Skip to content

Commit f3010e2

Browse files
milindlmilindl
authored
Fix schema registry integration test (SslAuth) by regenerating secrets (#1884)
The certificate in the current schema registry uses an outdated hash (SHA1) which is deprecated at most places and simply doesn't work at others. This replaces those with new secrets (the certificate uses SHA256). Also adds a script to regenerate secrets in case of expiry or deprecation of SHA256.
1 parent c71fae9 commit f3010e2

File tree

7 files changed

+65
-38
lines changed

7 files changed

+65
-38
lines changed

test/Confluent.SchemaRegistry.IntegrationTests/secrets/generate_secrets_linux.sh

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
#!/usr/bin/env bash
2+
3+
# Clone the script to generate the stores, and run the script with the correct params.
4+
git clone https://github.com/confluentinc/confluent-platform-security-tools.git --depth=1
5+
6+
export COUNTRY="US"
7+
export STATE="CA"
8+
export ORGANIZATION_UNIT="Confluent Inc"
9+
export CITY="Mountain View"
10+
export PASSWORD="cnf123"
11+
12+
bash confluent-platform-security-tools/kafka-generate-ssl-automatic.sh
13+
14+
# Copy the files into the right place.
15+
cp keystore/kafka.keystore.jks schema-registry.keystore.jks
16+
cp truststore/kafka.truststore.jks schema-registry.truststore.jks
17+
cp cert-signed schema-registry-ca.cer
18+
19+
# Duplicate to docker secrets.
20+
# Docker containers will need to be restarted after this step.
21+
cp schema-registry.keystore.jks ../../docker/secrets/schema-registry.keystore.jks
22+
cp schema-registry.truststore.jks ../../docker/secrets/schema-registry.truststore.jks
23+
cp schema-registry-ca.cer ../../docker/secrets/schema-registry-ca.cer
24+
25+
# Cleanup the script, and the files which are not required.
26+
rm -rf confluent-platform-security-tools
27+
rm -rf truststore
28+
rm -rf keystore
29+
rm cert-file cert-signed

