From 428b78940ac874bdeb132181caaba438f9eecc85 Mon Sep 17 00:00:00 2001 From: Sean Lawlor Date: Tue, 21 Feb 2023 10:02:31 -0500 Subject: [PATCH] [cluster] Support encrypted connections Encryption support is provided by 1. `tokio_rustls` 2. `rustls` which allow for both the NodeServer received connections and outgoing client cluster connections to utilize TLS configuration. Integration tests added, but code-coverage will likely be low as integration tests don't count in `codecov` ```bash $ docker compose --env-file ./ractor_cluster_integration_tests/envs/encryption.env up --build --exit-code-from node-b ... node-a | [2023-02-21T16:58:39.401Z WARN ractor_cluster_integration_tests::tests::encryption] CA Cert SUB=10U ponytown RSA CA node-a | [2023-02-21T16:58:39.402Z INFO ractor_cluster_integration_tests::tests::encryption] Starting NodeServer on port 8199 node-a | [2023-02-21T16:58:39.402Z INFO ractor_cluster_integration_tests::tests::encryption] Waiting for NodeSession status updates node-b | [2023-02-21T16:58:39.621Z WARN ractor_cluster_integration_tests::tests::encryption] CA Cert SUB=10U ponytown RSA CA node-b | [2023-02-21T16:58:39.621Z INFO ractor_cluster_integration_tests::tests::encryption] Starting NodeServer on port 8198 node-b | [2023-02-21T16:58:39.621Z INFO ractor_cluster_integration_tests::tests::encryption] Connecting to remote NodeServer at node-a:8199 node-b | [2023-02-21T16:58:39.623Z DEBUG rustls::client::hs] No cached session for DnsName(DnsName(DnsName("testserver.com"))) node-a | [2023-02-21T16:58:39.623Z DEBUG rustls::server::hs] decided upon suite TLS13_AES_256_GCM_SHA384 node-b | [2023-02-21T16:58:39.623Z DEBUG rustls::client::hs] Not resuming any session [cluster] Support encrypted connections node-b | [2023-02-21T16:58:39.624Z DEBUG rustls::client::hs] Using ciphersuite TLS13_AES_256_GCM_SHA384 node-b | [2023-02-21T16:58:39.624Z DEBUG rustls::client::tls13] Not resuming node-b | [2023-02-21T16:58:39.624Z DEBUG rustls::client::tls13] TLS1.3 encrypted extensions: [ServerNameAck] node-b | [2023-02-21T16:58:39.624Z DEBUG rustls::client::hs] ALPN protocol is None node-b | [2023-02-21T16:58:39.624Z INFO ractor_cluster::node::client] TCP Session opened for 172.18.0.2:8199 node-b | [2023-02-21T16:58:39.624Z INFO ractor_cluster_integration_tests::tests::encryption] Client connected NodeServer b to NodeServer a node-b | [2023-02-21T16:58:39.624Z INFO ractor_cluster_integration_tests::tests::encryption] Waiting for NodeSession status updates node-a | [2023-02-21T16:58:39.624Z INFO ractor_cluster::net::listener] TCP Session opened for 172.18.0.3:34662 ... node-a exited with code 0 ``` --- .github/workflows/integration.yaml | 5 + .gitignore | 1 + ractor/src/actor/mod.rs | 11 +- ractor_cluster/Cargo.toml | 2 + ractor_cluster/src/lib.rs | 2 + ractor_cluster/src/net/listener.rs | 41 +++- ractor_cluster/src/net/mod.rs | 65 ++++++ ractor_cluster/src/net/session.rs | 125 ++++++++--- ractor_cluster/src/node/client.rs | 55 ++++- ractor_cluster/src/node/mod.rs | 31 ++- ractor_cluster/src/node/node_session/mod.rs | 6 +- ractor_cluster_integration_tests/Cargo.toml | 3 + ractor_cluster_integration_tests/Dockerfile | 2 + .../envs/encryption.env | 2 + ractor_cluster_integration_tests/src/repl.rs | 1 + .../src/tests/auth_handshake.rs | 4 +- .../src/tests/encryption.rs | 200 ++++++++++++++++++ .../src/tests/mod.rs | 3 + .../src/tests/pg_groups.rs | 12 +- .../test-ca/LICENSE-MIT | 25 +++ .../test-ca/README.md | 6 + .../test-ca/build-a-pki.sh | 176 +++++++++++++++ .../test-ca/ecdsa/ca.cert | 12 ++ .../test-ca/ecdsa/ca.der | Bin 0 -> 462 bytes .../test-ca/ecdsa/ca.key | 6 + .../test-ca/ecdsa/client.cert | 13 ++ .../test-ca/ecdsa/client.chain | 24 +++ .../test-ca/ecdsa/client.fullchain | 37 ++++ .../test-ca/ecdsa/client.key | 6 + .../test-ca/ecdsa/client.req | 8 + .../test-ca/ecdsa/end.cert | 13 ++ .../test-ca/ecdsa/end.chain | 24 +++ .../test-ca/ecdsa/end.fullchain | 37 ++++ .../test-ca/ecdsa/end.key | 5 + .../test-ca/ecdsa/end.req | 7 + .../test-ca/ecdsa/inter.cert | 12 ++ .../test-ca/ecdsa/inter.key | 5 + .../test-ca/ecdsa/inter.req | 7 + .../test-ca/ecdsa/nistp256.pem | 3 + .../test-ca/ecdsa/nistp384.pem | 3 + .../test-ca/eddsa/ca.cert | 9 + .../test-ca/eddsa/ca.der | Bin 0 -> 336 bytes .../test-ca/eddsa/ca.key | 3 + .../test-ca/eddsa/client.cert | 11 + .../test-ca/eddsa/client.chain | 19 ++ .../test-ca/eddsa/client.fullchain | 30 +++ .../test-ca/eddsa/client.key | 3 + .../test-ca/eddsa/client.req | 6 + .../test-ca/eddsa/end.cert | 12 ++ .../test-ca/eddsa/end.chain | 19 ++ .../test-ca/eddsa/end.fullchain | 31 +++ .../test-ca/eddsa/end.key | 3 + .../test-ca/eddsa/end.req | 6 + .../test-ca/eddsa/inter.cert | 10 + .../test-ca/eddsa/inter.key | 3 + .../test-ca/eddsa/inter.req | 6 + .../test-ca/openssl.cnf | 25 +++ .../test-ca/rsa/ca.cert | 30 +++ .../test-ca/rsa/ca.der | Bin 0 -> 1305 bytes .../test-ca/rsa/ca.key | 52 +++++ .../test-ca/rsa/client.cert | 23 ++ .../test-ca/rsa/client.chain | 57 +++++ .../test-ca/rsa/client.fullchain | 80 +++++++ .../test-ca/rsa/client.key | 28 +++ .../test-ca/rsa/client.req | 15 ++ .../test-ca/rsa/client.rsa | 27 +++ .../test-ca/rsa/end.cert | 24 +++ .../test-ca/rsa/end.chain | 57 +++++ .../test-ca/rsa/end.fullchain | 81 +++++++ .../test-ca/rsa/end.key | 28 +++ .../test-ca/rsa/end.req | 15 ++ .../test-ca/rsa/end.rsa | 27 +++ .../test-ca/rsa/inter.cert | 27 +++ .../test-ca/rsa/inter.key | 40 ++++ .../test-ca/rsa/inter.req | 21 ++ ractor_playground/src/distributed.rs | 26 ++- 76 files changed, 1797 insertions(+), 57 deletions(-) create mode 100644 ractor_cluster_integration_tests/envs/encryption.env create mode 100644 ractor_cluster_integration_tests/src/tests/encryption.rs create mode 100644 ractor_cluster_integration_tests/test-ca/LICENSE-MIT create mode 100644 ractor_cluster_integration_tests/test-ca/README.md create mode 100755 ractor_cluster_integration_tests/test-ca/build-a-pki.sh create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/ca.cert create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/ca.der create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/ca.key create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/client.cert create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/client.chain create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/client.fullchain create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/client.key create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/client.req create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/end.cert create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/end.chain create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/end.fullchain create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/end.key create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/end.req create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/inter.cert create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/inter.key create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/inter.req create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/nistp256.pem create mode 100644 ractor_cluster_integration_tests/test-ca/ecdsa/nistp384.pem create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/ca.cert create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/ca.der create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/ca.key create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/client.cert create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/client.chain create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/client.fullchain create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/client.key create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/client.req create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/end.cert create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/end.chain create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/end.fullchain create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/end.key create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/end.req create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/inter.cert create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/inter.key create mode 100644 ractor_cluster_integration_tests/test-ca/eddsa/inter.req create mode 100644 ractor_cluster_integration_tests/test-ca/openssl.cnf create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/ca.cert create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/ca.der create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/ca.key create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/client.cert create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/client.chain create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/client.fullchain create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/client.key create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/client.req create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/client.rsa create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/end.cert create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/end.chain create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/end.fullchain create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/end.key create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/end.req create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/end.rsa create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/inter.cert create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/inter.key create mode 100644 ractor_cluster_integration_tests/test-ca/rsa/inter.req diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index 8dfe5cc0..a58660f4 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -37,4 +37,9 @@ jobs: working-directory: . run: | docker compose --env-file ./ractor_cluster_integration_tests/envs/pg-groups.env up --exit-code-from node-b + + - name: Encrypted communications + working-directory: . + run: | + docker compose --env-file ./ractor_cluster_integration_tests/envs/encryption.env up --exit-code-from node-b \ No newline at end of file diff --git a/.gitignore b/.gitignore index a090c5b1..64882692 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ Cargo.lock debug/ coverage/ **/*.profraw +**/.DS_Store \ No newline at end of file diff --git a/ractor/src/actor/mod.rs b/ractor/src/actor/mod.rs index ec033984..670a47af 100644 --- a/ractor/src/actor/mod.rs +++ b/ractor/src/actor/mod.rs @@ -162,8 +162,8 @@ pub trait Actor: Sized + Sync + Send + 'static { } /// Handle the incoming supervision event. Unhandled panicks will captured and - /// sent the the supervisor(s). The default supervision behavior is to ignore all - /// child events. To override this behavior, implement this method. + /// sent the the supervisor(s). The default supervision behavior is to exit the + /// supervisor on any child exit. To override this behavior, implement this function. /// /// * `myself` - A handle to the [ActorCell] representing this actor /// * `message` - The message to process @@ -175,6 +175,13 @@ pub trait Actor: Sized + Sync + Send + 'static { message: SupervisionEvent, state: &mut Self::State, ) -> Result<(), ActorProcessingErr> { + match message { + SupervisionEvent::ActorTerminated(who, _, _) + | SupervisionEvent::ActorPanicked(who, _) => { + myself.stop(None); + } + _ => {} + } Ok(()) } diff --git a/ractor_cluster/Cargo.toml b/ractor_cluster/Cargo.toml index ac82fc5c..225c94b8 100644 --- a/ractor_cluster/Cargo.toml +++ b/ractor_cluster/Cargo.toml @@ -27,8 +27,10 @@ prost-types = { version = "0.11" } ractor = { version = "0.7.2", features = ["cluster"], path = "../ractor" } ractor_cluster_derive = { version = "0.7.2", path = "../ractor_cluster_derive" } rand = "0.8" +rustls = { version = "0.20" } sha2 = "0.10" tokio = { version = "1", features = ["rt", "time", "sync", "macros", "net", "io-util"]} +tokio-rustls = { version = "0.23" } ## Optional dependencies # tokio-rustls = { version = "0.23", optional = true } diff --git a/ractor_cluster/src/lib.rs b/ractor_cluster/src/lib.rs index c1200b7a..a86b5726 100644 --- a/ractor_cluster/src/lib.rs +++ b/ractor_cluster/src/lib.rs @@ -62,7 +62,9 @@ pub mod node; pub type NodeId = u64; // ============== Re-exports ============== // +pub use net::{IncomingEncryptionMode, NetworkStream}; pub use node::client::connect as client_connect; +pub use node::client::connect_enc as client_connect_enc; pub use node::{ client::ClientConnectErr, NodeServer, NodeServerMessage, NodeSession, NodeSessionMessage, }; diff --git a/ractor_cluster/src/net/listener.rs b/ractor_cluster/src/net/listener.rs index 1359c348..06b9eb2b 100644 --- a/ractor_cluster/src/net/listener.rs +++ b/ractor_cluster/src/net/listener.rs @@ -9,6 +9,7 @@ use ractor::{cast, ActorProcessingErr}; use ractor::{Actor, ActorRef}; use tokio::net::TcpListener; +use super::IncomingEncryptionMode; use crate::node::NodeServerMessage; /// A Tcp Socket [Listener] responsible for accepting new connections and spawning [super::session::Session]s @@ -19,6 +20,7 @@ use crate::node::NodeServerMessage; pub struct Listener { port: super::NetworkPort, session_manager: ActorRef, + encryption: IncomingEncryptionMode, } impl Listener { @@ -26,10 +28,12 @@ impl Listener { pub fn new( port: super::NetworkPort, session_manager: ActorRef, + encryption: IncomingEncryptionMode, ) -> Self { Self { port, session_manager, + encryption, } } } @@ -90,14 +94,39 @@ impl Actor for Listener { if let Some(listener) = &mut state.listener { match listener.accept().await { Ok((stream, addr)) => { - let _ = cast!