Skip to content

Commit

Permalink
Merge pull request #601 from basho/adt-use-make_certs
Browse files Browse the repository at this point in the history 
Switch all the selfsigned certificates to be generated on demand
  • Loading branch information
@Vagabond
Vagabond committed May 10, 2014
2 parents 97a3905 + 6c4afcb commit 29def51
Show file tree
Hide file tree
Showing 5 changed files with 117 additions and 90 deletions.
27 changes: 17 additions & 10 deletions tests/http_security.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,16 +18,23 @@ confirm() ->
io:format("turning on tracing"),
ibrowse:trace_on(),

CertDir = rt_config:get(rt_scratch_dir) ++ "/certs",

%% make a bunch of crypto keys
make_certs:rootCA(CertDir, "rootCA"),
make_certs:endusers(CertDir, "rootCA", ["site3.basho.com", "site4.basho.com"]),


lager:info("Deploy some nodes"),
PrivDir = rt:priv_dir(),
Conf = [
{riak_core, [
{default_bucket_props, [{allow_mult, true}]},
{ssl, [
{certfile, filename:join([PrivDir,
"certs/selfsigned/site3-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site3-key.pem"])}
{certfile, filename:join([CertDir,
"site3.basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site3.basho.com/key.pem"])}
]}
]},
{riak_search, [
Expand Down Expand Up @@ -128,8 +135,8 @@ confirm() ->
C7 = rhc:create("127.0.0.1", Port, "riak", [{is_ssl, true},
{credentials, Username, "password"},
{ssl_options, [
{cacertfile, filename:join([PrivDir,
"certs/selfsigned/ca/rootcert.pem"])},
{cacertfile, filename:join([CertDir,
"rootCA/cert.pem"])},
{verify, verify_peer},
{reuse_sessions, false}
]}
Expand Down Expand Up @@ -423,8 +430,8 @@ confirm() ->
ibrowse:send_req(URL ++ "/riak/hb/first/_,_,_", [], get,
[], [{response_format, binary}, {is_ssl, true},
{ssl_options, [
{cacertfile, filename:join([PrivDir,
"certs/selfsigned/ca/rootcert.pem"])},
{cacertfile, filename:join([CertDir,
"rootCA/cert.pem"])},
{verify, verify_peer},
{reuse_sessions, false}]}])),

Expand All @@ -435,8 +442,8 @@ confirm() ->
ibrowse:send_req(URL ++ "/solr/index/select?q=foo:bar&wt=json", [], get,
[], [{response_format, binary}, {is_ssl, true},
{ssl_options, [
{cacertfile, filename:join([PrivDir,
"certs/selfsigned/ca/rootcert.pem"])},
{cacertfile, filename:join([CertDir,
"rootCA/cert.pem"])},
{verify, verify_peer},
{reuse_sessions, false}]}])),
ok.
Expand Down
1 change: 0 additions & 1 deletion tests/repl_util.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,7 +254,6 @@ wait_for_connection(Node, Name) ->
case rpc:call(Node, riak_core_cluster_mgr,
get_connections, []) of
{ok, Connections} ->
lager:info("Connections: ~p", [Connections]),
Conn = [P || {{cluster_by_name, N}, P} <- Connections, N == Name],
case Conn of
[] ->
Expand Down
43 changes: 24 additions & 19 deletions tests/replication2_pg.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,45 +20,50 @@ setup_repl_clusters(Conf, SSL) ->
NumNodes = 6,
lager:info("Deploy ~p nodes", [NumNodes]),

CertDir = rt_config:get(rt_scratch_dir) ++ "/certs",

PrivDir = rt:priv_dir(),
%% make a bunch of crypto keys
make_certs:rootCA(CertDir, "rootCA"),
make_certs:intermediateCA(CertDir, "intCA", "rootCA"),
make_certs:endusers(CertDir, "rootCA", ["site3.basho.com", "site4.basho.com"]),
make_certs:endusers(CertDir, "intCA", ["site1.basho.com", "site2.basho.com"]),

SSLConfig1 = [
{riak_core,
[
{ssl_enabled, true},
{certfile, filename:join([PrivDir,
"certs/selfsigned/site1-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site1-key.pem"])},
{cacertdir, filename:join([PrivDir,
"certs/selfsigned/ca"])}
{certfile, filename:join([CertDir,
"site1.basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site1.basho.com/key.pem"])},
{cacertdir, filename:join([CertDir,
"site1.basho.com/cacerts.pem"])}
]}
],

