WIP: TLS tests

dannykopping · dannykopping · commit 047f47f1ad1b · 2024-07-16T11:35:54.000+02:00
Signed-off-by: Danny Kopping &lt;danny@coder.com&gt;
diff --git a/coderd/notifications/dispatch/fixtures/ca.conf b/coderd/notifications/dispatch/fixtures/ca.conf
@@ -0,0 +1,18 @@
+[ req ]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_ca
+prompt = no
+
+[ req_distinguished_name ]
+C = ZA
+ST = WC
+L = Cape Town
+O = Coder
+OU = Team Coconut
+CN = Coder CA
+
+[ v3_ca ]
+basicConstraints = critical,CA:TRUE
+keyUsage = critical,keyCertSign,cRLSign
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
diff --git a/coderd/notifications/dispatch/fixtures/ca.crt b/coderd/notifications/dispatch/fixtures/ca.crt
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIESjCCAzKgAwIBAgIUceUne8C8ezg1leBzhm5M5QLjBc4wDQYJKoZIhvcNAQEL
+BQAwaDELMAkGA1UEBhMCWkExCzAJBgNVBAgMAldDMRIwEAYDVQQHDAlDYXBlIFRv
+d24xDjAMBgNVBAoMBUNvZGVyMRUwEwYDVQQLDAxUZWFtIENvY29udXQxETAPBgNV
+BAMMCENvZGVyIENBMB4XDTI0MDcxNTEzMzYwOFoXDTM0MDcxMzEzMzYwOFowaDEL
+MAkGA1UEBhMCWkExCzAJBgNVBAgMAldDMRIwEAYDVQQHDAlDYXBlIFRvd24xDjAM
+BgNVBAoMBUNvZGVyMRUwEwYDVQQLDAxUZWFtIENvY29udXQxETAPBgNVBAMMCENv
+ZGVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijVhQfmImkQF
+kDiBqCdSAaG7dO7slAjJH0jYizYCwVzCKP72Z7DJ2b/ohcGBw1YWZ8dOm88uCpsS
+oWM5FvxIeaNeGpcFar+wEoR/o5p91DgwvpmkbNyu3uQaNRvIKoqGdTAu5GUNd+Ej
+MxvwfofgRetziA56sa6ovQV11hPbKxp0YbSJXMRN64sGCqx+VNqpk2A57JCdCjcB
+T1fc7LIqKc9uoqCaC0Hr2OaBCc8IxLwpwwOz5qCaOGmylXY3YE4lKNJkA1s/HXO/
+GAZ6aO0GqkO00fxIQwW13BexuaiDJfcAhUmJ8CjFt9qgKfnkP26jU8gfMxOkRkn2
+qG8sWy3z8wIDAQABo4HrMIHoMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB0GA1UdDgQWBBSk2BGdRQZDMvzOfLQkUmkwzjrOFzCBpQYDVR0jBIGdMIGa
+gBSk2BGdRQZDMvzOfLQkUmkwzjrOF6FspGowaDELMAkGA1UEBhMCWkExCzAJBgNV
+BAgMAldDMRIwEAYDVQQHDAlDYXBlIFRvd24xDjAMBgNVBAoMBUNvZGVyMRUwEwYD
+VQQLDAxUZWFtIENvY29udXQxETAPBgNVBAMMCENvZGVyIENBghRx5Sd7wLx7ODWV
+4HOGbkzlAuMFzjANBgkqhkiG9w0BAQsFAAOCAQEAFJtks88lruyIIbFpzQ8M932a
+hNmkm3ZFM8qrjFWCEINmzeeQHV+rviu4Spd4Cltx+lf6+51V68jE730IGEzAu14o
+U2dmhRxn+w17H6/Qmnxlbz4Da2HvVgL9C4IoEbCTTGEa+hDg3cH6Mah1rfC0zAXH
+zxe/M2ahM+SOMDxmoUUf6M4tDVqu98FpELfsFe4MqTUbzQ32PyoP4ZOBpma1dl8Y
+fMm0rJE9/g/9Tkj8WfA4AwedCWUA4e7MLZikmntcein310uSy1sEpA+HVji+Gt68
+2+TJgIGOX1EHj44SqK5hVExQNzqqi1IIhR05imFaJ426DX82LtOA1bIg7HNCWA==
+-----END CERTIFICATE-----
diff --git a/coderd/notifications/dispatch/fixtures/ca.key b/coderd/notifications/dispatch/fixtures/ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCKNWFB+YiaRAWQ
