Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Regenerate certificates to use SANs instead of Common Name #2461

Merged
merged 5 commits into from
Sep 12, 2020
Merged

Regenerate certificates to use SANs instead of Common Name #2461

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3b88935
Regenerate certificates to use SANs instead of Common Name
Sep 9, 2020
c9fd172
Remove 1.14.x jobs; runbook -> automated script
Sep 9, 2020
4c71d06
Fix indents
Sep 9, 2020
f5d5bfd
Add Makefile and README. Add dry-run option
Sep 10, 2020
f361cda
Address review comments
Sep 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 12 additions & 12 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,39 +7,39 @@ dist: bionic

matrix:
include:
- go: "1.14.x"
- go: "1.15.x"
env:
- TESTS=true
- COVERAGE=true
- go: "1.14.x"
- go: "1.15.x"
env:
- PROTO_GEN_TEST=true
- go: "1.14.x"
- go: "1.15.x"
env:
- ALL_IN_ONE=true
- go: "1.14.x"
- go: "1.15.x"
env:
- CROSSDOCK=true
- go: "1.14.x"
- go: "1.15.x"
env:
- CROSSDOCK_OTEL=true
- go: "1.14.x"
- CROSSDOCK_OTEL=true
- go: "1.15.x"
env:
- DOCKER=true
- DEPLOY=true
- go: "1.14.x"
- go: "1.15.x"
env:
- ES_INTEGRATION_TEST=true
- go: "1.14.x"
- go: "1.15.x"
env:
- ES_OTEL_INTEGRATION_TEST=true
- go: "1.14.x"
- go: "1.15.x"
env:
- KAFKA_INTEGRATION_TEST=true
- go: "1.14.x"
- go: "1.15.x"
env:
- CASSANDRA_INTEGRATION_TEST=true
- go: "1.14.x"
- go: "1.15.x"
env:
- HOTROD=true

Expand Down
35 changes: 0 additions & 35 deletions pkg/config/tlscfg/testdata/README.md
View file
Open in desktop

This file was deleted.

