From 16f3849aee2039b65f1fec2cb2836c564b775c95 Mon Sep 17 00:00:00 2001 From: rodneyosodo Date: Wed, 18 Jan 2023 14:50:42 +0300 Subject: [PATCH 1/9] initial commit Signed-off-by: rodneyosodo --- docker/docker-compose.yml | 2 +- docker/nginx/nginx-x509.conf | 12 ++++++++---- docker/ssl/Makefile | 2 +- docker/ssl/authorization.js | 4 +++- http/api/requests.go | 2 +- http/api/transport.go | 1 + 6 files changed, 15 insertions(+), 8 deletions(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 91a9dee5bb..c73fa90da4 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -68,7 +68,7 @@ services: - mainflux-keto-db-volume:/var/lib/postgresql/data nginx: - image: nginx:1.20.0-alpine + image: nginx:1.23.3-alpine container_name: mainflux-nginx restart: on-failure volumes: diff --git a/docker/nginx/nginx-x509.conf b/docker/nginx/nginx-x509.conf index 20dd80e3f5..0cc8e0a21d 100644 --- a/docker/nginx/nginx-x509.conf +++ b/docker/nginx/nginx-x509.conf @@ -20,8 +20,10 @@ events { http { include snippets/http_access_log.conf; - js_include authorization.js; - js_set $auth_key setKey; + js_path "/etc/nginx/njs/"; + js_import authorization from /etc/nginx/authorization.js; + + js_set $auth_key authorization.setKey; sendfile on; tcp_nopush on; @@ -137,7 +139,9 @@ stream { include snippets/stream_access_log.conf; # Include JS script for mTLS - js_include authorization.js; + js_path "/etc/nginx/njs/"; + + js_import authorization from /etc/nginx/authorization.js; # Include single-node or multiple-node (cluster) upstream include snippets/mqtt-upstream.conf; @@ -151,7 +155,7 @@ stream { listen [::]:${MF_NGINX_MQTTS_PORT} ssl; include snippets/ssl.conf; - js_preread authenticate; + js_preread authorization.authenticate; proxy_pass mqtt_cluster; } diff --git a/docker/ssl/Makefile b/docker/ssl/Makefile index e1a0bab42a..c99f586998 100644 --- a/docker/ssl/Makefile +++ b/docker/ssl/Makefile @@ -8,7 +8,7 @@ CN_SRV = localhost THING_KEY = # e.g. 8f65ed04-0770-4ce4-a291-6d1bf2000f4d CRT_FILE_NAME = thing -all: clean_certs ca server_crt +all: clean_certs ca server_cert # CA name and key is "ca". ca: diff --git a/docker/ssl/authorization.js b/docker/ssl/authorization.js index 3aae34331a..8d3457290c 100644 --- a/docker/ssl/authorization.js +++ b/docker/ssl/authorization.js @@ -167,10 +167,12 @@ function parseCert(cert, key) { for (var i = 0; i < pairs.length; i++) { var pair = pairs[i].split('='); if (pair[0].toUpperCase() == key) { - return pair[1]; + return "Thing " + pair[1].replace("\\", ""); } } } return ''; } + +export default {setKey,authenticate}; \ No newline at end of file diff --git a/http/api/requests.go b/http/api/requests.go index 6136b999e2..1bc8926ebc 100644 --- a/http/api/requests.go +++ b/http/api/requests.go @@ -15,7 +15,7 @@ type publishReq struct { func (req publishReq) validate() error { if req.token == "" { - return apiutil.ErrBearerToken + return apiutil.ErrBearerKey } return nil diff --git a/http/api/transport.go b/http/api/transport.go index 3184654900..87da66688d 100644 --- a/http/api/transport.go +++ b/http/api/transport.go @@ -150,6 +150,7 @@ func encodeResponse(_ context.Context, w http.ResponseWriter, response interface func encodeError(_ context.Context, err error, w http.ResponseWriter) { switch { case errors.Contains(err, errors.ErrAuthentication), + err == apiutil.ErrBearerKey, err == apiutil.ErrBearerToken: w.WriteHeader(http.StatusUnauthorized) case errors.Contains(err, errors.ErrAuthorization): From ef12c26992b5df94202d9387317fb1e69e443b46 Mon Sep 17 00:00:00 2001 From: rodneyosodo Date: Mon, 23 Jan 2023 12:06:10 +0300 Subject: [PATCH 2/9] update tests Signed-off-by: rodneyosodo --- pkg/sdk/go/message_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/sdk/go/message_test.go b/pkg/sdk/go/message_test.go index 81ded83924..9a7f62d229 100644 --- a/pkg/sdk/go/message_test.go +++ b/pkg/sdk/go/message_test.go @@ -67,7 +67,7 @@ func TestSendMessage(t *testing.T) { chanID: chanID, msg: msg, auth: "", - err: errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized), + err: errors.NewSDKErrorWithStatus(apiutil.ErrBearerKey, http.StatusUnauthorized), }, "publish message with invalid authorization token": { chanID: chanID, From 39e80072a986e64098c5dd1142dd4af1ab7572e9 Mon