diff --git a/src/modules/kafka/test-certs/.gitignore b/src/modules/kafka/test-certs/.gitignore new file mode 100644 index 000000000..15da35cb5 --- /dev/null +++ b/src/modules/kafka/test-certs/.gitignore @@ -0,0 +1,6 @@ +ca-cert +ca-cert.srl +ca-key +cert-file +cert-signed +kafka.client.truststore.pfx \ No newline at end of file diff --git a/src/modules/kafka/test-certs/README.md b/src/modules/kafka/test-certs/README.md index a136892c6..fd3c0be34 100644 --- a/src/modules/kafka/test-certs/README.md +++ b/src/modules/kafka/test-certs/README.md @@ -1,10 +1,23 @@ -#Test certificates +# Test certificates + This directory contains example certificates that are used to verify that a SASL_SSL listener can be set up. You can use the files to configure the Kafka container and the client, or use provided Dockerfile to generate certificates to use in your test cases. To use it, run: -```shell script +```bash docker build -t certs . docker run -v "$(pwd)":/var/output certs ``` + +1. You may need to delete the existing certs first: + +```bash +rm ca-* cert-* kafka.* +``` + +2. The resultant files may owned by root. Chown them to your user: + +```bash +sudo chown : * +``` \ No newline at end of file diff --git a/src/modules/kafka/test-certs/generate-certs.sh b/src/modules/kafka/test-certs/generate-certs.sh index 4fa3246e0..0e814108e 100755 --- a/src/modules/kafka/test-certs/generate-certs.sh +++ b/src/modules/kafka/test-certs/generate-certs.sh @@ -1,8 +1,8 @@ #generate server cert -keytool -keystore /var/output/kafka.server.keystore.pfx -storetype PKCS12 -alias localhost -keyalg RSA -validity 365 -genkey -storepass serverKeystorePassword -dname CN=localhost -ext SAN=DNS:localhost +keytool -keystore /var/output/kafka.server.keystore.pfx -storetype PKCS12 -alias localhost -keyalg RSA -validity 36500 -genkey -storepass serverKeystorePassword -dname CN=localhost -ext SAN=DNS:localhost #create a certificate authority (CA) -openssl req -new -x509 -keyout /var/output/ca-key -out /var/output/ca-cert -days 365 -subj '/CN=myCA' -passin pass:password -passout pass:password +openssl req -new -x509 -keyout /var/output/ca-key -out /var/output/ca-cert -days 36500 -subj '/CN=myCA' -passin pass:password -passout pass:password #import CA cert so that it is trusted keytool -keystore /var/output/kafka.client.truststore.pfx -storetype PKCS12 -alias CARoot -importcert -noprompt -file /var/output/ca-cert -storepass clientTruststorePassword @@ -10,7 +10,7 @@ keytool -keystore /var/output/kafka.server.truststore.pfx -storetype PKCS12 -ali #sign the server certificate keytool -keystore /var/output/kafka.server.keystore.pfx -storetype PKCS12 -alias localhost -certreq -file /var/output/cert-file -storepass serverKeystorePassword -openssl x509 -req -CA /var/output/ca-cert -CAkey /var/output/ca-key -in /var/output/cert-file -out /var/output/cert-signed -days 365 -CAcreateserial -passin pass:password +openssl x509 -req -CA /var/output/ca-cert -CAkey /var/output/ca-key -in /var/output/cert-file -out /var/output/cert-signed -days 36500 -CAcreateserial -passin pass:password keytool -keystore /var/output/kafka.server.keystore.pfx -storetype PKCS12 -alias CARoot -importcert -noprompt -file /var/output/ca-cert -storepass serverKeystorePassword keytool -keystore /var/output/kafka.server.keystore.pfx -storetype PKCS12 -alias localhost -importcert -noprompt -file /var/output/cert-signed -storepass serverKeystorePassword diff --git a/src/modules/kafka/test-certs/kafka.client.truststore.pem b/src/modules/kafka/test-certs/kafka.client.truststore.pem index 71a852324..03fde377a 100644 --- a/src/modules/kafka/test-certs/kafka.client.truststore.pem +++ b/src/modules/kafka/test-certs/kafka.client.truststore.pem @@ -6,21 +6,21 @@ subject=CN = myCA issuer=CN = myCA -----BEGIN CERTIFICATE----- -MIIC/zCCAeegAwIBAgIUYiFoduyZhrF52hICuZr+YKcg83swDQYJKoZIhvcNAQEL -BQAwDzENMAsGA1UEAwwEbXlDQTAeFw0yMjA0MjExNDM0MDNaFw0yMzA0MjExNDM0 -MDNaMA8xDTALBgNVBAMMBG15Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDYpfD3sVa753m4BO3KgcCALnvumBn3LS8kh2v1nvZjeQlleZUiztmzct/U -XuVxl0p+S0H45kaW+4d8vts1rDq5qY/VCFCNxisgfmkgOeJXOxwWUv0+eYAwZeyU -cnaK9sC3SqcQhKpbR3NKYl9+t4zPN7Gq1/VMihKTZq8R/Y2dY3cUAbXJ0iV+vIVH -mFg0OFLX2b65MJ995x/GdBrZHYvaq9EIK3xHZtmQ5Lq5Evxt2ryjbumoGQndWlKo -PdkgmwHaEgRdNblhOukgszH2IdNJ2CzFqF1gAMO0qyJJD+22E/UK6vgiYsOxWK0s -5Sh0EvvsdDqBw0pGgVOpsM0+aekBAgMBAAGjUzBRMB0GA1UdDgQWBBQxwp9Jxe57 -ZeAIxhTKps3RDcTAIzAfBgNVHSMEGDAWgBQxwp9Jxe57ZeAIxhTKps3RDcTAIzAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDNmpMjIh3by4/Qskix -EzAq1tJehkhNVfu3zSERtJlLDNNmrpNckVsOfqJl4I4hpNFILZppdN1nxN+FMJ7N -gN8/NgEEKYJCdlOdYxCSfp7OVMX2PZFEZfoxXNzzXbL+MyeIZkJMWX0zUn5dw+f8 -iIwGZNLTZS0tVsWGtNn4Skk13PeYBezdD5V7qx+QZq5GvBCPzDqu0N/pVM2+tXbS -iirqVT+VnvRetym0U+cf5XG7nkxn2d68ONxOeeLJqNXsndZbLT5sEcF2R4byk0j3 -V1hYmwl/M0zksxSZVz1bjmkrcjeogOOlr8SNJqNnYxsg34l1cg1KTh5D3Fn4N1Qf -TlC8 +MIIDATCCAemgAwIBAgIUDcKCPHmrkCKXMW06vIZmSszYbYswDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwEbXlDQTAgFw0yMzA0MjQxMTE5NTlaGA8yMTIzMDMzMTEx +MTk1OVowDzENMAsGA1UEAwwEbXlDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMJg0Hq4x1Oc60bFbg3x9810AkdujAydXYMovcX81rwJopK77FoU7Ysb +Wp19ypHyz+o3KrnfCxMXosABy21aZWMA4td7vWohZj9IM2QkAj2H3NzgKG9UJ4Bm +ZWWQhs/gALk822WT4+UBtDILzjwHf21lBeUlRxWsZVRn9FZMMv9bTCjxsax45FQF +r8i6LHcMZbQ3KBebO7FrNjRonU3WqyTC3pdSUMx9yv9qFrKIew4YQU3QcfGI7eDS +PFaYEExmecL0E2LQvRa2nCX8uTEXmRJQPFZMcfAsAkGW9I7aUqhbkO2jNj+Lzilb +yDr8vuoxa7VqHmi7i7qYztY0YOY03Z0CAwEAAaNTMFEwHQYDVR0OBBYEFFAFgu4g +vkxq8D5VhvriBzgBIlzdMB8GA1UdIwQYMBaAFFAFgu4gvkxq8D5VhvriBzgBIlzd +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAD57DH+FjJYaZISw +K+TrKWtlFiiIZZL66A04fsVt0h5OXO9nynw+RedhohZkMPO+R6M5i63yeETdp3Au +b7zF3Q5ycEaxbeVRg6G2uBTO6kziDiQHrU8zwWtapQ3dlmFsxhGuPFUKdZm1xaql +jlsPdalrEaeZAZQF1PxHi0Xqh64oQtEnykk+YHlXINSZyWI7/WjysmgYsjXZC/h0 +9MCdINGCrh0ty9eMALnO2d+cD3ZghpTO23wBEDmMylcBgRR8iPclkUQB2/hr/RXP +rABNaBz8V78Y4wIXKSkpGF/k5Lt7jQDYWz5R/c0t3ThEUN+hV7mOO4F8lWfga8VN +AwpoLnk= -----END CERTIFICATE----- diff --git a/src/modules/kafka/test-certs/kafka.server.keystore.pfx b/src/modules/kafka/test-certs/kafka.server.keystore.pfx index 286f444e9..ea4b70ebf 100644 Binary files a/src/modules/kafka/test-certs/kafka.server.keystore.pfx and b/src/modules/kafka/test-certs/kafka.server.keystore.pfx differ diff --git a/src/modules/kafka/test-certs/kafka.server.truststore.pfx b/src/modules/kafka/test-certs/kafka.server.truststore.pfx index 9c95c4f8d..1e604aaef 100644 Binary files a/src/modules/kafka/test-certs/kafka.server.truststore.pfx and b/src/modules/kafka/test-certs/kafka.server.truststore.pfx differ