJTGA0QbeQ44122VB+pP+0zytTAVpVdckvrMTfHI+zxhz +4pc6QbLNsr9kncvIw0cqIrzFnXtxWS6RPMRWgnydR7OoOMzcxcEtjN6XUjdpGT8C +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAtReLK45ujUH/IAYPp9ikMPZb9MOcpH+g +VarcW0LnZvU1nK8YyCQpq2vnkKYuBeJQKzWdx/OuBz4tV5d/nXH/+LfMHyxHNgC9 +QZw12NWcZ9ghr9kPBr69fFmf6tWwNaHYmgQPdY56RfWO2jQXElNsbj4BuDic2jSf +uDm96z7i3YUxPt71VLwRviD5gHIMfO3O6FsfMBV3cv1hJq5EQUEj+hydC46tj6sl +9hZxJCkGlAvLFtzyUI6FO16CChgqX9C2F6anxEia3ATUyM6McCgplBBBKp+PCLWY +e1nkgsShFHOkp6EX5RnM0UQDrXjKrHie0KDar5CrSTImdWoaDQsVcMBeuXKtIIS2 +u4fWrSMWZb7O3MiVy8Srkhr00NMI0zWPnfXG+egGCXeog2MrpPE/1h+vvg43PJXU ++DXhJXtB4PS5s+dw2DRJLj8yGyG0ph3A2W9OG8XxZa8VHHPPBCu8pnHrCn0AEpzA +wJ2g7+CIS8qclPCR21DzhC21bW0CSHAO5g/SjmwH+H2BrXhfRQeGPJ1m+lDNfyVk +TKARDtUCZDfXHesnR+GCp4ZmnInwYb8kt+8JmXjbMh4hWutQ7tpXvhvbpZaEUzuf +2E+n+kW9y6+iVVw53m7+VlxMCUrAU17dcxQ6LiXrHcI6KeriDn+b6kN0K+ZijN3w +SrAQWl5NPsA= +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/pgsql-tls-client.crt b/apps/emqx_authn/test/data/certs/pgsql-tls-client.crt new file mode 100644 index 000000000..af886570e --- /dev/null +++ b/apps/emqx_authn/test/data/certs/pgsql-tls-client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAeagAwIBAgIJAPKjgQdlPyGlMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzA2NDA1MloXDTQ5MDUxMDA2NDA1MlowJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCwwqKdZfHA2cgw42+s6URM0UXzve3X7ji6nPxC3rQKM82/Ol8iQfyIrCVy +WlVoxQppCBNDoPTCy+yrlAPWBWq95P+rOiXH3MeO86Z4mK9O8rwsRz9Yv3eOA7Ql +hlfrnFPD2E1t/XgpyuDxDA5lgLaB0nIu8Xklj4ZSXWHpTciY32HlyS7jpWSK94Ol +d+6D0kcWiu3ZLZ0Xgk+Br5Zkot5SjU4aUiCsD/rpil1YTHZ851kmXWhqaxetBPAO +bFUpxXffx3ou9+eQkWy8Za4BJOA3aaija+4ArVqcjrrzkEDzW1ESElRjdWegNaCk +g03nh3hpPogQjRYCHRTjMVli47+nAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBACOZsZdARELdQRe5WBkV +MTNZqei4TSFTjV8uocEuTMR7LV6HosmMZa/RqGTe3yU4tkUpHOYzxT1F9QlFl73s +hgcbPr1LRVn7XLEof8wKlxCElgqUKAsGHbjFFzhnw47c1tiiHablhLTWjfU/pMq2 +G9kFXqE8Jo+YNvbaUaC4YxFkc/Z2q/2rqhvmVVhcjsk0WwQ9hF47IwNl7ReUUNw1 +dxcPLUAQWyw4+lUeYkwMNZFL5MeARmIkiGJiKv4/yFxDyWe1Sjvp1K5H9RifR1Bn +fp21IUUjkP0+qYMnrV4L+4u8mxKO0JiV6Y/peIKzaOOULEB9bCgakBZQUpCNsFnt +MeSmtDR8LZtg3UFGCZeGj6QxiZ82kyqWmD7hcC8ag4KFGUlzmmdNFVD2Rgz0vGc9 +W8mXbWv39eaUBXitjEe8JwKWkeEFdRvKOfw5Jm4YCpYFsFTBIho+qaoF99odslAC +pY0LIjJhtfflbsGRz9y9MLGqhtZiDEv5CExv93FcnMuOQ9ZQSnGb2M2iyNl6zs2f +uZfzawvpEYisPjeMs7T2ys1gACqMxi8hwYpfBP/TQJ6iHtioUC+l9UfL/VwP8dky +yVi7Y5jka18RNSZHMj41rxIb2wgXm1/1vxAmkEm2/6ba8fR41s0tDCv3LylDehv1 +sNWUTEwylVLrkVay8UHhFsTZ +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/pgsql-tls-client.key b/apps/emqx_authn/test/data/certs/pgsql-tls-client.key new file mode 100644 index 000000000..0795d511f --- /dev/null +++ b/apps/emqx_authn/test/data/certs/pgsql-tls-client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAsMKinWXxwNnIMONvrOlETNFF873t1+44upz8Qt60CjPNvzpf +IkH8iKwlclpVaMUKaQgTQ6D0wsvsq5QD1gVqveT/qzolx9zHjvOmeJivTvK8LEc/ +WL93jgO0JYZX65xTw9hNbf14Kcrg8QwOZYC2gdJyLvF5JY+GUl1h6U3ImN9h5cku +46VkiveDpXfug9JHFort2S2dF4JPga+WZKLeUo1OGlIgrA/66YpdWEx2fOdZJl1o +amsXrQTwDmxVKcV338d6LvfnkJFsvGWuASTgN2moo2vuAK1anI6685BA81tREhJU +Y3VnoDWgpINN54d4aT6IEI0WAh0U4zFZYuO/pwIDAQABAoIBAFSKct5XMN5tCxue +2/3Wf61B9nQSphw9uvI+PUT6YR/0EPbiQzgOWWtA8pQT8n+upkD/9L7Gz+oPQL37 +iC4n3xq92S6bHBDQXr3XeQp69HYNEMUYuoqG4PaSfOnprElrNoEYBkiSD5Pljdqc +SpJvklrbPXOIWMoHMFZahYbhhgzfFpCdruY6NFTDlLxy8XOBUXAGCol3MJUkLBbd +ez3te1PXSVTQduE28qNi/wxIjAlTqsd6mwoakObiXp0If8lultt21UTnVmCRO9Mr +1opJFuzNnyAu03uMgh/0EEU0ecIe3tSnqntpWj1dJVWetBEx+6SkuEehC0PP8XDL +KphG3nECgYEA4U5nVIVFWzxNtyBX3i3Qy7ejt4S97vPa2GhDbGPpfx1meFZGkCXo +0Xke1syqxaXAyAZqB6TLN0iLhcjNoa+XTr7pm/f8IitSNCwqFHvhtqYpsAmV0+zn +ngsPmQP/dVPOOHYI0kCm1ktQHMmTpJ3PUjUKAJSFQCrg4TL9Z/NCYgkCgYEAyNcu +oejjuCJO3qSJ74huieOfvJonSTkWOf4CQm1wiPSgQ1w5yxGmUVlwyjMzZhAWICF7 +pJ55bOnEuo1NYcxGDjFPSaf0e9F3FMmzJRrMUfR10V4PqrTk+ouVAJ6luFHA8yzS +GeO5mvzPeW16vAQgXzB4RswyaWHD2TCkn1YFwC8CgYAmOpdtz+8ku+az29kM6dkz +t8UfrnZLxTSs44QNMCa+Ws64PGtcqhIG+PYynCedwbIkPnJfOacBil2iJaA+fvy9 +b8dTn5A4fAFGuPeq4ho6U5dfN0Ek5F2og1fyLqt5zO6AxgZZJn8ofT7qo4lZtS0o +VbeMwaaabKwbiftVWAE7gQKBgGfAwhZieUFmd9gMqDVWBcS2Eo8cE6+ADjtnPUOT +xc76kNA7lJ+TPphH3DyYtrTDGqr+oSEpvRDGsxqsZI1hOc+bKZqjaWmNjDbw+9rv +PR4Za8P9E5rcWG4WLaNkUbgmg8ccIG2/duLaN1RDemQmvZJvN7NbSa+nEcXhmym1 +BsOBAoGAQnMIGe10cS2drHitTCKSCZBrJtqNIZT6UfJ5iPy0h0Haz53anXKsfvp3 +HO++G8GV+xFxYyiDd+PuUSk13DnnFUw69f3Yb0aWY4scwMZ7+VSdJaPhPFZlslcv +jEFJstKOjIkshR2/hDQMFS+eHQ12+LYNDJqKH0SFS3lCi/Oo6Js= +-----END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/redis-tls-ca.crt b/apps/emqx_authn/test/data/certs/redis-tls-ca.crt index 3add4693a..b0f76f987 100644 --- a/apps/emqx_authn/test/data/certs/redis-tls-ca.crt +++ b/apps/emqx_authn/test/data/certs/redis-tls-ca.crt @@ -1,29 +1,29 @@ -----BEGIN CERTIFICATE----- -MIIE5jCCAs4CCQCRt9xE7Dmf4DANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKDApS -ZWRpcyBUZXN0MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjEx -MjIyMTU1OTQ5WhcNMzExMjIwMTU1OTQ5WjA1MRMwEQYDVQQKDApSZWRpcyBUZXN0 -MR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDdu/EP7YZCG2k5rkNwfjy8/X3xaVZ/B7X84BbceT0q -XFxzcCuIBCRNn8q1K4JBdg/xQpekjdzhqeXVDokDjOQ/LxQJGPTrQIArpznwbbzD -yC2YJ1lmkgzF2cZd1CZ2KNqfWgxgcyQ86Y5bVzQn5fIq6u801O9/fY5kCncVf3/0 -Eb9CClahHhBOzTC/9V89SYIRkDgg8x9PVyUqjKP7N/70YE9/WYSx0D2AOXRpPjnf -XKuBM7gfOFCr/euXApVUIk/SbhcaSHJ2ns7OTiUl50+copsfNeMYRjq0hMapiwvg -UwBSgMQHqLUDo+roqzhoAMOKwOEmEcyed7HEE4HUjdkBuqi1Glr4n5KoIrUDj3co -/XSFAMIr9XCqf2I+KeNnNWKt43Q6C/SkeR76pCzptcJsQzGePVaT7zsB+DrZMW1O -x9snhvLR8l5+ocjZMqNCntBBf+8yhdw1cznTwfNAW5J5RHPvbkuqbxG84uwaqJki -+lzPJMD24Wu/R9i2nmKo/KDmKBFDfOA7SGexGDtoaFmgSn7TVosK1UA+I1QdHECs -/ecVvIS3QOIOXDvRIecutPKNxmXZxB2XBOjS6/y+QuXAWTZM7vd97cLMlM7e1jmf -weA83Wz9IGH+Ip73kLE4QKtK9fqhQqUj1pAEAR5lTLR3uY7tQyaPD/8podWgOwBg -VwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQDXHBBaJFIiHBJtutL1WiEwoEBLBZrl -4ojxJ+Lf1tmfc3LM8F7AhJljBIP0vBt1nHX7Q5gWHBm3/3OMwrTUcFBANTbuxpPZ -KEJaXUGY9f6/hpJXVAKXlbhLTNNQa0CmXicKpZGuyC4eUjLKssFS3ix0iUFTAOWX -RJliXCwcERH9jbC+d5n3VeCtwak0uYyqah3jCssXB5fqMRn3411TwfaSKNWjvdaW -whtQD1NvY6cbsG0+kd2lrOMTRTYMC+Jm3T6p3Mn4aGikfb0Hv7fcSOgRWDzMjWcO -JEQMKG1jlajyUOqsXnaW9zSoiJhJcZNR6n96KUuj9EBqNQhbP8wdqmd33ulqj4H5 -Ocg/RtFhYog5kwCrLAQTvKcdA7MVtjsH4tCb86L69jxKWnecSNuE987nPituwJXh -AVgmEJl3nN5yuSqxWFNxlsZvTAsuhlaucYYBofAF+qB8Jvy3GGMMC76Fc5TR0BAD -wiRAYJ+M19HWaZfyEZbH+uKMfYPhjlQaUyJ1Hg/hhkpp5ro3V7q8B0osJV1SYIcB -LaLeEcg7ZhprHbnit244VN0rUpxsvgNyNJ93v38iRUd0/+s5bRhSIIxTqqtj7fwZ -/WYkWUo5NZR2kBWrE7gFLQJbhVie+WCCZ7wToYmFIo55WUKcg54VszdbuNVikcsk -UElFARdXALiZWg== +MIIE5DCCAswCCQD2ieWzz1mwdjANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjMwNjM4MTdaFw00OTA1MTAwNjM4MTdaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA3bvxD+2GQhtpOa5DcH48vP198WlWfwe1/OAW3Hk9Klxc +c3AriAQkTZ/KtSuCQXYP8UKXpI3c4anl1Q6JA4zkPy8UCRj060CAK6c58G28w8gt +mCdZZpIMxdnGXdQmdijan1oMYHMkPOmOW1c0J+XyKurvNNTvf32OZAp3FX9/9BG/ +QgpWoR4QTs0wv/VfPUmCEZA4IPMfT1clKoyj+zf+9GBPf1mEsdA9gDl0aT4531yr +gTO4HzhQq/3rlwKVVCJP0m4XGkhydp7Ozk4lJedPnKKbHzXjGEY6tITGqYsL4FMA +UoDEB6i1A6Pq6Ks4aADDisDhJhHMnnexxBOB1I3ZAbqotRpa+J+SqCK1A493KP10 +hQDCK/Vwqn9iPinjZzVireN0Ogv0pHke+qQs6bXCbEMxnj1Wk+87Afg62TFtTsfb +J4by0fJefqHI2TKjQp7QQX/vMoXcNXM508HzQFuSeURz725Lqm8RvOLsGqiZIvpc +zyTA9uFrv0fYtp5iqPyg5igRQ3zgO0hnsRg7aGhZoEp+01aLCtVAPiNUHRxArP3n +FbyEt0DiDlw70SHnLrTyjcZl2cQdlwTo0uv8vkLlwFk2TO73fe3CzJTO3tY5n8Hg +PN1s/SBh/iKe95CxOECrSvX6oUKlI9aQBAEeZUy0d7mO7UMmjw//KaHVoDsAYFcC +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAhPGwtBjJlLr6fiuPURQdU3Mf5dwVJl3w +Ou2cdV+Cqx3BBqHEH5QOcvjTn6MhvlD4fROLa025Ad8HEA+c/SWofyHpYXN+enJn +IMGl1SXwx3dU+n3o1xVqthkP21Kp+TIsD5ZhZONT1uVKbhgc8A8qJgq6fzLH1qmS +XxmNZgss8QFg0lzILxCWq5Jao59GvM7he8b1JI1pRBFONdLMJmYfYLZ4gZfgSe/8 +omt2yqkym6MvANIArLn1x/K+ugKLWhHCz3W/qI6kHHfTYGFknRSEwswMgTsZc0Nw +Y4TbLcqZOjaB3HNXlTxE6B0UZKWGcexC9QkQZmnH32FbVv++RzVk62zD20kqll6/ +MwXTWXj6ML29xKyk7mCIhgdLCCPxJmaaBmNDUQpAzrd2ALTeTvNPj/1gjod9iSh/ +l/EXinNUnGZOSNP5hVzyH6seBhwT41yuLITghgRNwrnsGu3J/l80oRcKceWsEDe3 +yQLzEdpvcWnRH4kmULwB4d9w/20ThVESTJ8/Ran8xmpzmEfeiWZpyE7PMOSGgzy8 +xhLK8+F0ebkFyKQyMLDbSbvib+c5FAzlq5keszQfFKBDMa2reUf/qg75rAQDGwXR +C3Lw5K5/EZXSloTfo13hEMbLBttaWaKl9CIoZCcihsHdGrND3UM0ds2BWarmgqkB +/5+umpUJwJU= -----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/redis-tls-client.crt b/apps/emqx_authn/test/data/certs/redis-tls-client.crt index 617add4f5..70f60e6b5 100644 --- a/apps/emqx_authn/test/data/certs/redis-tls-client.crt +++ b/apps/emqx_authn/test/data/certs/redis-tls-client.crt @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEADCCAeigAwIBAgIJAJ1b1eCyPY+kMA0GCSqGSIb3DQEBCwUAMDUxEzARBgNV -BAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAe -Fw0yMTEyMjIxNTU5NTBaFw0yMjEyMjIxNTU5NTBaMCYxEzARBgNVBAoMClJlZGlz -IFRlc3QxDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAJ+Mx7WUw+ghlFF66Qb3aHqLFfeuA5NVWq4c5aae7pLuj1eXiPm6hPxP -g/UmgK/cHwV9obsbjbket3HdJ+n201bRj+VuS7h01ITyLMUbhU+tPW+TjUzUie9D -zLeaKrpWZ+qpeMrsM+L3QeEuHQ24bsugTha1aerqc2DZFIDaiw+Y8n9ifEjGpwLn -qS+CznoKEf92Zaet5mZOtqVJuJJl3Hl9IhDgG0UdUwzwtwQvXQJ7O7OwLU/QrjcN -IS9KGB8OrnUvAUcbIVvHSMQAG7i2pe0ssMkXDth1NGMO0cHcu5dEIG0EWgx9yroa -BcQvpAT9NMyZ63hetgcnreda7rYQOcUCAwEAAaMiMCAwCwYDVR0PBAQDAgWgMBEG -CWCGSAGG+EIBAQQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEArJIy30EAIqJEaDkT -nkOxHY8L3xTMgsKacLbCc/Of+rkbHFHrM3ffr4f0IybhZWiNN0fgNJKgCAgkfqMY -zoS/RTn/suCgHAarIPOchf99Es4QPCyIF1B/J0V9LXNmQuCSOBWBj0xvkv6YHtKc -frFl6ByRHNIymtRvldWxOZ7sw/5ZiEuJ/k3kRdol9fPLQu3gIH9rOvwuYGjHDsmr -mR4AfMUGTtHSGQVNus2M1Vu6xGfaKa0X0jDUtnSe5EYXdQHeMgB62CEy6hsT/cnn -HJkDwTXNhmazsvcmMeCJiS/HvDnhjkyeBgC/mU823Akq2ijaGYfeJYRQ/jHXyG5z -odBHAqIRMQ916Ozsv6ZDv05r3lxJksPV+9BOKPvDF6psd6VFqQG/HslGS7Hd7Oq5 -MLzh7kW8E3L9EmM1WrwCiSFJ/kkBbfCqc6ysO1EmKKqQOWCUtzfRUr4GBp0Qp4Q3 -oKwCFiDpIp3rpK5/MHBtqWzp86DUrRAFgd8XkqUw9nYleP/6WANG9cU1eg+uAsCT -y8OfNqYNaErTgO8mUdUnIyiZByHBuvMkkfrwXE+w6KM6ZT7Q0YowI5uIwP53aU8J -nUtryOYH1CzmI6/kzCE89M8cmK+2sRbJTwEi56OytVxqaVqwFT8NR9uUa6gxo0Rr -R5q5VPKvniiw0/HiJNbNG0ZHDCU= +MIID/jCCAeagAwIBAgIJAJ1b1eCyPY+mMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzA2MzgxN1oXDTQ5MDUxMDA2MzgxN1owJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCfjMe1lMPoIZRReukG92h6ixX3rgOTVVquHOWmnu6S7o9Xl4j5uoT8T4P1 +JoCv3B8FfaG7G425Hrdx3Sfp9tNW0Y/lbku4dNSE8izFG4VPrT1vk41M1InvQ8y3 +miq6VmfqqXjK7DPi90HhLh0NuG7LoE4WtWnq6nNg2RSA2osPmPJ/YnxIxqcC56kv +gs56ChH/dmWnreZmTralSbiSZdx5fSIQ4BtFHVMM8LcEL10CezuzsC1P0K43DSEv +ShgfDq51LwFHGyFbx0jEABu4tqXtLLDJFw7YdTRjDtHB3LuXRCBtBFoMfcq6GgXE +L6QE/TTMmet4XrYHJ63nWu62EDnFAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAAD6aGC0eqPqhoOx36g6 +Ckb+BO1/GIJRv6cPJrtzih7pLxAcxyFj0vqM5SWAXxUlsnRIZ68PAEe3/b0WyHh5 +KZ5jqZMCGOOHpe9ZecqGT49QNY1g4f+PWaDMUMhJidm8xHE5snBKXaTzvnbTtvul +CQ+4wcCTdzEq3xzPjuz8M4+Kq2Z95WO1ZmXbMOLyVGJaB7wjl2n5JPVs8bBxaQZi +Q9PHzor/Dafhlea2eqZP4bBFz6hSrZ8ye+18WwiebL6dzFS2z3sMu9yrBmmvi4SZ +hogQT/3bk9eTia0fq6LqFi56GfGloov2pushFKxpxRXnmWS1FJkukld2I/uoxeeU +kSbYk9H0Nq/KyuXgm+6frzXZqeGU7hTn3wreYwiiqpyZs9kUadaR6Q/zSio/C9D3 +Y9negp5LscHhkm6WTj12ZcBicaUJ7dToVXbttj3Me5Uf/QFtba+x4DTGPEUEsNdD +z/9y8MzuGg7/+qoSdQaXGYBOdeWeID8PS5vnwVzutn4KI2GxVLpsEL3I1a2ZVkG/ +ZvKivpyjDT3MCaAAxC7BfspsZuV6cJJfaNn5ozu1fJlgyGgWNj6MfCr67SLkXGIT +29orZbdk2FObZcF5WHa9Fqn3RbTQh+rV7tpv1loxhdZuGNKepDzkSXNN/CDyvb0Q +y49H/UmwxcGoBxxMep6YXgKm -----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl b/apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl index 8f1f12690..5f1e630c8 100644 --- a/apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_pgsql_SUITE.erl @@ -22,7 +22,6 @@ -include("emqx_authn.hrl"). -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --include_lib("epgsql/include/epgsql.hrl"). -include_lib("emqx/include/emqx_placeholder.hrl"). -define(PGSQL_HOST, "pgsql"). diff --git a/apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl b/apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl new file mode 100644 index 000000000..34f25f3ea --- /dev/null +++ b/apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl @@ -0,0 +1,156 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- + +-module(emqx_authn_pgsql_tls_SUITE). + +-compile(nowarn_export_all). +-compile(export_all). + +-include("emqx_authn.hrl"). +-include_lib("eunit/include/eunit.hrl"). +-include_lib("common_test/include/ct.hrl"). + +-define(PGSQL_HOST, "pgsql-tls"). +-define(PGSQL_PORT, 5432). + +-define(PATH, [authentication]). + +all() -> + emqx_common_test_helpers:all(?MODULE). + +groups() -> + []. + +init_per_testcase(_, Config) -> + {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000), + emqx_authentication:initialize_authentication(?GLOBAL, []), + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + Config. + +init_per_suite(Config) -> + _ = application:load(emqx_conf), + case emqx_authn_test_lib:is_tcp_server_available(?PGSQL_HOST, ?PGSQL_PORT) of + true -> + ok = emqx_common_test_helpers:start_apps([emqx_authn]), + ok = start_apps([emqx_resource, emqx_connector]), + Config; + false -> + {skip, no_pgsql_tls} + end. + +end_per_suite(_Config) -> + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + ok = stop_apps([emqx_resource, emqx_connector]), + ok = emqx_common_test_helpers:stop_apps([emqx_authn]). + +%%------------------------------------------------------------------------------ +%% Tests +%%------------------------------------------------------------------------------ + +t_create(_Config) -> + %% openssl s_client -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384 \ + %% -starttls postgres -connect pgsql-tls:5432 \ + %% -cert pgsql-tls-client.crt -key pgsql-tls-client.key -CAfile pgsql-tls-ca.crt + ?assertMatch( + {ok, _}, + create_pgsql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"pgsql-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.2">>], + <<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]})). + +t_create_invalid(_Config) -> + + %% invalid server_name + ?assertMatch( + {error, _}, + create_pgsql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"pgsql-tls-unknown-host">>, + <<"verify">> => <<"verify_peer">>})), + + %% invalid server_name + ?assertMatch( + {error, _}, + create_pgsql_auth_with_ssl_opts( + #{<<"verify">> => <<"verify_peer">>})), + + %% incompatible versions + ?assertMatch( + {error, _}, + create_pgsql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"pgsql-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.1">>]})), + + %% incompatible ciphers + ?assertMatch( + {error, _}, + create_pgsql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"pgsql-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.2">>], + <<"ciphers">> => [<<"ECDHE-ECDSA-AES128-GCM-SHA256">>]})). + +%%------------------------------------------------------------------------------ +%% Helpers +%%------------------------------------------------------------------------------ + +create_pgsql_auth_with_ssl_opts(SpecificSSLOpts) -> + AuthConfig = raw_pgsql_auth_config(SpecificSSLOpts), + emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, AuthConfig}). + +raw_pgsql_auth_config(SpecificSSLOpts) -> + SSLOpts = maps:merge( + client_ssl_opts(), + #{enable => <<"true">>}), + #{ + mechanism => <<"password-based">>, + password_hash_algorithm => #{name => <<"plain">>, + salt_position => <<"suffix">>}, + enable => <<"true">>, + + backend => <<"postgresql">>, + database => <<"mqtt">>, + username => <<"root">>, + password => <<"public">>, + + query => <<"SELECT password_hash, salt, is_superuser_str as is_superuser + FROM users where username = ${username} LIMIT 1">>, + server => pgsql_server(), + ssl => maps:merge(SSLOpts, SpecificSSLOpts) + }. + +pgsql_server() -> + iolist_to_binary( + io_lib:format( + "~s:~b", + [?PGSQL_HOST, ?PGSQL_PORT])). + +start_apps(Apps) -> + lists:foreach(fun application:ensure_all_started/1, Apps). + +stop_apps(Apps) -> + lists:foreach(fun application:stop/1, Apps). + +client_ssl_opts() -> + Dir = code:lib_dir(emqx_authn, test), + #{keyfile => filename:join([Dir, <<"data/certs">>, "pgsql-tls-client.key"]), + certfile => filename:join([Dir, <<"data/certs">>, "pgsql-tls-client.crt"]), + cacertfile => filename:join([Dir, <<"data/certs">>, "pgsql-tls-ca.crt"])}. diff --git a/apps/emqx_connector/src/emqx_connector_pgsql.erl b/apps/emqx_connector/src/emqx_connector_pgsql.erl index f42bed666..2f201ac94 100644 --- a/apps/emqx_connector/src/emqx_connector_pgsql.erl +++ b/apps/emqx_connector/src/emqx_connector_pgsql.erl @@ -59,10 +59,12 @@ on_start(InstId, #{server := {Host, Port}, ?SLOG(info, #{msg => "starting postgresql connector", connector => InstId, config => Config}), SslOpts = case maps:get(enable, SSL) of - true -> - [{ssl, [{server_name_indication, disable} | - emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)]}]; - false -> [] + true -> + [{ssl, true}, + {ssl_opts, + emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)}]; + false -> + [{ssl, false}] end, Options = [{host, Host}, {port, Port}, From e2e2c98679bfb47aba23f6b377d2c104b0e2d4df Mon Sep 17 00:00:00 2001 From: Ilya Averyanov Date: Thu, 23 Dec 2021 23:31:58 +0300 Subject: [PATCH 3/8] chore(authn): test Mysql authn via ssl connection --- .ci/docker-compose-file/Makefile.local | 2 + .../docker-compose-mysql-tls.yaml | 52 +++--- .ci/docker-compose-file/mysql/certs/ca.crt | 29 ++++ .ci/docker-compose-file/mysql/certs/ca.key | 51 ++++++ .../mysql/certs/client.crt | 24 +++ .../mysql/certs/client.key | 27 ++++ .../mysql/certs/server.crt | 24 +++ .../mysql/certs/server.key | 27 ++++ .github/workflows/run_test_cases.yaml | 1 + .../test/data/certs/mysql-tls-ca.crt | 29 ++++ .../test/data/certs/mysql-tls-client.crt | 24 +++ .../test/data/certs/mysql-tls-client.key | 27 ++++ .../test/emqx_authn_mysql_SUITE.erl | 2 - .../test/emqx_authn_mysql_tls_SUITE.erl | 150 ++++++++++++++++++ .../src/emqx_connector_mysql.erl | 3 +- 15 files changed, 436 insertions(+), 36 deletions(-) create mode 100644 .ci/docker-compose-file/mysql/certs/ca.crt create mode 100644 .ci/docker-compose-file/mysql/certs/ca.key create mode 100644 .ci/docker-compose-file/mysql/certs/client.crt create mode 100644 .ci/docker-compose-file/mysql/certs/client.key create mode 100644 .ci/docker-compose-file/mysql/certs/server.crt create mode 100644 .ci/docker-compose-file/mysql/certs/server.key create mode 100644 apps/emqx_authn/test/data/certs/mysql-tls-ca.crt create mode 100644 apps/emqx_authn/test/data/certs/mysql-tls-client.crt create mode 100644 apps/emqx_authn/test/data/certs/mysql-tls-client.key create mode 100644 apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl diff --git a/.ci/docker-compose-file/Makefile.local b/.ci/docker-compose-file/Makefile.local index aea4be034..a8c309382 100644 --- a/.ci/docker-compose-file/Makefile.local +++ b/.ci/docker-compose-file/Makefile.local @@ -20,6 +20,7 @@ up: -f .ci/docker-compose-file/docker-compose.yaml \ -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ @@ -31,6 +32,7 @@ down: -f .ci/docker-compose-file/docker-compose.yaml \ -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ diff --git a/.ci/docker-compose-file/docker-compose-mysql-tls.yaml b/.ci/docker-compose-file/docker-compose-mysql-tls.yaml index 17dfdcc8e..3c01a10df 100644 --- a/.ci/docker-compose-file/docker-compose-mysql-tls.yaml +++ b/.ci/docker-compose-file/docker-compose-mysql-tls.yaml @@ -1,47 +1,35 @@ version: '3.9' services: - mysql_server: - container_name: mysql + mysql_server_tls: + container_name: mysql-tls image: mysql:${MYSQL_TAG} restart: always environment: MYSQL_ROOT_PASSWORD: public MYSQL_DATABASE: mqtt - MYSQL_USER: ssluser + MYSQL_USER: user MYSQL_PASSWORD: public volumes: - - ../../apps/emqx/etc/certs/cacert.pem:/etc/certs/ca-cert.pem - - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/server-cert.pem - - ../../apps/emqx/etc/certs/key.pem:/etc/certs/server-key.pem + - ./mysql/certs/ca.crt:/etc/certs/ca-cert.pem + - ./mysql/certs/server.crt:/etc/certs/server-cert.pem + - ./mysql/certs/server.key:/etc/certs/server-key.pem ports: - - "3306:3306" + - "3307:3306" networks: - emqx_bridge command: - --bind-address "::" - --character-set-server=utf8mb4 - --collation-server=utf8mb4_general_ci - --explicit_defaults_for_timestamp=true - --lower_case_table_names=1 - --max_allowed_packet=128M - --skip-symbolic-links - --ssl-ca=/etc/certs/ca-cert.pem - --ssl-cert=/etc/certs/server-cert.pem - --ssl-key=/etc/certs/server-key.pem + - --bind-address=0.0.0.0 + - --port=3306 + - --character-set-server=utf8mb4 + - --collation-server=utf8mb4_general_ci + - --explicit_defaults_for_timestamp=true + - --lower_case_table_names=1 + - --max_allowed_packet=128M + - --ssl-ca=/etc/certs/ca-cert.pem + - --ssl-cert=/etc/certs/server-cert.pem + - --ssl-key=/etc/certs/server-key.pem + - --require-secure-transport=ON + - --tls-version=TLSv1.2,TLSv1.3 + - --ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384 - mysql_client: - container_name: mysql_client - image: mysql:${MYSQL_TAG} - networks: - - emqx_bridge - depends_on: - - mysql_server - command: - - /bin/bash - - -c - - | - service mysql start - echo "show tables;" | mysql -h mysql_server -u root -ppublic mqtt mqtt - while [[ $$? -ne 0 ]];do echo "show tables;" | mysql -h mysql_server -u root -ppublic mqtt; done - echo "ALTER USER 'ssluser'@'%' REQUIRE X509;" | mysql -h mysql_server -u root -ppublic mqtt diff --git a/.ci/docker-compose-file/mysql/certs/ca.crt b/.ci/docker-compose-file/mysql/certs/ca.crt new file mode 100644 index 000000000..f08b1a4ff --- /dev/null +++ b/.ci/docker-compose-file/mysql/certs/ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQD0VXUkrmHMVDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjMxODIwNTJaFw00OTA1MTAxODIwNTJaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8 +dhF0mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwu +TXkv61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IW +qlmTuU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrj +mdTG0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwr +s5NQ5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4 +I1nTuo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGz +YcnKs8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjsh +uZBp5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfx +n9hSGGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij3 +1XpYIOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kC +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAo18XKZw9xoknyRRcCyOBHwJWttE1gd4X +Sly6dzqokAa/elaSvVTl3adUytkcrDIo2A2+PMxqQIB8xnd8dX5yJQBuzrrLOlXl +36hQciNKuY6Y1rVzGD4lJ7I6epnX3BDP6rBTit/q0vPWVVII9EFf7vI1jtB3hB0s +0WWCG8Z/mup6cgw8P+IWO5U7WPnkrJur0Rxr/UkJFq4xNY8TuNxtNjbTqQUTkUHz +smPEQcjmtD+8d4lZusmrSr3FT6hh4bqjxcDUD9cZeWPuYMXQoHngzEVsHK4/wzjX +HH4l5NYTJ7ZEQ6pQJHMWB848IP70S+bvTpn0IEOuFvsSoFKMb/qOLPwmbVRFP2r7 +h7viDKM4L5vOr1INZhHl8LGc3NPShGNODRrAZcImw8ev2x0IMlSU23dfPmAqrThU +vIXVew6Lv9h0QlKZMePkfN4dGXC9X6EOYDzTQWG3CyXh6Cygfq0XS0wt9+gt36zr +7kKIfHRGnXPC7XDym/9GAzdMeUPIWYvIZyuxkFq0x7nQ31OB6jZgg0O+93L0LFXm +FyJpMSgG3b/iuYe+FutVzqJNk5Q4BN0NJz1b8B503ABaHaFp/0+C7knsnpPUGPVC +KNvKNYEzVBLV3TXix7Trex16zz6EwOc2rz4e8iDq9YQmUDuoqZazyQCpfubD3WkN +2U0l7v2i0qA= +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mysql/certs/ca.key b/.ci/docker-compose-file/mysql/certs/ca.key new file mode 100644 index 000000000..41a4eb996 --- /dev/null +++ b/.ci/docker-compose-file/mysql/certs/ca.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJJwIBAAKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8dhF0 +mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwuTXkv +61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IWqlmT +uU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrjmdTG +0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwrs5NQ +5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4I1nT +uo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGzYcnK +s8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjshuZBp +5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfxn9hS +GGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij31XpY +IOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kCAwEA +AQKCAgBYRRYP5D0573y1J49PYsv6mlprn6PYURhkyz67dkXjmrDZpxmmts42GZvf +GmgdpJK8Xjiz9qGzG91IIa12sJ0Hvca3JH9EI+YfxxE/QyueBx3nKSnrF44Z1M9O +pu+094Qhxr+5gzOVv1SN/nkb78N2XIeUXdxxOvJ2gciArkLC+9UMMc8GIj5d/uGr +UcdVQQktrpxUR2VmlGya+Cmu2SGTSyG0IdbDF8j6DWfJwRzi+ysoDhGiwj3n0Hsx +erqVo3TFS/q526IAmE+xgAyQpgTJLc7NLsGdw4+fhGtqQmXAtSBnSMOu5Nry6hTq +4zBOJu9wNcPpl09yIe+ij0WB1YSSPXRsfYM2sIxBLAOqbXeba5+kv75CIkXEywDs +dJSszfo5nHvZFd5/CLdmz/+gjxMCKgW5p5YFkUZOgpPBP0imHQGIwllBeGiLoJU7 +zR7yWtwwtmul9M4zFgWct+fOzZmFvn5Pei0CbI8/y93pjmypdcV2unTg+jqZKoek +vJ3SZkVYe86TqskKUEXFQPlLf5xHENXGJ/XA7ge6H/dRIvyQak+j6TH1tZ9JPwJz +ML0ZpBXSytVZq2sVhLBxAoXu+Fl01lWKuveOvlsxeh7FionNqGAYohznZ2b5iNvA +yl00LzahdssnprF0fX/43I3ShlcRC4tHsla9ZLFTBf6MkP8wkQKCAQEA2GPloMMi +BQu6geaf9psyFM3dQ0ouV4bKQODinCwv31Z30aOdzKLlyKD8BlGC7VoqeTxoxsej +t6rNoZmzNXQR1sy53PeHvvix6a2t00kYZ7CDmSQbBSfKT5FCx3PlmT1OXKlib1vi +0A1LVQLw+tsGL5KuF/Yxp8GoGb5wKHENiZkh2sKS93kWxNY58SrmHNo/XySTXUF5 +vijR1g6fkW5o4zXZDkG0JuH1KhouLA99ZVQCWfQpk/+w+rY7CbbChSnYE9DTVul9 +VJPejb1y38UTtPHMaaK0NV6a3qoYnMi5UKYLNEkd1OyFwpUxB+Z0GfaksfiUqFzG +Huq/NmlwSt/VSwKCAQEAzdFv57WW0HQ+YHcPml9SLBhJW2cilPDAYFwDBSMxDgEx +4RehRpoVt3qf0Qg1fP8eqgFnMoDVrswsKI/IvUAyfCQrynEnCpoaJXfI1YjGx5k2 +ElSE6hkNaiTEb91Mj/gnJRHI7Rh50kOAltLrP/UFrt+poo1McEBlgJS79B1VLUMP +Vg6Ve7w0t9gmFH+uOFO6RBiFzwfagKFaJaU05r7VzROeMeQOFeq3wodKCHGX7kQK +kfn2ZcjqmLa8PxXklkqyh+tNcnkyw5rM/WEnCsQHrMvbClJ/skjDb3xJY5lV5CVX +zWG9AgiCTpz1vwf+WBS1WCnYfxpjm/yI2C4bfPTt+wKCAQBOwFRypHF+Gp2e5vry +edrJHX7YHWguLHzxDacLJT2q70IeBojIT8SGtqfh+MpIbVcl1ilfpopbroq1tEU3 +P+26GbnOxDsf8kx1eeLYETMTkXbjRfObdba4LGp8Qh6eHWSmbnLHik5KX3w6DR78 +fLeMmrpHOC8sGVt/OwKAhVxi5lsezU9FR0lVC438yhsDBx6nFp2XA9w1q49qctn5 +yI/dmNxMxva0a+mYj/ybxmthdCiC6kwzc4vKQoXL7Dpw0iC0XXx8le8p18LYHMlw +zL12TcWR8EfbYHnGbWsVrCtdQYC0X6O+uPGZNkio0mMQi+W2a3xWpaTo3ZAHUmou +pbVvAoIBADphtFqHufX7Y049t6FUdJypbvWMddTFzewHbZvhdaLBWAK/jzHVt19K +W1cR+wov2+ThbQJ4ZSSmKch/sLNuKGPqZrmQC0EIoW4LYl6f47LulNXyP5mf7Zw0 +Pbx1i6gy/feX6eTHUpcAKtOdlLmZqTkHnLjNV+dnfONSTVZbk7O5F/qTPHfS1Slp +GLQr26GCro1uX1Zwpdxi6I1RJYZmj4MSk4cXZ59z6xg1BB0NC8m8ZzstKmWI7nLP +Muq6LRMssSO47UkRdALkQE2HZ2m4XWz4jnOJH0vVNArFuJOWBTUoGpXZqaGQBFaE +U3kSrWUSyrXteMnlFGhE5BReT9HMME0CggEAQbKf5ScS0OT8glQi/1lZk7blx1tU +Y+HU7nZhf1Yv6jdb9KEMYcaYeVA3WXgKdzy9EpQm9NimabMWdCF8axWkTlrnyYVR +hv0yOXXfkvlROFdmIuVsXIAGc05xtZc9xjZLLuoslZjc/PFnzQ85KWwr6EW6B423 +OKf1ZuKRQCTgKO/lqWeglZZy1OjQUF+EnVNFJRDrqHHptm2Cn7XMTy8Ta0OxsGe8 +s9U6U+KbEecZcpFk1dRbR8V4sh+wO9xHPXbvyJqJqgxe2ZsJt2Nfg6UlfgfEpS6a +92Urp1sL16nFIF5plfaS+G2FzPDT8HdViHgld7Zx19emfZh/F/aif4ilyg== +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/mysql/certs/client.crt b/.ci/docker-compose-file/mysql/certs/client.crt new file mode 100644 index 000000000..503c93a2d --- /dev/null +++ b/.ci/docker-compose-file/mysql/certs/client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAeagAwIBAgIJAOaPZ7X3df3GMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDew2lLBTl9Znioxi5HxbeuWBN0M16rC4Pw+lXsnQ+TTdQ0sBH5Egffk/if +lYrDob68BGKwX7O4unXgGvBxHttWaDyMlLExZM966VJAZf6wYTcvvqPJn9fbk1O9 +F2t2tS2fQvko3vi9vUeZCQLXKGSQGB4O/vTWK32DJMDH86wKtPyDCc5qs9/u5LQw +z1UXwYCFQDCYN9oIqjjqhBcxEY1m8yqlCowM70VMvSHgw7ObaWlw9WYtqK3uVg4o +MyDRMEgCj14TJjgqLOYwKYRXB75t+yv1Iqprb/2mUFi2Cpgfn1pAZ8dSRY9/MRfn +rrbMmwGhVS5P+Hk4KC81lZ+UBKiXAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAFVP355IX5FfDK/1iMUT +r6OhyDoVHxMBsf0+l/11aCNu55UBcBcFoTgAg+C9qPvGju1tDLIEHMnfiJzUOqUM +NPt6U2JkAbewNFAOAfCHpgG54aKh2Cly3jUiRZmEUWOv0A7LwBBGIvVAwZykWTrL +r+bsAkbK7j4YgqQj7LVefjzdOH4yOz4p5f+LAJEU3wFULl3Ob2et8ICatinqaFve +GKnNBbsYmgFv3L3EXM593NcujsDURzyrkrgpRr/MpWrZPqOOCtEEtMioHGeM95Hb +Z2zHK0IABHq1SA4xD8xw/0lgEQHpfbyJZksLTYP62z+ihD4Bqq/rF//IVtmsaMtB +FpcaUSgbFJtsWHYi7n3gNn6NHs8PY3gnF/RznXq6jl3Fzmd/fjKVliYUoce7O25G +P0N+gW8P52rYrg90y0mybFbAt05In6z+wuEZzhN8NcUVqNixB1gRreVMFVE74rWr +uHsiXHqFzKuE5WrAu/gh+cphXzdzV/WrNn0Sdi3D1F/hjiVv2Pqf47c507UBprs5 +4ik/HE3NGnHNln8hxuOdXnTXJVp2UcMEts4HSQ9DdnizXNLW2pX/TcidYWfGnouC +3LVbjSvsZiH+zY20t1ecQBKDdNKSJZCvbArrDbV/nz8bHwrhqEQ47zPjpa3roUyL +cAoHRdVL49vKck34UNhFlTLH +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mysql/certs/client.key b/.ci/docker-compose-file/mysql/certs/client.key new file mode 100644 index 000000000..33f53e72a --- /dev/null +++ b/.ci/docker-compose-file/mysql/certs/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA3sNpSwU5fWZ4qMYuR8W3rlgTdDNeqwuD8PpV7J0Pk03UNLAR ++RIH35P4n5WKw6G+vARisF+zuLp14BrwcR7bVmg8jJSxMWTPeulSQGX+sGE3L76j +yZ/X25NTvRdrdrUtn0L5KN74vb1HmQkC1yhkkBgeDv701it9gyTAx/OsCrT8gwnO +arPf7uS0MM9VF8GAhUAwmDfaCKo46oQXMRGNZvMqpQqMDO9FTL0h4MOzm2lpcPVm +Lait7lYOKDMg0TBIAo9eEyY4KizmMCmEVwe+bfsr9SKqa2/9plBYtgqYH59aQGfH +UkWPfzEX5662zJsBoVUuT/h5OCgvNZWflASolwIDAQABAoIBAEUULfuwpBJKC5Ky +2jkxi/NJpsa7A1lhWcoJp0mXrvPMB8lK7FfjioN/nHLIad6essoVRhFRrCbV06Xq +VLOPkQ7rhhNGLOiXTWvdHL+RoXhKvVVV9e6ZXdPejPIvaAjIyFwB5cgR1Orp3mEL +lVDpWr4AbJnT4FLl66cWZ53Z53jt8JrMZ/9v4yJNXf7aJH2HCHHAZAD30UmJIu7s +st2sY3A8MQFPLbnobTQHHcfhtjZiMYnuWcQOWjVVhK8bVHELPOY3hx0CcOwVp6rP +rGcwx6MJiAcI/HOSl/AYJ4u/f2DkqVtQpoZs1z7mGdL2TVOKRJ1R/u0DmjjauOjN +idk7/VkCgYEA/bfmTOJj9+7y1ymg6csXG04Qdy5jTjIJRQkCveSkpghM7i2jupHA +l0NOIWL+G8hTZ38IyPJxwJB33KlQCTp30duetwMdAQReSN33NjxFk9Z8PUX1bMym +tvgi9QxAvYlfureaGbOIeTgEwFEmvlB/SKX+vAGcSWPVwNAxLTZsHnUCgYEA4MQ/ +jGr55v1bLfVOGF4rEdQ62aGCY2LpTSohDPvd/o1ZeD5PypPBngvMOArL+nRXkt3v +Vr+XIu5kS9CJr/ov4+mwrt2hUd74JgaWbrf/xAhoyWqgRDODaLuapNOVVlFrnq2Z +EHoaa0unOaHxKTKcyPjV+89hTE3xShyAxKlt4VsCgYEAkYdlQt5sRu85PW80TEXg +eBn72dCyx0xuArobZ355bn6+WbO2ATLPDDRf4UidxqPOK0QzbseZtcFn7xryvIhb +5/SYAhN4FHhD+HnQ7bv+kMDrPF4fWwu76KFFs9cWX2EnlrrvWiSfeCBIoWMq3Ojh +SXNlPMOTuIjaN6FzQ6K+u20CgYEAgUaevmaxAXhrPw2+MynGX+TPTGkmk39KbIV0 +qQEcd9JYyV4diohdbkee2ATtuUm9LM3VYPGlPgQbT7fL2ZlufgnlA06aAHrcAxL6 +5weRZfDoRCC9uTxfspdkpLTFSfZejc+PH/j6xQeoUO+hw25G2xi0CrcGYVrbEyM9 +tN82Qc0CgYEA4KMo7HXZbGGhzXuzXyM8Pl9Ddy35K0nQpRjr4c8C4hsTx7iet1JE +Al9MfsVbxNgr2DrQA2e0dtXaGfQ3GKcAzzKczSgafEqS76EZGLsDgaHjKom8AJMA +9o8zpaPEQeesdwMjvcB+ZFm5LPCSmIWgprFNTuI3QCAymkDRtXn2YNg= +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/mysql/certs/server.crt b/.ci/docker-compose-file/mysql/certs/server.crt new file mode 100644 index 000000000..58b3eac8a --- /dev/null +++ b/.ci/docker-compose-file/mysql/certs/server.