From f0cace6fc0c564e63037a697e50ee00ff47ecd1a Mon Sep 17 00:00:00 2001 From: TeoV Date: Mon, 4 Jun 2018 09:07:00 -0400 Subject: [PATCH] Add script for create certificate for server and client and add test test tls connection --- cmd/cgr-console/cgr-console.go | 2 +- cmd/cgr-engine/cgr-engine.go | 78 ++++++++++-------- cmd/cgr-engine/rater.go | 17 ++-- cmd/cgr-loader/cgr-loader.go | 13 ++- config/config.go | 8 ++ config/config_defaults.go | 2 + config/config_json_test.go | 2 + config/libconfig_json.go | 2 + data/conf/samples/tls/cgrates.json | 101 ++++++++++++++++++++++++ data/tls/client.crt | 46 ----------- data/tls/client.key | 52 ++++++------ data/tls/clientCA.crt | 46 +++++++++++ data/tls/script.sh | 22 ++++++ data/tls/server.crt | 46 ----------- data/tls/server.key | 52 ++++++------ data/tls/serverCA.crt | 46 +++++++++++ engine/filters.go | 3 +- engine/libengine.go | 9 ++- general_tests/tls_it_test.go | 122 +++++++++++++++++++++++++++++ 19 files changed, 474 insertions(+), 195 deletions(-) create mode 100755 data/conf/samples/tls/cgrates.json delete mode 100644 data/tls/client.crt create mode 100644 data/tls/clientCA.crt create mode 100755 data/tls/script.sh delete mode 100644 data/tls/server.crt create mode 100644 data/tls/serverCA.crt create mode 100755 general_tests/tls_it_test.go diff --git a/cmd/cgr-console/cgr-console.go b/cmd/cgr-console/cgr-console.go index 51ce00052..fcc28d7d3 100644 --- a/cmd/cgr-console/cgr-console.go +++ b/cmd/cgr-console/cgr-console.go @@ -40,7 +40,7 @@ var ( version = flag.Bool("version", false, "Prints the application version.") verbose = flag.Bool("verbose", false, "Show extra info about command execution.") server = flag.String("server", "127.0.0.1:2012", "server address host:port") - rpc_encoding = flag.String("rpc_encoding", "json", "RPC encoding used ") + rpc_encoding = flag.String("rpc_encoding", "json", "RPC encoding used ") certificate_path = flag.String("crt_path", "", "path to certificate for tls connection") key_path = flag.String("key_path", "", "path to key for tls connection") client *rpcclient.RpcClient diff --git a/cmd/cgr-engine/cgr-engine.go b/cmd/cgr-engine/cgr-engine.go index bcf67d519..89dece57d 100644 --- a/cmd/cgr-engine/cgr-engine.go +++ b/cmd/cgr-engine/cgr-engine.go @@ -111,7 +111,8 @@ func startCdrc(internalCdrSChan, internalRaterChan chan rpcclient.RpcClientConne for _, cdrcCfg = range cdrcCfgs { // Take the first config out, does not matter which one break } - cdrsConn, err := engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + cdrsConn, err := engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cdrcCfg.CdrsConns, internalCdrSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to CDRS via RPC: %s", err.Error())) @@ -138,7 +139,7 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in var err error var ralsConns, resSConns, threshSConns, statSConns, suplSConns, attrSConns, cdrsConn *rpcclient.RpcClientPool if len(cfg.SessionSCfg().RALsConns) != 0 { - ralsConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, + ralsConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.SessionSCfg().RALsConns, internalRaterChan, cfg.InternalTtl) if err != nil { @@ -148,7 +149,7 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in } } if len(cfg.SessionSCfg().ResSConns) != 0 { - resSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, + resSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.SessionSCfg().ResSConns, internalResourceSChan, cfg.InternalTtl) if err != nil { @@ -158,7 +159,8 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in } } if len(cfg.SessionSCfg().ThreshSConns) != 0 { - threshSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + threshSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.SessionSCfg().ThreshSConns, internalThresholdSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to ThresholdS: %s", utils.SessionS, err.Error())) @@ -167,7 +169,8 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in } } if len(cfg.SessionSCfg().StatSConns) != 0 { - statSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + statSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.SessionSCfg().StatSConns, internalStatSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to StatS: %s", utils.SessionS, err.Error())) @@ -176,7 +179,8 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in } } if len(cfg.SessionSCfg().SupplSConns) != 0 { - suplSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + suplSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.SessionSCfg().SupplSConns, internalSupplierSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to SupplierS: %s", utils.SessionS, err.Error())) @@ -185,7 +189,8 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in } } if len(cfg.SessionSCfg().AttrSConns) != 0 { - attrSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + attrSConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.SessionSCfg().AttrSConns, internalAttrSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to AttributeS: %s", utils.SessionS, err.Error())) @@ -194,7 +199,8 @@ func startSessionS(internalSMGChan, internalRaterChan, internalResourceSChan, in } } if len(cfg.SessionSCfg().CDRsConns) != 0 { - cdrsConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + cdrsConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.SessionSCfg().CDRsConns, internalCDRSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to RALs: %s", utils.SessionS, err.Error())) @@ -259,7 +265,8 @@ func startDiameterAgent(internalSMGChan, internalPubSubSChan chan rpcclient.RpcC utils.Logger.Info("Starting CGRateS DiameterAgent service") var smgConn, pubsubConn *rpcclient.RpcClientPool if len(cfg.DiameterAgentCfg().SessionSConns) != 0 { - smgConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + smgConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.DiameterAgentCfg().SessionSConns, internalSMGChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to SMG: %s", err.Error())) @@ -268,7 +275,8 @@ func startDiameterAgent(internalSMGChan, internalPubSubSChan chan rpcclient.RpcC } } if len(cfg.DiameterAgentCfg().PubSubConns) != 0 { - pubsubConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + pubsubConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.DiameterAgentCfg().PubSubConns, internalPubSubSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to