colin/hickory-dns
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

scripts etc and tests for native-tls

Browse Source
This commit is contained in:
Benjamin Fry 2017-04-06 00:08:43 -07:00
parent 3c543e762b
commit 9525de22e5
26 changed files with 568 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
Cargo.lock generated
View File

@ -6,7 +6,7 @@ dependencies = [
"chrono 0.2.25 (registry+https://github.com/rust-lang/crates.io-index)",
"docopt 0.6.86 (registry+https://github.com/rust-lang/crates.io-index)",
"error-chain 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
"futures 0.1.11 (registry+https://github.com/rust-lang/crates.io-index)",
"futures 0.1.13 (registry+https://github.com/rust-lang/crates.io-index)",
"lazy_static 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)",
"openssl 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)",
@ -73,7 +73,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
[[package]]
name = "bytes"
version = "0.4.1"
version = "0.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"byteorder 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
@ -160,7 +160,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
[[package]]
name = "futures"
version = "0.1.11"
version = "0.1.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
[[package]]
@ -519,8 +519,8 @@ name = "tokio-core"
version = "0.1.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"bytes 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
"futures 0.1.11 (registry+https://github.com/rust-lang/crates.io-index)",
"bytes 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
"futures 0.1.13 (registry+https://github.com/rust-lang/crates.io-index)",
"iovec 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)",
"mio 0.6.6 (registry+https://github.com/rust-lang/crates.io-index)",
@ -534,8 +534,8 @@ name = "tokio-io"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"bytes 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
"futures 0.1.11 (registry+https://github.com/rust-lang/crates.io-index)",
"bytes 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
"futures 0.1.13 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)",
]
@ -544,7 +544,7 @@ name = "tokio-openssl"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"futures 0.1.11 (registry+https://github.com/rust-lang/crates.io-index)",
"futures 0.1.13 (registry+https://github.com/rust-lang/crates.io-index)",
"openssl 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)",
"tokio-core 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
"tokio-io 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
@ -555,7 +555,7 @@ name = "tokio-tls"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"futures 0.1.11 (registry+https://github.com/rust-lang/crates.io-index)",
"futures 0.1.13 (registry+https://github.com/rust-lang/crates.io-index)",
"native-tls 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
"tokio-core 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
"tokio-io 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
@ -577,23 +577,33 @@ dependencies = [
"chrono 0.2.25 (registry+https://github.com/rust-lang/crates.io-index)",
"data-encoding 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
"error-chain 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)",
"futures 0.1.11 (registry+https://github.com/rust-lang/crates.io-index)",
"futures 0.1.13 (registry+https://github.com/rust-lang/crates.io-index)",
"lazy_static 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)",
"native-tls 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
"openssl 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)",
"rand 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)",
"ring 0.6.3 (registry+https://github.com/rust-lang/crates.io-index)",
"rustc-serialize 0.3.23 (registry+https://github.com/rust-lang/crates.io-index)",
"security-framework 0.1.14 (registry+https://github.com/rust-lang/crates.io-index)",
"time 0.1.36 (registry+https://github.com/rust-lang/crates.io-index)",
"tokio-core 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
"tokio-io 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
"tokio-openssl 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
"tokio-tls 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
"untrusted 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]]
name = "trust-dns-native-tls"
version = "0.1.0"
dependencies = [
"futures 0.1.13 (registry+https://github.com/rust-lang/crates.io-index)",
"native-tls 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
"openssl 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)",
"security-framework 0.1.14 (registry+https://github.com/rust-lang/crates.io-index)",
"tokio-core 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
"tokio-tls 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
"trust-dns 0.10.0",
]
[[package]]
name = "untrusted"
version = "0.3.2"
@ -639,7 +649,7 @@ dependencies = [
"checksum backtrace-sys 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)" = "d192fd129132fbc97497c1f2ec2c2c5174e376b95f535199ef4fe0a293d33842"
"checksum bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "aad18937a628ec6abcd26d1489012cc0e18c21798210f491af69ded9b881106d"
"checksum byteorder 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c40977b0ee6b9885c9013cd41d9feffdd22deb3bb4dc3a71d901cc7a77de18c8"
"checksum bytes 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "46112a0060ae15e3a3f9a445428a53e082b91215b744fa27a1948842f4a64b96"
"checksum bytes 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)" = "3941933da81d8717b427c2ddc2d73567cd15adb6c57514a2726d9ee598a5439a"
"checksum cfg-if 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "de1e760d7b6535af4241fca8bd8adf68e2e7edacc6b29f5d399050c5e48cf88c"
"checksum chrono 0.2.25 (registry+https://github.com/rust-lang/crates.io-index)" = "9213f7cd7c27e95c2b57c49f0e69b1ea65b27138da84a170133fd21b07659c00"
"checksum core-foundation 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "25bfd746d203017f7d5cbd31ee5d8e17f94b6521c7af77ece6c9e4b2d4b16c67"
@ -650,7 +660,7 @@ dependencies = [
"checksum docopt 0.6.86 (registry+https://github.com/rust-lang/crates.io-index)" = "4a7ef30445607f6fc8720f0a0a2c7442284b629cf0d049286860fae23e71c4d9"
"checksum error-chain 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)" = "faa976b4fd2e4c2b2f3f486874b19e61944d3de3de8b61c9fcf835d583871bcc"
"checksum foreign-types 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3e4056b9bd47f8ac5ba12be771f77a0dae796d1bbaaf5fd0b9c2d38b69b8a29d"
"checksum futures 0.1.11 (registry+https://github.com/rust-lang/crates.io-index)" = "8e51e7f9c150ba7fd4cee9df8bf6ea3dea5b63b68955ddad19ccd35b71dcfb4d"
"checksum futures 0.1.13 (registry+https://github.com/rust-lang/crates.io-index)" = "55f0008e13fc853f79ea8fc86e931486860d4c4c156cdffb59fa5f7fa833660a"
"checksum gcc 0.3.45 (registry+https://github.com/rust-lang/crates.io-index)" = "40899336fb50db0c78710f53e87afc54d8c7266fb76262fecc78ca1a7f09deae"
"checksum gdi32-sys 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "0912515a8ff24ba900422ecda800b52f4016a56251922d397c576bf92c690518"
"checksum iovec 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "29d062ee61fccdf25be172e70f34c9f6efc597e1fb8f6526e8437b2046ab26be"

2
Cargo.toml
View File

@ -1,5 +1,5 @@
[workspace]
members = ["client", "server"]
members = ["client", "native-tls", "server"]
[replace]
#"openssl:0.9.8" = { git = "https://github.com/sfackler/rust-openssl.git", features = ["v102", "v110"] }

9
client/Cargo.toml
View File

@ -43,7 +43,6 @@ travis-ci = { repository = "bluejekyll/trust-dns" }
[features]
default = ["openssl", "tls"]
tls = ["openssl", "tokio-openssl"]
tls-native = ["native-tls", "tokio-tls", "security-framework"]
# WARNING: there is a bug in the mutual tls auth code at the moment see issue #100
# mtls = ["tls"]
@ -60,7 +59,6 @@ error-chain = "0.1.12"
futures = "^0.1.6"
lazy_static = "^0.2.1"
log = "^0.3.5"
native-tls = { version = "^0.1", optional = true }
openssl = { version = "^0.9.8", features = ["v102", "v110"], optional = true }
rand = "^0.3"
ring = { version = "^0.6", optional = true }
@ -68,15 +66,8 @@ rustc-serialize = "^0.3.18"
time = "^0.1"
tokio-core = "^0.1"
tokio-io = "^0.1"
tokio-tls = { version = "^0.1", optional = true }
tokio-openssl = { version = "^0.1", optional = true }
untrusted = "^0.3"
[dev-dependencies]
openssl = { version = "^0.9.8", features = ["v102", "v110"], optional = false }
[target.'cfg(target_os = "macos")'.dependencies]
security-framework = { version = "^0.1.10", optional = true }
[target.'cfg(target_os = "macos")'.dev-dependencies]
security-framework = "^0.1.10"

