MINIFICPP-2154 Replace SecureSocketGetTCPTest with utils::net::getSSLContext tests
Closes #1598
Signed-off-by: Marton Szasz <szaszm@apache.org>
diff --git a/cmake/BuildTests.cmake b/cmake/BuildTests.cmake
index 238b1f8..45095b2 100644
--- a/cmake/BuildTests.cmake
+++ b/cmake/BuildTests.cmake
@@ -30,6 +30,16 @@
set(NANOFI_TEST_DIR "${CMAKE_SOURCE_DIR}/nanofi/tests/")
+function(copyTestResources SOURCE_DIR DEST_DIR)
+ file(GLOB RESOURCE_FILES "${SOURCE_DIR}/*")
+ foreach(RESOURCE_FILE ${RESOURCE_FILES})
+ get_filename_component(RESOURCE_FILENAME "${RESOURCE_FILE}" NAME)
+ set(dest_file "${DEST_DIR}/${RESOURCE_FILENAME}")
+
+ configure_file(${RESOURCE_FILE} ${dest_file} COPYONLY)
+ endforeach()
+endfunction()
+
function(appendIncludes testName)
target_include_directories(${testName} SYSTEM BEFORE PRIVATE "${CMAKE_SOURCE_DIR}/thirdparty/catch")
target_include_directories(${testName} BEFORE PRIVATE "${CMAKE_SOURCE_DIR}/include")
diff --git a/extensions/standard-processors/processors/GetTCP.cpp b/extensions/standard-processors/processors/GetTCP.cpp
index c3389ed..002e868 100644
--- a/extensions/standard-processors/processors/GetTCP.cpp
+++ b/extensions/standard-processors/processors/GetTCP.cpp
@@ -76,7 +76,7 @@
if (auto context_name = context.getProperty(SSLContextService)) {
if (auto controller_service = context.getControllerService(*context_name)) {
if (auto ssl_context_service = std::dynamic_pointer_cast<minifi::controllers::SSLContextService>(context.getControllerService(*context_name))) {
- ssl_context = utils::net::getSslContext(*ssl_context_service);
+ ssl_context = utils::net::getClientSslContext(*ssl_context_service);
} else {
throw Exception(PROCESS_SCHEDULE_EXCEPTION, *context_name + " is not an SSL Context Service");
}
diff --git a/extensions/standard-processors/processors/PutTCP.cpp b/extensions/standard-processors/processors/PutTCP.cpp
index 9eb7c3f..08c4226 100644
--- a/extensions/standard-processors/processors/PutTCP.cpp
+++ b/extensions/standard-processors/processors/PutTCP.cpp
@@ -27,6 +27,7 @@
#include "core/Resource.h"
#include "core/logging/Logger.h"
#include "utils/net/AsioCoro.h"
+#include "utils/net/AsioSocketUtils.h"
using asio::ip::tcp;
@@ -54,7 +55,6 @@
void PutTCP::notifyStop() {}
-
void PutTCP::onSchedule(core::ProcessContext* const context, core::ProcessSessionFactory*) {
gsl_Expects(context);
@@ -85,7 +85,7 @@
if (context->getProperty(SSLContextService, context_name) && !IsNullOrEmpty(context_name)) {
if (auto controller_service = context->getControllerService(context_name)) {
if (auto ssl_context_service = std::dynamic_pointer_cast<minifi::controllers::SSLContextService>(context->getControllerService(context_name))) {
- ssl_context_ = utils::net::getSslContext(*ssl_context_service);
+ ssl_context_ = utils::net::getClientSslContext(*ssl_context_service);
} else {
throw Exception(PROCESS_SCHEDULE_EXCEPTION, context_name + " is not an SSL Context Service");
}
diff --git a/extensions/standard-processors/tests/CMakeLists.txt b/extensions/standard-processors/tests/CMakeLists.txt
index 353b7bb..89f369c 100644
--- a/extensions/standard-processors/tests/CMakeLists.txt
+++ b/extensions/standard-processors/tests/CMakeLists.txt
@@ -50,17 +50,6 @@
add_test(NAME "${testfilename}" COMMAND "${testfilename}" WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
MATH(EXPR PROCESSOR_INT_TEST_COUNT "${PROCESSOR_INT_TEST_COUNT}+1")
-
- # Copy test resources only once after the first build to be available for all test cases
- if(PROCESSOR_INT_TEST_COUNT EQUAL 1)
- add_custom_command(
- TARGET "${testfilename}"
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E copy_directory
- "${CMAKE_SOURCE_DIR}/extensions/standard-processors/tests/unit/resources"
- "$<TARGET_FILE_DIR:${testfilename}>/resources"
- )
- endif()
ENDFOREACH()
message("-- Finished building ${PROCESSOR_INT_TEST_COUNT} processor unit test file(s)...")
@@ -107,3 +96,5 @@
add_executable("${resourcefilename}" "${resourcefile}")
set_target_properties(${resourcefilename} PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/bin")
ENDFOREACH()
+
+copyTestResources(${CMAKE_SOURCE_DIR}/libminifi/test/resources/certs ${CMAKE_BINARY_DIR}/bin/resources)
diff --git a/extensions/standard-processors/tests/unit/GetTCPTests.cpp b/extensions/standard-processors/tests/unit/GetTCPTests.cpp
index a8a2c9d..fb95ced 100644
--- a/extensions/standard-processors/tests/unit/GetTCPTests.cpp
+++ b/extensions/standard-processors/tests/unit/GetTCPTests.cpp
@@ -42,7 +42,7 @@
minifi::utils::net::SslData ssl_data;
ssl_data.ca_loc = (executable_dir / "resources" / "ca_A.crt").string();
ssl_data.cert_loc = (executable_dir / "resources" / "localhost_by_A.pem").string();
- ssl_data.key_loc = (executable_dir / "resources" / "localhost_by_A.pem").string();
+ ssl_data.key_loc = (executable_dir / "resources" / "localhost.key").string();
return ssl_data;
}
@@ -52,7 +52,7 @@
const auto executable_dir = minifi::utils::file::FileUtils::get_executable_dir();
REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::CACertificate, (executable_dir / "resources" / "ca_A.crt").string()));
REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::ClientCertificate, (executable_dir / "resources" / "alice_by_A.pem").string()));
- REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "alice_by_A.pem").string()));
+ REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "alice.key").string()));
ssl_context_service->enable();
}
@@ -76,7 +76,7 @@
ssl_context.set_options(asio::ssl::context::default_workarounds | asio::ssl::context::single_dh_use | asio::ssl::context::no_tlsv1 | asio::ssl::context::no_tlsv1_1);
ssl_context.set_password_callback([key_pw = "Password12"](std::size_t&, asio::ssl::context_base::password_purpose&) { return key_pw; });
ssl_context.use_certificate_file((executable_dir / "resources" / "localhost_by_A.pem").string(), asio::ssl::context::pem);
- ssl_context.use_private_key_file((executable_dir / "resources" / "localhost_by_A.pem").string(), asio::ssl::context::pem);
+ ssl_context.use_private_key_file((executable_dir / "resources" / "localhost.key").string(), asio::ssl::context::pem);
ssl_context.load_verify_file((executable_dir / "resources" / "ca_A.crt").string());
ssl_context.set_verify_mode(asio::ssl::verify_peer);
diff --git a/extensions/standard-processors/tests/unit/ListenSyslogTests.cpp b/extensions/standard-processors/tests/unit/ListenSyslogTests.cpp
index 73ed6dd..4e69c80 100644
--- a/extensions/standard-processors/tests/unit/ListenSyslogTests.cpp
+++ b/extensions/standard-processors/tests/unit/ListenSyslogTests.cpp
@@ -498,7 +498,7 @@
const auto executable_dir = minifi::utils::file::FileUtils::get_executable_dir();
REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::CACertificate, (executable_dir / "resources" / "ca_A.crt").string()));
REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::ClientCertificate, (executable_dir / "resources" / "localhost_by_A.pem").string()));
- REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "localhost_by_A.pem").string()));
+ REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "localhost.key").string()));