+OIGoJ1IBobt07uyUCMkfSNiLNgLBXMIo/vZnsMnZv+iFwYHDVhZnx06bzy4KmxKh
+YzkW/Eh5o14alwVqv7AShH+jmn3UODC+maRs3K7e5Bo1G8gqioZ1MC7kZQ134SMz
+G/B+h+BF63OIDnqxrqi9BXXWE9srGnRhtIlcxE3riwYKrH5U2qmTYDnskJ0KNwFP
+V9zssiopz26ioJoLQevY5oEJzwjEvCnDA7PmoJo4abKVdjdgTiUo0mQDWz8dc78Y
+Bnpo7QaqQ7TR/EhDBbXcF7G5qIMl9wCFSYnwKMW32qAp+eQ/bqNTyB8zE6RGSfao
+byxbLfPzAgMBAAECggEAMPlfYFiDDl8iNYvAbgyY45ki6vmq/X3rftl6WkImUcyD
+xLEsMWwU6sM1Kwh56fT8dYPLmCyfHQT8YhHd7gYxzGCWfQec1MneI4GuFRQumF/c
+7f1VpXnBwZvEqaMRl/mEUcxkIWypjBxMM9UnsD6Hu18GjmTLF2FTy78+lUBt/mSZ
+CptLNIQJ0vncdAlxg9PYxfXhrtWj8I2T7PCAmBM+wbcGzfWTKyo/JMKylnEe4NNg
+j4elBHhISSUACpZd2pU+iA2nTaaD1Rzlqang/FypIzwLye/Sz2a6spM9yL8H9UN5
+zdz+QIwNoSC4fhEAlDo7FMBr8ZdR97qadP78XH+3SQKBgQDC5mwvIEoLQSD7H9PT
+t+J59uq90Dcg7qRxM+jbrtmPmvSuAql2Mx7KO5kf45CO7mLA1oE7YG2ceXQb4hFO
+HCrIGYtK6iEyizvIOCmbwoPbYXBf2o6iSl1t7f4wQ4N35KjQptviW5CO3ThFI2H4
+Oco2zR1Bjtig/lPKPv4TlAA4ZwKBgQC1iTZzynr2UP6f2MIByNEzN86BAiHJBya0
+BCWrl93A66GRSjV/tNikSZ/Me/SU3h44WuiFVRMuDrYrCcrUgmXpVMSnAy6AiwXx
+ItMsQNJW3JryN7uki/swI0zLWj8B+FMf8nXa2FS545etjOj1w6scoKT4txmVT0C+
+61l4KNXglQKBgQCQRD3qOE12vTPrjyiePCwxOZuS+1ADWYJxpQoFqwyx5vKc562G
+p9pvuePjnfAATObedSldyUf5nlFa3mEO33yvd3EK9/mwzy1mTGRIPpiZyCuFWGNi
+MAeueo9ALIlhMune4NQ8XqjHh2rCiqlXM3fCTtwMDe++Y+Oj/jLWTSRImwKBgDTb
+UNmCGS9jAeB08ngmipMJKr1xa3jm9iPwGS/PNigX86EkJFOcyn97WGXnqZ0210G9
+Znp7/OuqKOx7G22o0heQMPoX+RBAamh9pVL7RMM51Hu2MpKEl4y6mn+TNUlTjpB8
+vkgMOQ8u71j+8E2uvUHGnII2feJ1gvqT+Cb+bNfJAoGAJNK6ufPA0lHJwuDlGlNu
+eKU0bP3tkz7nM20PS8R2djoNGN+D+pFFR71TB2gTN6YmqBcwP7TjPwNLKSg9xJvY
+ST1F2QnOyds/OgdFlabcNdmbNivT0rHX6qZs7vYXNVjt7rmIRY2TW3ifRLeCK0Ls
+5Anq4SkaoH/ctBnP3TYRnQI=
+-----END PRIVATE KEY-----
diff --git a/coderd/notifications/dispatch/fixtures/ca.srl b/coderd/notifications/dispatch/fixtures/ca.srl
@@ -0,0 +1 @@
+0330C6D190E3FE649DAFCDA2F4D765E2D29328DE
diff --git a/coderd/notifications/dispatch/fixtures/generate.sh b/coderd/notifications/dispatch/fixtures/generate.sh
@@ -0,0 +1,90 @@
+#!/bin/bash
+
+# Set filenames
+CA_KEY="ca.key"
+CA_CERT="ca.crt"
+SERVER_KEY="server.key"
+SERVER_CSR="server.csr"
+SERVER_CERT="server.crt"
+CA_CONF="ca.conf"
+SERVER_CONF="server.conf"
+V3_EXT_CONF="v3_ext.conf"
+
+# Generate the CA key
+openssl genpkey -algorithm RSA -out $CA_KEY -pkeyopt rsa_keygen_bits:2048
+
+# Create the CA configuration file
+cat > $CA_CONF <<EOL
+[ req ]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_ca
+prompt = no
+
+[ req_distinguished_name ]
+C = ZA
+ST = WC
+L = Cape Town
+O = Coder
+OU = Team Coconut