34 changes: 17 additions & 17 deletions pkg/config/tlscfg/testdata/example-CA-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDADCCAeigAwIBAgIJAN1tVXtPkw1HMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV
BAMMCmV4YW1wbGUtQ0EwHhcNMjAwODEzMTYyNTUwWhcNMzAwODExMTYyNTUwWjAV
MRMwEQYDVQQDDApleGFtcGxlLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA9MQmymCFHHQos6xF8Y0JjqJRZyCLR9lkraoIuYfGLFPHivr/7dOA5FWb
/cs6gD2ppZYGZOGmVgmgIhhYQelyMdx6jCH0R1BA67kbWAoMrAJaVnZE6FdVEDGE
ojUAU8Q64dTfq0IF++xQPWwxM9hOM8r7VenH7GeXDmlB954FI1jY+GBL0TYivVmM
XeNE0rgvOPw6OydqQzF1RjXzlbpyP4Jzl7ajqhZP9UiyNixm1L3ts/7YqYrKM+P+
6pZNicjQc+cFUT2+TYR/BPDhrHbNtDMs6hOY+5C7JWjeBhmJaR5KW7rUI06AF5Bh
vKpesVvVqBOdYXLSL8FWngqpqQwASwIDAQABo1MwUTAdBgNVHQ4EFgQU8DuT3M7d
2yw9gDIFGnijdnmq3qcwHwYDVR0jBBgwFoAU8DuT3M7d2yw9gDIFGnijdnmq3qcw
DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEARr4MSJf1DtMhEr9U
kClc7c8m70NxlbcSrDgcxpgpa9mlbMa8dTesUfvNR4ajuFGigtwtaX6KjP0TkHHP
XqV2l4C3HXgcJsya3CU++NujYQAX4IGvt6yR/cD1PTEH0A4Z/BFh3v0QqEOZk4ey
KlW9WdQ2bmZ7c/TGckFoQFzAgegk5xne86nRl/S9OggenE98PtzY8etButiy8mk/
4BsTRcmbOFG7BCV+PZWCe5sRC+i1ycNuWN8aLMkGyPAwiPJG/kc8hMylQBIQPTSD
NDDFOKGIpuSZPCb/kVGuUvExcKMvu+eMXgznBOL/VATAwMvcRCt1Z7AeajqNP9SP
WmXzAw==
MIIDJjCCAg4CCQCUvReiJZlWHDANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJB
VTESMBAGA1UECAwJQXVzdHJhbGlhMQ8wDQYDVQQHDAZTeWRuZXkxEDAOBgNVBAoM
B0xvZ3ouaW8xDzANBgNVBAMMBmphZWdlcjAeFw0yMDA5MDkwNTU1NTdaFw0zMDA5
MDcwNTU1NTdaMFUxCzAJBgNVBAYTAkFVMRIwEAYDVQQIDAlBdXN0cmFsaWExDzAN
BgNVBAcMBlN5ZG5leTEQMA4GA1UECgwHTG9nei5pbzEPMA0GA1UEAwwGamFlZ2Vy
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4y863TsHMNFTe/5f4Ab
jxg7rpQLuQhzr1u5re2aWlPIehTxrVxdZ9RiqNxoOVt8k0hrMmF/HoyFMzgUR3bu
bnC7tLepjlDGf5FxuW1TrGlihefq2QtwnHUac30CTulPhC3WlTrvkb6FpvZL7h8u
1NzU7yu0lCRiN9tQ7smLfH8vOClNIvInXiznHZdFc1NGdMKX9sP6fc8Rvu4GVshY
Iyf44tb1vkg5jTFCBqtsbVybu3S/q9RuFhh8w0AG6PiHS/bmaS+3lUnLlKpPn283
vAciimMy3Ss3XlqVPfri+uXARsFVPnrpL+U4W77nF9PTq/IjG7Dcji2L/iCR5Pga
swIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAaNqHKiXHPTUvUpkm5AIu7/Mlc2dft
ROiA9lAbpI5JMBhJp9zdfsSiqY84+1zk66ORoiSrwrGMc5woobkHxXX4NL5D3WiW
kXX+x/cmBq5CcQWnc/eeUSSMFSre/dl+hLvkmLFZJgsMuGzyuTXvZZ3edpfhnOVw
FOKb8UNd3E1yHBdwp2pMZ5d+5VXhc3NdPTL+isE79rk/wwqhkITxavqe3j5Bc7+6
rQIHbrLyjGi7vhaRGUiVIwECmgLV6tK7TKbHB9jkQdbJYgAGehCeNH/vc5BuRKbT
NYXklFMfGV04LUJdQ9v6xVzdO5hSfsaewoCd47VaU0RvTxfS5Nympy8E
-----END CERTIFICATE-----
34 changes: 19 additions & 15 deletions pkg/config/tlscfg/testdata/example-client-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,21 @@
-----BEGIN CERTIFICATE-----
MIICqjCCAZICCQCH8q683rqz7zANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApl
eGFtcGxlLUNBMB4XDTIwMDgxMzE2MjYzNFoXDTMwMDgxMTE2MjYzNFowGTEXMBUG
A1UEAwwOZXhhbXBsZS1jbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCvwR7iRItIeeE42ll9bp3qisyuUNAk6f/3kF4f12mVtuOdCQDHoAtUb4aN