SSLConfig2 = [
{riak_core,
[
{ssl_enabled, true},
{certfile, filename:join([PrivDir,
"certs/selfsigned/site2-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site2-key.pem"])},
{cacertdir, filename:join([PrivDir,
"certs/selfsigned/ca"])}
{certfile, filename:join([CertDir,
"site2.basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site2.basho.com/key.pem"])},
{cacertdir, filename:join([CertDir,
"site2.basho.com/cacerts.pem"])}
]}
],

SSLConfig3 = [
{riak_core,
[
{ssl_enabled, true},
{certfile, filename:join([PrivDir,
"certs/selfsigned/site3-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site3-key.pem"])},
{cacertdir, filename:join([PrivDir,
"certs/selfsigned/ca"])}
{certfile, filename:join([CertDir,
"site3.basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site3.basho.com/key.pem"])},
{cacertdir, filename:join([CertDir,
"site3.basho.com/cacerts.pem"])}
]}
],

Expand Down
68 changes: 38 additions & 30 deletions tests/replication2_ssl.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,14 @@ confirm() ->
NumNodes = rt_config:get(num_nodes, 6),
ClusterASize = rt_config:get(cluster_a_size, 3),

CertDir = rt_config:get(rt_scratch_dir) ++ "/certs",

%% make a bunch of crypto keys
make_certs:rootCA(CertDir, "rootCA"),
make_certs:intermediateCA(CertDir, "intCA", "rootCA"),
make_certs:endusers(CertDir, "rootCA", ["site3.basho.com", "site4.basho.com"]),
make_certs:endusers(CertDir, "intCA", ["site1.basho.com", "site2.basho.com"]),

lager:info("Deploy ~p nodes", [NumNodes]),
BaseConf = [
{riak_core,
Expand All @@ -36,12 +44,12 @@ confirm() ->
{riak_core,
[
{ssl_enabled, true},
{certfile, filename:join([PrivDir,
"certs/selfsigned/site1-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site1-key.pem"])},
{cacertdir, filename:join([PrivDir,
"certs/selfsigned/ca"])}
{certfile, filename:join([CertDir,
"site1.basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site1.basho.com/key.pem"])},
{cacertdir, filename:join([CertDir,
"site1.basho.com/cacerts.pem"])}
]}
],

Expand All @@ -54,12 +62,12 @@ confirm() ->
{riak_core,
[
{ssl_enabled, true},
{certfile, filename:join([PrivDir,
"certs/selfsigned/site2-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site2-key.pem"])},
{cacertdir, filename:join([PrivDir,
"certs/selfsigned/ca"])}
{certfile, filename:join([CertDir,
"site2.basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site2.basho.com/key.pem"])},
{cacertdir, filename:join([CertDir,
"site2.basho.com/cacerts.pem"])}
]}
],

Expand All @@ -72,12 +80,12 @@ confirm() ->
{riak_core,
[
{ssl_enabled, true},
{certfile, filename:join([PrivDir,
"certs/selfsigned/site3-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site3-key.pem"])},
{cacertdir, filename:join([PrivDir,
"certs/selfsigned/ca"])}
{certfile, filename:join([CertDir,
"site3.basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site3.basho.com/key.pem"])},
{cacertdir, filename:join([CertDir,
"site3.basho.com/cacerts.pem"])}
]}
],

Expand All @@ -93,12 +101,12 @@ confirm() ->

{ssl_enabled, true},
{ssl_depth, 0},
{certfile, filename:join([PrivDir,
"certs/selfsigned/site3-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site3-key.pem"])},
{cacertdir, filename:join([PrivDir,
"certs/selfsigned/ca"])}
{certfile, filename:join([CertDir,
"site3.basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site3.basho.com/key.pem"])},
{cacertdir, filename:join([CertDir,
"site3.basho.com/cacerts.pem"])}
]}
],