+CN = Coder CA
+
+[ v3_ca ]
+basicConstraints = critical,CA:TRUE
+keyUsage = critical,keyCertSign,cRLSign
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+EOL
+
+# Generate the CA certificate
+openssl req -new -x509 -key $CA_KEY -out $CA_CERT -days 3650 -config $CA_CONF -extensions v3_ca
+
+# Generate the server key
+openssl genpkey -algorithm RSA -out $SERVER_KEY -pkeyopt rsa_keygen_bits:2048
+
+# Create the server configuration file
+cat > $SERVER_CONF <<EOL
+[ req ]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[ req_distinguished_name ]
+C = ZA
+ST = WC
+L = Cape Town
+O = Coder
+OU = Team Coconut
+CN = myserver.local
+
+[ v3_req ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = myserver.local
+DNS.2 = www.myserver.local
+IP.1 = 127.0.0.1
+EOL
+
+# Generate the server CSR
+openssl req -new -key $SERVER_KEY -out $SERVER_CSR -config $SERVER_CONF
+
+# Create the server extensions configuration file
+cat > $V3_EXT_CONF <<EOL
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = myserver.local
+DNS.2 = www.myserver.local
+IP.1 = 127.0.0.1
+EOL
+
+# Generate the server certificate signed by the CA with a validity of 825 days
+openssl x509 -req -in $SERVER_CSR -CA $CA_CERT -CAkey $CA_KEY -CAcreateserial -out $SERVER_CERT -days 825 -extfile $V3_EXT_CONF
+
+# Verify the server certificate
+openssl x509 -in $SERVER_CERT -text -noout | grep -A 1 "Subject Alternative Name"
+
+echo "CA and server certificates generated successfully."
diff --git a/coderd/notifications/dispatch/fixtures/password.txt b/coderd/notifications/dispatch/fixtures/password.txt
@@ -0,0 +1 @@
+🤫
diff --git a/coderd/notifications/dispatch/fixtures/server.conf b/coderd/notifications/dispatch/fixtures/server.conf
@@ -0,0 +1,20 @@
+[ req ]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[ req_distinguished_name ]
+C = ZA
+ST = WC
+L = Cape Town
+O = Coder
+OU = Team Coconut
+CN = myserver.local
+
+[ v3_req ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = myserver.local
+DNS.2 = www.myserver.local
+IP.1 = 127.0.0.1
diff --git a/coderd/notifications/dispatch/fixtures/server.crt b/coderd/notifications/dispatch/fixtures/server.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID9TCCAt2gAwIBAgIUAzDG0ZDj/mSdr82i9Ndl4tKTKN4wDQYJKoZIhvcNAQEL
+BQAwaDELMAkGA1UEBhMCWkExCzAJBgNVBAgMAldDMRIwEAYDVQQHDAlDYXBlIFRv
+d24xDjAMBgNVBAoMBUNvZGVyMRUwEwYDVQQLDAxUZWFtIENvY29udXQxETAPBgNV
+BAMMCENvZGVyIENBMB4XDTI0MDcxNTEzMzYwOFoXDTI2MTAxODEzMzYwOFowbjEL