ssl_context_service->enable();
LogTestController::getInstance().setTrace<ListenSyslog>();
diff --git a/extensions/standard-processors/tests/unit/ListenTcpTests.cpp b/extensions/standard-processors/tests/unit/ListenTcpTests.cpp
index 11eb112..30e3e5d 100644
--- a/extensions/standard-processors/tests/unit/ListenTcpTests.cpp
+++ b/extensions/standard-processors/tests/unit/ListenTcpTests.cpp
@@ -117,7 +117,7 @@
const auto executable_dir = minifi::utils::file::FileUtils::get_executable_dir();
REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::CACertificate, (executable_dir / "resources" / "ca_A.crt").string()));
REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::ClientCertificate, (executable_dir / "resources" / "localhost_by_A.pem").string()));
- REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "localhost_by_A.pem").string()));
+ REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "localhost.key").string()));
REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::Passphrase, "Password12"));
REQUIRE(controller.plan->setProperty(listen_tcp, ListenTCP::MaxBatchSize, "2"));
REQUIRE(controller.plan->setProperty(listen_tcp, ListenTCP::SSLContextService, "SSLContextService"));
@@ -189,7 +189,7 @@
minifi::utils::net::SslData ssl_data;
ssl_data.ca_loc = executable_dir / "resources" / "ca_A.crt";
ssl_data.cert_loc = executable_dir / "resources" / "localhost_by_A.pem";
- ssl_data.key_loc = executable_dir / "resources" / "localhost_by_A.pem";
+ ssl_data.key_loc = executable_dir / "resources" / "localhost.key";
ssl_data.key_pw = "Password12";
expected_successful_messages = {"test_message_1", "another_message"};
@@ -245,7 +245,7 @@
const auto executable_dir = minifi::utils::file::FileUtils::get_executable_dir();
REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::CACertificate, (executable_dir / "resources" / "ca_A.crt").string()));
REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::ClientCertificate, (executable_dir / "resources" / "localhost_by_A.pem").string()));
- REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "localhost_by_A.pem").string()));
+ REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::PrivateKey, (executable_dir / "resources" / "localhost.key").string()));
REQUIRE(controller.plan->setProperty(ssl_context_service, controllers::SSLContextService::Passphrase, "Password12"));
REQUIRE(controller.plan->setProperty(listen_tcp, ListenTCP::MaxBatchSize, "2"));
REQUIRE(controller.plan->setProperty(listen_tcp, ListenTCP::SSLContextService, "SSLContextService"));
@@ -258,7 +258,7 @@
minifi::utils::net::SslData ssl_data;
ssl_data.ca_loc = executable_dir / "resources" / "ca_A.crt";
ssl_data.cert_loc = executable_dir / "resources" / "localhost_by_A.pem";
- ssl_data.key_loc = executable_dir / "resources" / "localhost_by_A.pem";
+ ssl_data.key_loc = executable_dir / "resources" / "localhost.key";
ssl_data.key_pw = "Password12";
diff --git a/extensions/standard-processors/tests/unit/PutTCPTests.cpp b/extensions/standard-processors/tests/unit/PutTCPTests.cpp
index cb6b5d6..c367d3a 100644
--- a/extensions/standard-processors/tests/unit/PutTCPTests.cpp
+++ b/extensions/standard-processors/tests/unit/PutTCPTests.cpp
@@ -18,7 +18,6 @@
#include <memory>
#include <new>
-#include <random>
#include <string>
#include "SingleProcessorTestController.h"
@@ -88,7 +87,7 @@
utils::net::SslData ssl_data;
ssl_data.ca_loc = (executable_dir / "resources" / "ca_A.crt").string();
ssl_data.cert_loc = (executable_dir / "resources" / "localhost_by_A.pem").string();
- ssl_data.key_loc = (executable_dir / "resources" / "localhost_by_A.pem").string();
+ ssl_data.key_loc = (executable_dir / "resources" / "localhost.key").string();
return ssl_data;
}
} // namespace
@@ -158,12 +157,14 @@
return std::nullopt;
}
- void addSSLContextToPutTCP(const std::filesystem::path& ca_cert, const std::optional<std::filesystem::path>& client_cert_key) {
+ void addSSLContextToPutTCP(const std::filesystem::path& ca_cert, const std::optional<std::filesystem::path>& client_cert, const std::optional<std::filesystem::path>& client_cert_key) {
const std::filesystem::path ca_dir = std::filesystem::path(minifi::utils::file::FileUtils::get_executable_dir()) / "resources";
auto ssl_context_service_node = controller_.plan->addController("SSLContextService", "SSLContextService");
REQUIRE(controller_.plan->setProperty(ssl_context_service_node, SSLContextService::CACertificate, (ca_dir / ca_cert).string()));
+ if (client_cert) {
+ REQUIRE(controller_.plan->setProperty(ssl_context_service_node, SSLContextService::ClientCertificate, (ca_dir / *client_cert).string()));
+ }
if (client_cert_key) {
- REQUIRE(controller_.plan->setProperty(ssl_context_service_node, SSLContextService::ClientCertificate, (ca_dir / *client_cert_key).string()));
REQUIRE(controller_.plan->setProperty(ssl_context_service_node, SSLContextService::PrivateKey, (ca_dir / *client_cert_key).string()));
}
ssl_context_service_node->enable();
@@ -281,7 +282,7 @@
test_fixture.setPutTCPPort(port);
}
SECTION("SSL") {
- test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem");
+ test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key");
auto port = test_fixture.addSSLServer();
test_fixture.setPutTCPPort(port);
}
@@ -315,7 +316,7 @@
test_fixture.setPutTCPPort(port);
}
SECTION("SSL") {
- test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem");
+ test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key");
auto port = test_fixture.addSSLServer();
test_fixture.setPutTCPPort(port);
}
@@ -346,7 +347,7 @@
SECTION("No SSL") {
}
SECTION("SSL") {
- test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem");
+ test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key");
}
test_fixture.setPutTCPPort(1235);
@@ -359,7 +360,7 @@
SECTION("No SSL") {
}
SECTION("SSL") {
- test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem");
+ test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key");
}
test_fixture.setPutTCPPort(1235);
test_fixture.setHostname("localhost");
@@ -371,7 +372,7 @@
SECTION("No SSL") {
}
SECTION("SSL") {
- test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem");
+ test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key");
}
test_fixture.setHostname("192.168.255.255");
test_fixture.setPutTCPPort(1235);
@@ -381,7 +382,7 @@
TEST_CASE("PutTCP test invalid server cert", "[PutTCP]") {
PutTCPTestFixture test_fixture;
- test_fixture.addSSLContextToPutTCP("ca_B.crt", "alice_by_B.pem");
+ test_fixture.addSSLContextToPutTCP("ca_B.crt", "alice_by_B.pem", "alice.key");
test_fixture.setHostname("localhost");
auto port = test_fixture.addSSLServer();
test_fixture.setPutTCPPort(port);
@@ -394,7 +395,7 @@
TEST_CASE("PutTCP test missing client cert", "[PutTCP]") {
PutTCPTestFixture test_fixture;
- test_fixture.addSSLContextToPutTCP("ca_A.crt", std::nullopt);
+ test_fixture.addSSLContextToPutTCP("ca_A.crt", std::nullopt, std::nullopt);
test_fixture.setHostname("localhost");
auto port = test_fixture.addSSLServer();
test_fixture.setPutTCPPort(port);
@@ -414,7 +415,7 @@
SECTION("SSL") {
auto port = test_fixture.addSSLServer();
test_fixture.setPutTCPPort(port);