( - self.session_manager, - NodeServerMessage::ConnectionOpened { + let local = stream.local_addr()?; + + let session = match &self.encryption { + IncomingEncryptionMode::Raw => Some(super::NetworkStream::Raw { + peer_addr: addr, + local_addr: local, stream, - is_server: true + }), + IncomingEncryptionMode::Tls(acceptor) => { + match acceptor.accept(stream).await { + Ok(enc_stream) => Some(super::NetworkStream::TlsServer { + peer_addr: addr, + local_addr: local, + stream: enc_stream, + }), + Err(some_err) => { + log::warn!("Error establishing secure socket: {}", some_err); + None + } + } } - ); - log::info!("TCP Session opened for {}", addr); + }; + + if let Some(stream) = session { + let _ = cast!( + self.session_manager, + NodeServerMessage::ConnectionOpened { + stream, + is_server: true + } + ); + log::info!("TCP Session opened for {}", addr); + } } Err(socket_accept_error) => { log::warn!( diff --git a/ractor_cluster/src/net/mod.rs b/ractor_cluster/src/net/mod.rs index 3a51d180..6316017e 100644 --- a/ractor_cluster/src/net/mod.rs +++ b/ractor_cluster/src/net/mod.rs @@ -5,8 +5,73 @@ //! TCP server and session actors which transmit [prost::Message] encoded messages +use std::net::SocketAddr; + +use tokio::net::TcpStream; + pub mod listener; pub mod session; /// A network port pub type NetworkPort = u16; + +/// A network data stream which can either be +/// 1. unencrypted +/// 2. encrypted and the server-side of the session +/// 3. encrypted and the client-side of the session +pub enum NetworkStream { + /// Unencrypted session + Raw { + /// The peer's address + peer_addr: SocketAddr, + /// The local address + local_addr: SocketAddr, + /// The stream + stream: TcpStream, + }, + /// Encrypted as the server-side of the session + TlsServer { + /// The peer's address + peer_addr: SocketAddr, + /// The local address + local_addr: SocketAddr, + /// The stream + stream: tokio_rustls::server::TlsStream, + }, + /// Encrypted as the client-side of the session + TlsClient { + /// The peer's address + peer_addr: SocketAddr, + /// The local address + local_addr: SocketAddr, + /// The stream + stream: tokio_rustls::client::TlsStream, + }, +} + +impl NetworkStream { + pub(crate) fn peer_addr(&self) -> SocketAddr { + match self { + Self::Raw { peer_addr, .. } => *peer_addr, + Self::TlsServer { peer_addr, .. } => *peer_addr, + Self::TlsClient { peer_addr, .. } => *peer_addr, + } + } + + pub(crate) fn local_addr(&self) -> SocketAddr { + match self { + Self::Raw { local_addr, .. } => *local_addr, + Self::TlsServer { local_addr, .. } => *local_addr, + Self::TlsClient { local_addr, .. } => *local_addr, + } + } +} + +/// Incoming encryption mode +#[derive(Clone)] +pub enum IncomingEncryptionMode { + /// Accept sockets raw, with no encryption + Raw, + /// Accept sockets and establish a secure connection + Tls(tokio_rustls::TlsAcceptor), +} diff --git a/ractor_cluster/src/net/session.rs b/ractor_cluster/src/net/session.rs index 0884cc37..67fd6d13 100644 --- a/ractor_cluster/src/net/session.rs +++ b/ractor_cluster/src/net/session.rs @@ -7,16 +7,14 @@ // TODO: RUSTLS + Tokio : https://github.com/tokio-rs/tls/blob/master/tokio-rustls/examples/server/src/main.rs -use std::convert::TryInto; use std::net::SocketAddr; use bytes::Bytes; use prost::Message; use ractor::{Actor, ActorCell, ActorProcessingErr, ActorRef}; use ractor::{SpawnErr, SupervisionEvent}; -use tokio::io::AsyncReadExt; -use tokio::io::AsyncWriteExt; use tokio::io::ErrorKind; +use tokio::io::{AsyncReadExt, ReadHalf, WriteHalf}; use tokio::net::tcp::{OwnedReadHalf, OwnedWriteHalf}; use tokio::net::TcpStream; @@ -24,12 +22,19 @@ use crate::RactorMessage; /// Helper method to read exactly `len` bytes from the stream into a pre-allocated buffer /// of bytes -async fn read_n_bytes(stream: &mut OwnedReadHalf, len: usize) -> Result, tokio::io::Error> { +async fn read_n_bytes(stream: &mut ActorReadHalf, len: usize) -> Result, tokio::io::Error> { let mut buf = vec![0u8; len]; let mut c_len = 0; - stream.readable().await?; + if let ActorReadHalf::Regular(r) = stream { + r.readable().await?; + } + while c_len < len { - let n = stream.read(&mut buf[c_len..]).await?; + let n = match stream { + ActorReadHalf::ServerTls(t) => t.read(&mut buf[c_len..]).await?, + ActorReadHalf::ClientTls(t) => t.read(&mut buf[c_len..]).await?, + ActorReadHalf::Regular(t) => t.read(&mut buf[c_len..]).await?, + }; if n == 0 { // EOF return Err(tokio::io::Error::new( @@ -57,7 +62,7 @@ pub struct Session { impl Session { pub(crate) async fn spawn_linked( handler: ActorRef, - stream: TcpStream, + stream: super::NetworkStream, peer_addr: SocketAddr, local_addr: SocketAddr, supervisor: ActorCell, @@ -105,15 +110,36 @@ pub struct SessionState { #[async_trait::async_trait] impl Actor for Session { type Msg = SessionMessage; - type Arguments = TcpStream; + type Arguments = super::NetworkStream; type State = SessionState; async fn pre_start( &self, myself: ActorRef, - stream: TcpStream, + stream: super::NetworkStream, ) -> Result { - let (read, write) = stream.into_split(); + let (read, write) = match stream { + super::NetworkStream::Raw { stream, .. } => { + let (read, write) = stream.into_split(); + (ActorReadHalf::Regular(read), ActorWriteHalf::Regular(write)) + } + super::NetworkStream::TlsClient { stream, .. } => { + let (read_half, write_half) = tokio::io::split(stream); + ( + ActorReadHalf::ClientTls(read_half), + ActorWriteHalf::ClientTls(write_half), + ) + } + super::NetworkStream::TlsServer { stream, .. } => { + let (read_half, write_half) = tokio::io::split(stream); + ( + ActorReadHalf::ServerTls(read_half), + ActorWriteHalf::ServerTls(write_half), + ) + } + }; + + // let (read, write) = stream.into_split(); // spawn writer + reader child actors let (writer, _) = Actor::spawn_linked(None, SessionWriter, write, myself.get_cell()).await?; @@ -209,10 +235,61 @@ impl Actor for Session { // ========================= Node Session writer ========================= // +enum ActorWriteHalf { + ServerTls(WriteHalf>), + ClientTls(WriteHalf>), + Regular(OwnedWriteHalf), +} + +impl ActorWriteHalf { + async fn write_u64(&mut self, n: u64) -> tokio::io::Result<()> { + use tokio::io::AsyncWriteExt; + match self { + Self::ServerTls(t) => t.write_u64(n).await, + Self::ClientTls(t) => t.write_u64(n).await, + Self::Regular(t) => t.write_u64(n).await, + } + } + + async fn write_all(&mut self, data: &[u8]) -> tokio::io::Result<()> { + use tokio::io::AsyncWriteExt; + match self { + Self::ServerTls(t) => t.write_all(data).await, + Self::ClientTls(t) => t.write_all(data).await, + Self::Regular(t) => t.write_all(data).await, + } + } + + async fn flush(&mut self) -> tokio::io::Result<()> { + use tokio::io::AsyncWriteExt; + match self { + Self::ServerTls(t) => t.flush().await, + Self::ClientTls(t) => t.flush().await, + Self::Regular(t) => t.flush().await, + } + } +} + +enum ActorReadHalf { + ServerTls(ReadHalf>), + ClientTls(ReadHalf>), + Regular(OwnedReadHalf), +} + +impl ActorReadHalf { + async fn read_u64(&mut self) -> tokio::io::Result { + match self { + Self::ServerTls(t) => t.read_u64().await, + Self::ClientTls(t) => t.read_u64().await, + Self::Regular(t) => t.read_u64().await, + } + } +} + struct SessionWriter; struct SessionWriterState { - writer: Option, + writer: Option, } #[derive(crate::RactorMessage)] @@ -224,13 +301,13 @@ enum SessionWriterMessage { #[async_trait::async_trait] impl Actor for SessionWriter { type Msg = SessionWriterMessage; - type Arguments = OwnedWriteHalf; + type Arguments = ActorWriteHalf; type State = SessionWriterState; async fn pre_start( &self, _myself: ActorRef, - writer: OwnedWriteHalf, + writer: ActorWriteHalf, ) -> Result { // OK we've established connection, now we can process requests @@ -258,16 +335,15 @@ impl Actor for SessionWriter { match message { SessionWriterMessage::WriteObject(msg) if state.writer.is_some() => { if let Some(stream) = &mut state.writer { - stream.writable().await.unwrap(); + if let ActorWriteHalf::Regular(w) = stream { + w.writable().await?; + } let encoded_data = msg.encode_length_delimited_to_vec(); - let length = encoded_data.len(); - let length_bytes: [u8; 8] = (length as u64).to_be_bytes(); - log::trace!("Writing 8 length bytes"); - if let Err(write_err) = stream.write_all(&length_bytes).await { + if let Err(write_err) = stream.write_u64(encoded_data.len() as u64).await { log::warn!("Error writing to the stream '{}'", write_err); } else { - log::trace!("Wrote length, writing payload (len={})", length); + log::trace!("Wrote length, writing payload (len={})", encoded_data.len()); // now send the object if let Err(write_err) = stream.write_all(&encoded_data).await { log::warn!("Error writing to the stream '{}'", write_err); @@ -305,19 +381,19 @@ pub enum SessionReaderMessage { impl ractor::Message for SessionReaderMessage {} struct SessionReaderState { - reader: Option, + reader: Option, } #[async_trait::async_trait] impl Actor for SessionReader { type Msg = SessionReaderMessage; - type Arguments = OwnedReadHalf; + type Arguments = ActorReadHalf; type State = SessionReaderState; async fn pre_start( &self, myself: ActorRef, - reader: OwnedReadHalf, + reader: ActorReadHalf, ) -> Result { // start waiting for the first object on the network let _ = myself.cast(SessionReaderMessage::WaitForObject); @@ -345,9 +421,8 @@ impl Actor for SessionReader { match message { Self::Msg::WaitForObject if state.reader.is_some() => { if let Some(stream) = &mut state.reader { - match read_n_bytes(stream, 8).await { - Ok(buf) => { - let length = u64::from_be_bytes(buf.try_into().unwrap()); + match stream.read_u64().await { + Ok(length) => { log::trace!("Payload length message ({}) received", length); let _ = myself.cast(SessionReaderMessage::ReadObject(length)); return Ok(()); diff --git a/ractor_cluster/src/node/client.rs b/ractor_cluster/src/node/client.rs index 887e1634..5390d5da 100644 --- a/ractor_cluster/src/node/client.rs +++ b/ractor_cluster/src/node/client.rs @@ -19,6 +19,8 @@ pub enum ClientConnectErr { /// Error communicating to the [super::NodeServer] actor. Actor receiving port is /// closed Messaging(MessagingErr), + /// Some error with encryption has occurred + Encryption(tokio::io::Error), } impl std::error::Error for ClientConnectErr { @@ -26,6 +28,7 @@ impl std::error::Error for ClientConnectErr { match self { Self::Socket(cause) => Some(cause), Self::Messaging(cause) => Some(cause), + Self::Encryption(cause) => Some(cause), } } } @@ -65,11 +68,59 @@ where // connect to the socket let stream = TcpStream::connect(address).await?; - // Startup the TCP handler, linked to the newly created `NodeSession` + // Notify the NodeServer that a new connection is opened let addr = stream.peer_addr()?; + let local = stream.local_addr()?; node_server.cast(super::NodeServerMessage::ConnectionOpened { - stream, + stream: crate::net::NetworkStream::Raw { + stream, + peer_addr: addr, + local_addr: local, + }, + is_server: false, + })?; + + log::info!("TCP Session opened for {}", addr); + Ok(()) +} + +/// Connect to another [super::NodeServer] instance with network encryption +/// +/// * `node_server` - The [super::NodeServer] which will own this new connection session +/// * `address` - The network address to send the connection to. Must implement [ToSocketAddrs] +/// * `encryption_settings` - The [tokio_rustls::TlsConnector] which is configured to encrypt the socket +/// * `domain` - The server name we're connecting to ([rustls::ServerName]) +/// +/// Returns: [Ok(())] if the connection was successful and the [super::NodeSession] was started. Handshake will continue +/// automatically. Results in a [Err(ClientConnectError)] if any part of the process failed to initiate +pub async fn connect_enc( + node_server: &ActorRef, + address: T, + encryption_settings: tokio_rustls::TlsConnector, + domain: rustls::ServerName, +) -> Result<(), ClientConnectErr> +where + T: ToSocketAddrs, +{ + // connect to the socket + let stream = TcpStream::connect(address).await?; + + let addr = stream.peer_addr()?; + let local = stream.local_addr()?; + + // encrypt the socket + let enc_stream = encryption_settings + .connect(domain, stream) + .await + .map_err(ClientConnectErr::Encryption)?; + + node_server.cast(super::NodeServerMessage::ConnectionOpened { + stream: crate::net::NetworkStream::TlsClient { + stream: enc_stream, + peer_addr: addr, + local_addr: local, + }, is_server: false, })?; diff --git a/ractor_cluster/src/node/mod.rs b/ractor_cluster/src/node/mod.rs index f94e96d2..29513112 100644 --- a/ractor_cluster/src/node/mod.rs +++ b/ractor_cluster/src/node/mod.rs @@ -12,7 +12,7 @@ //! [NodeSession] requests. [NodeSession]s represent a remote server, locally. //! //! Additionally, you can open a session as a "client" by requesting a new session from the [NodeServer] -//! after initially connecting a [TcpStream] to the desired endpoint and then attaching the [NodeSession] +//! after initially connecting a TcpStream to the desired endpoint and then attaching the [NodeSession] //! to the TcpStream (and linking the actors). See [client::connect] for client-based connections //! //! ## Supervision @@ -48,13 +48,13 @@ pub mod auth; pub mod client; pub mod node_session; pub use node_session::NodeSession; -use tokio::net::TcpStream; use std::collections::HashMap; use std::{cmp::Ordering, collections::hash_map::Entry}; use ractor::{Actor, ActorId, ActorProcessingErr, ActorRef, RpcReplyPort, SupervisionEvent}; +use