Added client openssl files in order to faciliate MTLS testing. Implemented test of MTLS server.

.gitignore

@@ -1,8 +1,9 @@
 .idea
+.DS_Store
 bin
 volumes/nodes
 dist/
 pkg/modules/*/aof
 pkg/echovault/aof
 dump.rdb
-**/*/testdata
+**/*/testdata

echovault/echovault_test.go

@@ -330,4 +330,126 @@ func Test_TLS(t *testing.T) {
 	}
 }
 
-func Test_MTLS(t *testing.T) {}
+func Test_MTLS(t *testing.T) {
+	port, err := internal.GetFreePort()
+	if err != nil {
+		t.Error(err)
+	}
+
+	conf := DefaultConfig()
+	conf.DataDir = ""
+	conf.BindAddr = "localhost"
+	conf.Port = uint16(port)
+	conf.TLS = true
+	conf.MTLS = true
+	conf.ClientCAs = []string{
+		path.Join("..", "openssl", "client", "rootCA.crt"),
+	}
+	conf.CertKeyPairs = [][]string{
+		{
+			path.Join("..", "openssl", "server", "server1.crt"),
+			path.Join("..", "openssl", "server", "server1.key"),
+		},
+		{
+			path.Join("..", "openssl", "server", "server2.crt"),
+			path.Join("..", "openssl", "server", "server2.key"),
+		},
+	}
+
+	server, err := NewEchoVault(WithConfig(conf))
+	if err != nil {
+		t.Error(err)
+	}
+
+	wg := sync.WaitGroup{}
+	wg.Add(1)
+	go func() {
+		wg.Done()
+		server.Start()
+	}()
+	wg.Wait()
+
+	// Dial with ServerCAs and client certificates
+	clientCertKeyPairs := [][]string{
+		{
+			path.Join("..", "openssl", "client", "client1.crt"),
+			path.Join("..", "openssl", "client", "client1.key"),
+		},
+		{
+			path.Join("..", "openssl", "client", "client2.crt"),
+			path.Join("..", "openssl", "client", "client2.key"),
+		},
+	}
+	var certificates []tls.Certificate
+	for _, pair := range clientCertKeyPairs {
+		c, err := tls.LoadX509KeyPair(pair[0], pair[1])
+		if err != nil {
+			t.Error(err)
+		}
+		certificates = append(certificates, c)
+	}
+
+	serverCAs := x509.NewCertPool()
+	f, err := os.Open(path.Join("..", "openssl", "server", "rootCA.crt"))
+	if err != nil {
+		t.Error(err)
+	}
+	cert, err := io.ReadAll(bufio.NewReader(f))
+	if err != nil {
+		t.Error(err)
+	}
+	ok := serverCAs.AppendCertsFromPEM(cert)
+	if !ok {
+		t.Error("could not load server CA")
+	}
+
+	conn, err := tls.Dial("tcp", fmt.Sprintf("localhost:%d", port), &tls.Config{
+		RootCAs:      serverCAs,
+		Certificates: certificates,
+	})
+	if err != nil {
+		t.Error(err)
+	}
+
+	for {
+		// Break out when the connection is no longer nil.
+		if conn != nil {
+			break
+		}
+	}
+
+	client := resp.NewConn(conn)
+
+	// Test that we can set and get a value from the server.
+	key := "key1"
+	value := "value1"
+	err = client.WriteArray([]resp.Value{
+		resp.StringValue("SET"), resp.StringValue(key), resp.StringValue(value),
+	})
+	if err != nil {
+		t.Error(err)
+	}
+
+	res, _, err := client.ReadValue()
+	if err != nil {
+		t.Error(err)
+	}
+
+	if !strings.EqualFold(res.String(), "ok") {
+		t.Errorf("expected response OK, got \"%s\"", res.String())
+	}
+
+	err = client.WriteArray([]resp.Value{resp.StringValue("GET"), resp.StringValue(key)})
+	if err != nil {
+		t.Error(err)
+	}
+
+	res, _, err = client.ReadValue()
+	if err != nil {
+		t.Error(err)
+	}
+
+	if res.String() != value {
+		t.Errorf("expected response at key \"%s\" to be \"%s\", got \"%s\"", key, value, res.String())
+	}
+}