- test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem");
+ test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key");
}
test_fixture.setIdleConnectionExpiration("100ms");
@@ -435,7 +436,7 @@
test_fixture.setPutTCPPort(port);
}
SECTION("SSL") {
- test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem");
+ test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key");
auto port = test_fixture.addSSLServer();
test_fixture.setPutTCPPort(port);
}
@@ -454,7 +455,7 @@
}
}
SECTION("SSL") {
- test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem");
+ test_fixture.addSSLContextToPutTCP("ca_A.crt", "alice_by_A.pem", "alice.key");
for (size_t i = 0; i < number_of_servers; ++i) {
ports.push_back(test_fixture.addSSLServer());
}
diff --git a/extensions/standard-processors/tests/unit/resources/alice_by_A.pem b/extensions/standard-processors/tests/unit/resources/alice_by_A.pem
deleted file mode 100644
index 605fe93..0000000
--- a/extensions/standard-processors/tests/unit/resources/alice_by_A.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAqhZR+Hsx397YYy2sQOI0IkxO6rkJvftLrjRpy1YwVfArimkU
-umZkWdpE7FAt1BIkzBlSsqXzeY/+W53YjOBcLK+xrQHpIquTGG6iL4btM6hWPBow
-hxuz0TpW5SpsuupQbRi4hbWVuQzTCKV68VM01/590Su2l0MPoamSMthK8H2ubodz
-R1VFwlTaLZmRJ20hyowsuKLOdc8fyzDXH5JPR9+STHsPpl+OccDvTG8iKlOZMa8z
-d3GXWBhSfcPgP+WzJWLn1bVN7UbKfgneUYSRAvf+ocsT1OZ7T+eam07ROsZBgpN1
-VVycmFalRqsNddT814tUIgkRXEsXzC1bP/eV2QIDAQABAoIBAH7O50xHpRaQkWnY
-Gm3BeDb+B3ROgqnm2jTGFP4pgx3/Uqb90xtpzXWEGxDIcnKDGHYmhxZ0TYMbTPtH
-QrU9bNtQHjqriwJzQtbbXQXsJZr27Vwf9oA0sirSwQhYSfpNSasc3C2sBTWTDx+K
-KJAVhfdnYKx7V8WMlPHld/96bNzA0AqGgn8FGYDiPAdiY7Ega6/iEMgtwGgIe56c
-k5YeaXOeV9b5gZGFZyDXcnbAgC24gcuSI70YmoYgSBYJC1NftLEa4NLysetpEA2A
-de1kQxm54ZfeeC+whtT693jIvp8cg6Ck/yCNj+qGXFbBWjibojs/uN8PadBOl8DU
-hdGrG2UCgYEA0tCiEfaMykaZn4GTmUq+drx2l5eP6GBhmkCpw5b0AS7Xpi/sh1Hm
-+v36+ffVdPsYylVDMCCLxrugx+pkCwk2I+fHxRJ0tGGOCBclpQqE0mgYQdBmGyMQ
-hsXea+9IhbbeGkqgxxHWGHzVPtq7NFOLSt6LGF6+RXhfHcaBq/ypFccCgYEAzor2
-nhQr0q6UpaVUmZp3fliVfhsv7qQEcsCXbAssLbKM36vyD8m9A6V94QLfL/Z6jBx7
-3Edh18OrN0dfIlcF3J8jiD/3mGiGGldsF/dgJWQB8DpP51tYldR7ni1bW+ZDtlX7
-XmcWKTGZLqXqzYS8bsCcKUOLd2g//p1mnbcfd18CgYA8cG4Wok3I7Ca88SREzYX/
-epaxbVVntMImvCUvmwaHlEtlLNYuEZAcI1ah9aiv6hE4aOtjT+Fi74Xv6sYV1+U6
-tAe0+06ULGfQ7/nt8C8WN5vEup+bZhkl2nKjFS4Aj+XrObwQdo+f46IrbABBxzXn
-GBheu0LnndP/MFsa2MwNHwKBgEmAFkcm8nlk+yz/at3GpGNn7rsTvbj00Uhs1PXz
-++K/OXaXX+rSZdsYV3VtajNNSUr3D/TRyjXYQePIGEjGIyXh0+k2qkuoVqClH6hf
-te1Ya4AroCe60AlxthQSHALWLJ6EdpGfqbk7F0IMdURxygS3slrU2JrDlJJtPQk/
-E4mNAoGAJjht0RIhJLr+Gss+7SocEYFd8klFpRTWpx80pN5hRdUfH84Q3OOXnq2F
-QoHD7WLMM8Ec/paSSZjrmvk00Ptp4s2/Z1SRhY2BQjbk32xP0/CkGGK8SPVW6Sb7
-hAol6soYGroGcCGsRPdRE6hF5+BH8VYGh5vPlELyDnNym7Kp0wU=
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDITCCAgkCFDA8Dkntpi2PSSJDZGYjjG03qNboMA0GCSqGSIb3DQEBCwUAMFQx
-CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UECgwNRXhhbXBsZSwgSW5j
-LjEgMB4GA1UEAwwXQ2VydGlmaWNhdGUgQXV0aG9yaXR5IEEwHhcNMjIwOTE5MDkw
-NTM3WhcNMzIwOTE2MDkwNTM3WjBGMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0Ex
-FjAUBgNVBAoMDUV4YW1wbGUsIEluYy4xEjAQBgNVBAMMCWFsaWNlLmNvbTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKoWUfh7Md/e2GMtrEDiNCJMTuq5
-Cb37S640actWMFXwK4ppFLpmZFnaROxQLdQSJMwZUrKl83mP/lud2IzgXCyvsa0B
-6SKrkxhuoi+G7TOoVjwaMIcbs9E6VuUqbLrqUG0YuIW1lbkM0wilevFTNNf+fdEr
-tpdDD6GpkjLYSvB9rm6Hc0dVRcJU2i2ZkSdtIcqMLLiiznXPH8sw1x+ST0ffkkx7
-D6ZfjnHA70xvIipTmTGvM3dxl1gYUn3D4D/lsyVi59W1Te1Gyn4J3lGEkQL3/qHL
-E9Tme0/nmptO0TrGQYKTdVVcnJhWpUarDXXU/NeLVCIJEVxLF8wtWz/3ldkCAwEA
-ATANBgkqhkiG9w0BAQsFAAOCAQEAR2vpt91QSLfoh0qIW+bknV+ZilZdgRGh+kXm
-deqo+Drkz3BgmbXCIG6GGWF6LaS+iNt5YYyHUBKqLkvAfwtocLSVgNKYcgqG3kLZ
-qfoLrlT/IhHQ7WE6NOFQKcoJ/vuBMU7zjROjbbw2NdkO7hpJr2NQC5CgfPy89eJ6
-ly7wf3zxsVHk8fUnl1MgSb4lft4v5E73s9SpfRkKYr2BrkMCHQYawRAm9um9pW2S
-Qmk1L6OKkkCoR+LYrLyWY3s84NGVjP/fk7XHtvh2YtlB3sT4/yluOc8kXTp0DiuW
-UyvWTGYI+hHvZ4ol8LOttlV4Nwo4d8qgyuHlgiw1dnQBUZB7/g==
------END CERTIFICATE-----
diff --git a/extensions/standard-processors/tests/unit/resources/alice_by_B.pem b/extensions/standard-processors/tests/unit/resources/alice_by_B.pem
deleted file mode 100644
index f8e1328..0000000
--- a/extensions/standard-processors/tests/unit/resources/alice_by_B.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAqq6fA21gSE4zJvfEwJ2hTa0tTfONsWLIfho0jNKvTytwoD12
-tj41mPdM8kWvYY/oEPQ8WCXAy4UmgwxxWvCmtDmm/NXT5B6/IMr+png82sdkPABY
-qoPxIb0lvRoSQ0DIYZhRLI1v6TdAFMHUVyksSihoaDZZ7/6Ne+0p0xHTqiyTrlgX
-axMCvmS1S/i6eCUfNKtBA3Y0nXLj1D24RYn7gxPKnAXMpCwoxW1+zRFA9SotyaO4
-mh3cp4MFALxdimu69q5/rduK9XlAXvqxlCb80mJ3he4TEio2J2KL+kiFksGKtj7W
-e8a6UgIzOYYTmyZ4ScYGnwvSxYeAkQX0oRPzbwIDAQABAoIBAA5aRsbcALez07tY
-JHRqDPFiOagPbf/XpbJs87RP1ywaJAtlf8ENdCZbzV2mHHxgxIwAbb6f1hmHJdjp
-R/L0v5/yJSent3y8VSglycon3D4tfDFLeilElRdYN38yXQzIutDyJQlRD3MWEU5t
-ijSWIsJNqZHx2BhFWJJuPBEis6DgoZXUIQLMCNDUPTofJS486yoYxdLhMC+i4+6q
-DnQ+k7a32tPhSJGKXVCeIbGA2gJFcxoRQvFuJuMCofCC1jJ1BlGKbaeal0RC9ICe
-TSk+SPmZMGMiOcLXBcJTCRxQP71mqtxn4cYJdvQDmXP+vZyVWBXB272YRwSoTbTL
-yKHsn4ECgYEA0/1V4tuOCfCP94Phk0zwaepeZxeGdRTQhum57V5L3xmlgkrrUx+5
-u6JzrMrxpO8h7l619jHPPaV0u0BE1bwjGeOPuPA9WCWqfzETDL/j0NbTOWRLnX5h
-91Ag8BYoGxt4gK856S/Me7PRPljNWiv4bDjGjXrYq/GDpSU9ZPnW9y8CgYEAzh3o
-Gz9XGEI9EjcwCZtuPoKmalvXFC2tNNkkX6FgZRire0mekJzKjbNgR7xrWYtUaZ55
-ZTEGL9bseRSOcfWeZBpJIclEIgyajYs8tW8RaTZoRQmu3fP+2IlFoU9SiSQR40hX
-7eeJOduHhbxXGW/JKuf7pBbGMSTH9n+MqfV/t8ECgYEAhEmmDABYvekp3hqlbOdp
-a57+tDShCnUnv9kg1niuvhViDFG2UlQM8oNozh6C9xrnQLpHsM/adKzIkIWFrx9N
-hD1WleENVvGCWQcFzUH953f3revhp/GTLuMI+unIs0nMQ/mVGOhkIZnP7Kk71JZ1
-2wr/FJDhn0MClM8NZfLm668CgYAYkbANL2uuVJb7COENBB4MDX7QxsnIeflfh1Ky
-o4XeBybJt2jTTB1I7szXQDp7ngQd4uoNid527WOauzyPkPukaw20nU0l0eLKZIKE
-Dg1BQV8Ee7cAdgk2voYySEZKWqZXNVRl42eUIfrxkhW/zndoSebRFHXjfcLoOyQF
-TmI/AQKBgEKHOHbemvkKtdE4GPz436Y9vodqOMe2qFAoW+nhOP4stGZhZpOyVMvk
-Y7PxpG+1bwPVg4ouSJyoq9Mw3Qnz5Reuot1h67rrw75CyUSDwuAdLpnS08t7T7LF
-N7b5nWOMcbUdaCaiAh3Mv8/9vo46ZdpdiFYgDLOCYiiLifva36rK
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDITCCAgkCFDYWRAThkKd/J+oMW7tZBqEPx4XPMA0GCSqGSIb3DQEBCwUAMFQx
-CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UECgwNRXhhbXBsZSwgSW5j
-LjEgMB4GA1UEAwwXQ2VydGlmaWNhdGUgQXV0aG9yaXR5IEIwHhcNMjIwOTE5MDkw
-NTM3WhcNMzIwOTE2MDkwNTM3WjBGMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0Ex
-FjAUBgNVBAoMDUV4YW1wbGUsIEluYy4xEjAQBgNVBAMMCWFsaWNlLmNvbTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqunwNtYEhOMyb3xMCdoU2tLU3z
-jbFiyH4aNIzSr08rcKA9drY+NZj3TPJFr2GP6BD0PFglwMuFJoMMcVrwprQ5pvzV
-0+QevyDK/qZ4PNrHZDwAWKqD8SG9Jb0aEkNAyGGYUSyNb+k3QBTB1FcpLEooaGg2
-We/+jXvtKdMR06osk65YF2sTAr5ktUv4unglHzSrQQN2NJ1y49Q9uEWJ+4MTypwF
-zKQsKMVtfs0RQPUqLcmjuJod3KeDBQC8XYpruvauf63bivV5QF76sZQm/NJid4Xu
-ExIqNidii/pIhZLBirY+1nvGulICMzmGE5smeEnGBp8L0sWHgJEF9KET828CAwEA
-ATANBgkqhkiG9w0BAQsFAAOCAQEAgc0RbVwCNVpCZjUyhVxBlqrS1S0K8ygdyVPG
-7/fcejKSA7aUEA4x5pehvNwhDHXnW9jiEdWbQLyJaNFyuQT/4R8tCZi0q6nQF7NN
-shL0B19QaHErSPHYudecshbB7VrsiYjG9Q3O8QMrulfLcz3b6RLqUTLCOSK7Nclk
-Nv+ONad80OCzjBUIOnIHzkfDRDChzsF90EGtyLtIXaUO/K7WZDlw6+Gf9rVtyH6S
-USyUzcKVDobxCcJkmlRbmSL3oExTQCukhH6aNhUyvUFtlaKEXqizFe+/ujtE0Ymg
-sAJWmEYct+9H6iINgq24kPn/h29EbvYcGWIEg20U8+AznHaMPQ==
------END CERTIFICATE-----