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEATCCAemgAwIBAgIJAOaPZ7X3df3FMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowKDESMBAGA1UECgwJRU1RWCBU +ZXN0MRIwEAYDVQQDDAlteXNxbC10bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCh2cM9B9ZnFB3aE2pdfof7j3Z+ctStqnjFZUzgZcM0afyzNPQbn6Xq +j4rh+dan/6V3XVXJn5pK7wVaYtXrrRW/Wx9avx2mzbRNDRVYbHOKZWrS1zE3lMss +SKRXc/WzttYKS+yL9nn+MuFfz1+iP1PqM42PciJoAizNiQ5RQbXBJ/gCHLVeulFO +V1pza0ND1lcW9WZa1j/SHJFeLU1EsT56dwMf3qSHdg9KtdvY4AHgi5EQ49F8IO6+ +C+UMutcgeH6EkSYKpL5dyem7OT4TE1p0AEPQeQzwCYv4VKA1/lIGGsYasaGZascI +kH4jwboKj8iIxdlog7mNyzMv3kvYCM97AgMBAAGjIjAgMAsGA1UdDwQEAwIFoDAR +BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBADmTco5dc1CcEUP3 +nAfo2NC0UDzU+UavkBelxY+67OiGWVlX62GzxfA8iL8HbemwZ0zZbX2xMZVAbQ9Z +IFK5nRj/hYxEVsN2NkYlHI1KmxSjv5HuvK4p2C+/0jOSEFhyNYc1kyjerLlFk9JL +CLhdqTS125FjiQE/qpgrYo/Y7COU37tF8uB4WV3UMq8PsHPdWfaCdU/c5ctuoL1U +4YVWKLe4LG6vLbjRGOX+6kCjJcwK3Dr/zas45wMXDQg1KeyXniC1jbdYXi4E7VNn +Rbdf1SMdlWlBR3LLDhz3kHlOL5UCrf3U8TUsTFlPLR6KJ/Ogx+J6HSPlgXIiGjmx +ZB/hSwzVTZqAjfCHEroQndbjSQTLitC8A0ujCDFztqEuVCfuU8XS3I83bdCNBr34 +SrCfVTjtKDMdDcXh21EZLtB16XXoHfOSuGgQL/ym/HOWqlY7/NHh6za56TmMzWiy +HfYgZAeYtxZWMsXnINALzXl2XR2wQ/g02u3vyCA0CwnBybYWwi8WmNWJcxVMrmEE +DD5sEMW+TZVgs5PgA5ER9gEj8uAS+yxcjNgSDj93cp+uChOl0Zs3jYMD+nUxF48r +kCQPjxF7JLbNS9o4xvNc6fkVDd84Q7tWHH5lKdclEeYn8nvCohPJEEdEsGYSGkab +eOqhTvkLF40TzG6/H0yFBuU9joFc +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mysql/certs/server.key b/.ci/docker-compose-file/mysql/certs/server.key new file mode 100644 index 000000000..cc103828b --- /dev/null +++ b/.ci/docker-compose-file/mysql/certs/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAodnDPQfWZxQd2hNqXX6H+492fnLUrap4xWVM4GXDNGn8szT0 +G5+l6o+K4fnWp/+ld11VyZ+aSu8FWmLV660Vv1sfWr8dps20TQ0VWGxzimVq0tcx +N5TLLEikV3P1s7bWCkvsi/Z5/jLhX89foj9T6jONj3IiaAIszYkOUUG1wSf4Ahy1 +XrpRTldac2tDQ9ZXFvVmWtY/0hyRXi1NRLE+encDH96kh3YPSrXb2OAB4IuREOPR +fCDuvgvlDLrXIHh+hJEmCqS+Xcnpuzk+ExNadABD0HkM8AmL+FSgNf5SBhrGGrGh +mWrHCJB+I8G6Co/IiMXZaIO5jcszL95L2AjPewIDAQABAoIBAFaAv7OXw8S14LqU +U+4CWYVfCNLOZtMm4IOH/82TNgCGgRP6wlkdO50g+PaMBGkn3nTsgpRPZDSWiULk +vjbG/G+YsSpcKOnk2W+xBW6MEDiwuaZUcy6krO5PKN7A0For5zv7lkK8CjmNUh1W +BWP++seapBc9xhvWxcFYdjmBqDXCYEEkb7oqgE5slDlHAtMGNlqu8RxLem3Z5tgD +8EuApwf5kPiPUt6TObGanY8CPrCrTb993IUTE3wZoaVk06Iz/1CTpzU7/XN6Z2RC +0U1UbDDpUec8r7gAN8URJ6zL0QCU45qQVABOKbWOQZORVnbkbDwWpD5Sr9ySIm1p +2WhP81kCgYEA0cF1CJmBs8kAOuHnvDSkNOyrzMRsGPbtB7l2n/Xg1WZ6OlexcBGi +ovFf428VaXpJRNfWFmuiSh2I5HV3FMGyLGOo3Rs6h4IHk9MGYzujRtia9x153PoR +O7oOKzu760CvlEQ8og4IcaHfp2ZiWw2F4W/gGVdXvXl79bgjbyLAYOcCgYEAxYiP +SXEEPPPGWy+kV7iSzzo32ybWJ1ftYcwZ+jENvaCSfNvZbDnZtOrzeHTI97oNe38n +WtE751qJsuoVM/YD5lJhPL7GP0CtkLq+oO0/smRqk+r767NJTWBOCbOcQ0NJ/1il +fojvPKYX8sFMRBkmCGRHnjEW1QUhJtuot1Dfxk0CgYAIkWNrb4HJyzsULKgfmvLe +KpC184wK1QNHnn7G9+8wKFhzy6M21bGUAFIPYzk3rsQRaNOY5NqjNmOiGV483dCe +WY/LQFJ6uIgAtMz8/rGjsjNaRrz0ls5fZzEu+OirKmBBqSvk3rfflGIjX15DI+FF +HSHFRzkRR0YV+miQIJZFHwKBgBuOxKazTKsQO1EHYX8XcevVLGu3jFLq0mQ9bDZa +V5dn6mfe6ANQQs4ZpSPd7xeYbj8Xay8hV6EcIW/DdnfMT5j3TzeBSfkTFePGGcgr +sSI7Hh9KviCQ354a3GhAFYHQxmcIP/ZaNj4Y0eh9DR3HAGZVTySDprLLR2e7Z1tD +viRVAoGAZKinM3zuPm2jAoIwYLB3Z/X0qewiLdf7JMmhelHHscB+F6fUqURSeBaX +GvIYkkKvoVt4qPpSeDBpmkRF682Zo2VegVTakWW0vxliAOTNCZCAC2zsZxGZ0E/r +LysCtImLRyZws2a2RWR9ONplCclrYiVxwr9y+TaltAx/RED0Y8c= +-----END RSA PRIVATE KEY----- diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml index b7b3894ff..2ff482a67 100644 --- a/.github/workflows/run_test_cases.yaml +++ b/.github/workflows/run_test_cases.yaml @@ -64,6 +64,7 @@ jobs: docker-compose \ -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ diff --git a/apps/emqx_authn/test/data/certs/mysql-tls-ca.crt b/apps/emqx_authn/test/data/certs/mysql-tls-ca.crt new file mode 100644 index 000000000..f08b1a4ff --- /dev/null +++ b/apps/emqx_authn/test/data/certs/mysql-tls-ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQD0VXUkrmHMVDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjMxODIwNTJaFw00OTA1MTAxODIwNTJaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8 +dhF0mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwu +TXkv61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IW +qlmTuU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrj +mdTG0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwr +s5NQ5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4 +I1nTuo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGz +YcnKs8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjsh +uZBp5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfx +n9hSGGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij3 +1XpYIOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kC +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAo18XKZw9xoknyRRcCyOBHwJWttE1gd4X +Sly6dzqokAa/elaSvVTl3adUytkcrDIo2A2+PMxqQIB8xnd8dX5yJQBuzrrLOlXl +36hQciNKuY6Y1rVzGD4lJ7I6epnX3BDP6rBTit/q0vPWVVII9EFf7vI1jtB3hB0s +0WWCG8Z/mup6cgw8P+IWO5U7WPnkrJur0Rxr/UkJFq4xNY8TuNxtNjbTqQUTkUHz +smPEQcjmtD+8d4lZusmrSr3FT6hh4bqjxcDUD9cZeWPuYMXQoHngzEVsHK4/wzjX +HH4l5NYTJ7ZEQ6pQJHMWB848IP70S+bvTpn0IEOuFvsSoFKMb/qOLPwmbVRFP2r7 +h7viDKM4L5vOr1INZhHl8LGc3NPShGNODRrAZcImw8ev2x0IMlSU23dfPmAqrThU +vIXVew6Lv9h0QlKZMePkfN4dGXC9X6EOYDzTQWG3CyXh6Cygfq0XS0wt9+gt36zr +7kKIfHRGnXPC7XDym/9GAzdMeUPIWYvIZyuxkFq0x7nQ31OB6jZgg0O+93L0LFXm +FyJpMSgG3b/iuYe+FutVzqJNk5Q4BN0NJz1b8B503ABaHaFp/0+C7knsnpPUGPVC +KNvKNYEzVBLV3TXix7Trex16zz6EwOc2rz4e8iDq9YQmUDuoqZazyQCpfubD3WkN +2U0l7v2i0qA= +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/mysql-tls-client.crt b/apps/emqx_authn/test/data/certs/mysql-tls-client.crt new file mode 100644 index 000000000..503c93a2d --- /dev/null +++ b/apps/emqx_authn/test/data/certs/mysql-tls-client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAeagAwIBAgIJAOaPZ7X3df3GMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDew2lLBTl9Znioxi5HxbeuWBN0M16rC4Pw+lXsnQ+TTdQ0sBH5Egffk/if +lYrDob68BGKwX7O4unXgGvBxHttWaDyMlLExZM966VJAZf6wYTcvvqPJn9fbk1O9 +F2t2tS2fQvko3vi9vUeZCQLXKGSQGB4O/vTWK32DJMDH86wKtPyDCc5qs9/u5LQw +z1UXwYCFQDCYN9oIqjjqhBcxEY1m8yqlCowM70VMvSHgw7ObaWlw9WYtqK3uVg4o +MyDRMEgCj14TJjgqLOYwKYRXB75t+yv1Iqprb/2mUFi2Cpgfn1pAZ8dSRY9/MRfn +rrbMmwGhVS5P+Hk4KC81lZ+UBKiXAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAFVP355IX5FfDK/1iMUT +r6OhyDoVHxMBsf0+l/11aCNu55UBcBcFoTgAg+C9qPvGju1tDLIEHMnfiJzUOqUM +NPt6U2JkAbewNFAOAfCHpgG54aKh2Cly3jUiRZmEUWOv0A7LwBBGIvVAwZykWTrL +r+bsAkbK7j4YgqQj7LVefjzdOH4yOz4p5f+LAJEU3wFULl3Ob2et8ICatinqaFve +GKnNBbsYmgFv3L3EXM593NcujsDURzyrkrgpRr/MpWrZPqOOCtEEtMioHGeM95Hb +Z2zHK0IABHq1SA4xD8xw/0lgEQHpfbyJZksLTYP62z+ihD4Bqq/rF//IVtmsaMtB +FpcaUSgbFJtsWHYi7n3gNn6NHs8PY3gnF/RznXq6jl3Fzmd/fjKVliYUoce7O25G +P0N+gW8P52rYrg90y0mybFbAt05In6z+wuEZzhN8NcUVqNixB1gRreVMFVE74rWr +uHsiXHqFzKuE5WrAu/gh+cphXzdzV/WrNn0Sdi3D1F/hjiVv2Pqf47c507UBprs5 +4ik/HE3NGnHNln8hxuOdXnTXJVp2UcMEts4HSQ9DdnizXNLW2pX/TcidYWfGnouC +3LVbjSvsZiH+zY20t1ecQBKDdNKSJZCvbArrDbV/nz8bHwrhqEQ47zPjpa3roUyL +cAoHRdVL49vKck34UNhFlTLH +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/mysql-tls-client.key b/apps/emqx_authn/test/data/certs/mysql-tls-client.key new file mode 100644 index 000000000..33f53e72a --- /dev/null +++ b/apps/emqx_authn/test/data/certs/mysql-tls-client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA3sNpSwU5fWZ4qMYuR8W3rlgTdDNeqwuD8PpV7J0Pk03UNLAR ++RIH35P4n5WKw6G+vARisF+zuLp14BrwcR7bVmg8jJSxMWTPeulSQGX+sGE3L76j +yZ/X25NTvRdrdrUtn0L5KN74vb1HmQkC1yhkkBgeDv701it9gyTAx/OsCrT8gwnO +arPf7uS0MM9VF8GAhUAwmDfaCKo46oQXMRGNZvMqpQqMDO9FTL0h4MOzm2lpcPVm +Lait7lYOKDMg0TBIAo9eEyY4KizmMCmEVwe+bfsr9SKqa2/9plBYtgqYH59aQGfH +UkWPfzEX5662zJsBoVUuT/h5OCgvNZWflASolwIDAQABAoIBAEUULfuwpBJKC5Ky +2jkxi/NJpsa7A1lhWcoJp0mXrvPMB8lK7FfjioN/nHLIad6essoVRhFRrCbV06Xq +VLOPkQ7rhhNGLOiXTWvdHL+RoXhKvVVV9e6ZXdPejPIvaAjIyFwB5cgR1Orp3mEL +lVDpWr4AbJnT4FLl66cWZ53Z53jt8JrMZ/9v4yJNXf7aJH2HCHHAZAD30UmJIu7s +st2sY3A8MQFPLbnobTQHHcfhtjZiMYnuWcQOWjVVhK8bVHELPOY3hx0CcOwVp6rP +rGcwx6MJiAcI/HOSl/AYJ4u/f2DkqVtQpoZs1z7mGdL2TVOKRJ1R/u0DmjjauOjN +idk7/VkCgYEA/bfmTOJj9+7y1ymg6csXG04Qdy5jTjIJRQkCveSkpghM7i2jupHA +l0NOIWL+G8hTZ38IyPJxwJB33KlQCTp30duetwMdAQReSN33NjxFk9Z8PUX1bMym +tvgi9QxAvYlfureaGbOIeTgEwFEmvlB/SKX+vAGcSWPVwNAxLTZsHnUCgYEA4MQ/ +jGr55v1bLfVOGF4rEdQ62aGCY2LpTSohDPvd/o1ZeD5PypPBngvMOArL+nRXkt3v +Vr+XIu5kS9CJr/ov4+mwrt2hUd74JgaWbrf/xAhoyWqgRDODaLuapNOVVlFrnq2Z +EHoaa0unOaHxKTKcyPjV+89hTE3xShyAxKlt4VsCgYEAkYdlQt5sRu85PW80TEXg +eBn72dCyx0xuArobZ355bn6+WbO2ATLPDDRf4UidxqPOK0QzbseZtcFn7xryvIhb +5/SYAhN4FHhD+HnQ7bv+kMDrPF4fWwu76KFFs9cWX2EnlrrvWiSfeCBIoWMq3Ojh +SXNlPMOTuIjaN6FzQ6K+u20CgYEAgUaevmaxAXhrPw2+MynGX+TPTGkmk39KbIV0 +qQEcd9JYyV4diohdbkee2ATtuUm9LM3VYPGlPgQbT7fL2ZlufgnlA06aAHrcAxL6 +5weRZfDoRCC9uTxfspdkpLTFSfZejc+PH/j6xQeoUO+hw25G2xi0CrcGYVrbEyM9 +tN82Qc0CgYEA4KMo7HXZbGGhzXuzXyM8Pl9Ddy35K0nQpRjr4c8C4hsTx7iet1JE +Al9MfsVbxNgr2DrQA2e0dtXaGfQ3GKcAzzKczSgafEqS76EZGLsDgaHjKom8AJMA +9o8zpaPEQeesdwMjvcB+ZFm5LPCSmIWgprFNTuI3QCAymkDRtXn2YNg= +-----END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl b/apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl index 95eecdead..659596d39 100644 --- a/apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl @@ -22,8 +22,6 @@ -include("emqx_authn.hrl"). -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --include_lib("emqx/include/emqx_placeholder.hrl"). - -define(MYSQL_HOST, "mysql"). -define(MYSQL_PORT, 3306). diff --git a/apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl b/apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl new file mode 100644 index 000000000..557949b8e --- /dev/null +++ b/apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl @@ -0,0 +1,150 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- + +-module(emqx_authn_mysql_tls_SUITE). + +-compile(nowarn_export_all). +-compile(export_all). + +-include("emqx_authn.hrl"). +-include_lib("eunit/include/eunit.hrl"). +-include_lib("common_test/include/ct.hrl"). + +-define(MYSQL_HOST, "mysql-tls"). +-define(MYSQL_PORT, 3306). + +-define(PATH, [authentication]). + +all() -> + emqx_common_test_helpers:all(?MODULE). + +groups() -> + []. + +init_per_testcase(_, Config) -> + {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000), + emqx_authentication:initialize_authentication(?GLOBAL, []), + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + Config. + +init_per_suite(Config) -> + _ = application:load(emqx_conf), + case emqx_authn_test_lib:is_tcp_server_available(?MYSQL_HOST, ?MYSQL_PORT) of + true -> + ok = emqx_common_test_helpers:start_apps([emqx_authn]), + ok = start_apps([emqx_resource, emqx_connector]), + Config; + false -> + {skip, no_mysql_tls} + end. + +end_per_suite(_Config) -> + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + ok = stop_apps([emqx_resource, emqx_connector]), + ok = emqx_common_test_helpers:stop_apps([emqx_authn]). + +%%------------------------------------------------------------------------------ +%% Tests +%%------------------------------------------------------------------------------ + +t_create(_Config) -> + %% openssl s_client -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384 \ + %% -connect mysql-tls:3306 -starttls mysql \ + %% -cert mysql-tls-client.crt -key mysql-tls-client.key -CAfile mysql-tls-ca.crt + ?assertMatch( + {ok, _}, + create_mysql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"mysql-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.2">>], + <<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]})). + +t_create_invalid(_Config) -> + + %% invalid server_name + ?assertMatch( + {error, _}, + create_mysql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"mysql-tls-unknown-host">>, + <<"verify">> => <<"verify_peer">>})), + + %% incompatible versions + ?assertMatch( + {error, _}, + create_mysql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"mysql-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.1">>]})), + + %% incompatible ciphers + ?assertMatch( + {error, _}, + create_mysql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"mysql-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.2">>], + <<"ciphers">> => [<<"ECDHE-ECDSA-AES128-GCM-SHA256">>]})). + +%%------------------------------------------------------------------------------ +%% Helpers +%%------------------------------------------------------------------------------ + +create_mysql_auth_with_ssl_opts(SpecificSSLOpts) -> + AuthConfig = raw_mysql_auth_config(SpecificSSLOpts), + emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, AuthConfig}). + +raw_mysql_auth_config(SpecificSSLOpts) -> + SSLOpts = maps:merge( + client_ssl_opts(), + #{enable => <<"true">>}), + #{ + mechanism => <<"password-based">>, + password_hash_algorithm => #{name => <<"plain">>, + salt_position => <<"suffix">>}, + enable => <<"true">>, + + backend => <<"mysql">>, + database => <<"mqtt">>, + username => <<"root">>, + password => <<"public">>, + + query => <<"SELECT password_hash, salt, is_superuser_str as is_superuser + FROM users where username = ${username} LIMIT 1">>, + server => mysql_server(), + ssl => maps:merge(SSLOpts, SpecificSSLOpts) + }. + +mysql_server() -> + iolist_to_binary( + io_lib:format( + "~s:~b", + [?MYSQL_HOST, ?MYSQL_PORT])). + +start_apps(Apps) -> + lists:foreach(fun application:ensure_all_started/1, Apps). + +stop_apps(Apps) -> + lists:foreach(fun application:stop/1, Apps). + +client_ssl_opts() -> + Dir = code:lib_dir(emqx_authn, test), + #{keyfile => filename:join([Dir, <<"data/certs">>, "mysql-tls-client.key"]), + certfile => filename:join([Dir, <<"data/certs">>, "mysql-tls-client.crt"]), + cacertfile => filename:join([Dir, <<"data/certs">>, "mysql-tls-ca.crt"])}. diff --git a/apps/emqx_connector/src/emqx_connector_mysql.erl b/apps/emqx_connector/src/emqx_connector_mysql.erl index c93a1e350..fad28232b 100644 --- a/apps/emqx_connector/src/emqx_connector_mysql.erl +++ b/apps/emqx_connector/src/emqx_connector_mysql.erl @@ -60,8 +60,7 @@ on_start(InstId, #{server := {Host, Port}, connector => InstId, config => Config}), SslOpts = case maps:get(enable, SSL) of true -> - [{ssl, [{server_name_indication, disable} | - emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)]}]; + [{ssl, emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)}]; false -> [] end, Options = [{host, Host}, From a7ca6cb39fd2983f89212a8bfb1832b55cbb2387 Mon Sep 17 00:00:00 2001 From: Ilya Averyanov Date: Mon, 27 Dec 2021 20:21:39 +0300 Subject: [PATCH 4/8] chore(authn): test MongoDB authn via ssl connection --- .ci/docker-compose-file/Makefile.local | 2 + .../docker-compose-mongo-single-tls.yaml | 21 +- .ci/docker-compose-file/mongo/certs/ca.crt | 29 +++ .ci/docker-compose-file/mongo/certs/ca.key | 51 +++++ .../mongo/certs/client.crt | 24 +++ .../mongo/certs/client.key | 27 +++ .../mongo/certs/server.crt | 24 +++ .../mongo/certs/server.key | 27 +++ .github/workflows/run_test_cases.yaml | 1 + .../test/data/certs/mongo-tls-ca.crt | 29 +++ .../test/data/certs/mongo-tls-client.crt | 24 +++ .../test/data/certs/mongo-tls-client.key | 27 +++ .../test/emqx_authn_mongo_tls_SUITE.erl | 191 ++++++++++++++++++ .../src/emqx_connector_mongo.erl | 49 +++-- 14 files changed, 502 insertions(+), 24 deletions(-) create mode 100644 .ci/docker-compose-file/mongo/certs/ca.crt create mode 100644 .ci/docker-compose-file/mongo/certs/ca.key create mode 100644 .ci/docker-compose-file/mongo/certs/client.crt create mode 100644 .ci/docker-compose-file/mongo/certs/client.key create mode 100644 .ci/docker-compose-file/mongo/certs/server.crt create mode 100644 .ci/docker-compose-file/mongo/certs/server.key create mode 100644 apps/emqx_authn/test/data/certs/mongo-tls-ca.crt create mode 100644 apps/emqx_authn/test/data/certs/mongo-tls-client.crt create mode 100644 apps/emqx_authn/test/data/certs/mongo-tls-client.key create mode 100644 apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl diff --git a/.ci/docker-compose-file/Makefile.local b/.ci/docker-compose-file/Makefile.local index a8c309382..8b8c6af68 100644 --- a/.ci/docker-compose-file/Makefile.local +++ b/.ci/docker-compose-file/Makefile.local @@ -19,6 +19,7 @@ up: docker-compose \ -f .ci/docker-compose-file/docker-compose.yaml \ -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-mongo-single-tls.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ @@ -31,6 +32,7 @@ down: docker-compose \ -f .ci/docker-compose-file/docker-compose.yaml \ -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-mongo-single-tls.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ diff --git a/.ci/docker-compose-file/docker-compose-mongo-single-tls.yaml b/.ci/docker-compose-file/docker-compose-mongo-single-tls.yaml index c4f162783..505d5f39b 100644 --- a/.ci/docker-compose-file/docker-compose-mongo-single-tls.yaml +++ b/.ci/docker-compose-file/docker-compose-mongo-single-tls.yaml @@ -1,23 +1,30 @@ version: '3.9' services: - mongo_server: - container_name: mongo + mongo_server_tls: + container_name: mongo-tls image: mongo:${MONGO_TAG} restart: always environment: MONGO_INITDB_DATABASE: mqtt volumes: - - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/cert.pem - - ../../apps/emqx/etc/certs/key.pem:/etc/certs/key.pem + - ./mongo/certs/server.crt:/etc/certs/cert.pem + - ./mongo/certs/server.key:/etc/certs/key.pem + - ./mongo/certs/ca.crt:/etc/certs/cacert.pem networks: - emqx_bridge ports: - - "27017:27017" + - "27018:27017" command: - /bin/bash - -c - | - cat /etc/certs/key.pem /etc/certs/cert.pem > /etc/certs/mongodb.pem - mongod --ipv6 --bind_ip_all --sslMode requireSSL --sslPEMKeyFile /etc/certs/mongodb.pem + cat /etc/certs/key.pem /etc/certs/cert.pem > /etc/certs/mongodb.pem + mongod --ipv6 --bind_ip_all \ + --tlsOnNormalPorts \ + --tlsMode requireSSL \ + --tlsCertificateKeyFile /etc/certs/mongodb.pem \ + --tlsCAFile /etc/certs/cacert.pem \ + --tlsDisabledProtocols TLS1_0,TLS1_1 \ + --setParameter opensslCipherConfig='HIGH:!EXPORT:!aNULL:!DHE:!kDHE@STRENGTH' diff --git a/.ci/docker-compose-file/mongo/certs/ca.crt b/.ci/docker-compose-file/mongo/certs/ca.crt new file mode 100644 index 000000000..d4cd04759 --- /dev/null +++ b/.ci/docker-compose-file/mongo/certs/ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQD8UL+glAaqCDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjcwODIzNDhaFw00OTA1MTQwODIzNDhaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA5uzGSZYswJSGceegV78c29D0nGwD3xCE/DaHk5JYQ60R +SY1V+3ICoIrN80u3hj4IbDOjHEmzeoUeeorlhnTH7T42lY+GwnFp2hRqAsMuZfZD +dlLGjlIswf2THZ92aQwSRsHe9j2BTfGyMa9lP6D0D9Bq4Qadk0KM+irG6rETwPvA +CUxKDhPdIyp0hAmuYsZOENFZeuyVexqiOxh8exVRQIFCKfh7DTV4ziXpoNy1xqH/ +Gjg57DsX+J1hPraOvfZga/fpGwjMqzYCHMMtnnqrrV2IWBShdYET5swm9g2FmQES +oJ3ScFptcA27AhQSikK1kMrCvOVqWvzJDsr/x2Auv+aGxSOi+NGEf4qrGHQan99g +C82hbeGRBffuPKFxPqPuIFzVekRhcAjoNhwzxbYZnGmV+cTSvVk8RF0pB+uj8L2Y +OtBWuAxDl6p4/RPU8KIGO5jkka4eVsucnoqcXS2WnWbPewfAMOPDOhR8asFWCxE5 +snknoRlo8cRv9JN/8qsQLW8ibeZTTsw6fe2Kv0hyhpErQqw6QEbKn0bp+ZcGOw7O +tkjye9l1OwL3GIwNGrF1B2mLw6TUrAxHWZQgrjfFHQk+nsZtQDUi19rPvwK1Vk+Z +g6TSYJPbWZBcRzsZxuezn5sJ4XO56zwCXaP2gohsOVZPd6U+n5vtKhs6eLHJLU0C +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAw2PK8Nr3lQyF9pipvahEkHSIz8TVeLue +lT8h6Hrkn1UcDHpECja/tPKLxYEVUoyMKeKR3K6AO5RmCgDObcZRkMdMmNYocvb5 +1BvGhlv3uk5rNUz+PW8F6cwVp+3RevBD5OSEkBzq6fuSyC0g8dk17IPKnfwNJCue +gkgsyEUgSHK8t3g/uE0Jdx//svTdnc7dmB43uU3o3tl+qhMwm7Zjr58gP1t7fMTD +Zu8Yq8en39lMDt1lv4LZG5JyEL5GQMr9B9ft5ZJpg6LGxRUmC7J8d+5Swux6MjcZ +pAG2/V0VJwrR+joT8BZqnj/pR2Mk+34Ul1DIF7iSS/P+Wwy4+oP3XaNmXPJPTX8Y +acVYYO2Q9o0B6zPQk5e2ECSMqQ2NW0+RJv2YJl77WoCWScYhixqOwWNrXu8CSeQ9 +99rZrwN9lDN3I/bXLqzjUlTwL49YDSy50GkVKC14mZNSIAegJqGv3SwmITRZRaYF +UNhdmLldCCZ686QkGGsiIWmKug0IxJxYtLQKpajHuBQKhyyRgfIq+CfdyjsxmVNE +1h1bmi7Hy30KAx4qGHXGhKbITAUvAOHDNs5G9R8vv6J/AjOPGeuy9mayHg3CIarx +z0p0b9dYMK9yL9dEC8KHfUSIh7ZoR6JENkdq0Uj/8AE4+NwzrNbFRMKNAGMjFi8K +UPcPKDe8WZQ= +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mongo/certs/ca.key b/.ci/docker-compose-file/mongo/certs/ca.key new file mode 100644 index 000000000..5b9601853 --- /dev/null +++ b/.ci/docker-compose-file/mongo/certs/ca.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEA5uzGSZYswJSGceegV78c29D0nGwD3xCE/DaHk5JYQ60RSY1V ++3ICoIrN80u3hj4IbDOjHEmzeoUeeorlhnTH7T42lY+GwnFp2hRqAsMuZfZDdlLG +jlIswf2THZ92aQwSRsHe9j2BTfGyMa9lP6D0D9Bq4Qadk0KM+irG6rETwPvACUxK +DhPdIyp0hAmuYsZOENFZeuyVexqiOxh8exVRQIFCKfh7DTV4ziXpoNy1xqH/Gjg5 +7DsX+J1hPraOvfZga/fpGwjMqzYCHMMtnnqrrV2IWBShdYET5swm9g2FmQESoJ3S +cFptcA27AhQSikK1kMrCvOVqWvzJDsr/x2Auv+aGxSOi+NGEf4qrGHQan99gC82h +beGRBffuPKFxPqPuIFzVekRhcAjoNhwzxbYZnGmV+cTSvVk8RF0pB+uj8L2YOtBW +uAxDl6p4/RPU8KIGO5jkka4eVsucnoqcXS2WnWbPewfAMOPDOhR8asFWCxE5snkn +oRlo8cRv9JN/8qsQLW8ibeZTTsw6fe2Kv0hyhpErQqw6QEbKn0bp+ZcGOw7Otkjy +e9l1OwL3GIwNGrF1B2mLw6TUrAxHWZQgrjfFHQk+nsZtQDUi19rPvwK1Vk+Zg6TS +YJPbWZBcRzsZxuezn5sJ4XO56zwCXaP2gohsOVZPd6U+n5vtKhs6eLHJLU0CAwEA +AQKCAgAZcZtDfmV97p+Fq2TSZj9SxQo+tfQTPum4NHXpv6U0B7yw4v7HTr+VWtXo +ab5V7z3UVjgxpLk+1a4PCIDTuMhSjplLD15kzERCgB9SIJlbKLA0OFiiU9GUqlDs +YaaVWnwlCbV8Yjh+ExR0PwQj56McnvU3yBfSovGPmukB8PLhP5vgKmS6elvSRRpD +diGdxoXReo+maKzrvHqFkmQc17N1LQjSQQul3+9on2rHi6oHsc++3tUa/0Pb49NU +Kp89tQjYvJ8VmHmcn73J14OOQ6vo1TZxpgxIOymrM3FTiRfgTOr1gY4vTPdj8k9Z +okaMr178Dis4zvpR/ipVE+7s098ylilZne3Mm8VsBD6J/wTvvHu+qdlVKLSDmfas +idHnPE7n5AtJwt1ykQ5QV+PuAiT+TSUElZCgHp+0jTfTXqxgLCgWzX6eNw0n7pUg +R7plm43nEqJHLOOx7sxsz1aKiF0Og/RjRrMaOTMO3Hg+5XoGdHM4vebiMOy5lozq +kww+5WWKzxz9F6XaOr/p8ZJRYrFLWUZbhci9b7unAn8roCvYxfm3wA85yd0ci9dC +4iBN2yMV12jwBI6+iIZq8hTlbXnqVJBYoPAk+t66xN1r983HWrce2RoROsMfr0Gc +5am+dck6n2h8snj0ZJiO8GZ8NRum4yREnRLmDk0fMeSgptIHbQKCAQEA9indtCaW +6Cw2Bpngk/0hk8e5zgc+REQdO/UlHE5jkcti5U/ZRLl+f3QE43EEWHy2MlLFL/zo +J5FA2x5H7ws2F85VHROc4BolscDwMrrA7tteRpj8BHMyQSksYxfGwM5dXCr1v7mT +1MZrm6U1LQTAxlbKof6oOdAPN+OSqZb+zEdYIGfcY+q72GTRP6LVopfn326089gu +BuivWu6UiKp5gqQ4pl3L5TQGBS6ZE3obT8zBDe5gm0fqTuLekIQZzUFW4CcrrOdF +45BmsO+5BPQEvHXo0BNoJvM6/EXUWMTQGU6v1iVj3Bfy/jLdbXs2zJ6DrvuMwBgW +Fd5q23mVFfa2xwKCAQEA8CcGTe7x3Msx87jKxPYUR0nJ4GePXo/L5Q1jXsLigh/B +TChcdta5nGzN15OknIFEKMBTXl+TWbwzp5ufPyY5XsTLKU2KFBy37YypZ94MLbUb +D2J1QOl5UysaGYB6z6Mr54NUSItQSz8HbMh70eaU5wdzMtEweB2HWzdvR8ssv4ke +UNPfutCYUeJXgYvGKO6T97GtTZeGevpohlWUp/3GO8dOLCvlaa0AoVSvfrNmx56r +BkD7v2RxySD/lmOgIzVTR07s5zmLviwavt+swAq8BSLpR12kexM2oxLKsHajpvJy +dWeo6pFP3BIYsamuYDxSClcU27zQdNJRqniDDnxXSwKCAQB40ZeVIhOTJI/nsYK+ +X9EpHTAe5QM0slG+6dUrDXZlSnPhpM04o+poV+NGVmQRojQygtlxcinnsa0pXrVj +qBcGnCi+OrAWdf7mPZIm8+5ZzaV59QBMltWlkbXNdRAB9cdww00WqtjZ6AFMxUtS +KzEKp/KQi9K5fVrazYFgZ1HrpWCllxRenglQbjsdhqhgQzp1OXrq68G7dl0Kvmp8 +oV8+NafwT70RY/VIedR78MSS6CYg1kzoKeXgjg061Pts+JLRNaiEFocA6BDe6une +en4QmbaI2d2WsG7U/tj4MLEKmspGytc2YTLMfN6dK4p755kuOxyb87ZzSVUdH5GC +1DJlAoIBAGl4yjUKH2FYQJ0I6M0uQmO4zZfoA7iFMQhtI9pnfzGlHrEC/PEYhzZj +NthaOK6fuz6mkTbehQmhNZKEL6F9eS7dAVkne+AvaLxEzdYXWIPuiW7tUA/tOmLD +iFfw7H8q68pnDGo7/Uy+5tTpDDB4s6bvx7Fm3IG0flEafJ4sZn/Mier30sfqeytj +XAlCSQqLFaNwfmuYg/CY77Un+vz44Mo6U2Pk94G9AIzac6USx64eSoCZo7dANxUd +kAMNyDQOZH/p8vPueyhPmIOCGw3Q6RjcZ1X3k5iWLKXcR/bOdDuLOafEmhRDM660 +p/HHUxVjCKkP69JCD89u230iJnUDORcCggEBAMGWSn6Jm3iAnO/iX+ltlFf7GaD1 +BPt3o4vnQasve/jWHZZrTXoSn1D53PnzNxr+h+OyfbgKJNXW+DoApplzoMzGgMtb +ni28CIPO3H+CUWa7h6E7Z7B3wSKto0xomwOvPCT3fuZCfVJu4WdbGtI1pbved/de +yS0TgCilHLGqHMOXw867qnxJG7pTKE3U3n1gfPdEBLN/icEeu8nTUkVkpqlEXdh8 +BxyB8HzmgJkDA660Vx69E1V7ZkfTWpRm4zqcsH7PdhCqsdRrOiJ7O/YQFH1sx3tU +HfWKOJFUEKJlv/T60B1o8Qwc15ZRBenYvAIxgUpVSkH1Ww/eUlo+YRXKDK0= +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/mongo/certs/client.crt b/.ci/docker-compose-file/mongo/certs/client.crt new file mode 100644 index 000000000..78a6adbf4 --- /dev/null +++ b/.ci/docker-compose-file/mongo/certs/client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAeagAwIBAgIJAKyzto6kgv4EMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyNzA4MjM0OFoXDTQ5MDUxNDA4MjM0OFowJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCzgIQamGaqpP+SzwmEYtNL8koAUs0XNw6ohJ4s1lopkqOY2fnbWKO6JOSv +RPPStRiRklsPNno59cKfoN8j+Psfne6nkQbq1fbsZRzYGX3LdQVsD4QMEC4X63oJ +neEQ7hsEFaYW0bpkppVF300E23VT7CEDkEYBWhbXCTsdbQltffSG10ZT9XVHbqTL +cTmQzicn6TWQ8jH++VoY1q76OBd98gHcV6BocR61oXyjyArkUlGDsj3s5Xfsbfay +fagy6Q4cEBOrqWQvSqnenAll6IhEZ2KPDiXZWDPWMyLpLNO13ECp9+m7CMAo+15y +Zw/UUFeUyWlLtDXfV+GJzAA1Rv9vAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBALYlv9OxmYtj0BOdQrM5 +oIhivrA/bl8/Kzn4Bioqth8iWtpgZcZK15NKCGiDEKCkm+cKXWkC9tQcQzHpVas2 +aAKeiXIkYiSj1NiNDMrv5XLKOeFrMDVLWUAJzfSEr3Jsci+Wf8dX/VoYhgkH247w +j8cI8x7Vhi6Iun4pbp+ltuVtfcVAfUPhdrIXiif+hCLDbxdgj6qQ4MHC/Zpx1i+7 +4NVX8BVHsigFzN09GfHs3n+Uiq2Lzd3FaHnXWx+rueycQyXI5655YUbPJdWPO8Pu +JX+++GlpY91ni/UTMPdgmcqzMQo8kxV9+16sU4PjLcSKsgpJ0pT2ZJ+OJgtiMrEO +IS41ht4yhpx3G3FXim5MzUTsGHV7rr8ZzZ6wN46QXjzWtsLX98nzI1Dlz2USlbbz +N0NjgdPROUZsRDwEinnb1D96Rfn79qnfJhGmCXd5QSvM4HGW5SqqzzyvE0nLRnDg +davqHzA0en3Rt1/INCjr/+3GM4qy5lCG1fz1iuv5lfTVahljkkxnzSXyPW2E+0nZ +05bq/fAEbkQaOBwPWGTNCc4InzaUU0XKtx4IcnprgF6846lNRE7aFHjAWqOjOnZj +secfrzXDRLNJ58+eZpdJvVsaRl22bRHKI0MDNk5VzDKp/rqw/8+2f+Y2LXNKOJEQ +KLXCWq2sh5ReRiyDSaK+IP1z +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mongo/certs/client.key b/.ci/docker-compose-file/mongo/certs/client.key new file mode 100644 index 000000000..4cf93eb49 --- /dev/null +++ b/.ci/docker-compose-file/mongo/certs/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAs4CEGphmqqT/ks8JhGLTS/JKAFLNFzcOqISeLNZaKZKjmNn5 +21ijuiTkr0Tz0rUYkZJbDzZ6OfXCn6DfI/j7H53up5EG6tX27GUc2Bl9y3UFbA+E +DBAuF+t6CZ3hEO4bBBWmFtG6ZKaVRd9NBNt1U+whA5BGAVoW1wk7HW0JbX30htdG +U/V1R26ky3E5kM4nJ+k1kPIx/vlaGNau+jgXffIB3FegaHEetaF8o8gK5FJRg7I9 +7OV37G32sn2oMukOHBATq6lkL0qp3pwJZeiIRGdijw4l2Vgz1jMi6SzTtdxAqffp +uwjAKPtecmcP1FBXlMlpS7Q131fhicwANUb/bwIDAQABAoIBAQCL0JOVP5XgXwqu +6FLKakuYwU1AuT4EUh85xaqK1B+AeDazbT1/y6gj6m6x0mx0eBh98ti4nb9QfAuv +WJfWJi48b0CgBoezzRs7AHsaG6jvG+QwSlmZJ9UvTnxNF0tia4RhhxdKeOvNUC+/ +L/KG0QWva6I/a1YL4Yce0ZLZFcAdJouJpjv0Bqe0xgcK7rld2AqGY54YvUqeoSjA +Uv2mhCy4xoRtF2XXyjJ1R/JOlsN8mHZvae4teWipSUf91zzd7thLT7s5CPcd2gj+ +2CQps0HkwbvpEB9Y3sGW5pVwacY9fOZkZPiaCqQ0cWDCj0qh9xi1m0/yL2sUrbet +S08YBThhAoGBANxR3armXC9G2jomBSvEq3kVpjQbaZwgFTKgf9nCMVlrayD8J507 +cvuUNtgf9h7U3N4cPFZLU77wiM4b0P0Q1wxWcfkTssg/kFY9WHwXPUj+DGA4q+Oc +7PvxNOyaX61816n6mTIH9+IloRYCYA8Qfoa8furvkMc7xPK5MYI3phaxAoGBANCS +Z8X5VU/LXK+bgjVnJYqrG5cqKU8VpBSvwEXpv5BGmKU/39aRBsWUHgffyNMVffia +UNIvXXIZQhhKDKMAwJFCi7ilpz2+8kErndtXXinyLkrLg4BC6vANMTkOWQJMj4T1 +6fqPKEk2iF6iXhZWje9Ako+qBPHbB9sBbznV3kAfAoGAEDQlLXCLzx5S5nvtXW61 +fc5Nzv9FISpq5LJRNN7HamAwHNjuwO2iY0ZfUj3niBT3uY4yEdawbhaauS3qjPI0 +HsAs2bjNKVUjdHRGkbnT1A57Moh4e+EKvOzci5o+9y97XREFO1zCqmtCEbBTCEia +RaaPXxAHgd+veHqOXZliKcECgYBThl3ibVAZzWHHvWnugukI2C8LYUn7rrnvwtYn +6UzatTrJ6oN0RM3Gb+N62cZtqcyxsvKsyWUNnUnXukfHOzTitxiHEGeiFYakTJhB +z4IZIDAjqc52ndXB3jaZF8LTZd+Pqn9R5OSINTt1UmaFYZIjfuNyfu7OAB3sOW3W +ZmxDlwKBgQCbhkHL+tHi3oj1AASc5CSTMsY+DqqfS7VLWBhr6d6u/QrEMqKZWy2E +NeeKkK/ImzTU0HJOIsAg+H57fU6S9zBlhxGYHlAu09rYJNZ9Eo5VGYSatNaJVzvy +9/khjpL0Y5rnK0mWC2sNqGzJHVgGDWERYGs2W3hOYfRalTldY6yxkA== +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/mongo/certs/server.crt b/.ci/docker-compose-file/mongo/certs/server.crt new file mode 100644 index 000000000..874d84215 --- /dev/null +++ b/.ci/docker-compose-file/mongo/certs/server.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEATCCAemgAwIBAgIJAKyzto6kgv4DMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyNzA4MjM0OFoXDTQ5MDUxNDA4MjM0OFowKDESMBAGA1UECgwJRU1RWCBU +ZXN0MRIwEAYDVQQDDAltb25nby10bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDYkaO97KPcCgpQljzKWN4SJD9fFQ0aN16HN4aBdFPqZKp3h8L8n3Rd +oo6kLQxpcTT33FY7fTPAEZ04hQgogM6XUEAGAyl+C5ENPUO//0bDw5TA7jAu7AvJ +3kcEkG9ipYTJde71ogeiNm5U6RR6kS3mRcRXX3EAp7Aut+hgTrwTTMVGcoz1qJQm +B4hK84mGWHqgVHwsow+XROJkm/aYKHBEq2Xau6MpJFQ2rBZBG8vgp8qsfaK6hNcR +kTmEn7gBC/ix5RWkPNKoE5zi1btNrAPQilo/uPdpTTQInkGKij7fYWPT90aEuQfp +76eJGHy74B+nN3qcKPw9UfUTSeo95Na/AgMBAAGjIjAgMAsGA1UdDwQEAwIFoDAR +BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBAIYWKJtgtfe3RDG5 +Bqny3nRWsKXIxJj5FO3n/9B85v64J4Vwr7GVRc05dQVvlVg68ElqjHhI4rqyvaPm +ZZMwccRRuv9kk5BJTz5jbGYbRFIB5NNrrk5IjABZPZi0poEY1xYGuKakOLnTCA+C +N92YM09uCiudfbgHiIkaMsJ8BO3fbN8AgTAfj2Xpd9ozMjSv8gLVWougfw5vgr0f +0WzTObhCHsRwVRnWqko/TME/5weUEbQPUJI1R7D2PwDTi728mpwX1ru9nirYfGOY +7HdyrP1R5dyD+zBiFs8A9jbIJAtoC5TjIxREOGUh9YRs605BivdrQ/cZg0qJVMCX +1pJm5i5/ilN48PnMP3QD/K6dZj1wxP3GueRh4pDMfbmhsVicCTonu85nZJ6oAoQ5 +RT5ZzmViyuN3jFCZHX564gc676HdsKtkC8dufKtNI+tUoJTEv7AnJgCc+554CTMC +zBwtln44TqHrCR1hGEG1iik/hEAnLW5YDnzrRASxYiY0fhWfy0rpojr+WRFrdoE2 +l9uXLcpXmPuy05Am+nNg5qxFCqBSbRCMat8Mb1sof7pkObheztOTTq01peMzEYCe +zIgowGgW8U0nN04UTo5bYYLxtVVx51QMNw0vckqDXB06Y9s/HFjTphLnGknauJiC +CV0XmCFIb0qM/5HGS/lBm4mEvwOc +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mongo/certs/server.key b/.ci/docker-compose-file/mongo/certs/server.key new file mode 100644 index 000000000..1dc07f326 --- /dev/null +++ b/.ci/docker-compose-file/mongo/certs/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA2JGjveyj3AoKUJY8yljeEiQ/XxUNGjdehzeGgXRT6mSqd4fC +/J90XaKOpC0MaXE099xWO30zwBGdOIUIKIDOl1BABgMpfguRDT1Dv/9Gw8OUwO4w +LuwLyd5HBJBvYqWEyXXu9aIHojZuVOkUepEt5kXEV19xAKewLrfoYE68E0zFRnKM +9aiUJgeISvOJhlh6oFR8LKMPl0TiZJv2mChwRKtl2rujKSRUNqwWQRvL4KfKrH2i +uoTXEZE5hJ+4AQv4seUVpDzSqBOc4tW7TawD0IpaP7j3aU00CJ5Bioo+32Fj0/dG +hLkH6e+niRh8u+Afpzd6nCj8PVH1E0nqPeTWvwIDAQABAoIBAFJQAIk2QQ1n74Wz +pIVQA4+noUJ1UNaPBumjzAa1/RMQkc3+lrjHrkXMfCSgTqBg+73dTBUuQBYXW8dY +oMIsOtk+Eid22jVjFg2PJIn775yGYKp3nW6oHs7qIdn1P7ChsneT0HAh1n7r60Fw +mW0Acw6bo8WFrACQu6D2G2dHZap7hy0mVD9U53BjaopomKlqyyzVgVuZOCqg4lnR +V+pjfalNQc1ZdyuaTRpV/ru244f1u/pZSC5ehzdg10bePH3dVLjX2FCwY84lNfly +Jnli3LoR32eLrAnyA3Vnbwy8+P5JO4H8DaLXOz1BLyK7TG9ee6IkldwLykCzADG3 +IJ/ny+kCgYEA9qXa7XTGOq0gF3npHwPHsRR5NrKG+B/GsrrYkvvenfucvSDza9H8 +Mj74NCidLvsoJJHyBRr8LiLH2i59AhP1AL4o32KRuE+SiHldDsVHOKCsnbptLh/m +JXI90X7QYCQ+hSg68LV0Z49y/8rmM/tiZ974nI/DwsKQp2cayM+/L6UCgYEA4MfQ +4nwdKMEdWK/fw5rQyfYTq/467SK8DnB4RjWnatMn2RMe8R/epvilrdkrR/csTLhf +dWFjqly+eLwk1ZmeUOa6e9Q/cSSqMCoewfnqHxJnqiaRgJFVaBGK08vsdU179N4p +QlMjjYfQ9PKd9Xo8TVprPsXdejjf0XEy4Nthn5MCgYBhZEA8Pz3+8VmYq4THwGBb +pe/vDzOISlPVQz49W8MdsrrDW32C95mT5ZVwUxEt+fJx7kcYiP1G4mjz2CN4bJTz +xCKzgmJz2sfLp9B9Ap0K2TcP2Qs/iU0BQEj0rhRtwiIFxkrvvVbHhbctFdssb3j9 +9udIOuRbxSQFVgsXfCDMGQKBgQCh5emCp0hNSUJ81TgC5+gH/vBOSe9hS0pN0B4g +25Y479tck1QO8hhpBOA4JhnxXIsQux8uKTYix2f9B+4z1tBbjsO0WrxTHshhpoS+ +y+Uf+h6mQ986zfLI4RGv2Mn39xYX2Ue4WK9byf3r3y98Vk1GnaBu9w69cGdsr+6o +W/qldwKBgQCgLHHMr5ZQonemuNz2LO/pYTljlObhopTf7rZ4ygrWsKgA0Mdep93r +VKeczhxTZi78CjtDWIR7HdKpoZJUgCIwa9o+RCAAETHtfMQPT2J8H/s+os8rAmUe +W/YvpcgCYs1g3GK4Ih4YLJrWA0MmdkXYgE2FSAxo8VriiA4fLYs+qw== +-----END RSA PRIVATE KEY----- diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml index 2ff482a67..a88d6888b 100644 --- a/.github/workflows/run_test_cases.yaml +++ b/.github/workflows/run_test_cases.yaml @@ -63,6 +63,7 @@ jobs: run: | docker-compose \ -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-mongo-single-tls.