+MAkGA1UEBhMCWkExCzAJBgNVBAgMAldDMRIwEAYDVQQHDAlDYXBlIFRvd24xDjAM
+BgNVBAoMBUNvZGVyMRUwEwYDVQQLDAxUZWFtIENvY29udXQxFzAVBgNVBAMMDm15
+c2VydmVyLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvkV
+9OEO/g3KmKrOzuvF1HQJiF/oR4wvbkLWrpuc4o0+++uJqEwHx/PkkHJLZiYvOuLG
+1ostI6G8it8pK8FjSLrdBZCMxi3yOAhXJaErTyOm4ACvf27o3HyWEcngUbpGyptZ
+ey7mcGFmqRsz4a9rzSjtuZQPuugCZfHpdo/w6WAE+W+/8KpUjvv/bsmKbsli1AsY
+edCcx5ZkYK3j7Dn/M95v/+hHvGdtcTXodWVqnEzblcUBw2zgZFo7B6jJNt6kgzJz
+ofv4r7st/F0LVOGc+VWkwnhL1yjcdXEsnGvhP4n5qzupVMEDGKThuOkBuYZ7Ug99
+8tcnuN1usJgvCDk1awIDAQABo4GQMIGNMB8GA1UdIwQYMBaAFKTYEZ1FBkMy/M58
+tCRSaTDOOs4XMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgTwMDMGA1UdEQQsMCqCDm15
+c2VydmVyLmxvY2FsghJ3d3cubXlzZXJ2ZXIubG9jYWyHBH8AAAEwHQYDVR0OBBYE
+FFGiAovKgGehDTXyxtI66xpHuyrSMA0GCSqGSIb3DQEBCwUAA4IBAQAVifeEzc3g
+wTaogC3GVYn4ty/oA5kMHEXNN39QSElZ0qKordPmjZx/5k5SkneCgN3LYzcJm1l6
+/t5khedYmtbuUmT91BC8R4+d4aGFGvvR8/4XHKAOyei9w50JIrSf0HkY91cEXzhU
+N1p/491TvLt/uNgHeSNBRQXXkBZj5ZCPgs6D1vLZUxI4XnVwE01I+Ivhiuo5UMC8
+AjFzomUVnqH23nTgRlaFQZJOYfWV80VV8oXfHzXKiqfGwizFzKaF01XBVdmzjz2x
+iL6OoOM/EiBgsmDeb3HP4HYuFDvgWqCNbmP6z7M+rs2XjJLM8Uaywvxdkm/ib3+y
+rSJnQig8Prw9
+-----END CERTIFICATE-----
diff --git a/coderd/notifications/dispatch/fixtures/server.csr b/coderd/notifications/dispatch/fixtures/server.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+TCCAeECAQAwbjELMAkGA1UEBhMCWkExCzAJBgNVBAgMAldDMRIwEAYDVQQH
+DAlDYXBlIFRvd24xDjAMBgNVBAoMBUNvZGVyMRUwEwYDVQQLDAxUZWFtIENvY29u
+dXQxFzAVBgNVBAMMDm15c2VydmVyLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEArvkV9OEO/g3KmKrOzuvF1HQJiF/oR4wvbkLWrpuc4o0+++uJ
+qEwHx/PkkHJLZiYvOuLG1ostI6G8it8pK8FjSLrdBZCMxi3yOAhXJaErTyOm4ACv
+f27o3HyWEcngUbpGyptZey7mcGFmqRsz4a9rzSjtuZQPuugCZfHpdo/w6WAE+W+/
+8KpUjvv/bsmKbsli1AsYedCcx5ZkYK3j7Dn/M95v/+hHvGdtcTXodWVqnEzblcUB
+w2zgZFo7B6jJNt6kgzJzofv4r7st/F0LVOGc+VWkwnhL1yjcdXEsnGvhP4n5qzup
+VMEDGKThuOkBuYZ7Ug998tcnuN1usJgvCDk1awIDAQABoEYwRAYJKoZIhvcNAQkO
+MTcwNTAzBgNVHREELDAqgg5teXNlcnZlci5sb2NhbIISd3d3Lm15c2VydmVyLmxv
+Y2FshwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQCPWO5rV82kb4zI7OR4pjyU/AaD
+Wo2zIeyFIj+BpOe9jCYSdnPp4lagbV8Nal+rQPc7/pPTkjC+u1OZB2N3wYbICATn
+vw4lVLtrtIzts7lG+EI5tjqCU2nub5k3nDNGyrK/EuX3c9VJFTw9qmfB48gZWpAV
+mAkl4BO7HsSaGFXlykmoACERCHT8sVfJOO/rDxMJks+u++EyNQ1cQ9tR3hWaL4I2
+e1ZAmJ5Citlntwvq5BUDS96yYHZdM8rA0PQPeHi6CTJfgyEdX+yjtv/SZiXGYx1f
+KjGhgp6ln/DcDIhgp4oSmZID+3P3Kx8Yhv1U+2LbZoC8+4mkDhJw9Yns640O
+-----END CERTIFICATE REQUEST-----
