Replace gen_certs.sh with rust

shotover-proxy/benches/benches/cassandra.rs

@@ -1,6 +1,5 @@
 use cassandra_cpp::{PreparedStatement, Session, Statement};
 use criterion::{criterion_group, Criterion};
-use test_helpers::cert::generate_cassandra_test_certs;
 use test_helpers::connection::cassandra::{
  CassandraConnection, CassandraConnectionBuilder, CassandraDriver,
 };
@@ -260,7 +259,6 @@ impl BenchResources {
  .enable_all()
  .build()
  .unwrap();
- generate_cassandra_test_certs();
  let compose = DockerCompose::new(compose_file);
  let shotover = Some(
  tokio.block_on(ShotoverProcessBuilder::new_with_topology(shotover_topology).start()),

shotover-proxy/example-configs/redis-cluster-tls/docker-compose-with-key.yaml

@@ -13,9 +13,9 @@ services:
  - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2 redis-node-3 redis-node-4 redis-node-5'
  - 'REDIS_TLS_PORT=6379'
  - 'REDIS_TLS_ENABLED=true'
- - 'REDIS_TLS_CERT_FILE=/usr/local/etc/redis/certs/redis.crt'
- - 'REDIS_TLS_KEY_FILE=/usr/local/etc/redis/certs/redis.key'
- - 'REDIS_TLS_CA_FILE=/usr/local/etc/redis/certs/ca.crt'
+ - 'REDIS_TLS_CERT_FILE=/usr/local/etc/redis/certs/localhost.crt'
+ - 'REDIS_TLS_KEY_FILE=/usr/local/etc/redis/certs/localhost.key'
+ - 'REDIS_TLS_CA_FILE=/usr/local/etc/redis/certs/localhost_CA.crt'
  - 'REDIS_TLS_AUTH_CLIENTS=yes'
 
  redis-node-1:
@@ -76,6 +76,6 @@ services:
  - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2 redis-node-3 redis-node-4 redis-node-5'
  - 'REDIS_TLS_PORT=6379'
  - 'REDIS_TLS_ENABLED=true'
- - 'REDIS_TLS_CERT_FILE=/usr/local/etc/redis/certs/redis.crt'
- - 'REDIS_TLS_KEY_FILE=/usr/local/etc/redis/certs/redis.key'
- - 'REDIS_TLS_CA_FILE=/usr/local/etc/redis/certs/ca.crt'
+ - 'REDIS_TLS_CERT_FILE=/usr/local/etc/redis/certs/localhost.crt'
+ - 'REDIS_TLS_KEY_FILE=/usr/local/etc/redis/certs/localhost.key'
+ - 'REDIS_TLS_CA_FILE=/usr/local/etc/redis/certs/localhost_CA.crt'

shotover-proxy/example-configs/redis-cluster-tls/docker-compose.yaml

@@ -13,9 +13,9 @@ services:
  - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2 redis-node-3 redis-node-4 redis-node-5'
  - 'REDIS_TLS_PORT=6379'
  - 'REDIS_TLS_ENABLED=true'
- - 'REDIS_TLS_CERT_FILE=/usr/local/etc/redis/certs/redis.crt'
- - 'REDIS_TLS_KEY_FILE=/usr/local/etc/redis/certs/redis.key'
- - 'REDIS_TLS_CA_FILE=/usr/local/etc/redis/certs/ca.crt'
+ - 'REDIS_TLS_CERT_FILE=/usr/local/etc/redis/certs/localhost.crt'
+ - 'REDIS_TLS_KEY_FILE=/usr/local/etc/redis/certs/localhost.key'
+ - 'REDIS_TLS_CA_FILE=/usr/local/etc/redis/certs/localhost_CA.crt'
  - 'REDIS_TLS_AUTH_CLIENTS=no'
 
  redis-node-1:
@@ -76,6 +76,6 @@ services:
  - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2 redis-node-3 redis-node-4 redis-node-5'
  - 'REDIS_TLS_PORT=6379'
  - 'REDIS_TLS_ENABLED=true'
- - 'REDIS_TLS_CERT_FILE=/usr/local/etc/redis/certs/redis.crt'
- - 'REDIS_TLS_KEY_FILE=/usr/local/etc/redis/certs/redis.key'
- - 'REDIS_TLS_CA_FILE=/usr/local/etc/redis/certs/ca.crt'
+ - 'REDIS_TLS_CERT_FILE=/usr/local/etc/redis/certs/localhost.crt'
+ - 'REDIS_TLS_KEY_FILE=/usr/local/etc/redis/certs/localhost.key'
+ - 'REDIS_TLS_CA_FILE=/usr/local/etc/redis/certs/localhost_CA.crt'

shotover-proxy/example-configs/redis-cluster-tls/topology-with-key.yaml

@@ -9,9 +9,9 @@ chain_config:
  first_contact_points: ["127.0.0.1:2220", "127.0.0.1:2221", "127.0.0.1:2222", "127.0.0.1:2223", "127.0.0.1:2224", "127.0.0.1:2225"]
  connect_timeout_ms: 3000
  tls:
- certificate_authority_path: "example-configs/redis-tls/certs/ca.crt"
- certificate_path: "example-configs/redis-tls/certs/redis.crt"
- private_key_path: "example-configs/redis-tls/certs/redis.key"
+ certificate_authority_path: "example-configs/redis-tls/certs/localhost_CA.crt"
+ certificate_path: "example-configs/redis-tls/certs/localhost.crt"
+ private_key_path: "example-configs/redis-tls/certs/localhost.key"
  verify_hostname: false
 source_to_chain_mapping:
  redis_prod: redis_chain