PubSubS: %s", err.Error())) @@ -293,8 +301,8 @@ func startRadiusAgent(internalSMGChan chan rpcclient.RpcClientConnection, exitCh utils.Logger.Info("Starting CGRateS RadiusAgent service") var smgConn *rpcclient.RpcClientPool if len(cfg.RadiusAgentCfg().SessionSConns) != 0 { - smgConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, - cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + smgConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.RadiusAgentCfg().SessionSConns, internalSMGChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to SMG: %s", err.Error())) @@ -351,7 +359,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection, utils.Logger.Info("Starting CGRateS CDRS service.") var ralConn, pubSubConn, usersConn, attrSConn, aliasesConn, cdrstatsConn, thresholdSConn, statsConn *rpcclient.RpcClientPool if len(cfg.CDRSRaterConns) != 0 { // Conn pool towards RAL - ralConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + ralConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.CDRSRaterConns, internalRaterChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to RAL: %s", err.Error())) @@ -360,7 +369,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection, } } if len(cfg.CDRSPubSubSConns) != 0 { // Pubsub connection init - pubSubConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + pubSubConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.CDRSPubSubSConns, internalPubSubSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to PubSubSystem: %s", err.Error())) @@ -369,7 +379,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection, } } if len(cfg.CDRSAttributeSConns) != 0 { // Users connection init - attrSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + attrSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.CDRSAttributeSConns, internalAttributeSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to %s: %s", @@ -379,7 +390,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection, } } if len(cfg.CDRSUserSConns) != 0 { // Users connection init - usersConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + usersConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.CDRSUserSConns, internalUserSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to UserS: %s", err.Error())) @@ -388,7 +400,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection, } } if len(cfg.CDRSAliaseSConns) != 0 { // Aliases connection init - aliasesConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + aliasesConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.CDRSAliaseSConns, internalAliaseSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to AliaseS: %s", err.Error())) @@ -397,7 +410,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection, } } if len(cfg.CDRSCDRStatSConns) != 0 { // Stats connection init - cdrstatsConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + cdrstatsConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.CDRSCDRStatSConns, internalCdrStatSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to CDRStatS: %s", err.Error())) @@ -406,7 +420,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection, } } if len(cfg.CDRSThresholdSConns) != 0 { // Stats connection init - thresholdSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + thresholdSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.CDRSThresholdSConns, internalThresholdSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to ThresholdS: %s", err.Error())) @@ -415,7 +430,8 @@ func startCDRS(internalCdrSChan chan rpcclient.RpcClientConnection, } } if len(cfg.CDRSStatSConns) != 0 { // Stats connection init - statsConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + statsConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.CDRSStatSConns, internalStatSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to StatS: %s", err.Error())) @@ -530,7 +546,8 @@ func startResourceService(internalRsChan chan rpcclient.RpcClientConnection, cac filterS := <-filterSChan filterSChan <- filterS if len(cfg.ResourceSCfg().ThresholdSConns) != 0 { // Stats connection init - thdSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + thdSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.ResourceSCfg().ThresholdSConns, internalThresholdSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to ThresholdS: %s", err.Error())) @@ -572,7 +589,8 @@ func startStatService(internalStatSChan chan rpcclient.RpcClientConnection, cach filterS := <-filterSChan filterSChan <- filterS if len(cfg.StatSCfg().ThresholdSConns) != 0 { // Stats connection init - thdSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + thdSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.StatSCfg().ThresholdSConns, internalThresholdSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to ThresholdS: %s", err.Error())) @@ -644,10 +662,9 @@ func startSupplierService(internalSupplierSChan chan rpcclient.RpcClientConnecti filterSChan <- filterS var resourceSConn, statSConn *rpcclient.RpcClientPool if len(cfg.SupplierSCfg().ResourceSConns) != 0 { - resourceSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, - cfg.ConnectAttempts, cfg.Reconnects, - cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.SupplierSCfg().ResourceSConns, - internalRsChan, cfg.InternalTtl) + resourceSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + cfg.SupplierSCfg().ResourceSConns, internalRsChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to ResourceS: %s", utils.SupplierS, err.Error())) @@ -656,10 +673,9 @@ func startSupplierService(internalSupplierSChan chan rpcclient.RpcClientConnecti } } if len(cfg.SupplierSCfg().StatSConns) != 0 { - statSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, - cfg.ConnectAttempts, cfg.Reconnects, - cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.SupplierSCfg().StatSConns, - internalStatSChan, cfg.InternalTtl) + statSConn, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, + cfg.ReplyTimeout, cfg.SupplierSCfg().StatSConns, internalStatSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf("<%s> Could not connect to StatS: %s", utils.SupplierS, err.Error())) @@ -718,7 +734,7 @@ func startDispatcherService(internalDispatcherSChan, internalRaterChan chan rpcc var err error var ralsConns, resSConns, threshSConns, statSConns, suplSConns, attrSConns, sessionsSConns *rpcclient.RpcClientPool if len(cfg.DispatcherSCfg().RALsConns) != 0 { - ralsConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, + ralsConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.DispatcherSCfg().RALsConns, internalRaterChan, cfg.InternalTtl) if err != nil { diff --git a/cmd/cgr-engine/rater.go b/cmd/cgr-engine/rater.go index 1bed690d5..0b8dd4388 100755 --- a/cmd/cgr-engine/rater.go +++ b/cmd/cgr-engine/rater.go @@ -62,7 +62,8 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en go func() { defer close(thdsTaskChan) var err error - thdS, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + thdS, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.RALsThresholdSConns, internalThdSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to ThresholdS, error: %s", err.Error())) @@ -79,7 +80,8 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en go func() { defer close(cdrstatTaskChan) var err error - cdrStats, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + cdrStats, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.RALsCDRStatSConns, internalCdrStatSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to CDRStatS, error: %s", err.Error())) @@ -96,7 +98,8 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en go func() { defer close(statsTaskChan) var err error - stats, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, + stats, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, + cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.RALsStatSConns, internalStatSChan, cfg.InternalTtl) if err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to StatS, error: %s", err.Error())) @@ -111,7 +114,7 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en waitTasks = append(waitTasks, pubsubTaskChan) go func() { defer close(pubsubTaskChan) - if pubSubSConns, err := engine.NewRPCPool(rpcclient.POOL_FIRST, + if pubSubSConns, err := engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.RALsPubSubSConns, internalPubSubSChan, cfg.InternalTtl); err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to PubSubS: %s", err.Error())) @@ -130,7 +133,7 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en go func() { defer close(attrsTaskChan) var err error - attrS, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.ConnectAttempts, + attrS, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.RALsAttributeSConns, internalAttributeSChan, cfg.InternalTtl) if err != nil { @@ -147,7 +150,7 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en waitTasks = append(waitTasks, aliasesTaskChan) go func() { defer close(aliasesTaskChan) - if aliaseSCons, err := engine.NewRPCPool(rpcclient.POOL_FIRST, + if aliaseSCons, err := engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.RALsAliasSConns, internalAliaseSChan, cfg.InternalTtl); err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect to AliaseS, error: %s", err.Error())) @@ -166,7 +169,7 @@ func startRater(internalRaterChan chan rpcclient.RpcClientConnection, cacheS *en go func() { defer close(usersTaskChan) var err error - if usersConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, + if usersConns, err = engine.NewRPCPool(rpcclient.POOL_FIRST, cfg.TLSClientKey, cfg.TLSClientCerificate, cfg.ConnectAttempts, cfg.Reconnects, cfg.ConnectTimeout, cfg.ReplyTimeout, cfg.RALsUserSConns, internalUserSChan, cfg.InternalTtl); err != nil { utils.Logger.Crit(fmt.Sprintf(" Could not connect UserS, error: %s", err.Error())) diff --git a/cmd/cgr-loader/cgr-loader.go b/cmd/cgr-loader/cgr-loader.go index bfb4335ea..a27a4c530 100755 --- a/cmd/cgr-loader/cgr-loader.go +++ b/cmd/cgr-loader/cgr-loader.go @@ -49,6 +49,8 @@ var ( "The DataDb user to sign in as.") dataDBPasswd = flag.String("datadb_passwd", dfltCfg.DataDbPass, "The DataDb user's password.") + dbDataEncoding = flag.String("dbdata_encoding", dfltCfg.DBDataEncoding, + "The encoding used to store object data in strings") storDBType = flag.String("stordb_type", dfltCfg.StorDBType, "The type of the storDb database <*mysql|*postgres|*mongo>") @@ -63,9 +65,6 @@ var ( storDBPasswd = flag.String("stordb_passwd", dfltCfg.StorDBPass, "The storDb user's password.") - dbDataEncoding = flag.String("dbdata_encoding", dfltCfg.DBDataEncoding, - "The encoding used to store object data in strings") - flush = flag.Bool("flushdb", false, "Flush the database before importing") tpid = flag.String("tpid", dfltCfg.LoaderCgrConfig.TpID, @@ -78,8 +77,6 @@ var ( "Enable detailed verbose logging output") dryRun = flag.Bool("dry_run", false, "When true will not save loaded data to dataDb but just parse it for consistency and errors.") - //validate = flag.Bool("validate", false, - // "When true will run various check on the loaded data to check for structural errors") fromStorDB = flag.Bool("from_stordb", false, "Load the tariff plan from storDb to dataDb") toStorDB = flag.Bool("to_stordb", false, "Import the tariff plan from files to storDb") @@ -298,7 +295,8 @@ func main() { } if len(ldrCfg.LoaderCgrConfig.CachesConns) != 0 { // Init connection to CacheS so we can reload it's data if cacheS, err = rpcclient.NewRpcClient("tcp", - ldrCfg.LoaderCgrConfig.CachesConns[0].Address, "", "", 3, 3, + ldrCfg.LoaderCgrConfig.CachesConns[0].Address, + ldrCfg.TLSClientKey, ldrCfg.TLSClientCerificate, 3, 3, time.Duration(1*time.Second), time.Duration(5*time.Minute), strings.TrimPrefix(ldrCfg.LoaderCgrConfig.CachesConns[0].Transport, utils.Meta), nil, false); err != nil { @@ -315,7 +313,8 @@ func main() { *usersAddress == ldrCfg.LoaderCgrConfig.CachesConns[0].Address { userS = cacheS } else { - if userS, err = rpcclient.NewRpcClient("tcp", *usersAddress, "", "", 3, 3, + if userS, err = rpcclient.NewRpcClient("tcp", *usersAddress, + ldrCfg.TLSClientKey, ldrCfg.TLSClientCerificate, 3, 3, time.Duration(1*time.Second), time.Duration(5*time.Minute), strings.TrimPrefix(*rpcEncoding, utils.Meta), nil, false); err != nil { log.Fatalf("Could not connect to UserS API: %s", err.Error()) diff --git a/config/config.go b/config/config.go index 0d13c634e..426f1ee19 100755 --- a/config/config.go +++ b/config/config.go @@ -280,6 +280,8 @@ type CGRConfig struct { HTTPTLSListen string // HTTP TLS listening address TLSServerCerificate string // path to server certificate TLSServerKey string // path to server key + TLSClientCerificate string // path to