21
client/src/lib.rs
View File

@ -64,13 +64,8 @@ pub mod logger;
pub mod op;
pub mod rr;
pub mod tcp;
#[cfg(feature = "native-tls")]
pub mod tls_native;
#[doc(hidden)]
#[cfg(feature = "native-tls")]
pub use tls_native as tls;
#[cfg(all(feature = "tls", feature = "openssl", not(feature="native-tls")))]
pub mod tls_openssl;
#[cfg(all(feature = "tls", feature = "openssl"))]
pub mod tls;
pub mod udp;
pub mod serialize;
@ -103,11 +98,21 @@ pub struct BufClientStreamHandle {
sender: BufStreamHandle,
}
impl BufClientStreamHandle {
pub fn new(name_server: SocketAddr, sender: BufStreamHandle) -> Self {
BufClientStreamHandle {
name_server: name_server,
sender: sender,
}
}
}
impl ClientStreamHandle for BufClientStreamHandle {
fn send(&mut self, buffer: Vec<u8>) -> io::Result<()> {
let name_server: SocketAddr = self.name_server;
let sender: &mut _ = &mut self.sender;
sender.send((buffer, name_server))
sender
.send((buffer, name_server))
.map_err(|_| io::Error::new(io::ErrorKind::Other, "unknown"))
}
}

0
client/src/tls_openssl/mod.rs → client/src/tls/mod.rs
View File

2
client/src/tls_openssl/tests.rs → client/src/tls/tests.rs
View File

@ -23,7 +23,7 @@ use openssl::x509::*;
use openssl::x509::store::X509StoreBuilder;
use tokio_core::reactor::Core;
use tls_openssl::{TlsStream, TlsStreamBuilder};
use tls::{TlsStream, TlsStreamBuilder};
use tests::tls::{root_ca, cert};

2
client/src/tls_openssl/tls_client_connection.rs → client/src/tls/tls_client_connection.rs
View File

@ -23,7 +23,7 @@ use tokio_core::reactor::Core;
use error::*;
use client::{ClientConnection, ClientStreamHandle};
use tls_openssl::{TlsClientStream, TlsClientStreamBuilder};
use tls::{TlsClientStream, TlsClientStreamBuilder};
/// Tls client connection
///

4
client/src/tls_openssl/tls_client_stream.rs → client/src/tls/tls_client_stream.rs
View File

@ -10,7 +10,7 @@ use std::io;
use futures::Future;
#[cfg(feature = "mtls")]
use native_tls::Pkcs12;
use openssl::pkcs12::Pkcs12;
use openssl::x509::X509 as OpensslX509;
use tokio_core::net::TcpStream as TokioTcpStream;
use tokio_core::reactor::Handle;
@ -18,7 +18,7 @@ use tokio_openssl::SslStream as TokioTlsStream;
use BufClientStreamHandle;
use tcp::TcpClientStream;
use tls_openssl::{TlsStream, TlsStreamBuilder};
use tls::{TlsStream, TlsStreamBuilder};
use client::ClientStreamHandle;
pub type TlsClientStream = TcpClientStream<TokioTlsStream<TokioTcpStream>>;

0
client/src/tls_openssl/tls_stream.rs → client/src/tls/tls_stream.rs
View File

0
client/tests/common/tls.rs
View File

59
native-tls/Cargo.toml Normal file
View File

@ -0,0 +1,59 @@
[package]
name = "trust-dns-native-tls"
version = "0.1.0"
authors = ["Benjamin Fry <benjaminfry@me.com>"]
# A short blurb about the package. This is not rendered in any format when
# uploaded to crates.io (aka this is not markdown)
description = """
An extension for the TRust-DNS client. To use, disable the tls feature on TRust-DNS.
"""
# These URLs point to more information about the repository
documentation = "https://docs.rs/trust-dns"
homepage = "http://www.trust-dns.org/index.html"
repository = "https://github.com/bluejekyll/trust-dns"
# This points to a file in the repository (relative to this Cargo.toml). The
# contents of this file are stored and indexed in the registry.
readme = "../README.md"
# This is a small list of keywords used to categorize and search for this
# package.
keywords = ["DNS", "BIND", "dig", "named", "dnssec"]
categories = ["network-programming"]
# This is a string description of the license for this package. Currently
# crates.io will validate the license provided against a whitelist of known
# license identifiers from http://spdx.org/licenses/. Multiple licenses can
# be separated with a `/`
license = "MIT/Apache-2.0"
# custom build steps
# build = "build.rs"
[badges]
travis-ci = { repository = "bluejekyll/trust-dns" }
[features]
# WARNING: there is a bug in the mutual tls auth code at the moment see issue #100
# mtls = ["tls"]
[lib]
name = "trust_dns_native_tls"
path = "src/lib.rs"
[dependencies]
futures = "^0.1.6"
native-tls = "^0.1"
tokio-core = "^0.1"
tokio-tls = "^0.1"
# disables default features, i.e. openssl...
trust-dns = { version = "^0.10", path = "../client", default-features = false }
[target.'cfg(target_os = "linux")'.dependencies]
openssl = { version = "^0.9.8", features = ["v102", "v110"] }
[target.'cfg(target_os = "macos")'.dependencies]
security-framework = "^0.1.10"

10
client/src/tls_native/mod.rs → native-tls/src/lib.rs
View File

@ -16,6 +16,15 @@
//! TLS protocol related components for DNS over TLS
extern crate futures;
extern crate native_tls;
#[cfg(target_os = "linux")]
extern crate openssl;
extern crate security_framework;
extern crate tokio_core;
extern crate tokio_tls;
extern crate trust_dns;
mod tls_client_connection;
mod tls_client_stream;
mod tls_stream;
@ -25,5 +34,4 @@ pub use self::tls_client_stream::{TlsClientStream, TlsClientStreamBuilder};
pub use self::tls_stream::{TlsStream, TlsStreamBuilder};
#[cfg(test)]
#[cfg(feature = "openssl")] // FIXME: openssl is required for tests at the moment
mod tests;

