diff --git a/deps/rabbit/priv/schema/rabbit.schema b/deps/rabbit/priv/schema/rabbit.schema index 372de9dd101a..589d157d79af 100644 --- a/deps/rabbit/priv/schema/rabbit.schema +++ b/deps/rabbit/priv/schema/rabbit.schema @@ -175,10 +175,10 @@ end}. {datatype, {enum, [true, false]}}]}. {mapping, "definitions.tls.cacertfile", "rabbit.definitions.ssl_options.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "definitions.tls.certfile", "rabbit.definitions.ssl_options.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "definitions.tls.cert", "rabbit.definitions.ssl_options.cert", [{datatype, string}]}. @@ -214,7 +214,7 @@ fun(Conf) -> end}. {mapping, "definitions.tls.keyfile", "rabbit.definitions.ssl_options.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "definitions.tls.log_alert", "rabbit.definitions.ssl_options.log_alert", [{datatype, {enum, [true, false]}}]}. @@ -316,10 +316,10 @@ end}. {datatype, {enum, [true, false]}}]}. {mapping, "ssl_options.cacertfile", "rabbit.ssl_options.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "ssl_options.certfile", "rabbit.ssl_options.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "ssl_options.cert", "rabbit.ssl_options.cert", [{datatype, string}]}. @@ -373,7 +373,7 @@ fun(Conf) -> end}. {mapping, "ssl_options.keyfile", "rabbit.ssl_options.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "ssl_options.log_level", "rabbit.ssl_options.log_level", [{datatype, {enum, [emergency, alert, critical, error, warning, notice, info, debug]}}]}. @@ -1915,10 +1915,10 @@ end}. {datatype, {enum, [true, false]}}]}. {mapping, "log.syslog.ssl_options.cacertfile", "syslog.protocol", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "log.syslog.ssl_options.certfile", "syslog.protocol", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "log.syslog.ssl_options.cert", "syslog.protocol", [{datatype, string}]}. @@ -1954,7 +1954,7 @@ end}. [{datatype, string}]}. {mapping, "log.syslog.ssl_options.keyfile", "syslog.protocol", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "log.syslog.ssl_options.log_alert", "syslog.protocol", [{datatype, {enum, [true, false]}}]}. @@ -2889,6 +2889,14 @@ fun(File) -> end end}. +{validator, "pem_file", "PEM file does not exist, cannot be read, or does not contain valid X509 certificate data", +fun(File) -> + case file:read_file(File) of + {ok, Bin} -> public_key:pem_decode(Bin) =/= []; + _ -> false + end +end}. + {validator, "is_ip", "value should be a valid IP address", fun(IpStr) -> Res = inet:parse_address(IpStr), diff --git a/deps/rabbit/test/config_schema_SUITE_data/certs/ca_certificate.pem b/deps/rabbit/test/config_schema_SUITE_data/certs/ca_certificate.pem new file mode 100644 index 000000000000..14342cbc6956 --- /dev/null +++ b/deps/rabbit/test/config_schema_SUITE_data/certs/ca_certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL +BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0 +VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa +Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290 +Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN +Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO +VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le +XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+ +Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY +x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB +AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG +XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y +kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/ +1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3 +H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU +zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX +M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq +CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw== +-----END CERTIFICATE----- diff --git a/deps/rabbit/test/config_schema_SUITE_data/certs/cacert.pem b/deps/rabbit/test/config_schema_SUITE_data/certs/cacert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbit/test/config_schema_SUITE_data/certs/cacert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbit/test/config_schema_SUITE_data/certs/cert.pem b/deps/rabbit/test/config_schema_SUITE_data/certs/cert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbit/test/config_schema_SUITE_data/certs/cert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbit/test/config_schema_SUITE_data/certs/key.pem b/deps/rabbit/test/config_schema_SUITE_data/certs/key.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbit/test/config_schema_SUITE_data/certs/key.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbit/test/config_schema_SUITE_data/certs/server_certificate.pem b/deps/rabbit/test/config_schema_SUITE_data/certs/server_certificate.pem new file mode 100644 index 000000000000..76b473ceb11a --- /dev/null +++ b/deps/rabbit/test/config_schema_SUITE_data/certs/server_certificate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH +ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w +CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES +MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN +4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF +rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn +0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2 +bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb +Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD +VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd +BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp +yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2 +ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG +kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM +7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l +I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk +8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT +mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R +Oc6FM20= +-----END CERTIFICATE----- diff --git a/deps/rabbit/test/config_schema_SUITE_data/certs/server_key.pem b/deps/rabbit/test/config_schema_SUITE_data/certs/server_key.pem new file mode 100644 index 000000000000..0fd267064015 --- /dev/null +++ b/deps/rabbit/test/config_schema_SUITE_data/certs/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+ +R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83 +XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT +AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN +13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg +ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b +WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0 +cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P +8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh +wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/ +qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy +ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7 +fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB +8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI +T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5 +gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw +GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY +Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU +6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC +txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG +fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz +yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y +YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M +MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo +Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56 +IXyt2dPxMIunzSDmAdcLGhFd +-----END PRIVATE KEY----- diff --git a/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets b/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets index ecacab5d6290..1c64587ec895 100644 --- a/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets +++ b/deps/rabbit/test/config_schema_SUITE_data/rabbit.snippets @@ -70,16 +70,16 @@ auth_backends.2 = internal", [{rabbit_auth_backend_ldap,rabbit_auth_backend_ldap}]}]}], []}, {ssl_options, - "ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem -ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem -ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + "ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem +ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem +ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = true", [{rabbit, [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {verify,verify_peer}, {fail_if_no_peer_cert,true}]}]}], []}, @@ -579,55 +579,55 @@ tcp_listen_options.exit_on_close = false", []}, {ssl_options_verify_peer, "listeners.ssl.1 = 5671 - ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = false", [{rabbit, [{ssl_listeners,[5671]}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {verify,verify_peer}, {fail_if_no_peer_cert,false}]}]}], []}, {ssl_options_password, "listeners.ssl.1 = 5671 - ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.password = t0p$3kRe7", [{rabbit, [{ssl_listeners,[5671]}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {password,<<"t0p$3kRe7">>}]}]}], []}, {ssl_options_encrypted_password, "listeners.ssl.1 = 5671 - ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.password = encrypted:GhC4J5lh2DUkbdyKO0aMI8aYJ54mwe4eEWzou4yRFAHMF82IbD6cRiYAiBa8UIzR", [{rabbit, [{ssl_listeners,[5671]}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {password, {encrypted, <<"GhC4J5lh2DUkbdyKO0aMI8aYJ54mwe4eEWzou4yRFAHMF82IbD6cRiYAiBa8UIzR">>}}]}]}], []}, {ssl_options_tls_ver_old, "listeners.ssl.1 = 5671 - ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.versions.tls1_2 = tlsv1.2 ssl_options.versions.tls1_1 = tlsv1.1 ssl_options.versions.tls1 = tlsv1", @@ -636,16 +636,16 @@ tcp_listen_options.exit_on_close = false", {rabbit, [{ssl_listeners,[5671]}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {versions,['tlsv1.2','tlsv1.1',tlsv1]}]}]}], []}, {ssl_options_tls_ver_new, "listeners.ssl.1 = 5671 - ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.versions.tls1_2 = tlsv1.2 ssl_options.versions.tls1_1 = tlsv1.1", [{ssl,[{versions,['tlsv1.2','tlsv1.1']}]}], @@ -653,17 +653,17 @@ tcp_listen_options.exit_on_close = false", {rabbit, [{ssl_listeners,[5671]}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {versions,['tlsv1.2','tlsv1.1']}]}]}], []}, {ssl_options_ciphers, "listeners.ssl.1 = 5671 - ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.versions.1 = tlsv1.2 ssl_options.versions.2 = tlsv1.1 ssl_options.ciphers.1 = ECDHE-ECDSA-AES256-GCM-SHA384 @@ -680,7 +680,7 @@ tcp_listen_options.exit_on_close = false", {rabbit, [{ssl_listeners,[5671]}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, {ciphers, [ "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", @@ -692,88 +692,88 @@ tcp_listen_options.exit_on_close = false", "ECDH-RSA-AES256-SHA384", "DHE-RSA-AES256-GCM-SHA384" ]}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {versions,['tlsv1.2','tlsv1.1']}]}]}], []}, {ssl_options_allow_poodle, "listeners.ssl.1 = 5671 ssl_allow_poodle_attack = true - ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = false", [{rabbit, [{ssl_listeners,[5671]}, {ssl_allow_poodle_attack,true}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {verify,verify_peer}, {fail_if_no_peer_cert,false}]}]}], []}, {ssl_options_depth, "listeners.ssl.1 = 5671 - ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.depth = 2 ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = false", [{rabbit, [{ssl_listeners,[5671]}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {depth,2}, {verify,verify_peer}, {fail_if_no_peer_cert,false}]}]}], []}, {ssl_options_depth_0, "listeners.ssl.1 = 5671 - ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.depth = 0 ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = false", [{rabbit, [{ssl_listeners,[5671]}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {depth,0}, {verify,verify_peer}, {fail_if_no_peer_cert,false}]}]}], []}, {ssl_options_depth_255, "listeners.ssl.1 = 5671 - ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.depth = 255 ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = false", [{rabbit, [{ssl_listeners,[5671]}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {depth,255}, {verify,verify_peer}, {fail_if_no_peer_cert,false}]}]}], []}, {ssl_options_honor_cipher_order, "listeners.ssl.1 = 5671 - ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.depth = 2 ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = false @@ -781,9 +781,9 @@ tcp_listen_options.exit_on_close = false", [{rabbit, [{ssl_listeners,[5671]}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {depth,2}, {verify,verify_peer}, {fail_if_no_peer_cert, false}, @@ -791,9 +791,9 @@ tcp_listen_options.exit_on_close = false", []}, {ssl_options_honor_ecc_order, "listeners.ssl.1 = 5671 - ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.depth = 2 ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = false @@ -801,9 +801,9 @@ tcp_listen_options.exit_on_close = false", [{rabbit, [{ssl_listeners,[5671]}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {depth,2}, {verify,verify_peer}, {fail_if_no_peer_cert, false}, diff --git a/deps/rabbitmq_auth_backend_http/priv/schema/rabbitmq_auth_backend_http.schema b/deps/rabbitmq_auth_backend_http/priv/schema/rabbitmq_auth_backend_http.schema index 426575d18921..6ba3c0df7621 100644 --- a/deps/rabbitmq_auth_backend_http/priv/schema/rabbitmq_auth_backend_http.schema +++ b/deps/rabbitmq_auth_backend_http/priv/schema/rabbitmq_auth_backend_http.schema @@ -47,10 +47,10 @@ end}. {datatype, {enum, [true, false]}}]}. {mapping, "auth_http.ssl_options.cacertfile", "rabbitmq_auth_backend_http.ssl_options.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "auth_http.ssl_options.certfile", "rabbitmq_auth_backend_http.ssl_options.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "auth_http.ssl_options.cert", "rabbitmq_auth_backend_http.ssl_options.cert", [{datatype, string}]}. @@ -104,7 +104,7 @@ fun(Conf) -> end}. {mapping, "auth_http.ssl_options.keyfile", "rabbitmq_auth_backend_http.ssl_options.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "auth_http.ssl_options.log_alert", "rabbitmq_auth_backend_http.ssl_options.log_alert", [{datatype, {enum, [true, false]}}]}. diff --git a/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/ca_certificate.pem b/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/ca_certificate.pem new file mode 100644 index 000000000000..14342cbc6956 --- /dev/null +++ b/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/ca_certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL +BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0 +VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa +Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290 +Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN +Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO +VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le +XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+ +Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY +x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB +AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG +XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y +kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/ +1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3 +H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU +zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX +M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq +CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw== +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/invalid_cacert.pem b/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/invalid_cacert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/invalid_cacert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/invalid_cert.pem b/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/invalid_cert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/invalid_cert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/invalid_key.pem b/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/invalid_key.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/invalid_key.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/server_certificate.pem b/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/server_certificate.pem new file mode 100644 index 000000000000..76b473ceb11a --- /dev/null +++ b/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/server_certificate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH +ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w +CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES +MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN +4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF +rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn +0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2 +bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb +Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD +VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd +BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp +yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2 +ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG +kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM +7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l +I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk +8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT +mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R +Oc6FM20= +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/server_key.pem b/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/server_key.pem new file mode 100644 index 000000000000..0fd267064015 --- /dev/null +++ b/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/certs/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+ +R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83 +XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT +AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN +13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg +ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b +WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0 +cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P +8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh +wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/ +qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy +ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7 +fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB +8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI +T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5 +gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw +GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY +Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU +6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC +txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG +fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz +yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y +YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M +MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo +Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56 +IXyt2dPxMIunzSDmAdcLGhFd +-----END PRIVATE KEY----- diff --git a/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/rabbitmq_auth_backend_http.snippets b/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/rabbitmq_auth_backend_http.snippets index 7d630e6dfca4..ed7f12bde92e 100644 --- a/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/rabbitmq_auth_backend_http.snippets +++ b/deps/rabbitmq_auth_backend_http/test/config_schema_SUITE_data/rabbitmq_auth_backend_http.snippets @@ -40,110 +40,110 @@ {resource_path,"http://some-server/auth/resource"}]}], [rabbitmq_auth_backend_http]}, {ssl_options, - "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/invalid_cacert.pem - auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/invalid_cert.pem - auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/invalid_key.pem + "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_http.ssl_options.verify = verify_peer auth_http.ssl_options.fail_if_no_peer_cert = true", [{rabbitmq_auth_backend_http, [ {ssl_options, - [{cacertfile, "test/config_schema_SUITE_data/certs/invalid_cacert.pem"}, - {certfile, "test/config_schema_SUITE_data/certs/invalid_cert.pem"}, - {keyfile, "test/config_schema_SUITE_data/certs/invalid_key.pem"}, + [{cacertfile, "test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile, "test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile, "test/config_schema_SUITE_data/certs/server_key.pem"}, {verify, verify_peer}, {fail_if_no_peer_cert, true}]} ]}], [rabbitmq_auth_backend_http]}, {ssl_options_verify_peer, - "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/invalid_cacert.pem - auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/invalid_cert.pem - auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/invalid_key.pem + "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_http.ssl_options.verify = verify_peer auth_http.ssl_options.fail_if_no_peer_cert = false", [{rabbitmq_auth_backend_http, [ {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/invalid_cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/invalid_cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/invalid_key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {verify,verify_peer}, {fail_if_no_peer_cert,false}]}]}], []}, {ssl_options_password, - "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/invalid_cacert.pem - auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/invalid_cert.pem - auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/invalid_key.pem + "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_http.ssl_options.password = t0p$3kRe7", [{rabbitmq_auth_backend_http, [ {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/invalid_cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/invalid_cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/invalid_key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {password,<<"t0p$3kRe7">>}]}]}], []}, {ssl_options_tls_versions, - "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/invalid_cacert.pem - auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/invalid_cert.pem - auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/invalid_key.pem + "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_http.ssl_options.versions.tls1_2 = tlsv1.2 auth_http.ssl_options.versions.tls1_1 = tlsv1.1", [], [{rabbitmq_auth_backend_http, [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/invalid_cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/invalid_cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/invalid_key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {versions,['tlsv1.2','tlsv1.1']}]} ]}], []}, {ssl_options_depth, - "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/invalid_cacert.pem - auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/invalid_cert.pem - auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/invalid_key.pem + "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_http.ssl_options.depth = 2 auth_http.ssl_options.verify = verify_peer auth_http.ssl_options.fail_if_no_peer_cert = false", [{rabbitmq_auth_backend_http, [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/invalid_cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/invalid_cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/invalid_key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {depth,2}, {verify,verify_peer}, {fail_if_no_peer_cert,false}]}]}], []}, {ssl_options_honor_cipher_order, - "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/invalid_cacert.pem - auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/invalid_cert.pem - auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/invalid_key.pem + "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_http.ssl_options.depth = 2 auth_http.ssl_options.verify = verify_peer auth_http.ssl_options.fail_if_no_peer_cert = false auth_http.ssl_options.honor_cipher_order = true", [{rabbitmq_auth_backend_http, [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/invalid_cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/invalid_cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/invalid_key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {depth,2}, {verify,verify_peer}, {fail_if_no_peer_cert, false}, {honor_cipher_order, true}]}]}], []}, {ssl_options_honor_ecc_order, - "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/invalid_cacert.pem - auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/invalid_cert.pem - auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/invalid_key.pem + "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_http.ssl_options.depth = 2 auth_http.ssl_options.verify = verify_peer auth_http.ssl_options.fail_if_no_peer_cert = false auth_http.ssl_options.honor_ecc_order = true", [{rabbitmq_auth_backend_http, [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/invalid_cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/invalid_cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/invalid_key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {depth,2}, {verify,verify_peer}, {fail_if_no_peer_cert, false}, @@ -151,44 +151,44 @@ ]}], []}, {ssl_options_sni_disabled, - "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/invalid_cacert.pem - auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/invalid_cert.pem - auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/invalid_key.pem + "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_http.ssl_options.versions.tls1_2 = tlsv1.2 auth_http.ssl_options.versions.tls1_1 = tlsv1.1 auth_http.ssl_options.sni = none", [], [{rabbitmq_auth_backend_http, [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/invalid_cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/invalid_cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/invalid_key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {versions,['tlsv1.2','tlsv1.1']}] }] }], []}, {ssl_options_sni_hostname, - "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/invalid_cacert.pem - auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/invalid_cert.pem - auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/invalid_key.pem + "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_http.ssl_options.versions.tls1_2 = tlsv1.2 auth_http.ssl_options.versions.tls1_1 = tlsv1.1 auth_http.ssl_options.sni = hostname.dev", [], [{rabbitmq_auth_backend_http, [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/invalid_cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/invalid_cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/invalid_key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {versions,['tlsv1.2','tlsv1.1']}, {server_name_indication, "hostname.dev"} ]} ]}], []}, {ssl_options_hostname_verification_wildcard, - "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/invalid_cacert.pem - auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/invalid_cert.pem - auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/invalid_key.pem + "auth_http.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_http.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_http.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_http.ssl_options.versions.tls1_2 = tlsv1.2 auth_http.ssl_options.versions.tls1_1 = tlsv1.1 auth_http.ssl_options.hostname_verification = wildcard", @@ -197,9 +197,9 @@ [ {ssl_hostname_verification, wildcard}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/invalid_cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/invalid_cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/invalid_key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {versions,['tlsv1.2','tlsv1.1']} ]} ]}], diff --git a/deps/rabbitmq_auth_backend_ldap/priv/schema/rabbitmq_auth_backend_ldap.schema b/deps/rabbitmq_auth_backend_ldap/priv/schema/rabbitmq_auth_backend_ldap.schema index 1e8d338df320..5c8f27c5922b 100644 --- a/deps/rabbitmq_auth_backend_ldap/priv/schema/rabbitmq_auth_backend_ldap.schema +++ b/deps/rabbitmq_auth_backend_ldap/priv/schema/rabbitmq_auth_backend_ldap.schema @@ -227,10 +227,10 @@ end}. {datatype, {enum, [true, false]}}]}. {mapping, "auth_ldap.ssl_options.cacertfile", "rabbitmq_auth_backend_ldap.ssl_options.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "auth_ldap.ssl_options.certfile", "rabbitmq_auth_backend_ldap.ssl_options.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "auth_ldap.ssl_options.cert", "rabbitmq_auth_backend_ldap.ssl_options.cert", [{datatype, string}]}. @@ -284,7 +284,7 @@ fun(Conf) -> end}. {mapping, "auth_ldap.ssl_options.keyfile", "rabbitmq_auth_backend_ldap.ssl_options.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "auth_ldap.ssl_options.log_alert", "rabbitmq_auth_backend_ldap.ssl_options.log_alert", [{datatype, {enum, [true, false]}}]}. diff --git a/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/ca_certificate.pem b/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/ca_certificate.pem new file mode 100644 index 000000000000..14342cbc6956 --- /dev/null +++ b/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/ca_certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL +BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0 +VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa +Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290 +Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN +Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO +VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le +XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+ +Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY +x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB +AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG +XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y +kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/ +1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3 +H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU +zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX +M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq +CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw== +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/cacert.pem b/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/cacert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/cacert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/cert.pem b/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/cert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/cert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/key.pem b/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/key.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/key.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/server_certificate.pem b/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/server_certificate.pem new file mode 100644 index 000000000000..76b473ceb11a --- /dev/null +++ b/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/server_certificate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH +ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w +CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES +MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN +4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF +rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn +0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2 +bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb +Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD +VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd +BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp +yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2 +ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG +kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM +7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l +I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk +8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT +mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R +Oc6FM20= +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/server_key.pem b/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/server_key.pem new file mode 100644 index 000000000000..0fd267064015 --- /dev/null +++ b/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/certs/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+ +R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83 +XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT +AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN +13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg +ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b +WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0 +cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P +8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh +wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/ +qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy +ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7 +fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB +8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI +T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5 +gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw +GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY +Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU +6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC +txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG +fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz +yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y +YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M +MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo +Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56 +IXyt2dPxMIunzSDmAdcLGhFd +-----END PRIVATE KEY----- diff --git a/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/rabbitmq_auth_backend_ldap.snippets b/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/rabbitmq_auth_backend_ldap.snippets index db2facaa8cb5..adc25d8b8a0e 100644 --- a/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/rabbitmq_auth_backend_ldap.snippets +++ b/deps/rabbitmq_auth_backend_ldap/test/config_schema_SUITE_data/rabbitmq_auth_backend_ldap.snippets @@ -155,17 +155,17 @@ {ssl_options, "auth_ldap.use_ssl = true - auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_ldap.ssl_options.verify = verify_peer auth_ldap.ssl_options.fail_if_no_peer_cert = true", [{rabbitmq_auth_backend_ldap, [ {use_ssl, true}, {ssl_options, - [{cacertfile, "test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile, "test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile, "test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile, "test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile, "test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile, "test/config_schema_SUITE_data/certs/server_key.pem"}, {verify, verify_peer}, {fail_if_no_peer_cert, true}]} ]}], @@ -173,73 +173,73 @@ {ssl_options_verify_peer, "auth_ldap.use_ssl = true - auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_ldap.ssl_options.verify = verify_peer auth_ldap.ssl_options.fail_if_no_peer_cert = false", [{rabbitmq_auth_backend_ldap, [{use_ssl, true}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {verify,verify_peer}, {fail_if_no_peer_cert,false}]}]}], []}, {ssl_options_password, "auth_ldap.use_ssl = true - auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_ldap.ssl_options.password = t0p$3kRe7", [{rabbitmq_auth_backend_ldap, [{use_ssl, true}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {password,"t0p$3kRe7"}]}]}], []}, {ssl_options_tls_versions, "auth_ldap.use_ssl = true - auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_ldap.ssl_options.versions.tls1_2 = tlsv1.2 auth_ldap.ssl_options.versions.tls1_1 = tlsv1.1", [], [{rabbitmq_auth_backend_ldap, [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {versions,['tlsv1.2','tlsv1.1']}]}, {use_ssl, true}]}], []}, {ssl_options_depth, "auth_ldap.use_ssl = true - auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_ldap.ssl_options.depth = 2 auth_ldap.ssl_options.verify = verify_peer auth_ldap.ssl_options.fail_if_no_peer_cert = false", [{rabbitmq_auth_backend_ldap, [{use_ssl, true}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {depth,2}, {verify,verify_peer}, {fail_if_no_peer_cert,false}]}]}], []}, {ssl_options_honor_cipher_order, "auth_ldap.use_ssl = true - auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_ldap.ssl_options.depth = 2 auth_ldap.ssl_options.verify = verify_peer auth_ldap.ssl_options.fail_if_no_peer_cert = false @@ -247,9 +247,9 @@ [{rabbitmq_auth_backend_ldap, [{use_ssl, true}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {depth,2}, {verify,verify_peer}, {fail_if_no_peer_cert, false}, @@ -257,9 +257,9 @@ []}, {ssl_options_honor_ecc_order, "auth_ldap.use_ssl = true - auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_ldap.ssl_options.depth = 2 auth_ldap.ssl_options.verify = verify_peer auth_ldap.ssl_options.fail_if_no_peer_cert = false @@ -267,9 +267,9 @@ [{rabbitmq_auth_backend_ldap, [{use_ssl, true}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {depth,2}, {verify,verify_peer}, {fail_if_no_peer_cert, false}, @@ -278,9 +278,9 @@ {ssl_options_sni_disabled, "auth_ldap.use_ssl = true - auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_ldap.ssl_options.versions.tls1_2 = tlsv1.2 auth_ldap.ssl_options.versions.tls1_1 = tlsv1.1 @@ -288,9 +288,9 @@ [], [{rabbitmq_auth_backend_ldap, [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {versions,['tlsv1.2','tlsv1.1']}] }, {use_ssl, true}]}], @@ -298,9 +298,9 @@ {ssl_options_sni_hostname, "auth_ldap.use_ssl = true - auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_ldap.ssl_options.versions.tls1_2 = tlsv1.2 auth_ldap.ssl_options.versions.tls1_1 = tlsv1.1 @@ -308,9 +308,9 @@ [], [{rabbitmq_auth_backend_ldap, [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {versions,['tlsv1.2','tlsv1.1']}, {server_name_indication, "hostname.dev"} ]}, @@ -319,9 +319,9 @@ {ssl_options_hostname_verification_wildcard, "auth_ldap.use_ssl = true - auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + auth_ldap.ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + auth_ldap.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + auth_ldap.ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem auth_ldap.ssl_options.versions.tls1_2 = tlsv1.2 auth_ldap.ssl_options.versions.tls1_1 = tlsv1.1 @@ -331,9 +331,9 @@ [ {ssl_hostname_verification, wildcard}, {ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {versions,['tlsv1.2','tlsv1.1']} ]}, {use_ssl, true}]}], diff --git a/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema b/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema index a438fcb85d1a..c8488e674b2e 100644 --- a/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema +++ b/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema @@ -145,7 +145,7 @@ {mapping, "auth_oauth2.signing_keys.$name", "rabbitmq_auth_backend_oauth2.key_config.signing_keys", - [{datatype, file}, {validators, ["file_accessible"]}]}. + [{datatype, file}, {validators, ["pem_file"]}]}. {translation, "rabbitmq_auth_backend_oauth2.key_config.signing_keys", @@ -234,7 +234,7 @@ {mapping, "auth_oauth2.https.cacertfile", "rabbitmq_auth_backend_oauth2.key_config.cacertfile", - [{datatype, file}, {validators, ["file_accessible"]}]}. + [{datatype, file}, {validators, ["pem_file"]}]}. {mapping, "auth_oauth2.https.depth", @@ -315,7 +315,7 @@ {mapping, "auth_oauth2.oauth_providers.$name.https.cacertfile", "rabbitmq_auth_backend_oauth2.oauth_providers", - [{datatype, file}, {validators, ["file_accessible"]}]}. + [{datatype, file}, {validators, ["pem_file"]}]}. {mapping, "auth_oauth2.oauth_providers.$name.https.depth", @@ -345,7 +345,7 @@ {mapping, "auth_oauth2.oauth_providers.