From ca9953c9096c1f8b8995027b7e734d9d7214d214 Mon Sep 17 00:00:00 2001 From: Aleksei Arsenev Date: Sun, 4 Jun 2023 17:02:28 +0300 Subject: [PATCH 1/4] Add tls config for etcd metadata driver --- .../conf/AbstractConfiguration.java | 10 +++ .../bookkeeper/metadata/etcd/EtcdConfig.java | 52 +++++++++++++ .../metadata/etcd/EtcdMetadataDriverBase.java | 43 +++++++++- .../etcd/integration/TlsSmokeTest.java | 39 ++++++++++ .../etcd/testing/EtcdBKClusterTestBase.java | 7 +- .../metadata/etcd/testing/EtcdContainer.java | 78 ++++++++++++++++--- .../metadata/etcd/testing/EtcdTestBase.java | 58 +++++++++++++- .../etcd/src/test/resources/ssl/.gitignore | 1 + .../etcd/src/test/resources/ssl/README.md | 28 +++++++ .../test/resources/ssl/cert/ca-config.json | 1 + .../src/test/resources/ssl/cert/ca-key.pem | 27 +++++++ .../etcd/src/test/resources/ssl/cert/ca.csr | 15 ++++ .../etcd/src/test/resources/ssl/cert/ca.pem | 18 +++++ .../resources/ssl/cert/client-key-pk8.pem | 28 +++++++ .../test/resources/ssl/cert/client-key.pem | 27 +++++++ .../src/test/resources/ssl/cert/client.csr | 16 ++++ .../src/test/resources/ssl/cert/client.pem | 20 +++++ .../test/resources/ssl/cert/server-key.pem | 27 +++++++ .../src/test/resources/ssl/cert/server.csr | 16 ++++ .../src/test/resources/ssl/cert/server.pem | 20 +++++ .../ssl/generate-self-signed-certificates.sh | 58 ++++++++++++++ 21 files changed, 568 insertions(+), 21 deletions(-) create mode 100644 metadata-drivers/etcd/src/main/java/org/apache/bookkeeper/metadata/etcd/EtcdConfig.java create mode 100644 metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/integration/TlsSmokeTest.java create mode 100644 metadata-drivers/etcd/src/test/resources/ssl/.gitignore create mode 100644 metadata-drivers/etcd/src/test/resources/ssl/README.md create mode 100644 metadata-drivers/etcd/src/test/resources/ssl/cert/ca-config.json create mode 100644 metadata-drivers/etcd/src/test/resources/ssl/cert/ca-key.pem create mode 100644 metadata-drivers/etcd/src/test/resources/ssl/cert/ca.csr create mode 100644 metadata-drivers/etcd/src/test/resources/ssl/cert/ca.pem create mode 100644 metadata-drivers/etcd/src/test/resources/ssl/cert/client-key-pk8.pem create mode 100644 metadata-drivers/etcd/src/test/resources/ssl/cert/client-key.pem create mode 100644 metadata-drivers/etcd/src/test/resources/ssl/cert/client.csr create mode 100644 metadata-drivers/etcd/src/test/resources/ssl/cert/client.pem create mode 100644 metadata-drivers/etcd/src/test/resources/ssl/cert/server-key.pem create mode 100644 metadata-drivers/etcd/src/test/resources/ssl/cert/server.csr create mode 100644 metadata-drivers/etcd/src/test/resources/ssl/cert/server.pem create mode 100755 metadata-drivers/etcd/src/test/resources/ssl/generate-self-signed-certificates.sh diff --git a/bookkeeper-server/src/main/java/org/apache/bookkeeper/conf/AbstractConfiguration.java b/bookkeeper-server/src/main/java/org/apache/bookkeeper/conf/AbstractConfiguration.java index 438dc40983e..406e6e0a687 100644 --- a/bookkeeper-server/src/main/java/org/apache/bookkeeper/conf/AbstractConfiguration.java +++ b/bookkeeper-server/src/main/java/org/apache/bookkeeper/conf/AbstractConfiguration.java @@ -82,6 +82,7 @@ public abstract class AbstractConfiguration protected static final String ALLOW_SHADED_LEDGER_MANAGER_FACTORY_CLASS = "allowShadedLedgerManagerFactoryClass"; protected static final String SHADED_LEDGER_MANAGER_FACTORY_CLASS_PREFIX = "shadedLedgerManagerFactoryClassPrefix"; protected static final String METADATA_SERVICE_URI = "metadataServiceUri"; + protected static final String METADATA_SERVICE_CONFIG = "metadataServiceConfig"; protected static final String ZK_LEDGERS_ROOT_PATH = "zkLedgersRootPath"; protected static final String ZK_REQUEST_RATE_LIMIT = "zkRequestRateLimit"; protected static final String AVAILABLE_NODE = "available"; @@ -295,6 +296,15 @@ public T setMetadataServiceUri(String serviceUri) { return getThis(); } + public String getMetadataServiceConfig() { + return getString(METADATA_SERVICE_CONFIG); + } + + public T setMetadataServiceConfig(String config) { + setProperty(METADATA_SERVICE_CONFIG, config); + return getThis(); + } + /** * Get zookeeper servers to connect. * diff --git a/metadata-drivers/etcd/src/main/java/org/apache/bookkeeper/metadata/etcd/EtcdConfig.java b/metadata-drivers/etcd/src/main/java/org/apache/bookkeeper/metadata/etcd/EtcdConfig.java new file mode 100644 index 00000000000..c81b59d06a7 --- /dev/null +++ b/metadata-drivers/etcd/src/main/java/org/apache/bookkeeper/metadata/etcd/EtcdConfig.java @@ -0,0 +1,52 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.bookkeeper.metadata.etcd; + +import io.netty.handler.ssl.SslProvider; +import org.apache.commons.configuration.CompositeConfiguration; + +class EtcdConfig extends CompositeConfiguration { + private static final String USE_TLS = "useTls"; + private static final String TLS_PROVIDER = "tlsProvider"; + private static final String TLS_TRUST_CERTS_FILE_PATH = "tlsTrustCertsFilePath"; + private static final String TLS_KEY_FILE_PATH = "tlsKeyFilePath"; + private static final String TLS_CERTIFICATE_FILE_PATH = "tlsCertificateFilePath"; + private static final String AUTHORITY = "authority"; + + public boolean isUseTls() { + return getBoolean(USE_TLS, false); + } + + public SslProvider getTlsProvider() { + return SslProvider.valueOf(getString(TLS_PROVIDER)); + } + + public String getTlsTrustCertsFilePath() { + return getString(TLS_TRUST_CERTS_FILE_PATH); + } + + public String getTlsKeyFilePath() { + return getString(TLS_KEY_FILE_PATH); + } + + public String getTlsCertificateFilePath() { + return getString(TLS_CERTIFICATE_FILE_PATH); + } + + public String getAuthority() { + return getString(AUTHORITY); + } +} + diff --git a/metadata-drivers/etcd/src/main/java/org/apache/bookkeeper/metadata/etcd/EtcdMetadataDriverBase.java b/metadata-drivers/etcd/src/main/java/org/apache/bookkeeper/metadata/etcd/EtcdMetadataDriverBase.java index 2938770de85..a3c7f6af0ec 100644 --- a/metadata-drivers/etcd/src/main/java/org/apache/bookkeeper/metadata/etcd/EtcdMetadataDriverBase.java +++ b/metadata-drivers/etcd/src/main/java/org/apache/bookkeeper/metadata/etcd/EtcdMetadataDriverBase.java @@ -19,9 +19,13 @@ import com.google.common.collect.Lists; import io.etcd.jetcd.Client; +import io.etcd.jetcd.ClientBuilder; +import io.grpc.netty.GrpcSslContexts; +import java.io.File; import java.io.IOException; import java.util.List; import java.util.stream.Collectors; +import javax.net.ssl.SSLException; import lombok.extern.slf4j.Slf4j; import org.apache.bookkeeper.common.net.ServiceURI; import org.apache.bookkeeper.conf.AbstractConfiguration; @@ -31,6 +35,8 @@ import org.apache.bookkeeper.meta.exceptions.MetadataException; import org.apache.bookkeeper.stats.StatsLogger; import org.apache.commons.configuration.ConfigurationException; +import org.apache.commons.configuration.PropertiesConfiguration; +import org.apache.commons.lang3.StringUtils; /** * This is a mixin class for supporting etcd based metadata drivers. @@ -77,18 +83,47 @@ protected void initialize(AbstractConfiguration conf, StatsLogger statsLogger ServiceURI serviceURI = ServiceURI.create(metadataServiceUriStr); this.keyPrefix = serviceURI.getServicePath(); + EtcdConfig config = new EtcdConfig(); + if (StringUtils.isNotEmpty(conf.getMetadataServiceConfig())) { + try { + PropertiesConfiguration propsConf = new PropertiesConfiguration(conf.getMetadataServiceConfig()); + config.addConfiguration(propsConf); + } catch (ConfigurationException e) { + throw new MetadataException(Code.METADATA_SERVICE_ERROR, e); + } + } + List etcdEndpoints = Lists.newArrayList(serviceURI.getServiceHosts()) .stream() - .map(host -> String.format("http://%s", host)) + .map(host -> config.isUseTls() ? String.format("https://%s", host) : String.format("http://%s", host)) .collect(Collectors.toList()); log.info("Initializing etcd metadata driver : etcd endpoints = {}, key scope = {}", etcdEndpoints, keyPrefix); synchronized (this) { - this.client = Client.builder() - .endpoints(etcdEndpoints.toArray(new String[etcdEndpoints.size()])) - .build(); + ClientBuilder builder = Client.builder() + .endpoints(etcdEndpoints.toArray(new String[etcdEndpoints.size()])); + if (config.isUseTls()) { + File trustCertsFile = new File(config.getTlsTrustCertsFilePath()); + File keyFile = new File(config.getTlsKeyFilePath()); + File certFile = new File(config.getTlsCertificateFilePath()); + try { + builder.sslContext(GrpcSslContexts.forClient() + .trustManager(trustCertsFile) + .sslProvider(config.getTlsProvider()) + .keyManager(certFile, keyFile) + .build()); + } catch (SSLException e) { + throw new MetadataException(Code.METADATA_SERVICE_ERROR, e); + } + } + + if (StringUtils.isNotEmpty(config.getAuthority())) { + builder.authority(config.getAuthority()); + } + + this.client = builder.build(); } this.layoutManager = new EtcdLayoutManager( diff --git a/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/integration/TlsSmokeTest.java b/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/integration/TlsSmokeTest.java new file mode 100644 index 00000000000..da1d06d41df --- /dev/null +++ b/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/integration/TlsSmokeTest.java @@ -0,0 +1,39 @@ +package org.apache.bookkeeper.metadata.etcd.integration; + +import lombok.extern.slf4j.Slf4j; +import org.apache.bookkeeper.client.api.BookKeeper; +import org.apache.bookkeeper.conf.ClientConfiguration; +import org.apache.bookkeeper.metadata.etcd.testing.EtcdContainer; +import org.apache.commons.lang.RandomStringUtils; +import org.junit.AfterClass; +import org.junit.BeforeClass; + +@Slf4j +public class TlsSmokeTest extends SmokeTest { + + @BeforeClass + public static void setupCluster() throws Exception { + etcdContainer = new EtcdContainer(RandomStringUtils.randomAlphabetic(8), true); + etcdContainer.start(); + log.info("Successfully started etcd1 at {}", etcdContainer.getClientEndpoint()); + setupCluster(NUM_BOOKIES); + } + + @AfterClass + public static void teardownCluster() throws Exception { + if (null != etcdContainer) { + etcdContainer.stop(); + etcdContainer = null; + log.info("Successfully stopped etcd."); + } + } + + @Override + public void setUp() throws Exception { + conf = new ClientConfiguration() + .setMetadataServiceUri(etcdContainer.getExternalServiceUri()) + .setMetadataServiceConfig(getMetadataServiceConfig()); + bk = BookKeeper.newBuilder(conf).build(); + } + +} diff --git a/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdBKClusterTestBase.java b/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdBKClusterTestBase.java index c7e81f4d7e3..bac1cc9ae71 100644 --- a/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdBKClusterTestBase.java +++ b/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdBKClusterTestBase.java @@ -101,10 +101,13 @@ protected static void setupCluster(int numBookies) throws Exception { ServiceURI uri = ServiceURI.create(etcdContainer.getExternalServiceUri()); + String metadataServiceConfig = getMetadataServiceConfig(); baseClientConf = new ClientConfiguration() - .setMetadataServiceUri(uri.getUri().toString()); + .setMetadataServiceUri(uri.getUri().toString()) + .setMetadataServiceConfig(metadataServiceConfig); baseServerConf = TestBKConfiguration.newServerConfiguration() - .setMetadataServiceUri(uri.getUri().toString()); + .setMetadataServiceUri(uri.getUri().toString()) + .setMetadataServiceConfig(metadataServiceConfig); // format the cluster assertTrue(BookKeeperAdmin.format(baseServerConf, false, true)); // start bookies diff --git a/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdContainer.java b/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdContainer.java index 0178e4d2ab5..6f3f8ac3f79 100644 --- a/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdContainer.java +++ b/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdContainer.java @@ -24,16 +24,24 @@ import com.github.dockerjava.api.async.ResultCallback; import com.github.dockerjava.api.command.LogContainerCmd; import com.github.dockerjava.api.model.Frame; +import io.grpc.netty.GrpcSslContexts; +import io.netty.handler.ssl.SslContext; +import io.netty.handler.ssl.SslProvider; +import java.security.Security; import java.util.concurrent.CompletableFuture; import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; +import lombok.Getter; import lombok.extern.slf4j.Slf4j; import org.testcontainers.DockerClientFactory; import org.testcontainers.containers.ContainerLaunchException; import org.testcontainers.containers.GenericContainer; import org.testcontainers.containers.output.WaitingConsumer; import org.testcontainers.containers.wait.strategy.WaitStrategy; +import org.testcontainers.shaded.org.bouncycastle.jce.provider.BouncyCastleProvider; import org.testcontainers.utility.LogUtils; +import org.testcontainers.utility.MountableFile; +import javax.net.ssl.SSLException; /** * Etcd test container. @@ -52,10 +60,13 @@ public void onNext(Frame frame) { public static final int CLIENT_PORT = 2379; private final String clusterName; + @Getter + private final boolean secure; - public EtcdContainer(String clusterName) { + public EtcdContainer(String clusterName, boolean secure) { super("quay.io/coreos/etcd:v3.3"); this.clusterName = clusterName; + this.secure = secure; } public String getExternalServiceUri() { @@ -70,15 +81,31 @@ public String getInternalServiceUri() { protected void configure() { super.configure(); - String[] command = new String[] { - "/usr/local/bin/etcd", - "--name", NAME + "0", - "--initial-advertise-peer-urls", "http://" + NAME + ":2380", - "--listen-peer-urls", "http://0.0.0.0:2380", - "--advertise-client-urls", "http://" + NAME + ":2379", - "--listen-client-urls", "http://0.0.0.0:2379", - "--initial-cluster", NAME + "0=http://" + NAME + ":2380" - }; + if (secure) { + withCommand( + "/usr/local/bin/etcd", + "--name", NAME + "0", + "--initial-advertise-peer-urls", "http://" + NAME + ":2380", + "--listen-peer-urls", "http://0.0.0.0:2380", + "--advertise-client-urls", "https://" + NAME + ":2379", + "--listen-client-urls", "https://0.0.0.0:2379", + "--initial-cluster", NAME + "0=http://" + NAME + ":2380", + "--client-cert-auth", + "--trusted-ca-file", "/ca.pem", + "--cert-file", "/server.pem", + "--key-file", "/server-key.pem" + ); + } else { + withCommand( + "/usr/local/bin/etcd", + "--name", NAME + "0", + "--initial-advertise-peer-urls", "http://" + NAME + ":2380", + "--listen-peer-urls", "http://0.0.0.0:2380", + "--advertise-client-urls", "http://" + NAME + ":2379", + "--listen-client-urls", "http://0.0.0.0:2379", + "--initial-cluster", NAME + "0=http://" + NAME + ":2380" + ); + } this.withNetworkAliases(NAME) .withExposedPorts(CLIENT_PORT) @@ -86,9 +113,14 @@ protected void configure() { createContainerCmd.withHostName(NAME); createContainerCmd.withName(clusterName + "-" + NAME); }) - .withCommand(command) .withNetworkAliases(NAME) .waitingFor(waitStrategy()); + if (secure) { + this.withCopyFileToContainer(MountableFile.forClasspathResource("ssl/cert/ca.pem"), "/ca.pem") + .withCopyFileToContainer(MountableFile.forClasspathResource("ssl/cert/server.pem"), "/server.pem") + .withCopyFileToContainer(MountableFile.forClasspathResource("ssl/cert/server-key.pem"), + "/server-key.pem"); + } tailContainerLog(); } @@ -113,7 +145,11 @@ public int getEtcdClientPort() { } public String getClientEndpoint() { - return String.format("http://%s:%d", getHost(), getEtcdClientPort()); + if (secure) { + return String.format("https://%s:%d", getHost(), getEtcdClientPort()); + } else { + return String.format("http://%s:%d", getHost(), getEtcdClientPort()); + } } private WaitStrategy waitStrategy() { @@ -139,5 +175,23 @@ protected void waitUntilReady() { }; } + public SslContext getSslContext() throws SSLException { + if (!secure) { + return null; + } + return GrpcSslContexts.forClient() + .sslProvider(SslProvider.OPENSSL) + .trustManager(EtcdContainer.class.getClassLoader().getResourceAsStream("ssl/cert/ca.pem")) + .keyManager( + EtcdContainer.class.getClassLoader().getResourceAsStream("ssl/cert/client.pem"), + EtcdContainer.class.getClassLoader().getResourceAsStream("ssl/cert/client-key-pk8.pem") + ).build(); + } + public String getAuthority() { + if (!secure) { + return null; + } + return "etcd-ssl"; + } } diff --git a/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdTestBase.java b/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdTestBase.java index 00758420057..65a9dd190a6 100644 --- a/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdTestBase.java +++ b/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdTestBase.java @@ -19,17 +19,27 @@ package org.apache.bookkeeper.metadata.etcd.testing; import io.etcd.jetcd.Client; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.StandardOpenOption; import java.util.Set; import java.util.concurrent.LinkedBlockingQueue; import java.util.function.Consumer; +import lombok.Cleanup; +import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; import org.apache.bookkeeper.versioning.Versioned; +import org.apache.commons.io.IOUtils; import org.apache.commons.lang.RandomStringUtils; import org.junit.After; import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Rule; +import org.junit.rules.TemporaryFolder; import org.junit.rules.Timeout; /** @@ -41,28 +51,37 @@ public abstract class EtcdTestBase { @Rule public Timeout globalTimeout = Timeout.seconds(120); + @Rule + public TemporaryFolder temporaryFolder = new TemporaryFolder(); + protected static EtcdContainer etcdContainer; @BeforeClass public static void setupCluster() throws Exception { - etcdContainer = new EtcdContainer(RandomStringUtils.randomAlphabetic(8)); - etcdContainer.start(); - log.info("Successfully started etcd at {}", etcdContainer.getClientEndpoint()); + if (null == etcdContainer) { + etcdContainer = new EtcdContainer(RandomStringUtils.randomAlphabetic(8), false); + etcdContainer.start(); + log.info("Successfully started etcd at {}", etcdContainer.getClientEndpoint()); + } } @AfterClass public static void teardownCluster() throws Exception { if (null != etcdContainer) { etcdContainer.stop(); + etcdContainer = null; log.info("Successfully stopped etcd."); } } protected Client etcdClient; + @SneakyThrows protected static Client newEtcdClient() { Client client = Client.builder() .endpoints(etcdContainer.getClientEndpoint()) + .sslContext(etcdContainer.getSslContext()) + .authority(etcdContainer.getAuthority()) .build(); return client; } @@ -93,4 +112,37 @@ public void tearDown() throws Exception { } } + @SneakyThrows + protected static String getMetadataServiceConfig() { + if (!etcdContainer.isSecure()) { + return ""; + } + + Path config = Files.createTempFile("etcd", "conf"); + String contents = "useTls=true" + + "\ntlsProvider=OPENSSL" + + "\ntlsTrustCertsFilePath=" + + unpackSslResource("ca.pem").toString() + + "\ntlsKeyFilePath=" + + unpackSslResource("client-key-pk8.pem").toString() + + "\ntlsCertificateFilePath=" + + unpackSslResource("client.pem").toString() + + "\nauthority=" + + etcdContainer.getAuthority(); + Files.write(config, contents.getBytes(StandardCharsets.UTF_8), StandardOpenOption.CREATE, + StandardOpenOption.TRUNCATE_EXISTING); + return config.toString(); + } + + @SneakyThrows + protected static Path unpackSslResource(String name) { + @Cleanup + InputStream resource = EtcdTestBase.class.getClassLoader().getResourceAsStream("ssl/cert/" + name); + Path target = Files.createTempFile("bk", name); + @Cleanup + OutputStream out = + Files.newOutputStream(target, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING); + IOUtils.copy(resource, out); + return target; + } } diff --git a/metadata-drivers/etcd/src/test/resources/ssl/.gitignore b/metadata-drivers/etcd/src/test/resources/ssl/.gitignore new file mode 100644 index 00000000000..0139cd0a6fa --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/.gitignore @@ -0,0 +1 @@ +cfssl diff --git a/metadata-drivers/etcd/src/test/resources/ssl/README.md b/metadata-drivers/etcd/src/test/resources/ssl/README.md new file mode 100644 index 00000000000..af9ad88dbae --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/README.md @@ -0,0 +1,28 @@ + + +This directory is used for Etcd metadata testing. + +**Note: DO NOT EDIT THIS DIRECTORY STRUCTURE** + +The `cert` directory holds the Etcd TLS certificate. + +The `generate-self-signed-certificates.sh` is used to generate self-signed certificates based on [cfssl](https://github.com/cloudflare/cfssl). diff --git a/metadata-drivers/etcd/src/test/resources/ssl/cert/ca-config.json b/metadata-drivers/etcd/src/test/resources/ssl/cert/ca-config.json new file mode 100644 index 00000000000..dafdebe741d --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/cert/ca-config.json @@ -0,0 +1 @@ +{"signing":{"default":{"expiry":"876000h","usages":["signing","key encipherment","server auth","client auth"]}}} diff --git a/metadata-drivers/etcd/src/test/resources/ssl/cert/ca-key.pem b/metadata-drivers/etcd/src/test/resources/ssl/cert/ca-key.pem new file mode 100644 index 00000000000..42eae6f3cf6 --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/cert/ca-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAyIfjTjiK4VuyuoGcZXvv4CA+oiUkecAR5krBlWaGTRvlNygi +iAKSkfEiJjqBs5Dz5Zd0CQSSAS1YbVz0fkHDRSy7YXErGwnNpTG12oEh2NGf/k30 +AHytdET0XaJxEOJMx0bFjNY3MtnjlW44cAvDiXnwefDDXueLpSSXV7FZv/w4zo8m +eYS7L6kkJ5ZUztVX7WHPi+roFc6QMKip+sz18oQHGxkD20eu8YUmw7MiE/RXb49f +BWk716v6KlofDbTgr7TDEuU1kkQ63/0xRwRUdeDKRa8GFlHlXkZ3fOO6xAEl77u9 +Mg6JB/7XkmI2SbwfIcckTmiUVRQrt4ejMfd6eQIDAQABAoIBAQCSRKQlOxL6HEO6 +zK2CTKuEZKCq7sKzV8j2nJKlYfoWJoHEAK9nW9EDSMqq7cQLcXCliBpoNYA2AZhd +dQ8VROyk+WLYSY6yky0AEMlfzw8cMpMsEDopXMe8ZkuEPOeR9C8ir9mKx/nNSqc5 +KQNbnwkKrvocR+SJxgTS+WS23zLi2E/IXZThtXmqf6slwLU+ZvqMT0ODXWxhQKOf +c/8Z/6t4IYGNzxHr5ScYQ1m8aOC+AttturN0HMaQBpsKsUBCl6FF1StzirYnk8SQ +z+SmtvrU9qhDLFhMu+FhdOA787L6SU5pu76rnLR1G8/g/27OsZyVF5pyir4Mu9a7 +DSNBY0UBAoGBAM77nGCaNJS/Oa4g7655iaMUB48OaxqCVjK9Zs2R5aklssodByQB +rNDJE1gQCfGm1k4x/JHBXboHoqifz45QMBBLnAJtKMAxD8H8/J2uRLQbiyrRrE4M +XSyDQEMtDlQF39tw8VheL+gLwJgQZzvHvjoBvavFW+t+jpEhw2YQhCGhAoGBAPgF +HswyBMRK4zOyu+etmSkcf5st2Ds3lAlfDx8sqw46y05moQM89NDQ0C3Ch4DhM4OO +3cvwTX3bK1BNcOGubDp/qdkMOarXGkM2cj71Q3dEaD34qJCmb+0A+HmYLcqInkUA +IZpbfwv/BWgn08+S1P1aqnxzBaQRtvozCWaohlnZAoGAR9Z4LecXfNDp2g/AYFP6 +e0lGXlZoweietjmaZprOlOhqp09v3QVfz48aUaQvb1myY61htczhFOH1iIT+6qvW +IrG7UfRFAn+EspV1r9x+J+yvXosrPGN6KyrasPYAVRU83tLSURNPmUAK9jwrOEpZ +MZTNGcMD5jYkkSagxNnSokECgYEAgIm+zVr653RcTdXK1qY8o3bWl2jqEL6cJUMz +xhdTS5ui9C3yMohr5LDjw2N28I9GMF9hiakvsBNfXk3UO9I22xaAwzE3zdePD9hu +2zwnS++TCtMNIXJwvWbsX7BDwxyM0fvgbmwO6vuvJKzHdGOHqQpNIxRFjyNzLjY3 +IBIlFvkCgYB8oBRkYTtqcZ5i4eo75kHfs6e5UXh6OupwzOZEVSjF4sbbuXgnMMgY +mOwAuhhTRFVUUboR1uTCyHTt1XOSRJnDEeQ6HoSZIuvpS/Im/msMUz2Jr8Rsjkj/ +l6XrecY5NZrOFOSbYFG2ILQ3RMsn1O6leqryR/iPh9cgMUcpNyTW0Q== +-----END RSA PRIVATE KEY----- diff --git a/metadata-drivers/etcd/src/test/resources/ssl/cert/ca.csr b/metadata-drivers/etcd/src/test/resources/ssl/cert/ca.csr new file mode 100644 index 00000000000..32c4783ef43 --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/cert/ca.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICUjCCAToCAQAwDTELMAkGA1UEAxMCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDIh+NOOIrhW7K6gZxle+/gID6iJSR5wBHmSsGVZoZNG+U3KCKI +ApKR8SImOoGzkPPll3QJBJIBLVhtXPR+QcNFLLthcSsbCc2lMbXagSHY0Z/+TfQA +fK10RPRdonEQ4kzHRsWM1jcy2eOVbjhwC8OJefB58MNe54ulJJdXsVm//DjOjyZ5 +hLsvqSQnllTO1VftYc+L6ugVzpAwqKn6zPXyhAcbGQPbR67xhSbDsyIT9Fdvj18F +aTvXq/oqWh8NtOCvtMMS5TWSRDrf/TFHBFR14MpFrwYWUeVeRnd847rEASXvu70y +DokH/teSYjZJvB8hxyROaJRVFCu3h6Mx93p5AgMBAAGgADANBgkqhkiG9w0BAQsF +AAOCAQEAe4xqJwuDm9l6w2h1Qe3SXUII7rBbQ0IcTmaxed428pe8Dl4lFqGx6vfl +pZfS1uWqjkh3MLQiyQjzYiQeRvOAPnnGDT05xyFFYQUpvEcYu06sO2w80Y1XHVCL +NaDxI/+NOHwVVOIQBMkh4SQIBoPPijGOh97pxaLyVr7cpbXn7AeHk3jqeybZ6Pm7 +nHqfyPWU7wPVMwbuSYTAST3oMA00vQJExPkS7++puHRRX46E0mWKJyFyI5QG1Rb5 +HqWlQN/hc8+BYLp9acBuoqvtS9r9+8ul29btXEFNG8D0kQvxD9Ri2eDg14RJ+Ttw +pJUG+R/4tJotXZd+X8yHiF4FpUKtwQ== +-----END CERTIFICATE REQUEST----- diff --git a/metadata-drivers/etcd/src/test/resources/ssl/cert/ca.pem b/metadata-drivers/etcd/src/test/resources/ssl/cert/ca.pem new file mode 100644 index 00000000000..eabf09953d7 --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/cert/ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6jCCAdKgAwIBAgIUBdSnu+k1u/lPj2w9VBVahJdf/ZswDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAxMCQ0EwHhcNMjMwNjAzMjAzODAwWhcNMjgwNjAxMjAzODAw +WjANMQswCQYDVQQDEwJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AMiH4044iuFbsrqBnGV77+AgPqIlJHnAEeZKwZVmhk0b5TcoIogCkpHxIiY6gbOQ +8+WXdAkEkgEtWG1c9H5Bw0Usu2FxKxsJzaUxtdqBIdjRn/5N9AB8rXRE9F2icRDi +TMdGxYzWNzLZ45VuOHALw4l58Hnww17ni6Ukl1exWb/8OM6PJnmEuy+pJCeWVM7V +V+1hz4vq6BXOkDCoqfrM9fKEBxsZA9tHrvGFJsOzIhP0V2+PXwVpO9er+ipaHw20 +4K+0wxLlNZJEOt/9MUcEVHXgykWvBhZR5V5Gd3zjusQBJe+7vTIOiQf+15JiNkm8 +HyHHJE5olFUUK7eHozH3enkCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFKDTvfTnBokC5ib8wJGrhqMWOea7MA0GCSqG +SIb3DQEBCwUAA4IBAQCwrrLGl8iW1hARoyLMhgLMDZiN5gIvKBV/WuthdFtwG2Af +1yDx6MmsUhcYBIuwujAKO57VBP7k1zLdxWMSPxlxeBGRF0wWgFuUKdf7AvH/57F5 +N45iJEBPrH6o8MVHoLo2DLYwQRh6F25/WVb2rZkRE7zr1h/fPXuJ5uUWUYo69iUj +Ff3vNU1Y6sxfLgYL5Z42KG1O0oDcKhLWMh5drQ2duqAxnNd1fwM+WJNNq/VXIjkD +s0EsdiWzsBpIsPfZrywxEEEUdKDgnctxlyEJdb98tmn+7oZNBh+ZesPEUhoz+tFD +2+GF0rEB7xIk3oDcGIVPX5tmamDaMl0/n9bfvzLL +-----END CERTIFICATE----- diff --git a/metadata-drivers/etcd/src/test/resources/ssl/cert/client-key-pk8.pem b/metadata-drivers/etcd/src/test/resources/ssl/cert/client-key-pk8.pem new file mode 100644 index 00000000000..e064a3d7db4 --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/cert/client-key-pk8.