openssl/client/cert.conf

@@ -0,0 +1,8 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = localhost
+

openssl/client/client1.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIUceiEXLKJyPYbsI8+rOECsoAjXMMwDQYJKoZIhvcNAQEL
+BQAwODESMBAGA1UEAwwJbG9jYWxob3N0MQswCQYDVQQGEwJNWTEVMBMGA1UEBwwM
+S3VhbGEgTHVtcHVyMB4XDTI0MDIwMjIxNDczMloXDTM0MDEzMDIxNDczMlowezEL
+MAkGA1UEBhMCTVkxFTATBgNVBAgMDEt1YWxhIEx1bXB1cjEVMBMGA1UEBwwMS3Vh
+bGEgTHVtcHVyMRIwEAYDVQQKDAlFY2hvVmF1bHQxFjAUBgNVBAsMDUVjaG9WYXVs
+dCBEZXYxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANYPfUU/CyxkEK8jUCyRfXLhVWBvqTKqYojprhOEzmfizxs/osMA
+8XQPHciuBCNIReOv7RfVd7os2mOpnjlubyiIEdJ18A6WefbjyDOiTFIZtpVxaEsb
+du2/t7wPuyDdkfXC0l0agG8EbpcguKWnD0H+b9gwLX+CB046xNZlJm/rTAUycH4N
+f7chr4awTp1ulag2AV7o+zgqZUpy4YpxDGkYJ42H24ehdZ7/l4JUDvJvt7aH49cP
+BaT8LpUe8vIPeNlV1VnxS0499zZBYm9hbYAutOoKpsHXMwfVBqNB067oZi5xy14z
+vROZ9U4FumkByZ+LPqv7gBHgmmC7HzPzqrcCAwEAAaNwMG4wHwYDVR0jBBgwFoAU
+0ew0XSAHAYVSt4ncqBEWecMHZ2AwCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwFAYD
+VR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdDgQWBBR4DSnn//dXMdhXhMtCWjY1GSDI
+7jANBgkqhkiG9w0BAQsFAAOCAQEASOCH15wtjq9fJ7yVbjRRYnhS8mP7VS9s51m9
+G1PbgsV1P4xuElt4Md77xLthit45jW3rQuF+iMXpRYu9Fo5o1OQoIX4FE7fFofBg
+Q/We+xVy8lrzDLbmg0MV0zg4urfYOrMqj6eYXSXzOOnzgvhH20yc+/KSXELv0YUP
+a9kQgpf/4VA3yINH/+EcLkR2fP2ktzfL2l4PsfXFEzcKzOWIsXtMUo/wyJzLDjl1
+3fmUaMmNqBrKX+PM8uuXoT4/yBVHFA6vr96E5tZP6rid7xOgsonQ1Zf37ffhfXi/
+Umq6bGQK1eTfdq74pTWbNU59QfbWfR7LI+M32kQla//Ca3D/4g==
+-----END CERTIFICATE-----