$name.signing_keys.$id", "rabbitmq_auth_backend_oauth2.oauth_providers", - [{datatype, file}, {validators, ["file_accessible"]}]}. + [{datatype, file}, {validators, ["pem_file"]}]}. {mapping, "auth_oauth2.oauth_providers.$name.algorithms.$algorithm", diff --git a/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl b/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl index 13cf6b38de03..2e16f997e39a 100644 --- a/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl +++ b/deps/rabbitmq_auth_backend_oauth2/src/rabbit_oauth2_schema.erl @@ -193,14 +193,26 @@ translate_endpoint_params(Variable, Conf) -> [{list_to_binary(Param), list_to_binary(V)} || {["auth_oauth2", _, Param], V} <- Params0]. -validator_file_exists(Attr, Filename) -> +-spec invalid_pem_file(Attr :: any(), Filename :: file:name_all()) -> no_return(). +invalid_pem_file(Attr, Filename) -> + cuttlefish:invalid(io_lib:format( + "Invalid attribute (~tp) value: file ~tp does " ++ + "not exist, cannot be read by the node, or is " ++ + "not a valid X509 certificate", + [Attr, Filename])). + +-spec validator_pem_file(Attr :: any(), Filename :: file:name_all()) -> file:name_all() | no_return(). +validator_pem_file(Attr, Filename) -> case file:read_file(Filename) of - {ok, _} -> - Filename; + {ok, PemBin} -> + case public_key:pem_decode(PemBin) of + PemDecoded when PemDecoded =/= [] -> + Filename; + _ -> + invalid_pem_file(Attr, Filename) + end; _Error -> - cuttlefish:invalid(io_lib:format( - "Invalid attribute (~p) value: file ~p does not exist or " ++ - "cannot be read by the node", [Attr, Filename])) + invalid_pem_file(Attr, Filename) end. validator_uri(Attr, Uri) when is_binary(Uri) -> @@ -276,7 +288,7 @@ extract_oauth_providers_https(Settings) -> mapHttpProperty({Key, Value}) -> {Key, case Key of - cacertfile -> validator_file_exists(Key, Value); + cacertfile -> validator_pem_file(Key, Value); _ -> Value end}. diff --git a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/ca_certificate.pem b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/ca_certificate.pem new file mode 100644 index 000000000000..14342cbc6956 --- /dev/null +++ b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/ca_certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL +BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0 +VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa +Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290 +Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN +Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO +VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le +XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+ +Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY +x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB +AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG +XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y +kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/ +1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3 +H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU +zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX +M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq +CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw== +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/cacert.pem b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/cacert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/cacert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/cert.pem b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/cert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/cert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/key.pem b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/key.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/key.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/server_certificate.pem b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/server_certificate.pem new file mode 100644 index 000000000000..76b473ceb11a --- /dev/null +++ b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/server_certificate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH +ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w +CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES +MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN +4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF +rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn +0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2 +bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb +Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD +VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd +BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp +yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2 +ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG +kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM +7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l +I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk +8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT +mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R +Oc6FM20= +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/server_key.pem b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/server_key.pem new file mode 100644 index 000000000000..0fd267064015 --- /dev/null +++ b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/certs/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+ +R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83 +XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT +AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN +13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg +ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b +WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0 +cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P +8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh +wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/ +qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy +ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7 +fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB +8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI +T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5 +gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw +GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY +Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU +6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC +txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG +fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz +yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y +YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M +MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo +Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56 +IXyt2dPxMIunzSDmAdcLGhFd +-----END PRIVATE KEY----- diff --git a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets index 4db415c113a3..283cfa1d7aa1 100644 --- a/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets +++ b/deps/rabbitmq_auth_backend_oauth2/test/config_schema_SUITE_data/rabbitmq_auth_backend_oauth2.snippets @@ -9,12 +9,12 @@ auth_oauth2.preferred_username_claims.3 = email auth_oauth2.verify_aud = true auth_oauth2.default_key = id1 - auth_oauth2.signing_keys.id1 = test/config_schema_SUITE_data/certs/key.pem - auth_oauth2.signing_keys.id2 = test/config_schema_SUITE_data/certs/cert.pem + auth_oauth2.signing_keys.id1 = test/config_schema_SUITE_data/certs/server_key.pem + auth_oauth2.signing_keys.id2 = test/config_schema_SUITE_data/certs/server_key.pem auth_oauth2.jwks_uri = https://my-jwt-issuer/jwks.json auth_oauth2.jwks_url = https://my-jwt-issuer/jwks.json auth_oauth2.issuer = https://my-jwt-issuer - auth_oauth2.https.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem + auth_oauth2.https.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem auth_oauth2.https.peer_verification = verify_none auth_oauth2.https.depth = 5 auth_oauth2.https.fail_if_no_peer_cert = false @@ -42,12 +42,12 @@ {default_key, <<"id1">>}, {signing_keys, #{ - <<"id1">> => {pem, <<"I'm not a certificate">>}, - <<"id2">> => {pem, <<"I'm not a certificate">>} + <<"id1">> => {pem, <<"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+\nR1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83\nXYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT\nAcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN\n13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg\nULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b\nWvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0\ncq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P\n8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh\nwnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/\nqcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy\nZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7\nfQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB\n8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI\nT6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5\ngkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw\nGokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY\nY2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU\n6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC\ntxCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG\nfj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz\nyIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y\nYQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M\nMQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo\nMc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56\nIXyt2dPxMIunzSDmAdcLGhFd\n-----END PRIVATE KEY-----">>}, + <<"id2">> => {pem, <<"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+\nR1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83\nXYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT\nAcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN\n13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg\nULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b\nWvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0\ncq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P\n8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh\nwnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/\nqcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy\nZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7\nfQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB\n8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI\nT6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5\ngkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw\nGokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY\nY2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU\n6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC\ntxCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG\nfj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz\nyIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y\nYQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M\nMQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo\nMc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56\nIXyt2dPxMIunzSDmAdcLGhFd\n-----END PRIVATE KEY-----">>} } }, {jwks_url, "https://my-jwt-issuer/jwks.json"}, - {cacertfile, "test/config_schema_SUITE_data/certs/cacert.pem"}, + {cacertfile, "test/config_schema_SUITE_data/certs/ca_certificate.pem"}, {peer_verification, verify_none}, {depth, 5}, {fail_if_no_peer_cert, false}, @@ -69,11 +69,11 @@ auth_oauth2.preferred_username_claims.3 = email auth_oauth2.verify_aud = true auth_oauth2.default_key = id1 - auth_oauth2.signing_keys.id1 = test/config_schema_SUITE_data/certs/key.pem - auth_oauth2.signing_keys.id2 = test/config_schema_SUITE_data/certs/cert.pem + auth_oauth2.signing_keys.id1 = test/config_schema_SUITE_data/certs/server_key.pem + auth_oauth2.signing_keys.id2 = test/config_schema_SUITE_data/certs/server_key.pem auth_oauth2.jwks_uri = https://my-jwt-issuer/jwks.json auth_oauth2.jwks_url = https://my-jwt-issuer/jwks.json - auth_oauth2.https.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem + auth_oauth2.https.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem auth_oauth2.https.peer_verification = verify_none auth_oauth2.https.depth = 5 auth_oauth2.https.fail_if_no_peer_cert = false @@ -110,12 +110,12 @@ {default_key, <<"id1">>}, {signing_keys, #{ - <<"id1">> => {pem, <<"I'm not a certificate">>}, - <<"id2">> => {pem, <<"I'm not a certificate">>} + <<"id1">> => {pem, <<"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+\nR1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83\nXYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT\nAcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN\n13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg\nULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b\nWvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0\ncq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P\n8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh\nwnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/\nqcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy\nZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7\nfQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB\n8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI\nT6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5\ngkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw\nGokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY\nY2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU\n6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC\ntxCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG\nfj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz\nyIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y\nYQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M\nMQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo\nMc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56\nIXyt2dPxMIunzSDmAdcLGhFd\n-----END PRIVATE KEY-----">>}, + <<"id2">> => {pem, <<"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+\nR1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83\nXYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT\nAcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN\n13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg\nULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b\nWvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0\ncq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P\n8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh\nwnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/\nqcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy\nZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7\nfQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB\n8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI\nT6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5\ngkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw\nGokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY\nY2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU\n6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC\ntxCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG\nfj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz\nyIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y\nYQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M\nMQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo\nMc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56\nIXyt2dPxMIunzSDmAdcLGhFd\n-----END PRIVATE KEY-----">>} } }, {jwks_url, "https://my-jwt-issuer/jwks.json"}, - {cacertfile, "test/config_schema_SUITE_data/certs/cacert.pem"}, + {cacertfile, "test/config_schema_SUITE_data/certs/ca_certificate.pem"}, {peer_verification, verify_none}, {depth, 5}, {fail_if_no_peer_cert, false}, @@ -141,11 +141,11 @@ auth_oauth2.oauth_providers.keycloak.jwks_uri = https://keycloak/keys auth_oauth2.oauth_providers.keycloak.authorization_endpoint = https://keycloak/authorize auth_oauth2.oauth_providers.keycloak.end_session_endpoint = https://keycloak/logout - auth_oauth2.oauth_providers.keycloak.https.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem + auth_oauth2.oauth_providers.keycloak.https.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem auth_oauth2.oauth_providers.keycloak.https.verify = verify_none auth_oauth2.oauth_providers.keycloak.https.depth = 2 auth_oauth2.oauth_providers.keycloak.default_key = token-key - auth_oauth2.oauth_providers.keycloak.signing_keys.id1 = test/config_schema_SUITE_data/certs/key.pem + auth_oauth2.oauth_providers.keycloak.signing_keys.id1 = test/config_schema_SUITE_data/certs/server_key.pem auth_oauth2.oauth_providers.keycloak.discovery_endpoint_path = /.well-known/openid-configuration auth_oauth2.oauth_providers.keycloak.discovery_endpoint_params.param1 = value1 auth_oauth2.oauth_providers.keycloak.algorithms.1 = HS256 @@ -163,13 +163,13 @@ <<"keycloak">> => [ {signing_keys, #{ - <<"id1">> => {pem, <<"I'm not a certificate">>} + <<"id1">> => {pem, <<"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+\nR1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83\nXYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT\nAcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN\n13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg\nULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b\nWvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0\ncq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P\n8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh\nwnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/\nqcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy\nZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7\nfQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB\n8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI\nT6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5\ngkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw\nGokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY\nY2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU\n6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC\ntxCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG\nfj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz\nyIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y\nYQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M\nMQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo\nMc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56\nIXyt2dPxMIunzSDmAdcLGhFd\n-----END PRIVATE KEY-----">>} } }, {https, [ {depth, 2}, {verify, verify_none}, - {cacertfile, "test/config_schema_SUITE_data/certs/cacert.pem"} + {cacertfile, "test/config_schema_SUITE_data/certs/ca_certificate.pem"} ]}, {algorithms, [<<"HS256">>, <<"RS256">>]}, {discovery_endpoint_params, [ diff --git a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl index 1fdd30ab2b64..ec72f73ad284 100644 --- a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl +++ b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE.erl @@ -280,8 +280,8 @@ test_oauth_providers_signing_keys(Conf) -> ] } = sort_settings(translate_oauth_providers(CuttlefishConf)), ct:log("SigningKey: ~p", [SigningKeys]), - #{<<"1">> := {pem, <<"I'm not a certificate">>}, - <<"2">> := {pem, <<"I'm not a certificate">>} + #{<<"1">> := {pem, <<"-----BEGIN CERTIFICATE-----\nMIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH\nZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w\nCwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES\nMBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN\n4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF\nrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn\n0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2\nbTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb\nQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw\nCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD\nVR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd\nBgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp\nyXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2\nZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG\nkHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM\n7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l\nI2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk\n8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT\nmwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R\nOc6FM20=\n-----END