84
client/src/tls_native/tests.rs → native-tls/src/tests.rs
View File

@ -7,6 +7,7 @@
use std;
use std::{thread, time};
use std::fs::File;
use std::net::SocketAddr;
use std::net::{IpAddr, Ipv4Addr};
#[cfg(not(target_os = "linux"))]
@ -22,26 +23,23 @@ use native_tls::backend::openssl::*;
use native_tls::TlsAcceptor;
#[cfg(target_os = "linux")]
use openssl;
use openssl::pkey::*;
#[cfg(target_os = "linux")]
use openssl::ssl::{SSL_VERIFY_PEER, SSL_VERIFY_NONE, SSL_VERIFY_FAIL_IF_NO_PEER_CERT};
use openssl::x509::*;
#[cfg(target_os = "linux")]
use openssl::x509::store::X509StoreBuilder;
#[cfg(target_os = "linux")]
use openssl::x509::X509;
#[cfg(target_os = "macos")]
use security_framework::certificate::SecCertificate;
use tokio_core::reactor::Core;
use tls_native::{TlsStream, TlsStreamBuilder};
use tests::tls::{root_ca, cert};
use {TlsStream, TlsStreamBuilder};
// this fails on linux for some reason. It appears that a buffer somewhere is dirty
// and subsequent reads of a mesage buffer reads the wrong length. It works for 2 iterations
// but not 3?
// #[cfg(not(target_os = "linux"))]
#[test]
#[cfg(feature = "tls")]
fn test_tls_client_stream_ipv4() {
tls_client_stream_test(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), false)
}
@ -49,14 +47,12 @@ fn test_tls_client_stream_ipv4() {
// FIXME: mtls is disabled at the moment, it causes a hang on Linux, and is currently not supported on macOS
#[cfg(feature = "mtls")]
#[test]
#[cfg(feature = "tls")]
#[cfg(not(target_os = "macos"))] // ignored until Travis-CI fixes IPv6
fn test_tls_client_stream_ipv4_mtls() {
tls_client_stream_test(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), true)
}
#[test]
#[cfg(feature = "tls")]
#[cfg(not(target_os = "linux"))] // ignored until Travis-CI fixes IPv6
fn test_tls_client_stream_ipv6() {
tls_client_stream_test(IpAddr::V6(Ipv6Addr::new(0, 0, 0, 0, 0, 0, 0, 1)), false)
@ -65,8 +61,16 @@ fn test_tls_client_stream_ipv6() {
const TEST_BYTES: &'static [u8; 8] = b"DEADBEEF";
const TEST_BYTES_LEN: usize = 8;
fn read_file(path: &str) -> Vec<u8> {
let mut bytes = vec![];
let mut file = File::open(path).expect(&format!("failed to open file: {}", path));
file.read_to_end(&mut bytes)
.expect(&format!("failed to read file: {}", path));
bytes
}
#[allow(unused_mut)]
#[cfg(feature = "tls")]
fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
let succeeded = Arc::new(atomic::AtomicBool::new(false));
let succeeded_clone = succeeded.clone();
@ -85,15 +89,11 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
})
.unwrap();
let (root_pkey, root_name, root_cert) = root_ca();
let root_cert_der = root_cert.to_der().unwrap();
let root_cert_der = read_file("../tests/ca.pem");
// Generate X509 certificate
let subject_name = "ns.example.com";
let (_ /*server_pkey*/, _ /*server_cert*/, pkcs12) =
cert(subject_name, &root_pkey, &root_name, &root_cert);
let server_pkcs12_der = pkcs12.to_der().unwrap();
let server_pkcs12_der = read_file("../tests/cert.p12");
// TODO: need a timeout on listen
let server = std::net::TcpListener::bind(SocketAddr::new(server_addr, 0)).unwrap();
@ -181,23 +181,31 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
// barrier.wait();
let mut builder = TlsStream::builder();
let mut builder = ::tls_stream::tls_builder();
builder.add_ca(trust_chain);
if mtls {
config_mtls(&root_pkey, &root_name, &root_cert, &mut builder);
}
// fix MTLS
// if mtls {
// config_mtls(&root_pkey, &root_name, &root_cert, &mut builder);
// }
let (stream, sender) = builder.build(server_addr, subject_name.to_string(), io_loop.handle());
// TODO: there is a race failure here... a race with the server thread most likely...
let mut stream = io_loop.run(stream).ok().expect("run failed to get stream");
let mut stream = io_loop
.run(stream)
.ok()
.expect("run failed to get stream");
for _ in 0..send_recv_times {
// test once
sender.send((TEST_BYTES.to_vec(), server_addr)).expect("send failed");
let (buffer, stream_tmp) =
io_loop.run(stream.into_future()).ok().expect("future iteration run failed");
sender
.send((TEST_BYTES.to_vec(), server_addr))
.expect("send failed");
let (buffer, stream_tmp) = io_loop
.run(stream.into_future())
.ok()
.expect("future iteration run failed");
stream = stream_tmp;
let (buffer, _) = buffer.expect("no buffer received");
assert_eq!(&buffer, TEST_BYTES);
@ -207,19 +215,19 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
server_handle.join().expect("server thread failed");
}
#[allow(unused_variables)]
#[cfg(feature = "tls")]
fn config_mtls(root_pkey: &PKey,
root_name: &X509Name,
root_cert: &X509,
builder: &mut TlsStreamBuilder) {
// signed by the same root cert
let client_name = "resolv.example.com";
let (_ /*client_pkey*/, _ /*client_cert*/, client_identity) =
cert(client_name, root_pkey, root_name, root_cert);
let client_identity =
native_tls::Pkcs12::from_der(&client_identity.to_der().unwrap(), "mypass").unwrap();
// TODO: fix MTLS
// #[allow(unused_variables)]
// fn config_mtls(root_pkey: &PKey,
// root_name: &X509Name,
// root_cert: &X509,
// builder: &mut TlsStreamBuilder) {
// // signed by the same root cert
// let client_name = "resolv.example.com";
// let (_ /*client_pkey*/, _ /*client_cert*/, client_identity) =
// cert(client_name, root_pkey, root_name, root_cert);
// let client_identity =
// native_tls::Pkcs12::from_der(&client_identity.to_der().unwrap(), "mypass").unwrap();
#[cfg(feature = "mtls")]
builder.identity(client_identity);
}
// #[cfg(feature = "mtls")]
// builder.identity(client_identity);
// }

8
client/src/tls_native/tls_client_connection.rs → native-tls/src/tls_client_connection.rs
View File

@ -26,9 +26,9 @@ use openssl::x509::X509 as OpensslX509;
use security_framework::certificate::SecCertificate;
use tokio_core::reactor::Core;
use error::*;
use client::{ClientConnection, ClientStreamHandle};
use tls::{TlsClientStream, TlsClientStreamBuilder};
use trust_dns::error::*;
use trust_dns::client::{ClientConnection, ClientStreamHandle};
use {TlsClientStream, TlsClientStreamBuilder};
/// Tls client connection
///
@ -41,7 +41,7 @@ pub struct TlsClientConnection {
impl TlsClientConnection {
pub fn builder() -> TlsClientConnectionBuilder {
TlsClientConnectionBuilder(TlsClientStream::builder())
TlsClientConnectionBuilder(TlsClientStreamBuilder::new())
}
}

24
client/src/tls_native/tls_client_stream.rs → native-tls/src/tls_client_stream.rs
View File

@ -19,22 +19,21 @@ use tokio_core::net::TcpStream as TokioTcpStream;
use tokio_core::reactor::Handle;
use tokio_tls::TlsStream as TokioTlsStream;
use BufClientStreamHandle;
use tcp::TcpClientStream;
use tls::{TlsStream, TlsStreamBuilder};
use client::ClientStreamHandle;
use trust_dns::BufClientStreamHandle;
use trust_dns::tcp::TcpClientStream;
use trust_dns::client::ClientStreamHandle;
use {TlsStream, TlsStreamBuilder};
pub type TlsClientStream = TcpClientStream<TokioTlsStream<TokioTcpStream>>;
impl TlsClientStream {
pub fn builder() -> TlsClientStreamBuilder {
TlsClientStreamBuilder(TlsStream::builder())
}
}
pub struct TlsClientStreamBuilder(TlsStreamBuilder);
impl TlsClientStreamBuilder {
pub fn new() -> TlsClientStreamBuilder {
TlsClientStreamBuilder(::tls_stream::tls_builder())
}
/// Add a custom trusted peer certificate or certificate auhtority.
///
/// If this is the 'client' then the 'server' must have it associated as it's `identity`, or have had the `identity` signed by this certificate.
@ -75,10 +74,7 @@ impl TlsClientStreamBuilder {
let new_future: Box<Future<Item = TlsClientStream, Error = io::Error>> =
Box::new(stream_future.map(move |tls_stream| TcpClientStream::from_stream(tls_stream)));
let sender = Box::new(BufClientStreamHandle {
name_server: name_server,
sender: sender,
});
let sender = Box::new(BufClientStreamHandle::new(name_server, sender));
(new_future, sender)
}

