diff --git a/server/configs/tls/certs/nats.crt b/server/configs/tls/certs/nats.crt new file mode 100644 index 00000000..f56f9ef9 --- /dev/null +++ b/server/configs/tls/certs/nats.crt @@ -0,0 +1,88 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c8:77:4b:d6:10:0a:9f:f3 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=San Francisco, O=Apcera Inc, OU=NATS Testing, CN=apcera.me:4443/emailAddress=derek@nats.io + Validity + Not Before: Oct 21 12:44:12 2015 GMT + Not After : Oct 20 12:44:12 2016 GMT + Subject: C=US, ST=California, L=San Francisco, O=Apcera Inc, OU=NATS Testing, CN=apcera.me:4443/emailAddress=derek@nats.io + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:a1:e3:36:e3:e4:88:53:e8:b7:37:56:96:c9:a8: + 1d:0a:53:d2:b8:87:96:b3:aa:35:26:f2:e6:20:65: + f2:6a:6f:31:e1:0d:44:82:fc:97:bc:3e:db:c9:25: + 68:ee:81:84:b9:88:49:bf:cc:46:46:68:8c:fa:0e: + 05:9a:3d:0f:cc:90:54:0a:58:ee:3e:85:fe:64:75: + 85:49:17:a1:ed:10:04:6d:34:22:1e:81:d0:ca:4c: + ec:a4:1c:e6:fd:7d:a0:05:b4:3c:e3:5d:e8:32:8e: + a6:04:a6:af:42:cd:09:15:39:12:9b:7c:32:9d:ce: + 3e:06:aa:bf:13:98:36:ff:b1:f7:aa:1d:f1:fe:ba: + 1d:c2:38:86:52:ce:7e:d3:86:44:8c:2f:65:e3:50: + 4a:67:22:e2:39:51:ab:30:0e:e3:a8:ce:c9:9a:d1: + 9f:4c:1c:25:49:da:fa:b7:a1:0f:8e:d6:c0:d6:6d: + 05:22:cc:58:06:fa:7c:4a:b0:b9:ab:d5:e6:0b:60: + 48:ed:cf:c8:46:ab:e1:fa:55:91:88:21:8d:e0:fc: + 21:21:26:3f:a5:9f:b5:95:40:59:27:03:84:3f:2c: + 61:b2:2b:5b:e0:75:5c:fb:70:eb:c3:d3:3a:3a:e8: + 2e:47:7e:3d:51:82:7a:b8:b4:8e:17:ff:e4:0d:fb: + 86:5f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 1E:A4:01:43:CF:10:7B:1A:A8:47:40:90:13:CE:5B:66:4C:B4:3B:69 + X509v3 Authority Key Identifier: + keyid:1E:A4:01:43:CF:10:7B:1A:A8:47:40:90:13:CE:5B:66:4C:B4:3B:69 + DirName:/C=US/ST=California/L=San Francisco/O=Apcera Inc/OU=NATS Testing/CN=apcera.me:4443/emailAddress=derek@nats.io + serial:C8:77:4B:D6:10:0A:9F:F3 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 8c:4c:4a:36:de:84:81:9e:fa:25:0c:50:d1:dd:96:33:34:f9: + 7a:f2:40:ed:9b:14:af:86:1e:f0:32:bc:03:67:96:fe:34:16: + 2e:92:9b:97:c1:76:93:04:d7:d6:e1:d0:75:66:a2:0e:2b:1a: + 60:ac:df:e6:14:78:ef:32:3a:91:e8:19:4c:e5:25:5b:ee:3f: + 77:5a:30:2e:f1:e2:0b:cb:33:80:af:ec:71:f4:c2:eb:4f:14: + 5a:b4:c7:df:d9:86:7a:ef:23:fc:c2:fd:35:00:e0:77:4c:50: + d3:b7:f6:ca:4b:5b:19:26:6a:8e:53:66:6a:e5:fc:7f:46:54: + 7f:78:ad:98:45:e4:66:9b:78:7b:e4:8e:da:13:50:2c:a1:6b: + 03:6d:a7:36:b9:f8:10:ed:e4:23:02:d8:9f:0f:f7:fe:6e:c8: + 75:58:8d:34:bf:45:52:58:8c:d0:86:09:e4:aa:6d:61:d8:8c: + d1:1d:fb:f1:4c:3d:d5:dc:9e:17:49:d8:2f:8c:b1:34:aa:81: + 93:de:50:c0:f7:c7:17:83:7f:66:a0:d2:c5:8c:63:70:b6:34: + 0b:0a:77:41:41:19:ca:92:8a:ed:02:e6:98:62:e6:66:8f:2f: + 46:16:b6:71:b2:4a:76:15:ba:ce:a8:7a:a1:3a:44:d1:84:12: + b8:61:97:bf +-----BEGIN CERTIFICATE----- +MIIExzCCA6+gAwIBAgIJAMh3S9YQCp/zMA0GCSqGSIb3DQEBBQUAMIGdMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j +aXNjbzETMBEGA1UEChMKQXBjZXJhIEluYzEVMBMGA1UECxMMTkFUUyBUZXN0aW5n +MRcwFQYDVQQDEw5hcGNlcmEubWU6NDQ0MzEcMBoGCSqGSIb3DQEJARYNZGVyZWtA +bmF0cy5pbzAeFw0xNTEwMjExMjQ0MTJaFw0xNjEwMjAxMjQ0MTJaMIGdMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j +aXNjbzETMBEGA1UEChMKQXBjZXJhIEluYzEVMBMGA1UECxMMTkFUUyBUZXN0aW5n +MRcwFQYDVQQDEw5hcGNlcmEubWU6NDQ0MzEcMBoGCSqGSIb3DQEJARYNZGVyZWtA +bmF0cy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKHjNuPkiFPo +tzdWlsmoHQpT0riHlrOqNSby5iBl8mpvMeENRIL8l7w+28klaO6BhLmISb/MRkZo +jPoOBZo9D8yQVApY7j6F/mR1hUkXoe0QBG00Ih6B0MpM7KQc5v19oAW0PONd6DKO +pgSmr0LNCRU5Ept8Mp3OPgaqvxOYNv+x96od8f66HcI4hlLOftOGRIwvZeNQSmci +4jlRqzAO46jOyZrRn0wcJUna+rehD47WwNZtBSLMWAb6fEqwuavV5gtgSO3PyEar +4fpVkYghjeD8ISEmP6WftZVAWScDhD8sYbIrW+B1XPtw68PTOjroLkd+PVGCeri0 +jhf/5A37hl8CAwEAAaOCAQYwggECMB0GA1UdDgQWBBQepAFDzxB7GqhHQJATzltm +TLQ7aTCB0gYDVR0jBIHKMIHHgBQepAFDzxB7GqhHQJATzltmTLQ7aaGBo6SBoDCB +nTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh +biBGcmFuY2lzY28xEzARBgNVBAoTCkFwY2VyYSBJbmMxFTATBgNVBAsTDE5BVFMg +VGVzdGluZzEXMBUGA1UEAxMOYXBjZXJhLm1lOjQ0NDMxHDAaBgkqhkiG9w0BCQEW +DWRlcmVrQG5hdHMuaW+CCQDId0vWEAqf8zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3 +DQEBBQUAA4IBAQCMTEo23oSBnvolDFDR3ZYzNPl68kDtmxSvhh7wMrwDZ5b+NBYu +kpuXwXaTBNfW4dB1ZqIOKxpgrN/mFHjvMjqR6BlM5SVb7j93WjAu8eILyzOAr+xx +9MLrTxRatMff2YZ67yP8wv01AOB3TFDTt/bKS1sZJmqOU2Zq5fx/RlR/eK2YReRm +m3h75I7aE1AsoWsDbac2ufgQ7eQjAtifD/f+bsh1WI00v0VSWIzQhgnkqm1h2IzR +HfvxTD3V3J4XSdgvjLE0qoGT3lDA98cXg39moNLFjGNwtjQLCndBQRnKkortAuaY +YuZmjy9GFrZxskp2FbrOqHqhOkTRhBK4YZe/ +-----END CERTIFICATE----- diff --git a/server/configs/tls/certs/nats.key b/server/configs/tls/certs/nats.key new file mode 100644 index 00000000..81507bfe --- /dev/null +++ b/server/configs/tls/certs/nats.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAoeM24+SIU+i3N1aWyagdClPSuIeWs6o1JvLmIGXyam8x4Q1E +gvyXvD7bySVo7oGEuYhJv8xGRmiM+g4Fmj0PzJBUCljuPoX+ZHWFSReh7RAEbTQi +HoHQykzspBzm/X2gBbQ8413oMo6mBKavQs0JFTkSm3wync4+Bqq/E5g2/7H3qh3x +/rodwjiGUs5+04ZEjC9l41BKZyLiOVGrMA7jqM7JmtGfTBwlSdr6t6EPjtbA1m0F +IsxYBvp8SrC5q9XmC2BI7c/IRqvh+lWRiCGN4PwhISY/pZ+1lUBZJwOEPyxhsitb +4HVc+3Drw9M6OuguR349UYJ6uLSOF//kDfuGXwIDAQABAoIBABVtHzy2aJzCdk1q +tnZmO8G8Km2l9Ho/Et3e1DqBg742jWF+Ag1cJTETGL/cpbC7j7eGpEwwWzTCbbZC +2Nb7MfYfPCBKeO3piiv9qfBsok/gCNXzSnjDMcE0wTVPZfsy/1UB7/Uf3rWiT7LZ +5ORwgr0+WoodvA1K2MbFHpkXUmAxFevx6reGmWYlx8UPbyS9PfONHt2SfG8wVmcJ +n3qqw5Flywp8uDCTrd8L/yM54onq4RCZ/iSKLphLjOFgWzx2PnuRog4obNJtAlHC +jTcrW1/QCgwU9J2uBfMvzQLWwgU6prlrh20k42UbWknqoozwdSW7N3vEawt3ri5Z +c76wkGECgYEA0xj+AbZ6FyqA5lJbebSZs1KpBsgcJK5LI/XAvKnlLNnKXIi5uT2l +SM37j9/G5BhnrOIUuc756WJrX5CTqkXHvc5eINO1sR4o1uTf3H44JKWXFBanzdvO +DXI11a0810AbJEiXqz7e/ldEovVsBWJCMtv+F7j7TCNG4qlPMa7xhCcCgYEAxFKP +mR2nHlvFJQYUkiGRpTYg82utNiQhifwGUjZK0kBeMXH10fL2K1KOx/OfrlTOQmyN +OC/db88sFtsh0sD44SzkAUS0iP8FWlWYrm+ZLWc1xkOaOcDE294p+BgX3xxTLKWK +dO9gKsG5MxscZ8yTvX67jRmfeiRAlVr8bPOKtwkCgYAWSH8XozGEHIJ6zZrGYCAR +Y9pf0uPVo2hfJWPxBmYgs+S+m9gvC6jU5Jl3eIHANitLfpn9ezG6Rx9aeSJ9SNxq +1svs3yxAxBQ/iu1ukwxOIgSupC2Wd2tq0/GG2sCfYC79R4RrGTnk00V1hj6e2t5u +C/bofihYwyiKaKDpd7Qa5QKBgBt3dZG1fVkY+8cHR79+JNNZdFi6Gty1R1/3u6aq +4+LwkH0YdYzvEhPTlBhTdGa+hLD0YPmYcMGg2YlFFUFYMDnIvwmSZDO6gjQ2P4tA +H80jYHmhoaUs3B3qwjJspIJZgyV+75UWnHy+57tHsryu+YiMf47pI8/B3KtItIJF +vIWJAoGAXoQbPCdxl//vVxvlnKl8TTlaW0GYJk+GAow6V3s/nMmMQKlFuurZpHcT +cmYkpTbTOgVhhmgqr8Iw7qIRS95NzfjbsV6wzbFJZNI/pU5tJAtcFgsmaTA5Uxck +BQZmojzJgiQ1cZT9BCKAeuwi5G/tKyJzA6Q1zSbSs8HrHV1BU98= +-----END RSA PRIVATE KEY----- diff --git a/server/configs/tls/test.conf b/server/configs/tls/test.conf new file mode 100644 index 00000000..85880f19 --- /dev/null +++ b/server/configs/tls/test.conf @@ -0,0 +1,16 @@ + +# Simple TLS config file + +port: 4443 +net: apcera.me # net interface + +tls { + cert_file: "./configs/tls/certs/nats.crt" + key_file: "./configs/tls/certs/nats.key" +} + +authorization { + user: derek + password: buckley + timeout: 1 +} diff --git a/test/configs/certs/localhost.crt b/test/configs/certs/localhost.crt new file mode 100644 index 00000000..244fa57d --- /dev/null +++ b/test/configs/certs/localhost.crt @@ -0,0 +1,89 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + bf:bc:38:a0:02:6d:12:1f + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=San Francisco, O=Apcera Inc, OU=NATS Testing, CN=nats://localhost:4443//emailAddress=derek@nats.io + Validity + Not Before: Oct 21 23:34:25 2015 GMT + Not After : Nov 20 23:34:25 2015 GMT + Subject: C=US, ST=California, L=San Francisco, O=Apcera Inc, OU=NATS Testing, CN=nats://localhost:4443//emailAddress=derek@nats.io + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:c9:21:1f:b0:92:24:09:21:84:35:92:86:9c:88: + c7:7b:1d:24:94:31:f6:e5:1e:0f:75:01:0a:bf:26: + b3:47:3b:f7:2c:07:01:3f:58:54:ec:00:ef:7c:72: + 70:d9:dd:9a:00:4b:3d:5d:69:3a:ca:7f:7a:71:ce: + 88:38:5a:5c:5b:f8:a9:da:fa:db:4a:9c:d1:00:3c: + ae:b4:c4:f3:d0:7a:6a:fc:98:1c:e9:bf:73:13:9e: + 84:8b:2b:84:9f:2e:9a:f6:6f:a6:15:5e:67:38:9d: + 5b:26:86:ed:fa:ba:ba:ac:67:c8:fe:46:b2:d0:b3: + 62:1a:75:f3:ef:13:fb:94:96:8b:52:ee:4f:65:58: + 73:0f:b9:31:ff:2f:ef:af:99:ab:54:7c:5e:cb:a3: + a1:ec:ff:cb:78:96:8c:f3:eb:63:0e:dc:df:c1:69: + e8:4b:0e:0b:b5:83:ab:f5:49:5e:41:c4:68:e3:58: + a6:b0:a4:fa:c0:7e:3a:6d:9a:dc:b4:0f:ef:24:a4: + dc:a1:d2:f4:31:0e:b1:7f:00:37:41:1f:77:c7:07: + a2:9f:bf:07:2e:f7:55:7f:69:58:c2:30:ed:6e:d4: + 6e:27:79:35:59:44:92:0a:ce:9b:25:ff:1f:1e:00: + 2a:70:17:9a:22:d2:1b:b0:c8:63:33:83:91:2f:ca: + e3:cf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B7:FA:28:75:23:46:9F:20:38:A7:77:55:24:F4:EC:FA:B2:66:A8:61 + X509v3 Authority Key Identifier: + keyid:B7:FA:28:75:23:46:9F:20:38:A7:77:55:24:F4:EC:FA:B2:66:A8:61 + DirName:/C=US/ST=California/L=San Francisco/O=Apcera Inc/OU=NATS Testing/CN=nats://localhost:4443//emailAddress=derek@nats.io + serial:BF:BC:38:A0:02:6D:12:1F + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 70:63:bd:94:cf:6a:15:05:0a:29:7b:98:e0:40:32:69:90:90: + b6:31:02:35:7c:d2:50:01:ee:83:31:a7:db:b2:82:17:3d:46: + 18:08:fb:e6:e0:b2:ba:30:b1:c7:48:85:3a:be:51:fb:4d:9d: + 1b:0c:7f:eb:8b:6d:8a:6d:07:e0:40:d0:af:53:71:8a:86:13: + 0c:9f:59:df:01:84:7f:8c:f3:0d:ed:c4:78:03:6a:79:d8:de: + 3e:68:c7:7f:bb:fa:91:95:15:69:a3:41:51:6e:bf:d9:6a:42: + 7c:a3:4c:62:91:23:d1:e2:b8:26:94:cf:95:01:ee:c0:3f:ec: + 66:99:28:5a:dc:e8:72:89:9c:55:16:e4:69:68:cc:a3:4b:50: + c5:d5:77:a7:9c:e8:7f:d0:d1:91:67:a1:95:3d:43:ba:fb:6b: + 9d:4f:80:35:5c:56:b9:71:ce:04:e0:67:89:89:7d:b2:25:08: + b4:89:44:44:c3:ff:f3:d2:25:9a:72:5f:c4:7b:50:b7:6a:cd: + 20:02:10:61:c3:a9:0c:3c:62:9d:96:68:9b:45:92:83:ba:43: + 48:c5:01:36:4c:fe:ca:e5:35:fd:43:72:57:2d:7d:13:74:94: + bb:08:66:be:92:65:85:1c:f0:8d:c3:06:23:e9:da:3f:2c:2e: + 61:d8:dc:f8 +-----BEGIN CERTIFICATE----- +MIIE3zCCA8egAwIBAgIJAL+8OKACbRIfMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j +aXNjbzETMBEGA1UEChMKQXBjZXJhIEluYzEVMBMGA1UECxMMTkFUUyBUZXN0aW5n +MR8wHQYDVQQDExZuYXRzOi8vbG9jYWxob3N0OjQ0NDMvMRwwGgYJKoZIhvcNAQkB +Fg1kZXJla0BuYXRzLmlvMB4XDTE1MTAyMTIzMzQyNVoXDTE1MTEyMDIzMzQyNVow +gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T +YW4gRnJhbmNpc2NvMRMwEQYDVQQKEwpBcGNlcmEgSW5jMRUwEwYDVQQLEwxOQVRT +IFRlc3RpbmcxHzAdBgNVBAMTFm5hdHM6Ly9sb2NhbGhvc3Q6NDQ0My8xHDAaBgkq +hkiG9w0BCQEWDWRlcmVrQG5hdHMuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDJIR+wkiQJIYQ1koaciMd7HSSUMfblHg91AQq/JrNHO/csBwE/WFTs +AO98cnDZ3ZoASz1daTrKf3pxzog4Wlxb+Kna+ttKnNEAPK60xPPQemr8mBzpv3MT +noSLK4SfLpr2b6YVXmc4nVsmhu36urqsZ8j+RrLQs2IadfPvE/uUlotS7k9lWHMP +uTH/L++vmatUfF7Lo6Hs/8t4lozz62MO3N/BaehLDgu1g6v1SV5BxGjjWKawpPrA +fjptmty0D+8kpNyh0vQxDrF/ADdBH3fHB6Kfvwcu91V/aVjCMO1u1G4neTVZRJIK +zpsl/x8eACpwF5oi0huwyGMzg5EvyuPPAgMBAAGjggEOMIIBCjAdBgNVHQ4EFgQU +t/oodSNGnyA4p3dVJPTs+rJmqGEwgdoGA1UdIwSB0jCBz4AUt/oodSNGnyA4p3dV +JPTs+rJmqGGhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y +bmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQKEwpBcGNlcmEgSW5j +MRUwEwYDVQQLEwxOQVRTIFRlc3RpbmcxHzAdBgNVBAMTFm5hdHM6Ly9sb2NhbGhv +c3Q6NDQ0My8xHDAaBgkqhkiG9w0BCQEWDWRlcmVrQG5hdHMuaW+CCQC/vDigAm0S +HzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBwY72Uz2oVBQope5jg +QDJpkJC2MQI1fNJQAe6DMafbsoIXPUYYCPvm4LK6MLHHSIU6vlH7TZ0bDH/ri22K +bQfgQNCvU3GKhhMMn1nfAYR/jPMN7cR4A2p52N4+aMd/u/qRlRVpo0FRbr/ZakJ8 +o0xikSPR4rgmlM+VAe7AP+xmmSha3OhyiZxVFuRpaMyjS1DF1XennOh/0NGRZ6GV +PUO6+2udT4A1XFa5cc4E4GeJiX2yJQi0iUREw//z0iWacl/Ee1C3as0gAhBhw6kM +PGKdlmibRZKDukNIxQE2TP7K5TX9Q3JXLX0TdJS7CGa+kmWFHPCNwwYj6do/LC5h +2Nz4 +-----END CERTIFICATE----- diff --git a/test/configs/certs/localhost.key b/test/configs/certs/localhost.key new file mode 100644 index 00000000..b872dd58 --- /dev/null +++ b/test/configs/certs/localhost.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAySEfsJIkCSGENZKGnIjHex0klDH25R4PdQEKvyazRzv3LAcB +P1hU7ADvfHJw2d2aAEs9XWk6yn96cc6IOFpcW/ip2vrbSpzRADyutMTz0Hpq/Jgc +6b9zE56EiyuEny6a9m+mFV5nOJ1bJobt+rq6rGfI/kay0LNiGnXz7xP7lJaLUu5P +ZVhzD7kx/y/vr5mrVHxey6Oh7P/LeJaM8+tjDtzfwWnoSw4LtYOr9UleQcRo41im +sKT6wH46bZrctA/vJKTcodL0MQ6xfwA3QR93xwein78HLvdVf2lYwjDtbtRuJ3k1 +WUSSCs6bJf8fHgAqcBeaItIbsMhjM4ORL8rjzwIDAQABAoIBAQDGbomnWOd4orqf +aCqqsT+ttTjrhMgDkD7LvvVtVa82rnDT3S1b47gVB28/pmC0ca+IbrLiP/mi41ZY +hd1bS7snehOKWkiUOlbxFu1+p3msy7pV73VHIH1Wc+Rsscisi/yS+eAv4O2Rq53M +Sv7rieK2ScbBJ9svkGtPk+PQkjR5iLTThpQYSZGlMkBXhzBC8AhYzjx55fSAgW5R +QkMSWzGsNiO6H2yszoSBAsGz9n0ntkI4njOPRAJTYOxLr8WsZksaaBNJxEmVKpOp +f9xSpXTHadNPTdE2X6pbrcyXKv0lV1QNWAUCw/Gy/nnDasCxBfaQQF0L0iQkZXRf +KRzZwjyBAoGBAPHCjlcthYCa4j1FABGptbNcj9mqK40tNGx7ySw70e2IipW1VimO +570PdPMS7LobNqH3IOJl4aFW5YCNBArXwCYZ9Pk9Gq+l5uREBaOv85vK1+mbTeOW +NHkFS/dlrvr2FkCyqmStAZ9U0v3rJ9mDIor/cL9Ahmu77HxwU2M5qobhAoGBANT5 +6ILkkb7nQ390MkqL94O4ZAnCNO4Kk+v9tenqBGVBHR293FXmXegGkHMYSWUF2C4r +cjKDUcA2yTZ/Y2IWzGj2d1vR5ygB1KlBhX4vVIP/jKcDkQJiqnQIj8VqswqI8UNE +8pkKrdDEoa4GjWw3hDtE4c/KD2EoD+pjAM99PrCvAoGAOy1ufjRsW2CORIUhUTGD +gpYDuDoJUxNfo7ZhNeympEgp9B9hKecLHqIr9FwLijqjEt5VNFXP9xg4MVFTTfwl +0q3D40Zrw9cOP43O+5RUQyxR0aLsW+smiQEc6UAApvmZ1NhnESGwJfozc2geZwXM +bM2+IXJ/9NsZNhSgtMcm0MECgYAsVEwSGpM/ghFpkPz6yUFemF2yLksoFOmPIELi +CkSZ8sCltSQMeSOorN0aJ773GQ1TJtXhL7YvZPfisQc1nnszicF0Si9sA12JUUsA +5ccYpnNXPAXN0k2aU0HhnIDhu3lEQDCirDdbkeH5QAHluXR7ha3euzcSSO1vIuZD +SdVnnwKBgEitmCzRIFb2PYTkJnjcaXuXXdZzVZtx0s2rNSKqQyRGK5lQ3tqVibHI +ddtkUZayQfcc6f9ZFd8Qof83skgLYEjeYQCn2FTV/NfZ2I0scgG7PSZ0iQmFUt8h +fzdtNAJ4ERhVJ8nJe4MLKgLGGkpNokq+mFSnC9BSVeIVbnx8QfQX +-----END RSA PRIVATE KEY----- diff --git a/test/configs/certs/nats.crt b/test/configs/certs/nats.crt new file mode 100644 index 00000000..f56f9ef9 --- /dev/null +++ b/test/configs/certs/nats.crt @@ -0,0 +1,88 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c8:77:4b:d6:10:0a:9f:f3 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=San Francisco, O=Apcera Inc, OU=NATS Testing, CN=apcera.me:4443/emailAddress=derek@nats.io + Validity + Not Before: Oct 21 12:44:12 2015 GMT + Not