From e2e2c98679bfb47aba23f6b377d2c104b0e2d4df Mon Sep 17 00:00:00 2001 From: Ilya Averyanov Date: Thu, 23 Dec 2021 23:31:58 +0300 Subject: [PATCH] chore(authn): test Mysql authn via ssl connection --- .ci/docker-compose-file/Makefile.local | 2 + .../docker-compose-mysql-tls.yaml | 52 +++--- .ci/docker-compose-file/mysql/certs/ca.crt | 29 ++++ .ci/docker-compose-file/mysql/certs/ca.key | 51 ++++++ .../mysql/certs/client.crt | 24 +++ .../mysql/certs/client.key | 27 ++++ .../mysql/certs/server.crt | 24 +++ .../mysql/certs/server.key | 27 ++++ .github/workflows/run_test_cases.yaml | 1 + .../test/data/certs/mysql-tls-ca.crt | 29 ++++ .../test/data/certs/mysql-tls-client.crt | 24 +++ .../test/data/certs/mysql-tls-client.key | 27 ++++ .../test/emqx_authn_mysql_SUITE.erl | 2 - .../test/emqx_authn_mysql_tls_SUITE.erl | 150 ++++++++++++++++++ .../src/emqx_connector_mysql.erl | 3 +- 15 files changed, 436 insertions(+), 36 deletions(-) create mode 100644 .ci/docker-compose-file/mysql/certs/ca.crt create mode 100644 .ci/docker-compose-file/mysql/certs/ca.key create mode 100644 .ci/docker-compose-file/mysql/certs/client.crt create mode 100644 .ci/docker-compose-file/mysql/certs/client.key create mode 100644 .ci/docker-compose-file/mysql/certs/server.crt create mode 100644 .ci/docker-compose-file/mysql/certs/server.key create mode 100644 apps/emqx_authn/test/data/certs/mysql-tls-ca.crt create mode 100644 apps/emqx_authn/test/data/certs/mysql-tls-client.crt create mode 100644 apps/emqx_authn/test/data/certs/mysql-tls-client.key create mode 100644 apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl diff --git a/.ci/docker-compose-file/Makefile.local b/.ci/docker-compose-file/Makefile.local index aea4be034..a8c309382 100644 --- a/.ci/docker-compose-file/Makefile.local +++ b/.ci/docker-compose-file/Makefile.local @@ -20,6 +20,7 @@ up: -f .ci/docker-compose-file/docker-compose.yaml \ -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ @@ -31,6 +32,7 @@ down: -f .ci/docker-compose-file/docker-compose.yaml \ -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ diff --git a/.ci/docker-compose-file/docker-compose-mysql-tls.yaml b/.ci/docker-compose-file/docker-compose-mysql-tls.yaml index 17dfdcc8e..3c01a10df 100644 --- a/.ci/docker-compose-file/docker-compose-mysql-tls.yaml +++ b/.ci/docker-compose-file/docker-compose-mysql-tls.yaml @@ -1,47 +1,35 @@ version: '3.9' services: - mysql_server: - container_name: mysql + mysql_server_tls: + container_name: mysql-tls image: mysql:${MYSQL_TAG} restart: always environment: MYSQL_ROOT_PASSWORD: public MYSQL_DATABASE: mqtt - MYSQL_USER: ssluser + MYSQL_USER: user MYSQL_PASSWORD: public volumes: - - ../../apps/emqx/etc/certs/cacert.pem:/etc/certs/ca-cert.pem - - ../../apps/emqx/etc/certs/cert.pem:/etc/certs/server-cert.pem - - ../../apps/emqx/etc/certs/key.pem:/etc/certs/server-key.pem + - ./mysql/certs/ca.crt:/etc/certs/ca-cert.pem + - ./mysql/certs/server.crt:/etc/certs/server-cert.pem + - ./mysql/certs/server.key:/etc/certs/server-key.pem ports: - - "3306:3306" + - "3307:3306" networks: - emqx_bridge command: - --bind-address "::" - --character-set-server=utf8mb4 - --collation-server=utf8mb4_general_ci - --explicit_defaults_for_timestamp=true - --lower_case_table_names=1 - --max_allowed_packet=128M - --skip-symbolic-links - --ssl-ca=/etc/certs/ca-cert.pem - --ssl-cert=/etc/certs/server-cert.pem - --ssl-key=/etc/certs/server-key.pem + - --bind-address=0.0.0.0 + - --port=3306 + - --character-set-server=utf8mb4 + - --collation-server=utf8mb4_general_ci + - --explicit_defaults_for_timestamp=true + - --lower_case_table_names=1 + - --max_allowed_packet=128M + - --ssl-ca=/etc/certs/ca-cert.pem + - --ssl-cert=/etc/certs/server-cert.pem + - --ssl-key=/etc/certs/server-key.pem + - --require-secure-transport=ON + - --tls-version=TLSv1.2,TLSv1.3 + - --ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384 - mysql_client: - container_name: mysql_client - image: mysql:${MYSQL_TAG} - networks: - - emqx_bridge - depends_on: - - mysql_server - command: - - /bin/bash - - -c - - | - service mysql start - echo "show tables;" | mysql -h mysql_server -u root -ppublic mqtt mqtt - while [[ $$? -ne 0 ]];do echo "show tables;" | mysql -h mysql_server -u root -ppublic mqtt; done - echo "ALTER USER 'ssluser'@'%' REQUIRE X509;" | mysql -h mysql_server -u root -ppublic mqtt diff --git a/.ci/docker-compose-file/mysql/certs/ca.crt b/.ci/docker-compose-file/mysql/certs/ca.crt new file mode 100644 index 000000000..f08b1a4ff --- /dev/null +++ b/.ci/docker-compose-file/mysql/certs/ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQD0VXUkrmHMVDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjMxODIwNTJaFw00OTA1MTAxODIwNTJaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8 +dhF0mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwu +TXkv61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IW +qlmTuU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrj +mdTG0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwr +s5NQ5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4 +I1nTuo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGz +YcnKs8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjsh +uZBp5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfx +n9hSGGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij3 +1XpYIOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kC +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAo18XKZw9xoknyRRcCyOBHwJWttE1gd4X +Sly6dzqokAa/elaSvVTl3adUytkcrDIo2A2+PMxqQIB8xnd8dX5yJQBuzrrLOlXl +36hQciNKuY6Y1rVzGD4lJ7I6epnX3BDP6rBTit/q0vPWVVII9EFf7vI1jtB3hB0s +0WWCG8Z/mup6cgw8P+IWO5U7WPnkrJur0Rxr/UkJFq4xNY8TuNxtNjbTqQUTkUHz +smPEQcjmtD+8d4lZusmrSr3FT6hh4bqjxcDUD9cZeWPuYMXQoHngzEVsHK4/wzjX +HH4l5NYTJ7ZEQ6pQJHMWB848IP70S+bvTpn0IEOuFvsSoFKMb/qOLPwmbVRFP2r7 +h7viDKM4L5vOr1INZhHl8LGc3NPShGNODRrAZcImw8ev2x0IMlSU23dfPmAqrThU +vIXVew6Lv9h0QlKZMePkfN4dGXC9X6EOYDzTQWG3CyXh6Cygfq0XS0wt9+gt36zr +7kKIfHRGnXPC7XDym/9GAzdMeUPIWYvIZyuxkFq0x7nQ31OB6jZgg0O+93L0LFXm +FyJpMSgG3b/iuYe+FutVzqJNk5Q4BN0NJz1b8B503ABaHaFp/0+C7knsnpPUGPVC +KNvKNYEzVBLV3TXix7Trex16zz6EwOc2rz4e8iDq9YQmUDuoqZazyQCpfubD3WkN +2U0l7v2i0qA= +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mysql/certs/ca.key b/.ci/docker-compose-file/mysql/certs/ca.key new file mode 100644 index 000000000..41a4eb996 --- /dev/null +++ b/.ci/docker-compose-file/mysql/certs/ca.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJJwIBAAKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8dhF0 +mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwuTXkv +61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IWqlmT +uU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrjmdTG +0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwrs5NQ +5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4I1nT +uo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGzYcnK +s8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjshuZBp +5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfxn9hS +GGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij31XpY +IOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kCAwEA +AQKCAgBYRRYP5D0573y1J49PYsv6mlprn6PYURhkyz67dkXjmrDZpxmmts42GZvf +GmgdpJK8Xjiz9qGzG91IIa12sJ0Hvca3JH9EI+YfxxE/QyueBx3nKSnrF44Z1M9O +pu+094Qhxr+5gzOVv1SN/nkb78N2XIeUXdxxOvJ2gciArkLC+9UMMc8GIj5d/uGr +UcdVQQktrpxUR2VmlGya+Cmu2SGTSyG0IdbDF8j6DWfJwRzi+ysoDhGiwj3n0Hsx +erqVo3TFS/q526IAmE+xgAyQpgTJLc7NLsGdw4+fhGtqQmXAtSBnSMOu5Nry6hTq +4zBOJu9wNcPpl09yIe+ij0WB1YSSPXRsfYM2sIxBLAOqbXeba5+kv75CIkXEywDs +dJSszfo5nHvZFd5/CLdmz/+gjxMCKgW5p5YFkUZOgpPBP0imHQGIwllBeGiLoJU7 +zR7yWtwwtmul9M4zFgWct+fOzZmFvn5Pei0CbI8/y93pjmypdcV2unTg+jqZKoek +vJ3SZkVYe86TqskKUEXFQPlLf5xHENXGJ/XA7ge6H/dRIvyQak+j6TH1tZ9JPwJz +ML0ZpBXSytVZq2sVhLBxAoXu+Fl01lWKuveOvlsxeh7FionNqGAYohznZ2b5iNvA +yl00LzahdssnprF0fX/43I3ShlcRC4tHsla9ZLFTBf6MkP8wkQKCAQEA2GPloMMi +BQu6geaf9psyFM3dQ0ouV4bKQODinCwv31Z30aOdzKLlyKD8BlGC7VoqeTxoxsej +t6rNoZmzNXQR1sy53PeHvvix6a2t00kYZ7CDmSQbBSfKT5FCx3PlmT1OXKlib1vi +0A1LVQLw+tsGL5KuF/Yxp8GoGb5wKHENiZkh2sKS93kWxNY58SrmHNo/XySTXUF5 +vijR1g6fkW5o4zXZDkG0JuH1KhouLA99ZVQCWfQpk/+w+rY7CbbChSnYE9DTVul9 +VJPejb1y38UTtPHMaaK0NV6a3qoYnMi5UKYLNEkd1OyFwpUxB+Z0GfaksfiUqFzG +Huq/NmlwSt/VSwKCAQEAzdFv57WW0HQ+YHcPml9SLBhJW2cilPDAYFwDBSMxDgEx +4RehRpoVt3qf0Qg1fP8eqgFnMoDVrswsKI/IvUAyfCQrynEnCpoaJXfI1YjGx5k2 +ElSE6hkNaiTEb91Mj/gnJRHI7Rh50kOAltLrP/UFrt+poo1McEBlgJS79B1VLUMP +Vg6Ve7w0t9gmFH+uOFO6RBiFzwfagKFaJaU05r7VzROeMeQOFeq3wodKCHGX7kQK +kfn2ZcjqmLa8PxXklkqyh+tNcnkyw5rM/WEnCsQHrMvbClJ/skjDb3xJY5lV5CVX +zWG9AgiCTpz1vwf+WBS1WCnYfxpjm/yI2C4bfPTt+wKCAQBOwFRypHF+Gp2e5vry +edrJHX7YHWguLHzxDacLJT2q70IeBojIT8SGtqfh+MpIbVcl1ilfpopbroq1tEU3 +P+26GbnOxDsf8kx1eeLYETMTkXbjRfObdba4LGp8Qh6eHWSmbnLHik5KX3w6DR78 +fLeMmrpHOC8sGVt/OwKAhVxi5lsezU9FR0lVC438yhsDBx6nFp2XA9w1q49qctn5 +yI/dmNxMxva0a+mYj/ybxmthdCiC6kwzc4vKQoXL7Dpw0iC0XXx8le8p18LYHMlw +zL12TcWR8EfbYHnGbWsVrCtdQYC0X6O+uPGZNkio0mMQi+W2a3xWpaTo3ZAHUmou +pbVvAoIBADphtFqHufX7Y049t6FUdJypbvWMddTFzewHbZvhdaLBWAK/jzHVt19K +W1cR+wov2+ThbQJ4ZSSmKch/sLNuKGPqZrmQC0EIoW4LYl6f47LulNXyP5mf7Zw0 +Pbx1i6gy/feX6eTHUpcAKtOdlLmZqTkHnLjNV+dnfONSTVZbk7O5F/qTPHfS1Slp +GLQr26GCro1uX1Zwpdxi6I1RJYZmj4MSk4cXZ59z6xg1BB0NC8m8ZzstKmWI7nLP +Muq6LRMssSO47UkRdALkQE2HZ2m4XWz4jnOJH0vVNArFuJOWBTUoGpXZqaGQBFaE +U3kSrWUSyrXteMnlFGhE5BReT9HMME0CggEAQbKf5ScS0OT8glQi/1lZk7blx1tU +Y+HU7nZhf1Yv6jdb9KEMYcaYeVA3WXgKdzy9EpQm9NimabMWdCF8axWkTlrnyYVR +hv0yOXXfkvlROFdmIuVsXIAGc05xtZc9xjZLLuoslZjc/PFnzQ85KWwr6EW6B423 +OKf1ZuKRQCTgKO/lqWeglZZy1OjQUF+EnVNFJRDrqHHptm2Cn7XMTy8Ta0OxsGe8 +s9U6U+KbEecZcpFk1dRbR8V4sh+wO9xHPXbvyJqJqgxe2ZsJt2Nfg6UlfgfEpS6a +92Urp1sL16nFIF5plfaS+G2FzPDT8HdViHgld7Zx19emfZh/F/aif4ilyg== +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/mysql/certs/client.crt b/.ci/docker-compose-file/mysql/certs/client.crt new file mode 100644 index 000000000..503c93a2d --- /dev/null +++ b/.ci/docker-compose-file/mysql/certs/client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAeagAwIBAgIJAOaPZ7X3df3GMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDew2lLBTl9Znioxi5HxbeuWBN0M16rC4Pw+lXsnQ+TTdQ0sBH5Egffk/if +lYrDob68BGKwX7O4unXgGvBxHttWaDyMlLExZM966VJAZf6wYTcvvqPJn9fbk1O9 +F2t2tS2fQvko3vi9vUeZCQLXKGSQGB4O/vTWK32DJMDH86wKtPyDCc5qs9/u5LQw +z1UXwYCFQDCYN9oIqjjqhBcxEY1m8yqlCowM70VMvSHgw7ObaWlw9WYtqK3uVg4o +MyDRMEgCj14TJjgqLOYwKYRXB75t+yv1Iqprb/2mUFi2Cpgfn1pAZ8dSRY9/MRfn +rrbMmwGhVS5P+Hk4KC81lZ+UBKiXAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAFVP355IX5FfDK/1iMUT +r6OhyDoVHxMBsf0+l/11aCNu55UBcBcFoTgAg+C9qPvGju1tDLIEHMnfiJzUOqUM +NPt6U2JkAbewNFAOAfCHpgG54aKh2Cly3jUiRZmEUWOv0A7LwBBGIvVAwZykWTrL +r+bsAkbK7j4YgqQj7LVefjzdOH4yOz4p5f+LAJEU3wFULl3Ob2et8ICatinqaFve +GKnNBbsYmgFv3L3EXM593NcujsDURzyrkrgpRr/MpWrZPqOOCtEEtMioHGeM95Hb +Z2zHK0IABHq1SA4xD8xw/0lgEQHpfbyJZksLTYP62z+ihD4Bqq/rF//IVtmsaMtB +FpcaUSgbFJtsWHYi7n3gNn6NHs8PY3gnF/RznXq6jl3Fzmd/fjKVliYUoce7O25G +P0N+gW8P52rYrg90y0mybFbAt05In6z+wuEZzhN8NcUVqNixB1gRreVMFVE74rWr +uHsiXHqFzKuE5WrAu/gh+cphXzdzV/WrNn0Sdi3D1F/hjiVv2Pqf47c507UBprs5 +4ik/HE3NGnHNln8hxuOdXnTXJVp2UcMEts4HSQ9DdnizXNLW2pX/TcidYWfGnouC +3LVbjSvsZiH+zY20t1ecQBKDdNKSJZCvbArrDbV/nz8bHwrhqEQ47zPjpa3roUyL +cAoHRdVL49vKck34UNhFlTLH +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mysql/certs/client.key b/.ci/docker-compose-file/mysql/certs/client.key new file mode 100644 index 000000000..33f53e72a --- /dev/null +++ b/.ci/docker-compose-file/mysql/certs/client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA3sNpSwU5fWZ4qMYuR8W3rlgTdDNeqwuD8PpV7J0Pk03UNLAR ++RIH35P4n5WKw6G+vARisF+zuLp14BrwcR7bVmg8jJSxMWTPeulSQGX+sGE3L76j +yZ/X25NTvRdrdrUtn0L5KN74vb1HmQkC1yhkkBgeDv701it9gyTAx/OsCrT8gwnO +arPf7uS0MM9VF8GAhUAwmDfaCKo46oQXMRGNZvMqpQqMDO9FTL0h4MOzm2lpcPVm +Lait7lYOKDMg0TBIAo9eEyY4KizmMCmEVwe+bfsr9SKqa2/9plBYtgqYH59aQGfH +UkWPfzEX5662zJsBoVUuT/h5OCgvNZWflASolwIDAQABAoIBAEUULfuwpBJKC5Ky +2jkxi/NJpsa7A1lhWcoJp0mXrvPMB8lK7FfjioN/nHLIad6essoVRhFRrCbV06Xq +VLOPkQ7rhhNGLOiXTWvdHL+RoXhKvVVV9e6ZXdPejPIvaAjIyFwB5cgR1Orp3mEL +lVDpWr4AbJnT4FLl66cWZ53Z53jt8JrMZ/9v4yJNXf7aJH2HCHHAZAD30UmJIu7s +st2sY3A8MQFPLbnobTQHHcfhtjZiMYnuWcQOWjVVhK8bVHELPOY3hx0CcOwVp6rP +rGcwx6MJiAcI/HOSl/AYJ4u/f2DkqVtQpoZs1z7mGdL2TVOKRJ1R/u0DmjjauOjN +idk7/VkCgYEA/bfmTOJj9+7y1ymg6csXG04Qdy5jTjIJRQkCveSkpghM7i2jupHA +l0NOIWL+G8hTZ38IyPJxwJB33KlQCTp30duetwMdAQReSN33NjxFk9Z8PUX1bMym +tvgi9QxAvYlfureaGbOIeTgEwFEmvlB/SKX+vAGcSWPVwNAxLTZsHnUCgYEA4MQ/ +jGr55v1bLfVOGF4rEdQ62aGCY2LpTSohDPvd/o1ZeD5PypPBngvMOArL+nRXkt3v +Vr+XIu5kS9CJr/ov4+mwrt2hUd74JgaWbrf/xAhoyWqgRDODaLuapNOVVlFrnq2Z +EHoaa0unOaHxKTKcyPjV+89hTE3xShyAxKlt4VsCgYEAkYdlQt5sRu85PW80TEXg +eBn72dCyx0xuArobZ355bn6+WbO2ATLPDDRf4UidxqPOK0QzbseZtcFn7xryvIhb +5/SYAhN4FHhD+HnQ7bv+kMDrPF4fWwu76KFFs9cWX2EnlrrvWiSfeCBIoWMq3Ojh +SXNlPMOTuIjaN6FzQ6K+u20CgYEAgUaevmaxAXhrPw2+MynGX+TPTGkmk39KbIV0 +qQEcd9JYyV4diohdbkee2ATtuUm9LM3VYPGlPgQbT7fL2ZlufgnlA06aAHrcAxL6 +5weRZfDoRCC9uTxfspdkpLTFSfZejc+PH/j6xQeoUO+hw25G2xi0CrcGYVrbEyM9 +tN82Qc0CgYEA4KMo7HXZbGGhzXuzXyM8Pl9Ddy35K0nQpRjr4c8C4hsTx7iet1JE +Al9MfsVbxNgr2DrQA2e0dtXaGfQ3GKcAzzKczSgafEqS76EZGLsDgaHjKom8AJMA +9o8zpaPEQeesdwMjvcB+ZFm5LPCSmIWgprFNTuI3QCAymkDRtXn2YNg= +-----END RSA PRIVATE KEY----- diff --git a/.ci/docker-compose-file/mysql/certs/server.crt b/.ci/docker-compose-file/mysql/certs/server.crt new file mode 100644 index 000000000..58b3eac8a --- /dev/null +++ b/.ci/docker-compose-file/mysql/certs/server.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEATCCAemgAwIBAgIJAOaPZ7X3df3FMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowKDESMBAGA1UECgwJRU1RWCBU +ZXN0MRIwEAYDVQQDDAlteXNxbC10bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCh2cM9B9ZnFB3aE2pdfof7j3Z+ctStqnjFZUzgZcM0afyzNPQbn6Xq +j4rh+dan/6V3XVXJn5pK7wVaYtXrrRW/Wx9avx2mzbRNDRVYbHOKZWrS1zE3lMss +SKRXc/WzttYKS+yL9nn+MuFfz1+iP1PqM42PciJoAizNiQ5RQbXBJ/gCHLVeulFO +V1pza0ND1lcW9WZa1j/SHJFeLU1EsT56dwMf3qSHdg9KtdvY4AHgi5EQ49F8IO6+ +C+UMutcgeH6EkSYKpL5dyem7OT4TE1p0AEPQeQzwCYv4VKA1/lIGGsYasaGZascI +kH4jwboKj8iIxdlog7mNyzMv3kvYCM97AgMBAAGjIjAgMAsGA1UdDwQEAwIFoDAR +BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBADmTco5dc1CcEUP3 +nAfo2NC0UDzU+UavkBelxY+67OiGWVlX62GzxfA8iL8HbemwZ0zZbX2xMZVAbQ9Z +IFK5nRj/hYxEVsN2NkYlHI1KmxSjv5HuvK4p2C+/0jOSEFhyNYc1kyjerLlFk9JL +CLhdqTS125FjiQE/qpgrYo/Y7COU37tF8uB4WV3UMq8PsHPdWfaCdU/c5ctuoL1U +4YVWKLe4LG6vLbjRGOX+6kCjJcwK3Dr/zas45wMXDQg1KeyXniC1jbdYXi4E7VNn +Rbdf1SMdlWlBR3LLDhz3kHlOL5UCrf3U8TUsTFlPLR6KJ/Ogx+J6HSPlgXIiGjmx +ZB/hSwzVTZqAjfCHEroQndbjSQTLitC8A0ujCDFztqEuVCfuU8XS3I83bdCNBr34 +SrCfVTjtKDMdDcXh21EZLtB16XXoHfOSuGgQL/ym/HOWqlY7/NHh6za56TmMzWiy +HfYgZAeYtxZWMsXnINALzXl2XR2wQ/g02u3vyCA0CwnBybYWwi8WmNWJcxVMrmEE +DD5sEMW+TZVgs5PgA5ER9gEj8uAS+yxcjNgSDj93cp+uChOl0Zs3jYMD+nUxF48r +kCQPjxF7JLbNS9o4xvNc6fkVDd84Q7tWHH5lKdclEeYn8nvCohPJEEdEsGYSGkab +eOqhTvkLF40TzG6/H0yFBuU9joFc +-----END CERTIFICATE----- diff --git a/.ci/docker-compose-file/mysql/certs/server.key b/.ci/docker-compose-file/mysql/certs/server.key new file mode 100644 index 000000000..cc103828b --- /dev/null +++ b/.ci/docker-compose-file/mysql/certs/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAodnDPQfWZxQd2hNqXX6H+492fnLUrap4xWVM4GXDNGn8szT0 +G5+l6o+K4fnWp/+ld11VyZ+aSu8FWmLV660Vv1sfWr8dps20TQ0VWGxzimVq0tcx +N5TLLEikV3P1s7bWCkvsi/Z5/jLhX89foj9T6jONj3IiaAIszYkOUUG1wSf4Ahy1 +XrpRTldac2tDQ9ZXFvVmWtY/0hyRXi1NRLE+encDH96kh3YPSrXb2OAB4IuREOPR +fCDuvgvlDLrXIHh+hJEmCqS+Xcnpuzk+ExNadABD0HkM8AmL+FSgNf5SBhrGGrGh +mWrHCJB+I8G6Co/IiMXZaIO5jcszL95L2AjPewIDAQABAoIBAFaAv7OXw8S14LqU +U+4CWYVfCNLOZtMm4IOH/82TNgCGgRP6wlkdO50g+PaMBGkn3nTsgpRPZDSWiULk +vjbG/G+YsSpcKOnk2W+xBW6MEDiwuaZUcy6krO5PKN7A0For5zv7lkK8CjmNUh1W +BWP++seapBc9xhvWxcFYdjmBqDXCYEEkb7oqgE5slDlHAtMGNlqu8RxLem3Z5tgD +8EuApwf5kPiPUt6TObGanY8CPrCrTb993IUTE3wZoaVk06Iz/1CTpzU7/XN6Z2RC +0U1UbDDpUec8r7gAN8URJ6zL0QCU45qQVABOKbWOQZORVnbkbDwWpD5Sr9ySIm1p +2WhP81kCgYEA0cF1CJmBs8kAOuHnvDSkNOyrzMRsGPbtB7l2n/Xg1WZ6OlexcBGi +ovFf428VaXpJRNfWFmuiSh2I5HV3FMGyLGOo3Rs6h4IHk9MGYzujRtia9x153PoR +O7oOKzu760CvlEQ8og4IcaHfp2ZiWw2F4W/gGVdXvXl79bgjbyLAYOcCgYEAxYiP +SXEEPPPGWy+kV7iSzzo32ybWJ1ftYcwZ+jENvaCSfNvZbDnZtOrzeHTI97oNe38n +WtE751qJsuoVM/YD5lJhPL7GP0CtkLq+oO0/smRqk+r767NJTWBOCbOcQ0NJ/1il +fojvPKYX8sFMRBkmCGRHnjEW1QUhJtuot1Dfxk0CgYAIkWNrb4HJyzsULKgfmvLe +KpC184wK1QNHnn7G9+8wKFhzy6M21bGUAFIPYzk3rsQRaNOY5NqjNmOiGV483dCe +WY/LQFJ6uIgAtMz8/rGjsjNaRrz0ls5fZzEu+OirKmBBqSvk3rfflGIjX15DI+FF +HSHFRzkRR0YV+miQIJZFHwKBgBuOxKazTKsQO1EHYX8XcevVLGu3jFLq0mQ9bDZa +V5dn6mfe6ANQQs4ZpSPd7xeYbj8Xay8hV6EcIW/DdnfMT5j3TzeBSfkTFePGGcgr +sSI7Hh9KviCQ354a3GhAFYHQxmcIP/ZaNj4Y0eh9DR3HAGZVTySDprLLR2e7Z1tD +viRVAoGAZKinM3zuPm2jAoIwYLB3Z/X0qewiLdf7JMmhelHHscB+F6fUqURSeBaX +GvIYkkKvoVt4qPpSeDBpmkRF682Zo2VegVTakWW0vxliAOTNCZCAC2zsZxGZ0E/r +LysCtImLRyZws2a2RWR9ONplCclrYiVxwr9y+TaltAx/RED0Y8c= +-----END RSA PRIVATE KEY----- diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml index b7b3894ff..2ff482a67 100644 --- a/.github/workflows/run_test_cases.yaml +++ b/.github/workflows/run_test_cases.yaml @@ -64,6 +64,7 @@ jobs: docker-compose \ -f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \ + -f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \ -f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \ -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ diff --git a/apps/emqx_authn/test/data/certs/mysql-tls-ca.crt b/apps/emqx_authn/test/data/certs/mysql-tls-ca.crt new file mode 100644 index 000000000..f08b1a4ff --- /dev/null +++ b/apps/emqx_authn/test/data/certs/mysql-tls-ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5DCCAswCCQD0VXUkrmHMVDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF +TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy +MjMxODIwNTJaFw00OTA1MTAxODIwNTJaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe +MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8 +dhF0mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwu +TXkv61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IW +qlmTuU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrj +mdTG0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwr +s5NQ5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4 +I1nTuo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGz +YcnKs8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjsh +uZBp5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfx +n9hSGGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij3 +1XpYIOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kC +AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAo18XKZw9xoknyRRcCyOBHwJWttE1gd4X +Sly6dzqokAa/elaSvVTl3adUytkcrDIo2A2+PMxqQIB8xnd8dX5yJQBuzrrLOlXl +36hQciNKuY6Y1rVzGD4lJ7I6epnX3BDP6rBTit/q0vPWVVII9EFf7vI1jtB3hB0s +0WWCG8Z/mup6cgw8P+IWO5U7WPnkrJur0Rxr/UkJFq4xNY8TuNxtNjbTqQUTkUHz +smPEQcjmtD+8d4lZusmrSr3FT6hh4bqjxcDUD9cZeWPuYMXQoHngzEVsHK4/wzjX +HH4l5NYTJ7ZEQ6pQJHMWB848IP70S+bvTpn0IEOuFvsSoFKMb/qOLPwmbVRFP2r7 +h7viDKM4L5vOr1INZhHl8LGc3NPShGNODRrAZcImw8ev2x0IMlSU23dfPmAqrThU +vIXVew6Lv9h0QlKZMePkfN4dGXC9X6EOYDzTQWG3CyXh6Cygfq0XS0wt9+gt36zr +7kKIfHRGnXPC7XDym/9GAzdMeUPIWYvIZyuxkFq0x7nQ31OB6jZgg0O+93L0LFXm +FyJpMSgG3b/iuYe+FutVzqJNk5Q4BN0NJz1b8B503ABaHaFp/0+C7knsnpPUGPVC +KNvKNYEzVBLV3TXix7Trex16zz6EwOc2rz4e8iDq9YQmUDuoqZazyQCpfubD3WkN +2U0l7v2i0qA= +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/mysql-tls-client.crt b/apps/emqx_authn/test/data/certs/mysql-tls-client.crt new file mode 100644 index 000000000..503c93a2d --- /dev/null +++ b/apps/emqx_authn/test/data/certs/mysql-tls-client.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/jCCAeagAwIBAgIJAOaPZ7X3df3GMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV +BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X +DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowJTESMBAGA1UECgwJRU1RWCBU +ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDew2lLBTl9Znioxi5HxbeuWBN0M16rC4Pw+lXsnQ+TTdQ0sBH5Egffk/if +lYrDob68BGKwX7O4unXgGvBxHttWaDyMlLExZM966VJAZf6wYTcvvqPJn9fbk1O9 +F2t2tS2fQvko3vi9vUeZCQLXKGSQGB4O/vTWK32DJMDH86wKtPyDCc5qs9/u5LQw +z1UXwYCFQDCYN9oIqjjqhBcxEY1m8yqlCowM70VMvSHgw7ObaWlw9WYtqK3uVg4o +MyDRMEgCj14TJjgqLOYwKYRXB75t+yv1Iqprb/2mUFi2Cpgfn1pAZ8dSRY9/MRfn +rrbMmwGhVS5P+Hk4KC81lZ+UBKiXAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg +hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAFVP355IX5FfDK/1iMUT +r6OhyDoVHxMBsf0+l/11aCNu55UBcBcFoTgAg+C9qPvGju1tDLIEHMnfiJzUOqUM +NPt6U2JkAbewNFAOAfCHpgG54aKh2Cly3jUiRZmEUWOv0A7LwBBGIvVAwZykWTrL +r+bsAkbK7j4YgqQj7LVefjzdOH4yOz4p5f+LAJEU3wFULl3Ob2et8ICatinqaFve +GKnNBbsYmgFv3L3EXM593NcujsDURzyrkrgpRr/MpWrZPqOOCtEEtMioHGeM95Hb +Z2zHK0IABHq1SA4xD8xw/0lgEQHpfbyJZksLTYP62z+ihD4Bqq/rF//IVtmsaMtB +FpcaUSgbFJtsWHYi7n3gNn6NHs8PY3gnF/RznXq6jl3Fzmd/fjKVliYUoce7O25G +P0N+gW8P52rYrg90y0mybFbAt05In6z+wuEZzhN8NcUVqNixB1gRreVMFVE74rWr +uHsiXHqFzKuE5WrAu/gh+cphXzdzV/WrNn0Sdi3D1F/hjiVv2Pqf47c507UBprs5 +4ik/HE3NGnHNln8hxuOdXnTXJVp2UcMEts4HSQ9DdnizXNLW2pX/TcidYWfGnouC +3LVbjSvsZiH+zY20t1ecQBKDdNKSJZCvbArrDbV/nz8bHwrhqEQ47zPjpa3roUyL +cAoHRdVL49vKck34UNhFlTLH +-----END CERTIFICATE----- diff --git a/apps/emqx_authn/test/data/certs/mysql-tls-client.key b/apps/emqx_authn/test/data/certs/mysql-tls-client.key new file mode 100644 index 000000000..33f53e72a --- /dev/null +++ b/apps/emqx_authn/test/data/certs/mysql-tls-client.