From fdaedb8325c5c884ae7f17580da843345af6bfc9 Mon Sep 17 00:00:00 2001 From: ZLBer <1098294815@qq.com> Date: Mon, 5 Dec 2022 20:20:20 +0800 Subject: [PATCH] feat: tls sample (#469) * tls sample * tls sample --- tls/README.md | 59 ++++ tls/README_zh.md | 54 +++ tls/dubbo/go-client/cmd/client.go | 104 ++++++ tls/dubbo/go-client/conf/dubbogo.yaml | 17 + tls/dubbo/go-client/pkg/user.go | 103 ++++++ tls/dubbo/go-server/cmd/server.go | 86 +++++ tls/dubbo/go-server/conf/dubbogo.yaml | 30 ++ .../go-server/pkg/common_user_provider.go | 119 +++++++ tls/dubbo/go-server/pkg/complex_provider.go | 111 +++++++ tls/dubbo/go-server/pkg/user.go | 109 +++++++ tls/dubbo/go-server/pkg/user_provider.go | 30 ++ .../pkg/wrapper_array_class_provider.go | 95 ++++++ tls/grpc/go-client/cmd/client.go | 56 ++++ tls/grpc/go-client/conf/dubbogo.yaml | 17 + tls/grpc/go-server/cmd/server.go | 79 +++++ tls/grpc/go-server/conf/dubbogo.yaml | 16 + tls/grpc/protobuf/helloworld.pb.go | 307 ++++++++++++++++++ tls/grpc/protobuf/helloworld.proto | 37 +++ tls/grpc/protobuf/protobuf.mk | 26 ++ tls/triple/codec/codec.go | 51 +++ tls/triple/go-client/cmd/client.go | 58 ++++ tls/triple/go-client/conf/dubbogo.yaml | 13 + tls/triple/go-server/cmd/server.go | 59 ++++ tls/triple/go-server/conf/dubbogo.yaml | 15 + tls/x509/README.md | 6 + tls/x509/client1_cert.pem | 32 ++ tls/x509/client1_key.pem | 51 +++ tls/x509/client2_cert.pem | 32 ++ tls/x509/client2_key.pem | 51 +++ tls/x509/client_ca_cert.pem | 35 ++ tls/x509/client_ca_key.pem | 52 +++ tls/x509/create.sh | 132 ++++++++ tls/x509/multiple_uri_cert.pem | 34 ++ tls/x509/multiple_uri_key.pem | 52 +++ tls/x509/openssl.cnf | 28 ++ tls/x509/server1_cert.pem | 32 ++ tls/x509/server1_key.pem | 51 +++ tls/x509/server2_cert.pem | 32 ++ tls/x509/server2_key.pem | 51 +++ tls/x509/server_ca_cert.pem | 35 ++ tls/x509/server_ca_key.pem | 52 +++ tls/x509/spiffe_cert.pem | 33 ++ tls/x509/spiffe_key.pem | 52 +++ 43 files changed, 2494 insertions(+) create mode 100644 tls/README.md create mode 100644 tls/README_zh.md create mode 100644 tls/dubbo/go-client/cmd/client.go create mode 100644 tls/dubbo/go-client/conf/dubbogo.yaml create mode 100644 tls/dubbo/go-client/pkg/user.go create mode 100644 tls/dubbo/go-server/cmd/server.go create mode 100644 tls/dubbo/go-server/conf/dubbogo.yaml create mode 100644 tls/dubbo/go-server/pkg/common_user_provider.go create mode 100644 tls/dubbo/go-server/pkg/complex_provider.go create mode 100644 tls/dubbo/go-server/pkg/user.go create mode 100644 tls/dubbo/go-server/pkg/user_provider.go create mode 100644 tls/dubbo/go-server/pkg/wrapper_array_class_provider.go create mode 100644 tls/grpc/go-client/cmd/client.go create mode 100644 tls/grpc/go-client/conf/dubbogo.yaml create mode 100644 tls/grpc/go-server/cmd/server.go create mode 100644 tls/grpc/go-server/conf/dubbogo.yaml create mode 100644 tls/grpc/protobuf/helloworld.pb.go create mode 100644 tls/grpc/protobuf/helloworld.proto create mode 100644 tls/grpc/protobuf/protobuf.mk create mode 100644 tls/triple/codec/codec.go create mode 100644 tls/triple/go-client/cmd/client.go create mode 100644 tls/triple/go-client/conf/dubbogo.yaml create mode 100644 tls/triple/go-server/cmd/server.go create mode 100644 tls/triple/go-server/conf/dubbogo.yaml create mode 100644 tls/x509/README.md create mode 100644 tls/x509/client1_cert.pem create mode 100644 tls/x509/client1_key.pem create mode 100644 tls/x509/client2_cert.pem create mode 100644 tls/x509/client2_key.pem create mode 100644 tls/x509/client_ca_cert.pem create mode 100644 tls/x509/client_ca_key.pem create mode 100755 tls/x509/create.sh create mode 100644 tls/x509/multiple_uri_cert.pem create mode 100644 tls/x509/multiple_uri_key.pem create mode 100644 tls/x509/openssl.cnf create mode 100644 tls/x509/server1_cert.pem create mode 100644 tls/x509/server1_key.pem create mode 100644 tls/x509/server2_cert.pem create mode 100644 tls/x509/server2_key.pem create mode 100644 tls/x509/server_ca_cert.pem create mode 100644 tls/x509/server_ca_key.pem create mode 100644 tls/x509/spiffe_cert.pem create mode 100644 tls/x509/spiffe_key.pem diff --git a/tls/README.md b/tls/README.md new file mode 100644 index 000000000..783ad4b0b --- /dev/null +++ b/tls/README.md @@ -0,0 +1,59 @@ +# Use TLS encryption in Dubbo go + +## Usage + +0. Generate the required certificate and secret key + +This example provides the generated certificate and secret key under the directory `tls/x509` + +1. Configure dubbogo.yaml + +Client TLS configuration: + +```yaml +dubbo: + tls_config: + ca-cert-file: ../../../x509/server_ca_cert.pem + tls-cert-file: ../../../x509/client2_cert.pem + tls-key-file: ../../../x509/client2_key.pem + tls-server-name: dubbogo.test.example.com +``` + +Server TLS configuration: + +```yaml +dubbo: + tls_config: + ca-cert-file: ../../../x509/client_ca_cert.pem + tls-cert-file: ../../../x509/server2_cert.pem + tls-key-file: ../../../x509/server2_key.pem + tls-server-name: dubbogo.test.example.com +``` + +2. Startup example + +This example provides TLS encryption examples of Dubbo, Grpc and Triple communication modes, respectively located in + +`tls/dubbo` 、`tls/grpc` 、`tls/triple`。 Enter the folder to launch the sample. + +Take tls/dubbo as an example: + +Start the server: + +Enter 'tls/dubbo/go server/cmd' and start 'server.go` + +The TLS configuration takes effect when you see the following logs + +``` +2022-12-01T23:39:30.690+0800 INFO getty/getty_ server. go:78 Getty Server initialized the TLSConfig configuration +``` + +Start client: + +Enter 'tls/dubbo/go client/cmd' and start 'client.go` + +The TLS configuration takes effect when you see the following logs + +``` +2022-12-01T23:40:05.998+0800 INFO grpc/client. go:90 Grpc Client initialized the TLSConfig configuration +``` \ No newline at end of file diff --git a/tls/README_zh.md b/tls/README_zh.md new file mode 100644 index 000000000..e909e4625 --- /dev/null +++ b/tls/README_zh.md @@ -0,0 +1,54 @@ +# 在Dubbo-go中使用TLS加密 + +## 使用方法 +0.生成所需要的证书和秘钥 +本示例提供已经生成好的证书和秘钥,在目录`tls/x509`下 + +1.配置dubbogo.yaml + +客户端TLS配置: + +```yaml +dubbo: + tls_config: + ca-cert-file: ../../../x509/server_ca_cert.pem + tls-cert-file: ../../../x509/client2_cert.pem + tls-key-file: ../../../x509/client2_key.pem + tls-server-name: dubbogo.test.example.com +``` + +服务端TLS配置: + +```yaml +dubbo: + tls_config: + ca-cert-file: ../../../x509/client_ca_cert.pem + tls-cert-file: ../../../x509/server2_cert.pem + tls-key-file: ../../../x509/server2_key.pem + tls-server-name: dubbogo.test.example.com +``` +2. 启动示例 + +本示例提供了Dubbo、Grpc、Triple三种通信方式的TLS加密示例,分别位于`tls/dubbo` 、`tls/grpc` 、`tls/triple`。进入文件夹即可启动示例。 + +以tls/dubbo为例: + +启动服务端: + +进入`tls/dubbo/go-server/cmd`,启动`server.go` + +看到如下日志,则TLS配置生效 + +``` +2022-12-01T23:39:30.690+0800 INFO getty/getty_server.go:78 Getty Server initialized the TLSConfig configuration +``` + +启动客户端: + +进入`tls/dubbo/go-client/cmd`,启动`client.go` + +看到如下日志,则TLS配置生效 + +``` +2022-12-01T23:40:05.998+0800 INFO grpc/client.go:90 Grpc Client initialized the TLSConfig configuration +``` \ No newline at end of file diff --git a/tls/dubbo/go-client/cmd/client.go b/tls/dubbo/go-client/cmd/client.go new file mode 100644 index 000000000..bb67d21e1 --- /dev/null +++ b/tls/dubbo/go-client/cmd/client.go @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package main + +import ( + "context" +) + +import ( + "dubbo.apache.org/dubbo-go/v3/config" + _ "dubbo.apache.org/dubbo-go/v3/imports" + "github.com/dubbogo/gost/log/logger" + + hessian "github.com/apache/dubbo-go-hessian2" +) + +import ( + "github.com/apache/dubbo-go-samples/tls/dubbo/go-client/pkg" +) + +var ( + userProvider = &pkg.UserProvider{} +) + +// need to setup environment variable "DUBBO_GO_CONFIG_PATH" to "conf/dubbogo.yaml" before run +func main() { + hessian.RegisterJavaEnum(pkg.Gender(pkg.MAN)) + hessian.RegisterJavaEnum(pkg.Gender(pkg.WOMAN)) + hessian.RegisterPOJO(&pkg.User{}) + + config.SetConsumerService(userProvider) + + err := config.Load() + if err != nil { + panic(err) + } + + logger.Infof("\n\ntest") + test() +} + +func test() { + logger.Infof("\n\n\nstart to test dubbo") + reqUser := &pkg.User{} + reqUser.ID = "003" + user, err := userProvider.GetUser(context.TODO(), reqUser) + if err != nil { + panic(err) + } + logger.Infof("response result: %v", user) + + logger.Infof("\n\n\nstart to test dubbo - enum") + gender, err := userProvider.GetGender(context.TODO(), 1) + if err != nil { + panic(err) + } + logger.Infof("response result: %v", gender) + + logger.Infof("\n\n\nstart to test dubbo - GetUser0") + ret, err := userProvider.GetUser0("003", "Moorse") + if err != nil { + panic(err) + } + logger.Infof("response result: %v", ret) + + logger.Infof("\n\n\nstart to test dubbo - GetUsers") + ret1, err := userProvider.GetUsers([]string{"002", "003"}) + if err != nil { + panic(err) + } + logger.Infof("response result: %v", ret1) + + logger.Infof("\n\n\nstart to test dubbo - getUser") + + var i int32 = 1 + user, err = userProvider.GetUser2(context.TODO(), i) + if err != nil { + panic(err) + } + logger.Infof("response result: %v", user) + + logger.Infof("\n\n\nstart to test dubbo - getErr") + reqUser.ID = "003" + _, err = userProvider.GetErr(context.TODO(), reqUser) + if err == nil { + panic("err is nil") + } + logger.Infof("getErr - error: %v", err) +} diff --git a/tls/dubbo/go-client/conf/dubbogo.yaml b/tls/dubbo/go-client/conf/dubbogo.yaml new file mode 100644 index 000000000..e26835bce --- /dev/null +++ b/tls/dubbo/go-client/conf/dubbogo.yaml @@ -0,0 +1,17 @@ +# dubbo client yaml configure file + +dubbo: + consumer: + references: + UserProvider: + url: dubbo://localhost:20000 + protocol: dubbo + interface: org.apache.dubbo.sample.UserProvider + logger: + zap-config: + level: info + tls_config: + ca-cert-file: ../../../x509/server_ca_cert.pem + tls-cert-file: ../../../x509/client1_cert.pem + tls-key-file: ../../../x509/client1_key.pem + tls-server-name: dubbogo.test.example.com \ No newline at end of file diff --git a/tls/dubbo/go-client/pkg/user.go b/tls/dubbo/go-client/pkg/user.go new file mode 100644 index 000000000..551c7a3f4 --- /dev/null +++ b/tls/dubbo/go-client/pkg/user.go @@ -0,0 +1,103 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package pkg + +import ( + "context" + "fmt" + "strconv" + "time" +) + +import ( + hessian "github.com/apache/dubbo-go-hessian2" +) + +type Gender hessian.JavaEnum + +const ( + MAN hessian.JavaEnum = iota + WOMAN +) + +var genderName = map[hessian.JavaEnum]string{ + MAN: "MAN", + WOMAN: "WOMAN", +} + +var genderValue = map[string]hessian.JavaEnum{ + "MAN": MAN, + "WOMAN": WOMAN, +} + +func (g Gender) JavaClassName() string { + return "org.apache.dubbo.sample.Gender" +} + +func (g Gender) String() string { + s, ok := genderName[hessian.JavaEnum(g)] + if ok { + return s + } + + return strconv.Itoa(int(g)) +} + +func (g Gender) EnumValue(s string) hessian.JavaEnum { + v, ok := genderValue[s] + if ok { + return v + } + + return hessian.InvalidJavaEnum +} + +type User struct { + // !!! Cannot define lowercase names of variable + ID string `hessian:"id"` + Name string + Age int32 + Time time.Time + Sex Gender // notice: java enum Object <--> go string +} + +func (u User) String() string { + return fmt.Sprintf( + "User{ID:%s, Name:%s, Age:%d, Time:%s, Sex:%s}", + u.ID, u.Name, u.Age, u.Time, u.Sex, + ) +} + +func (u *User) JavaClassName() string { + return "org.apache.dubbo.sample.User" +} + +type UserProvider struct { + GetUsers func(req []string) ([]*User, error) + GetErr func(ctx context.Context, req *User) (*User, error) + + GetUser func(ctx context.Context, req *User) (*User, error) + + GetUserNew func(ctx context.Context, req1, req2 *User) (*User, error) + + GetUser0 func(id string, name string) (User, error) + GetUser2 func(ctx context.Context, req int32) (*User, error) `dubbo:"getUser"` + GetUser3 func() error + GetGender func(ctx context.Context, i int32) (Gender, error) + Echo func(ctx context.Context, req interface{}) (interface{}, error) // Echo represent EchoFilter will be used +} diff --git a/tls/dubbo/go-server/cmd/server.go b/tls/dubbo/go-server/cmd/server.go new file mode 100644 index 000000000..9613a486a --- /dev/null +++ b/tls/dubbo/go-server/cmd/server.go @@ -0,0 +1,86 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package main + +import ( + "fmt" + "os" + "os/signal" + "syscall" + "time" +) + +import ( + "dubbo.apache.org/dubbo-go/v3/config" + _ "dubbo.apache.org/dubbo-go/v3/imports" + "github.com/dubbogo/gost/log/logger" + + hessian "github.com/apache/dubbo-go-hessian2" +) + +import ( + "github.com/apache/dubbo-go-samples/tls/dubbo/go-server/pkg" +) + +var ( + survivalTimeout = int(3e9) +) + +// need to setup environment variable "DUBBO_GO_CONFIG_PATH" to "conf/dubbogo.yaml" before run +func main() { + + // ------for hessian2------ + hessian.RegisterJavaEnum(pkg.Gender(pkg.MAN)) + hessian.RegisterJavaEnum(pkg.Gender(pkg.WOMAN)) + hessian.RegisterPOJO(&pkg.User{}) + config.SetProviderService(&pkg.UserProvider{}) + config.SetProviderService(&pkg.UserProvider1{}) + config.SetProviderService(&pkg.UserProvider2{}) + config.SetProviderService(&pkg.ComplexProvider{}) + config.SetProviderService(&pkg.WrapperArrayClassProvider{}) + // ------------ + + if err := config.Load(); err != nil { + panic(err) + } + + initSignal() +} + +func initSignal() { + signals := make(chan os.Signal, 1) + // It is not possible to block SIGKILL or syscall.SIGSTOP + signal.Notify(signals, os.Interrupt, syscall.SIGHUP, syscall.SIGQUIT, syscall.SIGTERM, syscall.SIGINT) + for { + sig := <-signals + logger.Infof("get signal %s", sig.String()) + switch sig { + case syscall.SIGHUP: + // reload() + default: + time.AfterFunc(time.Duration(survivalTimeout), func() { + logger.Warnf("app exit now by force...") + os.Exit(1) + }) + + // The program exits normally or timeout forcibly exits. + fmt.Println("provider app exit now...") + return + } + } +} diff --git a/tls/dubbo/go-server/conf/dubbogo.yaml b/tls/dubbo/go-server/conf/dubbogo.yaml new file mode 100644 index 000000000..c9ab3253f --- /dev/null +++ b/tls/dubbo/go-server/conf/dubbogo.yaml @@ -0,0 +1,30 @@ +# dubbo server yaml configure file + +dubbo: + protocols: + dubbo: + name: dubbo + port: 20000 + provider: + services: + UserProvider: + interface: org.apache.dubbo.sample.UserProvider + UserProvider1: + interface: org.apache.dubbo.sample.UserProvider + version: "2.0" + UserProvider2: + interface: org.apache.dubbo.sample.UserProvider + version: "2.0" + group: as + ComplexProvider: + interface: org.apache.dubbo.sample.ComplexProvider + WrapperArrayClassProvider: + interface: org.apache.dubbo.sample.WrapperArrayClassProvider + logger: + zap-config: + level: info + tls_config: + ca-cert-file: ../../../x509/client_ca_cert.pem + tls-cert-file: ../../../x509/server1_cert.pem + tls-key-file: ../../../x509/server1_key.pem + tls-server-name: dubbogo.test.example.com diff --git a/tls/dubbo/go-server/pkg/common_user_provider.go b/tls/dubbo/go-server/pkg/common_user_provider.go new file mode 100644 index 000000000..49e6781ee --- /dev/null +++ b/tls/dubbo/go-server/pkg/common_user_provider.go @@ -0,0 +1,119 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package pkg + +import ( + "context" + "fmt" + "strconv" +) + +import ( + "github.com/apache/dubbo-go-hessian2/java_exception" + + "github.com/dubbogo/gost/log" + + perrors "github.com/pkg/errors" +) + +type CommonUserProvider struct { +} + +func (u *CommonUserProvider) getUser(userID string) (*User, error) { + if user, ok := userMap[userID]; ok { + return &user, nil + } + + return nil, fmt.Errorf("invalid user id:%s", userID) +} + +func (u *CommonUserProvider) GetUser(ctx context.Context, req *User) (*User, error) { + var ( + err error + user *User + ) + + gxlog.CInfo("req:%#v", req) + user, err = u.getUser(req.ID) + if err == nil { + gxlog.CInfo("rsp:%#v", user) + } + return user, err +} + +func (u *CommonUserProvider) GetUser0(id string, name string) (User, error) { + var err error + + gxlog.CInfo("id:%s, name:%s", id, name) + user, err := u.getUser(id) + if err != nil { + return User{}, err + } + if user.Name != name { + return User{}, perrors.New("name is not " + user.Name) + } + return *user, err +} + +func (u *CommonUserProvider) GetUser2(ctx context.Context, req int32) (*User, error) { + var err error + + gxlog.CInfo("req:%#v", req) + user := &User{} + user.ID = strconv.Itoa(int(req)) + return user, err +} + +func (u *CommonUserProvider) GetUser3() error { + return nil +} + +func (u *CommonUserProvider) GetErr(ctx context.Context, req *User) (*User, error) { + return nil, java_exception.NewThrowable("exception") +} + +func (u *CommonUserProvider) GetUsers(req []string) ([]*User, error) { + var err error + + gxlog.CInfo("req:%s", req) + user, err := u.getUser(req[0]) + if err != nil { + return nil, err + } + gxlog.CInfo("user:%v", user) + user1, err := u.getUser(req[1]) + if err != nil { + return nil, err + } + gxlog.CInfo("user1:%v", user1) + + return []*User{user, user1}, err +} + +func (s *CommonUserProvider) GetGender(i int32) (Gender, error) { + if 1 == i { + return Gender(WOMAN), nil + } + return Gender(MAN), nil +} + +func (s *CommonUserProvider) MethodMapper() map[string]string { + return map[string]string{ + "GetUser2": "getUser", + } +} diff --git a/tls/dubbo/go-server/pkg/complex_provider.go b/tls/dubbo/go-server/pkg/complex_provider.go new file mode 100644 index 000000000..5bb386ebb --- /dev/null +++ b/tls/dubbo/go-server/pkg/complex_provider.go @@ -0,0 +1,111 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package pkg + +import ( + "context" +) + +import ( + "github.com/dubbogo/gost/log/logger" +) + +type ComplexData struct { + BooleanData bool + + StringData string + + //UIntData uint + UInt8Data uint8 + UInt16Data uint16 + UInt32Data uint32 + UInt64Data uint64 + + IntData int + Int8Data int8 + Int16Data int16 + Int32Data int32 + Int64Data int64 + + StringStringMapData map[string]string + //StringIntMapData map[string]int + //StringUIntMapData map[string]uint32 + //IntStringMapData map[int]string + //StringUserDefinedMapData map[string]User + StringUserDefinedPtrMapData map[string]*User + + UserDefinedData User + UserDefinedDataPtr *User + + ByteData []byte + + ArrayListData []string + ArrayUserDefinedData []User + ArrayUserDefinedPtrData []*User +} + +func (u *ComplexData) JavaClassName() string { + return "org.apache.dubbo.ComplexData" +} + +type ComplexProvider struct { +} + +func (u *ComplexProvider) InvokeWithMultiBasicData(ctx context.Context, str string, data []byte, num int32, boolValue bool) (int32, error) { + logger.Info("InvokeWithMultiBasicData", str, " ", data, " ", num, " ", boolValue) + return num, nil +} + +func (u *ComplexProvider) InvokeWithEmptyReq(ctx context.Context) error { + logger.Info("InvokeWithEmptyReq") + return nil +} + +func (u *ComplexProvider) InvokeWithSingleString(ctx context.Context, req string) error { + logger.Infof("InvokeWithSingleString, req = %s", req) + return nil +} + +func (u *ComplexProvider) InvokeWithMultiString(ctx context.Context, req, req2, req3 string) error { + logger.Info("InvokeWithMultiString, req = ", req, req2, req3) + return nil +} + +func (u *ComplexProvider) InvokeWithStringList(ctx context.Context, req []string) error { + logger.Infof("InvokeWithStringList, req = %s", req) + return nil +} + +func (u *ComplexProvider) InvokeWithEmptyReqStringRsp(ctx context.Context) (string, error) { + logger.Infof("InvokeWithEmptyReqStringRsp") + return "success rsp", nil +} + +func (u *ComplexProvider) InvokeWithEmptyReqMultiStringRsp(ctx context.Context) (string, string, string, error) { + logger.Infof("InvokeWithEmptyReqMultiStringRsp") + return "success rsp1", "success rsp2", "success rsp3", nil +} + +func (u *ComplexProvider) InvokeWithComplexReqComplexRspPtr(ctx context.Context, req *ComplexData) (*ComplexData, error) { + logger.Infof("InvokeWithComplexReqComplexRsp req = %+v", req) + return req, nil +} + +func (u *ComplexProvider) Reference() string { + return "ComplexProvider" +} diff --git a/tls/dubbo/go-server/pkg/user.go b/tls/dubbo/go-server/pkg/user.go new file mode 100644 index 000000000..09ac37327 --- /dev/null +++ b/tls/dubbo/go-server/pkg/user.go @@ -0,0 +1,109 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package pkg + +import ( + "fmt" + "strconv" + "time" +) + +import ( + hessian "github.com/apache/dubbo-go-hessian2" +) + +type Gender hessian.JavaEnum + +const ( + MAN hessian.JavaEnum = iota + WOMAN +) + +var genderName = map[hessian.JavaEnum]string{ + MAN: "MAN", + WOMAN: "WOMAN", +} + +var genderValue = map[string]hessian.JavaEnum{ + "MAN": MAN, + "WOMAN": WOMAN, +} + +func (g Gender) JavaClassName() string { + return "org.apache.dubbo.sample.Gender" +} + +func (g Gender) String() string { + s, ok := genderName[hessian.JavaEnum(g)] + if ok { + return s + } + + return strconv.Itoa(int(g)) +} + +func (g Gender) EnumValue(s string) hessian.JavaEnum { + v, ok := genderValue[s] + if ok { + return v + } + + return hessian.InvalidJavaEnum +} + +type ( + User struct { + // !!! Cannot define lowercase names of variable + ID string `hessian:"id"` + Name string + Age int32 + Time time.Time + Sex Gender // notice: java enum Object <--> go string + } +) + +var ( + DefaultUser = User{ + ID: "000", Name: "Alex Stocks", Age: 31, + Sex: Gender(MAN), + } + + userMap = make(map[string]User) +) + +func init() { + userMap["000"] = DefaultUser + userMap["001"] = User{ID: "001", Name: "ZhangSheng", Age: 18, Sex: Gender(MAN)} + userMap["002"] = User{ID: "002", Name: "Lily", Age: 20, Sex: Gender(WOMAN)} + userMap["003"] = User{ID: "113", Name: "Moorse", Age: 30, Sex: Gender(WOMAN)} + for k, v := range userMap { + v.Time = time.Now() + userMap[k] = v + } +} + +func (u User) String() string { + return fmt.Sprintf( + "User{ID:%s, Name:%s, Age:%d, Time:%s, Sex:%s}", + u.ID, u.Name, u.Age, u.Time, u.Sex, + ) +} + +func (u User) JavaClassName() string { + return "org.apache.dubbo.sample.User" +} diff --git a/tls/dubbo/go-server/pkg/user_provider.go b/tls/dubbo/go-server/pkg/user_provider.go new file mode 100644 index 000000000..5f9177f3b --- /dev/null +++ b/tls/dubbo/go-server/pkg/user_provider.go @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package pkg + +type UserProvider struct { + CommonUserProvider +} + +type UserProvider1 struct { + CommonUserProvider +} + +type UserProvider2 struct { + CommonUserProvider +} diff --git a/tls/dubbo/go-server/pkg/wrapper_array_class_provider.go b/tls/dubbo/go-server/pkg/wrapper_array_class_provider.go new file mode 100644 index 000000000..9d22ac976 --- /dev/null +++ b/tls/dubbo/go-server/pkg/wrapper_array_class_provider.go @@ -0,0 +1,95 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package pkg + +import ( + "context" +) + +import ( + "github.com/dubbogo/gost/log/logger" + + hessian "github.com/apache/dubbo-go-hessian2" +) + +type WrapperArrayClassProvider struct { +} + +func (u *WrapperArrayClassProvider) InvokeWithJavaIntegerArray(ctx context.Context, ia *hessian.IntegerArray) (*hessian.IntegerArray, error) { + logger.Info("InvokeWithJavaIntegerArray:", ia.Values) + + newV := []int32{1, 2, 3} + ia.Values = newV + return ia, nil +} + +func (u *WrapperArrayClassProvider) InvokeWithJavaBooleanArray(ctx context.Context, ba *hessian.BooleanArray) (*hessian.BooleanArray, error) { + logger.Info("InvokeWithJavaBooleanArray:", ba.Values) + + newV := []bool{true, false, true} + ba.Values = newV + return ba, nil +} + +func (u *WrapperArrayClassProvider) InvokeWithJavaShortArray(ctx context.Context, ba *hessian.ShortArray) (*hessian.ShortArray, error) { + logger.Info("InvokeWithJavaShortArray:", ba.Values) + + newV := []int16{1, 2, 1000} + ba.Values = newV + return ba, nil +} + +func (u *WrapperArrayClassProvider) InvokeWithJavaByteArray(ctx context.Context, ia *hessian.ByteArray) (*hessian.ByteArray, error) { + logger.Info("InvokeWithJavaByteArray:", ia.Values) + + newV := []uint8{1, 2, 200} + ia.Values = newV + return ia, nil +} + +func (u *WrapperArrayClassProvider) InvokeWithJavaFloatArray(ctx context.Context, ia *hessian.FloatArray) (*hessian.FloatArray, error) { + logger.Info("InvokeWithJavaFloatArray:", ia.Values) + + newV := []float32{1, 2, 3} + ia.Values = newV + return ia, nil +} + +func (u *WrapperArrayClassProvider) InvokeWithJavaDoubleArray(ctx context.Context, ia *hessian.DoubleArray) (*hessian.DoubleArray, error) { + logger.Info("InvokeWithJavaDoubleArray:", ia.Values) + + newV := []float64{1, 2, 3} + ia.Values = newV + return ia, nil +} + +func (u *WrapperArrayClassProvider) InvokeWithJavaLongArray(ctx context.Context, ia *hessian.LongArray) (*hessian.LongArray, error) { + logger.Info("InvokeWithJavaLongArray:", ia.Values) + + newV := []int64{1, 2, 3} + ia.Values = newV + return ia, nil +} + +func (u *WrapperArrayClassProvider) InvokeWithJavaCharacterArray(ctx context.Context, ia *hessian.CharacterArray) (*hessian.CharacterArray, error) { + logger.Info("InvokeWithJavaCharacterArray:", ia.Values) + + newV := "hello world" + ia.Values = newV + return ia, nil +} diff --git a/tls/grpc/go-client/cmd/client.go b/tls/grpc/go-client/cmd/client.go new file mode 100644 index 000000000..08e8ac6e6 --- /dev/null +++ b/tls/grpc/go-client/cmd/client.go @@ -0,0 +1,56 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package main + +import ( + "context" +) + +import ( + "dubbo.apache.org/dubbo-go/v3/config" + _ "dubbo.apache.org/dubbo-go/v3/imports" + + "github.com/dubbogo/gost/log" +) + +import ( + pb "github.com/apache/dubbo-go-samples/tls/grpc/protobuf" +) + +var grpcGreeterImpl = new(pb.GreeterClientImpl) + +func init() { + config.SetConsumerService(grpcGreeterImpl) +} + +// need to setup environment variable "CONF_CONSUMER_FILE_PATH" to "conf/client.yml" before run +func main() { + if err := config.Load(); err != nil { + panic(err) + } + + gxlog.CInfo("\n\n\nstart to test dubbo") + req := &pb.HelloRequest{ + Name: "zlber", + } + reply, err := grpcGreeterImpl.SayHello(context.TODO(), req) + if err != nil { + panic(err) + } + gxlog.CInfo("client response result: %v\n", reply.Message) +} diff --git a/tls/grpc/go-client/conf/dubbogo.yaml b/tls/grpc/go-client/conf/dubbogo.yaml new file mode 100644 index 000000000..12529c4ca --- /dev/null +++ b/tls/grpc/go-client/conf/dubbogo.yaml @@ -0,0 +1,17 @@ + +dubbo: + protocols: + dubbo: + name: dubbo + port: 20000 + consumer: + references: + GreeterClientImpl: + url: grpc://localhost:20000 + protocol: grpc + interface: org.apache.dubbo.UserProvider + tls_config: + ca-cert-file: ../../../x509/server_ca_cert.pem + tls-cert-file: ../../../x509/client1_cert.pem + tls-key-file: ../../../x509/client1_key.pem + tls-server-name: dubbogo.test.example.com \ No newline at end of file diff --git a/tls/grpc/go-server/cmd/server.go b/tls/grpc/go-server/cmd/server.go new file mode 100644 index 000000000..c50f32ffe --- /dev/null +++ b/tls/grpc/go-server/cmd/server.go @@ -0,0 +1,79 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package main + +import ( + "context" + "fmt" + "os" + "os/signal" + "syscall" + "time" +) + +import ( + "dubbo.apache.org/dubbo-go/v3/config" + _ "dubbo.apache.org/dubbo-go/v3/imports" +) + +import ( + pb "github.com/apache/dubbo-go-samples/tls/grpc/protobuf" +) + +var ( + survivalTimeout = int(3 * time.Second) +) + +type GreeterProvider struct { + pb.GreeterProviderBase +} + +func (g *GreeterProvider) SayHello(ctx context.Context, req *pb.HelloRequest) (reply *pb.HelloReply, err error) { + fmt.Printf("req: %v", req) + return &pb.HelloReply{Message: "this is message from reply"}, nil +} + +// need to setup environment variable "CONF_PROVIDER_FILE_PATH" to "conf/server.yml" before run +func main() { + config.SetProviderService(&GreeterProvider{}) + if err := config.Load(); err != nil { + panic(err) + } + initSignal() +} + +func initSignal() { + signals := make(chan os.Signal, 1) + // It is not possible to block SIGKILL or syscall.SIGSTOP + signal.Notify(signals, os.Interrupt, syscall.SIGHUP, syscall.SIGQUIT, syscall.SIGTERM, syscall.SIGINT) + for { + sig := <-signals + switch sig { + case syscall.SIGHUP: + // reload() + default: + time.AfterFunc(time.Duration(survivalTimeout), func() { + os.Exit(1) + }) + + // The program exits normally or timeout forcibly exits. + fmt.Println("provider app exit now...") + return + } + } +} diff --git a/tls/grpc/go-server/conf/dubbogo.yaml b/tls/grpc/go-server/conf/dubbogo.yaml new file mode 100644 index 000000000..7458c9b95 --- /dev/null +++ b/tls/grpc/go-server/conf/dubbogo.yaml @@ -0,0 +1,16 @@ +# dubbo server yaml configure file + +dubbo: + protocols: + grpcProtocol: + name: grpc + port: 20000 + provider: + services: + GreeterProvider: + interface: org.apache.dubbo.UserProvider + tls_config: + ca-cert-file: ../../../x509/client_ca_cert.pem + tls-cert-file: ../../../x509/server1_cert.pem + tls-key-file: ../../../x509/server1_key.pem + tls-server-name: dubbogo.test.example.com \ No newline at end of file diff --git a/tls/grpc/protobuf/helloworld.pb.go b/tls/grpc/protobuf/helloworld.pb.go new file mode 100644 index 000000000..70566cff3 --- /dev/null +++ b/tls/grpc/protobuf/helloworld.pb.go @@ -0,0 +1,307 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Code generated by protoc-gen-go. DO NOT EDIT. +// source: helloworld.proto + +package protobuf + +import ( + context "context" + fmt "fmt" + math "math" +) + +import ( + "dubbo.apache.org/dubbo-go/v3/protocol" + "dubbo.apache.org/dubbo-go/v3/protocol/invocation" + + proto "github.com/golang/protobuf/proto" + + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package + +// The request message containing the user's name. +type HelloRequest struct { + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *HelloRequest) Reset() { *m = HelloRequest{} } +func (m *HelloRequest) String() string { return proto.CompactTextString(m) } +func (*HelloRequest) ProtoMessage() {} +func (*HelloRequest) Descriptor() ([]byte, []int) { + return fileDescriptor_17b8c58d586b62f2, []int{0} +} + +func (m *HelloRequest) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_HelloRequest.Unmarshal(m, b) +} +func (m *HelloRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_HelloRequest.Marshal(b, m, deterministic) +} +func (m *HelloRequest) XXX_Merge(src proto.Message) { + xxx_messageInfo_HelloRequest.Merge(m, src) +} +func (m *HelloRequest) XXX_Size() int { + return xxx_messageInfo_HelloRequest.Size(m) +} +func (m *HelloRequest) XXX_DiscardUnknown() { + xxx_messageInfo_HelloRequest.DiscardUnknown(m) +} + +var xxx_messageInfo_HelloRequest proto.InternalMessageInfo + +func (m *HelloRequest) GetName() string { + if m != nil { + return m.Name + } + return "" +} + +// The response message containing the greetings +type HelloReply struct { + Message string `protobuf:"bytes,1,opt,name=message,proto3" json:"message,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *HelloReply) Reset() { *m = HelloReply{} } +func (m *HelloReply) String() string { return proto.CompactTextString(m) } +func (*HelloReply) ProtoMessage() {} +func (*HelloReply) Descriptor() ([]byte, []int) { + return fileDescriptor_17b8c58d586b62f2, []int{1} +} + +func (m *HelloReply) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_HelloReply.Unmarshal(m, b) +} +func (m *HelloReply) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_HelloReply.Marshal(b, m, deterministic) +} +func (m *HelloReply) XXX_Merge(src proto.Message) { + xxx_messageInfo_HelloReply.Merge(m, src) +} +func (m *HelloReply) XXX_Size() int { + return xxx_messageInfo_HelloReply.Size(m) +} +func (m *HelloReply) XXX_DiscardUnknown() { + xxx_messageInfo_HelloReply.DiscardUnknown(m) +} + +var xxx_messageInfo_HelloReply proto.InternalMessageInfo + +func (m *HelloReply) GetMessage() string { + if m != nil { + return m.Message + } + return "" +} + +func init() { + proto.RegisterType((*HelloRequest)(nil), "protobuf.HelloRequest") + proto.RegisterType((*HelloReply)(nil), "protobuf.HelloReply") +} + +func init() { proto.RegisterFile("helloworld.proto", fileDescriptor_17b8c58d586b62f2) } + +var fileDescriptor_17b8c58d586b62f2 = []byte{ + // 183 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0xc8, 0x48, 0xcd, 0xc9, + 0xc9, 0x2f, 0xcf, 0x2f, 0xca, 0x49, 0xd1, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x00, 0x53, + 0x49, 0xa5, 0x69, 0x4a, 0x4a, 0x5c, 0x3c, 0x1e, 0x20, 0xd9, 0xa0, 0xd4, 0xc2, 0xd2, 0xd4, 0xe2, + 0x12, 0x21, 0x21, 0x2e, 0x96, 0xbc, 0xc4, 0xdc, 0x54, 0x09, 0x46, 0x05, 0x46, 0x0d, 0xce, 0x20, + 0x30, 0x5b, 0x49, 0x8d, 0x8b, 0x0b, 0xaa, 0xa6, 0x20, 0xa7, 0x52, 0x48, 0x82, 0x8b, 0x3d, 0x37, + 0xb5, 0xb8, 0x38, 0x31, 0x1d, 0xa6, 0x08, 0xc6, 0x35, 0x72, 0xe5, 0x62, 0x77, 0x2f, 0x4a, 0x4d, + 0x2d, 0x49, 0x2d, 0x12, 0xb2, 0xe2, 0xe2, 0x08, 0x4e, 0xac, 0x04, 0xeb, 0x12, 0x12, 0xd3, 0x83, + 0xd9, 0xa6, 0x87, 0x6c, 0x95, 0x94, 0x08, 0x86, 0x78, 0x41, 0x4e, 0xa5, 0x12, 0x83, 0x93, 0x36, + 0x97, 0x40, 0x7e, 0x51, 0xba, 0x5e, 0x62, 0x41, 0x62, 0x72, 0x46, 0xaa, 0x5e, 0x4a, 0x69, 0x52, + 0x52, 0xbe, 0x13, 0x3f, 0x58, 0x45, 0x38, 0xc8, 0x0b, 0x01, 0x20, 0x4d, 0x01, 0x8c, 0x8b, 0x98, + 0x98, 0x3d, 0x7c, 0xc2, 0x93, 0xd8, 0xc0, 0x66, 0x18, 0x03, 0x02, 0x00, 0x00, 0xff, 0xff, 0xde, + 0x1e, 0xf0, 0xa3, 0xe4, 0x00, 0x00, 0x00, +} + +// Reference imports to suppress errors if they are not otherwise used. +var _ context.Context +var _ grpc.ClientConnInterface + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +const _ = grpc.SupportPackageIsVersion6 + +// GreeterClient is the client API for Greeter service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. +type GreeterClient interface { + // Sends a greeting + SayHello(ctx context.Context, in *HelloRequest, opts ...grpc.CallOption) (*HelloReply, error) +} + +type greeterClient struct { + cc grpc.ClientConnInterface +} + +func NewGreeterClient(cc grpc.ClientConnInterface) GreeterClient { + return &greeterClient{cc} +} + +func (c *greeterClient) SayHello(ctx context.Context, in *HelloRequest, opts ...grpc.CallOption) (*HelloReply, error) { + out := new(HelloReply) + err := c.cc.Invoke(ctx, "/protobuf.Greeter/SayHello", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// GreeterServer is the server API for Greeter service. +type GreeterServer interface { + // Sends a greeting + SayHello(context.Context, *HelloRequest) (*HelloReply, error) +} + +// UnimplementedGreeterServer can be embedded to have forward compatible implementations. +type UnimplementedGreeterServer struct { +} + +func (*UnimplementedGreeterServer) SayHello(ctx context.Context, req *HelloRequest) (*HelloReply, error) { + return nil, status.Errorf(codes.Unimplemented, "method SayHello not implemented") +} + +func RegisterGreeterServer(s *grpc.Server, srv GreeterServer) { + s.RegisterService(&_Greeter_serviceDesc, srv) +} + +func _Greeter_SayHello_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(HelloRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(GreeterServer).SayHello(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/protobuf.Greeter/SayHello", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(GreeterServer).SayHello(ctx, req.