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDSyahGhybnHxoT +ElyylWuu7vMxgFfOh5W5igJcD1/9+F0L/JlWVNaVS+XK6NFML0xgCsasFPJCAp9r +LPlU6G3FwuRkOILYRZWYWw2A3fnloxFB6MCbdenD8umOxFNdHKrN39PR/CSVeN/E +UL4aW8LEuykneaK77wJNfu2Dmbw+/PanEEhVPYLF10KARTx48VnkBhbSXt/jQtSB +ySx3PWW3F83n3T0jCz21bc1tfk1VPFz6orYTz31CuzGWKxnNEv0pj4SevzcPQsEM +VBU5uF5bDSeTkL3fPA7b2dwqquVSPNOmho25ARyCpQ0jBJZkI5Xl4EMRiGS5rOiA +UdG9xOHPAgMBAAECggEAGBfqvx0FqldYwKNRqyv/IgC4FYlo//dpesq2mFU9kKcJ +46vczwxldq01N+tCuSWS4kt5CARg6ICqPjLm0Pi8S2WKe5YmBph1j/OgaIF25fOs +rk7vbRWeQcKLRcFVEgiL0XprGM5sVBV75lGgWRzx91C5VITHwBmCtt7yQR+ab8x/ +NEqZ6PrtJKp2rdQVRTm3zMwHt83LJrdattkW/Ai11eS5MEZBSDNf/2Vn0L/fRoCj +8Grr1qQAce4VmNz3E7ct2nV7Z9Zpxs48h2pwRFY3zyO/Dr/RMWZXIWcoUG6WIoyp +gykcT8G5wmShYXkY4oo61IqBohgHltP66ybOaQCisQKBgQDxVU3zyOxhJ1wRX94F +ZG3UPe6NVBxPGPqZuYT0Mkld2eEzcglRjex57CIMNHRwh/l6ru5qnvWNuviSLA3F +XOLwznVfPRFkt3UfcDc7qMH+080cybDLLGZRHdXLZd03r6Y6W0tXXBZif66PbyDr +wiOYTl/ShxCgZf92r75FKAuQJwKBgQDfmR8s0VIMwKKDyMnOBIVDmzr1UaUgPJP6 +u49xeRRdNgNoStsCbffVXBhZbhZ41DxXcYGAv80VS5hmPhzr+moFzogW6jYwwlvA +Pe3nuNyIST0qLYgNuRrS1irUMRI2biv5BbMLrwldBOXA2gu05cOGBgtRdLXWnXDC +djHTVRCCGQKBgAbDulyj/CQ5Azaldka2avGxDre9bNG2xId8kMJ7ilzsF4jmoGY9 +0SwVt1qaOc1RsmeC8cHhVMa1P/Rw8a3fjajsUJPr1Un6bnkEHzg34cAv1acB7Ee1 +peSOLoj2AP5nmQQ3vOPk++ek5pK0rbqOBYtmXv86s/ebBE8iW/X6SmCvAoGBAKiw +Wb+zL8alMjZgLje6W1vU6dcYQI6ghTe9dwuxwDZOQKXXC4G6uyYBc/FMR7Hi1J9X +587dZPiy7of8Rk+VvZUh6rP3AOkqSJQxZKHUarR7JKUEcsd/pgf4QZmSZ94eohge +P6UJ6fN+dWNYXUqdqTQcrT9H4MPIRcC/8PkyDOFJAoGBAJah4MX7aHXI4+YHzH3N +sw4TgW/jXOTKm8ovlSZfWLX8fLJ9zJv5JLGVkGCbpsIMg80RBFgeHkucsjqlRP0Y +uKiJAtnbEqq+JroRpAvYaL05rVs8/PgJxGohw9DL4hu1632OIlzzQPvj63TqgP8s +YQbvmVdJnDijLJAigKdBEwvn +-----END PRIVATE KEY----- diff --git a/metadata-drivers/etcd/src/test/resources/ssl/cert/client-key.pem b/metadata-drivers/etcd/src/test/resources/ssl/cert/client-key.pem new file mode 100644 index 00000000000..f8e2c51b06e --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/cert/client-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA0smoRocm5x8aExJcspVrru7zMYBXzoeVuYoCXA9f/fhdC/yZ +VlTWlUvlyujRTC9MYArGrBTyQgKfayz5VOhtxcLkZDiC2EWVmFsNgN355aMRQejA +m3Xpw/LpjsRTXRyqzd/T0fwklXjfxFC+GlvCxLspJ3miu+8CTX7tg5m8Pvz2pxBI +VT2CxddCgEU8ePFZ5AYW0l7f40LUgcksdz1ltxfN5909Iws9tW3NbX5NVTxc+qK2 +E899QrsxlisZzRL9KY+Enr83D0LBDFQVObheWw0nk5C93zwO29ncKqrlUjzTpoaN +uQEcgqUNIwSWZCOV5eBDEYhkuazogFHRvcThzwIDAQABAoIBABgX6r8dBapXWMCj +Uasr/yIAuBWJaP/3aXrKtphVPZCnCeOr3M8MZXatNTfrQrklkuJLeQgEYOiAqj4y +5tD4vEtlinuWJgaYdY/zoGiBduXzrK5O720VnkHCi0XBVRIIi9F6axjObFQVe+ZR +oFkc8fdQuVSEx8AZgrbe8kEfmm/MfzRKmej67SSqdq3UFUU5t8zMB7fNyya3WrbZ +FvwItdXkuTBGQUgzX/9lZ9C/30aAo/Bq69akAHHuFZjc9xO3Ldp1e2fWacbOPIdq +cERWN88jvw6/0TFmVyFnKFBuliKMqYMpHE/BucJkoWF5GOKKOtSKgaIYB5bT+usm +zmkAorECgYEA8VVN88jsYSdcEV/eBWRt1D3ujVQcTxj6mbmE9DJJXdnhM3IJUY3s +eewiDDR0cIf5eq7uap71jbr4kiwNxVzi8M51Xz0RZLd1H3A3O6jB/tPNHMmwyyxm +UR3Vy2XdN6+mOltLV1wWYn+uj28g68IjmE5f0ocQoGX/dq++RSgLkCcCgYEA35kf +LNFSDMCig8jJzgSFQ5s69VGlIDyT+ruPcXkUXTYDaErbAm331VwYWW4WeNQ8V3GB +gL/NFUuYZj4c6/pqBc6IFuo2MMJbwD3t57jciEk9Ki2IDbka0tYq1DESNm4r+QWz +C68JXQTlwNoLtOXDhgYLUXS11p1wwnYx01UQghkCgYAGw7pco/wkOQM2pXZGtmrx +sQ63vWzRtsSHfJDCe4pc7BeI5qBmPdEsFbdamjnNUbJngvHB4VTGtT/0cPGt342o +7FCT69VJ+m55BB84N+HAL9WnAexHtaXkji6I9gD+Z5kEN7zj5PvnpOaStK26jgWL +Zl7/OrP3mwRPIlv1+kpgrwKBgQCosFm/sy/GpTI2YC43ultb1OnXGECOoIU3vXcL +scA2TkCl1wuBursmAXPxTEex4tSfV+fO3WT4su6H/EZPlb2VIeqz9wDpKkiUMWSh +1Gq0eySlBHLHf6YH+EGZkmfeHqIYHj+lCenzfnVjWF1Knak0HK0/R+DDyEXAv/D5 +MgzhSQKBgQCWoeDF+2h1yOPmB8x9zbMOE4Fv41zkypvKL5UmX1i1/Hyyfcyb+SSx +lZBgm6bCDIPNEQRYHh5LnLI6pUT9GLioiQLZ2xKqvia6EaQL2Gi9Oa1bPPz4CcRq +IcPQy+Ibtet9jiJc80D74+t06oD/LGEG75lXSZw4oyyQIoCnQRML5w== +-----END RSA PRIVATE KEY----- diff --git a/metadata-drivers/etcd/src/test/resources/ssl/cert/client.csr b/metadata-drivers/etcd/src/test/resources/ssl/cert/client.csr new file mode 100644 index 00000000000..8360d924b6f --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/cert/client.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICdDCCAVwCAQAwETEPMA0GA1UEAxMGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA0smoRocm5x8aExJcspVrru7zMYBXzoeVuYoCXA9f/fhd +C/yZVlTWlUvlyujRTC9MYArGrBTyQgKfayz5VOhtxcLkZDiC2EWVmFsNgN355aMR +QejAm3Xpw/LpjsRTXRyqzd/T0fwklXjfxFC+GlvCxLspJ3miu+8CTX7tg5m8Pvz2 +pxBIVT2CxddCgEU8ePFZ5AYW0l7f40LUgcksdz1ltxfN5909Iws9tW3NbX5NVTxc ++qK2E899QrsxlisZzRL9KY+Enr83D0LBDFQVObheWw0nk5C93zwO29ncKqrlUjzT +poaNuQEcgqUNIwSWZCOV5eBDEYhkuazogFHRvcThzwIDAQABoB4wHAYJKoZIhvcN +AQkOMQ8wDTALBgNVHREEBDACggAwDQYJKoZIhvcNAQELBQADggEBAEu3joXGJQph +0GgX4wWmd99eUe1FS1adn9Fe4PxWsUgX3bT8pWyy30QPjfwt/ctmAmmBl4PgjTqH +LmKAfKsW+XM0pdNf6PZTO7Uq3MhmcYly4DdbF0LwkTAlJofbYL6mXPQl7zghA2eW +wDOPjNozTuzby1rVM/TMgs7EmUBiEpQp49OiOLT49Diatej5M4CSRpi0HmSHw8my +B1FvpcWpFyVjYgbqnq1MQcImPgg8qSOp+iw26wt/OCQTVF6kSOhcnoDSPE9nM07k +Ad8ytevZq89giLb3J3w6D7Ien3X+yPsE6oGlVLHL8k+QA2vhN4bV4NrLRjHvsxfS +/8fkHiPiNw8= +-----END CERTIFICATE REQUEST----- diff --git a/metadata-drivers/etcd/src/test/resources/ssl/cert/client.pem b/metadata-drivers/etcd/src/test/resources/ssl/cert/client.pem new file mode 100644 index 00000000000..9f5b28bb06b --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/cert/client.