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ diff --git a/apps/emqx_authn/test/data/certs/mongo-tls-ca.crt b/apps/emqx_authn/test/data/certs/mongo-tls-ca.crt new file mode 100644 index 000000000..d4cd04759 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/mongo-tls-ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQD8UL+glAaqCDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjcwODIzNDhaFw00OTA1MTQwODIzNDhaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA5uzGSZYswJSGceegV78c29D0nGwD3xCE/DaHk5JYQ60R +SY1V+3ICoIrN80u3hj4IbDOjHEmzeoUeeorlhnTH7T42lY+GwnFp2hRqAsMuZfZD +dlLGjlIswf2THZ92aQwSRsHe9j2BTfGyMa9lP6D0D9Bq4Qadk0KM+irG6rETwPvA +CUxKDhPdIyp0hAmuYsZOENFZeuyVexqiOxh8exVRQIFCKfh7DTV4ziXpoNy1xqH/ +Gjg57DsX+J1hPraOvfZga/fpGwjMqzYCHMMtnnqrrV2IWBShdYET5swm9g2FmQES +oJ3ScFptcA27AhQSikK1kMrCvOVqWvzJDsr/x2Auv+aGxSOi+NGEf4qrGHQan99g +C82hbeGRBffuPKFxPqPuIFzVekRhcAjoNhwzxbYZnGmV+cTSvVk8RF0pB+uj8L2Y +OtBWuAxDl6p4/RPU8KIGO5jkka4eVsucnoqcXS2WnWbPewfAMOPDOhR8asFWCxE5 +snknoRlo8cRv9JN/8qsQLW8ibeZTTsw6fe2Kv0hyhpErQqw6QEbKn0bp+ZcGOw7O +tkjye9l1OwL3GIwNGrF1B2mLw6TUrAxHWZQgrjfFHQk+nsZtQDUi19rPvwK1Vk+Z +g6TSYJPbWZBcRzsZxuezn5sJ4XO56zwCXaP2gohsOVZPd6U+n5vtKhs6eLHJLU0C +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAw2PK8Nr3lQyF9pipvahEkHSIz8TVeLue +lT8h6Hrkn1UcDHpECja/tPKLxYEVUoyMKeKR3K6AO5RmCgDObcZRkMdMmNYocvb5 +1BvGhlv3uk5rNUz+PW8F6cwVp+3RevBD5OSEkBzq6fuSyC0g8dk17IPKnfwNJCue +gkgsyEUgSHK8t3g/uE0Jdx//svTdnc7dmB43uU3o3tl+qhMwm7Zjr58gP1t7fMTD +Zu8Yq8en39lMDt1lv4LZG5JyEL5GQMr9B9ft5ZJpg6LGxRUmC7J8d+5Swux6MjcZ +pAG2/V0VJwrR+joT8BZqnj/pR2Mk+34Ul1DIF7iSS/P+Wwy4+oP3XaNmXPJPTX8Y +acVYYO2Q9o0B6zPQk5e2ECSMqQ2NW0+RJv2YJl77WoCWScYhixqOwWNrXu8CSeQ9 +99rZrwN9lDN3I/bXLqzjUlTwL49YDSy50GkVKC14mZNSIAegJqGv3SwmITRZRaYF +UNhdmLldCCZ686QkGGsiIWmKug0IxJxYtLQKpajHuBQKhyyRgfIq+CfdyjsxmVNE +1h1bmi7Hy30KAx4qGHXGhKbITAUvAOHDNs5G9R8vv6J/AjOPGeuy9mayHg3CIarx +z0p0b9dYMK9yL9dEC8KHfUSIh7ZoR6JENkdq0Uj/8AE4+NwzrNbFRMKNAGMjFi8K +UPcPKDe8WZQ= +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/mongo-tls-client.crt b/apps/emqx_authn/test/data/certs/mongo-tls-client.crt new file mode 100644 index 000000000..78a6adbf4 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/mongo-tls-client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAeagAwIBAgIJAKyzto6kgv4EMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyNzA4MjM0OFoXDTQ5MDUxNDA4MjM0OFowJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCzgIQamGaqpP+SzwmEYtNL8koAUs0XNw6ohJ4s1lopkqOY2fnbWKO6JOSv +RPPStRiRklsPNno59cKfoN8j+Psfne6nkQbq1fbsZRzYGX3LdQVsD4QMEC4X63oJ +neEQ7hsEFaYW0bpkppVF300E23VT7CEDkEYBWhbXCTsdbQltffSG10ZT9XVHbqTL +cTmQzicn6TWQ8jH++VoY1q76OBd98gHcV6BocR61oXyjyArkUlGDsj3s5Xfsbfay +fagy6Q4cEBOrqWQvSqnenAll6IhEZ2KPDiXZWDPWMyLpLNO13ECp9+m7CMAo+15y +Zw/UUFeUyWlLtDXfV+GJzAA1Rv9vAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBALYlv9OxmYtj0BOdQrM5 +oIhivrA/bl8/Kzn4Bioqth8iWtpgZcZK15NKCGiDEKCkm+cKXWkC9tQcQzHpVas2 +aAKeiXIkYiSj1NiNDMrv5XLKOeFrMDVLWUAJzfSEr3Jsci+Wf8dX/VoYhgkH247w +j8cI8x7Vhi6Iun4pbp+ltuVtfcVAfUPhdrIXiif+hCLDbxdgj6qQ4MHC/Zpx1i+7 +4NVX8BVHsigFzN09GfHs3n+Uiq2Lzd3FaHnXWx+rueycQyXI5655YUbPJdWPO8Pu +JX+++GlpY91ni/UTMPdgmcqzMQo8kxV9+16sU4PjLcSKsgpJ0pT2ZJ+OJgtiMrEO +IS41ht4yhpx3G3FXim5MzUTsGHV7rr8ZzZ6wN46QXjzWtsLX98nzI1Dlz2USlbbz +N0NjgdPROUZsRDwEinnb1D96Rfn79qnfJhGmCXd5QSvM4HGW5SqqzzyvE0nLRnDg +davqHzA0en3Rt1/INCjr/+3GM4qy5lCG1fz1iuv5lfTVahljkkxnzSXyPW2E+0nZ +05bq/fAEbkQaOBwPWGTNCc4InzaUU0XKtx4IcnprgF6846lNRE7aFHjAWqOjOnZj +secfrzXDRLNJ58+eZpdJvVsaRl22bRHKI0MDNk5VzDKp/rqw/8+2f+Y2LXNKOJEQ +KLXCWq2sh5ReRiyDSaK+IP1z +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/mongo-tls-client.key b/apps/emqx_authn/test/data/certs/mongo-tls-client.key new file mode 100644 index 000000000..4cf93eb49 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/mongo-tls-client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAs4CEGphmqqT/ks8JhGLTS/JKAFLNFzcOqISeLNZaKZKjmNn5 +21ijuiTkr0Tz0rUYkZJbDzZ6OfXCn6DfI/j7H53up5EG6tX27GUc2Bl9y3UFbA+E +DBAuF+t6CZ3hEO4bBBWmFtG6ZKaVRd9NBNt1U+whA5BGAVoW1wk7HW0JbX30htdG +U/V1R26ky3E5kM4nJ+k1kPIx/vlaGNau+jgXffIB3FegaHEetaF8o8gK5FJRg7I9 +7OV37G32sn2oMukOHBATq6lkL0qp3pwJZeiIRGdijw4l2Vgz1jMi6SzTtdxAqffp +uwjAKPtecmcP1FBXlMlpS7Q131fhicwANUb/bwIDAQABAoIBAQCL0JOVP5XgXwqu +6FLKakuYwU1AuT4EUh85xaqK1B+AeDazbT1/y6gj6m6x0mx0eBh98ti4nb9QfAuv +WJfWJi48b0CgBoezzRs7AHsaG6jvG+QwSlmZJ9UvTnxNF0tia4RhhxdKeOvNUC+/ +L/KG0QWva6I/a1YL4Yce0ZLZFcAdJouJpjv0Bqe0xgcK7rld2AqGY54YvUqeoSjA +Uv2mhCy4xoRtF2XXyjJ1R/JOlsN8mHZvae4teWipSUf91zzd7thLT7s5CPcd2gj+ +2CQps0HkwbvpEB9Y3sGW5pVwacY9fOZkZPiaCqQ0cWDCj0qh9xi1m0/yL2sUrbet +S08YBThhAoGBANxR3armXC9G2jomBSvEq3kVpjQbaZwgFTKgf9nCMVlrayD8J507 +cvuUNtgf9h7U3N4cPFZLU77wiM4b0P0Q1wxWcfkTssg/kFY9WHwXPUj+DGA4q+Oc +7PvxNOyaX61816n6mTIH9+IloRYCYA8Qfoa8furvkMc7xPK5MYI3phaxAoGBANCS +Z8X5VU/LXK+bgjVnJYqrG5cqKU8VpBSvwEXpv5BGmKU/39aRBsWUHgffyNMVffia +UNIvXXIZQhhKDKMAwJFCi7ilpz2+8kErndtXXinyLkrLg4BC6vANMTkOWQJMj4T1 +6fqPKEk2iF6iXhZWje9Ako+qBPHbB9sBbznV3kAfAoGAEDQlLXCLzx5S5nvtXW61 +fc5Nzv9FISpq5LJRNN7HamAwHNjuwO2iY0ZfUj3niBT3uY4yEdawbhaauS3qjPI0 +HsAs2bjNKVUjdHRGkbnT1A57Moh4e+EKvOzci5o+9y97XREFO1zCqmtCEbBTCEia +RaaPXxAHgd+veHqOXZliKcECgYBThl3ibVAZzWHHvWnugukI2C8LYUn7rrnvwtYn +6UzatTrJ6oN0RM3Gb+N62cZtqcyxsvKsyWUNnUnXukfHOzTitxiHEGeiFYakTJhB +z4IZIDAjqc52ndXB3jaZF8LTZd+Pqn9R5OSINTt1UmaFYZIjfuNyfu7OAB3sOW3W +ZmxDlwKBgQCbhkHL+tHi3oj1AASc5CSTMsY+DqqfS7VLWBhr6d6u/QrEMqKZWy2E +NeeKkK/ImzTU0HJOIsAg+H57fU6S9zBlhxGYHlAu09rYJNZ9Eo5VGYSatNaJVzvy +9/khjpL0Y5rnK0mWC2sNqGzJHVgGDWERYGs2W3hOYfRalTldY6yxkA== +-----END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl b/apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl new file mode 100644 index 000000000..7cff3eff3 --- /dev/null +++ b/apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl @@ -0,0 +1,191 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- + +-module(emqx_authn_mongo_tls_SUITE). + +-compile(nowarn_export_all). +-compile(export_all). + +-include("emqx_authn.hrl"). +-include_lib("eunit/include/eunit.hrl"). +-include_lib("common_test/include/ct.hrl"). +-include_lib("snabbkaffe/include/snabbkaffe.hrl"). + + +-define(MONGO_HOST, "mongo-tls"). +-define(MONGO_PORT, 27017). + +-define(PATH, [authentication]). + +all() -> + emqx_common_test_helpers:all(?MODULE). + +init_per_testcase(_TestCase, Config) -> + {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000), + emqx_authentication:initialize_authentication(?GLOBAL, []), + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + Config. + +init_per_suite(Config) -> + _ = application:load(emqx_conf), + case emqx_authn_test_lib:is_tcp_server_available(?MONGO_HOST, ?MONGO_PORT) of + true -> + ok = emqx_common_test_helpers:start_apps([emqx_authn]), + ok = start_apps([emqx_resource, emqx_connector]), + Config; + false -> + {skip, no_mongo} + end. + +end_per_suite(_Config) -> + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + ok = stop_apps([emqx_resource, emqx_connector]), + ok = emqx_common_test_helpers:stop_apps([emqx_authn]). + +%%------------------------------------------------------------------------------ +%% Tests +%%------------------------------------------------------------------------------ + +%% emqx_connector_mongo connects asyncronously, +%% so we check failure/success indirectly (through snabbkaffe). + +%% openssl s_client -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384 \ +%% -connect mongo-tls:27017 \ +%% -cert mongo-tls-client.crt -key mongo-tls-client.key -CAfile mongo-tls-ca.crt + +t_create(_Config) -> + ?check_trace( + create_mongo_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"mongo-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.2">>], + <<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]}), + fun({ok, _}, Trace) -> + ?assertEqual( + [ok], + ?projection( + status, + ?of_kind(emqx_connector_mongo_health_check, Trace))) + end). + + +t_create_invalid_server_name(_Config) -> + ?check_trace( + create_mongo_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"mongo-tls-unknown-host">>, + <<"verify">> => <<"verify_peer">>}), + fun({ok, _}, Trace) -> + ?assertEqual( + [failed], + ?projection( + status, + ?of_kind(emqx_connector_mongo_health_check, Trace))) + end). + + +%% docker-compose-mongo-single-tls.yaml: +%% --tlsDisabledProtocols TLS1_0,TLS1_1 + +t_create_invalid_version(_Config) -> + ?check_trace( + create_mongo_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"mongo-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.1">>]}), + fun({ok, _}, Trace) -> + ?assertEqual( + [failed], + ?projection( + status, + ?of_kind(emqx_connector_mongo_health_check, Trace))) + end). + + +%% docker-compose-mongo-single-tls.yaml: +%% --setParameter opensslCipherConfig='HIGH:!EXPORT:!aNULL:!DHE:!kDHE@STRENGTH' + +t_invalid_ciphers(_Config) -> + ?check_trace( + create_mongo_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"mongo-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.2">>], + <<"ciphers">> => [<<"DHE-RSA-AES256-GCM-SHA384">>]}), + fun({ok, _}, Trace) -> + ?assertEqual( + [failed], + ?projection( + status, + ?of_kind(emqx_connector_mongo_health_check, Trace))) + end). + +%%------------------------------------------------------------------------------ +%% Helpers +%%------------------------------------------------------------------------------ + +create_mongo_auth_with_ssl_opts(SpecificSSLOpts) -> + AuthConfig = raw_mongo_auth_config(SpecificSSLOpts), + emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, AuthConfig}). + +raw_mongo_auth_config(SpecificSSLOpts) -> + SSLOpts = maps:merge( + client_ssl_opts(), + #{enable => <<"true">>}), + #{ + mechanism => <<"password-based">>, + password_hash_algorithm => #{name => <<"plain">>, + salt_position => <<"suffix">>}, + enable => <<"true">>, + + backend => <<"mongodb">>, + pool_size => 2, + mongo_type => <<"single">>, + database => <<"mqtt">>, + collection => <<"users">>, + server => mongo_server(), + + selector => #{<<"username">> => <<"${username}">>}, + password_hash_field => <<"password_hash">>, + salt_field => <<"salt">>, + is_superuser_field => <<"is_superuser">>, + topology => #{ + server_selection_timeout_ms => <<"10000ms">> + }, + + ssl => maps:merge(SSLOpts, SpecificSSLOpts) + }. + +mongo_server() -> + iolist_to_binary( + io_lib:format( + "~s:~b", + [?MONGO_HOST, ?MONGO_PORT])). + +start_apps(Apps) -> + lists:foreach(fun application:ensure_all_started/1, Apps). + +stop_apps(Apps) -> + lists:foreach(fun application:stop/1, Apps). + +client_ssl_opts() -> + Dir = code:lib_dir(emqx_authn, test), + #{keyfile => filename:join([Dir, <<"data/certs">>, "mongo-tls-client.key"]), + certfile => filename:join([Dir, <<"data/certs">>, "mongo-tls-client.crt"]), + cacertfile => filename:join([Dir, <<"data/certs">>, "mongo-tls-ca.crt"])}. diff --git a/apps/emqx_connector/src/emqx_connector_mongo.erl b/apps/emqx_connector/src/emqx_connector_mongo.erl index 6a1b15e57..5f8cc38c6 100644 --- a/apps/emqx_connector/src/emqx_connector_mongo.erl +++ b/apps/emqx_connector/src/emqx_connector_mongo.erl @@ -18,6 +18,7 @@ -include("emqx_connector.hrl"). -include_lib("typerefl/include/types.hrl"). -include_lib("emqx/include/logger.hrl"). +-include_lib("snabbkaffe/include/snabbkaffe.hrl"). -type server() :: emqx_schema:ip_port(). -reflect_type([server/0]). @@ -37,7 +38,7 @@ -export([roots/0, fields/1]). --export([mongo_query/5]). +-export([mongo_query/5, check_worker_health/1]). %%===================================================================== roots() -> @@ -158,28 +159,42 @@ on_query(InstId, end. -dialyzer({nowarn_function, [on_health_check/2]}). -on_health_check(_InstId, #{poolname := PoolName} = State) -> +on_health_check(InstId, #{poolname := PoolName} = State) -> case health_check(PoolName) of - true -> {ok, State}; - false -> {error, health_check_failed, State} + true -> + ?tp(debug, emqx_connector_mongo_health_check, #{instance_id => InstId, + status => ok}), + {ok, State}; + false -> + ?tp(warning, emqx_connector_mongo_health_check, #{instance_id => InstId, + status => failed}), + {error, health_check_failed, State} end. health_check(PoolName) -> - Status = [begin - case ecpool_worker:client(Worker) of - {ok, Conn} -> - %% we don't care if this returns something or not, we just to test the connection - try mongo_api:find_one(Conn, <<"foo">>, {}, #{}) of - _ -> true - catch - _Class:_Error -> false - end; - _ -> false - end - end || {_WorkerName, Worker} <- ecpool:workers(PoolName)], - length(Status) > 0 andalso lists:all(fun(St) -> St =:= true end, Status). + Workers = [Worker || {_WorkerName, Worker} <- ecpool:workers(PoolName)], + Status = rpc:pmap({?MODULE, check_worker_health}, [], Workers), + length(Status) > 0 andalso lists:all(fun(St) -> St end, Status). %% =================================================================== + +%% mongo_api:find_one/4 typing is invalid +-dialyzer({nowarn_function, [check_worker_health/1]}). + +check_worker_health(Worker) -> + case ecpool_worker:client(Worker) of + {ok, Conn} -> + %% we don't care if this returns something or not, we just to test the connection + try mongo_api:find_one(Conn, <<"foo">>, #{}, #{}) of + {error, _} -> false; + _ -> + true + catch + _Class:_Error -> false + end; + _ -> false + end. + connect(Opts) -> Type = proplists:get_value(mongo_type, Opts, single), Hosts = proplists:get_value(hosts, Opts, []), From f230c2052178dd30316b422337d05ad8a6862d6d Mon Sep 17 00:00:00 2001 From: Ilya Averyanov Date: Tue, 28 Dec 2021 10:34:41 +0300 Subject: [PATCH 5/8] chore(authn): test HTTPS authn --- .../test/data/certs/authn-https-ca.crt | 29 +++ .../test/data/certs/authn-https-ca.key | 51 ++++++ .../test/data/certs/authn-https-client.crt | 24 +++ .../test/data/certs/authn-https-client.key | 27 +++ .../test/data/certs/authn-https-server.crt | 24 +++ .../test/data/certs/authn-https-server.key | 27 +++ .../emqx_authn/test/emqx_authn_http_SUITE.erl | 24 +-- .../test/emqx_authn_http_test_server.erl | 92 ++++++---- .../test/emqx_authn_https_SUITE.erl | 166 ++++++++++++++++++ apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl | 2 +- .../src/emqx_connector_http.erl | 10 +- 11 files changed, 421 insertions(+), 55 deletions(-) create mode 100644 apps/emqx_authn/test/data/certs/authn-https-ca.crt create mode 100644 apps/emqx_authn/test/data/certs/authn-https-ca.key create mode 100644 apps/emqx_authn/test/data/certs/authn-https-client.crt create mode 100644 apps/emqx_authn/test/data/certs/authn-https-client.key create mode 100644 apps/emqx_authn/test/data/certs/authn-https-server.crt create mode 100644 apps/emqx_authn/test/data/certs/authn-https-server.key create mode 100644 apps/emqx_authn/test/emqx_authn_https_SUITE.erl diff --git a/apps/emqx_authn/test/data/certs/authn-https-ca.crt b/apps/emqx_authn/test/data/certs/authn-https-ca.crt new file mode 100644 index 000000000..77275c6ac --- /dev/null +++ b/apps/emqx_authn/test/data/certs/authn-https-ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQDNMAIDrjBuwjANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjgwODM5MTBaFw00OTA1MTUwODM5MTBaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAnHeqS5uHMKn8qbvcBDAnZJa8iGyp7w2eRax2SjjczoQg +SYhV2qEYnDKxh0GkxeinUImYMvhWDQiEfonJSem7gW0xLBt1z8QdJgI9XyYkHKOC +NaEzhd3mER/TR0FiFj4rp7WqK0ZvqHGpDrXFCiUG7cAR6VkqJcjlQm+DSlJzHgvM +mNNlBdwUpO6dkVpVTP/v86AhC5rLgx1WV9lart8iKH2EDpGNpRB6lSqkI6OpGiYK +ddS3jOYctp1RqZey3IoPqF5xcEdD/nuxX31tvdUnkh1X2Fyiw7aXm9ec0X5vuUk8 +EHeIEI4AYAdIBfo72wpdWcf1KKxS1HpOYRZOXQAXICZ8Nts2P6w4nExcxfdhyqjX +ht+D2aE78gltEt8MiPmtPRi2y6qeeiQ3A37WDxAgy9BRtQbINTMW1vTMToH9x7wT +1LGbLVzXZ+e5vcKJvm8FRWAYIrRW0AYNhVvzPcOqa1Rr0oas3UVieLxksW9aScya +K14UE06s3PAgcasWMdUK4yyrrBpzXKNTxwZfNk2NQOvVlV4fVmzYDb/16EKMhT+W +BU9eDD4JHyFYXUK7J/NLjYuPKR21XqgvV2yjAWR9zf4GnAsUTQHba6E87GdclREF +U0fnqtX1FrXe7sLVU6xJvZg/f1Us2RhfdpP2XIPS3E8JYOGUGTkI+RHPFQKrWOsC +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAAuY/4cYUrzhbZYOXu12bubOFEuweqCyK +oX2ehpH7MEwTAOsiwzWo/qaeNahSAYtlntAp2Fut5s9fwLRATrF57CjAGDfIG1J6 +gINKHUQTfTshSLqUIcN96JMQGJaE8e/6198shOq4DR7bOBVqOwq7yGbBTrkHNDu0 +FHUeygnV2Ik54rcCsSA4bLeEg3X7ZMmakRGY8lD2R+vnfyxlY2WFSlbOL+MJStca +rE1v444dgMVAFyfLDgf1gr+pbCQthOcPtRUD2KAK8A9Ls7IyKn8ShonMQKrYLixu +FNPv8az5OefRTHdWG2KKFamFQhNYwVJwxM++0XkUUVlc7brtJ9AOr/H5bJhAR9LA +qc9sueIOg2kEadEvMnE3GMy9dIA5WYTZmXv7PH3j5D2+C6mZnTMo/75l9OPLSj/r +ddzCzkgu76hsKPKVjTqNyYJDeaTJhZ0OR+PWzB5/VUD4rIZ3cavgFVJTGk5I7SPy +PQvqjBCj1A0frCTnlavSmbItyJzaQrnzLKihvehW3vOJ8KcBWs4cILLK7f8wR1zj +qsatv//6z17kGrTzivi8o1epA7F43eHlXCG7wXJq82ls6Lix79Ek95zXwYz2RKJ1 +ZGdwttGD+mh0Jh1U3OR97DD4N821xYlY29oVEI27OmKm4zv3z4S2dZqEYrk6yQ7+ +OMemQ8o1DIk= +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/authn-https-ca.key b/apps/emqx_authn/test/data/certs/authn-https-ca.key new file mode 100644 index 000000000..eb340db45 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/authn-https-ca.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJJwIBAAKCAgEAnHeqS5uHMKn8qbvcBDAnZJa8iGyp7w2eRax2SjjczoQgSYhV +2qEYnDKxh0GkxeinUImYMvhWDQiEfonJSem7gW0xLBt1z8QdJgI9XyYkHKOCNaEz +hd3mER/TR0FiFj4rp7WqK0ZvqHGpDrXFCiUG7cAR6VkqJcjlQm+DSlJzHgvMmNNl +BdwUpO6dkVpVTP/v86AhC5rLgx1WV9lart8iKH2EDpGNpRB6lSqkI6OpGiYKddS3 +jOYctp1RqZey3IoPqF5xcEdD/nuxX31tvdUnkh1X2Fyiw7aXm9ec0X5vuUk8EHeI +EI4AYAdIBfo72wpdWcf1KKxS1HpOYRZOXQAXICZ8Nts2P6w4nExcxfdhyqjXht+D +2aE78gltEt8MiPmtPRi2y6qeeiQ3A37WDxAgy9BRtQbINTMW1vTMToH9x7wT1LGb +LVzXZ+e5vcKJvm8FRWAYIrRW0AYNhVvzPcOqa1Rr0oas3UVieLxksW9aScyaK14U +E06s3PAgcasWMdUK4yyrrBpzXKNTxwZfNk2NQOvVlV4fVmzYDb/16EKMhT+WBU9e +DD4JHyFYXUK7J/NLjYuPKR21XqgvV2yjAWR9zf4GnAsUTQHba6E87GdclREFU0fn +qtX1FrXe7sLVU6xJvZg/f1Us2RhfdpP2XIPS3E8JYOGUGTkI+RHPFQKrWOsCAwEA +AQKCAgAwr2tlqzcdhUcA6VtEUldvjReMu4MExxAATfFgluDdwW7qcmmEZavqrjtf +AqXqjsHA5Y9eDLd5xrSzStw/C2M0mm06dDDsPPF06i1+dbe20YmqdkY52RnFKknr +WgTTNvUOchBI9tm3Z+ZalWSCC5NkVuc73Gqo5yGu0lPfxFfdeX5n7x73+8rQpw6Q +M7NnChv3ilO98KRyX6aGHzOARh2yy5tTjSatvbrmvyXjkQEFCeEnWNDkHpXAnKLU +Skd1J+BHW1ugvAwEGyjNtZF4B+MQK+ExiWF71EzISQaaiOTqmkb+OLM1s3maZ6mZ +cos9VLRHQ1idF0GOq5/HxdEMTwLimYhtbEzRllJRbLK6yGS0R4S3sL1URmhfXLwq +OsRA4wouoi/HVmPzku6jOrMqJZ1vc6VpfDHYagE1QFJevx/9uz1V4vc4KnZ63gwP +fTADgxzhH+Be3jDHUg5cdlhKQQ1d0X8sooYyS8DC+0zwOFXBok5Dkp2lDbcjaZBe +IMcF8034F/zsW5C7Mpul6Y22n/2mA6iWU5VQmu17y9revnW41sZKHqIB3dMk/7xq +DkjSVHZ9YnrH6UBSTvWVBo/4j1E//nYqMKCRHeuekQUuvBs+D0IU9hsUaGp93Qiy +7hYpTc10jzW8onSPQDb/8F6LYasKEdgZefvi0144dkPHqpdtgQKCAQEAylWuyy/6 +IEeBfOfmjassLb31T/aX5L6upTI2/UsjgdEflZqEOAP7O/l8Ti8xsoCViEUZxw4A +wr085aEZOfZ2gzJeSjqPsq3Xg9a42YisSWDbjFNc/ZhoU/zHacXBm8tduoD4XEjx +Bqijzmy6l7Va7jsk3oquFN8ISGCQfkArBtBj9DJ9liqiGditBk9c9n9uWrVHO8+g +525QGmG3aYr58Ym/Yy1AhaPzg8c+FxK75w+PPBBywW5f7bNmOITqN0zBUIORkjPD +Uz7AyR0XGuD3hN0ZHTm4psVtXgKN+UFDur3K/xIEu0VKIMpbPXLQOqtE6t7YO+vW +Q+uZdsddjGECeQKCAQEAxfekoFEE7gOwEGIy7sqljvkJ6N9yf8UzQiOsFwDSvyCw +Y36VGq9CqYsVlc55bTKtlJ4RPF8OOf8Fmiu40/IQtF99biSEvI7u1uT1U96dNJoE +B8X+Rl2FFh/TR2Jnpp7kPNroNGXe9q2YUX9NP2pbVXv57uZmMBwnM4C2Rsh7+t8P +xGl1t3C3SAOU3Pc9szJN4WN4D+L9U5982gVYMzzocurRde5Nx//mYcrY71zjy9jx +2EfYwgL1TALFkHOrUm3RumPmIZFGgyqFUzTTk0MlTK7ApGbozOCkurQbALOa/dCc ++NwueL9DlWHigGmwo6nN3UJlEXQTw5a/QrKToOJ9gwKCAQBZQT7gJwPhpWl7nhjY +OcA9VWSXp6INqAgGm4Yiajj5lTSnnAfjZe434LBzFOKJaauM916NrqGrRitM6Knm +JdDVwyxQ9lBZc9J0OA5G98F4hR+UYVnODKNJGWMmR7RGc4mfMjFdFFgupcnMz63o +Kno4SSLUgLyWPGS8+MwExW21jcvp9zPrQFdNq4V4GR5bJo+ZuAn6WncSYFk5qg1s +o3/qiudAar/htBdB9GxxZTQ6k2SODHty1KvAgbkACbIAPv2v9LoMkoUBfdcxYIHG +u6K0m4vuln3cI49BP0M9xwqHoB2iM2Ke8cvndxyUmMc+ejrmmPMuS7SzNYT3Hq8n +s8uRAoIBAD74LIdJ/hVvWtt7QNQv5UV69an7GUKHCWzqR9zxSBe/YBvlsavRP5UK +Ro1mJb2UNx5kwPrBCZdtBO0rJxlTj/ivvwf/2bDYjiQQo/BPiRWoP8vxMJZVPPXy +nZPBO1MGi3bH8sBn/uncAe06Xuni/LZOPwu8gZif++An+tK9BqKfvTYujWESG1pu +uTUn95o+UAN3TkNPYmDtBBudQ5bYst+KzaGDcX5CaZeFnEdW9qZqlVLEV7AunLPW +1dzCziXkBKgTCqp2uUUTi2ESFpJq8zxXAbPJgBdbBUrV6xjoCE7fwm5uKuIBhI/J +mPBbrfIBGxhb/CX3FCpMkv22K7srD90CggEAcb259RSKHEBjojsJo1PvS8zNj4cm +G3si7UixKFU0z5zzNRyGYEgQ6s/vEBGPUBJc1pVPhINQ5ufNxwOAfdWb0mGS9c8T +uI+BmkWH1115d8hV3o7YiE+iIEszSPyQBtsDkVGH5A7xVzjgNot+fnmvcQo/b+ua +0B9f3JKpwX52JFB0GsskeGw5NMmoqTD9Gmk7g1rKaw3R2T5GYFcsj0zGswyTh4sj +dlto52H9DfhGKHIhyKC3tMvrLdnFvB4XGZIy46TjmS1cXGCFF6KCUHVhuj6wo67X +k6X8unKQ2sHp9nOPCrrL6pXn/tSdk4+TG3CkeE+feiXYk8XDozUGZPJvSA== +-----END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/authn-https-client.crt b/apps/emqx_authn/test/data/certs/authn-https-client.crt new file mode 100644 index 000000000..1564fc61b --- /dev/null +++ b/apps/emqx_authn/test/data/certs/authn-https-client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAeagAwIBAgIJANRNg7GwqxjwMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyODA4MzkxMFoXDTQ5MDUxNTA4MzkxMFowJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDieKJGbZGACvdwI5TbpesvudLx+lxW6cp0hsCR+SERzOE8vx0Jrca6oP+y +WIclYhPv1LLq2/FAvaF+WBYhvSAg7fqx3U8XJpH8pEV4NxV0cbSj4i16XJ09bc1Q +kNPO3Lsh1S06TGY9d7vTO64BLPi5ImGA972pcjoESxybG8zYfQnfXsdQ6bFPjWUa +AnbwxnGWJQQzGTgZgUIJox0Oo3APh4wV1JLTMKlfMekmdImiXHp6r4kh+7C15Bmg +NnF9qEZRKeU09hqIa0SDtUg9rmrLeUCLbaVKUoa6kBkLFUTUGh8VHHhwMHTgrsn7 +UJm0OwvDLH9vcYF/78IS38P/SpyVAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAJWJ/KLWZAxCm4pLDnaz +z6HdrBGbRwZMt9CtJCvTy8m+kiW7gu0LzUuIOwyjqPVwTAAWWyYhLZ5PxJiahUh6 +dEt4AN5z03O8HIQ1uScSHCNkAeg2xeGw4GsM7bUmLWD1Kv2+N6DzTDzBebyoh9qV +Ke14AOu1jcIF6nUPJjW5bt4sm1LbkdpgTaChIMl3/aX9DE081g7p7XTQkCtajTgn +LINgPwGl9oQnuYypc7vks4YHiqKD0BXl05jyImfhO7N3LiT43tBLlJ0iRnxa7B6V +VFhj3Zj36qPqj74gxpS1P8q/4MealGGejfBUe3Q6j29gh8YfV/ACip3lB5IrWiHG +IbRbGpv0KnYzv9WggXiXEiMQosl2hSebSxP5zN7wcBATSaiLwSZvs7TOA2vqiwYZ +uAx+eC8XdQjp294RXiHnV6TCb/PYPc4PQJpt8AZElhXi+GuaDhAjf9MOlJiw7UJF +6BMiMp4vYiPoqYezIqjBe2qal23SIubncP7/P/a0b/7CW8frZ8wha56f0o6vPTeV +09VvEMXG+b/mAs4qV1xBjwr16xuR/8kZk9mZjJy5046bsnh9oF0hctyQhPQeKptm +UHgJroJgSm92jL2D4r4Y+2N/2aw3J0EzZ0AN/XytTRYmqhsnC98lvbw4sE2VtT4M +sTHEF6TomqSoTBZ5B/Wwyi2G +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/authn-https-client.key b/apps/emqx_authn/test/data/certs/authn-https-client.key new file mode 100644 index 000000000..a95274d5a --- /dev/null +++ b/apps/emqx_authn/test/data/certs/authn-https-client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA4niiRm2RgAr3cCOU26XrL7nS8fpcVunKdIbAkfkhEczhPL8d +Ca3GuqD/sliHJWIT79Sy6tvxQL2hflgWIb0gIO36sd1PFyaR/KRFeDcVdHG0o+It +elydPW3NUJDTzty7IdUtOkxmPXe70zuuASz4uSJhgPe9qXI6BEscmxvM2H0J317H +UOmxT41lGgJ28MZxliUEMxk4GYFCCaMdDqNwD4eMFdSS0zCpXzHpJnSJolx6eq+J +IfuwteQZoDZxfahGUSnlNPYaiGtEg7VIPa5qy3lAi22lSlKGupAZCxVE1BofFRx4 +cDB04K7J+1CZtDsLwyx/b3GBf+/CEt/D/0qclQIDAQABAoIBABMocVHT4wMZ6mSq +HeWW25Zl+dpOe5E+pcnFvHScxpdi5Yrl/+bZtH4FMJw9sPEQou8e5yPHB1masRan +DPg9r4IZn6N8PTyQHrlojBfnUQFQvR8/+ujm/MY9i6jNF53gPlRWXEUaQWvhvRnZ +apbe3wuKRQVL79dtukqyr/DPIT0O7hEvqS3HpxoFYq3MkgWNMErOGznWGnLczZWO ++7swsuMmKoPDV6FEz17DiBx3vCKZRVQB9Dx2cTm4A2DkfEms2aIXzObV5AyAZxcG +6krPcRV6KTE9oFmEQwZNLnwWXsBWYVGOmgN+IeDq/jHfkAaBU21GrnlFgcPWNuNS +EN2UtQECgYEA87NJv5ZqpIdw/kuyV3KpkL1btP/UF8lmRJfLDreKkJq8TiY2/DmF +vOjq9gg/19Obve09utT3w0GPzDmATn2C+STGO5aQHJb2UPRerLfJzizAKph6yMKh +rypk0prdNJTqhOFC8M3aS54x5k7OmT6wrVKA1rJQ3RRNz94xrrGD0PkCgYEA7ea9 +AHVg5wZVcV8n3aPUNFVZ1saaQv4hnmXP3pYPuffin17oDVY69qPzJVuI5E8Or2Em +EN4Rs9G7gFZ2uor9nzsZdTnKVn2gYDE7NdslcqZUqwhtzQ3xR2Ai7VozIUyd+p77 +WbsUhyIf1uOnOW/v3fNX/+vbysbgnqYLWakh630CgYBBe6mTa42YTDSWgCyZxtu9 +YsRjrGKHSbzLLaaIe9Ul6g4zSZ14xNQk4MlR9wGAswGkVT1DGLrCorlK/SB29s7c +t370wA5VQFNLiX5vFquJVQkF6RcFHxdnBBM3bBmIaYNi1Uyxe/7uVsG9yutEzk2X +JRYtmpiT70LBWkkrUdPDsQKBgFtZh2d+qufrAbIX1MoBl4FE6MtU1XU1+hjFhW01 +9/Hz4lxJ6Bb+7oM4bywAGu93/+6OAjzl2KxQs4vTJ6H3ru2OlvbxauWNNaDaJp9G +d/mvLsHB6c+cM/KxUpgLU6jMr7jFhURuVrKRAuLT5aljdxqlzzuhCHOzrBqfLaqP +DExNAoGAXzFQJyfqX46cgpbzW+J2Y5EN422w0zes87AtO9HjysexMbGRy+ZVOQ+b +Q7MAieMh8r2g1fMhzYIGwiQqb9xLS00aAXxSp65ngqnPQe7TSBc3IkT42bwuF5Qd +D4ygVfuDH6EcPs4ZWXPpuzWw93K6BxKJvLQFuBmm72DirCf2NyQ= +-----END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/authn-https-server.crt b/apps/emqx_authn/test/data/certs/authn-https-server.crt new file mode 100644 index 000000000..a3507cfbb --- /dev/null +++ b/apps/emqx_authn/test/data/certs/authn-https-server.