chore(authn): test Mysql authn via ssl connection
This commit is contained in:
parent
6de89d1207
commit
e2e2c98679
|
@ -20,6 +20,7 @@ up:
|
|||
-f .ci/docker-compose-file/docker-compose.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \
|
||||
|
@ -31,6 +32,7 @@ down:
|
|||
-f .ci/docker-compose-file/docker-compose.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \
|
||||
|
|
|
@ -1,47 +1,35 @@
|
|||
version: '3.9'
|
||||
|
||||
services:
|
||||
mysql_server:
|
||||
container_name: mysql
|
||||
mysql_server_tls:
|
||||
container_name: mysql-tls
|
||||
image: mysql:${MYSQL_TAG}
|
||||
restart: always
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: public
|
||||
MYSQL_DATABASE: mqtt
|
||||
MYSQL_USER: ssluser
|
||||
MYSQL_USER: user
|
||||
MYSQL_PASSWORD: public
|
||||
volumes:
|
||||
- ../../apps/emqx/etc/certs/cacert.pem:/etc/certs/ca-cert.pem
|
||||
- ../../apps/emqx/etc/certs/cert.pem:/etc/certs/server-cert.pem
|
||||
- ../../apps/emqx/etc/certs/key.pem:/etc/certs/server-key.pem
|
||||
- ./mysql/certs/ca.crt:/etc/certs/ca-cert.pem
|
||||
- ./mysql/certs/server.crt:/etc/certs/server-cert.pem
|
||||
- ./mysql/certs/server.key:/etc/certs/server-key.pem
|
||||
ports:
|
||||
- "3306:3306"
|
||||
- "3307:3306"
|
||||
networks:
|
||||
- emqx_bridge
|
||||
command:
|
||||
--bind-address "::"
|
||||
--character-set-server=utf8mb4
|
||||
--collation-server=utf8mb4_general_ci
|
||||
--explicit_defaults_for_timestamp=true
|
||||
--lower_case_table_names=1
|
||||
--max_allowed_packet=128M
|
||||
--skip-symbolic-links
|
||||
--ssl-ca=/etc/certs/ca-cert.pem
|
||||
--ssl-cert=/etc/certs/server-cert.pem
|
||||
--ssl-key=/etc/certs/server-key.pem
|
||||
- --bind-address=0.0.0.0
|
||||
- --port=3306
|
||||
- --character-set-server=utf8mb4
|
||||
- --collation-server=utf8mb4_general_ci
|
||||
- --explicit_defaults_for_timestamp=true
|
||||
- --lower_case_table_names=1
|
||||
- --max_allowed_packet=128M
|
||||
- --ssl-ca=/etc/certs/ca-cert.pem
|
||||
- --ssl-cert=/etc/certs/server-cert.pem
|
||||
- --ssl-key=/etc/certs/server-key.pem
|
||||
- --require-secure-transport=ON
|
||||
- --tls-version=TLSv1.2,TLSv1.3
|
||||
- --ssl-cipher=ECDHE-RSA-AES256-GCM-SHA384
|
||||
|
||||
mysql_client:
|
||||
container_name: mysql_client
|
||||
image: mysql:${MYSQL_TAG}
|
||||
networks:
|
||||
- emqx_bridge
|
||||
depends_on:
|
||||
- mysql_server
|
||||
command:
|
||||
- /bin/bash
|
||||
- -c
|
||||
- |
|
||||
service mysql start
|
||||
echo "show tables;" | mysql -h mysql_server -u root -ppublic mqtt mqtt
|
||||
while [[ $$? -ne 0 ]];do echo "show tables;" | mysql -h mysql_server -u root -ppublic mqtt; done
|
||||
echo "ALTER USER 'ssluser'@'%' REQUIRE X509;" | mysql -h mysql_server -u root -ppublic mqtt
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIE5DCCAswCCQD0VXUkrmHMVDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF
|
||||
TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy
|
||||
MjMxODIwNTJaFw00OTA1MTAxODIwNTJaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe
|
||||
MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF
|
||||
AAOCAg8AMIICCgKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8
|
||||
dhF0mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwu
|
||||
TXkv61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IW
|