LfGRNxIt7XRZDfSc2R/J7qs0IwVDiX23id3BG4vyM6E0Y7iAVefD1eDF0zFKiUyx
WQRyuwmO+1KQRkg5/0hTVMHTbitnGjsNmfUIxz/PxGF91AkqTUSrhVR1vrSQkvKs
fUjdh3/BJAOZeEhwW3hcT5UVDg4N/Za1NwrdZPnUVN0XHdiKzy3rovs5TtZsS9Ss
aXLdzWmN/xHB1rGRfAW+hAp0/QjfhmCE/kH2rpJ4+8tTk2Q4685mIS5CVSbxGNSC
VbJ8Y+bx0au5IauAOKo78sY5qCHfAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAOCA
OfYL6Kbd+jF9r5diWadfqhOKIctN/tCoislQ/qGWuoDL23DXNDeqbL49X37K+bQj
UlXETfRZf3LpQkCqd/TByYwAkRXyX1zkD2WTpdcg06IF/JMQeGeF4yhAPQBT5FoA
l7P3++0c3D+g8EG0QdT3lbPNAjxw4pW002c80eNtdg7euOrTxrUGYe0ZXd5eJYaN
raFNjE3TOceH1ZOAJ24/C5cug8Ng1RQzkRShYdsSnaG9kXp2CkPGFoFdThsV2x1K
hofUYT5tXYKSqIgGrjc7G+Vypird8xJEWmwEiwE7ehLK2jYYqBxjVsSaS1RQw6JN
obYaak2TPx0oDnJCJtY=
MIIDXzCCAkegAwIBAgIJAJu8RcLAVAT9MA0GCSqGSIb3DQEBCwUAMFUxCzAJBgNV
BAYTAkFVMRIwEAYDVQQIDAlBdXN0cmFsaWExDzANBgNVBAcMBlN5ZG5leTEQMA4G
A1UECgwHTG9nei5pbzEPMA0GA1UEAwwGamFlZ2VyMB4XDTIwMDkwOTA1NTYwMloX
DTMwMDkwNzA1NTYwMlowVTELMAkGA1UEBhMCQVUxEjAQBgNVBAgMCUF1c3RyYWxp
YTEPMA0GA1UEBwwGU3lkbmV5MRAwDgYDVQQKDAdMb2d6LmlvMQ8wDQYDVQQDDAZq
YWVnZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+TigmWq+LqZr5
jk9TqVMw/MF1Lcu1jOry219hk3yUaEifPX4WAOqufPTRuyWf5DzdGsEXbtuZ5iEz
Oqr/hxGMN5dm7czg0vK1bj/wwr3gb3LcHREAZzZgGvZ9w1zgScyuut2HdbXElLNm
3IVm1UuomrroNVLfztPVXFh+hRp/48jzZdo1d4M4iFCd/rFJCyLL4qtF1hhmB/qI
IAR/0iCZX1SiIb2Ecn01IJR41ZtuFoal1yzrfCgrCvI3kt1KAfdmPe72WXQSNhXD
1+1IqfP7t14TTqUJEzKaz0nQCJ7aRwgNQ0MviByjUDtCAkaNS/aPyjn2FqV/FRuG
zz2fd5UTAgMBAAGjMjAwMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMBYGA1UdEQQP
MA2CC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQCRk15aAkoyBXUDd512
oVlcgoX4LjXiU5iZufQkhwT1nFg0E9iCyU+AkMDvNPDt3NILyuDb4zpyTY8txJq5
2DlCC9LZpyAORdjtKFYwn4W2NtgWVUr2zuzjXdG23XSfOmU+D+AcLF3JCYLQQxbM
ow63J40INtQ5OKT41jhTEksyPjU7C/gmBfS8j8BmqkQtAO773zpCLJT+whfctANB
MLfT0z97UwPSN/Z8nyqTDqtOn0PWjrSDo25geRkfqx3Zatjb1WgZRCUqVm4J4hG5
weCO6bagyMMExU0yTwrFjZFNDUoFvGd1uC15E4GYbPPymLSXjLEfO3QQGUPqRfIe
IPlh
-----END CERTIFICATE-----
50 changes: 25 additions & 25 deletions pkg/config/tlscfg/testdata/example-client-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAr8Ee4kSLSHnhONpZfW6d6orMrlDQJOn/95BeH9dplbbjnQkA
x6ALVG+GjS3xkTcSLe10WQ30nNkfye6rNCMFQ4l9t4ndwRuL8jOhNGO4gFXnw9Xg
xdMxSolMsVkEcrsJjvtSkEZIOf9IU1TB024rZxo7DZn1CMc/z8RhfdQJKk1Eq4VU
db60kJLyrH1I3Yd/wSQDmXhIcFt4XE+VFQ4ODf2WtTcK3WT51FTdFx3Yis8t66L7
OU7WbEvUrGly3c1pjf8RwdaxkXwFvoQKdP0I34ZghP5B9q6SePvLU5NkOOvOZiEu
QlUm8RjUglWyfGPm8dGruSGrgDiqO/LGOagh3wIDAQABAoIBAQCOvJABgVuBBAMG
8kYlmXXE6u7qTxWMNUK941CeGYtVnM/kVFB+z5sD+wNSm1KJ9ijchfGs9amIzMmF
bUE7uYln3Tztl5kyYNXaYVX1v1szVxFAOe4vm6J3f2R6z+nN59sOdUwLghjciVhK
3RYBSYMUW/hDxpp7g55udXYcA91hrUCW1+aEUZNQAwLdhDiyw1NhbQvHpsayk2gY
7pr7eT1o/1ekES3J4InkYvOxkc5UvPdHYbOCitctg6JOa9paMmPXVNy9TOib74c5
KcQrQCDf4s6CBQrMXGRrW3VyXztqu0EogiFFjxdfFQOxzFWmTsiNs2qt5Qe3fmy0
