This is an automated email from the ASF dual-hosted git repository. szaszm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git
commit 259c539440bd6c8912532fb5ea33bb3a0c1e5f57 Author: Martin Zink <[email protected]> AuthorDate: Wed Aug 2 17:35:43 2023 +0200 MINIFICPP-2154 Replace SecureSocketGetTCPTest with utils::net::getSSLContext tests Closes #1598 Signed-off-by: Marton Szasz <[email protected]> --- cmake/BuildTests.cmake | 10 +++ .../standard-processors/processors/GetTCP.cpp | 2 +- .../standard-processors/processors/PutTCP.cpp | 4 +- .../standard-processors/tests/CMakeLists.txt | 13 +-- .../standard-processors/tests/unit/GetTCPTests.cpp | 6 +- .../tests/unit/ListenSyslogTests.cpp | 2 +- .../tests/unit/ListenTcpTests.cpp | 8 +- .../standard-processors/tests/unit/PutTCPTests.cpp | 29 +++---- .../tests/unit/resources/alice_by_A.pem | 46 ----------- .../tests/unit/resources/alice_by_B.pem | 46 ----------- .../tests/unit/resources/ca_A.crt | 21 ----- .../tests/unit/resources/ca_B.crt | 21 ----- .../tests/unit/resources/localhost_by_A.pem | 46 ----------- .../tests/unit/resources/localhost_by_B.pem | 46 ----------- libminifi/include/utils/net/AsioSocketUtils.h | 2 +- libminifi/src/utils/net/AsioSocketUtils.cpp | 6 +- libminifi/src/utils/net/TcpServer.cpp | 3 +- libminifi/test/resources/certs/alice.key | 28 +++++++ libminifi/test/resources/certs/alice_by_A.pem | 17 ++++ .../test/resources/certs/alice_by_A_with_key.pem | 45 +++++++++++ libminifi/test/resources/certs/alice_by_B.pem | 17 ++++ libminifi/test/resources/certs/alice_encrypted.key | 30 +++++++ .../test/resources/certs/alice_encryption_pass | 1 + libminifi/test/resources/certs/ca_A.crt | 16 ++++ libminifi/test/resources/certs/ca_B.crt | 16 ++++ libminifi/test/resources/certs/empty_pass | 0 libminifi/test/resources/certs/localhost.key | 28 +++++++ libminifi/test/resources/certs/localhost_by_A.pem | 17 ++++ libminifi/test/resources/certs/localhost_by_B.pem | 17 ++++ libminifi/test/unit/NetUtilsTest.cpp | 94 +++++++++++++++++++++- minifi_main/tests/CMakeLists.txt | 1 + 31 files changed, 371 insertions(+), 267 deletions(-) diff --git a/cmake/BuildTests.cmake b/cmake/BuildTests.cmake index 238b1f87b..45095b293 100644 --- a/cmake/BuildTests.cmake +++ b/cmake/BuildTests.cmake @@ -30,6 +30,16 @@ ENDMACRO() set(NANOFI_TEST_DIR "${CMAKE_SOURCE_DIR}/nanofi/tests/") +function(copyTestResources SOURCE_DIR DEST_DIR) + file(GLOB RESOURCE_FILES "${SOURCE_DIR}/*") + foreach(RESOURCE_FILE ${RESOURCE_FILES}) + get_filename_component(RESOURCE_FILENAME "${RESOURCE_FILE}" NAME) + set(dest_file "${DEST_DIR}/${RESOURCE_FILENAME}") + + configure_file(${RESOURCE_FILE} ${dest_file} COPYONLY) + endforeach() +endfunction() + function(appendIncludes testName) target_include_directories(${testName} SYSTEM BEFORE PRIVATE "${CMAKE_SOURCE_DIR}/thirdparty/catch") target_include_directories(${testName} BEFORE PRIVATE "${CMAKE_SOURCE_DIR}/include") diff --git a/extensions/standard-processors/processors/GetTCP.cpp b/extensions/standard-processors/processors/GetTCP.cpp index c3389edb2..002e86848 100644 --- a/extensions/standard-processors/processors/GetTCP.cpp +++ b/extensions/standard-processors/processors/GetTCP.cpp @@ -76,7 +76,7 @@ std::optional<asio::ssl::context> GetTCP::parseSSLContext(core::ProcessContext& if (auto context_name = context.getProperty(SSLContextService)) { if (auto controller_service = context.getControllerService(*context_name)) { if (auto ssl_context_service = std::dynamic_pointer_cast<minifi::controllers::SSLContextService>(context.getControllerService(*context_name))) { - ssl_context = utils::net::getSslContext(*ssl_context_service); + ssl_context = utils::net::getClientSslContext(*ssl_context_service); } else { throw Exception(PROCESS_SCHEDULE_EXCEPTION, *context_name + " is not an SSL Context Service"); } diff --git a/extensions/standard-processors/processors/PutTCP.cpp b/extensions/standard-processors/processors/PutTCP.cpp index 9eb7c3fcd..08c4226ac 100644 --- a/extensions/standard-processors/processors/PutTCP.cpp +++ b/extensions/standard-processors/processors/PutTCP.cpp @@ -27,6 +27,7 @@ #include "core/Resource.h" #include "core/logging/Logger.h" #include "utils/net/AsioCoro.h" +#include "utils/net/AsioSocketUtils.h" using asio::ip::tcp; @@ -54,7 +55,6 @@ void PutTCP::initialize() { void PutTCP::notifyStop() {} - void PutTCP::onSchedule(core::ProcessContext* const context, core::ProcessSessionFactory*) { gsl_Expects(context); @@ -85,7 +85,7 @@ void PutTCP::onSchedule(core::ProcessContext* const context, core::ProcessSessio if (context->getProperty(SSLContextService, context_name) && !IsNullOrEmpty(context_name)) { if (auto controller_service = context->getControllerService(context_name)) { if (auto ssl_context_service = std::dynamic_pointer_cast<minifi::controllers::SSLContextService>(context->getControllerService(context_name))) { - ssl_context_ = utils::net::getSslContext(*ssl_context_service); + ssl_context_ = utils::net::getClientSslContext(*ssl_context_service); } else { throw Exception(PROCESS_SCHEDULE_EXCEPTION, context_name + " is not an SSL Context Service"); } diff --git a/extensions/standard-processors/tests/CMakeLists.txt b/extensions/standard-processors/tests/CMakeLists.txt index 353b7bbca..89f369c2e 100644 --- a/extensions/standard-processors/tests/CMakeLists.txt +++ b/extensions/standard-processors/tests/CMakeLists.txt @@ -50,17 +50,6 @@ FOREACH(testfile ${PROCESSOR_UNIT_TESTS}) add_test(NAME "${testfilename}" COMMAND "${testfilename}" WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) MATH(EXPR PROCESSOR_INT_TEST_COUNT "${PROCESSOR_INT_TEST_COUNT}+1") - - # Copy test resources only once after the first build to be available for all test cases - if(PROCESSOR_INT_TEST_COUNT EQUAL 1) - add_custom_command( - TARGET "${testfilename}" - POST_BUILD - COMMAND ${CMAKE_COMMAND} -E copy_directory - "${CMAKE_SOURCE_DIR}/extensions/standard-processors/tests/unit/resources" - "$<TARGET_FILE_DIR:${testfilename}>/resources" - ) - endif() ENDFOREACH() message("-- Finished building ${PROCESSOR_INT_TEST_COUNT} processor unit test file(s)...") @@ -107,3 +96,5 @@ FOREACH(resourcefile ${RESOURCE_APPS}) add_executable("${resourcefilename}" "${resourcefile}") set_target_properties(${resourcefilename} PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/bin") ENDFOREACH() + +copyTestResources(${CMAKE_SOURCE_DIR}/libminifi/test/resources/certs ${CMAKE_BINARY_DIR}/bin/resources) diff --git a/extensions/standard-processors/tests/unit/GetTCPTests.cpp b/extensions/standard-processors/tests/unit/GetTCPTests.cpp index a8a2c9de6..fb95ced9d 100644 --- a/extensions/standard-processors/tests/unit/GetTCPTests.cpp +++ b/extensions/standard-processors/tests/unit/GetTCPTests.cpp @@ -42,7 +42,7 @@ minifi::utils::net::SslData createSslDataForServer() { minifi::utils::net::SslData ssl_data; ssl_data.ca_loc = (executable_dir / "resources" / "ca_A.crt").string(); ssl_data.cert_loc = (executable_dir / "resources" / "localhost_by_A.pem").string(); - ssl_data.key_loc = (executable_dir / "resources" / "localhost_by_A.pem").string(); + ssl_data.key_loc = (executable_dir / "resources" / "localhost.key").string(); return ssl_data; } @@ -52,7 +52,7 @@ void addSslContextServiceTo(SingleProcessorTestController& controller) { const auto executable_dir = minifi::utils::file::FileUtils::get_executable_dir(); REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::CACertificate, (executable_dir / "resources" / "ca_A.crt").string())); REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::ClientCertificate, (executable_dir / "resources" / "alice_by_A.pem").string())); - REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "alice_by_A.pem").string())); + REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "alice.key").string())); ssl_context_service->enable(); } @@ -76,7 +76,7 @@ class TcpTestServer { ssl_context.set_options(asio::ssl::context::default_workarounds | asio::ssl::context::single_dh_use | asio::ssl::context::no_tlsv1 | asio::ssl::context::no_tlsv1_1); ssl_context.set_password_callback([key_pw = "Password12"](std::size_t&, asio::ssl::context_base::password_purpose&) { return key_pw; }); ssl_context.use_certificate_file((executable_dir / "resources" / "localhost_by_A.pem").string(), asio::ssl::context::pem); - ssl_context.use_private_key_file((executable_dir / "resources" / "localhost_by_A.pem").string(), asio::ssl::context::pem); + ssl_context.use_private_key_file((executable_dir / "resources" / "localhost.key").string(), asio::ssl::context::pem); ssl_context.load_verify_file((executable_dir / "resources" / "ca_A.crt").string()); ssl_context.set_verify_mode(asio::ssl::verify_peer); diff --git a/extensions/standard-processors/tests/unit/ListenSyslogTests.cpp b/extensions/standard-processors/tests/unit/ListenSyslogTests.cpp index 73ed6dd3a..4e69c80a9 100644 --- a/extensions/standard-processors/tests/unit/ListenSyslogTests.cpp +++ b/extensions/standard-processors/tests/unit/ListenSyslogTests.cpp @@ -498,7 +498,7 @@ TEST_CASE("Test ListenSyslog via TCP with SSL connection", "[ListenSyslog][Netwo const auto executable_dir = minifi::utils::file::FileUtils::get_executable_dir(); REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::CACertificate, (executable_dir / "resources" / "ca_A.crt").string())); REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::ClientCertificate, (executable_dir / "resources" / "localhost_by_A.pem").string())); - REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "localhost_by_A.pem").string())); + REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "localhost.key").string())); ssl_context_service->enable(); LogTestController::getInstance().setTrace<ListenSyslog>(); diff --git a/extensions/standard-processors/tests/unit/ListenTcpTests.cpp b/extensions/standard-processors/tests/unit/ListenTcpTests.cpp index 11eb1123c..30e3e5d55 100644 --- a/extensions/standard-processors/tests/unit/ListenTcpTests.cpp +++ b/extensions/standard-processors/tests/unit/ListenTcpTests.cpp @@ -117,7 +117,7 @@ TEST_CASE("Test ListenTCP with SSL connection", "[ListenTCP][NetworkListenerProc const auto executable_dir = minifi::utils::file::FileUtils::get_executable_dir(); REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::CACertificate, (executable_dir / "resources" / "ca_A.crt").string())); REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::ClientCertificate, (executable_dir / "resources" / "localhost_by_A.pem").string())); - REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "localhost_by_A.pem").string())); + REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "localhost.key").string())); REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::Passphrase, "Password12")); REQUIRE(controller.plan->setProperty(listen_tcp, ListenTCP::MaxBatchSize, "2")); REQUIRE(controller.plan->setProperty(listen_tcp, ListenTCP::SSLContextService, "SSLContextService")); @@ -189,7 +189,7 @@ TEST_CASE("Test ListenTCP with SSL connection", "[ListenTCP][NetworkListenerProc minifi::utils::net::SslData ssl_data; ssl_data.ca_loc = executable_dir / "resources" / "ca_A.crt"; ssl_data.cert_loc = executable_dir / "resources" / "localhost_by_A.pem"; - ssl_data.key_loc = executable_dir / "resources" / "localhost_by_A.pem"; + ssl_data.key_loc = executable_dir / "resources" / "localhost.key"; ssl_data.key_pw = "Password12"; expected_successful_messages = {"test_message_1", "another_message"}; @@ -245,7 +245,7 @@ TEST_CASE("Test ListenTCP SSL/TLS compatibility", "[ListenTCP][NetworkListenerPr const auto executable_dir = minifi::utils::file::FileUtils::get_executable_dir(); REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::CACertificate, (executable_dir / "resources" / "ca_A.crt").string())); REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::ClientCertificate, (executable_dir / "resources" / "localhost_by_A.pem").string())); - REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "localhost_by_A.pem").string())); + REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "localhost.key").string())); REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::Passphrase, "Password12")); REQUIRE(controller.plan->setProperty(listen_tcp, ListenTCP::MaxBatchSize, "2")); REQUIRE(controller.plan->setProperty(listen_tcp, ListenTCP::SSLContextService, "SSLContextService")); @@ -258,7 +258,7 @@ TEST_CASE("Test ListenTCP SSL/TLS compatibility", "[ListenTCP][NetworkListenerPr minifi::utils::net::SslData ssl_data; ssl_data.ca_loc = executable_dir / "resources" / "ca_A.crt"; ssl_data.cert_loc = executable_dir / "resources" / "localhost_by_A.pem"; - ssl_data.key_loc = executable_dir / "resources" / "localhost_by_A.pem"; + ssl_data.key_loc = executable_dir / "resources" / "localhost.key"; ssl_data.key_pw = "Password12"; diff --git a/extensions/standard-processors/tests/unit/PutTCPTests.cpp b/extensions/standard-processors/tests/unit/PutTCPTests.cpp index cb6b5d675..c367d3ae7 100644 --- a/extensions/standard-processors/tests/unit/PutTCPTests.cpp +++ b/extensions/standard-processors/tests/unit/PutTCPTests.cpp @@ -18,7 +18,6 @@ #include <memory> #include <new> -#include <random> #include <string> #include "SingleProcessorTestController.h" @@ -88,7 +87,7 @@ utils::net::SslData createSslDataForServer() { utils::net::SslData ssl_data; ssl_data.ca_loc = (executable_dir / "resources" / "ca_A.crt").string(); ssl_data.cert_loc = (executable_dir / "resources" / "localhost_by_A.pem").string(); - ssl_data.key_loc = (executable_dir / "resources" / "localhost_by_A.pem").string(); + ssl_data.key_loc = (executable_dir / "resources" / "localhost.key").string(); return ssl_data; } } // namespace @@ -158,12 +157,14 @@ class PutTCPTestFixture { return std::nullopt; } - void addSSLContextToPutTCP(const std::filesystem::path& ca_cert, const std::optional<std::filesystem::path>& client_cert_key) { + void addSSLContextToPutTCP(const std::filesystem::path& ca_cert, const std::optional<std::filesystem::path>& client_cert, const std::optional<std::filesystem::path>& client_cert_key) { const std::filesystem::path ca_dir = std::filesystem::path(minifi::utils::file::FileUtils::get_executable_dir()) / "resources"; auto ssl_context_service_node = controller_.plan->addController("SSLContextService", "SSLContextService"); REQUIRE(controller_.plan->setProperty(ssl_context_service_node, SSLContextService::CACertificate, (ca_dir / ca_cert).string())); + if (client_cert) { + REQUIRE(controller_.plan->setProperty(ssl_context_service_node, SSLContextService::ClientCertificate, (ca_dir / *client_cert).string())); + } if (client_cert_key) { - REQUIRE(controller_.plan->setProperty(ssl_context_service_node, SSLContextService::ClientCertificate, (ca_dir / *client_cert_key).string())); REQUIRE(controller_.plan->setProperty(ssl_context_service_node, SSLContextService::PrivateKey, (ca_dir / *client_cert_key).string())); } ssl_context_service_node->enable(); @@ -281,7 +282,7 @@ TEST_CASE("Server closes in-use socket", "[PutTCP]") { test_fixture.setPutTCPPort(port); } SECTION("SSL") { - test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem"); + test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key"); auto port = test_fixture.addSSLServer(); test_fixture.setPutTCPPort(port); } @@ -315,7 +316,7 @@ TEST_CASE("Connection per flow file", "[PutTCP]") { test_fixture.setPutTCPPort(port); } SECTION("SSL") { - test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem"); + test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key"); auto port = test_fixture.addSSLServer(); test_fixture.setPutTCPPort(port); } @@ -346,7 +347,7 @@ TEST_CASE("PutTCP test invalid host", "[PutTCP]") { SECTION("No SSL") { } SECTION("SSL") { - test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem"); + test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key"); } test_fixture.setPutTCPPort(1235); @@ -359,7 +360,7 @@ TEST_CASE("PutTCP test invalid server", "[PutTCP]") { SECTION("No SSL") { } SECTION("SSL") { - test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem"); + test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key"); } test_fixture.setPutTCPPort(1235); test_fixture.setHostname("localhost"); @@ -371,7 +372,7 @@ TEST_CASE("PutTCP test non-routable server", "[PutTCP]") { SECTION("No SSL") { } SECTION("SSL") { - test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem"); + test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key"); } test_fixture.setHostname("192.168.255.255"); test_fixture.setPutTCPPort(1235); @@ -381,7 +382,7 @@ TEST_CASE("PutTCP test non-routable server", "[PutTCP]") { TEST_CASE("PutTCP test invalid server cert", "[PutTCP]") { PutTCPTestFixture test_fixture; - test_fixture.addSSLContextToPutTCP("ca_B.crt", "alice_by_B.pem"); + test_fixture.addSSLContextToPutTCP("ca_B.crt", "alice_by_B.pem", "alice.key"); test_fixture.setHostname("localhost"); auto port = test_fixture.addSSLServer(); test_fixture.setPutTCPPort(port); @@ -394,7 +395,7 @@ TEST_CASE("PutTCP test invalid server cert", "[PutTCP]") { TEST_CASE("PutTCP test missing client cert", "[PutTCP]") { PutTCPTestFixture test_fixture; - test_fixture.addSSLContextToPutTCP("ca_A.crt", std::nullopt); + test_fixture.addSSLContextToPutTCP("ca_A.crt", std::nullopt, std::nullopt); test_fixture.setHostname("localhost"); auto port = test_fixture.addSSLServer(); test_fixture.setPutTCPPort(port); @@ -414,7 +415,7 @@ TEST_CASE("PutTCP test idle connection expiration", "[PutTCP]") { SECTION("SSL") { auto port = test_fixture.addSSLServer(); test_fixture.setPutTCPPort(port); - test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem"); + test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key"); } test_fixture.setIdleConnectionExpiration("100ms"); @@ -435,7 +436,7 @@ TEST_CASE("PutTCP test long flow file chunked sending", "[PutTCP]") { test_fixture.setPutTCPPort(port); } SECTION("SSL") { - test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem"); + test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key"); auto port = test_fixture.addSSLServer(); test_fixture.setPutTCPPort(port); } @@ -454,7 +455,7 @@ TEST_CASE("PutTCP test multiple servers", "[PutTCP]") { } } SECTION("SSL") { - test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem"); + test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key"); for (size_t i = 0; i < number_of_servers; ++i) { ports.push_back(test_fixture.addSSLServer()); } diff --git a/extensions/standard-processors/tests/unit/resources/alice_by_A.pem b/extensions/standard-processors/tests/unit/resources/alice_by_A.pem deleted file mode 100644 index 605fe9366..000000000 --- a/extensions/standard-processors/tests/unit/resources/alice_by_A.pem +++ /dev/null @@ -1,46 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAqhZR+Hsx397YYy2sQOI0IkxO6rkJvftLrjRpy1YwVfArimkU -umZkWdpE7FAt1BIkzBlSsqXzeY/+W53YjOBcLK+xrQHpIquTGG6iL4btM6hWPBow -hxuz0TpW5SpsuupQbRi4hbWVuQzTCKV68VM01/590Su2l0MPoamSMthK8H2ubodz -R1VFwlTaLZmRJ20hyowsuKLOdc8fyzDXH5JPR9+STHsPpl+OccDvTG8iKlOZMa8z -d3GXWBhSfcPgP+WzJWLn1bVN7UbKfgneUYSRAvf+ocsT1OZ7T+eam07ROsZBgpN1 -VVycmFalRqsNddT814tUIgkRXEsXzC1bP/eV2QIDAQABAoIBAH7O50xHpRaQkWnY -Gm3BeDb+B3ROgqnm2jTGFP4pgx3/Uqb90xtpzXWEGxDIcnKDGHYmhxZ0TYMbTPtH -QrU9bNtQHjqriwJzQtbbXQXsJZr27Vwf9oA0sirSwQhYSfpNSasc3C2sBTWTDx+K -KJAVhfdnYKx7V8WMlPHld/96bNzA0AqGgn8FGYDiPAdiY7Ega6/iEMgtwGgIe56c -k5YeaXOeV9b5gZGFZyDXcnbAgC24gcuSI70YmoYgSBYJC1NftLEa4NLysetpEA2A -de1kQxm54ZfeeC+whtT693jIvp8cg6Ck/yCNj+qGXFbBWjibojs/uN8PadBOl8DU -hdGrG2UCgYEA0tCiEfaMykaZn4GTmUq+drx2l5eP6GBhmkCpw5b0AS7Xpi/sh1Hm -+v36+ffVdPsYylVDMCCLxrugx+pkCwk2I+fHxRJ0tGGOCBclpQqE0mgYQdBmGyMQ -hsXea+9IhbbeGkqgxxHWGHzVPtq7NFOLSt6LGF6+RXhfHcaBq/ypFccCgYEAzor2 -nhQr0q6UpaVUmZp3fliVfhsv7qQEcsCXbAssLbKM36vyD8m9A6V94QLfL/Z6jBx7 -3Edh18OrN0dfIlcF3J8jiD/3mGiGGldsF/dgJWQB8DpP51tYldR7ni1bW+ZDtlX7 -XmcWKTGZLqXqzYS8bsCcKUOLd2g//p1mnbcfd18CgYA8cG4Wok3I7Ca88SREzYX/ -epaxbVVntMImvCUvmwaHlEtlLNYuEZAcI1ah9aiv6hE4aOtjT+Fi74Xv6sYV1+U6 -tAe0+06ULGfQ7/nt8C8WN5vEup+bZhkl2nKjFS4Aj+XrObwQdo+f46IrbABBxzXn -GBheu0LnndP/MFsa2MwNHwKBgEmAFkcm8nlk+yz/at3GpGNn7rsTvbj00Uhs1PXz -++K/OXaXX+rSZdsYV3VtajNNSUr3D/TRyjXYQePIGEjGIyXh0+k2qkuoVqClH6hf -te1Ya4AroCe60AlxthQSHALWLJ6EdpGfqbk7F0IMdURxygS3slrU2JrDlJJtPQk/ -E4mNAoGAJjht0RIhJLr+Gss+7SocEYFd8klFpRTWpx80pN5hRdUfH84Q3OOXnq2F -QoHD7WLMM8Ec/paSSZjrmvk00Ptp4s2/Z1SRhY2BQjbk32xP0/CkGGK8SPVW6Sb7 -hAol6soYGroGcCGsRPdRE6hF5+BH8VYGh5vPlELyDnNym7Kp0wU= ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDITCCAgkCFDA8Dkntpi2PSSJDZGYjjG03qNboMA0GCSqGSIb3DQEBCwUAMFQx -CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UECgwNRXhhbXBsZSwgSW5j -LjEgMB4GA1UEAwwXQ2VydGlmaWNhdGUgQXV0aG9yaXR5IEEwHhcNMjIwOTE5MDkw -NTM3WhcNMzIwOTE2MDkwNTM3WjBGMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0Ex -FjAUBgNVBAoMDUV4YW1wbGUsIEluYy4xEjAQBgNVBAMMCWFsaWNlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoWUfh7Md/e2GMtrEDiNCJMTuq5 -Cb37S640actWMFXwK4ppFLpmZFnaROxQLdQSJMwZUrKl83mP/lud2IzgXCyvsa0B -6SKrkxhuoi+G7TOoVjwaMIcbs9E6VuUqbLrqUG0YuIW1lbkM0wilevFTNNf+fdEr -tpdDD6GpkjLYSvB9rm6Hc0dVRcJU2i2ZkSdtIcqMLLiiznXPH8sw1x+ST0ffkkx7 -D6ZfjnHA70xvIipTmTGvM3dxl1gYUn3D4D/lsyVi59W1Te1Gyn4J3lGEkQL3/qHL -E9Tme0/nmptO0TrGQYKTdVVcnJhWpUarDXXU/NeLVCIJEVxLF8wtWz/3ldkCAwEA -ATANBgkqhkiG9w0BAQsFAAOCAQEAR2vpt91QSLfoh0qIW+bknV+ZilZdgRGh+kXm -deqo+Drkz3BgmbXCIG6GGWF6LaS+iNt5YYyHUBKqLkvAfwtocLSVgNKYcgqG3kLZ -qfoLrlT/IhHQ7WE6NOFQKcoJ/vuBMU7zjROjbbw2NdkO7hpJr2NQC5CgfPy89eJ6 -ly7wf3zxsVHk8fUnl1MgSb4lft4v5E73s9SpfRkKYr2BrkMCHQYawRAm9um9pW2S -Qmk1L6OKkkCoR+LYrLyWY3s84NGVjP/fk7XHtvh2YtlB3sT4/yluOc8kXTp0DiuW -UyvWTGYI+hHvZ4ol8LOttlV4Nwo4d8qgyuHlgiw1dnQBUZB7/g== ------END CERTIFICATE----- diff --git a/extensions/standard-processors/tests/unit/resources/alice_by_B.pem b/extensions/standard-processors/tests/unit/resources/alice_by_B.pem deleted file mode 100644 index f8e1328e0..000000000 --- a/extensions/standard-processors/tests/unit/resources/alice_by_B.pem +++ /dev/null @@ -1,46 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAqq6fA21gSE4zJvfEwJ2hTa0tTfONsWLIfho0jNKvTytwoD12 -tj41mPdM8kWvYY/oEPQ8WCXAy4UmgwxxWvCmtDmm/NXT5B6/IMr+png82sdkPABY -qoPxIb0lvRoSQ0DIYZhRLI1v6TdAFMHUVyksSihoaDZZ7/6Ne+0p0xHTqiyTrlgX -axMCvmS1S/i6eCUfNKtBA3Y0nXLj1D24RYn7gxPKnAXMpCwoxW1+zRFA9SotyaO4 -mh3cp4MFALxdimu69q5/rduK9XlAXvqxlCb80mJ3he4TEio2J2KL+kiFksGKtj7W -e8a6UgIzOYYTmyZ4ScYGnwvSxYeAkQX0oRPzbwIDAQABAoIBAA5aRsbcALez07tY -JHRqDPFiOagPbf/XpbJs87RP1ywaJAtlf8ENdCZbzV2mHHxgxIwAbb6f1hmHJdjp -R/L0v5/yJSent3y8VSglycon3D4tfDFLeilElRdYN38yXQzIutDyJQlRD3MWEU5t -ijSWIsJNqZHx2BhFWJJuPBEis6DgoZXUIQLMCNDUPTofJS486yoYxdLhMC+i4+6q -DnQ+k7a32tPhSJGKXVCeIbGA2gJFcxoRQvFuJuMCofCC1jJ1BlGKbaeal0RC9ICe -TSk+SPmZMGMiOcLXBcJTCRxQP71mqtxn4cYJdvQDmXP+vZyVWBXB272YRwSoTbTL -yKHsn4ECgYEA0/1V4tuOCfCP94Phk0zwaepeZxeGdRTQhum57V5L3xmlgkrrUx+5 -u6JzrMrxpO8h7l619jHPPaV0u0BE1bwjGeOPuPA9WCWqfzETDL/j0NbTOWRLnX5h -91Ag8BYoGxt4gK856S/Me7PRPljNWiv4bDjGjXrYq/GDpSU9ZPnW9y8CgYEAzh3o -Gz9XGEI9EjcwCZtuPoKmalvXFC2tNNkkX6FgZRire0mekJzKjbNgR7xrWYtUaZ55 -ZTEGL9bseRSOcfWeZBpJIclEIgyajYs8tW8RaTZoRQmu3fP+2IlFoU9SiSQR40hX -7eeJOduHhbxXGW/JKuf7pBbGMSTH9n+MqfV/t8ECgYEAhEmmDABYvekp3hqlbOdp -a57+tDShCnUnv9kg1niuvhViDFG2UlQM8oNozh6C9xrnQLpHsM/adKzIkIWFrx9N -hD1WleENVvGCWQcFzUH953f3revhp/GTLuMI+unIs0nMQ/mVGOhkIZnP7Kk71JZ1 -2wr/FJDhn0MClM8NZfLm668CgYAYkbANL2uuVJb7COENBB4MDX7QxsnIeflfh1Ky -o4XeBybJt2jTTB1I7szXQDp7ngQd4uoNid527WOauzyPkPukaw20nU0l0eLKZIKE -Dg1BQV8Ee7cAdgk2voYySEZKWqZXNVRl42eUIfrxkhW/zndoSebRFHXjfcLoOyQF -TmI/AQKBgEKHOHbemvkKtdE4GPz436Y9vodqOMe2qFAoW+nhOP4stGZhZpOyVMvk -Y7PxpG+1bwPVg4ouSJyoq9Mw3Qnz5Reuot1h67rrw75CyUSDwuAdLpnS08t7T7LF -N7b5nWOMcbUdaCaiAh3Mv8/9vo46ZdpdiFYgDLOCYiiLifva36rK ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDITCCAgkCFDYWRAThkKd/J+oMW7tZBqEPx4XPMA0GCSqGSIb3DQEBCwUAMFQx -CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UECgwNRXhhbXBsZSwgSW5j -LjEgMB4GA1UEAwwXQ2VydGlmaWNhdGUgQXV0aG9yaXR5IEIwHhcNMjIwOTE5MDkw -NTM3WhcNMzIwOTE2MDkwNTM3WjBGMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0Ex -FjAUBgNVBAoMDUV4YW1wbGUsIEluYy4xEjAQBgNVBAMMCWFsaWNlLmNvbTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqunwNtYEhOMyb3xMCdoU2tLU3z -jbFiyH4aNIzSr08rcKA9drY+NZj3TPJFr2GP6BD0PFglwMuFJoMMcVrwprQ5pvzV -0+QevyDK/qZ4PNrHZDwAWKqD8SG9Jb0aEkNAyGGYUSyNb+k3QBTB1FcpLEooaGg2 -We/+jXvtKdMR06osk65YF2sTAr5ktUv4unglHzSrQQN2NJ1y49Q9uEWJ+4MTypwF -zKQsKMVtfs0RQPUqLcmjuJod3KeDBQC8XYpruvauf63bivV5QF76sZQm/NJid4Xu -ExIqNidii/pIhZLBirY+1nvGulICMzmGE5smeEnGBp8L0sWHgJEF9KET828CAwEA -ATANBgkqhkiG9w0BAQsFAAOCAQEAgc0RbVwCNVpCZjUyhVxBlqrS1S0K8ygdyVPG -7/fcejKSA7aUEA4x5pehvNwhDHXnW9jiEdWbQLyJaNFyuQT/4R8tCZi0q6nQF7NN -shL0B19QaHErSPHYudecshbB7VrsiYjG9Q3O8QMrulfLcz3b6RLqUTLCOSK7Nclk -Nv+ONad80OCzjBUIOnIHzkfDRDChzsF90EGtyLtIXaUO/K7WZDlw6+Gf9rVtyH6S -USyUzcKVDobxCcJkmlRbmSL3oExTQCukhH6aNhUyvUFtlaKEXqizFe+/ujtE0Ymg -sAJWmEYct+9H6iINgq24kPn/h29EbvYcGWIEg20U8+AznHaMPQ== ------END CERTIFICATE----- diff --git a/extensions/standard-processors/tests/unit/resources/ca_A.crt b/extensions/standard-processors/tests/unit/resources/ca_A.crt deleted file mode 100644 index 3d283a6c0..000000000 --- a/extensions/standard-processors/tests/unit/resources/ca_A.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDizCCAnOgAwIBAgIUca6kHRI3RSvFxnz4ksg2M33A3IowDQYJKoZIhvcNAQEL -BQAwVDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQKDA1FeGFtcGxl -LCBJbmMuMSAwHgYDVQQDDBdDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgQTAgFw0yMjA5 -MTkwOTA1MzZaGA8yMDUyMDkxMTA5MDUzNlowVDELMAkGA1UEBhMCVVMxCzAJBgNV -BAgMAkNBMRYwFAYDVQQKDA1FeGFtcGxlLCBJbmMuMSAwHgYDVQQDDBdDZXJ0aWZp -Y2F0ZSBBdXRob3JpdHkgQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AKsd1Yd8ds19WNU9ag6oDfgyxGzfnm4Nl8SrG34nA9D3DB7yXu3yN2feVPBNqDCU -FnOCsQqiRKOROfNPEfz8fqqOqUcd8TK1RNg3JWtbOjy+BklBqm8NK3fdDkrD+Fuq -sKOdqho5Xuy36Ec4y4citEW7FcRdu9LrAr81NbcOG0AU7a+SRdiROVUmSIDhQhDP -j37HO9Rya6DizNSTIvQ4xQ/iQTzGqdZD9wy/AUQt+E7VrTslpIi48dWSjM6mZkGA -1TcfAeDjJa7HrbnIZkvRhH5tUiHzCbQq+8N5SkSFssP8wd++8rydD0gWjxkOIHtR -SGPoq5cp5uKAq4j7DXasneECAwEAAaNTMFEwHQYDVR0OBBYEFH6swKPx3nUFLoaW -WiiwhERbyC5AMB8GA1UdIwQYMBaAFH6swKPx3nUFLoaWWiiwhERbyC5AMA8GA1Ud -EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACepoYKN+U5mqP5R6s/6/CM4 -3iBgcVRwAWNLd+cMhGzbSMvQbwji9AvE4lUxoLULIRl9EeedlKuEv01Eic4RGMq4 -1hG8mn3mSjITqQKYS+2o3sIKqtnfR86uQzQyixTTGiKJzpPV6vzQgtvkniCTPlgI -eu59pNfQLUlYrgtJ+lTv/2/MPyS2I137DsjG+7ASVbDZ6uDbEp1/KyrgJB1skB+6 -s2Pxicf9X8mpfpuTqFiGyJUOdHmgYpx6ZxyAgMCm4C+a5e8I283d0xX06coChy00 -fh23THQ9O8HVQYejzHFfCoshIkj9l0Kkw6Um2aS4KLaZxAky+Kn+wgqFbgcJY0s= ------END CERTIFICATE----- diff --git a/extensions/standard-processors/tests/unit/resources/ca_B.crt b/extensions/standard-processors/tests/unit/resources/ca_B.crt deleted file mode 100644 index 5beee660a..000000000 --- a/extensions/standard-processors/tests/unit/resources/ca_B.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDizCCAnOgAwIBAgIUIRojQbIHUpmTeT1hp7BsxG8gFDswDQYJKoZIhvcNAQEL -BQAwVDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQKDA1FeGFtcGxl -LCBJbmMuMSAwHgYDVQQDDBdDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgQjAgFw0yMjA5 -MTkwOTA1MzZaGA8yMDUyMDkxMTA5MDUzNlowVDELMAkGA1UEBhMCVVMxCzAJBgNV -BAgMAkNBMRYwFAYDVQQKDA1FeGFtcGxlLCBJbmMuMSAwHgYDVQQDDBdDZXJ0aWZp -Y2F0ZSBBdXRob3JpdHkgQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AJfR48sziDgKH8+PfcVUMWag7ctGoBXgfOZ8h5gubQm5KrTD0rqHvf/8dLGvJ0aq -tKVYnoFFjHikDIJZxuMYF6Vbq39FNinZugMCQsJ3gTWREq7tr3MLDfN+lD9rCxAr -RDbfwaXN907ljXbsNoq3km9Bd43qAxDDND5N74o9wefFLLxcNo08d5aTN3LZY9g0 -b83ps+kc9Ysm9JBzFN10DJYIWwRWvCZL6hX10fWqrV9OcJgilCQk5PJgaZBppQgi -hiTjq36vlBCTL3RO2MXecPSJLfigwKkT4WZwrG1E26jhh0lGVK6pdOs99JeTtzfr -hC4lR8ExD8wFwvcn/8jFXxsCAwEAAaNTMFEwHQYDVR0OBBYEFDDrW/6QNEfo/7Br -fpz8Vmm7KjWvMB8GA1UdIwQYMBaAFDDrW/6QNEfo/7Brfpz8Vmm7KjWvMA8GA1Ud -EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAErDWgtX/547fwHv6+sOoSGT -FHmVXba0IlcfW404r1Kp0MeNYZitQvi4SHL6CkxY+/RdgppxkbE5D8hUhk9PrSeo -5E4ebPsnvSRlzDVWLm2ZpbLRO6BcrzbEN0b3ylZ3Kw/+SarDNBMSTDWZ5knWXUk6 -3Ckg2gg8VCLKxQK0IDTHtXq+WTKGmVf34dYbLfWHUnYr1DLUsxgnX4llHm3xOrzp -ZqvW5cEdlj6+SW1azQgbFrEeWH7ebK5E4GBQ8LhRWbIpo6g2kzaGKTkijrk9agMs -ByzjRdLitbwt07VNE9cNDVv0kC1PLZcz1TgNnaOl5CABqw0yMjLO5LEXUK4BYkU= ------END CERTIFICATE----- diff --git a/extensions/standard-processors/tests/unit/resources/localhost_by_A.pem b/extensions/standard-processors/tests/unit/resources/localhost_by_A.pem deleted file mode 100644 index a40251478..000000000 --- a/extensions/standard-processors/tests/unit/resources/localhost_by_A.pem +++ /dev/null @@ -1,46 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA1/8IgNpuq16MNaqaHNSCucyl0NbIFavnX+nOl+3Yu9/lHvQ6 -HY4PEU1Ma9tDOL2VON1PrFx+tJ1CTY6RDn5Ppj6pOpIeIxx1sGkxvJVeMhsmwojB -3jQUJE6rgrUvsUr1YzvbJwwtfgr+PJD4uxS8V58kQdblNcWGZT8BMzracb3btNFn -2n62JuXRKTUTwXxk9PEcYJdeWkUlu309dTvt8ipeygLMxUwP+oiRjTB5lDA4VydH -qYWBi0iVPgcn5Qcxnxl3nVyTEHPszs/8fsCsqkxkhTmkyBeFAeDMoIxNDVIz92C0 -uzt2zURCBv0EOB0oIig9TTn1M27O421dYGAoIwIDAQABAoIBAHplUVs66/V9+TO7 -/eKSZZWFqvyhiPYG2HDYW7JqHCOyJvKYcIoo4s7qH4EK2ZfAjluPxUMlksMkTdsH -C5nL57SL03eWLy+0Q9h4c6+qcJsyGY+o0TrqBfPhBH1n0KPFlzHpTDFfTDQdZJ3L -hLb2dBeu3WvVq0MCMDsVLcfq9Lf4VIimKnufYai97p174IPovYLAhfhJiSrAVb+z -eBBvpiBalFlZc46HaeC0pZrD4k5e5B/5J45b3KeCmmcWvjhfxaJfNAUKIK+fPtZO -1txrN6+lEZBl3EpfUFWxfMAH73tPVUabO6Ap5OGVK2ahvBQw0UDqBMRM6o6LdX+9 -WKgcOhECgYEA74Zn61Qz2R+J1WRBlZYBAcm/w669B9Mwc/itLyOG77G8UTfqHgkp -vjCNGEtG6doztmkaN50OuTp3/2iStLdFm1IDfJmaslZFHwsFSX9YeLPoUy3P93ri -ePrsnnmdKqX1WBovm53kv4bqI9yY8OApD7s7inaMrX9PRbcWg60Q/KsCgYEA5tpU -GGZEQ7R7m5/R5r5+4uZh9enoD0MDEkg0jm06N8pzk6CEzlynYwPHohkWF58C2lo2 -noufofVRJc+2MKnfL/JulCEL3dVyWVak3fnpl129BMdKJ9ZDsMlAlWeYqP0b9dwE -Mye1r5ef8rJ8fLBeb8jZrM3+Tlh9OwV7dV7tkmkCgYBMr2VZ7G1lGDnSvfRZZdsQ -rXzds3YFqVGb74PS0bcDyo2WGyazUw+wOm8R1hfwCtH/loq0P25VUyjT9rDxdrOs -VIeVPsBOVFxw4eBhdYnnqwG4j7RDcW5MeVmEKz9sRhHUkR2o3tY7k4Am1xuIEtxS -kwku/WFwso+4rDNjGOeVXQKBgQDj+ZgywEuJ0SKAfUP8awNDb+AtyeCxsavG0ieU -v6lOj0+z6kE8yaND1OfA3KVEjnNyzsRBrgDnICwS+x0g0aDm6LLq9feSCsfyEe6e -h753DMstfOFuldojK5vr73KC7/I8yhobqotx7Hq4Yistt76LBf5w+Ly7Aggp0TAq -qKRUgQKBgDDzyJ8fvVYh/UzI/efY/nhIwkeD3KErszrnle39rKkFfaRaHM66IYF4 -5+1q3UdKGLdt6k1S4B3aLZxAVt7F6SzTFd3amGDJNi0Om0MJ8LnftUL5uBzTloem -GB+XehWJz0NJcDLdTXN86f1j2LZUEiFR62nSt0uwq3mwMuGrqaEG ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDITCCAgkCFDA8Dkntpi2PSSJDZGYjjG03qNbnMA0GCSqGSIb3DQEBCwUAMFQx -CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UECgwNRXhhbXBsZSwgSW5j -LjEgMB4GA1UEAwwXQ2VydGlmaWNhdGUgQXV0aG9yaXR5IEEwHhcNMjIwOTE5MDkw -NTM3WhcNMzIwOTE2MDkwNTM3WjBGMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0Ex -FjAUBgNVBAoMDUV4YW1wbGUsIEluYy4xEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANf/CIDabqtejDWqmhzUgrnMpdDW -yBWr51/pzpft2Lvf5R70Oh2ODxFNTGvbQzi9lTjdT6xcfrSdQk2OkQ5+T6Y+qTqS -HiMcdbBpMbyVXjIbJsKIwd40FCROq4K1L7FK9WM72ycMLX4K/jyQ+LsUvFefJEHW -5TXFhmU/ATM62nG927TRZ9p+tibl0Sk1E8F8ZPTxHGCXXlpFJbt9PXU77fIqXsoC -zMVMD/qIkY0weZQwOFcnR6mFgYtIlT4HJ+UHMZ8Zd51ckxBz7M7P/H7ArKpMZIU5 -pMgXhQHgzKCMTQ1SM/dgtLs7ds1EQgb9BDgdKCIoPU059TNuzuNtXWBgKCMCAwEA -ATANBgkqhkiG9w0BAQsFAAOCAQEAJUfkmbPE2mrHu12gmsm6nSU7M1l1KELzMTRH -eZf2NYaqLOOqlz7McsKgu5LJTRmEXi9ufUC1HQfKJLOaj2LkLmVgKzTrP33GQ4wf -a7WOLeWs90kbiXV71iBBBXEuusMnMzuvBbcJTohwI5/svwCqEISpnSpVLi66dAej -BTTT0MD5KZWcznMeD/nOMIu+5j0tNBGdCHwLXxbmyuqzBFmMmAJAm9WILGhAZGKk -5IXbHrZYMEOMXoY2e/NnaMK9Q81q1YgeXZWBKLTF2g3RSrKFm84jBouPR1j7qmsr -xST6nM0Ngr28dzYCLxOY7p6xqYVo6rxxMfSz2jkM6pycLgwy/w== ------END CERTIFICATE----- diff --git a/extensions/standard-processors/tests/unit/resources/localhost_by_B.pem b/extensions/standard-processors/tests/unit/resources/localhost_by_B.pem deleted file mode 100644 index 0912e95ea..000000000 --- a/extensions/standard-processors/tests/unit/resources/localhost_by_B.pem +++ /dev/null @@ -1,46 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAwfjLXc6dHBaYsoWQaqsqwhJY68G7+35NVIU8BAKabHcUN5us -IWieeg2Po1CPLoBfyfAq+06fj1T8D/3irUD/EB3QvDx1gCc+zY9BobIJKLi3Xeit -zE7gEDDV1FFw8E2fBAptTMn/1GXyD5xsE9HQvtTffgELNXzl5Zp6pS5V6oN2X9Np -3lExRFMmrEZmKuZMhA4UjLahA21Hv8GNlI4tqFazj6/timvSJHtqVGruhm/PAw7F -1lOZ34t6/h/suayqRpDSZF+E7gnaFL8px/tpQwpLfHEixiMXjVrGBJRFnvHH8sdR -wpU2mSR4j6KoUxS1wbW0iiOim3Fwy7vOd3ezvQIDAQABAoIBACWGAaFmBNKYNHXk -jKl171GXxwfkdH8UUdVV6ORFtKXi61BOlx/nYzDtSqonPWubfexMv6PZ89gAcrqN -PLqTZkQx4F1pvLlL3kRZwDKNhGQSR7as+mIZqBK5v8PQ9W4nNenMMpS2Rv1Js2f9 -tJKo9h7Ug1+WyBpSzQ57sdoeepRg/9pA489XjdqPIuyDSydhCEqqVe7slU62q1d+ -AjxTZ5tmD8dnbV0TWOphvBM8bVQc4UA/eMGIrS0jbkDLIuT63ZrPzVtaEqYK56O4 -IsWjaweFeIUJhtSyZ8/OA+7kqndxEZLCBY4XmUt+z2tyqtNg7rPcOwD04LWBPjW2 -KV60DOkCgYEA4+6kg8G098u7EkilpkuAmgnskm8Lw7Ic8IhJa8n7UVLFg4PNuPz9 -dcYcpy2wSu5CzSqNWNe9lePXX7VGVpSLvNxDg0R8L3m8m0Pu5sv17RdmKKJJz9D3 -kYCPgm6qitoTOKK2hOEiqVHzS4RydjaouyZDTFs1U/eHOkmR33JMP4MCgYEA2duV -HKBwgP2PxVKUwwyqPK4spHVAfGh0cZWzTShvfB8DiLO9RyjmD9g9HMlEqc2FI9O5 -vhEsrWbVHQQ/kJHPLTCF7OKYYR+K9b8rezRvcQuvxCOnOcsatpahl5Fgt2o28SDn -eu/2dh2NmTrM4jqNx4tvha5EVXUmbr7Qf+dgm78CgYEA0Kk7elLutJqRm19eJiqg -hGPpavS1tGVuENTzQfYaWIyJvKgAwQT5k8PVn0Y4SaBtDx2RYG/AY2O9WyS8S66Z -bj/Gnnknpt6vRwSdxDOb43y0TSako9cNjOpAdouRHKQfTI3IwUTJUnBvZgbOMmI/ -fXS9zz0ASOolpbqMDB66prkCgYB7CCHul8DRZ+EQq7FtcbKWMDrv6XOwjoDsQIGQ -2nwTWaRySCdlj3hVjGX+4r9PMcy1zfVAnIxhpQhHqcWIDIA24gdQHyu09c5ROFQC -8TraWaI6n3PqFISShwDdCvHWwzoh9NYlPG0wiUIVPfrE7BJzlZA2q5LVvCInOsWe -5flOGwKBgCOyshMpw8FPCuNE8gEONH7aQ03MphLGzMcDVD7rl3I8d35z/IRhNgas -V+I+Cfp6Tde7Ad8fNXX7ogoxxX/1UvkWGKg70ogqW9cKBqLsy7Pa+JMH201roJWR -aODbnz02V1pQ8MBT4u7QG6PNyyue5W6h/2ADZCYvQJM8lrppKFE+ ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDITCCAgkCFDYWRAThkKd/J+oMW7tZBqEPx4XOMA0GCSqGSIb3DQEBCwUAMFQx -CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UECgwNRXhhbXBsZSwgSW5j -LjEgMB4GA1UEAwwXQ2VydGlmaWNhdGUgQXV0aG9yaXR5IEIwHhcNMjIwOTE5MDkw -NTM3WhcNMzIwOTE2MDkwNTM3WjBGMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0Ex -FjAUBgNVBAoMDUV4YW1wbGUsIEluYy4xEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMH4y13OnRwWmLKFkGqrKsISWOvB -u/t+TVSFPAQCmmx3FDebrCFonnoNj6NQjy6AX8nwKvtOn49U/A/94q1A/xAd0Lw8 -dYAnPs2PQaGyCSi4t13orcxO4BAw1dRRcPBNnwQKbUzJ/9Rl8g+cbBPR0L7U334B -CzV85eWaeqUuVeqDdl/Tad5RMURTJqxGZirmTIQOFIy2oQNtR7/BjZSOLahWs4+v -7Ypr0iR7alRq7oZvzwMOxdZTmd+Lev4f7LmsqkaQ0mRfhO4J2hS/Kcf7aUMKS3xx -IsYjF41axgSURZ7xx/LHUcKVNpkkeI+iqFMUtcG1tIojoptxcMu7znd3s70CAwEA -ATANBgkqhkiG9w0BAQsFAAOCAQEAPa5w9kshcNgeOdsWJnKrGy31Jmhbi00a0ue0 -PSv1K49wvRIiHjk49DhOjHLRDoyEZ6AHme4dJIZ7G4GL4dKyW8eVi22nCN/2G6+u -vssUXXNTTnaOXIXVVtnyTeMr4JHcysn0wMsMsApCvkpyB2euC+uvA8ppvfr6Zdng -3okbQGhTvhkBZM2/jbtPb8O1XzXepPeYlXMiOcRsSA4oy5sYi8BFXuODCtH2qJD4 -zuSGEpWrDbzqUPGmXSoLALzpObI4v2yDLgrYZMMfOXOmtmeD1gfyIptl/pSeAko8 -lXxhgAY2ef2P1j2SCMIwNTPtIIrqJLmCt7EUWXjSpnnEIWP6bA== ------END CERTIFICATE----- diff --git a/libminifi/include/utils/net/AsioSocketUtils.h b/libminifi/include/utils/net/AsioSocketUtils.h index 9ae531232..a9173e082 100644 --- a/libminifi/include/utils/net/AsioSocketUtils.h +++ b/libminifi/include/utils/net/AsioSocketUtils.h @@ -60,7 +60,7 @@ template<> asio::awaitable<std::tuple<std::error_code>> handshake(SslSocket& socket, asio::steady_timer::duration); -asio::ssl::context getSslContext(const controllers::SSLContextService& ssl_context_service); +asio::ssl::context getClientSslContext(const controllers::SSLContextService& ssl_context_service); } // namespace org::apache::nifi::minifi::utils::net namespace std { diff --git a/libminifi/src/utils/net/AsioSocketUtils.cpp b/libminifi/src/utils/net/AsioSocketUtils.cpp index 8eeb61ffe..15141fa0a 100644 --- a/libminifi/src/utils/net/AsioSocketUtils.cpp +++ b/libminifi/src/utils/net/AsioSocketUtils.cpp @@ -30,10 +30,11 @@ asio::awaitable<std::tuple<std::error_code>> handshake(SslSocket& socket, asio:: co_return co_await asyncOperationWithTimeout(socket.async_handshake(HandshakeType::client, use_nothrow_awaitable), timeout_duration); // NOLINT } -asio::ssl::context getSslContext(const controllers::SSLContextService& ssl_context_service) { +asio::ssl::context getClientSslContext(const controllers::SSLContextService& ssl_context_service) { asio::ssl::context ssl_context(asio::ssl::context::tls_client); ssl_context.set_options(asio::ssl::context::no_tlsv1 | asio::ssl::context::no_tlsv1_1); - ssl_context.load_verify_file(ssl_context_service.getCACertificate().string()); + if (const auto& ca_cert = ssl_context_service.getCACertificate(); !ca_cert.empty()) + ssl_context.load_verify_file(ssl_context_service.getCACertificate().string()); ssl_context.set_verify_mode(asio::ssl::verify_peer); ssl_context.set_password_callback([password = ssl_context_service.getPassphrase()](std::size_t&, asio::ssl::context_base::password_purpose&) { return password; }); if (const auto& cert_file = ssl_context_service.getCertificateFile(); !cert_file.empty()) @@ -42,4 +43,5 @@ asio::ssl::context getSslContext(const controllers::SSLContextService& ssl_conte ssl_context.use_private_key_file(private_key_file.string(), asio::ssl::context::pem); return ssl_context; } + } // namespace org::apache::nifi::minifi::utils::net diff --git a/libminifi/src/utils/net/TcpServer.cpp b/libminifi/src/utils/net/TcpServer.cpp index c443bf347..a6b957bd5 100644 --- a/libminifi/src/utils/net/TcpServer.cpp +++ b/libminifi/src/utils/net/TcpServer.cpp @@ -66,7 +66,8 @@ asio::ssl::context setupSslContext(SslServerOptions& ssl_data) { ssl_context.set_password_callback([key_pw = ssl_data.cert_data.key_pw](std::size_t&, asio::ssl::context_base::password_purpose&) { return key_pw; }); ssl_context.use_certificate_file(ssl_data.cert_data.cert_loc.string(), asio::ssl::context::pem); ssl_context.use_private_key_file(ssl_data.cert_data.key_loc.string(), asio::ssl::context::pem); - ssl_context.load_verify_file(ssl_data.cert_data.ca_loc.string()); + if (!ssl_data.cert_data.ca_loc.empty()) + ssl_context.load_verify_file(ssl_data.cert_data.ca_loc.string()); if (ssl_data.client_auth_option == ClientAuthOption::REQUIRED) { ssl_context.set_verify_mode(asio::ssl::verify_peer|asio::ssl::verify_fail_if_no_peer_cert); } else if (ssl_data.client_auth_option == ClientAuthOption::WANT) { diff --git a/libminifi/test/resources/certs/alice.key b/libminifi/test/resources/certs/alice.key new file mode 100644 index 000000000..a04193e6f --- /dev/null +++ b/libminifi/test/resources/certs/alice.