client certificate + TLSClientKey string // path to client key HTTPJsonRPCURL string // JSON RPC relative URL ("" to disable) HTTPFreeswitchCDRsURL string // Freeswitch CDRS relative URL ("" to disable) HTTPCDRsURL string // CDRS relative URL ("" to disable) @@ -1027,6 +1029,12 @@ func (self *CGRConfig) loadFromJsonCfg(jsnCfg *CgrJsonCfg) (err error) { if jsnListenCfg.Tls_server_key != nil && *jsnListenCfg.Tls_server_key != "" { self.TLSServerKey = *jsnListenCfg.Tls_server_key } + if jsnListenCfg.Tls_client_certificate != nil && *jsnListenCfg.Tls_client_certificate != "" { + self.TLSClientCerificate = *jsnListenCfg.Tls_client_certificate + } + if jsnListenCfg.Tls_client_key != nil && *jsnListenCfg.Tls_client_key != "" { + self.TLSClientKey = *jsnListenCfg.Tls_client_key + } } if jsnHttpCfg != nil { diff --git a/config/config_defaults.go b/config/config_defaults.go index 593970675..bea87a139 100755 --- a/config/config_defaults.go +++ b/config/config_defaults.go @@ -87,6 +87,8 @@ const CGRATES_CFG_JSON = ` "http_tls": "127.0.0.1:2280", // HTTP TLS listening address "tls_server_certificate" : "", // path to server certificate(must conatin server.crt + ca.crt) "tls_server_key":"", // path to server key + "tls_client_certificate" : "", // path to client certificate(must conatin client.crt + ca.crt) + "tls_client_key":"", // path to client key }, diff --git a/config/config_json_test.go b/config/config_json_test.go index 2745297d3..768028542 100755 --- a/config/config_json_test.go +++ b/config/config_json_test.go @@ -183,6 +183,8 @@ func TestDfListenJsonCfg(t *testing.T) { Http_tls: utils.StringPointer("127.0.0.1:2280"), Tls_server_certificate: utils.StringPointer(""), Tls_server_key: utils.StringPointer(""), + Tls_client_certificate: utils.StringPointer(""), + Tls_client_key: utils.StringPointer(""), } if cfg, err := dfCgrJsonCfg.ListenJsonCfg(); err != nil { t.Error(err) diff --git a/config/libconfig_json.go b/config/libconfig_json.go index 3b7902576..a2f15e940 100755 --- a/config/libconfig_json.go +++ b/config/libconfig_json.go @@ -54,6 +54,8 @@ type ListenJsonCfg struct { Http_tls *string Tls_server_certificate *string Tls_server_key *string + Tls_client_certificate *string + Tls_client_key *string } // HTTP config section diff --git a/data/conf/samples/tls/cgrates.json b/data/conf/samples/tls/cgrates.json new file mode 100755 index 000000000..4fbf43fdd --- /dev/null +++ b/data/conf/samples/tls/cgrates.json @@ -0,0 +1,101 @@ +{ +// CGRateS Configuration file +// + + +"general": { + "log_level": 7, +}, + + +"listen": { + "rpc_json": ":2012", + "rpc_gob": ":2013", + "http": ":2080", + "rpc_json_tls":":2022", + "rpc_gob_tls":":2023", + "tls_server_certificate" : "/usr/share/cgrates/tls/serverCA.crt", // path to server certificate(must conatin server.crt + ca.crt) + "tls_server_key":"/usr/share/cgrates/tls/server.key", // path to server key + "tls_client_certificate" : "/usr/share/cgrates/tls/clientCA.crt", // path to client certificate(must conatin client.crt + ca.crt) + "tls_client_key":"/usr/share/cgrates/tls/client.key", // path to client key +}, + +"data_db": { // database used to store runtime data (eg: accounts, cdr stats) + "db_type": "redis", // data_db type: + "db_port": 6379, // data_db port to reach the database + "db_name": "10", // data_db database name to connect to + +}, + + +"stor_db": { + "db_password": "CGRateS.org", +}, + + +"cache":{ + "destinations": {"limit": 10000, "ttl":"0s", "precache": true}, + "reverse_destinations": {"limit": 10000, "ttl":"0s", "precache": true}, + "rating_plans": {"limit": 10000, "ttl":"0s","precache": true}, + "rating_profiles": {"limit": 10000, "ttl":"0s", "precache": true}, + "lcr_rules": {"limit": 10000, "ttl":"0s", "precache": true}, + "cdr_stats": {"limit": 10000, "ttl":"0s", "precache": true}, + "actions": {"limit": 10000, "ttl":"0s", "precache": true}, + "action_plans": {"limit": 10000, "ttl":"0s", "precache": true}, + "account_action_plans": {"limit": 10000, "ttl":"0s", "precache": true}, + "action_triggers": {"limit": 10000, "ttl":"0s", "precache": true}, + "shared_groups": {"limit": 10000, "ttl":"0s", "precache": true}, + "aliases": {"limit": 10000, "ttl":"0s", "precache": true}, + "reverse_aliases": {"limit": 10000, "ttl":"0s", "precache": true}, + "derived_chargers": {"limit": 10000, "ttl":"0s", "precache": true}, + "resource_profiles": {"limit": 10000, "ttl":"0s", "precache": true}, + "resources": {"limit": 10000, "ttl":"0s", "precache": true}, + "statqueues": {"limit": 10000, "ttl":"0s", "precache": true}, + "statqueue_profiles": {"limit": 10000, "ttl":"0s", "precache": true}, + "thresholds": {"limit": 10000, "ttl":"0s", "precache": true}, + "threshold_profiles": {"limit": 10000, "ttl":"0s", "precache": true}, + "filters": {"limit": 10000, "ttl":"0s", "precache": true}, + "supplier_profiles": {"limit": 10000, "ttl":"0s", "precache": true}, + "attribute_profiles": {"limit": 10000, "ttl":"0s", "precache": true}, + "resource_filter_indexes" :{"limit": 10000, "ttl":"0s"}, + "resource_filter_revindexes" : {"limit": 10000, "ttl":"0s"}, + "stat_filter_indexes" : {"limit": 10000, "ttl":"0s"}, + "stat_filter_revindexes" : {"limit": 10000, "ttl":"0s"}, + "threshold_filter_indexes" : {"limit": 10000, "ttl":"0s"}, + "threshold_filter_revindexes" : {"limit": 10000, "ttl":"0s"}, + "supplier_filter_indexes" : {"limit": 10000, "ttl":"0s"}, + "supplier_filter_revindexes" :{"limit": 10000, "ttl":"0s"}, + "attribute_filter_indexes" : {"limit": 10000, "ttl":"0s"}, + "attribute_filter_revindexes" : {"limit": 10000, "ttl":"0s"}, +}, + + +"rals": { + "enabled": true, +}, + + +"resources": { + "enabled": true, + "store_interval": "1s", + "thresholds_conns": [ + {"address": "*internal"} + ], +}, + + +"stats": { + "enabled": true, + "store_interval": "1s", + "thresholds_conns": [ + {"address": "*internal"} + ], +}, + +"thresholds": { + "enabled": true, + "store_interval": "1s", +}, + + +} diff --git a/data/tls/client.crt b/data/tls/client.crt deleted file mode 100644 index b176d089f..000000000 --- a/data/tls/client.crt +++ /dev/null @@ -1,46 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDqDCCApACCQD7WK5oHdesRjANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMC -REUxEDAOBgNVBAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDER -MA8GA1UECgwISVRzeXNDT00xDTALBgNVBAsMBHJvb3QxEjAQBgNVBAMMCWxvY2Fs -aG9zdDEjMCEGCSqGSIb3DQEJARYUY29udGFjdEBpdHN5c2NvbS5jb20wHhcNMTgw -NjA0MDkyMjM3WhcNMTgwNzA0MDkyMjM3WjCBljELMAkGA1UEBhMCREUxEDAOBgNV -BAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDERMA8GA1UECgwI -SVRzeXNDT00xDzANBgNVBAsMBmNsaWVudDESMBAGA1UEAwwJbG9jYWxob3N0MSMw -IQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAM72mFt56EnKXNPknsHkC1ObLbic6dJksBfMgPz3 -zpGdS16v/K7diHMKR/og6xFOQay30rffQAdTRcCxb9Xg0K+JNS2bxKttcCm8zLfI -O02JuBNJ2IN9S3TRpetoBW1xgprvpeYu4MFM9Ng7qqzexSwlMvJ5cxGmrLf22VYt -BbksPTJuAp5QDUbxjHqJGie0jpZY2jk8c/gr51Jdty+B7idxiSMOAhv6zKadYi3D -Rqz/0g6jwBN0K3xJosmeg0vFrtDRe4unblfrXHT/DeqmqOLqPgd1bpZqt9ACsJIC -d2Qr64uStFon2kcXA4niCEVVKqgoSN8mhGzEFqfVz9dzHYcCAwEAATANBgkqhkiG -9w0BAQsFAAOCAQEAQYr+SccZL/MC0cNBwFcZ6Ieve0vlIzhXsZJYxdAiMzvJgmsy -44Sis0SDpKA0nQ4YCCAGksCSlRJ/EQfhBHyLIIM14yzlPxmhaxZMpNppR9fGpRSq -sd3FFPcnJLi/7bf6ukr7P96dO1RqnS7BzoEKKfr1uxpgLTO1J39/R2g3111M5TSb -VycaPJIAlhHTrne4iJYJrMcWLbPQ6Vm2+PSbdTxT2b5LK+/9Unj1hg78LZ0Nri6V -RK0RkVm+hlvOaWyq63/5NGJIRAJs+SNqJp/yj/TOfWRydKMMCXTKiw7hXi5hvRx5 -ttQAJYuj0BFq/qqg7JppKxvJNCz/fxLdhXO+RA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID/TCCAuWgAwIBAgIJAKDyy6mFEOjvMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD -VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5o -YWxsMREwDwYDVQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJ -bG9jYWxob3N0MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTAe -Fw0xODA2MDQwOTIyMzZaFw0xODA3MDQwOTIyMzZaMIGUMQswCQYDVQQGEwJERTEQ -MA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5oYWxsMREwDwYD -VQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJbG9jYWxob3N0 -MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBALWp25CMGfnJoXwRkWa2M229seqsQtxl81LX -CSgiz4YixDW9uyVolY3hmnuiQsnCPtykdqpbS+/spGeY+0v+h0Bjii8aqSVwVP5z -eqXlTEGG6ZwA4FTM6S++yY591Z9f8N3CrVp+w+lfuI8cndycD5ylRNMGMQhVTBwL -qBu1Sxw+9QIdj/aB/R9x24l/pbsiknxaFSU0vEjAvN6PJ0RbZPQZqK2+tqEuN5jk -zcUNr1LDz9HVdvDDjgwLO/yGZ+ZksxViMwbDoHRqZnsGDfLcdBtYJ/heiVz++tSY -cHiXEMWfckoHGwixXv7jR9xd8yzB68rQjc3ZCFeq9t7SIvVu0fECAwEAAaNQME4w -HQYDVR0OBBYEFDxuN0Za0g9WVTbVwFdXELA2MTU+MB8GA1UdIwQYMBaAFDxuN0Za -0g9WVTbVwFdXELA2MTU+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -ADnDCdL3XoXCo7Ns52kt2IZ413fAESvFjlyCjDG7PgfRlXUvLBWSF5puIecQbOHE -iWuuvDM1mXQGNAL7XxYCPjkXAXvtwEsTsD374SIc8ryrNgjVWPP9ozc6D/mxKAyt -Tr6t1+dKghQnQOd+sYH6J8w1XVyrribymFX4HoN3bPD36Pz8KtJtwmU/SRdDQa3L -9D4rNQla/kHc30E6xWgfeUpk170bvEtvZNfKSm6Q3UavJpsiV5Tb4ewui4c0Tqf2 -V04HgBbxb393sA5bpr8M+2bqTRu3DU9vfeDSBUQ183XyDP7UzukEUOpSCCyPLWqD -ubaRobwNlwbyYpzLTd/SApE= ------END CERTIFICATE----- diff --git a/data/tls/client.key b/data/tls/client.key index ed4a5d2eb..3f9fb57a5 100644 --- a/data/tls/client.key +++ b/data/tls/client.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDO9phbeehJylzT -5J7B5AtTmy24nOnSZLAXzID8986RnUter/yu3YhzCkf6IOsRTkGst9K330AHU0XA -sW/V4NCviTUtm8SrbXApvMy3yDtNibgTSdiDfUt00aXraAVtcYKa76XmLuDBTPTY -O6qs3sUsJTLyeXMRpqy39tlWLQW5LD0ybgKeUA1G8Yx6iRontI6WWNo5PHP4K+dS -Xbcvge4ncYkjDgIb+symnWItw0as/9IOo8ATdCt8SaLJnoNLxa7Q0XuLp25X61x0 -/w3qpqji6j4HdW6WarfQArCSAndkK+uLkrRaJ9pHFwOJ4ghFVSqoKEjfJoRsxBan -1c/Xcx2HAgMBAAECggEBAI9Xzhh1a8RH61k7HBXwa0Ph053s2CnHYQtqseADhkfm -aMBRJbK7bvk2ormEOStIR0ZoHwMJFiC8tTAL9QhuaDtbzcAkBegxqSDPSf70KNbA -TwTU/ae8jRmA5ukPp8qwdqP23bF6wGJBeceWM9T9ihTUQuAb6+3Kwg+8YbVFA5TG -5vXThEGEhJX74Y8Z5epQp5Q4Nex1LJVJBKc7M+gONJwheoRigoaPTVNdk5oiSfGU -90X/XjWdBqggZHOw/ZgzRS1oyOozhws8oduastcNCl76B3XfaNXswDnI/977iyJC -z/DelKKg7VlfE3FRutdxFq6lKMMD9EvvD9eJaZcUXzECgYEA8aSQgHtlJNojBveF -zwt+Mk+u91pS3iChUKA/04ii/MqXrOHFcVyJXTheEWr2Lt9nTpFUXG6bfgAR9xt0 -44dYFLkjNvzFoTXJOL3TN9Hociccn3n+XeK1bzVnsKIEmEORAHYs31kIbMZ4JWDK -D+dhiMcT+8P1bQx2KM2rrjjU/JkCgYEA20KMLNPKkukHN1q2m5iGAeuO4EF2lnzq -kv6d8StPyClUhjJgiRJRCOeyeIeGzXs/kV0i9+Tf6vKku0Bm/XS7T8+3TRMOTeM4 -5sw7qjsloUbNMaK9TlahO6P0gyZEgT3GYj09mZNj1vSOqlyRYQrTaTYObBF1fAPR -zsuuDwziHx8CgYBIlp3N6sN0cY7KHfr1Okebh3JQ3bI9BeJPnQPvYIFNnPI5Pc0Z -A6pD9ZXUd6QianvXDzMfXR6amBzNdVMEsniUKRVaBE694bFjuSpE/2prODKR+Yye -2WaVVJ6kYdctgkaBs/5AzbcJLgmTeOLaKjCTbPIk1DXanz6zfS0QdgQNKQKBgDIC -h75hwD6p7/9sLWJn84jUlY4I4GeKrmZAtP2hB118L888BlC9YMZLMqXTI6gSiHk7 -aRJpnbkVBwW+tr7wtRiLJB/sTMLvJLdftewp+XdDkuHTYKJRmAzmZIrVW6Ku2GTn -2vkAaTFKLpAk9PPRaE8DCV8UzFsw89XbFyRPp/O5AoGBAJ9CKMsLj+p1TqV2m07T -e11keazqQM5Zgg1te+jXMV90V5kbE5g2FsEdl3yxM/AJbDRe2t9qM4HKqmY7Nx27 -ug++gaYfAPTlY4xSMLV0U4rU0LsNdpyrZdZ8W7HX/XIJZPZ0cP7FUFul3/SgXobB -2aog/eQf+VtiMVPGpUP3XcOp +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDnuCCAiHTpUIaf +Lmzbu2ODPawjSdKsMaaZ/G9uP+pGAJ4/3np04j5mXjne3OtbN2iAClpYdhzbPCoL +uFqfSTlE1JCg5s/6JoCvJQip4T+hTyx4xFVC01lwyL8BRrgPg/ucAA5l4w4VqxpX +7zYz3TSpy9xZt9rII2iIR6GURfZjszK5KzBO/luEfJ9tefiRntwHfposdQY6iIKg +4ahlKE/S9hgpby8NZa4QwNGrg6KmQtevsPgf46GDD5MRimmCqXo3zFIpjF6m3VKX +nMpepFuFADJcijT6aqAkOQ60pta80jPugghHji7FB9KmT01rJloWtuN680orRe/q +e3sxCr21AgMBAAECggEBANd8oa0mOSLoIelScSV+hDJ+XeCLPIGpwrcczDuI8MKc +vI3ExbiA1Wq5YbPhWnX/dwzrk80EOh2fO7KehJfwrnNWAhG/09VbjPxTwlTJBjVq +vX6phmiYx2pdJVN4gp7bLFeMrdcOagC4l80CxjNBGUJ2NLqygaDxXLqvcpHC5jkb +naSkJ5EHCE/PHW3zmiEgmfyAWhrR+s1f2iFCHnw01zuMT8iimLmPsrK8xCEl57np ++X3G1R3q4fKcAmaX5Q1uork6qPhX5SAsF2m0yHZZjeBbNKuMJPSwrM4A5iXiR27s +qjGVn3w1JzDz1759WcP/nOUTWpuzY2AZ2MfKg+OIGJkCgYEA9PqZ3YNks7A1zQ03 +Kr7XrM6mnBGzSppyv1XnCZHhJMXuck1Zg01G7Xjtz761a1wYMze3hDj6Ekhs2z6e +wMtMwWg2WLjkMe/GT1j1g5CbiNzlkDfnswL5ntT+1JcwVDqGCLIY1Awqz4485LDg +J9ucFdrI0uTvzHl6ipYgagU3BusCgYEA8iTQzLIM9d6t6YQWHGkXiMEFQyvvq6ZK +XwpgC5k47DGiaWUEc6g562+LVgKBPlJvLeh4IDe6ku10+JVxEQY/bWne3jNAU0IV +8o+6v8XRfmVuG80tn8cc2wpmeUt5Bke1moef8rSxtnCeuJ7B+Eyr9W5TZcQ37uPd +9UNn3OrjZd8CgYEA7BrWzmpDVPdAcxcIk1cJUJB+fS6GCSHf885b9Jo3TpTBIkKw +Qd7pvBfvw2g/O3CwFjTd1z5+rb5Fw+yPXqrRmBnTPyE7NXGtRG4teZaWgIq9aYin +85yrbkxEKipottUMtzbGvR/Y5t9kith5wZBj16BcKv3gq8Zst0LHjMbn6O8CgYEA +yTxBbqxWSwt52wST356TGWrYdb+Q2kVDr4KO2XTIMrr5L7/tGDVplTlJQfyo7mNR +1IRLOPM3kh3XxTNlGPHpSoPe3SkYv1i/pqs+V1wOQ44GGQLGdO/kEkGtcgaAGPEF +gtxN2EXFH0qvDd2adEE786dxlbShi15COy9+pMFspF8CgYEAmxxOWc7Z4gEYwS9n +2QrhSf2JCbInaZUnv+lr2x4pHUzZlKnY9QD0ta13Ub/uFScPvWQiAATsQTPgzysA +w/uICbjDlF7hXk1+V4F2pxBwMcXEvl95PJ/Vedc1MSldUPH3TbKZpGr+NOXLp5th +Cmg3FMWRvgp8nZ1bsPpm0mXzkSM= -----END PRIVATE KEY----- diff --git a/data/tls/clientCA.crt b/data/tls/clientCA.crt new file mode 100644 index 000000000..90d03f560 --- /dev/null +++ b/data/tls/clientCA.crt @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIIDqDCCApACCQDN74icxWmu/DANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMC +REUxEDAOBgNVBAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDER +MA8GA1UECgwISVRzeXNDT00xDTALBgNVBAsMBHJvb3QxEjAQBgNVBAMMCWxvY2Fs +aG9zdDEjMCEGCSqGSIb3DQEJARYUY29udGFjdEBpdHN5c2NvbS5jb20wHhcNMTgw +NjA0MTMwNDUzWhcNMTgwNzA0MTMwNDUzWjCBljELMAkGA1UEBhMCREUxEDAOBgNV +BAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDERMA8GA1UECgwI +SVRzeXNDT00xDzANBgNVBAsMBmNsaWVudDESMBAGA1UEAwwJbG9jYWxob3N0MSMw +IQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAOe4IICIdOlQhp8ubNu7Y4M9rCNJ0qwxppn8b24/ +6kYAnj/eenTiPmZeOd7c61s3aIAKWlh2HNs8Kgu4Wp9JOUTUkKDmz/omgK8lCKnh +P6FPLHjEVULTWXDIvwFGuA+D+5wADmXjDhWrGlfvNjPdNKnL3Fm32sgjaIhHoZRF +9mOzMrkrME7+W4R8n215+JGe3Ad+mix1BjqIgqDhqGUoT9L2GClvLw1lrhDA0auD +oqZC16+w+B/joYMPkxGKaYKpejfMUimMXqbdUpecyl6kW4UAMlyKNPpqoCQ5DrSm +1rzSM+6CCEeOLsUH0qZPTWsmWha243rzSitF7+p7ezEKvbUCAwEAATANBgkqhkiG +9w0BAQsFAAOCAQEAyaAOowvVT7itzCRIC107I13JxFvj4rP4Thgsw2iRNkHvMkDV +Nui0Wh47TVkZFEFmBPXvDF6g0/5nzqMsBZqNUeN0pkLbd+FOgtKoPg+4SZK0HM+6 +4FjiwdHMopOb13oQ0Z7RubWhbyt5h/e/VIjyomnmf6HoQMLEHXcJyKA7OtH0qwZq +WxAjZvjCUo+Q9D6hgPsguXsgUnwDRl1ofbhDeESRZ+s01tl5znJa/JEjDR6TcAFi +PETPiHaqRZGoPyA021bbnlG4qhYRDRgOsjQN1FC8LFi+Y4LmYhZKLDFjM4tpkdvS +brXjOJ8406k/H+a2Wck4KuFbQvzozkl5GgSqeg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID/TCCAuWgAwIBAgIJAPtQI9LtiBDeMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5o +YWxsMREwDwYDVQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJ +bG9jYWxob3N0MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTAe +Fw0xODA2MDQxMzA0NTNaFw0xODA3MDQxMzA0NTNaMIGUMQswCQYDVQQGEwJERTEQ +MA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5oYWxsMREwDwYD +VQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJbG9jYWxob3N0 +MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAN+V47Xtx0Yn0/pphvK44SII9cjNN5o2pncI +Dp4c2kyOSfS/LYbU4W4S4u5B7BEvmeQ76C98L9nSy0pCDwFI1HdQ56hY46jNX0I8 +633W+zLqFHWokkNo/HxnCBbdixCsxTLlymrwGwMA5zF9f4cuySi78o6lRyN97RC3 +50hFjAXiTmNe9hgzf2imyag2FFVPhXPiMJyOJea+7AKUYsG+nO/lG992Gw9ShyXH +FpcN7Avp+wuTgW4BFyUuQ94oiFthCcH1HtxXsPKse+6DEs7uFezL8xfMLeNbirAO +Iq0ulEQPoF+eGq7Ne04lykdJ41RsWovthNlYifqsrWd/HtYErz8CAwEAAaNQME4w +HQYDVR0OBBYEFCQBBGNhYiWifVlF8q1XYgXFUdLKMB8GA1UdIwQYMBaAFCQBBGNh +YiWifVlF8q1XYgXFUdLKMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AHQRGykgGXU3Mfwi965GJBFx+pmYsEou4o37K/mLRfqCgxkc1NhEjRWtcu0BM4K7 +gPNzZmbvkAgypyb3YByIECQ5ieg3u4vWipq5xW3o/MrCNKIfMOBqDu3/mSiaEwHG +civUcY4NBfbjnDCziKz0cCwfLeljV/Xqa4WPMf9lITbtNTvCKTTPlYgxycT1skXI +XjmnJl1jBLsIke/O2TYHlQyaBz3owKrj2DZypy0ZX6UNb1BOddsjy01R0JgL/RDf +TJLUwRG32prs1mPDe8RbSlM42eZ53cpq0oEOVlxOYJgovn+wC02Dsu/g9UDJ20Uw +hWYtflU5IkMWOIn+YnKCpcs= +-----END CERTIFICATE----- diff --git a/data/tls/script.sh b/data/tls/script.sh new file mode 100755 index 000000000..3b455cdc2 --- /dev/null +++ b/data/tls/script.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +# Generate self signed root CA cert +openssl req -nodes -x509 -newkey rsa:2048 -keyout ca.key -out ca.crt -subj "/C=DE/ST=Bavaria/L=Bad Reichenhall/O=ITsysCOM/OU=root/CN=localhost/emailAddress=contact@itsyscom.com" + +# Generate server cert to be signed +openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=DE/ST=Bavaria/L=Bad Reichenhall/O=ITsysCOM/OU=server/CN=localhost/emailAddress=contact@itsyscom.com" + +# Sign the server cert +openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt + +# Combine server.crt + ca.crt +cat server.crt ca.crt > serverCA.crt + +# Generate client cert to be signed +openssl req -nodes -newkey rsa:2048 -keyout client.key -out client.csr -subj "/C=DE/ST=Bavaria/L=Bad Reichenhall/O=ITsysCOM/OU=client/CN=localhost/emailAddress=contact@itsyscom.com" + +# Sign the client cert +openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAserial ca.srl -out client.crt + +# Combine client.crt + ca.crt +cat client.crt ca.crt > clientCA.crt diff --git a/data/tls/server.crt b/data/tls/server.crt deleted file mode 100644 index ba8a22093..000000000 --- a/data/tls/server.crt +++ /dev/null @@ -1,46 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDqDCCApACCQD7WK5oHdesRTANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMC -REUxEDAOBgNVBAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDER -MA8GA1UECgwISVRzeXNDT00xDTALBgNVBAsMBHJvb3QxEjAQBgNVBAMMCWxvY2Fs -aG9zdDEjMCEGCSqGSIb3DQEJARYUY29udGFjdEBpdHN5c2NvbS5jb20wHhcNMTgw -NjA0MDkyMjM2WhcNMTgwNzA0MDkyMjM2WjCBljELMAkGA1UEBhMCREUxEDAOBgNV -BAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDERMA8GA1UECgwI -SVRzeXNDT00xDzANBgNVBAsMBnNlcnZlcjESMBAGA1UEAwwJbG9jYWxob3N0MSMw -IQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAKqwWEsKp7fHGJkJLBkgAgyoYu7w0zAW4XhDFBsp -Uly3g0IA2ogW8m3lwBwll/uGBrXXnBUw/OQcLlvQc7oq/c849I3fu32lYv/2ipMh -lN358AGW58zA0/FmCOPvJCqtNVA1+DteERZC1QKV4qGonfBaBUqwqWrG9cNVwtl5 -iR6C9ad3d4IYXLERfyk3AL2z6qUNA7GFHQemiY18ZGOzA4KMWmQGqoubiEywb+zC -3i40vuQV19YhBxpdtk4Yo7bNgM5s3gBC531jYCdA3xCD/iVARCVxmATVNaC2hKsX -1LMuqS4BQ54AOnt4SIuZh7fREZXzTARwAnzVsnGvth5TQ2sCAwEAATANBgkqhkiG -9w0BAQsFAAOCAQEALRxkN/8b4ohKdPtMqOgIKqSXmsHNPb8+3oGg2VWSPitAeoNK -cnV8w6psslLIZp8myADYJegHR3fEnrh9ucVZwlYN7XuNvwEFS90IxJLjEeZgQOQD -HTLVFeq1lCEpftLbzR5oKSqKbMjp2yTs30/kYW6vWFkUdInFLGOmY9PObFcofXjG -nrE1OlOc4IB9mnAA3Oy7vZjk1xkvbGnXheEe7BGtxRV3+8rJq7ORhEFP/MZN2LWU -XGBol4o9onBKJf+zR3bPxJOPzI8aQUfdh8cBjtHQNpn2KiL4d5aKDAU8k/lKfOPa -XZNdZheeNEtL7zTH2+NaZQJvaN54h7nMcZetGQ== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID/TCCAuWgAwIBAgIJAKDyy6mFEOjvMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD -VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5o -YWxsMREwDwYDVQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJ -bG9jYWxob3N0MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTAe -Fw0xODA2MDQwOTIyMzZaFw0xODA3MDQwOTIyMzZaMIGUMQswCQYDVQQGEwJERTEQ -MA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5oYWxsMREwDwYD -VQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJbG9jYWxob3N0 -MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBALWp25CMGfnJoXwRkWa2M229seqsQtxl81LX -CSgiz4YixDW9uyVolY3hmnuiQsnCPtykdqpbS+/spGeY+0v+h0Bjii8aqSVwVP5z -eqXlTEGG6ZwA4FTM6S++yY591Z9f8N3CrVp+w+lfuI8cndycD5ylRNMGMQhVTBwL -qBu1Sxw+9QIdj/aB/R9x24l/pbsiknxaFSU0vEjAvN6PJ0RbZPQZqK2+tqEuN5jk -zcUNr1LDz9HVdvDDjgwLO/yGZ+ZksxViMwbDoHRqZnsGDfLcdBtYJ/heiVz++tSY -cHiXEMWfckoHGwixXv7jR9xd8yzB68rQjc3ZCFeq9t7SIvVu0fECAwEAAaNQME4w -HQYDVR0OBBYEFDxuN0Za0g9WVTbVwFdXELA2MTU+MB8GA1UdIwQYMBaAFDxuN0Za -0g9WVTbVwFdXELA2MTU+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB -ADnDCdL3XoXCo7Ns52kt2IZ413fAESvFjlyCjDG7PgfRlXUvLBWSF5puIecQbOHE -iWuuvDM1mXQGNAL7XxYCPjkXAXvtwEsTsD374SIc8ryrNgjVWPP9ozc6D/mxKAyt -Tr6t1+dKghQnQOd+sYH6J8w1XVyrribymFX4HoN3bPD36Pz8KtJtwmU/SRdDQa3L -9D4rNQla/kHc30E6xWgfeUpk170bvEtvZNfKSm6Q3UavJpsiV5Tb4ewui4c0Tqf2 -V04HgBbxb393sA5bpr8M+2bqTRu3DU9vfeDSBUQ183XyDP7UzukEUOpSCCyPLWqD -ubaRobwNlwbyYpzLTd/SApE= ------END CERTIFICATE----- diff --git a/data/tls/server.key b/data/tls/server.key index 6e1d6b9b8..6b10fe11b 100644 --- a/data/tls/server.key +++ b/data/tls/server.