openssl/client/client1.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDWD31FPwssZBCv
+I1AskX1y4VVgb6kyqmKI6a4ThM5n4s8bP6LDAPF0Dx3IrgQjSEXjr+0X1Xe6LNpj
+qZ45bm8oiBHSdfAOlnn248gzokxSGbaVcWhLG3btv7e8D7sg3ZH1wtJdGoBvBG6X
+ILilpw9B/m/YMC1/ggdOOsTWZSZv60wFMnB+DX+3Ia+GsE6dbpWoNgFe6Ps4KmVK
+cuGKcQxpGCeNh9uHoXWe/5eCVA7yb7e2h+PXDwWk/C6VHvLyD3jZVdVZ8UtOPfc2
+QWJvYW2ALrTqCqbB1zMH1QajQdOu6GYuccteM70TmfVOBbppAcmfiz6r+4AR4Jpg
+ux8z86q3AgMBAAECggEAEeE6u1rgBSXmKnYLWQjdm7r/nyD+I7NaRjzCltj8E269
+K6j9xuA5/gUFncDcEdH6tUesfAlCfJeitdPLcz+d44Ea5mOGGPai542wjl0kyjzH
+yyUtKwzduukaVAggvy0fgN6N8X61S9CcDiqKnprDXWWyLbKEfy1Uv+K/yBESpbyW
+28s/QPmk5kd8a3YrcemHUQGp/QwjV1We0+TrCqdos4uaEZn6cCnrjQoXYRkMtGwZ
+m9N+tHxAq5u7ZGoQnA9pHkAq+COyj03v4yP9tTSp4MJ3U/9auV2C+EyF8uYtM+qa
+IU1pf3jp0D3BAEatGr/+/Yaz19GZx7w3FpA1NbHBPQKBgQDrbZoQQJS64IREGwRH
+omqDubv+OT8ffuC2+7LEPsNbUabNLrV/FzAumRlI3Y7Eog8Hu1hg2HT6sJVzsR3S
+u4f/OwR1a6I+6NU9ZLmx/s9qI0Lu7ah2x5QpKGBJo0VBGU/TWCl51cIAS9iXIcZg
+OsdWDCzqHct4xKedYZsIjbpGwwKBgQDow+fKisofp/xMQPO3/7LJCBTsgK15TB6s
+GX8InMqLKX1QpJpv1LvCrGNd+oYGit85fC8SFZuVXT2P65BRCQLfO5KioxoNuDGf
+S0V+q/3+8BcsKUZVMChbau4nXhBeUI9twGwYHpbzFQEhgcrU8aXl/dS0fB/pwhJR
+DxPKVRGU/QKBgQCMvv138eP4xPjN7ojkeojLL2LgXUELh0K4okkBYbRRB8N8rwv6
+atZ3RTgEg9AyZeAucyYm38EvjhoLDDwUG+D2CUZlHG/mxDOXfHw3mWpOvb3qMVKh
+kDdXU7gczes9O/CpHO/O0qgknTNjRuHd7cX1/1lqrV1TWd4LDKsutexDGQKBgBsl
+NbQGSZo1ghP2gzXTKSuOuLn4K8L4oJ8bfhgoCOr/1LCB8czW92q1pgUAwX6j1XKj
+y+2E/ZcGv7Y4F6WLsn0MOoajFNfCwm68XYdvUXjY0SsCSUSIEDzRFKMcsjX9mSyI
+g1KwxpPkwDQDKf95iwpuds7xptshGffAFWPEVf+VAoGBAObaWaeVibXnJbX/cAC0
+HT+NrAGMCITEoOD790SzFO+jsQAx9wDjbl3IkObHjSCgNmkqMk3GoVbgL7GeuiYE
+dTp2G+308sQEIxASypUo/oyoZO+gbGToenK/JVTzTlh5+nrvdZFrfPCkO7Ljp5qr
+NeZg9WiVOkpMQHPiPOw95asI
+-----END PRIVATE KEY-----

openssl/client/client2.crt

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDsTCCApmgAwIBAgIUceiEXLKJyPYbsI8+rOECsoAjXMQwDQYJKoZIhvcNAQEL
+BQAwODESMBAGA1UEAwwJbG9jYWxob3N0MQswCQYDVQQGEwJNWTEVMBMGA1UEBwwM
+S3VhbGEgTHVtcHVyMB4XDTI0MDIwMjIxNDc1NFoXDTM0MDEzMDIxNDc1NFowezEL
+MAkGA1UEBhMCTVkxFTATBgNVBAgMDEt1YWxhIEx1bXB1cjEVMBMGA1UEBwwMS3Vh
+bGEgTHVtcHVyMRIwEAYDVQQKDAlFY2hvVmF1bHQxFjAUBgNVBAsMDUVjaG9WYXVs
+dCBEZXYxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALojRky3CuIqbm03hSBCBefxCRE2XGk9ApZQILojt44BeoybJtxQ
+01sbwXLHtr2SEd5ykr2/S9MOa5Rd3KXD2o2TuJ/RekBKHIn7KAVkf+5i+/PKmdlU
+bMLPkdtSNTSfQCKXkoprJZe2kryrhu2pxJL18zu5ueaxuMEHY1//2wfeGJQG5DJ/
+6jR7SMl3ZVzv7wdX20sQgDijddYUzKderOHWxglIjPNxvLJIgPPa6zUYeE6LQZPH
+dBwCYgd/BJzclXovof4+meUFWMs7T+ZQ+g6n9mv2QPOq95Ut+wxa8rfyyouQtzXj
+7nKxTyiFtaEwIVIHWnefegZfgwbZCBle3KcCAwEAAaNwMG4wHwYDVR0jBBgwFoAU
+0ew0XSAHAYVSt4ncqBEWecMHZ2AwCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwFAYD
+VR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdDgQWBBRg/JsrbGLJKuPV1aCLvBVNgadS
+GDANBgkqhkiG9w0BAQsFAAOCAQEAIs59eJnjq41PkevqcOaNJe0c/9GN+y8pWFfd
+k9YZPu4HytTwylRaCOuPzGDpFtqBoVC4B1D7frw0oURd4zNjfxlwNTH2kfV8Uoz4
+GnWHHGvMrlzZLlGJnkuu8ciYjb2r2VEkLeSn8VDHpVIgLyxlHEOTkM866vZWD8WH
+HWutpfc0cNPOMopQyWMe2S/jXmDwSA8t48iWlXAxLMEUA1OkF+jgz4CZ/c7Um64k
+jsuSOSJgg6P12RFia2UDD9hzQWTgvxERuG9DjxJ8QKKLUKLRQ96EWpqamDoYb7vA
+Kld5s3/EGd/zcrGzCt4mzdiMRVNOhskbWnifpRqNZouwvFlC4Q==
+-----END CERTIFICATE-----