crate::net::IncomingEncryptionMode; use crate::protocol::auth as auth_protocol; use crate::{NodeId, RactorMessage}; @@ -93,10 +93,10 @@ impl From for auth_protocol::server_status::Status { #[derive(RactorMessage)] pub enum NodeServerMessage { /// Notifies the session manager that a new incoming (`is_server = true`) or outgoing (`is_server = false`) - /// [TcpStream] was accepted + /// [crate::NetworkStream] was accepted ConnectionOpened { - /// The [TcpStream] for this network connection - stream: TcpStream, + /// The [crate::NetworkStream] for this network connection + stream: crate::net::NetworkStream, /// Flag denoting if it's a server (incoming) connection when [true], [false] for outgoing is_server: bool, }, @@ -150,6 +150,7 @@ pub struct NodeServer { cookie: String, node_name: String, hostname: String, + encryption_mode: IncomingEncryptionMode, } impl NodeServer { @@ -159,12 +160,14 @@ impl NodeServer { cookie: String, node_name: String, hostname: String, + tls_config: IncomingEncryptionMode, ) -> Self { Self { port, cookie, node_name, hostname, + encryption_mode: tls_config, } } } @@ -242,7 +245,11 @@ impl Actor for NodeServer { myself: ActorRef, _: (), ) -> Result { - let listener = crate::net::listener::Listener::new(self.port, myself.clone()); + let listener = crate::net::listener::Listener::new( + self.port, + myself.clone(), + self.encryption_mode.clone(), + ); let (actor_ref, _) = Actor::spawn_linked(None, listener, (), myself.get_cell()).await?; @@ -327,7 +334,11 @@ impl Actor for NodeServer { // try to re-create the listener. If it's a port-bind issue, we will have already panicked on // trying to start the NodeServer - let listener = crate::net::listener::Listener::new(self.port, myself.clone()); + let listener = crate::net::listener::Listener::new( + self.port, + myself.clone(), + self.encryption_mode.clone(), + ); let (actor_ref, _) = Actor::spawn_linked(None, listener, (), myself.get_cell()).await?; @@ -361,7 +372,11 @@ impl Actor for NodeServer { // try to re-create the listener. If it's a port-bind issue, we will have already panicked on // trying to start the NodeServer - let listener = crate::net::listener::Listener::new(self.port, myself.clone()); + let listener = crate::net::listener::Listener::new( + self.port, + myself.clone(), + self.encryption_mode.clone(), + ); let (actor_ref, _) = Actor::spawn_linked(None, listener, (), myself.get_cell()).await?; diff --git a/ractor_cluster/src/node/node_session/mod.rs b/ractor_cluster/src/node/node_session/mod.rs index 386eada4..0880e3e0 100644 --- a/ractor_cluster/src/node/node_session/mod.rs +++ b/ractor_cluster/src/node/node_session/mod.rs @@ -715,7 +715,7 @@ impl NodeSessionState { #[async_trait::async_trait] impl Actor for NodeSession { type Msg = super::NodeSessionMessage; - type Arguments = tokio::net::TcpStream; + type Arguments = crate::net::NetworkStream; type State = NodeSessionState; async fn pre_start( @@ -723,8 +723,8 @@ impl Actor for NodeSession { myself: ActorRef, stream: Self::Arguments, ) -> Result { - let peer_addr = stream.peer_addr()?; - let local_addr = stream.local_addr()?; + let peer_addr = stream.peer_addr(); + let local_addr = stream.local_addr(); // startup the TCP socket handler for message write + reading let actor = crate::net::session::Session::spawn_linked( myself.clone(), diff --git a/ractor_cluster_integration_tests/Cargo.toml b/ractor_cluster_integration_tests/Cargo.toml index 3966f4db..f2e66c8d 100644 --- a/ractor_cluster_integration_tests/Cargo.toml +++ b/ractor_cluster_integration_tests/Cargo.toml @@ -19,5 +19,8 @@ log = "0.4" ractor = { path = "../ractor" } ractor_cluster = { path = "../ractor_cluster" } rand = "0.8" +tokio-rustls = { version = "0.23" } +rustls = "0.20" +rustls-pemfile = "1.0" rustyrepl = { version = "0.2", features = ["async"] } tokio = { version = "1", features = ["rt", "time", "sync", "macros", "rt-multi-thread", "signal"] } diff --git a/ractor_cluster_integration_tests/Dockerfile b/ractor_cluster_integration_tests/Dockerfile index 9111f93c..425e5a30 100644 --- a/ractor_cluster_integration_tests/Dockerfile +++ b/ractor_cluster_integration_tests/Dockerfile @@ -8,6 +8,8 @@ WORKDIR /usr/src/app COPY . . RUN cargo install --path ractor_cluster_integration_tests/ RUN mv /usr/local/cargo/bin/ractor_cluster_integration_tests /usr/local/bin/ractor_cluster_integration_tests +RUN mv /usr/src/app/ractor_cluster_integration_tests/test-ca/ /usr/local/bin/test-ca WORKDIR /usr/local/bin ENTRYPOINT [ "ractor_cluster_integration_tests" ] +# ENTRYPOINT ["/bin/bash"] diff --git a/ractor_cluster_integration_tests/envs/encryption.env b/ractor_cluster_integration_tests/envs/encryption.env new file mode 100644 index 00000000..707dc245 --- /dev/null +++ b/ractor_cluster_integration_tests/envs/encryption.env @@ -0,0 +1,2 @@ +A_TEST="encryption 8199" +B_TEST="encryption 8198 8199 node-a" \ No newline at end of file diff --git a/ractor_cluster_integration_tests/src/repl.rs b/ractor_cluster_integration_tests/src/repl.rs index 453e9755..c33acc7a 100644 --- a/ractor_cluster_integration_tests/src/repl.rs +++ b/ractor_cluster_integration_tests/src/repl.rs @@ -21,6 +21,7 @@ impl ReplCommandProcessor for TestRepl { let code = match command { TestCase::AuthHandshake(config) => crate::tests::auth_handshake::test(config).await, TestCase::PgGroups(config) => crate::tests::pg_groups::test(config).await, + TestCase::Encryption(config) => crate::tests::encryption::test(config).await, }; if code < 0 { diff --git a/ractor_cluster_integration_tests/src/tests/auth_handshake.rs b/ractor_cluster_integration_tests/src/tests/auth_handshake.rs index 565bdeb7..0980384d 100644 --- a/ractor_cluster_integration_tests/src/tests/auth_handshake.rs +++ b/ractor_cluster_integration_tests/src/tests/auth_handshake.rs @@ -33,6 +33,7 @@ pub async fn test(config: AuthHandshakeConfig) -> i32 { cookie, super::random_name(), hostname.clone(), + ractor_cluster::IncomingEncryptionMode::Raw, ); log::info!("Starting NodeServer on port {}", config.server_port); @@ -48,8 +49,7 @@ pub async fn test(config: AuthHandshakeConfig) -> i32 { client_port ); if let Err(error) = - ractor_cluster::node::client::connect(&actor, format!("{client_host}:{client_port}")) - .await + ractor_cluster::client_connect(&actor, format!("{client_host}:{client_port}")).await { log::error!("Failed to connect with error {error}"); return -3; diff --git a/ractor_cluster_integration_tests/src/tests/encryption.rs b/ractor_cluster_integration_tests/src/tests/encryption.rs new file mode 100644 index 00000000..d91663e6 --- /dev/null +++ b/ractor_cluster_integration_tests/src/tests/encryption.rs @@ -0,0 +1,200 @@ +// Copyright (c) Sean Lawlor +// +// This source code is licensed under both the MIT license found in the +// LICENSE-MIT file in the root directory of this source tree. + +//! A clone of the [super::auth_handshake] test but with encryped communications +//! +//! Encryption certificates used are the same as [rustls]'s examples: + +use std::convert::TryFrom; +use std::fs::File; +use std::io::{self, BufReader}; +use std::path::{Path, PathBuf}; +use std::sync::Arc; + +use clap::Args; +use ractor::concurrency::{sleep, Duration, Instant}; +use ractor::Actor; +use rustls_pemfile::{certs, rsa_private_keys}; +use tokio_rustls::rustls::{self, Certificate, OwnedTrustAnchor, PrivateKey}; +use tokio_rustls::{webpki, TlsAcceptor, TlsConnector}; + +const AUTH_TIME_ALLOWANCE_MS: u128 = 1500; + +/// Configuration +#[derive(Args, Debug, Clone)] +pub struct EncryptionConfig { + /// Server port + server_port: u16, + /// If specified, represents the client to connect to + client_port: Option, + /// If specified, represents the client to connect to + client_host: Option, +} + +fn load_certs(path: &Path) -> io::Result> { + certs(&mut BufReader::new(File::open(path)?)) + .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert")) + .map(|mut certs| certs.drain(..).map(Certificate).collect()) +} + +fn load_keys(path: &Path) -> io::Result> { + rsa_private_keys(&mut BufReader::new(File::open(path)?)) + .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key")) + .map(|mut keys| keys.drain(..).map(PrivateKey).collect()) +} + +pub async fn test(config: EncryptionConfig) -> i32 { + let cookie = "cookie".to_string(); + let hostname = "localhost".to_string(); + + // ================== Server TLS Configuration ================== // + // Example `rustls` command: cargo run --bin tlsserver-mio -- --certs test-ca/rsa/end.fullchain --key test-ca/rsa/end.rsa -p 8443 echo + // + // combined with source code: https://github.com/tokio-rs/tls/blob/357bc562483dcf04c1f8d08bd1a831b144bf7d4c/tokio-rustls/examples/server/src/main.rs + let cert_path = PathBuf::from("test-ca/rsa/end.fullchain"); + let key_path = PathBuf::from("test-ca/rsa/end.rsa"); + let certs = load_certs(&cert_path).expect("Failed to load encryption certificates"); + let mut keys = load_keys(&key_path).expect("Failed to load encryption keys"); + + let server_config = rustls::ServerConfig::builder() + .with_safe_defaults() + .with_no_client_auth() + .with_single_cert(certs, keys.remove(0)) + .expect("Failed to build server configuration"); + let acceptor = TlsAcceptor::from(Arc::new(server_config)); + + // ================== Client TLS Configuration ================== // + + let ca_path = PathBuf::from("test-ca/rsa/ca.cert"); + let mut ca_pem = BufReader::new(File::open(ca_path).expect("Failed to load CA certificate")); + let ca_certs = rustls_pemfile::certs(&mut ca_pem).expect("Failed to parse CA certificate"); + + let mut root_cert_store = rustls::RootCertStore::empty(); + let trust_anchors = ca_certs.iter().map(|cert| { + let ta = + webpki::TrustAnchor::try_from_cert_der(&cert[..]).expect("Failed to build TrustAnchor"); + log::warn!( + "CA Cert SUB={}", + String::from_utf8(ta.subject.to_vec()).unwrap_or("n/a".to_string()) + ); + OwnedTrustAnchor::from_subject_spki_name_constraints( + ta.subject, + ta.spki, + ta.name_constraints, + ) + }); + root_cert_store.add_server_trust_anchors(trust_anchors); + let client_config = rustls::ClientConfig::builder() + .with_safe_defaults() + .with_root_certificates(root_cert_store) + .with_no_client_auth(); + let connector = TlsConnector::from(Arc::new(client_config)); + + // NOTE: It's `testserver.com` because that's what's generated by the rustls team. Eventually we should re-generate + // our own certs but this is just a temporary hack for the test + let domain = rustls::ServerName::try_from("testserver.com").expect("Invalid DNS name `node-a`"); + + // ================== Server Creation ================== // + + let server = ractor_cluster::NodeServer::new( + config.server_port, + cookie, + super::random_name(), + hostname.clone(), + ractor_cluster::IncomingEncryptionMode::Tls(acceptor), + ); + + log::info!("Starting NodeServer on port {}", config.server_port); + + let (actor, handle) = Actor::spawn(None, server, ()) + .await + .expect("Failed to start NodeServer"); + + if let (Some(client_host), Some(client_port)) = (config.client_host, config.client_port) { + log::info!( + "Connecting to remote NodeServer at {}:{}", + client_host, + client_port + ); + if let Err(error) = ractor_cluster::client_connect_enc( + &actor, + format!("{client_host}:{client_port}"), + connector, + domain, + ) + .await + { + log::error!("Failed to connect with error {error}"); + return -3; + } else { + log::info!("Client connected NodeServer b to NodeServer a"); + } + } + + let mut err_code = -1; + log::info!("Waiting for NodeSession status updates"); + + let mut rpc_reply = ractor::call_t!(actor, ractor_cluster::NodeServerMessage::GetSessions, 200); + let mut tic = None; + + while rpc_reply.is_ok() { + if let Some(timestamp) = tic { + let time: Duration = Instant::now() - timestamp; + if time.as_millis() > AUTH_TIME_ALLOWANCE_MS { + err_code = -2; + log::error!( + "The authentcation time has been going on for over > {}ms. Failing the test", + time.as_millis() + ); + break; + } + } + + if let Some(item) = rpc_reply + .unwrap() + .into_values() + .collect::>() + .first() + .cloned() + { + // we got an actor, track how long it took to auth, maxing out at 500ms + if tic.is_none() { + tic = Some(Instant::now()); + } + + let is_authenticated = ractor::call_t!( + item, + ractor_cluster::NodeSessionMessage::GetAuthenticationState, + 200 + ); + match is_authenticated { + Err(err) => { + log::warn!("NodeSession returned error on rpc query {}", err); + break; + } + Ok(false) => { + // Still waiting + } + Ok(true) => { + err_code = 0; + log::info!("Authentication succeeded. Exiting test"); + break; + } + } + } + // try again + rpc_reply = ractor::call_t!(actor, ractor_cluster::NodeServerMessage::GetSessions, 200); + } + + log::info!