||||
qlmTuU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrj
|
||||
mdTG0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwr
|
||||
s5NQ5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4
|
||||
I1nTuo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGz
|
||||
YcnKs8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjsh
|
||||
uZBp5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfx
|
||||
n9hSGGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij3
|
||||
1XpYIOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kC
|
||||
AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAo18XKZw9xoknyRRcCyOBHwJWttE1gd4X
|
||||
Sly6dzqokAa/elaSvVTl3adUytkcrDIo2A2+PMxqQIB8xnd8dX5yJQBuzrrLOlXl
|
||||
36hQciNKuY6Y1rVzGD4lJ7I6epnX3BDP6rBTit/q0vPWVVII9EFf7vI1jtB3hB0s
|
||||
0WWCG8Z/mup6cgw8P+IWO5U7WPnkrJur0Rxr/UkJFq4xNY8TuNxtNjbTqQUTkUHz
|
||||
smPEQcjmtD+8d4lZusmrSr3FT6hh4bqjxcDUD9cZeWPuYMXQoHngzEVsHK4/wzjX
|
||||
HH4l5NYTJ7ZEQ6pQJHMWB848IP70S+bvTpn0IEOuFvsSoFKMb/qOLPwmbVRFP2r7
|
||||
h7viDKM4L5vOr1INZhHl8LGc3NPShGNODRrAZcImw8ev2x0IMlSU23dfPmAqrThU
|
||||
vIXVew6Lv9h0QlKZMePkfN4dGXC9X6EOYDzTQWG3CyXh6Cygfq0XS0wt9+gt36zr
|
||||
7kKIfHRGnXPC7XDym/9GAzdMeUPIWYvIZyuxkFq0x7nQ31OB6jZgg0O+93L0LFXm
|
||||
FyJpMSgG3b/iuYe+FutVzqJNk5Q4BN0NJz1b8B503ABaHaFp/0+C7knsnpPUGPVC
|
||||
KNvKNYEzVBLV3TXix7Trex16zz6EwOc2rz4e8iDq9YQmUDuoqZazyQCpfubD3WkN
|
||||
2U0l7v2i0qA=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,51 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIJJwIBAAKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8dhF0
|
||||
mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwuTXkv
|
||||
61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IWqlmT
|
||||
uU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrjmdTG
|
||||
0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwrs5NQ
|
||||
5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4I1nT
|
||||
uo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGzYcnK
|
||||
s8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjshuZBp
|
||||
5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfxn9hS
|
||||
GGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij31XpY
|
||||
IOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kCAwEA
|
||||
AQKCAgBYRRYP5D0573y1J49PYsv6mlprn6PYURhkyz67dkXjmrDZpxmmts42GZvf
|
||||
GmgdpJK8Xjiz9qGzG91IIa12sJ0Hvca3JH9EI+YfxxE/QyueBx3nKSnrF44Z1M9O
|
||||
pu+094Qhxr+5gzOVv1SN/nkb78N2XIeUXdxxOvJ2gciArkLC+9UMMc8GIj5d/uGr
|
||||
UcdVQQktrpxUR2VmlGya+Cmu2SGTSyG0IdbDF8j6DWfJwRzi+ysoDhGiwj3n0Hsx
|
||||
erqVo3TFS/q526IAmE+xgAyQpgTJLc7NLsGdw4+fhGtqQmXAtSBnSMOu5Nry6hTq
|
||||
4zBOJu9wNcPpl09yIe+ij0WB1YSSPXRsfYM2sIxBLAOqbXeba5+kv75CIkXEywDs
|
||||
dJSszfo5nHvZFd5/CLdmz/+gjxMCKgW5p5YFkUZOgpPBP0imHQGIwllBeGiLoJU7
|
||||
zR7yWtwwtmul9M4zFgWct+fOzZmFvn5Pei0CbI8/y93pjmypdcV2unTg+jqZKoek
|
||||
vJ3SZkVYe86TqskKUEXFQPlLf5xHENXGJ/XA7ge6H/dRIvyQak+j6TH1tZ9JPwJz
|
||||
ML0ZpBXSytVZq2sVhLBxAoXu+Fl01lWKuveOvlsxeh7FionNqGAYohznZ2b5iNvA
|
||||
yl00LzahdssnprF0fX/43I3ShlcRC4tHsla9ZLFTBf6MkP8wkQKCAQEA2GPloMMi
|
||||
BQu6geaf9psyFM3dQ0ouV4bKQODinCwv31Z30aOdzKLlyKD8BlGC7VoqeTxoxsej
|
||||
t6rNoZmzNXQR1sy53PeHvvix6a2t00kYZ7CDmSQbBSfKT5FCx3PlmT1OXKlib1vi
|
||||
0A1LVQLw+tsGL5KuF/Yxp8GoGb5wKHENiZkh2sKS93kWxNY58SrmHNo/XySTXUF5
|
||||
vijR1g6fkW5o4zXZDkG0JuH1KhouLA99ZVQCWfQpk/+w+rY7CbbChSnYE9DTVul9