shotover-proxy/example-configs/redis-tls/redis-cli.sh

@@ -1,3 +1,3 @@
 #!/bin/sh
 
-redis-cli --tls --cert certs/redis.crt --key certs/redis.key --cacert certs/ca.crt "$@"
+redis-cli --tls --cert certs/localhost.crt --key certs/redis.key --cacert certs/localhost_CA.crt "$@"

shotover-proxy/example-configs/redis-tls/redis.conf

@@ -1,6 +1,6 @@
-tls-cert-file /usr/local/etc/redis/certs/redis.crt
-tls-key-file /usr/local/etc/redis/certs/redis.key
-tls-ca-cert-file /usr/local/etc/redis/certs/ca.crt
+tls-cert-file /usr/local/etc/redis/certs/localhost.crt
+tls-key-file /usr/local/etc/redis/certs/localhost.key
+tls-ca-cert-file /usr/local/etc/redis/certs/localhost_CA.crt
 
 port 0
 tls-port 6379

shotover-proxy/example-configs/redis-tls/topology.yaml

@@ -7,18 +7,18 @@ sources:
  Redis:
  listen_addr: "127.0.0.1:6380"
  tls:
- certificate_authority_path: "example-configs/redis-tls/certs/ca.crt"
- certificate_path: "example-configs/redis-tls/certs/redis.crt"
- private_key_path: "example-configs/redis-tls/certs/redis.key"
+ certificate_authority_path: "example-configs/redis-tls/certs/localhost_CA.crt"
+ certificate_path: "example-configs/redis-tls/certs/localhost.crt"
+ private_key_path: "example-configs/redis-tls/certs/localhost.key"
 chain_config:
  redis_chain_tls:
  - RedisSinkSingle:
  remote_address: "localhost:1111"
  connect_timeout_ms: 3000
  tls:
- certificate_authority_path: "example-configs/redis-tls/certs/ca.crt"
- certificate_path: "example-configs/redis-tls/certs/redis.crt"
- private_key_path: "example-configs/redis-tls/certs/redis.key"
+ certificate_authority_path: "example-configs/redis-tls/certs/localhost_CA.crt"
+ certificate_path: "example-configs/redis-tls/certs/localhost.crt"
+ private_key_path: "example-configs/redis-tls/certs/localhost.key"
  verify_hostname: true
 source_to_chain_mapping:
  redis_prod: redis_chain_tls

test-helpers/src/cert.rs

@@ -1,6 +1,6 @@
+use crate::docker_compose::run_command;
 use rcgen::{BasicConstraints, Certificate, CertificateParams, DnType, IsCa};
 use std::path::Path;
-use std::process::Command;
 
 pub fn generate_redis_test_certs(path: &Path) {
  let mut params = CertificateParams::default();
@@ -27,17 +27,36 @@ pub fn generate_redis_test_certs(path: &Path) {
  let cert = Certificate::from_params(params).unwrap();
 
  std::fs::create_dir_all(path).unwrap();
- std::fs::write(path.join("ca.crt"), ca_cert.serialize_pem().unwrap()).unwrap();
  std::fs::write(
- path.join("redis.crt"),
+ path.join("localhost_CA.crt"),
+ ca_cert.serialize_pem().unwrap(),
+ )
+ .unwrap();
+ std::fs::write(
+ path.join("localhost.crt"),
  cert.serialize_pem_with_signer(&ca_cert).unwrap(),
  )
  .unwrap();
- std::fs::write(path.join("redis.key"), cert.serialize_private_key_pem()).unwrap();
+ std::fs::write(path.join("localhost.key"), cert.serialize_private_key_pem()).unwrap();
 }
 
 pub fn generate_cassandra_test_certs() {
- Command::new("example-configs/docker-images/cassandra-tls-4.0.6/certs/gen_certs.sh")
- .output()
- .unwrap();
+ let path = Path::new("example-configs/docker-images/cassandra-tls-4.0.6/certs");
+ generate_redis_test_certs(path);
+ run_command(
+ "openssl",
+ &[
+ "pkcs12",
+ "-export",
+ "-out",
+ path.join("keystore.p12").to_str().unwrap(),
+ "-inkey",
+ path.join("localhost.key").to_str().unwrap(),
+ "-in",
+ path.join("localhost.crt").to_str().unwrap(),
+ "-passout",
+ "pass:password",
+ ],
+ )
+ .unwrap();
 }

test-helpers/src/connection/redis_connection.rs

@@ -35,9 +35,9 @@ pub async fn new_async(port: u16) -> redis::aio::Connection {
 
 pub async fn new_async_tls(port: u16) -> redis::aio::Connection {
  let address = "127.0.0.1";
- let certificate_authority_path = "example-configs/redis-tls/certs/ca.crt";
- let certificate_path = "example-configs/redis-tls/certs/redis.crt";
- let private_key_path = "example-configs/redis-tls/certs/redis.key";
+ let certificate_authority_path = "example-configs/redis-tls/certs/localhost_CA.crt";
+ let certificate_path = "example-configs/redis-tls/certs/localhost.crt";
+ let private_key_path = "example-configs/redis-tls/certs/localhost.key";
 
  crate::wait_for_socket_to_open(address, port);