211
client/src/tls_native/tls_stream.rs → native-tls/src/tls_stream.rs
View File

@ -27,105 +27,118 @@ use tokio_core::net::TcpStream as TokioTcpStream;
use tokio_core::reactor::Handle;
use tokio_tls::{TlsConnectorExt, TlsStream as TokioTlsStream};
use BufStreamHandle;
use tcp::TcpStream;
use trust_dns::BufStreamHandle;
use trust_dns::tcp::TcpStream;
pub type TlsStream = TcpStream<TokioTlsStream<TokioTcpStream>>;
impl TlsStream {
/// A builder for associating trust information to the `TlsStream`.
pub fn builder() -> TlsStreamBuilder {
TlsStreamBuilder {
ca_chain: vec![],
identity: None,
}
}
#[cfg(target_os = "linux")]
fn new(certs: Vec<X509>, pkcs12: Option<Pkcs12>) -> io::Result<TlsConnector> {
let mut tls = try!(TlsConnector::builder().map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
try!(tls.supported_protocols(&[Tlsv12]).map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
{
// mutable reference block
let mut openssl_builder = tls.builder_mut();
let mut openssl_ctx_builder = openssl_builder.builder_mut();
let mut store = try!(X509StoreBuilder::new().map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
for cert in certs {
try!(store.add_cert(cert).map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
}
try!(openssl_ctx_builder.set_verify_cert_store(store.build()).map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
}
// if there was a pkcs12 associated, we'll add it to the identity
if let Some(pkcs12) = pkcs12 {
try!(tls.identity(pkcs12).map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
}
tls.build().map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
})
}
#[cfg(target_os = "macos")]
fn new(certs: Vec<SecCertificate>, pkcs12: Option<Pkcs12>) -> io::Result<TlsConnector> {
let mut builder = try!(TlsConnector::builder().map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
try!(builder.supported_protocols(&[Tlsv12]).map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
builder.anchor_certificates(&certs);
if let Some(pkcs12) = pkcs12 {
try!(builder.identity(pkcs12).map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
}
builder.build().map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
})
}
/// Initializes a TlsStream with an existing tokio_tls::TlsStream.
///
/// This is intended for use with a TlsListener and Incoming connections
pub fn from_tls_stream(stream: TokioTlsStream<TokioTcpStream>,
peer_addr: SocketAddr)
-> (Self, BufStreamHandle) {
let (message_sender, outbound_messages) = unbounded();
let stream = TcpStream::from_stream_with_receiver(stream, peer_addr, outbound_messages);
(stream, message_sender)
// impl TlsStream {
/// A builder for associating trust information to the `TlsStream`.
pub fn tls_builder() -> TlsStreamBuilder {
TlsStreamBuilder {
ca_chain: vec![],
identity: None,
}
}
#[cfg(target_os = "linux")]
fn tls_new(certs: Vec<X509>, pkcs12: Option<Pkcs12>) -> io::Result<TlsConnector> {
let mut tls = try!(TlsConnector::builder().map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
try!(tls.supported_protocols(&[Tlsv12])
.map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
{
// mutable reference block
let mut openssl_builder = tls.builder_mut();
let mut openssl_ctx_builder = openssl_builder.builder_mut();
let mut store = try!(X509StoreBuilder::new().map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
for cert in certs {
try!(store
.add_cert(cert)
.map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
}
try!(openssl_ctx_builder
.set_verify_cert_store(store.build())
.map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
}
// if there was a pkcs12 associated, we'll add it to the identity
if let Some(pkcs12) = pkcs12 {
try!(tls.identity(pkcs12)
.map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
}
tls.build()
.map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
})
}
#[cfg(target_os = "macos")]
fn tls_new(certs: Vec<SecCertificate>, pkcs12: Option<Pkcs12>) -> io::Result<TlsConnector> {
let mut builder = try!(TlsConnector::builder().map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
try!(builder
.supported_protocols(&[Tlsv12])
.map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
builder.anchor_certificates(&certs);
if let Some(pkcs12) = pkcs12 {
try!(builder
.identity(pkcs12)
.map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
}));
}
builder
.build()
.map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
})
}
/// Initializes a TlsStream with an existing tokio_tls::TlsStream.
///
/// This is intended for use with a TlsListener and Incoming connections
pub fn tls_from_stream(stream: TokioTlsStream<TokioTcpStream>,
peer_addr: SocketAddr)
-> (TlsStream, BufStreamHandle) {
let (message_sender, outbound_messages) = unbounded();
let stream = TcpStream::from_stream_with_receiver(stream, peer_addr, outbound_messages);
(stream, message_sender)
}
//}
pub struct TlsStreamBuilder {
#[cfg(target_os = "macos")]
ca_chain: Vec<SecCertificate>,
@ -190,16 +203,17 @@ impl TlsStreamBuilder {
loop_handle: Handle)
-> (Box<Future<Item = TlsStream, Error = io::Error>>, BufStreamHandle) {
let (message_sender, outbound_messages) = unbounded();
let tls_connector = match TlsStream::new(self.ca_chain, self.identity) {
Ok(c) => c,
Err(e) => {
let tls_connector =
match ::tls_stream::tls_new(self.ca_chain, self.identity) {
Ok(c) => c,
Err(e) => {
return (Box::new(future::err(e).into_future().map_err(|e| {
io::Error::new(io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e))
})),
message_sender)
}
};
};
let tcp = TokioTcpStream::connect(&name_server, &loop_handle);
@ -207,7 +221,8 @@ impl TlsStreamBuilder {
// sending and receiving tcp packets.
let stream: Box<Future<Item = TlsStream, Error = io::Error>> =
Box::new(tcp.and_then(move |tcp_stream| {
tls_connector.connect_async(&subject_name, tcp_stream)
tls_connector
.connect_async(&subject_name, tcp_stream)
.map(move |s| {
TcpStream::from_stream_with_receiver(s,
name_server,

2
scripts/docker_ftest.sh
View File

@ -3,6 +3,6 @@
trust_dns_dir=$(dirname $0)/..
pushd ${trust_dns_dir}
docker run -a STDERR -a STDOUT --rm -v ${PWD}/../:/src bfry/rust:stable bash -c "cd trust-dns && scripts/run_tests.sh \"\$@\"" | tee target/linux_output.txt
docker run -a STDERR -a STDOUT --rm -v ${PWD}/../:/src bfry/rust:stable bash -c "cd trust-dns && scripts/run_tests.sh $@" | tee target/linux_output.txt
popd