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEAzCCAeugAwIBAgIJANRNg7GwqxjvMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyODA4MzkxMFoXDTQ5MDUxNTA4MzkxMFowKjESMBAGA1UECgwJRU1RWCBU +ZXN0MRQwEgYDVQQDDAthdXRobi1odHRwczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5kOgBV1lOMZYPwhrDiOwwLoo+WdepKhubQ8isCiOsSZ7ubwzIh +gNjFZ+Q/dR78wHkuJpQTKukv1srl1PNlcHBs+4AUi6YwwsFq9pLiSv7+bsXTPCnF +rDfQpILKXilLFIrZB9aBFywlDOHdoiNSKveO9ihZSgRz71HLh2OVYt+ToNF35pZp +pPKM0WKQnOZDu+P505hzQ1aar6oUJKChEdV5OOQVmGz9pMjdHvjy5C9VS2xnIS2H +TOAot1FM66jwr4UgtD3QHnIBH/vAzeICS6Xf2FSuZjmeDOvtxCXbA5H7iWEsxGj3 +1yBJB3U72qLz/QSm101N+EKRg+jPi40O4Z8CAwEAAaMiMCAwCwYDVR0PBAQDAgWg +MBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQsFAAOCAgEAlUSYcgkJ0zTq +knAvCRwaHcNjPU1ZQryrp2oqiDLOzMJFMPJ144jcXhrY0UiG9kdxeMP6PjZw+JK9 +6KxMtgy8dE7mJQnnx8Ino5WYHncyzL6FPv1CJA153xHIepVrX58Amys2kauw4jga +vVzH6o4cyOvnWPx9iFNHrXIvWydxNF9iqejlN7HSSNDqz/kK3Ltzw0Hp5BN8vcwd +hFyDOxgJKKEY159TPjs9HTvUrOKx7Fmlc6D1kGyzOH2rEajGm6oLJZtB/2avPAT1 +8x3PAO+2PqmbwT5rW4koDKVNvDGrZ6YTK43GIx6o6B5Mlb8lxXFSpgkgPy85wx6C +D7E4bYoZbhY7WCqTSUIe4LpJq0iW4lx3oXV3WEPSBaaWwH34VtvSbASAhu1HYbZP +rTae8xXY/HaKH5YE71+AqkQ+IQ4760yWgxdiifT/4dIiWG0RFRdP6InPWpBGXIPg +rzETeEV1mIbO97xX93z4PNpi6UgAhwVTSrLYI+yKj8hfqx8GhBI2QBnW7t7W4gfa +NxwB64JfCZOWOob/dWwq+70zOIiLUquUVEYkjyGP/FVbh7W0h5tcEsSnc0igc6wF +FhQaI8NGOt53ScN2Lqxl8KboIQIHG3YOqrTaviSNNCQ5TOIMgZ5B43IuxLxT65yC +mfg8VCXY3BXCvqrKp+UyYQAD8ZzH5wU= +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/authn-https-server.key b/apps/emqx_authn/test/data/certs/authn-https-server.key new file mode 100644 index 000000000..fcd49b958 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/authn-https-server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAvmQ6AFXWU4xlg/CGsOI7DAuij5Z16kqG5tDyKwKI6xJnu5vD +MiGA2MVn5D91HvzAeS4mlBMq6S/WyuXU82VwcGz7gBSLpjDCwWr2kuJK/v5uxdM8 +KcWsN9CkgspeKUsUitkH1oEXLCUM4d2iI1Iq9472KFlKBHPvUcuHY5Vi35Og0Xfm +lmmk8ozRYpCc5kO74/nTmHNDVpqvqhQkoKER1Xk45BWYbP2kyN0e+PLkL1VLbGch +LYdM4Ci3UUzrqPCvhSC0PdAecgEf+8DN4gJLpd/YVK5mOZ4M6+3EJdsDkfuJYSzE +aPfXIEkHdTvaovP9BKbXTU34QpGD6M+LjQ7hnwIDAQABAoIBADOTAOdAWVuuh31T +NZlK30XnDPUqg+ygnaR+62rdN+u9w53dluXIj5eo+fipe/eV7imlZ8vq2U/rppq1 +4ZbBXtEFpKdQaXfuc4Njj0HAzSIAGE+8ZerG4l0IRtgrK5CyBvGJ0wa3V2ic7L1u +hVJeGseO0X2imltUcHrO0HEYcX0wjvS4mbLO1tW7CHLSdYv+74ndF73uKjuS55lH +uu2oEv+Lyz4lC0g3CjS8JyU0fjwmspwCk9R0Fui7s0OmDJLNTLwmCgRj/6i666za +EKRIRrMT6jg93sFfKcgcl89qK7JVJofn1zD4T78cAlYODW0sdHp2C4DXScRVz/bp +Xeq6hBECgYEA+c8cYS73rmyx6CphkR7W0HAeb2M1iq+EIge59zjhQK8vuSYl+A3Z +V3AsnwEflj9y9yH+tdxHHLA7nBM2s3VTqQcHzf7Kl5bJnmiy67N4G2439ICdinF4 +LpZi8MC03DsO8Ll0xIex2zZ7MWQSpRN5S3geOWL7aWdOzij+3LOHkLcCgYEAwxwl +pD4nFaXMK8yVE8o+rmLnft7SoqMQGuBam2G8bukxMJOUf+w1f848poljGGZ9iUY5 +LmgM0ZCpbtSvj0W2YfA4nwiV4rsNOHfCv2jxP8HVssTZ8mOZBnJn6nPmrL89zD/c +Hte4UziORBdp578ROt9tYLfTiXu0ZMjO++Fo/lkCgYAQl6oZ5mW7JysV8aKzYeoA +xEGxQlSvFoNfQ0Yd3qBPjJNN5/PDqx/Rh/jewtNXRnWbZp2ldLEgfbAn6LrMZrGc +24OwMglA0lon9GpV74C9ya9bxSMxq+HArmp59ULOEfonERppZ13v4omCOVRntIhs +89iGFUX/tUXtuZlcDWymtwKBgBqoK9Rm0Xw5rM2HJA8SIMI+rRY+Z1TlJnwljvuP +vOkCX0Adybo4kY6mpM60Ep/w0NICkClw+d9f/mYwFNRkV+jFo1bHG4NgvwuqASeZ +tOxbFVFZZ9WgGfYxh1UXBLsxXcYcK3zjSEHGhllzQXryNe5vPEhslTBBgIIMlYsA +XxHxAoGAX8UAWut6owblPbB3E4k6JFxRDOvbYIvKFEuAfpRbmna8af5jGUUxuOAp +q09fQHnrkJpjaSMIym0oiHyLe13+NPRQs+jeHH3hzAM44DFlh/fpE77Yd9ZFRqXq +IiCv5uA7sl+0WlQCmZFLvPFwZ3XAm9lDO+3IbMYBNpgLTt2+QQc= +-----END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/emqx_authn_http_SUITE.erl b/apps/emqx_authn/test/emqx_authn_http_SUITE.erl index 2c0716e8b..b52588124 100644 --- a/apps/emqx_authn/test/emqx_authn_http_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_http_SUITE.erl @@ -57,11 +57,11 @@ init_per_testcase(_Case, Config) -> emqx_authn_test_lib:delete_authenticators( [authentication], ?GLOBAL), - emqx_authn_http_test_server:start(?HTTP_PORT, ?HTTP_PATH), + {ok, _} = emqx_authn_http_test_server:start_link(?HTTP_PORT, ?HTTP_PATH), Config. end_per_testcase(_Case, _Config) -> - ok = emqx_authn_http_test_server:stop() . + ok = emqx_authn_http_test_server:stop(). %%------------------------------------------------------------------------------ %% Tests @@ -118,7 +118,7 @@ test_user_auth(#{handler := Handler, ?PATH, {create_authenticator, ?GLOBAL, AuthConfig}), - emqx_authn_http_test_server:set_handler(Handler), + ok = emqx_authn_http_test_server:set_handler(Handler), ?assertEqual(Result, emqx_access_control:authenticate(?CREDENTIALS)), @@ -221,15 +221,15 @@ test_is_superuser({Kind, Value, ExpectedValue}) -> iolist_to_binary([<<"is_superuser=">>, Value])} end, - emqx_authn_http_test_server:set_handler( - fun(Req0, State) -> - Req = cowboy_req:reply( - 200, - #{<<"content-type">> => ContentType}, - Res, - Req0), - {ok, Req, State} - end), + ok = emqx_authn_http_test_server:set_handler( + fun(Req0, State) -> + Req = cowboy_req:reply( + 200, + #{<<"content-type">> => ContentType}, + Res, + Req0), + {ok, Req, State} + end), ?assertMatch( {ok, #{is_superuser := ExpectedValue}}, diff --git a/apps/emqx_authn/test/emqx_authn_http_test_server.erl b/apps/emqx_authn/test/emqx_authn_http_test_server.erl index 4896a8b13..caeb798ab 100644 --- a/apps/emqx_authn/test/emqx_authn_http_test_server.erl +++ b/apps/emqx_authn/test/emqx_authn_http_test_server.erl @@ -16,20 +16,18 @@ -module(emqx_authn_http_test_server). --behaviour(gen_server). +-behaviour(supervisor). -behaviour(cowboy_handler). % cowboy_server callbacks -export([init/2]). -% gen_server callbacks --export([init/1, - handle_call/3, - handle_cast/2 - ]). +% supervisor callbacks +-export([init/1]). % API --export([start/2, +-export([start_link/2, + start_link/3, stop/0, set_handler/1 ]). @@ -38,52 +36,70 @@ %% API %%------------------------------------------------------------------------------ -start(Port, Path) -> - Dispatch = cowboy_router:compile([ - {'_', [{Path, ?MODULE, []}]} - ]), - {ok, _} = cowboy:start_clear(?MODULE, - [{port, Port}], - #{env => #{dispatch => Dispatch}} - ), - {ok, _} = gen_server:start_link({local, ?MODULE}, ?MODULE, [], []), - ok. +start_link(Port, Path) -> + start_link(Port, Path, false). + +start_link(Port, Path, SSLOpts) -> + supervisor:start_link({local, ?MODULE}, ?MODULE, [Port, Path, SSLOpts]). stop() -> - gen_server:stop(?MODULE), - cowboy:stop_listener(?MODULE). + gen_server:stop(?MODULE). set_handler(F) when is_function(F, 2) -> - gen_server:call(?MODULE, {set_handler, F}). + true = ets:insert(?MODULE, {handler, F}), + ok. %%------------------------------------------------------------------------------ -%% gen_server API +%% supervisor API %%------------------------------------------------------------------------------ -init([]) -> - F = fun(Req0, State) -> - Req = cowboy_req:reply( - 400, - #{<<"content-type">> => <<"text/plain">>}, - <<"">>, - Req0), - {ok, Req, State} - end, - {ok, F}. +init([Port, Path, SSLOpts]) -> + Dispatch = cowboy_router:compile( + [ + {'_', [{Path, ?MODULE, []}]} + ]), + + ProtoOpts = #{env => #{dispatch => Dispatch}}, -handle_cast(_, F) -> - {noreply, F}. + Tab = ets:new(?MODULE, [set, named_table, public]), + ets:insert(Tab, {handler, fun default_handler/2}), -handle_call({set_handler, F}, _From, _F) -> - {reply, ok, F}; + {Transport, TransOpts, CowboyModule} = transport_settings(Port, SSLOpts), -handle_call(get_handler, _From, F) -> - {reply, F, F}. + ChildSpec = ranch:child_spec(?MODULE, Transport, TransOpts, CowboyModule, ProtoOpts), + + {ok, {{one_for_one, 10, 10}, [ChildSpec]}}. %%------------------------------------------------------------------------------ %% cowboy_server API %%------------------------------------------------------------------------------ init(Req, State) -> - Handler = gen_server:call(?MODULE, get_handler), + [{handler, Handler}] = ets:lookup(?MODULE, handler), Handler(Req, State). + +%%------------------------------------------------------------------------------ +%% Internal functions +%%------------------------------------------------------------------------------ + +transport_settings(Port, false) -> + TransOpts = #{socket_opts => [{port, Port}], + connection_type => supervisor}, + {ranch_tcp, TransOpts, cowboy_clear}; + +transport_settings(Port, SSLOpts) -> + TransOpts = #{socket_opts => [{port, Port}, + {next_protocols_advertised, [<<"h2">>, <<"http/1.1">>]}, + {alpn_preferred_protocols, [<<"h2">>, <<"http/1.1">>]} + | SSLOpts], + connection_type => supervisor}, + {ranch_ssl, TransOpts, cowboy_tls}. + +default_handler(Req0, State) -> + Req = cowboy_req:reply( + 400, + #{<<"content-type">> => <<"text/plain">>}, + <<"">>, + Req0), + {ok, Req, State}. + diff --git a/apps/emqx_authn/test/emqx_authn_https_SUITE.erl b/apps/emqx_authn/test/emqx_authn_https_SUITE.erl new file mode 100644 index 000000000..d70946bcd --- /dev/null +++ b/apps/emqx_authn/test/emqx_authn_https_SUITE.erl @@ -0,0 +1,166 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- + +-module(emqx_authn_https_SUITE). + +-compile(nowarn_export_all). +-compile(export_all). + +-include("emqx_authn.hrl"). +-include_lib("eunit/include/eunit.hrl"). +-include_lib("common_test/include/ct.hrl"). +-include_lib("emqx/include/emqx_placeholder.hrl"). + +-define(PATH, [?CONF_NS_ATOM]). + +-define(HTTPS_PORT, 33333). +-define(HTTPS_PATH, "/auth"). +-define(CREDENTIALS, #{username => <<"plain">>, + password => <<"plain">>, + listener => 'tcp:default', + protocol => mqtt + }). + + +all() -> + emqx_common_test_helpers:all(?MODULE). + +init_per_suite(Config) -> + _ = application:load(emqx_conf), + emqx_common_test_helpers:start_apps([emqx_authn]), + application:ensure_all_started(cowboy), + Config. + +end_per_suite(_) -> + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + emqx_common_test_helpers:stop_apps([emqx_authn]), + application:stop(cowboy), + ok. + +init_per_testcase(_Case, Config) -> + {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000), + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + {ok, _} = emqx_authn_http_test_server:start_link(?HTTPS_PORT, ?HTTPS_PATH, server_ssl_opts()), + ok = emqx_authn_http_test_server:set_handler(fun cowboy_handler/2), + Config. + +end_per_testcase(_Case, _Config) -> + ok = emqx_authn_http_test_server:stop(). + +%%------------------------------------------------------------------------------ +%% Tests +%%------------------------------------------------------------------------------ + +t_create(_Config) -> + {ok, _} = create_https_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"authn-https">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.2">>], + <<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]}), + + ?assertMatch( + {ok, _}, + emqx_access_control:authenticate(?CREDENTIALS)). + +t_create_invalid_domain(_Config) -> + {ok, _} = create_https_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"authn-https-unknown-host">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.2">>], + <<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]}), + + ?assertEqual( + {error, not_authorized}, + emqx_access_control:authenticate(?CREDENTIALS)). + +t_create_invalid_version(_Config) -> + {ok, _} = create_https_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"authn-https">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.1">>]}), + + ?assertEqual( + {error, not_authorized}, + emqx_access_control:authenticate(?CREDENTIALS)). + +t_create_invalid_ciphers(_Config) -> + {ok, _} = create_https_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"authn-https">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.2">>], + <<"ciphers">> => [<<"ECDHE-ECDSA-AES256-SHA384">>]}), + + ?assertEqual( + {error, not_authorized}, + emqx_access_control:authenticate(?CREDENTIALS)). + +%%------------------------------------------------------------------------------ +%% Helpers +%%------------------------------------------------------------------------------ + +create_https_auth_with_ssl_opts(SpecificSSLOpts) -> + AuthConfig = raw_https_auth_config(SpecificSSLOpts), + emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, AuthConfig}). + +raw_https_auth_config(SpecificSSLOpts) -> + SSLOpts = maps:merge( + client_ssl_opts(), + #{enable => <<"true">>}), + #{ + mechanism => <<"password-based">>, + enable => <<"true">>, + + backend => <<"http">>, + method => <<"get">>, + url => <<"https://127.0.0.1:33333/auth">>, + body => #{<<"username">> => ?PH_USERNAME, <<"password">> => ?PH_PASSWORD}, + headers => #{<<"X-Test-Header">> => <<"Test Value">>}, + ssl => maps:merge(SSLOpts, SpecificSSLOpts) + }. + +start_apps(Apps) -> + lists:foreach(fun application:ensure_all_started/1, Apps). + +stop_apps(Apps) -> + lists:foreach(fun application:stop/1, Apps). + +cert_path(FileName) -> + Dir = code:lib_dir(emqx_authn, test), + filename:join([Dir, <<"data/certs">>, FileName]). + +cowboy_handler(Req0, State) -> + Req = cowboy_req:reply( + 200, + Req0), + {ok, Req, State}. + +client_ssl_opts() -> + #{keyfile => cert_path("authn-https-client.key"), + certfile => cert_path("authn-https-client.crt"), + cacertfile => cert_path("authn-https-ca.crt")}. + +server_ssl_opts() -> + [{keyfile, cert_path("authn-https-server.key")}, + {certfile, cert_path("authn-https-server.crt")}, + {cacertfile, cert_path("authn-https-ca.crt")}, + {verify, verify_none}, + {versions, ['tlsv1.2', 'tlsv1.3']}, + {ciphers, ["ECDHE-RSA-AES256-GCM-SHA384", "TLS_CHACHA20_POLY1305_SHA256"]} + ]. diff --git a/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl b/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl index 0a166616a..7cf628392 100644 --- a/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl @@ -156,7 +156,7 @@ t_jwt_authenticator_public_key(_) -> ok. t_jwks_renewal(_Config) -> - ok = emqx_authn_http_test_server:start(?JWKS_PORT, ?JWKS_PATH), + {ok, _} = emqx_authn_http_test_server:start_link(?JWKS_PORT, ?JWKS_PATH), ok = emqx_authn_http_test_server:set_handler(fun jwks_handler/2), PrivateKey = test_rsa_key(private), diff --git a/apps/emqx_connector/src/emqx_connector_http.erl b/apps/emqx_connector/src/emqx_connector_http.erl index 2b9bd48aa..55de39ef5 100644 --- a/apps/emqx_connector/src/emqx_connector_http.erl +++ b/apps/emqx_connector/src/emqx_connector_http.erl @@ -203,10 +203,12 @@ on_query(InstId, {KeyOrNum, Method, Request, Timeout}, AfterQuery, request => Request, connector => InstId, state => State}), NRequest = update_path(BasePath, Request), - case Result = ehttpc:request(case KeyOrNum of - undefined -> PoolName; - _ -> {PoolName, KeyOrNum} - end, Method, NRequest, Timeout) of + Name = case KeyOrNum of + undefined -> PoolName; + _ -> {PoolName, KeyOrNum} + end, + Result = ehttpc:request(Name, Method, NRequest, Timeout), + case Result of {error, Reason} -> ?SLOG(error, #{msg => "http connector do reqeust failed", request => NRequest, reason => Reason, From 2b3d3ebb0ad0fea184137068a8eef6bac367bcef Mon Sep 17 00:00:00 2001 From: Ilya Averyanov Date: Wed, 29 Dec 2021 14:34:30 +0300 Subject: [PATCH 6/8] chore(authn): test JWT authn with HTTPS key server --- .../src/simple_authn/emqx_authn_jwt.erl | 4 +- apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl | 85 +++++++++++++------ 2 files changed, 63 insertions(+), 26 deletions(-) diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl index 9295e5c7e..a1fcbe0d6 100644 --- a/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl +++ b/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl @@ -114,8 +114,8 @@ certfile(_) -> undefined. keyfile(type) -> string(); keyfile(_) -> undefined. -verify(type) -> boolean(); -verify(default) -> false; +verify(type) -> hoconsc:enum([verify_peer, verify_none]); +verify(default) -> verify_none; verify(_) -> undefined. server_name_indication(type) -> string(); diff --git a/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl b/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl index 7cf628392..ea16664f4 100644 --- a/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl @@ -23,8 +23,6 @@ -include_lib("eunit/include/eunit.hrl"). -include_lib("snabbkaffe/include/snabbkaffe.hrl"). --include("emqx_authn.hrl"). - -define(AUTHN_ID, <<"mechanism:jwt">>). -define(JWKS_PORT, 33333). @@ -156,7 +154,7 @@ t_jwt_authenticator_public_key(_) -> ok. t_jwks_renewal(_Config) -> - {ok, _} = emqx_authn_http_test_server:start_link(?JWKS_PORT, ?JWKS_PATH), + {ok, _} = emqx_authn_http_test_server:start_link(?JWKS_PORT, ?JWKS_PATH, server_ssl_opts()), ok = emqx_authn_http_test_server:set_handler(fun jwks_handler/2), PrivateKey = test_rsa_key(private), @@ -164,45 +162,63 @@ t_jwks_renewal(_Config) -> JWS = generate_jws('public-key', Payload, PrivateKey), Credential = #{username => <<"myuser">>, password => JWS}, + + BadConfig0 = #{mechanism => jwt, + algorithm => 'public-key', + ssl => #{enable => false}, + verify_claims => [], - BadConfig = #{mechanism => jwt, - algorithm => 'public-key', - ssl => #{enable => false}, - verify_claims => [], - - use_jwks => true, - endpoint => "http://127.0.0.1:" ++ integer_to_list(?JWKS_PORT + 1) ++ ?JWKS_PATH, - refresh_interval => 1000 - }, + use_jwks => true, + endpoint => "https://127.0.0.1:" ++ integer_to_list(?JWKS_PORT + 1) ++ ?JWKS_PATH, + refresh_interval => 1000 + }, ok = snabbkaffe:start_trace(), {{ok, State0}, _} = ?wait_async_action( - emqx_authn_jwt:create(?AUTHN_ID, BadConfig), + emqx_authn_jwt:create(?AUTHN_ID, BadConfig0), #{?snk_kind := jwks_endpoint_response}, - 1000), + 10000), ok = snabbkaffe:stop(), ?assertEqual(ignore, emqx_authn_jwt:authenticate(Credential, State0)), ?assertEqual(ignore, emqx_authn_jwt:authenticate(Credential#{password => <<"badpassword">>}, State0)), - GoodConfig = BadConfig#{endpoint => - "http://127.0.0.1:" ++ integer_to_list(?JWKS_PORT) ++ ?JWKS_PATH}, + ClientSSLOpts = client_ssl_opts(), + BadClientSSLOpts = ClientSSLOpts#{server_name_indication => "authn-https-unknown-host"}, + + BadConfig1 = BadConfig0#{endpoint => + "https://127.0.0.1:" ++ integer_to_list(?JWKS_PORT) ++ ?JWKS_PATH, + ssl => BadClientSSLOpts}, ok = snabbkaffe:start_trace(), {{ok, State1}, _} = ?wait_async_action( - emqx_authn_jwt:update(GoodConfig, State0), + emqx_authn_jwt:create(?AUTHN_ID, BadConfig1), #{?snk_kind := jwks_endpoint_response}, - 1000), + 10000), ok = snabbkaffe:stop(), - ?assertEqual({ok, #{is_superuser => false}}, emqx_authn_jwt:authenticate(Credential, State1)), - ?assertEqual(ignore, emqx_authn_jwt:authenticate(Credential#{password => <<"badpassword">>}, State1)), + ?assertEqual(ignore, emqx_authn_jwt:authenticate(Credential, State1)), + ?assertEqual(ignore, emqx_authn_jwt:authenticate(Credential#{password => <<"badpassword">>}, State0)), - ?assertEqual(ok, emqx_authn_jwt:destroy(State1)), + GoodConfig = BadConfig1#{ssl => ClientSSLOpts}, + + ok = snabbkaffe:start_trace(), + + {{ok, State2}, _} = ?wait_async_action( + emqx_authn_jwt:update(GoodConfig, State1), + #{?snk_kind := jwks_endpoint_response}, + 10000), + + ok = snabbkaffe:stop(), + + ?assertEqual({ok, #{is_superuser => false}}, emqx_authn_jwt:authenticate(Credential, State2)), + ?assertEqual(ignore, emqx_authn_jwt:authenticate(Credential#{password => <<"badpassword">>}, State2)), + + ?assertEqual(ok, emqx_authn_jwt:destroy(State2)), ok = emqx_authn_http_test_server:stop(). %%------------------------------------------------------------------------------ @@ -220,12 +236,17 @@ jwks_handler(Req0, State) -> {ok, Req, State}. test_rsa_key(public) -> - Dir = code:lib_dir(emqx_authn, test), - list_to_binary(filename:join([Dir, "data/public_key.pem"])); + data_file("public_key.pem"); test_rsa_key(private) -> + data_file("private_key.pem"). + +data_file(Name) -> Dir = code:lib_dir(emqx_authn, test), - list_to_binary(filename:join([Dir, "data/private_key.pem"])). + list_to_binary(filename:join([Dir, "data", Name])). + +cert_file(Name) -> + data_file(filename:join(["certs", Name])). generate_jws('hmac-based', Payload, Secret) -> JWK = jose_jwk:from_oct(Secret), @@ -243,3 +264,19 @@ generate_jws('public-key', Payload, PrivateKey) -> Signed = jose_jwt:sign(JWK, Header, Payload), {_, JWS} = jose_jws:compact(Signed), JWS. + +client_ssl_opts() -> + #{keyfile => cert_file("authn-https-client.key"), + certfile => cert_file("authn-https-client.crt"), + cacertfile => cert_file("authn-https-ca.crt"), + enable => true, + verify => verify_peer, + server_name_indication => "authn-https" + }. + +server_ssl_opts() -> + [{keyfile, cert_file("authn-https-server.key")}, + {certfile, cert_file("authn-https-server.crt")}, + {cacertfile, cert_file("authn-https-ca.crt")}, + {verify, verify_none} + ]. From 720866994633a6f9dba61a1a5a27dfb6364b17dd Mon Sep 17 00:00:00 2001 From: Ilya Averyanov Date: Thu, 30 Dec 2021 12:47:20 +0300 Subject: [PATCH 7/8] chore(authn): reduce number of pre-generated certificates, refactor tests --- .ci/docker-compose-file/certs/ca.crt | 29 +++++++++++ .ci/docker-compose-file/certs/ca.key | 51 +++++++++++++++++++ .ci/docker-compose-file/certs/server.crt | 24 +++++++++ .ci/docker-compose-file/certs/server.key | 27 ++++++++++ .../docker-compose-mongo-single-tls.yaml | 6 +-- .../docker-compose-mysql-tls.yaml | 6 +-- .../docker-compose-pgsql-tls.yaml | 4 +- .../docker-compose-redis-single-tls.yaml | 6 +-- .ci/docker-compose-file/mongo/certs/ca.crt | 29 ----------- .ci/docker-compose-file/mongo/certs/ca.key | 51 ------------------- .../mongo/certs/client.crt | 24 --------- .../mongo/certs/client.key | 27 ---------- .../mongo/certs/server.crt | 24 --------- .../mongo/certs/server.key | 27 ---------- .ci/docker-compose-file/mysql/certs/ca.crt | 29 ----------- .ci/docker-compose-file/mysql/certs/ca.key | 51 ------------------- .../mysql/certs/client.crt | 24 --------- .../mysql/certs/client.key | 27 ---------- .../mysql/certs/server.crt | 24 --------- .../mysql/certs/server.key | 27 ---------- .ci/docker-compose-file/pgsql/Dockerfile | 2 +- .ci/docker-compose-file/pgsql/certs/ca.crt | 29 ----------- .ci/docker-compose-file/pgsql/certs/ca.key | 51 ------------------- .../pgsql/certs/client.crt | 24 --------- .../pgsql/certs/client.key | 27 ---------- .../pgsql/certs/server.crt | 24 --------- .../pgsql/certs/server.key | 27 ---------- .ci/docker-compose-file/redis/certs/ca.crt | 29 ----------- .ci/docker-compose-file/redis/certs/ca.key | 51 ------------------- .../redis/certs/client.crt | 24 --------- .../redis/certs/client.key | 27 ---------- .../redis/certs/dhparam2048.pem | 8 --- .../redis/certs/openssl.cnf | 7 --- .../redis/certs/server.crt | 24 --------- .../redis/certs/server.key | 27 ---------- .../test/data/certs/authn-https-ca.crt | 29 ----------- .../test/data/certs/authn-https-ca.key | 51 ------------------- .../test/data/certs/authn-https-client.crt | 24 --------- .../test/data/certs/authn-https-client.key | 27 ---------- .../test/data/certs/authn-https-server.crt | 24 --------- .../test/data/certs/authn-https-server.key | 27 ---------- apps/emqx_authn/test/data/certs/ca.crt | 29 +++++++++++ apps/emqx_authn/test/data/certs/client.crt | 24 +++++++++ apps/emqx_authn/test/data/certs/client.key | 27 ++++++++++ .../test/data/certs/mongo-tls-ca.crt | 29 ----------- .../test/data/certs/mongo-tls-client.crt | 24 --------- .../test/data/certs/mongo-tls-client.key | 27 ---------- .../test/data/certs/mysql-tls-ca.crt | 29 ----------- .../test/data/certs/mysql-tls-client.crt | 24 --------- .../test/data/certs/mysql-tls-client.key | 27 ---------- .../test/data/certs/pgsql-tls-ca.crt | 29 ----------- .../test/data/certs/pgsql-tls-client.crt | 24 --------- .../test/data/certs/pgsql-tls-client.key | 27 ---------- .../test/data/certs/redis-tls-ca.crt | 29 ----------- .../test/data/certs/redis-tls-client.crt | 24 --------- .../test/data/certs/redis-tls-client.key | 27 ---------- apps/emqx_authn/test/data/certs/server.crt | 24 +++++++++ apps/emqx_authn/test/data/certs/server.key | 27 ++++++++++ .../test/emqx_authn_http_test_server.erl | 2 +- .../test/emqx_authn_https_SUITE.erl | 21 +++----- apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl | 21 ++++---- .../test/emqx_authn_mongo_tls_SUITE.erl | 18 +++---- .../test/emqx_authn_mysql_tls_SUITE.erl | 20 +++----- .../test/emqx_authn_pgsql_tls_SUITE.erl | 25 +++------ .../test/emqx_authn_redis_tls_SUITE.erl | 24 ++------- apps/emqx_authn/test/emqx_authn_test_lib.erl | 5 ++ 66 files changed, 323 insertions(+), 1344 deletions(-) create mode 100644 .ci/docker-compose-file/certs/ca.crt create mode 100644 .ci/docker-compose-file/certs/ca.key create mode 100644 .ci/docker-compose-file/certs/server.crt create mode 100644 .ci/docker-compose-file/certs/server.key delete mode 100644 .ci/docker-compose-file/mongo/certs/ca.crt delete mode 100644 .ci/docker-compose-file/mongo/certs/ca.key delete mode 100644 .ci/docker-compose-file/mongo/certs/client.crt delete mode 100644 .ci/docker-compose-file/mongo/certs/client.key delete mode 100644 .ci/docker-compose-file/mongo/certs/server.crt delete mode 100644 .ci/docker-compose-file/mongo/certs/server.key delete mode 100644 .ci/docker-compose-file/mysql/certs/ca.crt delete mode 100644 .ci/docker-compose-file/mysql/certs/ca.key delete mode 100644 .ci/docker-compose-file/mysql/certs/client.crt delete mode 100644 .ci/docker-compose-file/mysql/certs/client.key delete mode 100644 .ci/docker-compose-file/mysql/certs/server.crt delete mode 100644 .ci/docker-compose-file/mysql/certs/server.key delete mode 100644 .ci/docker-compose-file/pgsql/certs/ca.crt delete mode 100644 .ci/docker-compose-file/pgsql/certs/ca.key delete mode 100644 .ci/docker-compose-file/pgsql/certs/client.crt delete mode 100644 .ci/docker-compose-file/pgsql/certs/client.key delete mode 100644 .ci/docker-compose-file/pgsql/certs/server.crt delete mode 100644 .ci/docker-compose-file/pgsql/certs/server.key delete mode 100644 .ci/docker-compose-file/redis/certs/ca.crt delete mode 100644 .ci/docker-compose-file/redis/certs/ca.key delete mode 100644 .ci/docker-compose-file/redis/certs/client.crt delete mode 100644 .ci/docker-compose-file/redis/certs/client.key delete mode 100644 .ci/docker-compose-file/redis/certs/dhparam2048.pem delete mode 100644 .ci/docker-compose-file/redis/certs/openssl.cnf delete mode 100644 .ci/docker-compose-file/redis/certs/server.crt delete mode 100644 .ci/docker-compose-file/redis/certs/server.key delete mode 100644 apps/emqx_authn/test/data/certs/authn-https-ca.crt delete mode 100644 apps/emqx_authn/test/data/certs/authn-https-ca.key delete mode 100644 apps/emqx_authn/test/data/certs/authn-https-client.crt delete mode 100644 apps/emqx_authn/test/data/certs/authn-https-client.key delete mode 100644 apps/emqx_authn/test/data/certs/authn-https-server.crt delete mode 100644 apps/emqx_authn/test/data/certs/authn-https-server.key create mode 100644 apps/emqx_authn/test/data/certs/ca.crt create mode 100644 apps/emqx_authn/test/data/certs/client.crt create mode 100644 apps/emqx_authn/test/data/certs/client.key delete mode 100644 apps/emqx_authn/test/data/certs/mongo-tls-ca.crt delete mode 100644 apps/emqx_authn/test/data/certs/mongo-tls-client.crt delete mode 100644 apps/emqx_authn/test/data/certs/mongo-tls-client.key delete mode 100644 apps/emqx_authn/test/data/certs/mysql-tls-ca.crt delete mode 100644 apps/emqx_authn/test/data/certs/mysql-tls-client.crt delete mode 100644 apps/emqx_authn/test/data/certs/mysql-tls-client.key delete mode 100644 apps/emqx_authn/test/data/certs/pgsql-tls-ca.crt delete mode 100644 apps/emqx_authn/test/data/certs/pgsql-tls-client.crt delete mode 100644 apps/emqx_authn/test/data/certs/pgsql-tls-client.key delete mode 100644 apps/emqx_authn/test/data/certs/redis-tls-ca.crt delete mode 100644 apps/emqx_authn/test/data/certs/redis-tls-client.crt delete mode 100644 apps/emqx_authn/test/data/certs/redis-tls-client.key create mode 100644 apps/emqx_authn/test/data/certs/server.crt create mode 100644 apps/emqx_authn/test/data/certs/server.key diff --git a/.ci/docker-compose-file/certs/ca.crt b/.ci/docker-compose-file/certs/ca.crt new file mode 100644 index 000000000..8a9dafccd --- /dev/null +++ b/.ci/docker-compose-file/certs/ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQCF3o0gIdaNDjANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MzAwODQxMTFaFw00OTA1MTcwODQxMTFaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAqmqSrxyH16j63QhqGLT1UO8I+m6BM3HfnJQM8laQdtJ0 +WgHqCh0/OphH3S7v4SfF4fNJDEJWMWuuzJzU9cTqHPLzhvo3+ZHcMIENgtY2p2Cf +7AQjEqFViEDyv2ZWNEe76BJeShntdY5NZr4gIPar99YGG/Ln8YekspleV+DU38rE +EX9WzhgBr02NN9z4NzIxeB+jdvPnxcXs3WpUxzfnUjOQf/T1tManvSdRbFmKMbxl +A8NLYK3oAYm8EbljWUINUNN6loqYhbigKv8bvo5S4xvRqmX86XB7sc0SApngtNcg +O0EKn8z/KVPDskE+8lMfGMiU2e2Tzw6Rph57mQPOPtIp5hPiKRik7ST9n0p6piXW +zRLplJEzSjf40I1u+VHmpXlWI/Fs8b1UkDSMiMVJf0LyWb4ziBSZOY2LtZzWHbWj +LbNgxQcwSS29tKgUwfEFmFcm+iOM59cPfkl2IgqVLh5h4zmKJJbfQKSaYb5fcKRf +50b1qsN40VbR3Pk/0lJ0/WqgF6kZCExmT1qzD5HJES/5grjjKA4zIxmHOVU86xOF +ouWvtilVR4PGkzmkFvwK5yRhBUoGH/A9BurhqOc0QCGay1kqHQFA6se4JJS+9KOS +x8Rn1Nm6Pi7sd6Le3cKmHTlyl5a/ofKqTCX2Qh+v/7y62V1V1wnoh3ipRjdPTnMC +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEARCqaocvlMFUQjtFtepO2vyG1krn11xJ0 +e7md26i+g8SxCCYqQ9IqGmQBg0Im8fyNDKRN/LZoj5+A4U4XkG1yya91ZIrPpWyF +KUiRAItchNj3g1kHmI2ckl1N//6Kpx3DPaS7qXZaN3LTExf6Ph+StE1FnS0wVF+s +tsNIf6EaQ+ZewW3pjdlLeAws3jvWKUkROc408Ngvx74zbbKo/zAC4tz8oH9ZcpsT +WD8enVVEeUQKI6ItcpZ9HgTI9TFWgfZ1vYwvkoRwNIeabYI62JKmLEo2vGfGwWKr +c+GjnJ/tlVI2DpPljfWOnQ037/7yyJI/zo65+HPRmGRD6MuW/BdPDYOvOZUTcQKh +kANi5THSbJJgZcG3jb1NLebaUQ1H0zgVjn0g3KhUV+NJQYk8RQ7rHtB+MySqTKlM +kRkRjfTfR0Ykxpks7Mjvsb6NcZENf08ZFPd45+e/ptsxpiKu4e4W4bV7NZDvNKf9 +0/aD3oGYNMiP7s+KJ1lRSAjnBuG21Yk8FpzG+yr8wvJhV8aFgNQ5wIH86SuUTmN0 +5bVzFEIcUejIwvGoQEctNHBlOwHrb7zmB6OwyZeMapdXBQ+9UDhYg8ehDqdDOdfn +wsBcnjD2MwNhlE1hjL+tZWLNwSHiD6xx3LvNoXZu2HK8Cp3SOrkE69cFghYMIZZb +T+fp6tNL6LE= +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/certs/ca.key b/.ci/docker-compose-file/certs/ca.key new file mode 100644 index 000000000..16f9dd2b5 --- /dev/null +++ b/.ci/docker-compose-file/certs/ca.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAqmqSrxyH16j63QhqGLT1UO8I+m6BM3HfnJQM8laQdtJ0WgHq +Ch0/OphH3S7v4SfF4fNJDEJWMWuuzJzU9cTqHPLzhvo3+ZHcMIENgtY2p2Cf7AQj +EqFViEDyv2ZWNEe76BJeShntdY5NZr4gIPar99YGG/Ln8YekspleV+DU38rEEX9W +zhgBr02NN9z4NzIxeB+jdvPnxcXs3WpUxzfnUjOQf/T1tManvSdRbFmKMbxlA8NL +YK3oAYm8EbljWUINUNN6loqYhbigKv8bvo5S4xvRqmX86XB7sc0SApngtNcgO0EK +n8z/KVPDskE+8lMfGMiU2e2Tzw6Rph57mQPOPtIp5hPiKRik7ST9n0p6piXWzRLp +lJEzSjf40I1u+VHmpXlWI/Fs8b1UkDSMiMVJf0LyWb4ziBSZOY2LtZzWHbWjLbNg +xQcwSS29tKgUwfEFmFcm+iOM59cPfkl2IgqVLh5h4zmKJJbfQKSaYb5fcKRf50b1 +qsN40VbR3Pk/0lJ0/WqgF6kZCExmT1qzD5HJES/5grjjKA4zIxmHOVU86xOFouWv +tilVR4PGkzmkFvwK5yRhBUoGH/A9BurhqOc0QCGay1kqHQFA6se4JJS+9KOSx8Rn +1Nm6Pi7sd6Le3cKmHTlyl5a/ofKqTCX2Qh+v/7y62V1V1wnoh3ipRjdPTnMCAwEA +AQKCAgAoIMA5i7ZRCfFIatrQxoudayvqDGtP+dh1vkbuKYQK9rN/HkRF7W0eFw2U +/6BsnDj0Y50nzdcN/BVFCQj8dknKV0sQ1Yqosbfvk/Pigx6Ley0tHixEDsldNC30 +89wIo3uTwf+B42kO7Vs8fjiCipMj4Lm/iwsizJXzmDmm58I4kD5rAFkoXm7HILPI +G7g3BxKu/oQ3VmeVIm4MFSWxY3CM4qd7+eqBjuWgnMmHge4QmBQRNsNhGJIxCoXG +hqjmM69/AM009Z3EnxzYAwo9bLYH1F0iirFrJpl53JgJFMLc0ms8iKw/xL2wtZC3 +QLXZycjgxRqH1nGfqAaT30mrVkISFnfNdWmILcBqAQs7lsUL1dYrd7RjwhMsRCy7 +KMNR7IlevtjgqRXON6xhJELhXoexubAq5giVLkhwREQIYNr6Cq9WAg6C30oYZMoL +EBTtRciyq/S0Tp2gsUI5beWIhe3B83ZDFc6mxqwhOrd+9kK3gRba3KX1m1Ikp60T +JqFCVzm1vVrcQUJm2xDSeP6d5qSkE+9LEsI+oJhBj7mNHZtkcTXBev8uCgm3QAbB +X/9vH+jhio3RgvK1rSsLwUou40MS81xZOBSyXvixgefQpnbAoI1Ou5wekBB36gek +i9OqKFxmI7f0rwVXcSFmXr/vpXi6UOeGsvz+icbGoGrnPKHswQKCAQEA1SYj/KHe +o/9fPYBAOp66jab8gKB2QcnIskXiEpO1bbCrKfJ0mGmcKiRJJbynC6JGwiWCrLvp +Qgkwk67jziUrCaJ8kEWuK3wTR+I+i/XLQOv2iPSouBHXAeokUHlRNJTrEC23dCyg +jvgQXE7OEwk0UHTUsNm40Whv4uGgJTAkwALCWJyhTazF2xpKTyifQ+zcxFdAipte +T5ErlrHIMJkDo4OzMBfXHcuxb5YG87eU1wxZ+76CcYv51xu8TY6cUyNsXM4OA6UT +drgfaQXVpCMCdbGbh0RwBC4spgWRk9F5m5w78K0ZWI2PSykCOyVySh+dgURnn2kE +Cmzo70TjvEPYRQKCAQEAzK0qULtaqIbm7efcktWjv/eGBeEl5nSMalgJEFCJkTYw +UerLDUKmLClc8dBzrybAglx9hJpWYYg6qioc+TxhIF4b8lNo6QZ/LElZRriv6GdC +tP3kiqLCBUWOQkLp3GZRoixdeF0snll0YeV+eQLuGQWMn2Kkjb0J1VHdvuMSKL2p +PHieogwsuE2FNslctVUxOc+ph1/JKq2cEsYZkVKEn79FS63AXlpzz3px4mCDN5Lm +BK5BRgbP+HiZo3ac4L2DoxpMuLCGoIN6X3iJXINo1akuNtp/1n4AX6LXZytI4UGk +xBeAhBnP7QghtAi1u63ZYUE70cVAPV7ybG+JxVgDVwKCAQEAxdmWc+1I/Y+RN0Qx +2nf2EICdR0QrIRwNmDU4CShks0HXT6OHyOXXGGMAJvA7Wpgx+Arbhj0S4sIm/h7L +xFFJ5rKVz1Fuv1x3hTUj+8SW+1dMS4pWhi3BFzzgonZKA3Xrz+Ovsz2td6gZf6WC +sbbMgZZAyzv9yxuXJ9FpVruekUC+Z4RUUgZ6zctUiK/bTjCyJ+oZtc9MNq04+bNi +cIHIF+Kq1Ix8mGK3/C0VnOqeVRNY/02yRXW53osXOiKTRrTN5EM8TPPQ4lU8ir7o +tWft45OOG3xSQf8eYKkwnTZHHENkfB4hNcqI5SpWsNIsiVNZX2FAkn7nSkoX2eln +Pxz2xQKCAQA/tedmGeuuac+YXoQacMX4C2R8kAjsI3tR3vVzTp6DxQpldWCfUA/J +z1ZPL0PTUYy7B29Kx3/7/BvGvDUon9Lb8G9ijvQpFQyhDHPtv6+B+CKblCx/uwoJ ++gy+M3X4VSE0CftObDJnWBESKA2mPXM/9qo/MsVmGWHmNQWBVc1hQShc2m8GoiOJ +exfsZeGl0E7yX+G1cet8jW33qhJrWfROhYtcc0leFWnXO5YXkVNHCULwUg2fbp9u +CJxKdbF/g35mVtlq5AgEDukYrryTP5RybaclC/6fFbmoC1hhlOeqtnRDVc17UU2X +yuAy2kM3mHYB//xO38ePUu7DMjUAaNUhAoIBAQCpgXw+8oxbXWJUz9xfiJIaDI5d +O2KLkywv+JYUZPHGwb6MjiQ+fh2NOPvdoAy8I4/BBVtelD8BRQIWxvhQZUXJEwxh +mi4gUGw08TUNGqhK6v//sNYo2ssn4VWcJcxdSjwlLVAD1BdpP6OeHKElAPxzsrOW +3AmOdc7qe1OnH6hxPG7p8wvUFkdnJOpATcaysUD++xYZt/cj0OyUhhUIpu0RGHgB +RkfL+yLjOCaHTMkpPVZzjL2RBa14ouX+PmA14Zd4gOOjnayFr9Pmvpi0T3dctnu9 +S0+AuKLxU3skSp6L+Sr74QsvgtZOShkMjxLQfPJCW/pKKlqLAuDLTPMqGtrO +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/certs/server.crt b/.ci/docker-compose-file/certs/server.crt new file mode 100644 index 000000000..1fe7a516c --- /dev/null +++ b/.ci/docker-compose-file/certs/server.