|
||||
VJPejb1y38UTtPHMaaK0NV6a3qoYnMi5UKYLNEkd1OyFwpUxB+Z0GfaksfiUqFzG
|
||||
Huq/NmlwSt/VSwKCAQEAzdFv57WW0HQ+YHcPml9SLBhJW2cilPDAYFwDBSMxDgEx
|
||||
4RehRpoVt3qf0Qg1fP8eqgFnMoDVrswsKI/IvUAyfCQrynEnCpoaJXfI1YjGx5k2
|
||||
ElSE6hkNaiTEb91Mj/gnJRHI7Rh50kOAltLrP/UFrt+poo1McEBlgJS79B1VLUMP
|
||||
Vg6Ve7w0t9gmFH+uOFO6RBiFzwfagKFaJaU05r7VzROeMeQOFeq3wodKCHGX7kQK
|
||||
kfn2ZcjqmLa8PxXklkqyh+tNcnkyw5rM/WEnCsQHrMvbClJ/skjDb3xJY5lV5CVX
|
||||
zWG9AgiCTpz1vwf+WBS1WCnYfxpjm/yI2C4bfPTt+wKCAQBOwFRypHF+Gp2e5vry
|
||||
edrJHX7YHWguLHzxDacLJT2q70IeBojIT8SGtqfh+MpIbVcl1ilfpopbroq1tEU3
|
||||
P+26GbnOxDsf8kx1eeLYETMTkXbjRfObdba4LGp8Qh6eHWSmbnLHik5KX3w6DR78
|
||||
fLeMmrpHOC8sGVt/OwKAhVxi5lsezU9FR0lVC438yhsDBx6nFp2XA9w1q49qctn5
|
||||
yI/dmNxMxva0a+mYj/ybxmthdCiC6kwzc4vKQoXL7Dpw0iC0XXx8le8p18LYHMlw
|
||||
zL12TcWR8EfbYHnGbWsVrCtdQYC0X6O+uPGZNkio0mMQi+W2a3xWpaTo3ZAHUmou
|
||||
pbVvAoIBADphtFqHufX7Y049t6FUdJypbvWMddTFzewHbZvhdaLBWAK/jzHVt19K
|
||||
W1cR+wov2+ThbQJ4ZSSmKch/sLNuKGPqZrmQC0EIoW4LYl6f47LulNXyP5mf7Zw0
|
||||
Pbx1i6gy/feX6eTHUpcAKtOdlLmZqTkHnLjNV+dnfONSTVZbk7O5F/qTPHfS1Slp
|
||||
GLQr26GCro1uX1Zwpdxi6I1RJYZmj4MSk4cXZ59z6xg1BB0NC8m8ZzstKmWI7nLP
|
||||
Muq6LRMssSO47UkRdALkQE2HZ2m4XWz4jnOJH0vVNArFuJOWBTUoGpXZqaGQBFaE
|
||||
U3kSrWUSyrXteMnlFGhE5BReT9HMME0CggEAQbKf5ScS0OT8glQi/1lZk7blx1tU
|
||||
Y+HU7nZhf1Yv6jdb9KEMYcaYeVA3WXgKdzy9EpQm9NimabMWdCF8axWkTlrnyYVR
|
||||
hv0yOXXfkvlROFdmIuVsXIAGc05xtZc9xjZLLuoslZjc/PFnzQ85KWwr6EW6B423
|
||||
OKf1ZuKRQCTgKO/lqWeglZZy1OjQUF+EnVNFJRDrqHHptm2Cn7XMTy8Ta0OxsGe8
|
||||
s9U6U+KbEecZcpFk1dRbR8V4sh+wO9xHPXbvyJqJqgxe2ZsJt2Nfg6UlfgfEpS6a
|
||||
92Urp1sL16nFIF5plfaS+G2FzPDT8HdViHgld7Zx19emfZh/F/aif4ilyg==
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1,24 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIID/jCCAeagAwIBAgIJAOaPZ7X3df3GMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV
|
||||
BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
|
||||
DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowJTESMBAGA1UECgwJRU1RWCBU
|
||||
ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
||||
AoIBAQDew2lLBTl9Znioxi5HxbeuWBN0M16rC4Pw+lXsnQ+TTdQ0sBH5Egffk/if
|
||||
lYrDob68BGKwX7O4unXgGvBxHttWaDyMlLExZM966VJAZf6wYTcvvqPJn9fbk1O9
|
||||
F2t2tS2fQvko3vi9vUeZCQLXKGSQGB4O/vTWK32DJMDH86wKtPyDCc5qs9/u5LQw
|
||||
z1UXwYCFQDCYN9oIqjjqhBcxEY1m8yqlCowM70VMvSHgw7ObaWlw9WYtqK3uVg4o
|
||||
MyDRMEgCj14TJjgqLOYwKYRXB75t+yv1Iqprb/2mUFi2Cpgfn1pAZ8dSRY9/MRfn
|
||||
rrbMmwGhVS5P+Hk4KC81lZ+UBKiXAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg
|
||||
hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAFVP355IX5FfDK/1iMUT
|
||||
r6OhyDoVHxMBsf0+l/11aCNu55UBcBcFoTgAg+C9qPvGju1tDLIEHMnfiJzUOqUM
|
||||
NPt6U2JkAbewNFAOAfCHpgG54aKh2Cly3jUiRZmEUWOv0A7LwBBGIvVAwZykWTrL
|
||||
r+bsAkbK7j4YgqQj7LVefjzdOH4yOz4p5f+LAJEU3wFULl3Ob2et8ICatinqaFve
|
||||
GKnNBbsYmgFv3L3EXM593NcujsDURzyrkrgpRr/MpWrZPqOOCtEEtMioHGeM95Hb
|
||||
Z2zHK0IABHq1SA4xD8xw/0lgEQHpfbyJZksLTYP62z+ihD4Bqq/rF//IVtmsaMtB
|
||||
FpcaUSgbFJtsWHYi7n3gNn6NHs8PY3gnF/RznXq6jl3Fzmd/fjKVliYUoce7O25G
|
||||
P0N+gW8P52rYrg90y0mybFbAt05In6z+wuEZzhN8NcUVqNixB1gRreVMFVE74rWr
|
||||
uHsiXHqFzKuE5WrAu/gh+cphXzdzV/WrNn0Sdi3D1F/hjiVv2Pqf47c507UBprs5
|
||||
4ik/HE3NGnHNln8hxuOdXnTXJVp2UcMEts4HSQ9DdnizXNLW2pX/TcidYWfGnouC
|
||||