diff --git a/extensions/standard-processors/tests/unit/resources/ca_A.crt b/extensions/standard-processors/tests/unit/resources/ca_A.crt
deleted file mode 100644
index 3d283a6..0000000
--- a/extensions/standard-processors/tests/unit/resources/ca_A.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDizCCAnOgAwIBAgIUca6kHRI3RSvFxnz4ksg2M33A3IowDQYJKoZIhvcNAQEL
-BQAwVDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQKDA1FeGFtcGxl
-LCBJbmMuMSAwHgYDVQQDDBdDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgQTAgFw0yMjA5
-MTkwOTA1MzZaGA8yMDUyMDkxMTA5MDUzNlowVDELMAkGA1UEBhMCVVMxCzAJBgNV
-BAgMAkNBMRYwFAYDVQQKDA1FeGFtcGxlLCBJbmMuMSAwHgYDVQQDDBdDZXJ0aWZp
-Y2F0ZSBBdXRob3JpdHkgQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AKsd1Yd8ds19WNU9ag6oDfgyxGzfnm4Nl8SrG34nA9D3DB7yXu3yN2feVPBNqDCU
-FnOCsQqiRKOROfNPEfz8fqqOqUcd8TK1RNg3JWtbOjy+BklBqm8NK3fdDkrD+Fuq
-sKOdqho5Xuy36Ec4y4citEW7FcRdu9LrAr81NbcOG0AU7a+SRdiROVUmSIDhQhDP
-j37HO9Rya6DizNSTIvQ4xQ/iQTzGqdZD9wy/AUQt+E7VrTslpIi48dWSjM6mZkGA
-1TcfAeDjJa7HrbnIZkvRhH5tUiHzCbQq+8N5SkSFssP8wd++8rydD0gWjxkOIHtR
-SGPoq5cp5uKAq4j7DXasneECAwEAAaNTMFEwHQYDVR0OBBYEFH6swKPx3nUFLoaW
-WiiwhERbyC5AMB8GA1UdIwQYMBaAFH6swKPx3nUFLoaWWiiwhERbyC5AMA8GA1Ud
-EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACepoYKN+U5mqP5R6s/6/CM4
-3iBgcVRwAWNLd+cMhGzbSMvQbwji9AvE4lUxoLULIRl9EeedlKuEv01Eic4RGMq4
-1hG8mn3mSjITqQKYS+2o3sIKqtnfR86uQzQyixTTGiKJzpPV6vzQgtvkniCTPlgI
-eu59pNfQLUlYrgtJ+lTv/2/MPyS2I137DsjG+7ASVbDZ6uDbEp1/KyrgJB1skB+6
-s2Pxicf9X8mpfpuTqFiGyJUOdHmgYpx6ZxyAgMCm4C+a5e8I283d0xX06coChy00
-fh23THQ9O8HVQYejzHFfCoshIkj9l0Kkw6Um2aS4KLaZxAky+Kn+wgqFbgcJY0s=
------END CERTIFICATE-----
diff --git a/extensions/standard-processors/tests/unit/resources/ca_B.crt b/extensions/standard-processors/tests/unit/resources/ca_B.crt
deleted file mode 100644
index 5beee66..0000000
--- a/extensions/standard-processors/tests/unit/resources/ca_B.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDizCCAnOgAwIBAgIUIRojQbIHUpmTeT1hp7BsxG8gFDswDQYJKoZIhvcNAQEL
-BQAwVDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQKDA1FeGFtcGxl
-LCBJbmMuMSAwHgYDVQQDDBdDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgQjAgFw0yMjA5
-MTkwOTA1MzZaGA8yMDUyMDkxMTA5MDUzNlowVDELMAkGA1UEBhMCVVMxCzAJBgNV
-BAgMAkNBMRYwFAYDVQQKDA1FeGFtcGxlLCBJbmMuMSAwHgYDVQQDDBdDZXJ0aWZp
-Y2F0ZSBBdXRob3JpdHkgQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AJfR48sziDgKH8+PfcVUMWag7ctGoBXgfOZ8h5gubQm5KrTD0rqHvf/8dLGvJ0aq
-tKVYnoFFjHikDIJZxuMYF6Vbq39FNinZugMCQsJ3gTWREq7tr3MLDfN+lD9rCxAr
-RDbfwaXN907ljXbsNoq3km9Bd43qAxDDND5N74o9wefFLLxcNo08d5aTN3LZY9g0
-b83ps+kc9Ysm9JBzFN10DJYIWwRWvCZL6hX10fWqrV9OcJgilCQk5PJgaZBppQgi
-hiTjq36vlBCTL3RO2MXecPSJLfigwKkT4WZwrG1E26jhh0lGVK6pdOs99JeTtzfr
-hC4lR8ExD8wFwvcn/8jFXxsCAwEAAaNTMFEwHQYDVR0OBBYEFDDrW/6QNEfo/7Br
-fpz8Vmm7KjWvMB8GA1UdIwQYMBaAFDDrW/6QNEfo/7Brfpz8Vmm7KjWvMA8GA1Ud
-EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAErDWgtX/547fwHv6+sOoSGT
-FHmVXba0IlcfW404r1Kp0MeNYZitQvi4SHL6CkxY+/RdgppxkbE5D8hUhk9PrSeo
-5E4ebPsnvSRlzDVWLm2ZpbLRO6BcrzbEN0b3ylZ3Kw/+SarDNBMSTDWZ5knWXUk6
-3Ckg2gg8VCLKxQK0IDTHtXq+WTKGmVf34dYbLfWHUnYr1DLUsxgnX4llHm3xOrzp
-ZqvW5cEdlj6+SW1azQgbFrEeWH7ebK5E4GBQ8LhRWbIpo6g2kzaGKTkijrk9agMs
-ByzjRdLitbwt07VNE9cNDVv0kC1PLZcz1TgNnaOl5CABqw0yMjLO5LEXUK4BYkU=
------END CERTIFICATE-----
diff --git a/extensions/standard-processors/tests/unit/resources/localhost_by_A.pem b/extensions/standard-processors/tests/unit/resources/localhost_by_A.pem
deleted file mode 100644
index a402514..0000000
--- a/extensions/standard-processors/tests/unit/resources/localhost_by_A.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA1/8IgNpuq16MNaqaHNSCucyl0NbIFavnX+nOl+3Yu9/lHvQ6
-HY4PEU1Ma9tDOL2VON1PrFx+tJ1CTY6RDn5Ppj6pOpIeIxx1sGkxvJVeMhsmwojB
-3jQUJE6rgrUvsUr1YzvbJwwtfgr+PJD4uxS8V58kQdblNcWGZT8BMzracb3btNFn
-2n62JuXRKTUTwXxk9PEcYJdeWkUlu309dTvt8ipeygLMxUwP+oiRjTB5lDA4VydH
-qYWBi0iVPgcn5Qcxnxl3nVyTEHPszs/8fsCsqkxkhTmkyBeFAeDMoIxNDVIz92C0
-uzt2zURCBv0EOB0oIig9TTn1M27O421dYGAoIwIDAQABAoIBAHplUVs66/V9+TO7
-/eKSZZWFqvyhiPYG2HDYW7JqHCOyJvKYcIoo4s7qH4EK2ZfAjluPxUMlksMkTdsH
-C5nL57SL03eWLy+0Q9h4c6+qcJsyGY+o0TrqBfPhBH1n0KPFlzHpTDFfTDQdZJ3L
-hLb2dBeu3WvVq0MCMDsVLcfq9Lf4VIimKnufYai97p174IPovYLAhfhJiSrAVb+z
-eBBvpiBalFlZc46HaeC0pZrD4k5e5B/5J45b3KeCmmcWvjhfxaJfNAUKIK+fPtZO
-1txrN6+lEZBl3EpfUFWxfMAH73tPVUabO6Ap5OGVK2ahvBQw0UDqBMRM6o6LdX+9
-WKgcOhECgYEA74Zn61Qz2R+J1WRBlZYBAcm/w669B9Mwc/itLyOG77G8UTfqHgkp
-vjCNGEtG6doztmkaN50OuTp3/2iStLdFm1IDfJmaslZFHwsFSX9YeLPoUy3P93ri
-ePrsnnmdKqX1WBovm53kv4bqI9yY8OApD7s7inaMrX9PRbcWg60Q/KsCgYEA5tpU
-GGZEQ7R7m5/R5r5+4uZh9enoD0MDEkg0jm06N8pzk6CEzlynYwPHohkWF58C2lo2
-noufofVRJc+2MKnfL/JulCEL3dVyWVak3fnpl129BMdKJ9ZDsMlAlWeYqP0b9dwE
-Mye1r5ef8rJ8fLBeb8jZrM3+Tlh9OwV7dV7tkmkCgYBMr2VZ7G1lGDnSvfRZZdsQ
-rXzds3YFqVGb74PS0bcDyo2WGyazUw+wOm8R1hfwCtH/loq0P25VUyjT9rDxdrOs
-VIeVPsBOVFxw4eBhdYnnqwG4j7RDcW5MeVmEKz9sRhHUkR2o3tY7k4Am1xuIEtxS
-kwku/WFwso+4rDNjGOeVXQKBgQDj+ZgywEuJ0SKAfUP8awNDb+AtyeCxsavG0ieU
-v6lOj0+z6kE8yaND1OfA3KVEjnNyzsRBrgDnICwS+x0g0aDm6LLq9feSCsfyEe6e
-h753DMstfOFuldojK5vr73KC7/I8yhobqotx7Hq4Yistt76LBf5w+Ly7Aggp0TAq
-qKRUgQKBgDDzyJ8fvVYh/UzI/efY/nhIwkeD3KErszrnle39rKkFfaRaHM66IYF4
-5+1q3UdKGLdt6k1S4B3aLZxAVt7F6SzTFd3amGDJNi0Om0MJ8LnftUL5uBzTloem
-GB+XehWJz0NJcDLdTXN86f1j2LZUEiFR62nSt0uwq3mwMuGrqaEG
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDITCCAgkCFDA8Dkntpi2PSSJDZGYjjG03qNbnMA0GCSqGSIb3DQEBCwUAMFQx
-CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UECgwNRXhhbXBsZSwgSW5j
-LjEgMB4GA1UEAwwXQ2VydGlmaWNhdGUgQXV0aG9yaXR5IEEwHhcNMjIwOTE5MDkw
-NTM3WhcNMzIwOTE2MDkwNTM3WjBGMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0Ex
-FjAUBgNVBAoMDUV4YW1wbGUsIEluYy4xEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANf/CIDabqtejDWqmhzUgrnMpdDW
-yBWr51/pzpft2Lvf5R70Oh2ODxFNTGvbQzi9lTjdT6xcfrSdQk2OkQ5+T6Y+qTqS
-HiMcdbBpMbyVXjIbJsKIwd40FCROq4K1L7FK9WM72ycMLX4K/jyQ+LsUvFefJEHW
-5TXFhmU/ATM62nG927TRZ9p+tibl0Sk1E8F8ZPTxHGCXXlpFJbt9PXU77fIqXsoC
-zMVMD/qIkY0weZQwOFcnR6mFgYtIlT4HJ+UHMZ8Zd51ckxBz7M7P/H7ArKpMZIU5
-pMgXhQHgzKCMTQ1SM/dgtLs7ds1EQgb9BDgdKCIoPU059TNuzuNtXWBgKCMCAwEA
-ATANBgkqhkiG9w0BAQsFAAOCAQEAJUfkmbPE2mrHu12gmsm6nSU7M1l1KELzMTRH
-eZf2NYaqLOOqlz7McsKgu5LJTRmEXi9ufUC1HQfKJLOaj2LkLmVgKzTrP33GQ4wf
-a7WOLeWs90kbiXV71iBBBXEuusMnMzuvBbcJTohwI5/svwCqEISpnSpVLi66dAej
-BTTT0MD5KZWcznMeD/nOMIu+5j0tNBGdCHwLXxbmyuqzBFmMmAJAm9WILGhAZGKk
-5IXbHrZYMEOMXoY2e/NnaMK9Q81q1YgeXZWBKLTF2g3RSrKFm84jBouPR1j7qmsr
-xST6nM0Ngr28dzYCLxOY7p6xqYVo6rxxMfSz2jkM6pycLgwy/w==
------END CERTIFICATE-----
diff --git a/extensions/standard-processors/tests/unit/resources/localhost_by_B.pem b/extensions/standard-processors/tests/unit/resources/localhost_by_B.pem
deleted file mode 100644
index 0912e95..0000000
--- a/extensions/standard-processors/tests/unit/resources/localhost_by_B.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAwfjLXc6dHBaYsoWQaqsqwhJY68G7+35NVIU8BAKabHcUN5us
-IWieeg2Po1CPLoBfyfAq+06fj1T8D/3irUD/EB3QvDx1gCc+zY9BobIJKLi3Xeit
-zE7gEDDV1FFw8E2fBAptTMn/1GXyD5xsE9HQvtTffgELNXzl5Zp6pS5V6oN2X9Np
-3lExRFMmrEZmKuZMhA4UjLahA21Hv8GNlI4tqFazj6/timvSJHtqVGruhm/PAw7F
-1lOZ34t6/h/suayqRpDSZF+E7gnaFL8px/tpQwpLfHEixiMXjVrGBJRFnvHH8sdR
-wpU2mSR4j6KoUxS1wbW0iiOim3Fwy7vOd3ezvQIDAQABAoIBACWGAaFmBNKYNHXk
