Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Renew certificates used by Kafka tests #542

Merged
merged 1 commit into from
Apr 24, 2023
Merged

Renew certificates used by Kafka tests #542

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/modules/kafka/test-certs/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
ca-cert
ca-cert.srl
ca-key
cert-file
cert-signed
kafka.client.truststore.pfx
17 changes: 15 additions & 2 deletions src/modules/kafka/test-certs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,23 @@
#Test certificates
# Test certificates

This directory contains example certificates that are used to verify that a SASL_SSL listener can be set up.
You can use the files to configure the Kafka container and the client,
or use provided Dockerfile to generate certificates to use in your test cases.
To use it, run:

```shell script
```bash
docker build -t certs .
docker run -v "$(pwd)":/var/output certs
```

1. You may need to delete the existing certs first:

```bash
rm ca-* cert-* kafka.*
```

2. The resultant files may owned by root. Chown them to your user:

```bash
sudo chown <user>:<group> *
```
6 changes: 3 additions & 3 deletions src/modules/kafka/test-certs/generate-certs.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
#generate server cert
keytool -keystore /var/output/kafka.server.keystore.pfx -storetype PKCS12 -alias localhost -keyalg RSA -validity 365 -genkey -storepass serverKeystorePassword -dname CN=localhost -ext SAN=DNS:localhost
keytool -keystore /var/output/kafka.server.keystore.pfx -storetype PKCS12 -alias localhost -keyalg RSA -validity 36500 -genkey -storepass serverKeystorePassword -dname CN=localhost -ext SAN=DNS:localhost

#create a certificate authority (CA)
openssl req -new -x509 -keyout /var/output/ca-key -out /var/output/ca-cert -days 365 -subj '/CN=myCA' -passin pass:password -passout pass:password
openssl req -new -x509 -keyout /var/output/ca-key -out /var/output/ca-cert -days 36500 -subj '/CN=myCA' -passin pass:password -passout pass:password

#import CA cert so that it is trusted
keytool -keystore /var/output/kafka.client.truststore.pfx -storetype PKCS12 -alias CARoot -importcert -noprompt -file /var/output/ca-cert -storepass clientTruststorePassword
keytool -keystore /var/output/kafka.server.truststore.pfx -storetype PKCS12 -alias CARoot -importcert -noprompt -file /var/output/ca-cert -storepass serverTruststorePassword

#sign the server certificate
keytool -keystore /var/output/kafka.server.keystore.pfx -storetype PKCS12 -alias localhost -certreq -file /var/output/cert-file -storepass serverKeystorePassword
openssl x509 -req -CA /var/output/ca-cert -CAkey /var/output/ca-key -in /var/output/cert-file -out /var/output/cert-signed -days 365 -CAcreateserial -passin pass:password
openssl x509 -req -CA /var/output/ca-cert -CAkey /var/output/ca-key -in /var/output/cert-file -out /var/output/cert-signed -days 36500 -CAcreateserial -passin pass:password