CERTIFICATE-----">>}, + <<"2">> := {pem, <<"-----BEGIN CERTIFICATE-----\nMIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH\nZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w\nCwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES\nMBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN\n4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF\nrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn\n0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2\nbTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb\nQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw\nCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD\nVR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd\nBgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp\nyXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2\nZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG\nkHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM\n7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l\nI2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk\n8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT\nmwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R\nOc6FM20=\n-----END CERTIFICATE-----">>} } = SigningKeys. test_scope_aliases_configured_as_list_of_properties(_) -> @@ -328,7 +328,7 @@ test_scope_aliases_configured_as_map(_) -> cert_filename(Conf) -> - string:concat(?config(data_dir, Conf), "certs/cert.pem"). + string:concat(?config(data_dir, Conf), "certs/server_certificate.pem"). sort_settings(MapOfListOfSettings) -> maps:map(fun(_K,List) -> diff --git a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/ca_certificate.pem b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/ca_certificate.pem new file mode 100644 index 000000000000..14342cbc6956 --- /dev/null +++ b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/ca_certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL +BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0 +VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa +Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290 +Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN +Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO +VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le +XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+ +Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY +x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB +AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG +XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y +kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/ +1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3 +H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU +zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX +M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq +CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw== +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/cacert.pem b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/cacert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/cacert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/cert.pem b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/cert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/cert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/key.pem b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/key.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/key.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/server_certificate.pem b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/server_certificate.pem new file mode 100644 index 000000000000..76b473ceb11a --- /dev/null +++ b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/server_certificate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH +ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w +CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES +MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN +4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF +rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn +0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2 +bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb +Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD +VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd +BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp +yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2 +ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG +kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM +7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l +I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk +8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT +mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R +Oc6FM20= +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/server_key.pem b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/server_key.pem new file mode 100644 index 000000000000..0fd267064015 --- /dev/null +++ b/deps/rabbitmq_auth_backend_oauth2/test/rabbit_oauth2_schema_SUITE_data/certs/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+ +R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83 +XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT +AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN +13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg +ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b +WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0 +cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P +8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh +wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/ +qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy +ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7 +fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB +8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI +T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5 +gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw +GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY +Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU +6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC +txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG +fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz +yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y +YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M +MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo +Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56 +IXyt2dPxMIunzSDmAdcLGhFd +-----END PRIVATE KEY----- diff --git a/deps/rabbitmq_management/priv/schema/rabbitmq_management.schema b/deps/rabbitmq_management/priv/schema/rabbitmq_management.schema index 0b9589d4b347..b061b3b64644 100644 --- a/deps/rabbitmq_management/priv/schema/rabbitmq_management.schema +++ b/deps/rabbitmq_management/priv/schema/rabbitmq_management.schema @@ -90,11 +90,11 @@ end}. {mapping, "management.ssl.ip", "rabbitmq_management.ssl_config.ip", [{datatype, string}, {validators, ["is_ip"]}]}. {mapping, "management.ssl.certfile", "rabbitmq_management.ssl_config.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "management.ssl.keyfile", "rabbitmq_management.ssl_config.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "management.ssl.cacertfile", "rabbitmq_management.ssl_config.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "management.ssl.password", "rabbitmq_management.ssl_config.password", [{datatype, [tagged_binary, binary]}]}. @@ -215,10 +215,10 @@ end}. {datatype, {enum, [true, false]}}]}. {mapping, "management.listener.ssl_opts.cacertfile", "rabbitmq_management.listener.ssl_opts.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "management.listener.ssl_opts.certfile", "rabbitmq_management.listener.ssl_opts.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "management.listener.ssl_opts.honor_cipher_order", "rabbitmq_management.listener.ssl_opts.honor_cipher_order", [{datatype, {enum, [true, false]}}]}. @@ -289,7 +289,7 @@ fun(Conf) -> end}. {mapping, "management.listener.ssl_opts.keyfile", "rabbitmq_management.listener.ssl_opts.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "management.listener.ssl_opts.log_alert", "rabbitmq_management.listener.ssl_opts.log_alert", [{datatype, {enum, [true, false]}}]}. diff --git a/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/ca_certificate.pem b/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/ca_certificate.pem new file mode 100644 index 000000000000..14342cbc6956 --- /dev/null +++ b/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/ca_certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL +BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0 +VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa +Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290 +Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN +Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO +VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le +XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+ +Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY +x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB +AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG +XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y +kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/ +1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3 +H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU +zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX +M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq +CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw== +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/cacert.pem b/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/cacert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/cacert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/cert.pem b/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/cert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/cert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/key.pem b/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/key.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/key.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/server_certificate.pem b/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/server_certificate.pem new file mode 100644 index 000000000000..76b473ceb11a --- /dev/null +++ b/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/server_certificate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH +ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w +CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES +MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN +4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF +rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn +0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2 +bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb +Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD +VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd +BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp +yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2 +ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG +kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM +7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l +I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk +8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT +mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R +Oc6FM20= +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/server_key.pem b/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/server_key.pem new file mode 100644 index 000000000000..0fd267064015 --- /dev/null +++ b/deps/rabbitmq_management/test/config_schema_SUITE_data/certs/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+ +R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83 +XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT +AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN +13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg +ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b +WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0 +cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P +8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh +wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/ +qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy +ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7 +fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB +8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI +T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5 +gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw +GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY +Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU +6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC +txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG +fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz +yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y +YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M +MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo +Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56 +IXyt2dPxMIunzSDmAdcLGhFd +-----END PRIVATE KEY----- diff --git a/deps/rabbitmq_management/test/config_schema_SUITE_data/rabbitmq_management.snippets b/deps/rabbitmq_management/test/config_schema_SUITE_data/rabbitmq_management.snippets index 0627b364e433..25f4ee5abad6 100644 --- a/deps/rabbitmq_management/test/config_schema_SUITE_data/rabbitmq_management.snippets +++ b/deps/rabbitmq_management/test/config_schema_SUITE_data/rabbitmq_management.snippets @@ -127,18 +127,18 @@ {tls_listener, "management.ssl.ip = 192.168.1.2 management.ssl.port = 15671 - management.ssl.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - management.ssl.certfile = test/config_schema_SUITE_data/certs/cert.pem - management.ssl.keyfile = test/config_schema_SUITE_data/certs/key.pem + management.ssl.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + management.ssl.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + management.ssl.keyfile = test/config_schema_SUITE_data/certs/server_key.pem management.ssl.verify = verify_none management.ssl.fail_if_no_peer_cert = false", [{rabbitmq_management,[ {ssl_config,[ {ip, "192.168.1.2"}, {port,15671}, - {cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + {cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {verify, verify_none}, {fail_if_no_peer_cert, false} ]} @@ -148,9 +148,9 @@ {tls_listener_cipher_suites, "management.ssl.ip = 192.168.1.2 management.ssl.port = 15671 - management.ssl.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - management.ssl.certfile = test/config_schema_SUITE_data/certs/cert.pem - management.ssl.keyfile = test/config_schema_SUITE_data/certs/key.pem + management.ssl.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + management.ssl.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + management.ssl.keyfile = test/config_schema_SUITE_data/certs/server_key.pem management.ssl.honor_cipher_order = true management.ssl.honor_ecc_order = true @@ -176,9 +176,9 @@ {ssl_config,[ {ip, "192.168.1.2"}, {port,15671}, - {cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + {cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {verify, verify_peer}, {fail_if_no_peer_cert, false}, @@ -552,19 +552,19 @@ {legacy_ssl_listener, "management.listener.port = 15671 management.listener.ssl = true - management.listener.ssl_opts.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - management.listener.ssl_opts.certfile = test/config_schema_SUITE_data/certs/cert.pem - management.listener.ssl_opts.keyfile = test/config_schema_SUITE_data/certs/key.pem", + management.listener.ssl_opts.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + management.listener.ssl_opts.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + management.listener.ssl_opts.keyfile = test/config_schema_SUITE_data/certs/server_key.pem", [{rabbitmq_management, [{listener, [{port,15671}, {ssl,true}, {ssl_opts, [{cacertfile, - "test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, + "test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, {keyfile, - "test/config_schema_SUITE_data/certs/key.pem"}]}]}]}], + "test/config_schema_SUITE_data/certs/server_key.pem"}]}]}]}], [rabbitmq_management]}, {legacy_tcp_listener_ip, @@ -576,19 +576,19 @@ "management.listener.port = 15672 management.listener.ssl = true - management.listener.ssl_opts.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - management.listener.ssl_opts.certfile = test/config_schema_SUITE_data/certs/cert.pem - management.listener.ssl_opts.keyfile = test/config_schema_SUITE_data/certs/key.pem", + management.listener.ssl_opts.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + management.listener.ssl_opts.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + management.listener.ssl_opts.keyfile = test/config_schema_SUITE_data/certs/server_key.pem", [{rabbitmq_management, [{listener, [{port,15672}, {ssl,true}, {ssl_opts, [{cacertfile, - "test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, + "test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, {keyfile, - "test/config_schema_SUITE_data/certs/key.pem"}]}]}]}], + "test/config_schema_SUITE_data/certs/server_key.pem"}]}]}]}], [rabbitmq_management]}, {legacy_server_opts_compress, diff --git a/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/ca_certificate.pem b/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/ca_certificate.pem new file mode 100644 index 000000000000..14342cbc6956 --- /dev/null +++ b/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/ca_certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL +BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0 +VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa +Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290 +Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN +Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO +VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le +XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+ +Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY +x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB +AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG +XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y +kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/ +1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3 +H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU +zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX +M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq +CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw== +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/cacert.pem b/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/cacert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/cacert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/cert.pem b/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/cert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/cert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/key.pem b/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/key.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/key.