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA3sNpSwU5fWZ4qMYuR8W3rlgTdDNeqwuD8PpV7J0Pk03UNLAR ++RIH35P4n5WKw6G+vARisF+zuLp14BrwcR7bVmg8jJSxMWTPeulSQGX+sGE3L76j +yZ/X25NTvRdrdrUtn0L5KN74vb1HmQkC1yhkkBgeDv701it9gyTAx/OsCrT8gwnO +arPf7uS0MM9VF8GAhUAwmDfaCKo46oQXMRGNZvMqpQqMDO9FTL0h4MOzm2lpcPVm +Lait7lYOKDMg0TBIAo9eEyY4KizmMCmEVwe+bfsr9SKqa2/9plBYtgqYH59aQGfH +UkWPfzEX5662zJsBoVUuT/h5OCgvNZWflASolwIDAQABAoIBAEUULfuwpBJKC5Ky +2jkxi/NJpsa7A1lhWcoJp0mXrvPMB8lK7FfjioN/nHLIad6essoVRhFRrCbV06Xq +VLOPkQ7rhhNGLOiXTWvdHL+RoXhKvVVV9e6ZXdPejPIvaAjIyFwB5cgR1Orp3mEL +lVDpWr4AbJnT4FLl66cWZ53Z53jt8JrMZ/9v4yJNXf7aJH2HCHHAZAD30UmJIu7s +st2sY3A8MQFPLbnobTQHHcfhtjZiMYnuWcQOWjVVhK8bVHELPOY3hx0CcOwVp6rP +rGcwx6MJiAcI/HOSl/AYJ4u/f2DkqVtQpoZs1z7mGdL2TVOKRJ1R/u0DmjjauOjN +idk7/VkCgYEA/bfmTOJj9+7y1ymg6csXG04Qdy5jTjIJRQkCveSkpghM7i2jupHA +l0NOIWL+G8hTZ38IyPJxwJB33KlQCTp30duetwMdAQReSN33NjxFk9Z8PUX1bMym +tvgi9QxAvYlfureaGbOIeTgEwFEmvlB/SKX+vAGcSWPVwNAxLTZsHnUCgYEA4MQ/ +jGr55v1bLfVOGF4rEdQ62aGCY2LpTSohDPvd/o1ZeD5PypPBngvMOArL+nRXkt3v +Vr+XIu5kS9CJr/ov4+mwrt2hUd74JgaWbrf/xAhoyWqgRDODaLuapNOVVlFrnq2Z +EHoaa0unOaHxKTKcyPjV+89hTE3xShyAxKlt4VsCgYEAkYdlQt5sRu85PW80TEXg +eBn72dCyx0xuArobZ355bn6+WbO2ATLPDDRf4UidxqPOK0QzbseZtcFn7xryvIhb +5/SYAhN4FHhD+HnQ7bv+kMDrPF4fWwu76KFFs9cWX2EnlrrvWiSfeCBIoWMq3Ojh +SXNlPMOTuIjaN6FzQ6K+u20CgYEAgUaevmaxAXhrPw2+MynGX+TPTGkmk39KbIV0 +qQEcd9JYyV4diohdbkee2ATtuUm9LM3VYPGlPgQbT7fL2ZlufgnlA06aAHrcAxL6 +5weRZfDoRCC9uTxfspdkpLTFSfZejc+PH/j6xQeoUO+hw25G2xi0CrcGYVrbEyM9 +tN82Qc0CgYEA4KMo7HXZbGGhzXuzXyM8Pl9Ddy35K0nQpRjr4c8C4hsTx7iet1JE +Al9MfsVbxNgr2DrQA2e0dtXaGfQ3GKcAzzKczSgafEqS76EZGLsDgaHjKom8AJMA +9o8zpaPEQeesdwMjvcB+ZFm5LPCSmIWgprFNTuI3QCAymkDRtXn2YNg= +-----END RSA PRIVATE KEY----- diff --git a/apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl b/apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl index 95eecdead..659596d39 100644 --- a/apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_mysql_SUITE.erl @@ -22,8 +22,6 @@ -include("emqx_authn.hrl"). -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). --include_lib("emqx/include/emqx_placeholder.hrl"). - -define(MYSQL_HOST, "mysql"). -define(MYSQL_PORT, 3306). diff --git a/apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl b/apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl new file mode 100644 index 000000000..557949b8e --- /dev/null +++ b/apps/emqx_authn/test/emqx_authn_mysql_tls_SUITE.erl @@ -0,0 +1,150 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- + +-module(emqx_authn_mysql_tls_SUITE). + +-compile(nowarn_export_all). +-compile(export_all). + +-include("emqx_authn.hrl"). +-include_lib("eunit/include/eunit.hrl"). +-include_lib("common_test/include/ct.hrl"). + +-define(MYSQL_HOST, "mysql-tls"). +-define(MYSQL_PORT, 3306). + +-define(PATH, [authentication]). + +all() -> + emqx_common_test_helpers:all(?MODULE). + +groups() -> + []. + +init_per_testcase(_, Config) -> + {ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000), + emqx_authentication:initialize_authentication(?GLOBAL, []), + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + Config. + +init_per_suite(Config) -> + _ = application:load(emqx_conf), + case emqx_authn_test_lib:is_tcp_server_available(?MYSQL_HOST, ?MYSQL_PORT) of + true -> + ok = emqx_common_test_helpers:start_apps([emqx_authn]), + ok = start_apps([emqx_resource, emqx_connector]), + Config; + false -> + {skip, no_mysql_tls} + end. + +end_per_suite(_Config) -> + emqx_authn_test_lib:delete_authenticators( + [authentication], + ?GLOBAL), + ok = stop_apps([emqx_resource, emqx_connector]), + ok = emqx_common_test_helpers:stop_apps([emqx_authn]). + +%%------------------------------------------------------------------------------ +%% Tests +%%------------------------------------------------------------------------------ + +t_create(_Config) -> + %% openssl s_client -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384 \ + %% -connect mysql-tls:3306 -starttls mysql \ + %% -cert mysql-tls-client.crt -key mysql-tls-client.key -CAfile mysql-tls-ca.crt + ?assertMatch( + {ok, _}, + create_mysql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"mysql-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.2">>], + <<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]})). + +t_create_invalid(_Config) -> + + %% invalid server_name + ?assertMatch( + {error, _}, + create_mysql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"mysql-tls-unknown-host">>, + <<"verify">> => <<"verify_peer">>})), + + %% incompatible versions + ?assertMatch( + {error, _}, + create_mysql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"mysql-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.1">>]})), + + %% incompatible ciphers + ?assertMatch( + {error, _}, + create_mysql_auth_with_ssl_opts( + #{<<"server_name_indication">> => <<"mysql-tls">>, + <<"verify">> => <<"verify_peer">>, + <<"versions">> => [<<"tlsv1.2">>], + <<"ciphers">> => [<<"ECDHE-ECDSA-AES128-GCM-SHA256">>]})). + +%%------------------------------------------------------------------------------ +%% Helpers +%%------------------------------------------------------------------------------ + +create_mysql_auth_with_ssl_opts(SpecificSSLOpts) -> + AuthConfig = raw_mysql_auth_config(SpecificSSLOpts), + emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, AuthConfig}). + +raw_mysql_auth_config(SpecificSSLOpts) -> + SSLOpts = maps:merge( + client_ssl_opts(), + #{enable => <<"true">>}), + #{ + mechanism => <<"password-based">>, + password_hash_algorithm => #{name => <<"plain">>, + salt_position => <<"suffix">>}, + enable => <<"true">>, + + backend => <<"mysql">>, + database => <<"mqtt">>, + username => <<"root">>, + password => <<"public">>, + + query => <<"SELECT password_hash, salt, is_superuser_str as is_superuser + FROM users where username = ${username} LIMIT 1">>, + server => mysql_server(), + ssl => maps:merge(SSLOpts, SpecificSSLOpts) + }. + +mysql_server() -> + iolist_to_binary( + io_lib:format( + "~s:~b", + [?MYSQL_HOST, ?MYSQL_PORT])). + +start_apps(Apps) -> + lists:foreach(fun application:ensure_all_started/1, Apps). + +stop_apps(Apps) -> + lists:foreach(fun application:stop/1, Apps). + +client_ssl_opts() -> + Dir = code:lib_dir(emqx_authn, test), + #{keyfile => filename:join([Dir, <<"data/certs">>, "mysql-tls-client.key"]), + certfile => filename:join([Dir, <<"data/certs">>, "mysql-tls-client.crt"]), + cacertfile => filename:join([Dir, <<"data/certs">>, "mysql-tls-ca.crt"])}. diff --git a/apps/emqx_connector/src/emqx_connector_mysql.erl b/apps/emqx_connector/src/emqx_connector_mysql.erl index c93a1e350..fad28232b 100644 --- a/apps/emqx_connector/src/emqx_connector_mysql.erl +++ b/apps/emqx_connector/src/emqx_connector_mysql.erl @@ -60,8 +60,7 @@ on_start(InstId, #{server := {Host, Port}, connector => InstId, config => Config}), SslOpts = case maps:get(enable, SSL) of true -> - [{ssl, [{server_name_indication, disable} | - emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)]}]; + [{ssl, emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)}]; false -> [] end, Options = [{host, Host},