From 3c4ae86ec14fe835947d8f84d8cf977dffb2fa29 Mon Sep 17 00:00:00 2001 From: Stephen Wakely Date: Fri, 13 Oct 2023 09:53:45 +0100 Subject: [PATCH] feat(amqp): added integration test for TLS (#18813) * feat(sources): enable TLS in AMQP source(sink) - added integration test for TLS - new test certs for rabbitmq Ref: LOG-16435 Signed-off-by: Dmitri Khokhlov * Remove sleep container Signed-off-by: Stephen Wakely * Await connection at start of tests Signed-off-by: Stephen Wakely * Clippy Signed-off-by: Stephen Wakely * Try a much smaller pause Signed-off-by: Stephen Wakely --------- Signed-off-by: Dmitri Khokhlov Signed-off-by: Stephen Wakely Co-authored-by: Dmitri Khokhlov --- scripts/integration/Dockerfile | 1 + scripts/integration/amqp/compose.yaml | 11 ++- src/amqp.rs | 24 +++++ src/sinks/amqp/integration_tests.rs | 4 + src/sources/amqp.rs | 63 +++++++++++- tests/data/Makefile | 18 ++++ .../certs/rabbitmq-chain.cert.pem | 98 +++++++++++++++++++ .../certs/rabbitmq.cert.pem | 32 ++++++ .../intermediate_server/csr/rabbitmq.csr.pem | 17 ++++ tests/data/ca/intermediate_server/index.txt | 1 + .../data/ca/intermediate_server/index.txt.old | 1 + .../ca/intermediate_server/newcerts/1007.pem | 32 ++++++ .../private/rabbitmq.key.pem | 27 +++++ tests/data/ca/intermediate_server/serial | 2 +- tests/data/ca/intermediate_server/serial.old | 2 +- 15 files changed, 326 insertions(+), 7 deletions(-) create mode 100644 tests/data/ca/intermediate_server/certs/rabbitmq-chain.cert.pem create mode 100644 tests/data/ca/intermediate_server/certs/rabbitmq.cert.pem create mode 100644 tests/data/ca/intermediate_server/csr/rabbitmq.csr.pem create mode 100644 tests/data/ca/intermediate_server/newcerts/1007.pem create mode 100644 tests/data/ca/intermediate_server/private/rabbitmq.key.pem diff --git a/scripts/integration/Dockerfile b/scripts/integration/Dockerfile index 8479094588153..f2ff5ef201d4d 100644 --- a/scripts/integration/Dockerfile +++ b/scripts/integration/Dockerfile @@ -19,4 +19,5 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ RUN rustup run "${RUST_VERSION}" cargo install cargo-nextest --version 0.9.25 --locked COPY scripts/environment/install-protoc.sh / +COPY tests/data/ca/certs /certs RUN bash /install-protoc.sh diff --git a/scripts/integration/amqp/compose.yaml b/scripts/integration/amqp/compose.yaml index 9c268b7ede3ff..865c35266f15f 100644 --- a/scripts/integration/amqp/compose.yaml +++ b/scripts/integration/amqp/compose.yaml @@ -4,4 +4,13 @@ services: rabbitmq: image: docker.io/rabbitmq:${CONFIG_VERSION} ports: - - 5672:5672 + - 5672:5672 + - 5671:5671 + environment: + - RABBITMQ_SSL_KEYFILE=/code/tests/data/ca/intermediate_server/private/rabbitmq.key.pem + - RABBITMQ_SSL_CERTFILE=/code/tests/data/ca/intermediate_server/certs/rabbitmq.cert.pem + - RABBITMQ_SSL_CACERTFILE=/code/tests/data/ca/intermediate_server/certs/ca-chain.cert.pem + - RABBITMQ_SSL_FAIL_IF_NO_PEER_CERT=false + volumes: + - ${PWD}:/code + diff --git a/src/amqp.rs b/src/amqp.rs index 074011cce5478..247ad4d03099e 100644 --- a/src/amqp.rs +++ b/src/amqp.rs @@ -34,6 +34,30 @@ impl Default for AmqpConfig { } } +/// Polls the connection until a connection can be made. +/// Gives up after 5 attempts. +#[cfg(feature = "amqp-integration-tests")] +#[cfg(test)] +pub(crate) async fn await_connection(connection: &AmqpConfig) { + let mut pause = tokio::time::Duration::from_millis(1); + let mut attempts = 0; + + loop { + let connection = connection.clone(); + if connection.connect().await.is_ok() { + return; + } + attempts += 1; + + if attempts == 5 { + return; + } + + tokio::time::sleep(pause).await; + pause *= 2; + } +} + impl AmqpConfig { pub(crate) async fn connect( &self, diff --git a/src/sinks/amqp/integration_tests.rs b/src/sinks/amqp/integration_tests.rs index 194a2edae6947..7ac1d9caa78dc 100644 --- a/src/sinks/amqp/integration_tests.rs +++ b/src/sinks/amqp/integration_tests.rs @@ -1,5 +1,6 @@ use super::*; use crate::{ + amqp::await_connection, config::{SinkConfig, SinkContext}, shutdown::ShutdownSignal, template::Template, @@ -33,6 +34,7 @@ async fn healthcheck() { let mut config = make_config(); config.exchange = Template::try_from(exchange.as_str()).unwrap(); + await_connection(&config.connection).await; let (_conn, channel) = config.connection.connect().await.unwrap(); super::config::healthcheck(Arc::new(channel)).await.unwrap(); } @@ -57,6 +59,7 @@ async fn amqp_happy_path() { config.exchange = Template::try_from(exchange.as_str()).unwrap(); let queue = format!("test-{}-queue", random_string(10)); + await_connection(&config.connection).await; let (_conn, channel) = config.connection.connect().await.unwrap(); let exchange_opts = lapin::options::ExchangeDeclareOptions { auto_delete: true, @@ -141,6 +144,7 @@ async fn amqp_round_trip() { config.exchange = Template::try_from(exchange.as_str()).unwrap(); let queue = format!("test-{}-queue", random_string(10)); + await_connection(&config.connection).await; let (_conn, channel) = config.connection.connect().await.unwrap(); let exchange_opts = lapin::options::ExchangeDeclareOptions { auto_delete: true, diff --git a/src/sources/amqp.rs b/src/sources/amqp.rs index ca010ff6e911c..3b45a8cedd680 100644 --- a/src/sources/amqp.rs +++ b/src/sources/amqp.rs @@ -494,6 +494,7 @@ async fn handle_ack(status: BatchStatus, entry: FinalizerEntry) { pub mod test { use lookup::OwnedTargetPath; use vector_core::schema::Definition; + use vector_core::tls::TlsConfig; use vrl::value::kind::Collection; use super::*; @@ -510,9 +511,32 @@ pub mod test { }; let user = std::env::var("AMQP_USER").unwrap_or_else(|_| "guest".to_string()); let pass = std::env::var("AMQP_PASSWORD").unwrap_or_else(|_| "guest".to_string()); + let host = std::env::var("AMQP_HOST").unwrap_or_else(|_| "rabbitmq".to_string()); let vhost = std::env::var("AMQP_VHOST").unwrap_or_else(|_| "%2f".to_string()); config.connection.connection_string = - format!("amqp://{}:{}@rabbitmq:5672/{}", user, pass, vhost); + format!("amqp://{}:{}@{}:5672/{}", user, pass, host, vhost); + + config + } + + pub fn make_tls_config() -> AmqpSourceConfig { + let mut config = AmqpSourceConfig { + queue: "it".to_string(), + ..Default::default() + }; + let user = std::env::var("AMQP_USER").unwrap_or_else(|_| "guest".to_string()); + let pass = std::env::var("AMQP_PASSWORD").unwrap_or_else(|_| "guest".to_string()); + let vhost = std::env::var("AMQP_VHOST").unwrap_or_else(|_| "%2f".to_string()); + let host = std::env::var("AMQP_HOST").unwrap_or_else(|_| "rabbitmq".to_string()); + let ca_file = + std::env::var("AMQP_CA_FILE").unwrap_or_else(|_| "/certs/ca.cert.pem".to_string()); + config.connection.connection_string = + format!