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/server_certificate.pem b/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/server_certificate.pem new file mode 100644 index 000000000000..76b473ceb11a --- /dev/null +++ b/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/server_certificate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH +ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w +CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES +MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN +4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF +rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn +0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2 +bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb +Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD +VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd +BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp +yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2 +ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG +kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM +7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l +I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk +8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT +mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R +Oc6FM20= +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/server_key.pem b/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/server_key.pem new file mode 100644 index 000000000000..0fd267064015 --- /dev/null +++ b/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/certs/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+ +R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83 +XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT +AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN +13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg +ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b +WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0 +cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P +8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh +wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/ +qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy +ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7 +fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB +8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI +T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5 +gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw +GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY +Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU +6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC +txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG +fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz +yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y +YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M +MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo +Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56 +IXyt2dPxMIunzSDmAdcLGhFd +-----END PRIVATE KEY----- diff --git a/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/rabbitmq_mqtt.snippets b/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/rabbitmq_mqtt.snippets index a1af02451cd3..8fd4c0630a96 100644 --- a/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/rabbitmq_mqtt.snippets +++ b/deps/rabbitmq_mqtt/test/config_schema_SUITE_data/rabbitmq_mqtt.snippets @@ -70,9 +70,9 @@ {ssl, - "ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + "ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = true @@ -80,9 +80,9 @@ mqtt.listeners.tcp.default = 1883", [{rabbit, [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {verify,verify_peer}, {fail_if_no_peer_cert,true}]}]}, {rabbitmq_mqtt,[{ssl_listeners,[8883]},{tcp_listeners,[1883]}]}], diff --git a/deps/rabbitmq_peer_discovery_consul/priv/schema/rabbitmq_peer_discovery_consul.schema b/deps/rabbitmq_peer_discovery_consul/priv/schema/rabbitmq_peer_discovery_consul.schema index 2398ae4233d3..aa1d42c33340 100644 --- a/deps/rabbitmq_peer_discovery_consul/priv/schema/rabbitmq_peer_discovery_consul.schema +++ b/deps/rabbitmq_peer_discovery_consul/priv/schema/rabbitmq_peer_discovery_consul.schema @@ -362,10 +362,10 @@ end}. {datatype, {enum, [true, false]}}]}. {mapping, "cluster_formation.consul.ssl_options.cacertfile", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.cacertfile", -[{datatype, string}, {validators, ["file_accessible"]}]}. +[{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "cluster_formation.consul.ssl_options.certfile", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.certfile", -[{datatype, string}, {validators, ["file_accessible"]}]}. +[{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "cluster_formation.consul.ssl_options.cert", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.cert", [{datatype, string}]}. @@ -410,7 +410,7 @@ end end}. {mapping, "cluster_formation.consul.ssl_options.keyfile", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.keyfile", -[{datatype, string}, {validators, ["file_accessible"]}]}. +[{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "cluster_formation.consul.ssl_options.log_alert", "rabbit.cluster_formation.peer_discovery_consul.ssl_options.log_alert", [{datatype, {enum, [true, false]}}]}. diff --git a/deps/rabbitmq_peer_discovery_etcd/priv/schema/rabbitmq_peer_discovery_etcd.schema b/deps/rabbitmq_peer_discovery_etcd/priv/schema/rabbitmq_peer_discovery_etcd.schema index 3553d638e4eb..8eedbba395da 100644 --- a/deps/rabbitmq_peer_discovery_etcd/priv/schema/rabbitmq_peer_discovery_etcd.schema +++ b/deps/rabbitmq_peer_discovery_etcd/priv/schema/rabbitmq_peer_discovery_etcd.schema @@ -183,10 +183,10 @@ end}. {datatype, {enum, [verify_peer, verify_none]}}]}. {mapping, "cluster_formation.etcd.ssl_options.cacertfile", "rabbit.cluster_formation.peer_discovery_etcd.ssl_options.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "cluster_formation.etcd.ssl_options.certfile", "rabbit.cluster_formation.peer_discovery_etcd.ssl_options.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "cluster_formation.etcd.ssl_options.cert", "rabbit.cluster_formation.peer_discovery_etcd.ssl_options.cert", [{datatype, string}]}. @@ -220,7 +220,7 @@ fun(Conf) -> end}. {mapping, "cluster_formation.etcd.ssl_options.keyfile", "rabbit.cluster_formation.peer_discovery_etcd.ssl_options.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "cluster_formation.etcd.ssl_options.log_alert", "rabbit.cluster_formation.peer_discovery_etcd.ssl_options.log_alert", [{datatype, {enum, [true, false]}}]}. diff --git a/deps/rabbitmq_peer_discovery_k8s/priv/schema/rabbitmq_peer_discovery_k8s.schema b/deps/rabbitmq_peer_discovery_k8s/priv/schema/rabbitmq_peer_discovery_k8s.schema index 68a818d06884..ba024306459a 100644 --- a/deps/rabbitmq_peer_discovery_k8s/priv/schema/rabbitmq_peer_discovery_k8s.schema +++ b/deps/rabbitmq_peer_discovery_k8s/priv/schema/rabbitmq_peer_discovery_k8s.schema @@ -101,7 +101,7 @@ end}. %% deprecated {mapping, "cluster_formation.k8s.cert_path", "rabbit.cluster_formation.peer_discovery_k8s.k8s_cert_path", [ - {datatype, string}, {validators, ["file_accessible"]} + {datatype, string}, {validators, ["pem_file"]} ]}. {translation, "rabbit.cluster_formation.peer_discovery_k8s.k8s_cert_path", @@ -115,7 +115,7 @@ end}. %% modern keys {mapping, "cluster_formation.k8s.tls.cacertfile", "rabbit.cluster_formation.peer_discovery_k8s.ssl_options.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]} + [{datatype, string}, {validators, ["pem_file"]} ]}. {translation, "rabbit.cluster_formation.peer_discovery_k8s.ssl_options.cacertfile", @@ -127,7 +127,7 @@ fun(Conf) -> end}. {mapping, "cluster_formation.k8s.tls.certfile", "rabbit.cluster_formation.peer_discovery_k8s.ssl_options.certfile", - [{datatype, string}, {validators, ["file_accessible"]} + [{datatype, string}, {validators, ["pem_file"]} ]}. {translation, "rabbit.cluster_formation.peer_discovery_k8s.ssl_options.certfile", @@ -139,7 +139,7 @@ fun(Conf) -> end}. {mapping, "cluster_formation.k8s.tls.keyfile", "rabbit.cluster_formation.peer_discovery_k8s.ssl_options.keyfile", - [{datatype, string}, {validators, ["file_accessible"]} + [{datatype, string}, {validators, ["pem_file"]} ]}. {translation, "rabbit.cluster_formation.peer_discovery_k8s.ssl_options.keyfile", diff --git a/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/ca_certificate.pem b/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/ca_certificate.pem new file mode 100644 index 000000000000..14342cbc6956 --- /dev/null +++ b/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/ca_certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL +BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0 +VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa +Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290 +Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN +Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO +VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le +XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+ +Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY +x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB +AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG +XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y +kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/ +1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3 +H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU +zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX +M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq +CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw== +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/cacert.pem b/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/cacert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/cacert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/cert.pem b/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/cert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/cert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/key.pem b/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/key.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/key.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/server_certificate.pem b/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/server_certificate.pem new file mode 100644 index 000000000000..76b473ceb11a --- /dev/null +++ b/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/server_certificate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH +ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w +CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES +MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN +4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF +rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn +0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2 +bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb +Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD +VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd +BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp +yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2 +ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG +kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM +7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l +I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk +8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT +mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R +Oc6FM20= +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/server_key.pem b/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/server_key.pem new file mode 100644 index 000000000000..0fd267064015 --- /dev/null +++ b/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/certs/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+ +R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83 +XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT +AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN +13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg +ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b +WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0 +cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P +8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh +wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/ +qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy +ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7 +fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB +8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI +T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5 +gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw +GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY +Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU +6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC +txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG +fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz +yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y +YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M +MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo +Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56 +IXyt2dPxMIunzSDmAdcLGhFd +-----END PRIVATE KEY----- diff --git a/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/rabbitmq_peer_discovery_k8s.snippets b/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/rabbitmq_peer_discovery_k8s.snippets index 26341146b840..43a92945657e 100644 --- a/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/rabbitmq_peer_discovery_k8s.snippets +++ b/deps/rabbitmq_peer_discovery_k8s/test/config_schema_SUITE_data/rabbitmq_peer_discovery_k8s.snippets @@ -176,23 +176,23 @@ ], [rabbitmq_peer_discovery_k8s] } -, {k8s_ca_certificate_legacy_cert_path, "cluster_formation.k8s.cert_path = test/config_schema_SUITE_data/certs/cacert.pem", [ +, {k8s_ca_certificate_legacy_cert_path, "cluster_formation.k8s.cert_path = test/config_schema_SUITE_data/certs/ca_certificate.pem", [ {rabbit, [ {cluster_formation, [ {peer_discovery_k8s, [ - {k8s_cert_path, "test/config_schema_SUITE_data/certs/cacert.pem"} + {k8s_cert_path, "test/config_schema_SUITE_data/certs/ca_certificate.pem"} ]} ]} ]} ], [rabbitmq_peer_discovery_k8s] } -, {k8s_ca_certificate_modern_path, "cluster_formation.k8s.tls.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem", [ +, {k8s_ca_certificate_modern_path, "cluster_formation.k8s.tls.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem", [ {rabbit, [ {cluster_formation, [ {peer_discovery_k8s, [ {ssl_options, [ - {cacertfile, "test/config_schema_SUITE_data/certs/cacert.pem"} + {cacertfile, "test/config_schema_SUITE_data/certs/ca_certificate.pem"} ]} ]} ]} @@ -200,12 +200,12 @@ ], [rabbitmq_peer_discovery_k8s] } -, {k8s_client_certificate_modern_path, "cluster_formation.k8s.tls.certfile = test/config_schema_SUITE_data/certs/cert.pem", [ +, {k8s_client_certificate_modern_path, "cluster_formation.k8s.tls.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem", [ {rabbit, [ {cluster_formation, [ {peer_discovery_k8s, [ {ssl_options, [ - {certfile, "test/config_schema_SUITE_data/certs/cert.pem"} + {certfile, "test/config_schema_SUITE_data/certs/server_certificate.pem"} ]} ]} ]} @@ -213,12 +213,12 @@ ], [rabbitmq_peer_discovery_k8s] } -, {k8s_client_key_modern_path, "cluster_formation.k8s.tls.keyfile = test/config_schema_SUITE_data/certs/key.pem", [ +, {k8s_client_key_modern_path, "cluster_formation.k8s.tls.keyfile = test/config_schema_SUITE_data/certs/server_key.pem", [ {rabbit, [ {cluster_formation, [ {peer_discovery_k8s, [ {ssl_options, [ - {keyfile, "test/config_schema_SUITE_data/certs/key.pem"} + {keyfile, "test/config_schema_SUITE_data/certs/server_key.pem"} ]} ]} ]} diff --git a/deps/rabbitmq_prometheus/priv/schema/rabbitmq_prometheus.schema b/deps/rabbitmq_prometheus/priv/schema/rabbitmq_prometheus.schema index 328424808c80..ecb41da23887 100644 --- a/deps/rabbitmq_prometheus/priv/schema/rabbitmq_prometheus.schema +++ b/deps/rabbitmq_prometheus/priv/schema/rabbitmq_prometheus.schema @@ -78,11 +78,11 @@ [{datatype, string}, {validators, ["is_ip"]}]}. {mapping, "prometheus.ssl.certfile", "rabbitmq_prometheus.ssl_config.ssl_opts.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "prometheus.ssl.keyfile", "rabbitmq_prometheus.ssl_config.ssl_opts.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "prometheus.ssl.cacertfile", "rabbitmq_prometheus.ssl_config.ssl_opts.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "prometheus.ssl.password", "rabbitmq_prometheus.ssl_config.ssl_opts.password", [{datatype, string}]}. diff --git a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/ca_certificate.pem b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/ca_certificate.pem new file mode 100644 index 000000000000..14342cbc6956 --- /dev/null +++ b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/ca_certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL +BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0 +VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa +Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290 +Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN +Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO +VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le +XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+ +Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY +x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB +AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG +XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y +kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/ +1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3 +H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU +zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX +M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq +CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw== +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/cacert.pem b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/cacert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/cacert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/cert.pem b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/cert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/cert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/key.pem b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/key.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/key.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/server_certificate.pem b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/server_certificate.pem new file mode 100644 index 000000000000..76b473ceb11a --- /dev/null +++ b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/server_certificate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH +ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w +CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES +MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN +4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF +rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn +0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2 +bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb +Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD +VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd +BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp +yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2 +ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG +kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM +7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l +I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk +8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT +mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R +Oc6FM20= +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/server_key.pem b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/server_key.pem new file mode 100644 index 000000000000..0fd267064015 --- /dev/null +++ b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/certs/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+ +R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83 +XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT +AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN +13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg +ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b +WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0 +cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P +8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh +wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/ +qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy +ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7 +fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB +8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI +T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5 +gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw +GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY +Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU +6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC +txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG +fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz +yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y +YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M +MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo +Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56 +IXyt2dPxMIunzSDmAdcLGhFd +-----END PRIVATE KEY----- diff --git a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/rabbitmq_prometheus.snippets b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/rabbitmq_prometheus.snippets index b39946a94eb5..0837e78cdb3b 100644 --- a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/rabbitmq_prometheus.snippets +++ b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/rabbitmq_prometheus.snippets @@ -151,9 +151,9 @@ {tls_listener, "prometheus.ssl.ip = 192.168.1.2 prometheus.ssl.port = 15691 - prometheus.ssl.