openssl/client/client2.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC6I0ZMtwriKm5t
+N4UgQgXn8QkRNlxpPQKWUCC6I7eOAXqMmybcUNNbG8Fyx7a9khHecpK9v0vTDmuU
+Xdylw9qNk7if0XpAShyJ+ygFZH/uYvvzypnZVGzCz5HbUjU0n0Ail5KKayWXtpK8
+q4btqcSS9fM7ubnmsbjBB2Nf/9sH3hiUBuQyf+o0e0jJd2Vc7+8HV9tLEIA4o3XW
+FMynXqzh1sYJSIzzcbyySIDz2us1GHhOi0GTx3QcAmIHfwSc3JV6L6H+PpnlBVjL
+O0/mUPoOp/Zr9kDzqveVLfsMWvK38sqLkLc14+5ysU8ohbWhMCFSB1p3n3oGX4MG
+2QgZXtynAgMBAAECggEAArtSByVZU0WMEZAwYAMWz1S5XojMbxZ9yOHzUQHeB6TD
+hwHkXnStrCr5OiuCPntKvBLSdkNGt8sKk64dbSP6gGhpeWzRoiPUTSmj8nOyobeA
+Z1RX5K00eWqsNG9zsZkz8kG15wtMW/pd/8diWeVo+HoXzbYDCQHQAwzm0qYLk/tg
++k4hIlhEesf1SimyNmsEo9JOuzRcvM58+OvPmbUILcpT8HCOJPQ2XIZDJV6ln2o+
+AoXvF/01d7i/F0Iu+LUg1gVokvThcXZQhV00gkdZHZ1ENUj09hi2LPVCZ56PoWCT
+WG93S50c6KGd1DhZ3AxjJM4TX9Y0XVcI39GuY8cuBQKBgQDthU0ZLrH8qKNPKL6j
+lsC57I6+1bpVvbcvKvGflYP0LWUSIBHa86BLafKNH2/zumvZx6bQBCNQTo7T+FJV
+IuD3oQlzA4L0trCbiQZxUftt2wNbL6DblnysDjWtiU1HbZFgcD5pW+vYxvHTG/I0
+BaCteGvS70ixRzZnYROQsr//gwKBgQDInpSD6iKn/hNvG4+TTEKaA4fTPTjxsNfh
+j1w+CcCV8ibcAqJJI0wXcJs+QnCzlytinCjbo2ZzwKjOpN7spEQyTu8XtzNQNBO8
+7KfyuvyYOEqTvRfge2VRn9UvWtndOSXWJYGmnewHkh4jLt+19NgoHaBFzYLCr0oD
+uKog/WUhDQKBgQDf8NSWL56ElwMSeVn0pwgiw9R6PMyoVmzGPfj9+1wj9kDa6/2p
+sBWrxMJ5J/DHnTZeaIzwh1Y8OzUSyYfm2TG+h8h+9gqcazrsCi9W3HLwSpRJfwhs
+wN/e4K7fZRrFg5qTkIBnmdEt27TY0/px7fRmWalfgVfKPVgf9DkcLkwzvQKBgQCq
+chC8ArBvCe5493GEM8ZiE53SWrGGpjjD6oj0LFTzEEjzo0k92j9LquA6hTg7XLP/
+k60i7jCdJ5JD/s9nPiiylV2NSJjQC265lFccYsE4kprJ6l3e2ve54ZG+KfHvgh4j
+UrpUVNezlvED808dyGfdrU3+AByYS1UW1E22uZKyAQKBgQCpy7evEHTwA+GeAAuq
+3pLtyzQHO9bCk+TbccJbdlKQ6py9Cm4WSO3NuQLy5yW/+WnGpR4HQegGoUmxKcww
+u3GGmxlPWqbz9NVGcs09FBwzyB0VTNOnp5RkFq3jS7YOFC5j55g4d3OpAsoeipP0
+OSEceMqSURM/FRFkgSh1Dy4C4A==
+-----END PRIVATE KEY-----

