diff --git a/.cargo/config.toml b/.cargo/config.toml new file mode 100644 index 000000000..f0ccbc9a8 --- /dev/null +++ b/.cargo/config.toml @@ -0,0 +1,2 @@ +[alias] +xtask = "run --package xtask --" \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fec4c17a0..d5754cba8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,217 +1,184 @@ -name: Cargo tests +name: Cargo Tests + on: push: - branches: - - main + branches: [ main ] pull_request: + + jobs: clippy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - - uses: actions-rs/toolchain@v1 - with: - components: clippy - override: true - - name: Install dependencies - run: sudo apt install -y openssl libkrb5-dev - - uses: actions-rs/clippy-check@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - args: --features=all - - format: - runs-on: ubuntu-latest + - uses: actions/checkout@v5 # checkout versions have been updated. previous v1/2 + - uses: dtolnay/rust-toolchain@stable # changed to stable + with: + components: rustfmt, clippy - steps: - - uses: actions/checkout@v2 - - uses: actions-rs/toolchain@v1 - with: - components: rustfmt - override: true - - uses: mbrobbel/rustfmt-check@master - with: - token: ${{ secrets.GITHUB_TOKEN }} + - name: Install dependencies + run: sudo apt-get update && sudo apt-get install -y libkrb5-dev krb5-user && sudo ln -s /usr/include/krb5/gssapi /usr/include/gssapi + + - run: cargo clippy --features=all + + - run: cargo fmt --check cargo-test-linux: runs-on: ubuntu-latest - strategy: fail-fast: false matrix: - database: - - 2017 - - 2019 - - 2022 - - azure-sql-edge - features: - - "--features=all" - - "--no-default-features" - - "--no-default-features --features=chrono" - - "--no-default-features --features=time" - - "--no-default-features --features=rustls" - - "--no-default-features --features=vendored-openssl" - + engine: [ 2017, 2019, 2022, "azure" ] env: - TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;user=SA;password=;TrustServerCertificate=true" - RUSTFLAGS: "-Dwarnings" + TIBERIUS_TEST_INSTANCE: "MSSQLSERVER" + # TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:127.0.0.1,1433;IntegratedSecurity=true;TrustServerCertificate=true" + # TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;IntegratedSecurity=true;TrustServerCertificate=true" + # TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;user=sa;password=;TrustServerCertificate=true" steps: - - uses: actions/checkout@v2 + - name: Checkout repository + uses: actions/checkout@v5 + + - name: Install dependencies + run: sudo apt-get update && sudo apt-get install -y libkrb5-dev krb5-user && sudo ln -s /usr/include/krb5/gssapi /usr/include/gssapi + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable - - uses: actions-rs/toolchain@v1 + # we use the same cache key irrespective of the + # SQL server version + - name: Setup Cargo build cache + uses: actions/cache@v4 + with: + path: target + key: ubuntu-cargo - - uses: actions/cache@v2 - with: - path: | - ~/.cargo/registry - ~/.cargo/git - target - key: ${{ runner.os }}-cargo-${{ matrix.features }} + - run: cargo xtask container ${{ matrix.engine }} - - name: Start SQL Server ${{matrix.database}} - run: DOCKER_BUILDKIT=1 docker-compose -f docker-compose.yml up -d mssql-${{matrix.database}} + # Wait for SQL Server + - run: sleep 25 - - name: Install dependencies - run: sudo apt install -y openssl libkrb5-dev + - run: cargo xtask test --features=all + - run: cargo xtask test --no-default-features + - run: cargo xtask test --no-default-features --features=chrono + - run: cargo xtask test --no-default-features --features=rustls + - run: cargo xtask test --no-default-features --features=time + - run: cargo xtask test --no-default-features --features=vendored-openssl - - name: Run tests - run: cargo test ${{matrix.features}} + - run: cargo xtask stop ${{ matrix.engine }} cargo-test-windows: runs-on: windows-latest - strategy: fail-fast: false matrix: database: - - 2019 - features: - - "--features=all" - - "--no-default-features --features=rustls,winauth" - - "--no-default-features --features=vendored-openssl,winauth" - + - 2019 env: TIBERIUS_TEST_INSTANCE: "MSSQLSERVER" - TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:127.0.0.1,1433;IntegratedSecurity=true;TrustServerCertificate=true" + # TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:127.0.0.1,1433;IntegratedSecurity=true;TrustServerCertificate=true" + TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;IntegratedSecurity=true;TrustServerCertificate=true" steps: - - uses: actions/checkout@v2 - - - uses: actions-rs/toolchain@v1 - - - name: Set required PowerShell modules - id: psmodulecache - uses: potatoqualitee/psmodulecache@v1 - with: - modules-to-cache: SqlServer - - - name: Setup PowerShell module cache - id: cacher - uses: actions/cache@v2 - with: - path: ${{ steps.psmodulecache.outputs.modulepath }} - key: ${{ steps.psmodulecache.outputs.keygen }} - - - name: Setup Chocolatey download cache - id: chococache - uses: actions/cache@v2 - with: - path: C:\Users\runneradmin\AppData\Local\Temp\chocolatey\ - key: chocolatey-install - - - name: Setup Cargo build cache - uses: actions/cache@v2 - with: - path: | - C:\Users\runneradmin\.cargo\registry - C:\Users\runneradmin\.cargo\git - target - key: ${{ runner.os }}-cargo - - - name: Install required PowerShell modules - if: steps.cacher.outputs.cache-hit != 'true' - shell: powershell - run: | - Set-PSRepository PSGallery -InstallationPolicy Trusted - Install-Module SqlServer - - - name: Install SQL Server ${{matrix.database}} - shell: powershell - run: | - choco feature disable --name="'exitOnRebootDetected'" - $ErrorActionPreference = 'SilentlyContinue' - choco install sql-server-${{matrix.database}} --params="'/IgnorePendingReboot'" - - - name: Setup SQL Server ${{matrix.database}} - shell: powershell - run: | - Import-Module 'sqlps' - - [reflection.assembly]::LoadWithPartialName("Microsoft.SqlServer.Smo") | Out-Null - [reflection.assembly]::LoadWithPartialName("Microsoft.SqlServer.SqlWmiManagement") | Out-Null - - $serverName = $env:COMPUTERNAME - $instanceName = "MSSQLSERVER" - - $smo = 'Microsoft.SqlServer.Management.Smo.' - $wmi = new-object ($smo + 'Wmi.ManagedComputer') - $wmi - - # Enable TCP/IP - echo "Enabling TCP/IP" - $Tcp = $wmi.GetSmoObject("ManagedComputer[@Name='$serverName']/ServerInstance[@Name='$instanceName']/ServerProtocol[@Name='Tcp']") - $Tcp.IsEnabled = $true - $Tcp.alter() - $Tcp - - # Enable named pipes - echo "Enabling named pipes" - $Np = $wmi.GetSmoObject("ManagedComputer[@Name='$serverName']/ServerInstance[@Name='$instanceName']/ServerProtocol[@Name='Np']") - $Np.IsEnabled = $true - $Np.Alter() - $Np - - # Set Alias - echo "Setting the alias" - New-Item HKLM:\SOFTWARE\Microsoft\MSSQLServer\Client -Name ConnectTo | Out-Null - Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\MSSQLServer\Client\ConnectTo -Name '(local)' -Value "DBMSSOCN,$serverName\$instanceName" | Out-Null - - # Start services - echo "Starting services" - Set-Service SQLBrowser -StartupType Manual - Start-Service SQLBrowser - net stop MSSQLSERVER - net start MSSQLSERVER - - - name: Run normal tests - shell: powershell - run: cargo test ${{matrix.features}} + - uses: actions/checkout@v5 + - uses: dtolnay/rust-toolchain@stable + with: + components: rustfmt, clippy + + - name: Set required