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - prometheus.ssl.certfile = test/config_schema_SUITE_data/certs/cert.pem - prometheus.ssl.keyfile = test/config_schema_SUITE_data/certs/key.pem + prometheus.ssl.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + prometheus.ssl.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + prometheus.ssl.keyfile = test/config_schema_SUITE_data/certs/server_key.pem prometheus.ssl.verify = verify_none prometheus.ssl.fail_if_no_peer_cert = false", [{rabbitmq_prometheus,[ @@ -161,9 +161,9 @@ {ip, "192.168.1.2"}, {port,15691}, {ssl_opts, [ - {cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + {cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {verify, verify_none}, {fail_if_no_peer_cert, false} ]} @@ -174,9 +174,9 @@ {tls_listener_cipher_suites, "prometheus.ssl.ip = 192.168.1.2 prometheus.ssl.port = 15691 - prometheus.ssl.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - prometheus.ssl.certfile = test/config_schema_SUITE_data/certs/cert.pem - prometheus.ssl.keyfile = test/config_schema_SUITE_data/certs/key.pem + prometheus.ssl.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + prometheus.ssl.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + prometheus.ssl.keyfile = test/config_schema_SUITE_data/certs/server_key.pem prometheus.ssl.honor_cipher_order = true prometheus.ssl.honor_ecc_order = true @@ -203,9 +203,9 @@ {ip, "192.168.1.2"}, {port,15691}, {ssl_opts, [ - {cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + {cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {verify, verify_peer}, {fail_if_no_peer_cert, false}, diff --git a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_management.schema b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_management.schema deleted file mode 100644 index b8fa2fcf8c6f..000000000000 --- a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_management.schema +++ /dev/null @@ -1,427 +0,0 @@ -%% ---------------------------------------------------------------------------- -%% RabbitMQ Management Plugin -%% -%% See https://www.rabbitmq.com/management.html for details -%% ---------------------------------------------------------------------------- - -%% Load definitions from a JSON file or directory of files. See -%% https://www.rabbitmq.com/management.html#load-definitions -%% -%% {load_definitions, "/path/to/schema.json"}, -%% {load_definitions, "/path/to/schemas"}, -{mapping, "management.load_definitions", "rabbitmq_management.load_definitions", - [{datatype, string}, - {validators, ["file_accessible"]}]}. - -%% Log all requests to the management HTTP API to a file. -%% -%% {http_log_dir, "/path/to/access.log"}, - -{mapping, "management.http_log_dir", "rabbitmq_management.http_log_dir", - [{datatype, string}]}. - -%% HTTP (TCP) listener options ======================================================== - -%% HTTP listener consistent with Web STOMP and Web MQTT. -%% -%% {tcp_config, [{port, 15672}, -%% {ip, "127.0.0.1"}]} - -{mapping, "management.tcp.port", "rabbitmq_management.tcp_config.port", - [{datatype, integer}]}. -{mapping, "management.tcp.ip", "rabbitmq_management.tcp_config.ip", - [{datatype, string}, - {validators, ["is_ip"]}]}. - -{mapping, "management.tcp.compress", "rabbitmq_management.tcp_config.cowboy_opts.compress", - [{datatype, {enum, [true, false]}}]}. -{mapping, "management.tcp.idle_timeout", "rabbitmq_management.tcp_config.cowboy_opts.idle_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "management.tcp.inactivity_timeout", "rabbitmq_management.tcp_config.cowboy_opts.inactivity_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "management.tcp.request_timeout", "rabbitmq_management.tcp_config.cowboy_opts.request_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "management.tcp.shutdown_timeout", "rabbitmq_management.tcp_config.cowboy_opts.shutdown_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "management.tcp.max_keepalive", "rabbitmq_management.tcp_config.cowboy_opts.max_keepalive", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. - - -%% HTTPS (TLS) listener options ======================================================== - -%% HTTPS listener consistent with Web STOMP and Web MQTT. -%% -%% {ssl_config, [{port, 15671}, -%% {ip, "127.0.0.1"}, -%% {cacertfile, "/path/to/cacert.pem"}, -%% {certfile, "/path/to/cert.pem"}, -%% {keyfile, "/path/to/key.pem"}]} - -{mapping, "management.ssl.port", "rabbitmq_management.ssl_config.port", - [{datatype, integer}]}. -{mapping, "management.ssl.backlog", "rabbitmq_management.ssl_config.backlog", - [{datatype, integer}]}. -{mapping, "management.ssl.ip", "rabbitmq_management.ssl_config.ip", - [{datatype, string}, {validators, ["is_ip"]}]}. -{mapping, "management.ssl.certfile", "rabbitmq_management.ssl_config.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. -{mapping, "management.ssl.keyfile", "rabbitmq_management.ssl_config.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. -{mapping, "management.ssl.cacertfile", "rabbitmq_management.ssl_config.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. -{mapping, "management.ssl.password", "rabbitmq_management.ssl_config.password", - [{datatype, string}]}. - -{mapping, "management.ssl.verify", "rabbitmq_management.ssl_config.verify", [ - {datatype, {enum, [verify_peer, verify_none]}}]}. - -{mapping, "management.ssl.fail_if_no_peer_cert", "rabbitmq_management.ssl_config.fail_if_no_peer_cert", [ - {datatype, {enum, [true, false]}}]}. - -{mapping, "management.ssl.honor_cipher_order", "rabbitmq_management.ssl_config.honor_cipher_order", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "management.ssl.honor_ecc_order", "rabbitmq_management.ssl_config.honor_ecc_order", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "management.ssl.reuse_sessions", "rabbitmq_management.ssl_config.reuse_sessions", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "management.ssl.secure_renegotiate", "rabbitmq_management.ssl_config.secure_renegotiate", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "management.ssl.client_renegotiation", "rabbitmq_management.ssl_config.client_renegotiation", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "management.ssl.depth", "rabbitmq_management.ssl_config.depth", - [{datatype, integer}, {validators, ["byte"]}]}. - -{mapping, "management.ssl.versions.$version", "rabbitmq_management.ssl_config.versions", - [{datatype, atom}]}. - -{translation, "rabbitmq_management.ssl_config.versions", -fun(Conf) -> - Settings = cuttlefish_variable:filter_by_prefix("management.ssl.versions", Conf), - [V || {_, V} <- Settings] -end}. - -{mapping, "management.ssl.ciphers.$cipher", "rabbitmq_management.ssl_config.ciphers", - [{datatype, string}]}. - -{translation, "rabbitmq_management.ssl_config.ciphers", -fun(Conf) -> - Settings = cuttlefish_variable:filter_by_prefix("management.ssl.ciphers", Conf), - lists:reverse([V || {_, V} <- Settings]) -end}. - -{mapping, "management.ssl.compress", "rabbitmq_management.ssl_config.cowboy_opts.compress", - [{datatype, {enum, [true, false]}}]}. -{mapping, "management.ssl.idle_timeout", "rabbitmq_management.ssl_config.cowboy_opts.idle_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "management.ssl.inactivity_timeout", "rabbitmq_management.ssl_config.cowboy_opts.inactivity_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "management.ssl.request_timeout", "rabbitmq_management.ssl_config.cowboy_opts.request_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "management.ssl.shutdown_timeout", "rabbitmq_management.ssl_config.cowboy_opts.shutdown_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "management.ssl.max_keepalive", "rabbitmq_management.ssl_config.cowboy_opts.max_keepalive", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. - - - -%% Legacy listener options ======================================================== - -%% Legacy (pre-3.7.9) TCP listener format. -%% -%% {listener, [{port, 12345}, -%% {ip, "127.0.0.1"}, -%% {ssl, true}, -%% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, -%% {certfile, "/path/to/cert.pem"}, -%% {keyfile, "/path/to/key.pem"}]}]}, - -{mapping, "management.listener.port", "rabbitmq_management.listener.port", - [{datatype, integer}]}. - -{mapping, "management.listener.ip", "rabbitmq_management.listener.ip", - [{datatype, string}, - {validators, ["is_ip"]}]}. - -{mapping, "management.listener.ssl", "rabbitmq_management.listener.ssl", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "management.listener.server.compress", "rabbitmq_management.listener.cowboy_opts.compress", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "management.listener.server.idle_timeout", "rabbitmq_management.listener.cowboy_opts.idle_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. - -{mapping, "management.listener.server.inactivity_timeout", "rabbitmq_management.listener.cowboy_opts.inactivity_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. - -{mapping, "management.listener.server.request_timeout", "rabbitmq_management.listener.cowboy_opts.request_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. - -{mapping, "management.listener.server.shutdown_timeout", "rabbitmq_management.listener.cowboy_opts.shutdown_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. - -{mapping, "management.listener.server.max_keepalive", "rabbitmq_management.listener.cowboy_opts.max_keepalive", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. - -%% Legacy HTTPS listener options ======================================================== - -{mapping, "management.listener.ssl_opts", "rabbitmq_management.listener.ssl_opts", [ - {datatype, {enum, [none]}} -]}. - -{translation, "rabbitmq_management.listener.ssl_opts", -fun(Conf) -> - case cuttlefish:conf_get("management.listener.ssl_opts", Conf, undefined) of - none -> []; - _ -> cuttlefish:invalid("Invalid management.listener.ssl_opts") - end -end}. - -{mapping, "management.listener.ssl_opts.verify", "rabbitmq_management.listener.ssl_opts.verify", [ - {datatype, {enum, [verify_peer, verify_none]}}]}. - -{mapping, "management.listener.ssl_opts.fail_if_no_peer_cert", "rabbitmq_management.listener.ssl_opts.fail_if_no_peer_cert", [ - {datatype, {enum, [true, false]}}]}. - -{mapping, "management.listener.ssl_opts.cacertfile", "rabbitmq_management.listener.ssl_opts.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. - -{mapping, "management.listener.ssl_opts.certfile", "rabbitmq_management.listener.ssl_opts.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. - -{mapping, "management.listener.ssl_opts.honor_cipher_order", "rabbitmq_management.listener.ssl_opts.honor_cipher_order", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "management.listener.ssl_opts.honor_ecc_order", "rabbitmq_management.listener.ssl_opts.honor_ecc_order", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "management.listener.ssl_opts.reuse_sessions", "rabbitmq_management.listener.ssl_opts.reuse_sessions", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "management.listener.ssl_opts.secure_renegotiate", "rabbitmq_management.listener.ssl_opts.secure_renegotiate", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "management.listener.ssl_opts.client_renegotiation", "rabbitmq_management.listener.ssl_opts.client_renegotiation", - [{datatype, {enum, [true, false]}}]}. - - -{mapping, "management.listener.ssl_opts.versions.$version", "rabbitmq_management.listener.ssl_opts.versions", - [{datatype, atom}]}. - -{translation, "rabbitmq_management.listener.ssl_opts.versions", -fun(Conf) -> - Settings = cuttlefish_variable:filter_by_prefix("management.listener.ssl_opts.versions", Conf), - [ V || {_, V} <- Settings ] -end}. - - -{mapping, "management.listener.ssl_opts.cert", "rabbitmq_management.listener.ssl_opts.cert", - [{datatype, string}]}. - -{translation, "rabbitmq_management.listener.ssl_opts.cert", -fun(Conf) -> - list_to_binary(cuttlefish:conf_get("management.listener.ssl_opts.cert", Conf)) -end}. - -{mapping, "management.listener.ssl_opts.crl_check", "rabbitmq_management.listener.ssl_opts.crl_check", - [{datatype, [{enum, [true, false, peer, best_effort]}]}]}. - -{mapping, "management.listener.ssl_opts.depth", "rabbitmq_management.listener.ssl_opts.depth", - [{datatype, integer}, {validators, ["byte"]}]}. - -{mapping, "management.listener.ssl_opts.dh", "rabbitmq_management.listener.ssl_opts.dh", - [{datatype, string}]}. - -{translation, "rabbitmq_management.listener.ssl_opts.dh", -fun(Conf) -> - list_to_binary(cuttlefish:conf_get("management.listener.ssl_opts.dh", Conf)) -end}. - -{mapping, "management.listener.ssl_opts.dhfile", "rabbitmq_management.listener.ssl_opts.dhfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. - -{mapping, "management.listener.ssl_opts.key.RSAPrivateKey", "rabbitmq_management.listener.ssl_opts.key", - [{datatype, string}]}. - -{mapping, "management.listener.ssl_opts.key.DSAPrivateKey", "rabbitmq_management.listener.ssl_opts.key", - [{datatype, string}]}. - -{mapping, "management.listener.ssl_opts.key.PrivateKeyInfo", "rabbitmq_management.listener.ssl_opts.key", - [{datatype, string}]}. - -{translation, "rabbitmq_management.listener.ssl_opts.key", -fun(Conf) -> - case cuttlefish_variable:filter_by_prefix("management.listener.ssl_opts.key", Conf) of - [{[_,_,Key], Val}|_] -> {list_to_atom(Key), list_to_binary(Val)}; - _ -> undefined - end -end}. - -{mapping, "management.listener.ssl_opts.keyfile", "rabbitmq_management.listener.ssl_opts.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. - -{mapping, "management.listener.ssl_opts.log_alert", "rabbitmq_management.listener.ssl_opts.log_alert", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "management.listener.ssl_opts.password", "rabbitmq_management.listener.ssl_opts.password", - [{datatype, string}]}. - -{mapping, "management.listener.ssl_opts.psk_identity", "rabbitmq_management.listener.ssl_opts.psk_identity", - [{datatype, string}]}. - - -%% A custom path prefix for all HTTP request handlers. -%% -%% {path_prefix, "/a/prefix"}, - -{mapping, "management.path_prefix", "rabbitmq_management.path_prefix", - [{datatype, string}]}. - -%% Login session timeout in minutes - -{mapping, "management.login_session_timeout", "rabbitmq_management.login_session_timeout", [ - {datatype, integer}, {validators, ["non_negative_integer"]} -]}. - -%% CORS - -{mapping, "management.cors.allow_origins", "rabbitmq_management.cors_allow_origins", [ - {datatype, {enum, [none]}} -]}. - -{mapping, "management.cors.allow_origins.$name", "rabbitmq_management.cors_allow_origins", [ - {datatype, string} -]}. - -{translation, "rabbitmq_management.cors_allow_origins", -fun(Conf) -> - case cuttlefish:conf_get("management.cors.allow_origins", Conf, undefined) of - none -> []; - _ -> - Settings = cuttlefish_variable:filter_by_prefix("management.cors.allow_origins", Conf), - [V || {_, V} <- Settings] - end -end}. - - -{mapping, "management.cors.max_age", "rabbitmq_management.cors_max_age", [ - {datatype, integer}, {validators, ["non_negative_integer"]} -]}. - -{translation, "rabbitmq_management.cors_max_age", -fun(Conf) -> - case cuttlefish:conf_get("management.cors.max_age", Conf, undefined) of - undefined -> cuttlefish:unset(); - Value -> Value - end -end}. - - -%% CSP (https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) - -{mapping, "management.csp.policy", "rabbitmq_management.content_security_policy", [ - {datatype, string} -]}. - -{translation, "rabbitmq_management.content_security_policy", -fun(Conf) -> - case cuttlefish:conf_get("management.csp.policy", Conf, undefined) of - undefined -> cuttlefish:unset(); - Value -> Value - end -end}. - - -%% HSTS (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) - -{mapping, "management.hsts.policy", "rabbitmq_management.strict_transport_security", [ - {datatype, string} -]}. - -{translation, "rabbitmq_management.strict_transport_security", -fun(Conf) -> - case cuttlefish:conf_get("management.hsts.policy", Conf, undefined) of - undefined -> cuttlefish:unset(); - Value -> Value - end -end}. - -%% OAuth 2/SSO access only - -{mapping, "management.disable_basic_auth", "rabbitmq_management.disable_basic_auth", - [{datatype, {enum, [true, false]}}]}. - -%% Management only - -{mapping, "management.disable_stats", "rabbitmq_management.disable_management_stats", [ - {datatype, {enum, [true, false]}} -]}. - -{mapping, "management.enable_queue_totals", "rabbitmq_management.enable_queue_totals", [ - {datatype, {enum, [true, false]}}]}. - -%% =========================================================================== -%% Authorization - -{mapping, "management.enable_uaa", "rabbitmq_management.enable_uaa", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "management.uaa_client_id", "rabbitmq_management.uaa_client_id", - [{datatype, string}]}. - -{mapping, "management.uaa_location", "rabbitmq_management.uaa_location", - [{datatype, string}]}. - -%% =========================================================================== - - -%% One of 'basic', 'detailed' or 'none'. See -%% https://www.rabbitmq.com/management.html#fine-stats for more details. -%% {rates_mode, basic}, -{mapping, "management.rates_mode", "rabbitmq_management.rates_mode", - [{datatype, {enum, [basic, detailed, none]}}]}. - -%% Configure how long aggregated data (such as message rates and queue -%% lengths) is retained. Please read the plugin's documentation in -%% https://www.rabbitmq.com/management.html#configuration for more -%% details. -%% -%% {sample_retention_policies, -%% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, -%% {basic, [{60, 5}, {3600, 60}]}, -%% {detailed, [{10, 5}]}]} -% ]}, - -{mapping, "management.sample_retention_policies.$section.