gaAYrZ/pAoGBANel6gK3Rn0wvVdYkEZc3JMMXcoOhy81kJqL5ILLKlHlDYVef8Gx
S+/VDIgMt3JOX/eAzM1wloV3SHja5jeRFOyabzyX51NHT2Vbpp7PnnVt5rx24Es+
+oIlrrQKyYsIPnDCCpDvx++NK5NE9UYc337nvHhzFuuQzCWHIkom3UWVAoGBANCk
MmgpS0y1Kbh49evWy820HQLizw2mngu4xSFGhsgtqr3Pb+7/mKN3usQOpkEclSvT
FWxLo+ZtuFKC4H6BoR4DQLO2CSO2WaZmXw1DhxVOvCzhJxV9EkTb4UQ3z8BBqENd
yFTv2niiT/xunTd3pU+KeFtPAkC0Zwx41cDWVISjAoGBAK16MhtHNrRlLhwDCeUg
tOyyaQyvzT5EF/TLjuNM7tl8qvjcQWge6Zigyfj0Serxc7AWdCrcZKovgCSA6+xN
kQiZX9zd0mCjIBLIvOxK1w1egNyhwOOnYTyrdbQubV2kHx70ai2YRz3FUgWh1rI1
bfGYGHzJEOolzKRv5jzCsQRVAoGBAMO+qQQMafcHqKLH6YFgPkk5iFZi0HswLOs2
aMw1TNKV9bCq44tJBb2n4PN8AwLnfBRnr5uww462tc3DuDc4Cx8LUjLIwH5e4HE7
bkYVarDU87rvainA89jiqc/ExQbNEr5RSFhXx5KSRZTBeoLFn7SmZxDTaXunRV7w
JysKarUdAoGBAIEVFJuDB9JMOaY2gogwW5yUAde2MNnyYrhSlzguuVgVotKvS6mW
4oSzugJigESgk28cLUH+7DNv7eafmSZ2gBw1HC8PfWx+6lo7K3T7aeSyiUr2zHgw
7teay2cKLIgu4uXSRTpHEWeGkNGT5vhygb0kWrhoms8XasNYwCXTNB5L
MIIEogIBAAKCAQEAvk4oJlqvi6ma+Y5PU6lTMPzBdS3LtYzq8ttfYZN8lGhInz1+
FgDqrnz00bsln+Q83RrBF27bmeYhMzqq/4cRjDeXZu3M4NLytW4/8MK94G9y3B0R
AGc2YBr2fcNc4EnMrrrdh3W1xJSzZtyFZtVLqJq66DVS387T1VxYfoUaf+PI82Xa
NXeDOIhQnf6xSQsiy+KrRdYYZgf6iCAEf9IgmV9UoiG9hHJ9NSCUeNWbbhaGpdcs
63woKwryN5LdSgH3Zj3u9ll0EjYVw9ftSKnz+7deE06lCRMyms9J0Aie2kcIDUND
L4gco1A7QgJGjUv2j8o59halfxUbhs89n3eVEwIDAQABAoIBAE//zwUAjlcpv0o1
Nse2oJAxUKoPzFjPmlzpN1lvhKlmhVDbqstZK06anNgl0hU6/xL7kjxlj89MXJyK
hyPQBeJp5C2SvdOtGfaHGD3/v44/i4tYdLM0sDkKXKBVpg9rNq4lQ8cUBotS72/I
OBQYiiugj/3ZnLMU4RwKK/FTxuYHg1lk8pxhEx9AMpih2S6ni7SG9+O8/lto5FDZ
brImQJxBOxWlaNfFAeLxXLD9svwljNJFI2rMZ0rH/TrTP62uTzdVOLUVVjUW5DUI
oqtWdnQJCME5ymom9VP+nDhARa2cYEwXBQhJBACgjx12NNptfe9Wr8CL67oyRmV4
7OSI90ECgYEA75cRwvYGVa38UasCfPHvGTtHwfIgQ3ZAQkuFLgFeF+TynR7aPkkM
SyPPInJs68NotHZYE8dSqE7Psjh4HARWhXdEYUoXQ90NEW0iQtTPXSqyaXcHYh9Z
4JfKhezzPQGpDdS7F5E8pO5ew/EHjV+C/y/tGzlDqgulQkiJt4YHZTECgYEAy1bv
reYvJvWUqFtVGGc76AAyuTSXgEywxT+LI2ZqMh/rFAlOKgx+W8WANQcci9GgfK4v
yG4JZ0MaTLziRbbnjqZTCXEtqL334uf1GNzYXGavKaEa8OHLUJvuewJ3zkmES24n
e+QKpH+ekEGijlrBjDpMhfskAfRR1E1Zje2sXYMCgYBlf+ZyZa/BVHf0UTI4pHXa
hpabv2uTqOEINN4y4zltffyaO5vRjzi6DG2P9lHWf244JXqixmpqCxlKM0oO9HeD
C0fYv36jrV3/5+//yBAhNBlpPJfQJd/5mdSecAeL7Mwlo92u2kSKysEy2UWNyszA
NxmH0varb0uPjRNqwEkZwQKBgGZtq5yo6DWy3aiVIV+CmT2749FBudNqTl1+LeOu
Mm5/f5Z/PX2W/4vRCE0uAOY5uaM0x2MqctguiDABseW2RhyokgmeloZ680S83c0h
amfZXgEVY5HV2+oGMnKKgrlKdTbeDUuuSuIkW0aFmZImC3tM3sFbCf9mCFZuhF8n
S31rAoGAShuBbD4i6w/saaAQyLMi/Pjeb2mRdLfyngsDUoOyKxoMPHHKC7qXKkHi
0BjkAnOyuQg+Awq8Tt0MlTyilHQXyRZxuWmXbw4EuhCZ2Ed2qS+m+ZxGN8AuUvl4
AsmoB1weKDWu+0fXxSSnautP9HlxJCQ+bLXTfaltLVNf/L0+k7I=
-----END RSA PRIVATE KEY-----
34 changes: 19 additions & 15 deletions pkg/config/tlscfg/testdata/example-server-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,21 @@
-----BEGIN CERTIFICATE-----
MIICpzCCAY8CCQCH8q683rqz7jANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApl
eGFtcGxlLUNBMB4XDTIwMDgxMzE2MjYzNFoXDTMwMDgxMTE2MjYzNFowFjEUMBIG
A1UEAwwLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCgXgmpBT+Q6MxRUno7FrjtC5WfVOL5iIvpU89pYzjyqnZrrDEsdOQIrJroPCRW
nskOev4t5E9fRpRPL2u7lMZvYZvoMUsyEAZTevVjdyeSW1itTAtfD2OMRcUA6pc2
Vc5izwAGETXQfNZERw0oFxFBj292D2bfU1lA38Zzuy9OKMfcpvo3Rdq6QJGg07Ck
3DoSalKLZ6HAqYqy01zxy8n5vY4NAaTwAgEeX5iIrFCzkyXJT79Gv/IDD9KSwo+W
fdv2OnOHd/b/Hp9mazGiCoAfvi2h2EIaGvFktiq3xP7YpGWqiOrxDiOgSz1MI+1t
l0sf+YQ+vpcrsx3SMVy0ogytAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACcKU9Q+
FRqParf+QfYl4N0jX2euYnyyvbniohXowavMxBZlmuzc7XK7EV8T7Td13l/YSzxO
1RttUtEO1Kt/kxSbh1OhGYkuHiNPRCg9aeKib63ki/xtdv5/xIRZPlEm9YaytNe2
/mKtudZurOPDpvPmIp23AL688MGWdwQzVjhY+TYQkAhbGv6R5qltNZOg+vLmI9lv
DQH4XTEp+Wm4S1xtcu+qQqTGFxxsKyjCoBKwqgUVOSXuRRS7PsKvS8mispEFhWDS
ct0tnmv9rnycvY5Zoaa8Jc1qeEewWQ0COP0GQ+5OYC0cMyn7Iss1rGC7rfHJo/ei
v51n6zxAEFmfK44=
MIIDXzCCAkegAwIBAgIJAJu8RcLAVAT8MA0GCSqGSIb3DQEBCwUAMFUxCzAJBgNV
BAYTAkFVMRIwEAYDVQQIDAlBdXN0cmFsaWExDzANBgNVBAcMBlN5ZG5leTEQMA4G
A1UECgwHTG9nei5pbzEPMA0GA1UEAwwGamFlZ2VyMB4XDTIwMDkwOTA1NTYwMloX
DTMwMDkwNzA1NTYwMlowVTELMAkGA1UEBhMCQVUxEjAQBgNVBAgMCUF1c3RyYWxp
YTEPMA0GA1UEBwwGU3lkbmV5MRAwDgYDVQQKDAdMb2d6LmlvMQ8wDQYDVQQDDAZq
YWVnZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDJ9238Gi4EvqL
oMSQ0jqja0PCYrT3xKBZU+k+ab0MjYm1+W2b9TIw1BWjkZKHTAn+9Daw3RqJ3DDP
AjL4mU7pT5JpUoa7tfORFFG3cayFa2gKLUNahg8QRSO2+794BuDgY9FNNDdv2MQj
buKp3m34UMxcGtVwsv4tD5oOcrPbcLla6JYtTJiofXTo2oH6xm2n1IPeS2/grCvp
69zv/JH2AFqzBdwxAjf7GCS++lRa+huIbOJqDyAwJBerV2p4UlOJhWq0PONKkr04
yL12eg0xkvIFPV1bWsAGb+UjEvrUkhn+OTZy8xy4K5hsRrawdsvm5lX2MHSVj3d9
Y5pkJ+WhAgMBAAGjMjAwMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMBYGA1UdEQQP
MA2CC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBrjHlOJnotaql2a+zy
gv9S4T5t5QjwvzH7FC30KtS3ZnzrWp9Jgqjcgr1qQv3ui4c+nnlGFezCUT0E6xCE
Wjm4KbpvD/SzWEab4Ke8hw9pE8fP4fGd/8DE6QbKaq5DqP3B4IMe2NF4T9c8Sb7c
Gg/Upkk9/uJ04hCJm7X6TyRUS56GTlBvLHvmspoaZu14dDpkRyXlrHQiwmuZs9xr
mZNT7xZZgrlSCIfadILMafm2DkNhc7ByADurYOF7SORWWJMyJXx/Mb8r+IaWH2tW
ouaqWPzQNdIHePa8eJyPE7ypZuJsaMvXu5MwEayvOux1P13dyorOdqcL1vybtvxm
qT1B
-----END CERTIFICATE-----
50 changes: 25 additions & 25 deletions pkg/config/tlscfg/testdata/example-server-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAoF4JqQU/kOjMUVJ6Oxa47QuVn1Ti+YiL6VPPaWM48qp2a6wx
LHTkCKya6DwkVp7JDnr+LeRPX0aUTy9ru5TGb2Gb6DFLMhAGU3r1Y3cnkltYrUwL
Xw9jjEXFAOqXNlXOYs8ABhE10HzWREcNKBcRQY9vdg9m31NZQN/Gc7svTijH3Kb6
N0XaukCRoNOwpNw6EmpSi2ehwKmKstNc8cvJ+b2ODQGk8AIBHl+YiKxQs5MlyU+/
Rr/yAw/SksKPln3b9jpzh3f2/x6fZmsxogqAH74todhCGhrxZLYqt8T+2KRlqojq
8Q4joEs9TCPtbZdLH/mEPr6XK7Md0jFctKIMrQIDAQABAoIBAGdrPZ+amtvAxcLM
BbeFd8ym497Ux2tU+6WFPwUfz+HuvF/DtBKPb1+IsH2EC4sw60hDWRgPXIB867gF
RNy7nRzHPdwHrg6i9vFvIkD63rIr5owbtlmfevtDI0DsCIgp3ecqx0EiaCoD18pA
Z+OqvJ4i+iaQ2C69eZm0ti58UI1+Ccd9u02Ge6HCs6G10JuRxdx1fTC5xjymgmZ5
