From acbba2500a91f5ef5b9399e1794ada30b40d53b2 Mon Sep 17 00:00:00 2001 From: Kirill Merkushev Date: Wed, 19 Feb 2020 23:14:27 +0100 Subject: [PATCH 1/8] draft test --- build.gradle | 3 + plugins/grpc-transport-auth/build.gradle | 3 + .../grpc/config/GRPCTLSConfiguration.java | 102 ++++++++++++++++++ .../liiklus/transport/grpc/GRPCTLSTest.java | 71 ++++++++++++ 4 files changed, 179 insertions(+) create mode 100644 plugins/grpc-transport-auth/src/main/java/com/github/bsideup/liiklus/transport/grpc/config/GRPCTLSConfiguration.java create mode 100644 plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java diff --git a/build.gradle b/build.gradle index 2a17d23c..a4753ec6 100644 --- a/build.gradle +++ b/build.gradle @@ -87,6 +87,9 @@ configure(subprojects.findAll { !it.name.startsWith("examples/") }) { dependencies { dependency 'org.projectlombok:lombok:1.18.12' + // see https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty for the compatibility version + dependency 'io.netty:netty-tcnative-boringssl-static:2.0.25.Final' + dependency 'org.pf4j:pf4j:3.1.0' dependencySet(group: 'io.rsocket', version: '0.11.16') { diff --git a/plugins/grpc-transport-auth/build.gradle b/plugins/grpc-transport-auth/build.gradle index 50e2db53..0220f53d 100644 --- a/plugins/grpc-transport-auth/build.gradle +++ b/plugins/grpc-transport-auth/build.gradle @@ -33,6 +33,9 @@ dependencies { compile 'com.auth0:java-jwt' compile 'com.avast.grpc.jwt:grpc-java-jwt' + runtimeOnly 'io.netty:netty-tcnative-boringssl-static' + testRuntimeOnly 'io.netty:netty-tcnative-boringssl-static' + testCompileOnly 'org.projectlombok:lombok' testAnnotationProcessor 'org.projectlombok:lombok' testCompile project(":tck") diff --git a/plugins/grpc-transport-auth/src/main/java/com/github/bsideup/liiklus/transport/grpc/config/GRPCTLSConfiguration.java b/plugins/grpc-transport-auth/src/main/java/com/github/bsideup/liiklus/transport/grpc/config/GRPCTLSConfiguration.java new file mode 100644 index 00000000..b7f8e212 --- /dev/null +++ b/plugins/grpc-transport-auth/src/main/java/com/github/bsideup/liiklus/transport/grpc/config/GRPCTLSConfiguration.java @@ -0,0 +1,102 @@ +package com.github.bsideup.liiklus.transport.grpc.config; + +import com.github.bsideup.liiklus.transport.grpc.GRPCLiiklusTransportConfigurer; +import com.github.bsideup.liiklus.util.PropertiesUtil; +import com.google.auto.service.AutoService; +import io.grpc.netty.GrpcSslContexts; +import io.grpc.netty.NettyServerBuilder; +import io.netty.handler.ssl.ClientAuth; +import io.netty.handler.ssl.SslContext; +import io.netty.handler.ssl.SslContextBuilder; +import lombok.Data; +import lombok.SneakyThrows; +import lombok.Value; +import lombok.extern.slf4j.Slf4j; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.context.ApplicationContextInitializer; +import org.springframework.context.support.GenericApplicationContext; +import org.springframework.core.io.Resource; + +import java.io.File; + +@Slf4j +@AutoService(ApplicationContextInitializer.class) +public class GRPCTLSConfiguration implements ApplicationContextInitializer { + + @Override + public void initialize(GenericApplicationContext applicationContext) { + var environment = applicationContext.getEnvironment(); + + var tlsProperties = PropertiesUtil.bind(environment, new GRPCTLSProperties()); + + if (tlsProperties.getKey() == null) { + return; + } + + log.info("GRPC {}TLS ENABLED", tlsProperties.getTrustCert() != null ? "mutual " : ""); + + applicationContext.registerBean( + TLSGRPCTransportConfigurer.class, + () -> new TLSGRPCTransportConfigurer(tlsProperties) + ); + } + + @Value + static class TLSGRPCTransportConfigurer implements GRPCLiiklusTransportConfigurer { + + GRPCTLSProperties properties; + + @Override + public void apply(NettyServerBuilder builder) { + SslContext ctx = createSSLContext( + properties.getKey(), + properties.getKeyPassword(), + properties.getKeyCertChain(), + properties.getTrustCert() + ); + + builder.sslContext(ctx); + } + + /** + * Mostly copy of the https://github.com/grpc/grpc-java/tree/master/examples/example-tls + * and https://github.com/grpc/grpc-java/blob/master/SECURITY.md + * + * Refer to {@link io.netty.handler.ssl.SslContextBuilder#forServer(File keyCertChainFile, File keyFile, String keyPassword)} + * for more details. + * + * @param key a PKCS#8 private key file in PEM format + * @param keyPassword the password of the key or null if not protected + * @param keyCertChain an X.509 certificate chain file in PEM format + * @param trustCert file should contain an X.509 certificate collection in PEM format + * @return ready-to-use ssl context. + */ + @SneakyThrows + SslContext createSSLContext(Resource key, String keyPassword, Resource keyCertChain, Resource trustCert) { + SslContextBuilder sslClientContextBuilder = SslContextBuilder.forServer( + keyCertChain.getInputStream(), + key.getInputStream(), + keyPassword + ); + if (trustCert != null) { + sslClientContextBuilder.trustManager(trustCert.getInputStream()); + sslClientContextBuilder.clientAuth(ClientAuth.REQUIRE); + } + return GrpcSslContexts.configure(sslClientContextBuilder).build(); + } + } + + @ConfigurationProperties("grpc.tls") + @Data + static class GRPCTLSProperties { + + Resource key; + + String keyPassword; + + Resource keyCertChain; + + Resource trustCert; + + } +} \ No newline at end of file diff --git a/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java new file mode 100644 index 00000000..b579c87a --- /dev/null +++ b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java @@ -0,0 +1,71 @@ +package com.github.bsideup.liiklus.transport.grpc; + +import com.github.bsideup.liiklus.ApplicationRunner; +import com.github.bsideup.liiklus.GRPCLiiklusClient; +import com.github.bsideup.liiklus.protocol.PublishRequest; +import com.google.protobuf.ByteString; +import io.grpc.Server; +import io.grpc.StatusRuntimeException; +import io.grpc.netty.GrpcSslContexts; +import io.grpc.netty.NettyChannelBuilder; +import lombok.SneakyThrows; +import org.junit.Test; +import org.pf4j.PluginManager; +import org.springframework.context.ApplicationContext; +import org.springframework.util.ResourceUtils; + +import javax.net.ssl.SSLException; +import java.io.FileNotFoundException; + +import static org.assertj.core.api.Assertions.assertThatThrownBy; + +public class GRPCTLSTest { + + @SneakyThrows + static int getGRPCPort(ApplicationContext ctx) { + var pluginManager = ctx.getBean(PluginManager.class); + + var classLoader = pluginManager.getPluginClassLoader("grpc-transport"); + var serverClazz = classLoader.loadClass(Server.class.getName()); + var getPortMethod = serverClazz.getDeclaredMethod("getPort"); + var server = ctx.getBean(serverClazz); + + return (int) getPortMethod.invoke(server); + } + + + @Test + public void shouldPublishOnlyWithAuthHmac512() throws SSLException, FileNotFoundException { + var event = PublishRequest.newBuilder() + .setTopic("authorized") + .setValue(ByteString.copyFromUtf8("bar")) + .build(); + + try (var app = new ApplicationRunner("MEMORY", "MEMORY") + .withProperty("grpc.enabled", true) + .withProperty("grpc.port", 0) + .withProperty("grpc.tls.key", "file:/Users/lanwen/code/github.com/bsideup/liiklus/pki/private/server.pkcs8.key") //didn't get where relative path +// .withProperty("grpc.tls.keyPassword", "testsecret") + .withProperty("grpc.tls.keyCertChain", "file:/Users/lanwen/code/github.com/bsideup/liiklus/pki/issued/server.crt") + .run() + ) { + int port = getGRPCPort(app); + + var unauthClient = new GRPCLiiklusClient( + NettyChannelBuilder + .forAddress("localhost", port) + .directExecutor() + .sslContext(GrpcSslContexts.forClient() + .trustManager(ResourceUtils.getFile("/Users/lanwen/code/github.com/bsideup/liiklus/pki/issued/server.crt")) + .build() + ) + .build() + ); + + assertThatThrownBy(() -> unauthClient.publish(event).block()) + .isInstanceOf(StatusRuntimeException.class) + .hasMessageContaining("UNAVAILABLE: Network closed for unknown reason"); + + } + } +} From fae66dc262cbef61f79fef9343e9ca9341c40fba Mon Sep 17 00:00:00 2001 From: Kirill Merkushev Date: Wed, 13 May 2020 13:59:58 +0200 Subject: [PATCH 2/8] move dep to plugin --- build.gradle | 3 --- plugins/grpc-transport-auth/build.gradle | 5 +++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/build.gradle b/build.gradle index a4753ec6..2a17d23c 100644 --- a/build.gradle +++ b/build.gradle @@ -87,9 +87,6 @@ configure(subprojects.findAll { !it.name.startsWith("examples/") }) { dependencies { dependency 'org.projectlombok:lombok:1.18.12' - // see https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty for the compatibility version - dependency 'io.netty:netty-tcnative-boringssl-static:2.0.25.Final' - dependency 'org.pf4j:pf4j:3.1.0' dependencySet(group: 'io.rsocket', version: '0.11.16') { diff --git a/plugins/grpc-transport-auth/build.gradle b/plugins/grpc-transport-auth/build.gradle index 0220f53d..6c08a8fb 100644 --- a/plugins/grpc-transport-auth/build.gradle +++ b/plugins/grpc-transport-auth/build.gradle @@ -33,8 +33,9 @@ dependencies { compile 'com.auth0:java-jwt' compile 'com.avast.grpc.jwt:grpc-java-jwt' - runtimeOnly 'io.netty:netty-tcnative-boringssl-static' - testRuntimeOnly 'io.netty:netty-tcnative-boringssl-static' + // see https://github.com/grpc/grpc-java/blob/master/SECURITY.md#netty for the compatibility version + runtimeOnly 'io.netty:netty-tcnative-boringssl-static:2.0.25.Final' + testRuntimeOnly 'io.netty:netty-tcnative-boringssl-static:2.0.25.Final' testCompileOnly 'org.projectlombok:lombok' testAnnotationProcessor 'org.projectlombok:lombok' From b2a15fda812131a2faa2ba8abb8bfb933e5abc5d Mon Sep 17 00:00:00 2001 From: Kirill Merkushev Date: Thu, 14 May 2020 14:16:42 +0200 Subject: [PATCH 3/8] rm duplicated method --- .../liiklus/transport/grpc/GRPCTLSTest.java | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java index b579c87a..75566fe4 100644 --- a/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java +++ b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java @@ -4,36 +4,20 @@ import com.github.bsideup.liiklus.GRPCLiiklusClient; import com.github.bsideup.liiklus.protocol.PublishRequest; import