Sep 17 00:00:00 2001 From: rodneyosodo Date: Wed, 18 Jan 2023 14:50:42 +0300 Subject: [PATCH 3/9] initial commit Signed-off-by: rodneyosodo --- docker/docker-compose.yml | 2 +- docker/nginx/nginx-x509.conf | 12 ++++++++---- docker/ssl/Makefile | 2 +- docker/ssl/authorization.js | 4 +++- http/api/requests.go | 2 +- http/api/transport.go | 1 + 6 files changed, 15 insertions(+), 8 deletions(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 91a9dee5bb..c73fa90da4 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -68,7 +68,7 @@ services: - mainflux-keto-db-volume:/var/lib/postgresql/data nginx: - image: nginx:1.20.0-alpine + image: nginx:1.23.3-alpine container_name: mainflux-nginx restart: on-failure volumes: diff --git a/docker/nginx/nginx-x509.conf b/docker/nginx/nginx-x509.conf index 20dd80e3f5..0cc8e0a21d 100644 --- a/docker/nginx/nginx-x509.conf +++ b/docker/nginx/nginx-x509.conf @@ -20,8 +20,10 @@ events { http { include snippets/http_access_log.conf; - js_include authorization.js; - js_set $auth_key setKey; + js_path "/etc/nginx/njs/"; + js_import authorization from /etc/nginx/authorization.js; + + js_set $auth_key authorization.setKey; sendfile on; tcp_nopush on; @@ -137,7 +139,9 @@ stream { include snippets/stream_access_log.conf; # Include JS script for mTLS - js_include authorization.js; + js_path "/etc/nginx/njs/"; + + js_import authorization from /etc/nginx/authorization.js; # Include single-node or multiple-node (cluster) upstream include snippets/mqtt-upstream.conf; @@ -151,7 +155,7 @@ stream { listen [::]:${MF_NGINX_MQTTS_PORT} ssl; include snippets/ssl.conf; - js_preread authenticate; + js_preread authorization.authenticate; proxy_pass mqtt_cluster; } diff --git a/docker/ssl/Makefile b/docker/ssl/Makefile index e1a0bab42a..c99f586998 100644 --- a/docker/ssl/Makefile +++ b/docker/ssl/Makefile @@ -8,7 +8,7 @@ CN_SRV = localhost THING_KEY = # e.g. 8f65ed04-0770-4ce4-a291-6d1bf2000f4d CRT_FILE_NAME = thing -all: clean_certs ca server_crt +all: clean_certs ca server_cert # CA name and key is "ca". ca: diff --git a/docker/ssl/authorization.js b/docker/ssl/authorization.js index 3aae34331a..8d3457290c 100644 --- a/docker/ssl/authorization.js +++ b/docker/ssl/authorization.js @@ -167,10 +167,12 @@ function parseCert(cert, key) { for (var i = 0; i < pairs.length; i++) { var pair = pairs[i].split('='); if (pair[0].toUpperCase() == key) { - return pair[1]; + return "Thing " + pair[1].replace("\\", ""); } } } return ''; } + +export default {setKey,authenticate}; \ No newline at end of file diff --git a/http/api/requests.go b/http/api/requests.go index 6136b999e2..1bc8926ebc 100644 --- a/http/api/requests.go +++ b/http/api/requests.go @@ -15,7 +15,7 @@ type publishReq struct { func (req publishReq) validate() error { if req.token == "" { - return apiutil.ErrBearerToken + return apiutil.ErrBearerKey } return nil diff --git a/http/api/transport.go b/http/api/transport.go index 3184654900..87da66688d 100644 --- a/http/api/transport.go +++ b/http/api/transport.go @@ -150,6 +150,7 @@ func encodeResponse(_ context.Context, w http.ResponseWriter, response interface func encodeError(_ context.Context, err error, w http.ResponseWriter) { switch { case errors.Contains(err, errors.ErrAuthentication), + err == apiutil.ErrBearerKey, err == apiutil.ErrBearerToken: w.WriteHeader(http.StatusUnauthorized) case errors.Contains(err, errors.ErrAuthorization): From 2e6fa28251f028f291d7d2f07d75247c280c2eeb Mon Sep 17 00:00:00 2001 From: rodneyosodo Date: Mon, 23 Jan 2023 12:06:10 +0300 Subject: [PATCH 4/9] update tests Signed-off-by: rodneyosodo --- pkg/sdk/go/message_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/sdk/go/message_test.go b/pkg/sdk/go/message_test.go index 81ded83924..9a7f62d229 100644 --- a/pkg/sdk/go/message_test.go +++ b/pkg/sdk/go/message_test.go @@ -67,7 +67,7 @@ func TestSendMessage(t *testing.T) { chanID: chanID, msg: msg, auth: "", - err: errors.NewSDKErrorWithStatus(apiutil.ErrBearerToken, http.StatusUnauthorized), + err: errors.NewSDKErrorWithStatus(apiutil.ErrBearerKey, http.StatusUnauthorized), }, "publish message with invalid authorization token": { chanID: chanID, From c4339d8212bb0e3391348d5130a3ad2dd15815fc Mon Sep 17 00:00:00 2001 From: rodneyosodo Date: Tue, 24 Jan 2023 17:44:40 +0300 Subject: [PATCH 5/9] add empty line Signed-off-by: rodneyosodo --- docker/ssl/authorization.