gQHmpwIRlMo07qvqhu0BRChjuaO87NIA3jWwfT23JV8keXRUrQjYhkUEwMvb/SGn
8ZzAbUYUoFTE71HGkK+fYYZaL7TrBlNgTCWW2IaaMgM1tdb7UfGODb3gMrvtr6Ln
bB8WqgECgYEAzeAEqkooy8p/mUEtzZPMl0e5klVKhNrtbaKZzyzvkS0EOKsFu7jP
1fSaoeoD9xno/AUKr+GhouVIslkmCurygbdqt9/4vjPcM6xFq4Pdy2dBYZoZQV+A
SPWA974N9QI+ZAaxJComLAYrqMJqGQ+DYWbu278EK3bfz5byaQ3nZd0CgYEAx2mR
rKdfY6/ZQ1vcDFgJYFGsFsRXm23Smn066eoHcLcPWig2ZMbQ8i4hH0PyPDCeMNkS
a8NsmSuDXSVxJTRNXgpAA5RvV1GBdTDJrW/QF3xXJ8BikeozuD4SWfLoktTtnmi7
uPq8wTMu/GXSGa52IV7pOhbhCZqPGsQkvgSfXRECgYEAoPTx8MlGF/5bwE/rJXzW
Sbgz56pzNmeLlVm48vbo3hHZ6Qwc0WVuaJJyiwBQ1VIWi2LNtjCrlJW6PmXgjkye
CLiD4PpkmSAmmuenGK9iKnKx9ULrV+b4fxIiII8gjluQt9dbizDA4053t9s35Bvy
1aYKPRechPbNiJk1MNlD/qkCgYBdfQPbwvg4nyenqbhHXTrAGmoonlJIPzueTBnD
soFceaZL6VBe/MrWz4OdydgWGeEAG7TEKvGN+dVzZOtfut6OuRV72Co+8KpVy9Kx
ahtP925Q56QOrpMizI8D9prMw+DHBGkF9x9pIFrl38KZYa5mRL3pCvLj8r8mmFB1
eWtRUQKBgQCwZ+x8l8amCMy9vQMn3HHYbEL+5QNyq1HQI+0ClpcnTyVXaXvW6pMi
hYRtY1hlYz0FifAvhXac3GdxdnBgs3TMiVx5YZgKKMhuuqmKH5geYZ95rg5CBCyf
nWASsqDHIerZ+M6gxnd9tQydAzxbASWL67KIfI+TSa2kY9/IqgmUog==
MIIEpQIBAAKCAQEAwyfdt/BouBL6i6DEkNI6o2tDwmK098SgWVPpPmm9DI2Jtflt
m/UyMNQVo5GSh0wJ/vQ2sN0aidwwzwIy+JlO6U+SaVKGu7XzkRRRt3GshWtoCi1D
WoYPEEUjtvu/eAbg4GPRTTQ3b9jEI27iqd5t+FDMXBrVcLL+LQ+aDnKz23C5WuiW
LUyYqH106NqB+sZtp9SD3ktv4Kwr6evc7/yR9gBaswXcMQI3+xgkvvpUWvobiGzi
ag8gMCQXq1dqeFJTiYVqtDzjSpK9OMi9dnoNMZLyBT1dW1rABm/lIxL61JIZ/jk2
cvMcuCuYbEa2sHbL5uZV9jB0lY93fWOaZCfloQIDAQABAoIBAACA1NCJnSuEWQMN
KhSZhi8vsqAIsyDEcAlq7voLOcKThtxiRUcWrcd0dI3UbUVOC+SNaqqwF0Ztu+58
ufbsJkjxvJXq8ZAAWx1vqPpJH8HEUiNclITiPZ20H/Bz272Kfv/1IfAKB26RZ4gT
3B/GBBCU3MIMC6rbu04QcTxCTXZuZdOIbxhQgCPCFXbFbDRe6nw7ZjvqPa02kzXC
htJuvvrq+HINozzttTnsGGgiqZbGeO4T23SdhbaPEnoPLPtv0c11l1YdBuDoY4DN
VWRoab4m2UJZnHEaFYOM1N295Y2M9WJ66wqHzR3OLt5YlcjRc3vlTNZ7WhdgBEaB
LyimNrECgYEA9a8FdMrbdJ/k0eTdJ+ppHf49kyeXvJDZggo8FAWy/nb9cfp4+bNE
CSsZ3dZX9xVORjtihJMGSQ0V4Buw3GkszEyZcPr9HwuNIQyUAU38b9J5500h1pvB
5Jb91On9XJKExoQB/ZyOGYWryRxJVUNak+MWmw49y4k4o/cZnmYSDl0CgYEAy1mx
tLNWs4wLbLPgm4NOYZ2lYdjSnWq1PdDwChzuEDfkEBHMEJeTiL7X6KRdGfVLVTmr
pFHELVttmE8Kd+ybUcw7Dd0NymeEOu/clSpM6cU1M1FMUKaQWbeh5/hOu+BUno1z
Bit2NcgCk28c/lqTbgWnO/5h4wYdyykwviNkGBUCgYEA4gCp1UFS1ZrMxGRzKOfS
4Ntiyz6Nr9HTtHMzxvtjKABPrwzJQnIs8P4sIkytyMZZpfO08d3J12NpLypp7Kf3
pMwGDs9kD63xmmhWskiKIleM+kCTEzdfCqf3QmgpQIIsD+2ZYzIj6ch0OWGC+CMo
bIhm4CYepGBLsVF6yKJ+k6UCgYEAgFLo1px5sTJGH2Hf8qNI+kbuj7GxL0+gchMA
95DMFoX+sLlaanoMyzWLsK7QZcoqsOyEyVwkDW9t2LjAZW91kIfuGFCQHFN42Wx2
addY1Aj0Cp9aJmcGHufID0fd/6eQHsIqfRE+NrAyF/H9fPGRqdN9dlmQUiCQ+pzS
uppA1wUCgYEA29yNmR6+Y1erm9ynneesOxo6mnPArEyQJal/LHowbrJL08yva4gQ
GlZUYyjPrbj2wNaUGXDmmRcbeilSXblUhB4j50dhSB1GqiRvNs9E1W9UGoO/tI/3
8sjE2E/zkWHax7ynUEvSWm5PK9Y587ioOe3OBgMyE6KGGuKINg+8HrE=
-----END RSA PRIVATE KEY-----
58 changes: 58 additions & 0 deletions pkg/config/tlscfg/testdata/gen-certs.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
#!/usr/bin/env bash