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCqsFhLCqe3xxiZ -CSwZIAIMqGLu8NMwFuF4QxQbKVJct4NCANqIFvJt5cAcJZf7hga115wVMPzkHC5b -0HO6Kv3POPSN37t9pWL/9oqTIZTd+fABlufMwNPxZgjj7yQqrTVQNfg7XhEWQtUC -leKhqJ3wWgVKsKlqxvXDVcLZeYkegvWnd3eCGFyxEX8pNwC9s+qlDQOxhR0HpomN -fGRjswOCjFpkBqqLm4hMsG/swt4uNL7kFdfWIQcaXbZOGKO2zYDObN4AQud9Y2An -QN8Qg/4lQEQlcZgE1TWgtoSrF9SzLqkuAUOeADp7eEiLmYe30RGV80wEcAJ81bJx -r7YeU0NrAgMBAAECggEAG+4nRIBF2Yi2ubQKh0H5k+Cp77dwl1nnIyq2y4sDczCE -RfSlzccTfHAv82sjZ4ES8AaL/9u4RgtmepetmDUYuyPywJRvtauue3v4SQMhvQD9 -CQWMgLC8/a9YnROws1sMckeiivRlj2L4QCgOoa1Zys6wNvyZfGN6K7CI5dVBXsCC -t5lmdWE81Elk9dO2/GhgmTTiF6zm52yfajqldEwfg/pNxkgPeS+dHllggAcY0+aA -jpVNnvw77fTXu7DiTRHeFuw+JmuSBBOWZbf3m39HlCPNw4YaH9MnfE04bCUndfQy -UUbi11CXUK8FhBzNMQdJbzC3r2w0JZ1BlX71xmvQ4QKBgQDcipDtlGgPENTNtc4t -MrZDSBErRknbSFBXipji59ayeiM1KnzIwSM+7HqQ8dZmyCRVH/DpykzroSyreSbB -dm03mnC8tleXakfDlmX2TQ9mm9ugLahAdTwBQJXkwLJVMClXyKrs0/70L793ZB3k -kby1ck6DKx/cv9xr3mQBf0jWpQKBgQDGIdzw5G8IdQYj9UFe81+A8JIohNiOs7LY -YGqgitB7C2xBMDuKfHqeaFzbaeOQ0nUkCPIgQ+4ze9jFr8korI7/wT/mZ8P2OuM3 -ILJ8lvw0h+FM/tsQL7MAonlQiJSVHPQftSKtiLShpWx4d7tkLeXlAhOTd+tS3CoW -q7ozfXykzwKBgQCtF8BqB3mooXA0SEYa6Vtt8Skwisk650XPf4NBS+8RQ5VQjBlG -Q3gTUe1cx8KcBuelPB2MkO/QXD7AEqVdYEKWSovDQWX7/Dl5BBjguFinExrMXCla -9ehznypGUQtmmxdHw8KLgFPxeWxQG27uz4eJ7b47auRmENvCediJ6EnV1QKBgQCG -K5BOoKJ/+5844nBuOCjITCDtx2hO2mmWFVSfeuFLMaURT/RCB6GRe+LFwqMUAzDI -QjaUmuvHeWqGFFAIdzIvB1KaWFJff+k1/7JepHANsqZjWYJHJ8Xz/BJi8tqLT5wR -jLv6/8QyYq9dtNb1NA+mUQ2oo2B8MBNgXtIs5CFwCQKBgA29D0ai//HHWDExHE1m -8lQbQRG/mN+K2ej2VOwimkP5pT62f6xgiJIORF9jY0l0O7TvXM+9XRFpexppPx2C -pBwTsr+ItYQOz42DXaOJVMY488IJuXnSz9x3jLHjOCQDj1oLzFCfnFRK56J5Wp5w -8Owg85ga4PAS+UQ7NB8oqu2e +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDsDxGCVh+PNGcX +myPZYCHJFKAITUQqqFPvIIabTu/7NhzpgnOJceihZ/rFWQngqovtrNuqoxPDXcW5 +OIiMVRBBJGXs35Axy8j1mfF3NX99QQXhPSdUIuPCHhAOKdOddUDj2b1W0TzBOpV6 +4WCGz2bV8ncxGJpObKOcci8Mp4suFwSdOUAkgHYhR7ZrYmLjBuzR/7GF7ZGaQRM7 +KQIxATNStqbS6buEipdjXdR9C3hd4O4GcZ8KDaK5Xvuiyeksv1qjWnc32RzLZ4Lp +S+2iPI1gdWMFX9YO/ZzEp14qHvWYM6dForw0q7a3z0uppAgHO4EKVxy+Ag4bC64K +3787Leh3AgMBAAECggEAcSEHkx8TIN5MSdPf6l1X07Y+u7vL32WsU/2ShPvfptTY +JlCObmBYzIG4fLufMDyLsuwUmkJtRkO6bnnZdueNUqrO7iZ2RGcVeB6+yhKpdq2i +078rCfduj6k4qJEDCYMYBhpj0yeTpkcdPDamu/TJo97/oFfaG5uVDXTrd3UUDpGt +ptaewKwWYeORygbdFXEn5Er2CGRfzRfkcTSOu8OG9sqzdz8JzD1R2ywk3/M577Ez +ZPsdxGcJbV4yUx9OXFCc/NyDJhVgXGIPAWB5D2SPJ9iNOt171neqqpTs71rN1YqD +Qgx9Y/22+o4bSKD35pb8kdHbArhtLLpvxQ6RBQCdgQKBgQD/lcfvMIYn4q0GJQPa +zHqT2cgOC1uwJdbbo3Y9CvQZxtHgA2tM+W308JI0c2POVUzPzcraeUsYtXHMe/pX +sP4tkrv5OGY/EQptfqH9/+mBW1aUVbK9Z68a+Tx6eu4FMU+XJr0a8Ij6DUIkewx2 +mXnm2tniIHrYfek89vbnaRkE1QKBgQDscSwm5pZaIOtiTsaK/L2qTXvkAXZL/Wp3 +KOeWdVLZKz6MG+UwPqHNJ5BJeb5n4/jm4D5qUue5cxs46/s+k6DjZwFYSZWA3B7q +F3b9dXtbNbORGob2D955K0Yuov/tROphqBfX57aJFfhN/XUBIXlT86SCThQvtAZu +eUDz1IvOGwKBgFc4aSOCPrYL0BohtaAMWeRs1K2eSKrjLuCDdw072LOXOvYklJCP +KmwFUQ+fNTcruuvLgeduryb+fJhY0sTsPMGWqplRGut4yEM3jNaeZ7RiVDiIyleC +s6oT1gTCQMn62vttF+nCniwfLCxA5a7vjz8t/l8B0Ipi5Z6NdRLhtc0FAoGBALnW +7iQZQ33NuBUJ48Xkh1LvGfyJJajuoxrLnNNGnfqxobTQTCDSaaxtd1w5A2524fDd +ulEpnpbFoVTpLg3uTRvPn1/8XjTtTqMiFFV9XJrBJ8VaO0/2Ax/r4nrPhSbB7xMY +4rzBlFhFW2g5WhisbceNjfUZV4ZzEkcMqP+9RLGXAoGBAJqddcP0fDmGKaEC0THh +jO81CSrMUBFSEfzv2luQujEhsalt8s1jQGl4Lx7ZUdDRiEX6PwA4lDG4SYm+D6r0 +zzWX/OKEEqbTII/eoiBzv1JlshyvRc/LvbThoLTAF7uxQNlOP0b24MeFMCIeoZNb +skv1m4NPGW/EJeZAbzjC2Zxu -----END PRIVATE KEY----- diff --git a/data/tls/serverCA.crt b/data/tls/serverCA.crt new file mode 100644 index 000000000..4e733c1c8 --- /dev/null +++ b/data/tls/serverCA.crt @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIIDqDCCApACCQDN74icxWmu+zANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMC +REUxEDAOBgNVBAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDER +MA8GA1UECgwISVRzeXNDT00xDTALBgNVBAsMBHJvb3QxEjAQBgNVBAMMCWxvY2Fs +aG9zdDEjMCEGCSqGSIb3DQEJARYUY29udGFjdEBpdHN5c2NvbS5jb20wHhcNMTgw +NjA0MTMwNDUzWhcNMTgwNzA0MTMwNDUzWjCBljELMAkGA1UEBhMCREUxEDAOBgNV +BAgMB0JhdmFyaWExGDAWBgNVBAcMD0JhZCBSZWljaGVuaGFsbDERMA8GA1UECgwI +SVRzeXNDT00xDzANBgNVBAsMBnNlcnZlcjESMBAGA1UEAwwJbG9jYWxob3N0MSMw +IQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAOwPEYJWH480ZxebI9lgIckUoAhNRCqoU+8ghptO +7/s2HOmCc4lx6KFn+sVZCeCqi+2s26qjE8Ndxbk4iIxVEEEkZezfkDHLyPWZ8Xc1 +f31BBeE9J1Qi48IeEA4p0511QOPZvVbRPME6lXrhYIbPZtXydzEYmk5so5xyLwyn +iy4XBJ05QCSAdiFHtmtiYuMG7NH/sYXtkZpBEzspAjEBM1K2ptLpu4SKl2Nd1H0L +eF3g7gZxnwoNorle+6LJ6Sy/WqNadzfZHMtngulL7aI8jWB1YwVf1g79nMSnXioe +9Zgzp0WivDSrtrfPS6mkCAc7gQpXHL4CDhsLrgrfvzst6HcCAwEAATANBgkqhkiG +9w0BAQsFAAOCAQEAfJzQqYMO5FvbP8StTc7vdX8QR17fgDZ87PgFj6HGsmIPp/Wa +oYUvmkup48q+3VPyQrrxrFK9Folvd4FEVO56yofbHaAODwPdUmkZTTrIMmexC0jR ++jfvIaq0NfmDpZGyl08SkwmvK8H4N3oLCSF6z2Uiejrlwep18ntE8LCBkEWh910i +mhkw3R4a6lbK/lIGlIVlR04cJdUTaJEO+lBTaEE1Kh90i+peDZLkxypAxOj80RSJ +YuPdHacFtBAm8fgtCUHjWBwcI9lCqOgKQaWw0M/488qp7Uwia3F+6H7rxqGWFpCn +ZuTVxr6HN2P/bL5M/BUmgCaHrG5hfGYBhLzsQA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID/TCCAuWgAwIBAgIJAPtQI9LtiBDeMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5o +YWxsMREwDwYDVQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJ +bG9jYWxob3N0MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTAe +Fw0xODA2MDQxMzA0NTNaFw0xODA3MDQxMzA0NTNaMIGUMQswCQYDVQQGEwJERTEQ +MA4GA1UECAwHQmF2YXJpYTEYMBYGA1UEBwwPQmFkIFJlaWNoZW5oYWxsMREwDwYD +VQQKDAhJVHN5c0NPTTENMAsGA1UECwwEcm9vdDESMBAGA1UEAwwJbG9jYWxob3N0 +MSMwIQYJKoZIhvcNAQkBFhRjb250YWN0QGl0c3lzY29tLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAN+V47Xtx0Yn0/pphvK44SII9cjNN5o2pncI +Dp4c2kyOSfS/LYbU4W4S4u5B7BEvmeQ76C98L9nSy0pCDwFI1HdQ56hY46jNX0I8 +633W+zLqFHWokkNo/HxnCBbdixCsxTLlymrwGwMA5zF9f4cuySi78o6lRyN97RC3 +50hFjAXiTmNe9hgzf2imyag2FFVPhXPiMJyOJea+7AKUYsG+nO/lG992Gw9ShyXH +FpcN7Avp+wuTgW4BFyUuQ94oiFthCcH1HtxXsPKse+6DEs7uFezL8xfMLeNbirAO +Iq0ulEQPoF+eGq7Ne04lykdJ41RsWovthNlYifqsrWd/HtYErz8CAwEAAaNQME4w +HQYDVR0OBBYEFCQBBGNhYiWifVlF8q1XYgXFUdLKMB8GA1UdIwQYMBaAFCQBBGNh +YiWifVlF8q1XYgXFUdLKMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +AHQRGykgGXU3Mfwi965GJBFx+pmYsEou4o37K/mLRfqCgxkc1NhEjRWtcu0BM4K7 +gPNzZmbvkAgypyb3YByIECQ5ieg3u4vWipq5xW3o/MrCNKIfMOBqDu3/mSiaEwHG +civUcY4NBfbjnDCziKz0cCwfLeljV/Xqa4WPMf9lITbtNTvCKTTPlYgxycT1skXI +XjmnJl1jBLsIke/O2TYHlQyaBz3owKrj2DZypy0ZX6UNb1BOddsjy01R0JgL/RDf +TJLUwRG32prs1mPDe8RbSlM42eZ53cpq0oEOVlxOYJgovn+wC02Dsu/g9UDJ20Uw +hWYtflU5IkMWOIn+YnKCpcs= +-----END CERTIFICATE----- diff --git a/engine/filters.go b/engine/filters.go index b9ca7346e..e90663322 100644 --- a/engine/filters.go +++ b/engine/filters.go @@ -65,7 +65,8 @@ func (fS *FilterS) connStatS() (err error) { if fS.statSConns != nil { // connection was populated between locks return } - fS.statSConns, err = NewRPCPool(rpcclient.POOL_FIRST, fS.cfg.ConnectAttempts, fS.cfg.Reconnects, fS.cfg.ConnectTimeout, fS.cfg.ReplyTimeout, + fS.statSConns, err = NewRPCPool(rpcclient.POOL_FIRST, fS.cfg.TLSClientKey, fS.cfg.TLSClientCerificate, + fS.cfg.ConnectAttempts, fS.cfg.Reconnects, fS.cfg.ConnectTimeout, fS.cfg.ReplyTimeout, fS.cfg.FilterSCfg().StatSConns, fS.statSChan, fS.cfg.InternalTtl) return } diff --git a/engine/libengine.go b/engine/libengine.go index 889e0b469..6a9fad22a 100644 --- a/engine/libengine.go +++ b/engine/libengine.go @@ -28,8 +28,9 @@ import ( "github.com/cgrates/rpcclient" ) -func NewRPCPool(dispatchStrategy string, connAttempts, reconnects int, connectTimeout, replyTimeout time.Duration, - rpcConnCfgs []*config.HaPoolConfig, internalConnChan chan rpcclient.RpcClientConnection, ttl time.Duration) (*rpcclient.RpcClientPool, error) { +func NewRPCPool(dispatchStrategy, key_path, cert_path string, connAttempts, reconnects int, + connectTimeout, replyTimeout time.Duration, rpcConnCfgs []*config.HaPoolConfig, + internalConnChan chan rpcclient.RpcClientConnection, ttl time.Duration) (*rpcclient.RpcClientPool, error) { var rpcClient *rpcclient.RpcClient var err error rpcPool := rpcclient.NewRpcClientPool(dispatchStrategy, replyTimeout) @@ -43,13 +44,13 @@ func NewRPCPool(dispatchStrategy string, connAttempts, reconnects int, connectTi case <-time.After(ttl): return nil, errors.New("TTL triggered") } - rpcClient, err = rpcclient.NewRpcClient("", "", "", "", connAttempts, reconnects, connectTimeout, replyTimeout, rpcclient.INTERNAL_RPC, internalConn, false) + rpcClient, err = rpcclient.NewRpcClient("", "", key_path, cert_path, connAttempts, reconnects, connectTimeout, replyTimeout, rpcclient.INTERNAL_RPC, internalConn, false) } else if utils.IsSliceMember([]string{utils.MetaJSONrpc, utils.MetaGOBrpc, ""}, rpcConnCfg.Transport) { codec := utils.GOB if rpcConnCfg.Transport != "" { codec = rpcConnCfg.Transport[1:] // Transport contains always * before codec understood by rpcclient } - rpcClient, err = rpcclient.NewRpcClient("tcp", rpcConnCfg.Address, "", "", connAttempts, reconnects, connectTimeout, replyTimeout, codec, nil, false) + rpcClient, err = rpcclient.NewRpcClient("tcp", rpcConnCfg.Address, key_path, cert_path, connAttempts, reconnects, connectTimeout, replyTimeout, codec, nil, false) } else { return nil, fmt.Errorf("Unsupported transport: <%s>", rpcConnCfg.Transport) } diff --git a/general_tests/tls_it_test.go b/general_tests/tls_it_test.go new file mode 100755 index 000000000..531377fa1 --- /dev/null +++ b/general_tests/tls_it_test.go @@ -0,0 +1,122 @@ +// +build integration + +/* +Real-time Online/Offline Charging System (OCS) for Telecom & ISP environments +Copyright (C) ITsysCOM GmbH + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see +*/ +package general_tests + +import ( + "path" + "testing" + "time" + + "github.com/cgrates/cgrates/config" + "github.com/cgrates/cgrates/engine" + "github.com/cgrates/cgrates/utils" + "github.com/cgrates/rpcclient" +) + +var ( + tlsCfgPath string + tlsCfg *config.CGRConfig + tlsRpcClientJson *rpcclient.RpcClient + tlsRpcClientGob *rpcclient.RpcClient + tlsConfDIR string //run tests for specific configuration + tlsDelay int +) + +var sTestsTLS = []func(t *testing.T){ + testTLSLoadConfig, + testTLSInitDataDb, + testTLSStartEngine, + testTLSRpcConn, + testTLSPing, + testTLSStopEngine, +} + +// Test start here +func TestTLS(t *testing.T) { + tlsConfDIR = "tls" + for _, stest := range sTestsTLS { + t.Run(tlsConfDIR, stest) + } +} + +func testTLSLoadConfig(t *testing.T) { + var err error + tlsCfgPath = path.Join(*dataDir, "conf", "samples", tlsConfDIR) + if tlsCfg, err = config.NewCGRConfigFromFolder(tlsCfgPath); err != nil { + t.Error(err) + } + tlsDelay = 2000 +} + +func testTLSInitDataDb(t *testing.T) { + if err := engine.InitDataDb(tlsCfg); err != nil { + t.Fatal(err) + } +} + +func testTLSStartEngine(t *testing.T) { + if _, err := engine.StopStartEngine(tlsCfgPath, tlsDelay); err != nil { + t.Fatal(err) + } +} + +func testTLSRpcConn(t *testing.T) { + var err error + tlsRpcClientJson, err = rpcclient.NewRpcClient("tcp", "localhost:2022", tlsCfg.TLSClientKey, + tlsCfg.TLSClientCerificate, 3, 3, + time.Duration(1*time.Second), time.Duration(5*time.Minute), utils.JSON, nil, false) + if err != nil { + t.Errorf("Error: %s when dialing", err) + } + + tlsRpcClientGob, err = rpcclient.NewRpcClient("tcp", "localhost:2023", tlsCfg.TLSClientKey, + tlsCfg.TLSClientCerificate, 3, 3, + time.Duration(1*time.Second), time.Duration(5*time.Minute), utils.GOB, nil, false) + if err != nil { + t.Errorf("Error: %s when dialing", err) + } +} + +func testTLSPing(t *testing.T) { + var reply string + + if err := tlsRpcClientJson.Call(utils.ThresholdSv1Ping, "", &reply); err != nil { + t.Error(err) + } else if reply != utils.Pong { + t.Errorf("Received: %s", reply) + } + if err := tlsRpcClientGob.Call(utils.ThresholdSv1Ping, "", &reply); err != nil { + t.Error(err) + } else if reply != utils.Pong { + t.Errorf("Received: %s", reply) + } + if err := tlsRpcClientJson.Call(utils.DispatcherSv1Ping, "", &reply); err == nil { + t.Error(err) + } + if err := tlsRpcClientGob.Call(utils.DispatcherSv1Ping, "", &reply); err == nil { + t.Error(err) + } +} + +func testTLSStopEngine(t *testing.T) { + if err := engine.KillEngine(100); err != nil { + t.Error(err) + } +}