diff --git a/coderd/notifications/dispatch/fixtures/server.key b/coderd/notifications/dispatch/fixtures/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCu+RX04Q7+DcqY
+qs7O68XUdAmIX+hHjC9uQtaum5zijT7764moTAfH8+SQcktmJi864sbWiy0jobyK
+3ykrwWNIut0FkIzGLfI4CFcloStPI6bgAK9/bujcfJYRyeBRukbKm1l7LuZwYWap
+GzPhr2vNKO25lA+66AJl8el2j/DpYAT5b7/wqlSO+/9uyYpuyWLUCxh50JzHlmRg
+rePsOf8z3m//6Ee8Z21xNeh1ZWqcTNuVxQHDbOBkWjsHqMk23qSDMnOh+/ivuy38
+XQtU4Zz5VaTCeEvXKNx1cSyca+E/ifmrO6lUwQMYpOG46QG5hntSD33y1ye43W6w
+mC8IOTVrAgMBAAECggEACUw2JPmSnOBpvBwTej5gGE6ENSl3g9nIqXDGzKd7OjSs
+PKHDAlzr6u2kXyKbrBVqXBQx4bOqleKhzLVYEDmqB3LajNGmEV/ep6iVzOuYDBAG
+bY/Lw5dGq3S5Wr+h+mXOHjUMF7Yhy6X5WRIXey4hqdi7bSmXfmSWwAkPUVwLvrLj
+gj1Tp8Ll5SxeD1G9eOX1GYVChh2SUsVbLeGrovwcfCZaobEvc2U30SNOW4Sep7P1
+e+CZlIO02Ts1EroW7G41YvAon3EziaZEb3Esusx1LH+cpbCyDtiA/aCfLVKKJ2Ev
+YAbZAyBOAcXtIa+RT0Ipph/6fsC1l1uyyUOETGVwpQKBgQDV9mpX+UBmU6vXz1b+
+cZ116dI1irK8qrF2G62rTtwGEhhaDC1AIISsqm0Huav763KQ2OsM1eJiPUC3/Q/9
+ouNXPA5pTT524XnZhr3KEkDRgXmw1xbzYcLMVYYsDrvKvVUNlQcYGwxTzxcielMB
+Jx2F3P90uegMKwUGM5XAChhVpwKBgQDRWaDja7QN6NCrq6o1pAueJnAEGK4IqloS
+v/6tFJ6XTqCAUXhFkoAyXFUi1QN7PMV5igNF0VQkU90G9e2wTeE4GJr5yKRxBP9+
+v9KgRkDKz1DJcep2Abm618vGTPIs72sUph9R5eraI161F4AiGv6PLuM4/LbF+6YK
+/GF6Wz+inQKBgAYaEexSWmjQqAzuh8+X0+LB+VG3k+NXhtoUbf59sD6oE3O19zBl
+/QKjlZprzCDSFSFWXlWuX9dnYcodeHBGTe918f9EyaxAP+ZZNl5l6N1QsPS/HZNx
+TUnggoQNI4PjpGJPxrUESHS3ajR8gpN81xWzOMHOb3SxYWJM5E9mukzvAoGBAIZ2
+2R35maateQoqsqLNgSDNc3lOGMo8EKqmYv/slIh+2hxRN70IAgtWvuAmjZvkRrpv
+6PY5I6BJtVe5Mjfhbd1IAJKbSvPE0A4rSy/ir88UJcGdx4iQRyk5Xgs6dPpjtRWI
+Nem2kYgW28fZFlXRnNt+tDdwKj00C0xXGo0qes8JAoGAD9mj697kYV8LIsIk5Eo+
+NdbcjungM8dk8WKMgDxYnkviY/3liBHuvq99YPna2iVAQ3pHpuInFjbOTYdf26JB
+5wbuIBFHVGNsKKwIDAZdK1VzPh/E/88sDp63F/nLu8Q4EAVHxTr8VTt/GWV+VJSK
+RQi4ETleSTjzYeKWjJxlf+4=
+-----END PRIVATE KEY-----
diff --git a/coderd/notifications/dispatch/fixtures/v3_ext.conf b/coderd/notifications/dispatch/fixtures/v3_ext.conf
@@ -0,0 +1,9 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = myserver.local
+DNS.2 = www.myserver.local
+IP.1 = 127.0.0.1
diff --git a/coderd/notifications/dispatch/smtp.go b/coderd/notifications/dispatch/smtp.go
diff --git a/coderd/notifications/dispatch/smtp_test.go b/coderd/notifications/dispatch/smtp_test.go
diff --git a/coderd/notifications/dispatch/smtp_util_test.go b/coderd/notifications/dispatch/smtp_util_test.go
diff --git a/codersdk/deployment.go b/codersdk/deployment.go

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+0330C6D190E3FE649DAFCDA2F4D765E2D29328DE`