openssl/client/csr.conf

@@ -0,0 +1,24 @@
+[ req ]
+default_bits = 2048
+prompt = no
+default_md = sha256
+req_extensions = req_ext
+distinguished_name = dn
+
+[ dn ]
+C = MY
+ST = Kuala Lumpur
+L = Kuala Lumpur
+O = EchoVault
+OU = EchoVault Dev
+CN = localhost
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = localhost
+DNS.2 = localhost
+IP.1 = 192.168.1.5
+IP.2 = 192.168.1.6
+

openssl/client/rootCA.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDZgeqh2ogpWcHW
+MhjhiyMhYcRltPdicN005C7beIy/x8HZ2HAEkYCWe9ffFn5RORsqwF8wrol8d8jV
+fstw9rGz3fHyIqz2dSnfB3IJO7Nvgekf8p7W1brHeQaVb6EsQ0LVhGAYzdJNi5NB
+y1bYQqBAk8H6caSSniOhrUNz5KF0pYJ9evJehWmLyWNDFqKpjyRDxOn8WwOMra0e
+0bI8bTRd8iun3A9qqWAdrxRMR2niBKM/G7akX1OSRJ2mfLkj6Pt9OujJDY+T6Y8r
+wRoGPSOrELsaI6UcRO20Oafzig7MPEpldX1n07X6v9OYREHj36nszoBveigQNSTR
+WZmL9rGFAgMBAAECggEAPuCVNRPpD9cgN20FD1J7Jd/O+D3v0/fforYiK5T2T0yO
+aAzvGQr8+sOzXIzymEVjaqDxA7A5E4/HMZy1cCMIrQAIvOA0Uwz8vTo4R54IGcCa
+5X7sVxuzIo4EjreWBqctD290nkcFuCAUwkznfp4IGJL+XQl0M2Re1ZKycLLTz9Wu
+Q+e5JvUzA1fn7Va2nk/vf2uuEhkLA+He1nY1pXt7AS6OH3XHkYV2ZGugJGkxM9I7
+dWFzpPcyNRN5yA4WUql9nOj7giHT313HQ1j3UPeoZ6NY7TRPQwT+iZQszHcie2Md
+WSw2cH+W7TuF4MAhwc5rsvDjGmmdq5cstWqMHGBBcwKBgQD3oDKU0p5Tq7HjJV5I
+XBAALdLg0+dsZPDVvpi2JY6j3TWESWEudrl2g3Kx2wJfowa8O76/9jzceX2k1nek
+1r8BVgDCkfFrWN3bVDzf28h/+1ywXPepcKwrNufShdoJQYQ8nfafE4gDTO1Snej6
+81ZuwKS5Rt7Q9JHHrh3G/15RjwKBgQDg3PjYCoXlyLPuK/Co4JJ1phZIdAucVN0v
+56g862C8nK/FtgdHhZLoU797PnqIxQeE/E+URSwQP/lvokMAcQdM7oqJMT9sJePT
+VnFLR76DfuZSJQ8dPM4C8WHF9ioGtdzmKeYtJP639T/uz2Z+CZQ3eNMrWykgDjO9
+gBnrW+zZqwKBgG9ccwLsyVk1kNVnO8Rs6qE5+mkzwxLDPm/RvFnGACT/WY75dSPx
+Lqz2poEHzkR2S5QhhkJMGcjJNlEIRlwyW0ndhI/8FEdDetqlQo8mB0BPKbsCxDpG
+OpdgpNbPbWPWPAMKwxt9LCDX2q7Z5yncf1Vle277ST9NjbXwPuH8fE1PAoGAEVnb
+tcfyFw4KnEk1s8JIat2bAJI7xx9hRe4JNFIxT7yDb60hGKq88EJuFxN2HxGdB+z0
+Mwu3X7WgCLYrl2AhYRVTCU0MiMrPrqIP8fAiSkFDgnkrlmT3vJBlrAHXslbcKcJ3
+6WneYdGB0mqcjQMuNa2UFddd8ARIh8nXtiqMtysCgYB1BD89V8ivMACkuy5FGe8k
+2kFSUI8DSVrXRPZ2mRCTho/lbIYvpIXY2qfnz+PZpyf80JdRu4zfaAhxXP2r08+z
+3+bFHnI3OYBI2M6pLWf48HYJfW7UawCW4BMlisb3EiXAz1vsUWgR9I0wLa7MRfkP
+YW0ZPyWOl8+eIR2BZo7dQA==
+-----END PRIVATE KEY-----

openssl/client/rootCA.srl

@@ -0,0 +1 @@
+71E8845CB289C8F61BB08F3EACE102B280235CC4