("Terminating test - code {}", err_code); + + sleep(Duration::from_millis(250)).await; + + // cleanup + actor.stop(None); + handle.await.unwrap(); + + err_code +} diff --git a/ractor_cluster_integration_tests/src/tests/mod.rs b/ractor_cluster_integration_tests/src/tests/mod.rs index 94c31154..f51ae2e3 100644 --- a/ractor_cluster_integration_tests/src/tests/mod.rs +++ b/ractor_cluster_integration_tests/src/tests/mod.rs @@ -10,6 +10,7 @@ use rand::distributions::Alphanumeric; use rand::{thread_rng, Rng}; pub mod auth_handshake; +pub mod encryption; pub mod pg_groups; fn random_name() -> String { @@ -26,4 +27,6 @@ pub enum TestCase { AuthHandshake(auth_handshake::AuthHandshakeConfig), /// Test pg groups through a ractor cluster PgGroups(pg_groups::PgGroupsConfig), + /// Test encrypted socket communications (through the auth handshake) + Encryption(encryption::EncryptionConfig), } diff --git a/ractor_cluster_integration_tests/src/tests/pg_groups.rs b/ractor_cluster_integration_tests/src/tests/pg_groups.rs index 68b1934a..4b91bdda 100644 --- a/ractor_cluster_integration_tests/src/tests/pg_groups.rs +++ b/ractor_cluster_integration_tests/src/tests/pg_groups.rs @@ -106,8 +106,13 @@ pub(crate) async fn test(config: PgGroupsConfig) -> i32 { let cookie = "cookie".to_string(); let hostname = "localhost".to_string(); - let server = - ractor_cluster::NodeServer::new(config.server_port, cookie, super::random_name(), hostname); + let server = ractor_cluster::NodeServer::new( + config.server_port, + cookie, + super::random_name(), + hostname, + ractor_cluster::IncomingEncryptionMode::Raw, + ); let (actor, handle) = Actor::spawn(None, server, ()) .await @@ -124,8 +129,7 @@ pub(crate) async fn test(config: PgGroupsConfig) -> i32 { client_port ); if let Err(error) = - ractor_cluster::node::client::connect(&actor, format!("{client_host}:{client_port}")) - .await + ractor_cluster::client_connect(&actor, format!("{client_host}:{client_port}")).await { log::error!("Failed to connect with error {error}"); return -3; diff --git a/ractor_cluster_integration_tests/test-ca/LICENSE-MIT b/ractor_cluster_integration_tests/test-ca/LICENSE-MIT new file mode 100644 index 00000000..b4000f92 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/LICENSE-MIT @@ -0,0 +1,25 @@ +Copyright (c) 2016 Joseph Birr-Pixton + +Permission is hereby granted, free of charge, to any +person obtaining a copy of this software and associated +documentation files (the "Software"), to deal in the +Software without restriction, including without +limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice +shall be included in all copies or substantial portions +of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT +SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/ractor_cluster_integration_tests/test-ca/README.md b/ractor_cluster_integration_tests/test-ca/README.md new file mode 100644 index 00000000..807cd5ea --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/README.md @@ -0,0 +1,6 @@ +# Encryption Certificates + +This folder is copied as-is from `rustls`'s public github repository. Full attribution is to their +codebase and we give no guarantee on these certificates. They're for testing utilization only + +https://github.com/rustls/rustls \ No newline at end of file diff --git a/ractor_cluster_integration_tests/test-ca/build-a-pki.sh b/ractor_cluster_integration_tests/test-ca/build-a-pki.sh new file mode 100755 index 00000000..e9738945 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/build-a-pki.sh @@ -0,0 +1,176 @@ +#!/bin/sh + +set -xe + +rm -rf rsa/ ecdsa/ eddsa/ +mkdir -p rsa/ ecdsa/ eddsa/ + +openssl req -nodes \ + -x509 \ + -days 3650 \ + -newkey rsa:4096 \ + -keyout rsa/ca.key \ + -out rsa/ca.cert \ + -sha256 \ + -batch \ + -subj "/CN=ponytown RSA CA" + +openssl req -nodes \ + -newkey rsa:3072 \ + -keyout rsa/inter.key \ + -out rsa/inter.req \ + -sha256 \ + -batch \ + -subj "/CN=ponytown RSA level 2 intermediate" + +openssl req -nodes \ + -newkey rsa:2048 \ + -keyout rsa/end.key \ + -out rsa/end.req \ + -sha256 \ + -batch \ + -subj "/CN=testserver.com" + +openssl rsa \ + -in rsa/end.key \ + -out rsa/end.rsa + +openssl req -nodes \ + -newkey rsa:2048 \ + -keyout rsa/client.key \ + -out rsa/client.req \ + -sha256 \ + -batch \ + -subj "/CN=ponytown client" + +openssl rsa \ + -in rsa/client.key \ + -out rsa/client.rsa + +# ecdsa +openssl ecparam -name prime256v1 -out ecdsa/nistp256.pem +openssl ecparam -name secp384r1 -out ecdsa/nistp384.pem + +openssl req -nodes \ + -x509 \ + -newkey ec:ecdsa/nistp384.pem \ + -keyout ecdsa/ca.key \ + -out ecdsa/ca.cert \ + -sha256 \ + -batch \ + -days 3650 \ + -subj "/CN=ponytown ECDSA CA" + +openssl req -nodes \ + -newkey ec:ecdsa/nistp256.pem \ + -keyout ecdsa/inter.key \ + -out ecdsa/inter.req \ + -sha256 \ + -batch \ + -days 3000 \ + -subj "/CN=ponytown ECDSA level 2 intermediate" + +openssl req -nodes \ + -newkey ec:ecdsa/nistp256.pem \ + -keyout ecdsa/end.key \ + -out ecdsa/end.req \ + -sha256 \ + -batch \ + -days 2000 \ + -subj "/CN=testserver.com" + +openssl req -nodes \ + -newkey ec:ecdsa/nistp384.pem \ + -keyout ecdsa/client.key \ + -out ecdsa/client.req \ + -sha256 \ + -batch \ + -days 2000 \ + -subj "/CN=ponytown client" + +# eddsa + +# TODO: add support for Ed448 +# openssl genpkey -algorithm Ed448 -out eddsa/ca.key +openssl genpkey -algorithm Ed25519 -out eddsa/ca.key + +openssl req -nodes \ + -x509 \ + -key eddsa/ca.key \ + -out eddsa/ca.cert \ + -sha256 \ + -batch \ + -days 3650 \ + -subj "/CN=ponytown EdDSA CA" + +openssl genpkey -algorithm Ed25519 -out eddsa/inter.key + +openssl req -nodes \ + -new \ + -key eddsa/inter.key \ + -out eddsa/inter.req \ + -sha256 \ + -batch \ + -subj "/CN=ponytown EdDSA level 2 intermediate" + +openssl genpkey -algorithm Ed25519 -out eddsa/end.key + +openssl req -nodes \ + -new \ + -key eddsa/end.key \ + -out eddsa/end.req \ + -sha256 \ + -batch \ + -subj "/CN=testserver.com" + +# TODO: add support for Ed448 +# openssl genpkey -algorithm Ed448 -out eddsa/client.key +openssl genpkey -algorithm Ed25519 -out eddsa/client.key + +openssl req -nodes \ + -new \ + -key eddsa/client.key \ + -out eddsa/client.req \ + -sha256 \ + -batch \ + -subj "/CN=ponytown client" + +for kt in rsa ecdsa eddsa ; do + openssl x509 -req \ + -in $kt/inter.req \ + -out $kt/inter.cert \ + -CA $kt/ca.cert \ + -CAkey $kt/ca.key \ + -sha256 \ + -days 3650 \ + -set_serial 123 \ + -extensions v3_inter -extfile openssl.cnf + + openssl x509 -req \ + -in $kt/end.req \ + -out $kt/end.cert \ + -CA $kt/inter.cert \ + -CAkey $kt/inter.key \ + -sha256 \ + -days 2000 \ + -set_serial 456 \ + -extensions v3_end -extfile openssl.cnf + + openssl x509 -req \ + -in $kt/client.req \ + -out $kt/client.cert \ + -CA $kt/inter.cert \ + -CAkey $kt/inter.key \ + -sha256 \ + -days 2000 \ + -set_serial 789 \ + -extensions v3_client -extfile openssl.cnf + + cat $kt/inter.cert $kt/ca.cert > $kt/end.chain + cat $kt/end.cert $kt/inter.cert $kt/ca.cert > $kt/end.fullchain + + cat $kt/inter.cert $kt/ca.cert > $kt/client.chain + cat $kt/client.cert $kt/inter.cert $kt/ca.cert > $kt/client.fullchain + + openssl asn1parse -in $kt/ca.cert -out $kt/ca.der > /dev/null +done diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/ca.cert b/ractor_cluster_integration_tests/test-ca/ecdsa/ca.cert new file mode 100644 index 00000000..4b076bd0 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/ca.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByjCCAVCgAwIBAgIUSA11/39PY7uM9Nc2ITnV1eHzaKYwCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMTkwNjA5MTcxNTEyWhcN +MjkwNjA2MTcxNTEyWjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABLsXWEKs2xXCgW1OcC63pCPjQo0q3VnPc1J24n6m +Xwxpg398nzR4n3iHcYA0pKgEneBstSOsXOhbNZ09DAvEr3iSc8ByWWntEbWVjY3g +9Kt6Q6Y1sXGkaUIiP9be5lIQRaNTMFEwHQYDVR0OBBYEFKD72TTU/GXhb3/D1/Z7 +hD/ZG6lKMB8GA1UdIwQYMBaAFKD72TTU/GXhb3/D1/Z7hD/ZG6lKMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIxAL9FtbNV7i9trxukhakfTvbXCHgE +2pIOT5r/Vc5kSrPU4vJu2MOJz6X/JCX15IbZlQIwJxYfsD8QTQf8J9bP9Pq4SY71 +obja/vQ6UBixlRB5vDSG0UuukL4kzlyUKpHkwUcj +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/ca.der b/ractor_cluster_integration_tests/test-ca/ecdsa/ca.der new file mode 100644 index 0000000000000000000000000000000000000000..575c9c01867c9f1a82e0efbddfac31eaefa9b43f GIT binary patch literal 462 zcmXqLVmxKg#2B!EnTe5!NyLM<^nbm7^6s85*Uc0yuU>ulIb)dt7aNCGo5wj@7G@>` z8AB-p2{z_X7G@s7g8aP7lKk>K1y^U6U`GXKM*}%=UPDU*GXqOQb3;=@qbPA+BM{dN z$|az?%s_yR9c&X5BO9xBBMXBPa}oo~Zt)1GHMd0%HRk#i=xtx3{Me~i>u%)v;-Ioe zb<5&;GMnpb=9^T^uV^o9Fj=yKW$uHVt;%a+UPPPDwdLVHvc6(c@qwbq%(sGDr}p+f z__Dgnd70_P!X=qbO7_?8Jqr?WT^wu>XdnyplPn*L7>me)-#1OJ{7HS7Uw`=ex9S%A zo6;-24CF!5$}AEFVhz|8@PiZxGcx{XVKra|QpkbEoWWp_%4Eo}-*xNe(0BT|>!p{p zu9WxtcAcYw<<=xV|5^V-&!u>6zVhf(-i^bZ=a>FhQT_U)?dDV_19dU^4fX=Q?0?j+ so&WM{hiBi{g*$Hj`(hO!v2m(E{B@xGev9SlY{Qc0HE!!!2kdN literal 0 HcmV?d00001 diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/ca.key b/ractor_cluster_integration_tests/test-ca/ecdsa/ca.key new file mode 100644 index 00000000..afeb1af1 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/ca.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDl30Srs7laSdaAOzoB +kCiehcf1HXv7NqGQBECqshrtHxGEX6bAnBB7JgyDs28NvPGhZANiAAS7F1hCrNsV +woFtTnAut6Qj40KNKt1Zz3NSduJ+pl8MaYN/fJ80eJ94h3GANKSoBJ3gbLUjrFzo +WzWdPQwLxK94knPAcllp7RG1lY2N4PSrekOmNbFxpGlCIj/W3uZSEEU= +-----END PRIVATE KEY----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/client.cert b/ractor_cluster_integration_tests/test-ca/ecdsa/client.cert new file mode 100644 index 00000000..f40f1c9e --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/client.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB8jCCAZegAwIBAgICAxUwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv +d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMTkwNjA5MTcxNTEyWhcN +MjQxMTI5MTcxNTEyWjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATx0R97foSC0Ra9a13pJzfI1hh3G6476MIMslLHxg5w +wCG8k5mMHia2hGOBbdGjoY0C1wJLNrUSov5SfcsYX6/VjHQH/elmb/KOO1AGwPD7 +1yD1+DG/cjK1okLZIVhbSQyjgZswgZgwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMC +BsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFFBkko+0OE2piFRx +h9m2UonFYQFEMEQGA1UdIwQ9MDuAFD93gjUQ7CX28Dy5NlFYfYh8XlKSoSCkHjAc +MRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQYIBezAKBggqhkjOPQQDAgNJADBG +AiEAvyquOUQlqAWkSlfwH3nYNmmEG9CT/jjzNs1OBr1RD6ACIQDtmqdbttqgqKAZ +Wi5lCzftwM6Hy5aA0qy1v80H4xBJyw== +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/client.chain b/ractor_cluster_integration_tests/test-ca/ecdsa/client.chain new file mode 100644 index 00000000..c1fe549e --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/client.chain @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIBuDCCAT2gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 +biBFQ0RTQSBDQTAeFw0xOTA2MDkxNzE1MTJaFw0yOTA2MDYxNzE1MTJaMC4xLDAq +BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAEYtRlPykhT0YLnjcSsbe8rfmJ7ojfWuHImDGx +DpF5vJ259giO99qFEcZTi7dNvQGBQC6bsUWddTl3Bc7gxiCr3aNeMFwwHQYDVR0O +BBYEFD93gjUQ7CX28Dy5NlFYfYh8XlKSMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAKBggqhkjOPQQD +AgNpADBmAjEAxdSnB7ryhG+y7tshwxqrFoZEWXpDLQDZGad0+Wf+7hiNoNCDDdIv +MhYxzCDbTS/lAjEAwjsfrp4gxwoz/6fNfUvHyiA3j9jMd64tapzWy2hoqubKBEum +EVczk9vVmsiJA5J3 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIByjCCAVCgAwIBAgIUSA11/39PY7uM9Nc2ITnV1eHzaKYwCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMTkwNjA5MTcxNTEyWhcN +MjkwNjA2MTcxNTEyWjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABLsXWEKs2xXCgW1OcC63pCPjQo0q3VnPc1J24n6m +Xwxpg398nzR4n3iHcYA0pKgEneBstSOsXOhbNZ09DAvEr3iSc8ByWWntEbWVjY3g +9Kt6Q6Y1sXGkaUIiP9be5lIQRaNTMFEwHQYDVR0OBBYEFKD72TTU/GXhb3/D1/Z7 +hD/ZG6lKMB8GA1UdIwQYMBaAFKD72TTU/GXhb3/D1/Z7hD/ZG6lKMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIxAL9FtbNV7i9trxukhakfTvbXCHgE +2pIOT5r/Vc5kSrPU4vJu2MOJz6X/JCX15IbZlQIwJxYfsD8QTQf8J9bP9Pq4SY71 +obja/vQ6UBixlRB5vDSG0UuukL4kzlyUKpHkwUcj +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/client.fullchain b/ractor_cluster_integration_tests/test-ca/ecdsa/client.fullchain new file mode 100644 index 00000000..8f9c2b42 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/client.fullchain @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIB8jCCAZegAwIBAgICAxUwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv +d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMTkwNjA5MTcxNTEyWhcN +MjQxMTI5MTcxNTEyWjAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATx0R97foSC0Ra9a13pJzfI1hh3G6476MIMslLHxg5w +wCG8k5mMHia2hGOBbdGjoY0C1wJLNrUSov5SfcsYX6/VjHQH/elmb/KOO1AGwPD7 +1yD1+DG/cjK1okLZIVhbSQyjgZswgZgwDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMC +BsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFFBkko+0OE2piFRx +h9m2UonFYQFEMEQGA1UdIwQ9MDuAFD93gjUQ7CX28Dy5NlFYfYh8XlKSoSCkHjAc +MRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQYIBezAKBggqhkjOPQQDAgNJADBG +AiEAvyquOUQlqAWkSlfwH3nYNmmEG9CT/jjzNs1OBr1RD6ACIQDtmqdbttqgqKAZ +Wi5lCzftwM6Hy5aA0qy1v80H4xBJyw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBuDCCAT2gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 +biBFQ0RTQSBDQTAeFw0xOTA2MDkxNzE1MTJaFw0yOTA2MDYxNzE1MTJaMC4xLDAq +BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAEYtRlPykhT0YLnjcSsbe8rfmJ7ojfWuHImDGx +DpF5vJ259giO99qFEcZTi7dNvQGBQC6bsUWddTl3Bc7gxiCr3aNeMFwwHQYDVR0O +BBYEFD93gjUQ7CX28Dy5NlFYfYh8XlKSMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAKBggqhkjOPQQD +AgNpADBmAjEAxdSnB7ryhG+y7tshwxqrFoZEWXpDLQDZGad0+Wf+7hiNoNCDDdIv +MhYxzCDbTS/lAjEAwjsfrp4gxwoz/6fNfUvHyiA3j9jMd64tapzWy2hoqubKBEum +EVczk9vVmsiJA5J3 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIByjCCAVCgAwIBAgIUSA11/39PY7uM9Nc2ITnV1eHzaKYwCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMTkwNjA5MTcxNTEyWhcN +MjkwNjA2MTcxNTEyWjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABLsXWEKs2xXCgW1OcC63pCPjQo0q3VnPc1J24n6m +Xwxpg398nzR4n3iHcYA0pKgEneBstSOsXOhbNZ09DAvEr3iSc8ByWWntEbWVjY3g +9Kt6Q6Y1sXGkaUIiP9be5lIQRaNTMFEwHQYDVR0OBBYEFKD72TTU/GXhb3/D1/Z7 +hD/ZG6lKMB8GA1UdIwQYMBaAFKD72TTU/GXhb3/D1/Z7hD/ZG6lKMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIxAL9FtbNV7i9trxukhakfTvbXCHgE +2pIOT5r/Vc5kSrPU4vJu2MOJz6X/JCX15IbZlQIwJxYfsD8QTQf8J9bP9Pq4SY71 +obja/vQ6UBixlRB5vDSG0UuukL4kzlyUKpHkwUcj +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/client.key b/ractor_cluster_integration_tests/test-ca/ecdsa/client.key new file mode 100644 index 00000000..412914c6 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/client.