com.google.protobuf.ByteString; -import io.grpc.Server; import io.grpc.StatusRuntimeException; import io.grpc.netty.GrpcSslContexts; import io.grpc.netty.NettyChannelBuilder; -import lombok.SneakyThrows; import org.junit.Test; -import org.pf4j.PluginManager; -import org.springframework.context.ApplicationContext; import org.springframework.util.ResourceUtils; import javax.net.ssl.SSLException; import java.io.FileNotFoundException; +import static com.github.bsideup.liiklus.transport.grpc.GRPCAuthTest.getGRPCPort; import static org.assertj.core.api.Assertions.assertThatThrownBy; public class GRPCTLSTest { - @SneakyThrows - static int getGRPCPort(ApplicationContext ctx) { - var pluginManager = ctx.getBean(PluginManager.class); - - var classLoader = pluginManager.getPluginClassLoader("grpc-transport"); - var serverClazz = classLoader.loadClass(Server.class.getName()); - var getPortMethod = serverClazz.getDeclaredMethod("getPort"); - var server = ctx.getBean(serverClazz); - - return (int) getPortMethod.invoke(server); - } - - @Test public void shouldPublishOnlyWithAuthHmac512() throws SSLException, FileNotFoundException { var event = PublishRequest.newBuilder() From ab87cc1041f1b27a87d58d8ad5c38a5b62590e98 Mon Sep 17 00:00:00 2001 From: Kirill Merkushev Date: Thu, 14 May 2020 14:18:00 +0200 Subject: [PATCH 4/8] test method name --- .../github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java index 75566fe4..3caa653d 100644 --- a/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java +++ b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java @@ -19,7 +19,7 @@ public class GRPCTLSTest { @Test - public void shouldPublishOnlyWithAuthHmac512() throws SSLException, FileNotFoundException { + public void shouldConnectWithTLS() throws SSLException, FileNotFoundException { var event = PublishRequest.newBuilder() .setTopic("authorized") .setValue(ByteString.copyFromUtf8("bar")) @@ -40,7 +40,7 @@ public void shouldPublishOnlyWithAuthHmac512() throws SSLException, FileNotFound .forAddress("localhost", port) .directExecutor() .sslContext(GrpcSslContexts.forClient() - .trustManager(ResourceUtils.getFile("/Users/lanwen/code/github.com/bsideup/liiklus/pki/issued/server.crt")) + .trustManager(ResourceUtils.getFile("file:/Users/lanwen/code/github.com/bsideup/liiklus/pki/issued/server.crt")) .build() ) .build() From 6a671e025d4ac1287316e33c03faf45beb48bf84 Mon Sep 17 00:00:00 2001 From: Kirill Merkushev Date: Thu, 14 May 2020 19:02:37 +0200 Subject: [PATCH 5/8] fix deprecation --- .../com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java index 3caa653d..aa2066fb 100644 --- a/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java +++ b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java @@ -2,6 +2,7 @@ import com.github.bsideup.liiklus.ApplicationRunner; import com.github.bsideup.liiklus.GRPCLiiklusClient; +import com.github.bsideup.liiklus.protocol.LiiklusEvent; import com.github.bsideup.liiklus.protocol.PublishRequest; import com.google.protobuf.ByteString; import io.grpc.StatusRuntimeException; @@ -22,7 +23,7 @@ public class GRPCTLSTest { public void shouldConnectWithTLS() throws SSLException, FileNotFoundException { var event = PublishRequest.newBuilder() .setTopic("authorized") - .setValue(ByteString.copyFromUtf8("bar")) + .setLiiklusEvent(LiiklusEvent.newBuilder().setData(ByteString.copyFromUtf8("bar")).build()) .build(); try (var app = new ApplicationRunner("MEMORY", "MEMORY") From 81bf4087e5e8aec109654139894f011b3cda88ba Mon Sep 17 00:00:00 2001 From: Kirill Merkushev Date: Thu, 14 May 2020 22:48:28 +0200 Subject: [PATCH 6/8] generate certs following https://github.com/grpc/grpc-java/tree/master/testing/src/main/resources/certs --- .../liiklus/transport/grpc/GRPCTLSTest.java | 22 +++++++++++---- .../test/resources/keys/tls/ca-openssl.cnf | 17 +++++++++++ .../src/test/resources/keys/tls/ca.key | 28 +++++++++++++++++++ .../src/test/resources/keys/tls/ca.pem | 20 +++++++++++++ .../src/test/resources/keys/tls/ca.srl | 1 + .../src/test/resources/keys/tls/client.csr | 15 ++++++++++ .../src/test/resources/keys/tls/client.key | 28 +++++++++++++++++++ .../test/resources/keys/tls/client.key.rsa | 27 ++++++++++++++++++ .../src/test/resources/keys/tls/client.pem | 18 ++++++++++++ .../src/test/resources/keys/tls/server0.csr | 15 ++++++++++ .../src/test/resources/keys/tls/server0.key | 28 +++++++++++++++++++ .../test/resources/keys/tls/server0.key.rsa | 27 ++++++++++++++++++ .../src/test/resources/keys/tls/server0.pem | 18 ++++++++++++ 13 files changed, 259 insertions(+), 5 deletions(-) create mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/ca-openssl.cnf create mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.key create mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.pem create mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.srl create mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/client.csr create mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key create mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key.rsa create mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/client.pem create mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.csr create mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key create mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key.rsa create mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.pem diff --git a/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java index aa2066fb..e233186b 100644 --- a/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java +++ b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java @@ -4,7 +4,6 @@ import com.github.bsideup.liiklus.GRPCLiiklusClient; import com.github.bsideup.liiklus.protocol.LiiklusEvent; import com.github.bsideup.liiklus.protocol.PublishRequest; -import com.google.protobuf.ByteString; import io.grpc.StatusRuntimeException; import io.grpc.netty.GrpcSslContexts; import io.grpc.netty.NettyChannelBuilder; @@ -13,25 +12,38 @@ import javax.net.ssl.SSLException; import java.io.FileNotFoundException; +import java.time.ZonedDateTime; +import java.time.format.DateTimeFormatter; +import java.util.UUID; import static com.github.bsideup.liiklus.transport.grpc.GRPCAuthTest.getGRPCPort; import static org.assertj.core.api.Assertions.assertThatThrownBy; public class GRPCTLSTest { + private static final LiiklusEvent LIIKLUS_EVENT_EXAMPLE = LiiklusEvent.newBuilder() + .setId(UUID.randomUUID().toString()) + .setType("com.example.event") + .setSource("/tests") + .setDataContentType("application/json") + .putExtensions("comexampleextension1", "foo") + .putExtensions("comexampleextension2", "bar") + .setTime(ZonedDateTime.now().format(DateTimeFormatter.ISO_OFFSET_DATE_TIME)) + .buildPartial(); + @Test public void shouldConnectWithTLS() throws SSLException, FileNotFoundException { var event = PublishRequest.newBuilder() .setTopic("authorized") - .setLiiklusEvent(LiiklusEvent.newBuilder().setData(ByteString.copyFromUtf8("bar")).build()) + .setLiiklusEvent(LIIKLUS_EVENT_EXAMPLE) .build(); try (var app = new ApplicationRunner("MEMORY", "MEMORY") .withProperty("grpc.enabled", true) .withProperty("grpc.port", 0) - .withProperty("grpc.tls.key", "file:/Users/lanwen/code/github.com/bsideup/liiklus/pki/private/server.pkcs8.key") //didn't get where relative path + .withProperty("grpc.tls.key", "file:src/test/resources/keys/tls/server0.key") // .withProperty("grpc.tls.keyPassword", "testsecret") - .withProperty("grpc.tls.keyCertChain", "file:/Users/lanwen/code/github.com/bsideup/liiklus/pki/issued/server.crt") + .withProperty("grpc.tls.keyCertChain", "file:src/test/resources/keys/tls/server0.pem") .run() ) { int port = getGRPCPort(app); @@ -41,7 +53,7 @@ public void shouldConnectWithTLS() throws SSLException, FileNotFoundException { .forAddress("localhost", port) .directExecutor() .sslContext(GrpcSslContexts.forClient() - .trustManager(ResourceUtils.getFile("file:/Users/lanwen/code/github.com/bsideup/liiklus/pki/issued/server.crt")) + .trustManager(ResourceUtils.getFile("file:src/test/resources/keys/tls/ca.pem")) .build() ) .build() diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca-openssl.cnf b/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca-openssl.cnf new file mode 100644 index 00000000..11daa7a6 --- /dev/null +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca-openssl.cnf @@ -0,0 +1,17 @@ +[req] +distinguished_name = req_distinguished_name +req_extensions = v3_req + +[req_distinguished_name] +countryName = Country Name (2 letter code) +countryName_default = AU +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State +organizationName = Organization Name (eg, company) +organizationName_default = Internet Widgits Pty Ltd +commonName = Common Name (eg, YOUR name) +commonName_default = testca + +[v3_req] +basicConstraints = CA:true +keyUsage = critical, keyCertSign \ No newline at end of file diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.key b/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.key new file mode 100644 index 00000000..ad4b5a1a --- /dev/null +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC36tdeQtA6I939 +r2fWCiEdQNPWNJy9RjHnYpEdldW7lZQhzk5L/qV0TJuraRyQAsM3JQMlkWL42gRd +4v2uCsolC+005CEKeKq8ClwAq0WiZR7nel6cutKZDQqzm2mLqRQsdfQQRRPC12Sz +1PktEYAmOEzk47+d8RSV35OBxtNESLwJLMCP7RF8bLI6Zl79oPKjtBtlUVe7bysf +VanN7O1gk+tT23H+ew/WzY78+CzVnFOZW8HHRxjUBkInJyM6pzEmF26RRYc0lVfI +pqUh7Hhav6FDZqL/ldUn0oeTs5zJY2PvPicgV7kZhYAAB1pHfYPeh7GMvtSNSpPC +bQbRK2LhAgMBAAECggEAbknBhKEERRklEe+RkOTaHrS1U4qRQ19IpbyR0O/9D1QP +VIZmpWO6zBb0csHBgwplDjh/vpOEij4SyEpKXYfS2IxiXok+1wytNb3wleYfB9cj +xSO4gLv3dhhABpx3mmx10IObK/aAdyK7HKvmEISiGElCsy9vxMLA2W8NAZG9NwBx +yaVEbN1oWCDtwhRt+Z9/IQMnPKbcw7aQDhclXb9ALv+0CO6NJQEDDfjuPgyNvlNc +nqg1AdFrPPzgGhVkZ9L8+HpoVTrNA+IkIi97c+SHlN3VeeuS16upNzeTEmu41xS2 +fAY8psmmOkLS9ehlxT4INyIiaw6ftZ0xYwrUFztrAQKBgQDrTd1TuI9jIHjQRXgt +bAAzJTTg9uG1HROyd0mDPolTdpb/cxSOsrBinEVThaPGz/v7GezxVyRIV1U7Pi7K +HANXKTWUCbW7CT7xgAZaoIDdNi6/MFU2R+/BJlN0hpWtCbpZgLHa8L2p/Q89lk3m +jjf9I1acMRQSiNNv+EcWdlxXaQKBgQDIF/IG7CWMc0pgTwSMnwLYCRmVDivuvMTe +h/Oir1sRfw4SkSi27PW/MBV0TQXJ+uJTiLQSvMA2MaZI6qdtl33bUfWFRtgj7zSu +2PPk3YCVosxGhZpytxXTk6OkYOUPpiQyeZ38NqXhv5DGxcjNFcWHorW5bMDB1WBY +6o94o994uQKBgBHD6zXq9UhypyxyUkR7pvg1kux5N0lJTLdosjAqhIu8pGHc+mxb +qV2IluNbb6YPBeNLbcw63A5qKZEzfKzduJLYFad7pDDe3dW16MTm4VPSR20/5O8Y +N03J6vsdPie2WE9xm/v/uRIgfQoVUwRZMHj4Ng3M1ssfcXc+s39KqGYhAoGAbNaZ +j6pjwkHz8u8ISnUz1s8cWzeaLgIAFAtfOt6napzxyqeqvdWm1pgRE3HR9EvDUCzL +xmVlKBVZndAFwlbk3qd2JUijyOgUgAcCozrY9ovXEYUavctY0/06xe7uqdR1W/9L +MCWJlYHd/kEXOHbfOygGMRY2wziNb9AmujhpFgECgYAsLyrduULDar0nWly3ao+j +1dOH9ArTyQIWZObdTRSkyv6kWHK4V6YGVVuQRX2RFnhwLJr38fZImNHbKsQuwkJc +NL36YdjyiAkKdqzPX+LIyt5lkyx5f7txi2hurdW4tLzeINKrwE7vmPcwWR0hIqcB +rG0yywacI9yqvcuqMWVJlA== +-----END PRIVATE KEY----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.pem b/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.pem new file mode 100644 index 00000000..7a054a75 --- /dev/null +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTzCCAjegAwIBAgIJANbrBjGopVe5MA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnRlc3RjYTAeFw0yMDA1MTQyMDIzNTRa +Fw0zMDA1MTIyMDIzNTRaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 +YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM +BnRlc3RjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALfq115C0Doj +3f2vZ9YKIR1A09Y0nL1GMedikR2V1buVlCHOTkv+pXRMm6tpHJACwzclAyWRYvja +BF3i/a4KyiUL7TTkIQp4qrwKXACrRaJlHud6Xpy60pkNCrObaYupFCx19BBFE8LX +ZLPU+S0RgCY4TOTjv53xFJXfk4HG00RIvAkswI/tEXxssjpmXv2g8qO0G2VRV7tv +Kx9Vqc3s7WCT61Pbcf57D9bNjvz4LNWcU5lbwcdHGNQGQicnIzqnMSYXbpFFhzSV +V8impSHseFq/oUNmov+V1SfSh5OznMljY+8+JyBXuRmFgAAHWkd9g96HsYy+1I1K +k8JtBtErYuECAwEAAaMgMB4wDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQw +DQYJKoZIhvcNAQELBQADggEBAFqH4X7ctDW+gV7dRDWr4inhg8oRwNNlXSplxEs0 +BxLVKVOlgBN92nG2MvfVWkZ+whkxL+SpB8fJQ5CJ+HLdLgK8m9x0yvVIcbAAIy68 +jgEIIJBI16a0Geyb/uZxzULjmM0ZZGwu+2FQcKOQVHNlGodpb0TBkHGAjtKrpogP +xDfbJCNt1INJVt9ToUIhn8GP+JCbpWcPEyiwPgq5D4YPXdFfL3VRXj8Bbp0az5dS +M4FUOBvj3bX9L7mYHA6vB4piI9hxnFSeW5YUGTXkUZUFmnxnnnfECP5coQdgWOMt +erD02qJhhBPWwinov6pL19PKgV4bKyar2it75FY1gJRie64= +-----END CERTIFICATE----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.srl b/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.srl new file mode 100644 index 00000000..40be62c1 --- /dev/null +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.srl @@ -0,0 +1 @@ +BEF00C51AE1AA028 diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.csr b/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.csr new file mode 100644 index 00000000..d5d0bfa3 --- /dev/null +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICWjCCAUICAQAwFTETMBEGA1UEAwwKdGVzdGNsaWVudDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAL8AJ4ja1+k8TAkp2r2kUa1bN2PkZiUz08Utq1E+ +/YfdguT5AGl8DBBoBPPIZ+toe0GK64x8FtYIC5wDOmFfs76CavHAj4sKJdQ0b5Sy +Dx8OU7bE6vWCx6xzGy8Z6Di/5XvB2g6B2yz0+MxlRy5BEj+0NoCfeVYzdX89f5Ka +uLAkZJnYxqV5ramrxnVNr53MWPOlNJ51puMQOaGrGAIJkmFslGkXLHz8+8GT5gYi +nkpvyH1BXvdZWOIQ8vOg3VdzB2OulqhCLJfjVA0p2GKFpO8Swy7AXzB67ypPhZfB +UbXW8ohATReT6j0o4HHL5Ne4b+UKuGh2BHRVB8sqpfjL08ECAwEAAaAAMA0GCSqG +SIb3DQEBCwUAA4IBAQBsP9FNuXudVcRd5WAsY5/vhnM70YP2nOOzdNaR/7kdqoxX ++9bAohqEQvm9UDaBo8OZw20iU9XQnJ1YRvpkg589yqLaTaZMw3CAJstvclaN7jHE +9+ICiwFiaceL82PGD94H31/uvFAZn0nwP9Zm20Oj7cYL3BfiejOHY9Fvjq6zWCE8 +kCCgkDkpnLu7OQn3oNBwbRkl4Py/kdnseG1jS7rgv1veNvwgJ0kXL2ERwYNqBcfx +wyNgp7k45p1m1HxzNcVK/PL4tc5Pfc9ChStlk97aA3KviELyUly9CpAfqKmOpnIq +wlI/uvOiyizugEt1IXrMTRXEaB41TyWqxOG3q4C+ +-----END CERTIFICATE REQUEST----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key b/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key new file mode 100644 index 00000000..cc36d79a --- /dev/null +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/ACeI2tfpPEwJ +Kdq9pFGtWzdj5GYlM9PFLatRPv2H3YLk+QBpfAwQaATzyGfraHtBiuuMfBbWCAuc +AzphX7O+gmrxwI+LCiXUNG+Usg8fDlO2xOr1gsescxsvGeg4v+V7wdoOgdss9PjM +ZUcuQRI/tDaAn3lWM3V/PX+SmriwJGSZ2Malea2pq8Z1Ta+dzFjzpTSedabjEDmh +qxgCCZJhbJRpFyx8/PvBk+YGIp5Kb8h9QV73WVjiEPLzoN1XcwdjrpaoQiyX41QN +KdhihaTvEsMuwF8weu8qT4WXwVG11vKIQE0Xk+o9KOBxy+TXuG/lCrhodgR0VQfL +KqX4y9PBAgMBAAECggEAdx64iWC7Mao6Xait1IJrsitmczVaAy+8jof6BZS8eATN +gtJM0Hzd5UmKdSPys92YqXrjht1JPLkNzIIy4dHW/yTFX/rRS0zL5PnC8UDPr3W2 +/hD33KBwuXucY5bLvsDndXSj81JHiFVL6eXsK8vHftV8/GD5QqqbR/zp2FwIfUlQ +gKw7fzxRx2qutE4J4PjbManpcsJVcaP6LgcRDD4lOoSoctLk7iZbY3HXfODktV3w +eG6mY+MGcPs3agorQ1YV45f6HNGz2LIHkEYDio3QAd8d/gYDkCHDenw+KU7E3O8K ++IjVg1jYtgQpeI7MrHznfrxW8X74BiK+zHy8P9FMZQKBgQDvuOSHyO1NQz7ZTXJN +lffiO8O0oAJk0+snLsUb4MKNI2Ife6nGZnFDf8pYNFgt8aF+D8R135n2Hv+s/u3z +uOVM1x4634lU5U6WaN58kjUNqPKkwSpKfi/pEbbCuSAgvKpRwFqiBxabccyg06xu +41JhqjEonl9xyrZ/kbHY72GzBwKBgQDL+FSUkmeN9Gr/HNdnktOq0cdpoTdPibcL +taBGGpsVZcNv9sHscSFQvQQxAvlfU+9n5Op08VUIaFOuO2OeBKMUMp+q+oKcWBIf +zfxN7KdvMnBqTp7VUTKBYzz+VhV0uBYv7mlSk0im3qvAd9VohKH1OqG1Ids8xFii +Un2M1zko9wKBgGRlY9h2TuP30L+DTuatcyZdb0YbaUU+95HuZYCabgBcHEEhMmY0 +CyWAxIaSTYfYVZENG3NeVQWdz+hsz80t12KKCVAQxFw4uOQHQX6cYPm6kvxrJcIS +/Q+4ank8vPbY7N/WFl8bZt1tGI0WeXXrYFokw/fF9CUdB7d/liNLhfhLAoGBAJE8 +JLWZvcS1eg5nMfXc9XzXXL+Y/LJU5BKhZBsmzLCiwlOSB6ldMJS10is36+r18C0x +McTNJngTGSqhvSACO0Chf1GWiLPcfiNJX9L4pIwoBSWdD7ni1CyPRhnvn915Sssc +XsBegUfYm8EzUrDWaCAefJBmKB6PzHDgfedwRJInAoGAHfBTyodTBxeOi/SAdJyj +O3wLNv0xjc0qIAcxOoPHXEeKoi/aWKmi0MaGGrDXAimz8eFIcCI9bREVXAd2Iyg9 +SSVnmMXp7n008gw+C6AKWhV1a9p0hTebjHY5dg475A9b6vkZdSyVQcBWdS+rR2zl +qxWQIamZENQn0kaZDUf+dRA= +-----END PRIVATE KEY----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key.rsa b/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key.rsa new file mode 100644 index 00000000..33392a5d --- /dev/null +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key.rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvwAniNrX6TxMCSnavaRRrVs3Y+RmJTPTxS2rUT79h92C5PkA +aXwMEGgE88hn62h7QYrrjHwW1ggLnAM6YV+zvoJq8cCPiwol1DRvlLIPHw5TtsTq +9YLHrHMbLxnoOL/le8HaDoHbLPT4zGVHLkESP7Q2gJ95VjN1fz1/kpq4sCRkmdjG +pXmtqavGdU2vncxY86U0nnWm4xA5oasYAgmSYWyUaRcsfPz7wZPmBiKeSm/IfUFe +91lY4hDy86DdV3MHY66WqEIsl+NUDSnYYoWk7xLDLsBfMHrvKk+Fl8FRtdbyiEBN +F5PqPSjgccvk17hv5Qq4aHYEdFUHyyql+MvTwQIDAQABAoIBAHceuIlguzGqOl2o +rdSCa7IrZnM1WgMvvI6H+gWUvHgEzYLSTNB83eVJinUj8rPdmKl644bdSTy5DcyC +MuHR1v8kxV/60UtMy+T5wvFAz691tv4Q99ygcLl7nGOWy77A53V0o/NSR4hVS+nl +7CvLx37VfPxg+UKqm0f86dhcCH1JUICsO388UcdqrrROCeD42zGp6XLCVXGj+i4H +EQw+JTqEqHLS5O4mW2Nx13zg5LVd8HhupmPjBnD7N2oKK0NWFeOX+hzRs9iyB5BG +A4qN0AHfHf4GA5Ahw3p8PilOxNzvCviI1YNY2LYEKXiOzKx85368VvF++AYivsx8 +vD/RTGUCgYEA77jkh8jtTUM+2U1yTZX34jvDtKACZNPrJy7FG+DCjSNiH3upxmZx +Q3/KWDRYLfGhfg/Edd+Z9h7/rP7t87jlTNceOt+JVOVOlmjefJI1DajypMEqSn4v +6RG2wrkgILyqUcBaogcWm3HMoNOsbuNSYaoxKJ5fccq2f5Gx2O9hswcCgYEAy/hU +lJJnjfRq/xzXZ5LTqtHHaaE3T4m3C7WgRhqbFWXDb/bB7HEhUL0EMQL5X1PvZ+Tq +dPFVCGhTrjtjngSjFDKfqvqCnFgSH838TeynbzJwak6e1VEygWM8/lYVdLgWL+5p +UpNIpt6rwHfVaISh9TqhtSHbPMRYolJ9jNc5KPcCgYBkZWPYdk7j99C/g07mrXMm +XW9GG2lFPveR7mWAmm4AXBxBITJmNAslgMSGkk2H2FWRDRtzXlUFnc/obM/NLddi +iglQEMRcOLjkB0F+nGD5upL8ayXCEv0PuGp5PLz22Ozf1hZfG2bdbRiNFnl162Ba +JMP3xfQlHQe3f5YjS4X4SwKBgQCRPCS1mb3EtXoOZzH13PV811y/mPyyVOQSoWQb +JsywosJTkgepXTCUtdIrN+vq9fAtMTHEzSZ4Exkqob0gAjtAoX9Rloiz3H4jSV/S ++KSMKAUlnQ+54tQsj0YZ75/deUrLHF7AXoFH2JvBM1Kw1mggHnyQZigej8xw4H3n +cESSJwKBgB3wU8qHUwcXjov0gHScozt8Czb9MY3NKiAHMTqDx1xHiqIv2lipotDG +hhqw1wIps/HhSHAiPW0RFVwHdiMoPUklZ5jF6e59NPIMPgugCloVdWvadIU3m4x2 +OXYOO+QPW+r5GXUslUHAVnUvq0ds5asVkCGpmRDUJ9JGmQ1H/nUQ +-----END RSA PRIVATE KEY----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.pem b/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.pem new file mode 100644 index 00000000..5f04b8a0 --- /dev/null +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5zCCAc8CCQC+8AxRrhqgJzANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJB +VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 +cyBQdHkgTHRkMQ8wDQYDVQQDDAZ0ZXN0Y2EwHhcNMjAwNTE0MjAzMTM3WhcNMzAw +NTEyMjAzMTM3WjAVMRMwEQYDVQQDDAp0ZXN0Y2xpZW50MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAvwAniNrX6TxMCSnavaRRrVs3Y+RmJTPTxS2rUT79 +h92C5PkAaXwMEGgE88hn62h7QYrrjHwW1ggLnAM6YV+zvoJq8cCPiwol1DRvlLIP +Hw5TtsTq9YLHrHMbLxnoOL/le8HaDoHbLPT4zGVHLkESP7Q2gJ95VjN1fz1/kpq4 +sCRkmdjGpXmtqavGdU2vncxY86U0nnWm4xA5oasYAgmSYWyUaRcsfPz7wZPmBiKe +Sm/IfUFe91lY4hDy86DdV3MHY66WqEIsl+NUDSnYYoWk7xLDLsBfMHrvKk+Fl8FR +tdbyiEBNF5PqPSjgccvk17hv5Qq4aHYEdFUHyyql+MvTwQIDAQABMA0GCSqGSIb3 +DQEBBQUAA4IBAQC1hy5XM7rjsOOtpVwOLDZcn9NRmJ88M1J7/hheQZjpQ+BykKaN +pV3kLckQhPVg+jnSJXAb9ZtDl3yoYCbDZSUORRKAzkwm90VbYIRvGzy72dFYPlMN +PIlJ6jL1WC6rEXMp34CCb1e+EhUKgrUOF7hOKGis+6rQO82HgwdXc4jV2tn099DL +AKk8Wx5/BiFMsvoBxlQOwGsyRGXTkS8w40T0D2P4ILUiMV1EHdTSBR2g2Ao2OKya +vK4IKC67Z5ZWTwAbx3FkeM4wY7oyUbBgihK1mzmBboK65Achl573ufC9ynzRc/EU +m4A/w6lC6yfEMeJRXyYaVmebRC1nuJF+kPwk +-----END CERTIFICATE----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.csr b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.csr new file mode 100644 index 00000000..3196ec36 --- /dev/null +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHc2VydmVyMDCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAMthD1LGIVMezcs/PC8OWEtObCiW6kuqwNYY7aAehujr +PhTZ6FGcXa/Hagd9aWivzJi2rYKUUXcCg4CAX6OFpTeV7U7AARuMVXq3KrEi8CMH +PL7L2Mu8+js0/QKP6trmV0tSFpPomesCkP3aOTR51dKxz0fjKrLRpLGDRvIcTnm9 +ia1e6TDXq1G7YPe1hp8acPmEZV88D0DUFt9aqruxPJlnRZYV3H0qiQ6RM4RaY8r9 +jPiEMkqVX9W6UVTY1o/Xu4I025FQE6wovxml7n35y28F5RxT3qzy4AjU8cOIkWWL +isnAe6xmxyH0u0+77/FWhWRZpjb85gJYSTSjiKYx41ECAwEAAaAAMA0GCSqGSIb3 +DQEBCwUAA4IBAQCPjly/8yQfHCTTbNugBGtRTzPo4sG46S+aNIsuVd3J4snAsO0w +jDjcS+w7+EpntmjqQtR+FwnJPr9zBCCGnq1ofQkUBcj7VGHMD9COQsXbMVCGZWk5 +P07ChR+pbRJoci15q6TkonPRe/I2DqxgKo1ReEcFRGSTeio5gEerF6xaQwaDM1Si +ImlY/JuHOyYW58MlqzwDWV/rlFC8CY/M/UBcX6uMI5wU+LO3MVWB1rpJBO+BW753 +FaujHdMVmt3CEbGgPgkqFtUsCLHW2G45Ob92UxVi5lstY0DrHyntfmH+MX7sIx1+ +c8v9WZLaoQqXp6MZOGnlApmjYCgoG/C88a8U +-----END CERTIFICATE REQUEST----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key new file mode 100644 index 00000000..377a3dcd --- /dev/null +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLYQ9SxiFTHs3L +PzwvDlhLTmwolupLqsDWGO2gHobo6z4U2ehRnF2vx2oHfWlor8yYtq2ClFF3AoOA +gF+jhaU3le1OwAEbjFV6tyqxIvAjBzy+y9jLvPo7NP0Cj+ra5ldLUhaT6JnrApD9 +2jk0edXSsc9H4yqy0aSxg0byHE55vYmtXukw16tRu2D3tYafGnD5hGVfPA9A1Bbf +Wqq7sTyZZ0WWFdx9KokOkTOEWmPK/Yz4hDJKlV/VulFU2NaP17uCNNuRUBOsKL8Z +pe59+ctvBeUcU96s8uAI1PHDiJFli4rJwHusZsch9LtPu+/xVoVkWaY2/OYCWEk0 +o4imMeNRAgMBAAECggEAFb6f48q5P2jYufVd2u4etJaC6+gOzt5H1dw+c9Mvu3GD +ZrlRpIAiaCvbA0f+YCoDpwRJEuAGwcGsC64uC467dnD6OWQ/+hEMBp3U27GPmT8p +2IB1AnuHCZOFxaNbieH8zVnOfivtYPoaRHnzic/I88j9D4OTSiEuCaiuii5Kmatg +ZP+UCtpnHCgOoGas+lrjI9MgqzoncZCmRgjS7ppjgE5ATEGDFyIqSqZXOqfUhfaH +Or5c436sPWl2xsNHOSvlh0yvMWlPgJBGokyF5dLhsR4Je0xDeNT1CdG1ONhOf3Y1 +vr5pyaU0TGuxQfPdLuyzKSSUp/+ZSlBoNKzoNfmqHQKBgQDk268S+INPPqQZZaXR +afZ9DjpCiQa6Frp6uqKUoXA0nDo/0nQQt43R7RDMWL71xM5/fEN4U7dfmE8duVko +LFvHm9icrqAHqgPDF/9M2UZHumZgDoWFRkcI+PPRaLZMwrOyA46zsONVZEnVH/DG +rORFk0LwsHYw98QJFXZ9LYUOBwKBgQDjf9ArLzdQ1oKNz3cpKw/N0t/f5FE4iAch +EaTxep8RdnG4/GCtm2ewDMNgOpWT4cGyW371csXlyRo7vxTtP6z0/R0hw4FJEBKG +7XpYDKasAOr6nGk6opv9Gl/KllFAOU303whLbtFgElsVCZLbIIAObWT5YtvcBvkk +D1oraD0t5wKBgC8Iy0Ft26bEq/sgPeT9DxCChQy5lq1WEHs6skEzsJjPZtVJDluF +LdtwClzE/HIMQZhH1KH9Kpm19sSYHC+6dh5e9DS3WuJYWa+V1f1YRi5lq7agJWbP +m7fHWmy2RYkfFslGG+ToPMCG/PmVN+nNDJkT+9T1n0TPFvX6+EAfw9GvAoGAZ/5X +JEZzHMrR5w09RV5f3RBWMjxmPFdCGwW7xn7tE8h29762WuW9IibTcLuXAICkUGmu +wXhzqjShf0o7wK/o2hySIosCIGnubitET9eIoPvSbjjtiVYnxC04OJ06Cwem8Ra6 +7fB8WVRKunUj4nMa1n1/ONjN8+hkHu29pDYEMWUCgYEAjh7lALFo6OkDDk1pKFWt +JGKmD5J2REl0td8FmMKEY+zYpEguT7hEbptAJyxoAARCqn9WjtdWB0/OBrBD67O9 +QB99//qKV1QBlBeWeiIgSTJziKwOPlrepO0kNOqLhUaLJ0vOrP0L20OHcIGiHn/n +wtoJCLm9ON/P5xqX7S6VkJ4= +-----END PRIVATE KEY----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key.rsa b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key.rsa new file mode 100644 index 00000000..5817e41d --- /dev/null +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key.rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAy2EPUsYhUx7Nyz88Lw5YS05sKJbqS6rA1hjtoB6G6Os+FNno +UZxdr8dqB31paK/MmLatgpRRdwKDgIBfo4WlN5XtTsABG4xVercqsSLwIwc8vsvY +y7z6OzT9Ao/q2uZXS1IWk+iZ6wKQ/do5NHnV0rHPR+MqstGksYNG8hxOeb2JrV7p +MNerUbtg97WGnxpw+YRlXzwPQNQW31qqu7E8mWdFlhXcfSqJDpEzhFpjyv2M+IQy +SpVf1bpRVNjWj9e7gjTbkVATrCi/GaXuffnLbwXlHFPerPLgCNTxw4iRZYuKycB7 +rGbHIfS7T7vv8VaFZFmmNvzmAlhJNKOIpjHjUQIDAQABAoIBABW+n+PKuT9o2Ln1 +XdruHrSWguvoDs7eR9XcPnPTL7txg2a5UaSAImgr2wNH/mAqA6cESRLgBsHBrAuu +LguOu3Zw+jlkP/oRDAad1Nuxj5k/KdiAdQJ7hwmThcWjW4nh/M1Zzn4r7WD6GkR5 +84nPyPPI/Q+Dk0ohLgmoroouSpmrYGT/lAraZxwoDqBmrPpa4yPTIKs6J3GQpkYI +0u6aY4BOQExBgxciKkqmVzqn1IX2hzq+XON+rD1pdsbDRzkr5YdMrzFpT4CQRqJM +heXS4bEeCXtMQ3jU9QnRtTjYTn92Nb6+acmlNExrsUHz3S7ssykklKf/mUpQaDSs +6DX5qh0CgYEA5NuvEviDTz6kGWWl0Wn2fQ46QokGuha6erqilKFwNJw6P9J0ELeN +0e0QzFi+9cTOf3xDeFO3X5hPHblZKCxbx5vYnK6gB6oDwxf/TNlGR7pmYA6FhUZH +CPjz0Wi2TMKzsgOOs7DjVWRJ1R/wxqzkRZNC8LB2MPfECRV2fS2FDgcCgYEA43/Q +Ky83UNaCjc93KSsPzdLf3+RROIgHIRGk8XqfEXZxuPxgrZtnsAzDYDqVk+HBslt+ +9XLF5ckaO78U7T+s9P0dIcOBSRAShu16WAymrADq+pxpOqKb/RpfypZRQDlN9N8I +S27RYBJbFQmS2yCADm1k+WLb3Ab5JA9aK2g9LecCgYAvCMtBbdumxKv7ID3k/Q8Q +goUMuZatVhB7OrJBM7CYz2bVSQ5bhS3bcApcxPxyDEGYR9Sh/SqZtfbEmBwvunYe +XvQ0t1riWFmvldX9WEYuZau2oCVmz5u3x1pstkWJHxbJRhvk6DzAhvz5lTfpzQyZ +E/vU9Z9Ezxb1+vhAH8PRrwKBgGf+VyRGcxzK0ecNPUVeX90QVjI8ZjxXQhsFu8Z+ +7RPIdve+tlrlvSIm03C7lwCApFBprsF4c6o0oX9KO8Cv6NockiKLAiBp7m4rRE/X +iKD70m447YlWJ8QtODidOgsHpvEWuu3wfFlUSrp1I+JzGtZ9fzjYzfPoZB7tvaQ2 +BDFlAoGBAI4e5QCxaOjpAw5NaShVrSRipg+SdkRJdLXfBZjChGPs2KRILk+4RG6b +QCcsaAAEQqp/Vo7XVgdPzgawQ+uzvUAfff/6ildUAZQXlnoiIEkyc4isDj5a3qTt +JDTqi4VGiydLzqz9C9tDh3CBoh5/58LaCQi5vTjfz+cal+0ulZCe +-----END RSA PRIVATE KEY----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.pem b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.pem new file mode 100644 index 00000000..0dc6e89d --- /dev/null +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC5DCCAcwCCQC+8AxRrhqgKDANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJB +VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 +cyBQdHkgTHRkMQ8wDQYDVQQDDAZ0ZXN0Y2EwHhcNMjAwNTE0MjAzMzE2WhcNMzAw +NTEyMjAzMzE2WjASMRAwDgYDVQQDDAdzZXJ2ZXIwMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAy2EPUsYhUx7Nyz88Lw5YS05sKJbqS6rA1hjtoB6G6Os+ +FNnoUZxdr8dqB31paK/MmLatgpRRdwKDgIBfo4WlN5XtTsABG4xVercqsSLwIwc8 +vsvYy7z6OzT9Ao/q2uZXS1IWk+iZ6wKQ/do5NHnV0rHPR+MqstGksYNG8hxOeb2J +rV7pMNerUbtg97WGnxpw+YRlXzwPQNQW31qqu7E8mWdFlhXcfSqJDpEzhFpjyv2M ++IQySpVf1bpRVNjWj9e7gjTbkVATrCi/GaXuffnLbwXlHFPerPLgCNTxw4iRZYuK +ycB7rGbHIfS7T7vv8VaFZFmmNvzmAlhJNKOIpjHjUQIDAQABMA0GCSqGSIb3DQEB +BQUAA4IBAQCb9Cf4v/fFfqKeZa4lsvkbXK7oA3YbF9Rb213CXlwsYJNY2xuviH4C +gqrQeZ3c8uqFpeWtLq1Vm+TU6qLydn4NzSh7W09TV7ofMRO3o5Qz26KMIyyYFWVq +NcUaUqx2gAEv+KQez+NEGtzulnLawG/ZZQczlVxnIouaC2XC3CFVZgUKv3rhczJk +fdwRHttA6hFRrRNSv35m8xuJ5nkO48Ol71Fg6n+L0h9cYSqG29znYWqET/WbtqGI +sglJuqgxPWi2qJeP3WNLAyoXTpOkQaJV10UQsFVP6RKEIpx1gPvLcF+lVbwadYdD +qQjXwoVouk0Td48BU86HHLgqyoxtkXiI +-----END CERTIFICATE----- From dc785f4ff869ca72d277897f0ac282b1d11c6621 Mon Sep 17 00:00:00 2001 From: Sergei Egorov Date: Tue, 11 Aug 2020 21:49:26 +0200 Subject: [PATCH 7/8] Fix tests --- .../liiklus/transport/grpc/GRPCTLSTest.java | 187 ++++++++++++++---- .../src/test/resources/keys/tls/server0.csr | 26 +-- .../src/test/resources/keys/tls/server0.key | 52 ++--- .../test/resources/keys/tls/server0.key.rsa | 50 ++--- .../src/test/resources/keys/tls/server0.pem | 30 +-- 5 files changed, 227 insertions(+), 118 deletions(-) diff --git a/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java index e233186b..d925fae8 100644 --- a/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java +++ b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java @@ -4,65 +4,174 @@ import com.github.bsideup.liiklus.GRPCLiiklusClient; import com.github.bsideup.liiklus.protocol.LiiklusEvent; import com.github.bsideup.liiklus.protocol.PublishRequest; +import io.grpc.ManagedChannel; +import io.grpc.Status; import io.grpc.StatusRuntimeException; import io.grpc.netty.GrpcSslContexts; import io.grpc.netty.NettyChannelBuilder; +import lombok.SneakyThrows; import org.junit.Test; +import org.junit.jupiter.api.function.ThrowingConsumer; import org.springframework.util.ResourceUtils; -import javax.net.ssl.SSLException; -import java.io.FileNotFoundException; -import java.time.ZonedDateTime; -import java.time.format.DateTimeFormatter; import java.util.UUID; +import java.util.function.Consumer; import static com.github.bsideup.liiklus.transport.grpc.GRPCAuthTest.getGRPCPort; import static org.assertj.core.api.Assertions.assertThatThrownBy; +import static org.assertj.core.api.InstanceOfAssertFactories.type; public class GRPCTLSTest { - private static final LiiklusEvent LIIKLUS_EVENT_EXAMPLE = LiiklusEvent.newBuilder() - .setId(UUID.randomUUID().toString()) - .setType("com.example.event") - .setSource("/tests") - .setDataContentType("application/json") - .putExtensions("comexampleextension1", "foo") - .putExtensions("comexampleextension2", "bar") - .setTime(ZonedDateTime.now().format(DateTimeFormatter.ISO_OFFSET_DATE_TIME)) - .buildPartial(); + @Test + public void shouldConnectWithTLS() { + withApp( + app -> { + app + .withProperty("grpc.tls.key", "file:src/test/resources/keys/tls/server0.key") + .withProperty("grpc.tls.keyCertChain", "file:src/test/resources/keys/tls/server0.pem"); + }, + port -> { + var sslContext = GrpcSslContexts.forClient() + .trustManager(ResourceUtils.getFile("file:src/test/resources/keys/tls/ca.pem")) + .build(); + + var channel = NettyChannelBuilder + .forAddress("localhost", port) + .sslContext(sslContext) + .build(); + + publishWith(channel); + } + ); + } @Test - public void shouldConnectWithTLS() throws SSLException, FileNotFoundException { - var event = PublishRequest.newBuilder() - .setTopic("authorized") - .setLiiklusEvent(LIIKLUS_EVENT_EXAMPLE) - .build(); + public void shouldFailOnPlaintext() { + withApp( + app -> { + app + .withProperty("grpc.tls.key", "file:src/test/resources/keys/tls/server0.key") + .withProperty("grpc.tls.keyCertChain", "file:src/test/resources/keys/tls/server0.pem"); + }, + port -> { + var channel = NettyChannelBuilder + .forAddress("localhost", port) + .usePlaintext() + .build(); - try (var app = new ApplicationRunner("MEMORY", "MEMORY") - .withProperty("grpc.enabled", true) - .withProperty("grpc.port", 0) - .withProperty("grpc.tls.key", "file:src/test/resources/keys/tls/server0.key") -// .withProperty("grpc.tls.keyPassword", "testsecret") - .withProperty("grpc.tls.keyCertChain", "file:src/test/resources/keys/tls/server0.pem") - .run() - ) { - int port = getGRPCPort(app); - - var unauthClient = new GRPCLiiklusClient( - NettyChannelBuilder + assertThatThrownBy(() -> publishWith(channel)) + .asInstanceOf(type(StatusRuntimeException.class)) + .satisfies(Throwable::printStackTrace) + .returns(Status.Code.UNAVAILABLE, it -> it.getStatus().getCode()); + } + ); + } + + @Test + public void shouldFailOnWrongCA() { + withApp( + app -> { + app + .withProperty("grpc.tls.key", "file:src/test/resources/keys/tls/server0.key") + .withProperty("grpc.tls.keyCertChain", "file:src/test/resources/keys/tls/server0.pem"); + }, + port -> { + var sslContext = GrpcSslContexts.forClient() + .build(); + + var channel = NettyChannelBuilder .forAddress("localhost", port) - .directExecutor() - .sslContext(GrpcSslContexts.forClient() - .trustManager(ResourceUtils.getFile("file:src/test/resources/keys/tls/ca.pem")) - .build() + .sslContext(sslContext) + .build(); + + assertThatThrownBy(() -> publishWith(channel)) + .asInstanceOf(type(StatusRuntimeException.class)) + .satisfies(Throwable::printStackTrace) + .returns(Status.Code.UNAVAILABLE, it -> it.getStatus().getCode()); + } + ); + } + + @Test + public void mTLS() { + withApp( + app -> { + app + .withProperty("grpc.tls.key", "file:src/test/resources/keys/tls/server0.key") + .withProperty("grpc.tls.keyCertChain", "file:src/test/resources/keys/tls/server0.pem") + .withProperty("grpc.tls.trustCert", "file:src/test/resources/keys/tls/ca.pem"); + }, + port -> { + var sslContext = GrpcSslContexts.forClient() + .trustManager(ResourceUtils.getFile("file:src/test/resources/keys/tls/ca.pem")) + .keyManager( + ResourceUtils.getFile("file:src/test/resources/keys/tls/client.pem"), + ResourceUtils.getFile("file:src/test/resources/keys/tls/client.key") ) - .build() - ); + .build(); - assertThatThrownBy(() -> unauthClient.publish(event).block()) - .isInstanceOf(StatusRuntimeException.class) - .hasMessageContaining("UNAVAILABLE: Network closed for unknown reason"); + var channel = NettyChannelBuilder + .forAddress("localhost", port) + .sslContext(sslContext) + .build(); + publishWith(channel); + } + ); + } + + @Test + public void shouldFailOnMutualTLSWithMissingCertClient() { + withApp( + app -> { + app + .withProperty("grpc.tls.key", "file:src/test/resources/keys/tls/server0.key") + .withProperty("grpc.tls.keyCertChain", "file:src/test/resources/keys/tls/server0.pem") + .withProperty("grpc.tls.trustCert", "file:src/test/resources/keys/tls/ca.pem"); + }, + port -> { + var sslContext = GrpcSslContexts.forClient() + .trustManager(ResourceUtils.getFile("file:src/test/resources/keys/tls/ca.pem")) + .build(); + + var channel = NettyChannelBuilder + .forAddress("localhost", port) + .sslContext(sslContext) + .build(); + + assertThatThrownBy(() -> publishWith(channel)) + .asInstanceOf(type(StatusRuntimeException.class)) + .satisfies(Throwable::printStackTrace) + .returns(Status.Code.UNAVAILABLE, it -> it.getStatus().getCode()); + } + ); + } + + @SneakyThrows + private void withApp(Consumer applicationRunnerConsumer, ThrowingConsumer portConsumer) { + var applicationRunner = new ApplicationRunner("MEMORY", "MEMORY") + .withProperty("grpc.enabled", true) + .withProperty("grpc.port", 0); + applicationRunnerConsumer.accept(applicationRunner); + try (var app = applicationRunner.run()) { + portConsumer.accept(getGRPCPort(app)); } } + + private void publishWith(ManagedChannel channel) { + var event = PublishRequest.newBuilder() + .setTopic("authorized") + .setLiiklusEvent( + LiiklusEvent.newBuilder() + .setId(UUID.randomUUID().toString()) + .setType("com.example.event") + .setSource("/tests") + .build() + ) + .build(); + + var client = new GRPCLiiklusClient(channel); + client.publish(event).block(); + } } diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.csr b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.csr index 3196ec36..15ab4c4b 100644 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.csr +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.csr @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICVzCCAT8CAQAwEjEQMA4GA1UEAwwHc2VydmVyMDCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMthD1LGIVMezcs/PC8OWEtObCiW6kuqwNYY7aAehujr -PhTZ6FGcXa/Hagd9aWivzJi2rYKUUXcCg4CAX6OFpTeV7U7AARuMVXq3KrEi8CMH -PL7L2Mu8+js0/QKP6trmV0tSFpPomesCkP3aOTR51dKxz0fjKrLRpLGDRvIcTnm9 -ia1e6TDXq1G7YPe1hp8acPmEZV88D0DUFt9aqruxPJlnRZYV3H0qiQ6RM4RaY8r9 -jPiEMkqVX9W6UVTY1o/Xu4I025FQE6wovxml7n35y28F5RxT3qzy4AjU8cOIkWWL -isnAe6xmxyH0u0+77/FWhWRZpjb85gJYSTSjiKYx41ECAwEAAaAAMA0GCSqGSIb3 -DQEBCwUAA4IBAQCPjly/8yQfHCTTbNugBGtRTzPo4sG46S+aNIsuVd3J4snAsO0w -jDjcS+w7+EpntmjqQtR+FwnJPr9zBCCGnq1ofQkUBcj7VGHMD9COQsXbMVCGZWk5 -P07ChR+pbRJoci15q6TkonPRe/I2DqxgKo1ReEcFRGSTeio5gEerF6xaQwaDM1Si -ImlY/JuHOyYW58MlqzwDWV/rlFC8CY/M/UBcX6uMI5wU+LO3MVWB1rpJBO+BW753 -FaujHdMVmt3CEbGgPgkqFtUsCLHW2G45Ob92UxVi5lstY0DrHyntfmH+MX7sIx1+ -c8v9WZLaoQqXp6MZOGnlApmjYCgoG/C88a8U +MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAvPa8TogSlnA4AETEPiEDGS0Td4yXDIF8QlgxX0Zn +jmpuqpR0FEhNpQzkOSRigaRH/t1HWE52NM9TPRkbSsh2il+iInXPd+Gv9VrDaoBe +RkRDlgEYL+7Xfgy8ZvJABBJDKRyzkMeCw2iRPTdkFGgj7LwqC9yqcrgt8QIHeH77 +79Y0bIonVSzyl2veNQYFpi5/P1+hJkHeCcKCft28rqGpbnBWBD393izsULgBh8Kq +iIYmU79srR4W3J5Af70+JwCIvooue9bvfgeP4Q4Vcy9XwkHWJ5m96iRcr9QROCGR +KMtNJwhuedoyMVwTowNwzWLEnDyTpChcW0Q+tmrMaBqyiQIDAQABoAAwDQYJKoZI +hvcNAQELBQADggEBAFDbhTERyQW4gbOZ0O4ovJ16tUA6VRdTz/dehsB9af3mTunL +krbz97axj73hURB+scjAevGfypuvcESnjRpv98naTOWyLi+i4h2YVyoe++YeD57J +5cP7ja0rR4bZNYJst7Puh7zuOPm6XOZac8Dm8ir47VQzaU5bTay8vlKZ9CpOxfft +83pP4Lrfp4e/8+qK3hC6Dn16B5lCjnQ0GH6Ivo+AWSYRosOgoFoFI8I1ZhlQA3lH +PzYPGHdVDApt+HvpZEHDjINURXXt9T3miQNjCdAxtDkVcl34WOw2UBIprgDxsWd+ +tyW9wYBrgIeTfaeiQYUkREVRPDK9xoiJPpvD6hg= -----END CERTIFICATE REQUEST----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key index 377a3dcd..a9ca70b4 100644 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLYQ9SxiFTHs3L -PzwvDlhLTmwolupLqsDWGO2gHobo6z4U2ehRnF2vx2oHfWlor8yYtq2ClFF3AoOA -gF+jhaU3le1OwAEbjFV6tyqxIvAjBzy+y9jLvPo7NP0Cj+ra5ldLUhaT6JnrApD9 -2jk0edXSsc9H4yqy0aSxg0byHE55vYmtXukw16tRu2D3tYafGnD5hGVfPA9A1Bbf -Wqq7sTyZZ0WWFdx9KokOkTOEWmPK/Yz4hDJKlV/VulFU2NaP17uCNNuRUBOsKL8Z -pe59+ctvBeUcU96s8uAI1PHDiJFli4rJwHusZsch9LtPu+/xVoVkWaY2/OYCWEk0 -o4imMeNRAgMBAAECggEAFb6f48q5P2jYufVd2u4etJaC6+gOzt5H1dw+c9Mvu3GD -ZrlRpIAiaCvbA0f+YCoDpwRJEuAGwcGsC64uC467dnD6OWQ/+hEMBp3U27GPmT8p -2IB1AnuHCZOFxaNbieH8zVnOfivtYPoaRHnzic/I88j9D4OTSiEuCaiuii5Kmatg -ZP+UCtpnHCgOoGas+lrjI9MgqzoncZCmRgjS7ppjgE5ATEGDFyIqSqZXOqfUhfaH -Or5c436sPWl2xsNHOSvlh0yvMWlPgJBGokyF5dLhsR4Je0xDeNT1CdG1ONhOf3Y1 -vr5pyaU0TGuxQfPdLuyzKSSUp/+ZSlBoNKzoNfmqHQKBgQDk268S+INPPqQZZaXR -afZ9DjpCiQa6Frp6uqKUoXA0nDo/0nQQt43R7RDMWL71xM5/fEN4U7dfmE8duVko -LFvHm9icrqAHqgPDF/9M2UZHumZgDoWFRkcI+PPRaLZMwrOyA46zsONVZEnVH/DG -rORFk0LwsHYw98QJFXZ9LYUOBwKBgQDjf9ArLzdQ1oKNz3cpKw/N0t/f5FE4iAch -EaTxep8RdnG4/GCtm2ewDMNgOpWT4cGyW371csXlyRo7vxTtP6z0/R0hw4FJEBKG -7XpYDKasAOr6nGk6opv9Gl/KllFAOU303whLbtFgElsVCZLbIIAObWT5YtvcBvkk -D1oraD0t5wKBgC8Iy0Ft26bEq/sgPeT9DxCChQy5lq1WEHs6skEzsJjPZtVJDluF -LdtwClzE/HIMQZhH1KH9Kpm19sSYHC+6dh5e9DS3WuJYWa+V1f1YRi5lq7agJWbP -m7fHWmy2RYkfFslGG+ToPMCG/PmVN+nNDJkT+9T1n0TPFvX6+EAfw9GvAoGAZ/5X -JEZzHMrR5w09RV5f3RBWMjxmPFdCGwW7xn7tE8h29762WuW9IibTcLuXAICkUGmu -wXhzqjShf0o7wK/o2hySIosCIGnubitET9eIoPvSbjjtiVYnxC04OJ06Cwem8Ra6 -7fB8WVRKunUj4nMa1n1/ONjN8+hkHu29pDYEMWUCgYEAjh7lALFo6OkDDk1pKFWt -JGKmD5J2REl0td8FmMKEY+zYpEguT7hEbptAJyxoAARCqn9WjtdWB0/OBrBD67O9 -QB99//qKV1QBlBeWeiIgSTJziKwOPlrepO0kNOqLhUaLJ0vOrP0L20OHcIGiHn/n -wtoJCLm9ON/P5xqX7S6VkJ4= +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC89rxOiBKWcDgA +RMQ+IQMZLRN3jJcMgXxCWDFfRmeOam6qlHQUSE2lDOQ5JGKBpEf+3UdYTnY0z1M9 +GRtKyHaKX6Iidc934a/1WsNqgF5GREOWARgv7td+DLxm8kAEEkMpHLOQx4LDaJE9 +N2QUaCPsvCoL3KpyuC3xAgd4fvvv1jRsiidVLPKXa941BgWmLn8/X6EmQd4JwoJ+ +3byuoalucFYEPf3eLOxQuAGHwqqIhiZTv2ytHhbcnkB/vT4nAIi+ii571u9+B4/h +DhVzL1fCQdYnmb3qJFyv1BE4IZEoy00nCG552jIxXBOjA3DNYsScPJOkKFxbRD62 +asxoGrKJAgMBAAECggEBAJfoTndfYnn32r00iwJbLY92sjigF+ngylDXb1FlWuid +XTvaPfr0KR8vXuUk/9+yfoI/xxQRd2t65DKw1UToJIuW19OWG+QG1ZqLjZ83dRJN +3Hthg908x5W4jVjBFH9xYvZQ8XXJPbDzhhbNSbIyCfdNSQviKFAzChO+itzuUIB7 +tCN+JfUanz/ZbEj9vDA343LbC03BgH4Cd+ugYrWv0G0lOOagbItsQ1eSt9nSf41G +TlaTwoTzRaVzO3jMbkOvHtuNERFCerF4rNKgjtQy+ENDmv/jufd9UClN5zSm/B2B +D7ZXxmunErx8KTWrNks7evHBCtaS9hoKx/x2R7Tu6nUCgYEA5JGCat+r9yAL0oSf +C4+WYg86ArcbZ/QzcmJKg2WnCe91vqYxGOxhvx2H8d+1ExieDnEgi2fAPRsG6WHu +OY2eBgh9YNc6yBR9zNOeyVTu6QgRe1qSzhAY3gifuqM2NokRAoLsUwtW/5PQAQHc +K6eoilG66Yz8DoY/BUum6vMrM6sCgYEA06RsMLr8VnW0i1C6I5R/RDAttpvodpUL +4M7hyJael3vNgPaEQak/q0OwV+YBJ8bf+cYvVHJlh6dlgsyfszbNWqAbWSymySu+ +WuRb9L5b5MvxzrdmlWE0EJZfUG6q97Xa49c0lB1BusdDRBc9xIzLU25Dst4sHHqB +mgnXDIRNPpsCgYEA5D554YdiDfEuXRaaS80i+uEBqNx4vaIaDcshZX0JBN7e0Xbb +6GuEYHh43IvsIhmfHATT3uHIEjz+9ecZINfOSXAI47+Jr2rnBLb+BUaPHJ0199xG +ZQemDXLHLnT1GhhdqAhdPcBBLA7K03asCdvubdGXuMlUmpxsKjmVgWE6bukCgYAN +NUOzPtgkpS/hSeZz9f6DSOZxcQVu8RpOq1qX5B59obJPjBLw7hkVHSJSOf50dwrf +Uaj+gi0n7CB/qzmEO7VRJJDQXeMCxwIYNgwvF/owKzIqDnQOeoR/TIMiR+XPk7/X +XEThwXmqqGjgRPsL2yWNTWJYNVlXZaXU8SxEkbUoZQKBgHm+N+faBblvl1yro6z8 +wbxSG8blaJ4CP9wCxBrbU1d1GHEmDcnl48RT0nC7UT0nHiV9OH8sXg3pIiGn45UV +2fGjE2wfIuYvIo09yijS84JlwHNQO0O2aDxYqs4pOe+qqyeMpkVYsOaiAu+Z8UXn +jlXfDPYEdwv+BypWHCvWAaiQ -----END PRIVATE KEY----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key.rsa b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key.rsa index 5817e41d..9e7bcea2 100644 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key.rsa +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key.rsa @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAy2EPUsYhUx7Nyz88Lw5YS05sKJbqS6rA1hjtoB6G6Os+FNno -UZxdr8dqB31paK/MmLatgpRRdwKDgIBfo4WlN5XtTsABG4xVercqsSLwIwc8vsvY -y7z6OzT9Ao/q2uZXS1IWk+iZ6wKQ/do5NHnV0rHPR+MqstGksYNG8hxOeb2JrV7p -MNerUbtg97WGnxpw+YRlXzwPQNQW31qqu7E8mWdFlhXcfSqJDpEzhFpjyv2M+IQy -SpVf1bpRVNjWj9e7gjTbkVATrCi/GaXuffnLbwXlHFPerPLgCNTxw4iRZYuKycB7 -rGbHIfS7T7vv8VaFZFmmNvzmAlhJNKOIpjHjUQIDAQABAoIBABW+n+PKuT9o2Ln1 -XdruHrSWguvoDs7eR9XcPnPTL7txg2a5UaSAImgr2wNH/mAqA6cESRLgBsHBrAuu -LguOu3Zw+jlkP/oRDAad1Nuxj5k/KdiAdQJ7hwmThcWjW4nh/M1Zzn4r7WD6GkR5 -84nPyPPI/Q+Dk0ohLgmoroouSpmrYGT/lAraZxwoDqBmrPpa4yPTIKs6J3GQpkYI -0u6aY4BOQExBgxciKkqmVzqn1IX2hzq+XON+rD1pdsbDRzkr5YdMrzFpT4CQRqJM -heXS4bEeCXtMQ3jU9QnRtTjYTn92Nb6+acmlNExrsUHz3S7ssykklKf/mUpQaDSs -6DX5qh0CgYEA5NuvEviDTz6kGWWl0Wn2fQ46QokGuha6erqilKFwNJw6P9J0ELeN -0e0QzFi+9cTOf3xDeFO3X5hPHblZKCxbx5vYnK6gB6oDwxf/TNlGR7pmYA6FhUZH -CPjz0Wi2TMKzsgOOs7DjVWRJ1R/wxqzkRZNC8LB2MPfECRV2fS2FDgcCgYEA43/Q -Ky83UNaCjc93KSsPzdLf3+RROIgHIRGk8XqfEXZxuPxgrZtnsAzDYDqVk+HBslt+ -9XLF5ckaO78U7T+s9P0dIcOBSRAShu16WAymrADq+pxpOqKb/RpfypZRQDlN9N8I -S27RYBJbFQmS2yCADm1k+WLb3Ab5JA9aK2g9LecCgYAvCMtBbdumxKv7ID3k/Q8Q -goUMuZatVhB7OrJBM7CYz2bVSQ5bhS3bcApcxPxyDEGYR9Sh/SqZtfbEmBwvunYe -XvQ0t1riWFmvldX9WEYuZau2oCVmz5u3x1pstkWJHxbJRhvk6DzAhvz5lTfpzQyZ -E/vU9Z9Ezxb1+vhAH8PRrwKBgGf+VyRGcxzK0ecNPUVeX90QVjI8ZjxXQhsFu8Z+ -7RPIdve+tlrlvSIm03C7lwCApFBprsF4c6o0oX9KO8Cv6NockiKLAiBp7m4rRE/X -iKD70m447YlWJ8QtODidOgsHpvEWuu3wfFlUSrp1I+JzGtZ9fzjYzfPoZB7tvaQ2 -BDFlAoGBAI4e5QCxaOjpAw5NaShVrSRipg+SdkRJdLXfBZjChGPs2KRILk+4RG6b -QCcsaAAEQqp/Vo7XVgdPzgawQ+uzvUAfff/6ildUAZQXlnoiIEkyc4isDj5a3qTt -JDTqi4VGiydLzqz9C9tDh3CBoh5/58LaCQi5vTjfz+cal+0ulZCe +MIIEpAIBAAKCAQEAvPa8TogSlnA4AETEPiEDGS0Td4yXDIF8QlgxX0ZnjmpuqpR0 +FEhNpQzkOSRigaRH/t1HWE52NM9TPRkbSsh2il+iInXPd+Gv9VrDaoBeRkRDlgEY +L+7Xfgy8ZvJABBJDKRyzkMeCw2iRPTdkFGgj7LwqC9yqcrgt8QIHeH7779Y0bIon +VSzyl2veNQYFpi5/P1+hJkHeCcKCft28rqGpbnBWBD393izsULgBh8KqiIYmU79s +rR4W3J5Af70+JwCIvooue9bvfgeP4Q4Vcy9XwkHWJ5m96iRcr9QROCGRKMtNJwhu +edoyMVwTowNwzWLEnDyTpChcW0Q+tmrMaBqyiQIDAQABAoIBAQCX6E53X2J599q9 +NIsCWy2PdrI4oBfp4MpQ129RZVronV072j369CkfL17lJP/fsn6CP8cUEXdreuQy +sNVE6CSLltfTlhvkBtWai42fN3USTdx7YYPdPMeVuI1YwRR/cWL2UPF1yT2w84YW +zUmyMgn3TUkL4ihQMwoTvorc7lCAe7QjfiX1Gp8/2WxI/bwwN+Ny2wtNwYB+Anfr +oGK1r9BtJTjmoGyLbENXkrfZ0n+NRk5Wk8KE80Wlczt4zG5Drx7bjRERQnqxeKzS +oI7UMvhDQ5r/47n3fVApTec0pvwdgQ+2V8ZrpxK8fCk1qzZLO3rxwQrWkvYaCsf8 +dke07up1AoGBAOSRgmrfq/cgC9KEnwuPlmIPOgK3G2f0M3JiSoNlpwnvdb6mMRjs +Yb8dh/HftRMYng5xIItnwD0bBulh7jmNngYIfWDXOsgUfczTnslU7ukIEXtaks4Q +GN4In7qjNjaJEQKC7FMLVv+T0AEB3CunqIpRuumM/A6GPwVLpurzKzOrAoGBANOk +bDC6/FZ1tItQuiOUf0QwLbab6HaVC+DO4ciWnpd7zYD2hEGpP6tDsFfmASfG3/nG +L1RyZYenZYLMn7M2zVqgG1kspskrvlrkW/S+W+TL8c63ZpVhNBCWX1Buqve12uPX +NJQdQbrHQ0QXPcSMy1NuQ7LeLBx6gZoJ1wyETT6bAoGBAOQ+eeGHYg3xLl0WmkvN +IvrhAajceL2iGg3LIWV9CQTe3tF22+hrhGB4eNyL7CIZnxwE097hyBI8/vXnGSDX +zklwCOO/ia9q5wS2/gVGjxydNffcRmUHpg1yxy509RoYXagIXT3AQSwOytN2rAnb +7m3Rl7jJVJqcbCo5lYFhOm7pAoGADTVDsz7YJKUv4Unmc/X+g0jmcXEFbvEaTqta +l+QefaGyT4wS8O4ZFR0iUjn+dHcK31Go/oItJ+wgf6s5hDu1USSQ0F3jAscCGDYM +Lxf6MCsyKg50DnqEf0yDIkflz5O/11xE4cF5qqho4ET7C9sljU1iWDVZV2Wl1PEs +RJG1KGUCgYB5vjfn2gW5b5dcq6Os/MG8UhvG5WieAj/cAsQa21NXdRhxJg3J5ePE +U9Jwu1E9Jx4lfTh/LF4N6SIhp+OVFdnxoxNsHyLmLyKNPcoo0vOCZcBzUDtDtmg8 +WKrOKTnvqqsnjKZFWLDmogLvmfFF545V3wz2BHcL/gcqVhwr1gGokA== -----END RSA PRIVATE KEY----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.pem b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.pem index 0dc6e89d..9e20e51b 100644 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.pem +++ b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIC5DCCAcwCCQC+8AxRrhqgKDANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJB +MIIC5jCCAc4CCQC+8AxRrhqgKTANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJB VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 -cyBQdHkgTHRkMQ8wDQYDVQQDDAZ0ZXN0Y2EwHhcNMjAwNTE0MjAzMzE2WhcNMzAw -NTEyMjAzMzE2WjASMRAwDgYDVQQDDAdzZXJ2ZXIwMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAy2EPUsYhUx7Nyz88Lw5YS05sKJbqS6rA1hjtoB6G6Os+ -FNnoUZxdr8dqB31paK/MmLatgpRRdwKDgIBfo4WlN5XtTsABG4xVercqsSLwIwc8 -vsvYy7z6OzT9Ao/q2uZXS1IWk+iZ6wKQ/do5NHnV0rHPR+MqstGksYNG8hxOeb2J -rV7pMNerUbtg97WGnxpw+YRlXzwPQNQW31qqu7E8mWdFlhXcfSqJDpEzhFpjyv2M -+IQySpVf1bpRVNjWj9e7gjTbkVATrCi/GaXuffnLbwXlHFPerPLgCNTxw4iRZYuK -ycB7rGbHIfS7T7vv8VaFZFmmNvzmAlhJNKOIpjHjUQIDAQABMA0GCSqGSIb3DQEB -BQUAA4IBAQCb9Cf4v/fFfqKeZa4lsvkbXK7oA3YbF9Rb213CXlwsYJNY2xuviH4C -gqrQeZ3c8uqFpeWtLq1Vm+TU6qLydn4NzSh7W09TV7ofMRO3o5Qz26KMIyyYFWVq -NcUaUqx2gAEv+KQez+NEGtzulnLawG/ZZQczlVxnIouaC2XC3CFVZgUKv3rhczJk -fdwRHttA6hFRrRNSv35m8xuJ5nkO48Ol71Fg6n+L0h9cYSqG29znYWqET/WbtqGI -sglJuqgxPWi2qJeP3WNLAyoXTpOkQaJV10UQsFVP6RKEIpx1gPvLcF+lVbwadYdD -qQjXwoVouk0Td48BU86HHLgqyoxtkXiI +cyBQdHkgTHRkMQ8wDQYDVQQDDAZ0ZXN0Y2EwHhcNMjAwODExMTkxNTQ0WhcNMzAw +ODA5MTkxNTQ0WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC89rxOiBKWcDgARMQ+IQMZLRN3jJcMgXxCWDFfRmeO +am6qlHQUSE2lDOQ5JGKBpEf+3UdYTnY0z1M9GRtKyHaKX6Iidc934a/1WsNqgF5G +REOWARgv7td+DLxm8kAEEkMpHLOQx4LDaJE9N2QUaCPsvCoL3KpyuC3xAgd4fvvv +1jRsiidVLPKXa941BgWmLn8/X6EmQd4JwoJ+3byuoalucFYEPf3eLOxQuAGHwqqI +hiZTv2ytHhbcnkB/vT4nAIi+ii571u9+B4/hDhVzL1fCQdYnmb3qJFyv1BE4IZEo +y00nCG552jIxXBOjA3DNYsScPJOkKFxbRD62asxoGrKJAgMBAAEwDQYJKoZIhvcN +AQEFBQADggEBAKwUJd4nGTw71z7Zbg6ew0HOl5osgFJiKsu0ASNGDC004aNv0Kh7 +rs2EkpXk7jZPUK5x6hsGCcGpqgqP1CSdlNpjc3KKFOHViFwURRh3qR77FE1xyj1A +OUgUwM1OyIi/Q9HJrQmhBe8aPxf+XJe4f3QuKdiFBYufmD7UvMOWQCblxW8zggCA +1xCIPoJ/e+eKYG3wcVkPQxvrAIX/MdyGhk4syHwAeU3pPtT0JX8UgpHuRP/YsRqw +dlm2WrIqjnUyJbE+UUgYOJaW00M1/yOAHTCCaCQJDEaXjlgocdWmGsKLTcg8uYhK +mU5kUUfd6IM8yuaoRGK5FHlUpSOvO0BxE5I= -----END CERTIFICATE----- From ea80b36cbf6f061c6b88a1adc88c328676e94cca Mon Sep 17 00:00:00 2001 From: Sergei Egorov Date: Wed, 12 Aug 2020 18:08:32 +0200 Subject: [PATCH 8/8] Generate certs from Java --- plugins/grpc-transport-auth/build.gradle | 1 + .../liiklus/transport/grpc/GRPCTLSTest.java | 155 +++++++++++++++--- .../test/resources/keys/tls/ca-openssl.cnf | 17 -- .../src/test/resources/keys/tls/ca.key | 28 ---- .../src/test/resources/keys/tls/ca.pem | 20 --- .../src/test/resources/keys/tls/ca.srl | 1 - .../src/test/resources/keys/tls/client.csr | 15 -- .../src/test/resources/keys/tls/client.key | 28 ---- .../test/resources/keys/tls/client.key.rsa | 27 --- .../src/test/resources/keys/tls/client.pem | 18 -- .../src/test/resources/keys/tls/server0.csr | 15 -- .../src/test/resources/keys/tls/server0.key | 28 ---- .../test/resources/keys/tls/server0.key.rsa | 27 --- .../src/test/resources/keys/tls/server0.pem | 18 -- 14 files changed, 137 insertions(+), 261 deletions(-) delete mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/ca-openssl.cnf delete mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.key delete mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.pem delete mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.srl delete mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/client.csr delete mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key delete mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key.rsa delete mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/client.pem delete mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.csr delete mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key delete mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key.rsa delete mode 100644 plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.pem diff --git a/plugins/grpc-transport-auth/build.gradle b/plugins/grpc-transport-auth/build.gradle index 7186fea5..323f8a57 100644 --- a/plugins/grpc-transport-auth/build.gradle +++ b/plugins/grpc-transport-auth/build.gradle @@ -42,5 +42,6 @@ dependencies { testCompile project(":tck") testCompile project(":client") testCompile 'org.springframework.boot:spring-boot-starter-test' + testCompile 'org.bouncycastle:bcpkix-jdk15on:1.66' testRuntime project(":plugins:grpc-transport") } diff --git a/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java index d925fae8..2e6d761b 100644 --- a/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java +++ b/plugins/grpc-transport-auth/src/test/java/com/github/bsideup/liiklus/transport/grpc/GRPCTLSTest.java @@ -10,11 +10,28 @@ import io.grpc.netty.GrpcSslContexts; import io.grpc.netty.NettyChannelBuilder; import lombok.SneakyThrows; +import lombok.Value; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.BasicConstraints; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; +import org.bouncycastle.openssl.jcajce.JcaPEMWriter; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.util.io.pem.PemObject; import org.junit.Test; import org.junit.jupiter.api.function.ThrowingConsumer; import org.springframework.util.ResourceUtils; +import java.io.File; +import java.io.FileWriter; +import java.math.BigInteger; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; +import java.util.Date; import java.util.UUID; +import java.util.concurrent.TimeUnit; import java.util.function.Consumer; import static com.github.bsideup.liiklus.transport.grpc.GRPCAuthTest.getGRPCPort; @@ -25,15 +42,18 @@ public class GRPCTLSTest { @Test public void shouldConnectWithTLS() { + GeneratedCert rootCA = createCertificate("ca", null, true); + GeneratedCert server = createCertificate("localhost", rootCA, false); + withApp( app -> { app - .withProperty("grpc.tls.key", "file:src/test/resources/keys/tls/server0.key") - .withProperty("grpc.tls.keyCertChain", "file:src/test/resources/keys/tls/server0.pem"); + .withProperty("grpc.tls.key", server.getPrivateKeyFile().toURI().toString()) + .withProperty("grpc.tls.keyCertChain", server.getCertificateFile().toURI().toString()); }, port -> { var sslContext = GrpcSslContexts.forClient() - .trustManager(ResourceUtils.getFile("file:src/test/resources/keys/tls/ca.pem")) + .trustManager(ResourceUtils.getFile(rootCA.getCertificateFile().toURI())) .build(); var channel = NettyChannelBuilder @@ -48,11 +68,13 @@ public void shouldConnectWithTLS() { @Test public void shouldFailOnPlaintext() { + GeneratedCert rootCA = createCertificate("ca", null, true); + GeneratedCert server = createCertificate("localhost", rootCA, false); withApp( app -> { app - .withProperty("grpc.tls.key", "file:src/test/resources/keys/tls/server0.key") - .withProperty("grpc.tls.keyCertChain", "file:src/test/resources/keys/tls/server0.pem"); + .withProperty("grpc.tls.key", server.getPrivateKeyFile().toURI().toString()) + .withProperty("grpc.tls.keyCertChain", server.getCertificateFile().toURI().toString()); }, port -> { var channel = NettyChannelBuilder @@ -70,11 +92,13 @@ public void shouldFailOnPlaintext() { @Test public void shouldFailOnWrongCA() { + GeneratedCert rootCA = createCertificate("ca", null, true); + GeneratedCert server = createCertificate("localhost", rootCA, false); withApp( app -> { app - .withProperty("grpc.tls.key", "file:src/test/resources/keys/tls/server0.key") - .withProperty("grpc.tls.keyCertChain", "file:src/test/resources/keys/tls/server0.pem"); + .withProperty("grpc.tls.key", server.getPrivateKeyFile().toURI().toString()) + .withProperty("grpc.tls.keyCertChain", server.getCertificateFile().toURI().toString()); }, port -> { var sslContext = GrpcSslContexts.forClient() @@ -95,20 +119,20 @@ public void shouldFailOnWrongCA() { @Test public void mTLS() { + GeneratedCert rootCA = createCertificate("ca", null, true); + GeneratedCert server = createCertificate("localhost", rootCA, false); + GeneratedCert client = createCertificate("localhost", rootCA, false); withApp( app -> { app - .withProperty("grpc.tls.key", "file:src/test/resources/keys/tls/server0.key") - .withProperty("grpc.tls.keyCertChain", "file:src/test/resources/keys/tls/server0.pem") - .withProperty("grpc.tls.trustCert", "file:src/test/resources/keys/tls/ca.pem"); + .withProperty("grpc.tls.key", server.getPrivateKeyFile().toURI().toString()) + .withProperty("grpc.tls.keyCertChain", server.getCertificateFile().toURI().toString()) + .withProperty("grpc.tls.trustCert", rootCA.getCertificateFile().toURI().toString()); }, port -> { var sslContext = GrpcSslContexts.forClient() - .trustManager(ResourceUtils.getFile("file:src/test/resources/keys/tls/ca.pem")) - .keyManager( - ResourceUtils.getFile("file:src/test/resources/keys/tls/client.pem"), - ResourceUtils.getFile("file:src/test/resources/keys/tls/client.key") - ) + .trustManager(rootCA.getCertificateFile()) + .keyManager(client.getCertificateFile(), client.getPrivateKeyFile()) .build(); var channel = NettyChannelBuilder @@ -123,16 +147,49 @@ public void mTLS() { @Test public void shouldFailOnMutualTLSWithMissingCertClient() { + GeneratedCert rootCA = createCertificate("ca", null, true); + GeneratedCert server = createCertificate("localhost", rootCA, false); withApp( app -> { app - .withProperty("grpc.tls.key", "file:src/test/resources/keys/tls/server0.key") - .withProperty("grpc.tls.keyCertChain", "file:src/test/resources/keys/tls/server0.pem") - .withProperty("grpc.tls.trustCert", "file:src/test/resources/keys/tls/ca.pem"); + .withProperty("grpc.tls.key", server.getPrivateKeyFile().toURI().toString()) + .withProperty("grpc.tls.keyCertChain", server.getCertificateFile().toURI().toString()) + .withProperty("grpc.tls.trustCert", rootCA.getCertificateFile().toURI().toString()); }, port -> { var sslContext = GrpcSslContexts.forClient() - .trustManager(ResourceUtils.getFile("file:src/test/resources/keys/tls/ca.pem")) + .trustManager(rootCA.getCertificateFile()) + .build(); + + var channel = NettyChannelBuilder + .forAddress("localhost", port) + .sslContext(sslContext) + .build(); + + assertThatThrownBy(() -> publishWith(channel)) + .asInstanceOf(type(StatusRuntimeException.class)) + .satisfies(Throwable::printStackTrace) + .returns(Status.Code.UNAVAILABLE, it -> it.getStatus().getCode()); + } + ); + } + + @Test + public void shouldFailOnMutualTLSWithWrongCertClient() { + GeneratedCert rootCA = createCertificate("ca", null, true); + GeneratedCert server = createCertificate("localhost", rootCA, false); + GeneratedCert client = createCertificate("localhost", null, false); + withApp( + app -> { + app + .withProperty("grpc.tls.key", server.getPrivateKeyFile().toURI().toString()) + .withProperty("grpc.tls.keyCertChain", server.getCertificateFile().toURI().toString()) + .withProperty("grpc.tls.trustCert", rootCA.getCertificateFile().toURI().toString()); + }, + port -> { + var sslContext = GrpcSslContexts.forClient() + .trustManager(rootCA.getCertificateFile()) + .keyManager(client.getCertificateFile(), client.getPrivateKeyFile()) .build(); var channel = NettyChannelBuilder @@ -174,4 +231,64 @@ private void publishWith(ManagedChannel channel) { var client = new GRPCLiiklusClient(channel); client.publish(event).block(); } + + @Value + static class GeneratedCert { + PrivateKey privateKey; + File privateKeyFile; + + X509Certificate certificate; + File certificateFile; + } + + @SneakyThrows + private GeneratedCert createCertificate(String cnName, GeneratedCert issuer, boolean isCA) { + var certKeyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); + var name = new X500Name("CN=" + cnName); + + X500Name issuerName; + PrivateKey issuerKey; + if (issuer == null) { + issuerName = name; + issuerKey = certKeyPair.getPrivate(); + } else { + issuerName = new X500Name(issuer.getCertificate().getSubjectDN().getName()); + issuerKey = issuer.getPrivateKey(); + } + + var builder = new JcaX509v3CertificateBuilder( + issuerName, + BigInteger.valueOf(System.currentTimeMillis()), + new Date(), + new Date(System.currentTimeMillis() + TimeUnit.HOURS.toMillis(1)), + name, + certKeyPair.getPublic() + ); + + if (isCA) { + builder.addExtension(Extension.basicConstraints, true, new BasicConstraints(isCA)); + } + + var keyFile = File.createTempFile("key", ".key"); + try (var writer = new JcaPEMWriter(new FileWriter(keyFile))) { + writer.writeObject(new PemObject("RSA PRIVATE KEY", certKeyPair.getPrivate().getEncoded())); + } + var certificate = new JcaX509CertificateConverter().getCertificate( + builder.build( + new JcaContentSignerBuilder("SHA256WithRSA").build(issuerKey) + ) + ); + + var certFile = File.createTempFile("cert", ".pem"); + try (var writer = new JcaPEMWriter(new FileWriter(certFile))) { + writer.writeObject(certificate); + } + + return new GeneratedCert( + certKeyPair.getPrivate(), + keyFile, + certificate, + certFile + ); + } } diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca-openssl.cnf b/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca-openssl.cnf deleted file mode 100644 index 11daa7a6..00000000 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca-openssl.cnf +++ /dev/null @@ -1,17 +0,0 @@ -[req] -distinguished_name = req_distinguished_name -req_extensions = v3_req - -[req_distinguished_name] -countryName = Country Name (2 letter code) -countryName_default = AU -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = Some-State -organizationName = Organization Name (eg, company) -organizationName_default = Internet Widgits Pty Ltd -commonName = Common Name (eg, YOUR name) -commonName_default = testca - -[v3_req] -basicConstraints = CA:true -keyUsage = critical, keyCertSign \ No newline at end of file diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.key b/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.key deleted file mode 100644 index ad4b5a1a..00000000 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC36tdeQtA6I939 -r2fWCiEdQNPWNJy9RjHnYpEdldW7lZQhzk5L/qV0TJuraRyQAsM3JQMlkWL42gRd -4v2uCsolC+005CEKeKq8ClwAq0WiZR7nel6cutKZDQqzm2mLqRQsdfQQRRPC12Sz -1PktEYAmOEzk47+d8RSV35OBxtNESLwJLMCP7RF8bLI6Zl79oPKjtBtlUVe7bysf -VanN7O1gk+tT23H+ew/WzY78+CzVnFOZW8HHRxjUBkInJyM6pzEmF26RRYc0lVfI -pqUh7Hhav6FDZqL/ldUn0oeTs5zJY2PvPicgV7kZhYAAB1pHfYPeh7GMvtSNSpPC -bQbRK2LhAgMBAAECggEAbknBhKEERRklEe+RkOTaHrS1U4qRQ19IpbyR0O/9D1QP -VIZmpWO6zBb0csHBgwplDjh/vpOEij4SyEpKXYfS2IxiXok+1wytNb3wleYfB9cj -xSO4gLv3dhhABpx3mmx10IObK/aAdyK7HKvmEISiGElCsy9vxMLA2W8NAZG9NwBx -yaVEbN1oWCDtwhRt+Z9/IQMnPKbcw7aQDhclXb9ALv+0CO6NJQEDDfjuPgyNvlNc -nqg1AdFrPPzgGhVkZ9L8+HpoVTrNA+IkIi97c+SHlN3VeeuS16upNzeTEmu41xS2 -fAY8psmmOkLS9ehlxT4INyIiaw6ftZ0xYwrUFztrAQKBgQDrTd1TuI9jIHjQRXgt -bAAzJTTg9uG1HROyd0mDPolTdpb/cxSOsrBinEVThaPGz/v7GezxVyRIV1U7Pi7K -HANXKTWUCbW7CT7xgAZaoIDdNi6/MFU2R+/BJlN0hpWtCbpZgLHa8L2p/Q89lk3m -jjf9I1acMRQSiNNv+EcWdlxXaQKBgQDIF/IG7CWMc0pgTwSMnwLYCRmVDivuvMTe -h/Oir1sRfw4SkSi27PW/MBV0TQXJ+uJTiLQSvMA2MaZI6qdtl33bUfWFRtgj7zSu -2PPk3YCVosxGhZpytxXTk6OkYOUPpiQyeZ38NqXhv5DGxcjNFcWHorW5bMDB1WBY -6o94o994uQKBgBHD6zXq9UhypyxyUkR7pvg1kux5N0lJTLdosjAqhIu8pGHc+mxb -qV2IluNbb6YPBeNLbcw63A5qKZEzfKzduJLYFad7pDDe3dW16MTm4VPSR20/5O8Y -N03J6vsdPie2WE9xm/v/uRIgfQoVUwRZMHj4Ng3M1ssfcXc+s39KqGYhAoGAbNaZ -j6pjwkHz8u8ISnUz1s8cWzeaLgIAFAtfOt6napzxyqeqvdWm1pgRE3HR9EvDUCzL -xmVlKBVZndAFwlbk3qd2JUijyOgUgAcCozrY9ovXEYUavctY0/06xe7uqdR1W/9L -MCWJlYHd/kEXOHbfOygGMRY2wziNb9AmujhpFgECgYAsLyrduULDar0nWly3ao+j -1dOH9ArTyQIWZObdTRSkyv6kWHK4V6YGVVuQRX2RFnhwLJr38fZImNHbKsQuwkJc -NL36YdjyiAkKdqzPX+LIyt5lkyx5f7txi2hurdW4tLzeINKrwE7vmPcwWR0hIqcB -rG0yywacI9yqvcuqMWVJlA== ------END PRIVATE KEY----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.pem b/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.pem deleted file mode 100644 index 7a054a75..00000000 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDTzCCAjegAwIBAgIJANbrBjGopVe5MA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnRlc3RjYTAeFw0yMDA1MTQyMDIzNTRa -Fw0zMDA1MTIyMDIzNTRaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 -YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM -BnRlc3RjYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALfq115C0Doj -3f2vZ9YKIR1A09Y0nL1GMedikR2V1buVlCHOTkv+pXRMm6tpHJACwzclAyWRYvja -BF3i/a4KyiUL7TTkIQp4qrwKXACrRaJlHud6Xpy60pkNCrObaYupFCx19BBFE8LX -ZLPU+S0RgCY4TOTjv53xFJXfk4HG00RIvAkswI/tEXxssjpmXv2g8qO0G2VRV7tv -Kx9Vqc3s7WCT61Pbcf57D9bNjvz4LNWcU5lbwcdHGNQGQicnIzqnMSYXbpFFhzSV -V8impSHseFq/oUNmov+V1SfSh5OznMljY+8+JyBXuRmFgAAHWkd9g96HsYy+1I1K -k8JtBtErYuECAwEAAaMgMB4wDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQw -DQYJKoZIhvcNAQELBQADggEBAFqH4X7ctDW+gV7dRDWr4inhg8oRwNNlXSplxEs0 -BxLVKVOlgBN92nG2MvfVWkZ+whkxL+SpB8fJQ5CJ+HLdLgK8m9x0yvVIcbAAIy68 -jgEIIJBI16a0Geyb/uZxzULjmM0ZZGwu+2FQcKOQVHNlGodpb0TBkHGAjtKrpogP -xDfbJCNt1INJVt9ToUIhn8GP+JCbpWcPEyiwPgq5D4YPXdFfL3VRXj8Bbp0az5dS -M4FUOBvj3bX9L7mYHA6vB4piI9hxnFSeW5YUGTXkUZUFmnxnnnfECP5coQdgWOMt -erD02qJhhBPWwinov6pL19PKgV4bKyar2it75FY1gJRie64= ------END CERTIFICATE----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.srl b/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.srl deleted file mode 100644 index 40be62c1..00000000 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/ca.srl +++ /dev/null @@ -1 +0,0 @@ -BEF00C51AE1AA028 diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.csr b/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.csr deleted file mode 100644 index d5d0bfa3..00000000 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.csr +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICWjCCAUICAQAwFTETMBEGA1UEAwwKdGVzdGNsaWVudDCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAL8AJ4ja1+k8TAkp2r2kUa1bN2PkZiUz08Utq1E+ -/YfdguT5AGl8DBBoBPPIZ+toe0GK64x8FtYIC5wDOmFfs76CavHAj4sKJdQ0b5Sy -Dx8OU7bE6vWCx6xzGy8Z6Di/5XvB2g6B2yz0+MxlRy5BEj+0NoCfeVYzdX89f5Ka -uLAkZJnYxqV5ramrxnVNr53MWPOlNJ51puMQOaGrGAIJkmFslGkXLHz8+8GT5gYi -nkpvyH1BXvdZWOIQ8vOg3VdzB2OulqhCLJfjVA0p2GKFpO8Swy7AXzB67ypPhZfB -UbXW8ohATReT6j0o4HHL5Ne4b+UKuGh2BHRVB8sqpfjL08ECAwEAAaAAMA0GCSqG -SIb3DQEBCwUAA4IBAQBsP9FNuXudVcRd5WAsY5/vhnM70YP2nOOzdNaR/7kdqoxX -+9bAohqEQvm9UDaBo8OZw20iU9XQnJ1YRvpkg589yqLaTaZMw3CAJstvclaN7jHE -9+ICiwFiaceL82PGD94H31/uvFAZn0nwP9Zm20Oj7cYL3BfiejOHY9Fvjq6zWCE8 -kCCgkDkpnLu7OQn3oNBwbRkl4Py/kdnseG1jS7rgv1veNvwgJ0kXL2ERwYNqBcfx -wyNgp7k45p1m1HxzNcVK/PL4tc5Pfc9ChStlk97aA3KviELyUly9CpAfqKmOpnIq -wlI/uvOiyizugEt1IXrMTRXEaB41TyWqxOG3q4C+ ------END CERTIFICATE REQUEST----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key b/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key deleted file mode 100644 index cc36d79a..00000000 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/ACeI2tfpPEwJ -Kdq9pFGtWzdj5GYlM9PFLatRPv2H3YLk+QBpfAwQaATzyGfraHtBiuuMfBbWCAuc -AzphX7O+gmrxwI+LCiXUNG+Usg8fDlO2xOr1gsescxsvGeg4v+V7wdoOgdss9PjM -ZUcuQRI/tDaAn3lWM3V/PX+SmriwJGSZ2Malea2pq8Z1Ta+dzFjzpTSedabjEDmh -qxgCCZJhbJRpFyx8/PvBk+YGIp5Kb8h9QV73WVjiEPLzoN1XcwdjrpaoQiyX41QN -KdhihaTvEsMuwF8weu8qT4WXwVG11vKIQE0Xk+o9KOBxy+TXuG/lCrhodgR0VQfL -KqX4y9PBAgMBAAECggEAdx64iWC7Mao6Xait1IJrsitmczVaAy+8jof6BZS8eATN -gtJM0Hzd5UmKdSPys92YqXrjht1JPLkNzIIy4dHW/yTFX/rRS0zL5PnC8UDPr3W2 -/hD33KBwuXucY5bLvsDndXSj81JHiFVL6eXsK8vHftV8/GD5QqqbR/zp2FwIfUlQ -gKw7fzxRx2qutE4J4PjbManpcsJVcaP6LgcRDD4lOoSoctLk7iZbY3HXfODktV3w -eG6mY+MGcPs3agorQ1YV45f6HNGz2LIHkEYDio3QAd8d/gYDkCHDenw+KU7E3O8K -+IjVg1jYtgQpeI7MrHznfrxW8X74BiK+zHy8P9FMZQKBgQDvuOSHyO1NQz7ZTXJN -lffiO8O0oAJk0+snLsUb4MKNI2Ife6nGZnFDf8pYNFgt8aF+D8R135n2Hv+s/u3z -uOVM1x4634lU5U6WaN58kjUNqPKkwSpKfi/pEbbCuSAgvKpRwFqiBxabccyg06xu -41JhqjEonl9xyrZ/kbHY72GzBwKBgQDL+FSUkmeN9Gr/HNdnktOq0cdpoTdPibcL -taBGGpsVZcNv9sHscSFQvQQxAvlfU+9n5Op08VUIaFOuO2OeBKMUMp+q+oKcWBIf -zfxN7KdvMnBqTp7VUTKBYzz+VhV0uBYv7mlSk0im3qvAd9VohKH1OqG1Ids8xFii -Un2M1zko9wKBgGRlY9h2TuP30L+DTuatcyZdb0YbaUU+95HuZYCabgBcHEEhMmY0 -CyWAxIaSTYfYVZENG3NeVQWdz+hsz80t12KKCVAQxFw4uOQHQX6cYPm6kvxrJcIS -/Q+4ank8vPbY7N/WFl8bZt1tGI0WeXXrYFokw/fF9CUdB7d/liNLhfhLAoGBAJE8 -JLWZvcS1eg5nMfXc9XzXXL+Y/LJU5BKhZBsmzLCiwlOSB6ldMJS10is36+r18C0x -McTNJngTGSqhvSACO0Chf1GWiLPcfiNJX9L4pIwoBSWdD7ni1CyPRhnvn915Sssc -XsBegUfYm8EzUrDWaCAefJBmKB6PzHDgfedwRJInAoGAHfBTyodTBxeOi/SAdJyj -O3wLNv0xjc0qIAcxOoPHXEeKoi/aWKmi0MaGGrDXAimz8eFIcCI9bREVXAd2Iyg9 -SSVnmMXp7n008gw+C6AKWhV1a9p0hTebjHY5dg475A9b6vkZdSyVQcBWdS+rR2zl -qxWQIamZENQn0kaZDUf+dRA= ------END PRIVATE KEY----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key.rsa b/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key.rsa deleted file mode 100644 index 33392a5d..00000000 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.key.rsa +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAvwAniNrX6TxMCSnavaRRrVs3Y+RmJTPTxS2rUT79h92C5PkA -aXwMEGgE88hn62h7QYrrjHwW1ggLnAM6YV+zvoJq8cCPiwol1DRvlLIPHw5TtsTq -9YLHrHMbLxnoOL/le8HaDoHbLPT4zGVHLkESP7Q2gJ95VjN1fz1/kpq4sCRkmdjG -pXmtqavGdU2vncxY86U0nnWm4xA5oasYAgmSYWyUaRcsfPz7wZPmBiKeSm/IfUFe -91lY4hDy86DdV3MHY66WqEIsl+NUDSnYYoWk7xLDLsBfMHrvKk+Fl8FRtdbyiEBN -F5PqPSjgccvk17hv5Qq4aHYEdFUHyyql+MvTwQIDAQABAoIBAHceuIlguzGqOl2o -rdSCa7IrZnM1WgMvvI6H+gWUvHgEzYLSTNB83eVJinUj8rPdmKl644bdSTy5DcyC -MuHR1v8kxV/60UtMy+T5wvFAz691tv4Q99ygcLl7nGOWy77A53V0o/NSR4hVS+nl -7CvLx37VfPxg+UKqm0f86dhcCH1JUICsO388UcdqrrROCeD42zGp6XLCVXGj+i4H -EQw+JTqEqHLS5O4mW2Nx13zg5LVd8HhupmPjBnD7N2oKK0NWFeOX+hzRs9iyB5BG -A4qN0AHfHf4GA5Ahw3p8PilOxNzvCviI1YNY2LYEKXiOzKx85368VvF++AYivsx8 -vD/RTGUCgYEA77jkh8jtTUM+2U1yTZX34jvDtKACZNPrJy7FG+DCjSNiH3upxmZx -Q3/KWDRYLfGhfg/Edd+Z9h7/rP7t87jlTNceOt+JVOVOlmjefJI1DajypMEqSn4v -6RG2wrkgILyqUcBaogcWm3HMoNOsbuNSYaoxKJ5fccq2f5Gx2O9hswcCgYEAy/hU -lJJnjfRq/xzXZ5LTqtHHaaE3T4m3C7WgRhqbFWXDb/bB7HEhUL0EMQL5X1PvZ+Tq -dPFVCGhTrjtjngSjFDKfqvqCnFgSH838TeynbzJwak6e1VEygWM8/lYVdLgWL+5p -UpNIpt6rwHfVaISh9TqhtSHbPMRYolJ9jNc5KPcCgYBkZWPYdk7j99C/g07mrXMm -XW9GG2lFPveR7mWAmm4AXBxBITJmNAslgMSGkk2H2FWRDRtzXlUFnc/obM/NLddi -iglQEMRcOLjkB0F+nGD5upL8ayXCEv0PuGp5PLz22Ozf1hZfG2bdbRiNFnl162Ba -JMP3xfQlHQe3f5YjS4X4SwKBgQCRPCS1mb3EtXoOZzH13PV811y/mPyyVOQSoWQb -JsywosJTkgepXTCUtdIrN+vq9fAtMTHEzSZ4Exkqob0gAjtAoX9Rloiz3H4jSV/S -+KSMKAUlnQ+54tQsj0YZ75/deUrLHF7AXoFH2JvBM1Kw1mggHnyQZigej8xw4H3n -cESSJwKBgB3wU8qHUwcXjov0gHScozt8Czb9MY3NKiAHMTqDx1xHiqIv2lipotDG -hhqw1wIps/HhSHAiPW0RFVwHdiMoPUklZ5jF6e59NPIMPgugCloVdWvadIU3m4x2 -OXYOO+QPW+r5GXUslUHAVnUvq0ds5asVkCGpmRDUJ9JGmQ1H/nUQ ------END RSA PRIVATE KEY----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.pem b/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.pem deleted file mode 100644 index 5f04b8a0..00000000 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/client.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC5zCCAc8CCQC+8AxRrhqgJzANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJB -VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 -cyBQdHkgTHRkMQ8wDQYDVQQDDAZ0ZXN0Y2EwHhcNMjAwNTE0MjAzMTM3WhcNMzAw -NTEyMjAzMTM3WjAVMRMwEQYDVQQDDAp0ZXN0Y2xpZW50MIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAvwAniNrX6TxMCSnavaRRrVs3Y+RmJTPTxS2rUT79 -h92C5PkAaXwMEGgE88hn62h7QYrrjHwW1ggLnAM6YV+zvoJq8cCPiwol1DRvlLIP -Hw5TtsTq9YLHrHMbLxnoOL/le8HaDoHbLPT4zGVHLkESP7Q2gJ95VjN1fz1/kpq4 -sCRkmdjGpXmtqavGdU2vncxY86U0nnWm4xA5oasYAgmSYWyUaRcsfPz7wZPmBiKe -Sm/IfUFe91lY4hDy86DdV3MHY66WqEIsl+NUDSnYYoWk7xLDLsBfMHrvKk+Fl8FR -tdbyiEBNF5PqPSjgccvk17hv5Qq4aHYEdFUHyyql+MvTwQIDAQABMA0GCSqGSIb3 -DQEBBQUAA4IBAQC1hy5XM7rjsOOtpVwOLDZcn9NRmJ88M1J7/hheQZjpQ+BykKaN -pV3kLckQhPVg+jnSJXAb9ZtDl3yoYCbDZSUORRKAzkwm90VbYIRvGzy72dFYPlMN -PIlJ6jL1WC6rEXMp34CCb1e+EhUKgrUOF7hOKGis+6rQO82HgwdXc4jV2tn099DL -AKk8Wx5/BiFMsvoBxlQOwGsyRGXTkS8w40T0D2P4ILUiMV1EHdTSBR2g2Ao2OKya -vK4IKC67Z5ZWTwAbx3FkeM4wY7oyUbBgihK1mzmBboK65Achl573ufC9ynzRc/EU -m4A/w6lC6yfEMeJRXyYaVmebRC1nuJF+kPwk ------END CERTIFICATE----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.csr b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.csr deleted file mode 100644 index 15ab4c4b..00000000 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.csr +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAvPa8TogSlnA4AETEPiEDGS0Td4yXDIF8QlgxX0Zn -jmpuqpR0FEhNpQzkOSRigaRH/t1HWE52NM9TPRkbSsh2il+iInXPd+Gv9VrDaoBe -RkRDlgEYL+7Xfgy8ZvJABBJDKRyzkMeCw2iRPTdkFGgj7LwqC9yqcrgt8QIHeH77 -79Y0bIonVSzyl2veNQYFpi5/P1+hJkHeCcKCft28rqGpbnBWBD393izsULgBh8Kq -iIYmU79srR4W3J5Af70+JwCIvooue9bvfgeP4Q4Vcy9XwkHWJ5m96iRcr9QROCGR -KMtNJwhuedoyMVwTowNwzWLEnDyTpChcW0Q+tmrMaBqyiQIDAQABoAAwDQYJKoZI -hvcNAQELBQADggEBAFDbhTERyQW4gbOZ0O4ovJ16tUA6VRdTz/dehsB9af3mTunL -krbz97axj73hURB+scjAevGfypuvcESnjRpv98naTOWyLi+i4h2YVyoe++YeD57J -5cP7ja0rR4bZNYJst7Puh7zuOPm6XOZac8Dm8ir47VQzaU5bTay8vlKZ9CpOxfft -83pP4Lrfp4e/8+qK3hC6Dn16B5lCjnQ0GH6Ivo+AWSYRosOgoFoFI8I1ZhlQA3lH -PzYPGHdVDApt+HvpZEHDjINURXXt9T3miQNjCdAxtDkVcl34WOw2UBIprgDxsWd+ -tyW9wYBrgIeTfaeiQYUkREVRPDK9xoiJPpvD6hg= ------END CERTIFICATE REQUEST----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key deleted file mode 100644 index a9ca70b4..00000000 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC89rxOiBKWcDgA -RMQ+IQMZLRN3jJcMgXxCWDFfRmeOam6qlHQUSE2lDOQ5JGKBpEf+3UdYTnY0z1M9 -GRtKyHaKX6Iidc934a/1WsNqgF5GREOWARgv7td+DLxm8kAEEkMpHLOQx4LDaJE9 -N2QUaCPsvCoL3KpyuC3xAgd4fvvv1jRsiidVLPKXa941BgWmLn8/X6EmQd4JwoJ+ -3byuoalucFYEPf3eLOxQuAGHwqqIhiZTv2ytHhbcnkB/vT4nAIi+ii571u9+B4/h -DhVzL1fCQdYnmb3qJFyv1BE4IZEoy00nCG552jIxXBOjA3DNYsScPJOkKFxbRD62 -asxoGrKJAgMBAAECggEBAJfoTndfYnn32r00iwJbLY92sjigF+ngylDXb1FlWuid -XTvaPfr0KR8vXuUk/9+yfoI/xxQRd2t65DKw1UToJIuW19OWG+QG1ZqLjZ83dRJN -3Hthg908x5W4jVjBFH9xYvZQ8XXJPbDzhhbNSbIyCfdNSQviKFAzChO+itzuUIB7 -tCN+JfUanz/ZbEj9vDA343LbC03BgH4Cd+ugYrWv0G0lOOagbItsQ1eSt9nSf41G -TlaTwoTzRaVzO3jMbkOvHtuNERFCerF4rNKgjtQy+ENDmv/jufd9UClN5zSm/B2B -D7ZXxmunErx8KTWrNks7evHBCtaS9hoKx/x2R7Tu6nUCgYEA5JGCat+r9yAL0oSf -C4+WYg86ArcbZ/QzcmJKg2WnCe91vqYxGOxhvx2H8d+1ExieDnEgi2fAPRsG6WHu -OY2eBgh9YNc6yBR9zNOeyVTu6QgRe1qSzhAY3gifuqM2NokRAoLsUwtW/5PQAQHc -K6eoilG66Yz8DoY/BUum6vMrM6sCgYEA06RsMLr8VnW0i1C6I5R/RDAttpvodpUL -4M7hyJael3vNgPaEQak/q0OwV+YBJ8bf+cYvVHJlh6dlgsyfszbNWqAbWSymySu+ -WuRb9L5b5MvxzrdmlWE0EJZfUG6q97Xa49c0lB1BusdDRBc9xIzLU25Dst4sHHqB -mgnXDIRNPpsCgYEA5D554YdiDfEuXRaaS80i+uEBqNx4vaIaDcshZX0JBN7e0Xbb -6GuEYHh43IvsIhmfHATT3uHIEjz+9ecZINfOSXAI47+Jr2rnBLb+BUaPHJ0199xG -ZQemDXLHLnT1GhhdqAhdPcBBLA7K03asCdvubdGXuMlUmpxsKjmVgWE6bukCgYAN -NUOzPtgkpS/hSeZz9f6DSOZxcQVu8RpOq1qX5B59obJPjBLw7hkVHSJSOf50dwrf -Uaj+gi0n7CB/qzmEO7VRJJDQXeMCxwIYNgwvF/owKzIqDnQOeoR/TIMiR+XPk7/X -XEThwXmqqGjgRPsL2yWNTWJYNVlXZaXU8SxEkbUoZQKBgHm+N+faBblvl1yro6z8 -wbxSG8blaJ4CP9wCxBrbU1d1GHEmDcnl48RT0nC7UT0nHiV9OH8sXg3pIiGn45UV -2fGjE2wfIuYvIo09yijS84JlwHNQO0O2aDxYqs4pOe+qqyeMpkVYsOaiAu+Z8UXn -jlXfDPYEdwv+BypWHCvWAaiQ ------END PRIVATE KEY----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key.rsa b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key.rsa deleted file mode 100644 index 9e7bcea2..00000000 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.key.rsa +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAvPa8TogSlnA4AETEPiEDGS0Td4yXDIF8QlgxX0ZnjmpuqpR0 -FEhNpQzkOSRigaRH/t1HWE52NM9TPRkbSsh2il+iInXPd+Gv9VrDaoBeRkRDlgEY -L+7Xfgy8ZvJABBJDKRyzkMeCw2iRPTdkFGgj7LwqC9yqcrgt8QIHeH7779Y0bIon -VSzyl2veNQYFpi5/P1+hJkHeCcKCft28rqGpbnBWBD393izsULgBh8KqiIYmU79s -rR4W3J5Af70+JwCIvooue9bvfgeP4Q4Vcy9XwkHWJ5m96iRcr9QROCGRKMtNJwhu -edoyMVwTowNwzWLEnDyTpChcW0Q+tmrMaBqyiQIDAQABAoIBAQCX6E53X2J599q9 -NIsCWy2PdrI4oBfp4MpQ129RZVronV072j369CkfL17lJP/fsn6CP8cUEXdreuQy -sNVE6CSLltfTlhvkBtWai42fN3USTdx7YYPdPMeVuI1YwRR/cWL2UPF1yT2w84YW -zUmyMgn3TUkL4ihQMwoTvorc7lCAe7QjfiX1Gp8/2WxI/bwwN+Ny2wtNwYB+Anfr -oGK1r9BtJTjmoGyLbENXkrfZ0n+NRk5Wk8KE80Wlczt4zG5Drx7bjRERQnqxeKzS -oI7UMvhDQ5r/47n3fVApTec0pvwdgQ+2V8ZrpxK8fCk1qzZLO3rxwQrWkvYaCsf8 -dke07up1AoGBAOSRgmrfq/cgC9KEnwuPlmIPOgK3G2f0M3JiSoNlpwnvdb6mMRjs -Yb8dh/HftRMYng5xIItnwD0bBulh7jmNngYIfWDXOsgUfczTnslU7ukIEXtaks4Q -GN4In7qjNjaJEQKC7FMLVv+T0AEB3CunqIpRuumM/A6GPwVLpurzKzOrAoGBANOk -bDC6/FZ1tItQuiOUf0QwLbab6HaVC+DO4ciWnpd7zYD2hEGpP6tDsFfmASfG3/nG -L1RyZYenZYLMn7M2zVqgG1kspskrvlrkW/S+W+TL8c63ZpVhNBCWX1Buqve12uPX -NJQdQbrHQ0QXPcSMy1NuQ7LeLBx6gZoJ1wyETT6bAoGBAOQ+eeGHYg3xLl0WmkvN -IvrhAajceL2iGg3LIWV9CQTe3tF22+hrhGB4eNyL7CIZnxwE097hyBI8/vXnGSDX -zklwCOO/ia9q5wS2/gVGjxydNffcRmUHpg1yxy509RoYXagIXT3AQSwOytN2rAnb -7m3Rl7jJVJqcbCo5lYFhOm7pAoGADTVDsz7YJKUv4Unmc/X+g0jmcXEFbvEaTqta -l+QefaGyT4wS8O4ZFR0iUjn+dHcK31Go/oItJ+wgf6s5hDu1USSQ0F3jAscCGDYM -Lxf6MCsyKg50DnqEf0yDIkflz5O/11xE4cF5qqho4ET7C9sljU1iWDVZV2Wl1PEs -RJG1KGUCgYB5vjfn2gW5b5dcq6Os/MG8UhvG5WieAj/cAsQa21NXdRhxJg3J5ePE -U9Jwu1E9Jx4lfTh/LF4N6SIhp+OVFdnxoxNsHyLmLyKNPcoo0vOCZcBzUDtDtmg8 -WKrOKTnvqqsnjKZFWLDmogLvmfFF545V3wz2BHcL/gcqVhwr1gGokA== ------END RSA PRIVATE KEY----- diff --git a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.pem b/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.pem deleted file mode 100644 index 9e20e51b..00000000 --- a/plugins/grpc-transport-auth/src/test/resources/keys/tls/server0.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC5jCCAc4CCQC+8AxRrhqgKTANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJB -VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 -cyBQdHkgTHRkMQ8wDQYDVQQDDAZ0ZXN0Y2EwHhcNMjAwODExMTkxNTQ0WhcNMzAw -ODA5MTkxNTQ0WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQC89rxOiBKWcDgARMQ+IQMZLRN3jJcMgXxCWDFfRmeO -am6qlHQUSE2lDOQ5JGKBpEf+3UdYTnY0z1M9GRtKyHaKX6Iidc934a/1WsNqgF5G -REOWARgv7td+DLxm8kAEEkMpHLOQx4LDaJE9N2QUaCPsvCoL3KpyuC3xAgd4fvvv -1jRsiidVLPKXa941BgWmLn8/X6EmQd4JwoJ+3byuoalucFYEPf3eLOxQuAGHwqqI -hiZTv2ytHhbcnkB/vT4nAIi+ii571u9+B4/hDhVzL1fCQdYnmb3qJFyv1BE4IZEo -y00nCG552jIxXBOjA3DNYsScPJOkKFxbRD62asxoGrKJAgMBAAEwDQYJKoZIhvcN -AQEFBQADggEBAKwUJd4nGTw71z7Zbg6ew0HOl5osgFJiKsu0ASNGDC004aNv0Kh7 -rs2EkpXk7jZPUK5x6hsGCcGpqgqP1CSdlNpjc3KKFOHViFwURRh3qR77FE1xyj1A -OUgUwM1OyIi/Q9HJrQmhBe8aPxf+XJe4f3QuKdiFBYufmD7UvMOWQCblxW8zggCA -1xCIPoJ/e+eKYG3wcVkPQxvrAIX/MdyGhk4syHwAeU3pPtT0JX8UgpHuRP/YsRqw -dlm2WrIqjnUyJbE+UUgYOJaW00M1/yOAHTCCaCQJDEaXjlgocdWmGsKLTcg8uYhK -mU5kUUfd6IM8yuaoRGK5FHlUpSOvO0BxE5I= ------END CERTIFICATE-----