From 80ea0eb24a0fa66134af6f7f4b38a82e352b3b83 Mon Sep 17 00:00:00 2001 From: mck Date: Fri, 6 Sep 2024 07:36:46 +0200 Subject: [PATCH 1/6] Mark Marcus King and Jens-W. Schicke-Uffmann as agreed to donate contributions to ASF ref: https://github.com/apache/cassandra-gocql-driver/issues/1751 patch by Mick Semb Wever; reviewed by Martin Sucha for CASSANDRA-19723 --- NOTICE | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/NOTICE b/NOTICE index a536d75f8..1a3642f41 100644 --- a/NOTICE +++ b/NOTICE @@ -117,7 +117,7 @@ Frederic Hemery * Pekka Enberg * Mark M Bartosz Burclaf * -Marcus King +Marcus King * Andrew de Andrade Robert Nix Nathan Youngman * @@ -166,7 +166,7 @@ Maxim Vladimirskiy * Bogdan-Ciprian Rusu Yuto Doi * Krishna Vadali -Jens-W. Schicke-Uffmann +Jens-W. Schicke-Uffmann * Ondrej Polakovič * Sergei Karetnikov * Stefan Miklosovic * From 685ed423ce2280b57407997573e260980264351e Mon Sep 17 00:00:00 2001 From: mck Date: Wed, 11 Sep 2024 14:16:30 +0200 Subject: [PATCH 2/6] Mark Matt Heath as agreed to donate contributions to ASF ref: #1751 patch by Mick Semb Wever; reviewed by James Hartig for CASSANDRA-19723 --- NOTICE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NOTICE b/NOTICE index 1a3642f41..f4447175c 100644 --- a/NOTICE +++ b/NOTICE @@ -90,7 +90,7 @@ Zach Badgett Maciek Sakrejda * Jeff Mitchell Baptiste Fontaine * -Matt Heath +Matt Heath * Jamie Cuthill Adrian Casajus * John Weldon * From f9b495bceaff82f2d0a05e6cb88f2b454ac8e0a4 Mon Sep 17 00:00:00 2001 From: Andy Tolbert <6889771+tolbertam@users.noreply.github.com> Date: Sun, 25 Aug 2024 19:53:09 -0500 Subject: [PATCH 3/6] Regenerate testdata/pki and include script for regenerating The existing certificates in testdata/pki expire on September 16 2024. This commit includes a 'generate_certs.sh' script for regenerating private keys and certificates as needed. As I couldn't find the original steps used to generate these, it's possible these certificates are generated differently, but they are done in a nominal way. One slight derivation with the original certificates is that I have opted to use PKCS12 format instead of the propertiary java JKS format for the .truststore and .keystore file. The cassandra and gocql certificates also embed a spiffe in the SAN so they can eventually be used for mTLS authentication testing. patch by Andy Tolbert; reviewed by Bret McGuire for CASSANDRA-19862 --- testdata/pki/.keystore | Bin 2178 -> 3905 bytes testdata/pki/.truststore | Bin 882 -> 1317 bytes testdata/pki/ca.cnf | 12 +++ testdata/pki/ca.crt | 134 +++++++++++++++++++++---- testdata/pki/ca.key | 82 ++++++++++------ testdata/pki/cassandra.cnf | 16 +++ testdata/pki/cassandra.crt | 174 ++++++++++++++++++++------------- testdata/pki/cassandra.key | 79 ++++++++++----- testdata/pki/generate_certs.sh | 98 +++++++++++++++++++ testdata/pki/gocql.cnf | 16 +++ testdata/pki/gocql.crt | 173 +++++++++++++++++++------------- testdata/pki/gocql.key | 79 ++++++++++----- 12 files changed, 629 insertions(+), 234 deletions(-) create mode 100644 testdata/pki/ca.cnf create mode 100644 testdata/pki/cassandra.cnf create mode 100644 testdata/pki/generate_certs.sh create mode 100644 testdata/pki/gocql.cnf diff --git a/testdata/pki/.keystore b/testdata/pki/.keystore index 7608b94cf02d29202ff0039ef36c38b52aeccbaf..ca78872f0ce23566b603ebf990714961ba9c006b 100644 GIT binary patch literal 3905 zcmYk9WmprA_QyA1AmOM{N{2KIBnQGqk5W1mWORe0!BG-QZgjUGAfSMBBN754NFyC1 z6_F0Fzx)3`_ud!h#rd3g^*zt?JvaL|`v3rd;BNr`9i%oWFE5n4EgJQg;PNJo#{dA* zC}=ooI224wCP)k<0tygN1A!m_Q8=ml>Yr?EhPWWxHS^-@=Hapz5J7oV*~p;cl%OAbD*H5g{OtJjk6r6ht#+-O_V{f3RQ@| zM+xNqR`GNj=f(}gDegoIEVxTp#4#O~!QVr8!_DiE)wLTGAXtVMd>OFEx9rA1T6Kp< z$VX&vqPOhOSrCoYRi;TBEw|~yv@NmozE*(?082}YytX_KGH&lX>q_Mrl`i{a26(RR zpCY@qfFAfaGy$qY=}T^cc(Zqy!~00lUApa2Sj(VY{ZM%*;Y&P>W6JnJuEnsqoCGV$ zt)C?u9HUZ!Q5gYi4tcw%{n6B$gSR3#SR`DSqVo0j6fvkU*S>q|AvAa~(P|!#*7`b*2-?FL#w~dZzModTIG= zJB#T(rK|sS)|dR8qi1lIv1lzjI8gF8cgur)RiT@EOg@QTr|I(E>|_%a*5FxLW1BSx zr50m79?jG|x3|%~x3N0%ZHdOsf~6XgQ++%-umKJJXFB>;nVu2^l@tsD%ezlL9pUj% zA5xv?4K!lsHc7?uQ_Dw&1MvDGnwIedKR+S7d#P+M%T>MZwb6^JzJwQ&c8wgqy`4;R zN?{qe{zwV77sZ)Z=Vyi1smI_QI!(y=>!?pNC|JUBag|JHJ90!S2J;yG+ zk}3oZbDjr9oLHXARfl79utYi6LtM<>~IPR^V0|M~?MeD*IZWUj*Gp>S1 zwFses!~zqI>|sO3si8)H;{kat>@bhbL*IUq-Q3}(;9V!z3yiT>S6;(AsM+m}do6b- zlgVA4eeZT%%zKgp?+OGNQdW7_HSolY7fOP=P`NE++&`P(%=uT{TSfd~bd~9XtdsHa zysA1qYeS2s_SpnLQH{i^v~W2k*`SOkoZD;IGT@`p3*CMv9wm%V74j<=-D#je8oS>r z4STzIxfzp$Bv)C`Z3MO=sb0H^X=l7o!!-hoh4|+S*zAFRvRDonB?bt#=h|lIwfY!# zH!aMiFTe+Fbv{iv5(jL4zt?R+iRdWJE%)m=Hphm4&gbBnO~qe%G180`He_5^-^xB$ zD-xP)DxGe(M$}1~`w4G$h?!2o--f){^-WfooZADimj&6Kfq+99ZTlO$4Luih{b+@q+ zqfcJzcUa+wBEM~MXe^)l(b7^xRoFc2@b^leoSPqk zhUc>;Zs|(=@usXP7NwPO5UwmFG`dIkGs;8F3t{df|3Jgqc^WUA z1H#FeVWko>jFEDIlR+5QL{+fNb%8i_GvCMYjxCdOGp(0}3Z%Lrh1Xn%?-U{{fvNQn*<^9e`A)X|;^V42ktj2UeyFO^$wq^F6!fB;G?S$_rRSU80hb+4L z;A+JO`HL5P&Gzy&w!!TSXNvvIRmu%vuV0X*f6Bw@EUUWpOI@fYknRU#obFe9RfB{( z0XJ4-f%?@C;xWM*hqe_+GhzX+8OM-O@MWv*_H(|iwT#$F7%=Xr?ej5DZ!~Tt;Vi;w zA_(=MFhel5@PT7REiUQ!P$#M!Ug88i+dHU{+8?*+Q4L0o_RDqZef{bbs&&B z;zTtinhaU^;ty|TTGV;}_#%zsgPx)%;?;T)_;G<3ox%CFWk!Ge183NHtK<5Z_10yH zoUYz#BQAq20!*};#e65bBrB0{OM9%UtNw$-Q#0!8o8mu#uHpvBZWawj`Z(Z8497zP zl*R`iVQ3zJpQ6@!VIa-yz-gQ54RE!L*;#!ZCTJdcBkJA=Wo_+m z9M;U9?VY5pLwu~4*`csM@TK#03QINszu8lZN_yp>GIGr^|8P}AR?B)RL?`dz>lkl! zQf3$AH~1zfmTb*8Y{R=OP5+`l84d}1< zg3)-ji~p?>@$8-rNxTVJfmKhf{{lN+`<$FL#*k|7ZqUWR$Y(S7c$xG$!a%}W;KOH~ zr*Y;H^zFZmnhzPbdRnXJ4InpVbzk_FmES6yJo;sn>M9I#!_=i(gVxdRku7INP>%8y zh$c_`9w&nt(Kk^)sTnz)sdG)-HOIP2kPZbvDPzu}r9-!>PB5%c=HMg2n)NNRcy#^a#GU|T z?Dy?LxXHvQ6%5YxStR<~kL0exX*=fkWM6_6`@AQM4xF2>vQQrue9%mxH;kd#NLOk2 zt%xIQ7isY7M;}=arSABn`%d#lZ_?WHCD1y&>@k!XtbGh;57xFeyxjxFxMw&HCMkdY zv>0HwTy8M#KT)S|dsoG&Dw2n}sGwNkIo5wk!nIdSIz1qLozH{D&#I)|Cp4}X6ZEtN zPntX{Jk^iaZUJV5JpA%?U-5(?fxS}qX%gXFXuYFyKu67q?t~`tN#Ca-FzDX~4P+`J z36%u^K+mAzAU9|@p-}-L0g!+I!q}?I+}W%$Y}zmN+G4Y@Jpr4#1HDa5DiEa+b$S~J zBnJVYx5dbzq{M_qM1&LsHYg}N!)LBenXO2A)EMi5Q_1gu-Qs1ctGdFGBIy%^w+~>#(tWD zkGnC6_n*|sKToF$Z2vB2cIPA96Q_na*B!$iw>IX}uXxPg_m(|*NT+yNv9iQ#w@SM* z7~DOyC3lBZzY;^*xag~5i2Vt)=BJ5R>E6OQc>bJBQ51a}B3|#VKpD*S_ zw8PuH0Ks~-lnWa(!-2`5t>{Hb5|d;0=1ep{3iP+m#z7%p3@iqjpMi?h!Fl!H?0+BXY~0IuqM8siKYMtF!86Vyo5hr zVA`GK8_z}_$t>NHvY6deCm;j@fW=|0(6FX|%Z-JWhyV(JlK&MF3ndW|ApxiWYWYt> zO=JQ!iZbx>bh5X%gNcfI+j)75{O1D^L3yHV9PLCr&<>*ifx-?RHqTszZP8A?c4$#2 zcW*lfG|Jn_!`<-j?0?&!EdT5W6VVeveC_70ja*npOBf+r{y1M`wpQd3lH8EyN)>QOxB}H}r zo#X*0N4%3k{9V@HkL^&rFuhNBTeV~z?iGxff23@)0uiwoEtj^k^4Q_jEb=jz2&+#> z3r_Fhu(@4U^XYT4Fh^{aaYz`}XEq3?EkR@U1qx-!$8F4Z3B_Wd3CcVvt4VTS^9|NR zniL=&XT;NMExdaj2Y8c5qT8C|BwN^I<&@qznF2yAZg(e{ejrXa5J7RsdW+{Ub$Z1{ z{TY7~n-DX18=*sV4$qTnW7l**NN&}fzT!|+L27W3L^^s|qals;H8PN=`p*Ha+Q;0z zIQS;kE?Dd0d(^}rsUpR8_P5B?nC-=zmp0Ng)IWeHBWP)>dy|>|eDW^RueU(NVI`|&YoRm^wrr{;ikpy%@e1Fg zmQT#t)DSI1Hqco+I7quRWN)u9DOLj3&0RF~q4%-fxTskp3VW=Vm6OAg>F(qaoco3O z^}f2yy;m^-Hq?#GR6VaG?q#`V71@7!#$WmU2sDWp(ukcLeBQ7fO2^+H)aI|L4=ft3 x{J7Jay*ND>7_#-;gn8L}%J3sT`-_pRh^$OIbXlA-;zFkHJ{r*$$-J|C_%CkpF+KnQ literal 2178 zcmZ`)c{J1w7oOiNwlT)8B3XO0)cYfhC1lT*rO5V%X37?krLu&rI%vKo?_`8} z55S73<_=cWSSo;l-J-F}Ho;!4}xEkKVdw=oqP6#+Vo7cc%AD zRt(&SeCy4kz>~4#)^X*T-K(P^oo*J1NH!+3w}K z7T!?n@@v}{hLrx497Va9hyq3jAg^sZ`BxEBV|K~C!7X&^`evL>*H2=KG(+r}tkDhp z^U){Lge=z-Qp(Ez{h^W6;V=x;8c*+t0`(>(RMy z4}05)(L*kCYO4*%&HacEZCUi~i2Cp>MTJpH^Yy_53Hx*~5|(jlyOlH2r0!1>j(=S} z(ODB!Ff>+}t5|E#MfcNcHju;GaC*$Ix*K&VeNz6Qa#o~ju*90A_P#Do(NxUj40Gb51135)Nw=Ki*Q;mv z?As;-T8=4N6MiiJT9UX`am+`Lbb z3QI5?5m+i#_0?f-t&_!