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/ssl/authorization.js b/docker/ssl/authorization.js index 8d3457290c..a6137f96b0 100644 --- a/docker/ssl/authorization.js +++ b/docker/ssl/authorization.js @@ -175,4 +175,4 @@ function parseCert(cert, key) { return ''; } -export default {setKey,authenticate}; \ No newline at end of file +export default {setKey,authenticate}; From da190d2a0a1d6c963b4fec5dba3eba74d503ee73 Mon Sep 17 00:00:00 2001 From: rodneyosodo Date: Tue, 24 Jan 2023 17:52:50 +0300 Subject: [PATCH 6/9] update certs Signed-off-by: rodneyosodo --- docker/ssl/certs/ca.crt | 40 +++++------ docker/ssl/certs/ca.key | 52 +++++++------- docker/ssl/certs/ca.srl | 1 - docker/ssl/certs/mainflux-server.crt | 47 +++++++------ docker/ssl/certs/mainflux-server.key | 100 +++++++++++++-------------- docker/ssl/certs/thing.crt | 25 ------- docker/ssl/certs/thing.key | 52 -------------- 7 files changed, 120 insertions(+), 197 deletions(-) delete mode 100644 docker/ssl/certs/ca.srl delete mode 100644 docker/ssl/certs/thing.crt delete mode 100644 docker/ssl/certs/thing.key diff --git a/docker/ssl/certs/ca.crt b/docker/ssl/certs/ca.crt index 1d9f2b85a1..6da0927242 100644 --- a/docker/ssl/certs/ca.crt +++ b/docker/ssl/certs/ca.crt @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIDjzCCAnegAwIBAgIUQ1AagVQXCuOIzmGXm+KhsbyBc18wDQYJKoZIhvcNAQEN -BQAwVzESMBAGA1UEAwwJbG9jYWxob3N0MREwDwYDVQQKDAhNYWluZmx1eDEMMAoG -A1UECwwDSW9UMSAwHgYJKoZIhvcNAQkBFhFpbmZvQG1haW5mbHV4LmNvbTAeFw0x -OTA0MDEwOTI3MDFaFw0yMjAzMzEwOTI3MDFaMFcxEjAQBgNVBAMMCWxvY2FsaG9z -dDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsMA0lvVDEgMB4GCSqGSIb3DQEJ -ARYRaW5mb0BtYWluZmx1eC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCq6O4PHwgGOmEafjea5KocG80GYSYbvN37ums6fQ1wcmCxn8LtZek8WkfJ -S2NQQPDvn8QWRY7aUkTAW7cEB4vxpT25bevP7KJNFAS8XZO7NTfF8fscJS+YWSXz -VS0OFZ2YuqTnjCiqWf5mvjAkkXBGIYq+k2ONM1tHlEA0lzbLun2a9H/XarCG+znj -pfYpW6R08zFzXyGb4sI2pyYpP7iZLla7PTSZTt9h6jkY3qqMDhEHhPdlXDhO1O9/ -lA8yWMO9vKCzC7ngDXnV99Nl+tFhp9z9VkTUveLMuN9+riDJRfP25fOzHuRYzmsR -emYjD1NvSgsvFqSbFDVXB8kcyrXPAgMBAAGjUzBRMB0GA1UdDgQWBBRs4xR91qEj -NRGmw391xS7x6Tc+8jAfBgNVHSMEGDAWgBRs4xR91qEjNRGmw391xS7x6Tc+8jAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAAPMf7bVFhzUG8AYq0 -VS9BWVwVtdNzZ3X9FkG9O+tZZO43GlaToym8PmhJHF9wk3AA+pmgfcmBrHcTG0me -PeincN2euO0c4iv1f/i4bAY5/iq/Q0w/GiuTL5VLVpaH1SQrWhc0ZD7Ii+lVPpFQ -bJXKHFQBnZU7mWeQnL9W1SVhWfsSKShBkAEUeGXo3YMC7nYsFJkl/heC3sYqfrW4 -7fq80u+TU6HjGetSAWKacae7eeNmprMn0lFw2VqPQG3M4M0l9pEfcrRygOAnqNKO -aNi2UYKBla3XeDjObovOsXRScTKmJZwJ/STJlu+x5UAwF34ZBJy0O2qdd+kOxAhj -5Yq2 +MIIDuzCCAqOgAwIBAgIUF93//gxz1PfPgtbaOY3Fj/H4URYwDQYJKoZIhvcNAQEN +BQAwbTEgMB4GA1UEAwwXTWFpbmZsdXhfU2VsZl9TaWduZWRfQ0ExETAPBgNVBAoM +CE1haW5mbHV4MRQwEgYDVQQLDAttYWluZmx1eF9jYTEgMB4GCSqGSIb3DQEJARYR +aW5mb0BtYWluZmx1eC5jb20wHhcNMjMwMTI0MTQ0NjMxWhcNMjYwMTIzMTQ0NjMx +WjBtMSAwHgYDVQQDDBdNYWluZmx1eF9TZWxmX1NpZ25lZF9DQTERMA8GA1UECgwI +TWFpbmZsdXgxFDASBgNVBAsMC21haW5mbHV4X2NhMSAwHgYJKoZIhvcNAQkBFhFp +bmZvQG1haW5mbHV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +APhtdyNf5Eh/kuKxDnauoHe/PmX9cehq53i5zewnR2jMsFS1jkksLmoFthTvcAIA +uOtwcPaUpWq3oNLpqC4JkMCgBF+Qgu/N2AL8fx5QJQSjo8bF9pe2JgDI3AhpcoJi +RxJNPOr32GysTaOW43Wup0hUJcRor3ht9Bu2HpGTNmVUdTw16O+6k6/S1fu0K/RM +OF/NXEK6be7zHS/ET3SMLWWKFFf3VyBYcf5SuLhVFbjhJC/H1f8eQQeY+ctcAJEv +hAG1BkujMkSP0mlSVx8mg6duKTO2+F7qBXgjJTBwMfqjwxBFv0Ag/SGyWLBHH3h9 +dArz0p4xknjtZAcXH7Ld5r0CAwEAAaNTMFEwHQYDVR0OBBYEFGermV/h4kUH/EMX +brQOWE1sgYdlMB8GA1UdIwQYMBaAFGermV/h4kUH/EMXbrQOWE1sgYdlMA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggEBABuOu3wxjWvTVHlxuZxVxRTB +IakGP0v8W6KRRb0aVMDwa49Kk1o1Pi0vAcgMPXSJosjb1oQr4UTjwc6yRGtEt9QU +KSPlsDmLr4GkK3Cm2dprpBFFnN1C7IkNOMYdZN+kbz+7eyYKYgNI8X97p6bmc4xZ +2IPxNU0ZEojn4oQCfwf9iPxGn4Hdpu3ZlhN54VCp0EosuyMB3GjR3KzQO1fM6Eeo ++xCkKhjuzEV+HetsWLYAmcVfOt7soTBNALbTgdEcA6LutO2JvGidQKyc9I/9m+Ox +i+G5y4vRVmMff94AethLVI9XtXCYjhxsEEm2hI9laq9dbv5/+9RgSHibVkX9aL4= -----END CERTIFICATE----- diff --git a/docker/ssl/certs/ca.key b/docker/ssl/certs/ca.key index e29d0f6ede..d758f0f360 100644 --- a/docker/ssl/certs/ca.key +++ b/docker/ssl/certs/ca.