3LVbjSvsZiH+zY20t1ecQBKDdNKSJZCvbArrDbV/nz8bHwrhqEQ47zPjpa3roUyL
|
||||
cAoHRdVL49vKck34UNhFlTLH
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEA3sNpSwU5fWZ4qMYuR8W3rlgTdDNeqwuD8PpV7J0Pk03UNLAR
|
||||
+RIH35P4n5WKw6G+vARisF+zuLp14BrwcR7bVmg8jJSxMWTPeulSQGX+sGE3L76j
|
||||
yZ/X25NTvRdrdrUtn0L5KN74vb1HmQkC1yhkkBgeDv701it9gyTAx/OsCrT8gwnO
|
||||
arPf7uS0MM9VF8GAhUAwmDfaCKo46oQXMRGNZvMqpQqMDO9FTL0h4MOzm2lpcPVm
|
||||
Lait7lYOKDMg0TBIAo9eEyY4KizmMCmEVwe+bfsr9SKqa2/9plBYtgqYH59aQGfH
|
||||
UkWPfzEX5662zJsBoVUuT/h5OCgvNZWflASolwIDAQABAoIBAEUULfuwpBJKC5Ky
|
||||
2jkxi/NJpsa7A1lhWcoJp0mXrvPMB8lK7FfjioN/nHLIad6essoVRhFRrCbV06Xq
|
||||
VLOPkQ7rhhNGLOiXTWvdHL+RoXhKvVVV9e6ZXdPejPIvaAjIyFwB5cgR1Orp3mEL
|
||||
lVDpWr4AbJnT4FLl66cWZ53Z53jt8JrMZ/9v4yJNXf7aJH2HCHHAZAD30UmJIu7s
|
||||
st2sY3A8MQFPLbnobTQHHcfhtjZiMYnuWcQOWjVVhK8bVHELPOY3hx0CcOwVp6rP
|
||||
rGcwx6MJiAcI/HOSl/AYJ4u/f2DkqVtQpoZs1z7mGdL2TVOKRJ1R/u0DmjjauOjN
|
||||
idk7/VkCgYEA/bfmTOJj9+7y1ymg6csXG04Qdy5jTjIJRQkCveSkpghM7i2jupHA
|
||||
l0NOIWL+G8hTZ38IyPJxwJB33KlQCTp30duetwMdAQReSN33NjxFk9Z8PUX1bMym
|
||||
tvgi9QxAvYlfureaGbOIeTgEwFEmvlB/SKX+vAGcSWPVwNAxLTZsHnUCgYEA4MQ/
|
||||
jGr55v1bLfVOGF4rEdQ62aGCY2LpTSohDPvd/o1ZeD5PypPBngvMOArL+nRXkt3v
|
||||
Vr+XIu5kS9CJr/ov4+mwrt2hUd74JgaWbrf/xAhoyWqgRDODaLuapNOVVlFrnq2Z
|
||||
EHoaa0unOaHxKTKcyPjV+89hTE3xShyAxKlt4VsCgYEAkYdlQt5sRu85PW80TEXg
|
||||
eBn72dCyx0xuArobZ355bn6+WbO2ATLPDDRf4UidxqPOK0QzbseZtcFn7xryvIhb
|
||||
5/SYAhN4FHhD+HnQ7bv+kMDrPF4fWwu76KFFs9cWX2EnlrrvWiSfeCBIoWMq3Ojh
|
||||
SXNlPMOTuIjaN6FzQ6K+u20CgYEAgUaevmaxAXhrPw2+MynGX+TPTGkmk39KbIV0
|
||||
qQEcd9JYyV4diohdbkee2ATtuUm9LM3VYPGlPgQbT7fL2ZlufgnlA06aAHrcAxL6
|
||||
5weRZfDoRCC9uTxfspdkpLTFSfZejc+PH/j6xQeoUO+hw25G2xi0CrcGYVrbEyM9
|
||||
tN82Qc0CgYEA4KMo7HXZbGGhzXuzXyM8Pl9Ddy35K0nQpRjr4c8C4hsTx7iet1JE
|
||||
Al9MfsVbxNgr2DrQA2e0dtXaGfQ3GKcAzzKczSgafEqS76EZGLsDgaHjKom8AJMA
|
||||
9o8zpaPEQeesdwMjvcB+ZFm5LPCSmIWgprFNTuI3QCAymkDRtXn2YNg=
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1,24 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEATCCAemgAwIBAgIJAOaPZ7X3df3FMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV
|
||||
BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
|
||||
DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowKDESMBAGA1UECgwJRU1RWCBU
|
||||
ZXN0MRIwEAYDVQQDDAlteXNxbC10bHMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
|
||||
ggEKAoIBAQCh2cM9B9ZnFB3aE2pdfof7j3Z+ctStqnjFZUzgZcM0afyzNPQbn6Xq
|
||||
j4rh+dan/6V3XVXJn5pK7wVaYtXrrRW/Wx9avx2mzbRNDRVYbHOKZWrS1zE3lMss
|
||||
SKRXc/WzttYKS+yL9nn+MuFfz1+iP1PqM42PciJoAizNiQ5RQbXBJ/gCHLVeulFO
|
||||
V1pza0ND1lcW9WZa1j/SHJFeLU1EsT56dwMf3qSHdg9KtdvY4AHgi5EQ49F8IO6+
|
||||
C+UMutcgeH6EkSYKpL5dyem7OT4TE1p0AEPQeQzwCYv4VKA1/lIGGsYasaGZascI
|
||||
kH4jwboKj8iIxdlog7mNyzMv3kvYCM97AgMBAAGjIjAgMAsGA1UdDwQEAwIFoDAR
|
||||
BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggIBADmTco5dc1CcEUP3
|
||||
nAfo2NC0UDzU+UavkBelxY+67OiGWVlX62GzxfA8iL8HbemwZ0zZbX2xMZVAbQ9Z
|
||||
IFK5nRj/hYxEVsN2NkYlHI1KmxSjv5HuvK4p2C+/0jOSEFhyNYc1kyjerLlFk9JL
|
||||
CLhdqTS125FjiQE/qpgrYo/Y7COU37tF8uB4WV3UMq8PsHPdWfaCdU/c5ctuoL1U
|
||||
4YVWKLe4LG6vLbjRGOX+6kCjJcwK3Dr/zas45wMXDQg1KeyXniC1jbdYXi4E7VNn
|
||||
Rbdf1SMdlWlBR3LLDhz3kHlOL5UCrf3U8TUsTFlPLR6KJ/Ogx+J6HSPlgXIiGjmx
|
||||
ZB/hSwzVTZqAjfCHEroQndbjSQTLitC8A0ujCDFztqEuVCfuU8XS3I83bdCNBr34
|
||||