*ref`soc;W(49Jenm1rA&@10qW?69_0*Vg#sYtzJ$>$8Jx zHxVt=@oysSp+kop^41siU(dm!O)GY}JNJj@d7+U%CD(@6+uO>S@tWcvw-hrK!jqj9 z>(iKNKffOR9=jS~?bPNdrxM=bo?G>W&tCl+7q4XeDshZNu6&edIjNnbOLUizO5#Zm zA# z$$9J7vio_b<(xad{%SqkK^OyWzLHhZAH0-IW@T2$WpSHY{Ba2`L`7x#P%5K{7DJwU6AHWENhzK@=;q%tGKd-Dp^Ts zqf4KdZOZd^2_vyvoN5|fr63VLVrs|KYp~%z4O3Sn&~4a;KJ15QCCg{1SSypX)gA;#SEunvf0y#H6?i~Q6t3W^IS=Eqwo8`^d{pjbSbmW?QaWQ5d5s` zX5~D|D9ai8(&iAEqu*Y`)!&p$^X#x4 z<(1wN$KVm)@ibvQ5t$1iEjEuH8>44;_HhdY(&?>{6`@CQYk@2@W@&e1YB8+_vL)l= zNgViOW-f*cDs#e>t7xdQB{j3*Ny!ti0YwFmkwvi~Ws!eW5#ex371V%0VA>!arUBxi zk~A0;fF2l#V&jx2oFn{10RR#K0R@%#L0&eP9ULaWiFFSQboayEbO*&nP)aJGhLVP| zl9IZLx|0Y>`FE)H-|+u*;Q^_Ck3Y~}7#=`FKs>+&#RC9jGFu{NI3v(d4~4O~(wrOb znq^hg#UlC@j3(R*g|yc7M#X!b+Fn+5jPk?FzOTH_qEjfTsdLNz{`9fxqW-4LYgwsq z%}>Y}b~Y*PCj*h5Xw#^_359hRebrsjFSbP~GNm6MVKVN9d>j`w5|xw{fi@m#`4!T9 zKee|dPLRum&Od#~D`O+1^LA&Zlibx6PYKGGdd^Bu(bfDsYM{e~y9)&6e5bF*u&v6M zKd=F{b-!+G;jt5TCZVAdVIn@gQ(ao^#oVA!`$AjKPSwo{!HBlC$i#K5KQ0+PFr#T? z(peK$`d+EYmZ778^^(SL?GB<0EqmZM8n}QD1!EH z<_-?yfH?s2{7n@8r0)vNcpifIEK7~KcIm8*-~Pb(33!+=Ht2^PtS~67h7#K$zX?5{ zAk|?=x2r*DO16k*m4OOQ)OD`)z_7}Zx{@jsYib-tp$ef#UF&*BmS!u~iO&G%JHEse z!y{a3miZY5l`Rpcsizd8G_TdKBynIuQ?s+&+%5zN`x8b!xIROEzpq^ey`tp~_FqUC z??c{$Q&YWJCpL#rDcpGH#>q`o30ufhE%VZg7+IkWZV&XWmUk3S&SvOSnlY~!pMf2Bivr{_Xzl00002000010000200LuS0004zp4Cqe00mesH842<00inV zf&}I;f&$K<0|Eg80u*w1EUv7OjQ=kwxE%uw+iCa!tfVjv1_>&LNQU{)4KWKa z2?hgI1Op5LV_`6Y0wORC1_>&LNQUsgCR|@v&3ruC1XL8>0y{erM;+vWy;8K9IGlnY%dUY2ZOrE&P0CN zdgVt0odFc>d8z!vn4AWjUHJb@%C+GHV(uYH#GUnj#z`1^R<$y|Pt7y-2>DkXc{IL1 zh*Vlf7&>0d?#lml?$rnW~8(Z|E@h!89jENl3&SsqjISB~qrJPlKqdrphfSl~!i=fw+23 z(oXOnZm+-seS5y7OD{2qy&{O zY6GzX-16`Se_^#PZ5Jv~pZ(IjbAJG*Oy2@X4bKt^^4=^Y-N&H;*zVV!@^J*F6x#X2 zfQn>i+m0KAR6jdq{wW_2T5cUUWDuUKsirQ0f-}eXaC?n7%B(>G0|5X5qdYJ=lP>}p ze*%Os9R>qc9S#H*1Qe0v&9Q?Q>0A(*9D##clX4$6b6YSC1_>&LNQUgx^7y@oiU>+ct6unJ+bbOiI~d zcPWws( zFJP(acS^|%g5M7jE~QU%unba3>Hd&yyt1i%pIA}o{mcVJnLg{lVHL-d_{y2<$x^)! zM$h`;74;bA8@vOQ-P#a%-GrPr-uLf*LC=9E1)$| z9F(nyXmS#A!udU9qq-cuq&G~Ax*W8b%}p$%0Ot^&)j1?Ry;k5vcN?P2O`|+keoX4U zV2Kcx(-xICf3ay`-(qevhjg5n|8YN6a%2kPI}_$h&tTBR$i>ve$jGoSKHjr5 z!Z_+z^43Xv3f}pv*1D+waJSGe*4n>FXG<1uiSnz5Ee=0bFY-@gn*3FKO+Z-t#oL?D z*-B|oPB?tG|KefYo*x&*CiI+l%Tu3pyJFK_m$lB`UhQJDq!;?WEGSx9=*4L*HSewP z1TSVO0Tpipo&p7?dz`H7#@gw#);=gS?(NUcI#$+n!}qt8=Df9UA6|GOeDGM7qGv($ zE5EMa$FiO?E`Ge`&y{7LTmL*e!R?u;_gEE(Z@12RyPR*Hpd!y+0 zi1+NzN{+L(RqYQd)SdHl*~+Ou{_;vo#&WRuTw<6IAoKH(G3NyP@700A+^=@+W`E9* zt2o7;iJ6gsadBg_L1Tk~EHKPv`B=nQM0#qTUn*nmER<4?z7n}5@KFp`%nJh-khC(3 zt$}p|Rs{8->_+7ptP_ydTI)!wxYg#WjQqojr@+NY9>1f~!nP=jC z_s&wIwCLp8lPbIulGh$h=X^Lbo99EAirvdBZ|ACtCh%*#yW` zd|E#(=nR9vv|5kCIdgP>lpda}%MrGaqkU~lxF}!gl*r~gHVMZX4u!o<$TXeqp0g(+ z`8Y>~y1DGB+ok6ZNl%!iGksN%x?{G+^QlgJe=a99MRHzQ5pd4gD);{Ow{IEZBfOQ? dR5!E*_N~y0=<#4)+UTCN?{mG4q5sQ&Zvcz}PLBWp diff --git a/testdata/pki/ca.cnf b/testdata/pki/ca.cnf new file mode 100644 index 000000000..7e271dc9b --- /dev/null +++ b/testdata/pki/ca.cnf @@ -0,0 +1,12 @@ +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +distinguished_name = dn + +[req_ext] +basicConstraints = CA:TRUE +keyUsage = digitalSignature, keyCertSign + +[dn] +CN = ca diff --git a/testdata/pki/ca.crt b/testdata/pki/ca.crt index fc3ba63f2..7ec81ba80 100644 --- a/testdata/pki/ca.crt +++ b/testdata/pki/ca.crt @@ -1,20 +1,118 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 72:78:2c:ae:ac:90:8c:ff:2f:29:b8:1d:03:0c:db:69:f8:00:ac:a4 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=ca + Validity + Not Before: Aug 29 15:51:04 2024 GMT + Not After : Aug 5 15:51:04 2124 GMT + Subject: CN=ca + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:d6:bd:ab:fa:89:83:bd:d2:62:0c:e8:f6:ce:84: + c3:44:f4:a1:73:40:b6:57:0a:f6:e9:0b:4c:65:99: + 67:79:fd:ea:7a:8e:03:b2:1e:6b:87:ca:a6:ed:86: + 05:5d:f4:50:f1:e6:cd:d2:48:4a:df:42:d5:cf:e0: + b2:86:30:9d:7d:df:b1:08:9f:9f:a3:9a:98:87:b8: + 56:62:3a:ed:c7:02:d8:0e:03:62:99:bd:48:05:0d: + c6:b9:db:fc:e9:57:6e:07:fc:da:04:df:6c:4e:8b: + 4e:65:83:cb:fb:44:b2:54:42:80:33:69:56:37:12: + af:e7:a3:02:ef:34:dc:52:03:87:02:7c:1e:ab:ac: + 9d:bc:e9:61:98:44:a5:bd:a8:82:65:ca:c8:70:1c: + ab:2a:3f:6c:2f:10:76:07:83:ba:c8:ce:44:7e:da: + 7a:e5:47:03:9d:01:14:ed:79:a9:fc:c3:98:9c:06: + 9c:5d:f8:ff:4c:ca:b5:e1:04:62:ee:21:49:c4:9d: + f5:c6:49:18:7b:56:b5:32:be:4f:cd:33:f6:08:f9: + 57:1d:79:34:be:3f:88:54:5a:47:18:3a:5e:cb:e5: + 25:4b:3a:b3:c4:e9:47:dd:59:e0:46:cb:e6:d6:83: + d6:d6:59:c8:92:69:46:1c:88:a9:d2:2d:48:2f:bb: + e6:36:51:a1:2c:60:d0:9d:c2:6b:e9:5a:74:69:af: + 40:be:94:bb:41:b3:43:68:2b:5b:21:88:64:93:2d: + 62:91:d8:80:5f:fa:c6:a3:4d:1c:95:e4:ab:cc:44: + 3f:1f:f2:9d:9a:62:29:b5:56:1a:c3:fa:b4:23:87: + f9:b9:70:64:7e:57:90:54:05:e3:ca:26:97:19:c5: + 14:99:aa:89:20:6f:e8:30:f7:c1:34:27:46:49:48: + c4:1b:a9:f0:41:95:25:52:a6:9f:4f:83:a8:ab:a6: + ca:2d:28:95:56:66:f7:81:b8:7a:4e:d2:4e:f0:1f: + 6e:af:c0:02:7d:7b:be:a4:e3:9b:ff:6e:81:b6:f4: + a7:71:b1:73:11:d1:aa:25:30:0a:50:7a:5f:01:37: + 2d:a1:94:24:a6:64:7c:9c:e8:d6:ea:3d:4f:df:a4: + 04:95:2f:6a:03:b1:02:dc:f2:f0:06:7f:61:b5:2d: + 6d:17:2a:50:9f:fd:d2:bc:73:7f:00:a7:4c:df:02: + 0d:cf:12:0a:f2:de:2c:24:dd:c7:a1:01:d8:ee:d7: + 9e:f2:71:04:a6:14:da:f9:c3:80:8a:64:67:db:8e: + 1b:84:54:3f:3b:65:fe:29:1f:10:5a:6e:1d:38:64: + 10:9e:ab:a9:a6:2e:81:82:33:c7:f8:70:7b:8d:38: + ca:ac:41 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Key Usage: + Digital Signature, Certificate Sign + X509v3 Subject Key Identifier: + 91:E4:CD:B1:83:17:E9:5C:10:99:1C:81:83:5A:93:72:1F:36:73:5B + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + b9:89:18:b6:94:bf:82:7c:12:c5:e6:90:af:c5:87:18:4b:be: + 52:84:b9:df:6f:99:bf:24:99:7b:d7:02:28:ba:23:a4:85:1f: + 27:0a:01:2b:18:94:8f:14:cc:4f:85:58:80:49:c5:48:71:36: + d9:fa:b8:3a:bb:3b:45:cb:75:f6:10:1f:e3:f4:95:a0:36:7a: + 62:9e:fb:dc:ea:ff:9e:00:ac:84:df:41:96:f1:6d:57:94:db: + 36:72:09:99:2f:35:7c:4c:4a:d9:61:77:29:92:03:d3:28:09: + 2d:d9:32:e0:10:82:44:59:5f:44:b0:95:57:2f:31:24:9b:da: + 2d:06:61:40:3b:6a:e8:8b:30:53:ae:fb:76:84:a2:db:fd:36: + 4c:19:11:a6:03:f3:03:58:f1:11:73:b5:f1:27:61:26:29:bd: + 07:77:81:0d:32:db:ae:ba:2c:b0:82:32:8b:79:22:36:14:00: + c6:db:e2:38:73:ac:ac:79:bd:d8:4b:ee:2e:54:9b:dc:e1:f4: + e1:f7:5c:54:da:47:2f:60:a9:ea:77:4a:c9:0b:82:df:0f:11: + 2e:a5:4f:73:b0:0c:52:49:e9:fe:90:6d:bc:b2:a9:7d:9f:58: + 51:e8:fd:cc:03:45:99:3e:eb:c0:61:15:c7:93:f8:ca:99:eb: + c9:52:bd:0f:46:cf:fa:e1:15:f5:18:e6:1b:bc:03:c3:41:4f: + 24:87:06:0b:53:ae:70:df:c4:40:b4:76:0d:f6:78:cf:a1:58: + d6:0c:79:d7:8a:e6:36:5a:d5:77:fb:a6:70:30:cf:ed:3f:08: + ec:f6:b7:c5:70:47:b8:49:30:3b:b2:3b:4a:3e:41:e1:72:a3: + e2:d8:0d:23:7f:f6:94:72:8c:d3:6f:cd:e0:c5:22:79:30:a9: + 2d:31:54:46:70:9b:94:6d:c2:ec:91:c2:ef:ad:73:91:30:17: + ed:1b:ae:2d:59:42:ba:bb:31:8f:cb:39:80:ce:ff:b2:15:72: + 40:13:3a:5d:7d:ed:69:b8:91:f1:65:48:56:53:81:a4:55:cc: + d8:d9:ee:a7:86:ff:fa:d7:75:f8:6d:2b:a0:35:51:1c:94:ad: + 88:68:72:12:72:c2:f9:3d:64:a3:ba:1c:bd:a4:37:4c:8c:ba: + 1c:b4:99:cd:4d:2c:a4:00:e7:10:9f:d5:39:24:3d:bd:56:e0: + 44:77:1b:a2:cc:a3:3c:56:7e:4c:ea:bd:60:89:10:96:d3:16: + 95:37:7f:b1:69:60:df:62:6e:33:87:74:9c:b0:b0:9e:b5:f4: + 6d:5b:52:c0:cb:e8:c9:d9:56:fd:3b:69:0c:19:df:ad:6a:a1: + dc:58:07:ea:df:d6:f8:2c -----BEGIN CERTIFICATE----- -MIIDLzCCAhegAwIBAgIJAIKbAXgemwsjMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV -BAMTCWNhc3NhbmRyYTAeFw0xNDA5MTkyMTE4MTNaFw0yNDA5MTYyMTE4MTNaMBQx -EjAQBgNVBAMTCWNhc3NhbmRyYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAL5fX0l1WDNa+mO1krxw7k8lfUQn+Ec4L3Mqv6IstGoNdCPq4YRA+SXRD5YC -k/UXrFBWh9Hbs849GiuTYMPdj9HDLYz40RaQjM9GbieS23iy3UStQ0tKhxaaG6FN -6XBypXFKCTsanu0TkEoDGhAkSzAMcCAC3gkFBzMrZ5qt4HEzjY9rasZ2gthN+xop -nq3t4dDkE8HGaiFJcFvqTor7xmrnAaPjrPzUpvOF/ObIC09omwg/KXdPRx4DKPon -gCMKEE3ckebKnJvbsRX3WO8H5nTHBYZ6v1JxLZz5pqmV+P0NGxldCARM0gCQUBz5 -wjMJkD/3e1ETC+q6uwfnAG0hlD8CAwEAAaOBgzCBgDAdBgNVHQ4EFgQUjHzn0nYF -iXEaI1vUWbRR4lwKXOgwRAYDVR0jBD0wO4AUjHzn0nYFiXEaI1vUWbRR4lwKXOih -GKQWMBQxEjAQBgNVBAMTCWNhc3NhbmRyYYIJAIKbAXgemwsjMAwGA1UdEwQFMAMB -Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBCYDdIhtf/Y12Et947 -am1B8TzSX+/iQ1V1J3JtvgD5F4fvNjfArat/I3D277WREUTAc76o16BCp2OBGqzO -zf9MvZPkjkAUoyU0TtPUEHyqxq4gZxbWKugIZGYkmQ1hCvSIgA5UnjRL3dylMmZb -Y33JJA2QY63FZwnhmWsM8FYZwh+8MzVCQx3mgXC/k/jS6OuYyIT/KjxQHHjyr5ZS -zAAQln1IcZycLfh1w5MtCFahCIethFcVDnWUWYPcPGDGgMJW7WBpNZdHbLxYY8cI -eCc3Hcrbdc/CG5CaLJeqUidBayjnlUIO/NNgglkJ1KhQzkM6bd+37e0AX1hLIqx7 -gIZR +MIIE5jCCAs6gAwIBAgIUcngsrqyQjP8vKbgdAwzbafgArKQwDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAwwCY2EwIBcNMjQwODI5MTU1MTA0WhgPMjEyNDA4MDUxNTUx +MDRaMA0xCzAJBgNVBAMMAmNhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEA1r2r+omDvdJiDOj2zoTDRPShc0C2Vwr26QtMZZlnef3qeo4Dsh5rh8qm7YYF +XfRQ8ebN0khK30LVz+CyhjCdfd+xCJ+fo5qYh7hWYjrtxwLYDgNimb1IBQ3Gudv8 +6VduB/zaBN9sTotOZYPL+0SyVEKAM2lWNxKv56MC7zTcUgOHAnweq6ydvOlhmESl +vaiCZcrIcByrKj9sLxB2B4O6yM5Eftp65UcDnQEU7Xmp/MOYnAacXfj/TMq14QRi +7iFJxJ31xkkYe1a1Mr5PzTP2CPlXHXk0vj+IVFpHGDpey+UlSzqzxOlH3VngRsvm +1oPW1lnIkmlGHIip0i1IL7vmNlGhLGDQncJr6Vp0aa9AvpS7QbNDaCtbIYhkky1i +kdiAX/rGo00cleSrzEQ/H/KdmmIptVYaw/q0I4f5uXBkfleQVAXjyiaXGcUUmaqJ +IG/oMPfBNCdGSUjEG6nwQZUlUqafT4Ooq6bKLSiVVmb3gbh6TtJO8B9ur8ACfXu+ +pOOb/26BtvSncbFzEdGqJTAKUHpfATctoZQkpmR8nOjW6j1P36QElS9qA7EC3PLw +Bn9htS1tFypQn/3SvHN/AKdM3wINzxIK8t4sJN3HoQHY7tee8nEEphTa+cOAimRn +244bhFQ/O2X+KR8QWm4dOGQQnquppi6BgjPH+HB7jTjKrEECAwEAAaM8MDowDAYD +VR0TBAUwAwEB/zALBgNVHQ8EBAMCAoQwHQYDVR0OBBYEFJHkzbGDF+lcEJkcgYNa +k3IfNnNbMA0GCSqGSIb3DQEBCwUAA4ICAQC5iRi2lL+CfBLF5pCvxYcYS75ShLnf +b5m/JJl71wIouiOkhR8nCgErGJSPFMxPhViAScVIcTbZ+rg6uztFy3X2EB/j9JWg +Nnpinvvc6v+eAKyE30GW8W1XlNs2cgmZLzV8TErZYXcpkgPTKAkt2TLgEIJEWV9E +sJVXLzEkm9otBmFAO2roizBTrvt2hKLb/TZMGRGmA/MDWPERc7XxJ2EmKb0Hd4EN +MtuuuiywgjKLeSI2FADG2+I4c6yseb3YS+4uVJvc4fTh91xU2kcvYKnqd0rJC4Lf +DxEupU9zsAxSSen+kG28sql9n1hR6P3MA0WZPuvAYRXHk/jKmevJUr0PRs/64RX1 +GOYbvAPDQU8khwYLU65w38RAtHYN9njPoVjWDHnXiuY2WtV3+6ZwMM/tPwjs9rfF +cEe4STA7sjtKPkHhcqPi2A0jf/aUcozTb83gxSJ5MKktMVRGcJuUbcLskcLvrXOR +MBftG64tWUK6uzGPyzmAzv+yFXJAEzpdfe1puJHxZUhWU4GkVczY2e6nhv/613X4 +bSugNVEclK2IaHIScsL5PWSjuhy9pDdMjLoctJnNTSykAOcQn9U5JD29VuBEdxui +zKM8Vn5M6r1giRCW0xaVN3+xaWDfYm4zh3ScsLCetfRtW1LAy+jJ2Vb9O2kMGd+t +aqHcWAfq39b4LA== -----END CERTIFICATE----- diff --git a/testdata/pki/ca.key b/testdata/pki/ca.key index 4360c17a2..8120e9615 100644 --- a/testdata/pki/ca.key +++ b/testdata/pki/ca.key @@ -1,30 +1,52 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,54C8072C0FF3B3A3 - -27eijmHdgB+s3beNPmU0+iz+muxMD0BVvWkDzyec/uawMv/Cn4c3mYXOcsFxS3BL -+qLT9MEttOmjqhHSaVrDYOPKoJIMpn+bVeKiR08V89icO36shEPy1feGqanagKtw -ecgzFDBTA8ZbqjAhftXlhTwxADebvNms/2aDh5Aw04vIcbo8nQ/8z1Wz8O7Firsn -kaseSTMTC6lxc+pa2V1X6mN0/2UpDi55bZbx1Z/mQ3+1CsdHOx0p7m/KY2m3ysov -XluaC0sqmzHkcwNgDhUs3Jh+apE33vXzLGU+W4BDOwrYJiL6KpspZW/mJj3OEx8B -8xdAZU3a/ei8NUA/lDStGmcYX+dOysExwJ6GMrCBm9iufZiefDQCQ8yRqWnr6Zop -lsFd+CqHNWYxfWDI1pSUBw3bsgIjevI0f0B7PxkFEF0DmIhCgB324/uqToRzGsOF -4MSVg6cSK7Sjo/u3r8r75A3aUAcY8NbR3peiZfAPMsTiUcfp4DoU+MJTqkX5PyQq -FNxHOJoARZqjjQ2IhZiUQWfIINHvZ8F9G2K7VaES8A0EATyUghqaRyeLbyI3IYdW -pGZBzrpGtdFlk9AVetHDDlY+gQiurtYhxOsxvlxJJuTj8FV+A5NWSElfPele0OiR -iprE3xkFSk3whHu5L1vnzamvdSlnBWOAE7pQD7kQA6NmcEw/tqnXK0dVdAw8RIFh -4BKgv0sNrXzBgnzE8+bKLUf1a2Byc/YKuBrI7EpSZ9/VHYvOcgmOxNxMmRS6NYd1 -Ly+agQn0AyvsDmSlBZBp8GCzVp6JYBMDKSXyPVN8+wjK9OQM0PZdEdXouMwPCOVN -oNSjhmMtfjOsnG2SZ9tRas3p0qFdfh/N/E6Q7QHG3WD3cUIEweFV9ji1FTSRUrIa -shuKug8MUfNjvDJNMsdGyf6Hi/7Iik++42Rq3ZdTy0ZVkj5snv5yBN77pr2M/J4b -M+dsXjyXPO4SDW3kP/e3RnLRlWmUv1PNdOmNDdjBBUTKgVZ3ur+4HmSY1iDvhlUF -/hz2tz3/XUKQwYuv3KJVlBhLrniXeES36GK+JQadIszrjwb5N4q4p6xrIdIR7XgR -TJCSL1NGPLeQyjK6byWLNPRcCGrvnxWs0k0ev6trMRJL1EjsIFDCJam9szhcXkZP -iYl1d7ZMKPS3cAqCjdaFRSe65cZ+qI/cqxiv122orq/jkDY7ZSA9rWywY4YnYQ7A -BqvcPzC/6K0bteXqmMQkIy/84aSnEts6ecb/4s5e5xXLhHe0dchG0HkasC/Gb+v/ -m9NOqACTerWvSD+Ecv9OvnBjP+GTlA1g7xTiRANLXsTJuiJomtxewXcV6kGZEMmZ -QWerGtPJGGUx36WRWrMiPeBfWZoIbjYGPmOO5mYNXMTjABGGWcFnKAqWUKsFihi9 -pC0OpZ7A0dtc9uSm0ZmsHUc3XENMHTeeEN+qgWxVKcMzRKEcnapu/0OcHrOUHDZf -qPoG4EkNnG9kPMq3HzvFPx3qbQ017yl87vAkWy/Edo+ojfHoNghRBVGCw1zt/BMN -eJbFFHop+rQ87omz8WIL4K+zVf91rJ0REVAJssQVDo16O5wrMo+f+c8v2GANQks5 ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDWvav6iYO90mIM +6PbOhMNE9KFzQLZXCvbpC0xlmWd5/ep6jgOyHmuHyqbthgVd9FDx5s3SSErfQtXP +4LKGMJ1937EIn5+jmpiHuFZiOu3HAtgOA2KZvUgFDca52/zpV24H/NoE32xOi05l +g8v7RLJUQoAzaVY3Eq/nowLvNNxSA4cCfB6rrJ286WGYRKW9qIJlyshwHKsqP2wv +EHYHg7rIzkR+2nrlRwOdARTtean8w5icBpxd+P9MyrXhBGLuIUnEnfXGSRh7VrUy +vk/NM/YI+VcdeTS+P4hUWkcYOl7L5SVLOrPE6UfdWeBGy+bWg9bWWciSaUYciKnS +LUgvu+Y2UaEsYNCdwmvpWnRpr0C+lLtBs0NoK1shiGSTLWKR2IBf+sajTRyV5KvM +RD8f8p2aYim1VhrD+rQjh/m5cGR+V5BUBePKJpcZxRSZqokgb+gw98E0J0ZJSMQb +qfBBlSVSpp9Pg6irpsotKJVWZveBuHpO0k7wH26vwAJ9e76k45v/boG29KdxsXMR +0aolMApQel8BNy2hlCSmZHyc6NbqPU/fpASVL2oDsQLc8vAGf2G1LW0XKlCf/dK8 +c38Ap0zfAg3PEgry3iwk3cehAdju157ycQSmFNr5w4CKZGfbjhuEVD87Zf4pHxBa +bh04ZBCeq6mmLoGCM8f4cHuNOMqsQQIDAQABAoICAA4KANgnucnLZ+08i2r9bQXx +RF9HlMqXnremE6ZbMCB4N3MwHUSKdP2mUK5PFVy+IBvTut/YXOTAKg0lvVlejLCL +bLe9AwlsJ83mGrR5vv/d/lTampo+4+cVe0kjyiLrPCtThMfN+Sogm2bk0sCO2v9j +omptPl2DxqV+ZJVRv5gXcouScWLh4L7wA+YAXu5jIBtNjzfp9+eSlYN1Y3IJH6+i +V87Y5v33jy0djzCAKsF2r1+yYvJJDByi7ni5xuOXBr6bx4ZHuYA4YmJHfoO46O+C +daD2QqEWTQoB8ouLJvvUWerTX9tfMPtjG9fx24A2YFflLy+IDs7HJ7fkJy42ITSM +DVe7BzfEr6NasKIz468EdgJ7L+GTea13RzHF+++NolEEyuQoDr/NDuBPvA53lVr6 +I/lKrtRZA+2wy1egbkTp63OYi/Xx7Pkw+pxwwZN+Ba4YLbgEc81wkSiAifhPEqWC +WxM0n/3lKMOsVOFiH9AnzdNqcGxlRbIDaMBh0y1yjksQ8gok2LLvhh7pyaU3Eje1 +PO6d2AMt9oqxAMK6AuE5Sg7aob8uKfTscd747Il2qUs8TX/uC+5go3fpqTJWzMQ9 +OtmeXhQPRNazCA/f5CJJb19lr/elkhpNSRtOlVGL53DQITREhyseMaKnv303RSV5 +fnHkpWxGlB6wKwycitYNAoIBAQDukpEPLj+khKSHpv3mUF1x+gCfyOXQ+9Ix/rWm +m/ikTXNIzDoZHexd36sc3A0woV2SKqu0q+kkyoPluxJs/Bdm1XotATdjCMEmuiSi +8Az5YSBVJ0/9aRAbOFsBEEoLU3MvuE2rJ/qm3C3Le8634J/0g7ac81e9PuncoNyj +S0koAJqjyN1P5iyAxzjyxkF1pUVylRIAAPVzS1P4+E0QymCJygq7yoT388T1Y7az +DeUyJD9vqWud6QXX8KnivFOPb6Av8vSPFtJZrZ1S3gGmaqCXOkj2id4hAhHFd9zk +mURSfv5uvM1IVk+q3iLAqfsdIJWKTSLxOexuTz3FVKesXog/AoIBAQDmbXDvTXoG +eDF7Jsy//tIBMsTANvu0oDBRiu4ym2RN1sbYAfpreKRaE6OGdhjituIn4LgYCgtx +0RWYN4dxkSqF4Iic3Sqg3ueQig1Lr9BE/1gsyZthEifE15Tq7c1LGR5YEql7rVEO +09Zn8/Ds4cKowTa34gEU7QdFaE8J7NLN6uf8c2F7w8HD4I4tmAhAaNIJ47sRcoR0 +31p0GwnhM7413bOlQp5gYbXJ1I1K8TkwfdDMena+4HwPbT4ULXKHEAF1dwTuo6G4 +vqdic/VsFp6aietjygMSXro2o7Pc9DZ8c5+4xL1VvujlLx6bn9mbQes3tlcCAHbz +666YEmduXat/AoIBAQDGRlN+vV4xWffvsa7EcjgnWLKaGXo+pHs+B8VqkagkzSWp +8+m5JDBkmFZ65rujlgjRSNtpjZJ3fEQAcuhOYXkFgxhGPQOOMCFvETcPn9f4jmsz +ujd1kZLMPJsNmD8hiJprp44NWG2trcH1opDcKzhlG+5yJJ/f7WCpd5vHrvM+5rme +s3qTQ+XqpShERNb0coX0Q8Yw8JsN1iYU/i/2a2uuOJeRGTBHbnZbxyJ5T2wTryJ1 +p+WD2L19iUt34DLGO+xyzUXJghsSYwMkctQGPgn3hX5MP6q33iNs7UBNUMACm/7T +g+BMZUdS58kUPHEx9PmzdoY623wO9ZaN4Nx1mh87AoIBAA0z2hOsAcDbJCKlP3gE +tq2g5gsJW3Sm9P3HEwzNQHsBQlVgD6QWvnv2whjTLWvYBK86PfIKqUs1KqKVE+qa +4a/YBJvQREABZY0vi8F5alp5suimCIQQUT0DCSJIy8lwv/9V2mYesRVDZ/Z+0KAR +82BN6b+xcFRtnEwKxPSRoCZyPiaFyeEYf0Kk3CCapGZkWxx78tz2DcbQgVNDtVY0 +68IUWNWwMnjdQFg3GH1hwuAXZV5B6gnXvOP5Y2QuknBQp3S+hAbUU1DNg7OtZzNx +PFcobddC3Ngxm0PEL2sKhxCsY0tn4l1GWfu/rmZGS2aM6VhA101jD228ZD2MWGbH +cSsCggEBAKdBHzVQMD5Ag/varENm08w2SCYajw6m5+sw7AkrPhkrtdFrTUtRLP1G +d20UL2yTl8p56hppZzhW7rwfcWbzGH8kIyxd6zsFFN0XB4HBKC7XpDkk1gOEDDt4 +f/2TyXyxs+P3UMkc9wHiOk5M57KU/u+Rpum3TKjN/1Nwtg7QPyKvnqHoKToLnKem +59NApfXxRPmsHQ69aabqews6khIj/ZrP3GlmBneojyX3vCFu6rLAjULOeRE9zVzu +F+JVoNFFHvLJP+RWXhqqXqQLok4CXHsM5LnZFYNzCr8+aiMmNCsuTlYmyZvvn0eu +FzJ4MqRODsXmPy21SwDKxAUMouXddvQ= +-----END