84
scripts/gen_certs.sh Executable file
View File

@ -0,0 +1,84 @@
# !/bin/bash
set -e
OPENSSL=/usr/local/opt/openssl/bin/openssl
trust_dns_dir=$(dirname $0)/..
pushd $trust_dns_dir/tests
for i in ca.key ca.pem cert.key cert.csr cert.pem cert.p12 ; do
[ -f $i ] && echo "$i exists" && exit 1;
done
echo
cat <<-EOF > /tmp/ca.conf
[req]
prompt = no
req_extensions = req_ext
distinguished_name = dn
[dn]
C = US
ST = California
L = San Francisco
O = TRust-DNS
CN = root.example.com
[req_ext]
#basicConstraints = CA:TRUE
subjectAltName = @alt_names
[alt_names]
DNS.1 = root.example.com
EOF
# CA
echo "----> Generating CA <----"
${OPENSSL:?} genrsa -out ca.key 4096
${OPENSSL:?} req -x509 -new -nodes -key ca.key -days 365 -out ca.pem \
-verify \
-config /tmp/ca.conf
cat <<-EOF > /tmp/cert.conf
[req]
prompt = no
req_extensions = req_ext
distinguished_name = dn
[dn]
C = US
ST = California
L = San Francisco
O = TRust-DNS
CN = ns.example.com
[req_ext]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = ns.example.com
EOF
# Cert
echo "----> Generating CERT <----"
${OPENSSL:?} genrsa -out cert.key 4096
${OPENSSL:?} req -new -nodes -key cert.key -out cert.csr \
-verify \
-config /tmp/cert.conf
echo "----> Signing Cert <----"
${OPENSSL:?} x509 -req -days 365 -in cert.csr -CA ca.pem -CAkey ca.key -set_serial 0x8771f7bdee982fa6 -out cert.pem -extfile /tmp/cert.conf -extensions req_ext
echo "----> Createing PCKS12 <----"
${OPENSSL:?} pkcs12 -export -inkey cert.key -in cert.pem -out cert.p12 -passout pass:mypass -name ns.example.com -chain -CAfile ca.pem
popd

6
scripts/run_tests.sh
View File

@ -11,8 +11,8 @@ for i in ${MODULES:?}; do
pushd $i
opts=${OPTIONS}
if [ $i == "client" ] ; then opts="${OPTIONS} ${CLIENT_OPTIONS}" ; fi
echo "executing cargo on $i"
cargo test ${opts}
echo "executing $i: cargo test ${opts} $@"
cargo test ${opts} $@
popd
done

3
server/Cargo.toml
View File

@ -42,7 +42,8 @@ build = "build.rs"
travis-ci = { repository = "bluejekyll/trust-dns" }
[features]
default = ["trust-dns/tls"]
default = ["tls"]
tls = ["trust-dns/tls"]
ring = ["trust-dns/ring"]
# WARNING: there is a bug in the mutual tls auth code at the moment see issue #100

51
tests/ca.key Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAsE54PORQNrd1XUo5mE3/hZUxGFpsce77R1NS98iQo/OUAMHU
MYu54Rhei6VzeRCyvElvpWiwq5blVHModTX98nzIB+YqHUje+j3LnmMRY/ObYO+3
qxdYIX77GvHquRYDB1p9d/a+jrp9Z7OaaKBVaqloLFNHl6ZeqGlmS5/hHloHp330
TjQlCIQyzdHy0ct9Fa+EZXtcEZ0W3RtqpKHNoGdI/FXhu4cUaNHdmdvEiegdjsxz
frHFACtGFyIbwponDITEooK32HZ9vAr5689ebSMI6ZHTmMT+lkJxdL5y7tzFGAiP
jqQgegadjWYuaHI178Yn8Hy6SvJiL4S09TecNyL+hOjvt+OGuwWMscKZCcYu3yn4
ypytaeLtQnTdt39EBPK5Q//O24jm72AEI/jmuqBE1tLoxpe/mBePExT7HuggGxWV
9uS9S+vPCjWYZ/rPcu3ly2CtSAZ9Swe+D1p30ras4V0TF0b/Ox5flYVd8KHpHG3M
YCb6QEx3bkpXYq9V6SftPcDT0DLvEioaSi7mWnHIhazZGFMTTKiE2Ia5QPGikFi0
y/pzsqE3JsVlYTSbnz5LTsdSw8OnaADzKT/X9iRpzIB7CUsYTFhzRbdW/cRXPoBq
xVOQMlbUFvDLDN8xJbfYnJPUR94dbZcVgRFrwVCTJgpF/cOGmf/v+cSJmk0CAwEA
AQKCAgBfgyNAWa/a9KhwUbXB/P9gruJZ/yKg1obqrQlVkyJIr7yObHM4JCoe98TA
gnF8NL+foWkKgxyy2JyEk55nYUiiBVeYb+iA1Ol3R+L3e1QAggi7CyLFXXAxNUlz
33r5qiMZ6LvwMYwqZn1poLMV20Zq8jutR7CRR2AgfHkenw6mEr/yzRl9BGLLqlKb
jhGt9j9dcCiZkarfH+sy/ZdYeQ+cxleT3DLeFN/JqWgT4isnSsg4hCpNiKDg5pCi
F6hSVJCzB3o/T/GpIwgaxxd92GmfVkuNvaKUMKR7YqN0S3iYTqG302tyKxgtA0h3
QdQCYV02+HLKpceGsqjedVZTQj0t+1hul67vYnWIJi4Io8GkRJPaPZa8ewiCIOjC
jABUWxXKeg0HbTQneAqNQW448kD8Jm31yM1rhei9NDtVlWE0Td/lRcqFS5Ukh0IR
ljFFsr9eBYn0tx7gDlbwMcMSFU5so/Qb+2Qsz8xX3gPX4IBlsYoNro4fTEfdPEY6
QRgNvLpwVzO6ooWNSW1uzPf4VaoKb/NSj38nXT1Q5jp1ct7F4OTcx0Tt8fIiSB7R
UnK682fT5/ezQqyAR04vcxMWDcOhA20rTVh2cQfYUjCd0ALhcjD7ot33Rd9HOVrB
bVQvpBSszv/Lx8iioEi024Mp4o+QzhBdr5+yu88SI5GBU+9WAQKCAQEA2Ua5CmQM
Rtzn1vlzW96t0l/QBttA5E4CiE7oS9H7rAswGkdJtLN+nATy+Cr0fSDbra+ivUl9
m0x7c3iCCkZNHwigejh215HcAykEdSOsDv1Z/mmegvkfekFhd9/ZXO9h2G7mE8Us
WkWG2Gj05n5OZpSs2YRd5sqMMu6fz44zaT8tY6bkK/GRJaFaLCyU7VZSszsekpVG
sfMh8s2YGkTCOxh8aK+1QkS9hProEtbzLZQpLWXdOKT8NA5FyjUOSWhGH9H7tzyW
5/eNUIxqPJgC+1iCqcYa9KCE61tbKJaUZ67xy9F7eGsvyiE4HefS8KPeoWb9BiTZ
aSbWfbfnbMJb5QKCAQEAz7p+V3fkP0u5Xt6WTFmfoM0bPYcGw/0hmq8rv5RTc2Tc
k4RPedzM2+jBIsam4pvjgkHvge3RrB+QQsWfkqznmLj4bn0lcbHW16RX8vdcBaBe
WelaqLlp3aIF4S2r1dfMru+lzYOeo2azKQmBUyIKZPqvi8Y8b6qARR5GhjDK/DHd
rD/CwGA6j1xPn/iDqkyKJxddKSKLKn6M+il/FlxR8/Pi7zMytEKnn/oSRZ7UqPwa
PDDQFW31y7cyIBzBi/9xqzJNMQwej+ccSmd96X5dCp8cJHJoWmPCAiCD4tB4D6Wd
Oc9URoarG2cAfUYZYNtbuL1Sqe5dB9+a/uegFw1uSQKCAQBEut1vzwQfKmPgGdqG
9iKwCITqllKppY+hhKxwx4TAAG3/8gr7sUfcnKgrHpNmPY2gHI3zKJsmFAR9G2Kv
U1uz9GunHdNiD460JTZ2w4j62OOt2cU9kwaFCseFPvcoMcUWzMXU/SsxhwrHzDOj
8dJlGqSuzfNSPUIqHlfJNSdIJKb7/d/xkqGicK7wiE234fWZIptiLPxG8C0N/EEg
Fh4GyZEZIHPK+amltiTRSNN12IdKCA35jB8HbHhhJXVWfTipeigQ54ao7CL0luZI
MqHG1lHG2JbQSTKirKxiY3egcLOmEKbpCab9XpK8ywdr/bo//i8N0XxAifuRmyoG
uliNAoIBAAIWuvyALSBhz4xfqp077Xn9df+pYu0Hl5XpmwQDJs+rPPiSxQXRrZGs
hnymCLmQnboKlbD1xjz32EiDmjYsXOvROFZMFdtN0X47ndLIn/lCgpBe41V8/86F
uY9pGSg+UkWUDVPCtg6okraf7Nf8KKSZTLiYFrV8vmtzgXwJ85CTo8n+niO3E/+r
CvXt1s0Yle8Mshgey81yllJRpoCADybn1elX13Ouk+bs6dAfZ74HQvBGAWGlyGny
/qMKBvw0Zl01VUdf+tKxnTw2TDLT3XWk4fCP4fK+vA2vbAQU2pA1tx4EsrE+22uc
Hooj8U9jBUoXRUSGLBNPMUzM4XQ541kCggEBAKACuol+17l4hLA77FBVUioXO7tM
aeb7fZw3xTVq/CkIpVa8Q8ZMey6WmdvuoYw0juOJGS+S5wr2dFR7lDpAoodWKp0q
C+2RFfd4D44HbqQDOzTjf74CLGDuHFaAAKMbvDXCL6FmVrDP+t1UgnFlC5zCvUVX
iN7zfZFgGZZeslXacRGPDX+jtjnrdIHHqbWFEmvg7n+Umvy1Vy+IkJrsTayohF6c
SRcRQ/a3fN2toS8ZwnzBBx74HYDKl3HPnCTWK+fZYCr9TQpP7u01bRjRXU5cS4Xo
YGq/d3Yct9PnNZvczpoEJYCcWz16KfpGB6SKXFJ9Wpe9RheIG14P49iM+Ik=
-----END RSA PRIVATE KEY-----