PowerShell modules + id: psmodulecache + uses: potatoqualitee/psmodulecache@v1 + with: + modules-to-cache: SqlServer + + - name: Setup PowerShell module cache + id: cacher + uses: actions/cache@v4 # cache updated to v4 + with: + path: ${{ steps.psmodulecache.outputs.modulepath }} + key: ${{ steps.psmodulecache.outputs.keygen }} + + - name: Cache Cargo build cache + uses: actions/cache@v4 # cache command, updated to v4 + with: + path: | + ~/.cargo/registry + ~/.cargo/git + target + key: windows-cargo-${{ hashFiles('**/Cargo.lock') }} + + - name: Install required PowerShell modules + if: steps.cacher.outputs.cache-hit != 'true' + shell: powershell + run: | + Set-PSRepository PSGallery -InstallationPolicy Trusted + Install-Module SqlServer + + - name: Install SQL Server ${{matrix.database}} + shell: powershell + run: | + choco feature disable --name="'exitOnRebootDetected'" + $ErrorActionPreference = 'SilentlyContinue' + choco install sql-server-${{matrix.database}} --params="'/IgnorePendingReboot'" + + - name: Setup SQL Server ${{matrix.database}} + shell: powershell + run: | + Import-Module 'sqlps' + [reflection.assembly]::LoadWithPartialName("Microsoft.SqlServer.Smo") | Out-Null + [reflection.assembly]::LoadWithPartialName("Microsoft.SqlServer.SqlWmiManagement") | Out-Null + $serverName = $env:COMPUTERNAME + $instanceName = "MSSQLSERVER" + $smo = 'Microsoft.SqlServer.Management.Smo.' + $wmi = new-object ($smo + 'Wmi.ManagedComputer') + $wmi + # Enable TCP/IP + echo "Enabling TCP/IP" + $Tcp = $wmi.GetSmoObject("ManagedComputer[@Name='$serverName']/ServerInstance[@Name='$instanceName']/ServerProtocol[@Name='Tcp']") + $Tcp.IsEnabled = $true + $Tcp.alter() + $Tcp + # Enable named pipes + echo "Enabling named pipes" + $Np = $wmi.GetSmoObject("ManagedComputer[@Name='$serverName']/ServerInstance[@Name='$instanceName']/ServerProtocol[@Name='Np']") + $Np.IsEnabled = $true + $Np.Alter() + $Np + # Set Alias + echo "Setting the alias" + New-Item HKLM:\SOFTWARE\Microsoft\MSSQLServer\Client -Name ConnectTo | Out-Null + Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\MSSQLServer\Client\ConnectTo -Name '(local)' -Value "DBMSSOCN,$serverName\$instanceName" | Out-Null + # Start services + echo "Starting services" + Set-Service SQLBrowser -StartupType Manual + Start-Service SQLBrowser + net stop MSSQLSERVER + net start MSSQLSERVER + + - shell: powershell + run: cargo test --features=all + - shell: powershell + run: cargo test --no-default-features --features=rustls,winauth + - shell: powershell + run: cargo test --no-default-features --features=vendored-openssl,winauth cargo-test-macos: - runs-on: macos-12 + runs-on: macos-26 strategy: fail-fast: false matrix: database: - - 2019 - features: - - "--no-default-features --features=rustls,chrono,time,tds73,sql-browser-async-std,sql-browser-tokio,sql-browser-smol,integrated-auth-gssapi,rust_decimal,bigdecimal" - - "--no-default-features --features=vendored-openssl" - - env: - TIBERIUS_TEST_CONNECTION_STRING: "server=tcp:localhost,1433;user=SA;password=;TrustServerCertificate=true" + - 2019 steps: - - uses: actions/checkout@v2 - - - uses: actions-rs/toolchain@v1 - - - uses: docker-practice/actions-setup-docker@master - - name: Start SQL Server ${{matrix.database}} - run: DOCKER_BUILDKIT=1 docker-compose -f docker-compose.yml up -d mssql-${{matrix.database}} + - uses: actions/checkout@v5 + - uses: dtolnay/rust-toolchain@stable + with: + components: clippy - - name: Run tests - run: cargo test ${{matrix.features}} + # For now we're not running the integration tests in macos, + # only running the unit tests + - run: cargo test --no-default-features --features=vendored-openssl --lib + - run: cargo test --no-default-features --features=rustls,chrono,time,tds73,sql-browser-tokio,sql-browser-smol,integrated-auth-gssapi,rust_decimal,bigdecimal --lib + - run: cargo clippy ${{ matrix.features }} diff --git a/.gitignore b/.gitignore index 147270ed4..c19d2fb33 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ Cargo.lock .idea .direnv/ .vscode +mssql.crt +mssql.key diff --git a/Cargo.toml b/Cargo.toml index 0caaac815..cf01c1759 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -16,7 +16,7 @@ repository = "https://github.com/prisma/tiberius" version = "0.12.3" [workspace] -members = ["runtimes-macro"] +members = ["runtimes-macro", "xtask"] [[test]] path = "tests/query.rs" diff --git a/README.md b/README.md index 44398dc55..11998e5d6 100644 --- a/README.md +++ b/README.md @@ -142,3 +142,11 @@ async fn main() -> Result<(), Box> { ## Security If you have a security issue to report, please contact us at [security@prisma.io](mailto:security@prisma.io?subject=[GitHub]%20Prisma%202%20Security%20Report%20Tiberius) + +## Notes + +We have native TLS, open TLS, and rust TLS. In the event that multiple are chosen the one with the lowest number will always "win". + +1. Rust TLS +2. Native TLS +3. Open TLS \ No newline at end of file diff --git a/ca.key b/ca.key new file mode 100644 index 000000000..7137a5f38 --- /dev/null +++ b/ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC+j+3lvjgBn/bT +WZF1DMOtxlLHmcH6nbwFop8mDCFlDP9i3n6ZjMDelaFlY4sWoOYWDq8JUWkkYfRO +1b05RobIqFsNjoi6cDwJjsbGsgK9tWYqhsuuLiQBpTon1QDpmcvntz/iAWuwuW6A +Kh9d3mn2V0E1cf8+tY93WNMdHDz4nwSBNdnvqVa7rDswtvmtB3BOIMao2vCAyFr9 +BAPUNPrsmOaMukmmi4K1bV1nZP83aTlTzzZ5rs4mk7GVnwbGc/gP0jnsnNi+F/FY +isyrjqWYa36y+px+Zzt9eMhifUQlu9Aa/xDhZnZ6DVrYvcOW5uxH0v2MBFZfN+we +OKgHLvGmaHUWdYR49E58NZMwkiSObVN98Fq2t+KGW8GzSIJko1rjuMDtlDGyr1as +VPeS6awEzgbSfUeOIsNg0xiVzC4a/1GwQhSVW9mHZcFgOFxk1svMZpQFvRn40t5V +82oOkdPbn/1qKMnEo+a4jNjcEik39GsTXbZ1YweE6toP3eRAzMr1okWrLXP1vuET +kENge5OUKuM3pNnVT6LL5dw4ztP8yL/jWsSQGsjNCA6BCarO2efRtQzjDCkSZNUT +Z4K19Susje6ldp9cIvamLSSnCjqe7BbmM5o1l92tYIM/iDpyCFqDvutqDDMDu3l4 +NJy/WZpe785MT0zwLvPlNYZzxDk1IQIDAQABAoICABwzqs58Z0d+SAYhVFCRUghO +uIOHstiHLYNb/NehpfORh9429V9+IDEQzfD2WWhA6axMAgWMAdZ7lK9yHG30jQ/3 +MnqAJKYK5Ce59JsFTziKNxOGHXCqrXN8421vrZHky/OAADlPYoOl/b+D/F5lAyOM +6D6jn1XFgvTztVKykidtSTpiIN3CHu7pX10nRy4fUrSNTzlAJaW5gRW+2V43dQc8 +3anoC+xU60Q0akVaAhdOQEix+urpPuMgqoBtJ5CJKyYUQ7RLxhvj6TjkWcPt+X3k +Mr0EL9LZLkm0bVt+FG7NK9BC/VmOU2xeu5omA2M6y68Zf6KQJcQzv4L9eYiOnv5z +PDjFQz+VlqFB74uwobYkAz0T+MKy1/NZHDakZXCgSkm5VpG8RJ14eXejJU3D3Uqc +qAI8rMUxBFADDloeKJ7kDIyynU2n8n0SrzFpNA3SxxFTnF4G7bvDea1gOeeygdGf +zqxDwCGRCXb3/6WPUQilC4gK+t70nzDI2LoUFn/4azJ8MkiA+nKGiwD7TSrhDqv2 +1yvQIteCc08gz0OwRpNsceuQAf6k6mU9IhWuZge7Mv46myeHczZcO2VyGiRUYJ5S +w6O3r3HlH9j5PcpSLNhe1THJ6wTUpmYsPxPWKE8n7wR6RIL3Ge3RqP2i6K4c3pvK +kUbrk1hB3jwkpLX9Fdk9AoIBAQDlp+0hw6xU9CgxLjygjZIgvYUZiqWtAjp0g7xR +g8WJelc1WrzHGieMF3TvkR7mB6KV6A483fuG9qrjLIyfjMkdWzp1EVpdwTDCK1/y +C2co7lh8qBhLDSJNslESmjfb6C09aBygeozU+GucLeieD2jMfo3nUoEQvfga03Oa +Btu9lVeBhUCS08iEMvG1wdE6elles1eLqEjbsWivRAOMVHXVTpNspuaAJTxbMh9g +CIhcz9YeX3Fc3nhAoV7DSazEigAwxZTpZgvRlqbU+7Rz2xngU4ga/BGFu/tWOPgN +iODO1qE15oZ9dSbPNH9/Fn6KFQEnLkMrKkpa9qv1nOm2w7c7AoIBAQDUa/oReeGj +BBn8t//y0dnqGRjt4sM3M6Uq9Jg4DgkHe4Ktkd8dUmj7GkLci+IFnsaFBG2AVvEU +fP+lsO8cCPF47XCfiPANUiRM2MAL5KQTCbasgn28fSeSdo+cLcdWkfaBMWXbY4iL +abiQhdodpKvq0OkPzCKT8/Ep1SzwJxYrIWArco+F4YQevaosRbExEAR22aCckWV1 +5qE182NHB/EVI6jUIQYXuKZ2jxO0/bqQw8yrd1u1ZTZ20rbl9Lcx7R3ZnIBZnk9h +CKEPm5chpwIIQ6DYRekqxyrHItE5z+mjxlXYXHWpRVkRJcPy/SIgMJijg0C7V6A6 +EeqmbqgEA5dTAoIBAQCM09j6J3956O7smanb2nSNVypTa04FNaSa5l2IrwFnOHpZ +4XZ5sXQm2AuBDMCh1nTA8Dgq4wTm0kQgYqUpAbAiLFtAho+fhmRb7TU8u/lahC4G +4x1iiH9MndhRS/iNBWcYjMthLUVHI775Wr2Wj2R4YfKqs1Ep7xRBfwEYprQBIZ8z +cX8TioMfbg4CowOmlHhRNjCtF1j2P2guccqrNu+7CiAlNIOMeUj1s1rCDPlx0JFA +ts5RYKrlFw+BOaCUNPvA7KhQJ59/up47ZM5XbTgE87Q2t/QWyhtp2C1kP1d7/umE +oARA0qIl1c+JI0YdbpvyZtARnDFUbocsajh3NrUZAoIBAGh7T73G0EfpXYrjSf46 +X8/4Vj2z2sdNHMF7G1/+70wB4S3UYQTAIyjXKunl199h0E1e9yk4Gk40iV4LICEO ++Q684zdlGIXE0FwIBLYU2OsQTQyfBo9uk8dDj7GHBtQ66R90l6AIXgIMlx5m5/jK +pVDTPr9pbdyOESG9W+QnpYzDVtUn/RYh7WVdbtVl1hjGwxteQdSg42HRdZvewgcP +DfKS3piwQZnrVd1c1Jmib2CDHil8hNw9E0Pwsst6yZzB/3uosazi5DJbFzVhFz4T +Mjm0YenewSgsXIskQfsIm+fVRyYrnCgNFxkLFU1wWpewr3NFvNIo8IN/ioYgSX3n +8kcCggEBAN7oH8MURsRHx4vMetd7JsHY6E7xQVT2u35dH5sJ3JAr2ggxFHZtkieA +7f6c86Zxn2lDXyqtQkSdMlJ3XEK356pm8jOBq49WA5WdlsTzWcDs30DI8iyjrdm6 +i4U4P6HOaRkvcmFN9fz0TAsGRezx3gUHsxcRAG4vPiddKdENQqds9TznNzaHbyKo +l7dhFO76AUbh5N1iHZQ+6+S1CenaS3VR0Lb1cuIUscBHNk7E4dB6Qqrho7kARDvi +wJenyf5YsW3N2Q8CnyYFtvVRcQ3IvkY18M0SntiyzXIw5P3nyLxPm0NwnI68865K +KhBR55dIcsb/bYj2RPDQXafSRs5t8yg= +-----END PRIVATE KEY----- diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index db5f3a39a..000000000 --- a/docker-compose.yml +++ /dev/null @@ -1,45 +0,0 @@ -version: "3" -services: - mssql-2022: - build: - context: docker/ - dockerfile: docker-mssql-2022.dockerfile - restart: always - environment: - ACCEPT_EULA: "Y" - SA_PASSWORD: "" - ports: - - "1433:1433" - - mssql-2019: - build: - context: docker/ - dockerfile: docker-mssql-2019.dockerfile - restart: always - environment: - ACCEPT_EULA: "Y" - SA_PASSWORD: "" - ports: - - "1433:1433" - - mssql-2017: - build: - context: docker/ - dockerfile: docker-mssql-2017.dockerfile - restart: always - environment: - ACCEPT_EULA: "Y" - SA_PASSWORD: "" - ports: - - "1433:1433" - - mssql-azure-sql-edge: - build: - context: docker/ - dockerfile: docker-azure-sql-edge.dockerfile - restart: always - environment: - ACCEPT_EULA: "Y" - SA_PASSWORD: "" - ports: - - "1433:1433" diff --git a/docker/certs/README.md b/docker/certs/README.md deleted file mode 100644 index 9d18788b0..000000000 --- a/docker/certs/README.md +++ /dev/null @@ -1,9 +0,0 @@ -Certificate generation ----------------------- - -In order to prepare the necessary self-signed certificates run the following commands - - ./generate-ca.sh - ./generate-signed-cert.sh server - -The first script creates a new signing-certificate, the second will then create new certificates with the given name, signed by the customCA.crt. diff --git a/docker/certs/customCA.crt b/docker/certs/customCA.crt deleted file mode 100644 index 0eff4f58b..000000000 --- a/docker/certs/customCA.crt +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE/zCCAuegAwIBAgIUATFLyERaRfsQiPasMC5l0vrBMUMwDQYJKoZIhvcNAQEL -BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yMjA0MDYxMjAxNDVaFw0yNzExMTQxMjAx -NDVaMA8xDTALBgNVBAMMBEFjbWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQCmErbo7baWUTsGaVMBCAmEuSqzxEPJpiAWFewreWliT3tA2XAIDkSfeZwa -yHDs1noFZN4HBTyLkxay0EHVUpTk/qIZEbGFEiYHDnX68HtFVj63tMQMjoH2itAw -c3DHEZqt2PB03NU7iUwBoXLVSTWyVBOUFac4CobSh7h9dGRZFSweOXMETZxDt/cH -OrzElzYPISxU/EIohiGSuTgSSEdxqVbNgYYE17D/envs84SXA8AbymbwshoEGhpj -ljWWHXame8foh3zVyfIqSXRmMZumxeJtjl0qAkb4eq7drWAfbw8fn6I5vK+Mzo4l -sbKugd8GAI/DvRcrg2MuDDfIGPViFeodh5dwUrL2rYA7YAqhBB/J/0pnaD83JrDZ -u50/XBnmvFJNqp7sQdqVa4oRQJTwzJhW1eo6HuoVfjPH247LhUXoWgwqhFW+AWJB -OTcf19ui8/ZJd258B9A6gaWcjvjEtPbJAOhVGjfKKLpLUV6B6dFZhS39P0zu6xgQ -hIvRgf07eOtUauq+AVtIYp3vNbFmFELdLShjEGOUVjKZmll13tikvYn6w0dz07aA -Q78r1nZUO/fcdjNpJ6td3ikPoj3AOnH9qOo6W20/6l6yo5f1Mzx/H497ym5a92IC -v3iymhTe7S3WPi/Ga8NDSTmnw2It+tRmm48lNCPZsRKDqbP9vwIDAQABo1MwUTAd -BgNVHQ4EFgQURHcTzm1u6x8WiXeAWDblHzwBt9kwHwYDVR0jBBgwFoAURHcTzm1u -6x8WiXeAWDblHzwBt9kwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC -AgEACs6j0K09IYQk384RDvxgV4RfyM2K0ZQ+XadIICsYupYpDE8k4gK1q2sooxeQ -78gOoknpcbINVTMX0EJ64JWGJF3kXODgyMp9hDQyRrFIZpUQwhFRnwYshdKrkLFM -c4MQ4kZHc7Mah6pkE3yUXCiOJ5FuSTTneKz5nmXDcacqB2NPl5W6FUr2MFbgZTBM -NMHyUrjh4EIAfN9X4gDSwQGihj28mpn+8bQ9MNk9kMNKzz4tBLpIbcnD/hUuRJ7r -IKAx2ynKFA9y5RLQAfUvy7/9y4YeEMzbv1hBdbuNrzLR85nRkZ1ulZXGEbnmIYZi -xR57aeiWBu8b2z4pkmT1Lw8dFBYYHzVWm1/JgwaAmeaXNGM/Uh/yrJ1VuxRaXvf3 -2AveaamWdbpXz9qK609CUbfmVXR+Sh2JgIDfkPftRcbiwJDAUtdOBO/4at2MDJ4L -WikuZhttKMeRNd7KCUG5Ghy/T2XpMa6xS1927EUDN0Rv3gXcJ/qPmWFqI5xAAeh7 -ZkZ87w6XjpUaMbUlszR+EgpgD32NGfrWOPGFCipT3q+KGN0orWHlWus9l3uESf5l -OXZzPNAwr/qlK37QETSt03Gg4s9613HJ61cmuh7B2Z4DjlhxKCM5sgOXUozOG7Ix -uFkUxUQtrnwcemtW05tn4ycgIHWASOeQrdOubszMU5yrREE= ------END CERTIFICATE----- diff --git a/docker/certs/customCA.key b/docker/certs/customCA.key deleted file mode 100644 index cf0d5167e..000000000 --- a/docker/certs/customCA.key +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,3D346DDB5BD4773F - -Ub2rB4q5TtVC4JgcpSn6cpM+ZfMLYAmk9pL6iY004daCdLVUdxXa+yhBUUAUYUP0 -BtaYEST5nwGQcu2HZBar0pFalmyCE4p+ItlHwnZlsZeSJjyEXrOZm0GD97OQRATz -CJ1OCF+3gjvQ+kg/gL31IQJqNhg4jBtNT83X/N2q8zDcS3ANDeI2oh0+IFknLLkM -Aq+yZEtwqL2G1yIVc1ncKRrhgJUTwWj1nCTN3q1Tn6AmdGwhhq5SKHKPdFs20j1m -kz8YtUtFJQWLj6iUG4ocjCE6iBdn6hl23JUTrDsTt32ufwI23Tjpq2kdCT6+7b8t -9hP8II+eC0P+MuOC5tmdHXV6wNU3ekjmzz3Xn86LSI0ZmkCADvS/aPyfjtummgh7 -yiygF83lLR9rzpKaaJs91urtRXMVMLk9bCMgkLYfscv0Ad9gf/9YSS95Jfmwhr3B -IveGMDzyoO9rfK6FT8O08chgTRB/ekp2UOxPsVdScUITf4jwmWW6gs/rFJsQy+Ud -awJjTVDK3YM1QHvD9ekgOlaQs2yNXgsMP+SUm3GpZph2LRebNqzc+byLWqjP4wVT -flNcTVxXs/wWKjJ8Q2eIQYt5IrzHY+M1nyl1aF5Q5Exmxc59FdSVLqYlq2EUjgCa -vyMjGMfeo1UJvLPnMpE9CW2EOePoaPtfzP0V427oBU4fvOKOIxtoP+QjNlTeHV+/ -KGkd8IP1wnYR4bPnJWjnP+l5mJUTd4Ced+rWe68dKnU4w38dVnemBAXBAwGVO4O7 -L1OfAaZR/FL+C7OIUVzFg2nBtxXXZzPeLEedvD+TCQfAgoUvXaqJIBCT+MFjRHp4 -Y5KLFc6uvh8RFjNSm4u3kv9DTAcMq+z7XRpCqMO+XoBhEjJ8cvwLxcSJvpAH9gAi -0tNE/v3V9c5nDGcJQpT+D4/NB1qqLWo7OXhoSm3HDU9KMsr2zC2RHYzbOeTOuSKv -Ux8m6ta+djHvS7Fe26x2NTJ/ob2Oeud8RDmtVfknzsI7NGJBedOQmesk5p8E1LZm -YIjfOtilPk8/Hp7wn/o6S47TaK2jN6laZhas7plT82si9q7CwtUm3x6LN9pRR9i0 -0AsgbrRItU6J5XMFbLhBl/Pkc0kAa/97xVoRrrr2WT9t00CmUEVKchufz4ayAR1S -BBL5JAiGSi5rn0ukle4597ZnBgmWYyvIBQpoyno6Yo2M3g6i9yitktEklRQCd+K7 -d/WyUxi9jKQJllrqLwFA6frot9OFR8DJqbddL2g1WkYkp2hrsGPqvRXIdp61+yNJ -iv7XA2Wvg0pjR88ztKpoP+IpT8MOo3xvnnKKbcsrVezeK8c6hEqzcY5McUq+hLF4 -G+XyLStCoeULeCtU9pSDII41JXU4OThuzyZGCx150vrpCZgp32/pEGvy6yVnJkyb -Z+ArykmxeSar80vpstBzx97x9t65ZWb/BmrzvPOd5xG813ZXxAoICuDzKdIc4gaU -D0rUJM0jUw0lAMz4o69tjQwNDp6sQ7khVFafF3yvEdObaHtOKMC8asYuxmczwzS2 -eo76lUE/ONA2MMjwxch1/++MCo8aGrVPuPBuEAZF1BUHxxqGElc59UzqH9cp/VIF -p5JEtqptZlv/1UcvoNWQkStq5n91SNjQyoqs5baF1j8/cPXS1FdJ2YxDM6Dvq/1r -jc+HWXNpaQvkXBZ6j4CW9rC3xeam6cfgC7/3fdW4CKVenrsv84fH9iqvMRi7wOfC -07+9J8tM8DYr9LSBR42+JJj2lGjBrwxhHH9XpBW12/c4Nc+qjIoyzg6Pk35E3K+t -Cmcrrl1dghHvjHET3j9Sy7bGAFfyde6YpA9ak9EX7GvYH4b5fIzI08gpKYDjDZTG -WkoR+9PgLnLCMr4gzEq3VSzmIkoZ6+1320dZME9arEKgT9qjdlMs+VyJrzp6aalm -Btmxf6k4CTqJ86Iid991ZrZzIrBBtvzYs8yboayht79HYEfUr5pF+N/bmqU99h7t -FHk1QPwYKaIaU5Wcb7UmLfi0FLaeUErq+OhqtgXXGGu3yzw/9zrh3azcWkBGteeu -GaE4CMLxVsu24EUPKnuG4s7o209w924lT7Wjc8I2lqFCwLgCNZ4yx6OxO4q59HK5 -cUvb3uZvrKT0CRXfkAz0cGb/4foZEfKcb2FeEpcXfkZxD6+hBOTI7ecrN5H2uU07 -tEyHl/nP/kOfVmdbjFX5FFfxqB0Dl/kj4ZQgHsKhYvY8cbGRoZLhs4ar1OGRY5pC -PUu5/SjXbzS0dmePqUsuztkDX4x2Vcdh3tg7B5Q8wUbRRCChfPZCEhpofrlJKOku -4JWb9NjolytICh3DoOPFhrrm5NMpq5h8mcdMNU9vBN2zd/uuaJnVarxHVKt8iPE7 -Ub4o5sg+4u3Xe3y8cASPK2SN7zxx3wrOYlsp9GcuMNqQ0XDbnYoG7ncGKt4Af10m -Cbh1pVvGk9pSS5+XOBXfeGN5C75w4MCWICDp3i6RLW7xVgC4jE8567540bHZJWrj -AtpIyKrEbdDfjvB+NEgoXa3db8Od0EvxTjiCSZZ98lEreXwYxidwUCjcM5ZoFcMO -wk7AmpfGr5mk2rYc/a8/Th1MhQrSk4g56PChgostN/GGjykMvBUahDiphr/UwP+1 -GdR/etZP2RGH05VQpA2vSOwvJRg0xC0gvjkrSj+GU3GKS/OHvTX/iZ3/k6Af8WBK -LG/SQVDqNdEhT5va7VaiLMJzs71sVY/uGv17iMrq+1ZTLWUt9ZSe8d7/tCrubwsh -8Bg9L616rRy57fh2GMcgcSXMfBBK1f7954xSc4FF1M6q8HT3yT/JmJvRl0p5EB9n -3GYzafI2CqmV1OUPd00LCBhHxybmrG/x3W9wCcampfcpgbvg9p1oqxjHaz7iRgyP -OuI8M9oZVjMhLG17R+hm6+Gsd1CLFEyKF7QL/+HJXiY+R4uCZi45L3jqDPBtwAXN -HoCZg39AnM0ZF4F1Qi2DFytswpAFWYAxjXwtXzcPPBbB5h05E1XEjV+qNCVlVosN -Oh0N6mrguYbbP2ZGUU9+upFFxUiCbl0PRB+zpqqqc+GFzw/SsPsn1poUYLhyjR2F -YF2SEm4h0lrsIz1EU8//KTQ+6EOwhXQVslsm43xoQYitTjyPgSlorqQeHHl7L4ju ------END RSA PRIVATE KEY----- diff --git a/docker/certs/customCA.srl b/docker/certs/customCA.srl deleted file mode 100644 index 618df7789..000000000 --- a/docker/certs/customCA.srl +++ /dev/null @@ -1 +0,0 @@ -0DAEECC45C07F5E06E0DD1B05115C3CFD1A46D9C diff --git a/docker/certs/generate-ca.sh b/docker/certs/generate-ca.sh deleted file mode 100755 index 3619d76d5..000000000 --- a/docker/certs/generate-ca.