test/Confluent.SchemaRegistry.IntegrationTests/secrets/schema-registry-ca.cer

Lines changed: 18 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,20 @@
11
-----BEGIN CERTIFICATE-----
2-
MIIDjDCCAnQCCQDXQgKZaZA7dDANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMC
3-
VVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRgwFgYDVQQK
4-
DA9Db25mbHVlbnQsIEluYy4xHzAdBgNVBAsMFkluZm9ybWF0aW9uIFRlY2hub2xv
5-
Z3kxGDAWBgNVBAMMD2NhLmNvbmZsdWVudC5pbzAeFw0yMDA0MTExOTEyMTVaFw00
6-
MDA0MDYxOTEyMTVaMIGHMQswCQYDVQQIEwJDQTELMAkGA1UEBhMCVVMxFjAUBgNV
7-
BAcTDU1vdW50YWluIFZpZXcxGDAWBgNVBAoTD0NvbmZsdWVudCwgSW5jLjEfMB0G
8-
A1UECxMWSW5mb3JtYXRpb24gVGVjaG5vbG9neTEYMBYGA1UEAxMPc2NoZW1hLXJl
9-
Z2lzdHJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5p/X+7ZL3+9B
10-
CLulhqdmd0YFgOAvN9DQrLAArbtsOJCtXOjhGLpXdeKDpfC4VupmhsYaCiuT4AYw
11-
ddlrrFEqh/osRZg4QBTjT+vXdj/qEnXUUWkPtWdVKcuQ33y1meAVo6dTYGzbiyKO
12-
awn2rDSyGE+rWHfocJFNHho02vF0Z2ckP+u4Pmaqze3Ae14StgjqUNx48fB01I0Z
13-
fWAowxYutI9PyPjt7pRbUrbFLK9bynhUtuRgq04QEIgWKHJTfNAX3ZsSCAPvhZN4
14-
BoMzeC3J5f/wlva9NIxnWVJE7S4XVusFhVd6c1sc25dWuOtcnO/e45YGx6s2IV/j
15-
aMo8sTiGVwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBe/bFwt+JQuhB5NDHhlXa7
16-
vnG+GhHo+5uP+bBnvB/PGj5Dp7cAnfWl4+Se+1xk1lGahJg1/7vV2ddfMPR5UISc
17-
nQBthxcdo4g3iVRW8wGe5+DkUkn01MovUkoCetulmdCyOz1IQmSgu+QJH+JBDsIC
18-
NBXad4Xlg0tMYXbd9Tsg6hdmsJy+5BlDjO1xUohftxLx7xEFtTydRTMSCbue3weF
19-
DlN+P9tfqk+gnGhZAhhjeMneM1FpEtBkp/e5GV3rUc4JESQpoOafxaEwElofyT+K
20-
7F6gdZ+EpLUhhbJgxq+QCm/i7e9Jjnk+ec6oDXoW+wxID0/E0EVIvfS/UYZWD3yX
2+
MIIDNTCCAh0CFEpPtkIepSou6T6ELlJ3XGbjeGJpMA0GCSqGSIb3DQEBCwUAMFcx
3+
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmll
4+
dzEWMBQGA1UECgwNQ29uZmx1ZW50IEluYzELMAkGA1UEAwwCcGMwHhcNMjIwODMw
5+
MDUwMTEzWhcNMzIwODI3MDUwMTEzWjBXMQswCQYDVQQDEwJwYzEWMBQGA1UEChMN
6+
Q29uZmx1ZW50IEluYzEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzELMAkGA1UECBMC
7+
Q0ExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
8+
uYc2e7dW4VeTWZobw3tcoliOkmfbm99x62pg88YRRnDhWLnXr9N+vV4Mid6utg2j
9+
Xn9e5bArkDicj6FDRWuRn8sdOYooNR1YFtD02paHo0Ndmxn1nyNcLnjKFl4UNway
10+
9+Myj2vE1voE/rEu0h2etdAJc0e9ScmTRUQYuaq5mubRx557krVYmfhtR+AywGUB
11+
QgVfFrhSX513YZCkWnSE4PHFfaJIQ2IIxwiRmQvqabqgXgknCuOjSk4F7WO+uSuX
12+
e6vNMT59Iq+etEaQiCAFpBu1AjNlE8//k40mLh5Fj0gQE1r8BfqxeUi8zDcMqdH/
13+
XmobV1bkojqWL3vFeNoUjwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBzgcW9x2ZZ
14+
q5369yCrKQgUY9m3pC+pxNxH8V3UcebuSzPd8xZ8voEbcx+tjKGCjd1GvfHBUOz8
15+
2wLpSIL3ThsrIZst0AgxnqEDmZ+GFNPTPhE7kp5HRXNmR03Fbrr/S6/Ty1UuGHK0
16+
16IrmwHbAc5xq4/BcSgcs/J37i2WHGrSylkYIYP7IQAwXWxlyHL2FKTM3lYbFyzD
17+
A7LhVQjcf6LmulTVY+3MSnTFDOU/bkzVy6hzQQEvlSGnZSBOfO/9vOTKKdZhLgg1
18+
nbU6KGmO9ipickdETgXNCat9geOov0WPadOuaCaTLMF+EpSRix/rQzKA+b7kXxE5
19+
ee9Kmb8sJTw1
2120
-----END CERTIFICATE-----

test/Confluent.SchemaRegistry.IntegrationTests/secrets/schema-registry.keystore.jks

-66 Bytes
Binary file not shown.

test/Confluent.SchemaRegistry.IntegrationTests/secrets/schema-registry.truststore.jks

61 Bytes
Binary file not shown.

test/docker/secrets/schema-registry-ca.cer

Lines changed: 18 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,20 @@
11
-----BEGIN CERTIFICATE-----
2-
MIIDjDCCAnQCCQDXQgKZaZA7dDANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMC
3-
VVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRgwFgYDVQQK
4-
DA9Db25mbHVlbnQsIEluYy4xHzAdBgNVBAsMFkluZm9ybWF0aW9uIFRlY2hub2xv
5-
Z3kxGDAWBgNVBAMMD2NhLmNvbmZsdWVudC5pbzAeFw0yMDA0MTExOTEyMTVaFw00
6-
MDA0MDYxOTEyMTVaMIGHMQswCQYDVQQIEwJDQTELMAkGA1UEBhMCVVMxFjAUBgNV
7-
BAcTDU1vdW50YWluIFZpZXcxGDAWBgNVBAoTD0NvbmZsdWVudCwgSW5jLjEfMB0G
8-
A1UECxMWSW5mb3JtYXRpb24gVGVjaG5vbG9neTEYMBYGA1UEAxMPc2NoZW1hLXJl
9-
Z2lzdHJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5p/X+7ZL3+9B
10-
CLulhqdmd0YFgOAvN9DQrLAArbtsOJCtXOjhGLpXdeKDpfC4VupmhsYaCiuT4AYw
11-
ddlrrFEqh/osRZg4QBTjT+vXdj/qEnXUUWkPtWdVKcuQ33y1meAVo6dTYGzbiyKO
12-
awn2rDSyGE+rWHfocJFNHho02vF0Z2ckP+u4Pmaqze3Ae14StgjqUNx48fB01I0Z
13-
fWAowxYutI9PyPjt7pRbUrbFLK9bynhUtuRgq04QEIgWKHJTfNAX3ZsSCAPvhZN4
14-
BoMzeC3J5f/wlva9NIxnWVJE7S4XVusFhVd6c1sc25dWuOtcnO/e45YGx6s2IV/j
15-
aMo8sTiGVwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBe/bFwt+JQuhB5NDHhlXa7
16-
vnG+GhHo+5uP+bBnvB/PGj5Dp7cAnfWl4+Se+1xk1lGahJg1/7vV2ddfMPR5UISc
17-
nQBthxcdo4g3iVRW8wGe5+DkUkn01MovUkoCetulmdCyOz1IQmSgu+QJH+JBDsIC
18-
NBXad4Xlg0tMYXbd9Tsg6hdmsJy+5BlDjO1xUohftxLx7xEFtTydRTMSCbue3weF
19-
DlN+P9tfqk+gnGhZAhhjeMneM1FpEtBkp/e5GV3rUc4JESQpoOafxaEwElofyT+K
20-
7F6gdZ+EpLUhhbJgxq+QCm/i7e9Jjnk+ec6oDXoW+wxID0/E0EVIvfS/UYZWD3yX
2+
MIIDNTCCAh0CFEpPtkIepSou6T6ELlJ3XGbjeGJpMA0GCSqGSIb3DQEBCwUAMFcx
3+
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmll
4+
dzEWMBQGA1UECgwNQ29uZmx1ZW50IEluYzELMAkGA1UEAwwCcGMwHhcNMjIwODMw
5+
MDUwMTEzWhcNMzIwODI3MDUwMTEzWjBXMQswCQYDVQQDEwJwYzEWMBQGA1UEChMN
6+
Q29uZmx1ZW50IEluYzEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzELMAkGA1UECBMC
7+
Q0ExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
8+
uYc2e7dW4VeTWZobw3tcoliOkmfbm99x62pg88YRRnDhWLnXr9N+vV4Mid6utg2j
9+
Xn9e5bArkDicj6FDRWuRn8sdOYooNR1YFtD02paHo0Ndmxn1nyNcLnjKFl4UNway
10+
9+Myj2vE1voE/rEu0h2etdAJc0e9ScmTRUQYuaq5mubRx557krVYmfhtR+AywGUB
11+
QgVfFrhSX513YZCkWnSE4PHFfaJIQ2IIxwiRmQvqabqgXgknCuOjSk4F7WO+uSuX
12+
e6vNMT59Iq+etEaQiCAFpBu1AjNlE8//k40mLh5Fj0gQE1r8BfqxeUi8zDcMqdH/
13+
XmobV1bkojqWL3vFeNoUjwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBzgcW9x2ZZ
14+
q5369yCrKQgUY9m3pC+pxNxH8V3UcebuSzPd8xZ8voEbcx+tjKGCjd1GvfHBUOz8
15+
2wLpSIL3ThsrIZst0AgxnqEDmZ+GFNPTPhE7kp5HRXNmR03Fbrr/S6/Ty1UuGHK0
16+
16IrmwHbAc5xq4/BcSgcs/J37i2WHGrSylkYIYP7IQAwXWxlyHL2FKTM3lYbFyzD
17+
A7LhVQjcf6LmulTVY+3MSnTFDOU/bkzVy6hzQQEvlSGnZSBOfO/9vOTKKdZhLgg1
18+
nbU6KGmO9ipickdETgXNCat9geOov0WPadOuaCaTLMF+EpSRix/rQzKA+b7kXxE5
19+
ee9Kmb8sJTw1
2120
-----END CERTIFICATE-----

test/docker/secrets/schema-registry.keystore.jks

-66 Bytes
Binary file not shown.

test/docker/secrets/schema-registry.truststore.jks

61 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)