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDALKtA1q+8ZBeLi2Gsq +UxFTBxNPPhOuyNRkvwRKis/glf9GgEHgvM0qVaxWnRsdCE6hZANiAATx0R97foSC +0Ra9a13pJzfI1hh3G6476MIMslLHxg5wwCG8k5mMHia2hGOBbdGjoY0C1wJLNrUS +ov5SfcsYX6/VjHQH/elmb/KOO1AGwPD71yD1+DG/cjK1okLZIVhbSQw= +-----END PRIVATE KEY----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/client.req b/ractor_cluster_integration_tests/test-ca/ecdsa/client.req new file mode 100644 index 00000000..850b32ae --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/client.req @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBEzCBmQIBADAaMRgwFgYDVQQDDA9wb255dG93biBjbGllbnQwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAATx0R97foSC0Ra9a13pJzfI1hh3G6476MIMslLHxg5wwCG8 +k5mMHia2hGOBbdGjoY0C1wJLNrUSov5SfcsYX6/VjHQH/elmb/KOO1AGwPD71yD1 ++DG/cjK1okLZIVhbSQygADAKBggqhkjOPQQDAgNpADBmAjEA8p3W7yFCJ73dOmYQ +rpMpLkYNcfxxpNfCWgqaPyWu3UeOcHvC7ihklnFTWzpmEO+PAjEA8O5P4mXlYUtl +Dsw8qOrqWSdQ1IykXhM4NxPOkt0TMQZvvrpSsJU6PhwSbJGjVfBR +-----END CERTIFICATE REQUEST----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/end.cert b/ractor_cluster_integration_tests/test-ca/ecdsa/end.cert new file mode 100644 index 00000000..7391b34b --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/end.cert @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9zCCAZ6gAwIBAgICAcgwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv +d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMTkwNjA5MTcxNTEyWhcN +MjQxMTI5MTcxNTEyWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABPprdHsWc3TtNne2409qO+fC9OFiiXFevQwJjUUC +J/X0ihomRsHAnrJvcNyOEWsdu7OwOj4PD9QFMifDEHGYtHOjgcAwgb0wDAYDVR0T +AQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFOXZcb/0+/Xql1fOb4pVblzV +vUcZMEQGA1UdIwQ9MDuAFD93gjUQ7CX28Dy5NlFYfYh8XlKSoSCkHjAcMRowGAYD +VQQDDBFwb255dG93biBFQ0RTQSBDQYIBezA7BgNVHREENDAygg50ZXN0c2VydmVy +LmNvbYIVc2Vjb25kLnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhvc3QwCgYIKoZIzj0E +AwIDRwAwRAIgXONA4IOh4PbHTuK6oaHtguOIvmxxXCqp8kwJlI1e+MMCICOSrk1F +e+VsbKeFQlJ6EM65CLTezDUIZKCmoNWvyTGy +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/end.chain b/ractor_cluster_integration_tests/test-ca/ecdsa/end.chain new file mode 100644 index 00000000..c1fe549e --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/end.chain @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIBuDCCAT2gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 +biBFQ0RTQSBDQTAeFw0xOTA2MDkxNzE1MTJaFw0yOTA2MDYxNzE1MTJaMC4xLDAq +BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAEYtRlPykhT0YLnjcSsbe8rfmJ7ojfWuHImDGx +DpF5vJ259giO99qFEcZTi7dNvQGBQC6bsUWddTl3Bc7gxiCr3aNeMFwwHQYDVR0O +BBYEFD93gjUQ7CX28Dy5NlFYfYh8XlKSMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAKBggqhkjOPQQD +AgNpADBmAjEAxdSnB7ryhG+y7tshwxqrFoZEWXpDLQDZGad0+Wf+7hiNoNCDDdIv +MhYxzCDbTS/lAjEAwjsfrp4gxwoz/6fNfUvHyiA3j9jMd64tapzWy2hoqubKBEum +EVczk9vVmsiJA5J3 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIByjCCAVCgAwIBAgIUSA11/39PY7uM9Nc2ITnV1eHzaKYwCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMTkwNjA5MTcxNTEyWhcN +MjkwNjA2MTcxNTEyWjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABLsXWEKs2xXCgW1OcC63pCPjQo0q3VnPc1J24n6m +Xwxpg398nzR4n3iHcYA0pKgEneBstSOsXOhbNZ09DAvEr3iSc8ByWWntEbWVjY3g +9Kt6Q6Y1sXGkaUIiP9be5lIQRaNTMFEwHQYDVR0OBBYEFKD72TTU/GXhb3/D1/Z7 +hD/ZG6lKMB8GA1UdIwQYMBaAFKD72TTU/GXhb3/D1/Z7hD/ZG6lKMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIxAL9FtbNV7i9trxukhakfTvbXCHgE +2pIOT5r/Vc5kSrPU4vJu2MOJz6X/JCX15IbZlQIwJxYfsD8QTQf8J9bP9Pq4SY71 +obja/vQ6UBixlRB5vDSG0UuukL4kzlyUKpHkwUcj +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/end.fullchain b/ractor_cluster_integration_tests/test-ca/ecdsa/end.fullchain new file mode 100644 index 00000000..535baef7 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/end.fullchain @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIB9zCCAZ6gAwIBAgICAcgwCgYIKoZIzj0EAwIwLjEsMCoGA1UEAwwjcG9ueXRv +d24gRUNEU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwHhcNMTkwNjA5MTcxNTEyWhcN +MjQxMTI5MTcxNTEyWjAZMRcwFQYDVQQDDA50ZXN0c2VydmVyLmNvbTBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABPprdHsWc3TtNne2409qO+fC9OFiiXFevQwJjUUC +J/X0ihomRsHAnrJvcNyOEWsdu7OwOj4PD9QFMifDEHGYtHOjgcAwgb0wDAYDVR0T +AQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFOXZcb/0+/Xql1fOb4pVblzV +vUcZMEQGA1UdIwQ9MDuAFD93gjUQ7CX28Dy5NlFYfYh8XlKSoSCkHjAcMRowGAYD +VQQDDBFwb255dG93biBFQ0RTQSBDQYIBezA7BgNVHREENDAygg50ZXN0c2VydmVy +LmNvbYIVc2Vjb25kLnRlc3RzZXJ2ZXIuY29tgglsb2NhbGhvc3QwCgYIKoZIzj0E +AwIDRwAwRAIgXONA4IOh4PbHTuK6oaHtguOIvmxxXCqp8kwJlI1e+MMCICOSrk1F +e+VsbKeFQlJ6EM65CLTezDUIZKCmoNWvyTGy +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBuDCCAT2gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 +biBFQ0RTQSBDQTAeFw0xOTA2MDkxNzE1MTJaFw0yOTA2MDYxNzE1MTJaMC4xLDAq +BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAEYtRlPykhT0YLnjcSsbe8rfmJ7ojfWuHImDGx +DpF5vJ259giO99qFEcZTi7dNvQGBQC6bsUWddTl3Bc7gxiCr3aNeMFwwHQYDVR0O +BBYEFD93gjUQ7CX28Dy5NlFYfYh8XlKSMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAKBggqhkjOPQQD +AgNpADBmAjEAxdSnB7ryhG+y7tshwxqrFoZEWXpDLQDZGad0+Wf+7hiNoNCDDdIv +MhYxzCDbTS/lAjEAwjsfrp4gxwoz/6fNfUvHyiA3j9jMd64tapzWy2hoqubKBEum +EVczk9vVmsiJA5J3 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIByjCCAVCgAwIBAgIUSA11/39PY7uM9Nc2ITnV1eHzaKYwCgYIKoZIzj0EAwIw +HDEaMBgGA1UEAwwRcG9ueXRvd24gRUNEU0EgQ0EwHhcNMTkwNjA5MTcxNTEyWhcN +MjkwNjA2MTcxNTEyWjAcMRowGAYDVQQDDBFwb255dG93biBFQ0RTQSBDQTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABLsXWEKs2xXCgW1OcC63pCPjQo0q3VnPc1J24n6m +Xwxpg398nzR4n3iHcYA0pKgEneBstSOsXOhbNZ09DAvEr3iSc8ByWWntEbWVjY3g +9Kt6Q6Y1sXGkaUIiP9be5lIQRaNTMFEwHQYDVR0OBBYEFKD72TTU/GXhb3/D1/Z7 +hD/ZG6lKMB8GA1UdIwQYMBaAFKD72TTU/GXhb3/D1/Z7hD/ZG6lKMA8GA1UdEwEB +/wQFMAMBAf8wCgYIKoZIzj0EAwIDaAAwZQIxAL9FtbNV7i9trxukhakfTvbXCHgE +2pIOT5r/Vc5kSrPU4vJu2MOJz6X/JCX15IbZlQIwJxYfsD8QTQf8J9bP9Pq4SY71 +obja/vQ6UBixlRB5vDSG0UuukL4kzlyUKpHkwUcj +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/end.key b/ractor_cluster_integration_tests/test-ca/ecdsa/end.key new file mode 100644 index 00000000..a88818ce --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/end.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgdoMBbIGRw+L9but3 +PO4WSJfS8wbvUNrF1VuQjsDVMKmhRANCAAT6a3R7FnN07TZ3tuNPajvnwvThYolx +Xr0MCY1FAif19IoaJkbBwJ6yb3DcjhFrHbuzsDo+Dw/UBTInwxBxmLRz +-----END PRIVATE KEY----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/end.req b/ractor_cluster_integration_tests/test-ca/ecdsa/end.req new file mode 100644 index 00000000..ee7c2a0f --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/end.req @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHTMHsCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAAT6a3R7FnN07TZ3tuNPajvnwvThYolxXr0MCY1FAif19Ioa +JkbBwJ6yb3DcjhFrHbuzsDo+Dw/UBTInwxBxmLRzoAAwCgYIKoZIzj0EAwIDSAAw +RQIgA9G3IaH4syAQYGJ3ESqXQaoKSrZsDMBD0MgG2g2FC78CIQD+RRTETPkFq0as +cca9W/yqg8QN/ZGzE38iEpohyGda/w== +-----END CERTIFICATE REQUEST----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/inter.cert b/ractor_cluster_integration_tests/test-ca/ecdsa/inter.cert new file mode 100644 index 00000000..f3843b4e --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/inter.cert @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBuDCCAT2gAwIBAgIBezAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFwb255dG93 +biBFQ0RTQSBDQTAeFw0xOTA2MDkxNzE1MTJaFw0yOTA2MDYxNzE1MTJaMC4xLDAq +BgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAEYtRlPykhT0YLnjcSsbe8rfmJ7ojfWuHImDGx +DpF5vJ259giO99qFEcZTi7dNvQGBQC6bsUWddTl3Bc7gxiCr3aNeMFwwHQYDVR0O +BBYEFD93gjUQ7CX28Dy5NlFYfYh8XlKSMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jAKBggqhkjOPQQD +AgNpADBmAjEAxdSnB7ryhG+y7tshwxqrFoZEWXpDLQDZGad0+Wf+7hiNoNCDDdIv +MhYxzCDbTS/lAjEAwjsfrp4gxwoz/6fNfUvHyiA3j9jMd64tapzWy2hoqubKBEum +EVczk9vVmsiJA5J3 +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/inter.key b/ractor_cluster_integration_tests/test-ca/ecdsa/inter.key new file mode 100644 index 00000000..f9f8b128 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/inter.key @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgdniIWGzkYuZcwh/H +9hDbaITfndAs+Hin6j+0XjD01MShRANCAARi1GU/KSFPRgueNxKxt7yt+YnuiN9a +4ciYMbEOkXm8nbn2CI732oURxlOLt029AYFALpuxRZ11OXcFzuDGIKvd +-----END PRIVATE KEY----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/inter.req b/ractor_cluster_integration_tests/test-ca/ecdsa/inter.req new file mode 100644 index 00000000..d7c5ec98 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/inter.req @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIHoMIGQAgEAMC4xLDAqBgNVBAMMI3Bvbnl0b3duIEVDRFNBIGxldmVsIDIgaW50 +ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYtRlPykhT0YLnjcS +sbe8rfmJ7ojfWuHImDGxDpF5vJ259giO99qFEcZTi7dNvQGBQC6bsUWddTl3Bc7g +xiCr3aAAMAoGCCqGSM49BAMCA0cAMEQCIFeMseiKS80m8KmHkl7W8lRXavH5yx/h +qTFM+f3T4AnZAiBRR8+rFop/TR51gISUfbMj2W3yTAGxOkCdlPgT+Jxqwg== +-----END CERTIFICATE REQUEST----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/nistp256.pem b/ractor_cluster_integration_tests/test-ca/ecdsa/nistp256.pem new file mode 100644 index 00000000..a76e47d9 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/nistp256.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- diff --git a/ractor_cluster_integration_tests/test-ca/ecdsa/nistp384.pem b/ractor_cluster_integration_tests/test-ca/ecdsa/nistp384.pem new file mode 100644 index 00000000..ceed209a --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/ecdsa/nistp384.pem @@ -0,0 +1,3 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQAIg== +-----END EC PARAMETERS----- diff --git a/ractor_cluster_integration_tests/test-ca/eddsa/ca.cert b/ractor_cluster_integration_tests/test-ca/eddsa/ca.cert new file mode 100644 index 00000000..3194b797 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/eddsa/ca.cert @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBTDCB/6ADAgECAhRXcvbYynz4+usVvPtJp++sBUih3TAFBgMrZXAwHDEaMBgG +A1UEAwwRcG9ueXRvd24gRWREU0EgQ0EwHhcNMTkwODE2MTMyODUwWhcNMjkwODEz +MTMyODUwWjAcMRowGAYDVQQDDBFwb255dG93biBFZERTQSBDQTAqMAUGAytlcAMh +AIE4tLweIfcBGfhPqyXFp5pjVxjaiKk+9fTbRy46jAFKo1MwUTAdBgNVHQ4EFgQU +z5b9HjkOxffbtCZhWGg+bnxuD6wwHwYDVR0jBBgwFoAUz5b9HjkOxffbtCZhWGg+ +bnxuD6wwDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXADQQBNlt7z4bZ7KhzecxZEe3i5 +lH9MRqbpP9Rg4HyzAJfTzFGT183HoJiISdPLbxwMn0KaqSGlVe+9GgNKswoaRAwH +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/eddsa/ca.der b/ractor_cluster_integration_tests/test-ca/eddsa/ca.der new file mode 100644 index 0000000000000000000000000000000000000000..9bd90e3fb596842c878f0f4e9df074056f6b9d34 GIT binary patch literal 336 zcmXqLV)QX+{J(&iiIIs(B)sU`jZ-y0e!Ujm^V@Uz`!%c{3-21RvN3C?78uAFN*PG7 zF^94+^9UB?=T(;Em**+Crnm$WZCH>V4dny|llQ@StWh!}QB%0w-TTdwju+4$sS{^JRGEJIz|D SxHRj7GH3D(X zpj^Cqo0yc4tzu+lU~XdKX8^j6i>Zl;kzw7`9TDZ1W*YSDD>#{<;{8OVY*N7;?k7L~ zbN}xC|9OMZ_tkEqB~qzV6J{Pia;fg=<^NIk>EgLRY9sp!|D1ZGC-dZmaOswx{eQ1# zIM^xtE8p+%<8)SNZ9=xjaejUGlY5@~-0hnu8`+w(WV55U{*=Z`U!C+>&qwc$IoWIQ zn)AD>jl~@4-9>#-x6jJRF}{Bqd%fa@ZY9_AiG{YlzgMkvD+s%*f6eM^p08Ji!QtO^ z8)_f#zR1^9v4_h}xMaqM<7M_wD^L8W{8=(RprlIhqn^{dbGOz`P^|i`tiiU?=**0B zFAaMYD>3!c0luUlG^8ECLJ3n62b5rho;iAX(K(i!Vev#Ymt^cZ7j(ppE{;KFCRUN+I z+WGzQ*JdpFZuf(&r;5X_BQ@+#d-v6MFZW%Pv#;>FTK{2FedxVx(I_hhdk$N@g6%;y zHovaC|7MeW{%yy#(sq-_p1YLZsFRqPRQ5nbjwuT9eL7Ut7Zr+d>FP}!#2{2{bZq8^ltIl z%68L!&p7?r!{uTRBing>um7xzCs&s?2bulpIp)RResBW^W6`R6#Vi|}gnlwHGcqtP z4mJohkOihbSw0pq77>fbuLL!DrzbPC=a*mBsIFe__9@Ij9we>I0!*b1*cI@D6bLgi z{%2t|Uq zPpry$)>|JFlKUqVma4^8uG~Anc)s1GvL*G$-e<|HG)rvTW%_5|=7W6)^#AGj@AbN~ zC_YkZx19ZiyQ2D@zRt^NB0 z7Q3Srda@IH(+xJg_;UNW6VtCFq19*ixz1F+9pv_d(dXOw^?EF^Ta#E)a~%}ht_1GL z+jsKbuM=}q^TM4TW?qfsp2~La@hz6N&1cx^SIDfeG)$6veeCh11()X79Q$d==$p~d zuG4mMx?JvuHSZIS<#yfIx|`>(v9D>D-i)8`9X~mquGBi66(agj#bl=81MwUBkE@ma z-h55@^wC*kRsA`=H>(ze%`m(lZn(Jbcunx>V;hz_Ree2sRe9aCKOI|7%`_AE$}uy` z?O(lZ@_(Mm!O>O6X6pIJR~p>UIVWoJQy}==!U>Yo0f>eSGtoKlANXuG4BuRt7D6v8pq_ss6n73k3kjiBwAf literal 0 HcmV?d00001 diff --git a/ractor_cluster_integration_tests/test-ca/rsa/ca.key b/ractor_cluster_integration_tests/test-ca/rsa/ca.key new file mode 100644 index 00000000..6c431bf6 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/ca.