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDO+RtHe+aUWFIg +HyMSuFW//0fWd4jYe8SaMnMV1ZkirtTgkycGcEIV6/4Ep095Cht9qjMHh2zxyfrB +WpZDPt4w2j3pTsf0e3Q1QR0xvlDvA3tF7Zsv43iCZMs0wsbteiFth/syvtcH4N/X +Qu4h32s+8fIgvWZ9SfZZI1kOuWEL9Js80XyBS5B3Z8OszBZDMZLzbSslxczy58LY ++jHAprFE5ffOa+ZVmgHptSxRWx5xh0t9wjHRvbP6S2+jxy1xsD79m73lsrxmX0Qh +WBXIS3/vTcdGguoyMaq3ATVGEPDVKjK/qfQdKblMFA00a4YHHbRfhBDH6p8dkDYD +0xBmtLerAgMBAAECggEADb9MCY54PUg0hD+tM7Qctfj9y4f7Be4Km/dX345lcoFM +UHJVuD7ClPQs1iBKzg5Wzxz78LcVDGZPCoK60lKdrX8Bd7qs21dL27Gsf75VX9rK +WFW05hRkz7xkJuf9EI75I25RyAgW/kX4eDLQ4F0XoYGuhHAwG4hLHZaUdr7nbES/ +Z5bBYcrcjdn1SKinFNH9hMaLHvY7nvnYFAneZ2bXypjxoinyvCOM1fWQPdXVTrtq +dZCETegNH5428hRRzS1j16PT2xgP5z5AraJAdAkpk/9BKsUrmL93CQxBoYGenD1H +c7JHv8C2v7HsOe+cmpCTe7k7BkbGo5dzrjEnzo9N4QKBgQDs4owvRm6MQQ0zevOc +qDp/X43LL2GvwJNV96XRgTVvxRcjG2njiSolZnIQe0bU2fRXVaFWiGcwg19WahOp +aZ5zKudV9AGTzzF0Hf0N7XY5LZdH+OD0GGvHTdft0L8O1kKR87h7/TbYMUpVZOeq +gkqR+J6k0r0GDap6f8OheOrLGwKBgQDfrKd1EicJstMOmZcX8/DDjQwEir94dRxR +PxNsduK/ccSVlvrmn5th3SjAAqcgr5W04NodqHi9PETPSK6kOu3NpPhNbOdhrVdW +SHYjESMp3yCy0cJJBxFatMYV5Th4UooFTe3bCpLQJK/2vuGgss24lcja1/YWEhFp +jj57PKV+sQKBgFlzw1Qm2KAGAKIsD8pcjJqEztqnbdAcfIa+GdPfYvpuBqqvM3FE +3rF42iH3K2w9UdOY9m/i2nSrZ1kOfZY/2CHNVcZTejUCzL34hRK5VSeKW9JF3UzP +3ANLFfssFLnZlxHeYxAPMqK5GkTc8c6lnNs6c03ydobOqk3P6WQUcTV5AoGAX2DW +P3uwHdidWzpvTY19+0Un/L/Vid4WZybId5XydsRimY86CiHBNmgCOm5nKe71nZ3M +JJ10bu1GQkWyAuIGCYzxPMLVn7c06NwZVDa4keBNpzL+7/kNk2pGlYubGuPHax+h +76eAlzUtu8AFomrcgnuMnJU+oIav2h0H07E2uOECgYBrvVWVwFmkhblFu7K20VU4 +DqJvHds+hDeEdq05j4vDFH2uMl7CCcpahIIPyhIE9VUcfNXzSRHcrD7m0QV96J9q +9nEQiWF0w5lr2kYV8geo+S1ghbvLDRNnueoHuhmAKH6bKnPrQsAup8Opwsu5nezw +HzGZpAnE316ikd0je/MugQ== +-----END PRIVATE KEY----- diff --git a/libminifi/test/resources/certs/alice_by_A.pem b/libminifi/test/resources/certs/alice_by_A.pem new file mode 100644 index 000000000..0612c4757 --- /dev/null +++ b/libminifi/test/resources/certs/alice_by_A.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICnzCCAYcCCQDvzcYL0ZuT9jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj +YV9BMB4XDTIzMDYyOTEyMzMxMFoXDTMzMDYyNjEyMzMxMFowFDESMBAGA1UEAwwJ +YWxpY2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvkbR3vm +lFhSIB8jErhVv/9H1neI2HvEmjJzFdWZIq7U4JMnBnBCFev+BKdPeQobfaozB4ds +8cn6wVqWQz7eMNo96U7H9Ht0NUEdMb5Q7wN7Re2bL+N4gmTLNMLG7XohbYf7Mr7X +B+Df10LuId9rPvHyIL1mfUn2WSNZDrlhC/SbPNF8gUuQd2fDrMwWQzGS820rJcXM +8ufC2PoxwKaxROX3zmvmVZoB6bUsUVsecYdLfcIx0b2z+ktvo8ctcbA+/Zu95bK8 +Zl9EIVgVyEt/703HRoLqMjGqtwE1RhDw1Soyv6n0HSm5TBQNNGuGBx20X4QQx+qf +HZA2A9MQZrS3qwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCFxa4e/l3OP8n9H0uL +nkESNPgkyZsKh6TY3ODRz7JS8Pq6Geqh3Y85ID5Yv2zuDislDtLDjeDYDfBYnJp1 +YQfgWQ3yB8kAcCdL8rj8eeGr21fja6A9FZiI9q8bf76haB7mRNg3yhoZo6D9AhhR +Tb6vVUIkkwsH4zDa+SELQiQ3feCcOwdODdMJWuZLYCzWSbw59q8Z1CILHri0Dxh7 +oRnB2H1G7T0pyARBGYlMnQ/GRxgxpOhnZBXGgJ8DZpGFUAOXSAA83ekUq2cYzkZk +UKugErpcRqqqwE8m7neZkjLdKMtv0vWFj0Ze6IfJZvl1FKHB5fsoWn0RxECX2ULi +PcjT +-----END CERTIFICATE----- diff --git a/libminifi/test/resources/certs/alice_by_A_with_key.pem b/libminifi/test/resources/certs/alice_by_A_with_key.pem new file mode 100644 index 000000000..9c86b926c --- /dev/null +++ b/libminifi/test/resources/certs/alice_by_A_with_key.pem @@ -0,0 +1,45 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDO+RtHe+aUWFIg +HyMSuFW//0fWd4jYe8SaMnMV1ZkirtTgkycGcEIV6/4Ep095Cht9qjMHh2zxyfrB +WpZDPt4w2j3pTsf0e3Q1QR0xvlDvA3tF7Zsv43iCZMs0wsbteiFth/syvtcH4N/X +Qu4h32s+8fIgvWZ9SfZZI1kOuWEL9Js80XyBS5B3Z8OszBZDMZLzbSslxczy58LY ++jHAprFE5ffOa+ZVmgHptSxRWx5xh0t9wjHRvbP6S2+jxy1xsD79m73lsrxmX0Qh +WBXIS3/vTcdGguoyMaq3ATVGEPDVKjK/qfQdKblMFA00a4YHHbRfhBDH6p8dkDYD +0xBmtLerAgMBAAECggEADb9MCY54PUg0hD+tM7Qctfj9y4f7Be4Km/dX345lcoFM +UHJVuD7ClPQs1iBKzg5Wzxz78LcVDGZPCoK60lKdrX8Bd7qs21dL27Gsf75VX9rK +WFW05hRkz7xkJuf9EI75I25RyAgW/kX4eDLQ4F0XoYGuhHAwG4hLHZaUdr7nbES/ +Z5bBYcrcjdn1SKinFNH9hMaLHvY7nvnYFAneZ2bXypjxoinyvCOM1fWQPdXVTrtq +dZCETegNH5428hRRzS1j16PT2xgP5z5AraJAdAkpk/9BKsUrmL93CQxBoYGenD1H +c7JHv8C2v7HsOe+cmpCTe7k7BkbGo5dzrjEnzo9N4QKBgQDs4owvRm6MQQ0zevOc +qDp/X43LL2GvwJNV96XRgTVvxRcjG2njiSolZnIQe0bU2fRXVaFWiGcwg19WahOp +aZ5zKudV9AGTzzF0Hf0N7XY5LZdH+OD0GGvHTdft0L8O1kKR87h7/TbYMUpVZOeq +gkqR+J6k0r0GDap6f8OheOrLGwKBgQDfrKd1EicJstMOmZcX8/DDjQwEir94dRxR +PxNsduK/ccSVlvrmn5th3SjAAqcgr5W04NodqHi9PETPSK6kOu3NpPhNbOdhrVdW +SHYjESMp3yCy0cJJBxFatMYV5Th4UooFTe3bCpLQJK/2vuGgss24lcja1/YWEhFp +jj57PKV+sQKBgFlzw1Qm2KAGAKIsD8pcjJqEztqnbdAcfIa+GdPfYvpuBqqvM3FE +3rF42iH3K2w9UdOY9m/i2nSrZ1kOfZY/2CHNVcZTejUCzL34hRK5VSeKW9JF3UzP +3ANLFfssFLnZlxHeYxAPMqK5GkTc8c6lnNs6c03ydobOqk3P6WQUcTV5AoGAX2DW +P3uwHdidWzpvTY19+0Un/L/Vid4WZybId5XydsRimY86CiHBNmgCOm5nKe71nZ3M +JJ10bu1GQkWyAuIGCYzxPMLVn7c06NwZVDa4keBNpzL+7/kNk2pGlYubGuPHax+h +76eAlzUtu8AFomrcgnuMnJU+oIav2h0H07E2uOECgYBrvVWVwFmkhblFu7K20VU4 +DqJvHds+hDeEdq05j4vDFH2uMl7CCcpahIIPyhIE9VUcfNXzSRHcrD7m0QV96J9q +9nEQiWF0w5lr2kYV8geo+S1ghbvLDRNnueoHuhmAKH6bKnPrQsAup8Opwsu5nezw +HzGZpAnE316ikd0je/MugQ== +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICnzCCAYcCCQDvzcYL0ZuT9jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj +YV9BMB4XDTIzMDYyOTEyMzMxMFoXDTMzMDYyNjEyMzMxMFowFDESMBAGA1UEAwwJ +YWxpY2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvkbR3vm +lFhSIB8jErhVv/9H1neI2HvEmjJzFdWZIq7U4JMnBnBCFev+BKdPeQobfaozB4ds +8cn6wVqWQz7eMNo96U7H9Ht0NUEdMb5Q7wN7Re2bL+N4gmTLNMLG7XohbYf7Mr7X +B+Df10LuId9rPvHyIL1mfUn2WSNZDrlhC/SbPNF8gUuQd2fDrMwWQzGS820rJcXM +8ufC2PoxwKaxROX3zmvmVZoB6bUsUVsecYdLfcIx0b2z+ktvo8ctcbA+/Zu95bK8 +Zl9EIVgVyEt/703HRoLqMjGqtwE1RhDw1Soyv6n0HSm5TBQNNGuGBx20X4QQx+qf +HZA2A9MQZrS3qwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCFxa4e/l3OP8n9H0uL +nkESNPgkyZsKh6TY3ODRz7JS8Pq6Geqh3Y85ID5Yv2zuDislDtLDjeDYDfBYnJp1 +YQfgWQ3yB8kAcCdL8rj8eeGr21fja6A9FZiI9q8bf76haB7mRNg3yhoZo6D9AhhR +Tb6vVUIkkwsH4zDa+SELQiQ3feCcOwdODdMJWuZLYCzWSbw59q8Z1CILHri0Dxh7 +oRnB2H1G7T0pyARBGYlMnQ/GRxgxpOhnZBXGgJ8DZpGFUAOXSAA83ekUq2cYzkZk +UKugErpcRqqqwE8m7neZkjLdKMtv0vWFj0Ze6IfJZvl1FKHB5fsoWn0RxECX2ULi +PcjT +-----END CERTIFICATE----- diff --git a/libminifi/test/resources/certs/alice_by_B.pem b/libminifi/test/resources/certs/alice_by_B.pem new file mode 100644 index 000000000..2a7a9db7e --- /dev/null +++ b/libminifi/test/resources/certs/alice_by_B.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICnzCCAYcCCQCyCG61QRF+6zANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj +YV9CMB4XDTIzMDYyOTEyMzM0OVoXDTMzMDYyNjEyMzM0OVowFDESMBAGA1UEAwwJ +YWxpY2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvkbR3vm +lFhSIB8jErhVv/9H1neI2HvEmjJzFdWZIq7U4JMnBnBCFev+BKdPeQobfaozB4ds +8cn6wVqWQz7eMNo96U7H9Ht0NUEdMb5Q7wN7Re2bL+N4gmTLNMLG7XohbYf7Mr7X +B+Df10LuId9rPvHyIL1mfUn2WSNZDrlhC/SbPNF8gUuQd2fDrMwWQzGS820rJcXM +8ufC2PoxwKaxROX3zmvmVZoB6bUsUVsecYdLfcIx0b2z+ktvo8ctcbA+/Zu95bK8 +Zl9EIVgVyEt/703HRoLqMjGqtwE1RhDw1Soyv6n0HSm5TBQNNGuGBx20X4QQx+qf +HZA2A9MQZrS3qwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAUik/MA1SzDrLvTnP7 +WZuw1e7/DYIYvZTWajxImbvnqyHVUZSVwUCZEoLlXAHnGBiqcf9ubwRm6VG/ZgRY +ep/5iqLdcTG6Jlj6l4B9jyluiGc9J6XrcAGMpX6giNmG3EGgHNyI4iEIzhrQxZPk +D/ScluroS/ISsgRYi/Hv8Pq6DaPLZ60UoEohthgaEfCppBeZqBmAL3JhbXQpwxrY +yX7RlX7h8+vtezwbuzaol1304zPA1uXdRXc+s8gBKTGyvn6Acj4Ccjwu0C9S5wUH +Qv76mSKIS+Pm95AxpV593QA3vPiH1tLKGIprXkyMWSNoW84patUd/pGKbUTeQe7x +Pkyc +-----END CERTIFICATE----- diff --git a/libminifi/test/resources/certs/alice_encrypted.key b/libminifi/test/resources/certs/alice_encrypted.key new file mode 100644 index 000000000..a46765efe --- /dev/null +++ b/libminifi/test/resources/certs/alice_encrypted.key @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,08109FEC248D265FE691B5931CF2BD34 + +0wrzUTpaogk81yOSrv/wyMyV79fwVA+r2IM3KqhL934s8K1Im0HuGh73kv4NKJdW +DvUreIPJeozCnxXpwHU6sjOz6kRYxadeImCc3WHXN3X4YBz2sdoVAw9k0SmbzUZ2 +iUR0R1Q/TTrbdHd/7z8Jascka6jsxOVWiUzqqzzNUj013ghdKzxPuiHL4d+sMJbg +UVA/xi47XK7ytgI3axBLEZaKPxhpf8hHPRi0jRu6nvuL1qjNIAjgEz/fE+xn9gwL +MPsEotMP11u4zM1eVMf/HVwLa97WDUAxRN2KcTwjpR7XivdwPgIHMAJEvDcfap1b +B0ntg5MdbAGKI//4oH96Ts0ZDrBn5swtfQokpATRVmZLPkxQw7WNRWwo/KUKAGve +zPJj9bXSGTo/4/rZVaqHMQjQBS6/Hla10W3PPnk+KupGKgLuRpzPIDUACQybhRMA +JvmCuJiCGFQT20bE9tAQbRHz4rxC7fgWsWSN6HtYqaNqJ8TO0lLtrBYCv5Am6BiR +PgLo4o5f23HYwI84YO65Pv2qoZg8OxLaKUhGpBXN6TFqr0dJ6gNeZ1O5uTNtIwLx +KIENUf4jXFIPakae8MVEyk3LtdZxeSK6MmklYrbbDXNlVJIFdNVoHYS2aY9aZ7sH +6/XrdA/o5FXURb119IefwsX2iLB7TUZ7CvGkxgMrFLRA8MYoNIuUKntM8eVm8Xft +WxH81Efq0F5KJp0I/eOPinZG840j4Vfest7UQTiQvZsQ4sg0E/gibY0iEw9S2LgG +sJq4uaBIMSFee2zQx5cOSvCTbJLC8XUARgd7yH/mAjYatWdJw3MqOH2r0U0c7qcW +QWtLE2u+VGizlepjfaEpuNdXF/EFViHmBceO1ifpt42x5gIHAL0HxpUvCKQ2N1w8 +mre1aTcoCUzwCK/3G7rTer/De0Kozu+Dt2GE4PLT1IaoE7Fncl+Pa5PJU96d9Ajs +/3Kj3tE8e6vu/XOW5K+bBPsg0PpqND1T79PcKO33z2RGpKCUZ3u0GiDb8mks9tcc +YgkqdAbh/cFP4mkR156W5ao2hz8p44HmYKMQpNXc31TMntnhRwdD1nU+QTZsmYph +OWtiY3PA9ZZhhH/scyMHrCCS22BKhrxpnwcKVEn2ZxQ1hqUKgN/hJ9dHlck97MfW +BcjJHRYAyJV9zqqHxFL/swl2Hg8i541+uRVh/WFVJwf6nHm/piWMaUbZRFaBXuPT +SnI9N+l7hBNC4cg/a1K6+vdZhIr6mNEbXeLC+ZVA9VmQt4sV32jtdX9dkPGq/+lJ +CC7ZvifsUZoHpfYNoVH5i6WKttLlEMuHBHAw9plAeir2dMRYZaRSig+19Q6/RdHi +IP5CcaQEccB+4BQMCcZmrbWXx3PRGsiJEUQ0sX9V9Y+CvtP9S5Tob44J1eyjtXWg +O/ipenehEvZ+4966JW125XK2/SvIam+IeSpuuWwWdABGeTHaUlVrYBefK9wkYvdF +AyU+KkA4vt1EcNksDSwsPNtakL4hxjPtiXySmep5Gbfvktv+hqHpfoW81O7M94D5 +unmskfSETpDszpv0wcDDot4iefXuvxdEy43uKbUlWArlshIey3TcziLXJY77u/H3 +-----END RSA PRIVATE KEY----- diff --git a/libminifi/test/resources/certs/alice_encryption_pass b/libminifi/test/resources/certs/alice_encryption_pass new file mode 100644 index 000000000..cdbe4f5d3 --- /dev/null +++ b/libminifi/test/resources/certs/alice_encryption_pass @@ -0,0 +1 @@ +VsVTmHBzixyA9UfTCttRYXus1oMpIxO6jmDXrNrOp5w \ No newline at end of file diff --git a/libminifi/test/resources/certs/ca_A.crt b/libminifi/test/resources/certs/ca_A.crt new file mode 100644 index 000000000..1caff16f7 --- /dev/null +++ b/libminifi/test/resources/certs/ca_A.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICmjCCAYICCQC17ByVDxnzpTANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj +YV9BMB4XDTIzMDYyOTEyMjY0OFoXDTMzMDYyNjEyMjY0OFowDzENMAsGA1UEAwwE +Y2FfQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALVjjU9xyCWB+/3d +2/dEGg+kJKDNs9ASzIGYunNeEsF13F5HOaSqWl28tjfysUpnFUCZbsPPP9xLLXaq +e/u9wkvVIJARWRwmpOS3cRv/brifZhG4m/wlqDEfJrczBbLvn/K6SVCH+CdmJaZr +xIBG//YtJqrAALkB+fC8rhBgq+ASO834WqR7P6ksLKF03eMzmVB544te/7k+3mP8 +sqwxtFwnnSKiHrlopzVlRvAOa0kTMDz54Y2bcEcKCWJZz3eMFxE6sZQqmsuzwYW6 +qMas1N3MTvIxun5xqytWLYdvWeCvCIxybxGykEeZExqxFrba8pQmbt8kg2kOFhaM +GeeCImcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAOYDtAOICWru+fonBvL3bMYQY +cmiW3uaWP1XqrdBoO4bEFi25mUJ+TDEMICLFMAQUlzQ2VNEWy0I+IfXgcB7//S4e +N3gafSG8i/hzoOtRReAnfUUm9DKkFyn7yaDmFUMSrdYahNixgztTtos29QnmPT4P +AF0xFthotm9bhocAJ+ZlP0Kl1yWxDlER6W+98ZdZ+mzqgW2rTfN54W2heIeU1D3M +VkU42Xeh6t6rPVSt03k8gpbkEjhHBBvprcH8Lhz8g3tuYyRyIkLDIR7cvr6S9f3o +4uUMtcxwezV90oVt2vIyZc8AadqXmfLcQfz0/kYQIt354nr+SIxGf5YsoYf+8w== +-----END CERTIFICATE----- diff --git a/libminifi/test/resources/certs/ca_B.crt b/libminifi/test/resources/certs/ca_B.crt new file mode 100644 index 000000000..d5b49e4c6 --- /dev/null +++ b/libminifi/test/resources/certs/ca_B.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICmjCCAYICCQCIztoeYsVvbDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj +YV9CMB4XDTIzMDYyOTEyMjcxOFoXDTMzMDYyNjEyMjcxOFowDzENMAsGA1UEAwwE +Y2FfQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANh+jkwqIfC2yPP9 +YjLcOojib04MD5FLK/tVlr2RXVjmBADEV2iITKpXNSHjwQ1QreK9VVN9kK3VLuUI +d1EdClrNGMyr6aYFF/xyZ40awh0Z7susAEXizPhSYoXZxjFbzuXg9Zj4jspuVvuA +/jR2I6+tYoez7hQDgZQqE086jf+0BGv9Mm0lM7iWoQh3zBWYWqn+fW1ToeTR9ty8 +WUlgEAhRgcGGJBL52sQUAchA+E3z3l83hJM9rvsd1CRY3U0agEghRArRtm9no8BG +Drjam7+nq+qx7VdkXcZgwPME9tOHyJqKV4E1BzcZYVC+sWRXABPOUaW7wVAylHxf +v3sT6RMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAecURppGUyRYQGFITTiNSTkrj +vc2kz0+/VDgSTEA7+Cp8HsXD06BlCAQpGlhgcpHGSGWF/uOErGIZl648UwzTUQcH +MvcLyh5H2afvGPCVTC3q0sxbRp8vvEy5DgTcmTuM3UgGrGBGsl4X90P9auBbgLCt +ohyy+yVNTofSFU5kqCxlI05s4msLoNnXKv0/SAeJQJIisPXvA8ZseA5nUXiSRnbq +l/caniJei/89awuC30K8qZ3fK0E4QWb0sw8St8s5UmsIIHDxi29LOHq7F7jlRVVO +Rah+LCABeD8vTlghUk4rWRTc3/gg7CuDm7+il5P9bSaR1BbQyZs0aRM4NRg6Sg== +-----END CERTIFICATE----- diff --git a/libminifi/test/resources/certs/empty_pass b/libminifi/test/resources/certs/empty_pass new file mode 100644 index 000000000..e69de29bb diff --git a/libminifi/test/resources/certs/localhost.key b/libminifi/test/resources/certs/localhost.key new file mode 100644 index 000000000..4c1beed66 --- /dev/null +++ b/libminifi/test/resources/certs/localhost.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCePQLOSzxgmcxT +gD0l66PiuFiIHowXb29ulVP9ilFwm1Z+GfmhGuCPcAUPWm74QjbZESQpX5xTdhoE +4NIaChS3+A0w1ic2vKDa/nDYJGiSulabrgHHtUQXc96aTgqXEmjBCg9kEyGULEZU +D/pUCEMSD65i+5nslS2rl41OvRSFUlo6gwOGLA6Nwy6oJPePgPz9+pqA7iNrMVA2 +7TThRWB30CjZJTXEHi+Y0TnOhCMg5KTTO1jUQ66zlcwQfUDUcY3bdqoMnv6GgZoD +y0x/LRyK3M8DHzLhRQBXKEUQfGy/6CkbBYNH5tUOiy2NDl4NauBBa4pw7R+USph2 +Y36w6exTAgMBAAECggEBAJQ5tn0jwMUEjH/TanQxDW19HYE0jCoPuqQtwWWIwczn +1dd94XZmROBYIIVHQxfOfq5K/kK7SyZrROg46NZ3hvzloQWUNVtyyoMZQP9W65Y2 +cpaWIxi91bDaWzTT0du95N6e29f0i8nOx3pLFUTOEHXEtqgF4yPYgdVwu298ctKG +3ugNMu/tUb58sY/zI3cjM1z+w1GlsU1K+3bM+ElQAYv1f6Ptd5qurgKUnM+WTUwB +b59jRxjJOH0GynmvfyImmZmrx+LtMwvl2jYV7ZVq+q8iTzEn1HFiluT9ufzqNEz+ +8yhPXcTF5VLipnGtKZIVxyJ8tpo3BZdtvfli9ZvYrgECgYEAyXgninIHEyTJqBuY +y1cCjJLeuyVKG1cavE6wV3rJ4HULxzIbETu+2zNEi3fKHSZf/KCqXFgWtG6WQxyh +gOgrpc9+Cj7coEuQsAGyCVdTFi9OQJ/95xzfnaSiT4EPoKQK2aGTPZkmv2UEfKJO +p6MMiMGxUSQS529erhGx0jJB9IECgYEAyRFfBZA2BbX+cA2TGxbDgGfUp6cQiFZK +d4KNniGIjp1QQ30Z0vc4QNm7sD9x2kRIk4tAXl9vLzyRv2lcywAGCfCcHhH6Fqrc +mv6A5eYwAtRNDTFRj9nRR8+AquFQ2lLhCa/2q9k4OUEstlp3aCeqvZS2OXAoYBmQ +qRXiZIQiZtMCgYAdmphE0aiUeY1gNF3pUym+uj4cRchz6AK3tOBYmmRbpRdL9+Le +T2cmEox56eo7Ck6Ecp9V3mPHs5BE4EojBPqU7L5ahw4oR7JFCpq8oKZG1kCrYlcO +xMFfCrgG8rH3KuOlQwa9wGlfKlrUbY0dOOo4li2V/LUCaO0Cqvr0JgpnAQKBgBv1 +b2odoHVw1h2MtazpoGvFhFt/rpvWq+osXDbl4NA77cJErgeY2tihriiW2eUI47Ko +hV3aFWLTIE0mgIG10iEltP+1bjoiriRbSV8uf/SUwtYXyoifOCutHe4lAJIrPiGT +t1A0F05W0rnUoI/6HBLaj/AyuVqLk4L/iQiDGymDAoGARWw7KEGTGFb1OWevw4Rd +AdKGhwaVtfKGMErLFpiTxLASAfd2hua8mj2i2H/LbAg85ig0zmSPYDBswfdvZ0h5 +OTmXX2H1njjHwbuBQe3X65JodTZlzHMHwnq+EVphJQ1N0QIK6sA466YDA6Dp0zjS +EycWiJjvgzmujczCzCAGEtg= +-----END PRIVATE KEY----- diff --git a/libminifi/test/resources/certs/localhost_by_A.pem b/libminifi/test/resources/certs/localhost_by_A.pem new file mode 100644 index 000000000..f43f1d799 --- /dev/null +++ b/libminifi/test/resources/certs/localhost_by_A.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICnzCCAYcCCQDvzcYL0ZuT9zANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj +YV9BMB4XDTIzMDYyOTEyMzgwMVoXDTMzMDYyNjEyMzgwMVowFDESMBAGA1UEAwwJ +bG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnj0Czks8 +YJnMU4A9Jeuj4rhYiB6MF29vbpVT/YpRcJtWfhn5oRrgj3AFD1pu+EI22REkKV+c +U3YaBODSGgoUt/gNMNYnNryg2v5w2CRokrpWm64Bx7VEF3Pemk4KlxJowQoPZBMh +lCxGVA/6VAhDEg+uYvuZ7JUtq5eNTr0UhVJaOoMDhiwOjcMuqCT3j4D8/fqagO4j +azFQNu004UVgd9Ao2SU1xB4vmNE5zoQjIOSk0ztY1EOus5XMEH1A1HGN23aqDJ7+ +hoGaA8tMfy0citzPAx8y4UUAVyhFEHxsv+gpGwWDR+bVDostjQ5eDWrgQWuKcO0f +lEqYdmN+sOnsUwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCB2PFmhZTMxHRmzCJh +f5upa+EcG1moZPAdZgwRFTBtUsIE3AKjDrYDcIC5yhFYtALrP2t8p0LE9uhMhsgf +yE+0/cAS76xpfoBoz7+SN6hpO8fLqeAlw30Z33qfjPZUkQ3M91g9g2cvEQQBV88F +9u97CdrEEUH5jxjP8v21qkbKl03pDasOuwCY5S7VBhYnGb8n9pC7ehsAinBE8KHK +C58b7ZIPcre+a4smKe37scqWNB+Wgxc3nUGfnAcYqfkLQQs/eKcS2K8AwgUbAWdz +0j8rTWPoPbqIu/I+zXeGG7/Ur2pnxd/NT2iZl6DzqisxLY7yojGJxSQ9jG4FuUNQ +KPCY +-----END CERTIFICATE----- diff --git a/libminifi/test/resources/certs/localhost_by_B.pem b/libminifi/test/resources/certs/localhost_by_B.pem new file mode 100644 index 000000000..13f2b1eaf --- /dev/null +++ b/libminifi/test/resources/certs/localhost_by_B.