-jKl171GXxwfkdH8UUdVV6ORFtKXi61BOlx/nYzDtSqonPWubfexMv6PZ89gAcrqN
-PLqTZkQx4F1pvLlL3kRZwDKNhGQSR7as+mIZqBK5v8PQ9W4nNenMMpS2Rv1Js2f9
-tJKo9h7Ug1+WyBpSzQ57sdoeepRg/9pA489XjdqPIuyDSydhCEqqVe7slU62q1d+
-AjxTZ5tmD8dnbV0TWOphvBM8bVQc4UA/eMGIrS0jbkDLIuT63ZrPzVtaEqYK56O4
-IsWjaweFeIUJhtSyZ8/OA+7kqndxEZLCBY4XmUt+z2tyqtNg7rPcOwD04LWBPjW2
-KV60DOkCgYEA4+6kg8G098u7EkilpkuAmgnskm8Lw7Ic8IhJa8n7UVLFg4PNuPz9
-dcYcpy2wSu5CzSqNWNe9lePXX7VGVpSLvNxDg0R8L3m8m0Pu5sv17RdmKKJJz9D3
-kYCPgm6qitoTOKK2hOEiqVHzS4RydjaouyZDTFs1U/eHOkmR33JMP4MCgYEA2duV
-HKBwgP2PxVKUwwyqPK4spHVAfGh0cZWzTShvfB8DiLO9RyjmD9g9HMlEqc2FI9O5
-vhEsrWbVHQQ/kJHPLTCF7OKYYR+K9b8rezRvcQuvxCOnOcsatpahl5Fgt2o28SDn
-eu/2dh2NmTrM4jqNx4tvha5EVXUmbr7Qf+dgm78CgYEA0Kk7elLutJqRm19eJiqg
-hGPpavS1tGVuENTzQfYaWIyJvKgAwQT5k8PVn0Y4SaBtDx2RYG/AY2O9WyS8S66Z
-bj/Gnnknpt6vRwSdxDOb43y0TSako9cNjOpAdouRHKQfTI3IwUTJUnBvZgbOMmI/
-fXS9zz0ASOolpbqMDB66prkCgYB7CCHul8DRZ+EQq7FtcbKWMDrv6XOwjoDsQIGQ
-2nwTWaRySCdlj3hVjGX+4r9PMcy1zfVAnIxhpQhHqcWIDIA24gdQHyu09c5ROFQC
-8TraWaI6n3PqFISShwDdCvHWwzoh9NYlPG0wiUIVPfrE7BJzlZA2q5LVvCInOsWe
-5flOGwKBgCOyshMpw8FPCuNE8gEONH7aQ03MphLGzMcDVD7rl3I8d35z/IRhNgas
-V+I+Cfp6Tde7Ad8fNXX7ogoxxX/1UvkWGKg70ogqW9cKBqLsy7Pa+JMH201roJWR
-aODbnz02V1pQ8MBT4u7QG6PNyyue5W6h/2ADZCYvQJM8lrppKFE+
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDITCCAgkCFDYWRAThkKd/J+oMW7tZBqEPx4XOMA0GCSqGSIb3DQEBCwUAMFQx
-CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UECgwNRXhhbXBsZSwgSW5j
-LjEgMB4GA1UEAwwXQ2VydGlmaWNhdGUgQXV0aG9yaXR5IEIwHhcNMjIwOTE5MDkw
-NTM3WhcNMzIwOTE2MDkwNTM3WjBGMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0Ex
-FjAUBgNVBAoMDUV4YW1wbGUsIEluYy4xEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMH4y13OnRwWmLKFkGqrKsISWOvB
-u/t+TVSFPAQCmmx3FDebrCFonnoNj6NQjy6AX8nwKvtOn49U/A/94q1A/xAd0Lw8
-dYAnPs2PQaGyCSi4t13orcxO4BAw1dRRcPBNnwQKbUzJ/9Rl8g+cbBPR0L7U334B
-CzV85eWaeqUuVeqDdl/Tad5RMURTJqxGZirmTIQOFIy2oQNtR7/BjZSOLahWs4+v
-7Ypr0iR7alRq7oZvzwMOxdZTmd+Lev4f7LmsqkaQ0mRfhO4J2hS/Kcf7aUMKS3xx
-IsYjF41axgSURZ7xx/LHUcKVNpkkeI+iqFMUtcG1tIojoptxcMu7znd3s70CAwEA
-ATANBgkqhkiG9w0BAQsFAAOCAQEAPa5w9kshcNgeOdsWJnKrGy31Jmhbi00a0ue0
-PSv1K49wvRIiHjk49DhOjHLRDoyEZ6AHme4dJIZ7G4GL4dKyW8eVi22nCN/2G6+u
-vssUXXNTTnaOXIXVVtnyTeMr4JHcysn0wMsMsApCvkpyB2euC+uvA8ppvfr6Zdng
-3okbQGhTvhkBZM2/jbtPb8O1XzXepPeYlXMiOcRsSA4oy5sYi8BFXuODCtH2qJD4
-zuSGEpWrDbzqUPGmXSoLALzpObI4v2yDLgrYZMMfOXOmtmeD1gfyIptl/pSeAko8
-lXxhgAY2ef2P1j2SCMIwNTPtIIrqJLmCt7EUWXjSpnnEIWP6bA==
------END CERTIFICATE-----
diff --git a/libminifi/include/utils/net/AsioSocketUtils.h b/libminifi/include/utils/net/AsioSocketUtils.h
index 9ae5312..a9173e0 100644
--- a/libminifi/include/utils/net/AsioSocketUtils.h
+++ b/libminifi/include/utils/net/AsioSocketUtils.h
@@ -60,7 +60,7 @@
asio::awaitable<std::tuple<std::error_code>> handshake(SslSocket& socket, asio::steady_timer::duration);
-asio::ssl::context getSslContext(const controllers::SSLContextService& ssl_context_service);
+asio::ssl::context getClientSslContext(const controllers::SSLContextService& ssl_context_service);
} // namespace org::apache::nifi::minifi::utils::net
namespace std {
diff --git a/libminifi/src/utils/net/AsioSocketUtils.cpp b/libminifi/src/utils/net/AsioSocketUtils.cpp
index 8eeb61f..15141fa 100644
--- a/libminifi/src/utils/net/AsioSocketUtils.cpp
+++ b/libminifi/src/utils/net/AsioSocketUtils.cpp
@@ -30,10 +30,11 @@
co_return co_await asyncOperationWithTimeout(socket.async_handshake(HandshakeType::client, use_nothrow_awaitable), timeout_duration); // NOLINT
}
-asio::ssl::context getSslContext(const controllers::SSLContextService& ssl_context_service) {
+asio::ssl::context getClientSslContext(const controllers::SSLContextService& ssl_context_service) {
asio::ssl::context ssl_context(asio::ssl::context::tls_client);
ssl_context.set_options(asio::ssl::context::no_tlsv1 | asio::ssl::context::no_tlsv1_1);
- ssl_context.load_verify_file(ssl_context_service.getCACertificate().string());
+ if (const auto& ca_cert = ssl_context_service.getCACertificate(); !ca_cert.empty())
+ ssl_context.load_verify_file(ssl_context_service.getCACertificate().string());
ssl_context.set_verify_mode(asio::ssl::verify_peer);
ssl_context.set_password_callback([password = ssl_context_service.getPassphrase()](std::size_t&, asio::ssl::context_base::password_purpose&) { return password; });
if (const auto& cert_file = ssl_context_service.getCertificateFile(); !cert_file.empty())
@@ -42,4 +43,5 @@
ssl_context.use_private_key_file(private_key_file.string(), asio::ssl::context::pem);
return ssl_context;
}
+
} // namespace org::apache::nifi::minifi::utils::net
diff --git a/libminifi/src/utils/net/TcpServer.cpp b/libminifi/src/utils/net/TcpServer.cpp
index c443bf3..a6b957b 100644
--- a/libminifi/src/utils/net/TcpServer.cpp
+++ b/libminifi/src/utils/net/TcpServer.cpp
@@ -66,7 +66,8 @@
ssl_context.set_password_callback([key_pw = ssl_data.cert_data.key_pw](std::size_t&, asio::ssl::context_base::password_purpose&) { return key_pw; });
ssl_context.use_certificate_file(ssl_data.cert_data.cert_loc.string(), asio::ssl::context::pem);
ssl_context.use_private_key_file(ssl_data.cert_data.key_loc.string(), asio::ssl::context::pem);
- ssl_context.load_verify_file(ssl_data.cert_data.ca_loc.string());
+ if (!ssl_data.cert_data.ca_loc.empty())
+ ssl_context.load_verify_file(ssl_data.cert_data.ca_loc.string());
if (ssl_data.client_auth_option == ClientAuthOption::REQUIRED) {
ssl_context.set_verify_mode(asio::ssl::verify_peer|asio::ssl::verify_fail_if_no_peer_cert);
} else if (ssl_data.client_auth_option == ClientAuthOption::WANT) {
diff --git a/libminifi/test/resources/certs/alice.key b/libminifi/test/resources/certs/alice.key
new file mode 100644
index 0000000..a04193e
--- /dev/null
+++ b/libminifi/test/resources/certs/alice.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDO+RtHe+aUWFIg
+HyMSuFW//0fWd4jYe8SaMnMV1ZkirtTgkycGcEIV6/4Ep095Cht9qjMHh2zxyfrB
+WpZDPt4w2j3pTsf0e3Q1QR0xvlDvA3tF7Zsv43iCZMs0wsbteiFth/syvtcH4N/X
+Qu4h32s+8fIgvWZ9SfZZI1kOuWEL9Js80XyBS5B3Z8OszBZDMZLzbSslxczy58LY
++jHAprFE5ffOa+ZVmgHptSxRWx5xh0t9wjHRvbP6S2+jxy1xsD79m73lsrxmX0Qh
+WBXIS3/vTcdGguoyMaq3ATVGEPDVKjK/qfQdKblMFA00a4YHHbRfhBDH6p8dkDYD
+0xBmtLerAgMBAAECggEADb9MCY54PUg0hD+tM7Qctfj9y4f7Be4Km/dX345lcoFM
+UHJVuD7ClPQs1iBKzg5Wzxz78LcVDGZPCoK60lKdrX8Bd7qs21dL27Gsf75VX9rK
+WFW05hRkz7xkJuf9EI75I25RyAgW/kX4eDLQ4F0XoYGuhHAwG4hLHZaUdr7nbES/
+Z5bBYcrcjdn1SKinFNH9hMaLHvY7nvnYFAneZ2bXypjxoinyvCOM1fWQPdXVTrtq
+dZCETegNH5428hRRzS1j16PT2xgP5z5AraJAdAkpk/9BKsUrmL93CQxBoYGenD1H
+c7JHv8C2v7HsOe+cmpCTe7k7BkbGo5dzrjEnzo9N4QKBgQDs4owvRm6MQQ0zevOc
+qDp/X43LL2GvwJNV96XRgTVvxRcjG2njiSolZnIQe0bU2fRXVaFWiGcwg19WahOp
+aZ5zKudV9AGTzzF0Hf0N7XY5LZdH+OD0GGvHTdft0L8O1kKR87h7/TbYMUpVZOeq
+gkqR+J6k0r0GDap6f8OheOrLGwKBgQDfrKd1EicJstMOmZcX8/DDjQwEir94dRxR
+PxNsduK/ccSVlvrmn5th3SjAAqcgr5W04NodqHi9PETPSK6kOu3NpPhNbOdhrVdW
+SHYjESMp3yCy0cJJBxFatMYV5Th4UooFTe3bCpLQJK/2vuGgss24lcja1/YWEhFp
+jj57PKV+sQKBgFlzw1Qm2KAGAKIsD8pcjJqEztqnbdAcfIa+GdPfYvpuBqqvM3FE
+3rF42iH3K2w9UdOY9m/i2nSrZ1kOfZY/2CHNVcZTejUCzL34hRK5VSeKW9JF3UzP
+3ANLFfssFLnZlxHeYxAPMqK5GkTc8c6lnNs6c03ydobOqk3P6WQUcTV5AoGAX2DW
+P3uwHdidWzpvTY19+0Un/L/Vid4WZybId5XydsRimY86CiHBNmgCOm5nKe71nZ3M
+JJ10bu1GQkWyAuIGCYzxPMLVn7c06NwZVDa4keBNpzL+7/kNk2pGlYubGuPHax+h