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEBDCCAeygAwIBAgIJAKTICmq1Lg6cMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIzMDA4NDExMloXDTQ5MDUxNzA4NDExMlowKzESMBAGA1UECgwJRU1RWCBU +ZXN0MRUwEwYDVQQDDAxhdXRobi1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQCdCXfM/j28fsi3vhxmHoy2UUz/VDcTJudadVNqTOQZPuqW5lex +309yYcZqThfT2ZSVIH92ags6aNxr4Uv9vGTkPW22kAiK41imeAj+HLmvByxqfv+s +JlB5YcHXMGQCcFZOaOtabuJ0nmqxO0OWU9CIeE5PWlnVyWM1cvYxtQQLg4BSP8X/ +ohFBERaBn0yU0IYTFxo+9A1LB5utnWiv7A/5fZVFBkAdrGMPxcuEF49oynbW4WpN +kn1jY+89BrBvLk+lMZCTI2dRnE5tqt+kD6Ejh3eWRiONoS6sm9rIrH/OMEqEXhfi +bgZZu8rL0o1YL7SATJERBNuvcJpQl7We5UCbAgMBAAGjIjAgMAsGA1UdDwQEAwIF +oDARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBAAydWowM0rS5 +CgrVsuSUnUntXkIIu9YziI8mKWm8K5sp8lqtVovitVFuG19Y3Ve8r2pIibpBvOKZ +ocr+uUgrZrGGXU3x9/p+miTcHm5M9guPzmN6JbKZ65yIAN9po5CjrczFShqxIQly +ye+5C7/Metf6KM43lLKefDkUgccASKa4KhvP84/Jc8jEKP2cQ5I84yaRyeJgDnJ0 +XY6Nu1yn1BLrw9dq5ZcoBYR94aVPnSR63zE58cJ99r8AOSk/Tl7phKNAS7mP94NH +RVTW4R/xGMT/iVz4x9exfeVfAX5fVAPIOXV5VKownmM/WfhICHxNLi++m9nO9sn6 +tHT+3ViYUbilhcPlXVgTiVWJrFuoxbPTON4yIxgT3VQz47Oqnx37jeufbb7bGiJW +H/GEtn5pDPbiHbu6j+GK98uTN7OoTM5L81nbct6evEz6sK2T5Ve5Ro2IWWeG7xlB +3+FIK1pzl5OHpLJTED/DKNxt1qlhnjTGSz902fBORYvTCTdpSfGnrUMjJOP0rGHH +81WFMfc6ucsN4zGXVHHUNuNaUp1HprUy4g7ipTXkRn9oyOXkYKMGMX9T2aUeEnXO +U9ij61TrGA+lZENsbFKD/UcLRr4GY21TKj9dKjKyIoru/qDHrtJkSObQlcgOwS7D +ctaGcj4es0ByT2PX/mDqJoMip3E4E11O +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/certs/server.key b/.ci/docker-compose-file/certs/server.key new file mode 100644 index 000000000..649b69428 --- /dev/null +++ b/.ci/docker-compose-file/certs/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAnQl3zP49vH7It74cZh6MtlFM/1Q3EybnWnVTakzkGT7qluZX +sd9PcmHGak4X09mUlSB/dmoLOmjca+FL/bxk5D1ttpAIiuNYpngI/hy5rwcsan7/ +rCZQeWHB1zBkAnBWTmjrWm7idJ5qsTtDllPQiHhOT1pZ1cljNXL2MbUEC4OAUj/F +/6IRQREWgZ9MlNCGExcaPvQNSwebrZ1or+wP+X2VRQZAHaxjD8XLhBePaMp21uFq +TZJ9Y2PvPQawby5PpTGQkyNnUZxObarfpA+hI4d3lkYjjaEurJvayKx/zjBKhF4X +4m4GWbvKy9KNWC+0gEyREQTbr3CaUJe1nuVAmwIDAQABAoIBABl6dMZ8pXWUuGof +XSowYLIf5Lc0aa8gy76AdKU1jniOHa+X9bh1O8WaGYAb5X/IuHOtjyCeOe4jH0gd +iJ/FVjU1xjwtiEVId5SiuwrHjFTafBlXO5IpsTrQYovQXRmMMmSMX0sP3IwBO9w/ +ekrElHvf0QzM4vBtuTvtyAXukZZwYWvdJK8GXc7NE0xTNSe0C+f2MS0ZAuWP7g8K +1WgRO+8pb11sK4CAl+yD6Lyf7JVlouTcsYdeRF5o7yuEQ2qlz3+vxPwfMIpONKel +kK5nUUc8OGhHQpkO+ZZXh5fIWkaKFJKMzoAh8pj2HFAfK93s64f3LHu75sum05Gc +RUCSafkCgYEAympLWe+cmq8XyUqQnsQ7hHfc5VKa33YDTEkO/ZncnnNA/k4yH+r7 +LGgMZD1zC5R3pRFEET9pUOrlx7Z489Bc1Z9Y+9dDpwg9DRrvkt1/MpxOI2Lk8tiJ +lLU/uRTQXQmHFoEBg6i2CDIZyP/qccCS0zIcMQJDq6WaTfXyJ5k0LOUCgYEAxpvi +l7t9RPIQXTEfWiD3iN11QwZYjZ3c6CfW2iaucPYJZDclk6BO1Chdw55cELbfj4bh +7lMxDYpyOQrEwIXYk1a8IY6VOFFMmOQfCfECm5XNTvz//5vYxYlB8ERdhM7opAYG +YsAyR/+BVEyhG6NXy4sh5Q49YgfrjVMdYmBSX38CgYEAx2BF0lNzNOXsjwgURV5S +pZuPCI8CH8PVYcnAq0lnhudNiHArbUb+mvHt6rqgXDKkWwITws1sBhkptjrlDnsZ +Rg3MD1wsthUmVYdHnajxBj/xs2dQzmc9tS2Gk96Nkma1GhR+EloW2yHGRjbVjbA6 +ry53mEp7r1HSGKJ+IEUGoIUCgYEAiRS7FyNPWTECXnAzRZAPiiXgc7yDjmtxN8OX +pcahDFKlNMhjZTt2bTTXUteQj/DI6VWdx1MgPkpagEiQeJlpXHi3LSoukEp85eI+ +EiyJMj35ERXK0/ALdHxCSMXHDo2JQPzvl2U0z0DpUPf7Ewpw5IpJgMGNWIZC7K57 +T5VQBZ0CgYAcAG1KYZYD+Sb14jJLSD6JqnJBrcv8e6wEAnA+0vuEv09FfgeB4MNZ +FwRR8FQDL8V2QcvsauwcwNOf9m9K8goCV9YKTcFw5Tl0m3uYzCIDVdyZI85NgBS0 +m//eODmUYg1gMOi9LfnKgtrW7EURrCNj3Pgt87g7WDiSY+qGB0IzzQ== +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/docker-compose-mongo-single-tls.yaml b/.ci/docker-compose-file/docker-compose-mongo-single-tls.yaml index 505d5f39b..b02eb77de 100644 --- a/.ci/docker-compose-file/docker-compose-mongo-single-tls.yaml +++ b/.ci/docker-compose-file/docker-compose-mongo-single-tls.yaml @@ -8,9 +8,9 @@ services: environment: MONGO_INITDB_DATABASE: mqtt volumes: - - ./mongo/certs/server.crt:/etc/certs/cert.pem - - ./mongo/certs/server.key:/etc/certs/key.pem - - ./mongo/certs/ca.crt:/etc/certs/cacert.pem + - ./certs/server.crt:/etc/certs/cert.pem + - ./certs/server.key:/etc/certs/key.pem + - ./certs/ca.crt:/etc/certs/cacert.pem networks: - emqx_bridge ports: diff --git a/.ci/docker-compose-file/docker-compose-mysql-tls.yaml b/.ci/docker-compose-file/docker-compose-mysql-tls.yaml index 3c01a10df..47d9ecd83 100644 --- a/.ci/docker-compose-file/docker-compose-mysql-tls.yaml +++ b/.ci/docker-compose-file/docker-compose-mysql-tls.yaml @@ -11,9 +11,9 @@ services: MYSQL_USER: user MYSQL_PASSWORD: public volumes: - - ./mysql/certs/ca.crt:/etc/certs/ca-cert.pem - - ./mysql/certs/server.crt:/etc/certs/server-cert.pem - - ./mysql/certs/server.key:/etc/certs/server-key.pem + - ./certs/ca.crt:/etc/certs/ca-cert.pem + - ./certs/server.crt:/etc/certs/server-cert.pem + - ./certs/server.key:/etc/certs/server-key.pem ports: - "3307:3306" networks: diff --git a/.ci/docker-compose-file/docker-compose-pgsql-tls.yaml b/.ci/docker-compose-file/docker-compose-pgsql-tls.yaml index f1fc15b30..29d520e29 100644 --- a/.ci/docker-compose-file/docker-compose-pgsql-tls.yaml +++ b/.ci/docker-compose-file/docker-compose-pgsql-tls.yaml @@ -4,8 +4,8 @@ services: pgsql_server_tls: container_name: pgsql-tls build: - context: pgsql - dockerfile: Dockerfile + context: ./ + dockerfile: ./pgsql/Dockerfile args: POSTGRES_USER: postgres BUILD_FROM: postgres:${PGSQL_TAG} diff --git a/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml b/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml index 7e521a05c..8f59e7a9e 100644 --- a/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml +++ b/.ci/docker-compose-file/docker-compose-redis-single-tls.yaml @@ -5,9 +5,9 @@ services: container_name: redis-tls image: redis:${REDIS_TAG} volumes: - - ./redis/certs/server.crt:/etc/certs/redis.crt - - ./redis/certs/server.key:/etc/certs/redis.key - - ./redis/certs/ca.crt:/etc/certs/ca.crt + - ./certs/server.crt:/etc/certs/redis.crt + - ./certs/server.key:/etc/certs/redis.key + - ./certs/ca.crt:/etc/certs/ca.crt ports: - "6380:6380" command: diff --git a/.ci/docker-compose-file/mongo/certs/ca.crt b/.ci/docker-compose-file/mongo/certs/ca.crt deleted file mode 100644 index d4cd04759..000000000 --- a/.ci/docker-compose-file/mongo/certs/ca.crt +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE5DCCAswCCQD8UL+glAaqCDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF -TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy -MjcwODIzNDhaFw00OTA1MTQwODIzNDhaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe -MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA5uzGSZYswJSGceegV78c29D0nGwD3xCE/DaHk5JYQ60R -SY1V+3ICoIrN80u3hj4IbDOjHEmzeoUeeorlhnTH7T42lY+GwnFp2hRqAsMuZfZD -dlLGjlIswf2THZ92aQwSRsHe9j2BTfGyMa9lP6D0D9Bq4Qadk0KM+irG6rETwPvA -CUxKDhPdIyp0hAmuYsZOENFZeuyVexqiOxh8exVRQIFCKfh7DTV4ziXpoNy1xqH/ -Gjg57DsX+J1hPraOvfZga/fpGwjMqzYCHMMtnnqrrV2IWBShdYET5swm9g2FmQES -oJ3ScFptcA27AhQSikK1kMrCvOVqWvzJDsr/x2Auv+aGxSOi+NGEf4qrGHQan99g -C82hbeGRBffuPKFxPqPuIFzVekRhcAjoNhwzxbYZnGmV+cTSvVk8RF0pB+uj8L2Y -OtBWuAxDl6p4/RPU8KIGO5jkka4eVsucnoqcXS2WnWbPewfAMOPDOhR8asFWCxE5 -snknoRlo8cRv9JN/8qsQLW8ibeZTTsw6fe2Kv0hyhpErQqw6QEbKn0bp+ZcGOw7O -tkjye9l1OwL3GIwNGrF1B2mLw6TUrAxHWZQgrjfFHQk+nsZtQDUi19rPvwK1Vk+Z -g6TSYJPbWZBcRzsZxuezn5sJ4XO56zwCXaP2gohsOVZPd6U+n5vtKhs6eLHJLU0C -AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAw2PK8Nr3lQyF9pipvahEkHSIz8TVeLue -lT8h6Hrkn1UcDHpECja/tPKLxYEVUoyMKeKR3K6AO5RmCgDObcZRkMdMmNYocvb5 -1BvGhlv3uk5rNUz+PW8F6cwVp+3RevBD5OSEkBzq6fuSyC0g8dk17IPKnfwNJCue -gkgsyEUgSHK8t3g/uE0Jdx//svTdnc7dmB43uU3o3tl+qhMwm7Zjr58gP1t7fMTD -Zu8Yq8en39lMDt1lv4LZG5JyEL5GQMr9B9ft5ZJpg6LGxRUmC7J8d+5Swux6MjcZ -pAG2/V0VJwrR+joT8BZqnj/pR2Mk+34Ul1DIF7iSS/P+Wwy4+oP3XaNmXPJPTX8Y -acVYYO2Q9o0B6zPQk5e2ECSMqQ2NW0+RJv2YJl77WoCWScYhixqOwWNrXu8CSeQ9 -99rZrwN9lDN3I/bXLqzjUlTwL49YDSy50GkVKC14mZNSIAegJqGv3SwmITRZRaYF -UNhdmLldCCZ686QkGGsiIWmKug0IxJxYtLQKpajHuBQKhyyRgfIq+CfdyjsxmVNE -1h1bmi7Hy30KAx4qGHXGhKbITAUvAOHDNs5G9R8vv6J/AjOPGeuy9mayHg3CIarx -z0p0b9dYMK9yL9dEC8KHfUSIh7ZoR6JENkdq0Uj/8AE4+NwzrNbFRMKNAGMjFi8K -UPcPKDe8WZQ= ------END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mongo/certs/ca.key b/.ci/docker-compose-file/mongo/certs/ca.key deleted file mode 100644 index 5b9601853..000000000 --- a/.ci/docker-compose-file/mongo/certs/ca.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEA5uzGSZYswJSGceegV78c29D0nGwD3xCE/DaHk5JYQ60RSY1V -+3ICoIrN80u3hj4IbDOjHEmzeoUeeorlhnTH7T42lY+GwnFp2hRqAsMuZfZDdlLG -jlIswf2THZ92aQwSRsHe9j2BTfGyMa9lP6D0D9Bq4Qadk0KM+irG6rETwPvACUxK -DhPdIyp0hAmuYsZOENFZeuyVexqiOxh8exVRQIFCKfh7DTV4ziXpoNy1xqH/Gjg5 -7DsX+J1hPraOvfZga/fpGwjMqzYCHMMtnnqrrV2IWBShdYET5swm9g2FmQESoJ3S -cFptcA27AhQSikK1kMrCvOVqWvzJDsr/x2Auv+aGxSOi+NGEf4qrGHQan99gC82h -beGRBffuPKFxPqPuIFzVekRhcAjoNhwzxbYZnGmV+cTSvVk8RF0pB+uj8L2YOtBW -uAxDl6p4/RPU8KIGO5jkka4eVsucnoqcXS2WnWbPewfAMOPDOhR8asFWCxE5snkn -oRlo8cRv9JN/8qsQLW8ibeZTTsw6fe2Kv0hyhpErQqw6QEbKn0bp+ZcGOw7Otkjy -e9l1OwL3GIwNGrF1B2mLw6TUrAxHWZQgrjfFHQk+nsZtQDUi19rPvwK1Vk+Zg6TS -YJPbWZBcRzsZxuezn5sJ4XO56zwCXaP2gohsOVZPd6U+n5vtKhs6eLHJLU0CAwEA -AQKCAgAZcZtDfmV97p+Fq2TSZj9SxQo+tfQTPum4NHXpv6U0B7yw4v7HTr+VWtXo -ab5V7z3UVjgxpLk+1a4PCIDTuMhSjplLD15kzERCgB9SIJlbKLA0OFiiU9GUqlDs -YaaVWnwlCbV8Yjh+ExR0PwQj56McnvU3yBfSovGPmukB8PLhP5vgKmS6elvSRRpD -diGdxoXReo+maKzrvHqFkmQc17N1LQjSQQul3+9on2rHi6oHsc++3tUa/0Pb49NU -Kp89tQjYvJ8VmHmcn73J14OOQ6vo1TZxpgxIOymrM3FTiRfgTOr1gY4vTPdj8k9Z -okaMr178Dis4zvpR/ipVE+7s098ylilZne3Mm8VsBD6J/wTvvHu+qdlVKLSDmfas -idHnPE7n5AtJwt1ykQ5QV+PuAiT+TSUElZCgHp+0jTfTXqxgLCgWzX6eNw0n7pUg -R7plm43nEqJHLOOx7sxsz1aKiF0Og/RjRrMaOTMO3Hg+5XoGdHM4vebiMOy5lozq -kww+5WWKzxz9F6XaOr/p8ZJRYrFLWUZbhci9b7unAn8roCvYxfm3wA85yd0ci9dC -4iBN2yMV12jwBI6+iIZq8hTlbXnqVJBYoPAk+t66xN1r983HWrce2RoROsMfr0Gc -5am+dck6n2h8snj0ZJiO8GZ8NRum4yREnRLmDk0fMeSgptIHbQKCAQEA9indtCaW -6Cw2Bpngk/0hk8e5zgc+REQdO/UlHE5jkcti5U/ZRLl+f3QE43EEWHy2MlLFL/zo -J5FA2x5H7ws2F85VHROc4BolscDwMrrA7tteRpj8BHMyQSksYxfGwM5dXCr1v7mT -1MZrm6U1LQTAxlbKof6oOdAPN+OSqZb+zEdYIGfcY+q72GTRP6LVopfn326089gu -BuivWu6UiKp5gqQ4pl3L5TQGBS6ZE3obT8zBDe5gm0fqTuLekIQZzUFW4CcrrOdF -45BmsO+5BPQEvHXo0BNoJvM6/EXUWMTQGU6v1iVj3Bfy/jLdbXs2zJ6DrvuMwBgW -Fd5q23mVFfa2xwKCAQEA8CcGTe7x3Msx87jKxPYUR0nJ4GePXo/L5Q1jXsLigh/B -TChcdta5nGzN15OknIFEKMBTXl+TWbwzp5ufPyY5XsTLKU2KFBy37YypZ94MLbUb -D2J1QOl5UysaGYB6z6Mr54NUSItQSz8HbMh70eaU5wdzMtEweB2HWzdvR8ssv4ke -UNPfutCYUeJXgYvGKO6T97GtTZeGevpohlWUp/3GO8dOLCvlaa0AoVSvfrNmx56r -BkD7v2RxySD/lmOgIzVTR07s5zmLviwavt+swAq8BSLpR12kexM2oxLKsHajpvJy -dWeo6pFP3BIYsamuYDxSClcU27zQdNJRqniDDnxXSwKCAQB40ZeVIhOTJI/nsYK+ -X9EpHTAe5QM0slG+6dUrDXZlSnPhpM04o+poV+NGVmQRojQygtlxcinnsa0pXrVj -qBcGnCi+OrAWdf7mPZIm8+5ZzaV59QBMltWlkbXNdRAB9cdww00WqtjZ6AFMxUtS -KzEKp/KQi9K5fVrazYFgZ1HrpWCllxRenglQbjsdhqhgQzp1OXrq68G7dl0Kvmp8 -oV8+NafwT70RY/VIedR78MSS6CYg1kzoKeXgjg061Pts+JLRNaiEFocA6BDe6une -en4QmbaI2d2WsG7U/tj4MLEKmspGytc2YTLMfN6dK4p755kuOxyb87ZzSVUdH5GC -1DJlAoIBAGl4yjUKH2FYQJ0I6M0uQmO4zZfoA7iFMQhtI9pnfzGlHrEC/PEYhzZj -NthaOK6fuz6mkTbehQmhNZKEL6F9eS7dAVkne+AvaLxEzdYXWIPuiW7tUA/tOmLD -iFfw7H8q68pnDGo7/Uy+5tTpDDB4s6bvx7Fm3IG0flEafJ4sZn/Mier30sfqeytj -XAlCSQqLFaNwfmuYg/CY77Un+vz44Mo6U2Pk94G9AIzac6USx64eSoCZo7dANxUd -kAMNyDQOZH/p8vPueyhPmIOCGw3Q6RjcZ1X3k5iWLKXcR/bOdDuLOafEmhRDM660 -p/HHUxVjCKkP69JCD89u230iJnUDORcCggEBAMGWSn6Jm3iAnO/iX+ltlFf7GaD1 -BPt3o4vnQasve/jWHZZrTXoSn1D53PnzNxr+h+OyfbgKJNXW+DoApplzoMzGgMtb -ni28CIPO3H+CUWa7h6E7Z7B3wSKto0xomwOvPCT3fuZCfVJu4WdbGtI1pbved/de -yS0TgCilHLGqHMOXw867qnxJG7pTKE3U3n1gfPdEBLN/icEeu8nTUkVkpqlEXdh8 -BxyB8HzmgJkDA660Vx69E1V7ZkfTWpRm4zqcsH7PdhCqsdRrOiJ7O/YQFH1sx3tU -HfWKOJFUEKJlv/T60B1o8Qwc15ZRBenYvAIxgUpVSkH1Ww/eUlo+YRXKDK0= ------END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/mongo/certs/client.crt b/.ci/docker-compose-file/mongo/certs/client.crt deleted file mode 100644 index 78a6adbf4..000000000 --- a/.ci/docker-compose-file/mongo/certs/client.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID/jCCAeagAwIBAgIJAKyzto6kgv4EMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyNzA4MjM0OFoXDTQ5MDUxNDA4MjM0OFowJTESMBAGA1UECgwJRU1RWCBU -ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCzgIQamGaqpP+SzwmEYtNL8koAUs0XNw6ohJ4s1lopkqOY2fnbWKO6JOSv -RPPStRiRklsPNno59cKfoN8j+Psfne6nkQbq1fbsZRzYGX3LdQVsD4QMEC4X63oJ -neEQ7hsEFaYW0bpkppVF300E23VT7CEDkEYBWhbXCTsdbQltffSG10ZT9XVHbqTL -cTmQzicn6TWQ8jH++VoY1q76OBd98gHcV6BocR61oXyjyArkUlGDsj3s5Xfsbfay -fagy6Q4cEBOrqWQvSqnenAll6IhEZ2KPDiXZWDPWMyLpLNO13ECp9+m7CMAo+15y -Zw/UUFeUyWlLtDXfV+GJzAA1Rv9vAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg -hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBALYlv9OxmYtj0BOdQrM5 -oIhivrA/bl8/Kzn4Bioqth8iWtpgZcZK15NKCGiDEKCkm+cKXWkC9tQcQzHpVas2 -aAKeiXIkYiSj1NiNDMrv5XLKOeFrMDVLWUAJzfSEr3Jsci+Wf8dX/VoYhgkH247w -j8cI8x7Vhi6Iun4pbp+ltuVtfcVAfUPhdrIXiif+hCLDbxdgj6qQ4MHC/Zpx1i+7 -4NVX8BVHsigFzN09GfHs3n+Uiq2Lzd3FaHnXWx+rueycQyXI5655YUbPJdWPO8Pu -JX+++GlpY91ni/UTMPdgmcqzMQo8kxV9+16sU4PjLcSKsgpJ0pT2ZJ+OJgtiMrEO -IS41ht4yhpx3G3FXim5MzUTsGHV7rr8ZzZ6wN46QXjzWtsLX98nzI1Dlz2USlbbz -N0NjgdPROUZsRDwEinnb1D96Rfn79qnfJhGmCXd5QSvM4HGW5SqqzzyvE0nLRnDg -davqHzA0en3Rt1/INCjr/+3GM4qy5lCG1fz1iuv5lfTVahljkkxnzSXyPW2E+0nZ -05bq/fAEbkQaOBwPWGTNCc4InzaUU0XKtx4IcnprgF6846lNRE7aFHjAWqOjOnZj -secfrzXDRLNJ58+eZpdJvVsaRl22bRHKI0MDNk5VzDKp/rqw/8+2f+Y2LXNKOJEQ -KLXCWq2sh5ReRiyDSaK+IP1z ------END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mongo/certs/client.key b/.ci/docker-compose-file/mongo/certs/client.key deleted file mode 100644 index 4cf93eb49..000000000 --- a/.ci/docker-compose-file/mongo/certs/client.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAs4CEGphmqqT/ks8JhGLTS/JKAFLNFzcOqISeLNZaKZKjmNn5 -21ijuiTkr0Tz0rUYkZJbDzZ6OfXCn6DfI/j7H53up5EG6tX27GUc2Bl9y3UFbA+E -DBAuF+t6CZ3hEO4bBBWmFtG6ZKaVRd9NBNt1U+whA5BGAVoW1wk7HW0JbX30htdG -U/V1R26ky3E5kM4nJ+k1kPIx/vlaGNau+jgXffIB3FegaHEetaF8o8gK5FJRg7I9 -7OV37G32sn2oMukOHBATq6lkL0qp3pwJZeiIRGdijw4l2Vgz1jMi6SzTtdxAqffp -uwjAKPtecmcP1FBXlMlpS7Q131fhicwANUb/bwIDAQABAoIBAQCL0JOVP5XgXwqu -6FLKakuYwU1AuT4EUh85xaqK1B+AeDazbT1/y6gj6m6x0mx0eBh98ti4nb9QfAuv -WJfWJi48b0CgBoezzRs7AHsaG6jvG+QwSlmZJ9UvTnxNF0tia4RhhxdKeOvNUC+/ -L/KG0QWva6I/a1YL4Yce0ZLZFcAdJouJpjv0Bqe0xgcK7rld2AqGY54YvUqeoSjA -Uv2mhCy4xoRtF2XXyjJ1R/JOlsN8mHZvae4teWipSUf91zzd7thLT7s5CPcd2gj+ -2CQps0HkwbvpEB9Y3sGW5pVwacY9fOZkZPiaCqQ0cWDCj0qh9xi1m0/yL2sUrbet -S08YBThhAoGBANxR3armXC9G2jomBSvEq3kVpjQbaZwgFTKgf9nCMVlrayD8J507 -cvuUNtgf9h7U3N4cPFZLU77wiM4b0P0Q1wxWcfkTssg/kFY9WHwXPUj+DGA4q+Oc -7PvxNOyaX61816n6mTIH9+IloRYCYA8Qfoa8furvkMc7xPK5MYI3phaxAoGBANCS -Z8X5VU/LXK+bgjVnJYqrG5cqKU8VpBSvwEXpv5BGmKU/39aRBsWUHgffyNMVffia -UNIvXXIZQhhKDKMAwJFCi7ilpz2+8kErndtXXinyLkrLg4BC6vANMTkOWQJMj4T1 -6fqPKEk2iF6iXhZWje9Ako+qBPHbB9sBbznV3kAfAoGAEDQlLXCLzx5S5nvtXW61 -fc5Nzv9FISpq5LJRNN7HamAwHNjuwO2iY0ZfUj3niBT3uY4yEdawbhaauS3qjPI0 -HsAs2bjNKVUjdHRGkbnT1A57Moh4e+EKvOzci5o+9y97XREFO1zCqmtCEbBTCEia -RaaPXxAHgd+veHqOXZliKcECgYBThl3ibVAZzWHHvWnugukI2C8LYUn7rrnvwtYn -6UzatTrJ6oN0RM3Gb+N62cZtqcyxsvKsyWUNnUnXukfHOzTitxiHEGeiFYakTJhB -z4IZIDAjqc52ndXB3jaZF8LTZd+Pqn9R5OSINTt1UmaFYZIjfuNyfu7OAB3sOW3W -ZmxDlwKBgQCbhkHL+tHi3oj1AASc5CSTMsY+DqqfS7VLWBhr6d6u/QrEMqKZWy2E -NeeKkK/ImzTU0HJOIsAg+H57fU6S9zBlhxGYHlAu09rYJNZ9Eo5VGYSatNaJVzvy -9/khjpL0Y5rnK0mWC2sNqGzJHVgGDWERYGs2W3hOYfRalTldY6yxkA== ------END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/mongo/certs/server.crt b/.ci/docker-compose-file/mongo/certs/server.crt deleted file mode 100644 index 874d84215..000000000 --- a/.ci/docker-compose-file/mongo/certs/server.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEATCCAemgAwIBAgIJAKyzto6kgv4DMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyNzA4MjM0OFoXDTQ5MDUxNDA4MjM0OFowKDESMBAGA1UECgwJRU1RWCBU -ZXN0MRIwEAYDVQQDDAltb25nby10bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDYkaO97KPcCgpQljzKWN4SJD9fFQ0aN16HN4aBdFPqZKp3h8L8n3Rd -oo6kLQxpcTT33FY7fTPAEZ04hQgogM6XUEAGAyl+C5ENPUO//0bDw5TA7jAu7AvJ -3kcEkG9ipYTJde71ogeiNm5U6RR6kS3mRcRXX3EAp7Aut+hgTrwTTMVGcoz1qJQm -B4hK84mGWHqgVHwsow+XROJkm/aYKHBEq2Xau6MpJFQ2rBZBG8vgp8qsfaK6hNcR -kTmEn7gBC/ix5RWkPNKoE5zi1btNrAPQilo/uPdpTTQInkGKij7fYWPT90aEuQfp -76eJGHy74B+nN3qcKPw9UfUTSeo95Na/AgMBAAGjIjAgMAsGA1UdDwQEAwIFoDAR -BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBAIYWKJtgtfe3RDG5 -Bqny3nRWsKXIxJj5FO3n/9B85v64J4Vwr7GVRc05dQVvlVg68ElqjHhI4rqyvaPm -ZZMwccRRuv9kk5BJTz5jbGYbRFIB5NNrrk5IjABZPZi0poEY1xYGuKakOLnTCA+C -N92YM09uCiudfbgHiIkaMsJ8BO3fbN8AgTAfj2Xpd9ozMjSv8gLVWougfw5vgr0f -0WzTObhCHsRwVRnWqko/TME/5weUEbQPUJI1R7D2PwDTi728mpwX1ru9nirYfGOY -7HdyrP1R5dyD+zBiFs8A9jbIJAtoC5TjIxREOGUh9YRs605BivdrQ/cZg0qJVMCX -1pJm5i5/ilN48PnMP3QD/K6dZj1wxP3GueRh4pDMfbmhsVicCTonu85nZJ6oAoQ5 -RT5ZzmViyuN3jFCZHX564gc676HdsKtkC8dufKtNI+tUoJTEv7AnJgCc+554CTMC -zBwtln44TqHrCR1hGEG1iik/hEAnLW5YDnzrRASxYiY0fhWfy0rpojr+WRFrdoE2 -l9uXLcpXmPuy05Am+nNg5qxFCqBSbRCMat8Mb1sof7pkObheztOTTq01peMzEYCe -zIgowGgW8U0nN04UTo5bYYLxtVVx51QMNw0vckqDXB06Y9s/HFjTphLnGknauJiC -CV0XmCFIb0qM/5HGS/lBm4mEvwOc ------END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mongo/certs/server.key b/.ci/docker-compose-file/mongo/certs/server.key deleted file mode 100644 index 1dc07f326..000000000 --- a/.ci/docker-compose-file/mongo/certs/server.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA2JGjveyj3AoKUJY8yljeEiQ/XxUNGjdehzeGgXRT6mSqd4fC -/J90XaKOpC0MaXE099xWO30zwBGdOIUIKIDOl1BABgMpfguRDT1Dv/9Gw8OUwO4w -LuwLyd5HBJBvYqWEyXXu9aIHojZuVOkUepEt5kXEV19xAKewLrfoYE68E0zFRnKM -9aiUJgeISvOJhlh6oFR8LKMPl0TiZJv2mChwRKtl2rujKSRUNqwWQRvL4KfKrH2i -uoTXEZE5hJ+4AQv4seUVpDzSqBOc4tW7TawD0IpaP7j3aU00CJ5Bioo+32Fj0/dG -hLkH6e+niRh8u+Afpzd6nCj8PVH1E0nqPeTWvwIDAQABAoIBAFJQAIk2QQ1n74Wz -pIVQA4+noUJ1UNaPBumjzAa1/RMQkc3+lrjHrkXMfCSgTqBg+73dTBUuQBYXW8dY -oMIsOtk+Eid22jVjFg2PJIn775yGYKp3nW6oHs7qIdn1P7ChsneT0HAh1n7r60Fw -mW0Acw6bo8WFrACQu6D2G2dHZap7hy0mVD9U53BjaopomKlqyyzVgVuZOCqg4lnR -V+pjfalNQc1ZdyuaTRpV/ru244f1u/pZSC5ehzdg10bePH3dVLjX2FCwY84lNfly -Jnli3LoR32eLrAnyA3Vnbwy8+P5JO4H8DaLXOz1BLyK7TG9ee6IkldwLykCzADG3 -IJ/ny+kCgYEA9qXa7XTGOq0gF3npHwPHsRR5NrKG+B/GsrrYkvvenfucvSDza9H8 -Mj74NCidLvsoJJHyBRr8LiLH2i59AhP1AL4o32KRuE+SiHldDsVHOKCsnbptLh/m -JXI90X7QYCQ+hSg68LV0Z49y/8rmM/tiZ974nI/DwsKQp2cayM+/L6UCgYEA4MfQ -4nwdKMEdWK/fw5rQyfYTq/467SK8DnB4RjWnatMn2RMe8R/epvilrdkrR/csTLhf -dWFjqly+eLwk1ZmeUOa6e9Q/cSSqMCoewfnqHxJnqiaRgJFVaBGK08vsdU179N4p -QlMjjYfQ9PKd9Xo8TVprPsXdejjf0XEy4Nthn5MCgYBhZEA8Pz3+8VmYq4THwGBb -pe/vDzOISlPVQz49W8MdsrrDW32C95mT5ZVwUxEt+fJx7kcYiP1G4mjz2CN4bJTz -xCKzgmJz2sfLp9B9Ap0K2TcP2Qs/iU0BQEj0rhRtwiIFxkrvvVbHhbctFdssb3j9 -9udIOuRbxSQFVgsXfCDMGQKBgQCh5emCp0hNSUJ81TgC5+gH/vBOSe9hS0pN0B4g -25Y479tck1QO8hhpBOA4JhnxXIsQux8uKTYix2f9B+4z1tBbjsO0WrxTHshhpoS+ -y+Uf+h6mQ986zfLI4RGv2Mn39xYX2Ue4WK9byf3r3y98Vk1GnaBu9w69cGdsr+6o -W/qldwKBgQCgLHHMr5ZQonemuNz2LO/pYTljlObhopTf7rZ4ygrWsKgA0Mdep93r -VKeczhxTZi78CjtDWIR7HdKpoZJUgCIwa9o+RCAAETHtfMQPT2J8H/s+os8rAmUe -W/YvpcgCYs1g3GK4Ih4YLJrWA0MmdkXYgE2FSAxo8VriiA4fLYs+qw== ------END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/mysql/certs/ca.crt b/.ci/docker-compose-file/mysql/certs/ca.crt deleted file mode 100644 index f08b1a4ff..000000000 --- a/.ci/docker-compose-file/mysql/certs/ca.crt +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE5DCCAswCCQD0VXUkrmHMVDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF -TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy -MjMxODIwNTJaFw00OTA1MTAxODIwNTJaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe -MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8 -dhF0mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwu -TXkv61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IW -qlmTuU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrj -mdTG0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwr -s5NQ5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4 -I1nTuo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGz -YcnKs8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjsh -uZBp5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfx -n9hSGGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij3 -1XpYIOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kC -AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAo18XKZw9xoknyRRcCyOBHwJWttE1gd4X -Sly6dzqokAa/elaSvVTl3adUytkcrDIo2A2+PMxqQIB8xnd8dX5yJQBuzrrLOlXl -36hQciNKuY6Y1rVzGD4lJ7I6epnX3BDP6rBTit/q0vPWVVII9EFf7vI1jtB3hB0s -0WWCG8Z/mup6cgw8P+IWO5U7WPnkrJur0Rxr/UkJFq4xNY8TuNxtNjbTqQUTkUHz -smPEQcjmtD+8d4lZusmrSr3FT6hh4bqjxcDUD9cZeWPuYMXQoHngzEVsHK4/wzjX -HH4l5NYTJ7ZEQ6pQJHMWB848IP70S+bvTpn0IEOuFvsSoFKMb/qOLPwmbVRFP2r7 -h7viDKM4L5vOr1INZhHl8LGc3NPShGNODRrAZcImw8ev2x0IMlSU23dfPmAqrThU -vIXVew6Lv9h0QlKZMePkfN4dGXC9X6EOYDzTQWG3CyXh6Cygfq0XS0wt9+gt36zr -7kKIfHRGnXPC7XDym/9GAzdMeUPIWYvIZyuxkFq0x7nQ31OB6jZgg0O+93L0LFXm -FyJpMSgG3b/iuYe+FutVzqJNk5Q4BN0NJz1b8B503ABaHaFp/0+C7knsnpPUGPVC -KNvKNYEzVBLV3TXix7Trex16zz6EwOc2rz4e8iDq9YQmUDuoqZazyQCpfubD3WkN -2U0l7v2i0qA= ------END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mysql/certs/ca.key b/.ci/docker-compose-file/mysql/certs/ca.key deleted file mode 100644 index 41a4eb996..000000000 --- a/.ci/docker-compose-file/mysql/certs/ca.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJJwIBAAKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8dhF0 -mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwuTXkv -61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IWqlmT -uU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrjmdTG -0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwrs5NQ -5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4I1nT -uo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGzYcnK -s8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjshuZBp -5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfxn9hS -GGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij31XpY -IOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kCAwEA -AQKCAgBYRRYP5D0573y1J49PYsv6mlprn6PYURhkyz67dkXjmrDZpxmmts42GZvf -GmgdpJK8Xjiz9qGzG91IIa12sJ0Hvca3JH9EI+YfxxE/QyueBx3nKSnrF44Z1M9O -pu+094Qhxr+5gzOVv1SN/nkb78N2XIeUXdxxOvJ2gciArkLC+9UMMc8GIj5d/uGr -UcdVQQktrpxUR2VmlGya+Cmu2SGTSyG0IdbDF8j6DWfJwRzi+ysoDhGiwj3n0Hsx -erqVo3TFS/q526IAmE+xgAyQpgTJLc7NLsGdw4+fhGtqQmXAtSBnSMOu5Nry6hTq -4zBOJu9wNcPpl09yIe+ij0WB1YSSPXRsfYM2sIxBLAOqbXeba5+kv75CIkXEywDs -dJSszfo5nHvZFd5/CLdmz/+gjxMCKgW5p5YFkUZOgpPBP0imHQGIwllBeGiLoJU7 -zR7yWtwwtmul9M4zFgWct+fOzZmFvn5Pei0CbI8/y93pjmypdcV2unTg+jqZKoek -vJ3SZkVYe86TqskKUEXFQPlLf5xHENXGJ/XA7ge6H/dRIvyQak+j6TH1tZ9JPwJz -ML0ZpBXSytVZq2sVhLBxAoXu+Fl01lWKuveOvlsxeh7FionNqGAYohznZ2b5iNvA -yl00LzahdssnprF0fX/43I3ShlcRC4tHsla9ZLFTBf6MkP8wkQKCAQEA2GPloMMi -BQu6geaf9psyFM3dQ0ouV4bKQODinCwv31Z30aOdzKLlyKD8BlGC7VoqeTxoxsej -t6rNoZmzNXQR1sy53PeHvvix6a2t00kYZ7CDmSQbBSfKT5FCx3PlmT1OXKlib1vi -0A1LVQLw+tsGL5KuF/Yxp8GoGb5wKHENiZkh2sKS93kWxNY58SrmHNo/XySTXUF5 -vijR1g6fkW5o4zXZDkG0JuH1KhouLA99ZVQCWfQpk/+w+rY7CbbChSnYE9DTVul9 -VJPejb1y38UTtPHMaaK0NV6a3qoYnMi5UKYLNEkd1OyFwpUxB+Z0GfaksfiUqFzG -Huq/NmlwSt/VSwKCAQEAzdFv57WW0HQ+YHcPml9SLBhJW2cilPDAYFwDBSMxDgEx -4RehRpoVt3qf0Qg1fP8eqgFnMoDVrswsKI/IvUAyfCQrynEnCpoaJXfI1YjGx5k2 -ElSE6hkNaiTEb91Mj/gnJRHI7Rh50kOAltLrP/UFrt+poo1McEBlgJS79B1VLUMP -Vg6Ve7w0t9gmFH+uOFO6RBiFzwfagKFaJaU05r7VzROeMeQOFeq3wodKCHGX7kQK -kfn2ZcjqmLa8PxXklkqyh+tNcnkyw5rM/WEnCsQHrMvbClJ/skjDb3xJY5lV5CVX -zWG9AgiCTpz1vwf+WBS1WCnYfxpjm/yI2C4bfPTt+wKCAQBOwFRypHF+Gp2e5vry -edrJHX7YHWguLHzxDacLJT2q70IeBojIT8SGtqfh+MpIbVcl1ilfpopbroq1tEU3 -P+26GbnOxDsf8kx1eeLYETMTkXbjRfObdba4LGp8Qh6eHWSmbnLHik5KX3w6DR78 -fLeMmrpHOC8sGVt/OwKAhVxi5lsezU9FR0lVC438yhsDBx6nFp2XA9w1q49qctn5 -yI/dmNxMxva0a+mYj/ybxmthdCiC6kwzc4vKQoXL7Dpw0iC0XXx8le8p18LYHMlw -zL12TcWR8EfbYHnGbWsVrCtdQYC0X6O+uPGZNkio0mMQi+W2a3xWpaTo3ZAHUmou -pbVvAoIBADphtFqHufX7Y049t6FUdJypbvWMddTFzewHbZvhdaLBWAK/jzHVt19K -W1cR+wov2+ThbQJ4ZSSmKch/sLNuKGPqZrmQC0EIoW4LYl6f47LulNXyP5mf7Zw0 -Pbx1i6gy/feX6eTHUpcAKtOdlLmZqTkHnLjNV+dnfONSTVZbk7O5F/qTPHfS1Slp -GLQr26GCro1uX1Zwpdxi6I1RJYZmj4MSk4cXZ59z6xg1BB0NC8m8ZzstKmWI7nLP -Muq6LRMssSO47UkRdALkQE2HZ2m4XWz4jnOJH0vVNArFuJOWBTUoGpXZqaGQBFaE -U3kSrWUSyrXteMnlFGhE5BReT9HMME0CggEAQbKf5ScS0OT8glQi/1lZk7blx1tU -Y+HU7nZhf1Yv6jdb9KEMYcaYeVA3WXgKdzy9EpQm9NimabMWdCF8axWkTlrnyYVR -hv0yOXXfkvlROFdmIuVsXIAGc05xtZc9xjZLLuoslZjc/PFnzQ85KWwr6EW6B423 -OKf1ZuKRQCTgKO/lqWeglZZy1OjQUF+EnVNFJRDrqHHptm2Cn7XMTy8Ta0OxsGe8 -s9U6U+KbEecZcpFk1dRbR8V4sh+wO9xHPXbvyJqJqgxe2ZsJt2Nfg6UlfgfEpS6a -92Urp1sL16nFIF5plfaS+G2FzPDT8HdViHgld7Zx19emfZh/F/aif4ilyg== ------END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/mysql/certs/client.crt b/.ci/docker-compose-file/mysql/certs/client.crt deleted file mode 100644 index 503c93a2d..000000000 --- a/.ci/docker-compose-file/mysql/certs/client.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID/jCCAeagAwIBAgIJAOaPZ7X3df3GMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowJTESMBAGA1UECgwJRU1RWCBU -ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDew2lLBTl9Znioxi5HxbeuWBN0M16rC4Pw+lXsnQ+TTdQ0sBH5Egffk/if -lYrDob68BGKwX7O4unXgGvBxHttWaDyMlLExZM966VJAZf6wYTcvvqPJn9fbk1O9 -F2t2tS2fQvko3vi9vUeZCQLXKGSQGB4O/vTWK32DJMDH86wKtPyDCc5qs9/u5LQw -z1UXwYCFQDCYN9oIqjjqhBcxEY1m8yqlCowM70VMvSHgw7ObaWlw9WYtqK3uVg4o -MyDRMEgCj14TJjgqLOYwKYRXB75t+yv1Iqprb/2mUFi2Cpgfn1pAZ8dSRY9/MRfn -rrbMmwGhVS5P+Hk4KC81lZ+UBKiXAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg -hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAFVP355IX5FfDK/1iMUT -r6OhyDoVHxMBsf0+l/11aCNu55UBcBcFoTgAg+C9qPvGju1tDLIEHMnfiJzUOqUM -NPt6U2JkAbewNFAOAfCHpgG54aKh2Cly3jUiRZmEUWOv0A7LwBBGIvVAwZykWTrL -r+bsAkbK7j4YgqQj7LVefjzdOH4yOz4p5f+LAJEU3wFULl3Ob2et8ICatinqaFve -GKnNBbsYmgFv3L3EXM593NcujsDURzyrkrgpRr/MpWrZPqOOCtEEtMioHGeM95Hb -Z2zHK0IABHq1SA4xD8xw/0lgEQHpfbyJZksLTYP62z+ihD4Bqq/rF//IVtmsaMtB -FpcaUSgbFJtsWHYi7n3gNn6NHs8PY3gnF/RznXq6jl3Fzmd/fjKVliYUoce7O25G -P0N+gW8P52rYrg90y0mybFbAt05In6z+wuEZzhN8NcUVqNixB1gRreVMFVE74rWr -uHsiXHqFzKuE5WrAu/gh+cphXzdzV/WrNn0Sdi3D1F/hjiVv2Pqf47c507UBprs5 -4ik/HE3NGnHNln8hxuOdXnTXJVp2UcMEts4HSQ9DdnizXNLW2pX/TcidYWfGnouC -3LVbjSvsZiH+zY20t1ecQBKDdNKSJZCvbArrDbV/nz8bHwrhqEQ47zPjpa3roUyL -cAoHRdVL49vKck34UNhFlTLH ------END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mysql/certs/client.key b/.ci/docker-compose-file/mysql/certs/client.key deleted file mode 100644 index 33f53e72a..000000000 --- a/.ci/docker-compose-file/mysql/certs/client.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA3sNpSwU5fWZ4qMYuR8W3rlgTdDNeqwuD8PpV7J0Pk03UNLAR -+RIH35P4n5WKw6G+vARisF+zuLp14BrwcR7bVmg8jJSxMWTPeulSQGX+sGE3L76j -yZ/X25NTvRdrdrUtn0L5KN74vb1HmQkC1yhkkBgeDv701it9gyTAx/OsCrT8gwnO -arPf7uS0MM9VF8GAhUAwmDfaCKo46oQXMRGNZvMqpQqMDO9FTL0h4MOzm2lpcPVm -Lait7lYOKDMg0TBIAo9eEyY4KizmMCmEVwe+bfsr9SKqa2/9plBYtgqYH59aQGfH -UkWPfzEX5662zJsBoVUuT/h5OCgvNZWflASolwIDAQABAoIBAEUULfuwpBJKC5Ky -2jkxi/NJpsa7A1lhWcoJp0mXrvPMB8lK7FfjioN/nHLIad6essoVRhFRrCbV06Xq -VLOPkQ7rhhNGLOiXTWvdHL+RoXhKvVVV9e6ZXdPejPIvaAjIyFwB5cgR1Orp3mEL -lVDpWr4AbJnT4FLl66cWZ53Z53jt8JrMZ/9v4yJNXf7aJH2HCHHAZAD30UmJIu7s -st2sY3A8MQFPLbnobTQHHcfhtjZiMYnuWcQOWjVVhK8bVHELPOY3hx0CcOwVp6rP -rGcwx6MJiAcI/HOSl/AYJ4u/f2DkqVtQpoZs1z7mGdL2TVOKRJ1R/u0DmjjauOjN -idk7/VkCgYEA/bfmTOJj9+7y1ymg6csXG04Qdy5jTjIJRQkCveSkpghM7i2jupHA -l0NOIWL+G8hTZ38IyPJxwJB33KlQCTp30duetwMdAQReSN33NjxFk9Z8PUX1bMym -tvgi9QxAvYlfureaGbOIeTgEwFEmvlB/SKX+vAGcSWPVwNAxLTZsHnUCgYEA4MQ/ -jGr55v1bLfVOGF4rEdQ62aGCY2LpTSohDPvd/o1ZeD5PypPBngvMOArL+nRXkt3v -Vr+XIu5kS9CJr/ov4+mwrt2hUd74JgaWbrf/xAhoyWqgRDODaLuapNOVVlFrnq2Z -EHoaa0unOaHxKTKcyPjV+89hTE3xShyAxKlt4VsCgYEAkYdlQt5sRu85PW80TEXg -eBn72dCyx0xuArobZ355bn6+WbO2ATLPDDRf4UidxqPOK0QzbseZtcFn7xryvIhb -5/SYAhN4FHhD+HnQ7bv+kMDrPF4fWwu76KFFs9cWX2EnlrrvWiSfeCBIoWMq3Ojh -SXNlPMOTuIjaN6FzQ6K+u20CgYEAgUaevmaxAXhrPw2+MynGX+TPTGkmk39KbIV0 -qQEcd9JYyV4diohdbkee2ATtuUm9LM3VYPGlPgQbT7fL2ZlufgnlA06aAHrcAxL6 -5weRZfDoRCC9uTxfspdkpLTFSfZejc+PH/j6xQeoUO+hw25G2xi0CrcGYVrbEyM9 -tN82Qc0CgYEA4KMo7HXZbGGhzXuzXyM8Pl9Ddy35K0nQpRjr4c8C4hsTx7iet1JE -Al9MfsVbxNgr2DrQA2e0dtXaGfQ3GKcAzzKczSgafEqS76EZGLsDgaHjKom8AJMA -9o8zpaPEQeesdwMjvcB+ZFm5LPCSmIWgprFNTuI3QCAymkDRtXn2YNg= ------END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/mysql/certs/server.crt b/.ci/docker-compose-file/mysql/certs/server.crt deleted file mode 100644 index 58b3eac8a..000000000 --- a/.ci/docker-compose-file/mysql/certs/server.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEATCCAemgAwIBAgIJAOaPZ7X3df3FMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowKDESMBAGA1UECgwJRU1RWCBU -ZXN0MRIwEAYDVQQDDAlteXNxbC10bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCh2cM9B9ZnFB3aE2pdfof7j3Z+ctStqnjFZUzgZcM0afyzNPQbn6Xq -j4rh+dan/6V3XVXJn5pK7wVaYtXrrRW/Wx9avx2mzbRNDRVYbHOKZWrS1zE3lMss -SKRXc/WzttYKS+yL9nn+MuFfz1+iP1PqM42PciJoAizNiQ5RQbXBJ/gCHLVeulFO -V1pza0ND1lcW9WZa1j/SHJFeLU1EsT56dwMf3qSHdg9KtdvY4AHgi5EQ49F8IO6+ -C+UMutcgeH6EkSYKpL5dyem7OT4TE1p0AEPQeQzwCYv4VKA1/lIGGsYasaGZascI -kH4jwboKj8iIxdlog7mNyzMv3kvYCM97AgMBAAGjIjAgMAsGA1UdDwQEAwIFoDAR -BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBADmTco5dc1CcEUP3 -nAfo2NC0UDzU+UavkBelxY+67OiGWVlX62GzxfA8iL8HbemwZ0zZbX2xMZVAbQ9Z -IFK5nRj/hYxEVsN2NkYlHI1KmxSjv5HuvK4p2C+/0jOSEFhyNYc1kyjerLlFk9JL -CLhdqTS125FjiQE/qpgrYo/Y7COU37tF8uB4WV3UMq8PsHPdWfaCdU/c5ctuoL1U -4YVWKLe4LG6vLbjRGOX+6kCjJcwK3Dr/zas45wMXDQg1KeyXniC1jbdYXi4E7VNn -Rbdf1SMdlWlBR3LLDhz3kHlOL5UCrf3U8TUsTFlPLR6KJ/Ogx+J6HSPlgXIiGjmx -ZB/hSwzVTZqAjfCHEroQndbjSQTLitC8A0ujCDFztqEuVCfuU8XS3I83bdCNBr34 -SrCfVTjtKDMdDcXh21EZLtB16XXoHfOSuGgQL/ym/HOWqlY7/NHh6za56TmMzWiy -HfYgZAeYtxZWMsXnINALzXl2XR2wQ/g02u3vyCA0CwnBybYWwi8WmNWJcxVMrmEE -DD5sEMW+TZVgs5PgA5ER9gEj8uAS+yxcjNgSDj93cp+uChOl0Zs3jYMD+nUxF48r -kCQPjxF7JLbNS9o4xvNc6fkVDd84Q7tWHH5lKdclEeYn8nvCohPJEEdEsGYSGkab -eOqhTvkLF40TzG6/H0yFBuU9joFc ------END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mysql/certs/server.key b/.ci/docker-compose-file/mysql/certs/server.key deleted file mode 100644 index cc103828b..000000000 --- a/.ci/docker-compose-file/mysql/certs/server.