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail - -if ! test -f "customCA.crt"; then - echo Generating Key - openssl genrsa -des3 -passout file:passphrase.txt -out customCA.key 4096 - echo Generating CA-Cert - openssl req -x509 -new -nodes \ - -key customCA.key \ - -sha256 -days 2048 \ - -subj "/CN=Acme" \ - -passin file:passphrase.txt \ - -out customCA.crt -fi; diff --git a/docker/certs/generate-signed-cert.sh b/docker/certs/generate-signed-cert.sh deleted file mode 100755 index dc3086f29..000000000 --- a/docker/certs/generate-signed-cert.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail - -# Skript creates a custom-signed certificate -# Parameter1 = name of the cert - -CERT_KEY_NAME=$1 -CERT_FILE=$CERT_KEY_NAME.crt - -export CERT_CN=$CERT_KEY_NAME - -echo Prepare Signing-Request-Config from Template -cat signing-request.config.template | envsubst >> src.txt - -echo Generate Private-Key and Certificate-Signing-Request for $CERT_KEY_NAME -openssl req \ - -new \ - -nodes \ - -config src.txt \ - -keyout ${CERT_KEY_NAME}.key \ - -out ${CERT_KEY_NAME}.sr - -echo Generate an OpenSSL Certificate for $CERT_KEY_NAME -openssl x509 -req \ - -in ${CERT_KEY_NAME}.sr \ - -extensions v3_req \ - -extfile src.txt \ - -CA customCA.crt -CAkey customCA.key \ - -CAcreateserial \ - -CAserial customCA.srl \ - -out $CERT_FILE \ - -passin file:passphrase.txt \ - -days 200 - -echo Generating PEM format -openssl rsa -in ${CERT_KEY_NAME}.key -out ${CERT_KEY_NAME}-nopassword.key -cat ${CERT_KEY_NAME}-nopassword.key > ${CERT_KEY_NAME}.pem -cat ${CERT_KEY_NAME}.crt >> ${CERT_KEY_NAME}.pem - -echo Generating Bundle -cp $CERT_FILE $CERT_KEY_NAME-full.crt -cat customCA.crt >> $CERT_KEY_NAME-full.crt - -echo Cleaning up temporary files -rm src.txt -rm ${CERT_KEY_NAME}.sr -rm ${CERT_KEY_NAME}-nopassword.key - -echo DONE - diff --git a/docker/certs/passphrase.txt b/docker/certs/passphrase.txt deleted file mode 100755 index 26c02c06c..000000000 --- a/docker/certs/passphrase.txt +++ /dev/null @@ -1 +0,0 @@ -4711 \ No newline at end of file diff --git a/docker/certs/server-full.crt b/docker/certs/server-full.crt deleted file mode 100644 index 31ceafd70..000000000 --- a/docker/certs/server-full.crt +++ /dev/null @@ -1,60 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFVDCCAzygAwIBAgIUDa7sxFwH9eBuDdGwURXDz9GkbZwwDQYJKoZIhvcNAQEL -BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yNDA2MDMxMTQwMzNaFw0yNDEyMjAxMTQw -MzNaMEAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARBY21lMREwDwYDVQQLDAhUaWJl -cml1czEPMA0GA1UEAwwGc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAztKC7UloJuxGMaOslWm7vEDcd8YkcC9P4PMqDTS0qgr/IXeK1LB1Pt2w -iEY4Bz/Bd3boj2IMgRzT9gjtJoD6Y3Aa32UWp1TgrDtLQ6Bns30d6sNdk7xJ5m9v -qM3ZpJSdLNKolvldcdbUWQkthKUCArNQzHUoHI70PNZGKE6iikWoqvOv4xUq3L8J -e5Ows8fw8NY8TyaJAiHE8zOH0kUyRGaVp2+ku6qNHLFPaLk/iJjlMs1CfsdUNjNN -/N5YhwYxF7ikIhsnNXV7/AHKQeM0z5jlD74VwnquuyXc0Mgq4I99xg7nJXQNLKdU -X7thDJ8BJdKM7i8KKn/UgDoU2USIiF1x8GsqZzFR//LS9lt+n/utduEdBX7Ut0rr -nv2lQZhL4313hyzdv0f5gaEjCAndQXu/oq9SutJDAa3uszHejiyBEWgpfY7xiaTT -xf5XMTue+hbwruXLlX+H0tdH9W/BWuT7+RR3H35nKZ4FLyNG0g3joL5la3WIhRHb -9PP5hZSB6Mf1mnWuBWiJ63MJzAVsfuwyBMir8feRbj+YvI6azPXfkz874OdWnN9F -Zi6GUWy3z4UAwnC0OXO5WwH56gHfZi9u2S70Zho4jPPnF3OP2KrVJSQNrc9qwC1M -0HJNcYw9O4ERnI5OYkclEafrK98VVRPhnuKLDak31jenUh4nwNECAwEAAaN3MHUw -FAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAdBgNVHQ4EFgQUn6la/z79UFTu+LlDc6aDXG+6Tv0wHwYDVR0jBBgwFoAU -RHcTzm1u6x8WiXeAWDblHzwBt9kwDQYJKoZIhvcNAQELBQADggIBAA6sCw60Cr1V -aeFXxpzYKc3dtfKjuD6d5K6kwRkrt2AlsSfEk9fVu4SXbYeISXkL42g9nI02ce4j -o2iCeabgBT7HQVMsSx3KzlCXzXW2ACtma1D87RRQjBJinbCLSHaksZxSsMK6J+3u -MxLIgYIbxP9xGt8PLURkJq5tvJua8WZhdvaUXD1YdLANIzenCL6gHuW6WkzmHJ7E -c5rX/p8njJe7hse0ng04B9eQpuTPGUXYxOs7yMvSb5fNqZZr1EAVhBphDVjR6TuD -KTrh8vCDqHDj1xm00sbnYjzah/znmq+8XAvYGlf7DpuT68ipR914UDGvG4vKcdLz -x+3mcT3tOLfCT0VqlieWiJEdotk6EvFyubP034VxIqwr53ew2+e4m3dw39/HZ+Y1 -tggXWwlFpkZS/knLje9kz7F/EOReA4WknFSfm07B0Yv7qZNgTc/Kptw7FgPFTDLL -Cah96vwSny66C1iaRV4ALdAa1/ZNSkD/D6y1oTFGQVgy4KezjwlTA0EvmIS+wves -7jXoTSqO1iBRRl2DfHnzBtWHP1XtSTo7rqDHj6WOb/rEkTsgXqdnA5RQokj8zjLq -zaNaREfrAw55tuOASw0TbWLlv3qDofUlZyqOE6oCgCCjN/0KyqWm5m8lTUJKo6qg -HTMZ5IJXU9f1XKtMHLdGRpx0YiEGTw0e ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIE/zCCAuegAwIBAgIUATFLyERaRfsQiPasMC5l0vrBMUMwDQYJKoZIhvcNAQEL -BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yMjA0MDYxMjAxNDVaFw0yNzExMTQxMjAx -NDVaMA8xDTALBgNVBAMMBEFjbWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQCmErbo7baWUTsGaVMBCAmEuSqzxEPJpiAWFewreWliT3tA2XAIDkSfeZwa -yHDs1noFZN4HBTyLkxay0EHVUpTk/qIZEbGFEiYHDnX68HtFVj63tMQMjoH2itAw -c3DHEZqt2PB03NU7iUwBoXLVSTWyVBOUFac4CobSh7h9dGRZFSweOXMETZxDt/cH -OrzElzYPISxU/EIohiGSuTgSSEdxqVbNgYYE17D/envs84SXA8AbymbwshoEGhpj -ljWWHXame8foh3zVyfIqSXRmMZumxeJtjl0qAkb4eq7drWAfbw8fn6I5vK+Mzo4l -sbKugd8GAI/DvRcrg2MuDDfIGPViFeodh5dwUrL2rYA7YAqhBB/J/0pnaD83JrDZ -u50/XBnmvFJNqp7sQdqVa4oRQJTwzJhW1eo6HuoVfjPH247LhUXoWgwqhFW+AWJB -OTcf19ui8/ZJd258B9A6gaWcjvjEtPbJAOhVGjfKKLpLUV6B6dFZhS39P0zu6xgQ -hIvRgf07eOtUauq+AVtIYp3vNbFmFELdLShjEGOUVjKZmll13tikvYn6w0dz07aA -Q78r1nZUO/fcdjNpJ6td3ikPoj3AOnH9qOo6W20/6l6yo5f1Mzx/H497ym5a92IC -v3iymhTe7S3WPi/Ga8NDSTmnw2It+tRmm48lNCPZsRKDqbP9vwIDAQABo1MwUTAd -BgNVHQ4EFgQURHcTzm1u6x8WiXeAWDblHzwBt9kwHwYDVR0jBBgwFoAURHcTzm1u -6x8WiXeAWDblHzwBt9kwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC -AgEACs6j0K09IYQk384RDvxgV4RfyM2K0ZQ+XadIICsYupYpDE8k4gK1q2sooxeQ -78gOoknpcbINVTMX0EJ64JWGJF3kXODgyMp9hDQyRrFIZpUQwhFRnwYshdKrkLFM -c4MQ4kZHc7Mah6pkE3yUXCiOJ5FuSTTneKz5nmXDcacqB2NPl5W6FUr2MFbgZTBM -NMHyUrjh4EIAfN9X4gDSwQGihj28mpn+8bQ9MNk9kMNKzz4tBLpIbcnD/hUuRJ7r -IKAx2ynKFA9y5RLQAfUvy7/9y4YeEMzbv1hBdbuNrzLR85nRkZ1ulZXGEbnmIYZi -xR57aeiWBu8b2z4pkmT1Lw8dFBYYHzVWm1/JgwaAmeaXNGM/Uh/yrJ1VuxRaXvf3 -2AveaamWdbpXz9qK609CUbfmVXR+Sh2JgIDfkPftRcbiwJDAUtdOBO/4at2MDJ4L -WikuZhttKMeRNd7KCUG5Ghy/T2XpMa6xS1927EUDN0Rv3gXcJ/qPmWFqI5xAAeh7 -ZkZ87w6XjpUaMbUlszR+EgpgD32NGfrWOPGFCipT3q+KGN0orWHlWus9l3uESf5l -OXZzPNAwr/qlK37QETSt03Gg4s9613HJ61cmuh7B2Z4DjlhxKCM5sgOXUozOG7Ix -uFkUxUQtrnwcemtW05tn4ycgIHWASOeQrdOubszMU5yrREE= ------END CERTIFICATE----- diff --git a/docker/certs/server.crt b/docker/certs/server.crt deleted file mode 100644 index 95e4d43e4..000000000 --- a/docker/certs/server.crt +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFVDCCAzygAwIBAgIUDa7sxFwH9eBuDdGwURXDz9GkbZwwDQYJKoZIhvcNAQEL -BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yNDA2MDMxMTQwMzNaFw0yNDEyMjAxMTQw -MzNaMEAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARBY21lMREwDwYDVQQLDAhUaWJl -cml1czEPMA0GA1UEAwwGc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAztKC7UloJuxGMaOslWm7vEDcd8YkcC9P4PMqDTS0qgr/IXeK1LB1Pt2w -iEY4Bz/Bd3boj2IMgRzT9gjtJoD6Y3Aa32UWp1TgrDtLQ6Bns30d6sNdk7xJ5m9v -qM3ZpJSdLNKolvldcdbUWQkthKUCArNQzHUoHI70PNZGKE6iikWoqvOv4xUq3L8J -e5Ows8fw8NY8TyaJAiHE8zOH0kUyRGaVp2+ku6qNHLFPaLk/iJjlMs1CfsdUNjNN -/N5YhwYxF7ikIhsnNXV7/AHKQeM0z5jlD74VwnquuyXc0Mgq4I99xg7nJXQNLKdU -X7thDJ8BJdKM7i8KKn/UgDoU2USIiF1x8GsqZzFR//LS9lt+n/utduEdBX7Ut0rr -nv2lQZhL4313hyzdv0f5gaEjCAndQXu/oq9SutJDAa3uszHejiyBEWgpfY7xiaTT -xf5XMTue+hbwruXLlX+H0tdH9W/BWuT7+RR3H35nKZ4FLyNG0g3joL5la3WIhRHb -9PP5hZSB6Mf1mnWuBWiJ63MJzAVsfuwyBMir8feRbj+YvI6azPXfkz874OdWnN9F -Zi6GUWy3z4UAwnC0OXO5WwH56gHfZi9u2S70Zho4jPPnF3OP2KrVJSQNrc9qwC1M -0HJNcYw9O4ERnI5OYkclEafrK98VVRPhnuKLDak31jenUh4nwNECAwEAAaN3MHUw -FAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAdBgNVHQ4EFgQUn6la/z79UFTu+LlDc6aDXG+6Tv0wHwYDVR0jBBgwFoAU -RHcTzm1u6x8WiXeAWDblHzwBt9kwDQYJKoZIhvcNAQELBQADggIBAA6sCw60Cr1V -aeFXxpzYKc3dtfKjuD6d5K6kwRkrt2AlsSfEk9fVu4SXbYeISXkL42g9nI02ce4j -o2iCeabgBT7HQVMsSx3KzlCXzXW2ACtma1D87RRQjBJinbCLSHaksZxSsMK6J+3u -MxLIgYIbxP9xGt8PLURkJq5tvJua8WZhdvaUXD1YdLANIzenCL6gHuW6WkzmHJ7E -c5rX/p8njJe7hse0ng04B9eQpuTPGUXYxOs7yMvSb5fNqZZr1EAVhBphDVjR6TuD -KTrh8vCDqHDj1xm00sbnYjzah/znmq+8XAvYGlf7DpuT68ipR914UDGvG4vKcdLz -x+3mcT3tOLfCT0VqlieWiJEdotk6EvFyubP034VxIqwr53ew2+e4m3dw39/HZ+Y1 -tggXWwlFpkZS/knLje9kz7F/EOReA4WknFSfm07B0Yv7qZNgTc/Kptw7FgPFTDLL -Cah96vwSny66C1iaRV4ALdAa1/ZNSkD/D6y1oTFGQVgy4KezjwlTA0EvmIS+wves -7jXoTSqO1iBRRl2DfHnzBtWHP1XtSTo7rqDHj6WOb/rEkTsgXqdnA5RQokj8zjLq -zaNaREfrAw55tuOASw0TbWLlv3qDofUlZyqOE6oCgCCjN/0KyqWm5m8lTUJKo6qg -HTMZ5IJXU9f1XKtMHLdGRpx0YiEGTw0e ------END CERTIFICATE----- diff --git a/docker/certs/server.key b/docker/certs/server.key deleted file mode 100644 index 7e60bb02e..000000000 --- a/docker/certs/server.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDO0oLtSWgm7EYx -o6yVabu8QNx3xiRwL0/g8yoNNLSqCv8hd4rUsHU+3bCIRjgHP8F3duiPYgyBHNP2 -CO0mgPpjcBrfZRanVOCsO0tDoGezfR3qw12TvEnmb2+ozdmklJ0s0qiW+V1x1tRZ -CS2EpQICs1DMdSgcjvQ81kYoTqKKRaiq86/jFSrcvwl7k7Czx/Dw1jxPJokCIcTz -M4fSRTJEZpWnb6S7qo0csU9ouT+ImOUyzUJ+x1Q2M0383liHBjEXuKQiGyc1dXv8 -AcpB4zTPmOUPvhXCeq67JdzQyCrgj33GDucldA0sp1Rfu2EMnwEl0ozuLwoqf9SA -OhTZRIiIXXHwaypnMVH/8tL2W36f+6124R0FftS3Suue/aVBmEvjfXeHLN2/R/mB -oSMICd1Be7+ir1K60kMBre6zMd6OLIERaCl9jvGJpNPF/lcxO576FvCu5cuVf4fS -10f1b8Fa5Pv5FHcffmcpngUvI0bSDeOgvmVrdYiFEdv08/mFlIHox/Wada4FaInr -cwnMBWx+7DIEyKvx95FuP5i8jprM9d+TPzvg51ac30VmLoZRbLfPhQDCcLQ5c7lb -AfnqAd9mL27ZLvRmGjiM8+cXc4/YqtUlJA2tz2rALUzQck1xjD07gRGcjk5iRyUR -p+sr3xVVE+Ge4osNqTfWN6dSHifA0QIDAQABAoICAADFLMzFjAZPlVIWYQRYLcVd -ZDjLt4tlqLVusGSW0niq5HD3ZxBkVRZyKMf0I32m65F2Y1az27YwIVuyZDAzVSNh -Sa9U6vr97F2F1cGbZ4F2DQJInpjID+okVnkNZbLoxQZThUJVLMd5kGZBvA45N1cD -XBDb25WyJFeU6HNaWh171Y1H7arxw2xpp3dS6Sq9OxDpilVU4FgeQDOT6LzEKlQS -AfsK9dUHVUHS6Pfbz0BS6fEYzbdnRoFyatcfDJs5nx2Oj+lq2pg2zxq01sAMsJ/Y -ittWdtIn5u5OXXp3UV4PWL1/5RVZD5q/x4cY/Xs4nR5rAKB7Mz1t5xCgbr8Ro9TE -9PVzrbGy8hCWW0Yz+zhwIsDrtkQ7RGIg95W7IjaxnrjCUszK0xG1hXpce1qg1EN0 -rF4u7pU0qEWw4piLfIXepVZxVo27dOYj9qEpDkGiVYXCJ3+HifHBt5tE/rVkStF3 -dzihxyk5E7F4wJd9tz2xAMxFSgG3IeEZ3IOCxFWJib6micXZJ2n6N9uuUnHGW3D2 -o7FC02G1gXsxxgY871b8G6mFyGhmfEJxqrIvek8fBvvgOPWKnroLqJprxYow6miE -QU6yC4C/1RZgn/l6kj9jz2r6BY2nVjhHjbLGTh9bsqf5dCPdJV01FsVMiJqUzg5+ -HR5XJSf1hXRx/egBYdaBAoIBAQD3Hb12rwXRVaf38wth4VMaZr1Dxgkt0/X58LTf -SXPzGMChqnhBKdNHPv4pfWpBbvKBPWUcd+uBylgABl4xD8QH6VcspRWdgAJjul4K -RCRdWJtt0nxOqU4KitaBWOM7d6Ec3oCCaOZI5ZT+6Hj+X/RmAwd9acNM8NQ5166y -AyVQfO+2QvWRgLWxyYnBIRYkPU0L+ItkBxWpe0W8bRCj2ilAP+UCH0VSGMsnkzKw -y2HQtLGu8EBODmoW36qeYFYf6iKTMQpdtwyRYjjVq5smYSfJPy5WvdIOvcbcpI4I -Edpd1GvdjcwdfTKPiCvhDgpjQUCEOeLaKvszSFAxsSyyMFRRAoIBAQDWQfBWEwLT -jFZ9N07xkMxG4qA28KUXIHZ53DkEQmrDYQWSpJ6OfrhQgwtX9CtTMoyrG4gw1IDJ -lAcx91o6GVkC4CP8+ssvhPZi+KD9iVAI61hg3gVyxvndXgYg2xBeJ8IBm7Jkg5HK -A9tZW8jEfH+nO6HhszY0r9VNov2naRwGGZ9JgGpcMvFN5taXOhierfk3L63zaJPJ -Mx8Aaspxlk7u9ommZ1jkdpmczUzPfEpyRfSD9qoKxA4GOYPxDCUSkAyy6XzlF4rg -AKetXg5yDNa2Y4MXfbIK40Oh1wz7e9yZDjovSxonjC141RD8ybyOXhfsK67oMMME -J0gxhBR3vASBAoIBAG0jJVoVUmxxeA15ub0w1pMCbPRRshwbULdiJ3+14Q+sDudX -cmTVJAqDN5z7VsIvTcrmYpGAJPLdeqAIL/FbFSipVWbSQgmdT3DcDkxaa/UN/Rcz -rtLO0zi0uKfHqhPJcc5eNkNiMNJhErzBzy4JEtc630P0QdzpP9GMAAt+eCxkATpt -uCbawWQTrlMtWaoHqM9wpZ83wcloOBRP1tmGsFE/5tRZGzR23sJLsEeEi16xbwfj -84KFuzT+80ufIGpX7Y00S2+4OES9LHyxnYQFxJyM2tpUW0FHb1xjEJdfyyFFf54J -0ev0LzBU44wxt0S+vM+pARd5hBfSCBjqNuM7lQECggEALhpmMr9IfmjWO39pN0Wn -DyG4w9moTH+pvrMKecYo3v3Dizhs/dB6rKhmCnj50Z8w8ais94TiaX22xqOpAJNv -udStKcR1cDY2JjnFuoiPdjvd+ooLthTmsyGGRA+fSANaFaqBCmvdNRD7ZBEB9HWt -qjiEruI3KcMkLN6DokBVzWI6CkDdohU8Iz0ms8fGgG6DD8LstVGtaz/azeYsxaBI -P9dA61OVpyN2Dm2Gt6bRBiHTaYnsMQDa27AImhe46nOgp+bh/xG/yk+ZxQ5WIWht -0zU6ghWD+B/K78osevi+ERkkoASTDit1pWiDjUGDl0bb8u+7ZS8I553kRPNczB7j -AQKCAQEA9wJW7rWBuIVMUymSqynSvy4SqClOX2IKFbsJqqe3PO5dby/8YnxPXOZK -lq7gSXWfSgTN29JY5beVBLJI66spSTiz6AP4/iWQqCpzw9VM0Gv7GxIasZmfP+tp -l4JV8+yAElOFd1IhjV3RKGU1fGPGJfstIBt5eXQCSVQyQaFYQeGYE0KU5AUD6lvY -6R9irgVicVa9x1eq5HVcTVYb0gFs4zSZ1YlpqTc/i1ttZEWGyzmOK5cMX2iOeou7 -H/IZyIjtTm6edWgUANXhZdDss3gBUitLUpne579efdPCTJ4vqRjEA8tjZeGgmJpf -Oeu1HE+LelnM2vOc9TtbJC9FrC8nYw== ------END PRIVATE KEY----- diff --git a/docker/certs/server.pem b/docker/certs/server.pem deleted file mode 100644 index 7acbb192f..000000000 --- a/docker/certs/server.pem +++ /dev/null @@ -1,83 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDO0oLtSWgm7EYx -o6yVabu8QNx3xiRwL0/g8yoNNLSqCv8hd4rUsHU+3bCIRjgHP8F3duiPYgyBHNP2 -CO0mgPpjcBrfZRanVOCsO0tDoGezfR3qw12TvEnmb2+ozdmklJ0s0qiW+V1x1tRZ -CS2EpQICs1DMdSgcjvQ81kYoTqKKRaiq86/jFSrcvwl7k7Czx/Dw1jxPJokCIcTz -M4fSRTJEZpWnb6S7qo0csU9ouT+ImOUyzUJ+x1Q2M0383liHBjEXuKQiGyc1dXv8 -AcpB4zTPmOUPvhXCeq67JdzQyCrgj33GDucldA0sp1Rfu2EMnwEl0ozuLwoqf9SA -OhTZRIiIXXHwaypnMVH/8tL2W36f+6124R0FftS3Suue/aVBmEvjfXeHLN2/R/mB -oSMICd1Be7+ir1K60kMBre6zMd6OLIERaCl9jvGJpNPF/lcxO576FvCu5cuVf4fS -10f1b8Fa5Pv5FHcffmcpngUvI0bSDeOgvmVrdYiFEdv08/mFlIHox/Wada4FaInr -cwnMBWx+7DIEyKvx95FuP5i8jprM9d+TPzvg51ac30VmLoZRbLfPhQDCcLQ5c7lb -AfnqAd9mL27ZLvRmGjiM8+cXc4/YqtUlJA2tz2rALUzQck1xjD07gRGcjk5iRyUR -p+sr3xVVE+Ge4osNqTfWN6dSHifA0QIDAQABAoICAADFLMzFjAZPlVIWYQRYLcVd -ZDjLt4tlqLVusGSW0niq5HD3ZxBkVRZyKMf0I32m65F2Y1az27YwIVuyZDAzVSNh -Sa9U6vr97F2F1cGbZ4F2DQJInpjID+okVnkNZbLoxQZThUJVLMd5kGZBvA45N1cD -XBDb25WyJFeU6HNaWh171Y1H7arxw2xpp3dS6Sq9OxDpilVU4FgeQDOT6LzEKlQS -AfsK9dUHVUHS6Pfbz0BS6fEYzbdnRoFyatcfDJs5nx2Oj+lq2pg2zxq01sAMsJ/Y -ittWdtIn5u5OXXp3UV4PWL1/5RVZD5q/x4cY/Xs4nR5rAKB7Mz1t5xCgbr8Ro9TE -9PVzrbGy8hCWW0Yz+zhwIsDrtkQ7RGIg95W7IjaxnrjCUszK0xG1hXpce1qg1EN0 -rF4u7pU0qEWw4piLfIXepVZxVo27dOYj9qEpDkGiVYXCJ3+HifHBt5tE/rVkStF3 -dzihxyk5E7F4wJd9tz2xAMxFSgG3IeEZ3IOCxFWJib6micXZJ2n6N9uuUnHGW3D2 -o7FC02G1gXsxxgY871b8G6mFyGhmfEJxqrIvek8fBvvgOPWKnroLqJprxYow6miE -QU6yC4C/1RZgn/l6kj9jz2r6BY2nVjhHjbLGTh9bsqf5dCPdJV01FsVMiJqUzg5+ -HR5XJSf1hXRx/egBYdaBAoIBAQD3Hb12rwXRVaf38wth4VMaZr1Dxgkt0/X58LTf -SXPzGMChqnhBKdNHPv4pfWpBbvKBPWUcd+uBylgABl4xD8QH6VcspRWdgAJjul4K -RCRdWJtt0nxOqU4KitaBWOM7d6Ec3oCCaOZI5ZT+6Hj+X/RmAwd9acNM8NQ5166y -AyVQfO+2QvWRgLWxyYnBIRYkPU0L+ItkBxWpe0W8bRCj2ilAP+UCH0VSGMsnkzKw -y2HQtLGu8EBODmoW36qeYFYf6iKTMQpdtwyRYjjVq5smYSfJPy5WvdIOvcbcpI4I -Edpd1GvdjcwdfTKPiCvhDgpjQUCEOeLaKvszSFAxsSyyMFRRAoIBAQDWQfBWEwLT -jFZ9N07xkMxG4qA28KUXIHZ53DkEQmrDYQWSpJ6OfrhQgwtX9CtTMoyrG4gw1IDJ -lAcx91o6GVkC4CP8+ssvhPZi+KD9iVAI61hg3gVyxvndXgYg2xBeJ8IBm7Jkg5HK -A9tZW8jEfH+nO6HhszY0r9VNov2naRwGGZ9JgGpcMvFN5taXOhierfk3L63zaJPJ -Mx8Aaspxlk7u9ommZ1jkdpmczUzPfEpyRfSD9qoKxA4GOYPxDCUSkAyy6XzlF4rg -AKetXg5yDNa2Y4MXfbIK40Oh1wz7e9yZDjovSxonjC141RD8ybyOXhfsK67oMMME -J0gxhBR3vASBAoIBAG0jJVoVUmxxeA15ub0w1pMCbPRRshwbULdiJ3+14Q+sDudX -cmTVJAqDN5z7VsIvTcrmYpGAJPLdeqAIL/FbFSipVWbSQgmdT3DcDkxaa/UN/Rcz -rtLO0zi0uKfHqhPJcc5eNkNiMNJhErzBzy4JEtc630P0QdzpP9GMAAt+eCxkATpt -uCbawWQTrlMtWaoHqM9wpZ83wcloOBRP1tmGsFE/5tRZGzR23sJLsEeEi16xbwfj -84KFuzT+80ufIGpX7Y00S2+4OES9LHyxnYQFxJyM2tpUW0FHb1xjEJdfyyFFf54J -0ev0LzBU44wxt0S+vM+pARd5hBfSCBjqNuM7lQECggEALhpmMr9IfmjWO39pN0Wn -DyG4w9moTH+pvrMKecYo3v3Dizhs/dB6rKhmCnj50Z8w8ais94TiaX22xqOpAJNv -udStKcR1cDY2JjnFuoiPdjvd+ooLthTmsyGGRA+fSANaFaqBCmvdNRD7ZBEB9HWt -qjiEruI3KcMkLN6DokBVzWI6CkDdohU8Iz0ms8fGgG6DD8LstVGtaz/azeYsxaBI -P9dA61OVpyN2Dm2Gt6bRBiHTaYnsMQDa27AImhe46nOgp+bh/xG/yk+ZxQ5WIWht -0zU6ghWD+B/K78osevi+ERkkoASTDit1pWiDjUGDl0bb8u+7ZS8I553kRPNczB7j -AQKCAQEA9wJW7rWBuIVMUymSqynSvy4SqClOX2IKFbsJqqe3PO5dby/8YnxPXOZK -lq7gSXWfSgTN29JY5beVBLJI66spSTiz6AP4/iWQqCpzw9VM0Gv7GxIasZmfP+tp -l4JV8+yAElOFd1IhjV3RKGU1fGPGJfstIBt5eXQCSVQyQaFYQeGYE0KU5AUD6lvY -6R9irgVicVa9x1eq5HVcTVYb0gFs4zSZ1YlpqTc/i1ttZEWGyzmOK5cMX2iOeou7 -H/IZyIjtTm6edWgUANXhZdDss3gBUitLUpne579efdPCTJ4vqRjEA8tjZeGgmJpf -Oeu1HE+LelnM2vOc9TtbJC9FrC8nYw== ------END PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIFVDCCAzygAwIBAgIUDa7sxFwH9eBuDdGwURXDz9GkbZwwDQYJKoZIhvcNAQEL -BQAwDzENMAsGA1UEAwwEQWNtZTAeFw0yNDA2MDMxMTQwMzNaFw0yNDEyMjAxMTQw -MzNaMEAxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARBY21lMREwDwYDVQQLDAhUaWJl -cml1czEPMA0GA1UEAwwGc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAztKC7UloJuxGMaOslWm7vEDcd8YkcC9P4PMqDTS0qgr/IXeK1LB1Pt2w -iEY4Bz/Bd3boj2IMgRzT9gjtJoD6Y3Aa32UWp1TgrDtLQ6Bns30d6sNdk7xJ5m9v -qM3ZpJSdLNKolvldcdbUWQkthKUCArNQzHUoHI70PNZGKE6iikWoqvOv4xUq3L8J -e5Ows8fw8NY8TyaJAiHE8zOH0kUyRGaVp2+ku6qNHLFPaLk/iJjlMs1CfsdUNjNN -/N5YhwYxF7ikIhsnNXV7/AHKQeM0z5jlD74VwnquuyXc0Mgq4I99xg7nJXQNLKdU -X7thDJ8BJdKM7i8KKn/UgDoU2USIiF1x8GsqZzFR//LS9lt+n/utduEdBX7Ut0rr -nv2lQZhL4313hyzdv0f5gaEjCAndQXu/oq9SutJDAa3uszHejiyBEWgpfY7xiaTT -xf5XMTue+hbwruXLlX+H0tdH9W/BWuT7+RR3H35nKZ4FLyNG0g3joL5la3WIhRHb -9PP5hZSB6Mf1mnWuBWiJ63MJzAVsfuwyBMir8feRbj+YvI6azPXfkz874OdWnN9F -Zi6GUWy3z4UAwnC0OXO5WwH56gHfZi9u2S70Zho4jPPnF3OP2KrVJSQNrc9qwC1M -0HJNcYw9O4ERnI5OYkclEafrK98VVRPhnuKLDak31jenUh4nwNECAwEAAaN3MHUw -FAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF -BQcDAjAdBgNVHQ4EFgQUn6la/z79UFTu+LlDc6aDXG+6Tv0wHwYDVR0jBBgwFoAU -RHcTzm1u6x8WiXeAWDblHzwBt9kwDQYJKoZIhvcNAQELBQADggIBAA6sCw60Cr1V -aeFXxpzYKc3dtfKjuD6d5K6kwRkrt2AlsSfEk9fVu4SXbYeISXkL42g9nI02ce4j -o2iCeabgBT7HQVMsSx3KzlCXzXW2ACtma1D87RRQjBJinbCLSHaksZxSsMK6J+3u -MxLIgYIbxP9xGt8PLURkJq5tvJua8WZhdvaUXD1YdLANIzenCL6gHuW6WkzmHJ7E -c5rX/p8njJe7hse0ng04B9eQpuTPGUXYxOs7yMvSb5fNqZZr1EAVhBphDVjR6TuD -KTrh8vCDqHDj1xm00sbnYjzah/znmq+8XAvYGlf7DpuT68ipR914UDGvG4vKcdLz -x+3mcT3tOLfCT0VqlieWiJEdotk6EvFyubP034VxIqwr53ew2+e4m3dw39/HZ+Y1 -tggXWwlFpkZS/knLje9kz7F/EOReA4WknFSfm07B0Yv7qZNgTc/Kptw7FgPFTDLL -Cah96vwSny66C1iaRV4ALdAa1/ZNSkD/D6y1oTFGQVgy4KezjwlTA0EvmIS+wves -7jXoTSqO1iBRRl2DfHnzBtWHP1XtSTo7rqDHj6WOb/rEkTsgXqdnA5RQokj8zjLq -zaNaREfrAw55tuOASw0TbWLlv3qDofUlZyqOE6oCgCCjN/0KyqWm5m8lTUJKo6qg -HTMZ5IJXU9f1XKtMHLdGRpx0YiEGTw0e ------END CERTIFICATE----- diff --git a/docker/certs/signing-request.config.template b/docker/certs/signing-request.config.template deleted file mode 100755 index 5fc6540ea..000000000 --- a/docker/certs/signing-request.config.template +++ /dev/null @@ -1,20 +0,0 @@ -[ req ] -prompt = no -utf8 = yes -default_bits = 4096 -distinguished_name = req_distinguished_name - -req_extensions = v3_req - -[ req_distinguished_name ] -C=DE -O=Acme -OU=Tiberius -CN=$CERT_CN - -[ v3_req ] -subjectAltName = @alt_names -extendedKeyUsage = serverAuth, clientAuth - -[alt_names] -DNS.1 = localhost diff --git a/docker/docker-azure-sql-edge.dockerfile b/docker/docker-azure-sql-edge.dockerfile deleted file mode 100644 index 14279c405..000000000 --- a/docker/docker-azure-sql-edge.dockerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM mcr.microsoft.com/azure-sql-edge:latest - -COPY --chmod=440 certs/server.* /certs/ -COPY --chmod=440 certs/customCA.* /certs/ -COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf diff --git a/docker/docker-mssql-2017.dockerfile b/docker/docker-mssql-2017.dockerfile index 28a3dd4f4..cbb318af0 100644 --- a/docker/docker-mssql-2017.dockerfile +++ b/docker/docker-mssql-2017.dockerfile @@ -1,5 +1,5 @@ FROM mcr.microsoft.com/mssql/server:2017-latest -COPY --chmod=440 certs/server.* /certs/ -COPY --chmod=440 certs/customCA.* /certs/ -COPY docker-mssql.conf /var/opt/mssql/mssql.conf +COPY --chmod=440 mssql.crt /var/opt/mssql/server.crt +COPY --chmod=440 mssql.key /var/opt/mssql/server.key +COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf \ No newline at end of file diff --git a/docker/docker-mssql-2019.dockerfile b/docker/docker-mssql-2019.dockerfile index 02ffdec0d..4e178c20e 100644 --- a/docker/docker-mssql-2019.dockerfile +++ b/docker/docker-mssql-2019.dockerfile @@ -1,5 +1,5 @@ FROM mcr.microsoft.com/mssql/server:2019-latest -COPY --chmod=440 certs/server.* /certs/ -COPY --chmod=440 certs/customCA.* /certs/ -COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf +COPY --chmod=440 mssql.crt /var/opt/mssql/server.crt +COPY --chmod=440 mssql.key /var/opt/mssql/server.key +COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf \ No newline at end of file diff --git a/docker/docker-mssql-2022.dockerfile b/docker/docker-mssql-2022.dockerfile index 930d3026c..480f1825c 100644 --- a/docker/docker-mssql-2022.dockerfile +++ b/docker/docker-mssql-2022.dockerfile @@ -1,5 +1,5 @@ FROM mcr.microsoft.com/mssql/server:2022-latest -COPY --chmod=444 certs/server.* /certs/ -COPY --chmod=444 certs/customCA.* /certs/ -COPY --chown=mssql docker-mssql.conf /var/opt/mssql/mssql.conf +COPY --chmod=440 mssql.crt /var/opt/mssql/server.crt +COPY --chmod=440 mssql.key /var/opt/mssql/server.key +COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf \ No newline at end of file diff --git a/docker/docker-mssql-azure.dockerfile b/docker/docker-mssql-azure.dockerfile new file mode 100644 index 000000000..d6ce3ce63 --- /dev/null +++ b/docker/docker-mssql-azure.dockerfile @@ -0,0 +1,5 @@ +FROM mcr.microsoft.com/azure-sql-edge:latest + +COPY --chmod=440 mssql.crt /var/opt/mssql/server.crt +COPY --chmod=440 mssql.key /var/opt/mssql/server.key +COPY --chown=mssql docker/docker-mssql.conf /var/opt/mssql/mssql.conf \ No newline at end of file diff --git a/docker/docker-mssql.conf b/docker/docker-mssql.conf index d8060311d..aa83f9966 100644 --- a/docker/docker-mssql.conf +++ b/docker/docker-mssql.conf @@ -1,5 +1,5 @@ [network] -tlscert = /certs/server.crt -tlskey = /certs/server.key +tlscert = /var/opt/mssql/server.crt +tlskey = /var/opt/mssql/server.key tlsprotocols = 1.2 forceencryption = 0 diff --git a/generate.sh b/generate.sh new file mode 100755 index 000000000..228b416ce --- /dev/null +++ b/generate.