yurishkuro marked this conversation as resolved.
Show resolved Hide resolved
# The following commands were used to create the CA, server and client's certificates and keys in this directory used by unit tests.
# These certificates use the Subject Alternative Name extension rather than the Common Name, which will be unsupported in Go 1.15.

# Generate config files.
# The server name (under alt_names in the ssl.conf) is `example.com`. (in accordance to [RFC 2006](https://tools.ietf.org/html/rfc2606))
source gen-ssl-conf.sh example.com ssl.conf
source gen-ssl-conf.sh wrong.com wrong-ssl.conf
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps instead of writing to the current dir (and accidentally checking in), we could use temp dir

tmp_dir=$(mktemp -d -t certificates)
clean_up () {
    ARG=$?
    rm -rf $tmp_dir
    exit $ARG
} 
trap clean_up EXIT


# Create CA (accept defaults from prompts).
openssl genrsa -out example-CA-key.pem 2048
openssl req -new -key example-CA-key.pem -x509 -days 3650 -out example-CA-cert.pem -config ssl.conf

# Create Wrong CA (a dummy CA which doesn't provide any certificate; accept defaults from prompts).
openssl genrsa -out wrong-CA-key.pem 2048
openssl req -new -key wrong-CA-key.pem -x509 -days 3650 -out wrong-CA-cert.pem -config wrong-ssl.conf