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAodnDPQfWZxQd2hNqXX6H+492fnLUrap4xWVM4GXDNGn8szT0 -G5+l6o+K4fnWp/+ld11VyZ+aSu8FWmLV660Vv1sfWr8dps20TQ0VWGxzimVq0tcx -N5TLLEikV3P1s7bWCkvsi/Z5/jLhX89foj9T6jONj3IiaAIszYkOUUG1wSf4Ahy1 -XrpRTldac2tDQ9ZXFvVmWtY/0hyRXi1NRLE+encDH96kh3YPSrXb2OAB4IuREOPR -fCDuvgvlDLrXIHh+hJEmCqS+Xcnpuzk+ExNadABD0HkM8AmL+FSgNf5SBhrGGrGh -mWrHCJB+I8G6Co/IiMXZaIO5jcszL95L2AjPewIDAQABAoIBAFaAv7OXw8S14LqU -U+4CWYVfCNLOZtMm4IOH/82TNgCGgRP6wlkdO50g+PaMBGkn3nTsgpRPZDSWiULk -vjbG/G+YsSpcKOnk2W+xBW6MEDiwuaZUcy6krO5PKN7A0For5zv7lkK8CjmNUh1W -BWP++seapBc9xhvWxcFYdjmBqDXCYEEkb7oqgE5slDlHAtMGNlqu8RxLem3Z5tgD -8EuApwf5kPiPUt6TObGanY8CPrCrTb993IUTE3wZoaVk06Iz/1CTpzU7/XN6Z2RC -0U1UbDDpUec8r7gAN8URJ6zL0QCU45qQVABOKbWOQZORVnbkbDwWpD5Sr9ySIm1p -2WhP81kCgYEA0cF1CJmBs8kAOuHnvDSkNOyrzMRsGPbtB7l2n/Xg1WZ6OlexcBGi -ovFf428VaXpJRNfWFmuiSh2I5HV3FMGyLGOo3Rs6h4IHk9MGYzujRtia9x153PoR -O7oOKzu760CvlEQ8og4IcaHfp2ZiWw2F4W/gGVdXvXl79bgjbyLAYOcCgYEAxYiP -SXEEPPPGWy+kV7iSzzo32ybWJ1ftYcwZ+jENvaCSfNvZbDnZtOrzeHTI97oNe38n -WtE751qJsuoVM/YD5lJhPL7GP0CtkLq+oO0/smRqk+r767NJTWBOCbOcQ0NJ/1il -fojvPKYX8sFMRBkmCGRHnjEW1QUhJtuot1Dfxk0CgYAIkWNrb4HJyzsULKgfmvLe -KpC184wK1QNHnn7G9+8wKFhzy6M21bGUAFIPYzk3rsQRaNOY5NqjNmOiGV483dCe -WY/LQFJ6uIgAtMz8/rGjsjNaRrz0ls5fZzEu+OirKmBBqSvk3rfflGIjX15DI+FF -HSHFRzkRR0YV+miQIJZFHwKBgBuOxKazTKsQO1EHYX8XcevVLGu3jFLq0mQ9bDZa -V5dn6mfe6ANQQs4ZpSPd7xeYbj8Xay8hV6EcIW/DdnfMT5j3TzeBSfkTFePGGcgr -sSI7Hh9KviCQ354a3GhAFYHQxmcIP/ZaNj4Y0eh9DR3HAGZVTySDprLLR2e7Z1tD -viRVAoGAZKinM3zuPm2jAoIwYLB3Z/X0qewiLdf7JMmhelHHscB+F6fUqURSeBaX -GvIYkkKvoVt4qPpSeDBpmkRF682Zo2VegVTakWW0vxliAOTNCZCAC2zsZxGZ0E/r -LysCtImLRyZws2a2RWR9ONplCclrYiVxwr9y+TaltAx/RED0Y8c= ------END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/pgsql/Dockerfile b/.ci/docker-compose-file/pgsql/Dockerfile index c39b1d0b9..f26e18d0e 100644 --- a/.ci/docker-compose-file/pgsql/Dockerfile +++ b/.ci/docker-compose-file/pgsql/Dockerfile @@ -1,7 +1,7 @@ ARG BUILD_FROM=postgres:13 FROM ${BUILD_FROM} ARG POSTGRES_USER=postgres -COPY --chown=$POSTGRES_USER pg_hba.conf /var/lib/postgresql/pg_hba.conf +COPY --chown=$POSTGRES_USER ./pgsql/pg_hba.conf /var/lib/postgresql/pg_hba.conf COPY --chown=$POSTGRES_USER certs/server.key /var/lib/postgresql/server.key COPY --chown=$POSTGRES_USER certs/server.crt /var/lib/postgresql/server.crt COPY --chown=$POSTGRES_USER certs/ca.crt /var/lib/postgresql/root.crt diff --git a/.ci/docker-compose-file/pgsql/certs/ca.crt b/.ci/docker-compose-file/pgsql/certs/ca.crt deleted file mode 100644 index e0b066224..000000000 --- a/.ci/docker-compose-file/pgsql/certs/ca.crt +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE5DCCAswCCQDo376AfE/3SzANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF -TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy -MjMwNjQwNTFaFw00OTA1MTAwNjQwNTFaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe -MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEAzfdsesQLefz8rQFMKWTSqfQrb9Tt9AXM8x56fCtlduV8 -LM83l8NAmf8CdwlcOMW0tw1igrjf7yezCOdr9ffIo9K+jQJBq4cxqF756hWLp/2J -poqqG7rJUwamky4lVXg/W6beaticxMku9Ve6uZqNekKvCZ15bb4OoWkFRfCrjCYV -SB5Q6mcrzYmXpdazbPhSba211boiCL/ltwq/9up3ejE6eRrJevlk+AFebEQXA0zG -JGeQ2kGXmqEnMUbUlYySINH24ghyMcel4kffPFbgrYXz8UtUtpKHkladk6awAQoh -JkwK8kRhsAKH/Gcom30zEMAq8M6k4DgOOvD4cwiKWFdZGWrP/r+BCij1I4M0jrAg -KnCEWWG6N7ZluAoxCvtgAFynRqQ+XB2V8VAiOpa0FuJJXe/c4+9w4OX6Yw/DqsJd -/R9l1PiOCtkOYIpv2fT/5t/n/tiH+46BgSCGYoCUq1Z8/PVXzN7iIdiyyK37CAXf -2V02jGC5JWGK7URItVEPrzLBOLW8+lqb7Qud98TW9qqdJBsx43si/1QWOISHUOkz -3SDYJGh0xka2IRhSSEAiJTGA0QbeQ44122VB+pP+0zytTAVpVdckvrMTfHI+zxhz -4pc6QbLNsr9kncvIw0cqIrzFnXtxWS6RPMRWgnydR7OoOMzcxcEtjN6XUjdpGT8C -AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAtReLK45ujUH/IAYPp9ikMPZb9MOcpH+g -VarcW0LnZvU1nK8YyCQpq2vnkKYuBeJQKzWdx/OuBz4tV5d/nXH/+LfMHyxHNgC9 -QZw12NWcZ9ghr9kPBr69fFmf6tWwNaHYmgQPdY56RfWO2jQXElNsbj4BuDic2jSf -uDm96z7i3YUxPt71VLwRviD5gHIMfO3O6FsfMBV3cv1hJq5EQUEj+hydC46tj6sl -9hZxJCkGlAvLFtzyUI6FO16CChgqX9C2F6anxEia3ATUyM6McCgplBBBKp+PCLWY -e1nkgsShFHOkp6EX5RnM0UQDrXjKrHie0KDar5CrSTImdWoaDQsVcMBeuXKtIIS2 -u4fWrSMWZb7O3MiVy8Srkhr00NMI0zWPnfXG+egGCXeog2MrpPE/1h+vvg43PJXU -+DXhJXtB4PS5s+dw2DRJLj8yGyG0ph3A2W9OG8XxZa8VHHPPBCu8pnHrCn0AEpzA -wJ2g7+CIS8qclPCR21DzhC21bW0CSHAO5g/SjmwH+H2BrXhfRQeGPJ1m+lDNfyVk -TKARDtUCZDfXHesnR+GCp4ZmnInwYb8kt+8JmXjbMh4hWutQ7tpXvhvbpZaEUzuf -2E+n+kW9y6+iVVw53m7+VlxMCUrAU17dcxQ6LiXrHcI6KeriDn+b6kN0K+ZijN3w -SrAQWl5NPsA= ------END CERTIFICATE----- diff --git a/.ci/docker-compose-file/pgsql/certs/ca.key b/.ci/docker-compose-file/pgsql/certs/ca.key deleted file mode 100644 index fc929cc1c..000000000 --- a/.ci/docker-compose-file/pgsql/certs/ca.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEAzfdsesQLefz8rQFMKWTSqfQrb9Tt9AXM8x56fCtlduV8LM83 -l8NAmf8CdwlcOMW0tw1igrjf7yezCOdr9ffIo9K+jQJBq4cxqF756hWLp/2Jpoqq -G7rJUwamky4lVXg/W6beaticxMku9Ve6uZqNekKvCZ15bb4OoWkFRfCrjCYVSB5Q -6mcrzYmXpdazbPhSba211boiCL/ltwq/9up3ejE6eRrJevlk+AFebEQXA0zGJGeQ -2kGXmqEnMUbUlYySINH24ghyMcel4kffPFbgrYXz8UtUtpKHkladk6awAQohJkwK -8kRhsAKH/Gcom30zEMAq8M6k4DgOOvD4cwiKWFdZGWrP/r+BCij1I4M0jrAgKnCE -WWG6N7ZluAoxCvtgAFynRqQ+XB2V8VAiOpa0FuJJXe/c4+9w4OX6Yw/DqsJd/R9l -1PiOCtkOYIpv2fT/5t/n/tiH+46BgSCGYoCUq1Z8/PVXzN7iIdiyyK37CAXf2V02 -jGC5JWGK7URItVEPrzLBOLW8+lqb7Qud98TW9qqdJBsx43si/1QWOISHUOkz3SDY -JGh0xka2IRhSSEAiJTGA0QbeQ44122VB+pP+0zytTAVpVdckvrMTfHI+zxhz4pc6 -QbLNsr9kncvIw0cqIrzFnXtxWS6RPMRWgnydR7OoOMzcxcEtjN6XUjdpGT8CAwEA -AQKCAgAo9aBsFZqWqtnw6cYkoTlHtRgCSFz93z1vx8rh8Jtf9qkoHBlZI+ov9cee -tozReXfDw3SovG1EGSgAiE0vABS1h45/akh2/Q7CBgk7JQe946zBIuhLVWz+Bt+P -e2jPQ3eOGXQ32VXryHp/LfAjQvoJq0M17Uwdp+Mu9DypOQBUgapPyj+bLeNHH6q5 -vyW1cPireRUlKLvl84uSSB/+0YfrE+kl9k7FFt2eeF83tp7A+D6bNMFYthyZEp1B -rm1OREM3JaosLzPOdH6nrlVVoY1S1MW7YZi6Kg+t6W2y1D5CJqqK/CpdHX4zy30R -k84+hbpnBWBEvUOKl3s0+4DdF4CzT2BbBxqfcUSoNy+xdWCNa+v/bt5GnRh8Nq/u -4xuOkyu9fE4C44zYRjvNqTE2urzcHC7Y59k+GC+1TNRm2TLr25+OBq3Uki+RNufm -HQ6ocv+W30/UIqkOf17IP4u7cuWyff9yMyQmRZknscLTyzJswec2ku0sRfWee21A -DxkQEacGn8ngsJB3Z861D5XAQz5PdW2TPAYlMrKVwBzGF/C4gURk8g48xWQVLyQr -11a58HioxsrpCcARYB19pZoDZuO0xBSILXwT84o2TNXzNq+GjqDePx2VxMCXCw9G -C4wQkWt7diJW2p54PK9lS53XEecCrycINMH67dmoreA3YLJ8IQKCAQEA7fC0sYAK -HneuNK5bih05VuG8iRfMkJKob1tURk98l1FXlJKasQNL/uTdRkLaEttONy3BY8OW -/TshOEtTRrRZ+2F3e4vnto8cU4ZuEHHJeZ2FW40XTHaTSLS65QOWGpCUx57wZM/3 -0Xt4XgXP0WTmncwtP0uyDdP53jdpOBx5qgIMcu5jyav/t+K1F/7jTiT8C7o6Smdl -ZVGXUgJi4wKK4IMe9UZlhdf2CPVeEQ4DISek8Us/BM4qtM+tNr5J8PvU64vNMRMY -O4NrF2kW/t/8H8GodvgBctDfCtkfyofMdWU2S+n8icuJ4OFi0czOwbO95RmptRF4 -t8upsv9cHLvq8QKCAQEA3ZlzzN0JWp3Oq0586vfPrCV595NpunIn1kU6KWJvwQTO -OByLZD0rDFMSVGsJTbNeNJsW2NvNGsuNWAxyu3O/Cg6orXWRkQjIzH85vX0F8NNi -7ubPECPZNVWDTeCDPNewRCYS9Nt7NncJv5xD4C09oFVY6KHlmJGuT6b3jtT6Xd0Y -BLMjmeEXYwVV65diEjF23UAflbf8J03VFqwPNWQAUDXlErLJow1ukxepDRHXpleu -DFHv9uxshb6diGywSPz9VsgyIBe/3U+yG2A5ts7cHy/h2mnfP7mnYQ7q8gdZv7eC -mGHnmUAVmcn558pzIZTtQNyhcXBIsvGt6LuWd4JnLwKCAQEAsTMs7m/jmVMaCqO7 -Cn2/ISQWC6cMsrJ1/BBxD7fMmsh6R+xyhddltlttKxFIZPisJE3QE2MrREXP9KOs -TiCsTpkEqZ7EnuGvf8jCmT6UhBy6nzbRHiHEiEYIVdu44um/03Zbo0h6T6j7OFJt -tYzGbsgK/nN6E/BEyqhLlP0n4mOKL+G3sQ6F78VHhqpNT/odNwKmvJiKG82KuwmJ -6XQQRyl/WbzmiKoP0hYhyuO7kup6XTTjpsl/Zo6vefB3EqAJrq27z4tf5Zp2m8Wo -2YGnu2K2+nqyYXaKVQLkOSmvK9KHgDuu1lQdx7syo/o6FGmuxzq4d1+enopvRB4G -1GNikQKCAQEAq2oTWIo2vSDLCFpbaMqumyQWN7uREodRZ37/YZnihnV4K5FxBeYH -Ea6ExEZT2QYBvkGlp7RG8Q451L00VupPAbGbKyqBoqYf5YgYmwpF+ScbJV/nFj4U -vBvcyPX9rqfNkrm8+il5IwVrxgtTuepk/ExozPLHDoDKTJUEdDktPkRTWvdTd6nV -lGRBNU9Rrm8S2kzK4d6DL8gWKEaKMSuczm8SNqeUMAuo2CF6REDkBqlWWfNb4y65 -N6/eXfRtXNhOA74yf/6/DKukQ2bo3g8f2QQJ+hDhf4LWBc8rUHL9Kr8CR2ucYkBf -NSo2pOVGr9hqujywqXZI1hr7AsdwuhtmQwKCAQAaB/IU6MvoCuILwEv1za/1jS1i -jAPnoFQ835r2+SjJNxPTFUseEYnxraiZPMaf/sGk2DvJGoswnTDaDnyUoWV0i17q -IgIYbZt2n1pR3SM1wLN2pOJKSN5cFKqG3UvwGO57BXIeotowd3WmnG2V0fL8HK4G -2tOPjUkbvDsKim+pgfTv/uxawJocmaKw+VWPuIaXcDkgxjdAXN4AXOmqsqwROKLp -A9t+cNEdjRHl/vkRPbEjyP1xAeRP5e2hWumdbixYV+MJPBOz9Eu53lYkP++VKBhi -PvFUuNqoF7YZ/JwYWsrs+I2qLqihJMHNH4ZeOq20zUvZd6YjIypvFrtWMDUp ------END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/pgsql/certs/client.crt b/.ci/docker-compose-file/pgsql/certs/client.crt deleted file mode 100644 index af886570e..000000000 --- a/.ci/docker-compose-file/pgsql/certs/client.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID/jCCAeagAwIBAgIJAPKjgQdlPyGlMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyMzA2NDA1MloXDTQ5MDUxMDA2NDA1MlowJTESMBAGA1UECgwJRU1RWCBU -ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCwwqKdZfHA2cgw42+s6URM0UXzve3X7ji6nPxC3rQKM82/Ol8iQfyIrCVy -WlVoxQppCBNDoPTCy+yrlAPWBWq95P+rOiXH3MeO86Z4mK9O8rwsRz9Yv3eOA7Ql -hlfrnFPD2E1t/XgpyuDxDA5lgLaB0nIu8Xklj4ZSXWHpTciY32HlyS7jpWSK94Ol -d+6D0kcWiu3ZLZ0Xgk+Br5Zkot5SjU4aUiCsD/rpil1YTHZ851kmXWhqaxetBPAO -bFUpxXffx3ou9+eQkWy8Za4BJOA3aaija+4ArVqcjrrzkEDzW1ESElRjdWegNaCk -g03nh3hpPogQjRYCHRTjMVli47+nAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg -hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBACOZsZdARELdQRe5WBkV -MTNZqei4TSFTjV8uocEuTMR7LV6HosmMZa/RqGTe3yU4tkUpHOYzxT1F9QlFl73s -hgcbPr1LRVn7XLEof8wKlxCElgqUKAsGHbjFFzhnw47c1tiiHablhLTWjfU/pMq2 -G9kFXqE8Jo+YNvbaUaC4YxFkc/Z2q/2rqhvmVVhcjsk0WwQ9hF47IwNl7ReUUNw1 -dxcPLUAQWyw4+lUeYkwMNZFL5MeARmIkiGJiKv4/yFxDyWe1Sjvp1K5H9RifR1Bn -fp21IUUjkP0+qYMnrV4L+4u8mxKO0JiV6Y/peIKzaOOULEB9bCgakBZQUpCNsFnt -MeSmtDR8LZtg3UFGCZeGj6QxiZ82kyqWmD7hcC8ag4KFGUlzmmdNFVD2Rgz0vGc9 -W8mXbWv39eaUBXitjEe8JwKWkeEFdRvKOfw5Jm4YCpYFsFTBIho+qaoF99odslAC -pY0LIjJhtfflbsGRz9y9MLGqhtZiDEv5CExv93FcnMuOQ9ZQSnGb2M2iyNl6zs2f -uZfzawvpEYisPjeMs7T2ys1gACqMxi8hwYpfBP/TQJ6iHtioUC+l9UfL/VwP8dky -yVi7Y5jka18RNSZHMj41rxIb2wgXm1/1vxAmkEm2/6ba8fR41s0tDCv3LylDehv1 -sNWUTEwylVLrkVay8UHhFsTZ ------END CERTIFICATE----- diff --git a/.ci/docker-compose-file/pgsql/certs/client.key b/.ci/docker-compose-file/pgsql/certs/client.key deleted file mode 100644 index 0795d511f..000000000 --- a/.ci/docker-compose-file/pgsql/certs/client.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAsMKinWXxwNnIMONvrOlETNFF873t1+44upz8Qt60CjPNvzpf -IkH8iKwlclpVaMUKaQgTQ6D0wsvsq5QD1gVqveT/qzolx9zHjvOmeJivTvK8LEc/ -WL93jgO0JYZX65xTw9hNbf14Kcrg8QwOZYC2gdJyLvF5JY+GUl1h6U3ImN9h5cku -46VkiveDpXfug9JHFort2S2dF4JPga+WZKLeUo1OGlIgrA/66YpdWEx2fOdZJl1o -amsXrQTwDmxVKcV338d6LvfnkJFsvGWuASTgN2moo2vuAK1anI6685BA81tREhJU -Y3VnoDWgpINN54d4aT6IEI0WAh0U4zFZYuO/pwIDAQABAoIBAFSKct5XMN5tCxue -2/3Wf61B9nQSphw9uvI+PUT6YR/0EPbiQzgOWWtA8pQT8n+upkD/9L7Gz+oPQL37 -iC4n3xq92S6bHBDQXr3XeQp69HYNEMUYuoqG4PaSfOnprElrNoEYBkiSD5Pljdqc -SpJvklrbPXOIWMoHMFZahYbhhgzfFpCdruY6NFTDlLxy8XOBUXAGCol3MJUkLBbd -ez3te1PXSVTQduE28qNi/wxIjAlTqsd6mwoakObiXp0If8lultt21UTnVmCRO9Mr -1opJFuzNnyAu03uMgh/0EEU0ecIe3tSnqntpWj1dJVWetBEx+6SkuEehC0PP8XDL -KphG3nECgYEA4U5nVIVFWzxNtyBX3i3Qy7ejt4S97vPa2GhDbGPpfx1meFZGkCXo -0Xke1syqxaXAyAZqB6TLN0iLhcjNoa+XTr7pm/f8IitSNCwqFHvhtqYpsAmV0+zn -ngsPmQP/dVPOOHYI0kCm1ktQHMmTpJ3PUjUKAJSFQCrg4TL9Z/NCYgkCgYEAyNcu -oejjuCJO3qSJ74huieOfvJonSTkWOf4CQm1wiPSgQ1w5yxGmUVlwyjMzZhAWICF7 -pJ55bOnEuo1NYcxGDjFPSaf0e9F3FMmzJRrMUfR10V4PqrTk+ouVAJ6luFHA8yzS -GeO5mvzPeW16vAQgXzB4RswyaWHD2TCkn1YFwC8CgYAmOpdtz+8ku+az29kM6dkz -t8UfrnZLxTSs44QNMCa+Ws64PGtcqhIG+PYynCedwbIkPnJfOacBil2iJaA+fvy9 -b8dTn5A4fAFGuPeq4ho6U5dfN0Ek5F2og1fyLqt5zO6AxgZZJn8ofT7qo4lZtS0o -VbeMwaaabKwbiftVWAE7gQKBgGfAwhZieUFmd9gMqDVWBcS2Eo8cE6+ADjtnPUOT -xc76kNA7lJ+TPphH3DyYtrTDGqr+oSEpvRDGsxqsZI1hOc+bKZqjaWmNjDbw+9rv -PR4Za8P9E5rcWG4WLaNkUbgmg8ccIG2/duLaN1RDemQmvZJvN7NbSa+nEcXhmym1 -BsOBAoGAQnMIGe10cS2drHitTCKSCZBrJtqNIZT6UfJ5iPy0h0Haz53anXKsfvp3 -HO++G8GV+xFxYyiDd+PuUSk13DnnFUw69f3Yb0aWY4scwMZ7+VSdJaPhPFZlslcv -jEFJstKOjIkshR2/hDQMFS+eHQ12+LYNDJqKH0SFS3lCi/Oo6Js= ------END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/pgsql/certs/server.crt b/.ci/docker-compose-file/pgsql/certs/server.crt deleted file mode 100644 index f1c83a065..000000000 --- a/.ci/docker-compose-file/pgsql/certs/server.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEATCCAemgAwIBAgIJAPKjgQdlPyGkMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyMzA2NDA1MVoXDTQ5MDUxMDA2NDA1MVowKDESMBAGA1UECgwJRU1RWCBU -ZXN0MRIwEAYDVQQDDAlwZ3NxbC10bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQC/FuY3pDWvJ0KudNVBurfi5j6/2MtmEcc37q1maF/13aBu+zaktMq3 -8qpjxqO4YnsKqBQ6AtEUZY4pQ2OMJAFgwrZuJ3uH5/d9NkunSSh6X0yvA0m6b5yb -TfQCa8e3q7HRtjn/aIEfMmUIEpOlgHe6/mksTpdylHZEODG2GePgldzRyrjZvfNK -Qq9F5KSha5ChZq5xQQa/PsEkxa3upe2u4JUJbyfB4TDJ/KOTJyXKfnbg6iWnQgmx -o8XfOZlMnpkK0Rq8rxnEaQcUBw6+7QHk5IzjLfexhPrQxc3bH+vQLas3MhRPPwxk -Jxm1fClafWw0Io0bQJc6ewppKlLYvYmVAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDAR -BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBAAEOEjKPrwlUOuaT -aBi8Z9V9d6sN/toQshJ9Ko7m1O5qLv7/Lkmhe3VKvPIi7fFFYBnLCj4XVbCbSxYW -kaaV34/GF1S8uEz6/fpcLXpX87Tx95240YSeGMb9TZ0yjcz5Mhi9rlae6zZGDt1Q -eU9ydKsD6QfV1gWgzJ9PWUWJQboRhC2UEokOhLNrM+q38LFXkMJO7iOpD0ppFCZy -P7RheEp/XDyUrhHq0+yioNKBtqv1gc92On9sfZ+tQOk2hM0wqLyZlP8sqrVt7asW -IB/Erph1vjZk7FHiVu2/bplXbrj8vIrDg0SJC82IMxfxK5SLMKrvPDPTKJ0cH43s -OzPaH/te9suIuMt5M125AvT6pFkJSNVz4sihnfeIu9XyUQtcHrPEoVswS6czWAF3 -BHFrkif01CA1ktm5Kbk5Sc3xB6de0hV0IJ2eE3CMLa/jUkD/tZohli4OKSWnKWhe -A4eR2ijmpP1yMYr2UZUfWIDKdv8PKFlBsADNf8WHB8LW5R9284GbS5BRdZZJxCqE -4o7wRZfAhzaGk1YO/ItiN3YqMWhqrA0U4a3hpLksB23bJL/7qu6paF0g0mzpaXpQ -xTG29JnCcvLzEUAe7rtRBD17PT20ZWmoXjHm5WIyGrfYW+akCp5wwuesj/99MlDi -oIwoXwsXrxQuFebE7t0TwdCptau8 ------END CERTIFICATE----- diff --git a/.ci/docker-compose-file/pgsql/certs/server.key b/.ci/docker-compose-file/pgsql/certs/server.key deleted file mode 100644 index b36f145c9..000000000 --- a/.ci/docker-compose-file/pgsql/certs/server.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAvxbmN6Q1rydCrnTVQbq34uY+v9jLZhHHN+6tZmhf9d2gbvs2 -pLTKt/KqY8ajuGJ7CqgUOgLRFGWOKUNjjCQBYMK2bid7h+f3fTZLp0koel9MrwNJ -um+cm030AmvHt6ux0bY5/2iBHzJlCBKTpYB3uv5pLE6XcpR2RDgxthnj4JXc0cq4 -2b3zSkKvReSkoWuQoWaucUEGvz7BJMWt7qXtruCVCW8nweEwyfyjkyclyn524Ool -p0IJsaPF3zmZTJ6ZCtEavK8ZxGkHFAcOvu0B5OSM4y33sYT60MXN2x/r0C2rNzIU -Tz8MZCcZtXwpWn1sNCKNG0CXOnsKaSpS2L2JlQIDAQABAoIBAAGbSK45FDZ3xwi+ -dLiLwFYJB4gHY5ZlGd6vhAezYvMnPN0SAaCa4IVxZdtW5TN8qHordZgTQ/y+6dYQ -+fpIpzZQDMaaUGCRI7SKy1IJvGxi9rsV9P27SH7Jxf5rN4+kwub3eD9cepFvlAfg -WBtxHBCXaPz1YDKXavMh4dEdIJxXwn1lrgfeR1QXVm9W1Pr8ndSuWfFCLmyTQoaj -8U/vlH/A8T5lAYcgmNOaUdNjnqwhgu47Bep0ORUPvKq3mic5E8YmNokODU7RfKO8 -N0O+r5kjPsOVmgxV/9HAbXE6OuXiAmffMTJ1HqeN4Axulc8/ERpUA4bucasaWkcJ -SpykbAECgYEA57J1g9ITlO//8SvR6NKw+cC1bDZf84vkJcj69+bKbqlkcvQBy3yM -wQS1HPKm/h2y/4y0FJhZiT1b8F003Iu0I2KYDPnFLsoMEEXNhq4cFisNg2wxFprR -IsNx5Pgd98rMfmaiXqd8WJ07K59DREn+frBaXpAqL8K19+JLg04D6QECgYEA0yIK -q7ck7yOXhZHRii2yT6d19q4LgH87blZ2o4C0u0QAjFKjwX5rOVGGDJHkBHr/Al39 -UPPldwelWMgMsiYX/iWsbGrUYJWjXz1VaH2OyW1AjJBfFSdoClh62MkkRqtJz3u5 -fhCdez8CanWjLZ8wPxpC5/K1fJX1rf2Lzxuq7JUCgYEAgmCLfAfkePSsIvuzfL3C -VGe6LxBR4ewgD5sOjhzSYH71RTJFKEoHsj2B5K4uheQUa3SziLtJ9s4ORC1Op6P9 -U8QRJ4wNBw0uyKFey6CBsX+8dO2Wmc+4S0WLe3qa8mqts5rxVy4L7JldSGiwI2c3 -y/ZUg82/z2xTlQ9DyrlFvgECgYEAwk5/94xzh0oANsL+TubDRZ9eZwnCOB3f+inE -wbC/o+BviLS9VGQeFgA7F/JkION5MRqC+S+dLLBysYRaetGoHxNY3eZrUgAk/I+b -vLBg6muLjlGH0BYWH/9R/5UNt6QIJ9U73xM3e6d/d66P4HqykkB+9qxd7iysj9Xa -B171LQkCgYAeRphOByb4T0pcxStTKw1D3KyKFhxesMFG1I0ZfJIro3Tj3xlvDFAI -I3/efUErLJ25fHAbwjrU5+uszi8+aRO6j4MBXzgNKP99iVFaaQrS++q5yDG49D25 -B91dDrpLsvXIFGpFraVlvVbyxoaih7Gp9RCuXL1ZduvBi9Xje/H0Rg== ------END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/redis/certs/ca.crt b/.ci/docker-compose-file/redis/certs/ca.crt deleted file mode 100644 index b0f76f987..000000000 --- a/.ci/docker-compose-file/redis/certs/ca.crt +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE5DCCAswCCQD2ieWzz1mwdjANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF -TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy -MjMwNjM4MTdaFw00OTA1MTAwNjM4MTdaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe -MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA3bvxD+2GQhtpOa5DcH48vP198WlWfwe1/OAW3Hk9Klxc -c3AriAQkTZ/KtSuCQXYP8UKXpI3c4anl1Q6JA4zkPy8UCRj060CAK6c58G28w8gt -mCdZZpIMxdnGXdQmdijan1oMYHMkPOmOW1c0J+XyKurvNNTvf32OZAp3FX9/9BG/ -QgpWoR4QTs0wv/VfPUmCEZA4IPMfT1clKoyj+zf+9GBPf1mEsdA9gDl0aT4531yr -gTO4HzhQq/3rlwKVVCJP0m4XGkhydp7Ozk4lJedPnKKbHzXjGEY6tITGqYsL4FMA -UoDEB6i1A6Pq6Ks4aADDisDhJhHMnnexxBOB1I3ZAbqotRpa+J+SqCK1A493KP10 -hQDCK/Vwqn9iPinjZzVireN0Ogv0pHke+qQs6bXCbEMxnj1Wk+87Afg62TFtTsfb -J4by0fJefqHI2TKjQp7QQX/vMoXcNXM508HzQFuSeURz725Lqm8RvOLsGqiZIvpc -zyTA9uFrv0fYtp5iqPyg5igRQ3zgO0hnsRg7aGhZoEp+01aLCtVAPiNUHRxArP3n -FbyEt0DiDlw70SHnLrTyjcZl2cQdlwTo0uv8vkLlwFk2TO73fe3CzJTO3tY5n8Hg -PN1s/SBh/iKe95CxOECrSvX6oUKlI9aQBAEeZUy0d7mO7UMmjw//KaHVoDsAYFcC -AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAhPGwtBjJlLr6fiuPURQdU3Mf5dwVJl3w -Ou2cdV+Cqx3BBqHEH5QOcvjTn6MhvlD4fROLa025Ad8HEA+c/SWofyHpYXN+enJn -IMGl1SXwx3dU+n3o1xVqthkP21Kp+TIsD5ZhZONT1uVKbhgc8A8qJgq6fzLH1qmS -XxmNZgss8QFg0lzILxCWq5Jao59GvM7he8b1JI1pRBFONdLMJmYfYLZ4gZfgSe/8 -omt2yqkym6MvANIArLn1x/K+ugKLWhHCz3W/qI6kHHfTYGFknRSEwswMgTsZc0Nw -Y4TbLcqZOjaB3HNXlTxE6B0UZKWGcexC9QkQZmnH32FbVv++RzVk62zD20kqll6/ -MwXTWXj6ML29xKyk7mCIhgdLCCPxJmaaBmNDUQpAzrd2ALTeTvNPj/1gjod9iSh/ -l/EXinNUnGZOSNP5hVzyH6seBhwT41yuLITghgRNwrnsGu3J/l80oRcKceWsEDe3 -yQLzEdpvcWnRH4kmULwB4d9w/20ThVESTJ8/Ran8xmpzmEfeiWZpyE7PMOSGgzy8 -xhLK8+F0ebkFyKQyMLDbSbvib+c5FAzlq5keszQfFKBDMa2reUf/qg75rAQDGwXR -C3Lw5K5/EZXSloTfo13hEMbLBttaWaKl9CIoZCcihsHdGrND3UM0ds2BWarmgqkB -/5+umpUJwJU= ------END CERTIFICATE----- diff --git a/.ci/docker-compose-file/redis/certs/ca.key b/.ci/docker-compose-file/redis/certs/ca.key deleted file mode 100644 index 6d6e27c38..000000000 --- a/.ci/docker-compose-file/redis/certs/ca.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEA3bvxD+2GQhtpOa5DcH48vP198WlWfwe1/OAW3Hk9Klxcc3Ar -iAQkTZ/KtSuCQXYP8UKXpI3c4anl1Q6JA4zkPy8UCRj060CAK6c58G28w8gtmCdZ -ZpIMxdnGXdQmdijan1oMYHMkPOmOW1c0J+XyKurvNNTvf32OZAp3FX9/9BG/QgpW -oR4QTs0wv/VfPUmCEZA4IPMfT1clKoyj+zf+9GBPf1mEsdA9gDl0aT4531yrgTO4 -HzhQq/3rlwKVVCJP0m4XGkhydp7Ozk4lJedPnKKbHzXjGEY6tITGqYsL4FMAUoDE -B6i1A6Pq6Ks4aADDisDhJhHMnnexxBOB1I3ZAbqotRpa+J+SqCK1A493KP10hQDC -K/Vwqn9iPinjZzVireN0Ogv0pHke+qQs6bXCbEMxnj1Wk+87Afg62TFtTsfbJ4by -0fJefqHI2TKjQp7QQX/vMoXcNXM508HzQFuSeURz725Lqm8RvOLsGqiZIvpczyTA -9uFrv0fYtp5iqPyg5igRQ3zgO0hnsRg7aGhZoEp+01aLCtVAPiNUHRxArP3nFbyE -t0DiDlw70SHnLrTyjcZl2cQdlwTo0uv8vkLlwFk2TO73fe3CzJTO3tY5n8HgPN1s -/SBh/iKe95CxOECrSvX6oUKlI9aQBAEeZUy0d7mO7UMmjw//KaHVoDsAYFcCAwEA -AQKCAgEAnVNQg2Cgth8E1ixTJWosZlvmFHgNKyypb7cAAYb0Yy4NWsrn2CY4K+uI -xGsOjKvcO+5n8hXF90e5Dya1CJPbDwm0SZAvlwu45UBN183E9ZT+5MpmoGRYM7mF -CeYRNB1goVgfGAAaYi3FGAITu4tn/BOdjfrXw7muYkUaoWJJwz8kWRNEzCSspXzp -bgoHfVC+vP97E8XtHTpT4JDReNoOSA5d2ZoGkLOUL3qUomfIYDc8aPvtVBl9A8uy -cP8gPQXrZP8/3SIyNQAQ9Eh2CyLIVfb54Xc2nm6WEKd03a8OyieaPu+mJ1kItoCD -mHqEFycTl0urdHuEl5uNwfWlVM8gfMrKeI7qLFIRNInuQrl3aEP1wfLdBowxTdIA -GOk7Ab8ObE1zW52jjUVE08/UZeFoMfqn7jL4ViiARk01UsDKuwXj4M1HQnrrfePn -2Y4G7fiDgdwU+GjvUS+cg9f/cI6ADKi6nxhwAUIyyVY0+OvN76BiNGyKeGE5IjL+ -MLIOY5PKs/YakGBhYfAOAlqlO0LCRPPqkVqoD6ekvQBgopmE2tNhVqlB1WA2sU5I -Ef8RxAWS1WIjGlA0131U5Z4Z0oyIEyG2Zs5i32RFjUmpKevyEV/aLICHvis1rDdD -pdX+ici7ZwSVZZHtkDyu7mH4kmkhKp77oKMcHiRdDzxGvIBM7kECggEBAP4siFF6 -qBej5A4CRld+7BY+I4HjKWRy3lNwFaPECaGsrWnyp+7eoQimNZshXBN6lV5MNbIb -b5JgiASA9Wny6JztBk1OVvxFGRrDK1HysHa6XRwA3JnsfYQV0Jzlf+KeDcA9ldBc -yWZ1X3lHt1AKrpAinAsobnMCIy5v00H2ccS3mlOpfli/l79RO5Dc8pG7Ht4PZuvr -ROamNi7DAk1qpA1fkblPyoH8GlGsWmeLtuC7533QtcXrSczArpbM+/sBb2eHojbe -bo4mdDapeXBHqbc36JJ/6p4MNvBQUVa19OIGWms+xV6iXYkg1MsahT4rhfH5XaE1 -P6RHm5U3uwkN+A8CggEBAN9Tvz34t/b06ujWhT3Qz1PgnlwPj0bvE3srMzJw9fn6 -Vo6xVFwduhpsFE8jb+q98bNb96rtk3qGZ6TegwFMZa4Hv3zDgov3eqCaAg46P9fg -A7UK6rXgBwqR8lbqEu6tq2WErniRTOIBwSSBARqM2a3YZczmqQC3EAUPSMps2Gdg -i0Tr3QpPANrPUP3TL5FaZQacRjl23dO2FTpo9xPEMhMO5IS8CMSOshp/FAhFTCRV -geYOQaNAmGOJe5ZlM5ctRnlZLTE0+Tl8flZQoGjlZs2dzRDU/OlrKgYcXkBMsy1J -nijYkCmU4BlskaoHuhUT4ScOnYj88+WQ/1ezAneMizkCggEBAPDs81YQZs7pud0R -iO2c0FoREoUm9vBQ9a6vWsO9qceHL2Vy7n28p3XUXpGqYGXSV01n/anS2cItICDs -wDNqXdWJ0uRqMoezU6WLhD+MRHp2EpXdtz1r7lnKd9CQtdTwLmafuacknH8zGImU -Ug1b4rWbKMBm1bLMPt7gfqZS3OozguR0j9+91DAz5rtcw80hSpQAk3VisA/VUxym -GkOZpuFKSo4WNQVbGvN55MOrqnCBjF80+2gcq/qaVaN5sAvwA1JmPXu3AaJajuPV -ZtfoBdY294wOFi0ztMu7xi3kEbhBf2mSuXEHhJPb+/h9LfmNNcz0qyyIlce5XJ9n -kTF2/T8CggEARmRORklMKxIdrRBY5RgZEXYeVCQvZAtdV5hRRdfnIEjw2X85eOOB -0mw4po0j7Ji8Q218jireLmOI7aWZI2KiNg2JJNk3H8j8pPyGI1fm4bNhV8I+It+f -OIyyFwUmvIaPHKuKlsQtuJsW9tuWrniw8CPiSoh1wpzw9rdPmUZfm44Jt8qkXGh0 -e4OXIrpbJvSYHVJKrDg0SVP+Mu/82QUhR3KNQu1F0jasGr/tX4IAMv+ktw/NTpjA -r7cY9lmlvkPuD7e1D+qDl8QOykQVm5qbIbpYdbK8mRJHJ6/vYVMLsv2eVX+VSRX8 -4OagrzhKRfSDJl1r+E7KzZQ7d7gb0fTBuQKCAQA8+59lX2HcJicx/YEs7aBbLb2d -tqIrMG/cj96DLIRFXeAoOjCD8X2xZYNAA5WqY1TiziTLDFbBsqAMig8KwMYNb8br -fWfvUpuW2cGFbiw5VmGbJOnf8OOqYwsKZ02RPQuJGDBVBHDYurS1/WEg772+HbL5 -sO4rdsaSBcZSk9pt1+ERsxuDDCfzQkG2mz9pBjJua7b0N6U7CfJQvM8nsxef5y78 -xEkd+PuVfmerHl3TYLdOsvhIzi81lXaqodhbReBqtXkbxeMPd18wgMx4Aav1OX3q -C+z1y2JsaF9ZiAU7uMkoWzBrccF6b2lIZmZ6MKxEHl9QTcEfsPElaXEXqKXS ------END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/redis/certs/client.crt b/.ci/docker-compose-file/redis/certs/client.crt deleted file mode 100644 index 70f60e6b5..000000000 --- a/.ci/docker-compose-file/redis/certs/client.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID/jCCAeagAwIBAgIJAJ1b1eCyPY+mMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyMzA2MzgxN1oXDTQ5MDUxMDA2MzgxN1owJTESMBAGA1UECgwJRU1RWCBU -ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCfjMe1lMPoIZRReukG92h6ixX3rgOTVVquHOWmnu6S7o9Xl4j5uoT8T4P1 -JoCv3B8FfaG7G425Hrdx3Sfp9tNW0Y/lbku4dNSE8izFG4VPrT1vk41M1InvQ8y3 -miq6VmfqqXjK7DPi90HhLh0NuG7LoE4WtWnq6nNg2RSA2osPmPJ/YnxIxqcC56kv -gs56ChH/dmWnreZmTralSbiSZdx5fSIQ4BtFHVMM8LcEL10CezuzsC1P0K43DSEv -ShgfDq51LwFHGyFbx0jEABu4tqXtLLDJFw7YdTRjDtHB3LuXRCBtBFoMfcq6GgXE -L6QE/TTMmet4XrYHJ63nWu62EDnFAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg -hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAAD6aGC0eqPqhoOx36g6 -Ckb+BO1/GIJRv6cPJrtzih7pLxAcxyFj0vqM5SWAXxUlsnRIZ68PAEe3/b0WyHh5 -KZ5jqZMCGOOHpe9ZecqGT49QNY1g4f+PWaDMUMhJidm8xHE5snBKXaTzvnbTtvul -CQ+4wcCTdzEq3xzPjuz8M4+Kq2Z95WO1ZmXbMOLyVGJaB7wjl2n5JPVs8bBxaQZi -Q9PHzor/Dafhlea2eqZP4bBFz6hSrZ8ye+18WwiebL6dzFS2z3sMu9yrBmmvi4SZ -hogQT/3bk9eTia0fq6LqFi56GfGloov2pushFKxpxRXnmWS1FJkukld2I/uoxeeU -kSbYk9H0Nq/KyuXgm+6frzXZqeGU7hTn3wreYwiiqpyZs9kUadaR6Q/zSio/C9D3 -Y9negp5LscHhkm6WTj12ZcBicaUJ7dToVXbttj3Me5Uf/QFtba+x4DTGPEUEsNdD -z/9y8MzuGg7/+qoSdQaXGYBOdeWeID8PS5vnwVzutn4KI2GxVLpsEL3I1a2ZVkG/ -ZvKivpyjDT3MCaAAxC7BfspsZuV6cJJfaNn5ozu1fJlgyGgWNj6MfCr67SLkXGIT -29orZbdk2FObZcF5WHa9Fqn3RbTQh+rV7tpv1loxhdZuGNKepDzkSXNN/CDyvb0Q -y49H/UmwxcGoBxxMep6YXgKm ------END CERTIFICATE----- diff --git a/.ci/docker-compose-file/redis/certs/client.key b/.ci/docker-compose-file/redis/certs/client.key deleted file mode 100644 index e62e336c5..000000000 --- a/.ci/docker-compose-file/redis/certs/client.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAn4zHtZTD6CGUUXrpBvdoeosV964Dk1Varhzlpp7uku6PV5eI -+bqE/E+D9SaAr9wfBX2huxuNuR63cd0n6fbTVtGP5W5LuHTUhPIsxRuFT609b5ON -TNSJ70PMt5oqulZn6ql4yuwz4vdB4S4dDbhuy6BOFrVp6upzYNkUgNqLD5jyf2J8 -SManAuepL4LOegoR/3Zlp63mZk62pUm4kmXceX0iEOAbRR1TDPC3BC9dAns7s7At -T9CuNw0hL0oYHw6udS8BRxshW8dIxAAbuLal7SywyRcO2HU0Yw7Rwdy7l0QgbQRa -DH3KuhoFxC+kBP00zJnreF62Byet51ruthA5xQIDAQABAoIBACmYjGB8vm6AgqiT -gLk+O1Dnffyqs2fv8so94mmEOfK4m0pcyWtCA3W8TUzWkupGWxgVXtrnHhXLOkxH -Oia3IPYbgIZyMO+QFe/rK1zgBet14PR75XTIXIWyiWa8nLMj38fAEyvkVMqxZ82L -Nivjj48q5fDprwl9wkLXlY7aazLPZdMa3MCWzB8tzb1OmaKKvOQTnp3AV9+vuSRm -6RlXd/HLQHTrsIOFd3RQ1HXY+I9xHQTtBdFamQL7VUhrFmoGsa+ogC+Zubz90P1U -O2brliKc3lTQr3MJtZVERy2n8MV3ZyVr2b7rcCGx/QqprXKwlIKWcH2SwCSOW+HD -RGWMSYECgYEAzgfiL9Sd0ut8K/vlsWBnEovpfpXzTusLClWVP526Pcu0UYHs1PkE -dScw1eck3vl7ce4V5t5rubZHmlYgMd1cb1hyGDhqs9x2YaZxxf0vT/RYKr9EaIRb -QgAb60OzLjPQ4Fq6TlUXkICT05sqCAXnXmfOOaPMlGb9buz13ExfE3UCgYEAxj75 -ksrT++MCp2/mfIZgwFxRredIVjcJpXoqhCjF2dAbjBVYidKVx9iAEesBlhd6SFFk -xk1tyiMnCEaBFpM/TRI3kFONb/Gc/KTVnPl70CP/CAGBzB6vOnhga2xYgLEW8hZh -MSmVDHMWUlWCvvYYVi5z98VcBFRIkKnrMpWNUxECgYA+2xTcdsc3g/Q8DvuCY+DO -PbUck27JUtfpbTa9U8dv9ueqPjMcvmPnwe8aMwyCoiZRGcvAxXakD8JEiaYE0H3U -0mzsirmy6b2MCRWIy7dVczw6vmOGZ2rX9eSOn/bYT6KX79YK89belPuEgUAPdo2h -tZWq7BgL5mfHIa/YZ8xRyQKBgQCEpNpEV6Xi4Y+DDKJBK4BM9PhJzXhfB1BTAhy0 -dLt883ubDSVCgj5piviWBJH5JRhSjvNIo8IT/9U7+kChJEC0hr3auazm+9i4SmoL -L/qh15PqfWelddp02tpYxhOpd9QMguDhDhuGSvLigAiNUQgTkd1SKSFaXDJ5aNfP -7rSyoQKBgF9MOs30XLuPLOX+PkvexXOMql9uKe/1LEzeJ/gulI6K0HrjRWZrD3xU -eqEAt8sEpd9doepT6JwLo9xBEgniEjwmI1SoJgV02Hq7KLh5k8BK7U5NyJMtRPnU -l+OLhG+ufeyWGllKpaDkeBn3LvQH0LrChsin3uzGbjpi6UUb5fTM ------END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/redis/certs/dhparam2048.pem b/.ci/docker-compose-file/redis/certs/dhparam2048.pem deleted file mode 100644 index e6bb8ca60..000000000 --- a/.ci/docker-compose-file/redis/certs/dhparam2048.pem +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIIBCAKCAQEAu82pIpWMF4FNfu8/rENOziV+BbW6byzqLJJd7DcG3Ou47PA5Sj14 -GLQ9yzesjacqBljBSD4Qip55K0Cp7GM0pq76IOI5H6C+TpVWEdyYtNFpGYLo5SR3 -eJoziRImt2r6YPJbxLRcGFcMnsfSvbhsaCyiYwsFiUxlm8KaTITZ48A+gcPG4mG1 -BkHDXuuWJVomKrUaB7I8mPlKKsczIiPDSsRqeXbvf451mGSWP7QJypdnQveqqI9u -qVymZOPMqF+bcLZWBuwUNzG3q9D403iX310HsRzSl36m0/VaM/Y3Fxc4lzzZAfb1 -1DM/CilTJWINvlm3jtXlbxHv8B6R+jVDEwIBAg== ------END DH PARAMETERS----- diff --git a/.ci/docker-compose-file/redis/certs/openssl.cnf b/.ci/docker-compose-file/redis/certs/openssl.cnf deleted file mode 100644 index 35ba4831b..000000000 --- a/.ci/docker-compose-file/redis/certs/openssl.cnf +++ /dev/null @@ -1,7 +0,0 @@ -[ server_cert ] -keyUsage = digitalSignature, keyEncipherment -nsCertType = server - -[ client_cert ] -keyUsage = digitalSignature, keyEncipherment -nsCertType = client diff --git a/.ci/docker-compose-file/redis/certs/server.crt b/.ci/docker-compose-file/redis/certs/server.crt deleted file mode 100644 index ed7ab6557..000000000 --- a/.ci/docker-compose-file/redis/certs/server.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEATCCAemgAwIBAgIJAJ1b1eCyPY+lMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyMzA2MzgxN1oXDTQ5MDUxMDA2MzgxN1owKDESMBAGA1UECgwJRU1RWCBU -ZXN0MRIwEAYDVQQDDAlyZWRpcy10bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQC7Xiayces0SjNmJMuRyikvVcYDong/1uPMUfxuK2P3nJbRxrR+nZBE -dOPlHWxyfVwdL4XO7lPMhfeA+CQoU+gLWKjRrRSJbK2BrPV6yAViQ2GEAa+1YZut -xZjk6fEP9Yo/JFS3FozPdmXy+U1eSS0pf6oq1UMsad4qLnbChvg9v5K+LsodQ4Ko -J5nYqOV2eUQiD6m+fBAivO712HsFE59SO3/4NrqJNRxhQEFQ19vb1F9KWPZrLukV -6ILY5mxhnONJDWAsF/BZV38g4b8JfDy8TqzcN/Gv1STGvKuRNJddc9er9xXNyIsc -8MEPfk+NwYOFtDiBTpQxXpEQMfEuTbAHAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDAR -BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBAD4dH1vWISjxSCrn -zqOrkjoJr0okOGkDqJ8IqV9ZKCaC4ss7tosOp1gkgv+c9n2H8pwRug4v+0N3e5Lo -4UlTWJHifTCA+Iz6uVgB4ez8mRr7QYlOdWE3Zhm5B21V4oa2pIroTxmmSXjfgL/M -yp/EFZhYDxCCORRf7PJyDJh0mYZyQvjMWkhnGA/JC4pPAjj98mLDbo04U2YCFPUr -wyEU36zW4iueFWvh8tpbhmBGGvmyrf8yy2/XaK53ZMKRupP+DEVXg/rkIFFY6TL0 -Gl4D4hV9BsYwXgL03R3iyV42DjZ7eTKhs3mV2MHUBhJkEALsLUVLNkV2Kq/yvWbY -dpylIALCEMeKhMnssxoZQ4sxtFbFHt2y/2doLB9Ce/kprxkZyQzussHW5KO5EfMM -byCztnbNzwc+AmitBWJfKXig7TC7t1N5qGBtQFSJhhS3IyfyOsI1iKx/V2NsiOR/ -TTIv6G+uIRbayfFXTPPt+r1R5Zn5/65IptOVIYzFMRIyUswdCE51F54K7kCI+4/n -XLj1WFu9VlOzihK/OyDbeLEDPH9iSSymDGfzXDtRaDlMctRdoLn5dgsE2NiEHhzZ -XcyrDRRcvwTtACvGXi6F3DS5iHCiQ/4NO6p4TEZQ9jl0Hf8+/TCFFuE+ejzDhCFP -VQxhZDleyARpFHfZ1bH5ZZKcWYsb ------END CERTIFICATE----- diff --git a/.ci/docker-compose-file/redis/certs/server.key b/.ci/docker-compose-file/redis/certs/server.key deleted file mode 100644 index 29ce58118..000000000 --- a/.ci/docker-compose-file/redis/certs/server.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAu14msnHrNEozZiTLkcopL1XGA6J4P9bjzFH8bitj95yW0ca0 -fp2QRHTj5R1scn1cHS+Fzu5TzIX3gPgkKFPoC1io0a0UiWytgaz1esgFYkNhhAGv -tWGbrcWY5OnxD/WKPyRUtxaMz3Zl8vlNXkktKX+qKtVDLGneKi52wob4Pb+Svi7K -HUOCqCeZ2KjldnlEIg+pvnwQIrzu9dh7BROfUjt/+Da6iTUcYUBBUNfb29RfSlj2 -ay7pFeiC2OZsYZzjSQ1gLBfwWVd/IOG/CXw8vE6s3Dfxr9UkxryrkTSXXXPXq/cV -zciLHPDBD35PjcGDhbQ4gU6UMV6REDHxLk2wBwIDAQABAoIBAQCKv47iZ6+n+iaT -xj2lSVI0Rk0rFd38UFJCVJgcsS8HBsM8tuukM2PI/dJhMOfE5IYY6r8o3J3bf30n -2RlVb8UO2emx03y4w2y88WqbMJGkEYed7G3EYHKbPQ8avQ6RJd/pICtHpYBChUe7 -pNehMYkrCOnnbCOhOQiWre+t36rmdbmD8ZAR4k85iu03lSX53ONJBC1Ivat1J43e -8xfLhQNGaIdidFSzitExTx3TnPhiF9cIs0G4Nkh14E0cEqWLwP7FrRr+FoBr0tbG -bJ0wvrBbNCIkWGOm694vPZzhkz6wEm5VnsE7DCZ8g2YZ9Sq9iEV00HGDaE4r0rhp -cN4YLmqZAoGBANs3LGN4ADuZbv42e6DzQpI+WVCeE097SU7VwW7KmqBgPpqZWpgj -rjiXHKwB2BHNH/TnN7TNC4OrSznkJaa71urebkW86BQfQQgevtTKZDbEqsQaQYNS -9PGWbWTaMuoiQzc7KshHwrp7ZUXIPlSRhG+KzQgM2yo+NUG7Sv+NOmpLAoGBANrO -5XkQPMSGDmFfuzQtBsgOMycOkyF0x7gU5ujfTQkIuVyMWPif7Gh92Gim7HDQpLjK -qmipIEO5bdo6HXCLUQLB1rFXA69VymLPHrkz/ZsN/N6yHSDcdX3p2lRNXoEewzCb -A2PlUC3F6pt24FSwGtEuvacBa5qVoEJpkWmbu/u1AoGAYSBP9X5ctAtmRxICsqw1 -SbCASBzRt3yLXXeN7bWszvP1qO/bWN8uOPqTBI8ImdKFny+22c+jk2IYwXyZRgeh -0Ixe1V0+gnPaj2t357YIss9uTdbIQhRGXKfmrjGTL3Ogzl7TtMs+tvsnQsTXAQc8 -Y2NfNnrjvBK16/q83v9G64MCgYA6+YjgGIBId9loZWUPqxMo2Krw2/zMB63M79VM -7uLUjIVpbGqOmIwfncu2aUdRIOtE41sK2orXtiLlrsRAkUxEcfpr0ggsOfNSroCZ -amnwYNTHMTqooMMKLP2ruy69noz9jMpdInF55N5XCLNuIAkaWH7FhJx8DdgkDlAj -JtaEAQKBgDrtbLhP8+4+N9QVH+KGl/mBR8mEKKkQ1nboovsvu+HAjhUey7LYgZUW -HVY3HPqYlpHDDHWBd2w3yhHpR9zL0153LugPkNdm55463B+TwUK+MQmPc/elmrxk -NpXRGwsDfVnT8N7uTkamjhpBTFUN2FpRojgin+kEMYuEqUQggHfM ------END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/authn-https-ca.crt b/apps/emqx_authn/test/data/certs/authn-https-ca.crt deleted file mode 100644 index 77275c6ac..000000000 --- a/apps/emqx_authn/test/data/certs/authn-https-ca.crt +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE5DCCAswCCQDNMAIDrjBuwjANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF -TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy -MjgwODM5MTBaFw00OTA1MTUwODM5MTBaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe -MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEAnHeqS5uHMKn8qbvcBDAnZJa8iGyp7w2eRax2SjjczoQg -SYhV2qEYnDKxh0GkxeinUImYMvhWDQiEfonJSem7gW0xLBt1z8QdJgI9XyYkHKOC -NaEzhd3mER/TR0FiFj4rp7WqK0ZvqHGpDrXFCiUG7cAR6VkqJcjlQm+DSlJzHgvM -mNNlBdwUpO6dkVpVTP/v86AhC5rLgx1WV9lart8iKH2EDpGNpRB6lSqkI6OpGiYK -ddS3jOYctp1RqZey3IoPqF5xcEdD/nuxX31tvdUnkh1X2Fyiw7aXm9ec0X5vuUk8 -EHeIEI4AYAdIBfo72wpdWcf1KKxS1HpOYRZOXQAXICZ8Nts2P6w4nExcxfdhyqjX -ht+D2aE78gltEt8MiPmtPRi2y6qeeiQ3A37WDxAgy9BRtQbINTMW1vTMToH9x7wT -1LGbLVzXZ+e5vcKJvm8FRWAYIrRW0AYNhVvzPcOqa1Rr0oas3UVieLxksW9aScya -K14UE06s3PAgcasWMdUK4yyrrBpzXKNTxwZfNk2NQOvVlV4fVmzYDb/16EKMhT+W -BU9eDD4JHyFYXUK7J/NLjYuPKR21XqgvV2yjAWR9zf4GnAsUTQHba6E87GdclREF -U0fnqtX1FrXe7sLVU6xJvZg/f1Us2RhfdpP2XIPS3E8JYOGUGTkI+RHPFQKrWOsC -AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAAuY/4cYUrzhbZYOXu12bubOFEuweqCyK -oX2ehpH7MEwTAOsiwzWo/qaeNahSAYtlntAp2Fut5s9fwLRATrF57CjAGDfIG1J6 -gINKHUQTfTshSLqUIcN96JMQGJaE8e/6198shOq4DR7bOBVqOwq7yGbBTrkHNDu0 -FHUeygnV2Ik54rcCsSA4bLeEg3X7ZMmakRGY8lD2R+vnfyxlY2WFSlbOL+MJStca -rE1v444dgMVAFyfLDgf1gr+pbCQthOcPtRUD2KAK8A9Ls7IyKn8ShonMQKrYLixu -FNPv8az5OefRTHdWG2KKFamFQhNYwVJwxM++0XkUUVlc7brtJ9AOr/H5bJhAR9LA -qc9sueIOg2kEadEvMnE3GMy9dIA5WYTZmXv7PH3j5D2+C6mZnTMo/75l9OPLSj/r -ddzCzkgu76hsKPKVjTqNyYJDeaTJhZ0OR+PWzB5/VUD4rIZ3cavgFVJTGk5I7SPy -PQvqjBCj1A0frCTnlavSmbItyJzaQrnzLKihvehW3vOJ8KcBWs4cILLK7f8wR1zj -qsatv//6z17kGrTzivi8o1epA7F43eHlXCG7wXJq82ls6Lix79Ek95zXwYz2RKJ1 -ZGdwttGD+mh0Jh1U3OR97DD4N821xYlY29oVEI27OmKm4zv3z4S2dZqEYrk6yQ7+ -OMemQ8o1DIk= ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/authn-https-ca.key b/apps/emqx_authn/test/data/certs/authn-https-ca.key deleted file mode 100644 index eb340db45..000000000 --- a/apps/emqx_authn/test/data/certs/authn-https-ca.