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +set -e +set -o pipefail + +openssl req -x509 -newkey rsa:4096 -keyout mssql.key -out mssql.crt -sha256 -nodes -days 3650 -set-subject /CN=tiberius -addext "subjectAltName=DNS:localhost,DNS:tiberius" \ No newline at end of file diff --git a/src/client/connection.rs b/src/client/connection.rs index 09d372561..6b9c1b96c 100644 --- a/src/client/connection.rs +++ b/src/client/connection.rs @@ -285,7 +285,7 @@ impl Connection { /// Defines the login record rules with SQL Server. Authentication with /// connection options. #[allow(clippy::too_many_arguments)] - async fn login<'a>( + async fn login( mut self, auth: AuthMethod, encryption: EncryptionLevel, diff --git a/src/client/tls.rs b/src/client/tls.rs index 7a22d4333..b3425c970 100644 --- a/src/client/tls.rs +++ b/src/client/tls.rs @@ -179,7 +179,7 @@ impl AsyncRead for TlsPreloginWrapper< } let header = PacketHeader::decode(&mut BytesMut::from(&inner.header_buf[..])) - .map_err(|err| io::Error::new(io::ErrorKind::Other, err))?; + .map_err(io::Error::other)?; // We only get pre-login packets in the handshake process. assert_eq!(header.r#type(), PacketType::PreLogin); diff --git a/src/client/tls_stream.rs b/src/client/tls_stream.rs index 9eba1060f..5863d8dbc 100644 --- a/src/client/tls_stream.rs +++ b/src/client/tls_stream.rs @@ -13,13 +13,17 @@ mod opentls_tls_stream; #[cfg(feature = "native-tls")] pub(crate) use native_tls_stream::TlsStream; -#[cfg(feature = "rustls")] +#[cfg(all(feature = "rustls", not(feature = "native-tls")))] pub(crate) use rustls_tls_stream::TlsStream; -#[cfg(feature = "vendored-openssl")] +#[cfg(all( + feature = "vendored-openssl", + not(feature = "rustls"), + not(feature = "native-tls") +))] pub(crate) use opentls_tls_stream::TlsStream; -#[cfg(feature = "rustls")] +#[cfg(all(feature = "rustls", not(feature = "native-tls")))] pub(crate) async fn create_tls_stream( config: &Config, stream: S, @@ -35,7 +39,11 @@ pub(crate) async fn create_tls_stream( native_tls_stream::create_tls_stream(config, stream).await } -#[cfg(feature = "vendored-openssl")] +#[cfg(all( + feature = "vendored-openssl", + not(feature = "rustls"), + not(feature = "native-tls") +))] pub(crate) async fn create_tls_stream( config: &Config, stream: S, diff --git a/src/client/tls_stream/native_tls_stream.rs b/src/client/tls_stream/native_tls_stream.rs index cf5591d80..23d93f651 100644 --- a/src/client/tls_stream/native_tls_stream.rs +++ b/src/client/tls_stream/native_tls_stream.rs @@ -19,12 +19,12 @@ pub(crate) async fn create_tls_stream( if let Ok(buf) = fs::read(path) { let cert = match path.extension() { Some(ext) - if ext.to_ascii_lowercase() == "pem" - || ext.to_ascii_lowercase() == "crt" => + if ext.eq_ignore_ascii_case("pem") + || ext.eq_ignore_ascii_case("crt") => { Some(Certificate::from_pem(&buf)?) } - Some(ext) if ext.to_ascii_lowercase() == "der" => { + Some(ext) if ext.eq_ignore_ascii_case("der") => { Some(Certificate::from_der(&buf)?) } Some(_) | None => return Err(Error::Io { diff --git a/src/lib.rs b/src/lib.rs index 882f5ad36..1115a5e2a 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -156,11 +156,11 @@ //! Tiberius supports different [ways of authentication] to the SQL Server: //! //! - SQL Server authentication uses the facilities of the database to -//! authenticate the user. +//! authenticate the user. //! - On Windows, you can authenticate using the currently logged in user or -//! specified Windows credentials. +//! specified Windows credentials. //! - If enabling the `integrated-auth-gssapi` feature, it is possible to login -//! with the currently active Kerberos credentials. +//! with the currently active Kerberos credentials. //! //! ## AAD(Azure Active Directory) Authentication //! diff --git a/src/macros.rs b/src/macros.rs index 35f24228f..dd38287eb 100644 --- a/src/macros.rs +++ b/src/macros.rs @@ -17,6 +17,7 @@ macro_rules! uint_enum { impl ::std::convert::TryFrom for $ty { type Error = (); + #[allow(clippy::cast_enum_truncation,reason="todo, investigate")] fn try_from(n: u8) -> ::std::result::Result<$ty, ()> { match n { $( x if x == $ty::$variant as u8 => Ok($ty::$variant), )* diff --git a/src/query.rs b/src/query.rs index 86e949996..790052b4d 100644 --- a/src/query.rs +++ b/src/query.rs @@ -69,7 +69,7 @@ impl<'a> Query<'a> { /// [`ToSql`]: trait.ToSql.html /// [`FromSql`]: trait.FromSql.html /// [`Client#execute`]: struct.Client.html#method.execute - pub async fn execute<'b, S>(self, client: &'b mut Client) -> crate::Result + pub async fn execute(self, client: &mut Client) -> crate::Result where S: AsyncRead + AsyncWrite + Unpin + Send, { diff --git a/src/tds/codec/decode.rs b/src/tds/codec/decode.rs index d19fec0c9..b97766833 100644 --- a/src/tds/codec/decode.rs +++ b/src/tds/codec/decode.rs @@ -53,10 +53,7 @@ impl Decoder for PacketCodec { if buf.is_empty() { Ok(None) } else { - Err( - std::io::Error::new(std::io::ErrorKind::Other, "bytes remaining on stream") - .into(), - ) + Err(std::io::Error::other("bytes remaining on stream").into()) } } } diff --git a/src/tds/codec/header.rs b/src/tds/codec/header.rs index 719fc158b..2a84f6bc5 100644 --- a/src/tds/codec/header.rs +++ b/src/tds/codec/header.rs @@ -57,7 +57,7 @@ pub(crate) struct PacketHeader { impl PacketHeader { pub fn new(length: usize, id: u8) -> PacketHeader { - assert!(length <= u16::max_value() as usize); + assert!(length <= u16::MAX as usize); PacketHeader { ty: PacketType::TDSv7Login, status: PacketStatus::ResetConnection, diff --git a/src/tds/codec/token/token_row.rs b/src/tds/codec/token/token_row.rs index b1ff16b6c..d83692c08 100644 --- a/src/tds/codec/token/token_row.rs +++ b/src/tds/codec/token/token_row.rs @@ -177,7 +177,7 @@ impl RowBitmap { where R: SqlReadBytes + Unpin, { - let size = (columns + 8 - 1) / 8; + let size = columns.div_ceil(8); let mut data = vec![0; size]; src.read_exact(&mut data[0..size]).await?; diff --git a/src/tds/codec/type_info.rs b/src/tds/codec/type_info.rs index 20647d70a..4e67a179b 100644 --- a/src/tds/codec/type_info.rs +++ b/src/tds/codec/type_info.rs @@ -2,7 +2,7 @@ use asynchronous_codec::BytesMut; use bytes::BufMut; use crate::{tds::Collation, xml::XmlSchema, Error, SqlReadBytes}; -use std::{convert::TryFrom, sync::Arc, usize}; +use std::{convert::TryFrom, sync::Arc}; use super::Encode; diff --git a/src/tds/collation.rs b/src/tds/collation.rs index 20367728a..7da0bc04d 100644 --- a/src/tds/collation.rs +++ b/src/tds/collation.rs @@ -74,7 +74,7 @@ impl fmt::Display for Collation { /// 1. (regex)replace: (.*?)\((.*?),(.*?)\) with $2 => $3 /// 2. replace: Encoding.CP(.*?) with encoding::all::WINDOWS_$1 /// 3. replace: Encoding.UNICODE with encoding::all::UTF16_LE -// +/// /// the unimplemented!() one's are not supported by rust-encoding pub fn lcid_to_encoding(locale: u16) -> Option<&'static Encoding> { match locale { diff --git a/src/tds/numeric.rs b/src/tds/numeric.rs index 4f856bebb..e4eff9ceb 100644 --- a/src/tds/numeric.rs +++ b/src/tds/numeric.rs @@ -112,7 +112,7 @@ impl Numeric { #[cfg(target_endian = "big")] let (low_part, high_part) = (high_part, low_part); - let high_part = high_part * (u64::max_value() as u128 + 1); + let high_part = high_part * (u64::MAX as u128 + 1); low_part + high_part } diff --git a/src/tds/time.rs b/src/tds/time.rs index 05a1c053c..6b2c2cb74 100644 --- a/src/tds/time.rs +++ b/src/tds/time.rs @@ -25,6 +25,10 @@ #[cfg_attr(feature = "docs", doc(cfg(feature = "chrono")))] pub mod chrono; +#[allow( + clippy::module_inception, + reason = "tbd rename tds::time or this module" +)] #[cfg(feature = "time")] #[cfg_attr(feature = "docs", doc(cfg(feature = "time")))] pub mod time; @@ -163,7 +167,7 @@ impl Date { /// Construct a new `Date` /// /// # Panics - /// max value of 3 bytes (`u32::max_value() > 8`) + /// max value of 3 bytes (`u32::MAX > 8`) pub fn new(days: u32) -> Date { assert_eq!