$interval", - "rabbitmq_management.sample_retention_policies", - [{datatype, integer}]}. - -{translation, "rabbitmq_management.sample_retention_policies", -fun(Conf) -> - Global = cuttlefish_variable:filter_by_prefix("management.sample_retention_policies.global", Conf), - Basic = cuttlefish_variable:filter_by_prefix("management.sample_retention_policies.basic", Conf), - Detailed = cuttlefish_variable:filter_by_prefix("management.sample_retention_policies.detailed", Conf), - TranslateKey = fun("minute") -> 60; - ("hour") -> 3600; - ("day") -> 86400; - (Other) -> list_to_integer(Other) - end, - TranslatePolicy = fun(Section) -> - [ {TranslateKey(Key), Val} || {[_,_,_,Key], Val} <- Section ] - end, - [{global, TranslatePolicy(Global)}, - {basic, TranslatePolicy(Basic)}, - {detailed, TranslatePolicy(Detailed)}] -end}. - - -{validator, "is_dir", "is not directory", -fun(File) -> - ReadFile = file:list_dir(File), - element(1, ReadFile) == ok -end}. diff --git a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_management_agent.schema b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_management_agent.schema deleted file mode 100644 index fa8a76725a47..000000000000 --- a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_management_agent.schema +++ /dev/null @@ -1,4 +0,0 @@ -%% Agent collectors won't start if metrics collection is disabled, only external stats are enabled. -%% Also the management application will refuse to start if metrics collection is disabled -{mapping, "management_agent.disable_metrics_collector", "rabbitmq_management_agent.disable_metrics_collector", - [{datatype, {enum, [true, false]}}]}. diff --git a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_prometheus.schema b/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_prometheus.schema deleted file mode 100644 index 4f1028a2a6bb..000000000000 --- a/deps/rabbitmq_prometheus/test/config_schema_SUITE_data/schema/rabbitmq_prometheus.schema +++ /dev/null @@ -1,116 +0,0 @@ -%% ---------------------------------------------------------------------------- -%% RabbitMQ Prometheus Plugin -%% -%% See https://rabbitmq.com/prometheus.html for details -%% ---------------------------------------------------------------------------- - -%% Endpoint path -{mapping, "prometheus.path", "rabbitmq_prometheus.path", - [{datatype, string}]}. - -%% HTTP (TCP) listener options ======================================================== - -%% HTTP listener consistent with the management plugin, Web STOMP and Web MQTT. -%% -%% {tcp_config, [{port, 15692}, -%% {ip, "127.0.0.1"}]} - -{mapping, "prometheus.tcp.port", "rabbitmq_prometheus.tcp_config.port", - [{datatype, integer}]}. -{mapping, "prometheus.tcp.ip", "rabbitmq_prometheus.tcp_config.ip", - [{datatype, string}, - {validators, ["is_ip"]}]}. - -{mapping, "prometheus.tcp.compress", "rabbitmq_prometheus.tcp_config.cowboy_opts.compress", - [{datatype, {enum, [true, false]}}]}. -{mapping, "prometheus.tcp.idle_timeout", "rabbitmq_prometheus.tcp_config.cowboy_opts.idle_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "prometheus.tcp.inactivity_timeout", "rabbitmq_prometheus.tcp_config.cowboy_opts.inactivity_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "prometheus.tcp.request_timeout", "rabbitmq_prometheus.tcp_config.cowboy_opts.request_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "prometheus.tcp.shutdown_timeout", "rabbitmq_prometheus.tcp_config.cowboy_opts.shutdown_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "prometheus.tcp.max_keepalive", "rabbitmq_prometheus.tcp_config.cowboy_opts.max_keepalive", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. - - -%% HTTPS (TLS) listener options ======================================================== - -%% HTTPS listener consistent with the management plugin, Web STOMP and Web MQTT. -%% -%% {ssl_config, [{port, 15691}, -%% {ip, "127.0.0.1"}, -%% {cacertfile, "/path/to/cacert.pem"}, -%% {certfile, "/path/to/cert.pem"}, -%% {keyfile, "/path/to/key.pem"}]} - -{mapping, "prometheus.ssl.port", "rabbitmq_prometheus.ssl_config.port", - [{datatype, integer}]}. -{mapping, "prometheus.ssl.backlog", "rabbitmq_prometheus.ssl_config.backlog", - [{datatype, integer}]}. -{mapping, "prometheus.ssl.ip", "rabbitmq_prometheus.ssl_config.ip", - [{datatype, string}, {validators, ["is_ip"]}]}. -{mapping, "prometheus.ssl.certfile", "rabbitmq_prometheus.ssl_config.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. -{mapping, "prometheus.ssl.keyfile", "rabbitmq_prometheus.ssl_config.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. -{mapping, "prometheus.ssl.cacertfile", "rabbitmq_prometheus.ssl_config.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. -{mapping, "prometheus.ssl.password", "rabbitmq_prometheus.ssl_config.password", - [{datatype, string}]}. - -{mapping, "prometheus.ssl.verify", "rabbitmq_prometheus.ssl_config.verify", [ - {datatype, {enum, [verify_peer, verify_none]}}]}. - -{mapping, "prometheus.ssl.fail_if_no_peer_cert", "rabbitmq_prometheus.ssl_config.fail_if_no_peer_cert", [ - {datatype, {enum, [true, false]}}]}. - -{mapping, "prometheus.ssl.honor_cipher_order", "rabbitmq_prometheus.ssl_config.honor_cipher_order", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "prometheus.ssl.honor_ecc_order", "rabbitmq_prometheus.ssl_config.honor_ecc_order", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "prometheus.ssl.reuse_sessions", "rabbitmq_prometheus.ssl_config.reuse_sessions", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "prometheus.ssl.secure_renegotiate", "rabbitmq_prometheus.ssl_config.secure_renegotiate", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "prometheus.ssl.client_renegotiation", "rabbitmq_prometheus.ssl_config.client_renegotiation", - [{datatype, {enum, [true, false]}}]}. - -{mapping, "prometheus.ssl.depth", "rabbitmq_prometheus.ssl_config.depth", - [{datatype, integer}, {validators, ["byte"]}]}. - -{mapping, "prometheus.ssl.versions.$version", "rabbitmq_prometheus.ssl_config.versions", - [{datatype, atom}]}. - -{translation, "rabbitmq_prometheus.ssl_config.versions", -fun(Conf) -> - Settings = cuttlefish_variable:filter_by_prefix("prometheus.ssl.versions", Conf), - [V || {_, V} <- Settings] -end}. - -{mapping, "prometheus.ssl.ciphers.$cipher", "rabbitmq_prometheus.ssl_config.ciphers", - [{datatype, string}]}. - -{translation, "rabbitmq_prometheus.ssl_config.ciphers", -fun(Conf) -> - Settings = cuttlefish_variable:filter_by_prefix("prometheus.ssl.ciphers", Conf), - lists:reverse([V || {_, V} <- Settings]) -end}. - -{mapping, "prometheus.ssl.compress", "rabbitmq_prometheus.ssl_config.cowboy_opts.compress", - [{datatype, {enum, [true, false]}}]}. -{mapping, "prometheus.ssl.idle_timeout", "rabbitmq_prometheus.ssl_config.cowboy_opts.idle_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "prometheus.ssl.inactivity_timeout", "rabbitmq_prometheus.ssl_config.cowboy_opts.inactivity_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "prometheus.ssl.request_timeout", "rabbitmq_prometheus.ssl_config.cowboy_opts.request_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "prometheus.ssl.shutdown_timeout", "rabbitmq_prometheus.ssl_config.cowboy_opts.shutdown_timeout", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. -{mapping, "prometheus.ssl.max_keepalive", "rabbitmq_prometheus.ssl_config.cowboy_opts.max_keepalive", - [{datatype, integer}, {validators, ["non_negative_integer"]}]}. diff --git a/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/ca_certificate.pem b/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/ca_certificate.pem new file mode 100644 index 000000000000..14342cbc6956 --- /dev/null +++ b/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/ca_certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL +BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0 +VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa +Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290 +Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN +Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO +VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le +XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+ +Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY +x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB +AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG +XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y +kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/ +1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3 +H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU +zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX +M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq +CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw== +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/cacert.pem b/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/cacert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/cacert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/cert.pem b/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/cert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/cert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/key.pem b/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/key.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/key.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/server_certificate.pem b/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/server_certificate.pem new file mode 100644 index 000000000000..76b473ceb11a --- /dev/null +++ b/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/server_certificate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH +ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w +CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES +MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN +4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF +rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn +0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2 +bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb +Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD +VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd +BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp +yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2 +ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG +kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM +7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l +I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk +8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT +mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R +Oc6FM20= +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/server_key.pem b/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/server_key.pem new file mode 100644 index 000000000000..0fd267064015 --- /dev/null +++ b/deps/rabbitmq_stomp/test/config_schema_SUITE_data/certs/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+ +R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83 +XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT +AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN +13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg +ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b +WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0 +cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P +8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh +wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/ +qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy +ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7 +fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB +8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI +T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5 +gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw +GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY +Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU +6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC +txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG +fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz +yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y +YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M +MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo +Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56 +IXyt2dPxMIunzSDmAdcLGhFd +-----END PRIVATE KEY----- diff --git a/deps/rabbitmq_stomp/test/config_schema_SUITE_data/rabbitmq_stomp.snippets b/deps/rabbitmq_stomp/test/config_schema_SUITE_data/rabbitmq_stomp.snippets index 6081240c68be..08433d4d5d66 100644 --- a/deps/rabbitmq_stomp/test/config_schema_SUITE_data/rabbitmq_stomp.snippets +++ b/deps/rabbitmq_stomp/test/config_schema_SUITE_data/rabbitmq_stomp.snippets @@ -44,9 +44,9 @@ [rabbitmq_stomp]}, {ssl, - "ssl_options.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem - ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem - ssl_options.keyfile = test/config_schema_SUITE_data/certs/key.pem + "ssl_options.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem + ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + ssl_options.keyfile = test/config_schema_SUITE_data/certs/server_key.pem ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = true @@ -54,9 +54,9 @@ stomp.listeners.ssl.1 = 61614", [{rabbit, [{ssl_options, - [{cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, + [{cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, {verify,verify_peer}, {fail_if_no_peer_cert,true}]}]}, {rabbitmq_stomp,[{tcp_listeners,[61613]},{ssl_listeners,[61614]}]}], diff --git a/deps/rabbitmq_trust_store/priv/schema/rabbitmq_trust_store.schema b/deps/rabbitmq_trust_store/priv/schema/rabbitmq_trust_store.schema index 03a41dfd5e0c..604b8d5b1b14 100644 --- a/deps/rabbitmq_trust_store/priv/schema/rabbitmq_trust_store.schema +++ b/deps/rabbitmq_trust_store/priv/schema/rabbitmq_trust_store.schema @@ -55,10 +55,10 @@ end}. {datatype, {enum, [true, false]}}]}. {mapping, "trust_store.ssl_options.cacertfile", "rabbitmq_trust_store.ssl_options.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "trust_store.ssl_options.certfile", "rabbitmq_trust_store.ssl_options.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "trust_store.ssl_options.cert", "rabbitmq_trust_store.ssl_options.cert", [{datatype, string}]}. @@ -109,7 +109,7 @@ fun(Conf) -> end}. {mapping, "trust_store.ssl_options.keyfile", "rabbitmq_trust_store.ssl_options.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "trust_store.ssl_options.log_alert", "rabbitmq_trust_store.ssl_options.log_alert", [{datatype, {enum, [true, false]}}]}. diff --git a/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/ca_certificate.pem b/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/ca_certificate.pem new file mode 100644 index 000000000000..14342cbc6956 --- /dev/null +++ b/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/ca_certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL +BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0 +VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa +Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290 +Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN +Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO +VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le +XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+ +Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY +x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB +AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG +XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y +kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/ +1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3 +H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU +zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX +M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq +CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw== +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/cacert.pem b/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/cacert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/cacert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/cert.pem b/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/cert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/cert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/key.pem b/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/key.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/key.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/server_certificate.pem b/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/server_certificate.pem new file mode 100644 index 000000000000..76b473ceb11a --- /dev/null +++ b/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/server_certificate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH +ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w +CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES +MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN +4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF +rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn +0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2 +bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb +Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD +VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd +BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp +yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2 +ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG +kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM +7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l +I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk +8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT +mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R +Oc6FM20= +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/server_key.pem b/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/server_key.pem new file mode 100644 index 000000000000..0fd267064015 --- /dev/null +++ b/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/certs/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+ +R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83 +XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT +AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN +13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg +ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b +WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0 +cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P +8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh +wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/ +qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy +ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7 +fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB +8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI +T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5 +gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw +GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY +Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU +6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC +txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG +fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz +yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y +YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M +MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo +Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56 +IXyt2dPxMIunzSDmAdcLGhFd +-----END PRIVATE KEY----- diff --git a/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/rabbitmq_trust_store.snippets b/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/rabbitmq_trust_store.snippets index b8d7f0457e3d..5570445d9f65 100644 --- a/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/rabbitmq_trust_store.snippets +++ b/deps/rabbitmq_trust_store/test/config_schema_SUITE_data/rabbitmq_trust_store.snippets @@ -17,12 +17,12 @@ {trust_store_http, "trust_store.providers.1 = http trust_store.url = https://example.com - trust_store.ssl_options.certfile = test/config_schema_SUITE_data/certs/cert.pem + trust_store.ssl_options.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem trust_store.ssl_options.password = i_am_password", [{rabbitmq_trust_store, [{providers,[rabbit_trust_store_http_provider]}, {url,"https://example.com"}, {ssl_options, - [{certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, + [{certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, {password,<<"i_am_password">>}]}]}], [rabbitmq_trust_store]}]. diff --git a/deps/rabbitmq_web_mqtt/priv/schema/rabbitmq_web_mqtt.schema b/deps/rabbitmq_web_mqtt/priv/schema/rabbitmq_web_mqtt.schema index fdab7d2e4d2b..f37e71809312 100644 --- a/deps/rabbitmq_web_mqtt/priv/schema/rabbitmq_web_mqtt.schema +++ b/deps/rabbitmq_web_mqtt/priv/schema/rabbitmq_web_mqtt.schema @@ -50,11 +50,11 @@ {mapping, "web_mqtt.ssl.port", "rabbitmq_web_mqtt.ssl_config.port", [{datatype, integer}]}. {mapping, "web_mqtt.ssl.certfile", "rabbitmq_web_mqtt.ssl_config.