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCulbhYd9KZMIy+ +cMloJEvkFHaScNwL5Pj/C/uL//OwEverRhV0GmWVYJnHxNJ+5dP/Wj9nF234fVmO +cfzK7C4c5OgTdbT5j/3XaEA+IP53v0D4y2pVfWBrKMcPL0fJvOdM3Y6eHVmFbKSz +QUsvlIHS9UIvBc9bu1zJjTDrCfdFPDicG7tyjlrbzRweAe/lXdd42C15CueRcT1N ++6qpRnBW3S/WOvVuTUpoMMP7frB947vRDoJ4vAo+E3SY8Md2P+V5yPh5+XSXUHR6 +EfEuQu7O2q2QIXr7IygGsTLMmM7pMYxJMyyfDgX1sDXmOQggRCzkWHBUcU5Oa7kE +b6Pfu6ajLbuTkCzlxXT92OvevxaEFnrDb5eO9sB0k+Cpz5ehufHWLkYjiehELgbg +KXRXH6JGu7X+ewTE9rPP1RWSJSwOU32fj1/WmKT3PvgGjHoIPohlVvyHi9Xu6b7R +Hj94StV/8LJ/Vd5rFVo6AD8IPS5wt1J8PPrU7/Y8bc/tiNZjVH3Ovfl7ylqSDIU9 +edYxux+eK4aQzRfqUbvjdDvJW3fz8e4CqLUAar6v8AqKyt7O33tQ2bQKvK4STTbL +hJUtuG4b9XqYEKHhVrcoPVk6B8lxNlu7F5sjPpb7mMvzSETRjAEGzy9K/wWjk3t1 +g1I2/IzGSg+HwbAIAXKq3nMEsYIS+QIDAQABAoICAFIKX2eLXzbHnsv7WloK/HLA +vvuP94fLYMsRiXK/o3cxYptkwr4djXEFxR4gOr6RJ+9OLI84bmAgH46VuDJvjDfd +xcUnQhUoeiPYhJ/th0ckY9bGWEC2OzIAJpLXKAgAMj1nvBZHOoM9i6QE4d0JD3zf +7esE8u1rfW3lYICC3WT2qK+LRKnPhZjWqQjc5ivFznSmObAw1KL/MMzNn+QOCsp3 +BHzKlfzway/NArvTTALMmrzh8aPk0XdcUyVvuHu0CRUSwNkoxYY5s5KNjeWsZGZm +UrtxUEZlvfBvIq0MfecNdpwLZUOVJm3PEXUPhecLwoDHonm8CQ1HB9my0LJZjzNF +8YleqdbMBxN8TKLDqVPnjP7/Q01B788Pn2wj3LtNvco38jb7aNq5bD7eVt93qt66 +bUTp6i1xHryAfXBzRaCrDfMM9TZbqykgtVwOH7Rpb8nh6fwAgTLBB65e1ja7SHvu +dq8QNb6DyqCTycaivKak6/SwazvUnaprk47tg8aXcABjHN4FsRH+hBDvMCvbSqsi +1pJEltLvM4S2Yj4HYit2V0r0TI+gPNCXe6z4SB5QvSeDwD6+LHRpjTel3vGW0Gi1 +97lO1K2VdshKEubZbU9ASm8F8JEfElDmElnFvYwFRPibxpm03ie82BWtNhK20s0x +z1ZWMVULWjJgl7MiNHFVAoIBAQDlqgQ/o7Ab94kpXcXXzN1tLTow1gUByPXAcCIm +3SScnHQZ3YM4bm0ZGtySVLEw8X/cjKDLXN4IW7VbWp7rYP4zsjqDp45S5Cv+OjNa +hYgqGIGfl0C2Wv4E9n9skWtHh4gLWRPbamz0DFf4b8p2bFRs3qtg8egcf/LVx1Sa +ZY3i7IkiuKonFQRCE57RGaZKSI+Y5Z7QlBicaqvhz8PKHhkZ5gNnUVChGrluEHEi +JQo+9wU0KGyVCPTFlylmnbw65uyM/V0+LiwFLKpNgzmZdyNdlBTBXO+bioa4IxCV +2mVrvA4m8x620Sk7G8RimLRSi+pypLdQENpf+668kGaKHQiTAoIBAQDCms4MH1Ra +WQr0uwz9O1+ukuY8IpU+SE892iaGcuRNT/84rCp3f6hlfKYpSvD2/e4e8YLu1IEE +b/Jh6DqQ5jQregw4HV4zq0qNNEFOiRLNdHmxZST2+DmNI+UDHNGGSGWt8x8yBySQ +CKlk3XGgIK/bm8s8tbkmAmTyw8HlERTKmQMlp3gEHq3OQB1208+dtOF05bazR/K9 +7v0vj9H7yFZpyNx4lIGwLxcyw9L8kJU/OTChv6If8AoR9pax6FGuMH+DN/N86H7U +M7yH+l6XmZyC47OqwnHZxCV5LwRtpM2TMrWzvOEzHgmWD/Q/sNdRxSzEUaru9dvn +pSvfbznZBynDAoIBAQCRtQMLCSPTKoIX/4lkt3IIMTiJAU+d6UyZMctJEuaGgfBa +9KGq7MxEsDkekaL1ZVJ0r7fYLewkK2LtOZo3xYqha8MaAfUW+/I5Ud2A4dUYuAGN +Kd4Bk8szhNwlGkGQ2Rjj8jjZ7TSAxVAOq4YtCd+qTr82O2PCqR58qQExD5ssTFtY +7wXs07Wm4mHRUc+hs1V/cLcIp9zRaA/yrOkP03ajar3gD8Py4kyg2secHRnaBsiD +Zd4107/PmG7Izuw8BoQvkxNUPuDoy4SktsuVZPPIDAn6/6Z47TM5oe2E1VGhP2dP +KNHktODOwngfAbjt4hz1bTFsF7UkTj53Hbogh/kHAoIBAQCLL+HTtczFWg6GAAtI +S+EhoZvewvVvuJRErvUDEMXNrjvjMvCky7+L5t2JhzpVzkU0CJUXcRJeNBtuf4T0 +AlKqDf8TW5324rrNx+Q14cB7BqXLhYYsxlmTY2r3EPOjUcC3674SMB2sjyVpKSGN +4BMnxYRVhbxJPUkqgWz7A36VcV9Y3TDv8WlqrVzlkpVaPPdMfshv7jPmOTsJe5o6 +tY1o1+soqz8e3m9/NaSAVIEK2UK5TbENmsf5FR+vW3SgW7u4BJq4aincaKydrSte +ztWsoGPu7Gg10x7iUAigy1DlyU1AowWHZCKDHCIcM8WtjJN6TtctVtfUFMUOaCU9 +3uu1AoIBAA9BxgzNxvrCZn50GBeFGMQAYrcEK9wM6zTWNCtBOKW0W26DyJ+PwC1T +Km4sNVhf+XiRMlGRBFwjCOeI5247WgbahxC9dYTNE2hAXWgajKOogNiVB2JaBpbe +1c32OnjFetAU4vqVWlM8Jy1VY7XmaDMPsaD2YLMDtsE4IE18aGiW7GE3u6T4+LPE +YZjuFbfbJHbHp34qy70xGM9xlCHTQEGfoyHqalLJxjoVPvBAMq5WM7WtH1gtCB5o +ww8X67wbt0G/lqx0fo/R4uEKFqcvZWWN6zY7f29PQT0vkj40ch5CZoiSVTDKVL91 +ha8oIAIRP0sXpyv122lVW33r601BOJY= +-----END PRIVATE KEY----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/client.cert b/ractor_cluster_integration_tests/test-ca/rsa/client.cert new file mode 100644 index 00000000..7219abac --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/client.cert @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID3DCCAkSgAwIBAgICAxUwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u +eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTE5MDYwOTE3MTUxMloX +DTI0MTEyOTE3MTUxMlowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+3EWMfp30PLlO+8QOvoQuAs3wa8 +WXIoBH3KncsGS6uyQXPpQRGW9I9tDBi0JGd/l4aLz4TMKtSIqDHEyoyIHaN9zQCd +8CgthdMN4BZ7PIzq3hTzW6CRC5GL7v16vt5szNov6HH12K1/UtUx1fclcRYKqrz1 +HU98rPfdsbt6AdbWRBBAUjiRwi28swBaU1MR8erXhFhSRxK5v2gSxga9aAfG+KpN +LAQ6VVyDZhRAvM34NPHG8PQ6wP6kmifsGP90N7XZkx/VB/+cscykQZzq/jUfSEXm +DnC09vufsmRuz6+4QoZroSl9jyioj1vdPK0QkGh0s35NN/o/ryJbTM6EOwIDAQAB +o4GZMIGWMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgbAMBYGA1UdJQEB/wQMMAoG +CCsGAQUFBwMCMB0GA1UdDgQWBBRvtldlhopGZTkUxse9V/4dKKXtzTBCBgNVHSME +OzA5gBRCj8vIR2VWs6byLMRXBqOGK5BJMKEepBwwGjEYMBYGA1UEAwwPcG9ueXRv +d24gUlNBIENBggF7MA0GCSqGSIb3DQEBCwUAA4IBgQAKMj/VsEZFTRbjLFxkZOTD +SYL07z14VCSq/XjmoeadwZoJ1R6Q3HXi1+vaW3LKdldAATnddgSRA0gjM62SU1d/ +TCg53lnylVO7HeJpOAhoXmlv4p9sxuN7Ye0l9rLEYEOmDNBWgT39KGsuJZ9EkrAS +28Sxx2TSgqELxxz90uF9nMoM0p51pqP9Y65SbVXEDYauNm2DHHbvjeLLTZTSFCkJ +mWC7t49zaMpcj68jQpV7DNRYqZzB8ceMn8Sr5Kzzy2Oc7qos+7RiYOkkA81z1iGx +ibYcbsR1Jayb7E95MaNdS9hBNbxMW2CJZDF7fnx6ppJnWzAc4xsm49izfqHj42kJ +QCb2uq3/AJ/ZlWeYvETjmlDnmwi5Da7q/frgJIWEiecW0MNatCKdoo3Xd4dRztgI +ITz6ju4+VlRReasd8BsOQyUPMTVRJQHOvHDDjRJFAUAK8XtU1Hocgx20HYixqzyb +Q6Tj5hchzfjddvsWYp9wlEwfQjDC3TYJxRfHQAiFm4Q= +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/client.chain b/ractor_cluster_integration_tests/test-ca/rsa/client.chain new file mode 100644 index 00000000..02b87cfc --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/client.chain @@ -0,0 +1,57 @@ +-----BEGIN CERTIFICATE----- +MIIEnzCCAoegAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 +dG93biBSU0EgQ0EwHhcNMTkwNjA5MTcxNTEyWhcNMjkwNjA2MTcxNTEyWjAsMSow +KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCj/tOFeSW3WB+TtuLCR1L/84lZytFw +zbpzOTGB1kPEKNbrMsv3lHXm5bHa8Bl3k113k7Hi7OAt/nkMm05s8LcUoovhaG5C +G7tjzL+ld1nO74gNS3IQHCzxRdRwIgaDZHyICfBQBfB9/m+9z3yRtOKWJl6i/MT9 +HRN6yADW/8gHFlMzRkCKBjIKXehKsu8cbtB+5MukwtXI4rKf9aYXZQOEUn1kEwQJ +ZIKBXR0eyloQiZervUE7meRCTBvzXT9VoSEX49/mempp4hnfdHlRNzre4/tphBf1 +fRUdpVXZ3DvmzoHdXRVzxx3X5LvDpf7Eb3ViGkXDFwkSfHEhkRnAl4lIzTH/1F25 +stmT8a0PA/lCNMrzJBzkLcuem1G1uMHoQZo1f3OpslJ8gHbE9ZlIbIKmpmJS9oop +Vh1BH+aOy5doCrF8uOLTQ3d5CqA/EZMGahDHy7IkeNYmG/RXUKNltv+r95gwuRP+ +9UIJ9FTa4REQbIpGWP5XibI6x4LqLTJj+VsCAwEAAaNeMFwwHQYDVR0OBBYEFEKP +y8hHZVazpvIsxFcGo4YrkEkwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jANBgkqhkiG9w0BAQsFAAOC +AgEAMzTRDLBExVFlw98AuX+pM+/R2Gjw5KFHvSYLKLbMRfuuZK1yNYYaYtNrtF+V +a53OFgaZj56o7tXc2PB8kw4MELD0ViR8Do2bvZieFcEe4DwhdjGCjuLehVLT29qI +7T3N/JkJ5daemKZcRB6Ne0F4+6QlVVNck28HUKbQThl88RdwLUImmSAfgKSt6uJ5 +wlH7wiYQR2vPXwSuEYzwot+L/91eBwuQr4Lovx9+TCKTbwQOKYjX4KfcOOQ1rx0M +IMrvwWqnabc6m1F0O6//ibL0kuFkJYEgOH2uJA12FBHO+/q2tcytejkOWKWMJj6Y +2etwIHcpzXaEP7fZ75cFGqcE3s7XGsweBIPLjMP1bKxEcFKzygURm/auUuXBCFBl +E16PB6JEAeCKe/8VFeyucvjPuQDWB49aq+r2SbpbI4IeZdz/QgEIOb0MpwStrvhH +9f/DtGMbjvuAEkRoOorK4m5k4GY3LsWTR2bey27AXk8N7pKarpu2N7ChBPm+EV0Y +H+tAI/OfdZuNUCES00F5UAFdU8zBUZo19ao2ZqfEADimE7Epk2s0bUe4GSqEXJp6 +68oVSMhZmMf/RCSNlr97f34sNiUA1YJ0JbCRZmw8KWNm9H1PARLbrgeRBZ/k31Li +WLDr3fiEVk7SGxj3zo94cS6AT55DyXLiSD/bFmL1QXgZweA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFFTCCAv2gAwIBAgIUGXgsGl4sGhiPwUPOme5w5jJscVQwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTE5MDYwOTE3MTUxMVoX +DTI5MDYwNjE3MTUxMVowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArpW4WHfSmTCMvnDJaCRL5BR2knDc +C+T4/wv7i//zsBL3q0YVdBpllWCZx8TSfuXT/1o/Zxdt+H1ZjnH8yuwuHOToE3W0 ++Y/912hAPiD+d79A+MtqVX1gayjHDy9HybznTN2Onh1ZhWyks0FLL5SB0vVCLwXP +W7tcyY0w6wn3RTw4nBu7co5a280cHgHv5V3XeNgteQrnkXE9TfuqqUZwVt0v1jr1 +bk1KaDDD+36wfeO70Q6CeLwKPhN0mPDHdj/lecj4efl0l1B0ehHxLkLuztqtkCF6 ++yMoBrEyzJjO6TGMSTMsnw4F9bA15jkIIEQs5FhwVHFOTmu5BG+j37umoy27k5As +5cV0/djr3r8WhBZ6w2+XjvbAdJPgqc+Xobnx1i5GI4noRC4G4Cl0Vx+iRru1/nsE +xPazz9UVkiUsDlN9n49f1pik9z74Box6CD6IZVb8h4vV7um+0R4/eErVf/Cyf1Xe +axVaOgA/CD0ucLdSfDz61O/2PG3P7YjWY1R9zr35e8pakgyFPXnWMbsfniuGkM0X +6lG743Q7yVt38/HuAqi1AGq+r/AKisrezt97UNm0CryuEk02y4SVLbhuG/V6mBCh +4Va3KD1ZOgfJcTZbuxebIz6W+5jL80hE0YwBBs8vSv8Fo5N7dYNSNvyMxkoPh8Gw +CAFyqt5zBLGCEvkCAwEAAaNTMFEwHQYDVR0OBBYEFDjj6hEpDZdjAIdvd9Moe3un +RvJWMB8GA1UdIwQYMBaAFDjj6hEpDZdjAIdvd9Moe3unRvJWMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBACu+Ct6J+Dh3EXFOgjW3gN3CaD0UK0kW +03u7znNAJBAYhi+MXSTPBdrxYGOPkHF1Jl15qb2fc58+0nakf8bvah8kgxi2ujX8 +vrPBjsAv/ixPvUrcol9ZGrseP5DdFS8pw1FoDR/JdgNCdSM4xC3GSk2SLYs+QSJx +YG3nQLOAZEvnbiZ4zBZ0wVct4w9jrxtqdq2eS8cLoRVx715MzKPBCGEccYu/py5a +gkyclr16s0mb+wN49of34AQ+xXguHZGNZzCy6PTbx0IC+sRVe82+RZkj21JG+AFM +9s+vLgRdtWIEZW1AIYbUUbhuvsne+sidZW5XQuFp1V4LlQbO49oEhrPMBn+oHKg5 +MWIe68bjkqDSnDzG+TEBTWiAhyyGyZcebfCs72DGbYrfKt1uTyi+groumPnvQfJB +y3kqy2pUFeEkNJkx4BfYL+N7I07s9WTy8UMoqn/OLuyqoFaYMd9XMaOOx3xTy8aw +pUJ69c3VI66W/Ii1ypk2EPUImWpG/n89Y/8Mk1NbesaZLk9feTDfbM4VNPkQU+7T +3DNQxPSswSh4nXGURwC46SOu2s1lRA98ZXkP5XhUvTuvfg/e4suq26OqjORHQ5zI +57NP+uHRrfHGlrQ196j1Maw7W7vkocbEv8/06v6s54CG8ezzD2nt1QrLJqSpUqHo +qolvgn/PK+gg +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/client.fullchain b/ractor_cluster_integration_tests/test-ca/rsa/client.fullchain new file mode 100644 index 00000000..ca914690 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/client.fullchain @@ -0,0 +1,80 @@ +-----BEGIN CERTIFICATE----- +MIID3DCCAkSgAwIBAgICAxUwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u +eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTE5MDYwOTE3MTUxMloX +DTI0MTEyOTE3MTUxMlowGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+3EWMfp30PLlO+8QOvoQuAs3wa8 +WXIoBH3KncsGS6uyQXPpQRGW9I9tDBi0JGd/l4aLz4TMKtSIqDHEyoyIHaN9zQCd +8CgthdMN4BZ7PIzq3hTzW6CRC5GL7v16vt5szNov6HH12K1/UtUx1fclcRYKqrz1 +HU98rPfdsbt6AdbWRBBAUjiRwi28swBaU1MR8erXhFhSRxK5v2gSxga9aAfG+KpN +LAQ6VVyDZhRAvM34NPHG8PQ6wP6kmifsGP90N7XZkx/VB/+cscykQZzq/jUfSEXm +DnC09vufsmRuz6+4QoZroSl9jyioj1vdPK0QkGh0s35NN/o/ryJbTM6EOwIDAQAB +o4GZMIGWMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgbAMBYGA1UdJQEB/wQMMAoG +CCsGAQUFBwMCMB0GA1UdDgQWBBRvtldlhopGZTkUxse9V/4dKKXtzTBCBgNVHSME +OzA5gBRCj8vIR2VWs6byLMRXBqOGK5BJMKEepBwwGjEYMBYGA1UEAwwPcG9ueXRv +d24gUlNBIENBggF7MA0GCSqGSIb3DQEBCwUAA4IBgQAKMj/VsEZFTRbjLFxkZOTD +SYL07z14VCSq/XjmoeadwZoJ1R6Q3HXi1+vaW3LKdldAATnddgSRA0gjM62SU1d/ +TCg53lnylVO7HeJpOAhoXmlv4p9sxuN7Ye0l9rLEYEOmDNBWgT39KGsuJZ9EkrAS +28Sxx2TSgqELxxz90uF9nMoM0p51pqP9Y65SbVXEDYauNm2DHHbvjeLLTZTSFCkJ +mWC7t49zaMpcj68jQpV7DNRYqZzB8ceMn8Sr5Kzzy2Oc7qos+7RiYOkkA81z1iGx +ibYcbsR1Jayb7E95MaNdS9hBNbxMW2CJZDF7fnx6ppJnWzAc4xsm49izfqHj42kJ +QCb2uq3/AJ/ZlWeYvETjmlDnmwi5Da7q/frgJIWEiecW0MNatCKdoo3Xd4dRztgI +ITz6ju4+VlRReasd8BsOQyUPMTVRJQHOvHDDjRJFAUAK8XtU1Hocgx20HYixqzyb +Q6Tj5hchzfjddvsWYp9wlEwfQjDC3TYJxRfHQAiFm4Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEnzCCAoegAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 +dG93biBSU0EgQ0EwHhcNMTkwNjA5MTcxNTEyWhcNMjkwNjA2MTcxNTEyWjAsMSow +KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCj/tOFeSW3WB+TtuLCR1L/84lZytFw +zbpzOTGB1kPEKNbrMsv3lHXm5bHa8Bl3k113k7Hi7OAt/nkMm05s8LcUoovhaG5C +G7tjzL+ld1nO74gNS3IQHCzxRdRwIgaDZHyICfBQBfB9/m+9z3yRtOKWJl6i/MT9 +HRN6yADW/8gHFlMzRkCKBjIKXehKsu8cbtB+5MukwtXI4rKf9aYXZQOEUn1kEwQJ +ZIKBXR0eyloQiZervUE7meRCTBvzXT9VoSEX49/mempp4hnfdHlRNzre4/tphBf1 +fRUdpVXZ3DvmzoHdXRVzxx3X5LvDpf7Eb3ViGkXDFwkSfHEhkRnAl4lIzTH/1F25 +stmT8a0PA/lCNMrzJBzkLcuem1G1uMHoQZo1f3OpslJ8gHbE9ZlIbIKmpmJS9oop +Vh1BH+aOy5doCrF8uOLTQ3d5CqA/EZMGahDHy7IkeNYmG/RXUKNltv+r95gwuRP+ +9UIJ9FTa4REQbIpGWP5XibI6x4LqLTJj+VsCAwEAAaNeMFwwHQYDVR0OBBYEFEKP +y8hHZVazpvIsxFcGo4YrkEkwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jANBgkqhkiG9w0BAQsFAAOC +AgEAMzTRDLBExVFlw98AuX+pM+/R2Gjw5KFHvSYLKLbMRfuuZK1yNYYaYtNrtF+V +a53OFgaZj56o7tXc2PB8kw4MELD0ViR8Do2bvZieFcEe4DwhdjGCjuLehVLT29qI +7T3N/JkJ5daemKZcRB6Ne0F4+6QlVVNck28HUKbQThl88RdwLUImmSAfgKSt6uJ5 +wlH7wiYQR2vPXwSuEYzwot+L/91eBwuQr4Lovx9+TCKTbwQOKYjX4KfcOOQ1rx0M +IMrvwWqnabc6m1F0O6//ibL0kuFkJYEgOH2uJA12FBHO+/q2tcytejkOWKWMJj6Y +2etwIHcpzXaEP7fZ75cFGqcE3s7XGsweBIPLjMP1bKxEcFKzygURm/auUuXBCFBl +E16PB6JEAeCKe/8VFeyucvjPuQDWB49aq+r2SbpbI4IeZdz/QgEIOb0MpwStrvhH +9f/DtGMbjvuAEkRoOorK4m5k4GY3LsWTR2bey27AXk8N7pKarpu2N7ChBPm+EV0Y +H+tAI/OfdZuNUCES00F5UAFdU8zBUZo19ao2ZqfEADimE7Epk2s0bUe4GSqEXJp6 +68oVSMhZmMf/RCSNlr97f34sNiUA1YJ0JbCRZmw8KWNm9H1PARLbrgeRBZ/k31Li +WLDr3fiEVk7SGxj3zo94cS6AT55DyXLiSD/bFmL1QXgZweA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFFTCCAv2gAwIBAgIUGXgsGl4sGhiPwUPOme5w5jJscVQwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTE5MDYwOTE3MTUxMVoX +DTI5MDYwNjE3MTUxMVowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArpW4WHfSmTCMvnDJaCRL5BR2knDc +C+T4/wv7i//zsBL3q0YVdBpllWCZx8TSfuXT/1o/Zxdt+H1ZjnH8yuwuHOToE3W0 ++Y/912hAPiD+d79A+MtqVX1gayjHDy9HybznTN2Onh1ZhWyks0FLL5SB0vVCLwXP +W7tcyY0w6wn3RTw4nBu7co5a280cHgHv5V3XeNgteQrnkXE9TfuqqUZwVt0v1jr1 +bk1KaDDD+36wfeO70Q6CeLwKPhN0mPDHdj/lecj4efl0l1B0ehHxLkLuztqtkCF6 ++yMoBrEyzJjO6TGMSTMsnw4F9bA15jkIIEQs5FhwVHFOTmu5BG+j37umoy27k5As +5cV0/djr3r8WhBZ6w2+XjvbAdJPgqc+Xobnx1i5GI4noRC4G4Cl0Vx+iRru1/nsE +xPazz9UVkiUsDlN9n49f1pik9z74Box6CD6IZVb8h4vV7um+0R4/eErVf/Cyf1Xe +axVaOgA/CD0ucLdSfDz61O/2PG3P7YjWY1R9zr35e8pakgyFPXnWMbsfniuGkM0X +6lG743Q7yVt38/HuAqi1AGq+r/AKisrezt97UNm0CryuEk02y4SVLbhuG/V6mBCh +4Va3KD1ZOgfJcTZbuxebIz6W+5jL80hE0YwBBs8vSv8Fo5N7dYNSNvyMxkoPh8Gw +CAFyqt5zBLGCEvkCAwEAAaNTMFEwHQYDVR0OBBYEFDjj6hEpDZdjAIdvd9Moe3un +RvJWMB8GA1UdIwQYMBaAFDjj6hEpDZdjAIdvd9Moe3unRvJWMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBACu+Ct6J+Dh3EXFOgjW3gN3CaD0UK0kW +03u7znNAJBAYhi+MXSTPBdrxYGOPkHF1Jl15qb2fc58+0nakf8bvah8kgxi2ujX8 +vrPBjsAv/ixPvUrcol9ZGrseP5DdFS8pw1FoDR/JdgNCdSM4xC3GSk2SLYs+QSJx +YG3nQLOAZEvnbiZ4zBZ0wVct4w9jrxtqdq2eS8cLoRVx715MzKPBCGEccYu/py5a +gkyclr16s0mb+wN49of34AQ+xXguHZGNZzCy6PTbx0IC+sRVe82+RZkj21JG+AFM +9s+vLgRdtWIEZW1AIYbUUbhuvsne+sidZW5XQuFp1V4LlQbO49oEhrPMBn+oHKg5 +MWIe68bjkqDSnDzG+TEBTWiAhyyGyZcebfCs72DGbYrfKt1uTyi+groumPnvQfJB +y3kqy2pUFeEkNJkx4BfYL+N7I07s9WTy8UMoqn/OLuyqoFaYMd9XMaOOx3xTy8aw +pUJ69c3VI66W/Ii1ypk2EPUImWpG/n89Y/8Mk1NbesaZLk9feTDfbM4VNPkQU+7T +3DNQxPSswSh4nXGURwC46SOu2s1lRA98ZXkP5XhUvTuvfg/e4suq26OqjORHQ5zI +57NP+uHRrfHGlrQ196j1Maw7W7vkocbEv8/06v6s54CG8ezzD2nt1QrLJqSpUqHo +qolvgn/PK+gg +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/client.key b/ractor_cluster_integration_tests/test-ca/rsa/client.key new file mode 100644 index 00000000..83fc6af5 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/client.