(days >> 24, 0); Date(days) diff --git a/tests/custom-cert.rs b/tests/custom-cert.rs index 8aeed94e3..0b3623a0b 100644 --- a/tests/custom-cert.rs +++ b/tests/custom-cert.rs @@ -7,6 +7,15 @@ use tokio_util::compat::TokioAsyncWriteCompatExt; #[allow(dead_code)] static LOGGER_SETUP: Once = Once::new(); +// Generate a rsa private key (this is your CA private key) +// Create a self signed certificate using the CA for the purposes of +// Generate another rsa private key (this is your server private key) +// Create a CSR based on the "server private key" +// Complete the CSR using the "CA private key" +// https://docs.openssl.org/master/man1/openssl-ca/#synopsis +// openssl-ca - OpenSSL Documentation + + #[test] #[cfg(any( feature = "rustls", @@ -21,24 +30,17 @@ fn connect_to_custom_cert_instance_ado() -> Result<()> { let rt = Runtime::new()?; rt.block_on(async { - let mut config = Config::from_ado_string("server=tcp:localhost,1433;IntegratedSecurity=true;TrustServerCertificateCA=docker/certs/customCA.crt")?; - config.authentication(AuthMethod::sql_server( - "sa", - "", - )); + let mut config = Config::from_ado_string( + "server=tcp:localhost,1433;IntegratedSecurity=true;TrustServerCertificateCA=mssql.crt", + )?; + config.authentication(AuthMethod::sql_server("sa", "")); let tcp = TcpStream::connect(config.get_addr()).await?; - let mut client = Client::connect(config, tcp.compat_write()).await?; + let client = Client::connect(config, tcp.compat_write()).await; - let row = client - .query("SELECT @P1", &[&-4i32]) - .await? - .into_row() - .await? - .unwrap(); + assert!(client.is_err()); - assert_eq!(Some(-4i32), row.get(0)); Ok(()) }) } @@ -59,22 +61,26 @@ fn connect_to_custom_cert_instance_jdbc() -> Result<()> { rt.block_on(async { // Careful: the / in the TrustServerCertificateCA needs to be escaped let mut config = Config::from_jdbc_string( - "jdbc:sqlserver://localhost:1433;TrustServerCertificateCA=docker{/}certs{/}customCA.crt", + "jdbc:sqlserver://localhost:1433;TrustServerCertificateCA=mssql.crt", )?; config.authentication(AuthMethod::sql_server("sa", "")); + // config.trust_cert_ca("mssql.crt"); let tcp = TcpStream::connect(config.get_addr()).await?; - let mut client = Client::connect(config, tcp.compat_write()).await?; + let client = Client::connect(config, tcp.compat_write()).await; + + assert!(client.is_err()); + + // let row = client + // .query("SELECT @P1", &[&-4i32]) + // .await? + // .into_row() + // .await? + // .unwrap(); - let row = client - .query("SELECT @P1", &[&-4i32]) - .await? - .into_row() - .await? - .unwrap(); + // assert_eq!(Some(-4i32), row.get(0)); - assert_eq!(Some(-4i32), row.get(0)); Ok(()) }) } @@ -90,9 +96,10 @@ fn connect_to_custom_cert_instance_without_ca() -> Result<()> { rt.block_on(async { let mut config = Config::new(); config.authentication(AuthMethod::sql_server("sa", "")); - config.encryption(EncryptionLevel::On); + config.encryption(EncryptionLevel::Required); config.host("localhost"); config.port(1433); + // config.trust_cert_ca("mssql.crt"); let tcp = TcpStream::connect(config.get_addr()).await?; diff --git a/xtask/Cargo.toml b/xtask/Cargo.toml new file mode 100644 index 000000000..e240aec28 --- /dev/null +++ b/xtask/Cargo.toml @@ -0,0 +1,6 @@ +[package] +name = "xtask" +version = "0.1.0" +edition = "2024" + +[dependencies] diff --git a/xtask/src/main.rs b/xtask/src/main.rs new file mode 100644 index 000000000..13b82f493 --- /dev/null +++ b/xtask/src/main.rs @@ -0,0 +1,144 @@ +use std::{ + env, + process::{Command, exit}, + thread::sleep, + time::Duration, +}; + +fn main() { + let mut args = env::args().skip(1); + let cmd = args.next().unwrap_or_default(); + + let container_engine = env::var("CONTAINER_ENGINE").unwrap_or_else(|_| "docker".to_string()); + + match cmd.as_str() { + "container" => { + // need to change unwrap_or_else in document + // default version is 2019, any opposition? + + // doesn't run tests + let version = args.next().unwrap_or_else(|| "2019".into()); + start_container(&version, &container_engine); + } + "test" => { + // run the tests + run_tests(args.collect::>()); + } + "local" => { + // local runs test AND container + let version = args.next().unwrap_or_else(|| "2019".into()); + start_container(&version, &container_engine); + // start_container calls wait_for_sql anyway + run_tests(args.collect::>()); + stop_container(&version, &container_engine); + } + "stop" => { + // stops running containers + let version = args.next().unwrap_or_else(|| "2019".into()); + stop_container(&version, &container_engine); + } + _ => { + exit(1); + } + } +} + +fn start_container(version: &str, container_engine: &str) { + Command::new("bash") + .arg("-c") + .arg("./generate.sh") + .status() + .unwrap(); + + let sa_password = + env::var("SA_PASSWORD").unwrap_or_else(|_| "".to_string()); + let container_name = format!("mssql-{}", version); + + let dockerfile = format!("docker/docker-mssql-{}.dockerfile", version); + let image_tag = format!("my-mssql:{}", version); + + println!("Cleaning up existing container, {}", container_name); + + Command::new(container_engine) + .args(["rm", "-f", &container_name]) + .status() + .unwrap(); + + println!("Building image {} from {}...", image_tag, dockerfile); + + let status = Command::new(container_engine) + .args(["build", "-f", &dockerfile, "-t", &image_tag, "."]) + .status() + .expect("Failed to build docker image"); + + if !status.success() { + eprintln!("Docker build failed for {}", version); + exit(1); + } + + println!("Starting SQL Server {} container...", version); + + let status = Command::new(container_engine) + .args([ + "run", + "-d", + "--name", + &container_name, + "-e", + "ACCEPT_EULA=Y", + "-e", + &format!("MSSQL_SA_PASSWORD={}", sa_password), + "-e", + "MSSQL_PID=Developer", + "-p", + "1433:1433", + &image_tag, + ]) + .status() + .expect("Failed to run docker"); + + if !status.success() { + eprintln!("Failed to start container, {}", version); + exit(1); + } + + println!("Started container: {}", container_name); + wait_for_sql(); +} + +fn wait_for_sql() { + println!("Waiting for SQL Server to start. 25 seconds. Do not change or exit. - please."); + sleep(Duration::from_secs(25)); +} + +fn stop_container(version: &str, container_engine: &str) { + let name = format!("mssql-{}", version); + let _ = Command::new(container_engine) + .args(["rm", "-f", &name]) + .status(); + println!("Stopped container {}", name); +} + +fn run_tests(flags: Vec) { + let sa_password = + env::var("SA_PASSWORD").unwrap_or_else(|_| "".to_string()); + let connection_string = env::var("TIBERIUS_TEST_CONNECTION_STRING").unwrap_or_else(|_| { + format!( + "server=tcp:localhost,1433;user=sa;password={};TrustServerCertificate=true", + sa_password + ) + }); + + // for debugging: println!("Running tests with connection {}", connection_string); + + let status = Command::new("cargo") + .arg("test") + .env("TIBERIUS_TEST_CONNECTION_STRING", &connection_string) + .args(&flags) + .status() + .expect("failed to run cargo test"); + + if !status.success() { + exit(1); + } +}