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJJwIBAAKCAgEAnHeqS5uHMKn8qbvcBDAnZJa8iGyp7w2eRax2SjjczoQgSYhV -2qEYnDKxh0GkxeinUImYMvhWDQiEfonJSem7gW0xLBt1z8QdJgI9XyYkHKOCNaEz -hd3mER/TR0FiFj4rp7WqK0ZvqHGpDrXFCiUG7cAR6VkqJcjlQm+DSlJzHgvMmNNl -BdwUpO6dkVpVTP/v86AhC5rLgx1WV9lart8iKH2EDpGNpRB6lSqkI6OpGiYKddS3 -jOYctp1RqZey3IoPqF5xcEdD/nuxX31tvdUnkh1X2Fyiw7aXm9ec0X5vuUk8EHeI -EI4AYAdIBfo72wpdWcf1KKxS1HpOYRZOXQAXICZ8Nts2P6w4nExcxfdhyqjXht+D -2aE78gltEt8MiPmtPRi2y6qeeiQ3A37WDxAgy9BRtQbINTMW1vTMToH9x7wT1LGb -LVzXZ+e5vcKJvm8FRWAYIrRW0AYNhVvzPcOqa1Rr0oas3UVieLxksW9aScyaK14U -E06s3PAgcasWMdUK4yyrrBpzXKNTxwZfNk2NQOvVlV4fVmzYDb/16EKMhT+WBU9e -DD4JHyFYXUK7J/NLjYuPKR21XqgvV2yjAWR9zf4GnAsUTQHba6E87GdclREFU0fn -qtX1FrXe7sLVU6xJvZg/f1Us2RhfdpP2XIPS3E8JYOGUGTkI+RHPFQKrWOsCAwEA -AQKCAgAwr2tlqzcdhUcA6VtEUldvjReMu4MExxAATfFgluDdwW7qcmmEZavqrjtf -AqXqjsHA5Y9eDLd5xrSzStw/C2M0mm06dDDsPPF06i1+dbe20YmqdkY52RnFKknr -WgTTNvUOchBI9tm3Z+ZalWSCC5NkVuc73Gqo5yGu0lPfxFfdeX5n7x73+8rQpw6Q -M7NnChv3ilO98KRyX6aGHzOARh2yy5tTjSatvbrmvyXjkQEFCeEnWNDkHpXAnKLU -Skd1J+BHW1ugvAwEGyjNtZF4B+MQK+ExiWF71EzISQaaiOTqmkb+OLM1s3maZ6mZ -cos9VLRHQ1idF0GOq5/HxdEMTwLimYhtbEzRllJRbLK6yGS0R4S3sL1URmhfXLwq -OsRA4wouoi/HVmPzku6jOrMqJZ1vc6VpfDHYagE1QFJevx/9uz1V4vc4KnZ63gwP -fTADgxzhH+Be3jDHUg5cdlhKQQ1d0X8sooYyS8DC+0zwOFXBok5Dkp2lDbcjaZBe -IMcF8034F/zsW5C7Mpul6Y22n/2mA6iWU5VQmu17y9revnW41sZKHqIB3dMk/7xq -DkjSVHZ9YnrH6UBSTvWVBo/4j1E//nYqMKCRHeuekQUuvBs+D0IU9hsUaGp93Qiy -7hYpTc10jzW8onSPQDb/8F6LYasKEdgZefvi0144dkPHqpdtgQKCAQEAylWuyy/6 -IEeBfOfmjassLb31T/aX5L6upTI2/UsjgdEflZqEOAP7O/l8Ti8xsoCViEUZxw4A -wr085aEZOfZ2gzJeSjqPsq3Xg9a42YisSWDbjFNc/ZhoU/zHacXBm8tduoD4XEjx -Bqijzmy6l7Va7jsk3oquFN8ISGCQfkArBtBj9DJ9liqiGditBk9c9n9uWrVHO8+g -525QGmG3aYr58Ym/Yy1AhaPzg8c+FxK75w+PPBBywW5f7bNmOITqN0zBUIORkjPD -Uz7AyR0XGuD3hN0ZHTm4psVtXgKN+UFDur3K/xIEu0VKIMpbPXLQOqtE6t7YO+vW -Q+uZdsddjGECeQKCAQEAxfekoFEE7gOwEGIy7sqljvkJ6N9yf8UzQiOsFwDSvyCw -Y36VGq9CqYsVlc55bTKtlJ4RPF8OOf8Fmiu40/IQtF99biSEvI7u1uT1U96dNJoE -B8X+Rl2FFh/TR2Jnpp7kPNroNGXe9q2YUX9NP2pbVXv57uZmMBwnM4C2Rsh7+t8P -xGl1t3C3SAOU3Pc9szJN4WN4D+L9U5982gVYMzzocurRde5Nx//mYcrY71zjy9jx -2EfYwgL1TALFkHOrUm3RumPmIZFGgyqFUzTTk0MlTK7ApGbozOCkurQbALOa/dCc -+NwueL9DlWHigGmwo6nN3UJlEXQTw5a/QrKToOJ9gwKCAQBZQT7gJwPhpWl7nhjY -OcA9VWSXp6INqAgGm4Yiajj5lTSnnAfjZe434LBzFOKJaauM916NrqGrRitM6Knm -JdDVwyxQ9lBZc9J0OA5G98F4hR+UYVnODKNJGWMmR7RGc4mfMjFdFFgupcnMz63o -Kno4SSLUgLyWPGS8+MwExW21jcvp9zPrQFdNq4V4GR5bJo+ZuAn6WncSYFk5qg1s -o3/qiudAar/htBdB9GxxZTQ6k2SODHty1KvAgbkACbIAPv2v9LoMkoUBfdcxYIHG -u6K0m4vuln3cI49BP0M9xwqHoB2iM2Ke8cvndxyUmMc+ejrmmPMuS7SzNYT3Hq8n -s8uRAoIBAD74LIdJ/hVvWtt7QNQv5UV69an7GUKHCWzqR9zxSBe/YBvlsavRP5UK -Ro1mJb2UNx5kwPrBCZdtBO0rJxlTj/ivvwf/2bDYjiQQo/BPiRWoP8vxMJZVPPXy -nZPBO1MGi3bH8sBn/uncAe06Xuni/LZOPwu8gZif++An+tK9BqKfvTYujWESG1pu -uTUn95o+UAN3TkNPYmDtBBudQ5bYst+KzaGDcX5CaZeFnEdW9qZqlVLEV7AunLPW -1dzCziXkBKgTCqp2uUUTi2ESFpJq8zxXAbPJgBdbBUrV6xjoCE7fwm5uKuIBhI/J -mPBbrfIBGxhb/CX3FCpMkv22K7srD90CggEAcb259RSKHEBjojsJo1PvS8zNj4cm -G3si7UixKFU0z5zzNRyGYEgQ6s/vEBGPUBJc1pVPhINQ5ufNxwOAfdWb0mGS9c8T -uI+BmkWH1115d8hV3o7YiE+iIEszSPyQBtsDkVGH5A7xVzjgNot+fnmvcQo/b+ua -0B9f3JKpwX52JFB0GsskeGw5NMmoqTD9Gmk7g1rKaw3R2T5GYFcsj0zGswyTh4sj -dlto52H9DfhGKHIhyKC3tMvrLdnFvB4XGZIy46TjmS1cXGCFF6KCUHVhuj6wo67X -k6X8unKQ2sHp9nOPCrrL6pXn/tSdk4+TG3CkeE+feiXYk8XDozUGZPJvSA== ------END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/authn-https-client.crt b/apps/emqx_authn/test/data/certs/authn-https-client.crt deleted file mode 100644 index 1564fc61b..000000000 --- a/apps/emqx_authn/test/data/certs/authn-https-client.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID/jCCAeagAwIBAgIJANRNg7GwqxjwMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyODA4MzkxMFoXDTQ5MDUxNTA4MzkxMFowJTESMBAGA1UECgwJRU1RWCBU -ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDieKJGbZGACvdwI5TbpesvudLx+lxW6cp0hsCR+SERzOE8vx0Jrca6oP+y -WIclYhPv1LLq2/FAvaF+WBYhvSAg7fqx3U8XJpH8pEV4NxV0cbSj4i16XJ09bc1Q -kNPO3Lsh1S06TGY9d7vTO64BLPi5ImGA972pcjoESxybG8zYfQnfXsdQ6bFPjWUa -AnbwxnGWJQQzGTgZgUIJox0Oo3APh4wV1JLTMKlfMekmdImiXHp6r4kh+7C15Bmg -NnF9qEZRKeU09hqIa0SDtUg9rmrLeUCLbaVKUoa6kBkLFUTUGh8VHHhwMHTgrsn7 -UJm0OwvDLH9vcYF/78IS38P/SpyVAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg -hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAJWJ/KLWZAxCm4pLDnaz -z6HdrBGbRwZMt9CtJCvTy8m+kiW7gu0LzUuIOwyjqPVwTAAWWyYhLZ5PxJiahUh6 -dEt4AN5z03O8HIQ1uScSHCNkAeg2xeGw4GsM7bUmLWD1Kv2+N6DzTDzBebyoh9qV -Ke14AOu1jcIF6nUPJjW5bt4sm1LbkdpgTaChIMl3/aX9DE081g7p7XTQkCtajTgn -LINgPwGl9oQnuYypc7vks4YHiqKD0BXl05jyImfhO7N3LiT43tBLlJ0iRnxa7B6V -VFhj3Zj36qPqj74gxpS1P8q/4MealGGejfBUe3Q6j29gh8YfV/ACip3lB5IrWiHG -IbRbGpv0KnYzv9WggXiXEiMQosl2hSebSxP5zN7wcBATSaiLwSZvs7TOA2vqiwYZ -uAx+eC8XdQjp294RXiHnV6TCb/PYPc4PQJpt8AZElhXi+GuaDhAjf9MOlJiw7UJF -6BMiMp4vYiPoqYezIqjBe2qal23SIubncP7/P/a0b/7CW8frZ8wha56f0o6vPTeV -09VvEMXG+b/mAs4qV1xBjwr16xuR/8kZk9mZjJy5046bsnh9oF0hctyQhPQeKptm -UHgJroJgSm92jL2D4r4Y+2N/2aw3J0EzZ0AN/XytTRYmqhsnC98lvbw4sE2VtT4M -sTHEF6TomqSoTBZ5B/Wwyi2G ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/authn-https-client.key b/apps/emqx_authn/test/data/certs/authn-https-client.key deleted file mode 100644 index a95274d5a..000000000 --- a/apps/emqx_authn/test/data/certs/authn-https-client.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA4niiRm2RgAr3cCOU26XrL7nS8fpcVunKdIbAkfkhEczhPL8d -Ca3GuqD/sliHJWIT79Sy6tvxQL2hflgWIb0gIO36sd1PFyaR/KRFeDcVdHG0o+It -elydPW3NUJDTzty7IdUtOkxmPXe70zuuASz4uSJhgPe9qXI6BEscmxvM2H0J317H -UOmxT41lGgJ28MZxliUEMxk4GYFCCaMdDqNwD4eMFdSS0zCpXzHpJnSJolx6eq+J -IfuwteQZoDZxfahGUSnlNPYaiGtEg7VIPa5qy3lAi22lSlKGupAZCxVE1BofFRx4 -cDB04K7J+1CZtDsLwyx/b3GBf+/CEt/D/0qclQIDAQABAoIBABMocVHT4wMZ6mSq -HeWW25Zl+dpOe5E+pcnFvHScxpdi5Yrl/+bZtH4FMJw9sPEQou8e5yPHB1masRan -DPg9r4IZn6N8PTyQHrlojBfnUQFQvR8/+ujm/MY9i6jNF53gPlRWXEUaQWvhvRnZ -apbe3wuKRQVL79dtukqyr/DPIT0O7hEvqS3HpxoFYq3MkgWNMErOGznWGnLczZWO -+7swsuMmKoPDV6FEz17DiBx3vCKZRVQB9Dx2cTm4A2DkfEms2aIXzObV5AyAZxcG -6krPcRV6KTE9oFmEQwZNLnwWXsBWYVGOmgN+IeDq/jHfkAaBU21GrnlFgcPWNuNS -EN2UtQECgYEA87NJv5ZqpIdw/kuyV3KpkL1btP/UF8lmRJfLDreKkJq8TiY2/DmF -vOjq9gg/19Obve09utT3w0GPzDmATn2C+STGO5aQHJb2UPRerLfJzizAKph6yMKh -rypk0prdNJTqhOFC8M3aS54x5k7OmT6wrVKA1rJQ3RRNz94xrrGD0PkCgYEA7ea9 -AHVg5wZVcV8n3aPUNFVZ1saaQv4hnmXP3pYPuffin17oDVY69qPzJVuI5E8Or2Em -EN4Rs9G7gFZ2uor9nzsZdTnKVn2gYDE7NdslcqZUqwhtzQ3xR2Ai7VozIUyd+p77 -WbsUhyIf1uOnOW/v3fNX/+vbysbgnqYLWakh630CgYBBe6mTa42YTDSWgCyZxtu9 -YsRjrGKHSbzLLaaIe9Ul6g4zSZ14xNQk4MlR9wGAswGkVT1DGLrCorlK/SB29s7c -t370wA5VQFNLiX5vFquJVQkF6RcFHxdnBBM3bBmIaYNi1Uyxe/7uVsG9yutEzk2X -JRYtmpiT70LBWkkrUdPDsQKBgFtZh2d+qufrAbIX1MoBl4FE6MtU1XU1+hjFhW01 -9/Hz4lxJ6Bb+7oM4bywAGu93/+6OAjzl2KxQs4vTJ6H3ru2OlvbxauWNNaDaJp9G -d/mvLsHB6c+cM/KxUpgLU6jMr7jFhURuVrKRAuLT5aljdxqlzzuhCHOzrBqfLaqP -DExNAoGAXzFQJyfqX46cgpbzW+J2Y5EN422w0zes87AtO9HjysexMbGRy+ZVOQ+b -Q7MAieMh8r2g1fMhzYIGwiQqb9xLS00aAXxSp65ngqnPQe7TSBc3IkT42bwuF5Qd -D4ygVfuDH6EcPs4ZWXPpuzWw93K6BxKJvLQFuBmm72DirCf2NyQ= ------END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/authn-https-server.crt b/apps/emqx_authn/test/data/certs/authn-https-server.crt deleted file mode 100644 index a3507cfbb..000000000 --- a/apps/emqx_authn/test/data/certs/authn-https-server.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEAzCCAeugAwIBAgIJANRNg7GwqxjvMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyODA4MzkxMFoXDTQ5MDUxNTA4MzkxMFowKjESMBAGA1UECgwJRU1RWCBU -ZXN0MRQwEgYDVQQDDAthdXRobi1odHRwczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL5kOgBV1lOMZYPwhrDiOwwLoo+WdepKhubQ8isCiOsSZ7ubwzIh -gNjFZ+Q/dR78wHkuJpQTKukv1srl1PNlcHBs+4AUi6YwwsFq9pLiSv7+bsXTPCnF -rDfQpILKXilLFIrZB9aBFywlDOHdoiNSKveO9ihZSgRz71HLh2OVYt+ToNF35pZp -pPKM0WKQnOZDu+P505hzQ1aar6oUJKChEdV5OOQVmGz9pMjdHvjy5C9VS2xnIS2H -TOAot1FM66jwr4UgtD3QHnIBH/vAzeICS6Xf2FSuZjmeDOvtxCXbA5H7iWEsxGj3 -1yBJB3U72qLz/QSm101N+EKRg+jPi40O4Z8CAwEAAaMiMCAwCwYDVR0PBAQDAgWg -MBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQsFAAOCAgEAlUSYcgkJ0zTq -knAvCRwaHcNjPU1ZQryrp2oqiDLOzMJFMPJ144jcXhrY0UiG9kdxeMP6PjZw+JK9 -6KxMtgy8dE7mJQnnx8Ino5WYHncyzL6FPv1CJA153xHIepVrX58Amys2kauw4jga -vVzH6o4cyOvnWPx9iFNHrXIvWydxNF9iqejlN7HSSNDqz/kK3Ltzw0Hp5BN8vcwd -hFyDOxgJKKEY159TPjs9HTvUrOKx7Fmlc6D1kGyzOH2rEajGm6oLJZtB/2avPAT1 -8x3PAO+2PqmbwT5rW4koDKVNvDGrZ6YTK43GIx6o6B5Mlb8lxXFSpgkgPy85wx6C -D7E4bYoZbhY7WCqTSUIe4LpJq0iW4lx3oXV3WEPSBaaWwH34VtvSbASAhu1HYbZP -rTae8xXY/HaKH5YE71+AqkQ+IQ4760yWgxdiifT/4dIiWG0RFRdP6InPWpBGXIPg -rzETeEV1mIbO97xX93z4PNpi6UgAhwVTSrLYI+yKj8hfqx8GhBI2QBnW7t7W4gfa -NxwB64JfCZOWOob/dWwq+70zOIiLUquUVEYkjyGP/FVbh7W0h5tcEsSnc0igc6wF -FhQaI8NGOt53ScN2Lqxl8KboIQIHG3YOqrTaviSNNCQ5TOIMgZ5B43IuxLxT65yC -mfg8VCXY3BXCvqrKp+UyYQAD8ZzH5wU= ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/authn-https-server.key b/apps/emqx_authn/test/data/certs/authn-https-server.key deleted file mode 100644 index fcd49b958..000000000 --- a/apps/emqx_authn/test/data/certs/authn-https-server.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAvmQ6AFXWU4xlg/CGsOI7DAuij5Z16kqG5tDyKwKI6xJnu5vD -MiGA2MVn5D91HvzAeS4mlBMq6S/WyuXU82VwcGz7gBSLpjDCwWr2kuJK/v5uxdM8 -KcWsN9CkgspeKUsUitkH1oEXLCUM4d2iI1Iq9472KFlKBHPvUcuHY5Vi35Og0Xfm -lmmk8ozRYpCc5kO74/nTmHNDVpqvqhQkoKER1Xk45BWYbP2kyN0e+PLkL1VLbGch -LYdM4Ci3UUzrqPCvhSC0PdAecgEf+8DN4gJLpd/YVK5mOZ4M6+3EJdsDkfuJYSzE -aPfXIEkHdTvaovP9BKbXTU34QpGD6M+LjQ7hnwIDAQABAoIBADOTAOdAWVuuh31T -NZlK30XnDPUqg+ygnaR+62rdN+u9w53dluXIj5eo+fipe/eV7imlZ8vq2U/rppq1 -4ZbBXtEFpKdQaXfuc4Njj0HAzSIAGE+8ZerG4l0IRtgrK5CyBvGJ0wa3V2ic7L1u -hVJeGseO0X2imltUcHrO0HEYcX0wjvS4mbLO1tW7CHLSdYv+74ndF73uKjuS55lH -uu2oEv+Lyz4lC0g3CjS8JyU0fjwmspwCk9R0Fui7s0OmDJLNTLwmCgRj/6i666za -EKRIRrMT6jg93sFfKcgcl89qK7JVJofn1zD4T78cAlYODW0sdHp2C4DXScRVz/bp -Xeq6hBECgYEA+c8cYS73rmyx6CphkR7W0HAeb2M1iq+EIge59zjhQK8vuSYl+A3Z -V3AsnwEflj9y9yH+tdxHHLA7nBM2s3VTqQcHzf7Kl5bJnmiy67N4G2439ICdinF4 -LpZi8MC03DsO8Ll0xIex2zZ7MWQSpRN5S3geOWL7aWdOzij+3LOHkLcCgYEAwxwl -pD4nFaXMK8yVE8o+rmLnft7SoqMQGuBam2G8bukxMJOUf+w1f848poljGGZ9iUY5 -LmgM0ZCpbtSvj0W2YfA4nwiV4rsNOHfCv2jxP8HVssTZ8mOZBnJn6nPmrL89zD/c -Hte4UziORBdp578ROt9tYLfTiXu0ZMjO++Fo/lkCgYAQl6oZ5mW7JysV8aKzYeoA -xEGxQlSvFoNfQ0Yd3qBPjJNN5/PDqx/Rh/jewtNXRnWbZp2ldLEgfbAn6LrMZrGc -24OwMglA0lon9GpV74C9ya9bxSMxq+HArmp59ULOEfonERppZ13v4omCOVRntIhs -89iGFUX/tUXtuZlcDWymtwKBgBqoK9Rm0Xw5rM2HJA8SIMI+rRY+Z1TlJnwljvuP -vOkCX0Adybo4kY6mpM60Ep/w0NICkClw+d9f/mYwFNRkV+jFo1bHG4NgvwuqASeZ -tOxbFVFZZ9WgGfYxh1UXBLsxXcYcK3zjSEHGhllzQXryNe5vPEhslTBBgIIMlYsA -XxHxAoGAX8UAWut6owblPbB3E4k6JFxRDOvbYIvKFEuAfpRbmna8af5jGUUxuOAp -q09fQHnrkJpjaSMIym0oiHyLe13+NPRQs+jeHH3hzAM44DFlh/fpE77Yd9ZFRqXq -IiCv5uA7sl+0WlQCmZFLvPFwZ3XAm9lDO+3IbMYBNpgLTt2+QQc= ------END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/ca.crt b/apps/emqx_authn/test/data/certs/ca.crt new file mode 100644 index 000000000..8a9dafccd --- /dev/null +++ b/apps/emqx_authn/test/data/certs/ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQCF3o0gIdaNDjANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MzAwODQxMTFaFw00OTA1MTcwODQxMTFaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAqmqSrxyH16j63QhqGLT1UO8I+m6BM3HfnJQM8laQdtJ0 +WgHqCh0/OphH3S7v4SfF4fNJDEJWMWuuzJzU9cTqHPLzhvo3+ZHcMIENgtY2p2Cf +7AQjEqFViEDyv2ZWNEe76BJeShntdY5NZr4gIPar99YGG/Ln8YekspleV+DU38rE +EX9WzhgBr02NN9z4NzIxeB+jdvPnxcXs3WpUxzfnUjOQf/T1tManvSdRbFmKMbxl +A8NLYK3oAYm8EbljWUINUNN6loqYhbigKv8bvo5S4xvRqmX86XB7sc0SApngtNcg +O0EKn8z/KVPDskE+8lMfGMiU2e2Tzw6Rph57mQPOPtIp5hPiKRik7ST9n0p6piXW +zRLplJEzSjf40I1u+VHmpXlWI/Fs8b1UkDSMiMVJf0LyWb4ziBSZOY2LtZzWHbWj +LbNgxQcwSS29tKgUwfEFmFcm+iOM59cPfkl2IgqVLh5h4zmKJJbfQKSaYb5fcKRf +50b1qsN40VbR3Pk/0lJ0/WqgF6kZCExmT1qzD5HJES/5grjjKA4zIxmHOVU86xOF +ouWvtilVR4PGkzmkFvwK5yRhBUoGH/A9BurhqOc0QCGay1kqHQFA6se4JJS+9KOS +x8Rn1Nm6Pi7sd6Le3cKmHTlyl5a/ofKqTCX2Qh+v/7y62V1V1wnoh3ipRjdPTnMC +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEARCqaocvlMFUQjtFtepO2vyG1krn11xJ0 +e7md26i+g8SxCCYqQ9IqGmQBg0Im8fyNDKRN/LZoj5+A4U4XkG1yya91ZIrPpWyF +KUiRAItchNj3g1kHmI2ckl1N//6Kpx3DPaS7qXZaN3LTExf6Ph+StE1FnS0wVF+s +tsNIf6EaQ+ZewW3pjdlLeAws3jvWKUkROc408Ngvx74zbbKo/zAC4tz8oH9ZcpsT +WD8enVVEeUQKI6ItcpZ9HgTI9TFWgfZ1vYwvkoRwNIeabYI62JKmLEo2vGfGwWKr +c+GjnJ/tlVI2DpPljfWOnQ037/7yyJI/zo65+HPRmGRD6MuW/BdPDYOvOZUTcQKh +kANi5THSbJJgZcG3jb1NLebaUQ1H0zgVjn0g3KhUV+NJQYk8RQ7rHtB+MySqTKlM +kRkRjfTfR0Ykxpks7Mjvsb6NcZENf08ZFPd45+e/ptsxpiKu4e4W4bV7NZDvNKf9 +0/aD3oGYNMiP7s+KJ1lRSAjnBuG21Yk8FpzG+yr8wvJhV8aFgNQ5wIH86SuUTmN0 +5bVzFEIcUejIwvGoQEctNHBlOwHrb7zmB6OwyZeMapdXBQ+9UDhYg8ehDqdDOdfn +wsBcnjD2MwNhlE1hjL+tZWLNwSHiD6xx3LvNoXZu2HK8Cp3SOrkE69cFghYMIZZb +T+fp6tNL6LE= +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/client.crt b/apps/emqx_authn/test/data/certs/client.crt new file mode 100644 index 000000000..a198faf61 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAeagAwIBAgIJAKTICmq1Lg6dMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIzMDA4NDExMloXDTQ5MDUxNzA4NDExMlowJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDzrujfx6XZTH0MWqLO6kNAeHndUZ+OGaURXvxKMPMF5dA40lxNG6cEzzlq +0Rm61adlv8tF4kRJrs6EnRjEVoMImrdh07vGFdOTYqP01LjiBhErAzyRtSn2X8FT +Te8ExoCRs3x61SPebGY2hOvFxuO6YDPVOSDvbbxvRgqIlM1ZXC8dOvPSSGZ+P8hV +56EPayRthfu1FVptnkW9CyZCRI0gg95Hv8RC7bGG+tuWpkN9ZrRvohhgGR1+bDUi +BNBpncEsSh+UgWaj8KRN8D16H6m/Im6ty467j0at49FvPx5nACL48/ghtYvzgKLc +uKHtokKUuuzebDK/hQxN3mUSAJStAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAIlVyPhOpkz3MNzQmjX7 +xgJ3vGPK5uK11n/wfjRwe2qXwZbrI2sYLVtTpUgvLDuP0gB73Vwfu7xAMdue6TRm +CKr9z0lkQsVBtgoqzZCjd4PYLfHm4EhsOMi98OGKU5uOGD4g3yLwQWXHhbYtiZMO +Jsj0hebYveYJt/BYTd1syGQcIcYCyVExWvSWjidfpAqjT6EF7whdubaFtuF2kaGF +IO9yn9rWtXB5yK99uCguEmKhx3fAQxomzqweTu3WRvy9axsUH3WAUW9a4DIBSz2+ +ZSJNheFn5GktgggygJUGYqpSZHooUJW0UBs/8vX6AP+8MtINmqOGZUawmNwLWLOq +wHyVt2YGD5TXjzzsWNSQ4mqXxM6AXniZVZK0yYNjA4ATikX1AtwunyWBR4IjyE/D +FxYPORdZCOtywRFE1R5KLTUq/C8BNGCkYnoO78DJBO+pT0oagkQGQb0CnmC6C1db +4lWzA9K0i4B0PyooZA+gp+5FFgaLuX1DkyeaY1J204QhHR1z/Vcyl5dpqR9hqnYP +t8raLk9ogMDKqKA9iG0wc3CBNckD4sjVWAEeovXhElG55fD21wwhF+AnDCvX8iVK +cBfKV6z6uxfKjGIxc2I643I5DiIn+V3DnPxYyY74Ln1lWFYmt5JREhAxPu42zq74 +e6+eIMYFszB+5gKgt6pa6ZNI +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/client.key b/apps/emqx_authn/test/data/certs/client.key new file mode 100644 index 000000000..2f0af5d41 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA867o38el2Ux9DFqizupDQHh53VGfjhmlEV78SjDzBeXQONJc +TRunBM85atEZutWnZb/LReJESa7OhJ0YxFaDCJq3YdO7xhXTk2Kj9NS44gYRKwM8 +kbUp9l/BU03vBMaAkbN8etUj3mxmNoTrxcbjumAz1Tkg7228b0YKiJTNWVwvHTrz +0khmfj/IVeehD2skbYX7tRVabZ5FvQsmQkSNIIPeR7/EQu2xhvrblqZDfWa0b6IY +YBkdfmw1IgTQaZ3BLEoflIFmo/CkTfA9eh+pvyJurcuOu49GrePRbz8eZwAi+PP4 +IbWL84Ci3Lih7aJClLrs3mwyv4UMTd5lEgCUrQIDAQABAoIBAQDwEbBgznrIwn8r +jZt5x/brbAV7Ea/kOcWSgIaCvQifFdJ2OGAwov5/UXwajNgRZe2d4z7qoUhvYuUY +ZwCAZU6ASpRBr2v9cYFYYURvrqZaHmoJew3P6q/lhl6aqFvC06DUagRHqvXEafyk +13zEAvZVpfNKrBaTawPKiDFWb2qDDc9D6hC07EuJ/DNeehiHvzHrSZSDVV5Ut7Bw +YDm33XygheUPAlHfeCnaixzcs3osiVyFEmVjxcIaM0ZS1NgcSaohSpJHMzvEaohX +e+v9vccraSVlw01AlvFwI2vHYUV8jT6HwglTPKKGOCzK/ace3wPdYSU9qLcqfuHn +EFhNc3tNAoGBAPugLMgbReJg2gpbIPUkYyoMMAAU7llFU1WvPWwXzo1a9EBjBACw +WfCZISNtANXR38zIYXzoH547uXi4YPks1Nne3sYuCDpvuX+iz7fIo4zHf1nFmxH7 +eE6GtQr2ubmuuipTc28S0wBMGT1/KybH0e2NKL6GaOkNDmAI0IbEMBrvAoGBAPfr +Y1QYLhPhan6m5g/5s+bQpKtHfNH9TNkk13HuYu72zNuY3qL2GC7oSadR8vTbRXZg +KQqfaO0IGRcdkSFTq/AEhSSqr2Ld5nPadMbKvSGrSCc1s8rFH97jRVQY56yhM7ti +IW4+6cE8ylCMbdYB6wuduK/GIgNpqoF4xs1i2XojAoGACacBUMPLEH4Kny8TupOk +wi4pgTdMVVxVcAoC3yyincWJbRbfRm99Y79cCBHcYFdmsGJXawU0gUtlN/5KqgRQ +PfNQtGV7p1I12XGTakdmDrZwai8sXao52TlNpJgGU9siBRGicfZU5cQFi9he/WPY +57XshDJ/v8DidkigRysrdT0CgYEA5iuO22tblC+KvK1dGOXeZWO+DhrfwuGlcFBp +CaimB2/w/8vsn2VVTG9yujo2E6hj1CQw1mDrfG0xRim4LTXOgpbfugwRqvuTUmo2 +Ur21XEX2RhjwpEfhcACWxB4fMUG0krrniMA2K6axupi1/KNpQi6bYe3UdFCs8Wld +QSAOAvsCgYBk/X5PmD44DvndE5FShM2w70YOoMr3Cgl5sdwAFUFE9yDuC14UhVxk +oxnYxwtVI9uVVirET+LczP9JEvcvxnN/Xg3tH/qm0WlIxmTxyYrFFIK9j0rqeu9z +blPu56OzNI2VMrR1GbOBLxQINLTIpaacjNJAlr8XOlegdUJsW/Jwqw== +-----END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/mongo-tls-ca.crt b/apps/emqx_authn/test/data/certs/mongo-tls-ca.crt deleted file mode 100644 index d4cd04759..000000000 --- a/apps/emqx_authn/test/data/certs/mongo-tls-ca.crt +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE5DCCAswCCQD8UL+glAaqCDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF -TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy -MjcwODIzNDhaFw00OTA1MTQwODIzNDhaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe -MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA5uzGSZYswJSGceegV78c29D0nGwD3xCE/DaHk5JYQ60R -SY1V+3ICoIrN80u3hj4IbDOjHEmzeoUeeorlhnTH7T42lY+GwnFp2hRqAsMuZfZD -dlLGjlIswf2THZ92aQwSRsHe9j2BTfGyMa9lP6D0D9Bq4Qadk0KM+irG6rETwPvA -CUxKDhPdIyp0hAmuYsZOENFZeuyVexqiOxh8exVRQIFCKfh7DTV4ziXpoNy1xqH/ -Gjg57DsX+J1hPraOvfZga/fpGwjMqzYCHMMtnnqrrV2IWBShdYET5swm9g2FmQES -oJ3ScFptcA27AhQSikK1kMrCvOVqWvzJDsr/x2Auv+aGxSOi+NGEf4qrGHQan99g -C82hbeGRBffuPKFxPqPuIFzVekRhcAjoNhwzxbYZnGmV+cTSvVk8RF0pB+uj8L2Y -OtBWuAxDl6p4/RPU8KIGO5jkka4eVsucnoqcXS2WnWbPewfAMOPDOhR8asFWCxE5 -snknoRlo8cRv9JN/8qsQLW8ibeZTTsw6fe2Kv0hyhpErQqw6QEbKn0bp+ZcGOw7O -tkjye9l1OwL3GIwNGrF1B2mLw6TUrAxHWZQgrjfFHQk+nsZtQDUi19rPvwK1Vk+Z -g6TSYJPbWZBcRzsZxuezn5sJ4XO56zwCXaP2gohsOVZPd6U+n5vtKhs6eLHJLU0C -AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAw2PK8Nr3lQyF9pipvahEkHSIz8TVeLue -lT8h6Hrkn1UcDHpECja/tPKLxYEVUoyMKeKR3K6AO5RmCgDObcZRkMdMmNYocvb5 -1BvGhlv3uk5rNUz+PW8F6cwVp+3RevBD5OSEkBzq6fuSyC0g8dk17IPKnfwNJCue -gkgsyEUgSHK8t3g/uE0Jdx//svTdnc7dmB43uU3o3tl+qhMwm7Zjr58gP1t7fMTD -Zu8Yq8en39lMDt1lv4LZG5JyEL5GQMr9B9ft5ZJpg6LGxRUmC7J8d+5Swux6MjcZ -pAG2/V0VJwrR+joT8BZqnj/pR2Mk+34Ul1DIF7iSS/P+Wwy4+oP3XaNmXPJPTX8Y -acVYYO2Q9o0B6zPQk5e2ECSMqQ2NW0+RJv2YJl77WoCWScYhixqOwWNrXu8CSeQ9 -99rZrwN9lDN3I/bXLqzjUlTwL49YDSy50GkVKC14mZNSIAegJqGv3SwmITRZRaYF -UNhdmLldCCZ686QkGGsiIWmKug0IxJxYtLQKpajHuBQKhyyRgfIq+CfdyjsxmVNE -1h1bmi7Hy30KAx4qGHXGhKbITAUvAOHDNs5G9R8vv6J/AjOPGeuy9mayHg3CIarx -z0p0b9dYMK9yL9dEC8KHfUSIh7ZoR6JENkdq0Uj/8AE4+NwzrNbFRMKNAGMjFi8K -UPcPKDe8WZQ= ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/mongo-tls-client.crt b/apps/emqx_authn/test/data/certs/mongo-tls-client.crt deleted file mode 100644 index 78a6adbf4..000000000 --- a/apps/emqx_authn/test/data/certs/mongo-tls-client.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID/jCCAeagAwIBAgIJAKyzto6kgv4EMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyNzA4MjM0OFoXDTQ5MDUxNDA4MjM0OFowJTESMBAGA1UECgwJRU1RWCBU -ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCzgIQamGaqpP+SzwmEYtNL8koAUs0XNw6ohJ4s1lopkqOY2fnbWKO6JOSv -RPPStRiRklsPNno59cKfoN8j+Psfne6nkQbq1fbsZRzYGX3LdQVsD4QMEC4X63oJ -neEQ7hsEFaYW0bpkppVF300E23VT7CEDkEYBWhbXCTsdbQltffSG10ZT9XVHbqTL -cTmQzicn6TWQ8jH++VoY1q76OBd98gHcV6BocR61oXyjyArkUlGDsj3s5Xfsbfay -fagy6Q4cEBOrqWQvSqnenAll6IhEZ2KPDiXZWDPWMyLpLNO13ECp9+m7CMAo+15y -Zw/UUFeUyWlLtDXfV+GJzAA1Rv9vAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg -hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBALYlv9OxmYtj0BOdQrM5 -oIhivrA/bl8/Kzn4Bioqth8iWtpgZcZK15NKCGiDEKCkm+cKXWkC9tQcQzHpVas2 -aAKeiXIkYiSj1NiNDMrv5XLKOeFrMDVLWUAJzfSEr3Jsci+Wf8dX/VoYhgkH247w -j8cI8x7Vhi6Iun4pbp+ltuVtfcVAfUPhdrIXiif+hCLDbxdgj6qQ4MHC/Zpx1i+7 -4NVX8BVHsigFzN09GfHs3n+Uiq2Lzd3FaHnXWx+rueycQyXI5655YUbPJdWPO8Pu -JX+++GlpY91ni/UTMPdgmcqzMQo8kxV9+16sU4PjLcSKsgpJ0pT2ZJ+OJgtiMrEO -IS41ht4yhpx3G3FXim5MzUTsGHV7rr8ZzZ6wN46QXjzWtsLX98nzI1Dlz2USlbbz -N0NjgdPROUZsRDwEinnb1D96Rfn79qnfJhGmCXd5QSvM4HGW5SqqzzyvE0nLRnDg -davqHzA0en3Rt1/INCjr/+3GM4qy5lCG1fz1iuv5lfTVahljkkxnzSXyPW2E+0nZ -05bq/fAEbkQaOBwPWGTNCc4InzaUU0XKtx4IcnprgF6846lNRE7aFHjAWqOjOnZj -secfrzXDRLNJ58+eZpdJvVsaRl22bRHKI0MDNk5VzDKp/rqw/8+2f+Y2LXNKOJEQ -KLXCWq2sh5ReRiyDSaK+IP1z ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/mongo-tls-client.key b/apps/emqx_authn/test/data/certs/mongo-tls-client.key deleted file mode 100644 index 4cf93eb49..000000000 --- a/apps/emqx_authn/test/data/certs/mongo-tls-client.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAs4CEGphmqqT/ks8JhGLTS/JKAFLNFzcOqISeLNZaKZKjmNn5 -21ijuiTkr0Tz0rUYkZJbDzZ6OfXCn6DfI/j7H53up5EG6tX27GUc2Bl9y3UFbA+E -DBAuF+t6CZ3hEO4bBBWmFtG6ZKaVRd9NBNt1U+whA5BGAVoW1wk7HW0JbX30htdG -U/V1R26ky3E5kM4nJ+k1kPIx/vlaGNau+jgXffIB3FegaHEetaF8o8gK5FJRg7I9 -7OV37G32sn2oMukOHBATq6lkL0qp3pwJZeiIRGdijw4l2Vgz1jMi6SzTtdxAqffp -uwjAKPtecmcP1FBXlMlpS7Q131fhicwANUb/bwIDAQABAoIBAQCL0JOVP5XgXwqu -6FLKakuYwU1AuT4EUh85xaqK1B+AeDazbT1/y6gj6m6x0mx0eBh98ti4nb9QfAuv -WJfWJi48b0CgBoezzRs7AHsaG6jvG+QwSlmZJ9UvTnxNF0tia4RhhxdKeOvNUC+/ -L/KG0QWva6I/a1YL4Yce0ZLZFcAdJouJpjv0Bqe0xgcK7rld2AqGY54YvUqeoSjA -Uv2mhCy4xoRtF2XXyjJ1R/JOlsN8mHZvae4teWipSUf91zzd7thLT7s5CPcd2gj+ -2CQps0HkwbvpEB9Y3sGW5pVwacY9fOZkZPiaCqQ0cWDCj0qh9xi1m0/yL2sUrbet -S08YBThhAoGBANxR3armXC9G2jomBSvEq3kVpjQbaZwgFTKgf9nCMVlrayD8J507 -cvuUNtgf9h7U3N4cPFZLU77wiM4b0P0Q1wxWcfkTssg/kFY9WHwXPUj+DGA4q+Oc -7PvxNOyaX61816n6mTIH9+IloRYCYA8Qfoa8furvkMc7xPK5MYI3phaxAoGBANCS -Z8X5VU/LXK+bgjVnJYqrG5cqKU8VpBSvwEXpv5BGmKU/39aRBsWUHgffyNMVffia -UNIvXXIZQhhKDKMAwJFCi7ilpz2+8kErndtXXinyLkrLg4BC6vANMTkOWQJMj4T1 -6fqPKEk2iF6iXhZWje9Ako+qBPHbB9sBbznV3kAfAoGAEDQlLXCLzx5S5nvtXW61 -fc5Nzv9FISpq5LJRNN7HamAwHNjuwO2iY0ZfUj3niBT3uY4yEdawbhaauS3qjPI0 -HsAs2bjNKVUjdHRGkbnT1A57Moh4e+EKvOzci5o+9y97XREFO1zCqmtCEbBTCEia -RaaPXxAHgd+veHqOXZliKcECgYBThl3ibVAZzWHHvWnugukI2C8LYUn7rrnvwtYn -6UzatTrJ6oN0RM3Gb+N62cZtqcyxsvKsyWUNnUnXukfHOzTitxiHEGeiFYakTJhB -z4IZIDAjqc52ndXB3jaZF8LTZd+Pqn9R5OSINTt1UmaFYZIjfuNyfu7OAB3sOW3W -ZmxDlwKBgQCbhkHL+tHi3oj1AASc5CSTMsY+DqqfS7VLWBhr6d6u/QrEMqKZWy2E -NeeKkK/ImzTU0HJOIsAg+H57fU6S9zBlhxGYHlAu09rYJNZ9Eo5VGYSatNaJVzvy -9/khjpL0Y5rnK0mWC2sNqGzJHVgGDWERYGs2W3hOYfRalTldY6yxkA== ------END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/mysql-tls-ca.crt b/apps/emqx_authn/test/data/certs/mysql-tls-ca.crt deleted file mode 100644 index f08b1a4ff..000000000 --- a/apps/emqx_authn/test/data/certs/mysql-tls-ca.crt +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE5DCCAswCCQD0VXUkrmHMVDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF -TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy -MjMxODIwNTJaFw00OTA1MTAxODIwNTJaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe -MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8 -dhF0mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwu -TXkv61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IW -qlmTuU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrj -mdTG0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwr -s5NQ5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4 -I1nTuo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGz -YcnKs8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjsh -uZBp5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfx -n9hSGGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij3 -1XpYIOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kC -AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAo18XKZw9xoknyRRcCyOBHwJWttE1gd4X -Sly6dzqokAa/elaSvVTl3adUytkcrDIo2A2+PMxqQIB8xnd8dX5yJQBuzrrLOlXl -36hQciNKuY6Y1rVzGD4lJ7I6epnX3BDP6rBTit/q0vPWVVII9EFf7vI1jtB3hB0s -0WWCG8Z/mup6cgw8P+IWO5U7WPnkrJur0Rxr/UkJFq4xNY8TuNxtNjbTqQUTkUHz -smPEQcjmtD+8d4lZusmrSr3FT6hh4bqjxcDUD9cZeWPuYMXQoHngzEVsHK4/wzjX -HH4l5NYTJ7ZEQ6pQJHMWB848IP70S+bvTpn0IEOuFvsSoFKMb/qOLPwmbVRFP2r7 -h7viDKM4L5vOr1INZhHl8LGc3NPShGNODRrAZcImw8ev2x0IMlSU23dfPmAqrThU -vIXVew6Lv9h0QlKZMePkfN4dGXC9X6EOYDzTQWG3CyXh6Cygfq0XS0wt9+gt36zr -7kKIfHRGnXPC7XDym/9GAzdMeUPIWYvIZyuxkFq0x7nQ31OB6jZgg0O+93L0LFXm -FyJpMSgG3b/iuYe+FutVzqJNk5Q4BN0NJz1b8B503ABaHaFp/0+C7knsnpPUGPVC -KNvKNYEzVBLV3TXix7Trex16zz6EwOc2rz4e8iDq9YQmUDuoqZazyQCpfubD3WkN -2U0l7v2i0qA= ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/mysql-tls-client.crt b/apps/emqx_authn/test/data/certs/mysql-tls-client.crt deleted file mode 100644 index 503c93a2d..000000000 --- a/apps/emqx_authn/test/data/certs/mysql-tls-client.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID/jCCAeagAwIBAgIJAOaPZ7X3df3GMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowJTESMBAGA1UECgwJRU1RWCBU -ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDew2lLBTl9Znioxi5HxbeuWBN0M16rC4Pw+lXsnQ+TTdQ0sBH5Egffk/if -lYrDob68BGKwX7O4unXgGvBxHttWaDyMlLExZM966VJAZf6wYTcvvqPJn9fbk1O9 -F2t2tS2fQvko3vi9vUeZCQLXKGSQGB4O/vTWK32DJMDH86wKtPyDCc5qs9/u5LQw -z1UXwYCFQDCYN9oIqjjqhBcxEY1m8yqlCowM70VMvSHgw7ObaWlw9WYtqK3uVg4o -MyDRMEgCj14TJjgqLOYwKYRXB75t+yv1Iqprb/2mUFi2Cpgfn1pAZ8dSRY9/MRfn -rrbMmwGhVS5P+Hk4KC81lZ+UBKiXAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg -hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAFVP355IX5FfDK/1iMUT -r6OhyDoVHxMBsf0+l/11aCNu55UBcBcFoTgAg+C9qPvGju1tDLIEHMnfiJzUOqUM -NPt6U2JkAbewNFAOAfCHpgG54aKh2Cly3jUiRZmEUWOv0A7LwBBGIvVAwZykWTrL -r+bsAkbK7j4YgqQj7LVefjzdOH4yOz4p5f+LAJEU3wFULl3Ob2et8ICatinqaFve -GKnNBbsYmgFv3L3EXM593NcujsDURzyrkrgpRr/MpWrZPqOOCtEEtMioHGeM95Hb -Z2zHK0IABHq1SA4xD8xw/0lgEQHpfbyJZksLTYP62z+ihD4Bqq/rF//IVtmsaMtB -FpcaUSgbFJtsWHYi7n3gNn6NHs8PY3gnF/RznXq6jl3Fzmd/fjKVliYUoce7O25G -P0N+gW8P52rYrg90y0mybFbAt05In6z+wuEZzhN8NcUVqNixB1gRreVMFVE74rWr -uHsiXHqFzKuE5WrAu/gh+cphXzdzV/WrNn0Sdi3D1F/hjiVv2Pqf47c507UBprs5 -4ik/HE3NGnHNln8hxuOdXnTXJVp2UcMEts4HSQ9DdnizXNLW2pX/TcidYWfGnouC -3LVbjSvsZiH+zY20t1ecQBKDdNKSJZCvbArrDbV/nz8bHwrhqEQ47zPjpa3roUyL -cAoHRdVL49vKck34UNhFlTLH ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/mysql-tls-client.key b/apps/emqx_authn/test/data/certs/mysql-tls-client.key deleted file mode 100644 index 33f53e72a..000000000 --- a/apps/emqx_authn/test/data/certs/mysql-tls-client.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA3sNpSwU5fWZ4qMYuR8W3rlgTdDNeqwuD8PpV7J0Pk03UNLAR -+RIH35P4n5WKw6G+vARisF+zuLp14BrwcR7bVmg8jJSxMWTPeulSQGX+sGE3L76j -yZ/X25NTvRdrdrUtn0L5KN74vb1HmQkC1yhkkBgeDv701it9gyTAx/OsCrT8gwnO -arPf7uS0MM9VF8GAhUAwmDfaCKo46oQXMRGNZvMqpQqMDO9FTL0h4MOzm2lpcPVm -Lait7lYOKDMg0TBIAo9eEyY4KizmMCmEVwe+bfsr9SKqa2/9plBYtgqYH59aQGfH -UkWPfzEX5662zJsBoVUuT/h5OCgvNZWflASolwIDAQABAoIBAEUULfuwpBJKC5Ky -2jkxi/NJpsa7A1lhWcoJp0mXrvPMB8lK7FfjioN/nHLIad6essoVRhFRrCbV06Xq -VLOPkQ7rhhNGLOiXTWvdHL+RoXhKvVVV9e6ZXdPejPIvaAjIyFwB5cgR1Orp3mEL -lVDpWr4AbJnT4FLl66cWZ53Z53jt8JrMZ/9v4yJNXf7aJH2HCHHAZAD30UmJIu7s -st2sY3A8MQFPLbnobTQHHcfhtjZiMYnuWcQOWjVVhK8bVHELPOY3hx0CcOwVp6rP -rGcwx6MJiAcI/HOSl/AYJ4u/f2DkqVtQpoZs1z7mGdL2TVOKRJ1R/u0DmjjauOjN -idk7/VkCgYEA/bfmTOJj9+7y1ymg6csXG04Qdy5jTjIJRQkCveSkpghM7i2jupHA -l0NOIWL+G8hTZ38IyPJxwJB33KlQCTp30duetwMdAQReSN33NjxFk9Z8PUX1bMym -tvgi9QxAvYlfureaGbOIeTgEwFEmvlB/SKX+vAGcSWPVwNAxLTZsHnUCgYEA4MQ/ -jGr55v1bLfVOGF4rEdQ62aGCY2LpTSohDPvd/o1ZeD5PypPBngvMOArL+nRXkt3v -Vr+XIu5kS9CJr/ov4+mwrt2hUd74JgaWbrf/xAhoyWqgRDODaLuapNOVVlFrnq2Z -EHoaa0unOaHxKTKcyPjV+89hTE3xShyAxKlt4VsCgYEAkYdlQt5sRu85PW80TEXg -eBn72dCyx0xuArobZ355bn6+WbO2ATLPDDRf4UidxqPOK0QzbseZtcFn7xryvIhb -5/SYAhN4FHhD+HnQ7bv+kMDrPF4fWwu76KFFs9cWX2EnlrrvWiSfeCBIoWMq3Ojh -SXNlPMOTuIjaN6FzQ6K+u20CgYEAgUaevmaxAXhrPw2+MynGX+TPTGkmk39KbIV0 -qQEcd9JYyV4diohdbkee2ATtuUm9LM3VYPGlPgQbT7fL2ZlufgnlA06aAHrcAxL6 -5weRZfDoRCC9uTxfspdkpLTFSfZejc+PH/j6xQeoUO+hw25G2xi0CrcGYVrbEyM9 -tN82Qc0CgYEA4KMo7HXZbGGhzXuzXyM8Pl9Ddy35K0nQpRjr4c8C4hsTx7iet1JE -Al9MfsVbxNgr2DrQA2e0dtXaGfQ3GKcAzzKczSgafEqS76EZGLsDgaHjKom8AJMA -9o8zpaPEQeesdwMjvcB+ZFm5LPCSmIWgprFNTuI3QCAymkDRtXn2YNg= ------END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/pgsql-tls-ca.crt b/apps/emqx_authn/test/data/certs/pgsql-tls-ca.crt deleted file mode 100644 index e0b066224..000000000 --- a/apps/emqx_authn/test/data/certs/pgsql-tls-ca.crt +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE5DCCAswCCQDo376AfE/3SzANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF -TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy -MjMwNjQwNTFaFw00OTA1MTAwNjQwNTFaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe -MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEAzfdsesQLefz8rQFMKWTSqfQrb9Tt9AXM8x56fCtlduV8 -LM83l8NAmf8CdwlcOMW0tw1igrjf7yezCOdr9ffIo9K+jQJBq4cxqF756hWLp/2J -poqqG7rJUwamky4lVXg/W6beaticxMku9Ve6uZqNekKvCZ15bb4OoWkFRfCrjCYV -SB5Q6mcrzYmXpdazbPhSba211boiCL/ltwq/9up3ejE6eRrJevlk+AFebEQXA0zG -JGeQ2kGXmqEnMUbUlYySINH24ghyMcel4kffPFbgrYXz8UtUtpKHkladk6awAQoh -JkwK8kRhsAKH/Gcom30zEMAq8M6k4DgOOvD4cwiKWFdZGWrP/r+BCij1I4M0jrAg -KnCEWWG6N7ZluAoxCvtgAFynRqQ+XB2V8VAiOpa0FuJJXe/c4+9w4OX6Yw/DqsJd -/R9l1PiOCtkOYIpv2fT/5t/n/tiH+46BgSCGYoCUq1Z8/PVXzN7iIdiyyK37CAXf -2V02jGC5JWGK7URItVEPrzLBOLW8+lqb7Qud98TW9qqdJBsx43si/1QWOISHUOkz -3SDYJGh0xka2IRhSSEAiJTGA0QbeQ44122VB+pP+0zytTAVpVdckvrMTfHI+zxhz -4pc6QbLNsr9kncvIw0cqIrzFnXtxWS6RPMRWgnydR7OoOMzcxcEtjN6XUjdpGT8C -AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAtReLK45ujUH/IAYPp9ikMPZb9MOcpH+g -VarcW0LnZvU1nK8YyCQpq2vnkKYuBeJQKzWdx/OuBz4tV5d/nXH/+LfMHyxHNgC9 -QZw12NWcZ9ghr9kPBr69fFmf6tWwNaHYmgQPdY56RfWO2jQXElNsbj4BuDic2jSf -uDm96z7i3YUxPt71VLwRviD5gHIMfO3O6FsfMBV3cv1hJq5EQUEj+hydC46tj6sl -9hZxJCkGlAvLFtzyUI6FO16CChgqX9C2F6anxEia3ATUyM6McCgplBBBKp+PCLWY -e1nkgsShFHOkp6EX5RnM0UQDrXjKrHie0KDar5CrSTImdWoaDQsVcMBeuXKtIIS2 -u4fWrSMWZb7O3MiVy8Srkhr00NMI0zWPnfXG+egGCXeog2MrpPE/1h+vvg43PJXU -+DXhJXtB4PS5s+dw2DRJLj8yGyG0ph3A2W9OG8XxZa8VHHPPBCu8pnHrCn0AEpzA -wJ2g7+CIS8qclPCR21DzhC21bW0CSHAO5g/SjmwH+H2BrXhfRQeGPJ1m+lDNfyVk -TKARDtUCZDfXHesnR+GCp4ZmnInwYb8kt+8JmXjbMh4hWutQ7tpXvhvbpZaEUzuf -2E+n+kW9y6+iVVw53m7+VlxMCUrAU17dcxQ6LiXrHcI6KeriDn+b6kN0K+ZijN3w -SrAQWl5NPsA= ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/pgsql-tls-client.crt b/apps/emqx_authn/test/data/certs/pgsql-tls-client.crt deleted file mode 100644 index af886570e..000000000 --- a/apps/emqx_authn/test/data/certs/pgsql-tls-client.