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCq6O4PHwgGOmEa -fjea5KocG80GYSYbvN37ums6fQ1wcmCxn8LtZek8WkfJS2NQQPDvn8QWRY7aUkTA -W7cEB4vxpT25bevP7KJNFAS8XZO7NTfF8fscJS+YWSXzVS0OFZ2YuqTnjCiqWf5m -vjAkkXBGIYq+k2ONM1tHlEA0lzbLun2a9H/XarCG+znjpfYpW6R08zFzXyGb4sI2 -pyYpP7iZLla7PTSZTt9h6jkY3qqMDhEHhPdlXDhO1O9/lA8yWMO9vKCzC7ngDXnV -99Nl+tFhp9z9VkTUveLMuN9+riDJRfP25fOzHuRYzmsRemYjD1NvSgsvFqSbFDVX -B8kcyrXPAgMBAAECggEAbp/el0MKup1HBRL1gvjHcvI7vwla1VFmje2YQn93F3Wx -SMeUMH1qfnohRRXa7rNaQIA1OAVF9eKSRcAXsjAAUSUX0tJndGpCk4mFlzcqzF4h -/6olU45uRDpP6jUTuK4dGCKXYpjCKaGenXo1RzYsafiECd707Qx05Nv8ww2tlifN -HtUR0xCZfVGDZfmNMZVrksUIZ1XHwZNtNLWQW6MBl3RhFaA0Wz/RfFMi2FzacEbj -75IqE6PLic1fin6P3GouzKamtZ6YPTyR5PqxCOCw97oZDCUGy2qGyAuPUi9O2HKB -fQgSyIxuR73S2korvxAmvekubjBFAqhan2oEjZs6oQKBgQDT28COlC33BSrpr2+V -pZIL4Bb1rGHreTi1M/4n9nP3GOZ9gqnSUsWXyxYVoZ2YfixorjZhUzHyx4SfZ2E9 -p5PkIJ0wOiHLlKQ36vEVN9ZO1UyNCYUgs3seW40xnsAiMNczZjufIZrsejO3tc2j -Jhgp+B/9Bt5A8us2ewhz3LlQowKBgQDOhQmZAfL/xAjYBCUS73t/YO60i5e1yg2J -i6jXeKjd5gRZ32upkBzQ8UBvAGSQGqrcCnqIzrU5TeeD046bZzkokg7iKwHwQDrL -SXTthUB6ABZddP/VXCEUVBer3FEnUgJm9jw08RzmPyNEPjfp91FDmJ9GYcbdo/nL -hBPHh3lc5QKBgQCJYZ0yWACeiKlVNECFqAJW1Q/Oa+RrkAYn6vlK7NQyTeFZTlvV -WXtsfXNqv4y0kE037JCy+AIRzzO/MoiqNHsAme2Ukn3LyC3dXOrMuZKtOEAVzTCZ -Dgoum2up26n4AffrCsZq4J3X7z6OSMR6oX9V5+LGb6e8Mko43/uRNnatRQKBgEMH -bQkLV+ppnxE1ry7JKcU7Gd7hm9j1/pTRDnj5AZ4b5Peii1ganS+3zdj5QKqA7UnD -4Od8Z9d0kJr51EReKXAgj9IacWOgBTUr31akNDwkwR2ONubyIw5tCM3QEUr41CzE -6N+qDl4wyeqBYzZ9/hM5eyCl5ZzUduP2N1FAiER9AoGAW2T0OeM5ZsPABMKu9eEN -FB9bVysqWT1tExB34OGWrZvNEzsHTqvr/D3KSWv0PS1pM46M1XkVbybOzRmPrzab -AGMDJXgGhMuk2UtDA/s9mgqTOeDXpvmaFyThVkoH162j6GMuX2SwxHnH9D42zgMR -3LEZ/5Q5HMJ4jwEM880jvP4= +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD4bXcjX+RIf5Li +sQ52rqB3vz5l/XHoaud4uc3sJ0dozLBUtY5JLC5qBbYU73ACALjrcHD2lKVqt6DS +6aguCZDAoARfkILvzdgC/H8eUCUEo6PGxfaXtiYAyNwIaXKCYkcSTTzq99hsrE2j +luN1rqdIVCXEaK94bfQbth6RkzZlVHU8NejvupOv0tX7tCv0TDhfzVxCum3u8x0v +xE90jC1lihRX91cgWHH+Uri4VRW44SQvx9X/HkEHmPnLXACRL4QBtQZLozJEj9Jp +UlcfJoOnbikztvhe6gV4IyUwcDH6o8MQRb9AIP0hsliwRx94fXQK89KeMZJ47WQH +Fx+y3ea9AgMBAAECggEAHi+U5KI795gyxaNMddzRqEM/Zn6lht9oiVmQXTPHoEMQ +4PYfmCILcLwJbCFM651hWtBSlY+pyt4Np1sXYaKtaU54QZFqa4+IQhKispD78oSc +u6QlyrjqBLnjTI1didy9tIpYjtd3P3svQuOsd0n1zxrUbPloatp3aR+Xtsobt7OO +cvp01Sg/tik9t4N2Jo6TEjdnZM+f17w2Dkesl1vfWqNSat+U0yMipIRTgPh/o+gW +Cr5XtBbTkdjV7ivl6iMsS/5pFCAl9WysarFECoaFRaUhS/4t8fH5roSz1CXNTaib +DPA7U5UM+Bott/yud89I0wIEcCcNL24bdrhwuSTuWQKBgQD82S4dVX3AcM9kuaty +0bdvgKgA7P1Gy4eI2igC6lqD/Qbz0vHJvlts+7rHE7muYLRnMIWaDdhFRDuiWwa3 +mp358H+BsXHpAdjKlCp1/5KnFKZfB18LU5ZdSyEbs92l9q3JKJqneAN2wof71pTg +i1jFLNDnK6D1nxZzjfcSX43CZQKBgQD7hi3O2INYZ5wE640T86Fbup5yDGKk6aIP +ddbYE2S2pQx1ywgFcoN33m+5/F7A5yLg7Xf8nR4p110PM+apflNJlvX5y6cISa3A +yFS989SlTFLrMWZB/Y/lyXuDEN+fYK+KvKM7eLsH4byPXXkKW20C0/ua1vyNwhjg +rZfiY7YheQKBgEKVRml/G9BTZKnXouhnhXCdZqBnyAKekiBdom+yGwfq16vZfsZr +lFPMrlDCRwE+ggMyadw5jRwgbbvBULGEy9kHlewnOCHt1JL0FYJhPNM2wuD/Ze3r +owsKP7u1z8ZmgTkZsjArkG3zqC+PQEEpMMUrmg9mE8rai+T+G3QBKalpAoGAO6Aj +W9WXzW1CXyg32XL33Xbv+LlW6SE5edDFjZOLXIDj40iuLhxnbhMdCUn6bGBetFOX +Dhtw+xpCxUfYdnWr6NYQmZbdkelldz4GWMFkt4rQXVDonNwvMJoC3Z8yY+XXt1vg +lkiYjdXFjXbrKrlhrjnye1JbrH9GxnxgdRqOIoECgYBiJ+8Wx6qHHmaHWDlpqOdE +uGiVnL0j+YJCQjxzeFeCQf+YfQ1dAXzzCAfHDtvG8G1UpMKJZGrbCueLfGH1nrO/ +Z12j/jFEd7aP6z36BlHTLXdLMZBLCwDfKkLm76X9XaV+bSu3yvI0ij0B9ZcN3vxK +eapGGxRUvEQnTotlPj/e0g== -----END PRIVATE KEY----- diff --git a/docker/ssl/certs/ca.srl b/docker/ssl/certs/ca.srl deleted file mode 100644 index 0df06ebce7..0000000000 --- a/docker/ssl/certs/ca.srl +++ /dev/null @@ -1 +0,0 @@ -27207EA9519D3D252E08AFA38D23BF2928FD5E20 diff --git a/docker/ssl/certs/mainflux-server.crt b/docker/ssl/certs/mainflux-server.crt index 00dff88717..9a4ea8670c 100644 --- a/docker/ssl/certs/mainflux-server.crt +++ b/docker/ssl/certs/mainflux-server.crt @@ -1,25 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIEOjCCAyICFCcgfqlRnT0lLgivo40jvyko/V4fMA0GCSqGSIb3DQEBCwUAMFcx -EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM -A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwNDAx -MDkyNzA1WhcNMjExMjI2MDkyNzA1WjBcMRIwEAYDVQQDDAlsb2NhbGhvc3QxETAP -BgNVBAoMCE1haW5mbHV4MREwDwYDVQQLDAhtYWluZmx1eDEgMB4GCSqGSIb3DQEJ -ARYRaW5mb0BtYWluZmx1eC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK -AoICAQD1LayMnOYlTHWkK/7BIc2nRLkfkbfyejIujEKIuOPYZ1DbG36VeSM1MYlp -zl+E7gJvvK1RuCcL4DKG0uExI6HV2GdEq9kSe3Pj/512VTq+bXvMDRTcHMUkaN0N -J7GybHNk8J3fmFlB61zUpZUNy0M14YYX8tZRMMw8Ke6ThJyj8ulSky4Cp2tfiGK9 -+YLP/UJkSm+0EOVAOMAtLNvXtg5+/0e63M+stdf+F3txLuiYXiOG399tXlI61r4L -5fKs0xau6P1V5uEPwAnQiXYVLCdahfGrUJIjHnHTU0TS2EpE8OxAu0krzQeONGSU -g6SMM8vCP0d8yqQrYZGkmaFmIiTgOmy/fs+8u/ykautiOR/SviTR3hi/ofjZ+NTd -T2Udg98BGuZBwKw+elajHUSUEkxtJVxeuFiVGzZNXkEhuxU6VNCnPeXxtl502rU9 -nmhmO2WJ0/1KX+oe/uTC99b+olEPm72exsX0mwkSpIwDRBpX9meER4vJe4yX9fmo -tqEC2G30C9KYn+STcY9P7jptJgLLuN61DVBjeMPLW+0NTjqmtplcu73zYvyCsG4r -hIhY291wvz18iNLY7BfehU3beEx68ApdLMue6xi9JlFKxHf5FHBnBSvD2xrR47rH -9UMOHLglB+QkoidQ3KugHJ8r1sVHPhuS8mE7cENReFoNfh+N2wIDAQABMA0GCSqG -SIb3DQEBCwUAA4IBAQARH5ZD86TPaKW7Dty1bAnj1owp0o+DOp65hGZOZ2AqYVDF -UMz46ahAuBWhHPIiSkBnonBL5xVV3qihhlISaOQKe2FPdt/ekhUTzI/upAZDphN0 -m4ZNllXaHAA0IQpXp3O/An6/IhrLCGLth9pnIzswi6sF+I5nIfpcuAV7TJfLUAG+ -UTjy8GsZhE/ZCx0JSYzhpC1mDGxtyCQR7QY7rnEohXv0bHmv/jVVIZenT2SZZHJ5 -sQEiaIZWbpHctpgbom1qi5BNmIz9APKus3f8ACGuMLOHiW1u6I8vl4b1kqc44Qoe -2c5uGEHh+Iv6v/V5JwzTrfbcaWeAv058NnN9rF8i +MIIEVDCCAzwCFGnFgvTPAC1aWF96DB+5fRvBtWuuMA0GCSqGSIb3DQEBCwUAMG0x +IDAeBgNVBAMMF01haW5mbHV4X1NlbGZfU2lnbmVkX0NBMREwDwYDVQQKDAhNYWlu +Zmx1eDEUMBIGA1UECwwLbWFpbmZsdXhfY2ExIDAeBgkqhkiG9w0BCQEWEWluZm9A +bWFpbmZsdXguY29tMB4XDTIzMDEyNDE0NDY0MloXDTI1MTAyMDE0NDY0MlowYDES +MBAGA1UEAwwJbG9jYWxob3N0MREwDwYDVQQKDAhNYWluZmx1eDEVMBMGA1UECwwM +bWFpbmZsdXhfY3J0MSAwHgYJKoZIhvcNAQkBFhFpbmZvQG1haW5mbHV4LmNvbTCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKdQEwV+SYXuTkgq/LwUN8O6 +5+rmp/gL/MPYAuqcf4SP38jJHCTQT/DRh+gLhu5w0wz7RGBl3TU793HjsJQiV+/z +H8AYDHvfCCZisc9RNuOHFWG4a1RT+urnriIK2yRd1Ht5j/JWtakJsZ73bR6XruWH +RMLtFZUCHcwpBwrmCD0JYgfg+49vypCbufOdFnVO78KhQStnjCzb6YvmcQldt4x8 +2BF/yyb6ztAM9V523YltEbcOCsP9PPOyNPvl7KTWCUiedra0Ly18M2abHjovSgL5 +tGhHMvk4w5LwK75jndLoPB6NwCV9Tz3TZjZOhYTdnSGHmbhRLPZARf6EqzdzLwq6 +eDXxYfnkGoF3JzHp3Lt0Bp4bGRmCYxDK0JkZQeTBxzPKLRX8gwKcZ/wvRk57ye81 +YeBctVbHtCrkzZlpsjZoM/aKqoQqGW+CgjD7lSFrkBiS5Hnu8ygKn3zveSzKkUQ0 +3jfxrGAG1H95hjGLk15c1YJn0Qg5Mf4Ll1DUCvAPcd2/8YXszSQJxPb1xuJvAyzs +0oXHeryiXb9nInThlJx6BCEmYhPg9nAX1plXVcMLWKLoMBY/fAA5CM9UNR6/bS1W +427na/4pRTSGOfXljg0v1vSraNUTC/HbKoRgjTNAGHq4pHRZOy9mNUaAnIQaLXXT +IjLRPDU1KJQxaZWWH0rfAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAOy30oV7YZ+O +ZKjN6MwdsSiVaIepIqZElLrXiHjyRQalqGJMSGde/LdzTgQZwCchSBaihagbyRwK +E2pSnAukxtnZ9QqClqrYsdOKT3kM0nc3R+tCqvkYBt5pp5gOHH9O+7qcOkNMBGxn +KDSFuA5u21cB7d8WkQBVGN2ll6/wU9yL+wDKpubxRw/M3TCE5JV1g7m8hGbsph1r +twaRDlXTjGoFNLMTCLjMhzwfZ1m6DCUeJfnuCPGjcuSHqPL8ksZfMxQf50LkRR+G +QnYKiY33F9gyukyEQdXRGwyKmOY/MhmrT/UgNxP3OQ0dP4DUGXrqEvXeuMWuQvDZ +HoM7BKxWti0= -----END CERTIFICATE----- diff --git a/docker/ssl/certs/mainflux-server.key b/docker/ssl/certs/mainflux-server.key index 8a71b14685..1ddec999e3 100644 --- a/docker/ssl/certs/mainflux-server.key +++ b/docker/ssl/certs/mainflux-server.key @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQD1LayMnOYlTHWk -K/7BIc2nRLkfkbfyejIujEKIuOPYZ1DbG36VeSM1MYlpzl+E7gJvvK1RuCcL4DKG -0uExI6HV2GdEq9kSe3Pj/512VTq+bXvMDRTcHMUkaN0NJ7GybHNk8J3fmFlB61zU -pZUNy0M14YYX8tZRMMw8Ke6ThJyj8ulSky4Cp2tfiGK9+YLP/UJkSm+0EOVAOMAt -LNvXtg5+/0e63M+stdf+F3txLuiYXiOG399tXlI61r4L5fKs0xau6P1V5uEPwAnQ -iXYVLCdahfGrUJIjHnHTU0TS2EpE8OxAu0krzQeONGSUg6SMM8vCP0d8yqQrYZGk -maFmIiTgOmy/fs+8u/ykautiOR/SviTR3hi/ofjZ+NTdT2Udg98BGuZBwKw+elaj -HUSUEkxtJVxeuFiVGzZNXkEhuxU6VNCnPeXxtl502rU9nmhmO2WJ0/1KX+oe/uTC -99b+olEPm72exsX0mwkSpIwDRBpX9meER4vJe4yX9fmotqEC2G30C9KYn+STcY9P -7jptJgLLuN61DVBjeMPLW+0NTjqmtplcu73zYvyCsG4rhIhY291wvz18iNLY7Bfe -hU3beEx68ApdLMue6xi9JlFKxHf5FHBnBSvD2xrR47rH9UMOHLglB+QkoidQ3Kug -HJ8r1sVHPhuS8mE7cENReFoNfh+N2wIDAQABAoICAQDwIbfqUJGo3mYqUVzGVBFU -Tp7yKIp9VulnZcCUoGGoRiiPMTKdu3OcWdQ4aQRs8aA5SBaI/1Be9UsHeetNcZTE -GZurSpTk4Tz0hhr3Fyrd7+VcSUOxAgykSICYrdQA6O9sYa5+nHxvb9IQA80lIXvG -fggT1KfMBXtDQd6FZVD10qhrU/OwbcFgY/gyEPrqMyafi7g0KIgginTOyizX7Vvt -TqI2hqZwhfnyx5UDmen9sdYh94qhV8w6DLE+fg1c77I7xb66L9Mm1fPG55tbyU8R -/jZgkB1RgDQDwn6Z83VqaH08OTLFT56izPXl77luCBz9N3UQ6Hg6dOlsyXumyLJL -cKjZ3Yoaqu9GHEauiaIJqPX4bN6O0TjG/vW0yKdGSFgh7jfjIiYCmMnb526PolKM -YN4xZ/KcdGa4QGKuX0hfgYLaOAM4U+V2Flb6QiSSta+UAFPOC7d7fEZIwYrgieB9 -10jnFqXqAef5w16Z1KZNI+X1FO5keHkOBqliXCdQJoLBwAt7nJFkgETatK5XCra1 -WR/iVcanZrvwD7pITZXbROcOF9MxKxkAqxU8Xeftr47r5XteuqSd3uRmsa7034QV -0TNV2OUBv4UCa5DpEftSjoX5GQKKXkAFix3QdW+RqiZ4tGVnrCUShhgg9H3aOu2y -dePbf3F5R7P9g4SbfKFGAQKCAQEA/GVCzoihnM9j+DmP63xoNyWNGVQ3foeZw/o6 -FvGYx5yUeYm+uwuq80hpd4KtHZoqbO3ohEsyZBHBwGjbmjxzwmrKbZukJ8Zxs7QQ -cB0YBmHduay59+MnmL3uiiLGsFedSlbReCJnFw+66yXfvDPVf4vs1I+DPtEIBkY5 -mOOdfP7b4vQtQbhtw4EAPSORbcR9ap4DCRmedp9aWTh48VNvqGLJIxRxveHcX/F2 -zAySGkw2s/pwQXq0htCComDn3X3yqw4y9WKirzmS5hYU4gsuk+dy3JSHhe0bsA8Y -daf4kEdutqyjYj1IaaDuvkiRW/6Pukb//R94/tejmwBLA5LXGwKCAQEA+K4HGruw -zlGKfQNc2uKX5uzB6N+rWQ//5oFhe/Lga2pQZlwDCay+3G9YWiVLP+wxEAkuoQcx -thfYFWLMy/8+Vyuiej/N73hWYXPgja7BA0d/j9/IKhtjvN2qIzA2xxKCkzqunXms -VnOoHVwhoqtVEZ9trB2gdO3ywE52aqSq131rVABOJDoFq9lVw4bl9Rj9wkp6D+tr -Dx1pMeKrBFKfxuCgAyj//BJrNSryxAxglAzyC75RKAPT6fvcw3Wcpnb10IXDt3Rd -g5YHMxas3g1fh2ieRVsQG4OvGytP9Uap6//AqM6c273Q86U3/pu3r8nvEMBKxdsx -pc4/raRsoUPQQQKCAQBNCBLFukmo9FsMjXTxaDzeZ+WSj3OIeJZji+Fi00XP1mgy -V+oQaFU6fyVBRm7TlBPSvyGyDslIZWr+8IHlpwGlmrZBkbkeMqDNOe2yag7FE+V6 -H896aqfRJFbDbi258GOfJrQzuDxCe5iO4DZS2HcWwHv9u/dQmreaQqCdmwqb9aTi -taeCYWmOu7Z48nwWRlwIyEUg5+LHTYdjp6qx7MctW0kMHddBHsgFuEqLqGKHCC/B -6nOMaIjkhIr6SB08Ko5/youe/QWt+SJuetrQypzio0cZL3PVWjKTH2hVsHhagJK3 -yiTrfMy3AFkdVkSXETCIp9bFSG/DR8k1K3e5lX11AoIBAAfSCT0o++VxIQbPbUMg -7x//ABYfupbBbw3DsdohCDe4jzC44guS2Cm8gq3LEHPBLMXRVBsSS9jrJQt/IOul -akN5htGLYiGOykCkUUKDZWSCAhv3MKdKVzegTPJwWLin911D8ivXoLjTSE0sEY65 -DqLQPbW09M/Yj9LGZOjzpr/CHPb2T37KKFWALzdH7cFoeMp8ZxxLDgHare04sKIh -Kw8pDz8qMequdZqlcB8EOKFPSuldodW9URPBrO6kqzl88jwNiNsjGLHDrRRJOUR+ -bSun+Zo6w+XpnT8gfJI9F6jpURi97qbmcETJRFqIcR1hH1iKg493VjddphkC27uy -k0ECggEAR1LyWFqTUxpP15EGA4vE64c0T6gmWmSyQiZ2VbMYWlgBCZJQN1EFDoFB -rLQvhy8jEU3zxbJPEOQmQL8OGzMBMgV/akEsTTEAPLbQc0ROSR7CW3YV8UlyBUP5 -4/WK1NUR8GXyeCjJSWHgn/LclkcFmyJ5DCKmesMRAodMhkHkqmSTZxPAYmlipn87 -PcGOoG02NlgjDADjwhRepRI7wVbb8HVXfGxhiPokAri/OgC/odnHIGzkdznur6JS -5eUoZkBcH16zBGxfwoGhqSGdip1BNNs2nUp4T0i+LGVKz8mYsZ9CdiGElfUwLpcc -eFet28DEMzSifudXY3LYE5N0Vl6g+A== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCnUBMFfkmF7k5I +Kvy8FDfDuufq5qf4C/zD2ALqnH+Ej9/IyRwk0E/w0YfoC4bucNMM+0RgZd01O/dx +47CUIlfv8x/AGAx73wgmYrHPUTbjhxVhuGtUU/rq564iCtskXdR7eY/yVrWpCbGe +920el67lh0TC7RWVAh3MKQcK5gg9CWIH4PuPb8qQm7nznRZ1Tu/CoUErZ4ws2+mL +5nEJXbeMfNgRf8sm+s7QDPVedt2JbRG3DgrD/TzzsjT75eyk1glInna2tC8tfDNm +mx46L0oC+bRoRzL5OMOS8Cu+Y53S6DwejcAlfU8902Y2ToWE3Z0hh5m4USz2QEX+ +hKs3cy8Kung18WH55BqBdycx6dy7dAaeGxkZgmMQytCZGUHkwcczyi0V/IMCnGf8 +L0ZOe8nvNWHgXLVWx7Qq5M2ZabI2aDP2iqqEKhlvgoIw+5Uha5AYkuR57vMoCp98 +73ksypFENN438axgBtR/eYYxi5NeXNWCZ9EIOTH+C5dQ1ArwD3Hdv/GF7M0kCcT2 +9cbibwMs7NKFx3q8ol2/ZyJ04ZScegQhJmIT4PZwF9aZV1XDC1ii6DAWP3wAOQjP +VDUev20tVuNu52v+KUU0hjn15Y4NL9b0q2jVEwvx2yqEYI0zQBh6uKR0WTsvZjVG +gJyEGi110yIy0Tw1NSiUMWmVlh9K3wIDAQABAoICAAknpoLMcDV13q6wO3gHGy4I +khwWVuaJsWD99trjiU61mKch6fpRs64XqPoXd2Cgp8u0C//CUyJQj6+Zp9XTM0Cb +6wbVygkVIRsIl3YimYBFqfPY5XaNydMErlCKi4cn4zKGakv2VqZTM3bhTwU3g4hn +qGmKE349yWecbxg3kgfU9Zo8w0cL9OeIvdoIpGvyz8e0jx5S4iaqOdM/3ruGdz6m +riP2/CS74IkdzGdI1cJpR2jeydQDjUxAWgnWgOZcF9HzaceBgHtaqm1Y24SPhds3 +0plKHA3q/ziRD7OxO7eIoZGCbBshCi713EfocAHfJnPpOY4OUwl+ZtYQaFX2ZYJ4 +HQ9z84Er+l+mKEmp/a1/s/RvVque1PwEnl1B9okz+4kCZyUF31dnk3/MoFo3bhB/ +S1krkoV4e6VEwlDelr5zrcJKv43frp4HEibtNy+7YysY1FTB+JcFf7WSISY31LGr +Nu/EWCr4pxbau9lO83Y9EuQJtisSZHSbxLe7gyb8hAMlokDkkgUaFpn17/iIBqX8 +Ch3AcMdLlwDS911h2vBG4nxc7FlciJl9AKCRUHq+rw2AzUCTjZsKas8NvBPGpMDU +KIlLmkJ6j9eX0/1vOrGEbpVscg+7Mci7Gyye7Zte4tu3f7abKgoYoRmegzTEDJPX +/dfCk0zcgUlMPo2kHSWxAoIBAQDJExSkWYkgFW0oS6SwNN9VBhPkxgFAruA1QQ6A +TohQ93rbT65GFWUXDa8Ptj5wnIp1weJ2+w7m2k+niAvIPx7VfSFI3YxV7tBTHSIL +8qQnbjOtLBYo/1fMHWKiWIAdu9HMiRGdSyFL+AzPcxDApdfyKeHOHsw1ivFmOmfq +4VuWqdRqKud7Mtfixi+eCkDesF1LoNj7vkarnvevscT1kyL9xavIfHp9sAndsRnt +0VmradUbLW3gfe04k7IEchEdMuqGWk54T+RlL78W1uMfxD4yD8zPJNRj2wV7aEDP +BuiCbDAMwVNM3loFaDcpWFeYExqhLrXWt/srZ2k8qo00iP59AoIBAQDVBBKFykCL +OhOOZepwYu9MKKaIV7zqI1pNt2KYrgfhH+R8D4+eIUfug+TjA6b5mHtaaCH0UB9m +jcYUUwA3ZL1zScDNu8pWWDBE8Pr+DBO2btENKu0/EwLH82RFgk86i/PFPM63L8AH +GZeDeX8ciqNcvYm2hcZTWynBrlQeyJk1CJiQ7bPNM2DY6slNmsJnHo3CmMZ0vzFC +95N2UfcUrKfCAfl6ZsreWhnenizkFpyMfmy497VOatQJCO1MrtBUqWEpPuvhyrYx +AAfyxaR2G/69znKaMkkgKaWium5AaSTeo2V89EFA29DC8k6edA5K5RueV3M9Z0h4 +97kNmaIa2yGLAoIBAQCKlucsXDYicgI5uuF5PggMv1Ko5Tzpy17n9b47+2UDgYAh +dyskTQzPNfRKfQ9OaOcaQReJcIOV5DTwwNl2HONwvH1bjrByblcSYkscNxKjxtZB +btibS1vFaR+ZzCwJ0nHJa1RDuQvrI74YojOSxPwxgmKLwjh4UxsNngYQI2IQV1/8 +CTRheurH+FfLsz+A/chgHy5PXZeyJLCNXZbmuJJunXdIiVuYE+TI849ullQazKhA +wjAwgjsmOs6BN+nJ2VVCYy4gyNggUieAY35KX+WKdc9xmu31IXoG1BWPXDCX7F+1 ++u4iVkNv5KPYkHZXcBtzqxFUPJ0XDoC/esI2ypG1AoIBAC1vp+/Hu0q3QZKfJImC +YN6S0SrF5DLhBZMMKci9XkrjvZ3Ex/KH0MsMcRcHIWed4bnf+lYdfQUn+nc9WQ93 +un1L3wdDJh6SwwEBkdf8hXvlWUwAuwg4KuCxhtLYv8OSNJX+qW0jj0c0a0AM+1MA +M2ZFu4kmMa54BIkegSzrxtosEjbfrPl5GxBJzFR0TUEnoD9AzRv76CsLmfWj+Br9 +1O6p8yfroxwYheoZPSQNuqixEsnFdHPcj4u5zrwLkb5tPp9In5HS5le/VPKwu6rB +v+2GiqVfUn+8wmrab0fn5Yhju/MSOpT2Dip2+tQLlzzcb66vopIXZLsAxAUlnxEx +ao8CggEADKL1nA6w8R7c9vGffdpJxuMnCZIV0Dd7WCyW7k+2KkmHfbkUzU1doIem +SyJ4nbWII7RfcfrOvgamHwD5/bnVdWJvOOsV52yN9qbpeNjAjwTxaTORzzgtGy9S +kybWA6V24JYtkDYSsQqo+RM4iCt20Tih3mbZnGkXp8vjp54WW37nR6EQDuljqWzQ +kuvYt9gV+NkAAEFeUemj5mCRX9G8jK2+PbbE2RY4o6qIU/KBDFA7ieFCxZa0mrKc +7Xa65RZzQtnwSfEmgNmPYdO9OanojNNlTxp9j1EXb6wsE2cKfSMQBu2ZYvJKaE2U +1dbGt3WW9bPnV1QjLZmrGTGsgpbMJA== -----END PRIVATE KEY----- diff --git a/docker/ssl/certs/thing.crt b/docker/ssl/certs/thing.crt deleted file mode 100644 index a1eb60d1ca..0000000000 --- a/docker/ssl/certs/thing.crt +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEODCCAyACFCcgfqlRnT0lLgivo40jvyko/V4gMA0GCSqGSIb3DQEBCwUAMFcx -EjAQBgNVBAMMCWxvY2FsaG9zdDERMA8GA1UECgwITWFpbmZsdXgxDDAKBgNVBAsM -A0lvVDEgMB4GCSqGSIb3DQEJARYRaW5mb0BtYWluZmx1eC5jb20wHhcNMTkwNDAx -MDkyNzEyWhcNMjEwMzMxMDkyNzEyWjBaMRAwDgYDVQQDDAdkZWZhdWx0MREwDwYD -VQQKDAhNYWluZmx1eDERMA8GA1UECwwIbWFpbmZsdXgxIDAeBgkqhkiG9w0BCQEW -EWluZm9AbWFpbmZsdXguY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC -AgEAuNyXOzUfhH4WOvXgaOIV+ViqXEXO/VfjxPBE4EOYxxk1S5N1tAM5STontEqJ -kv8sSInZkYPPPjcqv8yEh1q5GyZrsI3Th5wqovFQEKUwAP2m0bluJYwY0oqo8dcZ -vPhcMdEdJu1hzRI0LOiBv5EgkT6KT5z97CfDtV16uaVISywnQmo1TcY7tT0tQs2S -znc4kg6mbfGnbmkEHfiV5aOj4ahULd5grdPh+8YcnWXNE/maSZJLOKz2PIMuySS7 -TmmmgJC6uMpsT5rCGI+WzNwYy8X6731zy/DVaMQ752QJfS0rUPwHa7KiEQNKAyrZ -NbYxiILKnbvd/JrN2iW6yllQDQn+XTft1aAui4fQcw/aBQZ5zbiedJeeDtKuve9+ -X23PVhRumsI4Wfo4CzKBsdH6fT5oGOqmL8WFVCQl/p93vqPRbhadEeEqGgdE2om/ -1SaA5nl7W4rbfo9beLpmi3KE+oldlLh5/mgH+7vWQQmmidC633AFaY7TabxU/59+ -38Kzo6eAJauVoHFdXGCIgg/SemNS1KWo3t+pwBHJIPHdsLlWsRVtV5Vt8QW+MlD1 -ODkApTstom0rtLvBoqBkI+2z29J+i07R4C2K/ZFdhv8Exf/MxUZeET+AznUwLHTE -SNxCsI/7wWQVyLVb1AwWLaBbt1cYd4YGVWe+QcslxNNayMkCAwEAATANBgkqhkiG -9w0BAQsFAAOCAQEAi7jvvUUMH2yVXfYgLUuBB8jRmwQcYKJo0jbPKZew07F+L3xM -WdYP+pDhdkyF79l99/fZS0Xs8dwYtAgU2tVkVoT6p/6vCvnqodgKgZJWi2dNCdG7 -ftIJR9dkusHIy3cpSHNb+A/hYLvj1nY9IAmRiY1fBNrRflmQe73gUuIjuoqDQ8wV -5jteUUt33rH0wYhbMf4z9HFSDBK1Ti+Mw27ybDYnYb79FZjUnXAKR/Gb0QyyGQyI -N5sVboXyBEK6KlJ4xBQZ0gEvmhN0ZGgmje4u7+2E3pJxo3zRN8Qm5Poqyll+3Omd -3rPdUhkTrQhKC3iMi+hXr4ZjNSlcgF5f+zvRIA== ------END CERTIFICATE----- diff --git a/docker/ssl/certs/thing.key b/docker/ssl/certs/thing.key deleted file mode 100644 index cd7a6c980a..0000000000 --- a/docker/ssl/certs/thing.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC43Jc7NR+EfhY6 -9eBo4hX5WKpcRc79V+PE8ETgQ5jHGTVLk3W0AzlJOie0SomS/yxIidmRg88+Nyq/ -zISHWrkbJmuwjdOHnCqi8VAQpTAA/abRuW4ljBjSiqjx1xm8+Fwx0R0m7WHNEjQs -6IG/kSCRPopPnP3sJ8O1XXq5pUhLLCdCajVNxju1PS1CzZLOdziSDqZt8aduaQQd -+JXlo6PhqFQt3mCt0+H7xhydZc0T+ZpJkks4rPY8gy7JJLtOaaaAkLq4ymxPmsIY -j5bM3BjLxfrvfXPL8NVoxDvnZAl9LStQ/AdrsqIRA0oDKtk1tjGIgsqdu938ms3a -JbrKWVANCf5dN+3VoC6Lh9BzD9oFBnnNuJ50l54O0q69735fbc9WFG6awjhZ+jgL -MoGx0fp9PmgY6qYvxYVUJCX+n3e+o9FuFp0R4SoaB0Taib/VJoDmeXtbitt+j1t4 -umaLcoT6iV2UuHn+aAf7u9ZBCaaJ0LrfcAVpjtNpvFT/n37fwrOjp4Alq5WgcV1c -YIiCD9J6Y1LUpaje36nAEckg8d2wuVaxFW1XlW3xBb4yUPU4OQClOy2ibSu0u8Gi -oGQj7bPb0n6LTtHgLYr9kV2G/wTF/8zFRl4RP4DOdTAsdMRI3EKwj/vBZBXItVvU -DBYtoFu3Vxh3hgZVZ75ByyXE01rIyQIDAQABAoICAFIiQFcgDTbSxpG/uMsg2F6G -1HpW0dah/CL+FbwGjJS5UIKZq8wlOoicfBOQontbQJOiG7aZd7TO0gGRnrh8yI2V -jndNLFSuQAtRaB9dJWzrRfkciCHKkyTIUrPQvDDHsD66CFfJVJDGq8PgMfWpR20A -+nbQ68jHCh9Ev0hIdUxg+7h4c+JwVwr5eWia6cUuF0Zdl/h1S8y0gA3I6uCyyhdy -sKQIj6/r2hYBOal9F5buaWySwTUXM/hC2MCpv0bhjgbFRxDfbywXOHGtKnUuvR2c -gxdxB8fu4wK/XVY7jjO9o+dBcxKYtYUVjwbFPOiuYGekpN1cIQ8gwKFR7iIFeJjx -FD/zrNUx+DhJcz9ovE4Tb/Gg1aKdddzeI5t/JzkG6uQCOshlErI7lKdwwhdwuQIx -R/EGXdnSHC6yCB9zKhM33iza7bEtYGC7ih78lGw8i3BQ/FvrJeQYs+CSNph+zQ0K -QRvqkNwODRXKA9Haqr3iPa5dKJhUMskYAz5FpHxC9oyB6YOh45PwKrUDo63Q6l6U -Snjl3w5pSFB5fcRZvb6Wfdv9eeLVTNksw35xE8kAaMTTk5x1pzQph7pqFjCmV7d+ -CGsYYIl+855h789tbAnSY46JSGnvDKYcRitW88VyI1Lmjz2Mq9NhaT0Zj0iOJTMA -KU89EjtLzyp/dj8DM+35AoIBAQDgt77P0e2p0bKqTRWWubVZYsS0OatBq4wsYqV4 -ustT1/IlT5fZhKN0cCxOXcwlhGyWrZt1ceVxLsFKl6IWOQHNjyRTyugICW/HVJM2 -kpeZ0fMAMNWLPoFnX4hwhExGNhMN/hgLEqqefFhl+TSoGoWzj8D/TMXGSYx7C9Gp -9T2NXfORarNG5Xku/NmF2CTlSM9HZqzpikhkbpkK5rqB9nc+2T4XgskF7E7Rzx2v -cq7y0OfgGNlm8yWwv8mamGULT+jXWNGhfaugTmoph1F5+TmVliG0h2VPId2VoXRN -ex68UrRMKxP3qOpoZflwLFWOjrck+y/eK2l/ue5M/daN+ZUjAoIBAQDSmH8kxj+l -FCd3jL9KfzhzT10hYMPAiPh1uiMYZ2dQkHKbRoQq4I6s94Noow9o+KaNlJg8J8Bn -YZdrcLPT1semwNlE1FfI5t3gQjIzaIZ12FpaEwEEktCKk2SM/X7CwfkN1+FvNBnJ -2hj6TxjO8m+TkBQqAlHWMPM6P9uScn6SOM125iahdswOJeCAaJMkhcTvATE+m6Pc -CkWoxlILYHXyTQmH92Pka6ZfpBNpoI0ADCO5gFyOsL6VKahV0EsXa17yWzjsOpHI -2leJivls9dJgWr9hLSMgH3Qt/t8A35bGV5Q5PwODhJ+WJ9J19vFcHID73bzq43tD -56UBRUGNSdcjAoIBAAJXh+KMkoiBifYiZYYzm0M6N0iVjUZa7lQMFyNh9vqBtqFS -6gc3TajJ/nw2mAkQDz2mw4b+z+BVF2iamfLXV0B4LG2/IJns10BhjkM0VeYhfQHU -gHU6Cok0QqzBhDX7HEm6CzAaWrLaIuW1KipSVHBhoCZI+4qse41QuzelOaX+g6pR -TVsAyzmFIxM1BHVrQ9W/qS+p5EU/rdKiQvFVyzpZcz81erjYFJ41JV8Nt+sJ6FC6 -kZF0GUF1TjmROwRaKdgMseqX77D1AEA8i8nUohf//4vtGU4w0SldDGQ+UzytM/nT -PRsIpKC/51CW9bFNpXT6NS6Aj1HocyZUQucp4bcCggEBAMCTNIjTRLXW1TRMH0yn -Q16mbzorezWfytwUxyz0uZQBUtvMwuVWjQF8IM1Zdqj934fOHtu7WgTvSAC2gaqw -V8eTx9pZ9qA/BRuiTLeX2IUAv7ZodGDTRCHEIImQ8Q51RCK1i28eDIr5hie2lq// -H6qncNjtYBpmjrRwWn/zdOyPRst4MFEsCfLSDhY+Cne2X1xTEc33kwKO3h40pCfF -IHXenl2YCt+A1RXWOu43I1iswSpLR9gvpUdPXaCDJXeX9q3WXxodgNxTVQLwc5+A -tsznjuP0247vVFUPIKtyyjQ7N86VYcgtSaWMarb2hsU9R3GJ1cxREpIIzGl6BDSI -FlMCggEAJmG2J8T0H6LT6CxCv5uhZW//uGV7gv+F4KTwpIx2oVEXt6gj6ORBx068 -1nCbEG4ikPumiDMFXQ2GKa+m9vfSGIxhmYYbeEH29jRImNAgiXmEpSRtjSp6sRk+ -g09K0Ee8N7UxK4ZhV9ozgPT9OUNY91MwfNlG+d5/qeOJqUCOtg9zsRf2kkFp7VBo -gTH597UDsHVrT98rpFo/XlOgsJb0OEUV8vkJkMtVguOyUnh6rp9uw+2kQocO1N3a -IT7YzeCaXcgjvvLZyILHy7tZnkMW7XUF70I18VzVFSNlzyOn/XD2JNeGwvAor26H -hqHUM7qo5k3nI6/dSdWQ1gBdmv104g== ------END PRIVATE KEY----- From 89f42509d31e4ba4dd9790378dfc65db9ceb317f Mon Sep 17 00:00:00 2001 From: rodneyosodo Date: Wed, 25 Jan 2023 13:49:47 +0300 Subject: [PATCH 7/9] remove serial file Signed-off-by: rodneyosodo --- docker/ssl/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/docker/ssl/Makefile b/docker/ssl/Makefile index c99f586998..0c9fe71137 100644 --- a/docker/ssl/Makefile +++ b/docker/ssl/Makefile @@ -41,4 +41,3 @@ thing_cert: clean_certs: rm -r $(CRT_LOCATION)/*.crt rm -r $(CRT_LOCATION)/*.key - rm -r $(CRT_LOCATION)/*.srl From 21f1826569010a49aead53cab9ee7af6be7ac534 Mon Sep 17 00:00:00 2001 From: rodneyosodo Date: Wed, 25 Jan 2023 14:28:21 +0300 Subject: [PATCH 8/9] fix check password from certs Signed-off-by: rodneyosodo --- docker/ssl/authorization.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/ssl/authorization.js b/docker/ssl/authorization.js index a6137f96b0..cfb4312ddf 100644 --- a/docker/ssl/authorization.js +++ b/docker/ssl/authorization.js @@ -29,8 +29,8 @@ function authenticate(s) { var pass = parsePackage(s, data); - if (!clientKey.length || pass !== clientKey) { - s.error('Cert CN (' + clientKey + ') does not match client password'); + if (!clientKey.length || !clientKey.includes(pass) ) { + s.error('Cert CN (' + clientKey + ') does not contain client password'); s.off('upload') s.deny(); return; @@ -167,7 +167,7 @@ function parseCert(cert, key) { for (var i = 0; i < pairs.length; i++) { var pair = pairs[i].split('='); if (pair[0].toUpperCase() == key) { - return "Thing " + pair[1].replace("\\", ""); + return "Thing " + pair[1].replace("\\", "").trim(); } } } From 9386478dd0bb861bb29a2a4539d4e69fb6fecaa6 Mon Sep 17 00:00:00 2001 From: rodneyosodo Date: Thu, 26 Jan 2023 11:12:10 +0300 Subject: [PATCH 9/9] change from include to endswith Signed-off-by: rodneyosodo --- docker/ssl/authorization.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/ssl/authorization.js b/docker/ssl/authorization.js index cfb4312ddf..11c7a62fbf 100644 --- a/docker/ssl/authorization.js +++ b/docker/ssl/authorization.js @@ -29,7 +29,7 @@ function authenticate(s) { var pass = parsePackage(s, data); - if (!clientKey.length || !clientKey.includes(pass) ) { + if (!clientKey.length || !clientKey.endsWith(pass) ) { s.error('Cert CN (' + clientKey + ') does not contain client password'); s.off('upload') s.deny();