After : Oct 20 12:44:12 2016 GMT + Subject: C=US, ST=California, L=San Francisco, O=Apcera Inc, OU=NATS Testing, CN=apcera.me:4443/emailAddress=derek@nats.io + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:a1:e3:36:e3:e4:88:53:e8:b7:37:56:96:c9:a8: + 1d:0a:53:d2:b8:87:96:b3:aa:35:26:f2:e6:20:65: + f2:6a:6f:31:e1:0d:44:82:fc:97:bc:3e:db:c9:25: + 68:ee:81:84:b9:88:49:bf:cc:46:46:68:8c:fa:0e: + 05:9a:3d:0f:cc:90:54:0a:58:ee:3e:85:fe:64:75: + 85:49:17:a1:ed:10:04:6d:34:22:1e:81:d0:ca:4c: + ec:a4:1c:e6:fd:7d:a0:05:b4:3c:e3:5d:e8:32:8e: + a6:04:a6:af:42:cd:09:15:39:12:9b:7c:32:9d:ce: + 3e:06:aa:bf:13:98:36:ff:b1:f7:aa:1d:f1:fe:ba: + 1d:c2:38:86:52:ce:7e:d3:86:44:8c:2f:65:e3:50: + 4a:67:22:e2:39:51:ab:30:0e:e3:a8:ce:c9:9a:d1: + 9f:4c:1c:25:49:da:fa:b7:a1:0f:8e:d6:c0:d6:6d: + 05:22:cc:58:06:fa:7c:4a:b0:b9:ab:d5:e6:0b:60: + 48:ed:cf:c8:46:ab:e1:fa:55:91:88:21:8d:e0:fc: + 21:21:26:3f:a5:9f:b5:95:40:59:27:03:84:3f:2c: + 61:b2:2b:5b:e0:75:5c:fb:70:eb:c3:d3:3a:3a:e8: + 2e:47:7e:3d:51:82:7a:b8:b4:8e:17:ff:e4:0d:fb: + 86:5f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 1E:A4:01:43:CF:10:7B:1A:A8:47:40:90:13:CE:5B:66:4C:B4:3B:69 + X509v3 Authority Key Identifier: + keyid:1E:A4:01:43:CF:10:7B:1A:A8:47:40:90:13:CE:5B:66:4C:B4:3B:69 + DirName:/C=US/ST=California/L=San Francisco/O=Apcera Inc/OU=NATS Testing/CN=apcera.me:4443/emailAddress=derek@nats.io + serial:C8:77:4B:D6:10:0A:9F:F3 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 8c:4c:4a:36:de:84:81:9e:fa:25:0c:50:d1:dd:96:33:34:f9: + 7a:f2:40:ed:9b:14:af:86:1e:f0:32:bc:03:67:96:fe:34:16: + 2e:92:9b:97:c1:76:93:04:d7:d6:e1:d0:75:66:a2:0e:2b:1a: + 60:ac:df:e6:14:78:ef:32:3a:91:e8:19:4c:e5:25:5b:ee:3f: + 77:5a:30:2e:f1:e2:0b:cb:33:80:af:ec:71:f4:c2:eb:4f:14: + 5a:b4:c7:df:d9:86:7a:ef:23:fc:c2:fd:35:00:e0:77:4c:50: + d3:b7:f6:ca:4b:5b:19:26:6a:8e:53:66:6a:e5:fc:7f:46:54: + 7f:78:ad:98:45:e4:66:9b:78:7b:e4:8e:da:13:50:2c:a1:6b: + 03:6d:a7:36:b9:f8:10:ed:e4:23:02:d8:9f:0f:f7:fe:6e:c8: + 75:58:8d:34:bf:45:52:58:8c:d0:86:09:e4:aa:6d:61:d8:8c: + d1:1d:fb:f1:4c:3d:d5:dc:9e:17:49:d8:2f:8c:b1:34:aa:81: + 93:de:50:c0:f7:c7:17:83:7f:66:a0:d2:c5:8c:63:70:b6:34: + 0b:0a:77:41:41:19:ca:92:8a:ed:02:e6:98:62:e6:66:8f:2f: + 46:16:b6:71:b2:4a:76:15:ba:ce:a8:7a:a1:3a:44:d1:84:12: + b8:61:97:bf +-----BEGIN CERTIFICATE----- +MIIExzCCA6+gAwIBAgIJAMh3S9YQCp/zMA0GCSqGSIb3DQEBBQUAMIGdMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j +aXNjbzETMBEGA1UEChMKQXBjZXJhIEluYzEVMBMGA1UECxMMTkFUUyBUZXN0aW5n +MRcwFQYDVQQDEw5hcGNlcmEubWU6NDQ0MzEcMBoGCSqGSIb3DQEJARYNZGVyZWtA +bmF0cy5pbzAeFw0xNTEwMjExMjQ0MTJaFw0xNjEwMjAxMjQ0MTJaMIGdMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j +aXNjbzETMBEGA1UEChMKQXBjZXJhIEluYzEVMBMGA1UECxMMTkFUUyBUZXN0aW5n +MRcwFQYDVQQDEw5hcGNlcmEubWU6NDQ0MzEcMBoGCSqGSIb3DQEJARYNZGVyZWtA +bmF0cy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKHjNuPkiFPo +tzdWlsmoHQpT0riHlrOqNSby5iBl8mpvMeENRIL8l7w+28klaO6BhLmISb/MRkZo +jPoOBZo9D8yQVApY7j6F/mR1hUkXoe0QBG00Ih6B0MpM7KQc5v19oAW0PONd6DKO +pgSmr0LNCRU5Ept8Mp3OPgaqvxOYNv+x96od8f66HcI4hlLOftOGRIwvZeNQSmci +4jlRqzAO46jOyZrRn0wcJUna+rehD47WwNZtBSLMWAb6fEqwuavV5gtgSO3PyEar +4fpVkYghjeD8ISEmP6WftZVAWScDhD8sYbIrW+B1XPtw68PTOjroLkd+PVGCeri0 +jhf/5A37hl8CAwEAAaOCAQYwggECMB0GA1UdDgQWBBQepAFDzxB7GqhHQJATzltm +TLQ7aTCB0gYDVR0jBIHKMIHHgBQepAFDzxB7GqhHQJATzltmTLQ7aaGBo6SBoDCB +nTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh +biBGcmFuY2lzY28xEzARBgNVBAoTCkFwY2VyYSBJbmMxFTATBgNVBAsTDE5BVFMg +VGVzdGluZzEXMBUGA1UEAxMOYXBjZXJhLm1lOjQ0NDMxHDAaBgkqhkiG9w0BCQEW +DWRlcmVrQG5hdHMuaW+CCQDId0vWEAqf8zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3 +DQEBBQUAA4IBAQCMTEo23oSBnvolDFDR3ZYzNPl68kDtmxSvhh7wMrwDZ5b+NBYu +kpuXwXaTBNfW4dB1ZqIOKxpgrN/mFHjvMjqR6BlM5SVb7j93WjAu8eILyzOAr+xx +9MLrTxRatMff2YZ67yP8wv01AOB3TFDTt/bKS1sZJmqOU2Zq5fx/RlR/eK2YReRm +m3h75I7aE1AsoWsDbac2ufgQ7eQjAtifD/f+bsh1WI00v0VSWIzQhgnkqm1h2IzR +HfvxTD3V3J4XSdgvjLE0qoGT3lDA98cXg39moNLFjGNwtjQLCndBQRnKkortAuaY +YuZmjy9GFrZxskp2FbrOqHqhOkTRhBK4YZe/ +-----END CERTIFICATE----- diff --git a/test/configs/certs/nats.key b/test/configs/certs/nats.key new file mode 100644 index 00000000..81507bfe --- /dev/null +++ b/test/configs/certs/nats.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAoeM24+SIU+i3N1aWyagdClPSuIeWs6o1JvLmIGXyam8x4Q1E +gvyXvD7bySVo7oGEuYhJv8xGRmiM+g4Fmj0PzJBUCljuPoX+ZHWFSReh7RAEbTQi +HoHQykzspBzm/X2gBbQ8413oMo6mBKavQs0JFTkSm3wync4+Bqq/E5g2/7H3qh3x +/rodwjiGUs5+04ZEjC9l41BKZyLiOVGrMA7jqM7JmtGfTBwlSdr6t6EPjtbA1m0F +IsxYBvp8SrC5q9XmC2BI7c/IRqvh+lWRiCGN4PwhISY/pZ+1lUBZJwOEPyxhsitb +4HVc+3Drw9M6OuguR349UYJ6uLSOF//kDfuGXwIDAQABAoIBABVtHzy2aJzCdk1q +tnZmO8G8Km2l9Ho/Et3e1DqBg742jWF+Ag1cJTETGL/cpbC7j7eGpEwwWzTCbbZC +2Nb7MfYfPCBKeO3piiv9qfBsok/gCNXzSnjDMcE0wTVPZfsy/1UB7/Uf3rWiT7LZ +5ORwgr0+WoodvA1K2MbFHpkXUmAxFevx6reGmWYlx8UPbyS9PfONHt2SfG8wVmcJ +n3qqw5Flywp8uDCTrd8L/yM54onq4RCZ/iSKLphLjOFgWzx2PnuRog4obNJtAlHC +jTcrW1/QCgwU9J2uBfMvzQLWwgU6prlrh20k42UbWknqoozwdSW7N3vEawt3ri5Z +c76wkGECgYEA0xj+AbZ6FyqA5lJbebSZs1KpBsgcJK5LI/XAvKnlLNnKXIi5uT2l +SM37j9/G5BhnrOIUuc756WJrX5CTqkXHvc5eINO1sR4o1uTf3H44JKWXFBanzdvO +DXI11a0810AbJEiXqz7e/ldEovVsBWJCMtv+F7j7TCNG4qlPMa7xhCcCgYEAxFKP +mR2nHlvFJQYUkiGRpTYg82utNiQhifwGUjZK0kBeMXH10fL2K1KOx/OfrlTOQmyN +OC/db88sFtsh0sD44SzkAUS0iP8FWlWYrm+ZLWc1xkOaOcDE294p+BgX3xxTLKWK +dO9gKsG5MxscZ8yTvX67jRmfeiRAlVr8bPOKtwkCgYAWSH8XozGEHIJ6zZrGYCAR +Y9pf0uPVo2hfJWPxBmYgs+S+m9gvC6jU5Jl3eIHANitLfpn9ezG6Rx9aeSJ9SNxq +1svs3yxAxBQ/iu1ukwxOIgSupC2Wd2tq0/GG2sCfYC79R4RrGTnk00V1hj6e2t5u +C/bofihYwyiKaKDpd7Qa5QKBgBt3dZG1fVkY+8cHR79+JNNZdFi6Gty1R1/3u6aq +4+LwkH0YdYzvEhPTlBhTdGa+hLD0YPmYcMGg2YlFFUFYMDnIvwmSZDO6gjQ2P4tA +H80jYHmhoaUs3B3qwjJspIJZgyV+75UWnHy+57tHsryu+YiMf47pI8/B3KtItIJF +vIWJAoGAXoQbPCdxl//vVxvlnKl8TTlaW0GYJk+GAow6V3s/nMmMQKlFuurZpHcT +cmYkpTbTOgVhhmgqr8Iw7qIRS95NzfjbsV6wzbFJZNI/pU5tJAtcFgsmaTA5Uxck +BQZmojzJgiQ1cZT9BCKAeuwi5G/tKyJzA6Q1zSbSs8HrHV1BU98= +-----END RSA PRIVATE KEY----- diff --git a/test/configs/tls.conf b/test/configs/tls.conf new file mode 100644 index 00000000..66702a76 --- /dev/null +++ b/test/configs/tls.conf @@ -0,0 +1,16 @@ + +# Simple TLS config file + +port: 4443 +net: localhost + +tls { + cert_file: "./configs/certs/localhost.crt" + key_file: "./configs/certs/localhost.key" +} + +authorization { + user: derek + password: boo + timeout: 1 +} diff --git a/test/tls_test.go b/test/tls_test.go new file mode 100644 index 00000000..b4955579 --- /dev/null +++ b/test/tls_test.go @@ -0,0 +1,75 @@ +// Copyright 2015 Apcera Inc. All rights reserved. + +package test + +import ( + "crypto/tls" + "crypto/x509" + "fmt" + "testing" + + "github.com/nats-io/nats" +) + +func TestTLSConnection(t *testing.T) { + srv, opts := RunServerWithConfig("./configs/tls.conf") + defer srv.Shutdown() + + endpoint := fmt.Sprintf("%s:%d", opts.Host, opts.Port) + nurl := fmt.Sprintf("nats://%s/", endpoint) + nc, err := nats.Connect(nurl) + if err == nil { + t.Fatalf("Expected error trying to connect to secure server") + } + + // Do simple SecureConnect + nc, err = nats.SecureConnect(nurl) + if err == nil { + t.Fatalf("Expected error trying to connect to secure server with no auth") + } + + // Add in the user/pass + purl := fmt.Sprintf("nats://%s:%s@%s/", opts.Username, opts.Password, endpoint) + + nc, err = nats.SecureConnect(purl) + if err != nil { + t.Fatalf("Got an error on SecureConnect: %+v\n", err) + } + subj := "foo-tls" + sub, _ := nc.SubscribeSync(subj) + + nc.Publish(subj, []byte("We are Secure!")) + nc.Flush() + nmsgs, _ := sub.QueuedMsgs() + if nmsgs != 1 { + t.Fatalf("Expected to receive a message over the TLS connection") + } + defer nc.Close() + + // Now do more advanced checking + + // Setup our own TLSConfig using Root from our self signed cert. + pool := x509.NewCertPool() + pool.AddCert(opts.TLSConfig.Certificates[0].Leaf) + + config := &tls.Config{ + ServerName: nurl, + RootCAs: pool, + MinVersion: tls.VersionTLS12, + } + + copts := nats.DefaultOptions + copts.Url = purl + copts.Secure = true + copts.TLSConfig = config + + nc, err = copts.Connect() + if err != nil { + t.Fatalf("Got an error on Connect with Secure Options: %+v\n", err) + } + nc.Flush() + defer nc.Close() + + // nc.conn = tls.Client(nc.conn, &tls.Config{ServerName: nc.url.String()}) + +}