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDP7cRYx+nfQ8uU +77xA6+hC4CzfBrxZcigEfcqdywZLq7JBc+lBEZb0j20MGLQkZ3+XhovPhMwq1Iio +McTKjIgdo33NAJ3wKC2F0w3gFns8jOreFPNboJELkYvu/Xq+3mzM2i/ocfXYrX9S +1THV9yVxFgqqvPUdT3ys992xu3oB1tZEEEBSOJHCLbyzAFpTUxHx6teEWFJHErm/ +aBLGBr1oB8b4qk0sBDpVXINmFEC8zfg08cbw9DrA/qSaJ+wY/3Q3tdmTH9UH/5yx +zKRBnOr+NR9IReYOcLT2+5+yZG7Pr7hChmuhKX2PKKiPW908rRCQaHSzfk03+j+v +IltMzoQ7AgMBAAECggEAEcefFohhszm02tN1IYgKoE1TCO8mg++DBH9NKBkIPMg9 +weMLewjqA5eQF4y1Oreu7WIP6nrMio0J8nfu//LsYLxuMW1wE+0bl2nosdS6TP8v +xjW8aYVdYcPcV19Nc6zJWOr/Vb0I7LJJROf+DvHHPdhIqTjnLM5zNscrKduCH038 +JD7WVU8fYhYJUrsR33utN/XubKwAx6Kf6wBQg3qCccHluPDPrKXNTEsua8xE7Y0n +Lm6gM++YEqBmBhCBUwDNQc6KCu/SJSQl5HjTrNdyAxDMUNaQ+rWmrOc2vxhJpFVs +jJkUwTOg+aw84naTq5P69BUpZAsMpLg6eO5v9O23oQKBgQDsjuMv6D6vQ6FWbdvr +AYsrD4x6b4u+p99t7y1+npjHMWXptjsXLFnM1w+01fpZNYUd1gWp9wAA3I4FVegn +uOR5DHbcptas2RzMLWvqVOj05feE+Oi6F5LZXxoM4KIvM0nYcKRs4oxI8IrY+bLM +Kz2xWxQyOZtCpG95/PgRMBLaVwKBgQDhBIaqQ1qyv1n+ckICTDpwfnS64kF0kyrp +P906QxDdt0GXVAsMc/7CLsrDpVt4WPWtzfADRxLsf17eMdxkSJ6ITCVpwrjA5g5Y +/E4U2KSqJf/ekzTji9n1Du6+7woGwSstwHMEq5fOmUMPx+9Rp6b85gVBJFnIQdLN +rtWlgSf+vQKBgDVDJtwOiq6jp5vyOGX9fvw/D/4xR2GyIph6FeBAjV2sPaoVodBh +6AY7Fgo9c5TKfCJvoe7W8mU/Q6rn4NGwy6CFse2Ukxlv+Q/v2jB01c7uSIDkGmJs +FGBlDVSA74N5JNNa6Wqqx7NUla6s6hkWU1mvjCiS1+Z1Z7QrxR75mAUZAoGADz94 +RKdlyQEQfx6M/Izf1OmszVExsE2ctcufGSicRvn5FuEaEpD1rYDwOovFBAW7ODjh +T8eML7x92D62uZD2NTQ7wMvyKxgr1rnaLK11kxYaHaIKDnVWorWNViDqpASJAYOu +B539HoHiOnqI7BaZST/pET3+W4SiXU/AqIN1C10CgYB0vT7kbuBCLui50u3+KInl +BULxPB7FwwbGLwP335fGjpmfN77zlQn+bovHtI7bylC4LkENIBj031vqiGWQNFd6 +B1WMzZgQeJ0CO4Yaek8JaPI727kPgF+VoYs71whWWdH863NHs+ZK+Gt8fPlUAhP8 +BfXkZH0k+K+gSYfZiP1C4A== +-----END PRIVATE KEY----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/client.req b/ractor_cluster_integration_tests/test-ca/rsa/client.req new file mode 100644 index 00000000..d6296781 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/client.req @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICXzCCAUcCAQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gY2xpZW50MIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+3EWMfp30PLlO+8QOvoQuAs3wa8WXIo +BH3KncsGS6uyQXPpQRGW9I9tDBi0JGd/l4aLz4TMKtSIqDHEyoyIHaN9zQCd8Cgt +hdMN4BZ7PIzq3hTzW6CRC5GL7v16vt5szNov6HH12K1/UtUx1fclcRYKqrz1HU98 +rPfdsbt6AdbWRBBAUjiRwi28swBaU1MR8erXhFhSRxK5v2gSxga9aAfG+KpNLAQ6 +VVyDZhRAvM34NPHG8PQ6wP6kmifsGP90N7XZkx/VB/+cscykQZzq/jUfSEXmDnC0 +9vufsmRuz6+4QoZroSl9jyioj1vdPK0QkGh0s35NN/o/ryJbTM6EOwIDAQABoAAw +DQYJKoZIhvcNAQELBQADggEBAHH7dmSGiTiDmMC+L9YKFDMzenhG7psqbKDrWiqI +cokp4XhRjqPoUVy8FYDh7iGANz/LNxGR4eZ/ir1BUfI541yWzuKUhoEVwxP6naZE +EWuRkON0PYKARHHE5MXqQ4CWJolh11v9W7mbh8rF2nSosOpHTuH1I1VNR1uHy6lk +DjSHFgMyFeqF2uUe1jBHI8Kzt3pqDIkoHtLR96blJvTXICSvMBEZlLJuHwloeew2 +daAuUW17K8WYREPEZy1Xuj1owjfMiBSI0+yjl8oXZ9YgdV+alktwymEKayvS5loJ +WUwMgyofsXk8M2bHVZ+HDMXaj7EAfAuDm18gCHKtjXZULuk= +-----END CERTIFICATE REQUEST----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/client.rsa b/ractor_cluster_integration_tests/test-ca/rsa/client.rsa new file mode 100644 index 00000000..6b7b22a1 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/client.rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAz+3EWMfp30PLlO+8QOvoQuAs3wa8WXIoBH3KncsGS6uyQXPp +QRGW9I9tDBi0JGd/l4aLz4TMKtSIqDHEyoyIHaN9zQCd8CgthdMN4BZ7PIzq3hTz +W6CRC5GL7v16vt5szNov6HH12K1/UtUx1fclcRYKqrz1HU98rPfdsbt6AdbWRBBA +UjiRwi28swBaU1MR8erXhFhSRxK5v2gSxga9aAfG+KpNLAQ6VVyDZhRAvM34NPHG +8PQ6wP6kmifsGP90N7XZkx/VB/+cscykQZzq/jUfSEXmDnC09vufsmRuz6+4QoZr +oSl9jyioj1vdPK0QkGh0s35NN/o/ryJbTM6EOwIDAQABAoIBABHHnxaIYbM5tNrT +dSGICqBNUwjvJoPvgwR/TSgZCDzIPcHjC3sI6gOXkBeMtTq3ru1iD+p6zIqNCfJ3 +7v/y7GC8bjFtcBPtG5dp6LHUukz/L8Y1vGmFXWHD3FdfTXOsyVjq/1W9COyySUTn +/g7xxz3YSKk45yzOczbHKynbgh9N/CQ+1lVPH2IWCVK7Ed97rTf17mysAMein+sA +UIN6gnHB5bjwz6ylzUxLLmvMRO2NJy5uoDPvmBKgZgYQgVMAzUHOigrv0iUkJeR4 +06zXcgMQzFDWkPq1pqznNr8YSaRVbIyZFMEzoPmsPOJ2k6uT+vQVKWQLDKS4Onju +b/Ttt6ECgYEA7I7jL+g+r0OhVm3b6wGLKw+Mem+Lvqffbe8tfp6YxzFl6bY7FyxZ +zNcPtNX6WTWFHdYFqfcAANyOBVXoJ7jkeQx23KbWrNkczC1r6lTo9OX3hPjouheS +2V8aDOCiLzNJ2HCkbOKMSPCK2PmyzCs9sVsUMjmbQqRvefz4ETAS2lcCgYEA4QSG +qkNasr9Z/nJCAkw6cH50uuJBdJMq6T/dOkMQ3bdBl1QLDHP+wi7Kw6VbeFj1rc3w +A0cS7H9e3jHcZEieiEwlacK4wOYOWPxOFNikqiX/3pM044vZ9Q7uvu8KBsErLcBz +BKuXzplDD8fvUaem/OYFQSRZyEHSza7VpYEn/r0CgYA1QybcDoquo6eb8jhl/X78 +Pw/+MUdhsiKYehXgQI1drD2qFaHQYegGOxYKPXOUynwib6Hu1vJlP0Oq5+DRsMug +hbHtlJMZb/kP79owdNXO7kiA5BpibBRgZQ1UgO+DeSTTWulqqsezVJWurOoZFlNZ +r4woktfmdWe0K8Ue+ZgFGQKBgA8/eESnZckBEH8ejPyM39TprM1RMbBNnLXLnxko +nEb5+RbhGhKQ9a2A8DqLxQQFuzg44U/HjC+8fdg+trmQ9jU0O8DL8isYK9a52iyt +dZMWGh2iCg51VqK1jVYg6qQEiQGDrged/R6B4jp6iOwWmUk/6RE9/luEol1PwKiD +dQtdAoGAdL0+5G7gQi7oudLt/iiJ5QVC8TwexcMGxi8D99+Xxo6Znze+85UJ/m6L +x7SO28pQuC5BDSAY9N9b6ohlkDRXegdVjM2YEHidAjuGGnpPCWjyO9u5D4BflaGL +O9cIVlnR/OtzR7PmSvhrfHz5VAIT/AX15GR9JPivoEmH2Yj9QuA= +-----END RSA PRIVATE KEY----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/end.cert b/ractor_cluster_integration_tests/test-ca/rsa/end.cert new file mode 100644 index 00000000..cf97eb56 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/end.cert @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEADCCAmigAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u +eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTE5MDYwOTE3MTUxMloX +DTI0MTEyOTE3MTUxMlowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdwbEc6ZKih4mQA916JwctBZgnRmzO +KERrzlHjfzy8ZfsUJLENQBN8s3RVRwPThReHdp8bpiVRrNmMRxyXoa5oqxWDjXOu +5W4hoISIMbOAq4Kj8G+eS0UKwypKHwJ1aUzEjWQGKxNpIYvcGqwYpN1Yi1+qTgLg +2qw1ENtBhrWHhmQruGqDtQTQLe2tbcOuGhIL0cyWIRtEWHWL/wb1Akzhm31WQF+m +URtYvYonA/Ta7ErONXCxsEXndTR4iT/XognnOhTJ+uIinNwn52y9Te7MYix6SDBE +VeKZx9v3iOYU81zXf+WaxNqZvTfbPjkLsXiymOgVfGQcO4hiQeLoJIHXAgMBAAGj +gb4wgbswDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFEweXJqS +BzVcf/00QeOC29OwBQszMEIGA1UdIwQ7MDmAFEKPy8hHZVazpvIsxFcGo4YrkEkw +oR6kHDAaMRgwFgYDVQQDDA9wb255dG93biBSU0EgQ0GCAXswOwYDVR0RBDQwMoIO +dGVzdHNlcnZlci5jb22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0 +MA0GCSqGSIb3DQEBCwUAA4IBgQCViHp2pLcIMzl/wN+sULznLYZvrlynU4AHnL8/ +ba6iSAM6EMlrcu11+UBQglHIN2BEn+Jjas+HT1sQOIOixMgjrMBgirLez8n5DN66 +o5aK5bu23GjQvzq5JEh0skQDHtSFX0YRwqXIhi1spGtObsnoupxJNBQbdAcDv50/ +m6/8WXcPbXBnR+wRywFmjb6+OSVNgCRtBFTbR5XRVHMPEwvSk4hVj4jimlnPHZYL +3VatCPtZr6iaLZl9E64BbS+J4vPQ0Z/2JMUjtXCuj19k8LO2TTTBz54QVoMF5jrZ +xotneq+wmPH3lmozEOmyj4+4CmoyNz+RDhrlok84x3g4YEKUQyK1V4ROi9DtL1CV +VoLfHSwS9SiDdD/Qn2n7RICn6DP2lHozICyHX0Op4W+vETHho7Flsw21bMisAGrl +wwQ7UYU4XfPOC9hQoCvU60uVe7z+uZvlBY8RwmcW4iFIbfCcPT6Hrom5F1X4Z/dm +zDW8ZhLDsjUY/D4lUeWjbO1RCHI= +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/end.chain b/ractor_cluster_integration_tests/test-ca/rsa/end.chain new file mode 100644 index 00000000..02b87cfc --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/end.chain @@ -0,0 +1,57 @@ +-----BEGIN CERTIFICATE----- +MIIEnzCCAoegAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 +dG93biBSU0EgQ0EwHhcNMTkwNjA5MTcxNTEyWhcNMjkwNjA2MTcxNTEyWjAsMSow +KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCj/tOFeSW3WB+TtuLCR1L/84lZytFw +zbpzOTGB1kPEKNbrMsv3lHXm5bHa8Bl3k113k7Hi7OAt/nkMm05s8LcUoovhaG5C +G7tjzL+ld1nO74gNS3IQHCzxRdRwIgaDZHyICfBQBfB9/m+9z3yRtOKWJl6i/MT9 +HRN6yADW/8gHFlMzRkCKBjIKXehKsu8cbtB+5MukwtXI4rKf9aYXZQOEUn1kEwQJ +ZIKBXR0eyloQiZervUE7meRCTBvzXT9VoSEX49/mempp4hnfdHlRNzre4/tphBf1 +fRUdpVXZ3DvmzoHdXRVzxx3X5LvDpf7Eb3ViGkXDFwkSfHEhkRnAl4lIzTH/1F25 +stmT8a0PA/lCNMrzJBzkLcuem1G1uMHoQZo1f3OpslJ8gHbE9ZlIbIKmpmJS9oop +Vh1BH+aOy5doCrF8uOLTQ3d5CqA/EZMGahDHy7IkeNYmG/RXUKNltv+r95gwuRP+ +9UIJ9FTa4REQbIpGWP5XibI6x4LqLTJj+VsCAwEAAaNeMFwwHQYDVR0OBBYEFEKP +y8hHZVazpvIsxFcGo4YrkEkwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jANBgkqhkiG9w0BAQsFAAOC +AgEAMzTRDLBExVFlw98AuX+pM+/R2Gjw5KFHvSYLKLbMRfuuZK1yNYYaYtNrtF+V +a53OFgaZj56o7tXc2PB8kw4MELD0ViR8Do2bvZieFcEe4DwhdjGCjuLehVLT29qI +7T3N/JkJ5daemKZcRB6Ne0F4+6QlVVNck28HUKbQThl88RdwLUImmSAfgKSt6uJ5 +wlH7wiYQR2vPXwSuEYzwot+L/91eBwuQr4Lovx9+TCKTbwQOKYjX4KfcOOQ1rx0M +IMrvwWqnabc6m1F0O6//ibL0kuFkJYEgOH2uJA12FBHO+/q2tcytejkOWKWMJj6Y +2etwIHcpzXaEP7fZ75cFGqcE3s7XGsweBIPLjMP1bKxEcFKzygURm/auUuXBCFBl +E16PB6JEAeCKe/8VFeyucvjPuQDWB49aq+r2SbpbI4IeZdz/QgEIOb0MpwStrvhH +9f/DtGMbjvuAEkRoOorK4m5k4GY3LsWTR2bey27AXk8N7pKarpu2N7ChBPm+EV0Y +H+tAI/OfdZuNUCES00F5UAFdU8zBUZo19ao2ZqfEADimE7Epk2s0bUe4GSqEXJp6 +68oVSMhZmMf/RCSNlr97f34sNiUA1YJ0JbCRZmw8KWNm9H1PARLbrgeRBZ/k31Li +WLDr3fiEVk7SGxj3zo94cS6AT55DyXLiSD/bFmL1QXgZweA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFFTCCAv2gAwIBAgIUGXgsGl4sGhiPwUPOme5w5jJscVQwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTE5MDYwOTE3MTUxMVoX +DTI5MDYwNjE3MTUxMVowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArpW4WHfSmTCMvnDJaCRL5BR2knDc +C+T4/wv7i//zsBL3q0YVdBpllWCZx8TSfuXT/1o/Zxdt+H1ZjnH8yuwuHOToE3W0 ++Y/912hAPiD+d79A+MtqVX1gayjHDy9HybznTN2Onh1ZhWyks0FLL5SB0vVCLwXP +W7tcyY0w6wn3RTw4nBu7co5a280cHgHv5V3XeNgteQrnkXE9TfuqqUZwVt0v1jr1 +bk1KaDDD+36wfeO70Q6CeLwKPhN0mPDHdj/lecj4efl0l1B0ehHxLkLuztqtkCF6 ++yMoBrEyzJjO6TGMSTMsnw4F9bA15jkIIEQs5FhwVHFOTmu5BG+j37umoy27k5As +5cV0/djr3r8WhBZ6w2+XjvbAdJPgqc+Xobnx1i5GI4noRC4G4Cl0Vx+iRru1/nsE +xPazz9UVkiUsDlN9n49f1pik9z74Box6CD6IZVb8h4vV7um+0R4/eErVf/Cyf1Xe +axVaOgA/CD0ucLdSfDz61O/2PG3P7YjWY1R9zr35e8pakgyFPXnWMbsfniuGkM0X +6lG743Q7yVt38/HuAqi1AGq+r/AKisrezt97UNm0CryuEk02y4SVLbhuG/V6mBCh +4Va3KD1ZOgfJcTZbuxebIz6W+5jL80hE0YwBBs8vSv8Fo5N7dYNSNvyMxkoPh8Gw +CAFyqt5zBLGCEvkCAwEAAaNTMFEwHQYDVR0OBBYEFDjj6hEpDZdjAIdvd9Moe3un +RvJWMB8GA1UdIwQYMBaAFDjj6hEpDZdjAIdvd9Moe3unRvJWMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBACu+Ct6J+Dh3EXFOgjW3gN3CaD0UK0kW +03u7znNAJBAYhi+MXSTPBdrxYGOPkHF1Jl15qb2fc58+0nakf8bvah8kgxi2ujX8 +vrPBjsAv/ixPvUrcol9ZGrseP5DdFS8pw1FoDR/JdgNCdSM4xC3GSk2SLYs+QSJx +YG3nQLOAZEvnbiZ4zBZ0wVct4w9jrxtqdq2eS8cLoRVx715MzKPBCGEccYu/py5a +gkyclr16s0mb+wN49of34AQ+xXguHZGNZzCy6PTbx0IC+sRVe82+RZkj21JG+AFM +9s+vLgRdtWIEZW1AIYbUUbhuvsne+sidZW5XQuFp1V4LlQbO49oEhrPMBn+oHKg5 +MWIe68bjkqDSnDzG+TEBTWiAhyyGyZcebfCs72DGbYrfKt1uTyi+groumPnvQfJB +y3kqy2pUFeEkNJkx4BfYL+N7I07s9WTy8UMoqn/OLuyqoFaYMd9XMaOOx3xTy8aw +pUJ69c3VI66W/Ii1ypk2EPUImWpG/n89Y/8Mk1NbesaZLk9feTDfbM4VNPkQU+7T +3DNQxPSswSh4nXGURwC46SOu2s1lRA98ZXkP5XhUvTuvfg/e4suq26OqjORHQ5zI +57NP+uHRrfHGlrQ196j1Maw7W7vkocbEv8/06v6s54CG8ezzD2nt1QrLJqSpUqHo +qolvgn/PK+gg +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/end.fullchain b/ractor_cluster_integration_tests/test-ca/rsa/end.fullchain new file mode 100644 index 00000000..380ec768 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/end.fullchain @@ -0,0 +1,81 @@ +-----BEGIN CERTIFICATE----- +MIIEADCCAmigAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u +eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTE5MDYwOTE3MTUxMloX +DTI0MTEyOTE3MTUxMlowGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdwbEc6ZKih4mQA916JwctBZgnRmzO +KERrzlHjfzy8ZfsUJLENQBN8s3RVRwPThReHdp8bpiVRrNmMRxyXoa5oqxWDjXOu +5W4hoISIMbOAq4Kj8G+eS0UKwypKHwJ1aUzEjWQGKxNpIYvcGqwYpN1Yi1+qTgLg +2qw1ENtBhrWHhmQruGqDtQTQLe2tbcOuGhIL0cyWIRtEWHWL/wb1Akzhm31WQF+m +URtYvYonA/Ta7ErONXCxsEXndTR4iT/XognnOhTJ+uIinNwn52y9Te7MYix6SDBE +VeKZx9v3iOYU81zXf+WaxNqZvTfbPjkLsXiymOgVfGQcO4hiQeLoJIHXAgMBAAGj +gb4wgbswDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFEweXJqS +BzVcf/00QeOC29OwBQszMEIGA1UdIwQ7MDmAFEKPy8hHZVazpvIsxFcGo4YrkEkw +oR6kHDAaMRgwFgYDVQQDDA9wb255dG93biBSU0EgQ0GCAXswOwYDVR0RBDQwMoIO +dGVzdHNlcnZlci5jb22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0 +MA0GCSqGSIb3DQEBCwUAA4IBgQCViHp2pLcIMzl/wN+sULznLYZvrlynU4AHnL8/ +ba6iSAM6EMlrcu11+UBQglHIN2BEn+Jjas+HT1sQOIOixMgjrMBgirLez8n5DN66 +o5aK5bu23GjQvzq5JEh0skQDHtSFX0YRwqXIhi1spGtObsnoupxJNBQbdAcDv50/ +m6/8WXcPbXBnR+wRywFmjb6+OSVNgCRtBFTbR5XRVHMPEwvSk4hVj4jimlnPHZYL +3VatCPtZr6iaLZl9E64BbS+J4vPQ0Z/2JMUjtXCuj19k8LO2TTTBz54QVoMF5jrZ +xotneq+wmPH3lmozEOmyj4+4CmoyNz+RDhrlok84x3g4YEKUQyK1V4ROi9DtL1CV +VoLfHSwS9SiDdD/Qn2n7RICn6DP2lHozICyHX0Op4W+vETHho7Flsw21bMisAGrl +wwQ7UYU4XfPOC9hQoCvU60uVe7z+uZvlBY8RwmcW4iFIbfCcPT6Hrom5F1X4Z/dm +zDW8ZhLDsjUY/D4lUeWjbO1RCHI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEnzCCAoegAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 +dG93biBSU0EgQ0EwHhcNMTkwNjA5MTcxNTEyWhcNMjkwNjA2MTcxNTEyWjAsMSow +KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCj/tOFeSW3WB+TtuLCR1L/84lZytFw +zbpzOTGB1kPEKNbrMsv3lHXm5bHa8Bl3k113k7Hi7OAt/nkMm05s8LcUoovhaG5C +G7tjzL+ld1nO74gNS3IQHCzxRdRwIgaDZHyICfBQBfB9/m+9z3yRtOKWJl6i/MT9 +HRN6yADW/8gHFlMzRkCKBjIKXehKsu8cbtB+5MukwtXI4rKf9aYXZQOEUn1kEwQJ +ZIKBXR0eyloQiZervUE7meRCTBvzXT9VoSEX49/mempp4hnfdHlRNzre4/tphBf1 +fRUdpVXZ3DvmzoHdXRVzxx3X5LvDpf7Eb3ViGkXDFwkSfHEhkRnAl4lIzTH/1F25 +stmT8a0PA/lCNMrzJBzkLcuem1G1uMHoQZo1f3OpslJ8gHbE9ZlIbIKmpmJS9oop +Vh1BH+aOy5doCrF8uOLTQ3d5CqA/EZMGahDHy7IkeNYmG/RXUKNltv+r95gwuRP+ +9UIJ9FTa4REQbIpGWP5XibI6x4LqLTJj+VsCAwEAAaNeMFwwHQYDVR0OBBYEFEKP +y8hHZVazpvIsxFcGo4YrkEkwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jANBgkqhkiG9w0BAQsFAAOC +AgEAMzTRDLBExVFlw98AuX+pM+/R2Gjw5KFHvSYLKLbMRfuuZK1yNYYaYtNrtF+V +a53OFgaZj56o7tXc2PB8kw4MELD0ViR8Do2bvZieFcEe4DwhdjGCjuLehVLT29qI +7T3N/JkJ5daemKZcRB6Ne0F4+6QlVVNck28HUKbQThl88RdwLUImmSAfgKSt6uJ5 +wlH7wiYQR2vPXwSuEYzwot+L/91eBwuQr4Lovx9+TCKTbwQOKYjX4KfcOOQ1rx0M +IMrvwWqnabc6m1F0O6//ibL0kuFkJYEgOH2uJA12FBHO+/q2tcytejkOWKWMJj6Y +2etwIHcpzXaEP7fZ75cFGqcE3s7XGsweBIPLjMP1bKxEcFKzygURm/auUuXBCFBl +E16PB6JEAeCKe/8VFeyucvjPuQDWB49aq+r2SbpbI4IeZdz/QgEIOb0MpwStrvhH +9f/DtGMbjvuAEkRoOorK4m5k4GY3LsWTR2bey27AXk8N7pKarpu2N7ChBPm+EV0Y +H+tAI/OfdZuNUCES00F5UAFdU8zBUZo19ao2ZqfEADimE7Epk2s0bUe4GSqEXJp6 +68oVSMhZmMf/RCSNlr97f34sNiUA1YJ0JbCRZmw8KWNm9H1PARLbrgeRBZ/k31Li +WLDr3fiEVk7SGxj3zo94cS6AT55DyXLiSD/bFmL1QXgZweA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFFTCCAv2gAwIBAgIUGXgsGl4sGhiPwUPOme5w5jJscVQwDQYJKoZIhvcNAQEL +BQAwGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMB4XDTE5MDYwOTE3MTUxMVoX +DTI5MDYwNjE3MTUxMVowGjEYMBYGA1UEAwwPcG9ueXRvd24gUlNBIENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArpW4WHfSmTCMvnDJaCRL5BR2knDc +C+T4/wv7i//zsBL3q0YVdBpllWCZx8TSfuXT/1o/Zxdt+H1ZjnH8yuwuHOToE3W0 ++Y/912hAPiD+d79A+MtqVX1gayjHDy9HybznTN2Onh1ZhWyks0FLL5SB0vVCLwXP +W7tcyY0w6wn3RTw4nBu7co5a280cHgHv5V3XeNgteQrnkXE9TfuqqUZwVt0v1jr1 +bk1KaDDD+36wfeO70Q6CeLwKPhN0mPDHdj/lecj4efl0l1B0ehHxLkLuztqtkCF6 ++yMoBrEyzJjO6TGMSTMsnw4F9bA15jkIIEQs5FhwVHFOTmu5BG+j37umoy27k5As +5cV0/djr3r8WhBZ6w2+XjvbAdJPgqc+Xobnx1i5GI4noRC4G4Cl0Vx+iRru1/nsE +xPazz9UVkiUsDlN9n49f1pik9z74Box6CD6IZVb8h4vV7um+0R4/eErVf/Cyf1Xe +axVaOgA/CD0ucLdSfDz61O/2PG3P7YjWY1R9zr35e8pakgyFPXnWMbsfniuGkM0X +6lG743Q7yVt38/HuAqi1AGq+r/AKisrezt97UNm0CryuEk02y4SVLbhuG/V6mBCh +4Va3KD1ZOgfJcTZbuxebIz6W+5jL80hE0YwBBs8vSv8Fo5N7dYNSNvyMxkoPh8Gw +CAFyqt5zBLGCEvkCAwEAAaNTMFEwHQYDVR0OBBYEFDjj6hEpDZdjAIdvd9Moe3un +RvJWMB8GA1UdIwQYMBaAFDjj6hEpDZdjAIdvd9Moe3unRvJWMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggIBACu+Ct6J+Dh3EXFOgjW3gN3CaD0UK0kW +03u7znNAJBAYhi+MXSTPBdrxYGOPkHF1Jl15qb2fc58+0nakf8bvah8kgxi2ujX8 +vrPBjsAv/ixPvUrcol9ZGrseP5DdFS8pw1FoDR/JdgNCdSM4xC3GSk2SLYs+QSJx +YG3nQLOAZEvnbiZ4zBZ0wVct4w9jrxtqdq2eS8cLoRVx715MzKPBCGEccYu/py5a +gkyclr16s0mb+wN49of34AQ+xXguHZGNZzCy6PTbx0IC+sRVe82+RZkj21JG+AFM +9s+vLgRdtWIEZW1AIYbUUbhuvsne+sidZW5XQuFp1V4LlQbO49oEhrPMBn+oHKg5 +MWIe68bjkqDSnDzG+TEBTWiAhyyGyZcebfCs72DGbYrfKt1uTyi+groumPnvQfJB +y3kqy2pUFeEkNJkx4BfYL+N7I07s9WTy8UMoqn/OLuyqoFaYMd9XMaOOx3xTy8aw +pUJ69c3VI66W/Ii1ypk2EPUImWpG/n89Y/8Mk1NbesaZLk9feTDfbM4VNPkQU+7T +3DNQxPSswSh4nXGURwC46SOu2s1lRA98ZXkP5XhUvTuvfg/e4suq26OqjORHQ5zI +57NP+uHRrfHGlrQ196j1Maw7W7vkocbEv8/06v6s54CG8ezzD2nt1QrLJqSpUqHo +qolvgn/PK+gg +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/end.key b/ractor_cluster_integration_tests/test-ca/rsa/end.key new file mode 100644 index 00000000..59637443 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/end.