Expand All @@ -112,12 +120,12 @@ confirm() ->
[
{ssl_enabled, true},
{ssl_depth, 0},
{certfile, filename:join([PrivDir,
"certs/selfsigned/site4-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site4-key.pem"])},
{cacertdir, filename:join([PrivDir,
"certs/selfsigned/ca"])}
{certfile, filename:join([CertDir,
"site4.basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site4.basho.com/key.pem"])},
{cacertdir, filename:join([CertDir,
"site4.basho.com/cacerts.pem"])}
]}
],

Expand Down
68 changes: 38 additions & 30 deletions tests/replication_ssl.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,14 @@ confirm() ->
NumNodes = rt_config:get(num_nodes, 6),
ClusterASize = rt_config:get(cluster_a_size, 3),

CertDir = rt_config:get(rt_scratch_dir) ++ "/certs",

%% make a bunch of crypto keys
make_certs:rootCA(CertDir, "rootCA"),
make_certs:intermediateCA(CertDir, "intCA", "rootCA"),
make_certs:endusers(CertDir, "rootCA", ["site3.basho.com", "site4.basho.com"]),
make_certs:endusers(CertDir, "intCA", ["site1.basho.com", "site2.basho.com"]),

lager:info("Deploy ~p nodes", [NumNodes]),
BaseConf = [
{riak_repl,
Expand All @@ -31,12 +39,12 @@ confirm() ->
{fullsync_on_connect, false},
{fullsync_interval, disabled},
{ssl_enabled, true},
{certfile, filename:join([PrivDir,
"certs/selfsigned/site1-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site1-key.pem"])},
{cacertdir, filename:join([PrivDir,
"certs/selfsigned/ca"])}
{certfile, filename:join([CertDir,
"site1/basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site1.basho.com/key.pem"])},
{cacertdir, filename:join([CertDir,
"site1.basho.com/cacerts.pem"])}
]}
],

Expand All @@ -46,12 +54,12 @@ confirm() ->
{fullsync_on_connect, false},
{fullsync_interval, disabled},
{ssl_enabled, true},
{certfile, filename:join([PrivDir,
"certs/selfsigned/site2-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site2-key.pem"])},
{cacertdir, filename:join([PrivDir,
"certs/selfsigned/ca"])}
{certfile, filename:join([CertDir,
"site2.basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site2.basho.com/key.pem"])},
{cacertdir, filename:join([CertDir,
"site2.basho.com/cacerts.pem"])}
]}
],

Expand All @@ -61,12 +69,12 @@ confirm() ->
{fullsync_on_connect, false},
{fullsync_interval, disabled},
{ssl_enabled, true},
{certfile, filename:join([PrivDir,
"certs/selfsigned/site3-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site3-key.pem"])},
{cacertdir, filename:join([PrivDir,
"certs/selfsigned/ca"])}
{certfile, filename:join([CertDir,
"site3.basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site3.basho.com/key.pem"])},
{cacertdir, filename:join([CertDir,
"site3.basho.com/cacerts.pem"])}
]}
],

Expand All @@ -78,12 +86,12 @@ confirm() ->
{fullsync_interval, disabled},
{ssl_enabled, true},
{ssl_depth, 0},
{certfile, filename:join([PrivDir,
"certs/selfsigned/site3-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site3-key.pem"])},
{cacertdir, filename:join([PrivDir,
"certs/selfsigned/ca"])}
{certfile, filename:join([CertDir,
"site3.basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site3.basho.com/key.pem"])},
{cacertdir, filename:join([CertDir,
"site3.basho.com/cacerts.pem"])}
]}
],

Expand All @@ -94,12 +102,12 @@ confirm() ->
{fullsync_interval, disabled},
{ssl_enabled, true},
{ssl_depth, 0},
{certfile, filename:join([PrivDir,
"certs/selfsigned/site4-cert.pem"])},
{keyfile, filename:join([PrivDir,
"certs/selfsigned/site4-key.pem"])},
{cacertdir, filename:join([PrivDir,
"certs/selfsigned/ca"])}
{certfile, filename:join([CertDir,
"site4.basho.com/cert.pem"])},
{keyfile, filename:join([CertDir,
"site4.basho.com/key.pem"])},
{cacertdir, filename:join([CertDir,
"site4.basho.com/cacerts.pem"])}
]}
],

Expand Down

0 comments on commit 29def51

Please sign in to comment.