SrCfVTjtKDMdDcXh21EZLtB16XXoHfOSuGgQL/ym/HOWqlY7/NHh6za56TmMzWiy
|
||||
HfYgZAeYtxZWMsXnINALzXl2XR2wQ/g02u3vyCA0CwnBybYWwi8WmNWJcxVMrmEE
|
||||
DD5sEMW+TZVgs5PgA5ER9gEj8uAS+yxcjNgSDj93cp+uChOl0Zs3jYMD+nUxF48r
|
||||
kCQPjxF7JLbNS9o4xvNc6fkVDd84Q7tWHH5lKdclEeYn8nvCohPJEEdEsGYSGkab
|
||||
eOqhTvkLF40TzG6/H0yFBuU9joFc
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEAodnDPQfWZxQd2hNqXX6H+492fnLUrap4xWVM4GXDNGn8szT0
|
||||
G5+l6o+K4fnWp/+ld11VyZ+aSu8FWmLV660Vv1sfWr8dps20TQ0VWGxzimVq0tcx
|
||||
N5TLLEikV3P1s7bWCkvsi/Z5/jLhX89foj9T6jONj3IiaAIszYkOUUG1wSf4Ahy1
|
||||
XrpRTldac2tDQ9ZXFvVmWtY/0hyRXi1NRLE+encDH96kh3YPSrXb2OAB4IuREOPR
|
||||
fCDuvgvlDLrXIHh+hJEmCqS+Xcnpuzk+ExNadABD0HkM8AmL+FSgNf5SBhrGGrGh
|
||||
mWrHCJB+I8G6Co/IiMXZaIO5jcszL95L2AjPewIDAQABAoIBAFaAv7OXw8S14LqU
|
||||
U+4CWYVfCNLOZtMm4IOH/82TNgCGgRP6wlkdO50g+PaMBGkn3nTsgpRPZDSWiULk
|
||||
vjbG/G+YsSpcKOnk2W+xBW6MEDiwuaZUcy6krO5PKN7A0For5zv7lkK8CjmNUh1W
|
||||
BWP++seapBc9xhvWxcFYdjmBqDXCYEEkb7oqgE5slDlHAtMGNlqu8RxLem3Z5tgD
|
||||
8EuApwf5kPiPUt6TObGanY8CPrCrTb993IUTE3wZoaVk06Iz/1CTpzU7/XN6Z2RC
|
||||
0U1UbDDpUec8r7gAN8URJ6zL0QCU45qQVABOKbWOQZORVnbkbDwWpD5Sr9ySIm1p
|
||||
2WhP81kCgYEA0cF1CJmBs8kAOuHnvDSkNOyrzMRsGPbtB7l2n/Xg1WZ6OlexcBGi
|
||||
ovFf428VaXpJRNfWFmuiSh2I5HV3FMGyLGOo3Rs6h4IHk9MGYzujRtia9x153PoR
|
||||
O7oOKzu760CvlEQ8og4IcaHfp2ZiWw2F4W/gGVdXvXl79bgjbyLAYOcCgYEAxYiP
|
||||
SXEEPPPGWy+kV7iSzzo32ybWJ1ftYcwZ+jENvaCSfNvZbDnZtOrzeHTI97oNe38n
|
||||
WtE751qJsuoVM/YD5lJhPL7GP0CtkLq+oO0/smRqk+r767NJTWBOCbOcQ0NJ/1il
|
||||
fojvPKYX8sFMRBkmCGRHnjEW1QUhJtuot1Dfxk0CgYAIkWNrb4HJyzsULKgfmvLe
|
||||
KpC184wK1QNHnn7G9+8wKFhzy6M21bGUAFIPYzk3rsQRaNOY5NqjNmOiGV483dCe
|
||||
WY/LQFJ6uIgAtMz8/rGjsjNaRrz0ls5fZzEu+OirKmBBqSvk3rfflGIjX15DI+FF
|
||||
HSHFRzkRR0YV+miQIJZFHwKBgBuOxKazTKsQO1EHYX8XcevVLGu3jFLq0mQ9bDZa
|
||||
V5dn6mfe6ANQQs4ZpSPd7xeYbj8Xay8hV6EcIW/DdnfMT5j3TzeBSfkTFePGGcgr
|
||||
sSI7Hh9KviCQ354a3GhAFYHQxmcIP/ZaNj4Y0eh9DR3HAGZVTySDprLLR2e7Z1tD
|
||||
viRVAoGAZKinM3zuPm2jAoIwYLB3Z/X0qewiLdf7JMmhelHHscB+F6fUqURSeBaX
|
||||
GvIYkkKvoVt4qPpSeDBpmkRF682Zo2VegVTakWW0vxliAOTNCZCAC2zsZxGZ0E/r
|
||||
LysCtImLRyZws2a2RWR9ONplCclrYiVxwr9y+TaltAx/RED0Y8c=
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -64,6 +64,7 @@ jobs:
|
|||
docker-compose \
|
||||
-f .ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-mysql-tcp.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-mysql-tls.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-pgsql-tcp.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-pgsql-tls.yaml \
|
||||
-f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIE5DCCAswCCQD0VXUkrmHMVDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlF
|
||||
TVFYIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMTEy
|
||||
MjMxODIwNTJaFw00OTA1MTAxODIwNTJaMDQxEjAQBgNVBAoMCUVNUVggVGVzdDEe
|
||||
MBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF
|
||||
AAOCAg8AMIICCgKCAgEArfkHB2C0kZL5ibfJ+ipG3tIfhMYR++lXGmthBolLjg/8
|
||||
dhF0mrfiiTjFR3ZW90Jtk4wAwYL0KELj2mwCxj6K802fZxiX0y/H26Pea6HZwvwu
|
||||
TXkv61EnhVWmaazm7phCd0LOZBtS4ITeMnc7XFyBBGdVJ8xkwTQ55/NtjqoTx7IW
|
||||
qlmTuU3andWvVWvlUu8kmwVnlhfo8xxjCFIS9lI57c42QV/jNrY3Iy+3QWKQlXrj
|
||||
mdTG0d4xKjUs8fjjBkxEbr6+yj/13sJRzktu5g9BL+gKjhHp3L+mGhV0u/Tp8Zwr
|
||||
s5NQ5W2NcLfYf07UT+ByfWBUARJkhsUqAiWxmqVLyppnTH6Fv/oDyeSW8+jSbZz4
|
||||