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID/jCCAeagAwIBAgIJAPKjgQdlPyGlMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyMzA2NDA1MloXDTQ5MDUxMDA2NDA1MlowJTESMBAGA1UECgwJRU1RWCBU -ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCwwqKdZfHA2cgw42+s6URM0UXzve3X7ji6nPxC3rQKM82/Ol8iQfyIrCVy -WlVoxQppCBNDoPTCy+yrlAPWBWq95P+rOiXH3MeO86Z4mK9O8rwsRz9Yv3eOA7Ql -hlfrnFPD2E1t/XgpyuDxDA5lgLaB0nIu8Xklj4ZSXWHpTciY32HlyS7jpWSK94Ol -d+6D0kcWiu3ZLZ0Xgk+Br5Zkot5SjU4aUiCsD/rpil1YTHZ851kmXWhqaxetBPAO -bFUpxXffx3ou9+eQkWy8Za4BJOA3aaija+4ArVqcjrrzkEDzW1ESElRjdWegNaCk -g03nh3hpPogQjRYCHRTjMVli47+nAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg -hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBACOZsZdARELdQRe5WBkV -MTNZqei4TSFTjV8uocEuTMR7LV6HosmMZa/RqGTe3yU4tkUpHOYzxT1F9QlFl73s -hgcbPr1LRVn7XLEof8wKlxCElgqUKAsGHbjFFzhnw47c1tiiHablhLTWjfU/pMq2 -G9kFXqE8Jo+YNvbaUaC4YxFkc/Z2q/2rqhvmVVhcjsk0WwQ9hF47IwNl7ReUUNw1 -dxcPLUAQWyw4+lUeYkwMNZFL5MeARmIkiGJiKv4/yFxDyWe1Sjvp1K5H9RifR1Bn -fp21IUUjkP0+qYMnrV4L+4u8mxKO0JiV6Y/peIKzaOOULEB9bCgakBZQUpCNsFnt -MeSmtDR8LZtg3UFGCZeGj6QxiZ82kyqWmD7hcC8ag4KFGUlzmmdNFVD2Rgz0vGc9 -W8mXbWv39eaUBXitjEe8JwKWkeEFdRvKOfw5Jm4YCpYFsFTBIho+qaoF99odslAC -pY0LIjJhtfflbsGRz9y9MLGqhtZiDEv5CExv93FcnMuOQ9ZQSnGb2M2iyNl6zs2f -uZfzawvpEYisPjeMs7T2ys1gACqMxi8hwYpfBP/TQJ6iHtioUC+l9UfL/VwP8dky -yVi7Y5jka18RNSZHMj41rxIb2wgXm1/1vxAmkEm2/6ba8fR41s0tDCv3LylDehv1 -sNWUTEwylVLrkVay8UHhFsTZ ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/pgsql-tls-client.key b/apps/emqx_authn/test/data/certs/pgsql-tls-client.key deleted file mode 100644 index 0795d511f..000000000 --- a/apps/emqx_authn/test/data/certs/pgsql-tls-client.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAsMKinWXxwNnIMONvrOlETNFF873t1+44upz8Qt60CjPNvzpf -IkH8iKwlclpVaMUKaQgTQ6D0wsvsq5QD1gVqveT/qzolx9zHjvOmeJivTvK8LEc/ -WL93jgO0JYZX65xTw9hNbf14Kcrg8QwOZYC2gdJyLvF5JY+GUl1h6U3ImN9h5cku -46VkiveDpXfug9JHFort2S2dF4JPga+WZKLeUo1OGlIgrA/66YpdWEx2fOdZJl1o -amsXrQTwDmxVKcV338d6LvfnkJFsvGWuASTgN2moo2vuAK1anI6685BA81tREhJU -Y3VnoDWgpINN54d4aT6IEI0WAh0U4zFZYuO/pwIDAQABAoIBAFSKct5XMN5tCxue -2/3Wf61B9nQSphw9uvI+PUT6YR/0EPbiQzgOWWtA8pQT8n+upkD/9L7Gz+oPQL37 -iC4n3xq92S6bHBDQXr3XeQp69HYNEMUYuoqG4PaSfOnprElrNoEYBkiSD5Pljdqc -SpJvklrbPXOIWMoHMFZahYbhhgzfFpCdruY6NFTDlLxy8XOBUXAGCol3MJUkLBbd -ez3te1PXSVTQduE28qNi/wxIjAlTqsd6mwoakObiXp0If8lultt21UTnVmCRO9Mr -1opJFuzNnyAu03uMgh/0EEU0ecIe3tSnqntpWj1dJVWetBEx+6SkuEehC0PP8XDL -KphG3nECgYEA4U5nVIVFWzxNtyBX3i3Qy7ejt4S97vPa2GhDbGPpfx1meFZGkCXo -0Xke1syqxaXAyAZqB6TLN0iLhcjNoa+XTr7pm/f8IitSNCwqFHvhtqYpsAmV0+zn -ngsPmQP/dVPOOHYI0kCm1ktQHMmTpJ3PUjUKAJSFQCrg4TL9Z/NCYgkCgYEAyNcu -oejjuCJO3qSJ74huieOfvJonSTkWOf4CQm1wiPSgQ1w5yxGmUVlwyjMzZhAWICF7 -pJ55bOnEuo1NYcxGDjFPSaf0e9F3FMmzJRrMUfR10V4PqrTk+ouVAJ6luFHA8yzS -GeO5mvzPeW16vAQgXzB4RswyaWHD2TCkn1YFwC8CgYAmOpdtz+8ku+az29kM6dkz -t8UfrnZLxTSs44QNMCa+Ws64PGtcqhIG+PYynCedwbIkPnJfOacBil2iJaA+fvy9 -b8dTn5A4fAFGuPeq4ho6U5dfN0Ek5F2og1fyLqt5zO6AxgZZJn8ofT7qo4lZtS0o -VbeMwaaabKwbiftVWAE7gQKBgGfAwhZieUFmd9gMqDVWBcS2Eo8cE6+ADjtnPUOT -xc76kNA7lJ+TPphH3DyYtrTDGqr+oSEpvRDGsxqsZI1hOc+bKZqjaWmNjDbw+9rv -PR4Za8P9E5rcWG4WLaNkUbgmg8ccIG2/duLaN1RDemQmvZJvN7NbSa+nEcXhmym1 -BsOBAoGAQnMIGe10cS2drHitTCKSCZBrJtqNIZT6UfJ5iPy0h0Haz53anXKsfvp3 -HO++G8GV+xFxYyiDd+PuUSk13DnnFUw69f3Yb0aWY4scwMZ7+VSdJaPhPFZlslcv -jEFJstKOjIkshR2/hDQMFS+eHQ12+LYNDJqKH0SFS3lCi/Oo6Js= ------END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/redis-tls-ca.crt b/apps/emqx_authn/test/data/certs/redis-tls-ca.crt deleted file mode 100644 index b0f76f987..000000000 --- a/apps/emqx_authn/test/data/certs/redis-tls-ca.crt +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE5DCCAswCCQD2ieWzz1mwdjANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF -TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy -MjMwNjM4MTdaFw00OTA1MTAwNjM4MTdaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe -MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA3bvxD+2GQhtpOa5DcH48vP198WlWfwe1/OAW3Hk9Klxc -c3AriAQkTZ/KtSuCQXYP8UKXpI3c4anl1Q6JA4zkPy8UCRj060CAK6c58G28w8gt -mCdZZpIMxdnGXdQmdijan1oMYHMkPOmOW1c0J+XyKurvNNTvf32OZAp3FX9/9BG/ -QgpWoR4QTs0wv/VfPUmCEZA4IPMfT1clKoyj+zf+9GBPf1mEsdA9gDl0aT4531yr -gTO4HzhQq/3rlwKVVCJP0m4XGkhydp7Ozk4lJedPnKKbHzXjGEY6tITGqYsL4FMA -UoDEB6i1A6Pq6Ks4aADDisDhJhHMnnexxBOB1I3ZAbqotRpa+J+SqCK1A493KP10 -hQDCK/Vwqn9iPinjZzVireN0Ogv0pHke+qQs6bXCbEMxnj1Wk+87Afg62TFtTsfb -J4by0fJefqHI2TKjQp7QQX/vMoXcNXM508HzQFuSeURz725Lqm8RvOLsGqiZIvpc -zyTA9uFrv0fYtp5iqPyg5igRQ3zgO0hnsRg7aGhZoEp+01aLCtVAPiNUHRxArP3n -FbyEt0DiDlw70SHnLrTyjcZl2cQdlwTo0uv8vkLlwFk2TO73fe3CzJTO3tY5n8Hg -PN1s/SBh/iKe95CxOECrSvX6oUKlI9aQBAEeZUy0d7mO7UMmjw//KaHVoDsAYFcC -AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAhPGwtBjJlLr6fiuPURQdU3Mf5dwVJl3w -Ou2cdV+Cqx3BBqHEH5QOcvjTn6MhvlD4fROLa025Ad8HEA+c/SWofyHpYXN+enJn -IMGl1SXwx3dU+n3o1xVqthkP21Kp+TIsD5ZhZONT1uVKbhgc8A8qJgq6fzLH1qmS -XxmNZgss8QFg0lzILxCWq5Jao59GvM7he8b1JI1pRBFONdLMJmYfYLZ4gZfgSe/8 -omt2yqkym6MvANIArLn1x/K+ugKLWhHCz3W/qI6kHHfTYGFknRSEwswMgTsZc0Nw -Y4TbLcqZOjaB3HNXlTxE6B0UZKWGcexC9QkQZmnH32FbVv++RzVk62zD20kqll6/ -MwXTWXj6ML29xKyk7mCIhgdLCCPxJmaaBmNDUQpAzrd2ALTeTvNPj/1gjod9iSh/ -l/EXinNUnGZOSNP5hVzyH6seBhwT41yuLITghgRNwrnsGu3J/l80oRcKceWsEDe3 -yQLzEdpvcWnRH4kmULwB4d9w/20ThVESTJ8/Ran8xmpzmEfeiWZpyE7PMOSGgzy8 -xhLK8+F0ebkFyKQyMLDbSbvib+c5FAzlq5keszQfFKBDMa2reUf/qg75rAQDGwXR -C3Lw5K5/EZXSloTfo13hEMbLBttaWaKl9CIoZCcihsHdGrND3UM0ds2BWarmgqkB -/5+umpUJwJU= ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/redis-tls-client.crt b/apps/emqx_authn/test/data/certs/redis-tls-client.crt deleted file mode 100644 index 70f60e6b5..000000000 --- a/apps/emqx_authn/test/data/certs/redis-tls-client.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID/jCCAeagAwIBAgIJAJ1b1eCyPY+mMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV -BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X -DTIxMTIyMzA2MzgxN1oXDTQ5MDUxMDA2MzgxN1owJTESMBAGA1UECgwJRU1RWCBU -ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCfjMe1lMPoIZRReukG92h6ixX3rgOTVVquHOWmnu6S7o9Xl4j5uoT8T4P1 -JoCv3B8FfaG7G425Hrdx3Sfp9tNW0Y/lbku4dNSE8izFG4VPrT1vk41M1InvQ8y3 -miq6VmfqqXjK7DPi90HhLh0NuG7LoE4WtWnq6nNg2RSA2osPmPJ/YnxIxqcC56kv -gs56ChH/dmWnreZmTralSbiSZdx5fSIQ4BtFHVMM8LcEL10CezuzsC1P0K43DSEv -ShgfDq51LwFHGyFbx0jEABu4tqXtLLDJFw7YdTRjDtHB3LuXRCBtBFoMfcq6GgXE -L6QE/TTMmet4XrYHJ63nWu62EDnFAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg -hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAAD6aGC0eqPqhoOx36g6 -Ckb+BO1/GIJRv6cPJrtzih7pLxAcxyFj0vqM5SWAXxUlsnRIZ68PAEe3/b0WyHh5 -KZ5jqZMCGOOHpe9ZecqGT49QNY1g4f+PWaDMUMhJidm8xHE5snBKXaTzvnbTtvul -CQ+4wcCTdzEq3xzPjuz8M4+Kq2Z95WO1ZmXbMOLyVGJaB7wjl2n5JPVs8bBxaQZi -Q9PHzor/Dafhlea2eqZP4bBFz6hSrZ8ye+18WwiebL6dzFS2z3sMu9yrBmmvi4SZ -hogQT/3bk9eTia0fq6LqFi56GfGloov2pushFKxpxRXnmWS1FJkukld2I/uoxeeU -kSbYk9H0Nq/KyuXgm+6frzXZqeGU7hTn3wreYwiiqpyZs9kUadaR6Q/zSio/C9D3 -Y9negp5LscHhkm6WTj12ZcBicaUJ7dToVXbttj3Me5Uf/QFtba+x4DTGPEUEsNdD -z/9y8MzuGg7/+qoSdQaXGYBOdeWeID8PS5vnwVzutn4KI2GxVLpsEL3I1a2ZVkG/ -ZvKivpyjDT3MCaAAxC7BfspsZuV6cJJfaNn5ozu1fJlgyGgWNj6MfCr67SLkXGIT -29orZbdk2FObZcF5WHa9Fqn3RbTQh+rV7tpv1loxhdZuGNKepDzkSXNN/CDyvb0Q -y49H/UmwxcGoBxxMep6YXgKm ------END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/redis-tls-client.key b/apps/emqx_authn/test/data/certs/redis-tls-client.key deleted file mode 100644 index e62e336c5..000000000 --- a/apps/emqx_authn/test/data/certs/redis-tls-client.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAn4zHtZTD6CGUUXrpBvdoeosV964Dk1Varhzlpp7uku6PV5eI -+bqE/E+D9SaAr9wfBX2huxuNuR63cd0n6fbTVtGP5W5LuHTUhPIsxRuFT609b5ON -TNSJ70PMt5oqulZn6ql4yuwz4vdB4S4dDbhuy6BOFrVp6upzYNkUgNqLD5jyf2J8 -SManAuepL4LOegoR/3Zlp63mZk62pUm4kmXceX0iEOAbRR1TDPC3BC9dAns7s7At -T9CuNw0hL0oYHw6udS8BRxshW8dIxAAbuLal7SywyRcO2HU0Yw7Rwdy7l0QgbQRa -DH3KuhoFxC+kBP00zJnreF62Byet51ruthA5xQIDAQABAoIBACmYjGB8vm6AgqiT -gLk+O1Dnffyqs2fv8so94mmEOfK4m0pcyWtCA3W8TUzWkupGWxgVXtrnHhXLOkxH -Oia3IPYbgIZyMO+QFe/rK1zgBet14PR75XTIXIWyiWa8nLMj38fAEyvkVMqxZ82L -Nivjj48q5fDprwl9wkLXlY7aazLPZdMa3MCWzB8tzb1OmaKKvOQTnp3AV9+vuSRm -6RlXd/HLQHTrsIOFd3RQ1HXY+I9xHQTtBdFamQL7VUhrFmoGsa+ogC+Zubz90P1U -O2brliKc3lTQr3MJtZVERy2n8MV3ZyVr2b7rcCGx/QqprXKwlIKWcH2SwCSOW+HD -RGWMSYECgYEAzgfiL9Sd0ut8K/vlsWBnEovpfpXzTusLClWVP526Pcu0UYHs1PkE -dScw1eck3vl7ce4V5t5rubZHmlYgMd1cb1hyGDhqs9x2YaZxxf0vT/RYKr9EaIRb -QgAb60OzLjPQ4Fq6TlUXkICT05sqCAXnXmfOOaPMlGb9buz13ExfE3UCgYEAxj75 -ksrT++MCp2/mfIZgwFxRredIVjcJpXoqhCjF2dAbjBVYidKVx9iAEesBlhd6SFFk -xk1tyiMnCEaBFpM/TRI3kFONb/Gc/KTVnPl70CP/CAGBzB6vOnhga2xYgLEW8hZh -MSmVDHMWUlWCvvYYVi5z98VcBFRIkKnrMpWNUxECgYA+2xTcdsc3g/Q8DvuCY+DO -PbUck27JUtfpbTa9U8dv9ueqPjMcvmPnwe8aMwyCoiZRGcvAxXakD8JEiaYE0H3U -0mzsirmy6b2MCRWIy7dVczw6vmOGZ2rX9eSOn/bYT6KX79YK89belPuEgUAPdo2h -tZWq7BgL5mfHIa/YZ8xRyQKBgQCEpNpEV6Xi4Y+DDKJBK4BM9PhJzXhfB1BTAhy0 -dLt883ubDSVCgj5piviWBJH5JRhSjvNIo8IT/9U7+kChJEC0hr3auazm+9i4SmoL -L/qh15PqfWelddp02tpYxhOpd9QMguDhDhuGSvLigAiNUQgTkd1SKSFaXDJ5aNfP -7rSyoQKBgF9MOs30XLuPLOX+PkvexXOMql9uKe/1LEzeJ/gulI6K0HrjRWZrD3xU -eqEAt8sEpd9doepT6JwLo9xBEgniEjwmI1SoJgV02Hq7KLh5k8BK7U5NyJMtRPnU -l+OLhG+ufeyWGllKpaDkeBn3LvQH0LrChsin3uzGbjpi6UUb5fTM ------END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/data/certs/server.crt b/apps/emqx_authn/test/data/certs/server.crt new file mode 100644 index 000000000..1fe7a516c --- /dev/null +++ b/apps/emqx_authn/test/data/certs/server.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEBDCCAeygAwIBAgIJAKTICmq1Lg6cMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIzMDA4NDExMloXDTQ5MDUxNzA4NDExMlowKzESMBAGA1UECgwJRU1RWCBU +ZXN0MRUwEwYDVQQDDAxhdXRobi1zZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQCdCXfM/j28fsi3vhxmHoy2UUz/VDcTJudadVNqTOQZPuqW5lex +309yYcZqThfT2ZSVIH92ags6aNxr4Uv9vGTkPW22kAiK41imeAj+HLmvByxqfv+s +JlB5YcHXMGQCcFZOaOtabuJ0nmqxO0OWU9CIeE5PWlnVyWM1cvYxtQQLg4BSP8X/ +ohFBERaBn0yU0IYTFxo+9A1LB5utnWiv7A/5fZVFBkAdrGMPxcuEF49oynbW4WpN +kn1jY+89BrBvLk+lMZCTI2dRnE5tqt+kD6Ejh3eWRiONoS6sm9rIrH/OMEqEXhfi +bgZZu8rL0o1YL7SATJERBNuvcJpQl7We5UCbAgMBAAGjIjAgMAsGA1UdDwQEAwIF +oDARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBAAydWowM0rS5 +CgrVsuSUnUntXkIIu9YziI8mKWm8K5sp8lqtVovitVFuG19Y3Ve8r2pIibpBvOKZ +ocr+uUgrZrGGXU3x9/p+miTcHm5M9guPzmN6JbKZ65yIAN9po5CjrczFShqxIQly +ye+5C7/Metf6KM43lLKefDkUgccASKa4KhvP84/Jc8jEKP2cQ5I84yaRyeJgDnJ0 +XY6Nu1yn1BLrw9dq5ZcoBYR94aVPnSR63zE58cJ99r8AOSk/Tl7phKNAS7mP94NH +RVTW4R/xGMT/iVz4x9exfeVfAX5fVAPIOXV5VKownmM/WfhICHxNLi++m9nO9sn6 +tHT+3ViYUbilhcPlXVgTiVWJrFuoxbPTON4yIxgT3VQz47Oqnx37jeufbb7bGiJW +H/GEtn5pDPbiHbu6j+GK98uTN7OoTM5L81nbct6evEz6sK2T5Ve5Ro2IWWeG7xlB +3+FIK1pzl5OHpLJTED/DKNxt1qlhnjTGSz902fBORYvTCTdpSfGnrUMjJOP0rGHH +81WFMfc6ucsN4zGXVHHUNuNaUp1HprUy4g7ipTXkRn9oyOXkYKMGMX9T2aUeEnXO +U9ij61TrGA+lZENsbFKD/UcLRr4GY21TKj9dKjKyIoru/qDHrtJkSObQlcgOwS7D +ctaGcj4es0ByT2PX/mDqJoMip3E4E11O +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/server.key b/apps/emqx_authn/test/data/certs/server.key new file mode 100644 index 000000000..649b69428 --- /dev/null +++ b/apps/emqx_authn/test/data/certs/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAnQl3zP49vH7It74cZh6MtlFM/1Q3EybnWnVTakzkGT7qluZX +sd9PcmHGak4X09mUlSB/dmoLOmjca+FL/bxk5D1ttpAIiuNYpngI/hy5rwcsan7/ +rCZQeWHB1zBkAnBWTmjrWm7idJ5qsTtDllPQiHhOT1pZ1cljNXL2MbUEC4OAUj/F +/6IRQREWgZ9MlNCGExcaPvQNSwebrZ1or+wP+X2VRQZAHaxjD8XLhBePaMp21uFq +TZJ9Y2PvPQawby5PpTGQkyNnUZxObarfpA+hI4d3lkYjjaEurJvayKx/zjBKhF4X +4m4GWbvKy9KNWC+0gEyREQTbr3CaUJe1nuVAmwIDAQABAoIBABl6dMZ8pXWUuGof +XSowYLIf5Lc0aa8gy76AdKU1jniOHa+X9bh1O8WaGYAb5X/IuHOtjyCeOe4jH0gd +iJ/FVjU1xjwtiEVId5SiuwrHjFTafBlXO5IpsTrQYovQXRmMMmSMX0sP3IwBO9w/ +ekrElHvf0QzM4vBtuTvtyAXukZZwYWvdJK8GXc7NE0xTNSe0C+f2MS0ZAuWP7g8K +1WgRO+8pb11sK4CAl+yD6Lyf7JVlouTcsYdeRF5o7yuEQ2qlz3+vxPwfMIpONKel +kK5nUUc8OGhHQpkO+ZZXh5fIWkaKFJKMzoAh8pj2HFAfK93s64f3LHu75sum05Gc +RUCSafkCgYEAympLWe+cmq8XyUqQnsQ7hHfc5VKa33YDTEkO/ZncnnNA/k4yH+r7 +LGgMZD1zC5R3pRFEET9pUOrlx7Z489Bc1Z9Y+9dDpwg9DRrvkt1/MpxOI2Lk8tiJ +lLU/uRTQXQmHFoEBg6i2CDIZyP/qccCS0zIcMQJDq6WaTfXyJ5k0LOUCgYEAxpvi +l7t9RPIQXTEfWiD3iN11QwZYjZ3c6CfW2iaucPYJZDclk6BO1Chdw55cELbfj4bh +7lMxDYpyOQrEwIXYk1a8IY6VOFFMmOQfCfECm5XNTvz//5vYxYlB8ERdhM7opAYG +YsAyR/+BVEyhG6NXy4sh5Q49YgfrjVMdYmBSX38CgYEAx2BF0lNzNOXsjwgURV5S +pZuPCI8CH8PVYcnAq0lnhudNiHArbUb+mvHt6rqgXDKkWwITws1sBhkptjrlDnsZ +Rg3MD1wsthUmVYdHnajxBj/xs2dQzmc9tS2Gk96Nkma1GhR+EloW2yHGRjbVjbA6 +ry53mEp7r1HSGKJ+IEUGoIUCgYEAiRS7FyNPWTECXnAzRZAPiiXgc7yDjmtxN8OX +pcahDFKlNMhjZTt2bTTXUteQj/DI6VWdx1MgPkpagEiQeJlpXHi3LSoukEp85eI+ +EiyJMj35ERXK0/ALdHxCSMXHDo2JQPzvl2U0z0DpUPf7Ewpw5IpJgMGNWIZC7K57 +T5VQBZ0CgYAcAG1KYZYD+Sb14jJLSD6JqnJBrcv8e6wEAnA+0vuEv09FfgeB4MNZ +FwRR8FQDL8V2QcvsauwcwNOf9m9K8goCV9YKTcFw5Tl0m3uYzCIDVdyZI85NgBS0 +m//eODmUYg1gMOi9LfnKgtrW7EURrCNj3Pgt87g7WDiSY+qGB0IzzQ== +-----END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/emqx_authn_http_test_server.erl b/apps/emqx_authn/test/emqx_authn_http_test_server.erl index caeb798ab..2e88dc83b 100644 --- a/apps/emqx_authn/test/emqx_authn_http_test_server.erl +++ b/apps/emqx_authn/test/emqx_authn_http_test_server.erl @@ -68,7 +68,7 @@ init([Port, Path, SSLOpts]) -> ChildSpec = ranch:child_spec(?MODULE, Transport, TransOpts, CowboyModule, ProtoOpts), - {ok, {{one_for_one, 10, 10}, [ChildSpec]}}. + {ok, {#{}, [ChildSpec]}}. %%------------------------------------------------------------------------------ %% cowboy_server API diff --git a/apps/emqx_authn/test/emqx_authn_https_SUITE.erl b/apps/emqx_authn/test/emqx_authn_https_SUITE.erl index d70946bcd..af3982280 100644 --- a/apps/emqx_authn/test/emqx_authn_https_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_https_SUITE.erl @@ -70,7 +70,7 @@ end_per_testcase(_Case, _Config) -> t_create(_Config) -> {ok, _} = create_https_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"authn-https">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.2">>], <<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]}), @@ -81,7 +81,7 @@ t_create(_Config) -> t_create_invalid_domain(_Config) -> {ok, _} = create_https_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"authn-https-unknown-host">>, + #{<<"server_name_indication">> => <<"authn-server-unknown-host">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.2">>], <<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]}), @@ -92,7 +92,7 @@ t_create_invalid_domain(_Config) -> t_create_invalid_version(_Config) -> {ok, _} = create_https_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"authn-https">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.1">>]}), @@ -102,7 +102,7 @@ t_create_invalid_version(_Config) -> t_create_invalid_ciphers(_Config) -> {ok, _} = create_https_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"authn-https">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.2">>], <<"ciphers">> => [<<"ECDHE-ECDSA-AES256-SHA384">>]}), @@ -121,7 +121,7 @@ create_https_auth_with_ssl_opts(SpecificSSLOpts) -> raw_https_auth_config(SpecificSSLOpts) -> SSLOpts = maps:merge( - client_ssl_opts(), + emqx_authn_test_lib:client_ssl_cert_opts(), #{enable => <<"true">>}), #{ mechanism => <<"password-based">>, @@ -151,15 +151,10 @@ cowboy_handler(Req0, State) -> Req0), {ok, Req, State}. -client_ssl_opts() -> - #{keyfile => cert_path("authn-https-client.key"), - certfile => cert_path("authn-https-client.crt"), - cacertfile => cert_path("authn-https-ca.crt")}. - server_ssl_opts() -> - [{keyfile, cert_path("authn-https-server.key")}, - {certfile, cert_path("authn-https-server.crt")}, - {cacertfile, cert_path("authn-https-ca.crt")}, + [{keyfile, cert_path("server.key")}, + {certfile, cert_path("server.crt")}, + {cacertfile, cert_path("ca.crt")}, {verify, verify_none}, {versions, ['tlsv1.2', 'tlsv1.3']}, {ciphers, ["ECDHE-RSA-AES256-GCM-SHA384", "TLS_CHACHA20_POLY1305_SHA256"]} diff --git a/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl b/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl index ea16664f4..dd2ec670e 100644 --- a/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_jwt_SUITE.erl @@ -186,7 +186,7 @@ t_jwks_renewal(_Config) -> ?assertEqual(ignore, emqx_authn_jwt:authenticate(Credential#{password => <<"badpassword">>}, State0)), ClientSSLOpts = client_ssl_opts(), - BadClientSSLOpts = ClientSSLOpts#{server_name_indication => "authn-https-unknown-host"}, + BadClientSSLOpts = ClientSSLOpts#{server_name_indication => "authn-server-unknown-host"}, BadConfig1 = BadConfig0#{endpoint => "https://127.0.0.1:" ++ integer_to_list(?JWKS_PORT) ++ ?JWKS_PATH, @@ -266,17 +266,16 @@ generate_jws('public-key', Payload, PrivateKey) -> JWS. client_ssl_opts() -> - #{keyfile => cert_file("authn-https-client.key"), - certfile => cert_file("authn-https-client.crt"), - cacertfile => cert_file("authn-https-ca.crt"), - enable => true, - verify => verify_peer, - server_name_indication => "authn-https" - }. + maps:merge( + emqx_authn_test_lib:client_ssl_cert_opts(), + #{enable => true, + verify => verify_peer, + server_name_indication => "authn-server" + }). server_ssl_opts() -> - [{keyfile, cert_file("authn-https-server.key")}, - {certfile, cert_file("authn-https-server.crt")}, - {cacertfile, cert_file("authn-https-ca.crt")}, + [{keyfile, cert_file("server.key")}, + {certfile, cert_file("server.crt")}, + {cacertfile, cert_file("ca.crt")}, {verify, verify_none} ]. diff --git a/apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl b/apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl index 7cff3eff3..e62f895a2 100644 --- a/apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_mongo_tls_SUITE.erl @@ -68,12 +68,12 @@ end_per_suite(_Config) -> %% openssl s_client -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384 \ %% -connect mongo-tls:27017 \ -%% -cert mongo-tls-client.crt -key mongo-tls-client.key -CAfile mongo-tls-ca.crt +%% -cert client.crt -key client.key -CAfile ca.crt t_create(_Config) -> ?check_trace( create_mongo_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"mongo-tls">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.2">>], <<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]}), @@ -89,7 +89,7 @@ t_create(_Config) -> t_create_invalid_server_name(_Config) -> ?check_trace( create_mongo_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"mongo-tls-unknown-host">>, + #{<<"server_name_indication">> => <<"authn-server-unknown-host">>, <<"verify">> => <<"verify_peer">>}), fun({ok, _}, Trace) -> ?assertEqual( @@ -106,7 +106,7 @@ t_create_invalid_server_name(_Config) -> t_create_invalid_version(_Config) -> ?check_trace( create_mongo_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"mongo-tls">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.1">>]}), fun({ok, _}, Trace) -> @@ -124,7 +124,7 @@ t_create_invalid_version(_Config) -> t_invalid_ciphers(_Config) -> ?check_trace( create_mongo_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"mongo-tls">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.2">>], <<"ciphers">> => [<<"DHE-RSA-AES256-GCM-SHA384">>]}), @@ -146,7 +146,7 @@ create_mongo_auth_with_ssl_opts(SpecificSSLOpts) -> raw_mongo_auth_config(SpecificSSLOpts) -> SSLOpts = maps:merge( - client_ssl_opts(), + emqx_authn_test_lib:client_ssl_cert_opts(), #{enable => <<"true">>}), #{ mechanism => <<"password-based">>, @@ -183,9 +183,3 @@ start_apps(Apps) -> stop_apps(Apps) -> lists:foreach(fun application:stop/1, Apps). - -client_ssl_opts() -> - Dir = code:lib_dir(emqx_authn, test), - #{keyfile => filename:join([Dir, <<"data/certs">>, "mongo-tls-client.key"]), - certfile => filename:join([Dir, <<"data/certs">>, "mongo-tls-client.crt"]), - cacertfile => filename:join([Dir, <<"data/certs">>, "mongo-tls-ca.crt"])}. diff --git a/apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl b/apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl index 557949b8e..1c046e9bc 100644 --- a/apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl @@ -66,12 +66,12 @@ end_per_suite(_Config) -> t_create(_Config) -> %% openssl s_client -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384 \ - %% -connect mysql-tls:3306 -starttls mysql \ - %% -cert mysql-tls-client.crt -key mysql-tls-client.key -CAfile mysql-tls-ca.crt + %% -connect authn-server:3306 -starttls mysql \ + %% -cert client.crt -key client.key -CAfile ca.crt ?assertMatch( {ok, _}, create_mysql_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"mysql-tls">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.2">>], <<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]})). @@ -82,14 +82,14 @@ t_create_invalid(_Config) -> ?assertMatch( {error, _}, create_mysql_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"mysql-tls-unknown-host">>, + #{<<"server_name_indication">> => <<"authn-server-unknown-host">>, <<"verify">> => <<"verify_peer">>})), %% incompatible versions ?assertMatch( {error, _}, create_mysql_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"mysql-tls">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.1">>]})), @@ -97,7 +97,7 @@ t_create_invalid(_Config) -> ?assertMatch( {error, _}, create_mysql_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"mysql-tls">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.2">>], <<"ciphers">> => [<<"ECDHE-ECDSA-AES128-GCM-SHA256">>]})). @@ -112,7 +112,7 @@ create_mysql_auth_with_ssl_opts(SpecificSSLOpts) -> raw_mysql_auth_config(SpecificSSLOpts) -> SSLOpts = maps:merge( - client_ssl_opts(), + emqx_authn_test_lib:client_ssl_cert_opts(), #{enable => <<"true">>}), #{ mechanism => <<"password-based">>, @@ -142,9 +142,3 @@ start_apps(Apps) -> stop_apps(Apps) -> lists:foreach(fun application:stop/1, Apps). - -client_ssl_opts() -> - Dir = code:lib_dir(emqx_authn, test), - #{keyfile => filename:join([Dir, <<"data/certs">>, "mysql-tls-client.key"]), - certfile => filename:join([Dir, <<"data/certs">>, "mysql-tls-client.crt"]), - cacertfile => filename:join([Dir, <<"data/certs">>, "mysql-tls-ca.crt"])}. diff --git a/apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl b/apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl index 34f25f3ea..4bf761d62 100644 --- a/apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_pgsql_tls_SUITE.erl @@ -66,12 +66,12 @@ end_per_suite(_Config) -> t_create(_Config) -> %% openssl s_client -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384 \ - %% -starttls postgres -connect pgsql-tls:5432 \ - %% -cert pgsql-tls-client.crt -key pgsql-tls-client.key -CAfile pgsql-tls-ca.crt + %% -starttls postgres -connect authn-server:5432 \ + %% -cert client.crt -key client.key -CAfile ca.crt ?assertMatch( {ok, _}, create_pgsql_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"pgsql-tls">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.2">>], <<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]})). @@ -82,20 +82,14 @@ t_create_invalid(_Config) -> ?assertMatch( {error, _}, create_pgsql_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"pgsql-tls-unknown-host">>, + #{<<"server_name_indication">> => <<"authn-server-unknown-host">>, <<"verify">> => <<"verify_peer">>})), - %% invalid server_name - ?assertMatch( - {error, _}, - create_pgsql_auth_with_ssl_opts( - #{<<"verify">> => <<"verify_peer">>})), - %% incompatible versions ?assertMatch( {error, _}, create_pgsql_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"pgsql-tls">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.1">>]})), @@ -103,7 +97,7 @@ t_create_invalid(_Config) -> ?assertMatch( {error, _}, create_pgsql_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"pgsql-tls">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.2">>], <<"ciphers">> => [<<"ECDHE-ECDSA-AES128-GCM-SHA256">>]})). @@ -118,7 +112,7 @@ create_pgsql_auth_with_ssl_opts(SpecificSSLOpts) -> raw_pgsql_auth_config(SpecificSSLOpts) -> SSLOpts = maps:merge( - client_ssl_opts(), + emqx_authn_test_lib:client_ssl_cert_opts(), #{enable => <<"true">>}), #{ mechanism => <<"password-based">>, @@ -149,8 +143,3 @@ start_apps(Apps) -> stop_apps(Apps) -> lists:foreach(fun application:stop/1, Apps). -client_ssl_opts() -> - Dir = code:lib_dir(emqx_authn, test), - #{keyfile => filename:join([Dir, <<"data/certs">>, "pgsql-tls-client.key"]), - certfile => filename:join([Dir, <<"data/certs">>, "pgsql-tls-client.crt"]), - cacertfile => filename:join([Dir, <<"data/certs">>, "pgsql-tls-ca.crt"])}. diff --git a/apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl b/apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl index 22a8f013e..0403482b1 100644 --- a/apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_redis_tls_SUITE.erl @@ -68,7 +68,7 @@ t_create(_Config) -> ?assertMatch( {ok, _}, create_redis_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"redis-tls">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.3">>], <<"ciphers">> => [<<"TLS_CHACHA20_POLY1305_SHA256">>]})). @@ -78,24 +78,16 @@ t_create_invalid(_Config) -> ?assertMatch( {error, _}, create_redis_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"redis-tls-unknown-host">>, + #{<<"server_name_indication">> => <<"authn-server-unknown-host">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.3">>], <<"ciphers">> => [<<"TLS_CHACHA20_POLY1305_SHA256">>]})), - %% invalid server_name (eredis connects by ip address) - ?assertMatch( - {error, _}, - create_redis_auth_with_ssl_opts( - #{<<"verify">> => <<"verify_peer">>, - <<"versions">> => [<<"tlsv1.3">>], - <<"ciphers">> => [<<"TLS_CHACHA20_POLY1305_SHA256">>]})), - %% incompatible versions ?assertMatch( {error, _}, create_redis_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"redis-tls">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.1">>, <<"tlsv1.2">>]})), @@ -103,7 +95,7 @@ t_create_invalid(_Config) -> ?assertMatch( {error, _}, create_redis_auth_with_ssl_opts( - #{<<"server_name_indication">> => <<"redis-tls">>, + #{<<"server_name_indication">> => <<"authn-server">>, <<"verify">> => <<"verify_peer">>, <<"versions">> => [<<"tlsv1.3">>], <<"ciphers">> => [<<"TLS_AES_128_GCM_SHA256">>]})). @@ -118,7 +110,7 @@ create_redis_auth_with_ssl_opts(SpecificSSLOpts) -> raw_redis_auth_config(SpecificSSLOpts) -> SSLOpts = maps:merge( - client_ssl_opts(), + emqx_authn_test_lib:client_ssl_cert_opts(), #{enable => <<"true">>}), #{ mechanism => <<"password-based">>, @@ -145,9 +137,3 @@ start_apps(Apps) -> stop_apps(Apps) -> lists:foreach(fun application:stop/1, Apps). - -client_ssl_opts() -> - Dir = code:lib_dir(emqx_authn, test), - #{keyfile => filename:join([Dir, <<"data/certs">>, "redis-tls-client.key"]), - certfile => filename:join([Dir, <<"data/certs">>, "redis-tls-client.crt"]), - cacertfile => filename:join([Dir, <<"data/certs">>, "redis-tls-ca.crt"])}. diff --git a/apps/emqx_authn/test/emqx_authn_test_lib.erl b/apps/emqx_authn/test/emqx_authn_test_lib.erl index b14821a9c..fb411d131 100644 --- a/apps/emqx_authn/test/emqx_authn_test_lib.erl +++ b/apps/emqx_authn/test/emqx_authn_test_lib.erl @@ -66,3 +66,8 @@ is_tcp_server_available(Host, Port) -> false end. +client_ssl_cert_opts() -> + Dir = code:lib_dir(emqx_authn, test), + #{keyfile => filename:join([Dir, "data/certs", "client.key"]), + certfile => filename:join([Dir, "data/certs", "client.crt"]), + cacertfile => filename:join([Dir, "data/certs", "ca.crt"])}. From c98e0efdadc90112d85468103a9652763e0d4cfb Mon Sep 17 00:00:00 2001 From: Ilya Averyanov Date: Thu, 30 Dec 2021 13:57:48 +0300 Subject: [PATCH 8/8] chore(mongodb): update client --- apps/emqx_connector/rebar.config | 2 +- apps/emqx_connector/src/emqx_connector_mongo.erl | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/apps/emqx_connector/rebar.config b/apps/emqx_connector/rebar.config index 58706e950..619cd165d 100644 --- a/apps/emqx_connector/rebar.config +++ b/apps/emqx_connector/rebar.config @@ -8,7 +8,7 @@ {mysql, {git, "https://github.com/emqx/mysql-otp", {tag, "1.7.1"}}}, {epgsql, {git, "https://github.com/emqx/epgsql", {tag, "4.6.0"}}}, %% NOTE: mind poolboy version when updating mongodb-erlang version - {mongodb, {git,"https://github.com/emqx/mongodb-erlang", {tag, "v3.0.10"}}}, + {mongodb, {git,"https://github.com/emqx/mongodb-erlang", {tag, "v3.0.11"}}}, %% NOTE: mind poolboy version when updating eredis_cluster version {eredis_cluster, {git, "https://github.com/emqx/eredis_cluster", {tag, "0.6.7"}}}, %% mongodb-erlang uses a special fork https://github.com/comtihon/poolboy.git diff --git a/apps/emqx_connector/src/emqx_connector_mongo.erl b/apps/emqx_connector/src/emqx_connector_mongo.erl index 5f8cc38c6..4eb8db611 100644 --- a/apps/emqx_connector/src/emqx_connector_mongo.erl +++ b/apps/emqx_connector/src/emqx_connector_mongo.erl @@ -178,9 +178,6 @@ health_check(PoolName) -> %% =================================================================== -%% mongo_api:find_one/4 typing is invalid --dialyzer({nowarn_function, [check_worker_health/1]}). - check_worker_health(Worker) -> case ecpool_worker:client(Worker) of {ok, Conn} ->