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDdwbEc6ZKih4mQ +A916JwctBZgnRmzOKERrzlHjfzy8ZfsUJLENQBN8s3RVRwPThReHdp8bpiVRrNmM +RxyXoa5oqxWDjXOu5W4hoISIMbOAq4Kj8G+eS0UKwypKHwJ1aUzEjWQGKxNpIYvc +GqwYpN1Yi1+qTgLg2qw1ENtBhrWHhmQruGqDtQTQLe2tbcOuGhIL0cyWIRtEWHWL +/wb1Akzhm31WQF+mURtYvYonA/Ta7ErONXCxsEXndTR4iT/XognnOhTJ+uIinNwn +52y9Te7MYix6SDBEVeKZx9v3iOYU81zXf+WaxNqZvTfbPjkLsXiymOgVfGQcO4hi +QeLoJIHXAgMBAAECggEATFl3xWCV3+eScUcjZf8x9UpLzJnutDwg8o0inJUeMC9c +dt77Jni9PN38W7ALnTPhmf45YaeeibRdYnLJYVuFVPwyeAynm7vaYzGE7+9MwixK +2m7Zv0JjDwWK9eIfUpVinPmhSo5iLHwkTy/PuNxqaSXzVgtt6kTfrZWUJ8ddkL8M +bMQTvSLByspyZq/9n6Xq4cy1kummrYgluGKrh6+b+3/ff4wTfF9txlecM+te0uoI +nu5jTRGGSouKKiOWLLkQNPCqrSmy/VfQLkacs3l8Y89Fo4TlBU6MEb02u+fCQ/58 +q1E8Y7J1/Yjv2VTwav9q1EX9/ncA8b2C0K1Ylgh9QQKBgQD2bZwI03z4Zpo1TnxU +d4r0qWVExY7fP9BfJPEn3KE4zlPXbiiNazMprdFoIUEtKNcl77ZYVcvNLCUDOWzj +maYtVJm7wuUPcJQU2becuw6N7yZJd9mfXPOiBWmv8Df5AJJymdUcXqMySi9eFr1m +SwFhrsFRTs8Fo0bGrw8UTMM72QKBgQDmXsHt80+F7YuVUrVMuhTTr/DqwHgqyCQ1 +zQXuOeGDaFPSYzgk6XEPPJU+Kil+bFIY7DaMokVHWvJJ9e9iF8fjflSnp2pp1BWa +t3D+I3zfX+SCioD8KXcFiMfoH9bqIfBzaQfeMNgqMbR0fpsf/l0n/cwJRQ4KGU7s +puXqY0aNLwKBgEa2kU3fEj9dgebGDNtYKmGmsk6XujXJ5AtJWIItx327h0eMbsqV +9mqBXFPbJw7EZ2iVbufORtsrTbutINf24T6kxjCg7oYNshCBoTSyYKzN8VinsaUP +UUIu93LrJcSoK14DUqn/ZikqLIl9UQAnic/0C7k/OhzOC6M73MHgfS2RAoGBAM0O +y9DjI4YzTGw+kuMZQDCuC+TqLgzm2lSJix3ip7oww2wipXc11E2bv7z2Crld8jX9 +DRFh4AkEC2eKYusN//+gE/qoKzDId/KgFxQgwqaS1PTeFLJgtnFWr5sPvF3sl/wj +Ib3F/KSSWe7YQ3zXDlTqtRQLQ9P5cydz6HQaqlJBAoGBAL3xNfmStaUFV4moms64 +fZ755LqQwN5rwjZLxmRTsOgVI/KPEg44xvbcG885eNW+JhYSPUyvkrP6Qb+I8PEN +qdMPUgTetOrnA4T9yf7+U/xHghDSb3BEQKyGlrbRO2GB/iGa3xHD963WozDzeAfQ +uxrLrUaQjPsf2AEhrHk8slgM +-----END PRIVATE KEY----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/end.req b/ractor_cluster_integration_tests/test-ca/rsa/end.req new file mode 100644 index 00000000..2d0e7702 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/end.req @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICXjCCAUYCAQAwGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdwbEc6ZKih4mQA916JwctBZgnRmzOKERr +zlHjfzy8ZfsUJLENQBN8s3RVRwPThReHdp8bpiVRrNmMRxyXoa5oqxWDjXOu5W4h +oISIMbOAq4Kj8G+eS0UKwypKHwJ1aUzEjWQGKxNpIYvcGqwYpN1Yi1+qTgLg2qw1 +ENtBhrWHhmQruGqDtQTQLe2tbcOuGhIL0cyWIRtEWHWL/wb1Akzhm31WQF+mURtY +vYonA/Ta7ErONXCxsEXndTR4iT/XognnOhTJ+uIinNwn52y9Te7MYix6SDBEVeKZ +x9v3iOYU81zXf+WaxNqZvTfbPjkLsXiymOgVfGQcO4hiQeLoJIHXAgMBAAGgADAN +BgkqhkiG9w0BAQsFAAOCAQEAHEAC9m+IEG1oOR+kDvEm/voON3DT3+QhNGUjLus8 +sodZVLsORkrpY3ZO3JCx0Cq+NatFWFFq/kTySbh0GBROmB8ckglO/7UtciKjsT1j +3GtgOcXsB03BScZ/Mxhb6hXKubpprVVcOeSKvGPkQQBCjhwPcwvUm0J5u7heKGRb +A9ITUmEFEh4dg20dGgCZfT5CXGRytALRV3wdDegw7xhIEn5gpbKWDozZ1z2Td0Sb +JL/FG1w3apgdzGGey2T6B4PV9EbOk5tkYhDNVpRz5WEOzC723vCiMfJAzm19JbrY ++RNL5QxwRLK3awPrnhVcCQOwpCLAr4C4jJLFZ1C3HELX9Q== +-----END CERTIFICATE REQUEST----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/end.rsa b/ractor_cluster_integration_tests/test-ca/rsa/end.rsa new file mode 100644 index 00000000..4ba9c7a9 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/end.rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3cGxHOmSooeJkAPdeicHLQWYJ0ZszihEa85R4388vGX7FCSx +DUATfLN0VUcD04UXh3afG6YlUazZjEccl6GuaKsVg41zruVuIaCEiDGzgKuCo/Bv +nktFCsMqSh8CdWlMxI1kBisTaSGL3BqsGKTdWItfqk4C4NqsNRDbQYa1h4ZkK7hq +g7UE0C3trW3DrhoSC9HMliEbRFh1i/8G9QJM4Zt9VkBfplEbWL2KJwP02uxKzjVw +sbBF53U0eIk/16IJ5zoUyfriIpzcJ+dsvU3uzGIsekgwRFXimcfb94jmFPNc13/l +msTamb032z45C7F4spjoFXxkHDuIYkHi6CSB1wIDAQABAoIBAExZd8Vgld/nknFH +I2X/MfVKS8yZ7rQ8IPKNIpyVHjAvXHbe+yZ4vTzd/FuwC50z4Zn+OWGnnom0XWJy +yWFbhVT8MngMp5u72mMxhO/vTMIsStpu2b9CYw8FivXiH1KVYpz5oUqOYix8JE8v +z7jcamkl81YLbepE362VlCfHXZC/DGzEE70iwcrKcmav/Z+l6uHMtZLppq2IJbhi +q4evm/t/33+ME3xfbcZXnDPrXtLqCJ7uY00RhkqLiiojliy5EDTwqq0psv1X0C5G +nLN5fGPPRaOE5QVOjBG9NrvnwkP+fKtRPGOydf2I79lU8Gr/atRF/f53APG9gtCt +WJYIfUECgYEA9m2cCNN8+GaaNU58VHeK9KllRMWO3z/QXyTxJ9yhOM5T124ojWsz +Ka3RaCFBLSjXJe+2WFXLzSwlAzls45mmLVSZu8LlD3CUFNm3nLsOje8mSXfZn1zz +ogVpr/A3+QCScpnVHF6jMkovXha9ZksBYa7BUU7PBaNGxq8PFEzDO9kCgYEA5l7B +7fNPhe2LlVK1TLoU06/w6sB4KsgkNc0F7jnhg2hT0mM4JOlxDzyVPiopfmxSGOw2 +jKJFR1rySfXvYhfH435Up6dqadQVmrdw/iN831/kgoqA/Cl3BYjH6B/W6iHwc2kH +3jDYKjG0dH6bH/5dJ/3MCUUOChlO7Kbl6mNGjS8CgYBGtpFN3xI/XYHmxgzbWCph +prJOl7o1yeQLSViCLcd9u4dHjG7KlfZqgVxT2ycOxGdolW7nzkbbK027rSDX9uE+ +pMYwoO6GDbIQgaE0smCszfFYp7GlD1FCLvdy6yXEqCteA1Kp/2YpKiyJfVEAJ4nP +9Au5PzoczgujO9zB4H0tkQKBgQDNDsvQ4yOGM0xsPpLjGUAwrgvk6i4M5tpUiYsd +4qe6MMNsIqV3NdRNm7+89gq5XfI1/Q0RYeAJBAtnimLrDf//oBP6qCswyHfyoBcU +IMKmktT03hSyYLZxVq+bD7xd7Jf8IyG9xfykklnu2EN81w5U6rUUC0PT+XMnc+h0 +GqpSQQKBgQC98TX5krWlBVeJqJrOuH2e+eS6kMDea8I2S8ZkU7DoFSPyjxIOOMb2 +3BvPOXjVviYWEj1Mr5Kz+kG/iPDxDanTD1IE3rTq5wOE/cn+/lP8R4IQ0m9wRECs +hpa20Tthgf4hmt8Rw/et1qMw83gH0Lsay61GkIz7H9gBIax5PLJYDA== +-----END RSA PRIVATE KEY----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/inter.cert b/ractor_cluster_integration_tests/test-ca/rsa/inter.cert new file mode 100644 index 00000000..74d4a016 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/inter.cert @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEnzCCAoegAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255 +dG93biBSU0EgQ0EwHhcNMTkwNjA5MTcxNTEyWhcNMjkwNjA2MTcxNTEyWjAsMSow +KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCj/tOFeSW3WB+TtuLCR1L/84lZytFw +zbpzOTGB1kPEKNbrMsv3lHXm5bHa8Bl3k113k7Hi7OAt/nkMm05s8LcUoovhaG5C +G7tjzL+ld1nO74gNS3IQHCzxRdRwIgaDZHyICfBQBfB9/m+9z3yRtOKWJl6i/MT9 +HRN6yADW/8gHFlMzRkCKBjIKXehKsu8cbtB+5MukwtXI4rKf9aYXZQOEUn1kEwQJ +ZIKBXR0eyloQiZervUE7meRCTBvzXT9VoSEX49/mempp4hnfdHlRNzre4/tphBf1 +fRUdpVXZ3DvmzoHdXRVzxx3X5LvDpf7Eb3ViGkXDFwkSfHEhkRnAl4lIzTH/1F25 +stmT8a0PA/lCNMrzJBzkLcuem1G1uMHoQZo1f3OpslJ8gHbE9ZlIbIKmpmJS9oop +Vh1BH+aOy5doCrF8uOLTQ3d5CqA/EZMGahDHy7IkeNYmG/RXUKNltv+r95gwuRP+ +9UIJ9FTa4REQbIpGWP5XibI6x4LqLTJj+VsCAwEAAaNeMFwwHQYDVR0OBBYEFEKP +y8hHZVazpvIsxFcGo4YrkEkwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jANBgkqhkiG9w0BAQsFAAOC +AgEAMzTRDLBExVFlw98AuX+pM+/R2Gjw5KFHvSYLKLbMRfuuZK1yNYYaYtNrtF+V +a53OFgaZj56o7tXc2PB8kw4MELD0ViR8Do2bvZieFcEe4DwhdjGCjuLehVLT29qI +7T3N/JkJ5daemKZcRB6Ne0F4+6QlVVNck28HUKbQThl88RdwLUImmSAfgKSt6uJ5 +wlH7wiYQR2vPXwSuEYzwot+L/91eBwuQr4Lovx9+TCKTbwQOKYjX4KfcOOQ1rx0M +IMrvwWqnabc6m1F0O6//ibL0kuFkJYEgOH2uJA12FBHO+/q2tcytejkOWKWMJj6Y +2etwIHcpzXaEP7fZ75cFGqcE3s7XGsweBIPLjMP1bKxEcFKzygURm/auUuXBCFBl +E16PB6JEAeCKe/8VFeyucvjPuQDWB49aq+r2SbpbI4IeZdz/QgEIOb0MpwStrvhH +9f/DtGMbjvuAEkRoOorK4m5k4GY3LsWTR2bey27AXk8N7pKarpu2N7ChBPm+EV0Y +H+tAI/OfdZuNUCES00F5UAFdU8zBUZo19ao2ZqfEADimE7Epk2s0bUe4GSqEXJp6 +68oVSMhZmMf/RCSNlr97f34sNiUA1YJ0JbCRZmw8KWNm9H1PARLbrgeRBZ/k31Li +WLDr3fiEVk7SGxj3zo94cS6AT55DyXLiSD/bFmL1QXgZweA= +-----END CERTIFICATE----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/inter.key b/ractor_cluster_integration_tests/test-ca/rsa/inter.key new file mode 100644 index 00000000..6e8d0b10 --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/inter.key @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQCj/tOFeSW3WB+T +tuLCR1L/84lZytFwzbpzOTGB1kPEKNbrMsv3lHXm5bHa8Bl3k113k7Hi7OAt/nkM +m05s8LcUoovhaG5CG7tjzL+ld1nO74gNS3IQHCzxRdRwIgaDZHyICfBQBfB9/m+9 +z3yRtOKWJl6i/MT9HRN6yADW/8gHFlMzRkCKBjIKXehKsu8cbtB+5MukwtXI4rKf +9aYXZQOEUn1kEwQJZIKBXR0eyloQiZervUE7meRCTBvzXT9VoSEX49/mempp4hnf +dHlRNzre4/tphBf1fRUdpVXZ3DvmzoHdXRVzxx3X5LvDpf7Eb3ViGkXDFwkSfHEh +kRnAl4lIzTH/1F25stmT8a0PA/lCNMrzJBzkLcuem1G1uMHoQZo1f3OpslJ8gHbE +9ZlIbIKmpmJS9oopVh1BH+aOy5doCrF8uOLTQ3d5CqA/EZMGahDHy7IkeNYmG/RX +UKNltv+r95gwuRP+9UIJ9FTa4REQbIpGWP5XibI6x4LqLTJj+VsCAwEAAQKCAYBK +Zj1H/GIj/5KzzPCq+viora/OULkb1/mSdIwFP1OXFoAKTA1E0NF8YxCBJxQmr3Bj +41l8fcJmm2AHXB4ERmCIuAWFyX7b9wDYkfcP9kmEHB85CNVCgcXR38A07vrNeTUV +8oxXgZpNTrUbA5qb79gsDlQ41Tv5KMvBlCLtZzU0Iei1BlYZSB5Dnb7YxLy9xXhJ +WTsaEFo0vMQU1bj4PBeQXGwOjqHyMOsUDU48vciGYCWzADUr+PEZMrYrfk5RZruG +0M5PajoMxBSKzrSTYPQBtxeq+HJlO0RvCL7PxWqFnjgLlUmrRntMqVCJX43K3/6H +o8BCrHD/QBHO6fgkRhr9Ne1nlwWDLt5tzg2rxbqPdGsTd2rv9OG9PkFwQDsaQS3v +8k8WQUT8O5YpxHHXVxeKSjDxl3IW9adDARtjIUGH5tpgIJfI0vULdFC+nEOeRw9G +F0w7xvAawRy72WitivyGo7bLMJh7BURyKYgC4cJ0abhjoZD1OEq+/Xh9j+ZT04EC +gcEAz74FVK5Yq/cbSN2NRD399pZfJ+gaPkXQ9aIO3QhdNGanX29me/7YFQf+JvNk +RWey9bDu8weMAlONU6RdLdWkvAgpBLLDOC+8UAUMAYaSKwkw1PNPbC8KnspbcUYp +Us1IGs+PUqnIWFm9PAJjdwGN+N8zL9YCyH/6iyWtHOpfH8q9Wdo+YBINrgNG3jEw +1VVhSKcSMbJVqOC1zZ8YPII4J0H0w3psb17yihWiYyXI4fWcaixizvJa9+WFaWol +kBQxAoHBAMoXRopIzVD2c7tPZLbJ/XqDU5FofXFjv+rer1+0rlmcQiTRbloKjJ0c +ET8EcUiqwbQQRokj8wa2tXSfAuq8HO+J4Jph/6yyqdkD6m5GNUdT4E9IM6kcDHD0 +e2UMhLlxW22Vny11wjK/1C4+kg2LM8NJ7cUiW2BbQ/DVfVxHm3Zc7vHEBS68McVw +A33mzgoAa73E5KqGeiMxMSHNDrM/pRkLfMsaC+zfbvL0aSOlVN8caUj04H6yIuH2 +wzy0ABY/SwKBwCNMpps9BNQzqO84tkhiQEUmSAT/63WpZ1hVsTDduviseMQ+qato +Ik9wjD8SHHeupzoYVoH1RlUe3WTZCPxA0T0iJdYmigWCFv2B3ghkVXH6ndGRhm1b +kPJqcB9PTLZFK3tiyXfCYcihdwY7YatXGEixpID8XHy1Ql1iiYfgS0mbqZEbBH5O +kwR+igw3T5TwbRdrTCwloWiQxlOqNPQTLHd/PZf5tXM3Lv9HrdArG3dJxMpFwIRp +qgt1dLX0020oAQKBwQDBccg/JHMMdezQNq40XmN5u23p+XhiatZRr7l1xlFCS9Xw +wlx8ai6xUSWdCdaadYGXqCCss7G1En3dVTyIj2qvTG6nuPjxSdBVgG8OAbyMO1iy +620wCj5KfWwEjRgbHswiuJ8298rdo0wqvBA4ULBK1mB4XGvVb2c4iFNIWu8QPOMo +n7dKRjDqSk+9W4qMflyjuW4dYT5Wo4bhURUqNdkGgT2CeLtDkZj1jUl7Ko50RxDt +GiIuhLvpSrkWSULwCMMCgcB/OjIA3tMXD2WtZ6fSxdyg5tGRVuOdWoovC0PQ1K0O +bA6OpbNo12BI6Q9PiDNj4he7NIt47MPjnJ4buSeVJBh8wEaWwGGHfM++3QNf1a/b +AtbURpy5wWQl9gnA/ZPbcFbjWHQbAl9fa+7RPKC/gWv/14fptF6crA84boIokHwB +Qn3FXYtrEgwZxtHu1erjf0y75MnJboDalMUCojfLBRYCrotQLuce9/qDlLsWbRIe +wbmf/gQDf47Q5OUrJFUFLoA= +-----END PRIVATE KEY----- diff --git a/ractor_cluster_integration_tests/test-ca/rsa/inter.req b/ractor_cluster_integration_tests/test-ca/rsa/inter.req new file mode 100644 index 00000000..d8d2d21e --- /dev/null +++ b/ractor_cluster_integration_tests/test-ca/rsa/inter.req @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDcTCCAdkCAQAwLDEqMCgGA1UEAwwhcG9ueXRvd24gUlNBIGxldmVsIDIgaW50 +ZXJtZWRpYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAo/7ThXkl +t1gfk7biwkdS//OJWcrRcM26czkxgdZDxCjW6zLL95R15uWx2vAZd5Ndd5Ox4uzg +Lf55DJtObPC3FKKL4WhuQhu7Y8y/pXdZzu+IDUtyEBws8UXUcCIGg2R8iAnwUAXw +ff5vvc98kbTiliZeovzE/R0TesgA1v/IBxZTM0ZAigYyCl3oSrLvHG7QfuTLpMLV +yOKyn/WmF2UDhFJ9ZBMECWSCgV0dHspaEImXq71BO5nkQkwb810/VaEhF+Pf5npq +aeIZ33R5UTc63uP7aYQX9X0VHaVV2dw75s6B3V0Vc8cd1+S7w6X+xG91YhpFwxcJ +EnxxIZEZwJeJSM0x/9RdubLZk/GtDwP5QjTK8yQc5C3LnptRtbjB6EGaNX9zqbJS +fIB2xPWZSGyCpqZiUvaKKVYdQR/mjsuXaAqxfLji00N3eQqgPxGTBmoQx8uyJHjW +Jhv0V1CjZbb/q/eYMLkT/vVCCfRU2uEREGyKRlj+V4myOseC6i0yY/lbAgMBAAGg +ADANBgkqhkiG9w0BAQsFAAOCAYEAnqABrq2Km2GcMieCoWZg4uQmJ/iFKtNopKUH +BCEoUX8SFkq7nHnufZyZtC9hzpTB/aJ3ycFkA/qKmK2FY8glVnyYi+At2utfiwio +SaOAcnD5xNY+HN488wYX/WfZvtnPLVUkCGzvUJ1tMHgxUa7U8pQRayDtwpgsKm2s +R8k5v7U2uxPfYrdwwFaF9ptaSBYUUcT5+I8apxWhEHGT3mW355+59a9Btb/bJbRq +SuX6Gsq6mYIZxdFpNV7mSxMQAcKudILQU7hqqNPjdfzvI0oQhgC7NXv9jtszbsta +K3u2KYlVq6C0wbjwpRzubdLHQ7Z21z4E4s0fbWc3jVJc2DTioVk9j9TLjSH3gDS2 +AjqjCowKtHQb5Ty0BNokWb4RNwJ8lHZIib9CGqYhpAx6luKnVi/rnghsIv8RItPG +ba0eA4FylVYSXNWAgnjZLBcYrQwuNpC0RVoH5vsXZj9ah6c+RUc0PZ/s63B6X1dO +6dlPwNvasXRLZJvO0vRjNX6F2u7Y +-----END CERTIFICATE REQUEST----- diff --git a/ractor_playground/src/distributed.rs b/ractor_playground/src/distributed.rs index 8a9ebf72..8b38271a 100644 --- a/ractor_playground/src/distributed.rs +++ b/ractor_playground/src/distributed.rs @@ -23,10 +23,20 @@ pub(crate) async fn test_auth_handshake(port_a: u16, port_b: u16, valid_cookies: }; let hostname = "localhost".to_string(); - let server_a = - ractor_cluster::NodeServer::new(port_a, cookie_a, "node_a".to_string(), hostname.clone()); - let server_b = - ractor_cluster::NodeServer::new(port_b, cookie_b, "node_b".to_string(), hostname); + let server_a = ractor_cluster::NodeServer::new( + port_a, + cookie_a, + "node_a".to_string(), + hostname.clone(), + ractor_cluster::IncomingEncryptionMode::Raw, + ); + let server_b = ractor_cluster::NodeServer::new( + port_b, + cookie_b, + "node_b".to_string(), + hostname, + ractor_cluster::IncomingEncryptionMode::Raw, + ); let (actor_a, handle_a) = Actor::spawn(None, server_a, ()) .await @@ -124,7 +134,13 @@ pub(crate) async fn startup_ping_pong_test_node(port: u16, connect_client: Optio let cookie = "cookie".to_string(); let hostname = "localhost".to_string(); - let server = ractor_cluster::NodeServer::new(port, cookie, "node_a".to_string(), hostname); + let server = ractor_cluster::NodeServer::new( + port, + cookie, + "node_a".to_string(), + hostname, + ractor_cluster::IncomingEncryptionMode::Raw, + ); let (actor, handle) = Actor::spawn(None, server, ()) .await