I1nTuo4cImTsZPLlJWPF6ASA9pi7X2TPsfKPtWMzcrAwoSzcyuD3g1PdU5F3vAGz
|
||||
YcnKs8n9QZUE+kPk/db8tA3tEGbkw63z4swPztOhsumSoJocMzIkTOJs3BvxNjsh
|
||||
uZBp5b5MazKsuAvyTunqoB+oKmaOjDKelsQnZVDGL3IA8pmbxkcryykyrwJt4Rfx
|
||||
n9hSGGYqQNH9mEGv0V7sJLNUbiPDYTej8sfCeJfm1NKxFLAmrmpb0IH5rN2BEij3
|
||||
1XpYIOA4PGYGrTBQzY3gLb3sQHJzSQlwaBj9h5J731dPQh1x7P9pqnkX+0Foj4kC
|
||||
AwEAATANBgkqhkiG9w0BAQsFAAOCAgEAo18XKZw9xoknyRRcCyOBHwJWttE1gd4X
|
||||
Sly6dzqokAa/elaSvVTl3adUytkcrDIo2A2+PMxqQIB8xnd8dX5yJQBuzrrLOlXl
|
||||
36hQciNKuY6Y1rVzGD4lJ7I6epnX3BDP6rBTit/q0vPWVVII9EFf7vI1jtB3hB0s
|
||||
0WWCG8Z/mup6cgw8P+IWO5U7WPnkrJur0Rxr/UkJFq4xNY8TuNxtNjbTqQUTkUHz
|
||||
smPEQcjmtD+8d4lZusmrSr3FT6hh4bqjxcDUD9cZeWPuYMXQoHngzEVsHK4/wzjX
|
||||
HH4l5NYTJ7ZEQ6pQJHMWB848IP70S+bvTpn0IEOuFvsSoFKMb/qOLPwmbVRFP2r7
|
||||
h7viDKM4L5vOr1INZhHl8LGc3NPShGNODRrAZcImw8ev2x0IMlSU23dfPmAqrThU
|
||||
vIXVew6Lv9h0QlKZMePkfN4dGXC9X6EOYDzTQWG3CyXh6Cygfq0XS0wt9+gt36zr
|
||||
7kKIfHRGnXPC7XDym/9GAzdMeUPIWYvIZyuxkFq0x7nQ31OB6jZgg0O+93L0LFXm
|
||||
FyJpMSgG3b/iuYe+FutVzqJNk5Q4BN0NJz1b8B503ABaHaFp/0+C7knsnpPUGPVC
|
||||
KNvKNYEzVBLV3TXix7Trex16zz6EwOc2rz4e8iDq9YQmUDuoqZazyQCpfubD3WkN
|
||||
2U0l7v2i0qA=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,24 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIID/jCCAeagAwIBAgIJAOaPZ7X3df3GMA0GCSqGSIb3DQEBCwUAMDQxEjAQBgNV
|
||||
BAoMCUVNUVggVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4X
|
||||
DTIxMTIyMzE4MjA1MloXDTQ5MDUxMDE4MjA1MlowJTESMBAGA1UECgwJRU1RWCBU
|
||||
ZXN0MQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
||||
AoIBAQDew2lLBTl9Znioxi5HxbeuWBN0M16rC4Pw+lXsnQ+TTdQ0sBH5Egffk/if
|
||||
lYrDob68BGKwX7O4unXgGvBxHttWaDyMlLExZM966VJAZf6wYTcvvqPJn9fbk1O9
|
||||
F2t2tS2fQvko3vi9vUeZCQLXKGSQGB4O/vTWK32DJMDH86wKtPyDCc5qs9/u5LQw
|
||||
z1UXwYCFQDCYN9oIqjjqhBcxEY1m8yqlCowM70VMvSHgw7ObaWlw9WYtqK3uVg4o
|
||||
MyDRMEgCj14TJjgqLOYwKYRXB75t+yv1Iqprb/2mUFi2Cpgfn1pAZ8dSRY9/MRfn
|
||||
rrbMmwGhVS5P+Hk4KC81lZ+UBKiXAgMBAAGjIjAgMAsGA1UdDwQEAwIFoDARBglg
|
||||
hkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAFVP355IX5FfDK/1iMUT
|
||||
r6OhyDoVHxMBsf0+l/11aCNu55UBcBcFoTgAg+C9qPvGju1tDLIEHMnfiJzUOqUM
|
||||
NPt6U2JkAbewNFAOAfCHpgG54aKh2Cly3jUiRZmEUWOv0A7LwBBGIvVAwZykWTrL
|
||||
r+bsAkbK7j4YgqQj7LVefjzdOH4yOz4p5f+LAJEU3wFULl3Ob2et8ICatinqaFve
|
||||
GKnNBbsYmgFv3L3EXM593NcujsDURzyrkrgpRr/MpWrZPqOOCtEEtMioHGeM95Hb
|
||||
Z2zHK0IABHq1SA4xD8xw/0lgEQHpfbyJZksLTYP62z+ihD4Bqq/rF//IVtmsaMtB
|
||||
FpcaUSgbFJtsWHYi7n3gNn6NHs8PY3gnF/RznXq6jl3Fzmd/fjKVliYUoce7O25G
|
||||
P0N+gW8P52rYrg90y0mybFbAt05In6z+wuEZzhN8NcUVqNixB1gRreVMFVE74rWr
|
||||
uHsiXHqFzKuE5WrAu/gh+cphXzdzV/WrNn0Sdi3D1F/hjiVv2Pqf47c507UBprs5
|
||||
4ik/HE3NGnHNln8hxuOdXnTXJVp2UcMEts4HSQ9DdnizXNLW2pX/TcidYWfGnouC
|
||||
3LVbjSvsZiH+zY20t1ecQBKDdNKSJZCvbArrDbV/nz8bHwrhqEQ47zPjpa3roUyL
|
||||
cAoHRdVL49vKck34UNhFlTLH
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEA3sNpSwU5fWZ4qMYuR8W3rlgTdDNeqwuD8PpV7J0Pk03UNLAR
|
||||
+RIH35P4n5WKw6G+vARisF+zuLp14BrwcR7bVmg8jJSxMWTPeulSQGX+sGE3L76j
|
||||
yZ/X25NTvRdrdrUtn0L5KN74vb1HmQkC1yhkkBgeDv701it9gyTAx/OsCrT8gwnO
|
||||
arPf7uS0MM9VF8GAhUAwmDfaCKo46oQXMRGNZvMqpQqMDO9FTL0h4MOzm2lpcPVm
|
||||
Lait7lYOKDMg0TBIAo9eEyY4KizmMCmEVwe+bfsr9SKqa2/9plBYtgqYH59aQGfH
|
||||
UkWPfzEX5662zJsBoVUuT/h5OCgvNZWflASolwIDAQABAoIBAEUULfuwpBJKC5Ky
|
||||
2jkxi/NJpsa7A1lhWcoJp0mXrvPMB8lK7FfjioN/nHLIad6essoVRhFRrCbV06Xq