31
tests/ca.pem Normal file
View File

@ -0,0 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIFTjCCAzYCCQCvf4GmlxfptDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJV
UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzES
MBAGA1UECgwJVFJ1c3QtRE5TMRkwFwYDVQQDDBByb290LmV4YW1wbGUuY29tMB4X
DTE3MDQwNjA3MDUwMFoXDTE4MDQwNjA3MDUwMFowaTELMAkGA1UEBhMCVVMxEzAR
BgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQBgNV
BAoMCVRSdXN0LUROUzEZMBcGA1UEAwwQcm9vdC5leGFtcGxlLmNvbTCCAiIwDQYJ
KoZIhvcNAQEBBQADggIPADCCAgoCggIBALBOeDzkUDa3dV1KOZhN/4WVMRhabHHu
+0dTUvfIkKPzlADB1DGLueEYXoulc3kQsrxJb6VosKuW5VRzKHU1/fJ8yAfmKh1I
3vo9y55jEWPzm2Dvt6sXWCF++xrx6rkWAwdafXf2vo66fWezmmigVWqpaCxTR5em
XqhpZkuf4R5aB6d99E40JQiEMs3R8tHLfRWvhGV7XBGdFt0baqShzaBnSPxV4buH
FGjR3ZnbxInoHY7Mc36xxQArRhciG8KaJwyExKKCt9h2fbwK+evPXm0jCOmR05jE
/pZCcXS+cu7cxRgIj46kIHoGnY1mLmhyNe/GJ/B8ukryYi+EtPU3nDci/oTo77fj
hrsFjLHCmQnGLt8p+MqcrWni7UJ03bd/RATyuUP/ztuI5u9gBCP45rqgRNbS6MaX
v5gXjxMU+x7oIBsVlfbkvUvrzwo1mGf6z3Lt5ctgrUgGfUsHvg9ad9K2rOFdExdG
/zseX5WFXfCh6RxtzGAm+kBMd25KV2KvVekn7T3A09Ay7xIqGkou5lpxyIWs2RhT
E0yohNiGuUDxopBYtMv6c7KhNybFZWE0m58+S07HUsPDp2gA8yk/1/YkacyAewlL
GExYc0W3Vv3EVz6AasVTkDJW1BbwywzfMSW32JyT1EfeHW2XFYERa8FQkyYKRf3D
hpn/7/nEiZpNAgMBAAEwDQYJKoZIhvcNAQELBQADggIBAIcAwR2KEyRCe1D4mb9I
svuBKU5H6h9Tu2OyVfp/WrPVv7ooAAdjC1czzniwCdg04LbmvySWzijPCi7dNFLp
huJIyvPdjPVRPXU7MqJR2djEgp7ppV4lIr8i3uPDhLLEZXbQmLWTacoZC+pFbUNq
r6NBIA9I6uC67ibhY2fK3IURrBuaM6SWtrxPlDDUs2UODWnW8laI1hA+S4+DSUAv
By7e5yJWBkf4xDAqiXaVIkj0GRPDOluNwNntkG9nUw6Lbb4ueioVCEu6+sIwctTc
uZxsmPbq7EJrGNB5euPpPKF14QDjh9uK8m0dxHqEF7pIek8Szgna97+p6xrOE2Ty
Xhmz7afHZmQ9bsrwReMCc7obuQgYcJimQfgXpFvYNRHfJX6OUhfocBFmxJNMSkM3
XY2Hpf8ej5MftIpnmG7/5l+LmDgedi/iXfG3Zlo1Myq3PAInASkhzXJufL6zAcxm
e8JL0Ogp0duPq1jn33vPsTN990z3ZU0AfC6qDSfyRfy2CQqZqkckgNYNVuIr8QMT
PBa35hihM3EiRhf9l6m8uGib6sqIlCPWYf+rmcVmQaUTjxzwl3MPYSKcY2hPoIV7
tJQITLS/Gzeef+cVHdpKxQQ10q2ud/wJWp+qSgzZSjnkoZkLk00GHUZleLnhRVdb
WBZ38W160BdgsHNX4f9lDRFz
-----END CERTIFICATE-----