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPDCCAiSgAwIBAgIUMrWQoN2hnD/A9cA3cDnJtg4YaVYwDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAxMCQ0EwIBcNMjMwNjAzMjAzODAwWhgPMjEyMzA1MTAyMDM4 +MDBaMBExDzANBgNVBAMTBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANLJqEaHJucfGhMSXLKVa67u8zGAV86HlbmKAlwPX/34XQv8mVZU1pVL +5cro0UwvTGAKxqwU8kICn2ss+VTobcXC5GQ4gthFlZhbDYDd+eWjEUHowJt16cPy +6Y7EU10cqs3f09H8JJV438RQvhpbwsS7KSd5orvvAk1+7YOZvD789qcQSFU9gsXX +QoBFPHjxWeQGFtJe3+NC1IHJLHc9ZbcXzefdPSMLPbVtzW1+TVU8XPqithPPfUK7 +MZYrGc0S/SmPhJ6/Nw9CwQxUFTm4XlsNJ5OQvd88DtvZ3Cqq5VI806aGjbkBHIKl +DSMElmQjleXgQxGIZLms6IBR0b3E4c8CAwEAAaOBjTCBijAOBgNVHQ8BAf8EBAMC +BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw +HQYDVR0OBBYEFIhMyCmd1uOQ8f4bT6jCYx3l3GeLMB8GA1UdIwQYMBaAFKDTvfTn +BokC5ib8wJGrhqMWOea7MAsGA1UdEQQEMAKCADANBgkqhkiG9w0BAQsFAAOCAQEA +dksBiTil6D+Pwd9nISVd4dBcaqTJg1lSz0sMHRm9vnmbg7aB2OmM26eRiG1bywnF +AxTL52nCi01bEco88HQAlVqYnJw/PY1ZRppGqUEjYZv5/IKOV8ZVKKXgEz+IyMTI +gYgelIC2rd/sE3uhUgtuXNrvIucFLx6pEUCDOxHA4n5Glvzsgat94RtkfRMJY2xi +x4TXVbjm5QZj+PjONT/nL4VDilce9AIfnUmxUoxeGEmbbIohXHoqSVL2xCztzo0r +UC08EalxR6p2jq0zoxtBS7t/vL3mqCbm9CkSuGEeg5+cq70zq9S/BUkgKeZ0UrT+ +ZVBjy9jEVpylA2KTMDCVBA== +-----END CERTIFICATE----- diff --git a/metadata-drivers/etcd/src/test/resources/ssl/cert/server-key.pem b/metadata-drivers/etcd/src/test/resources/ssl/cert/server-key.pem new file mode 100644 index 00000000000..494f168220f --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/cert/server-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAx52AnPMtB7MMxhwAI0N7jCDlcjVevTduquIYxp1JzurDwNDe ++Un+e/mzvpOig3/hHRrTXPqjsBYZBB0vCoCioOXK/Ju+ZKPwrWB62AO4wWwdtyqf +EqjVXH8b8utmyOfhOPldUFaqanlsFBpTdN0ka7dr1PRLqOUqE6I+ZhgceZMk3pf7 +FtB10dGnOnRHdTc98vPZK3xPXq8cEN2qZZ9Zi4gQdwrHGcvB8fC81eblBcZEwpl0 +QCMGqOiHwKFONdvF/gpvNlCRXT4tn1glyuf4kv9LJ48+C54k7omaeEDE1aodTtV+ +i6/qYOKsFSazsz3j4T6osNOhiCy/98/K//sXBwIDAQABAoIBACMacpSnOwMAnL12 +DRwmcOKaol7sPcXeqqqIajz7ShCGPnh5As0qEwOwTMi1471mTqs0nXjbZs+/gxSz +ISOirXbIEmNL7DZ8kgWbUt8MAICbR7p/V0wLvsGuZLbaaM/p3zSKvbs0EnH4+mWq +n4SMoywCLIddkrSX4Edln72Kfe9u/mnqg51j0ZevvMvbiQ/hpAF4EiW/j4NkH5ZZ +FWjnNELmQIF28obMIjpMGsv1rxp44h97k808Oh1paLKnrzgBeEp262OaNbBATyeW +b2lYCsjPHpWfpe4YnpDLyQcwzACtCa0IhSbD2Hn2aHMMUxzQQ/mBedwT/8FQsqzY +OWjXfdECgYEA4nKVm+iY7iPlHYcl4+juqeuEmuJOt7P8/H/idXhxmheP4ZduuQDq +iNdY9VQf0L+9gjtFDN+gySPKPVvf7gp9Ind/3eKq7Nz2N3/xMtTuZ2ZFBTBdJ2Mc +1TUv8lVvxwVaLzX63sMBpoybfqYECxyPPUelqpYTBEwkNP+Ipei6WD8CgYEA4ap4 +/1XbU3JGnxPyHpzzFaMTjuvp+LbxaE1UPXqGo5LsIoeSMWBeDqVkVTjGxE4H8m7b +rA/8zTLxPbVx9+7CKrDI8aEACpRzPqYnHDE6W7wLm2ahifgrYOKXWFOkvV1RGXoH +mbxaUXjU1xVsfVZvXzEOIjW4u4DWf4SvlTI+TzkCgYEAyugprr5I6no3frHu/b1m +vdNPywklx+37rrVY0jHOeWjLgDUU/akYfu2XxJxQtdhZkyxQvyxTAmiTe0+r47x6 +TDwP016cEgochbabBhVOWlCFYBTqI7TnzRQPlnF/6zGckdkophrOi9JKMr3Hub0p +jJt6ktROzfb8KpEefKuA7jkCgYBI6MELDfw8q7ExeEpDpcXL+dI53PLNDp5UapeK +/Wk+tBti1JZhKZd59+nAtwVRKzzaEQMcRlYRHiJfI55c0mEdVdy2ZKQUxv2tAhWk +wCrwtIKzhKcwYmPxe4QWX3/cRqgLKSgHfZlYtUde7mcM374/7SN53g1/VxL2RDJO +a9tB0QKBgQDSql6GS2m5cXM0TZruNHYNcuiEHA2Fld0u8csR54coQv+R5ZOgZ7Ab +vH3WAIN879dnz3CsmDozUEXHnftCfDRk6vr8/64oZpXJIM+2avq8RyYbn/PNWlsz +t5mLidi0RAGvU+jEYmpGOlZdZexZCdMM3qRBd67aj465J2d/KnsS+A== +-----END RSA PRIVATE KEY----- diff --git a/metadata-drivers/etcd/src/test/resources/ssl/cert/server.csr b/metadata-drivers/etcd/src/test/resources/ssl/cert/server.csr new file mode 100644 index 00000000000..5db24709185 --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/cert/server.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICfDCCAWQCAQAwETEPMA0GA1UEAxMGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAx52AnPMtB7MMxhwAI0N7jCDlcjVevTduquIYxp1JzurD +wNDe+Un+e/mzvpOig3/hHRrTXPqjsBYZBB0vCoCioOXK/Ju+ZKPwrWB62AO4wWwd +tyqfEqjVXH8b8utmyOfhOPldUFaqanlsFBpTdN0ka7dr1PRLqOUqE6I+ZhgceZMk +3pf7FtB10dGnOnRHdTc98vPZK3xPXq8cEN2qZZ9Zi4gQdwrHGcvB8fC81eblBcZE +wpl0QCMGqOiHwKFONdvF/gpvNlCRXT4tn1glyuf4kv9LJ48+C54k7omaeEDE1aod +TtV+i6/qYOKsFSazsz3j4T6osNOhiCy/98/K//sXBwIDAQABoCYwJAYJKoZIhvcN +AQkOMRcwFTATBgNVHREEDDAKgghldGNkLXNzbDANBgkqhkiG9w0BAQsFAAOCAQEA +Zo8tkRZ7BPKMfs4c8wTIbq8GEbFBKXtR8LDV1E93csuf8Xuu7+jqhtBSS43tJBwZ +3CH2m2UXdLgA6QjzjP7NrkurZMGwSSoUjcwxamfmw09sN1j/bKvxaRBH8hmVlVn7 +ufUtj0XAC4MLC+DQPEEhlA9FJV/XxjkOE/q8PDeG1mXmHdg796GadRyaNqoSVP99 +eHp0SPKQo2rBAP31c2AZyAV81mqAaRBV0akiBR48FBLm+Z0iZdeLLYFDNQqWatZr +1ynLT+q+IhEsDzmzBr+JQnME5rJfixDrAHnDH5o/8FK9VbAITPmJxZ0D9633U42A +ooxqvxq7NiwTjc9mJND31g== +-----END CERTIFICATE REQUEST----- diff --git a/metadata-drivers/etcd/src/test/resources/ssl/cert/server.pem b/metadata-drivers/etcd/src/test/resources/ssl/cert/server.pem new file mode 100644 index 00000000000..06663bebe8d --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/cert/server.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRDCCAiygAwIBAgIUDBrKVASrwhGapEqklMcdOv2rflgwDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAxMCQ0EwIBcNMjMwNjAzMjAzODAwWhgPMjEyMzA1MTAyMDM4 +MDBaMBExDzANBgNVBAMTBnNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMedgJzzLQezDMYcACNDe4wg5XI1Xr03bqriGMadSc7qw8DQ3vlJ/nv5 +s76TooN/4R0a01z6o7AWGQQdLwqAoqDlyvybvmSj8K1getgDuMFsHbcqnxKo1Vx/ +G/LrZsjn4Tj5XVBWqmp5bBQaU3TdJGu3a9T0S6jlKhOiPmYYHHmTJN6X+xbQddHR +pzp0R3U3PfLz2St8T16vHBDdqmWfWYuIEHcKxxnLwfHwvNXm5QXGRMKZdEAjBqjo +h8ChTjXbxf4KbzZQkV0+LZ9YJcrn+JL/SyePPgueJO6JmnhAxNWqHU7Vfouv6mDi +rBUms7M94+E+qLDToYgsv/fPyv/7FwcCAwEAAaOBlTCBkjAOBgNVHQ8BAf8EBAMC +BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw +HQYDVR0OBBYEFPxfRRpO+K9CfKSdKsNfs8wvs5WmMB8GA1UdIwQYMBaAFKDTvfTn +BokC5ib8wJGrhqMWOea7MBMGA1UdEQQMMAqCCGV0Y2Qtc3NsMA0GCSqGSIb3DQEB +CwUAA4IBAQCYWzLRKHRZuV1Bgcfn0lTDJrUU7uwICJZea3NroxD+EZ/GRvE0Bp7M +uiQ4QQmj4I/wr34GsP43YAwFjgcxDCvYwGCSPCBfOKrLAl3CMmfo/HHwPDaygrPn +8dU5DxfWDZ0l3Qi1mVEIkeknc8BjK///nrA/DzbqQijkXfXdfLJM3LhHRaZ+sDsn +yLLwN/WZqe7gEsGJ9tDA2NtwLjwB4wh+qm5ZvabyW3NoJhz5e84MvcnyAWg01Tz7 +YX3QeuyNkUQPWWgJ0pmdJFmpKIg14Epuvo5dE0rFuLdDltiu72h15mzUOykQolM+ +IS9QgSAAptbxJvdHGgORBnpuW1XCHxVL +-----END CERTIFICATE----- diff --git a/metadata-drivers/etcd/src/test/resources/ssl/generate-self-signed-certificates.sh b/metadata-drivers/etcd/src/test/resources/ssl/generate-self-signed-certificates.sh new file mode 100755 index 00000000000..753b2f09254 --- /dev/null +++ b/metadata-drivers/etcd/src/test/resources/ssl/generate-self-signed-certificates.sh @@ -0,0 +1,58 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# Copied from https://github.com/etcd-io/jetcd/blob/ff7d698b046367d243a8d9d5cfe528f9bb0e933f/jetcd-core/src/test/resources/ssl/generate-self-signed-certificates.sh + +ROOT="$(cd "$(dirname $0)" && pwd)" + +CFSSL_HOME=${ROOT}/cfssl +CERT_HOME=${ROOT}/cert + +mkdir -p $CFSSL_HOME +mkdir -p $CERT_HOME + +OS="$(uname -s)" +case $OS in + "Linux") + PLATFORM="linux_amd64" + ;; + "Darwin") + PLATFORM="darwin_amd64" + ;; +esac + +curl -L https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_${PLATFORM}> cfssl/cfssl +curl -L https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_${PLATFORM}> cfssl/cfssljson +chmod +x cfssl/{cfssl,cfssljson} + +cd $CERT_HOME + +echo '{"CN":"CA","key":{"algo":"rsa","size":2048}}' | $CFSSL_HOME/cfssl gencert -initca - | $CFSSL_HOME/cfssljson -bare ca - +echo '{"signing":{"default":{"expiry":"876000h","usages":["signing","key encipherment","server auth","client auth"]}}}' > ca-config.json + +export ADDRESS=etcd-ssl +export NAME=server +echo '{"CN":"'$NAME'","hosts":[""],"key":{"algo":"rsa","size":2048}}' | $CFSSL_HOME/cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem -hostname="$ADDRESS" - | $CFSSL_HOME/cfssljson -bare $NAME + +export ADDRESS= +export NAME=client +echo '{"CN":"'$NAME'","hosts":[""],"key":{"algo":"rsa","size":2048}}' | $CFSSL_HOME/cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem -hostname="$ADDRESS" - | $CFSSL_HOME/cfssljson -bare $NAME + +openssl pkcs8 -topk8 -inform PEM -outform PEM -in client-key.pem -out client-key-pk8.pem -nocrypt From ff1afe63c0b58f188d18cd8679c321e5b0ef9dc2 Mon Sep 17 00:00:00 2001 From: Aleksei Arsenev Date: Sun, 4 Jun 2023 21:40:09 +0300 Subject: [PATCH 2/4] Ignore certs in apache-rat and add license header to `TlsSmokeTest` --- .../metadata/etcd/integration/TlsSmokeTest.java | 14 ++++++++++++++ pom.xml | 6 +++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/integration/TlsSmokeTest.java b/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/integration/TlsSmokeTest.java index da1d06d41df..998a7c66f36 100644 --- a/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/integration/TlsSmokeTest.java +++ b/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/integration/TlsSmokeTest.java @@ -1,3 +1,17 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.bookkeeper.metadata.etcd.integration; import lombok.extern.slf4j.Slf4j; diff --git a/pom.xml b/pom.xml index 23361c2b387..25558b787dd 100644 --- a/pom.xml +++ b/pom.xml @@ -803,7 +803,7 @@ rxjava ${rxjava.version} - + com.carrotsearch hppc @@ -1085,6 +1085,10 @@ **/test_conf_2.conf + + + **/*.csr + **/**.pem true From d09e9794e5e6b32de2e08690995e6fb756e923e3 Mon Sep 17 00:00:00 2001 From: alesharik Date: Sun, 4 Jun 2023 21:45:33 +0300 Subject: [PATCH 3/4] Remove unwanted modification in pom.xml --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 25558b787dd..b67aeda31b4 100644 --- a/pom.xml +++ b/pom.xml @@ -803,7 +803,7 @@ rxjava ${rxjava.version} - + com.carrotsearch hppc From a239475e228092b17bd96372e77387d745222d12 Mon Sep 17 00:00:00 2001 From: Aleksei Arsenev Date: Sat, 10 Jun 2023 12:53:18 +0300 Subject: [PATCH 4/4] Fix checkstyle errors --- .../bookkeeper/metadata/etcd/testing/EtcdContainer.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdContainer.java b/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdContainer.java index 6f3f8ac3f79..266455e1f5b 100644 --- a/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdContainer.java +++ b/metadata-drivers/etcd/src/test/java/org/apache/bookkeeper/metadata/etcd/testing/EtcdContainer.java @@ -27,10 +27,10 @@ import io.grpc.netty.GrpcSslContexts; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslProvider; -import java.security.Security; import java.util.concurrent.CompletableFuture; import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; +import javax.net.ssl.SSLException; import lombok.Getter; import lombok.extern.slf4j.Slf4j; import org.testcontainers.DockerClientFactory; @@ -38,10 +38,8 @@ import org.testcontainers.containers.GenericContainer; import org.testcontainers.containers.output.WaitingConsumer; import org.testcontainers.containers.wait.strategy.WaitStrategy; -import org.testcontainers.shaded.org.bouncycastle.jce.provider.BouncyCastleProvider; import org.testcontainers.utility.LogUtils; import org.testcontainers.utility.MountableFile; -import javax.net.ssl.SSLException; /** * Etcd test container.