|
||||
VLOPkQ7rhhNGLOiXTWvdHL+RoXhKvVVV9e6ZXdPejPIvaAjIyFwB5cgR1Orp3mEL
|
||||
lVDpWr4AbJnT4FLl66cWZ53Z53jt8JrMZ/9v4yJNXf7aJH2HCHHAZAD30UmJIu7s
|
||||
st2sY3A8MQFPLbnobTQHHcfhtjZiMYnuWcQOWjVVhK8bVHELPOY3hx0CcOwVp6rP
|
||||
rGcwx6MJiAcI/HOSl/AYJ4u/f2DkqVtQpoZs1z7mGdL2TVOKRJ1R/u0DmjjauOjN
|
||||
idk7/VkCgYEA/bfmTOJj9+7y1ymg6csXG04Qdy5jTjIJRQkCveSkpghM7i2jupHA
|
||||
l0NOIWL+G8hTZ38IyPJxwJB33KlQCTp30duetwMdAQReSN33NjxFk9Z8PUX1bMym
|
||||
tvgi9QxAvYlfureaGbOIeTgEwFEmvlB/SKX+vAGcSWPVwNAxLTZsHnUCgYEA4MQ/
|
||||
jGr55v1bLfVOGF4rEdQ62aGCY2LpTSohDPvd/o1ZeD5PypPBngvMOArL+nRXkt3v
|
||||
Vr+XIu5kS9CJr/ov4+mwrt2hUd74JgaWbrf/xAhoyWqgRDODaLuapNOVVlFrnq2Z
|
||||
EHoaa0unOaHxKTKcyPjV+89hTE3xShyAxKlt4VsCgYEAkYdlQt5sRu85PW80TEXg
|
||||
eBn72dCyx0xuArobZ355bn6+WbO2ATLPDDRf4UidxqPOK0QzbseZtcFn7xryvIhb
|
||||
5/SYAhN4FHhD+HnQ7bv+kMDrPF4fWwu76KFFs9cWX2EnlrrvWiSfeCBIoWMq3Ojh
|
||||
SXNlPMOTuIjaN6FzQ6K+u20CgYEAgUaevmaxAXhrPw2+MynGX+TPTGkmk39KbIV0
|
||||
qQEcd9JYyV4diohdbkee2ATtuUm9LM3VYPGlPgQbT7fL2ZlufgnlA06aAHrcAxL6
|
||||
5weRZfDoRCC9uTxfspdkpLTFSfZejc+PH/j6xQeoUO+hw25G2xi0CrcGYVrbEyM9
|
||||
tN82Qc0CgYEA4KMo7HXZbGGhzXuzXyM8Pl9Ddy35K0nQpRjr4c8C4hsTx7iet1JE
|
||||
Al9MfsVbxNgr2DrQA2e0dtXaGfQ3GKcAzzKczSgafEqS76EZGLsDgaHjKom8AJMA
|
||||
9o8zpaPEQeesdwMjvcB+ZFm5LPCSmIWgprFNTuI3QCAymkDRtXn2YNg=
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -22,8 +22,6 @@
|
|||
-include("emqx_authn.hrl").
|
||||
-include_lib("eunit/include/eunit.hrl").
|
||||
-include_lib("common_test/include/ct.hrl").
|
||||
-include_lib("emqx/include/emqx_placeholder.hrl").
|
||||
|
||||
|
||||
-define(MYSQL_HOST, "mysql").
|
||||
-define(MYSQL_PORT, 3306).
|
||||
|
|
|
@ -0,0 +1,150 @@
|
|||
%%--------------------------------------------------------------------
|
||||
%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
|
||||
%%
|
||||
%% Licensed under the Apache License, Version 2.0 (the "License");
|
||||
%% you may not use this file except in compliance with the License.
|
||||
%% You may obtain a copy of the License at
|
||||
%%
|
||||
%% http://www.apache.org/licenses/LICENSE-2.0
|
||||
%%
|
||||
%% Unless required by applicable law or agreed to in writing, software
|
||||
%% distributed under the License is distributed on an "AS IS" BASIS,
|
||||
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
%% See the License for the specific language governing permissions and
|
||||
%% limitations under the License.
|
||||
%%--------------------------------------------------------------------
|
||||
|
||||
-module(emqx_authn_mysql_tls_SUITE).
|
||||
|
||||
-compile(nowarn_export_all).
|
||||
-compile(export_all).
|
||||
|
||||
-include("emqx_authn.hrl").
|
||||
-include_lib("eunit/include/eunit.hrl").
|
||||
-include_lib("common_test/include/ct.hrl").
|
||||
|
||||
-define(MYSQL_HOST, "mysql-tls").
|
||||
-define(MYSQL_PORT, 3306).
|
||||
|
||||
-define(PATH, [authentication]).
|
||||
|
||||
all() ->
|
||||
emqx_common_test_helpers:all(?MODULE).
|
||||
|
||||
groups() ->
|
||||
[].
|
||||
|
||||
init_per_testcase(_, Config) ->
|
||||
{ok, _} = emqx_cluster_rpc:start_link(node(), emqx_cluster_rpc, 1000),
|
||||
emqx_authentication:initialize_authentication(?GLOBAL, []),
|
||||
emqx_authn_test_lib:delete_authenticators(
|
||||
[authentication],
|
||||
?GLOBAL),
|
||||
Config.