keytool -keystore /var/output/kafka.server.keystore.pfx -storetype PKCS12 -alias CARoot -importcert -noprompt -file /var/output/ca-cert -storepass serverKeystorePassword
keytool -keystore /var/output/kafka.server.keystore.pfx -storetype PKCS12 -alias localhost -importcert -noprompt -file /var/output/cert-signed -storepass serverKeystorePassword

Expand Down
34 changes: 17 additions & 17 deletions src/modules/kafka/test-certs/kafka.client.truststore.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,21 +6,21 @@ subject=CN = myCA
issuer=CN = myCA

-----BEGIN CERTIFICATE-----
MIIC/zCCAeegAwIBAgIUYiFoduyZhrF52hICuZr+YKcg83swDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEbXlDQTAeFw0yMjA0MjExNDM0MDNaFw0yMzA0MjExNDM0
MDNaMA8xDTALBgNVBAMMBG15Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDYpfD3sVa753m4BO3KgcCALnvumBn3LS8kh2v1nvZjeQlleZUiztmzct/U
XuVxl0p+S0H45kaW+4d8vts1rDq5qY/VCFCNxisgfmkgOeJXOxwWUv0+eYAwZeyU
cnaK9sC3SqcQhKpbR3NKYl9+t4zPN7Gq1/VMihKTZq8R/Y2dY3cUAbXJ0iV+vIVH
mFg0OFLX2b65MJ995x/GdBrZHYvaq9EIK3xHZtmQ5Lq5Evxt2ryjbumoGQndWlKo
PdkgmwHaEgRdNblhOukgszH2IdNJ2CzFqF1gAMO0qyJJD+22E/UK6vgiYsOxWK0s
5Sh0EvvsdDqBw0pGgVOpsM0+aekBAgMBAAGjUzBRMB0GA1UdDgQWBBQxwp9Jxe57
ZeAIxhTKps3RDcTAIzAfBgNVHSMEGDAWgBQxwp9Jxe57ZeAIxhTKps3RDcTAIzAP
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDNmpMjIh3by4/Qskix
EzAq1tJehkhNVfu3zSERtJlLDNNmrpNckVsOfqJl4I4hpNFILZppdN1nxN+FMJ7N
gN8/NgEEKYJCdlOdYxCSfp7OVMX2PZFEZfoxXNzzXbL+MyeIZkJMWX0zUn5dw+f8
iIwGZNLTZS0tVsWGtNn4Skk13PeYBezdD5V7qx+QZq5GvBCPzDqu0N/pVM2+tXbS
iirqVT+VnvRetym0U+cf5XG7nkxn2d68ONxOeeLJqNXsndZbLT5sEcF2R4byk0j3
V1hYmwl/M0zksxSZVz1bjmkrcjeogOOlr8SNJqNnYxsg34l1cg1KTh5D3Fn4N1Qf
TlC8
MIIDATCCAemgAwIBAgIUDcKCPHmrkCKXMW06vIZmSszYbYswDQYJKoZIhvcNAQEL
BQAwDzENMAsGA1UEAwwEbXlDQTAgFw0yMzA0MjQxMTE5NTlaGA8yMTIzMDMzMTEx
MTk1OVowDzENMAsGA1UEAwwEbXlDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAMJg0Hq4x1Oc60bFbg3x9810AkdujAydXYMovcX81rwJopK77FoU7Ysb
Wp19ypHyz+o3KrnfCxMXosABy21aZWMA4td7vWohZj9IM2QkAj2H3NzgKG9UJ4Bm
ZWWQhs/gALk822WT4+UBtDILzjwHf21lBeUlRxWsZVRn9FZMMv9bTCjxsax45FQF
r8i6LHcMZbQ3KBebO7FrNjRonU3WqyTC3pdSUMx9yv9qFrKIew4YQU3QcfGI7eDS
PFaYEExmecL0E2LQvRa2nCX8uTEXmRJQPFZMcfAsAkGW9I7aUqhbkO2jNj+Lzilb
yDr8vuoxa7VqHmi7i7qYztY0YOY03Z0CAwEAAaNTMFEwHQYDVR0OBBYEFFAFgu4g
vkxq8D5VhvriBzgBIlzdMB8GA1UdIwQYMBaAFFAFgu4gvkxq8D5VhvriBzgBIlzd
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAD57DH+FjJYaZISw
K+TrKWtlFiiIZZL66A04fsVt0h5OXO9nynw+RedhohZkMPO+R6M5i63yeETdp3Au
b7zF3Q5ycEaxbeVRg6G2uBTO6kziDiQHrU8zwWtapQ3dlmFsxhGuPFUKdZm1xaql
jlsPdalrEaeZAZQF1PxHi0Xqh64oQtEnykk+YHlXINSZyWI7/WjysmgYsjXZC/h0
9MCdINGCrh0ty9eMALnO2d+cD3ZghpTO23wBEDmMylcBgRR8iPclkUQB2/hr/RXP
rABNaBz8V78Y4wIXKSkpGF/k5Lt7jQDYWz5R/c0t3ThEUN+hV7mOO4F8lWfga8VN
AwpoLnk=
-----END CERTIFICATE-----
Binary file modified src/modules/kafka/test-certs/kafka.server.keystore.pfx
View file
Open in desktop
Binary file not shown.
Binary file modified src/modules/kafka/test-certs/kafka.server.truststore.pfx
View file
Open in desktop
Binary file not shown.