(*HelloRequest)) + } + return interceptor(ctx, in, info, handler) +} + +var _Greeter_serviceDesc = grpc.ServiceDesc{ + ServiceName: "protobuf.Greeter", + HandlerType: (*GreeterServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "SayHello", + Handler: _Greeter_SayHello_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "helloworld.proto", +} + +// GreeterClientImpl is the client API for Greeter service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. +type GreeterClientImpl struct { + // Sends a greeting + SayHello func(ctx context.Context, in *HelloRequest) (HelloReply, error) +} + +func (c *GreeterClientImpl) GetDubboStub(cc *grpc.ClientConn) GreeterClient { + return NewGreeterClient(cc) +} + +// DubboGrpcService is gRPC service +type DubboGrpcService interface { + // SetProxyImpl sets proxy. + SetProxyImpl(impl protocol.Invoker) + // GetProxyImpl gets proxy. + GetProxyImpl() protocol.Invoker + // ServiceDesc gets an RPC service's specification. + ServiceDesc() *grpc.ServiceDesc +} + +type GreeterProviderBase struct { + proxyImpl protocol.Invoker +} + +func (s *GreeterProviderBase) SetProxyImpl(impl protocol.Invoker) { + s.proxyImpl = impl +} + +func (s *GreeterProviderBase) GetProxyImpl() protocol.Invoker { + return s.proxyImpl +} + +func _DUBBO_Greeter_SayHello_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(HelloRequest) + if err := dec(in); err != nil { + return nil, err + } + base := srv.(DubboGrpcService) + args := []interface{}{} + args = append(args, in) + invo := invocation.NewRPCInvocation("SayHello", args, nil) + if interceptor == nil { + result := base.GetProxyImpl().Invoke(ctx, invo) + return result.Result(), result.Error() + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/protobuf.Greeter/SayHello", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + result := base.GetProxyImpl().Invoke(ctx, invo) + return result.Result(), result.Error() + } + return interceptor(ctx, in, info, handler) +} + +func (s *GreeterProviderBase) ServiceDesc() *grpc.ServiceDesc { + return &grpc.ServiceDesc{ + ServiceName: "protobuf.Greeter", + HandlerType: (*GreeterServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "SayHello", + Handler: _DUBBO_Greeter_SayHello_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "helloworld.proto", + } +} diff --git a/tls/grpc/protobuf/helloworld.proto b/tls/grpc/protobuf/helloworld.proto new file mode 100644 index 000000000..5750e7256 --- /dev/null +++ b/tls/grpc/protobuf/helloworld.proto @@ -0,0 +1,37 @@ +// Copyright 2015 The gRPC Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +syntax = "proto3"; + +option java_multiple_files = true; +option java_package = "org.apache.dubbo"; +option java_outer_classname = "HelloWorldProto"; +option objc_class_prefix = "HLW"; + +package protobuf; + +// The greeting service definition. +service Greeter { + // Sends a greeting + rpc SayHello (HelloRequest) returns (HelloReply) {} +} + +// The request message containing the user's name. +message HelloRequest { + string name = 1; +} + +// The response message containing the greetings +message HelloReply { + string message = 1; +} \ No newline at end of file diff --git a/tls/grpc/protobuf/protobuf.mk b/tls/grpc/protobuf/protobuf.mk new file mode 100644 index 000000000..0d7e06f1b --- /dev/null +++ b/tls/grpc/protobuf/protobuf.mk @@ -0,0 +1,26 @@ +.PHONY: compile +PROTOC_GEN_GO := $(GOPATH)/bin/protoc-gen-go +PROTOC := $(shell which protoc) +ifeq ($(PROTOC),) + PROTOC = must-rebuild +endif + +UNAME := $(shell uname) + +$(PROTOC): +ifeq ($(UNAME), Darwin) + brew install protobuf +endif +ifeq ($(UNAME), Linux) + sudo apt-get install protobuf-compiler +endif + +$(PROTOC_GEN_GO): + go get -u dubbo.apache.org/dubbo-go/v3/protocol/grpc/protoc-gen-dubbo + +helloworld.pb.go: helloworld.proto | $(PROTOC_GEN_GO) $(PROTOC) + protoc -I . helloworld.proto --dubbo_out=plugins=grpc+dubbo:. + +.PHONY: compile +compile: helloworld.pb.go + diff --git a/tls/triple/codec/codec.go b/tls/triple/codec/codec.go new file mode 100644 index 000000000..a0062197e --- /dev/null +++ b/tls/triple/codec/codec.go @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package codec + +import ( + "encoding/json" +) + +import ( + "github.com/dubbogo/grpc-go/encoding" + + triCommon "github.com/dubbogo/triple/pkg/common" +) + +func init() { + triCommon.SetTripleCodec("json", NewJSONCodec) +} + +func NewJSONCodec() encoding.Codec { + return &JSONCodec{} +} + +type JSONCodec struct { +} + +func (j *JSONCodec) Name() string { + return "json" +} + +func (j *JSONCodec) Marshal(v interface{}) ([]byte, error) { + return json.Marshal(v) +} + +func (j *JSONCodec) Unmarshal(data []byte, v interface{}) error { + return json.Unmarshal(data, v) +} diff --git a/tls/triple/go-client/cmd/client.go b/tls/triple/go-client/cmd/client.go new file mode 100644 index 000000000..093504743 --- /dev/null +++ b/tls/triple/go-client/cmd/client.go @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package main + +import ( + "context" +) + +import ( + "dubbo.apache.org/dubbo-go/v3/config" + _ "dubbo.apache.org/dubbo-go/v3/imports" + "github.com/dubbogo/gost/log/logger" +) + +import ( + _ "github.com/apache/dubbo-go-samples/tls/triple/codec" +) + +type User struct { + ID string + Name string + Age int32 +} + +type UserProvider struct { + GetUser func(context.Context, *User, *User, string) (*User, error) +} + +var userProvider = new(UserProvider) + +// export DUBBO_GO_CONFIG_PATH=PATH_TO_SAMPLES/rpc/triple/codec-extension/go-client/conf/dubbogo.yaml +func main() { + config.SetConsumerService(userProvider) + if err := config.Load(); err != nil { + panic(err) + } + + user, err := userProvider.GetUser(context.TODO(), &User{Name: "zlber"}, &User{Name: "zlber2"}, "testName") + if err != nil { + panic(err) + } + logger.Infof("response result: %v\n", user) +} diff --git a/tls/triple/go-client/conf/dubbogo.yaml b/tls/triple/go-client/conf/dubbogo.yaml new file mode 100644 index 000000000..b1472c60b --- /dev/null +++ b/tls/triple/go-client/conf/dubbogo.yaml @@ -0,0 +1,13 @@ +dubbo: + consumer: + references: + UserProvider: + url: tri://localhost:20000 + protocol: tri + serialization: json + interface: com.apache.dubbogo.samples.rpc.extension.UserProvider # must be compatible with grpc or dubbo-java server + tls_config: + ca-cert-file: ../../../x509/server_ca_cert.pem + tls-cert-file: ../../../x509/client2_cert.pem + tls-key-file: ../../../x509/client2_key.pem + tls-server-name: dubbogo.test.example.com \ No newline at end of file diff --git a/tls/triple/go-server/cmd/server.go b/tls/triple/go-server/cmd/server.go new file mode 100644 index 000000000..1096362fe --- /dev/null +++ b/tls/triple/go-server/cmd/server.go @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package main + +import ( + "context" +) + +import ( + "dubbo.apache.org/dubbo-go/v3/config" + _ "dubbo.apache.org/dubbo-go/v3/imports" + "github.com/dubbogo/gost/log/logger" +) + +import ( + _ "github.com/apache/dubbo-go-samples/tls/triple/codec" +) + +type User struct { + ID string + Name string + Age int32 +} + +type UserProvider struct { +} + +func (u *UserProvider) GetUser(ctx context.Context, req *User, req2 *User, name string) (*User, error) { + logger.Infof("req:%#v", req) + logger.Infof("req2:%#v", req2) + logger.Infof("name%#v", name) + rsp := User{"12345", req.Name + req2.Name, 18} + logger.Infof("rsp:%#v", rsp) + return &rsp, nil +} + +// export DUBBO_GO_CONFIG_PATH=PATH_TO_SAMPLES/rpc/triple/codec-extension/go-server/conf/dubbogo.yaml +func main() { + config.SetProviderService(&UserProvider{}) + if err := config.Load(); err != nil { + panic(err) + } + select {} +} diff --git a/tls/triple/go-server/conf/dubbogo.yaml b/tls/triple/go-server/conf/dubbogo.yaml new file mode 100644 index 000000000..31d81a8b6 --- /dev/null +++ b/tls/triple/go-server/conf/dubbogo.yaml @@ -0,0 +1,15 @@ +dubbo: + protocols: + triple: + name: tri + port: 20000 + provider: + services: + UserProvider: + serialization: json + interface: com.apache.dubbogo.samples.rpc.extension.UserProvider + tls_config: + ca-cert-file: ../../../x509/client_ca_cert.pem + tls-cert-file: ../../../x509/server2_cert.pem + tls-key-file: ../../../x509/server2_key.pem + tls-server-name: dubbogo.test.example.com \ No newline at end of file diff --git a/tls/x509/README.md b/tls/x509/README.md new file mode 100644 index 000000000..661caf4ac --- /dev/null +++ b/tls/x509/README.md @@ -0,0 +1,6 @@ +This directory contains x509 certificates and associated private keys used in +gRPC-Go tests. + +How were these test certs/keys generated ? +------------------------------------------ +Run `./create.sh` diff --git a/tls/x509/client1_cert.pem b/tls/x509/client1_cert.pem new file mode 100644 index 000000000..6f82cc3be --- /dev/null +++ b/tls/x509/client1_cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFcTCCA1mgAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNV +BAMMDnRlc3QtY2xpZW50X2NhMB4XDTIxMTIyMzE4NDI1MVoXDTMxMTIyMTE4NDI1 +MVowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBALUoje/J3uPOJ0dapY2s7mGLVPhYRaHyRnJE2/TY +zFOB0IisAF3R7BIDufQrHhk3fh0JazCw95TDD9rxsKEVs6Z50lmDkrg/bjlsniE/ +n+M1JacaLQW7xfh2L+Ei4jvMr101nAsimd6IxFU9m3+2SFbhPBG/GWWJ2ZKqQblz +DVMpNg9FYNmMe45vLevOhdPQBE4cVoAPhI9Je+P4Koslebhor0koUeQVeYdBbCq3 +3dQJPAHjBST6mD9mJI4yVrE3Xso3LO85WROUPhRYQyXhrgU15W6g9qTpMTfkriUe +FYLCtAPU9LBodyvjYLuwoEoyRVsA6Zh/vABteD8Afl552fV9KwN2fRVbTDAxQCp7 +P8gE3/rD1RKv7KBNJ/LrwMu7g4VO+tzYDxWee+eXPQ6M/zRWAb3E0v3UNHsF1ZBl +rlFhEiRShHrXDEKMQwCTSrRjwYajUpZ/Hq2USDgkLepKmTmCaoBfWHPyZwblqSTn +A4DNOh5N23eJyrLnJOPYjzZqEPfX5hDTjFRdVTQxtmYlJ1muwtlNyuwZDImhjO6G +54pPj/bV6gy1+YpIQBemPoXtqqmcRiEVWSV5zAizwRaWf85tqpxb1Tjuj2OpD9le +oO4JX0HLjhyQBoKspNohu2I4+s7ex/w92bf76cTpYTbMJqIp37YZmfPVztHVaMl4 +W0xRAgMBAAGjVzBVMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMRdhhib+RS6IJpQ +zFsaKH1BNbyZMA4GA1UdDwEB/wQEAwIF4DAWBgNVHSUBAf8EDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAgEAHyQwLSo/UdSoZCKcdeb0DCkeABRMUPIysroj +gQJCe3cAKOT+TxL6Qnp6jzM2/vt2T/lzlRp7RAB1jH3J4wy5re4cbCn1sbII3Rog +Nm4PKcw6hfUET44t1Gk9DsCjgvxEIirFBWVpxfn+YDI916iH1fkNURaMP+yxpQBL +3K4bmxanBiyBUHC8cyChLMD2NwXjOAA4pZFk0ohpmK0YUk4ra3Z3Q30DCH6NZ1ZP +aOMDHrCXU6MLlmPk8yiOnotgjqiYEgi3Bzxd/OHpR41Xo8k6g3UrN2GEQFs17ibQ +CQasxodOar5Vezu6ZKCYk5TaY4lugT34w+qxi8tVF54WY2jtWY5PUmU6ZT2Dw5cn +CQzlPUdEebOc1hltTvsD049/2lZmGlMXk0dykxy51jYAYznf2rb3cnC1vu1Wgi3w +J28xXBYD8AvME9jaJ6g3L+KR+AFCSLqpUsTxvu9zKf6pLrVtOCl+9G69uOK/wono +yMGNeel8rkzwzzr1LNrhmcKHqipkq83vqxIUT/mbpBUKO1ZXVG/TWKS6bpBTc4Pn +hBCIvGOSyoKuEiXnFr6fqLhLskUNcCNl7iOfA9h/MhS5ZufJXhhXu3Wbo/KC/mNh +y+fr1S9AyA+EJaYtJRKAOeewGvXYb881UNXWGCQU1aVNJnujRKFyhd07sEjxsad9 +Bn/aYes= +-----END CERTIFICATE----- diff --git a/tls/x509/client1_key.pem b/tls/x509/client1_key.pem new file mode 100644 index 000000000..6cd652c55 --- /dev/null +++ b/tls/x509/client1_key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKgIBAAKCAgEAtSiN78ne484nR1qljazuYYtU+FhFofJGckTb9NjMU4HQiKwA +XdHsEgO59CseGTd+HQlrMLD3lMMP2vGwoRWzpnnSWYOSuD9uOWyeIT+f4zUlpxot +BbvF+HYv4SLiO8yvXTWcCyKZ3ojEVT2bf7ZIVuE8Eb8ZZYnZkqpBuXMNUyk2D0Vg +2Yx7jm8t686F09AEThxWgA+Ej0l74/gqiyV5uGivSShR5BV5h0FsKrfd1Ak8AeMF +JPqYP2YkjjJWsTdeyjcs7zlZE5Q+FFhDJeGuBTXlbqD2pOkxN+SuJR4VgsK0A9T0 +sGh3K+Ngu7CgSjJFWwDpmH+8AG14PwB+XnnZ9X0rA3Z9FVtMMDFAKns/yATf+sPV +Eq/soE0n8uvAy7uDhU763NgPFZ5755c9Doz/NFYBvcTS/dQ0ewXVkGWuUWESJFKE +etcMQoxDAJNKtGPBhqNSln8erZRIOCQt6kqZOYJqgF9Yc/JnBuWpJOcDgM06Hk3b +d4nKsuck49iPNmoQ99fmENOMVF1VNDG2ZiUnWa7C2U3K7BkMiaGM7obnik+P9tXq +DLX5ikhAF6Y+he2qqZxGIRVZJXnMCLPBFpZ/zm2qnFvVOO6PY6kP2V6g7glfQcuO +HJAGgqyk2iG7Yjj6zt7H/D3Zt/vpxOlhNswmoinfthmZ89XO0dVoyXhbTFECAwEA +AQKCAgEAjtzrijWVy+sQuMm4k1DUMSKzIKJkT4GDoqvBFoc+I4DVVmLmaxaYZ+B+ +bhruwo4rq3R5Ds4QgUWPJGfDllVJ9rhNdYA4XYrQPwL0dV36ljCcf/o5lTLuvbFe +stpStTwG86fKZlGkLIWI53wNPBshUzqOp6QfwB6E8Y/JAxnDYVi3pDVfWlDaQ4pU +GYklqtN6AauBX75dGK6nwDE+Q7uLES2lRjlA03FIBK1IQyv7CTM7GnXQ4cep9x1z +KJx0F4+F9kyq6AE+yRz4FA1C7wXZuYw2YhcYSxcHVH/IAceGyTcIxZjUWqYXjQnk +iD+TONAKN+kxTq01MtUhpfWasqC/i+6QU1eqf5YWpd6GsRKyrGgO02NND/SM6Z3V ++S9og4QAjdUyc8dkN+udd1K1CeYNFbmhrYpF2aS9k/PjDP3L137hDW6Cy+thIjZP +u9OB6ba2yUrbQDlmkCbh0vX+77HKAbT5bj8h9r7MqzNsPsgkaKS8gZ79T/Whr/ft +Xiu+eo/u1jtjwUjNMKGxQ9XiU2UU7QccthHHLcYaiv4eySHXA75h+Sho9cD1Vvs/ +ms1/nbCSuU9TSK0UK/V8YjeDA0eVGtDCX3weIW2ECQ80SoT7uf+fhjaLkvOadb7f +1O9DvYVYZvblxUm8ajOh+/n9VyB/I9R9Q8GdGiauXy16uXLZMdECggEBAPEx+4aR +XfuXmnEoPk3GpvyrRlrMy02aklrATKcxeAYo2uiIcuQv65E3AmE1GHpoxmAKjLty +fuUfGdT7f4uGeF6p+IEkW4jQm56UFbCdun9kduEaN9FRylTBqUKWIY2rtRS6nHZ8 +bAkL/6Uv3g9NWx95rV7HnAfC2n6AIvc8LRfQVVqSvjPbsEPvJAT2353D0Rb7vC2M +1hKeBrSNBiy57EKnrMDOhNpBvSBU0Zc+YsBRNAimKyBz7dt35H+THkFaEk9vGtG0 +QkDvngPzSX99Ojwk2mo9jGrh7LHErWih5C73IfvYUh3kyEwbZ5y25i9Z0F37boIG +jHSVvcPp+9x9PNUCggEBAMBHLyhBUAQVZFXtWysr0BjO34XffgkSt1XQa8cVxif7 +glWauUZtjfC7PT/qgY0mx2dI2bDcKiQQCBlVavP1RLRwj3rZv23eit7z13UgHSa6 +3dnsgpO2Zux6qoV48lO4xbuFqZtW+MP+9jthKwr95r8lmZ4cmGQwXXcqNsR7skFt +30Uhcyn+MTfyLwcqt8g9i98rrJmbPAuIME/Sz9DLIi6UxQLI6MeEn92AzECNDp18 +CypOL+sDrLw/7HNHNoSblgm628BHpBgT2qaOYnawRr0gni7MHXOAbDopKYDAtLuU +ZMFjlILdfiSDouhvKtMlZG9arTB0TasdAQJGPz53H40CggEBAJ4JDvJsOzVHb2Vn +ZfNWD0INA0spVqhheDXIPDFsg2UdzdmA1i7XizUZ4xBIVuKV1i1FnFKRwb1ktGtN +4pNMJ4B3RCFx7hvl+6FbDB8uKe2gqRfzMtGPEtCYF8xOTGvkLwEHCM/F1I/U8cuN +YqWKHQOxmTw58+1N6hXq5X4zSqSI1/RBpCiccJEClwo9q+VWUaEKjpEV74pBSslw +gbQ6mihOby3h40CSxFXz3WSI9vFmA38LScS40Qf1NZ21iqRtXQP5G4x93M9pcZLL +DMRhDBAuYYItE91QbONJqAmf0cBII1c9tQhrSCY96pTPbmFmKtX5kb3Whp85Ih7F +KEafNIUCggEBALMnoIDZmjyz0fFeX3wyLotu9kY+n6jEj56dvE6bsy694grxR4Cf +w4lybPeJAX0LjPBnqK5p9bn0VheEx0rYVVPrLUVCbmNo3+wtN6wiaAcWRnAvNtt7 +MRtWkFwc/W2U1GiNeiMLPm8guT1KpFhxiva/igsQic2QYwYNh0o8FzNvtIEtUajm +9+Uw+zCqVON2tUUT5JabVa9JDfrSamAZZZgRdh/KI1sD8BDrWWUsCVojoiOhBnTr +z5730ND4oYudjIc0XF0kY3krxqc6M/Ry+vZt1fW0qhxcpHrsr4cQB1ZgRiELL+1f +g5FyNfBs5HIofRRkYMqtE1FEjRQZcAQ76mECggEAaOUtM9BZuV9gEwmG4hmFfeXq +vJOMvlsDkRRbLuDQ1B8Vw3v7lt1+K+KfBt96MoQe08MyXM7sIMB+hn+zakNaM2W6 +UzTnAPQQAo+wELqj6U3DrV7zw7I1hZTA9G7qxMAQBEmk3u2q4/zWDAcyAx3D9JVj +L3G14pYf0drFLChnknVTPRaF0Q5upLYzCPLMa9w0FLKy6fkfdWdpzyjvW7+JEeFY +koA98hrottqJB2CcqehQDSCUHKKbd5U15y1NV1BQloaPJLwpPAVTkBszQSHanltN +l9POJBJlfQ1eWL88wHdKiLbtOg6PTfAmfghIRxakjHvxBgFO1/xG6Lxm7QwUDQ== +-----END RSA PRIVATE KEY----- diff --git a/tls/x509/client2_cert.pem b/tls/x509/client2_cert.pem new file mode 100644 index 000000000..2cffdeafb --- /dev/null +++ b/tls/x509/client2_cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFcTCCA1mgAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNV +BAMMDnRlc3QtY2xpZW50X2NhMB4XDTIxMTIyMzE4NDI1MloXDTMxMTIyMTE4NDI1 +MlowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MjCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBALb7KLFguOBiEHR8FBI/0AFs2X3s7fN5ZCOkTf4p +s9LwAcBWm5/zUqzvZCSui+4sr3qN1b1D+Xbc4xH9+WcxfbeoA2w4d2FKKJ0qaShD +Mu4XTQfj9B7g5GZ+FUeP9rScqgJ+WFeOM6QoAgRrFAS0AMP21TpDue4AVKmD1trX +z3f1DaRBtcUa4zlk2J0GBQDPyPB4worxhZ0IW+OLz2RIl8AWJBDFKMgscxEx239t +GTOY9H6hPI7Py2koknj7LBNc84lf2PVFw5OytQYglmtkFQqntyVxtETAOL4pFOjj +Zw6MAnQBGLS6nhiXG1LkZuvWJn1T5ewhci4qNVpv/8LtrPc2Fv7jb86I5XJvdOGv +hYC6IwS9Psg9oCYaIzyandoSj8SEwXaQuD98ROBUs1raasLedg3d4xNeZCRRmnzE +me+IpHm/wS4hTMxQJHYVewNB68fl6FoyRAqoXNy5yi8uMJKbjqb9E7niQCQRO9vQ +eX0TrB23uoUXbdTz95uMiw8yy/xz11/h59TxN9cOiqDf74tymgH0jTwO8eg/bzKU +zTXxTANcfGDvS1vR+yaZDxNbZ/3A4+NzNF0M/Z7AHgEzUcx4yu2shrXXr3dhNpzb +crk9yoCnEAiP1i54euqaOOrp6O34cRCCBE18j+oEEIIfYdMRXorCPxHRzdHKlJ5K +OfRZAgMBAAGjVzBVMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCIxr8jA3srbonwd +2AoxV5teDkuzMA4GA1UdDwEB/wQEAwIF4DAWBgNVHSUBAf8EDDAKBggrBgEFBQcD +AjANBgkqhkiG9w0BAQsFAAOCAgEAT4hUMxXeg6cqFyyg8TeStBI3fWtmVKahlsba +Nh1KlZe5ZVTwWKh6ULn2zvSqy0t28wpER8Ky2a/yBxsssvPKGQBUgUUmUOSy0Zzk +ICU+pDJrVtZ02vOPlrx23SpnE3EFs3yXMGO5B0RGScHG62YjHyBDPJH3Gun4CB2W +PpthtYIX2FN5g15T3r6UZy62w7SjUEu5z5Ke7IOiAcnXNOXtozv4J9v3bt2Kg7WB +YS80r6b6cyOhO57jobdRBcdsWWogBXBn+ciaL8z3gLNWPs6YooA/6/95Vq0uV8t3 +xfq0XH1dbcdZOnalSwNEyOgLKxQ/yggOd9ridk9e5cGBBIfw1v1N1qDkOWjcdEoR +qjAjR4pgUa+d92/HNLYG8SqVGqACjUUQM6tigw6tHUbeqpk1iI7vT8Cl6Er6bEYE +tMTWEcWAI7GsqJXl2SJPMsObjBg34aZJnU+xxedMDF+OYZXzYeYk2De7uhXUi3iu +46alockzYqOdN6vE99Y7757C1X3N62PnEUhZN0Ri9D7i1yjQ9t0CCucam6hcqcEH +fcDIsXTQz0l97iztkPhcLd3kzAg2pXopwuHkhd3Ih5So5/m1V0rjHVVtrbSkN8/u +JlHy0/tNsJ1OaJKRqd665M9IhaRrc9KP0lzHoA1ZpUsRKo/Be8gNUaw9EP1CMDny +kKizg2s= +-----END CERTIFICATE----- diff --git a/tls/x509/client2_key.pem b/tls/x509/client2_key.pem new file mode 100644 index 000000000..a9563fbf1 --- /dev/null +++ b/tls/x509/client2_key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAtvsosWC44GIQdHwUEj/QAWzZfezt83lkI6RN/imz0vABwFab +n/NSrO9kJK6L7iyveo3VvUP5dtzjEf35ZzF9t6gDbDh3YUoonSppKEMy7hdNB+P0 +HuDkZn4VR4/2tJyqAn5YV44zpCgCBGsUBLQAw/bVOkO57gBUqYPW2tfPd/UNpEG1 +xRrjOWTYnQYFAM/I8HjCivGFnQhb44vPZEiXwBYkEMUoyCxzETHbf20ZM5j0fqE8 +js/LaSiSePssE1zziV/Y9UXDk7K1BiCWa2QVCqe3JXG0RMA4vikU6ONnDowCdAEY +tLqeGJcbUuRm69YmfVPl7CFyLio1Wm//wu2s9zYW/uNvzojlcm904a+FgLojBL0+ +yD2gJhojPJqd2hKPxITBdpC4P3xE4FSzWtpqwt52Dd3jE15kJFGafMSZ74ikeb/B +LiFMzFAkdhV7A0Hrx+XoWjJECqhc3LnKLy4wkpuOpv0TueJAJBE729B5fROsHbe6 +hRdt1PP3m4yLDzLL/HPXX+Hn1PE31w6KoN/vi3KaAfSNPA7x6D9vMpTNNfFMA1x8 +YO9LW9H7JpkPE1tn/cDj43M0XQz9nsAeATNRzHjK7ayGtdevd2E2nNtyuT3KgKcQ +CI/WLnh66po46uno7fhxEIIETXyP6gQQgh9h0xFeisI/EdHN0cqUnko59FkCAwEA +AQKCAgEAtP73H42nEfyufiqFyA9q9x3ufMsyDFYVIdRSeYhSoeJaOSDyS2NqcjlR ++57UN0HoSfemZtKoHlUcHx3z54li65m72P55x7iNN/lNj0/5Pt25ioaHYUvfYSpy +bhkPVVRqLpE/XUwB9OzGIgyw/n33C+BKxplbfvrAw/TvQAWc6PFzDvkYjeGsxYbl +ZV0g8c6W2pb5CGsjWVN9YTVYbcAIqy67egMr9eVR5L5GemM2PH2dyuw+dJ1CfcBu +MlFxJa4aD9bJSsQ5Uw3AVlFBuPSEg8emN9mjESZ6ek80qbDWreL8QjcbcxntbDF8 +C6B11e48oFeu5MWopdWGdPC4Mt7a6Pjjy/ESGHcKqiDPP0VdcEgKpmowXI2CtXfz +k9bbIAoveMgFThX4eb/d5DzYXID9MkSd3GdZXMa2Z2xqX3/S4dujWKda0VlN61vd +3sX0Xd6Wno91vobjFx3tqhqumKpZ/1MjNDqzB6v0lRzxaiFPT5/h6hTIzGKslzvJ +H9bTUyoocXo6Xuskw5FHcM3VFriJljfFOi09eqVvldSvaBosYc6MIRuw8zuGuSon +q9ZBIYDgdnfuXhMh2cohEUOHoi692FgGsC651rl/bgHncx3q7IS995vz8NzmZF2V +dpN9q4v6nwBuePQs23s2MAEF5REyeOR/eA7gWbtGASnZMfmyk6kCggEBAOMGYgAZ +JMr3dY0bZsp2hdS2quHau2mUIEvV4FMvu/FLLiFq0JMHNe3vlmZrTLR/JW9TfK00 +ymPXEc/v01raJDeG2Y7I0086v65tDmdHyEE30MLEYNww2XsPqZIoacJNEvr/Jmki +O/nSaUszxJ4ygOGA6u7oJi1YJ+l2Oe8kQ6UMxoDHSDO0Y2Fjhg+TKCF0+a0Y9ddP +Q8k0B3MOXUcUuGk5ZtnXXJbDBq2Fvpf/pGsCp9twESyu/nbGSGKAClH3hfxXNU/C +jBUbX9Jyxgw5ZqWqRIt7O5NBliav3MClKKKVBYWQiju0SjV4GC2s7kF3lfohFq6R +ltGgn0pxaXsLqbMCggEBAM5Vubx62pQ9O36FPCp4yLCzMeGuuTA0Wq8LoC1OtBvq +OtHjKZdmx+Pe4W224iyceK1hEYNd18Byv1w/FSJPR5U9W+jk/GYTQ1WlMosAeGYG +fNvuLCJUDxO1cDimRIuCiQeAeYiAgCmyfmsdaUEiwMYsI22ITlSeKavIULiZDvc6 +JUQfDgfsmmD9ZtxVhwyGuLgqnHEOxXv4Cti511/iYbwM1NMB1tvmuDpjZAwpQMpl +/Fq4N/cNCe91/sAF/a3VXMZlxXey1kGmXLlCPFdzGGMGelI0v8cbB+dJ11NnZDC7 +EZPknj4jiEHVkN7/jl+WVk4zhfr8l85xh5Q+nP8/C8MCggEAPNUkA3S5WC2w8Qur +oorZ16LO7VAoMeVANjHsNz4uNTz48nllxFAFUmmFupH77s23ITqUyPDBXrlti3Nv +BgQ3+i0HNOx5Oty6KioM1v30Gg2zwczPS5FHZWNQA9sSY781W85s43UJ7ypDjqQj +hmRwBnz99uB8AmCB6VwFsB/ehGaE9lLv9PLcQmdhr+C1uylWEd0DWxthRZPMfzcV +JYvW0lNQTQUZSUifDHYvGRmmXApNIk7IO1n006zUDpjSqx4RaAmSPnoaATnhlkms +6e+joraaQWnXD+FeM6WiGHjpB4+4+A5ADDmGPQeeKvcQrLg3ltuw8TwP1sIcjN0Q +76izYwKCAQEAlYaQPCN3pTeelrhs+oZfQZYKjvb0oxc9pF6zbEH9ycD7cUDC0kIc +l2jcSore6t9VoKeYbm+iO4esX2gjo6J6SI+XvHW85ygMgtNdhlgH6D/JWgQGnbX2 +2xyAP71WLReiv/n9mMsulYkRjgRZU2eg9bvkzKqbwTyBDEj1HmFk9AqCGRS8MUfo +NGNOmFuuq4gx8tyGVHQU7xq4mYhLqOPAWeuei29oyiEv3rhKN3npxwMTVpbrj7A2 +Q/9pZrSwurnFKs1zxaOnGxo5VdPHMMRqptB58nrhg6N2HcloLrvdYmcefOOPPY64 +XqUrAD+IaILk9nTmIhXM2UFytB6P3XVNywKCAQBsOZZ7Bk3LEZHpqqlqOy7U9jjI +39tir93AEIf46i2Rn0YgynuTpsh458E4LEH88ZXJCDdfOtFPTEqa0wnm1DHhpai2 +qyiNeXWFpmhbsEgLR4RfiASVyl1W4febZT+JpcVkYtkMwro6u6Owy8L34SO+rPCb +X2IyPqQ1+lj/9ZvXU9AGaFgZNQ9bui3sK3ifvNYLGbPTBM939hNdOoI5mW44eEHQ +ZDBKjiMNnkWlNnFJk2DEyGVIQak7pVgSygX+RkMAP/OjDPNO3DyS81WXZKuxOlda +rWV0liu6hYAAz4Bq881oXzTviG24BgUjNJVq0qYtIzrsbW7fDYirkn5ap/7k +-----END RSA PRIVATE KEY----- diff --git a/tls/x509/client_ca_cert.pem b/tls/x509/client_ca_cert.pem new file mode 100644 index 000000000..026a4e478 --- /dev/null +++ b/tls/x509/client_ca_cert.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGAjCCA+qgAwIBAgIUZzkKhtgm6Y3RaksChHMIJFKV+U4wDQYJKoZIhvcNAQEL +BQAwUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRlc3QtY2xpZW50X2NhMB4XDTIxMTIyMzE4 +NDI1MFoXDTMxMTIyMTE4NDI1MFowUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNB +MQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRlc3QtY2xp +ZW50X2NhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1Rk7zsuwXn8r +KMHk+gmvaftFmlY+NHs1mKJPzyCGFnablnJtHU4hDpSvvNitoQ0OcurOo9V9ALlA +U2uw/1q6Yhg1Am4cXwSWHG0/GwCQAdPTVb7W1MiAd/IB5bx9xrwfjrpGLjVLS3/y +nOKP+kl1bf6WAcLEPClvH+kSG8xMwvg58ot7ipWQcWBTSuZLaz89d2yfxpvtwrvS +YDemY6f8Tkxil+kDjb2Jo/zdRDz8eIEOs1PcdztrdWWeQaYJVX6aEOHCfdVNOHw3 +jNQKyVREUgXjr/pkwo9fTnZjQdBUhZIo7NuPPG25t5qZK3dUDuLcVRQ5Vt0/45pZ +/HkZDCkxmSynZWz2gPClOHVPOG8Eqi0Mbd3XxQSsd1Go667oFotLvTuynbYhdh4s +xAJWXbFV26HgDXI5wXueXrs1n0stUlbD6KahfeoYBu+idX7gB4RftqhqlbIazu3y +hj22k8cMQEPkLhzmUwRt64juLA0+FRG0Hfr8vdZD+f91Qbv86Qw3c1/lckQIOlyI +MerljNbCbHJm9KOZGf1zizwvMVtVzuVtr6RY+Loov4gzhJ5kNSk/YDMQC42c2Yhz +Lr5y9EGe/cL8QXdKfjKNeJjCbzxTTFiVBq5XRKUgjz6ga+F7KGO7ayMBrexZ7+ap +z7ydlUYS+xp43hqdisAGmUMJdDVlHCMCAwEAAaOB0zCB0DAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBTq92tDG5TfVvTqbu1bA593K6aAwjCBjQYDVR0jBIGFMIGC +gBTq92tDG5TfVvTqbu1bA593K6aAwqFUpFIwUDELMAkGA1UEBhMCVVMxCzAJBgNV +BAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRl +c3QtY2xpZW50X2NhghRnOQqG2CbpjdFqSwKEcwgkUpX5TjAOBgNVHQ8BAf8EBAMC +AgQwDQYJKoZIhvcNAQELBQADggIBAMHOXRUUq5vf9G2NvnAR1lb0fTKx4/6B9rhU +Nli9uIoWGQyMu8icEMistUp4AdHWdhutKX9NS0Fe3e5ef6qIYCng0gVBE3fTHJd4 +V8MhGtyaK0K/gpTrJdClwK/litRIEjCFwNYEK8vtuqNjR82d8IuFjnbinb+IGCH0 +sLRGvvZch+dwM5N9BVRq20M2FZhyI+fWZmt1ZiBwnfy3xM+enD2I+/LOUFoxAmGS +m2vnS+ULhq7fLaK6vgyUIGqRDQMxYEql9QGzRIspV9vVhRuOCmowlJbgCv++eOUG +FvjlAPlQRGJ+ShpXO5n2pEkdjIJOrLf4kyviLDHffIl5I80fRWzv7GJ1HP+Bb9qO +LZGaiO3SelPhvJGTSV5uSZpgkFsBbgdbbGI60W2QQIHEwG0HdjnNk17+TmVEUoCj +rWK/Kzw5py1Egtibju4CiJ8uIKeew+2pfdnnyHoCVwCfdACc4dwRpet6fQvkRcru +5PR5MzZqUI2+bjg/hJrHj7SVpxpjcr3OZdh05T+heCVuPp+9mHBmcxbeA8rkMZAq +vILLwgwEriSbKy9Y1GLs2oaPNaWEpN9Q6kZPUwtwlzjHG3OOtldeXPpMVpg6Sb0y +3NnRfvfV/g2gm68S21j6qhGM2aeQCdCu5insqnR8GS5/stmuyCNnlst24JBneE0i +louEQ0EV +-----END CERTIFICATE----- diff --git a/tls/x509/client_ca_key.pem b/tls/x509/client_ca_key.pem new file mode 100644 index 000000000..750e20bb0 --- /dev/null +++ b/tls/x509/client_ca_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDVGTvOy7Befyso +weT6Ca9p+0WaVj40ezWYok/PIIYWdpuWcm0dTiEOlK+82K2hDQ5y6s6j1X0AuUBT +a7D/WrpiGDUCbhxfBJYcbT8bAJAB09NVvtbUyIB38gHlvH3GvB+OukYuNUtLf/Kc +4o/6SXVt/pYBwsQ8KW8f6RIbzEzC+Dnyi3uKlZBxYFNK5ktrPz13bJ/Gm+3Cu9Jg +N6Zjp/xOTGKX6QONvYmj/N1EPPx4gQ6zU9x3O2t1ZZ5BpglVfpoQ4cJ91U04fDeM +1ArJVERSBeOv+mTCj19OdmNB0FSFkijs2488bbm3mpkrd1QO4txVFDlW3T/jmln8 +eRkMKTGZLKdlbPaA8KU4dU84bwSqLQxt3dfFBKx3UajrrugWi0u9O7KdtiF2HizE +AlZdsVXboeANcjnBe55euzWfSy1SVsPopqF96hgG76J1fuAHhF+2qGqVshrO7fKG +PbaTxwxAQ+QuHOZTBG3riO4sDT4VEbQd+vy91kP5/3VBu/zpDDdzX+VyRAg6XIgx +6uWM1sJscmb0o5kZ/XOLPC8xW1XO5W2vpFj4uii/iDOEnmQ1KT9gMxALjZzZiHMu +vnL0QZ79wvxBd0p+Mo14mMJvPFNMWJUGrldEpSCPPqBr4XsoY7trIwGt7Fnv5qnP +vJ2VRhL7GnjeGp2KwAaZQwl0NWUcIwIDAQABAoICAQCgH7bmG/4p84qdtJx3GaH6 +k/noD9fsHYzXZVds/zZiWLtuoArHk3aZezZWQ8asFqB9z1x4lSm5ynnAdVJpfmZA +4Ymrisu8xjh5ocliY9jR1radXqoU95g5CNtOIoWsOJ3J5MRpYlhyofDO3Btt6ZbY +kQ1sw0orHsNGih62Tpx7gIQicZbiOqJv3v6XcFbJfpqUS0X/uhk9U16wOADKL2cR ++qm3Fjs6XWq4k4A8D0tyzR8btu8ZlMeZTkNNdxLacCgaeVlorke5IvWm14pHYA96 +Rryg9hiSbaMi1SieQonQWFRyLkUCFj0P7pYbqC28hdEkCO9RCy0/vDLT2LbugWGn +JBdPIQqRYggGnEdRocvflx6f2Xdid9I4zrI2XWnorbypqVIdmhVivCCWK8PNqKE2 +YcRg8TRQHvyOXoR55Sodrxp6KycUc65nduGe5jsyjA9hlQ0Jfxhr4gv1LuytnVCx +Z2q2PFF/cznrSLlU8uBT9Lb2gGQXRyI/rxp6g6zwnTKLvMXsQqBrt2hzlE2vkdiz +I8EcLp99IT4CwSJAyGFdR/2ZmXg2Hy20GiGc5RisMIsXvj2gVt26XHrbb+LnYHMq +0+5d5QoMnTMZC+JczoDiw64vQlzJGcM1VWFDOMn9g7UALgofCQv9/nZrWLjw5hIB +FCli4JhtwjNUP5Gz2sqx4QKCAQEA/zY1Op8i0j2xaxeaysZg6midIKyvS0a+E+CJ +qfNE0qmwCEmG/T67+IvKIwXqfBGBrBntg3De4rTDxhTVL4S4Ue89WYzB/sf9J52e +6HEpBCujRJcdb8ouxSfDkpkMYXsVsVTIjckbQl731cm4qk7L8DS1GuE0oZs9I3kx +iQSzJ1+GzRotnzO6a11NU5n5N7NM+97x9z/BHFmd3fUOlUkYdpr67PVBNKRaj46k +Ifs0Og7cZNh2JCzhVOOYrf/x9DybjCJnPHLVuNMqYOHTNI/LgpFytM26+Lnmu1X3 +mcohVacygr55oZaCC0dz6CijEOpX9SL9sUZJb/tJ01Sxv/pgMQKCAQEA1cG6Oa7h +1Hl1f6Qqg9qiWNTHur6dBOw4lt/ej8vexB6y9c85WoMfXUBFpiQta9Nt+XCrC/UU +wY0EqdQir+Ydwg92ddX+1eKb7NmNLi/moUF+s0V+9uPvgGcz6xVlSMQKTgsYxZnZ +CE8ZSBTSD3dYyIadGQHaFoP4PsABzGfzYjWnQpvk4SZf055Qs0Gt6vIBlbs7R/O/ +wPajzFYf/o0mAaPAAdPpuK6C3Q1J4Gp5LKkHtzY79XFl336uXQV3AwxU29sAkmVS +/COFl772Ev55P5nV8NsEQaChoyuNHO11YQtZEyh7zTwx+R4SfnTivffVQNfusnIa +gKuj2Eoq24XgkwKCAQAeHRJY0XA1aIwnu8hLBu9mmWN4+IdSlY1WIRd9UzQau2UH +BU4FUcKySCRYz5jkfNhVK1YIPWg/Td8P32NsUPfCyzzs9Rvq6UQoyYN3n+qcEF4a +eM5DY5LzNobwJFj+o5xiqUNk34b05OnPcxb0GYoc1MtN2abxLrUfG2zJ4yEUk0P/ +rYgWke78Pi0ioTdz6Bc8XQkmCILLypNDHmhTGyXk0NKs5R+Fi6MX71fUnqSB+UDu +MVB3YkhQUO6yEVJGZGRiO6j8y/wF6/zDI8JdIF5+EJV9Wg0mziC4mCM4JU6bobfn +D3ygoXbEx/CYQztCgrRQO4m9wjJmITuL0SGMKonxAoIBAQCCelJ2S23GCK3UUB0z +hw16M8gHEbs++gJA9j4ggE1mYWbT7L4RpeBLR6Q8GfEv1EtY65E9J0iYLMAf+kGC +JXEct9uTaiC35i9PkCxBeTPKUvRH8a/ifJgBRP3IDbNZi3DO2q8wTwzPqZjBCxR+ +JFepb6INVbgN7lhl1UZDw2ApHp8OZaJ8XLQ5tHWGNh03QKn+/97buMnfu62YWSoG +c5ozfgUCGJyeAsgWrrndpqB4xmTTTOOkmqeYmPdOCLvwvGJAIZpjwj25cuVlD0ed +qH/SdtDEyKv8c1S3CSqF8dyodAjXTOrlCE1oxxZ64lZVpyYhAq3NdyD+Uccdi4hF +n57JAoIBAQDFuv2cmOl34qQz1vd+R0axxNSQEwYC9wug9WG8PEARRmk6vCIMy/AZ +XnHXZ4aV9ds9q0J4hGrx0C1vjGHSpBFR+kulI+KcIITtHLPTAgE7e1UXGATVz0+B +ES3qvzJ1eXhl7hrrFfYUdmPok7pJUhf37qqhKajcRfVtHccaB6J7v/sbAMCIXP1B +ij7EESZgM+NLwOQ/iAM2Bpuphn+gxdV2oqgorx3kLymzffhmn0oq6qfn818DH5ps +sPgi2bndSxG9jNtpCIPPC9ltMNwWxuB+3f+wd2pKIjBulJ9tb+72s/Vb4v7EOmJ/ +c/xqN5lRsGXGduw76PipTrLpy3/LkZDL +-----END PRIVATE KEY----- diff --git a/tls/x509/create.sh b/tls/x509/create.sh new file mode 100755 index 000000000..2cbc971fb --- /dev/null +++ b/tls/x509/create.sh @@ -0,0 +1,132 @@ +#!/bin/bash + +# Create the server CA certs. +openssl req -x509 \ + -newkey rsa:4096 \ + -nodes \ + -days 3650 \ + -keyout server_ca_key.pem \ + -out server_ca_cert.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server_ca/ \ + -config ./openssl.cnf \ + -extensions test_ca \ + -sha256 + +# Create the client CA certs. +openssl req -x509 \ + -newkey rsa:4096 \ + -nodes \ + -days 3650 \ + -keyout client_ca_key.pem \ + -out client_ca_cert.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client_ca/ \ + -config ./openssl.cnf \ + -extensions test_ca \ + -sha256 + +# Generate two server certs. +openssl genrsa -out server1_key.pem 4096 +openssl req -new \ + -key server1_key.pem \ + -days 3650 \ + -out server1_csr.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server1/ \ + -config ./openssl.cnf \ + -reqexts test_server +openssl x509 -req \ + -in server1_csr.pem \ + -CAkey server_ca_key.pem \ + -CA server_ca_cert.pem \ + -days 3650 \ + -set_serial 1000 \ + -out server1_cert.pem \ + -extfile ./openssl.cnf \ + -extensions test_server \ + -sha256 +openssl verify -verbose -CAfile server_ca_cert.pem server1_cert.pem + +openssl genrsa -out server2_key.pem 4096 +openssl req -new \ + -key server2_key.pem \ + -days 3650 \ + -out server2_csr.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-server2/ \ + -config ./openssl.cnf \ + -reqexts test_server +openssl x509 -req \ + -in server2_csr.pem \ + -CAkey server_ca_key.pem \ + -CA server_ca_cert.pem \ + -days 3650 \ + -set_serial 1000 \ + -out server2_cert.pem \ + -extfile ./openssl.cnf \ + -extensions test_server \ + -sha256 +openssl verify -verbose -CAfile server_ca_cert.pem server2_cert.pem + +# Generate two client certs. +openssl genrsa -out client1_key.pem 4096 +openssl req -new \ + -key client1_key.pem \ + -days 3650 \ + -out client1_csr.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client1/ \ + -config ./openssl.cnf \ + -reqexts test_client +openssl x509 -req \ + -in client1_csr.pem \ + -CAkey client_ca_key.pem \ + -CA client_ca_cert.pem \ + -days 3650 \ + -set_serial 1000 \ + -out client1_cert.pem \ + -extfile ./openssl.cnf \ + -extensions test_client \ + -sha256 +openssl verify -verbose -CAfile client_ca_cert.pem client1_cert.pem + +openssl genrsa -out client2_key.pem 4096 +openssl req -new \ + -key client2_key.pem \ + -days 3650 \ + -out client2_csr.pem \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client2/ \ + -config ./openssl.cnf \ + -reqexts test_client +openssl x509 -req \ + -in client2_csr.pem \ + -CAkey client_ca_key.pem \ + -CA client_ca_cert.pem \ + -days 3650 \ + -set_serial 1000 \ + -out client2_cert.pem \ + -extfile ./openssl.cnf \ + -extensions test_client \ + -sha256 +openssl verify -verbose -CAfile client_ca_cert.pem client2_cert.pem + +# Generate a cert with SPIFFE ID. +openssl req -x509 \ + -newkey rsa:4096 \ + -keyout spiffe_key.pem \ + -out spiffe_cert.pem \ + -nodes \ + -days 3650 \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client1/ \ + -addext "subjectAltName = URI:spiffe://foo.bar.com/client/workload/1" \ + -sha256 + +# Generate a cert with SPIFFE ID and another SAN URI field(which doesn't meet SPIFFE specs). +openssl req -x509 \ + -newkey rsa:4096 \ + -keyout multiple_uri_key.pem \ + -out multiple_uri_cert.pem \ + -nodes \ + -days 3650 \ + -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=test-client1/ \ + -addext "subjectAltName = URI:spiffe://foo.bar.com/client/workload/1, URI:https://bar.baz.com/client" \ + -sha256 + +# Cleanup the CSRs. +rm *_csr.pem diff --git a/tls/x509/multiple_uri_cert.pem b/tls/x509/multiple_uri_cert.pem new file mode 100644 index 000000000..210b84444 --- /dev/null +++ b/tls/x509/multiple_uri_cert.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIFzjCCA7agAwIBAgIUA0Tqj0ezdOI2R+W4smJis+1NRucwDQYJKoZIhvcNAQEL +BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTAeFw0yMTEyMjMxODQy +NTRaFw0zMTEyMjExODQyNTRaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM +MAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBDMRUwEwYDVQQDDAx0ZXN0LWNsaWVu +dDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnfQMbGQzzWl17NuJQ +annAeiYFX9mcyKi0ywS1BOsNpDn8SRgeW7Ymj8EqMYIUv0VK5QDpsJKUQ4ZDBE/f +drplyXhbR0/aMpAATxP4AjnzH0pw49aIe/n3KTdBZj/KF52qO7WG2rcJ5GSVr8Z6 +H8FeP02GRt2iOAbLqV5/k52gBEEzjSJ1Be1DiRAMOQL/Wahyo1XTfvB0UeG7nIFN +OFiTdQmgS0s6OUYWns8J2jcSO8XoSKCxuNz+ZzkisX7xicRFjkweLKNLuYmS4U1x +wd19JMizaCRoK8E6NnOGVrxP/r9am5ft3QgC6AIkzZvNcylcHkkhZo5++X5qC18u +mKjPgxCOzAop/pGeiItfkjnshccLPgoPBI1W/gO6puxDaTV3HFGZdy5rtV/6MxjE +byUf69aKaBEY9d+mIw0OB8TfyqzNSoU578rTbuEqwiG2f1IDe0KMB2xkikDXGXPz +YYRVdm4bmgVmY3fjpoiM06+aSN1IbYEnmvuB98z1nf8VyRdR39jVk80udfHHdQWu +xTBMEHBtAjT6HC0tKIkeGKB5kmozPIVL+6EbI0JyuRVB6wyCrmnpv0Mw1NzSF5NM +JiYD/5ScSKhnFogYEstq8Lgj5atyrqi703bNGDVGmbTqChBG133r30WNT9JJ4rzS +KznDJhoHOgQqagkzGgHsKeAmiwIDAQABo4GjMIGgMB0GA1UdDgQWBBRHg8AR1psw +kslOTh5a2nxGAmo33zAfBgNVHSMEGDAWgBRHg8AR1pswkslOTh5a2nxGAmo33zAP +BgNVHRMBAf8EBTADAQH/ME0GA1UdEQRGMESGJnNwaWZmZTovL2Zvby5iYXIuY29t +L2NsaWVudC93b3JrbG9hZC8xhhpodHRwczovL2Jhci5iYXouY29tL2NsaWVudDAN +BgkqhkiG9w0BAQsFAAOCAgEAOkL6WsETiUWJT2lhMXEHGpLwu1Q4nETr4O51+V7t +AJJd7oGS/QRL0K6YNDgNQW6GOUZptvTEOSAO2irNohP+0+ITZAClF46ggB0pRAeD +COWjnG9h1aonMtVlnswh2xVYfg4jd+qfQZ07jN9tATn5ZBpFpcaxvcyAYc/eq6x/ +DKf7HBBWq9XWyRxZJuPD9qhyGPDzI/E2yr2ahLJFSGMRbTDivDUbw0yHbzmYnY2g +uPrVAAD4DuKsJxyZrA2/Hs7ZspBMTyUjWj7KSw64AcDvFDQgPBXDfG4CMSRH3Eh5 +J2F48ej7T6J1+PbJ81ISifGjUZH50haskBG5TKQqRX65p5LIVrDThsEM+YpfEyOB +mD2ylbxNs/X3b9fk07iS2HirfKZ0cKSINZPU+hEroasqxCcAY0E28Kzw0SdAGCGf +iZNRT0mNVgTPg7Bnrb7JhCBrm0aid0/nYFX+fqeKuS2lcdAcx6U5EgH0KnHg+9/N +NbSv+RtRiGWv5RqWF/Pk4bdHPvlzp/qiFfX9dQIOBtrFph9XUt/bEf6hZgaMKvT1 +QbQuM+rmf2ghjbqpCRP9iZUYBzOOvDZ8IeugguDvyBgrGaUSpreMzMC52B0fp2jB +Ib89u6yiKNNZzBGGE0d9y2qsju7q3IoV+eUwqbCUvGvcal+gdAfhO7Pvr3dD40z+ +g58= +-----END CERTIFICATE----- diff --git a/tls/x509/multiple_uri_key.pem b/tls/x509/multiple_uri_key.pem new file mode 100644 index 000000000..621c1b2c9 --- /dev/null +++ b/tls/x509/multiple_uri_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCnfQMbGQzzWl17 +NuJQannAeiYFX9mcyKi0ywS1BOsNpDn8SRgeW7Ymj8EqMYIUv0VK5QDpsJKUQ4ZD +BE/fdrplyXhbR0/aMpAATxP4AjnzH0pw49aIe/n3KTdBZj/KF52qO7WG2rcJ5GSV +r8Z6H8FeP02GRt2iOAbLqV5/k52gBEEzjSJ1Be1DiRAMOQL/Wahyo1XTfvB0UeG7 +nIFNOFiTdQmgS0s6OUYWns8J2jcSO8XoSKCxuNz+ZzkisX7xicRFjkweLKNLuYmS +4U1xwd19JMizaCRoK8E6NnOGVrxP/r9am5ft3QgC6AIkzZvNcylcHkkhZo5++X5q +C18umKjPgxCOzAop/pGeiItfkjnshccLPgoPBI1W/gO6puxDaTV3HFGZdy5rtV/6 +MxjEbyUf69aKaBEY9d+mIw0OB8TfyqzNSoU578rTbuEqwiG2f1IDe0KMB2xkikDX +GXPzYYRVdm4bmgVmY3fjpoiM06+aSN1IbYEnmvuB98z1nf8VyRdR39jVk80udfHH +dQWuxTBMEHBtAjT6HC0tKIkeGKB5kmozPIVL+6EbI0JyuRVB6wyCrmnpv0Mw1NzS +F5NMJiYD/5ScSKhnFogYEstq8Lgj5atyrqi703bNGDVGmbTqChBG133r30WNT9JJ +4rzSKznDJhoHOgQqagkzGgHsKeAmiwIDAQABAoICAHkAXOUP1QZe65hfz2LPecRv +utY5KCsX4KI05eKtee9yDR5R5GXSVidHxgLon5TDlpkEFwO9uDf7DJ2QGPBVg1aU +FirDu1HlI5nFh6SuXxVhLtOeFtil0LIaibvq1fz30MUyu/OAQaqY4X4u7lI+bOHd +E/IFcouGtIogg4/hoof/aueGeDVZIc+fzwM1kQ/Pw12G2TOhyrAOk+mJqPST15I4 +hMrUerXGuPcQpnz0tMKsgk9NYSLkbmwxQNrqps5zfGPP6PgHwbWshlKiCOQ9bfnC +QGk0vNCxg7i9q/qK4SNd5Prd3AZRoD8RRLM4A+6K23+ctbK2uA3Ny+Fq88njKlkN +jYxHPlkZ+b6nGzYxwZ4pbVYR/rpmrKdnrns1t4l/9GCOwMhDZe1jnRZaimQOoQQs +8hHMwxDisqsOjzd5ozQU3dVgxmG/n0jGjjtBIVp8usGe//AqRmZ7SVRNrglgG6FI +vqYxwCvum+DEJ4X5ONDyyKddmccGkCpj1lX6xPBtEkp7VupKx4KHW6ufteQYSkdh +U80RrCPaIKoFm1y5Jes9vOtICtvRk4PVNfLXBBycn0WR6aUQEkFHDvSHFlCnROPD +UdABH1r3bSMruz5vQrdIA/6XGHXzjHmq1WN0pKynwberFwazAxDlD/1G1ZbPD4Dg ++Z9cpyZ7Tlxj+T4hSfExAoIBAQDT8GU76CpiHL1VkIA9Khk3j6Nglq8ALQjRUH2S +ReqcAhvpUiSr6G9lt9PWGm5iWv4qpRoln+HyBDXpWOxaTR/PNi07J0NeTGxk2+in +IYNMDg9IILDGlbv5tKen4yKD9Yb7VHD73DxhDbSs2U+o49eTdfXmlQfErd15alZy +m19Xl2r2jPtYF8diPEp2m2dUamArnA8Vd3jdFAxTsfP8eNeAcCn6R3jEfIFyMm02 +X2H4iGO4Ec1ykVdiFxiemElLjm3Z7vVek88Md0KgjuAxhv5AuogRYtgMIMlhNhco +hfNgXzVtvxuDFJ3J2rlA20T0htSz6xsy9ZVUYRWkDIf0tPRJAoIBAQDKTufkXmcC +wXhkjnUMmYXqnmul6CPeYbXyfX1CZhtAlZSXtzAJ/2e7eRlqb7iFJuYfTdpkbN6i +pMrSb5wfcPtl8RRC+MERMCbe/LB4DND70QSLy/u8mWIsjbkdIT6SCi8rlNzfaL7U +cOb4uzmuXOhZHvdw8q9YTjXlT/EjKoMa2a+RggVLnICTm5sG6tsfkgiH5+DSsFCL +kKQt9Gtc66Q8HfyJW4ljK2JAOjYR7w3+bDXsodrxUQrl5maMALeBdkenc9uzwsmE +2an/R0NQToJJku+gRKVbJxN9jyMEVMygmygxfmW5qUyFZ8W2dd1Rkcr9jzNdVPlT +a6KgEGHPP5wzAoIBAQCqma3DpUTIqT227JRtp7+Yu+TVUTYZPCcG5nXOEr2hSwlQ +rTCbuIRDKtA4XhpQzdIeXbxIYQStnboP1eabYc2jLIcIQLi35WizX1lNf2qDBCZE +9xuVHt6rSEJUoD8eXbuEABraghOQREoVgO/gkVbsel2weHJCXXoTzAc+RddfWKFf +SWjhJnL2nnWKN9nbV62GLR7vNrZxrzuk+2/c4SEHYEJKFtIdx+MjG3hR9kGUn6U1 +fA8Wk+v1J4ZH02ncig/fB703nl9iN3XIbHoHJBTx4bS52gjy6klwGOxXUEvyXXFS +oCzzPNsuqwPIMzi0ZPw+v5erU4ga3fNflD60Oh0RAoIBAQCXV84MPj7rhdZNy3Bu +246eBKNdOrtSimA1poEFIiNy/jNqB+WNJR7x1VcZE7jDC2WNt40QIY2vuH3uTQZL +UxcOnPneW/76n74EhJ5zQIs6RpQTDKcm4Mvbrq3zx8HqOGovPS66hr5zaH6xRkaR +VPmQaiULvtFDy0ZwZIxtFUl81aqMvOq/NLXPNtITq6/+/x0YpnO+yZ2Hus3Hfxiu +K63yNzCLhQnTQUo/6Aw5AE/ErCju++oxKsJvWBwQ0hx1YgmakIakBK0CkF6nFSWb +NxAqgBx5FcFp3mKrRGAaxmFKKKg51me9K5SOHCKBK81ETz++zdjMElxudo/zFC5H +fzuXAoIBAQDTFfoLQ2XC0PI5x77zpse3zOvIEvsh3e3tLUhOHLoLTUqX0Nvp/7m7 +ohTHrPU4lf4ERInL4Kz7y2iI2yjRiKD+ARYHDYVx3QgttNeUFnsODnseJTnBcgFB +EWlThVuxbvEzJAZXNVtKTHmCLKFHqc9epyfdI59uD5lXQjvNp4uNEPiEE1AX0d8d +0OuFfQ6bSK1rZNv6IkRPTl+LCWuyHvZNWO1WZ4IUCg4XLr1IXtQaRIMRDxyxbHwc +6vwk0JtRxCt6wvIb/YWUK6qjjbfcfH70iDComZRTyXLGrr8w+vtmqvD43MUGIEmq +XHot6Ki4FhjC4ks5oT9m2q6TerUyIg8Z +-----END PRIVATE KEY----- diff --git a/tls/x509/openssl.cnf b/tls/x509/openssl.cnf new file mode 100644 index 000000000..d1034214e --- /dev/null +++ b/tls/x509/openssl.cnf @@ -0,0 +1,28 @@ +[req] +distinguished_name = req_distinguished_name +attributes = req_attributes + +[req_distinguished_name] + +[req_attributes] + +[test_ca] +basicConstraints = critical,CA:TRUE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = critical,keyCertSign + +[test_server] +basicConstraints = critical,CA:FALSE +subjectKeyIdentifier = hash +keyUsage = critical,digitalSignature,keyEncipherment,keyAgreement +subjectAltName = @server_alt_names + +[server_alt_names] +DNS.1 = *.test.example.com + +[test_client] +basicConstraints = critical,CA:FALSE +subjectKeyIdentifier = hash +keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment +extendedKeyUsage = critical,clientAuth diff --git a/tls/x509/server1_cert.pem b/tls/x509/server1_cert.pem new file mode 100644 index 000000000..ed6bc02c4 --- /dev/null +++ b/tls/x509/server1_cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFeDCCA2CgAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNV +BAMMDnRlc3Qtc2VydmVyX2NhMB4XDTIxMTIyMzE4NDI1MFoXDTMxMTIyMTE4NDI1 +MFowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3Qtc2VydmVyMTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtk472NGPcQhDL9U6wsYWGOachAw5XX/a7lUBh/ +yowV+qD/SRCbspeBfiNdMNoXh/LPgyePWhAhskT2XaSJZ5cYD6VpI9Q55lFnFzR7 +Q1bw7BLaD2q83BJkrUSGyDnxH+LdQc2+Gq7rj1PIpIDBaJDtdd8U9bcpP6rH+S9Q +yGQw5OniPCCsUrnx8ym/3lAhKdn2OWXLq+F1avim8AN5dQj0fvAI2kMQdswKgY2M +bs5E932WPtjwLbe80A7RtHPIrqvsdVIoaZav7g3liKekisBuJGLMtTX3hBct5an2 +eKu3Q901bEQXeMWrToekc+DnUsmQ5TwkXatWiE+/sMWg80KNyWt8rulI4ATF8go8 +7Jl8duyb/jvULXjTRdDae6w34gNZjq9jZH2qSVIiLV3Jy0GadyRVJDVyE8Lz8EiI +XkbhgbjL8fpNG8cjN+58sK3TNDuP480A/Pi/9I1BoPYTSPCD6H1KPQJwF2GZVmgj +epF328/RGjl0bfaY458RRYZafydblBpIhDsLBBRmDMkFh4SghAgOwoQBjsEZpCmF +efzzPmJybfloBdmBiqfrEXP8t3J4jBzP5+qhYZRxHik0ignOWwyDtQQSUa2JTJoE +/ET8bkO88XLL7hkAlF+eLVV8ao4oXRh5yjf1c4PvJ/Zfr80mYJYOvOlA8Me9/+A7 +jZr3AgMBAAGjXjBcMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJmANOTd7MASs5/K +mnBYcpvzmgLcMA4GA1UdDwEB/wQEAwIDqDAdBgNVHREEFjAUghIqLnRlc3QuZXhh +bXBsZS5jb20wDQYJKoZIhvcNAQELBQADggIBAFH3XxzcRkP5053jgcyV1/L3hNY3 +gAKxdDjYSw9uk2saJXz4gjfvc8xyIsWv35QU2yzzvN3xaGfDP+qVh1fNmC/7DdUF +LJzYTJb/wm4atVM6oYzdBhu/b3NqtMPb06NFKqyEX4SSN2QjeUVUF1QgAkjmsCiE +79NOuoCO0aWcxgdKd18Wl9MLtG/PtlCMLRcPlx4FX6OYLcOeqFEtcOQXKYDWej0r +9m8JQ2DAGRSa3AOUYskN12GacEmchC86cnlMsL2AycnX1YzOBawgp4KKSur40iPg +S1+8LRjZA5Dz88+a+DXb619ckABO7v8b0AVlbkVVmaXNnhBEU4vqdfQa4BygaGGl +BG8hYYMoNBHpNDr8bBWwwl/WVpGUIMHpOnIJnG5gAGrNiAxH1/6DYFC+cXEOH5J2 +NpkJ5O3Jm9a1xtwBs3tSp8GEORqVrpIjiK+bUWQacss9nsyyO6Oo0S33javSR8AN +nJrGHBE01/QytEpJ53d3N0btZrByhiFZkh8BG4NdhXZsAaQjVy6EEHxfJBsfl8Z6 +UGX4T/TTkASNDWA4B+/nRD/BxrcSegDb8fE34GY9M0IWgQtmMIdR49bOxygzYMFK +lrh+dwGqZ9/xqJ3ro7sYphhJ+Gk5YL5lkZygF2/F9GJY3zOcKrFUalfJgaqKOaTO +6zW3ZjSyDhQoFNR1 +-----END CERTIFICATE----- diff --git a/tls/x509/server1_key.pem b/tls/x509/server1_key.pem new file mode 100644 index 000000000..5e5331ab5 --- /dev/null +++ b/tls/x509/server1_key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAq2TjvY0Y9xCEMv1TrCxhYY5pyEDDldf9ruVQGH/KjBX6oP9J +EJuyl4F+I10w2heH8s+DJ49aECGyRPZdpIlnlxgPpWkj1DnmUWcXNHtDVvDsEtoP +arzcEmStRIbIOfEf4t1Bzb4aruuPU8ikgMFokO113xT1tyk/qsf5L1DIZDDk6eI8 +IKxSufHzKb/eUCEp2fY5Zcur4XVq+KbwA3l1CPR+8AjaQxB2zAqBjYxuzkT3fZY+ +2PAtt7zQDtG0c8iuq+x1Uihplq/uDeWIp6SKwG4kYsy1NfeEFy3lqfZ4q7dD3TVs +RBd4xatOh6Rz4OdSyZDlPCRdq1aIT7+wxaDzQo3Ja3yu6UjgBMXyCjzsmXx27Jv+ +O9QteNNF0Np7rDfiA1mOr2NkfapJUiItXcnLQZp3JFUkNXITwvPwSIheRuGBuMvx ++k0bxyM37nywrdM0O4/jzQD8+L/0jUGg9hNI8IPofUo9AnAXYZlWaCN6kXfbz9Ea +OXRt9pjjnxFFhlp/J1uUGkiEOwsEFGYMyQWHhKCECA7ChAGOwRmkKYV5/PM+YnJt ++WgF2YGKp+sRc/y3cniMHM/n6qFhlHEeKTSKCc5bDIO1BBJRrYlMmgT8RPxuQ7zx +csvuGQCUX54tVXxqjihdGHnKN/Vzg+8n9l+vzSZglg686UDwx73/4DuNmvcCAwEA +AQKCAgEAknXlUv42vjGD9pqZnMBT+uyaooANYoevBXx5ZGYXbHv/rwJXqnSSOXtz +kb651zRSfQAswGp0eOKClwG8ZbTxK6FpBV2CO4G6ugcRQkyu76Vy5m0mzXxTxvf3 +RF60zSaqq8+MwsbXwHAVC3CielBMDcSNfDNKAdmiyUqXOoKaq1tI0j/8R6NaEgGa +XCvUSr78J4CL7dwMpd4TqiXlZeKtSxi7PF0kPjjce2Hi8VV2/pbaspvoWrNrLd6Q +IIm83VA5SzsFyk40ZIs0LvXdP/yQgP3d4/uwQkyfuLsEzaeL2JkDyg0z1kAEeU35 +DlpOl3q1OP+zlCAzVw3b7+ILqeXu2KOLPBCoRTo2wWNKutxcExmA0oIfMSgyb/P9 +36bNsdmT6b/6C9ZeJpsXZWedx7bmlEYg1patfk1CgD6WMynsl+fQ34F658v/JWzY +b8JpqAG+2ov4j4EyRnwK267/6u/Yw4CvQw+8giKIDMv6W81b0GWpCBT7PkTKgUaW +1Hq46z6xZ/NttiTU6qMsgUskFheU7IuO1KHl1kpLBERio9S87ZxkjLGfvxl4+sS7 +7OdgIVsM1d50RYy4pipNplQXw998kitPvNFcSOK5vnxqW5sz4SRzVAUl5sAqJ5GC +0MPqq/I+H84BBQwwviQ9WsBuA1+YW6NxfY/mldAzAjg3/yUMwokCggEBANTyvgnw +3SjBOKzg56QXRs1L2eqQzqtDzyOn2BXlMvT3bJFdqOHROhqqD0oSSbYZuCoJAJPh +/W2bqengGSbsGwKKLHDN0yPWR12QVq3y9gbK/L6Qktjp2zDhHqNgr+4SSSl0gMMF +bz6Nzn+0SO6C3m+M6hAgfsuizIhSCxBSSLccFSIT0ZiYRzq7rN8FlirpSIhd9cQ5 +B3q41lebUHpfciPr7K+psmCXO9NqtSvXtcMA/n7GyIGPBVDp8kMUwzuH9OVOkZkK +Z1a42uuYKs/zgnbXV7kCZ6iBQkt7A2Scv/IIwdeaKxfTv87e8UqMkYPuf4wgqLq1 +USoMoHdz6JmQnw0CggEBAM4LfX4PIIGT+OQG5kn54ZcsqerPljPj19EBe8U3jyf3 +OzxDkSX0f2fmBVDjqj8QRO/PcXQbGUXWhJN1DvvuJITE93Y5Pj8DJX3CfLEnjE+b ++sfuSxNawH9NwvwNt42NWDleMAgfMot3J+MwlXb31BWixCMj41Vl4VrkHEzX/M6R +aAWcTqeY59KumtOvZO/4U98VvNyOipLHWcWZuwJLzeUjvyZ+hJQ6kBGJJYNezYm/ +qhHZ5k4bz8HAUSgih+Yb3DNmREk3YqIM4Skq843YdF8SEnFw/4b7PKMfmBXy3X72 +f51wdCiSkIm9o+/QLaduExQd7AhmFO8avZa5bRNNwRMCggEAKY/DBX+sOoMTw7IV +o9IjMHhobL6ch5Kxf/0HUKauPl94IhsMlh5W39NnLobJOjBk4FdndHV8GAN0sz/Y +yN72GpXLPKz/U5RD04ATWtn7qLG/iJYBAzMJY83cQ/jf/XA2NVAWvXl3D9dvgT83 +qM2ECnOPT1x4QthgYQ7aN/JHXO2vNjp2AvldlZoBkHmvqGpljLACAq06x3oB45Fd +sLSmO1qVlGdjeDSsKYQ/HfJ4+DlecnHrulWmrPcsIGmR/TF427Rs+FiueJ+VorvN +R074nKdE6MgOYTXxMXgt3lo1oFCTPLhLRtg+LGsY3vr2f7Bx1nCdXet7juBuBUJr +GGXAlQKCAQEAxNVHMfijdgX022kX8A2Ni4x4Wj+q3rFHR3viUDnOQUC2TtDBRX/3 +gjrEU0zaI1qYcHs8h80nbIcMqY1HHjaWnltHh6IRq8KGu0fjNJ1yNc7tWLd08u1c +PYD8xysXcVtYr50hx3B+KatP6IJOFpOUAIM4WdV74+XqzZhizKn88R0JQWrb3NF+ +jM6OS7EffPs+rDuo6w4kpSlZwiIk+4GNFNv8THrKjowPeyEIPCKBuZjmkB0YHQAG +jbH6FZw/NPzidBu7GjKVv/cL1fcZKiVgrj2mbsai5MD3YWHaOQWEwTgcGzwFS4kQ +GPWYOY0nP+4wvaQECtXyI6To/qbu42UBDwKCAQAd+/H4mepB8cgchZobFco6yTt3 +qgS1D9sOFgWYZLkxIuQTQH0C1cLHXIiqf0NrJAOBbaJ+vVuCrqv2MUASaxKoDK7h +1W413yKIELWbTk7yEttw0M0T2PXmI5dNdKuw5I5hw+MmjLOFmyRzvX870ihDnM4F +MISxV7K45t1EHjMsz66fMc8BIkophwK3/7FSok5XhYdLQdQS9Rshv0PXQmffkVUM +UTlrwgH/3WGRhkFbmcdBMlawHQGvjiyZ+Gz+wF1uhzEYweT6wUfaHZePxX0hXqom +WVS6ojlUji6NNJqFN8DB4q8V5/EShj4fpdjenDap5IxFgDSxgSCShR2FGTCW +-----END RSA PRIVATE KEY----- diff --git a/tls/x509/server2_cert.pem b/tls/x509/server2_cert.pem new file mode 100644 index 000000000..753065b49 --- /dev/null +++ b/tls/x509/server2_cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFeDCCA2CgAwIBAgICA+gwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNV +BAMMDnRlc3Qtc2VydmVyX2NhMB4XDTIxMTIyMzE4NDI1MVoXDTMxMTIyMTE4NDI1 +MVowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3Qtc2VydmVyMjCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAMqkUFp6xBzIksawPZpDQCZS+ZE/Pjfab4q7CUd/ +pN0Ss0U9MRBBnYj767qvwrOGQYdpkK0NWh+BtUOQHaqsnD+ykr1x2i27uMvYBnkn +91t8EmfW8u5cj2lZGM8SRXaiCc2tv3ZFDKeizIp5BcxLsTubRZNMTOYxUCpFoABo +d6DGYXaU6LFNbIhXQ/vTlbDa85a5EjS5SWeBzEEFgBHHQDdjh+cqS4bzAgI+klYT +uYM3PMbUuOg49hVQjW1pXSGO8Yvha0fzZP4upUKi6h1+/xBUZdDiWuynEJZuYPAC +xqgnmgSkexNLJwrg/6JPr04TfbKagffKDHKhloI62CZJ9/VRwo7OF8dsl1Y+cr3T +XjDtsxmypDIi31szDYhE5V1P+FAGP3sewQBRh597x1RA8tGE3ijIV6iqSlSo/Lpx +HaVM5n3PWY5vUNFWdbawMDuCUvi9GYn3JVnt4YUxjsMxLC39FibzUmwD7JXqx86t +ArPRLU6knrcod72dKRnUGi446Z4dElqMngyu2Z08RB5iYzDwT+xugwki0gezQ2uB +59/968+MI3eVe/QWMwtIAoZuHKvPsAHOb9bAcBvLQi94MWLbBUkAga3XRF6CNAGq +LPNdhznCNYdXMnMdBQHAzu7V5+yIB/ZFQ519Fm4RinCG6clIi326A6GNYenAJ/Jr +Xa5tAgMBAAGjXjBcMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBfefRYaa/BmcX6g +eSQSMrh0zktEMA4GA1UdDwEB/wQEAwIDqDAdBgNVHREEFjAUghIqLnRlc3QuZXhh +bXBsZS5jb20wDQYJKoZIhvcNAQELBQADggIBALpTW6UICT8SyCY7VNUja51t3+XF +QoD8xKu2qS69G/oDbxe5SF3ldymvkQPqVwnW9e34mjxD1Au4IF8zQWv2EMm96wDD +0Js0/yAMjw6/60f0hF9lpQEqe24W+wgbRV4Fzt3/rybLte+4L9chvq1plHqQ3sfa +s99D7bfPSLX8n82ppNmm0U81kXmtNAw3P+vStBqRgrZNkbkkgsoGZsTgzKuD+H81 +WUzIqmIAfTmkDN47SXYuneULlFNWwtHgTWv4jq2/ptYo75MQq+ExwTDGM168x17u +yaC634INTjfNd04exiktBJXWmAS8K4aYgvHPgcIlzyidR7taI0X1O4mR4qomh5W2 +fVmGkpQZCmkW80whgycY3ui2fdWYOs3XGdfz53fJdN2vWebpUjw7+1owlmqFJhEe +Ct0wqLLeE8rdOfKueh3/xi7CxoeYM2fVjN4gHPojcQ3Mcs7wiJDm0WFaITi6+KDS +LmGhSHKaiXiGKsbLykN0DygDQYa/c4t6NfzoRGWKMhdAcRXicZaxnwPD65psAijv +ZDgONwXeHKgfk7DnE3rs+D9xuh2ciw7lkcbImYmOCMoV88qG0t1uIwlM3xh8S7Oa +DH6q4vj3pF63QS57uRtwCBCOa3xcYKTDJbdRyUKgAejVoz8bqTI8lBjnRTtxlQFi +4ugkg86X1370IY84 +-----END CERTIFICATE----- diff --git a/tls/x509/server2_key.pem b/tls/x509/server2_key.pem new file mode 100644 index 000000000..82c947d70 --- /dev/null +++ b/tls/x509/server2_key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAyqRQWnrEHMiSxrA9mkNAJlL5kT8+N9pvirsJR3+k3RKzRT0x +EEGdiPvruq/Cs4ZBh2mQrQ1aH4G1Q5AdqqycP7KSvXHaLbu4y9gGeSf3W3wSZ9by +7lyPaVkYzxJFdqIJza2/dkUMp6LMinkFzEuxO5tFk0xM5jFQKkWgAGh3oMZhdpTo +sU1siFdD+9OVsNrzlrkSNLlJZ4HMQQWAEcdAN2OH5ypLhvMCAj6SVhO5gzc8xtS4 +6Dj2FVCNbWldIY7xi+FrR/Nk/i6lQqLqHX7/EFRl0OJa7KcQlm5g8ALGqCeaBKR7 +E0snCuD/ok+vThN9spqB98oMcqGWgjrYJkn39VHCjs4Xx2yXVj5yvdNeMO2zGbKk +MiLfWzMNiETlXU/4UAY/ex7BAFGHn3vHVEDy0YTeKMhXqKpKVKj8unEdpUzmfc9Z +jm9Q0VZ1trAwO4JS+L0ZifclWe3hhTGOwzEsLf0WJvNSbAPslerHzq0Cs9EtTqSe +tyh3vZ0pGdQaLjjpnh0SWoyeDK7ZnTxEHmJjMPBP7G6DCSLSB7NDa4Hn3/3rz4wj +d5V79BYzC0gChm4cq8+wAc5v1sBwG8tCL3gxYtsFSQCBrddEXoI0Aaos812HOcI1 +h1cycx0FAcDO7tXn7IgH9kVDnX0WbhGKcIbpyUiLfboDoY1h6cAn8mtdrm0CAwEA +AQKCAgBa3LaS+304Es+Ne7UDmKgJByeUczEoxi9Bm4AbqSZ5Yksz/q4jReinZZ5b +hTfeW5LCbxlKHzSL8BMhClvjDaa6AQ4/F+/mlcfUzzaH2N3XDZkLKpyfOK2tZR/0 +qZKwERQoP4IcO/XirOLeLEnnQwFjYsodtBa/GNmDOtj1leIeGxXUoAx+g+Lod4iq +QENcm7ChoraBIZvCZ7b4aMj2L8uhimWDx7k593itHPVs10dViM0dsoB+0Bu3jvj7 +WEVEKN4yBI+gIYjlWHENohMryqf/4HgO45A1kOulKDUbKYN+HtO2xTHSgt4syJqX +YveOILs5/IHOY7CVLdNY7Z3B/WTKtO4UCzGtFWsD0Ai6rtfnSj2aAmq5uHWDwPHl +3fHdTK6knHdlaPWbeQiBIk4bT6L/JjH38dqBU17/RathjoCDQngNmid7AgSnv5o0 +5ugTCTzzFTUz7FnA9uYcEWIq7xDB5gVFTcvWcARYd2BsLM/9gF1Hh7r4A8gsHj2i +0+7Saw6mvAsPXp0JH+8idBk8khV8v6Uy1arF5aYF8yNus/hVr5fUBnnK6MZ+F2Nr +VOa49n5BhbWm/IsVYdgnnk4uwUx4yNuwMZ9/nSsDEZ6IiX9KZjap6zKNwhoodLV2 +T9WYKC7JMOEBr1CzoQL9JzvyYulZUp0F5SBMbB9kZj6j1gQRGQKCAQEA5QbA1hqt +0iy5KjH26Rok2pwi3z49o/sFPyg4TBOs5Zx7T/iBQM3ZlyOUdGT4uYFX83Xljbo1 +As/UIM1wzCSUbyyHGs7RTuoAWJ35d94UwdfOmw5j5ETAtbA0EVxnLCqbp2ArqC60 +UT/M9Yk9HK8bj6wwb0kZ/wsfwn78Jts8GhtCozPg/c2KWq3ce2bcHMuGhlaWq5Jb +XlHrZBIoL1tYsT8LWe4wc8Agm/w0ZC4rM6B0A8rxdsrPAc3WmlvNvnA8DA7OAJZ5 +j6zThsQ6FdSic8CI6p5vw4pyFZXtdERIjX2jkWVLVdb8adQKhqcglBvYZt5e73tk +a1OfgG0tX3M8TwKCAQEA4oIOLgVJWc9lfWFaLiRIjKlVtnOqfR8Vy9e7i2dBylgO +ZAoVM3ROYLsbDRsMJqMN/IQIuSOMYP+lIeeLoJlcqor49+z6em45Kbt5ZiK1VRoG +78Zi/UZ6cb/vcB17zmeBuUHYEmHLbB8PWbL+qFEipVDAf0q1jD9VnRw6ntt5K0oM +AKPH7jiCxfo3GU62nOZgcT1rwnA0FHBl9vvcr+237a/+NoNkRqQxTX4y5kA5l0nP +9EEWYvOlCKbkYiPKHOZMGZ4MWb0FlFp46KPxiM/x8XxB6NFUacEJUKE27NYgj69+ +5C62A34YtLKptD2+CeAKqxYOYIt3Tj4qJBrJ4m6OgwKCAQBxoXwjvnDnipEEQm4D +EZmfbUBQCw2CQpVD1Ky58jkiYxU7hEx83qVKu7h4V3CgeXAttx0ByJVso7jX3ZZN +cwjCcBFIV7y5rpglX5vawTEDTBOSEv20z/fdLWNoCbSW0T0ROkHu291TQphqaoEL +rkW6bvBJBrgDNn23flGU5clYGpZhaugChOxUOVbfUxV6o/BGzsdKsP7sOTDVIb0W +YfgLWQBEykz34SdMvUExQ0bkAoQNLa/IBK/YcUw8obfe+MiSIvZKjF4bzt/USZ+Y +HTvMuoY0Ag/psNMRqqV5vjdRHDj/doZ+PIBX8YCXdmxPj9E6mLH5l/sm1QKaMZEF +fqM5AoIBAQCPe8lVt72Wab2lpgTFU/CtQhtsv2qRZh6diSRhk2BmuE8tagGyHYwE +1KG3NJoG46VZf54zAWTMkUTe7FlTu7KqyewayYCGC8qkOAEYBQaPSTR5sVdFj97C +rc4UXGjwADt5yk8AnfiJnkdQEAYnQ3ZJ+JRoTkAg/oHSS26K8QaZuIdP5HAi5KNa +nD1JB8bAL2OKeFkJy6ACDo1Y3oUW4ORxadoEWEkuQpaEu1us5aRVxMk5tf1jY2n4 +yBfGX1uJ4Qz18VtrgUTGjGUpIalAfFGMIqVxwSDS+RhYfjdX4fCwdIBSNZDRN5CY +7tB3v+DhSo4XgJpM6CwEYXa6dknK6TPXAoIBAQCo/+MThNIrKwIsbKxyz3Xzg4Ut +6JUQxd3YU1kNcNde8BSuNp+05RcUIc7wpRTrrJwAc9uNHVNjKz73WcpjMh3dHYJY +VF0nbUzM2m+KzLdTJtRTYMaFGJjiHbttetNGJoKomNrMea/vEjZh5WadkBagKBGp +u85H3Ff1vYdMyCTBiU6eyabxc08/ZEaFJaQALjVC4e/mQdluCHyfmqeY1awKLmCK +vf5ZvBC6ISOMMibqcRT5ocjAvO3j+3d9Ce3ExX5U1fu/xYb3YoWQtdX+qIAT2KYq +QG1vDy0VieGJlUiDPooWin/X830pxyYJ79w7XN67JIZdlrtIEVDJe4/xghXt +-----END RSA PRIVATE KEY----- diff --git a/tls/x509/server_ca_cert.pem b/tls/x509/server_ca_cert.pem new file mode 100644 index 000000000..2760c56b4 --- /dev/null +++ b/tls/x509/server_ca_cert.