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICnzCCAYcCCQCyCG61QRF+7DANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj +YV9CMB4XDTIzMDYyOTEyMzc1MVoXDTMzMDYyNjEyMzc1MVowFDESMBAGA1UEAwwJ +bG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnj0Czks8 +YJnMU4A9Jeuj4rhYiB6MF29vbpVT/YpRcJtWfhn5oRrgj3AFD1pu+EI22REkKV+c +U3YaBODSGgoUt/gNMNYnNryg2v5w2CRokrpWm64Bx7VEF3Pemk4KlxJowQoPZBMh +lCxGVA/6VAhDEg+uYvuZ7JUtq5eNTr0UhVJaOoMDhiwOjcMuqCT3j4D8/fqagO4j +azFQNu004UVgd9Ao2SU1xB4vmNE5zoQjIOSk0ztY1EOus5XMEH1A1HGN23aqDJ7+ +hoGaA8tMfy0citzPAx8y4UUAVyhFEHxsv+gpGwWDR+bVDostjQ5eDWrgQWuKcO0f +lEqYdmN+sOnsUwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB8GGSL5G9RcFyOXuQW +nbsrXHuZJ/jIXASZ/KUDHWoj1IMYDGztvs0n/HRdoIMBEO5/N5f3jWifF9oM8QmV +6v1jsBfWbuXDw/qNlZX5rweBIZOrbcHf+a47hFAi7vsaOUjGZfQucZWQQTtInewJ +M0l+9iuOQwVcz8JnlVJrFDDxEckfaJJP6ubA0EPrABp9uKEbxeBRLDF9YHEps4C9 +lSxtpu+plASZ6AtyTEbgTxsrdSGECbYmK3Qpatelg7d+h4Iw6nJNpTLSE9c4tkmE +gVWyIiLKg3mvToXaNbgTaDZXtDyK+Wi+hjztKiAiSJCSnKxYf3WwF7Dsy0riB2mE +c9pZ +-----END CERTIFICATE----- diff --git a/libminifi/test/unit/NetUtilsTest.cpp b/libminifi/test/unit/NetUtilsTest.cpp index add55e050..271f2d4e6 100644 --- a/libminifi/test/unit/NetUtilsTest.cpp +++ b/libminifi/test/unit/NetUtilsTest.cpp @@ -22,9 +22,10 @@ #include "../Catch.h" #include "utils/net/DNS.h" #include "utils/net/Socket.h" +#include "utils/net/AsioSocketUtils.h" #include "utils/StringUtils.h" +#include "controllers/SSLContextService.h" #include "../Utils.h" -#include "range/v3/algorithm/contains.hpp" namespace utils = org::apache::nifi::minifi::utils; namespace net = utils::net; @@ -64,3 +65,94 @@ TEST_CASE("net::reverseDnsLookup", "[net][dns][reverseDnsLookup]") { CHECK(unresolvable_hostname == "2001:db8::"); } } + +TEST_CASE("utils::net::getClientSslContext") { + TestController controller; + auto plan = controller.createPlan(); + + auto ssl_context_node = plan->addController("SSLContextService", "ssl_context_service"); + auto ssl_context_service = std::dynamic_pointer_cast<minifi::controllers::SSLContextService>(ssl_context_node->getControllerServiceImplementation()); + + const std::filesystem::path cert_dir = std::filesystem::path(minifi::utils::file::FileUtils::get_executable_dir()) / "resources"; + + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::CACertificate, (cert_dir / "ca_A.crt").string())); + + SECTION("Secure") { + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A.pem").string())); + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::PrivateKey, (cert_dir / "alice.key").string())); + } + SECTION("Secure empty pass") { + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A.pem").string())); + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::PrivateKey, (cert_dir / "alice.key").string())); + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::Passphrase, (cert_dir / "empty_pass").string())); + } + SECTION("Secure with file pass") { + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A.pem").string())); + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::PrivateKey, (cert_dir / "alice_encrypted.key").string())); + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::Passphrase, (cert_dir / "alice_encryption_pass").string())); + } + SECTION("Secure with pass") { + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A.pem").string())); + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::PrivateKey, (cert_dir / "alice_encrypted.key").string())); + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::Passphrase, "VsVTmHBzixyA9UfTCttRYXus1oMpIxO6jmDXrNrOp5w")); + } + SECTION("Secure with common cert and key file") { + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A_with_key.pem").string())); + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::CACertificate, (cert_dir / "alice_by_A_with_key.pem").string())); + } + REQUIRE_NOTHROW(plan->finalize()); + auto ssl_context = utils::net::getClientSslContext(*ssl_context_service); + asio::error_code verification_error; + ssl_context.set_verify_mode(asio::ssl::verify_peer, verification_error); + CHECK(!verification_error); +} + +TEST_CASE("utils::net::getClientSslContext passphrase problems") { + TestController controller; + auto plan = controller.createPlan(); + + auto ssl_context_node = plan->addController("SSLContextService", "ssl_context_service"); + auto ssl_context_service = std::dynamic_pointer_cast<minifi::controllers::SSLContextService>(ssl_context_node->getControllerServiceImplementation()); + + const std::filesystem::path cert_dir = std::filesystem::path(minifi::utils::file::FileUtils::get_executable_dir()) / "resources"; + + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::CACertificate, (cert_dir / "ca_A.crt").string())); + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A.pem").string())); + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::PrivateKey, (cert_dir / "alice_encrypted.key").string())); + + SECTION("Missing passphrase") { + REQUIRE_NOTHROW(plan->finalize()); + REQUIRE_THROWS_WITH(utils::net::getClientSslContext(*ssl_context_service), "use_private_key_file: bad decrypt (Provider routines)"); + } + + SECTION("Invalid passphrase") { + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::Passphrase, "not_the_correct_passphrase")); + REQUIRE_NOTHROW(plan->finalize()); + REQUIRE_THROWS_WITH(utils::net::getClientSslContext(*ssl_context_service), "use_private_key_file: bad decrypt (Provider routines)"); + } + + SECTION("Invalid passphrase file") { + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::Passphrase, (cert_dir / "alice_by_B.pem").string())); + REQUIRE_NOTHROW(plan->finalize()); + REQUIRE_THROWS_WITH(utils::net::getClientSslContext(*ssl_context_service), "use_private_key_file: bad decrypt (Provider routines)"); + } +} + +TEST_CASE("utils::net::getClientSslContext missing CA") { + TestController controller; + auto plan = controller.createPlan(); + + auto ssl_context_node = plan->addController("SSLContextService", "ssl_context_service"); + auto ssl_context_service = std::dynamic_pointer_cast<minifi::controllers::SSLContextService>(ssl_context_node->getControllerServiceImplementation()); + + const std::filesystem::path cert_dir = std::filesystem::path(minifi::utils::file::FileUtils::get_executable_dir()) / "resources"; + + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A.pem").string())); + REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::PrivateKey, (cert_dir / "alice.key").string())); + + REQUIRE_NOTHROW(plan->finalize()); + auto ssl_context = utils::net::getClientSslContext(*ssl_context_service); + asio::error_code verification_error; + ssl_context.set_verify_mode(asio::ssl::verify_peer, verification_error); + CHECK(!verification_error); +} diff --git a/minifi_main/tests/CMakeLists.txt b/minifi_main/tests/CMakeLists.txt index 9b54bf315..16521d55a 100644 --- a/minifi_main/tests/CMakeLists.txt +++ b/minifi_main/tests/CMakeLists.txt @@ -31,3 +31,4 @@ FOREACH(TEST_FILE ${MINIFI_MAIN_UNIT_TESTS}) MATH(EXPR MINIFI_MAIN_UNIT_TEST_COUNT "${MINIFI_MAIN_UNIT_TEST_COUNT}+1") ENDFOREACH() message("-- Finished building ${MINIFI_MAIN_UNIT_TEST_COUNT} MiNiFi main unit test file(s)...") +copyTestResources(${CMAKE_SOURCE_DIR}/libminifi/test/resources/certs ${CMAKE_BINARY_DIR}/bin/resources)