("amqps://{}:{}@{}/{}", user, pass, host, vhost); + let tls = TlsConfig { + ca_file: Some(ca_file.as_str().into()), + ..Default::default() + }; + config.connection.tls = Some(tls); config } @@ -588,6 +612,7 @@ mod integration_test { use super::test::*; use super::*; use crate::{ + amqp::await_connection, shutdown::ShutdownSignal, test_util::{ components::{run_and_assert_source_compliance, SOURCE_TAGS}, @@ -604,6 +629,23 @@ mod integration_test { #[tokio::test] async fn amqp_source_create_ok() { let config = make_config(); + await_connection(&config.connection).await; + assert!(amqp_source( + &config, + ShutdownSignal::noop(), + SourceSender::new_test().0, + LogNamespace::Legacy, + false, + ) + .await + .is_ok()); + } + + #[tokio::test] + async fn amqp_tls_source_create_ok() { + let config = make_tls_config(); + await_connection(&config.connection).await; + assert!(amqp_source( &config, ShutdownSignal::noop(), @@ -640,17 +682,16 @@ mod integration_test { .unwrap(); } - #[tokio::test] - async fn amqp_source_consume_event() { + async fn source_consume_event(mut config: AmqpSourceConfig) { let exchange = format!("test-{}-exchange", random_string(10)); let queue = format!("test-{}-queue", random_string(10)); let routing_key = "my_key"; trace!("Test exchange name: {}.", exchange); let consumer = format!("test-consumer-{}", random_string(10)); - let mut config = make_config(); config.consumer = consumer; config.queue = queue; + let (_conn, channel) = config.connection.connect().await.unwrap(); let exchange_opts = lapin::options::ExchangeDeclareOptions { auto_delete: true, @@ -718,4 +759,18 @@ mod integration_test { assert!(log_ts.signed_duration_since(now) < chrono::Duration::seconds(1)); assert_eq!(log["exchange"], exchange.into()); } + + #[tokio::test] + async fn amqp_source_consume_event() { + let config = make_config(); + await_connection(&config.connection).await; + source_consume_event(config).await; + } + + #[tokio::test] + async fn amqp_tls_source_consume_event() { + let config = make_tls_config(); + await_connection(&config.connection).await; + source_consume_event(config).await; + } } diff --git a/tests/data/Makefile b/tests/data/Makefile index bba075eeecffc..e22c324885b16 100644 --- a/tests/data/Makefile +++ b/tests/data/Makefile @@ -133,6 +133,24 @@ ca/intermediate_server/certs/postgres.cert.pem: ca/intermediate_server/csr/postg ca/intermediate_server/certs/postgres-chain.cert.pem: ca/intermediate_server/certs/ca-chain.cert.pem ca/intermediate_server/certs/postgres.cert.pem cat ca/intermediate_server/certs/postgres.cert.pem ca/intermediate_server/certs/ca-chain.cert.pem > ca/intermediate_server/certs/postgres-chain.cert.pem +ca/intermediate_server/private/rabbitmq.key.pem: + openssl genrsa -out ca/intermediate_server/private/rabbitmq.key.pem 2048 + +ca/intermediate_server/csr/rabbitmq.csr.pem: ca/intermediate_server/private/rabbitmq.key.pem + openssl req -config ca/intermediate_server/openssl.cnf \ + -key ca/intermediate_server/private/rabbitmq.key.pem \ + -subj '/CN=rabbitmq/OU=Vector/O=Datadog/ST=New York/L=New York/C=US' \ + -new -sha256 -out ca/intermediate_server/csr/rabbitmq.csr.pem + +ca/intermediate_server/certs/rabbitmq.cert.pem: ca/intermediate_server/csr/rabbitmq.csr.pem + openssl ca -batch -config ca/intermediate_server/openssl.cnf \ + -extensions server_cert -days 3650 -notext -md sha256 \ + -in