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGAjCCA+qgAwIBAgIUVaYPCm+rhznxJTRWV7wJKkmRuW0wDQYJKoZIhvcNAQEL +BQAwUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRlc3Qtc2VydmVyX2NhMB4XDTIxMTIyMzE4 +NDI0OVoXDTMxMTIyMTE4NDI0OVowUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNB +MQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRlc3Qtc2Vy +dmVyX2NhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxo6Cn80nk3i5 +PgmYnMBicmJEykEz5YbJEuyN+Mjv1wivqc23P75qvu7u0FPePptHZK+Q3PCnv7BZ +jc+MDQzZhUWN8jwenMGOxpVrX0zjK7Q0u92YbrHgxE9fkRA5fZcXGzZlrhsJQJUA +G+0QGCSzjWZvSab2JrVn/gYEzikcl81Q6zAJkTI9vACZC0vnTc6XsVC8QCpT71fb +qQwE4Bvr1tyuA6biB4H40RiLGWuG+8BoVn1pgSL/9GzRnsEnSN2KCfaqzk9VMDnP +TQRx0yJY+Zl5FB/ufeEJH8hh1OS3dAJhR7IYLktlm8S68dSI/oTs811BWIw1dOqa +KbpElXS5Tr9usGOehxy7q6dlazj2+nDzIhQ/20koX0dqyN1O8Pzi4OWcR5YQEBDO +8Bp9v6JNowwbMkZGSg/C1GMNwN4rEhLlAgpv8/4CoZwlQM0oROWiiZwczpVniDiq +6dYtTUhuJwC0cgJLSswDXpnAlp30hPB7EV5MIdr+9ybuRAx59Nl+ZB8g6utuWNaA +lNTrAsouwWBalHmY/f4/ltEnHkwgKCReYFHpDNuDVtnxhtEfGzd5IxQWNl2etWCR +Nnf7Z3DQHLTduIQD2R0qp73tqFK8T1DR/HZkbZnZPvBqmUIXvCnHJKKB3ntrkpqR +bQHMq6Tkv3NL+N3XpZwEz0AOeiRE+gsCAwEAAaOB0zCB0DAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBQl88evytJrL7t5BGRbJUeMOW4jaTCBjQYDVR0jBIGFMIGC +gBQl88evytJrL7t5BGRbJUeMOW4jaaFUpFIwUDELMAkGA1UEBhMCVVMxCzAJBgNV +BAgMAkNBMQwwCgYDVQQHDANTVkwxDTALBgNVBAoMBGdSUEMxFzAVBgNVBAMMDnRl +c3Qtc2VydmVyX2NhghRVpg8Kb6uHOfElNFZXvAkqSZG5bTAOBgNVHQ8BAf8EBAMC +AgQwDQYJKoZIhvcNAQELBQADggIBAMGqi2F7ccNQ0FSiALPUjO0VvQrUqdWLrc9Z +67rr7wBu4bEzchM+HQP9GwbnSnH9yT0pnYj2H6idAfqTww1kKuR4CYMkGsNJ9PYW +AgYdrC67HKT2xhy9YmrUItIe/pM6rRO6oNA8Np3IAEmC0gpVMqmPqHeLvwhxcf4f +izsi148gTGOxBIWVNupImFrOaztKV6SbVwA+wdHNJvXz4MEEYlMlgHFfkrAEXHfO +6QmHXru8C0BIQaMOiVZDN8YCwmsrcGFYjHFRS/OnYblrRxuVDdhpMmNiQRJLhZHi +jf6WOpJS7o50FmC8bG1CE0CqMNF/qz3Hap36Rm2w/xSems2dIqMr6FsH34KkyXzm +pCHN162g720orV1uExpgfRSfv+IaklN1sM98WkTqAkz9p6OPPEo4VHeVGUk/mFuv +aVnByrk7qmpTLBGDk7dFI0GjsNwOz619omgYZGliRU+7rDXP4fN6EPlF5sQO7MJX +REOSZvVcHPpIAIqTFRR4SBnwYGsEPQbTKTH7jJROg0TGmiKeN4N1syb4KNos2Wfp +ZZB+f2qmn6LXS6d2kI692UomRfGVNoBEsAhWBW7FzpU/WnT+aF97VpvWUEqzg/AS +61tKM/t/ap6kNTLaPGSWTk9Ade/KuMmg+nSrL6S1Xa0T1rl2Qjd5h7U6JLWHL94v +GPxPuBsN +-----END CERTIFICATE----- diff --git a/tls/x509/server_ca_key.pem b/tls/x509/server_ca_key.pem new file mode 100644 index 000000000..1f69f3435 --- /dev/null +++ b/tls/x509/server_ca_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDGjoKfzSeTeLk+ +CZicwGJyYkTKQTPlhskS7I34yO/XCK+pzbc/vmq+7u7QU94+m0dkr5Dc8Ke/sFmN +z4wNDNmFRY3yPB6cwY7GlWtfTOMrtDS73ZhuseDET1+REDl9lxcbNmWuGwlAlQAb +7RAYJLONZm9JpvYmtWf+BgTOKRyXzVDrMAmRMj28AJkLS+dNzpexULxAKlPvV9up +DATgG+vW3K4DpuIHgfjRGIsZa4b7wGhWfWmBIv/0bNGewSdI3YoJ9qrOT1UwOc9N +BHHTIlj5mXkUH+594QkfyGHU5Ld0AmFHshguS2WbxLrx1Ij+hOzzXUFYjDV06pop +ukSVdLlOv26wY56HHLurp2VrOPb6cPMiFD/bSShfR2rI3U7w/OLg5ZxHlhAQEM7w +Gn2/ok2jDBsyRkZKD8LUYw3A3isSEuUCCm/z/gKhnCVAzShE5aKJnBzOlWeIOKrp +1i1NSG4nALRyAktKzANemcCWnfSE8HsRXkwh2v73Ju5EDHn02X5kHyDq625Y1oCU +1OsCyi7BYFqUeZj9/j+W0SceTCAoJF5gUekM24NW2fGG0R8bN3kjFBY2XZ61YJE2 +d/tncNActN24hAPZHSqnve2oUrxPUNH8dmRtmdk+8GqZQhe8KcckooHee2uSmpFt +AcyrpOS/c0v43delnATPQA56JET6CwIDAQABAoICAQC80PSi5kMGWD1AI3v/RGvZ +/l0QQOULFhvMZSu1M8/wGxCBV2E1uuxj2W88qSSlQKCpvNLzZ979yMPAuWejWV7Y +/4W2nzk1NFODwL+0hrdY7itfo6C7U2g9BoYIuvcQ2Udd12LmKEuqIIdUByHQ88XT +Z1/ZGG7n7IaR6ENVkX7hVJvoq2vNqYtPZvoi5fF16koSkoYSNq5O4qu+m/Fe9O5X +CtBoJKC5Jv3oSYCtkbVxXk1aQjS8Wv4v//NvFps3DYWhZ/KR8ps+GxtpUBq1/unB +ohKj8qGnDwLQOIvgGgfiyAieV1vrWkOr1283XTdRYjK6Uyo6/Eoxfo9PsxRZVACK +lpkRGn2p1GTbx442INrOwhJbJtKAcSlM7V8m2dAhgMTXXJzPtl0eCNWGy0s1obpK +1p9qTUz23s3WA425TAXQwIFpq0CdrXPgaXmZYw5LlfuwQhUmw5SQBOg8dX30Y5rb +vrrBBj1+2kAEYyeC3aQ3HwP6qAevWtmlbyCLMS5pYcPTRIEJlVX7OMCZSmvYnOku +0Vghgr2g+FZjNgQMo0HYEq6bb1jmpnN6tY4y3H7Zq76xavkFBWzaz8aHEB1koBoW +e0z+AaojAXEMaAKzsA3hF74HZA4kZf9kFi4er4ZLlnZFrU7UCN99mQfsV0LU+75E +rpzoRVYE8CZN9egiphZFYQKCAQEA8AUt1mi3tDfbyuDnut9KVkraCDAQ5WX+31H9 +BTPdIoXaeYx29zCKSEaBAMvf43s2pDgVPVyuc7KVFp8l3LZZ+znNWxU3eVznE2Ua +1QUTR8ZxueUIyOZxuSHU8xqWvxZ7SLZYTqTVmYGpORjvuQIgS/+6GrAbCNcZLNIo +I7U4/Nx4zJ3bkF1xaKJcaVXQRwG0cHQEZZdgkaE+J/ak3WTRC/11tEr4agGo+UDF +6XBQryp3HxPMnZyAv44zOB9gqD/FvnxH6S5ybc93eISQXZoJQuuad3GuEn28Gz5x +Bsr6zzSkhsTp2cEr2AVSH+b/SCseZ/2JEE0mjPxgjXRVLQrnGQKCAQEA08akFJjH +nq0aEcL8HWbUE2PuuXcq/vUZHFNv1gG+e6vZ7gU7bq+5SS3+APuerPQrhE+3mKsn +WKUfkr2Rgn2Yxieo/u+SKMbDaNNT5h08KgA/joewRYDeInACw9QHsKPKArWmWn6d +6fHYl5d3rxUPGUaM0fsdOvayX+xeN4PDn+puqzInhh3TFbeyvkpu1b/xZZ17u7Xz +yvu1PRHNt5eZB6QZ/GF3d1r63CTC7m3GF/wikoV9Ygy0Me8gw8WxqnF42GFRyUIa +wHXfb3w4Y4rZ17b7x5H18FF4tHMgXN0pNbGk+PoIFB3Erzfqi95xVyZh/MROwFiL +qy2KeRoniUbCwwKCAQBDvxJ7DD+dzI5rKyP9KP1Qcfwsh3SdazaPThL+nu7xyZoq +6KzDhJ3jXJMY6HKfQK3hmDrWgQx0d5mBMxZ6v7WSJXSDGu/3f3Nxk/4I1k/k2GxN +LgpWukSrHpN+sqiN8wiFM4KlX/0yQNjE1vcC30jCasHauo5G5n+imQbfXU1igdBO +4NeSXe2evQUcbi5FfIOzoeuDyUBmmn5yxTkvjD89BSNt6iNHuIQ7Jj82bo83geLx +kKMWcZAdgUOPubuMgcOMyoN5m7SMrhxolfIxmUK38sw8noeljHvFrNA2PKCiT5eI +upfO8KkxZf8SJh8z/YetjnBbe4tADBQsmQNZnVQxAoIBABNKmxPNPxHzTtajXngH +L/Z8OfjnJCGJjjoIV7209vcpFncaPum8VDKYX/US9sdmjrhE0sKzhKgMkq25WxH6 +Avq6Dij7BeN1B8P6zD/AFgT1dNS1A5exP4r/jSDtpa2vne1VQswnkJcJEuPsRljK +oE97H8TZDTab1m/qhkKkXCOrJV2u+e67tMjbrQqsmSAblg/dorHcx1KMT1w6zPSW +eLg7eKqG7m0O+p8nMiKqGUuCClwykNNnuNp7oA51adPO9mUvqFWfEfTKSApN1I0s +zt9ZqeHqJ+82XLqDakVLWD+t6QtNK4M5mvsjKtiG8OgxdOejslDPQBnd0ilp+oQE +0CUCggEATL5jg3Kcbq9HcaFEdgqzVXXcqNI4hOVWjP3Vp6W390PUZkmls1Igms3l +zc9fhibHv5gRq/Y3xQGUuP0dKuPuTykjXUTRozeal5ErkiLU6PZeVlz7xUHbLrF9 +J/IARiZtnfhcDh8qo33QZ4m4HUB5b54/4Gdzr7go8o0UVI50gXY65kwz5hV79/7P +S38hxS+X+k2FkWuCNrP6ECkC/L8jNM1h2gR4Ez6FziiNxYbOhQgsaTQRKjca/v/E +tzX9oZjMqiWtWKcxgSCZs/1DscXjjCsi64f/oOBShF1x4ZeiMoZTMhQBLMlbVx/n +JxRWkMCYLEbAZXWJXEKHyqaiIAOpkw== +-----END PRIVATE KEY----- diff --git a/tls/x509/spiffe_cert.pem b/tls/x509/spiffe_cert.pem new file mode 100644 index 000000000..bbe7d66a4 --- /dev/null +++ b/tls/x509/spiffe_cert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFsjCCA5qgAwIBAgIURygVMMzdr+Q7rsUaz189JozyHMwwDQYJKoZIhvcNAQEL +BQAwTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTVkwxDTAL +BgNVBAoMBGdSUEMxFTATBgNVBAMMDHRlc3QtY2xpZW50MTAeFw0yMTEyMjMxODQy +NTJaFw0zMTEyMjExODQyNTJaME4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM +MAoGA1UEBwwDU1ZMMQ0wCwYDVQQKDARnUlBDMRUwEwYDVQQDDAx0ZXN0LWNsaWVu +dDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ4AqpGetyVSqGUuBJ +LVFla+7bEfca7UYzfVSSZLZ/X+JDmWIVN8UIPuFib5jhMEc3XaUnFXUmM7zEtz/Z +G5hapwLwOb2C3ZxOP6PQjYCJxbkLie+b43UQrFu1xxd3vMhVJgcj/AIxEpmszuqO +a6kUrkYifjJADQ+64kZgl66bsTdXMCzpxyFl9xUfff59L8OX+HUfAcoZz3emjg3Z +JPYURQEmjdZTOau1EjFilwHgd989Jt7NKgx30NXoHmw7nusVBIY94fL2VKN3f1XV +m0dHu5NI279Q6zr0ZBU7k5T3IeHnzsUesQS4NGlklDWoVTKk73Uv9Pna8yQsSW75 +7PEbHOGp9Knu4bnoGPOlsG81yIPipO6hTgGFK24pF97M9kpGbWqYX4+2vLlrCAfc +msHqaUPmQlYeRVTT6vw7ctYo2kyUYGtnODXk76LqewRBVvkzx75QUhfjAyb740Yc +DmIenc56Tq6gebJHjhEmVSehR6xIpXP7SVeurTyhPsEQnpJHtgs4dcwWOZp7BvPN +zHXmJqfr7vsshie3vS5kQ0u1e1yqAqXgyDjqKXOkx+dpgUTehSJHhPNHvTc5LXRs +vvXKYz6FrwR/DZ8t7BNEvPeLjFgxpH7QVJFLCvCbXs5K6yYbsnLfxFIBPRnrbJkI +sK+sQwnRdnsiUdPsTkG5B2lQfQIDAQABo4GHMIGEMB0GA1UdDgQWBBQ2lBp0PiRH +HvQ5IRURm8aHsj4RETAfBgNVHSMEGDAWgBQ2lBp0PiRHHvQ5IRURm8aHsj4RETAP +BgNVHRMBAf8EBTADAQH/MDEGA1UdEQQqMCiGJnNwaWZmZTovL2Zvby5iYXIuY29t +L2NsaWVudC93b3JrbG9hZC8xMA0GCSqGSIb3DQEBCwUAA4ICAQA1mSkgRclAl+E/ +aS9zJ7t8+Y4n3T24nOKKveSIjxXm/zjhWqVsLYBI6kglWtih2+PELvU8JdPqNZK3 +4Kl0Q6FWpVSGDdWN1i6NyORt2ocggL3ke3iXxRk3UpUKJmqwz81VhA2KUHnMlyE0 +IufFfZNwNWWHBv13uJfRbjeQpKPhU+yf4DeXrsWcvrZlGvAET+mcplafUzCp7Iv+ +PcISJtUerbxbVtuHVeZCLlgDXWkLAWJN8rf0dIG4x060LJ+j6j9uRVhb9sZn1HJV ++j4XdIYm1VKilluhOtNwP2d3Ox/JuTBxf7hFHXZPfMagQE5k5PzmxRaCAEMJ1l2D +vUbZw+shJfSNoWcBo2qadnUaWT3BmmJRBDh7ZReib/RQ1Rd4ygOyzP3E0vkV4/gq +yjLdApXh5PZP8KLQZ+1JN/sdWt7VfIt9wYOpkIqujdll51ESHzwQeAK9WVCB4UvV +z6zdhItB9CRbXPreWC+wCB1xDovIzFKOVsLs5+Gqs1m7VinG2LxbDqaKyo/FB0Hx +x0acBNzezLWoDwXYQrN0T0S4pnqhKD1CYPpdArBkNezUYAjS725FkApuK+mnBX3U +0msBffEaUEOkcyar1EW2m/33vpetD/k3eQQkmvQf4Hbiu9AF+9cNDm/hMuXEw5EX +GA91fn0891b5eEW8BJHXX0jri0aN8g== +-----END CERTIFICATE----- diff --git a/tls/x509/spiffe_key.pem b/tls/x509/spiffe_key.pem new file mode 100644 index 000000000..77a33e9d0 --- /dev/null +++ b/tls/x509/spiffe_key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDJ4AqpGetyVSqG +UuBJLVFla+7bEfca7UYzfVSSZLZ/X+JDmWIVN8UIPuFib5jhMEc3XaUnFXUmM7zE +tz/ZG5hapwLwOb2C3ZxOP6PQjYCJxbkLie+b43UQrFu1xxd3vMhVJgcj/AIxEpms +zuqOa6kUrkYifjJADQ+64kZgl66bsTdXMCzpxyFl9xUfff59L8OX+HUfAcoZz3em +jg3ZJPYURQEmjdZTOau1EjFilwHgd989Jt7NKgx30NXoHmw7nusVBIY94fL2VKN3 +f1XVm0dHu5NI279Q6zr0ZBU7k5T3IeHnzsUesQS4NGlklDWoVTKk73Uv9Pna8yQs +SW757PEbHOGp9Knu4bnoGPOlsG81yIPipO6hTgGFK24pF97M9kpGbWqYX4+2vLlr +CAfcmsHqaUPmQlYeRVTT6vw7ctYo2kyUYGtnODXk76LqewRBVvkzx75QUhfjAyb7 +40YcDmIenc56Tq6gebJHjhEmVSehR6xIpXP7SVeurTyhPsEQnpJHtgs4dcwWOZp7 +BvPNzHXmJqfr7vsshie3vS5kQ0u1e1yqAqXgyDjqKXOkx+dpgUTehSJHhPNHvTc5 +LXRsvvXKYz6FrwR/DZ8t7BNEvPeLjFgxpH7QVJFLCvCbXs5K6yYbsnLfxFIBPRnr +bJkIsK+sQwnRdnsiUdPsTkG5B2lQfQIDAQABAoICAQCXbolwqfHVFQ/OLRLzsZvy +UZGeIY7UUxKrAyPSoNvJFpr7DG7n7arOcaTOG1p56aYyYPvHIrB7FKpQggnSCYIy +1j89BoMjTKu4gsKWad72+ivB/RmRPYGOHUy6QftXpXQ9c0Y99weJ2iMO3zRR2269 +BbG0pCd7ppCbJquWP5IKVlhl/cxjHS3vd/YPZorlS1QUhpsMxGHfFKLzfHHk5nX1 +ZIHlctZIHeWw8VG8W/xbbnA2RhcxnY42vqAG+/NCkgZUAM3WU8zWfU0WEZ3Imy9Q +HuPv7m9H+vyBYSYQR7eh3nfAVHnHeRBKQX6hpQ/PEwHneXzVmZVnaaZD1l35+oQs +9mCmIC5PkwGe+vJI+Rxt5UElgzRDMVF6YuHfmobQQn5mT0Jsbdn6tfaFXa+e8+Ja +4WSlv/rVNSvCxNSwV0fOGIIrV1CIElf9ei7Go/Jewz94Eh2PdoOL9gNPqBeFFLmt +mS7HgST/Dkn8yAvyYgY5IDDWDiauECMV2F37QRk9stX+dUFhDQU3P/CcMH0SRyjx +vXRRvWY/5rWuinJcIr1Kb0OHiDztrM/4wAYc1BQjsL6CPKT3aAmCs/fxf0JflK/o +pvzsK5+AyBrvEBh9SXPcQYYEj6ZYCGZ/rPVlmgOjT/d4+xZf0FBUi3g+np7V15Km +ao4LgfcSQF5xUVTiyGo1AQKCAQEA423AcschurSrHwnmL1E5UIaYoFyKok2W3GZ6 +nu8Gp49GlF1v+CQ4w0zMNgigTTHxPyShK4/lC1n8W7liuo2TD98Km4qsnkD04R1z +Jf2PNBoVfMFEwxTA0t3LYfqJc3xLxWTR7wbvIRwtrcM/tFbU0RQAZ0/eE5Vine6t +fU8HBn/kSnUeCXMjFqheRccluYQgwES5ayJjnvf4Yrwe+In89+C6JE01LetqtxiL +U9X6iO9VpF9JVI7CPTBd7cZI3jfO+N2dXGlnt/Dp95S3RymoRSyMA1ILCCFZOeTo +Kh26/6hfgc2ox6ttN+s/1J9xPaXFmvbEAT27n+bDFVIfvF9QwQKCAQEA4zx4xLsW +AdljDLSDcLziWE1ikvO25hWiH3Q7ZyFi7vqby4d7FdgazNERrFZaCNQeSLfMakLd +zO1URfWsG7+6XvY45VtgVlqw2+uAHlE/B3FtrSeaIDr68AvWfPo02vckRMgTCBch +MEvul58A658mlybOkTHoRyaeDDD+83sIHAnyFzublxfsfbdgqzFW1RxfiUwmAM7w +9rI+PFPQnBgBkfyjcOfaVx/I1uvm3Nnl4ZUAmEdz6YlJdN6EhM8SjCP2LsLvhDUz +kjZ5WJ50ybRs3DWhDH/d06DmFlGwgu894TKBHqrq2fgDDukpZkH7cHldcjugzlHJ +c2CAO9MxI4UyvQKCAQAogEgQaKP6EuiSe3nRnV5el8mgbTqHEtg14c4edaSyvFIu +Y8Fn6FNvfEK1sK2TcbxrqUNGdbatYdYOI6KQZFv3LJo//t8kw56YZF04O8J/3dFL +yUNMlmqMYtEwXqSRu2Xm/kBgl9SICfOciTPUEs6NeUllHJUI2caZJ4Mf2K4Am0/1 +bovt1OI/y7YWKRPvyLboZpS6noItMi26r5O4YSJ6pjuf8VvyFIWJm8ZcJLQcJLsU +rZ9qfo3axb1EddZONJQYP6chaOf+mtmfrI1DEAkWYIuCn961EPNJ2xj5PxgpJTv0 +6sIO5NlrZuqUG9zXxKi/Iwjey7aZEEhXiKt8KWFBAoIBABtcRaJScHTqit2VwpnJ +dGtzbeIJzETp5+pnoVtqjrH9pNKdznkz2w48QieBAjg76iWRU+Cbin9JODNwQDfb +HwKeHP2owfHD27WvJm8AE1m/E5icwxcMYviSRFIqAkE3LrvFZ107A7j/+4twDrlQ +IWJjvs2Gt9QRV0hagegpMTHHFMotWC+aJtSARvh16WGhl/M9IvpH8IWTsqCq6txQ +m6fLRpaqpASHhDQ0lUiUR/Sgb0DmoZNF/3096bDgCfirv9GjkRlXGo2JV5UPBzre +KZleL7UElF4N6oZXcaxiSA4ceaWKqNpz3VJnSp/QZAkH4/OEMHmHKX1l6irJ5AnF +2PUCggEAQzXltQN+24eNh9nD9BzJR7CYOJQ4CzmHbkxJJZXGJtSCv0mYcEsSRmpH +5mW9hr8w6Y5WL4XfMduUX9od8exJtXl5d7Fl8oUNh+CwDr9smEjEDchh+6d11ZCi +Ervr1XOmNyOtpnQ1+N2nbbBEMLVns9yX6oNnl9mBdwpvwko7Q9ahyTvWnE2oG5At +8VeX/34k6BWdqPCJfnISMVbt6D+J0kaqaVw6BplTNSRs93bmqKwpcrRHMTida+bO +l9t8Cy3TguZdRWTJZ0kFmze0fV6dXYookZoUIeisTZBl701tOsvysZjxtMQJfTLJ +Io+0lEzXxTbCbBP/iyizjo62XTgpdQ== +-----END PRIVATE KEY-----