1 files changed, 113 insertions, 0 deletions

diff --git a/fluent-bit/lib/librdkafka-2.1.0/tests/0133-ssl_keys.c b/fluent-bit/lib/librdkafka-2.1.0/tests/0133-ssl_keys.c
new file mode 100644
index 000000000..850fa2761
--- /dev/null
+++ b/fluent-bit/lib/librdkafka-2.1.0/tests/0133-ssl_keys.c
@@ -0,0 +1,113 @@
+/*
+ * librdkafka - Apache Kafka C library
+ *
+ * Copyright (c) 2022, Magnus Edenhill
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "test.h"
+#include "rdstring.h"
+
+/**
+ * @brief Tests reading SSL PKCS#12 keystore or PEM certificate and key from
+ * file. Decoding it with the correct password or not.
+ *
+ * Ensures it's read correctly on Windows too.
+ * See https://github.com/edenhill/librdkafka/issues/3992
+ */
+static void do_test_ssl_keys(const char *type, rd_bool_t correct_password) {
+#define TEST_FIXTURES_FOLDER            "./fixtures"
+#define TEST_FIXTURES_SSL_FOLDER        TEST_FIXTURES_FOLDER "/ssl/"
+#define TEST_FIXTURES_KEYSTORE_PASSWORD "use_strong_password_keystore_client"
+#define TEST_FIXTURES_KEY_PASSWORD      "use_strong_password_keystore_client2"
+#define TEST_KEYSTORE_LOCATION          TEST_FIXTURES_SSL_FOLDER "client.keystore.p12"
+#define TEST_CERTIFICATE_LOCATION                                              \
+        TEST_FIXTURES_SSL_FOLDER "client2.certificate.pem"
+#define TEST_KEY_LOCATION TEST_FIXTURES_SSL_FOLDER "client2.key"
+
+        rd_kafka_conf_t *conf;
+        rd_kafka_t *rk;
+        char errstr[256];
+
+        SUB_TEST_QUICK("keystore type = %s, correct password = %s", type,
+                       RD_STR_ToF(correct_password));
+
+        test_conf_init(&conf, NULL, 30);
+        test_conf_set(conf, "security.protocol", "SSL");
+
+        if (!strcmp(type, "PKCS12")) {
+                test_conf_set(conf, "ssl.keystore.location",
+                              TEST_KEYSTORE_LOCATION);
+                if (correct_password)
+                        test_conf_set(conf, "ssl.keystore.password",
+                                      TEST_FIXTURES_KEYSTORE_PASSWORD);
+                else
+                        test_conf_set(conf, "ssl.keystore.password",
+                                      TEST_FIXTURES_KEYSTORE_PASSWORD
+                                      " and more");
+        } else if (!strcmp(type, "PEM")) {
+                test_conf_set(conf, "ssl.certificate.location",
+                              TEST_CERTIFICATE_LOCATION);
+                test_conf_set(conf, "ssl.key.location", TEST_KEY_LOCATION);
+                if (correct_password)
+                        test_conf_set(conf, "ssl.key.password",
+                                      TEST_FIXTURES_KEY_PASSWORD);
+                else
+                        test_conf_set(conf, "ssl.keystore.password",
+                                      TEST_FIXTURES_KEYSTORE_PASSWORD
+                                      " and more");
+        } else {
+                TEST_FAIL("Unexpected key type\n");
+        }
+
+        rk = rd_kafka_new(RD_KAFKA_PRODUCER, conf, errstr, sizeof(errstr));
+        if ((rk != NULL) != correct_password) {
+                TEST_FAIL("Expected rd_kafka creation to %s\n",
+                          correct_password ? "succeed" : "fail");
+        }
+
+        if (rk)
+                rd_kafka_destroy(rk);
+        else
+                rd_kafka_conf_destroy(conf);
+
+        SUB_TEST_PASS();
+
+#undef TEST_FIXTURES_KEYSTORE_PASSWORD
+#undef TEST_FIXTURES_KEY_PASSWORD
+#undef TEST_KEYSTORE_LOCATION
+#undef TEST_CERTIFICATE_LOCATION
+#undef TEST_KEY_LOCATION
+#undef TEST_FIXTURES_FOLDER
+#undef TEST_FIXTURES_SSL_FOLDER
+}
+
+
+int main_0133_ssl_keys(int argc, char **argv) {
+        do_test_ssl_keys("PKCS12", rd_true);
+        do_test_ssl_keys("PKCS12", rd_false);
+        do_test_ssl_keys("PEM", rd_true);
+        do_test_ssl_keys("PEM", rd_false);
+        return 0;
+}