|
||||
|
||||
init_per_suite(Config) ->
|
||||
_ = application:load(emqx_conf),
|
||||
case emqx_authn_test_lib:is_tcp_server_available(?MYSQL_HOST, ?MYSQL_PORT) of
|
||||
true ->
|
||||
ok = emqx_common_test_helpers:start_apps([emqx_authn]),
|
||||
ok = start_apps([emqx_resource, emqx_connector]),
|
||||
Config;
|
||||
false ->
|
||||
{skip, no_mysql_tls}
|
||||
end.
|
||||
|
||||
end_per_suite(_Config) ->
|
||||
emqx_authn_test_lib:delete_authenticators(
|
||||
[authentication],
|
||||
?GLOBAL),
|
||||
ok = stop_apps([emqx_resource, emqx_connector]),
|
||||
ok = emqx_common_test_helpers:stop_apps([emqx_authn]).
|
||||
|
||||
%%------------------------------------------------------------------------------
|
||||
%% Tests
|
||||
%%------------------------------------------------------------------------------
|
||||
|
||||
t_create(_Config) ->
|
||||
%% openssl s_client -tls1_2 -cipher ECDHE-RSA-AES256-GCM-SHA384 \
|
||||
%% -connect mysql-tls:3306 -starttls mysql \
|
||||
%% -cert mysql-tls-client.crt -key mysql-tls-client.key -CAfile mysql-tls-ca.crt
|
||||
?assertMatch(
|
||||
{ok, _},
|
||||
create_mysql_auth_with_ssl_opts(
|
||||
#{<<"server_name_indication">> => <<"mysql-tls">>,
|
||||
<<"verify">> => <<"verify_peer">>,
|
||||
<<"versions">> => [<<"tlsv1.2">>],
|
||||
<<"ciphers">> => [<<"ECDHE-RSA-AES256-GCM-SHA384">>]})).
|
||||
|
||||
t_create_invalid(_Config) ->
|
||||
|
||||
%% invalid server_name
|
||||
?assertMatch(
|
||||
{error, _},
|
||||
create_mysql_auth_with_ssl_opts(
|
||||
#{<<"server_name_indication">> => <<"mysql-tls-unknown-host">>,
|
||||
<<"verify">> => <<"verify_peer">>})),
|
||||
|
||||
%% incompatible versions
|
||||
?assertMatch(
|
||||
{error, _},
|
||||
create_mysql_auth_with_ssl_opts(
|
||||
#{<<"server_name_indication">> => <<"mysql-tls">>,
|
||||
<<"verify">> => <<"verify_peer">>,
|
||||
<<"versions">> => [<<"tlsv1.1">>]})),
|
||||
|
||||
%% incompatible ciphers
|
||||
?assertMatch(
|
||||
{error, _},
|
||||
create_mysql_auth_with_ssl_opts(
|
||||
#{<<"server_name_indication">> => <<"mysql-tls">>,
|
||||
<<"verify">> => <<"verify_peer">>,
|
||||
<<"versions">> => [<<"tlsv1.2">>],
|
||||
<<"ciphers">> => [<<"ECDHE-ECDSA-AES128-GCM-SHA256">>]})).
|
||||
|
||||
%%------------------------------------------------------------------------------
|
||||
%% Helpers
|
||||
%%------------------------------------------------------------------------------
|
||||
|
||||
create_mysql_auth_with_ssl_opts(SpecificSSLOpts) ->
|
||||
AuthConfig = raw_mysql_auth_config(SpecificSSLOpts),
|
||||
emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, AuthConfig}).
|
||||
|
||||
raw_mysql_auth_config(SpecificSSLOpts) ->
|
||||
SSLOpts = maps:merge(
|
||||
client_ssl_opts(),
|
||||
#{enable => <<"true">>}),
|
||||
#{
|
||||
mechanism => <<"password-based">>,
|
||||
password_hash_algorithm => #{name => <<"plain">>,
|
||||
salt_position => <<"suffix">>},
|
||||
enable => <<"true">>,
|
||||
|
||||
backend => <<"mysql">>,
|
||||
database => <<"mqtt">>,
|
||||
username => <<"root">>,
|
||||
password => <<"public">>,
|
||||
|
||||
query => <<"SELECT password_hash, salt, is_superuser_str as is_superuser
|
||||
FROM users where username = ${username} LIMIT 1">>,
|
||||
server => mysql_server(),
|
||||
ssl => maps:merge(SSLOpts, SpecificSSLOpts)
|
||||
}.
|
||||
|
||||
mysql_server() ->
|
||||
iolist_to_binary(
|
||||
io_lib:format(
|
||||
"~s:~b",
|
||||
[?MYSQL_HOST, ?MYSQL_PORT])).
|
||||
|
||||
start_apps(Apps) ->
|
||||
lists:foreach(fun application:ensure_all_started/1, Apps).
|
||||
|
||||
stop_apps(Apps) ->
|
||||
lists:foreach(fun application:stop/1, Apps).
|
||||
|
||||
client_ssl_opts() ->
|
||||
Dir = code:lib_dir(emqx_authn, test),
|
||||
#{keyfile => filename:join([Dir, <<"data/certs">>, "mysql-tls-client.key"]),
|
||||
certfile => filename:join([Dir, <<"data/certs">>, "mysql-tls-client.crt"]),
|
||||
cacertfile => filename:join([Dir, <<"data/certs">>, "mysql-tls-ca.crt"])}.
|
|
@ -60,8 +60,7 @@ on_start(InstId, #{server := {Host, Port},
|
|||
connector => InstId, config => Config}),
|
||||
SslOpts = case maps:get(enable, SSL) of
|
||||
true ->
|
||||
[{ssl, [{server_name_indication, disable} |
|
||||
emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)]}];
|
||||
[{ssl, emqx_plugin_libs_ssl:save_files_return_opts(SSL, "connectors", InstId)}];
|
||||
false -> []
|
||||
end,
|
||||
Options = [{host, Host},
|
||||
|
|
Loading…
Reference in New Issue