29
tests/cert.csr Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE8DCCAtgCAQAwZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWEx
FjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCVRSdXN0LUROUzEXMBUG
A1UEAwwObnMuZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQC0zVIHrIiGj5sxLogT/T44Jv26Z67YT37QQnJU8Rn4zIBAuktqRah0Mbdm
ZxVSsd/OXJrif8BjkDrozMz0o/RmM6XgncJc7Ek2wjrQJJU1nA0j6j3TDtqxcWtu
J6wrIMS47gDtaY38yIFmfupykKTIFlUJO9xF7c2X6sMUpUauAfA63ymrTL0CeJkJ
SyutboYQ6gWnhtIPWOSAA+8pW7/7hgSe4dfLVMB3mvj2KRBPngA1mYwMQzJ9SjMx
tuQ37162GyEZput3mzjp1bzyz3psKsgF8V+bBGxfmGenRVYJmVjqaqYnLx7kY3V7
fnmQf1kAtyaC2nInnTr3D8IAto9NThND19JEb/nQ8zz6OUA0DbdOYbvnrCkdNSwP
T4OzwXmC21tiGtsH+6RMHCj1K/COPfej4XmYfkajo9mcRqRiU7yPCaAC9jOTIsBj
6lqVx5f+YgS+6O13Xpj2ZVXUicWoZ5KjJueUmcX0uS0y3kWRl8NPIAwuyIa8Ni2B
x9iOyYDheIC3XruC7sXWgBi9WofEvwhYDvErVXRAaU7NtyCZN/usStQZinkZ/jeX
zm4rVASFs2/m7MnV8MmR3BHeDYcT1Rqv0AQNuvXhvdD1ps9eiXTC27qE6ZZz2IrA
7mhamM/fc6DNb1w4DVBLM2JVA0ztneGeyzFoJZH03Nlvu+/0KQIDAQABoEQwQgYJ
KoZIhvcNAQkOMTUwMzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAZBgNVHREEEjAQ
gg5ucy5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEApmN9F5dp62RxKJRH
VcoXbHLY8zthGGf59Bb1a4LEZ1zcUflj5qWhwxM7ejplfmvwqGFlaTZJCEhVG7U1
t76kWFKVyMVxEBBhhQNhxmPEwINwMsjokC6j+8L2mGGn9ehkdZ3Gl6Q/Wa9SWTJJ
nbD82VRqe8sEH6xQ4xCEHx9BUqNhL7OlehYCzVVQJNmT6Yje4UoSefO6FMK3iGnT
qeTCL4b8C8ENhkeRPS4vC6sPIDOZtnr5HARd01P4mov1bdxgewsq1kX2tUjVPccL
929xCFDcnFxUiXlgsuUul0l0qtKNsvLlBH99kgqxrHsLg3ci1FbWtl+ySo99lxyC
UPrkE1eGbZEElaG1BVq5mPO/QNDtVjImTagrCdLuxaQWev3ZK4PmxdbZrFyKN4y4
IOenALSvFEKuen3scqZrDnecdk2IQq3ZlcGDG2ECWQpHAOt8ct3Mb9/GsrrGm/U/
+IG+TvDG+w0aTxlFPAhOwPY9Xil8OTHsUlGMznrDrS9b1mZP4EHRmeaAMHFucTYe
CBp8/muJtPbB97w8co07SrRPFJx64onZ/u1vQadcZmcHwHvozQx2mZ9ygnReHkwy
Mo5Cgc5dx3SP6VLQ4fKeWmlddAGd5t0JlYUipTaz/IiD9MME0dskVoAERHfsk8Qb
rdHVdQw0bbMGpltYfXxprVbPl/0=
-----END CERTIFICATE REQUEST-----

51
tests/cert.key Normal file
View File

@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEAtM1SB6yIho+bMS6IE/0+OCb9umeu2E9+0EJyVPEZ+MyAQLpL
akWodDG3ZmcVUrHfzlya4n/AY5A66MzM9KP0ZjOl4J3CXOxJNsI60CSVNZwNI+o9
0w7asXFrbiesKyDEuO4A7WmN/MiBZn7qcpCkyBZVCTvcRe3Nl+rDFKVGrgHwOt8p
q0y9AniZCUsrrW6GEOoFp4bSD1jkgAPvKVu/+4YEnuHXy1TAd5r49ikQT54ANZmM
DEMyfUozMbbkN+9ethshGabrd5s46dW88s96bCrIBfFfmwRsX5hnp0VWCZlY6mqm
Jy8e5GN1e355kH9ZALcmgtpyJ5069w/CALaPTU4TQ9fSRG/50PM8+jlANA23TmG7
56wpHTUsD0+Ds8F5gttbYhrbB/ukTBwo9Svwjj33o+F5mH5Go6PZnEakYlO8jwmg
AvYzkyLAY+palceX/mIEvujtd16Y9mVV1InFqGeSoybnlJnF9LktMt5FkZfDTyAM
LsiGvDYtgcfYjsmA4XiAt167gu7F1oAYvVqHxL8IWA7xK1V0QGlOzbcgmTf7rErU
GYp5Gf43l85uK1QEhbNv5uzJ1fDJkdwR3g2HE9Uar9AEDbr14b3Q9abPXol0wtu6
hOmWc9iKwO5oWpjP33OgzW9cOA1QSzNiVQNM7Z3hnssxaCWR9NzZb7vv9CkCAwEA
AQKCAgEAorcp/RgMorV5YPDUrNC7/0MwFGOdmrUolvtF9CYsTpqVTiubFaBtM21O
9g0NxqeomQsEpZV9qt0x9zPhvMYVfSk8PwMb2g8Y8PwqfAqAcofn14vHajwzG4DM
w41WyFWsVhZ0pTXbAEXfF0RfcQ22DxDyJOZHnnOfFPrF6L25935tGj6fPLhKXn/0
ksWhIGuYon5K6nNOd1t0AbYItnsJM69wVyE/2ZGDyeCh8MASGuVCoPp4bMzJErMF
kddcWu7FmTSfPHvZ7IG43dFrREbvkYuLCrYpadS4R+xcVND01py4xfeHYzpoHflY
0PSJKT9C9X7fXOKF3BsH5zO6UHP8UH0YU2GC1lc6+bcl/ySgxc5DbzqJOKZ+E/le
npywIeI82EPBJ8JWQ4otXOI0vjgW9xa5HysWsNf+wpUtTi1nNvUaniRDCm9BPWes
JIaojEvixYRYmLnvphQC03VEDiOoMJzsaFIm/4zUjErvzwyDYmgEsYpC1EA0CqLK
+JYkMmr3KqjCY6+V8P2pUs3/ZzF0og5SobfuK4n2ae1jfhU3k1YTSDPmD6x1Hm+h
W0bC0HHw4II46mxY/LoTv06skDwBS/L0fE4TC8acprfKFTRmuy5QaPnWkU2FYU+O
uq1NsFChCx05Ltcik62RsLcJslc7qGmg87VNZPIrNA3bbqHnKqUCggEBAOcaYYMl
9Lg9lOJPeLQRFtJ+c7JbPFWb2FVJs3ycuLDnnCH6UQ35TVWxq1K2x+6LfoInxOPS
BkyURGtPzE1sX4R+HclhcQCQ/wsgyO3YqxgQsGrVGy6POPpQxAPov+CTmR/MN3aT
FNmtYV0slUjm4SqUXKCVS3vtNzkReFZB7uO4fe+aSrkwiLWALnp3HBfwVNTaAGmR
5chSIq3609SHfvRIerK5j7b/a6PDdG+Oxqh4WUqZ9Y/N2EvSzxL6EJxti9ePL5SE
RuKDouSEb3bcuuo+qsSkpmnlhnk5bl5Mu/fnaYKxXJBUlmm9hC0LIlXqU1nrEtdx
K61RkakPRpwpHkcCggEBAMhHroDDAOi8oCD0JTyYi2PZ8gGNVdjLeS20ZOXy75z6
Y7CVb3bokfAZaLuVnlDvMpjQiR2Qz3bcybmzKn9tDrsvPKnWHsXwpoAOE2/npZOD
8pvVZxloZ4x3Ns/LoB5c2a9SzgxOQkPptkV0JL7xyzACdvDDnE7MipapLzaU83z/
xPR2lFx6gND5yNIj+Z4soZYWZpDWmqTWFyuB+BXMdb1Pd8pUU/xZfkaplOj8zGXI
gLiSLZFHoVrGrBDuYfVe2yEakUHeiV2QW43fZfmomk2Mfy6MEw93tW8MClNpERQj
ps7vkiJvIgf4FuFZoH5aUX9suaEUSV8Jn7ulVbCQYg8CggEAJJ/HqFMRj0kjGSJj
DJZQuZcUmsVesGp8RDfj2/GyS0bJNZFH2yERIm1/qyIQWTt+Fv5ac4hLO0Ob/C2v
QO3VzVd3PPzWPbK82HSfoyHdK3kpnCSdpClKbFD0X3I5Rkvdzm48s+vnOAAEGBIC
roT4Vhkg/MnsJn2XbNHZ8kGMrEYGnzwib2rDn4/qzbmmmBycNQc/XXujoLVzjYLc
oye99NSvrTc/EU81LcTB5RQJY5V/ARWZFusWRh3odyduDnxF1yl37t9vpGIcJH7g
c0PT01+PDI7TWKDpSLjTRtp+R3FDBVU6SB0/oQ5JriG/lUIHZ46bc80ZkOQGY3Zq
SEEz7QKCAQANROKE2WaYBNc/F63X4+toRCpKfAiyAlkW9BqzOXMynUw5iM0HvcTd
eXF87B6/EfnyMe7DrLJyF5Kt4Pbx1lHhiPGl9u+3AYimd0hGY7yOl3FdbbgU8Nvb
bJKPFdiX6mLpwLyyCAVP5o4S7+z3UaG6no8uyGb0uYx9Ctx760Zug6uS3sBZmCws
rD/n3EZPenmCLh3BftZkEWMbmNLM7uzmC/vNxeSClZNOLzIUdZs9KxmMIPMv6uT/
1KXVwVVwIka2XMI+8PV843GNZr2k2szOUn6ioNkqby3wG4YbnJxrDymgEDNIYMCK
cp9hcsS1WlqH7LYnu+ZYi5Svo/aXahl1AoIBAHn+m+hiuwvDnSWGW6ynBNcc/mPj
rq/+KJEm7CTVkSmWZvxgV2knw2/3hMQspX/adJVgGnjpK556QhufxJ7M8g+DtMJg
6h/wY+yxmdDezSRFBEnt20VzuK4EF1R7Cavst3wkimg9iHjJd90ZkZVBrZOFPbKP
3dZWC9FPdbc+soqPaoaVI5AJde0zZFbRuk8HTbefWH9SQNhXqCfPibY63eSlEFWm
K8qYhB7bNNQZV+J+yTWVhRVjRdDaQvqgdik05Kd/DILjbPy+cul/mTtgFBlFjScE
unHE6zIn23GeBP3d9NmwQgPKm+it9lfXiLqTxJL+xFaUsEuryXkTJcsLHVA=
-----END RSA PRIVATE KEY-----