+76eAlzUtu8AFomrcgnuMnJU+oIav2h0H07E2uOECgYBrvVWVwFmkhblFu7K20VU4
+DqJvHds+hDeEdq05j4vDFH2uMl7CCcpahIIPyhIE9VUcfNXzSRHcrD7m0QV96J9q
+9nEQiWF0w5lr2kYV8geo+S1ghbvLDRNnueoHuhmAKH6bKnPrQsAup8Opwsu5nezw
+HzGZpAnE316ikd0je/MugQ==
+-----END PRIVATE KEY-----
diff --git a/libminifi/test/resources/certs/alice_by_A.pem b/libminifi/test/resources/certs/alice_by_A.pem
new file mode 100644
index 0000000..0612c47
--- /dev/null
+++ b/libminifi/test/resources/certs/alice_by_A.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICnzCCAYcCCQDvzcYL0ZuT9jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj
+YV9BMB4XDTIzMDYyOTEyMzMxMFoXDTMzMDYyNjEyMzMxMFowFDESMBAGA1UEAwwJ
+YWxpY2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvkbR3vm
+lFhSIB8jErhVv/9H1neI2HvEmjJzFdWZIq7U4JMnBnBCFev+BKdPeQobfaozB4ds
+8cn6wVqWQz7eMNo96U7H9Ht0NUEdMb5Q7wN7Re2bL+N4gmTLNMLG7XohbYf7Mr7X
+B+Df10LuId9rPvHyIL1mfUn2WSNZDrlhC/SbPNF8gUuQd2fDrMwWQzGS820rJcXM
+8ufC2PoxwKaxROX3zmvmVZoB6bUsUVsecYdLfcIx0b2z+ktvo8ctcbA+/Zu95bK8
+Zl9EIVgVyEt/703HRoLqMjGqtwE1RhDw1Soyv6n0HSm5TBQNNGuGBx20X4QQx+qf
+HZA2A9MQZrS3qwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCFxa4e/l3OP8n9H0uL
+nkESNPgkyZsKh6TY3ODRz7JS8Pq6Geqh3Y85ID5Yv2zuDislDtLDjeDYDfBYnJp1
+YQfgWQ3yB8kAcCdL8rj8eeGr21fja6A9FZiI9q8bf76haB7mRNg3yhoZo6D9AhhR
+Tb6vVUIkkwsH4zDa+SELQiQ3feCcOwdODdMJWuZLYCzWSbw59q8Z1CILHri0Dxh7
+oRnB2H1G7T0pyARBGYlMnQ/GRxgxpOhnZBXGgJ8DZpGFUAOXSAA83ekUq2cYzkZk
+UKugErpcRqqqwE8m7neZkjLdKMtv0vWFj0Ze6IfJZvl1FKHB5fsoWn0RxECX2ULi
+PcjT
+-----END CERTIFICATE-----
diff --git a/libminifi/test/resources/certs/alice_by_A_with_key.pem b/libminifi/test/resources/certs/alice_by_A_with_key.pem
new file mode 100644
index 0000000..9c86b92
--- /dev/null
+++ b/libminifi/test/resources/certs/alice_by_A_with_key.pem
@@ -0,0 +1,45 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDO+RtHe+aUWFIg
+HyMSuFW//0fWd4jYe8SaMnMV1ZkirtTgkycGcEIV6/4Ep095Cht9qjMHh2zxyfrB
+WpZDPt4w2j3pTsf0e3Q1QR0xvlDvA3tF7Zsv43iCZMs0wsbteiFth/syvtcH4N/X
+Qu4h32s+8fIgvWZ9SfZZI1kOuWEL9Js80XyBS5B3Z8OszBZDMZLzbSslxczy58LY
++jHAprFE5ffOa+ZVmgHptSxRWx5xh0t9wjHRvbP6S2+jxy1xsD79m73lsrxmX0Qh
+WBXIS3/vTcdGguoyMaq3ATVGEPDVKjK/qfQdKblMFA00a4YHHbRfhBDH6p8dkDYD
+0xBmtLerAgMBAAECggEADb9MCY54PUg0hD+tM7Qctfj9y4f7Be4Km/dX345lcoFM
+UHJVuD7ClPQs1iBKzg5Wzxz78LcVDGZPCoK60lKdrX8Bd7qs21dL27Gsf75VX9rK
+WFW05hRkz7xkJuf9EI75I25RyAgW/kX4eDLQ4F0XoYGuhHAwG4hLHZaUdr7nbES/
+Z5bBYcrcjdn1SKinFNH9hMaLHvY7nvnYFAneZ2bXypjxoinyvCOM1fWQPdXVTrtq
+dZCETegNH5428hRRzS1j16PT2xgP5z5AraJAdAkpk/9BKsUrmL93CQxBoYGenD1H
+c7JHv8C2v7HsOe+cmpCTe7k7BkbGo5dzrjEnzo9N4QKBgQDs4owvRm6MQQ0zevOc
+qDp/X43LL2GvwJNV96XRgTVvxRcjG2njiSolZnIQe0bU2fRXVaFWiGcwg19WahOp
+aZ5zKudV9AGTzzF0Hf0N7XY5LZdH+OD0GGvHTdft0L8O1kKR87h7/TbYMUpVZOeq
+gkqR+J6k0r0GDap6f8OheOrLGwKBgQDfrKd1EicJstMOmZcX8/DDjQwEir94dRxR
+PxNsduK/ccSVlvrmn5th3SjAAqcgr5W04NodqHi9PETPSK6kOu3NpPhNbOdhrVdW
+SHYjESMp3yCy0cJJBxFatMYV5Th4UooFTe3bCpLQJK/2vuGgss24lcja1/YWEhFp
+jj57PKV+sQKBgFlzw1Qm2KAGAKIsD8pcjJqEztqnbdAcfIa+GdPfYvpuBqqvM3FE
+3rF42iH3K2w9UdOY9m/i2nSrZ1kOfZY/2CHNVcZTejUCzL34hRK5VSeKW9JF3UzP
+3ANLFfssFLnZlxHeYxAPMqK5GkTc8c6lnNs6c03ydobOqk3P6WQUcTV5AoGAX2DW
+P3uwHdidWzpvTY19+0Un/L/Vid4WZybId5XydsRimY86CiHBNmgCOm5nKe71nZ3M
+JJ10bu1GQkWyAuIGCYzxPMLVn7c06NwZVDa4keBNpzL+7/kNk2pGlYubGuPHax+h
+76eAlzUtu8AFomrcgnuMnJU+oIav2h0H07E2uOECgYBrvVWVwFmkhblFu7K20VU4
+DqJvHds+hDeEdq05j4vDFH2uMl7CCcpahIIPyhIE9VUcfNXzSRHcrD7m0QV96J9q
+9nEQiWF0w5lr2kYV8geo+S1ghbvLDRNnueoHuhmAKH6bKnPrQsAup8Opwsu5nezw
+HzGZpAnE316ikd0je/MugQ==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICnzCCAYcCCQDvzcYL0ZuT9jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj
+YV9BMB4XDTIzMDYyOTEyMzMxMFoXDTMzMDYyNjEyMzMxMFowFDESMBAGA1UEAwwJ
+YWxpY2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvkbR3vm
+lFhSIB8jErhVv/9H1neI2HvEmjJzFdWZIq7U4JMnBnBCFev+BKdPeQobfaozB4ds
+8cn6wVqWQz7eMNo96U7H9Ht0NUEdMb5Q7wN7Re2bL+N4gmTLNMLG7XohbYf7Mr7X
+B+Df10LuId9rPvHyIL1mfUn2WSNZDrlhC/SbPNF8gUuQd2fDrMwWQzGS820rJcXM
+8ufC2PoxwKaxROX3zmvmVZoB6bUsUVsecYdLfcIx0b2z+ktvo8ctcbA+/Zu95bK8
+Zl9EIVgVyEt/703HRoLqMjGqtwE1RhDw1Soyv6n0HSm5TBQNNGuGBx20X4QQx+qf
+HZA2A9MQZrS3qwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCFxa4e/l3OP8n9H0uL
+nkESNPgkyZsKh6TY3ODRz7JS8Pq6Geqh3Y85ID5Yv2zuDislDtLDjeDYDfBYnJp1
+YQfgWQ3yB8kAcCdL8rj8eeGr21fja6A9FZiI9q8bf76haB7mRNg3yhoZo6D9AhhR
+Tb6vVUIkkwsH4zDa+SELQiQ3feCcOwdODdMJWuZLYCzWSbw59q8Z1CILHri0Dxh7
+oRnB2H1G7T0pyARBGYlMnQ/GRxgxpOhnZBXGgJ8DZpGFUAOXSAA83ekUq2cYzkZk
+UKugErpcRqqqwE8m7neZkjLdKMtv0vWFj0Ze6IfJZvl1FKHB5fsoWn0RxECX2ULi
+PcjT
+-----END CERTIFICATE-----
diff --git a/libminifi/test/resources/certs/alice_by_B.pem b/libminifi/test/resources/certs/alice_by_B.pem
new file mode 100644
index 0000000..2a7a9db
--- /dev/null
+++ b/libminifi/test/resources/certs/alice_by_B.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICnzCCAYcCCQCyCG61QRF+6zANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj
+YV9CMB4XDTIzMDYyOTEyMzM0OVoXDTMzMDYyNjEyMzM0OVowFDESMBAGA1UEAwwJ
+YWxpY2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvkbR3vm
+lFhSIB8jErhVv/9H1neI2HvEmjJzFdWZIq7U4JMnBnBCFev+BKdPeQobfaozB4ds
+8cn6wVqWQz7eMNo96U7H9Ht0NUEdMb5Q7wN7Re2bL+N4gmTLNMLG7XohbYf7Mr7X
+B+Df10LuId9rPvHyIL1mfUn2WSNZDrlhC/SbPNF8gUuQd2fDrMwWQzGS820rJcXM
+8ufC2PoxwKaxROX3zmvmVZoB6bUsUVsecYdLfcIx0b2z+ktvo8ctcbA+/Zu95bK8
+Zl9EIVgVyEt/703HRoLqMjGqtwE1RhDw1Soyv6n0HSm5TBQNNGuGBx20X4QQx+qf
+HZA2A9MQZrS3qwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAUik/MA1SzDrLvTnP7
+WZuw1e7/DYIYvZTWajxImbvnqyHVUZSVwUCZEoLlXAHnGBiqcf9ubwRm6VG/ZgRY
+ep/5iqLdcTG6Jlj6l4B9jyluiGc9J6XrcAGMpX6giNmG3EGgHNyI4iEIzhrQxZPk
+D/ScluroS/ISsgRYi/Hv8Pq6DaPLZ60UoEohthgaEfCppBeZqBmAL3JhbXQpwxrY
+yX7RlX7h8+vtezwbuzaol1304zPA1uXdRXc+s8gBKTGyvn6Acj4Ccjwu0C9S5wUH
+Qv76mSKIS+Pm95AxpV593QA3vPiH1tLKGIprXkyMWSNoW84patUd/pGKbUTeQe7x
+Pkyc
+-----END CERTIFICATE-----
diff --git a/libminifi/test/resources/certs/alice_encrypted.key b/libminifi/test/resources/certs/alice_encrypted.key
new file mode 100644
index 0000000..a46765e
--- /dev/null
+++ b/libminifi/test/resources/certs/alice_encrypted.key
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,08109FEC248D265FE691B5931CF2BD34
+
+0wrzUTpaogk81yOSrv/wyMyV79fwVA+r2IM3KqhL934s8K1Im0HuGh73kv4NKJdW
+DvUreIPJeozCnxXpwHU6sjOz6kRYxadeImCc3WHXN3X4YBz2sdoVAw9k0SmbzUZ2
+iUR0R1Q/TTrbdHd/7z8Jascka6jsxOVWiUzqqzzNUj013ghdKzxPuiHL4d+sMJbg
+UVA/xi47XK7ytgI3axBLEZaKPxhpf8hHPRi0jRu6nvuL1qjNIAjgEz/fE+xn9gwL
+MPsEotMP11u4zM1eVMf/HVwLa97WDUAxRN2KcTwjpR7XivdwPgIHMAJEvDcfap1b
+B0ntg5MdbAGKI//4oH96Ts0ZDrBn5swtfQokpATRVmZLPkxQw7WNRWwo/KUKAGve
+zPJj9bXSGTo/4/rZVaqHMQjQBS6/Hla10W3PPnk+KupGKgLuRpzPIDUACQybhRMA
+JvmCuJiCGFQT20bE9tAQbRHz4rxC7fgWsWSN6HtYqaNqJ8TO0lLtrBYCv5Am6BiR
+PgLo4o5f23HYwI84YO65Pv2qoZg8OxLaKUhGpBXN6TFqr0dJ6gNeZ1O5uTNtIwLx
+KIENUf4jXFIPakae8MVEyk3LtdZxeSK6MmklYrbbDXNlVJIFdNVoHYS2aY9aZ7sH
+6/XrdA/o5FXURb119IefwsX2iLB7TUZ7CvGkxgMrFLRA8MYoNIuUKntM8eVm8Xft
+WxH81Efq0F5KJp0I/eOPinZG840j4Vfest7UQTiQvZsQ4sg0E/gibY0iEw9S2LgG
+sJq4uaBIMSFee2zQx5cOSvCTbJLC8XUARgd7yH/mAjYatWdJw3MqOH2r0U0c7qcW
+QWtLE2u+VGizlepjfaEpuNdXF/EFViHmBceO1ifpt42x5gIHAL0HxpUvCKQ2N1w8
+mre1aTcoCUzwCK/3G7rTer/De0Kozu+Dt2GE4PLT1IaoE7Fncl+Pa5PJU96d9Ajs
+/3Kj3tE8e6vu/XOW5K+bBPsg0PpqND1T79PcKO33z2RGpKCUZ3u0GiDb8mks9tcc