# Create client and server keys.
openssl genrsa -out example-server-key.pem 2048
openssl genrsa -out example-client-key.pem 2048

# Create certificate sign request using the above created keys and configuration given and commandline arguments.
openssl req -new -nodes -key example-server-key.pem -out example-server.csr -config ssl.conf
openssl req -new -nodes -key example-client-key.pem -out example-client.csr -config ssl.conf

# Creating the client and server certificate.
openssl x509 -req \
-sha256 \
-days 3650 \
-in example-server.csr \
-signkey example-server-key.pem \
-out example-server-cert.pem \
-extensions req_ext \
-CA example-CA-cert.pem \
-CAkey example-CA-key.pem \
-CAcreateserial \
-extfile ssl.conf
openssl x509 -req \
-sha256 \
-days 3650 \
-in example-client.csr \
-signkey example-client-key.pem \
-out example-client-cert.pem \
-extensions req_ext \
-CA example-CA-cert.pem \
-CAkey example-CA-key.pem \
-CAcreateserial \
-extfile ssl.conf
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how about writing PEM files into $tmp_dir and then copying into the right place in the source tree?


# Cleanup.
rm example-CA-key.pem
rm example-CA-cert.srl
rm example-client.csr
rm example-server.csr
rm ssl.conf
rm wrong-ssl.conf

34 changes: 34 additions & 0 deletions pkg/config/tlscfg/testdata/gen-ssl-conf.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/usr/bin/env bash

# Generates the SSL conf files required for generating certificates.

domain_name="$1"
output_file="$2"

if [[ -z "$domain_name" || -z "$output_file" ]]; then
printf "A script to generate SSL configuration files for testing purposes.\n\n"
printf "Usage: ssl-conf-gen.sh DOMAIN_NAME OUTPUT_FILE\n\n"
printf "Example: ssl-conf-gen.sh example.com ssl.conf\n"
return
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be exit -1 instead?

Copy link
Contributor Author

@albertteoh albertteoh Sep 10, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe negative numbers are not supported as return codes in bash. But good catch that it should return a non-0 return code.

return was intentional because this script is sourced, which means it runs within the parent shell.

The added benefit of source-ing is that the set -ex that you suggested above will also apply in this script so commands in this script are printed to STDOUT and will also trigger an early exit if something fails.

If developers want to call this script separately, it can be run with source gen-ssl-conf.sh <args...>.

fi

cat << EOF > "$output_file"
[ req ]
prompt = no
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext

[ req_distinguished_name ]
countryName = AU
stateOrProvinceName = Australia
localityName = Sydney
organizationName = Logz.io
commonName = Jaeger

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1 = $domain_name
EOF
Loading