BIN
tests/cert.p12 Normal file
View File

Binary file not shown.

32
tests/cert.pem Normal file
View File

@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIIFiDCCA3CgAwIBAgIJAIdx973umC+mMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
c2NvMRIwEAYDVQQKDAlUUnVzdC1ETlMxGTAXBgNVBAMMEHJvb3QuZXhhbXBsZS5j
b20wHhcNMTcwNDA2MDcwNTAwWhcNMTgwNDA2MDcwNTAwWjBnMQswCQYDVQQGEwJV
UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzES
MBAGA1UECgwJVFJ1c3QtRE5TMRcwFQYDVQQDDA5ucy5leGFtcGxlLmNvbTCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALTNUgesiIaPmzEuiBP9Pjgm/bpn
rthPftBCclTxGfjMgEC6S2pFqHQxt2ZnFVKx385cmuJ/wGOQOujMzPSj9GYzpeCd
wlzsSTbCOtAklTWcDSPqPdMO2rFxa24nrCsgxLjuAO1pjfzIgWZ+6nKQpMgWVQk7
3EXtzZfqwxSlRq4B8DrfKatMvQJ4mQlLK61uhhDqBaeG0g9Y5IAD7ylbv/uGBJ7h
18tUwHea+PYpEE+eADWZjAxDMn1KMzG25DfvXrYbIRmm63ebOOnVvPLPemwqyAXx
X5sEbF+YZ6dFVgmZWOpqpicvHuRjdXt+eZB/WQC3JoLaciedOvcPwgC2j01OE0PX
0kRv+dDzPPo5QDQNt05hu+esKR01LA9Pg7PBeYLbW2Ia2wf7pEwcKPUr8I4996Ph
eZh+RqOj2ZxGpGJTvI8JoAL2M5MiwGPqWpXHl/5iBL7o7XdemPZlVdSJxahnkqMm
55SZxfS5LTLeRZGXw08gDC7Ihrw2LYHH2I7JgOF4gLdeu4LuxdaAGL1ah8S/CFgO
8StVdEBpTs23IJk3+6xK1BmKeRn+N5fObitUBIWzb+bsydXwyZHcEd4NhxPVGq/Q
BA269eG90PWmz16JdMLbuoTplnPYisDuaFqYz99zoM1vXDgNUEszYlUDTO2d4Z7L
MWglkfTc2W+77/QpAgMBAAGjNTAzMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMBkG
A1UdEQQSMBCCDm5zLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBMTEnd
Q1tsD7gsAzDkFdL8ALZ1Dt4acDgcm3lpaWYUPIMeGPHYpYwjBt9WsT9KX45vW16b
qv7DG4i1cRPaJF9HZuycA3axw12MzeNcqNe1bs5NgtJ2mXC+WibCCz8CrfYrKzlx
YOqCbco5PbnCmtcsosawtQo251X+kwuTueFVXLurvmD0FZsmCzTxiM9e0XgYZ5J5
jFvWV2z3M12fq2Zw6RIrWKijQOumQDBTYaOzONtmUtesBPgT9LK44muy+aXQErkz
7tdkqqUCXywh1trIt4M+WJGZNhZfSMqyF+KivY0jQr6jfAkwgl8ZoriCdzIqeLZY
PntpD88Zf5PfSpPJulTGe+GkLphBHS/g3vfmwc5tJHYd/f2X4AMXf/1Ofiq2yci5
ILJTKrCh1eJEae07UUP9HQFSzrIyiD801ujHInYdKhZxbsFCm49D5C+BPmKD/3iW
4yb+kxNhuulI54kKQr/K0bSLyNqr9Ks9UZqUxLnvUiaeWUMwIVQUXrw4XQUlBX5q
OtunQDRUTfQ+89kftrQb7comuSN/+NaY7KbCEsBrWqf9LhXUOwb5J9ZooYm0r2h6
jzekPplgCdy2qCAo1YcFBqD3rAHdFr5330NRDGrdBqm6Ee/JKxtIlyd8A+v7QoRk
prjSS8T1B6qwbHdC4rgBRf+4YLrnzBBk42w1AQ==
-----END CERTIFICATE-----