+YgkqdAbh/cFP4mkR156W5ao2hz8p44HmYKMQpNXc31TMntnhRwdD1nU+QTZsmYph
+OWtiY3PA9ZZhhH/scyMHrCCS22BKhrxpnwcKVEn2ZxQ1hqUKgN/hJ9dHlck97MfW
+BcjJHRYAyJV9zqqHxFL/swl2Hg8i541+uRVh/WFVJwf6nHm/piWMaUbZRFaBXuPT
+SnI9N+l7hBNC4cg/a1K6+vdZhIr6mNEbXeLC+ZVA9VmQt4sV32jtdX9dkPGq/+lJ
+CC7ZvifsUZoHpfYNoVH5i6WKttLlEMuHBHAw9plAeir2dMRYZaRSig+19Q6/RdHi
+IP5CcaQEccB+4BQMCcZmrbWXx3PRGsiJEUQ0sX9V9Y+CvtP9S5Tob44J1eyjtXWg
+O/ipenehEvZ+4966JW125XK2/SvIam+IeSpuuWwWdABGeTHaUlVrYBefK9wkYvdF
+AyU+KkA4vt1EcNksDSwsPNtakL4hxjPtiXySmep5Gbfvktv+hqHpfoW81O7M94D5
+unmskfSETpDszpv0wcDDot4iefXuvxdEy43uKbUlWArlshIey3TcziLXJY77u/H3
+-----END RSA PRIVATE KEY-----
diff --git a/libminifi/test/resources/certs/alice_encryption_pass b/libminifi/test/resources/certs/alice_encryption_pass
new file mode 100644
index 0000000..cdbe4f5
--- /dev/null
+++ b/libminifi/test/resources/certs/alice_encryption_pass
@@ -0,0 +1 @@
+VsVTmHBzixyA9UfTCttRYXus1oMpIxO6jmDXrNrOp5w
\ No newline at end of file
diff --git a/libminifi/test/resources/certs/ca_A.crt b/libminifi/test/resources/certs/ca_A.crt
new file mode 100644
index 0000000..1caff16
--- /dev/null
+++ b/libminifi/test/resources/certs/ca_A.crt
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmjCCAYICCQC17ByVDxnzpTANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj
+YV9BMB4XDTIzMDYyOTEyMjY0OFoXDTMzMDYyNjEyMjY0OFowDzENMAsGA1UEAwwE
+Y2FfQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALVjjU9xyCWB+/3d
+2/dEGg+kJKDNs9ASzIGYunNeEsF13F5HOaSqWl28tjfysUpnFUCZbsPPP9xLLXaq
+e/u9wkvVIJARWRwmpOS3cRv/brifZhG4m/wlqDEfJrczBbLvn/K6SVCH+CdmJaZr
+xIBG//YtJqrAALkB+fC8rhBgq+ASO834WqR7P6ksLKF03eMzmVB544te/7k+3mP8
+sqwxtFwnnSKiHrlopzVlRvAOa0kTMDz54Y2bcEcKCWJZz3eMFxE6sZQqmsuzwYW6
+qMas1N3MTvIxun5xqytWLYdvWeCvCIxybxGykEeZExqxFrba8pQmbt8kg2kOFhaM
+GeeCImcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAOYDtAOICWru+fonBvL3bMYQY
+cmiW3uaWP1XqrdBoO4bEFi25mUJ+TDEMICLFMAQUlzQ2VNEWy0I+IfXgcB7//S4e
+N3gafSG8i/hzoOtRReAnfUUm9DKkFyn7yaDmFUMSrdYahNixgztTtos29QnmPT4P
+AF0xFthotm9bhocAJ+ZlP0Kl1yWxDlER6W+98ZdZ+mzqgW2rTfN54W2heIeU1D3M
+VkU42Xeh6t6rPVSt03k8gpbkEjhHBBvprcH8Lhz8g3tuYyRyIkLDIR7cvr6S9f3o
+4uUMtcxwezV90oVt2vIyZc8AadqXmfLcQfz0/kYQIt354nr+SIxGf5YsoYf+8w==
+-----END CERTIFICATE-----
diff --git a/libminifi/test/resources/certs/ca_B.crt b/libminifi/test/resources/certs/ca_B.crt
new file mode 100644
index 0000000..d5b49e4
--- /dev/null
+++ b/libminifi/test/resources/certs/ca_B.crt
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICmjCCAYICCQCIztoeYsVvbDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj
+YV9CMB4XDTIzMDYyOTEyMjcxOFoXDTMzMDYyNjEyMjcxOFowDzENMAsGA1UEAwwE
+Y2FfQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANh+jkwqIfC2yPP9
+YjLcOojib04MD5FLK/tVlr2RXVjmBADEV2iITKpXNSHjwQ1QreK9VVN9kK3VLuUI
+d1EdClrNGMyr6aYFF/xyZ40awh0Z7susAEXizPhSYoXZxjFbzuXg9Zj4jspuVvuA
+/jR2I6+tYoez7hQDgZQqE086jf+0BGv9Mm0lM7iWoQh3zBWYWqn+fW1ToeTR9ty8
+WUlgEAhRgcGGJBL52sQUAchA+E3z3l83hJM9rvsd1CRY3U0agEghRArRtm9no8BG
+Drjam7+nq+qx7VdkXcZgwPME9tOHyJqKV4E1BzcZYVC+sWRXABPOUaW7wVAylHxf
+v3sT6RMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAecURppGUyRYQGFITTiNSTkrj
+vc2kz0+/VDgSTEA7+Cp8HsXD06BlCAQpGlhgcpHGSGWF/uOErGIZl648UwzTUQcH
+MvcLyh5H2afvGPCVTC3q0sxbRp8vvEy5DgTcmTuM3UgGrGBGsl4X90P9auBbgLCt
+ohyy+yVNTofSFU5kqCxlI05s4msLoNnXKv0/SAeJQJIisPXvA8ZseA5nUXiSRnbq
+l/caniJei/89awuC30K8qZ3fK0E4QWb0sw8St8s5UmsIIHDxi29LOHq7F7jlRVVO
+Rah+LCABeD8vTlghUk4rWRTc3/gg7CuDm7+il5P9bSaR1BbQyZs0aRM4NRg6Sg==
+-----END CERTIFICATE-----
diff --git a/libminifi/test/resources/certs/empty_pass b/libminifi/test/resources/certs/empty_pass
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/libminifi/test/resources/certs/empty_pass
diff --git a/libminifi/test/resources/certs/localhost.key b/libminifi/test/resources/certs/localhost.key
new file mode 100644
index 0000000..4c1beed
--- /dev/null
+++ b/libminifi/test/resources/certs/localhost.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCePQLOSzxgmcxT
+gD0l66PiuFiIHowXb29ulVP9ilFwm1Z+GfmhGuCPcAUPWm74QjbZESQpX5xTdhoE
+4NIaChS3+A0w1ic2vKDa/nDYJGiSulabrgHHtUQXc96aTgqXEmjBCg9kEyGULEZU
+D/pUCEMSD65i+5nslS2rl41OvRSFUlo6gwOGLA6Nwy6oJPePgPz9+pqA7iNrMVA2
+7TThRWB30CjZJTXEHi+Y0TnOhCMg5KTTO1jUQ66zlcwQfUDUcY3bdqoMnv6GgZoD
+y0x/LRyK3M8DHzLhRQBXKEUQfGy/6CkbBYNH5tUOiy2NDl4NauBBa4pw7R+USph2
+Y36w6exTAgMBAAECggEBAJQ5tn0jwMUEjH/TanQxDW19HYE0jCoPuqQtwWWIwczn
+1dd94XZmROBYIIVHQxfOfq5K/kK7SyZrROg46NZ3hvzloQWUNVtyyoMZQP9W65Y2
+cpaWIxi91bDaWzTT0du95N6e29f0i8nOx3pLFUTOEHXEtqgF4yPYgdVwu298ctKG
+3ugNMu/tUb58sY/zI3cjM1z+w1GlsU1K+3bM+ElQAYv1f6Ptd5qurgKUnM+WTUwB
+b59jRxjJOH0GynmvfyImmZmrx+LtMwvl2jYV7ZVq+q8iTzEn1HFiluT9ufzqNEz+
+8yhPXcTF5VLipnGtKZIVxyJ8tpo3BZdtvfli9ZvYrgECgYEAyXgninIHEyTJqBuY
+y1cCjJLeuyVKG1cavE6wV3rJ4HULxzIbETu+2zNEi3fKHSZf/KCqXFgWtG6WQxyh
+gOgrpc9+Cj7coEuQsAGyCVdTFi9OQJ/95xzfnaSiT4EPoKQK2aGTPZkmv2UEfKJO
+p6MMiMGxUSQS529erhGx0jJB9IECgYEAyRFfBZA2BbX+cA2TGxbDgGfUp6cQiFZK
+d4KNniGIjp1QQ30Z0vc4QNm7sD9x2kRIk4tAXl9vLzyRv2lcywAGCfCcHhH6Fqrc
+mv6A5eYwAtRNDTFRj9nRR8+AquFQ2lLhCa/2q9k4OUEstlp3aCeqvZS2OXAoYBmQ
+qRXiZIQiZtMCgYAdmphE0aiUeY1gNF3pUym+uj4cRchz6AK3tOBYmmRbpRdL9+Le
+T2cmEox56eo7Ck6Ecp9V3mPHs5BE4EojBPqU7L5ahw4oR7JFCpq8oKZG1kCrYlcO
+xMFfCrgG8rH3KuOlQwa9wGlfKlrUbY0dOOo4li2V/LUCaO0Cqvr0JgpnAQKBgBv1
+b2odoHVw1h2MtazpoGvFhFt/rpvWq+osXDbl4NA77cJErgeY2tihriiW2eUI47Ko
+hV3aFWLTIE0mgIG10iEltP+1bjoiriRbSV8uf/SUwtYXyoifOCutHe4lAJIrPiGT
+t1A0F05W0rnUoI/6HBLaj/AyuVqLk4L/iQiDGymDAoGARWw7KEGTGFb1OWevw4Rd
+AdKGhwaVtfKGMErLFpiTxLASAfd2hua8mj2i2H/LbAg85ig0zmSPYDBswfdvZ0h5
+OTmXX2H1njjHwbuBQe3X65JodTZlzHMHwnq+EVphJQ1N0QIK6sA466YDA6Dp0zjS
+EycWiJjvgzmujczCzCAGEtg=
+-----END PRIVATE KEY-----
diff --git a/libminifi/test/resources/certs/localhost_by_A.pem b/libminifi/test/resources/certs/localhost_by_A.pem
new file mode 100644
index 0000000..f43f1d7
--- /dev/null
+++ b/libminifi/test/resources/certs/localhost_by_A.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICnzCCAYcCCQDvzcYL0ZuT9zANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj
+YV9BMB4XDTIzMDYyOTEyMzgwMVoXDTMzMDYyNjEyMzgwMVowFDESMBAGA1UEAwwJ
+bG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnj0Czks8
+YJnMU4A9Jeuj4rhYiB6MF29vbpVT/YpRcJtWfhn5oRrgj3AFD1pu+EI22REkKV+c
+U3YaBODSGgoUt/gNMNYnNryg2v5w2CRokrpWm64Bx7VEF3Pemk4KlxJowQoPZBMh
+lCxGVA/6VAhDEg+uYvuZ7JUtq5eNTr0UhVJaOoMDhiwOjcMuqCT3j4D8/fqagO4j
+azFQNu004UVgd9Ao2SU1xB4vmNE5zoQjIOSk0ztY1EOus5XMEH1A1HGN23aqDJ7+
+hoGaA8tMfy0citzPAx8y4UUAVyhFEHxsv+gpGwWDR+bVDostjQ5eDWrgQWuKcO0f
+lEqYdmN+sOnsUwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCB2PFmhZTMxHRmzCJh
+f5upa+EcG1moZPAdZgwRFTBtUsIE3AKjDrYDcIC5yhFYtALrP2t8p0LE9uhMhsgf
+yE+0/cAS76xpfoBoz7+SN6hpO8fLqeAlw30Z33qfjPZUkQ3M91g9g2cvEQQBV88F
+9u97CdrEEUH5jxjP8v21qkbKl03pDasOuwCY5S7VBhYnGb8n9pC7ehsAinBE8KHK
+C58b7ZIPcre+a4smKe37scqWNB+Wgxc3nUGfnAcYqfkLQQs/eKcS2K8AwgUbAWdz
+0j8rTWPoPbqIu/I+zXeGG7/Ur2pnxd/NT2iZl6DzqisxLY7yojGJxSQ9jG4FuUNQ
+KPCY
+-----END CERTIFICATE-----
diff --git a/libminifi/test/resources/certs/localhost_by_B.pem b/libminifi/test/resources/certs/localhost_by_B.pem
new file mode 100644
index 0000000..13f2b1e
--- /dev/null
+++ b/libminifi/test/resources/certs/localhost_by_B.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICnzCCAYcCCQCyCG61QRF+7DANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARj
+YV9CMB4XDTIzMDYyOTEyMzc1MVoXDTMzMDYyNjEyMzc1MVowFDESMBAGA1UEAwwJ
+bG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnj0Czks8
+YJnMU4A9Jeuj4rhYiB6MF29vbpVT/YpRcJtWfhn5oRrgj3AFD1pu+EI22REkKV+c
+U3YaBODSGgoUt/gNMNYnNryg2v5w2CRokrpWm64Bx7VEF3Pemk4KlxJowQoPZBMh
+lCxGVA/6VAhDEg+uYvuZ7JUtq5eNTr0UhVJaOoMDhiwOjcMuqCT3j4D8/fqagO4j
+azFQNu004UVgd9Ao2SU1xB4vmNE5zoQjIOSk0ztY1EOus5XMEH1A1HGN23aqDJ7+
+hoGaA8tMfy0citzPAx8y4UUAVyhFEHxsv+gpGwWDR+bVDostjQ5eDWrgQWuKcO0f
+lEqYdmN+sOnsUwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB8GGSL5G9RcFyOXuQW
+nbsrXHuZJ/jIXASZ/KUDHWoj1IMYDGztvs0n/HRdoIMBEO5/N5f3jWifF9oM8QmV
+6v1jsBfWbuXDw/qNlZX5rweBIZOrbcHf+a47hFAi7vsaOUjGZfQucZWQQTtInewJ
+M0l+9iuOQwVcz8JnlVJrFDDxEckfaJJP6ubA0EPrABp9uKEbxeBRLDF9YHEps4C9
+lSxtpu+plASZ6AtyTEbgTxsrdSGECbYmK3Qpatelg7d+h4Iw6nJNpTLSE9c4tkmE
+gVWyIiLKg3mvToXaNbgTaDZXtDyK+Wi+hjztKiAiSJCSnKxYf3WwF7Dsy0riB2mE
+c9pZ
+-----END CERTIFICATE-----
diff --git a/libminifi/test/unit/NetUtilsTest.cpp b/libminifi/test/unit/NetUtilsTest.cpp
index add55e0..271f2d4 100644
--- a/libminifi/test/unit/NetUtilsTest.cpp
+++ b/libminifi/test/unit/NetUtilsTest.cpp
@@ -22,9 +22,10 @@
#include "../Catch.h"
#include "utils/net/DNS.h"
#include "utils/net/Socket.h"
+#include "utils/net/AsioSocketUtils.h"
#include "utils/StringUtils.h"
+#include "controllers/SSLContextService.h"
#include "../Utils.h"
-#include "range/v3/algorithm/contains.hpp"
namespace utils = org::apache::nifi::minifi::utils;
namespace net = utils::net;
@@ -64,3 +65,94 @@
CHECK(unresolvable_hostname == "2001:db8::");
}
}
+
+TEST_CASE("utils::net::getClientSslContext") {
+ TestController controller;
+ auto plan = controller.createPlan();
+
+ auto ssl_context_node = plan->addController("SSLContextService", "ssl_context_service");
+ auto ssl_context_service = std::dynamic_pointer_cast<minifi::controllers::SSLContextService>(ssl_context_node->getControllerServiceImplementation());
+
+ const std::filesystem::path cert_dir = std::filesystem::path(minifi::utils::file::FileUtils::get_executable_dir()) / "resources";
+
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::CACertificate, (cert_dir / "ca_A.crt").string()));
+
+ SECTION("Secure") {
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A.pem").string()));
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::PrivateKey, (cert_dir / "alice.key").string()));
+ }
+ SECTION("Secure empty pass") {
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A.pem").string()));
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::PrivateKey, (cert_dir / "alice.key").string()));
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::Passphrase, (cert_dir / "empty_pass").string()));
+ }
+ SECTION("Secure with file pass") {
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A.pem").string()));
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::PrivateKey, (cert_dir / "alice_encrypted.key").string()));
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::Passphrase, (cert_dir / "alice_encryption_pass").string()));
+ }
+ SECTION("Secure with pass") {
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A.pem").string()));
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::PrivateKey, (cert_dir / "alice_encrypted.key").string()));
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::Passphrase, "VsVTmHBzixyA9UfTCttRYXus1oMpIxO6jmDXrNrOp5w"));
+ }
+ SECTION("Secure with common cert and key file") {
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A_with_key.pem").string()));
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::CACertificate, (cert_dir / "alice_by_A_with_key.pem").string()));
+ }
+ REQUIRE_NOTHROW(plan->finalize());
+ auto ssl_context = utils::net::getClientSslContext(*ssl_context_service);
+ asio::error_code verification_error;
+ ssl_context.set_verify_mode(asio::ssl::verify_peer, verification_error);
+ CHECK(!verification_error);
+}
+
+TEST_CASE("utils::net::getClientSslContext passphrase problems") {
+ TestController controller;
+ auto plan = controller.createPlan();
+
+ auto ssl_context_node = plan->addController("SSLContextService", "ssl_context_service");
+ auto ssl_context_service = std::dynamic_pointer_cast<minifi::controllers::SSLContextService>(ssl_context_node->getControllerServiceImplementation());
+
+ const std::filesystem::path cert_dir = std::filesystem::path(minifi::utils::file::FileUtils::get_executable_dir()) / "resources";
+
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::CACertificate, (cert_dir / "ca_A.crt").string()));
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A.pem").string()));
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::PrivateKey, (cert_dir / "alice_encrypted.key").string()));
+
+ SECTION("Missing passphrase") {
+ REQUIRE_NOTHROW(plan->finalize());
+ REQUIRE_THROWS_WITH(utils::net::getClientSslContext(*ssl_context_service), "use_private_key_file: bad decrypt (Provider routines)");
+ }
+
+ SECTION("Invalid passphrase") {
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::Passphrase, "not_the_correct_passphrase"));
+ REQUIRE_NOTHROW(plan->finalize());
+ REQUIRE_THROWS_WITH(utils::net::getClientSslContext(*ssl_context_service), "use_private_key_file: bad decrypt (Provider routines)");
+ }
+
+ SECTION("Invalid passphrase file") {
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::Passphrase, (cert_dir / "alice_by_B.pem").string()));
+ REQUIRE_NOTHROW(plan->finalize());
+ REQUIRE_THROWS_WITH(utils::net::getClientSslContext(*ssl_context_service), "use_private_key_file: bad decrypt (Provider routines)");
+ }
+}
+
+TEST_CASE("utils::net::getClientSslContext missing CA") {
+ TestController controller;
+ auto plan = controller.createPlan();
+
+ auto ssl_context_node = plan->addController("SSLContextService", "ssl_context_service");
+ auto ssl_context_service = std::dynamic_pointer_cast<minifi::controllers::SSLContextService>(ssl_context_node->getControllerServiceImplementation());
+
+ const std::filesystem::path cert_dir = std::filesystem::path(minifi::utils::file::FileUtils::get_executable_dir()) / "resources";
+
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::ClientCertificate, (cert_dir / "alice_by_A.pem").string()));
+ REQUIRE(ssl_context_service->setProperty(minifi::controllers::SSLContextService::PrivateKey, (cert_dir / "alice.key").string()));
+
+ REQUIRE_NOTHROW(plan->finalize());
+ auto ssl_context = utils::net::getClientSslContext(*ssl_context_service);
+ asio::error_code verification_error;
+ ssl_context.set_verify_mode(asio::ssl::verify_peer, verification_error);
+ CHECK(!verification_error);
+}
diff --git a/minifi_main/tests/CMakeLists.txt b/minifi_main/tests/CMakeLists.txt
index 9b54bf3..16521d5 100644
--- a/minifi_main/tests/CMakeLists.txt
+++ b/minifi_main/tests/CMakeLists.txt
@@ -31,3 +31,4 @@
MATH(EXPR MINIFI_MAIN_UNIT_TEST_COUNT "${MINIFI_MAIN_UNIT_TEST_COUNT}+1")
ENDFOREACH()
message("-- Finished building ${MINIFI_MAIN_UNIT_TEST_COUNT} MiNiFi main unit test file(s)...")
+copyTestResources(${CMAKE_SOURCE_DIR}/libminifi/test/resources/certs ${CMAKE_BINARY_DIR}/bin/resources)