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "web_mqtt.ssl.keyfile", "rabbitmq_web_mqtt.ssl_config.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "web_mqtt.ssl.cacertfile", "rabbitmq_web_mqtt.ssl_config.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "web_mqtt.ssl.password", "rabbitmq_web_mqtt.ssl_config.password", [{datatype, [tagged_binary, binary]}]}. diff --git a/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/ca_certificate.pem b/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/ca_certificate.pem new file mode 100644 index 000000000000..14342cbc6956 --- /dev/null +++ b/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/ca_certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL +BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0 +VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa +Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290 +Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN +Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO +VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le +XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+ +Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY +x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB +AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG +XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y +kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/ +1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3 +H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU +zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX +M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq +CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw== +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/cacert.pem b/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/cacert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/cacert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/cert.pem b/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/cert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/cert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/key.pem b/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/key.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/key.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/server_certificate.pem b/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/server_certificate.pem new file mode 100644 index 000000000000..76b473ceb11a --- /dev/null +++ b/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/server_certificate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH +ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w +CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES +MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN +4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF +rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn +0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2 +bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb +Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD +VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd +BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp +yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2 +ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG +kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM +7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l +I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk +8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT +mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R +Oc6FM20= +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/server_key.pem b/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/server_key.pem new file mode 100644 index 000000000000..0fd267064015 --- /dev/null +++ b/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/certs/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+ +R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83 +XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT +AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN +13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg +ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b +WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0 +cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P +8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh +wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/ +qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy +ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7 +fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB +8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI +T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5 +gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw +GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY +Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU +6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC +txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG +fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz +yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y +YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M +MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo +Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56 +IXyt2dPxMIunzSDmAdcLGhFd +-----END PRIVATE KEY----- diff --git a/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/rabbitmq_web_mqtt.snippets b/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/rabbitmq_web_mqtt.snippets index 4d592eee3124..b9859dd41552 100644 --- a/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/rabbitmq_web_mqtt.snippets +++ b/deps/rabbitmq_web_mqtt/test/web_mqtt_config_schema_SUITE_data/rabbitmq_web_mqtt.snippets @@ -73,18 +73,18 @@ {ssl_with_listener, "web_mqtt.ssl.listener = 127.0.0.2:15671 web_mqtt.ssl.backlog = 1024 - web_mqtt.ssl.certfile = test/web_mqtt_config_schema_SUITE_data/certs/cert.pem - web_mqtt.ssl.keyfile = test/web_mqtt_config_schema_SUITE_data/certs/key.pem - web_mqtt.ssl.cacertfile = test/web_mqtt_config_schema_SUITE_data/certs/cacert.pem + web_mqtt.ssl.certfile = test/web_mqtt_config_schema_SUITE_data/certs/server_certificate.pem + web_mqtt.ssl.keyfile = test/web_mqtt_config_schema_SUITE_data/certs/server_key.pem + web_mqtt.ssl.cacertfile = test/web_mqtt_config_schema_SUITE_data/certs/ca_certificate.pem web_mqtt.ssl.password = changeme", [{rabbitmq_web_mqtt, [{ssl_config, [{ip,"127.0.0.2"}, {port,15671}, {backlog,1024}, - {certfile,"test/web_mqtt_config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/web_mqtt_config_schema_SUITE_data/certs/key.pem"}, - {cacertfile,"test/web_mqtt_config_schema_SUITE_data/certs/cacert.pem"}, + {certfile,"test/web_mqtt_config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/web_mqtt_config_schema_SUITE_data/certs/server_key.pem"}, + {cacertfile,"test/web_mqtt_config_schema_SUITE_data/certs/ca_certificate.pem"}, {password,<<"changeme">>}]}]}], [rabbitmq_web_mqtt]}, @@ -92,9 +92,9 @@ "web_mqtt.ssl.ip = 127.0.0.2 web_mqtt.ssl.port = 15671 web_mqtt.ssl.backlog = 1024 - web_mqtt.ssl.certfile = test/web_mqtt_config_schema_SUITE_data/certs/cert.pem - web_mqtt.ssl.keyfile = test/web_mqtt_config_schema_SUITE_data/certs/key.pem - web_mqtt.ssl.cacertfile = test/web_mqtt_config_schema_SUITE_data/certs/cacert.pem + web_mqtt.ssl.certfile = test/web_mqtt_config_schema_SUITE_data/certs/server_certificate.pem + web_mqtt.ssl.keyfile = test/web_mqtt_config_schema_SUITE_data/certs/server_key.pem + web_mqtt.ssl.cacertfile = test/web_mqtt_config_schema_SUITE_data/certs/ca_certificate.pem web_mqtt.ssl.password = changeme web_mqtt.ssl.versions.tls1_2 = tlsv1.2 @@ -105,9 +105,9 @@ {ip,"127.0.0.2"}, {port,15671}, {backlog,1024}, - {certfile,"test/web_mqtt_config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/web_mqtt_config_schema_SUITE_data/certs/key.pem"}, - {cacertfile,"test/web_mqtt_config_schema_SUITE_data/certs/cacert.pem"}, + {certfile,"test/web_mqtt_config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/web_mqtt_config_schema_SUITE_data/certs/server_key.pem"}, + {cacertfile,"test/web_mqtt_config_schema_SUITE_data/certs/ca_certificate.pem"}, {password,<<"changeme">>}, {versions,['tlsv1.2','tlsv1.1']} @@ -117,9 +117,9 @@ {ssl_ciphers, "web_mqtt.ssl.port = 15671 web_mqtt.ssl.backlog = 1024 - web_mqtt.ssl.certfile = test/web_mqtt_config_schema_SUITE_data/certs/cert.pem - web_mqtt.ssl.keyfile = test/web_mqtt_config_schema_SUITE_data/certs/key.pem - web_mqtt.ssl.cacertfile = test/web_mqtt_config_schema_SUITE_data/certs/cacert.pem + web_mqtt.ssl.certfile = test/web_mqtt_config_schema_SUITE_data/certs/server_certificate.pem + web_mqtt.ssl.keyfile = test/web_mqtt_config_schema_SUITE_data/certs/server_key.pem + web_mqtt.ssl.cacertfile = test/web_mqtt_config_schema_SUITE_data/certs/ca_certificate.pem web_mqtt.ssl.password = changeme web_mqtt.ssl.honor_cipher_order = true @@ -142,9 +142,9 @@ [{ssl_config, [{port,15671}, {backlog,1024}, - {certfile,"test/web_mqtt_config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/web_mqtt_config_schema_SUITE_data/certs/key.pem"}, - {cacertfile,"test/web_mqtt_config_schema_SUITE_data/certs/cacert.pem"}, + {certfile,"test/web_mqtt_config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/web_mqtt_config_schema_SUITE_data/certs/server_key.pem"}, + {cacertfile,"test/web_mqtt_config_schema_SUITE_data/certs/ca_certificate.pem"}, {password,<<"changeme">>}, {honor_cipher_order, true}, diff --git a/deps/rabbitmq_web_stomp/priv/schema/rabbitmq_web_stomp.schema b/deps/rabbitmq_web_stomp/priv/schema/rabbitmq_web_stomp.schema index d09e1945d448..7371f073a695 100644 --- a/deps/rabbitmq_web_stomp/priv/schema/rabbitmq_web_stomp.schema +++ b/deps/rabbitmq_web_stomp/priv/schema/rabbitmq_web_stomp.schema @@ -59,11 +59,11 @@ {mapping, "web_stomp.ssl.ip", "rabbitmq_web_stomp.ssl_config.ip", [{datatype, string}, {validators, ["is_ip"]}]}. {mapping, "web_stomp.ssl.certfile", "rabbitmq_web_stomp.ssl_config.certfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "web_stomp.ssl.keyfile", "rabbitmq_web_stomp.ssl_config.keyfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "web_stomp.ssl.cacertfile", "rabbitmq_web_stomp.ssl_config.cacertfile", - [{datatype, string}, {validators, ["file_accessible"]}]}. + [{datatype, string}, {validators, ["pem_file"]}]}. {mapping, "web_stomp.ssl.password", "rabbitmq_web_stomp.ssl_config.password", [{datatype, [tagged_binary, binary]}]}. diff --git a/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/ca_certificate.pem b/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/ca_certificate.pem new file mode 100644 index 000000000000..14342cbc6956 --- /dev/null +++ b/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/ca_certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIUfEM6fv9A+IzNCfjV/aJtTyh16BgwDQYJKoZIhvcNAQEL +BQAwSzE6MDgGA1UEAwwxVExTR2VuU2VsZlNpZ25lZFJvb3RDQSAyMDI1LTEyLTA0 +VDE1OjA1OjIwLjEyMjA2ODENMAsGA1UEBwwEJCQkJDAeFw0yNTEyMDQyMzA1MjBa +Fw0zNTEyMDIyMzA1MjBaMEsxOjA4BgNVBAMMMVRMU0dlblNlbGZTaWduZWRSb290 +Q0EgMjAyNS0xMi0wNFQxNTowNToyMC4xMjIwNjgxDTALBgNVBAcMBCQkJCQwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGxxlb5vnDOG6pw8n3QGHLZ2LN +Ewo6PUO3LqvCb0JBfGYUSBEC/ICt8xJrYgobnuH+/3j5IkzJKxxN2vpNtQoD1/vO +VjfmFvQCrfEO2p3IBcEiC7T/bKtK0iT42u3cqRdj+DRREpI+hVT/JhUcL8axj3Le +XlOPTqwxuGMtlgdtRZynVuQ8n1oZQga05g3RCum68qNzwxMz4V0tfvQfBnMSeGk+ +Qs+pxRICz/Nn741FA6QUfw8QIDhnQTfg1Smp9YH88tRe++R7DV3Zu79HA2Vmc8LY +x929lBbh6tk6TyexQ2NX5fVX1yRMYnX7c5eDtyJ46rFNr0iL8+lleHm4EdT7AgMB +AAGjYDBeMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTG +XQWR1ynJd3W5OdXJbx6YkELzGzAfBgNVHSMEGDAWgBTGXQWR1ynJd3W5OdXJbx6Y +kELzGzANBgkqhkiG9w0BAQsFAAOCAQEALk5UCQc5k0HKyc1R33fcePDMuD9RsM2/ +1BWG8GMhA4kAOBnChmAtEyoAFsmWj3CyoP2Jx7+/JpKl9280qpwYcYIgeYLztTD3 +H5Jtdg46nuN+iP1dDZyM2RImwjpSlN2n8WMdZpjXlfV3e1BQT5zFPX8/WVti55LU +zQNfyPKbljV4tWJuD49m0SwpdvInFvRaLIv+Ni4QLLvX8nV9UAfDzyKwCWRdUOIX +M3i9k6/nTucawYwM8Kism79dGL3LPJ0IzwATqYtZ5tIPBUvqShwtICjX4h90LWkq +CkuhiC1niGBR5zp4U57MTV78527JT66YhskQ/K+tyIKR2woo9IVPiw== +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/cacert.pem b/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/cacert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/cacert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/cert.pem b/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/cert.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/cert.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/key.pem b/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/key.pem deleted file mode 100644 index eaf6b67806ce..000000000000 --- a/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/key.pem +++ /dev/null @@ -1 +0,0 @@ -I'm not a certificate diff --git a/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/server_certificate.pem b/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/server_certificate.pem new file mode 100644 index 000000000000..76b473ceb11a --- /dev/null +++ b/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/server_certificate.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBATANBgkqhkiG9w0BAQsFADBLMTowOAYDVQQDDDFUTFNH +ZW5TZWxmU2lnbmVkUm9vdENBIDIwMjUtMTItMDRUMTU6MDU6MjAuMTIyMDY4MQ0w +CwYDVQQHDAQkJCQkMB4XDTI1MTIwNDIzMDUyMFoXDTM1MTIwMjIzMDUyMFowJTES +MBAGA1UEAwwJbG9jYWxob3N0MQ8wDQYDVQQKDAZzZXJ2ZXIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQClzAFmpTOQFJy+R1mybjlE6K3O7YPpL7W1kFYN +4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83XYNLatRmedYLWHL+AmMDRndF +rNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmTAcuNC+VgDDdk1W1CipjZInQn +0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN13+Np5wA3oTaJ4K+2/f/mru2 +bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmgULggXwG240vJ1YV6QH3voTxb +Q2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2bWvEd/cv1AgMBAAGjgdUwgdIw +CQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMAYD +VR0RBCkwJ4IJbG9jYWxob3N0gg9TRUEtM0xHNUhWSlVXSkuCCWxvY2FsaG9zdDAd +BgNVHQ4EFgQU2zObX89sXUACpKmBqwI7Ri1Qx/kwHwYDVR0jBBgwFoAUxl0Fkdcp +yXd1uTnVyW8emJBC8xswMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC1zZXJ2 +ZXI6ODAwMC9iYXNpYy5jcmwwDQYJKoZIhvcNAQELBQADggEBAA38RwebMkjnebaG +kHMqH3Skayr/gmD9futx9zGDBx2h848j8y5+RuQj0e4v1U6MM07qniqj5oaNbHHM +7rbv96NPoYrP7aiDJRtr28yCKZ4NWwoEOJnRq/FlUcx3ybthhYK8VXisJj/BYr1l +I2jWi86/mUFmfC+f38eeot0t7nPJ+BG4gpQ76mb2t14QHBzr0n4edpHteqX3zrAk +8nBExGDBfjauYYRKKmxVogRck+KXZsI/9xbseZ1WmbDpBmQgkpt9hrlgqkvA83pT +mwP8vA/OYnN2RNfQ4pLnuMs7musauU7ef/ZRD0CB9kRLyvnFJ8udCipO/Q3AKn2R +Oc6FM20= +-----END CERTIFICATE----- diff --git a/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/server_key.pem b/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/server_key.pem new file mode 100644 index 000000000000..0fd267064015 --- /dev/null +++ b/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/certs/server_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQClzAFmpTOQFJy+ +R1mybjlE6K3O7YPpL7W1kFYN4fXOt6QgDGXsJ+eHQBcNd2O4t+24syiEc+HQgM83 +XYNLatRmedYLWHL+AmMDRndFrNRKag6W0+xlAuy95q4wwWLcU5KkrHZu2DKvfzmT +AcuNC+VgDDdk1W1CipjZInQn0VmHuTeUmePLw13kXoiV+k9MjWi9zU8GBOHn19RN +13+Np5wA3oTaJ4K+2/f/mru2bTCbDEAiHmXZ6M4BW3dg3NyERT1mhLNkijPpGRmg +ULggXwG240vJ1YV6QH3voTxbQ2uGoJBOZ2pjjCv7ORsuyyt+TwYJnrs0qcSwWh2b +WvEd/cv1AgMBAAECggEAAisLsYBoDxuvnKFCc2ul8W820BbU/fUPqIOlA+A/MyF0 +cq5qQPGGyowbQ1rIqJlrcRoS+BsG2A+lc8kmPZOiUTl3KG7AyMnxs5oVskkY6y4P +8tnHICichpg5bSTeRf1n8A+2mA/ZFPrNnzGQNX2qFaE2smBo2NWrhGRDIYgHJnNh +wnkPDA3Mn0qqZKxY7tyIhJw/y4s1spcvZCiK7qV3x4PxRPPFx+8owjXYa5pedvY/ +qcGfT2Jma9YNYEgnSMnkuU+bLn6iQrQCfFTDJn9UBMwvZSu6bK+1F+JdhC/XBBIy +ZuFfTp2HJYEKOk1IT149T5ONx39GsRi8DLzDv1Dq4QKBgQDYAUBNWXpyC6dwCYz7 +fQKiogPD61fTOJSuKARUJyCJ/W0qK1Zb0RXySa7831lGljeAOw8M85lwT2ap81QB +8Wah8i/R61X5lVaZERVFJbT+DCoPEjL54Qqn+NbQzJDGTkVvG7k5WYpHBT95zrjI +T6IxiyPrNe34a+L7u35StW19VQKBgQDEft5H7aRjshivUyn9wOpn43c8ajRZ/FS5 +gkhntthGqj7R+M7y5H0n1XeTGG3LC/1TSkh51GvHlEO0Hp1Tx4xinkaLkODKtsNw +GokbZxQn9urkeNPbN8sasSFfaY1Xw9nn1ZsHeDbmbyPRLCiFqLPGWZZpOcOwa1cY +Y2k3iL4UIQKBgQDAN9zQ+F9OPbCyss0SvxwpPaO8JSHyhNdKY7H2cRszsKIEdKxU +6KtvAMMHpHn9po+dPPEXxW810nK5qh+H2xpJ4wtK8vF/OLXnYJxc/EEkEg8bekaC +txCUiYwgIupyjhSb2z/pGRVEPhdOffdRygu7quY72bH674b+HMs9LtZQQQKBgEHG +fj3xrN+6lEzMN/g7hbv1BsrweknND8dxdy9Qo6E0CAddlFj2Z3bYHEjfGpGnl8sz +yIMPumx6kxdOUDflSncQqGi7vKPe/hkeqNrFbJfcLdEBKVnumUx8EsHPoYLJir3y +YQzlDuugNIsmjwH+8P7qqlDbB0idBfCiBmySl55BAoGBAL+WzTUS6JaRszpTHh2M +MQpRYNGBxvJTafPBwy+uOxKUZph5aGt8yuniC4530QdxrAovi++ek8+NJeMOSTCo +Mc+xkBuxCy505l8gKrnj97jtLxbzOiFp2ArFRqMm/9x70ZkO5HIX16AAgUABuP56 +IXyt2dPxMIunzSDmAdcLGhFd +-----END PRIVATE KEY----- diff --git a/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/rabbitmq_web_stomp.snippets b/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/rabbitmq_web_stomp.snippets index fc901e2d05a4..b707aa313fdc 100644 --- a/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/rabbitmq_web_stomp.snippets +++ b/deps/rabbitmq_web_stomp/test/config_schema_SUITE_data/rabbitmq_web_stomp.snippets @@ -67,27 +67,27 @@ {ssl_with_listener, "web_stomp.ssl.listener = 127.0.0.2:15671 web_stomp.ssl.backlog = 1024 - web_stomp.ssl.certfile = test/config_schema_SUITE_data/certs/cert.pem - web_stomp.ssl.keyfile = test/config_schema_SUITE_data/certs/key.pem - web_stomp.ssl.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem + web_stomp.ssl.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + web_stomp.ssl.keyfile = test/config_schema_SUITE_data/certs/server_key.pem + web_stomp.ssl.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem web_stomp.ssl.password = changeme", [{rabbitmq_web_stomp, [{ssl_config, [{ip,"127.0.0.2"}, {port,15671}, {backlog,1024}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, + {cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, {password,<<"changeme">>}]}]}], [rabbitmq_web_stomp]}, {ssl, "web_stomp.ssl.port = 15671 web_stomp.ssl.backlog = 1024 - web_stomp.ssl.certfile = test/config_schema_SUITE_data/certs/cert.pem - web_stomp.ssl.keyfile = test/config_schema_SUITE_data/certs/key.pem - web_stomp.ssl.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem + web_stomp.ssl.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + web_stomp.ssl.keyfile = test/config_schema_SUITE_data/certs/server_key.pem + web_stomp.ssl.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem web_stomp.ssl.password = changeme web_stomp.ssl.versions.tls1_2 = tlsv1.2 @@ -96,9 +96,9 @@ [{ssl_config, [{port,15671}, {backlog,1024}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, + {cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, {password,<<"changeme">>}, {versions,['tlsv1.2','tlsv1.1']} @@ -108,9 +108,9 @@ {ssl_ciphers, "web_stomp.ssl.port = 15671 web_stomp.ssl.backlog = 1024 - web_stomp.ssl.certfile = test/config_schema_SUITE_data/certs/cert.pem - web_stomp.ssl.keyfile = test/config_schema_SUITE_data/certs/key.pem - web_stomp.ssl.cacertfile = test/config_schema_SUITE_data/certs/cacert.pem + web_stomp.ssl.certfile = test/config_schema_SUITE_data/certs/server_certificate.pem + web_stomp.ssl.keyfile = test/config_schema_SUITE_data/certs/server_key.pem + web_stomp.ssl.cacertfile = test/config_schema_SUITE_data/certs/ca_certificate.pem web_stomp.ssl.password = changeme web_stomp.ssl.honor_cipher_order = true @@ -133,9 +133,9 @@ [{ssl_config, [{port,15671}, {backlog,1024}, - {certfile,"test/config_schema_SUITE_data/certs/cert.pem"}, - {keyfile,"test/config_schema_SUITE_data/certs/key.pem"}, - {cacertfile,"test/config_schema_SUITE_data/certs/cacert.pem"}, + {certfile,"test/config_schema_SUITE_data/certs/server_certificate.pem"}, + {keyfile,"test/config_schema_SUITE_data/certs/server_key.pem"}, + {cacertfile,"test/config_schema_SUITE_data/certs/ca_certificate.pem"}, {password,<<"changeme">>}, {honor_cipher_order, true},