PRIVATE KEY----- diff --git a/testdata/pki/cassandra.cnf b/testdata/pki/cassandra.cnf new file mode 100644 index 000000000..ec898ad99 --- /dev/null +++ b/testdata/pki/cassandra.cnf @@ -0,0 +1,16 @@ +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +distinguished_name = dn + +[dn] +CN = cassandra + +[req_ext] +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +subjectAltName = @alt_names + +[alt_names] +URI = spiffe://test.cassandra.apache.org/cassandra-gocql-driver/integrationTest/cassandra diff --git a/testdata/pki/cassandra.crt b/testdata/pki/cassandra.crt index 9d2facf9d..1d6686d8b 100644 --- a/testdata/pki/cassandra.crt +++ b/testdata/pki/cassandra.crt @@ -1,83 +1,125 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 2 (0x2) + Serial Number: + 18:bb:4e:1c:bf:b9:44:cc:58:c7:36:a5:5d:e6:b7:bd:8e:90:95:ea Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=cassandra + Issuer: CN=ca Validity - Not Before: Sep 19 21:18:48 2014 GMT - Not After : Sep 16 21:18:48 2024 GMT + Not Before: Aug 29 15:51:06 2024 GMT + Not After : Aug 5 15:51:06 2124 GMT Subject: CN=cassandra Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:e5:9c:20:9e:de:98:73:44:41:0d:37:4c:62:c3: - 9f:87:5f:9b:4f:aa:cf:f6:90:6e:a5:e0:89:88:7a: - 00:c6:bb:d7:80:87:69:2e:fa:f0:35:59:80:6e:82: - 25:c8:b3:6c:f6:a4:97:97:93:93:ea:f0:70:70:a4: - e1:b7:aa:da:c1:99:66:9b:93:04:3a:ce:0b:83:07: - 06:22:3d:a6:db:7f:68:0f:49:80:bd:86:a8:bb:54: - 6d:38:5f:0f:b0:fa:1b:97:24:ae:cc:9d:37:98:7e: - 76:cc:e3:1b:45:1b:21:25:17:02:c0:1a:c5:fb:76: - c3:8b:93:d7:c5:85:14:0a:5c:a4:12:e7:18:69:98: - f5:76:cd:78:cd:99:5a:29:65:f1:68:20:97:d3:be: - 09:b3:68:1b:f2:a3:a2:9a:73:58:53:7e:ed:86:32: - a3:5a:d5:46:03:f9:b3:b4:ec:63:71:ba:bb:fb:6f: - f9:82:63:e4:55:47:7a:7a:e4:7b:17:6b:d7:e6:cf: - 3b:c9:ab:0c:30:15:c9:ed:c7:d6:fc:b6:72:b2:14: - 7d:c7:f3:7f:8a:f4:63:70:64:8e:0f:db:e8:3a:45: - 47:cd:b9:7b:ae:c8:31:c1:52:d1:3e:34:12:b7:73: - e7:ba:89:86:9a:36:ed:a0:5a:69:d0:d4:e3:b6:16: - 85:af + Public-Key: (4096 bit) + Modulus: + 00:e4:5d:6d:9e:1c:a2:1f:00:cd:9e:67:25:05:f9: + cc:38:8a:a8:fe:52:e4:82:38:d0:f0:58:0e:f5:c1: + 7d:8f:33:5c:b3:3c:7c:97:10:7a:bd:dd:3b:59:1a: + c4:40:70:91:46:41:f9:4e:d0:90:f5:bb:b7:9f:16: + e1:6f:db:33:74:39:f6:4f:15:3f:fb:aa:e1:df:27: + 65:e2:13:e1:c9:7e:c1:07:83:0a:63:c2:92:e5:c9: + dd:54:ad:70:d8:5d:0e:6e:dc:e4:55:66:dc:00:b4: + 0e:68:b2:92:8a:d9:55:33:34:ee:5d:3f:54:d3:c7: + af:70:14:8b:85:0c:db:71:5e:d5:ea:04:81:e0:69: + e3:94:3b:70:dc:4d:89:1f:fc:58:ac:61:e0:6a:09: + 84:85:87:85:fa:a4:de:de:4b:72:5e:fe:6a:9c:74: + 0f:e5:b5:49:6d:fe:8d:59:01:45:da:92:e0:e9:a7: + b6:27:be:71:c3:a9:90:6c:cb:c8:43:dc:77:6b:a6: + 32:1d:27:51:f6:6e:c1:e2:54:f1:d1:0b:30:d4:2c: + 1f:5a:06:98:07:41:50:53:de:80:fd:4b:f6:12:2a: + e9:f8:6f:c5:5d:b4:d3:b6:bd:7f:8c:ab:5e:c2:14: + 6b:d2:af:1e:e2:35:5a:be:11:4a:0b:41:e6:fc:fc: + 12:aa:d7:ec:37:3b:36:8a:0a:ff:69:9b:52:4c:be: + d8:2c:62:44:fc:9d:40:7d:40:d2:40:44:5a:6e:c0: + 90:62:9a:99:1b:81:3b:2b:69:5b:05:e8:52:1a:a0: + dc:4f:70:3b:64:4d:79:62:91:ab:00:c6:ee:81:89: + 98:84:66:45:49:e1:43:94:23:47:08:4b:18:ee:69: + a0:00:17:23:3c:d0:cb:fa:da:2e:4c:82:bc:73:00: + 7e:51:b2:0f:dc:e5:d8:cc:7a:93:05:e7:87:de:35: + 07:57:f5:20:b9:99:72:29:61:05:5b:b2:6b:31:ad: + 3a:06:48:40:39:ef:0e:b5:bc:99:3e:24:a0:b1:e0: + ec:ce:1c:a2:94:c1:7d:7a:46:f9:ca:25:60:11:14: + d9:d8:fb:50:0e:a9:ab:20:39:af:cb:48:3e:56:b3: + 21:3a:fc:80:97:09:cf:7f:36:91:66:2c:9c:72:8f: + d7:a4:58:4a:d8:6d:d9:67:82:bb:65:7d:6a:de:36: + 6e:8e:85:7d:1b:6f:6c:c7:28:d7:2f:16:ef:32:a7: + d2:91:23:84:04:41:78:86:fe:bb:aa:59:f8:16:9f: + 84:3a:b8:28:7b:d3:b8:79:67:0e:06:c6:ad:9e:8e: + ff:cf:3a:4c:bf:a9:e5:71:cd:50:38:df:08:36:5d: + d9:e6:47 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE - X509v3 Subject Key Identifier: - 4A:D3:EC:63:07:E0:8F:1A:4E:F5:09:43:90:9F:7A:C5:31:D1:8F:D8 - X509v3 Authority Key Identifier: - keyid:8C:7C:E7:D2:76:05:89:71:1A:23:5B:D4:59:B4:51:E2:5C:0A:5C:E8 - DirName:/CN=cassandra - serial:82:9B:01:78:1E:9B:0B:23 - - X509v3 Extended Key Usage: - TLS Web Server Authentication X509v3 Key Usage: Digital Signature, Key Encipherment + X509v3 Subject Alternative Name: + URI:spiffe://test.cassandra.apache.org/cassandra-gocql-driver/integrationTest/cassandra + X509v3 Subject Key Identifier: + 76:65:DA:FD:55:6B:1D:CE:A4:18:14:E7:78:91:76:49:9B:4B:85:F3 + X509v3 Authority Key Identifier: + 91:E4:CD:B1:83:17:E9:5C:10:99:1C:81:83:5A:93:72:1F:36:73:5B Signature Algorithm: sha256WithRSAEncryption - ac:bc:80:82:2d:6d:f1:a0:46:eb:00:05:d2:25:9a:83:66:57: - 40:51:6e:ff:db:e3:28:04:7b:16:63:74:ec:55:a0:c0:5b:47: - 13:e1:5a:a5:6d:22:d0:e5:fe:c1:51:e8:f6:c6:9c:f9:be:b7: - be:82:14:e4:a0:b2:0b:9f:ee:68:bc:ac:17:0d:13:50:c6:9e: - 52:91:8c:a0:98:db:4e:2d:f6:3d:6e:85:0a:bb:b9:dd:01:bf: - ad:52:dd:6e:e4:41:01:a5:93:58:dd:3f:cf:bf:15:e6:25:aa: - a0:4f:98:0d:75:8a:3f:5b:ba:67:37:f6:b1:0b:3f:21:34:97: - 50:9a:85:97:2b:b6:05:41:9a:f3:cf:c4:92:23:06:ab:3e:87: - 98:30:eb:cb:d3:83:ab:04:7d:5c:b9:f0:12:d1:43:b3:c5:7d: - 33:9a:2e:2b:80:3a:66:be:f1:8c:08:37:7a:93:9c:9b:60:60: - 53:71:16:70:86:df:ca:5f:a9:0b:e2:8b:3d:af:02:62:3b:61: - 30:da:53:89:e3:d8:0b:88:04:9a:93:6a:f6:28:f8:dd:0d:8f: - 0c:82:5b:c0:e5:f8:0d:ad:06:76:a7:3b:4b:ae:54:37:25:15: - f5:0c:67:0f:77:c5:c4:97:68:09:c3:02:a7:a0:46:10:1c:d1: - 95:3a:4c:94 + Signature Value: + 5e:65:66:57:68:d5:59:a5:06:7d:d6:39:58:2f:f1:e1:94:45: + ed:b0:35:ee:22:21:8d:69:53:8d:1b:1e:f4:5b:65:61:27:3a: + 51:c6:e8:64:46:93:4d:24:e1:7d:31:78:85:39:b9:3e:04:06: + 31:13:23:4c:43:43:d0:f1:d6:d9:49:5b:23:2e:1e:75:7f:ba: + 91:51:4f:cc:5a:65:9a:b9:f7:7c:0a:81:68:90:ad:56:7f:81: + 90:75:d9:7b:3a:4c:34:12:59:cf:30:30:1d:9f:91:e5:d9:c0: + 2c:8b:7d:30:8e:43:25:94:e2:92:3b:d1:9f:53:e4:7f:b8:3e: + 14:6f:f8:06:d7:e3:ba:27:ec:be:ee:e8:57:50:2f:e9:4a:d2: + 07:e7:90:93:43:94:c3:da:38:a0:03:90:91:eb:ea:93:16:c8: + 8c:4e:7a:41:0c:f1:1e:08:25:f1:95:d7:e1:63:47:71:29:b8: + 1f:2c:1c:24:bc:03:67:87:9c:25:5c:ae:56:6c:97:00:7f:9d: + ad:da:52:3f:ca:86:a0:95:7e:a2:34:97:72:e0:48:b6:96:1e: + a5:49:7a:25:ae:ff:ee:13:46:c4:9d:ec:8c:40:e6:90:65:7e: + 4b:fa:dd:86:d3:c9:09:3f:0c:e9:9b:d4:85:95:8a:e9:de:fe: + 88:63:37:12:11:ef:01:f6:cd:72:37:60:26:d5:99:78:ff:84: + 89:49:20:d9:a6:a1:c5:8f:c2:6f:ac:de:1c:af:e2:c8:c9:54: + b3:2f:ab:41:d2:e8:8a:35:a1:57:3f:65:f9:23:65:20:68:90: + e6:29:e9:48:bd:c0:f4:25:2d:c9:e9:0a:47:6a:5a:7b:26:64: + 8d:72:f9:2d:b1:be:e2:6c:bf:67:45:de:c9:3f:b7:bc:52:e6: + 0b:c3:04:57:0c:a2:d3:55:9d:e2:70:12:09:8d:37:8b:f7:3e: + 73:ac:01:41:f1:ab:1e:5e:bb:a1:37:12:90:a7:d6:ba:86:24: + 03:10:18:fc:e8:c2:46:9f:06:22:b8:b6:87:2c:0a:c8:bf:b2: + c9:c9:13:df:ca:66:66:3e:d5:31:a4:0e:4e:9d:de:54:75:16: + 75:64:e5:fa:af:e3:04:81:5b:51:9a:9c:9c:1d:99:6e:69:6f: + 7e:9d:cf:1c:a5:ed:47:38:26:89:8a:79:63:11:b7:1c:10:c2: + 89:34:26:9a:6c:9a:a2:66:c6:71:29:ab:dd:f3:05:d5:41:ca: + 48:8b:d5:c9:7c:b6:e9:80:15:29:c7:7b:bc:78:4a:52:01:a2: + ce:ab:c4:ea:bb:9b:de:d7:c9:7a:7f:e7:7c:57:1c:e0:74:d6: + 54:c4:e8:9b:cf:55:39:2e -----BEGIN CERTIFICATE----- -MIIDOTCCAiGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwljYXNz -YW5kcmEwHhcNMTQwOTE5MjExODQ4WhcNMjQwOTE2MjExODQ4WjAUMRIwEAYDVQQD -EwljYXNzYW5kcmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlnCCe -3phzREENN0xiw5+HX5tPqs/2kG6l4ImIegDGu9eAh2ku+vA1WYBugiXIs2z2pJeX -k5Pq8HBwpOG3qtrBmWabkwQ6zguDBwYiPabbf2gPSYC9hqi7VG04Xw+w+huXJK7M -nTeYfnbM4xtFGyElFwLAGsX7dsOLk9fFhRQKXKQS5xhpmPV2zXjNmVopZfFoIJfT -vgmzaBvyo6Kac1hTfu2GMqNa1UYD+bO07GNxurv7b/mCY+RVR3p65HsXa9fmzzvJ -qwwwFcntx9b8tnKyFH3H83+K9GNwZI4P2+g6RUfNuXuuyDHBUtE+NBK3c+e6iYaa -Nu2gWmnQ1OO2FoWvAgMBAAGjgZUwgZIwCQYDVR0TBAIwADAdBgNVHQ4EFgQUStPs -YwfgjxpO9QlDkJ96xTHRj9gwRAYDVR0jBD0wO4AUjHzn0nYFiXEaI1vUWbRR4lwK -XOihGKQWMBQxEjAQBgNVBAMTCWNhc3NhbmRyYYIJAIKbAXgemwsjMBMGA1UdJQQM -MAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQsFAAOCAQEArLyA -gi1t8aBG6wAF0iWag2ZXQFFu/9vjKAR7FmN07FWgwFtHE+FapW0i0OX+wVHo9sac -+b63voIU5KCyC5/uaLysFw0TUMaeUpGMoJjbTi32PW6FCru53QG/rVLdbuRBAaWT -WN0/z78V5iWqoE+YDXWKP1u6Zzf2sQs/ITSXUJqFlyu2BUGa88/EkiMGqz6HmDDr -y9ODqwR9XLnwEtFDs8V9M5ouK4A6Zr7xjAg3epOcm2BgU3EWcIbfyl+pC+KLPa8C -YjthMNpTiePYC4gEmpNq9ij43Q2PDIJbwOX4Da0Gdqc7S65UNyUV9QxnD3fFxJdo -CcMCp6BGEBzRlTpMlA== +MIIFbTCCA1WgAwIBAgIUGLtOHL+5RMxYxzalXea3vY6QleowDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAwwCY2EwIBcNMjQwODI5MTU1MTA2WhgPMjEyNDA4MDUxNTUx +MDZaMBQxEjAQBgNVBAMMCWNhc3NhbmRyYTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAORdbZ4coh8AzZ5nJQX5zDiKqP5S5II40PBYDvXBfY8zXLM8fJcQ +er3dO1kaxEBwkUZB+U7QkPW7t58W4W/bM3Q59k8VP/uq4d8nZeIT4cl+wQeDCmPC +kuXJ3VStcNhdDm7c5FVm3AC0DmiykorZVTM07l0/VNPHr3AUi4UM23Fe1eoEgeBp +45Q7cNxNiR/8WKxh4GoJhIWHhfqk3t5Lcl7+apx0D+W1SW3+jVkBRdqS4Omntie+ +ccOpkGzLyEPcd2umMh0nUfZuweJU8dELMNQsH1oGmAdBUFPegP1L9hIq6fhvxV20 +07a9f4yrXsIUa9KvHuI1Wr4RSgtB5vz8EqrX7Dc7NooK/2mbUky+2CxiRPydQH1A +0kBEWm7AkGKamRuBOytpWwXoUhqg3E9wO2RNeWKRqwDG7oGJmIRmRUnhQ5QjRwhL +GO5poAAXIzzQy/raLkyCvHMAflGyD9zl2Mx6kwXnh941B1f1ILmZcilhBVuyazGt +OgZIQDnvDrW8mT4koLHg7M4copTBfXpG+colYBEU2dj7UA6pqyA5r8tIPlazITr8 +gJcJz382kWYsnHKP16RYStht2WeCu2V9at42bo6FfRtvbMco1y8W7zKn0pEjhARB +eIb+u6pZ+BafhDq4KHvTuHlnDgbGrZ6O/886TL+p5XHNUDjfCDZd2eZHAgMBAAGj +gbswgbgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwXgYDVR0RBFcwVYZTc3BpZmZl +Oi8vdGVzdC5jYXNzYW5kcmEuYXBhY2hlLm9yZy9jYXNzYW5kcmEtZ29jcWwtZHJp +dmVyL2ludGVncmF0aW9uVGVzdC9jYXNzYW5kcmEwHQYDVR0OBBYEFHZl2v1Vax3O +pBgU53iRdkmbS4XzMB8GA1UdIwQYMBaAFJHkzbGDF+lcEJkcgYNak3IfNnNbMA0G +CSqGSIb3DQEBCwUAA4ICAQBeZWZXaNVZpQZ91jlYL/HhlEXtsDXuIiGNaVONGx70 +W2VhJzpRxuhkRpNNJOF9MXiFObk+BAYxEyNMQ0PQ8dbZSVsjLh51f7qRUU/MWmWa +ufd8CoFokK1Wf4GQddl7Okw0ElnPMDAdn5Hl2cAsi30wjkMllOKSO9GfU+R/uD4U +b/gG1+O6J+y+7uhXUC/pStIH55CTQ5TD2jigA5CR6+qTFsiMTnpBDPEeCCXxldfh +Y0dxKbgfLBwkvANnh5wlXK5WbJcAf52t2lI/yoaglX6iNJdy4Ei2lh6lSXolrv/u +E0bEneyMQOaQZX5L+t2G08kJPwzpm9SFlYrp3v6IYzcSEe8B9s1yN2Am1Zl4/4SJ +SSDZpqHFj8JvrN4cr+LIyVSzL6tB0uiKNaFXP2X5I2UgaJDmKelIvcD0JS3J6QpH +alp7JmSNcvktsb7ibL9nRd7JP7e8UuYLwwRXDKLTVZ3icBIJjTeL9z5zrAFB8ase +XruhNxKQp9a6hiQDEBj86MJGnwYiuLaHLArIv7LJyRPfymZmPtUxpA5Ond5UdRZ1 +ZOX6r+MEgVtRmpycHZluaW9+nc8cpe1HOCaJinljEbccEMKJNCaabJqiZsZxKavd +8wXVQcpIi9XJfLbpgBUpx3u8eEpSAaLOq8Tqu5ve18l6f+d8VxzgdNZUxOibz1U5 +Lg== -----END CERTIFICATE----- diff --git a/testdata/pki/cassandra.key b/testdata/pki/cassandra.key index 6878e8209..d1691ad3e 100644 --- a/testdata/pki/cassandra.key +++ b/testdata/pki/cassandra.key @@ -1,27 +1,52 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA5Zwgnt6Yc0RBDTdMYsOfh1+bT6rP9pBupeCJiHoAxrvXgIdp -LvrwNVmAboIlyLNs9qSXl5OT6vBwcKTht6rawZlmm5MEOs4LgwcGIj2m239oD0mA -vYaou1RtOF8PsPoblySuzJ03mH52zOMbRRshJRcCwBrF+3bDi5PXxYUUClykEucY -aZj1ds14zZlaKWXxaCCX074Js2gb8qOimnNYU37thjKjWtVGA/mztOxjcbq7+2/5 -gmPkVUd6euR7F2vX5s87yasMMBXJ7cfW/LZyshR9x/N/ivRjcGSOD9voOkVHzbl7 -rsgxwVLRPjQSt3PnuomGmjbtoFpp0NTjthaFrwIDAQABAoIBAQChjdjl73kUoVGk -GuSEGWCFv59nzqfEtJsl23bpr+4b5s8agCxiAe5Bm1fiaXBsZtKkN+rxm8TX6ZUz -rM+ki3KgBW9Mx4SSW6d96dNHBFoC1wJAv1b2A2l1ZVHz9+7ydwgysHzNO1GC2nh8 -cM8fMJeBoU8uG6hx5n5wFvYa5CfVoUQh8+Oq0b+mVxEFKHmRPnWp9/jPzL5eBIdr -ulbDt9S3dKJtouHgHBUNdkq/7Ex3QeHrUOahX6Y4eX1rzLnfLYY+0J4EA2PCKvgQ -bfKCxVnnzL6ywviH8eS3ql6OvTfnbK9kCRw7WxX9CC50qKj3EmwC/51MPhWohWlq -jw3qf38BAoGBAPPNyb3vUiyUqoErZxxIPFc2ob3vCjj06cvi7uKpOgrkdgC3iBhz -aCFQ28r7LrxLAHaKvNvwp71Lc7WYo8WWkLI1DVn0dx+GiQYW3DbNcwZOS40ZQz5L -zsjEcG4+cnZmuqGZBMNvQ+xUjkuucxvxPWKpEKM18GfDjgEkKbmDr+uNAoGBAPEY -kVSfSZGtP0MoXIfRkrxBlhvCj9m+p60P37pyHrJBrlrwvxB7x3Oz8S70D6kV8s2g -vVHgOS3VPj17VaQG8a3jBLKjzp5JLe34G8D1Ny8GqDc2wzOBtZySpJbifXuSUSPk -cqF7yiu1cD/wRPlwyWxBX9ZbaxvxnIUwLLd3ygkrAoGBAKQaw42uVkCdvPr/DQOT -d9I4erxO9zGJYQmU8bjtsZz9VJR89QWIQPIT7C3/zuB9F42zKxZcMXwQGo2EddAc -3b6mSRtgmwJEW10W7BmTRrZa4y3RcFqxSjoHR6pdLEyYL01woy0taqnb7H/yp5aK -VghfxkwllXEyxxXrko5FnpdNAoGBANeJLBunz2BxrnW+doJhZDnytFya4nk6TbKU -12FaNoEL4PCh+12kGtogSwS74eg6m/citT2mI9gKpHrYcOaT4qmeo4uEj+nH6Eyv -Gzi0wCHFZMr/pSC92/teyc+uKZo4Y1ugFq6w+Tt8GB7BERiisR+bji8XSTkRFemn -+MIIUFFDAoGAM8Va2Q5aTUkfg2mYlNLqT2tUAXVEhbmzjPA6laSo25PQEYWmX7vj -hiU0DPCDJQ/PlPI23xYtDDLNk83Zbx+Oj29GO5pawJY9NvFI8n60EFXfLbP1nEdG -j077QZNZOKfcgJirWi3+RrHSAK4tFftCe7rkV8ZmlMRBY3SDxzKOGcc= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDkXW2eHKIfAM2e +ZyUF+cw4iqj+UuSCONDwWA71wX2PM1yzPHyXEHq93TtZGsRAcJFGQflO0JD1u7ef +FuFv2zN0OfZPFT/7quHfJ2XiE+HJfsEHgwpjwpLlyd1UrXDYXQ5u3ORVZtwAtA5o +spKK2VUzNO5dP1TTx69wFIuFDNtxXtXqBIHgaeOUO3DcTYkf/FisYeBqCYSFh4X6 +pN7eS3Je/mqcdA/ltUlt/o1ZAUXakuDpp7YnvnHDqZBsy8hD3HdrpjIdJ1H2bsHi +VPHRCzDULB9aBpgHQVBT3oD9S/YSKun4b8VdtNO2vX+Mq17CFGvSrx7iNVq+EUoL +Qeb8/BKq1+w3OzaKCv9pm1JMvtgsYkT8nUB9QNJARFpuwJBimpkbgTsraVsF6FIa +oNxPcDtkTXlikasAxu6BiZiEZkVJ4UOUI0cISxjuaaAAFyM80Mv62i5MgrxzAH5R +sg/c5djMepMF54feNQdX9SC5mXIpYQVbsmsxrToGSEA57w61vJk+JKCx4OzOHKKU +wX16RvnKJWARFNnY+1AOqasgOa/LSD5WsyE6/ICXCc9/NpFmLJxyj9ekWErYbdln +grtlfWreNm6OhX0bb2zHKNcvFu8yp9KRI4QEQXiG/ruqWfgWn4Q6uCh707h5Zw4G +xq2ejv/POky/qeVxzVA43wg2XdnmRwIDAQABAoICAHH/4dToXlYzxHGq8+SDytr+ +/VXYc5I+Yq9Yhj9QlCmEbmZbb6bJ5zwY0KOupQG2MA9up9IcdAD38LZOacO5HXqL +5NWdug8cQx1vQYEWg8RermXdmLYsT8C+gOrgmlCoQ6g8RRANBQ6k0/yYCGegDtQ9 +PDD4iJQgPwgoeW21+WYi/Y6RKXSp5537/l87pZR+GJYVVj4Y+jreaJey7j7yUunw +/6+SkM0PLtTmGhGwfPqcEAMUYe59N7WBVEO7hwG5cTQgByxekKAAsnEWDpFYkMua +Kxx55jLY/AyiKqpH3VM8cQhAY7pfpsC24JGMiwU/xIOsQDKUh/QSFXCBOZpZC8ej +5/0LGgqMPu+L/1TVfWtWIXnDhTgD7b7gr6uXsEF0kZY7pcbNAh6NNgZN9Y/1Q690 +BhV3xs8eKc5p2fP6DMG5yw1T7crOsuVzXwYotwfrkmro1neEPKPVUVyj4mYwFPi2 +Gx0L5yVmEKbgBgHIfPedh7BgaaP32/25K65Mx5RUZhwqgduwpfCs6+0NMryVzAHh +2d9/BFiWRveU1uabBlF6BMvNKRYVHfaid2Ify+Rkx1ZLKvW6Km8PJZNWC+BZNbKm +hJow4eEqkes1XcB0GJJP8lfv4F5+w/j1P6QUN3gZONxjc4DHc4q57yFRy87wjIsW +beja0CHde26On+DjXzuBAoIBAQD6/aeGTOcKys6Kwnbn8j1mSQFApvWvpSWUKxrr +KFkdKXL/Xhz4UBbmBA9fwC1CLSMJSaDru+dXIbMJQU3Ceo5hb1cX10Bs1by2z5x7 +ibRd75RonrlxkgPtL7DI6MPTDHiaAV9Zwm8bYfei049AJ5CqKx+SmAqhYo2JX5j+ +yiyhQK0I6bJBgFDYgCrcBDtYPIvNTq1qcUhvd8CynoM9DemZxyEzkVaD4CQ6N3xH +lIUifwUW3ewnWw38n6IZYMZA6MtUB7XaG3JvEbHSSFlzq9qnUfTVk9x08wF6iLfC +2+gt2+P/m8/9FPik2kW5xRktvXB16fE66ApYXUdsA5XkxW83AoIBAQDo7CzWkSO/ +74dqtrP3fqtha5DnW+95F8xrhlaf0pJ7cMNaTPcB8/aOte5tbmfErCf6fr7BCY5l +XrigI2Xu/9GDrD6OFp4sV4GmworsF9p+/KaVG0MbRjo56+zlh4wckfqWI8ObiqSc +9p9ymIVZRRZE3VGQVNL2rvUfFOc754EYImH3VCsUEJ1LbCvqC4bK3XwVbs7sM5vT +Li0iGSMvTJ4KT/nrcfHRpIT2G584Ho5XLUXD1Z+8wESvueR+vOJdm212xJ1YT8Wj +FwYhz3xDQkrCFfEz/QBGMgQlMygFGcTVXu2tQExZ8DOP45n7LxCRFtXOzQsGKNe/ +VpHYEM5lPClxAoIBAHml/1AkbcbZTQoL/r2ktwWgVK8VPPcIwBH0YnOfdrGfqVEE +OF5R0wdg6GKsLkNoxRZ3TTt0M0gT2UafFCUyaVfoMvonJd6aKYEhVuK5d2Yf/HpI +k/DrqGOJPdHinybnYHykNaa3ikpnTTLp/wBFLOSNShwu/NgDgD4Yy3qSWtc9FaDA +Q9lja8vDMwK4Olsl3UyA2aRBi64bCJaKJWmuGI6j6P+pbZk1RdnBksbOwUha8AiJ +PzBD/Z93b4WFVhGXwxTTN9yiePBETz9wOYrKvItkOZpas/sq3IibQxV6qCmx7eux +hTlQtMKR2EGVugJlUuCTpou6c2korLk5c6kR2DkCggEBAL+ILhrGwNH84qry0CxN +Yho6/K3zIIm/8x3cGvFTk5akFE/2CAv4FCAoJIaiCfxk4H8QqEVOWWSsLj+ovBJ7 +FEslYU8v9CNcVcXOJbScrNRNZ6InB9iuuASXJ3dbLfD0bU323MvThyd3eYgfOVA+ +CmDYaVC5H70wA2rqonbVGIfDBjH+aWoXe3Dg43+SuOWqmXV6Z/c9PP678useJpun +cjHisA1W5lXQ5nEGJ7hbEAtJtBukV7U7mX+y6dz5716wB6Rpa0WKW2eP8D/vQSyB +n73Xkz9/5TDTwirg1SDUntIiPGmB/QbcCVph+2Xcvs/AKlLisxT+kuLJCibVMxN2 +FFECggEAfbOg87nLfqqIVf1bmCwP/DO4QAF4Lsh9nAf+QKmgYGWOGyf53Vj000OZ +cclGDuES+DjtZ53/8st3pyWjFUfflKPHFZePTlbl0ZaLHroT//dvr2ZVrKR5fyXn +4D3iiCHNTGyHQMdEgpndN+t3WkkqDVf1NMcCkCOgPVyjeij2ssUppppQbRH+yiGZ +8KKVsJIBpg/dXpyokaU+giRwKiH/eoEGsRA1UUc1OUVMvtlYcfivx0gqRzVNDbG5 +OWRV24QWXzRWNwlRiuLlRy3I16+GDAjj8WvvgmZPJnTAb8o4GdZsQIilfULjKuO3 +hXMGqXxc01tMXzm4vMCgW5HUpyQ8qQ== +-----END PRIVATE KEY----- diff --git a/testdata/pki/generate_certs.sh b/testdata/pki/generate_certs.sh new file mode 100644 index 000000000..ba06bb995 --- /dev/null +++ b/testdata/pki/generate_certs.sh @@ -0,0 +1,98 @@ +#! /bin/bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# This script generates the various certificates used for integration +# tests. All certificates are created with a validity of 3650 days, +# or 10 years. Therefore, this only needs to be used sparingly, +# although could eventually be repurposed to regenerate certificates +# as part of setting up the integration test harness. + +set -eux + +# How long certificates should be considered valid, 100 years +VALIDITY=36500 + +# Generate 4096-bit unencrypted RSA private key using aes256 +function generatePrivateKey() { + base=$1 + rm -fv ${base}.key + echo "Generating private key ${base}.key" + # Generate Private Key + openssl genrsa -aes256 -out ${base}.key -passout pass:cassandra 4096 + echo "Decrypting ${base}.key" + # Decrypt Private Key + openssl rsa -in ${base}.key -out ${base}.key -passin pass:cassandra +} + +# Generate a X509 Certificate signed by the generated CA +function generateCASignedCert() { + base=$1 + rm -fv ${base}.csr ${base}.crt + # Generate Certificate Signing Request + echo "Generating certificate signing request ${base}.csr" + openssl req -new -key ${base}.key -out ${base}.csr -config ${base}.cnf + # Generate Certificate using CA + echo "Generating certificate ${base}.crt" + openssl x509 -req -in ${base}.csr -CA ca.crt -CAkey ca.key \ + -CAcreateserial -out ${base}.crt -days $VALIDITY \ + -extensions req_ext -extfile ${base}.cnf -text + rm -fv ${base}.csr +} + +# CA +# Generate CA that signs both gocql and cassandra certs +generatePrivateKey ca +# Generate CA Certificate +echo "Generating CA certificate ca.crt" +rm -fv ca.crt +openssl req -x509 -new -nodes -key ca.key -days $VALIDITY \ + -out ca.crt -config ca.cnf -text + +# Import CA certificate into JKS truststore so it can be used by Cassandra. +echo "Generating truststore .truststore for Cassandra" +rm -fv .truststore +keytool -import -keystore .truststore -trustcacerts \ + -file ca.crt -alias ca -storetype JKS \ + -storepass cassandra -noprompt + +# GoCQL +# Generate CA-signed certificate for GoCQL client for integration tests +generatePrivateKey gocql +generateCASignedCert gocql + +# Cassandra +# Generate CA-signed certificate for Cassandra +generatePrivateKey cassandra +generateCASignedCert cassandra + +# Import cassandra private key and certificate into a PKCS12 keystore +# and to a JKS keystore so it can be used by cassandra. +echo "Generating cassandra.p12 and .keystore for Cassandra" +rm -fv cassandra.p12 +openssl pkcs12 -export -in cassandra.crt -inkey cassandra.key \ + -out cassandra.p12 -name cassandra \ + -CAfile ca.crt -caname ca \ + -password pass:cassandra \ + -noiter -nomaciter + +rm -fv .keystore +keytool -importkeystore -srckeystore cassandra.p12 -srcstoretype PKCS12 \ + -srcstorepass cassandra -srcalias cassandra \ + -destkeystore .keystore -deststoretype JKS \ + -deststorepass cassandra -destalias cassandra diff --git a/testdata/pki/gocql.cnf b/testdata/pki/gocql.cnf new file mode 100644 index 000000000..76ccbe5a0 --- /dev/null +++ b/testdata/pki/gocql.cnf @@ -0,0 +1,16 @@ +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +distinguished_name = dn + +[dn] +CN = gocql + +[req_ext] +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +subjectAltName = @alt_names + +[alt_names] +URI = spiffe://test.cassandra.apache.org/cassandra-gocql-driver/integrationTest/gocql diff --git a/testdata/pki/gocql.crt b/testdata/pki/gocql.crt index 22bf19f56..8e43ad02a 100644 --- a/testdata/pki/gocql.crt +++ b/testdata/pki/gocql.crt @@ -1,83 +1,124 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 1 (0x1) + Serial Number: + 18:bb:4e:1c:bf:b9:44:cc:58:c7:36:a5:5d:e6:b7:bd:8e:90:95:e9 Signature Algorithm: sha256WithRSAEncryption - Issuer: CN=cassandra + Issuer: CN=ca Validity - Not Before: Sep 19 21:18:33 2014 GMT - Not After : Sep 16 21:18:33 2024 GMT + Not Before: Aug 29 15:51:06 2024 GMT + Not After : Aug 5 15:51:06 2124 GMT Subject: CN=gocql Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:ae:e9:fa:9e:fd:e2:69:85:1d:08:0f:35:68:bc: - 63:7b:92:50:7f:73:50:fc:42:43:35:06:b3:5c:9e: - 27:1e:16:05:69:ec:88:d5:9c:4f:ef:e8:13:69:7a: - b5:b3:7f:66:6d:14:00:2e:d6:af:5b:ff:2c:90:91: - a6:11:07:72:5e:b0:37:c0:6d:ff:7b:76:2b:fe:de: - 4c:d2:8d:ce:43:3b:1a:c4:1d:de:b6:d8:26:08:25: - 89:59:a1:4b:94:a3:57:9e:19:46:28:6e:97:11:7c: - e6:b7:41:96:8f:42:dd:66:da:86:d2:53:dd:d8:f5: - 20:cd:24:8b:0f:ab:df:c4:10:b2:64:20:1d:e0:0f: - f4:2d:f6:ca:94:be:83:ac:3e:a8:4a:77:b6:08:97: - 3a:7e:7b:e0:3e:ab:68:cf:ee:f6:a1:8e:bf:ec:be: - 06:d1:ad:6c:ed:4f:35:d1:04:97:08:33:b1:65:5b: - 61:32:8d:4b:f0:30:35:4b:8b:6b:06:f2:1a:72:8c: - 69:bd:f3:b2:c4:a4:a4:70:45:e3:67:a2:7a:9f:2e: - cb:28:2d:9f:68:03:f1:c7:d9:4f:83:c9:3d:8c:34: - 04:0a:3b:13:87:92:e1:f7:e3:79:7e:ab:c0:25:b1: - e5:38:09:44:3e:31:df:12:d4:dc:7b:0e:35:bf:ee: - 25:5f + Public-Key: (4096 bit) + Modulus: + 00:b1:23:d0:d4:e6:23:b1:9e:6c:15:29:50:10:6e: + af:7e:06:c8:63:26:b9:bc:7a:48:a4:81:06:2d:b0: + 5c:0d:33:66:de:1f:6f:9b:3c:98:48:96:32:36:25: + c6:08:a6:11:1b:97:5a:5b:7a:ee:ee:8c:cf:2b:11: + 2d:ac:17:99:52:7d:90:d4:da:e5:24:c2:a8:64:c0: + 79:0d:70:3a:da:6c:be:24:a6:96:1c:aa:5a:3b:7a: + c3:a6:1a:92:dd:a4:95:9c:45:05:10:d5:42:89:c6: + 94:0b:d5:9f:53:de:32:5f:41:e0:1f:87:3a:90:f1: + e0:bd:5a:e3:09:82:97:d8:75:86:6f:18:15:06:48: + 33:fa:f1:7a:82:cf:13:97:8c:a1:72:98:5a:81:73: + 54:e1:df:72:7f:49:82:e0:ab:29:27:2a:02:be:23: + 0a:f7:13:84:2f:97:68:7e:10:7e:8a:fc:1e:c0:3e: + a9:20:2f:02:f1:6f:6e:cd:1f:31:d9:c1:55:fe:1a: + 8c:23:b4:53:91:05:c8:bf:6e:c2:9a:c2:be:c8:d5: + cc:2c:36:c6:80:b0:fd:0b:88:c7:e4:db:7d:17:ff: + 71:b0:f0:b2:04:57:ab:e5:04:9c:86:8e:e6:e6:7f: + 07:41:44:91:4d:bb:d2:d7:1a:65:11:4f:68:99:11: + b9:58:98:99:0e:82:94:a4:32:99:f6:ad:43:83:dc: + 89:74:14:42:b5:0d:db:8e:17:93:01:c0:cc:c4:cd: + f1:cf:59:3c:05:89:7b:04:e9:5f:88:90:ad:52:01: + 04:4e:b4:ed:76:f4:0c:00:bd:62:ed:75:95:a9:d1: + 42:e4:aa:97:cd:4b:3c:5d:69:78:a0:f4:0f:37:68: + 52:56:9f:bc:d5:33:a7:52:e3:db:70:15:d6:06:8c: + 60:99:c5:44:16:91:25:33:8f:96:e1:dd:81:1c:63: + 12:e0:35:54:42:03:d9:be:89:2b:97:5d:75:9f:7d: + 13:ef:c8:86:fb:d6:52:7d:86:04:df:89:48:f7:0b: + 3a:0b:4a:d4:c0:4b:52:56:94:81:74:47:32:83:27: + d2:a6:ac:fa:f9:46:d5:a1:81:25:45:88:6e:72:44: + eb:69:a1:f0:60:11:f3:90:63:cb:c4:ce:76:da:a3: + c1:00:51:2f:2f:70:c3:c6:e2:8d:6d:ea:a9:75:56: + 8b:ba:c5:34:7a:94:a1:2d:d9:fb:17:3f:82:d4:b8: + bc:6c:6a:5f:ab:76:b1:eb:32:b2:fa:16:f3:14:a7: + bb:4c:b9:be:80:8b:c3:92:a7:b1:5f:a0:f3:5b:8d: + f7:b9:54:df:04:66:5a:43:eb:0e:1e:3b:a7:f1:95: + df:3b:f1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Subject Alternative Name: + URI:spiffe://test.cassandra.apache.org/cassandra-gocql-driver/integrationTest/gocql X509v3 Subject Key Identifier: - 9F:F1:B2:C4:82:34:D0:2F:FF:E9:7F:19:F1:3B:51:57:BF:E8:95:BB + C1:76:E6:E4:22:F4:9C:8A:26:8C:28:62:F9:18:25:2A:53:92:57:45 X509v3 Authority Key Identifier: - keyid:8C:7C:E7:D2:76:05:89:71:1A:23:5B:D4:59:B4:51:E2:5C:0A:5C:E8 - DirName:/CN=cassandra - serial:82:9B:01:78:1E:9B:0B:23 - - X509v3 Extended Key Usage: - TLS Web Client Authentication - X509v3 Key Usage: - Digital Signature + 91:E4:CD:B1:83:17:E9:5C:10:99:1C:81:83:5A:93:72:1F:36:73:5B Signature Algorithm: sha256WithRSAEncryption - 12:aa:1b:a6:58:27:52:32:c9:46:19:32:d3:69:ae:95:ad:23: - 55:ad:12:65:da:2c:4c:72:f3:29:bd:2b:5a:97:3b:b7:68:8b: - 68:80:77:55:e6:32:81:f1:f5:20:54:ba:0e:2b:86:90:d8:44: - cf:f2:9f:ec:4d:39:67:4e:36:6c:9b:49:4a:80:e6:c1:ed:a4: - 41:39:19:16:d2:88:df:17:0c:46:5a:b9:88:53:f5:67:19:f0: - 1f:9a:51:40:1b:40:12:bc:57:db:de:dd:d3:f5:a8:93:68:30: - ac:ba:4e:ee:6b:af:f8:13:3d:11:1a:fa:90:93:d0:68:ce:77: - 5f:85:8b:a4:95:2a:4c:25:7b:53:9c:44:43:b1:d9:fe:0c:83: - b8:19:2a:88:cc:d8:d1:d9:b3:04:eb:45:9b:30:5e:cb:61:e0: - e1:88:23:9c:b0:34:79:62:82:0d:f8:10:ed:96:bb:a0:fd:0d: - 02:cb:c5:d3:47:1f:35:a7:e3:39:31:56:d5:b3:eb:2f:93:8f: - 18:b4:b7:3c:00:03:a7:b4:1c:17:72:91:7e:b6:f6:36:17:3d: - f6:54:3b:87:84:d1:9b:43:d1:88:42:64:20:7a:e3:cc:f7:05: - 98:0e:1c:51:da:20:b7:9b:49:88:e8:c6:e1:de:0d:f5:56:4f: - 79:41:d0:7f + Signature Value: + 4b:37:dc:28:e6:bd:58:6c:a0:99:8a:26:c9:07:c1:89:b8:57: + 38:cc:32:e8:c4:61:84:97:f5:5e:7e:46:ed:91:13:ca:ae:18: + d0:74:ff:ee:a3:d2:81:b7:65:6f:d4:65:fa:cd:ba:96:dc:6f: + e9:a8:0f:8f:62:65:2c:d1:14:3b:10:57:43:a2:ad:4d:28:0f: + f3:1b:cb:57:ba:e5:1f:bf:6c:f8:f4:41:8c:b0:d4:e1:89:e2: + 3a:f1:e8:b3:6b:67:07:82:d2:5a:de:fd:af:69:03:b2:c5:e9: + c0:c8:fa:39:ff:6e:ca:5e:37:17:8c:32:0f:03:11:7b:2e:be: + c8:90:1a:48:bf:d2:8f:1a:f4:2f:03:2f:4d:5d:5b:58:20:df: + 0e:93:44:95:10:6a:0a:c5:d5:6a:6d:9c:b8:ee:a4:d2:3c:2f: + 79:d3:3e:d7:74:e1:c4:0b:74:5e:fb:00:b1:34:75:3d:da:ec: + f2:9e:88:b9:77:30:1c:2d:17:a5:36:0e:7b:75:d0:80:c6:bd: + 8b:fb:05:b6:ed:7c:1a:2e:06:a1:e2:e6:bd:a4:da:79:ec:3f: + fc:17:43:6b:30:96:e7:a5:c9:c8:fd:6a:eb:89:af:e6:37:40: + 17:10:dc:7c:09:b0:53:88:34:f0:22:49:8e:47:43:0d:25:2d: + 3a:b6:98:bd:f7:dc:3c:0b:fa:38:93:6f:84:f9:bf:04:cd:93: + 6b:b9:30:32:22:cc:43:3f:6a:96:ff:73:2f:c7:62:d9:48:5f: + 08:22:e4:97:ed:fc:53:6a:7d:b1:d5:e6:3c:70:ea:5d:e3:70: + fc:71:9f:8a:9f:78:86:6a:f5:bf:dd:41:fb:08:16:af:6e:0e: + 9a:1d:c3:62:2f:2f:33:5a:a9:92:60:0b:05:26:c6:87:3a:7c: + fe:88:e8:92:9f:46:d3:ee:fe:23:7c:b0:9e:e6:97:0d:a9:95: + ff:34:a4:b6:7b:00:8b:e4:47:9c:8f:04:a3:9d:e4:4f:86:7b: + d3:c9:2e:b8:02:04:16:99:e1:2e:0e:91:f3:c7:da:d9:dc:1c: + 4b:15:6c:7d:c6:2a:00:6e:0b:4f:14:37:9f:bb:ad:ef:cd:b8: + 1c:60:25:06:58:40:b2:60:0f:5e:50:c1:cb:03:93:b5:66:d4: + 3b:77:38:2b:b5:53:a0:ad:e9:e9:a6:25:18:69:f2:23:a0:74: + e7:d3:db:81:28:e7:26:50:a6:be:ee:67:29:3e:79:4d:f4:71: + f0:c0:c5:d3:e6:cb:c5:1d:26:45:b9:9f:6a:b3:30:dd:ec:7e: + 00:d3:ac:a1:2d:81:95:2f:29:46:b7:20:17:01:c6:b4:d2:0e: + 1d:9a:fc:b2:46:94:f8:6d -----BEGIN CERTIFICATE----- -MIIDNTCCAh2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDEwljYXNz -YW5kcmEwHhcNMTQwOTE5MjExODMzWhcNMjQwOTE2MjExODMzWjAQMQ4wDAYDVQQD -EwVnb2NxbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK7p+p794mmF -HQgPNWi8Y3uSUH9zUPxCQzUGs1yeJx4WBWnsiNWcT+/oE2l6tbN/Zm0UAC7Wr1v/ -LJCRphEHcl6wN8Bt/3t2K/7eTNKNzkM7GsQd3rbYJggliVmhS5SjV54ZRihulxF8 -5rdBlo9C3WbahtJT3dj1IM0kiw+r38QQsmQgHeAP9C32ypS+g6w+qEp3tgiXOn57 -4D6raM/u9qGOv+y+BtGtbO1PNdEElwgzsWVbYTKNS/AwNUuLawbyGnKMab3zssSk -pHBF42eiep8uyygtn2gD8cfZT4PJPYw0BAo7E4eS4ffjeX6rwCWx5TgJRD4x3xLU -3HsONb/uJV8CAwEAAaOBlTCBkjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSf8bLEgjTQ -L//pfxnxO1FXv+iVuzBEBgNVHSMEPTA7gBSMfOfSdgWJcRojW9RZtFHiXApc6KEY -pBYwFDESMBAGA1UEAxMJY2Fzc2FuZHJhggkAgpsBeB6bCyMwEwYDVR0lBAwwCgYI -KwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQASqhumWCdS -MslGGTLTaa6VrSNVrRJl2ixMcvMpvStalzu3aItogHdV5jKB8fUgVLoOK4aQ2ETP -8p/sTTlnTjZsm0lKgObB7aRBORkW0ojfFwxGWrmIU/VnGfAfmlFAG0ASvFfb3t3T -9aiTaDCsuk7ua6/4Ez0RGvqQk9BozndfhYuklSpMJXtTnERDsdn+DIO4GSqIzNjR -2bME60WbMF7LYeDhiCOcsDR5YoIN+BDtlrug/Q0Cy8XTRx81p+M5MVbVs+svk48Y -tLc8AAOntBwXcpF+tvY2Fz32VDuHhNGbQ9GIQmQgeuPM9wWYDhxR2iC3m0mI6Mbh -3g31Vk95QdB/ +MIIFZTCCA02gAwIBAgIUGLtOHL+5RMxYxzalXea3vY6QlekwDQYJKoZIhvcNAQEL +BQAwDTELMAkGA1UEAwwCY2EwIBcNMjQwODI5MTU1MTA2WhgPMjEyNDA4MDUxNTUx +MDZaMBAxDjAMBgNVBAMMBWdvY3FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAsSPQ1OYjsZ5sFSlQEG6vfgbIYya5vHpIpIEGLbBcDTNm3h9vmzyYSJYy +NiXGCKYRG5daW3ru7ozPKxEtrBeZUn2Q1NrlJMKoZMB5DXA62my+JKaWHKpaO3rD +phqS3aSVnEUFENVCicaUC9WfU94yX0HgH4c6kPHgvVrjCYKX2HWGbxgVBkgz+vF6 +gs8Tl4yhcphagXNU4d9yf0mC4KspJyoCviMK9xOEL5dofhB+ivwewD6pIC8C8W9u +zR8x2cFV/hqMI7RTkQXIv27CmsK+yNXMLDbGgLD9C4jH5Nt9F/9xsPCyBFer5QSc +ho7m5n8HQUSRTbvS1xplEU9omRG5WJiZDoKUpDKZ9q1Dg9yJdBRCtQ3bjheTAcDM +xM3xz1k8BYl7BOlfiJCtUgEETrTtdvQMAL1i7XWVqdFC5KqXzUs8XWl4oPQPN2hS +Vp+81TOnUuPbcBXWBoxgmcVEFpElM4+W4d2BHGMS4DVUQgPZvokrl111n30T78iG ++9ZSfYYE34lI9ws6C0rUwEtSVpSBdEcygyfSpqz6+UbVoYElRYhuckTraaHwYBHz +kGPLxM522qPBAFEvL3DDxuKNbeqpdVaLusU0epShLdn7Fz+C1Li8bGpfq3ax6zKy ++hbzFKe7TLm+gIvDkqexX6DzW433uVTfBGZaQ+sOHjun8ZXfO/ECAwEAAaOBtzCB +tDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBaBgNVHREEUzBRhk9zcGlmZmU6Ly90 +ZXN0LmNhc3NhbmRyYS5hcGFjaGUub3JnL2Nhc3NhbmRyYS1nb2NxbC1kcml2ZXIv +aW50ZWdyYXRpb25UZXN0L2dvY3FsMB0GA1UdDgQWBBTBdubkIvSciiaMKGL5GCUq +U5JXRTAfBgNVHSMEGDAWgBSR5M2xgxfpXBCZHIGDWpNyHzZzWzANBgkqhkiG9w0B +AQsFAAOCAgEASzfcKOa9WGygmYomyQfBibhXOMwy6MRhhJf1Xn5G7ZETyq4Y0HT/ +7qPSgbdlb9Rl+s26ltxv6agPj2JlLNEUOxBXQ6KtTSgP8xvLV7rlH79s+PRBjLDU +4YniOvHos2tnB4LSWt79r2kDssXpwMj6Of9uyl43F4wyDwMRey6+yJAaSL/Sjxr0 +LwMvTV1bWCDfDpNElRBqCsXVam2cuO6k0jwvedM+13ThxAt0XvsAsTR1Pdrs8p6I +uXcwHC0XpTYOe3XQgMa9i/sFtu18Gi4GoeLmvaTaeew//BdDazCW56XJyP1q64mv +5jdAFxDcfAmwU4g08CJJjkdDDSUtOraYvffcPAv6OJNvhPm/BM2Ta7kwMiLMQz9q +lv9zL8di2UhfCCLkl+38U2p9sdXmPHDqXeNw/HGfip94hmr1v91B+wgWr24Omh3D +Yi8vM1qpkmALBSbGhzp8/ojokp9G0+7+I3ywnuaXDamV/zSktnsAi+RHnI8Eo53k +T4Z708kuuAIEFpnhLg6R88fa2dwcSxVsfcYqAG4LTxQ3n7ut7824HGAlBlhAsmAP +XlDBywOTtWbUO3c4K7VToK3p6aYlGGnyI6B059PbgSjnJlCmvu5nKT55TfRx8MDF +0+bLxR0mRbmfarMw3ex+ANOsoS2BlS8pRrcgFwHGtNIOHZr8skaU+G0= -----END CERTIFICATE----- diff --git a/testdata/pki/gocql.key b/testdata/pki/gocql.key index 0d701f43e..6dc823712 100644 --- a/testdata/pki/gocql.key +++ b/testdata/pki/gocql.key @@ -1,27 +1,52 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEArun6nv3iaYUdCA81aLxje5JQf3NQ/EJDNQazXJ4nHhYFaeyI -1ZxP7+gTaXq1s39mbRQALtavW/8skJGmEQdyXrA3wG3/e3Yr/t5M0o3OQzsaxB3e -ttgmCCWJWaFLlKNXnhlGKG6XEXzmt0GWj0LdZtqG0lPd2PUgzSSLD6vfxBCyZCAd -4A/0LfbKlL6DrD6oSne2CJc6fnvgPqtoz+72oY6/7L4G0a1s7U810QSXCDOxZVth -Mo1L8DA1S4trBvIacoxpvfOyxKSkcEXjZ6J6ny7LKC2faAPxx9lPg8k9jDQECjsT -h5Lh9+N5fqvAJbHlOAlEPjHfEtTcew41v+4lXwIDAQABAoIBAQCCP9XSwzfwX6Fo -uPqKjY5/HEs5PQPXdPha6ixyEYsLilZptCuI9adI/MZHy4q2qW36V+Ry/IcEuJXU -6cCB+cue2xYJA2A17Z+BYMRQHiy0P7UEyUFpYrefZWRMDCIeAyxhnGxz+zYfXaTo -Xbzh3WbFCoFO6gjPYGoWmNm8x74PXyunNaMa/gWFECX5MMBXoOk5xSFGbHzI2Cds -iT7sdCQJVbBs7yidYwNqPWQuOwrskFinPIFSc7bZ0Sx9wO3XTIrQFCE94v/AN6yR -9Q37ida54g5tgtoeg/5EGsUM++i4wqJVoT3tWUHv1jBozO4Lm65uWR/1HcrusVnr -x0TM9SaBAoGBAOMeaZdUrCJXnIiSoqCGDvZmylTAeOo6n2RAiviOYxVB4GP/SSjh -8VeddFhYT1GCmZ+YjIXnRWK+dSqVukzCuf5xW5mWY7PDNGZe2P6O78lXnY4cb8Nc -Uo9/S2aPnNmNHL2TYVBYUiZj+t2azIQEFvRth4Vu/AHRUG41/USxpwm/AoGBAMUo -GX0xgSFAVpHnTLdzWrHNRrzHgYN8ywPKFgNOASvdgW0BFoqXEvVGc1Ak6uW82m1/ -L9ChOzWjCY7CoT+LPmdUVyGT9/UAPtWeLfo8Owl4tG91jQjePmJFvLoXErryCFRt -SOOvCsTTTq2gN3PREHxY3dj2kJqaCBLCEzx3cYxhAoGBAIUxdrc6/t/9BV3KsPj2 -5Zt3WL0vSzoCOyut9lIiHtV+lrvOIPeK2eCKBIsy7wFcV/+SlQaKRNTN4SSiPml5 -4V3o2NFPsxTfK8HFafiPluw7J7kJ0Dl/0SM6gduZ6WBkMzCyV+WohjTheWOwvrPF -OjkKaunD1qKyQDsCCo/Yp589AoGAdKgnfNZf68bf8nEECcBtt6sY4fbCgYTDszhO -EiKDuurT/CWaquJ9SzgmXxOZEdrO+9838aCVIkWYECrFso23nPhgnfOp0gQVKdzw -o5Ij9JTBXvoVO1wVWZyd8RZZ9Nflad9IM8CNBK1rbnzQkuzvbkQ+8HPkWDYv9Ll1 -HGAohcECgYBQeirIumumj1B17WD/KmNe0U0qCHHp+oSW4W2r7pjlEVZzeQmggX4O -anbEngyQaZKeUiUOj9snBDmzLv7S+j5p7Us4d1fbp70sCKuK6tcAnROU8gK8IGiI -I01ypD8Z1Mb556qek56eRWlr71sy6wI1lbQa856cUBvePajUOKsKsw== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCxI9DU5iOxnmwV +KVAQbq9+BshjJrm8ekikgQYtsFwNM2beH2+bPJhIljI2JcYIphEbl1pbeu7ujM8r +ES2sF5lSfZDU2uUkwqhkwHkNcDrabL4kppYcqlo7esOmGpLdpJWcRQUQ1UKJxpQL +1Z9T3jJfQeAfhzqQ8eC9WuMJgpfYdYZvGBUGSDP68XqCzxOXjKFymFqBc1Th33J/ +SYLgqyknKgK+Iwr3E4Qvl2h+EH6K/B7APqkgLwLxb27NHzHZwVX+GowjtFORBci/ +bsKawr7I1cwsNsaAsP0LiMfk230X/3Gw8LIEV6vlBJyGjubmfwdBRJFNu9LXGmUR +T2iZEblYmJkOgpSkMpn2rUOD3Il0FEK1DduOF5MBwMzEzfHPWTwFiXsE6V+IkK1S +AQROtO129AwAvWLtdZWp0ULkqpfNSzxdaXig9A83aFJWn7zVM6dS49twFdYGjGCZ +xUQWkSUzj5bh3YEcYxLgNVRCA9m+iSuXXXWffRPvyIb71lJ9hgTfiUj3CzoLStTA +S1JWlIF0RzKDJ9KmrPr5RtWhgSVFiG5yROtpofBgEfOQY8vEznbao8EAUS8vcMPG +4o1t6ql1Vou6xTR6lKEt2fsXP4LUuLxsal+rdrHrMrL6FvMUp7tMub6Ai8OSp7Ff +oPNbjfe5VN8EZlpD6w4eO6fxld878QIDAQABAoICACGpGiZSoya94XD1/EJbHhr3 +I/3/Xl0L6aDk6a0l7aAOi/YaiCU6Ev/8FoeGjwaWs/qHvMJUbnHDLRzUc1bX1yk/ +NhXUkKV3HfOjRX2BvZVDA7DIPQ8uad4SmnoGY7EddNaQoQFNXQr8QqarDc8skmra +hEHJex4O8HNbAXiNqdgWoRicPWaHsuT1HSAdRG5QaV9yxwQBS/ht8v5wFCAoNjY8 +e+/wjcVcnopCnbcS4FD9zsQeRBobBNanI6lzy4/C9tnF5qpkOlr8++QwomcxKXrV +capXMEpFF5ipAb8h3DgCsPJ8En/TvxTSVwIUxpi3O8QxyOC6F7sLR3hOHCS2Iv97 +dU3v+3e4tpwCeuEQm6jU42TPkRYD8yELAGBIbwRf1RucLlCGJED8RfGb4FRTeJgy +L6ofp/C9w97+c7FAEjq9f/RmGK1u3aZ7olA3vq9OIZjLzb6KOR7R85xLicLfKOj+ +3mMapNTAnsHesJvNjnMsmi/epmBzK3Y4FNBwgIzobT4BmUMu7hvZSKeG8SJ/Komf +OHA3Hhic6vljxddIYH7UowJ9NB52XI+5wdTnDbYusFwz6dS3VOUJOjSfuICAwwBm +scCSr7ScEDWncy/PjB/ICgdJo9QaOMz6EVIg/+hQShZ3bgiytDqVw3pBXXLA6iMY +/QIzfUdWeua3Rv2ZgsjnAoIBAQDU9EFt9UnBkjOLDE/kw0H8kndZO1BZits1TqB7 +IK0CRznRypsN8sSO72k3zVShsd4NZQsK679IZ+LlB/YssmtT23N2mpMSz1odnjoh +H8KIPG/znOMEUDXt2n2f9RryU6KV2XXB55eftwtUuM+l7oSMrYkBNbxniQe5njUW +Yb3Zx6YUBslIQApiX9h3lDjV4jgO6N0u6/Q3ncfU/LGta1Cml0NxDYO3FFQuaKXy +4zvGX7zHfodRCGSIzE692ZMhp8Zz8O8kCwNbWnb/TKx9s0QKKf4Kxx6tJXQ6lMtS +KPkLeuoPvOkQdVjkhdFnWjaTwYr0g074SLa+gMaw/AgXKeJvAoIBAQDU8kfT3x2C +KEcqgI7Ootb8Owtk+MQT/vuHHaoeg93G0y1FyYohtkXhzGyzWAxNc0qlootFCsnI +5Erowzok+rwE/kP0Q3/yZFBsOZ5MFnfXkIbg22PNUCQePh25vECudM/0cFNomGPf +r3H4k5WD2cJQ1AN4AYmHaB3vlJ4k7J5kcU4+cGzN6rlvdhImoh6aD8am8SIsXj+w +/x7TZLWbTa5utQFU7alZIl5LDbacOo+fOxpcM9LRmWCIvoAHPhegfVuYu1n0GgLu +JWNEsb3nNvJ52TsvMXwv2Zao4xwQ5ik29iaWYpMT4zFDLyxRWNdjyrtz76OzNe3/ +/bW6TpFUBnefAoIBACP5SyBHInmHuBtSLiDn9zqyh2TUh0NJGLTNnoCOSYur+pF9 +F2poy1mWCgE6N4TFJky+9/mVT4/stMCZ8rUkQss8tCmh/RxdWMzOEOXNlrAq/YJ6 +y0LMRf/zO+uMnUu4YyvLO4BRHiUF5+0c9z8BpvSY0B8bM8ONu3dYyYEJa+fhOSYC +63fAEcECje/NYziGaY/jOJIXm/7VMY/CTEWObmZmASeU7946menpFbeNOWjOfXZ5 +4mQG9ezCDr81hQxXakfluJAvKBcDljyUeEMXyHOrGlY5wu3e+N54ikxLzZ5p2iZk +dD6qhCS+klxSOgwF0vJxSCLbLbvKx0XYnYlEMxMCggEBALhogA9Y3kMDAm4qGoGT +vz17HGj6jUMLw2LFK7d1Vq+B3WjcGYUMRgQ+dbvx+eVwfCpoUtcdepVALibYOhgg +Eob4cnyrn7eXa5XtZ8pYgrvo6wT6uLjqN/0AqdlYz2LEwfna9EBWB9eEJdywYgBm +qcI5eC+KlUDvx0zclP9A8gHlpW6pCXBhXujJhPpz1rBwDQYxN/jYPavXoyhJxIOT +iAVTNq4HimooOyQf4g31IL8x/afvMRhWDKUe49xhxzAynwnq5QFhLTxyoD6y9dOv +X9hpaLl7zyHY+oGS+5Ee4H46ODxvbRMB4n1d8rEXkJ9Yx3ClDEx73Xmciq2msG/l +kd0CggEBAK+xZjYnDei8Gk44cFt/pWQgQV0E0WwnJ6VaCfHiJ8LqmITvsLy24w2+ +niD6wmCU9ubM2pgGAbXq4TykZki+5rSWimK4f2unORzP9bya7ouMnfK9MqPrgFmu +bCjhis68dPUkl2bOgQ2RwmYVr3vmlrHjELJUG2XJkIP1A8ed1VJdvGnVvdj9wQA4 +TIDofvgx/Q09sql913sxklB2dJReKR2LSkDbWaaZ/thiQFSYkkqKz/hduuwLl/Yh +eh7K2nH9fQfK3tJ58FdkpUiY9HctBORbk2zoo/6/Or8WT4xH7uknk7h2ojb1BSGk +/lzgSK73/zQ6JbksZybsgsFbVJD+wUE= +-----END PRIVATE KEY----- From 5ed5e6dcaa69f5329522be429e0546bc848b8aa2 Mon Sep 17 00:00:00 2001 From: absurdfarce Date: Thu, 5 Sep 2024 11:44:24 -0500 Subject: [PATCH 4/6] Update driver name after ASF donation patch by Bret McGuire; reviewed by Joao Reis, Martin Sucha, Andy Tolbert and James Hartig reference: https://github.com/apache/cassandra-gocql-driver/pull/1817 --- version.go | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/version.go b/version.go index 140bae819..f2250f7fe 100644 --- a/version.go +++ b/version.go @@ -27,7 +27,13 @@ package gocql import "runtime/debug" const ( - mainModule = "github.com/gocql/gocql" + defaultDriverName = "github.com/apache/cassandra-gocql-driver" + + // This string MUST have this value since we explicitly test against the + // current main package returned by runtime/debug below. Also note the + // package name used here may change in a future (2.x) release; in that case + // this constant will be updated as well. + mainPackage = "github.com/gocql/gocql" ) var driverName string @@ -38,9 +44,13 @@ func init() { buildInfo, ok := debug.ReadBuildInfo() if ok { for _, d := range buildInfo.Deps { - if d.Path == mainModule { - driverName = mainModule + if d.Path == mainPackage { + driverName = defaultDriverName driverVersion = d.Version + // If there's a replace directive in play for the gocql package + // then use that information for path and version instead. This + // will allow forks or other local packages to clearly identify + // themselves as distinct from mainPackage above. if d.Replace != nil { driverName = d.Replace.Path driverVersion = d.Replace.Version From 034d6887a3bd723a6ed19935e80bc642ff938adb Mon Sep 17 00:00:00 2001 From: absurdfarce Date: Wed, 4 Sep 2024 22:08:37 -0500 Subject: [PATCH 5/6] Bump Go/C* versions. gocql policy was to support the current and previous Go versions for a given release; we're continuing this practice for the 1.7.0 release. patch by Bret McGuire; reviewed by Joao Reis, Martin Sucha reference: https://github.com/apache/cassandra-gocql-driver/pull/1825 --- .github/workflows/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 98fb6b791..d2044a0c0 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - go: [ '1.19', '1.20' ] + go: [ '1.22', '1.23' ] steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v4 @@ -34,8 +34,8 @@ jobs: strategy: fail-fast: false matrix: - go: [ '1.19', '1.20' ] - cassandra_version: [ '4.0.8', '4.1.1' ] + go: [ '1.22', '1.23' ] + cassandra_version: [ '4.0.13', '4.1.6' ] auth: [ "false" ] compressor: [ "snappy" ] tags: [ "cassandra", "integration", "ccm" ] @@ -125,8 +125,8 @@ jobs: strategy: fail-fast: false matrix: - go: [ '1.19', '1.20' ] - cassandra_version: [ '4.0.8' ] + go: [ '1.22', '1.23' ] + cassandra_version: [ '4.0.13' ] compressor: [ "snappy" ] tags: [ "integration" ] From 953e0df999cabb3f5eef714df9921c00e9f632c2 Mon Sep 17 00:00:00 2001 From: absurdfarce Date: Mon, 23 Sep 2024 13:56:53 -0500 Subject: [PATCH 6/6] Update changelog for 1.7.0 patch by Bret McGuire; reviewed by Martin Sucha reference: https://github.com/apache/cassandra-gocql-driver/pull/1826 --- CHANGELOG.md | 10 ++++++++++ README.md | 4 ++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8dfb22828..cf02cf0b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed +## [1.7.0] - 2024-09-23 + +This release is the first after the donation of gocql to the Apache Software Foundation (ASF) + +### Changed +- Update DRIVER_NAME parameter in STARTUP messages to a different value intended to clearly identify this + driver as an ASF driver. This should clearly distinguish this release (and future gocql-cassandra-driver + releases) from prior versions. (#1824) +- Supported Go versions updated to 1.23 and 1.22 to conform to gocql's sunset model. (#1825) + ## [1.6.0] - 2023-08-28 ### Added diff --git a/README.md b/README.md index 81d34b2d5..24dfe63c1 100644 --- a/README.md +++ b/README.md @@ -19,8 +19,8 @@ The following matrix shows the versions of Go and Cassandra that are tested with | Go/Cassandra | 4.0.x | 4.1.x | |--------------|-------|-------| -| 1.19 | yes | yes | -| 1.20 | yes | yes | +| 1.22 | yes | yes | +| 1.23 | yes | yes | Gocql has been tested in production against many versions of Cassandra. Due to limits in our CI setup we only test against the latest 2 GA releases.