ca/intermediate_server/csr/rabbitmq.csr.pem \ + -out ca/intermediate_server/certs/rabbitmq.cert.pem + +ca/intermediate_server/certs/rabbitmq-chain.cert.pem: ca/intermediate_server/certs/ca-chain.cert.pem ca/intermediate_server/certs/rabbitmq.cert.pem + cat ca/intermediate_server/certs/rabbitmq.cert.pem ca/intermediate_server/certs/ca-chain.cert.pem > ca/intermediate_server/certs/rabbitmq-chain.cert.pem + ca/intermediate_server/private/kafka.key.pem: openssl genrsa -out ca/intermediate_server/private/kafka.key.pem 2048 diff --git a/tests/data/ca/intermediate_server/certs/rabbitmq-chain.cert.pem b/tests/data/ca/intermediate_server/certs/rabbitmq-chain.cert.pem new file mode 100644 index 0000000000000..b32e1e8e52cdb --- /dev/null +++ b/tests/data/ca/intermediate_server/certs/rabbitmq-chain.cert.pem @@ -0,0 +1,98 @@ +-----BEGIN CERTIFICATE----- +MIIFhTCCA22gAwIBAgICEAcwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE5ldyBZb3JrMRAwDgYDVQQKDAdEYXRhZG9nMQ8wDQYDVQQLDAZW +ZWN0b3IxJjAkBgNVBAMMHVZlY3RvciBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4X +DTIzMDQxNTAwMDAzOVoXDTMzMDQxMjAwMDAzOVowaTELMAkGA1UEBhMCVVMxETAP +BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEQMA4GA1UECgwHRGF0 +YWRvZzEPMA0GA1UECwwGVmVjdG9yMREwDwYDVQQDDAhyYWJiaXRtcTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLztNXZwWAo/NxFlt+W2zDPrVOWEJuy +0ZJHmR/V7INCss3c57Qfd8FtTeQGAY5cLF6iBeLDlDtrpKbsvghmK3jLczMcCRad +SlcPeQ1Pk/brfBNdXWokqKqiQqMOHJ9ogdfrPFhSAn36ZdLVIMp/kDnSonwBnApE +xRcHb8W4tiJnKphZYj8W0M9b+XhGs0oemFQK+tefKkl25W3dTPk2RyzlI90OuUAO +5Xy+5OHYNm8582sycxhySxAn8scw7lTrG692QGRyAd3MRdWfRufVKJQJbkJTOkMH +1phxWnECGq8ibGPIPF9VFvQeZZNHhzjWcLkAz2IZCLhU5rE0iJ+zDtkCAwEAAaOC +ATMwggEvMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIB +DQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0O +BBYEFGToO8xk8KujSHMtq/O0lDLN9j/9MIGVBgNVHSMEgY0wgYqAFDw9Oi/M1YID +fZnEWPHh2zbvrQ1BoW6kbDBqMRIwEAYDVQQDDAlWZWN0b3IgQ0ExDzANBgNVBAsM +BlZlY3RvcjEQMA4GA1UECgwHRGF0YWRvZzERMA8GA1UECAwITmV3IFlvcmsxETAP +BgNVBAcMCE5ldyBZb3JrMQswCQYDVQQGEwJVU4ICEAAwDgYDVR0PAQH/BAQDAgWg +MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA/EO6Eq5ff +nyHzIuPoSVIsUxsZo4d01fMbRD3zFuZU3OWBGPjta/IBb3tKiC48KQNBAUJi/9RN +kv+9P+j3/lkaVSEI9U8iDvL/aiqm+GZM8XETu6l4gTuUF8oI/wXtD3EN1yYTeaHb +MGvJLC+9jjMtp5Ujgp+3B6bXWAhkOw7hlXw6iNFc9HnhW+Z91JGJZRS3Et75v/bO +tjpCB5rxhsIBEyha/Aq4h7as+Zo+NSxkQCnAgIki3RsJg5FdBwemU7ra64juN5nA +4HYlRA2yrSznFo2Xvs8rK+iAnUYPG5VThc9pcjfs+A/dXHKw/JGJq/BcfBZFdMIx +nWldWcBV2OOqL2Rj4K6BE6n8fThXhKUqpTwNMdpbQ/wRa8OiFdb11D2dZ0siq+gU +4pou5BcuQHIeh2CAdxNCxJxbJer7ID4N6cb38kK/O31CPW1utPl5axYYS/cBX2yv +H2qliAzaRfCj/9uWXPnokMxk3P8Yr0Wtp1ktNHewNFx6zp36yjStJPrQwkUCeX21 +bqxWbAKk/ZznaRdDzaiJzeMJGqPIqXhqtBPss2FV+ZWllZcnuKMcmiABCJRFnfFL +i6O5Fz728W23QiO4c7tdTEWxLcrXC5XPClSNP8+KkI8RkFPaGdQYzfFB3GkMP8Od +KXkJ7TwIQ7ZGLCx+m3OfhRMIVRvV/vT0RA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwajESMBAGA1UEAwwJVmVj +dG9yIENBMQ8wDQYDVQQLDAZWZWN0b3IxEDAOBgNVBAoMB0RhdGFkb2cxETAPBgNV +BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazELMAkGA1UEBhMCVVMwHhcN +MjIwNjA3MjIyNzUzWhcNMzIwNjA0MjIyNzUzWjBrMQswCQYDVQQGEwJVUzERMA8G +A1UECAwITmV3IFlvcmsxEDAOBgNVBAoMB0RhdGFkb2cxDzANBgNVBAsMBlZlY3Rv +cjEmMCQGA1UEAwwdVmVjdG9yIEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCy/mB0/ZwfgKrSZPQIFaGPtRA9xL2N +o2SsHndZ8k2XOCV225Hb2fzNH+o2WGNSjwmGjLP/uXb47KH0cHCAyFGzSjp++8/O +zoZaFiO0P5El02hQxmoabO3Cqu/N62EFsLfpSM828JM6YOn9p+WXUDn1+YPNoOOE +H142p4/RjFnXNHkzR3geXU4Pfi3KXDrMi8vK42lDqXPLPs6rhreBAfQ2dsYyqhz6 +tg6FzZuXxxzEYyYtNgGh+zTji99WCBMLbCmRcDurRjdTDO7m4O3PrwbGUy0xdLeb +HJiNGvUDCPH4bfwLiNqwVIZY38RBCAqbCnrqRhDaZIfAUev4mq3Kqh6KUeO/U7Vx +/5J5rL5ApREKOfWPATHMprBuEU2rs3N+MPBA04HoiFlu311urCxVEA1qsZCTkoCg +GHuDIVSU4E4hT4co95/J0to4zWgPlfPg1+cXyU8lAIMe7JdCGkG9cDe7Umw/GSbt +ZdoCMQZ6WyyiW2Hw+7sFD3V3VzYa5YA/rjKZRduPmGWKrs+mAa5J5pM2M22rrjbd +EpfTHWLS9s6cPN3/jxpCxn6Hv/KhIYRAcIterugag1+clvS1ajVjxBRavOxPBsf+ +hYdh7S5NTZnT98gjkc3yOuGQm7BPtXau+IYZRlWcB0dJ4/E2P69hmWQezSo9VVWh +5/K1RkbPvqTGZQIDAQABo2YwZDAdBgNVHQ4EFgQUPD06L8zVggN9mcRY8eHbNu+t +DUEwHwYDVR0jBBgwFoAURTWK6ARqnZkz8rktUc5PrtasIh8wEgYDVR0TAQH/BAgw +BgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAGqaGBuL +2J6Na8RHx/GmSeuZFiVcWhmd/I9bVpeMSYHSZujA2nay6OGaUYs0Lq/G5OKgsuT9 +AIHnsn7VUE1zqoDfXac/K8sXlOig8if7rTb+06jgymaP1YSELg3R+pBsdkZnXVil +izh/9FvzoyV+QQlIhojqCIybVFgxa1XFHq4QCPhDfwkg+tp9RctfwNmWgsJ63H19 +RmxN+H2xIrySvObwXnB4j6D4wvgu468QXQMEuSsnLcIQFg6Zteqe8fixbqTiOTBf +Dk1k+EpB9VMEkIPvMdfa48vseXdBEe6Ma9zGuJC76q4q1ZapVLTvOUP5Y24khlgd +cj5tfP7o7yc6HqymfXAcD1lzP2JQhqaRxA4I18Nrd+aHi+G1EM2c3cicuD3n6Iw9 +9oqdCwmMfS25fv5cyA5B6hRusIZ9wRopTi7at+JHl0GIt/FelaTYI7kRmAqgakQe +oEKLpXcH8lRJW802DmXm7ka4eQzwxa7Ngyf8O+JOFtGO0+EshuLJovxiPl6IyLyG +NJ/dHq3ad+46YVManbHdyjHxgT5PSvJFkq0Yluvf44NIyP5QRTCAvfH76bu7hXgS +QoQj5t5ILn6meQRTR79r2iwpQTanPLTEdoZvmrE4TeUBev9BA5KpiPPA3i3ZF/oV +0EYorXCNri7M/jylGW7AuWvNUyaVR6xgxAn6 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJAKhPL9BkNaFGMA0GCSqGSIb3DQEBCwUAMGoxEjAQBgNV +BAMMCVZlY3RvciBDQTEPMA0GA1UECwwGVmVjdG9yMRAwDgYDVQQKDAdEYXRhZG9n +MREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxCzAJBgNVBAYT +AlVTMB4XDTIyMDYwNzIyMjc1MloXDTQyMDYwMjIyMjc1MlowajESMBAGA1UEAwwJ +VmVjdG9yIENBMQ8wDQYDVQQLDAZWZWN0b3IxEDAOBgNVBAoMB0RhdGFkb2cxETAP +BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazELMAkGA1UEBhMCVVMw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9c1T+NXTNmqiiV36NSEJt +7mo0cyv8Byk2ZGdC85vHBm45QDY5USoh0vgonzPpWgSMggPn1WbR0f1y+LBwXdlM ++ZyZh2RVVeUrSjJ88lLHVn4DfywpdDkwQaFj1VmOsj2I9rMMrgc5x5n1Hj7lwZ+t +uPVSAGmgKp4iFfzLph9r/rjP1TUAnVUComfTUVS+Gd7zoGPOc14cMJXG6g2P2aAU +P6dg5uQlTxRmagnlx7bwm3lRwv6LMtnAdnjwBDBxr933nucAnk21GgE92GejiO3Z +OwlzIdzBI23lPcWi5pq+vCTgAArNq24W1Ha+7Jn5QewNTGKFyyYAJetZAwCUR8QS +Ip++2GE2pNhaGqcV5u1Tbwl02eD6p2qRqjfgLxmb+aC6xfl0n9kiFGPZppjCqDEW +sw+gX66nf+qxZVRWpJon2kWcFvhTnLqoa3T3+9+KIeamz2lW6wxMnki/Co2EA1Wa +mmedaUUcRPCgMx9aCktRkMyH6bEY8/vfJ07juxUsszOc46T00Scmn6Vkuo9Uc3Kf +2Q2N6Wo4jtyAiMO4gAwq5kzzpBAhNgRfLHOb83r2gAUj2Y4Vln/UUR/KR8ZbJi4i +r1BjX16Lz3yblJXXb1lp4uZynlbHNaAevXyGlRqHddM2ykKtAX/vgJcZRGSvms11 +uce/cqzrzx60AhpLRma5CwIDAQABo2MwYTAdBgNVHQ4EFgQURTWK6ARqnZkz8rkt +Uc5PrtasIh8wHwYDVR0jBBgwFoAURTWK6ARqnZkz8rktUc5PrtasIh8wDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAEf5 +TR3hq/DtSAmsYotu1lAWz/OlTpG+7AdqSOHB878X4ETN3xaQ+KWvSwvf0K70ZDTV +tFOTh/r43cpzPifPKd1P+2ctnQEzrBtAacvyETLq1ABRK9VJOtfJ6Xk5KZXPhKdY +t353PQgBgW8YzQ2adq2B7FtgIlX7f1DIndjcMZBbolETR6xt9QwB/UnPI7Mwt01T ++bCBhr1fWAbZ4YAMlQ0xRam4qUOTjxgfmePrmSrv4HO7cXHMsRMLiXk+BLcx959/ +K/B6xzpzn6366Eqnqlo/uDiMpo5ud2I/Snz5PduB6oLztPMEf/8RmkG5tpHXYdWr +tM64WqNGO+ikluIrrtYvtyZS4DfsLAMfMYZcxX/Uw56gHo0i2c8I6+6JvGWdvOJ0 +FjrsKeIQoRlV77z025kI4V9jKi3XNMEsAIH+W7KNSut0X80yX7SugvQGoe0GDkXu +0fy8hMC3uTN2LEycYFRRfoIeKPLi6OZFK0PdS2E15d8PEU3n3W4eBCPgMtmiOKLY +d8QNBC8XLAuBoK9R8luCJpOJWUcFXjLpjcDab4V2hKTuAs+GQyDh/Xx4wF1yHX0r +zIkyN0EkOD/SvD8X4uFaM4mdsAh+ucn4ryUV7i5PgvDM9z4InHAMAee1ebBl0U+h ++NzMWF5c5OwxD5o6/Wh1HopmzJiVNT2v9u0kHT/f +-----END CERTIFICATE----- diff --git a/tests/data/ca/intermediate_server/certs/rabbitmq.cert.pem b/tests/data/ca/intermediate_server/certs/rabbitmq.cert.pem new file mode 100644 index 0000000000000..ba9b89cb0ae13 --- /dev/null +++ b/tests/data/ca/intermediate_server/certs/rabbitmq.cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFhTCCA22gAwIBAgICEAcwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE5ldyBZb3JrMRAwDgYDVQQKDAdEYXRhZG9nMQ8wDQYDVQQLDAZW +ZWN0b3IxJjAkBgNVBAMMHVZlY3RvciBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4X +DTIzMDQxNTAwMDAzOVoXDTMzMDQxMjAwMDAzOVowaTELMAkGA1UEBhMCVVMxETAP +BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEQMA4GA1UECgwHRGF0 +YWRvZzEPMA0GA1UECwwGVmVjdG9yMREwDwYDVQQDDAhyYWJiaXRtcTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLztNXZwWAo/NxFlt+W2zDPrVOWEJuy +0ZJHmR/V7INCss3c57Qfd8FtTeQGAY5cLF6iBeLDlDtrpKbsvghmK3jLczMcCRad +SlcPeQ1Pk/brfBNdXWokqKqiQqMOHJ9ogdfrPFhSAn36ZdLVIMp/kDnSonwBnApE +xRcHb8W4tiJnKphZYj8W0M9b+XhGs0oemFQK+tefKkl25W3dTPk2RyzlI90OuUAO +5Xy+5OHYNm8582sycxhySxAn8scw7lTrG692QGRyAd3MRdWfRufVKJQJbkJTOkMH +1phxWnECGq8ibGPIPF9VFvQeZZNHhzjWcLkAz2IZCLhU5rE0iJ+zDtkCAwEAAaOC +ATMwggEvMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIB +DQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0O +BBYEFGToO8xk8KujSHMtq/O0lDLN9j/9MIGVBgNVHSMEgY0wgYqAFDw9Oi/M1YID +fZnEWPHh2zbvrQ1BoW6kbDBqMRIwEAYDVQQDDAlWZWN0b3IgQ0ExDzANBgNVBAsM +BlZlY3RvcjEQMA4GA1UECgwHRGF0YWRvZzERMA8GA1UECAwITmV3IFlvcmsxETAP +BgNVBAcMCE5ldyBZb3JrMQswCQYDVQQGEwJVU4ICEAAwDgYDVR0PAQH/BAQDAgWg +MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA/EO6Eq5ff +nyHzIuPoSVIsUxsZo4d01fMbRD3zFuZU3OWBGPjta/IBb3tKiC48KQNBAUJi/9RN +kv+9P+j3/lkaVSEI9U8iDvL/aiqm+GZM8XETu6l4gTuUF8oI/wXtD3EN1yYTeaHb +MGvJLC+9jjMtp5Ujgp+3B6bXWAhkOw7hlXw6iNFc9HnhW+Z91JGJZRS3Et75v/bO +tjpCB5rxhsIBEyha/Aq4h7as+Zo+NSxkQCnAgIki3RsJg5FdBwemU7ra64juN5nA +4HYlRA2yrSznFo2Xvs8rK+iAnUYPG5VThc9pcjfs+A/dXHKw/JGJq/BcfBZFdMIx +nWldWcBV2OOqL2Rj4K6BE6n8fThXhKUqpTwNMdpbQ/wRa8OiFdb11D2dZ0siq+gU +4pou5BcuQHIeh2CAdxNCxJxbJer7ID4N6cb38kK/O31CPW1utPl5axYYS/cBX2yv +H2qliAzaRfCj/9uWXPnokMxk3P8Yr0Wtp1ktNHewNFx6zp36yjStJPrQwkUCeX21 +bqxWbAKk/ZznaRdDzaiJzeMJGqPIqXhqtBPss2FV+ZWllZcnuKMcmiABCJRFnfFL +i6O5Fz728W23QiO4c7tdTEWxLcrXC5XPClSNP8+KkI8RkFPaGdQYzfFB3GkMP8Od +KXkJ7TwIQ7ZGLCx+m3OfhRMIVRvV/vT0RA== +-----END CERTIFICATE----- diff --git a/tests/data/ca/intermediate_server/csr/rabbitmq.csr.pem b/tests/data/ca/intermediate_server/csr/rabbitmq.csr.pem new file mode 100644 index 0000000000000..f6389e92b508a --- /dev/null +++ b/tests/data/ca/intermediate_server/csr/rabbitmq.csr.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICrjCCAZYCAQAwaTERMA8GA1UEAwwIcmFiYml0bXExDzANBgNVBAsMBlZlY3Rv +cjEQMA4GA1UECgwHRGF0YWRvZzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcM +CE5ldyBZb3JrMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMLztNXZwWAo/NxFlt+W2zDPrVOWEJuy0ZJHmR/V7INCss3c57Qfd8Ft +TeQGAY5cLF6iBeLDlDtrpKbsvghmK3jLczMcCRadSlcPeQ1Pk/brfBNdXWokqKqi +QqMOHJ9ogdfrPFhSAn36ZdLVIMp/kDnSonwBnApExRcHb8W4tiJnKphZYj8W0M9b ++XhGs0oemFQK+tefKkl25W3dTPk2RyzlI90OuUAO5Xy+5OHYNm8582sycxhySxAn +8scw7lTrG692QGRyAd3MRdWfRufVKJQJbkJTOkMH1phxWnECGq8ibGPIPF9VFvQe +ZZNHhzjWcLkAz2IZCLhU5rE0iJ+zDtkCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IB +AQCg/BhDbn/JeBsS8s2iOVmNAIGJDMcB3+SE417qqlujhdwFOzMgcH4g5oEYjZQn +IUx9JcHrv/V1iTx7ESuZl53kCzR27F88qecxbmTQf6gQSZfH3IpNOXX+G+8QvP9B ++NdtdF4mdgxxRQ/10MG4q/G6yeK0nkK9RQxrTosW4QNRMU+2mUGEBxsRSjG60muU +OmJBV8qgJEGHym/CxLMtOfdYM/7QWJTLPrNLkW/UWVRhn7U+cCOgW4ujaCA8Gf2v +6b2UaOGXkvLmNeq5/rP2Rpne1YgvIKEmL1bKJ2IshnYMARTJIXj28jHRPg4sisN/ +Jp0989bLVSFGmPOVIQqUvqpH +-----END CERTIFICATE REQUEST----- diff --git a/tests/data/ca/intermediate_server/index.txt b/tests/data/ca/intermediate_server/index.txt index c76d7b6e20f0d..ab4efe2c2f6bd 100644 --- a/tests/data/ca/intermediate_server/index.txt +++ b/tests/data/ca/intermediate_server/index.txt @@ -4,3 +4,4 @@ V 320613194901Z 1003 unknown /C=US/ST=New York/L=New York/O=Datadog/OU=Vector/C V 320613195026Z 1004 unknown /C=US/ST=New York/L=New York/O=Datadog/OU=Vector/CN=postgres V 320613195253Z 1005 unknown /C=US/ST=New York/L=New York/O=Datadog/OU=Vector/CN=kafka V 320731200837Z 1006 unknown /C=US/ST=New York/L=New York/O=Datadog/OU=Vector/CN=dufs-https +V 330412000039Z 1007 unknown /C=US/ST=New York/L=New York/O=Datadog/OU=Vector/CN=rabbitmq diff --git a/tests/data/ca/intermediate_server/index.txt.old b/tests/data/ca/intermediate_server/index.txt.old index 0d00f73780da9..c76d7b6e20f0d 100644 --- a/tests/data/ca/intermediate_server/index.txt.old +++ b/tests/data/ca/intermediate_server/index.txt.old @@ -3,3 +3,4 @@ V 320613192819Z 1001 unknown /C=US/ST=New York/L=New York/O=Datadog/OU=Vector/C V 320613194901Z 1003 unknown /C=US/ST=New York/L=New York/O=Datadog/OU=Vector/CN=influxdb-v1-tls V 320613195026Z 1004 unknown /C=US/ST=New York/L=New York/O=Datadog/OU=Vector/CN=postgres V 320613195253Z 1005 unknown /C=US/ST=New York/L=New York/O=Datadog/OU=Vector/CN=kafka +V 320731200837Z 1006 unknown /C=US/ST=New York/L=New York/O=Datadog/OU=Vector/CN=dufs-https diff --git a/tests/data/ca/intermediate_server/newcerts/1007.pem b/tests/data/ca/intermediate_server/newcerts/1007.pem new file mode 100644 index 0000000000000..ba9b89cb0ae13 --- /dev/null +++ b/tests/data/ca/intermediate_server/newcerts/1007.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFhTCCA22gAwIBAgICEAcwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE5ldyBZb3JrMRAwDgYDVQQKDAdEYXRhZG9nMQ8wDQYDVQQLDAZW +ZWN0b3IxJjAkBgNVBAMMHVZlY3RvciBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4X +DTIzMDQxNTAwMDAzOVoXDTMzMDQxMjAwMDAzOVowaTELMAkGA1UEBhMCVVMxETAP +BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEQMA4GA1UECgwHRGF0 +YWRvZzEPMA0GA1UECwwGVmVjdG9yMREwDwYDVQQDDAhyYWJiaXRtcTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLztNXZwWAo/NxFlt+W2zDPrVOWEJuy +0ZJHmR/V7INCss3c57Qfd8FtTeQGAY5cLF6iBeLDlDtrpKbsvghmK3jLczMcCRad +SlcPeQ1Pk/brfBNdXWokqKqiQqMOHJ9ogdfrPFhSAn36ZdLVIMp/kDnSonwBnApE +xRcHb8W4tiJnKphZYj8W0M9b+XhGs0oemFQK+tefKkl25W3dTPk2RyzlI90OuUAO +5Xy+5OHYNm8582sycxhySxAn8scw7lTrG692QGRyAd3MRdWfRufVKJQJbkJTOkMH +1phxWnECGq8ibGPIPF9VFvQeZZNHhzjWcLkAz2IZCLhU5rE0iJ+zDtkCAwEAAaOC +ATMwggEvMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIB +DQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0O +BBYEFGToO8xk8KujSHMtq/O0lDLN9j/9MIGVBgNVHSMEgY0wgYqAFDw9Oi/M1YID +fZnEWPHh2zbvrQ1BoW6kbDBqMRIwEAYDVQQDDAlWZWN0b3IgQ0ExDzANBgNVBAsM +BlZlY3RvcjEQMA4GA1UECgwHRGF0YWRvZzERMA8GA1UECAwITmV3IFlvcmsxETAP +BgNVBAcMCE5ldyBZb3JrMQswCQYDVQQGEwJVU4ICEAAwDgYDVR0PAQH/BAQDAgWg +MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA/EO6Eq5ff +nyHzIuPoSVIsUxsZo4d01fMbRD3zFuZU3OWBGPjta/IBb3tKiC48KQNBAUJi/9RN +kv+9P+j3/lkaVSEI9U8iDvL/aiqm+GZM8XETu6l4gTuUF8oI/wXtD3EN1yYTeaHb +MGvJLC+9jjMtp5Ujgp+3B6bXWAhkOw7hlXw6iNFc9HnhW+Z91JGJZRS3Et75v/bO +tjpCB5rxhsIBEyha/Aq4h7as+Zo+NSxkQCnAgIki3RsJg5FdBwemU7ra64juN5nA +4HYlRA2yrSznFo2Xvs8rK+iAnUYPG5VThc9pcjfs+A/dXHKw/JGJq/BcfBZFdMIx +nWldWcBV2OOqL2Rj4K6BE6n8fThXhKUqpTwNMdpbQ/wRa8OiFdb11D2dZ0siq+gU +4pou5BcuQHIeh2CAdxNCxJxbJer7ID4N6cb38kK/O31CPW1utPl5axYYS/cBX2yv +H2qliAzaRfCj/9uWXPnokMxk3P8Yr0Wtp1ktNHewNFx6zp36yjStJPrQwkUCeX21 +bqxWbAKk/ZznaRdDzaiJzeMJGqPIqXhqtBPss2FV+ZWllZcnuKMcmiABCJRFnfFL +i6O5Fz728W23QiO4c7tdTEWxLcrXC5XPClSNP8+KkI8RkFPaGdQYzfFB3GkMP8Od +KXkJ7TwIQ7ZGLCx+m3OfhRMIVRvV/vT0RA== +-----END CERTIFICATE----- diff --git a/tests/data/ca/intermediate_server/private/rabbitmq.key.pem b/tests/data/ca/intermediate_server/private/rabbitmq.key.pem new file mode 100644 index 0000000000000..7fbd8a93b8f1d --- /dev/null +++ b/tests/data/ca/intermediate_server/private/rabbitmq.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAwvO01dnBYCj83EWW35bbMM+tU5YQm7LRkkeZH9Xsg0Kyzdzn +tB93wW1N5AYBjlwsXqIF4sOUO2ukpuy+CGYreMtzMxwJFp1KVw95DU+T9ut8E11d +aiSoqqJCow4cn2iB1+s8WFICffpl0tUgyn+QOdKifAGcCkTFFwdvxbi2ImcqmFli +PxbQz1v5eEazSh6YVAr6158qSXblbd1M+TZHLOUj3Q65QA7lfL7k4dg2bznzazJz +GHJLECfyxzDuVOsbr3ZAZHIB3cxF1Z9G59UolAluQlM6QwfWmHFacQIaryJsY8g8 +X1UW9B5lk0eHONZwuQDPYhkIuFTmsTSIn7MO2QIDAQABAoIBACsl10tRg7wttjFm +cYsRD3hRLrKGTyy2ui2fDSP/q/YtR/fKQbobEN1NvOSP8743ZlaXk6fp06AHJg0P +7stbGZoFpXyVYumPbImyUf+BMmV/HxoGGwvIC1Cg0xDVqb4aWkqYtOVzWTvatLii +FTzcWOaDWRULIicfq2N6cOGZDS61tT8vZFf24vH33i3SWw1l4XynSqeKpOWBGhOL +Y8lhfPk0RwdIWgdZxCygMNRuZTPdpD6h/2DD5PndNrhsieZE3rrR/BAESofpkATg +wEVg4SrVKEYk7Dyw2iwoWNPtkBB4qYi/rPFZ7pb4C4P3b3dKy3e+MQcVY8vXMkMH +bcLT5IECgYEA+OBKDQbKDfJYIStZYh0rB/2MDzAfyYRVLB1TvQURKoszZnU6lP6g +j1QsYqPKizeHqDHrWuIJgHEii1akb7iNimouAZ+2e7tMZd6q0IESMxaRI0a9yduA +GsC6sfMalpol95kfM9LD+89ePUtT/pdVlPhY7nGieL1XnvXLvjW/hpECgYEAyIhF +xV+itr2w8c8UYHJHOPcoyZy1be8DVu1b4XGN9XTBWu5y/tzIKUCWFV8xxIWRJZvT +cJ75se8yk03UF1lxuQWXeViFDJl87b2nBAPxEP4Ss+/BYOpTdabsGZCNc+oxI34h +UT7FmG+o56rkmE7doFGPj/FbGkHHrZk/BNz1d8kCgYAcSpLgbDcn4ra1/pGIn7w2 +ilITn+rdI5fzDdppEFxlM7HCIe1o5pEl+fGZvPjXXpajPhl9GVjvKu08XbsPoDEm +3O8h7B/4bNBAfFF6plGFUTlqgy4r9jHX2LTgabxKBnfub4+men0g8O/Lk/aWaGmo +J5skb/KCOzPstBBXLRD6oQKBgBHk1xT9q69Sze9F4zOX/vL+Ww1ihm4A3fNryr8b +OuekO3y5ulkzqkjEEqBlljNLF+CbPwrVpMJT7ddnIn3S5Wr1LMcPNxAgwh0Ux0p8 +b45snY6g3kifoELnWjoNxBGL3EamgqKVT1yC2jeR8EQHBY/At2bIyrBVHlRHUHBG +p0DBAoGAOus5yhO2cQHwroeMxjaN8/QIkQpH+dYqxn+sL1MkdATEqS+MytAZ5kQr +LzrX30lgaign1u1IrR8hS2MyRAPo+NvAZdKnEoPfNqrpkOY0ues7LZ9daKbjZzyI +5bE1h4xK9hdtGBYHyqJs+pZ0UYY0ZGrr8AHLGScRYcPV7avpdww= +-----END RSA PRIVATE KEY----- diff --git a/tests/data/ca/intermediate_server/serial b/tests/data/ca/intermediate_server/serial index fb35a14c02716..617ba1c154075 100644 --- a/tests/data/ca/intermediate_server/serial +++ b/tests/data/ca/intermediate_server/serial @@ -1 +1 @@ -1007 +1008 diff --git a/tests/data/ca/intermediate_server/serial.old b/tests/data/ca/intermediate_server/serial.old index 9540e56f97ca2..fb35a14c02716 100644 --- a/tests/data/ca/intermediate_server/serial.old +++ b/tests/data/ca/intermediate_server/serial.old @@ -1 +1 @@ -1006 +1007